diff options
-rw-r--r-- | network/thttpd/README | 24 | ||||
-rw-r--r-- | network/thttpd/doinst.sh | 20 | ||||
-rw-r--r-- | network/thttpd/patches/additional-input-validation-httpd.c.diff | 62 | ||||
-rw-r--r-- | network/thttpd/patches/fix-buffer-overflow.diff | 21 | ||||
-rw-r--r-- | network/thttpd/patches/fix-insecure-tmp-creation-CVE-2005-3124.diff | 19 | ||||
-rw-r--r-- | network/thttpd/rc.thttpd | 63 | ||||
-rw-r--r-- | network/thttpd/slack-desc | 19 | ||||
-rw-r--r-- | network/thttpd/thttpd.SlackBuild | 146 | ||||
-rw-r--r-- | network/thttpd/thttpd.conf | 9 | ||||
-rw-r--r-- | network/thttpd/thttpd.info | 10 | ||||
-rw-r--r-- | network/thttpd/thttpd.logrotate | 12 |
11 files changed, 405 insertions, 0 deletions
diff --git a/network/thttpd/README b/network/thttpd/README new file mode 100644 index 0000000000..39c238c0ae --- /dev/null +++ b/network/thttpd/README @@ -0,0 +1,24 @@ +thttpd (the tiny/turbo/throttling HTTP server) + +thttpd is a simple, small, portable, fast, and secure HTTP server. +Simple: It handles only the minimum necessary to implement HTTP/1.1. +Well, maybe a little more than the minimum. Small: It has a very +small run-time size, since it does not fork and is very careful about +memory allocation. Portable: It compiles cleanly on most any +Unix-like OS. Fast: In typical use it's about as fast as the best +full-featured servers. Secure: It goes to great lengths to protect +the web server machine against attacks and breakins from other sites. + +Notes: + +By default the directory to serve through HTTP will be '/var/www/thttpd', +if you want to change it execute the SalckBuild for example as: + # WEBDIR='/opt/www' sh thttpd.SlackBuild +for example. + +To build and use this package the user/group 'thttpd' is required to +exists in your system. You can add it with: + # groupadd -g 227 thttpd + # useradd -u 227 -g 227 -c "User for thttpd" -d / -s /bin/false thttpd + +See http://slackbuilds.org/uid_gid.txt diff --git a/network/thttpd/doinst.sh b/network/thttpd/doinst.sh new file mode 100644 index 0000000000..0a6e18b3e8 --- /dev/null +++ b/network/thttpd/doinst.sh @@ -0,0 +1,20 @@ +config() { + NEW="$1" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + # If there's no config file by that name, mv it over: + if [ ! -r $OLD ]; then + mv $NEW $OLD + elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then + # toss the redundant copy + rm $NEW + fi + # Otherwise, we leave the .new copy for the admin to consider... +} + +# Keep same perms on rc.INIT.new: +if [ -e etc/rc.d/rc.thttpd ]; then + cp -a etc/rc.d/rc.thttpd etc/rc.d/rc.thttpd.new.incoming + cat etc/rc.d/rc.thttpd.new > etc/rc.d/rc.thttpd.new.incoming + mv etc/rc.d/rc.thttpd.new.incoming etc/rc.d/rc.thttpd.new +fi + diff --git a/network/thttpd/patches/additional-input-validation-httpd.c.diff b/network/thttpd/patches/additional-input-validation-httpd.c.diff new file mode 100644 index 0000000000..04f59eac8e --- /dev/null +++ b/network/thttpd/patches/additional-input-validation-httpd.c.diff @@ -0,0 +1,62 @@ +--- thttpd-2.25b/extras/htpasswd.c.orig 2006-03-31 04:12:42.281317000 +0000 ++++ thttpd-2.25b/extras/htpasswd.c 2006-03-31 05:21:37.741632392 +0000 +@@ -151,6 +151,7 @@ void interrupted(int signo) { + int main(int argc, char *argv[]) { + FILE *tfp,*f; + char user[MAX_STRING_LEN]; ++ char pwfilename[MAX_STRING_LEN]; + char line[MAX_STRING_LEN]; + char l[MAX_STRING_LEN]; + char w[MAX_STRING_LEN]; +@@ -168,6 +169,25 @@ int main(int argc, char *argv[]) { + perror("fopen"); + exit(1); + } ++ if (strlen(argv[2]) > (sizeof(pwfilename) - 1)) { ++ fprintf(stderr, "%s: filename is too long\n", argv[0]); ++ exit(1); ++ } ++ if (((strchr(argv[2], ';')) != NULL) || ((strchr(argv[2], '>')) != NULL)) { ++ fprintf(stderr, "%s: filename contains an illegal character\n", ++ argv[0]); ++ exit(1); ++ } ++ if (strlen(argv[3]) > (sizeof(user) - 1)) { ++ fprintf(stderr, "%s: username is too long\n", argv[0], ++ sizeof(user) - 1); ++ exit(1); ++ } ++ if ((strchr(argv[3], ':')) != NULL) { ++ fprintf(stderr, "%s: username contains an illegal character\n", ++ argv[0]); ++ exit(1); ++ } + printf("Adding password for %s.\n",argv[3]); + add_password(argv[3],tfp); + fclose(tfp); +@@ -180,6 +200,25 @@ int main(int argc, char *argv[]) { + exit(1); + } + ++ if (strlen(argv[1]) > (sizeof(pwfilename) - 1)) { ++ fprintf(stderr, "%s: filename is too long\n", argv[0]); ++ exit(1); ++ } ++ if (((strchr(argv[1], ';')) != NULL) || ((strchr(argv[1], '>')) != NULL)) { ++ fprintf(stderr, "%s: filename contains an illegal character\n", ++ argv[0]); ++ exit(1); ++ } ++ if (strlen(argv[2]) > (sizeof(user) - 1)) { ++ fprintf(stderr, "%s: username is too long\n", argv[0], ++ sizeof(user) - 1); ++ exit(1); ++ } ++ if ((strchr(argv[2], ':')) != NULL) { ++ fprintf(stderr, "%s: username contains an illegal character\n", ++ argv[0]); ++ exit(1); ++ } + if(!(f = fopen(argv[1],"r"))) { + fprintf(stderr, + "Could not open passwd file %s for reading.\n",argv[1]); diff --git a/network/thttpd/patches/fix-buffer-overflow.diff b/network/thttpd/patches/fix-buffer-overflow.diff new file mode 100644 index 0000000000..cacd732148 --- /dev/null +++ b/network/thttpd/patches/fix-buffer-overflow.diff @@ -0,0 +1,21 @@ +diff -Nrup thttpd-2.25b.orig/libhttpd.c thttpd-2.25b/libhttpd.c +--- thttpd-2.25b.orig/libhttpd.c 2003-12-25 19:06:05.000000000 +0000 ++++ thttpd-2.25b/libhttpd.c 2007-01-08 21:43:28.000000000 +0000 +@@ -1469,7 +1469,7 @@ expand_symlinks( char* path, char** rest + httpd_realloc_str( &checked, &maxchecked, checkedlen ); + (void) strcpy( checked, path ); + /* Trim trailing slashes. */ +- while ( checked[checkedlen - 1] == '/' ) ++ while ( checkedlen && checked[checkedlen - 1] == '/' ) + { + checked[checkedlen - 1] = '\0'; + --checkedlen; +@@ -1488,7 +1488,7 @@ expand_symlinks( char* path, char** rest + restlen = strlen( path ); + httpd_realloc_str( &rest, &maxrest, restlen ); + (void) strcpy( rest, path ); +- if ( rest[restlen - 1] == '/' ) ++ if ( restlen && rest[restlen - 1] == '/' ) + rest[--restlen] = '\0'; /* trim trailing slash */ + if ( ! tildemapped ) + /* Remove any leading slashes. */ diff --git a/network/thttpd/patches/fix-insecure-tmp-creation-CVE-2005-3124.diff b/network/thttpd/patches/fix-insecure-tmp-creation-CVE-2005-3124.diff new file mode 100644 index 0000000000..c41ec46b97 --- /dev/null +++ b/network/thttpd/patches/fix-insecure-tmp-creation-CVE-2005-3124.diff @@ -0,0 +1,19 @@ +diff -ru thttpd-2.23beta1.orig/extras/syslogtocern thttpd-2.23beta1/extras/syslogtocern +--- thttpd-2.23beta1.orig/extras/syslogtocern 1999-09-15 18:00:54.000000000 +0200 ++++ thttpd-2.23beta1/extras/syslogtocern 2005-10-26 01:45:34.000000000 +0200 +@@ -31,8 +31,8 @@ + exit 1 + fi + +-tmp1=/tmp/stc1.$$ +-rm -f $tmp1 ++tmp1=``mktemp -t stc1.XXXXXX` || { echo "$0: Cannot create temporary file" >&2; exit 1; } ++trap " [ -f \"$tmp1\" ] && /bin/rm -f -- \"$tmp1\"" 0 1 2 3 13 15 + + # Gather up all the thttpd entries. + egrep ' thttpd\[' $* > $tmp1 +@@ -65,4 +65,3 @@ + sed -e "s,\([A-Z][a-z][a-z] [0-9 ][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9]\) [^ ]* thttpd\[[0-9]*\]: \(.*\),[\1 ${year}] \2," > error_log + + # Done. +-rm -f $tmp1 diff --git a/network/thttpd/rc.thttpd b/network/thttpd/rc.thttpd new file mode 100644 index 0000000000..20187b116c --- /dev/null +++ b/network/thttpd/rc.thttpd @@ -0,0 +1,63 @@ +#!/bin/sh + +# Start/stop/restart the thttpd daemon +# Copyright (c) 2009 Antonio Hernández Blas <hba.nihilismus@gmail.com> + +CONF='/etc/thttpd.conf' +CMMD="/usr/sbin/thttpd -C $CONF" + +thttpd_start() { + if [ -x /usr/sbin/thttpd ]; then + if [ -f $CONF ]; then + PIDOF=$(pgrep -f "$CMMD") + if [ ! -z "$PIDOF" ]; then + echo "Error, thttpd is already running." + else + echo "Starting thttpd: $CMMD" + $CMMD + fi + else + echo "Error, file $CONF does not exist." + fi + fi +} + +thttpd_stop() { + THTTPDPID=$(pgrep -f "$CMMD") + if [ -z $THTTPDPID ]; then + echo "Error, thttpd is not running." + else + echo "Stoping thttpd: kill $THTTPDPID" + kill $THTTPDPID + fi +} + +thttpd_status() { + PIDOF=$(pgrep -f "$CMMD") + if [ ! -z "$PIDOF" ]; then + echo "thttpd is running." + else + echo "thttpd is not running." + fi +} + +case $1 in + start) + thttpd_start + ;; + stop) + thttpd_stop + ;; + restart) + thttpd_stop + sleep 3 + thttpd_start + ;; + status) + thttpd_status + ;; + *) + echo "Usage $0 {start|stop|restart|status}" + exit 1 + ;; +esac diff --git a/network/thttpd/slack-desc b/network/thttpd/slack-desc new file mode 100644 index 0000000000..887cb37051 --- /dev/null +++ b/network/thttpd/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' +# on the right side marks the last column you can put a character in. You must +# make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +thttpd: thttpd (the tiny/turbo/throttling HTTP server) +thttpd: +thttpd: thttpd is a simple, small, portable, fast, and secure HTTP server. +thttpd: Simple: It handles only the minimum necessary to implement HTTP/1.1. +thttpd: Well, maybe a little more than the minimum. Small: It has a very +thttpd: small run-time size, since it does not fork and is very careful about +thttpd: memory allocation. Portable: It compiles cleanly on most any +thttpd: Unix-like OS. Fast: In typical use it's about as fast as the best +thttpd: full-featured servers. Secure: It goes to great lengths to protect +thttpd: the web server machine against attacks and breakins from other sites. +thttpd: Homepage: http://acme.com/software/thttpd/ diff --git a/network/thttpd/thttpd.SlackBuild b/network/thttpd/thttpd.SlackBuild new file mode 100644 index 0000000000..a05f174c62 --- /dev/null +++ b/network/thttpd/thttpd.SlackBuild @@ -0,0 +1,146 @@ +#!/bin/sh + +# Slackware build script for thttpd + +# Written by Antonio Hernández Blas <hba.nihilismus@gmail.com> + +# Copyright (c) 2008-2009, Antonio Hernández Blas <hba.nihilismus@gmail.com> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# 1.- Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY +# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +# DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +PRGNAM=thttpd +VERSION=${VERSION:-2.25b} +ARCH=${ARCH:-i486} +BUILD=${BUILD:-1} +TAG=${TAG:-_SBo} + +CWD=$(pwd) +TMP=${TMP:-/tmp/SBo} +PKG=$TMP/package-$PRGNAM +OUTPUT=${OUTPUT:-/tmp} + +if [ "$ARCH" = "i486" ]; then + SLKCFLAGS="-O2 -march=i486 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +fi + +# Set the directory to serve through HTTP +WEBDIR=${WEBDIR:-/var/www/$PRGNAM} + +set -e + +rm -rf $PKG +mkdir -p $TMP $PKG $OUTPUT +cd $TMP +rm -rf $PRGNAM-$VERSION +tar xvf $CWD/$PRGNAM-$VERSION.tar.gz +cd $PRGNAM-$VERSION +chown -R root:root . +find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \; + +# Apply some patches, from gentoo: +cat $CWD/patches/additional-input-validation-httpd.c.diff | patch -p1 +cat $CWD/patches/fix-buffer-overflow.diff | patch -p1 +cat $CWD/patches/fix-insecure-tmp-creation-CVE-2005-3124.diff | patch -p1 + +CFLAGS="$SLKCFLAGS" \ +CXXFLAGS="$SLKCFLAGS" \ +./configure \ + --prefix=/usr \ + --libdir=/usr/lib${LIBDIRSUFFIX} \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --mandir=/usr/man \ + --build=$ARCH-slackware-linux + +# Fix 'DESTDIR' +sed -i \ + -e 's/$(DESTDIR)//g' \ + -e '/prefix =/ s/\/usr/$(DESTDIR)\/usr/' \ + -e '/MANDIR =/ s/\/usr\/man/$(DESTDIR)\/usr\/man/' \ + -e '/WEBDIR =/ s/$(prefix)\/www/$(DESTDIR)'$(echo $WEBDIR | sed 's/\//\\\//g')'/' \ + Makefile* extras/Makefile* cgi-src/Makefile* + +# Change the group to 'thttpd', rather than 'www' +sed -i '/WEBGROUP =/ s/www/'$PRGNAM'/' Makefile* extras/Makefile* cgi-src/Makefile* + +## Use this line ONLY if your are going to build thttpd as a normal user. +##sed -i '/WEBGROUP =/ s/www/'$(/bin/id -ng)'/' Makefile* extras/Makefile* cgi-src/Makefile* + +# Disable the use of bin as owner user and group. +sed -i 's/-o bin -g bin//' Makefile* extras/Makefile* cgi-src/Makefile* +# Create required directories +mkdir -p $PKG/etc/rc.d $PKG/usr/man/man1 $PKG/etc/logrotate.d + +make +make install DESTDIR=$PKG + +( cd $PKG + find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | \ + xargs strip --strip-unneeded 2> /dev/null || true + find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | \ + xargs strip --strip-unneeded 2> /dev/null +) + +# Install default html file. +install -m 644 index.html $PKG/$WEBDIR +# Install default configuration file +install -m 644 $CWD/$PRGNAM.conf $PKG/etc/$PRGNAM.conf.new +# Edit the configuration file to reflect the value of $WEBDIR +sed -i 's/^dir=.*/dir='$(echo $WEBDIR | sed 's/\//\\\//g')'/' $PKG/etc/$PRGNAM.conf.new +# Install runtime script +install -m 755 $CWD/rc.$PRGNAM $PKG/etc/rc.d/rc.$PRGNAM.new +# Install lograte file +install -m 644 $CWD/$PRGNAM.logrotate $PKG/etc/logrotate.d/$PRGNAM + +if [ -d $PKG/usr/man ]; then + ( cd $PKG/usr/man + find . -type f -exec gzip -9 {} \; + for i in $( find . -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done + ) +fi + +mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION +cp -a FILES INSTALL README TODO scripts $PKG/usr/doc/$PRGNAM-$VERSION +cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc +cat $CWD/doinst.sh > $PKG/install/doinst.sh +echo "config etc/$PRGNAM.conf.new" >> $PKG/install/doinst.sh +echo "config etc/rc.d/rc.$PRGNAM.new" >> $PKG/install/doinst.sh + +# Fix permissions. +find $PKG/usr/doc/$PRGNAM-$VERSION -type f -exec chmod 644 {} \; + +# To avoid a conflict with httpd(apache) package. +mv $PKG/usr/man/man1/htpasswd.1.gz $PKG/usr/man/man1/htpasswd-$PRGNAM.1.gz +mv $PKG/usr/sbin/htpasswd $PKG/usr/sbin/htpasswd-$PRGNAM + +cd $PKG +/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz} diff --git a/network/thttpd/thttpd.conf b/network/thttpd/thttpd.conf new file mode 100644 index 0000000000..22b9a9bb27 --- /dev/null +++ b/network/thttpd/thttpd.conf @@ -0,0 +1,9 @@ +# /etc/thttpd.conf +# Minimal configuration file for thttpd +# Check thttpd(8) for more options. +host=localhost +port=80 +user=thttpd +dir=/var/www/thttpd +logfile=/var/log/thttpd.log +pidfile=/var/run/thttpd.pid diff --git a/network/thttpd/thttpd.info b/network/thttpd/thttpd.info new file mode 100644 index 0000000000..0106298f01 --- /dev/null +++ b/network/thttpd/thttpd.info @@ -0,0 +1,10 @@ +PRGNAM="thttpd" +VERSION="2.25b" +HOMEPAGE="http://acme.com/software/thttpd/" +DOWNLOAD="http://acme.com/software/thttpd/thttpd-2.25b.tar.gz" +MD5SUM="156b249b3b0bcd48b06badd2db0d56c5" +DOWNLOAD_x86_64="" +MD5SUM_x86_64="" +MAINTAINER="Antonio Hernández Blas" +EMAIL="hba.nihilismus@gmail.com" +APPROVED="dsomero" diff --git a/network/thttpd/thttpd.logrotate b/network/thttpd/thttpd.logrotate new file mode 100644 index 0000000000..3c1cf98bea --- /dev/null +++ b/network/thttpd/thttpd.logrotate @@ -0,0 +1,12 @@ +/var/log/thttpd.log { + daily + rotate 5 + compress + delaycompress + missingok + notifempty + sharedscripts + postrotate + /etc/rc.d/rc.thttpd restart + endscript +} |