B Wooster wrote: > The CGI.pm that is currently available with FC7 is version 3.15. > That version has a problem - if a form is uploaded of size greater > than POST_MAX, the CGI script will peg the CPU until the web server > kills it (Apache has default 120 seconds timeout). This ends up > having problems on server, as well the client which now sees an > empty page, or a "cannot load web page" message. > > The latest versions of CGI.pm is 3.29 - using cpan to "install CGI" > will bring this latest version to a FC7 box. So, that is a > workaround for anyone else who is running CGI scripts on FC7 and > using POST_MAX. > > But - note that when perl/perl-lib gets update, an yum update will > revert back the CGI.pm to 3.15! (As it happened last week when I did > an yum update). That may be another issue - cpan updates and yum > updates. > > Still the key question I'm curious about - how does the FC7 repos > get updated? 3.15 CGI.pm is now quite old - when will FC7 get the > latest CGI.pm? Either the perl package will need to be patched to update CGI.pm or a new upstream perl release will need to include an updated CGI.pm. Basically, the version of CGI.pm used is what is in the perl tarball. This could get updated via a patch. Something similar was done to update from 3.08 to 3.10 a few years ago in perl 5.8.6[1]. The diff from 3.15 to 3.29[2] would need to be tested to ensure that it doesn't introduce new bugs. A possibly saner alternative than a wholesale upgrade would be to just patch CGI.pm to avoid the specific bug you're encountering (CPAN bug 19222[3]). Attached is an diff against the F-7 perl specfile and the patch to fix the POST_MAX bug. You should be able to grab the latest perl srpm, install it, apply the spec file patch, copy the POST_MAX bugfix patch to the rpm source dir, rebuild, and test. You could rebuild the perl rpm with this patch added and verify that it fixes the problem with POST_MAX, then file a bug requesting that the patch be included in an updated perl rpm. [1] https://bugzilla.redhat.com/show_bug.cgi?id=158036 [2] http://search.cpan.org/diff?from=CGI.pm-3.15&to=CGI.pm-3.29 [3] http://rt.cpan.org/Public/Bug/Display.html?id=19222 -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ God loves stupid people. That's why he made so many.
Index: perl.spec =================================================================== RCS file: /cvs/extras/rpms/perl/F-7/perl.spec,v retrieving revision 1.125 diff -u -p -r1.125 perl.spec --- perl.spec 18 Aug 2007 08:48:08 -0000 1.125 +++ perl.spec 19 Sep 2007 13:50:01 -0000 @@ -20,7 +20,7 @@ Name: perl Version: %{perl_version} -Release: 23%{?dist} +Release: 23%{?dist}.1 Epoch: %{perl_epoch} Summary: The Perl programming language Group: Development/Languages @@ -118,6 +118,8 @@ Patch39: perl-5.8.8-disable_test_ # XXX: Fixme - Finish patch. #Patch39: perl-5.8.8-bz204679.patch Patch40: perl-5.8.8-U28775.patch +# http://rt.cpan.org/Public/Bug/Display.html?id=19222 +Patch41: perl-5.8.8-ubz19222.patch BuildRoot: %{_tmppath}/%{name}-%{perl_version}-%{release}-root-%(%{__id_u} -n) BuildRequires: tcsh, dos2unix, man, groff BuildRequires: gdbm-devel, db4-devel @@ -345,6 +347,7 @@ Basic utilities for writing tests. %patch38 -p1 %patch39 -p1 %patch40 -p1 +%patch41 -p1 # # Candidates for doc recoding (need case by case review): # find . -name "*.pod" -o -name "README*" -o -name "*.pm" | xargs file -i | grep charset= | grep -v '\(us-ascii\|utf-8\)' @@ -738,6 +741,9 @@ make test %{_mandir}/man3/Test::Tutorial* %changelog +* Wed Sep 19 2007 Todd Zullinger <tmz@xxxxxxxxx> - 4:5.8.8-23.1 +- Fix upstream bug 19222, CGI.pm POST_MAX read loop + * Sat Aug 18 2007 Stepan Kasal <skasal@xxxxxxxxxx> - 4:5.8.8-23 - Remove unnnecessary parens from the License tags.
--- perl-5.8.8/lib/CGI.pm~ 2005-12-07 22:35:30.000000000 +0000 +++ perl-5.8.8/lib/CGI.pm 2006-08-21 22:35:19.000000000 +0100 @@ -508,17 +535,10 @@ # avoid unreasonably large postings if (($POST_MAX > 0) && ($content_length > $POST_MAX)) { - # quietly read and discard the post - my $buffer; - my $tmplength = $content_length; - while($tmplength > 0) { - my $maxbuffer = ($tmplength < 10000)?$tmplength:10000; - my $bytesread = $MOD_PERL ? $self->r->read($buffer,$maxbuffer) : read(STDIN,$buffer,$maxbuffer); - $tmplength -= $bytesread; - } - $self->cgi_error("413 Request entity too large"); - last METHOD; - } + #discard the post, unread + $self->cgi_error("413 Request entity too large"); + last METHOD; + } # Process multipart postings, but only if the initializer is # not defined.
Attachment:
pgp2iOKXXGuFR.pgp
Description: PGP signature