Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-8]: src/libexec/httpd Pull up the following via patch, requested ...
details: https://anonhg.NetBSD.org/src/rev/3c49df030a06
branches: netbsd-8
changeset: 954005:3c49df030a06
user: martin <martin%NetBSD.org@localhost>
date: Sat Mar 27 13:38:51 2021 +0000
description:
Pull up the following via patch, requested by mrg in ticket #1668:
Makefile 1.30-1.31
Makefile.boot 1.7-1.9
auth-bozo.c 1.25-1.26
bozohttpd.8 1.80-1.87
bozohttpd.c 1.114-1.123,1.125-1.128
bozohttpd.h 1.61-1.68
cgi-bozo.c 1.49-1.53
content-bozo.c 1.17-1.20
daemon-bozo.c 1-.22
dir-index-bozo.c 1.33-1.34
main.c 1.23-1.27
printenv.lua 1.4-1.5
ssl-bozo.c 1.27-1.29
libbozohttpd/libbozohttpd.3 1.5-1.6
small/Makefile 1.4
testsuite/Makefile 1.14
testsuite/t16.in 1.1
testsuite/t16.out 1.1
testsuite/t17.in 1.1
testsuite/t17.out 1.1
testsuite/t18.in 1.1
testsuite/t18.out 1.1
Update to bozohttpd 20210227.
changes in bozohttpd 20210227:
o new support for content types: .tar.bz2, .tar.xz, .tar.lz,
.tar.zst, .tbz2, .txz, .tlz, .zipx, .xz, .zst, .sz, .lz, .lzma,
.lzo, .7z, .lzo, .cab, .dmg, .jar, and .rar. should fix
netbsd PR#56026:
MIME type of .tar.xz file on ny{cdn,ftp}.NetBSD.org is invalid
changes in bozohttpd 20210211:
o fix various NULL derefs from malformed headers. mostly from
<emily@ingalls.rocks>.
o fix memory leaks in library interface: add bozo_cleanup().
changes in bozohttpd 20201014:
o also set -D_GNU_SOURCE in Makefile.boot. from
hadrien.lacour%posteo.net@localhost.
o fix array size botch (assertion, not exploitable.) from
martin%netbsd.org@localhost.
o also match %2F as well as %2f. from leah%vuxu.org@localhost.
o many manual and help fixes. clean ups for higher lint levels,
consistency/style clean ups. various option fixes including made
-f imply -b. from <henrik%gulbra.net@localhost> for freebsd.
changes in bozohttpd 20200912:
o add .m4a and .m4v file extensions.
changes in bozohttpd 20200820:
o make this work on sun2 by reducing mmap window there.
o fix SSL shutdown sequence. from spz%netbsd.org@localhost.
o add readme support to directory indexing. from jmcneill%netbsd.org@localhost
o add blocklist(8) support. from jruoho%netbsd.org@localhost.
diffstat:
libexec/httpd/CHANGES | 33 +++++++-
libexec/httpd/Makefile | 10 +-
libexec/httpd/Makefile.boot | 6 +-
libexec/httpd/auth-bozo.c | 9 +-
libexec/httpd/bozohttpd.8 | 116 ++++++++++++++++++++-----
libexec/httpd/bozohttpd.c | 135 ++++++++++++++++++++++++-----
libexec/httpd/bozohttpd.h | 29 ++++-
libexec/httpd/cgi-bozo.c | 24 +++--
libexec/httpd/content-bozo.c | 33 ++++++-
libexec/httpd/daemon-bozo.c | 16 ++-
libexec/httpd/dir-index-bozo.c | 26 +++++-
libexec/httpd/libbozohttpd/Makefile | 4 +-
libexec/httpd/libbozohttpd/libbozohttpd.3 | 13 ++-
libexec/httpd/main.c | 70 ++++++++------
libexec/httpd/printenv.lua | 16 ++-
libexec/httpd/small/Makefile | 2 +-
libexec/httpd/ssl-bozo.c | 28 ++++-
libexec/httpd/testsuite/Makefile | 4 +-
libexec/httpd/testsuite/t16.in | Bin
libexec/httpd/testsuite/t16.out | 11 ++
libexec/httpd/testsuite/t17.in | Bin
libexec/httpd/testsuite/t17.out | 2 +
libexec/httpd/testsuite/t18.in | Bin
libexec/httpd/testsuite/t18.out | 10 ++
24 files changed, 455 insertions(+), 142 deletions(-)
diffs (truncated from 1551 to 300 lines):
diff -r fcba0eab99b8 -r 3c49df030a06 libexec/httpd/CHANGES
--- a/libexec/httpd/CHANGES Sat Mar 27 13:10:43 2021 +0000
+++ b/libexec/httpd/CHANGES Sat Mar 27 13:38:51 2021 +0000
@@ -1,4 +1,35 @@
-$NetBSD: CHANGES,v 1.25.4.3 2019/06/12 10:32:00 martin Exp $
+$NetBSD: CHANGES,v 1.25.4.4 2021/03/27 13:38:51 martin Exp $
+
+changes in bozohttpd 20210227:
+ o new support for content types: .tar.bz2, .tar.xz, .tar.lz,
+ .tar.zst, .tbz2, .txz, .tlz, .zipx, .xz, .zst, .sz, .lz, .lzma,
+ .lzo, .7z, .lzo, .cab, .dmg, .jar, and .rar. should fix
+ netbsd PR#56026:
+ MIME type of .tar.xz file on ny{cdn,ftp}.NetBSD.org is invalid
+
+changes in bozohttpd 20210211:
+ o fix various NULL derefs from malformed headers. mostly from
+ <emily@ingalls.rocks>.
+ o fix memory leaks in library interface: add bozo_cleanup().
+
+changes in bozohttpd 20201014:
+ o also set -D_GNU_SOURCE in Makefile.boot. from
+ hadrien.lacour%posteo.net@localhost.
+ o fix array size botch (assertion, not exploitable.) from
+ martin%netbsd.org@localhost.
+ o also match %2F as well as %2f. from leah%vuxu.org@localhost.
+ o many manual and help fixes. clean ups for higher lint levels,
+ consistency/style clean ups. various option fixes including made
+ -f imply -b. from <henrik%gulbra.net@localhost> for freebsd.
+
+changes in bozohttpd 20200912:
+ o add .m4a and .m4v file extensions.
+
+changes in bozohttpd 20200820:
+ o make this work on sun2 by reducing mmap window there.
+ o fix SSL shutdown sequence. from spz%netbsd.org@localhost.
+ o add readme support to directory indexing. from jmcneill%netbsd.org@localhost
+ o add blocklist(8) support. from jruoho%netbsd.org@localhost.
changes in bozohttpd 20190228:
o extend timeout facility to ssl and stop servers hanging forever
diff -r fcba0eab99b8 -r 3c49df030a06 libexec/httpd/Makefile
--- a/libexec/httpd/Makefile Sat Mar 27 13:10:43 2021 +0000
+++ b/libexec/httpd/Makefile Sat Mar 27 13:38:51 2021 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.27.2.1 2019/06/12 10:32:00 martin Exp $
+# $NetBSD: Makefile,v 1.27.2.2 2021/03/27 13:38:51 martin Exp $
#
# $eterna: Makefile,v 1.30 2010/07/11 00:34:27 mrg Exp $
#
@@ -23,7 +23,7 @@
# for setting CFLAGS relevant to your make, eg
# % make COPTS="-DDO_HTPASSWD"
-COPTS+= -DDO_HTPASSWD
+COPTS+= -DDO_HTPASSWD -DNO_BLOCKLIST_SUPPORT
PROG= bozohttpd
LINKS= ${BINDIR}/bozohttpd ${BINDIR}/httpd
MAN= bozohttpd.8
@@ -80,6 +80,12 @@
check:
cd ${.CURDIR}/testsuite && ${MAKE} check
+.if empty(BOZOVER)
+BOZOVER!= sed -n \
+ -e s/\"$$// -e \
+ 's/\#define[ ]*SERVER_SOFTWARE[ ]*\"bozohttpd\///p' ${.PARSEDIR}/bozohttpd.c
+.endif
+
# Create a distfile: uses /tmp
BASE=bozohttpd-${BOZOVER}
TAR=${BASE}.tar
diff -r fcba0eab99b8 -r 3c49df030a06 libexec/httpd/Makefile.boot
--- a/libexec/httpd/Makefile.boot Sat Mar 27 13:10:43 2021 +0000
+++ b/libexec/httpd/Makefile.boot Sat Mar 27 13:38:51 2021 +0000
@@ -6,18 +6,20 @@
CC= cc
OPT= -O
LARGE_CFLAGS= -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64
-LOCAL_CFLAGS= -DNO_LUA_SUPPORT
+LOCAL_CFLAGS= -DNO_LUA_SUPPORT -DNO_BLOCKLIST_SUPPORT -D_GNU_SOURCE -D_DEFAULT_SOURCE
CFLAGS= $(OPT) $(LARGE_CFLAGS) $(LOCAL_CFLAGS)
GROFF= groff -Tascii
CRYPTOLIBDIR= # -L/usr/local/lib
CRYPTOLIBS= $(CRYPTOLIBDIR) -lcrypto -lssl
+LIBS= $(CRYPTOLIBS) $(EXTRALIBS)
+
FILES= bozohttpd.c auth-bozo.c cgi-bozo.c content-bozo.c daemon-bozo.c \
dir-index-bozo.c lua-bozo.c ssl-bozo.c tilde-luzah-bozo.c main.c
all:
- $(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -o bozohttpd $(FILES) $(CRYPTOLIBS)
+ $(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -o bozohttpd $(FILES) $(LIBS)
man:
$(GROFF) -mandoc bozohttpd.8 > bozohttpd.cat8
diff -r fcba0eab99b8 -r 3c49df030a06 libexec/httpd/auth-bozo.c
--- a/libexec/httpd/auth-bozo.c Sat Mar 27 13:10:43 2021 +0000
+++ b/libexec/httpd/auth-bozo.c Sat Mar 27 13:38:51 2021 +0000
@@ -1,9 +1,9 @@
-/* $NetBSD: auth-bozo.c,v 1.18.8.2 2019/06/12 10:32:00 martin Exp $ */
+/* $NetBSD: auth-bozo.c,v 1.18.8.3 2021/03/27 13:38:51 martin Exp $ */
/* $eterna: auth-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $ */
/*
- * Copyright (c) 1997-2019 Matthew R. Green
+ * Copyright (c) 1997-2020 Matthew R. Green
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -105,6 +105,11 @@
pass) != 0)
break;
fclose(fp);
+
+#ifndef NO_BLOCKLIST_SUPPORT
+ pfilter_notify(BLOCKLIST_AUTH_OK, 200);
+#endif /* !NO_BLOCKLIST_SUPPORT */
+
return 0;
}
}
diff -r fcba0eab99b8 -r 3c49df030a06 libexec/httpd/bozohttpd.8
--- a/libexec/httpd/bozohttpd.8 Sat Mar 27 13:10:43 2021 +0000
+++ b/libexec/httpd/bozohttpd.8 Sat Mar 27 13:38:51 2021 +0000
@@ -1,8 +1,8 @@
-.\" $NetBSD: bozohttpd.8,v 1.65.4.2 2019/06/12 10:32:00 martin Exp $
+.\" $NetBSD: bozohttpd.8,v 1.65.4.3 2021/03/27 13:38:51 martin Exp $
.\"
.\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $
.\"
-.\" Copyright (c) 1997-2019 Matthew R. Green
+.\" Copyright (c) 1997-2021 Matthew R. Green
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
@@ -26,7 +26,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd February 27, 2019
+.Dd February 27, 2021
.Dt BOZOHTTPD 8
.Os
.Sh NAME
@@ -34,13 +34,14 @@
.Nd hyper text transfer protocol version 1.1 daemon
.Sh SYNOPSIS
.Nm
-.Op Fl EGHVXefhnsu
+.Op Fl EGHVXdefhnsu
.Op Fl C Ar suffix cgihandler
.Op Fl I Ar port
.Op Fl L Ar prefix script
.Op Fl M Ar suffix type encoding encoding11
.Op Fl P Ar pidfile
-.Op Fl S Ar server_software
+.Op Fl R Ar readme
+.Op Fl S Ar version
.Op Fl T Ar type timeout
.Op Fl U Ar username
.Op Fl Z Ar cert privkey
@@ -119,6 +120,15 @@
translation using
.Fl E
switch.
+.It Fl d
+Enables debug support.
+.It Fl E
+Enables CGI/1.1 interface for
+.Em ~user
+translation.
+Note that enabling this support implies that users can run commands
+as the web server user.
+This may have security implications.
.It Fl e
Causes
.Nm
@@ -130,9 +140,12 @@
.It Fl f
Stops the
.Fl b
-flag from
+flag from detaching
.Nm
-detaching from the tty and going into the background.
+from the tty and going into the background.
+This implies the
+.Fl b
+flag.
.It Fl G
Get the
.Nm
@@ -211,12 +224,10 @@
.It Fl n
Stops
.Nm
-from doing IP address to name resolution of hosts for setting the
+from doing IP address to name resolution of remote hosts.
+This affects the
.Ev REMOTE_HOST
-variable before running a CGI program.
-This option has no effect without the
-.Fl c
-option.
+environment variable for CGI programs and Lua scripts.
.It Fl P Ar pidfile
Causes
.Nm
@@ -232,9 +243,13 @@
.Dq public_html
to
.Ar pubdir .
-.It Fl S Ar server_software
+.It Fl R Ar readme
+When directory indexing is enabled, include the contents of the file
+.Ar readme
+in the footer of the directory index.
+.It Fl S Ar version
Sets the internal server version to
-.Ar server_software .
+.Ar version .
.It Fl s
Forces logging to be set to stderr always.
.It Fl T Ar type timeout
@@ -285,12 +300,6 @@
(but see the
.Fl p
option above).
-.It Fl E
-Enables CGI/1.1 interface for
-.Em ~user
-translation.
-Note that enabling this support implies that users can run
-commands as web server user, this may have security implications.
.It Fl V
Sets the backup virtual host directory to the
.Ar slashdir
@@ -325,15 +334,15 @@
.Dq index.html
to
.Ar index .
-.It Fl z Ar ciphers
-Sets the list of SSL ciphers (see
-.Xr SSL_CTX_set_cipher_list 3 ) .
.It Fl Z Ar certificate_path privatekey_path
Sets the path to the server certificate file and the private key file
in PEM format.
It also causes
.Nm
to start SSL mode.
+.It Fl z Ar ciphers
+Sets the list of SSL ciphers (see
+.Xr SSL_CTX_set_cipher_list 3 ) .
.El
.Pp
Note that in
@@ -449,6 +458,44 @@
on the compiler command line to enable this support.
It may require linking with the crypt library, using
.Dq -lcrypt .
+.Ss BLOCKLIST SUPPORT
+On
+.Nx ,
+.Nm
+supports
+.Xr blocklistd 8
+by default.
+The support can be disabled with the
+.Dq -DNO_BLOCKLIST_SUPPORT
+compilation option.
+.Pp
+Upon occurrence,
+.Nm
+reports two HTTP status codes to
+.Xr blocklistd 8
+as failures:
+.Em 401
+(``Unauthorized'')
+and
+.Em 403
+(``Forbidden'') .
+Of these,
+.Em 401
+is the one received upon authorization failure with the
+HTTP Basic Authorization mechanism.
+A successful authorization decreases the counter kept by
+.Xr blocklistd 8 .
+.Pp
+Note that the implementation of the HTTP Basic Authorization mechanism
+uses a redirection; a status code
+.Em 401
+is always initially received.
+Therefore, a single authorization failure of
+.Pa .htpasswd
+is reported as two failures to
+.Xr blocklistd 8 ,
+but no failures are recorded upon successful authorization
Home |
Main Index |
Thread Index |
Old Index