On 8/30/13 6:03 AM, Roderich Schupp wrote:
>
> On Fri, Aug 30, 2013 at 10:49 AM, Julian Foad <julianf...@btopenworld.com
> Hi Roderich. Google("Apache 2.2.25 double encoding bug") -> it's a bug in
> httpd 2.2.25: <https://issues.apache.org/bugzilla/show_bug.cgi?id=55397>.
> Ben Reser reported it so hopefully he can tell you any news regarding a
> fix, but downgrading to 2.2.24 for now would appear to be a good
> work-around.
I've got some work done on the "correct" fix but haven't finished it because
it's causing some odd behavior with mod_dav_fs and some other tasks haven't
allowed me the time to get back to it.
See below for my advise in the meantime...
> Thanks for the reference.
> Together with the COPY bug, Apache 2.2.25 seems pretty unfit for use with
> Subversion.
Unfortunately, we can't recommend that people not use 2.2.25 because it has
relevant security fixes for Subversion.
Applying the patches produced by the following two commands should avoid issues
for Subversion users (though if they are also mod_dav_fs it may revert fixes
for them that don't help Subversion):
svn diff -c -1497121
https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/modules/dav/main/mod_dav.c
svn diff -c -1497441
https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/modules/dav/main/mod_dav.c
2.4.6 users should use the following patches (same caveats apply):
svn diff -c -1485721
https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/modules/dav/main/mod_dav.c
svn diff -c -1486456
https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/modules/dav/main/mod_dav.c
