diff --git a/SOURCES/mod_wsgi-3.4-deadlock.patch b/SOURCES/mod_wsgi-3.4-deadlock.patch new file mode 100644 index 0000000..8754fc1 --- /dev/null +++ b/SOURCES/mod_wsgi-3.4-deadlock.patch @@ -0,0 +1,18 @@ + +https://github.com/GrahamDumpleton/mod_wsgi/commit/f8b43b2b79fabdcead4410f1a10484a10608ba6a + +--- mod_wsgi-3.4/mod_wsgi.c.deadlock ++++ mod_wsgi-3.4/mod_wsgi.c +@@ -11113,8 +11113,10 @@ + while (1) { + apr_sleep(apr_time_from_sec(1)); + +- gilstate = PyGILState_Ensure(); +- PyGILState_Release(gilstate); ++ if (!wsgi_daemon_shutdown) { ++ gilstate = PyGILState_Ensure(); ++ PyGILState_Release(gilstate); ++ } + + apr_thread_mutex_lock(wsgi_shutdown_lock); + wsgi_deadlock_shutdown_time = apr_time_now(); diff --git a/SOURCES/mod_wsgi-3.4-head-to-get.patch b/SOURCES/mod_wsgi-3.4-head-to-get.patch new file mode 100644 index 0000000..4d2d425 --- /dev/null +++ b/SOURCES/mod_wsgi-3.4-head-to-get.patch @@ -0,0 +1,149 @@ +diff --git a/mod_wsgi.c b/mod_wsgi.c +index c65344e..b32fc5c 100644 +--- a/mod_wsgi.c ++++ b/mod_wsgi.c +@@ -500,6 +500,7 @@ typedef struct { + int script_reloading; + int error_override; + int chunked_request; ++ int map_head_to_get; + + int enable_sendfile; + +@@ -669,6 +670,11 @@ static void *wsgi_merge_server_config(apr_pool_t *p, void *base_conf, + else + config->chunked_request = parent->chunked_request; + ++ if (child->map_head_to_get != -1) ++ config->map_head_to_get = child->map_head_to_get; ++ else ++ config->map_head_to_get = parent->map_head_to_get; ++ + if (child->enable_sendfile != -1) + config->enable_sendfile = child->enable_sendfile; + else +@@ -704,6 +710,7 @@ typedef struct { + int script_reloading; + int error_override; + int chunked_request; ++ int map_head_to_get; + + int enable_sendfile; + +@@ -737,6 +744,7 @@ static WSGIDirectoryConfig *newWSGIDirectoryConfig(apr_pool_t *p) + object->script_reloading = -1; + object->error_override = -1; + object->chunked_request = -1; ++ object->map_head_to_get = -1; + + object->enable_sendfile = -1; + +@@ -820,6 +828,11 @@ static void *wsgi_merge_dir_config(apr_pool_t *p, void *base_conf, + else + config->chunked_request = parent->chunked_request; + ++ if (child->map_head_to_get != -1) ++ config->map_head_to_get = child->map_head_to_get; ++ else ++ config->map_head_to_get = parent->map_head_to_get; ++ + if (child->enable_sendfile != -1) + config->enable_sendfile = child->enable_sendfile; + else +@@ -880,6 +893,7 @@ typedef struct { + int script_reloading; + int error_override; + int chunked_request; ++ int map_head_to_get; + + int enable_sendfile; + +@@ -1229,6 +1243,14 @@ static WSGIRequestConfig *wsgi_create_req_config(apr_pool_t *p, request_rec *r) + config->chunked_request = 0; + } + ++ config->map_head_to_get = dconfig->map_head_to_get; ++ ++ if (config->map_head_to_get < 0) { ++ config->map_head_to_get = sconfig->map_head_to_get; ++ if (config->map_head_to_get < 0) ++ config->map_head_to_get = 2; ++ } ++ + config->enable_sendfile = dconfig->enable_sendfile; + + if (config->enable_sendfile < 0) { +@@ -7993,6 +8015,40 @@ static const char *wsgi_set_chunked_request(cmd_parms *cmd, void *mconfig, + return NULL; + } + ++static const char *wsgi_set_map_head_to_get(cmd_parms *cmd, void *mconfig, ++ const char *f) ++{ ++ if (cmd->path) { ++ WSGIDirectoryConfig *dconfig = NULL; ++ dconfig = (WSGIDirectoryConfig *)mconfig; ++ ++ if (strcasecmp(f, "Off") == 0) ++ dconfig->map_head_to_get = 0; ++ else if (strcasecmp(f, "On") == 0) ++ dconfig->map_head_to_get = 1; ++ else if (strcasecmp(f, "Auto") == 0) ++ dconfig->map_head_to_get = 2; ++ else ++ return "WSGIMapHEADToGET must be one of: Off | On | Auto"; ++ } ++ else { ++ WSGIServerConfig *sconfig = NULL; ++ sconfig = ap_get_module_config(cmd->server->module_config, ++ &wsgi_module); ++ ++ if (strcasecmp(f, "Off") == 0) ++ sconfig->map_head_to_get = 0; ++ else if (strcasecmp(f, "On") == 0) ++ sconfig->map_head_to_get = 1; ++ else if (strcasecmp(f, "Auto") == 0) ++ sconfig->map_head_to_get = 2; ++ else ++ return "WSGIMapHEADToGET must be one of: Off | On | Auto"; ++ } ++ ++ return NULL; ++} ++ + static const char *wsgi_set_enable_sendfile(cmd_parms *cmd, void *mconfig, + const char *f) + { +@@ -8463,14 +8519,15 @@ static void wsgi_build_environment(request_rec *r) + * might change the content and/or headers. + */ + +-#if AP_SERVER_MAJORVERSION_NUMBER >= 2 +- if (r->method_number == M_GET && r->header_only && +- r->output_filters->frec->ftype < AP_FTYPE_PROTOCOL) +- apr_table_setn(r->subprocess_env, "REQUEST_METHOD", "GET"); +-#else +- if (r->method_number == M_GET && r->header_only) +- apr_table_setn(r->subprocess_env, "REQUEST_METHOD", "GET"); +-#endif ++ if (config->map_head_to_get == 2) { ++ if (r->method_number == M_GET && r->header_only && ++ r->output_filters->frec->ftype < AP_FTYPE_PROTOCOL) ++ apr_table_setn(r->subprocess_env, "REQUEST_METHOD", "GET"); ++ } ++ else if (config->map_head_to_get == 1) { ++ if (r->method_number == M_GET) ++ apr_table_setn(r->subprocess_env, "REQUEST_METHOD", "GET"); ++ } + + /* Determine whether connection uses HTTPS protocol. */ + +@@ -15856,6 +15913,8 @@ static const command_rec wsgi_commands[] = + NULL, OR_FILEINFO, "Enable/Disable overriding of error pages."), + AP_INIT_TAKE1("WSGIChunkedRequest", wsgi_set_chunked_request, + NULL, OR_FILEINFO, "Enable/Disable support for chunked requests."), ++ AP_INIT_TAKE1("WSGIMapHEADToGET", wsgi_set_map_head_to_get, ++ NULL, OR_FILEINFO, "Enable/Disable mapping of HEAD to GET."), + + #ifndef WIN32 + #if AP_SERVER_MAJORVERSION_NUMBER >= 2 diff --git a/SPECS/mod_wsgi.spec b/SPECS/mod_wsgi.spec index ede9409..2f38e31 100644 --- a/SPECS/mod_wsgi.spec +++ b/SPECS/mod_wsgi.spec @@ -7,7 +7,7 @@ Name: mod_wsgi Version: 3.4 -Release: 12%{?dist} +Release: 13%{?dist}.1 Summary: A WSGI interface for Python web applications in Apache Group: System Environment/Libraries License: ASL 2.0 @@ -18,6 +18,8 @@ Patch0: mod_wsgi-3.4-connsbh.patch Patch1: mod_wsgi-3.4-procexit.patch Patch2: mod_wsgi-3.4-coredump.patch Patch3: mod_wsgi-3.4-CVE-2014-0240.patch +Patch4: mod_wsgi-3.4-deadlock.patch +Patch5: mod_wsgi-3.4-head-to-get.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: httpd-devel, python-devel, autoconf Requires: httpd-mmn = %{_httpd_mmn} @@ -40,6 +42,8 @@ existing WSGI adapters for mod_python or CGI. %patch1 -p1 -b .procexit %patch2 -p1 -b .coredump %patch3 -p1 -b .cve20140240 +%patch4 -p1 -b .deadlock +%patch5 -p1 -b .headtoget %build # Regenerate configure for -coredump patch change to configure.in @@ -74,6 +78,12 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Thu Aug 30 2018 Luboš Uhliarik - 3.4-13.1 +- mod_wsgi forces HEAD to GET (#1623666) + +* Thu Dec 14 2017 Joe Orton - 3.4-13 +- reduce chance of deadlock at process shutdown (#1493429) + * Tue Aug 19 2014 Jan Kaluza - 3.4-12 - fix possible privilege escalation in setuid() (CVE-2014-0240)