Discussion:
Recommended apr / openssl etc. library version for svn ?
Cooke, Mark
2017-11-21 15:11:51 UTC
Permalink
Hello,

Is there any support for building svn with OpenSSL 1.1.0 yet? I did a search in the archives and only came up with Stefan's MaxSVN build which has so far excluded the update from 1.0.2 [1] but that was back in February?

[1] https://svn.haxx.se/dev/archive-2017-02/0145.shtml

I managed to build httpd with apr 1.6.2 and OpenSSL 1.1.0g (using `cvtdsp.pl -ossl11`) but the subversion build has 113 errors and I am wondering if this is worth persevering with?

If not, is the MaxSVN dependency list about the best recommendation?

*Apache httpd 2.4.23 (.29)
*Apache Serf(tm) 1.3.9
*APR 1.5.2 (1.6.3)
*APR-util 1.5.4 (1.6.1)
*APR iconv 1.2.1 (1.2.2)
*Expat 2.2.0 (2.2.5)
*OpenSSL 1.0.2j (.2m)
*PCRE 8.39 (8.41)
*SQLite 3.15.1 (amalgamation) (3.21)
*ZLib 1.2.8 (1.2.11)

...subject to security updates of course (brackets show latest version at time of writing)!

Thanks,

~ Mark C
Eric Johnson
2017-11-21 20:43:25 UTC
Permalink
I don't know if this helps, but I run Subversion on a Gentoo system, which
is constantly upgrading to newer versions of software. Gentoo does a really
good job of only marking stuff stable when it is actually stable. So if
Gentoo doesn't have openssl 1.1 in use, there's a really good reason.

This is what is currently "stable" on my Gentoo system running Subversion
(which is a few weeks old - minor updates might be available):
*Apache httpd 2.4.27
*Apache Serf(tm) 1.3.8
*APR 1.5.2
*APR-util 1.5.4
*APR iconv (not installed on my machine)
*Expat 2.2.1
*OpenSSL 1.0.2l
*PCRE 8.41
*SQLite 3.19.3
*ZLib 1.2.11

Specifically, in the case of openssl, I found this bug tracking all the
compatibility problems: https://bugs.gentoo.org/592438 . Seems like you
probably want to stay away from it.

Eric.

On Tue, Nov 21, 2017 at 7:11 AM, Cooke, Mark <
Post by Cooke, Mark
Hello,
Is there any support for building svn with OpenSSL 1.1.0 yet? I did a
search in the archives and only came up with Stefan's MaxSVN build which
has so far excluded the update from 1.0.2 [1] but that was back in February?
[1] https://svn.haxx.se/dev/archive-2017-02/0145.shtml
I managed to build httpd with apr 1.6.2 and OpenSSL 1.1.0g (using `
cvtdsp.pl -ossl11`) but the subversion build has 113 errors and I am
wondering if this is worth persevering with?
If not, is the MaxSVN dependency list about the best recommendation?
*Apache httpd 2.4.23 (.29)
*Apache Serf(tm) 1.3.9
*APR 1.5.2 (1.6.3)
*APR-util 1.5.4 (1.6.1)
*APR iconv 1.2.1 (1.2.2)
*Expat 2.2.0 (2.2.5)
*OpenSSL 1.0.2j (.2m)
*PCRE 8.39 (8.41)
*SQLite 3.15.1 (amalgamation) (3.21)
*ZLib 1.2.8 (1.2.11)
...subject to security updates of course (brackets show latest version at time of writing)!
Thanks,
~ Mark C
Branko Čibej
2017-11-21 21:01:06 UTC
Permalink
Post by Eric Johnson
I don't know if this helps, but I run Subversion on a Gentoo system,
which is constantly upgrading to newer versions of software. Gentoo
does a really good job of only marking stuff stable when it is
actually stable. So if Gentoo doesn't have openssl 1.1 in use, there's
a really good reason.
This is what is currently "stable" on my Gentoo system running
Not-so-minor updates are, in fact available. :)
Post by Eric Johnson
*Apache httpd 2.4.27
*Apache Serf(tm) 1.3.8
Should be 1.3.9.
Post by Eric Johnson
*APR 1.5.2
Should be 1.6.3.
Post by Eric Johnson
*APR-util 1.5.4
Should be 1.6.1.
Post by Eric Johnson
*APR iconv (not installed on my machine)
Not needed in Unix-like environments that have libiconv generally
available. Not needed on Windows because we use the native character
encoding conversion functions (since ... I don't recall when, but it's
been quite a while).
Post by Eric Johnson
*Expat 2.2.1
*OpenSSL 1.0.2l
*PCRE 8.41
I have _no_ idea how PCRE got on this list. Subversion itself does not
use it, nor, as far as I'm aware, do Serf, APR or APR-Util.
Post by Eric Johnson
*SQLite 3.19.3
*ZLib 1.2.11
Specifically, in the case of openssl, I found this bug tracking all
the compatibility problems: https://bugs.gentoo.org/592438 . Seems
like you probably want to stay away from it.
Serf trunk can be compiled with 1.1, but I'm not sure how far along the
1.3.x release branch is. Whilst OpenSSL 1.1 has made some really
unfortunate decisions that break API compatibility with the 1.0.x line,
there are also a number of serious bugs fixed in it ...

-- Brane
Cooke, Mark
2017-11-22 06:28:42 UTC
Permalink
-----Original Message-----
Sent: 21 November 2017 21:01
Post by Eric Johnson
I don't know if this helps, but I run Subversion on a Gentoo system,
which is constantly upgrading to newer versions of software. Gentoo
does a really good job of only marking stuff stable when it is
actually stable. So if Gentoo doesn't have openssl 1.1 in use, there's
a really good reason.
This is what is currently "stable" on my Gentoo system running
Not-so-minor updates are, in fact available. :)
Post by Eric Johnson
*Apache httpd 2.4.27
*Apache Serf(tm) 1.3.8
Should be 1.3.9.
Post by Eric Johnson
*APR 1.5.2
Should be 1.6.3.
Post by Eric Johnson
*APR-util 1.5.4
Should be 1.6.1.
Post by Eric Johnson
*APR iconv (not installed on my machine)
Not needed in Unix-like environments that have libiconv generally available. Not needed on Windows
because we use the native character encoding conversion functions (since ... I don't recall when, but
it's been quite a while).
Post by Eric Johnson
*Expat 2.2.1
*OpenSSL 1.0.2l
*PCRE 8.41
I have _no_ idea how PCRE got on this list. Subversion itself does not use it, nor, as far as I'm
aware, do Serf, APR or APR-Util.
I imagine that APR-iconv and PCRE are in the MaxSVN list (and mine) due to building apache httpd as well?
Post by Eric Johnson
*SQLite 3.19.3
*ZLib 1.2.11
Specifically, in the case of openssl, I found this bug tracking all
the compatibility problems: https://bugs.gentoo.org/592438 . Seems
like you probably want to stay away from it.
Serf trunk can be compiled with 1.1, but I'm not sure how far along the 1.3.x release branch is.
Whilst OpenSSL 1.1 has made some really unfortunate decisions that break API compatibility with the
1.0.x line, there are also a number of serious bugs fixed in it ...
-- Brane
...so is svn still waiting on support in other packages? Bottom line is that I should still use the 1.0.2 line f
Branko Čibej
2017-11-22 10:04:08 UTC
Permalink
Post by Cooke, Mark
-----Original Message-----
Sent: 21 November 2017 21:01
Post by Eric Johnson
I don't know if this helps, but I run Subversion on a Gentoo system,
which is constantly upgrading to newer versions of software. Gentoo
does a really good job of only marking stuff stable when it is
actually stable. So if Gentoo doesn't have openssl 1.1 in use, there's
a really good reason.
This is what is currently "stable" on my Gentoo system running
Not-so-minor updates are, in fact available. :)
Post by Eric Johnson
*Apache httpd 2.4.27
*Apache Serf(tm) 1.3.8
Should be 1.3.9.
Post by Eric Johnson
*APR 1.5.2
Should be 1.6.3.
Post by Eric Johnson
*APR-util 1.5.4
Should be 1.6.1.
Post by Eric Johnson
*APR iconv (not installed on my machine)
Not needed in Unix-like environments that have libiconv generally available. Not needed on Windows
because we use the native character encoding conversion functions (since ... I don't recall when, but
it's been quite a while).
Post by Eric Johnson
*Expat 2.2.1
*OpenSSL 1.0.2l
*PCRE 8.41
I have _no_ idea how PCRE got on this list. Subversion itself does not use it, nor, as far as I'm
aware, do Serf, APR or APR-Util.
I imagine that APR-iconv and PCRE are in the MaxSVN list (and mine) due to building apache httpd as well?
That's possible; HTTPD does use PCRE and possibly APR-iconv (on Windows).
Post by Cooke, Mark
Post by Eric Johnson
*SQLite 3.19.3
*ZLib 1.2.11
Specifically, in the case of openssl, I found this bug tracking all
the compatibility problems: https://bugs.gentoo.org/592438 . Seems
like you probably want to stay away from it.
Serf trunk can be compiled with 1.1, but I'm not sure how far along the 1.3.x release branch is.
Whilst OpenSSL 1.1 has made some really unfortunate decisions that break API compatibility with the
1.0.x line, there are also a number of serious bugs fixed in it ...
-- Brane
...so is svn still waiting on support in other packages?
Subversion does not use OpenSSL directly. It uses Serf, which in turn
uses OpenSSL to support HTTPS.
Post by Cooke, Mark
Bottom line is that I should still use the 1.0.2 line for now?
Yes.

-- Brane

Loading...