summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Hoffmann <hoffie@gentoo.org>2010-02-01 23:47:55 +0000
committerChristian Hoffmann <hoffie@gentoo.org>2010-02-01 23:47:55 +0000
commit8ad10b7c0c66f903a4e3748a1356056d3d86d71d (patch)
tree0b9d01edc273b624e602e1e2fbf7660ff4ffcbbe /www-servers
parentstable sparc, bug 302845 (diff)
downloadhistorical-8ad10b7c0c66f903a4e3748a1356056d3d86d71d.tar.gz
historical-8ad10b7c0c66f903a4e3748a1356056d3d86d71d.tar.bz2
historical-8ad10b7c0c66f903a4e3748a1356056d3d86d71d.zip
revision bump with fix for CVE-2010-0295, straight to stable on amd64
Package-Manager: portage-2.1.7.16/cvs/Linux x86_64 RepoMan-Options: --force
Diffstat (limited to 'www-servers')
-rw-r--r--www-servers/lighttpd/ChangeLog8
-rw-r--r--www-servers/lighttpd/Manifest12
-rw-r--r--www-servers/lighttpd/files/1.4.25-fix-CVE-2010-0295.patch211
-rw-r--r--www-servers/lighttpd/lighttpd-1.4.25-r1.ebuild213
4 files changed, 438 insertions, 6 deletions
diff --git a/www-servers/lighttpd/ChangeLog b/www-servers/lighttpd/ChangeLog
index ce0346362ceb..41b6359af4bd 100644
--- a/www-servers/lighttpd/ChangeLog
+++ b/www-servers/lighttpd/ChangeLog
@@ -1,6 +1,12 @@
# ChangeLog for www-servers/lighttpd
# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/ChangeLog,v 1.217 2010/02/01 19:53:41 maekke Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/ChangeLog,v 1.218 2010/02/01 23:47:54 hoffie Exp $
+
+*lighttpd-1.4.25-r1 (01 Feb 2010)
+
+ 01 Feb 2010; Christian Hoffmann <hoffie@gentoo.org>
+ +lighttpd-1.4.25-r1.ebuild, +files/1.4.25-fix-CVE-2010-0295.patch:
+ revision bump with fix for CVE-2010-0295, straight to stable on amd64
01 Feb 2010; Markus Meier <maekke@gentoo.org> lighttpd-1.4.23.ebuild:
arm stable, bug #286134
diff --git a/www-servers/lighttpd/Manifest b/www-servers/lighttpd/Manifest
index c2ce19845e58..41057aa11f50 100644
--- a/www-servers/lighttpd/Manifest
+++ b/www-servers/lighttpd/Manifest
@@ -1,6 +1,7 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
+AUX 1.4.25-fix-CVE-2010-0295.patch 6237 RMD160 cd9ce4410ed805d28899b0207bbc670e04491315 SHA1 2ba33d94f5628d97cb606ad97ef9630eef5191c4 SHA256 d4d269d993396cfd9146de621e0a3d5e9203ac7f6b2b6f351f9013dbbe956a4e
AUX 1.4.25-fix-unknown-AM_SILENT_RULES.patch 744 RMD160 5da8bdca1728f2de730e90de4fb7e93a274406e8 SHA1 8ae6849a88aaaca76c1b8c13a62cc266dbebc2a7 SHA256 a1cf7c77b7ee1cbe9bf3efbb7704b8582c480ae69fd70934597d24ff3fddf663
AUX conf/lighttpd.conf 8243 RMD160 0b99dbb49be34521ddda14abd9b06cef141bbfc9 SHA1 8fd27dd9b5aea94ca0d1611c8fb1d9e3cb720d0b SHA256 3c016c663d14bf1cb8bf1c7d87dc0ecc1fb4f189ebd4fb05e90ed23f20439ed5
AUX conf/mime-types.conf 3350 RMD160 ca82154e69af26b1d9de9757d5bcbe69eb428dcb SHA1 f7b7c19a90629b6598a1c4769592628fa582dd34 SHA256 8bbab2136c71878fbca5ad8d45838a99fd278037406049a3cca5f47d81309100
@@ -16,13 +17,14 @@ AUX spawn-fcgi.initd 1398 RMD160 3fd0fa41d100629e85960034237abc0866ec3d38 SHA1 9
DIST lighttpd-1.4.23.tar.bz2 641621 RMD160 3034f56156ee56dbfe5d632f92d9a7e420284caf SHA1 a07b7bfdbf882ebe645cc140f4a658c46725224e SHA256 72896e6677b12aee2371c12e6d3f8299cfbdb2f89ad4b519a96b3ba80852a5fa
DIST lighttpd-1.4.25.tar.bz2 628267 RMD160 f0f7dd0ff3c92a6185be2e6017fd5ea74734c769 SHA1 bc4592930292ae8d0990a94a584f49fe8f52445b SHA256 7e803089f18b179097cb33b64b37d8a3b537ce9c196c88e3fb09881b471c88ce
EBUILD lighttpd-1.4.23.ebuild 5785 RMD160 9329db0ea573b13e5764c6a173b5af3f53bb5d0b SHA1 674020a06fa14101d24faf13ebe034ef7a852358 SHA256 5ab87c04a35cb8a00460150402ddd82586e7f0e3eea8381dd0738ee69d73f459
+EBUILD lighttpd-1.4.25-r1.ebuild 5888 RMD160 061a779068ac37a870ad3a2292405749be2480f6 SHA1 97817f0435567937420af21f387d6268f2c0a191 SHA256 014ff66568c7be65ab0e95a9b342642520e228948feb48018c0b3b3fff3da99d
EBUILD lighttpd-1.4.25.ebuild 5829 RMD160 365b1ea4415d2667fcef3a7af08fec29edcf596f SHA1 002a05ab99b4f3c15c8da95fa764fbfb8d84757c SHA256 cc5b0e4170cf4ef91b8043504c4b28e677c5d0d92039cbbe897c00d1a61bcce5
-MISC ChangeLog 49083 RMD160 deadb163e76f4b3350f111034446c635676baded SHA1 db6d7d3ed1a0163aa1ef840c4a3d87120d50c45a SHA256 d5635874b94e06da7893e8fcaac1bdc48e39d627b48c40202e1fce9b5f82fdf8
+MISC ChangeLog 49314 RMD160 69dd699c9b93ffde1add61e0aca594eb6cc9d2a4 SHA1 7afc12db07467779f8ee5338c2e628bbc6eba137 SHA256 b348f1fe76ecc012c221ad05be34b7e76b2b7eee17eb0d4413e096a5b99169cb
MISC metadata.xml 927 RMD160 3d969f099d1bb8df70ec5f8ed78a83ad27d2b10d SHA1 1e564c4fc4edb8a4b2dc41f731071ec38e917027 SHA256 479db26201c5c934fd5fb5deccd8712a637114d5cde6e75da8ce9ad4872ec070
-----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.11 (GNU/Linux)
+Version: GnuPG v2.0.14 (GNU/Linux)
-iEYEARECAAYFAktnMRwACgkQkKaRLQcq0GInJgCghMo8VYGmqRZ6nomZhhd7wC7n
-2oAAnRuD4rQHMtYjKhy66FwEBZrQzJ07
-=ETE8
+iEYEARECAAYFAktnaC8ACgkQSamB34AN3N5uQQCfVj6PFy3gUigLrt8Lgb81Z/Ce
+HWcAoMtbc55sQdTIlfLvalc4E5XAkr6G
+=t0v4
-----END PGP SIGNATURE-----
diff --git a/www-servers/lighttpd/files/1.4.25-fix-CVE-2010-0295.patch b/www-servers/lighttpd/files/1.4.25-fix-CVE-2010-0295.patch
new file mode 100644
index 000000000000..fcac31887872
--- /dev/null
+++ b/www-servers/lighttpd/files/1.4.25-fix-CVE-2010-0295.patch
@@ -0,0 +1,211 @@
+Index: branches/lighttpd-1.4.x/src/base.h
+===================================================================
+--- branches/lighttpd-1.4.x/src/base.h (revision 2709)
++++ branches/lighttpd-1.4.x/src/base.h (revision 2710)
+@@ -431,7 +431,6 @@
+
+ #ifdef USE_OPENSSL
+ SSL *ssl;
+- buffer *ssl_error_want_reuse_buffer;
+ # ifndef OPENSSL_NO_TLSEXT
+ buffer *tlsext_server_name;
+ # endif
+Index: branches/lighttpd-1.4.x/src/connections.c
+===================================================================
+--- branches/lighttpd-1.4.x/src/connections.c (revision 2709)
++++ branches/lighttpd-1.4.x/src/connections.c (revision 2710)
+@@ -192,40 +192,42 @@
+
+ static int connection_handle_read_ssl(server *srv, connection *con) {
+ #ifdef USE_OPENSSL
+- int r, ssl_err, len, count = 0;
++ int r, ssl_err, len, count = 0, read_offset, toread;
+ buffer *b = NULL;
+
+ if (!con->conf.is_ssl) return -1;
+
+- /* don't resize the buffer if we were in SSL_ERROR_WANT_* */
+-
+ ERR_clear_error();
+ do {
+- if (!con->ssl_error_want_reuse_buffer) {
+- b = buffer_init();
+- buffer_prepare_copy(b, SSL_pending(con->ssl) + (16 * 1024)); /* the pending bytes + 16kb */
++ if (NULL != con->read_queue->last) {
++ b = con->read_queue->last->mem;
++ }
+
++ if (NULL == b || b->size - b->used < 1024) {
++ b = chunkqueue_get_append_buffer(con->read_queue);
++ len = SSL_pending(con->ssl);
++ if (len < 4*1024) len = 4*1024; /* always alloc >= 4k buffer */
++ buffer_prepare_copy(b, len + 1);
++
+ /* overwrite everything with 0 */
+ memset(b->ptr, 0, b->size);
+- } else {
+- b = con->ssl_error_want_reuse_buffer;
+ }
+
+- len = SSL_read(con->ssl, b->ptr, b->size - 1);
+- con->ssl_error_want_reuse_buffer = NULL; /* reuse it only once */
++ read_offset = (b->used > 0) ? b->used - 1 : 0;
++ toread = b->size - 1 - read_offset;
+
++ len = SSL_read(con->ssl, b->ptr + read_offset, toread);
++
+ if (len > 0) {
+- b->used = len;
++ if (b->used > 0) b->used--;
++ b->used += len;
+ b->ptr[b->used++] = '\0';
+
+- /* we move the buffer to the chunk-queue, no need to free it */
++ con->bytes_read += len;
+
+- chunkqueue_append_buffer_weak(con->read_queue, b);
+ count += len;
+- con->bytes_read += len;
+- b = NULL;
+ }
+- } while (len > 0 && count < MAX_READ_LIMIT);
++ } while (len == toread && count < MAX_READ_LIMIT);
+
+
+ if (len < 0) {
+@@ -234,11 +236,11 @@
+ case SSL_ERROR_WANT_READ:
+ case SSL_ERROR_WANT_WRITE:
+ con->is_readable = 0;
+- con->ssl_error_want_reuse_buffer = b;
+
+- b = NULL;
++ /* the manual says we have to call SSL_read with the same arguments next time.
++ * we ignore this restriction; no one has complained about it in 1.5 yet, so it probably works anyway.
++ */
+
+- /* we have to steal the buffer from the queue-queue */
+ return 0;
+ case SSL_ERROR_SYSCALL:
+ /**
+@@ -297,16 +299,11 @@
+
+ connection_set_state(srv, con, CON_STATE_ERROR);
+
+- buffer_free(b);
+-
+ return -1;
+ } else if (len == 0) {
+ con->is_readable = 0;
+ /* the other end close the connection -> KEEP-ALIVE */
+
+- /* pipelining */
+- buffer_free(b);
+-
+ return -2;
+ }
+
+@@ -321,26 +318,41 @@
+ static int connection_handle_read(server *srv, connection *con) {
+ int len;
+ buffer *b;
+- int toread;
++ int toread, read_offset;
+
+ if (con->conf.is_ssl) {
+ return connection_handle_read_ssl(srv, con);
+ }
+
++ b = (NULL != con->read_queue->last) ? con->read_queue->last->mem : NULL;
++
++ /* default size for chunks is 4kb; only use bigger chunks if FIONREAD tells
++ * us more than 4kb is available
++ * if FIONREAD doesn't signal a big chunk we fill the previous buffer
++ * if it has >= 1kb free
++ */
+ #if defined(__WIN32)
+- b = chunkqueue_get_append_buffer(con->read_queue);
+- buffer_prepare_copy(b, 4 * 1024);
+- len = recv(con->fd, b->ptr, b->size - 1, 0);
+-#else
+- if (ioctl(con->fd, FIONREAD, &toread) || toread == 0) {
++ if (NULL == b || b->size - b->used < 1024) {
+ b = chunkqueue_get_append_buffer(con->read_queue);
+ buffer_prepare_copy(b, 4 * 1024);
++ }
++
++ read_offset = (b->used == 0) ? 0 : b->used - 1;
++ len = recv(con->fd, b->ptr + read_offset, b->size - 1 - read_offset, 0);
++#else
++ if (ioctl(con->fd, FIONREAD, &toread) || toread == 0 || toread <= 4*1024) {
++ if (NULL == b || b->size - b->used < 1024) {
++ b = chunkqueue_get_append_buffer(con->read_queue);
++ buffer_prepare_copy(b, 4 * 1024);
++ }
+ } else {
+ if (toread > MAX_READ_LIMIT) toread = MAX_READ_LIMIT;
+ b = chunkqueue_get_append_buffer(con->read_queue);
+ buffer_prepare_copy(b, toread + 1);
+ }
+- len = read(con->fd, b->ptr, b->size - 1);
++
++ read_offset = (b->used == 0) ? 0 : b->used - 1;
++ len = read(con->fd, b->ptr + read_offset, b->size - 1 - read_offset);
+ #endif
+
+ if (len < 0) {
+@@ -374,7 +386,8 @@
+ con->is_readable = 0;
+ }
+
+- b->used = len;
++ if (b->used > 0) b->used--;
++ b->used += len;
+ b->ptr[b->used++] = '\0';
+
+ con->bytes_read += len;
+@@ -850,13 +863,6 @@
+ /* The cond_cache gets reset in response.c */
+ /* config_cond_cache_reset(srv, con); */
+
+-#ifdef USE_OPENSSL
+- if (con->ssl_error_want_reuse_buffer) {
+- buffer_free(con->ssl_error_want_reuse_buffer);
+- con->ssl_error_want_reuse_buffer = NULL;
+- }
+-#endif
+-
+ con->header_len = 0;
+ con->in_error_handler = 0;
+
+@@ -1128,8 +1134,15 @@
+ } else {
+ buffer *b;
+
+- b = chunkqueue_get_append_buffer(dst_cq);
+- buffer_copy_string_len(b, c->mem->ptr + c->offset, toRead);
++ if (dst_cq->last &&
++ dst_cq->last->type == MEM_CHUNK) {
++ b = dst_cq->last->mem;
++ } else {
++ b = chunkqueue_get_append_buffer(dst_cq);
++ /* prepare buffer size for remaining POST data; is < 64kb */
++ buffer_prepare_copy(b, con->request.content_length - dst_cq->bytes_in + 1);
++ }
++ buffer_append_string_len(b, c->mem->ptr + c->offset, toRead);
+ }
+
+ c->offset += toRead;
+Index: branches/lighttpd-1.4.x/src/chunk.c
+===================================================================
+--- branches/lighttpd-1.4.x/src/chunk.c (revision 2709)
++++ branches/lighttpd-1.4.x/src/chunk.c (revision 2710)
+@@ -197,8 +197,6 @@
+ int chunkqueue_append_buffer_weak(chunkqueue *cq, buffer *mem) {
+ chunk *c;
+
+- if (mem->used == 0) return 0;
+-
+ c = chunkqueue_get_unused_chunk(cq);
+ c->type = MEM_CHUNK;
+ c->offset = 0;
diff --git a/www-servers/lighttpd/lighttpd-1.4.25-r1.ebuild b/www-servers/lighttpd/lighttpd-1.4.25-r1.ebuild
new file mode 100644
index 000000000000..bcae5606b475
--- /dev/null
+++ b/www-servers/lighttpd/lighttpd-1.4.25-r1.ebuild
@@ -0,0 +1,213 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/lighttpd-1.4.25-r1.ebuild,v 1.1 2010/02/01 23:47:54 hoffie Exp $
+
+EAPI="2"
+
+inherit eutils autotools depend.php
+
+DESCRIPTION="Lightweight high-performance web server"
+HOMEPAGE="http://www.lighttpd.net/"
+SRC_URI="http://download.lighttpd.net/lighttpd/releases-1.4.x/${P}.tar.bz2"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~alpha amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"
+IUSE="bzip2 doc fam fastcgi gdbm ipv6 ldap lua minimal memcache mysql pcre php rrdtool ssl test webdav xattr"
+
+RDEPEND="
+ >=sys-libs/zlib-1.1
+ bzip2? ( app-arch/bzip2 )
+ fam? ( virtual/fam )
+ gdbm? ( sys-libs/gdbm )
+ ldap? ( >=net-nds/openldap-2.1.26 )
+ lua? ( >=dev-lang/lua-5.1 )
+ memcache? ( dev-libs/libmemcache )
+ mysql? ( >=virtual/mysql-4.0 )
+ pcre? ( >=dev-libs/libpcre-3.1 )
+ php? ( virtual/httpd-php )
+ rrdtool? ( net-analyzer/rrdtool )
+ ssl? ( >=dev-libs/openssl-0.9.7 )
+ webdav? (
+ dev-libs/libxml2
+ >=dev-db/sqlite-3
+ sys-fs/e2fsprogs
+ )
+ xattr? ( kernel_linux? ( sys-apps/attr ) )"
+
+DEPEND="${RDEPEND}
+ dev-util/pkgconfig
+ doc? ( dev-python/docutils )
+ test? (
+ virtual/perl-Test-Harness
+ dev-libs/fcgi
+ )"
+
+# update certain parts of lighttpd.conf based on conditionals
+update_config() {
+ local config="/etc/lighttpd/lighttpd.conf"
+
+ # enable php/mod_fastcgi settings
+ use php && \
+ dosed 's|#.*\(include.*fastcgi.*$\)|\1|' ${config}
+
+ # enable stat() caching
+ use fam && \
+ dosed 's|#\(.*stat-cache.*$\)|\1|' ${config}
+}
+
+# remove non-essential stuff (for USE=minimal)
+remove_non_essential() {
+ local libdir="${D}/usr/$(get_libdir)/${PN}"
+
+ # text docs
+ use doc || rm -fr "${D}"/usr/share/doc/${PF}/txt
+
+ # non-essential modules
+ rm -f \
+ ${libdir}/mod_{compress,evhost,expire,proxy,scgi,secdownload,simple_vhost,status,setenv,trigger*,usertrack}.*
+
+ # allow users to keep some based on USE flags
+ use pcre || rm -f ${libdir}/mod_{ssi,re{direct,write}}.*
+ use webdav || rm -f ${libdir}/mod_webdav.*
+ use mysql || rm -f ${libdir}/mod_mysql_vhost.*
+ use lua || rm -f ${libdir}/mod_{cml,magnet}.*
+ use rrdtool || rm -f ${libdir}/mod_rrdtool.*
+
+ if ! use fastcgi ; then
+ rm -f ${libdir}/mod_fastcgi.*
+ fi
+}
+
+pkg_setup() {
+ if ! use pcre ; then
+ ewarn "It is highly recommended that you build ${PN}"
+ ewarn "with perl regular expressions support via USE=pcre."
+ ewarn "Otherwise you lose support for some core options such"
+ ewarn "as conditionals and modules such as mod_re{write,direct}"
+ ewarn "and mod_ssi."
+ ebeep 5
+ fi
+
+ use php && require_php_with_use cgi
+
+ enewgroup lighttpd
+ enewuser lighttpd -1 -1 /var/www/localhost/htdocs lighttpd
+}
+
+src_prepare() {
+ epatch "${FILESDIR}"/1.4.25-fix-unknown-AM_SILENT_RULES.patch
+ epatch "${FILESDIR}"/1.4.25-fix-CVE-2010-0295.patch
+ # dev-python/docutils installs rst2html.py not rst2html
+ sed -i -e 's|\(rst2html\)|\1.py|g' doc/Makefile.am || \
+ die "sed doc/Makefile.am failed"
+
+ eautoreconf
+}
+
+src_configure() {
+ econf --libdir=/usr/$(get_libdir)/${PN} \
+ --enable-lfs \
+ $(use_enable ipv6) \
+ $(use_with bzip2) \
+ $(use_with fam) \
+ $(use_with gdbm) \
+ $(use_with lua) \
+ $(use_with ldap) \
+ $(use_with memcache) \
+ $(use_with mysql) \
+ $(use_with pcre) \
+ $(use_with ssl openssl) \
+ $(use_with webdav webdav-props) \
+ $(use_with webdav webdav-locks) \
+ $(use_with xattr attr)
+}
+
+src_compile() {
+ emake || die "emake failed"
+
+ if use doc ; then
+ einfo "Building HTML documentation"
+ cd doc
+ emake html || die "failed to build HTML documentation"
+ fi
+}
+
+src_test() {
+ if [[ ${EUID} -eq 0 ]]; then
+ default_src_test
+ else
+ ewarn "test skipped, please re-run as root if you wish to test ${PN}"
+ fi
+}
+
+src_install() {
+ make DESTDIR="${D}" install || die "make install failed"
+
+ # init script stuff
+ newinitd "${FILESDIR}"/lighttpd.initd lighttpd || die
+ newconfd "${FILESDIR}"/lighttpd.confd lighttpd || die
+ use fam && has_version app-admin/fam && \
+ sed -i 's/after famd/need famd/g' "${D}"/etc/init.d/lighttpd
+
+ # configs
+ insinto /etc/lighttpd
+ doins "${FILESDIR}"/conf/lighttpd.conf
+ doins "${FILESDIR}"/conf/mime-types.conf
+ doins "${FILESDIR}"/conf/mod_cgi.conf
+ doins "${FILESDIR}"/conf/mod_fastcgi.conf
+ # Secure directory for fastcgi sockets
+ keepdir /var/run/lighttpd/
+ fperms 0750 /var/run/lighttpd/
+ fowners lighttpd:lighttpd /var/run/lighttpd/
+
+ # update lighttpd.conf directives based on conditionals
+ update_config
+
+ # docs
+ dodoc AUTHORS README NEWS doc/*.sh
+ newdoc doc/lighttpd.conf lighttpd.conf.distrib
+
+ use doc && dohtml -r doc/*
+
+ docinto txt
+ dodoc doc/*.txt
+
+ # logrotate
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/lighttpd.logrotate lighttpd || die
+
+ keepdir /var/l{ib,og}/lighttpd /var/www/localhost/htdocs
+ fowners lighttpd:lighttpd /var/l{ib,og}/lighttpd
+ fperms 0750 /var/l{ib,og}/lighttpd
+
+ #spawn-fcgi may optionally be installed via www-servers/spawn-fcgi
+ rm -f "${D}"/usr/bin/spawn-fcgi "${D}"/usr/share/man/man1/spawn-fcgi.*
+
+ use minimal && remove_non_essential
+}
+
+pkg_postinst () {
+ echo
+ if [[ -f ${ROOT}etc/conf.d/spawn-fcgi.conf ]] ; then
+ einfo "spawn-fcgi is now provided by www-servers/spawn-fcgi."
+ einfo "spawn-fcgi's init script configuration is now located"
+ einfo "at /etc/conf.d/spawn-fcgi."
+ echo
+ fi
+
+ if [[ -f ${ROOT}etc/lighttpd.conf ]] ; then
+ ewarn "Gentoo has a customized configuration,"
+ ewarn "which is now located in /etc/lighttpd. Please migrate your"
+ ewarn "existing configuration."
+ ebeep 5
+ fi
+
+ if use fastcgi; then
+ ewarn "As of lighttpd-1.4.22, spawn-fcgi is provided by the separate"
+ ewarn "www-servers/spawn-fcgi package. Please install it manually, if"
+ ewarn "you use spawn-fcgi."
+ ewarn "It features a new, more featurefull init script - please migrate"
+ ewarn "your configuration!"
+ fi
+}