ports/164711: www/apache22 2.2.22 proxy connect patch update
freebsd at nagilum.org
freebsd at nagilum.org
Thu Feb 2 16:40:11 UTC 2012
>Number: 164711
>Category: ports
>Synopsis: www/apache22 2.2.22 proxy connect patch update
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Thu Feb 02 16:40:10 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator: freebsd at nagilum.org
>Release: FreeBSD 8.2-STABLE i386
>Organization:
>Environment:
System: FreeBSD cakebox.tis 8.2-STABLE FreeBSD 8.2-STABLE #0: Sun Dec 25 02:18:54 CET 2011 root at cakebox.tis:/usr/obj/export/src/sys/net5501 i386
>Description:
Update "files/patch-modules__proxy__mod_proxy_connect.c"
with the latest version from
https://issues.apache.org/bugzilla/show_bug.cgi?id=29744
It also appears that the patch is applied unconditionally so
we can remove the option.
>How-To-Repeat:
build the port
>Fix:
apply attached patch
--- apache22.patch begins here ---
diff -Naur apache22.old/Makefile.options apache22/Makefile.options
--- apache22.old/Makefile.options 2011-04-01 10:50:00.000000000 +0200
+++ apache22/Makefile.options 2012-02-02 17:16:56.000000000 +0100
@@ -65,7 +65,6 @@
VERSION "Enable mod_version" ON \
PROXY "Enable mod_proxy" OFF \
PROXY_CONNECT "Enable mod_proxy_connect" OFF \
- PATCH_PROXY_CONNECT "Patch proxy_connect SSL support" ON \
PROXY_FTP "Enable mod_proxy_ftp" OFF \
PROXY_HTTP "Enable mod_proxy_http" OFF \
PROXY_AJP "Enable mod_proxy_ajp" OFF \
diff -Naur apache22.old/files/patch-modules__proxy__mod_proxy_connect.c apache22/files/patch-modules__proxy__mod_proxy_connect.c
--- apache22.old/files/patch-modules__proxy__mod_proxy_connect.c 2010-05-07 02:02:15.000000000 +0200
+++ apache22/files/patch-modules__proxy__mod_proxy_connect.c 2012-02-02 17:15:38.000000000 +0100
@@ -1,5 +1,5 @@
---- ./modules/proxy/mod_proxy_connect.c.orig 2009-11-19 09:07:46.000000000 -0500
-+++ ./modules/proxy/mod_proxy_connect.c 2010-05-06 19:37:54.227730259 -0400
+--- ./modules/proxy/mod_proxy_connect.c.orig 2010-12-08 20:31:34.000000000 +0100
++++ ./modules/proxy/mod_proxy_connect.c 2012-02-02 17:12:20.000000000 +0100
@@ -21,6 +21,8 @@
#include "mod_proxy.h"
#include "apr_poll.h"
@@ -25,27 +25,27 @@
+ do {
+ apr_brigade_cleanup(bb);
+ rv = ap_get_brigade(c_i->input_filters, bb, AP_MODE_READBYTES,
-+ APR_NONBLOCK_READ, CONN_BLKSZ);
++ APR_NONBLOCK_READ, CONN_BLKSZ);
+ if (rv == APR_SUCCESS) {
-+ if (APR_BRIGADE_EMPTY(bb))
++ if (APR_BRIGADE_EMPTY(bb))
+ break;
+#ifdef DEBUGGING
-+ len = -1;
-+ apr_brigade_length(bb, 0, &len);
-+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
++ len = -1;
++ apr_brigade_length(bb, 0, &len);
++ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+ "proxy: CONNECT: read %" APR_OFF_T_FMT
+ " bytes from %s", len, name);
+#endif
-+ rv = ap_pass_brigade(c_o->output_filters, bb);
-+ if (rv == APR_SUCCESS) {
++ rv = ap_pass_brigade(c_o->output_filters, bb);
++ if (rv == APR_SUCCESS) {
+ ap_fflush(c_o->output_filters, bb);
-+ } else {
++ } else {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
-+ "proxy: CONNECT: error on %s - ap_pass_brigade",
-+ name);
-+ }
++ "proxy: CONNECT: error on %s - ap_pass_brigade",
++ name);
++ }
+ } else if (!APR_STATUS_IS_EAGAIN(rv)) {
-+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, rv, r,
++ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, rv, r,
+ "proxy: CONNECT: error on %s - ap_get_brigade",
+ name);
+ }
@@ -69,8 +69,7 @@
+
+ apr_bucket_brigade *bb = apr_brigade_create(p, c->bucket_alloc);
apr_status_t err, rv;
-- apr_size_t i, o, nbytes;
-+ apr_size_t nbytes;
+ apr_size_t i, o, nbytes;
char buffer[HUGE_STRING_LEN];
- apr_socket_t *client_socket = ap_get_module_config(r->connection->conn_config, &core_module);
- int failed;
@@ -85,25 +84,25 @@
default:
- /* XXX can we call ap_proxyerror() here to get a nice log message? */
- return HTTP_FORBIDDEN;
-+ return ap_proxyerror(r, HTTP_FORBIDDEN, "Connect to remote machine blocked");
++ return ap_proxyerror(r, HTTP_FORBIDDEN, "Connect to remote machine blocked");
}
} else if(!allowed_port(conf, uri.port)) {
- /* XXX can we call ap_proxyerror() here to get a nice log message? */
- return HTTP_FORBIDDEN;
-+ return ap_proxyerror(r, HTTP_FORBIDDEN, "Connect to remote machine blocked");
++ return ap_proxyerror(r, HTTP_FORBIDDEN, "Connect to remote machine blocked");
}
/*
-@@ -205,18 +253,57 @@
+@@ -205,19 +253,57 @@
}
}
+ /* setup polling for connection */
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
-+ "proxy: CONNECT: setting up poll()");
++ "proxy: CONNECT: setting up poll()");
+
+ if ((rv = apr_pollset_create(&pollset, 2, r->pool, 0)) != APR_SUCCESS) {
-+ apr_socket_close(sock);
++ apr_socket_close(sock);
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
+ "proxy: CONNECT: error apr_pollset_create()");
+ return HTTP_INTERNAL_SERVER_ERROR;
@@ -133,74 +132,76 @@
- */
- r->output_filters = NULL;
- r->connection->output_filters = NULL;
+-
+ backconn = ap_run_create_connection(c->pool, r->server, sock,
-+ c->id, c->sbh, c->bucket_alloc);
++ c->id, c->sbh, c->bucket_alloc);
+ if (!backconn) {
-+ /* peer reset */
-+ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
-+ "proxy: an error occurred creating a new connection "
-+ "to %pI (%s)", connect_addr, connectname);
-+ apr_socket_close(sock);
-+ return HTTP_INTERNAL_SERVER_ERROR;
-+ }
-+ ap_proxy_ssl_disable(backconn);
-+ rc = ap_run_pre_connection(backconn, sock);
-+ if (rc != OK && rc != DONE) {
-+ backconn->aborted = 1;
-+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
-+ "proxy: CONNECT: pre_connection setup failed (%d)", rc);
-+ return HTTP_INTERNAL_SERVER_ERROR;
-+ }
-+
++ /* peer reset */
++ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
++ "proxy: an error occurred creating a new connection "
++ "to %pI (%s)", connect_addr, connectname);
++ apr_socket_close(sock);
++ return HTTP_INTERNAL_SERVER_ERROR;
++ }
++ ap_proxy_ssl_disable(backconn);
++ rc = ap_run_pre_connection(backconn, sock);
++ if (rc != OK && rc != DONE) {
++ backconn->aborted = 1;
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
-+ "proxy: CONNECT: connection complete to %pI (%s)",
-+ connect_addr, connectname);
-
++ "proxy: CONNECT: pre_connection setup failed (%d)", rc);
++ return HTTP_INTERNAL_SERVER_ERROR;
++ }
++
++ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
++ "proxy: CONNECT: connection complete to %pI (%s)",
++ connect_addr, connectname);
/* If we are connecting through a remote proxy, we need to pass
-@@ -227,12 +314,11 @@
+ * the CONNECT request on to it.
+@@ -227,12 +313,11 @@
*/
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: CONNECT: sending the CONNECT request to the remote proxy");
- nbytes = apr_snprintf(buffer, sizeof(buffer),
-+ ap_fprintf(backconn->output_filters, bb,
++ ap_fprintf(backconn->output_filters, bb,
"CONNECT %s HTTP/1.0" CRLF, r->uri);
- apr_socket_send(sock, buffer, &nbytes);
- nbytes = apr_snprintf(buffer, sizeof(buffer),
- "Proxy-agent: %s" CRLF CRLF, ap_get_server_banner());
- apr_socket_send(sock, buffer, &nbytes);
-+ ap_fprintf(backconn->output_filters, bb,
-+ "Proxy-agent: %s" CRLF CRLF, ap_get_server_version());
-+ ap_fflush(backconn->output_filters, bb);
++ ap_fprintf(backconn->output_filters, bb,
++ "Proxy-agent: %s" CRLF CRLF, ap_get_server_version());
++ ap_fflush(backconn->output_filters, bb);
}
else {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
-@@ -240,11 +326,12 @@
+@@ -240,11 +325,12 @@
nbytes = apr_snprintf(buffer, sizeof(buffer),
"HTTP/1.0 200 Connection Established" CRLF);
ap_xlate_proto_to_ascii(buffer, nbytes);
- apr_socket_send(client_socket, buffer, &nbytes);
-+ ap_fwrite(c->output_filters, bb, buffer, nbytes);
++ ap_fwrite(c->output_filters, bb, buffer, nbytes);
nbytes = apr_snprintf(buffer, sizeof(buffer),
"Proxy-agent: %s" CRLF CRLF, ap_get_server_banner());
ap_xlate_proto_to_ascii(buffer, nbytes);
- apr_socket_send(client_socket, buffer, &nbytes);
+ ap_fwrite(c->output_filters, bb, buffer, nbytes);
-+ ap_fflush(c->output_filters, bb);
++ ap_fflush(c->output_filters, bb);
#if 0
/* This is safer code, but it doesn't work yet. I'm leaving it
* here so that I can fix it later.
-@@ -265,27 +352,15 @@
+@@ -264,28 +350,16 @@
+ *
* Handle two way transfer of data over the socket (this is a tunnel).
*/
++ /* we are now acting as a tunnel - the input/output filter stacks should
++ * not contain any non-connection filters.
++ */
++ r->output_filters = c->output_filters;
++ r->proto_output_filters = c->output_filters;
++ r->input_filters = c->input_filters;
++ r->proto_input_filters = c->input_filters;
-+ /* we are now acting as a tunnel - the input/output filter stacks should
-+ * not contain any non-connection filters.
-+ */
-+ r->output_filters = c->output_filters;
-+ r->proto_output_filters = c->output_filters;
-+ r->input_filters = c->input_filters;
-+ r->proto_input_filters = c->input_filters;
/* r->sent_bodyct = 1;*/
- if ((rv = apr_pollset_create(&pollset, 2, r->pool, 0)) != APR_SUCCESS) {
@@ -224,8 +225,8 @@
-
while (1) { /* Infinite loop until error (one side closes the connection) */
if ((rv = apr_pollset_poll(pollset, -1, &pollcnt, &signalled)) != APR_SUCCESS) {
- apr_socket_close(sock);
-@@ -294,7 +369,7 @@
+ if (APR_STATUS_IS_EINTR(rv)) {
+@@ -297,7 +371,7 @@
}
#ifdef DEBUGGING
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
@@ -234,13 +235,13 @@
#endif
for (pi = 0; pi < pollcnt; pi++) {
-@@ -304,72 +379,32 @@
+@@ -307,72 +381,31 @@
pollevent = cur->rtnevents;
if (pollevent & APR_POLLIN) {
#ifdef DEBUGGING
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
- "proxy: CONNECT: sock was set");
-+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
++ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r,
+ "proxy: CONNECT: sock was readable");
#endif
- nbytes = sizeof(buffer);
@@ -267,9 +268,9 @@
}
- else
- break;
-+ else if ((pollevent & APR_POLLERR) || (pollevent & APR_POLLHUP)) {
-+ rv = APR_EPIPE;
-+ ap_log_rerror(APLOG_MARK, APLOG_NOTICE, 0, r, "proxy: CONNECT: err/hup on backconn");
++ else if ((pollevent & APR_POLLERR) || (pollevent & APR_POLLHUP)) {
++ rv = APR_EPIPE;
++ ap_log_rerror(APLOG_MARK, APLOG_NOTICE, 0, r, "proxy: CONNECT: err/hup on backconn");
}
- else if ((pollevent & APR_POLLERR) || (pollevent & APR_POLLHUP))
- break;
@@ -289,8 +290,8 @@
-#ifdef DEBUGGING
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
- "proxy: CONNECT: read %d from client", i);
-+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
-+ "proxy: CONNECT: client was readable");
++ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r,
++ "proxy: CONNECT: client was readable");
#endif
- while(i > 0)
- {
@@ -310,18 +311,17 @@
- rv = APR_EOF;
- break;
}
-+ else {
-+ rv = APR_EBADF;
-+ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
-+ "proxy: CONNECT: unknown socket in pollset");
++ else {
++ rv = APR_EBADF;
++ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
++ "proxy: CONNECT: unknown socket in pollset");
}
- else
- break;
-+
}
if (rv != APR_SUCCESS) {
break;
-@@ -385,7 +420,9 @@
+@@ -388,7 +421,9 @@
* Close the socket and clean up
*/
--- apache22.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list