From patchwork Sun May 17 08:38:32 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fabrice Fontaine X-Patchwork-Id: 1292082 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.138; helo=whitealder.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=caKwvdp5; dkim-atps=neutral Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49PwXF3hf1z9sRK for ; Sun, 17 May 2020 18:38:19 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 7A6CD87FF6; Sun, 17 May 2020 08:38:16 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DiGzrdoSZ40M; Sun, 17 May 2020 08:38:14 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by whitealder.osuosl.org (Postfix) with ESMTP id 7B88188051; Sun, 17 May 2020 08:38:14 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by ash.osuosl.org (Postfix) with ESMTP id 862BB1BF2B0 for ; Sun, 17 May 2020 08:38:12 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 82B0287FF6 for ; Sun, 17 May 2020 08:38:12 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yaesh-y17UlH for ; Sun, 17 May 2020 08:38:11 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-wr1-f68.google.com (mail-wr1-f68.google.com [209.85.221.68]) by whitealder.osuosl.org (Postfix) with ESMTPS id 0A18388051 for ; Sun, 17 May 2020 08:38:11 +0000 (UTC) Received: by mail-wr1-f68.google.com with SMTP id 50so8136161wrc.11 for ; Sun, 17 May 2020 01:38:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=Z0AnPGZLOjqY4BG9rPmkSN5D0HEu0xdoPpM7t/mpcl4=; b=caKwvdp54qawrpOeYrE9sssTAzdCJcaky2EnZHHVU/3D5dCoSi5mzA2AO3Qx4bYKvf Wl56vUNKgWYfp3arrMKCy9XUi+RJEW3s1N25TOqopQLXtBe0mOHE3WfsrXWkoBGF9nRp DTA50ZFafhQAUZhJ00qcTb0hm0O+VFlKvj4jWuOoGjXNIbSvEAy09qQ1ntlUKh7537SN zpXwfNe5fGibPWlzO2ebusEcHEHyVS1Zq352JR6FtuLc6LN4dq1WV3UeG0EwzyDLpDn/ lB66Dhxb/DtA5iKikUJckbXzbp5hyjaX8OjABQXTHFvPUpNYmJYBe4oBxfGWeSVhMQI5 +JOA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=Z0AnPGZLOjqY4BG9rPmkSN5D0HEu0xdoPpM7t/mpcl4=; b=ZvGvsWi3BwnboyhLeXIzRklMNC5CbhvZw+Cjmc0AmsJtZPN4jvwDVdiexIIaQdKefu +ZBrWzqYhvb4CzmZUcI2UXhQyROW8sHcLVvzfQ+A1M0Fse0ofW5qAkxEmDEThxlXj7zN oiKiS4CP+U8IJI2MmkfpPSLB91hP8BrIkFLlsk6LeX85PWsoUFprwZQndMERX3WtAj5r FGalgDDEIEB1k5Yh8ykjyrs4j5SGPAQ+m6IJTkXqUtQwYBK6yPOlC0eDbjh6Pp6DwiH2 f6zwTBF11Qi+sf+dom2rNKD70jzJrLIWfDM8Q/lrfrf4LibnQDkSDpFlN6sXB3TjVVpo XIKg== X-Gm-Message-State: AOAM533W3t0eYvfKGdyDKojcY6eMKXw9tacWDvfd71H5mO25tgXyJWjM 4EH4SPGhHmdp7JyoKd7dopUxzAj6 X-Google-Smtp-Source: ABdhPJy4rdYQJlGhJ8L0vRGCKBm9ghG/lKJxzhsjAbcrULnqx55M2IgRcD8oqAOkII2NY3sdVGVFbw== X-Received: by 2002:adf:9166:: with SMTP id j93mr12768375wrj.289.1589704689013; Sun, 17 May 2020 01:38:09 -0700 (PDT) Received: from kali.home (lfbn-ren-1-2144-158.w92-167.abo.wanadoo.fr. [92.167.223.158]) by smtp.gmail.com with ESMTPSA id h74sm11819522wrh.76.2020.05.17.01.38.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 17 May 2020 01:38:08 -0700 (PDT) From: Fabrice Fontaine To: buildroot@buildroot.org Date: Sun, 17 May 2020 10:38:32 +0200 Message-Id: <20200517083832.1717761-1-fontaine.fabrice@gmail.com> X-Mailer: git-send-email 2.26.2 MIME-Version: 1.0 Subject: [Buildroot] [PATCH 1/1] package/tinyhttpd: remove package X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Fabrice Fontaine Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" tinyhttpd is affected by CVE-2002-1819 and is not maintained anymore (no release since 2001) so remove it Signed-off-by: Fabrice Fontaine --- Config.in.legacy | 8 +++ package/Config.in | 1 - package/tinyhttpd/0001-misc-fixes.patch | 80 ------------------------- package/tinyhttpd/Config.in | 9 --- package/tinyhttpd/S85tinyhttpd | 32 ---------- package/tinyhttpd/tinyhttpd.hash | 3 - package/tinyhttpd/tinyhttpd.mk | 32 ---------- package/tinyhttpd/tinyhttpd.service | 10 ---- 8 files changed, 8 insertions(+), 167 deletions(-) delete mode 100644 package/tinyhttpd/0001-misc-fixes.patch delete mode 100644 package/tinyhttpd/Config.in delete mode 100644 package/tinyhttpd/S85tinyhttpd delete mode 100644 package/tinyhttpd/tinyhttpd.hash delete mode 100644 package/tinyhttpd/tinyhttpd.mk delete mode 100644 package/tinyhttpd/tinyhttpd.service diff --git a/Config.in.legacy b/Config.in.legacy index 5605ba1fad..898b92a0eb 100644 --- a/Config.in.legacy +++ b/Config.in.legacy @@ -146,6 +146,14 @@ endif comment "Legacy options removed in 2020.05" +config BR2_PACKAGE_TINYHTTPD + bool "tinyhttpd package removed" + select BR2_LEGACY + help + The tinyhttpd package was removed as it is affected by + CVE-2002-1819 and is not maintained anymore (no release since + 2001). + config BR2_PACKAGE_EZXML bool "ezxml package removed" select BR2_LEGACY diff --git a/package/Config.in b/package/Config.in index b8cdd3f7c3..1b9ecd3fcc 100644 --- a/package/Config.in +++ b/package/Config.in @@ -2204,7 +2204,6 @@ endif source "package/tftpd/Config.in" source "package/thttpd/Config.in" source "package/tinc/Config.in" - source "package/tinyhttpd/Config.in" source "package/tinyproxy/Config.in" source "package/tinyssh/Config.in" source "package/tor/Config.in" diff --git a/package/tinyhttpd/0001-misc-fixes.patch b/package/tinyhttpd/0001-misc-fixes.patch deleted file mode 100644 index 05d6e50a70..0000000000 --- a/package/tinyhttpd/0001-misc-fixes.patch +++ /dev/null @@ -1,80 +0,0 @@ -diff -ur tinyhttpd-0.1.0/httpd.c tinyhttpd-0.1.0-patched/httpd.c ---- tinyhttpd-0.1.0/httpd.c 2001-04-21 19:13:13.000000000 -0500 -+++ tinyhttpd-0.1.0-patched/httpd.c 2007-07-02 09:19:27.000000000 -0500 -@@ -4,14 +4,6 @@ - * CSE 4344 (Network concepts), Prof. Zeigler - * University of Texas at Arlington - */ --/* This program compiles for Sparc Solaris 2.6. -- * To compile for Linux: -- * 1) Comment out the #include line. -- * 2) Comment out the line that defines the variable newthread. -- * 3) Comment out the two lines that run pthread_create(). -- * 4) Uncomment the line that runs accept_request(). -- * 5) Remove -lsocket from the Makefile. -- */ - #include - #include - #include -@@ -22,7 +14,6 @@ - #include - #include - #include --#include - #include - #include - -@@ -30,7 +21,6 @@ - - #define SERVER_STRING "Server: jdbhttpd/0.1.0\r\n" - --void accept_request(int); - void bad_request(int); - void cat(int, FILE *); - void cannot_execute(int); -@@ -102,7 +92,7 @@ - } - } - -- sprintf(path, "htdocs%s", url); -+ sprintf(path, "/var/www%s", url); - if (path[strlen(path) - 1] == '/') - strcat(path, "index.html"); - if (stat(path, &st) == -1) { -@@ -475,11 +465,10 @@ - int main(void) - { - int server_sock = -1; -- u_short port = 0; -+ u_short port = 80; - int client_sock = -1; - struct sockaddr_in client_name; - int client_name_len = sizeof(client_name); -- pthread_t newthread; - - server_sock = startup(&port); - printf("httpd running on port %d\n", port); -@@ -491,9 +480,7 @@ - &client_name_len); - if (client_sock == -1) - error_die("accept"); -- /* accept_request(client_sock); */ -- if (pthread_create(&newthread , NULL, accept_request, client_sock) != 0) -- perror("pthread_create"); -+ accept_request(client_sock); - } - - close(server_sock); -diff -ur tinyhttpd-0.1.0/Makefile tinyhttpd-0.1.0-patched/Makefile ---- tinyhttpd-0.1.0/Makefile 2001-04-21 17:03:39.000000000 -0500 -+++ tinyhttpd-0.1.0-patched/Makefile 2007-07-02 10:29:41.000000000 -0500 -@@ -1,7 +1,7 @@ - all: httpd - - httpd: httpd.c -- gcc -W -Wall -lsocket -lpthread -o httpd httpd.c -+ $(CC) $(CFLAGS) $(LDFLAGS) -W -Wall -o httpd httpd.c - - clean: -- rm httpd -+ rm -f httpd diff --git a/package/tinyhttpd/Config.in b/package/tinyhttpd/Config.in deleted file mode 100644 index f648bcd369..0000000000 --- a/package/tinyhttpd/Config.in +++ /dev/null @@ -1,9 +0,0 @@ -config BR2_PACKAGE_TINYHTTPD - bool "tinyhttpd" - depends on BR2_USE_MMU # fork() - help - A relatively simple webserver written as a school - project. It is exceedingly simple, threaded and handles - basic CGI scripts. - - http://sourceforge.net/projects/tinyhttpd/ diff --git a/package/tinyhttpd/S85tinyhttpd b/package/tinyhttpd/S85tinyhttpd deleted file mode 100644 index f3f1de69bf..0000000000 --- a/package/tinyhttpd/S85tinyhttpd +++ /dev/null @@ -1,32 +0,0 @@ -#! /bin/sh - -PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin -NAME=tinyhttpd - -mkdir -p /var/www - -case "$1" in - start) - printf "Starting $NAME: " - $NAME > /dev/null & - echo "done" - ;; - stop) - printf "Stopping $NAME: " - killall -9 $NAME - echo "done" - ;; - restart) - printf "Restarting $NAME: " - killall -9 $NAME - sleep 1 - $NAME > /dev/null & - echo "done" - ;; - *) - echo "Usage: /etc/init.d/S85tinyhttpd {start|stop|restart}" >&2 - exit 1 - ;; -esac - -exit 0 diff --git a/package/tinyhttpd/tinyhttpd.hash b/package/tinyhttpd/tinyhttpd.hash deleted file mode 100644 index fc8ff4ee2c..0000000000 --- a/package/tinyhttpd/tinyhttpd.hash +++ /dev/null @@ -1,3 +0,0 @@ -# Locally computed: -sha256 56609b82869c80ba71b2a2af166a0bcaffe21e7412f4594e04b9a5abf733435a tinyhttpd-0.1.0.tar.gz -sha256 4289e6d4f7ba72672dbd45ab78a8e02babf3d6e0577eeac5b2ef6926da6f4a87 README diff --git a/package/tinyhttpd/tinyhttpd.mk b/package/tinyhttpd/tinyhttpd.mk deleted file mode 100644 index 6b3ba5f305..0000000000 --- a/package/tinyhttpd/tinyhttpd.mk +++ /dev/null @@ -1,32 +0,0 @@ -################################################################################ -# -# tinyhttpd -# -################################################################################ - -TINYHTTPD_VERSION = 0.1.0 -TINYHTTPD_SITE = http://downloads.sourceforge.net/project/tinyhttpd/tinyhttpd%20source/tinyhttpd%20$(TINYHTTPD_VERSION) -TINYHTTPD_LICENSE = GPL -TINYHTTPD_LICENSE_FILES = README - -define TINYHTTPD_BUILD_CMDS - $(TARGET_MAKE_ENV) $(MAKE) -C $(@D) CC="$(TARGET_CC)" CFLAGS="$(TARGET_CFLAGS)" \ - LDFLAGS="$(TARGET_LDFLAGS)" -endef - -define TINYHTTPD_INSTALL_TARGET_CMDS - $(INSTALL) -m 0755 -D $(@D)/httpd $(TARGET_DIR)/usr/sbin/tinyhttpd - mkdir -p $(TARGET_DIR)/var/www -endef - -define TINYHTTPD_INSTALL_INIT_SYSV - $(INSTALL) -m 0755 -D package/tinyhttpd/S85tinyhttpd \ - $(TARGET_DIR)/etc/init.d/S85tinyhttpd -endef - -define TINYHTTPD_INSTALL_INIT_SYSTEMD - $(INSTALL) -D -m 644 package/tinyhttpd/tinyhttpd.service \ - $(TARGET_DIR)/usr/lib/systemd/system/tinyhttpd.service -endef - -$(eval $(generic-package)) diff --git a/package/tinyhttpd/tinyhttpd.service b/package/tinyhttpd/tinyhttpd.service deleted file mode 100644 index 0ae5bac943..0000000000 --- a/package/tinyhttpd/tinyhttpd.service +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=Tiny HTTP daemon -After=network.target - -[Service] -ExecStart=/usr/sbin/tinyhttpd -Restart=always - -[Install] -WantedBy=multi-user.target