ports/132528: [patch] www/apache22 no-accf fix
Bjoern A. Zeeb
bzeeb+freebsdports at zabbadoz.net
Wed Mar 11 09:10:03 UTC 2009
>Number: 132528
>Category: ports
>Synopsis: [patch] www/apache22 no-accf fix
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Mar 11 09:10:02 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: Bjoern A. Zeeb
>Release: FreeBSD 8.0-CURRENT amd64
>Organization:
Zabbadoz.NeT
>Environment:
System: FreeBSD foo 8.0-CURRENT FreeBSD 8.0-CURRENT #0: 2009 bz at foo:/path/to/HEAD/sys/KERNEL amd64
>Description:
When configuring an apache22 with virtual hosts
even though apache22 is staretd with
apache22_http_accept_enable="NO"
and thus -DNOHTTPACCEPT it still complains that
[warn] (2)No such file or directory: Failed to enable the 'httpready' Accept Filter
[warn] (2)No such file or directory: Failed to enable the 'httpready' Accept Filter
[warn] (2)No such file or directory: Failed to enable the 'httpready' Accept Filter
[warn] (2)No such file or directory: Failed to enable the 'httpready' Accept Filter
>How-To-Repeat:
Configure apache22 with virtual hosts, make sure you do
not have the accf_* modules loaded and start apache22
with apache22_http_accept_enable="NO".
Best observed inside jails where loading the modules is
not possible either.
PS: I am not sure if there isn't a bug in the apache22
startup script related to return codes from
apache22_accf() and how sh(1) interprets them.
Especially if you cannot load the accf module,
noone would set -DNOHTTPACCEPT?
>Fix:
To be able to configure
AcceptFilter http none
AcceptFilter https none
and make it work like local/etc/apache22/Includes/no-accf.conf
does along with virtual hosts, etc. use the following
patch (below).
You can alos temporarily fetch it from:
http://people.freebsd.org/~bz/www-apache22-accf-fix.diff
Adds the new file files/patch-server__core.c .
If it proves to be correct and working for everyone
I'd like to submit it upstream.
Index: www/apache22/files/patch-server__core.c
===================================================================
RCS file: www/apache22/files/patch-server__core.c
diff -N www/apache22/files/patch-server__core.c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ www/apache22/files/patch-server__core.c 11 Mar 2009 08:35:07 -0000
@@ -0,0 +1,36 @@
+--- ./server/core.c.orig 2008-06-02 23:18:18.000000000 +0200
++++ ./server/core.c 2009-03-09 15:05:57.000000000 +0100
+@@ -494,6 +494,7 @@
+ core_server_config *base = (core_server_config *)basev;
+ core_server_config *virt = (core_server_config *)virtv;
+ core_server_config *conf;
++ const char *accfb, *accfc;
+
+ conf = (core_server_config *)apr_pmemdup(p, virt, sizeof(core_server_config));
+
+@@ -509,6 +510,25 @@
+ conf->protocol = base->protocol;
+ }
+
++ /*
++ * bz accept_filter(9) disable fix.
++ *
++ * You can only configure it in the base config but the
++ * values are copied and checked into virtual host configs,
++ * so if you disable it in base it will still be on in virt.
++ * To fix it, we overwrite each virt config if it does not
++ * match what is in base config for the hardcoded http(s).
++ */
++ accfb = apr_table_get(base->accf_map, "http");
++ accfc = apr_table_get(conf->accf_map, "http");
++ if (accfb && accfc && strcmp(accfb, accfc))
++ apr_table_set(conf->accf_map, "http", accfb);
++
++ accfb = apr_table_get(base->accf_map, "https");
++ accfc = apr_table_get(conf->accf_map, "https");
++ if (accfb && accfc && strcmp(accfb, accfc))
++ apr_table_set(conf->accf_map, "https", accfb);
++
+ conf->sec_dir = apr_array_append(p, base->sec_dir, virt->sec_dir);
+ conf->sec_url = apr_array_append(p, base->sec_url, virt->sec_url);
+
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list