diff options
16 files changed, 165 insertions, 37 deletions
diff --git a/network/thttpd/patches/additional-input-validation-httpd.c.diff b/network/thttpd/patches/2.25b/additional-input-validation-httpd.c.diff index 04f59eac8e..04f59eac8e 100644 --- a/network/thttpd/patches/additional-input-validation-httpd.c.diff +++ b/network/thttpd/patches/2.25b/additional-input-validation-httpd.c.diff diff --git a/network/thttpd/patches/fix-buffer-overflow.diff b/network/thttpd/patches/2.25b/fix-buffer-overflow.diff index cacd732148..cacd732148 100644 --- a/network/thttpd/patches/fix-buffer-overflow.diff +++ b/network/thttpd/patches/2.25b/fix-buffer-overflow.diff diff --git a/network/thttpd/patches/fix-insecure-tmp-creation-CVE-2005-3124.diff b/network/thttpd/patches/2.25b/fix-insecure-tmp-creation-CVE-2005-3124.diff index c41ec46b97..c41ec46b97 100644 --- a/network/thttpd/patches/fix-insecure-tmp-creation-CVE-2005-3124.diff +++ b/network/thttpd/patches/2.25b/fix-insecure-tmp-creation-CVE-2005-3124.diff diff --git a/network/thttpd/patches/thttpd-2.25b-fix-illegal-path-info.patch b/network/thttpd/patches/2.25b/thttpd-2.25b-fix-illegal-path-info.patch index d1688f1446..d1688f1446 100644 --- a/network/thttpd/patches/thttpd-2.25b-fix-illegal-path-info.patch +++ b/network/thttpd/patches/2.25b/thttpd-2.25b-fix-illegal-path-info.patch diff --git a/network/thttpd/patches/thttpd-2.25b-monolithic-timer.patch b/network/thttpd/patches/2.25b/thttpd-2.25b-monolithic-timer.patch index 9ff38aec45..9ff38aec45 100644 --- a/network/thttpd/patches/thttpd-2.25b-monolithic-timer.patch +++ b/network/thttpd/patches/2.25b/thttpd-2.25b-monolithic-timer.patch diff --git a/network/thttpd/patches/thttpd-2.25b-respect-CFLAGS--dont-link-static.patch b/network/thttpd/patches/2.25b/thttpd-2.25b-respect-CFLAGS--dont-link-static.patch index ce915c706b..ce915c706b 100644 --- a/network/thttpd/patches/thttpd-2.25b-respect-CFLAGS--dont-link-static.patch +++ b/network/thttpd/patches/2.25b/thttpd-2.25b-respect-CFLAGS--dont-link-static.patch diff --git a/network/thttpd/patches/thttpd-2.25b-use-Status-header.patch b/network/thttpd/patches/2.25b/thttpd-2.25b-use-Status-header.patch index 6aaae5a5d9..6aaae5a5d9 100644 --- a/network/thttpd/patches/thttpd-2.25b-use-Status-header.patch +++ b/network/thttpd/patches/2.25b/thttpd-2.25b-use-Status-header.patch diff --git a/network/thttpd/patches/thttpd-2.25b-use-X-Forwarded-For-header.patch b/network/thttpd/patches/2.25b/thttpd-2.25b-use-X-Forwarded-For-header.patch index 0fec25ef7c..0fec25ef7c 100644 --- a/network/thttpd/patches/thttpd-2.25b-use-X-Forwarded-For-header.patch +++ b/network/thttpd/patches/2.25b/thttpd-2.25b-use-X-Forwarded-For-header.patch diff --git a/network/thttpd/patches/crypt.patch b/network/thttpd/patches/crypt.patch new file mode 100644 index 0000000000..982e6780fc --- /dev/null +++ b/network/thttpd/patches/crypt.patch @@ -0,0 +1,24 @@ +diff -Naur old/extras/htpasswd.c new/extras/htpasswd.c +--- old/extras/htpasswd.c 2014-10-19 10:28:39.782856897 -1000 ++++ new/extras/htpasswd.c 2014-10-19 10:29:12.842911168 -1000 +@@ -8,6 +8,8 @@ + ** if stdin is a pipe or file. This is necessary for use from CGI. + */ + ++#define _XOPEN_SOURCE ++ + #include <sys/types.h> + #include <stdio.h> + #include <string.h> +diff -Naur old/libhttpd.c new/libhttpd.c +--- old/libhttpd.c 2014-10-19 10:28:39.782856897 -1000 ++++ new/libhttpd.c 2014-10-19 10:29:01.679559501 -1000 +@@ -39,6 +39,8 @@ + #include <sys/param.h> + #include <sys/stat.h> + ++#define __USE_XOPEN ++ + #include <ctype.h> + #include <errno.h> + #include <fcntl.h> diff --git a/network/thttpd/patches/discreet.patch b/network/thttpd/patches/discreet.patch new file mode 100644 index 0000000000..14c84e0f00 --- /dev/null +++ b/network/thttpd/patches/discreet.patch @@ -0,0 +1,37 @@ +diff -Naur old/libhttpd.c new/libhttpd.c +--- old/libhttpd.c 2014-08-15 11:32:31.040595413 +0900 ++++ new/libhttpd.c 2014-08-15 11:34:57.690595931 +0900 +@@ -754,7 +754,7 @@ + <title>%d %s</title>\n\ + </head>\n\ + \n\ +- <body bgcolor=\"#cc9999\" text=\"#000000\" link=\"#2020ff\" vlink=\"#4040cc\">\n\ ++ <body>\n\ + \n\ + <h2>%d %s</h2>\n", + status, title, status, title ); +@@ -780,14 +780,9 @@ + char buf[1000]; + + (void) my_snprintf( buf, sizeof(buf), "\ +- <hr>\n\ +-\n\ +- <address><a href=\"%s\">%s</a></address>\n\ +-\n\ + </body>\n\ + \n\ +-</html>\n", +- SERVER_ADDRESS, EXPOSED_SERVER_SOFTWARE ); ++</html>\n" ); + add_response( hc, buf ); + } + +@@ -2798,7 +2793,7 @@ + <title>Index of %.80s</title>\n\ + </head>\n\ + \n\ +- <body bgcolor=\"#99cc99\" text=\"#000000\" link=\"#2020ff\" vlink=\"#4040cc\">\n\ ++ <body>\n\ + \n\ + <h2>Index of %.80s</h2>\n\ + \n\ diff --git a/network/thttpd/patches/fix-world-readable-log.patch b/network/thttpd/patches/fix-world-readable-log.patch new file mode 100644 index 0000000000..40b06203d2 --- /dev/null +++ b/network/thttpd/patches/fix-world-readable-log.patch @@ -0,0 +1,59 @@ +From d2e186dbd58d274a0dea9b59357edc8498b5388d Mon Sep 17 00:00:00 2001 +From: "Anthony G. Basile" <blueness@gentoo.org> +Date: Tue, 26 Feb 2013 14:28:26 -0500 +Subject: [PATCH] src/thttpd.c: Fix world readable log, CVE-2013-0348. + +Make sure that the logfile is created or reopened as read/write +by thttpd user only. + +X-gentoo-Bug: 458896 +X-gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=458896 +Reported-by: Agostino Sarubbo <ago@gentoo.org> +Signed-off-by: Anthony G. Basile <basile@opensource.dyc.edu> +--- + thttpd.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/thttpd.c b/thttpd.c +index 019b8c0..f33a7a7 100644 +--- a/thttpd.c ++++ b/thttpd.c +@@ -326,6 +326,7 @@ static void + re_open_logfile( void ) + { + FILE* logfp; ++ int retchmod; + + if ( no_log || hs == (httpd_server*) 0 ) + return; +@@ -335,7 +336,8 @@ re_open_logfile( void ) + { + syslog( LOG_NOTICE, "re-opening logfile" ); + logfp = fopen( logfile, "a" ); +- if ( logfp == (FILE*) 0 ) ++ retchmod = chmod( logfile, S_IRUSR|S_IWUSR ); ++ if ( logfp == (FILE*) 0 || retchmod != 0 ) + { + syslog( LOG_CRIT, "re-opening %.80s - %m", logfile ); + return; +@@ -355,6 +357,7 @@ main( int argc, char** argv ) + gid_t gid = 32767; + char cwd[MAXPATHLEN+1]; + FILE* logfp; ++ int retchmod; + int num_ready; + int cnum; + connecttab* c; +@@ -424,7 +427,8 @@ main( int argc, char** argv ) + else + { + logfp = fopen( logfile, "a" ); +- if ( logfp == (FILE*) 0 ) ++ retchmod = chmod( logfile, S_IRUSR|S_IWUSR ); ++ if ( logfp == (FILE*) 0 || retchmod != 0 ) + { + syslog( LOG_CRIT, "%.80s - %m", logfile ); + perror( logfile ); +-- +1.7.12.4 + diff --git a/network/thttpd/patches/forwarded-for.patch b/network/thttpd/patches/forwarded-for.patch new file mode 100644 index 0000000000..348eb00cf2 --- /dev/null +++ b/network/thttpd/patches/forwarded-for.patch @@ -0,0 +1,16 @@ +diff -Naur old/libhttpd.c new/libhttpd.c +--- old/libhttpd.c 2005-06-30 03:50:39.000000000 +1000 ++++ new/libhttpd.c 2012-10-24 12:12:17.144560917 +1100 +@@ -2207,6 +2207,12 @@ + if ( strcasecmp( cp, "keep-alive" ) == 0 ) + hc->keep_alive = 1; + } ++ else if ( strncasecmp( buf, "X-Forwarded-For:", 16 ) == 0 ) ++ { ++ cp = &buf[16]; ++ cp += strspn( cp, " \t" ); ++ inet_aton( cp, &(hc->client_addr.sa_in.sin_addr) ); ++ } + #ifdef LOG_UNKNOWN_HEADERS + else if ( strncasecmp( buf, "Accept-Charset:", 15 ) == 0 || + strncasecmp( buf, "Accept-Language:", 16 ) == 0 || diff --git a/network/thttpd/patches/thttpd-2.25b-glibc-2.10.patch b/network/thttpd/patches/thttpd-2.25b-glibc-2.10.patch deleted file mode 100644 index c97227827e..0000000000 --- a/network/thttpd/patches/thttpd-2.25b-glibc-2.10.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff -ur thttpd-2.25b.orig/extras/htpasswd.c thttpd-2.25b/extras/htpasswd.c ---- thttpd-2.25b.orig/extras/htpasswd.c 2001-12-19 02:08:08.000000000 +0200 -+++ thttpd-2.25b/extras/htpasswd.c 2009-08-09 16:40:06.000000000 +0300 -@@ -49,7 +49,7 @@ - while((line[y++] = line[x++])); - } - --static int getline(char *s, int n, FILE *f) { -+static int get_line(char *s, int n, FILE *f) { - register int i=0; - - while(1) { -@@ -189,7 +189,7 @@ - strcpy(user,argv[2]); - - found = 0; -- while(!(getline(line,MAX_STRING_LEN,f))) { -+ while(!(get_line(line,MAX_STRING_LEN,f))) { - if(found || (line[0] == '#') || (!line[0])) { - putline(tfp,line); - continue; diff --git a/network/thttpd/thttpd.SlackBuild b/network/thttpd/thttpd.SlackBuild index 9dacbc418b..b12a904b10 100644 --- a/network/thttpd/thttpd.SlackBuild +++ b/network/thttpd/thttpd.SlackBuild @@ -24,7 +24,7 @@ # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. PRGNAM=thttpd -VERSION=${VERSION:-2.25b} +VERSION=${VERSION:-2.26} BUILD=${BUILD:-1} TAG=${TAG:-_SBo} @@ -83,13 +83,13 @@ tar xvf $CWD/$PRGNAM-$VERSION.tar.gz cd $PRGNAM-$VERSION chown -R root:root . find -L . \ - \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 -o -perm 511 \) \ - -exec chmod 755 {} \; -o \ - \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ - -exec chmod 644 {} \; + \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \ + -o -perm 511 \) -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \ + -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \; -# Apply some patches, from gentoo: -for i in $CWD/patches/*.diff $CWD/patches/*.patch +# Apply some patches, from arch/gentoo: +for i in $CWD/patches/*.patch do echo echo "Appling patch $i ..." @@ -97,6 +97,15 @@ do done echo +# Fix CFLAGS detection +sed -i \ + -e 's/^CFLAGS =/CFLAGS +=/' \ + -e '/^STATICFLAG =/c STATICFLAG =' \ + Makefile* extras/Makefile* cgi-src/Makefile* + +# Fix --build value detection in ./configure +libtoolize --force --copy --install + CFLAGS="$SLKCFLAGS" \ CXXFLAGS="$SLKCFLAGS" \ ./configure \ @@ -118,19 +127,23 @@ sed -i \ # Change the group to 'thttpd', rather than 'www' sed -i '/WEBGROUP =/ s/www/'$PRGNAM'/' Makefile* extras/Makefile* cgi-src/Makefile* -## Use this line ONLY if you are going to build thttpd as a normal user. -##sed -i '/WEBGROUP =/ s/www/'$(/bin/id -ng)'/' Makefile* extras/Makefile* cgi-src/Makefile* +### Use the next line ONLY if you are going to build thttpd as a normal user. +### sed -i '/WEBGROUP =/ s/'$PRGNAM'/'$(/bin/id -ng)'/' Makefile* extras/Makefile* cgi-src/Makefile* # Disable the use of bin as owner user and group. sed -i 's/-o bin -g bin//' Makefile* extras/Makefile* cgi-src/Makefile* # Create required directories -mkdir -p $PKG/etc/rc.d $PKG/usr/man/man1 $PKG/etc/logrotate.d $PKG/var/log/$PRGNAM +mkdir -p $PKG/etc/rc.d $PKG/usr/man/man1 $PKG/etc/logrotate.d \ + $PKG/var/log/$PRGNAM $PKG/var/run/$PRGNAM +chown $PRGNAM:$PRGNAM $PKG/var/log/$PRGNAM $PKG/var/run/$PRGNAM +CFLAGS="$SLKCFLAGS" \ +CXXFLAGS="$SLKCFLAGS" \ make make install DESTDIR=$PKG -find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF \ +find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \ | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true # Install default html file. diff --git a/network/thttpd/thttpd.conf b/network/thttpd/thttpd.conf index 22b9a9bb27..50d1c00b0f 100644 --- a/network/thttpd/thttpd.conf +++ b/network/thttpd/thttpd.conf @@ -5,5 +5,5 @@ host=localhost port=80 user=thttpd dir=/var/www/thttpd -logfile=/var/log/thttpd.log -pidfile=/var/run/thttpd.pid +logfile=/var/log/thttpd/thttpd.log +pidfile=/var/run/thttpd/thttpd.pid diff --git a/network/thttpd/thttpd.info b/network/thttpd/thttpd.info index 2950f32a0e..415059ef22 100644 --- a/network/thttpd/thttpd.info +++ b/network/thttpd/thttpd.info @@ -1,8 +1,8 @@ PRGNAM="thttpd" -VERSION="2.25b" +VERSION="2.26" HOMEPAGE="http://acme.com/software/thttpd/" -DOWNLOAD="http://acme.com/software/thttpd/thttpd-2.25b.tar.gz" -MD5SUM="156b249b3b0bcd48b06badd2db0d56c5" +DOWNLOAD="http://acme.com/software/thttpd/thttpd-2.26.tar.gz" +MD5SUM="7b9235cad40faf7dd08ad923529c61b2" DOWNLOAD_x86_64="" MD5SUM_x86_64="" REQUIRES="" |