summaryrefslogtreecommitdiff
path: root/www-servers/lighttpd/files
diff options
context:
space:
mode:
Diffstat (limited to 'www-servers/lighttpd/files')
-rw-r--r--www-servers/lighttpd/files/1.4.25-fix-CVE-2010-0295.patch211
-rw-r--r--www-servers/lighttpd/files/1.4.25-fix-openssl.patch12
-rw-r--r--www-servers/lighttpd/files/1.4.25-fix-unknown-AM_SILENT_RULES.patch18
3 files changed, 0 insertions, 241 deletions
diff --git a/www-servers/lighttpd/files/1.4.25-fix-CVE-2010-0295.patch b/www-servers/lighttpd/files/1.4.25-fix-CVE-2010-0295.patch
deleted file mode 100644
index fcac318..0000000
--- a/www-servers/lighttpd/files/1.4.25-fix-CVE-2010-0295.patch
+++ /dev/null
@@ -1,211 +0,0 @@
-Index: branches/lighttpd-1.4.x/src/base.h
-===================================================================
---- branches/lighttpd-1.4.x/src/base.h (revision 2709)
-+++ branches/lighttpd-1.4.x/src/base.h (revision 2710)
-@@ -431,7 +431,6 @@
-
- #ifdef USE_OPENSSL
- SSL *ssl;
-- buffer *ssl_error_want_reuse_buffer;
- # ifndef OPENSSL_NO_TLSEXT
- buffer *tlsext_server_name;
- # endif
-Index: branches/lighttpd-1.4.x/src/connections.c
-===================================================================
---- branches/lighttpd-1.4.x/src/connections.c (revision 2709)
-+++ branches/lighttpd-1.4.x/src/connections.c (revision 2710)
-@@ -192,40 +192,42 @@
-
- static int connection_handle_read_ssl(server *srv, connection *con) {
- #ifdef USE_OPENSSL
-- int r, ssl_err, len, count = 0;
-+ int r, ssl_err, len, count = 0, read_offset, toread;
- buffer *b = NULL;
-
- if (!con->conf.is_ssl) return -1;
-
-- /* don't resize the buffer if we were in SSL_ERROR_WANT_* */
--
- ERR_clear_error();
- do {
-- if (!con->ssl_error_want_reuse_buffer) {
-- b = buffer_init();
-- buffer_prepare_copy(b, SSL_pending(con->ssl) + (16 * 1024)); /* the pending bytes + 16kb */
-+ if (NULL != con->read_queue->last) {
-+ b = con->read_queue->last->mem;
-+ }
-
-+ if (NULL == b || b->size - b->used < 1024) {
-+ b = chunkqueue_get_append_buffer(con->read_queue);
-+ len = SSL_pending(con->ssl);
-+ if (len < 4*1024) len = 4*1024; /* always alloc >= 4k buffer */
-+ buffer_prepare_copy(b, len + 1);
-+
- /* overwrite everything with 0 */
- memset(b->ptr, 0, b->size);
-- } else {
-- b = con->ssl_error_want_reuse_buffer;
- }
-
-- len = SSL_read(con->ssl, b->ptr, b->size - 1);
-- con->ssl_error_want_reuse_buffer = NULL; /* reuse it only once */
-+ read_offset = (b->used > 0) ? b->used - 1 : 0;
-+ toread = b->size - 1 - read_offset;
-
-+ len = SSL_read(con->ssl, b->ptr + read_offset, toread);
-+
- if (len > 0) {
-- b->used = len;
-+ if (b->used > 0) b->used--;
-+ b->used += len;
- b->ptr[b->used++] = '\0';
-
-- /* we move the buffer to the chunk-queue, no need to free it */
-+ con->bytes_read += len;
-
-- chunkqueue_append_buffer_weak(con->read_queue, b);
- count += len;
-- con->bytes_read += len;
-- b = NULL;
- }
-- } while (len > 0 && count < MAX_READ_LIMIT);
-+ } while (len == toread && count < MAX_READ_LIMIT);
-
-
- if (len < 0) {
-@@ -234,11 +236,11 @@
- case SSL_ERROR_WANT_READ:
- case SSL_ERROR_WANT_WRITE:
- con->is_readable = 0;
-- con->ssl_error_want_reuse_buffer = b;
-
-- b = NULL;
-+ /* the manual says we have to call SSL_read with the same arguments next time.
-+ * we ignore this restriction; no one has complained about it in 1.5 yet, so it probably works anyway.
-+ */
-
-- /* we have to steal the buffer from the queue-queue */
- return 0;
- case SSL_ERROR_SYSCALL:
- /**
-@@ -297,16 +299,11 @@
-
- connection_set_state(srv, con, CON_STATE_ERROR);
-
-- buffer_free(b);
--
- return -1;
- } else if (len == 0) {
- con->is_readable = 0;
- /* the other end close the connection -> KEEP-ALIVE */
-
-- /* pipelining */
-- buffer_free(b);
--
- return -2;
- }
-
-@@ -321,26 +318,41 @@
- static int connection_handle_read(server *srv, connection *con) {
- int len;
- buffer *b;
-- int toread;
-+ int toread, read_offset;
-
- if (con->conf.is_ssl) {
- return connection_handle_read_ssl(srv, con);
- }
-
-+ b = (NULL != con->read_queue->last) ? con->read_queue->last->mem : NULL;
-+
-+ /* default size for chunks is 4kb; only use bigger chunks if FIONREAD tells
-+ * us more than 4kb is available
-+ * if FIONREAD doesn't signal a big chunk we fill the previous buffer
-+ * if it has >= 1kb free
-+ */
- #if defined(__WIN32)
-- b = chunkqueue_get_append_buffer(con->read_queue);
-- buffer_prepare_copy(b, 4 * 1024);
-- len = recv(con->fd, b->ptr, b->size - 1, 0);
--#else
-- if (ioctl(con->fd, FIONREAD, &toread) || toread == 0) {
-+ if (NULL == b || b->size - b->used < 1024) {
- b = chunkqueue_get_append_buffer(con->read_queue);
- buffer_prepare_copy(b, 4 * 1024);
-+ }
-+
-+ read_offset = (b->used == 0) ? 0 : b->used - 1;
-+ len = recv(con->fd, b->ptr + read_offset, b->size - 1 - read_offset, 0);
-+#else
-+ if (ioctl(con->fd, FIONREAD, &toread) || toread == 0 || toread <= 4*1024) {
-+ if (NULL == b || b->size - b->used < 1024) {
-+ b = chunkqueue_get_append_buffer(con->read_queue);
-+ buffer_prepare_copy(b, 4 * 1024);
-+ }
- } else {
- if (toread > MAX_READ_LIMIT) toread = MAX_READ_LIMIT;
- b = chunkqueue_get_append_buffer(con->read_queue);
- buffer_prepare_copy(b, toread + 1);
- }
-- len = read(con->fd, b->ptr, b->size - 1);
-+
-+ read_offset = (b->used == 0) ? 0 : b->used - 1;
-+ len = read(con->fd, b->ptr + read_offset, b->size - 1 - read_offset);
- #endif
-
- if (len < 0) {
-@@ -374,7 +386,8 @@
- con->is_readable = 0;
- }
-
-- b->used = len;
-+ if (b->used > 0) b->used--;
-+ b->used += len;
- b->ptr[b->used++] = '\0';
-
- con->bytes_read += len;
-@@ -850,13 +863,6 @@
- /* The cond_cache gets reset in response.c */
- /* config_cond_cache_reset(srv, con); */
-
--#ifdef USE_OPENSSL
-- if (con->ssl_error_want_reuse_buffer) {
-- buffer_free(con->ssl_error_want_reuse_buffer);
-- con->ssl_error_want_reuse_buffer = NULL;
-- }
--#endif
--
- con->header_len = 0;
- con->in_error_handler = 0;
-
-@@ -1128,8 +1134,15 @@
- } else {
- buffer *b;
-
-- b = chunkqueue_get_append_buffer(dst_cq);
-- buffer_copy_string_len(b, c->mem->ptr + c->offset, toRead);
-+ if (dst_cq->last &&
-+ dst_cq->last->type == MEM_CHUNK) {
-+ b = dst_cq->last->mem;
-+ } else {
-+ b = chunkqueue_get_append_buffer(dst_cq);
-+ /* prepare buffer size for remaining POST data; is < 64kb */
-+ buffer_prepare_copy(b, con->request.content_length - dst_cq->bytes_in + 1);
-+ }
-+ buffer_append_string_len(b, c->mem->ptr + c->offset, toRead);
- }
-
- c->offset += toRead;
-Index: branches/lighttpd-1.4.x/src/chunk.c
-===================================================================
---- branches/lighttpd-1.4.x/src/chunk.c (revision 2709)
-+++ branches/lighttpd-1.4.x/src/chunk.c (revision 2710)
-@@ -197,8 +197,6 @@
- int chunkqueue_append_buffer_weak(chunkqueue *cq, buffer *mem) {
- chunk *c;
-
-- if (mem->used == 0) return 0;
--
- c = chunkqueue_get_unused_chunk(cq);
- c->type = MEM_CHUNK;
- c->offset = 0;
diff --git a/www-servers/lighttpd/files/1.4.25-fix-openssl.patch b/www-servers/lighttpd/files/1.4.25-fix-openssl.patch
deleted file mode 100644
index 712f158..0000000
--- a/www-servers/lighttpd/files/1.4.25-fix-openssl.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -purN orig/src/network.c lighttpd-1.4.25/src/network.c
---- orig/src/network.c 2010-01-28 10:43:33.829209750 -0500
-+++ lighttpd-1.4.25/src/network.c 2010-01-28 10:44:22.639208732 -0500
-@@ -525,7 +525,7 @@ int network_init(server *srv) {
-
- if (!s->ssl_use_sslv2) {
- /* disable SSLv2 */
-- if (SSL_OP_NO_SSLv2 != SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv2)) {
-+ if (!(SSL_OP_NO_SSLv2 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv2))) {
- log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
- ERR_error_string(ERR_get_error(), NULL));
- return -1;
diff --git a/www-servers/lighttpd/files/1.4.25-fix-unknown-AM_SILENT_RULES.patch b/www-servers/lighttpd/files/1.4.25-fix-unknown-AM_SILENT_RULES.patch
deleted file mode 100644
index 2c72c6a..0000000
--- a/www-servers/lighttpd/files/1.4.25-fix-unknown-AM_SILENT_RULES.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-Allow to build on older automakes. this disables color output on tests,
-but leaves the AM_SILENT_RULES intact for automakes which support this.
-
-Signed-off-by: Thilo Bangert <bangert@gentoo.org>
-
-diff -Naur lighttpd-1.4.25.orig/configure.ac lighttpd-1.4.25/configure.ac
---- lighttpd-1.4.25.orig/configure.ac 2009-11-25 10:27:12.000000000 +0100
-+++ lighttpd-1.4.25/configure.ac 2009-11-25 10:43:20.000000000 +0100
-@@ -8,7 +8,8 @@
-
- AC_CANONICAL_TARGET
-
--AM_INIT_AUTOMAKE([-Wall -Wportability -Wno-override -Werror foreign dist-bzip2 tar-ustar silent-rules color-tests])
-+m4_pattern_allow([AM_SILENT_RULES])
-+AM_INIT_AUTOMAKE([-Wall -Wportability -Wno-override -Werror foreign dist-bzip2 tar-ustar])
- AM_SILENT_RULES
-
- # Checks for programs.