Accepting request 643958 from server:http

OBS-URL: https://build.opensuse.org/request/show/643958 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/thttpd?expand=0&rev=40
2018-10-23 18:41:52 +00:00 · 2018-10-23 18:41:52 +00:00 · 6446f320b7
commit 6446f320b7
parent fa03ff4387 aaa8c68bda
5 changed files with 21 additions and 21 deletions
--- a/thttpd-2.25b-overflow.diff
+++ b/thttpd-2.25b-overflow.diff
@ -1,18 +1,8 @@
 Index: extras/htpasswd.c
 ===================================================================
--- extras/htpasswd.c.orig	2014-09-03 09:40:24.741007309 +0200
-+++ extras/htpasswd.c	2014-09-03 09:42:47.188597773 +0200
-@@ -184,15 +184,17 @@ int main(int argc, char *argv[]) {
-         fprintf(stderr,"Use -c option to create new one.\n");
-         exit(1);
-     }
-    strcpy(user,argv[2]);
- 
-+    strncpy(user,argv[2],MAX_STRING_LEN);
-+    user[MAX_STRING_LEN-1]='\0';
-     found = 0;
-     while(!(my_getline(line,MAX_STRING_LEN,f))) {
-         if(found || (line[0] == '#') || (!line[0])) {
+--- extras/htpasswd.c.orig	2018-10-22 10:48:47.811465609 +0200
+++ extras/htpasswd.c	2018-10-22 10:52:45.008744706 +0200
+@@ -193,7 +193,8 @@ int main(int argc, char *argv[]) {
             putline(tfp,line);
             continue;
         }
@ -22,7 +12,7 @@ Index: extras/htpasswd.c
         getword(w,l,':');
         if(strcmp(user,w)) {
             putline(tfp,line);
-@@ -210,7 +212,8 @@ int main(int argc, char *argv[]) {
+@@ -211,7 +212,8 @@ int main(int argc, char *argv[]) {
     }
     fclose(f);
     fclose(tfp);
--- a/thttpd-2.27.tar.gz
+++ b/thttpd-2.27.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:b1c4bc37ada7c39cc2bcfbf86b3bc05be91be49f8bb4f55379eaff1f66516d7a
-size 134005
--- a/thttpd-2.29.tar.gz
+++ b/thttpd-2.29.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:99c09f47da326b1e7b5295c45549d2b65534dce27c44812cf7eef1441681a397
+size 133967
--- a/thttpd.changes
+++ b/thttpd.changes
@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Mon Oct 22 08:44:39 UTC 2018 - Vítězslav Čížek <vcizek@suse.com>
+
+- Update to 2.29 (bsc#1112629)
+  Allow CGI to handle HTTP methods besides GET/HEAD/POST.
+  Improvements to the FreeBSD startup script. (Craig Leres)
+  Minor portability tweak in mmc.c.
+  Fix to buffer overrun bug in htpasswd. Reported by Alessio Santoru as CVE-2017-17663.
+- update thttpd-2.25b-overflow.diff
+
 -------------------------------------------------------------------
 Wed Oct 18 08:30:54 UTC 2017 - jengelh@inai.de

--- a/thttpd.spec
+++ b/thttpd.spec
@ -1,7 +1,7 @@
 #
 # spec file for package thttpd
 #
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -12,7 +12,7 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.

-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #


@ -23,13 +23,13 @@
 %define with_systemd 0
 %endif
 Name:           thttpd
-Version:        2.27
+Version:        2.29
 Release:        0
 Summary:        Small and simple webserver
 License:        BSD-3-Clause
 Group:          Productivity/Networking/Web/Servers
 Url:            http://www.acme.com/software/thttpd/
-Source:         %{name}-%{version}.tar.gz
+Source:         http://www.acme.com/software/thttpd/%{name}-%{version}.tar.gz
 Source1:        %{name}-initd.script
 Source2:        %{name}.service
 Source3:        %{name}.logrotate