summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--www-servers/thttpd/ChangeLog10
-rw-r--r--www-servers/thttpd/Manifest33
-rw-r--r--www-servers/thttpd/files/digest-thttpd-2.25b-r32
-rw-r--r--www-servers/thttpd/files/thttpd-2.25/fix-insecure-tmp-creation-CVE-2005-3124.diff19
-rw-r--r--www-servers/thttpd/thttpd-2.25b-r3.ebuild97
5 files changed, 150 insertions, 11 deletions
diff --git a/www-servers/thttpd/ChangeLog b/www-servers/thttpd/ChangeLog
index d6d2f609cb04..3c37b792b6b0 100644
--- a/www-servers/thttpd/ChangeLog
+++ b/www-servers/thttpd/ChangeLog
@@ -1,6 +1,14 @@
# ChangeLog for www-servers/thttpd
# Copyright 2000-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/www-servers/thttpd/ChangeLog,v 1.7 2005/05/17 18:10:17 hansmi Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-servers/thttpd/ChangeLog,v 1.8 2005/10/28 15:49:14 ka0ttic Exp $
+
+*thttpd-2.25b-r3 (28 Oct 2005)
+
+ 28 Oct 2005; Aaron Walker <ka0ttic@gentoo.org>
+ +files/thttpd-2.25/fix-insecure-tmp-creation-CVE-2005-3124.diff,
+ +thttpd-2.25b-r3.ebuild:
+ Revision bump; added patch to fix insecure tmp file creation in the
+ syslogtocern script, bug #110637.
17 May 2005; Michael Hanselmann <hansmi@gentoo.org> thttpd-2.25b.ebuild:
Stable on ppc.
diff --git a/www-servers/thttpd/Manifest b/www-servers/thttpd/Manifest
index 11b9e509cae4..921450d2fcf9 100644
--- a/www-servers/thttpd/Manifest
+++ b/www-servers/thttpd/Manifest
@@ -1,16 +1,29 @@
-MD5 3275e777a332a1525de88c1b458009c5 thttpd-2.25b-r2.ebuild 2088
-MD5 4a186842848d9c384e2d12785ba426bc metadata.xml 165
-MD5 9638e3f16ce376f6259c3963fe78da43 thttpd-2.25b-r1.ebuild 1234
-MD5 5cbd87ddbfcb513a61124c65526e30da ChangeLog 2040
-MD5 9938eaae4deb104a092e8b4fc966a692 thttpd-2.25b.ebuild 1186
-MD5 273799e60d5a41a1e6f5ac53781a152f files/php5_soap_persistence_session.diff 1976
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+MD5 83414b97f4d5beb3e67f1e9f04612630 ChangeLog 2323
MD5 1e6cbba778f6846533ae1d69310e0c4e files/digest-thttpd-2.25b 64
-MD5 6f77a5ae06c1e805c8ba4f18ef210040 files/digest-thttpd-2.25b-r2 126
-MD5 ad986b02a371b2fea3b4ae5060c9dc81 files/php5.0-stdint.diff 358
-MD5 f7a7898637874593f519c336db79fa45 files/php-5.0.3-missing-arches.patch 524
MD5 1e6cbba778f6846533ae1d69310e0c4e files/digest-thttpd-2.25b-r1 64
+MD5 6f77a5ae06c1e805c8ba4f18ef210040 files/digest-thttpd-2.25b-r2 126
+MD5 27edca46bf76911bd19ce0121cd4de3b files/digest-thttpd-2.25b-r3 126
MD5 cbb3d508ce2e62b217ed6628ddf82290 files/php-5.0.3-IOV.patch 413
-MD5 1d3e759791468812bd3c6dd786428cac files/thttpd-2.25/thttpd.conf.sample 672
+MD5 f7a7898637874593f519c336db79fa45 files/php-5.0.3-missing-arches.patch 524
+MD5 ad986b02a371b2fea3b4ae5060c9dc81 files/php5.0-stdint.diff 358
+MD5 273799e60d5a41a1e6f5ac53781a152f files/php5_soap_persistence_session.diff 1976
+MD5 1bff796b71d019369f581b053b480a72 files/thttpd-2.25/fix-insecure-tmp-creation-CVE-2005-3124.diff 724
MD5 8c8c8edd7b2bc08ca093377c6ed10dae files/thttpd-2.25/php-5.0.3-thttpd-2.25b.patch 11525
+MD5 1d3e759791468812bd3c6dd786428cac files/thttpd-2.25/thttpd.conf.sample 672
MD5 84af2600ce2cfa9331871027accd00f5 files/thttpd-2.25/thttpd.confd 1152
MD5 98bfd7ed90b6a438a940413d5e541c29 files/thttpd-2.25/thttpd.init 828
+MD5 4a186842848d9c384e2d12785ba426bc metadata.xml 165
+MD5 9638e3f16ce376f6259c3963fe78da43 thttpd-2.25b-r1.ebuild 1234
+MD5 3275e777a332a1525de88c1b458009c5 thttpd-2.25b-r2.ebuild 2088
+MD5 d8de2aefcaa09167a51a9b1451cfa21d thttpd-2.25b-r3.ebuild 2155
+MD5 9938eaae4deb104a092e8b4fc966a692 thttpd-2.25b.ebuild 1186
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.2 (GNU/Linux)
+
+iD8DBQFDYkiLEZCkKN40op4RAh/SAJ9LWRNlQJqPlIQd7yW3LwT6smLqRwCgq8pQ
+zdr5rdT5mWcCucMyUM/Rjw8=
+=NJIX
+-----END PGP SIGNATURE-----
diff --git a/www-servers/thttpd/files/digest-thttpd-2.25b-r3 b/www-servers/thttpd/files/digest-thttpd-2.25b-r3
new file mode 100644
index 000000000000..7b314a4df376
--- /dev/null
+++ b/www-servers/thttpd/files/digest-thttpd-2.25b-r3
@@ -0,0 +1,2 @@
+MD5 bf89557056ce34d502e20e24071616c7 php-5.0.3.tar.gz 5666998
+MD5 a0e9cd87455d3a0ea11e5ea7e947adf6 thttpd-2.25b.tar.gz 132363
diff --git a/www-servers/thttpd/files/thttpd-2.25/fix-insecure-tmp-creation-CVE-2005-3124.diff b/www-servers/thttpd/files/thttpd-2.25/fix-insecure-tmp-creation-CVE-2005-3124.diff
new file mode 100644
index 000000000000..c41ec46b9718
--- /dev/null
+++ b/www-servers/thttpd/files/thttpd-2.25/fix-insecure-tmp-creation-CVE-2005-3124.diff
@@ -0,0 +1,19 @@
+diff -ru thttpd-2.23beta1.orig/extras/syslogtocern thttpd-2.23beta1/extras/syslogtocern
+--- thttpd-2.23beta1.orig/extras/syslogtocern 1999-09-15 18:00:54.000000000 +0200
++++ thttpd-2.23beta1/extras/syslogtocern 2005-10-26 01:45:34.000000000 +0200
+@@ -31,8 +31,8 @@
+ exit 1
+ fi
+
+-tmp1=/tmp/stc1.$$
+-rm -f $tmp1
++tmp1=``mktemp -t stc1.XXXXXX` || { echo "$0: Cannot create temporary file" >&2; exit 1; }
++trap " [ -f \"$tmp1\" ] && /bin/rm -f -- \"$tmp1\"" 0 1 2 3 13 15
+
+ # Gather up all the thttpd entries.
+ egrep ' thttpd\[' $* > $tmp1
+@@ -65,4 +65,3 @@
+ sed -e "s,\([A-Z][a-z][a-z] [0-9 ][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9]\) [^ ]* thttpd\[[0-9]*\]: \(.*\),[\1 ${year}] \2," > error_log
+
+ # Done.
+-rm -f $tmp1
diff --git a/www-servers/thttpd/thttpd-2.25b-r3.ebuild b/www-servers/thttpd/thttpd-2.25b-r3.ebuild
new file mode 100644
index 000000000000..816dc6a214b4
--- /dev/null
+++ b/www-servers/thttpd/thttpd-2.25b-r3.ebuild
@@ -0,0 +1,97 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/www-servers/thttpd/thttpd-2.25b-r3.ebuild,v 1.1 2005/10/28 15:49:14 ka0ttic Exp $
+
+PHPSAPI="thttpd"
+
+MY_PHP_P="php-5.0.3"
+MY_THTTPD_P="${P%[a-z]*}"
+
+inherit php5-sapi-r2 flag-o-matic
+
+DESCRIPTION="Small and fast multiplexing webserver."
+HOMEPAGE="http://www.acme.com/software/thttpd/"
+SRC_URI="http://www.acme.com/software/thttpd/${P}.tar.gz
+ php? ( http://www.php.net/distributions/${MY_PHP_P}.tar.gz )"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~ppc ~x86"
+IUSE="static php"
+
+PHP_S="${WORKDIR}/${MY_PHP_P}"
+
+pkg_setup() {
+ if useq php ; then
+ php5-sapi-r2_pkg_setup
+ fi
+}
+
+src_unpack() {
+ unpack ${A}
+ cd ${S}
+ epatch ${FILESDIR}/${MY_THTTPD_P}/fix-insecure-tmp-creation-CVE-2005-3124.diff
+
+ if useq php ; then
+ cd ${WORKDIR}
+ epatch ${FILESDIR}/${MY_THTTPD_P}/php-5.0.3-thttpd-2.25b.patch
+ epatch ${FILESDIR}/php-5.0.3-IOV.patch
+ php5-sapi-r2_src_unpack
+ fi
+}
+
+src_compile() {
+ # compile PHP5 first
+ if useq php ; then
+ my_conf="--with-thttpd=${S}"
+ php5-sapi-r2_src_compile
+ php5-sapi-r2_src_install
+ fi
+
+ cd ${S}
+
+ ## TODO: what to do with IPv6?
+
+ append-ldflags -Wl,-z,now
+ use static && append-ldflags -static
+
+ econf || die "econf failed"
+ emake || die "emake failed"
+}
+
+src_install () {
+ if useq php ; then
+ # we have to do the install again, because Portage wipes anything
+ # put into $D during src_compile
+ #
+ # ideally, we need to improve the eclass
+ php5-sapi-r2_src_install
+ fi
+
+ cd ${S}
+ dodir /usr/share/man/man1
+ make prefix=${D}/usr \
+ MANDIR=${D}/usr/share/man \
+ WEBGROUP=nogroup \
+ WEBDIR=${D}/var/www/localhost \
+ "$@" install || die "make install failed"
+
+ mv ${D}/usr/sbin/{,th_}htpasswd
+ mv ${D}/usr/share/man/man1/{,th_}htpasswd.1
+
+ newinitd ${FILESDIR}/${MY_THTTPD_P}/thttpd.init thttpd
+ newconfd ${FILESDIR}/${MY_THTTPD_P}/thttpd.confd thttpd
+
+ dodoc README INSTALL TODO
+
+ insinto /etc/thttpd
+ doins ${FILESDIR}/${MY_THTTPD_P}/thttpd.conf.sample
+}
+
+pkg_postinst() {
+ if useq php ; then
+ php5-sapi-r2_pkg_postinst
+ fi
+
+ einfo "Adjust THTTPD_DOCROOT in /etc/conf.d/thttpd !"
+}