diff --git a/httpd-2.4.51-r1892413+.patch b/httpd-2.4.51-r1892413+.patch new file mode 100644 index 0000000..59e2319 --- /dev/null +++ b/httpd-2.4.51-r1892413+.patch @@ -0,0 +1,156 @@ +# ./pullrev.sh 1892413 1895552 + +https://bugzilla.redhat.com/show_bug.cgi?id=1938740 + +http://svn.apache.org/viewvc?view=revision&revision=1892413 +http://svn.apache.org/viewvc?view=revision&revision=1895552 + +- also mod_cgi/mod_cgid log_flags fix from r1881559 + +--- httpd-2.4.51/modules/filters/mod_deflate.c.r1892413+ ++++ httpd-2.4.51/modules/filters/mod_deflate.c +@@ -1275,44 +1275,46 @@ + if (APR_BUCKET_IS_FLUSH(bkt)) { + apr_bucket *tmp_b; + +- ctx->inflate_total += ctx->stream.avail_out; +- zRC = inflate(&(ctx->stream), Z_SYNC_FLUSH); +- ctx->inflate_total -= ctx->stream.avail_out; +- if (zRC != Z_OK) { +- inflateEnd(&ctx->stream); +- ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(01391) +- "Zlib error %d inflating data (%s)", zRC, +- ctx->stream.msg); +- return APR_EGENERAL; +- } ++ if (!ctx->done) { ++ ctx->inflate_total += ctx->stream.avail_out; ++ zRC = inflate(&(ctx->stream), Z_SYNC_FLUSH); ++ ctx->inflate_total -= ctx->stream.avail_out; ++ if (zRC != Z_OK) { ++ inflateEnd(&ctx->stream); ++ ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(01391) ++ "Zlib error %d inflating data (%s)", zRC, ++ ctx->stream.msg); ++ return APR_EGENERAL; ++ } + +- if (inflate_limit && ctx->inflate_total > inflate_limit) { +- inflateEnd(&ctx->stream); +- ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(02647) +- "Inflated content length of %" APR_OFF_T_FMT +- " is larger than the configured limit" +- " of %" APR_OFF_T_FMT, +- ctx->inflate_total, inflate_limit); +- return APR_ENOSPC; +- } ++ if (inflate_limit && ctx->inflate_total > inflate_limit) { ++ inflateEnd(&ctx->stream); ++ ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(02647) ++ "Inflated content length of %" APR_OFF_T_FMT ++ " is larger than the configured limit" ++ " of %" APR_OFF_T_FMT, ++ ctx->inflate_total, inflate_limit); ++ return APR_ENOSPC; ++ } + +- if (!check_ratio(r, ctx, dc)) { +- inflateEnd(&ctx->stream); +- ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(02805) +- "Inflated content ratio is larger than the " +- "configured limit %i by %i time(s)", +- dc->ratio_limit, dc->ratio_burst); +- return APR_EINVAL; +- } ++ if (!check_ratio(r, ctx, dc)) { ++ inflateEnd(&ctx->stream); ++ ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(02805) ++ "Inflated content ratio is larger than the " ++ "configured limit %i by %i time(s)", ++ dc->ratio_limit, dc->ratio_burst); ++ return APR_EINVAL; ++ } + +- len = c->bufferSize - ctx->stream.avail_out; +- ctx->crc = crc32(ctx->crc, (const Bytef *)ctx->buffer, len); +- tmp_b = apr_bucket_heap_create((char *)ctx->buffer, len, +- NULL, f->c->bucket_alloc); +- APR_BRIGADE_INSERT_TAIL(ctx->proc_bb, tmp_b); ++ len = c->bufferSize - ctx->stream.avail_out; ++ ctx->crc = crc32(ctx->crc, (const Bytef *)ctx->buffer, len); ++ tmp_b = apr_bucket_heap_create((char *)ctx->buffer, len, ++ NULL, f->c->bucket_alloc); ++ APR_BRIGADE_INSERT_TAIL(ctx->proc_bb, tmp_b); + +- ctx->stream.next_out = ctx->buffer; +- ctx->stream.avail_out = c->bufferSize; ++ ctx->stream.next_out = ctx->buffer; ++ ctx->stream.avail_out = c->bufferSize; ++ } + + /* Flush everything so far in the returning brigade, but continue + * reading should EOS/more follow (don't lose them). +--- httpd-2.4.51/modules/generators/mod_cgi.c.r1892413+ ++++ httpd-2.4.51/modules/generators/mod_cgi.c +@@ -191,11 +191,10 @@ + apr_file_t *f = NULL; + apr_finfo_t finfo; + char time_str[APR_CTIME_LEN]; +- int log_flags = rv ? APLOG_ERR : APLOG_ERR; + + /* Intentional no APLOGNO */ + /* Callee provides APLOGNO in error text */ +- ap_log_rerror(APLOG_MARK, log_flags, rv, r, ++ ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, + "%s%s: %s", logno ? logno : "", error, r->filename); + + /* XXX Very expensive mainline case! Open, then getfileinfo! */ +--- httpd-2.4.51/modules/generators/mod_cgid.c.r1892413+ ++++ httpd-2.4.51/modules/generators/mod_cgid.c +@@ -1190,11 +1190,10 @@ + apr_file_t *f = NULL; + struct stat finfo; + char time_str[APR_CTIME_LEN]; +- int log_flags = rv ? APLOG_ERR : APLOG_ERR; + + /* Intentional no APLOGNO */ + /* Callee provides APLOGNO in error text */ +- ap_log_rerror(APLOG_MARK, log_flags, rv, r, ++ ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, + "%s: %s", error, r->filename); + + /* XXX Very expensive mainline case! Open, then getfileinfo! */ +--- httpd-2.4.51/server/mpm_unix.c.r1892413+ ++++ httpd-2.4.51/server/mpm_unix.c +@@ -259,10 +259,12 @@ + while (cur_extra) { + ap_generation_t old_gen; + extra_process_t *next = cur_extra->next; ++ pid_t pid = cur_extra->pid; + +- if (reclaim_one_pid(cur_extra->pid, action_table[cur_action].action)) { +- if (ap_unregister_extra_mpm_process(cur_extra->pid, &old_gen) == 1) { +- mpm_callback(-1, cur_extra->pid, old_gen); ++ if (reclaim_one_pid(pid, action_table[cur_action].action)) { ++ if (ap_unregister_extra_mpm_process(pid, &old_gen) == 1) { ++ /* cur_extra dangling pointer from here. */ ++ mpm_callback(-1, pid, old_gen); + } + else { + AP_DEBUG_ASSERT(1 == 0); +@@ -307,10 +309,12 @@ + while (cur_extra) { + ap_generation_t old_gen; + extra_process_t *next = cur_extra->next; ++ pid_t pid = cur_extra->pid; + +- if (reclaim_one_pid(cur_extra->pid, DO_NOTHING)) { +- if (ap_unregister_extra_mpm_process(cur_extra->pid, &old_gen) == 1) { +- mpm_callback(-1, cur_extra->pid, old_gen); ++ if (reclaim_one_pid(pid, DO_NOTHING)) { ++ if (ap_unregister_extra_mpm_process(pid, &old_gen) == 1) { ++ /* cur_extra dangling pointer from here. */ ++ mpm_callback(-1, pid, old_gen); + } + else { + AP_DEBUG_ASSERT(1 == 0); diff --git a/httpd.spec b/httpd.spec index 225795b..f131b87 100644 --- a/httpd.spec +++ b/httpd.spec @@ -105,7 +105,8 @@ Patch62: httpd-2.4.51-openssl3.patch Patch64: httpd-2.4.48-full-release.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1950011 Patch65: httpd-2.4.51-r1877397.patch - +# https://bugzilla.redhat.com/show_bug.cgi?id=1938740 +Patch66: httpd-2.4.51-r1892413+.patch # Security fixes @@ -261,6 +262,7 @@ written in the Lua programming language. %patch62 -p1 -b .r1876934 %patch64 -p1 -b .full-release %patch65 -p1 -b .r1877397 +%patch66 -p1 -b .r1892413+ # Patch in the vendor string sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h @@ -807,6 +809,9 @@ exit $rv %{_rpmconfigdir}/macros.d/macros.httpd %changelog +* Fri Dec 3 2021 Joe Orton - 2.4.51-2 +- add fixes for static analyzer issues (#1938740) + * Mon Nov 08 2021 Luboš Uhliarik - 2.4.51-2 - Resolves: #2005416 - httpd default configuration changes diff --git a/pullrev.sh b/pullrev.sh index 35818df..87b7cd7 100755 --- a/pullrev.sh +++ b/pullrev.sh @@ -7,7 +7,7 @@ fi repo="https://svn.apache.org/repos/asf/httpd/httpd/trunk" #repo="https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x" -ver=2.4.48 +ver=2.4.51 prefix="httpd-${ver}" suffix="${SUFFIX:-r$1${2:++}}" fn="${prefix}-${suffix}.patch"