wok-6.x rev 1095
lighttpd: fix fastcgi detach (Security alert)
author | Christophe Lincoln <pankso@slitaz.org> |
---|---|
date | Thu Jul 17 13:55:58 2008 +0200 (2008-07-17) |
parents | 05c1d9e27c1f |
children | 304c0cd8d5e5 |
files | lighttpd-modules/receipt lighttpd/receipt lighttpd/stuff/fastcgi_detach.patch |
line diff
1.1 --- a/lighttpd-modules/receipt Thu Jul 17 11:23:56 2008 +0000 1.2 +++ b/lighttpd-modules/receipt Thu Jul 17 13:55:58 2008 +0200 1.3 @@ -1,7 +1,7 @@ 1.4 # SliTaz package receipt. 1.5 1.6 PACKAGE="lighttpd-modules" 1.7 -VERSION="1.4.19" 1.8 +VERSION="1.4.19-1" 1.9 CATEGORY="network" 1.10 SHORT_DESC="Complementary modules for LightTPD Web server." 1.11 MAINTAINER="pankso@slitaz.org"
2.1 --- a/lighttpd/receipt Thu Jul 17 11:23:56 2008 +0000 2.2 +++ b/lighttpd/receipt Thu Jul 17 13:55:58 2008 +0200 2.3 @@ -1,7 +1,7 @@ 2.4 # SliTaz package receipt. 2.5 2.6 PACKAGE="lighttpd" 2.7 -VERSION="1.4.19" 2.8 +VERSION="1.4.19-1" 2.9 CATEGORY="network" 2.10 SHORT_DESC="Fast and light HTTP Web server." 2.11 MAINTAINER="pankso@slitaz.org" 2.12 @@ -10,7 +10,8 @@ 2.13 SUGGESTED="lighttpd-modules php perl python" 2.14 TARBALL="$PACKAGE-$VERSION.tar.gz" 2.15 WEB_SITE="http://www.lighttpd.net/" 2.16 -WGET_URL="http://www.lighttpd.net/download/$TARBALL" 2.17 +#WGET_URL="http://www.lighttpd.net/download/$TARBALL" 2.18 +WGET_URL="http://mirror.slitaz.org/sources/packages/l/$TARBALL" 2.19 BASE_MODULES=" 2.20 access 2.21 accesslog 2.22 @@ -27,6 +28,7 @@ 2.23 compile_rules() 2.24 { 2.25 cd $src 2.26 + patch -i ../stuff/fastcgi_detach.patch || exit 1 2.27 ./configure \ 2.28 --enable-shared \ 2.29 --disable-ipv6 \
3.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 3.2 +++ b/lighttpd/stuff/fastcgi_detach.patch Thu Jul 17 13:55:58 2008 +0200 3.3 @@ -0,0 +1,27 @@ 3.4 +--- src/mod_fastcgi.c 3.5 ++++ src/mod_fastcgi.c 3.6 ++@@ -937,6 +937,24 @@ 3.7 ++ close(fcgi_fd); 3.8 ++ } 3.9 ++ 3.10 ++ close(STDERR_FILENO); 3.11 ++ if(srv->errorlog_mode == ERRORLOG_FILE) 3.12 ++ dup2(srv->errorlog_fd, STDERR_FILENO); 3.13 ++ else { 3.14 ++ int fd = open("/dev/null", O_RDWR); 3.15 ++ dup2(fd, STDERR_FILENO); 3.16 ++ close(fd); 3.17 ++ } 3.18 ++ 3.19 ++ close(STDOUT_FILENO); 3.20 ++ if(srv->errorlog_mode == ERRORLOG_FILE) 3.21 ++ dup2(srv->errorlog_fd, STDOUT_FILENO); 3.22 ++ else { 3.23 ++ int fd = open("/dev/null", O_RDWR); 3.24 ++ dup2(fd, STDOUT_FILENO); 3.25 ++ close(fd); 3.26 ++ } 3.27 ++ 3.28 ++ /* we don't need the client socket */ 3.29 ++ for (i = 3; i < 256; i++) { 3.30 ++ close(i);