aboutsummaryrefslogtreecommitdiffstats
path: root/www/lighttpd
diff options
context:
space:
mode:
authormnag <mnag@FreeBSD.org>2007-07-26 20:02:25 +0800
committermnag <mnag@FreeBSD.org>2007-07-26 20:02:25 +0800
commit49ab4c03cfcc145cca8ccba2069b1c5d39431fa4 (patch)
treeb3e297e271f8e65844e76dbccef35de1a8dda3d4 /www/lighttpd
parent3e9d7ec24c0bcccbcbf851a46b8ac2faf628c0de (diff)
downloadfreebsd-ports-gnome-49ab4c03cfcc145cca8ccba2069b1c5d39431fa4.tar.gz
freebsd-ports-gnome-49ab4c03cfcc145cca8ccba2069b1c5d39431fa4.tar.zst
freebsd-ports-gnome-49ab4c03cfcc145cca8ccba2069b1c5d39431fa4.zip
- Update to 1.4.16
PR: 114920 Submitted by: Gea-Suan Lin <gslin___gslin.org>
Diffstat (limited to 'www/lighttpd')
-rw-r--r--www/lighttpd/Makefile3
-rw-r--r--www/lighttpd/distinfo6
-rw-r--r--www/lighttpd/files/patch-security-fixes461
3 files changed, 4 insertions, 466 deletions
diff --git a/www/lighttpd/Makefile b/www/lighttpd/Makefile
index b96ca2588c2a..9355ae00ea9e 100644
--- a/www/lighttpd/Makefile
+++ b/www/lighttpd/Makefile
@@ -6,8 +6,7 @@
#
PORTNAME= lighttpd
-PORTVERSION= 1.4.15
-PORTREVISION= 1
+PORTVERSION= 1.4.16
CATEGORIES= www
MASTER_SITES= http://www.lighttpd.net/download/ \
http://mirrors.cat.pdx.edu/lighttpd/
diff --git a/www/lighttpd/distinfo b/www/lighttpd/distinfo
index 7bbac6324b71..1ed6c4809ce2 100644
--- a/www/lighttpd/distinfo
+++ b/www/lighttpd/distinfo
@@ -1,3 +1,3 @@
-MD5 (lighttpd-1.4.15.tar.gz) = d2ceaaf242b2b3593ff4d8222d543649
-SHA256 (lighttpd-1.4.15.tar.gz) = 7eecd4f9a3b19f4ef5e4d4b4b9635abb699ee6abfc08f029e5df1234670e1831
-SIZE (lighttpd-1.4.15.tar.gz) = 794327
+MD5 (lighttpd-1.4.16.tar.gz) = 04988067026e93ccb46e19fa8c17ae97
+SHA256 (lighttpd-1.4.16.tar.gz) = af71cd4e8c2a4ff5a1b325acc4c916164a4ee7d82a3955912b7eb0b37b5889cd
+SIZE (lighttpd-1.4.16.tar.gz) = 795818
diff --git a/www/lighttpd/files/patch-security-fixes b/www/lighttpd/files/patch-security-fixes
deleted file mode 100644
index d6b29d54806e..000000000000
--- a/www/lighttpd/files/patch-security-fixes
+++ /dev/null
@@ -1,461 +0,0 @@
-Index: src/request.c
-===================================================================
---- src/request.c (revision 1727)
-+++ src/request.c (revision 1869)
-@@ -284,6 +284,4 @@
-
- int done = 0;
--
-- data_string *ds = NULL;
-
- /*
-@@ -716,4 +714,6 @@
- case '\r':
- if (con->parse_request->ptr[i+1] == '\n') {
-+ data_string *ds = NULL;
-+
- /* End of Headerline */
- con->parse_request->ptr[i] = '\0';
-@@ -721,5 +721,15 @@
-
- if (in_folding) {
-- if (!ds) {
-+ buffer *key_b;
-+ /**
-+ * we use a evil hack to handle the line-folding
-+ *
-+ * As array_insert_unique() deletes 'ds' in the case of a duplicate
-+ * ds points somewhere and we get a evil crash. As a solution we keep the old
-+ * "key" and get the current value from the hash and append us
-+ *
-+ * */
-+
-+ if (!key || !key_len) {
- /* 400 */
-
-@@ -738,5 +748,13 @@
- return 0;
- }
-- buffer_append_string(ds->value, value);
-+
-+ key_b = buffer_init();
-+ buffer_copy_string_len(key_b, key, key_len);
-+
-+ if (NULL != (ds = (data_string *)array_get_element(con->request.headers, key_b->ptr))) {
-+ buffer_append_string(ds->value, value);
-+ }
-+
-+ buffer_free(key_b);
- } else {
- int s_len;
-@@ -970,5 +988,10 @@
- is_key = 1;
- value = 0;
-- key_len = 0;
-+#if 0
-+ /**
-+ * for Bug 1230 keep the key_len a live
-+ */
-+ key_len = 0;
-+#endif
- in_folding = 0;
- } else {
-Index: tests/core-request.t
-===================================================================
---- tests/core-request.t (revision 1374)
-+++ tests/core-request.t (revision 1869)
-@@ -9,5 +9,5 @@
- use strict;
- use IO::Socket;
--use Test::More tests => 33;
-+use Test::More tests => 36;
- use LightyTest;
-
-@@ -274,4 +274,36 @@
- ok($tf->handle_http($t) == 0, 'uppercase filenames');
-
-+$t->{REQUEST} = ( <<EOF
-+GET / HTTP/1.0
-+Location: foo
-+Location: foobar
-+ baz
-+EOF
-+ );
-+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
-+ok($tf->handle_http($t) == 0, '#1209 - duplicate headers with line-wrapping');
-+
-+$t->{REQUEST} = ( <<EOF
-+GET / HTTP/1.0
-+Location:
-+Location: foobar
-+ baz
-+EOF
-+ );
-+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
-+ok($tf->handle_http($t) == 0, '#1209 - duplicate headers with line-wrapping - test 2');
-+
-+$t->{REQUEST} = ( <<EOF
-+GET / HTTP/1.0
-+A:
-+Location: foobar
-+ baz
-+EOF
-+ );
-+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
-+ok($tf->handle_http($t) == 0, '#1209 - duplicate headers with line-wrapping - test 3');
-+
-+
-+
-
- ok($tf->stop_proc == 0, "Stopping lighttpd");
-
-Index: src/http_auth.c
-===================================================================
---- src/http_auth.c (revision 1721)
-+++ src/http_auth.c (revision 1875)
-@@ -831,5 +831,11 @@
- username = buffer_init();
-
-- base64_decode(username, realm_str);
-+ if (!base64_decode(username, realm_str)) {
-+ buffer_free(username);
-+
-+ log_error_write(srv, __FILE__, __LINE__, "sb", "decodeing base64-string failed", username);
-+
-+ return 0;
-+ }
-
- /* r2 == user:password */
-@@ -968,5 +974,5 @@
- /* skip whitespaces */
- while (*c == ' ' || *c == '\t') c++;
-- if (!c) break;
-+ if (!*c) break;
-
- for (i = 0; dkv[i].key; i++) {
-@@ -1017,4 +1023,19 @@
- log_error_write(srv, __FILE__, __LINE__, "s",
- "digest: missing field");
-+
-+ buffer_free(b);
-+ return -1;
-+ }
-+
-+ /**
-+ * protect the md5-sess against missing cnonce and nonce
-+ */
-+ if (algorithm &&
-+ 0 == strcasecmp(algorithm, "md5-sess") &&
-+ (!nonce || !cnonce)) {
-+ log_error_write(srv, __FILE__, __LINE__, "s",
-+ "digest: (md5-sess: missing field");
-+
-+ buffer_free(b);
- return -1;
- }
-Index: tests/mod-auth.t
-===================================================================
---- tests/mod-auth.t (revision 1374)
-+++ tests/mod-auth.t (revision 1875)
-@@ -9,5 +9,5 @@
- use strict;
- use IO::Socket;
--use Test::More tests => 10;
-+use Test::More tests => 13;
- use LightyTest;
-
-@@ -94,4 +94,41 @@
- ok($tf->handle_http($t) == 0, 'Digest-Auth: missing nc (noncecount instead), no crash');
-
-+$t->{REQUEST} = ( <<EOF
-+GET /server-status HTTP/1.0
-+Authorization: Basic =
-+EOF
-+ );
-+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ];
-+ok($tf->handle_http($t) == 0, 'Basic-Auth: Invalid Base64');
-+
-+
-+$t->{REQUEST} = ( <<EOF
-+GET /server-status HTTP/1.0
-+User-Agent: Wget/1.9.1
-+Authorization: Digest username="jan", realm="jan",
-+ nonce="b1d12348b4620437c43dd61c50ae4639", algorithm="md5-sess",
-+ uri="/MJ-BONG.xm.mpc", qop=auth, noncecount=00000001",
-+ cnonce="036FCA5B86F7E7C4965C7F9B8FE714B7",
-+ nc="asd",
-+ response="29B32C2953C763C6D033C8A49983B87E"
-+EOF
-+ );
-+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ];
-+ok($tf->handle_http($t) == 0, 'Digest-Auth: md5-sess + missing cnonce');
-+
-+$t->{REQUEST} = ( <<EOF
-+GET /server-status HTTP/1.0
-+User-Agent: Wget/1.9.1
-+Authorization: Digest username="jan", realm="jan",
-+ nonce="b1d12348b4620437c43dd61c50ae4639", algorithm="md5-sess",
-+ uri="/MJ-BONG.xm.mpc", qop=auth, noncecount=00000001",
-+ cnonce="036FCA5B86F7E7C4965C7F9B8FE714B7",
-+ nc="asd",
-+ response="29B32C2953C763C6D033C8A49983B87E"
-+EOF
-+ );
-+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ];
-+ok($tf->handle_http($t) == 0, 'Digest-Auth: trailing WS');
-+
-
-
-Index: NEWS
-===================================================================
---- NEWS (revision 1874)
-+++ NEWS (revision 1875)
-@@ -14,4 +14,10 @@
- * fixed crash on duplicate headers with trailing WS (#1232)
- * fixed accepting more connections then requested (#1216)
-+ * fixed mem-leak in mod_auth (reported by Stefan Esser)
-+ * fixed crash with md5-sess and cnonce not set in mod_auth (reported by Stefan Esser)
-+ * fixed missing check for base64 encoded string in mod_auth and Basic auth
-+ (reported by Stefan Esser)
-+ * fixed possible crash in Auth-Digest header parser on trailing WS in
-+ mod_auth (reported by Stefan Esser)
-
- - 1.4.15 - 2007-04-13
-
-Index: src/connections.c
-===================================================================
---- src/connections.c (revision 1852)
-+++ src/connections.c (revision 1873)
-@@ -1253,4 +1253,14 @@
- /* accept it and register the fd */
-
-+ /**
-+ * check if we can still open a new connections
-+ *
-+ * see #1216
-+ */
-+
-+ if (srv->conns->used >= srv->max_conns) {
-+ return NULL;
-+ }
-+
- cnt_len = sizeof(cnt_addr);
-
-@@ -1265,4 +1275,7 @@
- case ECONNABORTED: /* this is a FreeBSD thingy */
- /* we were stopped _after_ we had a connection */
-+ break;
-+ case EMFILE:
-+ /* out of fds */
- break;
- default:
-Index: src/server.c
-===================================================================
---- src/server.c (revision 1656)
-+++ src/server.c (revision 1873)
-@@ -774,4 +774,20 @@
- strerror(errno));
- return -1;
-+ }
-+
-+ /**
-+ * we are not root can can't increase the fd-limit, but we can reduce it
-+ */
-+ if (srv->srvconf.max_fds && srv->srvconf.max_fds < rlim.rlim_cur) {
-+ /* set rlimits */
-+
-+ rlim.rlim_cur = srv->srvconf.max_fds;
-+
-+ if (0 != setrlimit(RLIMIT_NOFILE, &rlim)) {
-+ log_error_write(srv, __FILE__, __LINE__,
-+ "ss", "couldn't set 'max filedescriptors'",
-+ strerror(errno));
-+ return -1;
-+ }
- }
-
-Index: NEWS
-===================================================================
---- NEWS (revision 1872)
-+++ NEWS (revision 1873)
-@@ -9,4 +9,5 @@
- * fixed circumventing url.access-deny by trailing slash (#1230)
- * fixed crash on duplicate headers with trailing WS (#1232)
-+ * fixed accepting more connections then requested (#1216)
-
- - 1.4.15 - 2007-04-13
-
-Index: src/mod_access.c
-===================================================================
---- src/mod_access.c (revision 1371)
-+++ src/mod_access.c (revision 1871)
-@@ -112,4 +112,13 @@
- #undef PATCH
-
-+/**
-+ * URI handler
-+ *
-+ * we will get called twice:
-+ * - after the clean up of the URL and
-+ * - after the pathinfo checks are done
-+ *
-+ * this handles the issue of trailing slashes
-+ */
- URIHANDLER_FUNC(mod_access_uri_handler) {
- plugin_data *p = p_d;
-@@ -123,10 +132,16 @@
- s_len = con->uri.path->used - 1;
-
-+ if (con->conf.log_request_handling) {
-+ log_error_write(srv, __FILE__, __LINE__, "s",
-+ "-- mod_access_uri_handler called");
-+ }
-+
- for (k = 0; k < p->conf.access_deny->used; k++) {
- data_string *ds = (data_string *)p->conf.access_deny->data[k];
- int ct_len = ds->value->used - 1;
-+ int denied = 0;
-+
-
- if (ct_len > s_len) continue;
--
- if (ds->value->used == 0) continue;
-
-@@ -135,14 +150,21 @@
- if (con->conf.force_lowercase_filenames) {
- if (0 == strncasecmp(con->uri.path->ptr + s_len - ct_len, ds->value->ptr, ct_len)) {
-- con->http_status = 403;
--
-- return HANDLER_FINISHED;
-+ denied = 1;
- }
- } else {
- if (0 == strncmp(con->uri.path->ptr + s_len - ct_len, ds->value->ptr, ct_len)) {
-- con->http_status = 403;
-+ denied = 1;
-+ }
-+ }
-
-- return HANDLER_FINISHED;
-+ if (denied) {
-+ con->http_status = 403;
-+
-+ if (con->conf.log_request_handling) {
-+ log_error_write(srv, __FILE__, __LINE__, "sb",
-+ "url denied as we match:", ds->value);
- }
-+
-+ return HANDLER_FINISHED;
- }
- }
-@@ -159,5 +181,6 @@
- p->init = mod_access_init;
- p->set_defaults = mod_access_set_defaults;
-- p->handle_uri_clean = mod_access_uri_handler;
-+ p->handle_uri_clean = mod_access_uri_handler;
-+ p->handle_subrequest_start = mod_access_uri_handler;
- p->cleanup = mod_access_free;
-
-Index: tests/mod-access.t
-===================================================================
---- tests/mod-access.t (revision 1374)
-+++ tests/mod-access.t (revision 1871)
-@@ -9,5 +9,5 @@
- use strict;
- use IO::Socket;
--use Test::More tests => 3;
-+use Test::More tests => 4;
- use LightyTest;
-
-@@ -24,4 +24,11 @@
- ok($tf->handle_http($t) == 0, 'forbid access to ...~');
-
-+$t->{REQUEST} = ( <<EOF
-+GET /index.html~/ HTTP/1.0
-+EOF
-+ );
-+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 403 } ];
-+ok($tf->handle_http($t) == 0, '#1230 - forbid access to ...~ - trailing slash');
-+
- ok($tf->stop_proc == 0, "Stopping lighttpd");
-
-Index: tests/prepare.sh
-===================================================================
---- tests/prepare.sh (revision 1374)
-+++ tests/prepare.sh (revision 1871)
-@@ -26,4 +26,5 @@
- cp $srcdir/docroot/www/*.html \
- $srcdir/docroot/www/*.php \
-+ $srcdir/docroot/www/*.html~ \
- $srcdir/docroot/www/*.pl \
- $srcdir/docroot/www/*.fcgi \
-Index: tests/docroot/www/Makefile.am
-===================================================================
---- tests/docroot/www/Makefile.am (revision 1374)
-+++ tests/docroot/www/Makefile.am (revision 1871)
-@@ -2,4 +2,4 @@
- redirect.php cgi-pathinfo.pl get-env.php get-server-env.php \
- nph-status.pl prefix.fcgi get-header.pl ssi.shtml get-post-len.pl \
-- exec-date.shtml
-+ exec-date.shtml index.html~
- SUBDIRS=go indexfile expire
-
-Index: src/mod_scgi.c
-===================================================================
---- src/mod_scgi.c (revision 1872)
-+++ src/mod_scgi.c (revision 1882)
-@@ -2287,5 +2287,5 @@
- */
-
-- log_error_write(srv, __FILE__, __LINE__, "ssdsd",
-+ log_error_write(srv, __FILE__, __LINE__, "ssosd",
- "[REPORT ME] connection was dropped after accept(). reconnect() denied:",
- "write-offset:", hctx->wb->bytes_out,
-@@ -2537,5 +2537,5 @@
- }
-
-- log_error_write(srv, __FILE__, __LINE__, "sdsdsd",
-+ log_error_write(srv, __FILE__, __LINE__, "sosdsd",
- "response not sent, request sent:", hctx->wb->bytes_out,
- "connection-fd:", con->fd,
-Index: src/mod_webdav.c
-===================================================================
---- src/mod_webdav.c (revision 1743)
-+++ src/mod_webdav.c (revision 1882)
-@@ -1036,5 +1036,5 @@
-
- if (XML_ERR_OK != (err = xmlParseChunk(ctxt, c->file.mmap.start + c->offset, weHave, 0))) {
-- log_error_write(srv, __FILE__, __LINE__, "sddd", "xmlParseChunk failed at:", cq->bytes_out, weHave, err);
-+ log_error_write(srv, __FILE__, __LINE__, "sodd", "xmlParseChunk failed at:", cq->bytes_out, weHave, err);
- }
-
-@@ -1054,5 +1054,5 @@
-
- if (XML_ERR_OK != (err = xmlParseChunk(ctxt, c->mem->ptr + c->offset, weHave, 0))) {
-- log_error_write(srv, __FILE__, __LINE__, "sddd", "xmlParseChunk failed at:", cq->bytes_out, weHave, err);
-+ log_error_write(srv, __FILE__, __LINE__, "sodd", "xmlParseChunk failed at:", cq->bytes_out, weHave, err);
- }
-
-Index: src/mod_fastcgi.c
-===================================================================
---- src/mod_fastcgi.c (revision 1879)
-+++ src/mod_fastcgi.c (revision 1882)
-@@ -2965,5 +2965,5 @@
- */
-
-- log_error_write(srv, __FILE__, __LINE__, "ssdsd",
-+ log_error_write(srv, __FILE__, __LINE__, "ssosd",
- "[REPORT ME] connection was dropped after accept(). reconnect() denied:",
- "write-offset:", hctx->wb->bytes_out,
-Index: NEWS
-===================================================================
---- NEWS (revision 1879)
-+++ NEWS (revision 1882)
-@@ -22,4 +22,6 @@
- * fixed check on stale errno values, which broke handling of broken fastcgi
- applications. (#1245)
-+ * fixed crash on 32bit archs when debug-msgs are printed in mod_scgi, mod_fastcgi
-+ and mod_webdav (#1263)
-
- - 1.4.15 - 2007-04-13
-
generated by cgit (git 2.34.1) at 2024-12-30 04:30:45 +0800