[packages/lighttpd] up to 1.4.36

glen glen at pld-linux.org
Sun Jul 26 17:53:00 CEST 2015 

commit 5cf37abe32507f06f8107c185858062fece7ac8a
Author: Elan Ruusamäe <glen at delfi.ee>
Date:   Sun Jul 26 18:23:12 2015 +0300

    up to 1.4.36
    
    Important changes:
    
    - [ssl] disable SSL3.0 by default
    - escape all strings for logging
    - fix segfault when temp file for upload couldn't be created (found by coverity)
    - changes to the internal API for buffers, chunks and more; 3rd party plugins are likely to break
    
    ther fixes
    - fix hex escape in accesslog (fixes #2559) CVE-2015-3200

 env-documentroot.patch  | 44 ++++++++++++++++++++------------------------
 lighttpd-branding.patch |  8 ++++----
 lighttpd.spec           | 12 +++++++-----
 3 files changed, 31 insertions(+), 33 deletions(-)
---
diff --git a/lighttpd.spec b/lighttpd.spec
index c2c4894..ba6cc84 100644
--- a/lighttpd.spec
+++ b/lighttpd.spec
@@ -29,12 +29,12 @@
 Summary:	Fast and light HTTP server
 Summary(pl.UTF-8):	Szybki i lekki serwer HTTP
 Name:		lighttpd
-Version:	1.4.35
-Release:	6
+Version:	1.4.36
+Release:	1
 License:	BSD
 Group:		Networking/Daemons/HTTP
-Source0:	http://download.lighttpd.net/lighttpd/releases-1.4.x/%{name}-%{version}.tar.bz2
-# Source0-md5:	f7a88130ee9984b421ad8aa80629750a
+Source0:	http://download.lighttpd.net/lighttpd/releases-1.4.x/%{name}-%{version}.tar.xz
+# Source0-md5:	1843daffcb018aa528f6d15d43544654
 Source1:	%{name}.init
 Source2:	%{name}.conf
 Source3:	%{name}.user
@@ -131,8 +131,10 @@ BuildRequires:	pkgconfig
 BuildRequires:	rpm >= 4.4.9-56
 BuildRequires:	rpmbuild(macros) >= 1.647
 %{?with_webdav_props:BuildRequires:	sqlite3-devel}
+BuildRequires:	tar >= 1:1.22
 %{?with_valgrind:BuildRequires:	valgrind}
 BuildRequires:	which
+BuildRequires:	xz
 BuildRequires:	zlib-devel
 Requires(post,preun):	/sbin/chkconfig
 Requires(postun):	/usr/sbin/groupdel
@@ -840,7 +842,7 @@ Plik monitrc do monitorowania serwera www lighttpd.
 %patch3 -p1
 %{?with_deflate:%patch5 -p1}
 %patch6 -p1
-%patch7 -p0
+%patch7 -p1
 
 rm -f src/mod_ssi_exprparser.h # bad patching: should be removed by is emptied instead
 
diff --git a/env-documentroot.patch b/env-documentroot.patch
index eea738e..e225dc3 100644
--- a/env-documentroot.patch
+++ b/env-documentroot.patch
@@ -2,16 +2,14 @@ revert:
 
 -  * [*cgi] Use physical base dir (alias, userdir) as DOCUMENT_ROOT in cgi environments (fixes #2216)
  
-Index: src/mod_fastcgi.c
-===================================================================
---- src/mod_fastcgi.c	(revision 2794)
-+++ src/mod_fastcgi.c	(revision 2793)
-@@ -1968,7 +1968,7 @@
- 			if (!buffer_is_empty(host->docroot)) {
- 				buffer_copy_string_buffer(p->path, host->docroot);
+--- lighttpd-1.4.36/src/mod_fastcgi.c~	2015-07-26 18:30:29.000000000 +0300
++++ lighttpd-1.4.36/src/mod_fastcgi.c	2015-07-26 18:31:50.285226477 +0300
+@@ -1918,7 +1918,7 @@
+ 			if (!buffer_string_is_empty(host->docroot)) {
+ 				buffer_copy_buffer(p->path, host->docroot);
  			} else {
--				buffer_copy_string_buffer(p->path, con->physical.basedir);
-+				buffer_copy_string_buffer(p->path, con->physical.doc_root);
+-				buffer_copy_buffer(p->path, con->physical.basedir);
++				buffer_copy_buffer(p->path, con->physical.doc_root);
  			}
  			buffer_append_string_buffer(p->path, con->request.pathinfo);
  			FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("PATH_TRANSLATED"), CONST_BUF_LEN(p->path)),con)
@@ -24,24 +22,22 @@ Index: src/mod_fastcgi.c
  	}
  
  	if (host->strip_request_uri->used > 1) {
-@@ -3273,7 +3273,6 @@
+@@ -3108,7 +3108,6 @@
  				 */
  
- 				buffer_copy_string_buffer(con->physical.doc_root, host->docroot);
--				buffer_copy_string_buffer(con->physical.basedir, host->docroot);
+ 				buffer_copy_buffer(con->physical.doc_root, host->docroot);
+-				buffer_copy_buffer(con->physical.basedir, host->docroot);
  
- 				buffer_copy_string_buffer(con->physical.path, host->docroot);
+ 				buffer_copy_buffer(con->physical.path, host->docroot);
  				buffer_append_string_buffer(con->physical.path, con->uri.path);
-Index: src/mod_scgi.c
-===================================================================
---- src/mod_scgi.c	(revision 2794)
-+++ src/mod_scgi.c	(revision 2793)
-@@ -1558,7 +1558,7 @@
- 		if (!buffer_is_empty(host->docroot)) {
- 			buffer_copy_string_buffer(p->path, host->docroot);
+--- lighttpd-1.4.36/src/mod_scgi.c~	2015-07-26 18:30:29.000000000 +0300
++++ lighttpd-1.4.36/src/mod_scgi.c	2015-07-26 18:33:12.406160926 +0300
+@@ -1547,7 +1547,7 @@
+ 		if (!buffer_string_is_empty(host->docroot)) {
+ 			buffer_copy_buffer(p->path, host->docroot);
  		} else {
--			buffer_copy_string_buffer(p->path, con->physical.basedir);
-+			buffer_copy_string_buffer(p->path, con->physical.doc_root);
+-			buffer_copy_buffer(p->path, con->physical.basedir);
++			buffer_copy_buffer(p->path, con->physical.doc_root);
  		}
  		buffer_append_string_buffer(p->path, con->request.pathinfo);
  		scgi_env_add(p->scgi_env, CONST_STR_LEN("PATH_TRANSLATED"), CONST_BUF_LEN(p->path));
@@ -56,8 +52,8 @@ Index: src/mod_scgi.c
  	if (!buffer_is_equal(con->request.uri, con->request.orig_uri)) {
 Index: src/mod_cgi.c
 ===================================================================
---- src/mod_cgi.c	(revision 2794)
-+++ src/mod_cgi.c	(revision 2793)
+--- ./src/mod_cgi.c	(revision 2794)
++++ ./src/mod_cgi.c	(revision 2793)
 @@ -928,7 +928,7 @@
  		cgi_env_add(&env, CONST_STR_LEN("CONTENT_LENGTH"), buf, strlen(buf));
  		cgi_env_add(&env, CONST_STR_LEN("SCRIPT_FILENAME"), CONST_BUF_LEN(con->physical.path));
diff --git a/lighttpd-branding.patch b/lighttpd-branding.patch
index 9fdf8a5..bcb01c5 100644
--- a/lighttpd-branding.patch
+++ b/lighttpd-branding.patch
@@ -1,11 +1,11 @@
---- lighttpd-1.4.22/src/response.c~	2009-04-17 00:50:21.000000000 +0300
-+++ lighttpd-1.4.22/src/response.c	2009-04-17 00:51:22.174367972 +0300
-@@ -105,7 +105,7 @@
+--- lighttpd-1.4.36/src/response.c~	2015-07-26 13:36:36.000000000 +0300
++++ lighttpd-1.4.36/src/response.c	2015-07-26 18:29:48.302220417 +0300
+@@ -109,7 +109,7 @@
  
  	if (!have_server) {
  		if (buffer_is_empty(con->conf.server_tag)) {
 -			buffer_append_string_len(b, CONST_STR_LEN("\r\nServer: " PACKAGE_DESC));
 +			buffer_append_string_len(b, CONST_STR_LEN("\r\nServer: " PACKAGE_DESC " (PLD Linux)"));
- 		} else if (con->conf.server_tag->used > 1) {
+ 		} else if (!buffer_string_is_empty(con->conf.server_tag)) {
  			buffer_append_string_len(b, CONST_STR_LEN("\r\nServer: "));
  			buffer_append_string_encoded(b, CONST_BUF_LEN(con->conf.server_tag), ENCODING_HTTP_HEADER);
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/lighttpd.git/commitdiff/5cf37abe32507f06f8107c185858062fece7ac8a

More information about the pld-cvs-commit mailing list