CVS commit: [netbsd-11] src/libexec/httpd

To: source-changes%NetBSD.org@localhost
Subject: CVS commit: [netbsd-11] src/libexec/httpd
From: "Martin Husemann" <martin%netbsd.org@localhost>
Date: Thu, 7 May 2026 15:51:07 +0000

Module Name:    src
Committed By:   martin
Date:           Thu May  7 15:51:07 UTC 2026

Modified Files:
        src/libexec/httpd [netbsd-11]: CHANGES auth-bozo.c bozohttpd.8
            bozohttpd.c bozohttpd.h daemon-bozo.c lua-bozo.c ssl-bozo.c

Log Message:
Pull up following revision(s) (requested by mrg in ticket #268):

        libexec/httpd/CHANGES: revision 1.57
        libexec/httpd/daemon-bozo.c: revision 1.23
        libexec/httpd/bozohttpd.8: revision 1.101
        libexec/httpd/lua-bozo.c: revision 1.16
        libexec/httpd/auth-bozo.c: revision 1.29
        libexec/httpd/bozohttpd.h: revision 1.74
        libexec/httpd/ssl-bozo.c: revision 1.35
        libexec/httpd/ssl-bozo.c: revision 1.36
        libexec/httpd/ssl-bozo.c: revision 1.37
        libexec/httpd/bozohttpd.c: revision 1.150
        libexec/httpd/bozohttpd.c: revision 1.151
        libexec/httpd/bozohttpd.c: revision 1.152

Fix iteration over protos[] to prevent out-of-bounds access

Fix use-after-free in the "<a  rel="nofollow" href="http://"";>http://";</a>; case

Fix double free of uri (later handled by bozo_clean_request())

Fix off-by-one in case user provided '\x80' in the auth string
log the correct port when using https.
fixes PR#59644.

make the default min TLS version 1.1, as it was documented to be.
fixes PR#58878.

call this bozohttpd 20260503, and update the CHANGES for the last 2 years
o  fix the default minimum TLS version to 1.1 from 1.3.  the
   manual already said 1.1 was the default.  fixes PR#58878.
o  log the correct port with TLS connections.  fixes PR#59644.
o  fix use-after-free, double-free, and bounds checking problems.
   from shm.
o  better lint support.
o  several updates for the manual.  from lukem.
add D Bohdan to the contributors list.


To generate a diff of this commit:
cvs rdiff -u -r1.56 -r1.56.4.1 src/libexec/httpd/CHANGES
cvs rdiff -u -r1.28 -r1.28.4.1 src/libexec/httpd/auth-bozo.c
cvs rdiff -u -r1.100 -r1.100.2.1 src/libexec/httpd/bozohttpd.8
cvs rdiff -u -r1.149 -r1.149.2.1 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.73 -r1.73.6.1 src/libexec/httpd/bozohttpd.h
cvs rdiff -u -r1.22 -r1.22.10.1 src/libexec/httpd/daemon-bozo.c
cvs rdiff -u -r1.15 -r1.15.24.1 src/libexec/httpd/lua-bozo.c
cvs rdiff -u -r1.34 -r1.34.4.1 src/libexec/httpd/ssl-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: [netbsd-11] src
Previous by Thread: CVS commit: [netbsd-11] src
Indexes:

Home | Main Index | Thread Index | Old Index