From 5d98a43e7ea05c6ddf4c2fb290dfd54e08620fe4fa059df56a0468cc6b974894 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= Date: Tue, 9 Sep 2014 14:51:18 +0000 Subject: [PATCH 1/2] Accepting request 247376 from home:vitezslav_cizek:branches:server:http - update to 2.26 (bnc#894285) Ignore ECONNABORTED on accept(). Correctly implemented the config-file option change from "nosymlink" to "nosymlinkcheck", which was supposedly done in version 2.24. Removed mailto: link from default index page. Allow CGIs to provide both Location and Status headers. Better logic for figuring out CGI SERVER_NAME environment variable. Updated for clang, and general cleanup. - dropped thttpd-2.25b-getline.patch (upstream) - added thttpd-crypt_is_in_crypt.h.patch OBS-URL: https://build.opensuse.org/request/show/247376 OBS-URL: https://build.opensuse.org/package/show/server:http/thttpd?expand=0&rev=24 --- thttpd-2.25b-configure.patch | 24 ++++--- thttpd-2.25b-getline.patch | 20 ------ thttpd-2.25b-overflow.diff | 14 ++-- thttpd-2.25b-static.patch | 10 +-- thttpd-2.26.tar.gz | 3 + thttpd-crypt_is_in_crypt.h.patch | 24 +++++++ thttpd.changes | 14 ++++ thttpd.spec | 112 ++++++++++++++++--------------- 8 files changed, 126 insertions(+), 95 deletions(-) delete mode 100644 thttpd-2.25b-getline.patch create mode 100644 thttpd-2.26.tar.gz create mode 100644 thttpd-crypt_is_in_crypt.h.patch diff --git a/thttpd-2.25b-configure.patch b/thttpd-2.25b-configure.patch index 1ac1e94..ebe7e16 100644 --- a/thttpd-2.25b-configure.patch +++ b/thttpd-2.25b-configure.patch @@ -1,5 +1,7 @@ ---- config.h -+++ config.h +Index: config.h +=================================================================== +--- config.h.orig 2014-09-03 09:38:25.650677391 +0200 ++++ config.h 2014-09-03 09:38:50.657956674 +0200 @@ -57,17 +57,7 @@ ** as a security measure that's how you do it, just don't define any ** pattern here and don't run with the -c flag. @@ -66,7 +68,7 @@ /* CONFIGURE: If defined, $LD_LIBRARY_PATH to use for CGI programs. */ -@@ -333,7 +321,7 @@ +@@ -327,7 +315,7 @@ /* CONFIGURE: A list of index filenames to check. The files are searched ** for in this order. */ @@ -75,9 +77,11 @@ /* CONFIGURE: If this is defined then thttpd will automatically generate ** index pages for directories that don't have an explicit index file. ---- configure.in -+++ configure.in -@@ -6,8 +6,10 @@ +Index: configure.in +=================================================================== +--- configure.in.orig 2014-09-03 09:38:25.651677402 +0200 ++++ configure.in 2014-09-03 09:38:50.657956674 +0200 +@@ -6,8 +6,10 @@ AC_CANONICAL_SYSTEM AC_PROG_CC @@ -85,18 +89,18 @@ -if test "$GCC" = yes ; then +if test "x$V_CCOPT" = "x"; then + V_CCOPT="-O" -+ ++ + if test "$GCC" = yes ; then AC_MSG_CHECKING(gcc version) AC_CACHE_VAL(ac_cv_lbl_gcc_vers, ac_cv_lbl_gcc_vers=`$CC -dumpversion 2>&1 | \ -@@ -16,7 +18,8 @@ +@@ -16,7 +18,8 @@ if test "$GCC" = yes ; then if test "$ac_cv_lbl_gcc_vers" -gt 1 ; then V_CCOPT="-O2" fi -fi + fi -+fi ++fi if test -f .devel ; then - V_CCOPT="-g $V_CCOPT -Wall -Wmissing-prototypes -Wstrict-prototypes" + V_CCOPT="-g $V_CCOPT -ansi -pedantic -U__STRICT_ANSI__ -Wall -Wpointer-arith -Wshadow -Wcast-qual -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wredundant-decls -Wno-long-long" fi diff --git a/thttpd-2.25b-getline.patch b/thttpd-2.25b-getline.patch deleted file mode 100644 index 2aaa0a5..0000000 --- a/thttpd-2.25b-getline.patch +++ /dev/null @@ -1,20 +0,0 @@ ---- extras/htpasswd.c -+++ extras/htpasswd.c -@@ -49,7 +49,7 @@ - while((line[y++] = line[x++])); - } - --static int getline(char *s, int n, FILE *f) { -+static int my_getline(char *s, int n, FILE *f) { - register int i=0; - - while(1) { -@@ -189,7 +189,7 @@ - strncpy(user,argv[2],MAX_STRING_LEN); - user[MAX_STRING_LEN-1]='\0'; - found = 0; -- while(!(getline(line,MAX_STRING_LEN,f))) { -+ while(!(my_getline(line,MAX_STRING_LEN,f))) { - if(found || (line[0] == '#') || (!line[0])) { - putline(tfp,line); - continue; diff --git a/thttpd-2.25b-overflow.diff b/thttpd-2.25b-overflow.diff index 12987b2..fc37cec 100644 --- a/thttpd-2.25b-overflow.diff +++ b/thttpd-2.25b-overflow.diff @@ -1,15 +1,17 @@ ---- extras/htpasswd.c -+++ extras/htpasswd.c -@@ -186,15 +186,16 @@ +Index: extras/htpasswd.c +=================================================================== +--- extras/htpasswd.c.orig 2014-09-03 09:40:24.741007309 +0200 ++++ extras/htpasswd.c 2014-09-03 09:42:47.188597773 +0200 +@@ -184,15 +184,17 @@ int main(int argc, char *argv[]) { fprintf(stderr,"Use -c option to create new one.\n"); exit(1); } - strcpy(user,argv[2]); -- + + strncpy(user,argv[2],MAX_STRING_LEN); + user[MAX_STRING_LEN-1]='\0'; found = 0; - while(!(getline(line,MAX_STRING_LEN,f))) { + while(!(my_getline(line,MAX_STRING_LEN,f))) { if(found || (line[0] == '#') || (!line[0])) { putline(tfp,line); continue; @@ -20,7 +22,7 @@ getword(w,l,':'); if(strcmp(user,w)) { putline(tfp,line); -@@ -212,7 +213,8 @@ +@@ -210,7 +212,8 @@ int main(int argc, char *argv[]) { } fclose(f); fclose(tfp); diff --git a/thttpd-2.25b-static.patch b/thttpd-2.25b-static.patch index 492fa3d..50a56f0 100644 --- a/thttpd-2.25b-static.patch +++ b/thttpd-2.25b-static.patch @@ -1,7 +1,9 @@ ---- configure.in -+++ configure.in -@@ -24,34 +24,6 @@ - V_CCOPT="-g $V_CCOPT -Wall -Wmissing-prototypes -Wstrict-prototypes" +Index: configure.in +=================================================================== +--- configure.in.orig 2014-09-03 09:46:46.273266534 +0200 ++++ configure.in 2014-09-03 09:46:46.300266836 +0200 +@@ -24,34 +24,6 @@ if test -f .devel ; then + V_CCOPT="-g $V_CCOPT -ansi -pedantic -U__STRICT_ANSI__ -Wall -Wpointer-arith -Wshadow -Wcast-qual -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wredundant-decls -Wno-long-long" fi -dnl diff --git a/thttpd-2.26.tar.gz b/thttpd-2.26.tar.gz new file mode 100644 index 0000000..9e6bd2a --- /dev/null +++ b/thttpd-2.26.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:15b3f6c60f854061e333227e9ea9ff789d34a092c9365690a8c0d3ecfc85cbb7 +size 132950 diff --git a/thttpd-crypt_is_in_crypt.h.patch b/thttpd-crypt_is_in_crypt.h.patch new file mode 100644 index 0000000..fe20175 --- /dev/null +++ b/thttpd-crypt_is_in_crypt.h.patch @@ -0,0 +1,24 @@ +Index: thttpd-2.26/extras/htpasswd.c +=================================================================== +--- thttpd-2.26.orig/extras/htpasswd.c 2014-09-03 09:54:25.155386527 +0200 ++++ thttpd-2.26/extras/htpasswd.c 2014-09-03 10:32:19.736082368 +0200 +@@ -15,6 +15,7 @@ + #include + #include + #include ++#include + + #define LF 10 + #define CR 13 +Index: thttpd-2.26/libhttpd.c +=================================================================== +--- thttpd-2.26.orig/libhttpd.c 2014-09-03 09:54:25.155386527 +0200 ++++ thttpd-2.26/libhttpd.c 2014-09-03 10:33:13.913694495 +0200 +@@ -53,6 +53,7 @@ + #include + #include + #include ++#include + #include + + #ifdef HAVE_OSRELDATE_H diff --git a/thttpd.changes b/thttpd.changes index dcc1e27..f20cf94 100644 --- a/thttpd.changes +++ b/thttpd.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Wed Sep 3 07:42:53 UTC 2014 - vcizek@suse.com + +- update to 2.26 (bnc#894285) + Ignore ECONNABORTED on accept(). + Correctly implemented the config-file option change from "nosymlink" + to "nosymlinkcheck", which was supposedly done in version 2.24. + Removed mailto: link from default index page. + Allow CGIs to provide both Location and Status headers. + Better logic for figuring out CGI SERVER_NAME environment variable. + Updated for clang, and general cleanup. +- dropped thttpd-2.25b-getline.patch (upstream) +- added thttpd-crypt_is_in_crypt.h.patch + ------------------------------------------------------------------- Fri Jul 18 16:40:22 UTC 2014 - p.drouand@gmail.com diff --git a/thttpd.spec b/thttpd.spec index a5d842c..73af16b 100644 --- a/thttpd.spec +++ b/thttpd.spec @@ -15,49 +15,50 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # + %if 0%{?suse_version} > 1220 %define with_systemd 1 %else %define with_systemd 0 %endif - Name: thttpd +Version: 2.26 +Release: 0 +Summary: Small and very simple webserver +License: BSD-3-Clause +Group: Productivity/Networking/Web/Servers +Url: http://www.acme.com/software/thttpd/ +Source: %{name}-%{version}.tar.gz +Source1: %{name}-SuSE.tar.bz2 +Source2: %{name}.service +Patch0: %{name}-2.25b-configure.patch +Patch1: %{name}-2.25b-dirs.patch +Patch2: %{name}-2.25b-time_h.patch +Patch3: %{name}-2.25b-newautoconf.patch +Patch4: %{name}-2.25b-sec.patch +Patch5: %{name}-2.25b-static.patch +Patch6: %{name}-2.25b-pie.patch +Patch7: %{name}-2.25b-syslogtocern.diff +Patch8: %{name}-2.25b-overflow.diff +Patch9: %{name}-2.25b-chown.diff +Patch10: %{name}-2.25b-zerolen.patch +Patch11: %{name}-2.25b-strcpy.patch +# PATCH-FIX-SUSE CVE-2012-5640 +Patch13: thttpd-2.25b-CVE-2012-5640-check_crypt_return_value.patch +Patch14: thttpd-CVE-2013-0348.patch +Patch15: thttpd-crypt_is_in_crypt.h.patch +BuildRequires: automake +BuildRequires: libtool +Requires(post): permissions Provides: http_daemon +BuildRoot: %{_tmppath}/%{name}-%{version}-build %if %{with_systemd} BuildRequires: systemd %{?systemd_requires} %else -PreReq: %fillup_prereq %insserv_prereq +Requires(post): %fillup_prereq +Requires(post): %insserv_prereq %endif -PreReq: permissions -Version: 2.25b -Release: 0 -Source: %{name}-%{version}.tar.bz2 -Source1: %{name}-SuSE.tar.bz2 -Source2: %{name}.service -Patch0: %{name}-%{version}-configure.patch -Patch1: %{name}-%{version}-dirs.patch -Patch2: %{name}-%{version}-time_h.patch -Patch3: %{name}-%{version}-newautoconf.patch -Patch4: %{name}-%{version}-sec.patch -Patch5: %{name}-%{version}-static.patch -Patch6: %{name}-%{version}-pie.patch -Patch7: %{name}-%{version}-syslogtocern.diff -Patch8: %{name}-%{version}-overflow.diff -Patch9: %{name}-%{version}-chown.diff -Patch10: %{name}-%{version}-zerolen.patch -Patch11: %{name}-%{version}-strcpy.patch -Patch12: thttpd-2.25b-getline.patch -# PATCH-FIX-SUSE CVE-2012-5640 -Patch13: thttpd-2.25b-CVE-2012-5640-check_crypt_return_value.patch -Patch14: thttpd-CVE-2013-0348.patch -Url: http://www.acme.com/software/thttpd/ -BuildRoot: %{_tmppath}/%{name}-%{version}-build -Summary: Small and very simple webserver -License: BSD-3-Clause -Group: Productivity/Networking/Web/Servers -BuildRequires: automake -BuildRequires: libtool %description Thttpd is a very compact no-frills httpd serving daemon that can handle @@ -83,51 +84,52 @@ traffic. %patch9 %patch10 %patch11 -%patch12 %patch13 -p1 %patch14 -p1 +%patch15 -p1 %build -cp /usr/share/automake-1.*/config.* . +cp %{_datadir}/automake-1.*/config.* . # update server root path -sed -i "s@__SRVROOT__@%{serverroot}/htdocs@g" README.SuSE SuSE/etc/thttpd.conf +sed -i "s@__SRVROOT__@%{serverroot}/htdocs@g" README.SuSE SuSE%{_sysconfdir}/thttpd.conf sed -i "s@__PREFIX__@%{_prefix}@g;\ s@__SYSCONFDIR__@%{_sysconfdir}@g;\ s@__NAME__@%{name}@g;\ - s@__VERSION__@%{version}@g" SuSE/etc/init.d/thttpd -chmod 744 SuSE/etc/init.d/thttpd -chmod 644 SuSE/etc/thttpd.conf + s@__VERSION__@%{version}@g" SuSE%{_initddir}/thttpd +chmod 744 SuSE%{_initddir}/thttpd +chmod 644 SuSE%{_sysconfdir}/thttpd.conf mv aclocal.m4 acinclude.m4 libtoolize --force aclocal --force autoconf -f -V_CCOPT="$RPM_OPT_FLAGS -Wall" \ +V_CCOPT="%{optflags} -Wall" \ %configure %ifarch s390 s390x -make F_PIE="-fPIE" +make F_PIE="-fPIE" %{?_smp_mflags} %else -make F_PIE="-fpie" +make F_PIE="-fpie" %{?_smp_mflags} %endif %install -install -d %{buildroot}/usr/bin \ - %{buildroot}/usr/sbin \ +install -d %{buildroot}%{_bindir} \ + %{buildroot}%{_sbindir} \ %{buildroot}%{_mandir}/man1 \ %{buildroot}%{_mandir}/man8 \ %{buildroot}%{serverroot}/htdocs/users -make DESTDIR=%{buildroot} install +make DESTDIR=%{buildroot} install %{?_smp_mflags} cp -a SuSE/* %{buildroot} rm -f %{buildroot}%{serverroot}/htdocs/index.html %if %{with_systemd} -rm -rf %{buildroot}/etc/init.d +rm -rf %{buildroot}%{_sysconfdir}/init.d rm %{buildroot}%{_sbindir}/rc%{name} mkdir -p %{buildroot}%{_unitdir} install -m 644 %{SOURCE2} %{buildroot}%{_unitdir}/%{name}.service -ln -s /usr/sbin/service %{buildroot}%{_sbindir}/rc%{name} +ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name} %endif %if %{with_systemd} -%pre + +%pre %service_add_pre %{name}.service %endif @@ -140,11 +142,11 @@ ln -s /usr/sbin/service %{buildroot}%{_sbindir}/rc%{name} %if 0%{?suse_version} <= 1130 %run_permissions %else -%set_permissions /usr/bin/makeweb +%set_permissions %{_bindir}/makeweb %endif %verifyscript -%verify_permissions -e /usr/bin/makeweb +%verify_permissions -e %{_bindir}/makeweb %preun %if %{with_systemd} @@ -158,7 +160,7 @@ ln -s /usr/sbin/service %{buildroot}%{_sbindir}/rc%{name} %service_del_postun %{name}.service %else %restart_on_update thttpd -%{insserv_cleanup} +%insserv_cleanup %endif %files @@ -166,15 +168,15 @@ ln -s /usr/sbin/service %{buildroot}%{_sbindir}/rc%{name} %doc README README.SuSE config.h %{serverroot}/htdocs/* %attr(775, root, www) %{serverroot}/htdocs/users -%verify(not mode) %attr(2750, root, www) /usr/bin/makeweb -/usr/bin/htpasswd -/usr/sbin/* -/usr/share/man/*/* +%verify(not mode) %attr(2750, root, www) %{_bindir}/makeweb +%{_bindir}/htpasswd +%{_sbindir}/* +%{_mandir}/*/* %if %{with_systemd} %{_unitdir}/%{name}.service %else -%config /etc/init.d/thttpd +%config %{_initddir}/thttpd %endif -%config(noreplace) /etc/thttpd.conf +%config(noreplace) %{_sysconfdir}/thttpd.conf %changelog From 65fceb03191bdf4fc5dca0cf23bf286992b0499202e9c7e445e09069ccb5d7c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADt=C4=9Bzslav=20=C4=8C=C3=AD=C5=BEek?= Date: Mon, 22 Sep 2014 13:36:05 +0000 Subject: [PATCH 2/2] - drop thttpd-2.25b.tar.bz2 (old tarball) OBS-URL: https://build.opensuse.org/package/show/server:http/thttpd?expand=0&rev=25 --- thttpd-2.25b.tar.bz2 | 3 --- thttpd.changes | 5 +++++ 2 files changed, 5 insertions(+), 3 deletions(-) delete mode 100644 thttpd-2.25b.tar.bz2 diff --git a/thttpd-2.25b.tar.bz2 b/thttpd-2.25b.tar.bz2 deleted file mode 100644 index e1891f3..0000000 --- a/thttpd-2.25b.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:fd1fb01e3d5c9261b5357c246289d3b38f145aeb5faf922965238b86a09cb22d -size 108797 diff --git a/thttpd.changes b/thttpd.changes index f20cf94..3f3e84b 100644 --- a/thttpd.changes +++ b/thttpd.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Mon Sep 22 13:34:52 UTC 2014 - vcizek@suse.com + +- drop thttpd-2.25b.tar.bz2 (old tarball) + ------------------------------------------------------------------- Wed Sep 3 07:42:53 UTC 2014 - vcizek@suse.com