| [vhffs-dev] [1387] * Added a tree by software for patches |
[ Thread Index |
Date Index
| More vhffs.org/vhffs-dev Archives
]
Revision: 1387
Author: gradator
Date: 2009-04-06 18:33:50 +0200 (Mon, 06 Apr 2009)
Log Message:
-----------
* Added a tree by software for patches
* Converted suphp patches from patch to dpatch
* Converted suphp patches from suphp-0.6.2-1+etch0 to suphp-0.6.2-3
(which also means from Etch to Lenny)
Added Paths:
-----------
trunk/vhffs-packages/patches/lighttpd/
trunk/vhffs-packages/patches/lighttpd/mod_partialcontentabuse.c
trunk/vhffs-packages/patches/mydns/
trunk/vhffs-packages/patches/mydns/mydns-1.1.0-7etch1-fix-bug-long-txt-reply.patch
trunk/vhffs-packages/patches/mysql/
trunk/vhffs-packages/patches/mysql/mysql-5.0.32-username-len.patch
trunk/vhffs-packages/patches/mysql/mysql-5.1.30-username-len.patch
trunk/vhffs-packages/patches/pureftpd/
trunk/vhffs-packages/patches/pureftpd/pureftpd-customerproof-tf.patch
trunk/vhffs-packages/patches/pureftpd/pureftpd-passivemodeandssl.patch
trunk/vhffs-packages/patches/suphp/
trunk/vhffs-packages/patches/suphp/10_TuxFamily-suphp-0.6.2-3-directorygroupcheck.dpatch
trunk/vhffs-packages/patches/suphp/11_TuxFamily-suphp-0.6.2-3-limits.dpatch
trunk/vhffs-packages/patches/suphp/12_TuxFamily-suphp-0.6.2-3-add-targetmode-execute.dpatch
trunk/vhffs-packages/patches/tfsyscall/
trunk/vhffs-packages/patches/tfsyscall/tfsyscall-0.1.0-2.6.24.4.patch
trunk/vhffs-packages/patches/tfsyscall/tfsyscall-0.1.1-2.6.23.16.patch
trunk/vhffs-packages/patches/tfsyscall/tfsyscall-0.1.1-2.6.25.11.patch
Removed Paths:
-------------
trunk/vhffs-packages/patches/mod_partialcontentabuse.c
trunk/vhffs-packages/patches/mydns-1.1.0-7etch1-fix-bug-long-txt-reply.patch
trunk/vhffs-packages/patches/mysql-5.0.32-username-len.patch
trunk/vhffs-packages/patches/mysql-5.1.30-username-len.patch
trunk/vhffs-packages/patches/pureftpd-customerproof-tf.patch
trunk/vhffs-packages/patches/pureftpd-passivemodeandssl.patch
trunk/vhffs-packages/patches/suphp-0.6.2-1+etch0-directorygroupcheck.patch
trunk/vhffs-packages/patches/suphp-0.6.2-1+etch0-limits.patch
trunk/vhffs-packages/patches/suphp-0.6.2-3-add-targetmode-execute.patch
trunk/vhffs-packages/patches/tfsyscall-0.1.0-2.6.24.4.patch
trunk/vhffs-packages/patches/tfsyscall-0.1.1-2.6.23.16.patch
trunk/vhffs-packages/patches/tfsyscall-0.1.1-2.6.25.11.patch
Copied: trunk/vhffs-packages/patches/lighttpd/mod_partialcontentabuse.c (from rev 1386, trunk/vhffs-packages/patches/mod_partialcontentabuse.c)
===================================================================
--- trunk/vhffs-packages/patches/lighttpd/mod_partialcontentabuse.c (rev 0)
+++ trunk/vhffs-packages/patches/lighttpd/mod_partialcontentabuse.c 2009-04-06 16:33:50 UTC (rev 1387)
@@ -0,0 +1,67 @@
+#include <ctype.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "base.h"
+#include "log.h"
+#include "buffer.h"
+
+#include "plugin.h"
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+INIT_FUNC(mod_partialcontentabuse_init) {
+ return malloc(1);
+}
+
+FREE_FUNC(mod_partialcontentabuse_free) {
+
+ UNUSED(srv);
+ if(p_d) free(p_d);
+ return HANDLER_GO_ON;
+}
+
+SETDEFAULTS_FUNC(mod_partialcontentabuse_set_defaults) {
+
+ UNUSED(srv);
+ UNUSED(p_d);
+ return HANDLER_GO_ON;
+}
+
+URIHANDLER_FUNC(mod_partialcontentabuse_uri_handler) {
+ size_t i;
+
+ UNUSED(srv);
+ UNUSED(p_d);
+
+ if (con->uri.path->used == 0) return HANDLER_GO_ON;
+ if ( !con->request.http_range ) return HANDLER_GO_ON;
+
+ for (i = 0; i < srv->conns->used; i++) {
+ connection *c = srv->conns->ptr[i];
+
+ if ( c != con && c->dst_addr.ipv4.sin_addr.s_addr == con->dst_addr.ipv4.sin_addr.s_addr && c->state > CON_STATE_REQUEST_END
+ && c->uri.path->used > 0 && !strcmp( c->uri.path->ptr , con->uri.path->ptr) ) {
+ con->http_status = 403;
+ return HANDLER_FINISHED;
+ }
+ }
+
+ return HANDLER_GO_ON;
+}
+
+int mod_partialcontentabuse_plugin_init(plugin *p) {
+ p->version = LIGHTTPD_VERSION_ID;
+ p->name = buffer_init_string("partialcontentabuse");
+
+ p->init = mod_partialcontentabuse_init;
+ p->handle_uri_clean = mod_partialcontentabuse_uri_handler;
+ p->set_defaults = mod_partialcontentabuse_set_defaults;
+ p->cleanup = mod_partialcontentabuse_free;
+
+ p->data = NULL;
+
+ return 0;
+}
Deleted: trunk/vhffs-packages/patches/mod_partialcontentabuse.c
===================================================================
--- trunk/vhffs-packages/patches/mod_partialcontentabuse.c 2009-03-18 23:26:23 UTC (rev 1386)
+++ trunk/vhffs-packages/patches/mod_partialcontentabuse.c 2009-04-06 16:33:50 UTC (rev 1387)
@@ -1,67 +0,0 @@
-#include <ctype.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "base.h"
-#include "log.h"
-#include "buffer.h"
-
-#include "plugin.h"
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-INIT_FUNC(mod_partialcontentabuse_init) {
- return malloc(1);
-}
-
-FREE_FUNC(mod_partialcontentabuse_free) {
-
- UNUSED(srv);
- if(p_d) free(p_d);
- return HANDLER_GO_ON;
-}
-
-SETDEFAULTS_FUNC(mod_partialcontentabuse_set_defaults) {
-
- UNUSED(srv);
- UNUSED(p_d);
- return HANDLER_GO_ON;
-}
-
-URIHANDLER_FUNC(mod_partialcontentabuse_uri_handler) {
- size_t i;
-
- UNUSED(srv);
- UNUSED(p_d);
-
- if (con->uri.path->used == 0) return HANDLER_GO_ON;
- if ( !con->request.http_range ) return HANDLER_GO_ON;
-
- for (i = 0; i < srv->conns->used; i++) {
- connection *c = srv->conns->ptr[i];
-
- if ( c != con && c->dst_addr.ipv4.sin_addr.s_addr == con->dst_addr.ipv4.sin_addr.s_addr && c->state > CON_STATE_REQUEST_END
- && c->uri.path->used > 0 && !strcmp( c->uri.path->ptr , con->uri.path->ptr) ) {
- con->http_status = 403;
- return HANDLER_FINISHED;
- }
- }
-
- return HANDLER_GO_ON;
-}
-
-int mod_partialcontentabuse_plugin_init(plugin *p) {
- p->version = LIGHTTPD_VERSION_ID;
- p->name = buffer_init_string("partialcontentabuse");
-
- p->init = mod_partialcontentabuse_init;
- p->handle_uri_clean = mod_partialcontentabuse_uri_handler;
- p->set_defaults = mod_partialcontentabuse_set_defaults;
- p->cleanup = mod_partialcontentabuse_free;
-
- p->data = NULL;
-
- return 0;
-}
Copied: trunk/vhffs-packages/patches/mydns/mydns-1.1.0-7etch1-fix-bug-long-txt-reply.patch (from rev 1386, trunk/vhffs-packages/patches/mydns-1.1.0-7etch1-fix-bug-long-txt-reply.patch)
===================================================================
--- trunk/vhffs-packages/patches/mydns/mydns-1.1.0-7etch1-fix-bug-long-txt-reply.patch (rev 0)
+++ trunk/vhffs-packages/patches/mydns/mydns-1.1.0-7etch1-fix-bug-long-txt-reply.patch 2009-04-06 16:33:50 UTC (rev 1387)
@@ -0,0 +1,12 @@
+diff -Nru a/src/mydns/reply.c b/src/mydns/reply.c
+--- a/src/mydns/reply.c 2008-11-07 15:22:55.000000000 +0100
++++ b/src/mydns/reply.c 2008-11-07 15:22:43.000000000 +0100
+@@ -571,7 +571,7 @@
+ reply_add_txt(TASK *t, RR *r)
+ {
+ char *dest;
+- char size;
++ size_t size;
+ size_t len;
+ MYDNS_RR *rr = (MYDNS_RR *)r->rr;
+
Deleted: trunk/vhffs-packages/patches/mydns-1.1.0-7etch1-fix-bug-long-txt-reply.patch
===================================================================
--- trunk/vhffs-packages/patches/mydns-1.1.0-7etch1-fix-bug-long-txt-reply.patch 2009-03-18 23:26:23 UTC (rev 1386)
+++ trunk/vhffs-packages/patches/mydns-1.1.0-7etch1-fix-bug-long-txt-reply.patch 2009-04-06 16:33:50 UTC (rev 1387)
@@ -1,12 +0,0 @@
-diff -Nru a/src/mydns/reply.c b/src/mydns/reply.c
---- a/src/mydns/reply.c 2008-11-07 15:22:55.000000000 +0100
-+++ b/src/mydns/reply.c 2008-11-07 15:22:43.000000000 +0100
-@@ -571,7 +571,7 @@
- reply_add_txt(TASK *t, RR *r)
- {
- char *dest;
-- char size;
-+ size_t size;
- size_t len;
- MYDNS_RR *rr = (MYDNS_RR *)r->rr;
-
Copied: trunk/vhffs-packages/patches/mysql/mysql-5.0.32-username-len.patch (from rev 1386, trunk/vhffs-packages/patches/mysql-5.0.32-username-len.patch)
===================================================================
--- trunk/vhffs-packages/patches/mysql/mysql-5.0.32-username-len.patch (rev 0)
+++ trunk/vhffs-packages/patches/mysql/mysql-5.0.32-username-len.patch 2009-04-06 16:33:50 UTC (rev 1387)
@@ -0,0 +1,14 @@
+diff -Nru a/include/mysql_com.h b/include/mysql_com.h
+--- a/include/mysql_com.h 2004-09-07 00:29:46.000000000 +0200
++++ b/include/mysql_com.h 2004-11-07 23:33:36.000000000 +0100
+@@ -22,8 +22,8 @@
+ #define _mysql_com_h
+
+ #define NAME_LEN 64 /* Field/table name length */
+-#define HOSTNAME_LENGTH 60
+-#define USERNAME_LENGTH 16
++#define HOSTNAME_LENGTH 64
++#define USERNAME_LENGTH 128
+ #define SERVER_VERSION_LENGTH 60
+
+ #define LOCAL_HOST "localhost"
Copied: trunk/vhffs-packages/patches/mysql/mysql-5.1.30-username-len.patch (from rev 1386, trunk/vhffs-packages/patches/mysql-5.1.30-username-len.patch)
===================================================================
--- trunk/vhffs-packages/patches/mysql/mysql-5.1.30-username-len.patch (rev 0)
+++ trunk/vhffs-packages/patches/mysql/mysql-5.1.30-username-len.patch 2009-04-06 16:33:50 UTC (rev 1387)
@@ -0,0 +1,16 @@
+diff -Nru a/include/mysql_com.h b/include/mysql_com.h
+--- a/include/mysql_com.h 2008-12-24 16:14:50.000000000 +0000
++++ b/include/mysql_com.h 2008-12-24 16:15:44.000000000 +0000
+@@ -20,10 +20,10 @@
+ #ifndef _mysql_com_h
+ #define _mysql_com_h
+
+-#define HOSTNAME_LENGTH 60
++#define HOSTNAME_LENGTH 64
+ #define SYSTEM_CHARSET_MBMAXLEN 3
+ #define NAME_CHAR_LEN 64 /* Field/table name length */
+-#define USERNAME_CHAR_LENGTH 16
++#define USERNAME_CHAR_LENGTH 128
+ #define NAME_LEN (NAME_CHAR_LEN*SYSTEM_CHARSET_MBMAXLEN)
+ #define USERNAME_LENGTH (USERNAME_CHAR_LENGTH*SYSTEM_CHARSET_MBMAXLEN)
+
Deleted: trunk/vhffs-packages/patches/mysql-5.0.32-username-len.patch
===================================================================
--- trunk/vhffs-packages/patches/mysql-5.0.32-username-len.patch 2009-03-18 23:26:23 UTC (rev 1386)
+++ trunk/vhffs-packages/patches/mysql-5.0.32-username-len.patch 2009-04-06 16:33:50 UTC (rev 1387)
@@ -1,14 +0,0 @@
-diff -Nru a/include/mysql_com.h b/include/mysql_com.h
---- a/include/mysql_com.h 2004-09-07 00:29:46.000000000 +0200
-+++ b/include/mysql_com.h 2004-11-07 23:33:36.000000000 +0100
-@@ -22,8 +22,8 @@
- #define _mysql_com_h
-
- #define NAME_LEN 64 /* Field/table name length */
--#define HOSTNAME_LENGTH 60
--#define USERNAME_LENGTH 16
-+#define HOSTNAME_LENGTH 64
-+#define USERNAME_LENGTH 128
- #define SERVER_VERSION_LENGTH 60
-
- #define LOCAL_HOST "localhost"
Deleted: trunk/vhffs-packages/patches/mysql-5.1.30-username-len.patch
===================================================================
--- trunk/vhffs-packages/patches/mysql-5.1.30-username-len.patch 2009-03-18 23:26:23 UTC (rev 1386)
+++ trunk/vhffs-packages/patches/mysql-5.1.30-username-len.patch 2009-04-06 16:33:50 UTC (rev 1387)
@@ -1,16 +0,0 @@
-diff -Nru a/include/mysql_com.h b/include/mysql_com.h
---- a/include/mysql_com.h 2008-12-24 16:14:50.000000000 +0000
-+++ b/include/mysql_com.h 2008-12-24 16:15:44.000000000 +0000
-@@ -20,10 +20,10 @@
- #ifndef _mysql_com_h
- #define _mysql_com_h
-
--#define HOSTNAME_LENGTH 60
-+#define HOSTNAME_LENGTH 64
- #define SYSTEM_CHARSET_MBMAXLEN 3
- #define NAME_CHAR_LEN 64 /* Field/table name length */
--#define USERNAME_CHAR_LENGTH 16
-+#define USERNAME_CHAR_LENGTH 128
- #define NAME_LEN (NAME_CHAR_LEN*SYSTEM_CHARSET_MBMAXLEN)
- #define USERNAME_LENGTH (USERNAME_CHAR_LENGTH*SYSTEM_CHARSET_MBMAXLEN)
-
Copied: trunk/vhffs-packages/patches/pureftpd/pureftpd-customerproof-tf.patch (from rev 1386, trunk/vhffs-packages/patches/pureftpd-customerproof-tf.patch)
===================================================================
--- trunk/vhffs-packages/patches/pureftpd/pureftpd-customerproof-tf.patch (rev 0)
+++ trunk/vhffs-packages/patches/pureftpd/pureftpd-customerproof-tf.patch 2009-04-06 16:33:50 UTC (rev 1387)
@@ -0,0 +1,32 @@
+diff -Nru a/src/ftpd.c b/src/ftpd.c
+--- a/src/ftpd.c 2006-09-30 18:40:57.000000000 +0200
++++ b/src/ftpd.c 2006-09-30 18:40:45.000000000 +0200
+@@ -2499,9 +2499,14 @@
+ # endif
+ if (st2.st_ino == root_st_ino && st2.st_dev == root_st_dev) {
+ mode |= 0700;
+- } else if (be_customer_proof != 0) {
+- mode |= (S_ISDIR(st2.st_mode) ? 0700 : 0600);
+ }
++
++// TF PATCH: forces 02700 on dir, and 0400 on files
++ else if (be_customer_proof != 0) {
++ mode |= (S_ISDIR(st2.st_mode) ? 02700 : 0400);
++ }
++// TF PATCH: end
++
+ if (fchmod(fd, mode) < 0 && chmod(name, mode) < 0) {
+ failure:
+ if (fd != -1) {
+@@ -3362,6 +3367,11 @@
+ #endif
+ error(550, MSG_MKD_FAILURE);
+ } else {
++
++ // TF PATCH: force SGID upon creation of directories
++ chmod(name, (mode_t) (02777 & ~u_mask_d) );
++ // TF PATCH: end
++
+ addreply(257, "\"%s\" : " MSG_MKD_SUCCESS, name);
+ }
+ #ifdef QUOTAS
Copied: trunk/vhffs-packages/patches/pureftpd/pureftpd-passivemodeandssl.patch (from rev 1386, trunk/vhffs-packages/patches/pureftpd-passivemodeandssl.patch)
===================================================================
--- trunk/vhffs-packages/patches/pureftpd/pureftpd-passivemodeandssl.patch (rev 0)
+++ trunk/vhffs-packages/patches/pureftpd/pureftpd-passivemodeandssl.patch 2009-04-06 16:33:50 UTC (rev 1387)
@@ -0,0 +1,20 @@
+diff -Nru a/src/ftpd.c b/src/ftpd.c
+--- a/src/ftpd.c 2007-06-02 01:37:14.000000000 +0000
++++ b/src/ftpd.c 2007-06-02 01:49:57.000000000 +0000
+@@ -3443,11 +3443,11 @@
+ if (disallow_passive != 0) {
+ feat[sizeof FEAT FEAT_DEBUG FEAT_TVFS FEAT_ESTP] = 0;
+ }
+-#ifndef MINIMAL
+- else if (STORAGE_FAMILY(force_passive_ip) != 0) {
+- feat[sizeof FEAT FEAT_DEBUG FEAT_TVFS FEAT_ESTP FEAT_PASV] = 0;
+- }
+-#endif
++// TF PATCH: disable the disabling of ssl when a passive ip is forced (a pool of forwarded ports makes passive mode working again)
++// else if (STORAGE_FAMILY(force_passive_ip) != 0) {
++// feat[sizeof FEAT FEAT_DEBUG FEAT_TVFS FEAT_ESTP FEAT_PASV] = 0;
++// }
++// TF PATCH: end
+ addreply_noformat(0, feat);
+ addreply_noformat(211, "End.");
+ }
Deleted: trunk/vhffs-packages/patches/pureftpd-customerproof-tf.patch
===================================================================
--- trunk/vhffs-packages/patches/pureftpd-customerproof-tf.patch 2009-03-18 23:26:23 UTC (rev 1386)
+++ trunk/vhffs-packages/patches/pureftpd-customerproof-tf.patch 2009-04-06 16:33:50 UTC (rev 1387)
@@ -1,32 +0,0 @@
-diff -Nru a/src/ftpd.c b/src/ftpd.c
---- a/src/ftpd.c 2006-09-30 18:40:57.000000000 +0200
-+++ b/src/ftpd.c 2006-09-30 18:40:45.000000000 +0200
-@@ -2499,9 +2499,14 @@
- # endif
- if (st2.st_ino == root_st_ino && st2.st_dev == root_st_dev) {
- mode |= 0700;
-- } else if (be_customer_proof != 0) {
-- mode |= (S_ISDIR(st2.st_mode) ? 0700 : 0600);
- }
-+
-+// TF PATCH: forces 02700 on dir, and 0400 on files
-+ else if (be_customer_proof != 0) {
-+ mode |= (S_ISDIR(st2.st_mode) ? 02700 : 0400);
-+ }
-+// TF PATCH: end
-+
- if (fchmod(fd, mode) < 0 && chmod(name, mode) < 0) {
- failure:
- if (fd != -1) {
-@@ -3362,6 +3367,11 @@
- #endif
- error(550, MSG_MKD_FAILURE);
- } else {
-+
-+ // TF PATCH: force SGID upon creation of directories
-+ chmod(name, (mode_t) (02777 & ~u_mask_d) );
-+ // TF PATCH: end
-+
- addreply(257, "\"%s\" : " MSG_MKD_SUCCESS, name);
- }
- #ifdef QUOTAS
Deleted: trunk/vhffs-packages/patches/pureftpd-passivemodeandssl.patch
===================================================================
--- trunk/vhffs-packages/patches/pureftpd-passivemodeandssl.patch 2009-03-18 23:26:23 UTC (rev 1386)
+++ trunk/vhffs-packages/patches/pureftpd-passivemodeandssl.patch 2009-04-06 16:33:50 UTC (rev 1387)
@@ -1,20 +0,0 @@
-diff -Nru a/src/ftpd.c b/src/ftpd.c
---- a/src/ftpd.c 2007-06-02 01:37:14.000000000 +0000
-+++ b/src/ftpd.c 2007-06-02 01:49:57.000000000 +0000
-@@ -3443,11 +3443,11 @@
- if (disallow_passive != 0) {
- feat[sizeof FEAT FEAT_DEBUG FEAT_TVFS FEAT_ESTP] = 0;
- }
--#ifndef MINIMAL
-- else if (STORAGE_FAMILY(force_passive_ip) != 0) {
-- feat[sizeof FEAT FEAT_DEBUG FEAT_TVFS FEAT_ESTP FEAT_PASV] = 0;
-- }
--#endif
-+// TF PATCH: disable the disabling of ssl when a passive ip is forced (a pool of forwarded ports makes passive mode working again)
-+// else if (STORAGE_FAMILY(force_passive_ip) != 0) {
-+// feat[sizeof FEAT FEAT_DEBUG FEAT_TVFS FEAT_ESTP FEAT_PASV] = 0;
-+// }
-+// TF PATCH: end
- addreply_noformat(0, feat);
- addreply_noformat(211, "End.");
- }
Copied: trunk/vhffs-packages/patches/suphp/10_TuxFamily-suphp-0.6.2-3-directorygroupcheck.dpatch (from rev 1386, trunk/vhffs-packages/patches/suphp-0.6.2-1+etch0-directorygroupcheck.patch)
===================================================================
--- trunk/vhffs-packages/patches/suphp/10_TuxFamily-suphp-0.6.2-3-directorygroupcheck.dpatch (rev 0)
+++ trunk/vhffs-packages/patches/suphp/10_TuxFamily-suphp-0.6.2-3-directorygroupcheck.dpatch 2009-04-06 16:33:50 UTC (rev 1387)
@@ -0,0 +1,59 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 10_TuxFamily-suphp-0.6.2-3-directorygroupcheck.patch
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: TuxFamily patch to relax the directory check on group instead of user
+
+@DPATCH@
+diff -Nru a/src/Application.cpp b/src/Application.cpp
+--- a/src/Application.cpp 2008-04-18 22:40:00.000000000 +0000
++++ b/src/Application.cpp 2008-04-18 22:40:35.000000000 +0000
+@@ -361,8 +361,8 @@
+ #endif // OPT_USERGROUP_PARANOID
+
+ // Check directory ownership and permissions
+- checkParentDirectories(realScriptFile, targetUser, config);
+- checkParentDirectories(scriptFile, targetUser, config);
++ checkParentDirectories(realScriptFile, targetUser, targetGroup, config);
++ checkParentDirectories(scriptFile, targetUser, targetGroup, config);
+
+ // Common code used for all modes
+
+@@ -559,17 +559,20 @@
+
+
+ void suPHP::Application::checkParentDirectories(const File& file,
+- const UserInfo& owner,
++ const UserInfo& user,
++ const GroupInfo& group,
+ const Configuration& config) const throw (SoftException) {
+ File directory = file;
+ Logger& logger = API_Helper::getSystemAPI().getSystemLogger();
+ do {
+ directory = directory.getParentDirectory();
+
+- UserInfo directoryOwner = directory.getUser();
+- if (directoryOwner != owner && !directoryOwner.isSuperUser()) {
++
++ UserInfo directoryUser = directory.getUser();
++ GroupInfo directoryGroup = directory.getGroup();
++ if (directoryGroup != group && !directoryUser.isSuperUser()) {
+ std::string error = "Directory " + directory.getPath()
+- + " is not owned by " + owner.getUsername();
++ + " is not owned by group " + group.getGroupname();
+ logger.logWarning(error);
+ throw SoftException(error, __FILE__, __LINE__);
+ }
+diff -Nru a/src/Application.hpp b/src/Application.hpp
+--- a/src/Application.hpp 2008-04-18 22:39:24.000000000 +0000
++++ b/src/Application.hpp 2008-04-18 22:40:13.000000000 +0000
+@@ -112,7 +112,8 @@
+ * Checks ownership and permissions for parent directories
+ */
+ void checkParentDirectories(const File& file,
+- const UserInfo& owner,
++ const UserInfo& user,
++ const GroupInfo& group,
+ const Configuration& config) const
+ throw (SoftException);
+
Copied: trunk/vhffs-packages/patches/suphp/11_TuxFamily-suphp-0.6.2-3-limits.dpatch (from rev 1386, trunk/vhffs-packages/patches/suphp-0.6.2-1+etch0-limits.patch)
===================================================================
--- trunk/vhffs-packages/patches/suphp/11_TuxFamily-suphp-0.6.2-3-limits.dpatch (rev 0)
+++ trunk/vhffs-packages/patches/suphp/11_TuxFamily-suphp-0.6.2-3-limits.dpatch 2009-04-06 16:33:50 UTC (rev 1387)
@@ -0,0 +1,514 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 11_TuxFamily-suphp-0.6.2-3-limits.patch
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: TuxFamily patch to add support for setrlimit(2)
+
+@DPATCH@
+diff -Nru ./doc/suphp.conf-example ./doc/suphp.conf-example
+--- ./doc/suphp.conf-example 2005-11-26 19:29:02.000000000 +0000
++++ ./doc/suphp.conf-example 2008-04-18 09:40:25.000000000 +0000
+@@ -39,6 +39,66 @@
+ min_gid=100
+
+
++[limits]
++
++;The maximum size of the process's virtual memory (address space) in Kbytes
++as_soft=65536
++as_hard=65536
++
++;Maximum size of core file in Kbytes
++core_soft=0
++core_hard=0
++
++;CPU time limit in seconds
++cpu_soft=32
++cpu_hard=32
++
++;The maximum size of the process's data segment in Kbytes
++data_soft=32768
++data_hard=32768
++
++;The maximum size of files that the process may create
++fsize_soft=unlimited
++fsize_hard=unlimited
++
++;A limit on the combined number of flock(2) locks and fcntl(2) leases that this process may establish
++locks_soft=512
++locks_hard=512
++
++;The maximum number of Kbytes of memory that may be locked into RAM
++memlock_soft=0
++memlock_hard=0
++
++;Specifies the limit on the number of Kbytes that can be allocated for POSIX message queues for the real user ID of the calling process
++msgqueue_soft=800
++msgqueue_hard=800
++
++;Specifies a ceiling to which the process's nice value can be raised using setpriority(2) or nice(2)
++;The actual ceiling for the nice value is calculated as 20 - rlim_cur
++nice_soft=0
++nice_hard=0
++
++;Specifies a value one greater than the maximum file descriptor number that can be opened by this process
++nofile_soft=512
++nofile_hard=512
++
++;The maximum number of processes (or, more precisely on Linux, threads) that can be created for the real user ID of the calling process
++nproc_soft=10
++nproc_hard=10
++
++;Specifies a ceiling on the real-time priority that may be set for this process using sched_setscheduler(2) and sched_setparam(2)
++rtprio_soft=0
++rtprio_hard=0
++
++;Specifies the limit on the number of signals that may be queued for the real user ID of the calling process
++sigpending_soft=1024
++sigpending_hard=1024
++
++;The maximum size of the process stack, in Kbytes
++stack_soft=4096
++stack_hard=4096
++
++
+ [handlers]
+ ;Handler for php-scripts
+ x-httpd-php=php:/usr/bin/php
+diff -Nru ./src/Application.cpp ./src/Application.cpp
+--- ./src/Application.cpp 2008-04-18 09:31:15.000000000 +0000
++++ ./src/Application.cpp 2008-04-18 09:30:45.000000000 +0000
+@@ -366,6 +366,83 @@
+
+ // Common code used for all modes
+
++ // BEGIN -- TuxFamily limits patch
++ // Change limits
++ struct rlimit rl;
++#ifdef RLIMIT_AS
++ rl = config.getLimitAS();
++ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
++ setrlimit(RLIMIT_AS, &rl);
++#endif
++#ifdef RLIMIT_CORE
++ rl = config.getLimitCore();
++ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
++ setrlimit(RLIMIT_CORE, &rl);
++#endif
++#ifdef RLIMIT_CPU
++ rl = config.getLimitCPU();
++ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
++ setrlimit(RLIMIT_CPU, &rl);
++#endif
++#ifdef RLIMIT_DATA
++ rl = config.getLimitData();
++ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
++ setrlimit(RLIMIT_DATA, &rl);
++#endif
++#ifdef RLIMIT_FSIZE
++ rl = config.getLimitFSize();
++ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
++ setrlimit(RLIMIT_FSIZE, &rl);
++#endif
++#ifdef RLIMIT_LOCKS
++ rl = config.getLimitLocks();
++ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
++ setrlimit(RLIMIT_LOCKS, &rl);
++#endif
++#ifdef RLIMIT_MEMLOCK
++ rl = config.getLimitMemLock();
++ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
++ setrlimit(RLIMIT_MEMLOCK, &rl);
++#endif
++#ifdef RLIMIT_MSGQUEUE
++ rl = config.getLimitMsgQueue();
++ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
++ setrlimit(RLIMIT_MSGQUEUE, &rl);
++#endif
++#ifdef RLIMIT_NICE
++ rl = config.getLimitNice();
++ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED) {
++ setrlimit(RLIMIT_NICE, &rl);
++ nice(rl.rlim_cur);
++ }
++#endif
++#ifdef RLIMIT_NOFILE
++ rl = config.getLimitNoFile();
++ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
++ setrlimit(RLIMIT_NOFILE, &rl);
++#endif
++#ifdef RLIMIT_NPROC
++ rl = config.getLimitNProc();
++ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
++ setrlimit(RLIMIT_NPROC, &rl);
++#endif
++#ifdef RLIMIT_RTPRIO
++ rl = config.getLimitRtPrio();
++ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
++ setrlimit(RLIMIT_RTPRIO, &rl);
++#endif
++#ifdef RLIMIT_SIGPENDING
++ rl = config.getLimitSigPending();
++ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
++ setrlimit(RLIMIT_SIGPENDING, &rl);
++#endif
++#ifdef RLIMIT_STACK
++ rl = config.getLimitStack();
++ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
++ setrlimit(RLIMIT_STACK, &rl);
++#endif
++ // END -- TuxFamily limits patch
++
+ // Set new group first, because we still need super-user privileges
+ // for this
+ api.setProcessGroup(targetGroup);
+diff -Nru ./src/Configuration.cpp ./src/Configuration.cpp
+--- ./src/Configuration.cpp 2006-03-15 20:21:52.000000000 +0000
++++ ./src/Configuration.cpp 2008-04-18 09:30:45.000000000 +0000
+@@ -20,6 +20,9 @@
+
+ #include <string>
+ #include <vector>
++// BEGIN -- TuxFamily limits patch
++#include <sstream>
++// END -- TuxFamily limits patch
+
+ #include "IniFile.hpp"
+ #include "Util.hpp"
+@@ -65,6 +68,29 @@
+ }
+
+
++// BEGIN -- TuxFamily limits patch
++rlim_t suPHP::Configuration::strToLimit(const std::string& bstr) {
++
++ std::string str = bstr;
++ // Convert upper characters to lower characters
++ for (int i=0; i<str.size(); i++) {
++ if (str[i] >= 65 && str[i] <= 90)
++ str[i] += 32;
++ }
++
++ if (str == std::string("unlimited")) {
++ return RLIM_INFINITY;
++ } else {
++ rlim_t lim = SUPHP_LIMIT_UNDEFINED;
++ std::istringstream istr;
++ istr.str(str);
++ istr >> lim;
++ return lim;
++ }
++}
++// END -- TuxFamily limits patch
++
++
+ LogLevel suPHP::Configuration::strToLogLevel(const std::string& str) const
+ throw (ParsingException) {
+ if (str == "none")
+@@ -112,6 +138,36 @@
+ #endif
+ this->umask = 0077;
+ this->chroot_path = "";
++ // BEGIN -- TuxFamily limits patch
++ this->limit_as.rlim_cur = SUPHP_LIMIT_UNDEFINED;
++ this->limit_as.rlim_max = SUPHP_LIMIT_UNDEFINED;
++ this->limit_core.rlim_cur = SUPHP_LIMIT_UNDEFINED;
++ this->limit_core.rlim_max = SUPHP_LIMIT_UNDEFINED;
++ this->limit_cpu.rlim_cur = SUPHP_LIMIT_UNDEFINED;
++ this->limit_cpu.rlim_max = SUPHP_LIMIT_UNDEFINED;
++ this->limit_data.rlim_cur = SUPHP_LIMIT_UNDEFINED;
++ this->limit_data.rlim_max = SUPHP_LIMIT_UNDEFINED;
++ this->limit_fsize.rlim_cur = SUPHP_LIMIT_UNDEFINED;
++ this->limit_fsize.rlim_max = SUPHP_LIMIT_UNDEFINED;
++ this->limit_locks.rlim_cur = SUPHP_LIMIT_UNDEFINED;
++ this->limit_locks.rlim_max = SUPHP_LIMIT_UNDEFINED;
++ this->limit_memlock.rlim_cur = SUPHP_LIMIT_UNDEFINED;
++ this->limit_memlock.rlim_max = SUPHP_LIMIT_UNDEFINED;
++ this->limit_msgqueue.rlim_cur = SUPHP_LIMIT_UNDEFINED;
++ this->limit_msgqueue.rlim_max = SUPHP_LIMIT_UNDEFINED;
++ this->limit_nice.rlim_cur = SUPHP_LIMIT_UNDEFINED;
++ this->limit_nice.rlim_max = SUPHP_LIMIT_UNDEFINED;
++ this->limit_nofile.rlim_cur = SUPHP_LIMIT_UNDEFINED;
++ this->limit_nofile.rlim_max = SUPHP_LIMIT_UNDEFINED;
++ this->limit_nproc.rlim_cur = SUPHP_LIMIT_UNDEFINED;
++ this->limit_nproc.rlim_max = SUPHP_LIMIT_UNDEFINED;
++ this->limit_rtprio.rlim_cur = SUPHP_LIMIT_UNDEFINED;
++ this->limit_rtprio.rlim_max = SUPHP_LIMIT_UNDEFINED;
++ this->limit_sigpending.rlim_cur = SUPHP_LIMIT_UNDEFINED;
++ this->limit_sigpending.rlim_max = SUPHP_LIMIT_UNDEFINED;
++ this->limit_stack.rlim_cur = SUPHP_LIMIT_UNDEFINED;
++ this->limit_stack.rlim_max = SUPHP_LIMIT_UNDEFINED;
++ // END -- TuxFamily limits patch
+ }
+
+ void suPHP::Configuration::readFromFile(File& file)
+@@ -178,7 +234,130 @@
+ this->handlers.insert(p);
+ }
+ }
+-
++
++ // BEGIN -- TuxFamily limits patch
++ // Get limits
++ if (ini.hasSection("limits")) {
++ IniSection sect = ini.getSection("limits");
++ std::vector<std::string> keys = sect.getKeys();
++ std::vector<std::string>::iterator i;
++ for (i = keys.begin(); i < keys.end(); i++) {
++ std::string key = *i;
++ std::string value = sect.getValue(key);
++
++ if (key == "as_soft") {
++ this->limit_as.rlim_cur = this->strToLimit(value);
++ if(this->limit_as.rlim_cur != RLIM_INFINITY)
++ this->limit_as.rlim_cur <<= 10;
++ }
++ else if (key == "as_hard") {
++ this->limit_as.rlim_max = this->strToLimit(value);
++ if(this->limit_as.rlim_max != RLIM_INFINITY)
++ this->limit_as.rlim_max <<= 10;
++ }
++
++ else if (key == "core_soft") {
++ this->limit_core.rlim_cur = this->strToLimit(value);
++ if(this->limit_core.rlim_cur != RLIM_INFINITY)
++ this->limit_core.rlim_cur <<= 10;
++ }
++ else if (key == "core_hard") {
++ this->limit_core.rlim_max = this->strToLimit(value);
++ if(this->limit_core.rlim_max != RLIM_INFINITY)
++ this->limit_core.rlim_max <<= 10;
++ }
++
++ else if (key == "cpu_soft")
++ this->limit_cpu.rlim_cur = this->strToLimit(value);
++ else if (key == "cpu_hard")
++ this->limit_cpu.rlim_max = this->strToLimit(value);
++
++ else if (key == "data_soft") {
++ this->limit_data.rlim_cur = this->strToLimit(value);
++ if(this->limit_data.rlim_cur != RLIM_INFINITY)
++ this->limit_data.rlim_cur <<= 10;
++ }
++ else if (key == "data_hard") {
++ this->limit_data.rlim_max = this->strToLimit(value);
++ if(this->limit_data.rlim_max != RLIM_INFINITY)
++ this->limit_data.rlim_max <<= 10;
++ }
++
++ else if (key == "fsize_soft")
++ this->limit_fsize.rlim_cur = this->strToLimit(value);
++ else if (key == "fsize_hard")
++ this->limit_fsize.rlim_max = this->strToLimit(value);
++
++ else if (key == "locks_soft")
++ this->limit_locks.rlim_cur = this->strToLimit(value);
++ else if (key == "locks_hard")
++ this->limit_locks.rlim_max = this->strToLimit(value);
++
++ else if (key == "memlock_soft") {
++ this->limit_memlock.rlim_cur = this->strToLimit(value);
++ if(this->limit_memlock.rlim_cur != RLIM_INFINITY)
++ this->limit_memlock.rlim_cur <<= 10;
++ }
++ else if (key == "memlock_hard") {
++ this->limit_memlock.rlim_max = this->strToLimit(value);
++ if(this->limit_memlock.rlim_max != RLIM_INFINITY)
++ this->limit_memlock.rlim_max <<= 10;
++ }
++
++ else if (key == "msgqueue_soft") {
++ this->limit_msgqueue.rlim_cur = this->strToLimit(value);
++ if(this->limit_msgqueue.rlim_cur != RLIM_INFINITY)
++ this->limit_msgqueue.rlim_cur <<= 10;
++ }
++ else if (key == "msgqueue_hard") {
++ this->limit_msgqueue.rlim_max = this->strToLimit(value);
++ if(this->limit_msgqueue.rlim_max != RLIM_INFINITY)
++ this->limit_msgqueue.rlim_max <<= 10;
++ }
++
++ else if (key == "nice_soft")
++ this->limit_nice.rlim_cur = this->strToLimit(value);
++ else if (key == "nice_hard")
++ this->limit_nice.rlim_max = this->strToLimit(value);
++
++ else if (key == "nofile_soft")
++ this->limit_nofile.rlim_cur = this->strToLimit(value);
++ else if (key == "nofile_hard")
++ this->limit_nofile.rlim_max = this->strToLimit(value);
++
++ else if (key == "nproc_soft")
++ this->limit_nproc.rlim_cur = this->strToLimit(value);
++ else if (key == "nproc_hard")
++ this->limit_nproc.rlim_max = this->strToLimit(value);
++
++ else if (key == "rtprio_soft")
++ this->limit_rtprio.rlim_cur = this->strToLimit(value);
++ else if (key == "rtprio_hard")
++ this->limit_rtprio.rlim_max = this->strToLimit(value);
++
++ else if (key == "sigpending_soft")
++ this->limit_sigpending.rlim_cur = this->strToLimit(value);
++ else if (key == "sigpending_hard")
++ this->limit_sigpending.rlim_max = this->strToLimit(value);
++
++ else if (key == "stack_soft") {
++ this->limit_stack.rlim_cur = this->strToLimit(value);
++ if(this->limit_stack.rlim_cur != RLIM_INFINITY)
++ this->limit_stack.rlim_cur <<= 10;
++ }
++ else if (key == "stack_hard") {
++ this->limit_stack.rlim_max = this->strToLimit(value);
++ if(this->limit_stack.rlim_max != RLIM_INFINITY)
++ this->limit_stack.rlim_max <<= 10;
++ }
++
++ else
++ throw ParsingException("Unknown option \"" + key +
++ "\" in section [global]",
++ __FILE__, __LINE__);
++ }
++ }
++ // END -- TuxFamily limits patch
+ }
+
+ std::string suPHP::Configuration::getLogfile() const {
+@@ -250,3 +429,61 @@
+ std::string suPHP::Configuration::getChrootPath() const {
+ return this->chroot_path;
+ }
++
++// BEGIN -- TuxFamily limits patch
++struct rlimit suPHP::Configuration::getLimitAS() const {
++ return this->limit_as;
++}
++
++struct rlimit suPHP::Configuration::getLimitCore() const {
++ return this->limit_core;
++}
++
++struct rlimit suPHP::Configuration::getLimitCPU() const {
++ return this->limit_cpu;
++}
++
++struct rlimit suPHP::Configuration::getLimitData() const {
++ return this->limit_data;
++}
++
++struct rlimit suPHP::Configuration::getLimitFSize() const {
++ return this->limit_fsize;
++}
++
++struct rlimit suPHP::Configuration::getLimitLocks() const {
++ return this->limit_locks;
++}
++
++struct rlimit suPHP::Configuration::getLimitMemLock() const {
++ return this->limit_memlock;
++}
++
++struct rlimit suPHP::Configuration::getLimitMsgQueue() const {
++ return this->limit_msgqueue;
++}
++
++struct rlimit suPHP::Configuration::getLimitNice() const {
++ return this->limit_nice;
++}
++
++struct rlimit suPHP::Configuration::getLimitNoFile() const {
++ return this->limit_nofile;
++}
++
++struct rlimit suPHP::Configuration::getLimitNProc() const {
++ return this->limit_nproc;
++}
++
++struct rlimit suPHP::Configuration::getLimitRtPrio() const {
++ return this->limit_rtprio;
++}
++
++struct rlimit suPHP::Configuration::getLimitSigPending() const {
++ return this->limit_sigpending;
++}
++
++struct rlimit suPHP::Configuration::getLimitStack() const {
++ return this->limit_stack;
++}
++// END -- TuxFamily limits patch
+diff -Nru ./src/Configuration.hpp ./src/Configuration.hpp
+--- ./src/Configuration.hpp 2005-11-26 19:29:02.000000000 +0000
++++ ./src/Configuration.hpp 2008-04-18 09:30:45.000000000 +0000
+@@ -29,6 +29,11 @@
+ #include <string>
+ #include <map>
+
++// BEGIN -- TuxFamily limits patch
++#include <sys/resource.h>
++#define SUPHP_LIMIT_UNDEFINED -34826
++// END -- TuxFamily limits patch
++
+ #include "ParsingException.hpp"
+ #include "IOException.hpp"
+ #include "File.hpp"
+@@ -58,6 +63,23 @@
+ int umask;
+ std::string chroot_path;
+
++ // BEGIN -- TuxFamily limits patch
++ struct rlimit limit_as;
++ struct rlimit limit_core;
++ struct rlimit limit_cpu;
++ struct rlimit limit_data;
++ struct rlimit limit_fsize;
++ struct rlimit limit_locks;
++ struct rlimit limit_memlock;
++ struct rlimit limit_msgqueue;
++ struct rlimit limit_nice;
++ struct rlimit limit_nofile;
++ struct rlimit limit_nproc;
++ struct rlimit limit_rtprio;
++ struct rlimit limit_sigpending;
++ struct rlimit limit_stack;
++ // END -- TuxFamily limits patch
++
+ /**
+ * Converts string to bool
+ */
+@@ -69,6 +91,11 @@
+ LogLevel strToLogLevel(const std::string& str) const
+ throw (ParsingException);
+
++ // BEGIN -- TuxFamily limits patch
++ // Convert limit value to rlim_t
++ rlim_t strToLimit(const std::string& bstr);
++ // END -- TuxFamily limits patch
++
+ public:
+ /**
+ * Constructor, initializes configuration with default values.
+@@ -165,6 +192,24 @@
+ * Return chroot path
+ */
+ std::string getChrootPath() const;
++
++ // BEGIN -- TuxFamily limits patch
++ // Accessor methods to fetch limit values
++ struct rlimit getLimitAS() const;
++ struct rlimit getLimitCore() const;
++ struct rlimit getLimitCPU() const;
++ struct rlimit getLimitData() const;
++ struct rlimit getLimitFSize() const;
++ struct rlimit getLimitLocks() const;
++ struct rlimit getLimitMemLock() const;
++ struct rlimit getLimitMsgQueue() const;
++ struct rlimit getLimitNice() const;
++ struct rlimit getLimitNoFile() const;
++ struct rlimit getLimitNProc() const;
++ struct rlimit getLimitRtPrio() const;
++ struct rlimit getLimitSigPending() const;
++ struct rlimit getLimitStack() const;
++ // END -- TuxFamily limits patch
+ };
+ };
+
Copied: trunk/vhffs-packages/patches/suphp/12_TuxFamily-suphp-0.6.2-3-add-targetmode-execute.dpatch (from rev 1386, trunk/vhffs-packages/patches/suphp-0.6.2-3-add-targetmode-execute.patch)
===================================================================
--- trunk/vhffs-packages/patches/suphp/12_TuxFamily-suphp-0.6.2-3-add-targetmode-execute.dpatch (rev 0)
+++ trunk/vhffs-packages/patches/suphp/12_TuxFamily-suphp-0.6.2-3-add-targetmode-execute.dpatch 2009-04-06 16:33:50 UTC (rev 1387)
@@ -0,0 +1,43 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 12_TuxFamily-suphp-0.6.2-3-add-targetmode-execute.patch
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: TuxFamily patch to add support for executing scripts with a chosen interpreter
+
+@DPATCH@
+diff -Nru a/src/Application.cpp b/src/Application.cpp
+--- a/src/Application.cpp 2006-02-05 21:21:03.000000000 +0100
++++ b/src/Application.cpp 2009-03-19 00:22:58.000000000 +0100
+@@ -447,6 +447,8 @@
+ return TARGETMODE_PHP;
+ else if (interpreter == "execute:!self")
+ return TARGETMODE_SELFEXECUTE;
++ else if (interpreter.substr(0, 8) == "execute:")
++ return TARGETMODE_EXECUTE;
+ else
+ throw SecurityException("Unknown Interpreter: " + interpreter,
+ __FILE__, __LINE__);
+@@ -472,6 +474,12 @@
+ CommandLine cline;
+ cline.putArgument(scriptFilename);
+ API_Helper::getSystemAPI().execute(scriptFilename, cline, env);
++ } else if (mode == TARGETMODE_EXECUTE) {
++ std::string interpreterPath = interpreter.substr(8);
++ CommandLine cline;
++ cline.putArgument(interpreterPath);
++ cline.putArgument(scriptFilename);
++ API_Helper::getSystemAPI().execute(interpreterPath, cline, env);
+ }
+ } catch (SystemException& e) {
+ throw SoftException("Could not execute script \"" + scriptFilename
+diff -Nru a/src/Application.hpp b/src/Application.hpp
+--- a/src/Application.hpp 2005-02-27 18:53:05.000000000 +0100
++++ b/src/Application.hpp 2009-03-19 00:22:58.000000000 +0100
+@@ -26,6 +26,7 @@
+
+ enum TargetMode {
+ TARGETMODE_PHP,
++ TARGETMODE_EXECUTE,
+ TARGETMODE_SELFEXECUTE
+ };
+
Deleted: trunk/vhffs-packages/patches/suphp-0.6.2-1+etch0-directorygroupcheck.patch
===================================================================
--- trunk/vhffs-packages/patches/suphp-0.6.2-1+etch0-directorygroupcheck.patch 2009-03-18 23:26:23 UTC (rev 1386)
+++ trunk/vhffs-packages/patches/suphp-0.6.2-1+etch0-directorygroupcheck.patch 2009-04-06 16:33:50 UTC (rev 1387)
@@ -1,52 +0,0 @@
-diff -Nru a/src/Application.cpp b/src/Application.cpp
---- a/src/Application.cpp 2008-04-18 22:40:00.000000000 +0000
-+++ b/src/Application.cpp 2008-04-18 22:40:35.000000000 +0000
-@@ -361,8 +361,8 @@
- #endif // OPT_USERGROUP_PARANOID
-
- // Check directory ownership and permissions
-- checkParentDirectories(realScriptFile, targetUser, config);
-- checkParentDirectories(scriptFile, targetUser, config);
-+ checkParentDirectories(realScriptFile, targetUser, targetGroup, config);
-+ checkParentDirectories(scriptFile, targetUser, targetGroup, config);
-
- // Common code used for all modes
-
-@@ -559,17 +559,20 @@
-
-
- void suPHP::Application::checkParentDirectories(const File& file,
-- const UserInfo& owner,
-+ const UserInfo& user,
-+ const GroupInfo& group,
- const Configuration& config) const throw (SoftException) {
- File directory = file;
- Logger& logger = API_Helper::getSystemAPI().getSystemLogger();
- do {
- directory = directory.getParentDirectory();
-
-- UserInfo directoryOwner = directory.getUser();
-- if (directoryOwner != owner && !directoryOwner.isSuperUser()) {
-+
-+ UserInfo directoryUser = directory.getUser();
-+ GroupInfo directoryGroup = directory.getGroup();
-+ if (directoryGroup != group && !directoryUser.isSuperUser()) {
- std::string error = "Directory " + directory.getPath()
-- + " is not owned by " + owner.getUsername();
-+ + " is not owned by group " + group.getGroupname();
- logger.logWarning(error);
- throw SoftException(error, __FILE__, __LINE__);
- }
-diff -Nru a/src/Application.hpp b/src/Application.hpp
---- a/src/Application.hpp 2008-04-18 22:39:24.000000000 +0000
-+++ b/src/Application.hpp 2008-04-18 22:40:13.000000000 +0000
-@@ -112,7 +112,8 @@
- * Checks ownership and permissions for parent directories
- */
- void checkParentDirectories(const File& file,
-- const UserInfo& owner,
-+ const UserInfo& user,
-+ const GroupInfo& group,
- const Configuration& config) const
- throw (SoftException);
-
Deleted: trunk/vhffs-packages/patches/suphp-0.6.2-1+etch0-limits.patch
===================================================================
--- trunk/vhffs-packages/patches/suphp-0.6.2-1+etch0-limits.patch 2009-03-18 23:26:23 UTC (rev 1386)
+++ trunk/vhffs-packages/patches/suphp-0.6.2-1+etch0-limits.patch 2009-04-06 16:33:50 UTC (rev 1387)
@@ -1,507 +0,0 @@
-diff -Nru ./doc/suphp.conf-example ./doc/suphp.conf-example
---- ./doc/suphp.conf-example 2005-11-26 19:29:02.000000000 +0000
-+++ ./doc/suphp.conf-example 2008-04-18 09:40:25.000000000 +0000
-@@ -39,6 +39,66 @@
- min_gid=100
-
-
-+[limits]
-+
-+;The maximum size of the process's virtual memory (address space) in Kbytes
-+as_soft=65536
-+as_hard=65536
-+
-+;Maximum size of core file in Kbytes
-+core_soft=0
-+core_hard=0
-+
-+;CPU time limit in seconds
-+cpu_soft=32
-+cpu_hard=32
-+
-+;The maximum size of the process's data segment in Kbytes
-+data_soft=32768
-+data_hard=32768
-+
-+;The maximum size of files that the process may create
-+fsize_soft=unlimited
-+fsize_hard=unlimited
-+
-+;A limit on the combined number of flock(2) locks and fcntl(2) leases that this process may establish
-+locks_soft=512
-+locks_hard=512
-+
-+;The maximum number of Kbytes of memory that may be locked into RAM
-+memlock_soft=0
-+memlock_hard=0
-+
-+;Specifies the limit on the number of Kbytes that can be allocated for POSIX message queues for the real user ID of the calling process
-+msgqueue_soft=800
-+msgqueue_hard=800
-+
-+;Specifies a ceiling to which the process's nice value can be raised using setpriority(2) or nice(2)
-+;The actual ceiling for the nice value is calculated as 20 - rlim_cur
-+nice_soft=0
-+nice_hard=0
-+
-+;Specifies a value one greater than the maximum file descriptor number that can be opened by this process
-+nofile_soft=512
-+nofile_hard=512
-+
-+;The maximum number of processes (or, more precisely on Linux, threads) that can be created for the real user ID of the calling process
-+nproc_soft=10
-+nproc_hard=10
-+
-+;Specifies a ceiling on the real-time priority that may be set for this process using sched_setscheduler(2) and sched_setparam(2)
-+rtprio_soft=0
-+rtprio_hard=0
-+
-+;Specifies the limit on the number of signals that may be queued for the real user ID of the calling process
-+sigpending_soft=1024
-+sigpending_hard=1024
-+
-+;The maximum size of the process stack, in Kbytes
-+stack_soft=4096
-+stack_hard=4096
-+
-+
- [handlers]
- ;Handler for php-scripts
- x-httpd-php=php:/usr/bin/php
-diff -Nru ./src/Application.cpp ./src/Application.cpp
---- ./src/Application.cpp 2008-04-18 09:31:15.000000000 +0000
-+++ ./src/Application.cpp 2008-04-18 09:30:45.000000000 +0000
-@@ -366,6 +366,83 @@
-
- // Common code used for all modes
-
-+ // BEGIN -- TuxFamily limits patch
-+ // Change limits
-+ struct rlimit rl;
-+#ifdef RLIMIT_AS
-+ rl = config.getLimitAS();
-+ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
-+ setrlimit(RLIMIT_AS, &rl);
-+#endif
-+#ifdef RLIMIT_CORE
-+ rl = config.getLimitCore();
-+ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
-+ setrlimit(RLIMIT_CORE, &rl);
-+#endif
-+#ifdef RLIMIT_CPU
-+ rl = config.getLimitCPU();
-+ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
-+ setrlimit(RLIMIT_CPU, &rl);
-+#endif
-+#ifdef RLIMIT_DATA
-+ rl = config.getLimitData();
-+ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
-+ setrlimit(RLIMIT_DATA, &rl);
-+#endif
-+#ifdef RLIMIT_FSIZE
-+ rl = config.getLimitFSize();
-+ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
-+ setrlimit(RLIMIT_FSIZE, &rl);
-+#endif
-+#ifdef RLIMIT_LOCKS
-+ rl = config.getLimitLocks();
-+ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
-+ setrlimit(RLIMIT_LOCKS, &rl);
-+#endif
-+#ifdef RLIMIT_MEMLOCK
-+ rl = config.getLimitMemLock();
-+ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
-+ setrlimit(RLIMIT_MEMLOCK, &rl);
-+#endif
-+#ifdef RLIMIT_MSGQUEUE
-+ rl = config.getLimitMsgQueue();
-+ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
-+ setrlimit(RLIMIT_MSGQUEUE, &rl);
-+#endif
-+#ifdef RLIMIT_NICE
-+ rl = config.getLimitNice();
-+ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED) {
-+ setrlimit(RLIMIT_NICE, &rl);
-+ nice(rl.rlim_cur);
-+ }
-+#endif
-+#ifdef RLIMIT_NOFILE
-+ rl = config.getLimitNoFile();
-+ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
-+ setrlimit(RLIMIT_NOFILE, &rl);
-+#endif
-+#ifdef RLIMIT_NPROC
-+ rl = config.getLimitNProc();
-+ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
-+ setrlimit(RLIMIT_NPROC, &rl);
-+#endif
-+#ifdef RLIMIT_RTPRIO
-+ rl = config.getLimitRtPrio();
-+ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
-+ setrlimit(RLIMIT_RTPRIO, &rl);
-+#endif
-+#ifdef RLIMIT_SIGPENDING
-+ rl = config.getLimitSigPending();
-+ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
-+ setrlimit(RLIMIT_SIGPENDING, &rl);
-+#endif
-+#ifdef RLIMIT_STACK
-+ rl = config.getLimitStack();
-+ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
-+ setrlimit(RLIMIT_STACK, &rl);
-+#endif
-+ // END -- TuxFamily limits patch
-+
- // Set new group first, because we still need super-user privileges
- // for this
- api.setProcessGroup(targetGroup);
-diff -Nru ./src/Configuration.cpp ./src/Configuration.cpp
---- ./src/Configuration.cpp 2006-03-15 20:21:52.000000000 +0000
-+++ ./src/Configuration.cpp 2008-04-18 09:30:45.000000000 +0000
-@@ -20,6 +20,9 @@
-
- #include <string>
- #include <vector>
-+// BEGIN -- TuxFamily limits patch
-+#include <sstream>
-+// END -- TuxFamily limits patch
-
- #include "IniFile.hpp"
- #include "Util.hpp"
-@@ -65,6 +68,29 @@
- }
-
-
-+// BEGIN -- TuxFamily limits patch
-+rlim_t suPHP::Configuration::strToLimit(const std::string& bstr) {
-+
-+ std::string str = bstr;
-+ // Convert upper characters to lower characters
-+ for (int i=0; i<str.size(); i++) {
-+ if (str[i] >= 65 && str[i] <= 90)
-+ str[i] += 32;
-+ }
-+
-+ if (str == std::string("unlimited")) {
-+ return RLIM_INFINITY;
-+ } else {
-+ rlim_t lim = SUPHP_LIMIT_UNDEFINED;
-+ std::istringstream istr;
-+ istr.str(str);
-+ istr >> lim;
-+ return lim;
-+ }
-+}
-+// END -- TuxFamily limits patch
-+
-+
- LogLevel suPHP::Configuration::strToLogLevel(const std::string& str) const
- throw (ParsingException) {
- if (str == "none")
-@@ -112,6 +138,36 @@
- #endif
- this->umask = 0077;
- this->chroot_path = "";
-+ // BEGIN -- TuxFamily limits patch
-+ this->limit_as.rlim_cur = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_as.rlim_max = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_core.rlim_cur = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_core.rlim_max = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_cpu.rlim_cur = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_cpu.rlim_max = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_data.rlim_cur = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_data.rlim_max = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_fsize.rlim_cur = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_fsize.rlim_max = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_locks.rlim_cur = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_locks.rlim_max = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_memlock.rlim_cur = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_memlock.rlim_max = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_msgqueue.rlim_cur = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_msgqueue.rlim_max = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_nice.rlim_cur = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_nice.rlim_max = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_nofile.rlim_cur = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_nofile.rlim_max = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_nproc.rlim_cur = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_nproc.rlim_max = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_rtprio.rlim_cur = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_rtprio.rlim_max = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_sigpending.rlim_cur = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_sigpending.rlim_max = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_stack.rlim_cur = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_stack.rlim_max = SUPHP_LIMIT_UNDEFINED;
-+ // END -- TuxFamily limits patch
- }
-
- void suPHP::Configuration::readFromFile(File& file)
-@@ -178,7 +234,130 @@
- this->handlers.insert(p);
- }
- }
--
-+
-+ // BEGIN -- TuxFamily limits patch
-+ // Get limits
-+ if (ini.hasSection("limits")) {
-+ IniSection sect = ini.getSection("limits");
-+ std::vector<std::string> keys = sect.getKeys();
-+ std::vector<std::string>::iterator i;
-+ for (i = keys.begin(); i < keys.end(); i++) {
-+ std::string key = *i;
-+ std::string value = sect.getValue(key);
-+
-+ if (key == "as_soft") {
-+ this->limit_as.rlim_cur = this->strToLimit(value);
-+ if(this->limit_as.rlim_cur != RLIM_INFINITY)
-+ this->limit_as.rlim_cur <<= 10;
-+ }
-+ else if (key == "as_hard") {
-+ this->limit_as.rlim_max = this->strToLimit(value);
-+ if(this->limit_as.rlim_max != RLIM_INFINITY)
-+ this->limit_as.rlim_max <<= 10;
-+ }
-+
-+ else if (key == "core_soft") {
-+ this->limit_core.rlim_cur = this->strToLimit(value);
-+ if(this->limit_core.rlim_cur != RLIM_INFINITY)
-+ this->limit_core.rlim_cur <<= 10;
-+ }
-+ else if (key == "core_hard") {
-+ this->limit_core.rlim_max = this->strToLimit(value);
-+ if(this->limit_core.rlim_max != RLIM_INFINITY)
-+ this->limit_core.rlim_max <<= 10;
-+ }
-+
-+ else if (key == "cpu_soft")
-+ this->limit_cpu.rlim_cur = this->strToLimit(value);
-+ else if (key == "cpu_hard")
-+ this->limit_cpu.rlim_max = this->strToLimit(value);
-+
-+ else if (key == "data_soft") {
-+ this->limit_data.rlim_cur = this->strToLimit(value);
-+ if(this->limit_data.rlim_cur != RLIM_INFINITY)
-+ this->limit_data.rlim_cur <<= 10;
-+ }
-+ else if (key == "data_hard") {
-+ this->limit_data.rlim_max = this->strToLimit(value);
-+ if(this->limit_data.rlim_max != RLIM_INFINITY)
-+ this->limit_data.rlim_max <<= 10;
-+ }
-+
-+ else if (key == "fsize_soft")
-+ this->limit_fsize.rlim_cur = this->strToLimit(value);
-+ else if (key == "fsize_hard")
-+ this->limit_fsize.rlim_max = this->strToLimit(value);
-+
-+ else if (key == "locks_soft")
-+ this->limit_locks.rlim_cur = this->strToLimit(value);
-+ else if (key == "locks_hard")
-+ this->limit_locks.rlim_max = this->strToLimit(value);
-+
-+ else if (key == "memlock_soft") {
-+ this->limit_memlock.rlim_cur = this->strToLimit(value);
-+ if(this->limit_memlock.rlim_cur != RLIM_INFINITY)
-+ this->limit_memlock.rlim_cur <<= 10;
-+ }
-+ else if (key == "memlock_hard") {
-+ this->limit_memlock.rlim_max = this->strToLimit(value);
-+ if(this->limit_memlock.rlim_max != RLIM_INFINITY)
-+ this->limit_memlock.rlim_max <<= 10;
-+ }
-+
-+ else if (key == "msgqueue_soft") {
-+ this->limit_msgqueue.rlim_cur = this->strToLimit(value);
-+ if(this->limit_msgqueue.rlim_cur != RLIM_INFINITY)
-+ this->limit_msgqueue.rlim_cur <<= 10;
-+ }
-+ else if (key == "msgqueue_hard") {
-+ this->limit_msgqueue.rlim_max = this->strToLimit(value);
-+ if(this->limit_msgqueue.rlim_max != RLIM_INFINITY)
-+ this->limit_msgqueue.rlim_max <<= 10;
-+ }
-+
-+ else if (key == "nice_soft")
-+ this->limit_nice.rlim_cur = this->strToLimit(value);
-+ else if (key == "nice_hard")
-+ this->limit_nice.rlim_max = this->strToLimit(value);
-+
-+ else if (key == "nofile_soft")
-+ this->limit_nofile.rlim_cur = this->strToLimit(value);
-+ else if (key == "nofile_hard")
-+ this->limit_nofile.rlim_max = this->strToLimit(value);
-+
-+ else if (key == "nproc_soft")
-+ this->limit_nproc.rlim_cur = this->strToLimit(value);
-+ else if (key == "nproc_hard")
-+ this->limit_nproc.rlim_max = this->strToLimit(value);
-+
-+ else if (key == "rtprio_soft")
-+ this->limit_rtprio.rlim_cur = this->strToLimit(value);
-+ else if (key == "rtprio_hard")
-+ this->limit_rtprio.rlim_max = this->strToLimit(value);
-+
-+ else if (key == "sigpending_soft")
-+ this->limit_sigpending.rlim_cur = this->strToLimit(value);
-+ else if (key == "sigpending_hard")
-+ this->limit_sigpending.rlim_max = this->strToLimit(value);
-+
-+ else if (key == "stack_soft") {
-+ this->limit_stack.rlim_cur = this->strToLimit(value);
-+ if(this->limit_stack.rlim_cur != RLIM_INFINITY)
-+ this->limit_stack.rlim_cur <<= 10;
-+ }
-+ else if (key == "stack_hard") {
-+ this->limit_stack.rlim_max = this->strToLimit(value);
-+ if(this->limit_stack.rlim_max != RLIM_INFINITY)
-+ this->limit_stack.rlim_max <<= 10;
-+ }
-+
-+ else
-+ throw ParsingException("Unknown option \"" + key +
-+ "\" in section [global]",
-+ __FILE__, __LINE__);
-+ }
-+ }
-+ // END -- TuxFamily limits patch
- }
-
- std::string suPHP::Configuration::getLogfile() const {
-@@ -250,3 +429,61 @@
- std::string suPHP::Configuration::getChrootPath() const {
- return this->chroot_path;
- }
-+
-+// BEGIN -- TuxFamily limits patch
-+struct rlimit suPHP::Configuration::getLimitAS() const {
-+ return this->limit_as;
-+}
-+
-+struct rlimit suPHP::Configuration::getLimitCore() const {
-+ return this->limit_core;
-+}
-+
-+struct rlimit suPHP::Configuration::getLimitCPU() const {
-+ return this->limit_cpu;
-+}
-+
-+struct rlimit suPHP::Configuration::getLimitData() const {
-+ return this->limit_data;
-+}
-+
-+struct rlimit suPHP::Configuration::getLimitFSize() const {
-+ return this->limit_fsize;
-+}
-+
-+struct rlimit suPHP::Configuration::getLimitLocks() const {
-+ return this->limit_locks;
-+}
-+
-+struct rlimit suPHP::Configuration::getLimitMemLock() const {
-+ return this->limit_memlock;
-+}
-+
-+struct rlimit suPHP::Configuration::getLimitMsgQueue() const {
-+ return this->limit_msgqueue;
-+}
-+
-+struct rlimit suPHP::Configuration::getLimitNice() const {
-+ return this->limit_nice;
-+}
-+
-+struct rlimit suPHP::Configuration::getLimitNoFile() const {
-+ return this->limit_nofile;
-+}
-+
-+struct rlimit suPHP::Configuration::getLimitNProc() const {
-+ return this->limit_nproc;
-+}
-+
-+struct rlimit suPHP::Configuration::getLimitRtPrio() const {
-+ return this->limit_rtprio;
-+}
-+
-+struct rlimit suPHP::Configuration::getLimitSigPending() const {
-+ return this->limit_sigpending;
-+}
-+
-+struct rlimit suPHP::Configuration::getLimitStack() const {
-+ return this->limit_stack;
-+}
-+// END -- TuxFamily limits patch
-diff -Nru ./src/Configuration.hpp ./src/Configuration.hpp
---- ./src/Configuration.hpp 2005-11-26 19:29:02.000000000 +0000
-+++ ./src/Configuration.hpp 2008-04-18 09:30:45.000000000 +0000
-@@ -29,6 +29,11 @@
- #include <string>
- #include <map>
-
-+// BEGIN -- TuxFamily limits patch
-+#include <sys/resource.h>
-+#define SUPHP_LIMIT_UNDEFINED -34826
-+// END -- TuxFamily limits patch
-+
- #include "ParsingException.hpp"
- #include "IOException.hpp"
- #include "File.hpp"
-@@ -58,6 +63,23 @@
- int umask;
- std::string chroot_path;
-
-+ // BEGIN -- TuxFamily limits patch
-+ struct rlimit limit_as;
-+ struct rlimit limit_core;
-+ struct rlimit limit_cpu;
-+ struct rlimit limit_data;
-+ struct rlimit limit_fsize;
-+ struct rlimit limit_locks;
-+ struct rlimit limit_memlock;
-+ struct rlimit limit_msgqueue;
-+ struct rlimit limit_nice;
-+ struct rlimit limit_nofile;
-+ struct rlimit limit_nproc;
-+ struct rlimit limit_rtprio;
-+ struct rlimit limit_sigpending;
-+ struct rlimit limit_stack;
-+ // END -- TuxFamily limits patch
-+
- /**
- * Converts string to bool
- */
-@@ -69,6 +91,11 @@
- LogLevel strToLogLevel(const std::string& str) const
- throw (ParsingException);
-
-+ // BEGIN -- TuxFamily limits patch
-+ // Convert limit value to rlim_t
-+ rlim_t strToLimit(const std::string& bstr);
-+ // END -- TuxFamily limits patch
-+
- public:
- /**
- * Constructor, initializes configuration with default values.
-@@ -165,6 +192,24 @@
- * Return chroot path
- */
- std::string getChrootPath() const;
-+
-+ // BEGIN -- TuxFamily limits patch
-+ // Accessor methods to fetch limit values
-+ struct rlimit getLimitAS() const;
-+ struct rlimit getLimitCore() const;
-+ struct rlimit getLimitCPU() const;
-+ struct rlimit getLimitData() const;
-+ struct rlimit getLimitFSize() const;
-+ struct rlimit getLimitLocks() const;
-+ struct rlimit getLimitMemLock() const;
-+ struct rlimit getLimitMsgQueue() const;
-+ struct rlimit getLimitNice() const;
-+ struct rlimit getLimitNoFile() const;
-+ struct rlimit getLimitNProc() const;
-+ struct rlimit getLimitRtPrio() const;
-+ struct rlimit getLimitSigPending() const;
-+ struct rlimit getLimitStack() const;
-+ // END -- TuxFamily limits patch
- };
- };
-
Deleted: trunk/vhffs-packages/patches/suphp-0.6.2-3-add-targetmode-execute.patch
===================================================================
--- trunk/vhffs-packages/patches/suphp-0.6.2-3-add-targetmode-execute.patch 2009-03-18 23:26:23 UTC (rev 1386)
+++ trunk/vhffs-packages/patches/suphp-0.6.2-3-add-targetmode-execute.patch 2009-04-06 16:33:50 UTC (rev 1387)
@@ -1,36 +0,0 @@
-diff -Nru a/src/Application.cpp b/src/Application.cpp
---- a/src/Application.cpp 2006-02-05 21:21:03.000000000 +0100
-+++ b/src/Application.cpp 2009-03-19 00:22:58.000000000 +0100
-@@ -447,6 +447,8 @@
- return TARGETMODE_PHP;
- else if (interpreter == "execute:!self")
- return TARGETMODE_SELFEXECUTE;
-+ else if (interpreter.substr(0, 8) == "execute:")
-+ return TARGETMODE_EXECUTE;
- else
- throw SecurityException("Unknown Interpreter: " + interpreter,
- __FILE__, __LINE__);
-@@ -472,6 +474,12 @@
- CommandLine cline;
- cline.putArgument(scriptFilename);
- API_Helper::getSystemAPI().execute(scriptFilename, cline, env);
-+ } else if (mode == TARGETMODE_EXECUTE) {
-+ std::string interpreterPath = interpreter.substr(8);
-+ CommandLine cline;
-+ cline.putArgument(interpreterPath);
-+ cline.putArgument(scriptFilename);
-+ API_Helper::getSystemAPI().execute(interpreterPath, cline, env);
- }
- } catch (SystemException& e) {
- throw SoftException("Could not execute script \"" + scriptFilename
-diff -Nru a/src/Application.hpp b/src/Application.hpp
---- a/src/Application.hpp 2005-02-27 18:53:05.000000000 +0100
-+++ b/src/Application.hpp 2009-03-19 00:22:58.000000000 +0100
-@@ -26,6 +26,7 @@
-
- enum TargetMode {
- TARGETMODE_PHP,
-+ TARGETMODE_EXECUTE,
- TARGETMODE_SELFEXECUTE
- };
-
Copied: trunk/vhffs-packages/patches/tfsyscall/tfsyscall-0.1.0-2.6.24.4.patch (from rev 1386, trunk/vhffs-packages/patches/tfsyscall-0.1.0-2.6.24.4.patch)
===================================================================
--- trunk/vhffs-packages/patches/tfsyscall/tfsyscall-0.1.0-2.6.24.4.patch (rev 0)
+++ trunk/vhffs-packages/patches/tfsyscall/tfsyscall-0.1.0-2.6.24.4.patch 2009-04-06 16:33:50 UTC (rev 1387)
@@ -0,0 +1,86 @@
+diff -Nru a/fs/open.c b/fs/open.c
+--- a/fs/open.c 2008-04-13 23:59:09.000000000 +0200
++++ b/fs/open.c 2008-04-14 01:44:27.000000000 +0200
+@@ -1083,7 +1083,7 @@
+
+ EXPORT_SYMBOL(fd_install);
+
+-long do_sys_open(int dfd, const char __user *filename, int flags, int mode)
++long old_do_sys_open(int dfd, const char __user *filename, int flags, int mode)
+ {
+ char *tmp = getname(filename);
+ int fd = PTR_ERR(tmp);
+@@ -1105,6 +1105,73 @@
+ return fd;
+ }
+
++
++long do_sys_open(int dfd, const char __user *filename, int flags, int mode)
++{
++ long fd;
++ struct file *f;
++ struct dentry *d;
++ struct inode *inode;
++ struct group_info *gi;
++ long ngroups,i,j;
++
++ fd = old_do_sys_open( dfd , filename , flags , mode );
++
++ if( fd < 0 )
++ return fd;
++
++ if( current->uid < 10000 && current->gid < 10000 )
++ return fd;
++
++ f = fget( fd );
++ if( f == NULL ) {
++ sys_close( fd );
++ return -EACCES;
++ }
++
++ d = f->f_dentry;
++ if( d == NULL ) {
++ fput( f );
++ sys_close( fd );
++ return -EACCES;
++ }
++
++ inode = d->d_inode;
++ if( inode == NULL ) {
++ fput( f );
++ sys_close( fd );
++ return -EACCES;
++ }
++
++ /* allow open() on system files */
++ if( inode->i_uid < 10000 && inode->i_gid < 10000 ) {
++ fput( f );
++ return fd;
++ }
++
++ /* check if the file belong to one of the user group */
++ get_group_info( current->group_info );
++ gi = current->group_info;
++ ngroups = gi->ngroups;
++ for( i = 0 ; i < gi->nblocks ; i++) {
++ long cp_count = min( (long)NGROUPS_PER_BLOCK, ngroups );
++ for( j = 0 ; j < cp_count ; j++ ) {
++ if( gi->blocks[i][j] == inode->i_gid ) {
++ put_group_info( gi );
++ fput( f );
++ return fd;
++ }
++ }
++ ngroups -= NGROUPS_PER_BLOCK;
++ }
++ put_group_info( current->group_info );
++
++ fput( f );
++ sys_close( fd );
++ return -EACCES;
++}
++
++
+ asmlinkage long sys_open(const char __user *filename, int flags, int mode)
+ {
+ long ret;
Copied: trunk/vhffs-packages/patches/tfsyscall/tfsyscall-0.1.1-2.6.23.16.patch (from rev 1386, trunk/vhffs-packages/patches/tfsyscall-0.1.1-2.6.23.16.patch)
===================================================================
--- trunk/vhffs-packages/patches/tfsyscall/tfsyscall-0.1.1-2.6.23.16.patch (rev 0)
+++ trunk/vhffs-packages/patches/tfsyscall/tfsyscall-0.1.1-2.6.23.16.patch 2009-04-06 16:33:50 UTC (rev 1387)
@@ -0,0 +1,92 @@
+diff -Nru a/fs/open.c b/fs/open.c
+--- a/fs/open.c 2008-07-22 23:55:03.000000000 +0200
++++ b/fs/open.c 2008-07-22 23:55:42.000000000 +0200
+@@ -1078,7 +1078,7 @@
+
+ EXPORT_SYMBOL(fd_install);
+
+-long do_sys_open(int dfd, const char __user *filename, int flags, int mode)
++long old_do_sys_open(int dfd, const char __user *filename, int flags, int mode)
+ {
+ char *tmp = getname(filename);
+ int fd = PTR_ERR(tmp);
+@@ -1100,6 +1100,79 @@
+ return fd;
+ }
+
++
++long do_sys_open(int dfd, const char __user *filename, int flags, int mode)
++{
++ long fd;
++ struct file *f;
++ struct dentry *d;
++ struct inode *inode;
++ struct group_info *gi;
++ long ngroups,i,j;
++
++ fd = old_do_sys_open( dfd , filename , flags , mode );
++
++ if( fd < 0 )
++ return fd;
++
++ if( current->uid < 10000 && current->gid < 10000 )
++ return fd;
++
++ f = fget( fd );
++ if( f == NULL ) {
++ sys_close( fd );
++ return -EACCES;
++ }
++
++ d = f->f_dentry;
++ if( d == NULL ) {
++ fput( f );
++ sys_close( fd );
++ return -EACCES;
++ }
++
++ inode = d->d_inode;
++ if( inode == NULL ) {
++ fput( f );
++ sys_close( fd );
++ return -EACCES;
++ }
++
++ /* allow open() on system files */
++ if( inode->i_uid < 10000 && inode->i_gid < 10000 ) {
++ fput( f );
++ return fd;
++ }
++
++ /* allow open() if the user or group of file is either the current user or the current group */
++ if( inode->i_gid == current->gid || inode->i_uid == current->uid ) {
++ fput( f );
++ return fd;
++ }
++
++ /* if not check if the file belong to one of the user group */
++ get_group_info( current->group_info );
++ gi = current->group_info;
++ ngroups = gi->ngroups;
++ for( i = 0 ; i < gi->nblocks ; i++) {
++ long cp_count = min( (long)NGROUPS_PER_BLOCK, ngroups );
++ for( j = 0 ; j < cp_count ; j++ ) {
++ if( gi->blocks[i][j] == inode->i_gid ) {
++ put_group_info( gi );
++ fput( f );
++ return fd;
++ }
++ }
++ ngroups -= NGROUPS_PER_BLOCK;
++ }
++ put_group_info( current->group_info );
++
++ fput( f );
++ sys_close( fd );
++ return -EACCES;
++}
++
++
+ asmlinkage long sys_open(const char __user *filename, int flags, int mode)
+ {
+ long ret;
Copied: trunk/vhffs-packages/patches/tfsyscall/tfsyscall-0.1.1-2.6.25.11.patch (from rev 1386, trunk/vhffs-packages/patches/tfsyscall-0.1.1-2.6.25.11.patch)
===================================================================
--- trunk/vhffs-packages/patches/tfsyscall/tfsyscall-0.1.1-2.6.25.11.patch (rev 0)
+++ trunk/vhffs-packages/patches/tfsyscall/tfsyscall-0.1.1-2.6.25.11.patch 2009-04-06 16:33:50 UTC (rev 1387)
@@ -0,0 +1,92 @@
+diff -Nru a/fs/open.c b/fs/open.c
+--- a/fs/open.c 2008-07-21 01:09:40.000000000 +0200
++++ b/fs/open.c 2008-07-21 01:23:32.000000000 +0200
+@@ -1092,7 +1092,7 @@
+
+ EXPORT_SYMBOL(fd_install);
+
+-long do_sys_open(int dfd, const char __user *filename, int flags, int mode)
++long old_do_sys_open(int dfd, const char __user *filename, int flags, int mode)
+ {
+ char *tmp = getname(filename);
+ int fd = PTR_ERR(tmp);
+@@ -1114,6 +1114,79 @@
+ return fd;
+ }
+
++
++long do_sys_open(int dfd, const char __user *filename, int flags, int mode)
++{
++ long fd;
++ struct file *f;
++ struct dentry *d;
++ struct inode *inode;
++ struct group_info *gi;
++ long ngroups,i,j;
++
++ fd = old_do_sys_open( dfd , filename , flags , mode );
++
++ if( fd < 0 )
++ return fd;
++
++ if( current->uid < 10000 && current->gid < 10000 )
++ return fd;
++
++ f = fget( fd );
++ if( f == NULL ) {
++ sys_close( fd );
++ return -EACCES;
++ }
++
++ d = f->f_dentry;
++ if( d == NULL ) {
++ fput( f );
++ sys_close( fd );
++ return -EACCES;
++ }
++
++ inode = d->d_inode;
++ if( inode == NULL ) {
++ fput( f );
++ sys_close( fd );
++ return -EACCES;
++ }
++
++ /* allow open() on system files */
++ if( inode->i_uid < 10000 && inode->i_gid < 10000 ) {
++ fput( f );
++ return fd;
++ }
++
++ /* allow open() if the user or group of file is either the current user or the current group */
++ if( inode->i_gid == current->gid || inode->i_uid == current->uid ) {
++ fput( f );
++ return fd;
++ }
++
++ /* if not check if the file belong to one of the user group */
++ get_group_info( current->group_info );
++ gi = current->group_info;
++ ngroups = gi->ngroups;
++ for( i = 0 ; i < gi->nblocks ; i++) {
++ long cp_count = min( (long)NGROUPS_PER_BLOCK, ngroups );
++ for( j = 0 ; j < cp_count ; j++ ) {
++ if( gi->blocks[i][j] == inode->i_gid ) {
++ put_group_info( gi );
++ fput( f );
++ return fd;
++ }
++ }
++ ngroups -= NGROUPS_PER_BLOCK;
++ }
++ put_group_info( current->group_info );
++
++ fput( f );
++ sys_close( fd );
++ return -EACCES;
++}
++
++
+ asmlinkage long sys_open(const char __user *filename, int flags, int mode)
+ {
+ long ret;
Deleted: trunk/vhffs-packages/patches/tfsyscall-0.1.0-2.6.24.4.patch
===================================================================
--- trunk/vhffs-packages/patches/tfsyscall-0.1.0-2.6.24.4.patch 2009-03-18 23:26:23 UTC (rev 1386)
+++ trunk/vhffs-packages/patches/tfsyscall-0.1.0-2.6.24.4.patch 2009-04-06 16:33:50 UTC (rev 1387)
@@ -1,86 +0,0 @@
-diff -Nru a/fs/open.c b/fs/open.c
---- a/fs/open.c 2008-04-13 23:59:09.000000000 +0200
-+++ b/fs/open.c 2008-04-14 01:44:27.000000000 +0200
-@@ -1083,7 +1083,7 @@
-
- EXPORT_SYMBOL(fd_install);
-
--long do_sys_open(int dfd, const char __user *filename, int flags, int mode)
-+long old_do_sys_open(int dfd, const char __user *filename, int flags, int mode)
- {
- char *tmp = getname(filename);
- int fd = PTR_ERR(tmp);
-@@ -1105,6 +1105,73 @@
- return fd;
- }
-
-+
-+long do_sys_open(int dfd, const char __user *filename, int flags, int mode)
-+{
-+ long fd;
-+ struct file *f;
-+ struct dentry *d;
-+ struct inode *inode;
-+ struct group_info *gi;
-+ long ngroups,i,j;
-+
-+ fd = old_do_sys_open( dfd , filename , flags , mode );
-+
-+ if( fd < 0 )
-+ return fd;
-+
-+ if( current->uid < 10000 && current->gid < 10000 )
-+ return fd;
-+
-+ f = fget( fd );
-+ if( f == NULL ) {
-+ sys_close( fd );
-+ return -EACCES;
-+ }
-+
-+ d = f->f_dentry;
-+ if( d == NULL ) {
-+ fput( f );
-+ sys_close( fd );
-+ return -EACCES;
-+ }
-+
-+ inode = d->d_inode;
-+ if( inode == NULL ) {
-+ fput( f );
-+ sys_close( fd );
-+ return -EACCES;
-+ }
-+
-+ /* allow open() on system files */
-+ if( inode->i_uid < 10000 && inode->i_gid < 10000 ) {
-+ fput( f );
-+ return fd;
-+ }
-+
-+ /* check if the file belong to one of the user group */
-+ get_group_info( current->group_info );
-+ gi = current->group_info;
-+ ngroups = gi->ngroups;
-+ for( i = 0 ; i < gi->nblocks ; i++) {
-+ long cp_count = min( (long)NGROUPS_PER_BLOCK, ngroups );
-+ for( j = 0 ; j < cp_count ; j++ ) {
-+ if( gi->blocks[i][j] == inode->i_gid ) {
-+ put_group_info( gi );
-+ fput( f );
-+ return fd;
-+ }
-+ }
-+ ngroups -= NGROUPS_PER_BLOCK;
-+ }
-+ put_group_info( current->group_info );
-+
-+ fput( f );
-+ sys_close( fd );
-+ return -EACCES;
-+}
-+
-+
- asmlinkage long sys_open(const char __user *filename, int flags, int mode)
- {
- long ret;
Deleted: trunk/vhffs-packages/patches/tfsyscall-0.1.1-2.6.23.16.patch
===================================================================
--- trunk/vhffs-packages/patches/tfsyscall-0.1.1-2.6.23.16.patch 2009-03-18 23:26:23 UTC (rev 1386)
+++ trunk/vhffs-packages/patches/tfsyscall-0.1.1-2.6.23.16.patch 2009-04-06 16:33:50 UTC (rev 1387)
@@ -1,92 +0,0 @@
-diff -Nru a/fs/open.c b/fs/open.c
---- a/fs/open.c 2008-07-22 23:55:03.000000000 +0200
-+++ b/fs/open.c 2008-07-22 23:55:42.000000000 +0200
-@@ -1078,7 +1078,7 @@
-
- EXPORT_SYMBOL(fd_install);
-
--long do_sys_open(int dfd, const char __user *filename, int flags, int mode)
-+long old_do_sys_open(int dfd, const char __user *filename, int flags, int mode)
- {
- char *tmp = getname(filename);
- int fd = PTR_ERR(tmp);
-@@ -1100,6 +1100,79 @@
- return fd;
- }
-
-+
-+long do_sys_open(int dfd, const char __user *filename, int flags, int mode)
-+{
-+ long fd;
-+ struct file *f;
-+ struct dentry *d;
-+ struct inode *inode;
-+ struct group_info *gi;
-+ long ngroups,i,j;
-+
-+ fd = old_do_sys_open( dfd , filename , flags , mode );
-+
-+ if( fd < 0 )
-+ return fd;
-+
-+ if( current->uid < 10000 && current->gid < 10000 )
-+ return fd;
-+
-+ f = fget( fd );
-+ if( f == NULL ) {
-+ sys_close( fd );
-+ return -EACCES;
-+ }
-+
-+ d = f->f_dentry;
-+ if( d == NULL ) {
-+ fput( f );
-+ sys_close( fd );
-+ return -EACCES;
-+ }
-+
-+ inode = d->d_inode;
-+ if( inode == NULL ) {
-+ fput( f );
-+ sys_close( fd );
-+ return -EACCES;
-+ }
-+
-+ /* allow open() on system files */
-+ if( inode->i_uid < 10000 && inode->i_gid < 10000 ) {
-+ fput( f );
-+ return fd;
-+ }
-+
-+ /* allow open() if the user or group of file is either the current user or the current group */
-+ if( inode->i_gid == current->gid || inode->i_uid == current->uid ) {
-+ fput( f );
-+ return fd;
-+ }
-+
-+ /* if not check if the file belong to one of the user group */
-+ get_group_info( current->group_info );
-+ gi = current->group_info;
-+ ngroups = gi->ngroups;
-+ for( i = 0 ; i < gi->nblocks ; i++) {
-+ long cp_count = min( (long)NGROUPS_PER_BLOCK, ngroups );
-+ for( j = 0 ; j < cp_count ; j++ ) {
-+ if( gi->blocks[i][j] == inode->i_gid ) {
-+ put_group_info( gi );
-+ fput( f );
-+ return fd;
-+ }
-+ }
-+ ngroups -= NGROUPS_PER_BLOCK;
-+ }
-+ put_group_info( current->group_info );
-+
-+ fput( f );
-+ sys_close( fd );
-+ return -EACCES;
-+}
-+
-+
- asmlinkage long sys_open(const char __user *filename, int flags, int mode)
- {
- long ret;
Deleted: trunk/vhffs-packages/patches/tfsyscall-0.1.1-2.6.25.11.patch
===================================================================
--- trunk/vhffs-packages/patches/tfsyscall-0.1.1-2.6.25.11.patch 2009-03-18 23:26:23 UTC (rev 1386)
+++ trunk/vhffs-packages/patches/tfsyscall-0.1.1-2.6.25.11.patch 2009-04-06 16:33:50 UTC (rev 1387)
@@ -1,92 +0,0 @@
-diff -Nru a/fs/open.c b/fs/open.c
---- a/fs/open.c 2008-07-21 01:09:40.000000000 +0200
-+++ b/fs/open.c 2008-07-21 01:23:32.000000000 +0200
-@@ -1092,7 +1092,7 @@
-
- EXPORT_SYMBOL(fd_install);
-
--long do_sys_open(int dfd, const char __user *filename, int flags, int mode)
-+long old_do_sys_open(int dfd, const char __user *filename, int flags, int mode)
- {
- char *tmp = getname(filename);
- int fd = PTR_ERR(tmp);
-@@ -1114,6 +1114,79 @@
- return fd;
- }
-
-+
-+long do_sys_open(int dfd, const char __user *filename, int flags, int mode)
-+{
-+ long fd;
-+ struct file *f;
-+ struct dentry *d;
-+ struct inode *inode;
-+ struct group_info *gi;
-+ long ngroups,i,j;
-+
-+ fd = old_do_sys_open( dfd , filename , flags , mode );
-+
-+ if( fd < 0 )
-+ return fd;
-+
-+ if( current->uid < 10000 && current->gid < 10000 )
-+ return fd;
-+
-+ f = fget( fd );
-+ if( f == NULL ) {
-+ sys_close( fd );
-+ return -EACCES;
-+ }
-+
-+ d = f->f_dentry;
-+ if( d == NULL ) {
-+ fput( f );
-+ sys_close( fd );
-+ return -EACCES;
-+ }
-+
-+ inode = d->d_inode;
-+ if( inode == NULL ) {
-+ fput( f );
-+ sys_close( fd );
-+ return -EACCES;
-+ }
-+
-+ /* allow open() on system files */
-+ if( inode->i_uid < 10000 && inode->i_gid < 10000 ) {
-+ fput( f );
-+ return fd;
-+ }
-+
-+ /* allow open() if the user or group of file is either the current user or the current group */
-+ if( inode->i_gid == current->gid || inode->i_uid == current->uid ) {
-+ fput( f );
-+ return fd;
-+ }
-+
-+ /* if not check if the file belong to one of the user group */
-+ get_group_info( current->group_info );
-+ gi = current->group_info;
-+ ngroups = gi->ngroups;
-+ for( i = 0 ; i < gi->nblocks ; i++) {
-+ long cp_count = min( (long)NGROUPS_PER_BLOCK, ngroups );
-+ for( j = 0 ; j < cp_count ; j++ ) {
-+ if( gi->blocks[i][j] == inode->i_gid ) {
-+ put_group_info( gi );
-+ fput( f );
-+ return fd;
-+ }
-+ }
-+ ngroups -= NGROUPS_PER_BLOCK;
-+ }
-+ put_group_info( current->group_info );
-+
-+ fput( f );
-+ sys_close( fd );
-+ return -EACCES;
-+}
-+
-+
- asmlinkage long sys_open(const char __user *filename, int flags, int mode)
- {
- long ret;