![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / pkgsrc / www / thttpd
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
www: align variable assignments pkglint -Wall -F --only aligned --only indent -r Manually excluded phraseanet since pkglint got the indentation wrong.
all: replace SUBST_SED with the simpler SUBST_VARS pkglint -Wall -r --only "substitution command" -F With manual review and indentation fixes since pkglint doesn't get that part correct in every case.
www/thttpd: acme.com now supports TLS. No distfiles change.
www/thttpd: Update to 2.29. Changes: * Allow CGI to handle HTTP methods besides GET/HEAD/POST.
*: Move SUBST_STAGE from post-patch to pre-configure Performing substitutions during post-patch breaks tools such as mkpatches, making it very difficult to regenerate correct patches after making changes, and often leading to substituted string replacements being committed.
Pullup ticket #5754 - requested by wiz
www/thttpd: security fix
Revisions pulled up:
- www/thttpd/Makefile 1.48
- www/thttpd/distinfo 1.18
---
Module Name: pkgsrc
Committed By: wiz
Date: Mon May 7 07:01:37 UTC 2018
Modified Files:
pkgsrc/www/thttpd: Makefile distinfo
Log Message:
thttpd: update to 2.28.
From nia in PR 53266.
New in version 2.28:
Improvements to the FreeBSD startup script. (Craig Leres)
Minor portability tweak in mmc.c.
Fix to buffer overrun bug in htpasswd. Reported by Alessio Santoru as CVE-2017-17663.
New in version 2.27:
Stats syslogs changed from LOG_INFO to LOG_NOTICE.
Use memmove() for self-overlapping string copies instead of strcpy().
Couple of subroutine name changes for consistency.
thttpd: update to 2.28.
From nia in PR 53266.
New in version 2.28:
Improvements to the FreeBSD startup script. (Craig Leres)
Minor portability tweak in mmc.c.
Fix to buffer overrun bug in htpasswd. Reported by Alessio Santoru as CVE-2017-17663.
New in version 2.27:
Stats syslogs changed from LOG_INFO to LOG_NOTICE.
Use memmove() for self-overlapping string copies instead of strcpy().
Couple of subroutine name changes for consistency.
Replaced $(ROUND) with ${CURLY} variable references.
This has been a pkglint warning for several years now, and pkglint can even
fix it automatically. And it did for this commit.
Only in lang/mercury, two passes of autofixing were necessary because there
were nested variables.
Update www/thttpd to 2.26. Changes from previous: ---------------------- - Ignore ECONNABORTED on accept(). - Correctly implemented the config-file option change from "nosymlink" to "nosymlinkcheck", which was supposedly done in version 2.24. - Removed mailto: link from default index page. - Allow CGIs to provide both Location and Status headers. (A. Skrobov) - Better logic for figuring out CGI SERVER_NAME environment variable. (Oleg) - Updated for clang, and general cleanup.
Set INSTALLATION_DIRS properly. Fixes installation on at least SunOS.
Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.
Rename internal "getline" to unbreak build on NetBSD. Support staged installation.
Convert packages that test and use USE_INET6 to use the options framework and to support the "inet6" option instead. Remaining usage of USE_INET6 was solely for the benefit of the scripts that generate the README.html files. Replace: BUILD_DEFS+= USE_INET6 with BUILD_DEFS+= IPV6_READY and teach the README-generation tools to look for that instead. This nukes USE_INET6 from pkgsrc proper. We leave a tiny bit of code to continue to support USE_INET6 for pkgsrc-wip until it has been nuked from there as well.
MAKE_JOBS_SAFE=no, reported in PR 36441.
Reset maintainer: Name service error for name=ethmoid.org type=MX: Host not found, try again
Rename "SITES_* to "SITES.*" for file-specific lists of sites from which to fetch the file. This completes the renaming described in revision 1.1799 of bsd.pkg.mk.
Use SUBST framework.
Remove USE_PKGINSTALL from pkgsrc now that mk/install/pkginstall.mk automatically detects whether we want the pkginstall machinery to be used by the package Makefile.
Reference sitedrivenby.gif from the DIST_SUBDIR where it is. Previous this package failed to 'make install'.
Bumped PKGREVISION because of the recent change to patch-af.
Fixed pkglint warning: - WARN: Makefile:9: PKGNAME should not be used in DIST_SUBDIR, as it sometimes includes the PKGREVISION. Please use PKGNAME_NOREV instead. Noted by Geert Hendrickx on tech-pkg.
Pullup ticket 927 - requested by Adrian Portelli security fix for thttpd Revisions pulled up: - pkgsrc/www/thttpd/Makefile 1.33 - pkgsrc/www/thttpd/distinfo 1.12 - pkgsrc/www/thttpd/patches/patch-ag 1.3 Module Name: pkgsrc Committed By: adrianp Date: Sat Nov 26 10:02:37 UTC 2005 Modified Files: pkgsrc/www/thttpd: Makefile distinfo Added Files: pkgsrc/www/thttpd/patches: patch-ag Log Message: Bump to thttpd-2.25bnb4 to address a security issue: http://secunia.com/advisories/17454/
Bump to thttpd-2.25bnb4 to address a security issue: http://secunia.com/advisories/17454/
Pullup tickets 699 and 700 - requested by Quentin Garnier distfile update for thttpd Revisions pulled up: - pkgsrc/www/thttpd/Makefile 1.31, 1.32 - pkgsrc/www/thttpd/distinfo 1.10, 1.11 - pkgsrc/www/thttpd/patches/patch-ad 1.4 Module Name: pkgsrc Committed By: cube Date: Fri Aug 19 07:30:51 UTC 2005 Modified Files: pkgsrc/www/thttpd: Makefile distinfo pkgsrc/www/thttpd/patches: patch-ad Log Message: The thttpd tarball has changed (the e-mail address of the author was changed all through it). While there, make the package correctly fetch the NetBSD logo. Bump PKGREVISION, and after that I'll delete the copy ftp.netbsd.org currently has. The tarball change doesn't happen often enough for this package to justify the use of DIST_SUBDIR (and that avoids the hairy problem of sharing the sitedrivenby.gif file). PR#30641 by Jared Momose. --- Module Name: pkgsrc Committed By: cube Date: Fri Aug 19 13:38:58 UTC 2005 Modified Files: pkgsrc/www/thttpd: Makefile distinfo Log Message: Do the DIST_SUBDIR dance because of already-downloaded files. *Sigh* Pointed out by Thomas Klausner and Jeremy C. Reed.
Do the DIST_SUBDIR dance because of already-downloaded files. *Sigh* Pointed out by Thomas Klausner and Jeremy C. Reed.
The thttpd tarball has changed (the e-mail address of the author was changed all through it). While there, make the package correctly fetch the NetBSD logo. Bump PKGREVISION, and after that I'll delete the copy ftp.netbsd.org currently has. The tarball change doesn't happen often enough for this package to justify the use of DIST_SUBDIR (and that avoids the hairy problem of sharing the sitedrivenby.gif file). PR#30641 by Jared Momose.
Remove USE_BUILDLINK3 and NO_BUILDLINK; these are no longer used.
The default location of the pkgsrc-installed rc.d scripts is now under share/examples/rc.d. The variable name already was named RCD_SCRIPTS_EXAMPLEDIR. This is from ideas from Greg Woods and others. Also bumped PKGREVISION for all packages using RCD_SCRIPTS mechanism (as requested by wiz).
Add patch from PR 25487 to disable mmap on old (1.5ish) NetBSD systems. Apply patch from PR 25488 to enable choosing the log facility for thttpd. Both based on patches from Michael Santos. Bump PKGREVISION to 1.
bl3ify and general touch-up
Update to 2.25b, provided by Michael Santos in PR pkg/24128.
Changes:
New in version 2.25b:
* Move fdwatch initialization before the chroot, so that
/dev/poll can work.
* Multiple fdwatch cleanups and fixes (Adam Zell).
New in version 2.25:
* Prohibit "Host: ." and "Host: .." (David Leadbeater).
* Don't free memory prematurely on SIGUSR1 (A.D.F.).
* Use the specified charset in directory listings and errors
(Jonas Ohlsson).
* Lowered THROTTLE_TIME from 60 seconds to 2 seconds, plus more
aggressive computation of sending rate, to improve throttle
reaction time (E Frank Ball).
* Added code to redistribute the throttled bandwidth fairly among
the currently sending connections.
* Some more throttling changes that smooth things out a lot.
* Added an experimental limitation on the number of simultaneous CGIs.
* Chown the log file when starting as root, so that it can later be
re-opened when running as nobody (or whatever user you configure).
Also tweak the logfile pathname so that it still works inside a
chroot tree.
* Make sure URL paths begin with a slash.
* Generate multiple MIME encodings in the correct order, and with the
correct separator.
* Ignore EINTR on read() and write().
* Fix error in httpd_read_fully() and httpd_write_fully() that could
cause incorrect data to be read or written (Daniel Jensen).
* Don't attempt to double-free a file descriptor if a connection times
out while it is paused for throttling.
* Save and restore errno in signal handlers.
* The non-local referer check is no longer fooled by URLs with query
strings.
* Simplified handling of HAVE_INT64T (Trisk). If this causes problems,
e.g. if there are still systems which don't have "long long", we can
back out the change.
* Keep a list of free connection structs, instead of doing linear search
to find a free one (Adam Zell).
* Added config.h option FLUSH_LOG_EVERY_TIME - if it's turned off, the
log does not get fflushed after each request (Adam Zell).
* Multiple robustness improvements to the fdwatch module (Adam Zell).
* Added /dev/poll support to fdwatch (Adam Zell).
* Automatically add no-cache control header on error responses.
Update to 2.24. Closes PR pkg/22198 (fix was integratedin that version).
New in version 2.24:
* Added a bunch of MIME types.
* Fix minor problem with returning unknown protocol on some errors.
* Changed the config-file option for diabling symlink checking from "nosymlink" to "nosymlinkcheck" to make its function clearer.
* Allow blank lines in the config file.
* Handle more than one SIGHUP and SIGUSR2 (Cameron Gregory).
* Slight change to handle_newconnect() to better deal with unexpected errors from accept(), such as running out of file descriptors (Alex Keahan).
* Added optional minimum rate to throttles.
* Stats syslog messages downgraded from LOG_NOTICE to LOG_INFO.
* Use unsigned short consistently for port number.
* Prohibit slashes in the Host: header (Marcus Breiing).
* Added a -dd data_dir flag and corresponding config-file option.
* Got rid of the old timer-based zombie process reaper, replacing it with a SIGCHLD handler.
* Changed the idle connection checking from using a separate timer for each connection to using a single timer that checks all active connections.
* Correction to missing-slash directory redirect with query string.
* Added a watchdog alarm handler that forces a core dump if thttpd stops running its timers for too long.
* Don't send Content-Length header on 304 Not Modified responses.
* Allow user-agent log entries to be up to 200 characters long, instead only of 80.
* Fixed buffer overflow bug in defang().
* Re-arranged the order of calling de_dotdot() so that it doesn't get applied to query strings.
* Some fixes for the syslogtocern script (paul fox).
* Changed configure script to use "gcc -dumpversion" instead of "gcc --version" (Ed Goforth).
* Changed most uses of \r and \n to \015 and \012 (Jens Bauer).
* In ssi.c, lack of PATH_INFO is now non-fatal (David Phillips).
* Some improvements to fdwatch (David Burgess).
Fix a buffer overflow reported in PR 22863 by Ross Patterson. Bump PKGREVISION.
COMMENT should start with a capital letter.
Instead of including bsd.pkg.install.mk directly in a package Makefile, have it be automatically included by bsd.pkg.mk if USE_PKGINSTALL is set to "YES". This enforces the requirement that bsd.pkg.install.mk be included at the end of a package Makefile. Idea suggested by Julio M. Merino Vidal <jmmv at menta.net>.
Take advantage of the auto-generation and installation of rc.d scripts.
Merge from pkgsrc-current to buildlink2 branch.
pkglint silencing.
Update to 2.23beta1, as requested in pkg/17251 by Oliver Tonnhofer. Changes since 2.21b: * Added some Microsoft MIME types (Kevin Day). * Switch htpasswd from using tmpnam to mkstemp. * Rewrote figure_mime() to do binary search. * Removed the x- from gzip and compress in mime_encodings.txt. * Added rudimentary option to set cache-control headers. * Simplified the IPv6 ifdefs. * Allow filenames with ? in them (Cameron Gregory). * Some improvements to the mmap cache - added a "panic mode" if you run out of address space, added DESIRED_MAX_MAPPED_BYTES config.h option. * Lowered OCCASIONAL_TIME from five minutes to two minutes. * Fix CGI variable AUTH_TYPE (Alexandre CHERIF). * Split clear_connection() into two routines, one which sends a possible buffered response and the other which ignores such (David Burgess). * Remove /./ in de_dotdot() (Dana Dahlstrom). * Shortened LINGER_TIME from two seconds to half a second. * Changed some write() calls to httpd_write_fully(), as suggested by Neale Pickett. * Changed the non-mmap() read() call in mmc.c to httpd_read_fully(), as suggested by Cameron Gregory. * Added an madvise(MADV_SEQUENTIAL) call in mmc.c. * Added .xhtml and .xht to mime_types.txt (suggested by Dave Hodder). * Added index.xhtml and index.xht to INDEX_NAMES (suggested by Dave Hodder). * Got rid of the custom-jiggered syslog.c, now we just use the standard system version. Also added a paragraph in the man page about the syslogd flags needed to make syslogging work from inside a chroot tree. * Added some OpenOffice MIME types (Dave Hodder). * Lowered the default DESIRED_MAX_MAPPED_FILES from 2000 to 1000. * Set up accept filters after listen() (Kris Spinka). * Preserve query string when doing a missing-slash directory redirect. * Special-case logging to '-' as stdout (Matt Armstrong). * Added -s to usage line (Pavel JanÃk). * Fix for security hole that exposed contents of .htpasswd in some cases (noticed by zeno@cgisecurity.com). * Allow (and ignore) extra fields in .htpasswd files. * Added some calls to shutdown() in strategic places. * Added a timer-kill of the CGI interpose input and output process. These processes also now close the listen fd(s). * Fixed rare file descriptor leak, when we get an unknown sockaddr family (George Schlossnagle). * Put virtual hostname in non-local referer syslog (Craig Leres). * Added a P3P server privacy header setting (Henrik Schack Jensen). And lots of other bug fixes.
don't change .htpasswd into .thtpasswd
bsd.pkg.install.mk calls the INSTALL script at the right times automatically, so no need to do it ourselves.
PKG_SYSCONFDIR is where the configuration files for a package may be found.
This value may be customized in various ways:
PKG_SYSCONFBASE is the main config directory under which all package
configuration files are to be found.
PKG_SYSCONFSUBDIR is the subdirectory of PKG_SYSCONFBASE under which the
configuration files for a particular package may be found.
PKG_SYSCONFDIR.${PKGBASE} overrides the value of ${PKG_SYSCONFDIR} for a
particular package.
Users will typically want to set PKG_SYSCONFBASE to /etc, or accept the
default location of ${PREFIX}/etc.
This obsoletes the use of CONFDIR, which was active for only 6 days, so no
need to have a workaround to still accept old CONFDIR settings.
RCD_SCRIPTS now just lists the filenames (see bsd.pkg.install.mk).
Adapt to use shared INSTALL/DEINSTALL scripts by using the logic in bsd.pkg.install.mk: * Remove old DEINSTALL/INSTALL scripts. * Move some text printed at POST-INSTALL time into the MESSAGE file. * Adjust rc.d scripts to respect rc.conf settings, so that the script may be directly copied into /etc/rc.d.
In package Makefiles, create FILES_SUBST instead of duplicating sed
expression for substituting in DEINSTALL/INSTALL scripts. Use "${CMP} -s"
instead of "diff -q" since the former is more portable across OSes.
Update to 2.21b, as requested in pkg/13144 by Wolfgang Rupprecht. Changes: Lots of bugfixes (lingering-close problem, USR1 handling, off-by-1 in base64 decoding and others), throttling syslog, tuned throttling, improvements on mmap cache, etc. See http://www.acme.com/software/thttpd/#releasenotes
Update to new COMMENT style: COMMENT var in Makefile instead of pkg/COMMENT.
Honor CFLAGS passed in from environment during build. Improve the INSTALL script and add a DEINSTALL script in handling the config file.
upgrade to 2.20b. main purpose for this upgrade is security fix.
---
New in version 2.20b:
* Corrected version of Marcel Telka's ssi fix. My bad.
New in version 2.20:
* Performance improvements to the timer package via hashing, and
double-linking / sorting the lists. Partially based on a suggestion by
Michal Ostrowski.
* Performance improvement to the mmap cache package, from Evan Jones.
* Minor Linux fix for open files limit, from Jordan Ritter.
* Fix for null ClientData, which picky compilers didn't like.
* Unknown sockaddr type becomes a non-fatal error, preventing a DOS attack.
* Close extraneous file descriptors on CGI calls - from Russell Dill.
* Security fixes for the external ssi program, from ghandi@dopesquad.net and
Wolfgang Rupprecht.
* Fix to make the ssi program elide the HTML comment sequence, from Marcel
Telka.
* Red Hat packaging updates from Bennett Todd.
* Throttling fix from Tom Pavel.
Install rc.d control script as "foo" instead of "foo.sh" to comply with how NetBSD's rc.d system interprets script names. Also add appropriate REQUIRE and PROVIDE sections to allow direct use in NetBSD's rc.d system.
Put files in ${PREFIX}/share/thttpd, not ${PREFIX}/share/www.
Update thttpd to 2.19. Changes from 2.16:
New in version 2.19:
* Added hack to prevent MSIE 5 from censoring error messages.
* Minor fix to handling of shouldn't-happen error in ls().
* IPv6/Linux fix from Tero Pelander.
* Documented the -D flag.
New in version 2.18:
* Fixed URL-encoding of high-bit characters - used in directory
listings.
* Made a few more characters come through verbatim instead of %-encoded.
* Couple of minor code cleanups.
* Added some MIME types to support WAP/WML.
* IPv6 fix.
* Made MIME text character-set an option, with iso-8859-1 the default.
New in version 2.17:
* A change in the way wildcard matching works - now a single * only
matches strings that don't include a slash. To match entire pathnames
including slashes you have to use **.
* On systems with IPv6, automatically bind to both v4 and v6 sockets.
* Slight change to non-local referer checking to handle older browsers.
* Tweaks to some of the error-403 syslog messages.
* Portability tweak for OSF/1.
* Portability tweak for IPv6 systems.
* Fix for ssi.c from Marcel Telka.
* Added charset=iso-8859-1 to text MIME types.
* Added wildcards to redirect.
* Changed symlinks/nosymlinks config options to symlink/nosymlink, to
conform to the man page (old style still accepted).
fix IPv6 build. upgrade 2.15 -> 2.16. changes from webpage: - More explicit error pages for 403 Forbidden. - New section in the manual page explaining how thttpd is picky about file permissions. - Couple of CGI tweaks from David Chaiken.
Update to V2.15.
Main reason: IPv6. Changes:
New in version 2.15:
* Use standard isxdigit macro instead of is_hexit routine.
* Portability fix for Debian, which lacks gai_strerror().
* Fix for .htpasswd authorization, broken by 2.14's custom error pages
change.
New in version 2.14:
* Fix to non-local referer code - it was trying to dereference a null
pointer under some circumstances.
* Fix to If-Modified-Since - some leap year problems.
* Rewrote match() - it was using a whole lot of CPU time for patterns
with lots of |'s, such as those used by the new non-local-referer
filtering.
* Fix to host lookup code for -h flag.
* Fix custom error pages to work with 401 Unauthorized.
* Removed unused variable.
New in version 2.13:
* Portability fix for fdwatch on systems with poll() but not select().
* Renamed nph-redirect to redirect, now that thttpd does header parsing.
* Always chdir to / after a chroot.
* Some minor de-linting changes.
* Revived code that closes stdin/stdout/stderr, after adding a fix in the
CGI code to prevent descriptors from getting screwed up.
* Bugfix for CGI header parsing - if the CGI was sending binary data
(e.g. images), the result could get truncated or corrupted.
* Disallow ".." listing of virtual host directory.
* Revised snprintf portability fix.
* Rearranged the hc initialization so it's all in one place.
* New IPv6 code from KIKUCHI Takahiro.
* New non-local referer filtering code from Craig Leres.
* New custom error pages code from Catalin Ionescu.
New in version 2.12:
* Better heuristic for deciding between select() and poll().
* Added Red Hat RPM spec file.
New in version 2.11:
* Use poll() instead of select() when favorable.
* Do lazy allocation of part of the connection data structure, to save on
memory now that we can have thousands of simultaneous connections.
* Some speed optimizations.
* Add HTTP_HOST to CGI environment.
* Bugfix for rare uninitialized variable.
New in version 2.10:
* Bugfix for CGI header parsing.
* Call setlogin() if it's available.
Update to thttpd 2.09, plus add 'sitedrivenby.gif'
Update "thttpd" package to version 2.05 using patches supplied by Michael Santos in PR pkg/8801. Chances since version 2.04: - New el-cheapo virtual hosting feature. - Assorted bug fixes - non-anchored wildcard matching, truncated CGI output, throttling, authorization cache, daemonization, date-header parsing. - Option to write pid to a file, re-open log file on SIGHUP. - Now looks for index files from a list, instead of only index.html. - Simple config file.
New "thttpd-2.04" package supplied by Michael Santos in PR pkg/7323: tiny/turbo/throttling HTTP server
Initial revision