From 0a1fb0d91a5354d312ed66ff48393d405b8f522e Mon Sep 17 00:00:00 2001 From: Rich Felker Date: Wed, 1 Nov 2017 17:51:18 +0000 Subject: community/thttpd: fix serving of .gz and .Z files thttpd erroneously treats these files as a compressed transfer encoding rather than as a content type. this causes conforming http clients to strip the compression and save a decompressed version when downloading. since this was historically a common httpd bug, some web browsers work around the problem by detecting the .gz extension and ignoring the server's reported transfer encoding, but others, including wget 1.19.2, save a decompressed file, breaking file integrity checking (based on a hash or signature of the original compressed file) and breaking scripts which pass the -z option to tar when extracting. add a patch which removes thttpd's support for extension-based content transfer encodings, and adds the missing mime types for gzip and compress. the patch has been written to be minimally invasive to the program logic, and thus leaves a for loop that breaks on the first iteration rather than rewriting it. --- community/thttpd/APKBUILD | 4 +- community/thttpd/remove_transfer_encoding.patch | 169 ++++++++++++++++++++++++ 2 files changed, 172 insertions(+), 1 deletion(-) create mode 100644 community/thttpd/remove_transfer_encoding.patch (limited to 'community') diff --git a/community/thttpd/APKBUILD b/community/thttpd/APKBUILD index fec4ddb691..35db0c9837 100644 --- a/community/thttpd/APKBUILD +++ b/community/thttpd/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Francesco Colista pkgname=thttpd pkgver=2.27 -pkgrel=2 +pkgrel=3 pkgdesc="Simple, small, portable, fast, and secure HTTP server" url="http://www.acme.com/software/thttpd" arch="all" @@ -16,6 +16,7 @@ source="http://www.acme.com/software/$pkgname/$pkgname-$pkgver.tar.gz thttpd.logrotated thttpd-webgroup.patch forwarded-for.patch + remove_transfer_encoding.patch thttpd-makeweb-notsuid.patch " @@ -77,4 +78,5 @@ f1b86a554177a5f2a343abb4aac6fa9bc06dafd7cabdaf8329e6478bcc296f39a56d839e85ac4bf7 5b2800825583e93cf4be76e71d2840b9894c1779a810d562a0b6145cae0c7504dadfdc1e844f1611a48cca3b4518d41b47e41a68f33043d58ffde85f1e56e3f3 thttpd.logrotated 349721da9e670ca666891f98ca338ae0041c09b353fc42bdd87015803f0b668478be8e48f36d5b56b5e172d3a7b262bf4a71c9619607a068e41c2bc292bde2be thttpd-webgroup.patch 02c079ca104f2358cd20756082657dca96f7a88cbeb611de81504f1581c5e085a7a2765ec55b6e0ae1948803afced85e8a45fc6deb2fef1ec5ba1ba96ce68b4b forwarded-for.patch +6536ae6c25dbf79aec43e3d0596ad135ab3ab6e7cd3a5e3c895a289114c08c03c20357ffb4542decfc4d508039a5045db71fb36002c8ba94dbd6356cad32bae4 remove_transfer_encoding.patch 1138a827049f73b43ce142c914fad0670bcd4577de16485ade024314c616056ab6789897663d8b6592331354d44065eae7aa712e20f5c930a80513448416fa17 thttpd-makeweb-notsuid.patch" diff --git a/community/thttpd/remove_transfer_encoding.patch b/community/thttpd/remove_transfer_encoding.patch new file mode 100644 index 0000000000..86df66cd0d --- /dev/null +++ b/community/thttpd/remove_transfer_encoding.patch @@ -0,0 +1,169 @@ +diff --git a/Makefile.in b/Makefile.in +index ded71e0..f9a6bc1 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -68,7 +68,7 @@ OBJ = $(SRC:.c=.o) @LIBOBJS@ + + ALL = thttpd + +-GENHDR = mime_encodings.h mime_types.h ++GENHDR = mime_types.h + + CLEANFILES = $(ALL) $(OBJ) $(GENSRC) $(GENHDR) + +@@ -81,12 +81,6 @@ thttpd: $(OBJ) + @rm -f $@ + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(OBJ) $(LIBS) $(NETLIBS) + +-mime_encodings.h: mime_encodings.txt +- rm -f mime_encodings.h +- sed < mime_encodings.txt > mime_encodings.h \ +- -e 's/#.*//' -e 's/[ ]*$$//' -e '/^$$/d' \ +- -e 's/[ ][ ]*/", 0, "/' -e 's/^/{ "/' -e 's/$$/", 0 },/' +- + mime_types.h: mime_types.txt + rm -f mime_types.h + sed < mime_types.txt > mime_types.h \ +@@ -157,14 +151,14 @@ tar: + rm -rf $$name ; \ + mkdir $$name ; \ + tar cf - `cat FILES` | ( cd $$name ; tar xfBp - ) ; \ +- chmod 644 $$name/Makefile.in $$name/config.h $$name/mime_encodings.txt $$name/mime_types.txt ; \ ++ chmod 644 $$name/Makefile.in $$name/config.h $$name/mime_types.txt ; \ + chmod 755 $$name/cgi-bin $$name/cgi-src $$name/contrib $$name/contrib/redhat-rpm $$name/extras $$name/scripts ; \ + tar cf $$name.tar $$name ; \ + rm -rf $$name ; \ + gzip $$name.tar + + thttpd.o: config.h version.h libhttpd.h fdwatch.h mmc.h timers.h match.h +-libhttpd.o: config.h version.h libhttpd.h mime_encodings.h mime_types.h \ ++libhttpd.o: config.h version.h libhttpd.h mime_types.h \ + mmc.h timers.h match.h tdate_parse.h + fdwatch.o: fdwatch.h + mmc.o: mmc.h libhttpd.h +diff --git a/libhttpd.c b/libhttpd.c +index 3814e6a..bbb4e14 100644 +--- a/libhttpd.c ++++ b/libhttpd.c +@@ -2506,10 +2506,6 @@ struct mime_entry { + char* val; + size_t val_len; + }; +-static struct mime_entry enc_tab[] = { +-#include "mime_encodings.h" +- }; +-static const int n_enc_tab = sizeof(enc_tab) / sizeof(*enc_tab); + static struct mime_entry typ_tab[] = { + #include "mime_types.h" + }; +@@ -2533,15 +2529,9 @@ init_mime( void ) + int i; + + /* Sort the tables so we can do binary search. */ +- qsort( enc_tab, n_enc_tab, sizeof(*enc_tab), ext_compare ); + qsort( typ_tab, n_typ_tab, sizeof(*typ_tab), ext_compare ); + + /* Fill in the lengths. */ +- for ( i = 0; i < n_enc_tab; ++i ) +- { +- enc_tab[i].ext_len = strlen( enc_tab[i].ext ); +- enc_tab[i].val_len = strlen( enc_tab[i].val ); +- } + for ( i = 0; i < n_typ_tab; ++i ) + { + typ_tab[i].ext_len = strlen( typ_tab[i].ext ); +@@ -2561,14 +2551,12 @@ figure_mime( httpd_conn* hc ) + char* prev_dot; + char* dot; + char* ext; +- int me_indexes[100], n_me_indexes; +- size_t ext_len, encodings_len; ++ size_t ext_len; + int i, top, bot, mid; + int r; + char* default_type = "text/plain; charset=%s"; + + /* Peel off encoding extensions until there aren't any more. */ +- n_me_indexes = 0; + for ( prev_dot = &hc->expnfilename[strlen(hc->expnfilename)]; ; prev_dot = dot ) + { + for ( dot = prev_dot - 1; dot >= hc->expnfilename && *dot != '.'; --dot ) +@@ -2583,25 +2571,7 @@ figure_mime( httpd_conn* hc ) + } + ext = dot + 1; + ext_len = prev_dot - ext; +- /* Search the encodings table. Linear search is fine here, there +- ** are only a few entries. +- */ +- for ( i = 0; i < n_enc_tab; ++i ) +- { +- if ( ext_len == enc_tab[i].ext_len && strncasecmp( ext, enc_tab[i].ext, ext_len ) == 0 ) +- { +- if ( n_me_indexes < sizeof(me_indexes)/sizeof(*me_indexes) ) +- { +- me_indexes[n_me_indexes] = i; +- ++n_me_indexes; +- } +- goto next; +- } +- } +- /* No encoding extension found. Break and look for a type extension. */ + break; +- +- next: ; + } + + /* Binary search for a matching type extension. */ +@@ -2632,20 +2602,6 @@ figure_mime( httpd_conn* hc ) + + /* The last thing we do is actually generate the mime-encoding header. */ + hc->encodings[0] = '\0'; +- encodings_len = 0; +- for ( i = n_me_indexes - 1; i >= 0; --i ) +- { +- httpd_realloc_str( +- &hc->encodings, &hc->maxencodings, +- encodings_len + enc_tab[me_indexes[i]].val_len + 1 ); +- if ( hc->encodings[0] != '\0' ) +- { +- (void) strcpy( &hc->encodings[encodings_len], "," ); +- ++encodings_len; +- } +- (void) strcpy( &hc->encodings[encodings_len], enc_tab[me_indexes[i]].val ); +- encodings_len += enc_tab[me_indexes[i]].val_len; +- } + + } + +diff --git a/mime_encodings.txt b/mime_encodings.txt +deleted file mode 100644 +index 2d3952d..0000000 +--- a/mime_encodings.txt ++++ /dev/null +@@ -1,8 +0,0 @@ +-# mime_encodings.txt +-# +-# A list of file extensions followed by the corresponding MIME encoding. +-# Extensions not found in the table proceed to the mime_types table. +- +-Z compress +-gz gzip +-uu x-uuencode +diff --git a/mime_types.txt b/mime_types.txt +index d4725d9..3d7ccbd 100644 +--- a/mime_types.txt ++++ b/mime_types.txt +@@ -50,6 +50,7 @@ fh7 image/x-freehand + fhc image/x-freehand + gif image/gif + gtar application/x-gtar ++gz application/gzip + hdf application/x-hdf + hqx application/mac-binhex40 + htm text/html; charset=%s +@@ -195,4 +196,5 @@ xpm image/x-xpixmap + xsl text/xml; charset=%s + xwd image/x-xwindowdump + xyz chemical/x-xyz ++Z application/x-compress + zip application/zip -- cgit v1.2.3