Package: webfs / 1.21+ds1-8.1
Metadata
Package | Version | Patches format |
---|---|---|
webfs | 1.21+ds1-8.1 | 3.0 (quilt) |
Patch series
view the series filePatch | File delta | Description |
---|---|---|
00_no_strip.diff | (download) |
mk/Variables.mk |
2 1 + 1 - 0 ! |
no stripping of binary file. Prevent unconditional stripping of binary executable by upstream build system. It must be possible to package without stripping, see Debian Policy, Sect. 10.1. |
10_manpage.diff | (download) |
webfsd.man |
14 8 + 6 - 0 ! |
fine tune manual page. Use correct hyphen encoding for use by groff. . Add important information on options '-h' and '-x'. . Mention that '-4' and '-6' imply restriction to a single protocol. |
30_socketinfo.diff | (download) |
cgi.c |
3 2 + 1 - 0 ! |
silence compiler warnings. Declare a local variable to be of type 'socklen_t' instead of 'int'. This variable is used in the system call 'getnameinfo()' and in similar host information calls. |
32_no_cloexec.diff | (download) |
cgi.c |
3 3 + 0 - 0 ! |
erase fd_cloexec flag. In recent Glibc and kernels, the default action is to set FD_CLOEXEC when duplicating a descriptor. The CGI routine uses an execve() call and the parent starts listening to stdout of the child. Therefore the closing of STDOUT_FILENO must be prevented nowadays. |
40_request_c.diff | (download) |
request.c |
7 5 + 2 - 0 ! |
avoid compiler warnings. Mismatching use of 'unsigned char' is causing compiler warnings. |
50_quote_call.diff | (download) |
ls.c |
8 4 + 4 - 0 ! |
resolve inconsistent signedness use by quote( , ). The source code is written with indiscriminate use of string types 'char *' and 'unsigned char *' when it comes to translate back and forth between url-encoded and unix-path encoded strings. . In 'quote( , )' the string 'buf[2048]' is indeed only used to store true ASCII-characters, it is thus now declared using 'char *'. In this function the first argument can contain extended ASCII characters, so strlen() for the same argument can use a cast, since it only searches for the terminating null character. . Three calls to 'quote( , )' are legitimate, but need to use a cast to unsigned character strings in order to fit the prototype. |
55_sockopt_v6only.diff | (download) |
webfsd.c |
14 14 + 0 - 0 ! |
predictably set socket option ipv6_v6only. The default mode of operation for Webfs was intended to listen on both IPv4 and IPv6. To be certain this always can be done, the patch assigns the socket option a value IPV6_V6ONLY=0, thus overriding any system default that might be in effect. . Conversely, had '-6' been specified, then make sure that IPV6_V6ONLY=1 is used. |
60_error_trapping.diff | (download) |
httpd.h |
4 2 + 2 - 0 ! |
implement a few critical preventive error checks. The error trapping is insufficient in the original source. . The patch prepares for implementing such trapping, and also improves two conditionals which only with later changes will actually matter, but for now are non-intrusive. |
63_gnutls.diff | (download) |
GNUmakefile |
8 8 + 0 - 0 ! |
implement support for gnutls. This patch set implements the option to let GnuTLS replace OpenSSL, which was the only uption in the original source code. . The alterations leave OpenSSL code intact, and also lets GnuTLS be used in a threaded setting. . No client verifications are implemented, neither can the crypto key be protected by a pass phrase at this time. . Explicit linking to "gcrypt". This is needed by "binutils-gold". Reported as LP: #665276. Contributed by Roy Jamison. |
66_further_gnutls.diff | (download) |
httpd.h |
8 8 + 0 - 0 ! |
further useful functionality from libgnutls. Continuing on the first implementation for using libgnutls, this patch set includes further checks and refined properties. . Allow server certificate and key to be contained in separate files. . Allow the server to use a CA-chain file. . Arrange the cipher priorities to be configurable at start up. . Implement some useful verifications of the client certificate and its certificate chain. This is crafted as an on/off-option. |
70_group_access.diff | (download) |
ls.c |
6 4 + 2 - 0 ! |
two cases of potential access escalation. For reading access to a file, the checking of group access was incorrectly implemented, using a mixture of user and group identities. . The supplementary group list was only reset in case an explicit group change had been requested, thus opening for potential access escalation. The code is changed to always reset the supplementary group list. This new default behaviour seems to best go with the philosophy of the original software. . Testing could not unveil any noticeable side effect of this latter additional change. |