| [vhffs-dev] [2291] ported suPHP patchs to suPHP 0.7.2 |
[ Thread Index |
Date Index
| More vhffs.org/vhffs-dev Archives
]
Revision: 2291
Author: gradator
Date: 2015-11-29 22:28:48 +0100 (Sun, 29 Nov 2015)
Log Message:
-----------
ported suPHP patchs to suPHP 0.7.2
Added Paths:
-----------
trunk/vhffs-patches/suphp/10_TuxFamily-suphp-0.7.2-1-directorygroupcheck.dpatch
trunk/vhffs-patches/suphp/11_TuxFamily-suphp-0.7.2-1-limits.dpatch
trunk/vhffs-patches/suphp/12_TuxFamily-suphp-0.7.2-1-add-targetmode-execute.dpatch
trunk/vhffs-patches/suphp/13_TuxFamily-suphp-0.7.2-1-free-bucket-in-discard-output.dpatch
Removed Paths:
-------------
trunk/vhffs-patches/suphp/10_TuxFamily-suphp-0.7.1-3-directorygroupcheck.dpatch
trunk/vhffs-patches/suphp/11_TuxFamily-suphp-0.7.1-3-limits.dpatch
trunk/vhffs-patches/suphp/12_TuxFamily-suphp-0.7.1-3-add-targetmode-execute.dpatch
trunk/vhffs-patches/suphp/13_TuxFamily-suphp-0.7.1-3-free-bucket-in-discard-output.dpatch
Deleted: trunk/vhffs-patches/suphp/10_TuxFamily-suphp-0.7.1-3-directorygroupcheck.dpatch
===================================================================
--- trunk/vhffs-patches/suphp/10_TuxFamily-suphp-0.7.1-3-directorygroupcheck.dpatch 2015-10-28 21:17:03 UTC (rev 2290)
+++ trunk/vhffs-patches/suphp/10_TuxFamily-suphp-0.7.1-3-directorygroupcheck.dpatch 2015-11-29 21:28:48 UTC (rev 2291)
@@ -1,59 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 10_TuxFamily-suphp-0.7.1-3-directorygroupcheck.dpatch
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: TuxFamily patch to relax the parent directory check on group instead
-## of user
-
-@DPATCH@
-diff -Nru a/src/Application.cpp b/src/Application.cpp
---- a/src/Application.cpp 2009-08-03 14:38:38.000000000 +0000
-+++ b/src/Application.cpp 2011-04-17 10:12:01.000000000 +0000
-@@ -314,8 +314,8 @@
- }
-
- // Check directory ownership and permissions
-- checkParentDirectories(realScriptFile, targetUser, config);
-- checkParentDirectories(scriptFile, targetUser, config);
-+ checkParentDirectories(realScriptFile, targetUser, targetGroup, config);
-+ checkParentDirectories(scriptFile, targetUser, targetGroup, config);
- }
-
- void suPHP::Application::checkProcessPermissions(
-@@ -540,17 +540,19 @@
-
-
- void suPHP::Application::checkParentDirectories(const File& file,
-- const UserInfo& owner,
-+ const UserInfo& user,
-+ const GroupInfo& group,
- const Configuration& config) const throw (SoftException) {
- File directory = file;
- Logger& logger = API_Helper::getSystemAPI().getSystemLogger();
- do {
- directory = directory.getParentDirectory();
-
-- UserInfo directoryOwner = directory.getUser();
-- if (directoryOwner != owner && !directoryOwner.isSuperUser()) {
-+ UserInfo directoryUser = directory.getUser();
-+ GroupInfo directoryGroup = directory.getGroup();
-+ if (directoryGroup != group && !directoryUser.isSuperUser()) {
- std::string error = "Directory " + directory.getPath()
-- + " is not owned by " + owner.getUsername();
-+ + " is not owned by group " + group.getGroupname();
- logger.logWarning(error);
- throw SoftException(error, __FILE__, __LINE__);
- }
-diff -Nru a/src/Application.hpp b/src/Application.hpp
---- a/src/Application.hpp 2009-08-03 14:38:38.000000000 +0000
-+++ b/src/Application.hpp 2011-04-17 10:13:22.000000000 +0000
-@@ -136,7 +136,8 @@
- * Checks ownership and permissions for parent directories
- */
- void checkParentDirectories(const File& file,
-- const UserInfo& owner,
-+ const UserInfo& user,
-+ const GroupInfo& group,
- const Configuration& config) const
- throw (SoftException);
-
Copied: trunk/vhffs-patches/suphp/10_TuxFamily-suphp-0.7.2-1-directorygroupcheck.dpatch (from rev 2290, trunk/vhffs-patches/suphp/10_TuxFamily-suphp-0.7.1-3-directorygroupcheck.dpatch)
===================================================================
--- trunk/vhffs-patches/suphp/10_TuxFamily-suphp-0.7.2-1-directorygroupcheck.dpatch (rev 0)
+++ trunk/vhffs-patches/suphp/10_TuxFamily-suphp-0.7.2-1-directorygroupcheck.dpatch 2015-11-29 21:28:48 UTC (rev 2291)
@@ -0,0 +1,59 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 10_TuxFamily-suphp-0.7.1-3-directorygroupcheck.dpatch
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: TuxFamily patch to relax the parent directory check on group instead
+## of user
+
+@DPATCH@
+diff -Nru a/src/Application.cpp b/src/Application.cpp
+--- a/src/Application.cpp 2013-05-20 11:24:54.000000000 +0000
++++ b/src/Application.cpp 2015-11-29 21:07:02.349613491 +0000
+@@ -314,8 +314,8 @@
+ }
+
+ // Check directory ownership and permissions
+- checkParentDirectories(realScriptFile, targetUser, config);
+- checkParentDirectories(scriptFile, targetUser, config);
++ checkParentDirectories(realScriptFile, targetUser, targetGroup, config);
++ checkParentDirectories(scriptFile, targetUser, targetGroup, config);
+ }
+
+ void suPHP::Application::checkProcessPermissions(
+@@ -542,17 +542,19 @@
+
+
+ void suPHP::Application::checkParentDirectories(const File& file,
+- const UserInfo& owner,
++ const UserInfo& user,
++ const GroupInfo& group,
+ const Configuration& config) const throw (SoftException) {
+ File directory = file;
+ Logger& logger = API_Helper::getSystemAPI().getSystemLogger();
+ do {
+ directory = directory.getParentDirectory();
+
+- UserInfo directoryOwner = directory.getUser();
+- if (directoryOwner != owner && !directoryOwner.isSuperUser()) {
++ UserInfo directoryUser = directory.getUser();
++ GroupInfo directoryGroup = directory.getGroup();
++ if (directoryGroup != group && !directoryUser.isSuperUser()) {
+ std::string error = "Directory " + directory.getPath()
+- + " is not owned by " + owner.getUsername();
++ + " is not owned by group " + group.getGroupname();
+ logger.logWarning(error);
+ throw SoftException(error, __FILE__, __LINE__);
+ }
+diff -Nru a/src/Application.hpp b/src/Application.hpp
+--- a/src/Application.hpp 2008-03-29 17:48:59.000000000 +0000
++++ b/src/Application.hpp 2015-11-29 21:07:02.349613491 +0000
+@@ -136,7 +136,8 @@
+ * Checks ownership and permissions for parent directories
+ */
+ void checkParentDirectories(const File& file,
+- const UserInfo& owner,
++ const UserInfo& user,
++ const GroupInfo& group,
+ const Configuration& config) const
+ throw (SoftException);
+
Deleted: trunk/vhffs-patches/suphp/11_TuxFamily-suphp-0.7.1-3-limits.dpatch
===================================================================
--- trunk/vhffs-patches/suphp/11_TuxFamily-suphp-0.7.1-3-limits.dpatch 2015-10-28 21:17:03 UTC (rev 2290)
+++ trunk/vhffs-patches/suphp/11_TuxFamily-suphp-0.7.1-3-limits.dpatch 2015-11-29 21:28:48 UTC (rev 2291)
@@ -1,526 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 11_TuxFamily-suphp-0.7.1-3-limits.dpatch
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: TuxFamily patch to add support for setrlimit(2)
-
-@DPATCH@
-diff -Nru a/doc/suphp.conf-example b/doc/suphp.conf-example
---- a/doc/suphp.conf-example 2014-07-05 20:12:50.000000000 +0000
-+++ b/doc/suphp.conf-example 2014-07-05 20:13:42.781764615 +0000
-@@ -39,6 +39,66 @@
- min_gid=100
-
-
-+[limits]
-+
-+;The maximum size of the process's virtual memory (address space) in Kbytes
-+as_soft=262144
-+as_hard=262144
-+
-+;Maximum size of core file in Kbytes
-+core_soft=0
-+core_hard=0
-+
-+;CPU time limit in seconds
-+cpu_soft=60
-+cpu_hard=60
-+
-+;The maximum size of the process's data segment in Kbytes
-+data_soft=65536
-+data_hard=65536
-+
-+;The maximum size of files that the process may create
-+fsize_soft=unlimited
-+fsize_hard=unlimited
-+
-+;A limit on the combined number of flock(2) locks and fcntl(2) leases that this process may establish
-+locks_soft=512
-+locks_hard=512
-+
-+;The maximum number of Kbytes of memory that may be locked into RAM
-+memlock_soft=0
-+memlock_hard=0
-+
-+;Specifies the limit on the number of Kbytes that can be allocated for POSIX message queues for the real user ID of the calling process
-+msgqueue_soft=800
-+msgqueue_hard=800
-+
-+;Specifies a ceiling to which the process's nice value can be raised using setpriority(2) or nice(2)
-+;The actual ceiling for the nice value is calculated as 20 - rlim_cur
-+nice_soft=0
-+nice_hard=0
-+
-+;Specifies a value one greater than the maximum file descriptor number that can be opened by this process
-+nofile_soft=512
-+nofile_hard=512
-+
-+;The maximum number of processes (or, more precisely on Linux, threads) that can be created for the real user ID of the calling process
-+nproc_soft=10
-+nproc_hard=10
-+
-+;Specifies a ceiling on the real-time priority that may be set for this process using sched_setscheduler(2) and sched_setparam(2)
-+rtprio_soft=0
-+rtprio_hard=0
-+
-+;Specifies the limit on the number of signals that may be queued for the real user ID of the calling process
-+sigpending_soft=1024
-+sigpending_hard=1024
-+
-+;The maximum size of the process stack, in Kbytes
-+stack_soft=8192
-+stack_hard=8192
-+
-+
- [handlers]
- ;Handler for php-scripts
- application/x-httpd-suphp="php:/usr/bin/php-cgi"
-diff -Nru a/src/Application.cpp b/src/Application.cpp
---- a/src/Application.cpp 2014-07-05 20:18:45.913493703 +0000
-+++ b/src/Application.cpp 2014-07-05 20:14:58.973696753 +0000
-@@ -19,6 +19,11 @@
- */
-
- #include <iostream>
-+// BEGIN -- TuxFamily limits patch
-+#include <unistd.h>
-+#include <sys/time.h>
-+#include <sys/resource.h>
-+// END -- TuxFamily limits patch
-
- #include "config.h"
-
-@@ -422,6 +427,83 @@
- throw (SystemException, SoftException, SecurityException) {
- API& api = API_Helper::getSystemAPI();
-
-+ // BEGIN -- TuxFamily limits patch
-+ // Change limits
-+ struct rlimit rl;
-+#ifdef RLIMIT_AS
-+ rl = config.getLimitAS();
-+ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
-+ setrlimit(RLIMIT_AS, &rl);
-+#endif
-+#ifdef RLIMIT_CORE
-+ rl = config.getLimitCore();
-+ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
-+ setrlimit(RLIMIT_CORE, &rl);
-+#endif
-+#ifdef RLIMIT_CPU
-+ rl = config.getLimitCPU();
-+ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
-+ setrlimit(RLIMIT_CPU, &rl);
-+#endif
-+#ifdef RLIMIT_DATA
-+ rl = config.getLimitData();
-+ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
-+ setrlimit(RLIMIT_DATA, &rl);
-+#endif
-+#ifdef RLIMIT_FSIZE
-+ rl = config.getLimitFSize();
-+ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
-+ setrlimit(RLIMIT_FSIZE, &rl);
-+#endif
-+#ifdef RLIMIT_LOCKS
-+ rl = config.getLimitLocks();
-+ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
-+ setrlimit(RLIMIT_LOCKS, &rl);
-+#endif
-+#ifdef RLIMIT_MEMLOCK
-+ rl = config.getLimitMemLock();
-+ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
-+ setrlimit(RLIMIT_MEMLOCK, &rl);
-+#endif
-+#ifdef RLIMIT_MSGQUEUE
-+ rl = config.getLimitMsgQueue();
-+ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
-+ setrlimit(RLIMIT_MSGQUEUE, &rl);
-+#endif
-+#ifdef RLIMIT_NICE
-+ rl = config.getLimitNice();
-+ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED) {
-+ setrlimit(RLIMIT_NICE, &rl);
-+ nice(rl.rlim_cur);
-+ }
-+#endif
-+#ifdef RLIMIT_NOFILE
-+ rl = config.getLimitNoFile();
-+ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
-+ setrlimit(RLIMIT_NOFILE, &rl);
-+#endif
-+#ifdef RLIMIT_NPROC
-+ rl = config.getLimitNProc();
-+ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
-+ setrlimit(RLIMIT_NPROC, &rl);
-+#endif
-+#ifdef RLIMIT_RTPRIO
-+ rl = config.getLimitRtPrio();
-+ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
-+ setrlimit(RLIMIT_RTPRIO, &rl);
-+#endif
-+#ifdef RLIMIT_SIGPENDING
-+ rl = config.getLimitSigPending();
-+ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
-+ setrlimit(RLIMIT_SIGPENDING, &rl);
-+#endif
-+#ifdef RLIMIT_STACK
-+ rl = config.getLimitStack();
-+ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
-+ setrlimit(RLIMIT_STACK, &rl);
-+#endif
-+ // END -- TuxFamily limits patch
-+
- // Set new group first, because we still need super-user privileges
- // for this
- api.setProcessGroup(targetGroup);
-diff -Nru a/src/Configuration.cpp b/src/Configuration.cpp
---- a/src/Configuration.cpp 2009-08-03 14:38:38.000000000 +0000
-+++ b/src/Configuration.cpp 2014-07-05 20:13:42.785764611 +0000
-@@ -20,6 +20,9 @@
-
- #include <string>
- #include <vector>
-+// BEGIN -- TuxFamily limits patch
-+#include <sstream>
-+// END -- TuxFamily limits patch
-
- #include "IniFile.hpp"
- #include "Util.hpp"
-@@ -65,6 +68,29 @@
- }
-
-
-+// BEGIN -- TuxFamily limits patch
-+rlim_t suPHP::Configuration::strToLimit(const std::string& bstr) {
-+
-+ std::string str = bstr;
-+ // Convert upper characters to lower characters
-+ for (int i=0; i<str.size(); i++) {
-+ if (str[i] >= 65 && str[i] <= 90)
-+ str[i] += 32;
-+ }
-+
-+ if (str == std::string("unlimited")) {
-+ return RLIM_INFINITY;
-+ } else {
-+ rlim_t lim = SUPHP_LIMIT_UNDEFINED;
-+ std::istringstream istr;
-+ istr.str(str);
-+ istr >> lim;
-+ return lim;
-+ }
-+}
-+// END -- TuxFamily limits patch
-+
-+
- LogLevel suPHP::Configuration::strToLogLevel(const std::string& str) const
- throw (ParsingException) {
- if (str == "none")
-@@ -112,6 +138,36 @@
- #endif
- this->umask = 0077;
- this->chroot_path = "";
-+ // BEGIN -- TuxFamily limits patch
-+ this->limit_as.rlim_cur = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_as.rlim_max = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_core.rlim_cur = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_core.rlim_max = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_cpu.rlim_cur = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_cpu.rlim_max = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_data.rlim_cur = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_data.rlim_max = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_fsize.rlim_cur = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_fsize.rlim_max = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_locks.rlim_cur = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_locks.rlim_max = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_memlock.rlim_cur = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_memlock.rlim_max = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_msgqueue.rlim_cur = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_msgqueue.rlim_max = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_nice.rlim_cur = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_nice.rlim_max = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_nofile.rlim_cur = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_nofile.rlim_max = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_nproc.rlim_cur = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_nproc.rlim_max = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_rtprio.rlim_cur = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_rtprio.rlim_max = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_sigpending.rlim_cur = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_sigpending.rlim_max = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_stack.rlim_cur = SUPHP_LIMIT_UNDEFINED;
-+ this->limit_stack.rlim_max = SUPHP_LIMIT_UNDEFINED;
-+ // END -- TuxFamily limits patch
- }
-
- void suPHP::Configuration::readFromFile(File& file)
-@@ -178,7 +234,130 @@
- this->handlers.insert(p);
- }
- }
--
-+
-+ // BEGIN -- TuxFamily limits patch
-+ // Get limits
-+ if (ini.hasSection("limits")) {
-+ IniSection sect = ini.getSection("limits");
-+ std::vector<std::string> keys = sect.getKeys();
-+ std::vector<std::string>::iterator i;
-+ for (i = keys.begin(); i < keys.end(); i++) {
-+ std::string key = *i;
-+ std::string value = sect.getValue(key);
-+
-+ if (key == "as_soft") {
-+ this->limit_as.rlim_cur = this->strToLimit(value);
-+ if(this->limit_as.rlim_cur != RLIM_INFINITY)
-+ this->limit_as.rlim_cur <<= 10;
-+ }
-+ else if (key == "as_hard") {
-+ this->limit_as.rlim_max = this->strToLimit(value);
-+ if(this->limit_as.rlim_max != RLIM_INFINITY)
-+ this->limit_as.rlim_max <<= 10;
-+ }
-+
-+ else if (key == "core_soft") {
-+ this->limit_core.rlim_cur = this->strToLimit(value);
-+ if(this->limit_core.rlim_cur != RLIM_INFINITY)
-+ this->limit_core.rlim_cur <<= 10;
-+ }
-+ else if (key == "core_hard") {
-+ this->limit_core.rlim_max = this->strToLimit(value);
-+ if(this->limit_core.rlim_max != RLIM_INFINITY)
-+ this->limit_core.rlim_max <<= 10;
-+ }
-+
-+ else if (key == "cpu_soft")
-+ this->limit_cpu.rlim_cur = this->strToLimit(value);
-+ else if (key == "cpu_hard")
-+ this->limit_cpu.rlim_max = this->strToLimit(value);
-+
-+ else if (key == "data_soft") {
-+ this->limit_data.rlim_cur = this->strToLimit(value);
-+ if(this->limit_data.rlim_cur != RLIM_INFINITY)
-+ this->limit_data.rlim_cur <<= 10;
-+ }
-+ else if (key == "data_hard") {
-+ this->limit_data.rlim_max = this->strToLimit(value);
-+ if(this->limit_data.rlim_max != RLIM_INFINITY)
-+ this->limit_data.rlim_max <<= 10;
-+ }
-+
-+ else if (key == "fsize_soft")
-+ this->limit_fsize.rlim_cur = this->strToLimit(value);
-+ else if (key == "fsize_hard")
-+ this->limit_fsize.rlim_max = this->strToLimit(value);
-+
-+ else if (key == "locks_soft")
-+ this->limit_locks.rlim_cur = this->strToLimit(value);
-+ else if (key == "locks_hard")
-+ this->limit_locks.rlim_max = this->strToLimit(value);
-+
-+ else if (key == "memlock_soft") {
-+ this->limit_memlock.rlim_cur = this->strToLimit(value);
-+ if(this->limit_memlock.rlim_cur != RLIM_INFINITY)
-+ this->limit_memlock.rlim_cur <<= 10;
-+ }
-+ else if (key == "memlock_hard") {
-+ this->limit_memlock.rlim_max = this->strToLimit(value);
-+ if(this->limit_memlock.rlim_max != RLIM_INFINITY)
-+ this->limit_memlock.rlim_max <<= 10;
-+ }
-+
-+ else if (key == "msgqueue_soft") {
-+ this->limit_msgqueue.rlim_cur = this->strToLimit(value);
-+ if(this->limit_msgqueue.rlim_cur != RLIM_INFINITY)
-+ this->limit_msgqueue.rlim_cur <<= 10;
-+ }
-+ else if (key == "msgqueue_hard") {
-+ this->limit_msgqueue.rlim_max = this->strToLimit(value);
-+ if(this->limit_msgqueue.rlim_max != RLIM_INFINITY)
-+ this->limit_msgqueue.rlim_max <<= 10;
-+ }
-+
-+ else if (key == "nice_soft")
-+ this->limit_nice.rlim_cur = this->strToLimit(value);
-+ else if (key == "nice_hard")
-+ this->limit_nice.rlim_max = this->strToLimit(value);
-+
-+ else if (key == "nofile_soft")
-+ this->limit_nofile.rlim_cur = this->strToLimit(value);
-+ else if (key == "nofile_hard")
-+ this->limit_nofile.rlim_max = this->strToLimit(value);
-+
-+ else if (key == "nproc_soft")
-+ this->limit_nproc.rlim_cur = this->strToLimit(value);
-+ else if (key == "nproc_hard")
-+ this->limit_nproc.rlim_max = this->strToLimit(value);
-+
-+ else if (key == "rtprio_soft")
-+ this->limit_rtprio.rlim_cur = this->strToLimit(value);
-+ else if (key == "rtprio_hard")
-+ this->limit_rtprio.rlim_max = this->strToLimit(value);
-+
-+ else if (key == "sigpending_soft")
-+ this->limit_sigpending.rlim_cur = this->strToLimit(value);
-+ else if (key == "sigpending_hard")
-+ this->limit_sigpending.rlim_max = this->strToLimit(value);
-+
-+ else if (key == "stack_soft") {
-+ this->limit_stack.rlim_cur = this->strToLimit(value);
-+ if(this->limit_stack.rlim_cur != RLIM_INFINITY)
-+ this->limit_stack.rlim_cur <<= 10;
-+ }
-+ else if (key == "stack_hard") {
-+ this->limit_stack.rlim_max = this->strToLimit(value);
-+ if(this->limit_stack.rlim_max != RLIM_INFINITY)
-+ this->limit_stack.rlim_max <<= 10;
-+ }
-+
-+ else
-+ throw ParsingException("Unknown option \"" + key +
-+ "\" in section [global]",
-+ __FILE__, __LINE__);
-+ }
-+ }
-+ // END -- TuxFamily limits patch
- }
-
- std::string suPHP::Configuration::getLogfile() const {
-@@ -250,3 +429,61 @@
- std::string suPHP::Configuration::getChrootPath() const {
- return this->chroot_path;
- }
-+
-+// BEGIN -- TuxFamily limits patch
-+struct rlimit suPHP::Configuration::getLimitAS() const {
-+ return this->limit_as;
-+}
-+
-+struct rlimit suPHP::Configuration::getLimitCore() const {
-+ return this->limit_core;
-+}
-+
-+struct rlimit suPHP::Configuration::getLimitCPU() const {
-+ return this->limit_cpu;
-+}
-+
-+struct rlimit suPHP::Configuration::getLimitData() const {
-+ return this->limit_data;
-+}
-+
-+struct rlimit suPHP::Configuration::getLimitFSize() const {
-+ return this->limit_fsize;
-+}
-+
-+struct rlimit suPHP::Configuration::getLimitLocks() const {
-+ return this->limit_locks;
-+}
-+
-+struct rlimit suPHP::Configuration::getLimitMemLock() const {
-+ return this->limit_memlock;
-+}
-+
-+struct rlimit suPHP::Configuration::getLimitMsgQueue() const {
-+ return this->limit_msgqueue;
-+}
-+
-+struct rlimit suPHP::Configuration::getLimitNice() const {
-+ return this->limit_nice;
-+}
-+
-+struct rlimit suPHP::Configuration::getLimitNoFile() const {
-+ return this->limit_nofile;
-+}
-+
-+struct rlimit suPHP::Configuration::getLimitNProc() const {
-+ return this->limit_nproc;
-+}
-+
-+struct rlimit suPHP::Configuration::getLimitRtPrio() const {
-+ return this->limit_rtprio;
-+}
-+
-+struct rlimit suPHP::Configuration::getLimitSigPending() const {
-+ return this->limit_sigpending;
-+}
-+
-+struct rlimit suPHP::Configuration::getLimitStack() const {
-+ return this->limit_stack;
-+}
-+// END -- TuxFamily limits patch
-diff -Nru a/src/Configuration.hpp b/src/Configuration.hpp
---- a/src/Configuration.hpp 2009-08-03 14:38:38.000000000 +0000
-+++ b/src/Configuration.hpp 2014-07-05 20:13:42.785764611 +0000
-@@ -30,6 +30,11 @@
- #include <map>
- #include <vector>
-
-+// BEGIN -- TuxFamily limits patch
-+#include <sys/resource.h>
-+#define SUPHP_LIMIT_UNDEFINED -34826
-+// END -- TuxFamily limits patch
-+
- #include "ParsingException.hpp"
- #include "IOException.hpp"
- #include "File.hpp"
-@@ -59,6 +64,23 @@
- int umask;
- std::string chroot_path;
-
-+ // BEGIN -- TuxFamily limits patch
-+ struct rlimit limit_as;
-+ struct rlimit limit_core;
-+ struct rlimit limit_cpu;
-+ struct rlimit limit_data;
-+ struct rlimit limit_fsize;
-+ struct rlimit limit_locks;
-+ struct rlimit limit_memlock;
-+ struct rlimit limit_msgqueue;
-+ struct rlimit limit_nice;
-+ struct rlimit limit_nofile;
-+ struct rlimit limit_nproc;
-+ struct rlimit limit_rtprio;
-+ struct rlimit limit_sigpending;
-+ struct rlimit limit_stack;
-+ // END -- TuxFamily limits patch
-+
- /**
- * Converts string to bool
- */
-@@ -70,6 +92,11 @@
- LogLevel strToLogLevel(const std::string& str) const
- throw (ParsingException);
-
-+ // BEGIN -- TuxFamily limits patch
-+ // Convert limit value to rlim_t
-+ rlim_t strToLimit(const std::string& bstr);
-+ // END -- TuxFamily limits patch
-+
- public:
- /**
- * Constructor, initializes configuration with default values.
-@@ -166,6 +193,24 @@
- * Return chroot path
- */
- std::string getChrootPath() const;
-+
-+ // BEGIN -- TuxFamily limits patch
-+ // Accessor methods to fetch limit values
-+ struct rlimit getLimitAS() const;
-+ struct rlimit getLimitCore() const;
-+ struct rlimit getLimitCPU() const;
-+ struct rlimit getLimitData() const;
-+ struct rlimit getLimitFSize() const;
-+ struct rlimit getLimitLocks() const;
-+ struct rlimit getLimitMemLock() const;
-+ struct rlimit getLimitMsgQueue() const;
-+ struct rlimit getLimitNice() const;
-+ struct rlimit getLimitNoFile() const;
-+ struct rlimit getLimitNProc() const;
-+ struct rlimit getLimitRtPrio() const;
-+ struct rlimit getLimitSigPending() const;
-+ struct rlimit getLimitStack() const;
-+ // END -- TuxFamily limits patch
- };
- };
-
Copied: trunk/vhffs-patches/suphp/11_TuxFamily-suphp-0.7.2-1-limits.dpatch (from rev 2290, trunk/vhffs-patches/suphp/11_TuxFamily-suphp-0.7.1-3-limits.dpatch)
===================================================================
--- trunk/vhffs-patches/suphp/11_TuxFamily-suphp-0.7.2-1-limits.dpatch (rev 0)
+++ trunk/vhffs-patches/suphp/11_TuxFamily-suphp-0.7.2-1-limits.dpatch 2015-11-29 21:28:48 UTC (rev 2291)
@@ -0,0 +1,526 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 11_TuxFamily-suphp-0.7.1-3-limits.dpatch
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: TuxFamily patch to add support for setrlimit(2)
+
+@DPATCH@
+diff -Nru a/doc/suphp.conf-example b/doc/suphp.conf-example
+--- a/doc/suphp.conf-example 2015-11-29 21:13:41.236323716 +0000
++++ b/doc/suphp.conf-example 2015-11-29 21:13:27.240509249 +0000
+@@ -39,6 +39,66 @@
+ min_gid=100
+
+
++[limits]
++
++;The maximum size of the process's virtual memory (address space) in Kbytes
++as_soft=262144
++as_hard=262144
++
++;Maximum size of core file in Kbytes
++core_soft=0
++core_hard=0
++
++;CPU time limit in seconds
++cpu_soft=60
++cpu_hard=60
++
++;The maximum size of the process's data segment in Kbytes
++data_soft=65536
++data_hard=65536
++
++;The maximum size of files that the process may create
++fsize_soft=unlimited
++fsize_hard=unlimited
++
++;A limit on the combined number of flock(2) locks and fcntl(2) leases that this process may establish
++locks_soft=512
++locks_hard=512
++
++;The maximum number of Kbytes of memory that may be locked into RAM
++memlock_soft=0
++memlock_hard=0
++
++;Specifies the limit on the number of Kbytes that can be allocated for POSIX message queues for the real user ID of the calling process
++msgqueue_soft=800
++msgqueue_hard=800
++
++;Specifies a ceiling to which the process's nice value can be raised using setpriority(2) or nice(2)
++;The actual ceiling for the nice value is calculated as 20 - rlim_cur
++nice_soft=0
++nice_hard=0
++
++;Specifies a value one greater than the maximum file descriptor number that can be opened by this process
++nofile_soft=512
++nofile_hard=512
++
++;The maximum number of processes (or, more precisely on Linux, threads) that can be created for the real user ID of the calling process
++nproc_soft=10
++nproc_hard=10
++
++;Specifies a ceiling on the real-time priority that may be set for this process using sched_setscheduler(2) and sched_setparam(2)
++rtprio_soft=0
++rtprio_hard=0
++
++;Specifies the limit on the number of signals that may be queued for the real user ID of the calling process
++sigpending_soft=1024
++sigpending_hard=1024
++
++;The maximum size of the process stack, in Kbytes
++stack_soft=8192
++stack_hard=8192
++
++
+ [handlers]
+ ;Handler for php-scripts
+ application/x-httpd-suphp="php:/usr/bin/php-cgi"
+diff -Nru a/src/Application.cpp b/src/Application.cpp
+--- a/src/Application.cpp 2015-11-29 21:13:41.236323716 +0000
++++ b/src/Application.cpp 2015-11-29 21:13:27.240509249 +0000
+@@ -19,6 +19,11 @@
+ */
+
+ #include <iostream>
++// BEGIN -- TuxFamily limits patch
++#include <unistd.h>
++#include <sys/time.h>
++#include <sys/resource.h>
++// END -- TuxFamily limits patch
+
+ #include "config.h"
+
+@@ -422,6 +427,83 @@
+ throw (SystemException, SoftException, SecurityException) {
+ API& api = API_Helper::getSystemAPI();
+
++ // BEGIN -- TuxFamily limits patch
++ // Change limits
++ struct rlimit rl;
++#ifdef RLIMIT_AS
++ rl = config.getLimitAS();
++ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
++ setrlimit(RLIMIT_AS, &rl);
++#endif
++#ifdef RLIMIT_CORE
++ rl = config.getLimitCore();
++ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
++ setrlimit(RLIMIT_CORE, &rl);
++#endif
++#ifdef RLIMIT_CPU
++ rl = config.getLimitCPU();
++ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
++ setrlimit(RLIMIT_CPU, &rl);
++#endif
++#ifdef RLIMIT_DATA
++ rl = config.getLimitData();
++ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
++ setrlimit(RLIMIT_DATA, &rl);
++#endif
++#ifdef RLIMIT_FSIZE
++ rl = config.getLimitFSize();
++ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
++ setrlimit(RLIMIT_FSIZE, &rl);
++#endif
++#ifdef RLIMIT_LOCKS
++ rl = config.getLimitLocks();
++ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
++ setrlimit(RLIMIT_LOCKS, &rl);
++#endif
++#ifdef RLIMIT_MEMLOCK
++ rl = config.getLimitMemLock();
++ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
++ setrlimit(RLIMIT_MEMLOCK, &rl);
++#endif
++#ifdef RLIMIT_MSGQUEUE
++ rl = config.getLimitMsgQueue();
++ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
++ setrlimit(RLIMIT_MSGQUEUE, &rl);
++#endif
++#ifdef RLIMIT_NICE
++ rl = config.getLimitNice();
++ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED) {
++ setrlimit(RLIMIT_NICE, &rl);
++ nice(rl.rlim_cur);
++ }
++#endif
++#ifdef RLIMIT_NOFILE
++ rl = config.getLimitNoFile();
++ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
++ setrlimit(RLIMIT_NOFILE, &rl);
++#endif
++#ifdef RLIMIT_NPROC
++ rl = config.getLimitNProc();
++ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
++ setrlimit(RLIMIT_NPROC, &rl);
++#endif
++#ifdef RLIMIT_RTPRIO
++ rl = config.getLimitRtPrio();
++ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
++ setrlimit(RLIMIT_RTPRIO, &rl);
++#endif
++#ifdef RLIMIT_SIGPENDING
++ rl = config.getLimitSigPending();
++ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
++ setrlimit(RLIMIT_SIGPENDING, &rl);
++#endif
++#ifdef RLIMIT_STACK
++ rl = config.getLimitStack();
++ if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
++ setrlimit(RLIMIT_STACK, &rl);
++#endif
++ // END -- TuxFamily limits patch
++
+ // Set new group first, because we still need super-user privileges
+ // for this
+ api.setProcessGroup(targetGroup);
+diff -Nru a/src/Configuration.cpp b/src/Configuration.cpp
+--- a/src/Configuration.cpp 2015-11-29 21:13:41.236323716 +0000
++++ b/src/Configuration.cpp 2015-11-29 21:13:27.240509249 +0000
+@@ -20,6 +20,9 @@
+
+ #include <string>
+ #include <vector>
++// BEGIN -- TuxFamily limits patch
++#include <sstream>
++// END -- TuxFamily limits patch
+
+ #include "IniFile.hpp"
+ #include "Util.hpp"
+@@ -65,6 +68,29 @@
+ }
+
+
++// BEGIN -- TuxFamily limits patch
++rlim_t suPHP::Configuration::strToLimit(const std::string& bstr) {
++
++ std::string str = bstr;
++ // Convert upper characters to lower characters
++ for (int i=0; i<str.size(); i++) {
++ if (str[i] >= 65 && str[i] <= 90)
++ str[i] += 32;
++ }
++
++ if (str == std::string("unlimited")) {
++ return RLIM_INFINITY;
++ } else {
++ rlim_t lim = SUPHP_LIMIT_UNDEFINED;
++ std::istringstream istr;
++ istr.str(str);
++ istr >> lim;
++ return lim;
++ }
++}
++// END -- TuxFamily limits patch
++
++
+ LogLevel suPHP::Configuration::strToLogLevel(const std::string& str) const
+ throw (ParsingException) {
+ if (str == "none")
+@@ -112,6 +138,36 @@
+ #endif
+ this->umask = 0077;
+ this->chroot_path = "";
++ // BEGIN -- TuxFamily limits patch
++ this->limit_as.rlim_cur = SUPHP_LIMIT_UNDEFINED;
++ this->limit_as.rlim_max = SUPHP_LIMIT_UNDEFINED;
++ this->limit_core.rlim_cur = SUPHP_LIMIT_UNDEFINED;
++ this->limit_core.rlim_max = SUPHP_LIMIT_UNDEFINED;
++ this->limit_cpu.rlim_cur = SUPHP_LIMIT_UNDEFINED;
++ this->limit_cpu.rlim_max = SUPHP_LIMIT_UNDEFINED;
++ this->limit_data.rlim_cur = SUPHP_LIMIT_UNDEFINED;
++ this->limit_data.rlim_max = SUPHP_LIMIT_UNDEFINED;
++ this->limit_fsize.rlim_cur = SUPHP_LIMIT_UNDEFINED;
++ this->limit_fsize.rlim_max = SUPHP_LIMIT_UNDEFINED;
++ this->limit_locks.rlim_cur = SUPHP_LIMIT_UNDEFINED;
++ this->limit_locks.rlim_max = SUPHP_LIMIT_UNDEFINED;
++ this->limit_memlock.rlim_cur = SUPHP_LIMIT_UNDEFINED;
++ this->limit_memlock.rlim_max = SUPHP_LIMIT_UNDEFINED;
++ this->limit_msgqueue.rlim_cur = SUPHP_LIMIT_UNDEFINED;
++ this->limit_msgqueue.rlim_max = SUPHP_LIMIT_UNDEFINED;
++ this->limit_nice.rlim_cur = SUPHP_LIMIT_UNDEFINED;
++ this->limit_nice.rlim_max = SUPHP_LIMIT_UNDEFINED;
++ this->limit_nofile.rlim_cur = SUPHP_LIMIT_UNDEFINED;
++ this->limit_nofile.rlim_max = SUPHP_LIMIT_UNDEFINED;
++ this->limit_nproc.rlim_cur = SUPHP_LIMIT_UNDEFINED;
++ this->limit_nproc.rlim_max = SUPHP_LIMIT_UNDEFINED;
++ this->limit_rtprio.rlim_cur = SUPHP_LIMIT_UNDEFINED;
++ this->limit_rtprio.rlim_max = SUPHP_LIMIT_UNDEFINED;
++ this->limit_sigpending.rlim_cur = SUPHP_LIMIT_UNDEFINED;
++ this->limit_sigpending.rlim_max = SUPHP_LIMIT_UNDEFINED;
++ this->limit_stack.rlim_cur = SUPHP_LIMIT_UNDEFINED;
++ this->limit_stack.rlim_max = SUPHP_LIMIT_UNDEFINED;
++ // END -- TuxFamily limits patch
+ }
+
+ void suPHP::Configuration::readFromFile(File& file)
+@@ -178,7 +234,130 @@
+ this->handlers.insert(p);
+ }
+ }
+-
++
++ // BEGIN -- TuxFamily limits patch
++ // Get limits
++ if (ini.hasSection("limits")) {
++ IniSection sect = ini.getSection("limits");
++ std::vector<std::string> keys = sect.getKeys();
++ std::vector<std::string>::iterator i;
++ for (i = keys.begin(); i < keys.end(); i++) {
++ std::string key = *i;
++ std::string value = sect.getValue(key);
++
++ if (key == "as_soft") {
++ this->limit_as.rlim_cur = this->strToLimit(value);
++ if(this->limit_as.rlim_cur != RLIM_INFINITY)
++ this->limit_as.rlim_cur <<= 10;
++ }
++ else if (key == "as_hard") {
++ this->limit_as.rlim_max = this->strToLimit(value);
++ if(this->limit_as.rlim_max != RLIM_INFINITY)
++ this->limit_as.rlim_max <<= 10;
++ }
++
++ else if (key == "core_soft") {
++ this->limit_core.rlim_cur = this->strToLimit(value);
++ if(this->limit_core.rlim_cur != RLIM_INFINITY)
++ this->limit_core.rlim_cur <<= 10;
++ }
++ else if (key == "core_hard") {
++ this->limit_core.rlim_max = this->strToLimit(value);
++ if(this->limit_core.rlim_max != RLIM_INFINITY)
++ this->limit_core.rlim_max <<= 10;
++ }
++
++ else if (key == "cpu_soft")
++ this->limit_cpu.rlim_cur = this->strToLimit(value);
++ else if (key == "cpu_hard")
++ this->limit_cpu.rlim_max = this->strToLimit(value);
++
++ else if (key == "data_soft") {
++ this->limit_data.rlim_cur = this->strToLimit(value);
++ if(this->limit_data.rlim_cur != RLIM_INFINITY)
++ this->limit_data.rlim_cur <<= 10;
++ }
++ else if (key == "data_hard") {
++ this->limit_data.rlim_max = this->strToLimit(value);
++ if(this->limit_data.rlim_max != RLIM_INFINITY)
++ this->limit_data.rlim_max <<= 10;
++ }
++
++ else if (key == "fsize_soft")
++ this->limit_fsize.rlim_cur = this->strToLimit(value);
++ else if (key == "fsize_hard")
++ this->limit_fsize.rlim_max = this->strToLimit(value);
++
++ else if (key == "locks_soft")
++ this->limit_locks.rlim_cur = this->strToLimit(value);
++ else if (key == "locks_hard")
++ this->limit_locks.rlim_max = this->strToLimit(value);
++
++ else if (key == "memlock_soft") {
++ this->limit_memlock.rlim_cur = this->strToLimit(value);
++ if(this->limit_memlock.rlim_cur != RLIM_INFINITY)
++ this->limit_memlock.rlim_cur <<= 10;
++ }
++ else if (key == "memlock_hard") {
++ this->limit_memlock.rlim_max = this->strToLimit(value);
++ if(this->limit_memlock.rlim_max != RLIM_INFINITY)
++ this->limit_memlock.rlim_max <<= 10;
++ }
++
++ else if (key == "msgqueue_soft") {
++ this->limit_msgqueue.rlim_cur = this->strToLimit(value);
++ if(this->limit_msgqueue.rlim_cur != RLIM_INFINITY)
++ this->limit_msgqueue.rlim_cur <<= 10;
++ }
++ else if (key == "msgqueue_hard") {
++ this->limit_msgqueue.rlim_max = this->strToLimit(value);
++ if(this->limit_msgqueue.rlim_max != RLIM_INFINITY)
++ this->limit_msgqueue.rlim_max <<= 10;
++ }
++
++ else if (key == "nice_soft")
++ this->limit_nice.rlim_cur = this->strToLimit(value);
++ else if (key == "nice_hard")
++ this->limit_nice.rlim_max = this->strToLimit(value);
++
++ else if (key == "nofile_soft")
++ this->limit_nofile.rlim_cur = this->strToLimit(value);
++ else if (key == "nofile_hard")
++ this->limit_nofile.rlim_max = this->strToLimit(value);
++
++ else if (key == "nproc_soft")
++ this->limit_nproc.rlim_cur = this->strToLimit(value);
++ else if (key == "nproc_hard")
++ this->limit_nproc.rlim_max = this->strToLimit(value);
++
++ else if (key == "rtprio_soft")
++ this->limit_rtprio.rlim_cur = this->strToLimit(value);
++ else if (key == "rtprio_hard")
++ this->limit_rtprio.rlim_max = this->strToLimit(value);
++
++ else if (key == "sigpending_soft")
++ this->limit_sigpending.rlim_cur = this->strToLimit(value);
++ else if (key == "sigpending_hard")
++ this->limit_sigpending.rlim_max = this->strToLimit(value);
++
++ else if (key == "stack_soft") {
++ this->limit_stack.rlim_cur = this->strToLimit(value);
++ if(this->limit_stack.rlim_cur != RLIM_INFINITY)
++ this->limit_stack.rlim_cur <<= 10;
++ }
++ else if (key == "stack_hard") {
++ this->limit_stack.rlim_max = this->strToLimit(value);
++ if(this->limit_stack.rlim_max != RLIM_INFINITY)
++ this->limit_stack.rlim_max <<= 10;
++ }
++
++ else
++ throw ParsingException("Unknown option \"" + key +
++ "\" in section [global]",
++ __FILE__, __LINE__);
++ }
++ }
++ // END -- TuxFamily limits patch
+ }
+
+ std::string suPHP::Configuration::getLogfile() const {
+@@ -250,3 +429,61 @@
+ std::string suPHP::Configuration::getChrootPath() const {
+ return this->chroot_path;
+ }
++
++// BEGIN -- TuxFamily limits patch
++struct rlimit suPHP::Configuration::getLimitAS() const {
++ return this->limit_as;
++}
++
++struct rlimit suPHP::Configuration::getLimitCore() const {
++ return this->limit_core;
++}
++
++struct rlimit suPHP::Configuration::getLimitCPU() const {
++ return this->limit_cpu;
++}
++
++struct rlimit suPHP::Configuration::getLimitData() const {
++ return this->limit_data;
++}
++
++struct rlimit suPHP::Configuration::getLimitFSize() const {
++ return this->limit_fsize;
++}
++
++struct rlimit suPHP::Configuration::getLimitLocks() const {
++ return this->limit_locks;
++}
++
++struct rlimit suPHP::Configuration::getLimitMemLock() const {
++ return this->limit_memlock;
++}
++
++struct rlimit suPHP::Configuration::getLimitMsgQueue() const {
++ return this->limit_msgqueue;
++}
++
++struct rlimit suPHP::Configuration::getLimitNice() const {
++ return this->limit_nice;
++}
++
++struct rlimit suPHP::Configuration::getLimitNoFile() const {
++ return this->limit_nofile;
++}
++
++struct rlimit suPHP::Configuration::getLimitNProc() const {
++ return this->limit_nproc;
++}
++
++struct rlimit suPHP::Configuration::getLimitRtPrio() const {
++ return this->limit_rtprio;
++}
++
++struct rlimit suPHP::Configuration::getLimitSigPending() const {
++ return this->limit_sigpending;
++}
++
++struct rlimit suPHP::Configuration::getLimitStack() const {
++ return this->limit_stack;
++}
++// END -- TuxFamily limits patch
+diff -Nru a/src/Configuration.hpp b/src/Configuration.hpp
+--- a/src/Configuration.hpp 2015-11-29 21:13:41.236323716 +0000
++++ b/src/Configuration.hpp 2015-11-29 21:13:27.240509249 +0000
+@@ -30,6 +30,11 @@
+ #include <map>
+ #include <vector>
+
++// BEGIN -- TuxFamily limits patch
++#include <sys/resource.h>
++#define SUPHP_LIMIT_UNDEFINED -34826
++// END -- TuxFamily limits patch
++
+ #include "ParsingException.hpp"
+ #include "IOException.hpp"
+ #include "File.hpp"
+@@ -59,6 +64,23 @@
+ int umask;
+ std::string chroot_path;
+
++ // BEGIN -- TuxFamily limits patch
++ struct rlimit limit_as;
++ struct rlimit limit_core;
++ struct rlimit limit_cpu;
++ struct rlimit limit_data;
++ struct rlimit limit_fsize;
++ struct rlimit limit_locks;
++ struct rlimit limit_memlock;
++ struct rlimit limit_msgqueue;
++ struct rlimit limit_nice;
++ struct rlimit limit_nofile;
++ struct rlimit limit_nproc;
++ struct rlimit limit_rtprio;
++ struct rlimit limit_sigpending;
++ struct rlimit limit_stack;
++ // END -- TuxFamily limits patch
++
+ /**
+ * Converts string to bool
+ */
+@@ -70,6 +92,11 @@
+ LogLevel strToLogLevel(const std::string& str) const
+ throw (ParsingException);
+
++ // BEGIN -- TuxFamily limits patch
++ // Convert limit value to rlim_t
++ rlim_t strToLimit(const std::string& bstr);
++ // END -- TuxFamily limits patch
++
+ public:
+ /**
+ * Constructor, initializes configuration with default values.
+@@ -166,6 +193,24 @@
+ * Return chroot path
+ */
+ std::string getChrootPath() const;
++
++ // BEGIN -- TuxFamily limits patch
++ // Accessor methods to fetch limit values
++ struct rlimit getLimitAS() const;
++ struct rlimit getLimitCore() const;
++ struct rlimit getLimitCPU() const;
++ struct rlimit getLimitData() const;
++ struct rlimit getLimitFSize() const;
++ struct rlimit getLimitLocks() const;
++ struct rlimit getLimitMemLock() const;
++ struct rlimit getLimitMsgQueue() const;
++ struct rlimit getLimitNice() const;
++ struct rlimit getLimitNoFile() const;
++ struct rlimit getLimitNProc() const;
++ struct rlimit getLimitRtPrio() const;
++ struct rlimit getLimitSigPending() const;
++ struct rlimit getLimitStack() const;
++ // END -- TuxFamily limits patch
+ };
+ };
+
Deleted: trunk/vhffs-patches/suphp/12_TuxFamily-suphp-0.7.1-3-add-targetmode-execute.dpatch
===================================================================
--- trunk/vhffs-patches/suphp/12_TuxFamily-suphp-0.7.1-3-add-targetmode-execute.dpatch 2015-10-28 21:17:03 UTC (rev 2290)
+++ trunk/vhffs-patches/suphp/12_TuxFamily-suphp-0.7.1-3-add-targetmode-execute.dpatch 2015-11-29 21:28:48 UTC (rev 2291)
@@ -1,43 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 12_TuxFamily-suphp-0.7.1-3-add-targetmode-execute.dpatch
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: TuxFamily patch to add support for executing scripts with a chosen interpreter
-
-@DPATCH@
-diff -Nru a/src/Application.cpp b/src/Application.cpp
---- a/src/Application.cpp 2011-04-17 11:27:28.000000000 +0000
-+++ b/src/Application.cpp 2011-04-17 11:30:19.000000000 +0000
-@@ -583,6 +583,8 @@
- return TARGETMODE_PHP;
- else if (interpreter == "execute:!self")
- return TARGETMODE_SELFEXECUTE;
-+ else if (interpreter.substr(0, 8) == "execute:")
-+ return TARGETMODE_EXECUTE;
- else
- throw SecurityException("Unknown Interpreter: " + interpreter,
- __FILE__, __LINE__);
-@@ -608,6 +610,12 @@
- CommandLine cline;
- cline.putArgument(scriptFilename);
- API_Helper::getSystemAPI().execute(scriptFilename, cline, env);
-+ } else if (mode == TARGETMODE_EXECUTE) {
-+ std::string interpreterPath = interpreter.substr(8);
-+ CommandLine cline;
-+ cline.putArgument(interpreterPath);
-+ cline.putArgument(scriptFilename);
-+ API_Helper::getSystemAPI().execute(interpreterPath, cline, env);
- }
- } catch (SystemException& e) {
- throw SoftException("Could not execute script \"" + scriptFilename
-diff -Nru a/src/Application.hpp b/src/Application.hpp
---- a/src/Application.hpp 2011-04-17 10:15:36.000000000 +0000
-+++ b/src/Application.hpp 2011-04-17 11:27:40.000000000 +0000
-@@ -26,6 +26,7 @@
-
- enum TargetMode {
- TARGETMODE_PHP,
-+ TARGETMODE_EXECUTE,
- TARGETMODE_SELFEXECUTE
- };
-
Copied: trunk/vhffs-patches/suphp/12_TuxFamily-suphp-0.7.2-1-add-targetmode-execute.dpatch (from rev 2290, trunk/vhffs-patches/suphp/12_TuxFamily-suphp-0.7.1-3-add-targetmode-execute.dpatch)
===================================================================
--- trunk/vhffs-patches/suphp/12_TuxFamily-suphp-0.7.2-1-add-targetmode-execute.dpatch (rev 0)
+++ trunk/vhffs-patches/suphp/12_TuxFamily-suphp-0.7.2-1-add-targetmode-execute.dpatch 2015-11-29 21:28:48 UTC (rev 2291)
@@ -0,0 +1,43 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 12_TuxFamily-suphp-0.7.1-3-add-targetmode-execute.dpatch
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: TuxFamily patch to add support for executing scripts with a chosen interpreter
+
+@DPATCH@
+diff -Nru a/src/Application.cpp b/src/Application.cpp
+--- a/src/Application.cpp 2015-11-29 21:15:08.115172135 +0000
++++ b/src/Application.cpp 2015-11-29 21:15:24.594953716 +0000
+@@ -590,6 +590,8 @@
+ return TARGETMODE_PHP;
+ else if (interpreter == "execute:!self")
+ return TARGETMODE_SELFEXECUTE;
++ else if (interpreter.substr(0, 8) == "execute:")
++ return TARGETMODE_EXECUTE;
+ else
+ throw SecurityException("Unknown Interpreter: " + interpreter,
+ __FILE__, __LINE__);
+@@ -615,6 +617,12 @@
+ CommandLine cline;
+ cline.putArgument(scriptFilename);
+ API_Helper::getSystemAPI().execute(scriptFilename, cline, env);
++ } else if (mode == TARGETMODE_EXECUTE) {
++ std::string interpreterPath = interpreter.substr(8);
++ CommandLine cline;
++ cline.putArgument(interpreterPath);
++ cline.putArgument(scriptFilename);
++ API_Helper::getSystemAPI().execute(interpreterPath, cline, env);
+ }
+ } catch (SystemException& e) {
+ throw SoftException("Could not execute script \"" + scriptFilename
+diff -Nru a/src/Application.hpp b/src/Application.hpp
+--- a/src/Application.hpp 2015-11-29 21:12:24.805336969 +0000
++++ b/src/Application.hpp 2015-11-29 21:15:24.594953716 +0000
+@@ -26,6 +26,7 @@
+
+ enum TargetMode {
+ TARGETMODE_PHP,
++ TARGETMODE_EXECUTE,
+ TARGETMODE_SELFEXECUTE
+ };
+
Deleted: trunk/vhffs-patches/suphp/13_TuxFamily-suphp-0.7.1-3-free-bucket-in-discard-output.dpatch
===================================================================
--- trunk/vhffs-patches/suphp/13_TuxFamily-suphp-0.7.1-3-free-bucket-in-discard-output.dpatch 2015-10-28 21:17:03 UTC (rev 2290)
+++ trunk/vhffs-patches/suphp/13_TuxFamily-suphp-0.7.1-3-free-bucket-in-discard-output.dpatch 2015-11-29 21:28:48 UTC (rev 2291)
@@ -1,30 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 13_TuxFamily-suphp-0.7.1-3-free-bucket-in-discard-output.dpatch
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: TuxFamily patch to fix memory leak which makes Apache segfault due to memory exhaustion
-
-@DPATCH@
-diff -Nru a/src/apache2/mod_suphp.c b/src/apache2/mod_suphp.c
---- a/src/apache2/mod_suphp.c 2009-08-03 14:38:38.000000000 +0000
-+++ b/src/apache2/mod_suphp.c 2012-09-06 21:36:51.290474099 +0000
-@@ -523,17 +523,8 @@
-
- static void suphp_discard_output(apr_bucket_brigade *bb) {
- apr_bucket *b;
-- const char *buf;
-- apr_size_t len;
-- apr_status_t rv;
-- for (b = APR_BRIGADE_FIRST(bb); b != APR_BRIGADE_SENTINEL(bb); b = APR_BUCKET_NEXT(b)) {
-- if (APR_BUCKET_IS_EOS(b)) {
-- break;
-- }
-- rv = apr_bucket_read(b, &buf, &len, APR_BLOCK_READ);
-- if (rv != APR_SUCCESS) {
-- break;
-- }
-+ while ((b = APR_BRIGADE_FIRST(bb)) != APR_BRIGADE_SENTINEL(bb)) {
-+ APR_BUCKET_REMOVE(b);
- }
- }
-
Copied: trunk/vhffs-patches/suphp/13_TuxFamily-suphp-0.7.2-1-free-bucket-in-discard-output.dpatch (from rev 2290, trunk/vhffs-patches/suphp/13_TuxFamily-suphp-0.7.1-3-free-bucket-in-discard-output.dpatch)
===================================================================
--- trunk/vhffs-patches/suphp/13_TuxFamily-suphp-0.7.2-1-free-bucket-in-discard-output.dpatch (rev 0)
+++ trunk/vhffs-patches/suphp/13_TuxFamily-suphp-0.7.2-1-free-bucket-in-discard-output.dpatch 2015-11-29 21:28:48 UTC (rev 2291)
@@ -0,0 +1,30 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 13_TuxFamily-suphp-0.7.1-3-free-bucket-in-discard-output.dpatch
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: TuxFamily patch to fix memory leak which makes Apache segfault due to memory exhaustion
+
+@DPATCH@
+diff -Nru a/src/apache2/mod_suphp.c b/src/apache2/mod_suphp.c
+--- a/src/apache2/mod_suphp.c 2009-05-21 17:26:12.000000000 +0000
++++ b/src/apache2/mod_suphp.c 2015-11-29 21:17:16.709467957 +0000
+@@ -523,17 +523,8 @@
+
+ static void suphp_discard_output(apr_bucket_brigade *bb) {
+ apr_bucket *b;
+- const char *buf;
+- apr_size_t len;
+- apr_status_t rv;
+- for (b = APR_BRIGADE_FIRST(bb); b != APR_BRIGADE_SENTINEL(bb); b = APR_BUCKET_NEXT(b)) {
+- if (APR_BUCKET_IS_EOS(b)) {
+- break;
+- }
+- rv = apr_bucket_read(b, &buf, &len, APR_BLOCK_READ);
+- if (rv != APR_SUCCESS) {
+- break;
+- }
++ while ((b = APR_BRIGADE_FIRST(bb)) != APR_BRIGADE_SENTINEL(bb)) {
++ APR_BUCKET_REMOVE(b);
+ }
+ }
+