[packages/lighttpd] - rel 2; avoid SEGV when crypt() returns error in case of invalid salt or wrong lack of nss freebl m

Wed, 05 Jun 2013 11:02:03 -0700 

commit f8f98b08972c5687592a18eb8de0ca521b76629c
Author: Arkadiusz Miƛkiewicz <[email protected]>
Date:   Wed Jun 5 20:00:46 2013 +0200

    - rel 2; avoid SEGV when crypt() returns error in case of invalid salt or 
wrong lack of nss freebl module

 lighttpd-crypt.patch | 12 ++++++++++++
 lighttpd.spec        |  4 +++-
 2 files changed, 15 insertions(+), 1 deletion(-)
---
diff --git a/lighttpd.spec b/lighttpd.spec
index ef290e6..f31ecf8 100644
--- a/lighttpd.spec
+++ b/lighttpd.spec
@@ -29,7 +29,7 @@ Summary:      Fast and light HTTP server
 Summary(pl.UTF-8):     Szybki i lekki serwer HTTP
 Name:          lighttpd
 Version:       1.4.32
-Release:       1
+Release:       2
 License:       BSD
 Group:         Networking/Daemons/HTTP
 Source0:       
http://download.lighttpd.net/lighttpd/releases-1.4.x/%{name}-%{version}.tar.bz2
@@ -100,6 +100,7 @@ Patch2:             %{name}-mod_h264_streaming.patch
 Patch3:                %{name}-branding.patch
 Patch5:                %{name}-mod_deflate.patch
 Patch6:                test-port-setup.patch
+Patch7:                %{name}-crypt.patch
 #Patch:                %{name}-modinit-before-fork.patch
 #Patch:                %{name}-errorlog-before-fork.patch
 URL:           http://www.lighttpd.net/
@@ -836,6 +837,7 @@ Plik monitrc do monitorowania serwera www lighttpd.
 %patch3 -p1
 %{?with_deflate:%patch5 -p1}
 %patch6 -p1
+%patch7 -p1
 
 rm -f src/mod_ssi_exprparser.h # bad patching: should be removed by is emptied 
instead
 
diff --git a/lighttpd-crypt.patch b/lighttpd-crypt.patch
new file mode 100644
index 0000000..66ad80a
--- /dev/null
+++ b/lighttpd-crypt.patch
@@ -0,0 +1,12 @@
+diff -urN lighttpd-1.4.32.org/src/http_auth.c lighttpd-1.4.32/src/http_auth.c
+--- lighttpd-1.4.32.org/src/http_auth.c        2012-05-17 11:29:24.000000000 
+0200
++++ lighttpd-1.4.32/src/http_auth.c    2013-06-05 19:58:07.828450230 +0200
+@@ -688,6 +688,8 @@
+               salt[salt_len] = '\0';
+ 
+               crypted = crypt(pw, salt);
++              if (NULL == crypted)
++                      return -1;
+ 
+               if (0 == strcmp(password->ptr, crypted)) {
+                       return 0;
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/lighttpd.git/commitdiff/f8f98b08972c5687592a18eb8de0ca521b76629c

_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit

Reply via email to