Bug#915103: Apache2 HTTP/2 connection problems with Safari clients
- To: Philip Iezzi <debian@onlime.ch>, 915103@bugs.debian.org
- Subject: Bug#915103: Apache2 HTTP/2 connection problems with Safari clients
- From: Stefan Fritsch <sf@sfritsch.de>
- Date: Mon, 04 Feb 2019 23:52:44 +0100
- Message-id: <[🔎] 2473049.XJnyoPShjN@k>
- Reply-to: Stefan Fritsch <sf@sfritsch.de>, 915103@bugs.debian.org
- In-reply-to: <584AFEFC-B134-4431-9555-063421550626@onlime.ch>
- References: <C7BD6817-DD11-40E3-9B12-F1EEEF79351B@onlime.ch> <84c682cd9e67fd2f38bf076d509e536b@conemu.de> <584AFEFC-B134-4431-9555-063421550626@onlime.ch> <84c682cd9e67fd2f38bf076d509e536b@conemu.de>
Hi Philip,
sorry for the late respone, I have been quite busy with other things.
I could find no indication that any other upstream release has the same bug.
Therefore I hope that adding more fixes from upstream versions up to the
version from where I took the security fixes (2.4.34 and 2.4.35) should fix the
issue. That's how I picked the first patch I have sent you. There is one other
commit that may fit. A new patch is applied (leave out the first patch I sent).
If that does not work we need to find a more targeted approach. You could try
increasing the http2 log level and see if there are any log messages that
appear only when safari gives the error message. You could try a quite high
log level like
loglevel http2:trace1
or even trace2.
Cheers,
Stefan
diff --git a/debian/patches/http2-r1832566.diff b/debian/patches/http2-r1832566.diff
new file mode 100644
index 0000000000..7ce7335100
--- /dev/null
+++ b/debian/patches/http2-r1832566.diff
@@ -0,0 +1,43 @@
+--- apache2.orig/modules/http2/h2_conn.c
++++ apache2/modules/http2/h2_conn.c
+@@ -240,7 +240,19 @@ apr_status_t h2_conn_run(struct h2_ctx *
+ && mpm_state != AP_MPMQ_STOPPING);
+
+ if (c->cs) {
+- c->cs->state = CONN_STATE_LINGER;
++ switch (session->state) {
++ case H2_SESSION_ST_INIT:
++ case H2_SESSION_ST_IDLE:
++ case H2_SESSION_ST_BUSY:
++ case H2_SESSION_ST_WAIT:
++ c->cs->state = CONN_STATE_WRITE_COMPLETION;
++ break;
++ case H2_SESSION_ST_CLEANUP:
++ case H2_SESSION_ST_DONE:
++ default:
++ c->cs->state = CONN_STATE_LINGER;
++ break;
++ }
+ }
+
+ return APR_SUCCESS;
+--- apache2.orig/modules/http2/h2_version.h
++++ apache2/modules/http2/h2_version.h
+@@ -27,7 +27,7 @@
+ * @macro
+ * Version number of the http2 module as c string
+ */
+-#define MOD_HTTP2_VERSION "1.10.16"
++#define MOD_HTTP2_VERSION "1.10.20"
+
+ /**
+ * @macro
+@@ -35,7 +35,7 @@
+ * release. This is a 24 bit number with 8 bits for major number, 8 bits
+ * for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203.
+ */
+-#define MOD_HTTP2_VERSION_NUM 0x010a10
++#define MOD_HTTP2_VERSION_NUM 0x010a14
+
+
+ #endif /* mod_h2_h2_version_h */
diff --git a/debian/patches/series b/debian/patches/series
index 014d958573..21ff3c5da4 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -30,3 +30,4 @@ mod_http2_mem_usage_32bit.diff
fcgi_crash.diff
CVE-2018-1333-mod_http2_DoS.diff
CVE-2018-11763-mod_http2_DoS-SETTINGS.diff
+http2-r1832566.diff
Reply to: