Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Lars Wendler <polynomial-c@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/apache:master commit in: 2.2/init/, 2.2/patches/, 2.2/conf/modules.d/
Date: Sat, 09 Nov 2013 15:33:04
Message-Id: 1246814397.01b154dd0401767753f8b44b567ca27c638b59ca.polynomial-c@gentoo
1 commit: 01b154dd0401767753f8b44b567ca27c638b59ca
2 Author: Benedikt Boehm <hollow <AT> gentoo <DOT> org>
3 AuthorDate: Sun Jul 5 17:19:57 2009 +0000
4 Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
5 CommitDate: Sun Jul 5 17:19:57 2009 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/apache.git;a=commit;h=01b154dd
7
8 new patches and some config fixes
9
10 ---
11 2.2/conf/modules.d/45_mod_dav.conf | 2 +-
12 2.2/init/apache2.initd | 4 +-
13 .../05_all_fix_graceful_multiple_listeners.patch | 42 +++
14 2.2/patches/06_all_CVE-2009-1191.patch | 37 +++
15 2.2/patches/07_all_CVE-2009-1195.patch | 136 +++++++++
16 2.2/patches/08_all_CVE-2009-1890.patch | 38 +++
17 ...tk_20080727.patch => 21_all_itk_20090114.patch} | 315 +++++++++++++++------
18 7 files changed, 478 insertions(+), 96 deletions(-)
19
20 diff --git a/2.2/conf/modules.d/45_mod_dav.conf b/2.2/conf/modules.d/45_mod_dav.conf
21 index b15ca01..be3654b 100644
22 --- a/2.2/conf/modules.d/45_mod_dav.conf
23 +++ b/2.2/conf/modules.d/45_mod_dav.conf
24 @@ -45,7 +45,7 @@ Alias /uploads "/var/www/uploads"
25 BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
26 BrowserMatch "MS FrontPage" redirect-carefully
27 BrowserMatch "^WebDrive" redirect-carefully
28 -BrowserMatch "^WebDAVFS/1.[012345]" redirect-carefully
29 +BrowserMatch "^WebDAVFS/1.[012345678]" redirect-carefully
30 BrowserMatch "^gnome-vfs/1.0" redirect-carefully
31 BrowserMatch "^XML Spy" redirect-carefully
32 BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
33
34 diff --git a/2.2/init/apache2.initd b/2.2/init/apache2.initd
35 index 5eaf675..b6e001e 100755
36 --- a/2.2/init/apache2.initd
37 +++ b/2.2/init/apache2.initd
38 @@ -61,7 +61,7 @@ start() {
39 ebegin "Starting ${SVCNAME}"
40 ${APACHE2} ${APACHE2_OPTS} -k start
41
42 - let i=0
43 + i=0
44 while [ ! -e "${PIDFILE}" ] && [ $i -lt ${TIMEOUT} ]; do
45 sleep 1 && i=$(expr $i + 1)
46 done
47 @@ -76,7 +76,7 @@ stop() {
48 ebegin "Stopping ${SVCNAME}"
49 ${APACHE2} ${APACHE2_OPTS} -k stop
50
51 - let i=0
52 + i=0
53 while pidof "${APACHE2}" >/dev/null && [ $i -lt ${TIMEOUT} ]; do
54 sleep 1 && i=$(expr $i + 1)
55 done
56
57 diff --git a/2.2/patches/05_all_fix_graceful_multiple_listeners.patch b/2.2/patches/05_all_fix_graceful_multiple_listeners.patch
58 new file mode 100644
59 index 0000000..6ed9de1
60 --- /dev/null
61 +++ b/2.2/patches/05_all_fix_graceful_multiple_listeners.patch
62 @@ -0,0 +1,42 @@
63 +--- httpd/httpd/branches/2.2.x/server/mpm/prefork/prefork.c 2009/01/31 20:53:11 739607
64 ++++ httpd/httpd/branches/2.2.x/server/mpm/prefork/prefork.c 2009/01/31 20:54:55 739608
65 +@@ -577,19 +577,27 @@
66 + apr_int32_t numdesc;
67 + const apr_pollfd_t *pdesc;
68 +
69 +- /* timeout == -1 == wait forever */
70 +- status = apr_pollset_poll(pollset, -1, &numdesc, &pdesc);
71 ++ /* check for termination first so we don't sleep for a while in
72 ++ * poll if already signalled
73 ++ */
74 ++ if (one_process && shutdown_pending) {
75 ++ SAFE_ACCEPT(accept_mutex_off());
76 ++ return;
77 ++ }
78 ++ else if (die_now) {
79 ++ /* In graceful stop/restart; drop the mutex
80 ++ * and terminate the child. */
81 ++ SAFE_ACCEPT(accept_mutex_off());
82 ++ clean_child_exit(0);
83 ++ }
84 ++ /* timeout == 10 seconds to avoid a hang at graceful restart/stop
85 ++ * caused by the closing of sockets by the signal handler
86 ++ */
87 ++ status = apr_pollset_poll(pollset, apr_time_from_sec(10),
88 ++ &numdesc, &pdesc);
89 + if (status != APR_SUCCESS) {
90 +- if (APR_STATUS_IS_EINTR(status)) {
91 +- if (one_process && shutdown_pending) {
92 +- return;
93 +- }
94 +- else if (die_now) {
95 +- /* In graceful stop/restart; drop the mutex
96 +- * and terminate the child. */
97 +- SAFE_ACCEPT(accept_mutex_off());
98 +- clean_child_exit(0);
99 +- }
100 ++ if (APR_STATUS_IS_TIMEUP(status) ||
101 ++ APR_STATUS_IS_EINTR(status)) {
102 + continue;
103 + }
104 + /* Single Unix documents select as returning errnos
105
106 diff --git a/2.2/patches/06_all_CVE-2009-1191.patch b/2.2/patches/06_all_CVE-2009-1191.patch
107 new file mode 100644
108 index 0000000..cbb790a
109 --- /dev/null
110 +++ b/2.2/patches/06_all_CVE-2009-1191.patch
111 @@ -0,0 +1,37 @@
112 +Index: modules/proxy/mod_proxy_ajp.c
113 +===================================================================
114 +--- modules/proxy/mod_proxy_ajp.c (Revision 763379)
115 ++++ modules/proxy/mod_proxy_ajp.c (Arbeitskopie)
116 +@@ -307,21 +307,17 @@
117 + "proxy: read zero bytes, expecting"
118 + " %" APR_OFF_T_FMT " bytes",
119 + content_length);
120 +- status = ajp_send_data_msg(conn->sock, msg, 0);
121 +- if (status != APR_SUCCESS) {
122 +- /* We had a failure: Close connection to backend */
123 +- conn->close++;
124 +- ap_log_error(APLOG_MARK, APLOG_ERR, status, r->server,
125 +- "proxy: send failed to %pI (%s)",
126 +- conn->worker->cp->addr,
127 +- conn->worker->hostname);
128 +- return HTTP_INTERNAL_SERVER_ERROR;
129 +- }
130 +- else {
131 +- /* Client send zero bytes with C-L > 0
132 +- */
133 +- return HTTP_BAD_REQUEST;
134 +- }
135 ++ /*
136 ++ * We can only get here if the client closed the connection
137 ++ * to us without sending the body.
138 ++ * Now the connection is in the wrong state on the backend.
139 ++ * Sending an empty data msg doesn't help either as it does
140 ++ * not move this connection to the correct state on the backend
141 ++ * for later resusage by the next request again.
142 ++ * Close it to clean things up.
143 ++ */
144 ++ conn->close++;
145 ++ return HTTP_BAD_REQUEST;
146 + }
147 + }
148 +
149
150 diff --git a/2.2/patches/07_all_CVE-2009-1195.patch b/2.2/patches/07_all_CVE-2009-1195.patch
151 new file mode 100644
152 index 0000000..14a6dba
153 --- /dev/null
154 +++ b/2.2/patches/07_all_CVE-2009-1195.patch
155 @@ -0,0 +1,136 @@
156 +Index: server/config.c
157 +===================================================================
158 +--- server/config.c (revision 773036)
159 ++++ server/config.c (working copy)
160 +@@ -1510,7 +1510,7 @@
161 + parms.temp_pool = ptemp;
162 + parms.server = s;
163 + parms.override = (RSRC_CONF | OR_ALL) & ~(OR_AUTHCFG | OR_LIMIT);
164 +- parms.override_opts = OPT_ALL | OPT_INCNOEXEC | OPT_SYM_OWNER | OPT_MULTI;
165 ++ parms.override_opts = OPT_ALL | OPT_SYM_OWNER | OPT_MULTI;
166 +
167 + parms.config_file = ap_pcfg_open_custom(p, "-c/-C directives",
168 + &arr_parms, NULL,
169 +@@ -1617,7 +1617,7 @@
170 + parms.temp_pool = ptemp;
171 + parms.server = s;
172 + parms.override = (RSRC_CONF | OR_ALL) & ~(OR_AUTHCFG | OR_LIMIT);
173 +- parms.override_opts = OPT_ALL | OPT_INCNOEXEC | OPT_SYM_OWNER | OPT_MULTI;
174 ++ parms.override_opts = OPT_ALL | OPT_SYM_OWNER | OPT_MULTI;
175 +
176 + rv = ap_pcfg_openfile(&cfp, p, fname);
177 + if (rv != APR_SUCCESS) {
178 +@@ -1755,7 +1755,7 @@
179 + parms.temp_pool = ptemp;
180 + parms.server = s;
181 + parms.override = (RSRC_CONF | OR_ALL) & ~(OR_AUTHCFG | OR_LIMIT);
182 +- parms.override_opts = OPT_ALL | OPT_INCNOEXEC | OPT_SYM_OWNER | OPT_MULTI;
183 ++ parms.override_opts = OPT_ALL | OPT_SYM_OWNER | OPT_MULTI;
184 + parms.limited = -1;
185 +
186 + errmsg = ap_walk_config(conftree, &parms, s->lookup_defaults);
187 +Index: server/core.c
188 +===================================================================
189 +--- server/core.c (revision 773036)
190 ++++ server/core.c (working copy)
191 +@@ -108,8 +108,7 @@
192 + conf->opts = dir ? OPT_UNSET : OPT_UNSET|OPT_ALL;
193 + conf->opts_add = conf->opts_remove = OPT_NONE;
194 + conf->override = dir ? OR_UNSET : OR_UNSET|OR_ALL;
195 +- conf->override_opts = OPT_UNSET | OPT_ALL | OPT_INCNOEXEC | OPT_SYM_OWNER
196 +- | OPT_MULTI;
197 ++ conf->override_opts = OPT_UNSET | OPT_ALL | OPT_SYM_OWNER | OPT_MULTI;
198 +
199 + conf->content_md5 = 2;
200 + conf->accept_path_info = 3;
201 +@@ -242,8 +241,15 @@
202 + conf->opts_remove = (conf->opts_remove & ~new->opts_add)
203 + | new->opts_remove;
204 + conf->opts = (conf->opts & ~conf->opts_remove) | conf->opts_add;
205 +- if ((base->opts & OPT_INCNOEXEC) && (new->opts & OPT_INCLUDES)) {
206 +- conf->opts = (conf->opts & ~OPT_INCNOEXEC) | OPT_INCLUDES;
207 ++
208 ++ /* If Includes was enabled with exec in the base config, but
209 ++ * was enabled without exec in the new config, then disable
210 ++ * exec in the merged set. */
211 ++ if (((base->opts & (OPT_INCLUDES|OPT_INC_WITH_EXEC))
212 ++ == (OPT_INCLUDES|OPT_INC_WITH_EXEC))
213 ++ && ((new->opts & (OPT_INCLUDES|OPT_INC_WITH_EXEC))
214 ++ == OPT_INCLUDES)) {
215 ++ conf->opts &= ~OPT_INC_WITH_EXEC;
216 + }
217 + }
218 + else {
219 +@@ -1304,10 +1310,12 @@
220 + opt = OPT_INDEXES;
221 + }
222 + else if (!strcasecmp(w, "Includes")) {
223 +- opt = OPT_INCLUDES;
224 ++ /* If Includes is permitted, both Includes and
225 ++ * IncludesNOEXEC may be changed. */
226 ++ opt = (OPT_INCLUDES | OPT_INC_WITH_EXEC);
227 + }
228 + else if (!strcasecmp(w, "IncludesNOEXEC")) {
229 +- opt = (OPT_INCLUDES | OPT_INCNOEXEC);
230 ++ opt = OPT_INCLUDES;
231 + }
232 + else if (!strcasecmp(w, "FollowSymLinks")) {
233 + opt = OPT_SYM_LINKS;
234 +@@ -1428,10 +1436,10 @@
235 + opt = OPT_INDEXES;
236 + }
237 + else if (!strcasecmp(w, "Includes")) {
238 +- opt = OPT_INCLUDES;
239 ++ opt = (OPT_INCLUDES | OPT_INC_WITH_EXEC);
240 + }
241 + else if (!strcasecmp(w, "IncludesNOEXEC")) {
242 +- opt = (OPT_INCLUDES | OPT_INCNOEXEC);
243 ++ opt = OPT_INCLUDES;
244 + }
245 + else if (!strcasecmp(w, "FollowSymLinks")) {
246 + opt = OPT_SYM_LINKS;
247 +Index: modules/filters/mod_include.c
248 +===================================================================
249 +--- modules/filters/mod_include.c (revision 773036)
250 ++++ modules/filters/mod_include.c (working copy)
251 +@@ -3574,7 +3574,7 @@
252 + intern->seen_eos = 0;
253 + intern->state = PARSE_PRE_HEAD;
254 + ctx->flags = (SSI_FLAG_PRINTING | SSI_FLAG_COND_TRUE);
255 +- if (ap_allow_options(r) & OPT_INCNOEXEC) {
256 ++ if ((ap_allow_options(r) & OPT_INC_WITH_EXEC) == 0) {
257 + ctx->flags |= SSI_FLAG_NO_EXEC;
258 + }
259 + intern->accessenable = conf->accessenable;
260 +Index: include/http_core.h
261 +===================================================================
262 +--- include/http_core.h (revision 773036)
263 ++++ include/http_core.h (working copy)
264 +@@ -65,7 +65,7 @@
265 + #define OPT_NONE 0
266 + /** Indexes directive */
267 + #define OPT_INDEXES 1
268 +-/** Includes directive */
269 ++/** SSI is enabled without exec= permission */
270 + #define OPT_INCLUDES 2
271 + /** FollowSymLinks directive */
272 + #define OPT_SYM_LINKS 4
273 +@@ -73,14 +73,14 @@
274 + #define OPT_EXECCGI 8
275 + /** directive unset */
276 + #define OPT_UNSET 16
277 +-/** IncludesNOEXEC directive */
278 +-#define OPT_INCNOEXEC 32
279 ++/** SSI exec= permission is permitted, iff OPT_INCLUDES is also set */
280 ++#define OPT_INC_WITH_EXEC 32
281 + /** SymLinksIfOwnerMatch directive */
282 + #define OPT_SYM_OWNER 64
283 + /** MultiViews directive */
284 + #define OPT_MULTI 128
285 + /** All directives */
286 +-#define OPT_ALL (OPT_INDEXES|OPT_INCLUDES|OPT_SYM_LINKS|OPT_EXECCGI)
287 ++#define OPT_ALL (OPT_INDEXES|OPT_INCLUDES|OPT_INC_WITH_EXEC|OPT_SYM_LINKS|OPT_EXECCGI)
288 + /** @} */
289 +
290 + /**
291 +
292
293 diff --git a/2.2/patches/08_all_CVE-2009-1890.patch b/2.2/patches/08_all_CVE-2009-1890.patch
294 new file mode 100644
295 index 0000000..672c82b
296 --- /dev/null
297 +++ b/2.2/patches/08_all_CVE-2009-1890.patch
298 @@ -0,0 +1,38 @@
299 +--- httpd/httpd/trunk/modules/proxy/mod_proxy_http.c 2009/07/02 13:37:39 790586
300 ++++ httpd/httpd/trunk/modules/proxy/mod_proxy_http.c 2009/07/02 13:41:18 790587
301 +@@ -427,10 +427,16 @@
302 + apr_off_t bytes_streamed = 0;
303 +
304 + if (old_cl_val) {
305 ++ char *endstr;
306 ++
307 + add_cl(p, bucket_alloc, header_brigade, old_cl_val);
308 +- if (APR_SUCCESS != (status = apr_strtoff(&cl_val, old_cl_val, NULL,
309 +- 0))) {
310 +- return HTTP_INTERNAL_SERVER_ERROR;
311 ++ status = apr_strtoff(&cl_val, old_cl_val, &endstr, 10);
312 ++
313 ++ if (status || *endstr || endstr == old_cl_val || cl_val < 0) {
314 ++ ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r,
315 ++ "proxy: could not parse request Content-Length (%s)",
316 ++ old_cl_val);
317 ++ return HTTP_BAD_REQUEST;
318 + }
319 + }
320 + terminate_headers(bucket_alloc, header_brigade);
321 +@@ -463,8 +469,13 @@
322 + *
323 + * Prevents HTTP Response Splitting.
324 + */
325 +- if (bytes_streamed > cl_val)
326 +- continue;
327 ++ if (bytes_streamed > cl_val) {
328 ++ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
329 ++ "proxy: read more bytes of request body than expected "
330 ++ "(got %" APR_OFF_T_FMT ", expected %" APR_OFF_T_FMT ")",
331 ++ bytes_streamed, cl_val);
332 ++ return HTTP_INTERNAL_SERVER_ERROR;
333 ++ }
334 +
335 + if (header_brigade) {
336 + /* we never sent the header brigade, so go ahead and
337
338 diff --git a/2.2/patches/21_all_itk_20080727.patch b/2.2/patches/21_all_itk_20090114.patch
339 similarity index 87%
340 rename from 2.2/patches/21_all_itk_20080727.patch
341 rename to 2.2/patches/21_all_itk_20090114.patch
342 index a9580eb..3a346cc 100644
343 --- a/2.2/patches/21_all_itk_20080727.patch
344 +++ b/2.2/patches/21_all_itk_20090114.patch
345 @@ -1,23 +1,26 @@
346 -unchanged:
347 ---- apache2.2/server/mpm/experimental/itk/Makefile.in
348 -+++ apache2.2/server/mpm/experimental/itk/Makefile.in
349 +Index: httpd-2.2.11/server/mpm/experimental/itk/Makefile.in
350 +===================================================================
351 +--- /dev/null
352 ++++ httpd-2.2.11/server/mpm/experimental/itk/Makefile.in
353 @@ -0,0 +1,5 @@
354 +
355 +LTLIBRARY_NAME = libitk.la
356 +LTLIBRARY_SOURCES = itk.c
357 +
358 +include $(top_srcdir)/build/ltlib.mk
359 -unchanged:
360 ---- apache2.2/server/mpm/experimental/itk/config.m4
361 -+++ apache2.2/server/mpm/experimental/itk/config.m4 2007-01-29 21:03:57.000000000 +0100
362 +Index: httpd-2.2.11/server/mpm/experimental/itk/config.m4
363 +===================================================================
364 +--- /dev/null
365 ++++ httpd-2.2.11/server/mpm/experimental/itk/config.m4
366 @@ -0,0 +1,3 @@
367 +if test "$MPM_NAME" = "itk" ; then
368 + APACHE_FAST_OUTPUT(server/mpm/$MPM_SUBDIR_NAME/Makefile)
369 +fi
370 -diff -u apache2.2/server/mpm/experimental/itk/itk.c apache2.2/server/mpm/experimental/itk/itk.c
371 ---- apache2.2/server/mpm/experimental/itk/itk.c
372 -+++ apache2.2/server/mpm/experimental/itk/itk.c
373 -@@ -0,0 +1,1704 @@
374 +Index: httpd-2.2.11/server/mpm/experimental/itk/itk.c
375 +===================================================================
376 +--- /dev/null
377 ++++ httpd-2.2.11/server/mpm/experimental/itk/itk.c
378 +@@ -0,0 +1,1740 @@
379 +/* Licensed to the Apache Software Foundation (ASF) under one or more
380 + * contributor license agreements. See the NOTICE file distributed with
381 + * this work for additional information regarding copyright ownership.
382 @@ -33,7 +36,10 @@ diff -u apache2.2/server/mpm/experimental/itk/itk.c apache2.2/server/mpm/experim
383 + * See the License for the specific language governing permissions and
384 + * limitations under the License.
385 + *
386 -+ * Portions copyright 2005-2007 Steinar H. Gunderson <sgunderson@×××××××.com>.
387 ++ * Portions copyright 2005-2009 Steinar H. Gunderson <sgunderson@×××××××.com>.
388 ++ * Licensed under the same terms as the rest of Apache.
389 ++ *
390 ++ * Portions copyright 2008 Knut Auvor Grythe <knut@×××××.no>.
391 + * Licensed under the same terms as the rest of Apache.
392 + */
393 +
394 @@ -45,8 +51,8 @@ diff -u apache2.2/server/mpm/experimental/itk/itk.c apache2.2/server/mpm/experim
395 +
396 +# define _DBG(text,par...) \
397 + ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, \
398 -+ "(itkmpm: pid=%d uid=%d) %s(): " text, \
399 -+ getpid(), getuid(), __FUNCTION__, par)
400 ++ "(itkmpm: pid=%d uid=%d, gid=%d) %s(): " text, \
401 ++ getpid(), getuid(), getgid(), __FUNCTION__, par)
402 +
403 +#define APR_WANT_STDIO
404 +#define APR_WANT_STRFUNC
405 @@ -69,7 +75,7 @@ diff -u apache2.2/server/mpm/experimental/itk/itk.c apache2.2/server/mpm/experim
406 +#include "http_config.h"
407 +#include "http_core.h" /* for get_remote_host */
408 +#include "http_connection.h"
409 -+#include "http_protocol.h" /* for ap_hook_post_read_request */
410 ++#include "http_request.h" /* for ap_hook_post_perdir_config */
411 +#include "scoreboard.h"
412 +#include "ap_mpm.h"
413 +#include "unixd.h"
414 @@ -172,16 +178,20 @@ diff -u apache2.2/server/mpm/experimental/itk/itk.c apache2.2/server/mpm/experim
415 +#endif /* TPF */
416 +
417 +static volatile int die_now = 0;
418 -+static volatile int listeners_closed = 0;
419 -+static int active_connection = 0;
420 ++
421 ++#define UNSET_NICE_VALUE 100
422 ++
423 ++typedef struct
424 ++{
425 ++ uid_t uid;
426 ++ gid_t gid;
427 ++ char *username;
428 ++ int nice_value;
429 ++} itk_per_dir_conf;
430 +
431 +typedef struct
432 +{
433 -+ uid_t uid;
434 -+ gid_t gid;
435 -+ char *username;
436 -+ int max_clients_vhost;
437 -+ int nice_value;
438 ++ int max_clients_vhost;
439 +} itk_server_conf;
440 +
441 +module AP_MODULE_DECLARE_DATA mpm_itk_module;
442 @@ -376,10 +386,7 @@ diff -u apache2.2/server/mpm/experimental/itk/itk.c apache2.2/server/mpm/experim
443 +
444 +static void stop_listening(int sig)
445 +{
446 -+ if (active_connection) {
447 -+ ap_close_listeners();
448 -+ listeners_closed = 1;
449 -+ }
450 ++ ap_close_listeners();
451 +
452 + /* For a graceful stop, we want the child to exit when done */
453 + die_now = 1;
454 @@ -529,7 +536,8 @@ diff -u apache2.2/server/mpm/experimental/itk/itk.c apache2.2/server/mpm/experim
455 + cap_value_t suidcaps[] = {
456 + CAP_SETUID,
457 + CAP_SETGID,
458 -+ CAP_SYS_NICE
459 ++ CAP_DAC_READ_SEARCH,
460 ++ CAP_SYS_NICE,
461 + };
462 +#endif
463 +
464 @@ -606,7 +614,10 @@ diff -u apache2.2/server/mpm/experimental/itk/itk.c apache2.2/server/mpm/experim
465 +
466 + bucket_alloc = apr_bucket_alloc_create(pchild);
467 +
468 -+ while (!die_now) {
469 ++ /* die_now is set when AP_SIG_GRACEFUL is received in the child;
470 ++ * shutdown_pending is set when SIGTERM is received when running
471 ++ * in single process mode. */
472 ++ while (!die_now && !shutdown_pending) {
473 + conn_rec *current_conn;
474 + void *csd;
475 +
476 @@ -640,11 +651,6 @@ diff -u apache2.2/server/mpm/experimental/itk/itk.c apache2.2/server/mpm/experim
477 + apr_int32_t numdesc;
478 + const apr_pollfd_t *pdesc;
479 +
480 -+ if (die_now) {
481 -+ status = !APR_SUCCESS;
482 -+ goto unlock;
483 -+ }
484 -+
485 + /* timeout == -1 == wait forever */
486 + status = apr_pollset_poll(pollset, -1, &numdesc, &pdesc);
487 + if (status != APR_SUCCESS) {
488 @@ -652,6 +658,12 @@ diff -u apache2.2/server/mpm/experimental/itk/itk.c apache2.2/server/mpm/experim
489 + if (one_process && shutdown_pending) {
490 + return;
491 + }
492 ++ else if (die_now) {
493 ++ /* In graceful stop/restart; drop the mutex
494 ++ * and terminate the child. */
495 ++ SAFE_ACCEPT(accept_mutex_off());
496 ++ clean_child_exit(0);
497 ++ }
498 + continue;
499 + }
500 + /* Single Unix documents select as returning errnos
501 @@ -662,6 +674,7 @@ diff -u apache2.2/server/mpm/experimental/itk/itk.c apache2.2/server/mpm/experim
502 + */
503 + ap_log_error(APLOG_MARK, APLOG_ERR, status,
504 + ap_server_conf, "apr_pollset_poll: (listen)");
505 ++ SAFE_ACCEPT(accept_mutex_off());
506 + clean_child_exit(1);
507 + }
508 +
509 @@ -693,14 +706,8 @@ diff -u apache2.2/server/mpm/experimental/itk/itk.c apache2.2/server/mpm/experim
510 + /* if we accept() something we don't want to die, so we have to
511 + * defer the exit
512 + */
513 -+ if (!die_now) {
514 -+ status = lr->accept_func(&csd, lr, ptrans);
515 -+ }
516 -+ else {
517 -+ status = !APR_SUCCESS;
518 -+ }
519 ++ status = lr->accept_func(&csd, lr, ptrans);
520 +
521 -+ unlock:
522 + SAFE_ACCEPT(accept_mutex_off()); /* unlock after "accept" */
523 +
524 + if (status == APR_EGENERAL) {
525 @@ -716,14 +723,8 @@ diff -u apache2.2/server/mpm/experimental/itk/itk.c apache2.2/server/mpm/experim
526 + * socket options, file descriptors, and read/write buffers.
527 + */
528 +
529 -+ active_connection = 1;
530 -+ if (die_now && !listeners_closed) {
531 -+ ap_close_listeners();
532 -+ listeners_closed = 1;
533 -+ }
534 -+
535 + {
536 -+ pid_t pid = fork();
537 ++ pid_t pid = fork(), child_pid;
538 + int status;
539 + switch (pid) {
540 + case -1:
541 @@ -738,7 +739,11 @@ diff -u apache2.2/server/mpm/experimental/itk/itk.c apache2.2/server/mpm/experim
542 + }
543 + exit(0);
544 + default: /* parent; just wait for child to be done */
545 -+ if (waitpid(pid, &status, 0) != pid || !WIFEXITED(status)) {
546 ++ do {
547 ++ child_pid = waitpid(pid, &status, 0);
548 ++ } while (child_pid == -1 && errno == EINTR);
549 ++
550 ++ if (child_pid != pid || !WIFEXITED(status)) {
551 + if (WIFSIGNALED(status)) {
552 + ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf, "child died with signal %u", WTERMSIG(status));
553 + } else if (WEXITSTATUS(status) != 0) {
554 @@ -751,7 +756,6 @@ diff -u apache2.2/server/mpm/experimental/itk/itk.c apache2.2/server/mpm/experim
555 + break;
556 + }
557 + }
558 -+ active_connection = 0;
559 +
560 + /* Check the pod and the generation number after processing a
561 + * connection so that we'll go away if a graceful restart occurred
562 @@ -1434,13 +1438,13 @@ diff -u apache2.2/server/mpm/experimental/itk/itk.c apache2.2/server/mpm/experim
563 + return OK;
564 +}
565 +
566 -+static int itk_post_read(request_rec *r)
567 ++static int itk_post_perdir_config(request_rec *r)
568 +{
569 + uid_t wanted_uid;
570 + gid_t wanted_gid;
571 + const char *wanted_username;
572 + int err = 0;
573 -+
574 ++
575 + itk_server_conf *sconf =
576 + (itk_server_conf *) ap_get_module_config(r->server->module_config, &mpm_itk_module);
577 +
578 @@ -1461,17 +1465,21 @@ diff -u apache2.2/server/mpm/experimental/itk/itk.c apache2.2/server/mpm/experim
579 + }
580 + }
581 +
582 ++ itk_per_dir_conf *dconf =
583 ++ (itk_per_dir_conf *) ap_get_module_config(r->per_dir_config, &mpm_itk_module);
584 ++
585 + strncpy(ap_scoreboard_image->servers[my_child_num][0].vhost, r->server->server_hostname, 31);
586 + ap_scoreboard_image->servers[my_child_num][0].vhost[31] = 0;
587 +
588 -+ if (setpriority(PRIO_PROCESS, 0, sconf->nice_value)) {
589 ++ if (dconf->nice_value != UNSET_NICE_VALUE &&
590 ++ setpriority(PRIO_PROCESS, 0, dconf->nice_value)) {
591 + _DBG("setpriority(): %s", strerror(errno));
592 + err = 1;
593 + }
594 +
595 -+ wanted_uid = sconf->uid;
596 -+ wanted_gid = sconf->gid;
597 -+ wanted_username = sconf->username;
598 ++ wanted_uid = dconf->uid;
599 ++ wanted_gid = dconf->gid;
600 ++ wanted_username = dconf->username;
601 +
602 + if (wanted_uid == -1 || wanted_gid == -1) {
603 + wanted_uid = unixd_config.user_id;
604 @@ -1481,13 +1489,13 @@ diff -u apache2.2/server/mpm/experimental/itk/itk.c apache2.2/server/mpm/experim
605 +
606 + if (!err && wanted_uid != -1 && wanted_gid != -1 && (getuid() != wanted_uid || getgid() != wanted_gid)) {
607 + if (setgid(wanted_gid)) {
608 -+ _DBG("setgid(): %s", strerror(errno));
609 ++ _DBG("setgid(%d): %s", wanted_gid, strerror(errno));
610 + err = 1;
611 + } else if (initgroups(wanted_username, wanted_gid)) {
612 -+ _DBG("initgroups(): %s", strerror(errno));
613 ++ _DBG("initgroups(%s, %d): %s", wanted_username, wanted_gid, strerror(errno));
614 + err = 1;
615 + } else if (setuid(wanted_uid)) {
616 -+ _DBG("setuid(): %s", strerror(errno));
617 ++ _DBG("setuid(%d): %s", wanted_uid, strerror(errno));
618 + err = 1;
619 + }
620 + }
621 @@ -1524,8 +1532,8 @@ diff -u apache2.2/server/mpm/experimental/itk/itk.c apache2.2/server/mpm/experim
622 + */
623 + ap_hook_pre_config(itk_pre_config, NULL, NULL, APR_HOOK_REALLY_FIRST);
624 +
625 -+ /* set the uid as fast as possible */
626 -+ ap_hook_post_read_request(itk_post_read, NULL, NULL, APR_HOOK_REALLY_FIRST);
627 ++ /* set the uid as fast as possible, but not before merging per-dit config */
628 ++ ap_hook_header_parser(itk_post_perdir_config, NULL, NULL, APR_HOOK_REALLY_FIRST);
629 +}
630 +
631 +static const char *set_daemons_to_start(cmd_parms *cmd, void *dummy, const char *arg)
632 @@ -1638,13 +1646,12 @@ diff -u apache2.2/server/mpm/experimental/itk/itk.c apache2.2/server/mpm/experim
633 + return NULL;
634 +}
635 +
636 -+static const char *assign_user_id (cmd_parms *cmd, void *dummy, const char *user_name, const char *group_name)
637 ++static const char *assign_user_id (cmd_parms *cmd, void *ptr, const char *user_name, const char *group_name)
638 +{
639 -+ itk_server_conf *sconf =
640 -+ (itk_server_conf *) ap_get_module_config(cmd->server->module_config, &mpm_itk_module);
641 -+ sconf->username = strdup(user_name);
642 -+ sconf->uid = ap_uname2id(user_name);
643 -+ sconf->gid = ap_gname2id(group_name);
644 ++ itk_per_dir_conf *dconf = (itk_per_dir_conf *) ptr;
645 ++ dconf->username = apr_pstrdup(cmd->pool, user_name);
646 ++ dconf->uid = ap_uname2id(user_name);
647 ++ dconf->gid = ap_gname2id(group_name);
648 + return NULL;
649 +}
650 +
651 @@ -1654,12 +1661,11 @@ diff -u apache2.2/server/mpm/experimental/itk/itk.c apache2.2/server/mpm/experim
652 + (itk_server_conf *) ap_get_module_config(cmd->server->module_config, &mpm_itk_module);
653 + sconf->max_clients_vhost = atoi(arg);
654 + return NULL;
655 -+}
656 ++}
657 +
658 -+static const char *set_nice_value (cmd_parms *cmd, void *dummy, const char *arg)
659 ++static const char *set_nice_value (cmd_parms *cmd, void *ptr, const char *arg)
660 +{
661 -+ itk_server_conf *sconf =
662 -+ (itk_server_conf *) ap_get_module_config(cmd->server->module_config, &mpm_itk_module);
663 ++ itk_per_dir_conf *dconf = (itk_per_dir_conf *) ptr;
664 + int nice_value = atoi(arg);
665 +
666 + if (nice_value < -20) {
667 @@ -1674,7 +1680,7 @@ diff -u apache2.2/server/mpm/experimental/itk/itk.c apache2.2/server/mpm/experim
668 + nice_value);
669 + nice_value = 19;
670 + }
671 -+ sconf->nice_value = nice_value;
672 ++ dconf->nice_value = nice_value;
673 + return NULL;
674 +}
675 +
676 @@ -1691,41 +1697,75 @@ diff -u apache2.2/server/mpm/experimental/itk/itk.c apache2.2/server/mpm/experim
677 + "Maximum number of children alive at the same time"),
678 +AP_INIT_TAKE1("ServerLimit", set_server_limit, NULL, RSRC_CONF,
679 + "Maximum value of MaxClients for this run of Apache"),
680 -+AP_INIT_TAKE2("AssignUserID", assign_user_id, NULL, RSRC_CONF,
681 ++AP_INIT_TAKE2("AssignUserID", assign_user_id, NULL, RSRC_CONF|ACCESS_CONF,
682 + "Tie a virtual host to a specific child process."),
683 +AP_INIT_TAKE1("MaxClientsVHost", set_max_clients_vhost, NULL, RSRC_CONF,
684 + "Maximum number of children alive at the same time for this virtual host."),
685 -+AP_INIT_TAKE1("NiceValue", set_nice_value, NULL, RSRC_CONF,
686 ++AP_INIT_TAKE1("NiceValue", set_nice_value, NULL, RSRC_CONF|ACCESS_CONF,
687 + "Set nice value for the given vhost, from -20 (highest priority) to 19 (lowest priority)."),
688 +AP_GRACEFUL_SHUTDOWN_TIMEOUT_COMMAND,
689 +{ NULL }
690 +};
691 +
692 ++/* == allocate a private per-dir config structure == */
693 ++static void *itk_create_dir_config(apr_pool_t *p, char *dummy)
694 ++{
695 ++ itk_per_dir_conf *c = (itk_per_dir_conf *)
696 ++ apr_pcalloc(p, sizeof(itk_per_dir_conf));
697 ++ c->uid = c->gid = -1;
698 ++ c->nice_value = UNSET_NICE_VALUE;
699 ++ return c;
700 ++}
701 ++
702 ++/* == merge the parent per-dir config structure into ours == */
703 ++static void *itk_merge_dir_config(apr_pool_t *p, void *parent_ptr, void *child_ptr)
704 ++{
705 ++ itk_per_dir_conf *c = (itk_per_dir_conf *)
706 ++ apr_pcalloc(p, sizeof(itk_per_dir_conf));
707 ++ itk_per_dir_conf *parent = (itk_per_dir_conf *) parent_ptr;
708 ++ itk_per_dir_conf *child = (itk_per_dir_conf *) child_ptr;
709 ++
710 ++ if (child->username != NULL) {
711 ++ c->username = apr_pstrdup(p, child->username);
712 ++ c->uid = child->uid;
713 ++ c->gid = child->gid;
714 ++ } else if (parent->username != NULL) {
715 ++ c->username = apr_pstrdup(p, parent->username);
716 ++ c->uid = parent->uid;
717 ++ c->gid = parent->gid;
718 ++ }
719 ++ if (child->nice_value != UNSET_NICE_VALUE) {
720 ++ c->nice_value = child->nice_value;
721 ++ } else {
722 ++ c->nice_value = parent->nice_value;
723 ++ }
724 ++ return c;
725 ++}
726 ++
727 +/* == allocate a private server config structure == */
728 -+static void *itk_create_config(apr_pool_t *p, server_rec *s)
729 ++static void *itk_create_server_config(apr_pool_t *p, server_rec *s)
730 +{
731 + itk_server_conf *c = (itk_server_conf *)
732 + apr_pcalloc(p, sizeof(itk_server_conf));
733 -+ c->uid = c->gid = -1;
734 + c->max_clients_vhost = -1;
735 -+ c->nice_value = 0;
736 + return c;
737 +}
738 +
739 +module AP_MODULE_DECLARE_DATA mpm_itk_module = {
740 + MPM20_MODULE_STUFF,
741 + ap_mpm_rewrite_args, /* hook to run before apache parses args */
742 -+ NULL, /* create per-directory config structure */
743 -+ NULL, /* merge per-directory config structures */
744 -+ itk_create_config, /* create per-server config structure */
745 ++ itk_create_dir_config, /* create per-directory config structure */
746 ++ itk_merge_dir_config, /* merge per-directory config structures */
747 ++ itk_create_server_config, /* create per-server config structure */
748 + NULL, /* merge per-server config structures */
749 + itk_cmds, /* command apr_table_t */
750 + itk_hooks, /* register hooks */
751 +};
752 -unchanged:
753 ---- apache2.2/server/mpm/experimental/itk/mpm.h
754 -+++ apache2.2/server/mpm/experimental/itk/mpm.h 2007-01-29 21:22:33.000000000 +0100
755 -@@ -0,0 +1,65 @@
756 +Index: httpd-2.2.11/server/mpm/experimental/itk/mpm.h
757 +===================================================================
758 +--- /dev/null
759 ++++ httpd-2.2.11/server/mpm/experimental/itk/mpm.h
760 +@@ -0,0 +1,68 @@
761 +/* Licensed to the Apache Software Foundation (ASF) under one or more
762 + * contributor license agreements. See the NOTICE file distributed with
763 + * this work for additional information regarding copyright ownership.
764 @@ -1741,7 +1781,10 @@ unchanged:
765 + * See the License for the specific language governing permissions and
766 + * limitations under the License.
767 + *
768 -+ * Portions copyright 2005-2007 Steinar H. Gunderson <sgunderson@×××××××.com>.
769 ++ * Portions copyright 2005-2009 Steinar H. Gunderson <sgunderson@×××××××.com>.
770 ++ * Licensed under the same terms as the rest of Apache.
771 ++ *
772 ++ * Portions copyright 2008 Knut Auvor Grythe <knut@×××××.no>.
773 + * Licensed under the same terms as the rest of Apache.
774 + */
775 +
776 @@ -1791,10 +1834,11 @@ unchanged:
777 +extern server_rec *ap_server_conf;
778 +#endif /* APACHE_MPM_ITK_H */
779 +/** @} */
780 -unchanged:
781 ---- apache2.2/server/mpm/experimental/itk/mpm_default.h
782 -+++ apache2.2/server/mpm/experimental/itk/mpm_default.h 2007-01-29 21:22:09.000000000 +0100
783 -@@ -0,0 +1,77 @@
784 +Index: httpd-2.2.11/server/mpm/experimental/itk/mpm_default.h
785 +===================================================================
786 +--- /dev/null
787 ++++ httpd-2.2.11/server/mpm/experimental/itk/mpm_default.h
788 +@@ -0,0 +1,80 @@
789 +/* Licensed to the Apache Software Foundation (ASF) under one or more
790 + * contributor license agreements. See the NOTICE file distributed with
791 + * this work for additional information regarding copyright ownership.
792 @@ -1810,7 +1854,10 @@ unchanged:
793 + * See the License for the specific language governing permissions and
794 + * limitations under the License.
795 + *
796 -+ * Portions copyright 2005-2007 Steinar H. Gunderson <sgunderson@×××××××.com>.
797 ++ * Portions copyright 2005-2009 Steinar H. Gunderson <sgunderson@×××××××.com>.
798 ++ * Licensed under the same terms as the rest of Apache.
799 ++ *
800 ++ * Portions copyright 2008 Knut Auvor Grythe <knut@×××××.no>.
801 + * Licensed under the same terms as the rest of Apache.
802 + */
803 +
804 @@ -1872,9 +1919,10 @@ unchanged:
805 +
806 +#endif /* AP_MPM_DEFAULT_H */
807 +/** @} */
808 -unchanged:
809 ---- apache2.2/server/mpm/config.m4 2007-01-29 21:30:35.000000000 +0100
810 -+++ apache2.2/server/mpm/config.m4
811 +Index: httpd-2.2.11/server/mpm/config.m4
812 +===================================================================
813 +--- httpd-2.2.11.orig/server/mpm/config.m4
814 ++++ httpd-2.2.11/server/mpm/config.m4
815 @@ -1,7 +1,7 @@
816 AC_MSG_CHECKING(which MPM to use)
817 AC_ARG_WITH(mpm,
818 @@ -1884,7 +1932,7 @@ unchanged:
819 APACHE_MPM=$withval
820 ],[
821 if test "x$APACHE_MPM" = "x"; then
822 -@@ -23,7 +23,7 @@
823 +@@ -23,7 +23,7 @@ ap_mpm_is_threaded ()
824
825 ap_mpm_is_experimental ()
826 {
827 @@ -1893,7 +1941,7 @@ unchanged:
828 return 0
829 else
830 return 1
831 -@@ -66,6 +66,11 @@
832 +@@ -66,6 +66,11 @@ if ap_mpm_is_experimental; then
833 else
834 MPM_SUBDIR_NAME=$MPM_NAME
835 fi
836 @@ -1905,3 +1953,84 @@ unchanged:
837 MPM_DIR=server/mpm/$MPM_SUBDIR_NAME
838 MPM_LIB=$MPM_DIR/lib${MPM_NAME}.la
839
840 +Index: httpd-2.2.11/include/http_request.h
841 +===================================================================
842 +--- httpd-2.2.11.orig/include/http_request.h
843 ++++ httpd-2.2.11/include/http_request.h
844 +@@ -12,6 +12,12 @@
845 + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
846 + * See the License for the specific language governing permissions and
847 + * limitations under the License.
848 ++ *
849 ++ * Portions copyright 2005-2009 Steinar H. Gunderson <sgunderson@×××××××.com>.
850 ++ * Licensed under the same terms as the rest of Apache.
851 ++ *
852 ++ * Portions copyright 2008 Knut Auvor Grythe <knut@×××××.no>.
853 ++ * Licensed under the same terms as the rest of Apache.
854 + */
855 +
856 + /**
857 +@@ -350,6 +356,15 @@ AP_DECLARE_HOOK(int,auth_checker,(reques
858 + */
859 + AP_DECLARE_HOOK(void,insert_filter,(request_rec *r))
860 +
861 ++/**
862 ++ * This hook allows modules to affect the request immediately after the
863 ++ * per-directory configuration for the request has been generated. This allows
864 ++ * modules to make decisions based upon the current directory configuration
865 ++ * @param r The current request
866 ++ * @return OK or DECLINED
867 ++ */
868 ++AP_DECLARE_HOOK(int,post_perdir_config,(request_rec *r))
869 ++
870 + AP_DECLARE(int) ap_location_walk(request_rec *r);
871 + AP_DECLARE(int) ap_directory_walk(request_rec *r);
872 + AP_DECLARE(int) ap_file_walk(request_rec *r);
873 +Index: httpd-2.2.11/server/request.c
874 +===================================================================
875 +--- httpd-2.2.11.orig/server/request.c
876 ++++ httpd-2.2.11/server/request.c
877 +@@ -12,6 +12,12 @@
878 + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
879 + * See the License for the specific language governing permissions and
880 + * limitations under the License.
881 ++ *
882 ++ * Portions copyright 2005-2009 Steinar H. Gunderson <sgunderson@×××××××.com>.
883 ++ * Licensed under the same terms as the rest of Apache.
884 ++ *
885 ++ * Portions copyright 2008 Knut Auvor Grythe <knut@×××××.no>.
886 ++ * Licensed under the same terms as the rest of Apache.
887 + */
888 +
889 + /*
890 +@@ -61,6 +67,7 @@ APR_HOOK_STRUCT(
891 + APR_HOOK_LINK(auth_checker)
892 + APR_HOOK_LINK(insert_filter)
893 + APR_HOOK_LINK(create_request)
894 ++ APR_HOOK_LINK(post_perdir_config)
895 + )
896 +
897 + AP_IMPLEMENT_HOOK_RUN_FIRST(int,translate_name,
898 +@@ -80,6 +87,8 @@ AP_IMPLEMENT_HOOK_RUN_FIRST(int,auth_che
899 + AP_IMPLEMENT_HOOK_VOID(insert_filter, (request_rec *r), (r))
900 + AP_IMPLEMENT_HOOK_RUN_ALL(int, create_request,
901 + (request_rec *r), (r), OK, DECLINED)
902 ++AP_IMPLEMENT_HOOK_RUN_ALL(int,post_perdir_config,
903 ++ (request_rec *r), (r), OK, DECLINED)
904 +
905 +
906 + static int decl_die(int status, char *phase, request_rec *r)
907 +@@ -158,6 +167,13 @@ AP_DECLARE(int) ap_process_request_inter
908 + return access_status;
909 + }
910 +
911 ++ /* First chance to handle the request after per-directory configuration is
912 ++ * generated
913 ++ */
914 ++ if ((access_status = ap_run_post_perdir_config(r))) {
915 ++ return access_status;
916 ++ }
917 ++
918 + /* Only on the main request! */
919 + if (r->main == NULL) {
920 + if ((access_status = ap_run_header_parser(r))) {
Report Message
Find on MARC Find on Google Groups