diff options
| author | ghen <ghen@pkgsrc.org> | 2007-09-10 20:13:31 +0000 |
|---|---|---|
| committer | ghen <ghen@pkgsrc.org> | 2007-09-10 20:13:31 +0000 |
| commit | 8751ecf65f34266ae80a57821865ba675c4630db (patch) | |
| tree | 32b42ad795e0e1c1023b21fec2110f68b7745998 | |
| parent | d0c235ef1a35f5eaf6974ea2456c8cbe19b3dde0 (diff) | |
| download | pkgsrc-8751ecf65f34266ae80a57821865ba675c4630db.tar.gz | |
Pullup ticket 2187 - requested by jlam
security update for lighttpd
- pkgsrc/www/lighttpd/DESCR 1.2
- pkgsrc/www/lighttpd/Makefile 1.16
- pkgsrc/www/lighttpd/PLIST 1.7
- pkgsrc/www/lighttpd/distinfo 1.11
- pkgsrc/www/lighttpd/patches/patch-aa 1.7
- pkgsrc/www/lighttpd/patches/patch-ab 1.4
- pkgsrc/www/lighttpd/patches/patch-ac 1.3
Module Name: pkgsrc
Committed By: jlam
Date: Mon Sep 10 13:59:51 UTC 2007
Modified Files:
pkgsrc/www/lighttpd: DESCR Makefile PLIST distinfo
Added Files:
pkgsrc/www/lighttpd/patches: patch-aa patch-ab patch-ac
Log Message:
Update www/lighttpd to 1.4.18. Changes from 1.4.16 include:
* fixed forwarding a SIGINT and SIGHUP when using max-workers (#902)
--> fixed FastCGI header overrun in mod_fastcgi
* fixed hanging redirects with keep-alive due to missing
"Content-Length: 0" headers
* fixed crashing when using undefined environment variables in the config
* added dir-listing.set-footer in mod_dirlisting (#1277)
* added sending UID and PID for SIGTERM and SIGINT to the logs
* fixed compression of files < 128 bytes by disabling compression (#1241)
* fixed mysql server reconnects (#518)
* fixed disabled keep-alive for dynamic content with HTTP/1.0 (#1166)
* fixed crash on mixed EOL sequences in mod_cgi
* fixed key compare (#1287)
* fixed invalid char in header values (#1286)
* fixed invalid "304 Not Modified" on broken timestamps
--> fixed endless loop on shrinked files with sendfile() on BSD (#1289)
--> fixed counter overrun in ?auto in mod_status (#909)
* fixed too aggresive caching of nested conditionals (#41)
--> fixed possible overflow in unix-socket path checks on BSD (#713)
* fixed extra Content-Length header on 1xx, 204 and 304 (#1002)
* fixed handling of duplicate If-Modified-Since to return 304
* fixed extracting status code from NPH scripts (#1125)
* removed config-check if passwd files exist (#1188)
* fixed crash when etags are disabled but the client sends one (#1322)
* fixed crash when freeing the config in mod_alias
* fixed server.error-handler-404 breakage from 1.4.16 (#1270)
* fixed entering 404-handler from dynamic content (#948)
* added more debug infos for FAM based stat-cache
The highlighted changes are security vulnerabilities that are fixed in
this release.
| -rw-r--r-- | www/lighttpd/DESCR | 12 | ||||
| -rw-r--r-- | www/lighttpd/Makefile | 4 | ||||
| -rw-r--r-- | www/lighttpd/PLIST | 3 | ||||
| -rw-r--r-- | www/lighttpd/distinfo | 11 | ||||
| -rw-r--r-- | www/lighttpd/patches/patch-aa | 15 | ||||
| -rw-r--r-- | www/lighttpd/patches/patch-ab | 12 | ||||
| -rw-r--r-- | www/lighttpd/patches/patch-ac | 21 |
7 files changed, 65 insertions, 13 deletions
diff --git a/www/lighttpd/DESCR b/www/lighttpd/DESCR index 1473624890e..06531d9ecca 100644 --- a/www/lighttpd/DESCR +++ b/www/lighttpd/DESCR @@ -1,6 +1,6 @@ -LightTPD is a secure, fast, compliant, and very flexible web-server -which designed and optimized for for high-performance environments. -With a small memory footprint compared to other webservers, effective -management of the CPU load, and advanced feature set (FastCGI, CGI, -Auth, Output-Compression, URL-Rewriting and many more), LightTPD is -the perfect solution for every server that is suffering load problems. +Lighttpd is a secure, speedy, compliant, and very flexible web-server +which is designed and optimized for for high-performance environments. +With a small memory footprint compared to other web-servers, effective +management of the CPU-load, and advanced feature set (FastCGI, SCGI, +Auth, Output-Compression, URL-Rewriting and many more) lighttpd is the +perfect solution for every server that is suffering load problems. diff --git a/www/lighttpd/Makefile b/www/lighttpd/Makefile index 231d76b8f32..961978a396f 100644 --- a/www/lighttpd/Makefile +++ b/www/lighttpd/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.14.2.1 2007/07/27 22:47:14 ghen Exp $ +# $NetBSD: Makefile,v 1.14.2.2 2007/09/10 20:13:31 ghen Exp $ -DISTNAME= lighttpd-1.4.16 +DISTNAME= lighttpd-1.4.18 CATEGORIES= www MASTER_SITES= http://www.lighttpd.net/download/ diff --git a/www/lighttpd/PLIST b/www/lighttpd/PLIST index 35a4e6484f2..c1372be4d78 100644 --- a/www/lighttpd/PLIST +++ b/www/lighttpd/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.6 2007/04/19 16:16:17 joerg Exp $ +@comment $NetBSD: PLIST,v 1.6.2.1 2007/09/10 20:13:31 ghen Exp $ bin/spawn-fcgi lib/lighttpd/mod_access.la lib/lighttpd/mod_accesslog.la @@ -35,6 +35,7 @@ lib/lighttpd/mod_webdav.la man/man1/lighttpd.1 man/man1/spawn-fcgi.1 sbin/lighttpd +sbin/lighttpd-angel share/doc/lighttpd/AUTHORS share/doc/lighttpd/COPYING share/doc/lighttpd/ChangeLog diff --git a/www/lighttpd/distinfo b/www/lighttpd/distinfo index 3795cd49e7e..c8135e986b0 100644 --- a/www/lighttpd/distinfo +++ b/www/lighttpd/distinfo @@ -1,5 +1,8 @@ -$NetBSD: distinfo,v 1.9.2.1 2007/07/27 22:47:14 ghen Exp $ +$NetBSD: distinfo,v 1.9.2.2 2007/09/10 20:13:31 ghen Exp $ -SHA1 (lighttpd-1.4.16.tar.gz) = b160cece6c0dd15746d10957d28ba02b2e9e77ce -RMD160 (lighttpd-1.4.16.tar.gz) = 71743363b9992ce726fffe40af0f75c66a2f6006 -Size (lighttpd-1.4.16.tar.gz) = 795818 bytes +SHA1 (lighttpd-1.4.18.tar.gz) = 30eb24cdfcfeadf10fa16f187330bdc5deb25ed2 +RMD160 (lighttpd-1.4.18.tar.gz) = dfca15e4b02a405cc89dcdfb9a0f8137971cfb24 +Size (lighttpd-1.4.18.tar.gz) = 803361 bytes +SHA1 (patch-aa) = d48beb6e526f31f9ea19657e6010c5165026b475 +SHA1 (patch-ab) = b02003db1b2ac978846eb0f7be178b91f59fc176 +SHA1 (patch-ac) = b2bc7bcbd151bf64ce085dad359077c5ffa2da1f diff --git a/www/lighttpd/patches/patch-aa b/www/lighttpd/patches/patch-aa new file mode 100644 index 00000000000..9f261564448 --- /dev/null +++ b/www/lighttpd/patches/patch-aa @@ -0,0 +1,15 @@ +$NetBSD: patch-aa,v 1.6.2.1 2007/09/10 20:13:31 ghen Exp $ + +--- configure.orig Sun Sep 9 19:55:31 2007 ++++ configure +@@ -28161,10 +28161,6 @@ fi + + + +-if test "${GCC}" = "yes"; then +- CFLAGS="${CFLAGS} -Wall -W -Wshadow -pedantic -std=gnu99" +-fi +- + LIGHTTPD_VERSION_ID=`echo $PACKAGE_VERSION | $AWK -F '.' '{print "(" $1 " << 16 | " $2 " << 8 | " $3 ")"}'` + + cat >>confdefs.h <<_ACEOF diff --git a/www/lighttpd/patches/patch-ab b/www/lighttpd/patches/patch-ab new file mode 100644 index 00000000000..678ea57abe1 --- /dev/null +++ b/www/lighttpd/patches/patch-ab @@ -0,0 +1,12 @@ +$NetBSD: patch-ab,v 1.3.2.1 2007/09/10 20:13:32 ghen Exp $ + +--- src/mod_extforward.c.orig Sat Aug 18 09:43:35 2007 ++++ src/mod_extforward.c +@@ -6,6 +6,7 @@ + #include <stdlib.h> + #include <string.h> + #include <stdio.h> ++#include <sys/types.h> + #include <netinet/in.h> + + #include "base.h" diff --git a/www/lighttpd/patches/patch-ac b/www/lighttpd/patches/patch-ac new file mode 100644 index 00000000000..33d54d619db --- /dev/null +++ b/www/lighttpd/patches/patch-ac @@ -0,0 +1,21 @@ +$NetBSD: patch-ac,v 1.2.2.1 2007/09/10 20:13:32 ghen Exp $ + +--- src/etag.c.orig Mon Aug 27 21:54:45 2007 ++++ src/etag.c +@@ -1,5 +1,15 @@ ++#ifdef HAVE_CONFIG_H ++# include "config.h" ++#endif ++ + #include <string.h> +-#include <stdint.h> ++ ++#ifdef HAVE_STDINT_H ++# include <stdint.h> ++#endif ++#ifdef HAVE_INTTYPES_H ++# include <inttypes.h> ++#endif + + #include "buffer.h" + #include "etag.h" |