Ubuntu
libapache2-mod-perl2 package

Merge ~utkarsh/ubuntu/+source/libapache2-mod-perl2:fix-sigsev-perl-parse into ubuntu/+source/libapache2-mod-perl2:ubuntu/focal-devel

  1. Git
  2. lp:~utkarsh/ubuntu/+source/libapache2-mod-perl2
  3. fix-sigsev-perl-parse
  4. Merge into ubuntu/focal-devel
Proposed by Utkarsh Gupta
Status: Merged
Approved by: Bryce Harrington
Approved revision: c94da881c844d55c930e2684fb245c073b7f8854
Merged at revision: c94da881c844d55c930e2684fb245c073b7f8854
Proposed branch: ~utkarsh/ubuntu/+source/libapache2-mod-perl2:fix-sigsev-perl-parse
Merge into: ubuntu/+source/libapache2-mod-perl2:ubuntu/focal-devel
Diff against target: 61 lines (+39/-0)
3 files modified
debian/changelog (+9/-0)
debian/patches/Fix_SIGSEGV_perl_parse.patch (+29/-0)
debian/patches/series (+1/-0)
Reviewer Review Type Date Requested Status
Bryce Harrington (community) Approve
Canonical Server packageset reviewers Pending
Canonical Server Pending
Review via email: mp+399921@code.launchpad.net

Description of the change

Hello,

This MP intends to fix a SIGSEGV crash due to wrong use of perl_parse() (cf: LP: #1915959). This has already been fixed in hirsute and this MP is backporting the same upstream patch to Focal.

PPA at https://launchpad.net/~utkarsh/+archive/ubuntu/experimental-dump.

The autopkgtest is happy:
```
autopkgtest [19:34:05]: @@@@@@@@@@@@@@@@@@@@ summary
mysmoke PASS
autodep8-perl-build-deps SKIP exit status 77 and marked as skippable
autodep8-perl PASS (superficial)
autodep8-perl-recommends SKIP exit status 77 and marked as skippable
```

Should you need any more details, let me know. Requesting you to please review and sponsor the upload.

To post a comment you must log in.
Revision history for this message
Bryce Harrington (bryce) wrote :

* Changelog:
  - [-] old content and logical tag match as expected
  - [√] changelog entry correct version and targeted codename
  - [√] changelog entries correct
  - [x] update-maintainer has been run

* Actual changes:
  - [-] no upstream changes to consider
  - [-] no further upstream version to consider
  - [ ] debian changes look safe

* Old Delta:
  - [-] dropped changes are ok to be dropped
  - [-] nothing else to drop
  - [√] changes forwarded upstream/debian (if appropriate)

* New Delta:
  - [-] no new patches added
  - [√] patches match what was proposed upstream
  - [√] patches correctly included in debian/patches/series
  - [√] patches have correct DEP3 metadata

* Build/Test:
  - [√] build is ok
  - [ ] verified PPA package installs/uninstalls
  - [√] autopkgtest against the PPA package passes
  - [-] sanity checks test fine

Verified build and autopkgtest work fine locally for me too.

Don't forget to run `update-maintainer`, which is required when you're making the first modification on a package sync'd from debian. (E.g. whenever you have a *ubuntu1 or *ubuntu0.1 or similar version).

Otherwise LGTM, +1. Will sponsor the upload directly.

review: Approve
Revision history for this message
Bryce Harrington (bryce) wrote :

   - [-] debian changes look safe
   - [√] verified PPA package installs/uninstalls

(Forgot to checkoff those items.)

Revision history for this message
Bryce Harrington (bryce) wrote :

Tagged, pushed, and upload sponsored:

stirling:~/pkg/Libapache2ModPerl2/review-mp399921/libapache2-mod-perl2-gu$ rm debian/files
stirling:~/pkg/Libapache2ModPerl2/review-mp399921/libapache2-mod-perl2-gu$ git ubuntu tag --upload
stirling:~/pkg/Libapache2ModPerl2/review-mp399921/libapache2-mod-perl2-gu$ git push pkg upload/2.0.11-2ubuntu0.20.04.1
cd ..
Enumerating objects: 21, done.
Counting objects: 100% (21/21), done.
Delta compression using up to 12 threads
Compressing objects: 100% (15/15), done.
Writing objects: 100% (15/15), 2.37 KiB | 2.37 MiB/s, done.
Total 15 (delta 10), reused 1 (delta 0)
ls *source.To ssh://git.launchpad.net/ubuntu/+source/libapache2-mod-perl2
 * [new tag] upload/2.0.11-2ubuntu0.20.04.1 -> upload/2.0.11-2ubuntu0.20.04.1
stirling:~/pkg/Libapache2ModPerl2/review-mp399921/libapache2-mod-perl2-gu$ cd ..
stirling:~/pkg/Libapache2ModPerl2/review-mp399921$ ls *source.changes
libapache2-mod-perl2_2.0.11-2ubuntu0.20.04.1_source.changes
stirling:~/pkg/Libapache2ModPerl2/review-mp399921$ debsponsor libapache2-mod-perl2_2.0.11-2ubuntu0.20.04.1_source.changes
The .changes file is already signed.
Would you like to use the current signature? [Yn]y
Leaving current signature unchanged.
stirling:~/pkg/Libapache2ModPerl2/review-mp399921$ dput ubuntu libapache2-mod-perl2_2.0.11-2ubuntu0.20.04.1_source.changes
Checking signature on .changes
gpg: /home/bryce/pkg/Libapache2ModPerl2/review-mp399921/libapache2-mod-perl2_2.0.11-2ubuntu0.20.04.1_source.changes: Valid signature from E603B2578FB8F0FB
Checking signature on .dsc
gpg: /home/bryce/pkg/Libapache2ModPerl2/review-mp399921/libapache2-mod-perl2_2.0.11-2ubuntu0.20.04.1.dsc: Valid signature from E603B2578FB8F0FB
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading libapache2-mod-perl2_2.0.11-2ubuntu0.20.04.1.dsc: done.
  Uploading libapache2-mod-perl2_2.0.11-2ubuntu0.20.04.1.debian.tar.xz: done.
  Uploading libapache2-mod-perl2_2.0.11-2ubuntu0.20.04.1_source.buildinfo: done.
  Uploading libapache2-mod-perl2_2.0.11-2ubuntu0.20.04.1_source.changes: done.
Successfully uploaded packages.

Revision history for this message
Bryce Harrington (bryce) wrote :

### SRU paperwork review ###

Some tips based on my experience filing SRUs...

The Impact section should be kept super short and concise. It just needs to state the use case that sees the bug, and what the effect is (from a user POV). The first sentence in your Impact section is perfect, you probably don't need to say much more.

The discussion of the debugging work done is great, but should be moved down to a [Discussion] section at the end (or an [Original Report] section if preferred). The SRU review team is less interested in knowing how the bug got fixed, than they are with the other aspects, to from their POV that's all just background detail. For Impact they want to quickly understand "how bad is this bug, and is it worth my attention?"

The [Test Plan] section looks good. I usually direct them to install via 'apt', test, then use 'add-apt-repository -yus <ppa>', upgrade the package and re-test, but this works too.

One possible improvement might be to list using valgrind like in the original report, to show not just that it's crashing, but note exactly where in the code its crashing. I.e.:

    # valgrind apache2 -k start -X
    ...
    ==22529== Invalid read of size 8
    ==22529== at 0x564AFF5: perl_parse (in /usr/lib/x86_64-linux-gnu/libperl.so.5.30.0)
    ...

Reasoning is that there are some situations that crash a certain way, you fix it, and it still crashes but somewhere else or under certain conditions. So being specific can help more quickly isolate those situations when they crop up.

For the [Where problems could occur] section, for crashes like these I usually same some variation of: The patch fixes buffer termination issue and as such things to watch for in testing include the usual pointer handling problems like crashes during startup or runtime, or weird memory related issues.

Revision history for this message
Utkarsh Gupta (utkarsh) wrote :

Oh thanks, Bryce. These are some great pointers. Thanks for the help, I'll keep these in mind when filing my net SRU! \o/

Also, thanks for the sponsorship! :D

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 4e549fa..d23fc41 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,12 @@
6+libapache2-mod-perl2 (2.0.11-2ubuntu0.20.04.1) focal; urgency=medium
7+
8+ * Fix a SIGSEGV crash. (LP: #1915959)
9+ - d/p/Fix_SIGSEGV_perl_parse.patch: Add a patch from upstream
10+ SVN to fix a SIGSEGV crash due to wrong use of perl_parse().
11+ + Thanks, Charles Pigott, for the patch.
12+
13+ -- Utkarsh Gupta <utkarsh.gupta@canonical.com> Fri, 19 Mar 2021 19:00:24 +0530
14+
15 libapache2-mod-perl2 (2.0.11-2) unstable; urgency=medium
16
17 [ gregor herrmann ]
18diff --git a/debian/patches/Fix_SIGSEGV_perl_parse.patch b/debian/patches/Fix_SIGSEGV_perl_parse.patch
19new file mode 100644
20index 0000000..ae1d274
21--- /dev/null
22+++ b/debian/patches/Fix_SIGSEGV_perl_parse.patch
23@@ -0,0 +1,29 @@
24+Description: Fix SIGSEGV crash due to wrong use of perl_parse()
25+Origin: https://svn.apache.org/viewvc?view=revision&revision=1886793
26+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/libapache2-mod-perl2/+bug/1915959
27+Author: Charles Pigott <cpigott@rapitasystems.com>
28+Reviewed-by: gregor herrmann <gregoa@debian.org>
29+Last-Update: 2021-02-22
30+
31+--- a/src/modules/perl/modperl_config.c
32++++ b/src/modules/perl/modperl_config.c
33+@@ -163,7 +163,8 @@
34+ scfg->PerlPostConfigRequire =
35+ apr_array_make(p, 1, sizeof(modperl_require_file_t *));
36+
37+- scfg->argv = apr_array_make(p, 2, sizeof(char *));
38++ /* 2 arguments + NULL terminator */
39++ scfg->argv = apr_array_make(p, 3, sizeof(char *));
40+
41+ scfg->setvars = apr_table_make(p, 2);
42+ scfg->configvars = apr_table_make(p, 2);
43+@@ -219,6 +220,9 @@
44+
45+ *argc = scfg->argv->nelts;
46+
47++ /* perl_parse() expects a NULL terminated argv array */
48++ modperl_config_srv_argv_push(NULL);
49++
50+ MP_TRACE_g_do(dump_argv(scfg));
51+
52+ return (char **)scfg->argv->elts;
53diff --git a/debian/patches/series b/debian/patches/series
54index a08118a..99ee5a5 100644
55--- a/debian/patches/series
56+++ b/debian/patches/series
57@@ -12,3 +12,4 @@ avoid-db-linkage.patch
58 360-conditional-linux-pid-module.patch
59 0001-Skip-t-protocol-pseudo_http.t-incompatible-with-Apac.patch
60 honour-env-LDFLAGS.patch
61+Fix_SIGSEGV_perl_parse.patch

Subscribers

People subscribed via source and target branches