# ChangeLog for www-servers/thttpd
# Copyright 2000-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/www-servers/thttpd/ChangeLog,v 1.21 2007/02/02 13:36:58 gustavoz Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-servers/thttpd/ChangeLog,v 1.22 2007/02/28 22:48:06 bangert Exp $
+
+*thttpd-2.25b-r7 (28 Feb 2007)
+
+ 28 Feb 2007; Thilo Bangert <bangert@gentoo.org>
+ +files/thttpd-2.25/additional-input-validation-httpd.c.diff,
+ +files/thttpd.logrotate, +thttpd-2.25b-r7.ebuild:
+ add logrotate script (bug #150993)
+ run under thttpd user instead of nobody (bug #151227)
+ extra input sanitation for htpasswd (bug #128165)
+ einfo -> elog
02 Feb 2007; Gustavo Zacarias <gustavoz@gentoo.org>
thttpd-2.25b-r6.ebuild:
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
+AUX thttpd-2.25/additional-input-validation-httpd.c.diff 2249 RMD160 ad101512e54d1c154dc039d616067456e0130a7e SHA1 88eebce793c19d16a7a394b6142f412d92e511a2 SHA256 28fb9fa693a636df82627701df1e777bc28ffcefe90132391cbed1dc901ce51c
+MD5 87fb91f59e40c2de942a37deb499235a files/thttpd-2.25/additional-input-validation-httpd.c.diff 2249
+RMD160 ad101512e54d1c154dc039d616067456e0130a7e files/thttpd-2.25/additional-input-validation-httpd.c.diff 2249
+SHA256 28fb9fa693a636df82627701df1e777bc28ffcefe90132391cbed1dc901ce51c files/thttpd-2.25/additional-input-validation-httpd.c.diff 2249
AUX thttpd-2.25/fix-buffer-overflow.diff 947 RMD160 30b80b19e792e0dce3eb238f664501a61bc5a3a7 SHA1 645316b836c731dc0385cfa7851c4dea8edc530c SHA256 3ef0b098398b052eb37711d1a0eb2f0cff556f606c3427d1d0529042368ce1ad
MD5 be5e988d692261221c38e9b6488aa270 files/thttpd-2.25/fix-buffer-overflow.diff 947
RMD160 30b80b19e792e0dce3eb238f664501a61bc5a3a7 files/thttpd-2.25/fix-buffer-overflow.diff 947
MD5 6a79014b083c00c6acc79966655ae42c files/thttpd-2.25/thttpd.init 745
RMD160 cb2eda2714728f8cee568b83013f3b5bb70974e7 files/thttpd-2.25/thttpd.init 745
SHA256 5e4512079ef620a442833a3ff05c0c4ac2856c6c65cc13da8191bd67d0b1b5da files/thttpd-2.25/thttpd.init 745
+AUX thttpd.logrotate 197 RMD160 28c782571b226e49680a80bcbe5313ccc2a92d5c SHA1 384127ca1725a08fcfcd08de46a200c53966c24e SHA256 0399d9fdc31a5555307d33c4744b21271e9d7d4d6ded78573fb9b2210f593bc6
+MD5 dd910647c802071d34757437aede6d84 files/thttpd.logrotate 197
+RMD160 28c782571b226e49680a80bcbe5313ccc2a92d5c files/thttpd.logrotate 197
+SHA256 0399d9fdc31a5555307d33c4744b21271e9d7d4d6ded78573fb9b2210f593bc6 files/thttpd.logrotate 197
DIST thttpd-2.25b.tar.gz 132363 RMD160 15020e8d04d27b30c4da3104387a281e35d58025 SHA1 51bc25ef035d7557c869a02ce353580a1cadfa2c SHA256 4ceaa30ef55702d5cfdffdccd3a2dee8d3090e852c18c7ce8d17d692ad0bf024
EBUILD thttpd-2.25b-r5.ebuild 1357 RMD160 c3dd07012808a1f61ee5d9597f342c9f5d68ddcf SHA1 2300ac6036ada5fdbfe53cbbd47815eb6b6cf363 SHA256 28a9f088b1f38c91475c4344774bfb226497b41b293c4b0ab88700f855cd5797
MD5 f924e24f539d6e313d69ae301ff675d3 thttpd-2.25b-r5.ebuild 1357
MD5 64474022685c6bf9d8fffad9d45c81f3 thttpd-2.25b-r6.ebuild 1334
RMD160 6b964651ea11c38e3e32b045aaa4b59cb0f4bffc thttpd-2.25b-r6.ebuild 1334
SHA256 8d5d0bda1e52ad1b137e59af58b712023344a2f7c038a178ed85608e98e2013d thttpd-2.25b-r6.ebuild 1334
-MISC ChangeLog 4427 RMD160 98a28ba13f7d233d13968de29ec372140b87b2c9 SHA1 10ef91765c0c9f427a2bedd272c05a5b818af7cf SHA256 82fba538a7726b46fb59b7f676302b2dfdd410756a6f644c86cb5935176ca5f1
-MD5 4ff5a23075b983c3b74baad283fcc894 ChangeLog 4427
-RMD160 98a28ba13f7d233d13968de29ec372140b87b2c9 ChangeLog 4427
-SHA256 82fba538a7726b46fb59b7f676302b2dfdd410756a6f644c86cb5935176ca5f1 ChangeLog 4427
+EBUILD thttpd-2.25b-r7.ebuild 1550 RMD160 c3a05530b389a32ccd48c3186052545e48734c6d SHA1 32b48bb64085749b03085179fcdd7defc59fa134 SHA256 51132b59299160f6151f7a4b2824632ef491b712327514bbb9a3cfb77585a46d
+MD5 34fadc5f7897a21884f457e854534ca8 thttpd-2.25b-r7.ebuild 1550
+RMD160 c3a05530b389a32ccd48c3186052545e48734c6d thttpd-2.25b-r7.ebuild 1550
+SHA256 51132b59299160f6151f7a4b2824632ef491b712327514bbb9a3cfb77585a46d thttpd-2.25b-r7.ebuild 1550
+MISC ChangeLog 4785 RMD160 6d9d17016f128a1ebb1845f32bd3e670428c8444 SHA1 f012270c72a477e1a7ecd4369ac0ec1100aabfeb SHA256 ddeac812c55c4b59340d56b851b832776087eb785a2e1ab399ea4e331bd7fef1
+MD5 e3ca618172477a66d5babbd3dfeb14a5 ChangeLog 4785
+RMD160 6d9d17016f128a1ebb1845f32bd3e670428c8444 ChangeLog 4785
+SHA256 ddeac812c55c4b59340d56b851b832776087eb785a2e1ab399ea4e331bd7fef1 ChangeLog 4785
MISC metadata.xml 165 RMD160 121ee15955e06988e10dbe52ca5abd31d2529ce9 SHA1 f13cc4199505863990c257fe060882a5f9a32aab SHA256 f8fe79331ed918344f1ff85578f9a39c0c0925017f3f7de12619e4917acf577c
MD5 4a186842848d9c384e2d12785ba426bc metadata.xml 165
RMD160 121ee15955e06988e10dbe52ca5abd31d2529ce9 metadata.xml 165
MD5 4bc6def57b02ee5c45bb3bd196b36642 files/digest-thttpd-2.25b-r6 238
RMD160 ba623358749f8f3fe04f6ae043e7f76f10e67a4c files/digest-thttpd-2.25b-r6 238
SHA256 6e08f96c75dcd361ad63bd4aab9229f8cf6d544622eb8612ae57fddca2ee2a6e files/digest-thttpd-2.25b-r6 238
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.6-ecc01.6 (GNU/Linux)
-
-iD8DBQFFwz6KKRy60XGEcJIRArq8AJ9T9Bvj3jmkUaZiWPr/re6HbAln5ACgoaKl
-Vy3Vi58P3D9nIGVY+VN5Zbo=
-=YbYd
------END PGP SIGNATURE-----
+MD5 4bc6def57b02ee5c45bb3bd196b36642 files/digest-thttpd-2.25b-r7 238
+RMD160 ba623358749f8f3fe04f6ae043e7f76f10e67a4c files/digest-thttpd-2.25b-r7 238
+SHA256 6e08f96c75dcd361ad63bd4aab9229f8cf6d544622eb8612ae57fddca2ee2a6e files/digest-thttpd-2.25b-r7 238
--- /dev/null
+MD5 a0e9cd87455d3a0ea11e5ea7e947adf6 thttpd-2.25b.tar.gz 132363
+RMD160 15020e8d04d27b30c4da3104387a281e35d58025 thttpd-2.25b.tar.gz 132363
+SHA256 4ceaa30ef55702d5cfdffdccd3a2dee8d3090e852c18c7ce8d17d692ad0bf024 thttpd-2.25b.tar.gz 132363
--- /dev/null
+--- thttpd-2.25b/extras/htpasswd.c.orig 2006-03-31 04:12:42.281317000 +0000
++++ thttpd-2.25b/extras/htpasswd.c 2006-03-31 05:21:37.741632392 +0000
+@@ -151,6 +151,7 @@ void interrupted(int signo) {
+ int main(int argc, char *argv[]) {
+ FILE *tfp,*f;
+ char user[MAX_STRING_LEN];
++ char pwfilename[MAX_STRING_LEN];
+ char line[MAX_STRING_LEN];
+ char l[MAX_STRING_LEN];
+ char w[MAX_STRING_LEN];
+@@ -168,6 +169,25 @@ int main(int argc, char *argv[]) {
+ perror("fopen");
+ exit(1);
+ }
++ if (strlen(argv[2]) > (sizeof(pwfilename) - 1)) {
++ fprintf(stderr, "%s: filename is too long\n", argv[0]);
++ exit(1);
++ }
++ if (((strchr(argv[2], ';')) != NULL) || ((strchr(argv[2], '>')) != NULL)) {
++ fprintf(stderr, "%s: filename contains an illegal character\n",
++ argv[0]);
++ exit(1);
++ }
++ if (strlen(argv[3]) > (sizeof(user) - 1)) {
++ fprintf(stderr, "%s: username is too long\n", argv[0],
++ sizeof(user) - 1);
++ exit(1);
++ }
++ if ((strchr(argv[3], ':')) != NULL) {
++ fprintf(stderr, "%s: username contains an illegal character\n",
++ argv[0]);
++ exit(1);
++ }
+ printf("Adding password for %s.\n",argv[3]);
+ add_password(argv[3],tfp);
+ fclose(tfp);
+@@ -180,6 +200,25 @@ int main(int argc, char *argv[]) {
+ exit(1);
+ }
+
++ if (strlen(argv[1]) > (sizeof(pwfilename) - 1)) {
++ fprintf(stderr, "%s: filename is too long\n", argv[0]);
++ exit(1);
++ }
++ if (((strchr(argv[1], ';')) != NULL) || ((strchr(argv[1], '>')) != NULL)) {
++ fprintf(stderr, "%s: filename contains an illegal character\n",
++ argv[0]);
++ exit(1);
++ }
++ if (strlen(argv[2]) > (sizeof(user) - 1)) {
++ fprintf(stderr, "%s: username is too long\n", argv[0],
++ sizeof(user) - 1);
++ exit(1);
++ }
++ if ((strchr(argv[2], ':')) != NULL) {
++ fprintf(stderr, "%s: username contains an illegal character\n",
++ argv[0]);
++ exit(1);
++ }
+ if(!(f = fopen(argv[1],"r"))) {
+ fprintf(stderr,
+ "Could not open passwd file %s for reading.\n",argv[1]);
--- /dev/null
+/var/log/thttpd.log {
+ daily
+ rotate 5
+ compress
+ delaycompress
+ missingok
+ notifempty
+ sharedscripts
+ postrotate
+ kill -HUP `cat /var/run/thttpd.pid 2>/dev/null` 2>/dev/null || true
+ endscript
+}
--- /dev/null
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/www-servers/thttpd/thttpd-2.25b-r7.ebuild,v 1.1 2007/02/28 22:48:06 bangert Exp $
+
+inherit eutils flag-o-matic
+
+MY_P="${P%[a-z]*}"
+
+DESCRIPTION="Small and fast multiplexing webserver."
+HOMEPAGE="http://www.acme.com/software/thttpd/"
+SRC_URI="http://www.acme.com/software/thttpd/${P}.tar.gz"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~amd64 ~hppa ~mips ~ppc ~sparc ~x86 ~x86-fbsd"
+IUSE="static"
+
+THTTPD_USER=thttpd
+THTTPD_GROUP=thttpd
+
+src_unpack() {
+ unpack ${A}
+ cd ${S}
+ epatch ${FILESDIR}/${MY_P}/*.diff
+}
+
+pkg_setup() {
+ enewgroup ${THTTPD_GROUP}
+ enewuser ${THTTPD_USER} -1 -1 -1 ${THTTPD_GROUP}
+}
+
+src_compile() {
+ ## TODO: what to do with IPv6?
+
+ append-ldflags $(bindnow-flags)
+ use static && append-ldflags -static
+
+ econf || die "econf failed"
+ emake || die "emake failed"
+}
+
+src_install () {
+ dodir /usr/share/man/man1
+ make prefix=${D}/usr \
+ MANDIR=${D}/usr/share/man \
+ WEBGROUP=${THTTPD_GROUP} \
+ WEBDIR=${D}/var/www/localhost \
+ "$@" install || die "make install failed"
+
+ mv ${D}/usr/sbin/{,th_}htpasswd
+ mv ${D}/usr/share/man/man1/{,th_}htpasswd.1
+
+ newinitd ${FILESDIR}/${MY_P}/thttpd.init thttpd
+ newconfd ${FILESDIR}/${MY_P}/thttpd.confd thttpd
+
+ dodoc README INSTALL TODO
+
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}/thttpd.logrotate" thttpd
+
+ insinto /etc/thttpd
+ doins ${FILESDIR}/${MY_P}/thttpd.conf.sample
+}
+
+pkg_postinst() {
+ elog "Adjust THTTPD_DOCROOT in /etc/conf.d/thttpd !"
+}
projects / gentoo.git / commitdiff