pool/thttpd
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- added thttpd-c99.patch

Browse Source 
* keep using the deprecated function sigset
  * patch borrowed from fedora rpm
- Use %patch -P N instead of deprecated %patchN.
- Added hardening to systemd service(s) (bsc#1181400). Modified:
  * thttpd.service
- Allow regular users to execute makeweb (bsc#1171580)
  * Set permissions to 2751
- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to
  shortcut through the -mini flavors.
- Update to 2.29 (bsc#1112629)
  Allow CGI to handle HTTP methods besides GET/HEAD/POST.
  Improvements to the FreeBSD startup script. (Craig Leres)
  Minor portability tweak in mmc.c.
  Fix to buffer overrun bug in htpasswd. Reported by Alessio Santoru as CVE-2017-17663.
- update thttpd-2.25b-overflow.diff
- Trim filler wording from description.
- Require group www (bsc#1057985)
- update to 2.27
  Stats syslogs changed from LOG_INFO to LOG_NOTICE.
  Use memmove() for self-overlapping string copies instead of strcpy().
  Couple of subroutine name changes for consistency.
- drop thttpd-2.25b-strcpy.patch (upstream)
- enforce single process build, as parallel does fail sometimes
- added Conflicts: apache2-example-pages
  * both packages provide /srv/www/htdocs/index.html
- build with pie and full relro
- package cleanup (bnc#899218)
  * removed SUSE branding
  * added logrotate support
  * changed note about default codepage
- added Conflicts: apache2-utils
  * both packages provide /usr/bin/htpasswd
  * see comments in https://build.opensuse.org/request/show/310178
- use /usr/sbin path in service to fix start (bnc#906696)
- drop thttpd-2.25b.tar.bz2 (old tarball)
- update to 2.26 (bnc#894285)
  Ignore ECONNABORTED on accept().
  Correctly implemented the config-file option change from "nosymlink"
  to "nosymlinkcheck", which was supposedly done in version 2.24.
  Removed mailto: link from default index page.
  Allow CGIs to provide both Location and Status headers.
  Better logic for figuring out CGI SERVER_NAME environment variable.
  Updated for clang, and general cleanup.
- dropped thttpd-2.25b-getline.patch (upstream)
- added thttpd-crypt_is_in_crypt.h.patch
- Use systemd instead of sysvinit in openSUSE > 12.2
- fix CVE-2013-0348 (bnc#853381)
  * don't create a world readable logfile
- DO not add sample index.html that will conflict with apache 
- added checks for crypt() return value (CVE-2012-5640) (bnc#783165)
  * thttpd-2.25b-CVE-2012-5640-check_crypt_return_value.patch
- use different versions of automake (SLE)
- use %set_permissions instead of %run_permissions (bnc#764110)
- fix build with automake 1.12 
- drop thttpd-2.25b-x86_64_machine_not_recognized.patch but copy
  config.guess from automake to fix ppc64 as well 
- fixed build and added -fpie for makeweb
- add libtool as buildrequire to avoid implicit dependency
- rename getline to my_getline to avoid collision with function
  from glibc 
- add new branding (bnc#492693) 
- fixed another syntax error in config file
- fix syntax error in config file
- use %config(noreplace) for /etc/thttpd.conf
- added Short-Description tag into init script 
- added config file (/etc/thttpd.conf)
- Adding check for zero length
  - from Marcus Meissner
  - zerolen.patch
- Replacing strcpy with memmove when they overlap
  - strcpy.patch
- Both from #230776
- Fix building as non-root.
- fix buffer overflows in htpasswd (#156978) 
- converted neededforbuild to BuildRequires
- fix tmp race in syslogtocern (#131056) 
- use %config(noreplace) for index.html 
- compile dynamic binaries instead of static
- compile htpasswd with -pie
- do not conflict with other webservers (bug #71742)
- update to version 2.25b
- Fix use of aclocal.
- update to 2.24, includes a fix for a buffer overflow [bug #32734]
- fixed virtual hosting security hole [bug #32757]
- fixed permissions according to permissions.secure,
  added macros %run_permissions and %verify_permissions
- added macros %stop_on_removal and %restart_on_update [bug #29022]
- remove unpackaged files from buildroot 
- fixed permissions of the init scipt [bug #25084]
- substitute correct servroot during built
- use /srv/www rather then /usr/local/httpd [bug #20802]
- adapt server root 
- Change group from wwwadmin to www
- do not source rc.config anymore
- update to version 2.23beta1
- update to version 2.20c
- added thttpd-2.20c-sec.patch
- removed START_THTTPD from README.SuSE
- removed START_THTTPD 
- fix version on template webpage
- fix /etc/init.d in thttpd-SuSE.tar.bz2 files
- split patches on configure, dirs, time_h and newautoconf 
- fix for new autoconf 
- changed initscript according to skeleton
- compiled with RPM_OPT_FLAGS
- fixed to compile
- generatig of default page moved to %install (it was in %post and
- caused [#4566]
- default cgibin pattern changed [#4564]
- rcthttpd link added
- new version: 2.20b
- moved init-script 
- fix ugly bug in startup scripts
- new version: 2.20
- fix bug in startup script
- new version: 2.19
- buildroot fixed
- buildroot added
- update to 2.16 
- moved man pages to %{_mandir}
- new version: 2.15
- bug #1268 rc.config variable set to no 
- new version: 2.11
- new conflicts (roxen, apache, aolserv), provides (http_daemon)
- new homepage
- Fix stack overflow
- ran old prepare_spec on spec file to switch to new prepare_spec.
- fixed call of Check at the end of %install section
- new package: thttpd (a _small_ webserver)
  absolutely no configuration needed - and yet save (chroot)!

OBS-URL: https://build.opensuse.org/package/show/server:http/thttpd?expand=0&rev=51
This commit is contained in:
Adam Majer 2024-12-05 17:25:02 +00:00 committed by Git OBS Bridge
commit 0e01d6d1eb
24 changed files with 1376 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.osc

52
thttpd-2.25b-CVE-2012-5640-check_crypt_return_value.patch Normal file
View File

@ -0,0 +1,52 @@
Index: thttpd-2.25b/libhttpd.c
===================================================================
--- thttpd-2.25b.orig/libhttpd.c 2013-03-04 18:01:55.209721739 +0100
+++ thttpd-2.25b/libhttpd.c 2013-03-04 18:01:55.244722735 +0100
@@ -1024,6 +1024,7 @@ auth_check2( httpd_conn* hc, char* dirna
static size_t maxprevuser = 0;
static char* prevcryp;
static size_t maxprevcryp = 0;
+ char *crypt_result;
/* Construct auth filename. */
httpd_realloc_str(
@@ -1072,7 +1073,10 @@ auth_check2( httpd_conn* hc, char* dirna
strcmp( authinfo, prevuser ) == 0 )
{
/* Yes. Check against the cached encrypted password. */
- if ( strcmp( crypt( authpass, prevcryp ), prevcryp ) == 0 )
+ crypt_result = crypt( authpass, prevcryp );
+ if ( ! crypt_result )
+ return -1;
+ if ( strcmp( crypt_result, prevcryp ) == 0 )
{
/* Ok! */
httpd_realloc_str(
@@ -1121,7 +1125,10 @@ auth_check2( httpd_conn* hc, char* dirna
/* Yes. */
(void) fclose( fp );
/* So is the password right? */
- if ( strcmp( crypt( authpass, cryp ), cryp ) == 0 )
+ crypt_result = crypt( authpass, cryp );
+ if ( ! crypt_result )
+ return -1;
+ if ( strcmp( crypt_result, cryp ) == 0 )
{
/* Ok! */
httpd_realloc_str(
Index: thttpd-2.25b/extras/htpasswd.c
===================================================================
--- thttpd-2.25b.orig/extras/htpasswd.c 2013-03-04 18:01:55.226722223 +0100
+++ thttpd-2.25b/extras/htpasswd.c 2013-03-04 18:02:15.755306445 +0100
@@ -133,7 +133,10 @@ add_password( char* user, FILE* f )
(void) srandom( (int) time( (time_t*) 0 ) );
to64( &salt[0], random(), 2 );
cpw = crypt( pw, salt );
- (void) fprintf( f, "%s:%s\n", user, cpw );
+ if (cpw)
+ (void) fprintf( f, "%s:%s\n", user, cpw );
+ else
+ (void) fprintf( stderr, "crypt() returned NULL, sorry\n" );
}
static void usage(void) {

27
thttpd-2.25b-chown.diff Normal file
View File

@ -0,0 +1,27 @@
--- Makefile.in
+++ Makefile.in
@@ -111,11 +111,11 @@
installthis:
-mkdir -p $(DESTDIR)$(BINDIR)
- $(INSTALL) -m 555 -o bin -g bin thttpd $(DESTDIR)$(SBINDIR)
+ $(INSTALL) -m 555 thttpd $(DESTDIR)$(SBINDIR)
install-man:
-mkdir -p $(DESTDIR)$(MANDIR)/man8
- $(INSTALL) -m 444 -o bin -g bin thttpd.8 $(DESTDIR)$(MANDIR)/man8
+ $(INSTALL) -m 444 thttpd.8 $(DESTDIR)$(MANDIR)/man8
installsubdirs:
for i in $(SUBDIRS) ; do ( \
--- extras/Makefile.in
+++ extras/Makefile.in
@@ -69,7 +69,7 @@
install: all
rm -f $(SBINDIR)/makeweb $(SBINDIR)/htpasswd $(SBINDIR)/syslogtocern
cp makeweb $(BINDIR)/makeweb
- chgrp $(WEBGROUP) $(BINDIR)/makeweb
+ -chgrp $(WEBGROUP) $(BINDIR)/makeweb
chmod 2755 $(BINDIR)/makeweb
cp htpasswd $(BINDIR)/htpasswd
cp syslogtocern $(SBINDIR)/syslogtocern

106
thttpd-2.25b-configure.patch Normal file
View File

@ -0,0 +1,106 @@
Index: config.h
===================================================================
--- config.h.orig 2014-09-03 09:38:25.650677391 +0200
+++ config.h 2014-09-03 09:38:50.657956674 +0200
@@ -57,17 +57,7 @@
** as a security measure that's how you do it, just don't define any
** pattern here and don't run with the -c flag.
*/
-#ifdef notdef
-/* Some sample patterns. Allow programs only in one central directory: */
-#define CGI_PATTERN "/cgi-bin/*"
-/* Allow programs in a central directory, or anywhere in a trusted
-** user's tree: */
-#define CGI_PATTERN "/cgi-bin/*|/jef/**"
-/* Allow any program ending with a .cgi: */
-#define CGI_PATTERN "**.cgi"
-/* When virtual hosting, enable the central directory on every host: */
-#define CGI_PATTERN "/*/cgi-bin/*"
-#endif
+#define CGI_PATTERN "/cgi-bin/*|**.cgi"
/* CONFIGURE: How many seconds to allow CGI programs to run before killing
** them. This is in case someone writes a CGI program that goes into an
@@ -75,7 +65,7 @@
** or whatever. If you don't want any limit, comment this out, but that's
** probably a really bad idea.
*/
-#define CGI_TIMELIMIT 30
+#define CGI_TIMELIMIT 60
/* CONFIGURE: Maximum number of simultaneous CGI programs allowed.
** If this many are already running, then attempts to run more will
@@ -123,8 +113,8 @@
** You can also leave both options undefined, and thttpd will not do
** anything special about tildes. Enabling both options is an error.
*/
-#ifdef notdef
#define TILDE_MAP_1 "users"
+#ifdef notdef
#define TILDE_MAP_2 "public_html"
#endif
@@ -185,9 +175,7 @@
** measure, to prevent inadvertant exposure by accidentally running without -r.
** You can still disable it at runtime with the -nor flag.
*/
-#ifdef notdef
#define ALWAYS_CHROOT
-#endif
/* CONFIGURE: Define this if you want to always do virtual hosting, without
** having to give the -v command line flag. You can still disable it at
@@ -237,7 +225,7 @@
** initializing. If this user (or the one specified by the -u flag) does
** not exist, the program will refuse to run.
*/
-#define DEFAULT_USER "nobody"
+#define DEFAULT_USER "wwwrun"
/* CONFIGURE: When started as root, the program can automatically chdir()
** to the home directory of the user specified by -u or DEFAULT_USER.
@@ -276,7 +264,7 @@
/* CONFIGURE: $PATH to use for CGI programs.
*/
-#define CGI_PATH "/usr/local/bin:/usr/ucb:/bin:/usr/bin"
+#define CGI_PATH "/bin:/usr/bin"
/* CONFIGURE: If defined, $LD_LIBRARY_PATH to use for CGI programs.
*/
@@ -327,7 +315,7 @@
/* CONFIGURE: A list of index filenames to check. The files are searched
** for in this order.
*/
-#define INDEX_NAMES "index.html", "index.htm", "index.xhtml", "index.xht", "Default.htm", "index.cgi"
+#define INDEX_NAMES "index.html", "index.htm", "index.xhtml", "index.xht", "index.cgi"
/* CONFIGURE: If this is defined then thttpd will automatically generate
** index pages for directories that don't have an explicit index file.
Index: configure.in
===================================================================
--- configure.in.orig 2014-09-03 09:38:25.651677402 +0200
+++ configure.in 2014-09-03 09:38:50.657956674 +0200
@@ -6,8 +6,10 @@ AC_CANONICAL_SYSTEM
AC_PROG_CC
-V_CCOPT="-O"
-if test "$GCC" = yes ; then
+if test "x$V_CCOPT" = "x"; then
+ V_CCOPT="-O"
+
+ if test "$GCC" = yes ; then
AC_MSG_CHECKING(gcc version)
AC_CACHE_VAL(ac_cv_lbl_gcc_vers,
ac_cv_lbl_gcc_vers=`$CC -dumpversion 2>&1 | \
@@ -16,7 +18,8 @@ if test "$GCC" = yes ; then
if test "$ac_cv_lbl_gcc_vers" -gt 1 ; then
V_CCOPT="-O2"
fi
-fi
+ fi
+fi
if test -f .devel ; then
V_CCOPT="-g $V_CCOPT -ansi -pedantic -U__STRICT_ANSI__ -Wall -Wpointer-arith -Wshadow -Wcast-qual -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wredundant-decls -Wno-long-long"
fi

68
thttpd-2.25b-dirs.patch Normal file
View File

@ -0,0 +1,68 @@
--- Makefile.in
+++ Makefile.in
@@ -30,11 +30,12 @@
prefix = @prefix@
exec_prefix = @exec_prefix@
# Pathname of directory to install the binary.
-BINDIR = @sbindir@
+BINDIR = @bindir@
+SBINDIR = @sbindir@
# Pathname of directory to install the man page.
MANDIR = @mandir@
# Pathname of directory to install the CGI programs.
-WEBDIR = $(prefix)/www
+WEBDIR = /srv/www/htdocs
# CONFIGURE: The group that the web directory belongs to. This is so that
# the makeweb program can be installed set-group-id to that group, and make
@@ -110,7 +111,7 @@
installthis:
-mkdir -p $(DESTDIR)$(BINDIR)
- $(INSTALL) -m 555 -o bin -g bin thttpd $(DESTDIR)$(BINDIR)
+ $(INSTALL) -m 555 -o bin -g bin thttpd $(DESTDIR)$(SBINDIR)
install-man:
-mkdir -p $(DESTDIR)$(MANDIR)/man8
@@ -121,9 +122,11 @@
cd $$i ; \
pwd ; \
$(MAKE) $(MFLAGS) \
- WEBDIR=$(WEBDIR) \
- CGIBINDIR=$(CGIBINDIR) \
- MANDIR=$(MANDIR) \
+ BINDIR=$(DESTDIR)$(BINDIR) \
+ SBINDIR=$(DESTDIR)$(SBINDIR) \
+ WEBDIR=$(DESTDIR)$(WEBDIR) \
+ CGIBINDIR=$(DESTDIR)$(CGIBINDIR) \
+ MANDIR=$(DESTDIR)$(MANDIR) \
WEBGROUP=$(WEBGROUP) \
install \
) ; done
--- extras/Makefile.in
+++ extras/Makefile.in
@@ -26,7 +26,8 @@
prefix = @prefix@
exec_prefix = @exec_prefix@
-BINDIR = @sbindir@
+BINDIR = @bindir@
+SBINDIR = @sbindir@
WEBDIR = $(prefix)/www
CGIBINDIR = $(WEBDIR)/cgi-bin
MANDIR = @mandir@
@@ -66,12 +67,12 @@
install: all
- rm -f $(BINDIR)/makeweb $(BINDIR)/htpasswd $(BINDIR)/syslogtocern
+ rm -f $(SBINDIR)/makeweb $(SBINDIR)/htpasswd $(SBINDIR)/syslogtocern
cp makeweb $(BINDIR)/makeweb
chgrp $(WEBGROUP) $(BINDIR)/makeweb
chmod 2755 $(BINDIR)/makeweb
cp htpasswd $(BINDIR)/htpasswd
- cp syslogtocern $(BINDIR)/syslogtocern
+ cp syslogtocern $(SBINDIR)/syslogtocern
rm -f $(MANDIR)/man1/makeweb.1
cp makeweb.1 $(MANDIR)/man1/makeweb.1
rm -f $(MANDIR)/man1/htpasswd.1

11
thttpd-2.25b-newautoconf.patch Normal file
View File

@ -0,0 +1,11 @@
--- aclocal.m4
+++ aclocal.m4
@@ -26,7 +26,7 @@
AC_TRY_LINK(dnl
ifelse([$2], [main], , dnl Avoid conflicting decl of main.
[/* Override any gcc2 internal prototype to avoid an error. */
-]ifelse(AC_LANG, CPLUSPLUS, [#ifdef __cplusplus
+]ifelse([AC_LANG], CPLUSPLUS, [#ifdef __cplusplus
extern "C"
#endif
])dnl

24
thttpd-2.25b-overflow.diff Normal file
View File

@ -0,0 +1,24 @@
Index: extras/htpasswd.c
===================================================================
--- extras/htpasswd.c.orig 2018-10-22 10:48:47.811465609 +0200
+++ extras/htpasswd.c 2018-10-22 10:52:45.008744706 +0200
@@ -193,7 +193,8 @@ int main(int argc, char *argv[]) {
putline(tfp,line);
continue;
}
- strcpy(l,line);
+ strncpy(l,line,MAX_STRING_LEN);
+ l[MAX_STRING_LEN-1]='\0';
getword(w,l,':');
if(strcmp(user,w)) {
putline(tfp,line);
@@ -211,7 +212,8 @@ int main(int argc, char *argv[]) {
}
fclose(f);
fclose(tfp);
- sprintf(command,"cp %s %s",temp_template,argv[1]);
+ snprintf(command,MAX_STRING_LEN,"cp %s %s",temp_template,argv[1]);
+ command[MAX_STRING_LEN-1]='\0';
system(command);
unlink(temp_template);
exit(0);

25
thttpd-2.25b-pie.patch Normal file
View File

@ -0,0 +1,25 @@
Index: extras/Makefile.in
===================================================================
--- extras/Makefile.in.orig 2012-01-31 14:03:08.735817916 +0100
+++ extras/Makefile.in 2012-01-31 14:05:10.222510744 +0100
@@ -54,16 +54,16 @@
all: makeweb htpasswd
makeweb: makeweb.o
- $(CC) $(LDFLAGS) makeweb.o -o makeweb $(LIBS) $(NETLIBS)
+ $(CC) $(LDFLAGS) -pie makeweb.o -o makeweb $(LIBS) $(NETLIBS)
makeweb.o: makeweb.c ../config.h
- $(CC) $(CFLAGS) -DWEBDIR=\"$(WEBDIR)\" -c makeweb.c
+ $(CC) $(CFLAGS) $(F_PIE) -DWEBDIR=\"$(WEBDIR)\" -c makeweb.c
htpasswd: htpasswd.o
- $(CC) $(LDFLAGS) $(STATICFLAG) htpasswd.o -o htpasswd $(LIBS)
+ $(CC) $(LDFLAGS) $(STATICFLAG) -pie htpasswd.o -o htpasswd $(LIBS)
htpasswd.o: htpasswd.c ../config.h
- $(CC) $(CFLAGS) -DWEBDIR=\"$(WEBDIR)\" -c htpasswd.c
+ $(CC) $(CFLAGS) $(F_PIE) -DWEBDIR=\"$(WEBDIR)\" -c htpasswd.c
install: all

16
thttpd-2.25b-sec.patch Normal file
View File

@ -0,0 +1,16 @@
--- libhttpd.c
+++ libhttpd.c
@@ -1044,10 +1044,12 @@
}
/* Decode it. */
+ memset(authinfo, 0, sizeof(authinfo));
l = b64_decode(
&(hc->authorization[6]), (unsigned char*) authinfo,
sizeof(authinfo) - 1 );
- authinfo[l] = '\0';
+ authinfo[sizeof(authinfo)-1] = '\0';
+
/* Split into user and password. */
authpass = strchr( authinfo, ':' );
if ( authpass == (char*) 0 )

39
thttpd-2.25b-static.patch Normal file
View File

@ -0,0 +1,39 @@
Index: configure.in
===================================================================
--- configure.in.orig 2014-09-03 09:46:46.273266534 +0200
+++ configure.in 2014-09-03 09:46:46.300266836 +0200
@@ -24,34 +24,6 @@ if test -f .devel ; then
V_CCOPT="-g $V_CCOPT -ansi -pedantic -U__STRICT_ANSI__ -Wall -Wpointer-arith -Wshadow -Wcast-qual -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wredundant-decls -Wno-long-long"
fi
-dnl
-dnl maybe this should be a loop
-dnl
-AC_MSG_CHECKING(how to link static binaries)
-AC_CACHE_VAL(ac_cv_lbl_static_flag,
- ac_cv_lbl_static_flag=unknown
- echo 'main() {}' > conftest.c
- if test "$GCC" != yes ; then
- trial_flag="-Bstatic"
- test=`$CC $trial_flag -o conftest conftest.c 2>&1`
- if test -z "$test" ; then
- ac_cv_lbl_static_flag="$trial_flag"
- fi
- rm -f conftest
- fi
- if test "$ac_cv_lbl_static_flag" = unknown ; then
- trial_flag="-static"
- test=`$CC $trial_flag -o conftest conftest.c 2>&1`
- if test -z "$test" ; then
- ac_cv_lbl_static_flag="$trial_flag"
- fi
- rm -f conftest
- fi
- rm conftest.c)
-AC_MSG_RESULT($ac_cv_lbl_static_flag)
-if test "$ac_cv_lbl_static_flag" != unknown ; then
- V_STATICFLAG="$ac_cv_lbl_static_flag"
-fi
AC_MSG_CHECKING(for __progname)
AC_CACHE_VAL(ac_cv_extern__progname,

18
thttpd-2.25b-syslogtocern.diff Normal file
View File

@ -0,0 +1,18 @@
--- extras/syslogtocern
+++ extras/syslogtocern
@@ -31,8 +31,8 @@
exit 1
fi
-tmp1=/tmp/stc1.$$
-rm -f $tmp1
+tmp1=`mktemp -t stc1.XXXXXX` || { echo "$0: Cannot create temporary file" >&2; exit 1; }
+trap " [ -f \"$tmp1\" ] && /bin/rm -f -- \"$tmp1\"" 0 1 2 3 13 15
# Gather up all the thttpd entries.
egrep -h ' thttpd\[' "$@" > $tmp1
@@ -65,4 +65,3 @@
sed -e "s,\([A-Z][a-z][a-z] [0-9 ][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9]\) [^ ]* thttpd\[[0-9]*\]: \(.*\),[\1 ${year}] \2," > error_log
# Done.
-rm -f $tmp1

11
thttpd-2.25b-time_h.patch Normal file
View File

@ -0,0 +1,11 @@
--- libhttpd.h
+++ libhttpd.h
@@ -28,6 +28,8 @@
#ifndef _LIBHTTPD_H_
#define _LIBHTTPD_H_
+#include <time.h>
+
#include <sys/types.h>
#include <sys/time.h>
#include <sys/param.h>

20
thttpd-2.25b-zerolen.patch Normal file
View File

@ -0,0 +1,20 @@
--- libhttpd.c
+++ libhttpd.c
@@ -1471,7 +1471,7 @@
httpd_realloc_str( &checked, &maxchecked, checkedlen );
(void) strcpy( checked, path );
/* Trim trailing slashes. */
- while ( checked[checkedlen - 1] == '/' )
+ while ( checkedlen && checked[checkedlen - 1] == '/' )
{
checked[checkedlen - 1] = '\0';
--checkedlen;
@@ -1490,7 +1490,7 @@
restlen = strlen( path );
httpd_realloc_str( &rest, &maxrest, restlen );
(void) strcpy( rest, path );
- if ( rest[restlen - 1] == '/' )
+ if ( restlen && rest[restlen - 1] == '/' )
rest[--restlen] = '\0'; /* trim trailing slash */
if ( ! tildemapped )
/* Remove any leading slashes. */

3
thttpd-2.29.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:99c09f47da326b1e7b5295c45549d2b65534dce27c44812cf7eef1441681a397
size 133967

56
thttpd-CVE-2013-0348.patch Normal file
View File

@ -0,0 +1,56 @@
From d2e186dbd58d274a0dea9b59357edc8498b5388d Mon Sep 17 00:00:00 2001
From: "Anthony G. Basile" <blueness@gentoo.org>
Date: Tue, 26 Feb 2013 14:28:26 -0500
Subject: [PATCH] src/thttpd.c: Fix world readable log, CVE-2013-0348.
Make sure that the logfile is created or reopened as read/write
by thttpd user only.
X-gentoo-Bug: 458896
X-gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=458896
Reported-by: Agostino Sarubbo <ago@gentoo.org>
Signed-off-by: Anthony G. Basile <basile@opensource.dyc.edu>
---
src/thttpd.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
Index: thttpd-2.25b/thttpd.c
===================================================================
--- thttpd-2.25b.orig/thttpd.c 2013-12-03 15:38:31.719334530 +0100
+++ thttpd-2.25b/thttpd.c 2013-12-03 15:38:31.754334893 +0100
@@ -331,6 +331,7 @@ static void
re_open_logfile( void )
{
FILE* logfp;
+ int retchmod;
if ( no_log || hs == (httpd_server*) 0 )
return;
@@ -340,7 +341,8 @@ re_open_logfile( void )
{
syslog( LOG_NOTICE, "re-opening logfile" );
logfp = fopen( logfile, "a" );
- if ( logfp == (FILE*) 0 )
+ retchmod = chmod( logfile, S_IRUSR|S_IWUSR );
+ if ( logfp == (FILE*) 0 || retchmod != 0 )
{
syslog( LOG_CRIT, "re-opening %.80s - %m", logfile );
return;
@@ -360,6 +362,7 @@ main( int argc, char** argv )
gid_t gid = 32767;
char cwd[MAXPATHLEN+1];
FILE* logfp;
+ int retchmod;
int num_ready;
int cnum;
connecttab* c;
@@ -429,7 +432,8 @@ main( int argc, char** argv )
else
{
logfp = fopen( logfile, "a" );
- if ( logfp == (FILE*) 0 )
+ retchmod = chmod( logfile, S_IRUSR|S_IWUSR );
+ if ( logfp == (FILE*) 0 || retchmod != 0 )
{
syslog( LOG_CRIT, "%.80s - %m", logfile );
perror( logfile );

34
thttpd-c99.patch Normal file
View File

@ -0,0 +1,34 @@
diff --git a/libhttpd.c b/libhttpd.c
index 6a985f8601d0ccfc..7c3ae74d0cda56d1 100644
--- a/libhttpd.c
+++ b/libhttpd.c
@@ -47,7 +47,12 @@
#include <memory.h>
#endif /* HAVE_MEMORY_H */
#include <pwd.h>
+
#include <signal.h>
+/* Not available with glibc default feature test macros. Kludge to
+ avoid extensive changes. */
+extern __typeof (signal) sigset;
+
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
diff --git a/thttpd.c b/thttpd.c
index bfb57bacd955cd1b..25ad5d4cd47dc094 100644
--- a/thttpd.c
+++ b/thttpd.c
@@ -44,7 +44,12 @@
#ifdef HAVE_GRP_H
#include <grp.h>
#endif
+
#include <signal.h>
+/* Not available with glibc default feature test macros. Kludge to
+ avoid extensive changes. */
+extern __typeof (signal) sigset;
+
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

24
thttpd-crypt_is_in_crypt.h.patch Normal file
View File

@ -0,0 +1,24 @@
Index: thttpd-2.26/extras/htpasswd.c
===================================================================
--- thttpd-2.26.orig/extras/htpasswd.c 2014-09-03 09:54:25.155386527 +0200
+++ thttpd-2.26/extras/htpasswd.c 2014-09-03 10:32:19.736082368 +0200
@@ -15,6 +15,7 @@
#include <stdlib.h>
#include <time.h>
#include <unistd.h>
+#include <crypt.h>
#define LF 10
#define CR 13
Index: thttpd-2.26/libhttpd.c
===================================================================
--- thttpd-2.26.orig/libhttpd.c 2014-09-03 09:54:25.155386527 +0200
+++ thttpd-2.26/libhttpd.c 2014-09-03 10:33:13.913694495 +0200
@@ -53,6 +53,7 @@
#include <string.h>
#include <syslog.h>
#include <unistd.h>
+#include <crypt.h>
#include <stdarg.h>
#ifdef HAVE_OSRELDATE_H

86
thttpd-initd.script Normal file
View File

@ -0,0 +1,86 @@
#! /bin/sh
# Copyright (c) 1996-1999 SuSE Gmbh Nuernberg, Germany. All rights reserved.
#
# /etc/init.d/thttpd
#
### BEGIN INIT INFO
# Provides: thttpd
# Required-Start: $network $remote_fs $syslog
# Required-Stop: $network $remote_fs $syslog
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
# Short-Description: thttpd
# Description: Starts the http daemon thttpd
### END INIT INFO
THTTPD_BIN=/usr/sbin/thttpd
test -x $THTTPD_BIN || exit 5
. /etc/rc.status
rc_reset
# Return values acc. to LSB for all commands but status:
# 0 - success
# 1 - generic or unspecified error
# 2 - invalid or excess argument(s)
# 3 - unimplemented feature (e.g. "reload")
# 4 - insufficient privilege
# 5 - program is not installed
# 6 - program is not configured
# 7 - program is not running
#
# Note that starting an already running service, stopping
# or restarting a not-running service as well as the restart
# with force-reload (in case signalling is not supported) are
# considered a success.
case "$1" in
start)
echo -n "Starting service thttpd"
startproc $THTTPD_BIN -C /etc/thttpd.conf
rc_status -v
;;
stop)
echo -n "Shutting down service thttpd"
killproc -TERM $THTTPD_BIN
rc_status -v
;;
try-restart)
## Stop the service and if this succeeds (i.e. the
## service was running before), start it again.
$0 status >/dev/null && $0 restart
# Remember status and be quiet
rc_status
;;
force-reload)
## Stop the service and if this succeeds (i.e. the
## service was running before), start it again.
$0 stop && sleep 1 && $0 start
# Remember status and be quiet
rc_status
;;
restart)
$0 stop
sleep 1
$0 start
rc_status
;;
reload)
rc_failed 3
rc_status -v
;;
status)
echo -n "Checking for service thttpd: "
checkproc $THTTPD_BIN
rc_status -v
;;
probe)
#
;;
*)
echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"
exit 1
esac
rc_exit

451
thttpd.changes Normal file
View File

@ -0,0 +1,451 @@
-------------------------------------------------------------------
Tue Dec 3 20:19:55 UTC 2024 - Giacomo Comes <gcomes.obs@gmail.com>
- added thttpd-c99.patch
* keep using the deprecated function sigset
* patch borrowed from fedora rpm
-------------------------------------------------------------------
Mon Feb 26 14:42:02 UTC 2024 - pgajdos@suse.com
- Use %patch -P N instead of deprecated %patchN.
-------------------------------------------------------------------
Wed Nov 24 15:13:25 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Added hardening to systemd service(s) (bsc#1181400). Modified:
* thttpd.service
-------------------------------------------------------------------
Thu May 14 08:42:14 UTC 2020 - Vítězslav Čížek <vcizek@suse.com>
- Allow regular users to execute makeweb (bsc#1171580)
* Set permissions to 2751
-------------------------------------------------------------------
Mon Feb 3 16:40:08 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to
shortcut through the -mini flavors.
-------------------------------------------------------------------
Mon Oct 22 08:44:39 UTC 2018 - Vítězslav Čížek <vcizek@suse.com>
- Update to 2.29 (bsc#1112629)
Allow CGI to handle HTTP methods besides GET/HEAD/POST.
Improvements to the FreeBSD startup script. (Craig Leres)
Minor portability tweak in mmc.c.
Fix to buffer overrun bug in htpasswd. Reported by Alessio Santoru as CVE-2017-17663.
- update thttpd-2.25b-overflow.diff
-------------------------------------------------------------------
Wed Oct 18 08:30:54 UTC 2017 - jengelh@inai.de
- Trim filler wording from description.
-------------------------------------------------------------------
Mon Sep 11 09:36:59 UTC 2017 - vcizek@suse.com
- Require group www (bsc#1057985)
-------------------------------------------------------------------
Mon Jun 26 11:58:22 UTC 2017 - vcizek@suse.com
- update to 2.27
Stats syslogs changed from LOG_INFO to LOG_NOTICE.
Use memmove() for self-overlapping string copies instead of strcpy().
Couple of subroutine name changes for consistency.
- drop thttpd-2.25b-strcpy.patch (upstream)
- enforce single process build, as parallel does fail sometimes
-------------------------------------------------------------------
Thu Sep 17 14:10:46 UTC 2015 - vcizek@suse.com
- added Conflicts: apache2-example-pages
* both packages provide /srv/www/htdocs/index.html
-------------------------------------------------------------------
Sun Jul 5 09:43:36 UTC 2015 - vcizek@suse.com
- build with pie and full relro
-------------------------------------------------------------------
Thu Jun 18 15:07:51 UTC 2015 - thehejik@suse.com
- package cleanup (bnc#899218)
* removed SUSE branding
* added logrotate support
* changed note about default codepage
-------------------------------------------------------------------
Thu Jun 4 15:09:12 UTC 2015 - vcizek@suse.com
- added Conflicts: apache2-utils
* both packages provide /usr/bin/htpasswd
* see comments in https://build.opensuse.org/request/show/310178
-------------------------------------------------------------------
Sun Nov 23 04:50:32 UTC 2014 - bwiedemann@suse.com
- use /usr/sbin path in service to fix start (bnc#906696)
-------------------------------------------------------------------
Mon Sep 22 13:34:52 UTC 2014 - vcizek@suse.com
- drop thttpd-2.25b.tar.bz2 (old tarball)
-------------------------------------------------------------------
Wed Sep 3 07:42:53 UTC 2014 - vcizek@suse.com
- update to 2.26 (bnc#894285)
Ignore ECONNABORTED on accept().
Correctly implemented the config-file option change from "nosymlink"
to "nosymlinkcheck", which was supposedly done in version 2.24.
Removed mailto: link from default index page.
Allow CGIs to provide both Location and Status headers.
Better logic for figuring out CGI SERVER_NAME environment variable.
Updated for clang, and general cleanup.
- dropped thttpd-2.25b-getline.patch (upstream)
- added thttpd-crypt_is_in_crypt.h.patch
-------------------------------------------------------------------
Fri Jul 18 16:40:22 UTC 2014 - p.drouand@gmail.com
- Use systemd instead of sysvinit in openSUSE > 12.2
-------------------------------------------------------------------
Tue Dec 3 14:31:18 UTC 2013 - vcizek@suse.com
- fix CVE-2013-0348 (bnc#853381)
* don't create a world readable logfile
-------------------------------------------------------------------
Thu Jun 27 21:03:49 UTC 2013 - crrodriguez@opensuse.org
- DO not add sample index.html that will conflict with apache
-------------------------------------------------------------------
Mon Mar 4 16:04:08 UTC 2013 - vcizek@suse.com
- added checks for crypt() return value (CVE-2012-5640) (bnc#783165)
* thttpd-2.25b-CVE-2012-5640-check_crypt_return_value.patch
-------------------------------------------------------------------
Wed Oct 24 21:20:29 UTC 2012 - suse@ammler.ch
- use different versions of automake (SLE)
-------------------------------------------------------------------
Fri Jun 8 14:29:40 UTC 2012 - vcizek@suse.com
- use %set_permissions instead of %run_permissions (bnc#764110)
-------------------------------------------------------------------
Tue May 29 14:06:26 UTC 2012 - puzel@suse.com
- fix build with automake 1.12
-------------------------------------------------------------------
Thu Mar 22 09:33:49 UTC 2012 - dvaleev@suse.com
- drop thttpd-2.25b-x86_64_machine_not_recognized.patch but copy
config.guess from automake to fix ppc64 as well
-------------------------------------------------------------------
Tue Jan 31 13:07:43 UTC 2012 - vcizek@suse.com
- fixed build and added -fpie for makeweb
-------------------------------------------------------------------
Wed Nov 23 09:32:34 UTC 2011 - coolo@suse.com
- add libtool as buildrequire to avoid implicit dependency
-------------------------------------------------------------------
Mon Jun 8 00:41:37 CEST 2009 - ro@suse.de
- rename getline to my_getline to avoid collision with function
from glibc
-------------------------------------------------------------------
Tue May 26 15:18:48 CEST 2009 - anicka@suse.cz
- add new branding (bnc#492693)
-------------------------------------------------------------------
Mon Jun 11 11:10:28 CEST 2007 - pcerny@suse.cz
- fixed another syntax error in config file
-------------------------------------------------------------------
Fri Jun 8 19:21:06 CEST 2007 - dmueller@suse.de
- fix syntax error in config file
-------------------------------------------------------------------
Wed Jun 6 13:16:46 CEST 2007 - pcerny@suse.cz
- use %config(noreplace) for /etc/thttpd.conf
-------------------------------------------------------------------
Tue Jun 5 21:53:06 CEST 2007 - pcerny@suse.cz
- added Short-Description tag into init script
-------------------------------------------------------------------
Fri Jun 1 19:34:10 CEST 2007 - pcerny@suse.cz
- added config file (/etc/thttpd.conf)
-------------------------------------------------------------------
Fri Feb 16 17:36:35 CET 2007 - mvaner@suse.cz
- Adding check for zero length
- from Marcus Meissner
- zerolen.patch
- Replacing strcpy with memmove when they overlap
- strcpy.patch
- Both from #230776
-------------------------------------------------------------------
Wed Feb 14 15:04:06 CET 2007 - schwab@suse.de
- Fix building as non-root.
-------------------------------------------------------------------
Fri Mar 10 17:14:09 CET 2006 - anicka@suse.cz
- fix buffer overflows in htpasswd (#156978)
-------------------------------------------------------------------
Wed Jan 25 21:42:09 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Mon Nov 21 15:57:27 CET 2005 - anicka@suse.cz
- fix tmp race in syslogtocern (#131056)
-------------------------------------------------------------------
Wed Oct 12 19:11:17 CEST 2005 - anicka@suse.cz
- use %config(noreplace) for index.html
-------------------------------------------------------------------
Wed Jun 22 15:54:10 CEST 2005 - anicka@suse.cz
- compile dynamic binaries instead of static
- compile htpasswd with -pie
-------------------------------------------------------------------
Wed Mar 9 18:26:33 CET 2005 - mcihar@suse.cz
- do not conflict with other webservers (bug #71742)
-------------------------------------------------------------------
Tue Feb 17 17:46:41 CET 2004 - tcrhak@suse.cz
- update to version 2.25b
-------------------------------------------------------------------
Tue Jan 13 18:07:52 CET 2004 - schwab@suse.de
- Fix use of aclocal.
-------------------------------------------------------------------
Wed Oct 29 16:59:58 CET 2003 - tcrhak@suse.cz
- update to 2.24, includes a fix for a buffer overflow [bug #32734]
- fixed virtual hosting security hole [bug #32757]
- fixed permissions according to permissions.secure,
added macros %run_permissions and %verify_permissions
-------------------------------------------------------------------
Mon Sep 01 20:40:30 CEST 2003 - tcrhak@suse.cz
- added macros %stop_on_removal and %restart_on_update [bug #29022]
-------------------------------------------------------------------
Thu Jun 5 15:57:54 CEST 2003 - ro@suse.de
- remove unpackaged files from buildroot
-------------------------------------------------------------------
Tue Mar 11 16:55:30 CET 2003 - tcrhak@suse.cz
- fixed permissions of the init scipt [bug #25084]
-------------------------------------------------------------------
Tue Oct 15 15:08:21 CEST 2002 - tcrhak@suse.cz
- substitute correct servroot during built
-------------------------------------------------------------------
Mon Oct 14 19:52:11 CEST 2002 - tcrhak@suse.cz
- use /srv/www rather then /usr/local/httpd [bug #20802]
-------------------------------------------------------------------
Fri Aug 2 01:23:09 CEST 2002 - ro@suse.de
- adapt server root
-------------------------------------------------------------------
Sat Jul 27 19:01:40 CEST 2002 - kukuk@suse.de
- Change group from wwwadmin to www
-------------------------------------------------------------------
Sat Jul 27 18:54:13 CEST 2002 - adrian@suse.de
- do not source rc.config anymore
-------------------------------------------------------------------
Tue Jul 02 15:15:28 CEST 2002 - tcrhak@suse.cz
- update to version 2.23beta1
-------------------------------------------------------------------
Tue Jan 15 13:14:02 CET 2002 - tcrhak@suse.cz
- update to version 2.20c
- added thttpd-2.20c-sec.patch
- removed START_THTTPD from README.SuSE
-------------------------------------------------------------------
Tue Jan 15 00:28:27 CET 2002 - ro@suse.de
- removed START_THTTPD
-------------------------------------------------------------------
Fri Sep 21 13:32:45 CEST 2001 - bjacke@suse.de
- fix version on template webpage
-------------------------------------------------------------------
Mon Sep 3 12:10:09 CEST 2001 - adostal@suse.cz
- fix /etc/init.d in thttpd-SuSE.tar.bz2 files
- split patches on configure, dirs, time_h and newautoconf
-------------------------------------------------------------------
Thu Jun 14 14:16:41 CEST 2001 - adostal@suse.cz
- fix for new autoconf
-------------------------------------------------------------------
Fri Apr 13 14:44:59 CEST 2001 - nadvornik@suse.cz
- changed initscript according to skeleton
-------------------------------------------------------------------
Thu Mar 8 14:13:39 CET 2001 - nadvornik@suse.cz
- compiled with RPM_OPT_FLAGS
-------------------------------------------------------------------
Thu Feb 15 09:12:17 CET 2001 - nadvornik@suse.cz
- fixed to compile
-------------------------------------------------------------------
Wed Dec 13 11:22:35 CET 2000 - smid@suse.cz
- generatig of default page moved to %install (it was in %post and
- caused [#4566]
-------------------------------------------------------------------
Tue Dec 12 12:00:29 CET 2000 - smid@suse.cz
- default cgibin pattern changed [#4564]
- rcthttpd link added
-------------------------------------------------------------------
Sun Dec 3 13:49:37 CET 2000 - smid@suse.cz
- new version: 2.20b
-------------------------------------------------------------------
Fri Dec 1 12:52:43 CET 2000 - ro@suse.de
- moved init-script
-------------------------------------------------------------------
Thu Nov 2 11:09:38 CET 2000 - smid@suse.cz
- fix ugly bug in startup scripts
-------------------------------------------------------------------
Thu Sep 28 15:08:03 CEST 2000 - smid@suse.cz
- new version: 2.20
-------------------------------------------------------------------
Wed Aug 30 10:37:06 CEST 2000 - smid@suse.cz
- fix bug in startup script
-------------------------------------------------------------------
Wed Jul 5 14:20:46 MEST 2000 - mha@suse.de
- new version: 2.19
-------------------------------------------------------------------
Tue May 23 09:03:05 CEST 2000 - smid@suse.cz
- buildroot fixed
-------------------------------------------------------------------
Wed May 3 12:35:48 CEST 2000 - smid@suse.cz
- buildroot added
-------------------------------------------------------------------
Tue Mar 21 11:34:04 CET 2000 - mha@suse.de
- update to 2.16
-------------------------------------------------------------------
Fri Mar 3 17:32:43 MET 2000 - uli@suse.de
- moved man pages to %{_mandir}
-------------------------------------------------------------------
Mon Feb 28 16:34:00 MET 2000 - mha@suse.de
- new version: 2.15
-------------------------------------------------------------------
Thu Feb 17 18:23:19 CET 2000 - dipa@suse.de
- bug #1268 rc.config variable set to no
-------------------------------------------------------------------
Wed Jan 12 13:40:40 MET 2000 - mha@suse.de
- new version: 2.11
- new conflicts (roxen, apache, aolserv), provides (http_daemon)
- new homepage
-------------------------------------------------------------------
Tue Nov 16 18:14:45 MET 1999 - kukuk@suse.de
- Fix stack overflow
-------------------------------------------------------------------
Mon Sep 13 17:23:57 CEST 1999 - bs@suse.de
- ran old prepare_spec on spec file to switch to new prepare_spec.
-------------------------------------------------------------------
Thu Sep 9 12:15:28 CEST 1999 - bs@suse.de
- fixed call of Check at the end of %install section
-------------------------------------------------------------------
Sun Jul 11 16:21:57 MEST 1999 - mha@suse.de
- new package: thttpd (a _small_ webserver)
absolutely no configuration needed - and yet save (chroot)!

70
thttpd.conf Normal file
View File

@ -0,0 +1,70 @@
# thttpd.conf -- configuration file for thttpd
#
# The strategy used is similar to e.g. OpenSSH:
# specify options with their default value where possible,
# but leave them commented. Uncommented options change
# a default value. Parenthesis state the command line option
# Port to listen on (-p)
#port=80
# www root directory (-d)
dir=/srv/www/htdocs
# The eternal question whether to chroot() or not to chroot()
# into "dir" above. If you don't want thttpd to chroot() change
# the next line to "nochroot" (-r|-nor)
#chroot
# data directory in the chroot dir
# as the default configuration just chroots into "dir"
# we leave this unset. Use it for running more complex webs with
# thttpd (note, that at some point something more robust
# (e.g. apache)might be a better choice). (-dd)
#data_dir=
# Instructs thttpd to check whether symlinked documents really
# belong to the document tree. Disable with "nosymlinkcheck",
# although this is not recommended (-s|-nos)
#symlinkcheck
# "El-cheapo" webhosting, enable with "vhost" (-v|-nov)
#novhost
# Use server-global .htpasswd file (see man page). Enable with
# "globalpasswd" (-g|-nog)
#noglobalpasswd
# User to switch to after initialization when started as root
# (-u)
#user=wwwrun
# CGI scripts pattern (-c)
#cgipat=/cgi-bin/*|**.cgi
# File of throttle settings (-t) - see manpage
#throttles=
# Hostname to bind to for multihoming (-h)
#host=your.hostname.here
# Log-file; empty = use syslog(), /dev/null = without log. (-l)
logfile=/var/log/thttpd.log
# File to write the process-id to (-i), can be used for signalling
# thttpd
pidfile=/var/run/thttpd.pid
# Character set to use with text MIME types.
# Defaults to UTF-8 (-t)
#charset=
# P3P server privacy header is returned with all responses
# (see manpage). Use p3p to enable it (-P|-noP)
##
# seconds to be used in a "Cache-Control: max-age" header and
# generates equivalent Expires meta tag
#max_age=
# -- end of thttpd.conf

10
thttpd.logrotate Normal file
View File

@ -0,0 +1,10 @@
/var/log/thttpd.log {
compress
dateext
maxage 365
rotate 99
size=+4096k
notifempty
missingok
copytruncate
}

23
thttpd.service Normal file
View File

@ -0,0 +1,23 @@
[Unit]
Description=Tiny HTTP Daemon
[Service]
# added automatically, for details please see
# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
ProtectSystem=full
ProtectHome=true
PrivateDevices=true
ProtectHostname=true
ProtectClock=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectKernelLogs=true
ProtectControlGroups=true
RestrictRealtime=true
# end of automatic additions
PIDFile=/run/thttpd.pid
ExecStart=/usr/sbin/thttpd -D -C /etc/thttpd.conf
Restart=always
[Install]
WantedBy=multi-user.target

178
thttpd.spec Normal file
View File

@ -0,0 +1,178 @@
#
# spec file for package thttpd
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define serverroot /srv/www
%if 0%{?suse_version} > 1220
%define with_systemd 1
%else
%define with_systemd 0
%endif
Name: thttpd
Version: 2.29
Release: 0
Summary: Small and simple webserver
License: BSD-3-Clause
Group: Productivity/Networking/Web/Servers
URL: http://www.acme.com/software/thttpd/
Source: http://www.acme.com/software/thttpd/%{name}-%{version}.tar.gz
Source1: %{name}-initd.script
Source2: %{name}.service
Source3: %{name}.logrotate
Source4: %{name}.conf
Patch0: %{name}-2.25b-configure.patch
Patch1: %{name}-2.25b-dirs.patch
Patch2: %{name}-2.25b-time_h.patch
Patch3: %{name}-2.25b-newautoconf.patch
Patch4: %{name}-2.25b-sec.patch
Patch5: %{name}-2.25b-static.patch
Patch6: %{name}-2.25b-pie.patch
Patch7: %{name}-2.25b-syslogtocern.diff
Patch8: %{name}-2.25b-overflow.diff
Patch9: %{name}-2.25b-chown.diff
Patch10: %{name}-2.25b-zerolen.patch
# PATCH-FIX-SUSE CVE-2012-5640
Patch13: thttpd-2.25b-CVE-2012-5640-check_crypt_return_value.patch
Patch14: thttpd-CVE-2013-0348.patch
Patch15: thttpd-crypt_is_in_crypt.h.patch
# PATCH-FIX-SUSE keep using deprecated function sigset
Patch16: thttpd-c99.patch
BuildRequires: automake
BuildRequires: libtool
Requires(post): permissions
Requires: group(www)
Recommends: logrotate
# both packages provide /srw/www/htdocs/index.html
Conflicts: apache2-example-pages
# both packages provide /usr/bin/htpasswd
Conflicts: apache2-utils
Provides: http_daemon
%if %{with_systemd}
BuildRequires: pkgconfig(systemd)
%{?systemd_ordering}
%else
Requires(post): %fillup_prereq
Requires(post): %insserv_prereq
%endif
%description
Thttpd is a compact httpd serving daemon that can handle
high loads. While lacking many of the advanced features of Roxen
or Apache, thttpd operates without forking and is efficient
in memory use. Basic support for CGI scripts, authentication, and SSI
is provided. Advanced features include the ability to throttle
traffic.
%prep
%setup -q
%patch -P 0
%patch -P 1
%patch -P 2
%patch -P 3
%patch -P 4
%patch -P 5
%patch -P 6
%patch -P 7
%patch -P 8
%patch -P 9
%patch -P 10
%patch -P 13 -p1
%patch -P 14 -p1
%patch -P 15 -p1
%patch -P 16 -p1
%build
cp %{_datadir}/automake-1.*/config.* .
mv aclocal.m4 acinclude.m4
libtoolize --force
aclocal --force
autoconf -f
export V_CCOPT="%{optflags} -fPIC -DPIC -fPIE"
export CFLAGS="%{optflags} -fPIC -DPIC -fPIE"
export LDFLAGS="-pie -Wl,-z,relro,-z,now"
%configure
# parallel build causes problems, single thread build takes only 10s anyway
make -j1
%install
install -d %{buildroot}%{_bindir} \
%{buildroot}%{_sbindir} \
%{buildroot}%{_mandir}/man1 \
%{buildroot}%{_mandir}/man8 \
%{buildroot}%{serverroot}/htdocs/users
%make_install
install -D -m0644 index.html %{buildroot}/%{serverroot}/htdocs/index.html
install -D -m0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/%{name}.conf
install -D -m0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
%if %{with_systemd}
install -D -m0644 %{SOURCE2} %{buildroot}%{_unitdir}/%{name}.service
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
%else
install -D -m0644 %{SOURCE1} %{buildroot}%{_initddir}/%{name}
ln -s %{buildroot}%{_initddir}/%{name} %{buildroot}%{_sbindir}/rc%{name}
%endif
%if %{with_systemd}
%pre
%service_add_pre %{name}.service
%endif
%post
%if %{with_systemd}
%service_add_post %{name}.service
%else
%{fillup_and_insserv thttpd}
%endif
%set_permissions %{_bindir}/makeweb
%verifyscript
%verify_permissions -e %{_bindir}/makeweb
%preun
%if %{with_systemd}
%service_del_preun %{name}.service
%else
%stop_on_removal thttpd
%endif
%postun
%if %{with_systemd}
%service_del_postun %{name}.service
%else
%restart_on_update thttpd
%insserv_cleanup
%endif
%files
%doc README config.h
%dir %{serverroot}
%dir %{serverroot}/htdocs
%{serverroot}/htdocs/*
%attr(775, root, www) %{serverroot}/htdocs/users
%verify(not mode) %attr(2751, root, www) %{_bindir}/makeweb
%{_bindir}/htpasswd
%{_sbindir}/*
%{_mandir}/*/*
%config %{_sysconfdir}/logrotate.d/%{name}
%if %{with_systemd}
%{_unitdir}/%{name}.service
%else
%config %{_initddir}/thttpd
%endif
%config(noreplace) %{_sysconfdir}/thttpd.conf
%changelog