4

We've been experiencing some problems with our Subversion server after upgrading to Ubuntu 10.04. When trying to access a repository, regardless of client (I've tried git-svn and svn on Windows as well as svn on Ubuntu 10.04, from different computers and network locations), I get a 400 bad request. Here's the output from svn:

svn: Server sent unexpected return value (400 Bad Request) in response to
     OPTIONS request for 'https://svn.example.org/svn/programs'

Here are the relevant entries from the Apache logs (I'm running Apache 2.2):

error.log

[Mon Jun 14 11:29:31 2010] [error] [client x.x.x.x] 
                           request failed: error reading the headers

ssl_access.log

x.x.x.x - - [14/Jun/2010:11:29:28 +0200] "OPTIONS /svn/programs HTTP/1.1" 
            401 2643 "-" "SVN/1.6.6 (r40053) neon/0.29.0"
x.x.x.x - - [14/Jun/2010:11:29:31 +0200] "ction-set/></D:options>OPTIONS 
            /svn/programs HTTP/1.1" 400 644 "-" "SVN/1.6.6 (r40053)
            neon/0.29.0"

If anyone has run into similar problems or could give me a pointer to track down the cause of this I'd be very grateful - I'd really like to avoid having to downgrade the box again.

Edit 2010-09-30:

There's a proposed fix in lucid-proposed now, apache2 2.2.14-5ubuntu8.3. See the bug report link in the accepted answer for details.

Kjetil Limkjær
  • 1,983
  • 2
  • 15
  • 16

2 Answers2

2

I posted a bug to ubuntu regarding this issue:

https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/595116

greyrl
  • 36
  • 1
  • Thanks for the heads-up, I've marked it as also affecting me. I'm surprised it hasn't been fixed yet, really, as I'd imagine it affecting quite a few people - perhaps new version adoption of Ubuntu is just slower than I thought. We "fixed" this by biting the bullet and moving to Mercurial, which we had been contemplating for a while anyway. No problems there so far, also over SSL with the same authentication. – Kjetil Limkjær Jun 17 '10 at 11:25
  • Does Mercurial utilize "Basic" authentication over SSL? The bug (at least I think it's a bug) involves accessing any "Basic" protected resource over SSL. The "Authorization" header seemed to get truncated before the server can read it. I think I'm going to move to lighttpd and SCGI (for our Python app). – greyrl Jun 18 '10 at 17:41
  • Sorry for not noticing your comment earlier! Yes, we're still using basic auth, but somehow the bug is not affecting Mercurial as badly as SVN (we've had login issues only twice since I posted this, both times fixed by a restart of Apache). – Kjetil Limkjær Sep 30 '10 at 08:36
  • I have a server that is badly affected by this. I'm hoping it's causing not only this issue but another one where the POST/PUT body is also being stripped. – Matthew Schinckel Oct 01 '10 at 05:23
1

Maybe I found a solution (bug in memcpy routine) https://bugs.launchpad.net/bugs/609290

user49191
  • 11
  • 1