aboutsummaryrefslogtreecommitdiffstats
path: root/community/thttpd
diff options
context:
space:
mode:
authorRich Felker <dalias@aerifal.cx>2017-11-01 17:51:18 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2017-11-01 18:03:10 +0000
commit0a1fb0d91a5354d312ed66ff48393d405b8f522e (patch)
tree4f190f46099faf427594e79490fdfee3d5b299c7 /community/thttpd
parentb4e57ea9ba009f96f0c61343ab7166217f0d19ff (diff)
downloadaports-0a1fb0d91a5354d312ed66ff48393d405b8f522e.tar.bz2
aports-0a1fb0d91a5354d312ed66ff48393d405b8f522e.tar.xz
community/thttpd: fix serving of .gz and .Z files
thttpd erroneously treats these files as a compressed transfer encoding rather than as a content type. this causes conforming http clients to strip the compression and save a decompressed version when downloading. since this was historically a common httpd bug, some web browsers work around the problem by detecting the .gz extension and ignoring the server's reported transfer encoding, but others, including wget 1.19.2, save a decompressed file, breaking file integrity checking (based on a hash or signature of the original compressed file) and breaking scripts which pass the -z option to tar when extracting. add a patch which removes thttpd's support for extension-based content transfer encodings, and adds the missing mime types for gzip and compress. the patch has been written to be minimally invasive to the program logic, and thus leaves a for loop that breaks on the first iteration rather than rewriting it.
Diffstat (limited to 'community/thttpd')
-rw-r--r--community/thttpd/APKBUILD4
-rw-r--r--community/thttpd/remove_transfer_encoding.patch169
2 files changed, 172 insertions, 1 deletions
diff --git a/community/thttpd/APKBUILD b/community/thttpd/APKBUILD
index fec4ddb691..35db0c9837 100644
--- a/community/thttpd/APKBUILD
+++ b/community/thttpd/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Francesco Colista <fcolista@alpinelinux.org>
pkgname=thttpd
pkgver=2.27
-pkgrel=2
+pkgrel=3
pkgdesc="Simple, small, portable, fast, and secure HTTP server"
url="http://www.acme.com/software/thttpd"
arch="all"
@@ -16,6 +16,7 @@ source="http://www.acme.com/software/$pkgname/$pkgname-$pkgver.tar.gz
thttpd.logrotated
thttpd-webgroup.patch
forwarded-for.patch
+ remove_transfer_encoding.patch
thttpd-makeweb-notsuid.patch
"
@@ -77,4 +78,5 @@ f1b86a554177a5f2a343abb4aac6fa9bc06dafd7cabdaf8329e6478bcc296f39a56d839e85ac4bf7
5b2800825583e93cf4be76e71d2840b9894c1779a810d562a0b6145cae0c7504dadfdc1e844f1611a48cca3b4518d41b47e41a68f33043d58ffde85f1e56e3f3 thttpd.logrotated
349721da9e670ca666891f98ca338ae0041c09b353fc42bdd87015803f0b668478be8e48f36d5b56b5e172d3a7b262bf4a71c9619607a068e41c2bc292bde2be thttpd-webgroup.patch
02c079ca104f2358cd20756082657dca96f7a88cbeb611de81504f1581c5e085a7a2765ec55b6e0ae1948803afced85e8a45fc6deb2fef1ec5ba1ba96ce68b4b forwarded-for.patch
+6536ae6c25dbf79aec43e3d0596ad135ab3ab6e7cd3a5e3c895a289114c08c03c20357ffb4542decfc4d508039a5045db71fb36002c8ba94dbd6356cad32bae4 remove_transfer_encoding.patch
1138a827049f73b43ce142c914fad0670bcd4577de16485ade024314c616056ab6789897663d8b6592331354d44065eae7aa712e20f5c930a80513448416fa17 thttpd-makeweb-notsuid.patch"
diff --git a/community/thttpd/remove_transfer_encoding.patch b/community/thttpd/remove_transfer_encoding.patch
new file mode 100644
index 0000000000..86df66cd0d
--- /dev/null
+++ b/community/thttpd/remove_transfer_encoding.patch
@@ -0,0 +1,169 @@
+diff --git a/Makefile.in b/Makefile.in
+index ded71e0..f9a6bc1 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -68,7 +68,7 @@ OBJ = $(SRC:.c=.o) @LIBOBJS@
+
+ ALL = thttpd
+
+-GENHDR = mime_encodings.h mime_types.h
++GENHDR = mime_types.h
+
+ CLEANFILES = $(ALL) $(OBJ) $(GENSRC) $(GENHDR)
+
+@@ -81,12 +81,6 @@ thttpd: $(OBJ)
+ @rm -f $@
+ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(OBJ) $(LIBS) $(NETLIBS)
+
+-mime_encodings.h: mime_encodings.txt
+- rm -f mime_encodings.h
+- sed < mime_encodings.txt > mime_encodings.h \
+- -e 's/#.*//' -e 's/[ ]*$$//' -e '/^$$/d' \
+- -e 's/[ ][ ]*/", 0, "/' -e 's/^/{ "/' -e 's/$$/", 0 },/'
+-
+ mime_types.h: mime_types.txt
+ rm -f mime_types.h
+ sed < mime_types.txt > mime_types.h \
+@@ -157,14 +151,14 @@ tar:
+ rm -rf $$name ; \
+ mkdir $$name ; \
+ tar cf - `cat FILES` | ( cd $$name ; tar xfBp - ) ; \
+- chmod 644 $$name/Makefile.in $$name/config.h $$name/mime_encodings.txt $$name/mime_types.txt ; \
++ chmod 644 $$name/Makefile.in $$name/config.h $$name/mime_types.txt ; \
+ chmod 755 $$name/cgi-bin $$name/cgi-src $$name/contrib $$name/contrib/redhat-rpm $$name/extras $$name/scripts ; \
+ tar cf $$name.tar $$name ; \
+ rm -rf $$name ; \
+ gzip $$name.tar
+
+ thttpd.o: config.h version.h libhttpd.h fdwatch.h mmc.h timers.h match.h
+-libhttpd.o: config.h version.h libhttpd.h mime_encodings.h mime_types.h \
++libhttpd.o: config.h version.h libhttpd.h mime_types.h \
+ mmc.h timers.h match.h tdate_parse.h
+ fdwatch.o: fdwatch.h
+ mmc.o: mmc.h libhttpd.h
+diff --git a/libhttpd.c b/libhttpd.c
+index 3814e6a..bbb4e14 100644
+--- a/libhttpd.c
++++ b/libhttpd.c
+@@ -2506,10 +2506,6 @@ struct mime_entry {
+ char* val;
+ size_t val_len;
+ };
+-static struct mime_entry enc_tab[] = {
+-#include "mime_encodings.h"
+- };
+-static const int n_enc_tab = sizeof(enc_tab) / sizeof(*enc_tab);
+ static struct mime_entry typ_tab[] = {
+ #include "mime_types.h"
+ };
+@@ -2533,15 +2529,9 @@ init_mime( void )
+ int i;
+
+ /* Sort the tables so we can do binary search. */
+- qsort( enc_tab, n_enc_tab, sizeof(*enc_tab), ext_compare );
+ qsort( typ_tab, n_typ_tab, sizeof(*typ_tab), ext_compare );
+
+ /* Fill in the lengths. */
+- for ( i = 0; i < n_enc_tab; ++i )
+- {
+- enc_tab[i].ext_len = strlen( enc_tab[i].ext );
+- enc_tab[i].val_len = strlen( enc_tab[i].val );
+- }
+ for ( i = 0; i < n_typ_tab; ++i )
+ {
+ typ_tab[i].ext_len = strlen( typ_tab[i].ext );
+@@ -2561,14 +2551,12 @@ figure_mime( httpd_conn* hc )
+ char* prev_dot;
+ char* dot;
+ char* ext;
+- int me_indexes[100], n_me_indexes;
+- size_t ext_len, encodings_len;
++ size_t ext_len;
+ int i, top, bot, mid;
+ int r;
+ char* default_type = "text/plain; charset=%s";
+
+ /* Peel off encoding extensions until there aren't any more. */
+- n_me_indexes = 0;
+ for ( prev_dot = &hc->expnfilename[strlen(hc->expnfilename)]; ; prev_dot = dot )
+ {
+ for ( dot = prev_dot - 1; dot >= hc->expnfilename && *dot != '.'; --dot )
+@@ -2583,25 +2571,7 @@ figure_mime( httpd_conn* hc )
+ }
+ ext = dot + 1;
+ ext_len = prev_dot - ext;
+- /* Search the encodings table. Linear search is fine here, there
+- ** are only a few entries.
+- */
+- for ( i = 0; i < n_enc_tab; ++i )
+- {
+- if ( ext_len == enc_tab[i].ext_len && strncasecmp( ext, enc_tab[i].ext, ext_len ) == 0 )
+- {
+- if ( n_me_indexes < sizeof(me_indexes)/sizeof(*me_indexes) )
+- {
+- me_indexes[n_me_indexes] = i;
+- ++n_me_indexes;
+- }
+- goto next;
+- }
+- }
+- /* No encoding extension found. Break and look for a type extension. */
+ break;
+-
+- next: ;
+ }
+
+ /* Binary search for a matching type extension. */
+@@ -2632,20 +2602,6 @@ figure_mime( httpd_conn* hc )
+
+ /* The last thing we do is actually generate the mime-encoding header. */
+ hc->encodings[0] = '\0';
+- encodings_len = 0;
+- for ( i = n_me_indexes - 1; i >= 0; --i )
+- {
+- httpd_realloc_str(
+- &hc->encodings, &hc->maxencodings,
+- encodings_len + enc_tab[me_indexes[i]].val_len + 1 );
+- if ( hc->encodings[0] != '\0' )
+- {
+- (void) strcpy( &hc->encodings[encodings_len], "," );
+- ++encodings_len;
+- }
+- (void) strcpy( &hc->encodings[encodings_len], enc_tab[me_indexes[i]].val );
+- encodings_len += enc_tab[me_indexes[i]].val_len;
+- }
+
+ }
+
+diff --git a/mime_encodings.txt b/mime_encodings.txt
+deleted file mode 100644
+index 2d3952d..0000000
+--- a/mime_encodings.txt
++++ /dev/null
+@@ -1,8 +0,0 @@
+-# mime_encodings.txt
+-#
+-# A list of file extensions followed by the corresponding MIME encoding.
+-# Extensions not found in the table proceed to the mime_types table.
+-
+-Z compress
+-gz gzip
+-uu x-uuencode
+diff --git a/mime_types.txt b/mime_types.txt
+index d4725d9..3d7ccbd 100644
+--- a/mime_types.txt
++++ b/mime_types.txt
+@@ -50,6 +50,7 @@ fh7 image/x-freehand
+ fhc image/x-freehand
+ gif image/gif
+ gtar application/x-gtar
++gz application/gzip
+ hdf application/x-hdf
+ hqx application/mac-binhex40
+ htm text/html; charset=%s
+@@ -195,4 +196,5 @@ xpm image/x-xpixmap
+ xsl text/xml; charset=%s
+ xwd image/x-xwindowdump
+ xyz chemical/x-xyz
++Z application/x-compress
+ zip application/zip