From: Thilo Bangert <bangert@gentoo.org>
Date: Wed, 28 Feb 2007 22:48:06 +0000 (+0000)
Subject: fix 128165, 150993, 151227
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=8938f7d1829682166a9157ebc73b70c28fd344bc;p=gentoo.git

fix 128165, 150993, 151227
Package-Manager: portage-2.1.2-r9
---

diff --git a/www-servers/thttpd/ChangeLog b/www-servers/thttpd/ChangeLog
index ba6bb23e67a0..c9858da37806 100644
--- a/www-servers/thttpd/ChangeLog
+++ b/www-servers/thttpd/ChangeLog
@@ -1,6 +1,16 @@
 # ChangeLog for www-servers/thttpd
 # Copyright 2000-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/www-servers/thttpd/ChangeLog,v 1.21 2007/02/02 13:36:58 gustavoz Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-servers/thttpd/ChangeLog,v 1.22 2007/02/28 22:48:06 bangert Exp $
+
+*thttpd-2.25b-r7 (28 Feb 2007)
+
+  28 Feb 2007; Thilo Bangert <bangert@gentoo.org>
+  +files/thttpd-2.25/additional-input-validation-httpd.c.diff,
+  +files/thttpd.logrotate, +thttpd-2.25b-r7.ebuild:
+  add logrotate script (bug #150993)
+  run under thttpd user instead of nobody (bug #151227)
+  extra input sanitation for htpasswd (bug #128165)
+  einfo -> elog
 
   02 Feb 2007; Gustavo Zacarias <gustavoz@gentoo.org>
   thttpd-2.25b-r6.ebuild:
diff --git a/www-servers/thttpd/Manifest b/www-servers/thttpd/Manifest
index c33010308ec9..befa0f8bb63d 100644
--- a/www-servers/thttpd/Manifest
+++ b/www-servers/thttpd/Manifest
@@ -1,6 +1,7 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
+AUX thttpd-2.25/additional-input-validation-httpd.c.diff 2249 RMD160 ad101512e54d1c154dc039d616067456e0130a7e SHA1 88eebce793c19d16a7a394b6142f412d92e511a2 SHA256 28fb9fa693a636df82627701df1e777bc28ffcefe90132391cbed1dc901ce51c
+MD5 87fb91f59e40c2de942a37deb499235a files/thttpd-2.25/additional-input-validation-httpd.c.diff 2249
+RMD160 ad101512e54d1c154dc039d616067456e0130a7e files/thttpd-2.25/additional-input-validation-httpd.c.diff 2249
+SHA256 28fb9fa693a636df82627701df1e777bc28ffcefe90132391cbed1dc901ce51c files/thttpd-2.25/additional-input-validation-httpd.c.diff 2249
 AUX thttpd-2.25/fix-buffer-overflow.diff 947 RMD160 30b80b19e792e0dce3eb238f664501a61bc5a3a7 SHA1 645316b836c731dc0385cfa7851c4dea8edc530c SHA256 3ef0b098398b052eb37711d1a0eb2f0cff556f606c3427d1d0529042368ce1ad
 MD5 be5e988d692261221c38e9b6488aa270 files/thttpd-2.25/fix-buffer-overflow.diff 947
 RMD160 30b80b19e792e0dce3eb238f664501a61bc5a3a7 files/thttpd-2.25/fix-buffer-overflow.diff 947
@@ -21,6 +22,10 @@ AUX thttpd-2.25/thttpd.init 745 RMD160 cb2eda2714728f8cee568b83013f3b5bb70974e7
 MD5 6a79014b083c00c6acc79966655ae42c files/thttpd-2.25/thttpd.init 745
 RMD160 cb2eda2714728f8cee568b83013f3b5bb70974e7 files/thttpd-2.25/thttpd.init 745
 SHA256 5e4512079ef620a442833a3ff05c0c4ac2856c6c65cc13da8191bd67d0b1b5da files/thttpd-2.25/thttpd.init 745
+AUX thttpd.logrotate 197 RMD160 28c782571b226e49680a80bcbe5313ccc2a92d5c SHA1 384127ca1725a08fcfcd08de46a200c53966c24e SHA256 0399d9fdc31a5555307d33c4744b21271e9d7d4d6ded78573fb9b2210f593bc6
+MD5 dd910647c802071d34757437aede6d84 files/thttpd.logrotate 197
+RMD160 28c782571b226e49680a80bcbe5313ccc2a92d5c files/thttpd.logrotate 197
+SHA256 0399d9fdc31a5555307d33c4744b21271e9d7d4d6ded78573fb9b2210f593bc6 files/thttpd.logrotate 197
 DIST thttpd-2.25b.tar.gz 132363 RMD160 15020e8d04d27b30c4da3104387a281e35d58025 SHA1 51bc25ef035d7557c869a02ce353580a1cadfa2c SHA256 4ceaa30ef55702d5cfdffdccd3a2dee8d3090e852c18c7ce8d17d692ad0bf024
 EBUILD thttpd-2.25b-r5.ebuild 1357 RMD160 c3dd07012808a1f61ee5d9597f342c9f5d68ddcf SHA1 2300ac6036ada5fdbfe53cbbd47815eb6b6cf363 SHA256 28a9f088b1f38c91475c4344774bfb226497b41b293c4b0ab88700f855cd5797
 MD5 f924e24f539d6e313d69ae301ff675d3 thttpd-2.25b-r5.ebuild 1357
@@ -30,10 +35,14 @@ EBUILD thttpd-2.25b-r6.ebuild 1334 RMD160 6b964651ea11c38e3e32b045aaa4b59cb0f4bf
 MD5 64474022685c6bf9d8fffad9d45c81f3 thttpd-2.25b-r6.ebuild 1334
 RMD160 6b964651ea11c38e3e32b045aaa4b59cb0f4bffc thttpd-2.25b-r6.ebuild 1334
 SHA256 8d5d0bda1e52ad1b137e59af58b712023344a2f7c038a178ed85608e98e2013d thttpd-2.25b-r6.ebuild 1334
-MISC ChangeLog 4427 RMD160 98a28ba13f7d233d13968de29ec372140b87b2c9 SHA1 10ef91765c0c9f427a2bedd272c05a5b818af7cf SHA256 82fba538a7726b46fb59b7f676302b2dfdd410756a6f644c86cb5935176ca5f1
-MD5 4ff5a23075b983c3b74baad283fcc894 ChangeLog 4427
-RMD160 98a28ba13f7d233d13968de29ec372140b87b2c9 ChangeLog 4427
-SHA256 82fba538a7726b46fb59b7f676302b2dfdd410756a6f644c86cb5935176ca5f1 ChangeLog 4427
+EBUILD thttpd-2.25b-r7.ebuild 1550 RMD160 c3a05530b389a32ccd48c3186052545e48734c6d SHA1 32b48bb64085749b03085179fcdd7defc59fa134 SHA256 51132b59299160f6151f7a4b2824632ef491b712327514bbb9a3cfb77585a46d
+MD5 34fadc5f7897a21884f457e854534ca8 thttpd-2.25b-r7.ebuild 1550
+RMD160 c3a05530b389a32ccd48c3186052545e48734c6d thttpd-2.25b-r7.ebuild 1550
+SHA256 51132b59299160f6151f7a4b2824632ef491b712327514bbb9a3cfb77585a46d thttpd-2.25b-r7.ebuild 1550
+MISC ChangeLog 4785 RMD160 6d9d17016f128a1ebb1845f32bd3e670428c8444 SHA1 f012270c72a477e1a7ecd4369ac0ec1100aabfeb SHA256 ddeac812c55c4b59340d56b851b832776087eb785a2e1ab399ea4e331bd7fef1
+MD5 e3ca618172477a66d5babbd3dfeb14a5 ChangeLog 4785
+RMD160 6d9d17016f128a1ebb1845f32bd3e670428c8444 ChangeLog 4785
+SHA256 ddeac812c55c4b59340d56b851b832776087eb785a2e1ab399ea4e331bd7fef1 ChangeLog 4785
 MISC metadata.xml 165 RMD160 121ee15955e06988e10dbe52ca5abd31d2529ce9 SHA1 f13cc4199505863990c257fe060882a5f9a32aab SHA256 f8fe79331ed918344f1ff85578f9a39c0c0925017f3f7de12619e4917acf577c
 MD5 4a186842848d9c384e2d12785ba426bc metadata.xml 165
 RMD160 121ee15955e06988e10dbe52ca5abd31d2529ce9 metadata.xml 165
@@ -44,10 +53,6 @@ SHA256 6e08f96c75dcd361ad63bd4aab9229f8cf6d544622eb8612ae57fddca2ee2a6e files/di
 MD5 4bc6def57b02ee5c45bb3bd196b36642 files/digest-thttpd-2.25b-r6 238
 RMD160 ba623358749f8f3fe04f6ae043e7f76f10e67a4c files/digest-thttpd-2.25b-r6 238
 SHA256 6e08f96c75dcd361ad63bd4aab9229f8cf6d544622eb8612ae57fddca2ee2a6e files/digest-thttpd-2.25b-r6 238
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.6-ecc01.6 (GNU/Linux)
-
-iD8DBQFFwz6KKRy60XGEcJIRArq8AJ9T9Bvj3jmkUaZiWPr/re6HbAln5ACgoaKl
-Vy3Vi58P3D9nIGVY+VN5Zbo=
-=YbYd
------END PGP SIGNATURE-----
+MD5 4bc6def57b02ee5c45bb3bd196b36642 files/digest-thttpd-2.25b-r7 238
+RMD160 ba623358749f8f3fe04f6ae043e7f76f10e67a4c files/digest-thttpd-2.25b-r7 238
+SHA256 6e08f96c75dcd361ad63bd4aab9229f8cf6d544622eb8612ae57fddca2ee2a6e files/digest-thttpd-2.25b-r7 238
diff --git a/www-servers/thttpd/files/digest-thttpd-2.25b-r7 b/www-servers/thttpd/files/digest-thttpd-2.25b-r7
new file mode 100644
index 000000000000..f7daceb58ecf
--- /dev/null
+++ b/www-servers/thttpd/files/digest-thttpd-2.25b-r7
@@ -0,0 +1,3 @@
+MD5 a0e9cd87455d3a0ea11e5ea7e947adf6 thttpd-2.25b.tar.gz 132363
+RMD160 15020e8d04d27b30c4da3104387a281e35d58025 thttpd-2.25b.tar.gz 132363
+SHA256 4ceaa30ef55702d5cfdffdccd3a2dee8d3090e852c18c7ce8d17d692ad0bf024 thttpd-2.25b.tar.gz 132363
diff --git a/www-servers/thttpd/files/thttpd-2.25/additional-input-validation-httpd.c.diff b/www-servers/thttpd/files/thttpd-2.25/additional-input-validation-httpd.c.diff
new file mode 100644
index 000000000000..04f59eac8e39
--- /dev/null
+++ b/www-servers/thttpd/files/thttpd-2.25/additional-input-validation-httpd.c.diff
@@ -0,0 +1,62 @@
+--- thttpd-2.25b/extras/htpasswd.c.orig	2006-03-31 04:12:42.281317000 +0000
++++ thttpd-2.25b/extras/htpasswd.c	2006-03-31 05:21:37.741632392 +0000
+@@ -151,6 +151,7 @@ void interrupted(int signo) {
+ int main(int argc, char *argv[]) {
+     FILE *tfp,*f;
+     char user[MAX_STRING_LEN];
++    char pwfilename[MAX_STRING_LEN];
+     char line[MAX_STRING_LEN];
+     char l[MAX_STRING_LEN];
+     char w[MAX_STRING_LEN];
+@@ -168,6 +169,25 @@ int main(int argc, char *argv[]) {
+             perror("fopen");
+             exit(1);
+         }
++        if (strlen(argv[2]) > (sizeof(pwfilename) - 1)) {
++            fprintf(stderr, "%s: filename is too long\n", argv[0]);
++	    exit(1);
++        }
++        if (((strchr(argv[2], ';')) != NULL) || ((strchr(argv[2], '>')) != NULL)) {
++	    fprintf(stderr, "%s: filename contains an illegal character\n",
++		argv[0]);
++	    exit(1);
++        }
++        if (strlen(argv[3]) > (sizeof(user) - 1)) {
++	    fprintf(stderr, "%s: username is too long\n", argv[0],
++		sizeof(user) - 1);
++	    exit(1);
++        }
++        if ((strchr(argv[3], ':')) != NULL) {
++            fprintf(stderr, "%s: username contains an illegal character\n",
++                argv[0]);
++            exit(1);
++        }
+         printf("Adding password for %s.\n",argv[3]);
+         add_password(argv[3],tfp);
+         fclose(tfp);
+@@ -180,6 +200,25 @@ int main(int argc, char *argv[]) {
+         exit(1);
+     }
+ 
++    if (strlen(argv[1]) > (sizeof(pwfilename) - 1)) {
++        fprintf(stderr, "%s: filename is too long\n", argv[0]);
++        exit(1);
++    }
++    if (((strchr(argv[1], ';')) != NULL) || ((strchr(argv[1], '>')) != NULL)) {
++        fprintf(stderr, "%s: filename contains an illegal character\n",
++                argv[0]);
++        exit(1);
++    }
++    if (strlen(argv[2]) > (sizeof(user) - 1)) {
++        fprintf(stderr, "%s: username is too long\n", argv[0],
++                sizeof(user) - 1);
++        exit(1);
++    }
++    if ((strchr(argv[2], ':')) != NULL) {
++        fprintf(stderr, "%s: username contains an illegal character\n",
++                argv[0]);
++        exit(1);
++    }
+     if(!(f = fopen(argv[1],"r"))) {
+         fprintf(stderr,
+                 "Could not open passwd file %s for reading.\n",argv[1]);
diff --git a/www-servers/thttpd/files/thttpd.logrotate b/www-servers/thttpd/files/thttpd.logrotate
new file mode 100644
index 000000000000..7e75c813524a
--- /dev/null
+++ b/www-servers/thttpd/files/thttpd.logrotate
@@ -0,0 +1,12 @@
+/var/log/thttpd.log {
+	daily
+	rotate 5
+	compress
+	delaycompress
+	missingok
+	notifempty
+	sharedscripts
+	postrotate
+		kill -HUP `cat /var/run/thttpd.pid 2>/dev/null` 2>/dev/null || true
+	endscript
+}
diff --git a/www-servers/thttpd/thttpd-2.25b-r7.ebuild b/www-servers/thttpd/thttpd-2.25b-r7.ebuild
new file mode 100644
index 000000000000..3dbe78140de3
--- /dev/null
+++ b/www-servers/thttpd/thttpd-2.25b-r7.ebuild
@@ -0,0 +1,67 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/www-servers/thttpd/thttpd-2.25b-r7.ebuild,v 1.1 2007/02/28 22:48:06 bangert Exp $
+
+inherit eutils flag-o-matic
+
+MY_P="${P%[a-z]*}"
+
+DESCRIPTION="Small and fast multiplexing webserver."
+HOMEPAGE="http://www.acme.com/software/thttpd/"
+SRC_URI="http://www.acme.com/software/thttpd/${P}.tar.gz"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~amd64 ~hppa ~mips ~ppc ~sparc ~x86 ~x86-fbsd"
+IUSE="static"
+
+THTTPD_USER=thttpd
+THTTPD_GROUP=thttpd
+
+src_unpack() {
+	unpack ${A}
+	cd ${S}
+	epatch ${FILESDIR}/${MY_P}/*.diff
+}
+
+pkg_setup() {
+	enewgroup ${THTTPD_GROUP}
+	enewuser ${THTTPD_USER}  -1 -1 -1 ${THTTPD_GROUP}
+}
+
+src_compile() {
+	## TODO: what to do with IPv6?
+
+	append-ldflags $(bindnow-flags)
+	use static && append-ldflags -static
+
+	econf || die "econf failed"
+	emake || die "emake failed"
+}
+
+src_install () {
+	dodir /usr/share/man/man1
+	make prefix=${D}/usr \
+		MANDIR=${D}/usr/share/man \
+		WEBGROUP=${THTTPD_GROUP} \
+		WEBDIR=${D}/var/www/localhost \
+		"$@" install || die "make install failed"
+
+	mv ${D}/usr/sbin/{,th_}htpasswd
+	mv ${D}/usr/share/man/man1/{,th_}htpasswd.1
+
+	newinitd ${FILESDIR}/${MY_P}/thttpd.init thttpd
+	newconfd ${FILESDIR}/${MY_P}/thttpd.confd thttpd
+
+	dodoc README INSTALL TODO
+
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}/thttpd.logrotate" thttpd
+
+	insinto /etc/thttpd
+	doins ${FILESDIR}/${MY_P}/thttpd.conf.sample
+}
+
+pkg_postinst() {
+	elog "Adjust THTTPD_DOCROOT in /etc/conf.d/thttpd !"
+}