From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 5B18D139695 for ; Thu, 8 Jun 2017 12:23:27 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 76ED421C08F; Thu, 8 Jun 2017 12:23:26 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 3E10A21C08D for ; Thu, 8 Jun 2017 12:23:26 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 54908341B06 for ; Thu, 8 Jun 2017 12:23:25 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 18F6E7471 for ; Thu, 8 Jun 2017 12:23:24 +0000 (UTC) From: "Anthony G. Basile" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Anthony G. Basile" Message-ID: <1496924596.0e0d82e2749f750546d2dc1d2fade7a26c232511.blueness@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: www-servers/thttpd/, www-servers/thttpd/files/ X-VCS-Repository: repo/gentoo X-VCS-Files: www-servers/thttpd/Manifest www-servers/thttpd/files/thttpd-fix-world-readable-log.patch www-servers/thttpd/thttpd-2.26.4-r3.ebuild X-VCS-Directories: www-servers/thttpd/ www-servers/thttpd/files/ X-VCS-Committer: blueness X-VCS-Committer-Name: Anthony G. Basile X-VCS-Revision: 0e0d82e2749f750546d2dc1d2fade7a26c232511 X-VCS-Branch: master Date: Thu, 8 Jun 2017 12:23:24 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 2f8eb31e-8040-4c8a-be32-8798d7758a8f X-Archives-Hash: ef53112e436868a3d5accae152931c0e commit: 0e0d82e2749f750546d2dc1d2fade7a26c232511 Author: Anthony G. Basile gentoo org> AuthorDate: Thu Jun 8 12:19:50 2017 +0000 Commit: Anthony G. Basile gentoo org> CommitDate: Thu Jun 8 12:23:16 2017 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0e0d82e2 www-servers/thttpd: drop older stable versions 2.26.4-r3 Package-Manager: Portage-2.3.5, Repoman-2.3.1 www-servers/thttpd/Manifest | 1 - .../files/thttpd-fix-world-readable-log.patch | 59 ----------------- www-servers/thttpd/thttpd-2.26.4-r3.ebuild | 73 ---------------------- 3 files changed, 133 deletions(-) diff --git a/www-servers/thttpd/Manifest b/www-servers/thttpd/Manifest index 8a4f8a09313..a404b876e5d 100644 --- a/www-servers/thttpd/Manifest +++ b/www-servers/thttpd/Manifest @@ -1,3 +1,2 @@ -DIST sthttpd-2.26.4.tar.gz 194544 SHA256 78e87979140cbda123c81b4051552242dbbffb5dec1a17e5f95ec4826b1eaddb SHA512 64d0ab4720cc0a8926bc8537d335f5238e5343cf6caad837fe09fe46bfaaaa7013b690193905b3db31a5e945141e7fb3aca52355459ff151ce56b30cfefccd87 WHIRLPOOL e38cce33dd417ce8e30426d0764797e24ebfab2060bacf2f27ee2717b2025e48e6f32245cc6a5ebfed856f8755098f1540ec7ed2005aad1aeff65454dd731c1a DIST sthttpd-2.27.0.tar.gz 206781 SHA256 97d660a881331e93818e872ce11536f461105d70a18dfc5de5895851c4b2afdb SHA512 78945867a01de2f9019deb2d1f21cdedf675c9d67f5de672d0d0bfdc397b444ac287a91d96976dddcdca080cc944e72dd3d1f95f31a592eb839125c494799bdc WHIRLPOOL 55ab90405b3affcb260dc4cfa14008f79cc0b2fd808686078b34ae0a6be2cc4941241406d78f9c2d06360ab6a07f1bf4abc1cf814a46ebe136f031058026419f DIST thttpd-2.27.1.tar.gz 96430 SHA256 a1ee2806432eaf5b5dd267a0523701f9f1fa00fefd499d5bec42165a41e05846 SHA512 5d42e32652eb2310c7379d2c4373ad8f54b33bd7c2b444f06d1756eb4ed296774ce3144d91bbba85c6ad604e575128dc7199b797dc8d1b4849b0249054ba5d24 WHIRLPOOL e64b132e83b459fb0ab6da6f3a15c4a603f8d4f53f123cabccc82077506a258c616c2703992b671e9193c26c452bd3b6908ebfadfb15301f1e34f8925303f625 diff --git a/www-servers/thttpd/files/thttpd-fix-world-readable-log.patch b/www-servers/thttpd/files/thttpd-fix-world-readable-log.patch deleted file mode 100644 index 5c011bac52b..00000000000 --- a/www-servers/thttpd/files/thttpd-fix-world-readable-log.patch +++ /dev/null @@ -1,59 +0,0 @@ -From d2e186dbd58d274a0dea9b59357edc8498b5388d Mon Sep 17 00:00:00 2001 -From: "Anthony G. Basile" -Date: Tue, 26 Feb 2013 14:28:26 -0500 -Subject: [PATCH] src/thttpd.c: Fix world readable log, CVE-2013-0348. - -Make sure that the logfile is created or reopened as read/write -by thttpd user only. - -X-gentoo-Bug: 458896 -X-gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=458896 -Reported-by: Agostino Sarubbo -Signed-off-by: Anthony G. Basile ---- - src/thttpd.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/src/thttpd.c b/src/thttpd.c -index 019b8c0..f33a7a7 100644 ---- a/src/thttpd.c -+++ b/src/thttpd.c -@@ -326,6 +326,7 @@ static void - re_open_logfile( void ) - { - FILE* logfp; -+ int retchmod; - - if ( no_log || hs == (httpd_server*) 0 ) - return; -@@ -335,7 +336,8 @@ re_open_logfile( void ) - { - syslog( LOG_NOTICE, "re-opening logfile" ); - logfp = fopen( logfile, "a" ); -- if ( logfp == (FILE*) 0 ) -+ retchmod = chmod( logfile, S_IRUSR|S_IWUSR ); -+ if ( logfp == (FILE*) 0 || retchmod != 0 ) - { - syslog( LOG_CRIT, "re-opening %.80s - %m", logfile ); - return; -@@ -355,6 +357,7 @@ main( int argc, char** argv ) - gid_t gid = 32767; - char cwd[MAXPATHLEN+1]; - FILE* logfp; -+ int retchmod; - int num_ready; - int cnum; - connecttab* c; -@@ -424,7 +427,8 @@ main( int argc, char** argv ) - else - { - logfp = fopen( logfile, "a" ); -- if ( logfp == (FILE*) 0 ) -+ retchmod = chmod( logfile, S_IRUSR|S_IWUSR ); -+ if ( logfp == (FILE*) 0 || retchmod != 0 ) - { - syslog( LOG_CRIT, "%.80s - %m", logfile ); - perror( logfile ); --- -1.7.12.4 - diff --git a/www-servers/thttpd/thttpd-2.26.4-r3.ebuild b/www-servers/thttpd/thttpd-2.26.4-r3.ebuild deleted file mode 100644 index f1db7482119..00000000000 --- a/www-servers/thttpd/thttpd-2.26.4-r3.ebuild +++ /dev/null @@ -1,73 +0,0 @@ -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI="4" - -inherit eutils flag-o-matic systemd toolchain-funcs user - -MY_P="s${P}" - -DESCRIPTION="Fork of thttpd, a small, fast, multiplexing webserver" -HOMEPAGE="http://opensource.dyc.edu/sthttpd" -SRC_URI="http://opensource.dyc.edu/pub/sthttpd/${MY_P}.tar.gz" -S="${WORKDIR}/${MY_P}" - -LICENSE="BSD GPL-2" -SLOT="0" -KEYWORDS="amd64 arm ~hppa ~mips ppc ppc64 sparc x86 ~amd64-linux ~arm-linux ~x86-linux" -IUSE="" - -RDEPEND="" -DEPEND="" - -WEBROOT="/var/www/localhost" - -THTTPD_USER=thttpd -THTTPD_GROUP=thttpd -THTTPD_DOCROOT="${EPREFIX}${WEBROOT}/htdocs" - -DOCS=( README TODO ) - -pkg_setup() { - ebegin "Creating thttpd user and group" - enewgroup ${THTTPD_GROUP} - enewuser ${THTTPD_USER} -1 -1 -1 ${THTTPD_GROUP} -} - -src_prepare () { - epatch "${FILESDIR}"/thttpd-fix-world-readable-log.patch -} - -src_configure() { - econf WEBDIR=${THTTPD_DOCROOT} -} - -src_install () { - default - - newinitd "${FILESDIR}"/thttpd.init.1 thttpd - newconfd "${FILESDIR}"/thttpd.confd.1 thttpd - - insinto /etc/logrotate.d - newins "${FILESDIR}/thttpd.logrotate" thttpd - - insinto /etc/thttpd - doins "${FILESDIR}"/thttpd.conf.sample - - systemd_dounit "${FILESDIR}/${PN}.service" - - #move htdocs to docdir, bug #429632 - docompress -x /usr/share/doc/"${PF}"/htdocs.dist - mv "${ED}"${WEBROOT}/htdocs \ - "${ED}"/usr/share/doc/"${PF}"/htdocs.dist - mkdir "${ED}"${WEBROOT}/htdocs - - keepdir ${WEBROOT}/htdocs - - chown root:${THTTPD_GROUP} "${ED}/usr/sbin/makeweb" \ - || die "Failed chown makeweb" - chmod 2751 "${ED}/usr/sbin/makeweb" \ - || die "Failed chmod makeweb" - chmod 755 "${ED}/usr/share/doc/${PF}/htdocs.dist/cgi-bin/printenv" \ - || die "Failed chmod printenv" -}