subject:"CVS commit\: \[netbsd\-8\] src\/libexec\/httpd"

CVS commit: [netbsd-8] src/libexec/httpd

2021-03-27 Thread Martin Husemann

Module Name:src
Committed By:   martin
Date:   Sat Mar 27 13:38:52 UTC 2021

Modified Files:
src/libexec/httpd [netbsd-8]: CHANGES Makefile Makefile.boot
auth-bozo.c bozohttpd.8 bozohttpd.c bozohttpd.h cgi-bozo.c
content-bozo.c daemon-bozo.c dir-index-bozo.c main.c printenv.lua
ssl-bozo.c
src/libexec/httpd/libbozohttpd [netbsd-8]: Makefile libbozohttpd.3
src/libexec/httpd/small [netbsd-8]: Makefile
src/libexec/httpd/testsuite [netbsd-8]: Makefile
Added Files:
src/libexec/httpd/testsuite [netbsd-8]: t16.in t16.out t17.in t17.out
t18.in t18.out

Log Message:
Pull up the following via patch, requested by mrg in ticket #1668:

Makefile1.30-1.31
Makefile.boot   1.7-1.9
auth-bozo.c 1.25-1.26
bozohttpd.8 1.80-1.87
bozohttpd.c 1.114-1.123,1.125-1.128
bozohttpd.h 1.61-1.68
cgi-bozo.c  1.49-1.53
content-bozo.c  1.17-1.20
daemon-bozo.c   1-.22
dir-index-bozo.c1.33-1.34
main.c  1.23-1.27
printenv.lua1.4-1.5
ssl-bozo.c  1.27-1.29
libbozohttpd/libbozohttpd.3 1.5-1.6
small/Makefile  1.4
testsuite/Makefile  1.14
testsuite/t16.in1.1
testsuite/t16.out   1.1
testsuite/t17.in1.1
testsuite/t17.out   1.1
testsuite/t18.in1.1
testsuite/t18.out   1.1

Update to bozohttpd 20210227.

changes in bozohttpd 20210227:
o  new support for content types: .tar.bz2, .tar.xz, .tar.lz,
   .tar.zst, .tbz2, .txz, .tlz, .zipx, .xz, .zst, .sz, .lz, .lzma,
   .lzo, .7z, .lzo, .cab, .dmg, .jar, and .rar.  should fix
   netbsd PR#56026:
   MIME type of .tar.xz file on ny{cdn,ftp}.NetBSD.org is invalid

changes in bozohttpd 20210211:
o  fix various NULL derefs from malformed headers.  mostly from
   .
o  fix memory leaks in library interface: add bozo_cleanup().

changes in bozohttpd 20201014:
o  also set -D_GNU_SOURCE in Makefile.boot.  from
   hadrien.lac...@posteo.net.
o  fix array size botch (assertion, not exploitable.)  from
   mar...@netbsd.org.
o  also match %2F as well as %2f.  from l...@vuxu.org.
o  many manual and help fixes.  clean ups for higher lint levels,
   consistency/style clean ups.  various option fixes including made
   -f imply -b.  from  for freebsd.

changes in bozohttpd 20200912:
o  add .m4a and .m4v file extensions.

changes in bozohttpd 20200820:
o  make this work on sun2 by reducing mmap window there.
o  fix SSL shutdown sequence.  from s...@netbsd.org.
o  add readme support to directory indexing.  from jmcne...@netbsd.org
o  add blocklist(8) support.  from jru...@netbsd.org.


To generate a diff of this commit:
cvs rdiff -u -r1.25.4.3 -r1.25.4.4 src/libexec/httpd/CHANGES
cvs rdiff -u -r1.27.2.1 -r1.27.2.2 src/libexec/httpd/Makefile
cvs rdiff -u -r1.6 -r1.6.18.1 src/libexec/httpd/Makefile.boot
cvs rdiff -u -r1.18.8.2 -r1.18.8.3 src/libexec/httpd/auth-bozo.c
cvs rdiff -u -r1.65.4.2 -r1.65.4.3 src/libexec/httpd/bozohttpd.8
cvs rdiff -u -r1.86.4.5 -r1.86.4.6 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.47.4.3 -r1.47.4.4 src/libexec/httpd/bozohttpd.h
cvs rdiff -u -r1.37.4.4 -r1.37.4.5 src/libexec/httpd/cgi-bozo.c
cvs rdiff -u -r1.14.6.1 -r1.14.6.2 src/libexec/httpd/content-bozo.c
cvs rdiff -u -r1.17.8.2 -r1.17.8.3 src/libexec/httpd/daemon-bozo.c
cvs rdiff -u -r1.25.8.2 -r1.25.8.3 src/libexec/httpd/dir-index-bozo.c
cvs rdiff -u -r1.16.6.2 -r1.16.6.3 src/libexec/httpd/main.c
cvs rdiff -u -r1.3 -r1.3.8.1 src/libexec/httpd/printenv.lua
cvs rdiff -u -r1.22.8.2 -r1.22.8.3 src/libexec/httpd/ssl-bozo.c
cvs rdiff -u -r1.3 -r1.3.2.1 src/libexec/httpd/libbozohttpd/Makefile
cvs rdiff -u -r1.4 -r1.4.4.1 src/libexec/httpd/libbozohttpd/libbozohttpd.3
cvs rdiff -u -r1.3 -r1.3.16.1 src/libexec/httpd/small/Makefile
cvs rdiff -u -r1.7.4.2 -r1.7.4.3 src/libexec/httpd/testsuite/Makefile
cvs rdiff -u -r0 -r1.1.2.2 src/libexec/httpd/testsuite/t16.in \
src/libexec/httpd/testsuite/t17.in src/libexec/httpd/testsuite/t18.in
cvs rdiff -u -r0 -r1.1.4.2 src/libexec/httpd/testsuite/t16.out \
src/libexec/httpd/testsuite/t17.out src/libexec/httpd/testsuite/t18.out

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/CHANGES
diff -u src/libexec/httpd/CHANGES:1.25.4.3 src/libexec/httpd/CHANGES:1.25.4.4
--- src/libexec/httpd/CHANGES:1.25.4.3	Wed Jun 12

CVS commit: [netbsd-8] src/libexec/httpd

2020-11-19 Thread Martin Husemann

Module Name:src
Committed By:   martin
Date:   Thu Nov 19 11:27:22 UTC 2020

Modified Files:
src/libexec/httpd [netbsd-8]: bozohttpd.c

Log Message:
Pull up following revision(s) (requested by hannken in ticket #1624):

libexec/httpd/bozohttpd.c: revision 1.124

Bozohttpd clobbers files greater than 4GB on 32bit archs.
Make sure the alignment mask derived from pagesize is an off_t.


To generate a diff of this commit:
cvs rdiff -u -r1.86.4.4 -r1.86.4.5 src/libexec/httpd/bozohttpd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.86.4.4 src/libexec/httpd/bozohttpd.c:1.86.4.5
--- src/libexec/httpd/bozohttpd.c:1.86.4.4	Wed Jun 12 10:32:00 2019
+++ src/libexec/httpd/bozohttpd.c	Thu Nov 19 11:27:22 2020
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.86.4.4 2019/06/12 10:32:00 martin Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.86.4.5 2020/11/19 11:27:22 martin Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -907,7 +907,7 @@ mmap_and_write_part(bozohttpd_t *httpd, 
 	 *
 	 * we use the write offset in all writes
 	 */
-	mappedoffset = first_byte_pos & ~(httpd->page_size - 1);
+	mappedoffset = first_byte_pos & ~((off_t)httpd->page_size - 1);
 	mappedsz = (size_t)
 		(first_byte_pos - mappedoffset + sz + httpd->page_size - 1) &
 		~(httpd->page_size - 1);

CVS commit: [netbsd-8] src/libexec/httpd

2018-11-28 Thread Martin Husemann

Module Name:src
Committed By:   martin
Date:   Wed Nov 28 19:50:37 UTC 2018

Modified Files:
src/libexec/httpd [netbsd-8]: CHANGES bozohttpd.c bozohttpd.h
cgi-bozo.c main.c

Log Message:
Pull up following revision(s) (requested by mrg in ticket #1109):

libexec/httpd/main.c: revision 1.22
libexec/httpd/CHANGES: revision 1.29
libexec/httpd/cgi-bozo.c: revision 1.45
libexec/httpd/bozohttpd.h: revision 1.57
libexec/httpd/CHANGES: revision 1.30
libexec/httpd/bozohttpd.c: revision 1.97
libexec/httpd/bozohttpd.c: revision 1.98
libexec/httpd/bozohttpd.c: revision 1.99

one semicolon is usually enough.

 -

appease lint

- add FALLTHROUGH comment
- one return is usually enough.

 -

avoid c99ism.

 -

fix -X option parsing.  noted by Rajeev V. Pillai.

 -

add option fixes here.

 -

normalise some messages.


To generate a diff of this commit:
cvs rdiff -u -r1.25.4.1 -r1.25.4.2 src/libexec/httpd/CHANGES
cvs rdiff -u -r1.86.4.2 -r1.86.4.3 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.47.4.1 -r1.47.4.2 src/libexec/httpd/bozohttpd.h
cvs rdiff -u -r1.37.4.2 -r1.37.4.3 src/libexec/httpd/cgi-bozo.c
cvs rdiff -u -r1.16.6.1 -r1.16.6.2 src/libexec/httpd/main.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/CHANGES
diff -u src/libexec/httpd/CHANGES:1.25.4.1 src/libexec/httpd/CHANGES:1.25.4.2
--- src/libexec/httpd/CHANGES:1.25.4.1	Sat Nov 24 17:13:51 2018
+++ src/libexec/httpd/CHANGES	Wed Nov 28 19:50:37 2018
@@ -1,4 +1,7 @@
-$NetBSD: CHANGES,v 1.25.4.1 2018/11/24 17:13:51 martin Exp $
+$NetBSD: CHANGES,v 1.25.4.2 2018/11/28 19:50:37 martin Exp $
+
+changes in bozohttpd 20181125:
+	o  fixes for option parsing introduced in bozohttpd 20181123
 
 changes in bozohttpd 20181121:
 	o  add url remap support via .bzremap file, from mar...@netbsd.org
@@ -9,7 +12,7 @@ changes in bozohttpd 20181121:
 	   initial line, each header, and the total time spent
 	o  add -T option to expose new timeout settings
 	o  minor RFC fixes related to timeout handling
-	o  fix special file (.htpasswd, .bz*) bypass.  reported by JP.
+	o  fix special file (.htpasswd, .bz*) bypass.  reported by JP
 
 changes in bozohttpd 20170201:
 	o  fix an infinite loop in cgi processing
@@ -94,7 +97,7 @@ changes in bozohttpd 20100617:
 
 changes in bozohttpd 20100509:
 	o  major rework and clean up of internal interfaces.  move the main
-	   program into main.c, the remaining parts are useable as library.
+	   program into main.c, the remaining parts are useable as library
 	   add bindings for lua.  by Alistair G. Crooks 
 	o  fix http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566325
 

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.86.4.2 src/libexec/httpd/bozohttpd.c:1.86.4.3
--- src/libexec/httpd/bozohttpd.c:1.86.4.2	Sat Nov 24 17:13:51 2018
+++ src/libexec/httpd/bozohttpd.c	Wed Nov 28 19:50:37 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.86.4.2 2018/11/24 17:13:51 martin Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.86.4.3 2018/11/28 19:50:37 martin Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -109,7 +109,7 @@
 #define INDEX_HTML		"index.html"
 #endif
 #ifndef SERVER_SOFTWARE
-#define SERVER_SOFTWARE		"bozohttpd/20181124"
+#define SERVER_SOFTWARE		"bozohttpd/20181125"
 #endif
 #ifndef PUBLIC_HTML
 #define PUBLIC_HTML		"public_html"
@@ -1018,6 +1018,7 @@ bozo_escape_rfc3986(bozohttpd_t *httpd, 
 		case '"':
 			if (absolute)
 goto leave_it;
+			/*FALLTHROUGH*/
 		case '\n':
 		case '\r':
 		case ' ':
@@ -1026,8 +1027,8 @@ bozo_escape_rfc3986(bozohttpd_t *httpd, 
 			d += 3;
 			len += 3;
 			break;
-		leave_it:
 		default:
+		leave_it:
 			*d++ = *s++;
 			len++;
 			break;
@@ -1477,7 +1478,6 @@ check_bzredirect(bozo_httpreq_t *request
 			 REDIRECT_FILE) >= sizeof(redir)) {
 		return bozo_http_error(httpd, 404, request,
 		"redirectfile path too long");
-		return -1;
 	}
 	if (lstat(redir, ) == 0) {
 		if (!S_ISLNK(sb.st_mode))
@@ -1924,8 +1924,9 @@ int
 bozo_check_special_files(bozo_httpreq_t *request, const char *name)
 {
 	bozohttpd_t *httpd = request->hr_httpd;
+	size_t i;
 
-	for (size_t i = 0; specials[i].file; i++)
+	for (i = 0; specials[i].file; i++)
 		if (strcmp(name, specials[i].file) == 0)
 			return bozo_http_error(httpd, 403, request,
 	   specials[i].name);

Index: src/libexec/httpd/bozohttpd.h
diff -u src/libexec/httpd/bozohttpd.h:1.47.4.1 src/libexec/httpd/bozohttpd.h:1.47.4.2
--- src/libexec/httpd/bozohttpd.h:1.47.4.1	Sat Nov 24 17:13:51 2018
+++ src/libexec/httpd/bozohttpd.h	Wed Nov 28 19:50:37 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.h,v 1.47.4.1 2018/11/24 17:13:51 martin Exp $	*/
+/*	$NetBSD: bozohttpd.h,v 1.47.4.2 2018/11/28 19:50:37 martin Exp $	*/
 
 /*	$eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -407,7 +407,7 @@ void

CVS commit: [netbsd-8] src/libexec/httpd

2018-11-24 Thread Martin Husemann

Module Name:src
Committed By:   martin
Date:   Sat Nov 24 17:13:51 UTC 2018

Modified Files:
src/libexec/httpd [netbsd-8]: CHANGES auth-bozo.c bozohttpd.8
bozohttpd.c bozohttpd.h cgi-bozo.c content-bozo.c daemon-bozo.c
dir-index-bozo.c main.c ssl-bozo.c tilde-luzah-bozo.c
src/libexec/httpd/lua [netbsd-8]: bozo.lua glue.c optparse.lua
src/libexec/httpd/testsuite [netbsd-8]: Makefile html_cmp t3.out t5.out
t6.out test-bigfile test-simple
Added Files:
src/libexec/httpd/testsuite [netbsd-8]: t12.in t12.out t13.in t13.out
t14.in t14.out t15.in t15.out
src/libexec/httpd/testsuite/data [netbsd-8]: .bzremap

Log Message:
Sync to HEAD (requested by mrg in ticket #1104)

libexec/httpd/testsuite/data/.bzremap   up to 1.1
libexec/httpd/testsuite/t12.out up to 1.1
libexec/httpd/testsuite/t12.in  up to 1.1
libexec/httpd/testsuite/t13.out up to 1.1
libexec/httpd/testsuite/t13.in  up to 1.1
libexec/httpd/testsuite/t14.out up to 1.1
libexec/httpd/testsuite/t14.in  up to 1.1
libexec/httpd/testsuite/t15.out up to 1.1
libexec/httpd/testsuite/t15.in  up to 1.1
libexec/httpd/CHANGES   up to 1.28
libexec/httpd/auth-bozo.c   up to 1.22
libexec/httpd/bozohttpd.8   up to 1.74
libexec/httpd/bozohttpd.c   up to 1.96
libexec/httpd/bozohttpd.h   up to 1.56
libexec/httpd/cgi-bozo.cup to 1.44
libexec/httpd/content-bozo.cup to 1.16
libexec/httpd/daemon-bozo.c up to 1.19
libexec/httpd/dir-index-bozo.c  up to 1.28
libexec/httpd/main.cup to 1.21
libexec/httpd/ssl-bozo.cup to 1.25
libexec/httpd/tilde-luzah-bozo.cup to 1.16
libexec/httpd/lua/bozo.lua  up to 1.3
libexec/httpd/lua/glue.cup to 1.5
libexec/httpd/lua/optparse.lua  up to 1.2
libexec/httpd/testsuite/Makefileup to 1.11
libexec/httpd/testsuite/html_cmpup to 1.6
libexec/httpd/testsuite/t3.out  up to 1.4
libexec/httpd/testsuite/t5.out  up to 1.4
libexec/httpd/testsuite/t6.out  up to 1.4
libexec/httpd/testsuite/test-bigfileup to 1.5
libexec/httpd/testsuite/test-simple up to 1.5

Cosmetic changes to Lua binding in bozohttpd.

- Don't use negative indicies to read arguments of Lua functions.
- On error, return nil, "error string".
- Use ssize_t for return values from bozo_read() and bozo_write().
- Prefer lstring especially when if saves you from appending NUL and
  doing len + 1 which can potentially wraparound.
- Don't mix C allocations with Lua functions marked with "m" in the Lua
  manual. Those functions may throw (longjump) and leak data allocated
  by C function. In one case, I use luaL_Buffer, in the other case,
  I rearranged calls a bit.

fix ordering of a couple of words.  from Edgar Pettijohn in PR#52375.
thanks!

s/u_int/unsigned/.

from Jan Danielsson.  increases/fixes portability.

PR bin/52194: bozohttpd fails to exec scripts via the -C mechanism
sometimes with EFAULT due to not NULL terminated environment.

Document script handler issues with httpd(8).
>From martin@, addressing PR 52194.

While here, use American spelling consistently and upper-case some
abbreviations.

Bump date.

fix output since protocol agnostic change went in.

XXX: i thought someone hooked this into atf already, please do :)

Add support for remapping requested paths via a .bzredirect file.
Fixes PR 52772. Ok: mrg@

Bump date

Remove trailing whitespace.

use __func__ in debug().

fix a denial of service attack against header contents, which
is now bounded at 16KiB.  reported by JP.

avoid memory leak in sending multiple auth headers.
mostly mitigated by previous patch to limit total header size,
but still a real problem here.

note the changes present in bozohttpd 20181118:

o  add url remap support via .bzremap file, from martin%netbsd.org@localhost
o  handle redirections for any protocol, not just http:
o  fix a denial of service attack against header contents, which
   is now bounded at 16KiB.  reported by JP.

from CHANGES:

o  reduce default timeouts, and add expand timeouts to handle the
   initial line, each header, and the total time spent
o  add -T option to expose new timeout settings
o  minor RFC fixes related to timeout handling responses

old timeouts:
60 seconds for initial request like, 60 seconds per

CVS commit: [netbsd-8] src/libexec/httpd

2018-02-04 Thread Martin Husemann

Module Name:src
Committed By:   martin
Date:   Sun Feb  4 12:49:25 UTC 2018

Modified Files:
src/libexec/httpd [netbsd-8]: bozohttpd.c

Log Message:
Pull up following revision(s) (requested by maya in ticket #522):
libexec/httpd/bozohttpd.c: revision 1.87
Use a protocol-agnostic URL (don't degrade HTTPS->HTTP)
Suggested by Travis Paul in PR bin/52958.


To generate a diff of this commit:
cvs rdiff -u -r1.86 -r1.86.4.1 src/libexec/httpd/bozohttpd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.86 src/libexec/httpd/bozohttpd.c:1.86.4.1
--- src/libexec/httpd/bozohttpd.c:1.86	Sun Feb  5 01:55:03 2017
+++ src/libexec/httpd/bozohttpd.c	Sun Feb  4 12:49:25 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.86 2017/02/05 01:55:03 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.86.4.1 2018/02/04 12:49:25 martin Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -1990,7 +1990,7 @@ bozo_http_error(bozohttpd_t *httpd, int 
 		"%s\n"
 		"%s\n"
 		"%s%s: %s\n"
- 		"http://%s%s/\;>%s%s\n"
+ 		"%s%s\n"
 		"\n",
 		header, header,
 		user ? user : "", file,

CVS commit: [netbsd-8] src/libexec/httpd

2017-12-04 Thread Soren Jacobsen

Module Name:src
Committed By:   snj
Date:   Mon Dec  4 19:44:13 UTC 2017

Modified Files:
src/libexec/httpd [netbsd-8]: cgi-bozo.c

Log Message:
Pull up following revision(s) (requested by martin in ticket #409):
libexec/httpd/cgi-bozo.c: revision 1.39
PR bin/52194: bozohttpd fails to exec scripts via the -C mechanism
sometimes with EFAULT due to not NULL terminated environment.


To generate a diff of this commit:
cvs rdiff -u -r1.37 -r1.37.4.1 src/libexec/httpd/cgi-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/cgi-bozo.c
diff -u src/libexec/httpd/cgi-bozo.c:1.37 src/libexec/httpd/cgi-bozo.c:1.37.4.1
--- src/libexec/httpd/cgi-bozo.c:1.37	Tue Jan 31 14:36:09 2017
+++ src/libexec/httpd/cgi-bozo.c	Mon Dec  4 19:44:13 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: cgi-bozo.c,v 1.37 2017/01/31 14:36:09 mrg Exp $	*/
+/*	$NetBSD: cgi-bozo.c,v 1.37.4.1 2017/12/04 19:44:13 snj Exp $	*/
 
 /*	$eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -587,6 +587,8 @@ bozo_process_cgi(bozo_httpreq_t *request
 		bozoerr(httpd, 1, "child socketpair failed: %s",
 strerror(errno));
 
+	*curenvp = 0;
+
 	/*
 	 * We create 2 procs: one to become the CGI, one read from
 	 * the CGI and output to the network, and this parent will

CVS commit: [netbsd-8] src/libexec/httpd

CVS commit: [netbsd-8] src/libexec/httpd

CVS commit: [netbsd-8] src/libexec/httpd

CVS commit: [netbsd-8] src/libexec/httpd

CVS commit: [netbsd-8] src/libexec/httpd

CVS commit: [netbsd-8] src/libexec/httpd

6 matches

Site Navigation

Mail list logo

Footer information