Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. =================================================================== RCS file: /ftp/cvs/cvsroot/src/libexec/httpd/CHANGES,v rcsdiff: /ftp/cvs/cvsroot/src/libexec/httpd/CHANGES,v: warning: Unknown phrases like `commitid ...;' are present. retrieving revision 1.25.12.1 retrieving revision 1.26 diff -u -p -r1.25.12.1 -r1.26 --- src/libexec/httpd/CHANGES 2019/06/10 22:05:29 1.25.12.1 +++ src/libexec/httpd/CHANGES 2018/11/19 04:14:59 1.26 @@ -1,38 +1,10 @@ -$NetBSD: CHANGES,v 1.25.12.1 2019/06/10 22:05:29 christos Exp $ +$NetBSD: CHANGES,v 1.26 2018/11/19 04:14:59 mrg Exp $ -changes in bozohttpd 20190228: - o extend timeout facility to ssl and stop servers hanging forever - if the client never sends anything. reported by Steffen in netbsd - PR#50655. - o don't display special files in the directory index. they aren't - served, but links to them are generated. - o fix CGI '+' parameter handling, some error checking, and a double - free. from rajeev_v_pillai@yahoo.com - o more directory indexing clean up. from rajeev_v_pillai@yahoo.com - -changes in bozohttpd 20181215: - o fix .htpasswd bypass for authenticated users. reported by JP, - from leot@netbsd.org - o avoid possible null dereference when receiving a big request that - timeout. reported by maya@netbsd.org, from leot@netbsd.org - o fix handling of -T option, from leot@netbsd.org - o cleanups and portability improvements, from maya@netbsd.org - o change directory indexing to use html tables, from - rajeev_v_pillai@yahoo.com - -changes in bozohttpd 20181125: - o fixes for option parsing introduced in bozohttpd 20181123 - -changes in bozohttpd 20181121: +changes in bozohttpd 20181118: o add url remap support via .bzremap file, from martin@netbsd.org o handle redirections for any protocol, not just http: o fix a denial of service attack against header contents, which - is now bounded at 16KiB. reported by JP - o reduce default timeouts, and add expand timeouts to handle the - initial line, each header, and the total time spent - o add -T option to expose new timeout settings - o minor RFC fixes related to timeout handling - o fix special file (.htpasswd, .bz*) bypass. reported by JP + is now bounded at 16KiB. reported by JP. changes in bozohttpd 20170201: o fix an infinite loop in cgi processing @@ -117,7 +89,7 @@ changes in bozohttpd 20100617: changes in bozohttpd 20100509: o major rework and clean up of internal interfaces. move the main - program into main.c, the remaining parts are useable as library + program into main.c, the remaining parts are useable as library. add bindings for lua. by Alistair G. Crooks o fix http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566325 @@ -313,7 +285,7 @@ changes in bozohttpd 5.07 (20010610): - add many new content-types, now support most common ones changes in bozohttpd 5.06 (20000825): - - add IPv6 support from itojun@iijlab.net + - add IPv6 suppor from itojun@iijlab.net - man page fixes from jlam@netbsd.org changes in bozohttpd 5.05 (20000815):