rpms/lighttpd/F-8 lighttpd-1.4.18-Fix-372-and-1562.patch, NONE, 1.1 lighttpd-1.4.18-mod_cgi-fix.patch, NONE, 1.1 lighttpd.spec, 1.40, 1.41
Matthias Saou (thias)
fedora-extras-commits at redhat.com
Tue Mar 4 10:22:34 UTC 2008
- Previous message (by thread): rpms/system-config-date/devel .cvsignore, 1.82, 1.83 sources, 1.89, 1.90 system-config-date.spec, 1.93, 1.94
- Next message (by thread): rpms/lighttpd/devel lighttpd-1.4.18-Fix-372-and-1562.patch, NONE, 1.1 lighttpd-1.4.18-mod_cgi-fix.patch, NONE, 1.1 lighttpd.spec, 1.42, 1.43
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: thias
Update of /cvs/extras/rpms/lighttpd/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2817/F-8
Modified Files:
lighttpd.spec
Added Files:
lighttpd-1.4.18-Fix-372-and-1562.patch
lighttpd-1.4.18-mod_cgi-fix.patch
Log Message:
Include security patches.
lighttpd-1.4.18-Fix-372-and-1562.patch:
--- NEW FILE lighttpd-1.4.18-Fix-372-and-1562.patch ---
>From 6b77fd21b58b6bfc10bd01fd0ce4e5f4ced0d5d9 Mon Sep 17 00:00:00 2001
From: =?utf-8?q?Stefan=20B=C3=BChler?= <stbuehler at web.de>
Date: Wed, 13 Feb 2008 00:07:22 +0100
Subject: [PATCH] Fix #372 + #1562
---
src/fdevent_solaris_devpoll.c | 2 +-
src/server.c | 3 ---
2 files changed, 1 insertions(+), 4 deletions(-)
diff --git a/src/fdevent_solaris_devpoll.c b/src/fdevent_solaris_devpoll.c
index f77daef..76414a4 100644
--- a/src/fdevent_solaris_devpoll.c
+++ b/src/fdevent_solaris_devpoll.c
@@ -67,7 +67,7 @@ static int fdevent_solaris_devpoll_poll(fdevents *ev, int timeout_ms) {
int ret;
dopoll.dp_timeout = timeout_ms;
- dopoll.dp_nfds = ev->maxfds;
+ dopoll.dp_nfds = ev->maxfds - 1;
dopoll.dp_fds = ev->devpollfds;
ret = ioctl(ev->devpoll_fd, DP_POLL, &dopoll);
diff --git a/src/server.c b/src/server.c
index 052130a..585a973 100644
--- a/src/server.c
+++ b/src/server.c
@@ -697,9 +697,6 @@ int main (int argc, char **argv) {
}
}
- /* #372: solaris need some fds extra for devpoll */
- if (rlim.rlim_cur > 10) rlim.rlim_cur -= 10;
-
if (srv->event_handler == FDEVENT_HANDLER_SELECT) {
srv->max_fds = rlim.rlim_cur < FD_SETSIZE - 200 ? rlim.rlim_cur : FD_SETSIZE - 200;
} else {
--
1.5.3.8
lighttpd-1.4.18-mod_cgi-fix.patch:
--- NEW FILE lighttpd-1.4.18-mod_cgi-fix.patch ---
Index: lighttpd-1.4.x/src/mod_cgi.c
===================================================================
--- lighttpd-1.4.x/src/mod_cgi.c (revision 2065)
+++ lighttpd-1.4.x/src/mod_cgi.c (revision 2107)
@@ -1005,4 +1005,5 @@
/* error */
log_error_write(srv, __FILE__, __LINE__, "ss", "fork failed:", strerror(errno));
+ return -1;
break;
default: {
Index: lighttpd.spec
===================================================================
RCS file: /cvs/extras/rpms/lighttpd/F-8/lighttpd.spec,v
retrieving revision 1.40
retrieving revision 1.41
diff -u -r1.40 -r1.41
--- lighttpd.spec 31 Oct 2007 11:39:23 -0000 1.40
+++ lighttpd.spec 4 Mar 2008 10:21:57 -0000 1.41
@@ -3,7 +3,7 @@
Summary: Lightning fast webserver with light system requirements
Name: lighttpd
Version: 1.4.18
-Release: 3%{?dist}
+Release: 6%{?dist}
License: BSD
Group: System Environment/Daemons
URL: http://www.lighttpd.net/
@@ -18,6 +18,9 @@
Source101: lighttpd-mod_geoip.txt
Patch0: lighttpd-1.4.17-defaultconf.patch
Patch1: lighttpd-1.4.18-mod_geoip.patch
+# Security fixes
+Patch10: lighttpd-1.4.18-Fix-372-and-1562.patch
+Patch11: lighttpd-1.4.18-mod_cgi-fix.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
Requires: system-logos >= 7.92.1
Requires(pre): /usr/sbin/useradd
@@ -86,6 +89,8 @@
%setup -q
%patch0 -p1 -b .defaultconf
%patch1 -p1 -b .mod_geoip
+%patch10 -p1 -b .Fix-372-and-1562
+%patch11 -p1 -b .mod_cgi-fix
%{__install} -p -m 0644 %{SOURCE100} src/mod_geoip.c
%{__install} -p -m 0644 %{SOURCE101} mod_geoip.txt
@@ -210,6 +215,16 @@
%changelog
+* Tue Mar 4 2008 Matthias Saou <http://freshrpms.net/> 1.4.18-6
+- Include patch for CVE-2008-0983 (crash when low on file descriptors).
+- Include patch for CVE-2008-1111 (cgi source disclosure).
+
+* Tue Feb 19 2008 Fedora Release Engineering <rel-eng at fedoraproject.org>
+- Autorebuild for GCC 4.3
+
+* Wed Dec 05 2007 Release Engineering <rel-eng at fedoraproject dot org>
+ - Rebuild for deps
+
* Wed Oct 31 2007 Matthias Saou <http://freshrpms.net/> 1.4.18-3
- Update mod_geoip source to fix segfault upon stopping lighttpd.
- Previous message (by thread): rpms/system-config-date/devel .cvsignore, 1.82, 1.83 sources, 1.89, 1.90 system-config-date.spec, 1.93, 1.94
- Next message (by thread): rpms/lighttpd/devel lighttpd-1.4.18-Fix-372-and-1562.patch, NONE, 1.1 lighttpd-1.4.18-mod_cgi-fix.patch, NONE, 1.1 lighttpd.spec, 1.42, 1.43
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list