pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/www/bozohttpd



Module Name:    pkgsrc
Committed By:   mrg
Date:           Fri Nov 23 21:30:27 UTC 2018

Modified Files:
        pkgsrc/www/bozohttpd: Makefile distinfo
Added Files:
        pkgsrc/www/bozohttpd/patches: patch-auth-bozo.c
Removed Files:
        pkgsrc/www/bozohttpd/patches: patch-aa patch-bozohttpd.c

Log Message:
update to bozohttpd 20181123.  changes include:

o  add url remap support via .bzremap file, from martin%netbsd.org@localhost
o  handle redirections for any protocol, not just http:
o  fix a denial of service attack against header contents, which
   is now bounded at 16KiB.  reported by JP
o  reduce default timeouts, and add expand timeouts to handle the
   initial line, each header, and the total time spent
o  add -T option to expose new timeout settings
o  minor RFC fixes related to timeout handling
o  fix special file (.htpasswd, .bz*) bypass.  reported by JP.

anyone using .htpasswd files should update ASAP.


To generate a diff of this commit:
cvs rdiff -u -r1.88 -r1.89 pkgsrc/www/bozohttpd/Makefile
cvs rdiff -u -r1.67 -r1.68 pkgsrc/www/bozohttpd/distinfo
cvs rdiff -u -r1.19 -r0 pkgsrc/www/bozohttpd/patches/patch-aa
cvs rdiff -u -r0 -r1.1 pkgsrc/www/bozohttpd/patches/patch-auth-bozo.c
cvs rdiff -u -r1.4 -r0 pkgsrc/www/bozohttpd/patches/patch-bozohttpd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/www/bozohttpd/Makefile
diff -u pkgsrc/www/bozohttpd/Makefile:1.88 pkgsrc/www/bozohttpd/Makefile:1.89
--- pkgsrc/www/bozohttpd/Makefile:1.88  Sun Feb  5 13:32:16 2017
+++ pkgsrc/www/bozohttpd/Makefile       Fri Nov 23 21:30:26 2018
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.88 2017/02/05 13:32:16 leot Exp $
+# $NetBSD: Makefile,v 1.89 2018/11/23 21:30:26 mrg Exp $
 #
 
-DISTNAME=      bozohttpd-20170201
-PKGREVISION=   1
+DISTNAME=      bozohttpd-20181123
 CATEGORIES=    www
 MASTER_SITES=  ${MASTER_SITE_LOCAL}
 EXTRACT_SUFX=  .tar.bz2

Index: pkgsrc/www/bozohttpd/distinfo
diff -u pkgsrc/www/bozohttpd/distinfo:1.67 pkgsrc/www/bozohttpd/distinfo:1.68
--- pkgsrc/www/bozohttpd/distinfo:1.67  Sun Feb  5 13:32:16 2017
+++ pkgsrc/www/bozohttpd/distinfo       Fri Nov 23 21:30:26 2018
@@ -1,10 +1,9 @@
-$NetBSD: distinfo,v 1.67 2017/02/05 13:32:16 leot Exp $
+$NetBSD: distinfo,v 1.68 2018/11/23 21:30:26 mrg Exp $
 
-SHA1 (bozohttpd-20170201.tar.bz2) = 725f1a4d1f8782126079608b479cf196ccb5e1d6
-RMD160 (bozohttpd-20170201.tar.bz2) = e1605eeb335896cf099cfd2eabd011fb9277e918
-SHA512 (bozohttpd-20170201.tar.bz2) = f8fba17a454b3825bf0562072bf0acf5890639d83e3bc5c6b7e87f13860d37a3dfc3fd155bd9873d5201b85f31185b24677c22db1cb303fd556f22afa8b7895e
-Size (bozohttpd-20170201.tar.bz2) = 55730 bytes
-SHA1 (patch-aa) = 2e70d3d10aa8bc228331cc1a229ef04106aca210
+SHA1 (bozohttpd-20181123.tar.bz2) = 1f79b928d918ef2c2b25f5d3be0e0339f9cf4c3e
+RMD160 (bozohttpd-20181123.tar.bz2) = 8df5e75a967cf171c859e41a5519c6a9eba91c47
+SHA512 (bozohttpd-20181123.tar.bz2) = 322ab15ee190d08c2371d2f9106d2bd4e3d37f4c630d53f67587218e71d4c13ca7ad54e2e6aadf0b19dd320bc78c671e8b19d9afcf3e740e67efa1b1aad637d2
+Size (bozohttpd-20181123.tar.bz2) = 58992 bytes
 SHA1 (patch-ab) = a1a56a188084440ab907995c7728e435961c5fbd
-SHA1 (patch-bozohttpd.c) = d9b38dab98910f6f372bffd3a472a2c73c79c4a3
+SHA1 (patch-auth-bozo.c) = fb3fa40bee34d156cf91d615d905bb908eb70e4d
 SHA1 (patch-cgi-bozo.c) = 420f981575d7fa1a96ac7049116b9bf64de719df

Added files:

Index: pkgsrc/www/bozohttpd/patches/patch-auth-bozo.c
diff -u /dev/null pkgsrc/www/bozohttpd/patches/patch-auth-bozo.c:1.1
--- /dev/null   Fri Nov 23 21:30:27 2018
+++ pkgsrc/www/bozohttpd/patches/patch-auth-bozo.c      Fri Nov 23 21:30:27 2018
@@ -0,0 +1,24 @@
+$NetBSD: patch-auth-bozo.c,v 1.1 2018/11/23 21:30:27 mrg Exp $
+
+--- auth-bozo.c.orig   2018-11-23 13:10:04.000000000 -0800
++++ auth-bozo.c        2018-11-23 13:15:02.729491334 -0800
+@@ -40,6 +40,10 @@
+ #include <stdlib.h>
+ #include <unistd.h>
+ 
++#ifndef NO_SSL_SUPPORT
++#include <openssl/des.h>
++#endif
++
+ #include "bozohttpd.h"
+ 
+ static        ssize_t base64_decode(const unsigned char *, size_t,
+@@ -101,7 +105,7 @@
+                           request->hr_authpass));
+                       if (strcmp(request->hr_authuser, user) != 0)
+                               continue;
+-                      if (strcmp(crypt(request->hr_authpass, pass),
++                      if (strcmp(DES_crypt(request->hr_authpass, pass),
+                                       pass) != 0)
+                               break;
+                       fclose(fp);



Home | Main Index | Thread Index | Old Index