From e58323ddbfbd28514af8517281109363d858645a Mon Sep 17 00:00:00 2001
From: Joe Orton <jorton@redhat.com>
Date: Thu, 1 Jul 2021 16:13:47 +0100
Subject: [PATCH] fix env var truncation to 127 bytes (#1961948) suppress
 symbol exports (#1961947)

Resolves: rhbz#1961948
Resolves: rhbz#1961947
---
 mod_fcgid-2.3.9-1024-env-vars.patch   |   4 +-
 mod_fcgid-2.3.9-r1847623.patch        |  16 ++++
 mod_fcgid-2.3.9-r1847624.patch        | 119 ++++++++++++++++++++++++++
 mod_fcgid-2.3.9-r1848311.patch        |  40 +++++++++
 mod_fcgid-2.3.9-segfault-upload.patch |  49 -----------
 mod_fcgid.spec                        |  21 +++--
 6 files changed, 191 insertions(+), 58 deletions(-)
 create mode 100644 mod_fcgid-2.3.9-r1847623.patch
 create mode 100644 mod_fcgid-2.3.9-r1847624.patch
 create mode 100644 mod_fcgid-2.3.9-r1848311.patch
 delete mode 100644 mod_fcgid-2.3.9-segfault-upload.patch

diff --git a/mod_fcgid-2.3.9-1024-env-vars.patch b/mod_fcgid-2.3.9-1024-env-vars.patch
index 5c4cd88..41b9998 100644
--- a/mod_fcgid-2.3.9-1024-env-vars.patch
+++ b/mod_fcgid-2.3.9-1024-env-vars.patch
@@ -1,11 +1,11 @@
 diff --git a/modules/fcgid/fcgid_conf.h b/modules/fcgid/fcgid_conf.h
-index 60aeee8..f803a6e 100644
+index 47d68bb..44da00e 100644
 --- a/modules/fcgid/fcgid_conf.h
 +++ b/modules/fcgid/fcgid_conf.h
 @@ -139,7 +139,7 @@ typedef struct {
   */
  #define INITENV_KEY_LEN 64
- #define INITENV_VAL_LEN 128
+ #define INITENV_VAL_LEN 256
 -#define INITENV_CNT 64
 +#define INITENV_CNT 1024
  typedef struct {
diff --git a/mod_fcgid-2.3.9-r1847623.patch b/mod_fcgid-2.3.9-r1847623.patch
new file mode 100644
index 0000000..bcb59b1
--- /dev/null
+++ b/mod_fcgid-2.3.9-r1847623.patch
@@ -0,0 +1,16 @@
+# ./pullrev.sh 1847623
+http://svn.apache.org/viewvc?view=revision&revision=1847623
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1651310
+
+--- mod_fcgid-2.3.9/modules/fcgid/fcgid_conf.h
++++ mod_fcgid-2.3.9/modules/fcgid/fcgid_conf.h
+@@ -138,7 +138,7 @@
+  * to limit shared memory use
+  */
+ #define INITENV_KEY_LEN 64
+-#define INITENV_VAL_LEN 128
++#define INITENV_VAL_LEN 256
+ #define INITENV_CNT 64
+ typedef struct {
+     char initenv_key[INITENV_CNT][INITENV_KEY_LEN];
diff --git a/mod_fcgid-2.3.9-r1847624.patch b/mod_fcgid-2.3.9-r1847624.patch
new file mode 100644
index 0000000..a25f0de
--- /dev/null
+++ b/mod_fcgid-2.3.9-r1847624.patch
@@ -0,0 +1,119 @@
+# ./pullrev.sh 1847624
+http://svn.apache.org/viewvc?view=revision&revision=1847624
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1654200
+
+--- mod_fcgid-2.3.9/modules/fcgid/fcgid_proc_unix.c
++++ mod_fcgid-2.3.9/modules/fcgid/fcgid_proc_unix.c
+@@ -762,14 +762,18 @@
+     struct iovec vec[FCGID_VEC_COUNT];
+     int nvec = 0;
+     apr_bucket *e;
++    apr_bucket_brigade *tmpbb = apr_brigade_create(output_brigade->p,
++                                                   output_brigade->bucket_alloc);
+ 
+-    for (e = APR_BRIGADE_FIRST(output_brigade);
+-         e != APR_BRIGADE_SENTINEL(output_brigade);
+-         e = APR_BUCKET_NEXT(e)) {
++    while (!APR_BRIGADE_EMPTY(output_brigade))
++    {
++        e = APR_BRIGADE_FIRST(output_brigade);
++
+         apr_size_t len;
+         const char* base;
+ 
+         if (APR_BUCKET_IS_METADATA(e)) {
++            apr_bucket_delete(e);
+             continue;
+         }
+ 
+@@ -780,6 +784,9 @@
+             return rv;
+         }
+ 
++        APR_BUCKET_REMOVE(e);
++        APR_BRIGADE_INSERT_TAIL(tmpbb, e);
++
+         vec[nvec].iov_len = len;
+         vec[nvec].iov_base = (char*) base;
+         if (nvec == (FCGID_VEC_COUNT - 1)) {
+@@ -789,6 +796,7 @@
+                                FCGID_VEC_COUNT)) != APR_SUCCESS)
+                 return rv;
+             nvec = 0;
++            apr_brigade_cleanup(tmpbb);
+         }
+         else
+             nvec++;
+@@ -800,6 +808,7 @@
+             return rv;
+     }
+ 
++    apr_brigade_destroy(tmpbb);
+     return APR_SUCCESS;
+ }
+ 
+--- mod_fcgid-2.3.9/modules/fcgid/fcgid_proc_win.c
++++ mod_fcgid-2.3.9/modules/fcgid/fcgid_proc_win.c
+@@ -380,19 +380,22 @@
+     apr_bucket *bucket_request;
+     apr_status_t rv;
+     DWORD transferred;
++    apr_bucket_brigade *tmpbb = apr_brigade_create(birgade_send->p, 
++                                                   birgade_send->bucket_alloc);
+ 
+     handle_info = (fcgid_namedpipe_handle *) ipc_handle->ipc_handle_info;
+ 
+-    for (bucket_request = APR_BRIGADE_FIRST(birgade_send);
+-         bucket_request != APR_BRIGADE_SENTINEL(birgade_send);
+-         bucket_request = APR_BUCKET_NEXT(bucket_request))
+-    {
++    while (!APR_BRIGADE_EMPTY(birgade_send)) {
+         const char *write_buf;
+         apr_size_t write_buf_len;
+         apr_size_t has_write;
+ 
+-        if (APR_BUCKET_IS_METADATA(bucket_request))
++        bucket_request = APR_BRIGADE_FIRST(birgade_send);
++
++        if (APR_BUCKET_IS_METADATA(bucket_request)) {
++            apr_bucket_delete(bucket_request);
+             continue;
++        }
+ 
+         if ((rv = apr_bucket_read(bucket_request, &write_buf, &write_buf_len,
+                                   APR_BLOCK_READ)) != APR_SUCCESS) {
+@@ -401,6 +404,9 @@
+             return rv;
+         }
+ 
++        APR_BUCKET_REMOVE(bucket_request);
++        APR_BRIGADE_INSERT_TAIL(tmpbb, bucket_request);
++
+         /* Write the buffer to fastcgi server */
+         has_write = 0;
+         while (has_write < write_buf_len) {
+@@ -411,6 +417,7 @@
+                           write_buf_len - has_write,
+                           &byteswrite, &handle_info->overlap_write)) {
+                 has_write += byteswrite;
++                apr_brigade_cleanup(tmpbb);
+                 continue;
+             } else if ((rv = GetLastError()) != ERROR_IO_PENDING) {
+                 ap_log_rerror(APLOG_MARK, APLOG_WARNING,
+@@ -437,6 +444,7 @@
+                         return APR_ESPIPE;
+                     }
+                     has_write += transferred;
++                    apr_brigade_cleanup(tmpbb);
+                     continue;
+                 } else {
+                     ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0,
+@@ -448,6 +456,7 @@
+         }
+     }
+ 
++    apr_brigade_destroy(tmpbb);
+     return APR_SUCCESS;
+ }
+ 
diff --git a/mod_fcgid-2.3.9-r1848311.patch b/mod_fcgid-2.3.9-r1848311.patch
new file mode 100644
index 0000000..181fad3
--- /dev/null
+++ b/mod_fcgid-2.3.9-r1848311.patch
@@ -0,0 +1,40 @@
+# ./pullrev.sh 1848311
+http://svn.apache.org/viewvc?view=revision&revision=1848311
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1655035
+
+--- mod_fcgid-2.3.9/modules/fcgid/config.m4
++++ mod_fcgid-2.3.9/modules/fcgid/config.m4
+@@ -43,6 +43,11 @@
+     AC_CHECK_HEADERS(sys/mman.h)
+     AC_CHECK_HEADERS(sys/mutex.h)
+     AC_CHECK_HEADERS(sys/shm.h)
++    if test "x$enable_fcgid" = "xshared"; then
++       # The only symbol which needs to be exported is the module
++       # structure, so ask libtool to hide everything else:
++       APR_ADDTO(MOD_FCGID_LDADD, [-export-symbols-regex fcgid_module])
++    fi
+ ])
+ 
+ dnl #  end of module specific part
+--- mod_fcgid-2.3.9/modules/fcgid/Makefile.apxs
++++ mod_fcgid-2.3.9/modules/fcgid/Makefile.apxs
+@@ -16,6 +16,7 @@
+ builddir=.
+ srcdir=.
+ 
++MOD_FCGID_LDADD = -export-symbols-regex fcgid_module
+ CLEAN_TARGETS = *.loT
+ include $(exp_installbuilddir)/special.mk
+ 
+--- mod_fcgid-2.3.9/modules/fcgid/modules.mk.apxs
++++ mod_fcgid-2.3.9/modules/fcgid/modules.mk.apxs
+@@ -17,7 +17,7 @@
+ # this is used/needed by the APACHE2 build system
+ #
+ mod_fcgid.la: mod_fcgid.slo fcgid_bridge.slo fcgid_conf.slo fcgid_pm_main.slo fcgid_protocol.slo fcgid_spawn_ctl.slo  fcgid_proctbl_unix.slo fcgid_pm_unix.slo fcgid_proc_unix.slo fcgid_bucket.slo fcgid_filter.slo fcgid_mutex_unix.slo
+-	$(SH_LINK) -rpath $(libexecdir) -module -avoid-version mod_fcgid.lo fcgid_bridge.lo fcgid_conf.lo fcgid_pm_main.lo fcgid_protocol.lo fcgid_spawn_ctl.lo  fcgid_proctbl_unix.lo fcgid_pm_unix.lo fcgid_proc_unix.lo fcgid_bucket.lo fcgid_filter.lo fcgid_mutex_unix.lo
++	$(SH_LINK) -rpath $(libexecdir) -module -avoid-version mod_fcgid.lo fcgid_bridge.lo fcgid_conf.lo fcgid_pm_main.lo fcgid_protocol.lo fcgid_spawn_ctl.lo  fcgid_proctbl_unix.lo fcgid_pm_unix.lo fcgid_proc_unix.lo fcgid_bucket.lo fcgid_filter.lo fcgid_mutex_unix.lo $(MOD_FCGID_LDADD)
+ DISTCLEAN_TARGETS = modules.mk
+ static =
+ shared =  mod_fcgid.la
diff --git a/mod_fcgid-2.3.9-segfault-upload.patch b/mod_fcgid-2.3.9-segfault-upload.patch
deleted file mode 100644
index 099be55..0000000
--- a/mod_fcgid-2.3.9-segfault-upload.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-diff --git a/modules/fcgid/fcgid_proc_unix.c b/modules/fcgid/fcgid_proc_unix.c
-index 218f3f7..8b69a89 100644
---- a/modules/fcgid/fcgid_proc_unix.c
-+++ b/modules/fcgid/fcgid_proc_unix.c
-@@ -762,14 +762,15 @@ apr_status_t proc_write_ipc(fcgid_ipc *ipc_handle,
-     struct iovec vec[FCGID_VEC_COUNT];
-     int nvec = 0;
-     apr_bucket *e;
-+    apr_bucket_brigade* tmpbb = apr_brigade_create(output_brigade->p,output_brigade->bucket_alloc);
- 
--    for (e = APR_BRIGADE_FIRST(output_brigade);
--         e != APR_BRIGADE_SENTINEL(output_brigade);
--         e = APR_BUCKET_NEXT(e)) {
-+    while (!APR_BRIGADE_EMPTY(output_brigade)) {
-+        e = APR_BRIGADE_FIRST(output_brigade);
-         apr_size_t len;
-         const char* base;
- 
-         if (APR_BUCKET_IS_METADATA(e)) {
-+            apr_bucket_delete(e);
-             continue;
-         }
- 
-@@ -780,6 +781,9 @@ apr_status_t proc_write_ipc(fcgid_ipc *ipc_handle,
-             return rv;
-         }
- 
-+        APR_BUCKET_REMOVE(e);
-+        APR_BRIGADE_INSERT_TAIL(tmpbb, e);
-+
-         vec[nvec].iov_len = len;
-         vec[nvec].iov_base = (char*) base;
-         if (nvec == (FCGID_VEC_COUNT - 1)) {
-@@ -789,6 +793,7 @@ apr_status_t proc_write_ipc(fcgid_ipc *ipc_handle,
-                                FCGID_VEC_COUNT)) != APR_SUCCESS)
-                 return rv;
-             nvec = 0;
-+            apr_brigade_cleanup(tmpbb);
-         }
-         else
-             nvec++;
-@@ -800,6 +805,7 @@ apr_status_t proc_write_ipc(fcgid_ipc *ipc_handle,
-             return rv;
-     }
- 
-+    apr_brigade_destroy(tmpbb);
-     return APR_SUCCESS;
- }
- 
diff --git a/mod_fcgid.spec b/mod_fcgid.spec
index 9267d0f..41f8fba 100644
--- a/mod_fcgid.spec
+++ b/mod_fcgid.spec
@@ -10,9 +10,11 @@ Source3:	mod_fcgid-2.1-README.SELinux
 Source4:	mod_fcgid-tmpfs.conf
 Source5:	fcgid24.conf
 Patch0:		mod_fcgid-2.3.4-fixconf-shellbang.patch
-Patch1:		mod_fcgid-2.3.9-segfault-upload.patch
-Patch2:		mod_fcgid-2.3.9-r1848298.patch
-Patch3:		mod_fcgid-2.3.9-1024-env-vars.patch
+Patch1:         mod_fcgid-2.3.9-r1847623.patch
+Patch2:		mod_fcgid-2.3.9-1024-env-vars.patch
+Patch3:         mod_fcgid-2.3.9-r1847624.patch
+Patch4:		mod_fcgid-2.3.9-r1848298.patch
+Patch5:		mod_fcgid-2.3.9-r1848311.patch
 BuildRequires:	coreutils
 BuildRequires:	gcc
 BuildRequires:	httpd-devel >= 2.4
@@ -40,10 +42,11 @@ cp -p %{SOURCE5} fcgid24.conf
 %patch0 -p1
 %endif
 
-%patch1 -p1 -b .segfault_upload
-%patch2 -p1 -b .r1848298
-%patch3 -p1 -b .1024_env_vars
-
+%patch1 -p1 -b .r1847623
+%patch2 -p1 -b .1024_env_vars
+%patch3 -p1 -b .r1847624
+%patch4 -p1 -b .r1848298
+%patch5 -p1 -b .r1848311
 %build
 APXS=%{_httpd_apxs} ./configure.apxs
 make
@@ -76,6 +79,10 @@ install -p -m 644 %{SOURCE4} %{buildroot}%{_tmpfilesdir}/mod_fcgid.conf
 %dir %attr(0775,root,apache) /run/mod_fcgid/
 
 %changelog
+* Thu Jul  1 2021 Joe Orton <jorton@redhat.com> - 2.3.9-26
+- fix env var truncation to 127 bytes (#1961948)
+- suppress symbol exports (#1961947)
+
 * Tue May 18 2021 Lubos Uhliarik <luhliari@redhat.com> - 2.3.9-26
 - Resolves: #1958882 - mod_fcgid does not pass more than 64 variables to an FCGI
   server process environment