Hello community, here is the log from the commit of package thttpd for openSUSE:Factory checked in at 2017-08-10 14:05:17 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/thttpd (Old) and /work/SRC/openSUSE:Factory/.thttpd.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "thttpd" Thu Aug 10 14:05:17 2017 rev:37 rq:514492 version:2.27 Changes: -------- --- /work/SRC/openSUSE:Factory/thttpd/thttpd.changes 2015-10-20 00:05:17.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.thttpd.new/thttpd.changes 2017-08-10 14:13:02.852475398 +0200 @@ -1,0 +2,10 @@ +Mon Jun 26 11:58:22 UTC 2017 - vci...@suse.com + +- update to 2.27 + Stats syslogs changed from LOG_INFO to LOG_NOTICE. + Use memmove() for self-overlapping string copies instead of strcpy(). + Couple of subroutine name changes for consistency. +- drop thttpd-2.25b-strcpy.patch (upstream) +- enforce single process build, as parallel does fail sometimes + +------------------------------------------------------------------- Old: ---- thttpd-2.25b-strcpy.patch thttpd-2.26.tar.gz New: ---- thttpd-2.27.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ thttpd.spec ++++++ --- /var/tmp/diff_new_pack.MwaP4t/_old 2017-08-10 14:13:03.820339121 +0200 +++ /var/tmp/diff_new_pack.MwaP4t/_new 2017-08-10 14:13:03.820339121 +0200 @@ -1,7 +1,7 @@ # # spec file for package thttpd # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -23,7 +23,7 @@ %define with_systemd 0 %endif Name: thttpd -Version: 2.26 +Version: 2.27 Release: 0 Summary: Small and very simple webserver License: BSD-3-Clause @@ -45,7 +45,6 @@ Patch8: %{name}-2.25b-overflow.diff Patch9: %{name}-2.25b-chown.diff Patch10: %{name}-2.25b-zerolen.patch -Patch11: %{name}-2.25b-strcpy.patch # PATCH-FIX-SUSE CVE-2012-5640 Patch13: thttpd-2.25b-CVE-2012-5640-check_crypt_return_value.patch Patch14: thttpd-CVE-2013-0348.patch @@ -54,12 +53,11 @@ BuildRequires: libtool Requires(post): permissions Recommends: logrotate -# both packages provide /usr/bin/htpasswd -Conflicts: apache2-utils # both packages provide /srw/www/htdocs/index.html Conflicts: apache2-example-pages +# both packages provide /usr/bin/htpasswd +Conflicts: apache2-utils Provides: http_daemon -BuildRoot: %{_tmppath}/%{name}-%{version}-build %if %{with_systemd} BuildRequires: systemd %{?systemd_requires} @@ -89,7 +87,6 @@ %patch8 %patch9 %patch10 -%patch11 %patch13 -p1 %patch14 -p1 %patch15 -p1 @@ -104,7 +101,8 @@ export CFLAGS="%{optflags} -fPIC -DPIC -fPIE" export LDFLAGS="-pie -Wl,-z,relro,-z,now" %configure -make +# parallel build causes problems, single thread build takes only 10s anyway +make -j1 %install install -d %{buildroot}%{_bindir} \ @@ -112,7 +110,7 @@ %{buildroot}%{_mandir}/man1 \ %{buildroot}%{_mandir}/man8 \ %{buildroot}%{serverroot}/htdocs/users -make DESTDIR=%{buildroot} install %{?_smp_mflags} +%make_install install -D -m0644 index.html %{buildroot}/%{serverroot}/htdocs/index.html install -D -m0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/%{name}.conf install -D -m0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/logrotate.d/%{name} @@ -135,11 +133,7 @@ %else %{fillup_and_insserv thttpd} %endif -%if 0%{?suse_version} <= 1130 -%run_permissions -%else %set_permissions %{_bindir}/makeweb -%endif %verifyscript %verify_permissions -e %{_bindir}/makeweb @@ -160,7 +154,6 @@ %endif %files -%defattr(-, root, root) %doc README config.h %{serverroot}/htdocs/* %attr(775, root, www) %{serverroot}/htdocs/users ++++++ thttpd-2.26.tar.gz -> thttpd-2.27.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/thttpd-2.26/README new/thttpd-2.27/README --- old/thttpd-2.26/README 2005-05-20 21:10:25.000000000 +0200 +++ new/thttpd-2.27/README 2015-10-20 01:38:08.000000000 +0200 @@ -1,5 +1,5 @@ thttpd - tiny/turbo/throttling HTTP server - version 2.26 of ??may2004 + version 2.27 of 19Oct2015 thttpd is a simple, small, portable, fast, and secure HTTP server. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/thttpd-2.26/contrib/redhat-rpm/thttpd.spec new/thttpd-2.27/contrib/redhat-rpm/thttpd.spec --- old/thttpd-2.26/contrib/redhat-rpm/thttpd.spec 2005-05-20 21:10:25.000000000 +0200 +++ new/thttpd-2.27/contrib/redhat-rpm/thttpd.spec 2015-10-20 01:38:13.000000000 +0200 @@ -1,6 +1,6 @@ Summary: Throttleable lightweight httpd server Name: thttpd -Version: 2.26 +Version: 2.27 Release: 1 Group: Networking URL: http://www.acme.com/software/thttpd diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/thttpd-2.26/fdwatch.c new/thttpd-2.27/fdwatch.c --- old/thttpd-2.26/fdwatch.c 2014-08-05 00:45:49.000000000 +0200 +++ new/thttpd-2.27/fdwatch.c 2014-12-10 21:51:36.000000000 +0100 @@ -278,7 +278,7 @@ { if ( secs > 0 ) syslog( - LOG_INFO, " fdwatch - %ld %ss (%g/sec)", + LOG_NOTICE, " fdwatch - %ld %ss (%g/sec)", nwatches, WHICH, (float) nwatches / secs ); nwatches = 0; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/thttpd-2.26/libhttpd.c new/thttpd-2.27/libhttpd.c --- old/thttpd-2.26/libhttpd.c 2014-08-05 00:41:30.000000000 +0200 +++ new/thttpd-2.27/libhttpd.c 2015-10-20 01:40:27.000000000 +0200 @@ -1,7 +1,7 @@ /* libhttpd.c - HTTP protocol library ** -** Copyright � 1995,1998,1999,2000,2001 by Jef Poskanzer <j...@mail.acme.com>. -** All rights reserved. +** Copyright � 1995,1998,1999,2000,2001,2015 by +** Jef Poskanzer <j...@mail.acme.com>. All rights reserved. ** ** Redistribution and use in source and binary forms, with or without ** modification, are permitted provided that the following conditions @@ -292,7 +292,7 @@ } /* Nuke any leading slashes in the cgi pattern. */ while ( ( cp = strstr( hs->cgi_pattern, "|/" ) ) != (char*) 0 ) - (void) strcpy( cp + 1, cp + 2 ); + (void) ol_strcpy( cp + 1, cp + 2 ); } hs->cgi_limit = cgi_limit; hs->cgi_count = 0; @@ -1508,7 +1508,7 @@ /* Remove any leading slashes. */ while ( rest[0] == '/' ) { - (void) strcpy( rest, &(rest[1]) ); + (void) ol_strcpy( rest, &(rest[1]) ); --restlen; } r = rest; @@ -1626,7 +1626,7 @@ /* Insert the link contents in front of the rest of the filename. */ if ( restlen != 0 ) { - (void) strcpy( rest, r ); + (void) ol_strcpy( rest, r ); httpd_realloc_str( &rest, &maxrest, restlen + linklen + 1 ); for ( i = restlen; i >= 0; --i ) rest[i + linklen + 1] = rest[i]; @@ -2355,7 +2355,7 @@ hc->expnfilename, hc->hs->cwd, strlen( hc->hs->cwd ) ) == 0 ) { /* Elide the current directory. */ - (void) strcpy( + (void) ol_strcpy( hc->expnfilename, &hc->expnfilename[strlen( hc->hs->cwd )] ); } #ifdef TILDE_MAP_2 @@ -2422,26 +2422,26 @@ { for ( cp2 = cp + 2; *cp2 == '/'; ++cp2 ) continue; - (void) strcpy( cp + 1, cp2 ); + (void) ol_strcpy( cp + 1, cp2 ); } /* Remove leading ./ and any /./ sequences. */ while ( strncmp( file, "./", 2 ) == 0 ) - (void) strcpy( file, file + 2 ); + (void) ol_strcpy( file, file + 2 ); while ( ( cp = strstr( file, "/./") ) != (char*) 0 ) - (void) strcpy( cp, cp + 2 ); + (void) ol_strcpy( cp, cp + 2 ); /* Alternate between removing leading ../ and removing xxx/../ */ for (;;) { while ( strncmp( file, "../", 3 ) == 0 ) - (void) strcpy( file, file + 3 ); + (void) ol_strcpy( file, file + 3 ); cp = strstr( file, "/../" ); if ( cp == (char*) 0 ) break; for ( cp2 = cp - 1; cp2 >= file && *cp2 != '/'; --cp2 ) continue; - (void) strcpy( cp2 + 1, cp + 4 ); + (void) ol_strcpy( cp2 + 1, cp + 4 ); } /* Also elide any xxx/.. at the end. */ @@ -2658,7 +2658,7 @@ pid = (pid_t) client_data.i; if ( kill( pid, SIGKILL ) == 0 ) - syslog( LOG_ERR, "hard-killed CGI process %d", pid ); + syslog( LOG_WARNING, "hard-killed CGI process %d", pid ); } static void @@ -2669,7 +2669,7 @@ pid = (pid_t) client_data.i; if ( kill( pid, SIGINT ) == 0 ) { - syslog( LOG_ERR, "killed CGI process %d", pid ); + syslog( LOG_WARNING, "killed CGI process %d", pid ); /* In case this isn't enough, schedule an uncatchable kill. */ if ( tmr_create( nowP, cgi_kill2, client_data, 5 * 1000L, 0 ) == (Timer*) 0 ) { @@ -4122,7 +4122,7 @@ } else if ( IN6_IS_ADDR_V4MAPPED( &saP->sa_in6.sin6_addr ) && strncmp( str, "::ffff:", 7 ) == 0 ) /* Elide IPv6ish prefix for IPv4 addresses. */ - (void) strcpy( str, &str[7] ); + (void) ol_strcpy( str, &str[7] ); return str; @@ -4273,7 +4273,7 @@ httpd_logstats( long secs ) { if ( str_alloc_count > 0 ) - syslog( LOG_INFO, + syslog( LOG_NOTICE, " libhttpd - %d strings allocated, %lu bytes (%g bytes/str)", str_alloc_count, (unsigned long) str_alloc_size, (float) str_alloc_size / str_alloc_count ); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/thttpd-2.26/libhttpd.h new/thttpd-2.27/libhttpd.h --- old/thttpd-2.26/libhttpd.h 2014-08-05 00:41:28.000000000 +0200 +++ new/thttpd-2.27/libhttpd.h 2015-10-19 23:30:43.000000000 +0200 @@ -52,6 +52,9 @@ #define NEW(t,n) ((t*) malloc( sizeof(t) * (n) )) #define RENEW(o,t,n) ((t*) realloc( (void*) o, sizeof(t) * (n) )) +/* Do overlapping strcpy safely, by using memmove. */ +#define ol_strcpy(dst,src) memmove(dst,src,strlen(src)+1) + /* The httpd structs. */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/thttpd-2.26/mmc.c new/thttpd-2.27/mmc.c --- old/thttpd-2.26/mmc.c 2014-08-05 00:42:37.000000000 +0200 +++ new/thttpd-2.27/mmc.c 2014-12-10 21:53:22.000000000 +0100 @@ -1,6 +1,6 @@ /* mmc.c - mmap cache ** -** Copyright � 1998,2001 by Jef Poskanzer <j...@mail.acme.com>. +** Copyright � 1998,2001,2014 by Jef Poskanzer <j...@mail.acme.com>. ** All rights reserved. ** ** Redistribution and use in source and binary forms, with or without @@ -395,7 +395,7 @@ void -mmc_destroy( void ) +mmc_term( void ) { Map* m; @@ -523,7 +523,7 @@ mmc_logstats( long secs ) { syslog( - LOG_INFO, " map cache - %d allocated, %d active (%lld bytes), %d free; hash size: %d; expire age: %ld", + LOG_NOTICE, " map cache - %d allocated, %d active (%lld bytes), %d free; hash size: %d; expire age: %ld", alloc_count, map_count, (long long) mapped_bytes, free_count, hash_size, expire_age ); if ( map_count + free_count != alloc_count ) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/thttpd-2.26/mmc.h new/thttpd-2.27/mmc.h --- old/thttpd-2.26/mmc.h 2014-07-10 01:45:47.000000000 +0200 +++ new/thttpd-2.27/mmc.h 2014-12-10 21:50:35.000000000 +0100 @@ -1,6 +1,6 @@ /* mmc.h - header file for mmap cache package ** -** Copyright � 1998 by Jef Poskanzer <j...@mail.acme.com>. +** Copyright � 1998,2014 by Jef Poskanzer <j...@mail.acme.com>. ** All rights reserved. ** ** Redistribution and use in source and binary forms, with or without @@ -47,7 +47,7 @@ void mmc_cleanup( struct timeval* nowP ); /* Free all storage, usually in preparation for exitting. */ -void mmc_destroy( void ); +void mmc_term( void ); /* Generate debugging statistics syslog message. */ void mmc_logstats( long secs ); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/thttpd-2.26/scripts/500.thttpd-rotate new/thttpd-2.27/scripts/500.thttpd-rotate --- old/thttpd-2.26/scripts/500.thttpd-rotate 2003-11-17 22:02:17.000000000 +0100 +++ new/thttpd-2.27/scripts/500.thttpd-rotate 2015-02-03 16:15:29.000000000 +0100 @@ -6,12 +6,14 @@ # tells thttpd to re-open its log file. cd /usr/local/www/chroot/logs -rm -f thttpd_log.7 -mv thttpd_log.6 thttpd_log.7 -mv thttpd_log.5 thttpd_log.6 -mv thttpd_log.4 thttpd_log.5 -mv thttpd_log.3 thttpd_log.4 -mv thttpd_log.2 thttpd_log.3 -mv thttpd_log.1 thttpd_log.2 +rm -f thttpd_log.7.gz +mv thttpd_log.6.gz thttpd_log.7.gz +mv thttpd_log.5.gz thttpd_log.6.gz +mv thttpd_log.4.gz thttpd_log.5.gz +mv thttpd_log.3.gz thttpd_log.4.gz +mv thttpd_log.2.gz thttpd_log.3.gz +mv thttpd_log.1.gz thttpd_log.2.gz mv thttpd_log thttpd_log.1 kill -HUP `cat /var/run/thttpd.pid` +sleep 1 +gzip -f thttpd_log.1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/thttpd-2.26/scripts/thttpd.sh new/thttpd-2.27/scripts/thttpd.sh --- old/thttpd-2.26/scripts/thttpd.sh 2004-05-06 18:43:23.000000000 +0200 +++ new/thttpd-2.27/scripts/thttpd.sh 2015-02-04 15:30:36.000000000 +0100 @@ -3,30 +3,46 @@ # thttpd.sh - startup script for thttpd on FreeBSD # # This goes in /usr/local/etc/rc.d and gets run at boot-time. - -. /etc/rc.conf - -case "${thttpd_enable}" in - [Yy][Ee][Ss]) ;; - *) exit ;; -esac - -case "$1" in - - start) - if [ -x /usr/local/sbin/thttpd_wrapper ] ; then - echo -n " thttpd" - /usr/local/sbin/thttpd_wrapper & +# +# Variables available: +# thttpd_enable='YES/NO' +# thttpd_program='path' +# thttpd_pidfile='path' +# thttpd_devfs='path' +# +# PROVIDE: thttpd +# REQUIRE: LOGIN FILESYSTEMS +# KEYWORD: shutdown + +. /etc/rc.subr + +name='thttpd' +rcvar='thttpd_enable' + +load_rc_config "$name" + +# Defaults. +thttpd_enable="${thttpd_enable:-'NO'}" +thttpd_program="${thttpd_program:-'/usr/local/sbin/thttpd'}" +thttpd_pidfile="${thttpd_pidfile:-'/var/run/thttpd.pid'}" + +thttpd_precmd () + { + if [ '' != "$thttpd_devfs" ] ; then + mount -t devfs devfs "$thttpd_devfs" + devfs -m "$thttpd_devfs" rule -s 1 applyset + devfs -m "$thttpd_devfs" rule -s 2 applyset fi - ;; + } - stop) - kill -USR1 `cat /var/run/thttpd.pid` - ;; - - *) - echo "usage: $0 { start | stop }" >&2 - exit 1 - ;; +thttpd_stop () + { + kill -USR1 `cat "$pidfile"` + } + +command="$thttpd_program" +pidfile="$thttpd_pidfile" +start_precmd='thttpd_precmd' +stop_cmd='thttpd_stop' -esac +run_rc_command "$1" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/thttpd-2.26/thttpd.c new/thttpd-2.27/thttpd.c --- old/thttpd-2.26/thttpd.c 2014-08-05 00:38:01.000000000 +0200 +++ new/thttpd-2.27/thttpd.c 2015-10-20 01:40:46.000000000 +0200 @@ -1,7 +1,7 @@ /* thttpd.c - tiny/turbo/throttling HTTP server ** -** Copyright � 1995,1998,1999,2000,2001 by Jef Poskanzer <j...@mail.acme.com>. -** All rights reserved. +** Copyright � 1995,1998,1999,2000,2001,2015 by +** Jef Poskanzer <j...@mail.acme.com>. All rights reserved. ** ** Redistribution and use in source and binary forms, with or without ** modification, are permitted provided that the following conditions @@ -573,7 +573,7 @@ { if ( strncmp( logfile, cwd, strlen( cwd ) ) == 0 ) { - (void) strcpy( logfile, &logfile[strlen( cwd ) - 1] ); + (void) ol_strcpy( logfile, &logfile[strlen( cwd ) - 1] ); /* (We already guaranteed that cwd ends with a slash, so leaving ** that slash in logfile makes it an absolute pathname within ** the chroot tree.) @@ -1413,9 +1413,9 @@ /* Nuke any leading slashes in pattern. */ if ( pattern[0] == '/' ) - (void) strcpy( pattern, &pattern[1] ); + (void) ol_strcpy( pattern, &pattern[1] ); while ( ( cp = strstr( pattern, "|/" ) ) != (char*) 0 ) - (void) strcpy( cp + 1, cp + 2 ); + (void) ol_strcpy( cp + 1, cp + 2 ); /* Check for room in throttles. */ if ( numthrottles >= maxthrottles ) @@ -1484,8 +1484,8 @@ fdwatch_del_fd( ths->listen6_fd ); httpd_terminate( ths ); } - mmc_destroy(); - tmr_destroy(); + mmc_term(); + tmr_term(); free( (void*) connects ); if ( throttles != (throttletab*) 0 ) free( (void*) throttles ); @@ -2154,7 +2154,7 @@ if ( stats_secs == 0 ) stats_secs = 1; /* fudge */ stats_time = now; - syslog( LOG_INFO, + syslog( LOG_NOTICE, "up %ld seconds, stats for %ld seconds:", up_secs, stats_secs ); thttpd_logstats( stats_secs ); @@ -2170,7 +2170,7 @@ thttpd_logstats( long secs ) { if ( secs > 0 ) - syslog( LOG_INFO, + syslog( LOG_NOTICE, " thttpd - %ld connections (%g/sec), %d max simultaneous, %lld bytes (%g/sec), %d httpd_conns allocated", stats_connections, (float) stats_connections / secs, stats_simultaneous, (long long) stats_bytes, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/thttpd-2.26/timers.c new/thttpd-2.27/timers.c --- old/thttpd-2.26/timers.c 2014-07-10 02:23:11.000000000 +0200 +++ new/thttpd-2.27/timers.c 2014-12-10 21:49:30.000000000 +0100 @@ -1,6 +1,6 @@ /* timers.c - simple timer routines ** -** Copyright � 1995,1998,2000 by Jef Poskanzer <j...@mail.acme.com>. +** Copyright � 1995,1998,2000,2014 by Jef Poskanzer <j...@mail.acme.com>. ** All rights reserved. ** ** Redistribution and use in source and binary forms, with or without @@ -328,7 +328,7 @@ void -tmr_destroy( void ) +tmr_term( void ) { int h; @@ -344,7 +344,7 @@ tmr_logstats( long secs ) { syslog( - LOG_INFO, " timers - %d allocated, %d active, %d free", + LOG_NOTICE, " timers - %d allocated, %d active, %d free", alloc_count, active_count, free_count ); if ( active_count + free_count != alloc_count ) syslog( LOG_ERR, "timer counts don't add up!" ); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/thttpd-2.26/timers.h new/thttpd-2.27/timers.h --- old/thttpd-2.26/timers.h 2014-07-10 01:46:52.000000000 +0200 +++ new/thttpd-2.27/timers.h 2014-12-10 21:48:55.000000000 +0100 @@ -1,6 +1,6 @@ /* timers.h - header file for timers package ** -** Copyright � 1995,1998,1999,2000 by Jef Poskanzer <j...@mail.acme.com>. +** Copyright � 1995,1998,1999,2000,2014 by Jef Poskanzer <j...@mail.acme.com>. ** All rights reserved. ** ** Redistribution and use in source and binary forms, with or without @@ -100,8 +100,8 @@ /* Clean up the timers package, freeing any unused storage. */ void tmr_cleanup( void ); -/* Cancel all timers and free storage, usually in preparation for exitting. */ -void tmr_destroy( void ); +/* Cancel all timers and free storage, usually in preparation for exiting. */ +void tmr_term( void ); /* Generate debugging statistics syslog message. */ void tmr_logstats( long secs ); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/thttpd-2.26/version.h new/thttpd-2.27/version.h --- old/thttpd-2.26/version.h 2014-08-14 00:59:20.000000000 +0200 +++ new/thttpd-2.27/version.h 2015-10-20 01:37:56.000000000 +0200 @@ -3,7 +3,7 @@ #ifndef _VERSION_H_ #define _VERSION_H_ -#define SERVER_SOFTWARE "thttpd/2.26 14aug2014" +#define SERVER_SOFTWARE "thttpd/2.27 19Oct2015" #define SERVER_ADDRESS "http://www.acme.com/software/thttpd/" #endif /* _VERSION_H_ */