Date: Sat, 4 Oct 2008 22:55:53 +0200 (CEST) From: Daniel Gerzo <danger@FreeBSD.org> To: FreeBSD-gnats-submit@FreeBSD.org Cc: mnag@FreeBSD.org Subject: ports/127861: [patch] update www/lighttpd to 1.4.20 Message-ID: <20081004205553.31AF89583F@web1.hockeyarena.net> Resent-Message-ID: <200810042120.m94LK2Ox072120@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 127861 >Category: ports >Synopsis: [patch] update www/lighttpd to 1.4.20 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Sat Oct 04 21:20:02 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Daniel Gerzo >Release: FreeBSD 8.0-CURRENT amd64 >Organization: The FreeBSD Project >Environment: System: FreeBSD 8.0-CURRENT #1: Sat Oct 4 21:15:32 CEST 2008 danger@web1:/usr/obj/usr/src.head/sys/WEB amd64 >Description: Update the www/lighttpd to the latest release >How-To-Repeat: http://www.lighttpd.net/2008/9/30/1-4-20-Otherwise-the-terrorists-win >Fix: --- lighttpd.diff begins here --- diff -ruN lighttpd/Makefile lighttpd.new/Makefile --- lighttpd/Makefile 2008-09-28 02:54:08.000000000 +0200 +++ lighttpd.new/Makefile 2008-10-04 22:39:35.000000000 +0200 @@ -6,8 +6,7 @@ # PORTNAME= lighttpd -PORTVERSION= 1.4.19 -PORTREVISION= 3 +PORTVERSION= 1.4.20 CATEGORIES= www MASTER_SITES= http://www.lighttpd.net/download/ \ http://mirrors.cat.pdx.edu/lighttpd/ diff -ruN lighttpd/distinfo lighttpd.new/distinfo --- lighttpd/distinfo 2008-03-16 22:01:10.000000000 +0100 +++ lighttpd.new/distinfo 2008-10-04 22:39:43.000000000 +0200 @@ -1,3 +1,3 @@ -MD5 (lighttpd-1.4.19.tar.bz2) = d787374e4e4aaa09d5cfa9ab9d23ad40 -SHA256 (lighttpd-1.4.19.tar.bz2) = a239323239c3735a04290f7c063a14ed2c4560a88c15181c253fcd68c6c2f1d7 -SIZE (lighttpd-1.4.19.tar.bz2) = 610347 +MD5 (lighttpd-1.4.20.tar.bz2) = ed6ee0bb714f393219a32768d86984d8 +SHA256 (lighttpd-1.4.20.tar.bz2) = 3cda2ce779f24948062f765f2630b5865e483f5fab7149681a2a25422fd61176 +SIZE (lighttpd-1.4.20.tar.bz2) = 618018 diff -ruN lighttpd/files/patch-CVE-2008-1531 lighttpd.new/files/patch-CVE-2008-1531 --- lighttpd/files/patch-CVE-2008-1531 2008-04-13 05:50:28.000000000 +0200 +++ lighttpd.new/files/patch-CVE-2008-1531 1970-01-01 01:00:00.000000000 +0100 @@ -1,119 +0,0 @@ -Index: src/connections.c -=================================================================== ---- src/connections.c (revision 2103) -+++ src/connections.c (revision 2136) -@@ -200,4 +200,5 @@ - /* don't resize the buffer if we were in SSL_ERROR_WANT_* */ - -+ ERR_clear_error(); - do { - if (!con->ssl_error_want_reuse_buffer) { -@@ -1670,4 +1671,5 @@ - if (srv_sock->is_ssl) { - int ret; -+ ERR_clear_error(); - switch ((ret = SSL_shutdown(con->ssl))) { - case 1: -@@ -1675,6 +1677,8 @@ - break; - case 0: -- SSL_shutdown(con->ssl); -- break; -+ ERR_clear_error(); -+ if ((ret = SSL_shutdown(con->ssl)) == 1) break; -+ -+ // fall through - default: - log_error_write(srv, __FILE__, __LINE__, "sds", "SSL:", -Index: src/network_openssl.c -=================================================================== ---- src/network_openssl.c (revision 2084) -+++ src/network_openssl.c (revision 2136) -@@ -86,4 +86,5 @@ - */ - -+ ERR_clear_error(); - if ((r = SSL_write(ssl, offset, toSend)) <= 0) { - unsigned long err; -@@ -188,4 +189,5 @@ - close(ifd); - -+ ERR_clear_error(); - if ((r = SSL_write(ssl, s, toSend)) <= 0) { - unsigned long err; -Index: src/connections.c -=================================================================== ---- src/connections.c (revision 2136) -+++ src/connections.c (revision 2139) -@@ -1670,5 +1670,6 @@ - #ifdef USE_OPENSSL - if (srv_sock->is_ssl) { -- int ret; -+ int ret, ssl_r; -+ unsigned long err; - ERR_clear_error(); - switch ((ret = SSL_shutdown(con->ssl))) { -@@ -1678,14 +1679,40 @@ - case 0: - ERR_clear_error(); -- if ((ret = SSL_shutdown(con->ssl)) == 1) break; -+ if (-1 != (ret = SSL_shutdown(con->ssl))) break; - - // fall through - default: -- log_error_write(srv, __FILE__, __LINE__, "sds", "SSL:", -- SSL_get_error(con->ssl, ret), -- ERR_error_string(ERR_get_error(), NULL)); -- return -1; -+ -+ switch ((ssl_r = SSL_get_error(con->ssl, ret))) { -+ case SSL_ERROR_WANT_WRITE: -+ case SSL_ERROR_WANT_READ: -+ break; -+ case SSL_ERROR_SYSCALL: -+ /* perhaps we have error waiting in our error-queue */ -+ if (0 != (err = ERR_get_error())) { -+ do { -+ log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:", -+ ssl_r, ret, -+ ERR_error_string(err, NULL)); -+ } while((err = ERR_get_error())); -+ } else { -+ log_error_write(srv, __FILE__, __LINE__, "sddds", "SSL (error):", -+ ssl_r, r, errno, -+ strerror(errno)); -+ } -+ -+ break; -+ default: -+ while((err = ERR_get_error())) { -+ log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:", -+ ssl_r, ret, -+ ERR_error_string(err, NULL)); -+ } -+ -+ break; -+ } - } - } -+ ERR_clear_error(); - #endif - -Index: src/connections.c -=================================================================== ---- src/connections.c (revision 2139) -+++ src/connections.c (revision 2144) -@@ -1681,5 +1681,5 @@ - if (-1 != (ret = SSL_shutdown(con->ssl))) break; - -- // fall through -+ /* fall through */ - default: - -@@ -1698,5 +1698,5 @@ - } else { - log_error_write(srv, __FILE__, __LINE__, "sddds", "SSL (error):", -- ssl_r, r, errno, -+ ssl_r, ret, errno, - strerror(errno)); - } diff -ruN lighttpd/files/patch-sa_2008_05 lighttpd.new/files/patch-sa_2008_05 --- lighttpd/files/patch-sa_2008_05 2008-09-28 01:47:57.000000000 +0200 +++ lighttpd.new/files/patch-sa_2008_05 1970-01-01 01:00:00.000000000 +0100 @@ -1,91 +0,0 @@ -# -# http://www.lighttpd.net/security/lighttpd_sa_2008_05.txt -# -Index: src/mod_rewrite.c -=================================================================== ---- src/mod_rewrite.c (revision 2148) -+++ src/mod_rewrite.c (revision 2278) -@@ -351,5 +351,9 @@ - if (!p->conf.rewrite) return HANDLER_GO_ON; - -- buffer_copy_string_buffer(p->match_buf, con->request.uri); -+ buffer_copy_string_buffer(p->match_buf, con->uri.path); -+ if (con->uri.query->used > 0) { -+ buffer_append_string_len(p->match_buf, CONST_STR_LEN("?")); -+ buffer_append_string_buffer(p->match_buf, con->uri.query); -+ } - - for (i = 0; i < p->conf.rewrite->used; i++) { -Index: src/response.c -=================================================================== ---- src/response.c (revision 2250) -+++ src/response.c (revision 2278) -@@ -233,25 +233,4 @@ - - -- /** -- * -- * call plugins -- * -- * - based on the raw URL -- * -- */ -- -- switch(r = plugins_call_handle_uri_raw(srv, con)) { -- case HANDLER_GO_ON: -- break; -- case HANDLER_FINISHED: -- case HANDLER_COMEBACK: -- case HANDLER_WAIT_FOR_EVENT: -- case HANDLER_ERROR: -- return r; -- default: -- log_error_write(srv, __FILE__, __LINE__, "sd", "handle_uri_raw: unknown return value", r); -- break; -- } -- - /* build filename - * -@@ -259,5 +238,4 @@ - * - remove path-modifiers (e.g. /../) - */ -- - - -@@ -275,4 +253,26 @@ - log_error_write(srv, __FILE__, __LINE__, "s", "-- sanatising URI"); - log_error_write(srv, __FILE__, __LINE__, "sb", "URI-path : ", con->uri.path); -+ } -+ -+ -+ /** -+ * -+ * call plugins -+ * -+ * - based on the raw URL -+ * -+ */ -+ -+ switch(r = plugins_call_handle_uri_raw(srv, con)) { -+ case HANDLER_GO_ON: -+ break; -+ case HANDLER_FINISHED: -+ case HANDLER_COMEBACK: -+ case HANDLER_WAIT_FOR_EVENT: -+ case HANDLER_ERROR: -+ return r; -+ default: -+ log_error_write(srv, __FILE__, __LINE__, "sd", "handle_uri_raw: unknown return value", r); -+ break; - } - -Index: NEWS -=================================================================== ---- NEWS (revision 2277) -+++ NEWS (revision 2278) -@@ -50,4 +50,5 @@ - * fixed dropping last character of evhost pattern (#161) - * print helpful error message on conditionals in global block (#1550) -+ * decode url before matching in mod_rewrite (#1720) - - - 1.4.19 - 2008-03-10 diff -ruN lighttpd/files/patch-sa_2008_06 lighttpd.new/files/patch-sa_2008_06 --- lighttpd/files/patch-sa_2008_06 2008-09-28 01:47:57.000000000 +0200 +++ lighttpd.new/files/patch-sa_2008_06 1970-01-01 01:00:00.000000000 +0100 @@ -1,49 +0,0 @@ -# -# http://www.lighttpd.net/security/lighttpd_sa_2008_06.txt -# -Index: src/mod_userdir.c -=================================================================== ---- src/mod_userdir.c (revision 2120) -+++ src/mod_userdir.c (revision 2283) -@@ -263,4 +263,7 @@ - } - } -+ if (con->conf.force_lowercase_filenames) { -+ buffer_to_lower(p->username); -+ } - - buffer_copy_string_buffer(p->temp_path, p->conf.basepath); -@@ -285,6 +288,22 @@ - } - -+ /* the physical rel_path is basically the same as uri.path; -+ * but it is converted to lowercase in case of force_lowercase_filenames and some special handling -+ * for trailing '.', ' ' and '/' on windows -+ * we assume that no docroot/physical handler changed this -+ * (docroot should only set the docroot/server name, phyiscal should only change the phyiscal.path; -+ * the exception mod_secure_download doesn't work with userdir anyway) -+ */ - BUFFER_APPEND_SLASH(p->temp_path); -- buffer_append_string(p->temp_path, rel_url + 1); /* skip the / */ -+ /* if no second '/' is found, we assume that it was stripped from the uri.path for the special handling -+ * on windows. -+ * we do not care about the trailing slash here on windows, as we already ensured it is a directory -+ * -+ * TODO: what to do with trailing dots in usernames on windows? they may result in the same directory -+ * as a username without them. -+ */ -+ if (NULL != (rel_url = strchr(con->physical.rel_path->ptr + 2, '/'))) { -+ buffer_append_string(p->temp_path, rel_url + 1); /* skip the / */ -+ } - buffer_copy_string_buffer(con->physical.path, p->temp_path); - -Index: NEWS -=================================================================== ---- NEWS (revision 2281) -+++ NEWS (revision 2283) -@@ -53,4 +53,5 @@ - * fixed conditional patching of ldap filter (#1564) - * Match headers case insensitive in response (removing of X-{Sendfile,LIGHTTPD-*}, catching Date/Server) -+ * fixed bug with case-insensitive filenames in mod_userdir (#1589), spotted by "anders1" - - - 1.4.19 - 2008-03-10 diff -ruN lighttpd/files/patch-sa_2008_07 lighttpd.new/files/patch-sa_2008_07 --- lighttpd/files/patch-sa_2008_07 2008-09-28 01:47:57.000000000 +0200 +++ lighttpd.new/files/patch-sa_2008_07 1970-01-01 01:00:00.000000000 +0100 @@ -1,53 +0,0 @@ -# -# http://www.lighttpd.net/security/lighttpd_sa_2008_07.txt -# -Index: src/request.c -=================================================================== ---- src/request.c (revision 1947) -+++ src/request.c (revision 2305) -@@ -826,4 +826,5 @@ - con->request.request); - } -+ array_insert_unique(con->request.headers, (data_unset *)ds); - return 0; - } -@@ -875,4 +876,5 @@ - con->request.request); - } -+ array_insert_unique(con->request.headers, (data_unset *)ds); - return 0; - } -@@ -912,4 +914,5 @@ - con->request.request); - } -+ array_insert_unique(con->request.headers, (data_unset *)ds); - return 0; - } -@@ -937,4 +940,5 @@ - con->request.request); - } -+ array_insert_unique(con->request.headers, (data_unset *)ds); - return 0; - } -@@ -954,4 +958,5 @@ - con->request.request); - } -+ array_insert_unique(con->request.headers, (data_unset *)ds); - return 0; - } -@@ -977,4 +982,5 @@ - con->request.request); - } -+ array_insert_unique(con->request.headers, (data_unset *)ds); - return 0; - } -Index: NEWS -=================================================================== ---- NEWS (revision 2304) -+++ NEWS (revision 2305) -@@ -63,4 +63,5 @@ - * workaround ldap connection leak if a ldap connection failed (restarting ldap) - * fix auth.backend.ldap.bind-dn/pw problems (only read from global context for temporary ldap reconnects, thx ruskie) -+ * fix memleak in request header parsing (#1774, thx qhy) - - - 1.4.19 - 2008-03-10 diff -ruN lighttpd/files/patch-src__mod_fastcgi.c lighttpd.new/files/patch-src__mod_fastcgi.c --- lighttpd/files/patch-src__mod_fastcgi.c 2008-09-07 17:05:44.000000000 +0200 +++ lighttpd.new/files/patch-src__mod_fastcgi.c 1970-01-01 01:00:00.000000000 +0100 @@ -1,18 +0,0 @@ -# -# http://trac.lighttpd.net/trac/changeset/2143 -# -Index: /branches/lighttpd-1.4.x/src/mod_fastcgi.c -=================================================================== ---- src/mod_fastcgi.c (revision 2119) -+++ src/mod_fastcgi.c (revision 2143) -@@ -2545,5 +2545,8 @@ - - if (HANDLER_ERROR != stat_cache_get_entry(srv, con, ds->value, &sce)) { -- data_string *dcls = data_string_init(); -+ data_string *dcls; -+ if (NULL == (dcls = (data_string *)array_get_unused_element(con->response.headers, TYPE_STRING))) { -+ dcls = data_response_init(); -+ } - /* found */ - http_chunk_append_file(srv, con, ds->value, 0, sce->st.st_size); - diff -ruN lighttpd/files/patch-src__network_freebsd_sendfile.c lighttpd.new/files/patch-src__network_freebsd_sendfile.c --- lighttpd/files/patch-src__network_freebsd_sendfile.c 2007-09-23 01:13:47.000000000 +0200 +++ lighttpd.new/files/patch-src__network_freebsd_sendfile.c 1970-01-01 01:00:00.000000000 +0100 @@ -1,47 +0,0 @@ -# -# Respect EAGAIN and retry sendfile() instead close connection. -# Remove empty lines and add two more cases to switch(errno) -# ---- src/network_freebsd_sendfile.c.orig 2007-09-22 19:55:26.000000000 -0300 -+++ src/network_freebsd_sendfile.c 2007-09-22 19:43:28.000000000 -0300 -@@ -151,23 +151,23 @@ - if (-1 == c->file.fd) { - if (-1 == (c->file.fd = open(c->file.name->ptr, O_RDONLY))) { - log_error_write(srv, __FILE__, __LINE__, "ss", "open failed: ", strerror(errno)); -- - return -1; - } -- - #ifdef FD_CLOEXEC - fcntl(c->file.fd, F_SETFD, FD_CLOEXEC); - #endif - } - -- r = 0; -- -+eagain: - /* FreeBSD sendfile() */ -+ r = 0; - if (-1 == sendfile(c->file.fd, fd, offset, toSend, NULL, &r, 0)) { - switch(errno) { - case EAGAIN: -+ case EINTR: - break; - case ENOTCONN: -+ case ENOTSOCK: - return -2; - default: - log_error_write(srv, __FILE__, __LINE__, "ssd", "sendfile: ", strerror(errno), errno); -@@ -190,12 +190,10 @@ - if (offset >= sce->st.st_size) { - /* file shrinked, close the connection */ - errno = oerrno; -- - return -1; - } - - errno = oerrno; -- return -2; - } - - c->offset += r; --- lighttpd.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081004205553.31AF89583F>