~ubuntu-branches/ubuntu/lucid/lighttpd/lucid-security

Committer: Bazaar Package Importer
Author(s): Andres Rodriguez
Date: 2009-06-06 15:53:28 UTC
mfrom: (6.1.2 squeeze)
Revision ID: james.westby@ubuntu.com-20090606155328-6pr6j08kk4rdf8rz

Tags: 1.4.22-1ubuntu1

* Merge from debian unstable (LP: #384367), remaining changes:
  - debian/control: Depend on lsb (>= 3.2-14), which has the status_of_proc()
    function; libgamin-dev rather than libfam-dev to fix startup warning.
  - debian/init.d: Add the 'status' action, clean environment; Check syntax
    during start/reload/restart/force-reload.
  - debian/rules: set DEB_UPDATE_RCD_PARAMS to "defaults 91 09" to not start
    lighty before apache2 but in the same runlevel with the same priority;
    Make sure that upgrades succeed, even if we can't restart lighttpd.
  - debian/index.html: s/Debian/Ubuntu/g branding on the default page.
  - Added a UFW profile set:
    + debian/lighttpd.dirs: added etc/ufw/applications.d
    + debian/rules: install the ufw profile.
    + debian/control: Suggests on ufw.
* debian/patches/fix-conf-doc.patch: Update headers to match package version

files added:
tests/mod-compress.conf

files removed:
cygwin

cygwin/Makefile.am

cygwin/Makefile.in

cygwin/lighttpd.README

cygwin/lighttpd.README.in

cygwin/setup.hint

lighttpd.spec

lighttpd.spec.in

openwrt

openwrt/Makefile.am

openwrt/Makefile.in

openwrt/S51lighttpd

openwrt/conffiles

openwrt/control

openwrt/control.in

openwrt/lighttpd.conf

openwrt/lighttpd.mk

openwrt/lighttpd.mk.in

tests/docroot/www/dummydir

tests/env-variables.conf

tests/env-variables.t

files modified:
Makefile.am

Makefile.in

NEWS

SConstruct

aclocal.m4

config.guess

config.h.in

config.sub

configure

configure.in

debian/changelog

debian/compat

debian/control

debian/patches/fix-conf-doc.patch

debian/patches/series

depcomp

doc/Makefile.am

doc/Makefile.in

doc/authentication.txt

doc/compress.txt

doc/configuration.txt

doc/lighttpd.conf

doc/magnet.txt

doc/redirect.txt

doc/rewrite.txt

doc/userdir.txt

install-sh

ltmain.sh

src/Makefile.am

src/Makefile.in

src/SConscript

src/array.c

src/array.h

src/base.h

src/buffer.c

src/chunk.c

src/configfile-glue.c

src/configfile.c

src/configparser.c

src/configparser.y

src/connections-glue.c

src/connections.c

src/data_string.c

src/fdevent_linux_sysepoll.c

src/http-header-glue.c

src/http_auth.c

src/http_auth.h

src/http_chunk.c

src/inet_ntop_cache.c

src/lemon.c

src/lempar.c

src/lighttpd-angel.c

src/log.c

src/log.h

src/md5.c

src/md5.h

src/mod_access.c

src/mod_accesslog.c

src/mod_alias.c

src/mod_auth.c

src/mod_cgi.c

src/mod_cml_lua.c

src/mod_compress.c

src/mod_dirlisting.c

src/mod_evasive.c

src/mod_evhost.c

src/mod_expire.c

src/mod_extforward.c

src/mod_fastcgi.c

src/mod_flv_streaming.c

src/mod_indexfile.c

src/mod_magnet.c

src/mod_mysql_vhost.c

src/mod_proxy.c

src/mod_redirect.c

src/mod_rewrite.c

src/mod_rrdtool.c

src/mod_scgi.c

src/mod_secure_download.c

src/mod_simple_vhost.c

src/mod_skeleton.c

src/mod_ssi.c

src/mod_ssi_expr.c

src/mod_ssi_exprparser.c

src/mod_ssi_exprparser.y

src/mod_staticfile.c

src/mod_status.c

src/mod_trigger_b4_dl.c

src/mod_userdir.c

src/mod_usertrack.c

src/mod_webdav.c

src/network.c

src/network_freebsd_sendfile.c

src/network_openssl.c

src/plugin.c

src/proc_open.c

src/proc_open.h

src/request.c

src/response.c

src/server.c

src/spawn-fcgi.c

src/stat_cache.c

tests/404-handler.conf

tests/LightyTest.pm

tests/Makefile.am

tests/Makefile.in

tests/SConscript

tests/bug-06.conf

tests/bug-12.conf

tests/condition.conf

tests/core-404-handler.t *

tests/docroot/123/Makefile.in

tests/docroot/Makefile.in

tests/docroot/www/Makefile.am

tests/docroot/www/Makefile.in

tests/docroot/www/expire/Makefile.in

tests/docroot/www/get-env.php

tests/docroot/www/go/Makefile.in

tests/docroot/www/indexfile/Makefile.in

tests/fastcgi-10.conf

tests/fastcgi-13.conf

tests/fastcgi-auth.conf

tests/fastcgi-responder.conf

tests/lighttpd.conf

tests/lowercase.conf

tests/mod-compress.t

tests/mod-fastcgi.t

tests/mod-proxy.t

tests/mod-rewrite.t

tests/proxy.conf

tests/request.t

tests/run-tests.pl

tests/symlink.t *

tests/var-include.conf

Show diffs side-by-side

added added

removed removed

src/mod_dirlisting.c

454

static void http_list_directory_header(server *srv, connection *con, plugin_data *p, buffer *out) {

455

UNUSED(srv);

456

457

BUFFER_APPEND_STRING_CONST(out,

457

buffer_append_string_len(out, CONST_STR_LEN(

458

"<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.1//EN\" \"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd\">\n"

459

"<html xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"en\">\n"

460

"<head>\n"

461

"<title>Index of "

462

);

462

));

463

buffer_append_string_encoded(out, CONST_BUF_LEN(con->uri.path), ENCODING_MINIMAL_XML);

464

BUFFER_APPEND_STRING_CONST(out, "</title>\n");

464

buffer_append_string_len(out, CONST_STR_LEN("</title>\n"));

465

466

if (p->conf.external_css->used > 1) {

467

BUFFER_APPEND_STRING_CONST(out, "<link rel=\"stylesheet\" type=\"text/css\" href=\"");

467

buffer_append_string_len(out, CONST_STR_LEN("<link rel=\"stylesheet\" type=\"text/css\" href=\""));

468

buffer_append_string_buffer(out, p->conf.external_css);

469

BUFFER_APPEND_STRING_CONST(out, "\" />\n");

469

buffer_append_string_len(out, CONST_STR_LEN("\" />\n"));

470

} else {

471

BUFFER_APPEND_STRING_CONST(out,

471

buffer_append_string_len(out, CONST_STR_LEN(

472

"<style type=\"text/css\">\n"

473

"a, a:active {text-decoration: none; color: blue;}\n"

474

"a:visited {color: #48468F;}\n"

485

" padding-right: 14px;"

486

" padding-bottom: 3px;"

487

"}\n"

488

);

489

BUFFER_APPEND_STRING_CONST(out,

490

488

"td {padding-right: 14px;}\n"

491

489

"td.s, th.s {text-align: right;}\n"

492

490

"div.list {"

502

500

" padding-top: 4px;"

503

501

"}\n"

504

502

"</style>\n"

505

);

503

));

506

504

}

507

505

508

BUFFER_APPEND_STRING_CONST(out, "</head>\n<body>\n");

506

buffer_append_string_len(out, CONST_STR_LEN("</head>\n<body>\n"));

509

507

510

508

/* HEADER.txt */

511

509

if (p->conf.show_header) {

514

512

515

513

buffer_copy_string_buffer(p->tmp_buf, con->physical.path);

516

514

BUFFER_APPEND_SLASH(p->tmp_buf);

517

BUFFER_APPEND_STRING_CONST(p->tmp_buf, "HEADER.txt");

515

buffer_append_string_len(p->tmp_buf, CONST_STR_LEN("HEADER.txt"));

518

516

519

517

if (-1 != stream_open(&s, p->tmp_buf)) {

520

BUFFER_APPEND_STRING_CONST(out, "<pre class=\"header\">");

518

buffer_append_string_len(out, CONST_STR_LEN("<pre class=\"header\">"));

521

519

buffer_append_string_encoded(out, s.start, s.size, ENCODING_MINIMAL_XML);

522

BUFFER_APPEND_STRING_CONST(out, "</pre>");

520

buffer_append_string_len(out, CONST_STR_LEN("</pre>"));

523

521

}

524

522

stream_close(&s);

525

523

}

526

524

527

BUFFER_APPEND_STRING_CONST(out, "<h2>Index of ");

525

buffer_append_string_len(out, CONST_STR_LEN("<h2>Index of "));

528

526

buffer_append_string_encoded(out, CONST_BUF_LEN(con->uri.path), ENCODING_MINIMAL_XML);

529

BUFFER_APPEND_STRING_CONST(out,

527

buffer_append_string_len(out, CONST_STR_LEN(

530

528

"</h2>\n"

531

529

"<div class=\"list\">\n"

532

530

"<table summary=\"Directory Listing\" cellpadding=\"0\" cellspacing=\"0\">\n"

545

543

"<td class=\"s\">-  </td>"

546

544

"<td class=\"t\">Directory</td>"

547

545

"</tr>\n"

548

);

546

));

549

547

}

550

548

551

549

static void http_list_directory_footer(server *srv, connection *con, plugin_data *p, buffer *out) {

552

550

UNUSED(srv);

553

551

554

BUFFER_APPEND_STRING_CONST(out,

552

buffer_append_string_len(out, CONST_STR_LEN(

555

553

"</tbody>\n"

556

554

"</table>\n"

557

555

"</div>\n"

558

);

556

));

559

557

560

558

if (p->conf.show_readme) {

561

559

stream s;

563

561

564

562

buffer_copy_string_buffer(p->tmp_buf, con->physical.path);

565

563

BUFFER_APPEND_SLASH(p->tmp_buf);

566

BUFFER_APPEND_STRING_CONST(p->tmp_buf, "README.txt");

564

buffer_append_string_len(p->tmp_buf, CONST_STR_LEN("README.txt"));

567

565

568

566

if (-1 != stream_open(&s, p->tmp_buf)) {

569

BUFFER_APPEND_STRING_CONST(out, "<pre class=\"readme\">");

567

buffer_append_string_len(out, CONST_STR_LEN("<pre class=\"readme\">"));

570

568

buffer_append_string_encoded(out, s.start, s.size, ENCODING_MINIMAL_XML);

571

BUFFER_APPEND_STRING_CONST(out, "</pre>");

569

buffer_append_string_len(out, CONST_STR_LEN("</pre>"));

572

570

}

573

571

stream_close(&s);

574

572

}

575

573

576

BUFFER_APPEND_STRING_CONST(out,

574

buffer_append_string_len(out, CONST_STR_LEN(

577

575

"<div class=\"foot\">"

578

);

576

));

579

577

580

578

if (p->conf.set_footer->used > 1) {

581

579

buffer_append_string_buffer(out, p->conf.set_footer);

582

580

} else if (buffer_is_empty(con->conf.server_tag)) {

583

BUFFER_APPEND_STRING_CONST(out, PACKAGE_NAME "/" PACKAGE_VERSION);

581

buffer_append_string_len(out, CONST_STR_LEN(PACKAGE_NAME "/" PACKAGE_VERSION));

584

582

} else {

585

583

buffer_append_string_buffer(out, con->conf.server_tag);

586

584

}

587

585

588

BUFFER_APPEND_STRING_CONST(out,

586

buffer_append_string_len(out, CONST_STR_LEN(

589

587

"</div>\n"

590

588

"</body>\n"

591

589

"</html>\n"

592

);

590

));

593

591

}

594

592

595

593

static int http_list_directory(server *srv, connection *con, plugin_data *p, buffer *dir) {

742

740

if (files.used) http_dirls_sort(files.ent, files.used);

743

741

744

742

out = chunkqueue_get_append_buffer(con->write_queue);

745

BUFFER_COPY_STRING_CONST(out, "<?xml version=\"1.0\" encoding=\"");

743

buffer_copy_string_len(out, CONST_STR_LEN("<?xml version=\"1.0\" encoding=\""));

746

744

if (buffer_is_empty(p->conf.encoding)) {

747

BUFFER_APPEND_STRING_CONST(out, "iso-8859-1");

745

buffer_append_string_len(out, CONST_STR_LEN("iso-8859-1"));

748

746

} else {

749

747

buffer_append_string_buffer(out, p->conf.encoding);

750

748

}

751

BUFFER_APPEND_STRING_CONST(out, "\"?>\n");

749

buffer_append_string_len(out, CONST_STR_LEN("\"?>\n"));

752

750

http_list_directory_header(srv, con, p, out);

753

751

754

752

/* directories */

762

760

strftime(datebuf, sizeof(datebuf), "%Y-%b-%d %H:%M:%S", localtime(&(tmp->mtime)));

763

761

#endif

764

762

765

BUFFER_APPEND_STRING_CONST(out, "<tr><td class=\"n\"><a href=\"");

763

buffer_append_string_len(out, CONST_STR_LEN("<tr><td class=\"n\"><a href=\""));

766

764

buffer_append_string_encoded(out, DIRLIST_ENT_NAME(tmp), tmp->namelen, ENCODING_REL_URI_PART);

767

BUFFER_APPEND_STRING_CONST(out, "/\">");

765

buffer_append_string_len(out, CONST_STR_LEN("/\">"));

768

766

buffer_append_string_encoded(out, DIRLIST_ENT_NAME(tmp), tmp->namelen, ENCODING_MINIMAL_XML);

769

BUFFER_APPEND_STRING_CONST(out, "</a>/</td><td class=\"m\">");

767

buffer_append_string_len(out, CONST_STR_LEN("</a>/</td><td class=\"m\">"));

770

768

buffer_append_string_len(out, datebuf, sizeof(datebuf) - 1);

771

BUFFER_APPEND_STRING_CONST(out, "</td><td class=\"s\">-  </td><td class=\"t\">Directory</td></tr>\n");

769

buffer_append_string_len(out, CONST_STR_LEN("</td><td class=\"s\">-  </td><td class=\"t\">Directory</td></tr>\n"));

772

770

773

771

free(tmp);

774

772

}

818

816

#endif

819

817

http_list_directory_sizefmt(sizebuf, tmp->size);

820

818

821

BUFFER_APPEND_STRING_CONST(out, "<tr><td class=\"n\"><a href=\"");

819

buffer_append_string_len(out, CONST_STR_LEN("<tr><td class=\"n\"><a href=\""));

822

820

buffer_append_string_encoded(out, DIRLIST_ENT_NAME(tmp), tmp->namelen, ENCODING_REL_URI_PART);

823

BUFFER_APPEND_STRING_CONST(out, "\">");

821

buffer_append_string_len(out, CONST_STR_LEN("\">"));

824

822

buffer_append_string_encoded(out, DIRLIST_ENT_NAME(tmp), tmp->namelen, ENCODING_MINIMAL_XML);

825

BUFFER_APPEND_STRING_CONST(out, "</a></td><td class=\"m\">");

823

buffer_append_string_len(out, CONST_STR_LEN("</a></td><td class=\"m\">"));

826

824

buffer_append_string_len(out, datebuf, sizeof(datebuf) - 1);

827

BUFFER_APPEND_STRING_CONST(out, "</td><td class=\"s\">");

825

buffer_append_string_len(out, CONST_STR_LEN("</td><td class=\"s\">"));

828

826

buffer_append_string(out, sizebuf);

829

BUFFER_APPEND_STRING_CONST(out, "</td><td class=\"t\">");

827

buffer_append_string_len(out, CONST_STR_LEN("</td><td class=\"t\">"));

830

828

buffer_append_string(out, content_type);

831

BUFFER_APPEND_STRING_CONST(out, "</td></tr>\n");

829

buffer_append_string_len(out, CONST_STR_LEN("</td></tr>\n"));

832

830

833

831

free(tmp);

834

832

}

841

839

842

840

/* Insert possible charset to Content-Type */

843

841

if (buffer_is_empty(p->conf.encoding)) {

844

response_header_insert(srv, con, CONST_STR_LEN("Content-Type"), CONST_STR_LEN("text/html"));

842

response_header_overwrite(srv, con, CONST_STR_LEN("Content-Type"), CONST_STR_LEN("text/html"));

845

843

} else {

846

buffer_copy_string(p->content_charset, "text/html; charset=");

844

buffer_copy_string_len(p->content_charset, CONST_STR_LEN("text/html; charset="));

847

845

buffer_append_string_buffer(p->content_charset, p->conf.encoding);

848

response_header_insert(srv, con, CONST_STR_LEN("Content-Type"), CONST_BUF_LEN(p->content_charset));

846

response_header_overwrite(srv, con, CONST_STR_LEN("Content-Type"), CONST_BUF_LEN(p->content_charset));

849

847

}

850

848

851

849

con->file_finished = 1;

861

859

862

860

UNUSED(srv);

863

861

862

/* we only handle GET, POST and HEAD */

863

switch(con->request.http_method) {

864

case HTTP_METHOD_GET:

865

case HTTP_METHOD_POST:

866

case HTTP_METHOD_HEAD:

867

break;

868

default:

869

return HANDLER_GO_ON;

870

}

871

872

if (con->mode != DIRECT) return HANDLER_GO_ON;

873

864

874

if (con->physical.path->used == 0) return HANDLER_GO_ON;

865

875

if (con->uri.path->used == 0) return HANDLER_GO_ON;

866

876

if (con->uri.path->ptr[con->uri.path->used - 2] != '/') return HANDLER_GO_ON;

Older »