[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#664451: apr: [PATCH] apr_file_trunc() bug causes svn repository corruption

Package: apr
Severity: important
Tags: upstream squeeze wheezy sid

Dear Maintainer,

All APR released before 1.4.6 have a bug in apr_file_trunc() that can
result in files being longer than they should be:

http://svn.apache.org/repos/asf/apr/apr/branches/1.4.x/CHANGES

This can cause corruption in Subversion fsfs repositories.  The next
release of svn 1.6.x and the 1.7.3 release works around this issue by
flushing the APR file buffer before truncating it:

http://svn.apache.org/viewvc?view=revision&revision=1240892

For Debian versions on 1.4.x, updating to 1.4.6 is probably easiest.
For older releases, one could take these two commits from apr's trunk
and apply them to the 1.x.y branch. I haven't done this myself, but my
hunch says it should work without much effort:

http://svn.apache.org/viewvc?view=revision&revision=1044432

http://svn.apache.org/viewvc?view=revision&revision=1044440

Regards,
Blair




-- System Information:
Debian Release: wheezy/sid
  APT prefers oneiric-updates
  APT policy: (500, 'oneiric-updates'), (500, 'oneiric-security'), (500, 'oneiric'), (100, 'oneiric-backports')
Architecture: amd64 (x86_64)

Kernel: Linux 3.0.0-16-generic (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Reply to: