diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2012-03-24 02:59:02 +0000 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2012-03-24 02:59:02 +0000 |
| commit | 787cc8ae7458831582275ccdb8043f6e08f01dfc (patch) | |
| tree | 9dacb7efc52bc9c4e7075ce31263b4d225e5453f /www-servers | |
| parent | layout.conf: comment on bug #406407 (diff) | |
| download | gentoo-2-787cc8ae7458831582275ccdb8043f6e08f01dfc.tar.gz gentoo-2-787cc8ae7458831582275ccdb8043f6e08f01dfc.tar.bz2 gentoo-2-787cc8ae7458831582275ccdb8043f6e08f01dfc.zip | |
Address bugs #370373, #373629, #373631, #406243. Clean up init scripts.
(Portage version: 2.1.10.49/cvs/Linux x86_64)
Diffstat (limited to 'www-servers')
| -rw-r--r-- | www-servers/thttpd/ChangeLog | 13 | ||||
| -rw-r--r-- | www-servers/thttpd/files/thttpd-2.25b-additional-input-validation.patch | 62 | ||||
| -rw-r--r-- | www-servers/thttpd/files/thttpd-2.25b-default-to-octet-stream.patch | 12 | ||||
| -rw-r--r-- | www-servers/thttpd/files/thttpd-2.25b-fix-buffer-overflow.patch | 21 | ||||
| -rw-r--r-- | www-servers/thttpd/files/thttpd-2.25b-fix-insecure-tmp-creation.patch | 21 | ||||
| -rw-r--r-- | www-servers/thttpd/files/thttpd-2.25b-ogg-mime-type.patch | 12 | ||||
| -rw-r--r-- | www-servers/thttpd/files/thttpd.conf.sample | 38 | ||||
| -rw-r--r-- | www-servers/thttpd/files/thttpd.confd | 27 | ||||
| -rw-r--r-- | www-servers/thttpd/files/thttpd.init | 26 | ||||
| -rw-r--r-- | www-servers/thttpd/thttpd-2.25b-r9.ebuild | 78 |
10 files changed, 309 insertions, 1 deletions
diff --git a/www-servers/thttpd/ChangeLog b/www-servers/thttpd/ChangeLog index eef4db09fac5..6bf4a9ee86cd 100644 --- a/www-servers/thttpd/ChangeLog +++ b/www-servers/thttpd/ChangeLog @@ -1,6 +1,17 @@ # ChangeLog for www-servers/thttpd # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/www-servers/thttpd/ChangeLog,v 1.34 2012/03/21 12:21:08 blueness Exp $ +# $Header: /var/cvsroot/gentoo-x86/www-servers/thttpd/ChangeLog,v 1.35 2012/03/24 02:59:02 blueness Exp $ + +*thttpd-2.25b-r9 (24 Mar 2012) + + 24 Mar 2012; Anthony G. Basile <blueness@gentoo.org> +thttpd-2.25b-r9.ebuild, + +files/thttpd-2.25b-additional-input-validation.patch, + +files/thttpd-2.25b-default-to-octet-stream.patch, + +files/thttpd-2.25b-fix-buffer-overflow.patch, + +files/thttpd-2.25b-fix-insecure-tmp-creation.patch, + +files/thttpd-2.25b-ogg-mime-type.patch, +files/thttpd.conf.sample, + +files/thttpd.confd, +files/thttpd.init: + Address bugs #370373, #373629, #373631, #406243. Clean up init scripts. 21 Mar 2012; Anthony G. Basile <blueness@gentoo.org> metadata.xml: Will give it love, added myself as maintainer diff --git a/www-servers/thttpd/files/thttpd-2.25b-additional-input-validation.patch b/www-servers/thttpd/files/thttpd-2.25b-additional-input-validation.patch new file mode 100644 index 000000000000..04f59eac8e39 --- /dev/null +++ b/www-servers/thttpd/files/thttpd-2.25b-additional-input-validation.patch @@ -0,0 +1,62 @@ +--- thttpd-2.25b/extras/htpasswd.c.orig 2006-03-31 04:12:42.281317000 +0000 ++++ thttpd-2.25b/extras/htpasswd.c 2006-03-31 05:21:37.741632392 +0000 +@@ -151,6 +151,7 @@ void interrupted(int signo) { + int main(int argc, char *argv[]) { + FILE *tfp,*f; + char user[MAX_STRING_LEN]; ++ char pwfilename[MAX_STRING_LEN]; + char line[MAX_STRING_LEN]; + char l[MAX_STRING_LEN]; + char w[MAX_STRING_LEN]; +@@ -168,6 +169,25 @@ int main(int argc, char *argv[]) { + perror("fopen"); + exit(1); + } ++ if (strlen(argv[2]) > (sizeof(pwfilename) - 1)) { ++ fprintf(stderr, "%s: filename is too long\n", argv[0]); ++ exit(1); ++ } ++ if (((strchr(argv[2], ';')) != NULL) || ((strchr(argv[2], '>')) != NULL)) { ++ fprintf(stderr, "%s: filename contains an illegal character\n", ++ argv[0]); ++ exit(1); ++ } ++ if (strlen(argv[3]) > (sizeof(user) - 1)) { ++ fprintf(stderr, "%s: username is too long\n", argv[0], ++ sizeof(user) - 1); ++ exit(1); ++ } ++ if ((strchr(argv[3], ':')) != NULL) { ++ fprintf(stderr, "%s: username contains an illegal character\n", ++ argv[0]); ++ exit(1); ++ } + printf("Adding password for %s.\n",argv[3]); + add_password(argv[3],tfp); + fclose(tfp); +@@ -180,6 +200,25 @@ int main(int argc, char *argv[]) { + exit(1); + } + ++ if (strlen(argv[1]) > (sizeof(pwfilename) - 1)) { ++ fprintf(stderr, "%s: filename is too long\n", argv[0]); ++ exit(1); ++ } ++ if (((strchr(argv[1], ';')) != NULL) || ((strchr(argv[1], '>')) != NULL)) { ++ fprintf(stderr, "%s: filename contains an illegal character\n", ++ argv[0]); ++ exit(1); ++ } ++ if (strlen(argv[2]) > (sizeof(user) - 1)) { ++ fprintf(stderr, "%s: username is too long\n", argv[0], ++ sizeof(user) - 1); ++ exit(1); ++ } ++ if ((strchr(argv[2], ':')) != NULL) { ++ fprintf(stderr, "%s: username contains an illegal character\n", ++ argv[0]); ++ exit(1); ++ } + if(!(f = fopen(argv[1],"r"))) { + fprintf(stderr, + "Could not open passwd file %s for reading.\n",argv[1]); diff --git a/www-servers/thttpd/files/thttpd-2.25b-default-to-octet-stream.patch b/www-servers/thttpd/files/thttpd-2.25b-default-to-octet-stream.patch new file mode 100644 index 000000000000..f056c1409290 --- /dev/null +++ b/www-servers/thttpd/files/thttpd-2.25b-default-to-octet-stream.patch @@ -0,0 +1,12 @@ +diff -rupN a/libhttpd.c b/libhttpd.c +--- a/libhttpd.c 2012-02-21 05:43:57.949988934 +0000 ++++ b/libhttpd.c 2012-02-21 05:46:44.446655700 +0000 +@@ -2549,7 +2549,7 @@ figure_mime( httpd_conn* hc ) + size_t ext_len, encodings_len; + int i, top, bot, mid; + int r; +- char* default_type = "text/plain; charset=%s"; ++ char* default_type = "application/octet-stream"; + + /* Peel off encoding extensions until there aren't any more. */ + n_me_indexes = 0; diff --git a/www-servers/thttpd/files/thttpd-2.25b-fix-buffer-overflow.patch b/www-servers/thttpd/files/thttpd-2.25b-fix-buffer-overflow.patch new file mode 100644 index 000000000000..cacd7321486a --- /dev/null +++ b/www-servers/thttpd/files/thttpd-2.25b-fix-buffer-overflow.patch @@ -0,0 +1,21 @@ +diff -Nrup thttpd-2.25b.orig/libhttpd.c thttpd-2.25b/libhttpd.c +--- thttpd-2.25b.orig/libhttpd.c 2003-12-25 19:06:05.000000000 +0000 ++++ thttpd-2.25b/libhttpd.c 2007-01-08 21:43:28.000000000 +0000 +@@ -1469,7 +1469,7 @@ expand_symlinks( char* path, char** rest + httpd_realloc_str( &checked, &maxchecked, checkedlen ); + (void) strcpy( checked, path ); + /* Trim trailing slashes. */ +- while ( checked[checkedlen - 1] == '/' ) ++ while ( checkedlen && checked[checkedlen - 1] == '/' ) + { + checked[checkedlen - 1] = '\0'; + --checkedlen; +@@ -1488,7 +1488,7 @@ expand_symlinks( char* path, char** rest + restlen = strlen( path ); + httpd_realloc_str( &rest, &maxrest, restlen ); + (void) strcpy( rest, path ); +- if ( rest[restlen - 1] == '/' ) ++ if ( restlen && rest[restlen - 1] == '/' ) + rest[--restlen] = '\0'; /* trim trailing slash */ + if ( ! tildemapped ) + /* Remove any leading slashes. */ diff --git a/www-servers/thttpd/files/thttpd-2.25b-fix-insecure-tmp-creation.patch b/www-servers/thttpd/files/thttpd-2.25b-fix-insecure-tmp-creation.patch new file mode 100644 index 000000000000..2918db11ed17 --- /dev/null +++ b/www-servers/thttpd/files/thttpd-2.25b-fix-insecure-tmp-creation.patch @@ -0,0 +1,21 @@ +Addresses CVE-2005-3124 + +diff -ru thttpd-2.23beta1.orig/extras/syslogtocern thttpd-2.23beta1/extras/syslogtocern +--- thttpd-2.23beta1.orig/extras/syslogtocern 1999-09-15 18:00:54.000000000 +0200 ++++ thttpd-2.23beta1/extras/syslogtocern 2005-10-26 01:45:34.000000000 +0200 +@@ -31,8 +31,8 @@ + exit 1 + fi + +-tmp1=/tmp/stc1.$$ +-rm -f $tmp1 ++tmp1=``mktemp -t stc1.XXXXXX` || { echo "$0: Cannot create temporary file" >&2; exit 1; } ++trap " [ -f \"$tmp1\" ] && /bin/rm -f -- \"$tmp1\"" 0 1 2 3 13 15 + + # Gather up all the thttpd entries. + egrep ' thttpd\[' $* > $tmp1 +@@ -65,4 +65,3 @@ + sed -e "s,\([A-Z][a-z][a-z] [0-9 ][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9]\) [^ ]* thttpd\[[0-9]*\]: \(.*\),[\1 ${year}] \2," > error_log + + # Done. +-rm -f $tmp1 diff --git a/www-servers/thttpd/files/thttpd-2.25b-ogg-mime-type.patch b/www-servers/thttpd/files/thttpd-2.25b-ogg-mime-type.patch new file mode 100644 index 000000000000..a7801052577b --- /dev/null +++ b/www-servers/thttpd/files/thttpd-2.25b-ogg-mime-type.patch @@ -0,0 +1,12 @@ +diff -durPN mime_types.txt mime_types.txt +--- mime_types.txt 2003-10-26 11:00:45.000000000 -0600 ++++ mime_types.txt 2011-06-06 11:30:57.000000000 -0500 +@@ -95,7 +95,7 @@ + nc application/x-netcdf + o application/octet-stream + oda application/oda +-ogg application/x-ogg ++ogg application/ogg + pac application/x-ns-proxy-autoconfig + pbm image/x-portable-bitmap + pdb chemical/x-pdb diff --git a/www-servers/thttpd/files/thttpd.conf.sample b/www-servers/thttpd/files/thttpd.conf.sample new file mode 100644 index 000000000000..462bd0c198d0 --- /dev/null +++ b/www-servers/thttpd/files/thttpd.conf.sample @@ -0,0 +1,38 @@ +## /etc/thttpd.conf +## +## do not leave empty lines in here! +## format is: key=value +## +## run in debug-mode? +#debug +## +## what interface to bind to? +## (default is binding to any interface) +#host=www.example.org +port=80 +user=thttpd +## +## CGI: +## ? match a single char +## * matches any string excluding "/" +## ** matches any string including "/" +## separate multiple patterns with "|" +#cgipat=**.sh|**.cgi +## +## chroot: +chroot +#nochroot +## +logfile=/var/log/thttpd.log +pidfile=/var/run/thttpd.pid +## +charset=iso-8859-1 +## +## control the caching: (in secs) +#maxage 60 +## +## virtual hosting: +#vhost +## +## cache-control: send this "max-age" in all HTTP-responses: +#max-age=0 diff --git a/www-servers/thttpd/files/thttpd.confd b/www-servers/thttpd/files/thttpd.confd new file mode 100644 index 000000000000..222d25f1548e --- /dev/null +++ b/www-servers/thttpd/files/thttpd.confd @@ -0,0 +1,27 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License, v2 or later +# $Header: /var/cvsroot/gentoo-x86/www-servers/thttpd/files/thttpd.confd,v 1.1 2012/03/24 02:59:02 blueness Exp $ + +## Config file for /etc/init.d/thttpd + +## the startup-dir of thttpd is the docroot, so we specify it here +## and the init-script does a "cd" prior to startup: +THTTPD_DOCROOT="/var/www/localhost" + +## There are 2 ways to configure thttpd: +## 1) specify all params on the cmd-line +## 2) use a config-file (and start with "-C <conf-file>") +## Note: 1) and 2) can be mixed. +## +## We choose 1) here -- if you have a more complicated setup read +## thttpd(8) for details on 2). + +THTTPD_OPTS="-p 80 -u thttpd -r -i /var/run/thttpd.pid -l /var/log/thttpd.log" + +## For a more complex setup (e.g. cgi-support) use an external configfile: +## comment the THTTPD_OPTS line above und use the one below. +#THTTPD_OPTS="-C /etc/thttpd/thttpd.conf" + +## If you know what you are doing you can add cgi-support with the line below; +## but you _should_ use the extern-configfile version! +#THTTPD_OPTS="$THTTPD_OPTS -c **.cgi|**.sh" diff --git a/www-servers/thttpd/files/thttpd.init b/www-servers/thttpd/files/thttpd.init new file mode 100644 index 000000000000..6e1878f740fa --- /dev/null +++ b/www-servers/thttpd/files/thttpd.init @@ -0,0 +1,26 @@ +#!/sbin/runscript +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License, v2 or later +# $Header: /var/cvsroot/gentoo-x86/www-servers/thttpd/files/thttpd.init,v 1.1 2012/03/24 02:59:02 blueness Exp $ + +depend() { + need net +} + +start() { + ebegin "Starting thttpd" + if [ ! -d "$THTTPD_DOCROOT" ]; then + eend 1 "THTTPD_DOCROOT not set correctly in /etc/conf.d/thttpd" + exit 1 + fi + start-stop-daemon --quiet --start --exec /usr/sbin/thttpd \ + --pidfile /var/run/thttpd.pid --chdir "$THTTPD_DOCROOT" -- \ + ${THTTPD_OPTS} + eend $? +} + +stop() { + ebegin "Stopping thttpd" + start-stop-daemon --quiet --stop --pidfile /var/run/thttpd.pid + eend $? +} diff --git a/www-servers/thttpd/thttpd-2.25b-r9.ebuild b/www-servers/thttpd/thttpd-2.25b-r9.ebuild new file mode 100644 index 000000000000..3e765fe74a68 --- /dev/null +++ b/www-servers/thttpd/thttpd-2.25b-r9.ebuild @@ -0,0 +1,78 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/www-servers/thttpd/thttpd-2.25b-r9.ebuild,v 1.1 2012/03/24 02:59:02 blueness Exp $ + +EAPI="4" + +WANT_AUTOCONF=2.1 +inherit eutils flag-o-matic autotools + +DESCRIPTION="Small and fast multiplexing webserver." +HOMEPAGE="http://www.acme.com/software/thttpd/" +SRC_URI="http://www.acme.com/software/thttpd/${P}.tar.gz" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="~amd64 ~hppa ~mips ~ppc ~sparc ~x86 ~x86-fbsd" +IUSE="static" + +RDEPEND="" +DEPEND="sys-devel/autoconf:2.1" + +THTTPD_USER=thttpd +THTTPD_GROUP=thttpd + +src_prepare() { + epatch "${FILESDIR}"/${P}-additional-input-validation.patch + epatch "${FILESDIR}"/${P}-fix-buffer-overflow.patch + epatch "${FILESDIR}"/${P}-fix-insecure-tmp-creation.patch + epatch "${FILESDIR}"/${P}-glibc-2.10.patch + epatch "${FILESDIR}"/${P}-fix-illegal-path-info.patch + epatch "${FILESDIR}"/${P}-monolithic-timer.patch + epatch "${FILESDIR}"/${P}-use-Status-header.patch + epatch "${FILESDIR}"/${P}-use-X-Forwarded-For-header.patch + epatch "${FILESDIR}"/${P}-respect-CFLAGS--dont-link-static.patch + epatch "${FILESDIR}"/${P}-ogg-mime-type.patch + epatch "${FILESDIR}"/${P}-default-to-octet-stream.patch + eautoreconf +} + +pkg_setup() { + ebegin "Creating thttpd user and group" + enewgroup ${THTTPD_GROUP} + enewuser ${THTTPD_USER} -1 -1 -1 ${THTTPD_GROUP} + eend ${?} +} + +src_configure() { + use static && append-ldflags -static + tc-export CC + econf +} + +src_install () { + dodir /usr/share/man/man1 + make prefix="${ED}"/usr \ + MANDIR="${ED}"/usr/share/man \ + WEBGROUP=${THTTPD_GROUP} \ + WEBDIR="${ED}"/var/www/localhost \ + "$@" install || die "make install failed" + + mv "${ED}"/usr/sbin/{,th_}htpasswd + mv "${ED}"/usr/share/man/man1/{,th_}htpasswd.1 + + newinitd "${FILESDIR}"/thttpd.init thttpd + newconfd "${FILESDIR}"/thttpd.confd thttpd + + dodoc README INSTALL TODO + + insinto /etc/logrotate.d + newins "${FILESDIR}/thttpd.logrotate" thttpd + + insinto /etc/thttpd + doins "${FILESDIR}"/thttpd.conf.sample +} + +pkg_postinst() { + elog "Adjust THTTPD_DOCROOT in /etc/conf.d/thttpd !" +} |