| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
o remove obsolete .bzdirect handling.
o new "-m tlsversion" option to set the minimum TLS version
available. partially from <sunil@nimmagadda.net>.
o extend the list of available ciphers to include most of the
openssl "HIGH" with some additional disables. retain the current
list of bad options. should deal with PR#51278.
o don't assume host BUFSIZ is sufficient. small BUFSIZ leads to
always happens errors in the testsuite. switch all these buffers
to be 4KiB sized. reported by embr <git@liclac.eu>
o fix a denial of service attack against initial request contents,
now bounded at 16KiB. reported by Justin Parrott in PR#56085
o new support for content types: .tar.bz2, .tar.xz, .tar.lz,
.tar.zst, .tbz2, .txz, .tlz, .zipx, .xz, .zst, .sz, .lz, .lzma,
.lzo, .7z, .lzo, .cab, .dmg, .jar, and .rar. should fix
netbsd PR#56026:
MIME type of .tar.xz file on ny{cdn,ftp}.NetBSD.org is invalid
o fix various NULL derefs from malformed headers. mostly from
<emily@ingalls.rocks>.
o fix memory leaks in library interface: add bozo_cleanup().
|
|
|
|
changes in bozohttpd 20210227:
o new support for content types: .tar.bz2, .tar.xz, .tar.lz,
.tar.zst, .tbz2, .txz, .tlz, .zipx, .xz, .zst, .sz, .lz, .lzma,
.lzo, .7z, .lzo, .cab, .dmg, .jar, and .rar. should fix
netbsd PR#56026:
MIME type of .tar.xz file on ny{cdn,ftp}.NetBSD.org is invalid
changes in bozohttpd 20210211:
o fix various NULL derefs from malformed headers. mostly from
<emily@ingalls.rocks>.
o fix memory leaks in library interface: add bozo_cleanup().
|
|
o also set -D_GNU_SOURCE in Makefile.boot. from
hadrien.lacour@posteo.net.
o fix array size botch (assertion, not exploitable.) from
martin@netbsd.org.
o also match %2F as well as %2f. from leah@vuxu.org.
o many manual and help fixes. clean ups for higher lint levels,
consistency/style clean ups. various option fixes including made
-f imply -b. from <henrik@gulbra.net> for freebsd.
o add .m4a and .m4v file extensions.
o make this work on sun2 by reducing mmap window there.
o fix SSL shutdown sequence. from spz@netbsd.org.
o add readme support to directory indexing. from jmcneill@netbsd.org
o add blocklist(8) support. from jruoho@netbsd.org.
|
|
|
|
o extend timeout facility to ssl and stop servers hanging forever
if the client never sends anything. reported by Steffen in netbsd
PR#50655.
o don't display special files in the directory index. they aren't
served, but links to them are generated.
o fix CGI '+' parameter handling, some error checking, and a double
free. from rajeev_v_pillai@yahoo.com
o more directory indexing clean up. from rajeev_v_pillai@yahoo.com
|
|
o fix .htpasswd bypass for authenticated users. reported by JP,
from leot@netbsd.org
o avoid possible null dereference when receiving a big request that
timeout. reported by maya@netbsd.org, from leot@netbsd.org
o fix handling of -T option, from leot@netbsd.org
o cleanups and portability improvements, from maya@netbsd.org
o change directory indexing to use html tables, from
rajeev_v_pillai@yahoo.com
|
|
|
|
|
|
o add url remap support via .bzremap file, from martin@netbsd.org
o handle redirections for any protocol, not just http:
o fix a denial of service attack against header contents, which
is now bounded at 16KiB. reported by JP
o reduce default timeouts, and add expand timeouts to handle the
initial line, each header, and the total time spent
o add -T option to expose new timeout settings
o minor RFC fixes related to timeout handling
o fix special file (.htpasswd, .bz*) bypass. reported by JP.
anyone using .htpasswd files should update ASAP.
|
|
Bump PKGREVISION
Requested by <mrg>
|
|
o fix an infinite loop in cgi processing
o fixes and clean up for the testsuite
o no longer sends encoding header for compressed formats
|
|
o add search-word support for CGI
o fix a security issue in CGI suffix handler support which would
allow remote code execution, from shm@netbsd.org
o -C option supports now CGI scripts only
o add CGI support for ~user translation (-E switch)
o add redirects to ~user translation
o fix bugs around ~user translation
o add schema detection for absolute redirects
o fixed few memory leaks
o bunch of minor tweaks
o removed -r support
o smarter redirects
|
|
|
|
changes in bozohttpd 20150320:
o fix redirection handling
o support transport stream (.ts) and video object (.vob) files
o directory listings show correct file sizes for large files
changes in bozohttpd 20140717:
o properly handle SSL errors
ok @agc.
|
|
|
|
support, and fixes for truncation issues handling .htaccess and
.bz*direct files.
|
|
|
|
|
|
|
|
o update a few content types
o add support for directly calling lua scripts to handle
processes, from mbalmer@netbsd.org
o properly escape generated HTML
o add authentication for redirections, from martin@netbsd.org
o handle chained ssl certifications, from elric@netbsd.org
o add basic support for gzipped files, from elric@netbsd.org
o properly escape generated URIs
XXX: could integrate this with lua, but left undone for now.
|
|
o properly escape generated HTML
o add authentication for redirections, from martin@netbsd.org
o handle chained ssl certifications, from elric@netbsd.org
o add basic support for gzipped files, from elric@netbsd.org
o properly escape generated URIs
|
|
|
|
|
|
o add -P <pidfile> option, from jmmv@netbsd.org
o avoid crashes with http basic auth, from pooka@netbsd.org
o add support for REDIRECT_STATUS variable, from tls@netbsd.org
o support .mp4 files in the default map
o directory indexes with files with : are now displayed properly, from
reed@netbsd.org
o allow -I option to be useful in non-inetd mode as well
|
|
o use scandir() with alphasort() for sorted directory lists, from moof
o fix a serious error in vhost handling; "Host:.." would allow access to
the next level directory from the virtual root directory, from seanb
o fix some various non standard compile time errors, from rudolf
o fix dynamic CGI content maps, from rudolf
|
|
o properly fully disable multi-file mode for now
o fix the -t and -U options when used without the -e option, broken since
the library-ifcation
o be explicit that logs go to the FTP facility in syslog
|
|
o fix some compile issues
o fix SSL mode. from rtr
o fix some cgi-bin issues, as seen with cvsweb
o disable multi-file daemon mode for now, it breaks
o return 404's instead of 403's when chdir of ~user dirs fail
o remove "noreturn" attribute from bozo_http_error() that was
causing incorrect runtime behaviour
with approval from agc.
|
|
o fix SSL mode. from rtr.
|
|
some compile fixes that aren't relevant for the pkgsrc (but probably
should be...)
|
|
o major rework and clean up of internal interfaces. move the main
program into main.c, the remaining parts are useable as library.
add bindings for lua. by Alistair G. Crooks <agc@netbsd.org>
o fix http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566325
special thanks to al for the majority of these changes.
|
|
|
|
o close more leaking file descriptors for CGI and daemon mode
o add subdirs for build "debug" and "small" versions
o clean up a bad merge / duplicate code
o make mmap() usage portable, fixes linux & ranges: support
o document the -f option
o daemon mode now serves 6 files per child
|
|
o avoid dying in daemon mode for some uncommon, but recoverable, errors
o close leaking file descriptors for CGI and daemon mode
o handle poll errors properly
o don't try to handle more than one request per process yet
|
|
changes since bozohttpd 20080303:
o make bozohttpd internally more modular, preparing the way
to handle more than one request per process
o fix http-auth, set $REMOTE_USER not $REMOTEUSER. also fix
cgi-bin with cvsweb, from Holger Weiss <holger@CIS.FU-Berlin.DE>
o fix an uninitialised variable use in daemon mode
o fix ssl mode with newer OpenSSL
o mmap large files in manageable sizes so we can serve any size file
o refactor url processing to handle query strings correctly for CGI
from Sergey Katsev at Coyote Point
o add If-Modified-Since support, from Joerg Sonnenberger
<joerg@netbsd.org>
o many more manual fixes, from NetBSD
|
|
because it doesn't care about the IP family.
|
|
(or any special char, with no ?.)
|
|
include:
+ Add full DESTDIR support.
+ Split out package options into a separate options.mk file.
* Fix some cgi header processing
* Add simple Range: header processing
|
|
on packages that are affected by the switch from the openssl 0.9.7
branch to the 0.9.8 branch. ok jlam@
|
|
to build bozohttpd.
* Use a custom do-install target to install the binary and the manpage.
* Replace the pre-build target with a subst framework class.
Bump the PKGREVISION to 1 now that we no longer build or install the
catman page.
|
|
and to support the "inet6" option instead.
Remaining usage of USE_INET6 was solely for the benefit of the scripts
that generate the README.html files. Replace:
BUILD_DEFS+= USE_INET6
with
BUILD_DEFS+= IPV6_READY
and teach the README-generation tools to look for that instead.
This nukes USE_INET6 from pkgsrc proper. We leave a tiny bit of code
to continue to support USE_INET6 for pkgsrc-wip until it has been nuked
from there as well.
|
|
|
|
INSTALLATION_DIRS, as well as all occurrences of ${PREFIX}/man with
${PREFIX}/${PKGMANDIR}.
Fixes PR 35265, although I did not use the patch provided therein.
|
|
|
|
|
|
(hi phone! :-)
changes since bozohttpd 20050410:
o make directory indexing mode not look so ugly
o build a text version of the manual page
o make "make clean" work properly
|
|
about yesterday in the hurry between busses.
|
|
still considered suspect and COMMON blocks are the wave of the future.
Also, apparently we don't want underscores in constant identifiers, but
minus signs are fine. I.e. do_htpasswd -> bozohttpd-do-htpasswd.
|
|
PKG_OPTIONS.bozohttpd do_htpasswd
|
|
o fix some off-by-one errors from <roland.illig@gmx.de>
o properly support nph- CGI
o make content maps case insensitive
o fix proto header merging to include the missing comma
o major source reorganisation; most features are in separate files now
o new -V flag that makes unknown virtualhosts use slashdir
from <rumble@ephemeral.org>
o HTTP/1.x protocol headers are now properly merged for CGI
|
