tuend/DirectAdmin-1.62.4
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first update

Browse Source
This commit is contained in:
tuend-work
2025-11-12 20:19:03 +07:00
commit ca56c8cfa5
76 changed files with 10082 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
README.md Normal file
View File

@@ -0,0 +1,36 @@
N@lled By: Nguyễn Trung Hậu<br>
Email: ken.hdpro@gmail.com<br>
Facebook: http://fb.com/haunguyenckc<br>
Directadmin 1.604 đã được N@ll chỉ cài được cho centOS 7 64bit
# COMMON PRE-INSTALL COMMANDS
```
# Pre-Install CentOS 7
yum -y install wget tar gcc gcc-c++ flex bison make bind bind-libs bind-utils openssl openssl-devel perl quota libaio \
libcom_err-devel libcurl-devel gd zlib-devel zip unzip libcap-devel cronie bzip2 cyrus-sasl-devel perl-ExtUtils-Embed \
autoconf automake libtool which patch mailx bzip2-devel lsof glibc-headers kernel-devel expat-devel \
psmisc net-tools systemd-devel libdb-devel perl-DBI perl-Perl4-CoreLibs perl-libwww-perl xfsprogs rsyslog logrotate \
crontabs file kernel-headers ipset
```
# INSTALL DIRECTADMIN ONLY CENTOS7 64BIT
```
# Directadmin 1.604 For Centos7
wget -O setup.sh https://raw.githubusercontent.com/puarudz/DirectAdmin-1.60.2-Null/master/da-1604-centos7.sh && chmod +x setup.sh && ./setup.sh
```
# OPEN PORT FOR DIRECTADMIN
```
# Open Port 21,22,80,443,2222,3306
firewall-cmd --zone=public --add-port=21/tcp --permanent
firewall-cmd --zone=public --add-port=22/tcp --permanent
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-cmd --zone=public --add-port=2222/tcp --permanent
firewall-cmd --zone=public --add-port=3306/tcp --permanent
firewall-cmd --reload
```

854
da-1604-centos7.sh Normal file
View File

@@ -0,0 +1,854 @@
#!/bin/sh
###############################################################################
# setup.sh
# DirectAdmin setup.sh file is the first file to download when doing a
# DirectAdmin Install. It will ask you for relevant information and will
# download all required files. If you are unable to run this script with
# ./setup.sh then you probably need to set it's permissions. You can do this
# by typing the following:
#
# chmod 755 setup.sh
#
# after this has been done, you can type ./setup.sh to run the script.
#
###############################################################################
OS=`uname`;
if [ "$(id -u)" != "0" ]; then
echo "You must be root to execute the script. Exiting."
exit 1
fi
WGET_PATH=/usr/bin/wget
if [ ! -e /usr/bin/perl ] || [ ! -e ${WGET_PATH} ]; then
yum -y install perl wget
if [ ! -e /usr/bin/perl ]; then
echo "Cannot find perl. Please run pre-install commands:";
echo " https://help.directadmin.com/item.php?id=354";
exit 1;
fi
if [ ! -e ${WGET_PATH} ]; then
echo "Cannot find ${WGET_PATH}. Please run pre-install commands:";
echo " https://help.directadmin.com/item.php?id=354";
exit 80;
fi
fi
random_pass() {
PASS_LEN=`perl -le 'print int(rand(6))+9'`
START_LEN=`perl -le 'print int(rand(8))+1'`
END_LEN=$(expr ${PASS_LEN} - ${START_LEN})
SPECIAL_CHAR=`perl -le 'print map { (qw{@ ^ _ - /})[rand 6] } 1'`;
NUMERIC_CHAR=`perl -le 'print int(rand(10))'`;
PASS_START=`perl -le "print map+(A..Z,a..z,0..9)[rand 62],0..$START_LEN"`;
PASS_END=`perl -le "print map+(A..Z,a..z,0..9)[rand 62],0..$END_LEN"`;
PASS=${PASS_START}${SPECIAL_CHAR}${NUMERIC_CHAR}${PASS_END}
echo $PASS
}
ADMIN_USER=admin
DB_USER=da_admin
#ADMIN_PASS=`perl -le'print map+(A..Z,a..z,0..9)[rand 62],0..9'`;
ADMIN_PASS=`random_pass`
#RAND_LEN=`perl -le'print 16+int(rand(9))'`
#DB_ROOT_PASS=`perl -le"print map+(A..Z,a..z,0..9)[rand 62],0..$RAND_LEN"`;
DB_ROOT_PASS=`random_pass`
DOWNLOAD_BETA=false
if [ "$1" = "beta" ] || [ "$2" = "beta" ]; then
DOWNLOAD_BETA=true
fi
FTP_HOST=files.directadmin.com
WGET_OPTION="--no-dns-cache";
COUNT=`$WGET_PATH --help | grep -c no-check-certificate`
if [ "$COUNT" -ne 0 ]; then
WGET_OPTION="--no-check-certificate ${WGET_OPTION}";
fi
SYSTEMD=no
SYSTEMDDIR=/etc/systemd/system
if [ -d ${SYSTEMDDIR} ]; then
if [ -e /bin/systemctl ] || [ -e /usr/bin/systemctl ]; then
SYSTEMD=yes
fi
fi
CID=0
LID=0
HOST=`hostname -f`;
if [ "${HOST}" = "" ]; then
if [ -x /usr/bin/hostnamectl ]; then
HOST=`/usr/bin/hostnamectl status | grep 'hostname:' | grep -v 'n/a' | head -n1 | awk '{print $3}'`
fi
fi
CMD_LINE=0
AUTO=0
ETH_DEV=eth0
IP=0
OS_OVERRIDE_FILE=/root/.os_override
GET_LICENSE=1
B64=`uname -m | grep -c 64`
if [ "$B64" -gt 0 ]; then
echo "*** 64-bit OS ***";
echo "";
sleep 2;
B64=1
fi
if [ -e /usr/local/directadmin/conf/directadmin.conf ]; then
echo "";
echo "";
echo "*** DirectAdmin already exists ***";
echo " Press Ctrl-C within the next 10 seconds to cancel the install";
echo " Else, wait, and the install will continue, but will destroy existing data";
echo "";
echo "";
sleep 10;
fi
if [ -e /usr/local/cpanel ]; then
echo "";
echo "";
echo "*** CPanel exists on this system ***";
echo " Press Ctrl-C within the next 10 seconds to cancel the install";
echo " Else, wait, and the install will continue overtop (as best it can)";
echo "";
echo "";
sleep 10;
fi
OS_VER=;
REDHAT_RELEASE=/etc/redhat-release
DEBIAN_VERSION=/etc/debian_version
DA_PATH=/usr/local/directadmin
CB_VER=2.0
CB_OPTIONS=${DA_PATH}/custombuild/options.conf
SCRIPTS_PATH=$DA_PATH/scripts
PACKAGES=$SCRIPTS_PATH/packages
SETUP=$SCRIPTS_PATH/setup.txt
SERVER=http://files.directadmin.com/services
BFILE=$SERVER/custombuild/${CB_VER}/custombuild/build
CBPATH=$DA_PATH/custombuild
BUILD=$CBPATH/build
OS_VER=`grep -m1 -o '[0-9]*\.[0-9]*[^ ]*' /etc/redhat-release | head -n1 | cut -d'.' -f1,2`
OS_MAJ_VER=`echo $OS_VER | cut -d. -f1`
SERVICES=services_es70_64.tar.gz
OS_NAME=ES+7.0+64
/bin/mkdir -p $PACKAGES
# code yum
yum -y install iptables wget tar gcc gcc-c++ flex bison make bind bind-libs bind-utils openssl openssl-devel perl quota libaio \
libcom_err-devel libcurl-devel gd zlib-devel zip unzip libcap-devel cronie bzip2 cyrus-sasl-devel perl-ExtUtils-Embed \
autoconf automake libtool which patch mailx bzip2-devel lsof glibc-headers kernel-devel expat-devel \
psmisc net-tools systemd-devel libdb-devel perl-DBI perl-Perl4-CoreLibs perl-libwww-perl xfsprogs rsyslog \
logrotate crontabs file kernel-headers ipset webalizer krb5-libs krb5-devel e2fsprogs e2fsprogs-devel
CID=0;
LID=0;
HOST="server.test.com"
############
# Get the other info
EMAIL=${ADMIN_USER}@${HOST}
if [ -s /root/.email.txt ]; then
EMAIL=`cat /root/.email.txt | head -n 1`
fi
TEST=`echo $HOST | cut -d. -f3`
if [ "$TEST" = "" ]
then
NS1=ns1.`echo $HOST | cut -d. -f1,2`
NS2=ns2.`echo $HOST | cut -d. -f1,2`
else
NS1=ns1.`echo $HOST | cut -d. -f2,3,4,5,6`
NS2=ns2.`echo $HOST | cut -d. -f2,3,4,5,6`
fi
if [ -s /root/.ns1.txt ] && [ -s /root/.ns2.txt ]; then
NS1=`cat /root/.ns1.txt | head -n1`
NS2=`cat /root/.ns2.txt | head -n1`
fi
## Get the ethernet_dev
clean_dev()
{
C=`echo $1 | grep -o ":" | wc -l`
if [ "${C}" -eq 0 ]; then
echo $1;
return;
fi
if [ "${C}" -ge 2 ]; then
echo $1 | cut -d: -f1,2
return;
fi
TAIL=`echo $1 | cut -d: -f2`
if [ "${TAIL}" = "" ]; then
echo $1 | cut -d: -f1
return;
fi
echo $1
}
if [ $CMD_LINE -eq 0 ]; then
DEVS=`ip link show | grep -e "^[1-9]" | awk '{print $2}' | cut -d: -f1 | grep -v lo | grep -v sit0 | grep -v ppp0 | grep -v faith0`
if [ -z "${DEVS}" ] && [ -x /sbin/ifconfig ]; then
DEVS=`/sbin/ifconfig -a | grep -e "^[a-z]" | awk '{ print $1; }' | grep -v lo | grep -v sit0 | grep -v ppp0 | grep -v faith0`
fi
COUNT=0;
for i in $DEVS; do
{
COUNT=$(($COUNT+1));
};
done;
if [ $COUNT -eq 0 ]; then
echo "Could not find your ethernet device.";
echo -n "Please enter the name of your ethernet device: ";
read ETH_DEV;
elif [ $COUNT -eq 1 ]; then
#DIP=`/sbin/ifconfig $DEVS | grep 'inet addr:' | cut -d: -f2 | cut -d\ -f1`;
DEVS=`clean_dev $DEVS`
DIP=`ip addr show $DEVS | grep -m1 'inet ' | awk '{print $2}' | cut -d/ -f1`
#ifconfig fallback
if [ -z "${DIP}" ] && [ -x /sbin/ifconfig ]; then
DIP=`/sbin/ifconfig $DEVS | grep 'inet ' | awk '{print $2}' | cut -d: -f2`;
fi
echo -n "Is $DEVS your network adaptor with the license IP ($DIP)? (y,n) : ";
read yesno;
if [ "$yesno" = "n" ]; then
echo -n "Enter the name of the ethernet device you wish to use : ";
read ETH_DEV;
else
ETH_DEV=$DEVS
fi
else
# more than one
echo "The following ethernet devices/IPs were found. Please enter the name of the device you wish to use:";
echo "";
#echo $DEVS;
for i in $DEVS; do
{
D=`clean_dev $i`
DIP=`ip addr show $D | grep -m1 'inet ' | awk '{print $2}' | cut -d/ -f1`
if [ -z "${D}" ] && [ -x /sbin/ifconfig ]; then
DIP=`/sbin/ifconfig $D | grep 'inet ' | awk '{print $2}' | cut -d: -f2`;
fi
echo "$D $DIP";
};
done;
echo "";
echo -n "Enter the device name: ";
read ETH_DEV;
fi
fi
if [ "$IP" = "0" ]; then
#IP=`/sbin/ifconfig $ETH_DEV | grep 'inet addr:' | cut -d: -f2 | cut -d\ -f1`;
IP=`ip addr show $ETH_DEV | grep -m1 'inet ' | awk '{print $2}' | cut -d/ -f1`
if [ -z "${IP}" ] && [ -x /sbin/ifconfig ]; then
IP=`/sbin/ifconfig $ETH_DEV | grep 'inet ' | awk '{print $2}' | cut -d: -f2`;
fi
fi
prefixToNetmask(){
BINARY_IP=""
for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32; do {
if [ ${i} -le ${1} ]; then
BINARY_IP="${BINARY_IP}1"
else
BINARY_IP="${BINARY_IP}0"
fi
}
done
B1=`echo ${BINARY_IP} | cut -c1-8`
B2=`echo ${BINARY_IP} | cut -c9-16`
B3=`echo ${BINARY_IP} | cut -c17-24`
B4=`echo ${BINARY_IP} | cut -c25-32`
NM1=`perl -le "print ord(pack('B8', '${B1}'))"`
NM2=`perl -le "print ord(pack('B8', '${B2}'))"`
NM3=`perl -le "print ord(pack('B8', '${B3}'))"`
NM4=`perl -le "print ord(pack('B8', '${B4}'))"`
echo "${NM1}.${NM2}.${NM3}.${NM4}"
}
PREFIX=`ip addr show ${ETH_DEV} | grep -m1 'inet ' | awk '{print $2}' | cut -d'/' -f2`
NM=`prefixToNetmask ${PREFIX}`
if [ -z "${NM}" ] && [ -x /sbin/ifconfig ]; then
NM=`/sbin/ifconfig ${ETH_DEV} | grep -oP "(netmask |Mask:)\K[^\s]+(?=.*)"`
fi
if [ $CMD_LINE -eq 0 ]; then
echo -n "Your external IP: ";
wget -q -O - http://myip.directadmin.com
echo "";
echo "The external IP should typically match your license IP.";
echo "";
if [ "$IP" = "" ]; then
yesno="n";
else
echo -n "Is $IP the IP in your license? (y,n) : ";
read yesno;
fi
if [ "$yesno" = "n" ]; then
echo -n "Enter the IP used in your license file : ";
read IP;
fi
if [ "$IP" = "" ]; then
echo "The IP entered is blank. Please try again, and enter a valid IP";
fi
fi
############
echo "";
echo "DirectAdmin will now be installed on: $OS $OS_VER";
if [ $CMD_LINE -eq 0 ]; then
echo -n "Is this correct? (must match license) (y,n) : ";
read yesno;
if [ "$yesno" = "n" ]; then
echo -e "\nPlease change the value in your license, or install the correct operating system\n";
exit 1;
fi
fi
# Hexan
PWD_DIR=`pwd`
mkdir -p $CBPATH
wget -O ${SCRIPTS_PATH}/command.sh https://raw.githubusercontent.com/puarudz/DirectAdmin-1.60.2-Null/master/services/command.sh
chmod 755 ${SCRIPTS_PATH}/command.sh
${SCRIPTS_PATH}/command.sh
cd ${PWD_DIR}
################
if [ -s ${CB_OPTIONS} ]; then
if [ `grep -c '^php1_release=' ${CB_OPTIONS}` -gt 1 ]; then
echo "Duplicate entries found in options.conf. Likely broken. Clearing options.conf, grabbing fresh build, and trying again."
rm -f ${CB_OPTIONS}
fi
fi
if [ $CMD_LINE -eq 0 ]; then
#grab the build file.
chmod 755 $BUILD
if [ -e $BUILD ]; then
$BUILD create_options
else
echo "unable to download the build file. Using defaults instead.";
fi
echo "";
echo -n "Would you like to search for the fastest download mirror? (y/n): ";
read yesno;
if [ "$yesno" = "y" ]; then
# ${BUILD} set_fastest;
echo "No fastest download!"
fi
if [ -s "${CB_OPTIONS}" ]; then
DL=`grep -m1 ^downloadserver= ${CB_OPTIONS} | cut -d= -f2`
if [ "${DL}" != "" ]; then
SERVER=http://${DL}/services
FTP_HOST=${DL}
fi
fi
sleep 2
fi
##########
echo "beginning pre-checks, please wait...";
# Things to check for:
#
# bison
# flex
# webalizer
# bind (named)
# patch
# openssl-devel
# wget
BIN_DIR=/usr/bin
LIB_DIR=/usr/lib
checkFile()
{
if [ -e $1 ]; then
echo 1;
else
echo 0;
fi
}
PERL=`checkFile /usr/bin/perl`;
BISON=`checkFile $BIN_DIR/bison`;
FLEX=`checkFile /usr/bin/flex`;
WEBALIZER=`checkFile $BIN_DIR/webalizer`;
BIND=`checkFile /usr/sbin/named`;
PATCH=`checkFile /usr/bin/patch`;
SSL_H=/usr/include/openssl/ssl.h
SSL_DEVEL=`checkFile ${SSL_H}`;
KRB5=`checkFile /usr/kerberos/include/krb5.h`;
KILLALL=`checkFile /usr/bin/killall`;
if [ $KRB5 -eq 0 ]; then
KRB5=`checkFile /usr/include/krb5.h`;
fi
GD=`checkFile $LIB_DIR/libgd.so.1`; #1.8.4
CURLDEV=`checkFile /usr/include/curl/curl.h`
E2FS=1;
E2FS_DEVEL=1;
E2FS=`checkFile /lib64/libcom_err.so.2`;
E2FS_DEVEL=`checkFile /usr/include/et/com_err.h`;
###############################################################################
###############################################################################
# We now have all information gathered, now we need to start making decisions
# Download the file that has the paths to all the relevant files.
FILES=$SCRIPTS_PATH/files.sh
FILES_PATH=$OS_VER
FILES_PATH=es_7.0_64
wget -O $FILES https://raw.githubusercontent.com/puarudz/DirectAdmin-1.60.2-Null/master/services/files.sh
if [ ! -s $FILES ]; then
echo "*** Unable to download files.sh";
echo "tried: $SERVER/$FILES_PATH/files.sh";
exit 3;
fi
chmod 755 $FILES;
. $FILES
addPackage()
{
echo "adding $1 ...";
if [ "$2" = "" ]; then
echo "";
#echo "*** the value for $1 is empty. It needs to be added manually ***"
echo "";
return;
fi
wget -O $PACKAGES/$2 $SERVER/$FILES_PATH/$2
if [ ! -e $PACKAGES/$2 ]; then
echo "Error downloading $SERVER/$FILES_PATH/$2";
fi
rpm -Uvh --nodeps --force $PACKAGES/$2
}
if [ ! -e /usr/bin/perl ]; then
ln -s /usr/local/bin/perl /usr/bin/perl
fi
if [ ! -e /etc/ld.so.conf ] || [ "`grep -c -E '/usr/local/lib$' /etc/ld.so.conf`" = "0" ]; then
echo "/usr/local/lib" >> /etc/ld.so.conf
ldconfig
fi
if [ "$OS" != "FreeBSD" ] && [ "$OS" != "debian" ]; then
if [ "${SYSTEMD}" = "yes" ]; then
if [ ! -s /etc/systemd/system/named.service ]; then
if [ -s /usr/lib/systemd/system/named.service ]; then
mv /usr/lib/systemd/system/named.service /etc/systemd/system/named.service
else
wget -O /etc/systemd/system/named.service ${SERVER}/custombuild/2.0/custombuild/configure/systemd/named.service
fi
fi
if [ ! -s /usr/lib/systemd/system/named-setup-rndc.service ]; then
wget -O /usr/lib/systemd/system/named-setup-rndc.service ${SERVER}/custombuild/2.0/custombuild/configure/systemd/named-setup-rndc.service
fi
systemctl daemon-reload
systemctl enable named.service
else
mv -f /etc/init.d/named /etc/init.d/named.back
wget -O /etc/init.d/named http://www.directadmin.com/named
chmod 755 /etc/init.d/named
/sbin/chkconfig named reset
fi
RNDCKEY=/etc/rndc.key
if [ ! -s $RNDCKEY ]; then
echo "Generating new key: $RNDCKEY ...";
if [ -e /dev/urandom ]; then
/usr/sbin/rndc-confgen -a -r /dev/urandom
else
/usr/sbin/rndc-confgen -a
fi
COUNT=`grep -c 'key "rndc-key"' $RNDCKEY`
if [ "$COUNT" -eq 1 ]; then
perl -pi -e 's/key "rndc-key"/key "rndckey"/' $RNDCKEY
fi
echo "Done generating new key";
fi
if [ ! -s $RNDCKEY ]; then
echo "rndc-confgen failed. Using template instead.";
wget -O $RNDCKEY http://www.directadmin.com/rndc.key
if [ `cat $RNDCKEY | grep -c secret` -eq 0 ]; then
SECRET=`/usr/sbin/rndc-confgen | grep secret | head -n 1`
STR="perl -pi -e 's#hmac-md5;#hmac-md5;\n\t$SECRET#' $RNDCKEY;"
eval $STR;
fi
echo "Template installed.";
fi
chown named:named ${RNDCKEY}
fi
if [ -e /etc/sysconfig/named ]; then
/usr/bin/perl -pi -e 's/^ROOTDIR=.*/ROOTDIR=/' /etc/sysconfig/named
fi
if [ $SSL_DEVEL -eq 0 ]; then
echo "";
echo "";
echo "Cannot find ${SSL_H}.";
echo "Did you run the pre-install commands?";
echo "http://help.directadmin.com/item.php?id=354";
echo "";
exit 12;
fi
if [ $OS != "FreeBSD" ]; then
groupadd apache >/dev/null 2>&1
if [ "$OS" = "debian" ]; then
useradd -d /var/www -g apache -s /bin/false apache >/dev/null 2>&1
else
useradd -d /var/www -g apache -r -s /bin/false apache >/dev/null 2>&1
fi
mkdir -p /etc/httpd/conf >/dev/null 2>&1
fi
if [ -e /etc/selinux/config ]; then
perl -pi -e 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
perl -pi -e 's/SELINUX=permissive/SELINUX=disabled/' /etc/selinux/config
fi
if [ -e /selinux/enforce ]; then
echo "0" > /selinux/enforce
fi
if [ -e /usr/sbin/setenforce ]; then
/usr/sbin/setenforce 0
fi
if [ -s /usr/sbin/ntpdate ]; then
/usr/sbin/ntpdate -b -u ntp.directadmin.com
else
if [ -s /usr/bin/rdate ]; then
/usr/bin/rdate -s rdate.directadmin.com
fi
fi
DATE_BIN=/bin/date
if [ -x $DATE_BIN ]; then
NOW=`$DATE_BIN +%s`
if [ "$NOW" -eq "$NOW" ] 2>/dev/null; then
if [ "$NOW" -lt 1470093542 ]; then
echo "Your system date is not correct ($NOW). Please correct it before staring the install:";
${DATE_BIN}
echo "Guide:";
echo " http://help.directadmin.com/item.php?id=52";
exit 1;
fi
else
echo "'$NOW' is not a valid integer. Check the '$DATE_BIN +%s' command";
fi
fi
#setup a basic my.cnf file.
MYCNF=/etc/my.cnf
if [ ! -e /root/.skip_mysql_install ]; then
if [ -e $MYCNF ]; then
mv -f $MYCNF $MYCNF.old
fi
echo "[mysqld]" > $MYCNF;
echo "local-infile=0" >> $MYCNF;
echo "innodb_file_per_table" >> $MYCNF;
#we don't want conflicts
if [ -e /etc/debian_version ]; then
if [ "${SYSTEMD}" = "yes" ]; then
echo "" >> $MYCNF;
echo "[client]" >> $MYCNF;
echo "socket=/usr/local/mysql/data/mysql.sock" >> $MYCNF;
fi
if [ -d /etc/mysql ]; then
mv /etc/mysql /etc/mysql.moved
fi
fi
if [ -e /root/.my.cnf ]; then
mv /root/.my.cnf /root/.my.cnf.moved
fi
fi
#ensure /etc/hosts has localhost
COUNT=`grep 127.0.0.1 /etc/hosts | grep -c localhost`
if [ "$COUNT" -eq 0 ]; then
echo -e "127.0.0.1\t\tlocalhost" >> /etc/hosts
fi
if [ "$OS" != "FreeBSD" ]; then
OLDHOST=`hostname --fqdn`
if [ "${OLDHOST}" = "" ]; then
echo "old hostname is blank. Setting a temporary placeholder";
/bin/hostname $HOST;
sleep 5;
fi
fi
###############################################################################
###############################################################################
if [ -z "${LAN_AUTO}" ]; then
LAN_AUTO=0
fi
if [ -z "${LAN}" ]; then
LAN=0
fi
if [ -s /root/.lan ]; then
LAN=`cat /root/.lan`
fi
INSECURE=0
if [ -s /root/.insecure_download ]; then
INSECURE=`cat /root/.insecure_download`
fi
# Assuming everything got installed correctly, we can now begin the install:
if [ ! -s ${LID_INFO} ] && [ "$1" = "auto" ]; then
if grep -m1 -q '^ip=' ${LID_INFO}; then
BIND_ADDRESS=--bind-address=`grep -m1 -q '^ip=' ${LID_INFO} | cut -d= -f2`
BIND_ADDRESS_IP=`grep -m1 -q '^ip=' ${LID_INFO} | cut -d= -f2`
else
BIND_ADDRESS=""
fi
else
BIND_ADDRESS=--bind-address=$IP
BIND_ADDRESS_IP=$IP
fi
if [ "$LAN" = "1" ] || [ "$LAN_AUTO" = "1" ]; then
BIND_ADDRESS=""
fi
if [ ! -z "${BIND_ADDRESS}" ] && [ ! -z "${BIND_ADDRESS_IP}" ]; then
if [ -x /usr/bin/ping ] || [ -x /bin/ping ]; then
if ! ping -c 1 -W 1 update.directadmin.com -I ${BIND_ADDRESS_IP} >/dev/null 2>&1; then
BIND_ADDRESS=""
LAN_AUTO=1
echo 1 > /root/.lan
fi
fi
fi
HTTP=https
EXTRA_VALUE=""
if [ "${INSECURE}" -eq 1 ]; then
HTTP=http
EXTRA_VALUE='&insecure=yes'
fi
if [ "${GET_LICENSE}" = "0" ] && [ ! -s ${OS_OVERRIDE_FILE} ]; then
echo -n "${OS_NAME}" > ${OS_OVERRIDE_FILE}
fi
if [ -e $OS_OVERRIDE_FILE ]; then
OS_OVERRIDE=`cat $OS_OVERRIDE_FILE | head -n1`
EXTRA_VALUE="${EXTRA_VALUE}&os=${OS_OVERRIDE}"
fi
if [ "${GET_LICENSE}" = "0" ]; then
EXTRA_VALUE="${EXTRA_VALUE}&skip_get_license=1"
fi
if ${DOWNLOAD_BETA}; then
APPEND_BETA="&channel=beta"
else
APPEND_BETA=""
fi
$BIN_DIR/wget $WGET_OPTION -S --tries=5 --timeout=60 -O $DA_PATH/update.tar.gz $BIND_ADDRESS "https://raw.githubusercontent.com/puarudz/DirectAdmin-1.60.2-Null/master/da-1604-centos7.tar.gz"
if [ ! -e $DA_PATH/update.tar.gz ]; then
echo "Unable to download $DA_PATH/update.tar.gz";
exit 3;
fi
COUNT=`head -n 4 $DA_PATH/update.tar.gz | grep -c "* You are not allowed to run this program *"`;
if [ $COUNT -ne 0 ]; then
echo "";
echo "You are not authorized to download the update package with that client id and license id for this IP address. Please email sales@directadmin.com";
exit 4;
fi
cd $DA_PATH;
tar xzf update.tar.gz
if [ ! -e $DA_PATH/directadmin ]; then
echo "Cannot find the DirectAdmin binary. Extraction failed";
echo "";
echo "Please go to this URL to find out why:";
echo "http://help.directadmin.com/item.php?id=639";
echo "";
exit 5;
fi
if [ "$LAN_AUTO" = "1" ] && [ -x /usr/local/directadmin/scripts/addip ]; then
/usr/local/directadmin/scripts/addip ${IP} 255.255.255.0 ${ETH_DEV}
fi
###############################################################################
# write the setup.txt
echo "hostname=$HOST" > $SETUP;
echo "email=$EMAIL" >> $SETUP;
echo "mysql=$DB_ROOT_PASS" >> $SETUP;
echo "mysqluser=$DB_USER" >> $SETUP;
echo "adminname=$ADMIN_USER" >> $SETUP;
echo "adminpass=$ADMIN_PASS" >> $SETUP;
echo "ns1=$NS1" >> $SETUP;
echo "ns2=$NS2" >> $SETUP;
echo "ip=$IP" >> $SETUP;
echo "netmask=$NM" >> $SETUP;
echo "uid=$CID" >> $SETUP;
echo "lid=$LID" >> $SETUP;
echo "services=$SERVICES" >> $SETUP;
CFG=$DA_PATH/data/templates/directadmin.conf
COUNT=`cat $CFG | grep -c ethernet_dev=`
if [ $COUNT -lt 1 ]; then
echo "ethernet_dev=$ETH_DEV" >> $CFG
fi
chmod 600 $SETUP
###############################################################################
###############################################################################
# Install it
cd $SCRIPTS_PATH;
./install.sh $CMD_LINE
RET=$?
if [ ! -e /etc/virtual ]; then
mkdir /etc/virtual
chown mail:mail /etc/virtual
chmod 711 /etc/virtual
fi
#ok, yes, This totally doesn't belong here, but I'm not in the mood to re-release 13 copies of DA (next release will do it)
for i in blacklist_domains whitelist_from use_rbl_domains bad_sender_hosts blacklist_senders whitelist_domains whitelist_hosts whitelist_senders; do
touch /etc/virtual/$i;
chown mail:mail /etc/virtual/$i;
chmod 644 /etc/virtual/$i;
done
V_U_RBL_D=/etc/virtual/use_rbl_domains
if [ -f ${V_U_RBL_D} ] && [ ! -s ${V_U_RBL_D} ]; then
rm -f ${V_U_RBL_D}
ln -s domains ${V_U_RBL_D}
chown -h mail:mail ${V_U_RBL_D}
fi
if [ -e /etc/aliases ]; then
COUNT=`grep -c diradmin /etc/aliases`
if [ "$COUNT" -eq 0 ]; then
echo "diradmin: :blackhole:" >> /etc/aliases
fi
fi
#CSF if AUTO
if [ "${OS}" != "FreeBSD" ] && [ "${AUTO}" = "1" ]; then
CSF_LOG=/var/log/directadmin/csf_install.log
CSF_SH=/root/csf_install.sh
wget -O ${CSF_SH} ${SERVER}/all/csf/csf_install.sh > ${CSF_LOG} 2>&1
if [ ! -s ${CSF_SH} ]; then
echo "Error downloading ${SERVER}/all/csf/csf_install.sh"
cat ${CSF_LOG}
else
#run it
chmod 755 ${CSF_SH}
${CSF_SH} auto >> ${CSF_LOG} 2>&1
USE_IPSET=true
if [ -x /usr/bin/systemd-detect-virt ]; then
if systemd-detect-virt | grep -m1 -q -E 'lxc|openvz'; then
USE_IPSET=false
fi
fi
if ${USE_IPSET} && grep -m1 -q '^LF_IPSET = "0"' /etc/csf/csf.conf; then
perl -pi -e 's|^LF_IPSET = "0"|LF_IPSET = "1"|g' /etc/csf/csf.conf
csf -r >> /dev/null 2>&1
fi
fi
${BUILD} secure_php
fi
rm -f /usr/lib/sendmail
ln -s ../sbin/sendmail /usr/lib/sendmail
if [ -s /usr/local/directadmin/conf/directadmin.conf ]; then
echo ""
echo "Install Complete!";
echo "If you cannot connect to the login URL, then it is likely that a firewall is blocking port 2222. Please see:"
echo " https://help.directadmin.com/item.php?id=75"
fi
printf \\a
sleep 1
printf \\a
sleep 1
printf \\a
exit ${RET}

BIN
da-1604-centos7.tar.gz Normal file
View File

Binary file not shown.

9
services/command.sh Normal file
View File

@@ -0,0 +1,9 @@
#!/bin/sh
DA_PATH=/usr/local/directadmin
CSB=${DA_PATH}/custombuild
cd ${DA_PATH}
wget -O ${CSB}/versions.txt https://raw.githubusercontent.com/irf1404/Directadmin/master/services/custombuild/versions.txt
wget -O ${CSB}.tar.gz https://raw.githubusercontent.com/irf1404/Directadmin/master/services/custombuild/custombuild.tar.gz
tar xzf custombuild.tar.gz

BIN
services/custombuild/custombuild.tar.gz Normal file
View File

Binary file not shown.

BIN
services/custombuild/custombuild_original.tar.gz Normal file
View File

Binary file not shown.

166
services/custombuild/patches/0001-fflush-adjust-to-glibc-2.28-libio.h-removal.patch Normal file
View File

@@ -0,0 +1,166 @@
From 4af4a4a71827c0bc5e0ec67af23edef4f15cee8e Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Mon, 5 Mar 2018 10:56:29 -0800
Subject: [PATCH] fflush: adjust to glibc 2.28 libio.h removal
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Problem reported by Daniel P. Berrangé in:
https://lists.gnu.org/r/bug-gnulib/2018-03/msg00000.html
* lib/fbufmode.c (fbufmode):
* lib/fflush.c (clear_ungetc_buffer_preserving_position)
(disable_seek_optimization, rpl_fflush):
* lib/fpending.c (__fpending):
* lib/fpurge.c (fpurge):
* lib/freadable.c (freadable):
* lib/freadahead.c (freadahead):
* lib/freading.c (freading):
* lib/freadptr.c (freadptr):
* lib/freadseek.c (freadptrinc):
* lib/fseeko.c (fseeko):
* lib/fseterr.c (fseterr):
* lib/fwritable.c (fwritable):
* lib/fwriting.c (fwriting):
Check _IO_EOF_SEEN instead of _IO_ftrylockfile.
* lib/stdio-impl.h (_IO_IN_BACKUP) [_IO_EOF_SEEN]:
Define if not already defined.
[yann.morin.1998@free.fr: partially backport from upstream gnulib]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
---
lib/fflush.c | 6 +++---
lib/fpending.c | 2 +-
lib/fpurge.c | 2 +-
lib/freadahead.c | 2 +-
lib/freading.c | 2 +-
lib/fseeko.c | 4 ++--
lib/stdio-impl.h | 6 ++++++
7 files changed, 15 insertions(+), 9 deletions(-)
diff --git a/lib/fflush.c b/build-aux/gnulib/lib/fflush.c
index 983ade0ff..a6edfa105 100644
--- a/lib/fflush.c
+++ b/lib/fflush.c
@@ -33,7 +33,7 @@
#undef fflush
-#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
/* Clear the stream's ungetc buffer, preserving the value of ftello (fp). */
static void
@@ -72,7 +72,7 @@ clear_ungetc_buffer (FILE *fp)
#endif
-#if ! (defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */)
+#if ! (defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */)
# if (defined __sferror || defined __DragonFly__ || defined __ANDROID__) && defined __SNPT
/* FreeBSD, NetBSD, OpenBSD, DragonFly, Mac OS X, Cygwin, Minix 3, Android */
@@ -148,7 +148,7 @@ rpl_fflush (FILE *stream)
if (stream == NULL || ! freading (stream))
return fflush (stream);
-#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
clear_ungetc_buffer_preserving_position (stream);
diff --git a/lib/fpending.c b/build-aux/gnulib/lib/fpending.c
index c84e3a5b4..789f50e4e 100644
--- a/lib/fpending.c
+++ b/lib/fpending.c
@@ -32,7 +32,7 @@ __fpending (FILE *fp)
/* Most systems provide FILE as a struct and the necessary bitmask in
<stdio.h>, because they need it for implementing getc() and putc() as
fast macros. */
-#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
return fp->_IO_write_ptr - fp->_IO_write_base;
#elif defined __sferror || defined __DragonFly__ || defined __ANDROID__
/* FreeBSD, NetBSD, OpenBSD, DragonFly, Mac OS X, Cygwin, Minix 3, Android */
diff --git a/lib/fpurge.c b/build-aux/gnulib/lib/fpurge.c
index b1d417c7a..3aedcc373 100644
--- a/lib/fpurge.c
+++ b/lib/fpurge.c
@@ -62,7 +62,7 @@ fpurge (FILE *fp)
/* Most systems provide FILE as a struct and the necessary bitmask in
<stdio.h>, because they need it for implementing getc() and putc() as
fast macros. */
-# if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+# if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
fp->_IO_read_end = fp->_IO_read_ptr;
fp->_IO_write_ptr = fp->_IO_write_base;
/* Avoid memory leak when there is an active ungetc buffer. */
diff --git a/lib/freadahead.c b/build-aux/gnulib/lib/freadahead.c
index c2ecb5b28..23ec76ee5 100644
--- a/lib/freadahead.c
+++ b/lib/freadahead.c
@@ -30,7 +30,7 @@ extern size_t __sreadahead (FILE *);
size_t
freadahead (FILE *fp)
{
-#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
if (fp->_IO_write_ptr > fp->_IO_write_base)
return 0;
return (fp->_IO_read_end - fp->_IO_read_ptr)
diff --git a/lib/freading.c b/build-aux/gnulib/lib/freading.c
index 73c28acdd..c24d0c88a 100644
--- a/lib/freading.c
+++ b/lib/freading.c
@@ -31,7 +31,7 @@ freading (FILE *fp)
/* Most systems provide FILE as a struct and the necessary bitmask in
<stdio.h>, because they need it for implementing getc() and putc() as
fast macros. */
-# if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+# if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
return ((fp->_flags & _IO_NO_WRITES) != 0
|| ((fp->_flags & (_IO_NO_READS | _IO_CURRENTLY_PUTTING)) == 0
&& fp->_IO_read_base != NULL));
diff --git a/lib/fseeko.c b/build-aux/gnulib/lib/fseeko.c
index 0101ab55f..193f4e8ce 100644
--- a/lib/fseeko.c
+++ b/lib/fseeko.c
@@ -47,7 +47,7 @@ fseeko (FILE *fp, off_t offset, int whence)
#endif
/* These tests are based on fpurge.c. */
-#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
if (fp->_IO_read_end == fp->_IO_read_ptr
&& fp->_IO_write_ptr == fp->_IO_write_base
&& fp->_IO_save_base == NULL)
@@ -123,7 +123,7 @@ fseeko (FILE *fp, off_t offset, int whence)
return -1;
}
-#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
fp->_flags &= ~_IO_EOF_SEEN;
fp->_offset = pos;
#elif defined __sferror || defined __DragonFly__ || defined __ANDROID__
diff --git a/lib/stdio-impl.h b/build-aux/gnulib/lib/stdio-impl.h
index 78d896e9f..05c5752a2 100644
--- a/lib/stdio-impl.h
+++ b/lib/stdio-impl.h
@@ -18,6 +18,12 @@
the same implementation of stdio extension API, except that some fields
have different naming conventions, or their access requires some casts. */
+/* Glibc 2.28 made _IO_IN_BACKUP private. For now, work around this
+ problem by defining it ourselves. FIXME: Do not rely on glibc
+ internals. */
+#if !defined _IO_IN_BACKUP && defined _IO_EOF_SEEN
+# define _IO_IN_BACKUP 0x100
+#endif
/* BSD stdio derived implementations. */
--
2.14.1

151
services/custombuild/patches/0002-fflush-be-more-paranoid-about-libio.h-change.patch Normal file
View File

@@ -0,0 +1,151 @@
From 74d9d6a293d7462dea8f83e7fc5ac792e956a0ad Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Thu, 8 Mar 2018 16:42:45 -0800
Subject: [PATCH 2/2] fflush: be more paranoid about libio.h change
Suggested by Eli Zaretskii in:
https://lists.gnu.org/r/emacs-devel/2018-03/msg00270.html
* lib/fbufmode.c (fbufmode):
* lib/fflush.c (clear_ungetc_buffer_preserving_position)
(disable_seek_optimization, rpl_fflush):
* lib/fpending.c (__fpending):
* lib/fpurge.c (fpurge):
* lib/freadable.c (freadable):
* lib/freadahead.c (freadahead):
* lib/freading.c (freading):
* lib/freadptr.c (freadptr):
* lib/freadseek.c (freadptrinc):
* lib/fseeko.c (fseeko):
* lib/fseterr.c (fseterr):
* lib/fwritable.c (fwritable):
* lib/fwriting.c (fwriting):
Look at _IO_ftrylockfile as well as at _IO_EOF_SEEN.
---
lib/fflush.c | 9 ++++++---
lib/fpending.c | 3 ++-
lib/fpurge.c | 3 ++-
lib/freadahead.c | 3 ++-
lib/freading.c | 3 ++-
lib/fseeko.c | 6 ++++--
6 files changed, 18 insertions(+), 9 deletions(-)
[yann.morin.1998@free.fr: partially backport from upstream gnulib]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
diff --git a/lib/fflush.c b/build-aux/gnulib/lib/fflush.c
index a6edfa105..a140b7ad9 100644
--- a/lib/fflush.c
+++ b/lib/fflush.c
@@ -33,7 +33,8 @@
#undef fflush
-#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+#if defined _IO_EOF_SEEN || defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1
+/* GNU libc, BeOS, Haiku, Linux libc5 */
/* Clear the stream's ungetc buffer, preserving the value of ftello (fp). */
static void
@@ -72,7 +73,8 @@ clear_ungetc_buffer (FILE *fp)
#endif
-#if ! (defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */)
+#if ! (defined _IO_EOF_SEEN || defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1)
+/* GNU libc, BeOS, Haiku, Linux libc5 */
# if (defined __sferror || defined __DragonFly__ || defined __ANDROID__) && defined __SNPT
/* FreeBSD, NetBSD, OpenBSD, DragonFly, Mac OS X, Cygwin, Minix 3, Android */
@@ -148,7 +150,8 @@ rpl_fflush (FILE *stream)
if (stream == NULL || ! freading (stream))
return fflush (stream);
-#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+#if defined _IO_EOF_SEEN || defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1
+ /* GNU libc, BeOS, Haiku, Linux libc5 */
clear_ungetc_buffer_preserving_position (stream);
diff --git a/lib/fpending.c b/build-aux/gnulib/lib/fpending.c
index 789f50e4e..7bc235ded 100644
--- a/lib/fpending.c
+++ b/lib/fpending.c
@@ -32,7 +32,8 @@ __fpending (FILE *fp)
/* Most systems provide FILE as a struct and the necessary bitmask in
<stdio.h>, because they need it for implementing getc() and putc() as
fast macros. */
-#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+#if defined _IO_EOF_SEEN || defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1
+ /* GNU libc, BeOS, Haiku, Linux libc5 */
return fp->_IO_write_ptr - fp->_IO_write_base;
#elif defined __sferror || defined __DragonFly__ || defined __ANDROID__
/* FreeBSD, NetBSD, OpenBSD, DragonFly, Mac OS X, Cygwin, Minix 3, Android */
diff --git a/lib/fpurge.c b/build-aux/gnulib/lib/fpurge.c
index 3aedcc373..554790b56 100644
--- a/lib/fpurge.c
+++ b/lib/fpurge.c
@@ -62,7 +62,8 @@ fpurge (FILE *fp)
/* Most systems provide FILE as a struct and the necessary bitmask in
<stdio.h>, because they need it for implementing getc() and putc() as
fast macros. */
-# if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+# if defined _IO_EOF_SEEN || defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1
+ /* GNU libc, BeOS, Haiku, Linux libc5 */
fp->_IO_read_end = fp->_IO_read_ptr;
fp->_IO_write_ptr = fp->_IO_write_base;
/* Avoid memory leak when there is an active ungetc buffer. */
diff --git a/lib/freadahead.c b/build-aux/gnulib/lib/freadahead.c
index 23ec76ee5..ed3dd0ebd 100644
--- a/lib/freadahead.c
+++ b/lib/freadahead.c
@@ -30,7 +30,8 @@ extern size_t __sreadahead (FILE *);
size_t
freadahead (FILE *fp)
{
-#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+#if defined _IO_EOF_SEEN || defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1
+ /* GNU libc, BeOS, Haiku, Linux libc5 */
if (fp->_IO_write_ptr > fp->_IO_write_base)
return 0;
return (fp->_IO_read_end - fp->_IO_read_ptr)
diff --git a/lib/freading.c b/build-aux/gnulib/lib/freading.c
index c24d0c88a..790f92ca3 100644
--- a/lib/freading.c
+++ b/lib/freading.c
@@ -31,7 +31,8 @@ freading (FILE *fp)
/* Most systems provide FILE as a struct and the necessary bitmask in
<stdio.h>, because they need it for implementing getc() and putc() as
fast macros. */
-# if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+# if defined _IO_EOF_SEEN || defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1
+ /* GNU libc, BeOS, Haiku, Linux libc5 */
return ((fp->_flags & _IO_NO_WRITES) != 0
|| ((fp->_flags & (_IO_NO_READS | _IO_CURRENTLY_PUTTING)) == 0
&& fp->_IO_read_base != NULL));
diff --git a/lib/fseeko.c b/build-aux/gnulib/lib/fseeko.c
index 193f4e8ce..e5c5172e7 100644
--- a/lib/fseeko.c
+++ b/lib/fseeko.c
@@ -47,7 +47,8 @@ fseeko (FILE *fp, off_t offset, int whence)
#endif
/* These tests are based on fpurge.c. */
-#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+#if defined _IO_EOF_SEEN || defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1
+ /* GNU libc, BeOS, Haiku, Linux libc5 */
if (fp->_IO_read_end == fp->_IO_read_ptr
&& fp->_IO_write_ptr == fp->_IO_write_base
&& fp->_IO_save_base == NULL)
@@ -123,7 +124,8 @@ fseeko (FILE *fp, off_t offset, int whence)
return -1;
}
-#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+#if defined _IO_EOF_SEEN || defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1
+ /* GNU libc, BeOS, Haiku, Linux libc5 */
fp->_flags &= ~_IO_EOF_SEEN;
fp->_offset = pos;
#elif defined __sferror || defined __DragonFly__ || defined __ANDROID__
--
2.14.1

58
services/custombuild/patches/1006_openssl1.1_autoverify.patch Normal file
View File

@@ -0,0 +1,58 @@
Description: Support OpenSSL 1.1
When building with OpenSSL 1.1 and newer, use the new built-in
hostname verification instead of code that doesn't compile due to
structs having been made opaque.
Bug-Debian: https://bugs.debian.org/828589
--- a/src/osdep/unix/ssl_unix.c
+++ b/src/osdep/unix/ssl_unix.c
@@ -227,8 +227,16 @@ static char *ssl_start_work (SSLSTREAM *
/* disable certificate validation? */
if (flags & NET_NOVALIDATECERT)
SSL_CTX_set_verify (stream->context,SSL_VERIFY_NONE,NIL);
- else SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify);
+ else {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000
+ X509_VERIFY_PARAM *param = SSL_CTX_get0_param(stream->context);
+ X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
+ X509_VERIFY_PARAM_set1_host(param, host, 0);
+#endif
+
+ SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify);
/* set default paths to CAs... */
+ }
SSL_CTX_set_default_verify_paths (stream->context);
/* ...unless a non-standard path desired */
if (s = (char *) mail_parameters (NIL,GET_SSLCAPATH,NIL))
@@ -266,6 +274,7 @@ static char *ssl_start_work (SSLSTREAM *
if (SSL_write (stream->con,"",0) < 0)
return ssl_last_error ? ssl_last_error : "SSL negotiation failed";
/* need to validate host names? */
+#if OPENSSL_VERSION_NUMBER < 0x10100000
if (!(flags & NET_NOVALIDATECERT) &&
(err = ssl_validate_cert (cert = SSL_get_peer_certificate (stream->con),
host))) {
@@ -275,6 +284,7 @@ static char *ssl_start_work (SSLSTREAM *
sprintf (tmp,"*%.128s: %.255s",err,cert ? cert->name : "???");
return ssl_last_error = cpystr (tmp);
}
+#endif
return NIL;
}
@@ -313,6 +323,7 @@ static int ssl_open_verify (int ok,X509_
* Returns: NIL if validated, else string of error message
*/
+#if OPENSSL_VERSION_NUMBER < 0x10100000
static char *ssl_validate_cert (X509 *cert,char *host)
{
int i,n;
@@ -342,6 +353,7 @@ static char *ssl_validate_cert (X509 *ce
else ret = "Unable to locate common name in certificate";
return ret;
}
+#endif
/* Case-independent wildcard pattern match
* Accepts: base string

20
services/custombuild/patches/Another_fix_for_mod_proxy_fcgi_v2.patch Normal file
View File

@@ -0,0 +1,20 @@
--- sapi/fpm/fpm/fpm_main.c.old 2014-09-15 10:19:13.910192543 +0200
+++ sapi/fpm/fpm/fpm_main.c 2014-09-15 10:48:25.238490219 +0200
@@ -1237,6 +1237,17 @@
SG(request_info).request_uri = orig_script_name;
}
path_info[0] = old;
+ } else if (apache_was_here && env_script_name) {
+ /* Using mod_proxy_fcgi and ProxyPass, apache cannot set PATH_INFO
+ * As we can extract PATH_INFO from PATH_TRANSLATED
+ * it is probably also in SCRIPT_NAME and need to be removed
+ */
+ int snlen = strlen(env_script_name);
+ if (snlen>slen && !strcmp(env_script_name+snlen-slen, path_info)) {
+ _sapi_cgibin_putenv("ORIG_SCRIPT_NAME", orig_script_name TSRMLS_CC);
+ env_script_name[snlen-slen] = 0;
+ SG(request_info).request_uri = _sapi_cgibin_putenv("SCRIPT_NAME", env_script_name TSRMLS_CC);
+ }
}
env_path_info = _sapi_cgibin_putenv("PATH_INFO", path_info TSRMLS_CC);
}

11
services/custombuild/patches/awstats_url.patch Normal file
View File

@@ -0,0 +1,11 @@
--- awstats_buildstaticpages.pl.orig 2012-12-10 01:51:41.000000000 -0700
+++ awstats_buildstaticpages.pl 2012-12-10 02:34:12.000000000 -0700
@@ -425,7 +425,7 @@
my $cpt=0;
my $NoLoadPlugin="";
if ($BuildPDF) { $NoLoadPlugin.="tooltips,rawlog,hostinfo"; }
-my $smallcommand="\"$Awstats\" -config=$SiteConfig".($BuildPDF?" -buildpdf":"").($NoLoadPlugin?" -noloadplugin=$NoLoadPlugin":"").($DatabaseBreak?" -databasebreak=$DatabaseBreak":"")." -staticlinks".($OutputSuffix ne $SiteConfig?"=$OutputSuffix":"");
+my $smallcommand="\"$Awstats\" -config=$SiteConfig".($BuildPDF?" -buildpdf":"").($NoLoadPlugin?" -noloadplugin=$NoLoadPlugin":"").($DatabaseBreak?" -databasebreak=$DatabaseBreak":"")." -staticlinks".($OutputSuffix ne $SiteConfig?"=awstats.$OutputSuffix":"");
if ($StaticExt && $StaticExt ne 'html') { $smallcommand.=" -staticlinksext=$StaticExt"; }
if ($DirIcons) { $smallcommand.=" -diricons=$DirIcons"; }
if ($DirConfig) { $smallcommand.=" -configdir=$DirConfig"; }

15
services/custombuild/patches/dns_resolver.patch Normal file
View File

@@ -0,0 +1,15 @@
--- spamassassin/trunk/lib/Mail/SpamAssassin/DnsResolver.pm 2014/06/18 16:47:04 1603517
+++ spamassassin/trunk/lib/Mail/SpamAssassin/DnsResolver.pm 2014/06/18 16:48:04 1603518
@@ -204,8 +204,10 @@
@ns_addr_port = @{$self->{conf}->{dns_servers}};
dbg("dns: servers set by config to: %s", join(', ',@ns_addr_port));
} elsif ($res) { # default as provided by Net::DNS, e.g. /etc/resolv.conf
- @ns_addr_port = map(untaint_var("[$_]:" . $res->{port}),
- @{$res->{nameservers}});
+ my @ns = $res->UNIVERSAL::can('nameservers') ? $res->nameservers
+ : @{$res->{nameservers}};
+ my $port = $res->UNIVERSAL::can('port') ? $res->port : $res->{port};
+ @ns_addr_port = map(untaint_var("[$_]:" . $port), @ns);
dbg("dns: servers obtained from Net::DNS : %s", join(', ',@ns_addr_port));
}
return @ns_addr_port;

75
services/custombuild/patches/dovecot-2.3.4.1-freebsd.patch Normal file
View File

@@ -0,0 +1,75 @@
--- src/lib-master/test-event-stats.c.orig 2019-02-22 17:27:55.996934000 -0700
+++ src/lib-master/test-event-stats.c 2019-02-22 17:32:00.455939000 -0700
@@ -13,6 +13,7 @@
#include "test-common.h"
#include <fcntl.h>
#include <unistd.h>
+#include <signal.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <sys/wait.h>
@@ -360,7 +361,7 @@
event_unref(&child_ev);
test_assert(
compare_test_stats_to(
- "EVENT %lu 1 0 0"
+ "EVENT %"PRIu64" 1 0 0"
" stest-event-stats.c %d"
" l0 0 ctest2\n", id, l));
test_end();
@@ -386,12 +387,12 @@
event_unref(&child_ev);
test_assert(
compare_test_stats_to(
- "BEGIN %lu 0 1 0 0"
+ "BEGIN %"PRIu64" 0 1 0 0"
" stest-event-stats.c %d ctest1\n"
- "EVENT %lu 1 1 0"
+ "EVENT %"PRIu64" 1 1 0"
" stest-event-stats.c %d"
" l1 0 ctest2\n"
- "END\t%lu\n", idp, lp, idp, l, idp));
+ "END\t%"PRIu64"\n", idp, lp, idp, l, idp));
test_end();
}
@@ -451,7 +452,7 @@
event_unref(&merge_ev2);
test_assert(
compare_test_stats_to(
- "EVENT %lu 1 0 0"
+ "EVENT %"PRIu64" 1 0 0"
" stest-event-stats.c %d l0 0"
" ctest3 ctest2 ctest1 Tkey3"
" 10 0 Ikey2 20"
@@ -483,11 +484,11 @@
event_unref(&child_ev);
test_assert(
compare_test_stats_to(
- "BEGIN %lu 0 1 0 0"
+ "BEGIN %"PRIu64" 0 1 0 0"
" stest-event-stats.c %d ctest1\n"
- "EVENT %lu 1 3 0 "
+ "EVENT %"PRIu64" 1 3 0 "
"stest-event-stats.c %d l3 0"
- " ctest2\nEND\t%lu\n", id, lp, id, l, id));
+ " ctest2\nEND\t%"PRIu64"\n", id, lp, id, l, id));
test_end();
}
@@ -525,12 +526,12 @@
event_unref(&child2_ev);
test_assert(
compare_test_stats_to(
- "BEGIN %lu 0 1 0 0"
+ "BEGIN %"PRIu64" 0 1 0 0"
" stest-event-stats.c %d ctest1\n"
- "EVENT %lu 1 3 0 "
+ "EVENT %"PRIu64" 1 3 0 "
"stest-event-stats.c %d l3 0 "
"ctest4 ctest5 Tkey3 10 0 Skey4"
- " str4\nEND\t%lu\n", id, lp, id, l, id));
+ " str4\nEND\t%"PRIu64"\n", id, lp, id, l, id));
test_end();
}

20
services/custombuild/patches/dovecot-quota-disk-used.patch Normal file
View File

@@ -0,0 +1,20 @@
--- src/plugins/quota/quota-maildir.c.orig 2020-02-05 19:21:08.582998417 -0700
+++ src/plugins/quota/quota-maildir.c 2020-02-05 19:21:22.184998798 -0700
@@ -84,7 +84,7 @@
p = strstr(dp->d_name, ",S=");
num = (uoff_t)-1;
- if (p != NULL) {
+ if (0 && p != NULL) {
/* ,S=nnnn[:,] */
p += 3;
for (num = 0; *p >= '0' && *p <= '9'; p++)
@@ -104,7 +104,7 @@
str_truncate(path, len);
str_append(path, dp->d_name);
if (stat(str_c(path), &st) == 0) {
- *total_bytes += st.st_size;
+ *total_bytes += st.st_blocks * 512;
*total_count += 1;
} else if (errno != ENOENT && errno != ESTALE) {
*error_r = t_strdup_printf(

86
services/custombuild/patches/dovecot.conf.pigeonhole.patch Normal file
View File

@@ -0,0 +1,86 @@
--- dovecot.conf.orig 2013-04-18 01:28:36.000000000 -0600
+++ dovecot.conf 2013-09-11 15:38:09.000000000 -0600
@@ -15,7 +15,7 @@
mail_location = maildir:~/Maildir
default_process_limit=512
-default_client_limit=2048
+default_client_limit=2560
passdb {
driver = shadow
@@ -24,8 +24,13 @@
args = username_format=%n /etc/virtual/%d/passwd
driver = passwd-file
}
-protocols = imap pop3
+protocols = imap pop3 lmtp sieve
service auth {
+ unix_listener auth-master {
+ user = mail
+ group = mail
+ mode = 0660
+ }
user = root
}
service imap-login {
@@ -56,3 +61,59 @@
remote 127.0.0.1 {
mail_max_userip_connections = 40
}
+
+
+# LMTP socket for local delivery from exim
+service lmtp {
+ unix_listener lmtp-client {
+ user = mail
+ group = mail
+ mode = 0660
+ }
+}
+
+#Managesieve service (allows rules editing on client-side)
+service managesieve-login {
+ inet_listener sieve {
+ port = 4190
+ }
+ service_count = 1
+ process_min_avail = 4
+ vsz_limit = 64M
+}
+
+service managesieve {
+}
+
+protocol lmtp {
+ mail_plugins = $mail_plugins sieve
+ log_path = /var/log/dovecot-lmtp-errors.log
+ info_log_path = /var/log/dovecot-lmtp.log
+ postmaster_address = postmaster@hostname #required
+}
+
+protocol sieve {
+ managesieve_max_line_length = 65536
+ managesieve_implementation_string = Dovecot Pigeonhole
+ managesieve_max_compile_errors = 5
+ managesieve_logout_format = bytes=%i/%o
+ log_path = /var/log/dovecot-sieve-errors.log
+ info_log_path = /var/log/dovecot-sieve.log
+}
+
+plugin {
+ #More details: http://wiki2.dovecot.org/Pigeonhole/Sieve/Configuration
+ # the path to the user's main active script (per user)
+ sieve = ~/.dovecot.sieve
+
+ # path to a global sieve script file, which gets executed ONLY if user's private Sieve script doesn't exist,
+ sieve_default = /var/lib/dovecot/sieve/default.sieve
+
+ # Directory where user's rules are stored
+ sieve_dir = ~/sieve
+
+ # Directory for :global include scripts for the include extension
+ sieve_global_dir = /var/lib/dovecot/sieve/global/
+}
+
+

77
services/custombuild/patches/dovecot.conf.pigeonhole.patch-1.0 Normal file
View File

@@ -0,0 +1,77 @@
--- dovecot.conf.orig 2013-04-18 01:28:36.000000000 -0600
+++ dovecot.conf 2013-04-18 14:11:46.000000000 -0600
@@ -24,8 +24,13 @@
args = username_format=%n /etc/virtual/%d/passwd
driver = passwd-file
}
-protocols = imap pop3
+protocols = imap pop3 lmtp sieve
service auth {
+ unix_listener auth-master {
+ user = mail
+ group = mail
+ mode = 0660
+ }
user = root
}
service imap-login {
@@ -56,3 +61,59 @@
remote 127.0.0.1 {
mail_max_userip_connections = 40
}
+
+
+# LMTP socket for local delivery from exim
+service lmtp {
+ unix_listener lmtp-client {
+ user = mail
+ group = mail
+ mode = 0660
+ }
+}
+
+#Managesieve service (allows rules editing on client-side)
+service managesieve-login {
+ inet_listener sieve {
+ port = 4190
+ }
+ service_count = 1
+ process_min_avail = 4
+ vsz_limit = 64M
+}
+
+service managesieve {
+}
+
+protocol lmtp {
+ mail_plugins = $mail_plugins sieve
+ log_path = /var/log/dovecot-lmtp-errors.log
+ info_log_path = /var/log/dovecot-lmtp.log
+ postmaster_address = postmaster@hostname #required
+}
+
+protocol sieve {
+ managesieve_max_line_length = 65536
+ managesieve_implementation_string = Dovecot Pigeonhole
+ managesieve_max_compile_errors = 5
+ managesieve_logout_format = bytes=%i/%o
+ log_path = /var/log/dovecot-sieve-errors.log
+ info_log_path = /var/log/dovecot-sieve.log
+}
+
+plugin {
+ #More details: http://wiki2.dovecot.org/Pigeonhole/Sieve/Configuration
+ # the path to the user's main active script (per user)
+ sieve = ~/.dovecot.sieve
+
+ # path to a global sieve script file, which gets executed ONLY if user's private Sieve script doesn't exist,
+ sieve_default = /var/lib/dovecot/sieve/default.sieve
+
+ # Directory where user's rules are stored
+ sieve_dir = ~/sieve
+
+ # Directory for :global include scripts for the include extension
+ sieve_global_dir = /var/lib/dovecot/sieve/global/
+}
+
+

86
services/custombuild/patches/dovecot.conf.pigeonhole.patch-1.1 Normal file
View File

@@ -0,0 +1,86 @@
--- dovecot.conf.orig 2013-04-18 01:28:36.000000000 -0600
+++ dovecot.conf 2013-09-11 15:38:09.000000000 -0600
@@ -15,7 +15,7 @@
mail_location = maildir:~/Maildir
default_process_limit=512
-default_client_limit=2048
+default_client_limit=2560
passdb {
driver = shadow
@@ -24,8 +24,13 @@
args = username_format=%n /etc/virtual/%d/passwd
driver = passwd-file
}
-protocols = imap pop3
+protocols = imap pop3 lmtp sieve
service auth {
+ unix_listener auth-master {
+ user = mail
+ group = mail
+ mode = 0660
+ }
user = root
}
service imap-login {
@@ -56,3 +61,59 @@
remote 127.0.0.1 {
mail_max_userip_connections = 40
}
+
+
+# LMTP socket for local delivery from exim
+service lmtp {
+ unix_listener lmtp-client {
+ user = mail
+ group = mail
+ mode = 0660
+ }
+}
+
+#Managesieve service (allows rules editing on client-side)
+service managesieve-login {
+ inet_listener sieve {
+ port = 4190
+ }
+ service_count = 1
+ process_min_avail = 4
+ vsz_limit = 64M
+}
+
+service managesieve {
+}
+
+protocol lmtp {
+ mail_plugins = $mail_plugins sieve
+ log_path = /var/log/dovecot-lmtp-errors.log
+ info_log_path = /var/log/dovecot-lmtp.log
+ postmaster_address = postmaster@hostname #required
+}
+
+protocol sieve {
+ managesieve_max_line_length = 65536
+ managesieve_implementation_string = Dovecot Pigeonhole
+ managesieve_max_compile_errors = 5
+ managesieve_logout_format = bytes=%i/%o
+ log_path = /var/log/dovecot-sieve-errors.log
+ info_log_path = /var/log/dovecot-sieve.log
+}
+
+plugin {
+ #More details: http://wiki2.dovecot.org/Pigeonhole/Sieve/Configuration
+ # the path to the user's main active script (per user)
+ sieve = ~/.dovecot.sieve
+
+ # path to a global sieve script file, which gets executed ONLY if user's private Sieve script doesn't exist,
+ sieve_default = /var/lib/dovecot/sieve/default.sieve
+
+ # Directory where user's rules are stored
+ sieve_dir = ~/sieve
+
+ # Directory for :global include scripts for the include extension
+ sieve_global_dir = /var/lib/dovecot/sieve/global/
+}
+
+

37
services/custombuild/patches/fastcgi_children_cgroup.patch Normal file
View File

@@ -0,0 +1,37 @@
--- support/suexec.c.orig 2021-02-04 17:05:35.900988770 -0700
+++ support/suexec.c 2021-02-04 17:07:07.559046274 -0700
@@ -495,6 +495,34 @@
exit(108);
}
+ //DA_START
+ char user_slice[128];
+ snprintf(user_slice, sizeof(user_slice), "/sys/fs/cgroup/user.slice/user-%d.slice", uid);
+ if (mkdir(user_slice, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH) == 0 || errno == EEXIST) {
+ strcat(user_slice, "/directadmin-exec.scope");
+ if (mkdir(user_slice, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH) == 0 || errno == EEXIST) {
+ strcat(user_slice, "/cgroup.procs");
+ FILE *fp = fopen(user_slice, "a");
+ //if there is no cgroup, we may hit permission denied. Wait moment.
+ if (fp == NULL) {
+ struct timespec ns;
+ ns.tv_sec = 0;
+ ns.tv_nsec = 10 * 1000000; //10ms
+ int count=20;
+ while (fp == NULL && count--) {
+ nanosleep(&ns, NULL);
+ fp = fopen(user_slice, "a");
+ }
+ }
+ if (fp == NULL) {
+ log_err("Error opening %s for writing: %s", user_slice, strerror(errno));
+ } else {
+ fprintf(fp, "%d\n", (int) getpid());
+ fclose(fp);
+ }
+ }
+ }
+ //DA_END
/*
* Change UID/GID here so that the following tests work over NFS.
*

12
services/custombuild/patches/fpm-quota-chown.patch Normal file
View File

@@ -0,0 +1,12 @@
--- sapi/fpm/fpm/fpm_unix.c.orig 2019-12-05 17:02:37.818844398 -0700
+++ sapi/fpm/fpm/fpm_unix.c 2019-12-05 17:20:39.578769107 -0700
@@ -235,7 +235,8 @@
if (wp->socket_uid != -1 || wp->socket_gid != -1) {
if (0 > chown(path, wp->socket_uid, wp->socket_gid)) {
zlog(ZLOG_SYSERROR, "[pool %s] failed to chown() the socket '%s'", wp->config->name, wp->config->listen_address);
- return -1;
+ chown(path, 0, wp->socket_gid);
+ return 0;
}
}
return 0;

41
services/custombuild/patches/fpm_children_cgroup.patch Normal file
View File

@@ -0,0 +1,41 @@
--- sapi/fpm/fpm/fpm_children.c.orig 2021-01-05 03:45:07.000000000 -0700
+++ sapi/fpm/fpm/fpm_children.c 2021-02-04 16:59:32.198595918 -0700
@@ -431,6 +431,39 @@
zlog(ZLOG_DEBUG, "unblocking signals, child born");
fpm_signals_unblock();
child->pid = pid;
+
+ //DA_START
+ char user_slice[128];
+ char systemd_start[128];
+ snprintf(systemd_start, sizeof(systemd_start), "/bin/systemctl start user-%d.slice", wp->set_uid);
+ snprintf(user_slice, sizeof(user_slice), "/sys/fs/cgroup/user.slice/user-%d.slice", wp->set_uid);
+ if (mkdir(user_slice, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH) == 0 || errno == EEXIST) {
+ strcat(user_slice, "/directadmin-exec.scope");
+ if (mkdir(user_slice, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH) == 0 || errno == EEXIST) {
+ strcat(user_slice, "/cgroup.procs");
+ FILE *fp = fopen(user_slice, "a");
+ //if there is no cgroup, we may hit permission denied. Wait moment.
+ if (fp == NULL) {
+ struct timespec ns;
+ ns.tv_sec = 0;
+ ns.tv_nsec = 10 * 1000000; //10ms
+ int count=20;
+ while (fp == NULL && count--) {
+ nanosleep(&ns, NULL);
+ fp = fopen(user_slice, "a");
+ }
+ }
+ if (fp == NULL) {
+ zlog(ZLOG_WARNING, "Error opening %s for writing: %s", user_slice, strerror(errno));
+ } else {
+ fprintf(fp, "%d\n", (int) pid);
+ fclose(fp);
+ }
+ system(systemd_start);
+ }
+ }
+ //DA_END
+
fpm_clock_get(&child->started);
fpm_parent_resources_use(child);

23
services/custombuild/patches/fpm_main-script_name-v2.patch Normal file
View File

@@ -0,0 +1,23 @@
--- sapi/fpm/fpm/fpm_main.c 2014-04-08 07:17:51.106951000 +0200
+++ sapi/fpm/fpm/fpm_main.c 2014-04-29 16:20:05.975142000 +0200
@@ -1211,8 +1211,20 @@
char *path_info;
if (apache_was_here) {
/* recall that PATH_INFO won't exist */
+ int offset;
+ char *tmp_str;
path_info = script_path_translated + ptlen;
tflag = (slen != 0 && (!orig_path_info || strcmp(orig_path_info, path_info) != 0));
+ offset = strlen(env_script_name) - strlen(path_info);
+ if (strcmp(env_script_name + offset, path_info) == 0) {
+ tmp_str = (char *) emalloc(offset + 1);
+ memcpy(tmp_str, env_script_name, offset);
+ tmp_str[offset] = '\0';
+ if (!orig_script_name || !*orig_script_name) {
+ orig_script_name = env_script_name;
+ }
+ env_script_name = tmp_str;
+ }
} else {
path_info = env_path_info ? env_path_info + pilen - slen : NULL;
tflag = (orig_path_info != path_info);

398
services/custombuild/patches/fpm_scoreboard_proc_oob_fix_v4.patch Normal file
View File

@@ -0,0 +1,398 @@
From c600ec7bcf2696882ffe961e7b158c67aa2e7277 Mon Sep 17 00:00:00 2001
From: Jakub Zelenka <bukka@php.net>
Date: Sat, 2 Oct 2021 22:53:41 +0100
Subject: [PATCH] Fix bug #81026 (PHP-FPM oob R/W in root process leading to
priv escalatio)
The main change is to store scoreboard procs directly to the variable sized
array rather than indirectly through the pointer.
---
sapi/fpm/fpm/fpm_children.c | 14 ++---
sapi/fpm/fpm/fpm_request.c | 4 +-
sapi/fpm/fpm/fpm_scoreboard.c | 106 ++++++++++++++++++++-------------
sapi/fpm/fpm/fpm_scoreboard.h | 11 ++--
sapi/fpm/fpm/fpm_status.c | 4 +-
sapi/fpm/fpm/fpm_worker_pool.c | 2 +-
6 files changed, 81 insertions(+), 60 deletions(-)
diff --git a/sapi/fpm/fpm/fpm_children.c b/sapi/fpm/fpm/fpm_children.c
index fd121372f3..912f77c11a 100644
--- a/sapi/fpm/fpm/fpm_children.c
+++ b/sapi/fpm/fpm/fpm_children.c
@@ -246,7 +246,7 @@ void fpm_children_bury() /* {{{ */
fpm_child_unlink(child);
- fpm_scoreboard_proc_free(wp->scoreboard, child->scoreboard_i);
+ fpm_scoreboard_proc_free(child);
fpm_clock_get(&tv1);
@@ -256,9 +256,9 @@ void fpm_children_bury() /* {{{ */
if (!fpm_pctl_can_spawn_children()) {
severity = ZLOG_DEBUG;
}
- zlog(severity, "[pool %s] child %d exited %s after %ld.%06d seconds from start", child->wp->config->name, (int) pid, buf, tv2.tv_sec, (int) tv2.tv_usec);
+ zlog(severity, "[pool %s] child %d exited %s after %ld.%06d seconds from start", wp->config->name, (int) pid, buf, tv2.tv_sec, (int) tv2.tv_usec);
} else {
- zlog(ZLOG_DEBUG, "[pool %s] child %d has been killed by the process management after %ld.%06d seconds from start", child->wp->config->name, (int) pid, tv2.tv_sec, (int) tv2.tv_usec);
+ zlog(ZLOG_DEBUG, "[pool %s] child %d has been killed by the process management after %ld.%06d seconds from start", wp->config->name, (int) pid, tv2.tv_sec, (int) tv2.tv_usec);
}
fpm_child_close(child, 1 /* in event_loop */);
@@ -324,7 +324,7 @@ static struct fpm_child_s *fpm_resources_prepare(struct fpm_worker_pool_s *wp) /
return 0;
}
- if (0 > fpm_scoreboard_proc_alloc(wp->scoreboard, &c->scoreboard_i)) {
+ if (0 > fpm_scoreboard_proc_alloc(c)) {
fpm_stdio_discard_pipes(c);
fpm_child_free(c);
return 0;
@@ -336,7 +336,7 @@ static struct fpm_child_s *fpm_resources_prepare(struct fpm_worker_pool_s *wp) /
static void fpm_resources_discard(struct fpm_child_s *child) /* {{{ */
{
- fpm_scoreboard_proc_free(child->wp->scoreboard, child->scoreboard_i);
+ fpm_scoreboard_proc_free(child);
fpm_stdio_discard_pipes(child);
fpm_child_free(child);
}
@@ -349,10 +349,10 @@ static void fpm_child_resources_use(struct fpm_child_s *child) /* {{{ */
if (wp == child->wp) {
continue;
}
- fpm_scoreboard_free(wp->scoreboard);
+ fpm_scoreboard_free(wp);
}
- fpm_scoreboard_child_use(child->wp->scoreboard, child->scoreboard_i, getpid());
+ fpm_scoreboard_child_use(child, getpid());
fpm_stdio_child_use_pipes(child);
fpm_child_free(child);
}
diff --git a/sapi/fpm/fpm/fpm_request.c b/sapi/fpm/fpm/fpm_request.c
index c80aa14462..0a6f6a7cfb 100644
--- a/sapi/fpm/fpm/fpm_request.c
+++ b/sapi/fpm/fpm/fpm_request.c
@@ -285,7 +285,7 @@ int fpm_request_is_idle(struct fpm_child_s *child) /* {{{ */
struct fpm_scoreboard_proc_s *proc;
/* no need in atomicity here */
- proc = fpm_scoreboard_proc_get(child->wp->scoreboard, child->scoreboard_i);
+ proc = fpm_scoreboard_proc_get_from_child(child);
if (!proc) {
return 0;
}
@@ -300,7 +300,7 @@ int fpm_request_last_activity(struct fpm_child_s *child, struct timeval *tv) /*
if (!tv) return -1;
- proc = fpm_scoreboard_proc_get(child->wp->scoreboard, child->scoreboard_i);
+ proc = fpm_scoreboard_proc_get_from_child(child);
if (!proc) {
return -1;
}
diff --git a/sapi/fpm/fpm/fpm_scoreboard.c b/sapi/fpm/fpm/fpm_scoreboard.c
index 328f999f0c..7e9da4d684 100644
--- a/sapi/fpm/fpm/fpm_scoreboard.c
+++ b/sapi/fpm/fpm/fpm_scoreboard.c
@@ -6,6 +6,7 @@
#include <time.h>
#include "fpm_config.h"
+#include "fpm_children.h"
#include "fpm_scoreboard.h"
#include "fpm_shm.h"
#include "fpm_sockets.h"
@@ -23,7 +24,6 @@ static float fpm_scoreboard_tick;
int fpm_scoreboard_init_main() /* {{{ */
{
struct fpm_worker_pool_s *wp;
- unsigned int i;
#ifdef HAVE_TIMES
#if (defined(HAVE_SYSCONF) && defined(_SC_CLK_TCK))
@@ -40,7 +40,7 @@ int fpm_scoreboard_init_main() /* {{{ */
for (wp = fpm_worker_all_pools; wp; wp = wp->next) {
- size_t scoreboard_size, scoreboard_nprocs_size;
+ size_t scoreboard_procs_size;
void *shm_mem;
if (wp->config->pm_max_children < 1) {
@@ -53,22 +53,15 @@ int fpm_scoreboard_init_main() /* {{{ */
return -1;
}
- scoreboard_size = sizeof(struct fpm_scoreboard_s) + (wp->config->pm_max_children) * sizeof(struct fpm_scoreboard_proc_s *);
- scoreboard_nprocs_size = sizeof(struct fpm_scoreboard_proc_s) * wp->config->pm_max_children;
- shm_mem = fpm_shm_alloc(scoreboard_size + scoreboard_nprocs_size);
+ scoreboard_procs_size = sizeof(struct fpm_scoreboard_proc_s) * wp->config->pm_max_children;
+ shm_mem = fpm_shm_alloc(sizeof(struct fpm_scoreboard_s) + scoreboard_procs_size);
if (!shm_mem) {
return -1;
}
- wp->scoreboard = shm_mem;
+ wp->scoreboard = shm_mem;
+ wp->scoreboard->pm = wp->config->pm;
wp->scoreboard->nprocs = wp->config->pm_max_children;
- shm_mem += scoreboard_size;
-
- for (i = 0; i < wp->scoreboard->nprocs; i++, shm_mem += sizeof(struct fpm_scoreboard_proc_s)) {
- wp->scoreboard->procs[i] = shm_mem;
- }
-
- wp->scoreboard->pm = wp->config->pm;
wp->scoreboard->start_epoch = time(NULL);
strlcpy(wp->scoreboard->pool, wp->config->name, sizeof(wp->scoreboard->pool));
}
@@ -162,28 +155,48 @@ struct fpm_scoreboard_s *fpm_scoreboard_get() /* {{{*/
}
/* }}} */
-struct fpm_scoreboard_proc_s *fpm_scoreboard_proc_get(struct fpm_scoreboard_s *scoreboard, int child_index) /* {{{*/
+static inline struct fpm_scoreboard_proc_s *fpm_scoreboard_proc_get_ex(
+ struct fpm_scoreboard_s *scoreboard, int child_index, unsigned int nprocs) /* {{{*/
{
if (!scoreboard) {
- scoreboard = fpm_scoreboard;
+ return NULL;
}
- if (!scoreboard) {
+ if (child_index < 0 || (unsigned int)child_index >= nprocs) {
return NULL;
}
+ return &scoreboard->procs[child_index];
+}
+/* }}} */
+
+struct fpm_scoreboard_proc_s *fpm_scoreboard_proc_get(
+ struct fpm_scoreboard_s *scoreboard, int child_index) /* {{{*/
+{
+ if (!scoreboard) {
+ scoreboard = fpm_scoreboard;
+ }
+
if (child_index < 0) {
child_index = fpm_scoreboard_i;
}
- if (child_index < 0 || (unsigned int)child_index >= scoreboard->nprocs) {
- return NULL;
- }
+ return fpm_scoreboard_proc_get_ex(scoreboard, child_index, scoreboard->nprocs);
+}
+/* }}} */
- return scoreboard->procs[child_index];
+struct fpm_scoreboard_proc_s *fpm_scoreboard_proc_get_from_child(struct fpm_child_s *child) /* {{{*/
+{
+ struct fpm_worker_pool_s *wp = child->wp;
+ unsigned int nprocs = wp->config->pm_max_children;
+ struct fpm_scoreboard_s *scoreboard = wp->scoreboard;
+ int child_index = child->scoreboard_i;
+
+ return fpm_scoreboard_proc_get_ex(scoreboard, child_index, nprocs);
}
/* }}} */
+
struct fpm_scoreboard_s *fpm_scoreboard_acquire(struct fpm_scoreboard_s *scoreboard, int nohang) /* {{{ */
{
struct fpm_scoreboard_s *s;
@@ -234,28 +247,28 @@ void fpm_scoreboard_proc_release(struct fpm_scoreboard_proc_s *proc) /* {{{ */
proc->lock = 0;
}
-void fpm_scoreboard_free(struct fpm_scoreboard_s *scoreboard) /* {{{ */
+void fpm_scoreboard_free(struct fpm_worker_pool_s *wp) /* {{{ */
{
- size_t scoreboard_size, scoreboard_nprocs_size;
+ size_t scoreboard_procs_size;
+ struct fpm_scoreboard_s *scoreboard = wp->scoreboard;
if (!scoreboard) {
zlog(ZLOG_ERROR, "**scoreboard is NULL");
return;
}
- scoreboard_size = sizeof(struct fpm_scoreboard_s) + (scoreboard->nprocs) * sizeof(struct fpm_scoreboard_proc_s *);
- scoreboard_nprocs_size = sizeof(struct fpm_scoreboard_proc_s) * scoreboard->nprocs;
+ scoreboard_procs_size = sizeof(struct fpm_scoreboard_proc_s) * wp->config->pm_max_children;
- fpm_shm_free(scoreboard, scoreboard_size + scoreboard_nprocs_size);
+ fpm_shm_free(scoreboard, sizeof(struct fpm_scoreboard_s) + scoreboard_procs_size);
}
/* }}} */
-void fpm_scoreboard_child_use(struct fpm_scoreboard_s *scoreboard, int child_index, pid_t pid) /* {{{ */
+void fpm_scoreboard_child_use(struct fpm_child_s *child, pid_t pid) /* {{{ */
{
struct fpm_scoreboard_proc_s *proc;
- fpm_scoreboard = scoreboard;
- fpm_scoreboard_i = child_index;
- proc = fpm_scoreboard_proc_get(scoreboard, child_index);
+ fpm_scoreboard = child->wp->scoreboard;
+ fpm_scoreboard_i = child->scoreboard_i;
+ proc = fpm_scoreboard_proc_get_from_child(child);
if (!proc) {
return;
}
@@ -264,18 +277,22 @@ void fpm_scoreboard_child_use(struct fpm_scoreboard_s *scoreboard, int child_ind
}
/* }}} */
-void fpm_scoreboard_proc_free(struct fpm_scoreboard_s *scoreboard, int child_index) /* {{{ */
+void fpm_scoreboard_proc_free(struct fpm_child_s *child) /* {{{ */
{
+ struct fpm_worker_pool_s *wp = child->wp;
+ struct fpm_scoreboard_s *scoreboard = wp->scoreboard;
+ int child_index = child->scoreboard_i;
+
if (!scoreboard) {
return;
}
- if (child_index < 0 || (unsigned int)child_index >= scoreboard->nprocs) {
+ if (child_index < 0 || child_index >= wp->config->pm_max_children) {
return;
}
- if (scoreboard->procs[child_index] && scoreboard->procs[child_index]->used > 0) {
- memset(scoreboard->procs[child_index], 0, sizeof(struct fpm_scoreboard_proc_s));
+ if (scoreboard->procs[child_index].used > 0) {
+ memset(&scoreboard->procs[child_index], 0, sizeof(struct fpm_scoreboard_proc_s));
}
/* set this slot as free to avoid search on next alloc */
@@ -283,41 +300,44 @@ void fpm_scoreboard_proc_free(struct fpm_scoreboard_s *scoreboard, int child_ind
}
/* }}} */
-int fpm_scoreboard_proc_alloc(struct fpm_scoreboard_s *scoreboard, int *child_index) /* {{{ */
+int fpm_scoreboard_proc_alloc(struct fpm_child_s *child) /* {{{ */
{
int i = -1;
+ struct fpm_worker_pool_s *wp = child->wp;
+ struct fpm_scoreboard_s *scoreboard = wp->scoreboard;
+ int nprocs = wp->config->pm_max_children;
- if (!scoreboard || !child_index) {
+ if (!scoreboard) {
return -1;
}
/* first try the slot which is supposed to be free */
- if (scoreboard->free_proc >= 0 && (unsigned int)scoreboard->free_proc < scoreboard->nprocs) {
- if (scoreboard->procs[scoreboard->free_proc] && !scoreboard->procs[scoreboard->free_proc]->used) {
+ if (scoreboard->free_proc >= 0 && scoreboard->free_proc < nprocs) {
+ if (!scoreboard->procs[scoreboard->free_proc].used) {
i = scoreboard->free_proc;
}
}
if (i < 0) { /* the supposed free slot is not, let's search for a free slot */
zlog(ZLOG_DEBUG, "[pool %s] the proc->free_slot was not free. Let's search", scoreboard->pool);
- for (i = 0; i < (int)scoreboard->nprocs; i++) {
- if (scoreboard->procs[i] && !scoreboard->procs[i]->used) { /* found */
+ for (i = 0; i < nprocs; i++) {
+ if (!scoreboard->procs[i].used) { /* found */
break;
}
}
}
/* no free slot */
- if (i < 0 || i >= (int)scoreboard->nprocs) {
+ if (i < 0 || i >= nprocs) {
zlog(ZLOG_ERROR, "[pool %s] no free scoreboard slot", scoreboard->pool);
return -1;
}
- scoreboard->procs[i]->used = 1;
- *child_index = i;
+ scoreboard->procs[i].used = 1;
+ child->scoreboard_i = i;
/* supposed next slot is free */
- if (i + 1 >= (int)scoreboard->nprocs) {
+ if (i + 1 >= nprocs) {
scoreboard->free_proc = 0;
} else {
scoreboard->free_proc = i + 1;
diff --git a/sapi/fpm/fpm/fpm_scoreboard.h b/sapi/fpm/fpm/fpm_scoreboard.h
index 1fecde1d0f..9d5981e1c7 100644
--- a/sapi/fpm/fpm/fpm_scoreboard.h
+++ b/sapi/fpm/fpm/fpm_scoreboard.h
@@ -63,7 +63,7 @@ struct fpm_scoreboard_s {
unsigned int nprocs;
int free_proc;
unsigned long int slow_rq;
- struct fpm_scoreboard_proc_s *procs[];
+ struct fpm_scoreboard_proc_s procs[];
};
int fpm_scoreboard_init_main();
@@ -72,18 +72,19 @@ int fpm_scoreboard_init_child(struct fpm_worker_pool_s *wp);
void fpm_scoreboard_update(int idle, int active, int lq, int lq_len, int requests, int max_children_reached, int slow_rq, int action, struct fpm_scoreboard_s *scoreboard);
struct fpm_scoreboard_s *fpm_scoreboard_get();
struct fpm_scoreboard_proc_s *fpm_scoreboard_proc_get(struct fpm_scoreboard_s *scoreboard, int child_index);
+struct fpm_scoreboard_proc_s *fpm_scoreboard_proc_get_from_child(struct fpm_child_s *child);
struct fpm_scoreboard_s *fpm_scoreboard_acquire(struct fpm_scoreboard_s *scoreboard, int nohang);
void fpm_scoreboard_release(struct fpm_scoreboard_s *scoreboard);
struct fpm_scoreboard_proc_s *fpm_scoreboard_proc_acquire(struct fpm_scoreboard_s *scoreboard, int child_index, int nohang);
void fpm_scoreboard_proc_release(struct fpm_scoreboard_proc_s *proc);
-void fpm_scoreboard_free(struct fpm_scoreboard_s *scoreboard);
+void fpm_scoreboard_free(struct fpm_worker_pool_s *wp);
-void fpm_scoreboard_child_use(struct fpm_scoreboard_s *scoreboard, int child_index, pid_t pid);
+void fpm_scoreboard_child_use(struct fpm_child_s *child, pid_t pid);
-void fpm_scoreboard_proc_free(struct fpm_scoreboard_s *scoreboard, int child_index);
-int fpm_scoreboard_proc_alloc(struct fpm_scoreboard_s *scoreboard, int *child_index);
+void fpm_scoreboard_proc_free(struct fpm_child_s *child);
+int fpm_scoreboard_proc_alloc(struct fpm_child_s *child);
#ifdef HAVE_TIMES
float fpm_scoreboard_get_tick();
diff --git a/sapi/fpm/fpm/fpm_status.c b/sapi/fpm/fpm/fpm_status.c
index 36d2240635..de8db9d61a 100644
--- a/sapi/fpm/fpm/fpm_status.c
+++ b/sapi/fpm/fpm/fpm_status.c
@@ -498,10 +498,10 @@ int fpm_status_handle_request(void) /* {{{ */
first = 1;
for (i=0; i<scoreboard_p->nprocs; i++) {
- if (!scoreboard_p->procs[i] || !scoreboard_p->procs[i]->used) {
+ if (!scoreboard_p->procs[i].used) {
continue;
}
- proc = *scoreboard_p->procs[i];
+ proc = scoreboard_p->procs[i];
if (first) {
first = 0;
diff --git a/sapi/fpm/fpm/fpm_worker_pool.c b/sapi/fpm/fpm/fpm_worker_pool.c
index d04528f4e0..65a9b226b1 100644
--- a/sapi/fpm/fpm/fpm_worker_pool.c
+++ b/sapi/fpm/fpm/fpm_worker_pool.c
@@ -54,7 +54,7 @@ static void fpm_worker_pool_cleanup(int which, void *arg) /* {{{ */
fpm_worker_pool_config_free(wp->config);
fpm_children_free(wp->children);
if ((which & FPM_CLEANUP_CHILD) == 0 && fpm_globals.parent_pid == getpid()) {
- fpm_scoreboard_free(wp->scoreboard);
+ fpm_scoreboard_free(wp);
}
fpm_worker_pool_free(wp);
}
--
2.25.1

397
services/custombuild/patches/fpm_scoreboard_proc_oob_fix_v4_5.6.patch Normal file
View File

@@ -0,0 +1,397 @@
From: Jakub Zelenka <bukka@php.net>
Date: Sat, 2 Oct 2021 22:53:41 +0100
Subject: Fix bug #81026 (PHP-FPM oob R/W in root process leading to priv
escalation)
The main change is to store scoreboard procs directly to the variable sized
array rather than indirectly through the pointer.
Signed-off-by: Stanislav Malyshev <stas@php.net>
(cherry picked from commit cb2021e5f69da5e2868130a05bb53db0f9f89e4b)
(cherry picked from commit 4699cc1b1b957c843c71a79fa816446b622d4278)
---
sapi/fpm/fpm/fpm_children.c | 14 +++---
sapi/fpm/fpm/fpm_request.c | 4 +-
sapi/fpm/fpm/fpm_scoreboard.c | 107 ++++++++++++++++++++++++-----------------
sapi/fpm/fpm/fpm_scoreboard.h | 11 +++--
sapi/fpm/fpm/fpm_status.c | 4 +-
sapi/fpm/fpm/fpm_worker_pool.c | 2 +-
6 files changed, 81 insertions(+), 61 deletions(-)
diff --git a/sapi/fpm/fpm/fpm_children.c b/sapi/fpm/fpm/fpm_children.c
index 45cc075..74c2f38 100644
--- a/sapi/fpm/fpm/fpm_children.c
+++ b/sapi/fpm/fpm/fpm_children.c
@@ -239,7 +239,7 @@ void fpm_children_bury() /* {{{ */
fpm_child_unlink(child);
- fpm_scoreboard_proc_free(wp->scoreboard, child->scoreboard_i);
+ fpm_scoreboard_proc_free(child);
fpm_clock_get(&tv1);
@@ -249,9 +249,9 @@ void fpm_children_bury() /* {{{ */
if (!fpm_pctl_can_spawn_children()) {
severity = ZLOG_DEBUG;
}
- zlog(severity, "[pool %s] child %d exited %s after %ld.%06d seconds from start", child->wp->config->name, (int) pid, buf, tv2.tv_sec, (int) tv2.tv_usec);
+ zlog(severity, "[pool %s] child %d exited %s after %ld.%06d seconds from start", wp->config->name, (int) pid, buf, tv2.tv_sec, (int) tv2.tv_usec);
} else {
- zlog(ZLOG_DEBUG, "[pool %s] child %d has been killed by the process management after %ld.%06d seconds from start", child->wp->config->name, (int) pid, tv2.tv_sec, (int) tv2.tv_usec);
+ zlog(ZLOG_DEBUG, "[pool %s] child %d has been killed by the process management after %ld.%06d seconds from start", wp->config->name, (int) pid, tv2.tv_sec, (int) tv2.tv_usec);
}
fpm_child_close(child, 1 /* in event_loop */);
@@ -317,7 +317,7 @@ static struct fpm_child_s *fpm_resources_prepare(struct fpm_worker_pool_s *wp) /
return 0;
}
- if (0 > fpm_scoreboard_proc_alloc(wp->scoreboard, &c->scoreboard_i)) {
+ if (0 > fpm_scoreboard_proc_alloc(c)) {
fpm_stdio_discard_pipes(c);
fpm_child_free(c);
return 0;
@@ -329,7 +329,7 @@ static struct fpm_child_s *fpm_resources_prepare(struct fpm_worker_pool_s *wp) /
static void fpm_resources_discard(struct fpm_child_s *child) /* {{{ */
{
- fpm_scoreboard_proc_free(child->wp->scoreboard, child->scoreboard_i);
+ fpm_scoreboard_proc_free(child);
fpm_stdio_discard_pipes(child);
fpm_child_free(child);
}
@@ -342,10 +342,10 @@ static void fpm_child_resources_use(struct fpm_child_s *child) /* {{{ */
if (wp == child->wp) {
continue;
}
- fpm_scoreboard_free(wp->scoreboard);
+ fpm_scoreboard_free(wp);
}
- fpm_scoreboard_child_use(child->wp->scoreboard, child->scoreboard_i, getpid());
+ fpm_scoreboard_child_use(child, getpid());
fpm_stdio_child_use_pipes(child);
fpm_child_free(child);
}
diff --git a/sapi/fpm/fpm/fpm_request.c b/sapi/fpm/fpm/fpm_request.c
index ed7e7a8..23782fb 100644
--- a/sapi/fpm/fpm/fpm_request.c
+++ b/sapi/fpm/fpm/fpm_request.c
@@ -287,7 +287,7 @@ int fpm_request_is_idle(struct fpm_child_s *child) /* {{{ */
struct fpm_scoreboard_proc_s *proc;
/* no need in atomicity here */
- proc = fpm_scoreboard_proc_get(child->wp->scoreboard, child->scoreboard_i);
+ proc = fpm_scoreboard_proc_get_from_child(child);
if (!proc) {
return 0;
}
@@ -302,7 +302,7 @@ int fpm_request_last_activity(struct fpm_child_s *child, struct timeval *tv) /*
if (!tv) return -1;
- proc = fpm_scoreboard_proc_get(child->wp->scoreboard, child->scoreboard_i);
+ proc = fpm_scoreboard_proc_get_from_child(child);
if (!proc) {
return -1;
}
diff --git a/sapi/fpm/fpm/fpm_scoreboard.c b/sapi/fpm/fpm/fpm_scoreboard.c
index e1e69c9..fcf9f16 100644
--- a/sapi/fpm/fpm/fpm_scoreboard.c
+++ b/sapi/fpm/fpm/fpm_scoreboard.c
@@ -8,6 +8,7 @@
#include <time.h>
#include "fpm_config.h"
+#include "fpm_children.h"
#include "fpm_scoreboard.h"
#include "fpm_shm.h"
#include "fpm_sockets.h"
@@ -25,7 +26,6 @@ static float fpm_scoreboard_tick;
int fpm_scoreboard_init_main() /* {{{ */
{
struct fpm_worker_pool_s *wp;
- unsigned int i;
#ifdef HAVE_TIMES
#if (defined(HAVE_SYSCONF) && defined(_SC_CLK_TCK))
@@ -42,7 +42,7 @@ int fpm_scoreboard_init_main() /* {{{ */
for (wp = fpm_worker_all_pools; wp; wp = wp->next) {
- size_t scoreboard_size, scoreboard_nprocs_size;
+ size_t scoreboard_procs_size;
void *shm_mem;
if (wp->config->pm_max_children < 1) {
@@ -55,22 +55,15 @@ int fpm_scoreboard_init_main() /* {{{ */
return -1;
}
- scoreboard_size = sizeof(struct fpm_scoreboard_s) + (wp->config->pm_max_children) * sizeof(struct fpm_scoreboard_proc_s *);
- scoreboard_nprocs_size = sizeof(struct fpm_scoreboard_proc_s) * wp->config->pm_max_children;
- shm_mem = fpm_shm_alloc(scoreboard_size + scoreboard_nprocs_size);
+ scoreboard_procs_size = sizeof(struct fpm_scoreboard_proc_s) * wp->config->pm_max_children;
+ shm_mem = fpm_shm_alloc(sizeof(struct fpm_scoreboard_s) + scoreboard_procs_size);
if (!shm_mem) {
return -1;
}
- wp->scoreboard = shm_mem;
+ wp->scoreboard = shm_mem;
+ wp->scoreboard->pm = wp->config->pm;
wp->scoreboard->nprocs = wp->config->pm_max_children;
- shm_mem += scoreboard_size;
-
- for (i = 0; i < wp->scoreboard->nprocs; i++, shm_mem += sizeof(struct fpm_scoreboard_proc_s)) {
- wp->scoreboard->procs[i] = shm_mem;
- }
-
- wp->scoreboard->pm = wp->config->pm;
wp->scoreboard->start_epoch = time(NULL);
strlcpy(wp->scoreboard->pool, wp->config->name, sizeof(wp->scoreboard->pool));
}
@@ -164,28 +157,47 @@ struct fpm_scoreboard_s *fpm_scoreboard_get() /* {{{*/
}
/* }}} */
-struct fpm_scoreboard_proc_s *fpm_scoreboard_proc_get(struct fpm_scoreboard_s *scoreboard, int child_index) /* {{{*/
+static inline struct fpm_scoreboard_proc_s *fpm_scoreboard_proc_get_ex(
+ struct fpm_scoreboard_s *scoreboard, int child_index, unsigned int nprocs) /* {{{*/
{
if (!scoreboard) {
- scoreboard = fpm_scoreboard;
+ return NULL;
}
- if (!scoreboard) {
+ if (child_index < 0 || (unsigned int)child_index >= nprocs) {
return NULL;
}
+ return &scoreboard->procs[child_index];
+}
+/* }}} */
+
+struct fpm_scoreboard_proc_s *fpm_scoreboard_proc_get(
+ struct fpm_scoreboard_s *scoreboard, int child_index) /* {{{*/
+{
+ if (!scoreboard) {
+ scoreboard = fpm_scoreboard;
+ }
+
if (child_index < 0) {
child_index = fpm_scoreboard_i;
}
- if (child_index < 0 || child_index >= scoreboard->nprocs) {
- return NULL;
- }
+ return fpm_scoreboard_proc_get_ex(scoreboard, child_index, scoreboard->nprocs);
+}
+
+struct fpm_scoreboard_proc_s *fpm_scoreboard_proc_get_from_child(struct fpm_child_s *child) /* {{{*/
+{
+ struct fpm_worker_pool_s *wp = child->wp;
+ unsigned int nprocs = wp->config->pm_max_children;
+ struct fpm_scoreboard_s *scoreboard = wp->scoreboard;
+ int child_index = child->scoreboard_i;
- return scoreboard->procs[child_index];
+ return fpm_scoreboard_proc_get_ex(scoreboard, child_index, nprocs);
}
/* }}} */
+
struct fpm_scoreboard_s *fpm_scoreboard_acquire(struct fpm_scoreboard_s *scoreboard, int nohang) /* {{{ */
{
struct fpm_scoreboard_s *s;
@@ -236,28 +248,28 @@ void fpm_scoreboard_proc_release(struct fpm_scoreboard_proc_s *proc) /* {{{ */
proc->lock = 0;
}
-void fpm_scoreboard_free(struct fpm_scoreboard_s *scoreboard) /* {{{ */
+void fpm_scoreboard_free(struct fpm_worker_pool_s *wp) /* {{{ */
{
- size_t scoreboard_size, scoreboard_nprocs_size;
+ size_t scoreboard_procs_size;
+ struct fpm_scoreboard_s *scoreboard = wp->scoreboard;
if (!scoreboard) {
zlog(ZLOG_ERROR, "**scoreboard is NULL");
return;
}
- scoreboard_size = sizeof(struct fpm_scoreboard_s) + (scoreboard->nprocs) * sizeof(struct fpm_scoreboard_proc_s *);
- scoreboard_nprocs_size = sizeof(struct fpm_scoreboard_proc_s) * scoreboard->nprocs;
-
- fpm_shm_free(scoreboard, scoreboard_size + scoreboard_nprocs_size);
+ scoreboard_procs_size = sizeof(struct fpm_scoreboard_proc_s) * wp->config->pm_max_children;
+
+ fpm_shm_free(scoreboard, sizeof(struct fpm_scoreboard_s) + scoreboard_procs_size);
}
/* }}} */
-void fpm_scoreboard_child_use(struct fpm_scoreboard_s *scoreboard, int child_index, pid_t pid) /* {{{ */
+void fpm_scoreboard_child_use(struct fpm_child_s *child, pid_t pid) /* {{{ */
{
struct fpm_scoreboard_proc_s *proc;
- fpm_scoreboard = scoreboard;
- fpm_scoreboard_i = child_index;
- proc = fpm_scoreboard_proc_get(scoreboard, child_index);
+ fpm_scoreboard = child->wp->scoreboard;
+ fpm_scoreboard_i = child->scoreboard_i;
+ proc = fpm_scoreboard_proc_get_from_child(child);
if (!proc) {
return;
}
@@ -266,18 +278,22 @@ void fpm_scoreboard_child_use(struct fpm_scoreboard_s *scoreboard, int child_ind
}
/* }}} */
-void fpm_scoreboard_proc_free(struct fpm_scoreboard_s *scoreboard, int child_index) /* {{{ */
+void fpm_scoreboard_proc_free(struct fpm_child_s *child) /* {{{ */
{
+ struct fpm_worker_pool_s *wp = child->wp;
+ struct fpm_scoreboard_s *scoreboard = wp->scoreboard;
+ int child_index = child->scoreboard_i;
+
if (!scoreboard) {
return;
}
- if (child_index < 0 || child_index >= scoreboard->nprocs) {
+ if (child_index < 0 || child_index >= wp->config->pm_max_children) {
return;
}
- if (scoreboard->procs[child_index] && scoreboard->procs[child_index]->used > 0) {
- memset(scoreboard->procs[child_index], 0, sizeof(struct fpm_scoreboard_proc_s));
+ if (scoreboard->procs[child_index].used > 0) {
+ memset(&scoreboard->procs[child_index], 0, sizeof(struct fpm_scoreboard_proc_s));
}
/* set this slot as free to avoid search on next alloc */
@@ -285,41 +301,44 @@ void fpm_scoreboard_proc_free(struct fpm_scoreboard_s *scoreboard, int child_ind
}
/* }}} */
-int fpm_scoreboard_proc_alloc(struct fpm_scoreboard_s *scoreboard, int *child_index) /* {{{ */
+int fpm_scoreboard_proc_alloc(struct fpm_child_s *child) /* {{{ */
{
int i = -1;
+ struct fpm_worker_pool_s *wp = child->wp;
+ struct fpm_scoreboard_s *scoreboard = wp->scoreboard;
+ int nprocs = wp->config->pm_max_children;
- if (!scoreboard || !child_index) {
+ if (!scoreboard) {
return -1;
}
/* first try the slot which is supposed to be free */
- if (scoreboard->free_proc >= 0 && scoreboard->free_proc < scoreboard->nprocs) {
- if (scoreboard->procs[scoreboard->free_proc] && !scoreboard->procs[scoreboard->free_proc]->used) {
+ if (scoreboard->free_proc >= 0 && scoreboard->free_proc < nprocs) {
+ if (!scoreboard->procs[scoreboard->free_proc].used) {
i = scoreboard->free_proc;
}
}
if (i < 0) { /* the supposed free slot is not, let's search for a free slot */
zlog(ZLOG_DEBUG, "[pool %s] the proc->free_slot was not free. Let's search", scoreboard->pool);
- for (i = 0; i < scoreboard->nprocs; i++) {
- if (scoreboard->procs[i] && !scoreboard->procs[i]->used) { /* found */
+ for (i = 0; i < nprocs; i++) {
+ if (!scoreboard->procs[i].used) { /* found */
break;
}
}
}
/* no free slot */
- if (i < 0 || i >= scoreboard->nprocs) {
+ if (i < 0 || i >= nprocs) {
zlog(ZLOG_ERROR, "[pool %s] no free scoreboard slot", scoreboard->pool);
return -1;
}
- scoreboard->procs[i]->used = 1;
- *child_index = i;
+ scoreboard->procs[i].used = 1;
+ child->scoreboard_i = i;
/* supposed next slot is free */
- if (i + 1 >= scoreboard->nprocs) {
+ if (i + 1 >= nprocs) {
scoreboard->free_proc = 0;
} else {
scoreboard->free_proc = i + 1;
diff --git a/sapi/fpm/fpm/fpm_scoreboard.h b/sapi/fpm/fpm/fpm_scoreboard.h
index f58a287..a0cc093 100644
--- a/sapi/fpm/fpm/fpm_scoreboard.h
+++ b/sapi/fpm/fpm/fpm_scoreboard.h
@@ -65,7 +65,7 @@ struct fpm_scoreboard_s {
unsigned int nprocs;
int free_proc;
unsigned long int slow_rq;
- struct fpm_scoreboard_proc_s *procs[];
+ struct fpm_scoreboard_proc_s procs[];
};
int fpm_scoreboard_init_main();
@@ -74,18 +74,19 @@ int fpm_scoreboard_init_child(struct fpm_worker_pool_s *wp);
void fpm_scoreboard_update(int idle, int active, int lq, int lq_len, int requests, int max_children_reached, int slow_rq, int action, struct fpm_scoreboard_s *scoreboard);
struct fpm_scoreboard_s *fpm_scoreboard_get();
struct fpm_scoreboard_proc_s *fpm_scoreboard_proc_get(struct fpm_scoreboard_s *scoreboard, int child_index);
+struct fpm_scoreboard_proc_s *fpm_scoreboard_proc_get_from_child(struct fpm_child_s *child);
struct fpm_scoreboard_s *fpm_scoreboard_acquire(struct fpm_scoreboard_s *scoreboard, int nohang);
void fpm_scoreboard_release(struct fpm_scoreboard_s *scoreboard);
struct fpm_scoreboard_proc_s *fpm_scoreboard_proc_acquire(struct fpm_scoreboard_s *scoreboard, int child_index, int nohang);
void fpm_scoreboard_proc_release(struct fpm_scoreboard_proc_s *proc);
-void fpm_scoreboard_free(struct fpm_scoreboard_s *scoreboard);
+void fpm_scoreboard_free(struct fpm_worker_pool_s *wp);
-void fpm_scoreboard_child_use(struct fpm_scoreboard_s *scoreboard, int child_index, pid_t pid);
+void fpm_scoreboard_child_use(struct fpm_child_s *child, pid_t pid);
-void fpm_scoreboard_proc_free(struct fpm_scoreboard_s *scoreboard, int child_index);
-int fpm_scoreboard_proc_alloc(struct fpm_scoreboard_s *scoreboard, int *child_index);
+void fpm_scoreboard_proc_free(struct fpm_child_s *child);
+int fpm_scoreboard_proc_alloc(struct fpm_child_s *child);
#ifdef HAVE_TIMES
float fpm_scoreboard_get_tick();
diff --git a/sapi/fpm/fpm/fpm_status.c b/sapi/fpm/fpm/fpm_status.c
index 2363b57..a2ee398 100644
--- a/sapi/fpm/fpm/fpm_status.c
+++ b/sapi/fpm/fpm/fpm_status.c
@@ -399,10 +399,10 @@ int fpm_status_handle_request(TSRMLS_D) /* {{{ */
first = 1;
for (i=0; i<scoreboard_p->nprocs; i++) {
- if (!scoreboard_p->procs[i] || !scoreboard_p->procs[i]->used) {
+ if (!scoreboard_p->procs[i].used) {
continue;
}
- proc = *scoreboard_p->procs[i];
+ proc = scoreboard_p->procs[i];
if (first) {
first = 0;
diff --git a/sapi/fpm/fpm/fpm_worker_pool.c b/sapi/fpm/fpm/fpm_worker_pool.c
index a002291..c778b33 100644
--- a/sapi/fpm/fpm/fpm_worker_pool.c
+++ b/sapi/fpm/fpm/fpm_worker_pool.c
@@ -44,7 +44,7 @@ static void fpm_worker_pool_cleanup(int which, void *arg) /* {{{ */
fpm_worker_pool_config_free(wp->config);
fpm_children_free(wp->children);
if ((which & FPM_CLEANUP_CHILD) == 0 && fpm_globals.parent_pid == getpid()) {
- fpm_scoreboard_free(wp->scoreboard);
+ fpm_scoreboard_free(wp);
}
fpm_worker_pool_free(wp);
}

396
services/custombuild/patches/fpm_scoreboard_proc_oob_fix_v4_7.0.patch Normal file
View File

@@ -0,0 +1,396 @@
From: Jakub Zelenka <bukka@php.net>
Date: Sat, 2 Oct 2021 22:53:41 +0100
Subject: Fix bug #81026 (PHP-FPM oob R/W in root process leading to priv
escalation)
The main change is to store scoreboard procs directly to the variable sized
array rather than indirectly through the pointer.
Signed-off-by: Stanislav Malyshev <stas@php.net>
(cherry picked from commit cb2021e5f69da5e2868130a05bb53db0f9f89e4b)
---
sapi/fpm/fpm/fpm_children.c | 14 +++---
sapi/fpm/fpm/fpm_request.c | 4 +-
sapi/fpm/fpm/fpm_scoreboard.c | 107 ++++++++++++++++++++++++-----------------
sapi/fpm/fpm/fpm_scoreboard.h | 11 +++--
sapi/fpm/fpm/fpm_status.c | 4 +-
sapi/fpm/fpm/fpm_worker_pool.c | 2 +-
6 files changed, 81 insertions(+), 61 deletions(-)
diff --git a/sapi/fpm/fpm/fpm_children.c b/sapi/fpm/fpm/fpm_children.c
index b48fa54..c7f97fd 100644
--- a/sapi/fpm/fpm/fpm_children.c
+++ b/sapi/fpm/fpm/fpm_children.c
@@ -239,7 +239,7 @@ void fpm_children_bury() /* {{{ */
fpm_child_unlink(child);
- fpm_scoreboard_proc_free(wp->scoreboard, child->scoreboard_i);
+ fpm_scoreboard_proc_free(child);
fpm_clock_get(&tv1);
@@ -249,9 +249,9 @@ void fpm_children_bury() /* {{{ */
if (!fpm_pctl_can_spawn_children()) {
severity = ZLOG_DEBUG;
}
- zlog(severity, "[pool %s] child %d exited %s after %ld.%06d seconds from start", child->wp->config->name, (int) pid, buf, tv2.tv_sec, (int) tv2.tv_usec);
+ zlog(severity, "[pool %s] child %d exited %s after %ld.%06d seconds from start", wp->config->name, (int) pid, buf, tv2.tv_sec, (int) tv2.tv_usec);
} else {
- zlog(ZLOG_DEBUG, "[pool %s] child %d has been killed by the process management after %ld.%06d seconds from start", child->wp->config->name, (int) pid, tv2.tv_sec, (int) tv2.tv_usec);
+ zlog(ZLOG_DEBUG, "[pool %s] child %d has been killed by the process management after %ld.%06d seconds from start", wp->config->name, (int) pid, tv2.tv_sec, (int) tv2.tv_usec);
}
fpm_child_close(child, 1 /* in event_loop */);
@@ -317,7 +317,7 @@ static struct fpm_child_s *fpm_resources_prepare(struct fpm_worker_pool_s *wp) /
return 0;
}
- if (0 > fpm_scoreboard_proc_alloc(wp->scoreboard, &c->scoreboard_i)) {
+ if (0 > fpm_scoreboard_proc_alloc(c)) {
fpm_stdio_discard_pipes(c);
fpm_child_free(c);
return 0;
@@ -329,7 +329,7 @@ static struct fpm_child_s *fpm_resources_prepare(struct fpm_worker_pool_s *wp) /
static void fpm_resources_discard(struct fpm_child_s *child) /* {{{ */
{
- fpm_scoreboard_proc_free(child->wp->scoreboard, child->scoreboard_i);
+ fpm_scoreboard_proc_free(child);
fpm_stdio_discard_pipes(child);
fpm_child_free(child);
}
@@ -342,10 +342,10 @@ static void fpm_child_resources_use(struct fpm_child_s *child) /* {{{ */
if (wp == child->wp) {
continue;
}
- fpm_scoreboard_free(wp->scoreboard);
+ fpm_scoreboard_free(wp);
}
- fpm_scoreboard_child_use(child->wp->scoreboard, child->scoreboard_i, getpid());
+ fpm_scoreboard_child_use(child, getpid());
fpm_stdio_child_use_pipes(child);
fpm_child_free(child);
}
diff --git a/sapi/fpm/fpm/fpm_request.c b/sapi/fpm/fpm/fpm_request.c
index 3f82a7d..a707fd2 100644
--- a/sapi/fpm/fpm/fpm_request.c
+++ b/sapi/fpm/fpm/fpm_request.c
@@ -287,7 +287,7 @@ int fpm_request_is_idle(struct fpm_child_s *child) /* {{{ */
struct fpm_scoreboard_proc_s *proc;
/* no need in atomicity here */
- proc = fpm_scoreboard_proc_get(child->wp->scoreboard, child->scoreboard_i);
+ proc = fpm_scoreboard_proc_get_from_child(child);
if (!proc) {
return 0;
}
@@ -302,7 +302,7 @@ int fpm_request_last_activity(struct fpm_child_s *child, struct timeval *tv) /*
if (!tv) return -1;
- proc = fpm_scoreboard_proc_get(child->wp->scoreboard, child->scoreboard_i);
+ proc = fpm_scoreboard_proc_get_from_child(child);
if (!proc) {
return -1;
}
diff --git a/sapi/fpm/fpm/fpm_scoreboard.c b/sapi/fpm/fpm/fpm_scoreboard.c
index 5693ce4..45d44f4 100644
--- a/sapi/fpm/fpm/fpm_scoreboard.c
+++ b/sapi/fpm/fpm/fpm_scoreboard.c
@@ -8,6 +8,7 @@
#include <time.h>
#include "fpm_config.h"
+#include "fpm_children.h"
#include "fpm_scoreboard.h"
#include "fpm_shm.h"
#include "fpm_sockets.h"
@@ -25,7 +26,6 @@ static float fpm_scoreboard_tick;
int fpm_scoreboard_init_main() /* {{{ */
{
struct fpm_worker_pool_s *wp;
- unsigned int i;
#ifdef HAVE_TIMES
#if (defined(HAVE_SYSCONF) && defined(_SC_CLK_TCK))
@@ -42,7 +42,7 @@ int fpm_scoreboard_init_main() /* {{{ */
for (wp = fpm_worker_all_pools; wp; wp = wp->next) {
- size_t scoreboard_size, scoreboard_nprocs_size;
+ size_t scoreboard_procs_size;
void *shm_mem;
if (wp->config->pm_max_children < 1) {
@@ -55,22 +55,15 @@ int fpm_scoreboard_init_main() /* {{{ */
return -1;
}
- scoreboard_size = sizeof(struct fpm_scoreboard_s) + (wp->config->pm_max_children) * sizeof(struct fpm_scoreboard_proc_s *);
- scoreboard_nprocs_size = sizeof(struct fpm_scoreboard_proc_s) * wp->config->pm_max_children;
- shm_mem = fpm_shm_alloc(scoreboard_size + scoreboard_nprocs_size);
+ scoreboard_procs_size = sizeof(struct fpm_scoreboard_proc_s) * wp->config->pm_max_children;
+ shm_mem = fpm_shm_alloc(sizeof(struct fpm_scoreboard_s) + scoreboard_procs_size);
if (!shm_mem) {
return -1;
}
- wp->scoreboard = shm_mem;
+ wp->scoreboard = shm_mem;
+ wp->scoreboard->pm = wp->config->pm;
wp->scoreboard->nprocs = wp->config->pm_max_children;
- shm_mem += scoreboard_size;
-
- for (i = 0; i < wp->scoreboard->nprocs; i++, shm_mem += sizeof(struct fpm_scoreboard_proc_s)) {
- wp->scoreboard->procs[i] = shm_mem;
- }
-
- wp->scoreboard->pm = wp->config->pm;
wp->scoreboard->start_epoch = time(NULL);
strlcpy(wp->scoreboard->pool, wp->config->name, sizeof(wp->scoreboard->pool));
}
@@ -164,28 +157,47 @@ struct fpm_scoreboard_s *fpm_scoreboard_get() /* {{{*/
}
/* }}} */
-struct fpm_scoreboard_proc_s *fpm_scoreboard_proc_get(struct fpm_scoreboard_s *scoreboard, int child_index) /* {{{*/
+static inline struct fpm_scoreboard_proc_s *fpm_scoreboard_proc_get_ex(
+ struct fpm_scoreboard_s *scoreboard, int child_index, unsigned int nprocs) /* {{{*/
{
if (!scoreboard) {
- scoreboard = fpm_scoreboard;
+ return NULL;
}
- if (!scoreboard) {
+ if (child_index < 0 || (unsigned int)child_index >= nprocs) {
return NULL;
}
+ return &scoreboard->procs[child_index];
+}
+/* }}} */
+
+struct fpm_scoreboard_proc_s *fpm_scoreboard_proc_get(
+ struct fpm_scoreboard_s *scoreboard, int child_index) /* {{{*/
+{
+ if (!scoreboard) {
+ scoreboard = fpm_scoreboard;
+ }
+
if (child_index < 0) {
child_index = fpm_scoreboard_i;
}
- if (child_index < 0 || child_index >= scoreboard->nprocs) {
- return NULL;
- }
+ return fpm_scoreboard_proc_get_ex(scoreboard, child_index, scoreboard->nprocs);
+}
+
+struct fpm_scoreboard_proc_s *fpm_scoreboard_proc_get_from_child(struct fpm_child_s *child) /* {{{*/
+{
+ struct fpm_worker_pool_s *wp = child->wp;
+ unsigned int nprocs = wp->config->pm_max_children;
+ struct fpm_scoreboard_s *scoreboard = wp->scoreboard;
+ int child_index = child->scoreboard_i;
- return scoreboard->procs[child_index];
+ return fpm_scoreboard_proc_get_ex(scoreboard, child_index, nprocs);
}
/* }}} */
+
struct fpm_scoreboard_s *fpm_scoreboard_acquire(struct fpm_scoreboard_s *scoreboard, int nohang) /* {{{ */
{
struct fpm_scoreboard_s *s;
@@ -236,28 +248,28 @@ void fpm_scoreboard_proc_release(struct fpm_scoreboard_proc_s *proc) /* {{{ */
proc->lock = 0;
}
-void fpm_scoreboard_free(struct fpm_scoreboard_s *scoreboard) /* {{{ */
+void fpm_scoreboard_free(struct fpm_worker_pool_s *wp) /* {{{ */
{
- size_t scoreboard_size, scoreboard_nprocs_size;
+ size_t scoreboard_procs_size;
+ struct fpm_scoreboard_s *scoreboard = wp->scoreboard;
if (!scoreboard) {
zlog(ZLOG_ERROR, "**scoreboard is NULL");
return;
}
- scoreboard_size = sizeof(struct fpm_scoreboard_s) + (scoreboard->nprocs) * sizeof(struct fpm_scoreboard_proc_s *);
- scoreboard_nprocs_size = sizeof(struct fpm_scoreboard_proc_s) * scoreboard->nprocs;
-
- fpm_shm_free(scoreboard, scoreboard_size + scoreboard_nprocs_size);
+ scoreboard_procs_size = sizeof(struct fpm_scoreboard_proc_s) * wp->config->pm_max_children;
+
+ fpm_shm_free(scoreboard, sizeof(struct fpm_scoreboard_s) + scoreboard_procs_size);
}
/* }}} */
-void fpm_scoreboard_child_use(struct fpm_scoreboard_s *scoreboard, int child_index, pid_t pid) /* {{{ */
+void fpm_scoreboard_child_use(struct fpm_child_s *child, pid_t pid) /* {{{ */
{
struct fpm_scoreboard_proc_s *proc;
- fpm_scoreboard = scoreboard;
- fpm_scoreboard_i = child_index;
- proc = fpm_scoreboard_proc_get(scoreboard, child_index);
+ fpm_scoreboard = child->wp->scoreboard;
+ fpm_scoreboard_i = child->scoreboard_i;
+ proc = fpm_scoreboard_proc_get_from_child(child);
if (!proc) {
return;
}
@@ -266,18 +278,22 @@ void fpm_scoreboard_child_use(struct fpm_scoreboard_s *scoreboard, int child_ind
}
/* }}} */
-void fpm_scoreboard_proc_free(struct fpm_scoreboard_s *scoreboard, int child_index) /* {{{ */
+void fpm_scoreboard_proc_free(struct fpm_child_s *child) /* {{{ */
{
+ struct fpm_worker_pool_s *wp = child->wp;
+ struct fpm_scoreboard_s *scoreboard = wp->scoreboard;
+ int child_index = child->scoreboard_i;
+
if (!scoreboard) {
return;
}
- if (child_index < 0 || child_index >= scoreboard->nprocs) {
+ if (child_index < 0 || child_index >= wp->config->pm_max_children) {
return;
}
- if (scoreboard->procs[child_index] && scoreboard->procs[child_index]->used > 0) {
- memset(scoreboard->procs[child_index], 0, sizeof(struct fpm_scoreboard_proc_s));
+ if (scoreboard->procs[child_index].used > 0) {
+ memset(&scoreboard->procs[child_index], 0, sizeof(struct fpm_scoreboard_proc_s));
}
/* set this slot as free to avoid search on next alloc */
@@ -285,41 +301,44 @@ void fpm_scoreboard_proc_free(struct fpm_scoreboard_s *scoreboard, int child_ind
}
/* }}} */
-int fpm_scoreboard_proc_alloc(struct fpm_scoreboard_s *scoreboard, int *child_index) /* {{{ */
+int fpm_scoreboard_proc_alloc(struct fpm_child_s *child) /* {{{ */
{
int i = -1;
+ struct fpm_worker_pool_s *wp = child->wp;
+ struct fpm_scoreboard_s *scoreboard = wp->scoreboard;
+ int nprocs = wp->config->pm_max_children;
- if (!scoreboard || !child_index) {
+ if (!scoreboard) {
return -1;
}
/* first try the slot which is supposed to be free */
- if (scoreboard->free_proc >= 0 && scoreboard->free_proc < scoreboard->nprocs) {
- if (scoreboard->procs[scoreboard->free_proc] && !scoreboard->procs[scoreboard->free_proc]->used) {
+ if (scoreboard->free_proc >= 0 && scoreboard->free_proc < nprocs) {
+ if (!scoreboard->procs[scoreboard->free_proc].used) {
i = scoreboard->free_proc;
}
}
if (i < 0) { /* the supposed free slot is not, let's search for a free slot */
zlog(ZLOG_DEBUG, "[pool %s] the proc->free_slot was not free. Let's search", scoreboard->pool);
- for (i = 0; i < scoreboard->nprocs; i++) {
- if (scoreboard->procs[i] && !scoreboard->procs[i]->used) { /* found */
+ for (i = 0; i < nprocs; i++) {
+ if (!scoreboard->procs[i].used) { /* found */
break;
}
}
}
/* no free slot */
- if (i < 0 || i >= scoreboard->nprocs) {
+ if (i < 0 || i >= nprocs) {
zlog(ZLOG_ERROR, "[pool %s] no free scoreboard slot", scoreboard->pool);
return -1;
}
- scoreboard->procs[i]->used = 1;
- *child_index = i;
+ scoreboard->procs[i].used = 1;
+ child->scoreboard_i = i;
/* supposed next slot is free */
- if (i + 1 >= scoreboard->nprocs) {
+ if (i + 1 >= nprocs) {
scoreboard->free_proc = 0;
} else {
scoreboard->free_proc = i + 1;
diff --git a/sapi/fpm/fpm/fpm_scoreboard.h b/sapi/fpm/fpm/fpm_scoreboard.h
index f58a287..a0cc093 100644
--- a/sapi/fpm/fpm/fpm_scoreboard.h
+++ b/sapi/fpm/fpm/fpm_scoreboard.h
@@ -65,7 +65,7 @@ struct fpm_scoreboard_s {
unsigned int nprocs;
int free_proc;
unsigned long int slow_rq;
- struct fpm_scoreboard_proc_s *procs[];
+ struct fpm_scoreboard_proc_s procs[];
};
int fpm_scoreboard_init_main();
@@ -74,18 +74,19 @@ int fpm_scoreboard_init_child(struct fpm_worker_pool_s *wp);
void fpm_scoreboard_update(int idle, int active, int lq, int lq_len, int requests, int max_children_reached, int slow_rq, int action, struct fpm_scoreboard_s *scoreboard);
struct fpm_scoreboard_s *fpm_scoreboard_get();
struct fpm_scoreboard_proc_s *fpm_scoreboard_proc_get(struct fpm_scoreboard_s *scoreboard, int child_index);
+struct fpm_scoreboard_proc_s *fpm_scoreboard_proc_get_from_child(struct fpm_child_s *child);
struct fpm_scoreboard_s *fpm_scoreboard_acquire(struct fpm_scoreboard_s *scoreboard, int nohang);
void fpm_scoreboard_release(struct fpm_scoreboard_s *scoreboard);
struct fpm_scoreboard_proc_s *fpm_scoreboard_proc_acquire(struct fpm_scoreboard_s *scoreboard, int child_index, int nohang);
void fpm_scoreboard_proc_release(struct fpm_scoreboard_proc_s *proc);
-void fpm_scoreboard_free(struct fpm_scoreboard_s *scoreboard);
+void fpm_scoreboard_free(struct fpm_worker_pool_s *wp);
-void fpm_scoreboard_child_use(struct fpm_scoreboard_s *scoreboard, int child_index, pid_t pid);
+void fpm_scoreboard_child_use(struct fpm_child_s *child, pid_t pid);
-void fpm_scoreboard_proc_free(struct fpm_scoreboard_s *scoreboard, int child_index);
-int fpm_scoreboard_proc_alloc(struct fpm_scoreboard_s *scoreboard, int *child_index);
+void fpm_scoreboard_proc_free(struct fpm_child_s *child);
+int fpm_scoreboard_proc_alloc(struct fpm_child_s *child);
#ifdef HAVE_TIMES
float fpm_scoreboard_get_tick();
diff --git a/sapi/fpm/fpm/fpm_status.c b/sapi/fpm/fpm/fpm_status.c
index 3e82fac..666a1d9 100644
--- a/sapi/fpm/fpm/fpm_status.c
+++ b/sapi/fpm/fpm/fpm_status.c
@@ -402,10 +402,10 @@ int fpm_status_handle_request(void) /* {{{ */
first = 1;
for (i=0; i<scoreboard_p->nprocs; i++) {
- if (!scoreboard_p->procs[i] || !scoreboard_p->procs[i]->used) {
+ if (!scoreboard_p->procs[i].used) {
continue;
}
- proc = *scoreboard_p->procs[i];
+ proc = scoreboard_p->procs[i];
if (first) {
first = 0;
diff --git a/sapi/fpm/fpm/fpm_worker_pool.c b/sapi/fpm/fpm/fpm_worker_pool.c
index a002291..c778b33 100644
--- a/sapi/fpm/fpm/fpm_worker_pool.c
+++ b/sapi/fpm/fpm/fpm_worker_pool.c
@@ -44,7 +44,7 @@ static void fpm_worker_pool_cleanup(int which, void *arg) /* {{{ */
fpm_worker_pool_config_free(wp->config);
fpm_children_free(wp->children);
if ((which & FPM_CLEANUP_CHILD) == 0 && fpm_globals.parent_pid == getpid()) {
- fpm_scoreboard_free(wp->scoreboard);
+ fpm_scoreboard_free(wp);
}
fpm_worker_pool_free(wp);
}

74
services/custombuild/patches/liblua_so.patch Normal file
View File

@@ -0,0 +1,74 @@
--- src/Makefile 2018-06-26 00:46:36.000000000 +0700
+++ src/Makefile 2020-02-03 20:23:54.066910822 +0700
@@ -1,3 +1,4 @@
+
# Makefile for building Lua
# See ../doc/readme.html for installation and customization instructions.
@@ -7,7 +8,7 @@
PLAT= none
CC= gcc -std=gnu99
-CFLAGS= -O2 -Wall -Wextra -DLUA_COMPAT_5_2 $(SYSCFLAGS) $(MYCFLAGS)
+CFLAGS= -O2 -Wall -Wextra -DLUA_COMPAT_5_2 $(SYSCFLAGS) $(MYCFLAGS) -fPIC
LDFLAGS= $(SYSLDFLAGS) $(MYLDFLAGS)
LIBS= -lm $(SYSLIBS) $(MYLIBS)
@@ -43,7 +43,8 @@
LUAC_O= luac.o
ALL_O= $(BASE_O) $(LUA_O) $(LUAC_O)
-ALL_T= $(LUA_A) $(LUA_T) $(LUAC_T)
+LUA_SO= liblua.so
+ALL_T= $(LUA_A) $(LUA_T) $(LUAC_T) $(LUA_SO)
ALL_A= $(LUA_A)
# Targets start here.
@@ -59,6 +60,11 @@
$(AR) $@ $(BASE_O)
$(RANLIB) $@
+$(LUA_SO): $(CORE_O) $(LIB_O)
+ $(CC) -shared -ldl -Wl,-soname,$(LUA_SO).$(V) -o $@.$(R) $? -lm $(MYLDFLAGS)
+ ln -sf $(LUA_SO).$(R) $(LUA_SO).$(V)
+ ln -sf $(LUA_SO).$(R) $(LUA_SO)
+
$(LUA_T): $(LUA_O) $(LUA_A)
$(CC) -o $@ $(LDFLAGS) $(LUA_O) $(LUA_A) $(LIBS)
--- Makefile 2016-12-20 23:26:08.000000000 +0700
+++ Makefile 2020-02-03 20:43:00.870910828 +0700
@@ -38,10 +38,14 @@
# Convenience platforms targets.
PLATS= aix bsd c89 freebsd generic linux macosx mingw posix solaris
+# Lua version and release.
+V= 5.3
+R= $V.5
+
# What to install.
TO_BIN= lua luac
TO_INC= lua.h luaconf.h lualib.h lauxlib.h lua.hpp
-TO_LIB= liblua.a
+TO_LIB= liblua.a liblua.so.$(R)
TO_MAN= lua.1 luac.1
# Lua version and release.
@@ -52,7 +56,7 @@
all: $(PLAT)
$(PLATS) clean:
- cd src && $(MAKE) $@
+ cd src && $(MAKE) $@ V=$(V) R=$(R)
test: dummy
src/lua -v
@@ -63,6 +67,8 @@
cd src && $(INSTALL_DATA) $(TO_INC) $(INSTALL_INC)
cd src && $(INSTALL_DATA) $(TO_LIB) $(INSTALL_LIB)
cd doc && $(INSTALL_DATA) $(TO_MAN) $(INSTALL_MAN)
+ ln -s $(INSTALL_LIB)/liblua.so.$(R) $(INSTALL_LIB)/liblua.so.$(V)
+ ln -s $(INSTALL_LIB)/liblua.so.$(R) $(INSTALL_LIB)/liblua.so
uninstall:
cd src && cd $(INSTALL_BIN) && $(RM) $(TO_BIN)

16
services/custombuild/patches/libspf2-1.2.10-mga-varargs.patch Normal file
View File

@@ -0,0 +1,16 @@
--- libspf2-1.2.10/src/include/spf_log.h
+++ libspf2-1.2.10/src/include/spf_log.h 2015-10-20 23:23:04.579055906 +0200
@@ -60,10 +60,10 @@
#if defined( __STDC_VERSION__ ) && __STDC_VERSION__ >= 199901L
-#define SPF_errorf(format, ... ) SPF_errorx( __FILE__, __LINE__, format, __VA_ARGS__ )
-#define SPF_warningf(format, ... ) SPF_warningx( __FILE__, __LINE__, format, __VA_ARGS__ )
-#define SPF_infof(format, ... ) SPF_infox( __FILE__, __LINE__, format, __VA_ARGS__ )
-#define SPF_debugf(format, ... ) SPF_debugx( __FILE__, __LINE__, format, __VA_ARGS__ )
+#define SPF_errorf(...) SPF_errorx( __FILE__, __LINE__, __VA_ARGS__ )
+#define SPF_warningf(...) SPF_warningx( __FILE__, __LINE__, __VA_ARGS__ )
+#define SPF_infof(...) SPF_infox( __FILE__, __LINE__, __VA_ARGS__ )
+#define SPF_debugf(...) SPF_debugx( __FILE__, __LINE__, __VA_ARGS__ )
#elif defined( __GNUC__ )

34
services/custombuild/patches/maildirlock-crash.patch Normal file
View File

@@ -0,0 +1,34 @@
diff --git a/src/util/maildirlock.c b/src/util/maildirlock.c
index 89fbacc3d..a6ebdc71b 100644
--- a/src/util/maildirlock.c
+++ b/src/util/maildirlock.c
@@ -34,6 +34,11 @@ static int maildir_lock(const char *path, unsigned int timeout,
return file_dotlock_create(&dotlock_settings, path, 0, dotlock_r);
}
+static void dummy_read(int *fd ATTR_UNUSED)
+{
+ /* this should never be reached anyways */
+}
+
int main(int argc, const char *argv[])
{
struct dotlock *dotlock;
@@ -91,12 +96,16 @@ int main(int argc, const char *argv[])
if (maildir_lock(argv[1], timeout, &dotlock) <= 0)
return 1;
+ struct io *io = io_add(fd[0], IO_READ, dummy_read, fd);
+
/* locked - send a byte */
if (write_full(fd[1], "", 1) < 0)
i_fatal("write(pipe) failed: %m");
io_loop_run(ioloop);
+ io_remove(&io);
+
file_dotlock_delete(&dotlock);
lib_signals_deinit();

15
services/custombuild/patches/mariadb-10.3-jemalloc_helper.h-patch Normal file
View File

@@ -0,0 +1,15 @@
--- storage/rocksdb/rocksdb/port/jemalloc_helper.h.orig 2019-12-30 17:34:30.454412000 -0700
+++ storage/rocksdb/rocksdb/port/jemalloc_helper.h 2019-12-30 17:38:27.519320000 -0700
@@ -12,6 +12,12 @@
#include <jemalloc/jemalloc.h>
#endif
+#ifdef __FreeBSD__
+#ifndef JEMALLOC_USABLE_SIZE_CONST
+#define JEMALLOC_USABLE_SIZE_CONST const
+#endif
+#endif
+
#ifndef JEMALLOC_CXX_THROW
#define JEMALLOC_CXX_THROW
#endif

26
services/custombuild/patches/mod_aclr2_userdir.patch Normal file
View File

@@ -0,0 +1,26 @@
--- mod_aclr2.c.unpatched 2015-05-12 20:12:32.687000116 +0200
+++ mod_aclr2.c 2015-05-13 10:23:09.215000116 +0200
@@ -147,6 +147,23 @@
real_uri += docroot_len;
}
+ if (!strncmp(real_uri, "/~", 2))
+ {
+ char *first = real_uri+1; //points to ~
+ //and then do the same thing for the shifting.
+ char *bbb = strchr(first, '/'); //points to 2nd /
+ if (bbb)
+ {
+ int size = strlen(bbb);
+ memmove(real_uri, bbb, size);
+ real_uri[size] = '\0'; //ensure string is null terminated.
+ }
+ else
+ {
+ real_uri[1] = '\0'; //stomp on the ~ making it "/"
+ }
+ }
+
snprintf(iredirect, sizeof(iredirect), "%s%s", idhead, real_uri);
aclr_debug(3, r->server, "trying to process request: %s%s -> %s",

30
services/custombuild/patches/mod_suexec_directory.patch Normal file
View File

@@ -0,0 +1,30 @@
--- httpd-2.4.10/modules/generators/mod_suexec.c.old 2011-12-05 01:08:01.000000000 +0100
+++ httpd-2.4.10/modules/generators/mod_suexec.c 2014-09-11 00:16:21.444000009 +0200
@@ -59,7 +59,7 @@
const char *uid, const char *gid)
{
suexec_config_t *cfg = (suexec_config_t *) mconfig;
- const char *err = ap_check_cmd_context(cmd, NOT_IN_DIR_CONTEXT);
+ const char *err = ap_check_cmd_context(cmd, NOT_IN_LOCATION|NOT_IN_FILES);
if (err != NULL) {
return err;
@@ -116,7 +116,7 @@
{
/* XXX - Another important reason not to allow this in .htaccess is that
* the ap_[ug]name2id() is not thread-safe */
- AP_INIT_TAKE2("SuexecUserGroup", set_suexec_ugid, NULL, RSRC_CONF,
+ AP_INIT_TAKE2("SuexecUserGroup", set_suexec_ugid, NULL, RSRC_CONF|ACCESS_CONF,
"User and group for spawned processes"),
{ NULL }
};
--- httpd-2.4.10/support/suexec.c.old 2014-10-10 11:48:20.388000025 +0200
+++ httpd-2.4.10/support/suexec.c 2014-10-10 11:50:30.757000025 +0200
@@ -308,6 +308,7 @@
#ifdef AP_SUEXEC_UMASK
fprintf(stderr, " -D AP_SUEXEC_UMASK=%03o\n", AP_SUEXEC_UMASK);
#endif
+ fprintf(stderr, " -D AP_PER_DIR=\"yes\"\n");
#ifdef AP_UID_MIN
fprintf(stderr, " -D AP_UID_MIN=%d\n", AP_UID_MIN);
#endif

108
services/custombuild/patches/modsec-712.patch Normal file
View File

@@ -0,0 +1,108 @@
diff --git a/apache2/msc_logging.c b/apache2/msc_logging.c
index 3323fac..ce8b069 100644
--- a/apache2/msc_logging.c
+++ b/apache2/msc_logging.c
@@ -225,10 +225,20 @@ static char *construct_auditlog_filename(apr_pool_t *mp, const char *uniqueid) {
char tstr[300];
apr_size_t len;
+ /**
+ * This is required for mpm-itk & mod_ruid2, though should be harmless for other implementations
+ * It also changes the return statement.
+ */
+ char *username;
+ apr_uid_t uid;
+ apr_gid_t gid;
+ apr_uid_current(&uid, &gid, mp);
+ apr_uid_name_get(&username, uid, mp);
+
apr_time_exp_lt(&t, apr_time_now());
apr_strftime(tstr, &len, 299, "/%Y%m%d/%Y%m%d-%H%M/%Y%m%d-%H%M%S", &t);
- return apr_psprintf(mp, "%s-%s", tstr, uniqueid);
+ return apr_psprintf(mp, "/%s%s-%s", username, tstr, uniqueid);
}
/**
diff --git a/apache2/persist_dbm.c b/apache2/persist_dbm.c
index b698e79..8631ac9 100644
--- a/apache2/persist_dbm.c
+++ b/apache2/persist_dbm.c
@@ -101,6 +101,15 @@ static apr_table_t *collection_retrieve_ex(apr_sdbm_t *existing_dbm, modsec_rec
int expired = 0;
int i;
+ /**
+ * This is required for mpm-itk & mod_ruid2, though should be harmless for other implementations
+ */
+ char *username;
+ apr_uid_t uid;
+ apr_gid_t gid;
+ apr_uid_current(&uid, &gid, msr->mp);
+ apr_uid_name_get(&username, uid, msr->mp);
+
if (msr->txcfg->data_dir == NULL) {
msr_log(msr, 1, "collection_retrieve_ex: Unable to retrieve collection (name \"%s\", key \"%s\"). Use "
"SecDataDir to define data directory first.", log_escape(msr->mp, col_name),
@@ -108,7 +117,7 @@ static apr_table_t *collection_retrieve_ex(apr_sdbm_t *existing_dbm, modsec_rec
goto cleanup;
}
- dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", col_name, NULL);
+ dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", username, "-", col_name, NULL);
if (msr->txcfg->debuglog_level >= 9) {
msr_log(msr, 9, "collection_retrieve_ex: collection_retrieve_ex: Retrieving collection (name \"%s\", filename \"%s\")",log_escape(msr->mp, col_name),
@@ -336,6 +345,15 @@ int collection_store(modsec_rec *msr, apr_table_t *col) {
const apr_table_t *stored_col = NULL;
const apr_table_t *orig_col = NULL;
+ /**
+ * This is required for mpm-itk & mod_ruid2, though should be harmless for other implementations
+ */
+ char *username;
+ apr_uid_t uid;
+ apr_gid_t gid;
+ apr_uid_current(&uid, &gid, msr->mp);
+ apr_uid_name_get(&username, uid, msr->mp);
+
var_name = (msc_string *)apr_table_get(col, "__name");
if (var_name == NULL) {
goto error;
@@ -354,7 +372,7 @@ int collection_store(modsec_rec *msr, apr_table_t *col) {
}
// ENH: lowercase the var name in the filename
- dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", var_name->value, NULL);
+ dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", username, "-", var_name->value, NULL);
if (msr->txcfg->debuglog_level >= 9) {
msr_log(msr, 9, "collection_store: Retrieving collection (name \"%s\", filename \"%s\")",log_escape(msr->mp, var_name->value),
@@ -585,6 +603,15 @@ int collections_remove_stale(modsec_rec *msr, const char *col_name) {
apr_time_t now = apr_time_sec(msr->request_time);
int i;
+ /**
+ * This is required for mpm-itk & mod_ruid2, though should be harmless for other implementations
+ */
+ char *username;
+ apr_uid_t uid;
+ apr_gid_t gid;
+ apr_uid_current(&uid, &gid, msr->mp);
+ apr_uid_name_get(&username, uid, msr->mp);
+
if (msr->txcfg->data_dir == NULL) {
/* The user has been warned about this problem enough times already by now.
* msr_log(msr, 1, "Unable to access collection file (name \"%s\"). Use SecDataDir to "
@@ -594,9 +621,9 @@ int collections_remove_stale(modsec_rec *msr, const char *col_name) {
}
if(strstr(col_name,"USER") || strstr(col_name,"SESSION") || strstr(col_name, "RESOURCE"))
- dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", msr->txcfg->webappid, "_", col_name, NULL);
+ dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", username, "-", msr->txcfg->webappid, "_", col_name, NULL);
else
- dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", col_name, NULL);
+ dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", username, "-", col_name, NULL);
if (msr->txcfg->debuglog_level >= 9) {
msr_log(msr, 9, "collections_remove_stale: Retrieving collection (name \"%s\", filename \"%s\")",log_escape(msr->mp, col_name),

690
services/custombuild/patches/multi-sapi-5.3.29.patch Normal file
View File

@@ -0,0 +1,690 @@
diff --git a/Makefile.global b/Makefile.global
index 3a5b1c2..7450162 100644
--- a/Makefile.global
+++ b/Makefile.global
@@ -13,6 +13,8 @@ all: $(all_targets)
build-modules: $(PHP_MODULES) $(PHP_ZEND_EX)
+build-binaries: $(PHP_BINARIES)
+
libphp$(PHP_MAJOR_VERSION).la: $(PHP_GLOBAL_OBJS) $(PHP_SAPI_OBJS)
$(LIBTOOL) --mode=link $(CC) $(CFLAGS) $(EXTRA_CFLAGS) -rpath $(phptempdir) $(EXTRA_LDFLAGS) $(LDFLAGS) $(PHP_RPATHS) $(PHP_GLOBAL_OBJS) $(PHP_SAPI_OBJS) $(EXTRA_LIBS) $(ZEND_EXTRA_LIBS) -o $@
-@$(LIBTOOL) --silent --mode=install cp $@ $(phptempdir)/$@ >/dev/null 2>&1
@@ -35,6 +37,8 @@ install-sapi: $(OVERALL_TARGET)
fi
@$(INSTALL_IT)
+install-binaries: build-binaries $(install_binary_targets)
+
install-modules: build-modules
@test -d modules && \
$(mkinstalldirs) $(INSTALL_ROOT)$(EXTENSION_DIR)
diff --git a/acinclude.m4 b/acinclude.m4
index 2681b79..605a9ba 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -194,7 +194,7 @@ dnl the path is interpreted relative to the top build-directory.
dnl
dnl which array to append to?
AC_DEFUN([PHP_ADD_SOURCES],[
- PHP_ADD_SOURCES_X($1, $2, $3, ifelse($4,cli,PHP_CLI_OBJS,ifelse($4,sapi,PHP_SAPI_OBJS,PHP_GLOBAL_OBJS)))
+ PHP_ADD_SOURCES_X($1, $2, $3, ifelse($4,sapi,PHP_SAPI_OBJS,PHP_GLOBAL_OBJS))
])
dnl
@@ -772,7 +772,7 @@ dnl
AC_DEFUN([PHP_BUILD_SHARED],[
PHP_BUILD_PROGRAM
OVERALL_TARGET=libphp[]$PHP_MAJOR_VERSION[.la]
- php_build_target=shared
+ php_sapi_module=shared
php_c_pre=$shared_c_pre
php_c_meta=$shared_c_meta
@@ -789,7 +789,7 @@ dnl
AC_DEFUN([PHP_BUILD_STATIC],[
PHP_BUILD_PROGRAM
OVERALL_TARGET=libphp[]$PHP_MAJOR_VERSION[.la]
- php_build_target=static
+ php_sapi_module=static
])
dnl
@@ -798,14 +798,13 @@ dnl
AC_DEFUN([PHP_BUILD_BUNDLE],[
PHP_BUILD_PROGRAM
OVERALL_TARGET=libs/libphp[]$PHP_MAJOR_VERSION[.bundle]
- php_build_target=static
+ php_sapi_module=static
])
dnl
dnl PHP_BUILD_PROGRAM
dnl
AC_DEFUN([PHP_BUILD_PROGRAM],[
- OVERALL_TARGET=[]ifelse($1,,php,$1)
php_c_pre='$(LIBTOOL) --mode=compile $(CC)'
php_c_meta='$(COMMON_FLAGS) $(CFLAGS_CLEAN) $(EXTRA_CFLAGS)'
php_c_post=
@@ -826,8 +825,6 @@ AC_DEFUN([PHP_BUILD_PROGRAM],[
shared_cxx_meta='$(COMMON_FLAGS) $(CXXFLAGS_CLEAN) $(EXTRA_CXXFLAGS) '$pic_setting
shared_cxx_post=
shared_lo=lo
-
- php_build_target=program
])
dnl
@@ -873,32 +870,46 @@ EOF
dnl
dnl PHP_SELECT_SAPI(name, type[, sources [, extra-cflags [, build-target]]])
dnl
-dnl Selects the SAPI name and type (static, shared, programm)
+dnl Selects the SAPI name and type (static, shared, bundle, program)
dnl and optionally also the source-files for the SAPI-specific
dnl objects.
dnl
AC_DEFUN([PHP_SELECT_SAPI],[
- if test "$PHP_SAPI" != "default"; then
-AC_MSG_ERROR([
+ if test "$2" = "program"; then
+ PHP_BINARIES="$PHP_BINARIES $1"
+ elif test "$PHP_SAPI" != "none"; then
+ AC_MSG_ERROR([
+--------------------------------------------------------------------+
| *** ATTENTION *** |
| |
| You've configured multiple SAPIs to be build. You can build only |
-| one SAPI module and CLI binary at the same time. |
+| one SAPI module plus CGI, CLI and FPM binaries at the same time. |
+--------------------------------------------------------------------+
])
+ else
+ PHP_SAPI=$1
fi
- PHP_SAPI=$1
-
+ PHP_ADD_BUILD_DIR([sapi/$1])
+
+ PHP_INSTALLED_SAPIS="$PHP_INSTALLED_SAPIS $1"
+
case "$2" in
static[)] PHP_BUILD_STATIC;;
shared[)] PHP_BUILD_SHARED;;
bundle[)] PHP_BUILD_BUNDLE;;
- program[)] PHP_BUILD_PROGRAM($5);;
+ program[)] PHP_BUILD_PROGRAM;;
esac
- ifelse($3,,,[PHP_ADD_SOURCES([sapi/$1],[$3],[$4],[sapi])])
+ ifelse($2,program,[
+ install_binaries="install-binaries"
+ install_binary_targets="$install_binary_targets install-$1"
+ PHP_SUBST(PHP_[]translit($1,a-z0-9-,A-Z0-9_)[]_OBJS)
+ ifelse($3,,,[PHP_ADD_SOURCES_X([sapi/$1],[$3],[$4],PHP_[]translit($1,a-z0-9-,A-Z0-9_)[]_OBJS)])
+ ],[
+ install_sapi="install-sapi"
+ ifelse($3,,,[PHP_ADD_SOURCES([sapi/$1],[$3],[$4],[sapi])])
+ ])
])
dnl deprecated
diff --git a/configure.in b/configure.in
index 183c3e3..fb69028 100644
--- a/configure.in
+++ b/configure.in
@@ -304,8 +304,8 @@ dnl -------------------------------------------------------------------------
PTHREADS_CHECK
PHP_HELP_SEPARATOR([SAPI modules:])
PHP_SHLIB_SUFFIX_NAMES
-PHP_SAPI=default
PHP_BUILD_PROGRAM
+PHP_SAPI=none
dnl SAPI configuration.
@@ -324,6 +324,20 @@ dnl Show which main SAPI was selected
AC_MSG_CHECKING([for chosen SAPI module])
AC_MSG_RESULT([$PHP_SAPI])
+dnl Show which binaries were selected
+AC_MSG_CHECKING([for executable SAPI binaries])
+if test "$PHP_BINARIES"; then
+ AC_MSG_RESULT([$PHP_BINARIES])
+else
+ AC_MSG_RESULT([none])
+fi
+
+dnl Exit early
+if test -z "$PHP_INSTALLED_SAPIS"; then
+ AC_MSG_ERROR([Nothing to build.])
+fi
+
+dnl force ZTS
if test "$enable_maintainer_zts" = "yes"; then
PTHREADS_ASSIGN_VARS
PTHREADS_FLAGS
@@ -965,14 +979,8 @@ dnl -------------------------------------------------------------------------
enable_shared=yes
enable_static=yes
-case $php_build_target in
- program|static)
- standard_libtool_flag='-prefer-non-pic -static'
- if test -z "$PHP_MODULES" && test -z "$PHP_ZEND_EX"; then
- enable_shared=no
- fi
- ;;
- shared)
+case $php_sapi_module in
+ shared[)]
enable_static=no
case $with_pic in
yes)
@@ -984,6 +992,12 @@ case $php_build_target in
esac
EXTRA_LDFLAGS="$EXTRA_LDFLAGS -avoid-version -module"
;;
+ *[)]
+ standard_libtool_flag='-prefer-non-pic -static'
+ if test -z "$PHP_MODULES" && test -z "$PHP_ZEND_EX"; then
+ enable_shared=no
+ fi
+ ;;
esac
EXTRA_LIBS="$EXTRA_LIBS $DLIBS $LIBS"
@@ -1221,24 +1235,15 @@ case $host_alias in
;;
esac
-if test "$PHP_CLI" != "no"; then
- PHP_CLI_TARGET="\$(SAPI_CLI_PATH)"
- PHP_INSTALL_CLI_TARGET="install-cli"
- PHP_ADD_SOURCES(sapi/cli, php_cli.c php_cli_readline.c,, cli)
- PHP_INSTALLED_SAPIS="cli $PHP_SAPI"
- PHP_EXECUTABLE="\$(top_builddir)/\$(SAPI_CLI_PATH)"
-else
- PHP_INSTALLED_SAPIS="$PHP_SAPI"
-fi
-
PHP_SUBST_OLD(PHP_INSTALLED_SAPIS)
PHP_SUBST(PHP_EXECUTABLE)
-PHP_SUBST(PHP_CLI_TARGET)
+
PHP_SUBST(PHP_SAPI_OBJS)
-PHP_SUBST(PHP_CLI_OBJS)
+PHP_SUBST(PHP_BINARY_OBJS)
PHP_SUBST(PHP_GLOBAL_OBJS)
+PHP_SUBST(PHP_BINARIES)
PHP_SUBST(PHP_MODULES)
PHP_SUBST(PHP_ZEND_EX)
@@ -1382,20 +1387,12 @@ else
pharcmd_install=
fi;
-all_targets="$lcov_target \$(OVERALL_TARGET) \$(PHP_MODULES) \$(PHP_ZEND_EX) \$(PHP_CLI_TARGET) $pharcmd"
-install_targets="$install_modules install-build install-headers install-programs $install_pear $pharcmd_install"
-
-case $PHP_SAPI in
- cli)
- install_targets="$PHP_INSTALL_CLI_TARGET $install_targets"
- ;;
- *)
- install_targets="install-sapi $PHP_INSTALL_CLI_TARGET $install_targets"
- ;;
-esac
+all_targets="$lcov_target \$(OVERALL_TARGET) \$(PHP_MODULES) \$(PHP_ZEND_EX) \$(PHP_BINARIES) $pharcmd"
+install_targets="$install_sapi $install_modules $install_binaries install-build install-headers install-programs $install_pear $pharcmd_install"
PHP_SUBST(all_targets)
PHP_SUBST(install_targets)
+PHP_SUBST(install_binary_targets)
PHP_INSTALL_HEADERS([Zend/ TSRM/ include/ main/ main/streams/])
@@ -1420,7 +1417,7 @@ case $host_alias in
PHP_ADD_BUILD_DIR(netware)
;;
*)
- PHP_ADD_SOURCES(/main, internal_functions_cli.c,, cli)
+ PHP_ADD_SOURCES_X(/main, internal_functions_cli.c,, PHP_BINARY_OBJS)
;;
esac
@@ -1451,7 +1448,6 @@ fi
PHP_ADD_SOURCES_X(Zend, zend_execute.c,,PHP_GLOBAL_OBJS,,$flag)
PHP_ADD_BUILD_DIR(main main/streams)
-PHP_ADD_BUILD_DIR(sapi/$PHP_SAPI sapi/cli)
PHP_ADD_BUILD_DIR(TSRM)
PHP_ADD_BUILD_DIR(Zend)
diff --git a/sapi/cgi/Makefile.frag b/sapi/cgi/Makefile.frag
index 57a3b29..505119e 100644
--- a/sapi/cgi/Makefile.frag
+++ b/sapi/cgi/Makefile.frag
@@ -1,2 +1,9 @@
-$(SAPI_CGI_PATH): $(PHP_GLOBAL_OBJS) $(PHP_SAPI_OBJS)
+cgi: $(SAPI_CGI_PATH)
+
+$(SAPI_CGI_PATH): $(PHP_GLOBAL_OBJS) $(PHP_BINARY_OBJS) $(PHP_CGI_OBJS)
$(BUILD_CGI)
+
+install-cgi: $(SAPI_CGI_PATH)
+ @echo "Installing PHP CGI binary: $(INSTALL_ROOT)$(bindir)/"
+ @$(INSTALL) -m 0755 $(SAPI_CGI_PATH) $(INSTALL_ROOT)$(bindir)/$(program_prefix)php-cgi$(program_suffix)$(EXEEXT)
+
diff --git a/sapi/cgi/config9.m4 b/sapi/cgi/config9.m4
index 9df454a..67251ae 100644
--- a/sapi/cgi/config9.m4
+++ b/sapi/cgi/config9.m4
@@ -8,11 +8,9 @@ PHP_ARG_ENABLE(cgi,,
dnl
dnl CGI setup
dnl
-if test "$PHP_SAPI" = "default"; then
- AC_MSG_CHECKING(whether to build CGI binary)
- if test "$PHP_CGI" != "no"; then
+AC_MSG_CHECKING(for CGI build)
+if test "$PHP_CGI" != "no"; then
AC_MSG_RESULT(yes)
-
AC_MSG_CHECKING([for socklen_t in sys/socket.h])
AC_EGREP_HEADER([socklen_t], [sys/socket.h],
[AC_MSG_RESULT([yes])
@@ -50,31 +48,29 @@ if test "$PHP_SAPI" = "default"; then
SAPI_CGI_PATH=sapi/cgi/php-cgi
;;
esac
- PHP_SUBST(SAPI_CGI_PATH)
- dnl Set install target and select SAPI
- INSTALL_IT="@echo \"Installing PHP CGI binary: \$(INSTALL_ROOT)\$(bindir)/\"; \$(INSTALL) -m 0755 \$(SAPI_CGI_PATH) \$(INSTALL_ROOT)\$(bindir)/\$(program_prefix)php-cgi\$(program_suffix)\$(EXEEXT)"
+ dnl Select SAPI
PHP_SELECT_SAPI(cgi, program, cgi_main.c fastcgi.c,, '$(SAPI_CGI_PATH)')
case $host_alias in
*aix*)
- BUILD_CGI="echo '\#! .' > php.sym && echo >>php.sym && nm -BCpg \`echo \$(PHP_GLOBAL_OBJS) \$(PHP_SAPI_OBJS) | sed 's/\([A-Za-z0-9_]*\)\.lo/\1.o/g'\` | \$(AWK) '{ if (((\$\$2 == \"T\") || (\$\$2 == \"D\") || (\$\$2 == \"B\")) && (substr(\$\$3,1,1) != \".\")) { print \$\$3 } }' | sort -u >> php.sym && \$(LIBTOOL) --mode=link \$(CC) -export-dynamic \$(CFLAGS_CLEAN) \$(EXTRA_CFLAGS) \$(EXTRA_LDFLAGS_PROGRAM) \$(LDFLAGS) -Wl,-brtl -Wl,-bE:php.sym \$(PHP_RPATHS) \$(PHP_GLOBAL_OBJS) \$(PHP_SAPI_OBJS) \$(EXTRA_LIBS) \$(ZEND_EXTRA_LIBS) -o \$(SAPI_CGI_PATH)"
+ if test "$php_sapi_module" = "shared"; then
+ BUILD_CGI="echo '\#! .' > php.sym && echo >>php.sym && nm -BCpg \`echo \$(PHP_GLOBAL_OBJS) \$(PHP_BINARY_OBJS) \$(PHP_CGI_OBJS) | sed 's/\([A-Za-z0-9_]*\)\.lo/.libs\/\1.o/g'\` | \$(AWK) '{ if (((\$\$2 == \"T\") || (\$\$2 == \"D\") || (\$\$2 == \"B\")) && (substr(\$\$3,1,1) != \".\")) { print \$\$3 } }' | sort -u >> php.sym && \$(LIBTOOL) --mode=link \$(CC) -export-dynamic \$(CFLAGS_CLEAN) \$(EXTRA_CFLAGS) \$(EXTRA_LDFLAGS_PROGRAM) \$(LDFLAGS) -Wl,-brtl -Wl,-bE:php.sym \$(PHP_RPATHS) \$(PHP_GLOBAL_OBJS) \$(PHP_CGI_OBJS) \$(EXTRA_LIBS) \$(ZEND_EXTRA_LIBS) -o \$(SAPI_CGI_PATH)"
+ else
+ BUILD_CGI="echo '\#! .' > php.sym && echo >>php.sym && nm -BCpg \`echo \$(PHP_GLOBAL_OBJS) \$(PHP_BINARY_OBJS) \$(PHP_CGI_OBJS) | sed 's/\([A-Za-z0-9_]*\)\.lo/\1.o/g'\` | \$(AWK) '{ if (((\$\$2 == \"T\") || (\$\$2 == \"D\") || (\$\$2 == \"B\")) && (substr(\$\$3,1,1) != \".\")) { print \$\$3 } }' | sort -u >> php.sym && \$(LIBTOOL) --mode=link \$(CC) -export-dynamic \$(CFLAGS_CLEAN) \$(EXTRA_CFLAGS) \$(EXTRA_LDFLAGS_PROGRAM) \$(LDFLAGS) -Wl,-brtl -Wl,-bE:php.sym \$(PHP_RPATHS) \$(PHP_GLOBAL_OBJS) \$(PHP_CGI_OBJS) \$(EXTRA_LIBS) \$(ZEND_EXTRA_LIBS) -o \$(SAPI_CGI_PATH)"
+ fi
;;
*darwin*)
- BUILD_CGI="\$(CC) \$(CFLAGS_CLEAN) \$(EXTRA_CFLAGS) \$(EXTRA_LDFLAGS_PROGRAM) \$(LDFLAGS) \$(NATIVE_RPATHS) \$(PHP_GLOBAL_OBJS:.lo=.o) \$(PHP_SAPI_OBJS:.lo=.o) \$(PHP_FRAMEWORKS) \$(EXTRA_LIBS) \$(ZEND_EXTRA_LIBS) -o \$(SAPI_CGI_PATH)"
+ BUILD_CGI="\$(CC) \$(CFLAGS_CLEAN) \$(EXTRA_CFLAGS) \$(EXTRA_LDFLAGS_PROGRAM) \$(LDFLAGS) \$(NATIVE_RPATHS) \$(PHP_GLOBAL_OBJS:.lo=.o) \$(PHP_BINARY_OBJS:.lo=.o) \$(PHP_CGI_OBJS:.lo=.o) \$(PHP_FRAMEWORKS) \$(EXTRA_LIBS) \$(ZEND_EXTRA_LIBS) -o \$(SAPI_CGI_PATH)"
;;
*)
- BUILD_CGI="\$(LIBTOOL) --mode=link \$(CC) -export-dynamic \$(CFLAGS_CLEAN) \$(EXTRA_CFLAGS) \$(EXTRA_LDFLAGS_PROGRAM) \$(LDFLAGS) \$(PHP_RPATHS) \$(PHP_GLOBAL_OBJS) \$(PHP_SAPI_OBJS) \$(EXTRA_LIBS) \$(ZEND_EXTRA_LIBS) -o \$(SAPI_CGI_PATH)"
+ BUILD_CGI="\$(LIBTOOL) --mode=link \$(CC) -export-dynamic \$(CFLAGS_CLEAN) \$(EXTRA_CFLAGS) \$(EXTRA_LDFLAGS_PROGRAM) \$(LDFLAGS) \$(PHP_RPATHS) \$(PHP_GLOBAL_OBJS) \$(PHP_BINARY_OBJS) \$(PHP_CGI_OBJS) \$(EXTRA_LIBS) \$(ZEND_EXTRA_LIBS) -o \$(SAPI_CGI_PATH)"
;;
esac
+ dnl Expose to Makefile
+ PHP_SUBST(SAPI_CGI_PATH)
PHP_SUBST(BUILD_CGI)
-
- elif test "$PHP_CLI" != "no"; then
- AC_MSG_RESULT(no)
- OVERALL_TARGET=
- PHP_SAPI=cli
- else
- AC_MSG_ERROR([No SAPIs selected.])
- fi
+else
+ AC_MSG_RESULT(yes)
fi
diff --git a/sapi/cli/Makefile.frag b/sapi/cli/Makefile.frag
index 6903ca1..0afad4f 100644
--- a/sapi/cli/Makefile.frag
+++ b/sapi/cli/Makefile.frag
@@ -1,11 +1,12 @@
cli: $(SAPI_CLI_PATH)
-$(SAPI_CLI_PATH): $(PHP_GLOBAL_OBJS) $(PHP_CLI_OBJS)
+$(SAPI_CLI_PATH): $(PHP_GLOBAL_OBJS) $(PHP_BINARY_OBJS) $(PHP_CLI_OBJS)
$(BUILD_CLI)
install-cli: $(SAPI_CLI_PATH)
@echo "Installing PHP CLI binary: $(INSTALL_ROOT)$(bindir)/"
- @$(INSTALL_CLI)
+ @$(INSTALL) -m 0755 $(SAPI_CLI_PATH) $(INSTALL_ROOT)$(bindir)/$(program_prefix)php$(program_suffix)$(EXEEXT)
@echo "Installing PHP CLI man page: $(INSTALL_ROOT)$(mandir)/man1/"
@$(mkinstalldirs) $(INSTALL_ROOT)$(mandir)/man1
- @$(INSTALL_DATA) $(builddir)/php.1 $(INSTALL_ROOT)$(mandir)/man1/$(program_prefix)php$(program_suffix).1
+ @$(INSTALL_DATA) sapi/cli/php.1 $(INSTALL_ROOT)$(mandir)/man1/$(program_prefix)php$(program_suffix).1
+
diff --git a/sapi/cli/config.m4 b/sapi/cli/config.m4
index 1a6fdbf..0a0a660 100644
--- a/sapi/cli/config.m4
+++ b/sapi/cli/config.m4
@@ -8,32 +8,41 @@ PHP_ARG_ENABLE(cli,,
AC_MSG_CHECKING(for CLI build)
if test "$PHP_CLI" != "no"; then
- PHP_ADD_MAKEFILE_FRAGMENT($abs_srcdir/sapi/cli/Makefile.frag,$abs_srcdir/sapi/cli,sapi/cli)
+ PHP_ADD_MAKEFILE_FRAGMENT($abs_srcdir/sapi/cli/Makefile.frag)
+
+ dnl Set filename
SAPI_CLI_PATH=sapi/cli/php
- PHP_SUBST(SAPI_CLI_PATH)
+
+ dnl Select SAPI
+ PHP_SELECT_SAPI(cli, program, php_cli.c php_cli_readline.c,, '$(SAPI_CLI_PATH)')
case $host_alias in
*aix*)
- if test "$php_build_target" = "shared"; then
- BUILD_CLI="echo '\#! .' > php.sym && echo >>php.sym && nm -BCpg \`echo \$(PHP_GLOBAL_OBJS) \$(PHP_CLI_OBJS) | sed 's/\([A-Za-z0-9_]*\)\.lo/.libs\/\1.o/g'\` | \$(AWK) '{ if (((\$\$2 == \"T\") || (\$\$2 == \"D\") || (\$\$2 == \"B\")) && (substr(\$\$3,1,1) != \".\")) { print \$\$3 } }' | sort -u >> php.sym && \$(LIBTOOL) --mode=link \$(CC) -export-dynamic \$(CFLAGS_CLEAN) \$(EXTRA_CFLAGS) \$(EXTRA_LDFLAGS_PROGRAM) \$(LDFLAGS) -Wl,-brtl -Wl,-bE:php.sym \$(PHP_RPATHS) \$(PHP_GLOBAL_OBJS) \$(PHP_CLI_OBJS) \$(EXTRA_LIBS) \$(ZEND_EXTRA_LIBS) -o \$(SAPI_CLI_PATH)"
+ if test "$php_sapi_module" = "shared"; then
+ BUILD_CLI="echo '\#! .' > php.sym && echo >>php.sym && nm -BCpg \`echo \$(PHP_GLOBAL_OBJS) \$(PHP_BINARY_OBJS) \$(PHP_CLI_OBJS) | sed 's/\([A-Za-z0-9_]*\)\.lo/.libs\/\1.o/g'\` | \$(AWK) '{ if (((\$\$2 == \"T\") || (\$\$2 == \"D\") || (\$\$2 == \"B\")) && (substr(\$\$3,1,1) != \".\")) { print \$\$3 } }' | sort -u >> php.sym && \$(LIBTOOL) --mode=link \$(CC) -export-dynamic \$(CFLAGS_CLEAN) \$(EXTRA_CFLAGS) \$(EXTRA_LDFLAGS_PROGRAM) \$(LDFLAGS) -Wl,-brtl -Wl,-bE:php.sym \$(PHP_RPATHS) \$(PHP_GLOBAL_OBJS) \$(PHP_CLI_OBJS) \$(EXTRA_LIBS) \$(ZEND_EXTRA_LIBS) -o \$(SAPI_CLI_PATH)"
else
- BUILD_CLI="echo '\#! .' > php.sym && echo >>php.sym && nm -BCpg \`echo \$(PHP_GLOBAL_OBJS) \$(PHP_CLI_OBJS) | sed 's/\([A-Za-z0-9_]*\)\.lo/\1.o/g'\` | \$(AWK) '{ if (((\$\$2 == \"T\") || (\$\$2 == \"D\") || (\$\$2 == \"B\")) && (substr(\$\$3,1,1) != \".\")) { print \$\$3 } }' | sort -u >> php.sym && \$(LIBTOOL) --mode=link \$(CC) -export-dynamic \$(CFLAGS_CLEAN) \$(EXTRA_CFLAGS) \$(EXTRA_LDFLAGS_PROGRAM) \$(LDFLAGS) -Wl,-brtl -Wl,-bE:php.sym \$(PHP_RPATHS) \$(PHP_GLOBAL_OBJS) \$(PHP_CLI_OBJS) \$(EXTRA_LIBS) \$(ZEND_EXTRA_LIBS) -o \$(SAPI_CLI_PATH)"
+ BUILD_CLI="echo '\#! .' > php.sym && echo >>php.sym && nm -BCpg \`echo \$(PHP_GLOBAL_OBJS) \$(PHP_BINARY_OBJS) \$(PHP_CLI_OBJS) | sed 's/\([A-Za-z0-9_]*\)\.lo/\1.o/g'\` | \$(AWK) '{ if (((\$\$2 == \"T\") || (\$\$2 == \"D\") || (\$\$2 == \"B\")) && (substr(\$\$3,1,1) != \".\")) { print \$\$3 } }' | sort -u >> php.sym && \$(LIBTOOL) --mode=link \$(CC) -export-dynamic \$(CFLAGS_CLEAN) \$(EXTRA_CFLAGS) \$(EXTRA_LDFLAGS_PROGRAM) \$(LDFLAGS) -Wl,-brtl -Wl,-bE:php.sym \$(PHP_RPATHS) \$(PHP_GLOBAL_OBJS) \$(PHP_CLI_OBJS) \$(EXTRA_LIBS) \$(ZEND_EXTRA_LIBS) -o \$(SAPI_CLI_PATH)"
fi
;;
*darwin*)
- BUILD_CLI="\$(CC) \$(CFLAGS_CLEAN) \$(EXTRA_CFLAGS) \$(EXTRA_LDFLAGS_PROGRAM) \$(LDFLAGS) \$(NATIVE_RPATHS) \$(PHP_GLOBAL_OBJS:.lo=.o) \$(PHP_CLI_OBJS:.lo=.o) \$(PHP_FRAMEWORKS) \$(EXTRA_LIBS) \$(ZEND_EXTRA_LIBS) -o \$(SAPI_CLI_PATH)"
+ BUILD_CLI="\$(CC) \$(CFLAGS_CLEAN) \$(EXTRA_CFLAGS) \$(EXTRA_LDFLAGS_PROGRAM) \$(LDFLAGS) \$(NATIVE_RPATHS) \$(PHP_GLOBAL_OBJS:.lo=.o) \$(PHP_BINARY_OBJS:.lo=.o) \$(PHP_CLI_OBJS:.lo=.o) \$(PHP_FRAMEWORKS) \$(EXTRA_LIBS) \$(ZEND_EXTRA_LIBS) -o \$(SAPI_CLI_PATH)"
;;
*netware*)
- BUILD_CLI="\$(LIBTOOL) --mode=link \$(CC) -export-dynamic \$(CFLAGS_CLEAN) \$(EXTRA_CFLAGS) \$(EXTRA_LDFLAGS_PROGRAM) \$(LDFLAGS) \$(PHP_RPATHS) \$(PHP_CLI_OBJS) \$(EXTRA_LIBS) \$(ZEND_EXTRA_LIBS) -Lnetware -lphp5lib -o \$(SAPI_CLI_PATH)"
+ BUILD_CLI="\$(LIBTOOL) --mode=link \$(CC) -export-dynamic \$(CFLAGS_CLEAN) \$(EXTRA_CFLAGS) \$(EXTRA_LDFLAGS_PROGRAM) \$(LDFLAGS) \$(PHP_RPATHS) \$(PHP_BINARY_OBJS) \$(PHP_CLI_OBJS) \$(EXTRA_LIBS) \$(ZEND_EXTRA_LIBS) -Lnetware -lphp5lib -o \$(SAPI_CLI_PATH)"
;;
*)
- BUILD_CLI="\$(LIBTOOL) --mode=link \$(CC) -export-dynamic \$(CFLAGS_CLEAN) \$(EXTRA_CFLAGS) \$(EXTRA_LDFLAGS_PROGRAM) \$(LDFLAGS) \$(PHP_RPATHS) \$(PHP_GLOBAL_OBJS) \$(PHP_CLI_OBJS) \$(EXTRA_LIBS) \$(ZEND_EXTRA_LIBS) -o \$(SAPI_CLI_PATH)"
+ BUILD_CLI="\$(LIBTOOL) --mode=link \$(CC) -export-dynamic \$(CFLAGS_CLEAN) \$(EXTRA_CFLAGS) \$(EXTRA_LDFLAGS_PROGRAM) \$(LDFLAGS) \$(PHP_RPATHS) \$(PHP_GLOBAL_OBJS) \$(PHP_BINARY_OBJS) \$(PHP_CLI_OBJS) \$(EXTRA_LIBS) \$(ZEND_EXTRA_LIBS) -o \$(SAPI_CLI_PATH)"
;;
esac
- INSTALL_CLI="\$(mkinstalldirs) \$(INSTALL_ROOT)\$(bindir); \$(INSTALL) -m 0755 \$(SAPI_CLI_PATH) \$(INSTALL_ROOT)\$(bindir)/\$(program_prefix)php\$(program_suffix)\$(EXEEXT)"
+ dnl Set executable for tests
+ PHP_EXECUTABLE="\$(top_builddir)/\$(SAPI_CLI_PATH)"
+ PHP_SUBST(PHP_EXECUTABLE)
+
+ dnl Expose to Makefile
+ PHP_SUBST(SAPI_CLI_PATH)
PHP_SUBST(BUILD_CLI)
- PHP_SUBST(INSTALL_CLI)
+
PHP_OUTPUT(sapi/cli/php.1)
fi
AC_MSG_RESULT($PHP_CLI)
diff --git a/sapi/fpm/Makefile.frag b/sapi/fpm/Makefile.frag
index c5cea7e..6ed9e4a 100644
--- a/sapi/fpm/Makefile.frag
+++ b/sapi/fpm/Makefile.frag
@@ -1,17 +1,9 @@
fpm: $(SAPI_FPM_PATH)
-$(builddir)/fpm:
- @mkdir -p $(builddir)/fpm
- @mkdir -p $(builddir)/fpm/events
-
-$(SAPI_FPM_PATH): $(builddir)/fpm $(PHP_GLOBAL_OBJS) $(PHP_SAPI_OBJS) $(SAPI_EXTRA_DEPS)
+$(SAPI_FPM_PATH): $(PHP_GLOBAL_OBJS) $(PHP_BINARY_OBJS) $(PHP_FPM_OBJS)
$(BUILD_FPM)
-$(builddir)/fpm/fpm_conf.lo: $(builddir)/../../main/build-defs.h
-
-install-build: install-fpm
-
-install-fpm: install-sapi
+install-fpm: $(SAPI_FPM_PATH)
@echo "Installing PHP FPM binary: $(INSTALL_ROOT)$(sbindir)/"
@$(mkinstalldirs) $(INSTALL_ROOT)$(sbindir)
@$(mkinstalldirs) $(INSTALL_ROOT)$(localstatedir)/log
@@ -20,7 +12,6 @@ install-fpm: install-sapi
@echo "Installing PHP FPM config: $(INSTALL_ROOT)$(sysconfdir)/" && \
$(mkinstalldirs) $(INSTALL_ROOT)$(sysconfdir) || :
-
@$(INSTALL_DATA) sapi/fpm/php-fpm.conf $(INSTALL_ROOT)$(sysconfdir)/php-fpm.conf.default || :
@echo "Installing PHP FPM man page: $(INSTALL_ROOT)$(mandir)/man8/"
diff --git a/sapi/fpm/config.m4 b/sapi/fpm/config.m4
index 7687660..7a0955d 100644
--- a/sapi/fpm/config.m4
+++ b/sapi/fpm/config.m4
@@ -583,19 +583,21 @@ if test "$PHP_FPM" != "no"; then
AC_DEFINE_UNQUOTED(PHP_FPM_USER, "$php_fpm_user", [fpm user name])
AC_DEFINE_UNQUOTED(PHP_FPM_GROUP, "$php_fpm_group", [fpm group name])
+ PHP_ADD_BUILD_DIR(sapi/fpm/fpm)
PHP_OUTPUT(sapi/fpm/php-fpm.conf sapi/fpm/init.d.php-fpm sapi/fpm/php-fpm.service sapi/fpm/php-fpm.8 sapi/fpm/status.html)
- PHP_ADD_MAKEFILE_FRAGMENT([$abs_srcdir/sapi/fpm/Makefile.frag], [$abs_srcdir/sapi/fpm], [sapi/fpm])
+ PHP_ADD_MAKEFILE_FRAGMENT([$abs_srcdir/sapi/fpm/Makefile.frag])
SAPI_FPM_PATH=sapi/fpm/php-fpm
- PHP_SUBST(SAPI_FPM_PATH)
if test "$fpm_trace_type" && test -f "$abs_srcdir/sapi/fpm/fpm/fpm_trace_$fpm_trace_type.c"; then
PHP_FPM_TRACE_FILES="fpm/fpm_trace.c fpm/fpm_trace_$fpm_trace_type.c"
fi
PHP_FPM_CFLAGS="-I$abs_srcdir/sapi/fpm"
+
+ FPM_EXTRA_LIBS="$LIBEVENT_LIBS"
+ PHP_SUBST(FPM_EXTRA_LIBS)
- INSTALL_IT=":"
PHP_FPM_FILES="fpm/fastcgi.c \
fpm/fpm.c \
fpm/fpm_children.c \
@@ -631,17 +633,19 @@ if test "$PHP_FPM" != "no"; then
case $host_alias in
*aix*)
- BUILD_FPM="echo '\#! .' > php.sym && echo >>php.sym && nm -BCpg \`echo \$(PHP_GLOBAL_OBJS) \$(PHP_SAPI_OBJS) | sed 's/\([A-Za-z0-9_]*\)\.lo/\1.o/g'\` | \$(AWK) '{ if (((\$\$2 == \"T\") || (\$\$2 == \"D\") || (\$\$2 == \"B\")) && (substr(\$\$3,1,1) != \".\")) { print \$\$3 } }' | sort -u >> php.sym && \$(LIBTOOL) --mode=link \$(CC) -export-dynamic \$(CFLAGS_CLEAN) \$(EXTRA_CFLAGS) \$(EXTRA_LDFLAGS_PROGRAM) \$(LDFLAGS) -Wl,-brtl -Wl,-bE:php.sym \$(PHP_RPATHS) \$(PHP_GLOBAL_OBJS) \$(PHP_SAPI_OBJS) \$(EXTRA_LIBS) \$(SAPI_EXTRA_LIBS) \$(ZEND_EXTRA_LIBS) -o \$(SAPI_FPM_PATH)"
+ BUILD_FPM="echo '\#! .' > php.sym && echo >>php.sym && nm -BCpg \`echo \$(PHP_GLOBAL_OBJS) \$(PHP_BINARY_OBJS) \$(PHP_FPM_OBJS) | sed 's/\([A-Za-z0-9_]*\)\.lo/\1.o/g'\` | \$(AWK) '{ if (((\$\$2 == \"T\") || (\$\$2 == \"D\") || (\$\$2 == \"B\")) && (substr(\$\$3,1,1) != \".\")) { print \$\$3 } }' | sort -u >> php.sym && \$(LIBTOOL) --mode=link \$(CC) -export-dynamic \$(CFLAGS_CLEAN) \$(EXTRA_CFLAGS) \$(EXTRA_LDFLAGS_PROGRAM) \$(LDFLAGS) -Wl,-brtl -Wl,-bE:php.sym \$(PHP_RPATHS) \$(PHP_GLOBAL_OBJS) \$(PHP_FPM_OBJS) \$(EXTRA_LIBS) \$(FPM_EXTRA_LIBS) \$(ZEND_EXTRA_LIBS) -o \$(SAPI_FPM_PATH)"
;;
*darwin*)
- BUILD_FPM="\$(CC) \$(CFLAGS_CLEAN) \$(EXTRA_CFLAGS) \$(EXTRA_LDFLAGS_PROGRAM) \$(LDFLAGS) \$(NATIVE_RPATHS) \$(PHP_GLOBAL_OBJS:.lo=.o) \$(PHP_SAPI_OBJS:.lo=.o) \$(PHP_FRAMEWORKS) \$(EXTRA_LIBS) \$(SAPI_EXTRA_LIBS) \$(ZEND_EXTRA_LIBS) -o \$(SAPI_FPM_PATH)"
+ BUILD_FPM="\$(CC) \$(CFLAGS_CLEAN) \$(EXTRA_CFLAGS) \$(EXTRA_LDFLAGS_PROGRAM) \$(LDFLAGS) \$(NATIVE_RPATHS) \$(PHP_GLOBAL_OBJS:.lo=.o) \$(PHP_BINARY_OBJS:.lo=.o) \$(PHP_FPM_OBJS:.lo=.o) \$(PHP_FRAMEWORKS) \$(EXTRA_LIBS) \$(FPM_EXTRA_LIBS) \$(ZEND_EXTRA_LIBS) -o \$(SAPI_FPM_PATH)"
;;
*)
- BUILD_FPM="\$(LIBTOOL) --mode=link \$(CC) -export-dynamic \$(CFLAGS_CLEAN) \$(EXTRA_CFLAGS) \$(EXTRA_LDFLAGS_PROGRAM) \$(LDFLAGS) \$(PHP_RPATHS) \$(PHP_GLOBAL_OBJS) \$(PHP_SAPI_OBJS) \$(EXTRA_LIBS) \$(SAPI_EXTRA_LIBS) \$(ZEND_EXTRA_LIBS) -o \$(SAPI_FPM_PATH)"
+ BUILD_FPM="\$(LIBTOOL) --mode=link \$(CC) -export-dynamic \$(CFLAGS_CLEAN) \$(EXTRA_CFLAGS) \$(EXTRA_LDFLAGS_PROGRAM) \$(LDFLAGS) \$(PHP_RPATHS) \$(PHP_GLOBAL_OBJS) \$(PHP_BINARY_OBJS) \$(PHP_FPM_OBJS) \$(EXTRA_LIBS) \$(FPM_EXTRA_LIBS) \$(ZEND_EXTRA_LIBS) -o \$(SAPI_FPM_PATH)"
;;
esac
+ PHP_SUBST(SAPI_FPM_PATH)
PHP_SUBST(BUILD_FPM)
+
else
AC_MSG_RESULT(no)
fi
diff --git a/sapi/litespeed/Makefile.frag b/sapi/litespeed/Makefile.frag
index e1af2b9..99d0832 100644
--- a/sapi/litespeed/Makefile.frag
+++ b/sapi/litespeed/Makefile.frag
@@ -1,3 +1,9 @@
-$(SAPI_LITESPEED_PATH): $(PHP_GLOBAL_OBJS) $(PHP_SAPI_OBJS)
+litespeed: $(SAPI_LITESPEED_PATH)
+
+$(SAPI_LITESPEED_PATH): $(PHP_GLOBAL_OBJS) $(PHP_BINARY_OBJS) $(PHP_LITESPEED_OBJS)
$(BUILD_LITESPEED)
+install-litespeed: $(SAPI_LITESPEED_PATH)
+ @echo "Installing PHP LitSpeed binary: $(INSTALL_ROOT)$(bindir)/"
+ @$(INSTALL) -m 0755 $(SAPI_LITESPEED_PATH) $(INSTALL_ROOT)$(bindir)/lsphp
+
diff --git a/sapi/litespeed/config.m4 b/sapi/litespeed/config.m4
index 2b9522a..268b9ae 100644
--- a/sapi/litespeed/config.m4
+++ b/sapi/litespeed/config.m4
@@ -10,22 +10,21 @@ PHP_ARG_WITH(litespeed,,
if test "$PHP_LITESPEED" != "no"; then
PHP_ADD_MAKEFILE_FRAGMENT($abs_srcdir/sapi/litespeed/Makefile.frag,$abs_srcdir/sapi/litespeed,sapi/litespeed)
SAPI_LITESPEED_PATH=sapi/litespeed/php
- PHP_SUBST(SAPI_LITESPEED_PATH)
PHP_SELECT_SAPI(litespeed, program, lsapi_main.c lsapilib.c, "", '$(SAPI_LITESPEED_PATH)')
- INSTALL_IT="@echo \"Installing PHP LiteSpeed into: \$(INSTALL_ROOT)\$(bindir)/\"; \$(INSTALL) -m 0755 \$(SAPI_LITESPEED_PATH) \$(INSTALL_ROOT)\$(bindir)/lsphp"
case $host_alias in
*darwin*)
- BUILD_LITESPEED="\$(CC) \$(CFLAGS_CLEAN) \$(EXTRA_CFLAGS) \$(EXTRA_LDFLAGS_PROGRAM) \$(LDFLAGS) \$(NATIVE_RPATHS) \$(PHP_GLOBAL_OBJS:.lo=.o) \$(PHP_SAPI_OBJS:.lo=.o) \$(PHP_FRAMEWORKS) \$(EXTRA_LIBS) \$(ZEND_EXTRA_LIBS) -o \$(SAPI_LITESPEED_PATH)"
+ BUILD_LITESPEED="\$(CC) \$(CFLAGS_CLEAN) \$(EXTRA_CFLAGS) \$(EXTRA_LDFLAGS_PROGRAM) \$(LDFLAGS) \$(NATIVE_RPATHS) \$(PHP_GLOBAL_OBJS:.lo=.o) \$(PHP_BINARY_OBJS:.lo=.o) \$(PHP_LITESPEED_OBJS:.lo=.o) \$(PHP_FRAMEWORKS) \$(EXTRA_LIBS) \$(ZEND_EXTRA_LIBS) -o \$(SAPI_LITESPEED_PATH)"
;;
*cygwin*)
SAPI_LITESPEED_PATH=sapi/litespeed/php.exe
- BUILD_LITESPEED="\$(LIBTOOL) --mode=link \$(CC) -export-dynamic \$(CFLAGS_CLEAN) \$(EXTRA_CFLAGS) \$(EXTRA_LDFLAGS_PROGRAM) \$(LDFLAGS) \$(PHP_RPATHS) \$(PHP_GLOBAL_OBJS) \$(PHP_SAPI_OBJS) \$(EXTRA_LIBS) \$(ZEND_EXTRA_LIBS) -o \$(SAPI_LITESPEED_PATH)"
+ BUILD_LITESPEED="\$(LIBTOOL) --mode=link \$(CC) -export-dynamic \$(CFLAGS_CLEAN) \$(EXTRA_CFLAGS) \$(EXTRA_LDFLAGS_PROGRAM) \$(LDFLAGS) \$(PHP_RPATHS) \$(PHP_GLOBAL_OBJS) \$(PHP_BINARY_OBJS) \$(PHP_LITESPEED_OBJS) \$(EXTRA_LIBS) \$(ZEND_EXTRA_LIBS) -o \$(SAPI_LITESPEED_PATH)"
;;
*)
- BUILD_LITESPEED="\$(LIBTOOL) --mode=link \$(CC) -export-dynamic \$(CFLAGS_CLEAN) \$(EXTRA_CFLAGS) \$(EXTRA_LDFLAGS_PROGRAM) \$(LDFLAGS) \$(PHP_RPATHS) \$(PHP_GLOBAL_OBJS) \$(PHP_SAPI_OBJS) \$(EXTRA_LIBS) \$(ZEND_EXTRA_LIBS) -o \$(SAPI_LITESPEED_PATH)"
+ BUILD_LITESPEED="\$(LIBTOOL) --mode=link \$(CC) -export-dynamic \$(CFLAGS_CLEAN) \$(EXTRA_CFLAGS) \$(EXTRA_LDFLAGS_PROGRAM) \$(LDFLAGS) \$(PHP_RPATHS) \$(PHP_GLOBAL_OBJS) \$(PHP_BINARY_OBJS) \$(PHP_LITESPEED_OBJS) \$(EXTRA_LIBS) \$(ZEND_EXTRA_LIBS) -o \$(SAPI_LITESPEED_PATH)"
;;
esac
+ PHP_SUBST(SAPI_LITESPEED_PATH)
PHP_SUBST(BUILD_LITESPEED)
fi
diff --git a/sapi/milter/Makefile.frag b/sapi/milter/Makefile.frag
index 8dbdf7a..26200a1 100644
--- a/sapi/milter/Makefile.frag
+++ b/sapi/milter/Makefile.frag
@@ -1,2 +1,8 @@
-$(SAPI_MILTER_PATH): $(PHP_GLOBAL_OBJS) $(PHP_SAPI_OBJS)
+milter: $(SAPI_MILTER_PATH)
+
+$(SAPI_MILTER_PATH): $(PHP_GLOBAL_OBJS) $(PHP_BINARY_OBJS) $(PHP_SAPI_OBJS)
$(BUILD_MILTER)
+
+install-milter: $(SAPI_MILTER_PATH)
+ @$(INSTALL) -m 0755 $(SAPI_MILTER_PATH) $(bindir)/php-milter
+
diff --git a/sapi/milter/config.m4 b/sapi/milter/config.m4
index e314551..48c7a5d 100644
--- a/sapi/milter/config.m4
+++ b/sapi/milter/config.m4
@@ -25,8 +25,7 @@ if test "$PHP_MILTER" != "no"; then
PHP_ADD_MAKEFILE_FRAGMENT($abs_srcdir/sapi/milter/Makefile.frag)
PHP_SELECT_SAPI(milter, program, php_milter.c getopt.c,,'$(SAPI_MILTER_PATH)')
PHP_ADD_LIBRARY_WITH_PATH(milter, $MILTERPATH,)
- BUILD_MILTER="\$(LIBTOOL) --mode=link \$(CC) -export-dynamic \$(CFLAGS_CLEAN) \$(EXTRA_CFLAGS) \$(EXTRA_LDFLAGS) \$(LDFLAGS) \$(PHP_RPATHS) \$(PHP_GLOBAL_OBJS) \$(PHP_SAPI_OBJS) \$(EXTRA_LIBS) \$(ZEND_EXTRA_LIBS) -o \$(SAPI_MILTER_PATH)"
- INSTALL_IT="\$(INSTALL) -m 0755 \$(SAPI_MILTER_PATH) \$(bindir)/php-milter"
+ BUILD_MILTER="\$(LIBTOOL) --mode=link \$(CC) -export-dynamic \$(CFLAGS_CLEAN) \$(EXTRA_CFLAGS) \$(EXTRA_LDFLAGS) \$(LDFLAGS) \$(PHP_RPATHS) \$(PHP_GLOBAL_OBJS) \$(PHP_BINARY_OBJS) \$(PHP_MILTER_OBJS) \$(EXTRA_LIBS) \$(ZEND_EXTRA_LIBS) -o \$(SAPI_MILTER_PATH)"
PHP_SUBST(SAPI_MILTER_PATH)
PHP_SUBST(BUILD_MILTER)
fi
diff --git a/aclocal.m4 b/aclocal.m4
index 07b5e61..d114137 100644
--- a/aclocal.m4
+++ b/aclocal.m4
@@ -194,7 +194,7 @@ dnl the path is interpreted relative to the top build-directory.
dnl
dnl which array to append to?
AC_DEFUN([PHP_ADD_SOURCES],[
- PHP_ADD_SOURCES_X($1, $2, $3, ifelse($4,cli,PHP_CLI_OBJS,ifelse($4,sapi,PHP_SAPI_OBJS,PHP_GLOBAL_OBJS)))
+ PHP_ADD_SOURCES_X($1, $2, $3, ifelse($4,sapi,PHP_SAPI_OBJS,PHP_GLOBAL_OBJS))
])
dnl
@@ -772,7 +772,7 @@ dnl
AC_DEFUN([PHP_BUILD_SHARED],[
PHP_BUILD_PROGRAM
OVERALL_TARGET=libphp[]$PHP_MAJOR_VERSION[.la]
- php_build_target=shared
+ php_sapi_module=shared
php_c_pre=$shared_c_pre
php_c_meta=$shared_c_meta
@@ -789,7 +789,7 @@ dnl
AC_DEFUN([PHP_BUILD_STATIC],[
PHP_BUILD_PROGRAM
OVERALL_TARGET=libphp[]$PHP_MAJOR_VERSION[.la]
- php_build_target=static
+ php_sapi_module=static
])
dnl
@@ -798,14 +798,13 @@ dnl
AC_DEFUN([PHP_BUILD_BUNDLE],[
PHP_BUILD_PROGRAM
OVERALL_TARGET=libs/libphp[]$PHP_MAJOR_VERSION[.bundle]
- php_build_target=static
+ php_sapi_module=static
])
dnl
dnl PHP_BUILD_PROGRAM
dnl
AC_DEFUN([PHP_BUILD_PROGRAM],[
- OVERALL_TARGET=[]ifelse($1,,php,$1)
php_c_pre='$(LIBTOOL) --mode=compile $(CC)'
php_c_meta='$(COMMON_FLAGS) $(CFLAGS_CLEAN) $(EXTRA_CFLAGS)'
php_c_post=
@@ -826,8 +825,6 @@ AC_DEFUN([PHP_BUILD_PROGRAM],[
shared_cxx_meta='$(COMMON_FLAGS) $(CXXFLAGS_CLEAN) $(EXTRA_CXXFLAGS) '$pic_setting
shared_cxx_post=
shared_lo=lo
-
- php_build_target=program
])
dnl
@@ -873,32 +870,46 @@ EOF
dnl
dnl PHP_SELECT_SAPI(name, type[, sources [, extra-cflags [, build-target]]])
dnl
-dnl Selects the SAPI name and type (static, shared, programm)
+dnl Selects the SAPI name and type (static, shared, bundle, program)
dnl and optionally also the source-files for the SAPI-specific
dnl objects.
dnl
AC_DEFUN([PHP_SELECT_SAPI],[
- if test "$PHP_SAPI" != "default"; then
-AC_MSG_ERROR([
+ if test "$2" = "program"; then
+ PHP_BINARIES="$PHP_BINARIES $1"
+ elif test "$PHP_SAPI" != "none"; then
+ AC_MSG_ERROR([
+--------------------------------------------------------------------+
| *** ATTENTION *** |
| |
| You've configured multiple SAPIs to be build. You can build only |
-| one SAPI module and CLI binary at the same time. |
+| one SAPI module plus CGI, CLI and FPM binaries at the same time. |
+--------------------------------------------------------------------+
])
+ else
+ PHP_SAPI=$1
fi
- PHP_SAPI=$1
-
+ PHP_ADD_BUILD_DIR([sapi/$1])
+
+ PHP_INSTALLED_SAPIS="$PHP_INSTALLED_SAPIS $1"
+
case "$2" in
static[)] PHP_BUILD_STATIC;;
shared[)] PHP_BUILD_SHARED;;
bundle[)] PHP_BUILD_BUNDLE;;
- program[)] PHP_BUILD_PROGRAM($5);;
+ program[)] PHP_BUILD_PROGRAM;;
esac
- ifelse($3,,,[PHP_ADD_SOURCES([sapi/$1],[$3],[$4],[sapi])])
+ ifelse($2,program,[
+ install_binaries="install-binaries"
+ install_binary_targets="$install_binary_targets install-$1"
+ PHP_SUBST(PHP_[]translit($1,a-z0-9-,A-Z0-9_)[]_OBJS)
+ ifelse($3,,,[PHP_ADD_SOURCES_X([sapi/$1],[$3],[$4],PHP_[]translit($1,a-z0-9-,A-Z0-9_)[]_OBJS)])
+ ],[
+ install_sapi="install-sapi"
+ ifelse($3,,,[PHP_ADD_SOURCES([sapi/$1],[$3],[$4],[sapi])])
+ ])
])
dnl deprecated

34
services/custombuild/patches/ncftp_io_sendfile.patch Normal file
View File

@@ -0,0 +1,34 @@
--- io_sendfile.c.orig 2019-09-26 02:01:16.604737373 +0200
+++ io_sendfile.c 2019-09-26 02:02:38.201732954 +0200
@@ -132,13 +132,7 @@
int
DoSendfileAvailable(void)
{
-#if defined(FREEBSD_SENDFILE) || defined(MACOSX_SENDFILE)
- return 1;
-#elif defined(LINUX) && (LINUX >= 22000)
return 1;
-#else
- return 0;
-#endif
} /* DoSendfileAvailable */
@@ -266,7 +260,7 @@
struct stat st;
#endif /* FREEBSD, MACOSX */
-#if defined(LINUX) && (LINUX >= 22000)
+#if defined(LINUX)
off_t off, off1;
#endif /* LINUX */
@@ -358,7 +352,7 @@
goto userspace_loop;
}
-#if defined(LINUX) && (LINUX >= 22000)
+#if defined(LINUX)
if ((tntoread == 0) && (fstat(ifd, &st) == 0)) {
tntoread = ntoread = st.st_size;
}

48
services/custombuild/patches/php-5.3.28_apache-2.4.10-fpm.patch Normal file
View File

@@ -0,0 +1,48 @@
--- a/sapi/fpm/fpm/fpm_main.c
+++ b/sapi/fpm/fpm/fpm_main.c
@@ -1143,19 +1143,6 @@ static void init_request_info(TSRMLS_D)
TRANSLATE_SLASHES(env_document_root);
}
- if (env_path_translated != NULL && env_redirect_url != NULL &&
- env_path_translated != script_path_translated &&
- strcmp(env_path_translated, script_path_translated) != 0) {
- /*
- * pretty much apache specific. If we have a redirect_url
- * then our script_filename and script_name point to the
- * php executable
- */
- script_path_translated = env_path_translated;
- /* we correct SCRIPT_NAME now in case we don't have PATH_INFO */
- env_script_name = env_redirect_url;
- }
-
#ifdef __riscos__
/* Convert path to unix format*/
__riscosify_control |= __RISCOSIFY_DONT_CHECK_DIR;
@@ -1324,7 +1311,7 @@ static void init_request_info(TSRMLS_D)
efree(pt);
}
} else {
- /* make sure path_info/translated are empty */
+ /* make sure original values are remembered in ORIG_ copies if we've changed them */
if (!orig_script_filename ||
(script_path_translated != orig_script_filename &&
strcmp(script_path_translated, orig_script_filename) != 0)) {
@@ -1333,16 +1320,6 @@ static void init_request_info(TSRMLS_D)
}
script_path_translated = _sapi_cgibin_putenv("SCRIPT_FILENAME", script_path_translated TSRMLS_CC);
}
- if (env_redirect_url) {
- if (orig_path_info) {
- _sapi_cgibin_putenv("ORIG_PATH_INFO", orig_path_info TSRMLS_CC);
- _sapi_cgibin_putenv("PATH_INFO", NULL TSRMLS_CC);
- }
- if (orig_path_translated) {
- _sapi_cgibin_putenv("ORIG_PATH_TRANSLATED", orig_path_translated TSRMLS_CC);
- _sapi_cgibin_putenv("PATH_TRANSLATED", NULL TSRMLS_CC);
- }
- }
if (env_script_name != orig_script_name) {
if (orig_script_name) {
_sapi_cgibin_putenv("ORIG_SCRIPT_NAME", orig_script_name TSRMLS_CC);

1309
services/custombuild/patches/php-5.6-libssl-1.1.patch Normal file
View File

File diff suppressed because it is too large Load Diff

1144
services/custombuild/patches/php-5.6-libssl-1.1.patch.old Normal file
View File

File diff suppressed because it is too large Load Diff

630
services/custombuild/patches/php_mysqlnd_sha2_auth.patch Normal file
View File

@@ -0,0 +1,630 @@
From 4f06e67ad2201390ed35a9ea6288a00c0b04782b Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Tue, 20 Nov 2018 20:54:24 +0100
Subject: [PATCH] Re-commit MySQL 8 cached SHA auth support
With changes to (hopefully) correctly fall back if OpenSSL support
is missing. Furthermore the hard-coded dependency on ext/hash is
no longer an issue, as this extension is required in master.
This reverts commit 63072e9c0ebbb676cd39d0f867d873737c676add, reversing
changes made to 4cbabb6852d2a7d966fb78a53d9d4c1cac18f10b.
---
ext/mysqlnd/mysqlnd_auth.c | 283 ++++++++++++++++++++++++++++-
ext/mysqlnd/mysqlnd_auth.h | 23 +--
ext/mysqlnd/mysqlnd_connection.c | 4 +
ext/mysqlnd/mysqlnd_enum_n_def.h | 1 +
ext/mysqlnd/mysqlnd_structs.h | 10 +
ext/mysqlnd/mysqlnd_wireprotocol.c | 90 ++++++++-
ext/mysqlnd/mysqlnd_wireprotocol.h | 10 +
7 files changed, 392 insertions(+), 29 deletions(-)
diff --git a/ext/mysqlnd/mysqlnd_auth.c b/ext/mysqlnd/mysqlnd_auth.c
index e56ea2038081..fa04e1b83105 100644
--- a/ext/mysqlnd/mysqlnd_auth.c
+++ b/ext/mysqlnd/mysqlnd_auth.c
@@ -89,6 +89,7 @@ mysqlnd_run_authentication(
}
}
+
{
zend_uchar * switch_to_auth_protocol_data = NULL;
size_t switch_to_auth_protocol_data_len = 0;
@@ -113,10 +114,11 @@ mysqlnd_run_authentication(
DBG_INF_FMT("salt(%d)=[%.*s]", plugin_data_len, plugin_data_len, plugin_data);
/* The data should be allocated with malloc() */
if (auth_plugin) {
- scrambled_data =
- auth_plugin->methods.get_auth_data(NULL, &scrambled_data_len, conn, user, passwd, passwd_len,
- plugin_data, plugin_data_len, session_options,
- conn->protocol_frame_codec->data, mysql_flags);
+ scrambled_data = auth_plugin->methods.get_auth_data(
+ NULL, &scrambled_data_len, conn, user, passwd,
+ passwd_len, plugin_data, plugin_data_len,
+ session_options, conn->protocol_frame_codec->data,
+ mysql_flags);
}
if (conn->error_info->error_no) {
@@ -127,6 +129,7 @@ mysqlnd_run_authentication(
charset_no,
first_call,
requested_protocol,
+ auth_plugin, plugin_data, plugin_data_len,
scrambled_data, scrambled_data_len,
&switch_to_auth_protocol, &switch_to_auth_protocol_len,
&switch_to_auth_protocol_data, &switch_to_auth_protocol_data_len
@@ -244,6 +247,9 @@ mysqlnd_auth_handshake(MYSQLND_CONN_DATA * conn,
unsigned int server_charset_no,
zend_bool use_full_blown_auth_packet,
const char * const auth_protocol,
+ struct st_mysqlnd_authentication_plugin * auth_plugin,
+ const zend_uchar * const orig_auth_plugin_data,
+ const size_t orig_auth_plugin_data_len,
const zend_uchar * const auth_plugin_data,
const size_t auth_plugin_data_len,
char ** switch_to_auth_protocol,
@@ -313,6 +319,11 @@ mysqlnd_auth_handshake(MYSQLND_CONN_DATA * conn,
PACKET_FREE(&auth_packet);
}
+ if (auth_plugin && auth_plugin->methods.handle_server_response) {
+ auth_plugin->methods.handle_server_response(auth_plugin, conn,
+ orig_auth_plugin_data, orig_auth_plugin_data_len, passwd, passwd_len);
+ }
+
if (FAIL == PACKET_READ(conn, &auth_resp_packet) || auth_resp_packet.response_code >= 0xFE) {
if (auth_resp_packet.response_code == 0xFE) {
/* old authentication with new server !*/
@@ -596,7 +607,8 @@ static struct st_mysqlnd_authentication_plugin mysqlnd_native_auth_plugin =
}
},
{/* methods */
- mysqlnd_native_auth_get_auth_data
+ mysqlnd_native_auth_get_auth_data,
+ NULL
}
};
@@ -645,7 +657,8 @@ static struct st_mysqlnd_authentication_plugin mysqlnd_pam_authentication_plugin
}
},
{/* methods */
- mysqlnd_pam_auth_get_auth_data
+ mysqlnd_pam_auth_get_auth_data,
+ NULL
}
};
@@ -820,11 +833,266 @@ static struct st_mysqlnd_authentication_plugin mysqlnd_sha256_authentication_plu
}
},
{/* methods */
- mysqlnd_sha256_auth_get_auth_data
+ mysqlnd_sha256_auth_get_auth_data,
+ NULL
+ }
+};
+#endif
+
+/*************************************** CACHING SHA2 Password *******************************/
+#ifdef MYSQLND_HAVE_SSL
+
+#undef L64
+
+#include "ext/hash/php_hash.h"
+#include "ext/hash/php_hash_sha.h"
+
+#define SHA256_LENGTH 32
+
+/* {{{ php_mysqlnd_scramble_sha2 */
+void php_mysqlnd_scramble_sha2(zend_uchar * const buffer, const zend_uchar * const scramble, const zend_uchar * const password, const size_t password_len)
+{
+ PHP_SHA256_CTX context;
+ zend_uchar sha1[SHA256_LENGTH];
+ zend_uchar sha2[SHA256_LENGTH];
+
+ /* Phase 1: hash password */
+ PHP_SHA256Init(&context);
+ PHP_SHA256Update(&context, password, password_len);
+ PHP_SHA256Final(sha1, &context);
+
+ /* Phase 2: hash sha1 */
+ PHP_SHA256Init(&context);
+ PHP_SHA256Update(&context, (zend_uchar*)sha1, SHA256_LENGTH);
+ PHP_SHA256Final(sha2, &context);
+
+ /* Phase 3: hash scramble + sha2 */
+ PHP_SHA256Init(&context);
+ PHP_SHA256Update(&context, (zend_uchar*)sha2, SHA256_LENGTH);
+ PHP_SHA256Update(&context, scramble, SCRAMBLE_LENGTH);
+ PHP_SHA256Final(buffer, &context);
+
+ /* let's crypt buffer now */
+ php_mysqlnd_crypt(buffer, (const zend_uchar *)sha1, (const zend_uchar *)buffer, SHA256_LENGTH);
+}
+/* }}} */
+
+
+/* {{{ mysqlnd_native_auth_get_auth_data */
+static zend_uchar *
+mysqlnd_caching_sha2_get_auth_data(struct st_mysqlnd_authentication_plugin * self,
+ size_t * auth_data_len,
+ MYSQLND_CONN_DATA * conn, const char * const user, const char * const passwd,
+ const size_t passwd_len, zend_uchar * auth_plugin_data, size_t auth_plugin_data_len,
+ const MYSQLND_SESSION_OPTIONS * const session_options,
+ const MYSQLND_PFC_DATA * const pfc_data,
+ zend_ulong mysql_flags
+ )
+{
+ zend_uchar * ret = NULL;
+ DBG_ENTER("mysqlnd_caching_sha2_get_auth_data");
+ DBG_INF_FMT("salt(%d)=[%.*s]", auth_plugin_data_len, auth_plugin_data_len, auth_plugin_data);
+ *auth_data_len = 0;
+
+ DBG_INF("First auth step: send hashed password");
+ /* copy scrambled pass*/
+ if (passwd && passwd_len) {
+ ret = malloc(SHA256_LENGTH + 1);
+ *auth_data_len = SHA256_LENGTH;
+ php_mysqlnd_scramble_sha2((zend_uchar*)ret, auth_plugin_data, (zend_uchar*)passwd, passwd_len);
+ ret[SHA256_LENGTH] = '\0';
+ DBG_INF_FMT("hash(%d)=[%.*s]", *auth_data_len, *auth_data_len, ret);
+ }
+
+ DBG_RETURN(ret);
+}
+/* }}} */
+
+static RSA *
+mysqlnd_caching_sha2_get_key(MYSQLND_CONN_DATA *conn)
+{
+ RSA * ret = NULL;
+ const MYSQLND_PFC_DATA * const pfc_data = conn->protocol_frame_codec->data;
+ const char * fname = (pfc_data->sha256_server_public_key && pfc_data->sha256_server_public_key[0] != '\0')?
+ pfc_data->sha256_server_public_key:
+ MYSQLND_G(sha256_server_public_key);
+ php_stream * stream;
+ DBG_ENTER("mysqlnd_cached_sha2_get_key");
+ DBG_INF_FMT("options_s256_pk=[%s] MYSQLND_G(sha256_server_public_key)=[%s]",
+ pfc_data->sha256_server_public_key? pfc_data->sha256_server_public_key:"n/a",
+ MYSQLND_G(sha256_server_public_key)? MYSQLND_G(sha256_server_public_key):"n/a");
+ if (!fname || fname[0] == '\0') {
+ MYSQLND_PACKET_CACHED_SHA2_RESULT req_packet;
+ MYSQLND_PACKET_SHA256_PK_REQUEST_RESPONSE pk_resp_packet;
+
+ do {
+ DBG_INF("requesting the public key from the server");
+ conn->payload_decoder_factory->m.init_cached_sha2_result_packet(&req_packet);
+ conn->payload_decoder_factory->m.init_sha256_pk_request_response_packet(&pk_resp_packet);
+ req_packet.request = 1;
+
+ if (! PACKET_WRITE(conn, &req_packet)) {
+ DBG_ERR_FMT("Error while sending public key request packet");
+ php_error(E_WARNING, "Error while sending public key request packet. PID=%d", getpid());
+ SET_CONNECTION_STATE(&conn->state, CONN_QUIT_SENT);
+ break;
+ }
+ if (FAIL == PACKET_READ(conn, &pk_resp_packet) || NULL == pk_resp_packet.public_key) {
+ DBG_ERR_FMT("Error while receiving public key");
+ php_error(E_WARNING, "Error while receiving public key. PID=%d", getpid());
+ SET_CONNECTION_STATE(&conn->state, CONN_QUIT_SENT);
+ break;
+ }
+ DBG_INF_FMT("Public key(%d):\n%s", pk_resp_packet.public_key_len, pk_resp_packet.public_key);
+ /* now extract the public key */
+ {
+ BIO * bio = BIO_new_mem_buf(pk_resp_packet.public_key, pk_resp_packet.public_key_len);
+ ret = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL);
+ BIO_free(bio);
+ }
+ } while (0);
+ PACKET_FREE(&req_packet);
+ PACKET_FREE(&pk_resp_packet);
+
+ DBG_INF_FMT("ret=%p", ret);
+ DBG_RETURN(ret);
+
+ SET_CLIENT_ERROR(conn->error_info, CR_UNKNOWN_ERROR, UNKNOWN_SQLSTATE,
+ "caching_sha2_server_public_key is not set for the connection or as mysqlnd.sha256_server_public_key");
+ DBG_ERR("server_public_key is not set");
+ DBG_RETURN(NULL);
+ } else {
+ zend_string * key_str;
+ DBG_INF_FMT("Key in a file. [%s]", fname);
+ stream = php_stream_open_wrapper((char *) fname, "rb", REPORT_ERRORS, NULL);
+
+ if (stream) {
+ if ((key_str = php_stream_copy_to_mem(stream, PHP_STREAM_COPY_ALL, 0)) != NULL) {
+ BIO * bio = BIO_new_mem_buf(ZSTR_VAL(key_str), ZSTR_LEN(key_str));
+ ret = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL);
+ BIO_free(bio);
+ DBG_INF("Successfully loaded");
+ DBG_INF_FMT("Public key:%*.s", ZSTR_LEN(key_str), ZSTR_VAL(key_str));
+ zend_string_release(key_str);
+ }
+ php_stream_close(stream);
+ }
+ }
+ DBG_RETURN(ret);
+
+}
+
+
+/* {{{ mysqlnd_caching_sha2_get_key */
+static size_t
+mysqlnd_caching_sha2_get_and_use_key(MYSQLND_CONN_DATA *conn,
+ const zend_uchar * auth_plugin_data, size_t auth_plugin_data_len,
+ unsigned char **crypted,
+ const char * const passwd,
+ const size_t passwd_len)
+{
+ static RSA *server_public_key;
+ server_public_key = mysqlnd_caching_sha2_get_key(conn);
+
+ DBG_ENTER("mysqlnd_caching_sha2_get_and_use_key(");
+
+ if (server_public_key) {
+ int server_public_key_len;
+ char xor_str[passwd_len + 1];
+ memcpy(xor_str, passwd, passwd_len);
+ xor_str[passwd_len] = '\0';
+ mysqlnd_xor_string(xor_str, passwd_len, (char *) auth_plugin_data, auth_plugin_data_len);
+
+ server_public_key_len = RSA_size(server_public_key);
+ /*
+ Because RSA_PKCS1_OAEP_PADDING is used there is a restriction on the passwd_len.
+ RSA_PKCS1_OAEP_PADDING is recommended for new applications. See more here:
+ http://www.openssl.org/docs/crypto/RSA_public_encrypt.html
+ */
+ if ((size_t) server_public_key_len - 41 <= passwd_len) {
+ /* password message is to long */
+ SET_CLIENT_ERROR(conn->error_info, CR_UNKNOWN_ERROR, UNKNOWN_SQLSTATE, "password is too long");
+ DBG_ERR("password is too long");
+ DBG_RETURN(0);
+ }
+
+ *crypted = emalloc(server_public_key_len);
+ RSA_public_encrypt(passwd_len + 1, (zend_uchar *) xor_str, *crypted, server_public_key, RSA_PKCS1_OAEP_PADDING);
+ DBG_RETURN(server_public_key_len);
+ }
+ DBG_RETURN(0);
+}
+/* }}} */
+
+/* {{{ mysqlnd_native_auth_get_auth_data */
+static void
+mysqlnd_caching_sha2_handle_server_response(struct st_mysqlnd_authentication_plugin *self,
+ MYSQLND_CONN_DATA * conn,
+ const zend_uchar * auth_plugin_data, size_t auth_plugin_data_len,
+ const char * const passwd,
+ const size_t passwd_len)
+{
+ DBG_ENTER("mysqlnd_caching_sha2_handle_server_response");
+ MYSQLND_PACKET_CACHED_SHA2_RESULT result_packet;
+ conn->payload_decoder_factory->m.init_cached_sha2_result_packet(&result_packet);
+
+ if (FAIL == PACKET_READ(conn, &result_packet)) {
+ DBG_VOID_RETURN;
+ }
+
+ switch (result_packet.response_code) {
+ case 3:
+ DBG_INF("fast path succeeded");
+ DBG_VOID_RETURN;
+ case 4:
+ if (conn->vio->data->ssl || conn->unix_socket.s) {
+ DBG_INF("fast path failed, doing full auth via SSL");
+ result_packet.password = (zend_uchar *)passwd;
+ result_packet.password_len = passwd_len + 1;
+ PACKET_WRITE(conn, &result_packet);
+ } else {
+ DBG_INF("fast path failed, doing full auth without SSL");
+ result_packet.password_len = mysqlnd_caching_sha2_get_and_use_key(conn, auth_plugin_data, auth_plugin_data_len, &result_packet.password, passwd, passwd_len);
+ PACKET_WRITE(conn, &result_packet);
+ efree(result_packet.password);
+ }
+ DBG_VOID_RETURN;
+ case 2:
+ // The server tried to send a key, which we didn't expect
+ // fall-through
+ default:
+ php_error_docref(NULL, E_WARNING, "Unexpected server respose while doing caching_sha2 auth: %i", result_packet.response_code);
+ }
+
+ DBG_VOID_RETURN;
+}
+/* }}} */
+
+static struct st_mysqlnd_authentication_plugin mysqlnd_caching_sha2_auth_plugin =
+{
+ {
+ MYSQLND_PLUGIN_API_VERSION,
+ "auth_plugin_caching_sha2_password",
+ MYSQLND_VERSION_ID,
+ PHP_MYSQLND_VERSION,
+ "PHP License 3.01",
+ "Johannes Schlüter <johannes.schlueter@php.net>",
+ {
+ NULL, /* no statistics , will be filled later if there are some */
+ NULL, /* no statistics */
+ },
+ {
+ NULL /* plugin shutdown */
+ }
+ },
+ {/* methods */
+ mysqlnd_caching_sha2_get_auth_data,
+ mysqlnd_caching_sha2_handle_server_response
}
};
#endif
+
/* {{{ mysqlnd_register_builtin_authentication_plugins */
void
mysqlnd_register_builtin_authentication_plugins(void)
@@ -832,6 +1100,7 @@ mysqlnd_register_builtin_authentication_plugins(void)
mysqlnd_plugin_register_ex((struct st_mysqlnd_plugin_header *) &mysqlnd_native_auth_plugin);
mysqlnd_plugin_register_ex((struct st_mysqlnd_plugin_header *) &mysqlnd_pam_authentication_plugin);
#ifdef MYSQLND_HAVE_SSL
+ mysqlnd_plugin_register_ex((struct st_mysqlnd_plugin_header *) &mysqlnd_caching_sha2_auth_plugin);
mysqlnd_plugin_register_ex((struct st_mysqlnd_plugin_header *) &mysqlnd_sha256_authentication_plugin);
#endif
}
diff --git a/ext/mysqlnd/mysqlnd_auth.h b/ext/mysqlnd/mysqlnd_auth.h
index 8fc369abca43..3ddb5a5f70fe 100644
--- a/ext/mysqlnd/mysqlnd_auth.h
+++ b/ext/mysqlnd/mysqlnd_auth.h
@@ -31,26 +31,9 @@ mysqlnd_auth_handshake(MYSQLND_CONN_DATA * conn,
unsigned int server_charset_no,
zend_bool use_full_blown_auth_packet,
const char * const auth_protocol,
- const zend_uchar * const auth_plugin_data,
- const size_t auth_plugin_data_len,
- char ** switch_to_auth_protocol,
- size_t * switch_to_auth_protocol_len,
- zend_uchar ** switch_to_auth_protocol_data,
- size_t * switch_to_auth_protocol_data_len
- );
-
-enum_func_status
-mysqlnd_auth_handshake(MYSQLND_CONN_DATA * conn,
- const char * const user,
- const char * const passwd,
- const size_t passwd_len,
- const char * const db,
- const size_t db_len,
- const MYSQLND_SESSION_OPTIONS * const session_options,
- zend_ulong mysql_flags,
- unsigned int server_charset_no,
- zend_bool use_full_blown_auth_packet,
- const char * const auth_protocol,
+ struct st_mysqlnd_authentication_plugin * auth_plugin,
+ const zend_uchar * const orig_auth_plugin_data,
+ const size_t orig_auth_plugin_data_len,
const zend_uchar * const auth_plugin_data,
const size_t auth_plugin_data_len,
char ** switch_to_auth_protocol,
diff --git a/ext/mysqlnd/mysqlnd_connection.c b/ext/mysqlnd/mysqlnd_connection.c
index 826b47d7173d..8745cc4edc82 100644
--- a/ext/mysqlnd/mysqlnd_connection.c
+++ b/ext/mysqlnd/mysqlnd_connection.c
@@ -666,9 +666,13 @@ MYSQLND_METHOD(mysqlnd_conn_data, connect)(MYSQLND_CONN_DATA * conn,
{
const MYSQLND_CSTRING scheme = { transport.s, transport.l };
+ /* This will be overwritten below with a copy, but we can use it during authentication */
+ conn->unix_socket.s = (char *)socket_or_pipe.s;
if (FAIL == conn->m->connect_handshake(conn, &scheme, &username, &password, &database, mysql_flags)) {
+ conn->unix_socket.s = NULL;
goto err;
}
+ conn->unix_socket.s = NULL;
}
{
diff --git a/ext/mysqlnd/mysqlnd_enum_n_def.h b/ext/mysqlnd/mysqlnd_enum_n_def.h
index 7630a0a98885..21b84ce71f92 100644
--- a/ext/mysqlnd/mysqlnd_enum_n_def.h
+++ b/ext/mysqlnd/mysqlnd_enum_n_def.h
@@ -631,6 +631,7 @@ enum mysqlnd_packet_type
PROT_CHG_USER_RESP_PACKET,
PROT_SHA256_PK_REQUEST_PACKET,
PROT_SHA256_PK_REQUEST_RESPONSE_PACKET,
+ PROT_CACHED_SHA2_RESULT_PACKET,
PROT_LAST /* should always be last */
};
diff --git a/ext/mysqlnd/mysqlnd_structs.h b/ext/mysqlnd/mysqlnd_structs.h
index a7c892b48d75..858b6620089c 100644
--- a/ext/mysqlnd/mysqlnd_structs.h
+++ b/ext/mysqlnd/mysqlnd_structs.h
@@ -963,6 +963,7 @@ struct st_mysqlnd_packet_chg_user_resp;
struct st_mysqlnd_packet_auth_pam;
struct st_mysqlnd_packet_sha256_pk_request;
struct st_mysqlnd_packet_sha256_pk_request_response;
+struct st_mysqlnd_packet_cached_sha2_result;
typedef void (*func_mysqlnd_protocol_payload_decoder_factory__init_greet_packet)(struct st_mysqlnd_packet_greet *packet);
typedef void (*func_mysqlnd_protocol_payload_decoder_factory__init_auth_packet)(struct st_mysqlnd_packet_auth *packet);
@@ -979,6 +980,7 @@ typedef void (*func_mysqlnd_protocol_payload_decoder_factory__init_prepare_respo
typedef void (*func_mysqlnd_protocol_payload_decoder_factory__init_change_user_response_packet)(struct st_mysqlnd_packet_chg_user_resp *packet);
typedef void (*func_mysqlnd_protocol_payload_decoder_factory__init_sha256_pk_request_packet)(struct st_mysqlnd_packet_sha256_pk_request *packet);
typedef void (*func_mysqlnd_protocol_payload_decoder_factory__init_sha256_pk_request_response_packet)(struct st_mysqlnd_packet_sha256_pk_request_response *packet);
+typedef void (*func_mysqlnd_protocol_payload_decoder_factory__init_cached_sha2_result_packet)(struct st_mysqlnd_packet_cached_sha2_result *packet);
typedef enum_func_status (*func_mysqlnd_protocol_payload_decoder_factory__send_command)(
MYSQLND_PROTOCOL_PAYLOAD_DECODER_FACTORY * payload_decoder_factory,
@@ -1034,6 +1036,7 @@ MYSQLND_CLASS_METHODS_TYPE(mysqlnd_protocol_payload_decoder_factory)
func_mysqlnd_protocol_payload_decoder_factory__init_change_user_response_packet init_change_user_response_packet;
func_mysqlnd_protocol_payload_decoder_factory__init_sha256_pk_request_packet init_sha256_pk_request_packet;
func_mysqlnd_protocol_payload_decoder_factory__init_sha256_pk_request_response_packet init_sha256_pk_request_response_packet;
+ func_mysqlnd_protocol_payload_decoder_factory__init_cached_sha2_result_packet init_cached_sha2_result_packet;
func_mysqlnd_protocol_payload_decoder_factory__send_command send_command;
func_mysqlnd_protocol_payload_decoder_factory__send_command_handle_response send_command_handle_response;
@@ -1331,11 +1334,18 @@ typedef zend_uchar * (*func_auth_plugin__get_auth_data)(struct st_mysqlnd_authen
const MYSQLND_PFC_DATA * const pfc_data, zend_ulong mysql_flags
);
+typedef void (*func_auth_plugin__handle_server_response)(struct st_mysqlnd_authentication_plugin * self,
+ MYSQLND_CONN_DATA * conn,
+ const zend_uchar * auth_plugin_data, size_t auth_plugin_data_len,
+ const char * const passwd,
+ const size_t passwd_len);
+
struct st_mysqlnd_authentication_plugin
{
struct st_mysqlnd_plugin_header plugin_header;
struct {
func_auth_plugin__get_auth_data get_auth_data;
+ func_auth_plugin__handle_server_response handle_server_response;
} methods;
};
diff --git a/ext/mysqlnd/mysqlnd_wireprotocol.c b/ext/mysqlnd/mysqlnd_wireprotocol.c
index 15b64d9f6de2..1b7f4a935e10 100644
--- a/ext/mysqlnd/mysqlnd_wireprotocol.c
+++ b/ext/mysqlnd/mysqlnd_wireprotocol.c
@@ -2123,6 +2123,75 @@ php_mysqlnd_sha256_pk_request_response_free_mem(void * _packet)
}
/* }}} */
+static
+size_t php_mysqlnd_cached_sha2_result_write(MYSQLND_CONN_DATA * conn, void * _packet)
+{
+ MYSQLND_PACKET_CACHED_SHA2_RESULT * packet= (MYSQLND_PACKET_CACHED_SHA2_RESULT *) _packet;
+ MYSQLND_ERROR_INFO * error_info = conn->error_info;
+ MYSQLND_PFC * pfc = conn->protocol_frame_codec;
+ MYSQLND_VIO * vio = conn->vio;
+ MYSQLND_STATS * stats = conn->stats;
+#if HAVE_COMPILER_C99_VLA
+ zend_uchar buffer[MYSQLND_HEADER_SIZE + packet->password_len + 1];
+#else
+ ALLOCA_FLAG(use_heap)
+ zend_uchar *buffer = do_alloca(MYSQLND_HEADER_SIZE + packet->password_len + 1, use_heap);
+#endif
+ size_t sent;
+
+ DBG_ENTER("php_mysqlnd_cached_sha2_result_write");
+
+ if (packet->request == 1) {
+ int1store(buffer + MYSQLND_HEADER_SIZE, '\2');
+ sent = pfc->data->m.send(pfc, vio, buffer, 1, stats, error_info);
+ } else {
+ memcpy(buffer + MYSQLND_HEADER_SIZE, packet->password, packet->password_len);
+ sent = pfc->data->m.send(pfc, vio, buffer, packet->password_len, stats, error_info);
+ }
+
+#if !HAVE_COMPILER_C99_VLA
+ free_alloca(buffer, use_heap);
+#endif
+
+ DBG_RETURN(sent);
+}
+
+static enum_func_status
+php_mysqlnd_cached_sha2_result_read(MYSQLND_CONN_DATA * conn, void * _packet)
+{
+ MYSQLND_PACKET_CACHED_SHA2_RESULT * packet= (MYSQLND_PACKET_CACHED_SHA2_RESULT *) _packet;
+ MYSQLND_ERROR_INFO * error_info = conn->error_info;
+ MYSQLND_PFC * pfc = conn->protocol_frame_codec;
+ MYSQLND_VIO * vio = conn->vio;
+ MYSQLND_STATS * stats = conn->stats;
+ MYSQLND_CONNECTION_STATE * connection_state = &conn->state;
+ zend_uchar buf[SHA256_PK_REQUEST_RESP_BUFFER_SIZE];
+ zend_uchar *p = buf;
+ const zend_uchar * const begin = buf;
+
+ DBG_ENTER("php_mysqlnd_cached_sha2_result_read");
+ if (FAIL == mysqlnd_read_packet_header_and_body(&(packet->header), pfc, vio, stats, error_info, connection_state, buf, sizeof(buf), "PROT_CACHED_SHA2_RESULT_PACKET", PROT_CACHED_SHA2_RESULT_PACKET)) {
+ DBG_RETURN(FAIL);
+ }
+ BAIL_IF_NO_MORE_DATA;
+
+ p++;
+ packet->response_code = uint1korr(p);
+ BAIL_IF_NO_MORE_DATA;
+
+ p++;
+ packet->result = uint1korr(p);
+ BAIL_IF_NO_MORE_DATA;
+
+ DBG_RETURN(PASS);
+
+premature_end:
+ DBG_ERR_FMT("OK packet %d bytes shorter than expected", p - begin - packet->header.size);
+ php_error_docref(NULL, E_WARNING, "SHA256_PK_REQUEST_RESPONSE packet "MYSQLND_SZ_T_SPEC" bytes shorter than expected",
+ p - begin - packet->header.size);
+ DBG_RETURN(FAIL);
+}
+
/* {{{ packet_methods */
static
mysqlnd_packet_methods packet_methods[PROT_LAST] =
@@ -2201,9 +2270,14 @@ mysqlnd_packet_methods packet_methods[PROT_LAST] =
php_mysqlnd_sha256_pk_request_response_read,
NULL, /* write */
php_mysqlnd_sha256_pk_request_response_free_mem,
- } /* PROT_SHA256_PK_REQUEST_RESPONSE_PACKET */
+ }, /* PROT_SHA256_PK_REQUEST_RESPONSE_PACKET */
+ {
+ php_mysqlnd_cached_sha2_result_read,
+ php_mysqlnd_cached_sha2_result_write,
+ NULL
+ } /* PROT_CACHED_SHA2_RESULT_PACKET */
};
-/* }}} */
+/* }}} */
/* {{{ mysqlnd_protocol::init_greet_packet */
@@ -2385,6 +2459,17 @@ MYSQLND_METHOD(mysqlnd_protocol, init_sha256_pk_request_response_packet)(struct
}
/* }}} */
+/* {{{ mysqlnd_protocol::init_cached_sha2_result_packet */
+static void
+MYSQLND_METHOD(mysqlnd_protocol, init_cached_sha2_result_packet)(struct st_mysqlnd_packet_cached_sha2_result *packet)
+{
+ DBG_ENTER("mysqlnd_protocol::init_cached_sha2_result_packet");
+ memset(packet, 0, sizeof(*packet));
+ packet->header.m = &packet_methods[PROT_CACHED_SHA2_RESULT_PACKET];
+ DBG_VOID_RETURN;
+}
+/* }}} */
+
/* {{{ mysqlnd_protocol::send_command */
static enum_func_status
@@ -2603,6 +2688,7 @@ MYSQLND_CLASS_METHODS_START(mysqlnd_protocol_payload_decoder_factory)
MYSQLND_METHOD(mysqlnd_protocol, init_change_user_response_packet),
MYSQLND_METHOD(mysqlnd_protocol, init_sha256_pk_request_packet),
MYSQLND_METHOD(mysqlnd_protocol, init_sha256_pk_request_response_packet),
+ MYSQLND_METHOD(mysqlnd_protocol, init_cached_sha2_result_packet),
MYSQLND_METHOD(mysqlnd_protocol, send_command),
MYSQLND_METHOD(mysqlnd_protocol, send_command_handle_response),
diff --git a/ext/mysqlnd/mysqlnd_wireprotocol.h b/ext/mysqlnd/mysqlnd_wireprotocol.h
index 6e531b0e5438..7dfb256eec41 100644
--- a/ext/mysqlnd/mysqlnd_wireprotocol.h
+++ b/ext/mysqlnd/mysqlnd_wireprotocol.h
@@ -281,6 +281,16 @@ typedef struct st_mysqlnd_packet_sha256_pk_request_response {
size_t public_key_len;
} MYSQLND_PACKET_SHA256_PK_REQUEST_RESPONSE;
+typedef struct st_mysqlnd_packet_cached_sha2_result {
+ MYSQLND_PACKET_HEADER header;
+ uint8_t response_code;
+ uint8_t result;
+ uint8_t request;
+ zend_uchar * password;
+ size_t password_len;
+} MYSQLND_PACKET_CACHED_SHA2_RESULT;
+
+
zend_ulong php_mysqlnd_net_field_length(const zend_uchar **packet);
zend_uchar * php_mysqlnd_net_store_length(zend_uchar *packet, const uint64_t length);

88
services/custombuild/patches/pma_auth_logging-4.7.patch Normal file
View File

@@ -0,0 +1,88 @@
diff -ruN libraries.orig/common.inc.php libraries/common.inc.php
--- libraries.orig/common.inc.php 2017-03-29 07:15:31.000000000 -0500
+++ libraries/common.inc.php 2017-04-08 19:13:32.936610526 -0500
@@ -649,6 +649,9 @@
$auth_plugin = new $fqnAuthClass($plugin_manager);
if (! $auth_plugin->authCheck()) {
+ //DA logging
+ Logging::log_to_file('', "not authenticated");
+
/* Force generating of new session on login */
PMA_secureSession();
$auth_plugin->auth();
diff -ruN libraries.orig/Logging.php libraries/Logging.php
--- libraries.orig/Logging.php 2017-03-29 07:15:31.000000000 -0500
+++ libraries/Logging.php 2017-04-08 19:14:21.119610531 -0500
@@ -9,6 +9,9 @@
*/
namespace PMA\libraries;
+define("PMA\libraries\AUTH_LOG_DIR", "./log");
+define("PMA\libraries\AUTH_LOG_FILE", "./log/auth.log");
+
/**
* Misc logging functions
*
@@ -39,5 +42,61 @@
);
closelog();
}
+ Logging::log_to_file($user, $status);
}
+
+ private static function ensure_log_dir()
+ {
+ $LOG_DIR=AUTH_LOG_DIR;
+ if (is_dir($LOG_DIR))
+ return true;
+
+ if (!mkdir($LOG_DIR, 0770))
+ return false;
+ }
+
+ public static function log_to_file($user, $status)
+ {
+ if (!Logging::ensure_log_dir())
+ return false;
+
+ $LOG_FILE=AUTH_LOG_FILE;
+
+ if ($user == '')
+ {
+ $user = PMA_getenv('PHP_AUTH_USER');
+ }
+
+ if ($user == '')
+ return true;
+
+ //remove any ' characters from $user
+ $user = urlencode($user);
+
+ //check for logout
+ if ($status == 'not authenticated')
+ {
+ if (isset($_GET['old_usr']) && isset($_SERVER['PHP_AUTH_USER']))
+ {
+ if ($_GET['old_usr'] == $_SERVER['PHP_AUTH_USER'])
+ {
+ $status = 'logout';
+ }
+ }
+ }
+
+ $log_str = date('M d H:i:s').":: pma auth user='$user' status='$status' ip='".$_SERVER["REMOTE_ADDR"]."'";
+
+ $fp = fopen($LOG_FILE, 'a');
+ if ($fp === false)
+ {
+ //log to apache error log instead
+ error_log($log_str."\n");
+ return;
+ }
+
+ fwrite($fp, $log_str."\n");
+
+ fclose($fp);
+ }
}

14
services/custombuild/patches/pma_auth_logging-4.8.patch.disabled Normal file
View File

@@ -0,0 +1,14 @@
--- libraries/classes/Logging.php.orig 2018-04-15 18:54:36.973996388 -0600
+++ libraries/classes/Logging.php 2018-04-15 19:03:09.094996350 -0600
@@ -51,9 +51,9 @@
public static function getLogMessage($user, $status)
{
if ($status == 'ok') {
- return 'user authenticated: ' . $user . ' from ' . Core::getIp();
+ return "user authenticated: '" . $user . "' from '" . Core::getIp() ."'";
}
- return 'user denied: ' . $user . ' (' . $status . ') from ' . Core::getIp();
+ return "user denied: '" . $user . "' (" . $status . ") from '" . Core::getIp() ."'";
}
/**

89
services/custombuild/patches/pma_auth_logging.patch Normal file
View File

@@ -0,0 +1,89 @@
diff -rupN libraries.orig/common.inc.php libraries/common.inc.php
--- libraries.orig/common.inc.php 2016-03-22 21:46:31.452912951 -0500
+++ libraries/common.inc.php 2016-03-22 21:40:11.699913468 -0500
@@ -728,6 +728,9 @@ if (! defined('PMA_MINIMUM_COMMON')) {
$auth_plugin = new $fqnAuthClass($plugin_manager);
if (! $auth_plugin->authCheck()) {
+ //DA logging
+ log_to_file('', "not authenticated");
+
/* Force generating of new session on login */
if ($token_provided) {
PMA_secureSession();
diff -rupN libraries.orig/logging.lib.php libraries/logging.lib.php
--- libraries.orig/logging.lib.php 2016-03-22 21:46:31.455912989 -0500
+++ libraries/logging.lib.php 2016-03-22 21:39:56.640914141 -0500
@@ -8,6 +8,64 @@
* @package PhpMyAdmin
*/
+define("AUTH_LOG_DIR", "./log");
+define("AUTH_LOG_FILE", "./log/auth.log");
+
+function ensure_log_dir()
+{
+ $LOG_DIR=AUTH_LOG_DIR;
+ if (is_dir($LOG_DIR))
+ return true;
+
+ if (!mkdir($LOG_DIR, 0770))
+ return false;
+}
+
+function log_to_file($user, $status)
+{
+ if (!ensure_log_dir())
+ return false;
+
+ $LOG_FILE=AUTH_LOG_FILE;
+
+ if ($user == '')
+ {
+ $user = PMA_getenv('PHP_AUTH_USER');
+ }
+
+ if ($user == '')
+ return true;
+
+ //remove any ' characters from $user
+ $user = urlencode($user);
+
+ //check for logout
+ if ($status == 'not authenticated')
+ {
+ if (isset($_GET['old_usr']) && isset($_SERVER['PHP_AUTH_USER']))
+ {
+ if ($_GET['old_usr'] == $_SERVER['PHP_AUTH_USER'])
+ {
+ $status = 'logout';
+ }
+ }
+ }
+
+ $log_str = date('M d H:i:s').":: pma auth user='$user' status='$status' ip='".$_SERVER["REMOTE_ADDR"]."'";
+
+ $fp = fopen($LOG_FILE, 'a');
+ if ($fp === false)
+ {
+ //log to apache error log instead
+ error_log($log_str."\n");
+ return;
+ }
+
+ fwrite($fp, $log_str."\n");
+
+ fclose($fp);
+}
+
/**
* Logs user information to webserver logs.
*
@@ -22,5 +80,7 @@ function PMA_logUser($user, $status = 'o
apache_note('userID', $user);
apache_note('userStatus', $status);
}
+
+ log_to_file($user, $status);
}

81
services/custombuild/patches/pma_auth_logging.patch.1 Normal file
View File

@@ -0,0 +1,81 @@
diff -rupN libraries.orig/common.inc.php libraries/common.inc.php
--- libraries.orig/common.inc.php 2014-12-10 01:51:22.838996733 -0700
+++ libraries/common.inc.php 2014-12-10 01:53:35.109996605 -0700
@@ -869,6 +869,9 @@ if (! defined('PMA_MINIMUM_COMMON')) {
$auth_plugin = new $auth_class($plugin_manager);
if (! $auth_plugin->authCheck()) {
+ //DA logging
+ log_to_file('', "not authenticated");
+
/* Force generating of new session on login */
PMA_secureSession();
$auth_plugin->auth();
diff -rupN libraries.orig/logging.lib.php libraries/logging.lib.php
--- libraries.orig/logging.lib.php 2014-12-10 01:51:22.830996865 -0700
+++ libraries/logging.lib.php 2014-12-10 01:57:20.972996510 -0700
@@ -11,6 +11,55 @@ if (! defined('PHPMYADMIN')) {
exit;
}
+$LOG_DIR="./log";
+$LOG_FILE=$LOG_DIR."/auth.log";
+
+function ensure_log_dir()
+{
+ global $LOG_DIR;
+ if (is_dir($LOG_DIR))
+ return true;
+
+ if (!mkdir($LOG_DIR, 0770))
+ return false;
+}
+
+function log_to_file($user, $status)
+{
+ if (!ensure_log_dir())
+ return false;
+
+ global $LOG_FILE;
+
+ if ($user == '')
+ {
+ //global $PHP_AUTH_USER;
+ //$user = $PHP_AUTH_USER;
+
+ $user = PMA_getenv('PHP_AUTH_USER');
+ }
+
+ if ($user == '')
+ return true;
+
+ //remove any ' characters from $user
+ $user = urlencode($user);
+
+ $log_str = date('M d H:i:s').":: pma auth user='$user' status='$status' ip='".$_SERVER["REMOTE_ADDR"]."'";
+
+ $fp = fopen($LOG_FILE, 'a');
+ if ($fp === false)
+ {
+ //log to apache error log instead
+ error_log($log_str."\n");
+ return;
+ }
+
+ fwrite($fp, $log_str."\n");
+
+ fclose($fp);
+}
+
/**
* Logs user information to webserver logs.
*
@@ -25,6 +74,8 @@ function PMA_logUser($user, $status = 'o
apache_note('userID', $user);
apache_note('userStatus', $status);
}
+
+ log_to_file($user, $status);
}
?>

93
services/custombuild/patches/pma_auth_logging.patch.2 Normal file
View File

@@ -0,0 +1,93 @@
diff -rupN libraries.orig/common.inc.php libraries/common.inc.php
--- libraries.orig/common.inc.php 2015-01-30 01:21:34.332632729 -0700
+++ libraries/common.inc.php 2015-01-30 01:19:23.856881237 -0700
@@ -868,6 +868,9 @@ if (! defined('PMA_MINIMUM_COMMON')) {
$auth_plugin = new $auth_class($plugin_manager);
if (! $auth_plugin->authCheck()) {
+ //DA logging
+ log_to_file('', "not authenticated");
+
/* Force generating of new session on login */
PMA_secureSession();
$auth_plugin->auth();
diff -rupN libraries.orig/logging.lib.php libraries/logging.lib.php
--- libraries.orig/logging.lib.php 2015-01-30 01:21:34.319651116 -0700
+++ libraries/logging.lib.php 2015-01-30 01:25:48.566652817 -0700
@@ -11,6 +11,67 @@ if (! defined('PHPMYADMIN')) {
exit;
}
+$LOG_DIR="./log";
+$LOG_FILE=$LOG_DIR."/auth.log";
+
+function ensure_log_dir()
+{
+ global $LOG_DIR;
+ if (is_dir($LOG_DIR))
+ return true;
+
+ if (!mkdir($LOG_DIR, 0770))
+ return false;
+}
+
+function log_to_file($user, $status)
+{
+ if (!ensure_log_dir())
+ return false;
+
+ global $LOG_FILE;
+
+ if ($user == '')
+ {
+ //global $PHP_AUTH_USER;
+ //$user = $PHP_AUTH_USER;
+
+ $user = PMA_getenv('PHP_AUTH_USER');
+ }
+
+ if ($user == '')
+ return true;
+
+ //remove any ' characters from $user
+ $user = urlencode($user);
+
+ //check for logout
+ if ($status == 'not authenticated')
+ {
+ if (isset($_GET['old_usr']) && isset($_SERVER['PHP_AUTH_USER']))
+ {
+ if ($_GET['old_usr'] == $_SERVER['PHP_AUTH_USER'])
+ {
+ $status = 'logout';
+ }
+ }
+ }
+
+ $log_str = date('M d H:i:s').":: pma auth user='$user' status='$status' ip='".$_SERVER["REMOTE_ADDR"]."'";
+
+ $fp = fopen($LOG_FILE, 'a');
+ if ($fp === false)
+ {
+ //log to apache error log instead
+ error_log($log_str."\n");
+ return;
+ }
+
+ fwrite($fp, $log_str."\n");
+
+ fclose($fp);
+}
+
/**
* Logs user information to webserver logs.
*
@@ -25,6 +86,8 @@ function PMA_logUser($user, $status = 'o
apache_note('userID', $user);
apache_note('userStatus', $status);
}
+
+ log_to_file($user, $status);
}
?>

89
services/custombuild/patches/pma_auth_logging.patch.3 Normal file
View File

@@ -0,0 +1,89 @@
diff -rupN libraries.orig/common.inc.php libraries/common.inc.php
--- libraries.orig/common.inc.php 2016-03-22 21:46:31.452912951 -0500
+++ libraries/common.inc.php 2016-03-22 21:40:11.699913468 -0500
@@ -728,6 +728,9 @@ if (! defined('PMA_MINIMUM_COMMON')) {
$auth_plugin = new $fqnAuthClass($plugin_manager);
if (! $auth_plugin->authCheck()) {
+ //DA logging
+ log_to_file('', "not authenticated");
+
/* Force generating of new session on login */
if ($token_provided) {
PMA_secureSession();
diff -rupN libraries.orig/logging.lib.php libraries/logging.lib.php
--- libraries.orig/logging.lib.php 2016-03-22 21:46:31.455912989 -0500
+++ libraries/logging.lib.php 2016-03-22 21:39:56.640914141 -0500
@@ -8,6 +8,64 @@
* @package PhpMyAdmin
*/
+define("AUTH_LOG_DIR", "./log");
+define("AUTH_LOG_FILE", "./log/auth.log");
+
+function ensure_log_dir()
+{
+ $LOG_DIR=AUTH_LOG_DIR;
+ if (is_dir($LOG_DIR))
+ return true;
+
+ if (!mkdir($LOG_DIR, 0770))
+ return false;
+}
+
+function log_to_file($user, $status)
+{
+ if (!ensure_log_dir())
+ return false;
+
+ $LOG_FILE=AUTH_LOG_FILE;
+
+ if ($user == '')
+ {
+ $user = PMA_getenv('PHP_AUTH_USER');
+ }
+
+ if ($user == '')
+ return true;
+
+ //remove any ' characters from $user
+ $user = urlencode($user);
+
+ //check for logout
+ if ($status == 'not authenticated')
+ {
+ if (isset($_GET['old_usr']) && isset($_SERVER['PHP_AUTH_USER']))
+ {
+ if ($_GET['old_usr'] == $_SERVER['PHP_AUTH_USER'])
+ {
+ $status = 'logout';
+ }
+ }
+ }
+
+ $log_str = date('M d H:i:s').":: pma auth user='$user' status='$status' ip='".$_SERVER["REMOTE_ADDR"]."'";
+
+ $fp = fopen($LOG_FILE, 'a');
+ if ($fp === false)
+ {
+ //log to apache error log instead
+ error_log($log_str."\n");
+ return;
+ }
+
+ fwrite($fp, $log_str."\n");
+
+ fclose($fp);
+}
+
/**
* Logs user information to webserver logs.
*
@@ -22,5 +80,7 @@ function PMA_logUser($user, $status = 'o
apache_note('userID', $user);
apache_note('userStatus', $status);
}
+
+ log_to_file($user, $status);
}

973
services/custombuild/patches/proftpd-1.3.6-MLSD-symlink.patch Normal file
View File

@@ -0,0 +1,973 @@
diff --git a/src/support.c b/src/support.c
index 45d2126de..293dc7231 100644
--- a/src/support.c
+++ b/src/support.c
@@ -2,7 +2,7 @@
* ProFTPD - FTP server daemon
* Copyright (c) 1997, 1998 Public Flood Software
* Copyright (c) 1999, 2000 MacGyver aka Habeeb J. Dihu <macgyver@tos.net>
- * Copyright (c) 2001-2016 The ProFTPD Project team
+ * Copyright (c) 2001-2017 The ProFTPD Project team
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -440,6 +440,9 @@ int dir_readlink(pool *p, const char *path, char *buf, size_t bufsz,
return -1;
}
+ pr_trace_msg("fsio", 9,
+ "dir_readlink() read link '%.*s' for path '%s'", (int) len, buf, path);
+
if (len == 0 ||
(size_t) len == bufsz) {
/* If we read nothing in, OR if the given buffer was completely
@@ -530,15 +533,24 @@ int dir_readlink(pool *p, const char *path, char *buf, size_t bufsz,
*/
ptr = strrchr(path, '/');
- if (ptr != NULL &&
- ptr != path) {
- char *parent_dir;
+ if (ptr != NULL) {
+ if (ptr != path) {
+ char *parent_dir;
- parent_dir = pstrndup(tmp_pool, path, (ptr - path));
- dst_path = pdircat(tmp_pool, parent_dir, dst_path, NULL);
+ parent_dir = pstrndup(tmp_pool, path, (ptr - path));
+ dst_path = pdircat(tmp_pool, parent_dir, dst_path, NULL);
- } else {
- dst_path = pdircat(tmp_pool, path, dst_path, NULL);
+ } else {
+ /* Watch out for the case where the destination path might start
+ * with a period.
+ */
+ if (*dst_path != '.') {
+ dst_path = pdircat(tmp_pool, path, dst_path, NULL);
+
+ } else {
+ dst_path = pdircat(tmp_pool, "/", dst_path, NULL);
+ }
+ }
}
}
diff --git a/tests/api/misc.c b/tests/api/misc.c
index 926d9b3e3..122463681 100644
--- a/tests/api/misc.c
+++ b/tests/api/misc.c
@@ -1,6 +1,6 @@
/*
* ProFTPD - FTP server testsuite
- * Copyright (c) 2015-2016 The ProFTPD Project team
+ * Copyright (c) 2015-2017 The ProFTPD Project team
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -533,6 +533,28 @@ START_TEST (dir_readlink_test) {
fail_unless(strcmp(buf, expected_path) == 0, "Expected '%s', got '%s'",
expected_path, buf);
+ /* Now use a relative path that does not start with '.' */
+ memset(buf, '\0', bufsz);
+ dst_path = "file.txt";
+ dst_pathlen = strlen(dst_path);
+ expected_path = "./file.txt";
+ expected_pathlen = strlen(expected_path);
+
+ (void) unlink(path);
+ res = symlink(dst_path, path);
+ fail_unless(res == 0, "Failed to symlink '%s' to '%s': %s", path, dst_path,
+ strerror(errno));
+
+ session.chroot_path = "/tmp";
+ flags = PR_DIR_READLINK_FL_HANDLE_REL_PATH;
+ res = dir_readlink(p, path, buf, bufsz, flags);
+ fail_if(res < 0, "Failed to read '%s' symlink: %s", path, strerror(errno));
+ fail_unless((size_t) res == expected_pathlen,
+ "Expected length %lu, got %d (%s)", (unsigned long) expected_pathlen, res,
+ buf);
+ fail_unless(strcmp(buf, expected_path) == 0, "Expected '%s', got '%s'",
+ expected_path, buf);
+
(void) unlink(misc_test_readlink);
}
END_TEST
diff --git a/tests/t/lib/ProFTPD/Tests/Commands/LIST.pm b/tests/t/lib/ProFTPD/Tests/Commands/LIST.pm
index 5528a2542..63e93691c 100644
--- a/tests/t/lib/ProFTPD/Tests/Commands/LIST.pm
+++ b/tests/t/lib/ProFTPD/Tests/Commands/LIST.pm
@@ -218,6 +218,21 @@ my $TESTS = {
test_class => [qw(bug forking)],
},
+ list_symlink_rel_path_chrooted_bug4322 => {
+ order => ++$order,
+ test_class => [qw(bug forking rootprivs)],
+ },
+
+ list_symlink_rel_path_subdir_chrooted_bug4322 => {
+ order => ++$order,
+ test_class => [qw(bug forking rootprivs)],
+ },
+
+ list_symlink_rel_path_subdir_cwd_chrooted_bug4322 => {
+ order => ++$order,
+ test_class => [qw(bug forking rootprivs)],
+ },
+
# XXX Plenty of other tests needed: params, maxfiles, maxdirs, depth, etc
};
@@ -6205,4 +6220,389 @@ sub list_option_parsing {
unlink($log_file);
}
+sub list_symlink_rel_path_chrooted_bug4322 {
+ my $self = shift;
+ my $tmpdir = $self->{tmpdir};
+ my $setup = test_setup($tmpdir, 'cmds');
+
+ my $dst_path = 'domains/test.oxilion.nl/public_html';
+ my $dst_dir = File::Spec->rel2abs("$tmpdir/$dst_path");
+ mkpath($dst_dir);
+
+ my $cwd = getcwd();
+ unless (chdir("$tmpdir")) {
+ die("Can't chdir to $tmpdir: $!");
+ }
+
+ unless (symlink("./$dst_path", 'public_html')) {
+ die("Can't symlink 'public_html' to './$dst_path': $!");
+ }
+
+ unless (chdir($cwd)) {
+ die("Can't chdir to $cwd: $!");
+ }
+
+ if ($< == 0) {
+ unless (chmod(0755, $dst_dir)) {
+ die("Can't set perms on $dst_dir to 0755: $!");
+ }
+
+ unless (chown($setup->{uid}, $setup->{gid}, $dst_dir)) {
+ die("Can't set owner of $dst_dir to $setup->{uid}/$setup->{gid}: $!");
+ }
+ }
+
+ my $config = {
+ PidFile => $setup->{pid_file},
+ ScoreboardFile => $setup->{scoreboard_file},
+ SystemLog => $setup->{log_file},
+
+ AuthUserFile => $setup->{auth_user_file},
+ AuthGroupFile => $setup->{auth_group_file},
+ DefaultRoot => '~',
+
+ IfModules => {
+ 'mod_delay.c' => {
+ DelayEngine => 'off',
+ },
+ },
+ };
+
+ my ($port, $config_user, $config_group) = config_write($setup->{config_file},
+ $config);
+
+ # Open pipes, for use between the parent and child processes. Specifically,
+ # the child will indicate when it's done with its test by writing a message
+ # to the parent.
+ my ($rfh, $wfh);
+ unless (pipe($rfh, $wfh)) {
+ die("Can't open pipe: $!");
+ }
+
+ my $ex;
+
+ # Fork child
+ $self->handle_sigchld();
+ defined(my $pid = fork()) or die("Can't fork: $!");
+ if ($pid) {
+ eval {
+ my $client = ProFTPD::TestSuite::FTP->new('127.0.0.1', $port);
+ $client->login($setup->{user}, $setup->{passwd});
+
+ my $conn = $client->list_raw();
+ unless ($conn) {
+ die("LIST failed: " . $client->response_code() . " " .
+ $client->response_msg());
+ }
+
+ my $buf;
+ my $res = $conn->read($buf, 8192, 25);
+ eval { $conn->close() };
+
+ my $resp_code = $client->response_code();
+ my $resp_msg = $client->response_msg();
+ $self->assert_transfer_ok($resp_code, $resp_msg);
+
+ if ($ENV{TEST_VERBOSE}) {
+ print STDERR "# LIST:\n$buf\n";
+ }
+
+ $res = {};
+ my $lines = [split(/(\r)?\n/, $buf)];
+ foreach my $line (@$lines) {
+ if ($line =~ /\s+(\S+)$/) {
+ $res->{$1} = 1;
+ }
+ }
+
+ my $list_count = scalar(keys(%$res));
+ my $expected = 8;
+ $self->assert($list_count == $expected,
+ "Expected $expected entries, got $list_count");
+
+ $self->assert($res->{'/domains/test.oxilion.nl/public_html'},
+ "Expected '/domains/test.oxilion.nl/public_html'");
+ $client->quit();
+ };
+ if ($@) {
+ $ex = $@;
+ }
+
+ $wfh->print("done\n");
+ $wfh->flush();
+
+ } else {
+ eval { server_wait($setup->{config_file}, $rfh) };
+ if ($@) {
+ warn($@);
+ exit 1;
+ }
+
+ exit 0;
+ }
+
+ # Stop server
+ server_stop($setup->{pid_file});
+ $self->assert_child_ok($pid);
+
+ test_cleanup($setup->{log_file}, $ex);
+}
+
+sub list_symlink_rel_path_subdir_chrooted_bug4322 {
+ my $self = shift;
+ my $tmpdir = $self->{tmpdir};
+ my $setup = test_setup($tmpdir, 'cmds');
+
+ my $dst_path = 'domains/test.oxilion.nl/public_html';
+ my $dst_dir = File::Spec->rel2abs("$tmpdir/test.d/$dst_path");
+ mkpath($dst_dir);
+
+ my $cwd = getcwd();
+ unless (chdir("$tmpdir/test.d")) {
+ die("Can't chdir to $tmpdir: $!");
+ }
+
+ unless (symlink("./$dst_path", 'public_html')) {
+ die("Can't symlink 'public_html' to './$dst_path': $!");
+ }
+
+ unless (chdir($cwd)) {
+ die("Can't chdir to $cwd: $!");
+ }
+
+ if ($< == 0) {
+ unless (chmod(0755, $dst_dir)) {
+ die("Can't set perms on $dst_dir to 0755: $!");
+ }
+
+ unless (chown($setup->{uid}, $setup->{gid}, $dst_dir)) {
+ die("Can't set owner of $dst_dir to $setup->{uid}/$setup->{gid}: $!");
+ }
+ }
+
+ my $config = {
+ PidFile => $setup->{pid_file},
+ ScoreboardFile => $setup->{scoreboard_file},
+ SystemLog => $setup->{log_file},
+
+ AuthUserFile => $setup->{auth_user_file},
+ AuthGroupFile => $setup->{auth_group_file},
+ DefaultRoot => '~',
+
+ IfModules => {
+ 'mod_delay.c' => {
+ DelayEngine => 'off',
+ },
+ },
+ };
+
+ my ($port, $config_user, $config_group) = config_write($setup->{config_file},
+ $config);
+
+ # Open pipes, for use between the parent and child processes. Specifically,
+ # the child will indicate when it's done with its test by writing a message
+ # to the parent.
+ my ($rfh, $wfh);
+ unless (pipe($rfh, $wfh)) {
+ die("Can't open pipe: $!");
+ }
+
+ my $ex;
+
+ # Fork child
+ $self->handle_sigchld();
+ defined(my $pid = fork()) or die("Can't fork: $!");
+ if ($pid) {
+ eval {
+ my $client = ProFTPD::TestSuite::FTP->new('127.0.0.1', $port);
+ $client->login($setup->{user}, $setup->{passwd});
+
+ my $conn = $client->list_raw('test.d');
+ unless ($conn) {
+ die("LIST test.d failed: " . $client->response_code() . " " .
+ $client->response_msg());
+ }
+
+ my $buf;
+ my $res = $conn->read($buf, 8192, 25);
+ eval { $conn->close() };
+
+ my $resp_code = $client->response_code();
+ my $resp_msg = $client->response_msg();
+ $self->assert_transfer_ok($resp_code, $resp_msg);
+
+ if ($ENV{TEST_VERBOSE}) {
+ print STDERR "# LIST:\n$buf\n";
+ }
+
+ $res = {};
+ my $lines = [split(/(\r)?\n/, $buf)];
+ foreach my $line (@$lines) {
+ if ($line =~ /\s+(\S+)$/) {
+ $res->{$1} = 1;
+ }
+ }
+
+ my $list_count = scalar(keys(%$res));
+ my $expected = 2;
+ $self->assert($list_count == $expected,
+ "Expected $expected entries, got $list_count");
+
+ $self->assert($res->{'/domains/test.oxilion.nl/public_html'},
+ "Expected '/domains/test.oxilion.nl/public_html'");
+ $client->quit();
+ };
+ if ($@) {
+ $ex = $@;
+ }
+
+ $wfh->print("done\n");
+ $wfh->flush();
+
+ } else {
+ eval { server_wait($setup->{config_file}, $rfh) };
+ if ($@) {
+ warn($@);
+ exit 1;
+ }
+
+ exit 0;
+ }
+
+ # Stop server
+ server_stop($setup->{pid_file});
+ $self->assert_child_ok($pid);
+
+ test_cleanup($setup->{log_file}, $ex);
+}
+
+sub list_symlink_rel_path_subdir_cwd_chrooted_bug4322 {
+ my $self = shift;
+ my $tmpdir = $self->{tmpdir};
+ my $setup = test_setup($tmpdir, 'cmds');
+
+ my $dst_path = 'domains/test.oxilion.nl/public_html';
+ my $dst_dir = File::Spec->rel2abs("$tmpdir/test.d/$dst_path");
+ mkpath($dst_dir);
+
+ my $cwd = getcwd();
+ unless (chdir("$tmpdir/test.d")) {
+ die("Can't chdir to $tmpdir: $!");
+ }
+
+ unless (symlink("./$dst_path", 'public_html')) {
+ die("Can't symlink 'public_html' to './$dst_path': $!");
+ }
+
+ unless (chdir($cwd)) {
+ die("Can't chdir to $cwd: $!");
+ }
+
+ if ($< == 0) {
+ unless (chmod(0755, $dst_dir)) {
+ die("Can't set perms on $dst_dir to 0755: $!");
+ }
+
+ unless (chown($setup->{uid}, $setup->{gid}, $dst_dir)) {
+ die("Can't set owner of $dst_dir to $setup->{uid}/$setup->{gid}: $!");
+ }
+ }
+
+ my $config = {
+ PidFile => $setup->{pid_file},
+ ScoreboardFile => $setup->{scoreboard_file},
+ SystemLog => $setup->{log_file},
+
+ AuthUserFile => $setup->{auth_user_file},
+ AuthGroupFile => $setup->{auth_group_file},
+ DefaultRoot => '~',
+
+ IfModules => {
+ 'mod_delay.c' => {
+ DelayEngine => 'off',
+ },
+ },
+ };
+
+ my ($port, $config_user, $config_group) = config_write($setup->{config_file},
+ $config);
+
+ # Open pipes, for use between the parent and child processes. Specifically,
+ # the child will indicate when it's done with its test by writing a message
+ # to the parent.
+ my ($rfh, $wfh);
+ unless (pipe($rfh, $wfh)) {
+ die("Can't open pipe: $!");
+ }
+
+ my $ex;
+
+ # Fork child
+ $self->handle_sigchld();
+ defined(my $pid = fork()) or die("Can't fork: $!");
+ if ($pid) {
+ eval {
+ my $client = ProFTPD::TestSuite::FTP->new('127.0.0.1', $port);
+ $client->login($setup->{user}, $setup->{passwd});
+ $client->cwd('test.d');
+
+ my $conn = $client->list_raw();
+ unless ($conn) {
+ die("LIST failed: " . $client->response_code() . " " .
+ $client->response_msg());
+ }
+
+ my $buf;
+ my $res = $conn->read($buf, 8192, 25);
+ eval { $conn->close() };
+
+ my $resp_code = $client->response_code();
+ my $resp_msg = $client->response_msg();
+ $self->assert_transfer_ok($resp_code, $resp_msg);
+
+ if ($ENV{TEST_VERBOSE}) {
+ print STDERR "# LIST:\n$buf\n";
+ }
+
+ $res = {};
+ my $lines = [split(/(\r)?\n/, $buf)];
+ foreach my $line (@$lines) {
+ if ($line =~ /\s+(\S+)$/) {
+ $res->{$1} = 1;
+ }
+ }
+
+ my $list_count = scalar(keys(%$res));
+ my $expected = 2;
+ $self->assert($list_count == $expected,
+ "Expected $expected entries, got $list_count");
+
+ $self->assert($res->{'/domains/test.oxilion.nl/public_html'},
+ "Expected '/domains/test.oxilion.nl/public_html'");
+ $client->quit();
+ };
+ if ($@) {
+ $ex = $@;
+ }
+
+ $wfh->print("done\n");
+ $wfh->flush();
+
+ } else {
+ eval { server_wait($setup->{config_file}, $rfh) };
+ if ($@) {
+ warn($@);
+ exit 1;
+ }
+
+ exit 0;
+ }
+
+ # Stop server
+ server_stop($setup->{pid_file});
+ $self->assert_child_ok($pid);
+
+ test_cleanup($setup->{log_file}, $ex);
+}
+
1;
diff --git a/tests/t/lib/ProFTPD/Tests/Commands/MLSD.pm b/tests/t/lib/ProFTPD/Tests/Commands/MLSD.pm
index 8c343bbfb..410e5c59a 100644
--- a/tests/t/lib/ProFTPD/Tests/Commands/MLSD.pm
+++ b/tests/t/lib/ProFTPD/Tests/Commands/MLSD.pm
@@ -127,6 +127,21 @@ my $TESTS = {
test_class => [qw(bug forking)],
},
+ mlsd_symlink_rel_path_chrooted_bug4322 => {
+ order => ++$order,
+ test_class => [qw(bug forking rootprivs)],
+ },
+
+ mlsd_symlink_rel_path_subdir_chrooted_bug4322 => {
+ order => ++$order,
+ test_class => [qw(bug forking rootprivs)],
+ },
+
+ mlsd_symlink_rel_path_subdir_cwd_chrooted_bug4322 => {
+ order => ++$order,
+ test_class => [qw(bug forking rootprivs)],
+ },
+
# XXX Plenty of other tests needed: params, maxfiles, maxdirs, depth, etc
};
@@ -625,7 +640,7 @@ sub mlsd_ok_cwd_dir {
# Make sure that the 'type' fact for the current directory is
# "cdir" (Bug#4198).
my $type = $res->{'.'};
- my $expected = 'cdir';
+ $expected = 'cdir';
$self->assert($expected eq $type,
test_msg("Expected type '$expected', got '$type'"));
};
@@ -767,14 +782,14 @@ sub mlsd_ok_other_dir_bug4198 {
# Make sure that the 'type' fact for the current directory is
# "cdir" (Bug#4198).
my $type = $res->{'.'};
- my $expected = 'cdir';
+ $expected = 'cdir';
$self->assert($expected eq $type,
test_msg("Expected type '$expected', got '$type'"));
# Similarly, make sure that the 'type' fact for parent directory
# (by name) is NOT "cdir", but is just "dir" (Bug#4198).
- my $type = $res->{'sub.d'};
- my $expected = 'dir';
+ $type = $res->{'sub.d'};
+ $expected = 'dir';
$self->assert($expected eq $type,
test_msg("Expected type '$expected', got '$type'"));
};
@@ -3150,4 +3165,407 @@ sub mlsd_wide_dir {
test_cleanup($setup->{log_file}, $ex);
}
+sub mlsd_symlink_rel_path_chrooted_bug4322 {
+ my $self = shift;
+ my $tmpdir = $self->{tmpdir};
+ my $setup = test_setup($tmpdir, 'cmds');
+
+ my $dst_path = 'domains/test.oxilion.nl/public_html';
+ my $dst_dir = File::Spec->rel2abs("$tmpdir/$dst_path");
+ mkpath($dst_dir);
+
+ my $cwd = getcwd();
+ unless (chdir("$tmpdir")) {
+ die("Can't chdir to $tmpdir: $!");
+ }
+
+ unless (symlink("./$dst_path", 'public_html')) {
+ die("Can't symlink 'public_html' to './$dst_path': $!");
+ }
+
+ unless (chdir($cwd)) {
+ die("Can't chdir to $cwd: $!");
+ }
+
+ if ($< == 0) {
+ unless (chmod(0755, $dst_dir)) {
+ die("Can't set perms on $dst_dir to 0755: $!");
+ }
+
+ unless (chown($setup->{uid}, $setup->{gid}, $dst_dir)) {
+ die("Can't set owner of $dst_dir to $setup->{uid}/$setup->{gid}: $!");
+ }
+ }
+
+ my $config = {
+ PidFile => $setup->{pid_file},
+ ScoreboardFile => $setup->{scoreboard_file},
+ SystemLog => $setup->{log_file},
+
+ AuthUserFile => $setup->{auth_user_file},
+ AuthGroupFile => $setup->{auth_group_file},
+ ShowSymlinks => 'on',
+ DefaultRoot => '~',
+
+ IfModules => {
+ 'mod_delay.c' => {
+ DelayEngine => 'off',
+ },
+ },
+ };
+
+ my ($port, $config_user, $config_group) = config_write($setup->{config_file},
+ $config);
+
+ # Open pipes, for use between the parent and child processes. Specifically,
+ # the child will indicate when it's done with its test by writing a message
+ # to the parent.
+ my ($rfh, $wfh);
+ unless (pipe($rfh, $wfh)) {
+ die("Can't open pipe: $!");
+ }
+
+ my $ex;
+
+ # Fork child
+ $self->handle_sigchld();
+ defined(my $pid = fork()) or die("Can't fork: $!");
+ if ($pid) {
+ eval {
+ my $client = ProFTPD::TestSuite::FTP->new('127.0.0.1', $port);
+ $client->login($setup->{user}, $setup->{passwd});
+
+ my $conn = $client->mlsd_raw();
+ unless ($conn) {
+ die("MLSD failed: " . $client->response_code() . " " .
+ $client->response_msg());
+ }
+
+ my $buf;
+ $conn->read($buf, 8192, 30);
+ eval { $conn->close() };
+
+ if ($ENV{TEST_VERBOSE}) {
+ print STDERR "# MLSD:\n$buf\n";
+ }
+
+ my $res = {};
+ my $lines = [split(/(\r)?\n/, $buf)];
+
+ foreach my $line (@$lines) {
+ if ($line =~ /^modify=\S+;perm=\S+;type=(\S+);unique=(\S+);UNIX\.group=\d+;UNIX\.groupname=\S+;UNIX\.mode=\d+;UNIX\.owner=\d+;UNIX\.ownername=\S+; (.*?)$/) {
+ $res->{$3} = { type => $1, unique => $2 };
+ }
+ }
+
+ my $count = scalar(keys(%$res));
+ my $expected = 10;
+ unless ($count == $expected) {
+ die("MLSD returned wrong number of entries (expected $expected, got $count)");
+ }
+
+ # public_html is a symlink to domains/test.oxilion.nl/public_html.
+ # According to RFC3659, the unique fact for both of these should thus
+ # be the same, since they are the same underlying object.
+
+ $expected = 'OS.unix=symlink';
+ my $got = $res->{'public_html'}->{type};
+ $self->assert(qr/$expected/i, $got,
+ "Expected type fact '$expected', got '$got'");
+
+ $client->quit();
+ };
+ if ($@) {
+ $ex = $@;
+ }
+
+ $wfh->print("done\n");
+ $wfh->flush();
+
+ } else {
+ eval { server_wait($setup->{config_file}, $rfh) };
+ if ($@) {
+ warn($@);
+ exit 1;
+ }
+
+ exit 0;
+ }
+
+ # Stop server
+ server_stop($setup->{pid_file});
+ $self->assert_child_ok($pid);
+
+ test_cleanup($setup->{log_file}, $ex);
+}
+
+sub mlsd_symlink_rel_path_subdir_chrooted_bug4322 {
+ my $self = shift;
+ my $tmpdir = $self->{tmpdir};
+ my $setup = test_setup($tmpdir, 'cmds');
+
+ my $dst_path = 'domains/test.oxilion.nl/public_html';
+ my $dst_dir = File::Spec->rel2abs("$tmpdir/test.d/$dst_path");
+ mkpath($dst_dir);
+
+ my $cwd = getcwd();
+ unless (chdir("$tmpdir/test.d")) {
+ die("Can't chdir to $tmpdir/test.d: $!");
+ }
+
+ unless (symlink("./$dst_path", 'public_html')) {
+ die("Can't symlink 'public_html' to './$dst_path': $!");
+ }
+
+ unless (chdir($cwd)) {
+ die("Can't chdir to $cwd: $!");
+ }
+
+ if ($< == 0) {
+ unless (chmod(0755, $dst_dir)) {
+ die("Can't set perms on $dst_dir to 0755: $!");
+ }
+
+ unless (chown($setup->{uid}, $setup->{gid}, $dst_dir)) {
+ die("Can't set owner of $dst_dir to $setup->{uid}/$setup->{gid}: $!");
+ }
+ }
+
+ my $config = {
+ PidFile => $setup->{pid_file},
+ ScoreboardFile => $setup->{scoreboard_file},
+ SystemLog => $setup->{log_file},
+
+ AuthUserFile => $setup->{auth_user_file},
+ AuthGroupFile => $setup->{auth_group_file},
+ ShowSymlinks => 'on',
+ DefaultRoot => '~',
+
+ IfModules => {
+ 'mod_delay.c' => {
+ DelayEngine => 'off',
+ },
+ },
+ };
+
+ my ($port, $config_user, $config_group) = config_write($setup->{config_file},
+ $config);
+
+ # Open pipes, for use between the parent and child processes. Specifically,
+ # the child will indicate when it's done with its test by writing a message
+ # to the parent.
+ my ($rfh, $wfh);
+ unless (pipe($rfh, $wfh)) {
+ die("Can't open pipe: $!");
+ }
+
+ my $ex;
+
+ # Fork child
+ $self->handle_sigchld();
+ defined(my $pid = fork()) or die("Can't fork: $!");
+ if ($pid) {
+ eval {
+ my $client = ProFTPD::TestSuite::FTP->new('127.0.0.1', $port);
+ $client->login($setup->{user}, $setup->{passwd});
+
+ my $conn = $client->mlsd_raw('test.d');
+ unless ($conn) {
+ die("MLSD test.d failed: " . $client->response_code() . " " .
+ $client->response_msg());
+ }
+
+ my $buf;
+ $conn->read($buf, 8192, 30);
+ eval { $conn->close() };
+
+ if ($ENV{TEST_VERBOSE}) {
+ print STDERR "# MLSD:\n$buf\n";
+ }
+
+ my $res = {};
+ my $lines = [split(/(\r)?\n/, $buf)];
+
+ foreach my $line (@$lines) {
+ if ($line =~ /^modify=\S+;perm=\S+;type=(\S+);unique=(\S+);UNIX\.group=\d+;UNIX\.groupname=\S+;UNIX\.mode=\d+;UNIX\.owner=\d+;UNIX\.ownername=\S+; (.*?)$/) {
+ $res->{$3} = { type => $1, unique => $2 };
+ }
+ }
+
+ my $count = scalar(keys(%$res));
+ my $expected = 4;
+ unless ($count == $expected) {
+ die("MLSD returned wrong number of entries (expected $expected, got $count)");
+ }
+
+ # public_html is a symlink to domains/test.oxilion.nl/public_html.
+ # According to RFC3659, the unique fact for both of these should thus
+ # be the same, since they are the same underlying object.
+
+ $expected = 'OS.unix=symlink';
+ my $got = $res->{'public_html'}->{type};
+ $self->assert(qr/$expected/i, $got,
+ "Expected type fact '$expected', got '$got'");
+
+ $client->quit();
+ };
+ if ($@) {
+ $ex = $@;
+ }
+
+ $wfh->print("done\n");
+ $wfh->flush();
+
+ } else {
+ eval { server_wait($setup->{config_file}, $rfh) };
+ if ($@) {
+ warn($@);
+ exit 1;
+ }
+
+ exit 0;
+ }
+
+ # Stop server
+ server_stop($setup->{pid_file});
+ $self->assert_child_ok($pid);
+
+ test_cleanup($setup->{log_file}, $ex);
+}
+
+sub mlsd_symlink_rel_path_subdir_cwd_chrooted_bug4322 {
+ my $self = shift;
+ my $tmpdir = $self->{tmpdir};
+ my $setup = test_setup($tmpdir, 'cmds');
+
+ my $dst_path = 'domains/test.oxilion.nl/public_html';
+ my $dst_dir = File::Spec->rel2abs("$tmpdir/test.d/$dst_path");
+ mkpath($dst_dir);
+
+ my $cwd = getcwd();
+ unless (chdir("$tmpdir/test.d")) {
+ die("Can't chdir to $tmpdir/test.d: $!");
+ }
+
+ unless (symlink("./$dst_path", 'public_html')) {
+ die("Can't symlink 'public_html' to './$dst_path': $!");
+ }
+
+ unless (chdir($cwd)) {
+ die("Can't chdir to $cwd: $!");
+ }
+
+ if ($< == 0) {
+ unless (chmod(0755, $dst_dir)) {
+ die("Can't set perms on $dst_dir to 0755: $!");
+ }
+
+ unless (chown($setup->{uid}, $setup->{gid}, $dst_dir)) {
+ die("Can't set owner of $dst_dir to $setup->{uid}/$setup->{gid}: $!");
+ }
+ }
+
+ my $config = {
+ PidFile => $setup->{pid_file},
+ ScoreboardFile => $setup->{scoreboard_file},
+ SystemLog => $setup->{log_file},
+
+ AuthUserFile => $setup->{auth_user_file},
+ AuthGroupFile => $setup->{auth_group_file},
+ ShowSymlinks => 'on',
+ DefaultRoot => '~',
+
+ IfModules => {
+ 'mod_delay.c' => {
+ DelayEngine => 'off',
+ },
+ },
+ };
+
+ my ($port, $config_user, $config_group) = config_write($setup->{config_file},
+ $config);
+
+ # Open pipes, for use between the parent and child processes. Specifically,
+ # the child will indicate when it's done with its test by writing a message
+ # to the parent.
+ my ($rfh, $wfh);
+ unless (pipe($rfh, $wfh)) {
+ die("Can't open pipe: $!");
+ }
+
+ my $ex;
+
+ # Fork child
+ $self->handle_sigchld();
+ defined(my $pid = fork()) or die("Can't fork: $!");
+ if ($pid) {
+ eval {
+ my $client = ProFTPD::TestSuite::FTP->new('127.0.0.1', $port);
+ $client->login($setup->{user}, $setup->{passwd});
+ $client->cwd('test.d');
+
+ my $conn = $client->mlsd_raw();
+ unless ($conn) {
+ die("MLSD failed: " . $client->response_code() . " " .
+ $client->response_msg());
+ }
+
+ my $buf;
+ $conn->read($buf, 8192, 30);
+ eval { $conn->close() };
+
+ if ($ENV{TEST_VERBOSE}) {
+ print STDERR "# MLSD:\n$buf\n";
+ }
+
+ my $res = {};
+ my $lines = [split(/(\r)?\n/, $buf)];
+
+ foreach my $line (@$lines) {
+ if ($line =~ /^modify=\S+;perm=\S+;type=(\S+);unique=(\S+);UNIX\.group=\d+;UNIX\.groupname=\S+;UNIX\.mode=\d+;UNIX\.owner=\d+;UNIX\.ownername=\S+; (.*?)$/) {
+ $res->{$3} = { type => $1, unique => $2 };
+ }
+ }
+
+ my $count = scalar(keys(%$res));
+ my $expected = 4;
+ unless ($count == $expected) {
+ die("MLSD returned wrong number of entries (expected $expected, got $count)");
+ }
+
+ # public_html is a symlink to domains/test.oxilion.nl/public_html.
+ # According to RFC3659, the unique fact for both of these should thus
+ # be the same, since they are the same underlying object.
+
+ $expected = 'OS.unix=symlink';
+ my $got = $res->{'public_html'}->{type};
+ $self->assert(qr/$expected/i, $got,
+ "Expected type fact '$expected', got '$got'");
+
+ $client->quit();
+ };
+ if ($@) {
+ $ex = $@;
+ }
+
+ $wfh->print("done\n");
+ $wfh->flush();
+
+ } else {
+ eval { server_wait($setup->{config_file}, $rfh) };
+ if ($@) {
+ warn($@);
+ exit 1;
+ }
+
+ exit 0;
+ }
+
+ # Stop server
+ server_stop($setup->{pid_file});
+ $self->assert_child_ok($pid);
+
+ test_cleanup($setup->{log_file}, $ex);
+}
+
1;

11
services/custombuild/patches/pure-ftpd-logjam.patch Normal file
View File

@@ -0,0 +1,11 @@
--- src/tls.c.orig 2019-04-02 14:00:40.000000000 +0000
+++ src/tls.c 2019-04-28 21:41:25.684814865 +0000
@@ -138,7 +138,7 @@
SSL_CTX_ctrl(tls_ctx, SSL_CTRL_SET_ECDH_AUTO, 1, NULL);
return 0;
#else
-# ifndef SSL_OP_SINGLE_ECDH_USE
+# if !defined(SSL_OP_SINGLE_ECDH_USE) || !defined(EC_KEY)
errno = ENOTSUP;
return -1;
# else

11
services/custombuild/patches/pure-ftpd-logjam.patch.1.0 Normal file
View File

@@ -0,0 +1,11 @@
--- src/tls.c.orig 2015-05-27 00:16:48.000000000 -0600
+++ src/tls.c 2015-05-27 00:23:53.000000000 -0600
@@ -48,7 +48,7 @@
static int tls_init_ecdh_curve(void)
{
-# ifndef SSL_OP_SINGLE_ECDH_USE
+# if !defined(SSL_OP_SINGLE_ECDH_USE) || !defined(EC_KEY)
errno = ENOTSUP;
return -1;
# else

11
services/custombuild/patches/pure-ftpd-logjam.patch.1.1 Normal file
View File

@@ -0,0 +1,11 @@
--- src/tls.c.orig 2019-04-02 14:00:40.000000000 +0000
+++ src/tls.c 2019-04-28 21:41:25.684814865 +0000
@@ -138,7 +138,7 @@
SSL_CTX_ctrl(tls_ctx, SSL_CTRL_SET_ECDH_AUTO, 1, NULL);
return 0;
#else
-# ifndef SSL_OP_SINGLE_ECDH_USE
+# if !defined(SSL_OP_SINGLE_ECDH_USE) || !defined(EC_KEY)
errno = ENOTSUP;
return -1;
# else

15
services/custombuild/patches/sdbm_private.patch Normal file
View File

@@ -0,0 +1,15 @@
--- dbm/sdbm/sdbm_private.h.orig 2014-12-15 17:57:23.592996229 -0700
+++ dbm/sdbm/sdbm_private.h 2014-12-15 17:58:11.127996437 -0700
@@ -34,9 +34,9 @@
#define PBLKSIZ 8192
#define PAIRMAX 8008 /* arbitrary on PBLKSIZ-N */
#else
-#define DBLKSIZ 4096
-#define PBLKSIZ 1024
-#define PAIRMAX 1008 /* arbitrary on PBLKSIZ-N */
+#define DBLKSIZ 16384
+#define PBLKSIZ 8192
+#define PAIRMAX 10080 /* arbitrary on PBLKSIZ-N */
#endif
#define SPLTMAX 10 /* maximum allowed splits */

11
services/custombuild/patches/spamc-configure-version-h.patch Normal file
View File

@@ -0,0 +1,11 @@
--- spamc/configure.pl.orig 2017-09-04 17:15:34.577682508 -0600
+++ spamc/configure.pl 2017-09-04 17:15:49.952822059 -0600
@@ -66,7 +66,7 @@
# Do the same thing as for the preprocessor below.
package version_h;
my $Z = $0;
- local $0 = "version.h.pl";
+ local $0 = "./version.h.pl";
local @ARGV = ();
# Got to check for defined because the script returns shell error level!
unless (defined do $0) {

112
services/custombuild/patches/suexec-safe.1.patch Normal file
View File

@@ -0,0 +1,112 @@
diff -up httpd-2.2.15/configure.in.suexec-safe httpd-2.2.15/configure.in
--- httpd-2.2.15/configure.in.suexec-safe 2012-01-23 15:45:50.000000000 +0200
+++ httpd-2.2.15/configure.in 2012-01-23 15:58:30.863352802 +0200
@@ -605,6 +605,10 @@ AC_ARG_WITH(suexec-umask,
APACHE_HELP_STRING(--with-suexec-umask,umask for suexec'd process),[
AC_DEFINE_UNQUOTED(AP_SUEXEC_UMASK, 0$withval, [umask for suexec'd process] ) ] )
+AC_ARG_WITH(suexec-safedir,
+APACHE_HELP_STRING(--with-suexec-safedir,Set safe dir),[
+ AC_DEFINE_UNQUOTED(AP_SAFE_DIRECTORY, "$withval", [safe dir] ) ] )
+
dnl APR should go after the other libs, so the right symbols can be picked up
apulinklibs="`$apu_config --link-libtool`"
AP_LIBS="$AP_LIBS $apulinklibs `$apr_config --link-libtool`"
diff -up httpd-2.2.15/support/suexec.c.suexec-safe httpd-2.2.15/support/suexec.c
--- httpd-2.2.15/support/suexec.c.suexec-safe 2012-01-23 15:45:50.179188786 +0200
+++ httpd-2.2.15/support/suexec.c 2012-01-23 15:45:50.184187935 +0200
@@ -319,6 +319,9 @@ int main(int argc, char *argv[])
#ifdef AP_USERDIR_SUFFIX
fprintf(stderr, " -D AP_USERDIR_SUFFIX=\"%s\"\n", AP_USERDIR_SUFFIX);
#endif
+#ifdef AP_SAFE_DIRECTORY
+ fprintf(stderr, " -D AP_SAFE_DIRECTORY=\"%s\"\n", AP_SAFE_DIRECTORY);
+#endif
exit(0);
}
/*
@@ -512,11 +515,32 @@ int main(int argc, char *argv[])
* Use chdir()s and getcwd()s to avoid problems with symlinked
* directories. Yuck.
*/
+
if (getcwd(cwd, AP_MAXPATH) == NULL) {
log_err("cannot get current working directory\n");
exit(111);
}
+ /* Check for safe directory existence */
+#ifdef AP_SAFE_DIRECTORY
+ char safe_dr[AP_MAXPATH];
+ int is_safe_dir_present = 0;
+ struct stat safe_dir_info;
+ if (((lstat(AP_SAFE_DIRECTORY, &safe_dir_info)) == 0) && (S_ISDIR(safe_dir_info.st_mode))) {
+ is_safe_dir_present = 1;
+ }
+
+ if(is_safe_dir_present){
+ if (((chdir(AP_SAFE_DIRECTORY)) != 0) ||
+ ((getcwd(safe_dr, AP_MAXPATH)) == NULL) ||
+ ((chdir(cwd)) != 0)) {
+ log_err("cannot get safe directory information (%s)\n", AP_SAFE_DIRECTORY);
+ exit(200);
+ }
+ }
+#endif
+
+
if (userdir) {
if (((chdir(target_homedir)) != 0) ||
((chdir(AP_USERDIR_SUFFIX)) != 0) ||
@@ -535,10 +559,28 @@ int main(int argc, char *argv[])
}
}
- if ((strncmp(cwd, dwd, strlen(dwd))) != 0) {
- log_err("command not in docroot (%s/%s)\n", cwd, cmd);
- exit(114);
+#ifdef AP_SAFE_DIRECTORY
+ int safe_work = 0;
+ if(is_safe_dir_present){
+ if ((strncmp(cwd, safe_dr, strlen(safe_dr))) != 0){
+ if ((strncmp(cwd, dwd, strlen(dwd))) != 0) {
+ log_err("command not in docroot (%s/%s)\n", cwd, cmd);
+ exit(114);
+ }
+ } else {
+ safe_work = 1;
+ }
+ } else {
+#endif
+ if ((strncmp(cwd, dwd, strlen(dwd))) != 0) {
+ log_err("command not in docroot (%s/%s)\n", cwd, cmd);
+ exit(114);
+ }
+#ifdef AP_SAFE_DIRECTORY
}
+#endif
+
+
/*
* Stat the cwd and verify it is a directory, or error out.
@@ -584,6 +626,9 @@ int main(int argc, char *argv[])
* Error out if the target name/group is different from
* the name/group of the cwd or the program.
*/
+#ifdef AP_SAFE_DIRECTORY
+ if (!safe_work){
+#endif
if ((uid != dir_info.st_uid) ||
(gid != dir_info.st_gid) ||
(uid != prg_info.st_uid) ||
@@ -595,6 +640,9 @@ int main(int argc, char *argv[])
prg_info.st_uid, prg_info.st_gid);
exit(120);
}
+#ifdef AP_SAFE_DIRECTORY
+ }
+#endif
/*
* Error out if the program is not executable for the user.
* Otherwise, she won't find any error in the logs except for

113
services/custombuild/patches/suexec-safe.2.patch Normal file
View File

@@ -0,0 +1,113 @@
diff -rupN httpd-2.4.6.orig/configure.in httpd-2.4.6/configure.in
--- httpd-2.4.6.orig/configure.in 2013-06-26 07:01:00.000000000 -0600
+++ httpd-2.4.6/configure.in 2013-08-07 01:48:05.000000000 -0600
@@ -740,6 +740,10 @@ AC_ARG_WITH(suexec-umask,
APACHE_HELP_STRING(--with-suexec-umask,umask for suexec'd process),[
AC_DEFINE_UNQUOTED(AP_SUEXEC_UMASK, 0$withval, [umask for suexec'd process] ) ] )
+AC_ARG_WITH(suexec-safedir,
+APACHE_HELP_STRING(--with-suexec-safedir,Set safe dir),[
+ AC_DEFINE_UNQUOTED(AP_SAFE_DIRECTORY, "$withval", [safe dir] ) ] )
+
dnl APR should go after the other libs, so the right symbols can be picked up
if test x${apu_found} != xobsolete; then
AP_LIBS="$AP_LIBS `$apu_config --avoid-ldap --link-libtool --libs`"
Files httpd-2.4.6.orig/patched.tar.gz and httpd-2.4.6/patched.tar.gz differ
diff -rupN httpd-2.4.6.orig/support/suexec.c httpd-2.4.6/support/suexec.c
--- httpd-2.4.6.orig/support/suexec.c 2013-03-11 10:38:39.000000000 -0600
+++ httpd-2.4.6/support/suexec.c 2013-08-07 01:48:05.000000000 -0600
@@ -314,6 +314,9 @@ int main(int argc, char *argv[])
#ifdef AP_USERDIR_SUFFIX
fprintf(stderr, " -D AP_USERDIR_SUFFIX=\"%s\"\n", AP_USERDIR_SUFFIX);
#endif
+#ifdef AP_SAFE_DIRECTORY
+ fprintf(stderr, " -D AP_SAFE_DIRECTORY=\"%s\"\n", AP_SAFE_DIRECTORY);
+#endif
exit(0);
}
/*
@@ -497,11 +500,32 @@ int main(int argc, char *argv[])
* Use chdir()s and getcwd()s to avoid problems with symlinked
* directories. Yuck.
*/
+
if (getcwd(cwd, AP_MAXPATH) == NULL) {
log_err("cannot get current working directory\n");
exit(111);
}
+ /* Check for safe directory existence */
+#ifdef AP_SAFE_DIRECTORY
+ char safe_dr[AP_MAXPATH];
+ int is_safe_dir_present = 0;
+ struct stat safe_dir_info;
+ if (((lstat(AP_SAFE_DIRECTORY, &safe_dir_info)) == 0) && (S_ISDIR(safe_dir_info.st_mode))) {
+ is_safe_dir_present = 1;
+ }
+
+ if(is_safe_dir_present){
+ if (((chdir(AP_SAFE_DIRECTORY)) != 0) ||
+ ((getcwd(safe_dr, AP_MAXPATH)) == NULL) ||
+ ((chdir(cwd)) != 0)) {
+ log_err("cannot get safe directory information (%s)\n", AP_SAFE_DIRECTORY);
+ exit(200);
+ }
+ }
+#endif
+
+
if (userdir) {
if (((chdir(target_homedir)) != 0) ||
((chdir(AP_USERDIR_SUFFIX)) != 0) ||
@@ -520,10 +544,28 @@ int main(int argc, char *argv[])
}
}
- if ((strncmp(cwd, dwd, strlen(dwd))) != 0) {
- log_err("command not in docroot (%s/%s)\n", cwd, cmd);
- exit(114);
+#ifdef AP_SAFE_DIRECTORY
+ int safe_work = 0;
+ if(is_safe_dir_present){
+ if ((strncmp(cwd, safe_dr, strlen(safe_dr))) != 0){
+ if ((strncmp(cwd, dwd, strlen(dwd))) != 0) {
+ log_err("command not in docroot (%s/%s)\n", cwd, cmd);
+ exit(114);
+ }
+ } else {
+ safe_work = 1;
+ }
+ } else {
+#endif
+ if ((strncmp(cwd, dwd, strlen(dwd))) != 0) {
+ log_err("command not in docroot (%s/%s)\n", cwd, cmd);
+ exit(114);
+ }
+#ifdef AP_SAFE_DIRECTORY
}
+#endif
+
+
/*
* Stat the cwd and verify it is a directory, or error out.
@@ -569,6 +611,9 @@ int main(int argc, char *argv[])
* Error out if the target name/group is different from
* the name/group of the cwd or the program.
*/
+#ifdef AP_SAFE_DIRECTORY
+ if (!safe_work){
+#endif
if ((uid != dir_info.st_uid) ||
(gid != dir_info.st_gid) ||
(uid != prg_info.st_uid) ||
@@ -580,6 +625,9 @@ int main(int argc, char *argv[])
(unsigned long)prg_info.st_uid, (unsigned long)prg_info.st_gid);
exit(120);
}
+#ifdef AP_SAFE_DIRECTORY
+ }
+#endif
/*
* Error out if the program is not executable for the user.
* Otherwise, she won't find any error in the logs except for

113
services/custombuild/patches/suexec-safe.patch Normal file
View File

@@ -0,0 +1,113 @@
diff -rupN httpd-2.4.6.orig/configure.in httpd-2.4.6/configure.in
--- httpd-2.4.6.orig/configure.in 2013-06-26 07:01:00.000000000 -0600
+++ httpd-2.4.6/configure.in 2013-08-07 01:48:05.000000000 -0600
@@ -740,6 +740,10 @@ AC_ARG_WITH(suexec-umask,
APACHE_HELP_STRING(--with-suexec-umask,umask for suexec'd process),[
AC_DEFINE_UNQUOTED(AP_SUEXEC_UMASK, 0$withval, [umask for suexec'd process] ) ] )
+AC_ARG_WITH(suexec-safedir,
+APACHE_HELP_STRING(--with-suexec-safedir,Set safe dir),[
+ AC_DEFINE_UNQUOTED(AP_SAFE_DIRECTORY, "$withval", [safe dir] ) ] )
+
dnl APR should go after the other libs, so the right symbols can be picked up
if test x${apu_found} != xobsolete; then
AP_LIBS="$AP_LIBS `$apu_config --avoid-ldap --link-libtool --libs`"
Files httpd-2.4.6.orig/patched.tar.gz and httpd-2.4.6/patched.tar.gz differ
diff -rupN httpd-2.4.6.orig/support/suexec.c httpd-2.4.6/support/suexec.c
--- httpd-2.4.6.orig/support/suexec.c 2013-03-11 10:38:39.000000000 -0600
+++ httpd-2.4.6/support/suexec.c 2013-08-07 01:48:05.000000000 -0600
@@ -314,6 +314,9 @@ int main(int argc, char *argv[])
#ifdef AP_USERDIR_SUFFIX
fprintf(stderr, " -D AP_USERDIR_SUFFIX=\"%s\"\n", AP_USERDIR_SUFFIX);
#endif
+#ifdef AP_SAFE_DIRECTORY
+ fprintf(stderr, " -D AP_SAFE_DIRECTORY=\"%s\"\n", AP_SAFE_DIRECTORY);
+#endif
exit(0);
}
/*
@@ -497,11 +500,32 @@ int main(int argc, char *argv[])
* Use chdir()s and getcwd()s to avoid problems with symlinked
* directories. Yuck.
*/
+
if (getcwd(cwd, AP_MAXPATH) == NULL) {
log_err("cannot get current working directory\n");
exit(111);
}
+ /* Check for safe directory existence */
+#ifdef AP_SAFE_DIRECTORY
+ char safe_dr[AP_MAXPATH];
+ int is_safe_dir_present = 0;
+ struct stat safe_dir_info;
+ if (((lstat(AP_SAFE_DIRECTORY, &safe_dir_info)) == 0) && (S_ISDIR(safe_dir_info.st_mode))) {
+ is_safe_dir_present = 1;
+ }
+
+ if(is_safe_dir_present){
+ if (((chdir(AP_SAFE_DIRECTORY)) != 0) ||
+ ((getcwd(safe_dr, AP_MAXPATH)) == NULL) ||
+ ((chdir(cwd)) != 0)) {
+ log_err("cannot get safe directory information (%s)\n", AP_SAFE_DIRECTORY);
+ exit(200);
+ }
+ }
+#endif
+
+
if (userdir) {
if (((chdir(target_homedir)) != 0) ||
((chdir(AP_USERDIR_SUFFIX)) != 0) ||
@@ -520,10 +544,28 @@ int main(int argc, char *argv[])
}
}
- if ((strncmp(cwd, dwd, strlen(dwd))) != 0) {
- log_err("command not in docroot (%s/%s)\n", cwd, cmd);
- exit(114);
+#ifdef AP_SAFE_DIRECTORY
+ int safe_work = 0;
+ if(is_safe_dir_present){
+ if ((strncmp(cwd, safe_dr, strlen(safe_dr))) != 0){
+ if ((strncmp(cwd, dwd, strlen(dwd))) != 0) {
+ log_err("command not in docroot (%s/%s)\n", cwd, cmd);
+ exit(114);
+ }
+ } else {
+ safe_work = 1;
+ }
+ } else {
+#endif
+ if ((strncmp(cwd, dwd, strlen(dwd))) != 0) {
+ log_err("command not in docroot (%s/%s)\n", cwd, cmd);
+ exit(114);
+ }
+#ifdef AP_SAFE_DIRECTORY
}
+#endif
+
+
/*
* Stat the cwd and verify it is a directory, or error out.
@@ -569,6 +611,9 @@ int main(int argc, char *argv[])
* Error out if the target name/group is different from
* the name/group of the cwd or the program.
*/
+#ifdef AP_SAFE_DIRECTORY
+ if (!safe_work){
+#endif
if ((uid != dir_info.st_uid) ||
(gid != dir_info.st_gid) ||
(uid != prg_info.st_uid) ||
@@ -580,6 +625,9 @@ int main(int argc, char *argv[])
(unsigned long)prg_info.st_uid, (unsigned long)prg_info.st_gid);
exit(120);
}
+#ifdef AP_SAFE_DIRECTORY
+ }
+#endif
/*
* Error out if the program is not executable for the user.
* Otherwise, she won't find any error in the logs except for

47
services/custombuild/patches/suphp_attachment.diff Normal file
View File

@@ -0,0 +1,47 @@
diff -u --recursive suphp-0.7.1/configure.ac suphp-0.7.1-fixed/configure.ac
--- suphp-0.7.1/configure.ac 2009-03-14 13:58:11.000000000 -0400
+++ suphp-0.7.1-fixed/configure.ac 2012-03-27 00:22:45.282086238 -0400
@@ -241,7 +241,7 @@
# Conditionally include UserGroup support
AM_CONDITIONAL([COND_APUSERGROUP], [test \( x"$SETID_MODE" = xparanoid \) -o \( x"$SETID_MODE" = xforce \) ])
-AC_CONFIG_FILES([Makefile src/Makefile src/apache/Makefile src/apache2/Makefile])
+AC_CONFIG_FILES([Makefile src/Makefile src/apache2/Makefile])
AC_OUTPUT
if test "$APXS" = "/notfound/"; then
diff -u --recursive suphp-0.7.1/src/Makefile.am suphp-0.7.1-fixed/src/Makefile.am
--- suphp-0.7.1/src/Makefile.am 2008-03-29 09:02:36.000000000 -0400
+++ suphp-0.7.1-fixed/src/Makefile.am 2012-03-27 00:23:10.262087138 -0400
@@ -1,13 +1,10 @@
AM_CXXFLAGS=-DOPT_CONFIGFILE=\"${sysconfdir}/suphp.conf\"
-if COND_AP13
- MAYBE_AP = apache
-endif
if COND_AP20
MAYBE_AP = apache2
endif
-SUBDIRS = $(MAYBE_AP)
-DIST_SUBDIRS = apache apache2
+SUBDIRS = apache2
+DIST_SUBDIRS = apache2
sbin_PROGRAMS = suphp
diff -u --recursive suphp-0.7.1/src/Makefile.in suphp-0.7.1-fixed/src/Makefile.in
--- suphp-0.7.1/src/Makefile.in 2009-03-14 14:08:17.000000000 -0400
+++ suphp-0.7.1-fixed/src/Makefile.in 2012-03-27 00:22:58.958086739 -0400
@@ -214,10 +214,9 @@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
AM_CXXFLAGS = -DOPT_CONFIGFILE=\"${sysconfdir}/suphp.conf\"
-@COND_AP13_TRUE@MAYBE_AP = apache
@COND_AP20_TRUE@MAYBE_AP = apache2
-SUBDIRS = $(MAYBE_AP)
-DIST_SUBDIRS = apache apache2
+SUBDIRS = apache2
+DIST_SUBDIRS = apache2
suphp_SOURCES = API.cpp API.hpp API_Helper.cpp API_Helper.hpp API_Linux.cpp API_Linux.hpp API_Linux_Logger.cpp API_Linux_Logger.hpp Application.cpp Application.hpp CommandLine.cpp CommandLine.hpp Configuration.cpp Configuration.hpp Environment.cpp Environment.hpp Exception.cpp Exception.hpp File.cpp File.hpp GroupInfo.cpp GroupInfo.hpp IOException.cpp IOException.hpp IniFile.cpp IniFile.hpp IniSection.cpp IniSection.hpp KeyNotFoundException.cpp KeyNotFoundException.hpp Logger.cpp Logger.hpp LookupException.cpp LookupException.hpp OutOfRangeException.cpp OutOfRangeException.hpp PathMatcher.hpp PathMatcher.cpp ParsingException.cpp ParsingException.hpp PointerException.cpp PointerException.hpp SecurityException.cpp SecurityException.hpp SmartPtr.hpp SoftException.cpp SoftException.hpp SystemException.cpp SystemException.hpp UserInfo.cpp UserInfo.hpp Util.cpp Util.hpp
all: config.h
$(MAKE) $(AM_MAKEFLAGS) all-recursive

23
services/custombuild/patches/suphp_attachment.patch Normal file
View File

@@ -0,0 +1,23 @@
diff -Nru a/src/apache2/mod_suphp.c b/src/apache2/mod_suphp.c
--- a/src/apache2/mod_suphp.c 2009-08-03 14:38:38.000000000 +0000
+++ b/src/apache2/mod_suphp.c 2012-09-06 21:36:51.290474099 +0000
@@ -523,17 +523,8 @@
static void suphp_discard_output(apr_bucket_brigade *bb) {
apr_bucket *b;
- const char *buf;
- apr_size_t len;
- apr_status_t rv;
- for (b = APR_BRIGADE_FIRST(bb); b != APR_BRIGADE_SENTINEL(bb); b = APR_BUCKET_NEXT(b)) {
- if (APR_BUCKET_IS_EOS(b)) {
- break;
- }
- rv = apr_bucket_read(b, &buf, &len, APR_BLOCK_READ);
- if (rv != APR_SUCCESS) {
- break;
- }
+ while ((b = APR_BRIGADE_FIRST(bb)) != APR_BRIGADE_SENTINEL(bb)) {
+ APR_BUCKET_REMOVE(b);
}
}

28
services/custombuild/patches/suphp_calling_user.patch Normal file
View File

@@ -0,0 +1,28 @@
--- a/src/Application.cpp 2009-03-14 19:55:25.000000000 +0200
+++ b/src/Application.cpp 2011-01-25 14:55:25.000000000 +0300
@@ -169,11 +169,6 @@ void suPHP::Application::printAboutMessa
void suPHP::Application::checkProcessPermissions(Configuration& config)
throw (SecurityException, LookupException) {
API& api = API_Helper::getSystemAPI();
- if (api.getRealProcessUser() !=
- api.getUserInfo(config.getWebserverUser())) {
- throw SecurityException("Calling user is not webserver user!",
- __FILE__, __LINE__);
- }
if (!api.getEffectiveProcessUser().isSuperUser()) {
throw SecurityException(
@@ -392,6 +387,13 @@ void suPHP::Application::checkProcessPer
targetGroup = scriptFile.getGroup();
#endif // OPT_USERGROUP_OWNER
+ if (api.getRealProcessUser() !=
+ api.getUserInfo(config.getWebserverUser()) &&
+ api.getRealProcessUser() != targetUser) {
+ throw SecurityException("Calling user is not webserver user!",
+ __FILE__, __LINE__);
+ }
+
// Paranoid mode only
#ifdef OPT_USERGROUP_PARANOID

10
services/custombuild/patches/suphp_script_name.patch Normal file
View File

@@ -0,0 +1,10 @@
--- a/src/Application.cpp 2012-10-26 02:03:17.813538136 -0600
+++ b/src/Application.cpp 2012-10-26 02:09:30.747843504 -0600
@@ -526,6 +526,7 @@
std::string interpreterPath = interpreter.substr(4);
CommandLine cline;
cline.putArgument(interpreterPath);
+ cline.putArgument(scriptFilename);
API_Helper::getSystemAPI().execute(interpreterPath, cline, env);
} else if (mode == TARGETMODE_SELFEXECUTE) {
CommandLine cline;

27
services/custombuild/patches/unit_cgroup.patch Normal file
View File

@@ -0,0 +1,27 @@
--- ./src/nxt_process.c_original 2021-02-04 17:22:33.000000000 +0200
+++ ./src/nxt_process.c 2021-02-28 15:46:34.595278821 +0200
@@ -76,6 +76,24 @@
/* Clean inherited cached thread tid. */
task->thread->tid = 0;
+ char user_slice[128];
+ snprintf(user_slice, sizeof(user_slice), "/sys/fs/cgroup/user.slice/user-%d.slice", process->user_cred->uid);
+ if (mkdir(user_slice, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH) == 0 || errno == EEXIST) {
+ strcat(user_slice, "/unit-exec.scope");
+ if (mkdir(user_slice, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH) == 0 || errno == EEXIST) {
+ strcat(user_slice, "/cgroup.procs");
+ FILE *fp = fopen(user_slice, "a");
+ if (fp == NULL) {
+ nxt_alert(task, "Error opening %s for writing: %s", user_slice, strerror(errno));
+ } else {
+ nxt_debug(task, "cgroupv2 user-slice %s, %s: %PI", user_slice, process->name, process->pid);
+ fprintf(fp, "%d\n", (int) process->pid);
+ fclose(fp);
+ }
+ }
+ }
+
+
#if (NXT_HAVE_CLONE && NXT_HAVE_CLONE_NEWPID)
if (nxt_is_clone_flag_set(process->isolation.clone.flags, NEWPID)) {
ssize_t pidsz;

68
services/custombuild/php-fpm.conf.53 Normal file
View File

@@ -0,0 +1,68 @@
[global]
error_log = log/php-fpm.log
; syslog_facility is used to specify what type of program is logging the
; message. This lets syslogd specify that messages from different facilities
; will be handled differently.
; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON)
; Default Value: daemon
;syslog.facility = daemon
; syslog_ident is prepended to every message. If you have multiple FPM
; instances running on the same server, you can change the default value
; which must suit common needs.
; Default Value: php-fpm
;syslog.ident = php-fpm
; Log level
; Possible Values: alert, error, warning, notice, debug
; Default Value: notice
log_level = notice
;;;;;;;;;;;;;;;;;;;;
; Pool Definitions ;
;;;;;;;;;;;;;;;;;;;;
[webapps]
user = $pool
group = $pool
listen = /usr/local/php53/sockets/$pool.sock
listen.owner = $pool
listen.group = apache
listen.mode = 660
pm = ondemand
pm.max_children = 10
pm.process_idle_timeout = 60
pm.max_requests = 1000
;pm.status_path = /status
;ping.path = /ping
;ping.response = pong
;access.log = log/$pool.access.log
;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
;slowlog = log/$pool.log.slow
;request_slowlog_timeout = 0
;request_terminate_timeout = 30s
security.limit_extensions = .php .php5 .php53 .inc .phtml
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp
;php_flag[display_errors] = off
;php_admin_value[error_log] = /var/log/fpm-php.www.log
;php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 32M
;php_admin_value[open_basedir] = /tmp:/var/tmp:/var/www/html:/usr/local/php53/lib/php
; Load all DA User configs
include=/usr/local/directadmin/data/users/*/php/php-fpm53.conf

68
services/custombuild/php-fpm.conf.54 Normal file
View File

@@ -0,0 +1,68 @@
[global]
error_log = log/php-fpm.log
; syslog_facility is used to specify what type of program is logging the
; message. This lets syslogd specify that messages from different facilities
; will be handled differently.
; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON)
; Default Value: daemon
;syslog.facility = daemon
; syslog_ident is prepended to every message. If you have multiple FPM
; instances running on the same server, you can change the default value
; which must suit common needs.
; Default Value: php-fpm
;syslog.ident = php-fpm
; Log level
; Possible Values: alert, error, warning, notice, debug
; Default Value: notice
log_level = notice
;;;;;;;;;;;;;;;;;;;;
; Pool Definitions ;
;;;;;;;;;;;;;;;;;;;;
[webapps]
user = $pool
group = $pool
listen = /usr/local/php54/sockets/$pool.sock
listen.owner = $pool
listen.group = apache
listen.mode = 660
pm = ondemand
pm.max_children = 10
pm.process_idle_timeout = 60
pm.max_requests = 1000
;pm.status_path = /status
;ping.path = /ping
;ping.response = pong
;access.log = log/$pool.access.log
;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
;slowlog = log/$pool.log.slow
;request_slowlog_timeout = 0
;request_terminate_timeout = 30s
security.limit_extensions = .php .php5 .php54 .inc .phtml
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp
;php_flag[display_errors] = off
;php_admin_value[error_log] = /var/log/fpm-php.www.log
;php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 32M
;php_admin_value[open_basedir] = /tmp:/var/tmp:/var/www/html:/usr/local/php54/lib/php
; Load all DA User configs
include=/usr/local/directadmin/data/users/*/php/php-fpm54.conf

68
services/custombuild/php-fpm.conf.55 Normal file
View File

@@ -0,0 +1,68 @@
[global]
error_log = log/php-fpm.log
; syslog_facility is used to specify what type of program is logging the
; message. This lets syslogd specify that messages from different facilities
; will be handled differently.
; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON)
; Default Value: daemon
;syslog.facility = daemon
; syslog_ident is prepended to every message. If you have multiple FPM
; instances running on the same server, you can change the default value
; which must suit common needs.
; Default Value: php-fpm
;syslog.ident = php-fpm
; Log level
; Possible Values: alert, error, warning, notice, debug
; Default Value: notice
log_level = notice
;;;;;;;;;;;;;;;;;;;;
; Pool Definitions ;
;;;;;;;;;;;;;;;;;;;;
[webapps]
user = $pool
group = $pool
listen = /usr/local/php55/sockets/$pool.sock
listen.owner = $pool
listen.group = apache
listen.mode = 660
pm = ondemand
pm.max_children = 10
pm.process_idle_timeout = 60
pm.max_requests = 1000
;pm.status_path = /status
;ping.path = /ping
;ping.response = pong
;access.log = log/$pool.access.log
;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
;slowlog = log/$pool.log.slow
;request_slowlog_timeout = 0
;request_terminate_timeout = 30s
security.limit_extensions = .php .php5 .php55 .inc .phtml
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp
;php_flag[display_errors] = off
;php_admin_value[error_log] = /var/log/fpm-php.www.log
;php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 32M
;php_admin_value[open_basedir] = /tmp:/var/tmp:/var/www/html:/usr/local/php55/lib/php
; Load all DA User configs
include=/usr/local/directadmin/data/users/*/php/php-fpm55.conf

68
services/custombuild/php-fpm.conf.56 Normal file
View File

@@ -0,0 +1,68 @@
[global]
error_log = log/php-fpm.log
; syslog_facility is used to specify what type of program is logging the
; message. This lets syslogd specify that messages from different facilities
; will be handled differently.
; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON)
; Default Value: daemon
;syslog.facility = daemon
; syslog_ident is prepended to every message. If you have multiple FPM
; instances running on the same server, you can change the default value
; which must suit common needs.
; Default Value: php-fpm
;syslog.ident = php-fpm
; Log level
; Possible Values: alert, error, warning, notice, debug
; Default Value: notice
log_level = notice
;;;;;;;;;;;;;;;;;;;;
; Pool Definitions ;
;;;;;;;;;;;;;;;;;;;;
[webapps]
user = $pool
group = $pool
listen = /usr/local/php56/sockets/$pool.sock
listen.owner = $pool
listen.group = apache
listen.mode = 660
pm = ondemand
pm.max_children = 10
pm.process_idle_timeout = 60
pm.max_requests = 1000
;pm.status_path = /status
;ping.path = /ping
;ping.response = pong
;access.log = log/$pool.access.log
;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
;slowlog = log/$pool.log.slow
;request_slowlog_timeout = 0
;request_terminate_timeout = 30s
security.limit_extensions = .php .php5 .php56 .inc .phtml
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp
;php_flag[display_errors] = off
;php_admin_value[error_log] = /var/log/fpm-php.www.log
;php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 32M
;php_admin_value[open_basedir] = /tmp:/var/tmp:/var/www/html:/usr/local/php56/lib/php
; Load all DA User configs
include=/usr/local/directadmin/data/users/*/php/php-fpm56.conf

68
services/custombuild/php-fpm.conf.70 Normal file
View File

@@ -0,0 +1,68 @@
[global]
error_log = log/php-fpm.log
; syslog_facility is used to specify what type of program is logging the
; message. This lets syslogd specify that messages from different facilities
; will be handled differently.
; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON)
; Default Value: daemon
;syslog.facility = daemon
; syslog_ident is prepended to every message. If you have multiple FPM
; instances running on the same server, you can change the default value
; which must suit common needs.
; Default Value: php-fpm
;syslog.ident = php-fpm
; Log level
; Possible Values: alert, error, warning, notice, debug
; Default Value: notice
log_level = notice
;;;;;;;;;;;;;;;;;;;;
; Pool Definitions ;
;;;;;;;;;;;;;;;;;;;;
[webapps]
user = $pool
group = $pool
listen = /usr/local/php70/sockets/$pool.sock
listen.owner = $pool
listen.group = apache
listen.mode = 660
pm = ondemand
pm.max_children = 10
pm.process_idle_timeout = 60
pm.max_requests = 1000
;pm.status_path = /status
;ping.path = /ping
;ping.response = pong
;access.log = log/$pool.access.log
;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
;slowlog = log/$pool.log.slow
;request_slowlog_timeout = 0
;request_terminate_timeout = 30s
security.limit_extensions = .php .php5 .php70 .inc .phtml
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp
;php_flag[display_errors] = off
;php_admin_value[error_log] = /var/log/fpm-php.www.log
;php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 32M
;php_admin_value[open_basedir] = /tmp:/var/tmp:/var/www/html:/usr/local/php70/lib/php
; Load all DA User configs
include=/usr/local/directadmin/data/users/*/php/php-fpm70.conf

68
services/custombuild/php-fpm.conf.71 Normal file
View File

@@ -0,0 +1,68 @@
[global]
error_log = log/php-fpm.log
; syslog_facility is used to specify what type of program is logging the
; message. This lets syslogd specify that messages from different facilities
; will be handled differently.
; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON)
; Default Value: daemon
;syslog.facility = daemon
; syslog_ident is prepended to every message. If you have multiple FPM
; instances running on the same server, you can change the default value
; which must suit common needs.
; Default Value: php-fpm
;syslog.ident = php-fpm
; Log level
; Possible Values: alert, error, warning, notice, debug
; Default Value: notice
log_level = notice
;;;;;;;;;;;;;;;;;;;;
; Pool Definitions ;
;;;;;;;;;;;;;;;;;;;;
[webapps]
user = $pool
group = $pool
listen = /usr/local/php71/sockets/$pool.sock
listen.owner = $pool
listen.group = apache
listen.mode = 660
pm = ondemand
pm.max_children = 10
pm.process_idle_timeout = 60
pm.max_requests = 1000
;pm.status_path = /status
;ping.path = /ping
;ping.response = pong
;access.log = log/$pool.access.log
;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
;slowlog = log/$pool.log.slow
;request_slowlog_timeout = 0
;request_terminate_timeout = 30s
security.limit_extensions = .php .php5 .php71 .inc .phtml
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp
;php_flag[display_errors] = off
;php_admin_value[error_log] = /var/log/fpm-php.www.log
;php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 32M
;php_admin_value[open_basedir] = /tmp:/var/tmp:/var/www/html:/usr/local/php71/lib/php
; Load all DA User configs
include=/usr/local/directadmin/data/users/*/php/php-fpm71.conf

68
services/custombuild/php-fpm.conf.72 Normal file
View File

@@ -0,0 +1,68 @@
[global]
error_log = log/php-fpm.log
; syslog_facility is used to specify what type of program is logging the
; message. This lets syslogd specify that messages from different facilities
; will be handled differently.
; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON)
; Default Value: daemon
;syslog.facility = daemon
; syslog_ident is prepended to every message. If you have multiple FPM
; instances running on the same server, you can change the default value
; which must suit common needs.
; Default Value: php-fpm
;syslog.ident = php-fpm
; Log level
; Possible Values: alert, error, warning, notice, debug
; Default Value: notice
log_level = notice
;;;;;;;;;;;;;;;;;;;;
; Pool Definitions ;
;;;;;;;;;;;;;;;;;;;;
[webapps]
user = $pool
group = $pool
listen = /usr/local/php72/sockets/$pool.sock
listen.owner = $pool
listen.group = apache
listen.mode = 660
pm = ondemand
pm.max_children = 10
pm.process_idle_timeout = 60
pm.max_requests = 1000
;pm.status_path = /status
;ping.path = /ping
;ping.response = pong
;access.log = log/$pool.access.log
;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
;slowlog = log/$pool.log.slow
;request_slowlog_timeout = 0
;request_terminate_timeout = 30s
security.limit_extensions = .php .php5 .php72 .inc .phtml
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp
;php_flag[display_errors] = off
;php_admin_value[error_log] = /var/log/fpm-php.www.log
;php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 32M
;php_admin_value[open_basedir] = /tmp:/var/tmp:/var/www/html:/usr/local/php72/lib/php
; Load all DA User configs
include=/usr/local/directadmin/data/users/*/php/php-fpm72.conf

68
services/custombuild/php-fpm.conf.73 Normal file
View File

@@ -0,0 +1,68 @@
[global]
error_log = log/php-fpm.log
; syslog_facility is used to specify what type of program is logging the
; message. This lets syslogd specify that messages from different facilities
; will be handled differently.
; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON)
; Default Value: daemon
;syslog.facility = daemon
; syslog_ident is prepended to every message. If you have multiple FPM
; instances running on the same server, you can change the default value
; which must suit common needs.
; Default Value: php-fpm
;syslog.ident = php-fpm
; Log level
; Possible Values: alert, error, warning, notice, debug
; Default Value: notice
log_level = notice
;;;;;;;;;;;;;;;;;;;;
; Pool Definitions ;
;;;;;;;;;;;;;;;;;;;;
[webapps]
user = $pool
group = $pool
listen = /usr/local/php73/sockets/$pool.sock
listen.owner = $pool
listen.group = apache
listen.mode = 660
pm = ondemand
pm.max_children = 10
pm.process_idle_timeout = 60
pm.max_requests = 1000
;pm.status_path = /status
;ping.path = /ping
;ping.response = pong
;access.log = log/$pool.access.log
;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
;slowlog = log/$pool.log.slow
;request_slowlog_timeout = 0
;request_terminate_timeout = 30s
security.limit_extensions = .php .php5 .php73 .inc .phtml
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp
;php_flag[display_errors] = off
;php_admin_value[error_log] = /var/log/fpm-php.www.log
;php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 32M
;php_admin_value[open_basedir] = /tmp:/var/tmp:/var/www/html:/usr/local/php73/lib/php
; Load all DA User configs
include=/usr/local/directadmin/data/users/*/php/php-fpm73.conf

68
services/custombuild/php-fpm.conf.74 Normal file
View File

@@ -0,0 +1,68 @@
[global]
error_log = log/php-fpm.log
; syslog_facility is used to specify what type of program is logging the
; message. This lets syslogd specify that messages from different facilities
; will be handled differently.
; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON)
; Default Value: daemon
;syslog.facility = daemon
; syslog_ident is prepended to every message. If you have multiple FPM
; instances running on the same server, you can change the default value
; which must suit common needs.
; Default Value: php-fpm
;syslog.ident = php-fpm
; Log level
; Possible Values: alert, error, warning, notice, debug
; Default Value: notice
log_level = notice
;;;;;;;;;;;;;;;;;;;;
; Pool Definitions ;
;;;;;;;;;;;;;;;;;;;;
[webapps]
user = $pool
group = $pool
listen = /usr/local/php74/sockets/$pool.sock
listen.owner = $pool
listen.group = apache
listen.mode = 660
pm = ondemand
pm.max_children = 10
pm.process_idle_timeout = 60
pm.max_requests = 1000
;pm.status_path = /status
;ping.path = /ping
;ping.response = pong
;access.log = log/$pool.access.log
;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
;slowlog = log/$pool.log.slow
;request_slowlog_timeout = 0
;request_terminate_timeout = 30s
security.limit_extensions = .php .php5 .php74 .inc .phtml
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp
;php_flag[display_errors] = off
;php_admin_value[error_log] = /var/log/fpm-php.www.log
;php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 32M
;php_admin_value[open_basedir] = /tmp:/var/tmp:/var/www/html:/usr/local/php74/lib/php
; Load all DA User configs
include=/usr/local/directadmin/data/users/*/php/php-fpm74.conf

68
services/custombuild/php-fpm.conf.80 Normal file
View File

@@ -0,0 +1,68 @@
[global]
error_log = log/php-fpm.log
; syslog_facility is used to specify what type of program is logging the
; message. This lets syslogd specify that messages from different facilities
; will be handled differently.
; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON)
; Default Value: daemon
;syslog.facility = daemon
; syslog_ident is prepended to every message. If you have multiple FPM
; instances running on the same server, you can change the default value
; which must suit common needs.
; Default Value: php-fpm
;syslog.ident = php-fpm
; Log level
; Possible Values: alert, error, warning, notice, debug
; Default Value: notice
log_level = notice
;;;;;;;;;;;;;;;;;;;;
; Pool Definitions ;
;;;;;;;;;;;;;;;;;;;;
[webapps]
user = $pool
group = $pool
listen = /usr/local/php80/sockets/$pool.sock
listen.owner = $pool
listen.group = apache
listen.mode = 660
pm = ondemand
pm.max_children = 10
pm.process_idle_timeout = 60
pm.max_requests = 1000
;pm.status_path = /status
;ping.path = /ping
;ping.response = pong
;access.log = log/$pool.access.log
;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
;slowlog = log/$pool.log.slow
;request_slowlog_timeout = 0
;request_terminate_timeout = 30s
security.limit_extensions = .php .php5 .php80 .inc .phtml
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp
;php_flag[display_errors] = off
;php_admin_value[error_log] = /var/log/fpm-php.www.log
;php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 32M
;php_admin_value[open_basedir] = /tmp:/var/tmp:/var/www/html:/usr/local/php80/lib/php
; Load all DA User configs
include=/usr/local/directadmin/data/users/*/php/php-fpm80.conf

68
services/custombuild/php-fpm.conf.81 Normal file
View File

@@ -0,0 +1,68 @@
[global]
error_log = log/php-fpm.log
; syslog_facility is used to specify what type of program is logging the
; message. This lets syslogd specify that messages from different facilities
; will be handled differently.
; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON)
; Default Value: daemon
;syslog.facility = daemon
; syslog_ident is prepended to every message. If you have multiple FPM
; instances running on the same server, you can change the default value
; which must suit common needs.
; Default Value: php-fpm
;syslog.ident = php-fpm
; Log level
; Possible Values: alert, error, warning, notice, debug
; Default Value: notice
log_level = notice
;;;;;;;;;;;;;;;;;;;;
; Pool Definitions ;
;;;;;;;;;;;;;;;;;;;;
[webapps]
user = $pool
group = $pool
listen = /usr/local/php81/sockets/$pool.sock
listen.owner = $pool
listen.group = apache
listen.mode = 660
pm = ondemand
pm.max_children = 10
pm.process_idle_timeout = 60
pm.max_requests = 1000
;pm.status_path = /status
;ping.path = /ping
;ping.response = pong
;access.log = log/$pool.access.log
;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
;slowlog = log/$pool.log.slow
;request_slowlog_timeout = 0
;request_terminate_timeout = 30s
security.limit_extensions = .php .php5 .php81 .inc .phtml
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp
;php_flag[display_errors] = off
;php_admin_value[error_log] = /var/log/fpm-php.www.log
;php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 32M
;php_admin_value[open_basedir] = /tmp:/var/tmp:/var/www/html:/usr/local/php81/lib/php
; Load all DA User configs
include=/usr/local/directadmin/data/users/*/php/php-fpm81.conf

68
services/custombuild/php-fpm.conf.82 Normal file
View File

@@ -0,0 +1,68 @@
[global]
error_log = log/php-fpm.log
; syslog_facility is used to specify what type of program is logging the
; message. This lets syslogd specify that messages from different facilities
; will be handled differently.
; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON)
; Default Value: daemon
;syslog.facility = daemon
; syslog_ident is prepended to every message. If you have multiple FPM
; instances running on the same server, you can change the default value
; which must suit common needs.
; Default Value: php-fpm
;syslog.ident = php-fpm
; Log level
; Possible Values: alert, error, warning, notice, debug
; Default Value: notice
log_level = notice
;;;;;;;;;;;;;;;;;;;;
; Pool Definitions ;
;;;;;;;;;;;;;;;;;;;;
[webapps]
user = $pool
group = $pool
listen = /usr/local/php82/sockets/$pool.sock
listen.owner = $pool
listen.group = apache
listen.mode = 660
pm = ondemand
pm.max_children = 10
pm.process_idle_timeout = 60
pm.max_requests = 1000
;pm.status_path = /status
;ping.path = /ping
;ping.response = pong
;access.log = log/$pool.access.log
;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
;slowlog = log/$pool.log.slow
;request_slowlog_timeout = 0
;request_terminate_timeout = 30s
security.limit_extensions = .php .php5 .php82 .inc .phtml
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp
;php_flag[display_errors] = off
;php_admin_value[error_log] = /var/log/fpm-php.www.log
;php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 32M
;php_admin_value[open_basedir] = /tmp:/var/tmp:/var/www/html:/usr/local/php82/lib/php
; Load all DA User configs
include=/usr/local/directadmin/data/users/*/php/php-fpm82.conf

117
services/custombuild/versions.txt Normal file
View File

@@ -0,0 +1,117 @@
imap:2007f:
cwaf_rules:1.233:
litespeed:6.0.12:
letsencrypt_sh:2.0.30:
apache2.4:2.4.54:
fts-xapian:1.5.5:
xapian-core:1.4.20:
imapsync:2.178:
msmtp:1.8.19:
bubblewrap:0.6.2:
jailshell_sh:0.6:
apr:1.7.0:
apr-util:1.6.1:
modsecurity:2.9.6:
modsecurity3:3.0.8:
modsecurity3_apache:v0.0.9-beta1:
modsecurity3_nginx:v1.0.3:
modsec-sdbm-util:1.0:
owasp3_rules:3.3.2:
libmaxminddb:1.6.0:
geoipupdate:3.1.1:
nginx:1.23.1:
nginx_mainline:1.23.1:
ngx_cache_purge:2.3:
mod_aclr2:1.0.0:
unit:1.28.0:
openlitespeed:1.7.16:
openlitespeed_src:1.7.16:
composer:2.4.1:
wp-cli:2.6.0:
lego:953d5c85145b6a2b9a52f2d919faf23e04a359b3:
lego_arm64:953d5c85145b6a2b9a52f2d919faf23e04a359b3:
dnsproviders:4.5.3:
lua:5.3.5:
s-nail:14.9.23:
awstats:7.8:
awstats_process:2.9:
curl:7.85.0:
dovecot:2.3.19.1:
pigeonhole23:0.5.19:
libspf2:1.2.11:
exim:4.96:
system_filter_exim:1.3:
eximspamconf:1.4:
eximclamavconf:1.4:
eximclamavloadconf:1.1:
clamav:0.104.4:
exim_conf_45:4.5.42:
blockcracking:1.12:
easy_spam_figther:1.32:
exim_pl_45:32:
exim_dkim_conf:1.7:
imagick:3.7.0:
phalcon:4.1.2:
snuffleupagus:0.7.1:
igbinary:3.2.7:
phpredis:5.3.7:
xmlrpc:1.0.0RC3:
psr:1.2.0:
imagemagick:7.1.0-24:
redis:7.0.4:
libzip:1.7.3:
mysql5.5:5.5.62:
mysql5.6:5.6.51:
mysql5.7:5.7.39:
mysql8.0:8.0.30:
mariadb5.5:5.5.68:
mariadb10.0:10.0.38:
mariadb10.1:10.1.48:
mariadb10.2:10.2.44:
mariadb10.3:10.3.36:
mariadb10.4:10.4.26:
mariadb10.5:10.5.17:
mariadb10.6:10.6.9:
jemalloc_versions:3.6.0:
galera_versions:26.4.8:
php53:5.3.29:
php54:5.4.45:
php55:5.5.38:
php56:5.6.40:
php70:7.0.33:
php71:7.1.33:
php72:7.2.34:
php73:7.3.33:
php74:7.4.30:
php80:8.0.23:
php81:8.1.10:
php82:8.2.3:
phpmyadmin4:4.9.10-all-languages:
phpmyadmin5:5.2.0-all-languages:
proftpd:1.3.7e:
ncftp:3.2.6:
pureftpd:1.0.49:
roundcubemail:1.6.0:
rc_direct_login:0.8:
pma_direct_login:0.5:
spamassassin:3.4.6:
sa-update-sh:1.5:
spamassassin_rules:3.4.6.r1888502:
rspamd:1.8.1:
rspamd_conf:0.4:
squirrelmail:1.4.22:
squirrelmail_svn:1.4.23-20220318_0200:
squirrelmail_locale:1.4.18-20090526:
squirrel_logger:2.3.1-1.2.7:
mod_fcgid:2.3.9:
fcgid_sh:1.0:
htscanner:1.0.1-enhanced:
mod_ruid2:0.9.8:
curl_cacert:20161102:
suphp:0.7.1:
suphp_current:0.7.2:
webalizer:2.23-09:
zendopcache:7.0.5:
ioncube_loaders_lin_x86-64:12.0.2:
ioncube_loaders_lin_aarch64:12.0.2:
suhosin:0.9.38:

17
services/files.sh Normal file
View File

@@ -0,0 +1,17 @@
#!/bin/sh
filesh_path=es_7.0_64
da_exim=da_exim-4.89.1-1.x86_64.rpm
majordomo=majordomo-1.94.5-patched.tar.gz
mysql_ver=5.5.63
mysql_os=centos73-x86_64
mysql_client=MariaDB-${mysql_ver}-${mysql_os}-client.rpm
mysql_devel=MariaDB-${mysql_ver}-${mysql_os}-devel.rpm
mysql_server=MariaDB-${mysql_ver}-${mysql_os}-server.rpm
mysql_shared=MariaDB-${mysql_ver}-${mysql_os}-shared.rpm
mysql_common=MariaDB-${mysql_ver}-${mysql_os}-common.rpm
mysql_compat=MariaDB-${mysql_ver}-${mysql_os}-compat.rpm
proftpd=proftpd-1.3.5-1.x86_64.rpm
proftpd_standalone=proftpd-standalone-1.3.5-1.x86_64.rpm
pack=packed_es70_64.tar.gz

7
services/named/named-setup-rndc.service Normal file
View File

@@ -0,0 +1,7 @@
[Unit]
Description=Generate rndc key for BIND (DNS)
[Service]
Type=oneshot
ExecStart=/usr/libexec/generate-rndc-key.sh

27
services/named/named.service Normal file
View File

@@ -0,0 +1,27 @@
[Unit]
Description=Berkeley Internet Name Domain (DNS)
Wants=nss-lookup.target
Wants=named-setup-rndc.service
Before=nss-lookup.target
After=network.target
After=named-setup-rndc.service
[Service]
Type=forking
EnvironmentFile=-/etc/sysconfig/named
Environment=KRB5_KTNAME=/etc/named.keytab
PIDFile=/run/named/named.pid
ExecStartPre=-/bin/mkdir -p /run/named
ExecStartPre=-/bin/chown named:named /run/named
ExecStartPre=/usr/sbin/named-checkconf -z /etc/named.conf
ExecStart=/usr/sbin/named -u named $OPTIONS
ExecReload=/bin/sh -c '/usr/sbin/rndc reload > /dev/null 2>&1 || /bin/kill -HUP $MAINPID'
ExecStop=/bin/sh -c '/usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID'
PrivateTmp=true
[Install]
WantedBy=multi-user.target

12
services/named/named.service.debian Normal file
View File

@@ -0,0 +1,12 @@
[Unit]
Description=BIND Domain Name Server
Documentation=man:named(8)
After=network.target
[Service]
ExecStart=/usr/sbin/named -f -u bind
ExecReload=/usr/sbin/rndc reload
ExecStop=/usr/sbin/rndc stop
[Install]
WantedBy=multi-user.target

BIN
services/services_es70_64.tar.gz Normal file
View File

Binary file not shown.

1
services/services_es70_64.tar.gz.md5 Normal file
View File

@@ -0,0 +1 @@
eb49a94363576f98bcc0e47e9bb94eea services_es70_64.tar.gz