Since the update 6 days ago, lighttpd 1.4.42 does not work on FreeBSD 9.3 anymore. The binary fails to startup with: 2016-10-28 11:06:30: (plugin.c.227) dlopen() failed for: /usr/local/lib/lighttpd/mod_cgi.so /usr/local/lib/lighttpd/mod_cgi.so: Undefined symbol "pipe2” mod_cgi.c contains the following horror: #ifdef O_CLOEXEC #define pipe_cloexec(pipefd) pipe2((pipefd), O_CLOEXEC) #elif defined FD_CLOEXEC #define pipe_cloexec(pipefd) \ ( 0 == pipe(pipefd) \ && 0 == fcntl(pipefd[0], F_SETFD, FD_CLOEXEC) \ && 0 == fcntl(pipefd[1], F_SETFD, FD_CLOEXEC) \ ? 0 \ : -1) #else #define pipe_cloexec(pipefd) pipe(pipefd) #endif Which of course is wrong, FreeBSD 9.3 has O_CLOEXEC but no pipe2. Thanks, Cedric
Merge to quarterly not needed since this regression was introduced in version 1.4.42 while quarterly still has 1.4.41.
Created attachment 176239 [details] patch Attached patch should make it work on 9.x by restoring old behaviour on such systems. Can the reporter please test this patch and report back? Thanks.
Comment on attachment 176239 [details] patch Sorry this patch is broken, I made a mistake, will post a revised one shortly.
Created attachment 176240 [details] patch New patch, this one should work. Please test and report back. Thanks.
Looking at your patch, I don't understand why you need the second part. Looking here: https://www.freebsd.org/cgi/man.cgi?query=fcntl&apropos=0&sektion=2&manpath=FreeBSD+9.3-stable&arch=default&format=html FreeBSD 9.3 should understand fcntl(fd, F_SETFD, FD_CLOEXEC), which looks better than a naked pipe() command.
Created attachment 176244 [details] parch2 I did not check tghe fcntl man page, I just patched it to restore the code as it was in 1.4.41, which used pipe(). Here is a new patch which allows the second block to be used on 9.3 instead of the naked pipe(). Please test again and report back.
ok, I can test in +/- 2 hours, when the users of the server are gone...
Ok, sorry for the delay. I've applied the latest patch (patch2) and lighttpd starts again properly. I've tested with a tiny cgi script: it works, and the kdump output looks sane, the pipe() calls are followed by 2 successful fcntl(). [root@xxx]# uname -a FreeBSD xxx 9.3-RELEASE-p49 FreeBSD 9.3-RELEASE-p49 #5: Wed Oct 26 16:35:24 CEST 2016 [root@xxx]# kdump|grep -C5 pipe 40791 lighttpd RET sendto 96/0x60 40791 lighttpd CALL stat(0x80183a540,0x7fffffffdeb0) 40791 lighttpd NAMI "/bin/sh" 40791 lighttpd STRU struct stat {...} 40791 lighttpd RET stat 0 40791 lighttpd CALL pipe 40791 lighttpd RET pipe 6 40791 lighttpd CALL fcntl(0x6,F_SETFD,FD_CLOEXEC) 40791 lighttpd RET fcntl 0 40791 lighttpd CALL fcntl(0x7,F_SETFD,FD_CLOEXEC) 40791 lighttpd RET fcntl 0 40791 lighttpd CALL pipe 40791 lighttpd RET pipe 8 40791 lighttpd CALL fcntl(0x8,F_SETFD,FD_CLOEXEC) 40791 lighttpd RET fcntl 0 40791 lighttpd CALL fcntl(0x9,F_SETFD,FD_CLOEXEC) 40791 lighttpd RET fcntl 0 40791 lighttpd CALL fork
Looks fine. Also, it should be MFH'd together with update to 1.4.42 because of unspecified security issues (mentioned in the mail from Glenn Strauss when he announced 1.4.42): "Note: mod_authn_mysql takes the place of the FreeBSD patches (which were user-contributed and have security issues -- it might be a good idea to discuss issuing a CVE)." I'm not sure whether I'm a person to request a CVE since I don't even have any details about it - a simple MFH should be enough.
(In reply to Piotr Kubaj from comment #9) > Looks fine. > > Also, it should be MFH'd together with update to 1.4.42 because of > unspecified security issues (mentioned in the mail from Glenn Strauss when > he announced 1.4.42): > "Note: mod_authn_mysql takes the place of the FreeBSD patches (which were > user-contributed and have security issues -- it might be a good idea to > discuss issuing a CVE)." > > I'm not sure whether I'm a person to request a CVE since I don't even have > any details about it - a simple MFH should be enough. No need for a CVE, that's the software developer's role. Your notification here is enough, I'm going to commit this fix and ask for MFH after committing this fix.
A commit references this bug: Author: madpilot Date: Mon Oct 31 17:55:24 UTC 2016 New revision: 425017 URL: https://svnweb.freebsd.org/changeset/ports/425017 Log: Fix this port at runtime on 9.3. PR: 213848 Submitted by: cedric@precidata.com Approved by: pkubaj@anongoth.pl (maintainer) Changes: head/www/lighttpd/Makefile head/www/lighttpd/files/patch-src_mod__cgi.c
A commit references this bug: Author: madpilot Date: Mon Oct 31 20:07:35 UTC 2016 New revision: 425022 URL: https://svnweb.freebsd.org/changeset/ports/425022 Log: MFH: r424396 r425017 - Update lighttpd to 1.4.42 [1] - Convert WEBDAV option to option helpers [1] - Remove MYSQLAUTH option, upstream integrated their own solution in MYSQL support [1] - Add GEOIP option to main port [1] - Fix sorting in pkg-plist [1] - Remove lighttpd-mod_geoip port, it's beeen integrated in the main port [2] PR: 213568 [1], 213569 [2] Sumitted by: Piotr Kubaj <pkubaj@anongoth.pl> (maintainer) Fix this port at runtime on 9.3. PR: 213848 Submitted by: cedric@precidata.com Approved by: pkubaj@anongoth.pl (maintainer) Approved by: ports-secteam (feld) Changes: _U branches/2016Q4/ branches/2016Q4/MOVED branches/2016Q4/www/Makefile branches/2016Q4/www/lighttpd/Makefile branches/2016Q4/www/lighttpd/distinfo branches/2016Q4/www/lighttpd/files/README.mysqlauth branches/2016Q4/www/lighttpd/files/extra-patch-src_Makefile.am branches/2016Q4/www/lighttpd/files/extra-patch-src_Makefile.in branches/2016Q4/www/lighttpd/files/extra-patch-src_http__auth.c branches/2016Q4/www/lighttpd/files/extra-patch-src_http__auth.h branches/2016Q4/www/lighttpd/files/extra-patch-src_mod__auth.c branches/2016Q4/www/lighttpd/files/mysql_auth.sql branches/2016Q4/www/lighttpd/files/patch-src_mod__cgi.c branches/2016Q4/www/lighttpd/files/patch-src_mod__fastcgi.c branches/2016Q4/www/lighttpd/files/patch-src_mod__proxy.c branches/2016Q4/www/lighttpd/files/patch-src_mod__scgi.c branches/2016Q4/www/lighttpd/pkg-plist branches/2016Q4/www/lighttpd-mod_geoip/
Committed and merged. Thanks!
Thanks for fixing this. I'm reopening this because, while I've not tested and compiled the new 1.4.43 version on 9.3, I believe it is broken again. 1.4.43 has a "fix" with this comment: [mod_cgi] FreeBSD 9.3 does not have pipe2() FreeBSD 9.3 has O_CLOEXEC, but does not have pipe2() until FreeBSD 10. FreeBSD 10 also adds F_DUPFD_CLOEXEC, so use that as indicator https://wiki.freebsd.org/AtomicCloseOnExec Which seems nonsense to me because the above "AtomicCloseOnExec" states that F_DUPFD_CLOEXEC has been added to FreeBSD 9.2 too... QA (and reading skills) at lighttpd has gone to hell lately. Sorry.
(In reply to cedric from comment #14) Damn... I checked Lighttpd git log and saw that they fixed it, although in a different way so I assumed they had checked that it worked. After compiling myself Lighttpd 1.4.43 in 9.3, I can actually see that it fails. I'll send an updated patch in a minute. Be aware that 9.3 is nearing EOL and I'll remove this patch in January.
Created attachment 176432 [details] patch Please test this patch. If it's fine, it's ready to commit.
I cannot test it today, but it reads fine.
A commit references this bug: Author: madpilot Date: Thu Nov 3 15:02:35 UTC 2016 New revision: 425228 URL: https://svnweb.freebsd.org/changeset/ports/425228 Log: Fix again usage of pipe2(2) in 9.3 PR: 213848 Submitted by: cedric <cedric@precidata.com> Patch by: Piotr Kubaj <pkubaj@anongoth.pl> (maintainer) Changes: head/www/lighttpd/Makefile head/www/lighttpd/files/patch-src_mod__cgi.c
Patch committed! Thanks!