rpms/lighttpd/devel lighttpd-1.4.18-Fix-372-and-1562.patch, NONE, 1.1 lighttpd-1.4.18-mod_cgi-fix.patch, NONE, 1.1 lighttpd.spec, 1.42, 1.43
Matthias Saou (thias)
fedora-extras-commits at redhat.com
Tue Mar 4 10:22:41 UTC 2008
- Previous message (by thread): rpms/lighttpd/F-8 lighttpd-1.4.18-Fix-372-and-1562.patch, NONE, 1.1 lighttpd-1.4.18-mod_cgi-fix.patch, NONE, 1.1 lighttpd.spec, 1.40, 1.41
- Next message (by thread): rpms/sudo/devel sudo-1.6.9p13-audit.patch, 1.1, 1.2 sudo.spec, 1.61, 1.62
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: thias
Update of /cvs/extras/rpms/lighttpd/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2817/devel
Modified Files:
lighttpd.spec
Added Files:
lighttpd-1.4.18-Fix-372-and-1562.patch
lighttpd-1.4.18-mod_cgi-fix.patch
Log Message:
Include security patches.
lighttpd-1.4.18-Fix-372-and-1562.patch:
--- NEW FILE lighttpd-1.4.18-Fix-372-and-1562.patch ---
>From 6b77fd21b58b6bfc10bd01fd0ce4e5f4ced0d5d9 Mon Sep 17 00:00:00 2001
From: =?utf-8?q?Stefan=20B=C3=BChler?= <stbuehler at web.de>
Date: Wed, 13 Feb 2008 00:07:22 +0100
Subject: [PATCH] Fix #372 + #1562
---
src/fdevent_solaris_devpoll.c | 2 +-
src/server.c | 3 ---
2 files changed, 1 insertions(+), 4 deletions(-)
diff --git a/src/fdevent_solaris_devpoll.c b/src/fdevent_solaris_devpoll.c
index f77daef..76414a4 100644
--- a/src/fdevent_solaris_devpoll.c
+++ b/src/fdevent_solaris_devpoll.c
@@ -67,7 +67,7 @@ static int fdevent_solaris_devpoll_poll(fdevents *ev, int timeout_ms) {
int ret;
dopoll.dp_timeout = timeout_ms;
- dopoll.dp_nfds = ev->maxfds;
+ dopoll.dp_nfds = ev->maxfds - 1;
dopoll.dp_fds = ev->devpollfds;
ret = ioctl(ev->devpoll_fd, DP_POLL, &dopoll);
diff --git a/src/server.c b/src/server.c
index 052130a..585a973 100644
--- a/src/server.c
+++ b/src/server.c
@@ -697,9 +697,6 @@ int main (int argc, char **argv) {
}
}
- /* #372: solaris need some fds extra for devpoll */
- if (rlim.rlim_cur > 10) rlim.rlim_cur -= 10;
-
if (srv->event_handler == FDEVENT_HANDLER_SELECT) {
srv->max_fds = rlim.rlim_cur < FD_SETSIZE - 200 ? rlim.rlim_cur : FD_SETSIZE - 200;
} else {
--
1.5.3.8
lighttpd-1.4.18-mod_cgi-fix.patch:
--- NEW FILE lighttpd-1.4.18-mod_cgi-fix.patch ---
Index: lighttpd-1.4.x/src/mod_cgi.c
===================================================================
--- lighttpd-1.4.x/src/mod_cgi.c (revision 2065)
+++ lighttpd-1.4.x/src/mod_cgi.c (revision 2107)
@@ -1005,4 +1005,5 @@
/* error */
log_error_write(srv, __FILE__, __LINE__, "ss", "fork failed:", strerror(errno));
+ return -1;
break;
default: {
Index: lighttpd.spec
===================================================================
RCS file: /cvs/extras/rpms/lighttpd/devel/lighttpd.spec,v
retrieving revision 1.42
retrieving revision 1.43
diff -u -r1.42 -r1.43
--- lighttpd.spec 20 Feb 2008 04:21:31 -0000 1.42
+++ lighttpd.spec 4 Mar 2008 10:22:05 -0000 1.43
@@ -3,7 +3,7 @@
Summary: Lightning fast webserver with light system requirements
Name: lighttpd
Version: 1.4.18
-Release: 5%{?dist}
+Release: 6%{?dist}
License: BSD
Group: System Environment/Daemons
URL: http://www.lighttpd.net/
@@ -18,6 +18,9 @@
Source101: lighttpd-mod_geoip.txt
Patch0: lighttpd-1.4.17-defaultconf.patch
Patch1: lighttpd-1.4.18-mod_geoip.patch
+# Security fixes
+Patch10: lighttpd-1.4.18-Fix-372-and-1562.patch
+Patch11: lighttpd-1.4.18-mod_cgi-fix.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
Requires: system-logos >= 7.92.1
Requires(pre): /usr/sbin/useradd
@@ -86,6 +89,8 @@
%setup -q
%patch0 -p1 -b .defaultconf
%patch1 -p1 -b .mod_geoip
+%patch10 -p1 -b .Fix-372-and-1562
+%patch11 -p1 -b .mod_cgi-fix
%{__install} -p -m 0644 %{SOURCE100} src/mod_geoip.c
%{__install} -p -m 0644 %{SOURCE101} mod_geoip.txt
@@ -210,10 +215,14 @@
%changelog
-* Tue Feb 19 2008 Fedora Release Engineering <rel-eng at fedoraproject.org> - 1.4.18-5
+* Tue Mar 4 2008 Matthias Saou <http://freshrpms.net/> 1.4.18-6
+- Include patch for CVE-2008-0983 (crash when low on file descriptors).
+- Include patch for CVE-2008-1111 (cgi source disclosure).
+
+* Tue Feb 19 2008 Fedora Release Engineering <rel-eng at fedoraproject.org>
- Autorebuild for GCC 4.3
-* Wed Dec 05 2007 Release Engineering <rel-eng at fedoraproject dot org> - 1.4.18-4
+* Wed Dec 05 2007 Release Engineering <rel-eng at fedoraproject dot org>
- Rebuild for deps
* Wed Oct 31 2007 Matthias Saou <http://freshrpms.net/> 1.4.18-3
- Previous message (by thread): rpms/lighttpd/F-8 lighttpd-1.4.18-Fix-372-and-1562.patch, NONE, 1.1 lighttpd-1.4.18-mod_cgi-fix.patch, NONE, 1.1 lighttpd.spec, 1.40, 1.41
- Next message (by thread): rpms/sudo/devel sudo-1.6.9p13-audit.patch, 1.1, 1.2 sudo.spec, 1.61, 1.62
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list