diff options
author | Marcus Alves Grando <mnag@FreeBSD.org> | 2008-10-08 01:17:29 +0000 |
---|---|---|
committer | Marcus Alves Grando <mnag@FreeBSD.org> | 2008-10-08 01:17:29 +0000 |
commit | 9d7e37f1fff50d406d704f09d7103f750f5eb71b (patch) | |
tree | eb7e60bd17637b195ebe5ed481ba0675f2a3c691 | |
parent | 2165f9f8b9ededb56adfd4008f5455feeec5e5fd (diff) |
- Update to 1.4.20
PR: 127861
Submitted by: Daniel Gerzo <danger___FreeBSD.org>
Notes
Notes:
svn path=/head/; revision=221317
-rw-r--r-- | www/lighttpd/Makefile | 3 | ||||
-rw-r--r-- | www/lighttpd/distinfo | 6 | ||||
-rw-r--r-- | www/lighttpd/files/patch-CVE-2008-1531 | 119 | ||||
-rw-r--r-- | www/lighttpd/files/patch-mod_proxy_ipv6_support | 57 | ||||
-rw-r--r-- | www/lighttpd/files/patch-sa_2008_05 | 91 | ||||
-rw-r--r-- | www/lighttpd/files/patch-sa_2008_06 | 49 | ||||
-rw-r--r-- | www/lighttpd/files/patch-sa_2008_07 | 53 | ||||
-rw-r--r-- | www/lighttpd/files/patch-src__mod_fastcgi.c | 18 | ||||
-rw-r--r-- | www/lighttpd/files/patch-src__network_freebsd_sendfile.c | 47 |
9 files changed, 4 insertions, 439 deletions
diff --git a/www/lighttpd/Makefile b/www/lighttpd/Makefile index 59e38c1086fe..7456e9b9f800 100644 --- a/www/lighttpd/Makefile +++ b/www/lighttpd/Makefile @@ -6,8 +6,7 @@ # PORTNAME= lighttpd -PORTVERSION= 1.4.19 -PORTREVISION= 3 +PORTVERSION= 1.4.20 CATEGORIES= www MASTER_SITES= http://www.lighttpd.net/download/ \ http://mirrors.cat.pdx.edu/lighttpd/ diff --git a/www/lighttpd/distinfo b/www/lighttpd/distinfo index eabe32f1d068..9cda0bf9414d 100644 --- a/www/lighttpd/distinfo +++ b/www/lighttpd/distinfo @@ -1,3 +1,3 @@ -MD5 (lighttpd-1.4.19.tar.bz2) = d787374e4e4aaa09d5cfa9ab9d23ad40 -SHA256 (lighttpd-1.4.19.tar.bz2) = a239323239c3735a04290f7c063a14ed2c4560a88c15181c253fcd68c6c2f1d7 -SIZE (lighttpd-1.4.19.tar.bz2) = 610347 +MD5 (lighttpd-1.4.20.tar.bz2) = ed6ee0bb714f393219a32768d86984d8 +SHA256 (lighttpd-1.4.20.tar.bz2) = 3cda2ce779f24948062f765f2630b5865e483f5fab7149681a2a25422fd61176 +SIZE (lighttpd-1.4.20.tar.bz2) = 618018 diff --git a/www/lighttpd/files/patch-CVE-2008-1531 b/www/lighttpd/files/patch-CVE-2008-1531 deleted file mode 100644 index f23c92cf4d3c..000000000000 --- a/www/lighttpd/files/patch-CVE-2008-1531 +++ /dev/null @@ -1,119 +0,0 @@ -Index: src/connections.c -=================================================================== ---- src/connections.c (revision 2103) -+++ src/connections.c (revision 2136) -@@ -200,4 +200,5 @@ - /* don't resize the buffer if we were in SSL_ERROR_WANT_* */ - -+ ERR_clear_error(); - do { - if (!con->ssl_error_want_reuse_buffer) { -@@ -1670,4 +1671,5 @@ - if (srv_sock->is_ssl) { - int ret; -+ ERR_clear_error(); - switch ((ret = SSL_shutdown(con->ssl))) { - case 1: -@@ -1675,6 +1677,8 @@ - break; - case 0: -- SSL_shutdown(con->ssl); -- break; -+ ERR_clear_error(); -+ if ((ret = SSL_shutdown(con->ssl)) == 1) break; -+ -+ // fall through - default: - log_error_write(srv, __FILE__, __LINE__, "sds", "SSL:", -Index: src/network_openssl.c -=================================================================== ---- src/network_openssl.c (revision 2084) -+++ src/network_openssl.c (revision 2136) -@@ -86,4 +86,5 @@ - */ - -+ ERR_clear_error(); - if ((r = SSL_write(ssl, offset, toSend)) <= 0) { - unsigned long err; -@@ -188,4 +189,5 @@ - close(ifd); - -+ ERR_clear_error(); - if ((r = SSL_write(ssl, s, toSend)) <= 0) { - unsigned long err; -Index: src/connections.c -=================================================================== ---- src/connections.c (revision 2136) -+++ src/connections.c (revision 2139) -@@ -1670,5 +1670,6 @@ - #ifdef USE_OPENSSL - if (srv_sock->is_ssl) { -- int ret; -+ int ret, ssl_r; -+ unsigned long err; - ERR_clear_error(); - switch ((ret = SSL_shutdown(con->ssl))) { -@@ -1678,14 +1679,40 @@ - case 0: - ERR_clear_error(); -- if ((ret = SSL_shutdown(con->ssl)) == 1) break; -+ if (-1 != (ret = SSL_shutdown(con->ssl))) break; - - // fall through - default: -- log_error_write(srv, __FILE__, __LINE__, "sds", "SSL:", -- SSL_get_error(con->ssl, ret), -- ERR_error_string(ERR_get_error(), NULL)); -- return -1; -+ -+ switch ((ssl_r = SSL_get_error(con->ssl, ret))) { -+ case SSL_ERROR_WANT_WRITE: -+ case SSL_ERROR_WANT_READ: -+ break; -+ case SSL_ERROR_SYSCALL: -+ /* perhaps we have error waiting in our error-queue */ -+ if (0 != (err = ERR_get_error())) { -+ do { -+ log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:", -+ ssl_r, ret, -+ ERR_error_string(err, NULL)); -+ } while((err = ERR_get_error())); -+ } else { -+ log_error_write(srv, __FILE__, __LINE__, "sddds", "SSL (error):", -+ ssl_r, r, errno, -+ strerror(errno)); -+ } -+ -+ break; -+ default: -+ while((err = ERR_get_error())) { -+ log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:", -+ ssl_r, ret, -+ ERR_error_string(err, NULL)); -+ } -+ -+ break; -+ } - } - } -+ ERR_clear_error(); - #endif - -Index: src/connections.c -=================================================================== ---- src/connections.c (revision 2139) -+++ src/connections.c (revision 2144) -@@ -1681,5 +1681,5 @@ - if (-1 != (ret = SSL_shutdown(con->ssl))) break; - -- // fall through -+ /* fall through */ - default: - -@@ -1698,5 +1698,5 @@ - } else { - log_error_write(srv, __FILE__, __LINE__, "sddds", "SSL (error):", -- ssl_r, r, errno, -+ ssl_r, ret, errno, - strerror(errno)); - } diff --git a/www/lighttpd/files/patch-mod_proxy_ipv6_support b/www/lighttpd/files/patch-mod_proxy_ipv6_support deleted file mode 100644 index 1eaf8045088b..000000000000 --- a/www/lighttpd/files/patch-mod_proxy_ipv6_support +++ /dev/null @@ -1,57 +0,0 @@ -# -# http://trac.lighttpd.net/trac/ticket/1537 -# ---- src/mod_proxy.c 2007-08-18 03:17:00.000000000 +0500 -+++ src/mod_proxy.c 2008-01-27 20:32:05.514825062 +0400 -@@ -356,6 +356,7 @@ - static int proxy_establish_connection(server *srv, handler_ctx *hctx) { - struct sockaddr *proxy_addr; - struct sockaddr_in proxy_addr_in; -+ struct sockaddr_in6 proxy_addr_in6; - socklen_t servlen; - - plugin_data *p = hctx->plugin_data; -@@ -364,12 +365,20 @@ - - memset(&proxy_addr, 0, sizeof(proxy_addr)); - -- proxy_addr_in.sin_family = AF_INET; -- proxy_addr_in.sin_addr.s_addr = inet_addr(host->host->ptr); -- proxy_addr_in.sin_port = htons(host->port); -- servlen = sizeof(proxy_addr_in); -+ if (strstr(host->host->ptr,":")) { -+ proxy_addr_in6.sin6_family = AF_INET6; -+ inet_pton(AF_INET6,host->host->ptr,(char *)&proxy_addr_in6.sin6_addr); -+ proxy_addr_in6.sin6_port = htons(host->port); -+ servlen = sizeof(proxy_addr_in6); -+ proxy_addr = (struct sockaddr *) &proxy_addr_in6; -+ } else { -+ proxy_addr_in.sin_family = AF_INET; -+ proxy_addr_in.sin_addr.s_addr = inet_addr(host->host->ptr); -+ proxy_addr_in.sin_port = htons(host->port); -+ servlen = sizeof(proxy_addr_in); -+ proxy_addr = (struct sockaddr *) &proxy_addr_in; -+ } - -- proxy_addr = (struct sockaddr *) &proxy_addr_in; - - if (-1 == connect(proxy_fd, proxy_addr, servlen)) { - if (errno == EINPROGRESS || errno == EALREADY) { -@@ -740,9 +749,16 @@ - - switch(hctx->state) { - case PROXY_STATE_INIT: -- if (-1 == (hctx->fd = socket(AF_INET, SOCK_STREAM, 0))) { -+ if (strstr(host->host->ptr,":")) { -+ if (-1 == (hctx->fd = socket(AF_INET6, SOCK_STREAM, 0))) { -+ log_error_write(srv, __FILE__, __LINE__, "ss", "socket failed: ", strerror(errno)); -+ return HANDLER_ERROR; -+ } -+ } else { -+ if (-1 == (hctx->fd = socket(AF_INET, SOCK_STREAM, 0))) { - log_error_write(srv, __FILE__, __LINE__, "ss", "socket failed: ", strerror(errno)); - return HANDLER_ERROR; -+ } - } - hctx->fde_ndx = -1; - diff --git a/www/lighttpd/files/patch-sa_2008_05 b/www/lighttpd/files/patch-sa_2008_05 deleted file mode 100644 index df64c197fa63..000000000000 --- a/www/lighttpd/files/patch-sa_2008_05 +++ /dev/null @@ -1,91 +0,0 @@ -# -# http://www.lighttpd.net/security/lighttpd_sa_2008_05.txt -# -Index: src/mod_rewrite.c -=================================================================== ---- src/mod_rewrite.c (revision 2148) -+++ src/mod_rewrite.c (revision 2278) -@@ -351,5 +351,9 @@ - if (!p->conf.rewrite) return HANDLER_GO_ON; - -- buffer_copy_string_buffer(p->match_buf, con->request.uri); -+ buffer_copy_string_buffer(p->match_buf, con->uri.path); -+ if (con->uri.query->used > 0) { -+ buffer_append_string_len(p->match_buf, CONST_STR_LEN("?")); -+ buffer_append_string_buffer(p->match_buf, con->uri.query); -+ } - - for (i = 0; i < p->conf.rewrite->used; i++) { -Index: src/response.c -=================================================================== ---- src/response.c (revision 2250) -+++ src/response.c (revision 2278) -@@ -233,25 +233,4 @@ - - -- /** -- * -- * call plugins -- * -- * - based on the raw URL -- * -- */ -- -- switch(r = plugins_call_handle_uri_raw(srv, con)) { -- case HANDLER_GO_ON: -- break; -- case HANDLER_FINISHED: -- case HANDLER_COMEBACK: -- case HANDLER_WAIT_FOR_EVENT: -- case HANDLER_ERROR: -- return r; -- default: -- log_error_write(srv, __FILE__, __LINE__, "sd", "handle_uri_raw: unknown return value", r); -- break; -- } -- - /* build filename - * -@@ -259,5 +238,4 @@ - * - remove path-modifiers (e.g. /../) - */ -- - - -@@ -275,4 +253,26 @@ - log_error_write(srv, __FILE__, __LINE__, "s", "-- sanatising URI"); - log_error_write(srv, __FILE__, __LINE__, "sb", "URI-path : ", con->uri.path); -+ } -+ -+ -+ /** -+ * -+ * call plugins -+ * -+ * - based on the raw URL -+ * -+ */ -+ -+ switch(r = plugins_call_handle_uri_raw(srv, con)) { -+ case HANDLER_GO_ON: -+ break; -+ case HANDLER_FINISHED: -+ case HANDLER_COMEBACK: -+ case HANDLER_WAIT_FOR_EVENT: -+ case HANDLER_ERROR: -+ return r; -+ default: -+ log_error_write(srv, __FILE__, __LINE__, "sd", "handle_uri_raw: unknown return value", r); -+ break; - } - -Index: NEWS -=================================================================== ---- NEWS (revision 2277) -+++ NEWS (revision 2278) -@@ -50,4 +50,5 @@ - * fixed dropping last character of evhost pattern (#161) - * print helpful error message on conditionals in global block (#1550) -+ * decode url before matching in mod_rewrite (#1720) - - - 1.4.19 - 2008-03-10 diff --git a/www/lighttpd/files/patch-sa_2008_06 b/www/lighttpd/files/patch-sa_2008_06 deleted file mode 100644 index e6cfa897b4d3..000000000000 --- a/www/lighttpd/files/patch-sa_2008_06 +++ /dev/null @@ -1,49 +0,0 @@ -# -# http://www.lighttpd.net/security/lighttpd_sa_2008_06.txt -# -Index: src/mod_userdir.c -=================================================================== ---- src/mod_userdir.c (revision 2120) -+++ src/mod_userdir.c (revision 2283) -@@ -263,4 +263,7 @@ - } - } -+ if (con->conf.force_lowercase_filenames) { -+ buffer_to_lower(p->username); -+ } - - buffer_copy_string_buffer(p->temp_path, p->conf.basepath); -@@ -285,6 +288,22 @@ - } - -+ /* the physical rel_path is basically the same as uri.path; -+ * but it is converted to lowercase in case of force_lowercase_filenames and some special handling -+ * for trailing '.', ' ' and '/' on windows -+ * we assume that no docroot/physical handler changed this -+ * (docroot should only set the docroot/server name, phyiscal should only change the phyiscal.path; -+ * the exception mod_secure_download doesn't work with userdir anyway) -+ */ - BUFFER_APPEND_SLASH(p->temp_path); -- buffer_append_string(p->temp_path, rel_url + 1); /* skip the / */ -+ /* if no second '/' is found, we assume that it was stripped from the uri.path for the special handling -+ * on windows. -+ * we do not care about the trailing slash here on windows, as we already ensured it is a directory -+ * -+ * TODO: what to do with trailing dots in usernames on windows? they may result in the same directory -+ * as a username without them. -+ */ -+ if (NULL != (rel_url = strchr(con->physical.rel_path->ptr + 2, '/'))) { -+ buffer_append_string(p->temp_path, rel_url + 1); /* skip the / */ -+ } - buffer_copy_string_buffer(con->physical.path, p->temp_path); - -Index: NEWS -=================================================================== ---- NEWS (revision 2281) -+++ NEWS (revision 2283) -@@ -53,4 +53,5 @@ - * fixed conditional patching of ldap filter (#1564) - * Match headers case insensitive in response (removing of X-{Sendfile,LIGHTTPD-*}, catching Date/Server) -+ * fixed bug with case-insensitive filenames in mod_userdir (#1589), spotted by "anders1" - - - 1.4.19 - 2008-03-10 diff --git a/www/lighttpd/files/patch-sa_2008_07 b/www/lighttpd/files/patch-sa_2008_07 deleted file mode 100644 index 1af4865f5497..000000000000 --- a/www/lighttpd/files/patch-sa_2008_07 +++ /dev/null @@ -1,53 +0,0 @@ -# -# http://www.lighttpd.net/security/lighttpd_sa_2008_07.txt -# -Index: src/request.c -=================================================================== ---- src/request.c (revision 1947) -+++ src/request.c (revision 2305) -@@ -826,4 +826,5 @@ - con->request.request); - } -+ array_insert_unique(con->request.headers, (data_unset *)ds); - return 0; - } -@@ -875,4 +876,5 @@ - con->request.request); - } -+ array_insert_unique(con->request.headers, (data_unset *)ds); - return 0; - } -@@ -912,4 +914,5 @@ - con->request.request); - } -+ array_insert_unique(con->request.headers, (data_unset *)ds); - return 0; - } -@@ -937,4 +940,5 @@ - con->request.request); - } -+ array_insert_unique(con->request.headers, (data_unset *)ds); - return 0; - } -@@ -954,4 +958,5 @@ - con->request.request); - } -+ array_insert_unique(con->request.headers, (data_unset *)ds); - return 0; - } -@@ -977,4 +982,5 @@ - con->request.request); - } -+ array_insert_unique(con->request.headers, (data_unset *)ds); - return 0; - } -Index: NEWS -=================================================================== ---- NEWS (revision 2304) -+++ NEWS (revision 2305) -@@ -63,4 +63,5 @@ - * workaround ldap connection leak if a ldap connection failed (restarting ldap) - * fix auth.backend.ldap.bind-dn/pw problems (only read from global context for temporary ldap reconnects, thx ruskie) -+ * fix memleak in request header parsing (#1774, thx qhy) - - - 1.4.19 - 2008-03-10 diff --git a/www/lighttpd/files/patch-src__mod_fastcgi.c b/www/lighttpd/files/patch-src__mod_fastcgi.c deleted file mode 100644 index 13d15b759430..000000000000 --- a/www/lighttpd/files/patch-src__mod_fastcgi.c +++ /dev/null @@ -1,18 +0,0 @@ -# -# http://trac.lighttpd.net/trac/changeset/2143 -# -Index: /branches/lighttpd-1.4.x/src/mod_fastcgi.c -=================================================================== ---- src/mod_fastcgi.c (revision 2119) -+++ src/mod_fastcgi.c (revision 2143) -@@ -2545,5 +2545,8 @@ - - if (HANDLER_ERROR != stat_cache_get_entry(srv, con, ds->value, &sce)) { -- data_string *dcls = data_string_init(); -+ data_string *dcls; -+ if (NULL == (dcls = (data_string *)array_get_unused_element(con->response.headers, TYPE_STRING))) { -+ dcls = data_response_init(); -+ } - /* found */ - http_chunk_append_file(srv, con, ds->value, 0, sce->st.st_size); - diff --git a/www/lighttpd/files/patch-src__network_freebsd_sendfile.c b/www/lighttpd/files/patch-src__network_freebsd_sendfile.c deleted file mode 100644 index cfa1f1083818..000000000000 --- a/www/lighttpd/files/patch-src__network_freebsd_sendfile.c +++ /dev/null @@ -1,47 +0,0 @@ -# -# Respect EAGAIN and retry sendfile() instead close connection. -# Remove empty lines and add two more cases to switch(errno) -# ---- src/network_freebsd_sendfile.c.orig 2007-09-22 19:55:26.000000000 -0300 -+++ src/network_freebsd_sendfile.c 2007-09-22 19:43:28.000000000 -0300 -@@ -151,23 +151,23 @@ - if (-1 == c->file.fd) { - if (-1 == (c->file.fd = open(c->file.name->ptr, O_RDONLY))) { - log_error_write(srv, __FILE__, __LINE__, "ss", "open failed: ", strerror(errno)); -- - return -1; - } -- - #ifdef FD_CLOEXEC - fcntl(c->file.fd, F_SETFD, FD_CLOEXEC); - #endif - } - -- r = 0; -- -+eagain: - /* FreeBSD sendfile() */ -+ r = 0; - if (-1 == sendfile(c->file.fd, fd, offset, toSend, NULL, &r, 0)) { - switch(errno) { - case EAGAIN: -+ case EINTR: - break; - case ENOTCONN: -+ case ENOTSOCK: - return -2; - default: - log_error_write(srv, __FILE__, __LINE__, "ssd", "sendfile: ", strerror(errno), errno); -@@ -190,12 +190,10 @@ - if (offset >= sce->st.st_size) { - /* file shrinked, close the connection */ - errno = oerrno; -- - return -1; - } - - errno = oerrno; -- return -2; - } - - c->offset += r; |