Package: release.debian.org Severity: normal Tags: trixie X-Debbugs-Cc: [email protected] Control: affects -1 + src:apache2 User: [email protected] Usertags: pu
[ Reason ] - regression due to http2 [ Impact ] - low patch from upstream [ Tests ] Automatic + user test for regression [ Risks ] Low [ Checklist ] [X] *all* changes are documented in the d/changelog [X] I reviewed all changes and I approve them [X] attach debdiff against the package in (old)stable [X] the issue is verified as fixed in unstable [ Changes ] Patch from upstream [ Other info ] debdiff: diff -Nru apache2-2.4.66/debian/changelog apache2-2.4.66/debian/changelog --- apache2-2.4.66/debian/changelog 2025-12-05 18:52:34.000000000 +0000 +++ apache2-2.4.66/debian/changelog 2026-01-22 22:03:37.000000000 +0000 @@ -1,3 +1,10 @@ +apache2 (2.4.66-1~deb13u2) trixie; urgency=medium + + * Team upload + * Fix a regression on http2 (Closes: #1125713, #1125368) + + -- Bastien Roucariès <[email protected]> Thu, 22 Jan 2026 23:03:37 +0100 + apache2 (2.4.66-1~deb13u1) trixie; urgency=medium * Team upload diff -Nru apache2-2.4.66/debian/patches/bug1125368.patch apache2-2.4.66/debian/patches/bug1125368.patch --- apache2-2.4.66/debian/patches/bug1125368.patch 1970-01-01 00:00:00.000000000 +0000 +++ apache2-2.4.66/debian/patches/bug1125368.patch 2026-01-22 22:03:37.000000000 +0000 @@ -0,0 +1,102 @@ +From: Stefan Eissing <[email protected]> +Date: Thu, 11 Dec 2025 08:45:15 +0000 +Subject: *) mod_http2: update to version 2.0.37 Prevent double purge of a + stream, resulting in a double free. Fixes PR 69899. + +git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1930444 13f79535-47bb-0310-9956-ffa450edef68 + +origin: https://github.com/apache/httpd/commit/542e0da07048d3934ef18c22b44cf8d62e64067f +bug-debian: https://bugs.debian.org/1125368 +bug: https://bz.apache.org/bugzilla/show_bug.cgi?id=69899 +--- + changes-entries/h2_v2.0.37.txt | 4 ++++ + modules/http2/h2_mplx.c | 23 ++++++++++++++++++----- + modules/http2/h2_version.h | 4 ++-- + 3 files changed, 24 insertions(+), 7 deletions(-) + create mode 100644 changes-entries/h2_v2.0.37.txt + +diff --git a/changes-entries/h2_v2.0.37.txt b/changes-entries/h2_v2.0.37.txt +new file mode 100644 +index 0000000..8f22cde +--- /dev/null ++++ b/changes-entries/h2_v2.0.37.txt +@@ -0,0 +1,4 @@ ++ *) mod_http2: update to version 2.0.37 ++ Prevent double purge of a stream, resulting in a double free. ++ Fixes PR 69899. ++ [Stefan Eissing] +diff --git a/modules/http2/h2_mplx.c b/modules/http2/h2_mplx.c +index f9616ab..75518f4 100644 +--- a/modules/http2/h2_mplx.c ++++ b/modules/http2/h2_mplx.c +@@ -126,12 +126,24 @@ int h2_mplx_c1_stream_is_running(h2_mplx *m, h2_stream *stream) + return rv; + } + ++static int add_for_purge(h2_mplx *m, h2_stream *stream) ++{ ++ int i; ++ for (i = 0; i < m->spurge->nelts; ++i) { ++ h2_stream *s = APR_ARRAY_IDX(m->spurge, i, h2_stream*); ++ if (s == stream) /* already scheduled for purging */ ++ return FALSE; ++ } ++ APR_ARRAY_PUSH(m->spurge, h2_stream *) = stream; ++ return TRUE; ++} ++ + static void c1c2_stream_joined(h2_mplx *m, h2_stream *stream) + { + ap_assert(!stream_is_running(stream)); + + h2_ihash_remove(m->shold, stream->id); +- APR_ARRAY_PUSH(m->spurge, h2_stream *) = stream; ++ add_for_purge(m, stream); + } + + static void m_stream_cleanup(h2_mplx *m, h2_stream *stream) +@@ -164,7 +176,7 @@ static void m_stream_cleanup(h2_mplx *m, h2_stream *stream) + ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, m->c1, + H2_STRM_MSG(stream, "cleanup, c2 is done, move to spurge")); + /* processing has finished */ +- APR_ARRAY_PUSH(m->spurge, h2_stream *) = stream; ++ add_for_purge(m, stream); + } + else { + ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, m->c1, +@@ -178,9 +190,10 @@ static void m_stream_cleanup(h2_mplx *m, h2_stream *stream) + } + else { + /* never started */ +- ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, m->c1, +- H2_STRM_MSG(stream, "cleanup, never started, move to spurge")); +- APR_ARRAY_PUSH(m->spurge, h2_stream *) = stream; ++ int added = add_for_purge(m, stream); ++ if (added) ++ ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, m->c1, ++ H2_STRM_MSG(stream, "cleanup, never started, move to spurge")); + } + } + +diff --git a/modules/http2/h2_version.h b/modules/http2/h2_version.h +index 8d38c34..8bcaf69 100644 +--- a/modules/http2/h2_version.h ++++ b/modules/http2/h2_version.h +@@ -27,7 +27,7 @@ + * @macro + * Version number of the http2 module as c string + */ +-#define MOD_HTTP2_VERSION "2.0.35" ++#define MOD_HTTP2_VERSION "2.0.37" + + /** + * @macro +@@ -35,7 +35,7 @@ + * release. This is a 24 bit number with 8 bits for major number, 8 bits + * for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203. + */ +-#define MOD_HTTP2_VERSION_NUM 0x020023 ++#define MOD_HTTP2_VERSION_NUM 0x020025 + + + #endif /* mod_h2_h2_version_h */ diff -Nru apache2-2.4.66/debian/patches/series apache2-2.4.66/debian/patches/series --- apache2-2.4.66/debian/patches/series 2025-12-05 18:52:34.000000000 +0000 +++ apache2-2.4.66/debian/patches/series 2026-01-22 22:03:37.000000000 +0000 @@ -5,4 +5,4 @@ build_suexec-custom.patch reproducible_builds.diff fix-macro.patch -#0017-When-a-rewrite-to-proxy-is-configured-in-the-server-.patch +bug1125368.patch diff -Nru apache2-2.4.66/debian/salsa-ci.yml apache2-2.4.66/debian/salsa-ci.yml --- apache2-2.4.66/debian/salsa-ci.yml 2025-12-05 10:21:29.000000000 +0000 +++ apache2-2.4.66/debian/salsa-ci.yml 2026-01-22 22:03:37.000000000 +0000 @@ -2,3 +2,5 @@ include: - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml +variables: + RELEASE: 'trixie'
signature.asc
Description: This is a digitally signed message part.
