Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian....@packages.debian.org
Usertags: pu

Dear Release Managers,

please review apache2 2.4.10-10+deb8u2 for inclusion in jessie.  I have
annotated the changelog a bit:


> apache2 (2.4.10-10+deb8u2) jessie; urgency=medium
> 
>   [ Stefan Fritsch ]
>   * Fix upgrade logic: When upgrading from wheezy with apache2.2-common
>     but without apache2 installed to jessie, part of the conffile handling
>     logic would not run, causing outdated conffile content to be kept.
>     This is part of the solution for bug #794933. The other part will be
>     included in the upgrade to Debian 9 (stretch).

See apache2.preinst

> 
>   * core: Fix -D[efined] or <Define>[d] variables lifetime accross restarts.
>     This could cause all kinds of strange behavior. PR 56008. PR 57328
>   * mpm_event: Fix process deadlock when shutting down a worker. PR 56960
>   * mpm_event: Fix crashes due to various race conditions. Closes: #779078

See debian/patches/* in diff.  These fixes have been in 2.4.10-11 in
testing for several months without any problems. The debian bug number
really applies to both mpm_event fixes.

> 
>   [ Jean-Michel Vourgère ]
>   * apache2.postinst: Fixed tests on deferred mpm switch. Closes: #789914

The patch is not absolutely minimal, but it is identical to the one we
have in unstable/testing.


The debdiff is attached.

Thanks in advance.

Cheers,
Stefan
diff -Nru apache2-2.4.10/debian/apache2.postinst apache2-2.4.10/debian/apache2.postinst
--- apache2-2.4.10/debian/apache2.postinst	2015-08-01 22:27:04.000000000 +0200
+++ apache2-2.4.10/debian/apache2.postinst	2015-08-08 22:04:46.000000000 +0200
@@ -432,21 +432,21 @@
 			esac
 			;;
 		apache2_switch_mpm)
-			local MPM="mpm_$ARG1"
+			local MPM="$ARG1"
 			local CUR_MPM="$(ls /etc/apache2/mods-enabled/mpm_*.load)"
 			CUR_MPM="${CUR_MPM##*/mpm_}"
 			CUR_MPM="${CUR_MPM%.load}"
-			if [ ! -e /etc/apache2/mods-available/$MPM.load ] ; then
-				msg "error" "$MPM not found in 'apache2_switch_mpm $ARG1' for package $PACKAGE"
+			if [ ! -e /etc/apache2/mods-available/mpm_$MPM.load ] ; then
+				msg "error" "mpm $MPM not found in 'apache2_switch_mpm $ARG1' for package $PACKAGE"
 				error=true
-			elif [ ! -e /etc/apache2/mods-enabled/$MPM.load ] ; then
-				msg "info" "$MPM: No action required"
+			elif [ -e /etc/apache2/mods-enabled/mpm_$MPM.load ] ; then
+				msg "info" "Switch to mpm $MPM for package $PACKAGE: No action required"
 			else
-				msg "info" "Switch to $MPM for package $PACKAGE"
+				msg "info" "Switch to mpm $MPM for package $PACKAGE"
 				if ! a2dismod -m -q "mpm_$CUR_MPM" ||
 				   ! a2enmod -m -q "mpm_$MPM"
 				then
-					msg "error" "Switching to $MPM failed"
+					msg "error" "Switching to mpm $MPM failed"
 					error=true
 				fi
 			fi
diff -Nru apache2-2.4.10/debian/apache2.preinst apache2-2.4.10/debian/apache2.preinst
--- apache2-2.4.10/debian/apache2.preinst	2015-08-01 22:27:04.000000000 +0200
+++ apache2-2.4.10/debian/apache2.preinst	2015-08-27 19:50:18.000000000 +0200
@@ -49,8 +49,9 @@
 		fi
 	done
 
-	for CONFFILE in $MOVED_CONFFILES_IN ; do
-		if [ -e "/etc/apache2/conf.d/$CONFFILE" ] ; then
+	for CONFFILE in $MOVED_CONFFILES ; do
+		CONFFILE=$( echo "$CONFFILE" | cut -d: -f1 )
+		if [ -e "$CONFFILE" ] ; then
 			return 0
 		fi
 	done
diff -Nru apache2-2.4.10/debian/changelog apache2-2.4.10/debian/changelog
--- apache2-2.4.10/debian/changelog	2015-08-01 22:42:55.000000000 +0200
+++ apache2-2.4.10/debian/changelog	2015-08-27 19:52:49.000000000 +0200
@@ -1,3 +1,21 @@
+apache2 (2.4.10-10+deb8u2) jessie; urgency=medium
+
+  [ Stefan Fritsch ]
+  * Fix upgrade logic: When upgrading from wheezy with apache2.2-common
+    but without apache2 installed to jessie, part of the conffile handling
+    logic would not run, causing outdated conffile content to be kept.
+    This is part of the solution for bug #794933. The other part will be
+    included in the upgrade to Debian 9 (stretch).
+  * core: Fix -D[efined] or <Define>[d] variables lifetime accross restarts.
+    This could cause all kinds of strange behavior. PR 56008. PR 57328
+  * mpm_event: Fix process deadlock when shutting down a worker. PR 56960
+  * mpm_event: Fix crashes due to various race conditions. Closes: #779078
+
+  [ Jean-Michel Vourgère ]
+  * apache2.postinst: Fixed tests on deferred mpm switch. Closes: #789914
+
+ -- Stefan Fritsch <s...@debian.org>  Thu, 27 Aug 2015 19:52:37 +0200
+
 apache2 (2.4.10-10+deb8u1) jessie-security; urgency=medium
 
   * CVE-2015-3183: Fix chunk header parsing defect.
diff -Nru apache2-2.4.10/debian/patches/define_restarts.diff apache2-2.4.10/debian/patches/define_restarts.diff
--- apache2-2.4.10/debian/patches/define_restarts.diff	1970-01-01 01:00:00.000000000 +0100
+++ apache2-2.4.10/debian/patches/define_restarts.diff	2015-08-08 22:02:05.000000000 +0200
@@ -0,0 +1,24 @@
+# https://svn.apache.org/r1651083
+# https://bz.apache.org/bugzilla/show_bug.cgi?id=57268
+# https://bz.apache.org/bugzilla/show_bug.cgi?id=56008
+#
+#   Merge r1643825 from trunk:
+#   
+#   * core: Fix -D[efined] or <Define>[d] variables lifetime accross restarts.
+#           PR 57328.
+#   
+#   Submitted-by: Armin Abfalterer <a.abfalterer gmail.com>
+#   Reviewed/Committed-by: ylavic
+#   
+#   Submitted by: ylavic
+#   Reviewed/backported by: jim
+--- apache2.orig/server/core.c
++++ apache2/server/core.c
+@@ -1271,6 +1271,7 @@ AP_DECLARE(const char *) ap_resolve_env(
+ static int reset_config_defines(void *dummy)
+ {
+     ap_server_config_defines = saved_server_config_defines;
++    saved_server_config_defines = NULL;
+     server_config_defined_vars = NULL;
+     return OK;
+ }
diff -Nru apache2-2.4.10/debian/patches/mpm_event_crash.diff apache2-2.4.10/debian/patches/mpm_event_crash.diff
--- apache2-2.4.10/debian/patches/mpm_event_crash.diff	1970-01-01 01:00:00.000000000 +0100
+++ apache2-2.4.10/debian/patches/mpm_event_crash.diff	2015-08-08 22:04:16.000000000 +0200
@@ -0,0 +1,138 @@
+# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779078
+#
+# https://bz.apache.org/bugzilla/show_bug.cgi?id=57268
+#
+# https://svn.apache.org/r1642858
+# https://svn.apache.org/r1645936
+# https://svn.apache.org/r1651656
+# https://svn.apache.org/r1664365
+#
+# Fix mpm_event crashes due to various race conditions
+#
+--- apache2.orig/server/mpm/event/event.c
++++ apache2/server/mpm/event/event.c
+@@ -767,7 +767,21 @@ static void set_signals(void)
+ #endif
+ }
+ 
+-static int start_lingering_close_common(event_conn_state_t *cs)
++static void notify_suspend(event_conn_state_t *cs)
++{
++    ap_run_suspend_connection(cs->c, cs->r);
++    cs->suspended = 1;
++    cs->c->sbh = NULL;
++}
++
++static void notify_resume(event_conn_state_t *cs, ap_sb_handle_t *sbh)
++{
++    cs->c->sbh = sbh;
++    cs->suspended = 0;
++    ap_run_resume_connection(cs->c, cs->r);
++}
++
++static int start_lingering_close_common(event_conn_state_t *cs, int in_worker)
+ {
+     apr_status_t rv;
+     struct timeout_queue *q;
+@@ -798,8 +812,13 @@ static int start_lingering_close_common(
+         cs->pub.state = CONN_STATE_LINGER_NORMAL;
+     }
+     apr_atomic_inc32(&lingering_count);
++    if (in_worker) { 
++        notify_suspend(cs);
++    }
++    else {
++        cs->c->sbh = NULL;
++    }
+     apr_thread_mutex_lock(timeout_mutex);
+-    cs->c->sbh = NULL;
+     TO_QUEUE_APPEND(*q, cs);
+     cs->pfd.reqevents = (
+             cs->pub.sense == CONN_SENSE_WANT_WRITE ? APR_POLLOUT :
+@@ -831,10 +850,11 @@ static int start_lingering_close_common(
+ static int start_lingering_close_blocking(event_conn_state_t *cs)
+ {
+     if (ap_start_lingering_close(cs->c)) {
++        notify_suspend(cs);
+         ap_push_pool(worker_queue_info, cs->p);
+         return 0;
+     }
+-    return start_lingering_close_common(cs);
++    return start_lingering_close_common(cs, 1);
+ }
+ 
+ /*
+@@ -858,7 +878,7 @@ static int start_lingering_close_nonbloc
+         ap_push_pool(worker_queue_info, cs->p);
+         return 0;
+     }
+-    return start_lingering_close_common(cs);
++    return start_lingering_close_common(cs, 0);
+ }
+ 
+ /*
+@@ -882,18 +902,6 @@ static int stop_lingering_close(event_co
+     return 0;
+ }
+ 
+-static void notify_suspend(event_conn_state_t *cs)
+-{
+-    ap_run_suspend_connection(cs->c, cs->r);
+-    cs->suspended = 1;
+-}
+-
+-static void notify_resume(event_conn_state_t *cs)
+-{
+-    cs->suspended = 0;
+-    ap_run_resume_connection(cs->c, cs->r);
+-}
+-
+ /*
+  * This runs before any non-MPM cleanup code on the connection;
+  * if the connection is currently suspended as far as modules
+@@ -904,7 +912,7 @@ static apr_status_t ptrans_pre_cleanup(v
+     event_conn_state_t *cs = dummy;
+ 
+     if (cs->suspended) {
+-        notify_resume(cs);
++        notify_resume(cs, NULL);
+     }
+     return APR_SUCCESS;
+ }
+@@ -1003,9 +1011,10 @@ static void process_socket(apr_thread_t
+     }
+     else {
+         c = cs->c;
+-        c->sbh = sbh;
+-        notify_resume(cs);
++        notify_resume(cs, sbh);
+         c->current_thread = thd;
++        /* Subsequent request on a conn, and thread number is part of ID */
++        c->id = conn_id;
+     }
+ 
+     if (c->clogging_input_filters && !c->aborted) {
+@@ -1083,7 +1092,6 @@ read_request:
+ 
+     if (cs->pub.state == CONN_STATE_LINGER) {
+         start_lingering_close_blocking(cs);
+-        notify_suspend(cs);
+     }
+     else if (cs->pub.state == CONN_STATE_CHECK_REQUEST_LINE_READABLE) {
+         /* It greatly simplifies the logic to use a single timeout value here
+@@ -1096,7 +1104,6 @@ read_request:
+          */
+         cs->expiration_time = ap_server_conf->keep_alive_timeout +
+                               apr_time_now();
+-        c->sbh = NULL;
+         notify_suspend(cs);
+         apr_thread_mutex_lock(timeout_mutex);
+         TO_QUEUE_APPEND(keepalive_q, cs);
+@@ -1114,7 +1121,6 @@ read_request:
+     }
+     else if (cs->pub.state == CONN_STATE_SUSPENDED) {
+         apr_atomic_inc32(&suspended_count);
+-        c->sbh = NULL;
+         notify_suspend(cs);
+     }
+ }
diff -Nru apache2-2.4.10/debian/patches/mpm_event_graceful_restart_deadlock.diff apache2-2.4.10/debian/patches/mpm_event_graceful_restart_deadlock.diff
--- apache2-2.4.10/debian/patches/mpm_event_graceful_restart_deadlock.diff	1970-01-01 01:00:00.000000000 +0100
+++ apache2-2.4.10/debian/patches/mpm_event_graceful_restart_deadlock.diff	2015-08-08 22:04:04.000000000 +0200
@@ -0,0 +1,38 @@
+# https://svn.apache.org/r1634526
+# https://bz.apache.org/bugzilla/show_bug.cgi?id=56960
+# 
+# Author: Jim Jagielski <j...@apache.org>
+# Date:   Mon Oct 27 12:46:45 2014 +0000
+# 
+#     Merge r1629577 from trunk:
+#     
+#     event: Fix worker-listener deadlock in graceful restart caused by get_worker()
+#     allocating new worker after ap_queue_info_term(), but not setting the
+#     have_idle_worker variable. PR 56960.
+#     
+#     Submitted By: Zin UDA
+#     Committed By: jkaluza
+#     
+#     Submitted by: jkaluza
+#     Reviewed/backported by: jim
+#     
+#     git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1634526 13f79535-47bb-0310-9956-ffa450edef68
+# 
+--- apache2.orig/server/mpm/event/event.c
++++ apache2/server/mpm/event/event.c
+@@ -1264,13 +1264,13 @@ static void get_worker(int *have_idle_wo
+     else
+         rc = ap_queue_info_try_get_idler(worker_queue_info);
+ 
+-    if (rc == APR_SUCCESS) {
++    if (rc == APR_SUCCESS || APR_STATUS_IS_EOF(rc)) {
+         *have_idle_worker_p = 1;
+     }
+     else if (!blocking && rc == APR_EAGAIN) {
+         *all_busy = 1;
+     }
+-    else if (!APR_STATUS_IS_EOF(rc)) {
++    else {
+         ap_log_error(APLOG_MARK, APLOG_ERR, rc, ap_server_conf, APLOGNO(00472)
+                      "ap_queue_info_wait_for_idler failed.  "
+                      "Attempting to shutdown process gracefully");
diff -Nru apache2-2.4.10/debian/patches/series apache2-2.4.10/debian/patches/series
--- apache2-2.4.10/debian/patches/series	2015-08-01 22:27:04.000000000 +0200
+++ apache2-2.4.10/debian/patches/series	2015-08-08 22:04:16.000000000 +0200
@@ -14,3 +14,6 @@
 CVE-2015-0228_mod_lua.diff
 CVE-2015-3183-chunk-header-parsing.diff
 CVE-2015-3185-ap_some_auth_required.diff
+define_restarts.diff
+mpm_event_graceful_restart_deadlock.diff
+mpm_event_crash.diff

Reply via email to