summaryrefslogtreecommitdiff
path: root/network/thttpd
diff options
context:
space:
mode:
Diffstat (limited to 'network/thttpd')
-rw-r--r--network/thttpd/README24
-rw-r--r--network/thttpd/doinst.sh20
-rw-r--r--network/thttpd/patches/additional-input-validation-httpd.c.diff62
-rw-r--r--network/thttpd/patches/fix-buffer-overflow.diff21
-rw-r--r--network/thttpd/patches/fix-insecure-tmp-creation-CVE-2005-3124.diff19
-rw-r--r--network/thttpd/rc.thttpd63
-rw-r--r--network/thttpd/slack-desc19
-rw-r--r--network/thttpd/thttpd.SlackBuild146
-rw-r--r--network/thttpd/thttpd.conf9
-rw-r--r--network/thttpd/thttpd.info10
-rw-r--r--network/thttpd/thttpd.logrotate12
11 files changed, 405 insertions, 0 deletions
diff --git a/network/thttpd/README b/network/thttpd/README
new file mode 100644
index 0000000000..39c238c0ae
--- /dev/null
+++ b/network/thttpd/README
@@ -0,0 +1,24 @@
+thttpd (the tiny/turbo/throttling HTTP server)
+
+thttpd is a simple, small, portable, fast, and secure HTTP server.
+Simple: It handles only the minimum necessary to implement HTTP/1.1.
+Well, maybe a little more than the minimum. Small: It has a very
+small run-time size, since it does not fork and is very careful about
+memory allocation. Portable: It compiles cleanly on most any
+Unix-like OS. Fast: In typical use it's about as fast as the best
+full-featured servers. Secure: It goes to great lengths to protect
+the web server machine against attacks and breakins from other sites.
+
+Notes:
+
+By default the directory to serve through HTTP will be '/var/www/thttpd',
+if you want to change it execute the SalckBuild for example as:
+ # WEBDIR='/opt/www' sh thttpd.SlackBuild
+for example.
+
+To build and use this package the user/group 'thttpd' is required to
+exists in your system. You can add it with:
+ # groupadd -g 227 thttpd
+ # useradd -u 227 -g 227 -c "User for thttpd" -d / -s /bin/false thttpd
+
+See http://slackbuilds.org/uid_gid.txt
diff --git a/network/thttpd/doinst.sh b/network/thttpd/doinst.sh
new file mode 100644
index 0000000000..0a6e18b3e8
--- /dev/null
+++ b/network/thttpd/doinst.sh
@@ -0,0 +1,20 @@
+config() {
+ NEW="$1"
+ OLD="$(dirname $NEW)/$(basename $NEW .new)"
+ # If there's no config file by that name, mv it over:
+ if [ ! -r $OLD ]; then
+ mv $NEW $OLD
+ elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then
+ # toss the redundant copy
+ rm $NEW
+ fi
+ # Otherwise, we leave the .new copy for the admin to consider...
+}
+
+# Keep same perms on rc.INIT.new:
+if [ -e etc/rc.d/rc.thttpd ]; then
+ cp -a etc/rc.d/rc.thttpd etc/rc.d/rc.thttpd.new.incoming
+ cat etc/rc.d/rc.thttpd.new > etc/rc.d/rc.thttpd.new.incoming
+ mv etc/rc.d/rc.thttpd.new.incoming etc/rc.d/rc.thttpd.new
+fi
+
diff --git a/network/thttpd/patches/additional-input-validation-httpd.c.diff b/network/thttpd/patches/additional-input-validation-httpd.c.diff
new file mode 100644
index 0000000000..04f59eac8e
--- /dev/null
+++ b/network/thttpd/patches/additional-input-validation-httpd.c.diff
@@ -0,0 +1,62 @@
+--- thttpd-2.25b/extras/htpasswd.c.orig 2006-03-31 04:12:42.281317000 +0000
++++ thttpd-2.25b/extras/htpasswd.c 2006-03-31 05:21:37.741632392 +0000
+@@ -151,6 +151,7 @@ void interrupted(int signo) {
+ int main(int argc, char *argv[]) {
+ FILE *tfp,*f;
+ char user[MAX_STRING_LEN];
++ char pwfilename[MAX_STRING_LEN];
+ char line[MAX_STRING_LEN];
+ char l[MAX_STRING_LEN];
+ char w[MAX_STRING_LEN];
+@@ -168,6 +169,25 @@ int main(int argc, char *argv[]) {
+ perror("fopen");
+ exit(1);
+ }
++ if (strlen(argv[2]) > (sizeof(pwfilename) - 1)) {
++ fprintf(stderr, "%s: filename is too long\n", argv[0]);
++ exit(1);
++ }
++ if (((strchr(argv[2], ';')) != NULL) || ((strchr(argv[2], '>')) != NULL)) {
++ fprintf(stderr, "%s: filename contains an illegal character\n",
++ argv[0]);
++ exit(1);
++ }
++ if (strlen(argv[3]) > (sizeof(user) - 1)) {
++ fprintf(stderr, "%s: username is too long\n", argv[0],
++ sizeof(user) - 1);
++ exit(1);
++ }
++ if ((strchr(argv[3], ':')) != NULL) {
++ fprintf(stderr, "%s: username contains an illegal character\n",
++ argv[0]);
++ exit(1);
++ }
+ printf("Adding password for %s.\n",argv[3]);
+ add_password(argv[3],tfp);
+ fclose(tfp);
+@@ -180,6 +200,25 @@ int main(int argc, char *argv[]) {
+ exit(1);
+ }
+
++ if (strlen(argv[1]) > (sizeof(pwfilename) - 1)) {
++ fprintf(stderr, "%s: filename is too long\n", argv[0]);
++ exit(1);
++ }
++ if (((strchr(argv[1], ';')) != NULL) || ((strchr(argv[1], '>')) != NULL)) {
++ fprintf(stderr, "%s: filename contains an illegal character\n",
++ argv[0]);
++ exit(1);
++ }
++ if (strlen(argv[2]) > (sizeof(user) - 1)) {
++ fprintf(stderr, "%s: username is too long\n", argv[0],
++ sizeof(user) - 1);
++ exit(1);
++ }
++ if ((strchr(argv[2], ':')) != NULL) {
++ fprintf(stderr, "%s: username contains an illegal character\n",
++ argv[0]);
++ exit(1);
++ }
+ if(!(f = fopen(argv[1],"r"))) {
+ fprintf(stderr,
+ "Could not open passwd file %s for reading.\n",argv[1]);
diff --git a/network/thttpd/patches/fix-buffer-overflow.diff b/network/thttpd/patches/fix-buffer-overflow.diff
new file mode 100644
index 0000000000..cacd732148
--- /dev/null
+++ b/network/thttpd/patches/fix-buffer-overflow.diff
@@ -0,0 +1,21 @@
+diff -Nrup thttpd-2.25b.orig/libhttpd.c thttpd-2.25b/libhttpd.c
+--- thttpd-2.25b.orig/libhttpd.c 2003-12-25 19:06:05.000000000 +0000
++++ thttpd-2.25b/libhttpd.c 2007-01-08 21:43:28.000000000 +0000
+@@ -1469,7 +1469,7 @@ expand_symlinks( char* path, char** rest
+ httpd_realloc_str( &checked, &maxchecked, checkedlen );
+ (void) strcpy( checked, path );
+ /* Trim trailing slashes. */
+- while ( checked[checkedlen - 1] == '/' )
++ while ( checkedlen && checked[checkedlen - 1] == '/' )
+ {
+ checked[checkedlen - 1] = '\0';
+ --checkedlen;
+@@ -1488,7 +1488,7 @@ expand_symlinks( char* path, char** rest
+ restlen = strlen( path );
+ httpd_realloc_str( &rest, &maxrest, restlen );
+ (void) strcpy( rest, path );
+- if ( rest[restlen - 1] == '/' )
++ if ( restlen && rest[restlen - 1] == '/' )
+ rest[--restlen] = '\0'; /* trim trailing slash */
+ if ( ! tildemapped )
+ /* Remove any leading slashes. */
diff --git a/network/thttpd/patches/fix-insecure-tmp-creation-CVE-2005-3124.diff b/network/thttpd/patches/fix-insecure-tmp-creation-CVE-2005-3124.diff
new file mode 100644
index 0000000000..c41ec46b97
--- /dev/null
+++ b/network/thttpd/patches/fix-insecure-tmp-creation-CVE-2005-3124.diff
@@ -0,0 +1,19 @@
+diff -ru thttpd-2.23beta1.orig/extras/syslogtocern thttpd-2.23beta1/extras/syslogtocern
+--- thttpd-2.23beta1.orig/extras/syslogtocern 1999-09-15 18:00:54.000000000 +0200
++++ thttpd-2.23beta1/extras/syslogtocern 2005-10-26 01:45:34.000000000 +0200
+@@ -31,8 +31,8 @@
+ exit 1
+ fi
+
+-tmp1=/tmp/stc1.$$
+-rm -f $tmp1
++tmp1=``mktemp -t stc1.XXXXXX` || { echo "$0: Cannot create temporary file" >&2; exit 1; }
++trap " [ -f \"$tmp1\" ] && /bin/rm -f -- \"$tmp1\"" 0 1 2 3 13 15
+
+ # Gather up all the thttpd entries.
+ egrep ' thttpd\[' $* > $tmp1
+@@ -65,4 +65,3 @@
+ sed -e "s,\([A-Z][a-z][a-z] [0-9 ][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9]\) [^ ]* thttpd\[[0-9]*\]: \(.*\),[\1 ${year}] \2," > error_log
+
+ # Done.
+-rm -f $tmp1
diff --git a/network/thttpd/rc.thttpd b/network/thttpd/rc.thttpd
new file mode 100644
index 0000000000..20187b116c
--- /dev/null
+++ b/network/thttpd/rc.thttpd
@@ -0,0 +1,63 @@
+#!/bin/sh
+
+# Start/stop/restart the thttpd daemon
+# Copyright (c) 2009 Antonio Hernández Blas <hba.nihilismus@gmail.com>
+
+CONF='/etc/thttpd.conf'
+CMMD="/usr/sbin/thttpd -C $CONF"
+
+thttpd_start() {
+ if [ -x /usr/sbin/thttpd ]; then
+ if [ -f $CONF ]; then
+ PIDOF=$(pgrep -f "$CMMD")
+ if [ ! -z "$PIDOF" ]; then
+ echo "Error, thttpd is already running."
+ else
+ echo "Starting thttpd: $CMMD"
+ $CMMD
+ fi
+ else
+ echo "Error, file $CONF does not exist."
+ fi
+ fi
+}
+
+thttpd_stop() {
+ THTTPDPID=$(pgrep -f "$CMMD")
+ if [ -z $THTTPDPID ]; then
+ echo "Error, thttpd is not running."
+ else
+ echo "Stoping thttpd: kill $THTTPDPID"
+ kill $THTTPDPID
+ fi
+}
+
+thttpd_status() {
+ PIDOF=$(pgrep -f "$CMMD")
+ if [ ! -z "$PIDOF" ]; then
+ echo "thttpd is running."
+ else
+ echo "thttpd is not running."
+ fi
+}
+
+case $1 in
+ start)
+ thttpd_start
+ ;;
+ stop)
+ thttpd_stop
+ ;;
+ restart)
+ thttpd_stop
+ sleep 3
+ thttpd_start
+ ;;
+ status)
+ thttpd_status
+ ;;
+ *)
+ echo "Usage $0 {start|stop|restart|status}"
+ exit 1
+ ;;
+esac
diff --git a/network/thttpd/slack-desc b/network/thttpd/slack-desc
new file mode 100644
index 0000000000..887cb37051
--- /dev/null
+++ b/network/thttpd/slack-desc
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description. Line
+# up the first '|' above the ':' following the base package name, and the '|'
+# on the right side marks the last column you can put a character in. You must
+# make exactly 11 lines for the formatting to be correct. It's also
+# customary to leave one space after the ':'.
+
+ |-----handy-ruler------------------------------------------------------|
+thttpd: thttpd (the tiny/turbo/throttling HTTP server)
+thttpd:
+thttpd: thttpd is a simple, small, portable, fast, and secure HTTP server.
+thttpd: Simple: It handles only the minimum necessary to implement HTTP/1.1.
+thttpd: Well, maybe a little more than the minimum. Small: It has a very
+thttpd: small run-time size, since it does not fork and is very careful about
+thttpd: memory allocation. Portable: It compiles cleanly on most any
+thttpd: Unix-like OS. Fast: In typical use it's about as fast as the best
+thttpd: full-featured servers. Secure: It goes to great lengths to protect
+thttpd: the web server machine against attacks and breakins from other sites.
+thttpd: Homepage: http://acme.com/software/thttpd/
diff --git a/network/thttpd/thttpd.SlackBuild b/network/thttpd/thttpd.SlackBuild
new file mode 100644
index 0000000000..a05f174c62
--- /dev/null
+++ b/network/thttpd/thttpd.SlackBuild
@@ -0,0 +1,146 @@
+#!/bin/sh
+
+# Slackware build script for thttpd
+
+# Written by Antonio Hernández Blas <hba.nihilismus@gmail.com>
+
+# Copyright (c) 2008-2009, Antonio Hernández Blas <hba.nihilismus@gmail.com>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+# 1.- Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY
+# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+PRGNAM=thttpd
+VERSION=${VERSION:-2.25b}
+ARCH=${ARCH:-i486}
+BUILD=${BUILD:-1}
+TAG=${TAG:-_SBo}
+
+CWD=$(pwd)
+TMP=${TMP:-/tmp/SBo}
+PKG=$TMP/package-$PRGNAM
+OUTPUT=${OUTPUT:-/tmp}
+
+if [ "$ARCH" = "i486" ]; then
+ SLKCFLAGS="-O2 -march=i486 -mtune=i686"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "i686" ]; then
+ SLKCFLAGS="-O2 -march=i686 -mtune=i686"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "x86_64" ]; then
+ SLKCFLAGS="-O2 -fPIC"
+ LIBDIRSUFFIX="64"
+fi
+
+# Set the directory to serve through HTTP
+WEBDIR=${WEBDIR:-/var/www/$PRGNAM}
+
+set -e
+
+rm -rf $PKG
+mkdir -p $TMP $PKG $OUTPUT
+cd $TMP
+rm -rf $PRGNAM-$VERSION
+tar xvf $CWD/$PRGNAM-$VERSION.tar.gz
+cd $PRGNAM-$VERSION
+chown -R root:root .
+find . \
+ \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
+ -exec chmod 755 {} \; -o \
+ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
+ -exec chmod 644 {} \;
+
+# Apply some patches, from gentoo:
+cat $CWD/patches/additional-input-validation-httpd.c.diff | patch -p1
+cat $CWD/patches/fix-buffer-overflow.diff | patch -p1
+cat $CWD/patches/fix-insecure-tmp-creation-CVE-2005-3124.diff | patch -p1
+
+CFLAGS="$SLKCFLAGS" \
+CXXFLAGS="$SLKCFLAGS" \
+./configure \
+ --prefix=/usr \
+ --libdir=/usr/lib${LIBDIRSUFFIX} \
+ --sysconfdir=/etc \
+ --localstatedir=/var \
+ --mandir=/usr/man \
+ --build=$ARCH-slackware-linux
+
+# Fix 'DESTDIR'
+sed -i \
+ -e 's/$(DESTDIR)//g' \
+ -e '/prefix =/ s/\/usr/$(DESTDIR)\/usr/' \
+ -e '/MANDIR =/ s/\/usr\/man/$(DESTDIR)\/usr\/man/' \
+ -e '/WEBDIR =/ s/$(prefix)\/www/$(DESTDIR)'$(echo $WEBDIR | sed 's/\//\\\//g')'/' \
+ Makefile* extras/Makefile* cgi-src/Makefile*
+
+# Change the group to 'thttpd', rather than 'www'
+sed -i '/WEBGROUP =/ s/www/'$PRGNAM'/' Makefile* extras/Makefile* cgi-src/Makefile*
+
+## Use this line ONLY if your are going to build thttpd as a normal user.
+##sed -i '/WEBGROUP =/ s/www/'$(/bin/id -ng)'/' Makefile* extras/Makefile* cgi-src/Makefile*
+
+# Disable the use of bin as owner user and group.
+sed -i 's/-o bin -g bin//' Makefile* extras/Makefile* cgi-src/Makefile*
+# Create required directories
+mkdir -p $PKG/etc/rc.d $PKG/usr/man/man1 $PKG/etc/logrotate.d
+
+make
+make install DESTDIR=$PKG
+
+( cd $PKG
+ find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | \
+ xargs strip --strip-unneeded 2> /dev/null || true
+ find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | \
+ xargs strip --strip-unneeded 2> /dev/null
+)
+
+# Install default html file.
+install -m 644 index.html $PKG/$WEBDIR
+# Install default configuration file
+install -m 644 $CWD/$PRGNAM.conf $PKG/etc/$PRGNAM.conf.new
+# Edit the configuration file to reflect the value of $WEBDIR
+sed -i 's/^dir=.*/dir='$(echo $WEBDIR | sed 's/\//\\\//g')'/' $PKG/etc/$PRGNAM.conf.new
+# Install runtime script
+install -m 755 $CWD/rc.$PRGNAM $PKG/etc/rc.d/rc.$PRGNAM.new
+# Install lograte file
+install -m 644 $CWD/$PRGNAM.logrotate $PKG/etc/logrotate.d/$PRGNAM
+
+if [ -d $PKG/usr/man ]; then
+ ( cd $PKG/usr/man
+ find . -type f -exec gzip -9 {} \;
+ for i in $( find . -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done
+ )
+fi
+
+mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
+cp -a FILES INSTALL README TODO scripts $PKG/usr/doc/$PRGNAM-$VERSION
+cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
+
+mkdir -p $PKG/install
+cat $CWD/slack-desc > $PKG/install/slack-desc
+cat $CWD/doinst.sh > $PKG/install/doinst.sh
+echo "config etc/$PRGNAM.conf.new" >> $PKG/install/doinst.sh
+echo "config etc/rc.d/rc.$PRGNAM.new" >> $PKG/install/doinst.sh
+
+# Fix permissions.
+find $PKG/usr/doc/$PRGNAM-$VERSION -type f -exec chmod 644 {} \;
+
+# To avoid a conflict with httpd(apache) package.
+mv $PKG/usr/man/man1/htpasswd.1.gz $PKG/usr/man/man1/htpasswd-$PRGNAM.1.gz
+mv $PKG/usr/sbin/htpasswd $PKG/usr/sbin/htpasswd-$PRGNAM
+
+cd $PKG
+/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz}
diff --git a/network/thttpd/thttpd.conf b/network/thttpd/thttpd.conf
new file mode 100644
index 0000000000..22b9a9bb27
--- /dev/null
+++ b/network/thttpd/thttpd.conf
@@ -0,0 +1,9 @@
+# /etc/thttpd.conf
+# Minimal configuration file for thttpd
+# Check thttpd(8) for more options.
+host=localhost
+port=80
+user=thttpd
+dir=/var/www/thttpd
+logfile=/var/log/thttpd.log
+pidfile=/var/run/thttpd.pid
diff --git a/network/thttpd/thttpd.info b/network/thttpd/thttpd.info
new file mode 100644
index 0000000000..0106298f01
--- /dev/null
+++ b/network/thttpd/thttpd.info
@@ -0,0 +1,10 @@
+PRGNAM="thttpd"
+VERSION="2.25b"
+HOMEPAGE="http://acme.com/software/thttpd/"
+DOWNLOAD="http://acme.com/software/thttpd/thttpd-2.25b.tar.gz"
+MD5SUM="156b249b3b0bcd48b06badd2db0d56c5"
+DOWNLOAD_x86_64=""
+MD5SUM_x86_64=""
+MAINTAINER="Antonio Hernández Blas"
+EMAIL="hba.nihilismus@gmail.com"
+APPROVED="dsomero"
diff --git a/network/thttpd/thttpd.logrotate b/network/thttpd/thttpd.logrotate
new file mode 100644
index 0000000000..3c1cf98bea
--- /dev/null
+++ b/network/thttpd/thttpd.logrotate
@@ -0,0 +1,12 @@
+/var/log/thttpd.log {
+ daily
+ rotate 5
+ compress
+ delaycompress
+ missingok
+ notifempty
+ sharedscripts
+ postrotate
+ /etc/rc.d/rc.thttpd restart
+ endscript
+}