rpms/thttpd/devel thttpd-2.25b-CVE-2005-3124.patch, NONE, 1.1 thttpd.spec, 1.7, 1.8
Matthias Saou (thias)
fedora-extras-commits at redhat.com
Mon Nov 7 11:41:33 UTC 2005
Author: thias
Update of /cvs/extras/rpms/thttpd/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27105
Modified Files:
thttpd.spec
Added Files:
thttpd-2.25b-CVE-2005-3124.patch
Log Message:
Add patch from Gentoo to fix CVE-2005-3124 (#172469, Ville Skyttä).
thttpd-2.25b-CVE-2005-3124.patch:
--- NEW FILE thttpd-2.25b-CVE-2005-3124.patch ---
diff -ru thttpd-2.23beta1.orig/extras/syslogtocern thttpd-2.23beta1/extras/syslogtocern
--- thttpd-2.23beta1.orig/extras/syslogtocern 1999-09-15 18:00:54.000000000 +0200
+++ thttpd-2.23beta1/extras/syslogtocern 2005-10-26 01:45:34.000000000 +0200
@@ -31,8 +31,8 @@
exit 1
fi
-tmp1=/tmp/stc1.$$
-rm -f $tmp1
+tmp1=``mktemp -t stc1.XXXXXX` || { echo "$0: Cannot create temporary file" >&2; exit 1; }
+trap " [ -f \"$tmp1\" ] && /bin/rm -f -- \"$tmp1\"" 0 1 2 3 13 15
# Gather up all the thttpd entries.
egrep ' thttpd\[' $* > $tmp1
@@ -65,4 +65,3 @@
sed -e "s,\([A-Z][a-z][a-z] [0-9 ][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9]\) [^ ]* thttpd\[[0-9]*\]: \(.*\),[\1 ${year}] \2," > error_log
# Done.
-rm -f $tmp1
Index: thttpd.spec
===================================================================
RCS file: /cvs/extras/rpms/thttpd/devel/thttpd.spec,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- thttpd.spec 22 May 2005 23:46:05 -0000 1.7
+++ thttpd.spec 7 Nov 2005 11:41:31 -0000 1.8
@@ -1,22 +1,20 @@
-# $Id$
-
%define webroot /var/www/thttpd
#define prever beta1
Summary: Tiny, turbo, throttleable lightweight http server
Name: thttpd
Version: 2.25b
-Release: %{?prever:0.%{prever}.}7
-
+Release: %{?prever:0.%{prever}.}8%{?dist}
License: BSD
Group: System Environment/Daemons
URL: http://www.acme.com/software/thttpd/
-Source0: http://www.acme.com/software/thttpd/%{name}-%{version}%{?prever}.tar.gz
+Source0: http://www.acme.com/software/thttpd/thttpd-%{version}%{?prever}.tar.gz
Source1: thttpd.init
Source2: thttpd.logrotate
Source10: index.html
Source11: thttpd_powered_3.png
Source12: powered_by_fedora.png
+Patch0: thttpd-2.25b-CVE-2005-3124.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
%description
@@ -32,6 +30,7 @@
%prep
%setup -n %{name}-%{version}%{?prever}
+%patch0 -p1 -b .CVE-2005-3124
%build
@@ -56,7 +55,7 @@
%{__mkdir_p} %{buildroot}%{_sbindir}
# Install init script and logrotate entry
-%{__install} -D -m 755 %{SOURCE1} %{buildroot}%{_initrddir}/thttpd
+%{__install} -D -m 755 %{SOURCE1} %{buildroot}%{_sysconfdir}/rc.d/init.d/thttpd
%{__install} -D -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/logrotate.d/thttpd
# Main install
@@ -72,8 +71,9 @@
%{__mv} %{buildroot}%{_mandir}/man1/htpasswd.1 \
%{buildroot}%{_mandir}/man1/htpasswd.thttpd.1
-# Install the default index.html file
-%{__install} -m 644 %{SOURCE10} %{SOURCE11} %{SOURCE12} %{buildroot}%{webroot}/html/
+# Install the default index.html and related files
+%{__install} -m 644 %{SOURCE10} %{SOURCE11} %{SOURCE12} \
+ %{buildroot}%{webroot}/html/
# Install a default configuration file
%{__cat} << EOF > %{buildroot}%{_sysconfdir}/thttpd.conf
@@ -100,48 +100,52 @@
%pre
-/usr/sbin/groupadd -r www 2>/dev/null || :
+/usr/sbin/groupadd -r www &>/dev/null || :
/usr/sbin/useradd -s /bin/false -c "Web server user" \
- -d %{webroot} -M -r -g www thttpd 2>/dev/null || :
+ -d %{webroot} -M -r -g www thttpd &>/dev/null || :
%post
-if [ $1 = 1 ]; then
+if [ $1 -eq 1 ]; then
/sbin/chkconfig --add thttpd
fi
%preun
-if [ $1 = 0 ]; then
- /sbin/service thttpd stop > /dev/null 2>&1 || :
+if [ $1 -eq 0 ]; then
+ /sbin/service thttpd stop &>/dev/null || :
/sbin/chkconfig --del thttpd
fi
%postun
if [ $1 -ge 1 ]; then
- /sbin/service thttpd condrestart >/dev/null 2>&1 || :
+ /sbin/service thttpd condrestart &>/dev/null || :
fi
%files
%defattr(-, root, root, 0755)
%doc README TODO
-%config %{_initrddir}/thttpd
+%config %{_sysconfdir}/rc.d/init.d/thttpd
%config(noreplace) %{_sysconfdir}/logrotate.d/thttpd
%config(noreplace) %{_sysconfdir}/thttpd.conf
-%attr(2755, root, www) %{_sbindir}/makeweb
%{_bindir}/htpasswd.thttpd
+%attr(2755, root, www) %{_sbindir}/makeweb
%{_sbindir}/syslogtocern
%{_sbindir}/thttpd
-%attr(2775, thttpd, www) %dir %{webroot}
-%attr(2775, thttpd, www) %dir %{webroot}/cgi-bin
+%attr(2775, thttpd, www) %dir %{webroot}/
+%attr(2775, thttpd, www) %dir %{webroot}/cgi-bin/
# We don't want those default cgi-bin programs
%exclude %{webroot}/cgi-bin/*
-%attr(2775, thttpd, www) %dir %{webroot}/html
+%attr(2775, thttpd, www) %dir %{webroot}/html/
%attr(2664, thttpd, www) %{webroot}/html/*
-%attr(2775, thttpd, www) %dir %{webroot}/logs
-%{_mandir}/man*/*
+%attr(2775, thttpd, www) %dir %{webroot}/logs/
+%{_mandir}/man?/*
%changelog
+* Mon Nov 7 2005 Matthias Saou <http://freshrpms.net/> 2.25b-8
+- Add patch from Gentoo to fix CVE-2005-3124 (#172469, Ville Skyttä).
+- Minor cosmetic spec file changes.
+
* Sun May 22 2005 Jeremy Katz <katzj at redhat.com> - 2.25b
- rebuild on all arches
More information about the fedora-extras-commits
mailing list