Bug 26486

Summary: latest apache 2.4.43-1 update kills some sites, re http/2
Product: Mageia Reporter: Marc Krämer <mageia>
Component: RPM PackagesAssignee: Shlomi Fish <shlomif>
Status: RESOLVED WORKSFORME QA Contact:
Severity: critical    
Priority: Normal    
Version: 7   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: https://github.com/icing/mod_h2/issues/196
Whiteboard:
Source RPM: apache-2.4.43-1.mga7.src.rpm CVE:
Status comment:

Description Marc Krämer 2020-04-16 14:46:17 CEST 
My assumption is this is http/2 related. There is nothing special in the log file, but the browser says connection is closed, not further information is given.


After downgrade:
urpmi --downgrade apache-mod_userdir-2.4.41 apache-mod_dav-2.4.41 apache-mod_brotli-2.4.41 apache-mod_proxy-2.4.41  apache-mod_ssl-2.4.41 apache-mod_http2-2.4.41 apache-2.4.41-1.2.mga7


all works again. The latest update must have introduced a bug in http2 handling.
Comment 1 Marc Krämer 2020-04-16 14:57:17 CEST 
btw. systemctl restart httpd fails almost everytime. I have to manually do a killall -9 httpd
Marc Krämer 2020-04-16 17:30:10 CEST

URL: (none) => https://github.com/icing/mod_h2/issues/196

Comment 2 Lewis Smith 2020-04-16 20:32:53 CEST 
Thank you for the report; and the URL which is categoric.

Assigning to Shlomi who did the "New version 2.4.43".

Summary: latest apache update kills some sites => latest apache 2.4.43-1 update kills some sites, re http/2
Assignee: bugsquad => shlomif

Comment 3 Marc Krämer 2020-04-16 21:47:07 CEST 
filed a bug for http/2 at apache org, hope they can reproduce this.
Comment 4 Marc Krämer 2020-05-14 10:47:20 CEST 
If someone is interested: the breaking change is
"mod_http2: Fixed interaction with mod_reqtimeout."

This "fix" can cause connections to close too early.
Comment 5 Marc Krämer 2020-05-15 11:03:23 CEST 
There is a fix in h2 module release 1.15.9

Can you include this module as a patch to the whole http package?

RequestReadTimeout which is preventing the server from DOS attacks causes this problem in conjunction with h2 module.
Comment 6 Marc Krämer 2020-05-27 22:26:51 CEST 
any news on this? do we patch? Or just wait for the next update?!
Comment 7 Shlomi Fish 2020-07-01 17:42:34 CEST 
Hi Marc!

(In reply to Marc Krämer from comment #6)
> any news on this? do we patch? Or just wait for the next update?!

Please give a link to a patch (that only fixes this problem), and I can try preparing an updated mageia package.
Comment 8 Marc Krämer 2020-07-01 18:34:02 CEST 
The patch is the diff between those releases. Or just update the whole subpackage for h2.
https://github.com/icing/mod_h2/compare/v1.15.8...v1.15.9
Comment 9 Aurelien Oudelet 2021-07-06 13:14:55 CEST 
Mageia 7 is EOL since July 1st 2021.
There will not have any further bugfix for this release.

You are encouraged to upgrade to Mageia 8 as soon as possible.

@reporter, if this bug still apply with Mageia 8, please let us know it.

@packager, if you work on the Mageia 7 version of your package, please check the Mageia 8 package if issue is also present. In this case, please fix the Mageia 8 version instead.

This bug report will be closed OLD if there is no further notice within 1st September 2021.
Comment 10 Marc Krämer 2021-07-06 13:23:30 CEST 
fixed with latest release

Resolution: (none) => WORKSFORME
Status: NEW => RESOLVED