head 1.58; access; symbols netbsd-11-0-RC4:1.56.4.2 bozohttpd-20260503:1.57 bozohttpd-20240428:1.56 netbsd-11-0-RC3:1.56 netbsd-11-0-RC2:1.56 netbsd-11-0-RC1:1.56 perseant-exfatfs-base-20250801:1.56 netbsd-11:1.56.0.4 netbsd-11-base:1.56 netbsd-10-1-RELEASE:1.54 perseant-exfatfs-base-20240630:1.56 perseant-exfatfs:1.56.0.2 perseant-exfatfs-base:1.56 netbsd-8-3-RELEASE:1.25.4.4 netbsd-9-4-RELEASE:1.40.2.1 netbsd-10-0-RELEASE:1.54 netbsd-10-0-RC6:1.54 netbsd-10-0-RC5:1.54 netbsd-10-0-RC4:1.54 bozohttpd-20240126:1.55 netbsd-10-0-RC3:1.54 netbsd-10-0-RC2:1.54 netbsd-10-0-RC1:1.54 netbsd-10:1.54.0.2 netbsd-10-base:1.54 netbsd-9-3-RELEASE:1.40.2.1 bozohttpd-20220517:1.53 cjep_sun2x-base1:1.49 cjep_sun2x:1.49.0.4 cjep_sun2x-base:1.49 cjep_staticlib_x-base1:1.49 netbsd-9-2-RELEASE:1.40.2.1 cjep_staticlib_x:1.49.0.2 cjep_staticlib_x-base:1.49 bozohttpd-20210227:1.47 netbsd-9-1-RELEASE:1.40 bozohttpd-20201014:1.44 bozohttpd-20200820:1.41 bozohttpd-20190228:1.40 phil-wifi-20200421:1.40 phil-wifi-20200411:1.40 is-mlppp:1.40.0.4 is-mlppp-base:1.40 phil-wifi-20200406:1.40 netbsd-8-2-RELEASE:1.25.4.3 netbsd-9-0-RELEASE:1.40 netbsd-9-0-RC2:1.40 netbsd-9-0-RC1:1.40 phil-wifi-20191119:1.40 netbsd-9:1.40.0.2 netbsd-9-base:1.40 phil-wifi-20190609:1.40 netbsd-8-1-RELEASE:1.25.4.2 netbsd-8-1-RC1:1.25.4.2 pgoyette-compat-merge-20190127:1.25.10.4 pgoyette-compat-20190127:1.37 pgoyette-compat-20190118:1.36 pgoyette-compat-1226:1.34 pgoyette-compat-1126:1.29 bozohttpd-20181125:1.29 bozohttpd-20181123:1.28 bozohttpd-20181121:1.28 bozohttpd-20181118:1.26 pgoyette-compat-1020:1.25 pgoyette-compat-0930:1.25 pgoyette-compat-0906:1.25 netbsd-7-2-RELEASE:1.19.2.5 pgoyette-compat-0728:1.25 netbsd-8-0-RELEASE:1.25 phil-wifi:1.25.0.12 phil-wifi-base:1.25 pgoyette-compat-0625:1.25 netbsd-8-0-RC2:1.25 pgoyette-compat-0521:1.25 pgoyette-compat-0502:1.25 pgoyette-compat-0422:1.25 netbsd-8-0-RC1:1.25 pgoyette-compat-0415:1.25 pgoyette-compat-0407:1.25 pgoyette-compat-0330:1.25 pgoyette-compat-0322:1.25 pgoyette-compat-0315:1.25 netbsd-7-1-2-RELEASE:1.19.2.5 pgoyette-compat:1.25.0.10 pgoyette-compat-base:1.25 netbsd-7-1-1-RELEASE:1.19.2.5 matt-nb8-mediatek:1.25.0.8 matt-nb8-mediatek-base:1.25 perseant-stdc-iso10646:1.25.0.6 perseant-stdc-iso10646-base:1.25 netbsd-8:1.25.0.4 netbsd-8-base:1.25 prg-localcount2-base3:1.25 prg-localcount2-base2:1.25 prg-localcount2-base1:1.25 prg-localcount2:1.25.0.2 prg-localcount2-base:1.25 pgoyette-localcount-20170426:1.25 bouyer-socketcan-base1:1.25 pgoyette-localcount-20170320:1.25 netbsd-7-1:1.19.2.5.0.2 netbsd-7-1-RELEASE:1.19.2.5 netbsd-7-1-RC2:1.19.2.5 netbsd-7-nhusb-base-20170116:1.19.2.4 bouyer-socketcan:1.24.0.2 bouyer-socketcan-base:1.24 pgoyette-localcount-20170107:1.24 netbsd-7-1-RC1:1.19.2.4 pgoyette-localcount-20161104:1.24 netbsd-7-0-2-RELEASE:1.19.2.1.2.1 localcount-20160914:1.24 netbsd-7-nhusb:1.19.2.3.0.2 netbsd-7-nhusb-base:1.19.2.3 pgoyette-localcount-20160806:1.23 pgoyette-localcount-20160726:1.23 pgoyette-localcount:1.23.0.2 pgoyette-localcount-base:1.23 netbsd-7-0-1-RELEASE:1.19.2.1.2.1 netbsd-7-0:1.19.2.1.0.2 netbsd-7-0-RELEASE:1.19.2.1 netbsd-7-0-RC3:1.19.2.1 netbsd-7-0-RC2:1.19.2.1 netbsd-7-0-RC1:1.19.2.1 bozohttpd-20150320:1.20 bozohttpd-20141225:1.19 netbsd-5-2-3-RELEASE:1.2.20.1 netbsd-5-1-5-RELEASE:1.2.16.1 netbsd-6-0-6-RELEASE:1.11.6.1 netbsd-6-1-5-RELEASE:1.11.8.1 netbsd-7:1.19.0.2 netbsd-7-base:1.19 yamt-pagecache-base9:1.15 yamt-pagecache-tag8:1.10.6.2 netbsd-6-1-4-RELEASE:1.11 netbsd-6-0-5-RELEASE:1.11 tls-earlyentropy:1.15.0.2 tls-earlyentropy-base:1.19 riastradh-xf86-video-intel-2-7-1-pre-2-21-15:1.15 riastradh-drm2-base3:1.15 netbsd-6-1-3-RELEASE:1.11 netbsd-6-0-4-RELEASE:1.11 netbsd-5-2-2-RELEASE:1.2 netbsd-5-1-4-RELEASE:1.2 bozohttpd-20140102:1.14 netbsd-6-1-2-RELEASE:1.11 netbsd-6-0-3-RELEASE:1.11 netbsd-5-2-1-RELEASE:1.2 netbsd-5-1-3-RELEASE:1.2 netbsd-6-1-1-RELEASE:1.11 riastradh-drm2-base2:1.13 riastradh-drm2-base1:1.13 riastradh-drm2:1.13.0.2 riastradh-drm2-base:1.13 bozohttpd-20130711:1.13 netbsd-6-1:1.11.0.8 netbsd-6-0-2-RELEASE:1.11 netbsd-6-1-RELEASE:1.11 netbsd-6-1-RC4:1.11 netbsd-6-1-RC3:1.11 agc-symver:1.12.0.6 agc-symver-base:1.12 netbsd-6-1-RC2:1.11 netbsd-6-1-RC1:1.11 yamt-pagecache-base8:1.12 netbsd-5-2:1.2.0.20 netbsd-6-0-1-RELEASE:1.11 yamt-pagecache-base7:1.12 netbsd-5-2-RELEASE:1.2 netbsd-5-2-RC1:1.2 matt-nb6-plus-nbase:1.11 yamt-pagecache-base6:1.12 netbsd-6-0:1.11.0.6 netbsd-6-0-RELEASE:1.11 netbsd-6-0-RC2:1.11 tls-maxphys:1.12.0.2 tls-maxphys-base:1.19 matt-nb6-plus:1.11.0.4 matt-nb6-plus-base:1.11 netbsd-6-0-RC1:1.11 yamt-pagecache-base5:1.11 yamt-pagecache-base4:1.11 netbsd-6:1.11.0.2 netbsd-6-base:1.11 netbsd-5-1-2-RELEASE:1.2 netbsd-5-1-1-RELEASE:1.2 bozohttpd-20111118:1.1.1.11 yamt-pagecache-base3:1.10 yamt-pagecache-base2:1.10 yamt-pagecache:1.10.0.6 yamt-pagecache-base:1.10 cherry-xenmp:1.10.0.4 cherry-xenmp-base:1.10 bouyer-quota2-nbase:1.10 bouyer-quota2:1.10.0.2 bouyer-quota2-base:1.10 matt-mips64-premerge-20101231:1.10 matt-nb5-pq3:1.2.0.18 matt-nb5-pq3-base:1.2 netbsd-5-1:1.2.0.16 netbsd-5-1-RELEASE:1.2 bozohttpd-20100920:1.1.1.10 netbsd-5-1-RC4:1.2 bozohttpd-20100621:1.1.1.9 bozohttpd-20100617:1.1.1.8 netbsd-5-1-RC3:1.2 netbsd-5-1-RC2:1.2 bozohttpd-20100512:1.1.1.7 bozohttpd-20100510:1.1.1.6 bozohttpd-20100509:1.1.1.6 netbsd-5-1-RC1:1.2 netbsd-5-0-2-RELEASE:1.2 matt-premerge-20091211:1.5 netbsd-5-0-1-RELEASE:1.2 bozohttpd-20090522:1.1.1.5 jym-xensuspend-nbase:1.4 netbsd-5-0:1.2.0.14 netbsd-5-0-RELEASE:1.2 bozohttpd-20090418:1.1.1.4 mrg-merged-to-bozohttpd-20090417-post:1.3 bozohttpd-20090417:1.1.1.3 netbsd-5-0-RC4:1.2 netbsd-5-0-RC3:1.2 netbsd-5-0-RC2:1.2 jym-xensuspend:1.2.0.12 jym-xensuspend-base:1.4 netbsd-5-0-RC1:1.2 netbsd-5:1.2.0.10 netbsd-5-base:1.2 mjf-devfs2:1.2.0.8 mjf-devfs2-base:1.2 yamt-pf42-base4:1.2 yamt-pf42-base3:1.2 hpcarm-cleanup-nbase:1.2 yamt-pf42-base2:1.2 yamt-pf42:1.2.0.6 yamt-pf42-base:1.2 bozohttpd-20080303:1.1.1.2 keiichi-mipv6:1.2.0.4 keiichi-mipv6-base:1.2 cube-autoconf:1.2.0.2 cube-autoconf-base:1.2 hpcarm-cleanup-base:1.2 bozohttpd-20060517:1.1.1.1 bozohttpd:1.1.1; locks; strict; comment @# @; 1.58 date 2026.05.08.16.46.40; author mrg; state Exp; branches; next 1.57; commitid LJb4t6wbacwq12FG; 1.57 date 2026.05.03.21.52.14; author mrg; state Exp; branches; next 1.56; commitid 9PlnSfQuKyDTRpEG; 1.56 date 2024.04.28.17.12.30; author maya; state Exp; branches 1.56.4.1; next 1.55; commitid EGDANYUG1OS0XV7F; 1.55 date 2024.01.26.23.19.44; author mrg; state Exp; branches; next 1.54; commitid FbNgebtBXPUiY0WE; 1.54 date 2022.11.02.20.38.21; author andvar; state Exp; branches 1.54.2.1; next 1.53; commitid wNMZMsdpb88zxa0E; 1.53 date 2022.01.04.06.08.14; author kim; state Exp; branches; next 1.52; commitid 0Btwi0nJSag4rhnD; 1.52 date 2021.09.03.21.54.59; author andvar; state Exp; branches; next 1.51; commitid whDtCae9KGwmCy7D; 1.51 date 2021.08.24.09.53.26; author mrg; state Exp; branches; next 1.50; commitid bdZrc3bKXG2pXc6D; 1.50 date 2021.08.24.09.47.36; author mrg; state Exp; branches; next 1.49; commitid oJviASWoXkhYUc6D; 1.49 date 2021.05.05.07.41.48; author mrg; state Exp; branches; next 1.48; commitid A4ueIHIp3JgjNVRC; 1.48 date 2021.04.04.18.14.26; author mrg; state Exp; branches; next 1.47; commitid T1mmeS9kU9aZh0OC; 1.47 date 2021.02.27.12.55.25; author mrg; state Exp; branches; next 1.46; commitid 6w6rxS7qYXNDGlJC; 1.46 date 2021.02.27.12.36.46; author mrg; state Exp; branches; next 1.45; commitid 1XldDyMmw50dAlJC; 1.45 date 2021.02.11.09.23.55; author mrg; state Exp; branches; next 1.44; commitid iGHHLmATAQ8R1hHC; 1.44 date 2020.10.15.04.21.53; author mrg; state Exp; branches; next 1.43; commitid Xz3xZ714hbakbXrC; 1.43 date 2020.10.15.02.19.23; author mrg; state Exp; branches; next 1.42; commitid l1bexBbWAmYVuWrC; 1.42 date 2020.09.12.12.39.28; author rhialto; state Exp; branches; next 1.41; commitid bmVgYmCjBNbtZKnC; 1.41 date 2020.08.20.07.55.10; author mrg; state Exp; branches; next 1.40; commitid dqHpMuTHuGhhaMkC; 1.40 date 2019.02.28.09.16.42; author mrg; state Exp; branches 1.40.2.1; next 1.39; commitid v3owIg3ITMgmWvdB; 1.39 date 2019.01.27.04.40.57; author dholland; state Exp; branches; next 1.38; commitid kVGcra6EysLDrn9B; 1.38 date 2019.01.27.02.08.36; author pgoyette; state Exp; branches; next 1.37; commitid ipPva1Pj3xTcBm9B; 1.37 date 2019.01.22.05.32.57; author mrg; state Exp; branches; next 1.36; commitid jEPmdMNhwIRiTJ8B; 1.36 date 2019.01.17.07.46.16; author mrg; state Exp; branches; next 1.35; commitid o0rBSdvPLKKiM68B; 1.35 date 2019.01.17.07.34.06; author mrg; state Exp; branches; next 1.34; commitid i0gpj2qwoKYKI68B; 1.34 date 2018.12.19.12.40.32; author mrg; state Exp; branches; next 1.33; commitid PlK6kmQeOMsFlp4B; 1.33 date 2018.12.18.23.11.40; author mrg; state Exp; branches; next 1.32; commitid gVCZGjhVlPikSk4B; 1.32 date 2018.12.15.12.52.36; author leot; state Exp; branches; next 1.31; commitid 2EzLyfUjlqjCxT3B; 1.31 date 2018.12.04.02.52.42; author mrg; state Exp; branches; next 1.30; commitid kjRlsN1LQpRPzq2B; 1.30 date 2018.11.25.23.48.14; author mrg; state Exp; branches; next 1.29; commitid R9B2XsPS58oKOn1B; 1.29 date 2018.11.25.23.37.09; author mrg; state Exp; branches; next 1.28; commitid bOlVevRcM3oWKn1B; 1.28 date 2018.11.21.09.37.02; author mrg; state Exp; branches; next 1.27; commitid yeR5yTgAssJteN0B; 1.27 date 2018.11.20.01.06.46; author mrg; state Exp; branches; next 1.26; commitid XYgWE3S6fC4ppC0B; 1.26 date 2018.11.19.04.14.59; author mrg; state Exp; branches; next 1.25; commitid kFB6nju28WmHvv0B; 1.25 date 2017.01.31.14.33.54; author mrg; state Exp; branches 1.25.4.1 1.25.10.1 1.25.12.1; next 1.24; commitid BX7leUhVGCoN28Ez; 1.24 date 2016.08.20.00.36.41; author mrg; state Exp; branches 1.24.2.1; next 1.23; commitid x1BTql5ub30rHYiz; 1.23 date 2016.05.24.21.18.29; author agc; state Exp; branches 1.23.2.1; next 1.22; commitid YYfiNTWLJRHGnM7z; 1.22 date 2016.04.15.17.57.21; author mrg; state Exp; branches; next 1.21; commitid 6SFvNhjiTUKmxK2z; 1.21 date 2015.10.28.09.20.15; author shm; state Exp; branches; next 1.20; commitid YKDokj3rLHQP8RGy; 1.20 date 2015.03.20.19.54.53; author mrg; state Exp; branches; next 1.19; commitid a447pRbcHXuYMney; 1.19 date 2014.07.17.10.21.51; author mrg; state Exp; branches 1.19.2.1; next 1.18; commitid bJ38hVz4ocMKwIIx; 1.18 date 2014.07.08.14.06.17; author mrg; state Exp; branches; next 1.17; commitid KIj0PMyvPNvH3AHx; 1.17 date 2014.07.08.14.01.21; author mrg; state Exp; branches; next 1.16; commitid N6mWgqErGWoG1AHx; 1.16 date 2014.05.17.05.50.46; author mrg; state Exp; branches; next 1.15; commitid MrGFmYxLnU4nZQAx; 1.15 date 2014.02.02.03.13.31; author mrg; state Exp; branches 1.15.2.1; next 1.14; commitid 9Urj25H1F5HEstnx; 1.14 date 2014.01.02.08.21.38; author mrg; state Exp; branches; next 1.13; commitid yV9n16GqKmvS9wjx; 1.13 date 2013.07.11.07.44.19; author mrg; state Exp; branches; next 1.12; commitid jaOvLyMp7S6Iz1Xw; 1.12 date 2012.07.19.09.53.06; author mrg; state Exp; branches 1.12.2.1; next 1.11; 1.11 date 2011.11.18.09.51.31; author mrg; state Exp; branches 1.11.2.1 1.11.6.1 1.11.8.1; next 1.10; 1.10 date 2010.09.20.23.11.38; author mrg; state Exp; branches 1.10.6.1; next 1.9; 1.9 date 2010.06.22.05.24.12; author mrg; state Exp; branches; next 1.8; 1.8 date 2010.06.17.19.43.30; author mrg; state Exp; branches; next 1.7; 1.7 date 2010.05.15.06.48.27; author mrg; state Exp; branches; next 1.6; 1.6 date 2010.05.10.03.37.45; author mrg; state Exp; branches; next 1.5; 1.5 date 2009.05.23.02.26.03; author mrg; state Exp; branches; next 1.4; 1.4 date 2009.04.18.21.22.03; author mrg; state Exp; branches; next 1.3; 1.3 date 2009.04.18.07.48.02; author mrg; state Exp; branches; next 1.2; 1.2 date 2007.10.16.01.31.03; author tls; state dead; branches 1.2.10.1 1.2.12.1 1.2.16.1 1.2.20.1; next 1.1; 1.1 date 2007.10.16.01.14.01; author tls; state Exp; branches 1.1.1.1; next ; 1.56.4.1 date 2026.05.07.15.51.07; author martin; state Exp; branches; next 1.56.4.2; commitid l8UPHsJTGnlpKTEG; 1.56.4.2 date 2026.05.08.19.48.27; author martin; state Exp; branches; next ; commitid z11clNUYkpRP13FG; 1.54.2.1 date 2025.07.29.09.32.13; author martin; state Exp; branches; next 1.54.2.2; commitid ss0V5NxBSp9qIC4G; 1.54.2.2 date 2026.05.07.17.29.07; author martin; state Exp; branches; next ; commitid HuGNWaXvT7M1iUEG; 1.40.2.1 date 2021.03.05.13.34.19; author martin; state Exp; branches; next ; commitid n1snW5vVPzYiG7KC; 1.25.4.1 date 2018.11.24.17.13.51; author martin; state Exp; branches; next 1.25.4.2; commitid uWLCjvlvfCBpFd1B; 1.25.4.2 date 2018.11.28.19.50.37; author martin; state Exp; branches; next 1.25.4.3; commitid NACIVd8NPNyhpK1B; 1.25.4.3 date 2019.06.12.10.32.00; author martin; state Exp; branches; next 1.25.4.4; commitid PJR2ZrMMmyeSZSqB; 1.25.4.4 date 2021.03.27.13.38.51; author martin; state Exp; branches; next ; commitid 0fy0WIi8VRCg1XMC; 1.25.10.1 date 2018.11.26.01.52.13; author pgoyette; state Exp; branches; next 1.25.10.2; commitid Zj4q5SspGdKXto1B; 1.25.10.2 date 2018.12.26.14.01.28; author pgoyette; state Exp; branches; next 1.25.10.3; commitid xUhK8IAeBM1azj5B; 1.25.10.3 date 2019.01.18.08.50.11; author pgoyette; state Exp; branches; next 1.25.10.4; commitid Lmlzg3OVT2cd6f8B; 1.25.10.4 date 2019.01.26.21.59.58; author pgoyette; state Exp; branches; next ; commitid JKpcmvSjdT25dl9B; 1.25.12.1 date 2019.06.10.22.05.29; author christos; state Exp; branches; next ; commitid jtc8rnCzWiEEHGqB; 1.24.2.1 date 2017.04.21.16.53.12; author bouyer; state Exp; branches; next ; commitid dUG7nkTKALCadqOz; 1.23.2.1 date 2017.03.20.06.57.00; author pgoyette; state Exp; branches; next ; commitid jjw7cAwgyKq7RfKz; 1.19.2.1 date 2015.04.19.04.44.03; author msaitoh; state Exp; branches 1.19.2.1.2.1; next 1.19.2.2; commitid njYJzTFGbIsUM9iy; 1.19.2.2 date 2016.04.10.10.33.11; author martin; state Exp; branches; next 1.19.2.3; commitid bbLuZQFN3EQMe42z; 1.19.2.3 date 2016.04.15.19.01.05; author snj; state Exp; branches 1.19.2.3.2.1; next 1.19.2.4; commitid wb0qOtFVsk0pTK2z; 1.19.2.4 date 2016.12.23.07.42.09; author snj; state Exp; branches; next 1.19.2.5; commitid NN4w7Q2T4fuf25zz; 1.19.2.5 date 2017.02.12.22.07.17; author snj; state Exp; branches 1.19.2.5.2.1; next 1.19.2.6; commitid k0fmNBASWNSmbIFz; 1.19.2.6 date 2018.11.24.17.22.57; author martin; state Exp; branches; next 1.19.2.7; commitid 9CQaC30uxHyxId1B; 1.19.2.7 date 2018.11.28.19.54.18; author martin; state Exp; branches; next 1.19.2.8; commitid AgIZlwlR7PJxqK1B; 1.19.2.8 date 2019.06.15.15.54.58; author martin; state Exp; branches; next ; commitid M3W48f6zlGiMHirB; 1.19.2.1.2.1 date 2016.04.15.18.55.49; author snj; state Exp; branches; next 1.19.2.1.2.2; commitid RlNTxli26oeuRK2z; 1.19.2.1.2.2 date 2016.12.23.07.47.40; author snj; state Exp; branches; next 1.19.2.1.2.3; commitid fChUvrsBGKZL35zz; 1.19.2.1.2.3 date 2017.02.12.21.59.44; author snj; state Exp; branches; next 1.19.2.1.2.4; commitid p8XNh9nFUGOB7IFz; 1.19.2.1.2.4 date 2018.11.24.17.23.47; author martin; state Exp; branches; next 1.19.2.1.2.5; commitid ynOo4QuCZaJNId1B; 1.19.2.1.2.5 date 2018.11.28.19.57.50; author martin; state Exp; branches; next 1.19.2.1.2.6; commitid VvutHLKHFLZKrK1B; 1.19.2.1.2.6 date 2019.06.15.15.57.32; author martin; state Exp; branches; next ; commitid fLxl4ur27ZtHIirB; 1.19.2.3.2.1 date 2017.01.18.08.46.23; author skrll; state Exp; branches; next 1.19.2.3.2.2; commitid M6f3RyDtiAR3wqCz; 1.19.2.3.2.2 date 2017.03.13.07.41.25; author skrll; state Exp; branches; next ; commitid vH6VFbpxnMy7rmJz; 1.19.2.5.2.1 date 2018.11.24.17.23.20; author martin; state Exp; branches; next 1.19.2.5.2.2; commitid IwFcHr2C6ZuGId1B; 1.19.2.5.2.2 date 2018.11.28.19.56.09; author martin; state Exp; branches; next 1.19.2.5.2.3; commitid GC31DoSUvymbrK1B; 1.19.2.5.2.3 date 2019.06.15.15.56.21; author martin; state Exp; branches; next ; commitid kC51tYYbUjIhIirB; 1.15.2.1 date 2014.08.10.06.52.40; author tls; state Exp; branches; next ; commitid X9ugflcjpUhfBMLx; 1.12.2.1 date 2014.08.20.00.02.22; author tls; state Exp; branches; next ; commitid jTnpym9Qu0o4R1Nx; 1.11.2.1 date 2014.07.09.09.42.39; author msaitoh; state Exp; branches; next 1.11.2.2; commitid PzA7yHFyE7G7zGHx; 1.11.2.2 date 2016.04.15.19.36.08; author snj; state Exp; branches; next 1.11.2.3; commitid oto82FwXp6Vs5L2z; 1.11.2.3 date 2017.03.07.07.25.18; author snj; state Exp; branches; next ; commitid g5OheTlyDwAXyAIz; 1.11.6.1 date 2014.07.09.09.47.10; author msaitoh; state Exp; branches; next 1.11.6.2; commitid ncOq1490CSmnAGHx; 1.11.6.2 date 2016.04.15.19.38.13; author snj; state Exp; branches; next 1.11.6.3; commitid Uf1dmObit37d6L2z; 1.11.6.3 date 2017.03.07.07.16.08; author snj; state Exp; branches; next ; commitid rdr2mHDfrnupvAIz; 1.11.8.1 date 2014.07.09.09.44.56; author msaitoh; state Exp; branches; next 1.11.8.2; commitid 5p14SLUnv4dRzGHx; 1.11.8.2 date 2016.04.15.19.37.27; author snj; state Exp; branches; next 1.11.8.3; commitid zYyoXbZSiqDU5L2z; 1.11.8.3 date 2017.03.07.07.21.53; author snj; state Exp; branches; next ; commitid u1UVe6SlnvFSxAIz; 1.10.6.1 date 2012.04.17.00.05.35; author yamt; state Exp; branches; next 1.10.6.2; 1.10.6.2 date 2012.10.30.18.59.22; author yamt; state Exp; branches; next 1.10.6.3; 1.10.6.3 date 2014.05.22.11.37.13; author yamt; state Exp; branches; next ; commitid VmckIax9CgOhKwBx; 1.2.10.1 date 2014.07.09.15.21.21; author msaitoh; state Exp; branches; next ; commitid 6P3UulRicc5jrIHx; 1.2.12.1 date 2009.05.13.19.18.38; author jym; state Exp; branches; next ; 1.2.16.1 date 2014.07.09.16.09.39; author msaitoh; state Exp; branches; next ; commitid NgScSkUrfSmYHIHx; 1.2.20.1 date 2014.07.09.16.04.13; author msaitoh; state Exp; branches; next ; commitid vGNE3klASBlIFIHx; 1.1.1.1 date 2007.10.16.01.14.01; author tls; state Exp; branches; next 1.1.1.2; 1.1.1.2 date 2008.03.03.22.03.05; author mrg; state Exp; branches; next 1.1.1.3; 1.1.1.3 date 2009.04.18.07.09.27; author mrg; state Exp; branches; next 1.1.1.4; 1.1.1.4 date 2009.04.18.21.09.40; author mrg; state Exp; branches; next 1.1.1.5; 1.1.1.5 date 2009.05.23.02.21.19; author mrg; state Exp; branches; next 1.1.1.6; 1.1.1.6 date 2010.05.10.03.30.04; author mrg; state Exp; branches; next 1.1.1.7; 1.1.1.7 date 2010.05.15.06.47.15; author mrg; state Exp; branches; next 1.1.1.8; 1.1.1.8 date 2010.06.17.19.41.04; author mrg; state Exp; branches; next 1.1.1.9; 1.1.1.9 date 2010.06.22.05.22.39; author mrg; state Exp; branches; next 1.1.1.10; 1.1.1.10 date 2010.09.20.23.07.21; author mrg; state Exp; branches; next 1.1.1.11; 1.1.1.11 date 2011.11.18.09.40.36; author mrg; state Exp; branches; next ; desc @@ 1.58 log @bump version for last 2 memory fixes. @ text @$NetBSD: CHANGES,v 1.57 2026/05/03 21:52:14 mrg Exp $ changes in bozohttpd 20260508: o fix a memory leak and potential double free. from shm. changes in bozohttpd 20260503: o fix the default minimum TLS version to 1.1 from 1.3. the manual already said 1.1 was the default. fixes PR#58878. o log the correct port with TLS connections. fixes PR#59644. o fix use-after-free, double-free, and bounds checking problems. from shm. o better lint support. o several updates for the manual. from lukem. changes in bozohttpd 20240428: o make directory listings mobile friendly. from D. Bohdan. changes in bozohttpd 20240126: o add some more default mime types. o fix memory leaks. from shm. o fix reading 2 bytes beyond '%', possibly not mapped. from shm. o support openssl 3. from christos. o add -q option to not log. from martin. o fix default return value of bozo_set_defaults(), PR#54785. changes in bozohttpd 20220104: o remove obsolete .bzdirect handling. changes in bozohttpd 20210824: o new "-m tlsversion" option to set the minimum TLS version available. partially from . o extend the list of available ciphers to include most of the openssl "HIGH" with some additional disables. retain the current list of bad options. should deal with PR#51278. changes in bozohttpd 20210504: o don't assume host BUFSIZ is sufficient. small BUFSIZ leads to always happens errors in the testsuite. switch all these buffers to be 4KiB sized. reported by embr changes in bozohttpd 20210403: o fix a denial of service attack against initial request contents, now bounded at 16KiB. reported by Justin Parrott in PR#56085 changes in bozohttpd 20210227: o new support for content types: .tar.bz2, .tar.xz, .tar.lz, .tar.zst, .tbz2, .txz, .tlz, .zipx, .xz, .zst, .sz, .lz, .lzma, .lzo, .7z, .lzo, .cab, .dmg, .jar, and .rar. should fix netbsd PR#56026: MIME type of .tar.xz file on ny{cdn,ftp}.NetBSD.org is invalid changes in bozohttpd 20210211: o fix various NULL derefs from malformed headers. mostly from . o fix memory leaks in library interface: add bozo_cleanup(). changes in bozohttpd 20201014: o also set -D_GNU_SOURCE in Makefile.boot. from hadrien.lacour@@posteo.net. o fix array size botch (assertion, not exploitable.) from martin@@netbsd.org. o also match %2F as well as %2f. from leah@@vuxu.org. o many manual and help fixes. clean ups for higher lint levels, consistency/style clean ups. various option fixes including made -f imply -b. from for freebsd. changes in bozohttpd 20200912: o add .m4a and .m4v file extensions. changes in bozohttpd 20200820: o make this work on sun2 by reducing mmap window there. o fix SSL shutdown sequence. from spz@@netbsd.org. o add readme support to directory indexing. from jmcneill@@netbsd.org o add blocklist(8) support. from jruoho@@netbsd.org. changes in bozohttpd 20190228: o extend timeout facility to ssl and stop servers hanging forever if the client never sends anything. reported by Steffen in netbsd PR#50655. o don't display special files in the directory index. they aren't served, but links to them are generated. o fix CGI '+' parameter handling, some error checking, and a double free. from rajeev_v_pillai@@yahoo.com o more directory indexing clean up. from rajeev_v_pillai@@yahoo.com changes in bozohttpd 20181215: o fix .htpasswd bypass for authenticated users. reported by JP, from leot@@netbsd.org o avoid possible null dereference when receiving a big request that timeout. reported by maya@@netbsd.org, from leot@@netbsd.org o fix handling of -T option, from leot@@netbsd.org o cleanups and portability improvements, from maya@@netbsd.org o change directory indexing to use html tables, from rajeev_v_pillai@@yahoo.com changes in bozohttpd 20181125: o fixes for option parsing introduced in bozohttpd 20181123 changes in bozohttpd 20181121: o add url remap support via .bzremap file, from martin@@netbsd.org o handle redirections for any protocol, not just http: o fix a denial of service attack against header contents, which is now bounded at 16KiB. reported by JP o reduce default timeouts, and add expand timeouts to handle the initial line, each header, and the total time spent o add -T option to expose new timeout settings o minor RFC fixes related to timeout handling o fix special file (.htpasswd, .bz*) bypass. reported by JP changes in bozohttpd 20170201: o fix an infinite loop in cgi processing o fixes and clean up for the testsuite o no longer sends encoding header for compressed formats changes in bozohttpd 20160517: o add a bozo_get_version() function which returns the version number changes in bozohttpd 20160415: o add search-word support for CGI o fix a security issue in CGI suffix handler support which would allow remote code execution, from shm@@netbsd.org o -C option supports now CGI scripts only changes in bozohttpd 20151028: o add CGI support for ~user translation (-E switch) o add redirects to ~user translation o fix bugs around ~user translation o add schema detection for absolute redirects o fixed few memory leaks o bunch of minor tweaks o removed -r support o smarter redirects changes in bozohttpd 20150320: o fix redirection handling o support transport stream (.ts) and video object (.vob) files o directory listings show correct file sizes for large files changes in bozohttpd 20140717: o properly handle SSL errors changes in bozohttpd 20140708: o fixes for virtual host support, from rajeev_v_pillai@@yahoo.com o avoid printing double errors, from shm@@netbsd.org o fix a security issue in basic HTTP authentication which would allow authentication to be bypassed, from shm@@netbsd.org changes in bozohttpd 20140201: o support .svg files o fix a core dump when requests timeout changes in bozohttpd 20140102: o update a few content types o add support for directly calling lua scripts to handle processes, from mbalmer@@netbsd.org o properly escape generated HTML o add authentication for redirections, from martin@@netbsd.org o handle chained ssl certifications, from elric@@netbsd.org o add basic support for gzipped files, from elric@@netbsd.org o properly escape generated URIs changes in bozohttpd 20111118: o add -P option, from jmmv@@netbsd.org o avoid crashes with http basic auth, from pooka@@netbsd.org o add support for REDIRECT_STATUS variable, from tls@@netbsd.org o support .mp4 files in the default map o directory indexes with files with : are now displayed properly, from reed@@netbsd.org o allow -I option to be useful in non-inetd mode as well changes in bozohttpd 20100920: o properly fully disable multi-file mode for now o fix the -t and -U options when used without the -e option, broken since the library-ifcation o be explicit that logs go to the FTP facility in syslog o use scandir() with alphasort() for sorted directory lists, from moof o fix a serious error in vhost handling; "Host:.." would allow access to the next level directory from the virtual root directory, from seanb o fix some various non standard compile time errors, from rudolf o fix dynamic CGI content maps, from rudolf changes in bozohttpd 20100617: o fix some compile issues o fix SSL mode. from rtr o fix some cgi-bin issues, as seen with cvsweb o disable multi-file daemon mode for now, it breaks o return 404's instead of 403's when chdir of ~user dirs fail o remove "noreturn" attribute from bozo_http_error() that was causing incorrect runtime behaviour changes in bozohttpd 20100509: o major rework and clean up of internal interfaces. move the main program into main.c, the remaining parts are useable as library add bindings for lua. by Alistair G. Crooks o fix http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566325 changes in bozohttpd 20090522: o avoid dying in daemon mode for some uncommon, but recoverable, errors o close leaking file descriptors for CGI and daemon mode o handle poll errors properly o don't try to handle more than one request per process yet o add subdirs for build "debug" and "small" versions o clean up a bad merge / duplicate code o make mmap() usage portable, fixes linux & ranges: support o document the -f option o daemon mode now serves 6 files per child changes in bozohttpd 20090417: o make bozohttpd internally more modular, preparing the way to handle more than one request per process o fix http-auth, set $REMOTE_USER not $REMOTEUSER. also fix cgi-bin with cvsweb, from Holger Weiss o fix an uninitialised variable use in daemon mode o fix ssl mode with newer OpenSSL o mmap large files in manageable sizes so we can serve any size file o refactor url processing to handle query strings correctly for CGI from Sergey Katsev at Coyote Point o add If-Modified-Since support, from Joerg Sonnenberger o many more manual fixes, from NetBSD changes in bozohttpd 20080303: o fix some cgi header processing, from o add simple Range: header processing, from o man page fixes, from NetBSD o clean up various parts, from NetBSD changes in bozohttpd 20060710: o prefix some function names with "bozo" o align directory indexing
markers o clean up some code GCC4 grumbled about changes in bozohttpd 20060517: o don't allow "/.." or "../" files o don't write ":80" into urls for the http port o fix a fd leak when fork() fails o make directory indexing mode not look so ugly o build a text version of the manual page o make "make clean" work properly changes in bozohttpd 20050410: o fix some off-by-one errors from o properly support nph- CGI o make content maps case insensitive o fix proto header merging to include the missing comma o major source reorganisation; most features are in separate files now o new -V flag that makes unknown virtualhosts use slashdir from o HTTP/1.x protocol headers are now properly merged for CGI changes in bozohttpd 20040808: o CGI status is now properly handled (-a flag has been removed) o CGI file upload support works o %xy translations are no longer ever applied after the first '?', ala RFC2396. from lukem o daemon mode (-b) should no longer hang spinning forever if it sees no children. from lukem o new .bzabsredirect file support. from o return a 404 error if we see %00 or %2f (/) o don't print 2 "200" headers for CGI o support .torrent files changes in bozohttpd 20040218: o new .bzredirect file support for sane directory redirection o new -Z option that enables SSL mode, from o the -C option has been changed to take two explicit options, rather than a single option with a space separating the suffix and the interpreter. ``-C ".foo /path/to/bar"'' should now be written as ``-C .foo /path/to/bar'' o the -M option has been changed like -C and no longer requires or supports a single argument with space-separated options o with -a, still print the 200 OK. from o with -r, if a .bzdirect file appears in a directory, allow direct access to this directory changes in bozohttpd 20031005: o fixes for basic authorisation. from o always display file size in directory index mode o add .xbel, .xml & .xsl -> text/xml mappings. from changes in bozohttpd 20030626: o fix a recent core dump when given no input o add new -r flag that ensures referrer is set to this host o fix several compile time errors with -DNO_CGIBIN_SUPPORT o fix some man page details. from lukem@@wasabisystems.com o re-add a missing memset(), fixing a core dump. from lukem o support HTTP basic authorisation, disabled by default. from lukem o print the port number in redirects and errors. from lukem o only syslog the basename of the program. from lukem o add __attribute__() format checking. from lukem o fix cgibin SCRIPT_NAME to have a leading /. from zakj@@nox.cx o simplify some code in -C to avoid a core dump. from lukem o add a .css -> css/text entry to the content_map[]. from zakj@@nox.cx changes in bozohttpd 20030409: o -d without DEBUG enabled only prints one warning and continues o one can now define the C macro SERVER_SOFTWARE when building to change the Server: header and CGI variable of the same name o add new -s flag the force logging output to stderr. from zakj@@nox.cx o add new -a flag for CGI bin that stops bozohttpd from outputting any HTTP reply, the CGI program must output these. from zakj@@nox.cx o new REQUEST_URI and DATE_GMT environment variables for CGI. from zakj@@nox.cx o add a "Makefile.boot" that should work with any make program o build on linux again o fix core dumps when using -C changes in bozohttpd 20030313: o deprecate -r flag; make this the default and silently ignore -r now o add support for file extensions to call CGI programs (from lukem) o add dynamic support to add new content map entries, allowing both new file types and non /cgi-bin CGI programs to be run with the new -C "suffix cgihandler" and -M "suffix type encoding encoding11" options o in -b mode, set the http date after accept() returns, not before we call accept() o in -b mode, bind all addresses found not just the first one o unsupport old hostname API o in -b mode, set the SO_REUSEADDR socket option (lukem) o allow -x (index.html) mode to work with CGI handlers changes in bozohttpd 20021106: o add .bz2 support o properly escape <, > and & in error messages, partly from Nicolas Jombart o new -H flag to hide .* files in directory index mode o fix buffer reallocation when parsing a request, to avoid overflowing the buffer with carriage returns (\r) o do not decode "%XY"-style cgi-bin data beyond the "?" changes in bozohttpd 5.15 (20020913): o add .ogg support -> `application/x-ogg' o fix CGI requests with "/" in the query part changes in bozohttpd 5.14 (20020823): o allow -X mode to work for "/" o work on systems without MADV_SEQUENTIAL o make a local cut-down copy of "queue.h" (fixes linux & solaris support at the very least) o portability fixes for pre-ipv6 socket api systems (eg, solaris 7) o portability fixes for missing _PATH_DEFPATH, LOG_FTP and __progname o better documentation on virtual host support changes in bozohttpd 5.13 (20020804): o support .mp3 files (type audio/mpeg) o use stat() to find out if something is a directory, for -X mode changes in bozohttpd 5.12 (20020803): o constification o fixes & enhancements for directory index mode (-X) changes in bozohttpd 5.11 (20020730): o more man page fixes from Thomas Klausner o de-K&R C-ification o fix Date: header for daemon mode o fix core dump when asking for /cgi-bin/ when CGI isn't configured o use a valid Server: header changes in bozohttpd 5.10 (20020710): - add freebsd support - fix a couple of header typos - many cgi-bin fixes from lukem@@netbsd.org - add -T chrootdir and -U user, plus several minor other cleanups with signals and return values. from xs@@kittenz.org - add -e that does not clear the environment for -T/-U - fix a formatting error noticed by ISIHARA Takanori changes in bozohttpd 5.09 (20010922): - add a daemon mode - document how to use bozohttpd in netbsd inetd with more than 40 connections per minute and also with cgibin - man page fixes from wiz@@netbsd.org changes in bozohttpd 5.08 (20010812): - add directory index generation support (-X) from ad@@netbsd.org - add .pa as an alias for .pac - make server software version configurable (RFC) changes in bozohttpd 5.07 (20010610): - add .png support - new "-x index.html" flag to change default file - new "-p public_html" flag to change default ~user directory - fixes cgi-bin support and more from chuck@@research.att.com - add many new content-types, now support most common ones changes in bozohttpd 5.06 (20000825): - add IPv6 support from itojun@@iijlab.net - man page fixes from jlam@@netbsd.org changes in bozohttpd 5.05 (20000815): - fix a virtual host bug, from kleink@@netbsd.org changes in bozohttpd 5.04 (20000427): - fix virtual host support; URI takes precedence over Host: changes in bozohttpd 5.03 (20000427): - fix a bug with chdir() changes in bozohttpd 5.02 (20000426): - .pac support from simonb changes in bozohttpd 5.01 (20000421): - .swf support - virtual hosting support @ 1.57 log @call this bozohttpd 20260503, and update the CHANGES for the last 2 years o fix the default minimum TLS version to 1.1 from 1.3. the manual already said 1.1 was the default. fixes PR#58878. o log the correct port with TLS connections. fixes PR#59644. o fix use-after-free, double-free, and bounds checking problems. from shm. o better lint support. o several updates for the manual. from lukem. add D Bohdan to the contributors list. @ text @d1 4 a4 1 $NetBSD: CHANGES,v 1.56 2024/04/28 17:12:30 maya Exp $ @ 1.56 log @Bump bozohttpd version to today for mobile-friendly directory listing @ text @d1 10 a10 1 $NetBSD: CHANGES,v 1.55 2024/01/26 23:19:44 mrg Exp $ @ 1.56.4.1 log @Pull up following revision(s) (requested by mrg in ticket #268): libexec/httpd/CHANGES: revision 1.57 libexec/httpd/daemon-bozo.c: revision 1.23 libexec/httpd/bozohttpd.8: revision 1.101 libexec/httpd/lua-bozo.c: revision 1.16 libexec/httpd/auth-bozo.c: revision 1.29 libexec/httpd/bozohttpd.h: revision 1.74 libexec/httpd/ssl-bozo.c: revision 1.35 libexec/httpd/ssl-bozo.c: revision 1.36 libexec/httpd/ssl-bozo.c: revision 1.37 libexec/httpd/bozohttpd.c: revision 1.150 libexec/httpd/bozohttpd.c: revision 1.151 libexec/httpd/bozohttpd.c: revision 1.152 Fix iteration over protos[] to prevent out-of-bounds access Fix use-after-free in the "http://"; case Fix double free of uri (later handled by bozo_clean_request()) Fix off-by-one in case user provided '\x80' in the auth string log the correct port when using https. fixes PR#59644. make the default min TLS version 1.1, as it was documented to be. fixes PR#58878. call this bozohttpd 20260503, and update the CHANGES for the last 2 years o fix the default minimum TLS version to 1.1 from 1.3. the manual already said 1.1 was the default. fixes PR#58878. o log the correct port with TLS connections. fixes PR#59644. o fix use-after-free, double-free, and bounds checking problems. from shm. o better lint support. o several updates for the manual. from lukem. add D Bohdan to the contributors list. @ text @d1 1 a1 10 $NetBSD: CHANGES,v 1.56 2024/04/28 17:12:30 maya Exp $ changes in bozohttpd 20260503: o fix the default minimum TLS version to 1.1 from 1.3. the manual already said 1.1 was the default. fixes PR#58878. o log the correct port with TLS connections. fixes PR#59644. o fix use-after-free, double-free, and bounds checking problems. from shm. o better lint support. o several updates for the manual. from lukem. @ 1.56.4.2 log @Pull up following revision(s) (requested by mrg in ticket #282): libexec/httpd/bozohttpd.c: revision 1.153 libexec/httpd/bozohttpd.c: revision 1.154 libexec/httpd/CHANGES: revision 1.58 libexec/httpd/tilde-luzah-bozo.c: revision 1.17 libexec/httpd/bozohttpd.8: revision 1.102 Fix double free of hr_file (later handled by bozo_clean_request()) Also hr_file_free should be used for free(3) (it fixes "//~user/" case in which hr_file points to the last slash in the prefix). Fix minor memory leak bump version for last 2 memory fixes. @ text @d1 1 a1 4 $NetBSD: CHANGES,v 1.56.4.1 2026/05/07 15:51:07 martin Exp $ changes in bozohttpd 20260508: o fix a memory leak and potential double free. from shm. @ 1.55 log @add some missing changes and bump the version. @ text @d1 4 a4 1 $NetBSD: CHANGES,v 1.54 2022/11/02 20:38:21 andvar Exp $ @ 1.54 log @fix various typos in comments and messages. @ text @d1 9 a9 1 $NetBSD: CHANGES,v 1.53 2022/01/04 06:08:14 kim Exp $ @ 1.54.2.1 log @Pull up following revision(s) (requested by mrg in ticket #1139): libexec/httpd/CHANGES: revision 1.55 libexec/httpd/CHANGES: revision 1.56 libexec/httpd/cgi-bozo.c: revision 1.55 libexec/httpd/cgi-bozo.c: revision 1.56 libexec/httpd/bozohttpd.8: revision 1.93 libexec/httpd/bozohttpd.8: revision 1.94 libexec/httpd/bozohttpd.8: revision 1.95 libexec/httpd/bozohttpd.8: revision 1.96 libexec/httpd/bozohttpd.8: revision 1.97 libexec/httpd/bozohttpd.c: revision 1.143 libexec/httpd/bozohttpd.8: revision 1.100 libexec/httpd/bozohttpd.c: revision 1.144 libexec/httpd/bozohttpd.8: revision 1.99 libexec/httpd/bozohttpd.c: revision 1.145 libexec/httpd/bozohttpd.c: revision 1.146 libexec/httpd/bozohttpd.c: revision 1.147 libexec/httpd/auth-bozo.c: revision 1.28 libexec/httpd/ssl-bozo.c: revision 1.33 libexec/httpd/ssl-bozo.c: revision 1.34 libexec/httpd/content-bozo.c: revision 1.22 libexec/httpd/main.c: revision 1.31 serve .iso as "application/octet-stream". bump version & copyright. add a note about how to setup http -> https redirection. bump documented version. Fix memory leaks in bozo_cleanup Fix hr_authrealm memory leak hr_authrealm might be already set, so we need to free it before overwriting the value Remove unused variable (bp) Fix off-by-one in bozo_decode_url_percent In case of strings that end with '%', debug function was reading past buffer. Removed unnecessary comment Thanks leot@@ for pointing this out httpd(8): Add missing newline to `SSL Error' messages. Matches the pattern in all other printf/syslog calls. add some missing changes and bump the version. s/supressing/suppressing/. note this documents bozohttpd 20240126. Bump bozohttpd version to today for mobile-friendly directory listing bozohttpd(8): clarifications and editorial fixes Clarify that -b also listens on an address and port (overridden by -i address and/or -I port), as does -f. If -i isn't given, all addresses are listened to. Use literal instead of emphasis for Lua, paths, URLs (etc). Add more cross-references to other options. Split FILES into a tagged list and subsections describing the behaviour. drop duplicate "by default". @ text @d1 1 a1 12 $NetBSD: CHANGES,v 1.54 2022/11/02 20:38:21 andvar Exp $ changes in bozohttpd 20240428: o make directory listings mobile friendly. from D. Bohdan. changes in bozohttpd 20240126: o add some more default mime types. o fix memory leaks. from shm. o fix reading 2 bytes beyond '%', possibly not mapped. from shm. o support openssl 3. from christos. o add -q option to not log. from martin. o fix default return value of bozo_set_defaults(), PR#54785. @ 1.54.2.2 log @Pull up following revision(s) (requested by mrg in ticket #1265): libexec/httpd/CHANGES: revision 1.57 libexec/httpd/daemon-bozo.c: revision 1.23 libexec/httpd/bozohttpd.8: revision 1.101 libexec/httpd/lua-bozo.c: revision 1.16 libexec/httpd/auth-bozo.c: revision 1.29 libexec/httpd/bozohttpd.h: revision 1.74 libexec/httpd/ssl-bozo.c: revision 1.35 libexec/httpd/ssl-bozo.c: revision 1.36 libexec/httpd/ssl-bozo.c: revision 1.37 libexec/httpd/bozohttpd.c: revision 1.150 libexec/httpd/bozohttpd.c: revision 1.151 libexec/httpd/bozohttpd.c: revision 1.152 Fix iteration over protos[] to prevent out-of-bounds access Fix use-after-free in the "http://"; case Fix double free of uri (later handled by bozo_clean_request()) Fix off-by-one in case user provided '\x80' in the auth string log the correct port when using https. fixes PR#59644. make the default min TLS version 1.1, as it was documented to be. fixes PR#58878. call this bozohttpd 20260503, and update the CHANGES for the last 2 years o fix the default minimum TLS version to 1.1 from 1.3. the manual already said 1.1 was the default. fixes PR#58878. o log the correct port with TLS connections. fixes PR#59644. o fix use-after-free, double-free, and bounds checking problems. from shm. o better lint support. o several updates for the manual. from lukem. add D Bohdan to the contributors list. @ text @d1 1 a1 10 $NetBSD: CHANGES,v 1.54.2.1 2025/07/29 09:32:13 martin Exp $ changes in bozohttpd 20260503: o fix the default minimum TLS version to 1.1 from 1.3. the manual already said 1.1 was the default. fixes PR#58878. o log the correct port with TLS connections. fixes PR#59644. o fix use-after-free, double-free, and bounds checking problems. from shm. o better lint support. o several updates for the manual. from lukem. @ 1.53 log @bozohttpd: remove obsolete .bzdirect handling OK mrg@@ @ text @d1 1 a1 1 $NetBSD: CHANGES,v 1.52 2021/09/03 21:54:59 andvar Exp $ d379 1 a379 1 - .pac spport from simonb @ 1.52 log @fix typos in comments, mainly s/extention/extension/ and s/sufficent/sufficient/ @ text @d1 4 a4 1 $NetBSD: CHANGES,v 1.51 2021/08/24 09:53:26 mrg Exp $ @ 1.51 log @extend the list of available ciphers to include most of the openssl "HIGH" with some additional disables. retain the current list of bad options. should deal with PR#51278. @ text @d1 1 a1 1 $NetBSD: CHANGES,v 1.50 2021/08/24 09:47:36 mrg Exp $ d11 1 a11 1 o don't assume host BUFSIZ is sufficent. small BUFSIZ leads to d285 1 a285 1 o add support for file extentions to call CGI programs (from lukem) @ 1.50 log @implement tls minimum version setting. mostly from sunil@@nimmagadda.net in PR#55830, though i moved the member into the main http structure, so that it doesn't trigger sslinfo being allocated via command line without the rest of the ssl being setup (which then leads to crashes.) @ text @d1 1 a1 1 $NetBSD: CHANGES,v 1.49 2021/05/05 07:41:48 mrg Exp $ d6 3 @ 1.49 log @don't assume host BUFSIZ is sufficent. small BUFSIZ leads to always happens errors in the testsuite. switch all these buffers to be 4KiB sized. reported by embr @ text @d1 5 a5 1 $NetBSD: CHANGES,v 1.48 2021/04/04 18:14:26 mrg Exp $ @ 1.48 log @avoid DoS in initial request size, which is now bounded at 16KiB. reported by Justin Parrott in PR#56085. @ text @d1 6 a6 1 $NetBSD: CHANGES,v 1.47 2021/02/27 12:55:25 mrg Exp $ @ 1.47 log @changes in bozohttpd 20210227: o new support for content types: .tar.bz2, .tar.xz, .tar.lz, .tar.zst, .tbz2, .txz, .tlz, .zipx, .xz, .zst, .sz, .lz, .lzma, .lzo, .7z, .lzo, .cab, .dmg, .jar, and .rar. should fix netbsd PR#56026: MIME type of .tar.xz file on ny{cdn,ftp}.NetBSD.org is invalid @ text @d1 5 a5 1 $NetBSD: CHANGES,v 1.46 2021/02/27 12:36:46 mrg Exp $ @ 1.46 log @belated call version 20210211 after previous memory leak fix. @ text @d1 8 a8 1 $NetBSD: CHANGES,v 1.45 2021/02/11 09:23:55 mrg Exp $ @ 1.45 log @changes in bozohttpd 20210210: o fix various NULL derefs from malformed headers. mostly from . @ text @d1 1 a1 1 $NetBSD: CHANGES,v 1.44 2020/10/15 04:21:53 mrg Exp $ d3 1 a3 1 changes in bozohttpd 20210210: d6 1 @ 1.44 log @various updates from / freebsd. the list from Henrik: bozohttpd.8: o Added -d flag to the man page o Moved -E flag in man page to keep alphabetic order o Grammar fix for description of -E flag in man page o Moved a word in the man description for the -f flag o Made -f imply -b as a backwards-compatible shortcut o Updated man description of -n to mention Lua scripts o Moved -z below -Z to keep the uppercase options first bozohttpd.c: o Removed obsolete comment about ~user missing cgi-bin support o Removed "/* ARGSUSED */" lines; was that a macro or a reminder? o Added USE_ARG macro call for sig, which was otherwise not used o Added USE_ARG macro call for msg (only used if debug is enabled) bozohttpd.h: o Fixed typo in the include guard (BOZOHTTOPD_H_ -> BOZOHTTPD_H_) o Renamed have_all to have_core; it didn't mean "all" options content-bozo.c: o Added USE_ARG macro call for signo, which was otherwise not used o Made -f imply -b as a backwards-compatible shortcut main.c: o Simplified -b text to be symmetric with that for the -f option o Updated -C text to make "suffix" explicit; it's better than "arg" o Changed to only show the -E description if have_user is true o Always show the -e option, which incorrectly used the -E logic o Renamed have_all to have_core; it didn't mean "all" options o Added three missing tabs for the description of the -G option o Updated -L text to make "prefix" explicit; it's better than "arg" o Updated -M text to make "suffix" explicit; it's slightly better o Added a previously missing description for the -n option o Documented the otherwise obscure valid types for the -T option o Shortened "username" to "user" to match the actual help text o Moved handling of -c below that for -C to standardize the order o Broke the enabling test for -C into two lines for consistency o Inverted the enabling test for -E; this is what was meant, right? o Removed the enabling test for -e, which should always be enabled ssl-bozo.c: o Added USE_ARG for httpd, which is not used if SSL has been excluded @ text @d1 5 a5 1 $NetBSD: CHANGES,v 1.43 2020/10/15 02:19:23 mrg Exp $ @ 1.43 log @set -D_GNU_SOURCE in Makefile.boot. from hadrien.lacour@@posteo.net. also match %2F as well as %2f. from leah@@vuxu.org. introduce defines for "80" and "443". copyright maint. @ text @d1 1 a1 1 $NetBSD: CHANGES,v 1.42 2020/09/12 12:39:28 rhialto Exp $ d9 3 @ 1.42 log @bozohttpd: add .m4a and .m4v file extensions. @ text @d1 8 a8 1 $NetBSD: CHANGES,v 1.41 2020/08/20 07:55:10 mrg Exp $ @ 1.41 log @update for recent changes. @ text @d1 4 a4 1 $NetBSD: CHANGES,v 1.40 2019/02/28 09:16:42 mrg Exp $ @ 1.40 log @call this bozohttpd 20190228, and merge the CHANGES entries from the previous release. @ text @d1 7 a7 1 $NetBSD: CHANGES,v 1.39 2019/01/27 04:40:57 dholland Exp $ @ 1.40.2.1 log @Pull up the following (all via patch), requested by mrg in ticket #1221: lib/lua/bozohttpd/Makefile (apply patch) libexec/httpd/Makefile 1.30-1.31 libexec/httpd/Makefile.boot 1.7-1.9 libexec/httpd/auth-bozo.c 1.25-1.26 libexec/httpd/bozohttpd.8 1.80-1.87 libexec/httpd/bozohttpd.c 1.114-1.123,1.125-1.128 libexec/httpd/bozohttpd.h 1.61-1.68 libexec/httpd/cgi-bozo.c 1.49-1.53 libexec/httpd/content-bozo.c 1.17-1.20 libexec/httpd/daemon-bozo.c 1-.22 libexec/httpd/dir-index-bozo.c 1.33-1.34 libexec/httpd/main.c 1.23-1.27 libexec/httpd/printenv.lua 1.4-1.5 libexec/httpd/ssl-bozo.c 1.27-1.29 libexec/httpd/libbozohttpd/libbozohttpd.3 1.5-1.6 libexec/httpd/small/Makefile 1.4 libexec/httpd/testsuite/Makefile 1.14 libexec/httpd/testsuite/t16.in 1.1 libexec/httpd/testsuite/t16.out 1.1 libexec/httpd/testsuite/t17.in 1.1 libexec/httpd/testsuite/t17.out 1.1 libexec/httpd/testsuite/t18.in 1.1 libexec/httpd/testsuite/t18.out 1.1 Update to bozohttpd 20210227. Apply lua build fix (no blocklist support on this branch). changes in bozohttpd 20210227: o new support for content types: .tar.bz2, .tar.xz, .tar.lz, .tar.zst, .tbz2, .txz, .tlz, .zipx, .xz, .zst, .sz, .lz, .lzma, .lzo, .7z, .lzo, .cab, .dmg, .jar, and .rar. should fix netbsd PR#56026: MIME type of .tar.xz file on ny{cdn,ftp}.NetBSD.org is invalid changes in bozohttpd 20210211: o fix various NULL derefs from malformed headers. mostly from . o fix memory leaks in library interface: add bozo_cleanup(). changes in bozohttpd 20201014: o also set -D_GNU_SOURCE in Makefile.boot. from hadrien.lacour@@posteo.net. o fix array size botch (assertion, not exploitable.) from martin@@netbsd.org. o also match %2F as well as %2f. from leah@@vuxu.org. o many manual and help fixes. clean ups for higher lint levels, consistency/style clean ups. various option fixes including made -f imply -b. from for freebsd. changes in bozohttpd 20200912: o add .m4a and .m4v file extensions. changes in bozohttpd 20200820: o make this work on sun2 by reducing mmap window there. o fix SSL shutdown sequence. from spz@@netbsd.org. o add readme support to directory indexing. from jmcneill@@netbsd.org o add blocklist(8) support. from jruoho@@netbsd.org. @ text @d1 1 a1 32 $NetBSD: CHANGES,v 1.40 2019/02/28 09:16:42 mrg Exp $ changes in bozohttpd 20210227: o new support for content types: .tar.bz2, .tar.xz, .tar.lz, .tar.zst, .tbz2, .txz, .tlz, .zipx, .xz, .zst, .sz, .lz, .lzma, .lzo, .7z, .lzo, .cab, .dmg, .jar, and .rar. should fix netbsd PR#56026: MIME type of .tar.xz file on ny{cdn,ftp}.NetBSD.org is invalid changes in bozohttpd 20210211: o fix various NULL derefs from malformed headers. mostly from . o fix memory leaks in library interface: add bozo_cleanup(). changes in bozohttpd 20201014: o also set -D_GNU_SOURCE in Makefile.boot. from hadrien.lacour@@posteo.net. o fix array size botch (assertion, not exploitable.) from martin@@netbsd.org. o also match %2F as well as %2f. from leah@@vuxu.org. o many manual and help fixes. clean ups for higher lint levels, consistency/style clean ups. various option fixes including made -f imply -b. from for freebsd. changes in bozohttpd 20200912: o add .m4a and .m4v file extensions. changes in bozohttpd 20200820: o make this work on sun2 by reducing mmap window there. o fix SSL shutdown sequence. from spz@@netbsd.org. o add readme support to directory indexing. from jmcneill@@netbsd.org o add blocklist(8) support. from jruoho@@netbsd.org. @ 1.39 log @fix duplicated chunk from merge @ text @d1 1 a1 1 $NetBSD: CHANGES,v 1.38 2019/01/27 02:08:36 pgoyette Exp $ d3 4 a6 1 changes in bozohttpd 20190121: a8 2 changes in bozohttpd 20190116: @ 1.38 log @Merge the [pgoyette-compat] branch @ text @d1 1 a1 34 $NetBSD: CHANGES,v 1.37 2019/01/22 05:32:57 mrg Exp $ changes in bozohttpd 20190121: o don't display special files in the directory index. they aren't served, but links to them are generated. changes in bozohttpd 20190116: o fix CGI '+' parameter handling, some error checking, and a double free. from rajeev_v_pillai@@yahoo.com o more directory indexing clean up. from rajeev_v_pillai@@yahoo.com changes in bozohttpd 20181215: o fix .htpasswd bypass for authenticated users. reported by JP, from leot@@netbsd.org o avoid possible null dereference when receiving a big request that timeout. reported by maya@@netbsd.org, from leot@@netbsd.org o fix handling of -T option, from leot@@netbsd.org o cleanups and portability improvements, from maya@@netbsd.org o change directory indexing to use html tables, from rajeev_v_pillai@@yahoo.com changes in bozohttpd 20181125: o fixes for option parsing introduced in bozohttpd 20181123 changes in bozohttpd 20181121: o add url remap support via .bzremap file, from martin@@netbsd.org o handle redirections for any protocol, not just http: o fix a denial of service attack against header contents, which is now bounded at 16KiB. reported by JP o reduce default timeouts, and add expand timeouts to handle the initial line, each header, and the total time spent o add -T option to expose new timeout settings o minor RFC fixes related to timeout handling o fix special file (.htpasswd, .bz*) bypass. reported by JP @ 1.37 log @o don't display special files in the directory index. they aren't served, but links to them are generated. @ text @d1 34 a34 1 $NetBSD: CHANGES,v 1.36 2019/01/17 07:46:16 mrg Exp $ @ 1.36 log @- call this 20190116 - adjust the directory indexing again: - don't include "index.html" in html headers - additional escaping of names - re-add top/bottom borders - adds an aquamarine table header - Zebra-stripes table rows using CSS instead of code all from "Rajeev V. Pillai" @ text @d1 5 a5 1 $NetBSD: CHANGES,v 1.35 2019/01/17 07:34:06 mrg Exp $ @ 1.35 log @- fix CGI '+' param and error handling. - remove unused parameter to daemon_poll_err(). both from "Rajeev V. Pillai" @ text @d1 1 a1 1 $NetBSD: CHANGES,v 1.34 2018/12/19 12:40:32 mrg Exp $ d4 3 a6 2 o fix CGI '+' parameter handling, and a double free. from rajeev_v_pillai@@yahoo.com @ 1.34 log @minor rewording. fix alphabeta ordering of contributors. @ text @d1 5 a5 1 $NetBSD: CHANGES,v 1.33 2018/12/18 23:11:40 mrg Exp $ @ 1.33 log @fix an old spell-o and a new format-o. @ text @d1 1 a1 1 $NetBSD: CHANGES,v 1.32 2018/12/15 12:52:36 leot Exp $ d4 1 a4 1 o avoid .htpasswd exposure to authenticated users. reported by JP, @ 1.32 log @Document last changes and bump version to 20181215 Suggested by , thanks! (Possible mistakes are mine though!) @ text @d1 1 a1 1 $NetBSD: CHANGES,v 1.31 2018/12/04 02:52:42 mrg Exp $ d10 1 a10 3 changes in bozohttpd 20181204: o change directory indexing to use html tables. from d306 1 a306 1 - add IPv6 suppor from itojun@@iijlab.net @ 1.31 log @use html tables for directory index. from "Rajeev V. Pillai" call this bozohttpd 20181204. @ text @d1 9 a9 1 $NetBSD: CHANGES,v 1.30 2018/11/25 23:48:14 mrg Exp $ @ 1.30 log @normalise some messages. @ text @d1 5 a5 1 $NetBSD: CHANGES,v 1.29 2018/11/25 23:37:09 mrg Exp $ @ 1.29 log @add option fixes here. @ text @d1 1 a1 1 $NetBSD: CHANGES,v 1.28 2018/11/21 09:37:02 mrg Exp $ d4 1 a4 1 o fixes for option parsing introduced in bozohttpd 20181123. d15 1 a15 1 o fix special file (.htpasswd, .bz*) bypass. reported by JP. d100 1 a100 1 program into main.c, the remaining parts are useable as library. @ 1.28 log @- move special files defines into bozohttpd.h, so we can ... - consolidate all the special file checks into bozo_check_special_files() so that all builds check the same list of special files, regardless of build options. - convert "(void)bozo_http_error(...); return -1;" into plain "return bozo_http_error(...);" - fix the call to bozo_check_special_files() to be used on all input types. part of the fixes for failure to reject access to /.htpasswd as reported by JP on tech-security. - use warn_unused_result attribute on bozo_check_special_files(), and fix the failures to return failure. second part of the htpasswd access fix. - update testsuite to use a fixed fake hostname. call this bozohttpd 20181121. @ text @d1 4 a4 1 $NetBSD: CHANGES,v 1.27 2018/11/20 01:06:46 mrg Exp $ @ 1.27 log @from CHANGES: o reduce default timeouts, and add expand timeouts to handle the initial line, each header, and the total time spent o add -T option to expose new timeout settings o minor RFC fixes related to timeout handling responses old timeouts: 60 seconds for initial request like, 60 seconds per header line, and no whole timeout (though the recent total header size changes do introduce one that would be about 11 hours.) new timeouts: 30 seconds for initial request like, 10 seconds per header line, and a total request time of 600 seconds. the new global timeout is implemented using CLOCK_MONOTONIC, with a fallback to CLOCK_REALTIME if monotonic time is unavailable. reject multiple Host: headers. besides being protocol standard, this closes one additional memory leak found by JP. add a simple test to check this. clean up option and usage handling some. @ text @d1 1 a1 1 $NetBSD: CHANGES,v 1.26 2018/11/19 04:14:59 mrg Exp $ d3 1 a3 1 changes in bozohttpd 20181118: d12 1 @ 1.26 log @note the changes present in bozohttpd 20181118: o add url remap support via .bzremap file, from martin@@netbsd.org o handle redirections for any protocol, not just http: o fix a denial of service attack against header contents, which is now bounded at 16KiB. reported by JP. @ text @d1 1 a1 1 $NetBSD: CHANGES,v 1.25 2017/01/31 14:33:54 mrg Exp $ d7 5 a11 1 is now bounded at 16KiB. reported by JP. @ 1.25 log @- fix a bug in cgi processing. from Dennis Lindroos. - add a testcase for this, and expand test-simple to handle additional args to bozohttpd for eg, cgi-bin setting. - fix objdir bugs in the testsuite. @ text @d1 7 a7 1 $NetBSD: CHANGES,v 1.24 2016/08/20 00:36:41 mrg Exp $ @ 1.25.12.1 log @Sync with HEAD @ text @d1 1 a1 35 $NetBSD: CHANGES,v 1.40 2019/02/28 09:16:42 mrg Exp $ changes in bozohttpd 20190228: o extend timeout facility to ssl and stop servers hanging forever if the client never sends anything. reported by Steffen in netbsd PR#50655. o don't display special files in the directory index. they aren't served, but links to them are generated. o fix CGI '+' parameter handling, some error checking, and a double free. from rajeev_v_pillai@@yahoo.com o more directory indexing clean up. from rajeev_v_pillai@@yahoo.com changes in bozohttpd 20181215: o fix .htpasswd bypass for authenticated users. reported by JP, from leot@@netbsd.org o avoid possible null dereference when receiving a big request that timeout. reported by maya@@netbsd.org, from leot@@netbsd.org o fix handling of -T option, from leot@@netbsd.org o cleanups and portability improvements, from maya@@netbsd.org o change directory indexing to use html tables, from rajeev_v_pillai@@yahoo.com changes in bozohttpd 20181125: o fixes for option parsing introduced in bozohttpd 20181123 changes in bozohttpd 20181121: o add url remap support via .bzremap file, from martin@@netbsd.org o handle redirections for any protocol, not just http: o fix a denial of service attack against header contents, which is now bounded at 16KiB. reported by JP o reduce default timeouts, and add expand timeouts to handle the initial line, each header, and the total time spent o add -T option to expose new timeout settings o minor RFC fixes related to timeout handling o fix special file (.htpasswd, .bz*) bypass. reported by JP d86 1 a86 1 program into main.c, the remaining parts are useable as library d282 1 a282 1 - add IPv6 support from itojun@@iijlab.net @ 1.25.10.1 log @Sync with HEAD, resolve a couple of conflicts @ text @d1 1 a1 15 $NetBSD: CHANGES,v 1.29 2018/11/25 23:37:09 mrg Exp $ changes in bozohttpd 20181125: o fixes for option parsing introduced in bozohttpd 20181123. changes in bozohttpd 20181121: o add url remap support via .bzremap file, from martin@@netbsd.org o handle redirections for any protocol, not just http: o fix a denial of service attack against header contents, which is now bounded at 16KiB. reported by JP o reduce default timeouts, and add expand timeouts to handle the initial line, each header, and the total time spent o add -T option to expose new timeout settings o minor RFC fixes related to timeout handling o fix special file (.htpasswd, .bz*) bypass. reported by JP. @ 1.25.10.2 log @Sync with HEAD, resolve a few conflicts @ text @d1 1 a1 11 $NetBSD$ changes in bozohttpd 20181215: o fix .htpasswd bypass for authenticated users. reported by JP, from leot@@netbsd.org o avoid possible null dereference when receiving a big request that timeout. reported by maya@@netbsd.org, from leot@@netbsd.org o fix handling of -T option, from leot@@netbsd.org o cleanups and portability improvements, from maya@@netbsd.org o change directory indexing to use html tables, from rajeev_v_pillai@@yahoo.com d4 1 a4 1 o fixes for option parsing introduced in bozohttpd 20181123 d15 1 a15 1 o fix special file (.htpasswd, .bz*) bypass. reported by JP d100 1 a100 1 program into main.c, the remaining parts are useable as library d296 1 a296 1 - add IPv6 support from itojun@@iijlab.net @ 1.25.10.3 log @Synch with HEAD @ text @d1 1 a1 6 $NetBSD: CHANGES,v 1.25.10.2 2018/12/26 14:01:28 pgoyette Exp $ changes in bozohttpd 20190116: o fix CGI '+' parameter handling, some error checking, and a double free. from rajeev_v_pillai@@yahoo.com o more directory indexing clean up. from rajeev_v_pillai@@yahoo.com @ 1.25.10.4 log @Sync with HEAD @ text @d1 1 a1 5 $NetBSD: CHANGES,v 1.25.10.3 2019/01/18 08:50:11 pgoyette Exp $ changes in bozohttpd 20190121: o don't display special files in the directory index. they aren't served, but links to them are generated. @ 1.25.4.1 log @Sync to HEAD (requested by mrg in ticket #1104) libexec/httpd/testsuite/data/.bzremap up to 1.1 libexec/httpd/testsuite/t12.out up to 1.1 libexec/httpd/testsuite/t12.in up to 1.1 libexec/httpd/testsuite/t13.out up to 1.1 libexec/httpd/testsuite/t13.in up to 1.1 libexec/httpd/testsuite/t14.out up to 1.1 libexec/httpd/testsuite/t14.in up to 1.1 libexec/httpd/testsuite/t15.out up to 1.1 libexec/httpd/testsuite/t15.in up to 1.1 libexec/httpd/CHANGES up to 1.28 libexec/httpd/auth-bozo.c up to 1.22 libexec/httpd/bozohttpd.8 up to 1.74 libexec/httpd/bozohttpd.c up to 1.96 libexec/httpd/bozohttpd.h up to 1.56 libexec/httpd/cgi-bozo.c up to 1.44 libexec/httpd/content-bozo.c up to 1.16 libexec/httpd/daemon-bozo.c up to 1.19 libexec/httpd/dir-index-bozo.c up to 1.28 libexec/httpd/main.c up to 1.21 libexec/httpd/ssl-bozo.c up to 1.25 libexec/httpd/tilde-luzah-bozo.c up to 1.16 libexec/httpd/lua/bozo.lua up to 1.3 libexec/httpd/lua/glue.c up to 1.5 libexec/httpd/lua/optparse.lua up to 1.2 libexec/httpd/testsuite/Makefile up to 1.11 libexec/httpd/testsuite/html_cmp up to 1.6 libexec/httpd/testsuite/t3.out up to 1.4 libexec/httpd/testsuite/t5.out up to 1.4 libexec/httpd/testsuite/t6.out up to 1.4 libexec/httpd/testsuite/test-bigfile up to 1.5 libexec/httpd/testsuite/test-simple up to 1.5 Cosmetic changes to Lua binding in bozohttpd. - Don't use negative indicies to read arguments of Lua functions. - On error, return nil, "error string". - Use ssize_t for return values from bozo_read() and bozo_write(). - Prefer lstring especially when if saves you from appending NUL and doing len + 1 which can potentially wraparound. - Don't mix C allocations with Lua functions marked with "m" in the Lua manual. Those functions may throw (longjump) and leak data allocated by C function. In one case, I use luaL_Buffer, in the other case, I rearranged calls a bit. fix ordering of a couple of words. from Edgar Pettijohn in PR#52375. thanks! s/u_int/unsigned/. from Jan Danielsson. increases/fixes portability. PR bin/52194: bozohttpd fails to exec scripts via the -C mechanism sometimes with EFAULT due to not NULL terminated environment. Document script handler issues with httpd(8). From martin@@, addressing PR 52194. While here, use American spelling consistently and upper-case some abbreviations. Bump date. fix output since protocol agnostic change went in. XXX: i thought someone hooked this into atf already, please do :) Add support for remapping requested paths via a .bzredirect file. Fixes PR 52772. Ok: mrg@@ Bump date Remove trailing whitespace. use __func__ in debug(). fix a denial of service attack against header contents, which is now bounded at 16KiB. reported by JP. avoid memory leak in sending multiple auth headers. mostly mitigated by previous patch to limit total header size, but still a real problem here. note the changes present in bozohttpd 20181118: o add url remap support via .bzremap file, from martin%netbsd.org@@localhost o handle redirections for any protocol, not just http: o fix a denial of service attack against header contents, which is now bounded at 16KiB. reported by JP. from CHANGES: o reduce default timeouts, and add expand timeouts to handle the initial line, each header, and the total time spent o add -T option to expose new timeout settings o minor RFC fixes related to timeout handling responses old timeouts: 60 seconds for initial request like, 60 seconds per header line, and no whole timeout (though the recent total header size changes do introduce one that would be about 11 hours.) new timeouts: 30 seconds for initial request like, 10 seconds per header line, and a total request time of 600 seconds. the new global timeout is implemented using CLOCK_MONOTONIC, with a fallback to CLOCK_REALTIME if monotonic time is unavailable. reject multiple Host: headers. besides being protocol standard, this closes one additional memory leak found by JP. add a simple test to check this. clean up option and usage handling some. move some #if support into bozohttpd.h. fix previous: have_debug was reversed. also fix have_dynamic_content from the previous previous. re-order the debug and dynamic content to match the same pattern as everything else so similar problems are less likely in the future. - move special files defines into bozohttpd.h, so we can ... - consolidate all the special file checks into bozo_check_special_files() so that all builds check the same list of special files, regardless of build options. - convert "(void)bozo_http_error(...); return -1;" into plain "return bozo_http_error(...);" - fix the call to bozo_check_special_files() to be used on all input types. part of the fixes for failure to reject access to /.htpasswd as reported by JP on tech-security. - use warn_unused_result attribute on bozo_check_special_files(), and fix the failures to return failure. second part of the htpasswd access fix. - update testsuite to use a fixed fake hostname. call this bozohttpd 20181121. two fixes reported by mouse: - don't check contents of 'st' if stat(2) failed. - round up instead of truncate. now 10000 byte files say 10kB not 9kB. use MAP_SHARED for the bzremap file. avoids netbsd kernel complaining: WARNING: defaulted mmap() share type to MAP_PRIVATE (pid 15478 command bozohttpd) many clean ups: - keep a list of special files and their human names - remove (void) casts on bozo_http_error() - fix a few more misuses of bozo_http_error() - rename check_mapping() to check_remap() and perform some CSE - switch away from ``%s'' to '%s' - remove a bunch of #ifdef using new have_feature defines alpha sort the option switch. add an assert() check on array bounds. minor style fixes. simplify bozo_match_content_map(). @ text @d1 1 a1 12 $NetBSD: CHANGES,v 1.28 2018/11/21 09:37:02 mrg Exp $ changes in bozohttpd 20181121: o add url remap support via .bzremap file, from martin@@netbsd.org o handle redirections for any protocol, not just http: o fix a denial of service attack against header contents, which is now bounded at 16KiB. reported by JP o reduce default timeouts, and add expand timeouts to handle the initial line, each header, and the total time spent o add -T option to expose new timeout settings o minor RFC fixes related to timeout handling o fix special file (.htpasswd, .bz*) bypass. reported by JP. @ 1.25.4.2 log @Pull up following revision(s) (requested by mrg in ticket #1109): libexec/httpd/main.c: revision 1.22 libexec/httpd/CHANGES: revision 1.29 libexec/httpd/cgi-bozo.c: revision 1.45 libexec/httpd/bozohttpd.h: revision 1.57 libexec/httpd/CHANGES: revision 1.30 libexec/httpd/bozohttpd.c: revision 1.97 libexec/httpd/bozohttpd.c: revision 1.98 libexec/httpd/bozohttpd.c: revision 1.99 one semicolon is usually enough. - appease lint - add FALLTHROUGH comment - one return is usually enough. - avoid c99ism. - fix -X option parsing. noted by Rajeev V. Pillai. - add option fixes here. - normalise some messages. @ text @d1 1 a1 4 $NetBSD: CHANGES,v 1.25.4.1 2018/11/24 17:13:51 martin Exp $ changes in bozohttpd 20181125: o fixes for option parsing introduced in bozohttpd 20181123 d12 1 a12 1 o fix special file (.htpasswd, .bz*) bypass. reported by JP d97 1 a97 1 program into main.c, the remaining parts are useable as library @ 1.25.4.3 log @Pull up the following revisions (via patch) requested by mrg in ticket #1281: libexec/httpd/CHANGES 1.31-1.40 libexec/httpd/Makefile 1.28 libexec/httpd/auth-bozo.c 1.23-1.24 libexec/httpd/bozohttpd.8 1.75-1.79 libexec/httpd/bozohttpd.c 1.100-1.113 libexec/httpd/bozohttpd.h 1.58-1.60 libexec/httpd/cgi-bozo.c 1.46-1.48 libexec/httpd/daemon-bozo.c 1.20-1.21 libexec/httpd/dir-index-bozo.c 1.29-1.32 libexec/httpd/ssl-bozo.c 1.26 libexec/httpd/testsuite/Makefile 1.12-1.13 libexec/httpd/testsuite/t11.out 1.2 libexec/httpd/testsuite/test-bigfile 1.6 libexec/httpd/testsuite/test-simple 1.6 Don't display special files in the directory index. They aren't served, but links to them are generated. --- All from "Rajeev V. Pillai" : - use html tables for directory index. - don't include "index.html" in html headers - additional escaping of names - re-add top/bottom borders - adds an aquamarine table header - Zebra-stripes table rows using CSS instead of code - fix CGI '+' param and error handling. - remove unused parameter to daemon_poll_err(). - avoid sign extension in % handling fix a few problems pointed out by clang static analyzer: - bozostrnsep() may return with "in = NULL", so check for it. - nul terminating in bozo_escape_rfc3986() can be simpler - don't use uniinit variables in check_remap() - don't use re-used freed data in check_virtual(). - fix bozoprefs->size setting when increasing the size (new total was being added to the prior total.) however, bozostrdup() may reference request->hr_file. --- Add ssl specific timeout value (30s). If SSL_accept() doesn't work with in this timeout value, ssl setup now fails. --- Fix handling of bozo_set_timeout() timeouts (and `-T' option parsing) --- Avoid .htpasswd exposure to authenticated users when .htpasswd is in the slashdir too. --- Avoid possible NULL dereference when sending a big request that timeout. --- Use strings.h for strcasecmp (on linux) --- Account for cgihandler being set when counting the number of CGI environment headers we are about to set. Avoids an assertion failure (and overruninng the array) later. @ text @d1 1 a1 21 $NetBSD: CHANGES,v 1.25.4.2 2018/11/28 19:50:37 martin Exp $ changes in bozohttpd 20190228: o extend timeout facility to ssl and stop servers hanging forever if the client never sends anything. reported by Steffen in netbsd PR#50655. o don't display special files in the directory index. they aren't served, but links to them are generated. o fix CGI '+' parameter handling, some error checking, and a double free. from rajeev_v_pillai@@yahoo.com o more directory indexing clean up. from rajeev_v_pillai@@yahoo.com changes in bozohttpd 20181215: o fix .htpasswd bypass for authenticated users. reported by JP, from leot@@netbsd.org o avoid possible null dereference when receiving a big request that timeout. reported by maya@@netbsd.org, from leot@@netbsd.org o fix handling of -T option, from leot@@netbsd.org o cleanups and portability improvements, from maya@@netbsd.org o change directory indexing to use html tables, from rajeev_v_pillai@@yahoo.com d296 1 a296 1 - add IPv6 support from itojun@@iijlab.net @ 1.25.4.4 log @Pull up the following via patch, requested by mrg in ticket #1668: Makefile 1.30-1.31 Makefile.boot 1.7-1.9 auth-bozo.c 1.25-1.26 bozohttpd.8 1.80-1.87 bozohttpd.c 1.114-1.123,1.125-1.128 bozohttpd.h 1.61-1.68 cgi-bozo.c 1.49-1.53 content-bozo.c 1.17-1.20 daemon-bozo.c 1-.22 dir-index-bozo.c 1.33-1.34 main.c 1.23-1.27 printenv.lua 1.4-1.5 ssl-bozo.c 1.27-1.29 libbozohttpd/libbozohttpd.3 1.5-1.6 small/Makefile 1.4 testsuite/Makefile 1.14 testsuite/t16.in 1.1 testsuite/t16.out 1.1 testsuite/t17.in 1.1 testsuite/t17.out 1.1 testsuite/t18.in 1.1 testsuite/t18.out 1.1 Update to bozohttpd 20210227. changes in bozohttpd 20210227: o new support for content types: .tar.bz2, .tar.xz, .tar.lz, .tar.zst, .tbz2, .txz, .tlz, .zipx, .xz, .zst, .sz, .lz, .lzma, .lzo, .7z, .lzo, .cab, .dmg, .jar, and .rar. should fix netbsd PR#56026: MIME type of .tar.xz file on ny{cdn,ftp}.NetBSD.org is invalid changes in bozohttpd 20210211: o fix various NULL derefs from malformed headers. mostly from . o fix memory leaks in library interface: add bozo_cleanup(). changes in bozohttpd 20201014: o also set -D_GNU_SOURCE in Makefile.boot. from hadrien.lacour@@posteo.net. o fix array size botch (assertion, not exploitable.) from martin@@netbsd.org. o also match %2F as well as %2f. from leah@@vuxu.org. o many manual and help fixes. clean ups for higher lint levels, consistency/style clean ups. various option fixes including made -f imply -b. from for freebsd. changes in bozohttpd 20200912: o add .m4a and .m4v file extensions. changes in bozohttpd 20200820: o make this work on sun2 by reducing mmap window there. o fix SSL shutdown sequence. from spz@@netbsd.org. o add readme support to directory indexing. from jmcneill@@netbsd.org o add blocklist(8) support. from jruoho@@netbsd.org. @ text @d1 1 a1 32 $NetBSD: CHANGES,v 1.25.4.3 2019/06/12 10:32:00 martin Exp $ changes in bozohttpd 20210227: o new support for content types: .tar.bz2, .tar.xz, .tar.lz, .tar.zst, .tbz2, .txz, .tlz, .zipx, .xz, .zst, .sz, .lz, .lzma, .lzo, .7z, .lzo, .cab, .dmg, .jar, and .rar. should fix netbsd PR#56026: MIME type of .tar.xz file on ny{cdn,ftp}.NetBSD.org is invalid changes in bozohttpd 20210211: o fix various NULL derefs from malformed headers. mostly from . o fix memory leaks in library interface: add bozo_cleanup(). changes in bozohttpd 20201014: o also set -D_GNU_SOURCE in Makefile.boot. from hadrien.lacour@@posteo.net. o fix array size botch (assertion, not exploitable.) from martin@@netbsd.org. o also match %2F as well as %2f. from leah@@vuxu.org. o many manual and help fixes. clean ups for higher lint levels, consistency/style clean ups. various option fixes including made -f imply -b. from for freebsd. changes in bozohttpd 20200912: o add .m4a and .m4v file extensions. changes in bozohttpd 20200820: o make this work on sun2 by reducing mmap window there. o fix SSL shutdown sequence. from spz@@netbsd.org. o add readme support to directory indexing. from jmcneill@@netbsd.org o add blocklist(8) support. from jruoho@@netbsd.org. @ 1.24 log @use netbsd rcsid @ text @d1 6 a6 1 $NetBSD$ d9 1 a9 1 o add a bozo_get_version() function which returns the version number @ 1.24.2.1 log @Sync with HEAD @ text @d1 1 a1 6 $NetBSD: CHANGES,v 1.25 2017/01/31 14:33:54 mrg Exp $ changes in bozohttpd 20170201: o fix an infinite loop in cgi processing o fixes and clean up for the testsuite o no longer sends encoding header for compressed formats d4 1 a4 1 o add a bozo_get_version() function which returns the version number @ 1.23 log @As proposed in: http://mail-index.netbsd.org/tech-userlevel/2016/05/18/msg009999.html and https://www.netbsd.org/~agc/bozo-20160517.diff add a patch to httpd to return the version string of httpd itself, and use the -G option on the command line to enable this. This gives httpd the ability to show, from the command line, what version is running. % /usr/build/obj/x86_64/usr/src/libexec/httpd/bozohttpd -G bozohttpd version bozohttpd/20160415 % @ text @d1 1 a1 1 $eterna: CHANGES,v 1.78 2011/11/18 01:25:11 mrg Exp $ @ 1.23.2.1 log @Sync with HEAD @ text @d1 1 a1 6 $NetBSD: CHANGES,v 1.25 2017/01/31 14:33:54 mrg Exp $ changes in bozohttpd 20170201: o fix an infinite loop in cgi processing o fixes and clean up for the testsuite o no longer sends encoding header for compressed formats d4 1 a4 1 o add a bozo_get_version() function which returns the version number @ 1.22 log @updates and bozohttpd 20160415: o add search-word support for CGI o fix a security issue in CGI suffix handler support which would allow remote code execution, from shm@@netbsd.org o -C option supports now CGI scripts only @ text @d3 3 @ 1.21 log @* add CGI support for ~user translation (-E switch) * add redirects to ~user translation * fix bugs around ~user translation * add schema detection for absolute redirects * fixed few memory leaks * bunch of minor tweaks * removed -r support * smarter redirects OK mrg@@ @ text @d3 6 @ 1.20 log @copyright maintenance, note shm@@ in the manual and update the CHANGES for recent changes. call this 20150320. @ text @d3 10 @ 1.19 log @call this 20140717. @ text @d3 5 d9 1 a9 1 o properly handle SSL errors. @ 1.19.2.1 log @Pull up following revision(s) (requested by mrg in ticket #705): libexec/httpd/CHANGES: revision 1.20 libexec/httpd/bozohttpd.8: revision 1.49 libexec/httpd/bozohttpd.c: revision 1.62-1.63 don't quote /. it doesn't work. this should fix PR#49765. copyright maintenance, note shm@@ in the manual and update the CHANGES for recent changes. call this 20150320. @ text @a2 5 changes in bozohttpd 20150320: o fix redirection handling o support transport stream (.ts) and video object (.vob) files o directory listings show correct file sizes for large files d4 1 a4 1 o properly handle SSL errors @ 1.19.2.1.2.1 log @Pull up following revision(s) (requested by mrg in ticket #1141): libexec/httpd/CHANGES: up to 1.22 libexec/httpd/Makefile: up to 1.26 libexec/httpd/auth-bozo.c: up to 1.18 libexec/httpd/bozohttpd.8: up to 1.59 libexec/httpd/bozohttpd.c: up to 1.80 libexec/httpd/bozohttpd.h: up to 1.45 libexec/httpd/cgi-bozo.c: up to 1.33 libexec/httpd/content-bozo.c: up to 1.13 libexec/httpd/daemon-bozo.c: up to 1.17 libexec/httpd/dir-index-bozo.c: up to 1.25 libexec/httpd/lua-bozo.c: up to 1.14 libexec/httpd/lua/bozo.lua: up to 1.2 libexec/httpd/lua/glue.c: up to 1.2 libexec/httpd/main.c: up to 1.13 libexec/httpd/printenv.lua: up to 1.3 libexec/httpd/ssl-bozo.c: up to 1.22 libexec/httpd/testsuite/Makefile: up to 1.5 libexec/httpd/testsuite/test-bigfile: up to 1.2 libexec/httpd/tilde-luzah-bozo.c: up to 1.14 Import bozohttpd 20151028: o add CGI support for ~user translation (-E switch) o add redirects to ~user translation o fix bugs around ~user translation o add schema detection for absolute redirects o fixed few memory leaks o bunch of minor tweaks o removed -r support o smarter redirects Changes in 20150320: o fix redirection handling o support transport stream (.ts) and video object (.vob) files o directory listings show correct file sizes for large files -- updates and bozohttpd 20160415: o add search-word support for CGI o fix a security issue in CGI suffix handler support which would allow remote code execution, from shm@@netbsd.org o -C option supports now CGI scripts only @ text @a2 16 changes in bozohttpd 20160415: o add search-word support for CGI o fix a security issue in CGI suffix handler support which would allow remote code execution, from shm@@netbsd.org o -C option supports now CGI scripts only changes in bozohttpd 20151028: o add CGI support for ~user translation (-E switch) o add redirects to ~user translation o fix bugs around ~user translation o add schema detection for absolute redirects o fixed few memory leaks o bunch of minor tweaks o removed -r support o smarter redirects @ 1.19.2.1.2.2 log @Pull up following revision(s) (requested by mrg in ticket #1309): libexec/httpd/CHANGES: revisions 1.23, 1.24 libexec/httpd/bozohttpd.8: revisions 1.60-1.62 libexec/httpd/bozohttpd.c: revisions 1.81-1.84 libexec/httpd/bozohttpd.h: revision 1.46 libexec/httpd/cgi-bozo.c: revision 1.35 libexec/httpd/content-bozo.c: revision 1.14 libexec/httpd/main.c: revisions 1.14-1.16 libexec/httpd/testsuite/Makefile: revision 1.6 libexec/httpd/testsuite/test-bigfile: revision 1.3 libexec/httpd/testsuite/test-simple: revisions 1.1, 1.2 update bozohttpd to 2016072: - fix memory leak - addd -G option to display version - fix some content type issues - fix issues in testsuite @ text @d1 1 a1 4 $NetBSD: CHANGES,v 1.24 2016/08/20 00:36:41 mrg Exp $ changes in bozohttpd 20160517: o add a bozo_get_version() function which returns the version number @ 1.19.2.1.2.3 log @Pull up following revision(s) (requested by mrg in ticket #1357): libexec/httpd/CHANGES: revision 1.25 libexec/httpd/bozohttpd.8: revisions 1.63-1.65 libexec/httpd/bozohttpd.c: revisions 1.85, 1.86 libexec/httpd/bozohttpd.h: revision 1.47 libexec/httpd/cgi-bozo.c: revisions 1.36, 1.37 libexec/httpd/libbozohttpd/libbozohttpd.3: revision 1.4 libexec/httpd/testsuite/Makefile: revision 1.7 libexec/httpd/testsuite/html_cmp: revision 1.5 libexec/httpd/testsuite/test-bigfile: revision 1.4 libexec/httpd/testsuite/test-simple: revisions 1.3, 1.4 libexec/httpd/testsuite/t11.in: revision 1.1 libexec/httpd/testsuite/t11.out: revision 1.1 libexec/httpd/testsuite/cgi-bin/empty: revision 1.1 Update bozohttpd to 20170201: - fix an infinite loop in cgi processing - fixes and clean up for the testsuite - no longer sends encoding header for compressed formats @ text @d1 1 a1 6 $NetBSD: CHANGES,v 1.19.2.1.2.2 2016/12/23 07:47:40 snj Exp $ changes in bozohttpd 20170201: o fix an infinite loop in cgi processing o fixes and clean up for the testsuite o no longer sends encoding header for compressed formats d4 1 a4 1 o add a bozo_get_version() function which returns the version number @ 1.19.2.1.2.4 log @Sync to HEAD (requested by mrg in ticket #1655): libexec/httpd/testsuite/data/.bzremap up to 1.1 libexec/httpd/testsuite/t12.out up to 1.1 libexec/httpd/testsuite/t12.in up to 1.1 libexec/httpd/testsuite/t13.out up to 1.1 libexec/httpd/testsuite/t13.in up to 1.1 libexec/httpd/testsuite/t14.out up to 1.1 libexec/httpd/testsuite/t14.in up to 1.1 libexec/httpd/testsuite/t15.out up to 1.1 libexec/httpd/testsuite/t15.in up to 1.1 libexec/httpd/CHANGES up to 1.28 libexec/httpd/Makefile up to 1.27 libexec/httpd/auth-bozo.c up to 1.22 libexec/httpd/bozohttpd.8 up to 1.74 libexec/httpd/bozohttpd.c up to 1.96 libexec/httpd/bozohttpd.h up to 1.56 libexec/httpd/cgi-bozo.c up to 1.44 libexec/httpd/content-bozo.c up to 1.16 libexec/httpd/daemon-bozo.c up to 1.19 libexec/httpd/dir-index-bozo.c up to 1.28 libexec/httpd/lua-bozo.c up to 1.15 libexec/httpd/main.c up to 1.21 libexec/httpd/ssl-bozo.c up to 1.25 libexec/httpd/tilde-luzah-bozo.c up to 1.16 libexec/httpd/libbozohttpd/Makefile up to 1.3 libexec/httpd/lua/bozo.lua up to 1.3 libexec/httpd/lua/glue.c up to 1.5 libexec/httpd/lua/optparse.lua up to 1.2 libexec/httpd/testsuite/Makefile up to 1.11 libexec/httpd/testsuite/html_cmp up to 1.6 libexec/httpd/testsuite/t3.out up to 1.4 libexec/httpd/testsuite/t5.out up to 1.4 libexec/httpd/testsuite/t6.out up to 1.4 libexec/httpd/testsuite/test-bigfile up to 1.5 libexec/httpd/testsuite/test-simple up to 1.5 Cosmetic changes to Lua binding in bozohttpd. - Don't use negative indicies to read arguments of Lua functions. - On error, return nil, "error string". - Use ssize_t for return values from bozo_read() and bozo_write(). - Prefer lstring especially when if saves you from appending NUL and doing len + 1 which can potentially wraparound. - Don't mix C allocations with Lua functions marked with "m" in the Lua manual. Those functions may throw (longjump) and leak data allocated by C function. In one case, I use luaL_Buffer, in the other case, I rearranged calls a bit. fix ordering of a couple of words. from Edgar Pettijohn in PR#52375. thanks! s/u_int/unsigned/. from Jan Danielsson. increases/fixes portability. PR bin/52194: bozohttpd fails to exec scripts via the -C mechanism sometimes with EFAULT due to not NULL terminated environment. Document script handler issues with httpd(8). From martin@@, addressing PR 52194. While here, use American spelling consistently and upper-case some abbreviations. Bump date. fix output since protocol agnostic change went in. XXX: i thought someone hooked this into atf already, please do :) Add support for remapping requested paths via a .bzredirect file. Fixes PR 52772. Ok: mrg@@ Bump date Remove trailing whitespace. use __func__ in debug(). fix a denial of service attack against header contents, which is now bounded at 16KiB. reported by JP. avoid memory leak in sending multiple auth headers. mostly mitigated by previous patch to limit total header size, but still a real problem here. note the changes present in bozohttpd 20181118: o add url remap support via .bzremap file, from martin%netbsd.org@@localhost o handle redirections for any protocol, not just http: o fix a denial of service attack against header contents, which is now bounded at 16KiB. reported by JP. from CHANGES: o reduce default timeouts, and add expand timeouts to handle the initial line, each header, and the total time spent o add -T option to expose new timeout settings o minor RFC fixes related to timeout handling responses old timeouts: 60 seconds for initial request like, 60 seconds per header line, and no whole timeout (though the recent total header size changes do introduce one that would be about 11 hours.) new timeouts: 30 seconds for initial request like, 10 seconds per header line, and a total request time of 600 seconds. the new global timeout is implemented using CLOCK_MONOTONIC, with a fallback to CLOCK_REALTIME if monotonic time is unavailable. reject multiple Host: headers. besides being protocol standard, this closes one additional memory leak found by JP. add a simple test to check this. clean up option and usage handling some. move some #if support into bozohttpd.h. fix previous: have_debug was reversed. also fix have_dynamic_content from the previous previous. re-order the debug and dynamic content to match the same pattern as everything else so similar problems are less likely in the future. - move special files defines into bozohttpd.h, so we can ... - consolidate all the special file checks into bozo_check_special_files() so that all builds check the same list of special files, regardless of build options. - convert "(void)bozo_http_error(...); return -1;" into plain "return bozo_http_error(...);" - fix the call to bozo_check_special_files() to be used on all input types. part of the fixes for failure to reject access to /.htpasswd as reported by JP on tech-security. - use warn_unused_result attribute on bozo_check_special_files(), and fix the failures to return failure. second part of the htpasswd access fix. - update testsuite to use a fixed fake hostname. call this bozohttpd 20181121. two fixes reported by mouse: - don't check contents of 'st' if stat(2) failed. - round up instead of truncate. now 10000 byte files say 10kB not 9kB. use MAP_SHARED for the bzremap file. avoids netbsd kernel complaining: WARNING: defaulted mmap() share type to MAP_PRIVATE (pid 15478 command bozohttpd) many clean ups: - keep a list of special files and their human names - remove (void) casts on bozo_http_error() - fix a few more misuses of bozo_http_error() - rename check_mapping() to check_remap() and perform some CSE - switch away from ``%s'' to '%s' - remove a bunch of #ifdef using new have_feature defines alpha sort the option switch. add an assert() check on array bounds. minor style fixes. simplify bozo_match_content_map(). @ text @d1 1 a1 12 $NetBSD: CHANGES,v 1.28 2018/11/21 09:37:02 mrg Exp $ changes in bozohttpd 20181121: o add url remap support via .bzremap file, from martin@@netbsd.org o handle redirections for any protocol, not just http: o fix a denial of service attack against header contents, which is now bounded at 16KiB. reported by JP o reduce default timeouts, and add expand timeouts to handle the initial line, each header, and the total time spent o add -T option to expose new timeout settings o minor RFC fixes related to timeout handling o fix special file (.htpasswd, .bz*) bypass. reported by JP. @ 1.19.2.1.2.5 log @Pull up following revision(s) (requested by mrg in ticket #1659): libexec/httpd/main.c: revision 1.22 libexec/httpd/CHANGES: revision 1.29 libexec/httpd/cgi-bozo.c: revision 1.45 libexec/httpd/bozohttpd.h: revision 1.57 libexec/httpd/CHANGES: revision 1.30 libexec/httpd/bozohttpd.c: revision 1.97 libexec/httpd/bozohttpd.c: revision 1.98 libexec/httpd/bozohttpd.c: revision 1.99 one semicolon is usually enough. - appease lint - add FALLTHROUGH comment - one return is usually enough. - avoid c99ism. - fix -X option parsing. noted by Rajeev V. Pillai. - add option fixes here. - normalise some messages. @ text @d1 1 a1 4 $NetBSD: CHANGES,v 1.19.2.1.2.4 2018/11/24 17:23:47 martin Exp $ changes in bozohttpd 20181125: o fixes for option parsing introduced in bozohttpd 20181123 d12 1 a12 1 o fix special file (.htpasswd, .bz*) bypass. reported by JP d97 1 a97 1 program into main.c, the remaining parts are useable as library @ 1.19.2.1.2.6 log @Pull up the following revisions (via patch) requested by mrg in ticket #1699: libexec/httpd/CHANGES 1.31-1.40 libexec/httpd/Makefile 1.28 libexec/httpd/auth-bozo.c 1.23-1.24 libexec/httpd/bozohttpd.8 1.75-1.79 libexec/httpd/bozohttpd.c 1.100-1.113 libexec/httpd/bozohttpd.h 1.58-1.60 libexec/httpd/cgi-bozo.c 1.46-1.48 libexec/httpd/daemon-bozo.c 1.20-1.21 libexec/httpd/dir-index-bozo.c 1.29-1.32 libexec/httpd/ssl-bozo.c 1.26 libexec/httpd/testsuite/Makefile 1.12-1.13 libexec/httpd/testsuite/t11.out 1.2 libexec/httpd/testsuite/test-bigfile 1.6 libexec/httpd/testsuite/test-simple 1.6 Don't display special files in the directory index. They aren't served, but links to them are generated. --- All from "Rajeev V. Pillai" : - use html tables for directory index. - don't include "index.html" in html headers - additional escaping of names - re-add top/bottom borders - adds an aquamarine table header - Zebra-stripes table rows using CSS instead of code - fix CGI '+' param and error handling. - remove unused parameter to daemon_poll_err(). - avoid sign extension in % handling fix a few problems pointed out by clang static analyzer: - bozostrnsep() may return with "in = NULL", so check for it. - nul terminating in bozo_escape_rfc3986() can be simpler - don't use uniinit variables in check_remap() - don't use re-used freed data in check_virtual(). - fix bozoprefs->size setting when increasing the size (new total was being added to the prior total.) however, bozostrdup() may reference request->hr_file. --- Add ssl specific timeout value (30s). If SSL_accept() doesn't work with in this timeout value, ssl setup now fails. --- Fix handling of bozo_set_timeout() timeouts (and `-T' option parsing) --- Avoid .htpasswd exposure to authenticated users when .htpasswd is in the slashdir too. --- Avoid possible NULL dereference when sending a big request that timeout. --- Use strings.h for strcasecmp (on linux) --- Account for cgihandler being set when counting the number of CGI environment headers we are about to set. Avoids an assertion failure (and overruninng the array) later. @ text @d1 1 a1 21 $NetBSD: CHANGES,v 1.19.2.1.2.5 2018/11/28 19:57:50 martin Exp $ changes in bozohttpd 20190228: o extend timeout facility to ssl and stop servers hanging forever if the client never sends anything. reported by Steffen in netbsd PR#50655. o don't display special files in the directory index. they aren't served, but links to them are generated. o fix CGI '+' parameter handling, some error checking, and a double free. from rajeev_v_pillai@@yahoo.com o more directory indexing clean up. from rajeev_v_pillai@@yahoo.com changes in bozohttpd 20181215: o fix .htpasswd bypass for authenticated users. reported by JP, from leot@@netbsd.org o avoid possible null dereference when receiving a big request that timeout. reported by maya@@netbsd.org, from leot@@netbsd.org o fix handling of -T option, from leot@@netbsd.org o cleanups and portability improvements, from maya@@netbsd.org o change directory indexing to use html tables, from rajeev_v_pillai@@yahoo.com d296 1 a296 1 - add IPv6 support from itojun@@iijlab.net @ 1.19.2.2 log @Catch up to -current (via patch), requested by mspo in #1141: libexec/httpd/CHANGES up to 1.21 libexec/httpd/Makefile up to 1.26 libexec/httpd/auth-bozo.c up to 1.18 libexec/httpd/bozohttpd.8 up to 1.58 libexec/httpd/bozohttpd.c up to 1.79 libexec/httpd/bozohttpd.h up to 1.44 libexec/httpd/cgi-bozo.c up to 1.32 libexec/httpd/content-bozo.c up to 1.13 libexec/httpd/daemon-bozo.c up to 1.17 libexec/httpd/dir-index-bozo.c up to 1.25 libexec/httpd/lua-bozo.c up to 1.14 libexec/httpd/main.c up to 1.13 libexec/httpd/netbsd_queue.h up to 1.1 libexec/httpd/printenv.lua up to 1.3 libexec/httpd/ssl-bozo.c up to 1.22 libexec/httpd/tilde-luzah-bozo.c up to 1.14 libexec/httpd/testsuite/Makefile up to 1.5 libexec/httpd/testsuite/test-bigfile up to 1.2 Import bozohttpd 20151028: o add CGI support for ~user translation (-E switch) o add redirects to ~user translation o fix bugs around ~user translation o add schema detection for absolute redirects o fixed few memory leaks o bunch of minor tweaks o removed -r support o smarter redirects Changes in 20150320: o fix redirection handling o support transport stream (.ts) and video object (.vob) files o directory listings show correct file sizes for large files @ text @a2 10 changes in bozohttpd 20151028: o add CGI support for ~user translation (-E switch) o add redirects to ~user translation o fix bugs around ~user translation o add schema detection for absolute redirects o fixed few memory leaks o bunch of minor tweaks o removed -r support o smarter redirects @ 1.19.2.3 log @Pull up following revision(s) (requested by mrg in ticket #1141): libexec/httpd/CHANGES: up to 1.22 libexec/httpd/bozohttpd.8: up to 1.59 libexec/httpd/bozohttpd.c: up to 1.80 libexec/httpd/bozohttpd.h: up to 1.45 libexec/httpd/cgi-bozo.c: up to 1.33 libexec/httpd/lua/bozo.lua: up to 1.2 libexec/httpd/lua/glue.c: up to 1.2 Import bozohttpd 20151028: o add CGI support for ~user translation (-E switch) o add redirects to ~user translation o fix bugs around ~user translation o add schema detection for absolute redirects o fixed few memory leaks o bunch of minor tweaks o removed -r support o smarter redirects -- Changes in 20150320: o fix redirection handling o support transport stream (.ts) and video object (.vob) files o directory listings show correct file sizes for large files -- updates and bozohttpd 20160415: o add search-word support for CGI o fix a security issue in CGI suffix handler support which would allow remote code execution, from shm@@netbsd.org o -C option supports now CGI scripts only @ text @a2 6 changes in bozohttpd 20160415: o add search-word support for CGI o fix a security issue in CGI suffix handler support which would allow remote code execution, from shm@@netbsd.org o -C option supports now CGI scripts only @ 1.19.2.3.2.1 log @Sync with netbsd-5 @ text @d1 1 a1 4 $NetBSD: CHANGES,v 1.19.2.4 2016/12/23 07:42:09 snj Exp $ changes in bozohttpd 20160517: o add a bozo_get_version() function which returns the version number @ 1.19.2.3.2.2 log @Sync with netbsd-7-1-RELEASE @ text @d1 1 a1 6 $NetBSD: CHANGES,v 1.19.2.3.2.1 2017/01/18 08:46:23 skrll Exp $ changes in bozohttpd 20170201: o fix an infinite loop in cgi processing o fixes and clean up for the testsuite o no longer sends encoding header for compressed formats d4 1 a4 1 o add a bozo_get_version() function which returns the version number @ 1.19.2.4 log @Pull up following revision(s) (requested by mrg in ticket #1309): libexec/httpd/CHANGES: revisions 1.23, 1.24 libexec/httpd/bozohttpd.8: revisions 1.60-1.62 libexec/httpd/bozohttpd.c: revisions 1.81-1.84 libexec/httpd/bozohttpd.h: revision 1.46 libexec/httpd/cgi-bozo.c: revision 1.35 libexec/httpd/content-bozo.c: revision 1.14 libexec/httpd/main.c: revisions 1.14-1.16 libexec/httpd/testsuite/Makefile: revision 1.6 libexec/httpd/testsuite/test-bigfile: revision 1.3 libexec/httpd/testsuite/test-simple: revisions 1.1, 1.2 update bozohttpd to 2016072: - fix memory leak - addd -G option to display version - fix some content type issues - fix issues in testsuite @ text @d1 1 a1 4 $NetBSD: CHANGES,v 1.24 2016/08/20 00:36:41 mrg Exp $ changes in bozohttpd 20160517: o add a bozo_get_version() function which returns the version number @ 1.19.2.5 log @Pull up following revision(s) (requested by mrg in ticket #1357): libexec/httpd/CHANGES: revision 1.25 libexec/httpd/bozohttpd.8: revisions 1.63-1.65 libexec/httpd/bozohttpd.c: revisions 1.85, 1.86 libexec/httpd/bozohttpd.h: revision 1.47 libexec/httpd/cgi-bozo.c: revisions 1.36, 1.37 libexec/httpd/libbozohttpd/libbozohttpd.3: revision 1.4 libexec/httpd/testsuite/Makefile: revision 1.7 libexec/httpd/testsuite/html_cmp: revision 1.5 libexec/httpd/testsuite/test-bigfile: revision 1.4 libexec/httpd/testsuite/test-simple: revisions 1.3, 1.4 libexec/httpd/testsuite/t11.in: revision 1.1 libexec/httpd/testsuite/t11.out: revision 1.1 libexec/httpd/testsuite/cgi-bin/empty: revision 1.1 Update bozohttpd to 20170201: - fix an infinite loop in cgi processing - fixes and clean up for the testsuite - no longer sends encoding header for compressed formats @ text @d1 1 a1 6 $NetBSD: CHANGES,v 1.19.2.4 2016/12/23 07:42:09 snj Exp $ changes in bozohttpd 20170201: o fix an infinite loop in cgi processing o fixes and clean up for the testsuite o no longer sends encoding header for compressed formats d4 1 a4 1 o add a bozo_get_version() function which returns the version number @ 1.19.2.5.2.1 log @Sync to HEAD (requested by mrg in ticket #1655): libexec/httpd/testsuite/data/.bzremap up to 1.1 libexec/httpd/testsuite/t12.out up to 1.1 libexec/httpd/testsuite/t12.in up to 1.1 libexec/httpd/testsuite/t13.out up to 1.1 libexec/httpd/testsuite/t13.in up to 1.1 libexec/httpd/testsuite/t14.out up to 1.1 libexec/httpd/testsuite/t14.in up to 1.1 libexec/httpd/testsuite/t15.out up to 1.1 libexec/httpd/testsuite/t15.in up to 1.1 libexec/httpd/CHANGES up to 1.28 libexec/httpd/Makefile up to 1.27 libexec/httpd/auth-bozo.c up to 1.22 libexec/httpd/bozohttpd.8 up to 1.74 libexec/httpd/bozohttpd.c up to 1.96 libexec/httpd/bozohttpd.h up to 1.56 libexec/httpd/cgi-bozo.c up to 1.44 libexec/httpd/content-bozo.c up to 1.16 libexec/httpd/daemon-bozo.c up to 1.19 libexec/httpd/dir-index-bozo.c up to 1.28 libexec/httpd/lua-bozo.c up to 1.15 libexec/httpd/main.c up to 1.21 libexec/httpd/ssl-bozo.c up to 1.25 libexec/httpd/tilde-luzah-bozo.c up to 1.16 libexec/httpd/libbozohttpd/Makefile up to 1.3 libexec/httpd/lua/bozo.lua up to 1.3 libexec/httpd/lua/glue.c up to 1.5 libexec/httpd/lua/optparse.lua up to 1.2 libexec/httpd/testsuite/Makefile up to 1.11 libexec/httpd/testsuite/html_cmp up to 1.6 libexec/httpd/testsuite/t3.out up to 1.4 libexec/httpd/testsuite/t5.out up to 1.4 libexec/httpd/testsuite/t6.out up to 1.4 libexec/httpd/testsuite/test-bigfile up to 1.5 libexec/httpd/testsuite/test-simple up to 1.5 Cosmetic changes to Lua binding in bozohttpd. - Don't use negative indicies to read arguments of Lua functions. - On error, return nil, "error string". - Use ssize_t for return values from bozo_read() and bozo_write(). - Prefer lstring especially when if saves you from appending NUL and doing len + 1 which can potentially wraparound. - Don't mix C allocations with Lua functions marked with "m" in the Lua manual. Those functions may throw (longjump) and leak data allocated by C function. In one case, I use luaL_Buffer, in the other case, I rearranged calls a bit. fix ordering of a couple of words. from Edgar Pettijohn in PR#52375. thanks! s/u_int/unsigned/. from Jan Danielsson. increases/fixes portability. PR bin/52194: bozohttpd fails to exec scripts via the -C mechanism sometimes with EFAULT due to not NULL terminated environment. Document script handler issues with httpd(8). From martin@@, addressing PR 52194. While here, use American spelling consistently and upper-case some abbreviations. Bump date. fix output since protocol agnostic change went in. XXX: i thought someone hooked this into atf already, please do :) Add support for remapping requested paths via a .bzredirect file. Fixes PR 52772. Ok: mrg@@ Bump date Remove trailing whitespace. use __func__ in debug(). fix a denial of service attack against header contents, which is now bounded at 16KiB. reported by JP. avoid memory leak in sending multiple auth headers. mostly mitigated by previous patch to limit total header size, but still a real problem here. note the changes present in bozohttpd 20181118: o add url remap support via .bzremap file, from martin%netbsd.org@@localhost o handle redirections for any protocol, not just http: o fix a denial of service attack against header contents, which is now bounded at 16KiB. reported by JP. from CHANGES: o reduce default timeouts, and add expand timeouts to handle the initial line, each header, and the total time spent o add -T option to expose new timeout settings o minor RFC fixes related to timeout handling responses old timeouts: 60 seconds for initial request like, 60 seconds per header line, and no whole timeout (though the recent total header size changes do introduce one that would be about 11 hours.) new timeouts: 30 seconds for initial request like, 10 seconds per header line, and a total request time of 600 seconds. the new global timeout is implemented using CLOCK_MONOTONIC, with a fallback to CLOCK_REALTIME if monotonic time is unavailable. reject multiple Host: headers. besides being protocol standard, this closes one additional memory leak found by JP. add a simple test to check this. clean up option and usage handling some. move some #if support into bozohttpd.h. fix previous: have_debug was reversed. also fix have_dynamic_content from the previous previous. re-order the debug and dynamic content to match the same pattern as everything else so similar problems are less likely in the future. - move special files defines into bozohttpd.h, so we can ... - consolidate all the special file checks into bozo_check_special_files() so that all builds check the same list of special files, regardless of build options. - convert "(void)bozo_http_error(...); return -1;" into plain "return bozo_http_error(...);" - fix the call to bozo_check_special_files() to be used on all input types. part of the fixes for failure to reject access to /.htpasswd as reported by JP on tech-security. - use warn_unused_result attribute on bozo_check_special_files(), and fix the failures to return failure. second part of the htpasswd access fix. - update testsuite to use a fixed fake hostname. call this bozohttpd 20181121. two fixes reported by mouse: - don't check contents of 'st' if stat(2) failed. - round up instead of truncate. now 10000 byte files say 10kB not 9kB. use MAP_SHARED for the bzremap file. avoids netbsd kernel complaining: WARNING: defaulted mmap() share type to MAP_PRIVATE (pid 15478 command bozohttpd) many clean ups: - keep a list of special files and their human names - remove (void) casts on bozo_http_error() - fix a few more misuses of bozo_http_error() - rename check_mapping() to check_remap() and perform some CSE - switch away from ``%s'' to '%s' - remove a bunch of #ifdef using new have_feature defines alpha sort the option switch. add an assert() check on array bounds. minor style fixes. simplify bozo_match_content_map(). @ text @d1 1 a1 12 $NetBSD: CHANGES,v 1.28 2018/11/21 09:37:02 mrg Exp $ changes in bozohttpd 20181121: o add url remap support via .bzremap file, from martin@@netbsd.org o handle redirections for any protocol, not just http: o fix a denial of service attack against header contents, which is now bounded at 16KiB. reported by JP o reduce default timeouts, and add expand timeouts to handle the initial line, each header, and the total time spent o add -T option to expose new timeout settings o minor RFC fixes related to timeout handling o fix special file (.htpasswd, .bz*) bypass. reported by JP. @ 1.19.2.5.2.2 log @Pull up following revision(s) (requested by mrg in ticket #1659): libexec/httpd/main.c: revision 1.22 libexec/httpd/CHANGES: revision 1.29 libexec/httpd/cgi-bozo.c: revision 1.45 libexec/httpd/bozohttpd.h: revision 1.57 libexec/httpd/CHANGES: revision 1.30 libexec/httpd/bozohttpd.c: revision 1.97 libexec/httpd/bozohttpd.c: revision 1.98 libexec/httpd/bozohttpd.c: revision 1.99 one semicolon is usually enough. - appease lint - add FALLTHROUGH comment - one return is usually enough. - avoid c99ism. - fix -X option parsing. noted by Rajeev V. Pillai. - add option fixes here. - normalise some messages. @ text @d1 1 a1 4 $NetBSD: CHANGES,v 1.19.2.5.2.1 2018/11/24 17:23:20 martin Exp $ changes in bozohttpd 20181125: o fixes for option parsing introduced in bozohttpd 20181123 d12 1 a12 1 o fix special file (.htpasswd, .bz*) bypass. reported by JP d97 1 a97 1 program into main.c, the remaining parts are useable as library @ 1.19.2.5.2.3 log @Pull up the following revisions (via patch) requested by mrg in ticket #1699: libexec/httpd/CHANGES 1.31-1.40 libexec/httpd/Makefile 1.28 libexec/httpd/auth-bozo.c 1.23-1.24 libexec/httpd/bozohttpd.8 1.75-1.79 libexec/httpd/bozohttpd.c 1.100-1.113 libexec/httpd/bozohttpd.h 1.58-1.60 libexec/httpd/cgi-bozo.c 1.46-1.48 libexec/httpd/daemon-bozo.c 1.20-1.21 libexec/httpd/dir-index-bozo.c 1.29-1.32 libexec/httpd/ssl-bozo.c 1.26 libexec/httpd/testsuite/Makefile 1.12-1.13 libexec/httpd/testsuite/t11.out 1.2 libexec/httpd/testsuite/test-bigfile 1.6 libexec/httpd/testsuite/test-simple 1.6 Don't display special files in the directory index. They aren't served, but links to them are generated. --- All from "Rajeev V. Pillai" : - use html tables for directory index. - don't include "index.html" in html headers - additional escaping of names - re-add top/bottom borders - adds an aquamarine table header - Zebra-stripes table rows using CSS instead of code - fix CGI '+' param and error handling. - remove unused parameter to daemon_poll_err(). - avoid sign extension in % handling fix a few problems pointed out by clang static analyzer: - bozostrnsep() may return with "in = NULL", so check for it. - nul terminating in bozo_escape_rfc3986() can be simpler - don't use uniinit variables in check_remap() - don't use re-used freed data in check_virtual(). - fix bozoprefs->size setting when increasing the size (new total was being added to the prior total.) however, bozostrdup() may reference request->hr_file. --- Add ssl specific timeout value (30s). If SSL_accept() doesn't work with in this timeout value, ssl setup now fails. --- Fix handling of bozo_set_timeout() timeouts (and `-T' option parsing) --- Avoid .htpasswd exposure to authenticated users when .htpasswd is in the slashdir too. --- Avoid possible NULL dereference when sending a big request that timeout. --- Use strings.h for strcasecmp (on linux) --- Account for cgihandler being set when counting the number of CGI environment headers we are about to set. Avoids an assertion failure (and overruninng the array) later. @ text @d1 1 a1 21 $NetBSD: CHANGES,v 1.19.2.5.2.2 2018/11/28 19:56:09 martin Exp $ changes in bozohttpd 20190228: o extend timeout facility to ssl and stop servers hanging forever if the client never sends anything. reported by Steffen in netbsd PR#50655. o don't display special files in the directory index. they aren't served, but links to them are generated. o fix CGI '+' parameter handling, some error checking, and a double free. from rajeev_v_pillai@@yahoo.com o more directory indexing clean up. from rajeev_v_pillai@@yahoo.com changes in bozohttpd 20181215: o fix .htpasswd bypass for authenticated users. reported by JP, from leot@@netbsd.org o avoid possible null dereference when receiving a big request that timeout. reported by maya@@netbsd.org, from leot@@netbsd.org o fix handling of -T option, from leot@@netbsd.org o cleanups and portability improvements, from maya@@netbsd.org o change directory indexing to use html tables, from rajeev_v_pillai@@yahoo.com d296 1 a296 1 - add IPv6 support from itojun@@iijlab.net @ 1.19.2.6 log @Sync to HEAD (requested by mrg in ticket #1655): libexec/httpd/testsuite/data/.bzremap up to 1.1 libexec/httpd/testsuite/t12.out up to 1.1 libexec/httpd/testsuite/t12.in up to 1.1 libexec/httpd/testsuite/t13.out up to 1.1 libexec/httpd/testsuite/t13.in up to 1.1 libexec/httpd/testsuite/t14.out up to 1.1 libexec/httpd/testsuite/t14.in up to 1.1 libexec/httpd/testsuite/t15.out up to 1.1 libexec/httpd/testsuite/t15.in up to 1.1 libexec/httpd/CHANGES up to 1.28 libexec/httpd/Makefile up to 1.27 libexec/httpd/auth-bozo.c up to 1.22 libexec/httpd/bozohttpd.8 up to 1.74 libexec/httpd/bozohttpd.c up to 1.96 libexec/httpd/bozohttpd.h up to 1.56 libexec/httpd/cgi-bozo.c up to 1.44 libexec/httpd/content-bozo.c up to 1.16 libexec/httpd/daemon-bozo.c up to 1.19 libexec/httpd/dir-index-bozo.c up to 1.28 libexec/httpd/lua-bozo.c up to 1.15 libexec/httpd/main.c up to 1.21 libexec/httpd/ssl-bozo.c up to 1.25 libexec/httpd/tilde-luzah-bozo.c up to 1.16 libexec/httpd/libbozohttpd/Makefile up to 1.3 libexec/httpd/lua/bozo.lua up to 1.3 libexec/httpd/lua/glue.c up to 1.5 libexec/httpd/lua/optparse.lua up to 1.2 libexec/httpd/testsuite/Makefile up to 1.11 libexec/httpd/testsuite/html_cmp up to 1.6 libexec/httpd/testsuite/t3.out up to 1.4 libexec/httpd/testsuite/t5.out up to 1.4 libexec/httpd/testsuite/t6.out up to 1.4 libexec/httpd/testsuite/test-bigfile up to 1.5 libexec/httpd/testsuite/test-simple up to 1.5 Cosmetic changes to Lua binding in bozohttpd. - Don't use negative indicies to read arguments of Lua functions. - On error, return nil, "error string". - Use ssize_t for return values from bozo_read() and bozo_write(). - Prefer lstring especially when if saves you from appending NUL and doing len + 1 which can potentially wraparound. - Don't mix C allocations with Lua functions marked with "m" in the Lua manual. Those functions may throw (longjump) and leak data allocated by C function. In one case, I use luaL_Buffer, in the other case, I rearranged calls a bit. fix ordering of a couple of words. from Edgar Pettijohn in PR#52375. thanks! s/u_int/unsigned/. from Jan Danielsson. increases/fixes portability. PR bin/52194: bozohttpd fails to exec scripts via the -C mechanism sometimes with EFAULT due to not NULL terminated environment. Document script handler issues with httpd(8). From martin@@, addressing PR 52194. While here, use American spelling consistently and upper-case some abbreviations. Bump date. fix output since protocol agnostic change went in. XXX: i thought someone hooked this into atf already, please do :) Add support for remapping requested paths via a .bzredirect file. Fixes PR 52772. Ok: mrg@@ Bump date Remove trailing whitespace. use __func__ in debug(). fix a denial of service attack against header contents, which is now bounded at 16KiB. reported by JP. avoid memory leak in sending multiple auth headers. mostly mitigated by previous patch to limit total header size, but still a real problem here. note the changes present in bozohttpd 20181118: o add url remap support via .bzremap file, from martin%netbsd.org@@localhost o handle redirections for any protocol, not just http: o fix a denial of service attack against header contents, which is now bounded at 16KiB. reported by JP. from CHANGES: o reduce default timeouts, and add expand timeouts to handle the initial line, each header, and the total time spent o add -T option to expose new timeout settings o minor RFC fixes related to timeout handling responses old timeouts: 60 seconds for initial request like, 60 seconds per header line, and no whole timeout (though the recent total header size changes do introduce one that would be about 11 hours.) new timeouts: 30 seconds for initial request like, 10 seconds per header line, and a total request time of 600 seconds. the new global timeout is implemented using CLOCK_MONOTONIC, with a fallback to CLOCK_REALTIME if monotonic time is unavailable. reject multiple Host: headers. besides being protocol standard, this closes one additional memory leak found by JP. add a simple test to check this. clean up option and usage handling some. move some #if support into bozohttpd.h. fix previous: have_debug was reversed. also fix have_dynamic_content from the previous previous. re-order the debug and dynamic content to match the same pattern as everything else so similar problems are less likely in the future. - move special files defines into bozohttpd.h, so we can ... - consolidate all the special file checks into bozo_check_special_files() so that all builds check the same list of special files, regardless of build options. - convert "(void)bozo_http_error(...); return -1;" into plain "return bozo_http_error(...);" - fix the call to bozo_check_special_files() to be used on all input types. part of the fixes for failure to reject access to /.htpasswd as reported by JP on tech-security. - use warn_unused_result attribute on bozo_check_special_files(), and fix the failures to return failure. second part of the htpasswd access fix. - update testsuite to use a fixed fake hostname. call this bozohttpd 20181121. two fixes reported by mouse: - don't check contents of 'st' if stat(2) failed. - round up instead of truncate. now 10000 byte files say 10kB not 9kB. use MAP_SHARED for the bzremap file. avoids netbsd kernel complaining: WARNING: defaulted mmap() share type to MAP_PRIVATE (pid 15478 command bozohttpd) many clean ups: - keep a list of special files and their human names - remove (void) casts on bozo_http_error() - fix a few more misuses of bozo_http_error() - rename check_mapping() to check_remap() and perform some CSE - switch away from ``%s'' to '%s' - remove a bunch of #ifdef using new have_feature defines alpha sort the option switch. add an assert() check on array bounds. minor style fixes. simplify bozo_match_content_map(). @ text @d1 1 a1 12 $NetBSD: CHANGES,v 1.28 2018/11/21 09:37:02 mrg Exp $ changes in bozohttpd 20181121: o add url remap support via .bzremap file, from martin@@netbsd.org o handle redirections for any protocol, not just http: o fix a denial of service attack against header contents, which is now bounded at 16KiB. reported by JP o reduce default timeouts, and add expand timeouts to handle the initial line, each header, and the total time spent o add -T option to expose new timeout settings o minor RFC fixes related to timeout handling o fix special file (.htpasswd, .bz*) bypass. reported by JP. @ 1.19.2.7 log @Pull up following revision(s) (requested by mrg in ticket #1659): libexec/httpd/main.c: revision 1.22 libexec/httpd/CHANGES: revision 1.29 libexec/httpd/cgi-bozo.c: revision 1.45 libexec/httpd/bozohttpd.h: revision 1.57 libexec/httpd/CHANGES: revision 1.30 libexec/httpd/bozohttpd.c: revision 1.97 libexec/httpd/bozohttpd.c: revision 1.98 libexec/httpd/bozohttpd.c: revision 1.99 one semicolon is usually enough. - appease lint - add FALLTHROUGH comment - one return is usually enough. - avoid c99ism. - fix -X option parsing. noted by Rajeev V. Pillai. - add option fixes here. - normalise some messages. @ text @d1 1 a1 4 $NetBSD: CHANGES,v 1.19.2.6 2018/11/24 17:22:57 martin Exp $ changes in bozohttpd 20181125: o fixes for option parsing introduced in bozohttpd 20181123 d12 1 a12 1 o fix special file (.htpasswd, .bz*) bypass. reported by JP d97 1 a97 1 program into main.c, the remaining parts are useable as library @ 1.19.2.8 log @Pull up the following revisions (via patch) requested by mrg in ticket #1699: libexec/httpd/CHANGES 1.31-1.40 libexec/httpd/Makefile 1.28 libexec/httpd/auth-bozo.c 1.23-1.24 libexec/httpd/bozohttpd.8 1.75-1.79 libexec/httpd/bozohttpd.c 1.100-1.113 libexec/httpd/bozohttpd.h 1.58-1.60 libexec/httpd/cgi-bozo.c 1.46-1.48 libexec/httpd/daemon-bozo.c 1.20-1.21 libexec/httpd/dir-index-bozo.c 1.29-1.32 libexec/httpd/ssl-bozo.c 1.26 libexec/httpd/testsuite/Makefile 1.12-1.13 libexec/httpd/testsuite/t11.out 1.2 libexec/httpd/testsuite/test-bigfile 1.6 libexec/httpd/testsuite/test-simple 1.6 Don't display special files in the directory index. They aren't served, but links to them are generated. --- All from "Rajeev V. Pillai" : - use html tables for directory index. - don't include "index.html" in html headers - additional escaping of names - re-add top/bottom borders - adds an aquamarine table header - Zebra-stripes table rows using CSS instead of code - fix CGI '+' param and error handling. - remove unused parameter to daemon_poll_err(). - avoid sign extension in % handling fix a few problems pointed out by clang static analyzer: - bozostrnsep() may return with "in = NULL", so check for it. - nul terminating in bozo_escape_rfc3986() can be simpler - don't use uniinit variables in check_remap() - don't use re-used freed data in check_virtual(). - fix bozoprefs->size setting when increasing the size (new total was being added to the prior total.) however, bozostrdup() may reference request->hr_file. --- Add ssl specific timeout value (30s). If SSL_accept() doesn't work with in this timeout value, ssl setup now fails. --- Fix handling of bozo_set_timeout() timeouts (and `-T' option parsing) --- Avoid .htpasswd exposure to authenticated users when .htpasswd is in the slashdir too. --- Avoid possible NULL dereference when sending a big request that timeout. --- Use strings.h for strcasecmp (on linux) --- Account for cgihandler being set when counting the number of CGI environment headers we are about to set. Avoids an assertion failure (and overruninng the array) later. @ text @d1 1 a1 21 $NetBSD: CHANGES,v 1.19.2.7 2018/11/28 19:54:18 martin Exp $ changes in bozohttpd 20190228: o extend timeout facility to ssl and stop servers hanging forever if the client never sends anything. reported by Steffen in netbsd PR#50655. o don't display special files in the directory index. they aren't served, but links to them are generated. o fix CGI '+' parameter handling, some error checking, and a double free. from rajeev_v_pillai@@yahoo.com o more directory indexing clean up. from rajeev_v_pillai@@yahoo.com changes in bozohttpd 20181215: o fix .htpasswd bypass for authenticated users. reported by JP, from leot@@netbsd.org o avoid possible null dereference when receiving a big request that timeout. reported by maya@@netbsd.org, from leot@@netbsd.org o fix handling of -T option, from leot@@netbsd.org o cleanups and portability improvements, from maya@@netbsd.org o change directory indexing to use html tables, from rajeev_v_pillai@@yahoo.com d296 1 a296 1 - add IPv6 support from itojun@@iijlab.net @ 1.18 log @call this bozohttpd 20140708, and add/fix a couple of CHANGES entries. @ text @d3 3 @ 1.17 log @avoid truncating a directory path when using snprintf(), but instead detect and return an error. found and fixed by shm@@netbsd. @ text @d3 6 a11 2 o fix a security issue in basic HTTP authentication which would allow authentication to be bypassed, from shm@@netbsd.org @ 1.16 log @bump version, note .svg support. @ text @d6 2 @ 1.15 log @update for 2014-02-01. @ text @d4 1 @ 1.15.2.1 log @Rebase. @ text @a2 9 changes in bozohttpd 20140717: o properly handle SSL errors. changes in bozohttpd 20140708: o fixes for virtual host support, from rajeev_v_pillai@@yahoo.com o avoid printing double errors, from shm@@netbsd.org o fix a security issue in basic HTTP authentication which would allow authentication to be bypassed, from shm@@netbsd.org a3 1 o support .svg files @ 1.14 log @- update CHANGES with recent changes - update version to 20140102 - update copyrights - use getcwd() over getwd() - fix lean build (don't include lua) @ text @d3 4 a6 1 changes since bozohttpd 20111118: d16 1 a16 1 changes since bozohttpd 20100920: d25 1 a25 1 changes since bozohttpd 20100617: d36 1 a36 1 changes since bozohttpd 20100509: d45 1 a45 1 changes since bozohttpd 20090522: d51 1 a51 1 changes since bozohttpd 20090417: d62 1 a62 1 changes since bozohttpd 20080303: d76 1 a76 1 changes since bozohttpd 20060710: d82 1 a82 1 changes since bozohttpd 20060517: d87 1 a87 1 changes since bozohttpd 20050410: d95 1 a95 1 changes since bozohttpd 20040808: d105 1 a105 1 changes since bozohttpd 20040218: d117 1 a117 1 changes since bozohttpd 20031005: d130 1 a130 1 changes since bozohttpd 20030626: d136 1 a136 1 changes since bozohttpd 20030409: d150 1 a150 1 changes since bozohttpd 20030313: d163 1 a163 1 changes since bozohttpd 20021106: d177 1 a177 1 changes since bozohttpd 5.15 (20020913): d186 1 a186 1 changes since bozohttpd 5.14 (20020823): d190 1 a190 1 changes since bozohttpd 5.13 (20020804): d199 1 a199 1 changes since bozohttpd 5.12 (20020803): d203 1 a203 1 changes since bozohttpd 5.11 (20020730): d207 1 a207 1 changes since bozohttpd 5.10 (20020710): d215 1 a215 1 changes since bozohttpd 5.09 (20010922): d224 1 a224 1 changes since bozohttpd 5.08 (20010812): d230 1 a230 1 changes since bozohttpd 5.07 (20010610): d235 1 a235 1 changes since bozohttpd 5.06 (20000825): d242 1 a242 1 changes since bozohttpd 5.05 (20000815): d246 1 a246 1 changes since bozohttpd 5.04 (20000427): d249 1 a249 1 changes since bozohttpd 5.03 (20000427): d252 1 a252 1 changes since bozohttpd 5.02 (20000426): d255 1 a255 1 changes since bozohttpd 5.01 (20000421): d258 1 a258 1 changes since bozohttpd 5.00 (19990519): a260 1 @ 1.13 log @- update CHANGES with recent changes - export esacpe_html() and use it in directory indexing - update manual to include recent contributors @ text @d4 3 @ 1.12 log @when generating URIs escape various characters as specified in RFC 3986. this makes, among other things, files/dirs with "?" work with dir indexing. @ text @d4 4 @ 1.12.2.1 log @Rebase to HEAD as of a few days ago. @ text @d3 1 a3 21 changes in bozohttpd 20140717: o properly handle SSL errors. changes in bozohttpd 20140708: o fixes for virtual host support, from rajeev_v_pillai@@yahoo.com o avoid printing double errors, from shm@@netbsd.org o fix a security issue in basic HTTP authentication which would allow authentication to be bypassed, from shm@@netbsd.org changes in bozohttpd 20140201: o support .svg files o fix a core dump when requests timeout changes in bozohttpd 20140102: o update a few content types o add support for directly calling lua scripts to handle processes, from mbalmer@@netbsd.org o properly escape generated HTML o add authentication for redirections, from martin@@netbsd.org o handle chained ssl certifications, from elric@@netbsd.org o add basic support for gzipped files, from elric@@netbsd.org d6 1 a6 1 changes in bozohttpd 20111118: d15 1 a15 1 changes in bozohttpd 20100920: d26 1 a26 1 changes in bozohttpd 20100617: d35 1 a35 1 changes in bozohttpd 20100509: d41 1 a41 1 changes in bozohttpd 20090522: d52 1 a52 1 changes in bozohttpd 20090417: d66 1 a66 1 changes in bozohttpd 20080303: d72 1 a72 1 changes in bozohttpd 20060710: d77 1 a77 1 changes in bozohttpd 20060517: d85 1 a85 1 changes in bozohttpd 20050410: d95 1 a95 1 changes in bozohttpd 20040808: d107 1 a107 1 changes in bozohttpd 20040218: d120 1 a120 1 changes in bozohttpd 20031005: d126 1 a126 1 changes in bozohttpd 20030626: d140 1 a140 1 changes in bozohttpd 20030409: d153 1 a153 1 changes in bozohttpd 20030313: d167 1 a167 1 changes in bozohttpd 20021106: d176 1 a176 1 changes in bozohttpd 5.15 (20020913): d180 1 a180 1 changes in bozohttpd 5.14 (20020823): d189 1 a189 1 changes in bozohttpd 5.13 (20020804): d193 1 a193 1 changes in bozohttpd 5.12 (20020803): d197 1 a197 1 changes in bozohttpd 5.11 (20020730): d205 1 a205 1 changes in bozohttpd 5.10 (20020710): d214 1 a214 1 changes in bozohttpd 5.09 (20010922): d220 1 a220 1 changes in bozohttpd 5.08 (20010812): d225 1 a225 1 changes in bozohttpd 5.07 (20010610): d232 1 a232 1 changes in bozohttpd 5.06 (20000825): d236 1 a236 1 changes in bozohttpd 5.05 (20000815): d239 1 a239 1 changes in bozohttpd 5.04 (20000427): d242 1 a242 1 changes in bozohttpd 5.03 (20000427): d245 1 a245 1 changes in bozohttpd 5.02 (20000426): d248 1 a248 1 changes in bozohttpd 5.01 (20000421): d251 1 @ 1.11 log @merge bozohttpd 20111118 @ text @d3 3 @ 1.11.6.1 log @Pull up following revision(s) (requested by mrg in ticket #1095): libexec/httpd/CHANGES 1.12-1.18 libexec/httpd/Makefile 1.13-1.22 libexec/httpd/Makefile.boot 1.6 libexec/httpd/auth-bozo.c 1.11-1.13 libexec/httpd/bozohttpd.8 1.33-1.46 libexec/httpd/bozohttpd.c 1.31-1.54 libexec/httpd/bozohttpd.h 1.21-1.32 libexec/httpd/cgi-bozo.c 1.21-1.25 libexec/httpd/content-bozo.c 1.8-1.10 libexec/httpd/daemon-bozo.c 1.16-1.16 libexec/httpd/dir-index-bozo.c 1.15-1.19 libexec/httpd/lua-bozo.c 1.1-1.9 libexec/httpd/main.c 1.6-1.7 libexec/httpd/netbsd_queue.h 1.1 libexec/httpd/printenv.lua 1.1-1.2 libexec/httpd/ssl-bozo.c 1.14-1.16 libexec/httpd/tilde-luzah-bozo.c 1.10 libexec/httpd/libbozohttpd/Makefile 1.2 libexec/httpd/libbozohttpd/libbozohttpd.3 1.2-1.3 libexec/httpd/small/Makefile 1.2 Update bozohttpd from 20111118 to 20140708. changes in bozohttpd 20140708: o fixes for virtual host support, from rajeev_v_pillai@@yahoo.com o avoid printing double errors, from shm@@netbsd.org o fix a security issue in basic HTTP authentication which would allow authentication to be bypassed, from shm@@netbsd.org changes in bozohttpd 20140201: o support .svg files o fix a core dump when requests timeout changes in bozohttpd 20140102: o update a few content types o add support for directly calling lua scripts to handle processes, from mbalmer@@netbsd.org o properly escape generated HTML o add authentication for redirections, from martin@@netbsd.org o handle chained ssl certifications, from elric@@netbsd.org o add basic support for gzipped files, from elric@@netbsd.org o properly escape generated URIs @ text @d3 1 a3 21 changes in bozohttpd 20140708: o fixes for virtual host support, from rajeev_v_pillai@@yahoo.com o avoid printing double errors, from shm@@netbsd.org o fix a security issue in basic HTTP authentication which would allow authentication to be bypassed, from shm@@netbsd.org changes in bozohttpd 20140201: o support .svg files o fix a core dump when requests timeout changes in bozohttpd 20140102: o update a few content types o add support for directly calling lua scripts to handle processes, from mbalmer@@netbsd.org o properly escape generated HTML o add authentication for redirections, from martin@@netbsd.org o handle chained ssl certifications, from elric@@netbsd.org o add basic support for gzipped files, from elric@@netbsd.org o properly escape generated URIs changes in bozohttpd 20111118: d12 1 a12 1 changes in bozohttpd 20100920: d23 1 a23 1 changes in bozohttpd 20100617: d32 1 a32 1 changes in bozohttpd 20100509: d38 1 a38 1 changes in bozohttpd 20090522: d49 1 a49 1 changes in bozohttpd 20090417: d63 1 a63 1 changes in bozohttpd 20080303: d69 1 a69 1 changes in bozohttpd 20060710: d74 1 a74 1 changes in bozohttpd 20060517: d82 1 a82 1 changes in bozohttpd 20050410: d92 1 a92 1 changes in bozohttpd 20040808: d104 1 a104 1 changes in bozohttpd 20040218: d117 1 a117 1 changes in bozohttpd 20031005: d123 1 a123 1 changes in bozohttpd 20030626: d137 1 a137 1 changes in bozohttpd 20030409: d150 1 a150 1 changes in bozohttpd 20030313: d164 1 a164 1 changes in bozohttpd 20021106: d173 1 a173 1 changes in bozohttpd 5.15 (20020913): d177 1 a177 1 changes in bozohttpd 5.14 (20020823): d186 1 a186 1 changes in bozohttpd 5.13 (20020804): d190 1 a190 1 changes in bozohttpd 5.12 (20020803): d194 1 a194 1 changes in bozohttpd 5.11 (20020730): d202 1 a202 1 changes in bozohttpd 5.10 (20020710): d211 1 a211 1 changes in bozohttpd 5.09 (20010922): d217 1 a217 1 changes in bozohttpd 5.08 (20010812): d222 1 a222 1 changes in bozohttpd 5.07 (20010610): d229 1 a229 1 changes in bozohttpd 5.06 (20000825): d233 1 a233 1 changes in bozohttpd 5.05 (20000815): d236 1 a236 1 changes in bozohttpd 5.04 (20000427): d239 1 a239 1 changes in bozohttpd 5.03 (20000427): d242 1 a242 1 changes in bozohttpd 5.02 (20000426): d245 1 a245 1 changes in bozohttpd 5.01 (20000421): d248 1 @ 1.11.6.2 log @Pull up following revision(s) (requested by mrg in ticket #1377): libexec/httpd/CHANGES: up to 1.22 libexec/httpd/Makefile: up to 1.26 via patch libexec/httpd/auth-bozo.c: up to 1.18 libexec/httpd/bozohttpd.8: up to 1.59 libexec/httpd/bozohttpd.c: up to 1.80 via patch libexec/httpd/bozohttpd.h: up to 1.45 libexec/httpd/cgi-bozo.c: up to 1.33 libexec/httpd/content-bozo.c: up to 1.13 libexec/httpd/daemon-bozo.c: up to 1.17 libexec/httpd/dir-index-bozo.c: up to 1.25 libexec/httpd/lua-bozo.c: up to 1.14 libexec/httpd/lua/bozo.lua: up to 1.2 libexec/httpd/lua/glue.c: up to 1.2 libexec/httpd/main.c: up to 1.13 libexec/httpd/printenv.lua: up to 1.3 libexec/httpd/ssl-bozo.c: up to 1.22 libexec/httpd/testsuite/Makefile: up to 1.5 libexec/httpd/testsuite/t10.out: up to 1.2 libexec/httpd/testsuite/test-bigfile: up to 1.2 libexec/httpd/tilde-luzah-bozo.c: up to 1.14 Import bozohttpd 20151028: o add CGI support for ~user translation (-E switch) o add redirects to ~user translation o fix bugs around ~user translation o add schema detection for absolute redirects o fixed few memory leaks o bunch of minor tweaks o removed -r support o smarter redirects -- Changes in 20150320: o fix redirection handling o support transport stream (.ts) and video object (.vob) files o directory listings show correct file sizes for large files -- updates and bozohttpd 20160415: o add search-word support for CGI o fix a security issue in CGI suffix handler support which would allow remote code execution, from shm@@netbsd.org o -C option supports now CGI scripts only @ text @a2 24 changes in bozohttpd 20160415: o add search-word support for CGI o fix a security issue in CGI suffix handler support which would allow remote code execution, from shm@@netbsd.org o -C option supports now CGI scripts only changes in bozohttpd 20151028: o add CGI support for ~user translation (-E switch) o add redirects to ~user translation o fix bugs around ~user translation o add schema detection for absolute redirects o fixed few memory leaks o bunch of minor tweaks o removed -r support o smarter redirects changes in bozohttpd 20150320: o fix redirection handling o support transport stream (.ts) and video object (.vob) files o directory listings show correct file sizes for large files changes in bozohttpd 20140717: o properly handle SSL errors @ 1.11.6.3 log @Pull up following revision(s) (requested by mrg in ticket #1437): libexec/httpd/CHANGES: up to 1.25 libexec/httpd/bozohttpd.8: up to 1.65 libexec/httpd/bozohttpd.c: up to 1.86 libexec/httpd/bozohttpd.h: up to 1.47 libexec/httpd/cgi-bozo.c: up to 1.37 libexec/httpd/content-bozo.c: up to 1.14 libexec/httpd/libbozohttpd/libbozohttpd.3: up to 1.4 libexec/httpd/main.c: up to 1.16 libexec/httpd/small/Makefile: up to 1.3 libexec/httpd/testsuite/Makefile: up to 1.7 libexec/httpd/testsuite/cgi-bin/empty: up to 1.1 libexec/httpd/testsuite/html_cmp: up to 1.5 libexec/httpd/testsuite/t11.in: up to 1.1 libexec/httpd/testsuite/t11.out: up to 1.1 libexec/httpd/testsuite/test-bigfile: up to 1.4 libexec/httpd/testsuite/test-simple: up to 1.4 Update bozohttpd to 20170201. Changes: - fix an infinite loop in cgi processing - fixes and clean up for the testsuite - no longer sends encoding header for compressed formats - add a bozo_get_version() function which returns the version number @ text @d1 1 a1 9 $NetBSD: CHANGES,v 1.25 2017/01/31 14:33:54 mrg Exp $ changes in bozohttpd 20170201: o fix an infinite loop in cgi processing o fixes and clean up for the testsuite o no longer sends encoding header for compressed formats changes in bozohttpd 20160517: o add a bozo_get_version() function which returns the version number @ 1.11.8.1 log @Pull up following revision(s) (requested by mrg in ticket #1095): libexec/httpd/CHANGES 1.12-1.18 libexec/httpd/Makefile 1.13-1.22 libexec/httpd/Makefile.boot 1.6 libexec/httpd/auth-bozo.c 1.11-1.13 libexec/httpd/bozohttpd.8 1.33-1.46 libexec/httpd/bozohttpd.c 1.31-1.54 libexec/httpd/bozohttpd.h 1.21-1.32 libexec/httpd/cgi-bozo.c 1.21-1.25 libexec/httpd/content-bozo.c 1.8-1.10 libexec/httpd/daemon-bozo.c 1.16-1.16 libexec/httpd/dir-index-bozo.c 1.15-1.19 libexec/httpd/lua-bozo.c 1.1-1.9 libexec/httpd/main.c 1.6-1.7 libexec/httpd/netbsd_queue.h 1.1 libexec/httpd/printenv.lua 1.1-1.2 libexec/httpd/ssl-bozo.c 1.14-1.16 libexec/httpd/tilde-luzah-bozo.c 1.10 libexec/httpd/libbozohttpd/Makefile 1.2 libexec/httpd/libbozohttpd/libbozohttpd.3 1.2-1.3 libexec/httpd/small/Makefile 1.2 Update bozohttpd from 20111118 to 20140708. changes in bozohttpd 20140708: o fixes for virtual host support, from rajeev_v_pillai@@yahoo.com o avoid printing double errors, from shm@@netbsd.org o fix a security issue in basic HTTP authentication which would allow authentication to be bypassed, from shm@@netbsd.org changes in bozohttpd 20140201: o support .svg files o fix a core dump when requests timeout changes in bozohttpd 20140102: o update a few content types o add support for directly calling lua scripts to handle processes, from mbalmer@@netbsd.org o properly escape generated HTML o add authentication for redirections, from martin@@netbsd.org o handle chained ssl certifications, from elric@@netbsd.org o add basic support for gzipped files, from elric@@netbsd.org o properly escape generated URIs @ text @d3 1 a3 21 changes in bozohttpd 20140708: o fixes for virtual host support, from rajeev_v_pillai@@yahoo.com o avoid printing double errors, from shm@@netbsd.org o fix a security issue in basic HTTP authentication which would allow authentication to be bypassed, from shm@@netbsd.org changes in bozohttpd 20140201: o support .svg files o fix a core dump when requests timeout changes in bozohttpd 20140102: o update a few content types o add support for directly calling lua scripts to handle processes, from mbalmer@@netbsd.org o properly escape generated HTML o add authentication for redirections, from martin@@netbsd.org o handle chained ssl certifications, from elric@@netbsd.org o add basic support for gzipped files, from elric@@netbsd.org o properly escape generated URIs changes in bozohttpd 20111118: d12 1 a12 1 changes in bozohttpd 20100920: d23 1 a23 1 changes in bozohttpd 20100617: d32 1 a32 1 changes in bozohttpd 20100509: d38 1 a38 1 changes in bozohttpd 20090522: d49 1 a49 1 changes in bozohttpd 20090417: d63 1 a63 1 changes in bozohttpd 20080303: d69 1 a69 1 changes in bozohttpd 20060710: d74 1 a74 1 changes in bozohttpd 20060517: d82 1 a82 1 changes in bozohttpd 20050410: d92 1 a92 1 changes in bozohttpd 20040808: d104 1 a104 1 changes in bozohttpd 20040218: d117 1 a117 1 changes in bozohttpd 20031005: d123 1 a123 1 changes in bozohttpd 20030626: d137 1 a137 1 changes in bozohttpd 20030409: d150 1 a150 1 changes in bozohttpd 20030313: d164 1 a164 1 changes in bozohttpd 20021106: d173 1 a173 1 changes in bozohttpd 5.15 (20020913): d177 1 a177 1 changes in bozohttpd 5.14 (20020823): d186 1 a186 1 changes in bozohttpd 5.13 (20020804): d190 1 a190 1 changes in bozohttpd 5.12 (20020803): d194 1 a194 1 changes in bozohttpd 5.11 (20020730): d202 1 a202 1 changes in bozohttpd 5.10 (20020710): d211 1 a211 1 changes in bozohttpd 5.09 (20010922): d217 1 a217 1 changes in bozohttpd 5.08 (20010812): d222 1 a222 1 changes in bozohttpd 5.07 (20010610): d229 1 a229 1 changes in bozohttpd 5.06 (20000825): d233 1 a233 1 changes in bozohttpd 5.05 (20000815): d236 1 a236 1 changes in bozohttpd 5.04 (20000427): d239 1 a239 1 changes in bozohttpd 5.03 (20000427): d242 1 a242 1 changes in bozohttpd 5.02 (20000426): d245 1 a245 1 changes in bozohttpd 5.01 (20000421): d248 1 @ 1.11.8.2 log @Pull up following revision(s) (requested by mrg in ticket #1377): libexec/httpd/CHANGES: up to 1.22 libexec/httpd/Makefile: up to 1.26 via patch libexec/httpd/auth-bozo.c: up to 1.18 libexec/httpd/bozohttpd.8: up to 1.59 libexec/httpd/bozohttpd.c: up to 1.80 via patch libexec/httpd/bozohttpd.h: up to 1.45 libexec/httpd/cgi-bozo.c: up to 1.33 libexec/httpd/content-bozo.c: up to 1.13 libexec/httpd/daemon-bozo.c: up to 1.17 libexec/httpd/dir-index-bozo.c: up to 1.25 libexec/httpd/lua-bozo.c: up to 1.14 libexec/httpd/lua/bozo.lua: up to 1.2 libexec/httpd/lua/glue.c: up to 1.2 libexec/httpd/main.c: up to 1.13 libexec/httpd/printenv.lua: up to 1.3 libexec/httpd/ssl-bozo.c: up to 1.22 libexec/httpd/testsuite/Makefile: up to 1.5 libexec/httpd/testsuite/t10.out: up to 1.2 libexec/httpd/testsuite/test-bigfile: up to 1.2 libexec/httpd/tilde-luzah-bozo.c: up to 1.14 Import bozohttpd 20151028: o add CGI support for ~user translation (-E switch) o add redirects to ~user translation o fix bugs around ~user translation o add schema detection for absolute redirects o fixed few memory leaks o bunch of minor tweaks o removed -r support o smarter redirects -- Changes in 20150320: o fix redirection handling o support transport stream (.ts) and video object (.vob) files o directory listings show correct file sizes for large files -- updates and bozohttpd 20160415: o add search-word support for CGI o fix a security issue in CGI suffix handler support which would allow remote code execution, from shm@@netbsd.org o -C option supports now CGI scripts only @ text @a2 24 changes in bozohttpd 20160415: o add search-word support for CGI o fix a security issue in CGI suffix handler support which would allow remote code execution, from shm@@netbsd.org o -C option supports now CGI scripts only changes in bozohttpd 20151028: o add CGI support for ~user translation (-E switch) o add redirects to ~user translation o fix bugs around ~user translation o add schema detection for absolute redirects o fixed few memory leaks o bunch of minor tweaks o removed -r support o smarter redirects changes in bozohttpd 20150320: o fix redirection handling o support transport stream (.ts) and video object (.vob) files o directory listings show correct file sizes for large files changes in bozohttpd 20140717: o properly handle SSL errors @ 1.11.8.3 log @Pull up following revision(s) (requested by mrg in ticket #1437: libexec/httpd/CHANGES: up to 1.25 libexec/httpd/bozohttpd.8: up to 1.65 libexec/httpd/bozohttpd.c: up to 1.86 libexec/httpd/bozohttpd.h: up to 1.47 libexec/httpd/cgi-bozo.c: up to 1.37 libexec/httpd/content-bozo.c: up to 1.14 libexec/httpd/libbozohttpd/libbozohttpd.3: up to 1.4 libexec/httpd/main.c: up to 1.16 libexec/httpd/small/Makefile: up to 1.3 libexec/httpd/testsuite/Makefile: up to 1.7 libexec/httpd/testsuite/cgi-bin/empty: up to 1.1 libexec/httpd/testsuite/html_cmp: up to 1.5 libexec/httpd/testsuite/t11.in: up to 1.1 libexec/httpd/testsuite/t11.out: up to 1.1 libexec/httpd/testsuite/test-bigfile: up to 1.4 libexec/httpd/testsuite/test-simple: up to 1.4 Update bozohttpd to 20170201. Changes: - fix an infinite loop in cgi processing - fixes and clean up for the testsuite - no longer sends encoding header for compressed formats - add a bozo_get_version() function which returns the version number @ text @d1 1 a1 9 $NetBSD: CHANGES,v 1.25 2017/01/31 14:33:54 mrg Exp $ changes in bozohttpd 20170201: o fix an infinite loop in cgi processing o fixes and clean up for the testsuite o no longer sends encoding header for compressed formats changes in bozohttpd 20160517: o add a bozo_get_version() function which returns the version number @ 1.11.2.1 log @Pull up following revision(s) (requested by mrg in ticket #1095): libexec/httpd/CHANGES 1.12-1.18 libexec/httpd/Makefile 1.13-1.22 libexec/httpd/Makefile.boot 1.6 libexec/httpd/auth-bozo.c 1.11-1.13 libexec/httpd/bozohttpd.8 1.33-1.46 libexec/httpd/bozohttpd.c 1.31-1.54 libexec/httpd/bozohttpd.h 1.21-1.32 libexec/httpd/cgi-bozo.c 1.21-1.25 libexec/httpd/content-bozo.c 1.8-1.10 libexec/httpd/daemon-bozo.c 1.16-1.16 libexec/httpd/dir-index-bozo.c 1.15-1.19 libexec/httpd/lua-bozo.c 1.1-1.9 libexec/httpd/main.c 1.6-1.7 libexec/httpd/netbsd_queue.h 1.1 libexec/httpd/printenv.lua 1.1-1.2 libexec/httpd/ssl-bozo.c 1.14-1.16 libexec/httpd/tilde-luzah-bozo.c 1.10 libexec/httpd/libbozohttpd/Makefile 1.2 libexec/httpd/libbozohttpd/libbozohttpd.3 1.2-1.3 libexec/httpd/small/Makefile 1.2 Update bozohttpd from 20111118 to 20140708. changes in bozohttpd 20140708: o fixes for virtual host support, from rajeev_v_pillai@@yahoo.com o avoid printing double errors, from shm@@netbsd.org o fix a security issue in basic HTTP authentication which would allow authentication to be bypassed, from shm@@netbsd.org changes in bozohttpd 20140201: o support .svg files o fix a core dump when requests timeout changes in bozohttpd 20140102: o update a few content types o add support for directly calling lua scripts to handle processes, from mbalmer@@netbsd.org o properly escape generated HTML o add authentication for redirections, from martin@@netbsd.org o handle chained ssl certifications, from elric@@netbsd.org o add basic support for gzipped files, from elric@@netbsd.org o properly escape generated URIs @ text @d3 1 a3 21 changes in bozohttpd 20140708: o fixes for virtual host support, from rajeev_v_pillai@@yahoo.com o avoid printing double errors, from shm@@netbsd.org o fix a security issue in basic HTTP authentication which would allow authentication to be bypassed, from shm@@netbsd.org changes in bozohttpd 20140201: o support .svg files o fix a core dump when requests timeout changes in bozohttpd 20140102: o update a few content types o add support for directly calling lua scripts to handle processes, from mbalmer@@netbsd.org o properly escape generated HTML o add authentication for redirections, from martin@@netbsd.org o handle chained ssl certifications, from elric@@netbsd.org o add basic support for gzipped files, from elric@@netbsd.org o properly escape generated URIs changes in bozohttpd 20111118: d12 1 a12 1 changes in bozohttpd 20100920: d23 1 a23 1 changes in bozohttpd 20100617: d32 1 a32 1 changes in bozohttpd 20100509: d38 1 a38 1 changes in bozohttpd 20090522: d49 1 a49 1 changes in bozohttpd 20090417: d63 1 a63 1 changes in bozohttpd 20080303: d69 1 a69 1 changes in bozohttpd 20060710: d74 1 a74 1 changes in bozohttpd 20060517: d82 1 a82 1 changes in bozohttpd 20050410: d92 1 a92 1 changes in bozohttpd 20040808: d104 1 a104 1 changes in bozohttpd 20040218: d117 1 a117 1 changes in bozohttpd 20031005: d123 1 a123 1 changes in bozohttpd 20030626: d137 1 a137 1 changes in bozohttpd 20030409: d150 1 a150 1 changes in bozohttpd 20030313: d164 1 a164 1 changes in bozohttpd 20021106: d173 1 a173 1 changes in bozohttpd 5.15 (20020913): d177 1 a177 1 changes in bozohttpd 5.14 (20020823): d186 1 a186 1 changes in bozohttpd 5.13 (20020804): d190 1 a190 1 changes in bozohttpd 5.12 (20020803): d194 1 a194 1 changes in bozohttpd 5.11 (20020730): d202 1 a202 1 changes in bozohttpd 5.10 (20020710): d211 1 a211 1 changes in bozohttpd 5.09 (20010922): d217 1 a217 1 changes in bozohttpd 5.08 (20010812): d222 1 a222 1 changes in bozohttpd 5.07 (20010610): d229 1 a229 1 changes in bozohttpd 5.06 (20000825): d233 1 a233 1 changes in bozohttpd 5.05 (20000815): d236 1 a236 1 changes in bozohttpd 5.04 (20000427): d239 1 a239 1 changes in bozohttpd 5.03 (20000427): d242 1 a242 1 changes in bozohttpd 5.02 (20000426): d245 1 a245 1 changes in bozohttpd 5.01 (20000421): d248 1 @ 1.11.2.2 log @Pull up following revision(s) (requested by mrg in ticket #1377): libexec/httpd/CHANGES: up to 1.22 libexec/httpd/Makefile: up to 1.26 via patch libexec/httpd/auth-bozo.c: up to 1.18 libexec/httpd/bozohttpd.8: up to 1.59 libexec/httpd/bozohttpd.c: up to 1.80 via patch libexec/httpd/bozohttpd.h: up to 1.45 libexec/httpd/cgi-bozo.c: up to 1.33 libexec/httpd/content-bozo.c: up to 1.13 libexec/httpd/daemon-bozo.c: up to 1.17 libexec/httpd/dir-index-bozo.c: up to 1.25 libexec/httpd/lua-bozo.c: up to 1.14 libexec/httpd/lua/bozo.lua: up to 1.2 libexec/httpd/lua/glue.c: up to 1.2 libexec/httpd/main.c: up to 1.13 libexec/httpd/printenv.lua: up to 1.3 libexec/httpd/ssl-bozo.c: up to 1.22 libexec/httpd/testsuite/Makefile: up to 1.5 libexec/httpd/testsuite/t10.out: up to 1.2 libexec/httpd/testsuite/test-bigfile: up to 1.2 libexec/httpd/tilde-luzah-bozo.c: up to 1.14 Import bozohttpd 20151028: o add CGI support for ~user translation (-E switch) o add redirects to ~user translation o fix bugs around ~user translation o add schema detection for absolute redirects o fixed few memory leaks o bunch of minor tweaks o removed -r support o smarter redirects -- Changes in 20150320: o fix redirection handling o support transport stream (.ts) and video object (.vob) files o directory listings show correct file sizes for large files -- updates and bozohttpd 20160415: o add search-word support for CGI o fix a security issue in CGI suffix handler support which would allow remote code execution, from shm@@netbsd.org o -C option supports now CGI scripts only @ text @a2 24 changes in bozohttpd 20160415: o add search-word support for CGI o fix a security issue in CGI suffix handler support which would allow remote code execution, from shm@@netbsd.org o -C option supports now CGI scripts only changes in bozohttpd 20151028: o add CGI support for ~user translation (-E switch) o add redirects to ~user translation o fix bugs around ~user translation o add schema detection for absolute redirects o fixed few memory leaks o bunch of minor tweaks o removed -r support o smarter redirects changes in bozohttpd 20150320: o fix redirection handling o support transport stream (.ts) and video object (.vob) files o directory listings show correct file sizes for large files changes in bozohttpd 20140717: o properly handle SSL errors @ 1.11.2.3 log @Pull up following revision(s) (requested by mrg in ticket #1437): libexec/httpd/CHANGES: up to 1.25 libexec/httpd/bozohttpd.8: up to 1.65 libexec/httpd/bozohttpd.c: up to 1.86 libexec/httpd/bozohttpd.h: up to 1.47 libexec/httpd/cgi-bozo.c: up to 1.37 libexec/httpd/content-bozo.c: up to 1.14 libexec/httpd/libbozohttpd/libbozohttpd.3: up to 1.4 libexec/httpd/main.c: up to 1.16 libexec/httpd/small/Makefile: up to 1.3 libexec/httpd/testsuite/Makefile: up to 1.7 libexec/httpd/testsuite/cgi-bin/empty: up to 1.1 libexec/httpd/testsuite/html_cmp: up to 1.5 libexec/httpd/testsuite/t11.in: up to 1.1 libexec/httpd/testsuite/t11.out: up to 1.1 libexec/httpd/testsuite/test-bigfile: up to 1.4 libexec/httpd/testsuite/test-simple: up to 1.4 Update bozohttpd to 20170201. Changes: - fix an infinite loop in cgi processing - fixes and clean up for the testsuite - no longer sends encoding header for compressed formats - add a bozo_get_version() function which returns the version number @ text @d1 1 a1 9 $NetBSD: CHANGES,v 1.25 2017/01/31 14:33:54 mrg Exp $ changes in bozohttpd 20170201: o fix an infinite loop in cgi processing o fixes and clean up for the testsuite o no longer sends encoding header for compressed formats changes in bozohttpd 20160517: o add a bozo_get_version() function which returns the version number @ 1.10 log @merge bozohttpd 20100920 @ text @d1 10 a10 1 $eterna: CHANGES,v 1.77 2010/09/20 22:26:28 mrg Exp $ @ 1.10.6.1 log @sync with head @ text @d1 1 a1 10 $eterna: CHANGES,v 1.78 2011/11/18 01:25:11 mrg Exp $ changes since bozohttpd 20100920: o add -P option, from jmmv@@netbsd.org o avoid crashes with http basic auth, from pooka@@netbsd.org o add support for REDIRECT_STATUS variable, from tls@@netbsd.org o support .mp4 files in the default map o directory indexes with files with : are now displayed properly, from reed@@netbsd.org o allow -I option to be useful in non-inetd mode as well @ 1.10.6.2 log @sync with head @ text @a2 3 changes since bozohttpd 20111118: o properly escape generated URIs @ 1.10.6.3 log @sync with head. for a reference, the tree before this commit was tagged as yamt-pagecache-tag8. this commit was splitted into small chunks to avoid a limitation of cvs. ("Protocol error: too many arguments") @ text @d3 1 a3 11 changes in bozohttpd 20140201: o fix a core dump when requests timeout changes in bozohttpd 20140102: o update a few content types o add support for directly calling lua scripts to handle processes, from mbalmer@@netbsd.org o properly escape generated HTML o add authentication for redirections, from martin@@netbsd.org o handle chained ssl certifications, from elric@@netbsd.org o add basic support for gzipped files, from elric@@netbsd.org d6 1 a6 1 changes in bozohttpd 20111118: d15 1 a15 1 changes in bozohttpd 20100920: d26 1 a26 1 changes in bozohttpd 20100617: d35 1 a35 1 changes in bozohttpd 20100509: d41 1 a41 1 changes in bozohttpd 20090522: d52 1 a52 1 changes in bozohttpd 20090417: d66 1 a66 1 changes in bozohttpd 20080303: d72 1 a72 1 changes in bozohttpd 20060710: d77 1 a77 1 changes in bozohttpd 20060517: d85 1 a85 1 changes in bozohttpd 20050410: d95 1 a95 1 changes in bozohttpd 20040808: d107 1 a107 1 changes in bozohttpd 20040218: d120 1 a120 1 changes in bozohttpd 20031005: d126 1 a126 1 changes in bozohttpd 20030626: d140 1 a140 1 changes in bozohttpd 20030409: d153 1 a153 1 changes in bozohttpd 20030313: d167 1 a167 1 changes in bozohttpd 20021106: d176 1 a176 1 changes in bozohttpd 5.15 (20020913): d180 1 a180 1 changes in bozohttpd 5.14 (20020823): d189 1 a189 1 changes in bozohttpd 5.13 (20020804): d193 1 a193 1 changes in bozohttpd 5.12 (20020803): d197 1 a197 1 changes in bozohttpd 5.11 (20020730): d205 1 a205 1 changes in bozohttpd 5.10 (20020710): d214 1 a214 1 changes in bozohttpd 5.09 (20010922): d220 1 a220 1 changes in bozohttpd 5.08 (20010812): d225 1 a225 1 changes in bozohttpd 5.07 (20010610): d232 1 a232 1 changes in bozohttpd 5.06 (20000825): d236 1 a236 1 changes in bozohttpd 5.05 (20000815): d239 1 a239 1 changes in bozohttpd 5.04 (20000427): d242 1 a242 1 changes in bozohttpd 5.03 (20000427): d245 1 a245 1 changes in bozohttpd 5.02 (20000426): d248 1 a248 1 changes in bozohttpd 5.01 (20000421): d251 1 @ 1.9 log @merge bozohttpd 20100621 @ text @d1 1 a1 1 $eterna: CHANGES,v 1.76 2010/06/21 06:45:45 mrg Exp $ d8 5 @ 1.8 log @merge bozohttpd 20100617. @ text @d1 7 a7 1 $eterna: CHANGES,v 1.75 2010/06/17 19:26:54 mrg Exp $ @ 1.7 log @merge bozohttpd 20100512 @ text @d1 1 a1 1 $eterna: CHANGES,v 1.71 2010/05/13 04:19:04 mrg Exp $ d5 6 a10 1 o fix SSL mode. from rtr. @ 1.6 log @merge bozohttpd 20100509. @ text @d1 5 a5 1 $eterna: CHANGES,v 1.70 2010/05/10 02:24:30 mrg Exp $ @ 1.5 log @merge bozohttpd 20090522 @ text @d1 7 a7 1 $eterna: CHANGES,v 1.68 2009/05/22 21:51:38 mrg Exp $ @ 1.4 log @merge bozohttpd 20090418. remove a couple of minor do-nothing local changes that don't need to cause conflicts. @ text @d1 1 a1 1 $eterna: CHANGES,v 1.67 2009/04/18 11:42:39 mrg Exp $ d8 5 @ 1.3 log @re-add a lot of the distribution files @ text @d1 7 a7 1 $eterna: CHANGES,v 1.65 2009/04/18 05:36:04 mrg Exp $ @ 1.2 log @Get httpd ready for inclusion in build. @ text @d1 26 a26 1 $eterna: CHANGES,v 1.52 2006/05/17 08:38:49 mrg Exp $ @ 1.2.16.1 log @Pull up following revision(s) (requested by mrg in ticket #1913): libexec/httpd/CHANGES 1.3-1.18 libexec/httpd/Makefile 1.8-1.22 via patch libexec/httpd/Makefile.boot 1.3-1.6 libexec/httpd/auth-bozo.c 1.5-1.13 libexec/httpd/bozohttpd.8 1.6-1.46 libexec/httpd/bozohttpd.c 1.8,1.12-1.54 libexec/httpd/bozohttpd.h 1.8-1.32 libexec/httpd/cgi-bozo.c 1.11-1.25 libexec/httpd/content-bozo.c 1.4-1.10 libexec/httpd/daemon-bozo.c 1.5-1.16 libexec/httpd/dir-index-bozo.c 1.6-1.19 libexec/httpd/ssl-bozo.c 1.5-1.16 libexec/httpd/tilde-luzah-bozo.c 1.5-1.10 libexec/httpd/lua-bozo.c 1.1-1.9 libexec/httpd/main.c 1.1-1.7 libexec/httpd/netbsd_queue.h 1.1 libexec/httpd/printenv.lua 1.1-1.2 libexec/httpd/debug/Makefile 1.1 libexec/httpd/libbozohttpd/Makefile 1.2 libexec/httpd/libbozohttpd/libbozohttpd.3 1.3 libexec/httpd/libbozohttpd/shlib_version 1.1 libexec/httpd/lua/Makefile 1.1 libexec/httpd/lua/bozo.lua 1.1 libexec/httpd/lua/glue.c 1.1 libexec/httpd/lua/optparse.lua 1.1 libexec/httpd/lua/shlib_version 1.1 libexec/httpd/small/Makefile 1.1-1.2 libexec/httpd/testsuite/Makefile 1.4 libexec/httpd/testsuite/html_cmp 1.4 libexec/httpd/testsuite/t1.in 1.3 libexec/httpd/testsuite/t1.out 1.3 libexec/httpd/testsuite/t10.in 1.1 libexec/httpd/testsuite/t10.out 1.1 libexec/httpd/testsuite/t2.in 1.3 libexec/httpd/testsuite/t2.out 1.3 libexec/httpd/testsuite/t3.in 1.3 libexec/httpd/testsuite/t3.out 1.3 libexec/httpd/testsuite/t4.in 1.3 libexec/httpd/testsuite/t4.out 1.3 libexec/httpd/testsuite/t5.in 1.3 libexec/httpd/testsuite/t5.out 1.3 libexec/httpd/testsuite/t6.in 1.3 libexec/httpd/testsuite/t6.out 1.3 libexec/httpd/testsuite/t7.in 1.3 libexec/httpd/testsuite/t7.out 1.3 libexec/httpd/testsuite/t8.in 1.3 libexec/httpd/testsuite/t8.out 1.3 libexec/httpd/testsuite/t9.in 1.3 libexec/httpd/testsuite/t9.out 1.3 libexec/httpd/testsuite/test-bigfile 1.1 libexec/httpd/testsuite/data/bigfile 1.1 libexec/httpd/testsuite/data/bigfile.partial4000 1.1 libexec/httpd/testsuite/data/bigfile.partial8000 1.1 libexec/httpd/testsuite/data/file 1.3 libexec/httpd/testsuite/data/index.html 1.3 Update bozohttpd from 20080303+patches to 20140708. changes in bozohttpd 20140708: o fixes for virtual host support, from rajeev_v_pillai@@yahoo.com o avoid printing double errors, from shm@@netbsd.org o fix a security issue in basic HTTP authentication which would allow authentication to be bypassed, from shm@@netbsd.org changes in bozohttpd 20140201: o support .svg files o fix a core dump when requests timeout changes in bozohttpd 20140102: o update a few content types o add support for directly calling lua scripts to handle processes, from mbalmer@@netbsd.org o properly escape generated HTML o add authentication for redirections, from martin@@netbsd.org o handle chained ssl certifications, from elric@@netbsd.org o add basic support for gzipped files, from elric@@netbsd.org o properly escape generated URIs changes in bozohttpd 20111118: o add -P option, from jmmv@@netbsd.org o avoid crashes with http basic auth, from pooka@@netbsd.org o add support for REDIRECT_STATUS variable, from tls@@netbsd.org o support .mp4 files in the default map o directory indexes with files with : are now displayed properly, from reed@@netbsd.org o allow -I option to be useful in non-inetd mode as well changes in bozohttpd 20100920: o properly fully disable multi-file mode for now o fix the -t and -U options when used without the -e option, broken since the library-ifcation o be explicit that logs go to the FTP facility in syslog o use scandir() with alphasort() for sorted directory lists, from moof o fix a serious error in vhost handling; "Host:.." would allow access to the next level directory from the virtual root directory, from seanb o fix some various non standard compile time errors, from rudolf o fix dynamic CGI content maps, from rudolf changes in bozohttpd 20100617: o fix some compile issues o fix SSL mode. from rtr o fix some cgi-bin issues, as seen with cvsweb o disable multi-file daemon mode for now, it breaks o return 404's instead of 403's when chdir of ~user dirs fail o remove "noreturn" attribute from bozo_http_error() that was causing incorrect runtime behaviour changes in bozohttpd 20100509: o major rework and clean up of internal interfaces. move the main program into main.c, the remaining parts are useable as library. add bindings for lua. by Alistair G. Crooks o fix http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566325 changes in bozohttpd 20090522: o avoid dying in daemon mode for some uncommon, but recoverable, errors o close leaking file descriptors for CGI and daemon mode o handle poll errors properly o don't try to handle more than one request per process yet o add subdirs for build "debug" and "small" versions o clean up a bad merge / duplicate code o make mmap() usage portable, fixes linux & ranges: support o document the -f option o daemon mode now serves 6 files per child changes in bozohttpd 20090417: o make bozohttpd internally more modular, preparing the way to handle more than one request per process o fix http-auth, set $REMOTE_USER not $REMOTEUSER. also fix cgi-bin with cvsweb, from Holger Weiss o fix an uninitialised variable use in daemon mode o fix ssl mode with newer OpenSSL o mmap large files in manageable sizes so we can serve any size file o refactor url processing to handle query strings correctly for CGI from Sergey Katsev at Coyote Point o add If-Modified-Since support, from Joerg Sonnenberger o many more manual fixes, from NetBSD @ text @d1 1 a1 1 $eterna: CHANGES,v 1.78 2011/11/18 01:25:11 mrg Exp $ d3 1 a3 92 changes in bozohttpd 20140708: o fixes for virtual host support, from rajeev_v_pillai@@yahoo.com o avoid printing double errors, from shm@@netbsd.org o fix a security issue in basic HTTP authentication which would allow authentication to be bypassed, from shm@@netbsd.org changes in bozohttpd 20140201: o support .svg files o fix a core dump when requests timeout changes in bozohttpd 20140102: o update a few content types o add support for directly calling lua scripts to handle processes, from mbalmer@@netbsd.org o properly escape generated HTML o add authentication for redirections, from martin@@netbsd.org o handle chained ssl certifications, from elric@@netbsd.org o add basic support for gzipped files, from elric@@netbsd.org o properly escape generated URIs changes in bozohttpd 20111118: o add -P option, from jmmv@@netbsd.org o avoid crashes with http basic auth, from pooka@@netbsd.org o add support for REDIRECT_STATUS variable, from tls@@netbsd.org o support .mp4 files in the default map o directory indexes with files with : are now displayed properly, from reed@@netbsd.org o allow -I option to be useful in non-inetd mode as well changes in bozohttpd 20100920: o properly fully disable multi-file mode for now o fix the -t and -U options when used without the -e option, broken since the library-ifcation o be explicit that logs go to the FTP facility in syslog o use scandir() with alphasort() for sorted directory lists, from moof o fix a serious error in vhost handling; "Host:.." would allow access to the next level directory from the virtual root directory, from seanb o fix some various non standard compile time errors, from rudolf o fix dynamic CGI content maps, from rudolf changes in bozohttpd 20100617: o fix some compile issues o fix SSL mode. from rtr o fix some cgi-bin issues, as seen with cvsweb o disable multi-file daemon mode for now, it breaks o return 404's instead of 403's when chdir of ~user dirs fail o remove "noreturn" attribute from bozo_http_error() that was causing incorrect runtime behaviour changes in bozohttpd 20100509: o major rework and clean up of internal interfaces. move the main program into main.c, the remaining parts are useable as library. add bindings for lua. by Alistair G. Crooks o fix http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566325 changes in bozohttpd 20090522: o avoid dying in daemon mode for some uncommon, but recoverable, errors o close leaking file descriptors for CGI and daemon mode o handle poll errors properly o don't try to handle more than one request per process yet o add subdirs for build "debug" and "small" versions o clean up a bad merge / duplicate code o make mmap() usage portable, fixes linux & ranges: support o document the -f option o daemon mode now serves 6 files per child changes in bozohttpd 20090417: o make bozohttpd internally more modular, preparing the way to handle more than one request per process o fix http-auth, set $REMOTE_USER not $REMOTEUSER. also fix cgi-bin with cvsweb, from Holger Weiss o fix an uninitialised variable use in daemon mode o fix ssl mode with newer OpenSSL o mmap large files in manageable sizes so we can serve any size file o refactor url processing to handle query strings correctly for CGI from Sergey Katsev at Coyote Point o add If-Modified-Since support, from Joerg Sonnenberger o many more manual fixes, from NetBSD changes in bozohttpd 20080303: o fix some cgi header processing, from o add simple Range: header processing, from o man page fixes, from NetBSD o clean up various parts, from NetBSD changes in bozohttpd 20060710: o prefix some function names with "bozo" o align directory indexing
markers o clean up some code GCC4 grumbled about changes in bozohttpd 20060517: d11 1 a11 1 changes in bozohttpd 20050410: d21 1 a21 1 changes in bozohttpd 20040808: d33 1 a33 1 changes in bozohttpd 20040218: d46 1 a46 1 changes in bozohttpd 20031005: d52 1 a52 1 changes in bozohttpd 20030626: d66 1 a66 1 changes in bozohttpd 20030409: d79 1 a79 1 changes in bozohttpd 20030313: d93 1 a93 1 changes in bozohttpd 20021106: d102 1 a102 1 changes in bozohttpd 5.15 (20020913): d106 1 a106 1 changes in bozohttpd 5.14 (20020823): d115 1 a115 1 changes in bozohttpd 5.13 (20020804): d119 1 a119 1 changes in bozohttpd 5.12 (20020803): d123 1 a123 1 changes in bozohttpd 5.11 (20020730): d131 1 a131 1 changes in bozohttpd 5.10 (20020710): d140 1 a140 1 changes in bozohttpd 5.09 (20010922): d146 1 a146 1 changes in bozohttpd 5.08 (20010812): d151 1 a151 1 changes in bozohttpd 5.07 (20010610): d158 1 a158 1 changes in bozohttpd 5.06 (20000825): d162 1 a162 1 changes in bozohttpd 5.05 (20000815): d165 1 a165 1 changes in bozohttpd 5.04 (20000427): d168 1 a168 1 changes in bozohttpd 5.03 (20000427): d171 1 a171 1 changes in bozohttpd 5.02 (20000426): d174 1 a174 1 changes in bozohttpd 5.01 (20000421): d177 1 @ 1.2.20.1 log @Pull up following revision(s) (requested by mrg in ticket #1913): libexec/httpd/CHANGES 1.3-1.18 libexec/httpd/Makefile 1.8-1.22 via patch libexec/httpd/Makefile.boot 1.3-1.6 libexec/httpd/auth-bozo.c 1.5-1.13 libexec/httpd/bozohttpd.8 1.6-1.46 libexec/httpd/bozohttpd.c 1.8,1.12-1.54 libexec/httpd/bozohttpd.h 1.8-1.32 libexec/httpd/cgi-bozo.c 1.11-1.25 libexec/httpd/content-bozo.c 1.4-1.10 libexec/httpd/daemon-bozo.c 1.5-1.16 libexec/httpd/dir-index-bozo.c 1.6-1.19 libexec/httpd/ssl-bozo.c 1.5-1.16 libexec/httpd/tilde-luzah-bozo.c 1.5-1.10 libexec/httpd/lua-bozo.c 1.1-1.9 libexec/httpd/main.c 1.1-1.7 libexec/httpd/netbsd_queue.h 1.1 libexec/httpd/printenv.lua 1.1-1.2 libexec/httpd/debug/Makefile 1.1 libexec/httpd/libbozohttpd/Makefile 1.2 libexec/httpd/libbozohttpd/libbozohttpd.3 1.3 libexec/httpd/libbozohttpd/shlib_version 1.1 libexec/httpd/lua/Makefile 1.1 libexec/httpd/lua/bozo.lua 1.1 libexec/httpd/lua/glue.c 1.1 libexec/httpd/lua/optparse.lua 1.1 libexec/httpd/lua/shlib_version 1.1 libexec/httpd/small/Makefile 1.1-1.2 libexec/httpd/testsuite/Makefile 1.4 libexec/httpd/testsuite/html_cmp 1.4 libexec/httpd/testsuite/t1.in 1.3 libexec/httpd/testsuite/t1.out 1.3 libexec/httpd/testsuite/t10.in 1.1 libexec/httpd/testsuite/t10.out 1.1 libexec/httpd/testsuite/t2.in 1.3 libexec/httpd/testsuite/t2.out 1.3 libexec/httpd/testsuite/t3.in 1.3 libexec/httpd/testsuite/t3.out 1.3 libexec/httpd/testsuite/t4.in 1.3 libexec/httpd/testsuite/t4.out 1.3 libexec/httpd/testsuite/t5.in 1.3 libexec/httpd/testsuite/t5.out 1.3 libexec/httpd/testsuite/t6.in 1.3 libexec/httpd/testsuite/t6.out 1.3 libexec/httpd/testsuite/t7.in 1.3 libexec/httpd/testsuite/t7.out 1.3 libexec/httpd/testsuite/t8.in 1.3 libexec/httpd/testsuite/t8.out 1.3 libexec/httpd/testsuite/t9.in 1.3 libexec/httpd/testsuite/t9.out 1.3 libexec/httpd/testsuite/test-bigfile 1.1 libexec/httpd/testsuite/data/bigfile 1.1 libexec/httpd/testsuite/data/bigfile.partial4000 1.1 libexec/httpd/testsuite/data/bigfile.partial8000 1.1 libexec/httpd/testsuite/data/file 1.3 libexec/httpd/testsuite/data/index.html 1.3 Update bozohttpd from 20080303+patches to 20140708. changes in bozohttpd 20140708: o fixes for virtual host support, from rajeev_v_pillai@@yahoo.com o avoid printing double errors, from shm@@netbsd.org o fix a security issue in basic HTTP authentication which would allow authentication to be bypassed, from shm@@netbsd.org changes in bozohttpd 20140201: o support .svg files o fix a core dump when requests timeout changes in bozohttpd 20140102: o update a few content types o add support for directly calling lua scripts to handle processes, from mbalmer@@netbsd.org o properly escape generated HTML o add authentication for redirections, from martin@@netbsd.org o handle chained ssl certifications, from elric@@netbsd.org o add basic support for gzipped files, from elric@@netbsd.org o properly escape generated URIs changes in bozohttpd 20111118: o add -P option, from jmmv@@netbsd.org o avoid crashes with http basic auth, from pooka@@netbsd.org o add support for REDIRECT_STATUS variable, from tls@@netbsd.org o support .mp4 files in the default map o directory indexes with files with : are now displayed properly, from reed@@netbsd.org o allow -I option to be useful in non-inetd mode as well changes in bozohttpd 20100920: o properly fully disable multi-file mode for now o fix the -t and -U options when used without the -e option, broken since the library-ifcation o be explicit that logs go to the FTP facility in syslog o use scandir() with alphasort() for sorted directory lists, from moof o fix a serious error in vhost handling; "Host:.." would allow access to the next level directory from the virtual root directory, from seanb o fix some various non standard compile time errors, from rudolf o fix dynamic CGI content maps, from rudolf changes in bozohttpd 20100617: o fix some compile issues o fix SSL mode. from rtr o fix some cgi-bin issues, as seen with cvsweb o disable multi-file daemon mode for now, it breaks o return 404's instead of 403's when chdir of ~user dirs fail o remove "noreturn" attribute from bozo_http_error() that was causing incorrect runtime behaviour changes in bozohttpd 20100509: o major rework and clean up of internal interfaces. move the main program into main.c, the remaining parts are useable as library. add bindings for lua. by Alistair G. Crooks o fix http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566325 changes in bozohttpd 20090522: o avoid dying in daemon mode for some uncommon, but recoverable, errors o close leaking file descriptors for CGI and daemon mode o handle poll errors properly o don't try to handle more than one request per process yet o add subdirs for build "debug" and "small" versions o clean up a bad merge / duplicate code o make mmap() usage portable, fixes linux & ranges: support o document the -f option o daemon mode now serves 6 files per child changes in bozohttpd 20090417: o make bozohttpd internally more modular, preparing the way to handle more than one request per process o fix http-auth, set $REMOTE_USER not $REMOTEUSER. also fix cgi-bin with cvsweb, from Holger Weiss o fix an uninitialised variable use in daemon mode o fix ssl mode with newer OpenSSL o mmap large files in manageable sizes so we can serve any size file o refactor url processing to handle query strings correctly for CGI from Sergey Katsev at Coyote Point o add If-Modified-Since support, from Joerg Sonnenberger o many more manual fixes, from NetBSD @ text @d1 1 a1 1 $eterna: CHANGES,v 1.78 2011/11/18 01:25:11 mrg Exp $ d3 1 a3 92 changes in bozohttpd 20140708: o fixes for virtual host support, from rajeev_v_pillai@@yahoo.com o avoid printing double errors, from shm@@netbsd.org o fix a security issue in basic HTTP authentication which would allow authentication to be bypassed, from shm@@netbsd.org changes in bozohttpd 20140201: o support .svg files o fix a core dump when requests timeout changes in bozohttpd 20140102: o update a few content types o add support for directly calling lua scripts to handle processes, from mbalmer@@netbsd.org o properly escape generated HTML o add authentication for redirections, from martin@@netbsd.org o handle chained ssl certifications, from elric@@netbsd.org o add basic support for gzipped files, from elric@@netbsd.org o properly escape generated URIs changes in bozohttpd 20111118: o add -P option, from jmmv@@netbsd.org o avoid crashes with http basic auth, from pooka@@netbsd.org o add support for REDIRECT_STATUS variable, from tls@@netbsd.org o support .mp4 files in the default map o directory indexes with files with : are now displayed properly, from reed@@netbsd.org o allow -I option to be useful in non-inetd mode as well changes in bozohttpd 20100920: o properly fully disable multi-file mode for now o fix the -t and -U options when used without the -e option, broken since the library-ifcation o be explicit that logs go to the FTP facility in syslog o use scandir() with alphasort() for sorted directory lists, from moof o fix a serious error in vhost handling; "Host:.." would allow access to the next level directory from the virtual root directory, from seanb o fix some various non standard compile time errors, from rudolf o fix dynamic CGI content maps, from rudolf changes in bozohttpd 20100617: o fix some compile issues o fix SSL mode. from rtr o fix some cgi-bin issues, as seen with cvsweb o disable multi-file daemon mode for now, it breaks o return 404's instead of 403's when chdir of ~user dirs fail o remove "noreturn" attribute from bozo_http_error() that was causing incorrect runtime behaviour changes in bozohttpd 20100509: o major rework and clean up of internal interfaces. move the main program into main.c, the remaining parts are useable as library. add bindings for lua. by Alistair G. Crooks o fix http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566325 changes in bozohttpd 20090522: o avoid dying in daemon mode for some uncommon, but recoverable, errors o close leaking file descriptors for CGI and daemon mode o handle poll errors properly o don't try to handle more than one request per process yet o add subdirs for build "debug" and "small" versions o clean up a bad merge / duplicate code o make mmap() usage portable, fixes linux & ranges: support o document the -f option o daemon mode now serves 6 files per child changes in bozohttpd 20090417: o make bozohttpd internally more modular, preparing the way to handle more than one request per process o fix http-auth, set $REMOTE_USER not $REMOTEUSER. also fix cgi-bin with cvsweb, from Holger Weiss o fix an uninitialised variable use in daemon mode o fix ssl mode with newer OpenSSL o mmap large files in manageable sizes so we can serve any size file o refactor url processing to handle query strings correctly for CGI from Sergey Katsev at Coyote Point o add If-Modified-Since support, from Joerg Sonnenberger o many more manual fixes, from NetBSD changes in bozohttpd 20080303: o fix some cgi header processing, from o add simple Range: header processing, from o man page fixes, from NetBSD o clean up various parts, from NetBSD changes in bozohttpd 20060710: o prefix some function names with "bozo" o align directory indexing
markers o clean up some code GCC4 grumbled about changes in bozohttpd 20060517: d11 1 a11 1 changes in bozohttpd 20050410: d21 1 a21 1 changes in bozohttpd 20040808: d33 1 a33 1 changes in bozohttpd 20040218: d46 1 a46 1 changes in bozohttpd 20031005: d52 1 a52 1 changes in bozohttpd 20030626: d66 1 a66 1 changes in bozohttpd 20030409: d79 1 a79 1 changes in bozohttpd 20030313: d93 1 a93 1 changes in bozohttpd 20021106: d102 1 a102 1 changes in bozohttpd 5.15 (20020913): d106 1 a106 1 changes in bozohttpd 5.14 (20020823): d115 1 a115 1 changes in bozohttpd 5.13 (20020804): d119 1 a119 1 changes in bozohttpd 5.12 (20020803): d123 1 a123 1 changes in bozohttpd 5.11 (20020730): d131 1 a131 1 changes in bozohttpd 5.10 (20020710): d140 1 a140 1 changes in bozohttpd 5.09 (20010922): d146 1 a146 1 changes in bozohttpd 5.08 (20010812): d151 1 a151 1 changes in bozohttpd 5.07 (20010610): d158 1 a158 1 changes in bozohttpd 5.06 (20000825): d162 1 a162 1 changes in bozohttpd 5.05 (20000815): d165 1 a165 1 changes in bozohttpd 5.04 (20000427): d168 1 a168 1 changes in bozohttpd 5.03 (20000427): d171 1 a171 1 changes in bozohttpd 5.02 (20000426): d174 1 a174 1 changes in bozohttpd 5.01 (20000421): d177 1 @ 1.2.10.1 log @Pull up following revision(s) (requested by mrg in ticket #1913): libexec/httpd/CHANGES 1.3-1.18 libexec/httpd/Makefile 1.8-1.22 via patch libexec/httpd/Makefile.boot 1.3-1.6 libexec/httpd/auth-bozo.c 1.5-1.13 libexec/httpd/bozohttpd.8 1.6-1.46 libexec/httpd/bozohttpd.c 1.8,1.12-1.54 libexec/httpd/bozohttpd.h 1.8-1.32 libexec/httpd/cgi-bozo.c 1.11-1.25 libexec/httpd/content-bozo.c 1.4-1.10 libexec/httpd/daemon-bozo.c 1.5-1.16 libexec/httpd/dir-index-bozo.c 1.6-1.19 libexec/httpd/ssl-bozo.c 1.5-1.16 libexec/httpd/tilde-luzah-bozo.c 1.5-1.10 libexec/httpd/lua-bozo.c 1.1-1.9 libexec/httpd/main.c 1.1-1.7 libexec/httpd/netbsd_queue.h 1.1 libexec/httpd/printenv.lua 1.1-1.2 libexec/httpd/debug/Makefile 1.1 libexec/httpd/libbozohttpd/Makefile 1.2 libexec/httpd/libbozohttpd/libbozohttpd.3 1.3 libexec/httpd/libbozohttpd/shlib_version 1.1 libexec/httpd/lua/Makefile 1.1 libexec/httpd/lua/bozo.lua 1.1 libexec/httpd/lua/glue.c 1.1 libexec/httpd/lua/optparse.lua 1.1 libexec/httpd/lua/shlib_version 1.1 libexec/httpd/small/Makefile 1.1-1.2 libexec/httpd/testsuite/Makefile 1.4 libexec/httpd/testsuite/html_cmp 1.4 libexec/httpd/testsuite/t1.in 1.3 libexec/httpd/testsuite/t1.out 1.3 libexec/httpd/testsuite/t10.in 1.1 libexec/httpd/testsuite/t10.out 1.1 libexec/httpd/testsuite/t2.in 1.3 libexec/httpd/testsuite/t2.out 1.3 libexec/httpd/testsuite/t3.in 1.3 libexec/httpd/testsuite/t3.out 1.3 libexec/httpd/testsuite/t4.in 1.3 libexec/httpd/testsuite/t4.out 1.3 libexec/httpd/testsuite/t5.in 1.3 libexec/httpd/testsuite/t5.out 1.3 libexec/httpd/testsuite/t6.in 1.3 libexec/httpd/testsuite/t6.out 1.3 libexec/httpd/testsuite/t7.in 1.3 libexec/httpd/testsuite/t7.out 1.3 libexec/httpd/testsuite/t8.in 1.3 libexec/httpd/testsuite/t8.out 1.3 libexec/httpd/testsuite/t9.in 1.3 libexec/httpd/testsuite/t9.out 1.3 libexec/httpd/testsuite/test-bigfile 1.1 libexec/httpd/testsuite/data/bigfile 1.1 libexec/httpd/testsuite/data/bigfile.partial4000 1.1 libexec/httpd/testsuite/data/bigfile.partial8000 1.1 libexec/httpd/testsuite/data/file 1.3 libexec/httpd/testsuite/data/index.html 1.3 Update bozohttpd from 20080303+patches to 20140708. changes in bozohttpd 20140708: o fixes for virtual host support, from rajeev_v_pillai@@yahoo.com o avoid printing double errors, from shm@@netbsd.org o fix a security issue in basic HTTP authentication which would allow authentication to be bypassed, from shm@@netbsd.org changes in bozohttpd 20140201: o support .svg files o fix a core dump when requests timeout changes in bozohttpd 20140102: o update a few content types o add support for directly calling lua scripts to handle processes, from mbalmer@@netbsd.org o properly escape generated HTML o add authentication for redirections, from martin@@netbsd.org o handle chained ssl certifications, from elric@@netbsd.org o add basic support for gzipped files, from elric@@netbsd.org o properly escape generated URIs changes in bozohttpd 20111118: o add -P option, from jmmv@@netbsd.org o avoid crashes with http basic auth, from pooka@@netbsd.org o add support for REDIRECT_STATUS variable, from tls@@netbsd.org o support .mp4 files in the default map o directory indexes with files with : are now displayed properly, from reed@@netbsd.org o allow -I option to be useful in non-inetd mode as well changes in bozohttpd 20100920: o properly fully disable multi-file mode for now o fix the -t and -U options when used without the -e option, broken since the library-ifcation o be explicit that logs go to the FTP facility in syslog o use scandir() with alphasort() for sorted directory lists, from moof o fix a serious error in vhost handling; "Host:.." would allow access to the next level directory from the virtual root directory, from seanb o fix some various non standard compile time errors, from rudolf o fix dynamic CGI content maps, from rudolf changes in bozohttpd 20100617: o fix some compile issues o fix SSL mode. from rtr o fix some cgi-bin issues, as seen with cvsweb o disable multi-file daemon mode for now, it breaks o return 404's instead of 403's when chdir of ~user dirs fail o remove "noreturn" attribute from bozo_http_error() that was causing incorrect runtime behaviour changes in bozohttpd 20100509: o major rework and clean up of internal interfaces. move the main program into main.c, the remaining parts are useable as library. add bindings for lua. by Alistair G. Crooks o fix http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566325 changes in bozohttpd 20090522: o avoid dying in daemon mode for some uncommon, but recoverable, errors o close leaking file descriptors for CGI and daemon mode o handle poll errors properly o don't try to handle more than one request per process yet o add subdirs for build "debug" and "small" versions o clean up a bad merge / duplicate code o make mmap() usage portable, fixes linux & ranges: support o document the -f option o daemon mode now serves 6 files per child changes in bozohttpd 20090417: o make bozohttpd internally more modular, preparing the way to handle more than one request per process o fix http-auth, set $REMOTE_USER not $REMOTEUSER. also fix cgi-bin with cvsweb, from Holger Weiss o fix an uninitialised variable use in daemon mode o fix ssl mode with newer OpenSSL o mmap large files in manageable sizes so we can serve any size file o refactor url processing to handle query strings correctly for CGI from Sergey Katsev at Coyote Point o add If-Modified-Since support, from Joerg Sonnenberger o many more manual fixes, from NetBSD @ text @d1 1 a1 1 $eterna: CHANGES,v 1.78 2011/11/18 01:25:11 mrg Exp $ d3 1 a3 92 changes in bozohttpd 20140708: o fixes for virtual host support, from rajeev_v_pillai@@yahoo.com o avoid printing double errors, from shm@@netbsd.org o fix a security issue in basic HTTP authentication which would allow authentication to be bypassed, from shm@@netbsd.org changes in bozohttpd 20140201: o support .svg files o fix a core dump when requests timeout changes in bozohttpd 20140102: o update a few content types o add support for directly calling lua scripts to handle processes, from mbalmer@@netbsd.org o properly escape generated HTML o add authentication for redirections, from martin@@netbsd.org o handle chained ssl certifications, from elric@@netbsd.org o add basic support for gzipped files, from elric@@netbsd.org o properly escape generated URIs changes in bozohttpd 20111118: o add -P option, from jmmv@@netbsd.org o avoid crashes with http basic auth, from pooka@@netbsd.org o add support for REDIRECT_STATUS variable, from tls@@netbsd.org o support .mp4 files in the default map o directory indexes with files with : are now displayed properly, from reed@@netbsd.org o allow -I option to be useful in non-inetd mode as well changes in bozohttpd 20100920: o properly fully disable multi-file mode for now o fix the -t and -U options when used without the -e option, broken since the library-ifcation o be explicit that logs go to the FTP facility in syslog o use scandir() with alphasort() for sorted directory lists, from moof o fix a serious error in vhost handling; "Host:.." would allow access to the next level directory from the virtual root directory, from seanb o fix some various non standard compile time errors, from rudolf o fix dynamic CGI content maps, from rudolf changes in bozohttpd 20100617: o fix some compile issues o fix SSL mode. from rtr o fix some cgi-bin issues, as seen with cvsweb o disable multi-file daemon mode for now, it breaks o return 404's instead of 403's when chdir of ~user dirs fail o remove "noreturn" attribute from bozo_http_error() that was causing incorrect runtime behaviour changes in bozohttpd 20100509: o major rework and clean up of internal interfaces. move the main program into main.c, the remaining parts are useable as library. add bindings for lua. by Alistair G. Crooks o fix http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566325 changes in bozohttpd 20090522: o avoid dying in daemon mode for some uncommon, but recoverable, errors o close leaking file descriptors for CGI and daemon mode o handle poll errors properly o don't try to handle more than one request per process yet o add subdirs for build "debug" and "small" versions o clean up a bad merge / duplicate code o make mmap() usage portable, fixes linux & ranges: support o document the -f option o daemon mode now serves 6 files per child changes in bozohttpd 20090417: o make bozohttpd internally more modular, preparing the way to handle more than one request per process o fix http-auth, set $REMOTE_USER not $REMOTEUSER. also fix cgi-bin with cvsweb, from Holger Weiss o fix an uninitialised variable use in daemon mode o fix ssl mode with newer OpenSSL o mmap large files in manageable sizes so we can serve any size file o refactor url processing to handle query strings correctly for CGI from Sergey Katsev at Coyote Point o add If-Modified-Since support, from Joerg Sonnenberger o many more manual fixes, from NetBSD changes in bozohttpd 20080303: o fix some cgi header processing, from o add simple Range: header processing, from o man page fixes, from NetBSD o clean up various parts, from NetBSD changes in bozohttpd 20060710: o prefix some function names with "bozo" o align directory indexing
markers o clean up some code GCC4 grumbled about changes in bozohttpd 20060517: d11 1 a11 1 changes in bozohttpd 20050410: d21 1 a21 1 changes in bozohttpd 20040808: d33 1 a33 1 changes in bozohttpd 20040218: d46 1 a46 1 changes in bozohttpd 20031005: d52 1 a52 1 changes in bozohttpd 20030626: d66 1 a66 1 changes in bozohttpd 20030409: d79 1 a79 1 changes in bozohttpd 20030313: d93 1 a93 1 changes in bozohttpd 20021106: d102 1 a102 1 changes in bozohttpd 5.15 (20020913): d106 1 a106 1 changes in bozohttpd 5.14 (20020823): d115 1 a115 1 changes in bozohttpd 5.13 (20020804): d119 1 a119 1 changes in bozohttpd 5.12 (20020803): d123 1 a123 1 changes in bozohttpd 5.11 (20020730): d131 1 a131 1 changes in bozohttpd 5.10 (20020710): d140 1 a140 1 changes in bozohttpd 5.09 (20010922): d146 1 a146 1 changes in bozohttpd 5.08 (20010812): d151 1 a151 1 changes in bozohttpd 5.07 (20010610): d158 1 a158 1 changes in bozohttpd 5.06 (20000825): d162 1 a162 1 changes in bozohttpd 5.05 (20000815): d165 1 a165 1 changes in bozohttpd 5.04 (20000427): d168 1 a168 1 changes in bozohttpd 5.03 (20000427): d171 1 a171 1 changes in bozohttpd 5.02 (20000426): d174 1 a174 1 changes in bozohttpd 5.01 (20000421): d177 1 @ 1.2.12.1 log @Sync with HEAD. Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html @ text @d1 1 a1 32 $eterna: CHANGES,v 1.67 2009/04/18 11:42:39 mrg Exp $ changes since bozohttpd 20090417: o avoid dying in daemon mode for some uncommon, but recoverable, errors o close leaking file descriptors for CGI and daemon mode o handle poll errors properly o don't try to handle more than one request per process yet changes since bozohttpd 20080303: o make bozohttpd internally more modular, preparing the way to handle more than one request per process o fix http-auth, set $REMOTE_USER not $REMOTEUSER. also fix cgi-bin with cvsweb, from Holger Weiss o fix an uninitialised variable use in daemon mode o fix ssl mode with newer OpenSSL o mmap large files in manageable sizes so we can serve any size file o refactor url processing to handle query strings correctly for CGI from Sergey Katsev at Coyote Point o add If-Modified-Since support, from Joerg Sonnenberger o many more manual fixes, from NetBSD changes since bozohttpd 20060710: o fix some cgi header processing, from o add simple Range: header processing, from o man page fixes, from NetBSD o clean up various parts, from NetBSD changes since bozohttpd 20060517: o prefix some function names with "bozo" o align directory indexing
markers o clean up some code GCC4 grumbled about @ 1.1 log @Initial revision @ text @@ 1.1.1.1 log @Import of bozohttpd for its originally intended purpose: a small (~30k) simple run-from-inetd httpd suitable for small systems (and some large ones). @ text @@ 1.1.1.2 log @import latest bozohttpd. changes include: o fix some cgi header processing, from o add simple Range: header processing, from o man page fixes, from NetBSD o clean up various parts, from NetBSD o prefix some function names with "bozo" o align directory indexing
markers o clean up some code GCC4 grumbled about @ text @d1 1 a1 12 $eterna: CHANGES,v 1.58 2008/03/03 03:37:10 mrg Exp $ changes since bozohttpd 20060710: o fix some cgi header processing, from o add simple Range: header processing, from o man page fixes, from NetBSD o clean up various parts, from NetBSD changes since bozohttpd 20060517: o prefix some function names with "bozo" o align directory indexing
markers o clean up some code GCC4 grumbled about @ 1.1.1.3 log @import latest bozohttpd sources. changes include: o make bozohttpd internally more modular, preparing the way to handle more than one request per process o fix http-auth, set $REMOTE_USER not $REMOTEUSER. also fix cgi-bin with cvsweb, from Holger Weiss o fix an uninitialised variable use in daemon mode o fix ssl mode with newer OpenSSL o mmap large files in manageable sizes so we can serve any size file o refactor url processing to handle query strings correctly for CGI from Sergey Katsev at Coyote Point o add If-Modified-Since support, from Joerg Sonnenberger o many more manual fixes, from NetBSD @ text @d1 1 a1 15 $eterna: CHANGES,v 1.65 2009/04/18 05:36:04 mrg Exp $ changes since bozohttpd 20080303: o make bozohttpd internally more modular, preparing the way to handle more than one request per process o fix http-auth, set $REMOTE_USER not $REMOTEUSER. also fix cgi-bin with cvsweb, from Holger Weiss o fix an uninitialised variable use in daemon mode o fix ssl mode with newer OpenSSL o mmap large files in manageable sizes so we can serve any size file o refactor url processing to handle query strings correctly for CGI from Sergey Katsev at Coyote Point o add If-Modified-Since support, from Joerg Sonnenberger o many more manual fixes, from NetBSD @ 1.1.1.4 log @import bozohttpd 20090418. changes include: o avoid dying in daemon mode for some uncommon, but recoverable, errors o close leaking file descriptors for CGI and daemon mode o handle poll errors properly o don't try to handle more than one request per process yet this covers PR#38489 and PR#40079, as well some some issues reported privately. @ text @d1 1 a1 7 $eterna: CHANGES,v 1.67 2009/04/18 11:42:39 mrg Exp $ changes since bozohttpd 20090417: o avoid dying in daemon mode for some uncommon, but recoverable, errors o close leaking file descriptors for CGI and daemon mode o handle poll errors properly o don't try to handle more than one request per process yet @ 1.1.1.5 log @import bozohttpd 20090522, which has these changes: o close more leaking file descriptors for CGI and daemon mode o add subdirs for build "debug" and "small" versions o clean up a bad merge / duplicate code o make mmap() usage portable, fixes linux & ranges: support o document the -f option o daemon mode now serves 6 files per child @ text @d1 1 a1 1 $eterna: CHANGES,v 1.68 2009/05/22 21:51:38 mrg Exp $ a7 5 o add subdirs for build "debug" and "small" versions o clean up a bad merge / duplicate code o make mmap() usage portable, fixes linux & ranges: support o document the -f option o daemon mode now serves 6 files per child @ 1.1.1.6 log @import bozohttpd 20100509. it has these changes: o major rework and clean up of internal interfaces. move the main program into main.c, the remaining parts are useable as library. add bindings for lua. by Alistair G. Crooks o fix http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566325 special thanks to al for the majority of these changes. @ text @d1 1 a1 7 $eterna: CHANGES,v 1.70 2010/05/10 02:24:30 mrg Exp $ changes since bozohttpd 20090522: o major rework and clean up of internal interfaces. move the main program into main.c, the remaining parts are useable as library. add bindings for lua. by Alistair G. Crooks o fix http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566325 @ 1.1.1.7 log @import bozohttpd 20100512. it includes these changes: o fix SSL mode. from rtr. @ text @d1 1 a1 5 $eterna: CHANGES,v 1.71 2010/05/13 04:19:04 mrg Exp $ changes since bozohttpd 20100509: o fix some compile issues o fix SSL mode. from rtr. @ 1.1.1.8 log @initial import of bozohttpd 20100617. recent changes: o fix some compile issues o fix SSL mode. from rtr o fix some cgi-bin issues, as seen with cvsweb o disable multi-file daemon mode for now, it breaks o return 404's instead of 403's when chdir of ~user dirs fail o remove "noreturn" attribute from bozo_http_error() that was causing incorrect runtime behaviour @ text @d1 1 a1 1 $eterna: CHANGES,v 1.75 2010/06/17 19:26:54 mrg Exp $ d5 1 a5 6 o fix SSL mode. from rtr o fix some cgi-bin issues, as seen with cvsweb o disable multi-file daemon mode for now, it breaks o return 404's instead of 403's when chdir of ~user dirs fail o remove "noreturn" attribute from bozo_http_error() that was causing incorrect runtime behaviour @ 1.1.1.9 log @initial import of bozohttpd 20100621. change include: o properly fully disable multi-file mode for now o fix the -t and -U options when used without the -e option, broken since the library-ifcation o be explicit that logs go to the FTP facility in syslog @ text @d1 1 a1 7 $eterna: CHANGES,v 1.76 2010/06/21 06:45:45 mrg Exp $ changes since bozohttpd 20100617: o properly fully disable multi-file mode for now o fix the -t and -U options when used without the -e option, broken since the library-ifcation o be explicit that logs go to the FTP facility in syslog @ 1.1.1.10 log @initial import of bozohttpd 20100920. the only change missing in here is: o fix dynamic CGI content maps, from rudolf @ text @d1 1 a1 1 $eterna: CHANGES,v 1.77 2010/09/20 22:26:28 mrg Exp $ a7 5 o use scandir() with alphasort() for sorted directory lists, from moof o fix a serious error in vhost handling; "Host:.." would allow access to the next level directory from the virtual root directory, from seanb o fix some various non standard compile time errors, from rudolf o fix dynamic CGI content maps, from rudolf @ 1.1.1.11 log @update to bozohttpd 20111118. nothing major is missing here but the changes since the prior import were: o add -P option, from jmmv@@netbsd.org o avoid crashes with http basic auth, from pooka@@netbsd.org o add support for REDIRECT_STATUS variable, from tls@@netbsd.org o support .mp4 files in the default map o directory indexes with files with : are now displayed properly, from reed@@netbsd.org o allow -I option to be useful in non-inetd mode as well @ text @d1 1 a1 10 $eterna: CHANGES,v 1.78 2011/11/18 01:25:11 mrg Exp $ changes since bozohttpd 20100920: o add -P option, from jmmv@@netbsd.org o avoid crashes with http basic auth, from pooka@@netbsd.org o add support for REDIRECT_STATUS variable, from tls@@netbsd.org o support .mp4 files in the default map o directory indexes with files with : are now displayed properly, from reed@@netbsd.org o allow -I option to be useful in non-inetd mode as well @