Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-7-0]: src/libexec/httpd Pull up following revision(s) (requested ...
details: https://anonhg.NetBSD.org/src/rev/5138b8c87cfb
branches: netbsd-7-0
changeset: 801172:5138b8c87cfb
user: snj <snj%NetBSD.org@localhost>
date: Fri Apr 15 18:55:49 2016 +0000
description:
Pull up following revision(s) (requested by mrg in ticket #1141):
libexec/httpd/CHANGES: up to 1.22
libexec/httpd/Makefile: up to 1.26
libexec/httpd/auth-bozo.c: up to 1.18
libexec/httpd/bozohttpd.8: up to 1.59
libexec/httpd/bozohttpd.c: up to 1.80
libexec/httpd/bozohttpd.h: up to 1.45
libexec/httpd/cgi-bozo.c: up to 1.33
libexec/httpd/content-bozo.c: up to 1.13
libexec/httpd/daemon-bozo.c: up to 1.17
libexec/httpd/dir-index-bozo.c: up to 1.25
libexec/httpd/lua-bozo.c: up to 1.14
libexec/httpd/lua/bozo.lua: up to 1.2
libexec/httpd/lua/glue.c: up to 1.2
libexec/httpd/main.c: up to 1.13
libexec/httpd/printenv.lua: up to 1.3
libexec/httpd/ssl-bozo.c: up to 1.22
libexec/httpd/testsuite/Makefile: up to 1.5
libexec/httpd/testsuite/test-bigfile: up to 1.2
libexec/httpd/tilde-luzah-bozo.c: up to 1.14
Import bozohttpd 20151028:
o add CGI support for ~user translation (-E switch)
o add redirects to ~user translation
o fix bugs around ~user translation
o add schema detection for absolute redirects
o fixed few memory leaks
o bunch of minor tweaks
o removed -r support
o smarter redirects
Changes in 20150320:
o fix redirection handling
o support transport stream (.ts) and video object (.vob) files
o directory listings show correct file sizes for large files
--
updates and bozohttpd 20160415:
o add search-word support for CGI
o fix a security issue in CGI suffix handler support which would
allow remote code execution, from shm%netbsd.org@localhost
o -C option supports now CGI scripts only
diffstat:
libexec/httpd/CHANGES | 16 +
libexec/httpd/Makefile | 17 +-
libexec/httpd/auth-bozo.c | 19 +-
libexec/httpd/bozohttpd.8 | 61 +-
libexec/httpd/bozohttpd.c | 799 ++++++++++++++++++----------------
libexec/httpd/bozohttpd.h | 87 ++-
libexec/httpd/cgi-bozo.c | 255 +++++++++-
libexec/httpd/content-bozo.c | 4 +-
libexec/httpd/daemon-bozo.c | 26 +-
libexec/httpd/dir-index-bozo.c | 41 +-
libexec/httpd/lua-bozo.c | 57 +-
libexec/httpd/lua/bozo.lua | 5 +-
libexec/httpd/lua/glue.c | 4 +-
libexec/httpd/main.c | 159 ++++--
libexec/httpd/printenv.lua | 52 +-
libexec/httpd/ssl-bozo.c | 81 ++-
libexec/httpd/testsuite/Makefile | 6 +-
libexec/httpd/testsuite/test-bigfile | 4 +-
libexec/httpd/tilde-luzah-bozo.c | 61 +-
19 files changed, 1077 insertions(+), 677 deletions(-)
diffs (truncated from 3573 to 300 lines):
diff -r d0436c40dfbe -r 5138b8c87cfb libexec/httpd/CHANGES
--- a/libexec/httpd/CHANGES Tue Apr 12 06:35:43 2016 +0000
+++ b/libexec/httpd/CHANGES Fri Apr 15 18:55:49 2016 +0000
@@ -1,5 +1,21 @@
$eterna: CHANGES,v 1.78 2011/11/18 01:25:11 mrg Exp $
+changes in bozohttpd 20160415:
+ o add search-word support for CGI
+ o fix a security issue in CGI suffix handler support which would
+ allow remote code execution, from shm%netbsd.org@localhost
+ o -C option supports now CGI scripts only
+
+changes in bozohttpd 20151028:
+ o add CGI support for ~user translation (-E switch)
+ o add redirects to ~user translation
+ o fix bugs around ~user translation
+ o add schema detection for absolute redirects
+ o fixed few memory leaks
+ o bunch of minor tweaks
+ o removed -r support
+ o smarter redirects
+
changes in bozohttpd 20150320:
o fix redirection handling
o support transport stream (.ts) and video object (.vob) files
diff -r d0436c40dfbe -r 5138b8c87cfb libexec/httpd/Makefile
--- a/libexec/httpd/Makefile Tue Apr 12 06:35:43 2016 +0000
+++ b/libexec/httpd/Makefile Fri Apr 15 18:55:49 2016 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.22.2.1 2015/04/23 19:38:11 snj Exp $
+# $NetBSD: Makefile,v 1.22.2.1.2.1 2016/04/15 18:55:49 snj Exp $
#
# $eterna: Makefile,v 1.30 2010/07/11 00:34:27 mrg Exp $
#
@@ -15,6 +15,10 @@
# DO_HTPASSWD /* support .htpasswd files */
# NO_LUA_SUPPORT /* don't support Lua for dynamic content */
#
+# other system specific defines:
+# HAVE_NBUTIL_H /* netbsd compat is in <nbutil.h>
+# (don't forget to also enable -lnbutil)
+#
# these are usually set via the "COPTS" variable, or some other method
# for setting CFLAGS relevant to your make, eg
# % make COPTS="-DDO_HTPASSWD"
@@ -33,6 +37,17 @@
WARNS?= 4
+.if defined(.OS.MAKE)
+OPSYS= ${.OS.MAKE}
+.else
+OPSYS:= ${:!uname -s!:S/-//g:S/\///g}
+.endif
+
+.if ${OPSYS} == "QNX"
+CPPFLAGS+= -DHAVE_NBUTIL_H
+LDADD+= -lnbutil
+.endif
+
.include <bsd.own.mk>
.if ${MKCRYPTO} != "no"
diff -r d0436c40dfbe -r 5138b8c87cfb libexec/httpd/auth-bozo.c
--- a/libexec/httpd/auth-bozo.c Tue Apr 12 06:35:43 2016 +0000
+++ b/libexec/httpd/auth-bozo.c Fri Apr 15 18:55:49 2016 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: auth-bozo.c,v 1.13.2.1 2015/01/12 10:02:29 martin Exp $ */
+/* $NetBSD: auth-bozo.c,v 1.13.2.1.2.1 2016/04/15 18:55:49 snj Exp $ */
/* $eterna: auth-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $ */
@@ -72,10 +72,10 @@
if (bozo_check_special_files(request, basename))
return 1;
}
- request->hr_authrealm = bozostrdup(httpd, dir);
+ request->hr_authrealm = bozostrdup(httpd, request, dir);
- if ((size_t)snprintf(authfile, sizeof(authfile), "%s/%s", dir, AUTH_FILE) >=
- sizeof(authfile)) {
+ if ((size_t)snprintf(authfile, sizeof(authfile), "%s/%s", dir,
+ AUTH_FILE) >= sizeof(authfile)) {
return bozo_http_error(httpd, 404, request,
"authfile path too long");
}
@@ -136,7 +136,8 @@
}
int
-bozo_auth_check_headers(bozo_httpreq_t *request, char *val, char *str, ssize_t len)
+bozo_auth_check_headers(bozo_httpreq_t *request, char *val, char *str,
+ ssize_t len)
{
bozohttpd_t *httpd = request->hr_httpd;
@@ -159,8 +160,8 @@
*pass++ = '\0';
free(request->hr_authuser);
free(request->hr_authpass);
- request->hr_authuser = bozostrdup(httpd, authbuf);
- request->hr_authpass = bozostrdup(httpd, pass);
+ request->hr_authuser = bozostrdup(httpd, request, authbuf);
+ request->hr_authpass = bozostrdup(httpd, request, pass);
debug((httpd, DEBUG_FAT,
"decoded authorization `%s' as `%s':`%s'",
str, request->hr_authuser, request->hr_authpass));
@@ -190,8 +191,8 @@
if (code == 401)
bozo_printf(httpd,
"WWW-Authenticate: Basic realm=\"%s\"\r\n",
- (request && request->hr_authrealm) ?
- request->hr_authrealm : "default realm");
+ request->hr_authrealm ?
+ request->hr_authrealm : "default realm");
}
#ifndef NO_CGIBIN_SUPPORT
diff -r d0436c40dfbe -r 5138b8c87cfb libexec/httpd/bozohttpd.8
--- a/libexec/httpd/bozohttpd.8 Tue Apr 12 06:35:43 2016 +0000
+++ b/libexec/httpd/bozohttpd.8 Fri Apr 15 18:55:49 2016 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: bozohttpd.8,v 1.46.4.4 2015/05/09 08:50:42 snj Exp $
+.\" $NetBSD: bozohttpd.8,v 1.46.4.4.2.1 2016/04/15 18:55:49 snj Exp $
.\"
.\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $
.\"
@@ -26,7 +26,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd May 1, 2015
+.Dd December 12, 2015
.Dt BOZOHTTPD 8
.Os
.Sh NAME
@@ -34,13 +34,14 @@
.Nd hyper text transfer protocol version 1.1 daemon
.Sh SYNOPSIS
.Nm
-.Op Fl CIMPSZciptvx
+.Op Fl EHVXefhnsu
.Op Fl C Ar suffix cgihandler
.Op Fl I Ar port
.Op Fl L Ar prefix script
.Op Fl M Ar suffix type encoding encoding11
.Op Fl P Ar pidfile
.Op Fl S Ar server_software
+.Op Fl U Ar username
.Op Fl Z Ar cert privkey
.Op Fl c Ar cgibin
.Op Fl i Ar address
@@ -48,6 +49,7 @@
.Op Fl t Ar chrootdir
.Op Fl v Ar virtualroot
.Op Fl x Ar index
+.Op Fl z Ar ciphers
.Ar slashdir
.Op Ar myname
.Sh DESCRIPTION
@@ -111,9 +113,11 @@
directory.
In other words, all CGI URL's must begin with
.Em \%/cgi-bin/ .
-Note that the CGI/1.1 interface is not available with
+Note that the CGI/1.1 interface is available with
.Em ~user
-translation.
+translation using
+.Fl E
+switch.
.It Fl e
Causes
.Nm
@@ -223,15 +227,6 @@
.Dq public_html
to
.Ar pubdir .
-.It Fl r
-Forces pages besides the
-.Dq index.html
-(see the
-.Fl X
-option) page to require that the Referrer: header be present and
-refer to this web server, otherwise a redirect to the
-.Dq index.html
-page will be returned instead.
.It Fl S Ar server_software
Sets the internal server version to
.Ar server_software .
@@ -270,6 +265,12 @@
(but see the
.Fl p
option above).
+.It Fl E
+Enables CGI/1.1 interface for
+.Em ~user
+translation.
+Note that enabling this support implies that users can run
+commands as web server user, this may have security implications.
.It Fl V
Sets the default virtual host directory to
.Ar slashdir .
@@ -303,6 +304,9 @@
.Dq index.html
to
.Ar index .
+.It Fl z Ar ciphers
+Sets the list of SSL ciphers (see
+.Xr SSL_CTX_set_cipher_list 3 ) .
.It Fl Z Ar certificate_path privatekey_path
Sets the path to the server certificate file and the private key file
in pem format.
@@ -333,7 +337,8 @@
option),
.Nm
has little internal networking knowledge.
-(Indeed, you can run it on the command line with little change of functionality.)
+(Indeed, you can run it on the command line with little change of
+functionality.)
A typical
.Xr inetd.conf 5
entry would be:
@@ -425,7 +430,7 @@
.Dq -lcrypt .
.Ss SSL SUPPORT
.Nm
-has support for SSLv2, SSLv3, and TLSv1 protocols that is included by
+has support for TLSv1.1 and TLSv1.2 protocols that are included by
default.
It requires linking with the crypto and ssl library, using
.Dq -lcrypto -lssl .
@@ -462,12 +467,23 @@
.Nm
will perform a smart redirect to the target of this symlink.
The target is assumed to live on the same server.
+If target starts with slash then absolute redirection is performed,
+otherwise it's handled as relative.
If a
.Pa .bzabsredirect
symbolic link is found,
.Nm
will redirect to the absolute url pointed to by this symlink.
This is useful to redirect to different servers.
+Two forms of redirection are supported - symbolic link without schema will use
+.Em http://
+as default i.e. link to
+.Em NetBSD.org
+will redirect to
+.Em http://NetBSD.org/
+Otherwise provided schema will be used i.e. symbolic link to
+.Em ftp://NetBSD.org/
+will redirect to provided the URL.
.Sh EXAMPLES
To configure set of virtual hosts, one would use an
.Xr inetd.conf 5
@@ -491,7 +507,7 @@
option to specify a CGI handler for a particular file type.
Typically this will be like:
.Bd -literal
-httpd -C .php /usr/pkg/bin/php /var/www
+httpd -C .php /usr/pkg/bin/php-cgi /var/www
.Ed
.Sh SEE ALSO
.Xr inetd.conf 5 ,
@@ -597,8 +613,10 @@
.It
.An Mateusz Kocielski
.Aq Mt shm%NetBSD.org@localhost
-fixed memory leaks, information disclosure issues and added support
-for using CGI handlers with directory indexing.
+fixed memory leaks, various issues with userdir support,
+information disclosure issues, added support for using CGI handlers
+with directory indexing, found several security issues and provided
+various other fixes.
.It
.An Arnaud Lacombe
.Aq Mt alc%NetBSD.org@localhost
@@ -612,7 +630,7 @@
.Aq Mt jmmv%NetBSD.org@localhost
Added the
.Fl P
-option.
+option (pidfile support) and provided some man page fixes.
.It
.An Luke Mewburn
.Aq Mt lukem%NetBSD.org@localhost
@@ -665,9 +683,6 @@
provided chroot and change-to-user support, and other various fixes
.It
Coyote Point provided various CGI fixes.
-.It
-.An Julio Merino
-added pidfile support and provided some man page fixes.
.El
.Pp
There are probably others I have forgotten (let me know if you care)
diff -r d0436c40dfbe -r 5138b8c87cfb libexec/httpd/bozohttpd.c
--- a/libexec/httpd/bozohttpd.c Tue Apr 12 06:35:43 2016 +0000
+++ b/libexec/httpd/bozohttpd.c Fri Apr 15 18:55:49 2016 +0000
Home |
Main Index |
Thread Index |
Old Index