Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-6-1]: src/libexec/httpd Pull up following revision(s) (requested ...
details: https://anonhg.NetBSD.org/src/rev/0948364b45ab
branches: netbsd-6-1
changeset: 776118:0948364b45ab
user: snj <snj%NetBSD.org@localhost>
date: Fri Apr 15 19:37:27 2016 +0000
description:
Pull up following revision(s) (requested by mrg in ticket #1377):
libexec/httpd/CHANGES: up to 1.22
libexec/httpd/Makefile: up to 1.26 via patch
libexec/httpd/auth-bozo.c: up to 1.18
libexec/httpd/bozohttpd.8: up to 1.59
libexec/httpd/bozohttpd.c: up to 1.80 via patch
libexec/httpd/bozohttpd.h: up to 1.45
libexec/httpd/cgi-bozo.c: up to 1.33
libexec/httpd/content-bozo.c: up to 1.13
libexec/httpd/daemon-bozo.c: up to 1.17
libexec/httpd/dir-index-bozo.c: up to 1.25
libexec/httpd/lua-bozo.c: up to 1.14
libexec/httpd/lua/bozo.lua: up to 1.2
libexec/httpd/lua/glue.c: up to 1.2
libexec/httpd/main.c: up to 1.13
libexec/httpd/printenv.lua: up to 1.3
libexec/httpd/ssl-bozo.c: up to 1.22
libexec/httpd/testsuite/Makefile: up to 1.5
libexec/httpd/testsuite/t10.out: up to 1.2
libexec/httpd/testsuite/test-bigfile: up to 1.2
libexec/httpd/tilde-luzah-bozo.c: up to 1.14
Import bozohttpd 20151028:
o add CGI support for ~user translation (-E switch)
o add redirects to ~user translation
o fix bugs around ~user translation
o add schema detection for absolute redirects
o fixed few memory leaks
o bunch of minor tweaks
o removed -r support
o smarter redirects
--
Changes in 20150320:
o fix redirection handling
o support transport stream (.ts) and video object (.vob) files
o directory listings show correct file sizes for large files
--
updates and bozohttpd 20160415:
o add search-word support for CGI
o fix a security issue in CGI suffix handler support which would
allow remote code execution, from shm%netbsd.org@localhost
o -C option supports now CGI scripts only
diffstat:
libexec/httpd/CHANGES | 24 +
libexec/httpd/Makefile | 17 +-
libexec/httpd/auth-bozo.c | 36 +-
libexec/httpd/bozohttpd.8 | 80 ++-
libexec/httpd/bozohttpd.c | 809 ++++++++++++++++++----------------
libexec/httpd/bozohttpd.h | 94 ++-
libexec/httpd/cgi-bozo.c | 249 ++++++++-
libexec/httpd/content-bozo.c | 270 +++++-----
libexec/httpd/daemon-bozo.c | 26 +-
libexec/httpd/dir-index-bozo.c | 45 +-
libexec/httpd/lua-bozo.c | 68 +-
libexec/httpd/lua/bozo.lua | 5 +-
libexec/httpd/lua/glue.c | 4 +-
libexec/httpd/main.c | 166 ++++---
libexec/httpd/printenv.lua | 52 +-
libexec/httpd/ssl-bozo.c | 265 +++++++----
libexec/httpd/testsuite/Makefile | 6 +-
libexec/httpd/testsuite/t10.out | 12 +-
libexec/httpd/testsuite/test-bigfile | 4 +-
libexec/httpd/tilde-luzah-bozo.c | 61 +-
20 files changed, 1375 insertions(+), 918 deletions(-)
diffs (truncated from 4330 to 300 lines):
diff -r d2452d9ff0fa -r 0948364b45ab libexec/httpd/CHANGES
--- a/libexec/httpd/CHANGES Wed Mar 09 00:44:41 2016 +0000
+++ b/libexec/httpd/CHANGES Fri Apr 15 19:37:27 2016 +0000
@@ -1,5 +1,29 @@
$eterna: CHANGES,v 1.78 2011/11/18 01:25:11 mrg Exp $
+changes in bozohttpd 20160415:
+ o add search-word support for CGI
+ o fix a security issue in CGI suffix handler support which would
+ allow remote code execution, from shm%netbsd.org@localhost
+ o -C option supports now CGI scripts only
+
+changes in bozohttpd 20151028:
+ o add CGI support for ~user translation (-E switch)
+ o add redirects to ~user translation
+ o fix bugs around ~user translation
+ o add schema detection for absolute redirects
+ o fixed few memory leaks
+ o bunch of minor tweaks
+ o removed -r support
+ o smarter redirects
+
+changes in bozohttpd 20150320:
+ o fix redirection handling
+ o support transport stream (.ts) and video object (.vob) files
+ o directory listings show correct file sizes for large files
+
+changes in bozohttpd 20140717:
+ o properly handle SSL errors
+
changes in bozohttpd 20140708:
o fixes for virtual host support, from rajeev_v_pillai%yahoo.com@localhost
o avoid printing double errors, from shm%netbsd.org@localhost
diff -r d2452d9ff0fa -r 0948364b45ab libexec/httpd/Makefile
--- a/libexec/httpd/Makefile Wed Mar 09 00:44:41 2016 +0000
+++ b/libexec/httpd/Makefile Fri Apr 15 19:37:27 2016 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.12.20.1 2014/07/09 09:44:56 msaitoh Exp $
+# $NetBSD: Makefile,v 1.12.20.2 2016/04/15 19:37:27 snj Exp $
#
# $eterna: Makefile,v 1.30 2010/07/11 00:34:27 mrg Exp $
#
@@ -15,6 +15,10 @@
# DO_HTPASSWD /* support .htpasswd files */
# NO_LUA_SUPPORT /* don't support Lua for dynamic content */
#
+# other system specific defines:
+# HAVE_NBUTIL_H /* netbsd compat is in <nbutil.h>
+# (don't forget to also enable -lnbutil)
+#
# these are usually set via the "COPTS" variable, or some other method
# for setting CFLAGS relevant to your make, eg
# % make COPTS="-DDO_HTPASSWD"
@@ -32,6 +36,17 @@
WARNS?= 4
+.if defined(.OS.MAKE)
+OPSYS= ${.OS.MAKE}
+.else
+OPSYS:= ${:!uname -s!:S/-//g:S/\///g}
+.endif
+
+.if ${OPSYS} == "QNX"
+CPPFLAGS+= -DHAVE_NBUTIL_H
+LDADD+= -lnbutil
+.endif
+
.include <bsd.own.mk>
.if ${MKCRYPTO} != "no"
diff -r d2452d9ff0fa -r 0948364b45ab libexec/httpd/auth-bozo.c
--- a/libexec/httpd/auth-bozo.c Wed Mar 09 00:44:41 2016 +0000
+++ b/libexec/httpd/auth-bozo.c Fri Apr 15 19:37:27 2016 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: auth-bozo.c,v 1.10.14.1 2014/07/09 09:44:56 msaitoh Exp $ */
+/* $NetBSD: auth-bozo.c,v 1.10.14.2 2016/04/15 19:37:27 snj Exp $ */
/* $eterna: auth-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $ */
@@ -72,10 +72,10 @@
if (bozo_check_special_files(request, basename))
return 1;
}
- request->hr_authrealm = bozostrdup(httpd, dir);
+ request->hr_authrealm = bozostrdup(httpd, request, dir);
- if ((size_t)snprintf(authfile, sizeof(authfile), "%s/%s", dir, AUTH_FILE) >=
- sizeof(authfile)) {
+ if ((size_t)snprintf(authfile, sizeof(authfile), "%s/%s", dir,
+ AUTH_FILE) >= sizeof(authfile)) {
return bozo_http_error(httpd, 404, request,
"authfile path too long");
}
@@ -118,6 +118,13 @@
}
void
+bozo_auth_init(bozo_httpreq_t *request)
+{
+ request->hr_authuser = NULL;
+ request->hr_authpass = NULL;
+}
+
+void
bozo_auth_cleanup(bozo_httpreq_t *request)
{
@@ -129,7 +136,8 @@
}
int
-bozo_auth_check_headers(bozo_httpreq_t *request, char *val, char *str, ssize_t len)
+bozo_auth_check_headers(bozo_httpreq_t *request, char *val, char *str,
+ ssize_t len)
{
bozohttpd_t *httpd = request->hr_httpd;
@@ -150,8 +158,10 @@
return bozo_http_error(httpd, 400, request,
"bad authorization field");
*pass++ = '\0';
- request->hr_authuser = bozostrdup(httpd, authbuf);
- request->hr_authpass = bozostrdup(httpd, pass);
+ free(request->hr_authuser);
+ free(request->hr_authpass);
+ request->hr_authuser = bozostrdup(httpd, request, authbuf);
+ request->hr_authpass = bozostrdup(httpd, request, pass);
debug((httpd, DEBUG_FAT,
"decoded authorization `%s' as `%s':`%s'",
str, request->hr_authuser, request->hr_authpass));
@@ -181,8 +191,8 @@
if (code == 401)
bozo_printf(httpd,
"WWW-Authenticate: Basic realm=\"%s\"\r\n",
- (request && request->hr_authrealm) ?
- request->hr_authrealm : "default realm");
+ request->hr_authrealm ?
+ request->hr_authrealm : "default realm");
}
#ifndef NO_CGIBIN_SUPPORT
@@ -229,6 +239,12 @@
unsigned char *cp;
size_t i;
+ if (ilen == 0) {
+ if (olen)
+ *out = '\0';
+ return 0;
+ }
+
cp = out;
for (i = 0; i < ilen; i += 4) {
if (cp + 3 > out + olen)
@@ -250,7 +266,7 @@
| decodetable[in[i + 3]];
#undef IN_CHECK
}
- while (in[i - 1] == '=')
+ while (i > 0 && in[i - 1] == '=')
cp--,i--;
return (cp - out);
}
diff -r d2452d9ff0fa -r 0948364b45ab libexec/httpd/bozohttpd.8
--- a/libexec/httpd/bozohttpd.8 Wed Mar 09 00:44:41 2016 +0000
+++ b/libexec/httpd/bozohttpd.8 Fri Apr 15 19:37:27 2016 +0000
@@ -1,8 +1,8 @@
-.\" $NetBSD: bozohttpd.8,v 1.32.8.1 2014/07/09 09:44:56 msaitoh Exp $
+.\" $NetBSD: bozohttpd.8,v 1.32.8.2 2016/04/15 19:37:27 snj Exp $
.\"
.\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $
.\"
-.\" Copyright (c) 1997-2014 Matthew R. Green
+.\" Copyright (c) 1997-2015 Matthew R. Green
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
@@ -26,21 +26,22 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd February 9, 2014
-.Dt HTTPD 8
+.Dd December 12, 2015
+.Dt BOZOHTTPD 8
.Os
.Sh NAME
-.Nm httpd
+.Nm bozohttpd
.Nd hyper text transfer protocol version 1.1 daemon
.Sh SYNOPSIS
.Nm
-.Op Fl CIMPSZciptvx
+.Op Fl EHVXefhnsu
.Op Fl C Ar suffix cgihandler
.Op Fl I Ar port
.Op Fl L Ar prefix script
.Op Fl M Ar suffix type encoding encoding11
.Op Fl P Ar pidfile
.Op Fl S Ar server_software
+.Op Fl U Ar username
.Op Fl Z Ar cert privkey
.Op Fl c Ar cgibin
.Op Fl i Ar address
@@ -48,6 +49,7 @@
.Op Fl t Ar chrootdir
.Op Fl v Ar virtualroot
.Op Fl x Ar index
+.Op Fl z Ar ciphers
.Ar slashdir
.Op Ar myname
.Sh DESCRIPTION
@@ -111,9 +113,11 @@
directory.
In other words, all CGI URL's must begin with
.Em \%/cgi-bin/ .
-Note that the CGI/1.1 interface is not available with
+Note that the CGI/1.1 interface is available with
.Em ~user
-translation.
+translation using
+.Fl E
+switch.
.It Fl e
Causes
.Nm
@@ -223,15 +227,6 @@
.Dq public_html
to
.Ar pubdir .
-.It Fl r
-Forces pages besides the
-.Dq index.html
-(see the
-.Fl X
-option) page to require that the Referrer: header be present and
-refer to this web server, otherwise a redirect to the
-.Dq index.html
-page will be returned instead.
.It Fl S Ar server_software
Sets the internal server version to
.Ar server_software .
@@ -270,6 +265,12 @@
(but see the
.Fl p
option above).
+.It Fl E
+Enables CGI/1.1 interface for
+.Em ~user
+translation.
+Note that enabling this support implies that users can run
+commands as web server user, this may have security implications.
.It Fl V
Sets the default virtual host directory to
.Ar slashdir .
@@ -303,6 +304,9 @@
.Dq index.html
to
.Ar index .
+.It Fl z Ar ciphers
+Sets the list of SSL ciphers (see
+.Xr SSL_CTX_set_cipher_list 3 ) .
.It Fl Z Ar certificate_path privatekey_path
Sets the path to the server certificate file and the private key file
in pem format.
@@ -333,7 +337,8 @@
option),
.Nm
has little internal networking knowledge.
-(Indeed, you can run it on the command line with little change of functionality.)
+(Indeed, you can run it on the command line with little change of
+functionality.)
A typical
.Xr inetd.conf 5
entry would be:
@@ -425,7 +430,7 @@
.Dq -lcrypt .
.Ss SSL SUPPORT
.Nm
-has support for SSLv2, SSLv3, and TLSv1 protocols that is included by
+has support for TLSv1.1 and TLSv1.2 protocols that are included by
default.
It requires linking with the crypto and ssl library, using
.Dq -lcrypto -lssl .
@@ -462,12 +467,23 @@
.Nm
will perform a smart redirect to the target of this symlink.
The target is assumed to live on the same server.
+If target starts with slash then absolute redirection is performed,
+otherwise it's handled as relative.
If a
.Pa .bzabsredirect
symbolic link is found,
.Nm
will redirect to the absolute url pointed to by this symlink.
This is useful to redirect to different servers.
+Two forms of redirection are supported - symbolic link without schema will use
+.Em http://
+as default i.e. link to
Home |
Main Index |
Thread Index |
Old Index