rpms/thttpd/devel thttpd-2.25b-CVE-2005-3124.patch, NONE, 1.1 thttpd.spec, 1.7, 1.8

Mon Nov 7 11:41:33 UTC 2005

Author: thias

Update of /cvs/extras/rpms/thttpd/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27105

Modified Files:
	thttpd.spec 
Added Files:
	thttpd-2.25b-CVE-2005-3124.patch 
Log Message:
Add patch from Gentoo to fix CVE-2005-3124 (#172469, Ville SkyttÃ¤).


thttpd-2.25b-CVE-2005-3124.patch:

--- NEW FILE thttpd-2.25b-CVE-2005-3124.patch ---
diff -ru thttpd-2.23beta1.orig/extras/syslogtocern thttpd-2.23beta1/extras/syslogtocern
--- thttpd-2.23beta1.orig/extras/syslogtocern	1999-09-15 18:00:54.000000000 +0200
+++ thttpd-2.23beta1/extras/syslogtocern	2005-10-26 01:45:34.000000000 +0200
@@ -31,8 +31,8 @@
     exit 1
 fi
 
-tmp1=/tmp/stc1.$$
-rm -f $tmp1
+tmp1=``mktemp -t stc1.XXXXXX` || { echo "$0: Cannot create temporary file" >&2; exit 1;  }
+trap " [ -f \"$tmp1\" ] && /bin/rm -f -- \"$tmp1\"" 0 1 2 3 13 15
 
 # Gather up all the thttpd entries.
 egrep ' thttpd\[' $* > $tmp1
@@ -65,4 +65,3 @@
   sed -e "s,\([A-Z][a-z][a-z] [0-9 ][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9]\) [^ ]* thttpd\[[0-9]*\]: \(.*\),[\1 ${year}] \2," > error_log
 
 # Done.
-rm -f $tmp1


Index: thttpd.spec
===================================================================
RCS file: /cvs/extras/rpms/thttpd/devel/thttpd.spec,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- thttpd.spec	22 May 2005 23:46:05 -0000	1.7
+++ thttpd.spec	7 Nov 2005 11:41:31 -0000	1.8
@@ -1,22 +1,20 @@
-# $Id$
-
 %define webroot /var/www/thttpd
 #define prever  beta1
 
 Summary: Tiny, turbo, throttleable lightweight http server
 Name: thttpd
 Version: 2.25b
-Release: %{?prever:0.%{prever}.}7
-
+Release: %{?prever:0.%{prever}.}8%{?dist}
 License: BSD
 Group: System Environment/Daemons
 URL: http://www.acme.com/software/thttpd/
-Source0: http://www.acme.com/software/thttpd/%{name}-%{version}%{?prever}.tar.gz
+Source0: http://www.acme.com/software/thttpd/thttpd-%{version}%{?prever}.tar.gz
 Source1: thttpd.init
 Source2: thttpd.logrotate
 Source10: index.html
 Source11: thttpd_powered_3.png
 Source12: powered_by_fedora.png
+Patch0: thttpd-2.25b-CVE-2005-3124.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 
 %description
@@ -32,6 +30,7 @@
 
 %prep
 %setup -n %{name}-%{version}%{?prever}
+%patch0 -p1 -b .CVE-2005-3124
 
 
 %build
@@ -56,7 +55,7 @@
 %{__mkdir_p} %{buildroot}%{_sbindir}
 
 # Install init script and logrotate entry
-%{__install} -D -m 755 %{SOURCE1} %{buildroot}%{_initrddir}/thttpd
+%{__install} -D -m 755 %{SOURCE1} %{buildroot}%{_sysconfdir}/rc.d/init.d/thttpd
 %{__install} -D -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/logrotate.d/thttpd
 
 # Main install
@@ -72,8 +71,9 @@
 %{__mv} %{buildroot}%{_mandir}/man1/htpasswd.1 \
         %{buildroot}%{_mandir}/man1/htpasswd.thttpd.1
 
-# Install the default index.html file
-%{__install} -m 644 %{SOURCE10} %{SOURCE11} %{SOURCE12} %{buildroot}%{webroot}/html/
+# Install the default index.html and related files
+%{__install} -m 644 %{SOURCE10} %{SOURCE11} %{SOURCE12} \
+    %{buildroot}%{webroot}/html/
 
 # Install a default configuration file
 %{__cat} << EOF > %{buildroot}%{_sysconfdir}/thttpd.conf
@@ -100,48 +100,52 @@
 
 
 %pre
-/usr/sbin/groupadd -r www 2>/dev/null || :
+/usr/sbin/groupadd -r www &>/dev/null || :
 /usr/sbin/useradd -s /bin/false -c "Web server user" \
-    -d %{webroot} -M -r -g www thttpd 2>/dev/null || :
+    -d %{webroot} -M -r -g www thttpd &>/dev/null || :
 
 %post
-if [ $1 = 1 ]; then
+if [ $1 -eq 1 ]; then
     /sbin/chkconfig --add thttpd
 fi
 
 %preun
-if [ $1 = 0 ]; then
-    /sbin/service thttpd stop > /dev/null 2>&1 || :
+if [ $1 -eq 0 ]; then
+    /sbin/service thttpd stop &>/dev/null || :
     /sbin/chkconfig --del thttpd
 fi
 
 %postun
 if [ $1 -ge 1 ]; then
-    /sbin/service thttpd condrestart >/dev/null 2>&1 || :
+    /sbin/service thttpd condrestart &>/dev/null || :
 fi
 
 
 %files
 %defattr(-, root, root, 0755)
 %doc README TODO
-%config %{_initrddir}/thttpd
+%config %{_sysconfdir}/rc.d/init.d/thttpd
 %config(noreplace) %{_sysconfdir}/logrotate.d/thttpd
 %config(noreplace) %{_sysconfdir}/thttpd.conf
-%attr(2755, root, www) %{_sbindir}/makeweb
 %{_bindir}/htpasswd.thttpd
+%attr(2755, root, www) %{_sbindir}/makeweb
 %{_sbindir}/syslogtocern
 %{_sbindir}/thttpd
-%attr(2775, thttpd, www) %dir %{webroot}
-%attr(2775, thttpd, www) %dir %{webroot}/cgi-bin
+%attr(2775, thttpd, www) %dir %{webroot}/
+%attr(2775, thttpd, www) %dir %{webroot}/cgi-bin/
 # We don't want those default cgi-bin programs
 %exclude %{webroot}/cgi-bin/*
-%attr(2775, thttpd, www) %dir %{webroot}/html
+%attr(2775, thttpd, www) %dir %{webroot}/html/
 %attr(2664, thttpd, www) %{webroot}/html/*
-%attr(2775, thttpd, www) %dir %{webroot}/logs
-%{_mandir}/man*/*
+%attr(2775, thttpd, www) %dir %{webroot}/logs/
+%{_mandir}/man?/*
 
 
 %changelog
+* Mon Nov  7 2005 Matthias Saou <http://freshrpms.net/> 2.25b-8
+- Add patch from Gentoo to fix CVE-2005-3124 (#172469, Ville SkyttÃ¤).
+- Minor cosmetic spec file changes.
+
 * Sun May 22 2005 Jeremy Katz <katzj at redhat.com> - 2.25b
 - rebuild on all arches
 


