Bug#915103: Apache2 HTTP/2 connection problems with Safari clients

To: Philip Iezzi <debian@onlime.ch>, 915103@bugs.debian.org
Subject: Bug#915103: Apache2 HTTP/2 connection problems with Safari clients
From: Stefan Fritsch <sf@sfritsch.de>
Date: Mon, 04 Feb 2019 23:52:44 +0100
Message-id: <[🔎] 2473049.XJnyoPShjN@k>
Reply-to: Stefan Fritsch <sf@sfritsch.de>, 915103@bugs.debian.org
In-reply-to: <584AFEFC-B134-4431-9555-063421550626@onlime.ch>
References: <C7BD6817-DD11-40E3-9B12-F1EEEF79351B@onlime.ch> <84c682cd9e67fd2f38bf076d509e536b@conemu.de> <584AFEFC-B134-4431-9555-063421550626@onlime.ch> <84c682cd9e67fd2f38bf076d509e536b@conemu.de>

Hi Philip,

sorry for the late respone, I have been quite busy with other things.

I could find no indication that any other upstream release has the same bug. 
Therefore I hope that adding more fixes from upstream versions up to the 
version from where I took the security fixes (2.4.34 and 2.4.35) should fix the 
issue. That's how I picked the first patch I have sent you. There is one other 
commit that may fit. A new patch is applied (leave out the first patch I sent).

If that does not work we need to find a more targeted approach. You could try 
increasing the http2 log level  and see if there are any log messages that 
appear only when safari gives the error message. You could try a quite high 
log level like

  loglevel http2:trace1

or even trace2.

Cheers,
Stefan

diff --git a/debian/patches/http2-r1832566.diff b/debian/patches/http2-r1832566.diff
new file mode 100644
index 0000000000..7ce7335100
--- /dev/null
+++ b/debian/patches/http2-r1832566.diff
@@ -0,0 +1,43 @@
+--- apache2.orig/modules/http2/h2_conn.c
++++ apache2/modules/http2/h2_conn.c
+@@ -240,7 +240,19 @@ apr_status_t h2_conn_run(struct h2_ctx *
+              && mpm_state != AP_MPMQ_STOPPING);
+ 
+     if (c->cs) {
+-        c->cs->state = CONN_STATE_LINGER;
++        switch (session->state) {
++            case H2_SESSION_ST_INIT:
++            case H2_SESSION_ST_IDLE:
++            case H2_SESSION_ST_BUSY:
++            case H2_SESSION_ST_WAIT:
++                c->cs->state = CONN_STATE_WRITE_COMPLETION;
++                break;
++            case H2_SESSION_ST_CLEANUP:
++            case H2_SESSION_ST_DONE:
++            default:
++                c->cs->state = CONN_STATE_LINGER;
++            break;
++        }
+     }
+ 
+     return APR_SUCCESS;
+--- apache2.orig/modules/http2/h2_version.h
++++ apache2/modules/http2/h2_version.h
+@@ -27,7 +27,7 @@
+  * @macro
+  * Version number of the http2 module as c string
+  */
+-#define MOD_HTTP2_VERSION "1.10.16"
++#define MOD_HTTP2_VERSION "1.10.20"
+ 
+ /**
+  * @macro
+@@ -35,7 +35,7 @@
+  * release. This is a 24 bit number with 8 bits for major number, 8 bits
+  * for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203.
+  */
+-#define MOD_HTTP2_VERSION_NUM 0x010a10
++#define MOD_HTTP2_VERSION_NUM 0x010a14
+ 
+ 
+ #endif /* mod_h2_h2_version_h */
diff --git a/debian/patches/series b/debian/patches/series
index 014d958573..21ff3c5da4 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -30,3 +30,4 @@ mod_http2_mem_usage_32bit.diff
 fcgi_crash.diff
 CVE-2018-1333-mod_http2_DoS.diff
 CVE-2018-11763-mod_http2_DoS-SETTINGS.diff
+http2-r1832566.diff

Reply to:

Follow-Ups:
- Bug#915103: Apache2 HTTP/2 connection problems with Safari clients
  - From: Philip Iezzi <debian@onlime.ch>

Prev by Date: Bug#921024: Apache and apache-htcacheclean services fail to start after this update
Next by Date: Bug#921024: apache2: DEP8 failure with 2.4.38-1: allowmethods.t
Previous by thread: Bug#921024: Apache and apache-htcacheclean services fail to start after this update
Next by thread: Bug#915103: Apache2 HTTP/2 connection problems with Safari clients
Index(es):
- Date
- Thread