A small security patch for QuickPage

Below is a small patch I've authored for the QuickPage daemon by Thomas Dwyer III.

The changes as outlined in the CHANGES file are:

		Changes to QuickPage from v3.3 to v3.3.1-unleash
		------------------------------------------------
		Patch by Michael Fincham <michael@unleash.co.nz>

	- The new "-b" option has been added to specify a bind address 
	  for the qpage daemon.

	- The default user the daemon runs as is now "qpage" instead 
	  of "nobody".

	- To be honest, the -b option doesn't sanitise input very well
	  so don't setuid root the qpage binary or anything dumb like that. 

While I haven't identified any specific security issues in the code in many cases there's no point in having qpage listen on 0.0.0.0, so the new "-b" option allows for binding to e.g 127.0.0.1

As a bonus I've also included below a Debian init script to start qpage as a daemon listening on localhost. The package builds to a .deb cleanly with "checkinstall" both with and without the patch supplied here.

QuickPage is supplied under some arbitrary licence that I may not have entirely grokked, so if you feel like I'm violating some term of the licence do let me know.

[ICO]NameLast modifiedSizeDescription

[PARENTDIR]Parent Directory  -  
[   ]qpage-3.3.tar2011-01-27 10:52 562K 
[   ]qpage-3.3.tar.gpg2011-01-27 10:59 165K 
[TXT]qpage.init.d2011-01-27 10:58 3.9K 
[TXT]qpage.init.d.gpg2011-01-27 10:59 2.0K 
[TXT]qpage.patch2011-01-27 10:52 6.0K 
[TXT]qpage.patch.gpg2011-01-27 10:59 2.5K 

Apache Server at finch.am Port 443