commit lighttpd for openSUSE:Factory
Hello community, here is the log from the commit of package lighttpd for openSUSE:Factory checked in at 2017-03-14 10:06:09 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/lighttpd (Old) and /work/SRC/openSUSE:Factory/.lighttpd.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "lighttpd" Tue Mar 14 10:06:09 2017 rev:33 rq:479031 version:1.4.45 Changes: -------- --- /work/SRC/openSUSE:Factory/lighttpd/lighttpd.changes 2017-01-25 23:26:26.430687117 +0100 +++ /work/SRC/openSUSE:Factory/.lighttpd.new/lighttpd.changes 2017-03-14 10:07:11.574889658 +0100 @@ -1,0 +2,6 @@ +Thu Mar 9 13:47:58 UTC 2017 - mrueckert@suse.de + +- added lighttpd-1.4.x_out_of_bounds_read.patch: fix out of bounds + read in mod_scgi (debian#857255) + +------------------------------------------------------------------- New: ---- lighttpd-1.4.x_out_of_bounds_read.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ lighttpd.spec ++++++ --- /var/tmp/diff_new_pack.N8Vd3b/_old 2017-03-14 10:07:12.258792817 +0100 +++ /var/tmp/diff_new_pack.N8Vd3b/_new 2017-03-14 10:07:12.262792251 +0100 @@ -36,6 +36,7 @@ Source5: lighttpd.SuSEfirewall Source6: lighttpd-ssl.SuSEfirewall Source7: lighttpd.logrotate +Patch: lighttpd-1.4.x_out_of_bounds_read.patch BuildRequires: FastCGI-devel BuildRequires: GeoIP-devel BuildRequires: automake @@ -216,7 +217,7 @@ %prep %setup -q -n %{pkg_name}-%{pkg_version} - +%patch -p1 # Do not store build TIME and DATE modified="$(sed -n '/^----/n;s/ - .*$//;p;q' "%{_sourcedir}/%{name}.changes")" DATE="\"$(date -d "${modified}" "+%%b %%e %%Y")\"" ++++++ lighttpd-1.4.x_out_of_bounds_read.patch ++++++ Index: lighttpd-1.4.35/src/mod_scgi.c =================================================================== --- lighttpd-1.4.35.orig/src/mod_scgi.c 2017-03-09 14:44:50.146786080 +0100 +++ lighttpd-1.4.35/src/mod_scgi.c 2017-03-09 14:46:11.518863947 +0100 @@ -1871,7 +1871,7 @@ static int scgi_demux_response(server *s if (eol == EOL_UNSET) eol = EOL_N; - if (*(c+1) == '\n') { + if ((used > 1) && (*(c+1) == '\n')) { header_end = 1; hlen = cp + 2; break;
participants (1)
-
root@hilbertn.suse.de