1 |
commit: 01b154dd0401767753f8b44b567ca27c638b59ca |
2 |
Author: Benedikt Boehm <hollow <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sun Jul 5 17:19:57 2009 +0000 |
4 |
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Jul 5 17:19:57 2009 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/apache.git;a=commit;h=01b154dd |
7 |
|
8 |
new patches and some config fixes |
9 |
|
10 |
--- |
11 |
2.2/conf/modules.d/45_mod_dav.conf | 2 +- |
12 |
2.2/init/apache2.initd | 4 +- |
13 |
.../05_all_fix_graceful_multiple_listeners.patch | 42 +++ |
14 |
2.2/patches/06_all_CVE-2009-1191.patch | 37 +++ |
15 |
2.2/patches/07_all_CVE-2009-1195.patch | 136 +++++++++ |
16 |
2.2/patches/08_all_CVE-2009-1890.patch | 38 +++ |
17 |
...tk_20080727.patch => 21_all_itk_20090114.patch} | 315 +++++++++++++++------ |
18 |
7 files changed, 478 insertions(+), 96 deletions(-) |
19 |
|
20 |
diff --git a/2.2/conf/modules.d/45_mod_dav.conf b/2.2/conf/modules.d/45_mod_dav.conf |
21 |
index b15ca01..be3654b 100644 |
22 |
--- a/2.2/conf/modules.d/45_mod_dav.conf |
23 |
+++ b/2.2/conf/modules.d/45_mod_dav.conf |
24 |
@@ -45,7 +45,7 @@ Alias /uploads "/var/www/uploads" |
25 |
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully |
26 |
BrowserMatch "MS FrontPage" redirect-carefully |
27 |
BrowserMatch "^WebDrive" redirect-carefully |
28 |
-BrowserMatch "^WebDAVFS/1.[012345]" redirect-carefully |
29 |
+BrowserMatch "^WebDAVFS/1.[012345678]" redirect-carefully |
30 |
BrowserMatch "^gnome-vfs/1.0" redirect-carefully |
31 |
BrowserMatch "^XML Spy" redirect-carefully |
32 |
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully |
33 |
|
34 |
diff --git a/2.2/init/apache2.initd b/2.2/init/apache2.initd |
35 |
index 5eaf675..b6e001e 100755 |
36 |
--- a/2.2/init/apache2.initd |
37 |
+++ b/2.2/init/apache2.initd |
38 |
@@ -61,7 +61,7 @@ start() { |
39 |
ebegin "Starting ${SVCNAME}" |
40 |
${APACHE2} ${APACHE2_OPTS} -k start |
41 |
|
42 |
- let i=0 |
43 |
+ i=0 |
44 |
while [ ! -e "${PIDFILE}" ] && [ $i -lt ${TIMEOUT} ]; do |
45 |
sleep 1 && i=$(expr $i + 1) |
46 |
done |
47 |
@@ -76,7 +76,7 @@ stop() { |
48 |
ebegin "Stopping ${SVCNAME}" |
49 |
${APACHE2} ${APACHE2_OPTS} -k stop |
50 |
|
51 |
- let i=0 |
52 |
+ i=0 |
53 |
while pidof "${APACHE2}" >/dev/null && [ $i -lt ${TIMEOUT} ]; do |
54 |
sleep 1 && i=$(expr $i + 1) |
55 |
done |
56 |
|
57 |
diff --git a/2.2/patches/05_all_fix_graceful_multiple_listeners.patch b/2.2/patches/05_all_fix_graceful_multiple_listeners.patch |
58 |
new file mode 100644 |
59 |
index 0000000..6ed9de1 |
60 |
--- /dev/null |
61 |
+++ b/2.2/patches/05_all_fix_graceful_multiple_listeners.patch |
62 |
@@ -0,0 +1,42 @@ |
63 |
+--- httpd/httpd/branches/2.2.x/server/mpm/prefork/prefork.c 2009/01/31 20:53:11 739607 |
64 |
++++ httpd/httpd/branches/2.2.x/server/mpm/prefork/prefork.c 2009/01/31 20:54:55 739608 |
65 |
+@@ -577,19 +577,27 @@ |
66 |
+ apr_int32_t numdesc; |
67 |
+ const apr_pollfd_t *pdesc; |
68 |
+ |
69 |
+- /* timeout == -1 == wait forever */ |
70 |
+- status = apr_pollset_poll(pollset, -1, &numdesc, &pdesc); |
71 |
++ /* check for termination first so we don't sleep for a while in |
72 |
++ * poll if already signalled |
73 |
++ */ |
74 |
++ if (one_process && shutdown_pending) { |
75 |
++ SAFE_ACCEPT(accept_mutex_off()); |
76 |
++ return; |
77 |
++ } |
78 |
++ else if (die_now) { |
79 |
++ /* In graceful stop/restart; drop the mutex |
80 |
++ * and terminate the child. */ |
81 |
++ SAFE_ACCEPT(accept_mutex_off()); |
82 |
++ clean_child_exit(0); |
83 |
++ } |
84 |
++ /* timeout == 10 seconds to avoid a hang at graceful restart/stop |
85 |
++ * caused by the closing of sockets by the signal handler |
86 |
++ */ |
87 |
++ status = apr_pollset_poll(pollset, apr_time_from_sec(10), |
88 |
++ &numdesc, &pdesc); |
89 |
+ if (status != APR_SUCCESS) { |
90 |
+- if (APR_STATUS_IS_EINTR(status)) { |
91 |
+- if (one_process && shutdown_pending) { |
92 |
+- return; |
93 |
+- } |
94 |
+- else if (die_now) { |
95 |
+- /* In graceful stop/restart; drop the mutex |
96 |
+- * and terminate the child. */ |
97 |
+- SAFE_ACCEPT(accept_mutex_off()); |
98 |
+- clean_child_exit(0); |
99 |
+- } |
100 |
++ if (APR_STATUS_IS_TIMEUP(status) || |
101 |
++ APR_STATUS_IS_EINTR(status)) { |
102 |
+ continue; |
103 |
+ } |
104 |
+ /* Single Unix documents select as returning errnos |
105 |
|
106 |
diff --git a/2.2/patches/06_all_CVE-2009-1191.patch b/2.2/patches/06_all_CVE-2009-1191.patch |
107 |
new file mode 100644 |
108 |
index 0000000..cbb790a |
109 |
--- /dev/null |
110 |
+++ b/2.2/patches/06_all_CVE-2009-1191.patch |
111 |
@@ -0,0 +1,37 @@ |
112 |
+Index: modules/proxy/mod_proxy_ajp.c |
113 |
+=================================================================== |
114 |
+--- modules/proxy/mod_proxy_ajp.c (Revision 763379) |
115 |
++++ modules/proxy/mod_proxy_ajp.c (Arbeitskopie) |
116 |
+@@ -307,21 +307,17 @@ |
117 |
+ "proxy: read zero bytes, expecting" |
118 |
+ " %" APR_OFF_T_FMT " bytes", |
119 |
+ content_length); |
120 |
+- status = ajp_send_data_msg(conn->sock, msg, 0); |
121 |
+- if (status != APR_SUCCESS) { |
122 |
+- /* We had a failure: Close connection to backend */ |
123 |
+- conn->close++; |
124 |
+- ap_log_error(APLOG_MARK, APLOG_ERR, status, r->server, |
125 |
+- "proxy: send failed to %pI (%s)", |
126 |
+- conn->worker->cp->addr, |
127 |
+- conn->worker->hostname); |
128 |
+- return HTTP_INTERNAL_SERVER_ERROR; |
129 |
+- } |
130 |
+- else { |
131 |
+- /* Client send zero bytes with C-L > 0 |
132 |
+- */ |
133 |
+- return HTTP_BAD_REQUEST; |
134 |
+- } |
135 |
++ /* |
136 |
++ * We can only get here if the client closed the connection |
137 |
++ * to us without sending the body. |
138 |
++ * Now the connection is in the wrong state on the backend. |
139 |
++ * Sending an empty data msg doesn't help either as it does |
140 |
++ * not move this connection to the correct state on the backend |
141 |
++ * for later resusage by the next request again. |
142 |
++ * Close it to clean things up. |
143 |
++ */ |
144 |
++ conn->close++; |
145 |
++ return HTTP_BAD_REQUEST; |
146 |
+ } |
147 |
+ } |
148 |
+ |
149 |
|
150 |
diff --git a/2.2/patches/07_all_CVE-2009-1195.patch b/2.2/patches/07_all_CVE-2009-1195.patch |
151 |
new file mode 100644 |
152 |
index 0000000..14a6dba |
153 |
--- /dev/null |
154 |
+++ b/2.2/patches/07_all_CVE-2009-1195.patch |
155 |
@@ -0,0 +1,136 @@ |
156 |
+Index: server/config.c |
157 |
+=================================================================== |
158 |
+--- server/config.c (revision 773036) |
159 |
++++ server/config.c (working copy) |
160 |
+@@ -1510,7 +1510,7 @@ |
161 |
+ parms.temp_pool = ptemp; |
162 |
+ parms.server = s; |
163 |
+ parms.override = (RSRC_CONF | OR_ALL) & ~(OR_AUTHCFG | OR_LIMIT); |
164 |
+- parms.override_opts = OPT_ALL | OPT_INCNOEXEC | OPT_SYM_OWNER | OPT_MULTI; |
165 |
++ parms.override_opts = OPT_ALL | OPT_SYM_OWNER | OPT_MULTI; |
166 |
+ |
167 |
+ parms.config_file = ap_pcfg_open_custom(p, "-c/-C directives", |
168 |
+ &arr_parms, NULL, |
169 |
+@@ -1617,7 +1617,7 @@ |
170 |
+ parms.temp_pool = ptemp; |
171 |
+ parms.server = s; |
172 |
+ parms.override = (RSRC_CONF | OR_ALL) & ~(OR_AUTHCFG | OR_LIMIT); |
173 |
+- parms.override_opts = OPT_ALL | OPT_INCNOEXEC | OPT_SYM_OWNER | OPT_MULTI; |
174 |
++ parms.override_opts = OPT_ALL | OPT_SYM_OWNER | OPT_MULTI; |
175 |
+ |
176 |
+ rv = ap_pcfg_openfile(&cfp, p, fname); |
177 |
+ if (rv != APR_SUCCESS) { |
178 |
+@@ -1755,7 +1755,7 @@ |
179 |
+ parms.temp_pool = ptemp; |
180 |
+ parms.server = s; |
181 |
+ parms.override = (RSRC_CONF | OR_ALL) & ~(OR_AUTHCFG | OR_LIMIT); |
182 |
+- parms.override_opts = OPT_ALL | OPT_INCNOEXEC | OPT_SYM_OWNER | OPT_MULTI; |
183 |
++ parms.override_opts = OPT_ALL | OPT_SYM_OWNER | OPT_MULTI; |
184 |
+ parms.limited = -1; |
185 |
+ |
186 |
+ errmsg = ap_walk_config(conftree, &parms, s->lookup_defaults); |
187 |
+Index: server/core.c |
188 |
+=================================================================== |
189 |
+--- server/core.c (revision 773036) |
190 |
++++ server/core.c (working copy) |
191 |
+@@ -108,8 +108,7 @@ |
192 |
+ conf->opts = dir ? OPT_UNSET : OPT_UNSET|OPT_ALL; |
193 |
+ conf->opts_add = conf->opts_remove = OPT_NONE; |
194 |
+ conf->override = dir ? OR_UNSET : OR_UNSET|OR_ALL; |
195 |
+- conf->override_opts = OPT_UNSET | OPT_ALL | OPT_INCNOEXEC | OPT_SYM_OWNER |
196 |
+- | OPT_MULTI; |
197 |
++ conf->override_opts = OPT_UNSET | OPT_ALL | OPT_SYM_OWNER | OPT_MULTI; |
198 |
+ |
199 |
+ conf->content_md5 = 2; |
200 |
+ conf->accept_path_info = 3; |
201 |
+@@ -242,8 +241,15 @@ |
202 |
+ conf->opts_remove = (conf->opts_remove & ~new->opts_add) |
203 |
+ | new->opts_remove; |
204 |
+ conf->opts = (conf->opts & ~conf->opts_remove) | conf->opts_add; |
205 |
+- if ((base->opts & OPT_INCNOEXEC) && (new->opts & OPT_INCLUDES)) { |
206 |
+- conf->opts = (conf->opts & ~OPT_INCNOEXEC) | OPT_INCLUDES; |
207 |
++ |
208 |
++ /* If Includes was enabled with exec in the base config, but |
209 |
++ * was enabled without exec in the new config, then disable |
210 |
++ * exec in the merged set. */ |
211 |
++ if (((base->opts & (OPT_INCLUDES|OPT_INC_WITH_EXEC)) |
212 |
++ == (OPT_INCLUDES|OPT_INC_WITH_EXEC)) |
213 |
++ && ((new->opts & (OPT_INCLUDES|OPT_INC_WITH_EXEC)) |
214 |
++ == OPT_INCLUDES)) { |
215 |
++ conf->opts &= ~OPT_INC_WITH_EXEC; |
216 |
+ } |
217 |
+ } |
218 |
+ else { |
219 |
+@@ -1304,10 +1310,12 @@ |
220 |
+ opt = OPT_INDEXES; |
221 |
+ } |
222 |
+ else if (!strcasecmp(w, "Includes")) { |
223 |
+- opt = OPT_INCLUDES; |
224 |
++ /* If Includes is permitted, both Includes and |
225 |
++ * IncludesNOEXEC may be changed. */ |
226 |
++ opt = (OPT_INCLUDES | OPT_INC_WITH_EXEC); |
227 |
+ } |
228 |
+ else if (!strcasecmp(w, "IncludesNOEXEC")) { |
229 |
+- opt = (OPT_INCLUDES | OPT_INCNOEXEC); |
230 |
++ opt = OPT_INCLUDES; |
231 |
+ } |
232 |
+ else if (!strcasecmp(w, "FollowSymLinks")) { |
233 |
+ opt = OPT_SYM_LINKS; |
234 |
+@@ -1428,10 +1436,10 @@ |
235 |
+ opt = OPT_INDEXES; |
236 |
+ } |
237 |
+ else if (!strcasecmp(w, "Includes")) { |
238 |
+- opt = OPT_INCLUDES; |
239 |
++ opt = (OPT_INCLUDES | OPT_INC_WITH_EXEC); |
240 |
+ } |
241 |
+ else if (!strcasecmp(w, "IncludesNOEXEC")) { |
242 |
+- opt = (OPT_INCLUDES | OPT_INCNOEXEC); |
243 |
++ opt = OPT_INCLUDES; |
244 |
+ } |
245 |
+ else if (!strcasecmp(w, "FollowSymLinks")) { |
246 |
+ opt = OPT_SYM_LINKS; |
247 |
+Index: modules/filters/mod_include.c |
248 |
+=================================================================== |
249 |
+--- modules/filters/mod_include.c (revision 773036) |
250 |
++++ modules/filters/mod_include.c (working copy) |
251 |
+@@ -3574,7 +3574,7 @@ |
252 |
+ intern->seen_eos = 0; |
253 |
+ intern->state = PARSE_PRE_HEAD; |
254 |
+ ctx->flags = (SSI_FLAG_PRINTING | SSI_FLAG_COND_TRUE); |
255 |
+- if (ap_allow_options(r) & OPT_INCNOEXEC) { |
256 |
++ if ((ap_allow_options(r) & OPT_INC_WITH_EXEC) == 0) { |
257 |
+ ctx->flags |= SSI_FLAG_NO_EXEC; |
258 |
+ } |
259 |
+ intern->accessenable = conf->accessenable; |
260 |
+Index: include/http_core.h |
261 |
+=================================================================== |
262 |
+--- include/http_core.h (revision 773036) |
263 |
++++ include/http_core.h (working copy) |
264 |
+@@ -65,7 +65,7 @@ |
265 |
+ #define OPT_NONE 0 |
266 |
+ /** Indexes directive */ |
267 |
+ #define OPT_INDEXES 1 |
268 |
+-/** Includes directive */ |
269 |
++/** SSI is enabled without exec= permission */ |
270 |
+ #define OPT_INCLUDES 2 |
271 |
+ /** FollowSymLinks directive */ |
272 |
+ #define OPT_SYM_LINKS 4 |
273 |
+@@ -73,14 +73,14 @@ |
274 |
+ #define OPT_EXECCGI 8 |
275 |
+ /** directive unset */ |
276 |
+ #define OPT_UNSET 16 |
277 |
+-/** IncludesNOEXEC directive */ |
278 |
+-#define OPT_INCNOEXEC 32 |
279 |
++/** SSI exec= permission is permitted, iff OPT_INCLUDES is also set */ |
280 |
++#define OPT_INC_WITH_EXEC 32 |
281 |
+ /** SymLinksIfOwnerMatch directive */ |
282 |
+ #define OPT_SYM_OWNER 64 |
283 |
+ /** MultiViews directive */ |
284 |
+ #define OPT_MULTI 128 |
285 |
+ /** All directives */ |
286 |
+-#define OPT_ALL (OPT_INDEXES|OPT_INCLUDES|OPT_SYM_LINKS|OPT_EXECCGI) |
287 |
++#define OPT_ALL (OPT_INDEXES|OPT_INCLUDES|OPT_INC_WITH_EXEC|OPT_SYM_LINKS|OPT_EXECCGI) |
288 |
+ /** @} */ |
289 |
+ |
290 |
+ /** |
291 |
+ |
292 |
|
293 |
diff --git a/2.2/patches/08_all_CVE-2009-1890.patch b/2.2/patches/08_all_CVE-2009-1890.patch |
294 |
new file mode 100644 |
295 |
index 0000000..672c82b |
296 |
--- /dev/null |
297 |
+++ b/2.2/patches/08_all_CVE-2009-1890.patch |
298 |
@@ -0,0 +1,38 @@ |
299 |
+--- httpd/httpd/trunk/modules/proxy/mod_proxy_http.c 2009/07/02 13:37:39 790586 |
300 |
++++ httpd/httpd/trunk/modules/proxy/mod_proxy_http.c 2009/07/02 13:41:18 790587 |
301 |
+@@ -427,10 +427,16 @@ |
302 |
+ apr_off_t bytes_streamed = 0; |
303 |
+ |
304 |
+ if (old_cl_val) { |
305 |
++ char *endstr; |
306 |
++ |
307 |
+ add_cl(p, bucket_alloc, header_brigade, old_cl_val); |
308 |
+- if (APR_SUCCESS != (status = apr_strtoff(&cl_val, old_cl_val, NULL, |
309 |
+- 0))) { |
310 |
+- return HTTP_INTERNAL_SERVER_ERROR; |
311 |
++ status = apr_strtoff(&cl_val, old_cl_val, &endstr, 10); |
312 |
++ |
313 |
++ if (status || *endstr || endstr == old_cl_val || cl_val < 0) { |
314 |
++ ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, |
315 |
++ "proxy: could not parse request Content-Length (%s)", |
316 |
++ old_cl_val); |
317 |
++ return HTTP_BAD_REQUEST; |
318 |
+ } |
319 |
+ } |
320 |
+ terminate_headers(bucket_alloc, header_brigade); |
321 |
+@@ -463,8 +469,13 @@ |
322 |
+ * |
323 |
+ * Prevents HTTP Response Splitting. |
324 |
+ */ |
325 |
+- if (bytes_streamed > cl_val) |
326 |
+- continue; |
327 |
++ if (bytes_streamed > cl_val) { |
328 |
++ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, |
329 |
++ "proxy: read more bytes of request body than expected " |
330 |
++ "(got %" APR_OFF_T_FMT ", expected %" APR_OFF_T_FMT ")", |
331 |
++ bytes_streamed, cl_val); |
332 |
++ return HTTP_INTERNAL_SERVER_ERROR; |
333 |
++ } |
334 |
+ |
335 |
+ if (header_brigade) { |
336 |
+ /* we never sent the header brigade, so go ahead and |
337 |
|
338 |
diff --git a/2.2/patches/21_all_itk_20080727.patch b/2.2/patches/21_all_itk_20090114.patch |
339 |
similarity index 87% |
340 |
rename from 2.2/patches/21_all_itk_20080727.patch |
341 |
rename to 2.2/patches/21_all_itk_20090114.patch |
342 |
index a9580eb..3a346cc 100644 |
343 |
--- a/2.2/patches/21_all_itk_20080727.patch |
344 |
+++ b/2.2/patches/21_all_itk_20090114.patch |
345 |
@@ -1,23 +1,26 @@ |
346 |
-unchanged: |
347 |
---- apache2.2/server/mpm/experimental/itk/Makefile.in |
348 |
-+++ apache2.2/server/mpm/experimental/itk/Makefile.in |
349 |
+Index: httpd-2.2.11/server/mpm/experimental/itk/Makefile.in |
350 |
+=================================================================== |
351 |
+--- /dev/null |
352 |
++++ httpd-2.2.11/server/mpm/experimental/itk/Makefile.in |
353 |
@@ -0,0 +1,5 @@ |
354 |
+ |
355 |
+LTLIBRARY_NAME = libitk.la |
356 |
+LTLIBRARY_SOURCES = itk.c |
357 |
+ |
358 |
+include $(top_srcdir)/build/ltlib.mk |
359 |
-unchanged: |
360 |
---- apache2.2/server/mpm/experimental/itk/config.m4 |
361 |
-+++ apache2.2/server/mpm/experimental/itk/config.m4 2007-01-29 21:03:57.000000000 +0100 |
362 |
+Index: httpd-2.2.11/server/mpm/experimental/itk/config.m4 |
363 |
+=================================================================== |
364 |
+--- /dev/null |
365 |
++++ httpd-2.2.11/server/mpm/experimental/itk/config.m4 |
366 |
@@ -0,0 +1,3 @@ |
367 |
+if test "$MPM_NAME" = "itk" ; then |
368 |
+ APACHE_FAST_OUTPUT(server/mpm/$MPM_SUBDIR_NAME/Makefile) |
369 |
+fi |
370 |
-diff -u apache2.2/server/mpm/experimental/itk/itk.c apache2.2/server/mpm/experimental/itk/itk.c |
371 |
---- apache2.2/server/mpm/experimental/itk/itk.c |
372 |
-+++ apache2.2/server/mpm/experimental/itk/itk.c |
373 |
-@@ -0,0 +1,1704 @@ |
374 |
+Index: httpd-2.2.11/server/mpm/experimental/itk/itk.c |
375 |
+=================================================================== |
376 |
+--- /dev/null |
377 |
++++ httpd-2.2.11/server/mpm/experimental/itk/itk.c |
378 |
+@@ -0,0 +1,1740 @@ |
379 |
+/* Licensed to the Apache Software Foundation (ASF) under one or more |
380 |
+ * contributor license agreements. See the NOTICE file distributed with |
381 |
+ * this work for additional information regarding copyright ownership. |
382 |
@@ -33,7 +36,10 @@ diff -u apache2.2/server/mpm/experimental/itk/itk.c apache2.2/server/mpm/experim |
383 |
+ * See the License for the specific language governing permissions and |
384 |
+ * limitations under the License. |
385 |
+ * |
386 |
-+ * Portions copyright 2005-2007 Steinar H. Gunderson <sgunderson@×××××××.com>. |
387 |
++ * Portions copyright 2005-2009 Steinar H. Gunderson <sgunderson@×××××××.com>. |
388 |
++ * Licensed under the same terms as the rest of Apache. |
389 |
++ * |
390 |
++ * Portions copyright 2008 Knut Auvor Grythe <knut@×××××.no>. |
391 |
+ * Licensed under the same terms as the rest of Apache. |
392 |
+ */ |
393 |
+ |
394 |
@@ -45,8 +51,8 @@ diff -u apache2.2/server/mpm/experimental/itk/itk.c apache2.2/server/mpm/experim |
395 |
+ |
396 |
+# define _DBG(text,par...) \ |
397 |
+ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, \ |
398 |
-+ "(itkmpm: pid=%d uid=%d) %s(): " text, \ |
399 |
-+ getpid(), getuid(), __FUNCTION__, par) |
400 |
++ "(itkmpm: pid=%d uid=%d, gid=%d) %s(): " text, \ |
401 |
++ getpid(), getuid(), getgid(), __FUNCTION__, par) |
402 |
+ |
403 |
+#define APR_WANT_STDIO |
404 |
+#define APR_WANT_STRFUNC |
405 |
@@ -69,7 +75,7 @@ diff -u apache2.2/server/mpm/experimental/itk/itk.c apache2.2/server/mpm/experim |
406 |
+#include "http_config.h" |
407 |
+#include "http_core.h" /* for get_remote_host */ |
408 |
+#include "http_connection.h" |
409 |
-+#include "http_protocol.h" /* for ap_hook_post_read_request */ |
410 |
++#include "http_request.h" /* for ap_hook_post_perdir_config */ |
411 |
+#include "scoreboard.h" |
412 |
+#include "ap_mpm.h" |
413 |
+#include "unixd.h" |
414 |
@@ -172,16 +178,20 @@ diff -u apache2.2/server/mpm/experimental/itk/itk.c apache2.2/server/mpm/experim |
415 |
+#endif /* TPF */ |
416 |
+ |
417 |
+static volatile int die_now = 0; |
418 |
-+static volatile int listeners_closed = 0; |
419 |
-+static int active_connection = 0; |
420 |
++ |
421 |
++#define UNSET_NICE_VALUE 100 |
422 |
++ |
423 |
++typedef struct |
424 |
++{ |
425 |
++ uid_t uid; |
426 |
++ gid_t gid; |
427 |
++ char *username; |
428 |
++ int nice_value; |
429 |
++} itk_per_dir_conf; |
430 |
+ |
431 |
+typedef struct |
432 |
+{ |
433 |
-+ uid_t uid; |
434 |
-+ gid_t gid; |
435 |
-+ char *username; |
436 |
-+ int max_clients_vhost; |
437 |
-+ int nice_value; |
438 |
++ int max_clients_vhost; |
439 |
+} itk_server_conf; |
440 |
+ |
441 |
+module AP_MODULE_DECLARE_DATA mpm_itk_module; |
442 |
@@ -376,10 +386,7 @@ diff -u apache2.2/server/mpm/experimental/itk/itk.c apache2.2/server/mpm/experim |
443 |
+ |
444 |
+static void stop_listening(int sig) |
445 |
+{ |
446 |
-+ if (active_connection) { |
447 |
-+ ap_close_listeners(); |
448 |
-+ listeners_closed = 1; |
449 |
-+ } |
450 |
++ ap_close_listeners(); |
451 |
+ |
452 |
+ /* For a graceful stop, we want the child to exit when done */ |
453 |
+ die_now = 1; |
454 |
@@ -529,7 +536,8 @@ diff -u apache2.2/server/mpm/experimental/itk/itk.c apache2.2/server/mpm/experim |
455 |
+ cap_value_t suidcaps[] = { |
456 |
+ CAP_SETUID, |
457 |
+ CAP_SETGID, |
458 |
-+ CAP_SYS_NICE |
459 |
++ CAP_DAC_READ_SEARCH, |
460 |
++ CAP_SYS_NICE, |
461 |
+ }; |
462 |
+#endif |
463 |
+ |
464 |
@@ -606,7 +614,10 @@ diff -u apache2.2/server/mpm/experimental/itk/itk.c apache2.2/server/mpm/experim |
465 |
+ |
466 |
+ bucket_alloc = apr_bucket_alloc_create(pchild); |
467 |
+ |
468 |
-+ while (!die_now) { |
469 |
++ /* die_now is set when AP_SIG_GRACEFUL is received in the child; |
470 |
++ * shutdown_pending is set when SIGTERM is received when running |
471 |
++ * in single process mode. */ |
472 |
++ while (!die_now && !shutdown_pending) { |
473 |
+ conn_rec *current_conn; |
474 |
+ void *csd; |
475 |
+ |
476 |
@@ -640,11 +651,6 @@ diff -u apache2.2/server/mpm/experimental/itk/itk.c apache2.2/server/mpm/experim |
477 |
+ apr_int32_t numdesc; |
478 |
+ const apr_pollfd_t *pdesc; |
479 |
+ |
480 |
-+ if (die_now) { |
481 |
-+ status = !APR_SUCCESS; |
482 |
-+ goto unlock; |
483 |
-+ } |
484 |
-+ |
485 |
+ /* timeout == -1 == wait forever */ |
486 |
+ status = apr_pollset_poll(pollset, -1, &numdesc, &pdesc); |
487 |
+ if (status != APR_SUCCESS) { |
488 |
@@ -652,6 +658,12 @@ diff -u apache2.2/server/mpm/experimental/itk/itk.c apache2.2/server/mpm/experim |
489 |
+ if (one_process && shutdown_pending) { |
490 |
+ return; |
491 |
+ } |
492 |
++ else if (die_now) { |
493 |
++ /* In graceful stop/restart; drop the mutex |
494 |
++ * and terminate the child. */ |
495 |
++ SAFE_ACCEPT(accept_mutex_off()); |
496 |
++ clean_child_exit(0); |
497 |
++ } |
498 |
+ continue; |
499 |
+ } |
500 |
+ /* Single Unix documents select as returning errnos |
501 |
@@ -662,6 +674,7 @@ diff -u apache2.2/server/mpm/experimental/itk/itk.c apache2.2/server/mpm/experim |
502 |
+ */ |
503 |
+ ap_log_error(APLOG_MARK, APLOG_ERR, status, |
504 |
+ ap_server_conf, "apr_pollset_poll: (listen)"); |
505 |
++ SAFE_ACCEPT(accept_mutex_off()); |
506 |
+ clean_child_exit(1); |
507 |
+ } |
508 |
+ |
509 |
@@ -693,14 +706,8 @@ diff -u apache2.2/server/mpm/experimental/itk/itk.c apache2.2/server/mpm/experim |
510 |
+ /* if we accept() something we don't want to die, so we have to |
511 |
+ * defer the exit |
512 |
+ */ |
513 |
-+ if (!die_now) { |
514 |
-+ status = lr->accept_func(&csd, lr, ptrans); |
515 |
-+ } |
516 |
-+ else { |
517 |
-+ status = !APR_SUCCESS; |
518 |
-+ } |
519 |
++ status = lr->accept_func(&csd, lr, ptrans); |
520 |
+ |
521 |
-+ unlock: |
522 |
+ SAFE_ACCEPT(accept_mutex_off()); /* unlock after "accept" */ |
523 |
+ |
524 |
+ if (status == APR_EGENERAL) { |
525 |
@@ -716,14 +723,8 @@ diff -u apache2.2/server/mpm/experimental/itk/itk.c apache2.2/server/mpm/experim |
526 |
+ * socket options, file descriptors, and read/write buffers. |
527 |
+ */ |
528 |
+ |
529 |
-+ active_connection = 1; |
530 |
-+ if (die_now && !listeners_closed) { |
531 |
-+ ap_close_listeners(); |
532 |
-+ listeners_closed = 1; |
533 |
-+ } |
534 |
-+ |
535 |
+ { |
536 |
-+ pid_t pid = fork(); |
537 |
++ pid_t pid = fork(), child_pid; |
538 |
+ int status; |
539 |
+ switch (pid) { |
540 |
+ case -1: |
541 |
@@ -738,7 +739,11 @@ diff -u apache2.2/server/mpm/experimental/itk/itk.c apache2.2/server/mpm/experim |
542 |
+ } |
543 |
+ exit(0); |
544 |
+ default: /* parent; just wait for child to be done */ |
545 |
-+ if (waitpid(pid, &status, 0) != pid || !WIFEXITED(status)) { |
546 |
++ do { |
547 |
++ child_pid = waitpid(pid, &status, 0); |
548 |
++ } while (child_pid == -1 && errno == EINTR); |
549 |
++ |
550 |
++ if (child_pid != pid || !WIFEXITED(status)) { |
551 |
+ if (WIFSIGNALED(status)) { |
552 |
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf, "child died with signal %u", WTERMSIG(status)); |
553 |
+ } else if (WEXITSTATUS(status) != 0) { |
554 |
@@ -751,7 +756,6 @@ diff -u apache2.2/server/mpm/experimental/itk/itk.c apache2.2/server/mpm/experim |
555 |
+ break; |
556 |
+ } |
557 |
+ } |
558 |
-+ active_connection = 0; |
559 |
+ |
560 |
+ /* Check the pod and the generation number after processing a |
561 |
+ * connection so that we'll go away if a graceful restart occurred |
562 |
@@ -1434,13 +1438,13 @@ diff -u apache2.2/server/mpm/experimental/itk/itk.c apache2.2/server/mpm/experim |
563 |
+ return OK; |
564 |
+} |
565 |
+ |
566 |
-+static int itk_post_read(request_rec *r) |
567 |
++static int itk_post_perdir_config(request_rec *r) |
568 |
+{ |
569 |
+ uid_t wanted_uid; |
570 |
+ gid_t wanted_gid; |
571 |
+ const char *wanted_username; |
572 |
+ int err = 0; |
573 |
-+ |
574 |
++ |
575 |
+ itk_server_conf *sconf = |
576 |
+ (itk_server_conf *) ap_get_module_config(r->server->module_config, &mpm_itk_module); |
577 |
+ |
578 |
@@ -1461,17 +1465,21 @@ diff -u apache2.2/server/mpm/experimental/itk/itk.c apache2.2/server/mpm/experim |
579 |
+ } |
580 |
+ } |
581 |
+ |
582 |
++ itk_per_dir_conf *dconf = |
583 |
++ (itk_per_dir_conf *) ap_get_module_config(r->per_dir_config, &mpm_itk_module); |
584 |
++ |
585 |
+ strncpy(ap_scoreboard_image->servers[my_child_num][0].vhost, r->server->server_hostname, 31); |
586 |
+ ap_scoreboard_image->servers[my_child_num][0].vhost[31] = 0; |
587 |
+ |
588 |
-+ if (setpriority(PRIO_PROCESS, 0, sconf->nice_value)) { |
589 |
++ if (dconf->nice_value != UNSET_NICE_VALUE && |
590 |
++ setpriority(PRIO_PROCESS, 0, dconf->nice_value)) { |
591 |
+ _DBG("setpriority(): %s", strerror(errno)); |
592 |
+ err = 1; |
593 |
+ } |
594 |
+ |
595 |
-+ wanted_uid = sconf->uid; |
596 |
-+ wanted_gid = sconf->gid; |
597 |
-+ wanted_username = sconf->username; |
598 |
++ wanted_uid = dconf->uid; |
599 |
++ wanted_gid = dconf->gid; |
600 |
++ wanted_username = dconf->username; |
601 |
+ |
602 |
+ if (wanted_uid == -1 || wanted_gid == -1) { |
603 |
+ wanted_uid = unixd_config.user_id; |
604 |
@@ -1481,13 +1489,13 @@ diff -u apache2.2/server/mpm/experimental/itk/itk.c apache2.2/server/mpm/experim |
605 |
+ |
606 |
+ if (!err && wanted_uid != -1 && wanted_gid != -1 && (getuid() != wanted_uid || getgid() != wanted_gid)) { |
607 |
+ if (setgid(wanted_gid)) { |
608 |
-+ _DBG("setgid(): %s", strerror(errno)); |
609 |
++ _DBG("setgid(%d): %s", wanted_gid, strerror(errno)); |
610 |
+ err = 1; |
611 |
+ } else if (initgroups(wanted_username, wanted_gid)) { |
612 |
-+ _DBG("initgroups(): %s", strerror(errno)); |
613 |
++ _DBG("initgroups(%s, %d): %s", wanted_username, wanted_gid, strerror(errno)); |
614 |
+ err = 1; |
615 |
+ } else if (setuid(wanted_uid)) { |
616 |
-+ _DBG("setuid(): %s", strerror(errno)); |
617 |
++ _DBG("setuid(%d): %s", wanted_uid, strerror(errno)); |
618 |
+ err = 1; |
619 |
+ } |
620 |
+ } |
621 |
@@ -1524,8 +1532,8 @@ diff -u apache2.2/server/mpm/experimental/itk/itk.c apache2.2/server/mpm/experim |
622 |
+ */ |
623 |
+ ap_hook_pre_config(itk_pre_config, NULL, NULL, APR_HOOK_REALLY_FIRST); |
624 |
+ |
625 |
-+ /* set the uid as fast as possible */ |
626 |
-+ ap_hook_post_read_request(itk_post_read, NULL, NULL, APR_HOOK_REALLY_FIRST); |
627 |
++ /* set the uid as fast as possible, but not before merging per-dit config */ |
628 |
++ ap_hook_header_parser(itk_post_perdir_config, NULL, NULL, APR_HOOK_REALLY_FIRST); |
629 |
+} |
630 |
+ |
631 |
+static const char *set_daemons_to_start(cmd_parms *cmd, void *dummy, const char *arg) |
632 |
@@ -1638,13 +1646,12 @@ diff -u apache2.2/server/mpm/experimental/itk/itk.c apache2.2/server/mpm/experim |
633 |
+ return NULL; |
634 |
+} |
635 |
+ |
636 |
-+static const char *assign_user_id (cmd_parms *cmd, void *dummy, const char *user_name, const char *group_name) |
637 |
++static const char *assign_user_id (cmd_parms *cmd, void *ptr, const char *user_name, const char *group_name) |
638 |
+{ |
639 |
-+ itk_server_conf *sconf = |
640 |
-+ (itk_server_conf *) ap_get_module_config(cmd->server->module_config, &mpm_itk_module); |
641 |
-+ sconf->username = strdup(user_name); |
642 |
-+ sconf->uid = ap_uname2id(user_name); |
643 |
-+ sconf->gid = ap_gname2id(group_name); |
644 |
++ itk_per_dir_conf *dconf = (itk_per_dir_conf *) ptr; |
645 |
++ dconf->username = apr_pstrdup(cmd->pool, user_name); |
646 |
++ dconf->uid = ap_uname2id(user_name); |
647 |
++ dconf->gid = ap_gname2id(group_name); |
648 |
+ return NULL; |
649 |
+} |
650 |
+ |
651 |
@@ -1654,12 +1661,11 @@ diff -u apache2.2/server/mpm/experimental/itk/itk.c apache2.2/server/mpm/experim |
652 |
+ (itk_server_conf *) ap_get_module_config(cmd->server->module_config, &mpm_itk_module); |
653 |
+ sconf->max_clients_vhost = atoi(arg); |
654 |
+ return NULL; |
655 |
-+} |
656 |
++} |
657 |
+ |
658 |
-+static const char *set_nice_value (cmd_parms *cmd, void *dummy, const char *arg) |
659 |
++static const char *set_nice_value (cmd_parms *cmd, void *ptr, const char *arg) |
660 |
+{ |
661 |
-+ itk_server_conf *sconf = |
662 |
-+ (itk_server_conf *) ap_get_module_config(cmd->server->module_config, &mpm_itk_module); |
663 |
++ itk_per_dir_conf *dconf = (itk_per_dir_conf *) ptr; |
664 |
+ int nice_value = atoi(arg); |
665 |
+ |
666 |
+ if (nice_value < -20) { |
667 |
@@ -1674,7 +1680,7 @@ diff -u apache2.2/server/mpm/experimental/itk/itk.c apache2.2/server/mpm/experim |
668 |
+ nice_value); |
669 |
+ nice_value = 19; |
670 |
+ } |
671 |
-+ sconf->nice_value = nice_value; |
672 |
++ dconf->nice_value = nice_value; |
673 |
+ return NULL; |
674 |
+} |
675 |
+ |
676 |
@@ -1691,41 +1697,75 @@ diff -u apache2.2/server/mpm/experimental/itk/itk.c apache2.2/server/mpm/experim |
677 |
+ "Maximum number of children alive at the same time"), |
678 |
+AP_INIT_TAKE1("ServerLimit", set_server_limit, NULL, RSRC_CONF, |
679 |
+ "Maximum value of MaxClients for this run of Apache"), |
680 |
-+AP_INIT_TAKE2("AssignUserID", assign_user_id, NULL, RSRC_CONF, |
681 |
++AP_INIT_TAKE2("AssignUserID", assign_user_id, NULL, RSRC_CONF|ACCESS_CONF, |
682 |
+ "Tie a virtual host to a specific child process."), |
683 |
+AP_INIT_TAKE1("MaxClientsVHost", set_max_clients_vhost, NULL, RSRC_CONF, |
684 |
+ "Maximum number of children alive at the same time for this virtual host."), |
685 |
-+AP_INIT_TAKE1("NiceValue", set_nice_value, NULL, RSRC_CONF, |
686 |
++AP_INIT_TAKE1("NiceValue", set_nice_value, NULL, RSRC_CONF|ACCESS_CONF, |
687 |
+ "Set nice value for the given vhost, from -20 (highest priority) to 19 (lowest priority)."), |
688 |
+AP_GRACEFUL_SHUTDOWN_TIMEOUT_COMMAND, |
689 |
+{ NULL } |
690 |
+}; |
691 |
+ |
692 |
++/* == allocate a private per-dir config structure == */ |
693 |
++static void *itk_create_dir_config(apr_pool_t *p, char *dummy) |
694 |
++{ |
695 |
++ itk_per_dir_conf *c = (itk_per_dir_conf *) |
696 |
++ apr_pcalloc(p, sizeof(itk_per_dir_conf)); |
697 |
++ c->uid = c->gid = -1; |
698 |
++ c->nice_value = UNSET_NICE_VALUE; |
699 |
++ return c; |
700 |
++} |
701 |
++ |
702 |
++/* == merge the parent per-dir config structure into ours == */ |
703 |
++static void *itk_merge_dir_config(apr_pool_t *p, void *parent_ptr, void *child_ptr) |
704 |
++{ |
705 |
++ itk_per_dir_conf *c = (itk_per_dir_conf *) |
706 |
++ apr_pcalloc(p, sizeof(itk_per_dir_conf)); |
707 |
++ itk_per_dir_conf *parent = (itk_per_dir_conf *) parent_ptr; |
708 |
++ itk_per_dir_conf *child = (itk_per_dir_conf *) child_ptr; |
709 |
++ |
710 |
++ if (child->username != NULL) { |
711 |
++ c->username = apr_pstrdup(p, child->username); |
712 |
++ c->uid = child->uid; |
713 |
++ c->gid = child->gid; |
714 |
++ } else if (parent->username != NULL) { |
715 |
++ c->username = apr_pstrdup(p, parent->username); |
716 |
++ c->uid = parent->uid; |
717 |
++ c->gid = parent->gid; |
718 |
++ } |
719 |
++ if (child->nice_value != UNSET_NICE_VALUE) { |
720 |
++ c->nice_value = child->nice_value; |
721 |
++ } else { |
722 |
++ c->nice_value = parent->nice_value; |
723 |
++ } |
724 |
++ return c; |
725 |
++} |
726 |
++ |
727 |
+/* == allocate a private server config structure == */ |
728 |
-+static void *itk_create_config(apr_pool_t *p, server_rec *s) |
729 |
++static void *itk_create_server_config(apr_pool_t *p, server_rec *s) |
730 |
+{ |
731 |
+ itk_server_conf *c = (itk_server_conf *) |
732 |
+ apr_pcalloc(p, sizeof(itk_server_conf)); |
733 |
-+ c->uid = c->gid = -1; |
734 |
+ c->max_clients_vhost = -1; |
735 |
-+ c->nice_value = 0; |
736 |
+ return c; |
737 |
+} |
738 |
+ |
739 |
+module AP_MODULE_DECLARE_DATA mpm_itk_module = { |
740 |
+ MPM20_MODULE_STUFF, |
741 |
+ ap_mpm_rewrite_args, /* hook to run before apache parses args */ |
742 |
-+ NULL, /* create per-directory config structure */ |
743 |
-+ NULL, /* merge per-directory config structures */ |
744 |
-+ itk_create_config, /* create per-server config structure */ |
745 |
++ itk_create_dir_config, /* create per-directory config structure */ |
746 |
++ itk_merge_dir_config, /* merge per-directory config structures */ |
747 |
++ itk_create_server_config, /* create per-server config structure */ |
748 |
+ NULL, /* merge per-server config structures */ |
749 |
+ itk_cmds, /* command apr_table_t */ |
750 |
+ itk_hooks, /* register hooks */ |
751 |
+}; |
752 |
-unchanged: |
753 |
---- apache2.2/server/mpm/experimental/itk/mpm.h |
754 |
-+++ apache2.2/server/mpm/experimental/itk/mpm.h 2007-01-29 21:22:33.000000000 +0100 |
755 |
-@@ -0,0 +1,65 @@ |
756 |
+Index: httpd-2.2.11/server/mpm/experimental/itk/mpm.h |
757 |
+=================================================================== |
758 |
+--- /dev/null |
759 |
++++ httpd-2.2.11/server/mpm/experimental/itk/mpm.h |
760 |
+@@ -0,0 +1,68 @@ |
761 |
+/* Licensed to the Apache Software Foundation (ASF) under one or more |
762 |
+ * contributor license agreements. See the NOTICE file distributed with |
763 |
+ * this work for additional information regarding copyright ownership. |
764 |
@@ -1741,7 +1781,10 @@ unchanged: |
765 |
+ * See the License for the specific language governing permissions and |
766 |
+ * limitations under the License. |
767 |
+ * |
768 |
-+ * Portions copyright 2005-2007 Steinar H. Gunderson <sgunderson@×××××××.com>. |
769 |
++ * Portions copyright 2005-2009 Steinar H. Gunderson <sgunderson@×××××××.com>. |
770 |
++ * Licensed under the same terms as the rest of Apache. |
771 |
++ * |
772 |
++ * Portions copyright 2008 Knut Auvor Grythe <knut@×××××.no>. |
773 |
+ * Licensed under the same terms as the rest of Apache. |
774 |
+ */ |
775 |
+ |
776 |
@@ -1791,10 +1834,11 @@ unchanged: |
777 |
+extern server_rec *ap_server_conf; |
778 |
+#endif /* APACHE_MPM_ITK_H */ |
779 |
+/** @} */ |
780 |
-unchanged: |
781 |
---- apache2.2/server/mpm/experimental/itk/mpm_default.h |
782 |
-+++ apache2.2/server/mpm/experimental/itk/mpm_default.h 2007-01-29 21:22:09.000000000 +0100 |
783 |
-@@ -0,0 +1,77 @@ |
784 |
+Index: httpd-2.2.11/server/mpm/experimental/itk/mpm_default.h |
785 |
+=================================================================== |
786 |
+--- /dev/null |
787 |
++++ httpd-2.2.11/server/mpm/experimental/itk/mpm_default.h |
788 |
+@@ -0,0 +1,80 @@ |
789 |
+/* Licensed to the Apache Software Foundation (ASF) under one or more |
790 |
+ * contributor license agreements. See the NOTICE file distributed with |
791 |
+ * this work for additional information regarding copyright ownership. |
792 |
@@ -1810,7 +1854,10 @@ unchanged: |
793 |
+ * See the License for the specific language governing permissions and |
794 |
+ * limitations under the License. |
795 |
+ * |
796 |
-+ * Portions copyright 2005-2007 Steinar H. Gunderson <sgunderson@×××××××.com>. |
797 |
++ * Portions copyright 2005-2009 Steinar H. Gunderson <sgunderson@×××××××.com>. |
798 |
++ * Licensed under the same terms as the rest of Apache. |
799 |
++ * |
800 |
++ * Portions copyright 2008 Knut Auvor Grythe <knut@×××××.no>. |
801 |
+ * Licensed under the same terms as the rest of Apache. |
802 |
+ */ |
803 |
+ |
804 |
@@ -1872,9 +1919,10 @@ unchanged: |
805 |
+ |
806 |
+#endif /* AP_MPM_DEFAULT_H */ |
807 |
+/** @} */ |
808 |
-unchanged: |
809 |
---- apache2.2/server/mpm/config.m4 2007-01-29 21:30:35.000000000 +0100 |
810 |
-+++ apache2.2/server/mpm/config.m4 |
811 |
+Index: httpd-2.2.11/server/mpm/config.m4 |
812 |
+=================================================================== |
813 |
+--- httpd-2.2.11.orig/server/mpm/config.m4 |
814 |
++++ httpd-2.2.11/server/mpm/config.m4 |
815 |
@@ -1,7 +1,7 @@ |
816 |
AC_MSG_CHECKING(which MPM to use) |
817 |
AC_ARG_WITH(mpm, |
818 |
@@ -1884,7 +1932,7 @@ unchanged: |
819 |
APACHE_MPM=$withval |
820 |
],[ |
821 |
if test "x$APACHE_MPM" = "x"; then |
822 |
-@@ -23,7 +23,7 @@ |
823 |
+@@ -23,7 +23,7 @@ ap_mpm_is_threaded () |
824 |
|
825 |
ap_mpm_is_experimental () |
826 |
{ |
827 |
@@ -1893,7 +1941,7 @@ unchanged: |
828 |
return 0 |
829 |
else |
830 |
return 1 |
831 |
-@@ -66,6 +66,11 @@ |
832 |
+@@ -66,6 +66,11 @@ if ap_mpm_is_experimental; then |
833 |
else |
834 |
MPM_SUBDIR_NAME=$MPM_NAME |
835 |
fi |
836 |
@@ -1905,3 +1953,84 @@ unchanged: |
837 |
MPM_DIR=server/mpm/$MPM_SUBDIR_NAME |
838 |
MPM_LIB=$MPM_DIR/lib${MPM_NAME}.la |
839 |
|
840 |
+Index: httpd-2.2.11/include/http_request.h |
841 |
+=================================================================== |
842 |
+--- httpd-2.2.11.orig/include/http_request.h |
843 |
++++ httpd-2.2.11/include/http_request.h |
844 |
+@@ -12,6 +12,12 @@ |
845 |
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
846 |
+ * See the License for the specific language governing permissions and |
847 |
+ * limitations under the License. |
848 |
++ * |
849 |
++ * Portions copyright 2005-2009 Steinar H. Gunderson <sgunderson@×××××××.com>. |
850 |
++ * Licensed under the same terms as the rest of Apache. |
851 |
++ * |
852 |
++ * Portions copyright 2008 Knut Auvor Grythe <knut@×××××.no>. |
853 |
++ * Licensed under the same terms as the rest of Apache. |
854 |
+ */ |
855 |
+ |
856 |
+ /** |
857 |
+@@ -350,6 +356,15 @@ AP_DECLARE_HOOK(int,auth_checker,(reques |
858 |
+ */ |
859 |
+ AP_DECLARE_HOOK(void,insert_filter,(request_rec *r)) |
860 |
+ |
861 |
++/** |
862 |
++ * This hook allows modules to affect the request immediately after the |
863 |
++ * per-directory configuration for the request has been generated. This allows |
864 |
++ * modules to make decisions based upon the current directory configuration |
865 |
++ * @param r The current request |
866 |
++ * @return OK or DECLINED |
867 |
++ */ |
868 |
++AP_DECLARE_HOOK(int,post_perdir_config,(request_rec *r)) |
869 |
++ |
870 |
+ AP_DECLARE(int) ap_location_walk(request_rec *r); |
871 |
+ AP_DECLARE(int) ap_directory_walk(request_rec *r); |
872 |
+ AP_DECLARE(int) ap_file_walk(request_rec *r); |
873 |
+Index: httpd-2.2.11/server/request.c |
874 |
+=================================================================== |
875 |
+--- httpd-2.2.11.orig/server/request.c |
876 |
++++ httpd-2.2.11/server/request.c |
877 |
+@@ -12,6 +12,12 @@ |
878 |
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
879 |
+ * See the License for the specific language governing permissions and |
880 |
+ * limitations under the License. |
881 |
++ * |
882 |
++ * Portions copyright 2005-2009 Steinar H. Gunderson <sgunderson@×××××××.com>. |
883 |
++ * Licensed under the same terms as the rest of Apache. |
884 |
++ * |
885 |
++ * Portions copyright 2008 Knut Auvor Grythe <knut@×××××.no>. |
886 |
++ * Licensed under the same terms as the rest of Apache. |
887 |
+ */ |
888 |
+ |
889 |
+ /* |
890 |
+@@ -61,6 +67,7 @@ APR_HOOK_STRUCT( |
891 |
+ APR_HOOK_LINK(auth_checker) |
892 |
+ APR_HOOK_LINK(insert_filter) |
893 |
+ APR_HOOK_LINK(create_request) |
894 |
++ APR_HOOK_LINK(post_perdir_config) |
895 |
+ ) |
896 |
+ |
897 |
+ AP_IMPLEMENT_HOOK_RUN_FIRST(int,translate_name, |
898 |
+@@ -80,6 +87,8 @@ AP_IMPLEMENT_HOOK_RUN_FIRST(int,auth_che |
899 |
+ AP_IMPLEMENT_HOOK_VOID(insert_filter, (request_rec *r), (r)) |
900 |
+ AP_IMPLEMENT_HOOK_RUN_ALL(int, create_request, |
901 |
+ (request_rec *r), (r), OK, DECLINED) |
902 |
++AP_IMPLEMENT_HOOK_RUN_ALL(int,post_perdir_config, |
903 |
++ (request_rec *r), (r), OK, DECLINED) |
904 |
+ |
905 |
+ |
906 |
+ static int decl_die(int status, char *phase, request_rec *r) |
907 |
+@@ -158,6 +167,13 @@ AP_DECLARE(int) ap_process_request_inter |
908 |
+ return access_status; |
909 |
+ } |
910 |
+ |
911 |
++ /* First chance to handle the request after per-directory configuration is |
912 |
++ * generated |
913 |
++ */ |
914 |
++ if ((access_status = ap_run_post_perdir_config(r))) { |
915 |
++ return access_status; |
916 |
++ } |
917 |
++ |
918 |
+ /* Only on the main request! */ |
919 |
+ if (r->main == NULL) { |
920 |
+ if ((access_status = ap_run_header_parser(r))) { |