rpms/thttpd/FC-4 thttpd-2.25b-fixes.patch, NONE, 1.1 thttpd.spec, 1.8, 1.9
Matthias Saou (thias)
fedora-extras-commits at redhat.com
Tue Jul 4 11:32:57 UTC 2006
- Previous message (by thread): rpms/wine/FC-4 .cvsignore, 1.16, 1.17 sources, 1.17, 1.18 wine.spec, 1.24, 1.25
- Next message (by thread): rpms/thttpd/FC-5 thttpd-2.25b-fixes.patch, NONE, 1.1 thttpd.spec, 1.10, 1.11
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: thias
Update of /cvs/extras/rpms/thttpd/FC-4
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv18069/FC-4
Modified Files:
thttpd.spec
Added Files:
thttpd-2.25b-fixes.patch
Log Message:
Include fixes to htpasswd and makeweb from Debian (#191095).
thttpd-2.25b-fixes.patch:
--- NEW FILE thttpd-2.25b-fixes.patch ---
This patch comes from the Debian thttpd package. Many thanks to Daniel Baumann
for all the recent changes.
--- thttpd-2.23beta1.orig/extras/htpasswd.1
+++ thttpd-2.23beta1/extras/htpasswd.1
@@ -1,8 +1,8 @@
-.TH htpasswd 1 "05 May 1998"
+.TH thtpasswd 1 "05 May 1998"
.SH NAME
-htpasswd - manipulate HTTP-server password files
+thtpasswd - manipulate HTTP-server password files
.SH SYNOPSIS
-.B htpasswd
+.B thtpasswd
.RB [ -c ]
.I passwordfile
.I username
--- thttpd-2.23beta1.orig/extras/htpasswd.c
+++ thttpd-2.23beta1/extras/htpasswd.c
@@ -21,7 +21,12 @@
#define LF 10
#define CR 13
+#define CPW_LEN 13
+
+/* ie 'string' + '\0' */
#define MAX_STRING_LEN 256
+/* ie 'maxstring' + ':' + cpassword */
+#define MAX_LINE_LEN MAX_STRING_LEN+1+CPW_LEN
int tfd;
char temp_template[] = "/tmp/htp.XXXXXX";
@@ -137,8 +142,9 @@
}
static void usage(void) {
- fprintf(stderr,"Usage: htpasswd [-c] passwordfile username\n");
- fprintf(stderr,"The -c flag creates a new file.\n");
+ fprintf(stderr,"Usage: htpasswd [-c] passwordfile username\n"
+ "The -c flag creates a new file.\n"
+ "Will prompt for password, unless given on stdin.\n");
exit(1);
}
@@ -151,17 +157,37 @@
int main(int argc, char *argv[]) {
FILE *tfp,*f;
char user[MAX_STRING_LEN];
- char line[MAX_STRING_LEN];
- char l[MAX_STRING_LEN];
+ char line[MAX_LINE_LEN];
+ char l[MAX_LINE_LEN];
char w[MAX_STRING_LEN];
char command[MAX_STRING_LEN];
- int found;
+ int found,u;
tfd = -1;
+ u = 2; /* argv[u] is username, unless... */
signal(SIGINT,(void (*)(int))interrupted);
if(argc == 4) {
+ u = 3;
if(strcmp(argv[1],"-c"))
usage();
+ if((f=fopen(argv[2],"r")) != NULL) {
+ fclose(f);
+ fprintf(stderr,
+ "Password file %s already exists.\n"
+ "Delete it first, if you really want to overwrite it.\n",
+ argv[2]);
+ exit(1);
+ }
+ } else if(argc != 3) usage();
+ /* check uname length; underlying system will take care of pwdfile
+ name too long */
+ if (strlen(argv[u]) >= MAX_STRING_LEN) {
+ fprintf(stderr,"Username too long (max %i): %s\n",
+ MAX_STRING_LEN-1, argv[u]);
+ exit(1);
+ }
+
+ if(argc == 4) {
if(!(tfp = fopen(argv[2],"w"))) {
fprintf(stderr,"Could not open passwd file %s for writing.\n",
argv[2]);
@@ -172,12 +198,6 @@
add_password(argv[3],tfp);
fclose(tfp);
exit(0);
- } else if(argc != 3) usage();
-
- tfd = mkstemp(temp_template);
- if(!(tfp = fdopen(tfd,"w"))) {
- fprintf(stderr,"Could not open temp file.\n");
- exit(1);
}
if(!(f = fopen(argv[1],"r"))) {
@@ -186,16 +206,43 @@
fprintf(stderr,"Use -c option to create new one.\n");
exit(1);
}
+ if(freopen(argv[1],"a",f) == NULL) {
+ fprintf(stderr,
+ "Could not open passwd file %s for writing!.\n"
+ "Changes would be lost.\n",argv[1]);
+ exit(1);
+ }
+ f = freopen(argv[1],"r",f);
+
+ /* pwdfile is there, go on with tempfile now ... */
+ tfd = mkstemp(temp_template);
+ if(!(tfp = fdopen(tfd,"w"))) {
+ fprintf(stderr,"Could not open temp file.\n");
+ exit(1);
+ }
+ /* already checked for boflw ... */
strcpy(user,argv[2]);
found = 0;
- while(!(getline(line,MAX_STRING_LEN,f))) {
+ /* line we get is username:pwd, or possibly any other cruft */
+ while(!(getline(line,MAX_LINE_LEN,f))) {
+ char *i;
+
if(found || (line[0] == '#') || (!line[0])) {
putline(tfp,line);
continue;
}
- strcpy(l,line);
- getword(w,l,':');
+ i = index(line,':');
+ w[0] = '\0';
+ /* actually, cpw is CPW_LEN chars and never null, hence ':' should
+ always be at line[strlen(line)-CPW_LEN-1] in a valid user:cpw line
+ Here though we may allow for pre-hancrafted pwdfile (!)...
+ But still need to check for length limits.
+ */
+ if (i != 0 && i-line <= MAX_STRING_LEN-1) {
+ strcpy(l,line);
+ getword(w,l,':');
+ }
if(strcmp(user,w)) {
putline(tfp,line);
continue;
@@ -210,10 +257,28 @@
printf("Adding user %s\n",user);
add_password(user,tfp);
}
+ /* close, rewind & copy */
+ fclose(f);
+ fclose(tfp);
+ f = fopen(argv[1],"w");
+ if(f==NULL) {
+ fprintf(stderr,"Failed re-opening %s!?\n",argv[1]);
+ exit(1);
+ }
+ tfp = fopen(temp_template,"r");
+ if(tfp==NULL) {
+ fprintf(stderr,"Failed re-opening tempfile!?\n");
+ exit(1);
+ }
+ {
+ int c;
+ while((c=fgetc(tfp))!=EOF && !feof(tfp)) {
+ fputc(c,f);
+ /* fputc(c,stderr); */
+ }
+ }
fclose(f);
fclose(tfp);
- sprintf(command,"cp %s %s",temp_template,argv[1]);
- system(command);
unlink(temp_template);
exit(0);
}
--- thttpd-2.23beta1.orig/extras/makeweb.1
+++ thttpd-2.23beta1/extras/makeweb.1
@@ -2,11 +2,17 @@
.SH NAME
makeweb - create user web directory
.SH SYNOPSIS
-.B makeweb
+.B makeweb
+[\fI -d webdir \fR]
.SH DESCRIPTION
.PP
This program allows users to create their own web subdirectories off
of the main web directory.
+.PP
+.TP
+\fB\-d\fR
+Specify the root directory for new user directories. The default directory
+is /var/www
.SH "SEE ALSO
thttpd(8)
.SH AUTHOR
--- thttpd-2.23beta1.orig/extras/makeweb.c
+++ thttpd-2.23beta1/extras/makeweb.c
@@ -47,6 +47,10 @@
static char* argv0;
+void usage(void)
+{
+ printf("usage: %s [-d webdir] \n",argv0);
+}
static void
check_room( int size, int len )
@@ -120,28 +124,44 @@
int
main( int argc, char** argv )
{
+ extern char *optarg;
char* webdir;
char* prefix;
struct passwd* pwd;
char* username;
char* homedir;
+ int opts;
+
char dirname[5000];
char linkname[5000];
char linkbuf[5000];
struct stat sb;
-
+
argv0 = argv[0];
- if ( argc != 1 )
+
+#ifndef TILDE_MAP_2
+ webdir = WEBDIR;
+#endif /* TILDE_MAP_2 */
+
+ if ( (opts = getopt(argc, argv, "d:h")) != EOF )
+ {
+ switch (opts)
{
- (void) fprintf( stderr, "usage: %s\n", argv0 );
- exit( 1 );
- }
+ case 'd': webdir = strdup(optarg); break;
+ case 'h': usage(); return 1; break;
+ default:
+ usage();
+ return 1;
+ break;
+ }
+
+ }
pwd = getpwuid( getuid() );
if ( pwd == (struct passwd*) 0 )
{
(void) fprintf( stderr, "%s: can't find your username\n", argv0 );
- exit( 1 );
+ exit ( 1 );
}
username = pwd->pw_name;
homedir = pwd->pw_dir;
@@ -158,11 +178,9 @@
(void) strcat( dirname, TILDE_MAP_2 );
check_dir( dirname, pwd->pw_uid, pwd->pw_gid );
-
+
#else /* TILDE_MAP_2 */
- /* Gather the pieces. */
- webdir = WEBDIR;
#ifdef TILDE_MAP_1
prefix = TILDE_MAP_1;
#else /* TILDE_MAP_1 */
--- thttpd-2.23beta1.orig/thttpd.8
+++ thttpd-2.23beta1/thttpd.8
@@ -259,7 +259,7 @@
This file is formatted as the familiar colon-separated
username/encrypted-password pair, records delimited by newlines.
The protection does not carry over to subdirectories.
-The utility program htpasswd(1) is included to help create and
+The utility program thtpasswd(1) is included to help create and
modify .htpasswd files.
.PP
Relevant config.h option: AUTH_FILE
@@ -534,7 +534,7 @@
Currently the best alternative for log rotation is to send a USR1 signal,
shutting down thttpd altogether, and then restart it.
.SH "SEE ALSO"
-redirect(8), ssi(8), makeweb(1), htpasswd(1), syslogtocern(8), weblog_parse(1), http_get(1)
+thtpasswd(1), syslogtocern(8)
.SH THANKS
.PP
Many thanks to contributors, reviewers, testers:
Index: thttpd.spec
===================================================================
RCS file: /cvs/extras/rpms/thttpd/FC-4/thttpd.spec,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- thttpd.spec 7 Nov 2005 12:10:36 -0000 1.8
+++ thttpd.spec 4 Jul 2006 11:32:57 -0000 1.9
@@ -1,20 +1,20 @@
%define webroot /var/www/thttpd
-#define prever beta1
Summary: Tiny, turbo, throttleable lightweight http server
Name: thttpd
Version: 2.25b
-Release: %{?prever:0.%{prever}.}8%{?dist}
+Release: 11%{?dist}
License: BSD
Group: System Environment/Daemons
URL: http://www.acme.com/software/thttpd/
-Source0: http://www.acme.com/software/thttpd/thttpd-%{version}%{?prever}.tar.gz
+Source0: http://www.acme.com/software/thttpd/thttpd-%{version}.tar.gz
Source1: thttpd.init
Source2: thttpd.logrotate
Source10: index.html
Source11: thttpd_powered_3.png
Source12: powered_by_fedora.png
Patch0: thttpd-2.25b-CVE-2005-3124.patch
+Patch1: thttpd-2.25b-fixes.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
%description
@@ -29,8 +29,9 @@
%prep
-%setup -n %{name}-%{version}%{?prever}
+%setup
%patch0 -p1 -b .CVE-2005-3124
+%patch1 -p1 -b .fixes
%build
@@ -67,9 +68,9 @@
# Rename htpasswd in case apache is installed too
%{__mkdir_p} %{buildroot}%{_bindir}
%{__mv} %{buildroot}%{_sbindir}/htpasswd \
- %{buildroot}%{_bindir}/htpasswd.thttpd
+ %{buildroot}%{_bindir}/thtpasswd
%{__mv} %{buildroot}%{_mandir}/man1/htpasswd.1 \
- %{buildroot}%{_mandir}/man1/htpasswd.thttpd.1
+ %{buildroot}%{_mandir}/man1/thtpasswd.1
# Install the default index.html and related files
%{__install} -m 644 %{SOURCE10} %{SOURCE11} %{SOURCE12} \
@@ -127,7 +128,7 @@
%config %{_sysconfdir}/rc.d/init.d/thttpd
%config(noreplace) %{_sysconfdir}/logrotate.d/thttpd
%config(noreplace) %{_sysconfdir}/thttpd.conf
-%{_bindir}/htpasswd.thttpd
+%{_bindir}/thtpasswd
%attr(2755, root, www) %{_sbindir}/makeweb
%{_sbindir}/syslogtocern
%{_sbindir}/thttpd
@@ -142,6 +143,17 @@
%changelog
+* Mon Mar 6 2006 Matthias Saou <http://freshrpms.net/> 2.25b-11
+- Include "fixes" patch from Debian (#191095) to fix thtpasswd and makeweb.
+- Rename htpasswd as thtpasswd instead of htpasswd.thttpd.
+
+* Mon Mar 6 2006 Matthias Saou <http://freshrpms.net/> 2.25b-10
+- FC5 rebuild.
+
+* Thu Feb 9 2006 Matthias Saou <http://freshrpms.net/> 2.25b-9
+- Rebuild for new gcc/glibc.
+- Remove prever stuff, 2.25b final has been around for while now.
+
* Mon Nov 7 2005 Matthias Saou <http://freshrpms.net/> 2.25b-8
- Add patch from Gentoo to fix CVE-2005-3124 (#172469, Ville Skyttä).
- Minor cosmetic spec file changes.
- Previous message (by thread): rpms/wine/FC-4 .cvsignore, 1.16, 1.17 sources, 1.17, 1.18 wine.spec, 1.24, 1.25
- Next message (by thread): rpms/thttpd/FC-5 thttpd-2.25b-fixes.patch, NONE, 1.1 thttpd.spec, 1.10, 1.11
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list