pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/www/lighttpd
Module Name: pkgsrc
Committed By: schmonz
Date: Wed Nov 3 15:06:52 UTC 2021
Modified Files:
pkgsrc/www/lighttpd: Makefile distinfo
Added Files:
pkgsrc/www/lighttpd/patches: patch-src_mod__alias.c
Log Message:
Apply upstream 584a69c4 to fix use-after-free. Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.103 -r1.104 pkgsrc/www/lighttpd/Makefile
cvs rdiff -u -r1.66 -r1.67 pkgsrc/www/lighttpd/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/www/lighttpd/patches/patch-src_mod__alias.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/www/lighttpd/Makefile
diff -u pkgsrc/www/lighttpd/Makefile:1.103 pkgsrc/www/lighttpd/Makefile:1.104
--- pkgsrc/www/lighttpd/Makefile:1.103 Fri Oct 29 07:11:36 2021
+++ pkgsrc/www/lighttpd/Makefile Wed Nov 3 15:06:51 2021
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.103 2021/10/29 07:11:36 wiz Exp $
+# $NetBSD: Makefile,v 1.104 2021/11/03 15:06:51 schmonz Exp $
DISTNAME= lighttpd-1.4.61
+PKGREVISION= 1
CATEGORIES= www
MASTER_SITES= https://download.lighttpd.net/lighttpd/releases-1.4.x/
EXTRACT_SUFX= .tar.xz
Index: pkgsrc/www/lighttpd/distinfo
diff -u pkgsrc/www/lighttpd/distinfo:1.66 pkgsrc/www/lighttpd/distinfo:1.67
--- pkgsrc/www/lighttpd/distinfo:1.66 Fri Oct 29 07:11:36 2021
+++ pkgsrc/www/lighttpd/distinfo Wed Nov 3 15:06:51 2021
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.66 2021/10/29 07:11:36 wiz Exp $
+$NetBSD: distinfo,v 1.67 2021/11/03 15:06:51 schmonz Exp $
BLAKE2s (lighttpd-1.4.61.tar.xz) = 07cfcad072c2e66ea462c5782af85346ebd403318a7235af913d14652eecee2b
SHA512 (lighttpd-1.4.61.tar.xz) = 30bd93e88714ac263b66266bb47a0b9b80831d73967f1268d5d5e311a5122bf3a5f20915ec351ac02b4f52a74aac10bd3ed35754a31061058733ab6284e3dabf
Size (lighttpd-1.4.61.tar.xz) = 1010624 bytes
SHA1 (patch-doc_config_lighttpd.conf) = 32a4b6bd32f88d05dd75f65de6ec57b203c37d8b
SHA1 (patch-doc_lighttpd.8) = e08ac362784aebaca566d0f65380b70a829d6b4e
+SHA1 (patch-src_mod__alias.c) = dac2bd6ec0d06f1dfe7568193c2289641bb14869
Added files:
Index: pkgsrc/www/lighttpd/patches/patch-src_mod__alias.c
diff -u /dev/null pkgsrc/www/lighttpd/patches/patch-src_mod__alias.c:1.1
--- /dev/null Wed Nov 3 15:06:52 2021
+++ pkgsrc/www/lighttpd/patches/patch-src_mod__alias.c Wed Nov 3 15:06:51 2021
@@ -0,0 +1,29 @@
+$NetBSD: patch-src_mod__alias.c,v 1.1 2021/11/03 15:06:51 schmonz Exp $
+
+Apply upstream 584a69c4 to fix use-after-free.
+
+<https://redmine.lighttpd.net/issues/3114>
+
+--- src/mod_alias.c.orig 2021-10-28 22:58:31.000000000 +0000
++++ src/mod_alias.c
+@@ -128,7 +128,7 @@ mod_alias_remap (request_st * const r, c
+ if (0 == path_len || path_len < basedir_len) return HANDLER_GO_ON;
+
+ const uint32_t uri_len = path_len - basedir_len;
+- const char * const uri_ptr = r->physical.path.ptr + basedir_len;
++ const char *uri_ptr = r->physical.path.ptr + basedir_len;
+ data_string * const ds = (data_string *)
+ (!r->conf.force_lowercase_filenames
+ ? array_match_key_prefix_klen(aliases, uri_ptr, uri_len)
+@@ -159,8 +159,10 @@ mod_alias_remap (request_st * const r, c
+ * (though resulting r->physical.basedir would not be a dir))*/
+ if (vlen != basedir_len + alias_len) {
+ const uint32_t nlen = vlen + uri_len - alias_len;
+- if (path_len + buffer_string_space(&r->physical.path) < nlen)
++ if (path_len + buffer_string_space(&r->physical.path) < nlen) {
+ buffer_string_prepare_append(&r->physical.path, nlen - path_len);
++ uri_ptr = r->physical.path.ptr + basedir_len;/*(refresh if alloc)*/
++ }
+ memmove(r->physical.path.ptr + vlen,
+ uri_ptr + alias_len, uri_len - alias_len);
+ buffer_truncate(&r->physical.path, nlen);
Home |
Main Index |
Thread Index |
Old Index