On Wed, Feb 05, 2014 at 10:36:57AM -0800, Ben Reser wrote: > Stefan Sperling apparently ran into a repository corruption Subversion 1.8.4 > on > RedHat 5 using the system APR (1.2.7). I'm not sure of the details but I'm > sure he can fill them in.
This was at a client who asked for an on-site visit after experiencing many instances of corruption on dozens of repositories in the above mentioned setup. Using a binary file that had been committed to a revision that was corrupt, we could construct a test case with simply committing this file in a loop and running 'svnadmin verify' on the HEAD revision right after. The corruption occurred in about 1 in 100 revisions. Symptoms were like in http://subversion.tigris.org/issues/show_bug.cgi?id=3705 The commit itself succeeded so Subversion believed the data had been committed fine. Only a subsequent 'svnadmin verify' found the problem. I don't have the test data available. It was a 12MB binary .msi file. I suspect that many types of files can be used to reproduce the problem on Red Hat 5 with Wandisco's Subversion 1.8.5 binaries (which rely on the system-provided APR RPM package). Corrupted revisions I inspected also included corrupted office documents, zip files, and the like. I found no text files causing corruption, only binary files. But perhaps size is the only issue (binaries tend to be larger than text). I didn't have enough time to inspect all corrupted revisions. After upgrading APR to 1.4.8 the problem could not be repeated during over 40.000 commits of the same .msi file. To my knowledge there have been no new instances of repository corruption since my on-site visit there last week. > If old versions of APR are causing repository corruption issues then we're > failing our users by not rejecting these versions of APR. We can't expect our > users to know about these things unless we tell them. Right now we > communicate > version requirements in 4 places. > > 1) INSTALL file, which says that you need 0.9.7 or 1.x.x of APR (doesn't > really > mention APR-util but the implication is the same version requirements). APR-util didn't have anything to do with it. In fact, we left it at 1.2.7 during our testing. > It's our burden to set useful dependency requirements. There's plenty of room > for recommendation versus requirements in the 4 places above (build system is > requirement, INSTALL and get-deps.sh are recommendation). Let's update our APR > requirements. Agreed. Unfortunately, I don't know which APR version between 1.2.7 and 1.4.8 has the fix. I think we should enforce APR 1.3.x that serf also requires and block any earlier versions at compile time (unless the user passes a magic flag to the configure script) and document the reason in INSTALL. APR 1.3.x is used in Red Hat 6. I believe if that version was affected we'd have gotten more widespread reports on this issue. Red Hat 5 is old.
