Import Debian changes 1.21-1

mini-httpd (1.21-1) unstable; urgency=medium

  * New upstream release.
  * New maintainer. (Closes: #780194)
  * Fix CVE-2015-1548 
      - Patch fix-add_to_response-buffer-overflow. (Closes: #778925)
  * d/control:
      - Bump Standard-Version to 3.9.6.
      - Bump debhelper to 9.
      - Remove deprecated dpatch.
      - Upgrade packaging format "3.0 (quilt)". (Closes: #664363)
      - Remove article in description synopsis.
      - Add ${misc:Depends}.
  * d/copyright
      - Update to DEP5 format.
      - Formatting copyright.
  * d/rules:
      - Upgrade to dh sequencer.
      - Added upstream changelog extracted from mini-httpd website.
  * d/mini-httpd.init.d:
      - Fix restart error. (Closes: #510905, #755892)
  * d/patches:
      - Fix and add SCRIPT_FILENAME in patch 03-cgi-php. (Closes: #569599)
      - Ensure hardening is enabled for mini_httpd.c.
      - Don't install htpasswd.1.
      - Add index.mini-httpd.html to the list of index names.
  * d/mini-httpd.init.d
      - Source /lib/lsb/init-functions.
      - Add "status" command.
  * d/mini-httpd.postinst
      - Copy index.mini-httpd.html. (Closes: #730373)
      - Use "set -e" and don't install htpasswd. (Closes: #520941)

25 files changed, 603 insertions, 176 deletions

diff --git a/debian/changelog b/debian/changelog
index ecdb514..653a42e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,38 @@
+mini-httpd (1.21-1) unstable; urgency=medium
+
+  * New upstream release.
+  * New maintainer. (Closes: #780194)
+  * Fix CVE-2015-1548 
+      - Patch fix-add_to_response-buffer-overflow. (Closes: #778925)
+  * d/control:
+      - Bump Standard-Version to 3.9.6.
+      - Bump debhelper to 9.
+      - Remove deprecated dpatch.
+      - Upgrade packaging format "3.0 (quilt)". (Closes: #664363)
+      - Remove article in description synopsis.
+      - Add ${misc:Depends}.
+  * d/copyright
+      - Update to DEP5 format.
+      - Formatting copyright.
+  * d/rules:
+      - Upgrade to dh sequencer.
+      - Added upstream changelog extracted from mini-httpd website.
+  * d/mini-httpd.init.d:
+      - Fix restart error. (Closes: #510905, #755892)
+  * d/patches:
+      - Fix and add SCRIPT_FILENAME in patch 03-cgi-php. (Closes: #569599)
+      - Ensure hardening is enabled for mini_httpd.c.
+      - Don't install htpasswd.1.
+      - Add index.mini-httpd.html to the list of index names.
+  * d/mini-httpd.init.d
+      - Source /lib/lsb/init-functions.
+      - Add "status" command.
+  * d/mini-httpd.postinst
+      - Copy index.mini-httpd.html. (Closes: #730373)
+      - Use "set -e" and don't install htpasswd. (Closes: #520941)
+
+ -- Jose dos Santos Junior <j.s.junior@live.com>  Thu, 03 Sep 2015 14:59:53 -0300
+
 mini-httpd (1.19-9.3) unstable; urgency=low
 
   * Non-maintainer upload.
diff --git a/debian/compat b/debian/compat
index b8626c4..ec63514 100644
--- a/debian/compat
+++ b/debian/compat
@@ -1 +1 @@
-4
+9
diff --git a/debian/config/mini-httpd.conf b/debian/config/mini-httpd.conf
index 087ca5c..5388717 100644
--- a/debian/config/mini-httpd.conf
+++ b/debian/config/mini-httpd.conf
@@ -1,5 +1,8 @@
 # Example config for mini_httpd.
 # Author: Marvin Stark <marv@der-marv.de>
+# Author-Update: 2015 Jose dos Santos Junior <j.s.junior@live.com>
+# Description Update: Changed the default document root (data_dir)/var/www/html
+# Last-Update: 2015-09-05
 
 # Uncomment this line for turning on ssl support.
 #ssl
@@ -22,7 +25,7 @@ nochroot # no
 
 # We are the web files stored?
 # Please change this to your needs.
-data_dir=/usr/share/mini-httpd/html
+data_dir=/var/www/html
 
 # CGI path
 cgipat=cgi-bin/*
diff --git a/debian/control b/debian/control
index de382c8..98e4422 100644
--- a/debian/control
+++ b/debian/control
@@ -1,17 +1,17 @@
 Source: mini-httpd
 Section: web
 Priority: optional
-Maintainer: Marvin Stark <marv@der-marv.de>
-Build-Depends: debhelper (>= 4), dpatch, libssl-dev
+Maintainer: Jose dos Santos Junior <j.s.junior@live.com>
+Build-Depends: debhelper (>= 9), libssl-dev
 Homepage: http://www.acme.com/software/mini_httpd
-Standards-Version: 3.8.0
+Standards-Version: 3.9.6
 
 Package: mini-httpd
 Architecture: any
-Depends: ${shlibs:Depends}
+Depends: ${shlibs:Depends}, ${misc:Depends}
 Provides: httpd, httpd-cgi
 Recommends: apache2-utils
-Description: a small HTTP server
+Description: Small HTTP server
  mini-httpd implements all basic features of a HTTPD, including: GET,HEAD,POST
  methods, common MIME types, basic authentication, virtual hosting, CGI,
  directory listing, trailing-slash redirection, standard logging, custom error
diff --git a/debian/copyright b/debian/copyright
index 73460d0..5eea48b 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -1,28 +1,38 @@
-This package was debianized by Marvin Stark <marv@der-marv.de> on
-Mon,  3 Jul 2006 20:12:42 +0200.
+Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: mini-httpd
+Source: http://www.acme.com/software/mini_httpd/
 
-It was downloaded from <http://www.acme.com/software/mini_httpd/>.
+Files: *
+Copyright: 1999-2000 Jef Poskanzer <jef@acme.com>
+License: BSD-2-clause
 
-Copyright Holder: Jef Poskanzer <jef@acme.com>
+Files: match.c match.h mini_httpd.c tdate_parse.c tdate_parse.h
+Copyright: 1999-2000 Jef Poskanzer <jef@acme.com>
+License: BSD-2-clause
 
-License:
+Files: debian/*
+Copyright: 2006-2015 Marvin Stark <marv@der-marv.de>
+        	2015 Jose dos Santos Junior <j.s.junior@live.com>
+License: BSD-2-clause
 
-	Copyright (C) 1999-2000 Jef Poskanzer <jef@acme.com>
-
-	Redistribution and use in source and binary forms, with or without
-	modification, are permitted under the terms of the BSD License.
-
-	THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-	ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-	IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-	PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS
-	BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-	CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR	BUSINESS
-	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
-	THE POSSIBILITY OF SUCH DAMAGE.
-
-On Debian systems, the complete text of the BSD License
-can be found in `/usr/share/common-licenses/BSD'.
+License: BSD-2-clause
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+ 1. Redistributions of source code must retain the above copyright
+    notice, this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+    notice, this list of conditions and the following disclaimer in the
+    documentation and/or other materials provided with the distribution.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE HOLDERS OR
+ CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
\ No newline at end of file
diff --git a/debian/mini-httpd.default b/debian/mini-httpd.default
index 7d9799f..831e14d 100644
--- a/debian/mini-httpd.default
+++ b/debian/mini-httpd.default
@@ -1,7 +1,8 @@
-# Defaults for mini_httpd initscript
+# Description: Defaults for mini_httpd initscript
 # Author: Marvin Stark <marv@der-marv.de>
 
 # Start daemon?
+# Default 1
 # 0 = no
 # 1 = yes
 START=0
diff --git a/debian/mini-httpd.init.d b/debian/mini-httpd.init.d
index 0a7cdae..07db432 100644
--- a/debian/mini-httpd.init.d
+++ b/debian/mini-httpd.init.d
@@ -9,11 +9,14 @@
 # Description:       this script starts mini-httpd
 ### END INIT INFO
 
+. /lib/lsb/init-functions
+
 # Globals
 PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
-DAEMON=/usr/sbin/mini-httpd
-NAME=mini-httpd
+DAEMON=/usr/sbin/mini_httpd
+NAME=mini_httpd
 DESC="web server"
+PIDFILE=/var/run/mini_httpd.pid
 
 test -x $DAEMON || exit 0
 
@@ -35,6 +38,7 @@ start() {
 		echo "$NAME."
 	else
 		printf "You have to edit /etc/mini-httpd.conf and\n/etc/default/mini-httpd before running mini-httpd!\n"
+		printf " "
 		exit 0
 	fi
 }
@@ -69,7 +73,9 @@ case "$1" in
   stop)
 	stop
 	;;
-
+  status)
+	status_of_proc -p $PIDFILE $DAEMON $NAME && exit 0 || exit $?
+	;;
   restart|force-reload)
 	stop
 	start
@@ -77,7 +83,7 @@ case "$1" in
 
   *)
 	N=/etc/init.d/$NAME
-	echo "Usage: $N {start|stop|restart|force-reload}" >&2
+	echo "Usage: $N {start|stop|status|restart|force-reload}" >&2
 	exit 1
 	;;
 esac
diff --git a/debian/mini-httpd.install b/debian/mini-httpd.install
new file mode 100644
index 0000000..b8e5366
--- /dev/null
+++ b/debian/mini-httpd.install
@@ -0,0 +1,2 @@
+debian/config/mini-httpd.conf etc/
+debian/html/index.html usr/share/mini-httpd/html/
\ No newline at end of file
diff --git a/debian/mini-httpd.manpages b/debian/mini-httpd.manpages
new file mode 100644
index 0000000..3562f15
--- /dev/null
+++ b/debian/mini-httpd.manpages
@@ -0,0 +1 @@
+mini_httpd.8
\ No newline at end of file
diff --git a/debian/mini-httpd.postinst b/debian/mini-httpd.postinst
index 6623b1d..956bc01 100644
--- a/debian/mini-httpd.postinst
+++ b/debian/mini-httpd.postinst
@@ -1,9 +1,15 @@
-#!/bin/sh -e
+#!/bin/sh
+set -e
 
 if [ "$1" = "configure" ] && dpkg --compare-versions "1.19-9.3" gt "$2"
 then
-	dpkg-divert --package mini-httpd --rename --remove /usr/share/man/man1/htpasswd.1.gz
-	dpkg-divert --package mini-httpd --rename --remove /usr/bin/htpasswd
+    dpkg-divert --package mini-httpd --rename --remove /usr/share/man/man1/htpasswd.1.gz
+    dpkg-divert --package mini-httpd --rename --remove /usr/bin/htpasswd
 fi
 
-#DEBHELPER#
+if [ ! -r /var/www/html/index.mini-httpd.html ]; then
+    mkdir -p /var/www/html
+    cp /usr/share/mini-httpd/html/index.html /var/www/html/index.mini-httpd.html
+fi
+
+#DEBHELPER#
\ No newline at end of file
diff --git a/debian/patches/00list b/debian/patches/00list
deleted file mode 100644
index a3a2cb2..0000000
--- a/debian/patches/00list
+++ /dev/null
@@ -1,6 +0,0 @@
-01-manpage.dpatch
-02-makefile.dpatch
-03-cgi-php.dpatch
-04-kfreebsd.dpatch
-05-manpage-hyphen.dpatch
-10-bug-552844-ftbfs-htpasswd.c-onflicting-types.dpatch
diff --git a/debian/patches/01-manpage.dpatch b/debian/patches/01-manpage
index 0688334..61858df 100644
--- a/debian/patches/01-manpage.dpatch
+++ b/debian/patches/01-manpage
@@ -5,9 +5,11 @@
 
 @DPATCH@
 
---- mini-httpd-1.19/mini_httpd.8.orig	2006-07-05 00:14:37.000000000 +0200
-+++ mini-httpd-1.19/mini_httpd.8	2006-07-05 00:15:30.000000000 +0200
-@@ -432,7 +432,7 @@
+Index: mini-httpd-1.21/mini_httpd.8
+===================================================================
+--- mini-httpd-1.21.orig/mini_httpd.8
++++ mini-httpd-1.21/mini_httpd.8
+@@ -432,7 +432,7 @@ You don't need cert.csr and privkey.pem,
  .SH "SEE ALSO"
  htpasswd(1), weblog_parse(1), http_get(1)
  .SH AUTHOR
diff --git a/debian/patches/02-makefile.dpatch b/debian/patches/02-makefile
index 19e3dda..19e3dda 100644
--- a/debian/patches/02-makefile.dpatch
+++ b/debian/patches/02-makefile
diff --git a/debian/patches/03-cgi-php b/debian/patches/03-cgi-php
new file mode 100644
index 0000000..2b3bcc6
--- /dev/null
+++ b/debian/patches/03-cgi-php
@@ -0,0 +1,34 @@
+Description: mini_httpd does not run php cgi
+	       shows following error: "No input file specified".
+	       Thanks to Thorsten Schmale who has written this patch.
+Author: Marvin Stark <marv@der-marv.de>
+Last-Update: 2015-09-03
+Index: mini-httpd-1.21/mini_httpd.c
+===================================================================
+--- mini-httpd-1.21.orig/mini_httpd.c
++++ mini-httpd-1.21/mini_httpd.c
+@@ -1141,7 +1141,7 @@ handle_request( void )
+     int r, file_len, i;
+     const char* index_names[] = {
+ 	"index.html", "index.mini-httpd.html", "index.htm", "index.xhtml", "index.xht", "Default.htm",
+-	"index.cgi" };
++	"index.cgi", "index.php" };
+ 
+     /* Set up the timeout for reading. */
+ #ifdef HAVE_SIGSET
+@@ -2147,6 +2147,7 @@ make_envp( void )
+     int envn;
+     char* cp;
+     char buf[256];
++    char rp[MAXPATHLEN];
+ 
+     envn = 0;
+     envp[envn++] = build_env( "PATH=%s", CGI_PATH );
+@@ -2167,6 +2168,7 @@ make_envp( void )
+     envp[envn++] = build_env(
+ 	"REQUEST_METHOD=%s", get_method_str( method ) );
+     envp[envn++] = build_env( "SCRIPT_NAME=%s", path );
++    envp[envn++] = build_env( "SCRIPT_FILENAME=%s", realpath(file, rp) );
+     if ( pathinfo != (char*) 0 )
+ 	{
+ 	envp[envn++] = build_env( "PATH_INFO=/%s", pathinfo );
diff --git a/debian/patches/03-cgi-php.dpatch b/debian/patches/03-cgi-php.dpatch
deleted file mode 100644
index c4c8a7e..0000000
--- a/debian/patches/03-cgi-php.dpatch
+++ /dev/null
@@ -1,37 +0,0 @@
-#!/bin/sh /usr/share/dpatch/dpatch-run
-## 03-cgi-php.dpatch by Marvin Stark <marv@der-marv.de>
-## Thanks to Thorsten Schmale who has written this patch.
-##
-## DP: mini_httpd does not run php cgi's.
-## DP: mini_httpd shows following error: "No input file specified".
-
-@DPATCH@
-
---- mini-httpd-1.19/mini_httpd.c.orig	2008-02-05 08:40:28.000000000 +0000
-+++ mini-httpd-1.19/mini_httpd.c		2008-02-05 08:50:35.000000000 +0000
-@@ -1129,7 +1129,7 @@
-     int r, file_len, i;
-     const char* index_names[] = {
- 	"index.html", "index.htm", "index.xhtml", "index.xht", "Default.htm",
--	"index.cgi" };
-+	"index.cgi", "index.php" };
- 
-     /* Set up the timeout for reading. */
- #ifdef HAVE_SIGSET
-@@ -2117,6 +2117,7 @@
-     int envn;
-     char* cp;
-     char buf[256];
-+    char rp[MAXPATHLEN];
- 
-     envn = 0;
-     envp[envn++] = build_env( "PATH=%s", CGI_PATH );
-@@ -2134,7 +2135,7 @@
-     envp[envn++] = build_env( "SERVER_PORT=%s", buf );
-     envp[envn++] = build_env(
- 	"REQUEST_METHOD=%s", get_method_str( method ) );
--    envp[envn++] = build_env( "SCRIPT_NAME=%s", path );
-+    envp[envn++] = build_env( "SCRIPT_FILENAME=%s", realpath(file, rp) );
-     if ( pathinfo != (char*) 0 )
- 	{
- 	envp[envn++] = build_env( "PATH_INFO=/%s", pathinfo );
diff --git a/debian/patches/05-manpage-hyphen.dpatch b/debian/patches/05-manpage-hyphen
index 9178f2a..3bf27ad 100644
--- a/debian/patches/05-manpage-hyphen.dpatch
+++ b/debian/patches/05-manpage-hyphen
@@ -1,13 +1,12 @@
-#!/bin/sh /usr/share/dpatch/dpatch-run
-## 05-manpage-hyphen.dpatch by Raphael Geissert <geissert@debian.org>
-##
-## DP: Escape minus signs as needed.
+Description: Escape minus signs as needed.
+Author: Raphael Geissert <geissert@debian.org>
+Last-Update: 2015-09-05
 
-@DPATCH@
-
---- mini-httpd-1.19.orig/mini_httpd.8	2009-07-05 19:45:04.000000000 -0500
-+++ mini-httpd-1.19/mini_httpd.8	2009-07-05 19:50:45.000000000 -0500
-@@ -107,7 +107,7 @@
+Index: mini-httpd-1.21/mini_httpd.8
+===================================================================
+--- mini-httpd-1.21.orig/mini_httpd.8
++++ mini-httpd-1.21/mini_httpd.8
+@@ -107,7 +107,7 @@ The config-file option name for this fla
  .B -dd
  Specifies a directory to chdir() to after chrooting.
  If you're not chrooting, you might as well do a single chdir() with
@@ -16,7 +15,7 @@
  If you are chrooting, this lets you put the web files in a subdirectory
  of the chroot tree, instead of in the top level mixed in with the
  chroot files.
-@@ -172,7 +172,7 @@
+@@ -172,7 +172,7 @@ which is just fine for most sites.
  The config-file option name for this flag is "maxage".
  .TP
  .B -S
@@ -25,7 +24,7 @@
  to enable this feature.
  The config-file option name for this flag is "ssl".
  .TP
-@@ -207,7 +207,7 @@
+@@ -207,7 +207,7 @@ Shows mini_httpd's version and then exit
  mini_httpd supports the CGI 1.1 spec.
  .PP
  In order for a CGI program to be run, its name must match the pattern
@@ -34,7 +33,7 @@
  This is a simple shell-style filename pattern.
  You can use * to match any string not including a slash,
  or ** to match any string including slashes,
-@@ -255,12 +255,12 @@
+@@ -255,12 +255,12 @@ so that mini_httpd can still generate sy
  Check your system's syslodg man page for how to do this.
  In FreeBSD you would put something like this in /etc/rc.conf:
  .nf
@@ -49,7 +48,7 @@
  .SH "MULTIHOMING"
  .PP
  Multihoming means using one machine to serve multiple hostnames.
-@@ -308,7 +308,7 @@
+@@ -308,7 +308,7 @@ If your OS's version of ifconfig doesn't
  probably out of luck.
  .PP
  Third and last, you must set up mini_httpd to handle the multiple hosts.
@@ -58,7 +57,7 @@
  This works with either CNAME multihosting or multiple-IP multihosting.
  What it does is send each incoming request to a subdirectory based on the
  hostname it's intended for.
-@@ -321,26 +321,26 @@
+@@ -321,26 +321,26 @@ With the example above, you'd do like so
  If you're using old-style multiple-IP multihosting, you should also create
  symbolic links from the numeric addresses to the names, like so:
  .nf
@@ -94,7 +93,7 @@
  .SH "CUSTOM ERRORS"
  .PP
  mini_httpd lets you define your own custom error pages for the various
-@@ -416,15 +416,15 @@
+@@ -416,15 +416,15 @@ http://www.modssl.org/docs/2.4/ssl_faq.h
  You can also create one for yourself, using the openssl tool.
  Step one - create the key and certificate request:
  .nf
@@ -115,9 +114,11 @@
  .fi
  This creates four files.
  The ones you want are cert.pem and key.pem.
---- mini-httpd-1.19.orig/htpasswd.1	1999-09-28 13:49:35.000000000 -0500
-+++ mini-httpd-1.19/htpasswd.1	2009-07-05 19:57:50.000000000 -0500
-@@ -9,7 +9,7 @@
+Index: mini-httpd-1.21/htpasswd.1
+===================================================================
+--- mini-httpd-1.21.orig/htpasswd.1
++++ mini-httpd-1.21/htpasswd.1
+@@ -9,7 +9,7 @@ htpasswd - manipulate HTTP-server passwo
  .SH DESCRIPTION
  .PP
  Sets a user's password in an httpd-style password file.
diff --git a/debian/patches/10-bug-552844-ftbfs-htpasswd.c-onflicting-types.dpatch b/debian/patches/10-bug-552844-ftbfs-htpasswd.c-onflicting-types
index 1fe5f5f..1fe5f5f 100644
--- a/debian/patches/10-bug-552844-ftbfs-htpasswd.c-onflicting-types.dpatch
+++ b/debian/patches/10-bug-552844-ftbfs-htpasswd.c-onflicting-types
diff --git a/debian/patches/fix-add_to_response-buffer-overflow b/debian/patches/fix-add_to_response-buffer-overflow
new file mode 100644
index 0000000..33c90ac
--- /dev/null
+++ b/debian/patches/fix-add_to_response-buffer-overflow
@@ -0,0 +1,163 @@
+Description: Fix buffer overflow in add_to_response bug Thanks Peter Kasza
+Author: Jose dos Santos Junior <j.s.junior@live.com>
+Last-Update: 2015-09-02
+Bug: http://bugs.debian.org/778925
+===================================================================
+Index: mini-httpd-1.21/mini_httpd.c
+===================================================================
+--- mini-httpd-1.21.orig/mini_httpd.c
++++ mini-httpd-1.21/mini_httpd.c
+@@ -270,7 +270,7 @@ static void start_request( void );
+ static void add_to_request( char* str, size_t len );
+ static char* get_request_line( void );
+ static void start_response( void );
+-static void add_to_response( char* str, size_t len );
++static void add_to_response( char* str, size_t len, size_t buflen );
+ static void send_response( void );
+ static void send_via_write( int fd, off_t size );
+ static void send_via_sendfile( int fd, int s, off_t size );
+@@ -1655,7 +1655,7 @@ do_dir( void )
+ 
+     add_headers( 200, "Ok", "", "", "text/html; charset=%s", contents_len, sb.st_mtime );
+     if ( method != METHOD_HEAD )
+-	add_to_response( contents, contents_len );
++	add_to_response( contents, contents_len, sizeof(contents) );
+     send_response();
+     }
+ 
+@@ -2426,9 +2426,9 @@ send_error_body( int s, char* title, cha
+ \n\
+     <h4>%d %s</h4>\n",
+ 	s, title, s, title );
+-    add_to_response( buf, buflen );
++    add_to_response( buf, buflen, sizeof(buf) );
+     buflen = snprintf( buf, sizeof(buf), "%s\n", text );
+-    add_to_response( buf, buflen );
++    add_to_response( buf, buflen, sizeof(buf) );
+     }
+ 
+ 
+@@ -2447,7 +2447,7 @@ send_error_file( char* filename )
+ 	r = fread( buf, 1, sizeof(buf), fp );
+ 	if ( r == 0 )
+ 	    break;
+-	add_to_response( buf, r );
++	add_to_response( buf, r, sizeof(buf) );
+ 	}
+     (void) fclose( fp );
+     return 1;
+@@ -2464,14 +2464,14 @@ send_error_tail( void )
+ 	{
+ 	int n;
+ 	buflen = snprintf( buf, sizeof(buf), "<!--\n" );
+-	add_to_response( buf, buflen );
++	add_to_response( buf, buflen, sizeof(buf) );
+ 	for ( n = 0; n < 6; ++n )
+ 	    {
+ 	    buflen = snprintf( buf, sizeof(buf), "Padding so that MSIE deigns to show this error instead of its own canned one.\n" );
+-	    add_to_response( buf, buflen );
++	    add_to_response( buf, buflen, sizeof(buf) );
+ 	    }
+ 	buflen = snprintf( buf, sizeof(buf), "-->\n" );
+-	add_to_response( buf, buflen );
++	add_to_response( buf, buflen, sizeof(buf) );
+ 	}
+ 
+     buflen = snprintf( buf, sizeof(buf), "\
+@@ -2483,7 +2483,7 @@ send_error_tail( void )
+ \n\
+ </html>\n",
+ 	SERVER_URL, SERVER_SOFTWARE );
+-    add_to_response( buf, buflen );
++    add_to_response( buf, buflen, sizeof(buf) );
+     }
+ 
+ 
+@@ -2502,44 +2502,44 @@ add_headers( int s, char* title, char* e
+     make_log_entry();
+     start_response();
+     buflen = snprintf( buf, sizeof(buf), "%s %d %s\015\012", protocol, status, title );
+-    add_to_response( buf, buflen );
++    add_to_response( buf, buflen, sizeof(buf) );
+     buflen = snprintf( buf, sizeof(buf), "Server: %s\015\012", SERVER_SOFTWARE );
+-    add_to_response( buf, buflen );
++    add_to_response( buf, buflen, sizeof(buf) );
+     now = time( (time_t*) 0 );
+     (void) strftime( timebuf, sizeof(timebuf), rfc1123_fmt, gmtime( &now ) );
+     buflen = snprintf( buf, sizeof(buf), "Date: %s\015\012", timebuf );
+-    add_to_response( buf, buflen );
++    add_to_response( buf, buflen, sizeof(buf) );
+     s100 = status / 100;
+     if ( s100 != 2 && s100 != 3 )
+ 	{
+ 	buflen = snprintf( buf, sizeof(buf), "Cache-Control: no-cache,no-store\015\012" );
+-	add_to_response( buf, buflen );
++	add_to_response( buf, buflen, sizeof(buf) );
+ 	}
+     if ( extra_header != (char*) 0 && extra_header[0] != '\0' )
+ 	{
+ 	buflen = snprintf( buf, sizeof(buf), "%s\015\012", extra_header );
+-	add_to_response( buf, buflen );
++	add_to_response( buf, buflen, sizeof(buf) );
+ 	}
+     if ( me != (char*) 0 && me[0] != '\0' )
+ 	{
+ 	buflen = snprintf( buf, sizeof(buf), "Content-Encoding: %s\015\012", me );
+-	add_to_response( buf, buflen );
++	add_to_response( buf, buflen, sizeof(buf) );
+ 	}
+     if ( mt != (char*) 0 && mt[0] != '\0' )
+ 	{
+ 	buflen = snprintf( buf, sizeof(buf), "Content-Type: %s\015\012", mt );
+-	add_to_response( buf, buflen );
++	add_to_response( buf, buflen, sizeof(buf) );
+ 	}
+     if ( bytes >= 0 )
+ 	{
+ 	buflen = snprintf(
+ 	    buf, sizeof(buf), "Content-Length: %lld\015\012", (long long) bytes );
+-	add_to_response( buf, buflen );
++	add_to_response( buf, buflen, sizeof(buf) );
+ 	}
+     if ( p3p != (char*) 0 && p3p[0] != '\0' )
+ 	{
+ 	buflen = snprintf( buf, sizeof(buf), "P3P: %s\015\012", p3p );
+-	add_to_response( buf, buflen );
++	add_to_response( buf, buflen, sizeof(buf) );
+ 	}
+     if ( max_age >= 0 )
+ 	{
+@@ -2548,17 +2548,17 @@ add_headers( int s, char* title, char* e
+ 	    timebuf, sizeof(timebuf), rfc1123_fmt, gmtime( &expires ) );
+ 	buflen = snprintf( buf, sizeof(buf),
+ 	    "Cache-Control: max-age=%d\015\012Expires: %s\015\012", max_age, timebuf );
+-	add_to_response( buf, buflen );
++	add_to_response( buf, buflen, sizeof(buf) );
+ 	}
+     if ( mod != (time_t) -1 )
+ 	{
+ 	(void) strftime(
+ 	    timebuf, sizeof(timebuf), rfc1123_fmt, gmtime( &mod ) );
+ 	buflen = snprintf( buf, sizeof(buf), "Last-Modified: %s\015\012", timebuf );
+-	add_to_response( buf, buflen );
++	add_to_response( buf, buflen, sizeof(buf) );
+ 	}
+     buflen = snprintf( buf, sizeof(buf), "Connection: close\015\012\015\012" );
+-    add_to_response( buf, buflen );
++    add_to_response( buf, buflen, sizeof(buf) );
+     }
+ 
+ 
+@@ -2611,8 +2611,11 @@ start_response( void )
+     }
+ 
+ static void
+-add_to_response( char* str, size_t len )
++add_to_response( char* str, size_t len, size_t buflen )
+     {
++    if (buflen < len) {
++        len = buflen;
++    }
+     add_to_buf( &response, &response_size, &response_len, str, len );
+     }
+ 
diff --git a/debian/patches/fix-append-portno-to-vhost b/debian/patches/fix-append-portno-to-vhost
new file mode 100644
index 0000000..13e4df6
--- /dev/null
+++ b/debian/patches/fix-append-portno-to-vhost
@@ -0,0 +1,24 @@
+Description: Append port number to vhost.
+	       Thanks Steffen Grunewald <steffen.grunewald@gmx.net>
+Author: Jose dos Santos Junior <j.s.junior@live.com>
+Last-Update:2015-09-05
+Bug: http://bugs.debian.org/491078
+===================================================================
+Index: mini-httpd-1.21/mini_httpd.c
+===================================================================
+--- mini-httpd-1.21.orig/mini_httpd.c
++++ mini-httpd-1.21/mini_httpd.c
+@@ -2349,7 +2349,13 @@ virtual_file( char* f )
+ 
+     /* Use the request's hostname, or fall back on the IP address. */
+     if ( host != (char*) 0 )
++	{
+ 	req_hostname = host;
++	char *portno;
++	portno = strpbrk(req_hostname, ":");
++	if (portno != (char *) 0)
++	    *portno++ = '\0';
++	}
+     else
+ 	{
+ 	usockaddr usa;
diff --git a/debian/patches/fix-change-index-document-root b/debian/patches/fix-change-index-document-root
new file mode 100644
index 0000000..4ba29ad
--- /dev/null
+++ b/debian/patches/fix-change-index-document-root
@@ -0,0 +1,19 @@
+Description: Change the default document root to /var/www/html
+	    and added index.mini-httpd.html in /var/www/html
+Author: Jose dos Santos Junior <j.s.junior@live.com>
+Last-Update: 2015-09-14
+Bug: http://bugs.debian.org/730373
+===================================================================
+Index: mini-httpd-1.21/mini_httpd.c
+===================================================================
+--- mini-httpd-1.21.orig/mini_httpd.c
++++ mini-httpd-1.21/mini_httpd.c
+@@ -1140,7 +1140,7 @@ handle_request( void )
+     char* cp;
+     int r, file_len, i;
+     const char* index_names[] = {
+-	"index.html", "index.htm", "index.xhtml", "index.xht", "Default.htm",
++	"index.html", "index.mini-httpd.html", "index.htm", "index.xhtml", "index.xht", "Default.htm",
+ 	"index.cgi" };
+ 
+     /* Set up the timeout for reading. */
diff --git a/debian/patches/fix-makefile b/debian/patches/fix-makefile
new file mode 100644
index 0000000..17a8d60
--- /dev/null
+++ b/debian/patches/fix-makefile
@@ -0,0 +1,44 @@
+Description: Change DESTDIR and LCFLAGS
+Autor: Jose dos Santos Junior <j.s.junior@live.com>
+Last-Update: 2015-09-05
+===================================================================
+Index: mini-httpd-1.21/Makefile
+===================================================================
+--- mini-httpd-1.21.orig/Makefile
++++ mini-httpd-1.21/Makefile
+@@ -19,13 +19,12 @@ CRYPT_LIB =    -lcrypt
+ #SSL_INC =	-I$(SSL_TREE)/include
+ #SSL_LIBS =	-L$(SSL_TREE)/lib -lssl -lcrypto
+ 
+-
+-BINDIR =	/usr/local/sbin
+-MANDIR =	/usr/local/man
++BINDIR =$(DESTDIR)/usr/sbin
++MANDIR =$(DESTDIR)/usr/share/man
+ CC =		cc
+ CDEFS =		$(SSL_DEFS) $(SSL_INC)
+-CFLAGS =	-O $(CDEFS) -ansi -pedantic -U__STRICT_ANSI__ -Wall -Wpointer-arith -Wshadow -Wcast-qual -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wredundant-decls -Wno-long-long
+-LDFLAGS =	-s
++CFLAGS+=-O $(CDEFS) -ansi -pedantic -U__STRICT_ANSI__ -Wall -Wpointer-arith -Wshadow -Wcast-qual -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wredundant-decls -Wno-long-long
++LDFLAGS+= -s `dpkg-buildflags --get CPPFLAGS` `dpkg-buildflags --get CFLAGS` `dpkg-buildflags --get LDFLAGS`
+ LDLIBS =	$(CRYPT_LIB) $(SSL_LIBS) $(SYSV_LIBS)
+ 
+ all:		mini_httpd htpasswd
+@@ -34,7 +33,7 @@ mini_httpd:	mini_httpd.o match.o tdate_p
+ 	$(CC) $(LDFLAGS) mini_httpd.o match.o tdate_parse.o $(LDLIBS) -o mini_httpd
+ 
+ mini_httpd.o:	mini_httpd.c version.h port.h match.h tdate_parse.h mime_encodings.h mime_types.h
+-	$(CC) $(CFLAGS) -c mini_httpd.c
++	$(CC) $(LDFLAGS) -c mini_httpd.c
+ 
+ match.o:	match.c match.h
+ 	$(CC) $(CFLAGS) -c match.c
+@@ -76,8 +75,6 @@ install:	all
+ 	rm -f $(MANDIR)/man8/mini_httpd.8 $(MANDIR)/man1/htpasswd.1
+ 	-mkdir -p $(MANDIR)/man8
+ 	cp mini_httpd.8 $(MANDIR)/man8
+-	-mkdir -p $(MANDIR)/man1
+-	cp htpasswd.1 $(MANDIR)/man1
+ 
+ clean:
+ 	rm -f mini_httpd mime_encodings.h mime_types.h htpasswd mini_httpd.rnd *.o core core.* *.core
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..a8a186a
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1,6 @@
+fix-change-index-document-root
+fix-add_to_response-buffer-overflow
+01-manpage
+03-cgi-php
+fix-makefile
+05-manpage-hyphen
diff --git a/debian/rules b/debian/rules
index be0c02b..84cf36c 100755
--- a/debian/rules
+++ b/debian/rules
@@ -1,75 +1,11 @@
 #!/usr/bin/make -f
+# export DH_VERBOSE=1
 
-# Uncomment this to turn on verbose mode.
-#export DH_VERBOSE=1
+%:
+	dh $@
 
-include /usr/share/dpatch/dpatch.make
-
-CFLAGS = -Wall -g
-
-ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
-	CFLAGS += -O0
-else
-	CFLAGS += -O2
-endif
-
-build: patch
-
-clean: unpatch
-	dh_testdir
-	dh_testroot
-	rm -f build-stamp
-
-	$(MAKE) clean
-
-	dh_clean
-
-install: build
-	dh_testdir
-	dh_testroot
-	dh_clean -k
-	dh_installdirs
-
-	CFLAGS="$(CFLAGS)" $(MAKE) all \
-			MANDIR="debian/mini-httpd/usr/share/man" \
-			SSL_TREE="/usr" \
-			SSL_DEFS="-DUSE_SSL" \
-			SSL_INC="-I${SSL_TREE}/include/openssl" \
-			SSL_LIBS="-L${SSL_TREE}/lib -lssl -lcrypto"
-
-	# Moving index.html to its designated directory.
-	install -D -m 0644 debian/html/index.html debian/mini-httpd/usr/share/mini-httpd/html/index.html
-
-	# Moving mini_httpd to its designated directory.
-	install -D mini_httpd debian/mini-httpd/usr/sbin/mini-httpd
-
-	# Moving htpasswd to its designated directory.
-	#install -D htpasswd debian/mini-httpd/usr/bin/htpasswd
-
-	# Moving manpages to its designated directory.
-	#install -D htpasswd.1 debian/mini-httpd/usr/share/man/man1/htpasswd.1
-	install -D mini_httpd.8 debian/mini-httpd/usr/share/man/man8/mini-httpd.8
-
-	# Moving example configuration to its designated directory.
-	install -D -m 0644 debian/config/mini-httpd.conf debian/mini-httpd/etc/mini-httpd.conf
-
-binary-indep: build install
-
-binary-arch: build install
-	dh_testdir
-	dh_testroot
-	dh_installchangelogs
-	dh_installdocs
-	dh_installinit
-	dh_link
-	dh_compress
-	dh_fixperms
-	dh_installdeb
-	dh_shlibdeps
-	dh_strip
-	dh_gencontrol
-	dh_md5sums
-	dh_builddeb
-
-binary: binary-indep binary-arch
-.PHONY: build clean binary-indep binary-arch binary install
+override_dh_auto_install:
+	dh_auto_install
+	install -D mini_httpd debian/mini-httpd/usr/sbin/mini_httpd
+	rm -f debian/mini-httpd/usr/sbin/htpasswd
+	dh_installchangelogs debian/upstream.changelog
\ No newline at end of file
diff --git a/debian/source/format b/debian/source/format
new file mode 100644
index 0000000..46ebe02
--- /dev/null
+++ b/debian/source/format
@@ -0,0 +1 @@
+3.0 (quilt)
\ No newline at end of file
diff --git a/debian/upstream.changelog b/debian/upstream.changelog
new file mode 100644
index 0000000..2998366
--- /dev/null
+++ b/debian/upstream.changelog
@@ -0,0 +1,176 @@
+# Extracted from http://www.acme.com/software/mini_httpd/
+
+New in version 1.21:
+ - Disable SSL 3 because of the "poodle" attack.
+
+New in version 1.20:
+ - Better handling for very large files.
+ - Use TCP_CORK if it's available and TCP_NOPUSH is not.
+ - Ignore ECONNABORTED on accept().
+ - Removed mailto: link from the default index page.
+ - Allow CGIs to provide both Location and Status headers. (A. Skrobov)
+ - Better logic for figuring out CGI SERVER_NAME environment variable. (Oleg)
+ - Updated for clang, and general cleanup.
+
+New in version 1.19:
+ - Prohibit "Host: ." and "Host: .." (David Leadbeater).
+ - Use the specified charset in directory listings and errors (Jonas Ohlsson).
+ - Close and re-open the log file on SIGHUP. This includes code to chown 
+    the log file when starting up as root so that after switching
+    uids to nobody (or whatever user you configure) it can still be re-opened.
+    And there's also code to tweak the logfile pathname after a chroot so that
+    it still works.
+ - Generate multiple MIME encodings in the correct order,
+    and with the correct separator.
+ - Re-wrote the read() and write() loops to handle EINTR and EAGAIN.
+ - Save and restore errno in signal handlers.
+ - Corrected possible buffer overflow in building CGI 
+    environment (Bernhard Reiter).
+ - Simplified handling of HAVE_INT64T (Trisk). If this causes problems, e.g. 
+    if there are still systems which don't have "long long", we can back out the change.
+ - Automatically add no-cache control header on error responses.
+
+New in version 1.18:
+ - Added a bunch of MIME types.
+ - Allow blank lines in the config file.
+ - Digital Unix 4.0d doesn't have int64_t.
+ - Use unsigned short consistently for port number.
+ - Prohibit slashes in the Host: header (Marcus Breiing).
+ - For some reason there was never a timeout on writing the response, only on reading the request; fixed.
+ - Don't send Content-Length header on 304 Not Modified responses.
+ - Allow user-agent log entries to be up to 200 characters long, instead only of 80.
+ - Changed most uses of \r and \n to \015 and \012 (Jens Bauer).
+ - Got rid of extra slash in PATH_TRANSLATED (Benedikt Hochstrasser).
+
+New in version 1.17:
+ - Simplified the IPv6 ifdefs.
+ - Remove /./ in de_dotdot() (Dana Dahlstrom).
+ - Added an madvise(MADV_SEQUENTIAL) call for the cases that use mmap().
+ - Added .xhtml and .xht to mime_types.txt (suggested by Dave Hodder).
+ - Made the list of possible index filenames into an array instead of hard-coded.
+ - Added a bunch of syslogs.
+ - On generated pages which set BGCOLOR, also set TEXT LINK and VLINK.
+ - Added some OpenOffice MIME types (Dave Hodder).
+
+New in version 1.16:
+ - Some fixes for unusual cases in the CGI file-descriptor shuffling (Michael Gorlick).
+ - On SysV use sigset() instead of signal() (David Koblas).
+ - Set up accept filters after listen() (Kris Spinka).
+ - Preserve query string when doing a missing-slash directory redirect.
+ - New port.h defines for NetBSD.
+ - Fix for security hole that exposed contents of .htpasswd in some cases (noticed by zeno@cgisecurity.com).
+ - Allow (and ignore) extra fields in .htpasswd files.
+ - Added PATH_INFO to CGI environment (Benedikt Hochstrasser).
+ - Close log file before running CGI (Damien Miller).
+ - Integrated directory lister (Damien Miller).
+ - Added a shutdown() call to cgi_interpose_output().
+ - Added some Microsoft MIME types (Kevin Day).
+ - Use binary search to figure MIME types (suggested by Sascha Schumann and Rob Ekl).
+ - Linux's sendfile has a different calling sequence.
+ - Set TCP_NOPUSH socket option.
+ - Switch htpasswd from using tmpnam to mkstemp.
+ - Use memmove instead of memcpy.
+ - Fix to de_dotdot (Mark Dunlap).
+ - Added portability defines for Digital Unix.
+ - Off-by-one error in base-64 decoding (Archie Cobbs).
+ - URL-encoding in directory listings.
+ - Fix (harmless) subprocess SEGV on null requests (noticed by Tyler Mitchell).
+ - Ignore EINTR on select call when doing IPv4 and IPv6 (noticed by Tyler Mitchell).
+ - Added -V version flag.
+ - Added a timeout on request reading.
+ - Corrected some uses of size_t and off_t.
+ - Now able to serve files larger than 2GB.
+ - Default installation direction is now /usr/local/sbin, not /usr/local/bin.
+ - Added a scripts subdirectory with some sample code for FreeBSD systems.
+ - Added a -P flag for setting the P3P header.
+ - Added a -C config-file option similar to thttpd's.
+ - Added flags to specify the SSL certificate file and cipher set.
+ - Simplified the OS-detection ifdef maze in port.h (Damien Miller).
+ - Split match() into a separate file, like it is in thttpd.
+ - Added non-local referer filtering similar to thttpd's.
+ - Implemented content-encoding header.
+ - Added rudimentary option to set cache-control headers.
+
+New in version 1.15c:
+ - Fix for the garbage characters after POST data hack.
+
+New in version 1.15b:
+ - Fix syntax oops when SSL is defined.
+
+New in version 1.15:
+ - Update SSL support to current version of OpenSSL.
+ - Close extraneous file descriptors on CGI calls - from Russell Dill.
+ - Hack to deal with garbage characters after POST data generated by some browsers.
+ - Use sendfile() if available.
+ - Use accept filters if available.
+
+New in version 1.14:
+ - Added hack to prevent MSIE 5 from censoring error messages.
+ - IPv6/Linux fix from Tero Pelander.
+ - Documented the -D flag.
+
+New in version 1.13:
+ - Added some MIME types to support WAP/WML.
+ - Made MIME text character-set an option, with iso-8859-1 the default.
+
+New in version 1.12:
+ - Fix for directory indexes on Linux - symlinks were not indexing right 
+    due to a bug in Linux's ls.
+ - Solaris/SysV fix - it was exitting after serving a single request, due
+    to SIGCHLD generating an EINTR.
+ - A change in the way wildcard matching works - now a single * only matches 
+    strings that don't include a slash. To match entire pathnames including 
+    slashes you have to use **.
+ - Fix for index.cgi - it was returning the file's contents instead of running it.
+ - On systems with IPv6, automatically bind to both v4 and v6 sockets.
+ - Added charset=iso-8859-1 to text MIME types.
+
+New in version 1.11:
+ - Portability fix for Debian, which lacks gai_strerror().
+ - Couple of CGI tweaks from David Chaiken.
+ - A change to SIGPIPE handling.
+
+New in version 1.10:
+ - Support for filenames with spaces in them.
+ - Use standard isxdigit macro instead of is_hexit routine.
+
+New in version 1.09:
+ - IPv6 support.
+ - Fix to If-Modified-Since - some leap year problems.
+ - New version of match().
+ - Minor fix to the page returned by authentication.
+
+New in version 1.08:
+ - Custom error pages.
+ - Better ".." handling.
+ - Disallow listing of virtual host directory.
+
+New in version 1.07:
+ - Fix for remote-user logging.
+
+New in version 1.06:
+ - Security fix to directory indexing, for dirs with a single quote.
+
+New in version 1.05:
+ - Minor fix to the directory indexing to handle dirs that start with a tilde.
+
+New in version 1.04:
+ - Tweak chroot() and setuid() calls, so that the username to switch uids to 
+    gets looked up before the chroot().
+
+New in version 1.03:
+ - Bugfix for CGI header parsing 
+    if the CGI was sending binary data (e.g. images),
+    the result could get truncated or corrupted.
+
+New in version 1.02:
+ - Bugfix for CGI header parsing.
+ - Call setlogin() if it's available.
+
+New in version 1.01:
+ - CGI header parsing.
+ - If-Modified-Since / 304.
+ - Chroot.
+
+New in version 1.00:
+ - SSL.