Source: lighttpd=1.4.15-0.3

apache@rpath.com apache at rpath.com
Wed Jul 18 17:31:49 EDT 2007 

================================
lighttpd:source=1.4.15-0.3 (previous: 1.4.15-0.2)
cvc rdiff lighttpd -1 /conary.rpath.com at rpl:devel//1/1.4.15-0.3
================================
1.4.15-0.3 Jeff Uphoff (https://issues.rpath.com/) Wed Jul 18 17:31:45 2007
    [SECURITY] fix multiple vulnerabilities (RPL-1550) (RPL-1554)
    
1882?format=diff&new=1882: new
1871?format=diff&new=1871: new
lighttpd-1.4.x-scgi-crash.patch: new
--- /dev/null
+++ lighttpd-1.4.x-scgi-crash.patch
@@ -0,0 +13 @@
+Index: src/mod_scgi.c
+===================================================================
+--- src/mod_scgi.c	(revision 1881)
++++ src/mod_scgi.c	(working copy)
+@@ -2536,7 +2536,7 @@
+ 					return HANDLER_WAIT_FOR_FD;
+ 				}
+ 
+-				log_error_write(srv, __FILE__, __LINE__, "sdsdsd",
++				log_error_write(srv, __FILE__, __LINE__, "sosdsd",
+ 						"response not sent, request sent:", hctx->wb->bytes_out,
+ 						"connection-fd:", con->fd,
+ 						"fcgi-fd:", hctx->fd);

1875?format=diff&new=1875: new
1873?format=diff&new=1873: new
1869?format=diff&new=1869: new
lighttpd.recipe: changed
Index: lighttpd.recipe
====================================================================
contents(size sha1)
inode(mtime)
--- lighttpd.recipe /conary.rpath.com at rpl:devel//1/1.4.15-0.2
+++ lighttpd.recipe /conary.rpath.com at rpl:devel//1/1.4.15-0.3
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006 rPath, Inc.
+# Copyright (c) 2006-2007 rPath, Inc.
 # This file is distributed under the terms of the MIT license.
 # A copy is available at http://www.rpath.com/permanent/mit-license.html
 #
@@ -18,6 +18,19 @@
     def unpack(r):
         r.addArchive('http://www.lighttpd.net/download/%(name)s-%(version)s.tar.gz')
 
+        # fix a segfault affecting rAA/rAPA (RPL-1554)
+        # will be fixed upstream for 1.4.16.
+        # see http://trac.lighttpd.net/trac/ticket/1263
+        r.addPatch('http://trac.lighttpd.net/trac/changeset/1882?format=diff&new=1882')
+
+        # various DoS and information-disclosure issues which
+        # should also be fixed for 1.4.16
+        # RPL-1550; CVEs requested, but not yet assigned
+        r.addPatch('http://trac.lighttpd.net/trac/changeset/1869?format=diff&new=1869')
+        r.addPatch('http://trac.lighttpd.net/trac/changeset/1875?format=diff&new=1875')
+        r.addPatch('http://trac.lighttpd.net/trac/changeset/1873?format=diff&new=1873')
+        r.addPatch('http://trac.lighttpd.net/trac/changeset/1871?format=diff&new=1871')
+
     def configure(r):
         r.Configure(r.extraConfig)
 



Committed by: juphoff

More information about the distro-commits mailing list