Package: webfs / 1.21+ds1-10

Metadata

Package Version Patches format
webfs 1.21+ds1-10 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
00_no_strip.diff | (download)

mk/Variables.mk | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 no stripping of binary file.
 Prevent unconditional stripping of binary executable by
 upstream build system.  It must be possible to package
 without stripping, see Debian Policy, Sect. 10.1.
10_manpage.diff | (download)

webfsd.man | 27 21 + 6 - 0 !
1 file changed, 21 insertions(+), 6 deletions(-)

 fine tune manual page.
 Use correct hyphen encoding for use by groff.
 .
 Add important information on options '-h' and  '-x'.
 .
 Mention that '-4' and '-6' imply restriction to a single protocol.
 .
 Describe the implemented, but missing option '-~'.
30_socketinfo.diff | (download)

cgi.c | 3 2 + 1 - 0 !
webfsd.c | 3 2 + 1 - 0 !
2 files changed, 4 insertions(+), 2 deletions(-)

 silence compiler warnings.
 Declare a local variable to be of type 'socklen_t' instead of 'int'.
 This variable is used in the system call 'getnameinfo()' and in
 similar host information calls.
32_no_cloexec.diff | (download)

cgi.c | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 erase fd_cloexec flag.
 In recent Glibc and kernels, the default action is to set FD_CLOEXEC
 when duplicating a descriptor. The CGI routine uses an execve() call
 and the parent starts listening to stdout of the child. Therefore
 the closing of STDOUT_FILENO must be prevented nowadays.
40_request_c.diff | (download)

request.c | 7 5 + 2 - 0 !
1 file changed, 5 insertions(+), 2 deletions(-)

 avoid compiler warnings.
 Mismatching use of 'unsigned char' is causing compiler warnings.
50_quote_call.diff | (download)

ls.c | 8 4 + 4 - 0 !
response.c | 3 2 + 1 - 0 !
2 files changed, 6 insertions(+), 5 deletions(-)

 resolve inconsistent signedness use by quote( , ).
 The source code is written with indiscriminate use of string types
 'char *' and 'unsigned char *' when it comes to translate back and
 forth between url-encoded and unix-path encoded strings.
 .
 In 'quote( , )' the string 'buf[2048]' is indeed only used to store
 true ASCII-characters, it is thus now declared using 'char *'.
 In this function the first argument can contain extended ASCII
 characters, so strlen() for the same argument can use a cast,
 since it only searches for the terminating null character.
 .
 Three calls to 'quote( , )' are legitimate, but need to use a cast
 to unsigned character strings in order to fit the prototype.
55_sockopt_v6only.diff | (download)

webfsd.c | 14 14 + 0 - 0 !
1 file changed, 14 insertions(+)

 predictably set socket option ipv6_v6only.
 The default mode of operation for Webfs was intended to
 listen on both IPv4 and IPv6. To be certain this always
 can be done, the patch assigns the socket option a value
 IPV6_V6ONLY=0, thus overriding any system default that
 might be in effect.
 .
 Conversely, had '-6' been specified, then make sure that
 IPV6_V6ONLY=1 is used.
60_error_trapping.diff | (download)

httpd.h | 4 2 + 2 - 0 !
ssl.c | 6 4 + 2 - 0 !
webfsd.c | 29 18 + 11 - 0 !
3 files changed, 24 insertions(+), 15 deletions(-)

 implement a few critical preventive error checks.
 The error trapping is insufficient in the original source.
 .
 The patch prepares for implementing such trapping, and also
 improves two conditionals which only with later changes will
 actually matter, but for now are non-intrusive.
63_gnutls.diff | (download)

GNUmakefile | 8 8 + 0 - 0 !
httpd.h | 28 26 + 2 - 0 !
request.c | 2 1 + 1 - 0 !
response.c | 2 1 + 1 - 0 !
ssl.c | 98 98 + 0 - 0 !
webfsd.c | 107 95 + 12 - 0 !
webfsd.man | 10 5 + 5 - 0 !
7 files changed, 234 insertions(+), 21 deletions(-)

 implement support for gnutls.
 This patch set implements the option to let GnuTLS replace OpenSSL,
 which was the only uption in the original source code.
 .
 The alterations leave OpenSSL code intact, and also lets GnuTLS
 be used in a threaded setting.
 .
 No client verifications are implemented, neither can the crypto
 key be protected by a pass phrase at this time.
 .
 Explicit linking to "gcrypt". This is needed by "binutils-gold".
 Reported as LP: #665276. Contributed by Roy Jamison.
66_further_gnutls.diff | (download)

httpd.h | 8 8 + 0 - 0 !
ssl.c | 88 82 + 6 - 0 !
webfsd.c | 84 79 + 5 - 0 !
webfsd.man | 25 24 + 1 - 0 !
4 files changed, 193 insertions(+), 12 deletions(-)

 further useful functionality from libgnutls.
 Continuing on the first implementation for using libgnutls,
 this patch set includes further checks and refined properties.
 .
 Allow server certificate and key to be contained in separate files.
 .
 Allow the server to use a CA-chain file.
 .
 Arrange the cipher priorities to be configurable at start up.
 .
 Implement some useful verifications of the client certificate and
 its certificate chain. This is crafted as an on/off-option.
68_large_files.diff | (download)

httpd.h | 9 5 + 4 - 0 !
ssl.c | 16 8 + 8 - 0 !
webfsd.c | 4 2 + 2 - 0 !
3 files changed, 15 insertions(+), 14 deletions(-)

 transmission of large files in tls-mode.
 The legacy signature of ssl_read(), ssl_write() and ssl_blk_write()
 could not represent correctly sizes larger that 2.2GB. An internal
 counter needs to be of type ssize_t.
 .
 Likewise, the type of the byte counter in "struct REQUEST.bc"
 must be adapted.
 .
 The logging entry coded in "webfsd.c" could not record sizes
 above 2.2GB correctly, needing a change of format string.
 .
 Increase the buffer size in ssl_blk_write() to 16 kB for a slightly
 better throughput.
70_group_access.diff | (download)

ls.c | 6 4 + 2 - 0 !
webfsd.c | 4 2 + 2 - 0 !
2 files changed, 6 insertions(+), 4 deletions(-)

 two cases of potential access escalation.
 For reading access to a file, the checking of group access
 was incorrectly implemented, using a mixture of user and
 group identities.
 .
 The supplementary group list was only reset in case an explicit
 group change had been requested, thus opening for potential
 access escalation. The code is changed to always reset the
 supplementary group list. This new default behaviour seems
 to best go with the philosophy of the original software.
 .
 Testing could not unveil any noticeable side effect of this
 latter additional change.
75_hardening_flags.diff | (download)

GNUmakefile | 2 2 + 0 - 0 !
mk/Autoconf.mk | 2 1 + 1 - 0 !
mk/Compile.mk | 2 1 + 1 - 0 !
3 files changed, 4 insertions(+), 2 deletions(-)

 pass compilation flags.
 Make sure that all of CPPFLAGS, CFLAGS,
 and LDFLAGS are used in the build process,
 since they are preload with values by us
 for hardening of the binary executable.
 .
 Remove the switch "-e" which does not work
 with dash.
80_cve_2013_0347.diff | (download)

webfsd.c | 8 8 + 0 - 0 !
1 file changed, 8 insertions(+)

 cve-2013-0347, webfs world-readable logdir
 The log file is created with world-readable
 permissions by default, which poses a potential
 security issue.
 .
 Temporarily set a stronger umask to 0137.
 Then open the log file in append mode. This
 eliminates world's access to a newly created
 file.
82_kfreebsd.diff | (download)

response.c | 41 38 + 3 - 0 !
1 file changed, 38 insertions(+), 3 deletions(-)

 use kernel's sendfile() with kfreebsd.
 When compiling for GNU/kFreeBSD, check whether the
 library implements sendfile(). If so, go ahead in
 using it, otherwise fall back to the emulation.
 Only more recent glibc versions do actually provide
 a functional sendfile(), all other returning ENOSYS.
 .
 A macro DEBUG_XSENDFILE inserts debug logging
 on kFreeBSD systems.
 .
 Rename the sendfile emulation as emulsendfile()
 and keep it always available.
85_conditional_gcrypt.diff | (download)

GNUmakefile | 4 3 + 1 - 0 !
webfsd.c | 14 9 + 5 - 0 !
2 files changed, 12 insertions(+), 6 deletions(-)

 make libgcrypt conditional.
 More recent versions of libgnutls no longer
 require libgcrypt as an unconditional dependency.
 Adjust to this fact.