diff options
Diffstat (limited to 'network/thttpd/patches')
| -rw-r--r-- | network/thttpd/patches/2.25b/additional-input-validation-httpd.c.diff (renamed from network/thttpd/patches/additional-input-validation-httpd.c.diff) | 0 | ||||
| -rw-r--r-- | network/thttpd/patches/2.25b/fix-buffer-overflow.diff (renamed from network/thttpd/patches/fix-buffer-overflow.diff) | 0 | ||||
| -rw-r--r-- | network/thttpd/patches/2.25b/fix-insecure-tmp-creation-CVE-2005-3124.diff (renamed from network/thttpd/patches/fix-insecure-tmp-creation-CVE-2005-3124.diff) | 0 | ||||
| -rw-r--r-- | network/thttpd/patches/2.25b/thttpd-2.25b-fix-illegal-path-info.patch (renamed from network/thttpd/patches/thttpd-2.25b-fix-illegal-path-info.patch) | 0 | ||||
| -rw-r--r-- | network/thttpd/patches/2.25b/thttpd-2.25b-monolithic-timer.patch (renamed from network/thttpd/patches/thttpd-2.25b-monolithic-timer.patch) | 0 | ||||
| -rw-r--r-- | network/thttpd/patches/2.25b/thttpd-2.25b-respect-CFLAGS--dont-link-static.patch (renamed from network/thttpd/patches/thttpd-2.25b-respect-CFLAGS--dont-link-static.patch) | 0 | ||||
| -rw-r--r-- | network/thttpd/patches/2.25b/thttpd-2.25b-use-Status-header.patch (renamed from network/thttpd/patches/thttpd-2.25b-use-Status-header.patch) | 0 | ||||
| -rw-r--r-- | network/thttpd/patches/2.25b/thttpd-2.25b-use-X-Forwarded-For-header.patch (renamed from network/thttpd/patches/thttpd-2.25b-use-X-Forwarded-For-header.patch) | 0 | ||||
| -rw-r--r-- | network/thttpd/patches/crypt.patch | 24 | ||||
| -rw-r--r-- | network/thttpd/patches/discreet.patch | 37 | ||||
| -rw-r--r-- | network/thttpd/patches/fix-world-readable-log.patch | 59 | ||||
| -rw-r--r-- | network/thttpd/patches/forwarded-for.patch | 16 | ||||
| -rw-r--r-- | network/thttpd/patches/thttpd-2.25b-glibc-2.10.patch | 21 |
13 files changed, 136 insertions, 21 deletions
diff --git a/network/thttpd/patches/additional-input-validation-httpd.c.diff b/network/thttpd/patches/2.25b/additional-input-validation-httpd.c.diff index 04f59eac8e..04f59eac8e 100644 --- a/network/thttpd/patches/additional-input-validation-httpd.c.diff +++ b/network/thttpd/patches/2.25b/additional-input-validation-httpd.c.diff diff --git a/network/thttpd/patches/fix-buffer-overflow.diff b/network/thttpd/patches/2.25b/fix-buffer-overflow.diff index cacd732148..cacd732148 100644 --- a/network/thttpd/patches/fix-buffer-overflow.diff +++ b/network/thttpd/patches/2.25b/fix-buffer-overflow.diff diff --git a/network/thttpd/patches/fix-insecure-tmp-creation-CVE-2005-3124.diff b/network/thttpd/patches/2.25b/fix-insecure-tmp-creation-CVE-2005-3124.diff index c41ec46b97..c41ec46b97 100644 --- a/network/thttpd/patches/fix-insecure-tmp-creation-CVE-2005-3124.diff +++ b/network/thttpd/patches/2.25b/fix-insecure-tmp-creation-CVE-2005-3124.diff diff --git a/network/thttpd/patches/thttpd-2.25b-fix-illegal-path-info.patch b/network/thttpd/patches/2.25b/thttpd-2.25b-fix-illegal-path-info.patch index d1688f1446..d1688f1446 100644 --- a/network/thttpd/patches/thttpd-2.25b-fix-illegal-path-info.patch +++ b/network/thttpd/patches/2.25b/thttpd-2.25b-fix-illegal-path-info.patch diff --git a/network/thttpd/patches/thttpd-2.25b-monolithic-timer.patch b/network/thttpd/patches/2.25b/thttpd-2.25b-monolithic-timer.patch index 9ff38aec45..9ff38aec45 100644 --- a/network/thttpd/patches/thttpd-2.25b-monolithic-timer.patch +++ b/network/thttpd/patches/2.25b/thttpd-2.25b-monolithic-timer.patch diff --git a/network/thttpd/patches/thttpd-2.25b-respect-CFLAGS--dont-link-static.patch b/network/thttpd/patches/2.25b/thttpd-2.25b-respect-CFLAGS--dont-link-static.patch index ce915c706b..ce915c706b 100644 --- a/network/thttpd/patches/thttpd-2.25b-respect-CFLAGS--dont-link-static.patch +++ b/network/thttpd/patches/2.25b/thttpd-2.25b-respect-CFLAGS--dont-link-static.patch diff --git a/network/thttpd/patches/thttpd-2.25b-use-Status-header.patch b/network/thttpd/patches/2.25b/thttpd-2.25b-use-Status-header.patch index 6aaae5a5d9..6aaae5a5d9 100644 --- a/network/thttpd/patches/thttpd-2.25b-use-Status-header.patch +++ b/network/thttpd/patches/2.25b/thttpd-2.25b-use-Status-header.patch diff --git a/network/thttpd/patches/thttpd-2.25b-use-X-Forwarded-For-header.patch b/network/thttpd/patches/2.25b/thttpd-2.25b-use-X-Forwarded-For-header.patch index 0fec25ef7c..0fec25ef7c 100644 --- a/network/thttpd/patches/thttpd-2.25b-use-X-Forwarded-For-header.patch +++ b/network/thttpd/patches/2.25b/thttpd-2.25b-use-X-Forwarded-For-header.patch diff --git a/network/thttpd/patches/crypt.patch b/network/thttpd/patches/crypt.patch new file mode 100644 index 0000000000..982e6780fc --- /dev/null +++ b/network/thttpd/patches/crypt.patch @@ -0,0 +1,24 @@ +diff -Naur old/extras/htpasswd.c new/extras/htpasswd.c +--- old/extras/htpasswd.c 2014-10-19 10:28:39.782856897 -1000 ++++ new/extras/htpasswd.c 2014-10-19 10:29:12.842911168 -1000 +@@ -8,6 +8,8 @@ + ** if stdin is a pipe or file. This is necessary for use from CGI. + */ + ++#define _XOPEN_SOURCE ++ + #include <sys/types.h> + #include <stdio.h> + #include <string.h> +diff -Naur old/libhttpd.c new/libhttpd.c +--- old/libhttpd.c 2014-10-19 10:28:39.782856897 -1000 ++++ new/libhttpd.c 2014-10-19 10:29:01.679559501 -1000 +@@ -39,6 +39,8 @@ + #include <sys/param.h> + #include <sys/stat.h> + ++#define __USE_XOPEN ++ + #include <ctype.h> + #include <errno.h> + #include <fcntl.h> diff --git a/network/thttpd/patches/discreet.patch b/network/thttpd/patches/discreet.patch new file mode 100644 index 0000000000..14c84e0f00 --- /dev/null +++ b/network/thttpd/patches/discreet.patch @@ -0,0 +1,37 @@ +diff -Naur old/libhttpd.c new/libhttpd.c +--- old/libhttpd.c 2014-08-15 11:32:31.040595413 +0900 ++++ new/libhttpd.c 2014-08-15 11:34:57.690595931 +0900 +@@ -754,7 +754,7 @@ + <title>%d %s</title>\n\ + </head>\n\ + \n\ +- <body bgcolor=\"#cc9999\" text=\"#000000\" link=\"#2020ff\" vlink=\"#4040cc\">\n\ ++ <body>\n\ + \n\ + <h2>%d %s</h2>\n", + status, title, status, title ); +@@ -780,14 +780,9 @@ + char buf[1000]; + + (void) my_snprintf( buf, sizeof(buf), "\ +- <hr>\n\ +-\n\ +- <address><a href=\"%s\">%s</a></address>\n\ +-\n\ + </body>\n\ + \n\ +-</html>\n", +- SERVER_ADDRESS, EXPOSED_SERVER_SOFTWARE ); ++</html>\n" ); + add_response( hc, buf ); + } + +@@ -2798,7 +2793,7 @@ + <title>Index of %.80s</title>\n\ + </head>\n\ + \n\ +- <body bgcolor=\"#99cc99\" text=\"#000000\" link=\"#2020ff\" vlink=\"#4040cc\">\n\ ++ <body>\n\ + \n\ + <h2>Index of %.80s</h2>\n\ + \n\ diff --git a/network/thttpd/patches/fix-world-readable-log.patch b/network/thttpd/patches/fix-world-readable-log.patch new file mode 100644 index 0000000000..40b06203d2 --- /dev/null +++ b/network/thttpd/patches/fix-world-readable-log.patch @@ -0,0 +1,59 @@ +From d2e186dbd58d274a0dea9b59357edc8498b5388d Mon Sep 17 00:00:00 2001 +From: "Anthony G. Basile" <blueness@gentoo.org> +Date: Tue, 26 Feb 2013 14:28:26 -0500 +Subject: [PATCH] src/thttpd.c: Fix world readable log, CVE-2013-0348. + +Make sure that the logfile is created or reopened as read/write +by thttpd user only. + +X-gentoo-Bug: 458896 +X-gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=458896 +Reported-by: Agostino Sarubbo <ago@gentoo.org> +Signed-off-by: Anthony G. Basile <basile@opensource.dyc.edu> +--- + thttpd.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/thttpd.c b/thttpd.c +index 019b8c0..f33a7a7 100644 +--- a/thttpd.c ++++ b/thttpd.c +@@ -326,6 +326,7 @@ static void + re_open_logfile( void ) + { + FILE* logfp; ++ int retchmod; + + if ( no_log || hs == (httpd_server*) 0 ) + return; +@@ -335,7 +336,8 @@ re_open_logfile( void ) + { + syslog( LOG_NOTICE, "re-opening logfile" ); + logfp = fopen( logfile, "a" ); +- if ( logfp == (FILE*) 0 ) ++ retchmod = chmod( logfile, S_IRUSR|S_IWUSR ); ++ if ( logfp == (FILE*) 0 || retchmod != 0 ) + { + syslog( LOG_CRIT, "re-opening %.80s - %m", logfile ); + return; +@@ -355,6 +357,7 @@ main( int argc, char** argv ) + gid_t gid = 32767; + char cwd[MAXPATHLEN+1]; + FILE* logfp; ++ int retchmod; + int num_ready; + int cnum; + connecttab* c; +@@ -424,7 +427,8 @@ main( int argc, char** argv ) + else + { + logfp = fopen( logfile, "a" ); +- if ( logfp == (FILE*) 0 ) ++ retchmod = chmod( logfile, S_IRUSR|S_IWUSR ); ++ if ( logfp == (FILE*) 0 || retchmod != 0 ) + { + syslog( LOG_CRIT, "%.80s - %m", logfile ); + perror( logfile ); +-- +1.7.12.4 + diff --git a/network/thttpd/patches/forwarded-for.patch b/network/thttpd/patches/forwarded-for.patch new file mode 100644 index 0000000000..348eb00cf2 --- /dev/null +++ b/network/thttpd/patches/forwarded-for.patch @@ -0,0 +1,16 @@ +diff -Naur old/libhttpd.c new/libhttpd.c +--- old/libhttpd.c 2005-06-30 03:50:39.000000000 +1000 ++++ new/libhttpd.c 2012-10-24 12:12:17.144560917 +1100 +@@ -2207,6 +2207,12 @@ + if ( strcasecmp( cp, "keep-alive" ) == 0 ) + hc->keep_alive = 1; + } ++ else if ( strncasecmp( buf, "X-Forwarded-For:", 16 ) == 0 ) ++ { ++ cp = &buf[16]; ++ cp += strspn( cp, " \t" ); ++ inet_aton( cp, &(hc->client_addr.sa_in.sin_addr) ); ++ } + #ifdef LOG_UNKNOWN_HEADERS + else if ( strncasecmp( buf, "Accept-Charset:", 15 ) == 0 || + strncasecmp( buf, "Accept-Language:", 16 ) == 0 || diff --git a/network/thttpd/patches/thttpd-2.25b-glibc-2.10.patch b/network/thttpd/patches/thttpd-2.25b-glibc-2.10.patch deleted file mode 100644 index c97227827e..0000000000 --- a/network/thttpd/patches/thttpd-2.25b-glibc-2.10.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff -ur thttpd-2.25b.orig/extras/htpasswd.c thttpd-2.25b/extras/htpasswd.c ---- thttpd-2.25b.orig/extras/htpasswd.c 2001-12-19 02:08:08.000000000 +0200 -+++ thttpd-2.25b/extras/htpasswd.c 2009-08-09 16:40:06.000000000 +0300 -@@ -49,7 +49,7 @@ - while((line[y++] = line[x++])); - } - --static int getline(char *s, int n, FILE *f) { -+static int get_line(char *s, int n, FILE *f) { - register int i=0; - - while(1) { -@@ -189,7 +189,7 @@ - strcpy(user,argv[2]); - - found = 0; -- while(!(getline(line,MAX_STRING_LEN,f))) { -+ while(!(get_line(line,MAX_STRING_LEN,f))) { - if(found || (line[0] == '#') || (!line[0])) { - putline(tfp,line); - continue; |