commit lighttpd for openSUSE:Factory

root Tue, 14 Mar 2017 02:08:04 -0700

Hello community,

here is the log from the commit of package lighttpd for openSUSE:Factory 
checked in at 2017-03-14 10:06:09
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/lighttpd (Old)
 and      /work/SRC/openSUSE:Factory/.lighttpd.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "lighttpd"

Tue Mar 14 10:06:09 2017 rev:33 rq:479031 version:1.4.45

Changes:
--------
--- /work/SRC/openSUSE:Factory/lighttpd/lighttpd.changes        2017-01-25 
23:26:26.430687117 +0100
+++ /work/SRC/openSUSE:Factory/.lighttpd.new/lighttpd.changes   2017-03-14 
10:07:11.574889658 +0100
@@ -1,0 +2,6 @@
+Thu Mar  9 13:47:58 UTC 2017 - [email protected]
+
+- added lighttpd-1.4.x_out_of_bounds_read.patch: fix out of bounds
+  read in mod_scgi (debian#857255)
+
+-------------------------------------------------------------------

New:
----
  lighttpd-1.4.x_out_of_bounds_read.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ lighttpd.spec ++++++
--- /var/tmp/diff_new_pack.N8Vd3b/_old  2017-03-14 10:07:12.258792817 +0100
+++ /var/tmp/diff_new_pack.N8Vd3b/_new  2017-03-14 10:07:12.262792251 +0100
@@ -36,6 +36,7 @@
 Source5:        lighttpd.SuSEfirewall
 Source6:        lighttpd-ssl.SuSEfirewall
 Source7:        lighttpd.logrotate
+Patch:          lighttpd-1.4.x_out_of_bounds_read.patch
 BuildRequires:  FastCGI-devel
 BuildRequires:  GeoIP-devel
 BuildRequires:  automake
@@ -216,7 +217,7 @@
 
 %prep
 %setup -q -n %{pkg_name}-%{pkg_version}
-
+%patch -p1
 # Do not store build TIME and DATE
 modified="$(sed -n '/^----/n;s/ - .*$//;p;q' "%{_sourcedir}/%{name}.changes")"
 DATE="\"$(date -d "${modified}" "+%%b %%e %%Y")\""

++++++ lighttpd-1.4.x_out_of_bounds_read.patch ++++++
Index: lighttpd-1.4.35/src/mod_scgi.c
===================================================================
--- lighttpd-1.4.35.orig/src/mod_scgi.c 2017-03-09 14:44:50.146786080 +0100
+++ lighttpd-1.4.35/src/mod_scgi.c      2017-03-09 14:46:11.518863947 +0100
@@ -1871,7 +1871,7 @@ static int scgi_demux_response(server *s
 
                                        if (eol == EOL_UNSET) eol = EOL_N;
 
-                                       if (*(c+1) == '\n') {
+                                       if ((used > 1) && (*(c+1) == '\n')) {
                                                header_end = 1;
                                                hlen = cp + 2;
                                                break;

commit lighttpd for openSUSE:Factory

Reply via email to