File apache2-http2-security-issues.patch of Package apache2.21779

Fixes for CVE-2019-9517 (bsc#1145575), CVE-2019-10082 (bsc#1145741), CVE-2019-10081 (bsc#1145742)

Consists of the following 2.4.x commits:

From 9f71c7ad5efc5ff3a234852ddf4f17dcb4b4e7f1 Mon Sep 17 00:00:00 2001
From: Jim Jagielski <jim@apache.org>
Date: Thu, 13 Jun 2019 11:08:29 +0000
Subject: [PATCH] Merge r1860260 from trunk:

 * modules/http2: more copying of data to disentangle worker processing from main connection

Submitted by: icing
Reviewed by: icing, covener, jim

From 768fbd906bd20e47ede2da52ef9d3a6c2d07f79d Mon Sep 17 00:00:00 2001
From: Jim Jagielski <jim@apache.org>
Date: Thu, 13 Jun 2019 11:09:12 +0000
Subject: [PATCH] Merge r1707084, r1707093, r1707159, r1707362 from trunk:

eor_bucket: don't destroy the request multiple times should any filter
do a copy (e.g. mod_bucketeer).

eor_bucket: follow up to r1707084: fix comment.

From 03222c07d905bcf668028e0fec6b257a6c6964c6 Mon Sep 17 00:00:00 2001
From: Stefan Eissing <icing@apache.org>
Date: Thu, 1 Aug 2019 08:18:03 +0000
Subject: [PATCH] Merge of r1861338,1862475,1862583,1862865,1863221,1863276
 from trunk:

  *) mod_http2: core setting "LimitRequestFieldSize" is not additionally checked on
     merged header fields, just as HTTP/1.1 does. [Stefan Eissing, Michael Kaufmann]

  *) mod_http2: fixed a bug that prevented proper stream cleanup when connection
     throttling was in place. Stream resets by clients on streams initiated by them
     are counted as possible trigger for throttling. [Stefan Eissing]

  *) mod_http2/mpm_event: Fixes the behaviour when a HTTP/2 connection has nothing
     more to write with streams ongoing (flow control block). The timeout waiting
     for the client to send WINODW_UPDATE was incorrectly KeepAliveTimeout and not
     Timeout as it should be. Fixes PR 63534. [Yann Ylavic, Stefan Eissing]

Index: httpd-2.4.33/modules/http2/h2_conn.c
===================================================================
--- httpd-2.4.33.orig/modules/http2/h2_conn.c	2019-08-19 16:16:12.971819465 +0200
+++ httpd-2.4.33/modules/http2/h2_conn.c	2019-08-19 16:16:13.099820280 +0200
@@ -231,6 +231,13 @@ apr_status_t h2_conn_run(conn_rec *c)
             case H2_SESSION_ST_BUSY:
             case H2_SESSION_ST_WAIT:
                 c->cs->state = CONN_STATE_WRITE_COMPLETION;
+                if (c->cs && (session->open_streams || !session->remote.emitted_count)) {
+                    /* let the MPM know that we are not done and want
+                     * the Timeout behaviour instead of a KeepAliveTimeout
+                     * See PR 63534. 
+                     */
+                    c->cs->sense = CONN_SENSE_WANT_READ;
+                }
                 break;
             case H2_SESSION_ST_CLEANUP:
             case H2_SESSION_ST_DONE:
Index: httpd-2.4.33/modules/http2/h2_filter.c
===================================================================
--- httpd-2.4.33.orig/modules/http2/h2_filter.c	2019-08-19 16:16:12.971819465 +0200
+++ httpd-2.4.33/modules/http2/h2_filter.c	2019-08-19 16:16:13.099820280 +0200
@@ -493,6 +493,52 @@ static apr_status_t status_event(void *c
     return APR_SUCCESS;
 }
 
+static apr_status_t discard_body(request_rec *r, apr_off_t maxlen)
+{
+    apr_bucket_brigade *bb;
+    int seen_eos;
+    apr_status_t rv;
+
+    bb = apr_brigade_create(r->pool, r->connection->bucket_alloc);
+    seen_eos = 0;
+    do {
+        apr_bucket *bucket;
+
+        rv = ap_get_brigade(r->input_filters, bb, AP_MODE_READBYTES,
+                            APR_BLOCK_READ, HUGE_STRING_LEN);
+
+        if (rv != APR_SUCCESS) {
+            apr_brigade_destroy(bb);
+            return rv;
+        }
+
+        for (bucket = APR_BRIGADE_FIRST(bb);
+             bucket != APR_BRIGADE_SENTINEL(bb);
+             bucket = APR_BUCKET_NEXT(bucket))
+        {
+            const char *data;
+            apr_size_t len;
+
+            if (APR_BUCKET_IS_EOS(bucket)) {
+                seen_eos = 1;
+                break;
+            }
+            if (bucket->length == 0) {
+                continue;
+            }
+            rv = apr_bucket_read(bucket, &data, &len, APR_BLOCK_READ);
+            if (rv != APR_SUCCESS) {
+                apr_brigade_destroy(bb);
+                return rv;
+            }
+            maxlen -= bucket->length;
+        }
+        apr_brigade_cleanup(bb);
+    } while (!seen_eos && maxlen >= 0);
+
+    return APR_SUCCESS;
+}
+
 int h2_filter_h2_status_handler(request_rec *r)
 {
     conn_rec *c = r->connection;
@@ -510,8 +556,10 @@ int h2_filter_h2_status_handler(request_
 
     task = h2_ctx_get_task(r->connection);
     if (task) {
-
-        if ((status = ap_discard_request_body(r)) != OK) {
+        /* In this handler, we do some special sauce to send footers back,
+         * IFF we received footers in the request. This is used in our test
+         * cases, since CGI has no way of handling those. */
+        if ((status = discard_body(r, 1024)) != OK) {
             return status;
         }
         
Index: httpd-2.4.33/modules/http2/h2_headers.c
===================================================================
--- httpd-2.4.33.orig/modules/http2/h2_headers.c	2019-08-19 16:16:12.971819465 +0200
+++ httpd-2.4.33/modules/http2/h2_headers.c	2019-08-19 16:16:13.099820280 +0200
@@ -102,8 +102,9 @@ apr_bucket *h2_bucket_headers_beam(struc
                                     const apr_bucket *src)
 {
     if (H2_BUCKET_IS_HEADERS(src)) {
-        h2_headers *r = ((h2_bucket_headers *)src->data)->headers;
-        apr_bucket *b = h2_bucket_headers_create(dest->bucket_alloc, r);
+        h2_headers *src_headers = ((h2_bucket_headers *)src->data)->headers;
+        apr_bucket *b = h2_bucket_headers_create(dest->bucket_alloc, 
+                                                 h2_headers_clone(dest->p, src_headers));
         APR_BRIGADE_INSERT_TAIL(dest, b);
         return b;
     }
@@ -156,7 +157,14 @@ h2_headers *h2_headers_rcreate(request_r
 
 h2_headers *h2_headers_copy(apr_pool_t *pool, h2_headers *h)
 {
-    return h2_headers_create(h->status, h->headers, h->notes, h->raw_bytes, pool);
+    return h2_headers_create(h->status, apr_table_copy(pool, h->headers), 
+                             apr_table_copy(pool, h->notes), h->raw_bytes, pool);
+}
+
+h2_headers *h2_headers_clone(apr_pool_t *pool, h2_headers *h)
+{
+    return h2_headers_create(h->status, apr_table_clone(pool, h->headers), 
+                             apr_table_clone(pool, h->notes), h->raw_bytes, pool);
 }
 
 h2_headers *h2_headers_die(apr_status_t type,
Index: httpd-2.4.33/modules/http2/h2_headers.h
===================================================================
--- httpd-2.4.33.orig/modules/http2/h2_headers.h	2019-08-19 16:16:12.879818882 +0200
+++ httpd-2.4.33/modules/http2/h2_headers.h	2019-08-19 16:16:13.099820280 +0200
@@ -59,12 +59,18 @@ h2_headers *h2_headers_rcreate(request_r
                                  apr_table_t *header, apr_pool_t *pool);
 
 /**
- * Clone the headers into another pool. This will not copy any
+ * Copy the headers into another pool. This will not copy any
  * header strings.
  */
 h2_headers *h2_headers_copy(apr_pool_t *pool, h2_headers *h);
 
 /**
+ * Clone the headers into another pool. This will also clone any
+ * header strings.
+ */
+h2_headers *h2_headers_clone(apr_pool_t *pool, h2_headers *h);
+
+/**
  * Create the headers for the given error.
  * @param stream_id id of the stream to create the headers for
  * @param type the error code
Index: httpd-2.4.33/modules/http2/h2_mplx.c
===================================================================
--- httpd-2.4.33.orig/modules/http2/h2_mplx.c	2019-08-19 16:16:12.975819491 +0200
+++ httpd-2.4.33/modules/http2/h2_mplx.c	2019-08-19 16:17:34.276336122 +0200
@@ -53,8 +53,12 @@ typedef struct {
     h2_mplx *m;
     h2_stream *stream;
     apr_time_t now;
+    apr_size_t count;
 } stream_iter_ctx;
 
+static apr_status_t mplx_be_happy(h2_mplx *m);
+static apr_status_t mplx_be_annoyed(h2_mplx *m);
+
 apr_status_t h2_mplx_child_init(apr_pool_t *pool, server_rec *s)
 {
     return APR_SUCCESS;
@@ -98,7 +102,7 @@ static void stream_input_consumed(void *
 
 static void stream_joined(h2_mplx *m, h2_stream *stream)
 {
-    ap_assert(!stream->task || stream->task->worker_done);
+    ap_assert(!h2_task_has_started(stream->task) || stream->task->worker_done);
     
     h2_ihash_remove(m->shold, stream->id);
     h2_ihash_add(m->spurge, stream);
@@ -124,7 +128,7 @@ static void stream_cleanup(h2_mplx *m, h
     h2_ififo_remove(m->readyq, stream->id);
     h2_ihash_add(m->shold, stream);
     
-    if (!stream->task || stream->task->worker_done) {
+    if (!h2_task_has_started(stream->task) || stream->task->done_done) {
         stream_joined(m, stream);
     }
     else if (stream->task) {
@@ -194,7 +198,6 @@ h2_mplx *h2_mplx_create(conn_rec *c, ser
         m->stream_max_mem = h2_config_sgeti(s, H2_CONF_STREAM_MAX_MEM);
 
         m->streams = h2_ihash_create(m->pool, offsetof(h2_stream,id));
-        m->sredo = h2_ihash_create(m->pool, offsetof(h2_stream,id));
         m->shold = h2_ihash_create(m->pool, offsetof(h2_stream,id));
         m->spurge = h2_ihash_create(m->pool, offsetof(h2_stream,id));
         m->q = h2_iq_create(m->pool, m->max_streams);
@@ -208,8 +211,8 @@ h2_mplx *h2_mplx_create(conn_rec *c, ser
         m->workers = workers;
         m->max_active = workers->max_workers;
         m->limit_active = 6; /* the original h1 max parallel connections */
-        m->last_limit_change = m->last_idle_block = apr_time_now();
-        m->limit_change_interval = apr_time_from_msec(100);
+        m->last_mood_change = apr_time_now();
+        m->mood_update_interval = apr_time_from_msec(100);
         
         m->spare_slaves = apr_array_make(m->pool, 10, sizeof(conn_rec*));
     }
@@ -431,6 +434,10 @@ void h2_mplx_release_and_join(h2_mplx *m
 
     /* How to shut down a h2 connection:
      * 1. cancel all streams still active */
+    ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, m->c, 
+                  "h2_mplx(%ld): release, %d/%d/%d streams (total/hold/purge), %d active tasks", 
+                  m->id, (int)h2_ihash_count(m->streams),
+                  (int)h2_ihash_count(m->shold), (int)h2_ihash_count(m->spurge), m->tasks_active);
     while (!h2_ihash_iter(m->streams, stream_cancel_iter, m)) {
         /* until empty */
     }
@@ -456,10 +463,10 @@ void h2_mplx_release_and_join(h2_mplx *m
             h2_ihash_iter(m->shold, report_stream_iter, m);
         }
     }
-    ap_assert(m->tasks_active == 0);
     m->join_wait = NULL;
-    
+
     /* 4. With all workers done, all streams should be in spurge */
+    ap_assert(m->tasks_active == 0);
     if (!h2_ihash_empty(m->shold)) {
         ap_log_cerror(APLOG_MARK, APLOG_WARNING, 0, m->c, APLOGNO(03516)
                       "h2_mplx(%ld): unexpected %d streams in hold", 
@@ -470,8 +477,7 @@ void h2_mplx_release_and_join(h2_mplx *m
     m->c->aborted = old_aborted;
     H2_MPLX_LEAVE(m);
 
-    ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, m->c,
-                  "h2_mplx(%ld): released", m->id);
+    ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, m->c, "h2_mplx(%ld): released", m->id);
 }
 
 apr_status_t h2_mplx_stream_cleanup(h2_mplx *m, h2_stream *stream)
@@ -709,7 +715,6 @@ static h2_task *next_stream_task(h2_mplx
             }
             
             if (!stream->task) {
-
                 if (sid > m->max_stream_started) {
                     m->max_stream_started = sid;
                 }
@@ -728,9 +733,9 @@ static h2_task *next_stream_task(h2_mplx
                                   "create task"));
                     return NULL;
                 }
-                
             }
             
+            stream->task->started_at = apr_time_now();
             ++m->tasks_active;
             return stream->task;
         }
@@ -778,32 +783,18 @@ static void task_done(h2_mplx *m, h2_tas
                   "h2_mplx(%s): request done, %f ms elapsed", task->id, 
                   (task->done_at - task->started_at) / 1000.0);
     
-    if (task->started_at > m->last_idle_block) {
-        /* this task finished without causing an 'idle block', e.g.
-         * a block by flow control.
-         */
-        if (task->done_at- m->last_limit_change >= m->limit_change_interval
-            && m->limit_active < m->max_active) {
-            /* Well behaving stream, allow it more workers */
-            m->limit_active = H2MIN(m->limit_active * 2, 
-                                     m->max_active);
-            m->last_limit_change = task->done_at;
-            ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, m->c,
-                          "h2_mplx(%ld): increase worker limit to %d",
-                          m->id, m->limit_active);
-        }
+    if (task->c && !task->c->aborted && task->started_at > m->last_mood_change) {
+        mplx_be_happy(m);
     }
-
+    
     ap_assert(task->done_done == 0);
 
     stream = h2_ihash_get(m->streams, task->stream_id);
     if (stream) {
         /* stream not done yet. */
-        if (!m->aborted && h2_ihash_get(m->sredo, stream->id)) {
+        if (!m->aborted && task->redo) {
             /* reset and schedule again */
-            task->worker_done = 0;
             h2_task_redo(task);
-            h2_ihash_remove(m->sredo, stream->id);
             h2_iq_add(m->q, stream->id, NULL, NULL);
             ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, m->c,
                           H2_STRM_MSG(stream, "redo, added to q"));
@@ -848,8 +839,8 @@ void h2_mplx_task_done(h2_mplx *m, h2_ta
 {
     H2_MPLX_ENTER_ALWAYS(m);
 
-    task_done(m, task);
     --m->tasks_active;
+    task_done(m, task);
     
     if (m->join_wait) {
         apr_thread_cond_signal(m->join_wait);
@@ -867,94 +858,162 @@ void h2_mplx_task_done(h2_mplx *m, h2_ta
  * h2_mplx DoS protection
  ******************************************************************************/
 
-static int latest_repeatable_unsubmitted_iter(void *data, void *val)
+static int timed_out_busy_iter(void *data, void *val)
 {
     stream_iter_ctx *ctx = data;
     h2_stream *stream = val;
     
-    if (stream->task && !stream->task->worker_done 
-        && h2_task_can_redo(stream->task) 
-        && !h2_ihash_get(ctx->m->sredo, stream->id)) {
-        if (!h2_stream_is_ready(stream)) {
-            /* this task occupies a worker, the response has not been submitted 
-             * yet, not been cancelled and it is a repeatable request
-             * -> it can be re-scheduled later */
-            if (!ctx->stream 
-                || (ctx->stream->task->started_at < stream->task->started_at)) {
-                /* we did not have one or this one was started later */
-                ctx->stream = stream;
-            }
-        }
+    if (h2_task_has_started(stream->task) && !stream->task->worker_done
+        && (ctx->now - stream->task->started_at) > stream->task->timeout) {
+        /* timed out stream occupying a worker, found */
+        ctx->stream = stream;
+        return 0;
     }
     return 1;
 }
 
-static h2_stream *get_latest_repeatable_unsubmitted_stream(h2_mplx *m) 
+static h2_stream *get_timed_out_busy_stream(h2_mplx *m) 
 {
     stream_iter_ctx ctx;
     ctx.m = m;
     ctx.stream = NULL;
-    h2_ihash_iter(m->streams, latest_repeatable_unsubmitted_iter, &ctx);
+    ctx.now = apr_time_now();
+    h2_ihash_iter(m->streams, timed_out_busy_iter, &ctx);
     return ctx.stream;
 }
 
-static int timed_out_busy_iter(void *data, void *val)
+static int latest_repeatable_unsubmitted_iter(void *data, void *val)
 {
     stream_iter_ctx *ctx = data;
     h2_stream *stream = val;
-    if (stream->task && !stream->task->worker_done
-        && (ctx->now - stream->task->started_at) > stream->task->timeout) {
-        /* timed out stream occupying a worker, found */
-        ctx->stream = stream;
-        return 0;
+    
+    if (!stream->task) goto leave;
+    if (!h2_task_has_started(stream->task) || stream->task->worker_done) goto leave;
+    if (h2_stream_is_ready(stream)) goto leave;
+    if (stream->task->redo) {
+        ++ctx->count;
+        goto leave;
+    }
+    if (h2_task_can_redo(stream->task)) {
+        /* this task occupies a worker, the response has not been submitted 
+         * yet, not been cancelled and it is a repeatable request
+         * -> we could redo it later */
+        if (!ctx->stream 
+            || (ctx->stream->task->started_at < stream->task->started_at)) {
+            /* we did not have one or this one was started later */
+            ctx->stream = stream;
+        }
     }
+leave:
     return 1;
 }
 
-static h2_stream *get_timed_out_busy_stream(h2_mplx *m) 
+static apr_status_t assess_task_to_throttle(h2_task **ptask, h2_mplx *m) 
 {
     stream_iter_ctx ctx;
+    
+    /* count the running tasks already marked for redo and get one that could
+     * be throttled */
+    *ptask = NULL;
     ctx.m = m;
     ctx.stream = NULL;
-    ctx.now = apr_time_now();
-    h2_ihash_iter(m->streams, timed_out_busy_iter, &ctx);
-    return ctx.stream;
+    ctx.count = 0;
+    h2_ihash_iter(m->streams, latest_repeatable_unsubmitted_iter, &ctx);
+    if (m->tasks_active - ctx.count > m->limit_active) {
+        /* we are above the limit of running tasks, accounting for the ones
+         * already throttled. */
+        if (ctx.stream && ctx.stream->task) {
+            *ptask = ctx.stream->task;
+            return APR_EAGAIN;
+        }
+        /* above limit, be seeing no candidate for easy throttling */
+        if (get_timed_out_busy_stream(m)) {
+            /* Too many busy workers, unable to cancel enough streams
+             * and with a busy, timed out stream, we tell the client
+             * to go away... */
+            return APR_TIMEUP;
+        }
+    }
+    return APR_SUCCESS;
 }
 
 static apr_status_t unschedule_slow_tasks(h2_mplx *m) 
 {
-    h2_stream *stream;
-    int n;
+    h2_task *task;
+    apr_status_t rv;
     
     /* Try to get rid of streams that occupy workers. Look for safe requests
      * that are repeatable. If none found, fail the connection.
      */
-    n = (m->tasks_active - m->limit_active - (int)h2_ihash_count(m->sredo));
-    while (n > 0 && (stream = get_latest_repeatable_unsubmitted_stream(m))) {
+    while (APR_EAGAIN == (rv = assess_task_to_throttle(&task, m))) {
         ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, m->c,
                       "h2_mplx(%s): unschedule, resetting task for redo later",
-                      stream->task->id);
-        h2_task_rst(stream->task, H2_ERR_CANCEL);
-        h2_ihash_add(m->sredo, stream);
-        --n;
+                      task->id);
+        task->redo = 1;
+        h2_task_rst(task, H2_ERR_CANCEL);
     }
     
-    if ((m->tasks_active - h2_ihash_count(m->sredo)) > m->limit_active) {
-        h2_stream *stream = get_timed_out_busy_stream(m);
-        if (stream) {
-            /* Too many busy workers, unable to cancel enough streams
-             * and with a busy, timed out stream, we tell the client
-             * to go away... */
-            return APR_TIMEUP;
-        }
+    return rv;
+}
+
+static apr_status_t mplx_be_happy(h2_mplx *m)
+{
+    apr_time_t now;            
+
+    --m->irritations_since;
+    now = apr_time_now();
+    if (m->limit_active < m->max_active 
+        && (now - m->last_mood_change >= m->mood_update_interval
+            || m->irritations_since < -m->limit_active)) {
+        m->limit_active = H2MIN(m->limit_active * 2, m->max_active);
+        m->last_mood_change = now;
+        m->irritations_since = 0;
+        ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, m->c,
+                      "h2_mplx(%ld): mood update, increasing worker limit to %d",
+                      m->id, m->limit_active);
     }
     return APR_SUCCESS;
 }
 
-apr_status_t h2_mplx_idle(h2_mplx *m)
+static apr_status_t mplx_be_annoyed(h2_mplx *m)
 {
     apr_status_t status = APR_SUCCESS;
     apr_time_t now;            
+
+    ++m->irritations_since;
+    now = apr_time_now();
+    if (m->limit_active > 2 && 
+        ((now - m->last_mood_change >= m->mood_update_interval)
+         || (m->irritations_since >= m->limit_active))) {
+            
+        if (m->limit_active > 16) {
+            m->limit_active = 16;
+        }
+        else if (m->limit_active > 8) {
+            m->limit_active = 8;
+        }
+        else if (m->limit_active > 4) {
+            m->limit_active = 4;
+        }
+        else if (m->limit_active > 2) {
+            m->limit_active = 2;
+        }
+        m->last_mood_change = now;
+        m->irritations_since = 0;
+        ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, m->c,
+                      "h2_mplx(%ld): mood update, decreasing worker limit to %d",
+                      m->id, m->limit_active);
+    }
+    
+    if (m->tasks_active > m->limit_active) {
+        status = unschedule_slow_tasks(m);
+    }
+    return status;
+}
+
+apr_status_t h2_mplx_idle(h2_mplx *m)
+{
+    apr_status_t status = APR_SUCCESS;
     apr_size_t scount;
     
     H2_MPLX_ENTER(m);
@@ -974,31 +1033,7 @@ apr_status_t h2_mplx_idle(h2_mplx *m)
              * of busy workers we allow for this connection until it
              * well behaves.
              */
-            now = apr_time_now();
-            m->last_idle_block = now;
-            if (m->limit_active > 2 
-                && now - m->last_limit_change >= m->limit_change_interval) {
-                if (m->limit_active > 16) {
-                    m->limit_active = 16;
-                }
-                else if (m->limit_active > 8) {
-                    m->limit_active = 8;
-                }
-                else if (m->limit_active > 4) {
-                    m->limit_active = 4;
-                }
-                else if (m->limit_active > 2) {
-                    m->limit_active = 2;
-                }
-                m->last_limit_change = now;
-                ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, m->c,
-                              "h2_mplx(%ld): decrease worker limit to %d",
-                              m->id, m->limit_active);
-            }
-            
-            if (m->tasks_active > m->limit_active) {
-                status = unschedule_slow_tasks(m);
-            }
+            status = mplx_be_annoyed(m);
         }
         else if (!h2_iq_empty(m->q)) {
             ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, m->c,
@@ -1093,11 +1128,24 @@ int h2_mplx_awaits_data(h2_mplx *m)
     if (h2_ihash_empty(m->streams)) {
         waiting = 0;
     }
-    else if (!m->tasks_active && !h2_ififo_count(m->readyq)
-             && h2_iq_empty(m->q)) {
+    else if (!m->tasks_active && !h2_ififo_count(m->readyq) && h2_iq_empty(m->q)) {
         waiting = 0;
     }
 
     H2_MPLX_LEAVE(m);
     return waiting;
 }
+
+apr_status_t h2_mplx_client_rst(h2_mplx *m, int stream_id)
+{
+    h2_stream *stream;
+    apr_status_t status = APR_SUCCESS;
+    
+    H2_MPLX_ENTER_ALWAYS(m);
+    stream = h2_ihash_get(m->streams, stream_id);
+    if (stream && stream->task) {
+        status = mplx_be_annoyed(m);
+    }
+    H2_MPLX_LEAVE(m);
+    return status;
+}
Index: httpd-2.4.33/modules/http2/h2_mplx.h
===================================================================
--- httpd-2.4.33.orig/modules/http2/h2_mplx.h	2019-08-19 16:16:12.975819491 +0200
+++ httpd-2.4.33/modules/http2/h2_mplx.h	2019-08-19 16:16:13.099820280 +0200
@@ -63,7 +63,6 @@ struct h2_mplx {
     unsigned int is_registered;     /* is registered at h2_workers */
 
     struct h2_ihash_t *streams;     /* all streams currently processing */
-    struct h2_ihash_t *sredo;       /* all streams that need to be re-started */
     struct h2_ihash_t *shold;       /* all streams done with task ongoing */
     struct h2_ihash_t *spurge;      /* all streams done, ready for destroy */
     
@@ -77,10 +76,10 @@ struct h2_mplx {
     int tasks_active;       /* # of tasks being processed from this mplx */
     int limit_active;       /* current limit on active tasks, dynamic */
     int max_active;         /* max, hard limit # of active tasks in a process */
-    apr_time_t last_idle_block;      /* last time, this mplx entered IDLE while
-                                      * streams were ready */
-    apr_time_t last_limit_change;    /* last time, worker limit changed */
-    apr_interval_time_t limit_change_interval;
+    
+    apr_time_t last_mood_change; /* last time, we worker limit changed */
+    apr_interval_time_t mood_update_interval; /* how frequent we update at most */
+    int irritations_since; /* irritations (>0) or happy events (<0) since last mood change */
 
     apr_thread_mutex_t *lock;
     struct apr_thread_cond_t *added_output;
@@ -205,6 +204,8 @@ typedef int h2_mplx_stream_cb(struct h2_
 
 apr_status_t h2_mplx_stream_do(h2_mplx *m, h2_mplx_stream_cb *cb, void *ctx);
 
+apr_status_t h2_mplx_client_rst(h2_mplx *m, int stream_id);
+
 /*******************************************************************************
  * Output handling of streams.
  ******************************************************************************/
Index: httpd-2.4.33/modules/http2/h2_proxy_session.c
===================================================================
--- httpd-2.4.33.orig/modules/http2/h2_proxy_session.c	2019-08-19 16:16:12.975819491 +0200
+++ httpd-2.4.33/modules/http2/h2_proxy_session.c	2019-08-19 16:16:13.099820280 +0200
@@ -545,7 +545,7 @@ static ssize_t stream_request_data(nghtt
         }
 
         stream->data_sent += readlen;
-        ap_log_rerror(APLOG_MARK, APLOG_DEBUG, status, stream->r, APLOGNO(03468) 
+        ap_log_rerror(APLOG_MARK, APLOG_DEBUG, status, stream->r, APLOGNO(10179) 
                       "h2_proxy_stream(%d): request DATA %ld, %ld"
                       " total, flags=%d", 
                       stream->id, (long)readlen, (long)stream->data_sent,
Index: httpd-2.4.33/modules/http2/h2_session.c
===================================================================
--- httpd-2.4.33.orig/modules/http2/h2_session.c	2019-08-19 16:16:12.975819491 +0200
+++ httpd-2.4.33/modules/http2/h2_session.c	2019-08-19 16:16:13.103820304 +0200
@@ -390,9 +390,14 @@ static int on_frame_recv_cb(nghttp2_sess
                           (int)frame->rst_stream.error_code);
             stream = h2_session_stream_get(session, frame->hd.stream_id);
             if (stream && stream->initiated_on) {
+                /* A stream reset on a request we sent it. Normal, when the
+                 * client does not want it. */
                 ++session->pushes_reset;
             }
             else {
+                /* A stream reset on a request it sent us. Could happen in a browser
+                 * when the user navigates away or cancels loading - maybe. */
+                h2_mplx_client_rst(session->mplx, frame->hd.stream_id);
                 ++session->streams_reset;
             }
             break;
@@ -1703,7 +1708,7 @@ static void transit(h2_session *session,
                      * that already served requests - not fair. */
                     session->idle_sync_until = apr_time_now() + apr_time_from_sec(1);
                     s = "timeout";
-                    timeout = H2MAX(session->s->timeout, session->s->keep_alive_timeout);
+                    timeout = session->s->timeout;
                     update_child_status(session, SERVER_BUSY_READ, "idle");
                     ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, session->c, 
                                   H2_SSSN_LOG("", session, "enter idle, timeout = %d sec"), 
@@ -1711,8 +1716,8 @@ static void transit(h2_session *session,
                 }
                 else if (session->open_streams) {
                     s = "timeout";
-                    timeout = session->s->keep_alive_timeout;
-                    update_child_status(session, SERVER_BUSY_KEEPALIVE, "idle");
+                    timeout = session->s->timeout;
+                    update_child_status(session, SERVER_BUSY_READ, "idle");
                 }
                 else {
                     /* normal keepalive setup */
@@ -1977,6 +1982,7 @@ static void on_stream_state_enter(void *
             ev_stream_closed(session, stream);
             break;
         case H2_SS_CLEANUP:
+            nghttp2_session_set_stream_user_data(session->ngh2, stream->id, NULL);
             h2_mplx_stream_cleanup(session->mplx, stream);
             break;
         default:
@@ -2169,6 +2175,14 @@ apr_status_t h2_session_process(h2_sessi
                         session->have_read = 1;
                     }
                     else if (APR_STATUS_IS_EAGAIN(status) || APR_STATUS_IS_TIMEUP(status)) {
+                        status = h2_mplx_idle(session->mplx);
+                        if (status == APR_EAGAIN) {
+                            break;
+                        }
+                        else if (status != APR_SUCCESS) {
+                            dispatch_event(session, H2_SESSION_EV_CONN_ERROR, 
+                                           H2_ERR_ENHANCE_YOUR_CALM, "less is more");
+                        }
                         status = APR_EAGAIN;
                         goto out;
                     }
Index: httpd-2.4.33/modules/http2/h2_stream.c
===================================================================
--- httpd-2.4.33.orig/modules/http2/h2_stream.c	2019-08-19 16:16:12.975819491 +0200
+++ httpd-2.4.33/modules/http2/h2_stream.c	2019-08-19 16:16:13.103820304 +0200
@@ -397,13 +397,8 @@ apr_status_t h2_stream_send_frame(h2_str
                 /* start pushed stream */
                 ap_assert(stream->request == NULL);
                 ap_assert(stream->rtmp != NULL);
-                status = h2_request_end_headers(stream->rtmp, stream->pool, 1, 0);
-                if (status != APR_SUCCESS) {
-                    return status;
-                }
-                set_policy_for(stream, stream->rtmp);
-                stream->request = stream->rtmp;
-                stream->rtmp = NULL;
+                status = h2_stream_end_headers(stream, 1, 0);
+                if (status != APR_SUCCESS) goto leave;
             break;
             
         default:
@@ -415,6 +410,7 @@ apr_status_t h2_stream_send_frame(h2_str
     if (status == APR_SUCCESS && eos) {
         status = transit(stream, on_event(stream, H2_SEV_CLOSED_L));
     }
+leave:
     return status;
 }
 
@@ -455,13 +451,8 @@ apr_status_t h2_stream_recv_frame(h2_str
                      * to abort the connection here, since this is clearly a protocol error */
                     return APR_EINVAL;
                 }
-                status = h2_request_end_headers(stream->rtmp, stream->pool, eos, frame_len);
-                if (status != APR_SUCCESS) {
-                    return status;
-                }
-                set_policy_for(stream, stream->rtmp);
-                stream->request = stream->rtmp;
-                stream->rtmp = NULL;
+                status = h2_stream_end_headers(stream, eos, frame_len);
+                if (status != APR_SUCCESS) goto leave;
             }
             break;
             
@@ -472,6 +463,7 @@ apr_status_t h2_stream_recv_frame(h2_str
     if (status == APR_SUCCESS && eos) {
         status = transit(stream, on_event(stream, H2_SEV_CLOSED_R));
     }
+leave:
     return status;
 }
 
@@ -683,6 +675,8 @@ static apr_status_t add_trailer(h2_strea
     hvalue = apr_pstrndup(stream->pool, value, vlen);
     h2_util_camel_case_header(hname, nlen);
     apr_table_mergen(stream->trailers, hname, hvalue);
+    ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, c, 
+                  H2_STRM_MSG(stream, "added trailer '%s: %s'"), hname, hvalue);
     
     return APR_SUCCESS;
 }
@@ -702,15 +696,19 @@ apr_status_t h2_stream_add_header(h2_str
     if (name[0] == ':') {
         if ((vlen) > session->s->limit_req_line) {
             /* pseudo header: approximation of request line size check */
-            ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, session->c,
-                          H2_STRM_MSG(stream, "pseudo %s too long"), name);
+            ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, session->c,  
+                          H2_STRM_LOG(APLOGNO(10178), stream, 
+                                      "Request pseudo header exceeds "
+                                      "LimitRequestFieldSize: %s"), name);
             error = HTTP_REQUEST_URI_TOO_LARGE;
         }
     }
     else if ((nlen + 2 + vlen) > session->s->limit_req_fieldsize) {
         /* header too long */
-        ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, session->c,
-                      H2_STRM_MSG(stream, "header %s too long"), name);
+        ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, session->c,  
+                      H2_STRM_LOG(APLOGNO(10180), stream,"Request header exceeds "
+                                  "LimitRequestFieldSize: %.*s"),
+                      (int)H2MIN(nlen, 80), name);
         error = HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE;
     }
     
@@ -722,8 +720,9 @@ apr_status_t h2_stream_add_header(h2_str
             h2_stream_rst(stream, H2_ERR_ENHANCE_YOUR_CALM);
             return APR_ECONNRESET;
         }
-        ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, session->c,
-                      H2_STRM_MSG(stream, "too many header lines")); 
+        ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, session->c, 
+                      H2_STRM_LOG(APLOGNO(10181), stream, "Number of request headers "
+                                  "exceeds LimitRequestFields"));
         error = HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE;
     }
     
@@ -753,6 +752,47 @@ apr_status_t h2_stream_add_header(h2_str
     }
     return status;
 }
+
+typedef struct {
+    apr_size_t maxlen;
+    const char *failed_key;
+} val_len_check_ctx;
+
+static int table_check_val_len(void *baton, const char *key, const char *value)
+{
+    val_len_check_ctx *ctx = baton;
+
+    if (strlen(value) <= ctx->maxlen) return 1;
+    ctx->failed_key = key;
+    return 0;
+}
+
+apr_status_t h2_stream_end_headers(h2_stream *stream, int eos, size_t raw_bytes)
+{
+    apr_status_t status;
+    val_len_check_ctx ctx;
+    
+    status = h2_request_end_headers(stream->rtmp, stream->pool, eos, raw_bytes);
+    if (APR_SUCCESS == status) {
+        set_policy_for(stream, stream->rtmp);
+        stream->request = stream->rtmp;
+        stream->rtmp = NULL;
+        
+        ctx.maxlen = stream->session->s->limit_req_fieldsize;
+        ctx.failed_key = NULL;
+        apr_table_do(table_check_val_len, &ctx, stream->request->headers, NULL);
+        if (ctx.failed_key) {
+            ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, stream->session->c,  
+                          H2_STRM_LOG(APLOGNO(), stream,"Request header exceeds "
+                                      "LimitRequestFieldSize: %.*s"),
+                          (int)H2MIN(strlen(ctx.failed_key), 80), ctx.failed_key);
+            set_error_response(stream, HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE);
+            /* keep on returning APR_SUCCESS, so that we send a HTTP response and
+             * do not RST the stream. */
+        }
+    }
+    return status;
+}
 
 static apr_bucket *get_first_headers_bucket(apr_bucket_brigade *bb)
 {
Index: httpd-2.4.33/modules/http2/h2_stream.h
===================================================================
--- httpd-2.4.33.orig/modules/http2/h2_stream.h	2019-08-19 16:16:12.879818882 +0200
+++ httpd-2.4.33/modules/http2/h2_stream.h	2019-08-19 16:16:13.103820304 +0200
@@ -198,6 +198,10 @@ apr_status_t h2_stream_set_request_rec(h
 apr_status_t h2_stream_add_header(h2_stream *stream,
                                   const char *name, size_t nlen,
                                   const char *value, size_t vlen);
+                                  
+/* End the contruction of request headers */
+apr_status_t h2_stream_end_headers(h2_stream *stream, int eos, size_t raw_bytes);
+
 
 apr_status_t h2_stream_send_frame(h2_stream *stream, int frame_type, int flags, size_t frame_len);
 apr_status_t h2_stream_recv_frame(h2_stream *stream, int frame_type, int flags, size_t frame_len);
Index: httpd-2.4.33/modules/http2/h2_task.c
===================================================================
--- httpd-2.4.33.orig/modules/http2/h2_task.c	2019-08-19 16:16:12.975819491 +0200
+++ httpd-2.4.33/modules/http2/h2_task.c	2019-08-19 16:16:13.103820304 +0200
@@ -406,8 +406,15 @@ int h2_task_can_redo(h2_task *task) {
             || !strcmp("OPTIONS", task->request->method));
 }
 
+int h2_task_has_started(h2_task *task)
+{
+    return task && task->started_at != 0;
+}
+
 void h2_task_redo(h2_task *task)
 {
+    task->started_at = 0;
+    task->worker_done = 0;
     task->rst_error = 0;
 }
 
@@ -546,7 +553,6 @@ apr_status_t h2_task_do(h2_task *task, a
     ap_assert(task);
     c = task->c;
     task->worker_started = 1;
-    task->started_at = apr_time_now();
     
     if (c->master) {
         /* Each conn_rec->id is supposed to be unique at a point in time. Since
Index: httpd-2.4.33/modules/http2/h2_task.h
===================================================================
--- httpd-2.4.33.orig/modules/http2/h2_task.h	2019-08-19 16:16:12.975819491 +0200
+++ httpd-2.4.33/modules/http2/h2_task.h	2019-08-19 16:16:13.103820304 +0200
@@ -80,6 +80,7 @@ struct h2_task {
     
     unsigned int filters_set    : 1;
     unsigned int worker_started : 1; /* h2_worker started processing */
+    unsigned int redo : 1;           /* was throttled, should be restarted later */
 
     int worker_done;                 /* h2_worker finished */
     int done_done;                   /* task_done has been handled */
@@ -101,6 +102,7 @@ apr_status_t h2_task_do(h2_task *task, a
 
 void h2_task_redo(h2_task *task);
 int h2_task_can_redo(h2_task *task);
+int h2_task_has_started(h2_task *task);
 
 /**
  * Reset the task with the given error code, resets all input/output.
Index: httpd-2.4.33/modules/http2/h2_version.h
===================================================================
--- httpd-2.4.33.orig/modules/http2/h2_version.h	2019-08-19 16:16:12.975819491 +0200
+++ httpd-2.4.33/modules/http2/h2_version.h	2019-08-19 16:16:13.103820304 +0200
@@ -27,7 +27,7 @@
  * @macro
  * Version number of the http2 module as c string
  */
-#define MOD_HTTP2_VERSION "1.14.1"
+#define MOD_HTTP2_VERSION "1.15.4"
 
 /**
  * @macro
@@ -35,6 +35,6 @@
  * release. This is a 24 bit number with 8 bits for major number, 8 bits
  * for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203.
  */
-#define MOD_HTTP2_VERSION_NUM 0x010e01
+#define MOD_HTTP2_VERSION_NUM 0x010f04
 
 #endif /* mod_h2_h2_version_h */
Index: httpd-2.4.33/server/eor_bucket.c
===================================================================
--- httpd-2.4.33.orig/server/eor_bucket.c	2010-06-14 21:07:02.000000000 +0200
+++ httpd-2.4.33/server/eor_bucket.c	2019-08-19 16:16:13.103820304 +0200
@@ -19,17 +19,22 @@
 #include "http_protocol.h"
 #include "scoreboard.h"
 
+typedef struct {
+    apr_bucket_refcount refcount;
+    request_rec *data;
+} ap_bucket_eor;
+
 static apr_status_t eor_bucket_cleanup(void *data)
 {
-    apr_bucket *b = (apr_bucket *)data;
-    request_rec *r = (request_rec *)b->data;
+    request_rec **rp = data;
 
-    if (r != NULL) {
+    if (*rp) {
+        request_rec *r = *rp;
         /*
          * If eor_bucket_destroy is called after us, this prevents
          * eor_bucket_destroy from trying to destroy the pool again.
          */
-        b->data = NULL;
+        *rp = NULL;
         /* Update child status and log the transaction */
         ap_update_child_status(r->connection->sbh, SERVER_BUSY_LOG, r);
         ap_run_log_transaction(r);
@@ -50,11 +55,13 @@ static apr_status_t eor_bucket_read(apr_
 
 AP_DECLARE(apr_bucket *) ap_bucket_eor_make(apr_bucket *b, request_rec *r)
 {
-    b->length      = 0;
-    b->start       = 0;
-    b->data        = r;
-    b->type        = &ap_bucket_type_eor;
+    ap_bucket_eor *h;
+
+    h = apr_bucket_alloc(sizeof(*h), b->list);
+    h->data = r;
 
+    b = apr_bucket_shared_make(b, h, 0, 0);
+    b->type = &ap_bucket_type_eor;
     return b;
 }
 
@@ -66,7 +73,9 @@ AP_DECLARE(apr_bucket *) ap_bucket_eor_c
     APR_BUCKET_INIT(b);
     b->free = apr_bucket_free;
     b->list = list;
+    b = ap_bucket_eor_make(b, r);
     if (r) {
+        ap_bucket_eor *h = b->data;
         /*
          * Register a cleanup for the request pool as the eor bucket could
          * have been allocated from a different pool then the request pool
@@ -76,18 +85,22 @@ AP_DECLARE(apr_bucket *) ap_bucket_eor_c
          * We need to use a pre-cleanup here because a module may create a
          * sub-pool which is still needed during the log_transaction hook.
          */
-        apr_pool_pre_cleanup_register(r->pool, (void *)b, eor_bucket_cleanup);
+        apr_pool_pre_cleanup_register(r->pool, &h->data, eor_bucket_cleanup);
     }
-    return ap_bucket_eor_make(b, r);
+    return b;
 }
 
 static void eor_bucket_destroy(void *data)
 {
-    request_rec *r = (request_rec *)data;
+    ap_bucket_eor *h = data;
 
-    if (r) {
-        /* eor_bucket_cleanup will be called when the pool gets destroyed */
-        apr_pool_destroy(r->pool);
+    if (apr_bucket_shared_destroy(h)) {
+        request_rec *r = h->data;
+        if (r) {
+            /* eor_bucket_cleanup will be called when the pool gets destroyed */
+            apr_pool_destroy(r->pool);
+        }
+        apr_bucket_free(h);
     }
 }
 
@@ -97,6 +110,6 @@ AP_DECLARE_DATA const apr_bucket_type_t
     eor_bucket_read,
     apr_bucket_setaside_noop,
     apr_bucket_split_notimpl,
-    apr_bucket_simple_copy
+    apr_bucket_shared_copy
 };
 
Index: httpd-2.4.33/server/mpm/event/event.c
===================================================================
--- httpd-2.4.33.orig/server/mpm/event/event.c	2019-08-19 16:16:12.995819619 +0200
+++ httpd-2.4.33/server/mpm/event/event.c	2019-08-19 16:16:13.103820304 +0200
@@ -1111,10 +1111,11 @@ read_request:
                           "network write failure in core output filter");
             cs->pub.state = CONN_STATE_LINGER;
         }
-        else if (c->data_in_output_filters) {
+        else if (c->data_in_output_filters ||
+                 cs->pub.sense == CONN_SENSE_WANT_READ) {
             /* Still in WRITE_COMPLETION_STATE:
-             * Set a write timeout for this connection, and let the
-             * event thread poll for writeability.
+             * Set a read/write timeout for this connection, and let the
+             * event thread poll for read/writeability.
              */
             cs->queue_timestamp = apr_time_now();
             notify_suspend(cs);
openSUSE Build Service is sponsored by