Perl CGI.pm POST_MAX problem in FC7 - when will latest version be available in archives?
Todd Zullinger
tmz at pobox.com
Wed Sep 19 13:52:57 UTC 2007
B Wooster wrote:
> The CGI.pm that is currently available with FC7 is version 3.15.
> That version has a problem - if a form is uploaded of size greater
> than POST_MAX, the CGI script will peg the CPU until the web server
> kills it (Apache has default 120 seconds timeout). This ends up
> having problems on server, as well the client which now sees an
> empty page, or a "cannot load web page" message.
>
> The latest versions of CGI.pm is 3.29 - using cpan to "install CGI"
> will bring this latest version to a FC7 box. So, that is a
> workaround for anyone else who is running CGI scripts on FC7 and
> using POST_MAX.
>
> But - note that when perl/perl-lib gets update, an yum update will
> revert back the CGI.pm to 3.15! (As it happened last week when I did
> an yum update). That may be another issue - cpan updates and yum
> updates.
>
> Still the key question I'm curious about - how does the FC7 repos
> get updated? 3.15 CGI.pm is now quite old - when will FC7 get the
> latest CGI.pm?
Either the perl package will need to be patched to update CGI.pm or a
new upstream perl release will need to include an updated CGI.pm.
Basically, the version of CGI.pm used is what is in the perl tarball.
This could get updated via a patch. Something similar was done to
update from 3.08 to 3.10 a few years ago in perl 5.8.6[1]. The diff
from 3.15 to 3.29[2] would need to be tested to ensure that it doesn't
introduce new bugs.
A possibly saner alternative than a wholesale upgrade would be to just
patch CGI.pm to avoid the specific bug you're encountering (CPAN bug
19222[3]). Attached is an diff against the F-7 perl specfile and the
patch to fix the POST_MAX bug. You should be able to grab the latest
perl srpm, install it, apply the spec file patch, copy the POST_MAX
bugfix patch to the rpm source dir, rebuild, and test.
You could rebuild the perl rpm with this patch added and verify that
it fixes the problem with POST_MAX, then file a bug requesting that
the patch be included in an updated perl rpm.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=158036
[2] http://search.cpan.org/diff?from=CGI.pm-3.15&to=CGI.pm-3.29
[3] http://rt.cpan.org/Public/Bug/Display.html?id=19222
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
God loves stupid people. That's why he made so many.
-------------- next part --------------
Index: perl.spec
===================================================================
RCS file: /cvs/extras/rpms/perl/F-7/perl.spec,v
retrieving revision 1.125
diff -u -p -r1.125 perl.spec
--- perl.spec 18 Aug 2007 08:48:08 -0000 1.125
+++ perl.spec 19 Sep 2007 13:50:01 -0000
@@ -20,7 +20,7 @@
Name: perl
Version: %{perl_version}
-Release: 23%{?dist}
+Release: 23%{?dist}.1
Epoch: %{perl_epoch}
Summary: The Perl programming language
Group: Development/Languages
@@ -118,6 +118,8 @@ Patch39: perl-5.8.8-disable_test_
# XXX: Fixme - Finish patch.
#Patch39: perl-5.8.8-bz204679.patch
Patch40: perl-5.8.8-U28775.patch
+# http://rt.cpan.org/Public/Bug/Display.html?id=19222
+Patch41: perl-5.8.8-ubz19222.patch
BuildRoot: %{_tmppath}/%{name}-%{perl_version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: tcsh, dos2unix, man, groff
BuildRequires: gdbm-devel, db4-devel
@@ -345,6 +347,7 @@ Basic utilities for writing tests.
%patch38 -p1
%patch39 -p1
%patch40 -p1
+%patch41 -p1
#
# Candidates for doc recoding (need case by case review):
# find . -name "*.pod" -o -name "README*" -o -name "*.pm" | xargs file -i | grep charset= | grep -v '\(us-ascii\|utf-8\)'
@@ -738,6 +741,9 @@ make test
%{_mandir}/man3/Test::Tutorial*
%changelog
+* Wed Sep 19 2007 Todd Zullinger <tmz at pobox.com> - 4:5.8.8-23.1
+- Fix upstream bug 19222, CGI.pm POST_MAX read loop
+
* Sat Aug 18 2007 Stepan Kasal <skasal at redhat.com> - 4:5.8.8-23
- Remove unnnecessary parens from the License tags.
-------------- next part --------------
--- perl-5.8.8/lib/CGI.pm~ 2005-12-07 22:35:30.000000000 +0000
+++ perl-5.8.8/lib/CGI.pm 2006-08-21 22:35:19.000000000 +0100
@@ -508,17 +535,10 @@
# avoid unreasonably large postings
if (($POST_MAX > 0) && ($content_length > $POST_MAX)) {
- # quietly read and discard the post
- my $buffer;
- my $tmplength = $content_length;
- while($tmplength > 0) {
- my $maxbuffer = ($tmplength < 10000)?$tmplength:10000;
- my $bytesread = $MOD_PERL ? $self->r->read($buffer,$maxbuffer) : read(STDIN,$buffer,$maxbuffer);
- $tmplength -= $bytesread;
- }
- $self->cgi_error("413 Request entity too large");
- last METHOD;
- }
+ #discard the post, unread
+ $self->cgi_error("413 Request entity too large");
+ last METHOD;
+ }
# Process multipart postings, but only if the initializer is
# not defined.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 542 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20070919/d4f36d5b/attachment-0001.sig>
More information about the fedora-list
mailing list