aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarcus Alves Grando <mnag@FreeBSD.org>2008-10-08 01:17:29 +0000
committerMarcus Alves Grando <mnag@FreeBSD.org>2008-10-08 01:17:29 +0000
commit9d7e37f1fff50d406d704f09d7103f750f5eb71b (patch)
treeeb7e60bd17637b195ebe5ed481ba0675f2a3c691
parent2165f9f8b9ededb56adfd4008f5455feeec5e5fd (diff)
- Update to 1.4.20
PR: 127861 Submitted by: Daniel Gerzo <danger___FreeBSD.org>
Notes
Notes: svn path=/head/; revision=221317
-rw-r--r--www/lighttpd/Makefile3
-rw-r--r--www/lighttpd/distinfo6
-rw-r--r--www/lighttpd/files/patch-CVE-2008-1531119
-rw-r--r--www/lighttpd/files/patch-mod_proxy_ipv6_support57
-rw-r--r--www/lighttpd/files/patch-sa_2008_0591
-rw-r--r--www/lighttpd/files/patch-sa_2008_0649
-rw-r--r--www/lighttpd/files/patch-sa_2008_0753
-rw-r--r--www/lighttpd/files/patch-src__mod_fastcgi.c18
-rw-r--r--www/lighttpd/files/patch-src__network_freebsd_sendfile.c47
9 files changed, 4 insertions, 439 deletions
diff --git a/www/lighttpd/Makefile b/www/lighttpd/Makefile
index 59e38c1086fe..7456e9b9f800 100644
--- a/www/lighttpd/Makefile
+++ b/www/lighttpd/Makefile
@@ -6,8 +6,7 @@
#
PORTNAME= lighttpd
-PORTVERSION= 1.4.19
-PORTREVISION= 3
+PORTVERSION= 1.4.20
CATEGORIES= www
MASTER_SITES= http://www.lighttpd.net/download/ \
http://mirrors.cat.pdx.edu/lighttpd/
diff --git a/www/lighttpd/distinfo b/www/lighttpd/distinfo
index eabe32f1d068..9cda0bf9414d 100644
--- a/www/lighttpd/distinfo
+++ b/www/lighttpd/distinfo
@@ -1,3 +1,3 @@
-MD5 (lighttpd-1.4.19.tar.bz2) = d787374e4e4aaa09d5cfa9ab9d23ad40
-SHA256 (lighttpd-1.4.19.tar.bz2) = a239323239c3735a04290f7c063a14ed2c4560a88c15181c253fcd68c6c2f1d7
-SIZE (lighttpd-1.4.19.tar.bz2) = 610347
+MD5 (lighttpd-1.4.20.tar.bz2) = ed6ee0bb714f393219a32768d86984d8
+SHA256 (lighttpd-1.4.20.tar.bz2) = 3cda2ce779f24948062f765f2630b5865e483f5fab7149681a2a25422fd61176
+SIZE (lighttpd-1.4.20.tar.bz2) = 618018
diff --git a/www/lighttpd/files/patch-CVE-2008-1531 b/www/lighttpd/files/patch-CVE-2008-1531
deleted file mode 100644
index f23c92cf4d3c..000000000000
--- a/www/lighttpd/files/patch-CVE-2008-1531
+++ /dev/null
@@ -1,119 +0,0 @@
-Index: src/connections.c
-===================================================================
---- src/connections.c (revision 2103)
-+++ src/connections.c (revision 2136)
-@@ -200,4 +200,5 @@
- /* don't resize the buffer if we were in SSL_ERROR_WANT_* */
-
-+ ERR_clear_error();
- do {
- if (!con->ssl_error_want_reuse_buffer) {
-@@ -1670,4 +1671,5 @@
- if (srv_sock->is_ssl) {
- int ret;
-+ ERR_clear_error();
- switch ((ret = SSL_shutdown(con->ssl))) {
- case 1:
-@@ -1675,6 +1677,8 @@
- break;
- case 0:
-- SSL_shutdown(con->ssl);
-- break;
-+ ERR_clear_error();
-+ if ((ret = SSL_shutdown(con->ssl)) == 1) break;
-+
-+ // fall through
- default:
- log_error_write(srv, __FILE__, __LINE__, "sds", "SSL:",
-Index: src/network_openssl.c
-===================================================================
---- src/network_openssl.c (revision 2084)
-+++ src/network_openssl.c (revision 2136)
-@@ -86,4 +86,5 @@
- */
-
-+ ERR_clear_error();
- if ((r = SSL_write(ssl, offset, toSend)) <= 0) {
- unsigned long err;
-@@ -188,4 +189,5 @@
- close(ifd);
-
-+ ERR_clear_error();
- if ((r = SSL_write(ssl, s, toSend)) <= 0) {
- unsigned long err;
-Index: src/connections.c
-===================================================================
---- src/connections.c (revision 2136)
-+++ src/connections.c (revision 2139)
-@@ -1670,5 +1670,6 @@
- #ifdef USE_OPENSSL
- if (srv_sock->is_ssl) {
-- int ret;
-+ int ret, ssl_r;
-+ unsigned long err;
- ERR_clear_error();
- switch ((ret = SSL_shutdown(con->ssl))) {
-@@ -1678,14 +1679,40 @@
- case 0:
- ERR_clear_error();
-- if ((ret = SSL_shutdown(con->ssl)) == 1) break;
-+ if (-1 != (ret = SSL_shutdown(con->ssl))) break;
-
- // fall through
- default:
-- log_error_write(srv, __FILE__, __LINE__, "sds", "SSL:",
-- SSL_get_error(con->ssl, ret),
-- ERR_error_string(ERR_get_error(), NULL));
-- return -1;
-+
-+ switch ((ssl_r = SSL_get_error(con->ssl, ret))) {
-+ case SSL_ERROR_WANT_WRITE:
-+ case SSL_ERROR_WANT_READ:
-+ break;
-+ case SSL_ERROR_SYSCALL:
-+ /* perhaps we have error waiting in our error-queue */
-+ if (0 != (err = ERR_get_error())) {
-+ do {
-+ log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:",
-+ ssl_r, ret,
-+ ERR_error_string(err, NULL));
-+ } while((err = ERR_get_error()));
-+ } else {
-+ log_error_write(srv, __FILE__, __LINE__, "sddds", "SSL (error):",
-+ ssl_r, r, errno,
-+ strerror(errno));
-+ }
-+
-+ break;
-+ default:
-+ while((err = ERR_get_error())) {
-+ log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:",
-+ ssl_r, ret,
-+ ERR_error_string(err, NULL));
-+ }
-+
-+ break;
-+ }
- }
- }
-+ ERR_clear_error();
- #endif
-
-Index: src/connections.c
-===================================================================
---- src/connections.c (revision 2139)
-+++ src/connections.c (revision 2144)
-@@ -1681,5 +1681,5 @@
- if (-1 != (ret = SSL_shutdown(con->ssl))) break;
-
-- // fall through
-+ /* fall through */
- default:
-
-@@ -1698,5 +1698,5 @@
- } else {
- log_error_write(srv, __FILE__, __LINE__, "sddds", "SSL (error):",
-- ssl_r, r, errno,
-+ ssl_r, ret, errno,
- strerror(errno));
- }
diff --git a/www/lighttpd/files/patch-mod_proxy_ipv6_support b/www/lighttpd/files/patch-mod_proxy_ipv6_support
deleted file mode 100644
index 1eaf8045088b..000000000000
--- a/www/lighttpd/files/patch-mod_proxy_ipv6_support
+++ /dev/null
@@ -1,57 +0,0 @@
-#
-# http://trac.lighttpd.net/trac/ticket/1537
-#
---- src/mod_proxy.c 2007-08-18 03:17:00.000000000 +0500
-+++ src/mod_proxy.c 2008-01-27 20:32:05.514825062 +0400
-@@ -356,6 +356,7 @@
- static int proxy_establish_connection(server *srv, handler_ctx *hctx) {
- struct sockaddr *proxy_addr;
- struct sockaddr_in proxy_addr_in;
-+ struct sockaddr_in6 proxy_addr_in6;
- socklen_t servlen;
-
- plugin_data *p = hctx->plugin_data;
-@@ -364,12 +365,20 @@
-
- memset(&proxy_addr, 0, sizeof(proxy_addr));
-
-- proxy_addr_in.sin_family = AF_INET;
-- proxy_addr_in.sin_addr.s_addr = inet_addr(host->host->ptr);
-- proxy_addr_in.sin_port = htons(host->port);
-- servlen = sizeof(proxy_addr_in);
-+ if (strstr(host->host->ptr,":")) {
-+ proxy_addr_in6.sin6_family = AF_INET6;
-+ inet_pton(AF_INET6,host->host->ptr,(char *)&proxy_addr_in6.sin6_addr);
-+ proxy_addr_in6.sin6_port = htons(host->port);
-+ servlen = sizeof(proxy_addr_in6);
-+ proxy_addr = (struct sockaddr *) &proxy_addr_in6;
-+ } else {
-+ proxy_addr_in.sin_family = AF_INET;
-+ proxy_addr_in.sin_addr.s_addr = inet_addr(host->host->ptr);
-+ proxy_addr_in.sin_port = htons(host->port);
-+ servlen = sizeof(proxy_addr_in);
-+ proxy_addr = (struct sockaddr *) &proxy_addr_in;
-+ }
-
-- proxy_addr = (struct sockaddr *) &proxy_addr_in;
-
- if (-1 == connect(proxy_fd, proxy_addr, servlen)) {
- if (errno == EINPROGRESS || errno == EALREADY) {
-@@ -740,9 +749,16 @@
-
- switch(hctx->state) {
- case PROXY_STATE_INIT:
-- if (-1 == (hctx->fd = socket(AF_INET, SOCK_STREAM, 0))) {
-+ if (strstr(host->host->ptr,":")) {
-+ if (-1 == (hctx->fd = socket(AF_INET6, SOCK_STREAM, 0))) {
-+ log_error_write(srv, __FILE__, __LINE__, "ss", "socket failed: ", strerror(errno));
-+ return HANDLER_ERROR;
-+ }
-+ } else {
-+ if (-1 == (hctx->fd = socket(AF_INET, SOCK_STREAM, 0))) {
- log_error_write(srv, __FILE__, __LINE__, "ss", "socket failed: ", strerror(errno));
- return HANDLER_ERROR;
-+ }
- }
- hctx->fde_ndx = -1;
-
diff --git a/www/lighttpd/files/patch-sa_2008_05 b/www/lighttpd/files/patch-sa_2008_05
deleted file mode 100644
index df64c197fa63..000000000000
--- a/www/lighttpd/files/patch-sa_2008_05
+++ /dev/null
@@ -1,91 +0,0 @@
-#
-# http://www.lighttpd.net/security/lighttpd_sa_2008_05.txt
-#
-Index: src/mod_rewrite.c
-===================================================================
---- src/mod_rewrite.c (revision 2148)
-+++ src/mod_rewrite.c (revision 2278)
-@@ -351,5 +351,9 @@
- if (!p->conf.rewrite) return HANDLER_GO_ON;
-
-- buffer_copy_string_buffer(p->match_buf, con->request.uri);
-+ buffer_copy_string_buffer(p->match_buf, con->uri.path);
-+ if (con->uri.query->used > 0) {
-+ buffer_append_string_len(p->match_buf, CONST_STR_LEN("?"));
-+ buffer_append_string_buffer(p->match_buf, con->uri.query);
-+ }
-
- for (i = 0; i < p->conf.rewrite->used; i++) {
-Index: src/response.c
-===================================================================
---- src/response.c (revision 2250)
-+++ src/response.c (revision 2278)
-@@ -233,25 +233,4 @@
-
-
-- /**
-- *
-- * call plugins
-- *
-- * - based on the raw URL
-- *
-- */
--
-- switch(r = plugins_call_handle_uri_raw(srv, con)) {
-- case HANDLER_GO_ON:
-- break;
-- case HANDLER_FINISHED:
-- case HANDLER_COMEBACK:
-- case HANDLER_WAIT_FOR_EVENT:
-- case HANDLER_ERROR:
-- return r;
-- default:
-- log_error_write(srv, __FILE__, __LINE__, "sd", "handle_uri_raw: unknown return value", r);
-- break;
-- }
--
- /* build filename
- *
-@@ -259,5 +238,4 @@
- * - remove path-modifiers (e.g. /../)
- */
--
-
-
-@@ -275,4 +253,26 @@
- log_error_write(srv, __FILE__, __LINE__, "s", "-- sanatising URI");
- log_error_write(srv, __FILE__, __LINE__, "sb", "URI-path : ", con->uri.path);
-+ }
-+
-+
-+ /**
-+ *
-+ * call plugins
-+ *
-+ * - based on the raw URL
-+ *
-+ */
-+
-+ switch(r = plugins_call_handle_uri_raw(srv, con)) {
-+ case HANDLER_GO_ON:
-+ break;
-+ case HANDLER_FINISHED:
-+ case HANDLER_COMEBACK:
-+ case HANDLER_WAIT_FOR_EVENT:
-+ case HANDLER_ERROR:
-+ return r;
-+ default:
-+ log_error_write(srv, __FILE__, __LINE__, "sd", "handle_uri_raw: unknown return value", r);
-+ break;
- }
-
-Index: NEWS
-===================================================================
---- NEWS (revision 2277)
-+++ NEWS (revision 2278)
-@@ -50,4 +50,5 @@
- * fixed dropping last character of evhost pattern (#161)
- * print helpful error message on conditionals in global block (#1550)
-+ * decode url before matching in mod_rewrite (#1720)
-
- - 1.4.19 - 2008-03-10
diff --git a/www/lighttpd/files/patch-sa_2008_06 b/www/lighttpd/files/patch-sa_2008_06
deleted file mode 100644
index e6cfa897b4d3..000000000000
--- a/www/lighttpd/files/patch-sa_2008_06
+++ /dev/null
@@ -1,49 +0,0 @@
-#
-# http://www.lighttpd.net/security/lighttpd_sa_2008_06.txt
-#
-Index: src/mod_userdir.c
-===================================================================
---- src/mod_userdir.c (revision 2120)
-+++ src/mod_userdir.c (revision 2283)
-@@ -263,4 +263,7 @@
- }
- }
-+ if (con->conf.force_lowercase_filenames) {
-+ buffer_to_lower(p->username);
-+ }
-
- buffer_copy_string_buffer(p->temp_path, p->conf.basepath);
-@@ -285,6 +288,22 @@
- }
-
-+ /* the physical rel_path is basically the same as uri.path;
-+ * but it is converted to lowercase in case of force_lowercase_filenames and some special handling
-+ * for trailing '.', ' ' and '/' on windows
-+ * we assume that no docroot/physical handler changed this
-+ * (docroot should only set the docroot/server name, phyiscal should only change the phyiscal.path;
-+ * the exception mod_secure_download doesn't work with userdir anyway)
-+ */
- BUFFER_APPEND_SLASH(p->temp_path);
-- buffer_append_string(p->temp_path, rel_url + 1); /* skip the / */
-+ /* if no second '/' is found, we assume that it was stripped from the uri.path for the special handling
-+ * on windows.
-+ * we do not care about the trailing slash here on windows, as we already ensured it is a directory
-+ *
-+ * TODO: what to do with trailing dots in usernames on windows? they may result in the same directory
-+ * as a username without them.
-+ */
-+ if (NULL != (rel_url = strchr(con->physical.rel_path->ptr + 2, '/'))) {
-+ buffer_append_string(p->temp_path, rel_url + 1); /* skip the / */
-+ }
- buffer_copy_string_buffer(con->physical.path, p->temp_path);
-
-Index: NEWS
-===================================================================
---- NEWS (revision 2281)
-+++ NEWS (revision 2283)
-@@ -53,4 +53,5 @@
- * fixed conditional patching of ldap filter (#1564)
- * Match headers case insensitive in response (removing of X-{Sendfile,LIGHTTPD-*}, catching Date/Server)
-+ * fixed bug with case-insensitive filenames in mod_userdir (#1589), spotted by "anders1"
-
- - 1.4.19 - 2008-03-10
diff --git a/www/lighttpd/files/patch-sa_2008_07 b/www/lighttpd/files/patch-sa_2008_07
deleted file mode 100644
index 1af4865f5497..000000000000
--- a/www/lighttpd/files/patch-sa_2008_07
+++ /dev/null
@@ -1,53 +0,0 @@
-#
-# http://www.lighttpd.net/security/lighttpd_sa_2008_07.txt
-#
-Index: src/request.c
-===================================================================
---- src/request.c (revision 1947)
-+++ src/request.c (revision 2305)
-@@ -826,4 +826,5 @@
- con->request.request);
- }
-+ array_insert_unique(con->request.headers, (data_unset *)ds);
- return 0;
- }
-@@ -875,4 +876,5 @@
- con->request.request);
- }
-+ array_insert_unique(con->request.headers, (data_unset *)ds);
- return 0;
- }
-@@ -912,4 +914,5 @@
- con->request.request);
- }
-+ array_insert_unique(con->request.headers, (data_unset *)ds);
- return 0;
- }
-@@ -937,4 +940,5 @@
- con->request.request);
- }
-+ array_insert_unique(con->request.headers, (data_unset *)ds);
- return 0;
- }
-@@ -954,4 +958,5 @@
- con->request.request);
- }
-+ array_insert_unique(con->request.headers, (data_unset *)ds);
- return 0;
- }
-@@ -977,4 +982,5 @@
- con->request.request);
- }
-+ array_insert_unique(con->request.headers, (data_unset *)ds);
- return 0;
- }
-Index: NEWS
-===================================================================
---- NEWS (revision 2304)
-+++ NEWS (revision 2305)
-@@ -63,4 +63,5 @@
- * workaround ldap connection leak if a ldap connection failed (restarting ldap)
- * fix auth.backend.ldap.bind-dn/pw problems (only read from global context for temporary ldap reconnects, thx ruskie)
-+ * fix memleak in request header parsing (#1774, thx qhy)
-
- - 1.4.19 - 2008-03-10
diff --git a/www/lighttpd/files/patch-src__mod_fastcgi.c b/www/lighttpd/files/patch-src__mod_fastcgi.c
deleted file mode 100644
index 13d15b759430..000000000000
--- a/www/lighttpd/files/patch-src__mod_fastcgi.c
+++ /dev/null
@@ -1,18 +0,0 @@
-#
-# http://trac.lighttpd.net/trac/changeset/2143
-#
-Index: /branches/lighttpd-1.4.x/src/mod_fastcgi.c
-===================================================================
---- src/mod_fastcgi.c (revision 2119)
-+++ src/mod_fastcgi.c (revision 2143)
-@@ -2545,5 +2545,8 @@
-
- if (HANDLER_ERROR != stat_cache_get_entry(srv, con, ds->value, &sce)) {
-- data_string *dcls = data_string_init();
-+ data_string *dcls;
-+ if (NULL == (dcls = (data_string *)array_get_unused_element(con->response.headers, TYPE_STRING))) {
-+ dcls = data_response_init();
-+ }
- /* found */
- http_chunk_append_file(srv, con, ds->value, 0, sce->st.st_size);
-
diff --git a/www/lighttpd/files/patch-src__network_freebsd_sendfile.c b/www/lighttpd/files/patch-src__network_freebsd_sendfile.c
deleted file mode 100644
index cfa1f1083818..000000000000
--- a/www/lighttpd/files/patch-src__network_freebsd_sendfile.c
+++ /dev/null
@@ -1,47 +0,0 @@
-#
-# Respect EAGAIN and retry sendfile() instead close connection.
-# Remove empty lines and add two more cases to switch(errno)
-#
---- src/network_freebsd_sendfile.c.orig 2007-09-22 19:55:26.000000000 -0300
-+++ src/network_freebsd_sendfile.c 2007-09-22 19:43:28.000000000 -0300
-@@ -151,23 +151,23 @@
- if (-1 == c->file.fd) {
- if (-1 == (c->file.fd = open(c->file.name->ptr, O_RDONLY))) {
- log_error_write(srv, __FILE__, __LINE__, "ss", "open failed: ", strerror(errno));
--
- return -1;
- }
--
- #ifdef FD_CLOEXEC
- fcntl(c->file.fd, F_SETFD, FD_CLOEXEC);
- #endif
- }
-
-- r = 0;
--
-+eagain:
- /* FreeBSD sendfile() */
-+ r = 0;
- if (-1 == sendfile(c->file.fd, fd, offset, toSend, NULL, &r, 0)) {
- switch(errno) {
- case EAGAIN:
-+ case EINTR:
- break;
- case ENOTCONN:
-+ case ENOTSOCK:
- return -2;
- default:
- log_error_write(srv, __FILE__, __LINE__, "ssd", "sendfile: ", strerror(errno), errno);
-@@ -190,12 +190,10 @@
- if (offset >= sce->st.st_size) {
- /* file shrinked, close the connection */
- errno = oerrno;
--
- return -1;
- }
-
- errno = oerrno;
-- return -2;
- }
-
- c->offset += r;