Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 17 Jan 2015 15:48:37 +0000 (UTC)
From:      Alexey Dokuchaev <danfe@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r377229 - in head/www/thttpd: . files
Message-ID:  <201501171548.t0HFmbID015764@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: danfe
Date: Sat Jan 17 15:48:37 2015
New Revision: 377229
URL: https://svnweb.freebsd.org/changeset/ports/377229
QAT: https://qat.redports.org/buildarchive/r377229/

Log:
  In sight of upcoming update, merge a few things to get cleaner diffs:
  
  - Add a patch for CVE-2005-3124 (courtesy of Red Hat?)
  - By default thttpd doesn't respect (or pass on) the X-Forwarded-For
    header; use a patch [1] that puts X-Forwarded-For into Remote-Addr,
    but not enable it just yet
  - Amend COMMENT, improve pkg-message, sort the knobs in Makefile, and
    reformat port description text for better readability while here
  
  [1] http://wiki.nginx.org/ThttpdRealIP

Added:
  head/www/thttpd/files/extra-patch-ip_real   (contents, props changed)
  head/www/thttpd/files/patch-CVE-2005-3124   (contents, props changed)
Modified:
  head/www/thttpd/Makefile
  head/www/thttpd/files/pkg-message.in
  head/www/thttpd/pkg-descr

Modified: head/www/thttpd/Makefile
==============================================================================
--- head/www/thttpd/Makefile	Sat Jan 17 15:33:05 2015	(r377228)
+++ head/www/thttpd/Makefile	Sat Jan 17 15:48:37 2015	(r377229)
@@ -9,19 +9,21 @@ MASTER_SITES=	http://www.acme.com/softwa
 		http://atreides.freenix.no/~anders/
 
 MAINTAINER=	danfe@FreeBSD.org
-COMMENT=	Tiny/turbo/throttling HTTP server
+COMMENT=	Tiny/turbo/throttling HTTP server with CGI support
 
-GNU_CONFIGURE=	yes
 USES=		gmake	# parallel builds (-jX) are broken with BSD make(1)
-USE_RC_SUBR=	thttpd
+GNU_CONFIGURE=	yes
+USE_RC_SUBR=	${PORTNAME}
 SUB_FILES=	pkg-message thttpd.conf.sample
-SUB_LIST=	WWWOWN=${WWWOWN}
+SUB_LIST=	WWWOWN=${WWWOWN} WWWGRP=${WWWGRP}
 
-OPTIONS_DEFINE=	SENDFILE
+OPTIONS_DEFINE=	SENDFILE IPREAL
 OPTIONS_DEFAULT=	SENDFILE
 SENDFILE_DESC=	Use sendfile(2) to serve files
+IPREAL_DESC=	Respect (pass on) "X-Forwarded-For" header
 
 SENDFILE_EXTRA_PATCHES=	${FILESDIR}/extra-patch-config.h
+IPREAL_EXTRA_PATCHES=	${FILESDIR}/extra-patch-ip_real
 
 post-patch:
 .for f in extras/htpasswd.1 extras/htpasswd.c thttpd.8 extras/Makefile.in

Added: head/www/thttpd/files/extra-patch-ip_real
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/www/thttpd/files/extra-patch-ip_real	Sat Jan 17 15:48:37 2015	(r377229)
@@ -0,0 +1,15 @@
+--- libhttpd.c.orig	2003-12-25 20:06:05.000000000 +0100
++++ libhttpd.c	2005-01-09 00:26:04.867255248 +0100
+@@ -2207,6 +2207,12 @@
+ 		if ( strcasecmp( cp, "keep-alive" ) == 0 )
+ 		    hc->keep_alive = 1;
+ 		}
++	    else if ( strncasecmp( buf, "X-Forwarded-For:", 16 ) == 0 )
++		{ // Use real IP if available 
++		cp = &buf[16];
++		cp += strspn( cp, " \t" );
++		inet_aton( cp, &(hc->client_addr.sa_in.sin_addr) );
++	        }
+ #ifdef LOG_UNKNOWN_HEADERS
+ 	    else if ( strncasecmp( buf, "Accept-Charset:", 15 ) == 0 ||
+ 		      strncasecmp( buf, "Accept-Language:", 16 ) == 0 ||

Added: head/www/thttpd/files/patch-CVE-2005-3124
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/www/thttpd/files/patch-CVE-2005-3124	Sat Jan 17 15:48:37 2015	(r377229)
@@ -0,0 +1,18 @@
+--- extras/syslogtocern.orig	2005-06-29 19:50:23.000000000 +0200
++++ extras/syslogtocern	2008-09-25 10:42:27.000000000 +0200
+@@ -31,8 +31,8 @@ if [ $# -lt 1 ] ; then
+     exit 1
+ fi
+ 
+-tmp1=/tmp/stc1.$$
+-rm -f $tmp1
++tmp1=`mktemp -t stc1.XXXXXX` || { echo "$0: Cannot create temporary file" >&2; exit 1;  }
++trap "[ -f \"$tmp1\" ] && /bin/rm -f -- \"$tmp1\"" 0 1 2 3 13 15
+ 
+ # Gather up all the thttpd entries.
+ egrep -h ' thttpd\[' "$@" > $tmp1
+@@ -65,4 +65,3 @@ awk < $tmp1 '{if ( ! ( NF >= 15 && $7 ==
+   sed -e "s,\([A-Z][a-z][a-z] [0-9 ][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9]\) [^ ]* thttpd\[[0-9]*\]: \(.*\),[\1 ${year}] \2," > error_log
+ 
+ # Done.
+-rm -f $tmp1

Modified: head/www/thttpd/files/pkg-message.in
==============================================================================
--- head/www/thttpd/files/pkg-message.in	Sat Jan 17 15:33:05 2015	(r377228)
+++ head/www/thttpd/files/pkg-message.in	Sat Jan 17 15:48:37 2015	(r377229)
@@ -2,10 +2,10 @@
 If you want users to be able to create their own Web
 subdirectories off of the main web directory, you need to:
 
-  1. Add a group for www admins
-  2. chgrp yourgroup %%PREFIX%%/bin/makeweb %%PREFIX%%/www
+  1. Add a group for www admins (e.g., "%%WWWGRP%%")
+  2. chgrp thatgroup %%PREFIX%%/bin/makeweb %%PREFIX%%/www
   3. chmod 2755 %%PREFIX%%/bin/makeweb
-  4. Tell them about makeweb(1)
+  4. Tell users about makeweb(1)
 
 See http://www.acme.com/software/thttpd/notes.html for more
 detailed instructions.

Modified: head/www/thttpd/pkg-descr
==============================================================================
--- head/www/thttpd/pkg-descr	Sat Jan 17 15:33:05 2015	(r377228)
+++ head/www/thttpd/pkg-descr	Sat Jan 17 15:48:37 2015	(r377229)
@@ -1,18 +1,18 @@
 thttpd is a simple, small, portable, fast, and secure HTTP server.
 
-Simple: It handles only the minimum necessary to implement HTTP/1.1.
+  - Simple: It handles only the minimum necessary to implement HTTP/1.1.
 
-Small: It also has a very small run-time size, since it does not fork and
-is very careful about memory allocation.
+  - Small: It also has a very small run-time size, since it does not fork
+    and is very careful about memory allocation.
 
-Portable: It compiles cleanly on SunOS 4.1.x, Solaris 2.x, BSD/OS 2.x,
-Linux 1.2.x, and OSF/1 (on a 64-bit Alpha).
+  - Portable: It compiles cleanly on SunOS 4.1.x, Solaris 2.x, BSD/OS 2.x,
+    Linux 1.2.x, and OSF/1 (on a 64-bit Alpha).
 
-Fast: In typical use it's about as fast as the best full-featured servers
-(Apache, NCSA, Netscape).  Under extreme load it's much faster.
+  - Fast: In typical use it's about as fast as the best full-featured
+    servers (Apache, NCSA, Netscape).  Under extreme load it's much faster.
 
-Secure: It goes to great lengths to protect the web server machine
-against attacks and breakins from other sites.
+  - Secure: It goes to great lengths to protect the web server machine
+    against attacks and breakins from other sites.
 
 It also has one extremely useful feature (URL-traffic-based throttling) that
 no other server currently has.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201501171548.t0HFmbID015764>