network/thttpd: Updated for version 2.26.

Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
2024-11-16 19:50:19 +01:00 · 2014-11-05 18:22:25 +07:00 · 2014-11-05 18:22:25 +07:00 · 60c75ff791
commit 60c75ff791
parent 2e8081a46c
16 changed files with 165 additions and 37 deletions
--- a/network/thttpd/patches/2.25b/additional-input-validation-httpd.c.diff
+++ b/network/thttpd/patches/2.25b/additional-input-validation-httpd.c.diff
--- a/network/thttpd/patches/2.25b/fix-buffer-overflow.diff
+++ b/network/thttpd/patches/2.25b/fix-buffer-overflow.diff
--- a/network/thttpd/patches/2.25b/fix-insecure-tmp-creation-CVE-2005-3124.diff
+++ b/network/thttpd/patches/2.25b/fix-insecure-tmp-creation-CVE-2005-3124.diff
--- a/network/thttpd/patches/2.25b/thttpd-2.25b-fix-illegal-path-info.patch
+++ b/network/thttpd/patches/2.25b/thttpd-2.25b-fix-illegal-path-info.patch
--- a/network/thttpd/patches/2.25b/thttpd-2.25b-monolithic-timer.patch
+++ b/network/thttpd/patches/2.25b/thttpd-2.25b-monolithic-timer.patch
--- a/network/thttpd/patches/2.25b/thttpd-2.25b-respect-CFLAGS--dont-link-static.patch
+++ b/network/thttpd/patches/2.25b/thttpd-2.25b-respect-CFLAGS--dont-link-static.patch
--- a/network/thttpd/patches/2.25b/thttpd-2.25b-use-Status-header.patch
+++ b/network/thttpd/patches/2.25b/thttpd-2.25b-use-Status-header.patch
--- a/network/thttpd/patches/2.25b/thttpd-2.25b-use-X-Forwarded-For-header.patch
+++ b/network/thttpd/patches/2.25b/thttpd-2.25b-use-X-Forwarded-For-header.patch
--- a/network/thttpd/patches/crypt.patch
+++ b/network/thttpd/patches/crypt.patch
@ -0,0 +1,24 @@
+diff -Naur old/extras/htpasswd.c new/extras/htpasswd.c
+--- old/extras/htpasswd.c	2014-10-19 10:28:39.782856897 -1000
+++ new/extras/htpasswd.c	2014-10-19 10:29:12.842911168 -1000
+@@ -8,6 +8,8 @@
+ ** if stdin is a pipe or file.  This is necessary for use from CGI.
+ */
+ 
+#define _XOPEN_SOURCE
+
+ #include <sys/types.h>
+ #include <stdio.h>
+ #include <string.h>
+diff -Naur old/libhttpd.c new/libhttpd.c
+--- old/libhttpd.c	2014-10-19 10:28:39.782856897 -1000
+++ new/libhttpd.c	2014-10-19 10:29:01.679559501 -1000
+@@ -39,6 +39,8 @@
+ #include <sys/param.h>
+ #include <sys/stat.h>
+ 
+#define __USE_XOPEN
+
+ #include <ctype.h>
+ #include <errno.h>
+ #include <fcntl.h>
--- a/network/thttpd/patches/discreet.patch
+++ b/network/thttpd/patches/discreet.patch
@ -0,0 +1,37 @@
+diff -Naur old/libhttpd.c new/libhttpd.c
+--- old/libhttpd.c	2014-08-15 11:32:31.040595413 +0900
+++ new/libhttpd.c	2014-08-15 11:34:57.690595931 +0900
+@@ -754,7 +754,7 @@
+     <title>%d %s</title>\n\
+   </head>\n\
+ \n\
+-  <body bgcolor=\"#cc9999\" text=\"#000000\" link=\"#2020ff\" vlink=\"#4040cc\">\n\
+  <body>\n\
+ \n\
+     <h2>%d %s</h2>\n",
+ 	status, title, status, title );
+@@ -780,14 +780,9 @@
+     char buf[1000];
+ 
+     (void) my_snprintf( buf, sizeof(buf), "\
+-    <hr>\n\
+-\n\
+-    <address><a href=\"%s\">%s</a></address>\n\
+-\n\
+   </body>\n\
+ \n\
+-</html>\n",
+-	SERVER_ADDRESS, EXPOSED_SERVER_SOFTWARE );
+</html>\n" );
+     add_response( hc, buf );
+     }
+ 
+@@ -2798,7 +2793,7 @@
+     <title>Index of %.80s</title>\n\
+   </head>\n\
+ \n\
+-  <body bgcolor=\"#99cc99\" text=\"#000000\" link=\"#2020ff\" vlink=\"#4040cc\">\n\
+  <body>\n\
+ \n\
+     <h2>Index of %.80s</h2>\n\
+ \n\
--- a/network/thttpd/patches/fix-world-readable-log.patch
+++ b/network/thttpd/patches/fix-world-readable-log.patch
@ -0,0 +1,59 @@
+From d2e186dbd58d274a0dea9b59357edc8498b5388d Mon Sep 17 00:00:00 2001
+From: "Anthony G. Basile" <blueness@gentoo.org>
+Date: Tue, 26 Feb 2013 14:28:26 -0500
+Subject: [PATCH] src/thttpd.c: Fix world readable log, CVE-2013-0348.
+
+Make sure that the logfile is created or reopened as read/write
+by thttpd user only.
+
+X-gentoo-Bug: 458896
+X-gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=458896
+Reported-by:  Agostino Sarubbo <ago@gentoo.org>
+Signed-off-by: Anthony G. Basile <basile@opensource.dyc.edu>
+---
+ thttpd.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/thttpd.c b/thttpd.c
+index 019b8c0..f33a7a7 100644
+--- a/thttpd.c
+++ b/thttpd.c
+@@ -326,6 +326,7 @@ static void
+ re_open_logfile( void )
+     {
+     FILE* logfp;
+    int retchmod;
+ 
+     if ( no_log || hs == (httpd_server*) 0 )
+ 	return;
+@@ -335,7 +336,8 @@ re_open_logfile( void )
+ 	{
+ 	syslog( LOG_NOTICE, "re-opening logfile" );
+ 	logfp = fopen( logfile, "a" );
+-	if ( logfp == (FILE*) 0 )
+	retchmod = chmod( logfile, S_IRUSR|S_IWUSR );
+	if ( logfp == (FILE*) 0 || retchmod != 0 )
+ 	    {
+ 	    syslog( LOG_CRIT, "re-opening %.80s - %m", logfile );
+ 	    return;
+@@ -355,6 +357,7 @@ main( int argc, char** argv )
+     gid_t gid = 32767;
+     char cwd[MAXPATHLEN+1];
+     FILE* logfp;
+    int retchmod;
+     int num_ready;
+     int cnum;
+     connecttab* c;
+@@ -424,7 +427,8 @@ main( int argc, char** argv )
+ 	else
+ 	    {
+ 	    logfp = fopen( logfile, "a" );
+-	    if ( logfp == (FILE*) 0 )
+	    retchmod = chmod( logfile, S_IRUSR|S_IWUSR );
+	    if ( logfp == (FILE*) 0 || retchmod != 0 )
+ 		{
+ 		syslog( LOG_CRIT, "%.80s - %m", logfile );
+ 		perror( logfile );
+-- 
+1.7.12.4
+
--- a/network/thttpd/patches/forwarded-for.patch
+++ b/network/thttpd/patches/forwarded-for.patch
@ -0,0 +1,16 @@
+diff -Naur old/libhttpd.c new/libhttpd.c
+--- old/libhttpd.c	2005-06-30 03:50:39.000000000 +1000
+++ new/libhttpd.c	2012-10-24 12:12:17.144560917 +1100
+@@ -2207,6 +2207,12 @@
+ 		if ( strcasecmp( cp, "keep-alive" ) == 0 )
+ 		    hc->keep_alive = 1;
+ 		}
+	    else if ( strncasecmp( buf, "X-Forwarded-For:", 16 ) == 0 )
+		{
+		cp = &buf[16];
+		cp += strspn( cp, " \t" );
+		inet_aton( cp, &(hc->client_addr.sa_in.sin_addr) );
+		}
+ #ifdef LOG_UNKNOWN_HEADERS
+ 	    else if ( strncasecmp( buf, "Accept-Charset:", 15 ) == 0 ||
+ 		      strncasecmp( buf, "Accept-Language:", 16 ) == 0 ||
--- a/network/thttpd/patches/thttpd-2.25b-glibc-2.10.patch
+++ b/network/thttpd/patches/thttpd-2.25b-glibc-2.10.patch
@ -1,21 +0,0 @@
-diff -ur thttpd-2.25b.orig/extras/htpasswd.c thttpd-2.25b/extras/htpasswd.c
--- thttpd-2.25b.orig/extras/htpasswd.c	2001-12-19 02:08:08.000000000 +0200
-+++ thttpd-2.25b/extras/htpasswd.c	2009-08-09 16:40:06.000000000 +0300
-@@ -49,7 +49,7 @@
-     while((line[y++] = line[x++]));
- }
- 
-static int getline(char *s, int n, FILE *f) {
-+static int get_line(char *s, int n, FILE *f) {
-     register int i=0;
- 
-     while(1) {
-@@ -189,7 +189,7 @@
-     strcpy(user,argv[2]);
- 
-     found = 0;
-    while(!(getline(line,MAX_STRING_LEN,f))) {
-+    while(!(get_line(line,MAX_STRING_LEN,f))) {
-         if(found || (line[0] == '#') || (!line[0])) {
-             putline(tfp,line);
-             continue;
--- a/network/thttpd/thttpd.SlackBuild
+++ b/network/thttpd/thttpd.SlackBuild
@ -24,7 +24,7 @@
 # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

 PRGNAM=thttpd
-VERSION=${VERSION:-2.25b}
+VERSION=${VERSION:-2.26}
 BUILD=${BUILD:-1}
 TAG=${TAG:-_SBo}

@ -83,13 +83,13 @@ tar xvf $CWD/$PRGNAM-$VERSION.tar.gz
 cd $PRGNAM-$VERSION
 chown -R root:root .
 find -L . \
- \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 -o -perm 511 \) \
- -exec chmod 755 {} \; -o \
- \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
- -exec chmod 644 {} \;
+ \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \
+  -o -perm 511 \) -exec chmod 755 {} \; -o \
+ \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \
+  -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \;

-# Apply some patches, from gentoo:
-for i in $CWD/patches/*.diff $CWD/patches/*.patch
+# Apply some patches, from arch/gentoo:
+for i in $CWD/patches/*.patch
 do
  echo
  echo "Appling patch $i ..."
@ -97,6 +97,15 @@ do
 done
 echo

+# Fix CFLAGS detection
+sed -i \
+  -e 's/^CFLAGS =/CFLAGS +=/' \
+  -e '/^STATICFLAG =/c STATICFLAG =' \
+    Makefile* extras/Makefile* cgi-src/Makefile*
+
+# Fix --build value detection in ./configure
+libtoolize --force --copy --install
+
 CFLAGS="$SLKCFLAGS" \
 CXXFLAGS="$SLKCFLAGS" \
 ./configure \
@ -118,19 +127,23 @@ sed -i \
 # Change the group to 'thttpd', rather than 'www'
 sed -i '/WEBGROUP =/ s/www/'$PRGNAM'/' Makefile* extras/Makefile* cgi-src/Makefile*

-## Use this line ONLY if you are going to build thttpd as a normal user.
-##sed -i '/WEBGROUP =/ s/www/'$(/bin/id -ng)'/' Makefile* extras/Makefile* cgi-src/Makefile*
+### Use the next line ONLY if you are going to build thttpd as a normal user.
+### sed -i '/WEBGROUP =/ s/'$PRGNAM'/'$(/bin/id -ng)'/' Makefile* extras/Makefile* cgi-src/Makefile*

 # Disable the use of bin as owner user and group.
 sed -i 's/-o bin -g bin//' Makefile* extras/Makefile* cgi-src/Makefile*

 # Create required directories
-mkdir -p $PKG/etc/rc.d $PKG/usr/man/man1 $PKG/etc/logrotate.d $PKG/var/log/$PRGNAM
+mkdir -p $PKG/etc/rc.d $PKG/usr/man/man1 $PKG/etc/logrotate.d \
+  $PKG/var/log/$PRGNAM $PKG/var/run/$PRGNAM
+chown $PRGNAM:$PRGNAM $PKG/var/log/$PRGNAM $PKG/var/run/$PRGNAM

+CFLAGS="$SLKCFLAGS" \
+CXXFLAGS="$SLKCFLAGS" \
 make
 make install DESTDIR=$PKG

-find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF \
+find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \
  | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true

 # Install default html file.
--- a/network/thttpd/thttpd.conf
+++ b/network/thttpd/thttpd.conf
@ -5,5 +5,5 @@ host=localhost
 port=80
 user=thttpd
 dir=/var/www/thttpd
-logfile=/var/log/thttpd.log
-pidfile=/var/run/thttpd.pid
+logfile=/var/log/thttpd/thttpd.log
+pidfile=/var/run/thttpd/thttpd.pid
--- a/network/thttpd/thttpd.info
+++ b/network/thttpd/thttpd.info
@ -1,8 +1,8 @@
 PRGNAM="thttpd"
-VERSION="2.25b"
+VERSION="2.26"
 HOMEPAGE="http://acme.com/software/thttpd/"
-DOWNLOAD="http://acme.com/software/thttpd/thttpd-2.25b.tar.gz"
-MD5SUM="156b249b3b0bcd48b06badd2db0d56c5"
+DOWNLOAD="http://acme.com/software/thttpd/thttpd-2.26.tar.gz"
+MD5SUM="7b9235cad40faf7dd08ad923529c61b2"
 DOWNLOAD_x86_64=""
 MD5SUM_x86_64=""
 REQUIRES=""