SECURITY UPDATE: lighttpd

[Jasper Lievisse Adriaanse]

hi,

here's the vendors patch to fix CVE-2008-0983
http://secunia.com/cve_reference/CVE-2008-0983/

ok to commit?

cheers,
jasper

-- 
"The good life is one inspired by love and guided by knowledge."
         -- Bertrand Russel


Index: Makefile
===================================================================
RCS file: /cvs/ports/www/lighttpd/Makefile,v
retrieving revision 1.47
diff -u -r1.47 Makefile
--- Makefile    10 Sep 2007 20:41:59 -0000      1.47
+++ Makefile    29 Feb 2008 14:49:12 -0000
@@ -5,6 +5,7 @@
 COMMENT=       secure, fast, compliant, and very flexible web-server
 
 DISTNAME=      lighttpd-1.4.18
+PKGNAME=       ${DISTNAME}p0
 CATEGORIES=    www net
 MASTER_SITES=  ${HOMEPAGE}/download/
 
Index: patches/patch-src_fdevent_solaris_devpoll_c
===================================================================
RCS file: patches/patch-src_fdevent_solaris_devpoll_c
diff -N patches/patch-src_fdevent_solaris_devpoll_c
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_fdevent_solaris_devpoll_c 29 Feb 2008 14:49:12 -0000
@@ -0,0 +1,12 @@
+$OpenBSD$
+--- src/fdevent_solaris_devpoll.c.orig Fri Feb 29 15:46:03 2008
++++ src/fdevent_solaris_devpoll.c      Fri Feb 29 15:46:25 2008
+@@ -67,7 +67,7 @@ static int fdevent_solaris_devpoll_poll(fdevents *ev, 
+       int ret;
+ 
+       dopoll.dp_timeout = timeout_ms;
+-      dopoll.dp_nfds = ev->maxfds;
++      dopoll.dp_nfds = ev->maxfds - 1;
+       dopoll.dp_fds = ev->devpollfds;
+ 
+       ret = ioctl(ev->devpoll_fd, DP_POLL, &dopoll);
Index: patches/patch-src_server_c
===================================================================
RCS file: patches/patch-src_server_c
diff -N patches/patch-src_server_c
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_server_c  29 Feb 2008 14:49:12 -0000
@@ -0,0 +1,13 @@
+$OpenBSD$
+--- src/server.c.orig  Fri Feb 29 15:44:48 2008
++++ src/server.c       Fri Feb 29 15:45:03 2008
+@@ -697,9 +697,6 @@ int main (int argc, char **argv) {
+                       }
+               }
+ 
+-              /* #372: solaris need some fds extra for devpoll */
+-              if (rlim.rlim_cur > 10) rlim.rlim_cur -= 10;
+-
+               if (srv->event_handler == FDEVENT_HANDLER_SELECT) {
+                       srv->max_fds = rlim.rlim_cur < FD_SETSIZE - 200 ? 
rlim.rlim_cur : FD_SETSIZE - 200;
+               } else {