Bug 1256063 - Subversion 1.8.x mod_dav_svn cannot be built on CentOS7.1
Subversion 1.8.x mod_dav_svn cannot be built on CentOS7.1
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: httpd (Show other bugs)
7.1
Unspecified Linux
unspecified Severity unspecified
: rc
: ---
Assigned To: Web Stack Team
BaseOS QE - Apps
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-08-23 14:00 EDT by KOMATSU Seiji
Modified: 2015-08-24 06:19 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-08-24 06:18:19 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description KOMATSU Seiji 2015-08-23 14:00:54 EDT
Description of problem:
Subversion 1.8.14 cannot be built on CentOS7.1, may be also on RHEL7.1.


Version-Release number of selected component (if applicable):
httpd-devel-2.4.6-31.el7.centos.x86_64
httpd-2.4.6-31.el7.centos.x86_64

cf29fd809927727300a083f7d14028b52258a190  subversion-1.8.14.tar.gz
0dbb29c71c4385d1000c091f14475106784daceb  sqlite-amalgamation-3081101.zip


How reproducible:

Steps to Reproduce:
1. curl -LO http://archive.apache.org/dist/subversion/subversion-1.8.14.tar.gz
2. tar xf subversion-1.8.14.tar.gz
3. cd subversion-1.8.14
4. curl -LO https://www.sqlite.org/2015/sqlite-amalgamation-3081101.zip
5. unzip sqlite-amalgamation-3081101.zip
6. ./configure --prefix=/opt/subversion-1.8.14 --with-apxs=/usr/bin/apxs --with-sqlite=sqlite-amalgamation-3081101/sqlite3.c

Actual results:

Result1 (configure failure):

https://gist.github.com/comutt/caf73ad5531cb249d339

Result2 (configure patched):

patch: https://gist.github.com/comutt/38dc6b5add6d7c62d3d9
https://gist.github.com/comutt/d73f860c219c86c72f32

with configure option `--enable-broken-httpd-auth`, build will success.
but for now this is not valid solution because httpd still has bug.

Expected results:

1. Build success with configure patch and `--enable-broken-httpd-auth` option, and httpd does not contains known bugs.

Additional info:

d4bdf1dacb117a8ef3588a4fcbeedaef748fdd44  httpd-2.4.6-31.el7.centos.src.rpm

SRPM of httpd for CentOS7 does not include required security patches for httpd.

The bugs that should be solved:
https://bz.apache.org/bugzilla/show_bug.cgi?id=55397
https://bz.apache.org/bugzilla/show_bug.cgi?id=55304
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3183
Comment 2 Joe Orton 2015-08-24 06:18:19 EDT
Thanks for contacting us.  For tracking the addition of the API required in CVE-2015-3185, please see bug 1256063, or contact Red Hat Support if this issue affects you in production.

For the issue with the Subversion configure test and the back-ported API, that is not an issue in RHEL httpd.  There is an upstream discussion here, a future SVN release may resolve this:

http://mail-archives.apache.org/mod_mbox/subversion-dev/201508.mbox/%3C87tws6uiru.fsf@wandisco.com%3E
Comment 3 Joe Orton 2015-08-24 06:19:10 EDT
Apologies: the first paragraph should have a reference to bug 1243888.

Note You need to log in before you can comment on or make changes to this bug.