diff --git a/httpd-2.4.37-r1828172+.patch b/httpd-2.4.41-r1828172+.patch similarity index 94% rename from httpd-2.4.37-r1828172+.patch rename to httpd-2.4.41-r1828172+.patch index 822cccf..534acef 100644 --- a/httpd-2.4.37-r1828172+.patch +++ b/httpd-2.4.41-r1828172+.patch @@ -1,10 +1,12 @@ -# ./pullrev.sh 1828172 1862968 1863191 +# ./pullrev.sh 1828172 1862968 1863191 1867878 1867882 http://svn.apache.org/viewvc?view=revision&revision=1828172 http://svn.apache.org/viewvc?view=revision&revision=1862968 http://svn.apache.org/viewvc?view=revision&revision=1863191 +http://svn.apache.org/viewvc?view=revision&revision=1867878 +http://svn.apache.org/viewvc?view=revision&revision=1867882 ---- httpd-2.4.37/modules/generators/mod_cgi.c -+++ httpd-2.4.37/modules/generators/mod_cgi.c +--- httpd-2.4.41/modules/generators/mod_cgi.c ++++ httpd-2.4.41/modules/generators/mod_cgi.c @@ -92,6 +92,10 @@ apr_size_t bufbytes; } cgi_server_conf; @@ -287,16 +289,19 @@ http://svn.apache.org/viewvc?view=revision&revision=1863191 if (strcmp(r->handler, CGI_MAGIC_TYPE) && strcmp(r->handler, "cgi-script")) { return DECLINED; -@@ -928,7 +775,7 @@ - apr_file_pipe_timeout_set(script_in, 0); - apr_file_pipe_timeout_set(script_err, 0); +@@ -925,10 +772,7 @@ + AP_DEBUG_ASSERT(script_in != NULL); + #if APR_FILES_AS_SOCKETS +- apr_file_pipe_timeout_set(script_in, 0); +- apr_file_pipe_timeout_set(script_err, 0); +- - b = cgi_bucket_create(r, script_in, script_err, c->bucket_alloc); + b = cgi_bucket_create(r, dc->timeout, script_in, script_err, c->bucket_alloc); if (b == NULL) return HTTP_INTERNAL_SERVER_ERROR; #else -@@ -985,7 +832,7 @@ +@@ -985,7 +829,7 @@ * stderr output, as normal. */ discard_script_output(bb); apr_brigade_destroy(bb); @@ -305,7 +310,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1863191 log_script_err(r, script_err); } -@@ -1036,7 +883,7 @@ +@@ -1036,7 +880,7 @@ * connection drops or we stopped sending output for some other * reason */ if (rv == APR_SUCCESS && !r->connection->aborted) { @@ -314,7 +319,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1863191 log_script_err(r, script_err); } -@@ -1277,7 +1124,7 @@ +@@ -1277,7 +1121,7 @@ AP_DECLARE_MODULE(cgi) = { STANDARD20_MODULE_STUFF, @@ -323,8 +328,8 @@ http://svn.apache.org/viewvc?view=revision&revision=1863191 NULL, /* dir merger --- default is to override */ create_cgi_config, /* server config */ merge_cgi_config, /* merge server config */ ---- httpd-2.4.37/modules/generators/mod_cgid.c -+++ httpd-2.4.37/modules/generators/mod_cgid.c +--- httpd-2.4.41/modules/generators/mod_cgid.c ++++ httpd-2.4.41/modules/generators/mod_cgid.c @@ -342,15 +342,19 @@ return close(fd); } @@ -350,7 +355,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1863191 do { do { rc = read(fd, buf + bytes_read, buf_size - bytes_read); -@@ -365,9 +369,52 @@ +@@ -365,9 +369,60 @@ } } while (bytes_read < buf_size); @@ -366,11 +371,12 @@ http://svn.apache.org/viewvc?view=revision&revision=1863191 + + msg.msg_iov = &vec; + msg.msg_iovlen = 1; -+ -+ msg.msg_control = u.buf; -+ msg.msg_controllen = sizeof(u.buf); + -+ if (errfd) *errfd = 0; ++ if (errfd) { ++ msg.msg_control = u.buf; ++ msg.msg_controllen = sizeof(u.buf); ++ *errfd = 0; ++ } + + /* use MSG_WAITALL to skip loop on truncated reads */ + do { @@ -380,10 +386,17 @@ http://svn.apache.org/viewvc?view=revision&revision=1863191 + if (rc == 0) { + return ECONNRESET; + } -+ -+ cmsg = CMSG_FIRSTHDR(&msg); ++ else if (rc < 0) { ++ return errno; ++ } ++ else if (rc != buf_size) { ++ /* MSG_WAITALL should ensure the recvmsg blocks until the ++ * entire length is read, but let's be paranoid. */ ++ return APR_INCOMPLETE; ++ } ++ + if (errfd -+ && cmsg ++ && (cmsg = CMSG_FIRSTHDR(&msg)) != NULL + && cmsg->cmsg_len == CMSG_LEN(sizeof(*errfd)) + && cmsg->cmsg_level == SOL_SOCKET + && cmsg->cmsg_type == SCM_RIGHTS) { @@ -403,7 +416,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1863191 /* deal with signals */ static apr_status_t sock_write(int fd, const void *buf, size_t buf_size) -@@ -384,7 +431,7 @@ +@@ -384,7 +439,7 @@ return APR_SUCCESS; } @@ -412,7 +425,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1863191 { va_list ap; int rc; -@@ -399,9 +446,39 @@ +@@ -399,9 +454,39 @@ } va_end(ap); @@ -452,7 +465,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1863191 if (rc < 0) { return errno; } -@@ -410,7 +487,7 @@ +@@ -410,7 +495,7 @@ } static apr_status_t get_req(int fd, request_rec *r, char **argv0, char ***env, @@ -461,7 +474,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1863191 { int i; char **environ; -@@ -421,7 +498,7 @@ +@@ -421,7 +506,7 @@ r->server = apr_pcalloc(r->pool, sizeof(server_rec)); /* read the request header */ @@ -470,7 +483,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1863191 if (stat != APR_SUCCESS) { return stat; } -@@ -479,14 +556,15 @@ +@@ -479,14 +564,15 @@ return APR_SUCCESS; } @@ -488,7 +501,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1863191 if (ugid == NULL) { -@@ -507,16 +585,21 @@ +@@ -507,16 +593,21 @@ req.args_len = r->args ? strlen(r->args) : 0; req.loglevel = r->server->log.level; @@ -512,7 +525,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1863191 &req, sizeof(req), r->filename, req.filename_len, argv0, req.argv0_len, -@@ -531,7 +614,7 @@ +@@ -531,7 +622,7 @@ for (i = 0; i < req.env_count; i++) { apr_size_t curlen = strlen(env[i]); @@ -521,7 +534,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1863191 env[i], curlen)) != APR_SUCCESS) { return stat; } -@@ -582,20 +665,34 @@ +@@ -582,20 +673,34 @@ } } @@ -564,7 +577,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1863191 } static int cgid_server(void *data) -@@ -669,7 +766,7 @@ +@@ -669,7 +774,7 @@ } while (!daemon_should_exit) { @@ -573,7 +586,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1863191 char *argv0 = NULL; char **env = NULL; const char * const *argv; -@@ -709,7 +806,7 @@ +@@ -709,7 +814,7 @@ r = apr_pcalloc(ptrans, sizeof(request_rec)); procnew = apr_pcalloc(ptrans, sizeof(*procnew)); r->pool = ptrans; @@ -582,7 +595,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1863191 if (stat != APR_SUCCESS) { ap_log_error(APLOG_MARK, APLOG_ERR, stat, main_server, APLOGNO(01248) -@@ -741,6 +838,16 @@ +@@ -741,6 +846,16 @@ continue; } @@ -599,7 +612,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1863191 apr_os_file_put(&r->server->error_log, &errfileno, 0, r->pool); apr_os_file_put(&inout, &sd2, 0, r->pool); -@@ -800,7 +907,10 @@ +@@ -800,7 +915,10 @@ close(sd2); } else { @@ -611,7 +624,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1863191 argv = (const char * const *)create_argv(r->pool, NULL, NULL, NULL, argv0, r->args); -@@ -1099,6 +1209,33 @@ +@@ -1099,6 +1217,33 @@ return ret; } @@ -645,7 +658,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1863191 static int log_script(request_rec *r, cgid_server_conf * conf, int ret, char *dbuf, const char *sbuf, apr_bucket_brigade *bb, apr_file_t *script_err) -@@ -1204,6 +1341,11 @@ +@@ -1204,6 +1349,11 @@ return ret; } @@ -657,7 +670,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1863191 static int connect_to_daemon(int *sdptr, request_rec *r, cgid_server_conf *conf) { -@@ -1395,6 +1537,7 @@ +@@ -1395,6 +1545,7 @@ static int cgid_handler(request_rec *r) { @@ -665,7 +678,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1863191 int retval, nph, dbpos; char *argv0, *dbuf; apr_bucket_brigade *bb; -@@ -1404,10 +1547,11 @@ +@@ -1404,10 +1555,11 @@ int seen_eos, child_stopped_reading; int sd; char **env; @@ -678,7 +691,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1863191 if (strcmp(r->handler, CGI_MAGIC_TYPE) && strcmp(r->handler, "cgi-script")) { return DECLINED; -@@ -1416,7 +1560,7 @@ +@@ -1416,7 +1568,7 @@ conf = ap_get_module_config(r->server->module_config, &cgid_module); dc = ap_get_module_config(r->per_dir_config, &cgid_module); @@ -687,7 +700,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1863191 is_included = !strcmp(r->protocol, "INCLUDED"); if ((argv0 = strrchr(r->filename, '/')) != NULL) { -@@ -1469,6 +1613,17 @@ +@@ -1469,6 +1621,17 @@ } */ @@ -705,7 +718,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1863191 /* * httpd core function used to add common environment variables like * DOCUMENT_ROOT. -@@ -1481,12 +1636,16 @@ +@@ -1481,12 +1644,16 @@ return retval; } @@ -723,7 +736,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1863191 info = apr_palloc(r->pool, sizeof(struct cleanup_script_info)); info->conf = conf; info->r = r; -@@ -1508,12 +1667,7 @@ +@@ -1508,12 +1675,7 @@ */ apr_os_pipe_put_ex(&tempsock, &sd, 1, r->pool); @@ -737,7 +750,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1863191 apr_pool_cleanup_kill(r->pool, (void *)((long)sd), close_unix_socket); /* Transfer any put/post args, CERN style... -@@ -1605,23 +1759,28 @@ +@@ -1605,23 +1767,28 @@ */ shutdown(sd, 1); @@ -774,7 +787,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1863191 /* * ret could be HTTP_NOT_MODIFIED in the case that the CGI script -@@ -1658,6 +1817,11 @@ +@@ -1658,6 +1825,11 @@ /* Soak up all the script output */ discard_script_output(bb); apr_brigade_destroy(bb); @@ -786,7 +799,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1863191 /* This redirect needs to be a GET no matter what the original * method was. */ -@@ -1690,7 +1854,6 @@ +@@ -1690,7 +1862,6 @@ } if (nph) { @@ -794,7 +807,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1863191 struct ap_filter_t *cur; /* get rid of all filters up through protocol... since we -@@ -1704,14 +1867,20 @@ +@@ -1704,14 +1875,20 @@ } r->output_filters = r->proto_output_filters = cur; @@ -821,7 +834,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1863191 return OK; /* NOT r->status, even if it has changed. */ } -@@ -1829,7 +1998,7 @@ +@@ -1829,7 +2006,7 @@ return retval; } @@ -830,8 +843,8 @@ http://svn.apache.org/viewvc?view=revision&revision=1863191 info = apr_palloc(r->pool, sizeof(struct cleanup_script_info)); info->conf = conf; ---- httpd-2.4.37/modules/generators/config5.m4 -+++ httpd-2.4.37/modules/generators/config5.m4 +--- httpd-2.4.41/modules/generators/config5.m4 ++++ httpd-2.4.41/modules/generators/config5.m4 @@ -78,4 +78,15 @@ APR_ADDTO(INCLUDES, [-I\$(top_srcdir)/$modpath_current]) @@ -848,9 +861,9 @@ http://svn.apache.org/viewvc?view=revision&revision=1863191 +]) + APACHE_MODPATH_FINISH ---- httpd-2.4.37/modules/generators/cgi_common.h -+++ httpd-2.4.37/modules/generators/cgi_common.h -@@ -0,0 +1,216 @@ +--- httpd-2.4.41/modules/generators/cgi_common.h ++++ httpd-2.4.41/modules/generators/cgi_common.h +@@ -0,0 +1,220 @@ +/* Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. @@ -902,6 +915,10 @@ http://svn.apache.org/viewvc?view=revision&revision=1863191 + apr_pollfd_t fd; + struct cgi_bucket_data *data = apr_palloc(r->pool, sizeof *data); + ++ /* Disable APR timeout handling since we'll use poll() entirely. */ ++ apr_file_pipe_timeout_set(out, 0); ++ apr_file_pipe_timeout_set(err, 0); ++ + APR_BUCKET_INIT(b); + b->free = apr_bucket_free; + b->list = list; diff --git a/httpd.spec b/httpd.spec index 416a207..06fe8c5 100644 --- a/httpd.spec +++ b/httpd.spec @@ -13,7 +13,7 @@ Summary: Apache HTTP Server Name: httpd Version: 2.4.41 -Release: 3%{?dist} +Release: 4%{?dist} URL: https://httpd.apache.org/ Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 Source2: httpd.logrotate @@ -76,7 +76,7 @@ Patch38: httpd-2.4.34-sslciphdefault.patch Patch39: httpd-2.4.37-sslprotdefault.patch Patch40: httpd-2.4.39-r1861269.patch Patch41: httpd-2.4.37-r1861793+.patch -Patch42: httpd-2.4.37-r1828172+.patch +Patch42: httpd-2.4.41-r1828172+.patch # Bug fixes # https://bugzilla.redhat.com/show_bug.cgi?id=1397243 @@ -740,6 +740,9 @@ exit $rv %{_rpmconfigdir}/macros.d/macros.httpd %changelog +* Wed Oct 2 2019 Joe Orton - 2.4.41-4 +- mod_cgid: possible stdout timeout handling fix (#1757683) + * Wed Sep 25 2019 Joe Orton - 2.4.41-3 - mod_ssl: restore dependency on /usr/bin/hostname (#1135118) diff --git a/pullrev.sh b/pullrev.sh index 5494c7e..efe221f 100755 --- a/pullrev.sh +++ b/pullrev.sh @@ -7,7 +7,7 @@ fi repo="https://svn.apache.org/repos/asf/httpd/httpd/trunk" #repo="https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x" -ver=2.4.37 +ver=2.4.41 prefix="httpd-${ver}" suffix="r$1${2:++}" fn="${prefix}-${suffix}.patch" @@ -36,7 +36,7 @@ for r in $*; do echo "+ fetching ${r}" this=`mktemp /tmp/pullrevXXXXXX` svn diff -c ${r} ${repo} | filterdiff --remove-timestamps --clean -x 'CHANGES' -x '*/next-number' -x 'STATUS' \ - --addprefix="${prefix}/" > ${this} + -x '*.xml' --addprefix="${prefix}/" > ${this} next=`mktemp /tmp/pullrevXXXXXX` combinediff --quiet ${prev} ${this} > ${next} rm -f "${this}"