[Midnightbsd-cvs] mports: www/lighttpd: update to 1.4.20.
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Tue Sep 30 15:04:36 EDT 2008
Log Message:
-----------
update to 1.4.20. This was released today. It includes the previously applied security patches and some other fixes
Modified Files:
--------------
mports/www/lighttpd:
Makefile (r1.9 -> r1.10)
distinfo (r1.4 -> r1.5)
Removed Files:
-------------
mports/www/lighttpd/files:
patch-CVE-2008-1531
patch-sa_2008_05
patch-sa_2008_06
patch-sa_2008_07
patch-src__mod_fastcgi.c
patch-src__network_freebsd_sendfile.c
-------------- next part --------------
Index: Makefile
===================================================================
RCS file: /home/cvs/mports/www/lighttpd/Makefile,v
retrieving revision 1.9
retrieving revision 1.10
diff -L www/lighttpd/Makefile -L www/lighttpd/Makefile -u -r1.9 -r1.10
--- www/lighttpd/Makefile
+++ www/lighttpd/Makefile
@@ -7,8 +7,7 @@
#
PORTNAME= lighttpd
-PORTVERSION= 1.4.19
-PORTREVISION= 4
+PORTVERSION= 1.4.20
CATEGORIES= www
MASTER_SITES= http://www.lighttpd.net/download/ \
http://mirrors.cat.pdx.edu/lighttpd/
Index: distinfo
===================================================================
RCS file: /home/cvs/mports/www/lighttpd/distinfo,v
retrieving revision 1.4
retrieving revision 1.5
diff -L www/lighttpd/distinfo -L www/lighttpd/distinfo -u -r1.4 -r1.5
--- www/lighttpd/distinfo
+++ www/lighttpd/distinfo
@@ -1,3 +1,3 @@
-MD5 (lighttpd-1.4.19.tar.gz) = cede410e7adee3ea14206749190a8b5d
-SHA256 (lighttpd-1.4.19.tar.gz) = 445324b95811e28ed1af23db03648136ce334781e89ab858fb4fd571016fb1df
-SIZE (lighttpd-1.4.19.tar.gz) = 815568
+MD5 (lighttpd-1.4.20.tar.gz) = 7ce7eefb487682b61d9b06b41864c64a
+SHA256 (lighttpd-1.4.20.tar.gz) = 32a25ad19372bd5be4510d9347956acb03370fd86cfedded61f423b737b7ddb1
+SIZE (lighttpd-1.4.20.tar.gz) = 827538
--- www/lighttpd/files/patch-sa_2008_06
+++ /dev/null
@@ -1,49 +0,0 @@
-#
-# http://www.lighttpd.net/security/lighttpd_sa_2008_06.txt
-#
-Index: src/mod_userdir.c
-===================================================================
---- src/mod_userdir.c (revision 2120)
-+++ src/mod_userdir.c (revision 2283)
-@@ -263,4 +263,7 @@
- }
- }
-+ if (con->conf.force_lowercase_filenames) {
-+ buffer_to_lower(p->username);
-+ }
-
- buffer_copy_string_buffer(p->temp_path, p->conf.basepath);
-@@ -285,6 +288,22 @@
- }
-
-+ /* the physical rel_path is basically the same as uri.path;
-+ * but it is converted to lowercase in case of force_lowercase_filenames and some special handling
-+ * for trailing '.', ' ' and '/' on windows
-+ * we assume that no docroot/physical handler changed this
-+ * (docroot should only set the docroot/server name, phyiscal should only change the phyiscal.path;
-+ * the exception mod_secure_download doesn't work with userdir anyway)
-+ */
- BUFFER_APPEND_SLASH(p->temp_path);
-- buffer_append_string(p->temp_path, rel_url + 1); /* skip the / */
-+ /* if no second '/' is found, we assume that it was stripped from the uri.path for the special handling
-+ * on windows.
-+ * we do not care about the trailing slash here on windows, as we already ensured it is a directory
-+ *
-+ * TODO: what to do with trailing dots in usernames on windows? they may result in the same directory
-+ * as a username without them.
-+ */
-+ if (NULL != (rel_url = strchr(con->physical.rel_path->ptr + 2, '/'))) {
-+ buffer_append_string(p->temp_path, rel_url + 1); /* skip the / */
-+ }
- buffer_copy_string_buffer(con->physical.path, p->temp_path);
-
-Index: NEWS
-===================================================================
---- NEWS (revision 2281)
-+++ NEWS (revision 2283)
-@@ -53,4 +53,5 @@
- * fixed conditional patching of ldap filter (#1564)
- * Match headers case insensitive in response (removing of X-{Sendfile,LIGHTTPD-*}, catching Date/Server)
-+ * fixed bug with case-insensitive filenames in mod_userdir (#1589), spotted by "anders1"
-
- - 1.4.19 - 2008-03-10
--- www/lighttpd/files/patch-sa_2008_05
+++ /dev/null
@@ -1,91 +0,0 @@
-#
-# http://www.lighttpd.net/security/lighttpd_sa_2008_05.txt
-#
-Index: src/mod_rewrite.c
-===================================================================
---- src/mod_rewrite.c (revision 2148)
-+++ src/mod_rewrite.c (revision 2278)
-@@ -351,5 +351,9 @@
- if (!p->conf.rewrite) return HANDLER_GO_ON;
-
-- buffer_copy_string_buffer(p->match_buf, con->request.uri);
-+ buffer_copy_string_buffer(p->match_buf, con->uri.path);
-+ if (con->uri.query->used > 0) {
-+ buffer_append_string_len(p->match_buf, CONST_STR_LEN("?"));
-+ buffer_append_string_buffer(p->match_buf, con->uri.query);
-+ }
-
- for (i = 0; i < p->conf.rewrite->used; i++) {
-Index: src/response.c
-===================================================================
---- src/response.c (revision 2250)
-+++ src/response.c (revision 2278)
-@@ -233,25 +233,4 @@
-
-
-- /**
-- *
-- * call plugins
-- *
-- * - based on the raw URL
-- *
-- */
--
-- switch(r = plugins_call_handle_uri_raw(srv, con)) {
-- case HANDLER_GO_ON:
-- break;
-- case HANDLER_FINISHED:
-- case HANDLER_COMEBACK:
-- case HANDLER_WAIT_FOR_EVENT:
-- case HANDLER_ERROR:
-- return r;
-- default:
-- log_error_write(srv, __FILE__, __LINE__, "sd", "handle_uri_raw: unknown return value", r);
-- break;
-- }
--
- /* build filename
- *
-@@ -259,5 +238,4 @@
- * - remove path-modifiers (e.g. /../)
- */
--
-
-
-@@ -275,4 +253,26 @@
- log_error_write(srv, __FILE__, __LINE__, "s", "-- sanatising URI");
- log_error_write(srv, __FILE__, __LINE__, "sb", "URI-path : ", con->uri.path);
-+ }
-+
-+
-+ /**
-+ *
-+ * call plugins
-+ *
-+ * - based on the raw URL
-+ *
-+ */
-+
-+ switch(r = plugins_call_handle_uri_raw(srv, con)) {
-+ case HANDLER_GO_ON:
-+ break;
-+ case HANDLER_FINISHED:
-+ case HANDLER_COMEBACK:
-+ case HANDLER_WAIT_FOR_EVENT:
-+ case HANDLER_ERROR:
-+ return r;
-+ default:
-+ log_error_write(srv, __FILE__, __LINE__, "sd", "handle_uri_raw: unknown return value", r);
-+ break;
- }
-
-Index: NEWS
-===================================================================
---- NEWS (revision 2277)
-+++ NEWS (revision 2278)
-@@ -50,4 +50,5 @@
- * fixed dropping last character of evhost pattern (#161)
- * print helpful error message on conditionals in global block (#1550)
-+ * decode url before matching in mod_rewrite (#1720)
-
- - 1.4.19 - 2008-03-10
--- www/lighttpd/files/patch-src__network_freebsd_sendfile.c
+++ /dev/null
@@ -1,47 +0,0 @@
-#
-# Respect EAGAIN and retry sendfile() instead close connection.
-# Remove empty lines and add two more cases to switch(errno)
-#
---- src/network_freebsd_sendfile.c.orig 2007-09-22 19:55:26.000000000 -0300
-+++ src/network_freebsd_sendfile.c 2007-09-22 19:43:28.000000000 -0300
-@@ -151,23 +151,23 @@
- if (-1 == c->file.fd) {
- if (-1 == (c->file.fd = open(c->file.name->ptr, O_RDONLY))) {
- log_error_write(srv, __FILE__, __LINE__, "ss", "open failed: ", strerror(errno));
--
- return -1;
- }
--
- #ifdef FD_CLOEXEC
- fcntl(c->file.fd, F_SETFD, FD_CLOEXEC);
- #endif
- }
-
-- r = 0;
--
-+eagain:
- /* FreeBSD sendfile() */
-+ r = 0;
- if (-1 == sendfile(c->file.fd, fd, offset, toSend, NULL, &r, 0)) {
- switch(errno) {
- case EAGAIN:
-+ case EINTR:
- break;
- case ENOTCONN:
-+ case ENOTSOCK:
- return -2;
- default:
- log_error_write(srv, __FILE__, __LINE__, "ssd", "sendfile: ", strerror(errno), errno);
-@@ -190,12 +190,10 @@
- if (offset >= sce->st.st_size) {
- /* file shrinked, close the connection */
- errno = oerrno;
--
- return -1;
- }
-
- errno = oerrno;
-- return -2;
- }
-
- c->offset += r;
--- www/lighttpd/files/patch-src__mod_fastcgi.c
+++ /dev/null
@@ -1,18 +0,0 @@
-#
-# http://trac.lighttpd.net/trac/changeset/2143
-#
-Index: /branches/lighttpd-1.4.x/src/mod_fastcgi.c
-===================================================================
---- src/mod_fastcgi.c (revision 2119)
-+++ src/mod_fastcgi.c (revision 2143)
-@@ -2545,5 +2545,8 @@
-
- if (HANDLER_ERROR != stat_cache_get_entry(srv, con, ds->value, &sce)) {
-- data_string *dcls = data_string_init();
-+ data_string *dcls;
-+ if (NULL == (dcls = (data_string *)array_get_unused_element(con->response.headers, TYPE_STRING))) {
-+ dcls = data_response_init();
-+ }
- /* found */
- http_chunk_append_file(srv, con, ds->value, 0, sce->st.st_size);
-
--- www/lighttpd/files/patch-sa_2008_07
+++ /dev/null
@@ -1,53 +0,0 @@
-#
-# http://www.lighttpd.net/security/lighttpd_sa_2008_07.txt
-#
-Index: src/request.c
-===================================================================
---- src/request.c (revision 1947)
-+++ src/request.c (revision 2305)
-@@ -826,4 +826,5 @@
- con->request.request);
- }
-+ array_insert_unique(con->request.headers, (data_unset *)ds);
- return 0;
- }
-@@ -875,4 +876,5 @@
- con->request.request);
- }
-+ array_insert_unique(con->request.headers, (data_unset *)ds);
- return 0;
- }
-@@ -912,4 +914,5 @@
- con->request.request);
- }
-+ array_insert_unique(con->request.headers, (data_unset *)ds);
- return 0;
- }
-@@ -937,4 +940,5 @@
- con->request.request);
- }
-+ array_insert_unique(con->request.headers, (data_unset *)ds);
- return 0;
- }
-@@ -954,4 +958,5 @@
- con->request.request);
- }
-+ array_insert_unique(con->request.headers, (data_unset *)ds);
- return 0;
- }
-@@ -977,4 +982,5 @@
- con->request.request);
- }
-+ array_insert_unique(con->request.headers, (data_unset *)ds);
- return 0;
- }
-Index: NEWS
-===================================================================
---- NEWS (revision 2304)
-+++ NEWS (revision 2305)
-@@ -63,4 +63,5 @@
- * workaround ldap connection leak if a ldap connection failed (restarting ldap)
- * fix auth.backend.ldap.bind-dn/pw problems (only read from global context for temporary ldap reconnects, thx ruskie)
-+ * fix memleak in request header parsing (#1774, thx qhy)
-
- - 1.4.19 - 2008-03-10
--- www/lighttpd/files/patch-CVE-2008-1531
+++ /dev/null
@@ -1,119 +0,0 @@
-Index: src/connections.c
-===================================================================
---- src/connections.c (revision 2103)
-+++ src/connections.c (revision 2136)
-@@ -200,4 +200,5 @@
- /* don't resize the buffer if we were in SSL_ERROR_WANT_* */
-
-+ ERR_clear_error();
- do {
- if (!con->ssl_error_want_reuse_buffer) {
-@@ -1670,4 +1671,5 @@
- if (srv_sock->is_ssl) {
- int ret;
-+ ERR_clear_error();
- switch ((ret = SSL_shutdown(con->ssl))) {
- case 1:
-@@ -1675,6 +1677,8 @@
- break;
- case 0:
-- SSL_shutdown(con->ssl);
-- break;
-+ ERR_clear_error();
-+ if ((ret = SSL_shutdown(con->ssl)) == 1) break;
-+
-+ // fall through
- default:
- log_error_write(srv, __FILE__, __LINE__, "sds", "SSL:",
-Index: src/network_openssl.c
-===================================================================
---- src/network_openssl.c (revision 2084)
-+++ src/network_openssl.c (revision 2136)
-@@ -86,4 +86,5 @@
- */
-
-+ ERR_clear_error();
- if ((r = SSL_write(ssl, offset, toSend)) <= 0) {
- unsigned long err;
-@@ -188,4 +189,5 @@
- close(ifd);
-
-+ ERR_clear_error();
- if ((r = SSL_write(ssl, s, toSend)) <= 0) {
- unsigned long err;
-Index: src/connections.c
-===================================================================
---- src/connections.c (revision 2136)
-+++ src/connections.c (revision 2139)
-@@ -1670,5 +1670,6 @@
- #ifdef USE_OPENSSL
- if (srv_sock->is_ssl) {
-- int ret;
-+ int ret, ssl_r;
-+ unsigned long err;
- ERR_clear_error();
- switch ((ret = SSL_shutdown(con->ssl))) {
-@@ -1678,14 +1679,40 @@
- case 0:
- ERR_clear_error();
-- if ((ret = SSL_shutdown(con->ssl)) == 1) break;
-+ if (-1 != (ret = SSL_shutdown(con->ssl))) break;
-
- // fall through
- default:
-- log_error_write(srv, __FILE__, __LINE__, "sds", "SSL:",
-- SSL_get_error(con->ssl, ret),
-- ERR_error_string(ERR_get_error(), NULL));
-- return -1;
-+
-+ switch ((ssl_r = SSL_get_error(con->ssl, ret))) {
-+ case SSL_ERROR_WANT_WRITE:
-+ case SSL_ERROR_WANT_READ:
-+ break;
-+ case SSL_ERROR_SYSCALL:
-+ /* perhaps we have error waiting in our error-queue */
-+ if (0 != (err = ERR_get_error())) {
-+ do {
-+ log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:",
-+ ssl_r, ret,
-+ ERR_error_string(err, NULL));
-+ } while((err = ERR_get_error()));
-+ } else {
-+ log_error_write(srv, __FILE__, __LINE__, "sddds", "SSL (error):",
-+ ssl_r, r, errno,
-+ strerror(errno));
-+ }
-+
-+ break;
-+ default:
-+ while((err = ERR_get_error())) {
-+ log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:",
-+ ssl_r, ret,
-+ ERR_error_string(err, NULL));
-+ }
-+
-+ break;
-+ }
- }
- }
-+ ERR_clear_error();
- #endif
-
-Index: src/connections.c
-===================================================================
---- src/connections.c (revision 2139)
-+++ src/connections.c (revision 2144)
-@@ -1681,5 +1681,5 @@
- if (-1 != (ret = SSL_shutdown(con->ssl))) break;
-
-- // fall through
-+ /* fall through */
- default:
-
-@@ -1698,5 +1698,5 @@
- } else {
- log_error_write(srv, __FILE__, __LINE__, "sddds", "SSL (error):",
-- ssl_r, r, errno,
-+ ssl_r, ret, errno,
- strerror(errno));
- }
More information about the Midnightbsd-cvs
mailing list