[pkgsrc/pkgsrc-2007Q2]: pkgsrc/www/lighttpd Pullup ticket 2151 - requested by...

[ghen <ghen%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/7ca8ca764e6b
branches:  pkgsrc-2007Q2
changeset: 530473:7ca8ca764e6b
user:      ghen <ghen%pkgsrc.org@localhost>
date:      Fri Jul 27 22:47:14 2007 +0000

description:
Pullup ticket 2151 - requested by joerg
security update for lighttpd

- pkgsrc/www/lighttpd/Makefile                          1.15
- pkgsrc/www/lighttpd/distinfo                          1.10

   Module Name: pkgsrc
   Committed By:        joerg
   Date:                Wed Jul 25 10:26:05 UTC 2007

   Modified Files:
           pkgsrc/www/lighttpd: Makefile distinfo

   Log Message:
   Update to lighttpd 1.4.16. This fixes a number of security issues:
   - various possible NULL pointer references
   - two cases were uninitialised memory is used or memory could be
   corrupted. This might be exploitable to execute arbitrary code.
   - possible mod_access by-pass by appending /
   - a local DOS by broken FastCGI handlers

diffstat:

 www/lighttpd/Makefile |  4 ++--
 www/lighttpd/distinfo |  8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diffs (25 lines):

diff -r 6e0affa4d22e -r 7ca8ca764e6b www/lighttpd/Makefile
--- a/www/lighttpd/Makefile     Fri Jul 27 22:39:34 2007 +0000
+++ b/www/lighttpd/Makefile     Fri Jul 27 22:47:14 2007 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.14 2007/04/19 16:16:17 joerg Exp $
+# $NetBSD: Makefile,v 1.14.2.1 2007/07/27 22:47:14 ghen Exp $
 
-DISTNAME=      lighttpd-1.4.15
+DISTNAME=      lighttpd-1.4.16
 CATEGORIES=    www
 MASTER_SITES=  http://www.lighttpd.net/download/
 
diff -r 6e0affa4d22e -r 7ca8ca764e6b www/lighttpd/distinfo
--- a/www/lighttpd/distinfo     Fri Jul 27 22:39:34 2007 +0000
+++ b/www/lighttpd/distinfo     Fri Jul 27 22:47:14 2007 +0000
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.9 2007/04/19 16:16:17 joerg Exp $
+$NetBSD: distinfo,v 1.9.2.1 2007/07/27 22:47:14 ghen Exp $
 
-SHA1 (lighttpd-1.4.15.tar.gz) = 67ba1279a0eaeda728c1e1143d302beb364a034c
-RMD160 (lighttpd-1.4.15.tar.gz) = a38cb73797da1b8773b4c4a34f16be097667db57
-Size (lighttpd-1.4.15.tar.gz) = 794327 bytes
+SHA1 (lighttpd-1.4.16.tar.gz) = b160cece6c0dd15746d10957d28ba02b2e9e77ce
+RMD160 (lighttpd-1.4.16.tar.gz) = 71743363b9992ce726fffe40af0f75c66a2f6006
+Size (lighttpd-1.4.16.tar.gz) = 795818 bytes