aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormnag <mnag@FreeBSD.org>2008-09-28 07:47:57 +0800
committermnag <mnag@FreeBSD.org>2008-09-28 07:47:57 +0800
commitbebd5244be1765cf04604534fd1d3f5c0d3f2c1b (patch)
tree8f058a324a006bb62a77d49673c2e1d2e5626fda
parent7b6dfd9ad9f892374db4eb1295636ce32194ca8b (diff)
downloadfreebsd-ports-gnome-bebd5244be1765cf04604534fd1d3f5c0d3f2c1b.tar.gz
freebsd-ports-gnome-bebd5244be1765cf04604534fd1d3f5c0d3f2c1b.tar.zst
freebsd-ports-gnome-bebd5244be1765cf04604534fd1d3f5c0d3f2c1b.zip
- Multiple security fixes.
- Bump PORTREVISION Notified by: miwi Security: http://www.vuxml.org/freebsd/fb911e31-8ceb-11dd-bb29-000c6e274733.html
-rw-r--r--www/lighttpd/Makefile2
-rw-r--r--www/lighttpd/files/patch-sa_2008_0591
-rw-r--r--www/lighttpd/files/patch-sa_2008_0649
-rw-r--r--www/lighttpd/files/patch-sa_2008_0753
4 files changed, 194 insertions, 1 deletions
diff --git a/www/lighttpd/Makefile b/www/lighttpd/Makefile
index affd957b697e..dcd085b7a286 100644
--- a/www/lighttpd/Makefile
+++ b/www/lighttpd/Makefile
@@ -7,7 +7,7 @@
PORTNAME= lighttpd
PORTVERSION= 1.4.19
-PORTREVISION= 2
+PORTREVISION= 3
CATEGORIES= www
MASTER_SITES= http://www.lighttpd.net/download/ \
http://mirrors.cat.pdx.edu/lighttpd/
diff --git a/www/lighttpd/files/patch-sa_2008_05 b/www/lighttpd/files/patch-sa_2008_05
new file mode 100644
index 000000000000..df64c197fa63
--- /dev/null
+++ b/www/lighttpd/files/patch-sa_2008_05
@@ -0,0 +1,91 @@
+#
+# http://www.lighttpd.net/security/lighttpd_sa_2008_05.txt
+#
+Index: src/mod_rewrite.c
+===================================================================
+--- src/mod_rewrite.c (revision 2148)
++++ src/mod_rewrite.c (revision 2278)
+@@ -351,5 +351,9 @@
+ if (!p->conf.rewrite) return HANDLER_GO_ON;
+
+- buffer_copy_string_buffer(p->match_buf, con->request.uri);
++ buffer_copy_string_buffer(p->match_buf, con->uri.path);
++ if (con->uri.query->used > 0) {
++ buffer_append_string_len(p->match_buf, CONST_STR_LEN("?"));
++ buffer_append_string_buffer(p->match_buf, con->uri.query);
++ }
+
+ for (i = 0; i < p->conf.rewrite->used; i++) {
+Index: src/response.c
+===================================================================
+--- src/response.c (revision 2250)
++++ src/response.c (revision 2278)
+@@ -233,25 +233,4 @@
+
+
+- /**
+- *
+- * call plugins
+- *
+- * - based on the raw URL
+- *
+- */
+-
+- switch(r = plugins_call_handle_uri_raw(srv, con)) {
+- case HANDLER_GO_ON:
+- break;
+- case HANDLER_FINISHED:
+- case HANDLER_COMEBACK:
+- case HANDLER_WAIT_FOR_EVENT:
+- case HANDLER_ERROR:
+- return r;
+- default:
+- log_error_write(srv, __FILE__, __LINE__, "sd", "handle_uri_raw: unknown return value", r);
+- break;
+- }
+-
+ /* build filename
+ *
+@@ -259,5 +238,4 @@
+ * - remove path-modifiers (e.g. /../)
+ */
+-
+
+
+@@ -275,4 +253,26 @@
+ log_error_write(srv, __FILE__, __LINE__, "s", "-- sanatising URI");
+ log_error_write(srv, __FILE__, __LINE__, "sb", "URI-path : ", con->uri.path);
++ }
++
++
++ /**
++ *
++ * call plugins
++ *
++ * - based on the raw URL
++ *
++ */
++
++ switch(r = plugins_call_handle_uri_raw(srv, con)) {
++ case HANDLER_GO_ON:
++ break;
++ case HANDLER_FINISHED:
++ case HANDLER_COMEBACK:
++ case HANDLER_WAIT_FOR_EVENT:
++ case HANDLER_ERROR:
++ return r;
++ default:
++ log_error_write(srv, __FILE__, __LINE__, "sd", "handle_uri_raw: unknown return value", r);
++ break;
+ }
+
+Index: NEWS
+===================================================================
+--- NEWS (revision 2277)
++++ NEWS (revision 2278)
+@@ -50,4 +50,5 @@
+ * fixed dropping last character of evhost pattern (#161)
+ * print helpful error message on conditionals in global block (#1550)
++ * decode url before matching in mod_rewrite (#1720)
+
+ - 1.4.19 - 2008-03-10
diff --git a/www/lighttpd/files/patch-sa_2008_06 b/www/lighttpd/files/patch-sa_2008_06
new file mode 100644
index 000000000000..e6cfa897b4d3
--- /dev/null
+++ b/www/lighttpd/files/patch-sa_2008_06
@@ -0,0 +1,49 @@
+#
+# http://www.lighttpd.net/security/lighttpd_sa_2008_06.txt
+#
+Index: src/mod_userdir.c
+===================================================================
+--- src/mod_userdir.c (revision 2120)
++++ src/mod_userdir.c (revision 2283)
+@@ -263,4 +263,7 @@
+ }
+ }
++ if (con->conf.force_lowercase_filenames) {
++ buffer_to_lower(p->username);
++ }
+
+ buffer_copy_string_buffer(p->temp_path, p->conf.basepath);
+@@ -285,6 +288,22 @@
+ }
+
++ /* the physical rel_path is basically the same as uri.path;
++ * but it is converted to lowercase in case of force_lowercase_filenames and some special handling
++ * for trailing '.', ' ' and '/' on windows
++ * we assume that no docroot/physical handler changed this
++ * (docroot should only set the docroot/server name, phyiscal should only change the phyiscal.path;
++ * the exception mod_secure_download doesn't work with userdir anyway)
++ */
+ BUFFER_APPEND_SLASH(p->temp_path);
+- buffer_append_string(p->temp_path, rel_url + 1); /* skip the / */
++ /* if no second '/' is found, we assume that it was stripped from the uri.path for the special handling
++ * on windows.
++ * we do not care about the trailing slash here on windows, as we already ensured it is a directory
++ *
++ * TODO: what to do with trailing dots in usernames on windows? they may result in the same directory
++ * as a username without them.
++ */
++ if (NULL != (rel_url = strchr(con->physical.rel_path->ptr + 2, '/'))) {
++ buffer_append_string(p->temp_path, rel_url + 1); /* skip the / */
++ }
+ buffer_copy_string_buffer(con->physical.path, p->temp_path);
+
+Index: NEWS
+===================================================================
+--- NEWS (revision 2281)
++++ NEWS (revision 2283)
+@@ -53,4 +53,5 @@
+ * fixed conditional patching of ldap filter (#1564)
+ * Match headers case insensitive in response (removing of X-{Sendfile,LIGHTTPD-*}, catching Date/Server)
++ * fixed bug with case-insensitive filenames in mod_userdir (#1589), spotted by "anders1"
+
+ - 1.4.19 - 2008-03-10
diff --git a/www/lighttpd/files/patch-sa_2008_07 b/www/lighttpd/files/patch-sa_2008_07
new file mode 100644
index 000000000000..1af4865f5497
--- /dev/null
+++ b/www/lighttpd/files/patch-sa_2008_07
@@ -0,0 +1,53 @@
+#
+# http://www.lighttpd.net/security/lighttpd_sa_2008_07.txt
+#
+Index: src/request.c
+===================================================================
+--- src/request.c (revision 1947)
++++ src/request.c (revision 2305)
+@@ -826,4 +826,5 @@
+ con->request.request);
+ }
++ array_insert_unique(con->request.headers, (data_unset *)ds);
+ return 0;
+ }
+@@ -875,4 +876,5 @@
+ con->request.request);
+ }
++ array_insert_unique(con->request.headers, (data_unset *)ds);
+ return 0;
+ }
+@@ -912,4 +914,5 @@
+ con->request.request);
+ }
++ array_insert_unique(con->request.headers, (data_unset *)ds);
+ return 0;
+ }
+@@ -937,4 +940,5 @@
+ con->request.request);
+ }
++ array_insert_unique(con->request.headers, (data_unset *)ds);
+ return 0;
+ }
+@@ -954,4 +958,5 @@
+ con->request.request);
+ }
++ array_insert_unique(con->request.headers, (data_unset *)ds);
+ return 0;
+ }
+@@ -977,4 +982,5 @@
+ con->request.request);
+ }
++ array_insert_unique(con->request.headers, (data_unset *)ds);
+ return 0;
+ }
+Index: NEWS
+===================================================================
+--- NEWS (revision 2304)
++++ NEWS (revision 2305)
+@@ -63,4 +63,5 @@
+ * workaround ldap connection leak if a ldap connection failed (restarting ldap)
+ * fix auth.backend.ldap.bind-dn/pw problems (only read from global context for temporary ldap reconnects, thx ruskie)
++ * fix memleak in request header parsing (#1774, thx qhy)
+
+ - 1.4.19 - 2008-03-10