SLFO-pool/FastCGI
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: SLFO-pool:1.1
Branches Tags
SLFO-pool:main SLFO-pool:1.1
...
pull from: SLFO-pool:main
Branches Tags
SLFO-pool:main SLFO-pool:1.1

2 Commits
1.1 ... main

Author SHA256 Message Date
Adrian Schröter
e72c0e2c3f Sync from SUSE:SLFO:Main FastCGI revision e7e41f80b419c13cef46c17e82980d6f 2025-07-19 09:43:15 +02:00
Adrian Schröter
35c841189b Sync from SUSE:SLFO:Main FastCGI revision 06ff7169af6f8a3e66adbcaffcec077f 2025-04-25 21:12:37 +02:00
13 changed files with 59 additions and 440 deletions
Expand all files Collapse all files

BIN
2.4.0.tar.gz (Stored with Git LFS)
View File

Binary file not shown.

BIN
2.4.6.tar.gz (Stored with Git LFS) Normal file
View File

Binary file not shown.

88
FastCGI-clientdata_pointer.patch
View File

@@ -1,88 +0,0 @@
--- cgi-fcgi/cgi-fcgi.c
+++ cgi-fcgi/cgi-fcgi.c
@@ -21,6 +21,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <sys/types.h>
#include "fcgi_config.h"
@@ -145,7 +146,7 @@
static int bytesToRead; /* number of bytes to read from Web Server */
-static int appServerSock = -1; /* Socket connected to FastCGI application,
+static size_t appServerSock = -1; /* Socket connected to FastCGI application,
* used by AppServerReadHandler and
* AppServerWriteHandler. */
static Buffer fromAS; /* Bytes read from the FCGI application server. */
@@ -640,7 +641,7 @@
}
if((av[ac] = (char *)malloc(strlen(tp1)+1)) == NULL) {
fprintf(stderr, "Cannot allocate %d bytes\n",
- strlen(tp1)+1);
+ (int)strlen(tp1)+1);
exit(-1);
}
strcpy(av[ac++], tp1);
--- examples/threaded.c
+++ examples/threaded.c
@@ -24,7 +24,7 @@
static void *doit(void *a)
{
- int rc, i, thread_id = (int)a;
+ size_t rc, i, thread_id = (size_t)a;
pid_t pid = getpid();
FCGX_Request request;
char *server_name;
@@ -53,7 +53,7 @@
"<h1>FastCGI Hello! (multi-threaded C, fcgiapp library)</h1>"
"Thread %d, Process %ld<p>"
"Request counts for %d threads running on host <i>%s</i><p><code>",
- thread_id, pid, THREAD_COUNT, server_name ? server_name : "?");
+ (int)thread_id, pid, THREAD_COUNT, server_name ? server_name : "?");
sleep(2);
@@ -71,7 +71,7 @@
int main(void)
{
- int i;
+ size_t i;
pthread_t id[THREAD_COUNT];
FCGX_Init();
--- include/fcgios.h
+++ include/fcgios.h
@@ -93,7 +93,7 @@
# if defined(__STDC__) || defined(__cplusplus)
typedef void *ClientData;
# else
- typedef int *ClientData;
+ typedef size_t *ClientData;
# endif /* __STDC__ */
#define _CLIENTDATA
#endif
--- libfcgi/os_unix.c
+++ libfcgi/os_unix.c
@@ -1155,7 +1155,7 @@
for (;;) {
do {
-#ifdef HAVE_SOCKLEN
+#ifdef HAVE_SYS_SOCKET_H
socklen_t len = sizeof(sa);
#else
int len = sizeof(sa);
@@ -1255,7 +1255,7 @@
struct sockaddr_in in;
struct sockaddr_un un;
} sa;
-#ifdef HAVE_SOCKLEN
+#ifdef HAVE_SYS_SOCKET_H
socklen_t len = sizeof(sa);
#else
int len = sizeof(sa);

53
FastCGI-fix_deprecated_api.patch
View File

@@ -1,53 +0,0 @@
From: Florian Ragwitz <rafl@debian.org>
Date: Sat, 24 Sep 2011 07:54:33 +0000 (+0200)
Subject: Stop leaking information across requests
X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits%2Ffcgi2.git;a=commitdiff_plain;h=297693dc8362d25bb25e473899c72508a0f71d2e
Stop leaking information across requests
%hash is false if the hash hasn't been assigned to, *or* if the hash is simply
empty. This causes the environment from the *second* request (that is, the
environment produced by the first request) to be saved as default if the first
request had empty environment. This way, request after the first can get access
to credentials set up by the first request.
Instead of fixing this, I'd much rather remove this old and buggy
interface. However, 10 years of deprecation don't seem to have been enough for
CGI::Fast to switch to the new and properly supported interface. :-(
This is CVE-2011-2766.
---
Index: perl/FCGI.PL
===================================================================
--- perl/FCGI.PL.orig 2002-12-15 21:02:48.000000000 +0100
+++ perl/FCGI.PL 2011-12-12 11:24:08.885998082 +0100
@@ -291,14 +291,14 @@ sub Request(;***$*$) {
sub accept() {
warn "accept called as a method; you probably wanted to call Accept" if @_;
- if (defined %FCGI::ENV) {
- %ENV = %FCGI::ENV;
+ if ( defined($FCGI::ENV) ) {
+ %ENV = %$FCGI::ENV;
} else {
- %FCGI::ENV = %ENV;
+ $FCGI::ENV = {%ENV};
}
my $rc = Accept($global_request);
- for (keys %FCGI::ENV) {
- $ENV{$_} = $FCGI::ENV{$_} unless exists $ENV{$_};
+ for (keys %$FCGI::ENV) {
+ $ENV{$_} = $FCGI::ENV->{$_} unless exists $ENV{$_};
}
# not SFIO
@@ -310,7 +310,7 @@ sub accept() {
sub finish() {
warn "finish called as a method; you probably wanted to call Finish" if @_;
- %ENV = %FCGI::ENV if (defined %FCGI::ENV);
+ %ENV = %$FCGI::ENV if defined($FCGI::ENV);
# not SFIO
if (tied (*STDIN)) {

10
FastCGI-gcc44.patch
View File

@@ -1,10 +0,0 @@
--- libfcgi/fcgio.cpp
+++ libfcgi/fcgio.cpp
@@ -23,6 +23,7 @@
#endif
#include <limits.h>
+#include <stdio.h>
#include "fcgio.h"
using std::streambuf;

33
FastCGI-makefile.am_cppflags.patch
View File

@@ -1,33 +0,0 @@
--- cgi-fcgi/Makefile.am
+++ cgi-fcgi/Makefile.am
@@ -2,7 +2,7 @@
bin_PROGRAMS = cgi-fcgi
INCLUDEDIR = ../include
-CPPFLAGS = @CPPFLAGS@ -I$(top_srcdir)/include
+AM_CPPFLAGS = @CPPFLAGS@ -I$(top_srcdir)/include
INCLUDE_FILES = $(INCLUDEDIR)/fastcgi.h \
$(INCLUDEDIR)/fcgiapp.h \
--- examples/Makefile.am
+++ examples/Makefile.am
@@ -11,7 +11,7 @@
EXTRA_PROGRAMS = threaded echo-cpp
INCLUDEDIR = ../include
-CPPFLAGS = @CPPFLAGS@ -I$(top_srcdir)/include
+AM_CPPFLAGS = @CPPFLAGS@ -I$(top_srcdir)/include
INCLUDE_FILES = $(INCLUDEDIR)/fastcgi.h \
$(INCLUDEDIR)/fcgiapp.h \
--- libfcgi/Makefile.am
+++ libfcgi/Makefile.am
@@ -1,7 +1,7 @@
# $Id: Makefile.am,v 1.9 2001/12/22 03:16:20 robs Exp $
INCLUDEDIR = ../include
-CPPFLAGS = @CPPFLAGS@ -I$(top_srcdir)/include
+AM_CPPFLAGS = @CPPFLAGS@ -I$(top_srcdir)/include
INCLUDE_FILES = $(INCLUDEDIR)/fastcgi.h \
$(INCLUDEDIR)/fcgiapp.h \

26
FastCGI-perl514.patch
View File

@@ -1,26 +0,0 @@
--- perl/Makefile.PL 2002-12-15 20:40:19.000000000 +0100
+++ perl/Makefile.PL 2011-05-26 22:28:06.673024204 +0200
@@ -99,10 +99,7 @@
# the contents of the Makefile that is written.
# Work around bug in previous versions of MakeMaker
-WriteMakefile(NAME => 'FCGI')
- if $ExtUtils::MakeMaker::VERSION <= 5.4302;
-
-$mm = MM->new({
+WriteMakefile(
'NAME' => 'FCGI',
'VERSION_FROM' => 'version.pm',
'dist' => { 'COMPRESS' => 'gzip -9f',
@@ -123,10 +120,7 @@
'PL_FILES' => $plfiles,
PM => {'FCGI.pm' => '$(INST_ARCHLIBDIR)/FCGI.pm'},
@extras,
-});
-# don't install oldinterface pod
-delete $mm->{MAN3PODS}{oldinterface.pod};
-$mm->flush;
+);
exit if -f 'fcgi_config.h' or $libfound or $pure;

13
FastCGI-perl526.patch
View File

@@ -1,13 +0,0 @@
Index: fcgi-2.4.0/perl/FCGI.PL
===================================================================
--- fcgi-2.4.0.orig/perl/FCGI.PL
+++ fcgi-2.4.0/perl/FCGI.PL
@@ -1,7 +1,7 @@
use Config;
use ExtUtils::MakeMaker;
-do 'FCGI.cfg' or die "no FCGI.cfg";
+do './FCGI.cfg' or die "no FCGI.cfg";
open OUT, ">FCGI.pm";

121
FastCGI-supervise_cgi-fcgi.patch
View File

@@ -1,121 +0,0 @@
Index: cgi-fcgi/cgi-fcgi.c
===================================================================
--- cgi-fcgi/cgi-fcgi.c.orig
+++ cgi-fcgi/cgi-fcgi.c
@@ -22,6 +22,8 @@
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
+#include <sys/wait.h>
+#include <signal.h>
#include "fcgi_config.h"
@@ -583,7 +585,7 @@
#define MAXARGS 16
static int ParseArgs(int argc, char *argv[],
int *doBindPtr, int *doStartPtr,
- char *connectPathPtr, char *appPathPtr, int *nServersPtr) {
+ char *connectPathPtr, char *appPathPtr, int *nServersPtr, int *doDaemonPtr) {
int i,
x,
err = 0,
@@ -599,6 +601,7 @@
*connectPathPtr = '\0';
*appPathPtr = '\0';
*nServersPtr = 0;
+ *doDaemonPtr = TRUE;
for(i = 0; i < MAXARGS; i++)
av[i] = NULL;
@@ -649,7 +652,7 @@
}
}
err = ParseArgs(ac, av, doBindPtr, doStartPtr,
- connectPathPtr, appPathPtr, nServersPtr);
+ connectPathPtr, appPathPtr, nServersPtr, doDaemonPtr);
for(x = 1; x < ac; x++) {
ASSERT(av[x] != NULL);
free(av[x]);
@@ -673,7 +676,9 @@
} else {
strcpy(connectPathPtr, argv[i]);
}
- } else {
+ } else if(!strcmp(argv[i], "-supervise")) {
+ *doDaemonPtr = FALSE;
+ } else {
fprintf(stderr, "Unknown option %s\n", argv[i]);
err++;
}
@@ -718,6 +723,15 @@
return err;
}
+void handle_shutdown(int s)
+{
+ /* Kill our children processes */
+ signal(s, SIG_IGN);
+ kill(0, s);
+
+ exit(0);
+}
+
int main(int argc, char **argv)
{
char **envp = environ;
@@ -728,20 +742,22 @@
int headerLen, valueLen;
char *equalPtr;
FCGI_BeginRequestRecord beginRecord;
- int doBind, doStart, nServers;
+ int doBind, doStart, nServers, doDaemon;
char appPath[MAXPATHLEN], bindPath[MAXPATHLEN];
+ int pid;
if(ParseArgs(argc, argv, &doBind, &doStart,
- (char *) &bindPath, (char *) &appPath, &nServers)) {
+ (char *) &bindPath, (char *) &appPath, &nServers, &doDaemon)) {
fprintf(stderr,
"Usage:\n"
" cgi-fcgi -f <cmdPath> , or\n"
" cgi-fcgi -connect <connName> <appPath> [<nServers>] , or\n"
-" cgi-fcgi -start -connect <connName> <appPath> [<nServers>] , or\n"
+" cgi-fcgi -start -connect [-supervise] <connName> <appPath> [<nServers>] , or\n"
" cgi-fcgi -bind -connect <connName> ,\n"
"where <connName> is either the pathname of a UNIX domain socket\n"
"or (if -bind is given) a hostName:portNumber specification\n"
-"or (if -start is given) a :portNumber specification (uses local host).\n");
+"or (if -start is given) a :portNumber specification (uses local host).\n"
+"-supervise is for running with runit or daemontools.\n");
exit(1);
}
@@ -757,12 +773,27 @@
bytesToRead = 0;
}
+ /* Become a process group leader */
+ setsid();
+
+ /* Register our signal handler */
+ signal(SIGHUP, handle_shutdown);
+ signal(SIGINT, handle_shutdown);
+ signal(SIGTERM, handle_shutdown);
+
if(doBind) {
appServerSock = OS_FcgiConnect(bindPath);
}
if(doStart && (!doBind || appServerSock < 0)) {
FCGI_Start(bindPath, appPath, nServers);
if(!doBind) {
+ if(!doDaemon) {
+ for(pid=nServers; pid != 0; pid--) {
+ wait(0);
+ }
+ }
+ signal(SIGTERM, SIG_IGN);
+ kill(0, SIGTERM);
exit(0);
} else {
appServerSock = OS_FcgiConnect(bindPath);

40
FastCGI.changes
View File

@@ -1,3 +1,41 @@
-------------------------------------------------------------------
Fri Jun 13 12:23:07 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- Update to 2.4.6 (boo#1243325 CVE-2025-23016)
switch to https://github.com/FastCGI-Archives/fcgi2
lots of small bugs fixes and incorporation of patches that
distros carried in the past
- drop patches which are included upstream
FastCGI-clientdata_pointer.patch
FastCGI-gcc44.patch
FastCGI-makefile.am_cppflags.patch
FastCGI-supervise_cgi-fcgi.patch
fastcgi-2.4.0_missing_call_to_fclose.patch
- drop patches obsoleted by changes to the perl building
FastCGI-fix_deprecated_api.patch
FastCGI-perl514.patch
FastCGI-perl526.patch
-------------------------------------------------------------------
Tue Oct 8 14:33:00 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
- add the normalized provides for perl(FCGI) until auto provides is
fixed
-------------------------------------------------------------------
Thu Jun 13 08:49:48 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
- Rename perl-FastCGI subpackage to perl-FCGI: adjust the package
name to the actual perl module name.
-------------------------------------------------------------------
Wed May 15 07:42:02 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
- Use %autosetup macro: allows us to eliminate usage of deprecated
%patchN syntax.
- Rebase FastCGI-perl526.patch to apply with -p0, like all the
other patches.
-------------------------------------------------------------------
Thu May 11 15:44:16 UTC 2023 - Frederic Crozat <fcrozat@suse.com>
@@ -46,7 +84,7 @@ Tue Mar 27 08:35:39 UTC 2012 - cfarrell@suse.com
SPDX.org. Fedora tracks this as OML.
-------------------------------------------------------------------
Wed Dec 21 16:14:12 UTC 2011 - mrueckert@suse.com
Wed Dec 21 16:14:12 UTC 2011 - mrueckert@suse.de
- added FastCGI-fix_deprecated_api.patch: (bnc#735882)
Fixes an issue where CGI.pm received CGI variables from previous

58
FastCGI.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package FastCGI
#
# Copyright (c) 2023 SUSE LLC
# Copyright (c) 2025 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,26 +18,18 @@
Name: FastCGI
%define lname libfcgi0
Version: 2.4.0
Version: 2.4.6
Release: 0
Summary: A Scalable, Open Extension to CGI
License: OML
Group: Development/Languages/C and C++
URL: https://fastcgi-archives.github.io/
Source: https://github.com/FastCGI-Archives/fcgi2/archive/%{version}.tar.gz
Source1: README.supervise
Patch0: FastCGI-makefile.am_cppflags.patch
Patch1: FastCGI-clientdata_pointer.patch
Patch2: FastCGI-supervise_cgi-fcgi.patch
Patch3: fastcgi-2.4.0_missing_call_to_fclose.patch
Patch4: FastCGI-gcc44.patch
Patch5: FastCGI-perl514.patch
Patch6: FastCGI-fix_deprecated_api.patch
Patch7: FastCGI-perl526.patch
BuildRequires: automake
BuildRequires: gcc-c++
BuildRequires: libtool
BuildRequires: perl
BuildRequires: pkg-config
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -67,33 +59,23 @@ FastCGI is a language independent, scalable, open extension to CGI that
provides high performance without the limitations of server specific
APIs.
%package -n perl-FastCGI
%package -n perl-FCGI
Summary: A scalable, open extension to CGI
Group: Development/Languages/C and C++
Requires: %{name} = %{version}
%if 0%{?suse_version} < 1120
Requires: perl >= 5.8.0
%else
Provides: perl-FastCGI = %{version}-%{release}
Obsoletes: perl-FastCGI < %{version}-%{release}
Provides: perl(FCGI) = 0.670.0
%{perl_requires}
%endif
%description -n perl-FastCGI
%description -n perl-FCGI
FastCGI is a language independent, scalable, open extension to CGI that
provides high performance without the limitations of server specific
APIs.
%prep
%setup -n fcgi2-%{version}
%patch0
%patch1
%patch2
%patch3
%patch4
%patch5
%patch6
%patch7 -p1
touch NEWS AUTHORS ChangeLog COPYING
find doc/{fastcgi-prog-guide,fastcgi-whitepaper} -type f -print0 | xargs -r0 chmod 0644
%autosetup -n fcgi2-%{version} -p0
find examples/ doc/{fastcgi-prog-guide,fastcgi-whitepaper} -type f -print0 | xargs -r0 chmod 0644
cp include/fcgi_config.h.in .
cp include/fcgi_config.h.in perl
@@ -128,16 +110,15 @@ popd
%{__install} -m 0644 examples/* %{buildroot}%{_docdir}/%{name}/examples/
%{__install} -m 0644 doc/*.1 %{buildroot}%{_mandir}/man1/
%{__install} -m 0644 doc/*.3 %{buildroot}%{_mandir}/man3/
%{__install} -m 0644 doc/*.htm* doc/*.gif LICENSE.TERMS README \
%{__install} -m 0644 doc/*.htm* doc/*.gif LICENSE README.* \
%{buildroot}%{_docdir}/%{name}/
%{__install} -m 0644 perl/README %{buildroot}%{_docdir}/%{name}/README.perl
%{__install} -m 0644 perl/ChangeLog %{buildroot}%{_docdir}/%{name}/ChangeLog.perl
%{__cp} -vr doc/{fastcgi-prog-guide,fastcgi-whitepaper} java %{S:1} \
%{__cp} -vr doc/{fastcgi-prog-guide,fastcgi-whitepaper} java \
%{buildroot}%{_docdir}/%{name}/
rm -f %{buildroot}%{_libdir}/libfcgi*.la
%post -n %lname -p /sbin/ldconfig
%postun -n %lname -p /sbin/ldconfig
%ldconfig_scriptlets -n %lname
%files
%defattr(-,root,root)
@@ -147,24 +128,19 @@ rm -f %{buildroot}%{_libdir}/libfcgi*.la
%files devel
%defattr(-,root,root)
%dir %{_includedir}/fastcgi/
%{_includedir}/fastcgi/*
%{_includedir}/fastcgi/
%{_libdir}/libfcgi*.so
%{_mandir}/man3/*.3.gz
%{_libdir}/pkgconfig/fcgi*.pc
%files -n %lname
%defattr(-,root,root)
%{_libdir}/libfcgi*.so.*
%files -n perl-FastCGI
%files -n perl-FCGI
%defattr(-,root,root)
%{_mandir}/man3/*.3pm.gz
%{perl_vendorarch}/FCGI.pm
%dir %{perl_vendorarch}/auto/FCGI
%{perl_vendorarch}/auto/FCGI/*.*
%if %suse_version < 1140
%{perl_vendorarch}/auto/FCGI/.packlist
%{_var}/adm/perl-modules/%{name}
%endif
%{perl_vendorarch}/auto/FCGI/
%changelog

39
README.supervise
View File

@@ -1,39 +0,0 @@
taken from http://rubyists.com/articles/2005/05/03/spawn-fcgi-in-the-foreground:
spawn-fcgi in the foreground!
by Bougyman Tue, 03 May 2005 11:00:00 GMT
Been looking for a clean way to spawn fastcgi listeners in the foreground and I
believe Trey has figured it out. This patch should take care of it by keeping
spawn-fcgi from losing track of the copied listening processes and allow full
supervison. To use, call your cgi-fcgi -start -connect $host:$port script with
the -supervise option, like:
cgi-fcgi -start -supervise -connect 127.0.0.1:1791 /path/to/dispatch.fcgi
Full Supervise run script becomes
#!/bin/sh
RAIL_NUMBER=$(basename $PWD|awk -F'-' '{print $2}')
RAILS_HOST=$(<env/RAILS_HOST)
RAILS_ROOT=$(<env/RAILS_ROOT)
RAILS_PORT=179$RAIL_NUMBER
exec envdir ./env \
cgi-fcgi -supervise -start -connect \
$RAILS_HOST:$RAILS_PORT \
$RAILS_ROOT/public/dispatch.fcgi
This would be in a script called run in your ~/service/someapp-$RAIL_NUMBER
directory, where $RAIL_NUMBER is 1-99. The references to ./env require a
directory named env to be set up in the same directory as the run script.
This should have at least 3 files in it:
RAILS_ROOT => contains one line that is the full path to your rails root directory.
RAILS_ENV => contains one word, either production or development
RAILS_HOST => contains one IP address or FQDN
You can set any other environment variables in this way by simply creating a
file with the variable name and its contents will become the value of that
environment variable. Because of the envdir ./env call before the cgi-fcgi
call, your rails application has access to any variables set in this way.

12
fastcgi-2.4.0_missing_call_to_fclose.patch
View File

@@ -1,12 +0,0 @@
Index: cgi-fcgi/cgi-fcgi.c
===================================================================
--- cgi-fcgi/cgi-fcgi.c.orig 2009-09-17 18:14:16.000000000 +0200
+++ cgi-fcgi/cgi-fcgi.c 2009-09-17 18:19:16.139029013 +0200
@@ -651,6 +651,7 @@ static int ParseArgs(int argc, char *arg
tp1 = tp2;
}
}
+ fclose(fp);
err = ParseArgs(ac, av, doBindPtr, doStartPtr,
connectPathPtr, appPathPtr, nServersPtr, doDaemonPtr);
for(x = 1; x < ac; x++) {