Hello community, here is the log from the commit of package fcgiwrap for openSUSE:Factory checked in at 2019-02-24 17:14:10 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/fcgiwrap (Old) and /work/SRC/openSUSE:Factory/.fcgiwrap.new.28833 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "fcgiwrap" Sun Feb 24 17:14:10 2019 rev:1 rq:673398 version:1.1.0+18+g99c942c Changes: -------- New Changes file: --- /dev/null 2018-10-29 14:05:42.522318975 +0100 +++ /work/SRC/openSUSE:Factory/.fcgiwrap.new.28833/fcgiwrap.changes 2019-02-24 17:14:16.644462554 +0100 @@ -0,0 +1,98 @@ +------------------------------------------------------------------- +Mon Feb 11 12:00:38 UTC 2019 - Martin Wilck <[email protected]> + +- Fix broken "supplements". + +------------------------------------------------------------------- +Mon Feb 11 10:57:20 UTC 2019 - Jan Engelhardt <[email protected]> + +- Ensure neutrality of description. +- Avoid bash-specific code in %postun. + +------------------------------------------------------------------- +Thu Feb 7 12:07:31 UTC 2019 - Martin Wilck <[email protected]> + +- Quit without listening socket + *added Quit-without-listening-socket.patch + +------------------------------------------------------------------- +Wed Feb 6 22:17:31 UTC 2019 - Martin Wilck <[email protected]> + +- Fix run-fcgiwrap script + * added fix-run-fcgiwrap-script.patch + +------------------------------------------------------------------- +Wed Feb 6 21:56:14 UTC 2019 - Martin Wilck <[email protected]> + +- Added fixes from reviewed upstream pull requests + * added Declare-cgi_error-noreturn.patch + (obsoletes fix-Werror-implicit-fallthrough-problem.patch) + * added fix-kill-parameter-sequence.patch + +------------------------------------------------------------------- +Wed Feb 06 21:33:18 UTC 2019 - [email protected] + +- Update to version 1.1.0+18+g99c942c: + * Add documentation for FCGI_CHDIR + * Explicit license info in README and COPYING + * Clean up unix socket on exit so we can start properly. + * Let chdir be overriden with FCGI_CHDIR + * prefork: Fix 100% CPU usage in parent process + +------------------------------------------------------------------- +Wed Feb 06 21:05:37 UTC 2019 - [email protected] + +- Update to version 1.1.0+1.g3a94c23: + * Add `-p path` option to restrict scripts + * support -p option in sysconfig + (added support-p-flag-in-sysconfig.patch) + +------------------------------------------------------------------- +Wed Feb 6 20:38:05 UTC 2019 - Martin Wilck <[email protected]> + +- Moved systemd service files to separate package fcgiwrap-nginx + and added sysconfig + * added support-p-flag-in-sysconfig.patch +- Fixed dependencies + +------------------------------------------------------------------- +Tue Feb 5 23:12:09 UTC 2019 - Martin Wilck <[email protected]> + +- Use very weak dependencies for spawn-fcgi and nginx + +------------------------------------------------------------------- +Tue Feb 5 22:40:38 UTC 2019 - Martin Wilck <[email protected]> + +- SUSE / nginx adaptations + * added fix-configure.ac-test-for-libsytemd.patch + * added adapt-user-and-group-for-nginx.patch + +------------------------------------------------------------------- +Fri Feb 08 2013 Hiroaki Nakamura <[email protected]> + +- 1.1.0-1 +- new upstream release. + +------------------------------------------------------------------- +Fri Jan 11 2013 Hiroaki Nakamura <[email protected]> + +- 1.0.3.20120908-1 +- Change version to increase monotonously. + +------------------------------------------------------------------- +Wed Jan 9 2013 Hiroaki Nakamura <[email protected]> + +- 1.0.3-3.gitb9f03e6377 +- Make the rpm relocatable. + +------------------------------------------------------------------- +Tue Dec 25 2012 Hiroaki Nakamura <[email protected]> + + - 1.0.3-2.gitb9f03e6377 + +------------------------------------------------------------------- +Tue Jan 31 2012 Craig Barnes <[email protected]> + +- 1.0.3-1.git1328862 +- Initial package + New: ---- Declare-cgi_error-noreturn.patch Quit-without-listening-socket.patch _service _servicedata adapt-user-and-group-for-nginx.patch add-environment-variable-for-number-of-workers.patch fcgiwrap-1.1.0+18+g99c942c.tar.xz fcgiwrap.changes fcgiwrap.spec fix-configure.ac-test-for-libsytemd.patch fix-kill-parameter-sequence.patch fix-run-fcgiwrap-script.patch support-p-flag-in-sysconfig.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ fcgiwrap.spec ++++++ # # spec file for package fcgiwrap # # Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # %if ! %{defined _fillupdir} %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif %if ! %{defined make_build} %define make_build make %{?_smp_mflags} %endif Name: fcgiwrap Version: 1.1.0+18+g99c942c Release: 0 Summary: FastCGI wrapper for CGI scripts License: MIT Group: Productivity/Networking/Web/Servers URL: https://github.com/gnosek/fcgiwrap Source0: fcgiwrap-%{version}.tar.xz Patch0: fix-configure.ac-test-for-libsytemd.patch Patch1: adapt-user-and-group-for-nginx.patch Patch2: add-environment-variable-for-number-of-workers.patch Patch3: Declare-cgi_error-noreturn.patch Patch4: support-p-flag-in-sysconfig.patch Patch5: fix-kill-parameter-sequence.patch Patch6: fix-run-fcgiwrap-script.patch Patch7: Quit-without-listening-socket.patch BuildRequires: FastCGI-devel BuildRequires: autoconf BuildRequires: automake BuildRequires: pkgconfig BuildRequires: pkgconfig(libsystemd) Requires(post): %fillup_prereq Suggests: spawn-fcgi %systemd_requires %{?systemd_requires} %description fcgiwrap is a server for running CGI applications over FastCGI. It provides CGI support to Nginx (and other web servers that may need it). Apache and lighthttpd don't need it, as they spawn FastCGI workers on demand. %package nginx Summary: System services for using fcgiwrap with nginx Group: Productivity/Networking/Web/Servers Requires: %{name} # Because of nginx user/group Requires: nginx # fcgiwrap is useful if nginx is to be used with FastCGI scripts Supplements: packageand(nginx:libfcgi0) %description nginx This package provides systemd unit files to run a set of fcgiwrap processes ready for use with nginx or other web servers. %prep %setup -q %autopatch -p1 %build autoreconf -v -i %configure --with-systemd --prefix='' CFLAGS="-I/usr/include/fastcgi" %make_build %install %make_install install -d -m 0755 %{buildroot}%{_unitdir} install -m 0755 -t %{buildroot}%{_sbindir} systemd/run-fcgiwrap install -m 0644 -t %{buildroot}%{_unitdir} systemd/fcgiwrap.{socket,service} install -d %{buildroot}%{_fillupdir} install -m 644 -t %{buildroot}%{_fillupdir} systemd/sysconfig.fcgiwrap %pre nginx %service_add_pre fcgiwrap.socket fcgiwrap.service %post nginx %fillup_only %service_add_post fcgiwrap.socket fcgiwrap.service %preun nginx %service_del_preun fcgiwrap.service fcgiwrap.socket %postun nginx %service_del_postun fcgiwrap.service # restarting the socket fails if service is active if [ -x /usr/bin/systemctl ] && ! systemctl is-active fcgiwrap.service >/dev/null 2>&1; then %service_del_postun fcgiwrap.socket fi %files %doc README.rst %license COPYING %{_sbindir}/fcgiwrap %{_mandir}/man8/fcgiwrap.8%{?ext_man} %files nginx %{_sbindir}/run-fcgiwrap %{_unitdir}/* %{_fillupdir}/sysconfig.fcgiwrap %changelog ++++++ Declare-cgi_error-noreturn.patch ++++++ >From bd00af48ca0b0165eea66f47cd9556ac4cee7219 Mon Sep 17 00:00:00 2001 From: Peter Colberg <[email protected]> Date: Sat, 5 Aug 2017 11:58:26 -0400 Subject: [PATCH 1/2] Declare cgi_error noreturn This declares the function cgi_error with the attribute __noreturn__ to hint to GCC/Clang that the function exits the program and to prevent implicit-fallthrough warnings in the function handle_fcgi_request. --- fcgiwrap.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fcgiwrap.c b/fcgiwrap.c index b44d8aa..751c100 100644 --- a/fcgiwrap.c +++ b/fcgiwrap.c @@ -500,6 +500,7 @@ static bool is_allowed_program(const char *program) { return false; } +__attribute__((__noreturn__)) static void cgi_error(const char *message, const char *reason, const char *filename) { printf("Status: %s\r\nContent-Type: text/plain\r\n\r\n%s\r\n", -- 2.20.1 ++++++ Quit-without-listening-socket.patch ++++++ >From bb0316d5ba97296fc1a76625ca7780f33a0dc82f Mon Sep 17 00:00:00 2001 From: Martin Wilck <[email protected]> Date: Thu, 7 Feb 2019 13:05:11 +0100 Subject: [PATCH] Quit without listening socket Quit if systemd doesn't pass a valid socket, and no -s parameter given. Otherwise fcgiwrap may try listening on stdin, with bad results. --- fcgiwrap.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/fcgiwrap.c b/fcgiwrap.c index 0fed56e..6ebc4be 100644 --- a/fcgiwrap.c +++ b/fcgiwrap.c @@ -804,7 +804,7 @@ int main(int argc, char **argv) { int nchildren = 1; char *socket_url = NULL; - int fd = 0; + int fd = -1; int c; while ((c = getopt(argc, argv, "c:hfs:p:")) != -1) { @@ -866,12 +866,15 @@ int main(int argc, char **argv) if (fd < 0) { return 1; } + } else { + fprintf(stderr, "No socket to listen on\n"); + return 1; } prefork(nchildren); fcgiwrap_main(); - if (fd) { + if (fd >= 0) { const char *p = socket_url; close(fd); -- 2.20.1 ++++++ _service ++++++ <services> <service name="tar_scm" mode="disabled"> <param name="scm">git</param> <param name="url">https://github.com/gnosek/fcgiwrap.git</param> <param name="subdir"></param> <param name="filename">fcgiwrap</param> <param name="versionformat">@PARENT_TAG@+@TAG_OFFSET@+g%h</param> <param name="revision">master</param> <param name="match-tag">[0-9].[0-9].*</param> <param name="changesgenerate">enable</param> </service> <service name="recompress" mode="disabled"> <param name="file">fcgiwrap*.tar</param> <param name="compression">xz</param> </service> <service name="set_version" mode="disabled"/> </services> ++++++ _servicedata ++++++ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/gnosek/fcgiwrap.git</param> <param name="changesrevision">99c942c90063c73734e56bacaa65f947772d9186</param></service></servicedata>++++++ adapt-user-and-group-for-nginx.patch ++++++ >From 7b4487a18387a58188bf3ef0ba735c46d17dbf5a Mon Sep 17 00:00:00 2001 From: Martin Wilck <[email protected]> Date: Tue, 5 Feb 2019 23:37:45 +0100 Subject: [PATCH 2/2] adapt user and group for nginx --- systemd/fcgiwrap.service | 5 +++-- systemd/fcgiwrap.socket | 3 +++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/systemd/fcgiwrap.service b/systemd/fcgiwrap.service index 7b010c9..0b32e02 100644 --- a/systemd/fcgiwrap.service +++ b/systemd/fcgiwrap.service @@ -3,9 +3,10 @@ Description=Simple CGI Server After=nss-user-lookup.target [Service] +Type=simple ExecStart=/usr/sbin/fcgiwrap -User=http -Group=http +User=nginx +Group=nginx [Install] Also=fcgiwrap.socket diff --git a/systemd/fcgiwrap.socket b/systemd/fcgiwrap.socket index dc074f1..43d3197 100644 --- a/systemd/fcgiwrap.socket +++ b/systemd/fcgiwrap.socket @@ -2,6 +2,9 @@ Description=fcgiwrap Socket [Socket] +SocketUser=nginx +SocketGroup=nginx +SocketMode=0660 ListenStream=/run/fcgiwrap.sock [Install] -- 2.20.1 ++++++ add-environment-variable-for-number-of-workers.patch ++++++ >From 6dc1db3fb84d46e34dd1385c374a575a0fbc5c3d Mon Sep 17 00:00:00 2001 From: Martin Wilck <[email protected]> Date: Wed, 6 Feb 2019 21:05:27 +0100 Subject: [PATCH 1/2] add environment variable for number of workers Signed-off-by: Martin Wilck <[email protected]> --- systemd/fcgiwrap.service | 4 +++- systemd/sysconfig.fcgiwrap | 13 +++++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) create mode 100644 systemd/sysconfig.fcgiwrap diff --git a/systemd/fcgiwrap.service b/systemd/fcgiwrap.service index 0b32e02..b22f5e1 100644 --- a/systemd/fcgiwrap.service +++ b/systemd/fcgiwrap.service @@ -3,8 +3,10 @@ Description=Simple CGI Server After=nss-user-lookup.target [Service] +Environment=FCGI_WORKERS=1 +EnvironmentFile=-/etc/sysconfig/fcgiwrap Type=simple -ExecStart=/usr/sbin/fcgiwrap +ExecStart=/usr/sbin/fcgiwrap -c $FCGI_WORKERS User=nginx Group=nginx diff --git a/systemd/sysconfig.fcgiwrap b/systemd/sysconfig.fcgiwrap new file mode 100644 index 0000000..29de03e --- /dev/null +++ b/systemd/sysconfig.fcgiwrap @@ -0,0 +1,13 @@ +## Path: Network/WWW +## Description: Settings for fcgiwrap +## Type: integer +## Default: 1 +## ServiceReload: fcgiwrap +# +# The fcgiwrap service is used to spawn FastCGI worker +# processes that will invoke FastCGI scripts when the +# web server needs to execute them. +# +# Number of FastCGI workers to spawn +FCGI_WORKERS="1" + -- 2.20.1 ++++++ fix-configure.ac-test-for-libsytemd.patch ++++++ >From c2a18754459ca9b6cc16878ca840ed7e17d74291 Mon Sep 17 00:00:00 2001 From: Martin Wilck <[email protected]> Date: Tue, 5 Feb 2019 23:18:29 +0100 Subject: [PATCH 1/2] fix configure.ac test for libsytemd --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index bb3674e..2b02ef4 100644 --- a/configure.ac +++ b/configure.ac @@ -28,7 +28,7 @@ AC_ARG_WITH([systemd], [], [with_systemd=check]) have_systemd=no if test "x$with_systemd" != "xno"; then - PKG_CHECK_MODULES(systemd, [libsystemd-daemon], + PKG_CHECK_MODULES(systemd, [libsystemd], [AC_DEFINE(HAVE_SYSTEMD, 1, [Define if systemd is available]) have_systemd=yes], have_systemd=no) -- 2.20.1 ++++++ fix-kill-parameter-sequence.patch ++++++ >From 4d9af71c4e18ca989835d6df20794bc8cbf66ea0 Mon Sep 17 00:00:00 2001 From: Martin Wilck <[email protected]> Date: Wed, 6 Feb 2019 22:49:58 +0100 Subject: [PATCH 2/2] fix kill() parameter sequence Fix from https://github.com/gnosek/fcgiwrap/pull/44, User decentsheep. --- fcgiwrap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fcgiwrap.c b/fcgiwrap.c index 751c100..0fed56e 100644 --- a/fcgiwrap.c +++ b/fcgiwrap.c @@ -205,7 +205,7 @@ static void fcgi_finish(struct fcgi_context *fc, const char* msg) if (fc->fd_stderr >= 0) close(fc->fd_stderr); if (fc->cgi_pid) - kill(SIGTERM, fc->cgi_pid); + kill(fc->cgi_pid, SIGTERM); } static const char * fcgi_pass_fd(struct fcgi_context *fc, int *fdp, FCGI_FILE *ffp, char *buf, size_t bufsize) -- 2.20.1 ++++++ fix-run-fcgiwrap-script.patch ++++++ >From 518acc5440857ae9e2ac832adf8e4ff0796d1eb2 Mon Sep 17 00:00:00 2001 From: Martin Wilck <[email protected]> Date: Wed, 6 Feb 2019 23:15:49 +0100 Subject: [PATCH] fix run-fcgiwrap script --- systemd/run-fcgiwrap | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/systemd/run-fcgiwrap b/systemd/run-fcgiwrap index 5c10854..2d8b86d 100644 --- a/systemd/run-fcgiwrap +++ b/systemd/run-fcgiwrap @@ -1,2 +1,3 @@ #! /bin/bash -exec /usr/sbin/fcgiwrap -c ${FCGI_WORKERS:-1} "${FCGI_ALLOWED[@]/#/-p }" +allowed=($FCGI_ALLOWED) +exec /usr/sbin/fcgiwrap -c ${FCGI_WORKERS:-1} "${allowed[@]/#/-p}" -- 2.20.1 ++++++ support-p-flag-in-sysconfig.patch ++++++ >From f59ce482cbffb46e60a5a0f4d7044d19739d7867 Mon Sep 17 00:00:00 2001 From: Martin Wilck <[email protected]> Date: Wed, 6 Feb 2019 22:11:09 +0100 Subject: [PATCH] support -p flag in sysconfig --- systemd/fcgiwrap.service | 3 +-- systemd/run-fcgiwrap | 2 ++ systemd/sysconfig.fcgiwrap | 11 +++++++++++ 3 files changed, 14 insertions(+), 2 deletions(-) create mode 100644 systemd/run-fcgiwrap diff --git a/systemd/fcgiwrap.service b/systemd/fcgiwrap.service index b22f5e1..cd9ac22 100644 --- a/systemd/fcgiwrap.service +++ b/systemd/fcgiwrap.service @@ -3,10 +3,9 @@ Description=Simple CGI Server After=nss-user-lookup.target [Service] -Environment=FCGI_WORKERS=1 EnvironmentFile=-/etc/sysconfig/fcgiwrap Type=simple -ExecStart=/usr/sbin/fcgiwrap -c $FCGI_WORKERS +ExecStart=/usr/sbin/run-fcgiwrap User=nginx Group=nginx diff --git a/systemd/run-fcgiwrap b/systemd/run-fcgiwrap new file mode 100644 index 0000000..5c10854 --- /dev/null +++ b/systemd/run-fcgiwrap @@ -0,0 +1,2 @@ +#! /bin/bash +exec /usr/sbin/fcgiwrap -c ${FCGI_WORKERS:-1} "${FCGI_ALLOWED[@]/#/-p }" diff --git a/systemd/sysconfig.fcgiwrap b/systemd/sysconfig.fcgiwrap index 29de03e..32a8e3d 100644 --- a/systemd/sysconfig.fcgiwrap +++ b/systemd/sysconfig.fcgiwrap @@ -11,3 +11,14 @@ # Number of FastCGI workers to spawn FCGI_WORKERS="1" +## Type: string +## Default: "" +## ServiceReload: fcgiwrap +# A space-separated list of allowed CGI programs. +# +# If this is non-empty, attempts to call a CGI program not +# in the list will cause a HTTP 403-Forbidden error. +# Specify programs with full path, wildcards don't work. +# Paths need to match the script name passed by the server +# exactly. +FCGI_ALLOWED="" -- 2.20.1
