From af40fa1a61d5e1314cd555f488edfc75e2b70f50 Mon Sep 17 00:00:00 2001 From: Packit Service Date: Dec 12 2020 01:14:04 +0000 Subject: Prepare for a new update Reverting patches so we can apply the latest update and changes can be seen in the spec file and sources. --- diff --git a/README.RPM b/README.RPM deleted file mode 100644 index 89165c5..0000000 --- a/README.RPM +++ /dev/null @@ -1,75 +0,0 @@ -Using the mod_fcgid RPM Package -=============================== - -This mod_fcgid package includes a configuration file -/etc/httpd/conf.d/fcgid.conf that ensures that the module is loaded and -added as the handler for .fcg, .fcgi, and .fpl applications. - -Example: setting up moin with mod_fcgid -======================================= - -Setting up moin with mod_fcgid is very similar to setting it up as a regular -CGI application. - - * Create a directory for your wiki instance: - - DESTDIR=/var/www/mywiki - mkdir -p $DESTDIR/cgi-bin - - * Copy in the wiki template data and the application itself: - - cp -a /usr/share/moin/{data,underlay} $DESTDIR - cp -a /usr/share/moin/server/moin.fcg $DESTDIR/cgi-bin - cp -a /usr/share/moin/config/wikiconfig.py $DESTDIR/cgi-bin - - * Fix the directory ownership - - chown -R apache:apache $DESTDIR/{data,underlay} - - * Edit $DESTDIR/cgi-bin/wikiconfig.py to suit your needs - - * Create a httpd configuration file for the wiki, e.g. - /etc/httpd/conf.d/mywiki.conf - - # Wiki application data common to all wiki instances - Alias /moin_static185 "/usr/share/moin/htdocs/" - - Options Indexes FollowSymLinks - AllowOverride None - Order allow,deny - Allow from all - - ExpiresActive On - ExpiresDefault "access plus 1 year" - - - - # Wiki instance with mod_fcgid - - ScriptAlias /mywiki "/var/www/mywiki/cgi-bin/moin.fcg" - - Options Indexes FollowSymLinks ExecCGI - AllowOverride None - Order allow,deny - Allow from all - - - - * Restart the web server to load the new configuration: - - service httpd restart - -That should do it! - -Ruby on Rails with mod_fcgid -============================ - -One of the differences between mod_fastcgi and mod_fcgid is that the former -sets the SCRIPT_NAME environment variable whilst the latter does not, and it's -reported (http://bugzilla.redhat.com/476658) that Ruby on Rails expects this -environment variable to be present. A workaround for this is to add: - -ActionController::AbstractRequest.relative_url_root = "" - -to the Rails::Initializer.run segment of config/environment.rb - diff --git a/README.SELinux b/README.SELinux deleted file mode 100644 index 981cf59..0000000 --- a/README.SELinux +++ /dev/null @@ -1,63 +0,0 @@ -Using mod_fcgid with SELinux in Fedora Core 5 / RHEL 5 onwards -============================================================== - -Versions of this package built for Fedora Core 5, 6, or 7 include an SELinux -policy module to support FastCGI applications. Later Fedora releases and Red -Hat Enterprise Linux 5.3 onwards include the policy in the main selinux-policy -package and do not require the separate module. - -The module source (fastcgi.{fc,te}) is included for reference as documentation -in the package. - -The module uses the same set of SELinux types for FastCGI applications as for -regular CGI scripts (or "system scripts" as they are known in SELinux), as -described in "man httpd_selinux". - - * httpd_sys_content_t - - Set files with httpd_sys_content_t for content that is available - from all FastCGI scripts and the daemon. - - * httpd_sys_script_exec_t - - Set FastCGI scripts with httpd_sys_script_exec_t to allow them to run - with access to all system script types. - - * httpd_sys_script_ro_t - - Set files with httpd_sys_script_ro_t if you want httpd_sys_script_exec_t - scripts to read but not write the data, and disallow other processes from - access. - - * httpd_sys_script_rw_t - - Set files with httpd_sys_script_rw_t if you want httpd_sys_script_exec_t - scripts to read/write the data, and disallow other processes from access. - - * httpd_sys_script_ra_t - - Set files with httpd_sys_script_ra_t if you want httpd_sys_script_exec_t - scripts to read/append to the file, and disallow other processes from - access. - -So for the moin wiki layout described in README.RPM of the main mod_fcgid -package, the contexts would be set as follows: - - cd /var/www/mywiki - chcon -t httpd_sys_content_t . - chcon -R -t httpd_sys_script_exec_t cgi-bin - chcon -R -t httpd_sys_script_rw_t data underlay - -It is necessary to turn on the httpd_enable_cgi boolean to run either regular -or FastCGI scripts: - - setsebool -P httpd_enable_cgi 1 - -The httpd_can_sendmail boolean is used to specify whether any of your -web applications can make outbound SMTP connections (e.g. moin sending -notifications). By default it is off, but can be enabled as follows: - - setsebool -P httpd_can_sendmail 1 - -Only enable this functionality if you actually need it, since it increases the -chances that any vulnerability in any of your web applications could be -exploited by a spammer. - -If you have any questions or issues regarding FastCGI and SELinux, please don't -hesitate to bring them up on fedora-selinux-list. - diff --git a/fastcgi.fc b/fastcgi.fc deleted file mode 100644 index 2006d97..0000000 --- a/fastcgi.fc +++ /dev/null @@ -1 +0,0 @@ -/var/run/mod_fcgid(/.*)? gen_context(system_u:object_r:httpd_var_run_t,s0) diff --git a/fastcgi.te b/fastcgi.te deleted file mode 100644 index 373d920..0000000 --- a/fastcgi.te +++ /dev/null @@ -1,71 +0,0 @@ -# This policy module provides support for mod_fcgid using the httpd system script domain. -# It provides "allow" rules that will overlap to varying degrees with selinux-policy -# packages for Fedora 5 onwards, and is a stepping stone to the merged policy included -# as updates for selinux-policy in Fedora 8, 9, and 10. -# -# Rules existing in selinux-policy 2.3.7 (FC5) have been stripped from this policy -# -# Previous versions of this policy module used a separate domain, httpd_fastcgi_script_t, -# which is now an alias for httpd_sys_script_t. - -policy_module(fastcgi, 0.1.11) - -require { - type devpts_t; - type httpd_t; - type httpd_log_t; - type httpd_sys_content_t; - type httpd_sys_script_exec_t; - type httpd_sys_script_ra_t; - type httpd_sys_script_ro_t; - type httpd_sys_script_rw_t; - type httpd_sys_script_t; - type httpd_tmp_t; - type httpd_var_run_t; -}; - -# Type aliases for contexts used with older policy modules -typealias httpd_sys_content_t alias httpd_fastcgi_content_t; -typealias httpd_sys_script_exec_t alias httpd_fastcgi_script_exec_t; -typealias httpd_sys_script_ra_t alias httpd_fastcgi_script_ra_t; -typealias httpd_sys_script_ro_t alias httpd_fastcgi_script_ro_t; -typealias httpd_sys_script_rw_t alias httpd_fastcgi_script_rw_t; -typealias httpd_sys_script_t alias httpd_fastcgi_script_t; -typealias httpd_var_run_t alias httpd_fastcgi_var_run_t; - -# ========================================================== -# Re-use httpd_sys_script_t for mod_fcgid apps -# ========================================================== - -# Allow web applications to call getpw* functions -auth_use_nsswitch(httpd_sys_script_t) - -# Allow httpd to create and use files and sockets for communicating with mod_fcgid -# Rules to do this are already in selinux-policy apart from dir setattr -allow httpd_t httpd_var_run_t:dir setattr; - -# Allow FastCGI applications to listen for FastCGI requests on their -# sockets and respond to them -allow httpd_sys_script_t httpd_t:unix_stream_socket { rw_stream_socket_perms }; - -# These are probably leaked file descriptors -dontaudit httpd_t devpts_t:chr_file ioctl; -dontaudit httpd_sys_script_t httpd_log_t:file ioctl; - -# Search automount filesystem to use automatically mounted filesystems -fs_search_auto_mountpoints(httpd_sys_script_t) - -# PHP uploads a file to /tmp and then execs programs to action them -allow httpd_sys_script_t httpd_tmp_t:dir manage_dir_perms; -allow httpd_sys_script_t httpd_tmp_t:file manage_file_perms; -files_tmp_filetrans(httpd_sys_script_t,httpd_sys_script_rw_t,{ dir file lnk_file sock_file fifo_file }) - -# Support network home directories -tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',` - fs_read_nfs_files(httpd_sys_script_t) - fs_read_nfs_symlinks(httpd_sys_script_t) -') -tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',` - fs_read_cifs_files(httpd_sys_script_t) - fs_read_cifs_symlinks(httpd_sys_script_t) -') diff --git a/fcgid.conf b/fcgid.conf deleted file mode 100644 index 90f208e..0000000 --- a/fcgid.conf +++ /dev/null @@ -1,14 +0,0 @@ -# This is the Apache server configuration file for providing FastCGI support -# through mod_fcgid -# -# Documentation is available at -# http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html - -LoadModule fcgid_module modules/mod_fcgid.so - -# Use FastCGI to process .fcg .fcgi & .fpl scripts -AddHandler fcgid-script fcg fcgi fpl - -# Sane place to put sockets and shared memory file -FcgidIPCDir /var/run/mod_fcgid -FcgidProcessTableFile /var/run/mod_fcgid/fcgid_shm diff --git a/fcgid24.conf b/fcgid24.conf deleted file mode 100644 index 2e7d486..0000000 --- a/fcgid24.conf +++ /dev/null @@ -1,12 +0,0 @@ -# This is the Apache server configuration file for providing FastCGI support -# through mod_fcgid -# -# Documentation is available at -# http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html - -# Use FastCGI to process .fcg .fcgi & .fpl scripts -AddHandler fcgid-script fcg fcgi fpl - -# Sane place to put sockets and shared memory file -FcgidIPCDir /run/mod_fcgid -FcgidProcessTableFile /run/mod_fcgid/fcgid_shm diff --git a/modules/fcgid/Makefile.apxs b/modules/fcgid/Makefile.apxs index 771adda..500449b 100644 --- a/modules/fcgid/Makefile.apxs +++ b/modules/fcgid/Makefile.apxs @@ -16,7 +16,6 @@ fcgid_srcdir=../.. builddir=. srcdir=. -MOD_FCGID_LDADD = -export-symbols-regex fcgid_module CLEAN_TARGETS = *.loT include $(exp_installbuilddir)/special.mk diff --git a/modules/fcgid/config.m4 b/modules/fcgid/config.m4 index cc488b4..eb8f67f 100644 --- a/modules/fcgid/config.m4 +++ b/modules/fcgid/config.m4 @@ -43,11 +43,6 @@ APACHE_MODULE(fcgid, [FastCGI support (mod_fcgid)], $fcigd_objs, , no, [ AC_CHECK_HEADERS(sys/mman.h) AC_CHECK_HEADERS(sys/mutex.h) AC_CHECK_HEADERS(sys/shm.h) - if test "x$enable_fcgid" = "xshared"; then - # The only symbol which needs to be exported is the module - # structure, so ask libtool to hide everything else: - APR_ADDTO(MOD_FCGID_LDADD, [-export-symbols-regex fcgid_module]) - fi ]) dnl # end of module specific part diff --git a/modules/fcgid/fcgid_bridge.c b/modules/fcgid/fcgid_bridge.c index 3e1d7d1..c8b45c2 100644 --- a/modules/fcgid/fcgid_bridge.c +++ b/modules/fcgid/fcgid_bridge.c @@ -522,8 +522,7 @@ handle_request(request_rec * r, int role, fcgid_cmd_conf *cmd_conf, } static int add_request_body(request_rec *r, apr_pool_t *request_pool, - apr_bucket_brigade *output_brigade, - apr_off_t *body_length) + apr_bucket_brigade *output_brigade) { apr_bucket *bucket_input, *bucket_header; apr_file_t *fd = NULL; @@ -726,49 +725,22 @@ static int add_request_body(request_rec *r, apr_pool_t *request_pool, } APR_BRIGADE_INSERT_TAIL(output_brigade, bucket_header); - *body_length = request_size; - return 0; } int bridge_request(request_rec * r, int role, fcgid_cmd_conf *cmd_conf) { - apr_bucket_brigade *output_brigade, *body_brigade; + apr_bucket_brigade *output_brigade; apr_bucket *bucket_eos; - char **envp; + char **envp = ap_create_environment(r->pool, + r->subprocess_env); int rc; /* Create brigade for the request to fastcgi server */ - body_brigade - = apr_brigade_create(r->pool, r->connection->bucket_alloc); output_brigade = apr_brigade_create(r->pool, r->connection->bucket_alloc); - /* In responder mode, handle the request body up front to ensure - * the content-length is known (even if the request body is - * chunked) and sent in the header. */ - if (role == FCGI_RESPONDER) { - apr_off_t body_length; - - rc = add_request_body(r, r->pool, body_brigade, &body_length); - if (rc) { - return rc; - } - - if (body_length && !apr_table_get(r->headers_in, "Content-Length")) { - ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, - "mod_fcgid: dechunked request body length %" APR_OFF_T_FMT, - body_length); - - apr_table_set(r->subprocess_env, "CONTENT_LENGTH", - apr_off_t_toa(r->pool, body_length)); - apr_table_unset(r->subprocess_env, "HTTP_TRANSFER_ENCODING"); - } - } - - envp = ap_create_environment(r->pool, r->subprocess_env); - - /* Build the begin request and environ request, add them to output_brigade */ + /* Build the begin request and environ request, append them to output_brigade */ if (!build_begin_block (role, r, r->connection->bucket_alloc, output_brigade) || !build_env_block(r, envp, r->connection->bucket_alloc, @@ -778,8 +750,12 @@ int bridge_request(request_rec * r, int role, fcgid_cmd_conf *cmd_conf) return HTTP_INTERNAL_SERVER_ERROR; } - /* Append the body output. */ - APR_BRIGADE_CONCAT(output_brigade, body_brigade); + if (role == FCGI_RESPONDER) { + rc = add_request_body(r, r->pool, output_brigade); + if (rc) { + return rc; + } + } /* The eos bucket now */ bucket_eos = apr_bucket_eos_create(r->connection->bucket_alloc); diff --git a/modules/fcgid/fcgid_conf.h b/modules/fcgid/fcgid_conf.h index 47d68bb..60aeee8 100644 --- a/modules/fcgid/fcgid_conf.h +++ b/modules/fcgid/fcgid_conf.h @@ -138,7 +138,7 @@ typedef struct { * to limit shared memory use */ #define INITENV_KEY_LEN 64 -#define INITENV_VAL_LEN 256 +#define INITENV_VAL_LEN 128 #define INITENV_CNT 64 typedef struct { char initenv_key[INITENV_CNT][INITENV_KEY_LEN]; diff --git a/modules/fcgid/fcgid_proc_unix.c b/modules/fcgid/fcgid_proc_unix.c index 7f37495..218f3f7 100644 --- a/modules/fcgid/fcgid_proc_unix.c +++ b/modules/fcgid/fcgid_proc_unix.c @@ -762,18 +762,14 @@ apr_status_t proc_write_ipc(fcgid_ipc *ipc_handle, struct iovec vec[FCGID_VEC_COUNT]; int nvec = 0; apr_bucket *e; - apr_bucket_brigade *tmpbb = apr_brigade_create(output_brigade->p, - output_brigade->bucket_alloc); - - while (!APR_BRIGADE_EMPTY(output_brigade)) - { - e = APR_BRIGADE_FIRST(output_brigade); + for (e = APR_BRIGADE_FIRST(output_brigade); + e != APR_BRIGADE_SENTINEL(output_brigade); + e = APR_BUCKET_NEXT(e)) { apr_size_t len; const char* base; if (APR_BUCKET_IS_METADATA(e)) { - apr_bucket_delete(e); continue; } @@ -784,9 +780,6 @@ apr_status_t proc_write_ipc(fcgid_ipc *ipc_handle, return rv; } - APR_BUCKET_REMOVE(e); - APR_BRIGADE_INSERT_TAIL(tmpbb, e); - vec[nvec].iov_len = len; vec[nvec].iov_base = (char*) base; if (nvec == (FCGID_VEC_COUNT - 1)) { @@ -796,7 +789,6 @@ apr_status_t proc_write_ipc(fcgid_ipc *ipc_handle, FCGID_VEC_COUNT)) != APR_SUCCESS) return rv; nvec = 0; - apr_brigade_cleanup(tmpbb); } else nvec++; @@ -808,7 +800,6 @@ apr_status_t proc_write_ipc(fcgid_ipc *ipc_handle, return rv; } - apr_brigade_destroy(tmpbb); return APR_SUCCESS; } diff --git a/modules/fcgid/fcgid_proc_win.c b/modules/fcgid/fcgid_proc_win.c index 5b3b33a..60b26a6 100644 --- a/modules/fcgid/fcgid_proc_win.c +++ b/modules/fcgid/fcgid_proc_win.c @@ -380,22 +380,19 @@ apr_status_t proc_write_ipc(fcgid_ipc * ipc_handle, apr_bucket *bucket_request; apr_status_t rv; DWORD transferred; - apr_bucket_brigade *tmpbb = apr_brigade_create(birgade_send->p, - birgade_send->bucket_alloc); handle_info = (fcgid_namedpipe_handle *) ipc_handle->ipc_handle_info; - while (!APR_BRIGADE_EMPTY(birgade_send)) { + for (bucket_request = APR_BRIGADE_FIRST(birgade_send); + bucket_request != APR_BRIGADE_SENTINEL(birgade_send); + bucket_request = APR_BUCKET_NEXT(bucket_request)) + { const char *write_buf; apr_size_t write_buf_len; apr_size_t has_write; - bucket_request = APR_BRIGADE_FIRST(birgade_send); - - if (APR_BUCKET_IS_METADATA(bucket_request)) { - apr_bucket_delete(bucket_request); + if (APR_BUCKET_IS_METADATA(bucket_request)) continue; - } if ((rv = apr_bucket_read(bucket_request, &write_buf, &write_buf_len, APR_BLOCK_READ)) != APR_SUCCESS) { @@ -404,9 +401,6 @@ apr_status_t proc_write_ipc(fcgid_ipc * ipc_handle, return rv; } - APR_BUCKET_REMOVE(bucket_request); - APR_BRIGADE_INSERT_TAIL(tmpbb, bucket_request); - /* Write the buffer to fastcgi server */ has_write = 0; while (has_write < write_buf_len) { @@ -417,7 +411,6 @@ apr_status_t proc_write_ipc(fcgid_ipc * ipc_handle, write_buf_len - has_write, &byteswrite, &handle_info->overlap_write)) { has_write += byteswrite; - apr_brigade_cleanup(tmpbb); continue; } else if ((rv = GetLastError()) != ERROR_IO_PENDING) { ap_log_rerror(APLOG_MARK, APLOG_WARNING, @@ -444,7 +437,6 @@ apr_status_t proc_write_ipc(fcgid_ipc * ipc_handle, return APR_ESPIPE; } has_write += transferred; - apr_brigade_cleanup(tmpbb); continue; } else { ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, @@ -456,7 +448,6 @@ apr_status_t proc_write_ipc(fcgid_ipc * ipc_handle, } } - apr_brigade_destroy(tmpbb); return APR_SUCCESS; } diff --git a/modules/fcgid/modules.mk.apxs b/modules/fcgid/modules.mk.apxs index b6c032b..51ad05d 100644 --- a/modules/fcgid/modules.mk.apxs +++ b/modules/fcgid/modules.mk.apxs @@ -17,7 +17,7 @@ # this is used/needed by the APACHE2 build system # mod_fcgid.la: mod_fcgid.slo fcgid_bridge.slo fcgid_conf.slo fcgid_pm_main.slo fcgid_protocol.slo fcgid_spawn_ctl.slo fcgid_proctbl_unix.slo fcgid_pm_unix.slo fcgid_proc_unix.slo fcgid_bucket.slo fcgid_filter.slo fcgid_mutex_unix.slo - $(SH_LINK) -rpath $(libexecdir) -module -avoid-version mod_fcgid.lo fcgid_bridge.lo fcgid_conf.lo fcgid_pm_main.lo fcgid_protocol.lo fcgid_spawn_ctl.lo fcgid_proctbl_unix.lo fcgid_pm_unix.lo fcgid_proc_unix.lo fcgid_bucket.lo fcgid_filter.lo fcgid_mutex_unix.lo $(MOD_FCGID_LDADD) + $(SH_LINK) -rpath $(libexecdir) -module -avoid-version mod_fcgid.lo fcgid_bridge.lo fcgid_conf.lo fcgid_pm_main.lo fcgid_protocol.lo fcgid_spawn_ctl.lo fcgid_proctbl_unix.lo fcgid_pm_unix.lo fcgid_proc_unix.lo fcgid_bucket.lo fcgid_filter.lo fcgid_mutex_unix.lo DISTCLEAN_TARGETS = modules.mk static = shared = mod_fcgid.la