Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Thilo Bangert (bangert)" <bangert@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo-x86 commit in www-servers/lighttpd/files/1.4.18-r2: 03_all_lighttpd-1.4.11-errorlog-pipe.diff 04_all_lighttpd-1.4.13-deprecated-ldap-api.diff 05_all_lighttpd-fix-DoS.diff 06_all_lighttpd-1.4.18-mod_cgi_source_disclosure-changeset-211956.diff
Date: Sat, 01 Mar 2008 17:34:57
Message-Id: E1JVVbq-0002iL-HK@stork.gentoo.org
1 bangert 08/03/01 17:34:54
2
3 Added: 03_all_lighttpd-1.4.11-errorlog-pipe.diff
4 04_all_lighttpd-1.4.13-deprecated-ldap-api.diff
5 05_all_lighttpd-fix-DoS.diff
6 06_all_lighttpd-1.4.18-mod_cgi_source_disclosure-changeset-211956.diff
7 Log:
8 version bump - fix source disclosure - bug #211956
9 (Portage version: 2.1.4.4)
10 (Unsigned Manifest commit)
11
12 Revision Changes Path
13 1.1 www-servers/lighttpd/files/1.4.18-r2/03_all_lighttpd-1.4.11-errorlog-pipe.diff
14
15 file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/www-servers/lighttpd/files/1.4.18-r2/03_all_lighttpd-1.4.11-errorlog-pipe.diff?rev=1.1&view=markup
16 plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/www-servers/lighttpd/files/1.4.18-r2/03_all_lighttpd-1.4.11-errorlog-pipe.diff?rev=1.1&content-type=text/plain
17
18 Index: 03_all_lighttpd-1.4.11-errorlog-pipe.diff
19 ===================================================================
20 diff -ur lighttpd-1.4.11.orig/src/base.h lighttpd-1.4.11/src/base.h
21 --- lighttpd-1.4.11.orig/src/base.h 2006-01-13 06:51:04.000000000 -0800
22 +++ lighttpd-1.4.11/src/base.h 2006-12-17 18:01:39.000000000 -0800
23 @@ -505,7 +505,7 @@
24
25 /* the errorlog */
26 int errorlog_fd;
27 - enum { ERRORLOG_STDERR, ERRORLOG_FILE, ERRORLOG_SYSLOG } errorlog_mode;
28 + enum { ERRORLOG_STDERR, ERRORLOG_FILE, ERRORLOG_SYSLOG, ERRORLOG_PIPE } errorlog_mode;
29 buffer *errorlog_buf;
30
31 fdevents *ev, *ev_ins;
32 diff -ur lighttpd-1.4.11.orig/src/log.c lighttpd-1.4.11/src/log.c
33 --- lighttpd-1.4.11.orig/src/log.c 2005-13-07 05:01:35.000000000 -0800
34 +++ lighttpd-1.4.11/src/log.c 2006-12-17 18:09:43.000000000 -0800
35 @@ -34,10 +34,11 @@
36 /**
37 * open the errorlog
38 *
39 - * we have 3 possibilities:
40 + * we have 4 possibilities:
41 * - stderr (default)
42 * - syslog
43 * - logfile
44 + * - pipe
45 *
46 * if the open failed, report to the user and die
47 *
48 @@ -57,21 +58,81 @@
49 srv->errorlog_mode = ERRORLOG_SYSLOG;
50 } else if (!buffer_is_empty(srv->srvconf.errorlog_file)) {
51 const char *logfile = srv->srvconf.errorlog_file->ptr;
52 -
53 - if (-1 == (srv->errorlog_fd = open(logfile, O_APPEND | O_WRONLY | O_CREAT | O_LARGEFILE, 0644))) {
54 - log_error_write(srv, __FILE__, __LINE__, "SSSS",
55 - "opening errorlog '", logfile,
56 - "' failed: ", strerror(errno));
57 -
58 +
59 + if (logfile[0] == '|') {
60 +#ifdef HAVE_FORK
61 + /* create write pipe and spawn process */
62 +
63 + int to_log_fds[2];
64 + pid_t pid;
65 +
66 + if (pipe(to_log_fds)) {
67 + log_error_write(srv, __FILE__, __LINE__, "ss",
68 + "pipe failed: ", strerror(errno));
69 + return -1;
70 + }
71 +
72 + /* fork, execve */
73 + switch (pid = fork()) {
74 + case 0:
75 + /* child */
76 +
77 + close(STDIN_FILENO);
78 + dup2(to_log_fds[0], STDIN_FILENO);
79 + close(to_log_fds[0]);
80 + /* not needed */
81 + close(to_log_fds[1]);
82 +
83 + /* we don't need the client socket */
84 + for (fd = 3; fd < 256; fd++) {
85 + close(fd);
86 + }
87 +
88 + /* exec the log-process (skip the | )
89 + *
90 + */
91 +
92 + execl("/bin/sh", "sh", "-c", logfile + 1, NULL);
93 +
94 + log_error_write(srv, __FILE__, __LINE__, "sss",
95 + "spawning log-process failed: ",
96 + strerror(errno), logfile + 1);
97 +
98 + exit(-1);
99 + break;
100 + case -1:
101 + /* error */
102 + log_error_write(srv, __FILE__, __LINE__, "ss", "fork failed:", strerror(errno));
103 + break;
104 + default:
105 + close(to_log_fds[0]);
106 +
107 + srv->errorlog_fd = to_log_fds[1];
108 +
109 + break;
110 + }
111 + srv->errorlog_mode = ERRORLOG_PIPE;
112 +#else
113 + log_error_write(srv, __FILE__, __LINE__, "SSS",
114 + "opening errorlog '", logfile,"' impossible");
115 return -1;
116 - }
117 +#endif
118 + } else {
119 + if (-1 == (srv->errorlog_fd = open(logfile, O_APPEND | O_WRONLY | O_CREAT | O_LARGEFILE, 0644))) {
120 + log_error_write(srv, __FILE__, __LINE__, "SSSS",
121 + "opening errorlog '", logfile,
122 + "' failed: ", strerror(errno));
123 +
124 + return -1;
125 + }
126 + srv->errorlog_mode = ERRORLOG_FILE;
127 + }
128 #ifdef FD_CLOEXEC
129 - /* close fd on exec (cgi) */
130 - fcntl(srv->errorlog_fd, F_SETFD, FD_CLOEXEC);
131 + /* close fd on exec (cgi) */
132 + fcntl(srv->errorlog_fd, F_SETFD, FD_CLOEXEC);
133 #endif
134 - srv->errorlog_mode = ERRORLOG_FILE;
135 - }
136 -
137 + }
138 +
139 log_error_write(srv, __FILE__, __LINE__, "s", "server started");
140
141 #ifdef HAVE_VALGRIND_VALGRIND_H
142 @@ -99,7 +160,7 @@
143 */
144
145 int log_error_cycle(server *srv) {
146 - /* only cycle if we are not in syslog-mode */
147 + /* only cycle if the error log is a file */
148
149 if (srv->errorlog_mode == ERRORLOG_FILE) {
150 const char *logfile = srv->srvconf.errorlog_file->ptr;
151 @@ -135,6 +196,7 @@
152 log_error_write(srv, __FILE__, __LINE__, "s", "server stopped");
153
154 switch(srv->errorlog_mode) {
155 + case ERRORLOG_PIPE: /* fall through */
156 case ERRORLOG_FILE:
157 close(srv->errorlog_fd);
158 break;
159 @@ -154,6 +216,7 @@
160 va_list ap;
161
162 switch(srv->errorlog_mode) {
163 + case ERRORLOG_PIPE:
164 case ERRORLOG_FILE:
165 case ERRORLOG_STDERR:
166 /* cache the generated timestamp */
167 @@ -238,6 +301,7 @@
168 va_end(ap);
169
170 switch(srv->errorlog_mode) {
171 + case ERRORLOG_PIPE: /* fall through */
172 case ERRORLOG_FILE:
173 BUFFER_APPEND_STRING_CONST(srv->errorlog_buf, "\n");
174 write(srv->errorlog_fd, srv->errorlog_buf->ptr, srv->errorlog_buf->used - 1);
175 diff -ur lighttpd-1.4.11.orig/src/mod_cgi.c lighttpd-1.4.11/src/mod_cgi.c
176 --- lighttpd-1.4.11.orig/src/mod_cgi.c 2006-02-22 05:15:10.000000000 -0800
177 +++ lighttpd-1.4.11/src/mod_cgi.c 2006-12-17 18:01:39.000000000 -0800
178 @@ -750,7 +750,7 @@
179 *
180 * we feed the stderr of the CGI to our errorlog, if possible
181 */
182 - if (srv->errorlog_mode == ERRORLOG_FILE) {
183 + if ((srv->errorlog_mode == ERRORLOG_FILE) || (srv->errorlog_mode == ERRORLOG_PIPE)) {
184 close(STDERR_FILENO);
185 dup2(srv->errorlog_fd, STDERR_FILENO);
186 }
187 diff -ur lighttpd-1.4.11.orig/src/mod_rrdtool.c lighttpd-1.4.11/src/mod_rrdtool.c
188 --- lighttpd-1.4.11.orig/src/mod_rrdtool.c 2005-08-21 15:52:24.000000000 -0700
189 +++ lighttpd-1.4.11/src/mod_rrdtool.c 2006-12-17 18:01:39.000000000 -0800
190 @@ -134,7 +134,7 @@
191
192 close(STDERR_FILENO);
193
194 - if (srv->errorlog_mode == ERRORLOG_FILE) {
195 + if ((srv->errorlog_mode == ERRORLOG_FILE) || (srv->errorlog_mode == ERRORLOG_PIPE)) {
196 dup2(srv->errorlog_fd, STDERR_FILENO);
197 close(srv->errorlog_fd);
198 }
199
200
201
202 1.1 www-servers/lighttpd/files/1.4.18-r2/04_all_lighttpd-1.4.13-deprecated-ldap-api.diff
203
204 file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/www-servers/lighttpd/files/1.4.18-r2/04_all_lighttpd-1.4.13-deprecated-ldap-api.diff?rev=1.1&view=markup
205 plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/www-servers/lighttpd/files/1.4.18-r2/04_all_lighttpd-1.4.13-deprecated-ldap-api.diff?rev=1.1&content-type=text/plain
206
207 Index: 04_all_lighttpd-1.4.13-deprecated-ldap-api.diff
208 ===================================================================
209 --- lighttpd-1.4.13.old/src/Makefile.am 2006-10-09 12:19:34.000000000 -0400
210 +++ lighttpd-1.4.13/src/Makefile.am 2007-03-26 10:10:26.000000000 -0400
211 @@ -213,6 +213,7 @@
212 mod_auth_la_SOURCES = mod_auth.c http_auth_digest.c http_auth.c
213 mod_auth_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
214 mod_auth_la_LIBADD = $(CRYPT_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd)
215 +mod_auth_la_CFLAGS = -DLDAP_DEPRECATED
216
217 lib_LTLIBRARIES += mod_rewrite.la
218 mod_rewrite_la_SOURCES = mod_rewrite.c
219
220
221
222 1.1 www-servers/lighttpd/files/1.4.18-r2/05_all_lighttpd-fix-DoS.diff
223
224 file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/www-servers/lighttpd/files/1.4.18-r2/05_all_lighttpd-fix-DoS.diff?rev=1.1&view=markup
225 plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/www-servers/lighttpd/files/1.4.18-r2/05_all_lighttpd-fix-DoS.diff?rev=1.1&content-type=text/plain
226
227 Index: 05_all_lighttpd-fix-DoS.diff
228 ===================================================================
229 diff -ur lighttpd-1.4.18.orig/src/fdevent_solaris_devpoll.c lighttpd-1.4.18/src/fdevent_solaris_devpoll.c
230 --- lighttpd-1.4.18.orig/src/fdevent_solaris_devpoll.c 2006-10-04 14:26:23.000000000 +0100
231 +++ lighttpd-1.4.18/src/fdevent_solaris_devpoll.c 2008-02-24 15:41:13.000000000 +0000
232 @@ -67,7 +67,7 @@
233 int ret;
234
235 dopoll.dp_timeout = timeout_ms;
236 - dopoll.dp_nfds = ev->maxfds;
237 + dopoll.dp_nfds = ev->maxfds - 1;
238 dopoll.dp_fds = ev->devpollfds;
239
240 ret = ioctl(ev->devpoll_fd, DP_POLL, &dopoll);
241 diff -ur lighttpd-1.4.18.orig/src/server.c lighttpd-1.4.18/src/server.c
242 --- lighttpd-1.4.18.orig/src/server.c 2007-09-05 11:39:56.000000000 +0100
243 +++ lighttpd-1.4.18/src/server.c 2008-02-24 15:40:38.000000000 +0000
244 @@ -697,9 +697,6 @@
245 }
246 }
247
248 - /* #372: solaris need some fds extra for devpoll */
249 - if (rlim.rlim_cur > 10) rlim.rlim_cur -= 10;
250 -
251 if (srv->event_handler == FDEVENT_HANDLER_SELECT) {
252 srv->max_fds = rlim.rlim_cur < FD_SETSIZE - 200 ? rlim.rlim_cur : FD_SETSIZE - 200;
253 } else {
254
255
256
257 1.1 www-servers/lighttpd/files/1.4.18-r2/06_all_lighttpd-1.4.18-mod_cgi_source_disclosure-changeset-211956.diff
258
259 file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/www-servers/lighttpd/files/1.4.18-r2/06_all_lighttpd-1.4.18-mod_cgi_source_disclosure-changeset-211956.diff?rev=1.1&view=markup
260 plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/www-servers/lighttpd/files/1.4.18-r2/06_all_lighttpd-1.4.18-mod_cgi_source_disclosure-changeset-211956.diff?rev=1.1&content-type=text/plain
261
262 Index: 06_all_lighttpd-1.4.18-mod_cgi_source_disclosure-changeset-211956.diff
263 ===================================================================
264 Index: /branches/lighttpd-1.4.x/src/mod_cgi.c
265 ===================================================================
266 --- /branches/lighttpd-1.4.x/src/mod_cgi.c (revision 2065)
267 +++ /branches/lighttpd-1.4.x/src/mod_cgi.c (revision 2107)
268 @@ -1005,4 +1005,5 @@
269 /* error */
270 log_error_write(srv, __FILE__, __LINE__, "ss", "fork failed:", strerror(errno));
271 + return -1;
272 break;
273 default: {
274 Index: /branches/lighttpd-1.4.x/NEWS
275 ===================================================================
276 --- /branches/lighttpd-1.4.x/NEWS (revision 2106)
277 +++ /branches/lighttpd-1.4.x/NEWS (revision 2107)
278 @@ -46,4 +46,5 @@
279 * fixed body handling of status 300 requests
280 * spawn-fcgi: only try to connect to unix socket (not tcp) before spawning (#1575)
281 + * fix sending source of cgi script instead of 500 error if fork fails
282
283 - 1.4.18 - 2007-09-09
284
285
286
287 --
288 gentoo-commits@l.g.o mailing list
Report Message
Find on MARC Find on Google Groups