CVS commit: src/libexec/httpd

2024-04-28 Thread Maya Rashish 
Module Name:src
Committed By:   maya
Date:   Sun Apr 28 17:12:30 UTC 2024

Modified Files:
src/libexec/httpd: CHANGES bozohttpd.8 bozohttpd.c

Log Message:
Bump bozohttpd version to today for mobile-friendly directory listing


To generate a diff of this commit:
cvs rdiff -u -r1.55 -r1.56 src/libexec/httpd/CHANGES
cvs rdiff -u -r1.96 -r1.97 src/libexec/httpd/bozohttpd.8
cvs rdiff -u -r1.146 -r1.147 src/libexec/httpd/bozohttpd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/CHANGES
diff -u src/libexec/httpd/CHANGES:1.55 src/libexec/httpd/CHANGES:1.56
--- src/libexec/httpd/CHANGES:1.55	Fri Jan 26 23:19:44 2024
+++ src/libexec/httpd/CHANGES	Sun Apr 28 17:12:30 2024
@@ -1,4 +1,7 @@
-$NetBSD: CHANGES,v 1.55 2024/01/26 23:19:44 mrg Exp $
+$NetBSD: CHANGES,v 1.56 2024/04/28 17:12:30 maya Exp $
+
+changes in bozohttpd 20240428:
+	o  make directory listings mobile friendly. from D. Bohdan.
 
 changes in bozohttpd 20240126:
 	o  add some more default mime types.

Index: src/libexec/httpd/bozohttpd.8
diff -u src/libexec/httpd/bozohttpd.8:1.96 src/libexec/httpd/bozohttpd.8:1.97
--- src/libexec/httpd/bozohttpd.8:1.96	Sun Feb  4 05:54:20 2024
+++ src/libexec/httpd/bozohttpd.8	Sun Apr 28 17:12:30 2024
@@ -1,4 +1,4 @@
-.\"	$NetBSD: bozohttpd.8,v 1.96 2024/02/04 05:54:20 mrg Exp $
+.\"	$NetBSD: bozohttpd.8,v 1.97 2024/04/28 17:12:30 maya Exp $
 .\"
 .\"	$eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $
 .\"
@@ -26,7 +26,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd Jan 26, 2024
+.Dd Apr 28, 2024
 .Dt BOZOHTTPD 8
 .Os
 .Sh NAME
@@ -664,7 +664,7 @@ The focus has always been simplicity and
 and regular code audits.
 This manual documents
 .Nm
-version 20240126.
+version 20240428.
 .Sh AUTHORS
 .An -nosplit
 .Nm

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.146 src/libexec/httpd/bozohttpd.c:1.147
--- src/libexec/httpd/bozohttpd.c:1.146	Fri Jan 26 23:19:44 2024
+++ src/libexec/httpd/bozohttpd.c	Sun Apr 28 17:12:30 2024
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.146 2024/01/26 23:19:44 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.147 2024/04/28 17:12:30 maya Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -108,7 +108,7 @@
 #define INDEX_HTML		"index.html"
 #endif
 #ifndef SERVER_SOFTWARE
-#define SERVER_SOFTWARE		"bozohttpd/20240126"
+#define SERVER_SOFTWARE		"bozohttpd/20240428"
 #endif
 #ifndef PUBLIC_HTML
 #define PUBLIC_HTML		"public_html"

CVS commit: src/libexec/httpd

2024-04-28 Thread Maya Rashish 
Module Name:src
Committed By:   maya
Date:   Sun Apr 28 17:12:30 UTC 2024

Modified Files:
src/libexec/httpd: CHANGES bozohttpd.8 bozohttpd.c

Log Message:
Bump bozohttpd version to today for mobile-friendly directory listing


To generate a diff of this commit:
cvs rdiff -u -r1.55 -r1.56 src/libexec/httpd/CHANGES
cvs rdiff -u -r1.96 -r1.97 src/libexec/httpd/bozohttpd.8
cvs rdiff -u -r1.146 -r1.147 src/libexec/httpd/bozohttpd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/libexec/httpd

2024-04-26 Thread Maya Rashish 
Module Name:src
Committed By:   maya
Date:   Fri Apr 26 20:27:12 UTC 2024

Modified Files:
src/libexec/httpd: dir-index-bozo.c

Log Message:
Create mobile-friendly directory listings

A typical mobile browser on a smartphone assumes a page without a "viewport"
 tag is designed for desktop browsers. It displays the page in a
virtual window that simulates a wider screen and does not adjust it for
the phone's pixel density. The usual result is that the content on the page
looks small, and interacting with the page comfortably and precisely requires
zoom. This is currently the case with bozohttpd directory listing pages.

from D. Bohdan in PR bin/57962


To generate a diff of this commit:
cvs rdiff -u -r1.36 -r1.37 src/libexec/httpd/dir-index-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/dir-index-bozo.c
diff -u src/libexec/httpd/dir-index-bozo.c:1.36 src/libexec/httpd/dir-index-bozo.c:1.37
--- src/libexec/httpd/dir-index-bozo.c:1.36	Wed May 18 00:37:11 2022
+++ src/libexec/httpd/dir-index-bozo.c	Fri Apr 26 20:27:12 2024
@@ -1,4 +1,4 @@
-/*	$NetBSD: dir-index-bozo.c,v 1.36 2022/05/18 00:37:11 mrg Exp $	*/
+/*	$NetBSD: dir-index-bozo.c,v 1.37 2024/04/26 20:27:12 maya Exp $	*/
 
 /*	$eterna: dir-index-bozo.c,v 1.20 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -123,6 +123,7 @@ bozo_dir_index(bozo_httpreq_t *request, 
 	bozo_printf(httpd,
 		"\r\n"
 		"\r\n"
+		"\r\n"

CVS commit: src/libexec/httpd

2024-04-26 Thread Maya Rashish 
Module Name:src
Committed By:   maya
Date:   Fri Apr 26 20:27:12 UTC 2024

Modified Files:
src/libexec/httpd: dir-index-bozo.c

Log Message:
Create mobile-friendly directory listings

A typical mobile browser on a smartphone assumes a page without a "viewport"
 tag is designed for desktop browsers. It displays the page in a
virtual window that simulates a wider screen and does not adjust it for
the phone's pixel density. The usual result is that the content on the page
looks small, and interacting with the page comfortably and precisely requires
zoom. This is currently the case with bozohttpd directory listing pages.

from D. Bohdan in PR bin/57962


To generate a diff of this commit:
cvs rdiff -u -r1.36 -r1.37 src/libexec/httpd/dir-index-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/libexec/httpd

2024-02-03 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Sun Feb  4 05:54:21 UTC 2024

Modified Files:
src/libexec/httpd: bozohttpd.8

Log Message:
note this documents bozohttpd 20240126.


To generate a diff of this commit:
cvs rdiff -u -r1.95 -r1.96 src/libexec/httpd/bozohttpd.8

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/libexec/httpd

2024-02-03 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Sun Feb  4 05:54:21 UTC 2024

Modified Files:
src/libexec/httpd: bozohttpd.8

Log Message:
note this documents bozohttpd 20240126.


To generate a diff of this commit:
cvs rdiff -u -r1.95 -r1.96 src/libexec/httpd/bozohttpd.8

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.8
diff -u src/libexec/httpd/bozohttpd.8:1.95 src/libexec/httpd/bozohttpd.8:1.96
--- src/libexec/httpd/bozohttpd.8:1.95	Fri Feb  2 20:50:28 2024
+++ src/libexec/httpd/bozohttpd.8	Sun Feb  4 05:54:20 2024
@@ -1,4 +1,4 @@
-.\"	$NetBSD: bozohttpd.8,v 1.95 2024/02/02 20:50:28 andvar Exp $
+.\"	$NetBSD: bozohttpd.8,v 1.96 2024/02/04 05:54:20 mrg Exp $
 .\"
 .\"	$eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $
 .\"
@@ -664,7 +664,7 @@ The focus has always been simplicity and
 and regular code audits.
 This manual documents
 .Nm
-version 20230602.
+version 20240126.
 .Sh AUTHORS
 .An -nosplit
 .Nm

CVS commit: src/libexec/httpd

2024-02-02 Thread Andrius Varanavicius 
Module Name:src
Committed By:   andvar
Date:   Fri Feb  2 20:50:28 UTC 2024

Modified Files:
src/libexec/httpd: bozohttpd.8

Log Message:
s/supressing/suppressing/.


To generate a diff of this commit:
cvs rdiff -u -r1.94 -r1.95 src/libexec/httpd/bozohttpd.8

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.8
diff -u src/libexec/httpd/bozohttpd.8:1.94 src/libexec/httpd/bozohttpd.8:1.95
--- src/libexec/httpd/bozohttpd.8:1.94	Fri Jan 26 23:19:44 2024
+++ src/libexec/httpd/bozohttpd.8	Fri Feb  2 20:50:28 2024
@@ -1,4 +1,4 @@
-.\"	$NetBSD: bozohttpd.8,v 1.94 2024/01/26 23:19:44 mrg Exp $
+.\"	$NetBSD: bozohttpd.8,v 1.95 2024/02/02 20:50:28 andvar Exp $
 .\"
 .\"	$eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $
 .\"
@@ -79,7 +79,7 @@ using the ftp facility (but see the
 .Fl s
 option for testing and the
 .Fl q
-option for supressing this.)
+option for suppressing this.)
 .Nm
 is designed to be small, simple and relatively featureless,
 hopefully increasing its security.

CVS commit: src/libexec/httpd

2024-02-02 Thread Andrius Varanavicius 
Module Name:src
Committed By:   andvar
Date:   Fri Feb  2 20:50:28 UTC 2024

Modified Files:
src/libexec/httpd: bozohttpd.8

Log Message:
s/supressing/suppressing/.


To generate a diff of this commit:
cvs rdiff -u -r1.94 -r1.95 src/libexec/httpd/bozohttpd.8

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/libexec/httpd

2024-01-26 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Fri Jan 26 23:19:44 UTC 2024

Modified Files:
src/libexec/httpd: CHANGES bozohttpd.8 bozohttpd.c

Log Message:
add some missing changes and bump the version.


To generate a diff of this commit:
cvs rdiff -u -r1.54 -r1.55 src/libexec/httpd/CHANGES
cvs rdiff -u -r1.93 -r1.94 src/libexec/httpd/bozohttpd.8
cvs rdiff -u -r1.145 -r1.146 src/libexec/httpd/bozohttpd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/CHANGES
diff -u src/libexec/httpd/CHANGES:1.54 src/libexec/httpd/CHANGES:1.55
--- src/libexec/httpd/CHANGES:1.54	Wed Nov  2 20:38:21 2022
+++ src/libexec/httpd/CHANGES	Fri Jan 26 23:19:44 2024
@@ -1,4 +1,12 @@
-$NetBSD: CHANGES,v 1.54 2022/11/02 20:38:21 andvar Exp $
+$NetBSD: CHANGES,v 1.55 2024/01/26 23:19:44 mrg Exp $
+
+changes in bozohttpd 20240126:
+	o  add some more default mime types.
+	o  fix memory leaks.  from shm.
+	o  fix reading 2 bytes beyond '%', possibly not mapped.  from shm.
+	o  support openssl 3.  from christos.
+	o  add -q option to not log.  from martin.
+	o  fix default return value of bozo_set_defaults(), PR#54785.
 
 changes in bozohttpd 20220104:
 	o  remove obsolete .bzdirect handling.

Index: src/libexec/httpd/bozohttpd.8
diff -u src/libexec/httpd/bozohttpd.8:1.93 src/libexec/httpd/bozohttpd.8:1.94
--- src/libexec/httpd/bozohttpd.8:1.93	Wed Jun  7 20:22:22 2023
+++ src/libexec/httpd/bozohttpd.8	Fri Jan 26 23:19:44 2024
@@ -1,8 +1,8 @@
-.\"	$NetBSD: bozohttpd.8,v 1.93 2023/06/07 20:22:22 mrg Exp $
+.\"	$NetBSD: bozohttpd.8,v 1.94 2024/01/26 23:19:44 mrg Exp $
 .\"
 .\"	$eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $
 .\"
-.\" Copyright (c) 1997-2023 Matthew R. Green
+.\" Copyright (c) 1997-2024 Matthew R. Green
 .\" All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
@@ -26,7 +26,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd Sep 12, 2023
+.Dd Jan 26, 2024
 .Dt BOZOHTTPD 8
 .Os
 .Sh NAME
@@ -670,7 +670,7 @@ version 20230602.
 .Nm
 was written by
 .An Matthew R. Green
-.Aq Mt m...@eterna.com.au .
+.Aq Mt m...@eterna23.net .
 .Pp
 The large list of contributors includes:
 .Bl -dash
@@ -805,7 +805,7 @@ provided several clean up fixes, and man
 provided various fixes
 .It
 .An Tyler Retzlaff
-.Aq Mt r...@eterna.com.au
+.Aq Mt r...@eterna23.net
 provided SSL support, cgi-bin fixes and much other random other stuff
 .It
 .An rudolf
@@ -860,7 +860,9 @@ There are probably others I have forgott
 Please send all updates to
 .Nm
 to
-.Aq Mt m...@eterna.com.au
+.Aq Mt m...@eterna23.net
+or
+.Aq Mt netbsd-b...@netbsd.org
 for inclusion in future releases.
 .Sh BUGS
 .Nm

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.145 src/libexec/httpd/bozohttpd.c:1.146
--- src/libexec/httpd/bozohttpd.c:1.145	Wed Sep 20 07:13:35 2023
+++ src/libexec/httpd/bozohttpd.c	Fri Jan 26 23:19:44 2024
@@ -1,9 +1,9 @@
-/*	$NetBSD: bozohttpd.c,v 1.145 2023/09/20 07:13:35 shm Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.146 2024/01/26 23:19:44 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
 /*
- * Copyright (c) 1997-2023 Matthew R. Green
+ * Copyright (c) 1997-2024 Matthew R. Green
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -108,7 +108,7 @@
 #define INDEX_HTML		"index.html"
 #endif
 #ifndef SERVER_SOFTWARE
-#define SERVER_SOFTWARE		"bozohttpd/20230602"
+#define SERVER_SOFTWARE		"bozohttpd/20240126"
 #endif
 #ifndef PUBLIC_HTML
 #define PUBLIC_HTML		"public_html"

CVS commit: src/libexec/httpd

2024-01-26 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Fri Jan 26 23:19:44 UTC 2024

Modified Files:
src/libexec/httpd: CHANGES bozohttpd.8 bozohttpd.c

Log Message:
add some missing changes and bump the version.


To generate a diff of this commit:
cvs rdiff -u -r1.54 -r1.55 src/libexec/httpd/CHANGES
cvs rdiff -u -r1.93 -r1.94 src/libexec/httpd/bozohttpd.8
cvs rdiff -u -r1.145 -r1.146 src/libexec/httpd/bozohttpd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/libexec/httpd

2023-12-17 Thread Taylor R Campbell 
Module Name:src
Committed By:   riastradh
Date:   Mon Dec 18 03:48:57 UTC 2023

Modified Files:
src/libexec/httpd: ssl-bozo.c

Log Message:
httpd(8): Add missing newline to `SSL Error' messages.

Matches the pattern in all other printf/syslog calls.

XXX pullup-10
XXX pullup-9
XXX pullup-8


To generate a diff of this commit:
cvs rdiff -u -r1.33 -r1.34 src/libexec/httpd/ssl-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/ssl-bozo.c
diff -u src/libexec/httpd/ssl-bozo.c:1.33 src/libexec/httpd/ssl-bozo.c:1.34
--- src/libexec/httpd/ssl-bozo.c:1.33	Wed Jun  7 20:12:31 2023
+++ src/libexec/httpd/ssl-bozo.c	Mon Dec 18 03:48:57 2023
@@ -1,4 +1,4 @@
-/*	$NetBSD: ssl-bozo.c,v 1.33 2023/06/07 20:12:31 mrg Exp $	*/
+/*	$NetBSD: ssl-bozo.c,v 1.34 2023/12/18 03:48:57 riastradh Exp $	*/
 
 /*	$eterna: ssl-bozo.c,v 1.15 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -129,6 +129,7 @@ bozo_clear_ssl_queue(bozohttpd_t *httpd)
 			ERR_lib_error_string(sslcode),
 			ERR_func_error_string(sslcode),
 			ERR_reason_error_string(sslcode));
+			fputs("\n", stderr);
 		} else {
 			syslog(LOG_ERR, sslfmt,
 			ERR_lib_error_string(sslcode),

CVS commit: src/libexec/httpd

2023-12-17 Thread Taylor R Campbell 
Module Name:src
Committed By:   riastradh
Date:   Mon Dec 18 03:48:57 UTC 2023

Modified Files:
src/libexec/httpd: ssl-bozo.c

Log Message:
httpd(8): Add missing newline to `SSL Error' messages.

Matches the pattern in all other printf/syslog calls.

XXX pullup-10
XXX pullup-9
XXX pullup-8


To generate a diff of this commit:
cvs rdiff -u -r1.33 -r1.34 src/libexec/httpd/ssl-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/libexec/httpd

2023-09-20 Thread Mateusz Kocielski 
Module Name:src
Committed By:   shm
Date:   Wed Sep 20 08:41:35 UTC 2023

Modified Files:
src/libexec/httpd: cgi-bozo.c

Log Message:
Removed unnecessary comment

Thanks leot@ for pointing this out


To generate a diff of this commit:
cvs rdiff -u -r1.55 -r1.56 src/libexec/httpd/cgi-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/cgi-bozo.c
diff -u src/libexec/httpd/cgi-bozo.c:1.55 src/libexec/httpd/cgi-bozo.c:1.56
--- src/libexec/httpd/cgi-bozo.c:1.55	Wed Sep 20 07:09:14 2023
+++ src/libexec/httpd/cgi-bozo.c	Wed Sep 20 08:41:35 2023
@@ -1,4 +1,4 @@
-/*	$NetBSD: cgi-bozo.c,v 1.55 2023/09/20 07:09:14 shm Exp $	*/
+/*	$NetBSD: cgi-bozo.c,v 1.56 2023/09/20 08:41:35 shm Exp $	*/
 
 /*	$eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -654,7 +654,6 @@ bozo_process_cgi(bozo_httpreq_t *request
 	/* CGI programs should perform their own timeouts */
 	while ((rbytes = bozo_read(httpd, STDIN_FILENO, buf, sizeof buf)) > 0) {
 		ssize_t wbytes;
-		/* char *bp = buf; */
 
 		while (rbytes) {
 			wbytes = write(sv[0], buf, (size_t)rbytes);

CVS commit: src/libexec/httpd

2023-09-20 Thread Mateusz Kocielski 
Module Name:src
Committed By:   shm
Date:   Wed Sep 20 08:41:35 UTC 2023

Modified Files:
src/libexec/httpd: cgi-bozo.c

Log Message:
Removed unnecessary comment

Thanks leot@ for pointing this out


To generate a diff of this commit:
cvs rdiff -u -r1.55 -r1.56 src/libexec/httpd/cgi-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/libexec/httpd

2023-09-20 Thread Mateusz Kocielski 
Module Name:src
Committed By:   shm
Date:   Wed Sep 20 07:13:35 UTC 2023

Modified Files:
src/libexec/httpd: bozohttpd.c

Log Message:
Fix off-by-one in bozo_decode_url_percent

In case of strings that end with '%', debug function was reading past buffer.


To generate a diff of this commit:
cvs rdiff -u -r1.144 -r1.145 src/libexec/httpd/bozohttpd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.144 src/libexec/httpd/bozohttpd.c:1.145
--- src/libexec/httpd/bozohttpd.c:1.144	Thu Sep  7 06:40:56 2023
+++ src/libexec/httpd/bozohttpd.c	Wed Sep 20 07:13:35 2023
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.144 2023/09/07 06:40:56 shm Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.145 2023/09/20 07:13:35 shm Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -1564,9 +1564,14 @@ bozo_decode_url_percent(bozo_httpreq_t *
 *t++ = *s++;
 			break;
 		}
-		debug((httpd, DEBUG_EXPLODING,
-			"fu_%%: got s == %%, s[1]s[2] == %c%c",
-			s[1], s[2]));
+		if ([2] < end)
+			debug((httpd, DEBUG_EXPLODING,
+"fu_%%: got s == %%, s[1]s[2] == %c%c",
+s[1], s[2]));
+		else
+			debug((httpd, DEBUG_EXPLODING,
+			"fu_%%: got s == %%, s[1] == %c s[2] is not set",
+s[1]));
 		if (s[1] == '\0' || s[2] == '\0')
 			return bozo_http_error(httpd, 400, request,
 			"percent hack missing two chars afterwards");

CVS commit: src/libexec/httpd

2023-09-20 Thread Mateusz Kocielski 
Module Name:src
Committed By:   shm
Date:   Wed Sep 20 07:13:35 UTC 2023

Modified Files:
src/libexec/httpd: bozohttpd.c

Log Message:
Fix off-by-one in bozo_decode_url_percent

In case of strings that end with '%', debug function was reading past buffer.


To generate a diff of this commit:
cvs rdiff -u -r1.144 -r1.145 src/libexec/httpd/bozohttpd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/libexec/httpd

2023-09-20 Thread Mateusz Kocielski 
Module Name:src
Committed By:   shm
Date:   Wed Sep 20 07:09:14 UTC 2023

Modified Files:
src/libexec/httpd: cgi-bozo.c

Log Message:
Remove unused variable (bp)


To generate a diff of this commit:
cvs rdiff -u -r1.54 -r1.55 src/libexec/httpd/cgi-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/libexec/httpd

2023-09-20 Thread Mateusz Kocielski 
Module Name:src
Committed By:   shm
Date:   Wed Sep 20 07:09:14 UTC 2023

Modified Files:
src/libexec/httpd: cgi-bozo.c

Log Message:
Remove unused variable (bp)


To generate a diff of this commit:
cvs rdiff -u -r1.54 -r1.55 src/libexec/httpd/cgi-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/cgi-bozo.c
diff -u src/libexec/httpd/cgi-bozo.c:1.54 src/libexec/httpd/cgi-bozo.c:1.55
--- src/libexec/httpd/cgi-bozo.c:1.54	Thu Apr  8 07:02:12 2021
+++ src/libexec/httpd/cgi-bozo.c	Wed Sep 20 07:09:14 2023
@@ -1,4 +1,4 @@
-/*	$NetBSD: cgi-bozo.c,v 1.54 2021/04/08 07:02:12 rillig Exp $	*/
+/*	$NetBSD: cgi-bozo.c,v 1.55 2023/09/20 07:09:14 shm Exp $	*/
 
 /*	$eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -185,15 +185,13 @@ finish_cgi_output(bozohttpd_t *httpd, bo
 	/* CGI programs should perform their own timeouts */
 	while ((rbytes = read(in, buf, sizeof buf)) > 0) {
 		ssize_t wbytes;
-		char *bp = buf;
 
 		while (rbytes) {
 			wbytes = bozo_write(httpd, STDOUT_FILENO, buf,
 	(size_t)rbytes);
-			if (wbytes > 0) {
+			if (wbytes > 0)
 rbytes -= wbytes;
-bp += wbytes;
-			} else
+			else
 bozoerr(httpd, 1,
 	"cgi output write failed: %s",
 	strerror(errno));
@@ -656,14 +654,13 @@ bozo_process_cgi(bozo_httpreq_t *request
 	/* CGI programs should perform their own timeouts */
 	while ((rbytes = bozo_read(httpd, STDIN_FILENO, buf, sizeof buf)) > 0) {
 		ssize_t wbytes;
-		char *bp = buf;
+		/* char *bp = buf; */
 
 		while (rbytes) {
 			wbytes = write(sv[0], buf, (size_t)rbytes);
-			if (wbytes > 0) {
+			if (wbytes > 0)
 rbytes -= wbytes;
-bp += wbytes;
-			} else
+			else
 bozoerr(httpd, 1, "write failed: %s",
 	strerror(errno));
 		}

CVS commit: src/libexec/httpd

2023-09-19 Thread Mateusz Kocielski 
Module Name:src
Committed By:   shm
Date:   Tue Sep 19 07:51:43 UTC 2023

Modified Files:
src/libexec/httpd: auth-bozo.c

Log Message:
Fix hr_authrealm memory leak

hr_authrealm might be already set, so we need to free it before overwriting
the value


To generate a diff of this commit:
cvs rdiff -u -r1.27 -r1.28 src/libexec/httpd/auth-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/auth-bozo.c
diff -u src/libexec/httpd/auth-bozo.c:1.27 src/libexec/httpd/auth-bozo.c:1.28
--- src/libexec/httpd/auth-bozo.c:1.27	Wed May  5 07:41:48 2021
+++ src/libexec/httpd/auth-bozo.c	Tue Sep 19 07:51:43 2023
@@ -1,4 +1,4 @@
-/*	$NetBSD: auth-bozo.c,v 1.27 2021/05/05 07:41:48 mrg Exp $	*/
+/*	$NetBSD: auth-bozo.c,v 1.28 2023/09/19 07:51:43 shm Exp $	*/
 
 /*	$eterna: auth-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -67,6 +67,11 @@ bozo_auth_check(bozo_httpreq_t *request,
 		if (bozo_check_special_files(request, basename, true))
 			return 1;
 	}
+
+	/* we might be called from cgi code again with the hr_authrealm
+	 * already set */
+	if (request->hr_authrealm)
+		free(request->hr_authrealm);
 	request->hr_authrealm = bozostrdup(httpd, request, dir);
 
 	if ((size_t)snprintf(authfile, sizeof(authfile), "%s/%s", dir,

CVS commit: src/libexec/httpd

2023-09-19 Thread Mateusz Kocielski 
Module Name:src
Committed By:   shm
Date:   Tue Sep 19 07:51:43 UTC 2023

Modified Files:
src/libexec/httpd: auth-bozo.c

Log Message:
Fix hr_authrealm memory leak

hr_authrealm might be already set, so we need to free it before overwriting
the value


To generate a diff of this commit:
cvs rdiff -u -r1.27 -r1.28 src/libexec/httpd/auth-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/libexec/httpd

2023-09-07 Thread Mateusz Kocielski 
Module Name:src
Committed By:   shm
Date:   Thu Sep  7 06:40:56 UTC 2023

Modified Files:
src/libexec/httpd: bozohttpd.c

Log Message:
Fix memory leaks in bozo_cleanup


To generate a diff of this commit:
cvs rdiff -u -r1.143 -r1.144 src/libexec/httpd/bozohttpd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.143 src/libexec/httpd/bozohttpd.c:1.144
--- src/libexec/httpd/bozohttpd.c:1.143	Wed Jun  7 20:12:31 2023
+++ src/libexec/httpd/bozohttpd.c	Thu Sep  7 06:40:56 2023
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.143 2023/06/07 20:12:31 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.144 2023/09/07 06:40:56 shm Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -2728,6 +2728,11 @@ bozo_cleanup(bozohttpd_t *httpd, bozopre
 	free(httpd->errorbuf);
 	free(httpd->getln_buffer);
 	free(httpd->slashdir);
+	free(httpd->bindport);
+	free(httpd->pidfile);
+	free(httpd->cgibin);
+	free(httpd->virtbase);
+	free(httpd->dynamic_content_map);
 #define bozo_unconst(x) ((void *)(uintptr_t)x)
 	free(bozo_unconst(httpd->server_software));
 	free(bozo_unconst(httpd->index_html));

CVS commit: src/libexec/httpd

2023-09-07 Thread Mateusz Kocielski 
Module Name:src
Committed By:   shm
Date:   Thu Sep  7 06:40:56 UTC 2023

Modified Files:
src/libexec/httpd: bozohttpd.c

Log Message:
Fix memory leaks in bozo_cleanup


To generate a diff of this commit:
cvs rdiff -u -r1.143 -r1.144 src/libexec/httpd/bozohttpd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/libexec/httpd

2023-06-07 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Wed Jun  7 20:22:22 UTC 2023

Modified Files:
src/libexec/httpd: bozohttpd.8

Log Message:
add a note about how to setup http -> https redirection.

bump documented version.


To generate a diff of this commit:
cvs rdiff -u -r1.92 -r1.93 src/libexec/httpd/bozohttpd.8

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/libexec/httpd

2023-06-07 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Wed Jun  7 20:22:22 UTC 2023

Modified Files:
src/libexec/httpd: bozohttpd.8

Log Message:
add a note about how to setup http -> https redirection.

bump documented version.


To generate a diff of this commit:
cvs rdiff -u -r1.92 -r1.93 src/libexec/httpd/bozohttpd.8

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.8
diff -u src/libexec/httpd/bozohttpd.8:1.92 src/libexec/httpd/bozohttpd.8:1.93
--- src/libexec/httpd/bozohttpd.8:1.92	Mon Sep 12 10:34:20 2022
+++ src/libexec/httpd/bozohttpd.8	Wed Jun  7 20:22:22 2023
@@ -1,8 +1,8 @@
-.\"	$NetBSD: bozohttpd.8,v 1.92 2022/09/12 10:34:20 martin Exp $
+.\"	$NetBSD: bozohttpd.8,v 1.93 2023/06/07 20:22:22 mrg Exp $
 .\"
 .\"	$eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $
 .\"
-.\" Copyright (c) 1997-2022 Matthew R. Green
+.\" Copyright (c) 1997-2023 Matthew R. Green
 .\" All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
@@ -26,7 +26,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd Sep 12, 22
+.Dd Sep 12, 2023
 .Dt BOZOHTTPD 8
 .Os
 .Sh NAME
@@ -524,6 +524,11 @@ To disable SSL SUPPORT compile
 with
 .Dq -DNO_SSL_SUPPORT
 on the compiler command line.
+.Pp
+To have an enforced redirect, such as http to https, create a shadow
+directory root that contains a
+.Pa .bzabsredirect
+file that points to the real target.
 .Ss COMPRESSION
 .Nm
 supports a very basic form of compression.
@@ -641,6 +646,7 @@ fi
 
 exit 1
 .Ed
+
 .Sh SEE ALSO
 .Xr inetd.conf 5 ,
 .Xr inetd 8
@@ -658,7 +664,7 @@ The focus has always been simplicity and
 and regular code audits.
 This manual documents
 .Nm
-version 20220517.
+version 20230602.
 .Sh AUTHORS
 .An -nosplit
 .Nm

CVS commit: src/libexec/httpd

2023-06-07 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Wed Jun  7 20:12:32 UTC 2023

Modified Files:
src/libexec/httpd: bozohttpd.c content-bozo.c main.c ssl-bozo.c

Log Message:
serve .iso as "application/octet-stream".  bump version & copyright.


To generate a diff of this commit:
cvs rdiff -u -r1.142 -r1.143 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.21 -r1.22 src/libexec/httpd/content-bozo.c
cvs rdiff -u -r1.30 -r1.31 src/libexec/httpd/main.c
cvs rdiff -u -r1.32 -r1.33 src/libexec/httpd/ssl-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/libexec/httpd

2023-06-07 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Wed Jun  7 20:12:32 UTC 2023

Modified Files:
src/libexec/httpd: bozohttpd.c content-bozo.c main.c ssl-bozo.c

Log Message:
serve .iso as "application/octet-stream".  bump version & copyright.


To generate a diff of this commit:
cvs rdiff -u -r1.142 -r1.143 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.21 -r1.22 src/libexec/httpd/content-bozo.c
cvs rdiff -u -r1.30 -r1.31 src/libexec/httpd/main.c
cvs rdiff -u -r1.32 -r1.33 src/libexec/httpd/ssl-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.142 src/libexec/httpd/bozohttpd.c:1.143
--- src/libexec/httpd/bozohttpd.c:1.142	Mon Sep 12 10:30:39 2022
+++ src/libexec/httpd/bozohttpd.c	Wed Jun  7 20:12:31 2023
@@ -1,9 +1,9 @@
-/*	$NetBSD: bozohttpd.c,v 1.142 2022/09/12 10:30:39 martin Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.143 2023/06/07 20:12:31 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
 /*
- * Copyright (c) 1997-2022 Matthew R. Green
+ * Copyright (c) 1997-2023 Matthew R. Green
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -108,7 +108,7 @@
 #define INDEX_HTML		"index.html"
 #endif
 #ifndef SERVER_SOFTWARE
-#define SERVER_SOFTWARE		"bozohttpd/20220517"
+#define SERVER_SOFTWARE		"bozohttpd/20230602"
 #endif
 #ifndef PUBLIC_HTML
 #define PUBLIC_HTML		"public_html"

Index: src/libexec/httpd/content-bozo.c
diff -u src/libexec/httpd/content-bozo.c:1.21 src/libexec/httpd/content-bozo.c:1.22
--- src/libexec/httpd/content-bozo.c:1.21	Tue May 31 06:34:33 2022
+++ src/libexec/httpd/content-bozo.c	Wed Jun  7 20:12:31 2023
@@ -1,9 +1,9 @@
-/*	$NetBSD: content-bozo.c,v 1.21 2022/05/31 06:34:33 mrg Exp $	*/
+/*	$NetBSD: content-bozo.c,v 1.22 2023/06/07 20:12:31 mrg Exp $	*/
 
 /*	$eterna: content-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $	*/
 
 /*
- * Copyright (c) 1997-2021 Matthew R. Green
+ * Copyright (c) 1997-2023 Matthew R. Green
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -198,6 +198,7 @@ static bozo_content_map_t static_content
 	{ ".vrml",	"x-world/x-vrml",		"",		"", NULL },
 	{ ".svg",	"image/svg+xml",		"",		"", NULL },
 	{ ".mobi",	"application/x-mobipocket-ebook", "",		"", NULL },
+	{ ".iso",	"application/octet-stream",	"",		"", NULL },
 	{ NULL,		NULL,		NULL,		NULL, NULL }
 };
 

Index: src/libexec/httpd/main.c
diff -u src/libexec/httpd/main.c:1.30 src/libexec/httpd/main.c:1.31
--- src/libexec/httpd/main.c:1.30	Mon Sep 12 10:30:39 2022
+++ src/libexec/httpd/main.c	Wed Jun  7 20:12:31 2023
@@ -1,10 +1,10 @@
-/*	$NetBSD: main.c,v 1.30 2022/09/12 10:30:39 martin Exp $	*/
+/*	$NetBSD: main.c,v 1.31 2023/06/07 20:12:31 mrg Exp $	*/
 
 /*	$eterna: main.c,v 1.6 2011/11/18 09:21:15 mrg Exp $	*/
 /* from: eterna: bozohttpd.c,v 1.159 2009/05/23 02:14:30 mrg Exp 	*/
 
 /*
- * Copyright (c) 1997-2021 Matthew R. Green
+ * Copyright (c) 1997-2023 Matthew R. Green
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Index: src/libexec/httpd/ssl-bozo.c
diff -u src/libexec/httpd/ssl-bozo.c:1.32 src/libexec/httpd/ssl-bozo.c:1.33
--- src/libexec/httpd/ssl-bozo.c:1.32	Mon Sep 12 10:30:39 2022
+++ src/libexec/httpd/ssl-bozo.c	Wed Jun  7 20:12:31 2023
@@ -1,9 +1,9 @@
-/*	$NetBSD: ssl-bozo.c,v 1.32 2022/09/12 10:30:39 martin Exp $	*/
+/*	$NetBSD: ssl-bozo.c,v 1.33 2023/06/07 20:12:31 mrg Exp $	*/
 
 /*	$eterna: ssl-bozo.c,v 1.15 2011/11/18 09:21:15 mrg Exp $	*/
 
 /*
- * Copyright (c) 1997-2020 Matthew R. Green
+ * Copyright (c) 1997-2023 Matthew R. Green
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

CVS commit: src/libexec/httpd/libbozohttpd

2023-05-09 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Tue May  9 13:07:44 UTC 2023

Modified Files:
src/libexec/httpd/libbozohttpd: Makefile

Log Message:
Deal with OpenSSL-3.x


To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 src/libexec/httpd/libbozohttpd/Makefile

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/libbozohttpd/Makefile
diff -u src/libexec/httpd/libbozohttpd/Makefile:1.3 src/libexec/httpd/libbozohttpd/Makefile:1.4
--- src/libexec/httpd/libbozohttpd/Makefile:1.3	Sun May 21 11:28:41 2017
+++ src/libexec/httpd/libbozohttpd/Makefile	Tue May  9 09:07:43 2023
@@ -24,4 +24,6 @@ INCSDIR=	/usr/include
 LDADD+=	-lssl -lcrypto
 DPADD+=	${LIBSSL} ${LIBCRYPTO}
 
+COPTS.ssl-bozo.c+= -Wno-error=deprecated-declarations
+
 .include

CVS commit: src/libexec/httpd/libbozohttpd

2023-05-09 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Tue May  9 13:07:44 UTC 2023

Modified Files:
src/libexec/httpd/libbozohttpd: Makefile

Log Message:
Deal with OpenSSL-3.x


To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 src/libexec/httpd/libbozohttpd/Makefile

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/libexec/httpd

2023-05-08 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Tue May  9 01:47:21 UTC 2023

Modified Files:
src/libexec/httpd: Makefile

Log Message:
accommodate OpenSSL-3.x


To generate a diff of this commit:
cvs rdiff -u -r1.31 -r1.32 src/libexec/httpd/Makefile

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/Makefile
diff -u src/libexec/httpd/Makefile:1.31 src/libexec/httpd/Makefile:1.32
--- src/libexec/httpd/Makefile:1.31	Sat Feb 27 23:18:46 2021
+++ src/libexec/httpd/Makefile	Mon May  8 21:47:21 2023
@@ -1,4 +1,4 @@
-#	$NetBSD: Makefile,v 1.31 2021/02/28 04:18:46 mrg Exp $
+#	$NetBSD: Makefile,v 1.32 2023/05/09 01:47:21 christos Exp $
 #
 #	$eterna: Makefile,v 1.30 2010/07/11 00:34:27 mrg Exp $
 #
@@ -33,6 +33,8 @@ SRCS=	bozohttpd.c ssl-bozo.c auth-bozo.c
 	tilde-luzah-bozo.c dir-index-bozo.c content-bozo.c lua-bozo.c
 SRCS+=	main.c
 
+COPTS.ssl-bozo.c+=-Wno-error=deprecated-declarations
+
 LDADD=	-lblocklist -lcrypt -llua -lm
 DPADD=	${LIBBLOCKLIST} ${LIBCRYPT} ${LIBLUA} ${LIBM}

CVS commit: src/libexec/httpd

2023-05-08 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Tue May  9 01:47:21 UTC 2023

Modified Files:
src/libexec/httpd: Makefile

Log Message:
accommodate OpenSSL-3.x


To generate a diff of this commit:
cvs rdiff -u -r1.31 -r1.32 src/libexec/httpd/Makefile

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/libexec/httpd

2022-09-12 Thread Martin Husemann 
Module Name:src
Committed By:   martin
Date:   Mon Sep 12 10:34:20 UTC 2022

Modified Files:
src/libexec/httpd: bozohttpd.8

Log Message:
Document the -q option.


To generate a diff of this commit:
cvs rdiff -u -r1.91 -r1.92 src/libexec/httpd/bozohttpd.8

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.8
diff -u src/libexec/httpd/bozohttpd.8:1.91 src/libexec/httpd/bozohttpd.8:1.92
--- src/libexec/httpd/bozohttpd.8:1.91	Wed May 18 00:37:11 2022
+++ src/libexec/httpd/bozohttpd.8	Mon Sep 12 10:34:20 2022
@@ -1,4 +1,4 @@
-.\"	$NetBSD: bozohttpd.8,v 1.91 2022/05/18 00:37:11 mrg Exp $
+.\"	$NetBSD: bozohttpd.8,v 1.92 2022/09/12 10:34:20 martin Exp $
 .\"
 .\"	$eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $
 .\"
@@ -26,7 +26,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd May 24, 17
+.Dd Sep 12, 22
 .Dt BOZOHTTPD 8
 .Os
 .Sh NAME
@@ -34,7 +34,7 @@
 .Nd hyper text transfer protocol version 1.1 daemon
 .Sh SYNOPSIS
 .Nm
-.Op Fl EGHVXdefhnsu
+.Op Fl EGHVXdefhnqsu
 .Op Fl C Ar suffix cgihandler
 .Op Fl I Ar port
 .Op Fl L Ar prefix script
@@ -77,7 +77,9 @@ writes logs to
 .Xr syslog 3
 using the ftp facility (but see the
 .Fl s
-option for testing.)
+option for testing and the
+.Fl q
+option for supressing this.)
 .Nm
 is designed to be small, simple and relatively featureless,
 hopefully increasing its security.
@@ -256,6 +258,8 @@ translations from
 .Dq public_html
 to
 .Ar pubdir .
+.It Fl q
+Quiet mode - no log entries generated.
 .It Fl R Ar readme
 When directory indexing is enabled, include the contents of the file
 .Ar readme

CVS commit: src/libexec/httpd

2022-09-12 Thread Martin Husemann 
Module Name:src
Committed By:   martin
Date:   Mon Sep 12 10:34:20 UTC 2022

Modified Files:
src/libexec/httpd: bozohttpd.8

Log Message:
Document the -q option.


To generate a diff of this commit:
cvs rdiff -u -r1.91 -r1.92 src/libexec/httpd/bozohttpd.8

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/libexec/httpd

2022-09-12 Thread Martin Husemann 
Module Name:src
Committed By:   martin
Date:   Mon Sep 12 10:30:39 UTC 2022

Modified Files:
src/libexec/httpd: bozohttpd.c bozohttpd.h main.c ssl-bozo.c

Log Message:
Add a -q option to make http quiet (no log messages).

Usefull when running multiple instances and some for (high traffic)
APIs e.g. to receive log data from appliences - it makes not sense
to duplicate the whole log in the xferlog file (but we can't configure
that at the syslog level due to other httpd instances using that).


To generate a diff of this commit:
cvs rdiff -u -r1.141 -r1.142 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.72 -r1.73 src/libexec/httpd/bozohttpd.h
cvs rdiff -u -r1.29 -r1.30 src/libexec/httpd/main.c
cvs rdiff -u -r1.31 -r1.32 src/libexec/httpd/ssl-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.141 src/libexec/httpd/bozohttpd.c:1.142
--- src/libexec/httpd/bozohttpd.c:1.141	Wed May 18 00:37:11 2022
+++ src/libexec/httpd/bozohttpd.c	Mon Sep 12 10:30:39 2022
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.141 2022/05/18 00:37:11 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.142 2022/09/12 10:30:39 martin Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -2022,11 +2022,13 @@ debug__(bozohttpd_t *httpd, int level, c
 
 	savederrno = errno;
 	va_start(ap, fmt);
-	if (httpd->logstderr) {
-		vfprintf(stderr, fmt, ap);
-		fputs("\n", stderr);
-	} else
-		vsyslog(LOG_DEBUG, fmt, ap);
+	if (!httpd->nolog) {
+		if (httpd->logstderr) {
+			vfprintf(stderr, fmt, ap);
+			fputs("\n", stderr);
+		} else
+			vsyslog(LOG_DEBUG, fmt, ap);
+	}
 	va_end(ap);
 	errno = savederrno;
 }
@@ -2039,12 +2041,14 @@ bozowarn(bozohttpd_t *httpd, const char 
 	va_list ap;
 
 	va_start(ap, fmt);
-	if (httpd->logstderr || isatty(STDERR_FILENO)) {
-		//fputs("warning: ", stderr);
-		vfprintf(stderr, fmt, ap);
-		fputs("\n", stderr);
-	} else
-		vsyslog(LOG_INFO, fmt, ap);
+	if (!httpd->nolog) {
+		if (httpd->logstderr || isatty(STDERR_FILENO)) {
+			//fputs("warning: ", stderr);
+			vfprintf(stderr, fmt, ap);
+			fputs("\n", stderr);
+		} else
+			vsyslog(LOG_INFO, fmt, ap);
+	}
 	va_end(ap);
 }
 
@@ -2054,12 +2058,14 @@ bozoerr(bozohttpd_t *httpd, int code, co
 	va_list ap;
 
 	va_start(ap, fmt);
-	if (httpd->logstderr || isatty(STDERR_FILENO)) {
-		//fputs("error: ", stderr);
-		vfprintf(stderr, fmt, ap);
-		fputs("\n", stderr);
-	} else
-		vsyslog(LOG_ERR, fmt, ap);
+	if (!httpd->nolog) {
+		if (httpd->logstderr || isatty(STDERR_FILENO)) {
+			//fputs("error: ", stderr);
+			vfprintf(stderr, fmt, ap);
+			fputs("\n", stderr);
+		} else
+			vsyslog(LOG_ERR, fmt, ap);
+	}
 	va_end(ap);
 	exit(code);
 }
@@ -2591,6 +2597,10 @@ bozo_setup(bozohttpd_t *httpd, bozoprefs
 	strcmp(cp, "true") == 0) {
 		httpd->logstderr = 1;
 	}
+	if ((cp = bozo_get_pref(prefs, "no log")) != NULL &&
+	strcmp(cp, "true") == 0) {
+		httpd->nolog = 1;
+	}
 	if ((cp = bozo_get_pref(prefs, "bind address")) != NULL) {
 		httpd->bindaddress = bozostrdup(httpd, NULL, cp);
 	}

Index: src/libexec/httpd/bozohttpd.h
diff -u src/libexec/httpd/bozohttpd.h:1.72 src/libexec/httpd/bozohttpd.h:1.73
--- src/libexec/httpd/bozohttpd.h:1.72	Wed May 18 00:37:11 2022
+++ src/libexec/httpd/bozohttpd.h	Mon Sep 12 10:30:39 2022
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.h,v 1.72 2022/05/18 00:37:11 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.h,v 1.73 2022/09/12 10:30:39 martin Exp $	*/
 
 /*	$eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -103,6 +103,7 @@ typedef struct bozohttpd_t {
 	char		*virtbase;	/* virtual directory base */
 	int		 unknown_slash;	/* unknown vhosts go to normal slashdir */
 	int		 logstderr;	/* log to stderr (even if not tty) */
+	int		 nolog;		/* do not log anything */
 	int		 background;	/* drop into daemon mode */
 	int		 foreground;	/* keep daemon mode in foreground */
 	char		*pidfile;	/* path to the pid file, if any */

Index: src/libexec/httpd/main.c
diff -u src/libexec/httpd/main.c:1.29 src/libexec/httpd/main.c:1.30
--- src/libexec/httpd/main.c:1.29	Tue Aug 24 09:47:36 2021
+++ src/libexec/httpd/main.c	Mon Sep 12 10:30:39 2022
@@ -1,4 +1,4 @@
-/*	$NetBSD: main.c,v 1.29 2021/08/24 09:47:36 mrg Exp $	*/
+/*	$NetBSD: main.c,v 1.30 2022/09/12 10:30:39 martin Exp $	*/
 
 /*	$eterna: main.c,v 1.6 2011/11/18 09:21:15 mrg Exp $	*/
 /* from: eterna: bozohttpd.c,v 1.159 2009/05/23 02:14:30 mrg Exp 	*/
@@ -102,6 +102,8 @@ usage(bozohttpd_t *httpd, char *progname
 		bozowarn(httpd, "   -P pidfile\t\tpid file path");
 	if (have_user)
 		bozowarn(httpd, "   -p dir\t\t\"public_html\" directory name");
+	if (have_core)
+		bozowarn(httpd, "   -q\t\tquiet mode, no logging");
 	if (have_dirindex)
 		bozowarn(httpd, "   -R readme\t\tput readme file in footer "
 "of directory index");
@@ -164,7 +166,7 @@ main(int argc, char **argv)
 	 */
 
 	while ((c =

CVS commit: src/libexec/httpd

2022-09-12 Thread Martin Husemann 
Module Name:src
Committed By:   martin
Date:   Mon Sep 12 10:30:39 UTC 2022

Modified Files:
src/libexec/httpd: bozohttpd.c bozohttpd.h main.c ssl-bozo.c

Log Message:
Add a -q option to make http quiet (no log messages).

Usefull when running multiple instances and some for (high traffic)
APIs e.g. to receive log data from appliences - it makes not sense
to duplicate the whole log in the xferlog file (but we can't configure
that at the syslog level due to other httpd instances using that).


To generate a diff of this commit:
cvs rdiff -u -r1.141 -r1.142 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.72 -r1.73 src/libexec/httpd/bozohttpd.h
cvs rdiff -u -r1.29 -r1.30 src/libexec/httpd/main.c
cvs rdiff -u -r1.31 -r1.32 src/libexec/httpd/ssl-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/libexec/httpd

2022-05-31 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Tue May 31 06:34:33 UTC 2022

Modified Files:
src/libexec/httpd: content-bozo.c

Log Message:
add .mobi / application/x-mobipocket-ebook.


To generate a diff of this commit:
cvs rdiff -u -r1.20 -r1.21 src/libexec/httpd/content-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/content-bozo.c
diff -u src/libexec/httpd/content-bozo.c:1.20 src/libexec/httpd/content-bozo.c:1.21
--- src/libexec/httpd/content-bozo.c:1.20	Sat Feb 27 12:55:25 2021
+++ src/libexec/httpd/content-bozo.c	Tue May 31 06:34:33 2022
@@ -1,4 +1,4 @@
-/*	$NetBSD: content-bozo.c,v 1.20 2021/02/27 12:55:25 mrg Exp $	*/
+/*	$NetBSD: content-bozo.c,v 1.21 2022/05/31 06:34:33 mrg Exp $	*/
 
 /*	$eterna: content-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -197,6 +197,7 @@ static bozo_content_map_t static_content
 	{ ".wrl",	"x-world/x-vrml",		"",		"", NULL },
 	{ ".vrml",	"x-world/x-vrml",		"",		"", NULL },
 	{ ".svg",	"image/svg+xml",		"",		"", NULL },
+	{ ".mobi",	"application/x-mobipocket-ebook", "",		"", NULL },
 	{ NULL,		NULL,		NULL,		NULL, NULL }
 };

CVS commit: src/libexec/httpd

2022-05-31 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Tue May 31 06:34:33 UTC 2022

Modified Files:
src/libexec/httpd: content-bozo.c

Log Message:
add .mobi / application/x-mobipocket-ebook.


To generate a diff of this commit:
cvs rdiff -u -r1.20 -r1.21 src/libexec/httpd/content-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/libexec/httpd

2022-05-17 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Wed May 18 00:37:11 UTC 2022

Modified Files:
src/libexec/httpd: bozohttpd.8 bozohttpd.c bozohttpd.h dir-index-bozo.c

Log Message:
call this bozohttpd 20220517.


To generate a diff of this commit:
cvs rdiff -u -r1.90 -r1.91 src/libexec/httpd/bozohttpd.8
cvs rdiff -u -r1.140 -r1.141 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.71 -r1.72 src/libexec/httpd/bozohttpd.h
cvs rdiff -u -r1.35 -r1.36 src/libexec/httpd/dir-index-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.8
diff -u src/libexec/httpd/bozohttpd.8:1.90 src/libexec/httpd/bozohttpd.8:1.91
--- src/libexec/httpd/bozohttpd.8:1.90	Tue Jan  4 06:08:14 2022
+++ src/libexec/httpd/bozohttpd.8	Wed May 18 00:37:11 2022
@@ -1,8 +1,8 @@
-.\"	$NetBSD: bozohttpd.8,v 1.90 2022/01/04 06:08:14 kim Exp $
+.\"	$NetBSD: bozohttpd.8,v 1.91 2022/05/18 00:37:11 mrg Exp $
 .\"
 .\"	$eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $
 .\"
-.\" Copyright (c) 1997-2021 Matthew R. Green
+.\" Copyright (c) 1997-2022 Matthew R. Green
 .\" All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
@@ -26,7 +26,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd August 24, 2021
+.Dd May 24, 17
 .Dt BOZOHTTPD 8
 .Os
 .Sh NAME
@@ -654,7 +654,7 @@ The focus has always been simplicity and
 and regular code audits.
 This manual documents
 .Nm
-version 20220104.
+version 20220517.
 .Sh AUTHORS
 .An -nosplit
 .Nm

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.140 src/libexec/httpd/bozohttpd.c:1.141
--- src/libexec/httpd/bozohttpd.c:1.140	Sun Apr 10 09:50:44 2022
+++ src/libexec/httpd/bozohttpd.c	Wed May 18 00:37:11 2022
@@ -1,9 +1,9 @@
-/*	$NetBSD: bozohttpd.c,v 1.140 2022/04/10 09:50:44 andvar Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.141 2022/05/18 00:37:11 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
 /*
- * Copyright (c) 1997-2021 Matthew R. Green
+ * Copyright (c) 1997-2022 Matthew R. Green
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -108,7 +108,7 @@
 #define INDEX_HTML		"index.html"
 #endif
 #ifndef SERVER_SOFTWARE
-#define SERVER_SOFTWARE		"bozohttpd/20220104"
+#define SERVER_SOFTWARE		"bozohttpd/20220517"
 #endif
 #ifndef PUBLIC_HTML
 #define PUBLIC_HTML		"public_html"

Index: src/libexec/httpd/bozohttpd.h
diff -u src/libexec/httpd/bozohttpd.h:1.71 src/libexec/httpd/bozohttpd.h:1.72
--- src/libexec/httpd/bozohttpd.h:1.71	Tue Jan  4 06:08:14 2022
+++ src/libexec/httpd/bozohttpd.h	Wed May 18 00:37:11 2022
@@ -1,9 +1,9 @@
-/*	$NetBSD: bozohttpd.h,v 1.71 2022/01/04 06:08:14 kim Exp $	*/
+/*	$NetBSD: bozohttpd.h,v 1.72 2022/05/18 00:37:11 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $	*/
 
 /*
- * Copyright (c) 1997-2021 Matthew R. Green
+ * Copyright (c) 1997-2022 Matthew R. Green
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Index: src/libexec/httpd/dir-index-bozo.c
diff -u src/libexec/httpd/dir-index-bozo.c:1.35 src/libexec/httpd/dir-index-bozo.c:1.36
--- src/libexec/httpd/dir-index-bozo.c:1.35	Mon Mar 14 05:06:59 2022
+++ src/libexec/httpd/dir-index-bozo.c	Wed May 18 00:37:11 2022
@@ -1,9 +1,9 @@
-/*	$NetBSD: dir-index-bozo.c,v 1.35 2022/03/14 05:06:59 mrg Exp $	*/
+/*	$NetBSD: dir-index-bozo.c,v 1.36 2022/05/18 00:37:11 mrg Exp $	*/
 
 /*	$eterna: dir-index-bozo.c,v 1.20 2011/11/18 09:21:15 mrg Exp $	*/
 
 /*
- * Copyright (c) 1997-2020 Matthew R. Green
+ * Copyright (c) 1997-2022 Matthew R. Green
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

CVS commit: src/libexec/httpd

2022-05-17 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Wed May 18 00:37:11 UTC 2022

Modified Files:
src/libexec/httpd: bozohttpd.8 bozohttpd.c bozohttpd.h dir-index-bozo.c

Log Message:
call this bozohttpd 20220517.


To generate a diff of this commit:
cvs rdiff -u -r1.90 -r1.91 src/libexec/httpd/bozohttpd.8
cvs rdiff -u -r1.140 -r1.141 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.71 -r1.72 src/libexec/httpd/bozohttpd.h
cvs rdiff -u -r1.35 -r1.36 src/libexec/httpd/dir-index-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/libexec/httpd

2022-03-13 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Mon Mar 14 05:58:36 UTC 2022

Modified Files:
src/libexec/httpd: bozohttpd.c

Log Message:
in bozo_init_prefs(), default to returning 1 (success) and if a
bozo_set_pref() fails, return 0 instead.  fixes PR#54785 but with
a different patch.


To generate a diff of this commit:
cvs rdiff -u -r1.138 -r1.139 src/libexec/httpd/bozohttpd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/libexec/httpd

2022-03-13 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Mon Mar 14 05:58:36 UTC 2022

Modified Files:
src/libexec/httpd: bozohttpd.c

Log Message:
in bozo_init_prefs(), default to returning 1 (success) and if a
bozo_set_pref() fails, return 0 instead.  fixes PR#54785 but with
a different patch.


To generate a diff of this commit:
cvs rdiff -u -r1.138 -r1.139 src/libexec/httpd/bozohttpd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.138 src/libexec/httpd/bozohttpd.c:1.139
--- src/libexec/httpd/bozohttpd.c:1.138	Tue Jan  4 06:08:14 2022
+++ src/libexec/httpd/bozohttpd.c	Mon Mar 14 05:58:36 2022
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.138 2022/01/04 06:08:14 kim Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.139 2022/03/14 05:58:36 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -2520,26 +2520,26 @@ bozo_init_httpd(bozohttpd_t *httpd)
 int
 bozo_init_prefs(bozohttpd_t *httpd, bozoprefs_t *prefs)
 {
-	int rv = 0;
+	int rv = 1;
 
 	/* make sure everything is clean */
 	(void) memset(prefs, 0x0, sizeof(*prefs));
 
 	/* set up default values */
 	if (!bozo_set_pref(httpd, prefs, "server software", SERVER_SOFTWARE))
-		rv = 1;
+		rv = 0;
 	if (!bozo_set_pref(httpd, prefs, "index.html", INDEX_HTML))
-		rv = 1;
+		rv = 0;
 	if (!bozo_set_pref(httpd, prefs, "public_html", PUBLIC_HTML))
-		rv = 1;
+		rv = 0;
 	if (!bozo_set_pref(httpd, prefs, "ssl timeout", SSL_TIMEOUT))
-		rv = 1;
+		rv = 0;
 	if (!bozo_set_pref(httpd, prefs, "initial timeout", INITIAL_TIMEOUT))
-		rv = 1;
+		rv = 0;
 	if (!bozo_set_pref(httpd, prefs, "header timeout", HEADER_WAIT_TIME))
-		rv = 1;
+		rv = 0;
 	if (!bozo_set_pref(httpd, prefs, "request timeout", TOTAL_MAX_REQ_TIME))
-		rv = 1;
+		rv = 0;
 
 	return rv;
 }

CVS commit: src/libexec/httpd

2022-03-13 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Mon Mar 14 05:06:59 UTC 2022

Modified Files:
src/libexec/httpd: dir-index-bozo.c

Log Message:
check for scandir() returning -1.  should handle PR#56358.


To generate a diff of this commit:
cvs rdiff -u -r1.34 -r1.35 src/libexec/httpd/dir-index-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/dir-index-bozo.c
diff -u src/libexec/httpd/dir-index-bozo.c:1.34 src/libexec/httpd/dir-index-bozo.c:1.35
--- src/libexec/httpd/dir-index-bozo.c:1.34	Thu Oct 15 02:19:23 2020
+++ src/libexec/httpd/dir-index-bozo.c	Mon Mar 14 05:06:59 2022
@@ -1,4 +1,4 @@
-/*	$NetBSD: dir-index-bozo.c,v 1.34 2020/10/15 02:19:23 mrg Exp $	*/
+/*	$NetBSD: dir-index-bozo.c,v 1.35 2022/03/14 05:06:59 mrg Exp $	*/
 
 /*	$eterna: dir-index-bozo.c,v 1.20 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -141,7 +141,7 @@ bozo_dir_index(bozo_httpreq_t *request, 
 		"\r\n");
 
 	for (j = k = scandir(dirpath, , NULL, alphasort), deo = de;
-	j--; de++) {
+	j-- > 0; de++) {
 		int nostat = 0;
 		char *name = (*de)->d_name;
 		char *urlname, *htmlname;

CVS commit: src/libexec/httpd

2022-03-13 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Mon Mar 14 05:06:59 UTC 2022

Modified Files:
src/libexec/httpd: dir-index-bozo.c

Log Message:
check for scandir() returning -1.  should handle PR#56358.


To generate a diff of this commit:
cvs rdiff -u -r1.34 -r1.35 src/libexec/httpd/dir-index-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/libexec/httpd

2022-01-03 Thread Kimmo Suominen 
Module Name:src
Committed By:   kim
Date:   Tue Jan  4 06:08:14 UTC 2022

Modified Files:
src/libexec/httpd: CHANGES bozohttpd.8 bozohttpd.c bozohttpd.h

Log Message:
bozohttpd: remove obsolete .bzdirect handling

OK mrg@


To generate a diff of this commit:
cvs rdiff -u -r1.52 -r1.53 src/libexec/httpd/CHANGES
cvs rdiff -u -r1.89 -r1.90 src/libexec/httpd/bozohttpd.8
cvs rdiff -u -r1.137 -r1.138 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.70 -r1.71 src/libexec/httpd/bozohttpd.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/CHANGES
diff -u src/libexec/httpd/CHANGES:1.52 src/libexec/httpd/CHANGES:1.53
--- src/libexec/httpd/CHANGES:1.52	Fri Sep  3 21:54:59 2021
+++ src/libexec/httpd/CHANGES	Tue Jan  4 06:08:14 2022
@@ -1,4 +1,7 @@
-$NetBSD: CHANGES,v 1.52 2021/09/03 21:54:59 andvar Exp $
+$NetBSD: CHANGES,v 1.53 2022/01/04 06:08:14 kim Exp $
+
+changes in bozohttpd 20220104:
+	o  remove obsolete .bzdirect handling.
 
 changes in bozohttpd 20210824:
 	o  new "-m tlsversion" option to set the minimum TLS version

Index: src/libexec/httpd/bozohttpd.8
diff -u src/libexec/httpd/bozohttpd.8:1.89 src/libexec/httpd/bozohttpd.8:1.90
--- src/libexec/httpd/bozohttpd.8:1.89	Tue Aug 24 09:47:36 2021
+++ src/libexec/httpd/bozohttpd.8	Tue Jan  4 06:08:14 2022
@@ -1,4 +1,4 @@
-.\"	$NetBSD: bozohttpd.8,v 1.89 2021/08/24 09:47:36 mrg Exp $
+.\"	$NetBSD: bozohttpd.8,v 1.90 2022/01/04 06:08:14 kim Exp $
 .\"
 .\"	$eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $
 .\"
@@ -532,14 +532,9 @@ the client did not make a ranged request
 .Nm
 looks for a couple of special files in directories that allow certain features
 to be provided on a per-directory basis.
-In addition to the
+The
 .Pa .htpasswd
-used by HTTP basic authorization,
-if a
-.Pa .bzdirect
-file is found (contents are irrelevant)
-.Nm
-will allow direct access.
+file is used by HTTP basic authorization.
 If a
 .Pa .bzredirect
 symbolic link is found,
@@ -659,7 +654,7 @@ The focus has always been simplicity and
 and regular code audits.
 This manual documents
 .Nm
-version 20210824.
+version 20220104.
 .Sh AUTHORS
 .An -nosplit
 .Nm
@@ -826,6 +821,12 @@ enhanced cgi-bin support
 .Aq Mt jo...@netbsd.org
 implemented If-Modified-Since support
 .It
+.An Kimmo Suominen
+.Aq Mt k...@netbsd.org
+removed obsolete
+.Pa .bzdirect
+handling
+.It
 .An ISIHARA Takanori
 .Aq Mt is...@oak.dti.ne.jp
 provided a man page fix

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.137 src/libexec/httpd/bozohttpd.c:1.138
--- src/libexec/httpd/bozohttpd.c:1.137	Fri Dec 10 20:36:02 2021
+++ src/libexec/httpd/bozohttpd.c	Tue Jan  4 06:08:14 2022
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.137 2021/12/10 20:36:02 andvar Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.138 2022/01/04 06:08:14 kim Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -108,7 +108,7 @@
 #define INDEX_HTML		"index.html"
 #endif
 #ifndef SERVER_SOFTWARE
-#define SERVER_SOFTWARE		"bozohttpd/20210824"
+#define SERVER_SOFTWARE		"bozohttpd/20220104"
 #endif
 #ifndef PUBLIC_HTML
 #define PUBLIC_HTML		"public_html"
@@ -177,7 +177,6 @@ struct {
 	const char *file;
 	const char *name;
 } specials[] = {
-	{ DIRECT_ACCESS_FILE, "rejected direct access request" },
 	{ REDIRECT_FILE,  "rejected redirect request" },
 	{ ABSREDIRECT_FILE,   "rejected absredirect request" },
 	{ REMAP_FILE, "rejected remap request" },

Index: src/libexec/httpd/bozohttpd.h
diff -u src/libexec/httpd/bozohttpd.h:1.70 src/libexec/httpd/bozohttpd.h:1.71
--- src/libexec/httpd/bozohttpd.h:1.70	Tue Aug 24 09:47:36 2021
+++ src/libexec/httpd/bozohttpd.h	Tue Jan  4 06:08:14 2022
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.h,v 1.70 2021/08/24 09:47:36 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.h,v 1.71 2022/01/04 06:08:14 kim Exp $	*/
 
 /*	$eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -267,9 +267,6 @@ void	debug__(bozohttpd_t *, int, const c
  * bozo_check_special_files()
  */
 
-#ifndef DIRECT_ACCESS_FILE
-#define DIRECT_ACCESS_FILE	".bzdirect"
-#endif
 #ifndef REDIRECT_FILE
 #define REDIRECT_FILE		".bzredirect"
 #endif

CVS commit: src/libexec/httpd

2022-01-03 Thread Kimmo Suominen 
Module Name:src
Committed By:   kim
Date:   Tue Jan  4 06:08:14 UTC 2022

Modified Files:
src/libexec/httpd: CHANGES bozohttpd.8 bozohttpd.c bozohttpd.h

Log Message:
bozohttpd: remove obsolete .bzdirect handling

OK mrg@


To generate a diff of this commit:
cvs rdiff -u -r1.52 -r1.53 src/libexec/httpd/CHANGES
cvs rdiff -u -r1.89 -r1.90 src/libexec/httpd/bozohttpd.8
cvs rdiff -u -r1.137 -r1.138 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.70 -r1.71 src/libexec/httpd/bozohttpd.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/libexec/httpd

2021-08-24 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Tue Aug 24 09:53:26 UTC 2021

Modified Files:
src/libexec/httpd: CHANGES ssl-bozo.c

Log Message:
extend the list of available ciphers to include most of the
openssl "HIGH" with some additional disables.  retain the current
list of bad options.  should deal with PR#51278.


To generate a diff of this commit:
cvs rdiff -u -r1.50 -r1.51 src/libexec/httpd/CHANGES
cvs rdiff -u -r1.30 -r1.31 src/libexec/httpd/ssl-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/CHANGES
diff -u src/libexec/httpd/CHANGES:1.50 src/libexec/httpd/CHANGES:1.51
--- src/libexec/httpd/CHANGES:1.50	Tue Aug 24 09:47:36 2021
+++ src/libexec/httpd/CHANGES	Tue Aug 24 09:53:26 2021
@@ -1,8 +1,11 @@
-$NetBSD: CHANGES,v 1.50 2021/08/24 09:47:36 mrg Exp $
+$NetBSD: CHANGES,v 1.51 2021/08/24 09:53:26 mrg Exp $
 
 changes in bozohttpd 20210824:
 	o  new "-m tlsversion" option to set the minimum TLS version
 	   available.  partially from .
+	o  extend the list of available ciphers to include most of the
+	   openssl "HIGH" with some additional disables.  retain the current
+	   list of bad options.  should deal with PR#51278.
 
 changes in bozohttpd 20210504:
 	o  don't assume host BUFSIZ is sufficent.  small BUFSIZ leads to

Index: src/libexec/httpd/ssl-bozo.c
diff -u src/libexec/httpd/ssl-bozo.c:1.30 src/libexec/httpd/ssl-bozo.c:1.31
--- src/libexec/httpd/ssl-bozo.c:1.30	Tue Aug 24 09:47:36 2021
+++ src/libexec/httpd/ssl-bozo.c	Tue Aug 24 09:53:26 2021
@@ -1,4 +1,4 @@
-/*	$NetBSD: ssl-bozo.c,v 1.30 2021/08/24 09:47:36 mrg Exp $	*/
+/*	$NetBSD: ssl-bozo.c,v 1.31 2021/08/24 09:53:26 mrg Exp $	*/
 
 /*	$eterna: ssl-bozo.c,v 1.15 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -51,10 +51,15 @@
 
 #ifndef BOZO_SSL_CIPHERS
 #define BOZO_SSL_CIPHERS 	\
-	"AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:"		\
-	"AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:"		\
-	"AES:"			\
-	"-SHA:"			\
+	"HIGH:"			\
+	"-SHA:-ADH:"		\
+	"-PSK-AES128-CCM:-PSK-AES256-CCM:"			\
+	"-DHE-PSK-AES128-CCM8:-DHE-PSK-AES256-CCM8:"		\
+	"-AES128-CCM8:-AES256-CCM8:"\
+	"-DHE-RSA-AES128-CCM8:-DHE-RSA-AES256-CCM8:"		\
+	"-PSK-AES128-CCM8:-PSK-AES256-CCM8:"			\
+	"-CAMELLIA128:-CAMELLIA256:"\
+	"-RSA-PSK-CHACHA20-POLY1305:"\
 	"!aNULL:!eNULL:"	\
 	"!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:"			\
 	"!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:"		\

CVS commit: src/libexec/httpd

2021-08-24 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Tue Aug 24 09:53:26 UTC 2021

Modified Files:
src/libexec/httpd: CHANGES ssl-bozo.c

Log Message:
extend the list of available ciphers to include most of the
openssl "HIGH" with some additional disables.  retain the current
list of bad options.  should deal with PR#51278.


To generate a diff of this commit:
cvs rdiff -u -r1.50 -r1.51 src/libexec/httpd/CHANGES
cvs rdiff -u -r1.30 -r1.31 src/libexec/httpd/ssl-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/libexec/httpd

2021-08-24 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Tue Aug 24 09:47:36 UTC 2021

Modified Files:
src/libexec/httpd: CHANGES bozohttpd.8 bozohttpd.c bozohttpd.h main.c
ssl-bozo.c

Log Message:
implement tls minimum version setting.

mostly from su...@nimmagadda.net in PR#55830, though i moved the
member into the main http structure, so that it doesn't trigger
sslinfo being allocated via command line without the rest of the
ssl being setup (which then leads to crashes.)


To generate a diff of this commit:
cvs rdiff -u -r1.49 -r1.50 src/libexec/httpd/CHANGES
cvs rdiff -u -r1.88 -r1.89 src/libexec/httpd/bozohttpd.8
cvs rdiff -u -r1.135 -r1.136 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.69 -r1.70 src/libexec/httpd/bozohttpd.h
cvs rdiff -u -r1.28 -r1.29 src/libexec/httpd/main.c
cvs rdiff -u -r1.29 -r1.30 src/libexec/httpd/ssl-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/CHANGES
diff -u src/libexec/httpd/CHANGES:1.49 src/libexec/httpd/CHANGES:1.50
--- src/libexec/httpd/CHANGES:1.49	Wed May  5 07:41:48 2021
+++ src/libexec/httpd/CHANGES	Tue Aug 24 09:47:36 2021
@@ -1,4 +1,8 @@
-$NetBSD: CHANGES,v 1.49 2021/05/05 07:41:48 mrg Exp $
+$NetBSD: CHANGES,v 1.50 2021/08/24 09:47:36 mrg Exp $
+
+changes in bozohttpd 20210824:
+	o  new "-m tlsversion" option to set the minimum TLS version
+	   available.  partially from .
 
 changes in bozohttpd 20210504:
 	o  don't assume host BUFSIZ is sufficent.  small BUFSIZ leads to

Index: src/libexec/httpd/bozohttpd.8
diff -u src/libexec/httpd/bozohttpd.8:1.88 src/libexec/httpd/bozohttpd.8:1.89
--- src/libexec/httpd/bozohttpd.8:1.88	Sun Feb 28 05:19:52 2021
+++ src/libexec/httpd/bozohttpd.8	Tue Aug 24 09:47:36 2021
@@ -1,4 +1,4 @@
-.\"	$NetBSD: bozohttpd.8,v 1.88 2021/02/28 05:19:52 mrg Exp $
+.\"	$NetBSD: bozohttpd.8,v 1.89 2021/08/24 09:47:36 mrg Exp $
 .\"
 .\"	$eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $
 .\"
@@ -26,7 +26,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd February 27, 2021
+.Dd August 24, 2021
 .Dt BOZOHTTPD 8
 .Os
 .Sh NAME
@@ -39,6 +39,7 @@
 .Op Fl I Ar port
 .Op Fl L Ar prefix script
 .Op Fl M Ar suffix type encoding encoding11
+.Op Fl m Ar version
 .Op Fl P Ar pidfile
 .Op Fl R Ar readme
 .Op Fl S Ar version
@@ -221,6 +222,18 @@ the empty string is used instead.
 Multiple
 .Fl M
 options may be passed.
+.It Fl m Ar version
+Set the minimum supported SSL protocol
+.Ar version .
+The valid values of
+.Ar version
+are
+.Dq TLSv1.1 ,
+.Dq TLSv1.2 ,
+and
+.Dq TLSv1.3 .
+The default version is
+.Dq TLSv1.1 .
 .It Fl n
 Stops
 .Nm
@@ -646,7 +659,7 @@ The focus has always been simplicity and
 and regular code audits.
 This manual documents
 .Nm
-version 20210227.
+version 20210824.
 .Sh AUTHORS
 .An -nosplit
 .Nm
@@ -769,6 +782,10 @@ option (pidfile support) and provided so
 provided many various fixes, including cgi-bin fixes and enhancements,
 HTTP basic authorization support and much code clean up
 .It
+.An Sunil Nimmagadda
+.Aq Mt su...@nimmagadda.net
+provided runtime TLS version control
+.It
 .An Rajeev V. Pillai
 .Aq Mt rajeev_v_pil...@yahoo.com
 provided several fixes for virtual hosting and directory indexing and
@@ -819,7 +836,6 @@ provided http authorization fixes
 .It
 .Aq Mt x...@kittenz.org
 provided chroot and change-to-user support, and other various fixes
-
 .It
 .An S.P.Zeidler
 .Aq Mt s...@netbsd.org

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.135 src/libexec/httpd/bozohttpd.c:1.136
--- src/libexec/httpd/bozohttpd.c:1.135	Tue Aug 24 05:39:39 2021
+++ src/libexec/httpd/bozohttpd.c	Tue Aug 24 09:47:36 2021
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.135 2021/08/24 05:39:39 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.136 2021/08/24 09:47:36 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -108,7 +108,7 @@
 #define INDEX_HTML		"index.html"
 #endif
 #ifndef SERVER_SOFTWARE
-#define SERVER_SOFTWARE		"bozohttpd/20210504"
+#define SERVER_SOFTWARE		"bozohttpd/20210824"
 #endif
 #ifndef PUBLIC_HTML
 #define PUBLIC_HTML		"public_html"

Index: src/libexec/httpd/bozohttpd.h
diff -u src/libexec/httpd/bozohttpd.h:1.69 src/libexec/httpd/bozohttpd.h:1.70
--- src/libexec/httpd/bozohttpd.h:1.69	Wed May  5 07:41:48 2021
+++ src/libexec/httpd/bozohttpd.h	Tue Aug 24 09:47:36 2021
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.h,v 1.69 2021/05/05 07:41:48 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.h,v 1.70 2021/08/24 09:47:36 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -130,6 +130,7 @@ typedef struct bozohttpd_t {
 	unsigned	initial_timeout;/* first line timeout */
 	unsigned	header_timeout;	/* header lines timeout */
 	unsigned	request_timeout;/* total session timeout */
+	char		*ssl_min_proto;	/* minimum ssl protocol level */
 #ifndef NO_LUA_SUPPORT
 	int

CVS commit: src/libexec/httpd

2021-08-24 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Tue Aug 24 09:47:36 UTC 2021

Modified Files:
src/libexec/httpd: CHANGES bozohttpd.8 bozohttpd.c bozohttpd.h main.c
ssl-bozo.c

Log Message:
implement tls minimum version setting.

mostly from su...@nimmagadda.net in PR#55830, though i moved the
member into the main http structure, so that it doesn't trigger
sslinfo being allocated via command line without the rest of the
ssl being setup (which then leads to crashes.)


To generate a diff of this commit:
cvs rdiff -u -r1.49 -r1.50 src/libexec/httpd/CHANGES
cvs rdiff -u -r1.88 -r1.89 src/libexec/httpd/bozohttpd.8
cvs rdiff -u -r1.135 -r1.136 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.69 -r1.70 src/libexec/httpd/bozohttpd.h
cvs rdiff -u -r1.28 -r1.29 src/libexec/httpd/main.c
cvs rdiff -u -r1.29 -r1.30 src/libexec/httpd/ssl-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/libexec/httpd

2021-08-23 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Tue Aug 24 05:39:39 UTC 2021

Modified Files:
src/libexec/httpd: bozohttpd.c

Log Message:
rework the bindport setting, inspired by part of the patch
from PR#56367 (thanks JP.)


To generate a diff of this commit:
cvs rdiff -u -r1.134 -r1.135 src/libexec/httpd/bozohttpd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.134 src/libexec/httpd/bozohttpd.c:1.135
--- src/libexec/httpd/bozohttpd.c:1.134	Tue Aug 24 05:29:27 2021
+++ src/libexec/httpd/bozohttpd.c	Tue Aug 24 05:39:39 2021
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.134 2021/08/24 05:29:27 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.135 2021/08/24 05:39:39 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -148,7 +148,7 @@
 #include "bozohttpd.h"
 
 #ifndef SSL_TIMEOUT
-#define	SSL_TIMEOUT		"30"	/* wait for 30 seconds for ssl handshake  */
+#define	SSL_TIMEOUT		"30"	/* ssl handshake: 30 seconds timeout */
 #endif
 #ifndef INITIAL_TIMEOUT
 #define	INITIAL_TIMEOUT		"30"	/* wait for 30 seconds initially */
@@ -670,23 +670,14 @@ bozo_read_request(bozohttpd_t *httpd)
 	 * Override the bound port from the request value, so it works even
 	 * if passed through a proxy that doesn't rewrite the port.
 	 */
+	port = NULL;
 	if (httpd->bindport) {
 		if (strcmp(httpd->bindport, BOZO_HTTP_PORT) != 0)
 			port = httpd->bindport;
-		else
-			port = NULL;
-	} else {
-		if (getsockname(0, (struct sockaddr *)(void *), ) < 0)
-			port = NULL;
-		else {
-			if (getnameinfo((struct sockaddr *)(void *), slen,
-	NULL, 0, bufport, sizeof bufport,
-	NI_NUMERICSERV) == 0)
-port = bufport;
-			else
-port = NULL;
-		}
-	}
+	} else if (getsockname(0, (struct sockaddr *)(void *), ) == 0 &&
+		   getnameinfo((struct sockaddr *)(void *), slen, NULL, 0,
+			   bufport, sizeof bufport, NI_NUMERICSERV) == 0)
+		port = bufport;
 	if (port != NULL)
 		request->hr_serverport = bozostrdup(httpd, request, port);

CVS commit: src/libexec/httpd

2021-08-23 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Tue Aug 24 05:39:39 UTC 2021

Modified Files:
src/libexec/httpd: bozohttpd.c

Log Message:
rework the bindport setting, inspired by part of the patch
from PR#56367 (thanks JP.)


To generate a diff of this commit:
cvs rdiff -u -r1.134 -r1.135 src/libexec/httpd/bozohttpd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/libexec/httpd

2021-08-23 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Tue Aug 24 05:29:27 UTC 2021

Modified Files:
src/libexec/httpd: bozohttpd.c main.c

Log Message:
remove unused parameters, and clean up incompatible options.

from 


To generate a diff of this commit:
cvs rdiff -u -r1.133 -r1.134 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.27 -r1.28 src/libexec/httpd/main.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.133 src/libexec/httpd/bozohttpd.c:1.134
--- src/libexec/httpd/bozohttpd.c:1.133	Sat Aug 21 11:55:24 2021
+++ src/libexec/httpd/bozohttpd.c	Tue Aug 24 05:29:27 2021
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.133 2021/08/21 11:55:24 andvar Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.134 2021/08/24 05:29:27 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -241,7 +241,7 @@ bozo_set_pref(bozohttpd_t *httpd, bozopr
 }
 
 static void
-bozo_clear_prefs(bozohttpd_t *httpd, bozoprefs_t *prefs)
+bozo_clear_prefs(bozoprefs_t *prefs)
 {
 	size_t	i;
 
@@ -2722,7 +2722,7 @@ bozo_setup(bozohttpd_t *httpd, bozoprefs
 void
 bozo_cleanup(bozohttpd_t *httpd, bozoprefs_t *prefs)
 {
-	bozo_clear_prefs(httpd, prefs);
+	bozo_clear_prefs(prefs);
 
 	free(httpd->virthostname);
 	free(httpd->errorbuf);

Index: src/libexec/httpd/main.c
diff -u src/libexec/httpd/main.c:1.27 src/libexec/httpd/main.c:1.28
--- src/libexec/httpd/main.c:1.27	Sat Feb 27 12:36:46 2021
+++ src/libexec/httpd/main.c	Tue Aug 24 05:29:27 2021
@@ -1,4 +1,4 @@
-/*	$NetBSD: main.c,v 1.27 2021/02/27 12:36:46 mrg Exp $	*/
+/*	$NetBSD: main.c,v 1.28 2021/08/24 05:29:27 mrg Exp $	*/
 
 /*	$eterna: main.c,v 1.6 2011/11/18 09:21:15 mrg Exp $	*/
 /* from: eterna: bozohttpd.c,v 1.159 2009/05/23 02:14:30 mrg Exp 	*/
@@ -102,7 +102,9 @@ usage(bozohttpd_t *httpd, char *progname
 		bozowarn(httpd, "   -P pidfile\t\tpid file path");
 	if (have_user)
 		bozowarn(httpd, "   -p dir\t\t\"public_html\" directory name");
-
+	if (have_dirindex)
+		bozowarn(httpd, "   -R readme\t\tput readme file in footer "
+"of directory index");
 	if (have_core) {
 		bozowarn(httpd, "   -S version\t\tset server version string");
 		bozowarn(httpd, "   -s\t\t\talways log to stderr");
@@ -113,20 +115,17 @@ usage(bozohttpd_t *httpd, char *progname
 	}
 	if (have_user)
 		bozowarn(httpd, "   -u\t\t\tenable ~user/public_html support");
-
 	if (have_core) {
 		bozowarn(httpd, "   -V\t\t\tUnknown virtual hosts go to "
 "`slashdir'");
 		bozowarn(httpd, "   -v virtualroot\tenable virtual host "
 "support in this directory");
 	}
-
 	if (have_dirindex)
 		bozowarn(httpd, "   -X\t\t\tdirectory index support");
 	if (have_core)
 		bozowarn(httpd, "   -x index\t\tdefault \"index.html\" "
 "file name");
-
 	if (have_ssl) {
 		bozowarn(httpd, "   -Z cert privkey\tspecify path to server "
 "certificate and private key file\n"
@@ -303,6 +302,9 @@ main(int argc, char **argv)
 			break;
 
 		case 'R':
+			if (!have_dirindex)
+goto no_dirindex_support;
+
 			bozo_set_pref(, , "directory index readme",
   optarg);
 			break;

CVS commit: src/libexec/httpd

2021-08-23 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Tue Aug 24 05:29:27 UTC 2021

Modified Files:
src/libexec/httpd: bozohttpd.c main.c

Log Message:
remove unused parameters, and clean up incompatible options.

from 


To generate a diff of this commit:
cvs rdiff -u -r1.133 -r1.134 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.27 -r1.28 src/libexec/httpd/main.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Re: CVS commit: src/libexec/httpd

2020-09-12 Thread Steffen Nurpmeso 
Jared McNeill wrote in
 :
 |On Sat, 12 Sep 2020, Olaf Seibert wrote:
 |
 |> bozohttpd: add .m4a and .m4v file extensions.
 |
 |I don't think audio/mpeg is correct for .m4a. Since .m4a is MPEG audio in 
 |an MP4 container, I would follow RFC 4337 ("MIME Type Registration for 
 |MPEG-4") here which says you should use audio/mp4 instead.

  audio/mp4  mp4 mp4a m4a m4b

--steffen
|
|Der Kragenbaer,The moon bear,
|der holt sich munter   he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)

Re: CVS commit: src/libexec/httpd

2020-09-12 Thread Jared McNeill 

On Sat, 12 Sep 2020, Olaf Seibert wrote:


bozohttpd: add .m4a and .m4v file extensions.


I don't think audio/mpeg is correct for .m4a. Since .m4a is MPEG audio in 
an MP4 container, I would follow RFC 4337 ("MIME Type Registration for 
MPEG-4") here which says you should use audio/mp4 instead.


Take care,
Jared

Re: CVS commit: src/libexec/httpd

2020-07-13 Thread Jukka Ruohonen 
On Mon, Jul 13, 2020 at 07:15:45PM +1000, matthew green wrote:
> i'm not sure i agree about 500 -> abusive behaviour.  that's
> when there's some _internal_ error and could just as easily
> be caused by a human or code error on the server side.
> 
> i don't know blocklist well enough to suggestion what we 
> should do here, but this feels wrong to me.

Sure, though I think there are no clear definitions here. For 401, on the
other hand, blocklistd(8) can be useful, given that bruteforcing passwords
of embedded devices is supposedly a common scenario.

- Jukka

re: CVS commit: src/libexec/httpd

2020-07-13 Thread matthew green 
thanks for this.  please cc me directly for bozohttpd changes,
i have a couple review comments :-)

> Committed By: jruoho
> Date: Sat Jul 11 08:10:52 UTC 2020
> 
> Modified Files:
>   src/libexec/httpd: Makefile auth-bozo.c bozohttpd.8 bozohttpd.c
>   bozohttpd.h
> 
> Log Message:
> Add blocklistd(8) support.
> 
> 
> To generate a diff of this commit:
> cvs rdiff -u -r1.28 -r1.29 src/libexec/httpd/Makefile
> cvs rdiff -u -r1.24 -r1.25 src/libexec/httpd/auth-bozo.c
> cvs rdiff -u -r1.80 -r1.81 src/libexec/httpd/bozohttpd.8
> cvs rdiff -u -r1.115 -r1.116 src/libexec/httpd/bozohttpd.c
> cvs rdiff -u -r1.61 -r1.62 src/libexec/httpd/bozohttpd.h

please add -DNO_BLOCKLIST_SUPPORT to Makefile.boot.

i'm not sure i agree about 500 -> abusive behaviour.  that's
when there's some _internal_ error and could just as easily
be caused by a human or code error on the server side.

i don't know blocklist well enough to suggestion what we 
should do here, but this feels wrong to me.

thanks again.


.mrg.

CVS commit: src/libexec/httpd

2019-10-30 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Wed Oct 30 07:28:13 UTC 2019

Modified Files:
src/libexec/httpd: Makefile.boot

Log Message:
set -D_GNU_SOURCE, needed for linux systems and should be
harmless or ignored elsewhere.

from perry.


To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 src/libexec/httpd/Makefile.boot

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/Makefile.boot
diff -u src/libexec/httpd/Makefile.boot:1.6 src/libexec/httpd/Makefile.boot:1.7
--- src/libexec/httpd/Makefile.boot:1.6	Thu Jan  2 08:30:22 2014
+++ src/libexec/httpd/Makefile.boot	Wed Oct 30 07:28:13 2019
@@ -6,7 +6,7 @@
 CC=	cc
 OPT=	-O
 LARGE_CFLAGS=	-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64
-LOCAL_CFLAGS=	-DNO_LUA_SUPPORT
+LOCAL_CFLAGS=	-DNO_LUA_SUPPORT -D_GNU_SOURCE
 CFLAGS=	$(OPT) $(LARGE_CFLAGS) $(LOCAL_CFLAGS)
 
 GROFF=	groff -Tascii

CVS commit: src/libexec/httpd

2019-10-30 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Wed Oct 30 07:28:13 UTC 2019

Modified Files:
src/libexec/httpd: Makefile.boot

Log Message:
set -D_GNU_SOURCE, needed for linux systems and should be
harmless or ignored elsewhere.

from perry.


To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 src/libexec/httpd/Makefile.boot

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Re: CVS commit: src/libexec/httpd

2016-01-04 Thread Marc Balmer 

> Am 03.01.2016 um 23:23 schrieb Kamil Rytarowski :
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> It's a good tip.
> 
> I would leave httpd.print as it is right now, to not make a false
> impression that there standard print works. The standard one will
> work, but not for HTTPS.

Oh, I was not suggesting you change the file again, I jsut wanted to note that 
a single line change would have been enough ;)

> 
> On 03.01.2016 11:15, Marc Balmer wrote:
>> Just a note: A better change would have been to just add
>> 
>> print = httpd.print
>> 
>> at the start of the script.  That way the script could still be 
>> used as a normal CGI script with minimal changes.
>> 
>> 
>>> Am 07.12.2015 um 04:11 schrieb Kamil Rytarowski 
>>> :
>>> 
>>> Module Name:src Committed By:   kamil Date: Mon Dec 
>>>  7 03:11:48 
>>> UTC 2015
>>> 
>>> Modified Files: src/libexec/httpd: printenv.lua
>>> 
>>> Log Message: Improve the httpd(8) printenv.lua Lua example
>>> 
>>> Stop using Lua builtin print function and replace them with 
>>> http.* ones. httpd.print and http.write wraps SSL support when 
>>> needed.
>>> 
>>> Print http headers, without them browser may interpret page as 
>>> raw text.
>>> 
>>> No need to hardcode prefix path in the form.
>>> 
>>> Add comments for a user with tips how to use this script.
>>> 
>>> Patch by Travis Paul
>>> 
>>> Closes PR misc/50502
>>> 
>>> 
>>> To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 
>>> src/libexec/httpd/printenv.lua
>>> 
>>> Please note that diffs are not public domain; they are subject
>>> to the copyright notices on the relevant files.
>>> 
>>> Modified files:
>>> 
>>> Index: src/libexec/httpd/printenv.lua diff -u 
>>> src/libexec/httpd/printenv.lua:1.2 
>>> src/libexec/httpd/printenv.lua:1.3 --- 
>>> src/libexec/httpd/printenv.lua:1.2  Thu Jan  2 08:21:38 2014 +++ 
>>> src/libexec/httpd/printenv.lua  Mon Dec  7 03:11:48 2015 @@ -1,4 
>>> +1,4 @@ --- $NetBSD: printenv.lua,v 1.2 2014/01/02 08:21:38 mrg 
>>> Exp $ +-- $NetBSD: printenv.lua,v 1.3 2015/12/07 03:11:48 kamil 
>>> Exp $
>>> 
>>> -- this small Lua script demonstrates the use of Lua in 
>>> (bozo)httpd -- it will simply output the "environment" @@ -8,6 
>>> +8,10 @@ -- the same value on each invocation.  You can not keep 
>>> state between -- two calls.
>>> 
>>> +-- You can test this example by running the following command: 
>>> +-- /usr/libexec/httpd -b -f -I 8080 -L test printenv.lua . +-- 
>>> and then navigate to: http://127.0.0.1:8080/test/printenv +
>>> local httpd = require 'httpd'
>>> 
>>> function printenv(env, headers, query) @@ -15,12 +19,14 @@ 
>>> function printenv(env, headers, query) -- we get the 
>>> "environment" in the env table, the values are more -- or less 
>>> the same as the variable for a CGI program
>>> 
>>> -   if count == nil then -  count = 1 - end - - -- output a 
>>> header
>>> -   print([[ +  -- output headers using httpd.write() + -- 
>>> httpd.write() will not append newlines +httpd.write("HTTP/1.1 
>>> 200 Ok\r\n") +  httpd.write("Content-Type: text/html\r\n\r\n") +
>>> + -- output html using httpd.print() +  -- you can also use
>>> print() and io.write() but they will not work with SSL +
>>> httpd.print([[   Bozotic Lua
>>> Environment @@ -29,54 +35,58 @@ function printenv(env,
>>> headers, query) Bozotic Lua Environment ]])
>>> 
>>> -   print('module version: ' .. httpd._VERSION .. '') + 
>>> httpd.print('module version: ' .. httpd._VERSION .. '')
>>> 
>>> -   print('Server Environment') +  httpd.print('Server 
>>> Environment') -- print the list of "environment" variables 
>>> for k, v in pairs(env) do - print(k .. '=' .. v .. '') + 
>>> httpd.print(k .. '=' .. v .. '') end
>>> 
>>> -   print('Request Headers') + httpd.print('Request 
>>> Headers') for k, v in pairs(headers) do -  print(k .. '='
>>> .. v .. '') +  httpd.print(k .. '=' .. v .. '') end
>>> 
>>> if query ~= nil then -  print('Query Variables') + 
>>> httpd.print('Query Variables') for k, v in pairs(query) 
>>> do -print(k .. '=' .. v .. '') +   
>>> httpd.print(k .. '=' 
>>> .. v .. '') end end
>>> 
>>> -   print('Form Test') +   httpd.print('Form 
>>> Test')
>>> 
>>> -   print([[ -  
>>> + httpd.print([[ +   
>>>   
>>> ]]) -- output a footer -print([[ +  httpd.print([[  
>>>  ]]) end
>>> 
>>> function form(env, header, query) + +   httpd.write("HTTP/1.1 200 
>>> Ok\r\n") +  httpd.write("Content-Type: text/html\r\n\r\n") + if 
>>> query ~= nil then - print('Form Variables') + 
>>> httpd.print('Form Variables')
>>> 
>>> if env.CONTENT_TYPE ~= nil then -   print('Content-type: ' 
>>> .. 
>>> env.CONTENT_TYPE .. '') +   
>>> httpd.print('Content-type: ' .. 
>>> env.CONTENT_TYPE .. '') end
>>> 
>>> for k, v in pairs(query) do -   print(k ..

Re: CVS commit: src/libexec/httpd

2015-12-19 Thread Alistair Crooks 
> (it seems that i let strdup(3) back in when i merged agc's library
> code, i should have caught that then.   oh well.)

My apologies about that, I wasn't careful enough.

Alistair

re: CVS commit: src/libexec/httpd

2015-12-18 Thread Christos Zoulas 
On Dec 19,  1:34pm, m...@eterna.com.au (matthew green) wrote:
-- Subject: re: CVS commit: src/libexec/httpd

| i don't think it matters where the failure happens.  we only need
| one frontend function, and it can exit as necessary.  you can tell
| from the contents of struct bozohttpd_t whether a reply can be sent
| upon error, or simply exiting.

Ok, how can I tell?

| (it seems that i let strdup(3) back in when i merged agc's library
| code, i should have caught that then.   oh well.)

No problem, I fixed most of them.

| the failure should always log -- but a reply depends.

Right.

christos

Re: CVS commit: src/libexec/httpd

2015-12-18 Thread Christos Zoulas 
In article <20871.1450494...@splode.eterna.com.au>,
matthew green  <m...@eterna.com.au> wrote:
>Christos Zoulas writes:
>> On Dec 19,  1:34pm, m...@eterna.com.au (matthew green) wrote:
>> -- Subject: re: CVS commit: src/libexec/httpd
>> 
>> | i don't think it matters where the failure happens.  we only need
>> | one frontend function, and it can exit as necessary.  you can tell
>> | from the contents of struct bozohttpd_t whether a reply can be sent
>> | upon error, or simply exiting.
>> 
>> Ok, how can I tell?
>
>looks like after this:
>
>   request->hr_file = file;
>
>which means checking httpd->request && httpd->request->hr_file
>would be sufficient.

Well, bozo_http_error() check those two and also writes to stdout
if those are not set.
I was looking for something that would skip the Content-type etc.

christos

re: CVS commit: src/libexec/httpd

2015-12-18 Thread matthew green 
> >the whole point of having bozofunc() is to avoid having to do any
> >error checking in it.  but now there are calls to several of these
> >that do check errors, and plus the names are too similar.
> >
> >there shouldn't really be a distinction.  all the calls to strdup()
> >you adjusted are (newish) bugs that should just have called
> >bozostrdup(), and there should be no bozo_strdup().  looks like the
> >vast majority of the strdup() calls were added when i merged
> >libbozo work, 5.5 years ago, plus a single one from the initial
> >import.
> 
> I think that there are strdup/alloc/ calls that happen before connection
> time and ones that happen before during configuration and setup. We can
> either have two functions to handle failure appropriately, or one (which
> I prefer I think) and that checks the http->logstate or something to see if
> it should log, or send a response, or both. This requires a bit more
> surgery... Yes, having two functions with similar names is nasty and silly
> and I am not planning to keep it. I just wanted to have some discussion
> first on what to do to solve it. There are 2 or so more strdups that are
> unchecked in the prefs. Let me know how you prefer to go and I will fix
> them.

i don't think it matters where the failure happens.  we only need
one frontend function, and it can exit as necessary.  you can tell
from the contents of struct bozohttpd_t whether a reply can be sent
upon error, or simply exiting.

(it seems that i let strdup(3) back in when i merged agc's library
code, i should have caught that then.   oh well.)

the failure should always log -- but a reply depends.

thanks.


.mrg.

re: CVS commit: src/libexec/httpd

2015-12-18 Thread matthew green 
Christos Zoulas writes:
> On Dec 19,  1:34pm, m...@eterna.com.au (matthew green) wrote:
> -- Subject: re: CVS commit: src/libexec/httpd
> 
> | i don't think it matters where the failure happens.  we only need
> | one frontend function, and it can exit as necessary.  you can tell
> | from the contents of struct bozohttpd_t whether a reply can be sent
> | upon error, or simply exiting.
> 
> Ok, how can I tell?

looks like after this:

request->hr_file = file;

which means checking httpd->request && httpd->request->hr_file
would be sufficient.


.mrg.

re: CVS commit: src/libexec/httpd

2015-12-12 Thread matthew green 
"Christos Zoulas" writes:
> Module Name:  src
> Committed By: christos
> Date: Sat Dec 12 18:06:58 UTC 2015
> 
> Modified Files:
>   src/libexec/httpd: bozohttpd.c bozohttpd.h ssl-bozo.c
> 
> Log Message:
> Introduce bozo_strdup and bozo_asprintf to add error checking and reduce
> code duplication.
> 
> Note that bozo_strdup is different that bozostrdup; the _ routines exit
> loging error to syslog or stderr, whereas the non _ routines send error
> responses to the http client.

wait, you make it so there are two functions with almost the same
name but different semantics?  please don't do that.

sounds like the "_" routines should have "log" in them somewhere.


.mrg.

re: CVS commit: src/libexec/httpd

2015-12-12 Thread matthew green 
"Christos Zoulas" writes:
> Module Name:  src
> Committed By: christos
> Date: Sat Dec 12 16:57:53 UTC 2015
> 
> Modified Files:
>   src/libexec/httpd: bozohttpd.8 bozohttpd.h main.c ssl-bozo.c
> 
> Log Message:
> - restrict the default list of ciphers to something more secure
> - restrict ssl options
> >From Travis Paul

thanks for doing this.  a couple of comments:

this should have bumped the version and be mentioned in the
CHANGES file.

+   sslinfo = bozomalloc(httpd, sizeof(*sslinfo));
+   if (sslinfo == NULL)

bozomalloc never returns NULL.  ;)


.mrg.

Re: CVS commit: src/libexec/httpd

2014-11-21 Thread Alistair Crooks 
On Fri, Nov 21, 2014 at 08:54:12AM +, Mateusz Kocielski wrote:
 Module Name:  src
 Committed By: shm
 Date: Fri Nov 21 08:54:12 UTC 2014
 
 Modified Files:
   src/libexec/httpd: bozohttpd.c
 
 Log Message:
 Fixed off-by-one in virtualhost processing. Previous code was checking if
 Host header is a prefix of any existing vhost. This behaviour might be used to
 uncover existing vitual hosts from the remote.
 
 OK @mrg
 
 
 To generate a diff of this commit:
 cvs rdiff -u -r1.57 -r1.58 src/libexec/httpd/bozohttpd.c
 
 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.
 

 Modified files:
 
 Index: src/libexec/httpd/bozohttpd.c
 diff -u src/libexec/httpd/bozohttpd.c:1.57 src/libexec/httpd/bozohttpd.c:1.58
 --- src/libexec/httpd/bozohttpd.c:1.57Fri Oct 10 05:10:59 2014
 +++ src/libexec/httpd/bozohttpd.c Fri Nov 21 08:54:12 2014
 @@ -1,4 +1,4 @@
 -/*   $NetBSD: bozohttpd.c,v 1.57 2014/10/10 05:10:59 mrg Exp $   */
 +/*   $NetBSD: bozohttpd.c,v 1.58 2014/11/21 08:54:12 shm Exp $   */
  
  /*   $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $  */
  
 @@ -1093,8 +1093,8 @@ check_virtual(bozo_httpreq_t *request)
   }
   debug((httpd, DEBUG_OBESE, looking at 
 dir``%s'',
  d-d_name));
 - if (strncasecmp(d-d_name, request-hr_host,
 - len) == 0) {
 + if (d-d_namlen == len  strcmp(d-d_name,
 + request-hr_host) == 0) {

I think we gained cASe-seNsItiVITy with this?

   /* found it, punch it */
   debug((httpd, DEBUG_OBESE, found it 
 punch it));
   request-hr_virthostname =

Re: CVS commit: src/libexec/httpd

2013-10-12 Thread Alistair Crooks 
On Sat, Oct 12, 2013 at 05:24:07PM +, Marc Balmer wrote:
 +#ifndef NO_LUA_SUPPORT
 +#include lua.h
 +#endif

Thanks for doing this, it's nice to get more lua support in-tree.

I really dislike the double negative in this one, though - it's much
easier for everyone if the definition was HAVE_LUA_SUPPORT and default
it to defined, or yes, or whatever.

Best,
Alistair