[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#664451: marked as done (apr: [PATCH] apr_file_trunc() bug causes svn repository corruption)

Your message dated Sun, 01 Apr 2012 21:17:09 +0000
with message-id <E1SES97-0006UH-Fr@franck.debian.org>
and subject line Bug#664451: fixed in apr 1.4.2-6+squeeze4
has caused the Debian Bug report #664451,
regarding apr: [PATCH] apr_file_trunc() bug causes svn repository corruption
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
664451: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664451
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: apr
Severity: important
Tags: upstream squeeze wheezy sid

Dear Maintainer,

All APR released before 1.4.6 have a bug in apr_file_trunc() that can
result in files being longer than they should be:

http://svn.apache.org/repos/asf/apr/apr/branches/1.4.x/CHANGES

This can cause corruption in Subversion fsfs repositories.  The next
release of svn 1.6.x and the 1.7.3 release works around this issue by
flushing the APR file buffer before truncating it:

http://svn.apache.org/viewvc?view=revision&revision=1240892

For Debian versions on 1.4.x, updating to 1.4.6 is probably easiest.
For older releases, one could take these two commits from apr's trunk
and apply them to the 1.x.y branch. I haven't done this myself, but my
hunch says it should work without much effort:

http://svn.apache.org/viewvc?view=revision&revision=1044432

http://svn.apache.org/viewvc?view=revision&revision=1044440

Regards,
Blair




-- System Information:
Debian Release: wheezy/sid
  APT prefers oneiric-updates
  APT policy: (500, 'oneiric-updates'), (500, 'oneiric-security'), (500, 'oneiric'), (100, 'oneiric-backports')
Architecture: amd64 (x86_64)

Kernel: Linux 3.0.0-16-generic (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

--- End Message ---
--- Begin Message --- 
Source: apr
Source-Version: 1.4.2-6+squeeze4

We believe that the bug you reported is fixed in the latest version of
apr, which is due to be installed in the Debian FTP archive:

apr_1.4.2-6+squeeze4.diff.gz
  to main/a/apr/apr_1.4.2-6+squeeze4.diff.gz
apr_1.4.2-6+squeeze4.dsc
  to main/a/apr/apr_1.4.2-6+squeeze4.dsc
libapr1-dbg_1.4.2-6+squeeze4_i386.deb
  to main/a/apr/libapr1-dbg_1.4.2-6+squeeze4_i386.deb
libapr1-dev_1.4.2-6+squeeze4_i386.deb
  to main/a/apr/libapr1-dev_1.4.2-6+squeeze4_i386.deb
libapr1_1.4.2-6+squeeze4_i386.deb
  to main/a/apr/libapr1_1.4.2-6+squeeze4_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 664451@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Stefan Fritsch <sf@debian.org> (supplier of updated apr package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 01 Apr 2012 00:50:32 +0200
Source: apr
Binary: libapr1 libapr1-dev libapr1-dbg
Architecture: source i386
Version: 1.4.2-6+squeeze4
Distribution: stable
Urgency: low
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Stefan Fritsch <sf@debian.org>
Description: 
 libapr1    - The Apache Portable Runtime Library
 libapr1-dbg - The Apache Portable Runtime Library - Debugging Symbols
 libapr1-dev - The Apache Portable Runtime Library - Development Headers
Closes: 664451
Changes: 
 apr (1.4.2-6+squeeze4) stable; urgency=low
 .
   * Fix apr_file_trunc() bug which could lead to subversion repository
     corruption in some rare cases. Closes: #664451
Checksums-Sha1: 
 2a1e3821b1bfa91e6700e12c9400f2b17493e38b 1396 apr_1.4.2-6+squeeze4.dsc
 11a5f31e5dfd23cf5ff2a169f6dae128e0ebb634 27671 apr_1.4.2-6+squeeze4.diff.gz
 d7685b2f55062018f6038470ea6ea51e42bd499a 86278 libapr1_1.4.2-6+squeeze4_i386.deb
 99d999d5832274fa232b62b8e622200770b7804f 1029402 libapr1-dev_1.4.2-6+squeeze4_i386.deb
 4e60e20a7a2fb8a48085ad27689a82c233f6b46e 24112 libapr1-dbg_1.4.2-6+squeeze4_i386.deb
Checksums-Sha256: 
 93a8f4e936e338b3a411067d8f7c6e16adab05742ebcb40eb1f7b6c0eef28f53 1396 apr_1.4.2-6+squeeze4.dsc
 b1acaf9d620ceae7bdf356e91255312096b3e2355ba87b53e371e726cd4c921a 27671 apr_1.4.2-6+squeeze4.diff.gz
 10fa9fce72679b1abb3337c7a4ca16b0291026716266b80c82f2fbd97ed59966 86278 libapr1_1.4.2-6+squeeze4_i386.deb
 203d43048e03b9b9e591c907f304a2220144fc72452e4d0270eeab9a0725ecaa 1029402 libapr1-dev_1.4.2-6+squeeze4_i386.deb
 ed25447cd556cc0cbd10e2c7138cba8ceae57d7252c440309e5eea2bee5de5e9 24112 libapr1-dbg_1.4.2-6+squeeze4_i386.deb
Files: 
 bb91a457499f6b2bb6a7343673890491 1396 libs optional apr_1.4.2-6+squeeze4.dsc
 827a322a28a57f40dc90c411026ac315 27671 libs optional apr_1.4.2-6+squeeze4.diff.gz
 718106f18ec7c016c6372d839946b439 86278 libs optional libapr1_1.4.2-6+squeeze4_i386.deb
 bc6c11e9061f3ef2b770224898ed7842 1029402 libdevel optional libapr1-dev_1.4.2-6+squeeze4_i386.deb
 92acb1411319d8e8c656601bfd20e685 24112 debug extra libapr1-dbg_1.4.2-6+squeeze4_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFPd4vBbxelr8HyTqQRApCmAJoCsuy1IMaiE+mBsVnSmk9igWRwQgCfUkfH
HeIEfopPczffx/ROkIdHBtE=
=3Wrb
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: