Date: Fri, 28 Apr 2006 12:44:23 +0200 From: "Fredrik Lindberg" <fli@shapeshifter.se> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/96458: Update port: www/apache20 Patch for mod_proxy dataloss (AFS Bug 37145) Message-ID: <20060428104419.B211D1A723@mx1.h3q.net> Resent-Message-ID: <200604281050.k3SAoGae039862@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 96458 >Category: ports >Synopsis: Update port: www/apache20 Patch for mod_proxy dataloss (AFS Bug 37145) >Confidential: no >Severity: serious >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Fri Apr 28 10:50:16 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Fredrik Lindberg >Release: FreeBSD 7.0-CURRENT i386 >Organization: >Environment: System: FreeBSD genesis.int.shapeshifter.se 7.0-CURRENT FreeBSD 7.0-CURRENT #0: Sat Apr 22 13:39:02 CEST 2006 fli@dhcp-192-168-0-94:/usr/obj/usr/src/sys/GENESIS i386 >Description: Dataloss in POST requests occurs with mod_proxy when used together with mod_ssl on a front-end server. This is a temporary patch until 2.0.56 is released. Patch obtained from http://issues.apache.org/bugzilla/show_bug.cgi?id=37145 >How-To-Repeat: >Fix: --- apache20-proxy.patch begins here --- diff -ruN apache20.orig/Makefile apache20/Makefile --- apache20.orig/Makefile Fri Apr 28 12:15:46 2006 +++ apache20/Makefile Fri Apr 28 12:18:17 2006 @@ -9,7 +9,7 @@ PORTNAME= apache PORTVERSION= 2.0.55 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_APACHE_HTTPD} \ ${MASTER_SITE_LOCAL:S/$/:powerlogo/} diff -ruN apache20.orig/files/patch-modules:proxy:proxy_http.c apache20/files/patch-modules:proxy:proxy_http.c --- apache20.orig/files/patch-modules:proxy:proxy_http.c Thu Jan 1 01:00:00 1970 +++ apache20/files/patch-modules:proxy:proxy_http.c Fri Apr 28 12:00:36 2006 @@ -0,0 +1,102 @@ +Index: modules/proxy/proxy_http.c +=================================================================== +--- modules/proxy/proxy_http.c (Revision 326480) ++++ modules/proxy/proxy_http.c (Arbeitskopie) +@@ -504,7 +504,21 @@ + * take care of that now + */ + bb = header_brigade; +- APR_BRIGADE_CONCAT(bb, input_brigade); ++ ++ /* ++ * Save input_brigade in bb brigade. (At least) in the SSL case ++ * input_brigade contains transient buckets whose data would get ++ * overwritten during the next call of ap_get_brigade in the loop. ++ * ap_save_brigade ensures these buckets to be set aside. ++ * Calling ap_save_brigade with NULL as filter is OK, because ++ * bb brigade already has been created and does not need to get ++ * created by ap_save_brigade. ++ */ ++ status = ap_save_brigade(NULL, &bb, &input_brigade, p); ++ if (status != APR_SUCCESS) { ++ return status; ++ } ++ + header_brigade = NULL; + } + else { +@@ -611,7 +625,21 @@ + * take care of that now + */ + bb = header_brigade; +- APR_BRIGADE_CONCAT(bb, input_brigade); ++ ++ /* ++ * Save input_brigade in bb brigade. (At least) in the SSL case ++ * input_brigade contains transient buckets whose data would get ++ * overwritten during the next call of ap_get_brigade in the loop. ++ * ap_save_brigade ensures these buckets to be set aside. ++ * Calling ap_save_brigade with NULL as filter is OK, because ++ * bb brigade already has been created and does not need to get ++ * created by ap_save_brigade. ++ */ ++ status = ap_save_brigade(NULL, &bb, &input_brigade, p); ++ if (status != APR_SUCCESS) { ++ return status; ++ } ++ + header_brigade = NULL; + } + else { +@@ -735,7 +763,21 @@ + apr_brigade_cleanup(input_brigade); + } + else { +- APR_BRIGADE_CONCAT(body_brigade, input_brigade); ++ ++ /* ++ * Save input_brigade in body_brigade. (At least) in the SSL case ++ * input_brigade contains transient buckets whose data would get ++ * overwritten during the next call of ap_get_brigade in the loop. ++ * ap_save_brigade ensures these buckets to be set aside. ++ * Calling ap_save_brigade with NULL as filter is OK, because ++ * body_brigade already has been created and does not need to get ++ * created by ap_save_brigade. ++ */ ++ status = ap_save_brigade(NULL, &body_brigade, &input_brigade, p); ++ if (status != APR_SUCCESS) { ++ return status; ++ } ++ + } + + bytes_spooled += bytes; +@@ -1081,9 +1123,27 @@ + } + + apr_brigade_length(temp_brigade, 1, &bytes); +- APR_BRIGADE_CONCAT(input_brigade, temp_brigade); + bytes_read += bytes; + ++ /* ++ * Save temp_brigade in input_brigade. (At least) in the SSL case ++ * temp_brigade contains transient buckets whose data would get ++ * overwritten during the next call of ap_get_brigade in the loop. ++ * ap_save_brigade ensures these buckets to be set aside. ++ * Calling ap_save_brigade with NULL as filter is OK, because ++ * input_brigade already has been created and does not need to get ++ * created by ap_save_brigade. ++ */ ++ status = ap_save_brigade(NULL, &input_brigade, &temp_brigade, p); ++ if (status != APR_SUCCESS) { ++ ap_log_error(APLOG_MARK, APLOG_ERR, status, r->server, ++ "proxy: processing prefetched request body failed" ++ " to %s from %s (%s)", ++ p_conn->name ? p_conn->name: "", ++ c->remote_ip, c->remote_host ? c->remote_host: ""); ++ return status; ++ } ++ + /* Ensure we don't hit a wall where we have a buffer too small + * for ap_get_brigade's filters to fetch us another bucket, + * surrender once we hit 80 bytes less than MAX_MEM_SPOOL --- apache20-proxy.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060428104419.B211D1A723>