# HG changeset patch
# User Christophe Lincoln <pankso@slitaz.org>
# Date 1216295758 -7200
# Node ID ca4331756d2094dd31aaf1329e38a8c01bffbe18
# Parent  05c1d9e27c1ffa32bbaf8e72febd51b0bb240baa
lighttpd: fix fastcgi detach (Security alert)

diff -r 05c1d9e27c1f -r ca4331756d20 lighttpd-modules/receipt
--- a/lighttpd-modules/receipt	Thu Jul 17 11:23:56 2008 +0000
+++ b/lighttpd-modules/receipt	Thu Jul 17 13:55:58 2008 +0200
@@ -1,7 +1,7 @@
 # SliTaz package receipt.
 
 PACKAGE="lighttpd-modules"
-VERSION="1.4.19"
+VERSION="1.4.19-1"
 CATEGORY="network"
 SHORT_DESC="Complementary modules for LightTPD Web server."
 MAINTAINER="pankso@slitaz.org"
diff -r 05c1d9e27c1f -r ca4331756d20 lighttpd/receipt
--- a/lighttpd/receipt	Thu Jul 17 11:23:56 2008 +0000
+++ b/lighttpd/receipt	Thu Jul 17 13:55:58 2008 +0200
@@ -1,7 +1,7 @@
 # SliTaz package receipt.
 
 PACKAGE="lighttpd"
-VERSION="1.4.19"
+VERSION="1.4.19-1"
 CATEGORY="network"
 SHORT_DESC="Fast and light HTTP Web server."
 MAINTAINER="pankso@slitaz.org"
@@ -10,7 +10,8 @@
 SUGGESTED="lighttpd-modules php perl python"
 TARBALL="$PACKAGE-$VERSION.tar.gz"
 WEB_SITE="http://www.lighttpd.net/"
-WGET_URL="http://www.lighttpd.net/download/$TARBALL"
+#WGET_URL="http://www.lighttpd.net/download/$TARBALL"
+WGET_URL="http://mirror.slitaz.org/sources/packages/l/$TARBALL"
 BASE_MODULES="
 access
 accesslog
@@ -27,6 +28,7 @@
 compile_rules()
 {
 	cd $src
+	patch -i ../stuff/fastcgi_detach.patch || exit 1
 	./configure \
 		--enable-shared \
 		--disable-ipv6 \
diff -r 05c1d9e27c1f -r ca4331756d20 lighttpd/stuff/fastcgi_detach.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/lighttpd/stuff/fastcgi_detach.patch	Thu Jul 17 13:55:58 2008 +0200
@@ -0,0 +1,27 @@
+--- src/mod_fastcgi.c
++++ src/mod_fastcgi.c
++@@ -937,6 +937,24 @@
++ 				close(fcgi_fd);
++ 			}
++ 
++			close(STDERR_FILENO);
++			if(srv->errorlog_mode == ERRORLOG_FILE)
++				dup2(srv->errorlog_fd, STDERR_FILENO);
++			else {
++				int fd = open("/dev/null", O_RDWR);
++				dup2(fd, STDERR_FILENO);
++				close(fd);
++			}
++
++			close(STDOUT_FILENO);
++			if(srv->errorlog_mode == ERRORLOG_FILE)
++				dup2(srv->errorlog_fd, STDOUT_FILENO);
++			else {
++				int fd = open("/dev/null", O_RDWR);
++				dup2(fd, STDOUT_FILENO);
++				close(fd);
++			}
++
++ 			/* we don't need the client socket */
++ 			for (i = 3; i < 256; i++) {
++ 				close(i);