On Friday 29 February 2008 11:09:31 Jeffrey 'jf' Lim wrote: > On Fri, Feb 29, 2008 at 10:51 PM, Jasper Lievisse Adriaanse > <[EMAIL PROTECTED]> wrote: > > hi, > > > > here's the vendors patch to fix CVE-2008-0983 > > http://secunia.com/cve_reference/CVE-2008-0983/ > > > > ok to commit? > > > > sorry, but is there something wrong with this patch? I don't see how > all these extra lines should be there. This is 1.4.18, with only 1 > patch in ports, 'patch-doc_lighttpd_conf' right?
huh? this comment makes no sense at all. > > > > Index: patches/patch-src_fdevent_solaris_devpoll_c > > =================================================================== > > RCS file: patches/patch-src_fdevent_solaris_devpoll_c > > diff -N patches/patch-src_fdevent_solaris_devpoll_c > > --- /dev/null 1 Jan 1970 00:00:00 -0000 > > +++ patches/patch-src_fdevent_solaris_devpoll_c 29 Feb 2008 14:49:12 -0000 > > @@ -0,0 +1,12 @@ > > +$OpenBSD$ > > +--- src/fdevent_solaris_devpoll.c.orig Fri Feb 29 15:46:03 2008 > > ++++ src/fdevent_solaris_devpoll.c Fri Feb 29 15:46:25 2008 > > +@@ -67,7 +67,7 @@ static int fdevent_solaris_devpoll_poll(fdevents *ev, > > + int ret; > > + > > + dopoll.dp_timeout = timeout_ms; > > +- dopoll.dp_nfds = ev->maxfds; > > ++ dopoll.dp_nfds = ev->maxfds - 1; > > + dopoll.dp_fds = ev->devpollfds; > > + > > + ret = ioctl(ev->devpoll_fd, DP_POLL, &dopoll); > > <snip> > > As far as I know only 1 line changes in src/fdevent_solaris_devpoll.c > (and 3 lines are removed from src/server.c). Contrast this with > http://trac.lighttpd.net/trac/attachment/ticket/1562/Fix-372-and-1562.patch, > and the 1.4.18 source. > > -jf The patch provided by Jasper is exactly the same. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.