svn commit: r377229 - in head/www/thttpd: . files
Alexey Dokuchaev
danfe at FreeBSD.org
Sat Jan 17 15:48:39 UTC 2015
Author: danfe
Date: Sat Jan 17 15:48:37 2015
New Revision: 377229
URL: https://svnweb.freebsd.org/changeset/ports/377229
QAT: https://qat.redports.org/buildarchive/r377229/
Log:
In sight of upcoming update, merge a few things to get cleaner diffs:
- Add a patch for CVE-2005-3124 (courtesy of Red Hat?)
- By default thttpd doesn't respect (or pass on) the X-Forwarded-For
header; use a patch [1] that puts X-Forwarded-For into Remote-Addr,
but not enable it just yet
- Amend COMMENT, improve pkg-message, sort the knobs in Makefile, and
reformat port description text for better readability while here
[1] http://wiki.nginx.org/ThttpdRealIP
Added:
head/www/thttpd/files/extra-patch-ip_real (contents, props changed)
head/www/thttpd/files/patch-CVE-2005-3124 (contents, props changed)
Modified:
head/www/thttpd/Makefile
head/www/thttpd/files/pkg-message.in
head/www/thttpd/pkg-descr
Modified: head/www/thttpd/Makefile
==============================================================================
--- head/www/thttpd/Makefile Sat Jan 17 15:33:05 2015 (r377228)
+++ head/www/thttpd/Makefile Sat Jan 17 15:48:37 2015 (r377229)
@@ -9,19 +9,21 @@ MASTER_SITES= http://www.acme.com/softwa
http://atreides.freenix.no/~anders/
MAINTAINER= danfe at FreeBSD.org
-COMMENT= Tiny/turbo/throttling HTTP server
+COMMENT= Tiny/turbo/throttling HTTP server with CGI support
-GNU_CONFIGURE= yes
USES= gmake # parallel builds (-jX) are broken with BSD make(1)
-USE_RC_SUBR= thttpd
+GNU_CONFIGURE= yes
+USE_RC_SUBR= ${PORTNAME}
SUB_FILES= pkg-message thttpd.conf.sample
-SUB_LIST= WWWOWN=${WWWOWN}
+SUB_LIST= WWWOWN=${WWWOWN} WWWGRP=${WWWGRP}
-OPTIONS_DEFINE= SENDFILE
+OPTIONS_DEFINE= SENDFILE IPREAL
OPTIONS_DEFAULT= SENDFILE
SENDFILE_DESC= Use sendfile(2) to serve files
+IPREAL_DESC= Respect (pass on) "X-Forwarded-For" header
SENDFILE_EXTRA_PATCHES= ${FILESDIR}/extra-patch-config.h
+IPREAL_EXTRA_PATCHES= ${FILESDIR}/extra-patch-ip_real
post-patch:
.for f in extras/htpasswd.1 extras/htpasswd.c thttpd.8 extras/Makefile.in
Added: head/www/thttpd/files/extra-patch-ip_real
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/www/thttpd/files/extra-patch-ip_real Sat Jan 17 15:48:37 2015 (r377229)
@@ -0,0 +1,15 @@
+--- libhttpd.c.orig 2003-12-25 20:06:05.000000000 +0100
++++ libhttpd.c 2005-01-09 00:26:04.867255248 +0100
+@@ -2207,6 +2207,12 @@
+ if ( strcasecmp( cp, "keep-alive" ) == 0 )
+ hc->keep_alive = 1;
+ }
++ else if ( strncasecmp( buf, "X-Forwarded-For:", 16 ) == 0 )
++ { // Use real IP if available
++ cp = &buf[16];
++ cp += strspn( cp, " \t" );
++ inet_aton( cp, &(hc->client_addr.sa_in.sin_addr) );
++ }
+ #ifdef LOG_UNKNOWN_HEADERS
+ else if ( strncasecmp( buf, "Accept-Charset:", 15 ) == 0 ||
+ strncasecmp( buf, "Accept-Language:", 16 ) == 0 ||
Added: head/www/thttpd/files/patch-CVE-2005-3124
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/www/thttpd/files/patch-CVE-2005-3124 Sat Jan 17 15:48:37 2015 (r377229)
@@ -0,0 +1,18 @@
+--- extras/syslogtocern.orig 2005-06-29 19:50:23.000000000 +0200
++++ extras/syslogtocern 2008-09-25 10:42:27.000000000 +0200
+@@ -31,8 +31,8 @@ if [ $# -lt 1 ] ; then
+ exit 1
+ fi
+
+-tmp1=/tmp/stc1.$$
+-rm -f $tmp1
++tmp1=`mktemp -t stc1.XXXXXX` || { echo "$0: Cannot create temporary file" >&2; exit 1; }
++trap "[ -f \"$tmp1\" ] && /bin/rm -f -- \"$tmp1\"" 0 1 2 3 13 15
+
+ # Gather up all the thttpd entries.
+ egrep -h ' thttpd\[' "$@" > $tmp1
+@@ -65,4 +65,3 @@ awk < $tmp1 '{if ( ! ( NF >= 15 && $7 ==
+ sed -e "s,\([A-Z][a-z][a-z] [0-9 ][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9]\) [^ ]* thttpd\[[0-9]*\]: \(.*\),[\1 ${year}] \2," > error_log
+
+ # Done.
+-rm -f $tmp1
Modified: head/www/thttpd/files/pkg-message.in
==============================================================================
--- head/www/thttpd/files/pkg-message.in Sat Jan 17 15:33:05 2015 (r377228)
+++ head/www/thttpd/files/pkg-message.in Sat Jan 17 15:48:37 2015 (r377229)
@@ -2,10 +2,10 @@
If you want users to be able to create their own Web
subdirectories off of the main web directory, you need to:
- 1. Add a group for www admins
- 2. chgrp yourgroup %%PREFIX%%/bin/makeweb %%PREFIX%%/www
+ 1. Add a group for www admins (e.g., "%%WWWGRP%%")
+ 2. chgrp thatgroup %%PREFIX%%/bin/makeweb %%PREFIX%%/www
3. chmod 2755 %%PREFIX%%/bin/makeweb
- 4. Tell them about makeweb(1)
+ 4. Tell users about makeweb(1)
See http://www.acme.com/software/thttpd/notes.html for more
detailed instructions.
Modified: head/www/thttpd/pkg-descr
==============================================================================
--- head/www/thttpd/pkg-descr Sat Jan 17 15:33:05 2015 (r377228)
+++ head/www/thttpd/pkg-descr Sat Jan 17 15:48:37 2015 (r377229)
@@ -1,18 +1,18 @@
thttpd is a simple, small, portable, fast, and secure HTTP server.
-Simple: It handles only the minimum necessary to implement HTTP/1.1.
+ - Simple: It handles only the minimum necessary to implement HTTP/1.1.
-Small: It also has a very small run-time size, since it does not fork and
-is very careful about memory allocation.
+ - Small: It also has a very small run-time size, since it does not fork
+ and is very careful about memory allocation.
-Portable: It compiles cleanly on SunOS 4.1.x, Solaris 2.x, BSD/OS 2.x,
-Linux 1.2.x, and OSF/1 (on a 64-bit Alpha).
+ - Portable: It compiles cleanly on SunOS 4.1.x, Solaris 2.x, BSD/OS 2.x,
+ Linux 1.2.x, and OSF/1 (on a 64-bit Alpha).
-Fast: In typical use it's about as fast as the best full-featured servers
-(Apache, NCSA, Netscape). Under extreme load it's much faster.
+ - Fast: In typical use it's about as fast as the best full-featured
+ servers (Apache, NCSA, Netscape). Under extreme load it's much faster.
-Secure: It goes to great lengths to protect the web server machine
-against attacks and breakins from other sites.
+ - Secure: It goes to great lengths to protect the web server machine
+ against attacks and breakins from other sites.
It also has one extremely useful feature (URL-traffic-based throttling) that
no other server currently has.
More information about the svn-ports-head
mailing list