Bug 213848 - www/lighttpd: Version 1.4.42 update does not work with FreeBSD 9.3
Summary: www/lighttpd: Version 1.4.42 update does not work with FreeBSD 9.3
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Guido Falsi
URL:
Keywords: needs-patch, needs-qa, regression
Depends on:
Blocks:
 
Reported: 2016-10-28 10:35 UTC by cedric
Modified: 2016-11-03 15:06 UTC (History)
2 users (show)

See Also:
pkubaj: maintainer-feedback+
madpilot: merge-quarterly+


Attachments
patch (1.30 KB, patch)
2016-10-28 12:26 UTC, Guido Falsi
no flags Details | Diff
patch (1.39 KB, patch)
2016-10-28 12:42 UTC, Guido Falsi
no flags Details | Diff
parch2 (1.36 KB, patch)
2016-10-28 13:34 UTC, Guido Falsi
pkubaj: maintainer-approval-
Details | Diff
patch (1.24 KB, patch)
2016-11-02 14:08 UTC, Piotr Kubaj
pkubaj: maintainer-approval+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description cedric 2016-10-28 10:35:11 UTC
Since the update 6 days ago, lighttpd 1.4.42 does not work on FreeBSD 9.3 anymore.

The binary fails to startup with:

2016-10-28 11:06:30: (plugin.c.227) dlopen() failed for: /usr/local/lib/lighttpd/mod_cgi.so /usr/local/lib/lighttpd/mod_cgi.so: Undefined symbol "pipe2” 

mod_cgi.c contains the following horror:

#ifdef O_CLOEXEC
#define pipe_cloexec(pipefd) pipe2((pipefd), O_CLOEXEC)
#elif defined FD_CLOEXEC
#define pipe_cloexec(pipefd) \
  (   0 == pipe(pipefd) \
   && 0 == fcntl(pipefd[0], F_SETFD, FD_CLOEXEC) \
   && 0 == fcntl(pipefd[1], F_SETFD, FD_CLOEXEC) \
    ? 0 \
    : -1)
#else
#define pipe_cloexec(pipefd) pipe(pipefd)
#endif

Which of course is wrong, FreeBSD 9.3 has O_CLOEXEC but no pipe2.

Thanks,
Cedric
Comment 1 Guido Falsi freebsd_committer 2016-10-28 10:46:48 UTC
Merge to quarterly not needed since this regression was introduced in version 1.4.42 while quarterly still has 1.4.41.
Comment 2 Guido Falsi freebsd_committer 2016-10-28 12:26:44 UTC
Created attachment 176239 [details]
patch

Attached patch should make it work on 9.x by restoring old behaviour on such systems.

Can the reporter please test this patch and report back?

Thanks.
Comment 3 Guido Falsi freebsd_committer 2016-10-28 12:32:31 UTC
Comment on attachment 176239 [details]
patch

Sorry this patch is broken, I made a mistake, will post a revised one shortly.
Comment 4 Guido Falsi freebsd_committer 2016-10-28 12:42:13 UTC
Created attachment 176240 [details]
patch

New patch, this one should work.

Please test and report back.

Thanks.
Comment 5 cedric 2016-10-28 13:22:13 UTC
Looking at your patch, I don't understand why you need the second part.

Looking here:
https://www.freebsd.org/cgi/man.cgi?query=fcntl&apropos=0&sektion=2&manpath=FreeBSD+9.3-stable&arch=default&format=html

FreeBSD 9.3 should understand fcntl(fd, F_SETFD, FD_CLOEXEC), which looks better
than a naked pipe() command.
Comment 6 Guido Falsi freebsd_committer 2016-10-28 13:34:39 UTC
Created attachment 176244 [details]
parch2

I did not check tghe fcntl man page, I just patched it to restore the code as it was in 1.4.41, which used pipe().

Here is a new patch which allows the second block to be used on 9.3 instead of the naked pipe().

Please test again and report back.
Comment 7 cedric 2016-10-28 13:38:48 UTC
ok, I can test in +/- 2 hours, when the users of the server are gone...
Comment 8 cedric 2016-10-29 08:53:03 UTC
Ok, sorry for the delay.

I've applied the latest patch (patch2) and lighttpd starts again properly.

I've tested with a tiny cgi script: it works, and the kdump output looks sane, the pipe() calls are followed by 2 successful fcntl().

[root@xxx]# uname -a
FreeBSD xxx 9.3-RELEASE-p49 FreeBSD 9.3-RELEASE-p49 #5: Wed Oct 26 16:35:24 CEST 2016

[root@xxx]# kdump|grep -C5 pipe
 40791 lighttpd RET   sendto 96/0x60
 40791 lighttpd CALL  stat(0x80183a540,0x7fffffffdeb0)
 40791 lighttpd NAMI  "/bin/sh"
 40791 lighttpd STRU  struct stat {...}
 40791 lighttpd RET   stat 0
 40791 lighttpd CALL  pipe
 40791 lighttpd RET   pipe 6
 40791 lighttpd CALL  fcntl(0x6,F_SETFD,FD_CLOEXEC)
 40791 lighttpd RET   fcntl 0
 40791 lighttpd CALL  fcntl(0x7,F_SETFD,FD_CLOEXEC)
 40791 lighttpd RET   fcntl 0
 40791 lighttpd CALL  pipe
 40791 lighttpd RET   pipe 8
 40791 lighttpd CALL  fcntl(0x8,F_SETFD,FD_CLOEXEC)
 40791 lighttpd RET   fcntl 0
 40791 lighttpd CALL  fcntl(0x9,F_SETFD,FD_CLOEXEC)
 40791 lighttpd RET   fcntl 0
 40791 lighttpd CALL  fork
Comment 9 Piotr Kubaj freebsd_committer 2016-10-31 11:55:43 UTC
Looks fine.

Also, it should be MFH'd together with update to 1.4.42 because of unspecified security issues (mentioned in the mail from Glenn Strauss when he announced 1.4.42):
"Note: mod_authn_mysql takes the place of the FreeBSD patches (which were
user-contributed and have security issues -- it might be a good idea to
discuss issuing a CVE)."

I'm not sure whether I'm a person to request a CVE since I don't even have any details about it - a simple MFH should be enough.
Comment 10 Guido Falsi freebsd_committer 2016-10-31 15:18:57 UTC
(In reply to Piotr Kubaj from comment #9)
> Looks fine.
> 
> Also, it should be MFH'd together with update to 1.4.42 because of
> unspecified security issues (mentioned in the mail from Glenn Strauss when
> he announced 1.4.42):
> "Note: mod_authn_mysql takes the place of the FreeBSD patches (which were
> user-contributed and have security issues -- it might be a good idea to
> discuss issuing a CVE)."
> 
> I'm not sure whether I'm a person to request a CVE since I don't even have
> any details about it - a simple MFH should be enough.

No need for a CVE, that's the software developer's role.

Your notification here is enough, I'm going to commit this fix and ask for MFH after committing this fix.
Comment 11 commit-hook freebsd_committer 2016-10-31 17:56:26 UTC
A commit references this bug:

Author: madpilot
Date: Mon Oct 31 17:55:24 UTC 2016
New revision: 425017
URL: https://svnweb.freebsd.org/changeset/ports/425017

Log:
  Fix this port at runtime on 9.3.

  PR:		213848
  Submitted by:	cedric@precidata.com
  Approved by:	pkubaj@anongoth.pl (maintainer)

Changes:
  head/www/lighttpd/Makefile
  head/www/lighttpd/files/patch-src_mod__cgi.c
Comment 12 commit-hook freebsd_committer 2016-10-31 20:07:46 UTC
A commit references this bug:

Author: madpilot
Date: Mon Oct 31 20:07:35 UTC 2016
New revision: 425022
URL: https://svnweb.freebsd.org/changeset/ports/425022

Log:
  MFH: r424396 r425017

  - Update lighttpd to 1.4.42 [1]
  - Convert WEBDAV option to option helpers [1]
  - Remove MYSQLAUTH option, upstream integrated their own solution
    in MYSQL support [1]
  - Add GEOIP option to main port [1]
  - Fix sorting in pkg-plist [1]
  - Remove lighttpd-mod_geoip port, it's beeen integrated in the main
    port [2]

  PR:		213568 [1], 213569 [2]
  Sumitted by:	Piotr Kubaj <pkubaj@anongoth.pl> (maintainer)

  Fix this port at runtime on 9.3.

  PR:		213848
  Submitted by:	cedric@precidata.com
  Approved by:	pkubaj@anongoth.pl (maintainer)

  Approved by:	ports-secteam (feld)

Changes:
_U  branches/2016Q4/
  branches/2016Q4/MOVED
  branches/2016Q4/www/Makefile
  branches/2016Q4/www/lighttpd/Makefile
  branches/2016Q4/www/lighttpd/distinfo
  branches/2016Q4/www/lighttpd/files/README.mysqlauth
  branches/2016Q4/www/lighttpd/files/extra-patch-src_Makefile.am
  branches/2016Q4/www/lighttpd/files/extra-patch-src_Makefile.in
  branches/2016Q4/www/lighttpd/files/extra-patch-src_http__auth.c
  branches/2016Q4/www/lighttpd/files/extra-patch-src_http__auth.h
  branches/2016Q4/www/lighttpd/files/extra-patch-src_mod__auth.c
  branches/2016Q4/www/lighttpd/files/mysql_auth.sql
  branches/2016Q4/www/lighttpd/files/patch-src_mod__cgi.c
  branches/2016Q4/www/lighttpd/files/patch-src_mod__fastcgi.c
  branches/2016Q4/www/lighttpd/files/patch-src_mod__proxy.c
  branches/2016Q4/www/lighttpd/files/patch-src_mod__scgi.c
  branches/2016Q4/www/lighttpd/pkg-plist
  branches/2016Q4/www/lighttpd-mod_geoip/
Comment 13 Guido Falsi freebsd_committer 2016-10-31 20:10:09 UTC
Committed and merged. Thanks!
Comment 14 cedric 2016-11-02 13:30:56 UTC
Thanks for fixing this.

I'm reopening this because, while I've not tested and compiled the new 1.4.43 version on 9.3, I believe it is broken again. 1.4.43 has a "fix" with this comment:

    [mod_cgi] FreeBSD 9.3 does not have pipe2()
    FreeBSD 9.3 has O_CLOEXEC, but does not have pipe2() until FreeBSD 10.
    FreeBSD 10 also adds F_DUPFD_CLOEXEC, so use that as indicator
    https://wiki.freebsd.org/AtomicCloseOnExec

Which seems nonsense to me because the above "AtomicCloseOnExec" states that
F_DUPFD_CLOEXEC has been added to FreeBSD 9.2 too...

QA (and reading skills) at lighttpd has gone to hell lately.

Sorry.
Comment 15 Piotr Kubaj freebsd_committer 2016-11-02 13:49:27 UTC
(In reply to cedric from comment #14)
Damn...
I checked Lighttpd git log and saw that they fixed it, although in a different way so I assumed they had checked that it worked. After compiling myself Lighttpd 1.4.43 in 9.3, I can actually see that it fails. I'll send an updated patch in a minute.

Be aware that 9.3 is nearing EOL and I'll remove this patch in January.
Comment 16 Piotr Kubaj freebsd_committer 2016-11-02 14:08:37 UTC
Created attachment 176432 [details]
patch

Please test this patch. If it's fine, it's ready to commit.
Comment 17 cedric 2016-11-02 15:08:41 UTC
I cannot test it today, but it reads fine.
Comment 18 commit-hook freebsd_committer 2016-11-03 15:02:47 UTC
A commit references this bug:

Author: madpilot
Date: Thu Nov  3 15:02:35 UTC 2016
New revision: 425228
URL: https://svnweb.freebsd.org/changeset/ports/425228

Log:
  Fix again usage of pipe2(2) in 9.3

  PR:		213848
  Submitted by:	cedric <cedric@precidata.com>
  Patch by:	Piotr Kubaj <pkubaj@anongoth.pl> (maintainer)

Changes:
  head/www/lighttpd/Makefile
  head/www/lighttpd/files/patch-src_mod__cgi.c
Comment 19 Guido Falsi freebsd_committer 2016-11-03 15:06:18 UTC
Patch committed! Thanks!