From owner-svn-ports-all@FreeBSD.ORG Sat Jan 17 15:48:39 2015 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 406DB3C2; Sat, 17 Jan 2015 15:48:39 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2C2CD7F0; Sat, 17 Jan 2015 15:48:39 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t0HFmdlx015780; Sat, 17 Jan 2015 15:48:39 GMT (envelope-from danfe@FreeBSD.org) Received: (from danfe@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id t0HFmbID015764; Sat, 17 Jan 2015 15:48:37 GMT (envelope-from danfe@FreeBSD.org) Message-Id: <201501171548.t0HFmbID015764@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: danfe set sender to danfe@FreeBSD.org using -f From: Alexey Dokuchaev Date: Sat, 17 Jan 2015 15:48:37 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r377229 - in head/www/thttpd: . files X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Jan 2015 15:48:39 -0000 Author: danfe Date: Sat Jan 17 15:48:37 2015 New Revision: 377229 URL: https://svnweb.freebsd.org/changeset/ports/377229 QAT: https://qat.redports.org/buildarchive/r377229/ Log: In sight of upcoming update, merge a few things to get cleaner diffs: - Add a patch for CVE-2005-3124 (courtesy of Red Hat?) - By default thttpd doesn't respect (or pass on) the X-Forwarded-For header; use a patch [1] that puts X-Forwarded-For into Remote-Addr, but not enable it just yet - Amend COMMENT, improve pkg-message, sort the knobs in Makefile, and reformat port description text for better readability while here [1] http://wiki.nginx.org/ThttpdRealIP Added: head/www/thttpd/files/extra-patch-ip_real (contents, props changed) head/www/thttpd/files/patch-CVE-2005-3124 (contents, props changed) Modified: head/www/thttpd/Makefile head/www/thttpd/files/pkg-message.in head/www/thttpd/pkg-descr Modified: head/www/thttpd/Makefile ============================================================================== --- head/www/thttpd/Makefile Sat Jan 17 15:33:05 2015 (r377228) +++ head/www/thttpd/Makefile Sat Jan 17 15:48:37 2015 (r377229) @@ -9,19 +9,21 @@ MASTER_SITES= http://www.acme.com/softwa http://atreides.freenix.no/~anders/ MAINTAINER= danfe@FreeBSD.org -COMMENT= Tiny/turbo/throttling HTTP server +COMMENT= Tiny/turbo/throttling HTTP server with CGI support -GNU_CONFIGURE= yes USES= gmake # parallel builds (-jX) are broken with BSD make(1) -USE_RC_SUBR= thttpd +GNU_CONFIGURE= yes +USE_RC_SUBR= ${PORTNAME} SUB_FILES= pkg-message thttpd.conf.sample -SUB_LIST= WWWOWN=${WWWOWN} +SUB_LIST= WWWOWN=${WWWOWN} WWWGRP=${WWWGRP} -OPTIONS_DEFINE= SENDFILE +OPTIONS_DEFINE= SENDFILE IPREAL OPTIONS_DEFAULT= SENDFILE SENDFILE_DESC= Use sendfile(2) to serve files +IPREAL_DESC= Respect (pass on) "X-Forwarded-For" header SENDFILE_EXTRA_PATCHES= ${FILESDIR}/extra-patch-config.h +IPREAL_EXTRA_PATCHES= ${FILESDIR}/extra-patch-ip_real post-patch: .for f in extras/htpasswd.1 extras/htpasswd.c thttpd.8 extras/Makefile.in Added: head/www/thttpd/files/extra-patch-ip_real ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/thttpd/files/extra-patch-ip_real Sat Jan 17 15:48:37 2015 (r377229) @@ -0,0 +1,15 @@ +--- libhttpd.c.orig 2003-12-25 20:06:05.000000000 +0100 ++++ libhttpd.c 2005-01-09 00:26:04.867255248 +0100 +@@ -2207,6 +2207,12 @@ + if ( strcasecmp( cp, "keep-alive" ) == 0 ) + hc->keep_alive = 1; + } ++ else if ( strncasecmp( buf, "X-Forwarded-For:", 16 ) == 0 ) ++ { // Use real IP if available ++ cp = &buf[16]; ++ cp += strspn( cp, " \t" ); ++ inet_aton( cp, &(hc->client_addr.sa_in.sin_addr) ); ++ } + #ifdef LOG_UNKNOWN_HEADERS + else if ( strncasecmp( buf, "Accept-Charset:", 15 ) == 0 || + strncasecmp( buf, "Accept-Language:", 16 ) == 0 || Added: head/www/thttpd/files/patch-CVE-2005-3124 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/thttpd/files/patch-CVE-2005-3124 Sat Jan 17 15:48:37 2015 (r377229) @@ -0,0 +1,18 @@ +--- extras/syslogtocern.orig 2005-06-29 19:50:23.000000000 +0200 ++++ extras/syslogtocern 2008-09-25 10:42:27.000000000 +0200 +@@ -31,8 +31,8 @@ if [ $# -lt 1 ] ; then + exit 1 + fi + +-tmp1=/tmp/stc1.$$ +-rm -f $tmp1 ++tmp1=`mktemp -t stc1.XXXXXX` || { echo "$0: Cannot create temporary file" >&2; exit 1; } ++trap "[ -f \"$tmp1\" ] && /bin/rm -f -- \"$tmp1\"" 0 1 2 3 13 15 + + # Gather up all the thttpd entries. + egrep -h ' thttpd\[' "$@" > $tmp1 +@@ -65,4 +65,3 @@ awk < $tmp1 '{if ( ! ( NF >= 15 && $7 == + sed -e "s,\([A-Z][a-z][a-z] [0-9 ][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9]\) [^ ]* thttpd\[[0-9]*\]: \(.*\),[\1 ${year}] \2," > error_log + + # Done. +-rm -f $tmp1 Modified: head/www/thttpd/files/pkg-message.in ============================================================================== --- head/www/thttpd/files/pkg-message.in Sat Jan 17 15:33:05 2015 (r377228) +++ head/www/thttpd/files/pkg-message.in Sat Jan 17 15:48:37 2015 (r377229) @@ -2,10 +2,10 @@ If you want users to be able to create their own Web subdirectories off of the main web directory, you need to: - 1. Add a group for www admins - 2. chgrp yourgroup %%PREFIX%%/bin/makeweb %%PREFIX%%/www + 1. Add a group for www admins (e.g., "%%WWWGRP%%") + 2. chgrp thatgroup %%PREFIX%%/bin/makeweb %%PREFIX%%/www 3. chmod 2755 %%PREFIX%%/bin/makeweb - 4. Tell them about makeweb(1) + 4. Tell users about makeweb(1) See http://www.acme.com/software/thttpd/notes.html for more detailed instructions. Modified: head/www/thttpd/pkg-descr ============================================================================== --- head/www/thttpd/pkg-descr Sat Jan 17 15:33:05 2015 (r377228) +++ head/www/thttpd/pkg-descr Sat Jan 17 15:48:37 2015 (r377229) @@ -1,18 +1,18 @@ thttpd is a simple, small, portable, fast, and secure HTTP server. -Simple: It handles only the minimum necessary to implement HTTP/1.1. + - Simple: It handles only the minimum necessary to implement HTTP/1.1. -Small: It also has a very small run-time size, since it does not fork and -is very careful about memory allocation. + - Small: It also has a very small run-time size, since it does not fork + and is very careful about memory allocation. -Portable: It compiles cleanly on SunOS 4.1.x, Solaris 2.x, BSD/OS 2.x, -Linux 1.2.x, and OSF/1 (on a 64-bit Alpha). + - Portable: It compiles cleanly on SunOS 4.1.x, Solaris 2.x, BSD/OS 2.x, + Linux 1.2.x, and OSF/1 (on a 64-bit Alpha). -Fast: In typical use it's about as fast as the best full-featured servers -(Apache, NCSA, Netscape). Under extreme load it's much faster. + - Fast: In typical use it's about as fast as the best full-featured + servers (Apache, NCSA, Netscape). Under extreme load it's much faster. -Secure: It goes to great lengths to protect the web server machine -against attacks and breakins from other sites. + - Secure: It goes to great lengths to protect the web server machine + against attacks and breakins from other sites. It also has one extremely useful feature (URL-traffic-based throttling) that no other server currently has.