Bug 1256063

Summary: Subversion 1.8.x mod_dav_svn cannot be built on CentOS7.1
Product: Red Hat Enterprise Linux 7 Reporter: KOMATSU Seiji <comutt.jp>
Component: httpdAssignee: Luboš Uhliarik <luhliari>
Status: CLOSED NOTABUG QA Contact: BaseOS QE - Apps <qe-baseos-apps>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.1CC: jorton
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-08-24 10:18:19 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description KOMATSU Seiji 2015-08-23 18:00:54 UTC 
Description of problem:
Subversion 1.8.14 cannot be built on CentOS7.1, may be also on RHEL7.1.


Version-Release number of selected component (if applicable):
httpd-devel-2.4.6-31.el7.centos.x86_64
httpd-2.4.6-31.el7.centos.x86_64

cf29fd809927727300a083f7d14028b52258a190  subversion-1.8.14.tar.gz
0dbb29c71c4385d1000c091f14475106784daceb  sqlite-amalgamation-3081101.zip


How reproducible:

Steps to Reproduce:
1. curl -LO http://archive.apache.org/dist/subversion/subversion-1.8.14.tar.gz
2. tar xf subversion-1.8.14.tar.gz
3. cd subversion-1.8.14
4. curl -LO https://www.sqlite.org/2015/sqlite-amalgamation-3081101.zip
5. unzip sqlite-amalgamation-3081101.zip
6. ./configure --prefix=/opt/subversion-1.8.14 --with-apxs=/usr/bin/apxs --with-sqlite=sqlite-amalgamation-3081101/sqlite3.c

Actual results:

Result1 (configure failure):

https://gist.github.com/comutt/caf73ad5531cb249d339

Result2 (configure patched):

patch: https://gist.github.com/comutt/38dc6b5add6d7c62d3d9
https://gist.github.com/comutt/d73f860c219c86c72f32

with configure option `--enable-broken-httpd-auth`, build will success.
but for now this is not valid solution because httpd still has bug.

Expected results:

1. Build success with configure patch and `--enable-broken-httpd-auth` option, and httpd does not contains known bugs.

Additional info:

d4bdf1dacb117a8ef3588a4fcbeedaef748fdd44  httpd-2.4.6-31.el7.centos.src.rpm

SRPM of httpd for CentOS7 does not include required security patches for httpd.

The bugs that should be solved:
https://bz.apache.org/bugzilla/show_bug.cgi?id=55397
https://bz.apache.org/bugzilla/show_bug.cgi?id=55304
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3183
Comment 2 Joe Orton 2015-08-24 10:18:19 UTC 
Thanks for contacting us.  For tracking the addition of the API required in CVE-2015-3185, please see bug 1256063, or contact Red Hat Support if this issue affects you in production.

For the issue with the Subversion configure test and the back-ported API, that is not an issue in RHEL httpd.  There is an upstream discussion here, a future SVN release may resolve this:

http://mail-archives.apache.org/mod_mbox/subversion-dev/201508.mbox/%3C87tws6uiru.fsf@wandisco.com%3E
Comment 3 Joe Orton 2015-08-24 10:19:10 UTC 
Apologies: the first paragraph should have a reference to bug 1243888.