Bug 202134 - [UPDATE] update www/lighttpd to 1.4.36
Summary: [UPDATE] update www/lighttpd to 1.4.36
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Guido Falsi
URL:
Keywords:
: 200724 (view as bug list)
Depends on:
Blocks:
 
Reported: 2015-08-06 16:02 UTC by Piotr Kubaj
Modified: 2015-08-10 15:18 UTC (History)
4 users (show)

See Also:


Attachments
www/lighttpd update (63.05 KB, patch)
2015-08-06 17:36 UTC, Piotr Kubaj
no flags Details | Diff
security/vuxml for lightttp CVE-2015-3200 (1.37 KB, patch)
2015-08-09 23:08 UTC, Jason Unovitch
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Piotr Kubaj freebsd_committer 2015-08-06 16:02:09 UTC
Due to bug 202128 I can't attach shar, so I just copied it here.

The following shar updates www/lighttpd to 1.4.36. I didn't have to modify anything in files/, so it was a pretty straightforward update. www/lighttpd-mod_h264_streaming and www/lighttpd-mod_geoip also build fine. I run lighttpd-1.4.36 on my home server and there seem to be no issues, algthough I don't use lighttpd-mod_*.

# This is a shell archive.  Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file".  Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
#	lighttpd
#	lighttpd/pkg-plist.old
#	lighttpd/pkg-descr
#	lighttpd/Makefile
#	lighttpd/files
#	lighttpd/files/README.mysqlauth
#	lighttpd/files/COPYING.mod_h264_streaming
#	lighttpd/files/h264_streaming.conf
#	lighttpd/files/patch-src-fdevent.h
#	lighttpd/files/extra-patch-mysqlauth
#	lighttpd/files/lighttpd.in
#	lighttpd/files/mysql_auth.sql
#	lighttpd/files/patch-configure.ac
#	lighttpd/files/extra-patch-nodelay
#	lighttpd/pkg-plist
#	lighttpd/distinfo
#
echo c - lighttpd
mkdir -p lighttpd > /dev/null 2>&1
echo x - lighttpd/pkg-plist.old
sed 's/^X//' >lighttpd/pkg-plist.old << '67fa0bbbfff539febdc56f121a487d31'
X@sample etc/lighttpd/lighttpd.conf.sample
X@sample etc/lighttpd/modules.conf.sample
X@sample etc/lighttpd/conf.d/access_log.conf.sample
X@sample etc/lighttpd/conf.d/auth.conf.sample
X@sample etc/lighttpd/conf.d/cml.conf.sample
X@sample etc/lighttpd/conf.d/cgi.conf.sample
X@sample etc/lighttpd/conf.d/compress.conf.sample
X@sample etc/lighttpd/conf.d/debug.conf.sample
X@sample etc/lighttpd/conf.d/dirlisting.conf.sample
X@sample etc/lighttpd/conf.d/evhost.conf.sample
X@sample etc/lighttpd/conf.d/expire.conf.sample
X@sample etc/lighttpd/conf.d/fastcgi.conf.sample
X@sample etc/lighttpd/conf.d/magnet.conf.sample
X@sample etc/lighttpd/conf.d/mime.conf.sample
X@sample etc/lighttpd/conf.d/mysql_vhost.conf.sample
X@sample etc/lighttpd/conf.d/proxy.conf.sample
X@sample etc/lighttpd/conf.d/rrdtool.conf.sample
X@sample etc/lighttpd/conf.d/scgi.conf.sample
X@sample etc/lighttpd/conf.d/secdownload.conf.sample
X@sample etc/lighttpd/conf.d/simple_vhost.conf.sample
X@sample etc/lighttpd/conf.d/ssi.conf.sample
X@sample etc/lighttpd/conf.d/status.conf.sample
X@sample etc/lighttpd/conf.d/trigger_b4_dl.conf.sample
X@sample etc/lighttpd/conf.d/userdir.conf.sample
X@sample etc/lighttpd/conf.d/webdav.conf.sample
Xetc/lighttpd/vhosts.d/vhosts.template
Xlib/lighttpd/mod_access.so
Xlib/lighttpd/mod_accesslog.so
Xlib/lighttpd/mod_alias.so
Xlib/lighttpd/mod_auth.so
Xlib/lighttpd/mod_cgi.so
Xlib/lighttpd/mod_cml.so
Xlib/lighttpd/mod_compress.so
Xlib/lighttpd/mod_dirlisting.so
Xlib/lighttpd/mod_evasive.so
Xlib/lighttpd/mod_evhost.so
Xlib/lighttpd/mod_expire.so
Xlib/lighttpd/mod_extforward.so
Xlib/lighttpd/mod_fastcgi.so
Xlib/lighttpd/mod_flv_streaming.so
Xlib/lighttpd/mod_indexfile.so
Xlib/lighttpd/mod_magnet.so
Xlib/lighttpd/mod_mysql_vhost.so
Xlib/lighttpd/mod_proxy.so
Xlib/lighttpd/mod_redirect.so
Xlib/lighttpd/mod_rewrite.so
Xlib/lighttpd/mod_rrdtool.so
Xlib/lighttpd/mod_scgi.so
Xlib/lighttpd/mod_secdownload.so
Xlib/lighttpd/mod_setenv.so
Xlib/lighttpd/mod_simple_vhost.so
Xlib/lighttpd/mod_ssi.so
Xlib/lighttpd/mod_staticfile.so
Xlib/lighttpd/mod_status.so
Xlib/lighttpd/mod_trigger_b4_dl.so
Xlib/lighttpd/mod_userdir.so
Xlib/lighttpd/mod_usertrack.so
Xlib/lighttpd/mod_webdav.so
Xman/man8/lighttpd.8.gz
Xsbin/lighttpd
Xsbin/lighttpd-angel
X@dir(%%USER%%,%%GROUP%%,700) %%LOGROOT%%
67fa0bbbfff539febdc56f121a487d31
echo x - lighttpd/pkg-descr
sed 's/^X//' >lighttpd/pkg-descr << '33c1b4db5571578e5a90787b6255dad3'
Xlighttpd a secure, fast, compliant and very flexible web-server which
Xhas been optimized for high-performance environments. It has a very
Xlow memory footprint compared to other webservers and takes care of
Xcpu-load. Its advanced feature-set (FastCGI, CGI, Auth, Output-Compression,
XURL-Rewriting and many more) make lighttpd the perfect webserver-software
Xfor every server that is suffering load problems.
X
XWWW: http://www.lighttpd.net/
33c1b4db5571578e5a90787b6255dad3
echo x - lighttpd/Makefile
sed 's/^X//' >lighttpd/Makefile << '4355f6684b54846925e0e9501af875dd'
X# Created by: k@123.org
X# $FreeBSD: head/www/lighttpd/Makefile 393656 2015-08-06 13:59:39Z mat $
X
XPORTNAME?=	lighttpd
XPORTVERSION=	1.4.36
XCATEGORIES?=	www
XMASTER_SITES?=	http://download.lighttpd.net/lighttpd/releases-1.4.x/
X
XMAINTAINER=	ports@FreeBSD.org
XCOMMENT?=	Secure, fast, compliant, and flexible Web Server
X
X.if !defined(_BUILDING_LIGHTTPD_MODULE)
XLICENSE=	BSD3CLAUSE
XLICENSE_FILE=	${WRKSRC}/COPYING
X.endif
X
XLIB_DEPENDS+=	libpcre.so:${PORTSDIR}/devel/pcre
X
XGNU_CONFIGURE=	yes
XUSES=		autoreconf gmake libtool pkgconfig tar:xz
X
X.if !defined(_BUILDING_LIGHTTPD_MODULE)
XUSES+=	cpe
X.endif
X
XCONFIGURE_ARGS+=	--libdir=${PREFIX}/lib/lighttpd
XINSTALL_TARGET=	install-strip
X
XCPPFLAGS+=	-I${LOCALBASE}/include
XLDFLAGS+=	-L${LOCALBASE}/lib
X
X.if !defined(_BUILDING_LIGHTTPD_MODULE)
XUSE_RC_SUBR=	lighttpd
X
XOPTIONS_DEFINE=	BZIP2 DOCS FAM GDBM IPV6 LIBEV LUA MEMCACHE MYSQL MYSQLAUTH \
X		NODELAY LDAP OPENSSL SPAWNFCGI VALGRIND WEBDAV
X
XOPTIONS_DEFAULT=	IPV6 OPENSSL
X
XBZIP2_DESC=	bzip2 support (mod_compress)
XGDBM_DESC=	gdbm storage (mod_trigger_b4_dl)
XLDAP_DESC=	LDAP authentication
XLUA_DESC=	lua support (mod_cml, mod_magnet)
XMEMCACHE_DESC=	memcached storage (mod_trigger_b4_dl)
XMYSQL_DESC=	MySQL support (mod_mysql_vhost)
XMYSQLAUTH_DESC=	MySQL authentication (requires WITH_MYSQL)
XNODELAY_DESC=	Set TCP_NODELAY on listening sockets
XSPAWNFCGI_DESC=	Depend on spawn-fcgi utility
XVALGRIND_DESC=	valgrind support
XWEBDAV_DESC=	WebDAV support
X
XFAM_USES=	fam
XFAM_CONFIGURE_ON=	--with-fam
XFAM_CONFIGURE_ENV=	FAM_CFLAGS="-I${LOCALBASE}/include" FAM_LIBS="-L${LOCALBASE}/lib"
X
XLIGHTTPD_CONF_FILES=	lighttpd.conf modules.conf
X
XLIGHTTPD_CONF_D_FILES=	access_log.conf \
X	auth.conf cgi.conf cml.conf \
X	compress.conf debug.conf dirlisting.conf \
X	evhost.conf expire.conf fastcgi.conf \
X	magnet.conf mime.conf mysql_vhost.conf proxy.conf \
X	rrdtool.conf scgi.conf secdownload.conf \
X	simple_vhost.conf ssi.conf status.conf \
X	trigger_b4_dl.conf userdir.conf webdav.conf
X
XLIGHTTPD_LOGROOT?=	/var/log/lighttpd
XLIGHTTPD_WEBROOT?=	${PREFIX}/www/data
XLIGHTTPD_USER?=		www
XLIGHTTPD_GROUP?=	www
X
XPLIST_SUB+=		LOGROOT="${LIGHTTPD_LOGROOT}" \
X			USER="${LIGHTTPD_USER}" \
X			GROUP="${LIGHTTPD_GROUP}" \
X			MKDIR="${MKDIR}" \
X			CHOWN="${CHOWN}"
X
X.endif # !defined(_BUILDING_LIGHTTPD_MODULE)
X
X.include <bsd.port.options.mk>
X
X.if !defined(_BUILDING_LIGHTTPD_MODULE)
X# Default REQUIRE to rc.d script
X_REQUIRE=	DAEMON
X
X.if ${PORT_OPTIONS:MDOCS}
XDOCS=		AUTHORS COPYING INSTALL NEWS README
XPORTDOCS=	${DOCS}
X.endif
X
X.if ${PORT_OPTIONS:MOPENSSL}
XUSE_OPENSSL=		yes
XCONFIGURE_ARGS+=	--with-openssl \
X			--with-openssl-includes=${OPENSSLINC} \
X			--with-openssl-libs=${OPENSSLLIB}
X.endif
X
X.if ${PORT_OPTIONS:MBZIP2}
XCONFIGURE_ARGS+=	--with-bzip2
X.endif
X
X.if ${PORT_OPTIONS:MGDBM}
XLIB_DEPENDS+=		libgdbm.so:${PORTSDIR}/databases/gdbm
XCONFIGURE_ARGS+=	--with-gdbm
X.endif
X
X.if empty(PORT_OPTIONS:MIPV6)
XCONFIGURE_ARGS+=	--disable-ipv6
X.endif
X
X.if ${PORT_OPTIONS:MLIBEV}
XCONFIGURE_ARGS+=	--with-libev=${LOCALBASE}
XLIB_DEPENDS+=		libev.so:${PORTSDIR}/devel/libev
X.endif
X
X.if ${PORT_OPTIONS:MLUA}
XUSES+=			lua:51
XCONFIGURE_ARGS+=	--with-lua
XCONFIGURE_ENV+=		LUA_CFLAGS="-I${LUA_INCDIR}" LUA_LIBS="-L${LUA_LIBDIR} -llua-${LUA_VER}"
X.endif
X
X.if ${PORT_OPTIONS:MMEMCACHE}
XLIB_DEPENDS+=		libmemcache.so:${PORTSDIR}/databases/libmemcache
XCONFIGURE_ARGS+=	--with-memcache
X.endif
X
X.if ${PORT_OPTIONS:MMYSQL}
XUSE_MYSQL=		yes
XCONFIGURE_ARGS+=	--with-mysql
X_REQUIRE+=		mysql
X.endif
X
X.if ${PORT_OPTIONS:MMYSQLAUTH} && empty(PORT_OPTIONS:MMYSQL)
XIGNORE=		option WITH_MYSQLAUTH requires WITH_MYSQL
X.endif
X
X.if ${PORT_OPTIONS:MMYSQLAUTH}
XEXTRA_PATCHES+=		${FILESDIR}/extra-patch-mysqlauth
XPORTDOCS+=		README.mysqlauth mysql_auth.sql
X.endif
X
X.if ${PORT_OPTIONS:MNODELAY}
XEXTRA_PATCHES+=		${FILESDIR}/extra-patch-nodelay
X.endif
X
X.if ${PORT_OPTIONS:MLDAP}
XUSE_OPENLDAP=		yes
XCONFIGURE_ARGS+=	--with-ldap
X_REQUIRE+=		slapd
X.endif
X
X.if ${PORT_OPTIONS:MSPAWNFCGI}
XRUN_DEPENDS+=		spawn-fcgi:${PORTSDIR}/www/spawn-fcgi
X.endif
X
X.if ${PORT_OPTIONS:MVALGRIND}
XBUILD_DEPENDS+=		valgrind:${PORTSDIR}/devel/valgrind
XRUN_DEPENDS+=		valgrind:${PORTSDIR}/devel/valgrind
XCONFIGURE_ARGS+=	--with-valgrind
X.endif
X
X.if ${PORT_OPTIONS:MWEBDAV}
XUSE_GNOME+=		libxml2
XLIB_DEPENDS+=		libuuid.so:${PORTSDIR}/misc/e2fsprogs-libuuid \
X			libsqlite3.so:${PORTSDIR}/databases/sqlite3
XCONFIGURE_ARGS+=	--with-webdav-props --with-webdav-locks
X.endif
X
XSUB_LIST+=		REQUIRE="${_REQUIRE}"
X
Xpost-patch:
X	@${REINPLACE_CMD} -e 's|-std=gnu99||' \
X		${WRKSRC}/configure ${WRKSRC}/configure.ac
X	@${REINPLACE_CMD} -E -e \
X		's|^(server.document-root.*=).*|\1 "${PREFIX}/www/data/"|' \
X		-e "s|/etc/lighttpd|${PREFIX}/etc/lighttpd|g" \
X		-e 's|^(server.event-handler.*=).*|\1 "freebsd-kqueue"|' \
X		-e 's|^(server.network-backend.*=).*|\1 "writev"|' \
X		-e "s|^(server.username.*=).*|\1 \"${LIGHTTPD_USER}\"|" \
X		-e "s|^(server.groupname.*=).*|\1 \"${LIGHTTPD_GROUP}\"|" \
X		-e "s|^(var.log_root.*=).*|\1 \"${LIGHTTPD_LOGROOT}\"|" \
X		-e "s|^(var.home_dir.*=).*|\1 \"/var/spool/lighttpd\"|" \
X		-e "s|^(var.server_root.*=).*|\1 \"${LIGHTTPD_WEBROOT}\"|" \
X		${WRKSRC}/doc/config/lighttpd.conf
X	@${REINPLACE_CMD} -e "s|/etc/lighttpd|${PREFIX}/etc/lighttpd|g" \
X		${WRKSRC}/doc/config/conf.d/auth.conf
X	@${REINPLACE_CMD} -e "s|/usr/bin/python|${LOCALBASE}/bin/python|" \
X		${WRKSRC}/doc/config/conf.d/cgi.conf \
X		${WRKSRC}/tests/*.conf
X	@${ECHO} >> ${WRKSRC}/doc/config/lighttpd.conf
X	@${ECHO} "# IPv4 listening socket" >> \
X		${WRKSRC}/doc/config/lighttpd.conf
X	@${ECHO} "\$$SERVER[\"socket\"] == \"0.0.0.0:80\" { }" >> \
X		${WRKSRC}/doc/config/lighttpd.conf
X
Xpost-install:
X	@${MKDIR} ${STAGEDIR}${PREFIX}/etc/lighttpd/conf.d ${STAGEDIR}${PREFIX}/etc/lighttpd/vhosts.d
X.for FILE in ${LIGHTTPD_CONF_FILES}
X	@${INSTALL_DATA} ${WRKSRC}/doc/config/${FILE} \
X		${STAGEDIR}${PREFIX}/etc/lighttpd/${FILE}.sample
X.endfor
X.for FILE in ${LIGHTTPD_CONF_D_FILES}
X	@${INSTALL_DATA} ${WRKSRC}/doc/config/conf.d/${FILE} \
X		${STAGEDIR}${PREFIX}/etc/lighttpd/conf.d/${FILE}.sample
X.endfor
X	@${INSTALL_DATA} ${WRKSRC}/doc/config/vhosts.d/vhosts.template \
X		${STAGEDIR}${PREFIX}/etc/lighttpd/vhosts.d/vhosts.template
X
X.if ${PORT_OPTIONS:MDOCS}
X	@${MKDIR} ${STAGEDIR}${DOCSDIR}
X. for FILE in ${DOCS}
X	@${INSTALL_DATA} ${WRKSRC}/${FILE} ${STAGEDIR}${DOCSDIR}/${FILE}
X. endfor
X.endif
X.if ${PORT_OPTIONS:MMYSQLAUTH}
X. for FILE in README.mysqlauth mysql_auth.sql
X	@${INSTALL_DATA} ${FILESDIR}/${FILE} ${STAGEDIR}${DOCSDIR}/${FILE}
X. endfor
X.endif
X	@${MKDIR} -m 0700 ${STAGEDIR}${LIGHTTPD_LOGROOT}
X
Xtest: build
X	@cd ${WRKSRC}/tests && ${SETENV} ${MAKE_ENV} ${MAKE} \
X		${MAKE_FLAGS} ${MAKEFILE} ${MAKE_ARGS} \
X		check-TESTS
X
Xregression-test: test
X
X.endif # !defined(_BUILDING_LIGHTTPD_MODULE)
X
X.include <bsd.port.mk>
4355f6684b54846925e0e9501af875dd
echo c - lighttpd/files
mkdir -p lighttpd/files > /dev/null 2>&1
echo x - lighttpd/files/README.mysqlauth
sed 's/^X//' >lighttpd/files/README.mysqlauth << 'a0b32b24265fbf08709cc0d9d0018654'
XReferences:
Xhttp://redmine.lighttpd.net/issues/752
Xhttp://redmine.lighttpd.net/attachments/1012/03_all_lighttpd-1.4.23-mysql_auth.diff
Xhttp://redmine.lighttpd.net/attachments/download/1012/03_all_lighttpd-1.4.23-mysql_auth.diff
X
XThis patch allows lighttpd to authenticate users against mySQL DBbr
XNOTE: Only basic auth is implemented. Passwords are stored as MD5 hash in DB
X
Xmake mysql db and user (read mySQL doc's if you don't know how)
Ximport lighttpd-1.4.11-mysql_auth.sql
X
Xopen lighttpd.conf and add
X(be sure that you comment out any other auth - according to lighttpd docs)
X
Xauth.backend                                   = "mysql" 
Xauth.backend.mysql.host                        = "localhost" 
Xauth.backend.mysql.user                        = "db_user" 
Xauth.backend.mysql.pass                        = "db_pass" 
Xauth.backend.mysql.db                          = "db_name" 
Xauth.backend.mysql.port                        = "0" # (for default port 0, always needed)
Xauth.backend.mysql.socket                      = ""  # (for default leave blank, always needed)
Xauth.backend.mysql.users_table                 = "users_table" 
Xauth.backend.mysql.col_user                    = "col_name_username" 
Xauth.backend.mysql.col_pass                    = "col_name_password" # (md5 hash of password)
Xauth.backend.mysql.col_realm                   = "col_realm_name" 
X
Xconfigure lighttpd to use it (same as every other auth)
X
Xauth.require = ( "/some_path" =>
X    (
X        "method"  => "basic",
X        "realm"   => "some_realm",
X        "require" => "some_user",
X    )
X)
X
Xstart lighttpd
X
XP.S. patch include more complicated setup with separate table for domains.
XIf you are interested please contact with me to obtain more information.
X
XBugs, Patches and Suggestions
XSend me E-Mail: drJeckyll@Jeckyll.net
X
X-- drJeckyll
a0b32b24265fbf08709cc0d9d0018654
echo x - lighttpd/files/COPYING.mod_h264_streaming
sed 's/^X//' >lighttpd/files/COPYING.mod_h264_streaming << 'ca2622f5c78374857d00176cdb066732'
XLicense
X
XTHE WORK (AS DEFINED BELOW) IS PROVIDED UNDER THE TERMS OF THIS 
XCREATIVE COMMONS PUBLIC LICENSE ("CCPL" OR "LICENSE"). THE WORK IS 
XPROTECTED BY COPYRIGHT AND/OR OTHER APPLICABLE LAW. ANY USE OF THE 
XWORK OTHER THAN AS AUTHORIZED UNDER THIS LICENSE OR COPYRIGHT LAW IS 
XPROHIBITED.
X
XBY EXERCISING ANY RIGHTS TO THE WORK PROVIDED HERE, YOU ACCEPT AND 
XAGREE TO BE BOUND BY THE TERMS OF THIS LICENSE. TO THE EXTENT THIS 
XLICENSE MAY BE CONSIDERED TO BE A CONTRACT, THE LICENSOR GRANTS YOU 
XTHE RIGHTS CONTAINED HERE IN CONSIDERATION OF YOUR ACCEPTANCE OF 
XSUCH TERMS AND CONDITIONS.
X
X1. Definitions
X
X   1. "Adaptation" means a work based upon the Work, or upon the 
XWork and other pre-existing works, such as a translation, 
Xadaptation, derivative work, arrangement of music or other 
Xalterations of a literary or artistic work, or phonogram or 
Xperformance and includes cinematographic adaptations or any other 
Xform in which the Work may be recast, transformed, or adapted 
Xincluding in any form recognizably derived from the original, except 
Xthat a work that constitutes a Collection will not be considered an 
XAdaptation for the purpose of this License. For the avoidance of 
Xdoubt, where the Work is a musical work, performance or phonogram, 
Xthe synchronization of the Work in timed-relation with a moving 
Ximage ("synching") will be considered an Adaptation for the purpose 
Xof this License.
X   2. "Collection" means a collection of literary or artistic works, 
Xsuch as encyclopedias and anthologies, or performances, phonograms 
Xor broadcasts, or other works or subject matter other than works 
Xlisted in Section 1(g) below, which, by reason of the selection and 
Xarrangement of their contents, constitute intellectual creations, in 
Xwhich the Work is included in its entirety in unmodified form along 
Xwith one or more other contributions, each constituting separate and 
Xindependent works in themselves, which together are assembled into a 
Xcollective whole. A work that constitutes a Collection will not be 
Xconsidered an Adaptation (as defined above) for the purposes of this 
XLicense.
X   3. "Distribute" means to make available to the public the 
Xoriginal and copies of the Work or Adaptation, as appropriate, 
Xthrough sale or other transfer of ownership.
X   4. "License Elements" means the following high-level license 
Xattributes as selected by Licensor and indicated in the title of 
Xthis License: Attribution, Noncommercial, ShareAlike.
X   5. "Licensor" means the individual, individuals, entity or 
Xentities that offer(s) the Work under the terms of this License.
X   6. "Original Author" means, in the case of a literary or artistic 
Xwork, the individual, individuals, entity or entities who created 
Xthe Work or if no individual or entity can be identified, the 
Xpublisher; and in addition (i) in the case of a performance the 
Xactors, singers, musicians, dancers, and other persons who act, 
Xsing, deliver, declaim, play in, interpret or otherwise perform 
Xliterary or artistic works or expressions of folklore; (ii) in the 
Xcase of a phonogram the producer being the person or legal entity 
Xwho first fixes the sounds of a performance or other sounds; and, 
X(iii) in the case of broadcasts, the organization that transmits the 
Xbroadcast.
X   7. "Work" means the literary and/or artistic work offered under 
Xthe terms of this License including without limitation any 
Xproduction in the literary, scientific and artistic domain, whatever 
Xmay be the mode or form of its expression including digital form, 
Xsuch as a book, pamphlet and other writing; a lecture, address, 
Xsermon or other work of the same nature; a dramatic or 
Xdramatico-musical work; a choreographic work or entertainment in 
Xdumb show; a musical composition with or without words; a 
Xcinematographic work to which are assimilated works expressed by a 
Xprocess analogous to cinematography; a work of drawing, painting, 
Xarchitecture, sculpture, engraving or lithography; a photographic 
Xwork to which are assimilated works expressed by a process analogous 
Xto photography; a work of applied art; an illustration, map, plan, 
Xsketch or three-dimensional work relative to geography, topography, 
Xarchitecture or science; a performance; a broadcast; a phonogram; a 
Xcompilation of data to the extent it is protected as a copyrightable 
Xwork; or a work performed by a variety or circus performer to the 
Xextent it is not otherwise considered a literary or artistic work.
X   8. "You" means an individual or entity exercising rights under 
Xthis License who has not previously violated the terms of this 
XLicense with respect to the Work, or who has received express 
Xpermission from the Licensor to exercise rights under this License 
Xdespite a previous violation.
X   9. "Publicly Perform" means to perform public recitations of the 
XWork and to communicate to the public those public recitations, by 
Xany means or process, including by wire or wireless means or public 
Xdigital performances; to make available to the public Works in such 
Xa way that members of the public may access these Works from a place 
Xand at a place individually chosen by them; to perform the Work to 
Xthe public by any means or process and the communication to the 
Xpublic of the performances of the Work, including by public digital 
Xperformance; to broadcast and rebroadcast the Work by any means 
Xincluding signs, sounds or images.
X  10. "Reproduce" means to make copies of the Work by any means 
Xincluding without limitation by sound or visual recordings and the 
Xright of fixation and reproducing fixations of the Work, including 
Xstorage of a protected performance or phonogram in digital form or 
Xother electronic medium.
X
X2. Fair Dealing Rights. Nothing in this License is intended to 
Xreduce, limit, or restrict any uses free from copyright or rights 
Xarising from limitations or exceptions that are provided for in 
Xconnection with the copyright protection under copyright law or 
Xother applicable laws.
X
X3. License Grant. Subject to the terms and conditions of this 
XLicense, Licensor hereby grants You a worldwide, royalty-free, 
Xnon-exclusive, perpetual (for the duration of the applicable 
Xcopyright) license to exercise the rights in the Work as stated 
Xbelow:
X
X   1. to Reproduce the Work, to incorporate the Work into one or 
Xmore Collections, and to Reproduce the Work as incorporated in the 
XCollections;
X   2. to create and Reproduce Adaptations provided that any such 
XAdaptation, including any translation in any medium, takes 
Xreasonable steps to clearly label, demarcate or otherwise identify 
Xthat changes were made to the original Work. For example, a 
Xtranslation could be marked "The original work was translated from 
XEnglish to Spanish," or a modification could indicate "The original 
Xwork has been modified.";
X   3. to Distribute and Publicly Perform the Work including as 
Xincorporated in Collections; and,
X   4. to Distribute and Publicly Perform Adaptations.
X
XThe above rights may be exercised in all media and formats whether 
Xnow known or hereafter devised. The above rights include the right 
Xto make such modifications as are technically necessary to exercise 
Xthe rights in other media and formats. Subject to Section 8(f), all 
Xrights not expressly granted by Licensor are hereby reserved, 
Xincluding but not limited to the rights described in Section 4(e).
X
X4. Restrictions. The license granted in Section 3 above is expressly 
Xmade subject to and limited by the following restrictions:
X
X   1. You may Distribute or Publicly Perform the Work only under the 
Xterms of this License. You must include a copy of, or the Uniform 
XResource Identifier (URI) for, this License with every copy of the 
XWork You Distribute or Publicly Perform. You may not offer or impose 
Xany terms on the Work that restrict the terms of this License or the 
Xability of the recipient of the Work to exercise the rights granted 
Xto that recipient under the terms of the License. You may not 
Xsublicense the Work. You must keep intact all notices that refer to 
Xthis License and to the disclaimer of warranties with every copy of 
Xthe Work You Distribute or Publicly Perform. When You Distribute or 
XPublicly Perform the Work, You may not impose any effective 
Xtechnological measures on the Work that restrict the ability of a 
Xrecipient of the Work from You to exercise the rights granted to 
Xthat recipient under the terms of the License. This Section 4(a) 
Xapplies to the Work as incorporated in a Collection, but this does 
Xnot require the Collection apart from the Work itself to be made 
Xsubject to the terms of this License. If You create a Collection, 
Xupon notice from any Licensor You must, to the extent practicable, 
Xremove from the Collection any credit as required by Section 4(d), 
Xas requested. If You create an Adaptation, upon notice from any 
XLicensor You must, to the extent practicable, remove from the 
XAdaptation any credit as required by Section 4(d), as requested.
X   2. You may Distribute or Publicly Perform an Adaptation only 
Xunder: (i) the terms of this License; (ii) a later version of this 
XLicense with the same License Elements as this License; (iii) a 
XCreative Commons jurisdiction license (either this or a later 
Xlicense version) that contains the same License Elements as this 
XLicense (e.g., Attribution-NonCommercial-ShareAlike 3.0 US) 
X("Applicable License"). You must include a copy of, or the URI, for 
XApplicable License with every copy of each Adaptation You Distribute 
Xor Publicly Perform. You may not offer or impose any terms on the 
XAdaptation that restrict the terms of the Applicable License or the 
Xability of the recipient of the Adaptation to exercise the rights 
Xgranted to that recipient under the terms of the Applicable License. 
XYou must keep intact all notices that refer to the Applicable 
XLicense and to the disclaimer of warranties with every copy of the 
XWork as included in the Adaptation You Distribute or Publicly 
XPerform. When You Distribute or Publicly Perform the Adaptation, You 
Xmay not impose any effective technological measures on the 
XAdaptation that restrict the ability of a recipient of the 
XAdaptation from You to exercise the rights granted to that recipient 
Xunder the terms of the Applicable License. This Section 4(b) applies 
Xto the Adaptation as incorporated in a Collection, but this does not 
Xrequire the Collection apart from the Adaptation itself to be made 
Xsubject to the terms of the Applicable License.
X   3. You may not exercise any of the rights granted to You in 
XSection 3 above in any manner that is primarily intended for or 
Xdirected toward commercial advantage or private monetary 
Xcompensation. The exchange of the Work for other copyrighted works 
Xby means of digital file-sharing or otherwise shall not be 
Xconsidered to be intended for or directed toward commercial 
Xadvantage or private monetary compensation, provided there is no 
Xpayment of any monetary compensation in con-nection with the 
Xexchange of copyrighted works.
X   4. If You Distribute, or Publicly Perform the Work or any 
XAdaptations or Collections, You must, unless a request has been made 
Xpursuant to Section 4(a), keep intact all copyright notices for the 
XWork and provide, reasonable to the medium or means You are 
Xutilizing: (i) the name of the Original Author (or pseudonym, if 
Xapplicable) if supplied, and/or if the Original Author and/or 
XLicensor designate another party or parties (e.g., a sponsor 
Xinstitute, publishing entity, journal) for attribution ("Attribution 
XParties") in Licensor's copyright notice, terms of service or by 
Xother reasonable means, the name of such party or parties; (ii) the 
Xtitle of the Work if supplied; (iii) to the extent reasonably 
Xpracticable, the URI, if any, that Licensor specifies to be 
Xassociated with the Work, unless such URI does not refer to the 
Xcopyright notice or licensing information for the Work; and, (iv) 
Xconsistent with Section 3(b), in the case of an Adaptation, a credit 
Xidentifying the use of the Work in the Adaptation (e.g., "French 
Xtranslation of the Work by Original Author," or "Screenplay based on 
Xoriginal Work by Original Author"). The credit required by this 
XSection 4(d) may be implemented in any reasonable manner; provided, 
Xhowever, that in the case of a Adaptation or Collection, at a 
Xminimum such credit will appear, if a credit for all contributing 
Xauthors of the Adaptation or Collection appears, then as part of 
Xthese credits and in a manner at least as prominent as the credits 
Xfor the other contributing authors. For the avoidance of doubt, You 
Xmay only use the credit required by this Section for the purpose of 
Xattribution in the manner set out above and, by exercising Your 
Xrights under this License, You may not implicitly or explicitly 
Xassert or imply any connection with, sponsorship or endorsement by 
Xthe Original Author, Licensor and/or Attribution Parties, as 
Xappropriate, of You or Your use of the Work, without the separate, 
Xexpress prior written permission of the Original Author, Licensor 
Xand/or Attribution Parties.
X   5.
X
X      For the avoidance of doubt:
X         1. Non-waivable Compulsory License Schemes. In those 
Xjurisdictions in which the right to collect royalties through any 
Xstatutory or compulsory licensing scheme cannot be waived, the 
XLicensor reserves the exclusive right to collect such royalties for 
Xany exercise by You of the rights granted under this License;
X         2. Waivable Compulsory License Schemes. In those 
Xjurisdictions in which the right to collect royalties through any 
Xstatutory or compulsory licensing scheme can be waived, the Licensor 
Xreserves the exclusive right to collect such royalties for any 
Xexercise by You of the rights granted under this License if Your 
Xexercise of such rights is for a purpose or use which is otherwise 
Xthan noncommercial as permitted under Section 4(c) and otherwise 
Xwaives the right to collect royalties through any statutory or 
Xcompulsory licensing scheme; and,
X         3. Voluntary License Schemes. The Licensor reserves the 
Xright to collect royalties, whether individually or, in the event 
Xthat the Licensor is a member of a collecting society that 
Xadministers voluntary licensing schemes, via that society, from any 
Xexercise by You of the rights granted under this License that is for 
Xa purpose or use which is otherwise than noncommercial as permitted 
Xunder Section 4(c).
X   6. Except as otherwise agreed in writing by the Licensor or as 
Xmay be otherwise permitted by applicable law, if You Reproduce, 
XDistribute or Publicly Perform the Work either by itself or as part 
Xof any Adaptations or Collections, You must not distort, mutilate, 
Xmodify or take other derogatory action in relation to the Work which 
Xwould be prejudicial to the Original Author's honor or reputation. 
XLicensor agrees that in those jurisdictions (e.g. Japan), in which 
Xany exercise of the right granted in Section 3(b) of this License 
X(the right to make Adaptations) would be deemed to be a distortion, 
Xmutilation, modification or other derogatory action prejudicial to 
Xthe Original Author's honor and reputation, the Licensor will waive 
Xor not assert, as appropriate, this Section, to the fullest extent 
Xpermitted by the applicable national law, to enable You to 
Xreasonably exercise Your right under Section 3(b) of this License 
X(right to make Adaptations) but not otherwise.
X
X5. Representations, Warranties and Disclaimer
X
XUNLESS OTHERWISE MUTUALLY AGREED TO BY THE PARTIES IN WRITING AND TO 
XTHE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, LICENSOR OFFERS THE 
XWORK AS-IS AND MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND 
XCONCERNING THE WORK, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, 
XINCLUDING, WITHOUT LIMITATION, WARRANTIES OF TITLE, MERCHANTABILITY, 
XFITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, OR THE ABSENCE OF 
XLATENT OR OTHER DEFECTS, ACCURACY, OR THE PRESENCE OF ABSENCE OF 
XERRORS, WHETHER OR NOT DISCOVERABLE. SOME JURISDICTIONS DO NOT ALLOW 
XTHE EXCLUSION OF IMPLIED WARRANTIES, SO THIS EXCLUSION MAY NOT APPLY 
XTO YOU.
X
X6. Limitation on Liability. EXCEPT TO THE EXTENT REQUIRED BY 
XAPPLICABLE LAW, IN NO EVENT WILL LICENSOR BE LIABLE TO YOU ON ANY 
XLEGAL THEORY FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR 
XEXEMPLARY DAMAGES ARISING OUT OF THIS LICENSE OR THE USE OF THE 
XWORK, EVEN IF LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH 
XDAMAGES.
X
X7. Termination
X
X   1. This License and the rights granted hereunder will terminate 
Xautomatically upon any breach by You of the terms of this License. 
XIndividuals or entities who have received Adaptations or Collections 
Xfrom You under this License, however, will not have their licenses 
Xterminated provided such individuals or entities remain in full 
Xcompliance with those licenses. Sections 1, 2, 5, 6, 7, and 8 will 
Xsurvive any termination of this License.
X   2. Subject to the above terms and conditions, the license granted 
Xhere is perpetual (for the duration of the applicable copyright in 
Xthe Work). Notwithstanding the above, Licensor reserves the right to 
Xrelease the Work under different license terms or to stop 
Xdistributing the Work at any time; provided, however that any such 
Xelection will not serve to withdraw this License (or any other 
Xlicense that has been, or is required to be, granted under the terms 
Xof this License), and this License will continue in full force and 
Xeffect unless terminated as stated above.
X
X8. Miscellaneous
X
X   1. Each time You Distribute or Publicly Perform the Work or a 
XCollection, the Licensor offers to the recipient a license to the 
XWork on the same terms and conditions as the license granted to You 
Xunder this License.
X   2. Each time You Distribute or Publicly Perform an Adaptation, 
XLicensor offers to the recipient a license to the original Work on 
Xthe same terms and conditions as the license granted to You under 
Xthis License.
X   3. If any provision of this License is invalid or unenforceable 
Xunder applicable law, it shall not affect the validity or 
Xenforceability of the remainder of the terms of this License, and 
Xwithout further action by the parties to this agreement, such 
Xprovision shall be reformed to the minimum extent necessary to make 
Xsuch provision valid and enforceable.
X   4. No term or provision of this License shall be deemed waived 
Xand no breach consented to unless such waiver or consent shall be in 
Xwriting and signed by the party to be charged with such waiver or 
Xconsent.
X   5. This License constitutes the entire agreement between the 
Xparties with respect to the Work licensed here. There are no 
Xunderstandings, agreements or representations with respect to the 
XWork not specified here. Licensor shall not be bound by any 
Xadditional provisions that may appear in any communication from You. 
XThis License may not be modified without the mutual written 
Xagreement of the Licensor and You.
X   6. The rights granted under, and the subject matter referenced, 
Xin this License were drafted utilizing the terminology of the Berne 
XConvention for the Protection of Literary and Artistic Works (as 
Xamended on September 28, 1979), the Rome Convention of 1961, the 
XWIPO Copyright Treaty of 1996, the WIPO Performances and Phonograms 
XTreaty of 1996 and the Universal Copyright Convention (as revised on 
XJuly 24, 1971). These rights and subject matter take effect in the 
Xrelevant jurisdiction in which the License terms are sought to be 
Xenforced according to the corresponding provisions of the 
Ximplementation of those treaty provisions in the applicable national 
Xlaw. If the standard suite of rights granted under applicable 
Xcopyright law includes additional rights not granted under this 
XLicense, such additional rights are deemed to be included in the 
XLicense; this License is not intended to restrict the license of any 
Xrights under applicable law.
ca2622f5c78374857d00176cdb066732
echo x - lighttpd/files/h264_streaming.conf
sed 's/^X//' >lighttpd/files/h264_streaming.conf << '7c212b78cdf62a96d7add5556fcb53cb'
X#######################################################################
X##
X##  H.264 Streaming Module 
X## ------------------------
X##
Xserver.modules += ( "mod_h264_streaming" )
X
X##
X##  Configure streaming for .mp4 files
X##
Xh264-streaming.extensions = ( ".mp4", ".f4v" )
X
X##
X##  Bandwidth shaping
X##
X#h264-streaming.buffer-seconds = 10
X
X##
X#######################################################################
7c212b78cdf62a96d7add5556fcb53cb
echo x - lighttpd/files/patch-src-fdevent.h
sed 's/^X//' >lighttpd/files/patch-src-fdevent.h << 'ab48aa139c150c1450f2dffe4880ceef'
X--- src/fdevent.h.orig	2011-12-19 07:41:33.183877666 +0100
X+++ src/fdevent.h	2011-12-19 07:42:01.457863868 +0100
X@@ -54,7 +54,7 @@
X # include <port.h>
X #endif
X 
X-#if defined HAVE_SYS_EVENT_H && defined HAVE_KQUEUE
X+#if defined HAVE_SYS_EVENT_H && defined HAVE_KQUEUE && !defined HAVE_LIBEV
X # define USE_FREEBSD_KQUEUE
X # include <sys/event.h>
X #endif
ab48aa139c150c1450f2dffe4880ceef
echo x - lighttpd/files/extra-patch-mysqlauth
sed 's/^X//' >lighttpd/files/extra-patch-mysqlauth << 'df2f709921e1ddc5a3ee01a1c2a50d75'
Xdiff -Naur new/lighttpd-1.4.23/src/http_auth.c old/lighttpd-1.4.23/src/http_auth.c
X--- src/http_auth.c	2009-06-11 14:05:06.000000000 +0400
X+++ src/http_auth.c	2009-10-08 10:10:15.000000000 +0400
X@@ -24,6 +24,7 @@
X #include <errno.h>
X #include <unistd.h>
X #include <ctype.h>
X+#include <mysql/mysql.h>
X 
X #include "server.h"
X #include "log.h"
X@@ -291,6 +292,117 @@
X 		stream_close(&f);
X 	} else if (p->conf.auth_backend == AUTH_BACKEND_LDAP) {
X 		ret = 0;
X+       } else if (p->conf.auth_backend == AUTH_BACKEND_MYSQL) {
X+               MYSQL_RES *result;
X+               MYSQL_ROW row;
X+               int port = atoi(p->conf.auth_mysql_port->ptr);
X+               char q[255];
X+
X+               if (p->conf.auth_mysql_socket->ptr != NULL)
X+                   if (0 == strcmp(p->conf.auth_mysql_socket->ptr, "")) p->conf.auth_mysql_socket->ptr = NULL;
X+
X+               p->conf.mysql_conn = mysql_init(NULL);
X+
X+               if (mysql_real_connect(p->conf.mysql_conn, p->conf.auth_mysql_host->ptr, p->conf.auth_mysql_user->ptr, p->conf.auth_mysql_pass->ptr, p->conf.auth_mysql_db->ptr, port, p->conf.auth_mysql_socket->ptr, 0))
X+               {
X+//#define MY_HOSTING
X+
X+#ifdef MY_HOSTING
X+                   char my_full_realm[255];
X+                   char *my_realm = NULL;
X+                   char *my_domain = NULL;
X+
X+                   char *uname;
X+                   size_t unamelen;
X+
X+                   unamelen = strlen(username->ptr);
X+                   uname = malloc(unamelen*2+1);
X+
X+                   mysql_real_escape_string(p->conf.mysql_conn,
X+                                            uname, username->ptr,
X+                                            (unsigned long)unamelen);
X+
X+                   strcpy(my_full_realm, realm->ptr);
X+                   my_realm = strtok(my_full_realm, "@");
X+
X+                   if (my_realm != NULL)
X+                   my_domain = strtok(NULL, "@");
X+
X+                   sprintf(q, "SELECT %s FROM %s, %s WHERE %s='%s' AND %s='%s' AND %s='%s' AND %s=%s",
X+                               p->conf.auth_mysql_col_pass->ptr,
X+
X+                               p->conf.auth_mysql_users_table->ptr,
X+                               p->conf.auth_mysql_domains_table->ptr,
X+
X+                               p->conf.auth_mysql_col_user->ptr,
X+                               uname,
X+
X+                               p->conf.auth_mysql_col_realm->ptr,
X+                               my_realm,
X+
X+                               p->conf.auth_mysql_col_domain->ptr,
X+                               my_domain,
X+
X+                               p->conf.auth_mysql_domains_table_col_domain_id->ptr,
X+                               p->conf.auth_mysql_users_table_col_domain_id->ptr
X+                   );
X+
X+                   free(uname);
X+#else
X+                   // sanitize username & realm by taguchi@ff.iij4u.or.jp
X+                   char *uname, *urealm;
X+                   size_t unamelen, urealmlen;
X+
X+                   unamelen = strlen(username->ptr);
X+                   urealmlen = strlen(realm->ptr);
X+                   uname = malloc(unamelen*2+1);
X+                   urealm = malloc(urealmlen*2+1);
X+
X+                   mysql_real_escape_string(p->conf.mysql_conn,
X+                                            uname, username->ptr,
X+                                            (unsigned long)unamelen);
X+
X+                   mysql_real_escape_string(p->conf.mysql_conn,
X+                                            urealm, realm->ptr,
X+                                            (unsigned long)unamelen);
X+
X+                   mysql_real_escape_string(p->conf.mysql_conn,
X+                                            urealm, realm->ptr,
X+                                            (unsigned long)urealmlen);
X+
X+                   sprintf(q, "SELECT %s FROM %s WHERE %s='%s' AND %s='%s'",
X+                               p->conf.auth_mysql_col_pass->ptr,
X+                               p->conf.auth_mysql_users_table->ptr,
X+                               p->conf.auth_mysql_col_user->ptr,
X+                               uname,
X+                               p->conf.auth_mysql_col_realm->ptr,
X+                               urealm
X+                   );
X+
X+                   free(uname);
X+                   free(urealm);
X+#endif
X+
X+                   mysql_query(p->conf.mysql_conn, q);
X+                   result = mysql_store_result(p->conf.mysql_conn);
X+                   if (mysql_num_rows(result) == 1)
X+                   {
X+                       /* found */
X+                       row = mysql_fetch_row(result);
X+                       buffer_copy_string_len(password, row[0], strlen(row[0]));
X+
X+                       ret = 0;
X+                   } else
X+                   {
X+                       /* not found */
X+                       ret = -1;
X+                   }
X+
X+                   mysql_free_result(result);
X+                   mysql_close(p->conf.mysql_conn);
X+
X+                   p->conf.mysql_conn = NULL;
X+               }
X 	} else {
X 		return -1;
X 	}
X@@ -831,6 +943,60 @@
X 
X 		return 0;
X #endif
X+       } else if (p->conf.auth_backend == AUTH_BACKEND_MYSQL) {
X+               /*
X+                   we check for md5 crypt() now
X+                   request by Nicola Tiling <nti@w4w.net>
X+               */
X+               if (password->ptr[0] == '$' && password->ptr[2] == '$')
X+               {
X+                   char salt[32];
X+                   char *crypted;
X+                   size_t salt_len = 0;
X+                   char *dollar = NULL;
X+
X+                   if (NULL == (dollar = strchr(password->ptr + 3, '$'))) {
X+                       fprintf(stderr, "%s.%d\n", __FILE__, __LINE__);
X+                       return -1;
X+                   }
X+
X+                   salt_len = dollar - password->ptr;
X+
X+                   if (salt_len > sizeof(salt) - 1)
X+                   {
X+                       fprintf(stderr, "%s.%d\n", __FILE__, __LINE__);
X+                       return -1;
X+                   }
X+
X+                   strncpy(salt, password->ptr, salt_len);
X+
X+                   salt[salt_len] = '\0';
X+
X+                   crypted = crypt(pw, salt);
X+
X+                   if (0 == strcmp(password->ptr, crypted))
X+                   {
X+                       return 0;
X+                   } else {
X+                       fprintf(stderr, "%s.%d\n", __FILE__, __LINE__);
X+                   }
X+               } else
X+               /* plain md5 check now */
X+               {
X+                       li_MD5_CTX Md5Ctx;
X+                       HASH HA1;
X+                       char a1[256];
X+
X+                       li_MD5_Init(&Md5Ctx);
X+                       li_MD5_Update(&Md5Ctx, (unsigned char *)pw, strlen(pw));
X+                       li_MD5_Final(HA1, &Md5Ctx);
X+
X+                       CvtHex(HA1, a1);
X+
X+                       if (0 == strcmp(password->ptr, a1)) {
X+                               return 0;
X+                       }
X+               }
X 	}
X 	return -1;
X }
Xdiff -Naur new/lighttpd-1.4.23/src/http_auth.h old/lighttpd-1.4.23/src/http_auth.h
X--- src/http_auth.h	2009-03-31 02:16:59.000000000 +0400
X+++ src/http_auth.h	2009-10-08 10:13:56.000000000 +0400
X@@ -8,13 +8,15 @@
X # define USE_LDAP
X # include <ldap.h>
X #endif
X+#include <mysql/mysql.h>
X 
X typedef enum {
X 	AUTH_BACKEND_UNSET,
X 	AUTH_BACKEND_PLAIN,
X 	AUTH_BACKEND_LDAP,
X 	AUTH_BACKEND_HTPASSWD,
X-	AUTH_BACKEND_HTDIGEST
X+        AUTH_BACKEND_HTDIGEST,
X+        AUTH_BACKEND_MYSQL
X } auth_backend_t;
X 
X typedef struct {
X@@ -49,6 +51,22 @@
X 	buffer *ldap_filter_pre;
X 	buffer *ldap_filter_post;
X #endif
X+
X+       MYSQL  *mysql_conn;
X+       buffer *auth_mysql_host;
X+       buffer *auth_mysql_user;
X+       buffer *auth_mysql_pass;
X+       buffer *auth_mysql_db;
X+       buffer *auth_mysql_port;
X+       buffer *auth_mysql_socket;
X+       buffer *auth_mysql_users_table;
X+       buffer *auth_mysql_col_user;
X+       buffer *auth_mysql_col_pass;
X+       buffer *auth_mysql_col_realm;
X+       buffer *auth_mysql_domains_table;
X+       buffer *auth_mysql_col_domain;
X+       buffer *auth_mysql_domains_table_col_domain_id;
X+       buffer *auth_mysql_users_table_col_domain_id;
X } mod_auth_plugin_config;
X 
X typedef struct {
Xdiff -Naur new/lighttpd-1.4.23/src/Makefile.am old/lighttpd-1.4.23/src/Makefile.am
X--- src/Makefile.am.orig	2013-12-03 17:17:52.000000000 +0100
X+++ src/Makefile.am	2014-01-21 20:48:24.645439249 +0100
X@@ -243,7 +243,7 @@
X lib_LTLIBRARIES += mod_auth.la
X mod_auth_la_SOURCES = mod_auth.c http_auth.c
X mod_auth_la_LDFLAGS = -module -export-dynamic -avoid-version
X-mod_auth_la_LIBADD = $(CRYPT_LIB) $(SSL_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd)
X+mod_auth_la_LIBADD = $(MYSQL_LIBS) $(CRYPT_LIB) $(SSL_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd)
X 
X lib_LTLIBRARIES += mod_rewrite.la
X mod_rewrite_la_SOURCES = mod_rewrite.c
Xdiff -Naur lighttpd-1.4.23/src/Makefile.in old/lighttpd-1.4.23/src/Makefile.in
X--- src/Makefile.in.orig	2014-01-20 13:09:11.000000000 +0100
X+++ src/Makefile.in	2014-01-21 20:48:37.115438375 +0100
X@@ -852,7 +852,7 @@
X mod_compress_la_LIBADD = $(Z_LIB) $(BZ_LIB) $(common_libadd)
X mod_auth_la_SOURCES = mod_auth.c http_auth.c
X mod_auth_la_LDFLAGS = -module -export-dynamic -avoid-version
X-mod_auth_la_LIBADD = $(CRYPT_LIB) $(SSL_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd)
X+mod_auth_la_LIBADD = $(MYSQL_LIBS) $(CRYPT_LIB) $(SSL_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd)
X mod_rewrite_la_SOURCES = mod_rewrite.c
X mod_rewrite_la_LDFLAGS = -module -export-dynamic -avoid-version
X mod_rewrite_la_LIBADD = $(PCRE_LIB) $(common_libadd)
Xdiff -Naur new/lighttpd-1.4.23/src/mod_auth.c old/lighttpd-1.4.23/src/mod_auth.c
X--- src/mod_auth.c	2009-04-11 16:08:19.000000000 +0400
X+++ src/mod_auth.c	2009-10-08 10:24:13.000000000 +0400
X@@ -6,6 +6,7 @@
X #include <errno.h>
X #include <fcntl.h>
X #include <unistd.h>
X+#include <mysql/mysql.h>
X 
X #include "plugin.h"
X #include "http_auth.h"
X@@ -83,6 +84,20 @@
X 			if (s->ldap) ldap_unbind_s(s->ldap);
X #endif
X 
X+                       buffer_free(s->auth_mysql_host);
X+                       buffer_free(s->auth_mysql_user);
X+                       buffer_free(s->auth_mysql_pass);
X+                       buffer_free(s->auth_mysql_db);
X+                       buffer_free(s->auth_mysql_socket);
X+                       buffer_free(s->auth_mysql_users_table);
X+                       buffer_free(s->auth_mysql_col_user);
X+                       buffer_free(s->auth_mysql_col_pass);
X+                       buffer_free(s->auth_mysql_col_realm);
X+                       buffer_free(s->auth_mysql_domains_table);
X+                       buffer_free(s->auth_mysql_col_domain);
X+                       buffer_free(s->auth_mysql_domains_table_col_domain_id);
X+                       buffer_free(s->auth_mysql_users_table_col_domain_id);
X+
X 			free(s);
X 		}
X 		free(p->config_storage);
X@@ -120,6 +135,21 @@
X 	PATCH(ldap_filter_post);
X #endif
X 
X+       PATCH(auth_mysql_host);
X+       PATCH(auth_mysql_user);
X+       PATCH(auth_mysql_pass);
X+       PATCH(auth_mysql_db);
X+       PATCH(auth_mysql_port);
X+       PATCH(auth_mysql_socket);
X+       PATCH(auth_mysql_users_table);
X+       PATCH(auth_mysql_col_user);
X+       PATCH(auth_mysql_col_pass);
X+       PATCH(auth_mysql_col_realm);
X+       PATCH(auth_mysql_domains_table);
X+       PATCH(auth_mysql_col_domain);
X+       PATCH(auth_mysql_domains_table_col_domain_id);
X+       PATCH(auth_mysql_users_table_col_domain_id);
X+
X 	/* skip the first, the global context */
X 	for (i = 1; i < srv->config_context->used; i++) {
X 		data_config *dc = (data_config *)srv->config_context->data[i];
X@@ -169,6 +199,34 @@
X 				PATCH(auth_ldap_bindpw);
X 			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.ldap.allow-empty-pw"))) {
X 				PATCH(auth_ldap_allow_empty_pw);
X+                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.host"))) {
X+                               PATCH(auth_mysql_host);
X+                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.user"))) {
X+                               PATCH(auth_mysql_user);
X+                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.pass"))) {
X+                               PATCH(auth_mysql_pass);
X+                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.db"))) {
X+                               PATCH(auth_mysql_db);
X+                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.port"))) {
X+                               PATCH(auth_mysql_port);
X+                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.socket"))) {
X+                               PATCH(auth_mysql_user);
X+                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.users_table"))) {
X+                               PATCH(auth_mysql_users_table);
X+                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_user"))) {
X+                               PATCH(auth_mysql_col_user);
X+                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_pass"))) {
X+                               PATCH(auth_mysql_col_pass);
X+                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_realm"))) {
X+                               PATCH(auth_mysql_col_realm);
X+                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.domains_table"))) {
X+                               PATCH(auth_mysql_domains_table);
X+                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.col_domain"))) {
X+                               PATCH(auth_mysql_col_domain);
X+                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.domains_table_col_domain_id"))) {
X+                               PATCH(auth_mysql_domains_table_col_domain_id);
X+                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.mysql.users_table_col_domain_id"))) {
X+                               PATCH(auth_mysql_users_table_col_domain_id);
X 			}
X 		}
X 	}
X@@ -323,10 +381,24 @@
X 		{ "auth.backend.ldap.starttls",     NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 8 */
X  		{ "auth.backend.ldap.bind-dn",      NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 9 */
X  		{ "auth.backend.ldap.bind-pw",      NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 10 */
X-		{ "auth.backend.ldap.allow-empty-pw",     NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 11 */
X+                { "auth.backend.ldap.allow-empty-pw",     NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION },
X 		{ "auth.backend.htdigest.userfile", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 12 */
X 		{ "auth.backend.htpasswd.userfile", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 13 */
X 		{ "auth.debug",                     NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_CONNECTION },  /* 14 */
X+                { "auth.backend.mysql.host",        NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
X+                { "auth.backend.mysql.user",        NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
X+                { "auth.backend.mysql.pass",        NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
X+                { "auth.backend.mysql.db",          NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
X+                { "auth.backend.mysql.port",        NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
X+                { "auth.backend.mysql.socket",      NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
X+                { "auth.backend.mysql.users_table", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
X+                { "auth.backend.mysql.col_user",    NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
X+                { "auth.backend.mysql.col_pass",    NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
X+                { "auth.backend.mysql.col_realm",   NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 23 */
X+                { "auth.backend.mysql.domains_table",               NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
X+                { "auth.backend.mysql.col_domain",                  NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
X+                { "auth.backend.mysql.domains_table_col_domain_id", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
X+                { "auth.backend.mysql.users_table_col_domain_id",   NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 27 */
X 		{ NULL,                             NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
X 	};
X 
X@@ -355,6 +427,22 @@
X 		s->auth_debug = 0;
X 
X 		s->auth_require = array_init();
X+                s->mysql_conn                             = NULL;
X+                s->auth_mysql_host                        = buffer_init();
X+                s->auth_mysql_user                        = buffer_init();
X+                s->auth_mysql_pass                        = buffer_init();
X+                s->auth_mysql_db                          = buffer_init();
X+                s->auth_mysql_port                        = buffer_init();
X+                s->auth_mysql_socket                      = buffer_init();
X+                s->auth_mysql_users_table                 = buffer_init();
X+                s->auth_mysql_col_user                    = buffer_init();
X+                s->auth_mysql_col_pass                    = buffer_init();
X+                s->auth_mysql_col_realm                   = buffer_init();
X+                s->auth_mysql_domains_table               = buffer_init();
X+                s->auth_mysql_col_domain                  = buffer_init();
X+                s->auth_mysql_domains_table_col_domain_id = buffer_init();
X+                s->auth_mysql_users_table_col_domain_id   = buffer_init();
X+
X 
X #ifdef USE_LDAP
X 		s->ldap_filter_pre = buffer_init();
X@@ -377,7 +465,20 @@
X 		cv[12].destination = s->auth_htdigest_userfile;
X 		cv[13].destination = s->auth_htpasswd_userfile;
X 		cv[14].destination = &(s->auth_debug);
X-
X+                cv[15].destination = s->auth_mysql_host;
X+                cv[16].destination = s->auth_mysql_user;
X+                cv[17].destination = s->auth_mysql_pass;
X+                cv[18].destination = s->auth_mysql_db;
X+                cv[19].destination = s->auth_mysql_port;
X+                cv[20].destination = s->auth_mysql_socket;
X+                cv[21].destination = s->auth_mysql_users_table;
X+                cv[22].destination = s->auth_mysql_col_user;
X+                cv[23].destination = s->auth_mysql_col_pass;
X+                cv[24].destination = s->auth_mysql_col_realm;
X+                cv[25].destination = s->auth_mysql_domains_table;
X+                cv[26].destination = s->auth_mysql_col_domain;
X+                cv[27].destination = s->auth_mysql_domains_table_col_domain_id;
X+                cv[28].destination = s->auth_mysql_users_table_col_domain_id;
X 		p->config_storage[i] = s;
X 		ca = ((data_config *)srv->config_context->data[i])->value;
X 
X@@ -394,6 +495,8 @@
X 				s->auth_backend = AUTH_BACKEND_PLAIN;
X 			} else if (0 == strcmp(s->auth_backend_conf->ptr, "ldap")) {
X 				s->auth_backend = AUTH_BACKEND_LDAP;
X+                        } else if (0 == strcmp(s->auth_backend_conf->ptr, "mysql")) {
X+                                s->auth_backend = AUTH_BACKEND_MYSQL;
X 			} else {
X 				log_error_write(srv, __FILE__, __LINE__, "sb", "auth.backend not supported:", s->auth_backend_conf);
X 
X@@ -534,6 +637,28 @@
X 				return (ret);
X 			break;
X 		}
X+               case AUTH_BACKEND_MYSQL: {
X+                       int port = atoi(s->auth_mysql_port->ptr);
X+
X+                       if (p->conf.auth_mysql_socket->ptr != NULL)
X+                           if (0 == strcmp(s->auth_mysql_socket->ptr, "")) s->auth_mysql_socket->ptr = NULL;
X+
X+                       s->mysql_conn = mysql_init(NULL);
X+                       if (!mysql_real_connect(s->mysql_conn, s->auth_mysql_host->ptr, s->auth_mysql_user->ptr, s->auth_mysql_pass->ptr, s->auth_mysql_db->ptr, port, NULL, 0))
X+                       {
X+                           log_error_write(srv, __FILE__, __LINE__, "sbsbsbsbss",
X+                               "opening connection to mysql:", s->auth_mysql_host,
X+                               "user:", s->auth_mysql_user,
X+                               "pass:", s->auth_mysql_pass,
X+                               "db:", s->auth_mysql_db,
X+                               "failed:", strerror(errno));
X+
X+                           return HANDLER_ERROR;
X+                       }
X+                       mysql_close(s->mysql_conn);
X+
X+                       break;
X+               }
X 		default:
X 			break;
X 		}
df2f709921e1ddc5a3ee01a1c2a50d75
echo x - lighttpd/files/lighttpd.in
sed 's/^X//' >lighttpd/files/lighttpd.in << 'f29df709f1cd5521de83bb44b3860fc8'
X#!/bin/sh
X#
X# $FreeBSD: head/www/lighttpd/files/lighttpd.in 340872 2014-01-24 00:14:07Z mat $
X#
X# PROVIDE: lighttpd
X# REQUIRE: %%REQUIRE%%
X# KEYWORD: shutdown
X#
X# Add the following lines to /etc/rc.conf to enable lighttpd:
X#
X# lighttpd_enable (bool):	Set it to "YES" to enable lighttpd
X#				Default is "NO".
X# lighttpd_conf (path):		Set full path to configuration file.
X#				Default is "%%PREFIX%%/etc/lighttpd/lighttpd.conf".
X# lighttpd_pidfile (path):	Set full path to pid file.
X#				Default is "/var/run/lighttpd.pid".
X#
X# Add the following lines to /etc/rc.conf for multiple instances:
X# (overrides lighttpd_conf and lighttpd_pidfile from above)
X#
X# lighttpd_instances (string):	Instances of lighttpd
X#				Default is "" (no instances).
X# lighttpd_${i}_conf (path):	Set full path to instance configuration file.
X#				Default is "%%PREFIX%%/etc/lighttpd/${i}.conf".
X# lighttpd_${i}_pidfile (path):	Set full path to instance pid file
X#				Default is "/var/run/lighttpd_${i}.pid".
X#
X
X. /etc/rc.subr
X
Xname="lighttpd"
Xrcvar=lighttpd_enable
X
Xload_rc_config $name
X
X: ${lighttpd_enable="NO"}
X: ${lighttpd_pidfile="/var/run/${name}.pid"}
X
X# Compatibility for old configuration file location
Xdeprecated_conf=
Xif [ -z "${lighttpd_conf}" ]; then
X	if [ -f "%%PREFIX%%/etc/lighttpd.conf" ]; then
X		deprecated_conf=1
X		lighttpd_conf="%%PREFIX%%/etc/lighttpd.conf"
X	else
X		lighttpd_conf="%%PREFIX%%/etc/lighttpd/lighttpd.conf"
X	fi
Xfi
X
Xcommand=%%PREFIX%%/sbin/lighttpd
Xstop_postcmd=stop_postcmd
Xrestart_precmd="lighttpd_checkconfig"
Xgraceful_precmd="lighttpd_checkconfig"
Xgraceful_cmd="lighttpd_graceful"
Xgracefulstop_cmd="lighttpd_gracefulstop"
Xconfigtest_cmd="lighttpd_checkconfig"
Xextra_commands="reload graceful gracefulstop configtest"
Xcommand_args="-f ${lighttpd_conf}"
Xpidfile=${lighttpd_pidfile}
Xrequired_files=${lighttpd_conf}
X
Xlighttpd_check_deprecated()
X{
X	if [ -n "${deprecated_conf}" ]; then
X		echo ""
X		echo "*** NOTICE: ***"
X		echo "The default location of %%PREFIX%%/etc/lighttpd.conf is deprecated"
X		echo "Please consider moving to %%PREFIX%%/etc/lighttpd/lighttpd.conf"
X		echo ""
X	fi
X}
X
Xlighttpd_checkconfig()
X{
X	echo "Performing sanity check on ${name} configuration:"
X	eval "${command} ${command_args} -t"
X}
X
Xlighttpd_gracefulstop()
X{
X	echo "Stopping ${name} gracefully."
X	sig_reload="INT"
X	run_rc_command reload
X}
X
Xlighttpd_graceful()
X{
X	lighttpd_gracefulstop
X	rm -f ${pidfile}
X	run_rc_command start
X}
X
Xlighttpd_run_instance()
X{
X	_i="$1"
X	_rcmd="$2"
X	name=${_orig_name}_${_i}
X	eval ${name}_enable=${lighttpd_enable}
X	eval lighttpd_conf=\"\${lighttpd_${_i}_conf:-"%%PREFIX%%/etc/lighttpd/${_i}.conf"}\"
X	eval lighttpd_pidfile=\"\${lighttpd_${_i}_pidfile:-"/var/run/lighttpd_${_i}.pid"}\"
X	command_args="-f ${lighttpd_conf}"
X	pidfile=${lighttpd_pidfile}
X	required_files=${lighttpd_conf}
X	run_rc_command ${_rcmd}
X}
X
Xstop_postcmd()
X{
X	rm -f ${pidfile}
X}
X
Xif [ -n "${lighttpd_instances}" ]; then
X	_orig_name="${name}"
X	_run_cmd="$1"
X	if [ $# -gt 0 ]; then
X		shift
X	fi
X	if [ -n "$*" ]; then
X		_run_instances="$*"
X	fi
X	if [ -n "${_run_instances}" ]; then
X		for _a in $_run_instances; do
X			for _in in ${lighttpd_instances}; do
X				if [ "$_a" = "$_in" ]; then
X					_runlist="${_runlist} ${_a}"
X				fi
X			done
X		done
X	else
X		_runlist="${lighttpd_instances}"
X	fi
X	for _in in ${_runlist}; do
X		lighttpd_run_instance $_in $_run_cmd
X	done
Xelse
X	start_precmd="lighttpd_check_deprecated"
X	run_rc_command "$1"
Xfi
f29df709f1cd5521de83bb44b3860fc8
echo x - lighttpd/files/mysql_auth.sql
sed 's/^X//' >lighttpd/files/mysql_auth.sql << 'fe27b3f5494d6ad83207fc9988c91b57'
XCREATE TABLE `vhosts_secure`(
X	vhost_secure_id bigint(20) NOT NULL AUTO_INCREMENT,
X	vhost_secure_username varchar(255) NOT NULL,
X	vhost_secure_password varchar(255) NOT NULL,
X	vhost_secure_realm varchar(255) NOT NULL
X	PRIMARY KEY (vhost_secure_id),
X	INDEX i_username (vhost_secure_username),
X	INDEX i_password (vhost_secure_password),
X	INDEX i_realm (vhost_secure_realm)
X);
fe27b3f5494d6ad83207fc9988c91b57
echo x - lighttpd/files/patch-configure.ac
sed 's/^X//' >lighttpd/files/patch-configure.ac << '2a6c63ec17d3a532bb119e71a6f424a2'
X--- configure.ac.orig	2012-11-19 11:05:29.000000000 +0100
X+++ configure.ac	2012-11-21 14:22:53.723233779 +0100
X@@ -16,6 +16,7 @@
X dnl Checks for programs.
X AC_PROG_CC
X AM_PROG_CC_C_O
X+AM_PROG_AR
X AC_PROG_LD
X AC_PROG_INSTALL
X AC_PROG_AWK
X@@ -30,11 +31,6 @@
X dnl AM_PROG_AR requires automake 1.11 (and uses AC_COMPILE_IFELSE which wants AC_USE_SYSTEM_EXTENSIONS)
X m4_ifdef([AM_PROG_AR], [AM_PROG_AR])
X 
X-dnl check environment
X-AC_AIX
X-AC_ISC_POSIX
X-AC_MINIX
X-
X dnl AC_CANONICAL_HOST
X case $host_os in
X 	*darwin*|*cygwin*|*aix*|*mingw* ) NO_RDYNAMIC=yes;;
2a6c63ec17d3a532bb119e71a6f424a2
echo x - lighttpd/files/extra-patch-nodelay
sed 's/^X//' >lighttpd/files/extra-patch-nodelay << '43cbd32ab6fa020121f58eb4b3728fba'
X--- src/network.c.orig	Tue Jan 26 14:33:01 2010
X+++ src/network.c	Tue Jan 26 14:37:39 2010
X@@ -226,6 +226,12 @@
X 		log_error_write(srv, __FILE__, __LINE__, "ss", "socketsockopt failed:", strerror(errno));
X 		goto error_free_socket;
X 	}
X+	if(srv_socket->addr.plain.sa_family == AF_INET || srv_socket->addr.plain.sa_family == AF_INET6 ) {
X+		if (setsockopt(srv_socket->fd, IPPROTO_TCP, TCP_NODELAY, &val, sizeof(val)) < 0) {
X+			log_error_write(srv, __FILE__, __LINE__, "ss", "socketsockopt failed:", strerror(errno));
X+			goto error_free_socket;
X+		}
X+	}
X 
X 	switch(srv_socket->addr.plain.sa_family) {
X #ifdef HAVE_IPV6
43cbd32ab6fa020121f58eb4b3728fba
echo x - lighttpd/pkg-plist
sed 's/^X//' >lighttpd/pkg-plist << 'bd5a57b2005018213f7ff314a01cab41'
X%%ETCDIR%%/conf.d/access_log.conf.sample
X%%ETCDIR%%/conf.d/auth.conf.sample
X%%ETCDIR%%/conf.d/cgi.conf.sample
X%%ETCDIR%%/conf.d/cml.conf.sample
X%%ETCDIR%%/conf.d/compress.conf.sample
X%%ETCDIR%%/conf.d/debug.conf.sample
X%%ETCDIR%%/conf.d/dirlisting.conf.sample
X%%ETCDIR%%/conf.d/evhost.conf.sample
X%%ETCDIR%%/conf.d/expire.conf.sample
X%%ETCDIR%%/conf.d/fastcgi.conf.sample
X%%ETCDIR%%/conf.d/magnet.conf.sample
X%%ETCDIR%%/conf.d/mime.conf.sample
X%%ETCDIR%%/conf.d/mysql_vhost.conf.sample
X%%ETCDIR%%/conf.d/proxy.conf.sample
X%%ETCDIR%%/conf.d/rrdtool.conf.sample
X%%ETCDIR%%/conf.d/scgi.conf.sample
X%%ETCDIR%%/conf.d/secdownload.conf.sample
X%%ETCDIR%%/conf.d/simple_vhost.conf.sample
X%%ETCDIR%%/conf.d/ssi.conf.sample
X%%ETCDIR%%/conf.d/status.conf.sample
X%%ETCDIR%%/conf.d/trigger_b4_dl.conf.sample
X%%ETCDIR%%/conf.d/userdir.conf.sample
X%%ETCDIR%%/conf.d/webdav.conf.sample
X%%ETCDIR%%/lighttpd.conf.sample
X%%ETCDIR%%/modules.conf.sample
X%%ETCDIR%%/vhosts.d/vhosts.template
Xetc/rc.d/lighttpd
Xlib/lighttpd/mod_access.so
Xlib/lighttpd/mod_accesslog.so
Xlib/lighttpd/mod_alias.so
Xlib/lighttpd/mod_auth.so
Xlib/lighttpd/mod_cgi.so
Xlib/lighttpd/mod_cml.so
Xlib/lighttpd/mod_compress.so
Xlib/lighttpd/mod_dirlisting.so
Xlib/lighttpd/mod_evasive.so
Xlib/lighttpd/mod_evhost.so
Xlib/lighttpd/mod_expire.so
Xlib/lighttpd/mod_extforward.so
Xlib/lighttpd/mod_fastcgi.so
Xlib/lighttpd/mod_flv_streaming.so
Xlib/lighttpd/mod_indexfile.so
Xlib/lighttpd/mod_magnet.so
Xlib/lighttpd/mod_mysql_vhost.so
Xlib/lighttpd/mod_proxy.so
Xlib/lighttpd/mod_redirect.so
Xlib/lighttpd/mod_rewrite.so
Xlib/lighttpd/mod_rrdtool.so
Xlib/lighttpd/mod_scgi.so
Xlib/lighttpd/mod_secdownload.so
Xlib/lighttpd/mod_setenv.so
Xlib/lighttpd/mod_simple_vhost.so
Xlib/lighttpd/mod_ssi.so
Xlib/lighttpd/mod_staticfile.so
Xlib/lighttpd/mod_status.so
Xlib/lighttpd/mod_trigger_b4_dl.so
Xlib/lighttpd/mod_userdir.so
Xlib/lighttpd/mod_usertrack.so
Xlib/lighttpd/mod_webdav.so
Xman/man8/lighttpd.8.gz
Xsbin/lighttpd
Xsbin/lighttpd-angel
X@dir %%LOGROOT%%
bd5a57b2005018213f7ff314a01cab41
echo x - lighttpd/distinfo
sed 's/^X//' >lighttpd/distinfo << '6bc339735d3209ac5ad86388bdea1627'
XSHA256 (lighttpd-1.4.36.tar.xz) = 897ab6b1cc7bd51671f8af759e7846245fbbca0685c30017e93a5882a9ac1a53
XSIZE (lighttpd-1.4.36.tar.xz) = 570756
XSHA256 (lighttpd-1.4.26_mod_h264_streaming-2.2.9.patch.gz) = d7c3704d5253c4f3c18459f89059063b311e50096cd2c38fc982cec683c32e61
XSIZE (lighttpd-1.4.26_mod_h264_streaming-2.2.9.patch.gz) = 44695
XSHA256 (lighttpd-1.4.26_mod_geoip.patch.gz) = db43cc0ed7c808b5eed3185d97346e70dea0f1ef4fa9ed436d08e4faff7f97e7
XSIZE (lighttpd-1.4.26_mod_geoip.patch.gz) = 3267
6bc339735d3209ac5ad86388bdea1627
exit
Comment 1 Bartek Rutkowski freebsd_committer 2015-08-06 17:28:08 UTC
Hi,

Can you upload a svn diff instead? Shar's are used for new port submissions and for updates diff's are expected.
Comment 2 Piotr Kubaj freebsd_committer 2015-08-06 17:36:55 UTC
Created attachment 159621 [details]
www/lighttpd update
Comment 3 Jason Unovitch freebsd_committer 2015-08-09 22:53:49 UTC
*** Bug 200724 has been marked as a duplicate of this bug. ***
Comment 4 Jason Unovitch freebsd_committer 2015-08-09 23:08:17 UTC
Created attachment 159712 [details]
security/vuxml for lightttp CVE-2015-3200

Document lighttpd log injection vulnerability in mod_auth

PR:		202134
Security:	CVE-2015-3200
Security:	dd7f29cc-3ee9-11e5-93ad-002590263bf5



Validation is good.

% make validate
/bin/sh /usr/ports/security/vuxml/files/tidy.sh "/usr/ports/security/vuxml/files/tidy.xsl" "/usr/ports/security/vuxml/vuln.xml" > "/usr/ports/security/vuxml/vuln.xml.tidy"
>>> Validating...
/usr/local/bin/xmllint --valid --noout /usr/ports/security/vuxml/vuln.xml
>>> Successful.
Checking if tidy differs...
... seems okay
Checking for space/tab...
... seems okay
/usr/local/bin/python2.7 /usr/ports/security/vuxml/files/extra-validation.py /usr/ports/security/vuxml/vuln.xml

% env PKG_DBDIR=/usr/ports/security/vuxml pkg audit lighttpd-1.4.35_5
lighttpd-1.4.35_5 is vulnerable:
lighttpd -- Log injection vulnerability in mod_auth
CVE: CVE-2015-3200
WWW: https://vuxml.FreeBSD.org/freebsd/dd7f29cc-3ee9-11e5-93ad-002590263bf5.html

1 problem(s) in the installed packages found.

% env PKG_DBDIR=/usr/ports/security/vuxml pkg audit lighttpd-1.4.36
0 problem(s) in the installed packages found.
Comment 5 Jason Unovitch freebsd_committer 2015-08-09 23:14:04 UTC
It looks like madpilot@ (CC'd) addressed this in https://svnweb.FreeBSD.org/changeset/ports/393787 earlier today.

I had bug 200724 open when I had seen a security issue discussed on oss-security but but that took far longer than I had expected for the release to come out and I lost track of it.  I marked that original PR as duplicate and closed it.

Nonetheless, CVE-2015-3200 will still need to be documented and then I think everything looks good to close afterwards.
Comment 6 Jason Unovitch freebsd_committer 2015-08-09 23:16:35 UTC
(In reply to Jason Unovitch from comment #5)
> Nonetheless, CVE-2015-3200 will still need to be documented and then I think everything looks good to close afterwards.

After MFH of r393787, things should be ready for close.
Comment 7 Guido Falsi freebsd_committer 2015-08-10 07:28:02 UTC
Thanks for the heads up.


I did not notice this bug before committing the update. I'll add the vuxml entry later today and prepare the MFH.
Comment 8 Piotr Kubaj freebsd_committer 2015-08-10 08:11:39 UTC
I guess I should have written it directly instead of setting it in svn diff: since www/lighttpd is currenly unmaintained, I'd like to maintain it.
Comment 9 commit-hook freebsd_committer 2015-08-10 13:26:25 UTC
A commit references this bug:

Author: madpilot
Date: Mon Aug 10 13:25:33 UTC 2015
New revision: 393864
URL: https://svnweb.freebsd.org/changeset/ports/393864

Log:
  Document an already fixxed vulnerability in lighttpd 1.4.35 or older.

  PR:		202134
  Submitted by:	pkubaj at riseup.net
  vuxml entry submitted by:	Jason Unovitch <jason.unovitch at gmail.com>

Changes:
  head/security/vuxml/vuln.xml
Comment 10 Guido Falsi freebsd_committer 2015-08-10 13:43:05 UTC
(In reply to pkubaj from comment #8)

I'm assigning you maintainership shortly since you did send the update for the port.

Please note that the diff you attached is corrupted though and, if you haven't done that already, check the porter's handbook [1] and the article about what maintaining a port requires [2]. Also check on these documents from time to time and read the /usr/ports/CHANGES file, since the ports infrastructure is always being updated. (if you already knew all this please excuse me for being patronizing)

Remember to always check and test submissions thoroughly.


[1] https://www.freebsd.org/doc/en_US.ISO8859-1/books/porters-handbook/
[2] https://www.freebsd.org/doc/en_US.ISO8859-1/articles/contributing/ports-contributing.html
Comment 11 commit-hook freebsd_committer 2015-08-10 13:57:29 UTC
A commit references this bug:

Author: madpilot
Date: Mon Aug 10 13:57:21 UTC 2015
New revision: 393865
URL: https://svnweb.freebsd.org/changeset/ports/393865

Log:
  Assign maintainership to volunteer who filed a PR(which I did not
  notice) to update the port.

  PR:		202134
  Submitted by:	pkubaj at riseup.net

Changes:
  head/www/lighttpd/Makefile
Comment 12 commit-hook freebsd_committer 2015-08-10 15:07:37 UTC
A commit references this bug:

Author: madpilot
Date: Mon Aug 10 15:07:07 UTC 2015
New revision: 393870
URL: https://svnweb.freebsd.org/changeset/ports/393870

Log:
  MFH: r393787

  - Update to 1.4.36
  - Regenerate patches to silence portlint warnings

  PR:		202134
  Submitted by:	pkubaj at riseup.net

  Approved by:	ports-secteam (feld)

Changes:
_U  branches/2015Q3/
  branches/2015Q3/www/lighttpd/Makefile
  branches/2015Q3/www/lighttpd/distinfo
  branches/2015Q3/www/lighttpd/files/patch-configure.ac
  branches/2015Q3/www/lighttpd/files/patch-src-fdevent.h
Comment 13 Guido Falsi freebsd_committer 2015-08-10 15:18:34 UTC
Update merged to quarterly branch.