PR/59644 CVS commit: [netbsd-11] src/libexec/httpd

To: mrg%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost, campbell+netbsd%mumble.net@localhost
Subject: PR/59644 CVS commit: [netbsd-11] src/libexec/httpd
From: "Martin Husemann" <martin%netbsd.org@localhost>
Date: Thu, 7 May 2026 15:55:02 +0000 (UTC)

The following reply was made to PR bin/59644; it has been noted by GNATS.

From: "Martin Husemann" <martin%netbsd.org@localhost>
To: gnats-bugs%gnats.NetBSD.org@localhost
Cc: 
Subject: PR/59644 CVS commit: [netbsd-11] src/libexec/httpd
Date: Thu, 7 May 2026 15:51:07 +0000

 Module Name:	src
 Committed By:	martin
 Date:		Thu May  7 15:51:07 UTC 2026
 
 Modified Files:
 	src/libexec/httpd [netbsd-11]: CHANGES auth-bozo.c bozohttpd.8
 	    bozohttpd.c bozohttpd.h daemon-bozo.c lua-bozo.c ssl-bozo.c
 
 Log Message:
 Pull up following revision(s) (requested by mrg in ticket #268):
 
 	libexec/httpd/CHANGES: revision 1.57
 	libexec/httpd/daemon-bozo.c: revision 1.23
 	libexec/httpd/bozohttpd.8: revision 1.101
 	libexec/httpd/lua-bozo.c: revision 1.16
 	libexec/httpd/auth-bozo.c: revision 1.29
 	libexec/httpd/bozohttpd.h: revision 1.74
 	libexec/httpd/ssl-bozo.c: revision 1.35
 	libexec/httpd/ssl-bozo.c: revision 1.36
 	libexec/httpd/ssl-bozo.c: revision 1.37
 	libexec/httpd/bozohttpd.c: revision 1.150
 	libexec/httpd/bozohttpd.c: revision 1.151
 	libexec/httpd/bozohttpd.c: revision 1.152
 
 Fix iteration over protos[] to prevent out-of-bounds access
 
 Fix use-after-free in the "<a  rel="nofollow" href="http://"";>http://";</a>; case
 
 Fix double free of uri (later handled by bozo_clean_request())
 
 Fix off-by-one in case user provided '\x80' in the auth string
 log the correct port when using https.
 fixes PR#59644.
 
 make the default min TLS version 1.1, as it was documented to be.
 fixes PR#58878.
 
 call this bozohttpd 20260503, and update the CHANGES for the last 2 years
 o  fix the default minimum TLS version to 1.1 from 1.3.  the
    manual already said 1.1 was the default.  fixes PR#58878.
 o  log the correct port with TLS connections.  fixes PR#59644.
 o  fix use-after-free, double-free, and bounds checking problems.
    from shm.
 o  better lint support.
 o  several updates for the manual.  from lukem.
 add D Bohdan to the contributors list.
 
 
 To generate a diff of this commit:
 cvs rdiff -u -r1.56 -r1.56.4.1 src/libexec/httpd/CHANGES
 cvs rdiff -u -r1.28 -r1.28.4.1 src/libexec/httpd/auth-bozo.c
 cvs rdiff -u -r1.100 -r1.100.2.1 src/libexec/httpd/bozohttpd.8
 cvs rdiff -u -r1.149 -r1.149.2.1 src/libexec/httpd/bozohttpd.c
 cvs rdiff -u -r1.73 -r1.73.6.1 src/libexec/httpd/bozohttpd.h
 cvs rdiff -u -r1.22 -r1.22.10.1 src/libexec/httpd/daemon-bozo.c
 cvs rdiff -u -r1.15 -r1.15.24.1 src/libexec/httpd/lua-bozo.c
 cvs rdiff -u -r1.34 -r1.34.4.1 src/libexec/httpd/ssl-bozo.c
 
 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

Prev by Date: PR/58878 CVS commit: [netbsd-11] src/libexec/httpd
Next by Date: PR/58878 CVS commit: [netbsd-10] src/libexec/httpd
Previous by Thread: PR/58878 CVS commit: [netbsd-11] src/libexec/httpd
Next by Thread: PR/58878 CVS commit: [netbsd-10] src/libexec/httpd
Indexes:

Home | Main Index | Thread Index | Old Index