rpms/lighttpd/F-8 lighttpd-1.4.18-Fix-372-and-1562.patch, NONE, 1.1 lighttpd-1.4.18-mod_cgi-fix.patch, NONE, 1.1 lighttpd.spec, 1.40, 1.41

[Matthias Saou (thias)]

Author: thias

Update of /cvs/extras/rpms/lighttpd/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2817/F-8

Modified Files:
	lighttpd.spec 
Added Files:
	lighttpd-1.4.18-Fix-372-and-1562.patch 
	lighttpd-1.4.18-mod_cgi-fix.patch 
Log Message:
Include security patches.


lighttpd-1.4.18-Fix-372-and-1562.patch:

--- NEW FILE lighttpd-1.4.18-Fix-372-and-1562.patch ---
>From 6b77fd21b58b6bfc10bd01fd0ce4e5f4ced0d5d9 Mon Sep 17 00:00:00 2001
From: =?utf-8?q?Stefan=20B=C3=BChler?= <stbuehler at web.de>
Date: Wed, 13 Feb 2008 00:07:22 +0100
Subject: [PATCH] Fix #372 + #1562

---
 src/fdevent_solaris_devpoll.c |    2 +-
 src/server.c                  |    3 ---
 2 files changed, 1 insertions(+), 4 deletions(-)

diff --git a/src/fdevent_solaris_devpoll.c b/src/fdevent_solaris_devpoll.c
index f77daef..76414a4 100644
--- a/src/fdevent_solaris_devpoll.c
+++ b/src/fdevent_solaris_devpoll.c
@@ -67,7 +67,7 @@ static int fdevent_solaris_devpoll_poll(fdevents *ev, int timeout_ms) {
 	int ret;
 
 	dopoll.dp_timeout = timeout_ms;
-	dopoll.dp_nfds = ev->maxfds;
+	dopoll.dp_nfds = ev->maxfds - 1;
 	dopoll.dp_fds = ev->devpollfds;
 
 	ret = ioctl(ev->devpoll_fd, DP_POLL, &dopoll);
diff --git a/src/server.c b/src/server.c
index 052130a..585a973 100644
--- a/src/server.c
+++ b/src/server.c
@@ -697,9 +697,6 @@ int main (int argc, char **argv) {
 			}
 		}
 
-		/* #372: solaris need some fds extra for devpoll */
-		if (rlim.rlim_cur > 10) rlim.rlim_cur -= 10;
-
 		if (srv->event_handler == FDEVENT_HANDLER_SELECT) {
 			srv->max_fds = rlim.rlim_cur < FD_SETSIZE - 200 ? rlim.rlim_cur : FD_SETSIZE - 200;
 		} else {
-- 
1.5.3.8


lighttpd-1.4.18-mod_cgi-fix.patch:

--- NEW FILE lighttpd-1.4.18-mod_cgi-fix.patch ---
Index: lighttpd-1.4.x/src/mod_cgi.c
===================================================================
--- lighttpd-1.4.x/src/mod_cgi.c (revision 2065)
+++ lighttpd-1.4.x/src/mod_cgi.c (revision 2107)
@@ -1005,4 +1005,5 @@
 		/* error */
 		log_error_write(srv, __FILE__, __LINE__, "ss", "fork failed:", strerror(errno));
+		return -1;
 		break;
 	default: {


Index: lighttpd.spec
===================================================================
RCS file: /cvs/extras/rpms/lighttpd/F-8/lighttpd.spec,v
retrieving revision 1.40
retrieving revision 1.41
diff -u -r1.40 -r1.41
--- lighttpd.spec	31 Oct 2007 11:39:23 -0000	1.40
+++ lighttpd.spec	4 Mar 2008 10:21:57 -0000	1.41
@@ -3,7 +3,7 @@
 Summary: Lightning fast webserver with light system requirements
 Name: lighttpd
 Version: 1.4.18
-Release: 3%{?dist}
+Release: 6%{?dist}
 License: BSD
 Group: System Environment/Daemons
 URL: http://www.lighttpd.net/
@@ -18,6 +18,9 @@
 Source101: lighttpd-mod_geoip.txt
 Patch0: lighttpd-1.4.17-defaultconf.patch
 Patch1: lighttpd-1.4.18-mod_geoip.patch
+# Security fixes
+Patch10: lighttpd-1.4.18-Fix-372-and-1562.patch
+Patch11: lighttpd-1.4.18-mod_cgi-fix.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 Requires: system-logos >= 7.92.1
 Requires(pre): /usr/sbin/useradd
@@ -86,6 +89,8 @@
 %setup -q
 %patch0 -p1 -b .defaultconf
 %patch1 -p1 -b .mod_geoip
+%patch10 -p1 -b .Fix-372-and-1562
+%patch11 -p1 -b .mod_cgi-fix
 %{__install} -p -m 0644 %{SOURCE100} src/mod_geoip.c
 %{__install} -p -m 0644 %{SOURCE101} mod_geoip.txt
 
@@ -210,6 +215,16 @@
 
 
 %changelog
+* Tue Mar  4 2008 Matthias Saou <http://freshrpms.net/> 1.4.18-6
+- Include patch for CVE-2008-0983 (crash when low on file descriptors).
+- Include patch for CVE-2008-1111 (cgi source disclosure).
+
+* Tue Feb 19 2008 Fedora Release Engineering <rel-eng at fedoraproject.org>
+- Autorebuild for GCC 4.3
+
+* Wed Dec 05 2007 Release Engineering <rel-eng at fedoraproject dot org>
+ - Rebuild for deps
+
 * Wed Oct 31 2007 Matthias Saou <http://freshrpms.net/> 1.4.18-3
 - Update mod_geoip source to fix segfault upon stopping lighttpd.