Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/netbsd-8]: src/libexec/httpd Pull up the following via patch, requested ...



details:   https://anonhg.NetBSD.org/src/rev/3c49df030a06
branches:  netbsd-8
changeset: 954005:3c49df030a06
user:      martin <martin%NetBSD.org@localhost>
date:      Sat Mar 27 13:38:51 2021 +0000

description:
Pull up the following via patch, requested by mrg in ticket #1668:

        Makefile                        1.30-1.31
        Makefile.boot                   1.7-1.9
        auth-bozo.c                     1.25-1.26
        bozohttpd.8                     1.80-1.87
        bozohttpd.c                     1.114-1.123,1.125-1.128
        bozohttpd.h                     1.61-1.68
        cgi-bozo.c                      1.49-1.53
        content-bozo.c                  1.17-1.20
        daemon-bozo.c                   1-.22
        dir-index-bozo.c                1.33-1.34
        main.c                          1.23-1.27
        printenv.lua                    1.4-1.5
        ssl-bozo.c                      1.27-1.29
        libbozohttpd/libbozohttpd.3     1.5-1.6
        small/Makefile                  1.4
        testsuite/Makefile              1.14
        testsuite/t16.in                1.1
        testsuite/t16.out               1.1
        testsuite/t17.in                1.1
        testsuite/t17.out               1.1
        testsuite/t18.in                1.1
        testsuite/t18.out               1.1

Update to bozohttpd 20210227.


changes in bozohttpd 20210227:
        o  new support for content types: .tar.bz2, .tar.xz, .tar.lz,
           .tar.zst, .tbz2, .txz, .tlz, .zipx, .xz, .zst, .sz, .lz, .lzma,
           .lzo, .7z, .lzo, .cab, .dmg, .jar, and .rar.  should fix
           netbsd PR#56026:
           MIME type of .tar.xz file on ny{cdn,ftp}.NetBSD.org is invalid

changes in bozohttpd 20210211:
        o  fix various NULL derefs from malformed headers.  mostly from
           <emily@ingalls.rocks>.
        o  fix memory leaks in library interface: add bozo_cleanup().

changes in bozohttpd 20201014:
        o  also set -D_GNU_SOURCE in Makefile.boot.  from
           hadrien.lacour%posteo.net@localhost.
        o  fix array size botch (assertion, not exploitable.)  from
           martin%netbsd.org@localhost.
        o  also match %2F as well as %2f.  from leah%vuxu.org@localhost.
        o  many manual and help fixes.  clean ups for higher lint levels,
           consistency/style clean ups.  various option fixes including made
           -f imply -b.  from <henrik%gulbra.net@localhost> for freebsd.

changes in bozohttpd 20200912:
        o  add .m4a and .m4v file extensions.

changes in bozohttpd 20200820:
        o  make this work on sun2 by reducing mmap window there.
        o  fix SSL shutdown sequence.  from spz%netbsd.org@localhost.
        o  add readme support to directory indexing.  from jmcneill%netbsd.org@localhost
        o  add blocklist(8) support.  from jruoho%netbsd.org@localhost.

diffstat:

 libexec/httpd/CHANGES                     |   33 +++++++-
 libexec/httpd/Makefile                    |   10 +-
 libexec/httpd/Makefile.boot               |    6 +-
 libexec/httpd/auth-bozo.c                 |    9 +-
 libexec/httpd/bozohttpd.8                 |  116 ++++++++++++++++++++-----
 libexec/httpd/bozohttpd.c                 |  135 ++++++++++++++++++++++++-----
 libexec/httpd/bozohttpd.h                 |   29 ++++-
 libexec/httpd/cgi-bozo.c                  |   24 +++--
 libexec/httpd/content-bozo.c              |   33 ++++++-
 libexec/httpd/daemon-bozo.c               |   16 ++-
 libexec/httpd/dir-index-bozo.c            |   26 +++++-
 libexec/httpd/libbozohttpd/Makefile       |    4 +-
 libexec/httpd/libbozohttpd/libbozohttpd.3 |   13 ++-
 libexec/httpd/main.c                      |   70 ++++++++------
 libexec/httpd/printenv.lua                |   16 ++-
 libexec/httpd/small/Makefile              |    2 +-
 libexec/httpd/ssl-bozo.c                  |   28 ++++-
 libexec/httpd/testsuite/Makefile          |    4 +-
 libexec/httpd/testsuite/t16.in            |  Bin 
 libexec/httpd/testsuite/t16.out           |   11 ++
 libexec/httpd/testsuite/t17.in            |  Bin 
 libexec/httpd/testsuite/t17.out           |    2 +
 libexec/httpd/testsuite/t18.in            |  Bin 
 libexec/httpd/testsuite/t18.out           |   10 ++
 24 files changed, 455 insertions(+), 142 deletions(-)

diffs (truncated from 1551 to 300 lines):

diff -r fcba0eab99b8 -r 3c49df030a06 libexec/httpd/CHANGES
--- a/libexec/httpd/CHANGES     Sat Mar 27 13:10:43 2021 +0000
+++ b/libexec/httpd/CHANGES     Sat Mar 27 13:38:51 2021 +0000
@@ -1,4 +1,35 @@
-$NetBSD: CHANGES,v 1.25.4.3 2019/06/12 10:32:00 martin Exp $
+$NetBSD: CHANGES,v 1.25.4.4 2021/03/27 13:38:51 martin Exp $
+
+changes in bozohttpd 20210227:
+       o  new support for content types: .tar.bz2, .tar.xz, .tar.lz,
+          .tar.zst, .tbz2, .txz, .tlz, .zipx, .xz, .zst, .sz, .lz, .lzma,
+          .lzo, .7z, .lzo, .cab, .dmg, .jar, and .rar.  should fix
+          netbsd PR#56026:
+          MIME type of .tar.xz file on ny{cdn,ftp}.NetBSD.org is invalid
+
+changes in bozohttpd 20210211:
+       o  fix various NULL derefs from malformed headers.  mostly from
+          <emily@ingalls.rocks>.
+       o  fix memory leaks in library interface: add bozo_cleanup().
+
+changes in bozohttpd 20201014:
+       o  also set -D_GNU_SOURCE in Makefile.boot.  from
+          hadrien.lacour%posteo.net@localhost.
+       o  fix array size botch (assertion, not exploitable.)  from
+          martin%netbsd.org@localhost.
+       o  also match %2F as well as %2f.  from leah%vuxu.org@localhost.
+       o  many manual and help fixes.  clean ups for higher lint levels,
+          consistency/style clean ups.  various option fixes including made
+          -f imply -b.  from <henrik%gulbra.net@localhost> for freebsd.
+
+changes in bozohttpd 20200912:
+       o  add .m4a and .m4v file extensions.
+
+changes in bozohttpd 20200820:
+       o  make this work on sun2 by reducing mmap window there.
+       o  fix SSL shutdown sequence.  from spz%netbsd.org@localhost.
+       o  add readme support to directory indexing.  from jmcneill%netbsd.org@localhost
+       o  add blocklist(8) support.  from jruoho%netbsd.org@localhost.
 
 changes in bozohttpd 20190228:
        o  extend timeout facility to ssl and stop servers hanging forever
diff -r fcba0eab99b8 -r 3c49df030a06 libexec/httpd/Makefile
--- a/libexec/httpd/Makefile    Sat Mar 27 13:10:43 2021 +0000
+++ b/libexec/httpd/Makefile    Sat Mar 27 13:38:51 2021 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: Makefile,v 1.27.2.1 2019/06/12 10:32:00 martin Exp $
+#      $NetBSD: Makefile,v 1.27.2.2 2021/03/27 13:38:51 martin Exp $
 #
 #      $eterna: Makefile,v 1.30 2010/07/11 00:34:27 mrg Exp $
 #
@@ -23,7 +23,7 @@
 # for setting CFLAGS relevant to your make, eg
 #   % make COPTS="-DDO_HTPASSWD"
 
-COPTS+=        -DDO_HTPASSWD
+COPTS+=        -DDO_HTPASSWD -DNO_BLOCKLIST_SUPPORT
 PROG=  bozohttpd
 LINKS= ${BINDIR}/bozohttpd ${BINDIR}/httpd
 MAN=   bozohttpd.8
@@ -80,6 +80,12 @@
 check:
        cd ${.CURDIR}/testsuite && ${MAKE} check
 
+.if empty(BOZOVER)
+BOZOVER!=      sed -n \
+                   -e s/\"$$// -e \
+                   's/\#define[        ]*SERVER_SOFTWARE[      ]*\"bozohttpd\///p'  ${.PARSEDIR}/bozohttpd.c
+.endif
+
 # Create a distfile: uses /tmp
 BASE=bozohttpd-${BOZOVER}
 TAR=${BASE}.tar
diff -r fcba0eab99b8 -r 3c49df030a06 libexec/httpd/Makefile.boot
--- a/libexec/httpd/Makefile.boot       Sat Mar 27 13:10:43 2021 +0000
+++ b/libexec/httpd/Makefile.boot       Sat Mar 27 13:38:51 2021 +0000
@@ -6,18 +6,20 @@
 CC=    cc
 OPT=   -O
 LARGE_CFLAGS=  -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64
-LOCAL_CFLAGS=  -DNO_LUA_SUPPORT
+LOCAL_CFLAGS=  -DNO_LUA_SUPPORT -DNO_BLOCKLIST_SUPPORT -D_GNU_SOURCE -D_DEFAULT_SOURCE
 CFLAGS=        $(OPT) $(LARGE_CFLAGS) $(LOCAL_CFLAGS)
 
 GROFF= groff -Tascii
 CRYPTOLIBDIR=  # -L/usr/local/lib
 CRYPTOLIBS=    $(CRYPTOLIBDIR) -lcrypto -lssl
 
+LIBS=  $(CRYPTOLIBS) $(EXTRALIBS)
+
 FILES= bozohttpd.c auth-bozo.c cgi-bozo.c content-bozo.c daemon-bozo.c \
        dir-index-bozo.c lua-bozo.c ssl-bozo.c tilde-luzah-bozo.c main.c
 
 all:
-       $(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -o bozohttpd $(FILES) $(CRYPTOLIBS)
+       $(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -o bozohttpd $(FILES) $(LIBS)
 
 man:
        $(GROFF) -mandoc bozohttpd.8 > bozohttpd.cat8
diff -r fcba0eab99b8 -r 3c49df030a06 libexec/httpd/auth-bozo.c
--- a/libexec/httpd/auth-bozo.c Sat Mar 27 13:10:43 2021 +0000
+++ b/libexec/httpd/auth-bozo.c Sat Mar 27 13:38:51 2021 +0000
@@ -1,9 +1,9 @@
-/*     $NetBSD: auth-bozo.c,v 1.18.8.2 2019/06/12 10:32:00 martin Exp $        */
+/*     $NetBSD: auth-bozo.c,v 1.18.8.3 2021/03/27 13:38:51 martin Exp $        */
 
 /*     $eterna: auth-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $       */
 
 /*
- * Copyright (c) 1997-2019 Matthew R. Green
+ * Copyright (c) 1997-2020 Matthew R. Green
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -105,6 +105,11 @@
                                        pass) != 0)
                                break;
                        fclose(fp);
+
+#ifndef NO_BLOCKLIST_SUPPORT
+                       pfilter_notify(BLOCKLIST_AUTH_OK, 200);
+#endif /* !NO_BLOCKLIST_SUPPORT */
+
                        return 0;
                }
        }
diff -r fcba0eab99b8 -r 3c49df030a06 libexec/httpd/bozohttpd.8
--- a/libexec/httpd/bozohttpd.8 Sat Mar 27 13:10:43 2021 +0000
+++ b/libexec/httpd/bozohttpd.8 Sat Mar 27 13:38:51 2021 +0000
@@ -1,8 +1,8 @@
-.\"    $NetBSD: bozohttpd.8,v 1.65.4.2 2019/06/12 10:32:00 martin Exp $
+.\"    $NetBSD: bozohttpd.8,v 1.65.4.3 2021/03/27 13:38:51 martin Exp $
 .\"
 .\"    $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $
 .\"
-.\" Copyright (c) 1997-2019 Matthew R. Green
+.\" Copyright (c) 1997-2021 Matthew R. Green
 .\" All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
@@ -26,7 +26,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd February 27, 2019
+.Dd February 27, 2021
 .Dt BOZOHTTPD 8
 .Os
 .Sh NAME
@@ -34,13 +34,14 @@
 .Nd hyper text transfer protocol version 1.1 daemon
 .Sh SYNOPSIS
 .Nm
-.Op Fl EGHVXefhnsu
+.Op Fl EGHVXdefhnsu
 .Op Fl C Ar suffix cgihandler
 .Op Fl I Ar port
 .Op Fl L Ar prefix script
 .Op Fl M Ar suffix type encoding encoding11
 .Op Fl P Ar pidfile
-.Op Fl S Ar server_software
+.Op Fl R Ar readme
+.Op Fl S Ar version
 .Op Fl T Ar type timeout
 .Op Fl U Ar username
 .Op Fl Z Ar cert privkey
@@ -119,6 +120,15 @@
 translation using
 .Fl E
 switch.
+.It Fl d
+Enables debug support.
+.It Fl E
+Enables CGI/1.1 interface for
+.Em ~user
+translation.
+Note that enabling this support implies that users can run commands
+as the web server user.
+This may have security implications.
 .It Fl e
 Causes
 .Nm
@@ -130,9 +140,12 @@
 .It Fl f
 Stops the
 .Fl b
-flag from
+flag from detaching
 .Nm
-detaching from the tty and going into the background.
+from the tty and going into the background.
+This implies the
+.Fl b
+flag.
 .It Fl G
 Get the
 .Nm
@@ -211,12 +224,10 @@
 .It Fl n
 Stops
 .Nm
-from doing IP address to name resolution of hosts for setting the
+from doing IP address to name resolution of remote hosts.
+This affects the
 .Ev REMOTE_HOST
-variable before running a CGI program.
-This option has no effect without the
-.Fl c
-option.
+environment variable for CGI programs and Lua scripts.
 .It Fl P Ar pidfile
 Causes
 .Nm
@@ -232,9 +243,13 @@
 .Dq public_html
 to
 .Ar pubdir .
-.It Fl S Ar server_software
+.It Fl R Ar readme
+When directory indexing is enabled, include the contents of the file
+.Ar readme
+in the footer of the directory index.
+.It Fl S Ar version
 Sets the internal server version to
-.Ar server_software .
+.Ar version .
 .It Fl s
 Forces logging to be set to stderr always.
 .It Fl T Ar type timeout
@@ -285,12 +300,6 @@
 (but see the
 .Fl p
 option above).
-.It Fl E
-Enables CGI/1.1 interface for
-.Em ~user
-translation.
-Note that enabling this support implies that users can run
-commands as web server user, this may have security implications.
 .It Fl V
 Sets the backup virtual host directory to the
 .Ar slashdir
@@ -325,15 +334,15 @@
 .Dq index.html
 to
 .Ar index .
-.It Fl z Ar ciphers
-Sets the list of SSL ciphers (see
-.Xr SSL_CTX_set_cipher_list 3 ) .
 .It Fl Z Ar certificate_path privatekey_path
 Sets the path to the server certificate file and the private key file
 in PEM format.
 It also causes
 .Nm
 to start SSL mode.
+.It Fl z Ar ciphers
+Sets the list of SSL ciphers (see
+.Xr SSL_CTX_set_cipher_list 3 ) .
 .El
 .Pp
 Note that in
@@ -449,6 +458,44 @@
 on the compiler command line to enable this support.
 It may require linking with the crypt library, using
 .Dq -lcrypt .
+.Ss BLOCKLIST SUPPORT
+On
+.Nx ,
+.Nm
+supports
+.Xr blocklistd 8
+by default.
+The support can be disabled with the
+.Dq -DNO_BLOCKLIST_SUPPORT
+compilation option.
+.Pp
+Upon occurrence,
+.Nm
+reports two HTTP status codes to
+.Xr blocklistd 8
+as failures:
+.Em 401
+(``Unauthorized'')
+and
+.Em 403
+(``Forbidden'') .
+Of these,
+.Em 401
+is the one received upon authorization failure with the
+HTTP Basic Authorization mechanism.
+A successful authorization decreases the counter kept by
+.Xr blocklistd 8 .
+.Pp
+Note that the implementation of the HTTP Basic Authorization mechanism
+uses a redirection; a status code
+.Em 401
+is always initially received.
+Therefore, a single authorization failure of
+.Pa .htpasswd
+is reported as two failures to
+.Xr blocklistd 8 ,
+but no failures are recorded upon successful authorization



Home | Main Index | Thread Index | Old Index