rpms/lighttpd/F-7 lighttpd-1.4.18-Fix-372-and-1562.patch, NONE, 1.1 lighttpd-1.4.18-mod_cgi-fix.patch, NONE, 1.1 lighttpd.spec, 1.35, 1.36

Matthias Saou (thias) fedora-extras-commits at redhat.com
Tue Mar 4 10:44:52 UTC 2008 

Author: thias

Update of /cvs/extras/rpms/lighttpd/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4829

Modified Files:
	lighttpd.spec 
Added Files:
	lighttpd-1.4.18-Fix-372-and-1562.patch 
	lighttpd-1.4.18-mod_cgi-fix.patch 
Log Message:
Include security patches.


lighttpd-1.4.18-Fix-372-and-1562.patch:

--- NEW FILE lighttpd-1.4.18-Fix-372-and-1562.patch ---
>From 6b77fd21b58b6bfc10bd01fd0ce4e5f4ced0d5d9 Mon Sep 17 00:00:00 2001
From: =?utf-8?q?Stefan=20B=C3=BChler?= <stbuehler at web.de>
Date: Wed, 13 Feb 2008 00:07:22 +0100
Subject: [PATCH] Fix #372 + #1562

---
 src/fdevent_solaris_devpoll.c |    2 +-
 src/server.c                  |    3 ---
 2 files changed, 1 insertions(+), 4 deletions(-)

diff --git a/src/fdevent_solaris_devpoll.c b/src/fdevent_solaris_devpoll.c
index f77daef..76414a4 100644
--- a/src/fdevent_solaris_devpoll.c
+++ b/src/fdevent_solaris_devpoll.c
@@ -67,7 +67,7 @@ static int fdevent_solaris_devpoll_poll(fdevents *ev, int timeout_ms) {
 	int ret;
 
 	dopoll.dp_timeout = timeout_ms;
-	dopoll.dp_nfds = ev->maxfds;
+	dopoll.dp_nfds = ev->maxfds - 1;
 	dopoll.dp_fds = ev->devpollfds;
 
 	ret = ioctl(ev->devpoll_fd, DP_POLL, &dopoll);
diff --git a/src/server.c b/src/server.c
index 052130a..585a973 100644
--- a/src/server.c
+++ b/src/server.c
@@ -697,9 +697,6 @@ int main (int argc, char **argv) {
 			}
 		}
 
-		/* #372: solaris need some fds extra for devpoll */
-		if (rlim.rlim_cur > 10) rlim.rlim_cur -= 10;
-
 		if (srv->event_handler == FDEVENT_HANDLER_SELECT) {
 			srv->max_fds = rlim.rlim_cur < FD_SETSIZE - 200 ? rlim.rlim_cur : FD_SETSIZE - 200;
 		} else {
-- 
1.5.3.8


lighttpd-1.4.18-mod_cgi-fix.patch:

--- NEW FILE lighttpd-1.4.18-mod_cgi-fix.patch ---
Index: lighttpd-1.4.x/src/mod_cgi.c
===================================================================
--- lighttpd-1.4.x/src/mod_cgi.c (revision 2065)
+++ lighttpd-1.4.x/src/mod_cgi.c (revision 2107)
@@ -1005,4 +1005,5 @@
 		/* error */
 		log_error_write(srv, __FILE__, __LINE__, "ss", "fork failed:", strerror(errno));
+		return -1;
 		break;
 	default: {


Index: lighttpd.spec
===================================================================
RCS file: /cvs/extras/rpms/lighttpd/F-7/lighttpd.spec,v
retrieving revision 1.35
retrieving revision 1.36
diff -u -r1.35 -r1.36
--- lighttpd.spec	10 Sep 2007 15:45:39 -0000	1.35
+++ lighttpd.spec	4 Mar 2008 10:44:13 -0000	1.36
@@ -3,7 +3,7 @@
 Summary: Lightning fast webserver with light system requirements
 Name: lighttpd
 Version: 1.4.18
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: BSD
 Group: System Environment/Daemons
 URL: http://www.lighttpd.net/
@@ -16,6 +16,9 @@
 Source13: http://www.lighttpd.net/light_button.png
 Source14: http://www.lighttpd.net/light_logo.png
 Patch0: lighttpd-1.4.17-defaultconf.patch
+# Security fixes
+Patch10: lighttpd-1.4.18-Fix-372-and-1562.patch
+Patch11: lighttpd-1.4.18-mod_cgi-fix.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 Requires(pre): /usr/sbin/useradd
 Requires(post): /sbin/chkconfig
@@ -72,6 +75,8 @@
 %prep
 %setup -q
 %patch0 -p1 -b .defaultconf
+%patch10 -p1 -b .Fix-372-and-1562
+%patch11 -p1 -b .mod_cgi-fix
 
 
 %build
@@ -184,6 +189,10 @@
 
 
 %changelog
+* Tue Mar  4 2008 Matthias Saou <http://freshrpms.net/> 1.4.18-2
+- Include patch for CVE-2008-0983 (crash when low on file descriptors).
+- Include patch for CVE-2008-1111 (cgi source disclosure).
+
 * Mon Sep 10 2007 Matthias Saou <http://freshrpms.net/> 1.4.18-1
 - Update to 1.4.18.
 - Include newly installed lighttpd-angel ("angel" process meant to always run

More information about the fedora-extras-commits mailing list