[Astlinux-commits] SF.net SVN: astlinux:[6374] branches/1.0/package/lighttpd

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Revision: 6374
          http://sourceforge.net/p/astlinux/code/6374
Author:   abelbeck
Date:     2014-01-23 01:17:12 +0000 (Thu, 23 Jan 2014)
Log Message:
-----------
lighttpd, version bump to 1.4.34, also specify the 'standard' ssl cipher string recommendation to ssl.cipher-list

Modified Paths:
--------------
    branches/1.0/package/lighttpd/lighttpd.conf
    branches/1.0/package/lighttpd/lighttpd.mk

Removed Paths:
-------------
    branches/1.0/package/lighttpd/lighttpd-03-fix_fam_use_after_free.patch
    branches/1.0/package/lighttpd/lighttpd-04-fix_setuid.patch

Deleted: branches/1.0/package/lighttpd/lighttpd-03-fix_fam_use_after_free.patch
===================================================================

--- branches/1.0/package/lighttpd/lighttpd-03-fix_fam_use_after_free.patch	2014-01-23 00:35:32 UTC (rev 6373)
+++ branches/1.0/package/lighttpd/lighttpd-03-fix_fam_use_after_free.patch	2014-01-23 01:17:12 UTC (rev 6374)
@@ -1,22 +0,0 @@
-commit ae1335503a8f63489f847668ee37df8470a2ab0a
-Author: Stefan Bühler <stb...@we...>
-Date:   Wed Nov 13 11:43:28 2013 +0000
-
-    [stat-cache] FAM: fix use after free (CVE-2013-4560)
-    
-    From: Stefan Bühler <stb...@we...>
-    
-    git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2921 152afb58-edef-0310-8abb-c4023f1b3aa9
-
-diff --git a/src/stat_cache.c b/src/stat_cache.c
-index e995f3b..924f4dc 100644
---- a/src/stat_cache.c
-+++ b/src/stat_cache.c
-@@ -648,6 +648,7 @@ handler_t stat_cache_get_entry(server *srv, connection *con, buffer *name, stat_
- 						FamErrlist[FAMErrno]);
- 
- 				fam_dir_entry_free(fam_dir);
-+				fam_dir = NULL;
- 			} else {
- 				int osize = 0;
- 

Deleted: branches/1.0/package/lighttpd/lighttpd-04-fix_setuid.patch
===================================================================
--- branches/1.0/package/lighttpd/lighttpd-04-fix_setuid.patch	2014-01-23 00:35:32 UTC (rev 6373)
+++ branches/1.0/package/lighttpd/lighttpd-04-fix_setuid.patch	2014-01-23 01:17:12 UTC (rev 6374)
@@ -1,43 +0,0 @@
-commit 99cddff73ab4023186bcfca54cbb73051140e15d
-Author: Stefan Bühler <stb...@we...>
-Date:   Wed Nov 13 11:43:33 2013 +0000
-
-    [core] check success of setuid,setgid,setgroups (CVE-2013-4559)
-    
-    From: Stefan Bühler <stb...@we...>
-    
-    git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2923 152afb58-edef-0310-8abb-c4023f1b3aa9
-
-diff --git a/src/server.c b/src/server.c
-index 2d825bb..e2b42eb 100644
---- a/src/server.c
-+++ b/src/server.c
-@@ -820,8 +820,14 @@ int main (int argc, char **argv) {
- 		 * to /etc/group
- 		 * */
- 		if (NULL != grp) {
--			setgid(grp->gr_gid);
--			setgroups(0, NULL);
-+			if (-1 == setgid(grp->gr_gid)) {
-+				log_error_write(srv, __FILE__, __LINE__, "ss", "setgid failed: ", strerror(errno));
-+				return -1;
-+			}
-+			if (-1 == setgroups(0, NULL)) {
-+				log_error_write(srv, __FILE__, __LINE__, "ss", "setgroups failed: ", strerror(errno));
-+				return -1;
-+			}
- 			if (srv->srvconf.username->used) {
- 				initgroups(srv->srvconf.username->ptr, grp->gr_gid);
- 			}
-@@ -844,7 +850,10 @@ int main (int argc, char **argv) {
- #ifdef HAVE_PWD_H
- 		/* drop root privs */
- 		if (NULL != pwd) {
--			setuid(pwd->pw_uid);
-+			if (-1 == setuid(pwd->pw_uid)) {
-+				log_error_write(srv, __FILE__, __LINE__, "ss", "setuid failed: ", strerror(errno));
-+				return -1;
-+			}
- 		}
- #endif
- #if defined(HAVE_SYS_PRCTL_H) && defined(PR_SET_DUMPABLE)

Modified: branches/1.0/package/lighttpd/lighttpd.conf
===================================================================
--- branches/1.0/package/lighttpd/lighttpd.conf	2014-01-23 00:35:32 UTC (rev 6373)
+++ branches/1.0/package/lighttpd/lighttpd.conf	2014-01-23 01:17:12 UTC (rev 6374)
@@ -81,6 +81,7 @@
 
 $SERVER["socket"] == "0.0.0.0:443" {
      ssl.engine                  = "enable"
+     ssl.cipher-list             = "aRSA+HIGH !3DES +kEDH +kRSA !kSRP !kPSK"
      ssl.pemfile                 = "@HTTPSCERT@"
      server.document-root        = "/var/www"
      accesslog.filename          = "@HTTPS_ACCESSLOG@"
@@ -97,6 +98,7 @@
 @IPV6@
 @IPV6@$SERVER["socket"] == "[::]:443" {
 @IPV6@     ssl.engine                  = "enable"
+@IPV6@     ssl.cipher-list             = "aRSA+HIGH !3DES +kEDH +kRSA !kSRP !kPSK"
 @IPV6@     ssl.pemfile                 = "@HTTPSCERT@"
 @IPV6@     server.document-root        = "/var/www"
 @IPV6@     accesslog.filename          = "@HTTPS_ACCESSLOG@"

Modified: branches/1.0/package/lighttpd/lighttpd.mk
===================================================================
--- branches/1.0/package/lighttpd/lighttpd.mk	2014-01-23 00:35:32 UTC (rev 6373)
+++ branches/1.0/package/lighttpd/lighttpd.mk	2014-01-23 01:17:12 UTC (rev 6374)
@@ -4,7 +4,7 @@
 #
 #############################################################
 
-LIGHTTPD_VERSION = 1.4.33
+LIGHTTPD_VERSION = 1.4.34
 LIGHTTPD_SITE = http://download.lighttpd.net/lighttpd/releases-1.4.x
 LIGHTTPD_DEPENDENCIES = host-pkg-config
 LIGHTTPD_CONF_OPT = \

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.



