Hello community, here is the log from the commit of package xsp for openSUSE:11.4 checked in at Wed Feb 23 01:36:30 CET 2011.
-------- --- old-versions/11.4/all/xsp/xsp.changes 2010-10-12 19:49:09.000000000 +0200 +++ /mounts/work_src_done/11.4/xsp/xsp.changes 2011-01-07 17:38:45.000000000 +0100 @@ -1,0 +2,7 @@ +Fri Jan 7 16:38:25 UTC 2011 - [email protected] + +- Update to 2.8.2 + * Fix for CVE-2010-4225, bnc#660070 + * http://www.go-mono.com/archive/2.8.2 + +------------------------------------------------------------------- calling whatdependson for 11.4-i586 Old: ---- xsp-2.8.tar.bz2 New: ---- xsp-2.8.2.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xsp.spec ++++++ --- /var/tmp/diff_new_pack.ocQgUq/_old 2011-02-23 01:36:22.000000000 +0100 +++ /var/tmp/diff_new_pack.ocQgUq/_new 2011-02-23 01:36:22.000000000 +0100 @@ -1,7 +1,7 @@ # -# spec file for package xsp (Version 2.8) +# spec file for package xsp # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -23,8 +23,8 @@ License: MIT Group: Productivity/Networking/Web/Servers AutoReqProv: on -Version: 2.8 -Release: 1 +Version: 2.8.2 +Release: 0.<RELEASE2> Summary: Small Web Server Hosting ASP.NET Source: %{name}-%{version}.tar.bz2 BuildRoot: %{_tmppath}/%{name}-%{version}-build ++++++ xsp-2.8.tar.bz2 -> xsp-2.8.2.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xsp-2.8/configure new/xsp-2.8.2/configure --- old/xsp-2.8/configure 2010-09-28 04:08:39.000000000 +0200 +++ new/xsp-2.8.2/configure 2011-01-04 00:44:52.000000000 +0100 @@ -2252,7 +2252,7 @@ # Define the identity of the package. PACKAGE=xsp - VERSION=2.8 + VERSION=2.8.2 cat >>confdefs.h <<_ACEOF diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xsp-2.8/configure.in new/xsp-2.8.2/configure.in --- old/xsp-2.8/configure.in 2010-09-28 04:07:08.000000000 +0200 +++ new/xsp-2.8.2/configure.in 2011-01-04 00:42:14.000000000 +0100 @@ -1,7 +1,7 @@ AC_PREREQ(2.57) AC_INIT(src/Mono.WebServer.XSP/main.cs) AC_CANONICAL_SYSTEM -AM_INIT_AUTOMAKE(xsp, 2.8) +AM_INIT_AUTOMAKE(xsp, 2.8.2) AM_MAINTAINER_MODE diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xsp-2.8/src/Mono.WebServer/ApplicationServer.cs new/xsp-2.8.2/src/Mono.WebServer/ApplicationServer.cs --- old/xsp-2.8/src/Mono.WebServer/ApplicationServer.cs 2010-09-28 04:07:08.000000000 +0200 +++ new/xsp-2.8.2/src/Mono.WebServer/ApplicationServer.cs 2011-01-04 00:42:14.000000000 +0100 @@ -351,14 +351,13 @@ public void ShutdownSockets () { - if (listen_socket != null && !listen_socket.IsBound) { + if (listen_socket != null) { try { - if (listen_socket.Connected) - listen_socket.Shutdown (SocketShutdown.Receive); + listen_socket.Close (); } catch { - // ignore - we don't care, we're closing anyway + } finally { + listen_socket = null; } - listen_socket.Close (); } lock (registeredSocketsLock) { @@ -392,7 +391,6 @@ runner.Abort (); ShutdownSockets (); UnloadAll (); - Thread.Sleep (1000); } public void UnloadAll () diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xsp-2.8/src/Mono.WebServer.Apache/ModMonoRequest.cs new/xsp-2.8.2/src/Mono.WebServer.Apache/ModMonoRequest.cs --- old/xsp-2.8/src/Mono.WebServer.Apache/ModMonoRequest.cs 2010-09-28 04:07:08.000000000 +0200 +++ new/xsp-2.8.2/src/Mono.WebServer.Apache/ModMonoRequest.cs 2011-01-04 00:42:14.000000000 +0100 @@ -145,8 +145,10 @@ byte cmd = reader.ReadByte (); shutdown = (cmd == 0); - if (shutdown) + if (shutdown) { + Console.Error.WriteLine ("mod-mono-server received a shutdown message"); return; + } if (cmd != protocol_version) { string msg = String.Format ("mod_mono and xsp have different versions. Expected '{0}', got {1}", protocol_version, cmd); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xsp-2.8/src/Mono.WebServer.Apache/ModMonoWorker.cs new/xsp-2.8.2/src/Mono.WebServer.Apache/ModMonoWorker.cs --- old/xsp-2.8/src/Mono.WebServer.Apache/ModMonoWorker.cs 2010-09-28 04:07:08.000000000 +0200 +++ new/xsp-2.8.2/src/Mono.WebServer.Apache/ModMonoWorker.cs 2011-01-04 00:42:14.000000000 +0100 @@ -187,7 +187,7 @@ } if (vapp == null) { - rr.Decline (); + rr.NotFound (); Stream.Close (); Stream = null; return; @@ -195,7 +195,7 @@ ModMonoApplicationHost host = (ModMonoApplicationHost) vapp.AppHost; if (host == null) { - rr.Decline (); + rr.NotFound (); Stream.Close (); Stream = null; return; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xsp-2.8/src/Mono.WebServer.Apache/main.cs new/xsp-2.8.2/src/Mono.WebServer.Apache/main.cs --- old/xsp-2.8/src/Mono.WebServer.Apache/main.cs 2010-09-28 04:07:08.000000000 +0200 +++ new/xsp-2.8.2/src/Mono.WebServer.Apache/main.cs 2011-01-04 00:42:14.000000000 +0100 @@ -224,15 +224,17 @@ { AppDomain.CurrentDomain.UnhandledException += new UnhandledExceptionEventHandler (CurrentDomain_UnhandledException); bool quiet = false; - while (true) { + //while (true) { try { - return new Server ().RealMain (args, true, null, quiet); + Server svr = new Server (); + return svr.RealMain (args, true, null, quiet); } catch (ThreadAbortException) { // Single-app mode and ASP.NET appdomain unloaded Thread.ResetAbort (); quiet = true; // hush 'RealMain' } - } + //} + return 1; } // @@ -460,6 +462,11 @@ return 0; } + + public override object InitializeLifetimeService () + { + return null; + } } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xsp-2.8/src/Mono.WebServer.FastCgi/Connection.cs new/xsp-2.8.2/src/Mono.WebServer.FastCgi/Connection.cs --- old/xsp-2.8/src/Mono.WebServer.FastCgi/Connection.cs 2010-09-28 04:07:08.000000000 +0200 +++ new/xsp-2.8.2/src/Mono.WebServer.FastCgi/Connection.cs 2011-01-04 00:42:14.000000000 +0100 @@ -328,7 +328,14 @@ while (!stop && (UnfinishedRequests || keep_alive)); if (requests.Count == 0) { - socket.Close (); + try { + socket.Close (); + } catch (System.Net.Sockets.SocketException e) { + // Ignore: "The descriptor is not a socket" + // error from UnmanagedSocket.Close + if (e.ErrorCode != 10038) + throw; // Rethrow other errors + } server.EndConnection (this); server.ReleaseBuffers (receive_buffer, send_buffer); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xsp-2.8/src/Mono.WebServer.FastCgi/WorkerRequest.cs new/xsp-2.8.2/src/Mono.WebServer.FastCgi/WorkerRequest.cs --- old/xsp-2.8/src/Mono.WebServer.FastCgi/WorkerRequest.cs 2010-09-28 04:07:08.000000000 +0200 +++ new/xsp-2.8.2/src/Mono.WebServer.FastCgi/WorkerRequest.cs 2011-01-04 00:42:14.000000000 +0100 @@ -458,9 +458,18 @@ private static string ReformatHttpHeader (string header) { string [] parts = header.Substring (5).Split ('_'); - for (int i = 0; i < parts.Length; i ++) - parts [i] = parts [i].Substring (0, 1).ToUpper () - + parts [i].Substring (1).ToLower (); + for (int i = 0; i < parts.Length; i ++) { + string s = parts [i]; + if (String.IsNullOrEmpty (s)) { + parts [i] = ""; + continue; + } + + s = s.ToLower (); + char [] a = s.ToCharArray (); + a [0] = Char.ToUpper (a[0]); + parts [i] = new String (a); + } return string.Join ("-", parts); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xsp-2.8/src/Mono.WebServer.XSP/XSPWorkerRequest.cs new/xsp-2.8.2/src/Mono.WebServer.XSP/XSPWorkerRequest.cs --- old/xsp-2.8/src/Mono.WebServer.XSP/XSPWorkerRequest.cs 2010-09-28 04:07:08.000000000 +0200 +++ new/xsp-2.8.2/src/Mono.WebServer.XSP/XSPWorkerRequest.cs 2011-01-04 00:42:14.000000000 +0100 @@ -734,7 +734,7 @@ public override void SendResponseFromFile (string filename, long offset, long length) { using (FileStream fs = File.OpenRead (filename)) { - if (secure || no_libc || (tried_sendfile && !use_sendfile)) { + if (secure || no_libc) { // We must not call the SendResponseFromFile overload which // takes IntPtr in this case since it will call the base // implementation of that overload which, in turn, will @@ -743,21 +743,21 @@ // twice (FileStream owns the handle). So we just take a // shortcut to what the base overload does here. SendFromStream (fs, offset, length); - } else + } else { SendResponseFromFile (fs.Handle, offset, length); + } } } public override void SendResponseFromFile (IntPtr handle, long offset, long length) { - if (secure || no_libc || (tried_sendfile && !use_sendfile)) { + if (secure || no_libc) { base.SendResponseFromFile (handle, offset, length); return; } int result; try { - tried_sendfile = true; Cork (true); SendHeaders (); while (length > 0) { @@ -771,8 +771,6 @@ } finally { Cork (false); } - - use_sendfile = true; } int SendHeaders () ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
