subject:"CVS commit\: \[netbsd\-7\-1\] src\/libexec\/httpd"

CVS commit: [netbsd-7-1] src/libexec/httpd

2019-06-15 Thread Martin Husemann

Module Name:src
Committed By:   martin
Date:   Sat Jun 15 15:56:22 UTC 2019

Modified Files:
src/libexec/httpd [netbsd-7-1]: CHANGES Makefile auth-bozo.c
bozohttpd.8 bozohttpd.c bozohttpd.h cgi-bozo.c daemon-bozo.c
dir-index-bozo.c ssl-bozo.c
src/libexec/httpd/testsuite [netbsd-7-1]: Makefile t11.out test-bigfile
test-simple

Log Message:
Pull up the following revisions (via patch) requested by mrg in ticket #1699:

libexec/httpd/CHANGES   1.31-1.40
libexec/httpd/Makefile  1.28
libexec/httpd/auth-bozo.c   1.23-1.24
libexec/httpd/bozohttpd.8   1.75-1.79
libexec/httpd/bozohttpd.c   1.100-1.113
libexec/httpd/bozohttpd.h   1.58-1.60
libexec/httpd/cgi-bozo.c1.46-1.48
libexec/httpd/daemon-bozo.c 1.20-1.21
libexec/httpd/dir-index-bozo.c  1.29-1.32
libexec/httpd/ssl-bozo.c1.26
libexec/httpd/testsuite/Makefile1.12-1.13
libexec/httpd/testsuite/t11.out 1.2
libexec/httpd/testsuite/test-bigfile1.6
libexec/httpd/testsuite/test-simple 1.6

Don't display special files in the directory index.  They aren't
served, but links to them are generated.
---
All from "Rajeev V. Pillai" :
- use html tables for directory index.
- don't include "index.html" in html headers
- additional escaping of names
- re-add top/bottom borders
- adds an aquamarine table header
- Zebra-stripes table rows using CSS instead of code
- fix CGI '+' param and error handling.
- remove unused parameter to daemon_poll_err().
- avoid sign extension in % handling
fix a few problems pointed out by clang static analyzer:
- bozostrnsep() may return with "in = NULL", so check for it.
- nul terminating in bozo_escape_rfc3986() can be simpler
- don't use uniinit variables in check_remap()
- don't use re-used freed data in check_virtual().
- fix bozoprefs->size setting when increasing the size (new total was
  being added to the prior total.)
  however, bozostrdup() may reference request->hr_file.
---
Add ssl specific timeout value (30s).  If SSL_accept() doesn't
work with in this timeout value, ssl setup now fails.
---
Fix handling of bozo_set_timeout() timeouts (and `-T' option parsing)
---
Avoid .htpasswd exposure to authenticated users when .htpasswd is
in the slashdir too.
---
Avoid possible NULL dereference when sending a big request that timeout.
---
Use strings.h for strcasecmp (on linux)
---
Account for cgihandler being set when counting the number of CGI environment
headers we are about to set. Avoids an assertion failure (and overruninng
the array) later.


To generate a diff of this commit:
cvs rdiff -u -r1.19.2.5.2.2 -r1.19.2.5.2.3 src/libexec/httpd/CHANGES
cvs rdiff -u -r1.22.2.2.4.1 -r1.22.2.2.4.2 src/libexec/httpd/Makefile
cvs rdiff -u -r1.13.2.2.4.1 -r1.13.2.2.4.2 src/libexec/httpd/auth-bozo.c
cvs rdiff -u -r1.46.4.8.2.1 -r1.46.4.8.2.2 src/libexec/httpd/bozohttpd.8
cvs rdiff -u -r1.56.2.8.2.2 -r1.56.2.8.2.3 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.33.2.6.2.2 -r1.33.2.6.2.3 src/libexec/httpd/bozohttpd.h
cvs rdiff -u -r1.25.2.7.2.3 -r1.25.2.7.2.4 src/libexec/httpd/cgi-bozo.c
cvs rdiff -u -r1.16.4.1.4.1 -r1.16.4.1.4.2 src/libexec/httpd/daemon-bozo.c
cvs rdiff -u -r1.19.4.2.4.1 -r1.19.4.2.4.2 src/libexec/httpd/dir-index-bozo.c
cvs rdiff -u -r1.18.2.1.4.1 -r1.18.2.1.4.2 src/libexec/httpd/ssl-bozo.c
cvs rdiff -u -r1.4.24.3.2.1 -r1.4.24.3.2.2 \
src/libexec/httpd/testsuite/Makefile
cvs rdiff -u -r1.1.4.2 -r1.1.4.2.2.1 src/libexec/httpd/testsuite/t11.out
cvs rdiff -u -r1.1.1.1.30.3.2.1 -r1.1.1.1.30.3.2.2 \
src/libexec/httpd/testsuite/test-bigfile
cvs rdiff -u -r1.2.4.3.2.1 -r1.2.4.3.2.2 \
src/libexec/httpd/testsuite/test-simple

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-7-1] src/libexec/httpd

2019-06-15 Thread Martin Husemann

Module Name:src
Committed By:   martin
Date:   Sat Jun 15 15:56:22 UTC 2019

Modified Files:
src/libexec/httpd [netbsd-7-1]: CHANGES Makefile auth-bozo.c
bozohttpd.8 bozohttpd.c bozohttpd.h cgi-bozo.c daemon-bozo.c
dir-index-bozo.c ssl-bozo.c
src/libexec/httpd/testsuite [netbsd-7-1]: Makefile t11.out test-bigfile
test-simple

Log Message:
Pull up the following revisions (via patch) requested by mrg in ticket #1699:

libexec/httpd/CHANGES   1.31-1.40
libexec/httpd/Makefile  1.28
libexec/httpd/auth-bozo.c   1.23-1.24
libexec/httpd/bozohttpd.8   1.75-1.79
libexec/httpd/bozohttpd.c   1.100-1.113
libexec/httpd/bozohttpd.h   1.58-1.60
libexec/httpd/cgi-bozo.c1.46-1.48
libexec/httpd/daemon-bozo.c 1.20-1.21
libexec/httpd/dir-index-bozo.c  1.29-1.32
libexec/httpd/ssl-bozo.c1.26
libexec/httpd/testsuite/Makefile1.12-1.13
libexec/httpd/testsuite/t11.out 1.2
libexec/httpd/testsuite/test-bigfile1.6
libexec/httpd/testsuite/test-simple 1.6

Don't display special files in the directory index.  They aren't
served, but links to them are generated.
---
All from "Rajeev V. Pillai" :
- use html tables for directory index.
- don't include "index.html" in html headers
- additional escaping of names
- re-add top/bottom borders
- adds an aquamarine table header
- Zebra-stripes table rows using CSS instead of code
- fix CGI '+' param and error handling.
- remove unused parameter to daemon_poll_err().
- avoid sign extension in % handling
fix a few problems pointed out by clang static analyzer:
- bozostrnsep() may return with "in = NULL", so check for it.
- nul terminating in bozo_escape_rfc3986() can be simpler
- don't use uniinit variables in check_remap()
- don't use re-used freed data in check_virtual().
- fix bozoprefs->size setting when increasing the size (new total was
  being added to the prior total.)
  however, bozostrdup() may reference request->hr_file.
---
Add ssl specific timeout value (30s).  If SSL_accept() doesn't
work with in this timeout value, ssl setup now fails.
---
Fix handling of bozo_set_timeout() timeouts (and `-T' option parsing)
---
Avoid .htpasswd exposure to authenticated users when .htpasswd is
in the slashdir too.
---
Avoid possible NULL dereference when sending a big request that timeout.
---
Use strings.h for strcasecmp (on linux)
---
Account for cgihandler being set when counting the number of CGI environment
headers we are about to set. Avoids an assertion failure (and overruninng
the array) later.


To generate a diff of this commit:
cvs rdiff -u -r1.19.2.5.2.2 -r1.19.2.5.2.3 src/libexec/httpd/CHANGES
cvs rdiff -u -r1.22.2.2.4.1 -r1.22.2.2.4.2 src/libexec/httpd/Makefile
cvs rdiff -u -r1.13.2.2.4.1 -r1.13.2.2.4.2 src/libexec/httpd/auth-bozo.c
cvs rdiff -u -r1.46.4.8.2.1 -r1.46.4.8.2.2 src/libexec/httpd/bozohttpd.8
cvs rdiff -u -r1.56.2.8.2.2 -r1.56.2.8.2.3 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.33.2.6.2.2 -r1.33.2.6.2.3 src/libexec/httpd/bozohttpd.h
cvs rdiff -u -r1.25.2.7.2.3 -r1.25.2.7.2.4 src/libexec/httpd/cgi-bozo.c
cvs rdiff -u -r1.16.4.1.4.1 -r1.16.4.1.4.2 src/libexec/httpd/daemon-bozo.c
cvs rdiff -u -r1.19.4.2.4.1 -r1.19.4.2.4.2 src/libexec/httpd/dir-index-bozo.c
cvs rdiff -u -r1.18.2.1.4.1 -r1.18.2.1.4.2 src/libexec/httpd/ssl-bozo.c
cvs rdiff -u -r1.4.24.3.2.1 -r1.4.24.3.2.2 \
src/libexec/httpd/testsuite/Makefile
cvs rdiff -u -r1.1.4.2 -r1.1.4.2.2.1 src/libexec/httpd/testsuite/t11.out
cvs rdiff -u -r1.1.1.1.30.3.2.1 -r1.1.1.1.30.3.2.2 \
src/libexec/httpd/testsuite/test-bigfile
cvs rdiff -u -r1.2.4.3.2.1 -r1.2.4.3.2.2 \
src/libexec/httpd/testsuite/test-simple

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/CHANGES
diff -u src/libexec/httpd/CHANGES:1.19.2.5.2.2 src/libexec/httpd/CHANGES:1.19.2.5.2.3
--- src/libexec/httpd/CHANGES:1.19.2.5.2.2	Wed Nov 28 19:56:09 2018
+++ src/libexec/httpd/CHANGES	Sat Jun 15 15:56:21 2019
@@ -1,4 +1,24 @@
-$NetBSD: CHANGES,v 1.19.2.5.2.2 2018/11/28 19:56:09 martin Exp $
+$NetBSD: CHANGES,v 1.19.2.5.2.3 2019/06/15 15:56:21 martin Exp $
+
+changes in bozohttpd 20190228:
+	o  extend timeout facility to ssl and stop servers hanging forever
+	   if the client never sends anything.  reported by Steffen in netbsd
+	   PR#50655.
+	o  don't display special files in the directory index.  they aren't
+	   served, but links to them are generated.
+	o  fix CGI '+' parameter handling, some error checking, and a double
+	   free.  from rajeev_v_pil...@yahoo.com
+	o  more directory indexing clean up.  from rajeev_v_pil...@yahoo.com
+
+changes in bozohttpd 20181215:
+	o  fix .htpasswd bypass for authenticated users.  reported

CVS commit: [netbsd-7-1] src/libexec/httpd

CVS commit: [netbsd-7-1] src/libexec/httpd

2 matches

Site Navigation

Mail list logo

Footer information