Received: by mail.netbsd.org (Postfix, from userid 605)
	id 6B0EC84E5F; Fri, 23 Nov 2018 21:30:29 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by mail.netbsd.org (Postfix) with ESMTP id 583C584C8D
	for <pkgsrc-changes@NetBSD.org>; Fri, 23 Nov 2018 21:30:28 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([127.0.0.1])
	by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025)
	with ESMTP id agZ_s4s33pii for <pkgsrc-changes@netbsd.org>;
	Fri, 23 Nov 2018 21:30:27 +0000 (UTC)
Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197])
	by mail.netbsd.org (Postfix) with ESMTP id 5CEB684EA7
	for <pkgsrc-changes@NetBSD.org>; Fri, 23 Nov 2018 21:30:27 +0000 (UTC)
Received: by cvs.NetBSD.org (Postfix, from userid 500)
	id 3F5E5FB1F; Fri, 23 Nov 2018 21:30:27 +0000 (UTC)
Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_1543008627234430"
MIME-Version: 1.0
Date: Fri, 23 Nov 2018 21:30:27 +0000
From: "matthew green" <mrg@netbsd.org>
Subject: CVS commit: pkgsrc/www/bozohttpd
To: pkgsrc-changes@NetBSD.org
Reply-To: mrg@netbsd.org
X-Mailer: log_accum
Message-Id: <20181123213027.3F5E5FB1F@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
List-Id: pkgsrc-changes.NetBSD.org
Precedence: bulk
List-Unsubscribe: <mailto:majordomo@NetBSD.org?subject=Unsubscribe%20pkgsrc-changes&body=unsubscribe%20pkgsrc-changes>

This is a multi-part message in MIME format.

--_----------=_1543008627234430
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	mrg
Date:		Fri Nov 23 21:30:27 UTC 2018

Modified Files:
	pkgsrc/www/bozohttpd: Makefile distinfo
Added Files:
	pkgsrc/www/bozohttpd/patches: patch-auth-bozo.c
Removed Files:
	pkgsrc/www/bozohttpd/patches: patch-aa patch-bozohttpd.c

Log Message:
update to bozohttpd 20181123.  changes include:

o  add url remap support via .bzremap file, from martin@netbsd.org
o  handle redirections for any protocol, not just http:
o  fix a denial of service attack against header contents, which
   is now bounded at 16KiB.  reported by JP
o  reduce default timeouts, and add expand timeouts to handle the
   initial line, each header, and the total time spent
o  add -T option to expose new timeout settings
o  minor RFC fixes related to timeout handling
o  fix special file (.htpasswd, .bz*) bypass.  reported by JP.

anyone using .htpasswd files should update ASAP.


To generate a diff of this commit:
cvs rdiff -u -r1.88 -r1.89 pkgsrc/www/bozohttpd/Makefile
cvs rdiff -u -r1.67 -r1.68 pkgsrc/www/bozohttpd/distinfo
cvs rdiff -u -r1.19 -r0 pkgsrc/www/bozohttpd/patches/patch-aa
cvs rdiff -u -r0 -r1.1 pkgsrc/www/bozohttpd/patches/patch-auth-bozo.c
cvs rdiff -u -r1.4 -r0 pkgsrc/www/bozohttpd/patches/patch-bozohttpd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_1543008627234430
Content-Disposition: inline
Content-Length: 2937
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/www/bozohttpd/Makefile
diff -u pkgsrc/www/bozohttpd/Makefile:1.88 pkgsrc/www/bozohttpd/Makefile:1.89
--- pkgsrc/www/bozohttpd/Makefile:1.88	Sun Feb  5 13:32:16 2017
+++ pkgsrc/www/bozohttpd/Makefile	Fri Nov 23 21:30:26 2018
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.88 2017/02/05 13:32:16 leot Exp $
+# $NetBSD: Makefile,v 1.89 2018/11/23 21:30:26 mrg Exp $
 #
 
-DISTNAME=	bozohttpd-20170201
-PKGREVISION=	1
+DISTNAME=	bozohttpd-20181123
 CATEGORIES=	www
 MASTER_SITES=	${MASTER_SITE_LOCAL}
 EXTRACT_SUFX=	.tar.bz2

Index: pkgsrc/www/bozohttpd/distinfo
diff -u pkgsrc/www/bozohttpd/distinfo:1.67 pkgsrc/www/bozohttpd/distinfo:1.68
--- pkgsrc/www/bozohttpd/distinfo:1.67	Sun Feb  5 13:32:16 2017
+++ pkgsrc/www/bozohttpd/distinfo	Fri Nov 23 21:30:26 2018
@@ -1,10 +1,9 @@
-$NetBSD: distinfo,v 1.67 2017/02/05 13:32:16 leot Exp $
+$NetBSD: distinfo,v 1.68 2018/11/23 21:30:26 mrg Exp $
 
-SHA1 (bozohttpd-20170201.tar.bz2) = 725f1a4d1f8782126079608b479cf196ccb5e1d6
-RMD160 (bozohttpd-20170201.tar.bz2) = e1605eeb335896cf099cfd2eabd011fb9277e918
-SHA512 (bozohttpd-20170201.tar.bz2) = f8fba17a454b3825bf0562072bf0acf5890639d83e3bc5c6b7e87f13860d37a3dfc3fd155bd9873d5201b85f31185b24677c22db1cb303fd556f22afa8b7895e
-Size (bozohttpd-20170201.tar.bz2) = 55730 bytes
-SHA1 (patch-aa) = 2e70d3d10aa8bc228331cc1a229ef04106aca210
+SHA1 (bozohttpd-20181123.tar.bz2) = 1f79b928d918ef2c2b25f5d3be0e0339f9cf4c3e
+RMD160 (bozohttpd-20181123.tar.bz2) = 8df5e75a967cf171c859e41a5519c6a9eba91c47
+SHA512 (bozohttpd-20181123.tar.bz2) = 322ab15ee190d08c2371d2f9106d2bd4e3d37f4c630d53f67587218e71d4c13ca7ad54e2e6aadf0b19dd320bc78c671e8b19d9afcf3e740e67efa1b1aad637d2
+Size (bozohttpd-20181123.tar.bz2) = 58992 bytes
 SHA1 (patch-ab) = a1a56a188084440ab907995c7728e435961c5fbd
-SHA1 (patch-bozohttpd.c) = d9b38dab98910f6f372bffd3a472a2c73c79c4a3
+SHA1 (patch-auth-bozo.c) = fb3fa40bee34d156cf91d615d905bb908eb70e4d
 SHA1 (patch-cgi-bozo.c) = 420f981575d7fa1a96ac7049116b9bf64de719df

Added files:

Index: pkgsrc/www/bozohttpd/patches/patch-auth-bozo.c
diff -u /dev/null pkgsrc/www/bozohttpd/patches/patch-auth-bozo.c:1.1
--- /dev/null	Fri Nov 23 21:30:27 2018
+++ pkgsrc/www/bozohttpd/patches/patch-auth-bozo.c	Fri Nov 23 21:30:27 2018
@@ -0,0 +1,24 @@
+$NetBSD: patch-auth-bozo.c,v 1.1 2018/11/23 21:30:27 mrg Exp $
+
+--- auth-bozo.c.orig	2018-11-23 13:10:04.000000000 -0800
++++ auth-bozo.c	2018-11-23 13:15:02.729491334 -0800
+@@ -40,6 +40,10 @@
+ #include <stdlib.h>
+ #include <unistd.h>
+ 
++#ifndef NO_SSL_SUPPORT
++#include <openssl/des.h>
++#endif
++
+ #include "bozohttpd.h"
+ 
+ static	ssize_t	base64_decode(const unsigned char *, size_t,
+@@ -101,7 +105,7 @@
+ 			    request->hr_authpass));
+ 			if (strcmp(request->hr_authuser, user) != 0)
+ 				continue;
+-			if (strcmp(crypt(request->hr_authpass, pass),
++			if (strcmp(DES_crypt(request->hr_authpass, pass),
+ 					pass) != 0)
+ 				break;
+ 			fclose(fp);


--_----------=_1543008627234430--