diff options
Diffstat (limited to 'debian/patches')
| -rw-r--r-- | debian/patches/00list | 6 | ||||
| -rw-r--r-- | debian/patches/01-manpage (renamed from debian/patches/01-manpage.dpatch) | 8 | ||||
| -rw-r--r-- | debian/patches/02-makefile (renamed from debian/patches/02-makefile.dpatch) | 0 | ||||
| -rw-r--r-- | debian/patches/03-cgi-php | 34 | ||||
| -rw-r--r-- | debian/patches/03-cgi-php.dpatch | 37 | ||||
| -rw-r--r-- | debian/patches/05-manpage-hyphen (renamed from debian/patches/05-manpage-hyphen.dpatch) | 37 | ||||
| -rw-r--r-- | debian/patches/10-bug-552844-ftbfs-htpasswd.c-onflicting-types (renamed from debian/patches/10-bug-552844-ftbfs-htpasswd.c-onflicting-types.dpatch) | 0 | ||||
| -rw-r--r-- | debian/patches/fix-add_to_response-buffer-overflow | 163 | ||||
| -rw-r--r-- | debian/patches/fix-append-portno-to-vhost | 24 | ||||
| -rw-r--r-- | debian/patches/fix-change-index-document-root | 19 | ||||
| -rw-r--r-- | debian/patches/fix-makefile | 44 | ||||
| -rw-r--r-- | debian/patches/series | 6 |
12 files changed, 314 insertions, 64 deletions
diff --git a/debian/patches/00list b/debian/patches/00list deleted file mode 100644 index a3a2cb2..0000000 --- a/debian/patches/00list +++ /dev/null @@ -1,6 +0,0 @@ -01-manpage.dpatch -02-makefile.dpatch -03-cgi-php.dpatch -04-kfreebsd.dpatch -05-manpage-hyphen.dpatch -10-bug-552844-ftbfs-htpasswd.c-onflicting-types.dpatch diff --git a/debian/patches/01-manpage.dpatch b/debian/patches/01-manpage index 0688334..61858df 100644 --- a/debian/patches/01-manpage.dpatch +++ b/debian/patches/01-manpage @@ -5,9 +5,11 @@ @DPATCH@ ---- mini-httpd-1.19/mini_httpd.8.orig 2006-07-05 00:14:37.000000000 +0200 -+++ mini-httpd-1.19/mini_httpd.8 2006-07-05 00:15:30.000000000 +0200 -@@ -432,7 +432,7 @@ +Index: mini-httpd-1.21/mini_httpd.8 +=================================================================== +--- mini-httpd-1.21.orig/mini_httpd.8 ++++ mini-httpd-1.21/mini_httpd.8 +@@ -432,7 +432,7 @@ You don't need cert.csr and privkey.pem, .SH "SEE ALSO" htpasswd(1), weblog_parse(1), http_get(1) .SH AUTHOR diff --git a/debian/patches/02-makefile.dpatch b/debian/patches/02-makefile index 19e3dda..19e3dda 100644 --- a/debian/patches/02-makefile.dpatch +++ b/debian/patches/02-makefile diff --git a/debian/patches/03-cgi-php b/debian/patches/03-cgi-php new file mode 100644 index 0000000..2b3bcc6 --- /dev/null +++ b/debian/patches/03-cgi-php @@ -0,0 +1,34 @@ +Description: mini_httpd does not run php cgi + shows following error: "No input file specified". + Thanks to Thorsten Schmale who has written this patch. +Author: Marvin Stark <marv@der-marv.de> +Last-Update: 2015-09-03 +Index: mini-httpd-1.21/mini_httpd.c +=================================================================== +--- mini-httpd-1.21.orig/mini_httpd.c ++++ mini-httpd-1.21/mini_httpd.c +@@ -1141,7 +1141,7 @@ handle_request( void ) + int r, file_len, i; + const char* index_names[] = { + "index.html", "index.mini-httpd.html", "index.htm", "index.xhtml", "index.xht", "Default.htm", +- "index.cgi" }; ++ "index.cgi", "index.php" }; + + /* Set up the timeout for reading. */ + #ifdef HAVE_SIGSET +@@ -2147,6 +2147,7 @@ make_envp( void ) + int envn; + char* cp; + char buf[256]; ++ char rp[MAXPATHLEN]; + + envn = 0; + envp[envn++] = build_env( "PATH=%s", CGI_PATH ); +@@ -2167,6 +2168,7 @@ make_envp( void ) + envp[envn++] = build_env( + "REQUEST_METHOD=%s", get_method_str( method ) ); + envp[envn++] = build_env( "SCRIPT_NAME=%s", path ); ++ envp[envn++] = build_env( "SCRIPT_FILENAME=%s", realpath(file, rp) ); + if ( pathinfo != (char*) 0 ) + { + envp[envn++] = build_env( "PATH_INFO=/%s", pathinfo ); diff --git a/debian/patches/03-cgi-php.dpatch b/debian/patches/03-cgi-php.dpatch deleted file mode 100644 index c4c8a7e..0000000 --- a/debian/patches/03-cgi-php.dpatch +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/sh /usr/share/dpatch/dpatch-run -## 03-cgi-php.dpatch by Marvin Stark <marv@der-marv.de> -## Thanks to Thorsten Schmale who has written this patch. -## -## DP: mini_httpd does not run php cgi's. -## DP: mini_httpd shows following error: "No input file specified". - -@DPATCH@ - ---- mini-httpd-1.19/mini_httpd.c.orig 2008-02-05 08:40:28.000000000 +0000 -+++ mini-httpd-1.19/mini_httpd.c 2008-02-05 08:50:35.000000000 +0000 -@@ -1129,7 +1129,7 @@ - int r, file_len, i; - const char* index_names[] = { - "index.html", "index.htm", "index.xhtml", "index.xht", "Default.htm", -- "index.cgi" }; -+ "index.cgi", "index.php" }; - - /* Set up the timeout for reading. */ - #ifdef HAVE_SIGSET -@@ -2117,6 +2117,7 @@ - int envn; - char* cp; - char buf[256]; -+ char rp[MAXPATHLEN]; - - envn = 0; - envp[envn++] = build_env( "PATH=%s", CGI_PATH ); -@@ -2134,7 +2135,7 @@ - envp[envn++] = build_env( "SERVER_PORT=%s", buf ); - envp[envn++] = build_env( - "REQUEST_METHOD=%s", get_method_str( method ) ); -- envp[envn++] = build_env( "SCRIPT_NAME=%s", path ); -+ envp[envn++] = build_env( "SCRIPT_FILENAME=%s", realpath(file, rp) ); - if ( pathinfo != (char*) 0 ) - { - envp[envn++] = build_env( "PATH_INFO=/%s", pathinfo ); diff --git a/debian/patches/05-manpage-hyphen.dpatch b/debian/patches/05-manpage-hyphen index 9178f2a..3bf27ad 100644 --- a/debian/patches/05-manpage-hyphen.dpatch +++ b/debian/patches/05-manpage-hyphen @@ -1,13 +1,12 @@ -#!/bin/sh /usr/share/dpatch/dpatch-run -## 05-manpage-hyphen.dpatch by Raphael Geissert <geissert@debian.org> -## -## DP: Escape minus signs as needed. +Description: Escape minus signs as needed. +Author: Raphael Geissert <geissert@debian.org> +Last-Update: 2015-09-05 -@DPATCH@ - ---- mini-httpd-1.19.orig/mini_httpd.8 2009-07-05 19:45:04.000000000 -0500 -+++ mini-httpd-1.19/mini_httpd.8 2009-07-05 19:50:45.000000000 -0500 -@@ -107,7 +107,7 @@ +Index: mini-httpd-1.21/mini_httpd.8 +=================================================================== +--- mini-httpd-1.21.orig/mini_httpd.8 ++++ mini-httpd-1.21/mini_httpd.8 +@@ -107,7 +107,7 @@ The config-file option name for this fla .B -dd Specifies a directory to chdir() to after chrooting. If you're not chrooting, you might as well do a single chdir() with @@ -16,7 +15,7 @@ If you are chrooting, this lets you put the web files in a subdirectory of the chroot tree, instead of in the top level mixed in with the chroot files. -@@ -172,7 +172,7 @@ +@@ -172,7 +172,7 @@ which is just fine for most sites. The config-file option name for this flag is "maxage". .TP .B -S @@ -25,7 +24,7 @@ to enable this feature. The config-file option name for this flag is "ssl". .TP -@@ -207,7 +207,7 @@ +@@ -207,7 +207,7 @@ Shows mini_httpd's version and then exit mini_httpd supports the CGI 1.1 spec. .PP In order for a CGI program to be run, its name must match the pattern @@ -34,7 +33,7 @@ This is a simple shell-style filename pattern. You can use * to match any string not including a slash, or ** to match any string including slashes, -@@ -255,12 +255,12 @@ +@@ -255,12 +255,12 @@ so that mini_httpd can still generate sy Check your system's syslodg man page for how to do this. In FreeBSD you would put something like this in /etc/rc.conf: .nf @@ -49,7 +48,7 @@ .SH "MULTIHOMING" .PP Multihoming means using one machine to serve multiple hostnames. -@@ -308,7 +308,7 @@ +@@ -308,7 +308,7 @@ If your OS's version of ifconfig doesn't probably out of luck. .PP Third and last, you must set up mini_httpd to handle the multiple hosts. @@ -58,7 +57,7 @@ This works with either CNAME multihosting or multiple-IP multihosting. What it does is send each incoming request to a subdirectory based on the hostname it's intended for. -@@ -321,26 +321,26 @@ +@@ -321,26 +321,26 @@ With the example above, you'd do like so If you're using old-style multiple-IP multihosting, you should also create symbolic links from the numeric addresses to the names, like so: .nf @@ -94,7 +93,7 @@ .SH "CUSTOM ERRORS" .PP mini_httpd lets you define your own custom error pages for the various -@@ -416,15 +416,15 @@ +@@ -416,15 +416,15 @@ http://www.modssl.org/docs/2.4/ssl_faq.h You can also create one for yourself, using the openssl tool. Step one - create the key and certificate request: .nf @@ -115,9 +114,11 @@ .fi This creates four files. The ones you want are cert.pem and key.pem. ---- mini-httpd-1.19.orig/htpasswd.1 1999-09-28 13:49:35.000000000 -0500 -+++ mini-httpd-1.19/htpasswd.1 2009-07-05 19:57:50.000000000 -0500 -@@ -9,7 +9,7 @@ +Index: mini-httpd-1.21/htpasswd.1 +=================================================================== +--- mini-httpd-1.21.orig/htpasswd.1 ++++ mini-httpd-1.21/htpasswd.1 +@@ -9,7 +9,7 @@ htpasswd - manipulate HTTP-server passwo .SH DESCRIPTION .PP Sets a user's password in an httpd-style password file. diff --git a/debian/patches/10-bug-552844-ftbfs-htpasswd.c-onflicting-types.dpatch b/debian/patches/10-bug-552844-ftbfs-htpasswd.c-onflicting-types index 1fe5f5f..1fe5f5f 100644 --- a/debian/patches/10-bug-552844-ftbfs-htpasswd.c-onflicting-types.dpatch +++ b/debian/patches/10-bug-552844-ftbfs-htpasswd.c-onflicting-types diff --git a/debian/patches/fix-add_to_response-buffer-overflow b/debian/patches/fix-add_to_response-buffer-overflow new file mode 100644 index 0000000..33c90ac --- /dev/null +++ b/debian/patches/fix-add_to_response-buffer-overflow @@ -0,0 +1,163 @@ +Description: Fix buffer overflow in add_to_response bug Thanks Peter Kasza +Author: Jose dos Santos Junior <j.s.junior@live.com> +Last-Update: 2015-09-02 +Bug: http://bugs.debian.org/778925 +=================================================================== +Index: mini-httpd-1.21/mini_httpd.c +=================================================================== +--- mini-httpd-1.21.orig/mini_httpd.c ++++ mini-httpd-1.21/mini_httpd.c +@@ -270,7 +270,7 @@ static void start_request( void ); + static void add_to_request( char* str, size_t len ); + static char* get_request_line( void ); + static void start_response( void ); +-static void add_to_response( char* str, size_t len ); ++static void add_to_response( char* str, size_t len, size_t buflen ); + static void send_response( void ); + static void send_via_write( int fd, off_t size ); + static void send_via_sendfile( int fd, int s, off_t size ); +@@ -1655,7 +1655,7 @@ do_dir( void ) + + add_headers( 200, "Ok", "", "", "text/html; charset=%s", contents_len, sb.st_mtime ); + if ( method != METHOD_HEAD ) +- add_to_response( contents, contents_len ); ++ add_to_response( contents, contents_len, sizeof(contents) ); + send_response(); + } + +@@ -2426,9 +2426,9 @@ send_error_body( int s, char* title, cha + \n\ + <h4>%d %s</h4>\n", + s, title, s, title ); +- add_to_response( buf, buflen ); ++ add_to_response( buf, buflen, sizeof(buf) ); + buflen = snprintf( buf, sizeof(buf), "%s\n", text ); +- add_to_response( buf, buflen ); ++ add_to_response( buf, buflen, sizeof(buf) ); + } + + +@@ -2447,7 +2447,7 @@ send_error_file( char* filename ) + r = fread( buf, 1, sizeof(buf), fp ); + if ( r == 0 ) + break; +- add_to_response( buf, r ); ++ add_to_response( buf, r, sizeof(buf) ); + } + (void) fclose( fp ); + return 1; +@@ -2464,14 +2464,14 @@ send_error_tail( void ) + { + int n; + buflen = snprintf( buf, sizeof(buf), "<!--\n" ); +- add_to_response( buf, buflen ); ++ add_to_response( buf, buflen, sizeof(buf) ); + for ( n = 0; n < 6; ++n ) + { + buflen = snprintf( buf, sizeof(buf), "Padding so that MSIE deigns to show this error instead of its own canned one.\n" ); +- add_to_response( buf, buflen ); ++ add_to_response( buf, buflen, sizeof(buf) ); + } + buflen = snprintf( buf, sizeof(buf), "-->\n" ); +- add_to_response( buf, buflen ); ++ add_to_response( buf, buflen, sizeof(buf) ); + } + + buflen = snprintf( buf, sizeof(buf), "\ +@@ -2483,7 +2483,7 @@ send_error_tail( void ) + \n\ + </html>\n", + SERVER_URL, SERVER_SOFTWARE ); +- add_to_response( buf, buflen ); ++ add_to_response( buf, buflen, sizeof(buf) ); + } + + +@@ -2502,44 +2502,44 @@ add_headers( int s, char* title, char* e + make_log_entry(); + start_response(); + buflen = snprintf( buf, sizeof(buf), "%s %d %s\015\012", protocol, status, title ); +- add_to_response( buf, buflen ); ++ add_to_response( buf, buflen, sizeof(buf) ); + buflen = snprintf( buf, sizeof(buf), "Server: %s\015\012", SERVER_SOFTWARE ); +- add_to_response( buf, buflen ); ++ add_to_response( buf, buflen, sizeof(buf) ); + now = time( (time_t*) 0 ); + (void) strftime( timebuf, sizeof(timebuf), rfc1123_fmt, gmtime( &now ) ); + buflen = snprintf( buf, sizeof(buf), "Date: %s\015\012", timebuf ); +- add_to_response( buf, buflen ); ++ add_to_response( buf, buflen, sizeof(buf) ); + s100 = status / 100; + if ( s100 != 2 && s100 != 3 ) + { + buflen = snprintf( buf, sizeof(buf), "Cache-Control: no-cache,no-store\015\012" ); +- add_to_response( buf, buflen ); ++ add_to_response( buf, buflen, sizeof(buf) ); + } + if ( extra_header != (char*) 0 && extra_header[0] != '\0' ) + { + buflen = snprintf( buf, sizeof(buf), "%s\015\012", extra_header ); +- add_to_response( buf, buflen ); ++ add_to_response( buf, buflen, sizeof(buf) ); + } + if ( me != (char*) 0 && me[0] != '\0' ) + { + buflen = snprintf( buf, sizeof(buf), "Content-Encoding: %s\015\012", me ); +- add_to_response( buf, buflen ); ++ add_to_response( buf, buflen, sizeof(buf) ); + } + if ( mt != (char*) 0 && mt[0] != '\0' ) + { + buflen = snprintf( buf, sizeof(buf), "Content-Type: %s\015\012", mt ); +- add_to_response( buf, buflen ); ++ add_to_response( buf, buflen, sizeof(buf) ); + } + if ( bytes >= 0 ) + { + buflen = snprintf( + buf, sizeof(buf), "Content-Length: %lld\015\012", (long long) bytes ); +- add_to_response( buf, buflen ); ++ add_to_response( buf, buflen, sizeof(buf) ); + } + if ( p3p != (char*) 0 && p3p[0] != '\0' ) + { + buflen = snprintf( buf, sizeof(buf), "P3P: %s\015\012", p3p ); +- add_to_response( buf, buflen ); ++ add_to_response( buf, buflen, sizeof(buf) ); + } + if ( max_age >= 0 ) + { +@@ -2548,17 +2548,17 @@ add_headers( int s, char* title, char* e + timebuf, sizeof(timebuf), rfc1123_fmt, gmtime( &expires ) ); + buflen = snprintf( buf, sizeof(buf), + "Cache-Control: max-age=%d\015\012Expires: %s\015\012", max_age, timebuf ); +- add_to_response( buf, buflen ); ++ add_to_response( buf, buflen, sizeof(buf) ); + } + if ( mod != (time_t) -1 ) + { + (void) strftime( + timebuf, sizeof(timebuf), rfc1123_fmt, gmtime( &mod ) ); + buflen = snprintf( buf, sizeof(buf), "Last-Modified: %s\015\012", timebuf ); +- add_to_response( buf, buflen ); ++ add_to_response( buf, buflen, sizeof(buf) ); + } + buflen = snprintf( buf, sizeof(buf), "Connection: close\015\012\015\012" ); +- add_to_response( buf, buflen ); ++ add_to_response( buf, buflen, sizeof(buf) ); + } + + +@@ -2611,8 +2611,11 @@ start_response( void ) + } + + static void +-add_to_response( char* str, size_t len ) ++add_to_response( char* str, size_t len, size_t buflen ) + { ++ if (buflen < len) { ++ len = buflen; ++ } + add_to_buf( &response, &response_size, &response_len, str, len ); + } + diff --git a/debian/patches/fix-append-portno-to-vhost b/debian/patches/fix-append-portno-to-vhost new file mode 100644 index 0000000..13e4df6 --- /dev/null +++ b/debian/patches/fix-append-portno-to-vhost @@ -0,0 +1,24 @@ +Description: Append port number to vhost. + Thanks Steffen Grunewald <steffen.grunewald@gmx.net> +Author: Jose dos Santos Junior <j.s.junior@live.com> +Last-Update:2015-09-05 +Bug: http://bugs.debian.org/491078 +=================================================================== +Index: mini-httpd-1.21/mini_httpd.c +=================================================================== +--- mini-httpd-1.21.orig/mini_httpd.c ++++ mini-httpd-1.21/mini_httpd.c +@@ -2349,7 +2349,13 @@ virtual_file( char* f ) + + /* Use the request's hostname, or fall back on the IP address. */ + if ( host != (char*) 0 ) ++ { + req_hostname = host; ++ char *portno; ++ portno = strpbrk(req_hostname, ":"); ++ if (portno != (char *) 0) ++ *portno++ = '\0'; ++ } + else + { + usockaddr usa; diff --git a/debian/patches/fix-change-index-document-root b/debian/patches/fix-change-index-document-root new file mode 100644 index 0000000..4ba29ad --- /dev/null +++ b/debian/patches/fix-change-index-document-root @@ -0,0 +1,19 @@ +Description: Change the default document root to /var/www/html + and added index.mini-httpd.html in /var/www/html +Author: Jose dos Santos Junior <j.s.junior@live.com> +Last-Update: 2015-09-14 +Bug: http://bugs.debian.org/730373 +=================================================================== +Index: mini-httpd-1.21/mini_httpd.c +=================================================================== +--- mini-httpd-1.21.orig/mini_httpd.c ++++ mini-httpd-1.21/mini_httpd.c +@@ -1140,7 +1140,7 @@ handle_request( void ) + char* cp; + int r, file_len, i; + const char* index_names[] = { +- "index.html", "index.htm", "index.xhtml", "index.xht", "Default.htm", ++ "index.html", "index.mini-httpd.html", "index.htm", "index.xhtml", "index.xht", "Default.htm", + "index.cgi" }; + + /* Set up the timeout for reading. */ diff --git a/debian/patches/fix-makefile b/debian/patches/fix-makefile new file mode 100644 index 0000000..17a8d60 --- /dev/null +++ b/debian/patches/fix-makefile @@ -0,0 +1,44 @@ +Description: Change DESTDIR and LCFLAGS +Autor: Jose dos Santos Junior <j.s.junior@live.com> +Last-Update: 2015-09-05 +=================================================================== +Index: mini-httpd-1.21/Makefile +=================================================================== +--- mini-httpd-1.21.orig/Makefile ++++ mini-httpd-1.21/Makefile +@@ -19,13 +19,12 @@ CRYPT_LIB = -lcrypt + #SSL_INC = -I$(SSL_TREE)/include + #SSL_LIBS = -L$(SSL_TREE)/lib -lssl -lcrypto + +- +-BINDIR = /usr/local/sbin +-MANDIR = /usr/local/man ++BINDIR =$(DESTDIR)/usr/sbin ++MANDIR =$(DESTDIR)/usr/share/man + CC = cc + CDEFS = $(SSL_DEFS) $(SSL_INC) +-CFLAGS = -O $(CDEFS) -ansi -pedantic -U__STRICT_ANSI__ -Wall -Wpointer-arith -Wshadow -Wcast-qual -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wredundant-decls -Wno-long-long +-LDFLAGS = -s ++CFLAGS+=-O $(CDEFS) -ansi -pedantic -U__STRICT_ANSI__ -Wall -Wpointer-arith -Wshadow -Wcast-qual -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wredundant-decls -Wno-long-long ++LDFLAGS+= -s `dpkg-buildflags --get CPPFLAGS` `dpkg-buildflags --get CFLAGS` `dpkg-buildflags --get LDFLAGS` + LDLIBS = $(CRYPT_LIB) $(SSL_LIBS) $(SYSV_LIBS) + + all: mini_httpd htpasswd +@@ -34,7 +33,7 @@ mini_httpd: mini_httpd.o match.o tdate_p + $(CC) $(LDFLAGS) mini_httpd.o match.o tdate_parse.o $(LDLIBS) -o mini_httpd + + mini_httpd.o: mini_httpd.c version.h port.h match.h tdate_parse.h mime_encodings.h mime_types.h +- $(CC) $(CFLAGS) -c mini_httpd.c ++ $(CC) $(LDFLAGS) -c mini_httpd.c + + match.o: match.c match.h + $(CC) $(CFLAGS) -c match.c +@@ -76,8 +75,6 @@ install: all + rm -f $(MANDIR)/man8/mini_httpd.8 $(MANDIR)/man1/htpasswd.1 + -mkdir -p $(MANDIR)/man8 + cp mini_httpd.8 $(MANDIR)/man8 +- -mkdir -p $(MANDIR)/man1 +- cp htpasswd.1 $(MANDIR)/man1 + + clean: + rm -f mini_httpd mime_encodings.h mime_types.h htpasswd mini_httpd.rnd *.o core core.* *.core diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..a8a186a --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,6 @@ +fix-change-index-document-root +fix-add_to_response-buffer-overflow +01-manpage +03-cgi-php +fix-makefile +05-manpage-hyphen |