CVS commit: src/libexec/httpd
Module Name:src Committed By: maya Date: Sun Apr 28 17:12:30 UTC 2024 Modified Files: src/libexec/httpd: CHANGES bozohttpd.8 bozohttpd.c Log Message: Bump bozohttpd version to today for mobile-friendly directory listing To generate a diff of this commit: cvs rdiff -u -r1.55 -r1.56 src/libexec/httpd/CHANGES cvs rdiff -u -r1.96 -r1.97 src/libexec/httpd/bozohttpd.8 cvs rdiff -u -r1.146 -r1.147 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/CHANGES diff -u src/libexec/httpd/CHANGES:1.55 src/libexec/httpd/CHANGES:1.56 --- src/libexec/httpd/CHANGES:1.55 Fri Jan 26 23:19:44 2024 +++ src/libexec/httpd/CHANGES Sun Apr 28 17:12:30 2024 @@ -1,4 +1,7 @@ -$NetBSD: CHANGES,v 1.55 2024/01/26 23:19:44 mrg Exp $ +$NetBSD: CHANGES,v 1.56 2024/04/28 17:12:30 maya Exp $ + +changes in bozohttpd 20240428: + o make directory listings mobile friendly. from D. Bohdan. changes in bozohttpd 20240126: o add some more default mime types. Index: src/libexec/httpd/bozohttpd.8 diff -u src/libexec/httpd/bozohttpd.8:1.96 src/libexec/httpd/bozohttpd.8:1.97 --- src/libexec/httpd/bozohttpd.8:1.96 Sun Feb 4 05:54:20 2024 +++ src/libexec/httpd/bozohttpd.8 Sun Apr 28 17:12:30 2024 @@ -1,4 +1,4 @@ -.\" $NetBSD: bozohttpd.8,v 1.96 2024/02/04 05:54:20 mrg Exp $ +.\" $NetBSD: bozohttpd.8,v 1.97 2024/04/28 17:12:30 maya Exp $ .\" .\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $ .\" @@ -26,7 +26,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd Jan 26, 2024 +.Dd Apr 28, 2024 .Dt BOZOHTTPD 8 .Os .Sh NAME @@ -664,7 +664,7 @@ The focus has always been simplicity and and regular code audits. This manual documents .Nm -version 20240126. +version 20240428. .Sh AUTHORS .An -nosplit .Nm Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.146 src/libexec/httpd/bozohttpd.c:1.147 --- src/libexec/httpd/bozohttpd.c:1.146 Fri Jan 26 23:19:44 2024 +++ src/libexec/httpd/bozohttpd.c Sun Apr 28 17:12:30 2024 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.146 2024/01/26 23:19:44 mrg Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.147 2024/04/28 17:12:30 maya Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -108,7 +108,7 @@ #define INDEX_HTML "index.html" #endif #ifndef SERVER_SOFTWARE -#define SERVER_SOFTWARE "bozohttpd/20240126" +#define SERVER_SOFTWARE "bozohttpd/20240428" #endif #ifndef PUBLIC_HTML #define PUBLIC_HTML "public_html"
CVS commit: src/libexec/httpd
Module Name:src Committed By: maya Date: Sun Apr 28 17:12:30 UTC 2024 Modified Files: src/libexec/httpd: CHANGES bozohttpd.8 bozohttpd.c Log Message: Bump bozohttpd version to today for mobile-friendly directory listing To generate a diff of this commit: cvs rdiff -u -r1.55 -r1.56 src/libexec/httpd/CHANGES cvs rdiff -u -r1.96 -r1.97 src/libexec/httpd/bozohttpd.8 cvs rdiff -u -r1.146 -r1.147 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: maya Date: Fri Apr 26 20:27:12 UTC 2024 Modified Files: src/libexec/httpd: dir-index-bozo.c Log Message: Create mobile-friendly directory listings A typical mobile browser on a smartphone assumes a page without a "viewport" tag is designed for desktop browsers. It displays the page in a virtual window that simulates a wider screen and does not adjust it for the phone's pixel density. The usual result is that the content on the page looks small, and interacting with the page comfortably and precisely requires zoom. This is currently the case with bozohttpd directory listing pages. from D. Bohdan in PR bin/57962 To generate a diff of this commit: cvs rdiff -u -r1.36 -r1.37 src/libexec/httpd/dir-index-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/dir-index-bozo.c diff -u src/libexec/httpd/dir-index-bozo.c:1.36 src/libexec/httpd/dir-index-bozo.c:1.37 --- src/libexec/httpd/dir-index-bozo.c:1.36 Wed May 18 00:37:11 2022 +++ src/libexec/httpd/dir-index-bozo.c Fri Apr 26 20:27:12 2024 @@ -1,4 +1,4 @@ -/* $NetBSD: dir-index-bozo.c,v 1.36 2022/05/18 00:37:11 mrg Exp $ */ +/* $NetBSD: dir-index-bozo.c,v 1.37 2024/04/26 20:27:12 maya Exp $ */ /* $eterna: dir-index-bozo.c,v 1.20 2011/11/18 09:21:15 mrg Exp $ */ @@ -123,6 +123,7 @@ bozo_dir_index(bozo_httpreq_t *request, bozo_printf(httpd, "\r\n" "\r\n" + "\r\n"
CVS commit: src/libexec/httpd
Module Name:src Committed By: maya Date: Fri Apr 26 20:27:12 UTC 2024 Modified Files: src/libexec/httpd: dir-index-bozo.c Log Message: Create mobile-friendly directory listings A typical mobile browser on a smartphone assumes a page without a "viewport" tag is designed for desktop browsers. It displays the page in a virtual window that simulates a wider screen and does not adjust it for the phone's pixel density. The usual result is that the content on the page looks small, and interacting with the page comfortably and precisely requires zoom. This is currently the case with bozohttpd directory listing pages. from D. Bohdan in PR bin/57962 To generate a diff of this commit: cvs rdiff -u -r1.36 -r1.37 src/libexec/httpd/dir-index-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Sun Feb 4 05:54:21 UTC 2024 Modified Files: src/libexec/httpd: bozohttpd.8 Log Message: note this documents bozohttpd 20240126. To generate a diff of this commit: cvs rdiff -u -r1.95 -r1.96 src/libexec/httpd/bozohttpd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Sun Feb 4 05:54:21 UTC 2024 Modified Files: src/libexec/httpd: bozohttpd.8 Log Message: note this documents bozohttpd 20240126. To generate a diff of this commit: cvs rdiff -u -r1.95 -r1.96 src/libexec/httpd/bozohttpd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.8 diff -u src/libexec/httpd/bozohttpd.8:1.95 src/libexec/httpd/bozohttpd.8:1.96 --- src/libexec/httpd/bozohttpd.8:1.95 Fri Feb 2 20:50:28 2024 +++ src/libexec/httpd/bozohttpd.8 Sun Feb 4 05:54:20 2024 @@ -1,4 +1,4 @@ -.\" $NetBSD: bozohttpd.8,v 1.95 2024/02/02 20:50:28 andvar Exp $ +.\" $NetBSD: bozohttpd.8,v 1.96 2024/02/04 05:54:20 mrg Exp $ .\" .\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $ .\" @@ -664,7 +664,7 @@ The focus has always been simplicity and and regular code audits. This manual documents .Nm -version 20230602. +version 20240126. .Sh AUTHORS .An -nosplit .Nm
CVS commit: src/libexec/httpd
Module Name:src Committed By: andvar Date: Fri Feb 2 20:50:28 UTC 2024 Modified Files: src/libexec/httpd: bozohttpd.8 Log Message: s/supressing/suppressing/. To generate a diff of this commit: cvs rdiff -u -r1.94 -r1.95 src/libexec/httpd/bozohttpd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.8 diff -u src/libexec/httpd/bozohttpd.8:1.94 src/libexec/httpd/bozohttpd.8:1.95 --- src/libexec/httpd/bozohttpd.8:1.94 Fri Jan 26 23:19:44 2024 +++ src/libexec/httpd/bozohttpd.8 Fri Feb 2 20:50:28 2024 @@ -1,4 +1,4 @@ -.\" $NetBSD: bozohttpd.8,v 1.94 2024/01/26 23:19:44 mrg Exp $ +.\" $NetBSD: bozohttpd.8,v 1.95 2024/02/02 20:50:28 andvar Exp $ .\" .\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $ .\" @@ -79,7 +79,7 @@ using the ftp facility (but see the .Fl s option for testing and the .Fl q -option for supressing this.) +option for suppressing this.) .Nm is designed to be small, simple and relatively featureless, hopefully increasing its security.
CVS commit: src/libexec/httpd
Module Name:src Committed By: andvar Date: Fri Feb 2 20:50:28 UTC 2024 Modified Files: src/libexec/httpd: bozohttpd.8 Log Message: s/supressing/suppressing/. To generate a diff of this commit: cvs rdiff -u -r1.94 -r1.95 src/libexec/httpd/bozohttpd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Fri Jan 26 23:19:44 UTC 2024 Modified Files: src/libexec/httpd: CHANGES bozohttpd.8 bozohttpd.c Log Message: add some missing changes and bump the version. To generate a diff of this commit: cvs rdiff -u -r1.54 -r1.55 src/libexec/httpd/CHANGES cvs rdiff -u -r1.93 -r1.94 src/libexec/httpd/bozohttpd.8 cvs rdiff -u -r1.145 -r1.146 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/CHANGES diff -u src/libexec/httpd/CHANGES:1.54 src/libexec/httpd/CHANGES:1.55 --- src/libexec/httpd/CHANGES:1.54 Wed Nov 2 20:38:21 2022 +++ src/libexec/httpd/CHANGES Fri Jan 26 23:19:44 2024 @@ -1,4 +1,12 @@ -$NetBSD: CHANGES,v 1.54 2022/11/02 20:38:21 andvar Exp $ +$NetBSD: CHANGES,v 1.55 2024/01/26 23:19:44 mrg Exp $ + +changes in bozohttpd 20240126: + o add some more default mime types. + o fix memory leaks. from shm. + o fix reading 2 bytes beyond '%', possibly not mapped. from shm. + o support openssl 3. from christos. + o add -q option to not log. from martin. + o fix default return value of bozo_set_defaults(), PR#54785. changes in bozohttpd 20220104: o remove obsolete .bzdirect handling. Index: src/libexec/httpd/bozohttpd.8 diff -u src/libexec/httpd/bozohttpd.8:1.93 src/libexec/httpd/bozohttpd.8:1.94 --- src/libexec/httpd/bozohttpd.8:1.93 Wed Jun 7 20:22:22 2023 +++ src/libexec/httpd/bozohttpd.8 Fri Jan 26 23:19:44 2024 @@ -1,8 +1,8 @@ -.\" $NetBSD: bozohttpd.8,v 1.93 2023/06/07 20:22:22 mrg Exp $ +.\" $NetBSD: bozohttpd.8,v 1.94 2024/01/26 23:19:44 mrg Exp $ .\" .\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $ .\" -.\" Copyright (c) 1997-2023 Matthew R. Green +.\" Copyright (c) 1997-2024 Matthew R. Green .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -26,7 +26,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd Sep 12, 2023 +.Dd Jan 26, 2024 .Dt BOZOHTTPD 8 .Os .Sh NAME @@ -670,7 +670,7 @@ version 20230602. .Nm was written by .An Matthew R. Green -.Aq Mt m...@eterna.com.au . +.Aq Mt m...@eterna23.net . .Pp The large list of contributors includes: .Bl -dash @@ -805,7 +805,7 @@ provided several clean up fixes, and man provided various fixes .It .An Tyler Retzlaff -.Aq Mt r...@eterna.com.au +.Aq Mt r...@eterna23.net provided SSL support, cgi-bin fixes and much other random other stuff .It .An rudolf @@ -860,7 +860,9 @@ There are probably others I have forgott Please send all updates to .Nm to -.Aq Mt m...@eterna.com.au +.Aq Mt m...@eterna23.net +or +.Aq Mt netbsd-b...@netbsd.org for inclusion in future releases. .Sh BUGS .Nm Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.145 src/libexec/httpd/bozohttpd.c:1.146 --- src/libexec/httpd/bozohttpd.c:1.145 Wed Sep 20 07:13:35 2023 +++ src/libexec/httpd/bozohttpd.c Fri Jan 26 23:19:44 2024 @@ -1,9 +1,9 @@ -/* $NetBSD: bozohttpd.c,v 1.145 2023/09/20 07:13:35 shm Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.146 2024/01/26 23:19:44 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ /* - * Copyright (c) 1997-2023 Matthew R. Green + * Copyright (c) 1997-2024 Matthew R. Green * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -108,7 +108,7 @@ #define INDEX_HTML "index.html" #endif #ifndef SERVER_SOFTWARE -#define SERVER_SOFTWARE "bozohttpd/20230602" +#define SERVER_SOFTWARE "bozohttpd/20240126" #endif #ifndef PUBLIC_HTML #define PUBLIC_HTML "public_html"
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Fri Jan 26 23:19:44 UTC 2024 Modified Files: src/libexec/httpd: CHANGES bozohttpd.8 bozohttpd.c Log Message: add some missing changes and bump the version. To generate a diff of this commit: cvs rdiff -u -r1.54 -r1.55 src/libexec/httpd/CHANGES cvs rdiff -u -r1.93 -r1.94 src/libexec/httpd/bozohttpd.8 cvs rdiff -u -r1.145 -r1.146 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: riastradh Date: Mon Dec 18 03:48:57 UTC 2023 Modified Files: src/libexec/httpd: ssl-bozo.c Log Message: httpd(8): Add missing newline to `SSL Error' messages. Matches the pattern in all other printf/syslog calls. XXX pullup-10 XXX pullup-9 XXX pullup-8 To generate a diff of this commit: cvs rdiff -u -r1.33 -r1.34 src/libexec/httpd/ssl-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/ssl-bozo.c diff -u src/libexec/httpd/ssl-bozo.c:1.33 src/libexec/httpd/ssl-bozo.c:1.34 --- src/libexec/httpd/ssl-bozo.c:1.33 Wed Jun 7 20:12:31 2023 +++ src/libexec/httpd/ssl-bozo.c Mon Dec 18 03:48:57 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: ssl-bozo.c,v 1.33 2023/06/07 20:12:31 mrg Exp $ */ +/* $NetBSD: ssl-bozo.c,v 1.34 2023/12/18 03:48:57 riastradh Exp $ */ /* $eterna: ssl-bozo.c,v 1.15 2011/11/18 09:21:15 mrg Exp $ */ @@ -129,6 +129,7 @@ bozo_clear_ssl_queue(bozohttpd_t *httpd) ERR_lib_error_string(sslcode), ERR_func_error_string(sslcode), ERR_reason_error_string(sslcode)); + fputs("\n", stderr); } else { syslog(LOG_ERR, sslfmt, ERR_lib_error_string(sslcode),
CVS commit: src/libexec/httpd
Module Name:src Committed By: riastradh Date: Mon Dec 18 03:48:57 UTC 2023 Modified Files: src/libexec/httpd: ssl-bozo.c Log Message: httpd(8): Add missing newline to `SSL Error' messages. Matches the pattern in all other printf/syslog calls. XXX pullup-10 XXX pullup-9 XXX pullup-8 To generate a diff of this commit: cvs rdiff -u -r1.33 -r1.34 src/libexec/httpd/ssl-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: shm Date: Wed Sep 20 08:41:35 UTC 2023 Modified Files: src/libexec/httpd: cgi-bozo.c Log Message: Removed unnecessary comment Thanks leot@ for pointing this out To generate a diff of this commit: cvs rdiff -u -r1.55 -r1.56 src/libexec/httpd/cgi-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/cgi-bozo.c diff -u src/libexec/httpd/cgi-bozo.c:1.55 src/libexec/httpd/cgi-bozo.c:1.56 --- src/libexec/httpd/cgi-bozo.c:1.55 Wed Sep 20 07:09:14 2023 +++ src/libexec/httpd/cgi-bozo.c Wed Sep 20 08:41:35 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: cgi-bozo.c,v 1.55 2023/09/20 07:09:14 shm Exp $ */ +/* $NetBSD: cgi-bozo.c,v 1.56 2023/09/20 08:41:35 shm Exp $ */ /* $eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $ */ @@ -654,7 +654,6 @@ bozo_process_cgi(bozo_httpreq_t *request /* CGI programs should perform their own timeouts */ while ((rbytes = bozo_read(httpd, STDIN_FILENO, buf, sizeof buf)) > 0) { ssize_t wbytes; - /* char *bp = buf; */ while (rbytes) { wbytes = write(sv[0], buf, (size_t)rbytes);
CVS commit: src/libexec/httpd
Module Name:src Committed By: shm Date: Wed Sep 20 08:41:35 UTC 2023 Modified Files: src/libexec/httpd: cgi-bozo.c Log Message: Removed unnecessary comment Thanks leot@ for pointing this out To generate a diff of this commit: cvs rdiff -u -r1.55 -r1.56 src/libexec/httpd/cgi-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: shm Date: Wed Sep 20 07:13:35 UTC 2023 Modified Files: src/libexec/httpd: bozohttpd.c Log Message: Fix off-by-one in bozo_decode_url_percent In case of strings that end with '%', debug function was reading past buffer. To generate a diff of this commit: cvs rdiff -u -r1.144 -r1.145 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.144 src/libexec/httpd/bozohttpd.c:1.145 --- src/libexec/httpd/bozohttpd.c:1.144 Thu Sep 7 06:40:56 2023 +++ src/libexec/httpd/bozohttpd.c Wed Sep 20 07:13:35 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.144 2023/09/07 06:40:56 shm Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.145 2023/09/20 07:13:35 shm Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -1564,9 +1564,14 @@ bozo_decode_url_percent(bozo_httpreq_t * *t++ = *s++; break; } - debug((httpd, DEBUG_EXPLODING, - "fu_%%: got s == %%, s[1]s[2] == %c%c", - s[1], s[2])); + if ([2] < end) + debug((httpd, DEBUG_EXPLODING, +"fu_%%: got s == %%, s[1]s[2] == %c%c", +s[1], s[2])); + else + debug((httpd, DEBUG_EXPLODING, + "fu_%%: got s == %%, s[1] == %c s[2] is not set", +s[1])); if (s[1] == '\0' || s[2] == '\0') return bozo_http_error(httpd, 400, request, "percent hack missing two chars afterwards");
CVS commit: src/libexec/httpd
Module Name:src Committed By: shm Date: Wed Sep 20 07:13:35 UTC 2023 Modified Files: src/libexec/httpd: bozohttpd.c Log Message: Fix off-by-one in bozo_decode_url_percent In case of strings that end with '%', debug function was reading past buffer. To generate a diff of this commit: cvs rdiff -u -r1.144 -r1.145 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: shm Date: Wed Sep 20 07:09:14 UTC 2023 Modified Files: src/libexec/httpd: cgi-bozo.c Log Message: Remove unused variable (bp) To generate a diff of this commit: cvs rdiff -u -r1.54 -r1.55 src/libexec/httpd/cgi-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: shm Date: Wed Sep 20 07:09:14 UTC 2023 Modified Files: src/libexec/httpd: cgi-bozo.c Log Message: Remove unused variable (bp) To generate a diff of this commit: cvs rdiff -u -r1.54 -r1.55 src/libexec/httpd/cgi-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/cgi-bozo.c diff -u src/libexec/httpd/cgi-bozo.c:1.54 src/libexec/httpd/cgi-bozo.c:1.55 --- src/libexec/httpd/cgi-bozo.c:1.54 Thu Apr 8 07:02:12 2021 +++ src/libexec/httpd/cgi-bozo.c Wed Sep 20 07:09:14 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: cgi-bozo.c,v 1.54 2021/04/08 07:02:12 rillig Exp $ */ +/* $NetBSD: cgi-bozo.c,v 1.55 2023/09/20 07:09:14 shm Exp $ */ /* $eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $ */ @@ -185,15 +185,13 @@ finish_cgi_output(bozohttpd_t *httpd, bo /* CGI programs should perform their own timeouts */ while ((rbytes = read(in, buf, sizeof buf)) > 0) { ssize_t wbytes; - char *bp = buf; while (rbytes) { wbytes = bozo_write(httpd, STDOUT_FILENO, buf, (size_t)rbytes); - if (wbytes > 0) { + if (wbytes > 0) rbytes -= wbytes; -bp += wbytes; - } else + else bozoerr(httpd, 1, "cgi output write failed: %s", strerror(errno)); @@ -656,14 +654,13 @@ bozo_process_cgi(bozo_httpreq_t *request /* CGI programs should perform their own timeouts */ while ((rbytes = bozo_read(httpd, STDIN_FILENO, buf, sizeof buf)) > 0) { ssize_t wbytes; - char *bp = buf; + /* char *bp = buf; */ while (rbytes) { wbytes = write(sv[0], buf, (size_t)rbytes); - if (wbytes > 0) { + if (wbytes > 0) rbytes -= wbytes; -bp += wbytes; - } else + else bozoerr(httpd, 1, "write failed: %s", strerror(errno)); }
CVS commit: src/libexec/httpd
Module Name:src Committed By: shm Date: Tue Sep 19 07:51:43 UTC 2023 Modified Files: src/libexec/httpd: auth-bozo.c Log Message: Fix hr_authrealm memory leak hr_authrealm might be already set, so we need to free it before overwriting the value To generate a diff of this commit: cvs rdiff -u -r1.27 -r1.28 src/libexec/httpd/auth-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/auth-bozo.c diff -u src/libexec/httpd/auth-bozo.c:1.27 src/libexec/httpd/auth-bozo.c:1.28 --- src/libexec/httpd/auth-bozo.c:1.27 Wed May 5 07:41:48 2021 +++ src/libexec/httpd/auth-bozo.c Tue Sep 19 07:51:43 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: auth-bozo.c,v 1.27 2021/05/05 07:41:48 mrg Exp $ */ +/* $NetBSD: auth-bozo.c,v 1.28 2023/09/19 07:51:43 shm Exp $ */ /* $eterna: auth-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $ */ @@ -67,6 +67,11 @@ bozo_auth_check(bozo_httpreq_t *request, if (bozo_check_special_files(request, basename, true)) return 1; } + + /* we might be called from cgi code again with the hr_authrealm + * already set */ + if (request->hr_authrealm) + free(request->hr_authrealm); request->hr_authrealm = bozostrdup(httpd, request, dir); if ((size_t)snprintf(authfile, sizeof(authfile), "%s/%s", dir,
CVS commit: src/libexec/httpd
Module Name:src Committed By: shm Date: Tue Sep 19 07:51:43 UTC 2023 Modified Files: src/libexec/httpd: auth-bozo.c Log Message: Fix hr_authrealm memory leak hr_authrealm might be already set, so we need to free it before overwriting the value To generate a diff of this commit: cvs rdiff -u -r1.27 -r1.28 src/libexec/httpd/auth-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: shm Date: Thu Sep 7 06:40:56 UTC 2023 Modified Files: src/libexec/httpd: bozohttpd.c Log Message: Fix memory leaks in bozo_cleanup To generate a diff of this commit: cvs rdiff -u -r1.143 -r1.144 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.143 src/libexec/httpd/bozohttpd.c:1.144 --- src/libexec/httpd/bozohttpd.c:1.143 Wed Jun 7 20:12:31 2023 +++ src/libexec/httpd/bozohttpd.c Thu Sep 7 06:40:56 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.143 2023/06/07 20:12:31 mrg Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.144 2023/09/07 06:40:56 shm Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -2728,6 +2728,11 @@ bozo_cleanup(bozohttpd_t *httpd, bozopre free(httpd->errorbuf); free(httpd->getln_buffer); free(httpd->slashdir); + free(httpd->bindport); + free(httpd->pidfile); + free(httpd->cgibin); + free(httpd->virtbase); + free(httpd->dynamic_content_map); #define bozo_unconst(x) ((void *)(uintptr_t)x) free(bozo_unconst(httpd->server_software)); free(bozo_unconst(httpd->index_html));
CVS commit: src/libexec/httpd
Module Name:src Committed By: shm Date: Thu Sep 7 06:40:56 UTC 2023 Modified Files: src/libexec/httpd: bozohttpd.c Log Message: Fix memory leaks in bozo_cleanup To generate a diff of this commit: cvs rdiff -u -r1.143 -r1.144 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Wed Jun 7 20:22:22 UTC 2023 Modified Files: src/libexec/httpd: bozohttpd.8 Log Message: add a note about how to setup http -> https redirection. bump documented version. To generate a diff of this commit: cvs rdiff -u -r1.92 -r1.93 src/libexec/httpd/bozohttpd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Wed Jun 7 20:22:22 UTC 2023 Modified Files: src/libexec/httpd: bozohttpd.8 Log Message: add a note about how to setup http -> https redirection. bump documented version. To generate a diff of this commit: cvs rdiff -u -r1.92 -r1.93 src/libexec/httpd/bozohttpd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.8 diff -u src/libexec/httpd/bozohttpd.8:1.92 src/libexec/httpd/bozohttpd.8:1.93 --- src/libexec/httpd/bozohttpd.8:1.92 Mon Sep 12 10:34:20 2022 +++ src/libexec/httpd/bozohttpd.8 Wed Jun 7 20:22:22 2023 @@ -1,8 +1,8 @@ -.\" $NetBSD: bozohttpd.8,v 1.92 2022/09/12 10:34:20 martin Exp $ +.\" $NetBSD: bozohttpd.8,v 1.93 2023/06/07 20:22:22 mrg Exp $ .\" .\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $ .\" -.\" Copyright (c) 1997-2022 Matthew R. Green +.\" Copyright (c) 1997-2023 Matthew R. Green .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -26,7 +26,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd Sep 12, 22 +.Dd Sep 12, 2023 .Dt BOZOHTTPD 8 .Os .Sh NAME @@ -524,6 +524,11 @@ To disable SSL SUPPORT compile with .Dq -DNO_SSL_SUPPORT on the compiler command line. +.Pp +To have an enforced redirect, such as http to https, create a shadow +directory root that contains a +.Pa .bzabsredirect +file that points to the real target. .Ss COMPRESSION .Nm supports a very basic form of compression. @@ -641,6 +646,7 @@ fi exit 1 .Ed + .Sh SEE ALSO .Xr inetd.conf 5 , .Xr inetd 8 @@ -658,7 +664,7 @@ The focus has always been simplicity and and regular code audits. This manual documents .Nm -version 20220517. +version 20230602. .Sh AUTHORS .An -nosplit .Nm
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Wed Jun 7 20:12:32 UTC 2023 Modified Files: src/libexec/httpd: bozohttpd.c content-bozo.c main.c ssl-bozo.c Log Message: serve .iso as "application/octet-stream". bump version & copyright. To generate a diff of this commit: cvs rdiff -u -r1.142 -r1.143 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.21 -r1.22 src/libexec/httpd/content-bozo.c cvs rdiff -u -r1.30 -r1.31 src/libexec/httpd/main.c cvs rdiff -u -r1.32 -r1.33 src/libexec/httpd/ssl-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Wed Jun 7 20:12:32 UTC 2023 Modified Files: src/libexec/httpd: bozohttpd.c content-bozo.c main.c ssl-bozo.c Log Message: serve .iso as "application/octet-stream". bump version & copyright. To generate a diff of this commit: cvs rdiff -u -r1.142 -r1.143 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.21 -r1.22 src/libexec/httpd/content-bozo.c cvs rdiff -u -r1.30 -r1.31 src/libexec/httpd/main.c cvs rdiff -u -r1.32 -r1.33 src/libexec/httpd/ssl-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.142 src/libexec/httpd/bozohttpd.c:1.143 --- src/libexec/httpd/bozohttpd.c:1.142 Mon Sep 12 10:30:39 2022 +++ src/libexec/httpd/bozohttpd.c Wed Jun 7 20:12:31 2023 @@ -1,9 +1,9 @@ -/* $NetBSD: bozohttpd.c,v 1.142 2022/09/12 10:30:39 martin Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.143 2023/06/07 20:12:31 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ /* - * Copyright (c) 1997-2022 Matthew R. Green + * Copyright (c) 1997-2023 Matthew R. Green * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -108,7 +108,7 @@ #define INDEX_HTML "index.html" #endif #ifndef SERVER_SOFTWARE -#define SERVER_SOFTWARE "bozohttpd/20220517" +#define SERVER_SOFTWARE "bozohttpd/20230602" #endif #ifndef PUBLIC_HTML #define PUBLIC_HTML "public_html" Index: src/libexec/httpd/content-bozo.c diff -u src/libexec/httpd/content-bozo.c:1.21 src/libexec/httpd/content-bozo.c:1.22 --- src/libexec/httpd/content-bozo.c:1.21 Tue May 31 06:34:33 2022 +++ src/libexec/httpd/content-bozo.c Wed Jun 7 20:12:31 2023 @@ -1,9 +1,9 @@ -/* $NetBSD: content-bozo.c,v 1.21 2022/05/31 06:34:33 mrg Exp $ */ +/* $NetBSD: content-bozo.c,v 1.22 2023/06/07 20:12:31 mrg Exp $ */ /* $eterna: content-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $ */ /* - * Copyright (c) 1997-2021 Matthew R. Green + * Copyright (c) 1997-2023 Matthew R. Green * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -198,6 +198,7 @@ static bozo_content_map_t static_content { ".vrml", "x-world/x-vrml", "", "", NULL }, { ".svg", "image/svg+xml", "", "", NULL }, { ".mobi", "application/x-mobipocket-ebook", "", "", NULL }, + { ".iso", "application/octet-stream", "", "", NULL }, { NULL, NULL, NULL, NULL, NULL } }; Index: src/libexec/httpd/main.c diff -u src/libexec/httpd/main.c:1.30 src/libexec/httpd/main.c:1.31 --- src/libexec/httpd/main.c:1.30 Mon Sep 12 10:30:39 2022 +++ src/libexec/httpd/main.c Wed Jun 7 20:12:31 2023 @@ -1,10 +1,10 @@ -/* $NetBSD: main.c,v 1.30 2022/09/12 10:30:39 martin Exp $ */ +/* $NetBSD: main.c,v 1.31 2023/06/07 20:12:31 mrg Exp $ */ /* $eterna: main.c,v 1.6 2011/11/18 09:21:15 mrg Exp $ */ /* from: eterna: bozohttpd.c,v 1.159 2009/05/23 02:14:30 mrg Exp */ /* - * Copyright (c) 1997-2021 Matthew R. Green + * Copyright (c) 1997-2023 Matthew R. Green * All rights reserved. * * Redistribution and use in source and binary forms, with or without Index: src/libexec/httpd/ssl-bozo.c diff -u src/libexec/httpd/ssl-bozo.c:1.32 src/libexec/httpd/ssl-bozo.c:1.33 --- src/libexec/httpd/ssl-bozo.c:1.32 Mon Sep 12 10:30:39 2022 +++ src/libexec/httpd/ssl-bozo.c Wed Jun 7 20:12:31 2023 @@ -1,9 +1,9 @@ -/* $NetBSD: ssl-bozo.c,v 1.32 2022/09/12 10:30:39 martin Exp $ */ +/* $NetBSD: ssl-bozo.c,v 1.33 2023/06/07 20:12:31 mrg Exp $ */ /* $eterna: ssl-bozo.c,v 1.15 2011/11/18 09:21:15 mrg Exp $ */ /* - * Copyright (c) 1997-2020 Matthew R. Green + * Copyright (c) 1997-2023 Matthew R. Green * All rights reserved. * * Redistribution and use in source and binary forms, with or without
CVS commit: src/libexec/httpd/libbozohttpd
Module Name:src Committed By: christos Date: Tue May 9 13:07:44 UTC 2023 Modified Files: src/libexec/httpd/libbozohttpd: Makefile Log Message: Deal with OpenSSL-3.x To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 src/libexec/httpd/libbozohttpd/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/libbozohttpd/Makefile diff -u src/libexec/httpd/libbozohttpd/Makefile:1.3 src/libexec/httpd/libbozohttpd/Makefile:1.4 --- src/libexec/httpd/libbozohttpd/Makefile:1.3 Sun May 21 11:28:41 2017 +++ src/libexec/httpd/libbozohttpd/Makefile Tue May 9 09:07:43 2023 @@ -24,4 +24,6 @@ INCSDIR= /usr/include LDADD+= -lssl -lcrypto DPADD+= ${LIBSSL} ${LIBCRYPTO} +COPTS.ssl-bozo.c+= -Wno-error=deprecated-declarations + .include
CVS commit: src/libexec/httpd/libbozohttpd
Module Name:src Committed By: christos Date: Tue May 9 13:07:44 UTC 2023 Modified Files: src/libexec/httpd/libbozohttpd: Makefile Log Message: Deal with OpenSSL-3.x To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 src/libexec/httpd/libbozohttpd/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: christos Date: Tue May 9 01:47:21 UTC 2023 Modified Files: src/libexec/httpd: Makefile Log Message: accommodate OpenSSL-3.x To generate a diff of this commit: cvs rdiff -u -r1.31 -r1.32 src/libexec/httpd/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/Makefile diff -u src/libexec/httpd/Makefile:1.31 src/libexec/httpd/Makefile:1.32 --- src/libexec/httpd/Makefile:1.31 Sat Feb 27 23:18:46 2021 +++ src/libexec/httpd/Makefile Mon May 8 21:47:21 2023 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.31 2021/02/28 04:18:46 mrg Exp $ +# $NetBSD: Makefile,v 1.32 2023/05/09 01:47:21 christos Exp $ # # $eterna: Makefile,v 1.30 2010/07/11 00:34:27 mrg Exp $ # @@ -33,6 +33,8 @@ SRCS= bozohttpd.c ssl-bozo.c auth-bozo.c tilde-luzah-bozo.c dir-index-bozo.c content-bozo.c lua-bozo.c SRCS+= main.c +COPTS.ssl-bozo.c+=-Wno-error=deprecated-declarations + LDADD= -lblocklist -lcrypt -llua -lm DPADD= ${LIBBLOCKLIST} ${LIBCRYPT} ${LIBLUA} ${LIBM}
CVS commit: src/libexec/httpd
Module Name:src Committed By: christos Date: Tue May 9 01:47:21 UTC 2023 Modified Files: src/libexec/httpd: Makefile Log Message: accommodate OpenSSL-3.x To generate a diff of this commit: cvs rdiff -u -r1.31 -r1.32 src/libexec/httpd/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: martin Date: Mon Sep 12 10:34:20 UTC 2022 Modified Files: src/libexec/httpd: bozohttpd.8 Log Message: Document the -q option. To generate a diff of this commit: cvs rdiff -u -r1.91 -r1.92 src/libexec/httpd/bozohttpd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.8 diff -u src/libexec/httpd/bozohttpd.8:1.91 src/libexec/httpd/bozohttpd.8:1.92 --- src/libexec/httpd/bozohttpd.8:1.91 Wed May 18 00:37:11 2022 +++ src/libexec/httpd/bozohttpd.8 Mon Sep 12 10:34:20 2022 @@ -1,4 +1,4 @@ -.\" $NetBSD: bozohttpd.8,v 1.91 2022/05/18 00:37:11 mrg Exp $ +.\" $NetBSD: bozohttpd.8,v 1.92 2022/09/12 10:34:20 martin Exp $ .\" .\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $ .\" @@ -26,7 +26,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd May 24, 17 +.Dd Sep 12, 22 .Dt BOZOHTTPD 8 .Os .Sh NAME @@ -34,7 +34,7 @@ .Nd hyper text transfer protocol version 1.1 daemon .Sh SYNOPSIS .Nm -.Op Fl EGHVXdefhnsu +.Op Fl EGHVXdefhnqsu .Op Fl C Ar suffix cgihandler .Op Fl I Ar port .Op Fl L Ar prefix script @@ -77,7 +77,9 @@ writes logs to .Xr syslog 3 using the ftp facility (but see the .Fl s -option for testing.) +option for testing and the +.Fl q +option for supressing this.) .Nm is designed to be small, simple and relatively featureless, hopefully increasing its security. @@ -256,6 +258,8 @@ translations from .Dq public_html to .Ar pubdir . +.It Fl q +Quiet mode - no log entries generated. .It Fl R Ar readme When directory indexing is enabled, include the contents of the file .Ar readme
CVS commit: src/libexec/httpd
Module Name:src Committed By: martin Date: Mon Sep 12 10:34:20 UTC 2022 Modified Files: src/libexec/httpd: bozohttpd.8 Log Message: Document the -q option. To generate a diff of this commit: cvs rdiff -u -r1.91 -r1.92 src/libexec/httpd/bozohttpd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: martin Date: Mon Sep 12 10:30:39 UTC 2022 Modified Files: src/libexec/httpd: bozohttpd.c bozohttpd.h main.c ssl-bozo.c Log Message: Add a -q option to make http quiet (no log messages). Usefull when running multiple instances and some for (high traffic) APIs e.g. to receive log data from appliences - it makes not sense to duplicate the whole log in the xferlog file (but we can't configure that at the syslog level due to other httpd instances using that). To generate a diff of this commit: cvs rdiff -u -r1.141 -r1.142 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.72 -r1.73 src/libexec/httpd/bozohttpd.h cvs rdiff -u -r1.29 -r1.30 src/libexec/httpd/main.c cvs rdiff -u -r1.31 -r1.32 src/libexec/httpd/ssl-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.141 src/libexec/httpd/bozohttpd.c:1.142 --- src/libexec/httpd/bozohttpd.c:1.141 Wed May 18 00:37:11 2022 +++ src/libexec/httpd/bozohttpd.c Mon Sep 12 10:30:39 2022 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.141 2022/05/18 00:37:11 mrg Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.142 2022/09/12 10:30:39 martin Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -2022,11 +2022,13 @@ debug__(bozohttpd_t *httpd, int level, c savederrno = errno; va_start(ap, fmt); - if (httpd->logstderr) { - vfprintf(stderr, fmt, ap); - fputs("\n", stderr); - } else - vsyslog(LOG_DEBUG, fmt, ap); + if (!httpd->nolog) { + if (httpd->logstderr) { + vfprintf(stderr, fmt, ap); + fputs("\n", stderr); + } else + vsyslog(LOG_DEBUG, fmt, ap); + } va_end(ap); errno = savederrno; } @@ -2039,12 +2041,14 @@ bozowarn(bozohttpd_t *httpd, const char va_list ap; va_start(ap, fmt); - if (httpd->logstderr || isatty(STDERR_FILENO)) { - //fputs("warning: ", stderr); - vfprintf(stderr, fmt, ap); - fputs("\n", stderr); - } else - vsyslog(LOG_INFO, fmt, ap); + if (!httpd->nolog) { + if (httpd->logstderr || isatty(STDERR_FILENO)) { + //fputs("warning: ", stderr); + vfprintf(stderr, fmt, ap); + fputs("\n", stderr); + } else + vsyslog(LOG_INFO, fmt, ap); + } va_end(ap); } @@ -2054,12 +2058,14 @@ bozoerr(bozohttpd_t *httpd, int code, co va_list ap; va_start(ap, fmt); - if (httpd->logstderr || isatty(STDERR_FILENO)) { - //fputs("error: ", stderr); - vfprintf(stderr, fmt, ap); - fputs("\n", stderr); - } else - vsyslog(LOG_ERR, fmt, ap); + if (!httpd->nolog) { + if (httpd->logstderr || isatty(STDERR_FILENO)) { + //fputs("error: ", stderr); + vfprintf(stderr, fmt, ap); + fputs("\n", stderr); + } else + vsyslog(LOG_ERR, fmt, ap); + } va_end(ap); exit(code); } @@ -2591,6 +2597,10 @@ bozo_setup(bozohttpd_t *httpd, bozoprefs strcmp(cp, "true") == 0) { httpd->logstderr = 1; } + if ((cp = bozo_get_pref(prefs, "no log")) != NULL && + strcmp(cp, "true") == 0) { + httpd->nolog = 1; + } if ((cp = bozo_get_pref(prefs, "bind address")) != NULL) { httpd->bindaddress = bozostrdup(httpd, NULL, cp); } Index: src/libexec/httpd/bozohttpd.h diff -u src/libexec/httpd/bozohttpd.h:1.72 src/libexec/httpd/bozohttpd.h:1.73 --- src/libexec/httpd/bozohttpd.h:1.72 Wed May 18 00:37:11 2022 +++ src/libexec/httpd/bozohttpd.h Mon Sep 12 10:30:39 2022 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.h,v 1.72 2022/05/18 00:37:11 mrg Exp $ */ +/* $NetBSD: bozohttpd.h,v 1.73 2022/09/12 10:30:39 martin Exp $ */ /* $eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $ */ @@ -103,6 +103,7 @@ typedef struct bozohttpd_t { char *virtbase; /* virtual directory base */ int unknown_slash; /* unknown vhosts go to normal slashdir */ int logstderr; /* log to stderr (even if not tty) */ + int nolog; /* do not log anything */ int background; /* drop into daemon mode */ int foreground; /* keep daemon mode in foreground */ char *pidfile; /* path to the pid file, if any */ Index: src/libexec/httpd/main.c diff -u src/libexec/httpd/main.c:1.29 src/libexec/httpd/main.c:1.30 --- src/libexec/httpd/main.c:1.29 Tue Aug 24 09:47:36 2021 +++ src/libexec/httpd/main.c Mon Sep 12 10:30:39 2022 @@ -1,4 +1,4 @@ -/* $NetBSD: main.c,v 1.29 2021/08/24 09:47:36 mrg Exp $ */ +/* $NetBSD: main.c,v 1.30 2022/09/12 10:30:39 martin Exp $ */ /* $eterna: main.c,v 1.6 2011/11/18 09:21:15 mrg Exp $ */ /* from: eterna: bozohttpd.c,v 1.159 2009/05/23 02:14:30 mrg Exp */ @@ -102,6 +102,8 @@ usage(bozohttpd_t *httpd, char *progname bozowarn(httpd, " -P pidfile\t\tpid file path"); if (have_user) bozowarn(httpd, " -p dir\t\t\"public_html\" directory name"); + if (have_core) + bozowarn(httpd, " -q\t\tquiet mode, no logging"); if (have_dirindex) bozowarn(httpd, " -R readme\t\tput readme file in footer " "of directory index"); @@ -164,7 +166,7 @@ main(int argc, char **argv) */ while ((c =
CVS commit: src/libexec/httpd
Module Name:src Committed By: martin Date: Mon Sep 12 10:30:39 UTC 2022 Modified Files: src/libexec/httpd: bozohttpd.c bozohttpd.h main.c ssl-bozo.c Log Message: Add a -q option to make http quiet (no log messages). Usefull when running multiple instances and some for (high traffic) APIs e.g. to receive log data from appliences - it makes not sense to duplicate the whole log in the xferlog file (but we can't configure that at the syslog level due to other httpd instances using that). To generate a diff of this commit: cvs rdiff -u -r1.141 -r1.142 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.72 -r1.73 src/libexec/httpd/bozohttpd.h cvs rdiff -u -r1.29 -r1.30 src/libexec/httpd/main.c cvs rdiff -u -r1.31 -r1.32 src/libexec/httpd/ssl-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Tue May 31 06:34:33 UTC 2022 Modified Files: src/libexec/httpd: content-bozo.c Log Message: add .mobi / application/x-mobipocket-ebook. To generate a diff of this commit: cvs rdiff -u -r1.20 -r1.21 src/libexec/httpd/content-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/content-bozo.c diff -u src/libexec/httpd/content-bozo.c:1.20 src/libexec/httpd/content-bozo.c:1.21 --- src/libexec/httpd/content-bozo.c:1.20 Sat Feb 27 12:55:25 2021 +++ src/libexec/httpd/content-bozo.c Tue May 31 06:34:33 2022 @@ -1,4 +1,4 @@ -/* $NetBSD: content-bozo.c,v 1.20 2021/02/27 12:55:25 mrg Exp $ */ +/* $NetBSD: content-bozo.c,v 1.21 2022/05/31 06:34:33 mrg Exp $ */ /* $eterna: content-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $ */ @@ -197,6 +197,7 @@ static bozo_content_map_t static_content { ".wrl", "x-world/x-vrml", "", "", NULL }, { ".vrml", "x-world/x-vrml", "", "", NULL }, { ".svg", "image/svg+xml", "", "", NULL }, + { ".mobi", "application/x-mobipocket-ebook", "", "", NULL }, { NULL, NULL, NULL, NULL, NULL } };
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Tue May 31 06:34:33 UTC 2022 Modified Files: src/libexec/httpd: content-bozo.c Log Message: add .mobi / application/x-mobipocket-ebook. To generate a diff of this commit: cvs rdiff -u -r1.20 -r1.21 src/libexec/httpd/content-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Wed May 18 00:37:11 UTC 2022 Modified Files: src/libexec/httpd: bozohttpd.8 bozohttpd.c bozohttpd.h dir-index-bozo.c Log Message: call this bozohttpd 20220517. To generate a diff of this commit: cvs rdiff -u -r1.90 -r1.91 src/libexec/httpd/bozohttpd.8 cvs rdiff -u -r1.140 -r1.141 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.71 -r1.72 src/libexec/httpd/bozohttpd.h cvs rdiff -u -r1.35 -r1.36 src/libexec/httpd/dir-index-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.8 diff -u src/libexec/httpd/bozohttpd.8:1.90 src/libexec/httpd/bozohttpd.8:1.91 --- src/libexec/httpd/bozohttpd.8:1.90 Tue Jan 4 06:08:14 2022 +++ src/libexec/httpd/bozohttpd.8 Wed May 18 00:37:11 2022 @@ -1,8 +1,8 @@ -.\" $NetBSD: bozohttpd.8,v 1.90 2022/01/04 06:08:14 kim Exp $ +.\" $NetBSD: bozohttpd.8,v 1.91 2022/05/18 00:37:11 mrg Exp $ .\" .\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $ .\" -.\" Copyright (c) 1997-2021 Matthew R. Green +.\" Copyright (c) 1997-2022 Matthew R. Green .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -26,7 +26,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd August 24, 2021 +.Dd May 24, 17 .Dt BOZOHTTPD 8 .Os .Sh NAME @@ -654,7 +654,7 @@ The focus has always been simplicity and and regular code audits. This manual documents .Nm -version 20220104. +version 20220517. .Sh AUTHORS .An -nosplit .Nm Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.140 src/libexec/httpd/bozohttpd.c:1.141 --- src/libexec/httpd/bozohttpd.c:1.140 Sun Apr 10 09:50:44 2022 +++ src/libexec/httpd/bozohttpd.c Wed May 18 00:37:11 2022 @@ -1,9 +1,9 @@ -/* $NetBSD: bozohttpd.c,v 1.140 2022/04/10 09:50:44 andvar Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.141 2022/05/18 00:37:11 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ /* - * Copyright (c) 1997-2021 Matthew R. Green + * Copyright (c) 1997-2022 Matthew R. Green * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -108,7 +108,7 @@ #define INDEX_HTML "index.html" #endif #ifndef SERVER_SOFTWARE -#define SERVER_SOFTWARE "bozohttpd/20220104" +#define SERVER_SOFTWARE "bozohttpd/20220517" #endif #ifndef PUBLIC_HTML #define PUBLIC_HTML "public_html" Index: src/libexec/httpd/bozohttpd.h diff -u src/libexec/httpd/bozohttpd.h:1.71 src/libexec/httpd/bozohttpd.h:1.72 --- src/libexec/httpd/bozohttpd.h:1.71 Tue Jan 4 06:08:14 2022 +++ src/libexec/httpd/bozohttpd.h Wed May 18 00:37:11 2022 @@ -1,9 +1,9 @@ -/* $NetBSD: bozohttpd.h,v 1.71 2022/01/04 06:08:14 kim Exp $ */ +/* $NetBSD: bozohttpd.h,v 1.72 2022/05/18 00:37:11 mrg Exp $ */ /* $eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $ */ /* - * Copyright (c) 1997-2021 Matthew R. Green + * Copyright (c) 1997-2022 Matthew R. Green * All rights reserved. * * Redistribution and use in source and binary forms, with or without Index: src/libexec/httpd/dir-index-bozo.c diff -u src/libexec/httpd/dir-index-bozo.c:1.35 src/libexec/httpd/dir-index-bozo.c:1.36 --- src/libexec/httpd/dir-index-bozo.c:1.35 Mon Mar 14 05:06:59 2022 +++ src/libexec/httpd/dir-index-bozo.c Wed May 18 00:37:11 2022 @@ -1,9 +1,9 @@ -/* $NetBSD: dir-index-bozo.c,v 1.35 2022/03/14 05:06:59 mrg Exp $ */ +/* $NetBSD: dir-index-bozo.c,v 1.36 2022/05/18 00:37:11 mrg Exp $ */ /* $eterna: dir-index-bozo.c,v 1.20 2011/11/18 09:21:15 mrg Exp $ */ /* - * Copyright (c) 1997-2020 Matthew R. Green + * Copyright (c) 1997-2022 Matthew R. Green * All rights reserved. * * Redistribution and use in source and binary forms, with or without
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Wed May 18 00:37:11 UTC 2022 Modified Files: src/libexec/httpd: bozohttpd.8 bozohttpd.c bozohttpd.h dir-index-bozo.c Log Message: call this bozohttpd 20220517. To generate a diff of this commit: cvs rdiff -u -r1.90 -r1.91 src/libexec/httpd/bozohttpd.8 cvs rdiff -u -r1.140 -r1.141 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.71 -r1.72 src/libexec/httpd/bozohttpd.h cvs rdiff -u -r1.35 -r1.36 src/libexec/httpd/dir-index-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Mon Mar 14 05:58:36 UTC 2022 Modified Files: src/libexec/httpd: bozohttpd.c Log Message: in bozo_init_prefs(), default to returning 1 (success) and if a bozo_set_pref() fails, return 0 instead. fixes PR#54785 but with a different patch. To generate a diff of this commit: cvs rdiff -u -r1.138 -r1.139 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Mon Mar 14 05:58:36 UTC 2022 Modified Files: src/libexec/httpd: bozohttpd.c Log Message: in bozo_init_prefs(), default to returning 1 (success) and if a bozo_set_pref() fails, return 0 instead. fixes PR#54785 but with a different patch. To generate a diff of this commit: cvs rdiff -u -r1.138 -r1.139 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.138 src/libexec/httpd/bozohttpd.c:1.139 --- src/libexec/httpd/bozohttpd.c:1.138 Tue Jan 4 06:08:14 2022 +++ src/libexec/httpd/bozohttpd.c Mon Mar 14 05:58:36 2022 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.138 2022/01/04 06:08:14 kim Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.139 2022/03/14 05:58:36 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -2520,26 +2520,26 @@ bozo_init_httpd(bozohttpd_t *httpd) int bozo_init_prefs(bozohttpd_t *httpd, bozoprefs_t *prefs) { - int rv = 0; + int rv = 1; /* make sure everything is clean */ (void) memset(prefs, 0x0, sizeof(*prefs)); /* set up default values */ if (!bozo_set_pref(httpd, prefs, "server software", SERVER_SOFTWARE)) - rv = 1; + rv = 0; if (!bozo_set_pref(httpd, prefs, "index.html", INDEX_HTML)) - rv = 1; + rv = 0; if (!bozo_set_pref(httpd, prefs, "public_html", PUBLIC_HTML)) - rv = 1; + rv = 0; if (!bozo_set_pref(httpd, prefs, "ssl timeout", SSL_TIMEOUT)) - rv = 1; + rv = 0; if (!bozo_set_pref(httpd, prefs, "initial timeout", INITIAL_TIMEOUT)) - rv = 1; + rv = 0; if (!bozo_set_pref(httpd, prefs, "header timeout", HEADER_WAIT_TIME)) - rv = 1; + rv = 0; if (!bozo_set_pref(httpd, prefs, "request timeout", TOTAL_MAX_REQ_TIME)) - rv = 1; + rv = 0; return rv; }
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Mon Mar 14 05:06:59 UTC 2022 Modified Files: src/libexec/httpd: dir-index-bozo.c Log Message: check for scandir() returning -1. should handle PR#56358. To generate a diff of this commit: cvs rdiff -u -r1.34 -r1.35 src/libexec/httpd/dir-index-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/dir-index-bozo.c diff -u src/libexec/httpd/dir-index-bozo.c:1.34 src/libexec/httpd/dir-index-bozo.c:1.35 --- src/libexec/httpd/dir-index-bozo.c:1.34 Thu Oct 15 02:19:23 2020 +++ src/libexec/httpd/dir-index-bozo.c Mon Mar 14 05:06:59 2022 @@ -1,4 +1,4 @@ -/* $NetBSD: dir-index-bozo.c,v 1.34 2020/10/15 02:19:23 mrg Exp $ */ +/* $NetBSD: dir-index-bozo.c,v 1.35 2022/03/14 05:06:59 mrg Exp $ */ /* $eterna: dir-index-bozo.c,v 1.20 2011/11/18 09:21:15 mrg Exp $ */ @@ -141,7 +141,7 @@ bozo_dir_index(bozo_httpreq_t *request, "\r\n"); for (j = k = scandir(dirpath, , NULL, alphasort), deo = de; - j--; de++) { + j-- > 0; de++) { int nostat = 0; char *name = (*de)->d_name; char *urlname, *htmlname;
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Mon Mar 14 05:06:59 UTC 2022 Modified Files: src/libexec/httpd: dir-index-bozo.c Log Message: check for scandir() returning -1. should handle PR#56358. To generate a diff of this commit: cvs rdiff -u -r1.34 -r1.35 src/libexec/httpd/dir-index-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: kim Date: Tue Jan 4 06:08:14 UTC 2022 Modified Files: src/libexec/httpd: CHANGES bozohttpd.8 bozohttpd.c bozohttpd.h Log Message: bozohttpd: remove obsolete .bzdirect handling OK mrg@ To generate a diff of this commit: cvs rdiff -u -r1.52 -r1.53 src/libexec/httpd/CHANGES cvs rdiff -u -r1.89 -r1.90 src/libexec/httpd/bozohttpd.8 cvs rdiff -u -r1.137 -r1.138 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.70 -r1.71 src/libexec/httpd/bozohttpd.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/CHANGES diff -u src/libexec/httpd/CHANGES:1.52 src/libexec/httpd/CHANGES:1.53 --- src/libexec/httpd/CHANGES:1.52 Fri Sep 3 21:54:59 2021 +++ src/libexec/httpd/CHANGES Tue Jan 4 06:08:14 2022 @@ -1,4 +1,7 @@ -$NetBSD: CHANGES,v 1.52 2021/09/03 21:54:59 andvar Exp $ +$NetBSD: CHANGES,v 1.53 2022/01/04 06:08:14 kim Exp $ + +changes in bozohttpd 20220104: + o remove obsolete .bzdirect handling. changes in bozohttpd 20210824: o new "-m tlsversion" option to set the minimum TLS version Index: src/libexec/httpd/bozohttpd.8 diff -u src/libexec/httpd/bozohttpd.8:1.89 src/libexec/httpd/bozohttpd.8:1.90 --- src/libexec/httpd/bozohttpd.8:1.89 Tue Aug 24 09:47:36 2021 +++ src/libexec/httpd/bozohttpd.8 Tue Jan 4 06:08:14 2022 @@ -1,4 +1,4 @@ -.\" $NetBSD: bozohttpd.8,v 1.89 2021/08/24 09:47:36 mrg Exp $ +.\" $NetBSD: bozohttpd.8,v 1.90 2022/01/04 06:08:14 kim Exp $ .\" .\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $ .\" @@ -532,14 +532,9 @@ the client did not make a ranged request .Nm looks for a couple of special files in directories that allow certain features to be provided on a per-directory basis. -In addition to the +The .Pa .htpasswd -used by HTTP basic authorization, -if a -.Pa .bzdirect -file is found (contents are irrelevant) -.Nm -will allow direct access. +file is used by HTTP basic authorization. If a .Pa .bzredirect symbolic link is found, @@ -659,7 +654,7 @@ The focus has always been simplicity and and regular code audits. This manual documents .Nm -version 20210824. +version 20220104. .Sh AUTHORS .An -nosplit .Nm @@ -826,6 +821,12 @@ enhanced cgi-bin support .Aq Mt jo...@netbsd.org implemented If-Modified-Since support .It +.An Kimmo Suominen +.Aq Mt k...@netbsd.org +removed obsolete +.Pa .bzdirect +handling +.It .An ISIHARA Takanori .Aq Mt is...@oak.dti.ne.jp provided a man page fix Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.137 src/libexec/httpd/bozohttpd.c:1.138 --- src/libexec/httpd/bozohttpd.c:1.137 Fri Dec 10 20:36:02 2021 +++ src/libexec/httpd/bozohttpd.c Tue Jan 4 06:08:14 2022 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.137 2021/12/10 20:36:02 andvar Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.138 2022/01/04 06:08:14 kim Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -108,7 +108,7 @@ #define INDEX_HTML "index.html" #endif #ifndef SERVER_SOFTWARE -#define SERVER_SOFTWARE "bozohttpd/20210824" +#define SERVER_SOFTWARE "bozohttpd/20220104" #endif #ifndef PUBLIC_HTML #define PUBLIC_HTML "public_html" @@ -177,7 +177,6 @@ struct { const char *file; const char *name; } specials[] = { - { DIRECT_ACCESS_FILE, "rejected direct access request" }, { REDIRECT_FILE, "rejected redirect request" }, { ABSREDIRECT_FILE, "rejected absredirect request" }, { REMAP_FILE, "rejected remap request" }, Index: src/libexec/httpd/bozohttpd.h diff -u src/libexec/httpd/bozohttpd.h:1.70 src/libexec/httpd/bozohttpd.h:1.71 --- src/libexec/httpd/bozohttpd.h:1.70 Tue Aug 24 09:47:36 2021 +++ src/libexec/httpd/bozohttpd.h Tue Jan 4 06:08:14 2022 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.h,v 1.70 2021/08/24 09:47:36 mrg Exp $ */ +/* $NetBSD: bozohttpd.h,v 1.71 2022/01/04 06:08:14 kim Exp $ */ /* $eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $ */ @@ -267,9 +267,6 @@ void debug__(bozohttpd_t *, int, const c * bozo_check_special_files() */ -#ifndef DIRECT_ACCESS_FILE -#define DIRECT_ACCESS_FILE ".bzdirect" -#endif #ifndef REDIRECT_FILE #define REDIRECT_FILE ".bzredirect" #endif
CVS commit: src/libexec/httpd
Module Name:src Committed By: kim Date: Tue Jan 4 06:08:14 UTC 2022 Modified Files: src/libexec/httpd: CHANGES bozohttpd.8 bozohttpd.c bozohttpd.h Log Message: bozohttpd: remove obsolete .bzdirect handling OK mrg@ To generate a diff of this commit: cvs rdiff -u -r1.52 -r1.53 src/libexec/httpd/CHANGES cvs rdiff -u -r1.89 -r1.90 src/libexec/httpd/bozohttpd.8 cvs rdiff -u -r1.137 -r1.138 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.70 -r1.71 src/libexec/httpd/bozohttpd.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Tue Aug 24 09:53:26 UTC 2021 Modified Files: src/libexec/httpd: CHANGES ssl-bozo.c Log Message: extend the list of available ciphers to include most of the openssl "HIGH" with some additional disables. retain the current list of bad options. should deal with PR#51278. To generate a diff of this commit: cvs rdiff -u -r1.50 -r1.51 src/libexec/httpd/CHANGES cvs rdiff -u -r1.30 -r1.31 src/libexec/httpd/ssl-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/CHANGES diff -u src/libexec/httpd/CHANGES:1.50 src/libexec/httpd/CHANGES:1.51 --- src/libexec/httpd/CHANGES:1.50 Tue Aug 24 09:47:36 2021 +++ src/libexec/httpd/CHANGES Tue Aug 24 09:53:26 2021 @@ -1,8 +1,11 @@ -$NetBSD: CHANGES,v 1.50 2021/08/24 09:47:36 mrg Exp $ +$NetBSD: CHANGES,v 1.51 2021/08/24 09:53:26 mrg Exp $ changes in bozohttpd 20210824: o new "-m tlsversion" option to set the minimum TLS version available. partially from . + o extend the list of available ciphers to include most of the + openssl "HIGH" with some additional disables. retain the current + list of bad options. should deal with PR#51278. changes in bozohttpd 20210504: o don't assume host BUFSIZ is sufficent. small BUFSIZ leads to Index: src/libexec/httpd/ssl-bozo.c diff -u src/libexec/httpd/ssl-bozo.c:1.30 src/libexec/httpd/ssl-bozo.c:1.31 --- src/libexec/httpd/ssl-bozo.c:1.30 Tue Aug 24 09:47:36 2021 +++ src/libexec/httpd/ssl-bozo.c Tue Aug 24 09:53:26 2021 @@ -1,4 +1,4 @@ -/* $NetBSD: ssl-bozo.c,v 1.30 2021/08/24 09:47:36 mrg Exp $ */ +/* $NetBSD: ssl-bozo.c,v 1.31 2021/08/24 09:53:26 mrg Exp $ */ /* $eterna: ssl-bozo.c,v 1.15 2011/11/18 09:21:15 mrg Exp $ */ @@ -51,10 +51,15 @@ #ifndef BOZO_SSL_CIPHERS #define BOZO_SSL_CIPHERS \ - "AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:" \ - "AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:" \ - "AES:" \ - "-SHA:" \ + "HIGH:" \ + "-SHA:-ADH:" \ + "-PSK-AES128-CCM:-PSK-AES256-CCM:" \ + "-DHE-PSK-AES128-CCM8:-DHE-PSK-AES256-CCM8:" \ + "-AES128-CCM8:-AES256-CCM8:"\ + "-DHE-RSA-AES128-CCM8:-DHE-RSA-AES256-CCM8:" \ + "-PSK-AES128-CCM8:-PSK-AES256-CCM8:" \ + "-CAMELLIA128:-CAMELLIA256:"\ + "-RSA-PSK-CHACHA20-POLY1305:"\ "!aNULL:!eNULL:" \ "!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:" \ "!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:" \
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Tue Aug 24 09:53:26 UTC 2021 Modified Files: src/libexec/httpd: CHANGES ssl-bozo.c Log Message: extend the list of available ciphers to include most of the openssl "HIGH" with some additional disables. retain the current list of bad options. should deal with PR#51278. To generate a diff of this commit: cvs rdiff -u -r1.50 -r1.51 src/libexec/httpd/CHANGES cvs rdiff -u -r1.30 -r1.31 src/libexec/httpd/ssl-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Tue Aug 24 09:47:36 UTC 2021 Modified Files: src/libexec/httpd: CHANGES bozohttpd.8 bozohttpd.c bozohttpd.h main.c ssl-bozo.c Log Message: implement tls minimum version setting. mostly from su...@nimmagadda.net in PR#55830, though i moved the member into the main http structure, so that it doesn't trigger sslinfo being allocated via command line without the rest of the ssl being setup (which then leads to crashes.) To generate a diff of this commit: cvs rdiff -u -r1.49 -r1.50 src/libexec/httpd/CHANGES cvs rdiff -u -r1.88 -r1.89 src/libexec/httpd/bozohttpd.8 cvs rdiff -u -r1.135 -r1.136 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.69 -r1.70 src/libexec/httpd/bozohttpd.h cvs rdiff -u -r1.28 -r1.29 src/libexec/httpd/main.c cvs rdiff -u -r1.29 -r1.30 src/libexec/httpd/ssl-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/CHANGES diff -u src/libexec/httpd/CHANGES:1.49 src/libexec/httpd/CHANGES:1.50 --- src/libexec/httpd/CHANGES:1.49 Wed May 5 07:41:48 2021 +++ src/libexec/httpd/CHANGES Tue Aug 24 09:47:36 2021 @@ -1,4 +1,8 @@ -$NetBSD: CHANGES,v 1.49 2021/05/05 07:41:48 mrg Exp $ +$NetBSD: CHANGES,v 1.50 2021/08/24 09:47:36 mrg Exp $ + +changes in bozohttpd 20210824: + o new "-m tlsversion" option to set the minimum TLS version + available. partially from . changes in bozohttpd 20210504: o don't assume host BUFSIZ is sufficent. small BUFSIZ leads to Index: src/libexec/httpd/bozohttpd.8 diff -u src/libexec/httpd/bozohttpd.8:1.88 src/libexec/httpd/bozohttpd.8:1.89 --- src/libexec/httpd/bozohttpd.8:1.88 Sun Feb 28 05:19:52 2021 +++ src/libexec/httpd/bozohttpd.8 Tue Aug 24 09:47:36 2021 @@ -1,4 +1,4 @@ -.\" $NetBSD: bozohttpd.8,v 1.88 2021/02/28 05:19:52 mrg Exp $ +.\" $NetBSD: bozohttpd.8,v 1.89 2021/08/24 09:47:36 mrg Exp $ .\" .\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $ .\" @@ -26,7 +26,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd February 27, 2021 +.Dd August 24, 2021 .Dt BOZOHTTPD 8 .Os .Sh NAME @@ -39,6 +39,7 @@ .Op Fl I Ar port .Op Fl L Ar prefix script .Op Fl M Ar suffix type encoding encoding11 +.Op Fl m Ar version .Op Fl P Ar pidfile .Op Fl R Ar readme .Op Fl S Ar version @@ -221,6 +222,18 @@ the empty string is used instead. Multiple .Fl M options may be passed. +.It Fl m Ar version +Set the minimum supported SSL protocol +.Ar version . +The valid values of +.Ar version +are +.Dq TLSv1.1 , +.Dq TLSv1.2 , +and +.Dq TLSv1.3 . +The default version is +.Dq TLSv1.1 . .It Fl n Stops .Nm @@ -646,7 +659,7 @@ The focus has always been simplicity and and regular code audits. This manual documents .Nm -version 20210227. +version 20210824. .Sh AUTHORS .An -nosplit .Nm @@ -769,6 +782,10 @@ option (pidfile support) and provided so provided many various fixes, including cgi-bin fixes and enhancements, HTTP basic authorization support and much code clean up .It +.An Sunil Nimmagadda +.Aq Mt su...@nimmagadda.net +provided runtime TLS version control +.It .An Rajeev V. Pillai .Aq Mt rajeev_v_pil...@yahoo.com provided several fixes for virtual hosting and directory indexing and @@ -819,7 +836,6 @@ provided http authorization fixes .It .Aq Mt x...@kittenz.org provided chroot and change-to-user support, and other various fixes - .It .An S.P.Zeidler .Aq Mt s...@netbsd.org Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.135 src/libexec/httpd/bozohttpd.c:1.136 --- src/libexec/httpd/bozohttpd.c:1.135 Tue Aug 24 05:39:39 2021 +++ src/libexec/httpd/bozohttpd.c Tue Aug 24 09:47:36 2021 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.135 2021/08/24 05:39:39 mrg Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.136 2021/08/24 09:47:36 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -108,7 +108,7 @@ #define INDEX_HTML "index.html" #endif #ifndef SERVER_SOFTWARE -#define SERVER_SOFTWARE "bozohttpd/20210504" +#define SERVER_SOFTWARE "bozohttpd/20210824" #endif #ifndef PUBLIC_HTML #define PUBLIC_HTML "public_html" Index: src/libexec/httpd/bozohttpd.h diff -u src/libexec/httpd/bozohttpd.h:1.69 src/libexec/httpd/bozohttpd.h:1.70 --- src/libexec/httpd/bozohttpd.h:1.69 Wed May 5 07:41:48 2021 +++ src/libexec/httpd/bozohttpd.h Tue Aug 24 09:47:36 2021 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.h,v 1.69 2021/05/05 07:41:48 mrg Exp $ */ +/* $NetBSD: bozohttpd.h,v 1.70 2021/08/24 09:47:36 mrg Exp $ */ /* $eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $ */ @@ -130,6 +130,7 @@ typedef struct bozohttpd_t { unsigned initial_timeout;/* first line timeout */ unsigned header_timeout; /* header lines timeout */ unsigned request_timeout;/* total session timeout */ + char *ssl_min_proto; /* minimum ssl protocol level */ #ifndef NO_LUA_SUPPORT int
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Tue Aug 24 09:47:36 UTC 2021 Modified Files: src/libexec/httpd: CHANGES bozohttpd.8 bozohttpd.c bozohttpd.h main.c ssl-bozo.c Log Message: implement tls minimum version setting. mostly from su...@nimmagadda.net in PR#55830, though i moved the member into the main http structure, so that it doesn't trigger sslinfo being allocated via command line without the rest of the ssl being setup (which then leads to crashes.) To generate a diff of this commit: cvs rdiff -u -r1.49 -r1.50 src/libexec/httpd/CHANGES cvs rdiff -u -r1.88 -r1.89 src/libexec/httpd/bozohttpd.8 cvs rdiff -u -r1.135 -r1.136 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.69 -r1.70 src/libexec/httpd/bozohttpd.h cvs rdiff -u -r1.28 -r1.29 src/libexec/httpd/main.c cvs rdiff -u -r1.29 -r1.30 src/libexec/httpd/ssl-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Tue Aug 24 05:39:39 UTC 2021 Modified Files: src/libexec/httpd: bozohttpd.c Log Message: rework the bindport setting, inspired by part of the patch from PR#56367 (thanks JP.) To generate a diff of this commit: cvs rdiff -u -r1.134 -r1.135 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.134 src/libexec/httpd/bozohttpd.c:1.135 --- src/libexec/httpd/bozohttpd.c:1.134 Tue Aug 24 05:29:27 2021 +++ src/libexec/httpd/bozohttpd.c Tue Aug 24 05:39:39 2021 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.134 2021/08/24 05:29:27 mrg Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.135 2021/08/24 05:39:39 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -148,7 +148,7 @@ #include "bozohttpd.h" #ifndef SSL_TIMEOUT -#define SSL_TIMEOUT "30" /* wait for 30 seconds for ssl handshake */ +#define SSL_TIMEOUT "30" /* ssl handshake: 30 seconds timeout */ #endif #ifndef INITIAL_TIMEOUT #define INITIAL_TIMEOUT "30" /* wait for 30 seconds initially */ @@ -670,23 +670,14 @@ bozo_read_request(bozohttpd_t *httpd) * Override the bound port from the request value, so it works even * if passed through a proxy that doesn't rewrite the port. */ + port = NULL; if (httpd->bindport) { if (strcmp(httpd->bindport, BOZO_HTTP_PORT) != 0) port = httpd->bindport; - else - port = NULL; - } else { - if (getsockname(0, (struct sockaddr *)(void *), ) < 0) - port = NULL; - else { - if (getnameinfo((struct sockaddr *)(void *), slen, - NULL, 0, bufport, sizeof bufport, - NI_NUMERICSERV) == 0) -port = bufport; - else -port = NULL; - } - } + } else if (getsockname(0, (struct sockaddr *)(void *), ) == 0 && + getnameinfo((struct sockaddr *)(void *), slen, NULL, 0, + bufport, sizeof bufport, NI_NUMERICSERV) == 0) + port = bufport; if (port != NULL) request->hr_serverport = bozostrdup(httpd, request, port);
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Tue Aug 24 05:39:39 UTC 2021 Modified Files: src/libexec/httpd: bozohttpd.c Log Message: rework the bindport setting, inspired by part of the patch from PR#56367 (thanks JP.) To generate a diff of this commit: cvs rdiff -u -r1.134 -r1.135 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Tue Aug 24 05:29:27 UTC 2021 Modified Files: src/libexec/httpd: bozohttpd.c main.c Log Message: remove unused parameters, and clean up incompatible options. from To generate a diff of this commit: cvs rdiff -u -r1.133 -r1.134 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.27 -r1.28 src/libexec/httpd/main.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.133 src/libexec/httpd/bozohttpd.c:1.134 --- src/libexec/httpd/bozohttpd.c:1.133 Sat Aug 21 11:55:24 2021 +++ src/libexec/httpd/bozohttpd.c Tue Aug 24 05:29:27 2021 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.133 2021/08/21 11:55:24 andvar Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.134 2021/08/24 05:29:27 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -241,7 +241,7 @@ bozo_set_pref(bozohttpd_t *httpd, bozopr } static void -bozo_clear_prefs(bozohttpd_t *httpd, bozoprefs_t *prefs) +bozo_clear_prefs(bozoprefs_t *prefs) { size_t i; @@ -2722,7 +2722,7 @@ bozo_setup(bozohttpd_t *httpd, bozoprefs void bozo_cleanup(bozohttpd_t *httpd, bozoprefs_t *prefs) { - bozo_clear_prefs(httpd, prefs); + bozo_clear_prefs(prefs); free(httpd->virthostname); free(httpd->errorbuf); Index: src/libexec/httpd/main.c diff -u src/libexec/httpd/main.c:1.27 src/libexec/httpd/main.c:1.28 --- src/libexec/httpd/main.c:1.27 Sat Feb 27 12:36:46 2021 +++ src/libexec/httpd/main.c Tue Aug 24 05:29:27 2021 @@ -1,4 +1,4 @@ -/* $NetBSD: main.c,v 1.27 2021/02/27 12:36:46 mrg Exp $ */ +/* $NetBSD: main.c,v 1.28 2021/08/24 05:29:27 mrg Exp $ */ /* $eterna: main.c,v 1.6 2011/11/18 09:21:15 mrg Exp $ */ /* from: eterna: bozohttpd.c,v 1.159 2009/05/23 02:14:30 mrg Exp */ @@ -102,7 +102,9 @@ usage(bozohttpd_t *httpd, char *progname bozowarn(httpd, " -P pidfile\t\tpid file path"); if (have_user) bozowarn(httpd, " -p dir\t\t\"public_html\" directory name"); - + if (have_dirindex) + bozowarn(httpd, " -R readme\t\tput readme file in footer " +"of directory index"); if (have_core) { bozowarn(httpd, " -S version\t\tset server version string"); bozowarn(httpd, " -s\t\t\talways log to stderr"); @@ -113,20 +115,17 @@ usage(bozohttpd_t *httpd, char *progname } if (have_user) bozowarn(httpd, " -u\t\t\tenable ~user/public_html support"); - if (have_core) { bozowarn(httpd, " -V\t\t\tUnknown virtual hosts go to " "`slashdir'"); bozowarn(httpd, " -v virtualroot\tenable virtual host " "support in this directory"); } - if (have_dirindex) bozowarn(httpd, " -X\t\t\tdirectory index support"); if (have_core) bozowarn(httpd, " -x index\t\tdefault \"index.html\" " "file name"); - if (have_ssl) { bozowarn(httpd, " -Z cert privkey\tspecify path to server " "certificate and private key file\n" @@ -303,6 +302,9 @@ main(int argc, char **argv) break; case 'R': + if (!have_dirindex) +goto no_dirindex_support; + bozo_set_pref(, , "directory index readme", optarg); break;
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Tue Aug 24 05:29:27 UTC 2021 Modified Files: src/libexec/httpd: bozohttpd.c main.c Log Message: remove unused parameters, and clean up incompatible options. from To generate a diff of this commit: cvs rdiff -u -r1.133 -r1.134 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.27 -r1.28 src/libexec/httpd/main.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Re: CVS commit: src/libexec/httpd
Jared McNeill wrote in : |On Sat, 12 Sep 2020, Olaf Seibert wrote: | |> bozohttpd: add .m4a and .m4v file extensions. | |I don't think audio/mpeg is correct for .m4a. Since .m4a is MPEG audio in |an MP4 container, I would follow RFC 4337 ("MIME Type Registration for |MPEG-4") here which says you should use audio/mp4 instead. audio/mp4 mp4 mp4a m4a m4b --steffen | |Der Kragenbaer,The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
Re: CVS commit: src/libexec/httpd
On Sat, 12 Sep 2020, Olaf Seibert wrote: bozohttpd: add .m4a and .m4v file extensions. I don't think audio/mpeg is correct for .m4a. Since .m4a is MPEG audio in an MP4 container, I would follow RFC 4337 ("MIME Type Registration for MPEG-4") here which says you should use audio/mp4 instead. Take care, Jared
Re: CVS commit: src/libexec/httpd
On Mon, Jul 13, 2020 at 07:15:45PM +1000, matthew green wrote: > i'm not sure i agree about 500 -> abusive behaviour. that's > when there's some _internal_ error and could just as easily > be caused by a human or code error on the server side. > > i don't know blocklist well enough to suggestion what we > should do here, but this feels wrong to me. Sure, though I think there are no clear definitions here. For 401, on the other hand, blocklistd(8) can be useful, given that bruteforcing passwords of embedded devices is supposedly a common scenario. - Jukka
re: CVS commit: src/libexec/httpd
thanks for this. please cc me directly for bozohttpd changes, i have a couple review comments :-) > Committed By: jruoho > Date: Sat Jul 11 08:10:52 UTC 2020 > > Modified Files: > src/libexec/httpd: Makefile auth-bozo.c bozohttpd.8 bozohttpd.c > bozohttpd.h > > Log Message: > Add blocklistd(8) support. > > > To generate a diff of this commit: > cvs rdiff -u -r1.28 -r1.29 src/libexec/httpd/Makefile > cvs rdiff -u -r1.24 -r1.25 src/libexec/httpd/auth-bozo.c > cvs rdiff -u -r1.80 -r1.81 src/libexec/httpd/bozohttpd.8 > cvs rdiff -u -r1.115 -r1.116 src/libexec/httpd/bozohttpd.c > cvs rdiff -u -r1.61 -r1.62 src/libexec/httpd/bozohttpd.h please add -DNO_BLOCKLIST_SUPPORT to Makefile.boot. i'm not sure i agree about 500 -> abusive behaviour. that's when there's some _internal_ error and could just as easily be caused by a human or code error on the server side. i don't know blocklist well enough to suggestion what we should do here, but this feels wrong to me. thanks again. .mrg.
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Wed Oct 30 07:28:13 UTC 2019 Modified Files: src/libexec/httpd: Makefile.boot Log Message: set -D_GNU_SOURCE, needed for linux systems and should be harmless or ignored elsewhere. from perry. To generate a diff of this commit: cvs rdiff -u -r1.6 -r1.7 src/libexec/httpd/Makefile.boot Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/Makefile.boot diff -u src/libexec/httpd/Makefile.boot:1.6 src/libexec/httpd/Makefile.boot:1.7 --- src/libexec/httpd/Makefile.boot:1.6 Thu Jan 2 08:30:22 2014 +++ src/libexec/httpd/Makefile.boot Wed Oct 30 07:28:13 2019 @@ -6,7 +6,7 @@ CC= cc OPT= -O LARGE_CFLAGS= -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -LOCAL_CFLAGS= -DNO_LUA_SUPPORT +LOCAL_CFLAGS= -DNO_LUA_SUPPORT -D_GNU_SOURCE CFLAGS= $(OPT) $(LARGE_CFLAGS) $(LOCAL_CFLAGS) GROFF= groff -Tascii
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Wed Oct 30 07:28:13 UTC 2019 Modified Files: src/libexec/httpd: Makefile.boot Log Message: set -D_GNU_SOURCE, needed for linux systems and should be harmless or ignored elsewhere. from perry. To generate a diff of this commit: cvs rdiff -u -r1.6 -r1.7 src/libexec/httpd/Makefile.boot Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Re: CVS commit: src/libexec/httpd
> Am 03.01.2016 um 23:23 schrieb Kamil Rytarowski: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > It's a good tip. > > I would leave httpd.print as it is right now, to not make a false > impression that there standard print works. The standard one will > work, but not for HTTPS. Oh, I was not suggesting you change the file again, I jsut wanted to note that a single line change would have been enough ;) > > On 03.01.2016 11:15, Marc Balmer wrote: >> Just a note: A better change would have been to just add >> >> print = httpd.print >> >> at the start of the script. That way the script could still be >> used as a normal CGI script with minimal changes. >> >> >>> Am 07.12.2015 um 04:11 schrieb Kamil Rytarowski >>> : >>> >>> Module Name:src Committed By: kamil Date: Mon Dec >>> 7 03:11:48 >>> UTC 2015 >>> >>> Modified Files: src/libexec/httpd: printenv.lua >>> >>> Log Message: Improve the httpd(8) printenv.lua Lua example >>> >>> Stop using Lua builtin print function and replace them with >>> http.* ones. httpd.print and http.write wraps SSL support when >>> needed. >>> >>> Print http headers, without them browser may interpret page as >>> raw text. >>> >>> No need to hardcode prefix path in the form. >>> >>> Add comments for a user with tips how to use this script. >>> >>> Patch by Travis Paul >>> >>> Closes PR misc/50502 >>> >>> >>> To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 >>> src/libexec/httpd/printenv.lua >>> >>> Please note that diffs are not public domain; they are subject >>> to the copyright notices on the relevant files. >>> >>> Modified files: >>> >>> Index: src/libexec/httpd/printenv.lua diff -u >>> src/libexec/httpd/printenv.lua:1.2 >>> src/libexec/httpd/printenv.lua:1.3 --- >>> src/libexec/httpd/printenv.lua:1.2 Thu Jan 2 08:21:38 2014 +++ >>> src/libexec/httpd/printenv.lua Mon Dec 7 03:11:48 2015 @@ -1,4 >>> +1,4 @@ --- $NetBSD: printenv.lua,v 1.2 2014/01/02 08:21:38 mrg >>> Exp $ +-- $NetBSD: printenv.lua,v 1.3 2015/12/07 03:11:48 kamil >>> Exp $ >>> >>> -- this small Lua script demonstrates the use of Lua in >>> (bozo)httpd -- it will simply output the "environment" @@ -8,6 >>> +8,10 @@ -- the same value on each invocation. You can not keep >>> state between -- two calls. >>> >>> +-- You can test this example by running the following command: >>> +-- /usr/libexec/httpd -b -f -I 8080 -L test printenv.lua . +-- >>> and then navigate to: http://127.0.0.1:8080/test/printenv + >>> local httpd = require 'httpd' >>> >>> function printenv(env, headers, query) @@ -15,12 +19,14 @@ >>> function printenv(env, headers, query) -- we get the >>> "environment" in the env table, the values are more -- or less >>> the same as the variable for a CGI program >>> >>> - if count == nil then - count = 1 - end - - -- output a >>> header >>> - print([[ + -- output headers using httpd.write() + -- >>> httpd.write() will not append newlines +httpd.write("HTTP/1.1 >>> 200 Ok\r\n") + httpd.write("Content-Type: text/html\r\n\r\n") + >>> + -- output html using httpd.print() + -- you can also use >>> print() and io.write() but they will not work with SSL + >>> httpd.print([[ Bozotic Lua >>> Environment @@ -29,54 +35,58 @@ function printenv(env, >>> headers, query) Bozotic Lua Environment ]]) >>> >>> - print('module version: ' .. httpd._VERSION .. '') + >>> httpd.print('module version: ' .. httpd._VERSION .. '') >>> >>> - print('Server Environment') + httpd.print('Server >>> Environment') -- print the list of "environment" variables >>> for k, v in pairs(env) do - print(k .. '=' .. v .. '') + >>> httpd.print(k .. '=' .. v .. '') end >>> >>> - print('Request Headers') + httpd.print('Request >>> Headers') for k, v in pairs(headers) do - print(k .. '=' >>> .. v .. '') + httpd.print(k .. '=' .. v .. '') end >>> >>> if query ~= nil then - print('Query Variables') + >>> httpd.print('Query Variables') for k, v in pairs(query) >>> do -print(k .. '=' .. v .. '') + >>> httpd.print(k .. '=' >>> .. v .. '') end end >>> >>> - print('Form Test') + httpd.print('Form >>> Test') >>> >>> - print([[ - >>> + httpd.print([[ + >>> >>> ]]) -- output a footer -print([[ + httpd.print([[ >>> ]]) end >>> >>> function form(env, header, query) + + httpd.write("HTTP/1.1 200 >>> Ok\r\n") + httpd.write("Content-Type: text/html\r\n\r\n") + if >>> query ~= nil then - print('Form Variables') + >>> httpd.print('Form Variables') >>> >>> if env.CONTENT_TYPE ~= nil then - print('Content-type: ' >>> .. >>> env.CONTENT_TYPE .. '') + >>> httpd.print('Content-type: ' .. >>> env.CONTENT_TYPE .. '') end >>> >>> for k, v in pairs(query) do - print(k ..
Re: CVS commit: src/libexec/httpd
> (it seems that i let strdup(3) back in when i merged agc's library > code, i should have caught that then. oh well.) My apologies about that, I wasn't careful enough. Alistair
re: CVS commit: src/libexec/httpd
On Dec 19, 1:34pm, m...@eterna.com.au (matthew green) wrote: -- Subject: re: CVS commit: src/libexec/httpd | i don't think it matters where the failure happens. we only need | one frontend function, and it can exit as necessary. you can tell | from the contents of struct bozohttpd_t whether a reply can be sent | upon error, or simply exiting. Ok, how can I tell? | (it seems that i let strdup(3) back in when i merged agc's library | code, i should have caught that then. oh well.) No problem, I fixed most of them. | the failure should always log -- but a reply depends. Right. christos
Re: CVS commit: src/libexec/httpd
In article <20871.1450494...@splode.eterna.com.au>, matthew green <m...@eterna.com.au> wrote: >Christos Zoulas writes: >> On Dec 19, 1:34pm, m...@eterna.com.au (matthew green) wrote: >> -- Subject: re: CVS commit: src/libexec/httpd >> >> | i don't think it matters where the failure happens. we only need >> | one frontend function, and it can exit as necessary. you can tell >> | from the contents of struct bozohttpd_t whether a reply can be sent >> | upon error, or simply exiting. >> >> Ok, how can I tell? > >looks like after this: > > request->hr_file = file; > >which means checking httpd->request && httpd->request->hr_file >would be sufficient. Well, bozo_http_error() check those two and also writes to stdout if those are not set. I was looking for something that would skip the Content-type etc. christos
re: CVS commit: src/libexec/httpd
> >the whole point of having bozofunc() is to avoid having to do any > >error checking in it. but now there are calls to several of these > >that do check errors, and plus the names are too similar. > > > >there shouldn't really be a distinction. all the calls to strdup() > >you adjusted are (newish) bugs that should just have called > >bozostrdup(), and there should be no bozo_strdup(). looks like the > >vast majority of the strdup() calls were added when i merged > >libbozo work, 5.5 years ago, plus a single one from the initial > >import. > > I think that there are strdup/alloc/ calls that happen before connection > time and ones that happen before during configuration and setup. We can > either have two functions to handle failure appropriately, or one (which > I prefer I think) and that checks the http->logstate or something to see if > it should log, or send a response, or both. This requires a bit more > surgery... Yes, having two functions with similar names is nasty and silly > and I am not planning to keep it. I just wanted to have some discussion > first on what to do to solve it. There are 2 or so more strdups that are > unchecked in the prefs. Let me know how you prefer to go and I will fix > them. i don't think it matters where the failure happens. we only need one frontend function, and it can exit as necessary. you can tell from the contents of struct bozohttpd_t whether a reply can be sent upon error, or simply exiting. (it seems that i let strdup(3) back in when i merged agc's library code, i should have caught that then. oh well.) the failure should always log -- but a reply depends. thanks. .mrg.
re: CVS commit: src/libexec/httpd
Christos Zoulas writes: > On Dec 19, 1:34pm, m...@eterna.com.au (matthew green) wrote: > -- Subject: re: CVS commit: src/libexec/httpd > > | i don't think it matters where the failure happens. we only need > | one frontend function, and it can exit as necessary. you can tell > | from the contents of struct bozohttpd_t whether a reply can be sent > | upon error, or simply exiting. > > Ok, how can I tell? looks like after this: request->hr_file = file; which means checking httpd->request && httpd->request->hr_file would be sufficient. .mrg.
re: CVS commit: src/libexec/httpd
"Christos Zoulas" writes: > Module Name: src > Committed By: christos > Date: Sat Dec 12 18:06:58 UTC 2015 > > Modified Files: > src/libexec/httpd: bozohttpd.c bozohttpd.h ssl-bozo.c > > Log Message: > Introduce bozo_strdup and bozo_asprintf to add error checking and reduce > code duplication. > > Note that bozo_strdup is different that bozostrdup; the _ routines exit > loging error to syslog or stderr, whereas the non _ routines send error > responses to the http client. wait, you make it so there are two functions with almost the same name but different semantics? please don't do that. sounds like the "_" routines should have "log" in them somewhere. .mrg.
re: CVS commit: src/libexec/httpd
"Christos Zoulas" writes: > Module Name: src > Committed By: christos > Date: Sat Dec 12 16:57:53 UTC 2015 > > Modified Files: > src/libexec/httpd: bozohttpd.8 bozohttpd.h main.c ssl-bozo.c > > Log Message: > - restrict the default list of ciphers to something more secure > - restrict ssl options > >From Travis Paul thanks for doing this. a couple of comments: this should have bumped the version and be mentioned in the CHANGES file. + sslinfo = bozomalloc(httpd, sizeof(*sslinfo)); + if (sslinfo == NULL) bozomalloc never returns NULL. ;) .mrg.
Re: CVS commit: src/libexec/httpd
On Fri, Nov 21, 2014 at 08:54:12AM +, Mateusz Kocielski wrote: Module Name: src Committed By: shm Date: Fri Nov 21 08:54:12 UTC 2014 Modified Files: src/libexec/httpd: bozohttpd.c Log Message: Fixed off-by-one in virtualhost processing. Previous code was checking if Host header is a prefix of any existing vhost. This behaviour might be used to uncover existing vitual hosts from the remote. OK @mrg To generate a diff of this commit: cvs rdiff -u -r1.57 -r1.58 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.57 src/libexec/httpd/bozohttpd.c:1.58 --- src/libexec/httpd/bozohttpd.c:1.57Fri Oct 10 05:10:59 2014 +++ src/libexec/httpd/bozohttpd.c Fri Nov 21 08:54:12 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.57 2014/10/10 05:10:59 mrg Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.58 2014/11/21 08:54:12 shm Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -1093,8 +1093,8 @@ check_virtual(bozo_httpreq_t *request) } debug((httpd, DEBUG_OBESE, looking at dir``%s'', d-d_name)); - if (strncasecmp(d-d_name, request-hr_host, - len) == 0) { + if (d-d_namlen == len strcmp(d-d_name, + request-hr_host) == 0) { I think we gained cASe-seNsItiVITy with this? /* found it, punch it */ debug((httpd, DEBUG_OBESE, found it punch it)); request-hr_virthostname =
Re: CVS commit: src/libexec/httpd
On Sat, Oct 12, 2013 at 05:24:07PM +, Marc Balmer wrote: +#ifndef NO_LUA_SUPPORT +#include lua.h +#endif Thanks for doing this, it's nice to get more lua support in-tree. I really dislike the double negative in this one, though - it's much easier for everyone if the definition was HAVE_LUA_SUPPORT and default it to defined, or yes, or whatever. Best, Alistair