From 41c917f4b092c313a4d2f01e056fb59a4fa65283 Mon Sep 17 00:00:00 2001
From: mrg <mrg@pkgsrc.org>
Date: Fri, 23 Nov 2018 21:30:26 +0000
Subject: update to bozohttpd 20181123.  changes include:

o  add url remap support via .bzremap file, from martin@netbsd.org
o  handle redirections for any protocol, not just http:
o  fix a denial of service attack against header contents, which
   is now bounded at 16KiB.  reported by JP
o  reduce default timeouts, and add expand timeouts to handle the
   initial line, each header, and the total time spent
o  add -T option to expose new timeout settings
o  minor RFC fixes related to timeout handling
o  fix special file (.htpasswd, .bz*) bypass.  reported by JP.

anyone using .htpasswd files should update ASAP.
---
 www/bozohttpd/Makefile                  |  5 ++---
 www/bozohttpd/distinfo                  | 13 ++++++-------
 www/bozohttpd/patches/patch-aa          | 24 ------------------------
 www/bozohttpd/patches/patch-auth-bozo.c | 24 ++++++++++++++++++++++++
 www/bozohttpd/patches/patch-bozohttpd.c | 17 -----------------
 5 files changed, 32 insertions(+), 51 deletions(-)
 delete mode 100644 www/bozohttpd/patches/patch-aa
 create mode 100644 www/bozohttpd/patches/patch-auth-bozo.c
 delete mode 100644 www/bozohttpd/patches/patch-bozohttpd.c

diff --git a/www/bozohttpd/Makefile b/www/bozohttpd/Makefile
index 85798d31f45..e49922f5b2f 100644
--- a/www/bozohttpd/Makefile
+++ b/www/bozohttpd/Makefile
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.88 2017/02/05 13:32:16 leot Exp $
+# $NetBSD: Makefile,v 1.89 2018/11/23 21:30:26 mrg Exp $
 #
 
-DISTNAME=	bozohttpd-20170201
-PKGREVISION=	1
+DISTNAME=	bozohttpd-20181123
 CATEGORIES=	www
 MASTER_SITES=	${MASTER_SITE_LOCAL}
 EXTRACT_SUFX=	.tar.bz2
diff --git a/www/bozohttpd/distinfo b/www/bozohttpd/distinfo
index eccaa8ee2e8..bc3da8f1251 100644
--- a/www/bozohttpd/distinfo
+++ b/www/bozohttpd/distinfo
@@ -1,10 +1,9 @@
-$NetBSD: distinfo,v 1.67 2017/02/05 13:32:16 leot Exp $
+$NetBSD: distinfo,v 1.68 2018/11/23 21:30:26 mrg Exp $
 
-SHA1 (bozohttpd-20170201.tar.bz2) = 725f1a4d1f8782126079608b479cf196ccb5e1d6
-RMD160 (bozohttpd-20170201.tar.bz2) = e1605eeb335896cf099cfd2eabd011fb9277e918
-SHA512 (bozohttpd-20170201.tar.bz2) = f8fba17a454b3825bf0562072bf0acf5890639d83e3bc5c6b7e87f13860d37a3dfc3fd155bd9873d5201b85f31185b24677c22db1cb303fd556f22afa8b7895e
-Size (bozohttpd-20170201.tar.bz2) = 55730 bytes
-SHA1 (patch-aa) = 2e70d3d10aa8bc228331cc1a229ef04106aca210
+SHA1 (bozohttpd-20181123.tar.bz2) = 1f79b928d918ef2c2b25f5d3be0e0339f9cf4c3e
+RMD160 (bozohttpd-20181123.tar.bz2) = 8df5e75a967cf171c859e41a5519c6a9eba91c47
+SHA512 (bozohttpd-20181123.tar.bz2) = 322ab15ee190d08c2371d2f9106d2bd4e3d37f4c630d53f67587218e71d4c13ca7ad54e2e6aadf0b19dd320bc78c671e8b19d9afcf3e740e67efa1b1aad637d2
+Size (bozohttpd-20181123.tar.bz2) = 58992 bytes
 SHA1 (patch-ab) = a1a56a188084440ab907995c7728e435961c5fbd
-SHA1 (patch-bozohttpd.c) = d9b38dab98910f6f372bffd3a472a2c73c79c4a3
+SHA1 (patch-auth-bozo.c) = fb3fa40bee34d156cf91d615d905bb908eb70e4d
 SHA1 (patch-cgi-bozo.c) = 420f981575d7fa1a96ac7049116b9bf64de719df
diff --git a/www/bozohttpd/patches/patch-aa b/www/bozohttpd/patches/patch-aa
deleted file mode 100644
index 278900915cd..00000000000
--- a/www/bozohttpd/patches/patch-aa
+++ /dev/null
@@ -1,24 +0,0 @@
-$NetBSD: patch-aa,v 1.19 2010/05/10 03:42:18 mrg Exp $
-
---- auth-bozo.c.orig	2010-05-09 19:51:28.000000000 -0700
-+++ auth-bozo.c	2010-05-09 20:13:45.000000000 -0700
-@@ -38,6 +38,10 @@
- #include <stdlib.h>
- #include <unistd.h>
- 
-+#ifndef NO_SSL_SUPPORT
-+#include <openssl/des.h>
-+#endif
-+
- #include "bozohttpd.h"
- 
- #ifndef AUTH_FILE
-@@ -99,7 +103,7 @@
- 			    request->hr_authpass));
- 			if (strcmp(request->hr_authuser, user) != 0)
- 				continue;
--			if (strcmp(crypt(request->hr_authpass, pass),
-+			if (strcmp(DES_crypt(request->hr_authpass, pass),
- 					pass) != 0)
- 				break;
- 			fclose(fp);
diff --git a/www/bozohttpd/patches/patch-auth-bozo.c b/www/bozohttpd/patches/patch-auth-bozo.c
new file mode 100644
index 00000000000..1c5df498196
--- /dev/null
+++ b/www/bozohttpd/patches/patch-auth-bozo.c
@@ -0,0 +1,24 @@
+$NetBSD: patch-auth-bozo.c,v 1.1 2018/11/23 21:30:27 mrg Exp $
+
+--- auth-bozo.c.orig	2018-11-23 13:10:04.000000000 -0800
++++ auth-bozo.c	2018-11-23 13:15:02.729491334 -0800
+@@ -40,6 +40,10 @@
+ #include <stdlib.h>
+ #include <unistd.h>
+ 
++#ifndef NO_SSL_SUPPORT
++#include <openssl/des.h>
++#endif
++
+ #include "bozohttpd.h"
+ 
+ static	ssize_t	base64_decode(const unsigned char *, size_t,
+@@ -101,7 +105,7 @@
+ 			    request->hr_authpass));
+ 			if (strcmp(request->hr_authuser, user) != 0)
+ 				continue;
+-			if (strcmp(crypt(request->hr_authpass, pass),
++			if (strcmp(DES_crypt(request->hr_authpass, pass),
+ 					pass) != 0)
+ 				break;
+ 			fclose(fp);
diff --git a/www/bozohttpd/patches/patch-bozohttpd.c b/www/bozohttpd/patches/patch-bozohttpd.c
deleted file mode 100644
index 3f685a49708..00000000000
--- a/www/bozohttpd/patches/patch-bozohttpd.c
+++ /dev/null
@@ -1,17 +0,0 @@
-$NetBSD: patch-bozohttpd.c,v 1.4 2017/02/05 13:32:16 leot Exp $
-
-Adjust SERVER_SOFTWARE to intended version.
-
-From -r1.86 of NetBSD's src/libexec/httpd/bozohttpd.c
-
---- bozohttpd.c.orig	2017-02-01 04:21:23.000000000 +0000
-+++ bozohttpd.c
-@@ -109,7 +109,7 @@
- #define INDEX_HTML		"index.html"
- #endif
- #ifndef SERVER_SOFTWARE
--#define SERVER_SOFTWARE		"bozohttpd/20170102"
-+#define SERVER_SOFTWARE		"bozohttpd/20170201"
- #endif
- #ifndef DIRECT_ACCESS_FILE
- #define DIRECT_ACCESS_FILE	".bzdirect"
-- 
cgit v1.2.3