pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2007Q2]: pkgsrc/www/lighttpd Pullup ticket 2187 - requested by...
details: https://anonhg.NetBSD.org/pkgsrc/rev/5419488e75b9
branches: pkgsrc-2007Q2
changeset: 530508:5419488e75b9
user: ghen <ghen%pkgsrc.org@localhost>
date: Mon Sep 10 20:13:31 2007 +0000
description:
Pullup ticket 2187 - requested by jlam
security update for lighttpd
- pkgsrc/www/lighttpd/DESCR 1.2
- pkgsrc/www/lighttpd/Makefile 1.16
- pkgsrc/www/lighttpd/PLIST 1.7
- pkgsrc/www/lighttpd/distinfo 1.11
- pkgsrc/www/lighttpd/patches/patch-aa 1.7
- pkgsrc/www/lighttpd/patches/patch-ab 1.4
- pkgsrc/www/lighttpd/patches/patch-ac 1.3
Module Name: pkgsrc
Committed By: jlam
Date: Mon Sep 10 13:59:51 UTC 2007
Modified Files:
pkgsrc/www/lighttpd: DESCR Makefile PLIST distinfo
Added Files:
pkgsrc/www/lighttpd/patches: patch-aa patch-ab patch-ac
Log Message:
Update www/lighttpd to 1.4.18. Changes from 1.4.16 include:
* fixed forwarding a SIGINT and SIGHUP when using max-workers (#902)
--> fixed FastCGI header overrun in mod_fastcgi
* fixed hanging redirects with keep-alive due to missing
"Content-Length: 0" headers
* fixed crashing when using undefined environment variables in the config
* added dir-listing.set-footer in mod_dirlisting (#1277)
* added sending UID and PID for SIGTERM and SIGINT to the logs
* fixed compression of files < 128 bytes by disabling compression (#1241)
* fixed mysql server reconnects (#518)
* fixed disabled keep-alive for dynamic content with HTTP/1.0 (#1166)
* fixed crash on mixed EOL sequences in mod_cgi
* fixed key compare (#1287)
* fixed invalid char in header values (#1286)
* fixed invalid "304 Not Modified" on broken timestamps
--> fixed endless loop on shrinked files with sendfile() on BSD (#1289)
--> fixed counter overrun in ?auto in mod_status (#909)
* fixed too aggresive caching of nested conditionals (#41)
--> fixed possible overflow in unix-socket path checks on BSD (#713)
* fixed extra Content-Length header on 1xx, 204 and 304 (#1002)
* fixed handling of duplicate If-Modified-Since to return 304
* fixed extracting status code from NPH scripts (#1125)
* removed config-check if passwd files exist (#1188)
* fixed crash when etags are disabled but the client sends one (#1322)
* fixed crash when freeing the config in mod_alias
* fixed server.error-handler-404 breakage from 1.4.16 (#1270)
* fixed entering 404-handler from dynamic content (#948)
* added more debug infos for FAM based stat-cache
The highlighted changes are security vulnerabilities that are fixed in
this release.
diffstat:
www/lighttpd/DESCR | 12 ++++++------
www/lighttpd/Makefile | 4 ++--
www/lighttpd/PLIST | 3 ++-
www/lighttpd/distinfo | 11 +++++++----
www/lighttpd/patches/patch-aa | 15 +++++++++++++++
www/lighttpd/patches/patch-ab | 12 ++++++++++++
www/lighttpd/patches/patch-ac | 21 +++++++++++++++++++++
7 files changed, 65 insertions(+), 13 deletions(-)
diffs (121 lines):
diff -r b2625e45e2d0 -r 5419488e75b9 www/lighttpd/DESCR
--- a/www/lighttpd/DESCR Sat Sep 08 09:55:09 2007 +0000
+++ b/www/lighttpd/DESCR Mon Sep 10 20:13:31 2007 +0000
@@ -1,6 +1,6 @@
-LightTPD is a secure, fast, compliant, and very flexible web-server
-which designed and optimized for for high-performance environments.
-With a small memory footprint compared to other webservers, effective
-management of the CPU load, and advanced feature set (FastCGI, CGI,
-Auth, Output-Compression, URL-Rewriting and many more), LightTPD is
-the perfect solution for every server that is suffering load problems.
+Lighttpd is a secure, speedy, compliant, and very flexible web-server
+which is designed and optimized for for high-performance environments.
+With a small memory footprint compared to other web-servers, effective
+management of the CPU-load, and advanced feature set (FastCGI, SCGI,
+Auth, Output-Compression, URL-Rewriting and many more) lighttpd is the
+perfect solution for every server that is suffering load problems.
diff -r b2625e45e2d0 -r 5419488e75b9 www/lighttpd/Makefile
--- a/www/lighttpd/Makefile Sat Sep 08 09:55:09 2007 +0000
+++ b/www/lighttpd/Makefile Mon Sep 10 20:13:31 2007 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.14.2.1 2007/07/27 22:47:14 ghen Exp $
+# $NetBSD: Makefile,v 1.14.2.2 2007/09/10 20:13:31 ghen Exp $
-DISTNAME= lighttpd-1.4.16
+DISTNAME= lighttpd-1.4.18
CATEGORIES= www
MASTER_SITES= http://www.lighttpd.net/download/
diff -r b2625e45e2d0 -r 5419488e75b9 www/lighttpd/PLIST
--- a/www/lighttpd/PLIST Sat Sep 08 09:55:09 2007 +0000
+++ b/www/lighttpd/PLIST Mon Sep 10 20:13:31 2007 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.6 2007/04/19 16:16:17 joerg Exp $
+@comment $NetBSD: PLIST,v 1.6.2.1 2007/09/10 20:13:31 ghen Exp $
bin/spawn-fcgi
lib/lighttpd/mod_access.la
lib/lighttpd/mod_accesslog.la
@@ -35,6 +35,7 @@
man/man1/lighttpd.1
man/man1/spawn-fcgi.1
sbin/lighttpd
+sbin/lighttpd-angel
share/doc/lighttpd/AUTHORS
share/doc/lighttpd/COPYING
share/doc/lighttpd/ChangeLog
diff -r b2625e45e2d0 -r 5419488e75b9 www/lighttpd/distinfo
--- a/www/lighttpd/distinfo Sat Sep 08 09:55:09 2007 +0000
+++ b/www/lighttpd/distinfo Mon Sep 10 20:13:31 2007 +0000
@@ -1,5 +1,8 @@
-$NetBSD: distinfo,v 1.9.2.1 2007/07/27 22:47:14 ghen Exp $
+$NetBSD: distinfo,v 1.9.2.2 2007/09/10 20:13:31 ghen Exp $
-SHA1 (lighttpd-1.4.16.tar.gz) = b160cece6c0dd15746d10957d28ba02b2e9e77ce
-RMD160 (lighttpd-1.4.16.tar.gz) = 71743363b9992ce726fffe40af0f75c66a2f6006
-Size (lighttpd-1.4.16.tar.gz) = 795818 bytes
+SHA1 (lighttpd-1.4.18.tar.gz) = 30eb24cdfcfeadf10fa16f187330bdc5deb25ed2
+RMD160 (lighttpd-1.4.18.tar.gz) = dfca15e4b02a405cc89dcdfb9a0f8137971cfb24
+Size (lighttpd-1.4.18.tar.gz) = 803361 bytes
+SHA1 (patch-aa) = d48beb6e526f31f9ea19657e6010c5165026b475
+SHA1 (patch-ab) = b02003db1b2ac978846eb0f7be178b91f59fc176
+SHA1 (patch-ac) = b2bc7bcbd151bf64ce085dad359077c5ffa2da1f
diff -r b2625e45e2d0 -r 5419488e75b9 www/lighttpd/patches/patch-aa
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/lighttpd/patches/patch-aa Mon Sep 10 20:13:31 2007 +0000
@@ -0,0 +1,15 @@
+$NetBSD: patch-aa,v 1.6.2.1 2007/09/10 20:13:31 ghen Exp $
+
+--- configure.orig Sun Sep 9 19:55:31 2007
++++ configure
+@@ -28161,10 +28161,6 @@ fi
+
+
+
+-if test "${GCC}" = "yes"; then
+- CFLAGS="${CFLAGS} -Wall -W -Wshadow -pedantic -std=gnu99"
+-fi
+-
+ LIGHTTPD_VERSION_ID=`echo $PACKAGE_VERSION | $AWK -F '.' '{print "(" $1 " << 16 | " $2 " << 8 | " $3 ")"}'`
+
+ cat >>confdefs.h <<_ACEOF
diff -r b2625e45e2d0 -r 5419488e75b9 www/lighttpd/patches/patch-ab
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/lighttpd/patches/patch-ab Mon Sep 10 20:13:31 2007 +0000
@@ -0,0 +1,12 @@
+$NetBSD: patch-ab,v 1.3.2.1 2007/09/10 20:13:32 ghen Exp $
+
+--- src/mod_extforward.c.orig Sat Aug 18 09:43:35 2007
++++ src/mod_extforward.c
+@@ -6,6 +6,7 @@
+ #include <stdlib.h>
+ #include <string.h>
+ #include <stdio.h>
++#include <sys/types.h>
+ #include <netinet/in.h>
+
+ #include "base.h"
diff -r b2625e45e2d0 -r 5419488e75b9 www/lighttpd/patches/patch-ac
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/lighttpd/patches/patch-ac Mon Sep 10 20:13:31 2007 +0000
@@ -0,0 +1,21 @@
+$NetBSD: patch-ac,v 1.2.2.1 2007/09/10 20:13:32 ghen Exp $
+
+--- src/etag.c.orig Mon Aug 27 21:54:45 2007
++++ src/etag.c
+@@ -1,5 +1,15 @@
++#ifdef HAVE_CONFIG_H
++# include "config.h"
++#endif
++
+ #include <string.h>
+-#include <stdint.h>
++
++#ifdef HAVE_STDINT_H
++# include <stdint.h>
++#endif
++#ifdef HAVE_INTTYPES_H
++# include <inttypes.h>
++#endif
+
+ #include "buffer.h"
+ #include "etag.h"
Home |
Main Index |
Thread Index |
Old Index