[Midnightbsd-cvs] mports: www/lighttpd: update to 1.4.20.

laffer1 at midnightbsd.org laffer1 at midnightbsd.org
Tue Sep 30 15:04:36 EDT 2008


Log Message:
-----------
update to 1.4.20.  This was released today.  It includes the previously applied security patches and some other fixes

Modified Files:
--------------
    mports/www/lighttpd:
        Makefile (r1.9 -> r1.10)
        distinfo (r1.4 -> r1.5)

Removed Files:
-------------
    mports/www/lighttpd/files:
        patch-CVE-2008-1531
        patch-sa_2008_05
        patch-sa_2008_06
        patch-sa_2008_07
        patch-src__mod_fastcgi.c
        patch-src__network_freebsd_sendfile.c

-------------- next part --------------
Index: Makefile
===================================================================
RCS file: /home/cvs/mports/www/lighttpd/Makefile,v
retrieving revision 1.9
retrieving revision 1.10
diff -L www/lighttpd/Makefile -L www/lighttpd/Makefile -u -r1.9 -r1.10
--- www/lighttpd/Makefile
+++ www/lighttpd/Makefile
@@ -7,8 +7,7 @@
 #
 
 PORTNAME=	lighttpd
-PORTVERSION=	1.4.19
-PORTREVISION=	4
+PORTVERSION=	1.4.20
 CATEGORIES=	www
 MASTER_SITES=	http://www.lighttpd.net/download/ \
 		http://mirrors.cat.pdx.edu/lighttpd/
Index: distinfo
===================================================================
RCS file: /home/cvs/mports/www/lighttpd/distinfo,v
retrieving revision 1.4
retrieving revision 1.5
diff -L www/lighttpd/distinfo -L www/lighttpd/distinfo -u -r1.4 -r1.5
--- www/lighttpd/distinfo
+++ www/lighttpd/distinfo
@@ -1,3 +1,3 @@
-MD5 (lighttpd-1.4.19.tar.gz) = cede410e7adee3ea14206749190a8b5d
-SHA256 (lighttpd-1.4.19.tar.gz) = 445324b95811e28ed1af23db03648136ce334781e89ab858fb4fd571016fb1df
-SIZE (lighttpd-1.4.19.tar.gz) = 815568
+MD5 (lighttpd-1.4.20.tar.gz) = 7ce7eefb487682b61d9b06b41864c64a
+SHA256 (lighttpd-1.4.20.tar.gz) = 32a25ad19372bd5be4510d9347956acb03370fd86cfedded61f423b737b7ddb1
+SIZE (lighttpd-1.4.20.tar.gz) = 827538
--- www/lighttpd/files/patch-sa_2008_06
+++ /dev/null
@@ -1,49 +0,0 @@
-#
-# http://www.lighttpd.net/security/lighttpd_sa_2008_06.txt
-#
-Index: src/mod_userdir.c
-===================================================================
---- src/mod_userdir.c (revision 2120)
-+++ src/mod_userdir.c (revision 2283)
-@@ -263,4 +263,7 @@
- 			}
- 		}
-+		if (con->conf.force_lowercase_filenames) {
-+			buffer_to_lower(p->username);
-+		}
- 
- 		buffer_copy_string_buffer(p->temp_path, p->conf.basepath);
-@@ -285,6 +288,22 @@
- 	}
- 
-+	/* the physical rel_path is basically the same as uri.path;
-+	 * but it is converted to lowercase in case of force_lowercase_filenames and some special handling
-+	 * for trailing '.', ' ' and '/' on windows
-+	 * we assume that no docroot/physical handler changed this
-+	 * (docroot should only set the docroot/server name, phyiscal should only change the phyiscal.path;
-+	 *  the exception mod_secure_download doesn't work with userdir anyway)
-+	 */
- 	BUFFER_APPEND_SLASH(p->temp_path);
--	buffer_append_string(p->temp_path, rel_url + 1); /* skip the / */
-+	/* if no second '/' is found, we assume that it was stripped from the uri.path for the special handling
-+	 * on windows.
-+	 * we do not care about the trailing slash here on windows, as we already ensured it is a directory
-+	 *
-+	 * TODO: what to do with trailing dots in usernames on windows? they may result in the same directory
-+	 *       as a username without them.
-+	 */
-+	if (NULL != (rel_url = strchr(con->physical.rel_path->ptr + 2, '/'))) {
-+		buffer_append_string(p->temp_path, rel_url + 1); /* skip the / */
-+	}
- 	buffer_copy_string_buffer(con->physical.path, p->temp_path);
- 
-Index: NEWS
-===================================================================
---- NEWS (revision 2281)
-+++ NEWS (revision 2283)
-@@ -53,4 +53,5 @@
-   * fixed conditional patching of ldap filter (#1564)
-   * Match headers case insensitive in response (removing of X-{Sendfile,LIGHTTPD-*}, catching Date/Server)
-+  * fixed bug with case-insensitive filenames in mod_userdir (#1589), spotted by "anders1"
- 
- - 1.4.19 - 2008-03-10
--- www/lighttpd/files/patch-sa_2008_05
+++ /dev/null
@@ -1,91 +0,0 @@
-#
-# http://www.lighttpd.net/security/lighttpd_sa_2008_05.txt
-#
-Index: src/mod_rewrite.c
-===================================================================
---- src/mod_rewrite.c (revision 2148)
-+++ src/mod_rewrite.c (revision 2278)
-@@ -351,5 +351,9 @@
- 	if (!p->conf.rewrite) return HANDLER_GO_ON;
- 
--	buffer_copy_string_buffer(p->match_buf, con->request.uri);
-+	buffer_copy_string_buffer(p->match_buf, con->uri.path);
-+	if (con->uri.query->used > 0) {
-+		buffer_append_string_len(p->match_buf, CONST_STR_LEN("?"));
-+		buffer_append_string_buffer(p->match_buf, con->uri.query);
-+	}
- 
- 	for (i = 0; i < p->conf.rewrite->used; i++) {
-Index: src/response.c
-===================================================================
---- src/response.c (revision 2250)
-+++ src/response.c (revision 2278)
-@@ -233,25 +233,4 @@
- 
- 
--		/**
--		 *
--		 * call plugins
--		 *
--		 * - based on the raw URL
--		 *
--		 */
--
--		switch(r = plugins_call_handle_uri_raw(srv, con)) {
--		case HANDLER_GO_ON:
--			break;
--		case HANDLER_FINISHED:
--		case HANDLER_COMEBACK:
--		case HANDLER_WAIT_FOR_EVENT:
--		case HANDLER_ERROR:
--			return r;
--		default:
--			log_error_write(srv, __FILE__, __LINE__, "sd", "handle_uri_raw: unknown return value", r);
--			break;
--		}
--
- 		/* build filename
- 		 *
-@@ -259,5 +238,4 @@
- 		 * - remove path-modifiers (e.g. /../)
- 		 */
--
- 
- 
-@@ -275,4 +253,26 @@
- 			log_error_write(srv, __FILE__, __LINE__,  "s",  "-- sanatising URI");
- 			log_error_write(srv, __FILE__, __LINE__,  "sb", "URI-path     : ", con->uri.path);
-+		}
-+
-+
-+		/**
-+		 *
-+		 * call plugins
-+		 *
-+		 * - based on the raw URL
-+		 *
-+		 */
-+
-+		switch(r = plugins_call_handle_uri_raw(srv, con)) {
-+		case HANDLER_GO_ON:
-+			break;
-+		case HANDLER_FINISHED:
-+		case HANDLER_COMEBACK:
-+		case HANDLER_WAIT_FOR_EVENT:
-+		case HANDLER_ERROR:
-+			return r;
-+		default:
-+			log_error_write(srv, __FILE__, __LINE__, "sd", "handle_uri_raw: unknown return value", r);
-+			break;
- 		}
- 
-Index: NEWS
-===================================================================
---- NEWS (revision 2277)
-+++ NEWS (revision 2278)
-@@ -50,4 +50,5 @@
-   * fixed dropping last character of evhost pattern (#161)
-   * print helpful error message on conditionals in global block (#1550)
-+  * decode url before matching in mod_rewrite (#1720)
- 
- - 1.4.19 - 2008-03-10
--- www/lighttpd/files/patch-src__network_freebsd_sendfile.c
+++ /dev/null
@@ -1,47 +0,0 @@
-#
-# Respect EAGAIN and retry sendfile() instead close connection.
-# Remove empty lines and add two more cases to switch(errno)
-#
---- src/network_freebsd_sendfile.c.orig	2007-09-22 19:55:26.000000000 -0300
-+++ src/network_freebsd_sendfile.c	2007-09-22 19:43:28.000000000 -0300
-@@ -151,23 +151,23 @@
- 			if (-1 == c->file.fd) {
- 				if (-1 == (c->file.fd = open(c->file.name->ptr, O_RDONLY))) {
- 					log_error_write(srv, __FILE__, __LINE__, "ss", "open failed: ", strerror(errno));
--
- 					return -1;
- 				}
--
- #ifdef FD_CLOEXEC
- 				fcntl(c->file.fd, F_SETFD, FD_CLOEXEC);
- #endif
- 			}
- 
--			r = 0;
--
-+eagain:
- 			/* FreeBSD sendfile() */
-+			r = 0;
- 			if (-1 == sendfile(c->file.fd, fd, offset, toSend, NULL, &r, 0)) {
- 				switch(errno) {
- 				case EAGAIN:
-+				case EINTR:
- 					break;
- 				case ENOTCONN:
-+				case ENOTSOCK:
- 					return -2;
- 				default:
- 					log_error_write(srv, __FILE__, __LINE__, "ssd", "sendfile: ", strerror(errno), errno);
-@@ -190,12 +190,10 @@
- 				if (offset >= sce->st.st_size) {
- 					/* file shrinked, close the connection */
- 					errno = oerrno;
--
- 					return -1;
- 				}
- 
- 				errno = oerrno;
--				return -2;
- 			}
- 
- 			c->offset += r;
--- www/lighttpd/files/patch-src__mod_fastcgi.c
+++ /dev/null
@@ -1,18 +0,0 @@
-#
-# http://trac.lighttpd.net/trac/changeset/2143
-#
-Index: /branches/lighttpd-1.4.x/src/mod_fastcgi.c
-===================================================================
---- src/mod_fastcgi.c (revision 2119)
-+++ src/mod_fastcgi.c (revision 2143)
-@@ -2545,5 +2545,8 @@
- 
- 					if (HANDLER_ERROR != stat_cache_get_entry(srv, con, ds->value, &sce)) {
--						data_string *dcls = data_string_init();
-+						data_string *dcls;
-+						if (NULL == (dcls = (data_string *)array_get_unused_element(con->response.headers, TYPE_STRING))) {
-+							dcls = data_response_init();
-+						}
- 						/* found */
- 						http_chunk_append_file(srv, con, ds->value, 0, sce->st.st_size);
-
--- www/lighttpd/files/patch-sa_2008_07
+++ /dev/null
@@ -1,53 +0,0 @@
-#
-# http://www.lighttpd.net/security/lighttpd_sa_2008_07.txt
-#
-Index: src/request.c
-===================================================================
---- src/request.c (revision 1947)
-+++ src/request.c (revision 2305)
-@@ -826,4 +826,5 @@
- 												con->request.request);
- 									}
-+									array_insert_unique(con->request.headers, (data_unset *)ds);
- 									return 0;
- 								}
-@@ -875,4 +876,5 @@
- 												con->request.request);
- 									}
-+									array_insert_unique(con->request.headers, (data_unset *)ds);
- 									return 0;
- 								}
-@@ -912,4 +914,5 @@
- 												con->request.request);
- 									}
-+									array_insert_unique(con->request.headers, (data_unset *)ds);
- 									return 0;
- 								}
-@@ -937,4 +940,5 @@
- 												con->request.request);
- 									}
-+									array_insert_unique(con->request.headers, (data_unset *)ds);
- 									return 0;
- 								}
-@@ -954,4 +958,5 @@
- 												con->request.request);
- 									}
-+									array_insert_unique(con->request.headers, (data_unset *)ds);
- 									return 0;
- 								}
-@@ -977,4 +982,5 @@
- 												con->request.request);
- 									}
-+									array_insert_unique(con->request.headers, (data_unset *)ds);
- 									return 0;
- 								}
-Index: NEWS
-===================================================================
---- NEWS (revision 2304)
-+++ NEWS (revision 2305)
-@@ -63,4 +63,5 @@
-   * workaround ldap connection leak if a ldap connection failed (restarting ldap)
-   * fix auth.backend.ldap.bind-dn/pw problems (only read from global context for temporary ldap reconnects, thx ruskie)
-+  * fix memleak in request header parsing (#1774, thx qhy)
- 
- - 1.4.19 - 2008-03-10
--- www/lighttpd/files/patch-CVE-2008-1531
+++ /dev/null
@@ -1,119 +0,0 @@
-Index: src/connections.c
-===================================================================
---- src/connections.c (revision 2103)
-+++ src/connections.c (revision 2136)
-@@ -200,4 +200,5 @@
- 	/* don't resize the buffer if we were in SSL_ERROR_WANT_* */
- 
-+	ERR_clear_error();
- 	do {
- 		if (!con->ssl_error_want_reuse_buffer) {
-@@ -1670,4 +1671,5 @@
- 			if (srv_sock->is_ssl) {
- 				int ret;
-+				ERR_clear_error();
- 				switch ((ret = SSL_shutdown(con->ssl))) {
- 				case 1:
-@@ -1675,6 +1677,8 @@
- 					break;
- 				case 0:
--					SSL_shutdown(con->ssl);
--					break;
-+					ERR_clear_error();
-+					if ((ret = SSL_shutdown(con->ssl)) == 1) break;
-+
-+					// fall through
- 				default:
- 					log_error_write(srv, __FILE__, __LINE__, "sds", "SSL:",
-Index: src/network_openssl.c
-===================================================================
---- src/network_openssl.c (revision 2084)
-+++ src/network_openssl.c (revision 2136)
-@@ -86,4 +86,5 @@
- 			 */
- 
-+			ERR_clear_error();
- 			if ((r = SSL_write(ssl, offset, toSend)) <= 0) {
- 				unsigned long err;
-@@ -188,4 +189,5 @@
- 				close(ifd);
- 
-+				ERR_clear_error();
- 				if ((r = SSL_write(ssl, s, toSend)) <= 0) {
- 					unsigned long err;
-Index: src/connections.c
-===================================================================
---- src/connections.c (revision 2136)
-+++ src/connections.c (revision 2139)
-@@ -1670,5 +1670,6 @@
- #ifdef USE_OPENSSL
- 			if (srv_sock->is_ssl) {
--				int ret;
-+				int ret, ssl_r;
-+				unsigned long err;
- 				ERR_clear_error();
- 				switch ((ret = SSL_shutdown(con->ssl))) {
-@@ -1678,14 +1679,40 @@
- 				case 0:
- 					ERR_clear_error();
--					if ((ret = SSL_shutdown(con->ssl)) == 1) break;
-+					if (-1 != (ret = SSL_shutdown(con->ssl))) break;
- 
- 					// fall through
- 				default:
--					log_error_write(srv, __FILE__, __LINE__, "sds", "SSL:",
--							SSL_get_error(con->ssl, ret),
--							ERR_error_string(ERR_get_error(), NULL));
--					return -1;
-+
-+					switch ((ssl_r = SSL_get_error(con->ssl, ret))) {
-+					case SSL_ERROR_WANT_WRITE:
-+					case SSL_ERROR_WANT_READ:
-+						break;
-+					case SSL_ERROR_SYSCALL:
-+						/* perhaps we have error waiting in our error-queue */
-+						if (0 != (err = ERR_get_error())) {
-+							do {
-+								log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:",
-+										ssl_r, ret,
-+										ERR_error_string(err, NULL));
-+							} while((err = ERR_get_error()));
-+						} else {
-+							log_error_write(srv, __FILE__, __LINE__, "sddds", "SSL (error):",
-+									ssl_r, r, errno,
-+									strerror(errno));
-+						}
-+	
-+						break;
-+					default:
-+						while((err = ERR_get_error())) {
-+							log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:",
-+									ssl_r, ret,
-+									ERR_error_string(err, NULL));
-+						}
-+	
-+						break;
-+					}
- 				}
- 			}
-+			ERR_clear_error();
- #endif
- 
-Index: src/connections.c
-===================================================================
---- src/connections.c (revision 2139)
-+++ src/connections.c (revision 2144)
-@@ -1681,5 +1681,5 @@
- 					if (-1 != (ret = SSL_shutdown(con->ssl))) break;
- 
--					// fall through
-+					/* fall through */
- 				default:
- 
-@@ -1698,5 +1698,5 @@
- 						} else {
- 							log_error_write(srv, __FILE__, __LINE__, "sddds", "SSL (error):",
--									ssl_r, r, errno,
-+									ssl_r, ret, errno,
- 									strerror(errno));
- 						}


More information about the Midnightbsd-cvs mailing list