diff options
-rw-r--r-- | UPDATING | 10 | ||||
-rw-r--r-- | www/apache22/Makefile | 10 | ||||
-rw-r--r-- | www/apache22/Makefile.modules | 2 | ||||
-rw-r--r-- | www/apache22/Makefile.options | 1 | ||||
-rw-r--r-- | www/apache22/files/apache22.in (renamed from www/apache22/files/apache22.sh.in) | 2 | ||||
-rw-r--r-- | www/apache22/files/htcacheclean.in (renamed from www/apache22/files/htcacheclean.sh.in) | 0 | ||||
-rw-r--r-- | www/apache22/files/opt-patch-modules:proxy:mod_proxy_connect.c | 335 | ||||
-rw-r--r-- | www/apache22/files/patch-server__core.c | 36 | ||||
-rw-r--r-- | www/apache22/files/patch-server__mpm__prefork__prefork.c | 42 |
9 files changed, 433 insertions, 5 deletions
@@ -6,6 +6,16 @@ You should get into the habit of checking this file for changes each time you update your ports collection, before attempting any port upgrades. +20090611: + AFFECTS: users of www/apache22 + AUTHOR: pgollucci@FreeBSD.org + + The 2 rc.d scripts have been renamed + apache22.sh -> apache22 + htcacheclean.sh -> htcacheclean + + You'll need to update any crons wrappers, etc for the new paths. + 20090608: AFFECTS: users of lang/python* and py-* AUTHOR: miwi@FreeBSD.org diff --git a/www/apache22/Makefile b/www/apache22/Makefile index 14d42bdce866..f49a853db905 100644 --- a/www/apache22/Makefile +++ b/www/apache22/Makefile @@ -9,7 +9,7 @@ PORTNAME= apache PORTVERSION= 2.2.11 -PORTREVISION?= 5 +PORTREVISION?= 6 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_APACHE_HTTPD} DISTNAME= httpd-${PORTVERSION} @@ -44,8 +44,7 @@ USE_BZIP2= yes USE_ICONV= yes USE_AUTOTOOLS= autoconf:262 libtool:15 USE_PERL5= yes -USE_RC_SUBR= apache22.sh htcacheclean.sh -SUB_LIST+= RC_SUBR_SUFFIX=${RC_SUBR_SUFFIX} +USE_RC_SUBR= apache22 htcacheclean LIBTOOLFILES= configure MPM_ITK_VERSION?= 20080727-00 @@ -190,6 +189,11 @@ pre-everything:: show-options: @${SED} -ne 's/^##//p' ${APACHEDIR}/Makefile.doc +#optionally enable mod_proxy_connect patch +.if defined(PATCH_PROXY_CONNECT) +EXTRA_PATCHES+= ${FILESDIR}/opt-patch-modules:proxy:mod_proxy_connect.c +.endif + post-patch: @${RM} -f ${WRKSRC}/docs/docroot/*.bak @${REINPLACE_CMD} -e 's," PLATFORM ",FreeBSD,' \ diff --git a/www/apache22/Makefile.modules b/www/apache22/Makefile.modules index 22aa264fb18f..461156a7c157 100644 --- a/www/apache22/Makefile.modules +++ b/www/apache22/Makefile.modules @@ -104,7 +104,7 @@ CONFIGURE_ARGS+= --with-dbm=db185 \ . else USE_BDB= yes CONFIGURE_ARGS+= --with-dbm=db${BDB_VER:S/40/4/} \ - --with-berkeley-db=${LOCALBASE} + --with-berkeley-db=${BDB_INCLUDE_DIR}:${BDB_LIB_DIR} . endif . else IGNORE= "Unknown DBM" diff --git a/www/apache22/Makefile.options b/www/apache22/Makefile.options index 3e1ccfd280ce..c27a45b784fe 100644 --- a/www/apache22/Makefile.options +++ b/www/apache22/Makefile.options @@ -64,6 +64,7 @@ OPTIONS+= \ VERSION "Enable mod_version" ON \ PROXY "Enable mod_proxy" OFF \ PROXY_CONNECT "Enable mod_proxy_connect" OFF \ + PATCH_PROXY_CONNECT "Patch proxy_connect SSL support" ON \ PROXY_FTP "Enable mod_proxy_ftp" OFF \ PROXY_HTTP "Enable mod_proxy_http" OFF \ PROXY_AJP "Enable mod_proxy_ajp" OFF \ diff --git a/www/apache22/files/apache22.sh.in b/www/apache22/files/apache22.in index 7e48b8ab61bf..4a268d1f82ac 100644 --- a/www/apache22/files/apache22.sh.in +++ b/www/apache22/files/apache22.in @@ -1,6 +1,6 @@ #!/bin/sh # -# $FreeBSD: /tmp/pcvs/ports/www/apache22/files/Attic/apache22.sh.in,v 1.8 2008-12-15 22:05:56 clement Exp $ +# $FreeBSD$ # # PROVIDE: apache22 diff --git a/www/apache22/files/htcacheclean.sh.in b/www/apache22/files/htcacheclean.in index 1949d0bebdd5..1949d0bebdd5 100644 --- a/www/apache22/files/htcacheclean.sh.in +++ b/www/apache22/files/htcacheclean.in diff --git a/www/apache22/files/opt-patch-modules:proxy:mod_proxy_connect.c b/www/apache22/files/opt-patch-modules:proxy:mod_proxy_connect.c new file mode 100644 index 000000000000..37d562267a8c --- /dev/null +++ b/www/apache22/files/opt-patch-modules:proxy:mod_proxy_connect.c @@ -0,0 +1,335 @@ +diff -Naurw modules/proxy/mod_proxy_connect.c modules/proxy/mod_proxy_connect.c +--- modules/proxy/mod_proxy_connect.c 2007-09-02 18:42:59.000000000 +0100 ++++ modules/proxy/mod_proxy_connect.c 2007-10-08 17:03:32.523635700 +0100 +@@ -21,6 +21,8 @@ + #include "mod_proxy.h" + #include "apr_poll.h" + ++#define CONN_BLKSZ AP_IOBUFSIZE ++ + module AP_MODULE_DECLARE_DATA proxy_connect_module; + + /* +@@ -71,6 +73,50 @@ + return OK; + } + ++/* read available data (in blocks of CONN_BLKSZ) from c_i and copy to c_o */ ++static int proxy_connect_transfer(request_rec *r, conn_rec *c_i, conn_rec *c_o, ++ apr_bucket_brigade *bb, char *name) ++{ ++ int rv; ++#ifdef DEBUGGING ++ apr_off_t len; ++#endif ++ ++ do { ++ apr_brigade_cleanup(bb); ++ rv = ap_get_brigade(c_i->input_filters, bb, AP_MODE_READBYTES, ++ APR_NONBLOCK_READ, CONN_BLKSZ); ++ if (rv == APR_SUCCESS) { ++ if (APR_BRIGADE_EMPTY(bb)) ++ break; ++#ifdef DEBUGGING ++ len = -1; ++ apr_brigade_length(bb, 0, &len); ++ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, ++ "proxy: CONNECT: read %" APR_OFF_T_FMT ++ " bytes from %s", len, name); ++#endif ++ rv = ap_pass_brigade(c_o->output_filters, bb); ++ if (rv == APR_SUCCESS) { ++ ap_fflush(c_o->output_filters, bb); ++ } else { ++ ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, ++ "proxy: CONNECT: error on %s - ap_pass_brigade", ++ name); ++ } ++ } else if (!APR_STATUS_IS_EAGAIN(rv)) { ++ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, rv, r, ++ "proxy: CONNECT: error on %s - ap_get_brigade", ++ name); ++ } ++ } while (rv == APR_SUCCESS); ++ ++ if (APR_STATUS_IS_EAGAIN(rv)) { ++ rv = APR_SUCCESS; ++ } ++ return rv; ++} ++ + /* CONNECT handler */ + static int proxy_connect_handler(request_rec *r, proxy_worker *worker, + proxy_server_conf *conf, +@@ -79,11 +125,15 @@ + { + apr_pool_t *p = r->pool; + apr_socket_t *sock; ++ conn_rec *c = r->connection; ++ conn_rec *backconn; ++ ++ apr_bucket_brigade *bb = apr_brigade_create(p, c->bucket_alloc); + apr_status_t err, rv; +- apr_size_t i, o, nbytes; ++ apr_size_t nbytes; + char buffer[HUGE_STRING_LEN]; +- apr_socket_t *client_socket = ap_get_module_config(r->connection->conn_config, &core_module); +- int failed; ++ apr_socket_t *client_socket = ap_get_module_config(c->conn_config, &core_module); ++ int failed, rc; + apr_pollset_t *pollset; + apr_pollfd_t pollfd; + const apr_pollfd_t *signalled; +@@ -158,12 +208,10 @@ + case APR_URI_SNEWS_DEFAULT_PORT: + break; + default: +- /* XXX can we call ap_proxyerror() here to get a nice log message? */ +- return HTTP_FORBIDDEN; ++ return ap_proxyerror(r, HTTP_FORBIDDEN, "Connect to remote machine blocked"); + } + } else if(!allowed_port(conf, uri.port)) { +- /* XXX can we call ap_proxyerror() here to get a nice log message? */ +- return HTTP_FORBIDDEN; ++ return ap_proxyerror(r, HTTP_FORBIDDEN, "Connect to remote machine blocked"); + } + + /* +@@ -205,18 +253,57 @@ + } + } + ++ /* setup polling for connection */ ++ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, ++ "proxy: CONNECT: setting up poll()"); ++ ++ if ((rv = apr_pollset_create(&pollset, 2, r->pool, 0)) != APR_SUCCESS) { ++ apr_socket_close(sock); ++ ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, ++ "proxy: CONNECT: error apr_pollset_create()"); ++ return HTTP_INTERNAL_SERVER_ERROR; ++ } ++ ++ /* Add client side to the poll */ ++ pollfd.p = r->pool; ++ pollfd.desc_type = APR_POLL_SOCKET; ++ pollfd.reqevents = APR_POLLIN; ++ pollfd.desc.s = client_socket; ++ pollfd.client_data = NULL; ++ apr_pollset_add(pollset, &pollfd); ++ ++ /* Add the server side to the poll */ ++ pollfd.desc.s = sock; ++ apr_pollset_add(pollset, &pollfd); ++ + /* + * Step Three: Send the Request + * + * Send the HTTP/1.1 CONNECT request to the remote server + */ + +- /* we are acting as a tunnel - the output filter stack should +- * be completely empty, because when we are done here we are done completely. +- * We add the NULL filter to the stack to do this... +- */ +- r->output_filters = NULL; +- r->connection->output_filters = NULL; ++ backconn = ap_run_create_connection(c->pool, r->server, sock, ++ c->id, c->sbh, c->bucket_alloc); ++ if (!backconn) { ++ /* peer reset */ ++ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, ++ "proxy: an error occurred creating a new connection " ++ "to %pI (%s)", connect_addr, connectname); ++ apr_socket_close(sock); ++ return HTTP_INTERNAL_SERVER_ERROR; ++ } ++ ap_proxy_ssl_disable(backconn); ++ rc = ap_run_pre_connection(backconn, sock); ++ if (rc != OK && rc != DONE) { ++ backconn->aborted = 1; ++ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, ++ "proxy: CONNECT: pre_connection setup failed (%d)", rc); ++ return HTTP_INTERNAL_SERVER_ERROR; ++ } ++ ++ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, ++ "proxy: CONNECT: connection complete to %pI (%s)", ++ connect_addr, connectname); + + + /* If we are connecting through a remote proxy, we need to pass +@@ -227,12 +314,11 @@ + */ + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, + "proxy: CONNECT: sending the CONNECT request to the remote proxy"); +- nbytes = apr_snprintf(buffer, sizeof(buffer), ++ ap_fprintf(backconn->output_filters, bb, + "CONNECT %s HTTP/1.0" CRLF, r->uri); +- apr_socket_send(sock, buffer, &nbytes); +- nbytes = apr_snprintf(buffer, sizeof(buffer), +- "Proxy-agent: %s" CRLF CRLF, ap_get_server_banner()); +- apr_socket_send(sock, buffer, &nbytes); ++ ap_fprintf(backconn->output_filters, bb, ++ "Proxy-agent: %s" CRLF CRLF, ap_get_server_version()); ++ ap_fflush(backconn->output_filters, bb); + } + else { + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, +@@ -240,11 +326,12 @@ + nbytes = apr_snprintf(buffer, sizeof(buffer), + "HTTP/1.0 200 Connection Established" CRLF); + ap_xlate_proto_to_ascii(buffer, nbytes); +- apr_socket_send(client_socket, buffer, &nbytes); ++ ap_fwrite(c->output_filters, bb, buffer, nbytes); + nbytes = apr_snprintf(buffer, sizeof(buffer), + "Proxy-agent: %s" CRLF CRLF, ap_get_server_banner()); + ap_xlate_proto_to_ascii(buffer, nbytes); +- apr_socket_send(client_socket, buffer, &nbytes); ++ ap_fwrite(c->output_filters, bb, buffer, nbytes); ++ ap_fflush(c->output_filters, bb); + #if 0 + /* This is safer code, but it doesn't work yet. I'm leaving it + * here so that I can fix it later. +@@ -265,27 +352,15 @@ + * Handle two way transfer of data over the socket (this is a tunnel). + */ + ++ /* we are now acting as a tunnel - the input/output filter stacks should ++ * not contain any non-connection filters. ++ */ ++ r->output_filters = c->output_filters; ++ r->proto_output_filters = c->output_filters; ++ r->input_filters = c->input_filters; ++ r->proto_input_filters = c->input_filters; + /* r->sent_bodyct = 1;*/ + +- if ((rv = apr_pollset_create(&pollset, 2, r->pool, 0)) != APR_SUCCESS) { +- apr_socket_close(sock); +- ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, +- "proxy: CONNECT: error apr_pollset_create()"); +- return HTTP_INTERNAL_SERVER_ERROR; +- } +- +- /* Add client side to the poll */ +- pollfd.p = r->pool; +- pollfd.desc_type = APR_POLL_SOCKET; +- pollfd.reqevents = APR_POLLIN; +- pollfd.desc.s = client_socket; +- pollfd.client_data = NULL; +- apr_pollset_add(pollset, &pollfd); +- +- /* Add the server side to the poll */ +- pollfd.desc.s = sock; +- apr_pollset_add(pollset, &pollfd); +- + while (1) { /* Infinite loop until error (one side closes the connection) */ + if ((rv = apr_pollset_poll(pollset, -1, &pollcnt, &signalled)) != APR_SUCCESS) { + apr_socket_close(sock); +@@ -294,7 +369,7 @@ + } + #ifdef DEBUGGING + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, +- "proxy: CONNECT: woke from select(), i=%d", pollcnt); ++ "proxy: CONNECT: woke from poll(), i=%d", pollcnt); + #endif + + for (pi = 0; pi < pollcnt; pi++) { +@@ -304,72 +379,32 @@ + pollevent = cur->rtnevents; + if (pollevent & APR_POLLIN) { + #ifdef DEBUGGING +- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, +- "proxy: CONNECT: sock was set"); ++ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, ++ "proxy: CONNECT: sock was readable"); + #endif +- nbytes = sizeof(buffer); +- rv = apr_socket_recv(sock, buffer, &nbytes); +- if (rv == APR_SUCCESS) { +- o = 0; +- i = nbytes; +- while(i > 0) +- { +- nbytes = i; +- /* This is just plain wrong. No module should ever write directly +- * to the client. For now, this works, but this is high on my list of +- * things to fix. The correct line is: +- * if ((nbytes = ap_rwrite(buffer + o, nbytes, r)) < 0) +- * rbb +- */ +- rv = apr_socket_send(client_socket, buffer + o, &nbytes); +- if (rv != APR_SUCCESS) +- break; +- o += nbytes; +- i -= nbytes; +- } ++ rv = proxy_connect_transfer(r, backconn, c, bb, "sock"); + } +- else +- break; ++ else if ((pollevent & APR_POLLERR) || (pollevent & APR_POLLHUP)) { ++ rv = APR_EPIPE; ++ ap_log_rerror(APLOG_MARK, APLOG_NOTICE, 0, r, "proxy: CONNECT: err/hup on backconn"); + } +- else if ((pollevent & APR_POLLERR) || (pollevent & APR_POLLHUP)) +- break; + } + else if (cur->desc.s == client_socket) { + pollevent = cur->rtnevents; + if (pollevent & APR_POLLIN) { + #ifdef DEBUGGING +- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, +- "proxy: CONNECT: client was set"); +-#endif +- nbytes = sizeof(buffer); +- rv = apr_socket_recv(client_socket, buffer, &nbytes); +- if (rv == APR_SUCCESS) { +- o = 0; +- i = nbytes; +-#ifdef DEBUGGING +- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, +- "proxy: CONNECT: read %d from client", i); ++ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, ++ "proxy: CONNECT: client was readable"); + #endif +- while(i > 0) +- { +- nbytes = i; +- rv = apr_socket_send(sock, buffer + o, &nbytes); +- if (rv != APR_SUCCESS) +- break; +- o += nbytes; +- i -= nbytes; +- } +- } +- else +- break; ++ rv = proxy_connect_transfer(r, c, backconn, bb, "client"); + } +- else if ((pollevent & APR_POLLERR) || (pollevent & APR_POLLHUP)) { +- rv = APR_EOF; +- break; + } ++ else { ++ rv = APR_EBADF; ++ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, ++ "proxy: CONNECT: unknown socket in pollset"); + } +- else +- break; ++ + } + if (rv != APR_SUCCESS) { + break; +@@ -385,7 +420,9 @@ + * Close the socket and clean up + */ + +- apr_socket_close(sock); ++ ap_lingering_close(backconn); ++ ++ c->aborted = 1; + + return OK; + } diff --git a/www/apache22/files/patch-server__core.c b/www/apache22/files/patch-server__core.c new file mode 100644 index 000000000000..3abbe22dd2f4 --- /dev/null +++ b/www/apache22/files/patch-server__core.c @@ -0,0 +1,36 @@ +--- ./server/core.c.orig 2008-06-02 23:18:18.000000000 +0200 ++++ ./server/core.c 2009-03-09 15:05:57.000000000 +0100 +@@ -494,6 +494,7 @@ + core_server_config *base = (core_server_config *)basev; + core_server_config *virt = (core_server_config *)virtv; + core_server_config *conf; ++ const char *accfb, *accfc; + + conf = (core_server_config *)apr_pmemdup(p, virt, sizeof(core_server_config)); + +@@ -509,6 +510,25 @@ + conf->protocol = base->protocol; + } + ++ /* ++ * bz accept_filter(9) disable fix. ++ * ++ * You can only configure it in the base config but the ++ * values are copied and checked into virtual host configs, ++ * so if you disable it in base it will still be on in virt. ++ * To fix it, we overwrite each virt config if it does not ++ * match what is in base config for the hardcoded http(s). ++ */ ++ accfb = apr_table_get(base->accf_map, "http"); ++ accfc = apr_table_get(conf->accf_map, "http"); ++ if (accfb && accfc && strcmp(accfb, accfc)) ++ apr_table_set(conf->accf_map, "http", accfb); ++ ++ accfb = apr_table_get(base->accf_map, "https"); ++ accfc = apr_table_get(conf->accf_map, "https"); ++ if (accfb && accfc && strcmp(accfb, accfc)) ++ apr_table_set(conf->accf_map, "https", accfb); ++ + conf->sec_dir = apr_array_append(p, base->sec_dir, virt->sec_dir); + conf->sec_url = apr_array_append(p, base->sec_url, virt->sec_url); + diff --git a/www/apache22/files/patch-server__mpm__prefork__prefork.c b/www/apache22/files/patch-server__mpm__prefork__prefork.c new file mode 100644 index 000000000000..3e15b0291a93 --- /dev/null +++ b/www/apache22/files/patch-server__mpm__prefork__prefork.c @@ -0,0 +1,42 @@ +--- ./server/mpm/prefork/prefork.c.orig 2008-05-31 07:58:46.000000000 -0400 ++++ ./server/mpm/prefork/prefork.c 2009-06-11 20:10:12.151389121 -0400 +@@ -573,19 +573,27 @@ + apr_int32_t numdesc; + const apr_pollfd_t *pdesc; + +- /* timeout == -1 == wait forever */ +- status = apr_pollset_poll(pollset, -1, &numdesc, &pdesc); ++ /* check for termination first so we don't sleep for a while in ++ * poll if already signalled ++ */ ++ if (one_process && shutdown_pending) { ++ SAFE_ACCEPT(accept_mutex_off()); ++ return; ++ } ++ else if (die_now) { ++ /* In graceful stop/restart; drop the mutex ++ * and terminate the child. */ ++ SAFE_ACCEPT(accept_mutex_off()); ++ clean_child_exit(0); ++ } ++ /* timeout == 10 seconds to avoid a hang at graceful restart/stop ++ * caused by the closing of sockets by the signal handler ++ */ ++ status = apr_pollset_poll(pollset, apr_time_from_sec(10), ++ &numdesc, &pdesc); + if (status != APR_SUCCESS) { +- if (APR_STATUS_IS_EINTR(status)) { +- if (one_process && shutdown_pending) { +- return; +- } +- else if (die_now) { +- /* In graceful stop/restart; drop the mutex +- * and terminate the child. */ +- SAFE_ACCEPT(accept_mutex_off()); +- clean_child_exit(0); +- } ++ if (APR_STATUS_IS_TIMEUP(status) || ++ APR_STATUS_IS_EINTR(status)) { + continue; + } + /* Single Unix documents select as returning errnos |