version bump to 1.4.20, including fixes for the security issues outlined in bug 238180; removing old

Package-Manager: portage-2.2_rc11/cvs/Linux 2.6.26-gentoo x86_64

2 files changed, 182 insertions, 12 deletions

diff --git a/www-servers/lighttpd/Manifest b/www-servers/lighttpd/Manifest
index a154f9afde24..1bd38855a87a 100644
--- a/www-servers/lighttpd/Manifest
+++ b/www-servers/lighttpd/Manifest
@@ -28,6 +28,7 @@ AUX 1.4.19-r2/07_all_lighttpd-1.4.19-closing_foreign_ssl_connections-dos-taketwo
 AUX 1.4.19/03_all_lighttpd-1.4.11-errorlog-pipe.diff 5267 RMD160 c23c816fcddbc99758a0426fc11f70677dbc06e9 SHA1 22e0d05d49cecb652d1250ac66de13fdf228cce4 SHA256 b37042549247ca2d83581aa3bcd1a5356c37015000711cecafda05aa6d6a15c4
 AUX 1.4.19/04_all_lighttpd-1.4.13-deprecated-ldap-api.diff 502 RMD160 a10372a6cdfce349c6221f5038f2fda699f5f74e SHA1 12c39cd4ca731509256e271daf4aaac8a62e82c4 SHA256 0a7f3626e23291b3859e953bcc1762117a1585c2717adc065ccbb0ccf2f3577a
 AUX 1.4.19/05_all_lighttpd-1.4.19-force_lowercase_filenames_in_mod_userdir.diff 465 RMD160 570e27715c359c75459d7c967b67ca8c7c15972d SHA1 65558d8eb54e1a722c9e1983e1ab126a8466497a SHA256 81051f76e57f54ab6158300799be0351b68c4fa86d632b423268f35f41bbd0c1
+AUX 1.4.20/03_all_lighttpd-1.4.11-errorlog-pipe.diff 4931 RMD160 7653167b0cd3fde6cb7d3d6fe4ae30a8d2e56ebe SHA1 bd0ff91b5caf447f78bcad66a444fbe3719897fb SHA256 2b1a253dda1dbc688ac072608656121f8c2d346a64be1080c65f2ca1d81f8e2d
 AUX conf/lighttpd.conf 8182 RMD160 450cf40f4ec517331f8932618a3c492cb566e4f3 SHA1 16922786a79807fa3233d1af105a99582d3486a5 SHA256 c0f6951e00d4e8c928f1799a84976ab8bb536bd59a104c13ca9d1d3661d8cebd
 AUX conf/mime-types.conf 3291 RMD160 157c9a6f7d00e52c7d4118edcce8d1eb1e0a3c20 SHA1 3eec39060014e1498d3254919b10a64ca1e6ff00 SHA256 575231104d51fa1882c47021ab0aa00d615401059a6748d64453cb39aafba537
 AUX conf/mod_cgi.conf 869 RMD160 1d447bad36822657d014990128891cbdb6169468 SHA1 30066f52e469339cc8a5df8864b4cc2d9c558c3d SHA256 322656b4cfd22ca9f1f8ab160e0b932f1646622422fd49c6fc82ab416223eecf
@@ -39,23 +40,17 @@ AUX lighttpd.initd-1.4.13-r3 1442 RMD160 17ce31a67f06f22b351ba6abfd868925eb5ad85
 AUX lighttpd.logrotate 487 RMD160 2edb8b4abf75031af0a3b4182efb5b589dfa0d3c SHA1 24e1b048d7be5520ca5ef8ce31b55df13cc8d72b SHA256 503ee1cd454e2c0f9a212ef60dc8321893eda06ccf721ecbe94d189a09e0bc6c
 AUX spawn-fcgi.confd 1076 RMD160 9468249fdedc39fa762a569622bae93f8b3481f9 SHA1 81bad945fc016275873e01e5f69838f73b275a3a SHA256 bfa452a849165f921a2febf0b06879db18c4c921f156b1452d06bb821063f768
 AUX spawn-fcgi.initd 1398 RMD160 3fd0fa41d100629e85960034237abc0866ec3d38 SHA1 9c07c9fd59ec73d5f37df109b188b8a7d691f949 SHA256 ae10c764e2bde9bfc483c57ca94a63d87c24cba00b4c06917885c533d2d245b1
-DIST lighttpd-1.4.16.tar.bz2 592540 RMD160 185948bb05f5e667d604a5e9c6db4f0d64526ba4 SHA1 8f137ff71f629fe24a745c758b72dce24a8669f2 SHA256 568a6ce34d0a185b3164be99bce88011201957952f4ac817f7e7101bc526b59f
-DIST lighttpd-1.4.18.tar.bz2 600227 RMD160 9fcd5e09ee2b1b517868d8843883228cd8b4145f SHA1 a53a8f8ae8d42d036f0b5129764b822e943cc778 SHA256 d59123850f3dd4a10f067d9a0c527324a70203cd3f82f70f0e44b8cb8068db43
 DIST lighttpd-1.4.19.tar.bz2 610347 RMD160 8731ba3efc95659a16dbb11b7298e3b539ab3c75 SHA1 fd4450e7faae55ebe0905114722995b0c57397cc SHA256 a239323239c3735a04290f7c063a14ed2c4560a88c15181c253fcd68c6c2f1d7
-EBUILD lighttpd-1.4.16.ebuild 5834 RMD160 7826a08df78c8b984f4a9b90717a33406c690bfe SHA1 ac288cf249eca1acdaab29e52d7f05a1f5b16c90 SHA256 febee4a940469873d46063f479bfe788af2f2556c587d78caa4a315c67521a29
-EBUILD lighttpd-1.4.18-r1.ebuild 5839 RMD160 5f7cce821208407ed66fb85e560bea0e12008d51 SHA1 b72088c808e136dd9065a04c2ef0a8639769243c SHA256 fa417ae047c775c79c01cb1ea61d41891b14f55c2d8ecf45e20b6579350f17b6
-EBUILD lighttpd-1.4.18-r2.ebuild 5839 RMD160 886689012018091b916bdcfa6792b8159fb4328b SHA1 60f1d7d081482b22bf1a250539c659fb9fecf0d0 SHA256 0fbd0d412eb68eeb21848a0ae927f458f624b950dd53194ab5c437acec51c13a
-EBUILD lighttpd-1.4.18-r3.ebuild 5839 RMD160 3889c89bd5931dbe723bdcd93b3dad145d753f08 SHA1 7bf433466a254bb3131eee31761f18234768c5e6 SHA256 50dc2b2ff44431fcd3f9174d0521b0a0e8711e45c5e6438176d3f8dfebbd53f9
-EBUILD lighttpd-1.4.18.ebuild 5835 RMD160 fa429054db8803c73cf20dd216db57d20a43efc3 SHA1 7b2019a39a552e7bf7d3035462e572b0f90aa486 SHA256 2cb1bdd319a8c2c785fe6d71032cb800ffe0a1747af0ee0e2f652cd2cc05cee2
+DIST lighttpd-1.4.20.tar.bz2 618018 RMD160 0fcc71d6063574da86b610c9bdc16b7e44f9d2e7 SHA1 e5944a40579e0f37c6a0eeb0ad751344b2d6006c SHA256 3cda2ce779f24948062f765f2630b5865e483f5fab7149681a2a25422fd61176
 EBUILD lighttpd-1.4.19-r1.ebuild 5849 RMD160 ddf66c13584b708af98f0a381f981b853f2483ab SHA1 557eb790efaf174e270ec8dc0cb9c6533495622b SHA256 4b80f154ece87c56326c5300e9ec6913136e98b5d3534b3e93c22cb4d44c1576
 EBUILD lighttpd-1.4.19-r2.ebuild 5839 RMD160 0947b4c115cc5ecbc0ec67aa4b077b70c1714d09 SHA1 9ccbbb41364d162b09e52134cbc47c72f731ffdc SHA256 373f9b64c41abce5d09af55a16218ab34ac44bedc4cc6019d034d20865db4ac4
-EBUILD lighttpd-1.4.19.ebuild 5843 RMD160 460f7d0e313b3e52d267d71074935680b867f760 SHA1 46768fb10ad25730ac692630361a6096781a8cf9 SHA256 3e2656b967252393ba16fdecbcdd13bb89cc234c4fc35f00530dd2a1b1b9325d
-MISC ChangeLog 42131 RMD160 b88a274e73a148ec36b145b347ecccfe4974eaf5 SHA1 6159463effec56ad7ab77f87a339f2616763db2b SHA256 e32d33b0daf72b3096a72ce840ca9f8fe36f0e9f4825aebd7c0e510f623305cd
+EBUILD lighttpd-1.4.20.ebuild 5846 RMD160 a35d22b5067213e35966c12e547ca28f18833ca9 SHA1 87c15fdd4cc5425dd3d5b47c87e56137be5bd2e3 SHA256 25f290fbe479cb028169c7e16eb6868a788f819047cf7339d0ec2fdee935669d
+MISC ChangeLog 42574 RMD160 ca55043de5c6fc19d909662a39b913e06162ee61 SHA1 8292be0899de67c802e06458b47ed62ae15a8729 SHA256 a9190cc63cad9da0a65f5fb86c38096763f9d0cc34f6198c5aba29f64ac550ab
 MISC metadata.xml 863 RMD160 580a4e4e669eaa10958b4b31dda1a0fab0f859a0 SHA1 c159a56672a36236ed3bf2c3f051083983fc6689 SHA256 e4b966b7a5a22d74e5e6b22d235d9037689d1f79d74cadda74e8934a802879f2
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.9 (GNU/Linux)
 
-iEYEARECAAYFAkivPOoACgkQoeSe8B0zEfzLJgCghjsonDJAdzX7lA2K3B+tunW6
-Zn4An2ZlPB1tAxpAKmJy+fqr1D1/iXAi
-=CXlO
+iEYEARECAAYFAkjiPnoACgkQSamB34AN3N5AMACghnOW9179OGXxfhwl9zB2BlNS
+mfAAn1K73+9frxap4vuk641GF73l6VCQ
+=MLlH
 -----END PGP SIGNATURE-----
diff --git a/www-servers/lighttpd/files/1.4.20/03_all_lighttpd-1.4.11-errorlog-pipe.diff b/www-servers/lighttpd/files/1.4.20/03_all_lighttpd-1.4.11-errorlog-pipe.diff
new file mode 100644
index 000000000000..5133fea95283
--- /dev/null
+++ b/www-servers/lighttpd/files/1.4.20/03_all_lighttpd-1.4.11-errorlog-pipe.diff
@@ -0,0 +1,175 @@
+Initial patch from http://trac.lighttpd.net/trac/ticket/296
+Updated to apply against 1.4.20 by hoffie
+Upstream will only accept it once it has been changed to make the pipe logging more generic
+
+diff -r 447bac6969ef src/base.h
+--- a/src/base.h	Tue Aug 19 18:04:17 2008 +0200
++++ b/src/base.h	Tue Aug 19 19:45:00 2008 +0200
+@@ -530,7 +530,7 @@
+ 
+ 	/* the errorlog */
+ 	int errorlog_fd;
+-	enum { ERRORLOG_STDERR, ERRORLOG_FILE, ERRORLOG_SYSLOG } errorlog_mode;
++	enum { ERRORLOG_STDERR, ERRORLOG_FILE, ERRORLOG_SYSLOG, ERRORLOG_PIPE } errorlog_mode;
+ 	buffer *errorlog_buf;
+ 
+ 	fdevents *ev, *ev_ins;
+diff -r 447bac6969ef src/log.c
+--- a/src/log.c	Tue Aug 19 18:04:17 2008 +0200
++++ b/src/log.c	Tue Aug 19 19:45:00 2008 +0200
+@@ -57,10 +57,11 @@
+ /**
+  * open the errorlog
+  *
+- * we have 3 possibilities:
++ * we have 4 possibilities:
+  * - stderr (default)
+  * - syslog
+  * - logfile
++ * - pipe
+  *
+  * if the open failed, report to the user and die
+  *
+@@ -79,21 +80,80 @@
+ 		srv->errorlog_mode = ERRORLOG_SYSLOG;
+ 	} else if (!buffer_is_empty(srv->srvconf.errorlog_file)) {
+ 		const char *logfile = srv->srvconf.errorlog_file->ptr;
++		if (logfile[0] == '|') {
++#ifdef HAVE_FORK
++			/* create write pipe and spawn process */
+ 
+-		if (-1 == (srv->errorlog_fd = open(logfile, O_APPEND | O_WRONLY | O_CREAT | O_LARGEFILE, 0644))) {
+-			log_error_write(srv, __FILE__, __LINE__, "SSSS",
++			int to_log_fds[2];
++			int fd;
++			pid_t pid;
++
++			if (pipe(to_log_fds)) {
++				log_error_write(srv, __FILE__, __LINE__, "ss",
++				"pipe failed: ", strerror(errno));
++				return -1;
++			}
++
++			/* fork, execve */
++			switch (pid = fork()) {
++			case 0:
++				/* child */
++
++				close(STDIN_FILENO);
++				dup2(to_log_fds[0], STDIN_FILENO);
++				close(to_log_fds[0]);
++				/* not needed */
++				close(to_log_fds[1]);
++
++				/* we don't need the client socket */
++				for (fd = 3; fd < 256; fd++) {
++					close(fd);
++				}
++
++				/* exec the log-process (skip the | )
++				 *
++				 */
++
++				execl("/bin/sh", "sh", "-c", logfile + 1, NULL);
++
++				log_error_write(srv, __FILE__, __LINE__, "sss",
++					"spawning log-process failed: ",
++					strerror(errno), logfile + 1);
++
++				exit(-1);
++				break;
++			case -1:
++				/* error */
++				log_error_write(srv, __FILE__, __LINE__, "ss", "fork failed:", strerror(errno));
++				break;
++			default:
++				close(to_log_fds[0]);
++
++				srv->errorlog_fd = to_log_fds[1];
++
++				break;
++			}
++			srv->errorlog_mode = ERRORLOG_PIPE;
++#else
++			log_error_write(srv, __FILE__, __LINE__, "SSS",
++				"opening errorlog '", logfile,"' impossible");
++			return -1;
++#endif
++		} else {
++			if (-1 == (srv->errorlog_fd = open(logfile, O_APPEND | O_WRONLY | O_CREAT | O_LARGEFILE, 0644))) {
++				log_error_write(srv, __FILE__, __LINE__, "SSSS",
+ 					"opening errorlog '", logfile,
+ 					"' failed: ", strerror(errno));
+ 
+-			return -1;
++				return -1;
++			}
++			srv->errorlog_mode = ERRORLOG_FILE;
+ 		}
+ #ifdef FD_CLOEXEC
+ 		/* close fd on exec (cgi) */
+ 		fcntl(srv->errorlog_fd, F_SETFD, FD_CLOEXEC);
+ #endif
+-		srv->errorlog_mode = ERRORLOG_FILE;
+ 	}
+-
+ 	log_error_write(srv, __FILE__, __LINE__, "s", "server started");
+ 
+ #ifdef HAVE_VALGRIND_VALGRIND_H
+@@ -122,7 +182,7 @@
+  */
+ 
+ int log_error_cycle(server *srv) {
+-	/* only cycle if we are not in syslog-mode */
++	/* only cycle if the error log is a file */
+ 
+ 	if (srv->errorlog_mode == ERRORLOG_FILE) {
+ 		const char *logfile = srv->srvconf.errorlog_file->ptr;
+@@ -154,6 +214,7 @@
+ 
+ int log_error_close(server *srv) {
+ 	switch(srv->errorlog_mode) {
++	case ERRORLOG_PIPE: /* fall through */
+ 	case ERRORLOG_FILE:
+ 		close(srv->errorlog_fd);
+ 		break;
+@@ -173,6 +234,7 @@
+ 	va_list ap;
+ 
+ 	switch(srv->errorlog_mode) {
++	case ERRORLOG_PIPE:
+ 	case ERRORLOG_FILE:
+ 	case ERRORLOG_STDERR:
+ 		/* cache the generated timestamp */
+@@ -257,6 +319,7 @@
+ 	va_end(ap);
+ 
+ 	switch(srv->errorlog_mode) {
++	case ERRORLOG_PIPE: /* fall through */
+ 	case ERRORLOG_FILE:
+ 		buffer_append_string_len(srv->errorlog_buf, CONST_STR_LEN("\n"));
+ 		write(srv->errorlog_fd, srv->errorlog_buf->ptr, srv->errorlog_buf->used - 1);
+diff -r 447bac6969ef src/mod_cgi.c
+--- a/src/mod_cgi.c	Tue Aug 19 18:04:17 2008 +0200
++++ b/src/mod_cgi.c	Tue Aug 19 19:45:00 2008 +0200
+@@ -781,7 +781,7 @@
+ 		 *
+ 		 * we feed the stderr of the CGI to our errorlog, if possible
+ 		 */
+-		if (srv->errorlog_mode == ERRORLOG_FILE) {
++		if ((srv->errorlog_mode == ERRORLOG_FILE) || (srv->errorlog_mode == ERRORLOG_PIPE)) {
+ 			close(STDERR_FILENO);
+ 			dup2(srv->errorlog_fd, STDERR_FILENO);
+ 		}
+diff -r 447bac6969ef src/mod_rrdtool.c
+--- a/src/mod_rrdtool.c	Tue Aug 19 18:04:17 2008 +0200
++++ b/src/mod_rrdtool.c	Tue Aug 19 19:45:00 2008 +0200
+@@ -134,7 +134,7 @@
+ 
+ 		close(STDERR_FILENO);
+ 
+-		if (srv->errorlog_mode == ERRORLOG_FILE) {
++		if ((srv->errorlog_mode == ERRORLOG_FILE) || (srv->errorlog_mode == ERRORLOG_PIPE)) {
+ 			dup2(srv->errorlog_fd, STDERR_FILENO);
+ 			close(srv->errorlog_fd);
+ 		}