import mod_wsgi-4.6.8-4.module+el8.7.0+16653+23ccaf52

2023-03-28 12:02:50 +00:00 · 2023-03-28 12:02:50 +00:00 · f1bfef209b
commit f1bfef209b
parent bccaebd174
2 changed files with 52 additions and 1 deletions
--- a/SOURCES/mod_wsgi-4.9.1-request-limit.patch
+++ b/SOURCES/mod_wsgi-4.9.1-request-limit.patch
@ -0,0 +1,46 @@
+diff --git a/src/server/mod_wsgi.c b/src/server/mod_wsgi.c
+index 59aad90..ef5f5af 100644
+--- a/src/server/mod_wsgi.c
+++ b/src/server/mod_wsgi.c
+@@ -12586,6 +12586,9 @@ static apr_status_t wsgi_header_filter(ap_filter_t *f, apr_bucket_brigade *b)
+ 
+     /* Output status line. */
+ 
+    if (!r->status_line)
+        r->status_line = ap_get_status_line(r->status);
+
+     vec1[0].iov_base = (void *)"Status:";
+     vec1[0].iov_len  = strlen("Status:");
+     vec1[1].iov_base = (void *)" ";
+@@ -12699,6 +12702,7 @@ static int wsgi_hook_daemon_handler(conn_rec *c)
+     apr_bucket_brigade *bb;
+ 
+     core_request_config *req_cfg;
+    core_dir_config *d;
+ 
+     ap_filter_t *current = NULL;
+     ap_filter_t *next = NULL;
+@@ -12890,6 +12894,23 @@ static int wsgi_hook_daemon_handler(conn_rec *c)
+ 
+     r->per_dir_config  = r->server->lookup_defaults;
+ 
+    /*
+     * Try and ensure that request body limit in daemon mode process
+     * is unlimited as Apache 2.4.54 changed rules for limit and if
+     * unset is now overridden by HTTP filters to be 1GiB rather than
+     * unlimited. This is required since we populate configuration
+     * from the base server config only so setting unlimited in a more
+     * specific context such as a virtual host wouldn't be visible.
+     * Note that setting this to unlimited in the daemon mode process
+     * is okay as the request limit body is checked in the Apache
+     * child process before request is proxied specifically to avoid
+     * unecessarily passing the content across to the daemon process.
+     */
+
+    d = (core_dir_config *)ap_get_core_module_config(r->per_dir_config);
+
+    d->limit_req_body = 0;
+
+     r->sent_bodyct = 0;
+ 
+     r->read_length = 0;
--- a/SPECS/mod_wsgi.spec
+++ b/SPECS/mod_wsgi.spec
@ -23,7 +23,7 @@

 Name:           mod_wsgi
 Version:        4.6.8
-Release:        3%{?dist}
+Release:        4%{?dist}
 Summary:        A WSGI interface for Python web applications in Apache
 License:        ASL 2.0
 URL:            https://modwsgi.readthedocs.io/
@ -31,6 +31,7 @@ Source0:        https://github.com/GrahamDumpleton/mod_wsgi/archive/%{version}.t
 Source1:        wsgi.conf
 Source2:        wsgi-python3.conf
 Patch1:         mod_wsgi-4.5.20-exports.patch
+Patch2:         mod_wsgi-4.9.1-request-limit.patch

 # Exclude i686 arch. Due to a modularity issue it's being added to the
 # x86_64 compose of CRB, but we don't want to ship it at all.
@ -181,6 +182,10 @@ ln -s %{_bindir}/mod_wsgi-express-2 $RPM_BUILD_ROOT%{_bindir}/mod_wsgi-express
 %endif

 %changelog
+* Thu Sep 08 2022 Lumír Balhar <lbalhar@redhat.com> - 4.6.8-4
+- Core dumped upon file upload >= 1GB
+Resolves: rhbz#2125171
+
 * Wed Dec 11 2019 Tomas Orsava <torsava@redhat.com> - 4.6.8-3
 - Exclude unsupported i686 arch (rhbz#1779142)