Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian....@packages.debian.org
Usertags: pu
Dear Release Managers,
please review apache2 2.4.10-10+deb8u2 for inclusion in jessie. I have
annotated the changelog a bit:
> apache2 (2.4.10-10+deb8u2) jessie; urgency=medium
>
> [ Stefan Fritsch ]
> * Fix upgrade logic: When upgrading from wheezy with apache2.2-common
> but without apache2 installed to jessie, part of the conffile handling
> logic would not run, causing outdated conffile content to be kept.
> This is part of the solution for bug #794933. The other part will be
> included in the upgrade to Debian 9 (stretch).
See apache2.preinst
>
> * core: Fix -D[efined] or <Define>[d] variables lifetime accross restarts.
> This could cause all kinds of strange behavior. PR 56008. PR 57328
> * mpm_event: Fix process deadlock when shutting down a worker. PR 56960
> * mpm_event: Fix crashes due to various race conditions. Closes: #779078
See debian/patches/* in diff. These fixes have been in 2.4.10-11 in
testing for several months without any problems. The debian bug number
really applies to both mpm_event fixes.
>
> [ Jean-Michel Vourgère ]
> * apache2.postinst: Fixed tests on deferred mpm switch. Closes: #789914
The patch is not absolutely minimal, but it is identical to the one we
have in unstable/testing.
The debdiff is attached.
Thanks in advance.
Cheers,
Stefan
diff -Nru apache2-2.4.10/debian/apache2.postinst apache2-2.4.10/debian/apache2.postinst
--- apache2-2.4.10/debian/apache2.postinst 2015-08-01 22:27:04.000000000 +0200
+++ apache2-2.4.10/debian/apache2.postinst 2015-08-08 22:04:46.000000000 +0200
@@ -432,21 +432,21 @@
esac
;;
apache2_switch_mpm)
- local MPM="mpm_$ARG1"
+ local MPM="$ARG1"
local CUR_MPM="$(ls /etc/apache2/mods-enabled/mpm_*.load)"
CUR_MPM="${CUR_MPM##*/mpm_}"
CUR_MPM="${CUR_MPM%.load}"
- if [ ! -e /etc/apache2/mods-available/$MPM.load ] ; then
- msg "error" "$MPM not found in 'apache2_switch_mpm $ARG1' for package $PACKAGE"
+ if [ ! -e /etc/apache2/mods-available/mpm_$MPM.load ] ; then
+ msg "error" "mpm $MPM not found in 'apache2_switch_mpm $ARG1' for package $PACKAGE"
error=true
- elif [ ! -e /etc/apache2/mods-enabled/$MPM.load ] ; then
- msg "info" "$MPM: No action required"
+ elif [ -e /etc/apache2/mods-enabled/mpm_$MPM.load ] ; then
+ msg "info" "Switch to mpm $MPM for package $PACKAGE: No action required"
else
- msg "info" "Switch to $MPM for package $PACKAGE"
+ msg "info" "Switch to mpm $MPM for package $PACKAGE"
if ! a2dismod -m -q "mpm_$CUR_MPM" ||
! a2enmod -m -q "mpm_$MPM"
then
- msg "error" "Switching to $MPM failed"
+ msg "error" "Switching to mpm $MPM failed"
error=true
fi
fi
diff -Nru apache2-2.4.10/debian/apache2.preinst apache2-2.4.10/debian/apache2.preinst
--- apache2-2.4.10/debian/apache2.preinst 2015-08-01 22:27:04.000000000 +0200
+++ apache2-2.4.10/debian/apache2.preinst 2015-08-27 19:50:18.000000000 +0200
@@ -49,8 +49,9 @@
fi
done
- for CONFFILE in $MOVED_CONFFILES_IN ; do
- if [ -e "/etc/apache2/conf.d/$CONFFILE" ] ; then
+ for CONFFILE in $MOVED_CONFFILES ; do
+ CONFFILE=$( echo "$CONFFILE" | cut -d: -f1 )
+ if [ -e "$CONFFILE" ] ; then
return 0
fi
done
diff -Nru apache2-2.4.10/debian/changelog apache2-2.4.10/debian/changelog
--- apache2-2.4.10/debian/changelog 2015-08-01 22:42:55.000000000 +0200
+++ apache2-2.4.10/debian/changelog 2015-08-27 19:52:49.000000000 +0200
@@ -1,3 +1,21 @@
+apache2 (2.4.10-10+deb8u2) jessie; urgency=medium
+
+ [ Stefan Fritsch ]
+ * Fix upgrade logic: When upgrading from wheezy with apache2.2-common
+ but without apache2 installed to jessie, part of the conffile handling
+ logic would not run, causing outdated conffile content to be kept.
+ This is part of the solution for bug #794933. The other part will be
+ included in the upgrade to Debian 9 (stretch).
+ * core: Fix -D[efined] or <Define>[d] variables lifetime accross restarts.
+ This could cause all kinds of strange behavior. PR 56008. PR 57328
+ * mpm_event: Fix process deadlock when shutting down a worker. PR 56960
+ * mpm_event: Fix crashes due to various race conditions. Closes: #779078
+
+ [ Jean-Michel Vourgère ]
+ * apache2.postinst: Fixed tests on deferred mpm switch. Closes: #789914
+
+ -- Stefan Fritsch <s...@debian.org> Thu, 27 Aug 2015 19:52:37 +0200
+
apache2 (2.4.10-10+deb8u1) jessie-security; urgency=medium
* CVE-2015-3183: Fix chunk header parsing defect.
diff -Nru apache2-2.4.10/debian/patches/define_restarts.diff apache2-2.4.10/debian/patches/define_restarts.diff
--- apache2-2.4.10/debian/patches/define_restarts.diff 1970-01-01 01:00:00.000000000 +0100
+++ apache2-2.4.10/debian/patches/define_restarts.diff 2015-08-08 22:02:05.000000000 +0200
@@ -0,0 +1,24 @@
+# https://svn.apache.org/r1651083
+# https://bz.apache.org/bugzilla/show_bug.cgi?id=57268
+# https://bz.apache.org/bugzilla/show_bug.cgi?id=56008
+#
+# Merge r1643825 from trunk:
+#
+# * core: Fix -D[efined] or <Define>[d] variables lifetime accross restarts.
+# PR 57328.
+#
+# Submitted-by: Armin Abfalterer <a.abfalterer gmail.com>
+# Reviewed/Committed-by: ylavic
+#
+# Submitted by: ylavic
+# Reviewed/backported by: jim
+--- apache2.orig/server/core.c
++++ apache2/server/core.c
+@@ -1271,6 +1271,7 @@ AP_DECLARE(const char *) ap_resolve_env(
+ static int reset_config_defines(void *dummy)
+ {
+ ap_server_config_defines = saved_server_config_defines;
++ saved_server_config_defines = NULL;
+ server_config_defined_vars = NULL;
+ return OK;
+ }
diff -Nru apache2-2.4.10/debian/patches/mpm_event_crash.diff apache2-2.4.10/debian/patches/mpm_event_crash.diff
--- apache2-2.4.10/debian/patches/mpm_event_crash.diff 1970-01-01 01:00:00.000000000 +0100
+++ apache2-2.4.10/debian/patches/mpm_event_crash.diff 2015-08-08 22:04:16.000000000 +0200
@@ -0,0 +1,138 @@
+# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779078
+#
+# https://bz.apache.org/bugzilla/show_bug.cgi?id=57268
+#
+# https://svn.apache.org/r1642858
+# https://svn.apache.org/r1645936
+# https://svn.apache.org/r1651656
+# https://svn.apache.org/r1664365
+#
+# Fix mpm_event crashes due to various race conditions
+#
+--- apache2.orig/server/mpm/event/event.c
++++ apache2/server/mpm/event/event.c
+@@ -767,7 +767,21 @@ static void set_signals(void)
+ #endif
+ }
+
+-static int start_lingering_close_common(event_conn_state_t *cs)
++static void notify_suspend(event_conn_state_t *cs)
++{
++ ap_run_suspend_connection(cs->c, cs->r);
++ cs->suspended = 1;
++ cs->c->sbh = NULL;
++}
++
++static void notify_resume(event_conn_state_t *cs, ap_sb_handle_t *sbh)
++{
++ cs->c->sbh = sbh;
++ cs->suspended = 0;
++ ap_run_resume_connection(cs->c, cs->r);
++}
++
++static int start_lingering_close_common(event_conn_state_t *cs, int in_worker)
+ {
+ apr_status_t rv;
+ struct timeout_queue *q;
+@@ -798,8 +812,13 @@ static int start_lingering_close_common(
+ cs->pub.state = CONN_STATE_LINGER_NORMAL;
+ }
+ apr_atomic_inc32(&lingering_count);
++ if (in_worker) {
++ notify_suspend(cs);
++ }
++ else {
++ cs->c->sbh = NULL;
++ }
+ apr_thread_mutex_lock(timeout_mutex);
+- cs->c->sbh = NULL;
+ TO_QUEUE_APPEND(*q, cs);
+ cs->pfd.reqevents = (
+ cs->pub.sense == CONN_SENSE_WANT_WRITE ? APR_POLLOUT :
+@@ -831,10 +850,11 @@ static int start_lingering_close_common(
+ static int start_lingering_close_blocking(event_conn_state_t *cs)
+ {
+ if (ap_start_lingering_close(cs->c)) {
++ notify_suspend(cs);
+ ap_push_pool(worker_queue_info, cs->p);
+ return 0;
+ }
+- return start_lingering_close_common(cs);
++ return start_lingering_close_common(cs, 1);
+ }
+
+ /*
+@@ -858,7 +878,7 @@ static int start_lingering_close_nonbloc
+ ap_push_pool(worker_queue_info, cs->p);
+ return 0;
+ }
+- return start_lingering_close_common(cs);
++ return start_lingering_close_common(cs, 0);
+ }
+
+ /*
+@@ -882,18 +902,6 @@ static int stop_lingering_close(event_co
+ return 0;
+ }
+
+-static void notify_suspend(event_conn_state_t *cs)
+-{
+- ap_run_suspend_connection(cs->c, cs->r);
+- cs->suspended = 1;
+-}
+-
+-static void notify_resume(event_conn_state_t *cs)
+-{
+- cs->suspended = 0;
+- ap_run_resume_connection(cs->c, cs->r);
+-}
+-
+ /*
+ * This runs before any non-MPM cleanup code on the connection;
+ * if the connection is currently suspended as far as modules
+@@ -904,7 +912,7 @@ static apr_status_t ptrans_pre_cleanup(v
+ event_conn_state_t *cs = dummy;
+
+ if (cs->suspended) {
+- notify_resume(cs);
++ notify_resume(cs, NULL);
+ }
+ return APR_SUCCESS;
+ }
+@@ -1003,9 +1011,10 @@ static void process_socket(apr_thread_t
+ }
+ else {
+ c = cs->c;
+- c->sbh = sbh;
+- notify_resume(cs);
++ notify_resume(cs, sbh);
+ c->current_thread = thd;
++ /* Subsequent request on a conn, and thread number is part of ID */
++ c->id = conn_id;
+ }
+
+ if (c->clogging_input_filters && !c->aborted) {
+@@ -1083,7 +1092,6 @@ read_request:
+
+ if (cs->pub.state == CONN_STATE_LINGER) {
+ start_lingering_close_blocking(cs);
+- notify_suspend(cs);
+ }
+ else if (cs->pub.state == CONN_STATE_CHECK_REQUEST_LINE_READABLE) {
+ /* It greatly simplifies the logic to use a single timeout value here
+@@ -1096,7 +1104,6 @@ read_request:
+ */
+ cs->expiration_time = ap_server_conf->keep_alive_timeout +
+ apr_time_now();
+- c->sbh = NULL;
+ notify_suspend(cs);
+ apr_thread_mutex_lock(timeout_mutex);
+ TO_QUEUE_APPEND(keepalive_q, cs);
+@@ -1114,7 +1121,6 @@ read_request:
+ }
+ else if (cs->pub.state == CONN_STATE_SUSPENDED) {
+ apr_atomic_inc32(&suspended_count);
+- c->sbh = NULL;
+ notify_suspend(cs);
+ }
+ }
diff -Nru apache2-2.4.10/debian/patches/mpm_event_graceful_restart_deadlock.diff apache2-2.4.10/debian/patches/mpm_event_graceful_restart_deadlock.diff
--- apache2-2.4.10/debian/patches/mpm_event_graceful_restart_deadlock.diff 1970-01-01 01:00:00.000000000 +0100
+++ apache2-2.4.10/debian/patches/mpm_event_graceful_restart_deadlock.diff 2015-08-08 22:04:04.000000000 +0200
@@ -0,0 +1,38 @@
+# https://svn.apache.org/r1634526
+# https://bz.apache.org/bugzilla/show_bug.cgi?id=56960
+#
+# Author: Jim Jagielski <j...@apache.org>
+# Date: Mon Oct 27 12:46:45 2014 +0000
+#
+# Merge r1629577 from trunk:
+#
+# event: Fix worker-listener deadlock in graceful restart caused by get_worker()
+# allocating new worker after ap_queue_info_term(), but not setting the
+# have_idle_worker variable. PR 56960.
+#
+# Submitted By: Zin UDA
+# Committed By: jkaluza
+#
+# Submitted by: jkaluza
+# Reviewed/backported by: jim
+#
+# git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1634526 13f79535-47bb-0310-9956-ffa450edef68
+#
+--- apache2.orig/server/mpm/event/event.c
++++ apache2/server/mpm/event/event.c
+@@ -1264,13 +1264,13 @@ static void get_worker(int *have_idle_wo
+ else
+ rc = ap_queue_info_try_get_idler(worker_queue_info);
+
+- if (rc == APR_SUCCESS) {
++ if (rc == APR_SUCCESS || APR_STATUS_IS_EOF(rc)) {
+ *have_idle_worker_p = 1;
+ }
+ else if (!blocking && rc == APR_EAGAIN) {
+ *all_busy = 1;
+ }
+- else if (!APR_STATUS_IS_EOF(rc)) {
++ else {
+ ap_log_error(APLOG_MARK, APLOG_ERR, rc, ap_server_conf, APLOGNO(00472)
+ "ap_queue_info_wait_for_idler failed. "
+ "Attempting to shutdown process gracefully");
diff -Nru apache2-2.4.10/debian/patches/series apache2-2.4.10/debian/patches/series
--- apache2-2.4.10/debian/patches/series 2015-08-01 22:27:04.000000000 +0200
+++ apache2-2.4.10/debian/patches/series 2015-08-08 22:04:16.000000000 +0200
@@ -14,3 +14,6 @@
CVE-2015-0228_mod_lua.diff
CVE-2015-3183-chunk-header-parsing.diff
CVE-2015-3185-ap_some_auth_required.diff
+define_restarts.diff
+mpm_event_graceful_restart_deadlock.diff
+mpm_event_crash.diff
