Revert "lighttd: Upgrade to 1.4.59-1+deb11u2"

This reverts commit e61f579d8b.

Reason for revert: experiencing lighttpd process failures
Closes-Bug: 2024626
Change-Id: I68be7a128dc300c15002683f7cfd3a8c6cd1c11f
This commit is contained in:
Eric MacDonald 2023-06-21 22:37:03 +00:00
parent e61f579d8b
commit 4bbcb90e70
5 changed files with 160 additions and 188 deletions

View File

@ -1,32 +1,38 @@
From 95f82fc840c43c964a6c2dcdeaf33b87b44665f3 Mon Sep 17 00:00:00 2001 From 91f1bd05e5acc70789d17de47de7813bb615027c Mon Sep 17 00:00:00 2001
From: Zhixiong Chi <zhixiong.chi@windriver.com> From: Yue Tao <Yue.Tao@windriver.com>
Date: Mon, 12 Jun 2023 12:46:45 +0800 Date: Tue, 9 Mar 2021 18:26:53 -0800
Subject: [PATCH] lighttpd: backport spec-include-TiS-changes.patch from Subject: [PATCH] lighttpd: backport spec-include-TiS-changes.patch from
StarlingX f/centos8 branch StarlingX f/centos8 branch
Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
--- ---
debian/control | 178 ++++++++++++++++++++++++------------------------- debian/control | 99 ++++++++++++++++++++++++--------------------------
debian/rules | 11 +-- debian/rules | 12 +++---
2 files changed, 95 insertions(+), 94 deletions(-) 2 files changed, 55 insertions(+), 56 deletions(-)
diff --git a/debian/control b/debian/control diff --git a/debian/control b/debian/control
index 628bfc7..cae8626 100644 index 7807525..682477b 100644
--- a/debian/control --- a/debian/control
+++ b/debian/control +++ b/debian/control
@@ -74,8 +74,6 @@ Suggests: @@ -62,15 +62,12 @@ Suggests:
lighttpd-mod-authn-gssapi,
lighttpd-mod-authn-pam,
lighttpd-mod-authn-sasl,
- lighttpd-mod-cml,
lighttpd-mod-geoip,
- lighttpd-mod-magnet,
lighttpd-mod-maxminddb,
lighttpd-mod-trigger-b4-dl,
lighttpd-mod-vhostdb-dbi,
lighttpd-mod-vhostdb-pgsql, lighttpd-mod-vhostdb-pgsql,
lighttpd-mod-webdav, lighttpd-mod-webdav,
lighttpd-modules-dbi,
- lighttpd-modules-ldap, - lighttpd-modules-ldap,
- lighttpd-modules-lua,
lighttpd-modules-mysql, lighttpd-modules-mysql,
Description: fast webserver with minimal memory footprint Description: fast webserver with minimal memory footprint
lighttpd is a small webserver and fast webserver developed with lighttpd is a small webserver and fast webserver developed with
@@ -130,61 +128,61 @@ Description: DBI-based modules for lighttpd @@ -99,29 +96,29 @@ Description: documentation for lighttpd
Do not depend on this package. Depend on the provided lighttpd-mod-* .
packages instead. This package contains documentation for lighttpd.
-Package: lighttpd-modules-ldap -Package: lighttpd-modules-ldap
-Architecture: any -Architecture: any
@ -51,38 +57,6 @@ index 628bfc7..cae8626 100644
- . - .
- Do not depend on this package. Depend on the provided lighttpd-mod-* - Do not depend on this package. Depend on the provided lighttpd-mod-*
- packages instead. - packages instead.
-
-Package: lighttpd-modules-lua
-Architecture: any
-Depends:
- ${misc:Depends},
- ${shlibs:Depends},
- lighttpd (= ${binary:Version}),
-Breaks:
- lighttpd-mod-cml (<< 1.4.56~rc7-0+exp2),
- lighttpd-mod-magnet (<< 1.4.56~rc7-0+exp2),
-Replaces:
- lighttpd (<< 1.4.56~rc7-0+exp2),
- lighttpd-mod-cml (<< 1.4.56~rc7-0+exp2),
- lighttpd-mod-magnet (<< 1.4.56~rc7-0+exp2),
-Provides:
- ${lighttpd:ModuleProvides},
-Description: LUA-based modules for lighttpd
- This package contains the following modules:
- * mod_magnet: control the request handling module for lighttpd
- mod_magnet can attract a request in several stages in the request-handling.
- either at the same level as mod_rewrite, before any parsing of the URL is
- done or at a later stage, when the doc-root is known and the physical-path
- is already setup.
- * mod_cml: cache meta language module for lighttpd
- With the cache meta language, it is possible to describe to the
- dependencies of a cached file to its source files/scripts. For the
- cache files, the scripting language Lua is used.
- THIS MODULE IS OBSOLETED, USE mod_magnet INSTEAD.
- .
- Do not depend on this package. Depend on the provided lighttpd-mod-*
- packages instead.
-
+#Package: lighttpd-modules-ldap +#Package: lighttpd-modules-ldap
+#Architecture: any +#Architecture: any
+#Depends: +#Depends:
@ -106,116 +80,69 @@ index 628bfc7..cae8626 100644
+# . +# .
+# Do not depend on this package. Depend on the provided lighttpd-mod-* +# Do not depend on this package. Depend on the provided lighttpd-mod-*
+# packages instead. +# packages instead.
+#
+#Package: lighttpd-modules-lua
+#Architecture: any
+#Depends:
+# ${misc:Depends},
+# ${shlibs:Depends},
+# lighttpd (= ${binary:Version}),
+#Breaks:
+# lighttpd-mod-cml (<< 1.4.56~rc7-0+exp2),
+# lighttpd-mod-magnet (<< 1.4.56~rc7-0+exp2),
+#Replaces:
+# lighttpd (<< 1.4.56~rc7-0+exp2),
+# lighttpd-mod-cml (<< 1.4.56~rc7-0+exp2),
+# lighttpd-mod-magnet (<< 1.4.56~rc7-0+exp2),
+#Provides:
+# ${lighttpd:ModuleProvides},
+#Description: LUA-based modules for lighttpd
+# This package contains the following modules:
+# * mod_magnet: control the request handling module for lighttpd
+# mod_magnet can attract a request in several stages in the request-handling.
+# either at the same level as mod_rewrite, before any parsing of the URL is
+# done or at a later stage, when the doc-root is known and the physical-path
+# is already setup.
+# * mod_cml: cache meta language module for lighttpd
+# With the cache meta language, it is possible to describe to the
+# dependencies of a cached file to its source files/scripts. For the
+# cache files, the scripting language Lua is used.
+# THIS MODULE IS OBSOLETED, USE mod_magnet INSTEAD.
+# .
+# Do not depend on this package. Depend on the provided lighttpd-mod-*
+# packages instead.
+#
Package: lighttpd-modules-mysql Package: lighttpd-modules-mysql
Architecture: any Architecture: any
Depends: @@ -165,32 +162,32 @@ Description: anti-deep-linking module for lighttpd
@@ -231,39 +229,39 @@ Description: anti-deep-linking module for lighttpd
from other sites by requiring users to visit a trigger URL to from other sites by requiring users to visit a trigger URL to
be able to download certain files. be able to download certain files.
-Package: lighttpd-mod-cml -Package: lighttpd-mod-cml
-Section: oldlibs
-Architecture: any -Architecture: any
-Depends: -Depends:
- ${misc:Depends}, - ${misc:Depends},
- ${shlibs:Depends}, - ${shlibs:Depends},
- lighttpd-modules-lua (= ${binary:Version}), - lighttpd (= ${binary:Version}),
-Description: Transitional dummy package for: cache meta language module for lighttpd -Recommends:
- memcached,
-Description: cache meta language module for lighttpd
- With the cache meta language, it is possible to describe to the - With the cache meta language, it is possible to describe to the
- dependencies of a cached file to its source files/scripts. For the - dependencies of a cached file to its source files/scripts. For the
- cache files, the scripting language Lua is used. - cache files, the scripting language Lua is used.
- . - .
- THIS MODULE IS OBSOLETED, USE mod_magnet INSTEAD. - THIS MODULE IS OBSOLETED, USE mod_magnet INSTEAD.
- .
- While this transitional dummy package will go away, the package name
- continues to exist as a virtual package provided by lighttpd-modules-lua.
-
-Package: lighttpd-mod-magnet
-Section: oldlibs
-Architecture: any
-Depends:
- ${misc:Depends},
- ${shlibs:Depends},
- lighttpd-modules-lua (= ${binary:Version}),
-Description: Transitional dummy package for: control the request handling module for lighttpd
- mod_magnet can attract a request in several stages in the request-handling.
- either at the same level as mod_rewrite, before any parsing of the URL is done
- or at a later stage, when the doc-root is known and the physical-path is
- already setup
- .
- While this transitional dummy package will go away, the package name
- continues to exist as a virtual package provided by lighttpd-modules-lua.
-
+#Package: lighttpd-mod-cml +#Package: lighttpd-mod-cml
+#Section: oldlibs
+#Architecture: any +#Architecture: any
+#Depends: +#Depends:
+# ${misc:Depends}, +# ${misc:Depends},
+# ${shlibs:Depends}, +# ${shlibs:Depends},
+# lighttpd-modules-lua (= ${binary:Version}), +# lighttpd (= ${binary:Version}),
+#Description: Transitional dummy package for: cache meta language module for lighttpd +#Recommends:
+# memcached,
+#Description: cache meta language module for lighttpd
+# With the cache meta language, it is possible to describe to the +# With the cache meta language, it is possible to describe to the
+# dependencies of a cached file to its source files/scripts. For the +# dependencies of a cached file to its source files/scripts. For the
+# cache files, the scripting language Lua is used. +# cache files, the scripting language Lua is used.
+# . +# .
+# THIS MODULE IS OBSOLETED, USE mod_magnet INSTEAD. +# THIS MODULE IS OBSOLETED, USE mod_magnet INSTEAD.
+# .
+# While this transitional dummy package will go away, the package name -Package: lighttpd-mod-magnet
+# continues to exist as a virtual package provided by lighttpd-modules-lua. -Architecture: any
+# -Depends:
- ${misc:Depends},
- ${shlibs:Depends},
- lighttpd (= ${binary:Version}),
-Description: control the request handling module for lighttpd
- mod_magnet can attract a request in several stages in the request-handling.
- either at the same level as mod_rewrite, before any parsing of the URL is done
- or at a later stage, when the doc-root is known and the physical-path is
- already setup
+#Package: lighttpd-mod-magnet +#Package: lighttpd-mod-magnet
+#Section: oldlibs
+#Architecture: any +#Architecture: any
+#Depends: +#Depends:
+# ${misc:Depends}, +# ${misc:Depends},
+# ${shlibs:Depends}, +# ${shlibs:Depends},
+# lighttpd-modules-lua (= ${binary:Version}), +# lighttpd (= ${binary:Version}),
+#Description: Transitional dummy package for: control the request handling module for lighttpd +#Description: control the request handling module for lighttpd
+# mod_magnet can attract a request in several stages in the request-handling. +# mod_magnet can attract a request in several stages in the request-handling.
+# either at the same level as mod_rewrite, before any parsing of the URL is done +# either at the same level as mod_rewrite, before any parsing of the URL is done
+# or at a later stage, when the doc-root is known and the physical-path is +# or at a later stage, when the doc-root is known and the physical-path is
+# already setup +# already setup
+# .
+# While this transitional dummy package will go away, the package name
+# continues to exist as a virtual package provided by lighttpd-modules-lua.
+#
Package: lighttpd-mod-webdav Package: lighttpd-mod-webdav
Architecture: any Architecture: any
Depends:
diff --git a/debian/rules b/debian/rules diff --git a/debian/rules b/debian/rules
index 5317ce6..7535999 100755 index 7c0440b..e456781 100755
--- a/debian/rules --- a/debian/rules
+++ b/debian/rules +++ b/debian/rules
@@ -16,6 +16,7 @@ override_dh_clean: @@ -16,6 +16,7 @@ override_dh_clean:
@ -227,21 +154,21 @@ index 5317ce6..7535999 100755
--libexecdir="/usr/lib/lighttpd" \ --libexecdir="/usr/lib/lighttpd" \
--with-attr \ --with-attr \
@@ -23,10 +24,12 @@ override_dh_auto_configure: @@ -23,10 +24,12 @@ override_dh_auto_configure:
--with-dbi \ --with-fam \
--with-gdbm \ --with-gdbm \
--with-krb5 \ --with-krb5 \
- --with-ldap \ - --with-ldap \
+ --without-ldap \ + --without-ldap \
--with-geoip \ --with-geoip \
--with-memcached \ --with-memcached \
- --with-lua=lua5.3 \ - --with-lua=lua5.1 \
+ --without-lua \ + --without-lua \
+ --without-bzip2 \ + --without-bzip2 \
+ --without-memcache \ + --without-memcache \
--with-maxminddb \ --with-maxminddb \
--with-mbedtls \
--with-mysql \ --with-mysql \
@@ -37,8 +40,8 @@ override_dh_auto_configure: --with-openssl \
@@ -34,8 +37,8 @@ override_dh_auto_configure:
--with-pcre \ --with-pcre \
--with-pgsql \ --with-pgsql \
--with-sasl \ --with-sasl \
@ -249,9 +176,17 @@ index 5317ce6..7535999 100755
- --with-webdav-props \ - --with-webdav-props \
+ --without-webdav-locks \ + --without-webdav-locks \
+ --without-webdav-props \ + --without-webdav-props \
--with-wolfssl \
--with-xxhash \
$(if $(filter pkg.lighttpd.libunwind,$(DEB_BUILD_PROFILES)),--with-libunwind) \ $(if $(filter pkg.lighttpd.libunwind,$(DEB_BUILD_PROFILES)),--with-libunwind) \
-- CFLAGS_FOR_BUILD="$(shell dpkg-buildflags --get CFLAGS)" \
2.34.1 LDFLAGS_FOR_BUILD="$(shell dpkg-buildflags --get LDFLAGS)" \
@@ -49,7 +52,6 @@ override_dh_missing:
dh_missing --fail-missing
DOCLESS_PACKAGES=\
- lighttpd-modules-ldap \
lighttpd-modules-mysql \
lighttpd-mod-authn-pam \
lighttpd-mod-authn-sasl \
--
2.31.1

View File

@ -1,10 +1,11 @@
--- ---
debver: 1.4.59-1+deb11u2 debver: 1.4.55-1~bpo10+1
debname: lighttpd debname: lighttpd
dl_path: dl_path:
name: lighttpd-debian-1.4.59-1+deb11u2.tar.gz name: lighttpd-debian-1.4.55-1_bpo10+1.tar.gz
url: https://salsa.debian.org/debian/lighttpd/-/archive/debian/1.4.59-1+deb11u2/lighttpd-debian-1.4.59-1+deb11u2.tar.gz url: https://salsa.debian.org/debian/lighttpd/-/archive/debian/1.4.55-1_bpo10+1/lighttpd-debian-1.4.55-1_bpo10+1.tar.gz
sha256sum: d5d7deda6da461030b4b25111f4f6c535128d2b865c6b2b4b009e83334a275ea md5sum: 453d7710982ee44fb5ce41673c6bd0df
sha256sum: 34326941ba0f7c6ff6f2c72890e2a568d0924c11c2c3f3d4174c82a484be81d3
revision: revision:
dist: $STX_DIST dist: $STX_DIST
PKG_GITREVCOUNT: PKG_GITREVCOUNT:

View File

@ -0,0 +1,53 @@
From 95ae6094a9eb0cdbfb3f678f4c8e3a2db11aacd2 Mon Sep 17 00:00:00 2001
From: Glenn Strauss <gstrauss@gluelogic.com>
Date: Tue, 22 Nov 2022 18:58:24 -0800
Subject: [PATCH] CVE-2022-37797
[mod_wstunnel] fix crash with bad hybivers (fixes #3165)
(thx Michał Dardas)
x-ref:
"mod_wstunnel null pointer dereference"
https://redmine.lighttpd.net/issues/3165
In order to trigger the reproducer on lighttpd 1.4.53, parsing of the
Sec-Websocket-Version needs to be fixed as has been done in later versions.
Due to internal refactoring, the actual NULL pointer dereference has moved
elsewhere, but still crashes. -- Helmut Grohne
The upstream patch is not a git header format which I have created here.
[Backport from https://salsa.debian.org/debian/lighttpd/-/blob/buster-security/debian/patches/CVE-2022-37797.patch]
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
---
src/mod_wstunnel.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/mod_wstunnel.c b/src/mod_wstunnel.c
index ed5174a..99e3739 100644
--- a/src/mod_wstunnel.c
+++ b/src/mod_wstunnel.c
@@ -466,7 +466,7 @@ static int wstunnel_is_allowed_origin(connection *con, handler_ctx *hctx) {
static int wstunnel_check_request(connection *con, handler_ctx *hctx) {
const buffer * const vers =
http_header_request_get(con, HTTP_HEADER_OTHER, CONST_STR_LEN("Sec-WebSocket-Version"));
- const long hybivers = (NULL != vers) ? strtol(vers->ptr, NULL, 10) : 0;
+ const long hybivers = (NULL != vers) ? (light_isdigit(*vers->ptr) ? strtol(vers->ptr, NULL, 10) : -1) : 0;
if (hybivers < 0 || hybivers > INT_MAX) {
DEBUG_LOG(MOD_WEBSOCKET_LOG_ERR, "s", "invalid Sec-WebSocket-Version");
con->http_status = 400; /* Bad Request */
@@ -506,7 +506,10 @@ static handler_t wstunnel_handler_setup (server *srv, connection *con, plugin_da
hctx->srv = srv; /*(for mod_wstunnel module-specific DEBUG_LOG() macro)*/
hctx->conf = p->conf; /*(copies struct)*/
hybivers = wstunnel_check_request(con, hctx);
- if (hybivers < 0) return HANDLER_FINISHED;
+ if (hybivers < 0) {
+ con->mode = DIRECT;
+ return HANDLER_FINISHED;
+ }
hctx->hybivers = hybivers;
if (0 == hybivers) {
DEBUG_LOG(MOD_WEBSOCKET_LOG_INFO,"s","WebSocket Version = hybi-00");
--
2.34.1

View File

@ -1,49 +1,37 @@
From 98b8cbc80e14e6b47b13bcddfedc0bdc8d2abf19 Mon Sep 17 00:00:00 2001 From 65107586a55c594c44b0a97a2d6756f6a0f0a5ca Mon Sep 17 00:00:00 2001
From: Zhixiong Chi <zhixiong.chi@windriver.com> From: Giao Le <giao.le@windriver.com>
Date: Mon, 12 Jun 2023 02:23:58 -0700 Date: Mon, 27 Aug 2018 19:41:36 +0800
Subject: [PATCH] check content-length Subject: [PATCH] check-length
Rebase this local patch for StarlingX.
Signed-off-by: zhipengl <zhipengs.liu@intel.com> Signed-off-by: zhipengl <zhipengs.liu@intel.com>
Signed-off-by: Giao Le <giao.le@windriver.com>
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
--- ---
src/request.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ src/request.c | 45 +++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 49 insertions(+) 1 file changed, 45 insertions(+)
diff --git a/src/request.c b/src/request.c diff --git a/src/request.c b/src/request.c
index 62f2f0cb..e9668d42 100644 index d25e1e7..fe541a5 100644
--- a/src/request.c --- a/src/request.c
+++ b/src/request.c +++ b/src/request.c
@@ -8,16 +8,48 @@ @@ -8,10 +8,39 @@
#include "first.h"
#include "request.h"
+#include "base.h"
#include "burl.h"
#include "http_header.h"
#include "http_kv.h"
#include "log.h" #include "log.h"
#include "sock_addr.h" #include "sock_addr.h"
+#include <errno.h> +#include <errno.h>
#include <limits.h> #include <limits.h>
#include <stdint.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
+#include <sys/statvfs.h> +#include <sys/statvfs.h>
+
+static size_t get_tempdirs_free_space(request_st * const restrict r) +static size_t get_tempdirs_free_space(server *srv)
+{ +{
+ int i; + int i;
+ int valid = 0; + int valid = 0;
+ size_t total = 0; + size_t total = 0;
+ array *dirs = r->con->srv->srvconf.upload_tempdirs; + array *dirs = srv->srvconf.upload_tempdirs;
+ +
+ for (i = 0; i < (int)dirs->used; ++i) { + for (i = 0; i < (int)dirs->used; ++i) {
+ struct statvfs stat; + struct statvfs stat;
+ const char *name = ((data_string *)dirs->data[i])->value.ptr; + const char *name = ((data_string *)dirs->data[i])->value->ptr;
+ int ret = statvfs(name, &stat); + int ret = statvfs(name, &stat);
+ +
+ if (ret >= 0) { + if (ret >= 0) {
@ -52,47 +40,41 @@ index 62f2f0cb..e9668d42 100644
+ valid = 1; + valid = 1;
+ } + }
+ else { + else {
+ if (r->conf.log_request_header_on_error) { + log_error_write(srv, __FILE__, __LINE__, "ssss",
+ log_error(r->conf.errh, __FILE__, __LINE__, + "dir:", name,
+ "statvfs error, dir: %s, eno: %s\n", + "error:", strerror(errno));
+ name, strerror(errno));
+ }
+ } + }
+ } + }
+ +
+ return (valid) ? total : SSIZE_MAX; + return (valid) ? total : SSIZE_MAX;
+} +}
+
static int request_check_hostname(buffer * const host) { static int request_check_hostname(buffer *host) {
enum { DOMAINLABEL, TOPLABEL } stage = TOPLABEL; enum { DOMAINLABEL, TOPLABEL } stage = TOPLABEL;
@@ -1260,10 +1292,27 @@ http_request_parse (request_st * const restrict r, const int scheme_port) size_t i;
http_header_request_unset(r, HTTP_HEADER_CONTENT_LENGTH, CONST_STR_LEN("Content-Length")); @@ -928,6 +957,22 @@ int http_request_parse(server *srv, conn
} if (!state.con_length_set) {
} return http_request_header_line_invalid(srv, 411, "POST-request, but content-length missing -> 411");
}
+ /* content-length is larger than 64k */
+ if (con->request.content_length > 64*1024) {
+ size_t disk_free = get_tempdirs_free_space(srv);
+ if (con->request.content_length > disk_free) {
+ con->http_status = 413;
+ con->keep_alive = 0;
+ +
if (http_method_get_or_head(r->http_method) + log_error_write(srv, __FILE__, __LINE__, "ssosos",
&& !(http_parseopts & HTTP_PARSEOPT_METHOD_GET_BODY)) { + "not enough free space in tempdirs:",
return http_request_header_line_invalid(r, 400, "GET/HEAD with content-length -> 400"); + "length =", (off_t) con->request.content_length,
} + "free =", (off_t) disk_free,
+ "-> 413");
+ return 0;
+ }
+ }
+ +
+ /* content-length is larger than 64k */ break;
+ if (r->reqbody_length > 64*1024 && HTTP_METHOD_POST == r->http_method) { default:
+ size_t disk_free = get_tempdirs_free_space(r); break;
+ if (r->reqbody_length > disk_free) {
+ r->http_status = 413;
+ r->keep_alive = 0;
+ if (r->conf.log_request_header_on_error) {
+ log_error(r->conf.errh, __FILE__, __LINE__,
+ "not enough free space in tempdirs:\n length =%d\n free=%d\ncontent-length -> 413",
+ r->reqbody_length,
+ disk_free);
+ }
+ return 0;
+ }
+ }
}
return 0;
-- --
2.39.0 2.21.0

View File

@ -1 +1,2 @@
check-content-length.patch check-content-length.patch
CVE-2022-37797.patch