From aaa8c68bdabd9dd1465f45230a0d3eede3c489dc3039f59a8320d0e3b16de85b Mon Sep 17 00:00:00 2001
From: Marguerite Su <i@marguerite.su>
Date: Tue, 23 Oct 2018 12:47:01 +0000
Subject: [PATCH] Accepting request 643659 from
 home:vitezslav_cizek:branches:server:http

- Update to 2.29 (bsc#1112629)
  Allow CGI to handle HTTP methods besides GET/HEAD/POST.
  Improvements to the FreeBSD startup script. (Craig Leres)
  Minor portability tweak in mmc.c.
  Fix to buffer overrun bug in htpasswd. Reported by Alessio Santoru as CVE-2017-17663.
- update thttpd-2.25b-overflow.diff

OBS-URL: https://build.opensuse.org/request/show/643659
OBS-URL: https://build.opensuse.org/package/show/server:http/thttpd?expand=0&rev=41
---
 thttpd-2.25b-overflow.diff | 18 ++++--------------
 thttpd-2.27.tar.gz         |  3 ---
 thttpd-2.29.tar.gz         |  3 +++
 thttpd.changes             | 10 ++++++++++
 thttpd.spec                |  8 ++++----
 5 files changed, 21 insertions(+), 21 deletions(-)
 delete mode 100644 thttpd-2.27.tar.gz
 create mode 100644 thttpd-2.29.tar.gz

diff --git a/thttpd-2.25b-overflow.diff b/thttpd-2.25b-overflow.diff
index fc37cec..31de52d 100644
--- a/thttpd-2.25b-overflow.diff
+++ b/thttpd-2.25b-overflow.diff
@@ -1,18 +1,8 @@
 Index: extras/htpasswd.c
 ===================================================================
---- extras/htpasswd.c.orig	2014-09-03 09:40:24.741007309 +0200
-+++ extras/htpasswd.c	2014-09-03 09:42:47.188597773 +0200
-@@ -184,15 +184,17 @@ int main(int argc, char *argv[]) {
-         fprintf(stderr,"Use -c option to create new one.\n");
-         exit(1);
-     }
--    strcpy(user,argv[2]);
- 
-+    strncpy(user,argv[2],MAX_STRING_LEN);
-+    user[MAX_STRING_LEN-1]='\0';
-     found = 0;
-     while(!(my_getline(line,MAX_STRING_LEN,f))) {
-         if(found || (line[0] == '#') || (!line[0])) {
+--- extras/htpasswd.c.orig	2018-10-22 10:48:47.811465609 +0200
++++ extras/htpasswd.c	2018-10-22 10:52:45.008744706 +0200
+@@ -193,7 +193,8 @@ int main(int argc, char *argv[]) {
              putline(tfp,line);
              continue;
          }
@@ -22,7 +12,7 @@ Index: extras/htpasswd.c
          getword(w,l,':');
          if(strcmp(user,w)) {
              putline(tfp,line);
-@@ -210,7 +212,8 @@ int main(int argc, char *argv[]) {
+@@ -211,7 +212,8 @@ int main(int argc, char *argv[]) {
      }
      fclose(f);
      fclose(tfp);
diff --git a/thttpd-2.27.tar.gz b/thttpd-2.27.tar.gz
deleted file mode 100644
index d8b5e3f..0000000
--- a/thttpd-2.27.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:b1c4bc37ada7c39cc2bcfbf86b3bc05be91be49f8bb4f55379eaff1f66516d7a
-size 134005
diff --git a/thttpd-2.29.tar.gz b/thttpd-2.29.tar.gz
new file mode 100644
index 0000000..3c63c7e
--- /dev/null
+++ b/thttpd-2.29.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:99c09f47da326b1e7b5295c45549d2b65534dce27c44812cf7eef1441681a397
+size 133967
diff --git a/thttpd.changes b/thttpd.changes
index 7707cc4..ba1da64 100644
--- a/thttpd.changes
+++ b/thttpd.changes
@@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Mon Oct 22 08:44:39 UTC 2018 - Vítězslav Čížek <vcizek@suse.com>
+
+- Update to 2.29 (bsc#1112629)
+  Allow CGI to handle HTTP methods besides GET/HEAD/POST.
+  Improvements to the FreeBSD startup script. (Craig Leres)
+  Minor portability tweak in mmc.c.
+  Fix to buffer overrun bug in htpasswd. Reported by Alessio Santoru as CVE-2017-17663.
+- update thttpd-2.25b-overflow.diff
+
 -------------------------------------------------------------------
 Wed Oct 18 08:30:54 UTC 2017 - jengelh@inai.de
 
diff --git a/thttpd.spec b/thttpd.spec
index bc2a81c..8763efa 100644
--- a/thttpd.spec
+++ b/thttpd.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package thttpd
 #
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -12,7 +12,7 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
 
@@ -23,13 +23,13 @@
 %define with_systemd 0
 %endif
 Name:           thttpd
-Version:        2.27
+Version:        2.29
 Release:        0
 Summary:        Small and simple webserver
 License:        BSD-3-Clause
 Group:          Productivity/Networking/Web/Servers
 Url:            http://www.acme.com/software/thttpd/
-Source:         %{name}-%{version}.tar.gz
+Source:         http://www.acme.com/software/thttpd/%{name}-%{version}.tar.gz
 Source1:        %{name}-initd.script
 Source2:        %{name}.service
 Source3:        %{name}.logrotate