Module Name: src Committed By: martin Date: Mon Jan 12 10:02:30 UTC 2015
Modified Files: src/libexec/httpd [netbsd-7]: auth-bozo.c bozohttpd.8 bozohttpd.c bozohttpd.h content-bozo.c dir-index-bozo.c lua-bozo.c Log Message: Pull up following revision(s) (requested by mrg in ticket #408): libexec/httpd/content-bozo.c: revision 1.11 libexec/httpd/dir-index-bozo.c: revision 1.20 libexec/httpd/bozohttpd.h: revision 1.34 libexec/httpd/bozohttpd.c: revision 1.57 libexec/httpd/bozohttpd.8: revision 1.47 libexec/httpd/bozohttpd.c: revision 1.58 libexec/httpd/bozohttpd.8: revision 1.48 libexec/httpd/bozohttpd.c: revision 1.59 libexec/httpd/lua-bozo.c: revision 1.11 libexec/httpd/bozohttpd.c: revision 1.60 libexec/httpd/auth-bozo.c: revision 1.14 libexec/httpd/auth-bozo.c: revision 1.15 libexec/httpd/auth-bozo.c: revision 1.16 Update bozohttpd to 20141225: - NUL terminate a string. - don't truncate file sizes to 32 bits for directory indexes. - Fixed off-by-one in virtualhost processing. Previous code was checking if Host header is a prefix of any existing vhost. This behaviour might be used to uncover existing vitual hosts from the remote. - Fixed memory leak in case of multiple authentication headers sent by the client. - Avoid array access out of bounds. To generate a diff of this commit: cvs rdiff -u -r1.13 -r1.13.2.1 src/libexec/httpd/auth-bozo.c cvs rdiff -u -r1.46 -r1.46.4.1 src/libexec/httpd/bozohttpd.8 cvs rdiff -u -r1.56 -r1.56.2.1 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.33 -r1.33.2.1 src/libexec/httpd/bozohttpd.h cvs rdiff -u -r1.10 -r1.10.2.1 src/libexec/httpd/content-bozo.c \ src/libexec/httpd/lua-bozo.c cvs rdiff -u -r1.19 -r1.19.4.1 src/libexec/httpd/dir-index-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.