rpms/mod_fcgid
5
0
Fork 0
Code Issues Pull Requests Releases Activity

fix env var truncation to 127 bytes (#1961948)

Browse Source 
suppress symbol exports (#1961947)

Resolves: rhbz#1961948
Resolves: rhbz#1961947
This commit is contained in:
Joe Orton 2021-07-01 16:13:47 +01:00
parent 92925931b5
commit e58323ddbf
6 changed files with 191 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
mod_fcgid-2.3.9-1024-env-vars.patch
View File

@ -1,11 +1,11 @@
diff --git a/modules/fcgid/fcgid_conf.h b/modules/fcgid/fcgid_conf.h diff --git a/modules/fcgid/fcgid_conf.h b/modules/fcgid/fcgid_conf.h
index 60aeee8..f803a6e 100644 index 47d68bb..44da00e 100644
--- a/modules/fcgid/fcgid_conf.h --- a/modules/fcgid/fcgid_conf.h
+++ b/modules/fcgid/fcgid_conf.h +++ b/modules/fcgid/fcgid_conf.h
@@ -139,7 +139,7 @@ typedef struct { @@ -139,7 +139,7 @@ typedef struct {
*/ */
#define INITENV_KEY_LEN 64 #define INITENV_KEY_LEN 64
#define INITENV_VAL_LEN 128 #define INITENV_VAL_LEN 256
-#define INITENV_CNT 64 -#define INITENV_CNT 64
+#define INITENV_CNT 1024 +#define INITENV_CNT 1024
typedef struct { typedef struct {

16
mod_fcgid-2.3.9-r1847623.patch Normal file
View File

@ -0,0 +1,16 @@
# ./pullrev.sh 1847623
http://svn.apache.org/viewvc?view=revision&revision=1847623
https://bugzilla.redhat.com/show_bug.cgi?id=1651310
--- mod_fcgid-2.3.9/modules/fcgid/fcgid_conf.h
+++ mod_fcgid-2.3.9/modules/fcgid/fcgid_conf.h
@@ -138,7 +138,7 @@
* to limit shared memory use
*/
#define INITENV_KEY_LEN 64
-#define INITENV_VAL_LEN 128
+#define INITENV_VAL_LEN 256
#define INITENV_CNT 64
typedef struct {
char initenv_key[INITENV_CNT][INITENV_KEY_LEN];

119
mod_fcgid-2.3.9-r1847624.patch Normal file
View File

@ -0,0 +1,119 @@
# ./pullrev.sh 1847624
http://svn.apache.org/viewvc?view=revision&revision=1847624
https://bugzilla.redhat.com/show_bug.cgi?id=1654200
--- mod_fcgid-2.3.9/modules/fcgid/fcgid_proc_unix.c
+++ mod_fcgid-2.3.9/modules/fcgid/fcgid_proc_unix.c
@@ -762,14 +762,18 @@
struct iovec vec[FCGID_VEC_COUNT];
int nvec = 0;
apr_bucket *e;
+ apr_bucket_brigade *tmpbb = apr_brigade_create(output_brigade->p,
+ output_brigade->bucket_alloc);
- for (e = APR_BRIGADE_FIRST(output_brigade);
- e != APR_BRIGADE_SENTINEL(output_brigade);
- e = APR_BUCKET_NEXT(e)) {
+ while (!APR_BRIGADE_EMPTY(output_brigade))
+ {
+ e = APR_BRIGADE_FIRST(output_brigade);
+
apr_size_t len;
const char* base;
if (APR_BUCKET_IS_METADATA(e)) {
+ apr_bucket_delete(e);
continue;
}
@@ -780,6 +784,9 @@
return rv;
}
+ APR_BUCKET_REMOVE(e);
+ APR_BRIGADE_INSERT_TAIL(tmpbb, e);
+
vec[nvec].iov_len = len;
vec[nvec].iov_base = (char*) base;
if (nvec == (FCGID_VEC_COUNT - 1)) {
@@ -789,6 +796,7 @@
FCGID_VEC_COUNT)) != APR_SUCCESS)
return rv;
nvec = 0;
+ apr_brigade_cleanup(tmpbb);
}
else
nvec++;
@@ -800,6 +808,7 @@
return rv;
}
+ apr_brigade_destroy(tmpbb);
return APR_SUCCESS;
}
--- mod_fcgid-2.3.9/modules/fcgid/fcgid_proc_win.c
+++ mod_fcgid-2.3.9/modules/fcgid/fcgid_proc_win.c
@@ -380,19 +380,22 @@
apr_bucket *bucket_request;
apr_status_t rv;
DWORD transferred;
+ apr_bucket_brigade *tmpbb = apr_brigade_create(birgade_send->p,
+ birgade_send->bucket_alloc);
handle_info = (fcgid_namedpipe_handle *) ipc_handle->ipc_handle_info;
- for (bucket_request = APR_BRIGADE_FIRST(birgade_send);
- bucket_request != APR_BRIGADE_SENTINEL(birgade_send);
- bucket_request = APR_BUCKET_NEXT(bucket_request))
- {
+ while (!APR_BRIGADE_EMPTY(birgade_send)) {
const char *write_buf;
apr_size_t write_buf_len;
apr_size_t has_write;
- if (APR_BUCKET_IS_METADATA(bucket_request))
+ bucket_request = APR_BRIGADE_FIRST(birgade_send);
+
+ if (APR_BUCKET_IS_METADATA(bucket_request)) {
+ apr_bucket_delete(bucket_request);
continue;
+ }
if ((rv = apr_bucket_read(bucket_request, &write_buf, &write_buf_len,
APR_BLOCK_READ)) != APR_SUCCESS) {
@@ -401,6 +404,9 @@
return rv;
}
+ APR_BUCKET_REMOVE(bucket_request);
+ APR_BRIGADE_INSERT_TAIL(tmpbb, bucket_request);
+
/* Write the buffer to fastcgi server */
has_write = 0;
while (has_write < write_buf_len) {
@@ -411,6 +417,7 @@
write_buf_len - has_write,
&byteswrite, &handle_info->overlap_write)) {
has_write += byteswrite;
+ apr_brigade_cleanup(tmpbb);
continue;
} else if ((rv = GetLastError()) != ERROR_IO_PENDING) {
ap_log_rerror(APLOG_MARK, APLOG_WARNING,
@@ -437,6 +444,7 @@
return APR_ESPIPE;
}
has_write += transferred;
+ apr_brigade_cleanup(tmpbb);
continue;
} else {
ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0,
@@ -448,6 +456,7 @@
}
}
+ apr_brigade_destroy(tmpbb);
return APR_SUCCESS;
}

40
mod_fcgid-2.3.9-r1848311.patch Normal file
View File

@ -0,0 +1,40 @@
# ./pullrev.sh 1848311
http://svn.apache.org/viewvc?view=revision&revision=1848311
https://bugzilla.redhat.com/show_bug.cgi?id=1655035
--- mod_fcgid-2.3.9/modules/fcgid/config.m4
+++ mod_fcgid-2.3.9/modules/fcgid/config.m4
@@ -43,6 +43,11 @@
AC_CHECK_HEADERS(sys/mman.h)
AC_CHECK_HEADERS(sys/mutex.h)
AC_CHECK_HEADERS(sys/shm.h)
+ if test "x$enable_fcgid" = "xshared"; then
+ # The only symbol which needs to be exported is the module
+ # structure, so ask libtool to hide everything else:
+ APR_ADDTO(MOD_FCGID_LDADD, [-export-symbols-regex fcgid_module])
+ fi
])
dnl # end of module specific part
--- mod_fcgid-2.3.9/modules/fcgid/Makefile.apxs
+++ mod_fcgid-2.3.9/modules/fcgid/Makefile.apxs
@@ -16,6 +16,7 @@
builddir=.
srcdir=.
+MOD_FCGID_LDADD = -export-symbols-regex fcgid_module
CLEAN_TARGETS = *.loT
include $(exp_installbuilddir)/special.mk
--- mod_fcgid-2.3.9/modules/fcgid/modules.mk.apxs
+++ mod_fcgid-2.3.9/modules/fcgid/modules.mk.apxs
@@ -17,7 +17,7 @@
# this is used/needed by the APACHE2 build system
#
mod_fcgid.la: mod_fcgid.slo fcgid_bridge.slo fcgid_conf.slo fcgid_pm_main.slo fcgid_protocol.slo fcgid_spawn_ctl.slo fcgid_proctbl_unix.slo fcgid_pm_unix.slo fcgid_proc_unix.slo fcgid_bucket.slo fcgid_filter.slo fcgid_mutex_unix.slo
- $(SH_LINK) -rpath $(libexecdir) -module -avoid-version mod_fcgid.lo fcgid_bridge.lo fcgid_conf.lo fcgid_pm_main.lo fcgid_protocol.lo fcgid_spawn_ctl.lo fcgid_proctbl_unix.lo fcgid_pm_unix.lo fcgid_proc_unix.lo fcgid_bucket.lo fcgid_filter.lo fcgid_mutex_unix.lo
+ $(SH_LINK) -rpath $(libexecdir) -module -avoid-version mod_fcgid.lo fcgid_bridge.lo fcgid_conf.lo fcgid_pm_main.lo fcgid_protocol.lo fcgid_spawn_ctl.lo fcgid_proctbl_unix.lo fcgid_pm_unix.lo fcgid_proc_unix.lo fcgid_bucket.lo fcgid_filter.lo fcgid_mutex_unix.lo $(MOD_FCGID_LDADD)
DISTCLEAN_TARGETS = modules.mk
static =
shared = mod_fcgid.la

49
mod_fcgid-2.3.9-segfault-upload.patch
View File

@ -1,49 +0,0 @@
diff --git a/modules/fcgid/fcgid_proc_unix.c b/modules/fcgid/fcgid_proc_unix.c
index 218f3f7..8b69a89 100644
--- a/modules/fcgid/fcgid_proc_unix.c
+++ b/modules/fcgid/fcgid_proc_unix.c
@@ -762,14 +762,15 @@ apr_status_t proc_write_ipc(fcgid_ipc *ipc_handle,
struct iovec vec[FCGID_VEC_COUNT];
int nvec = 0;
apr_bucket *e;
+ apr_bucket_brigade* tmpbb = apr_brigade_create(output_brigade->p,output_brigade->bucket_alloc);
- for (e = APR_BRIGADE_FIRST(output_brigade);
- e != APR_BRIGADE_SENTINEL(output_brigade);
- e = APR_BUCKET_NEXT(e)) {
+ while (!APR_BRIGADE_EMPTY(output_brigade)) {
+ e = APR_BRIGADE_FIRST(output_brigade);
apr_size_t len;
const char* base;
if (APR_BUCKET_IS_METADATA(e)) {
+ apr_bucket_delete(e);
continue;
}
@@ -780,6 +781,9 @@ apr_status_t proc_write_ipc(fcgid_ipc *ipc_handle,
return rv;
}
+ APR_BUCKET_REMOVE(e);
+ APR_BRIGADE_INSERT_TAIL(tmpbb, e);
+
vec[nvec].iov_len = len;
vec[nvec].iov_base = (char*) base;
if (nvec == (FCGID_VEC_COUNT - 1)) {
@@ -789,6 +793,7 @@ apr_status_t proc_write_ipc(fcgid_ipc *ipc_handle,
FCGID_VEC_COUNT)) != APR_SUCCESS)
return rv;
nvec = 0;
+ apr_brigade_cleanup(tmpbb);
}
else
nvec++;
@@ -800,6 +805,7 @@ apr_status_t proc_write_ipc(fcgid_ipc *ipc_handle,
return rv;
}
+ apr_brigade_destroy(tmpbb);
return APR_SUCCESS;
}

21
mod_fcgid.spec
View File

@ -10,9 +10,11 @@ Source3: mod_fcgid-2.1-README.SELinux
Source4: mod_fcgid-tmpfs.conf Source4: mod_fcgid-tmpfs.conf
Source5: fcgid24.conf Source5: fcgid24.conf
Patch0: mod_fcgid-2.3.4-fixconf-shellbang.patch Patch0: mod_fcgid-2.3.4-fixconf-shellbang.patch
Patch1: mod_fcgid-2.3.9-segfault-upload.patch Patch1: mod_fcgid-2.3.9-r1847623.patch
Patch2: mod_fcgid-2.3.9-r1848298.patch Patch2: mod_fcgid-2.3.9-1024-env-vars.patch
Patch3: mod_fcgid-2.3.9-1024-env-vars.patch Patch3: mod_fcgid-2.3.9-r1847624.patch
Patch4: mod_fcgid-2.3.9-r1848298.patch
Patch5: mod_fcgid-2.3.9-r1848311.patch
BuildRequires: coreutils BuildRequires: coreutils
BuildRequires: gcc BuildRequires: gcc
BuildRequires: httpd-devel >= 2.4 BuildRequires: httpd-devel >= 2.4
@ -40,10 +42,11 @@ cp -p %{SOURCE5} fcgid24.conf
%patch0 -p1 %patch0 -p1
%endif %endif
%patch1 -p1 -b .segfault_upload %patch1 -p1 -b .r1847623
%patch2 -p1 -b .r1848298 %patch2 -p1 -b .1024_env_vars
%patch3 -p1 -b .1024_env_vars %patch3 -p1 -b .r1847624
%patch4 -p1 -b .r1848298
%patch5 -p1 -b .r1848311
%build %build
APXS=%{_httpd_apxs} ./configure.apxs APXS=%{_httpd_apxs} ./configure.apxs
make make
@ -76,6 +79,10 @@ install -p -m 644 %{SOURCE4} %{buildroot}%{_tmpfilesdir}/mod_fcgid.conf
%dir %attr(0775,root,apache) /run/mod_fcgid/ %dir %attr(0775,root,apache) /run/mod_fcgid/
%changelog %changelog
* Thu Jul 1 2021 Joe Orton <jorton@redhat.com> - 2.3.9-26
- fix env var truncation to 127 bytes (#1961948)
- suppress symbol exports (#1961947)
* Tue May 18 2021 Lubos Uhliarik <luhliari@redhat.com> - 2.3.9-26 * Tue May 18 2021 Lubos Uhliarik <luhliari@redhat.com> - 2.3.9-26
- Resolves: #1958882 - mod_fcgid does not pass more than 64 variables to an FCGI - Resolves: #1958882 - mod_fcgid does not pass more than 64 variables to an FCGI
server process environment server process environment