[Pkg-apache-commits] r1412 - in /branches/squeeze-apr: changelog patches/00list patches/031_apr_file_trunc.dpatch

sf at alioth.debian.org sf at alioth.debian.org
Sat Mar 31 23:06:48 UTC 2012 

Author: sf
Date: Sat Mar 31 23:06:47 2012
New Revision: 1412

URL: http://svn.debian.org/wsvn/pkg-apache/?sc=1&rev=1412
Log:
Fix apr_file_trunc() bug which could lead to subversion repository
corruption in some rare cases

Added:
    branches/squeeze-apr/patches/031_apr_file_trunc.dpatch
Modified:
    branches/squeeze-apr/changelog
    branches/squeeze-apr/patches/00list

Modified: branches/squeeze-apr/changelog
URL: http://svn.debian.org/wsvn/pkg-apache/branches/squeeze-apr/changelog?rev=1412&op=diff
==============================================================================
--- branches/squeeze-apr/changelog (original)
+++ branches/squeeze-apr/changelog Sat Mar 31 23:06:47 2012
@@ -1,3 +1,10 @@
+apr (1.4.2-6+squeeze4) stable; urgency=low
+
+  * Fix apr_file_trunc() bug which could lead to subversion repository
+    corruption in some rare cases. Closes: #664451
+
+ -- Stefan Fritsch <sf at debian.org>  Sun, 01 Apr 2012 00:50:32 +0200
+
 apr (1.4.2-6+squeeze3) stable; urgency=low
 
   * Fix apr_ino_t changing size depending on -D_FILE_OFFSET_BITS on

Modified: branches/squeeze-apr/patches/00list
URL: http://svn.debian.org/wsvn/pkg-apache/branches/squeeze-apr/patches/00list?rev=1412&op=diff
==============================================================================
--- branches/squeeze-apr/patches/00list (original)
+++ branches/squeeze-apr/patches/00list Sat Mar 31 23:06:47 2012
@@ -11,3 +11,4 @@
 028_fnmatch_CVE-2011-0419.dpatch
 029_fnmatch_CVE-2011-1928.dpatch
 030_fix_ino_t_freebsd.dpatch
+031_apr_file_trunc.dpatch

Added: branches/squeeze-apr/patches/031_apr_file_trunc.dpatch
URL: http://svn.debian.org/wsvn/pkg-apache/branches/squeeze-apr/patches/031_apr_file_trunc.dpatch?rev=1412&op=file
==============================================================================
--- branches/squeeze-apr/patches/031_apr_file_trunc.dpatch (added)
+++ branches/squeeze-apr/patches/031_apr_file_trunc.dpatch Sat Mar 31 23:06:47 2012
@@ -1,0 +1,126 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Backport r1044440, r1044447, r1044432 from upstream svn:
+## DP: Fix file_trunc for buffered files. Make sure the write buffer is
+## DP: flushed before truncate call.
+## DP: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664451
+ at DPATCH@
+commit f6dfb914de69d1d622161798a844380ba16b1c19
+Author: Mladen Turk <mturk at apache.org>
+Date:   Fri Dec 10 16:52:09 2010 +0000
+
+    Add apr_file_trunc test case. It currently fails for APR_FOPEN_BUFFERED because write buffer is flushed after ftruncate call
+    
+    git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1044432 13f79535-47bb-0310-9956-ffa450edef68
+
+diff --git a/test/testfile.c b/test/testfile.c
+index 2b46586..dad214e 100644
+--- a/test/testfile.c
++++ b/test/testfile.c
+@@ -810,6 +810,62 @@ static void test_truncate(abts_case *tc, void *data)
+     ABTS_INT_EQUAL(tc, APR_SUCCESS, rv);
+ }
+ 
++static void test_file_trunc(abts_case *tc, void *data)
++{
++    apr_status_t rv;
++    apr_file_t *f;
++    const char *fname = "data/testtruncate.dat";
++    const char *s;
++    apr_size_t nbytes;
++    apr_finfo_t finfo;
++
++    apr_file_remove(fname, p);
++
++    /* Test unbuffered */
++    rv = apr_file_open(&f, fname,
++                        APR_FOPEN_CREATE | APR_FOPEN_READ |
++                        APR_FOPEN_WRITE,
++                        APR_UREAD | APR_UWRITE, p);
++    ABTS_INT_EQUAL(tc, APR_SUCCESS, rv);
++
++    s = "some data";
++    nbytes = strlen(s);
++    rv = apr_file_write(f, s, &nbytes);
++    ABTS_INT_EQUAL(tc, APR_SUCCESS, rv);
++    ABTS_SIZE_EQUAL(tc, strlen(s), nbytes);
++    rv = apr_file_trunc(f, 4);
++    ABTS_INT_EQUAL(tc, APR_SUCCESS, rv);
++    rv = apr_file_close(f);
++    ABTS_INT_EQUAL(tc, APR_SUCCESS, rv);
++    rv = apr_stat(&finfo, fname, APR_FINFO_SIZE, p);
++    ABTS_INT_EQUAL(tc, APR_SUCCESS, rv);
++    ABTS_ASSERT(tc, "File size mismatch, expected 4", finfo.size == 4);
++
++    rv = apr_file_remove(fname, p);
++    ABTS_INT_EQUAL(tc, APR_SUCCESS, rv);
++    /* Test buffered */
++    rv = apr_file_open(&f, fname,
++                        APR_FOPEN_CREATE | APR_FOPEN_READ |
++                        APR_FOPEN_WRITE | APR_FOPEN_BUFFERED,
++                        APR_UREAD | APR_UWRITE, p);
++    ABTS_INT_EQUAL(tc, APR_SUCCESS, rv);
++
++    nbytes = strlen(s);
++    rv = apr_file_write(f, s, &nbytes);
++    ABTS_INT_EQUAL(tc, APR_SUCCESS, rv);
++    ABTS_SIZE_EQUAL(tc, strlen(s), nbytes);
++    rv = apr_file_trunc(f, 4);
++    ABTS_INT_EQUAL(tc, APR_SUCCESS, rv);
++    rv = apr_file_close(f);
++    ABTS_INT_EQUAL(tc, APR_SUCCESS, rv);
++    rv = apr_stat(&finfo, fname, APR_FINFO_SIZE, p);
++    ABTS_INT_EQUAL(tc, APR_SUCCESS, rv);
++    ABTS_ASSERT(tc, "File size mismatch, expected 4", finfo.size == 4);
++
++    rv = apr_file_remove(fname, p);
++    ABTS_INT_EQUAL(tc, APR_SUCCESS, rv);
++}
++
+ static void test_bigfprintf(abts_case *tc, void *data)
+ {
+     apr_file_t *f;
+@@ -1003,6 +1059,7 @@ abts_suite *testfile(abts_suite *suite)
+     abts_run_test(suite, test_bigread, NULL);
+     abts_run_test(suite, test_mod_neg, NULL);
+     abts_run_test(suite, test_truncate, NULL);
++    abts_run_test(suite, test_file_trunc, NULL);
+     abts_run_test(suite, test_bigfprintf, NULL);
+     abts_run_test(suite, test_fail_write_flush, NULL);
+     abts_run_test(suite, test_fail_read_flush, NULL);
+diff --git a/file_io/unix/seek.c b/file_io/unix/seek.c
+index 77ef96e..3f5aa00 100644
+--- a/file_io/unix/seek.c
++++ b/file_io/unix/seek.c
+@@ -98,6 +98,30 @@ APR_DECLARE(apr_status_t) apr_file_seek(apr_file_t *thefile, apr_seek_where_t wh
+ 
+ apr_status_t apr_file_trunc(apr_file_t *fp, apr_off_t offset)
+ {
++    if (fp->buffered) {
++        int rc = 0;
++        file_lock(fp);
++        if (fp->direction == 1 && fp->bufpos != 0) {
++            apr_off_t len = fp->filePtr + fp->bufpos;
++            if (offset < len) {
++                /* New file end fall below our write buffer limit.
++                 * Figure out if and what needs to be flushed.
++                 */
++                apr_off_t off = len - offset;
++                if (off >= 0 && off <= fp->bufpos)
++                    fp->bufpos = fp->bufpos - (size_t)off;
++                else
++                    fp->bufpos = 0;
++            }
++            rc = apr_file_flush_locked(fp);
++            /* Reset buffer positions for write mode */
++            fp->bufpos = fp->direction = fp->dataRead = 0;
++        }
++        file_unlock(fp);
++        if (rc) {
++            return rc;
++        }
++    }
+     if (ftruncate(fp->filedes, offset) == -1) {
+         return errno;
+     }

More information about the Pkg-apache-commits mailing list