./www/bozohttpd, Bozotic HTTP server; small and secure

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 20220517, Package name: bozohttpd-20220517, Maintainer: mrg

bozohttpd is a small and secure HTTP version 1.1 server. Its main
feature is the lack of features, reducing the code size and improving
verifiability.

It supports CGI/1.1, HTTP/1.1, HTTP/1.0, HTTP/0.9, ~user translations,
virtual hosting support, as well as multiple IP-based servers on a
single machine. It is capable of servicing pages via the IPv6 protocol.
It has SSL support. It has no configuration file by design.


Required to run:
[security/openssl]

Required to build:
[pkgtools/cwrappers]

Package options: lua, ssl

Master sites: (Expand)

Filesize: 60.78 KB

Version history: (Expand)


CVS history: (Expand)


   2022-05-18 02:46:46 by matthew green | Files touched by this commit (2) | Package updated
Log message:
update to bozohttpd 20220517.  changes include:

o  remove obsolete .bzdirect handling.
o  new "-m tlsversion" option to set the minimum TLS version
   available.  partially from <sunil@nimmagadda.net>.
o  extend the list of available ciphers to include most of the
   openssl "HIGH" with some additional disables.  retain the current
   list of bad options.  should deal with PR#51278.
o  don't assume host BUFSIZ is sufficient.  small BUFSIZ leads to
   always happens errors in the testsuite.  switch all these buffers
   to be 4KiB sized.  reported by embr <git@liclac.eu>
o  fix a denial of service attack against initial request contents,
   now bounded at 16KiB.  reported by Justin Parrott in PR#56085
o  new support for content types: .tar.bz2, .tar.xz, .tar.lz,
   .tar.zst, .tbz2, .txz, .tlz, .zipx, .xz, .zst, .sz, .lz, .lzma,
   .lzo, .7z, .lzo, .cab, .dmg, .jar, and .rar.  should fix
   netbsd PR#56026:
   MIME type of .tar.xz file on ny{cdn,ftp}.NetBSD.org is invalid
o  fix various NULL derefs from malformed headers.  mostly from
   <emily@ingalls.rocks>.
o  fix memory leaks in library interface: add bozo_cleanup().
   2021-10-26 13:31:15 by Nia Alarie | Files touched by this commit (1030)
Log message:
www: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Not committed (merge conflicts):
www/nghttp2/distinfo

Unfetchable distfiles (almost certainly fetched conditionally...):
./www/nginx-devel/distinfo array-var-nginx-module-0.05.tar.gz
./www/nginx-devel/distinfo echo-nginx-module-0.62.tar.gz
./www/nginx-devel/distinfo encrypted-session-nginx-module-0.08.tar.gz
./www/nginx-devel/distinfo form-input-nginx-module-0.12.tar.gz
./www/nginx-devel/distinfo headers-more-nginx-module-0.33.tar.gz
./www/nginx-devel/distinfo lua-nginx-module-0.10.19.tar.gz
./www/nginx-devel/distinfo naxsi-1.3.tar.gz
./www/nginx-devel/distinfo nginx-dav-ext-module-3.0.0.tar.gz
./www/nginx-devel/distinfo nginx-rtmp-module-1.2.2.tar.gz
./www/nginx-devel/distinfo nginx_http_push_module-1.2.10.tar.gz
./www/nginx-devel/distinfo ngx_cache_purge-2.5.1.tar.gz
./www/nginx-devel/distinfo ngx_devel_kit-0.3.1.tar.gz
./www/nginx-devel/distinfo ngx_http_geoip2_module-3.3.tar.gz
./www/nginx-devel/distinfo njs-0.5.0.tar.gz
./www/nginx-devel/distinfo set-misc-nginx-module-0.32.tar.gz
./www/nginx/distinfo array-var-nginx-module-0.05.tar.gz
./www/nginx/distinfo echo-nginx-module-0.62.tar.gz
./www/nginx/distinfo encrypted-session-nginx-module-0.08.tar.gz
./www/nginx/distinfo form-input-nginx-module-0.12.tar.gz
./www/nginx/distinfo headers-more-nginx-module-0.33.tar.gz
./www/nginx/distinfo lua-nginx-module-0.10.19.tar.gz
./www/nginx/distinfo naxsi-1.3.tar.gz
./www/nginx/distinfo nginx-dav-ext-module-3.0.0.tar.gz
./www/nginx/distinfo nginx-rtmp-module-1.2.2.tar.gz
./www/nginx/distinfo nginx_http_push_module-1.2.10.tar.gz
./www/nginx/distinfo ngx_cache_purge-2.5.1.tar.gz
./www/nginx/distinfo ngx_devel_kit-0.3.1.tar.gz
./www/nginx/distinfo ngx_http_geoip2_module-3.3.tar.gz
./www/nginx/distinfo njs-0.5.0.tar.gz
./www/nginx/distinfo set-misc-nginx-module-0.32.tar.gz
   2021-10-07 17:09:00 by Nia Alarie | Files touched by this commit (1033)
Log message:
www: Remove SHA1 hashes for distfiles
   2021-06-06 15:38:43 by Nia Alarie | Files touched by this commit (2)
Log message:
bozohttpd: define LICENSE, add lua and ssl options, honor CFLAGS
   2021-03-03 11:09:13 by matthew green | Files touched by this commit (3) | Package updated
Log message:
update to bozohttpd 20210227.

changes in bozohttpd 20210227:
        o  new support for content types: .tar.bz2, .tar.xz, .tar.lz,
           .tar.zst, .tbz2, .txz, .tlz, .zipx, .xz, .zst, .sz, .lz, .lzma,
           .lzo, .7z, .lzo, .cab, .dmg, .jar, and .rar.  should fix
           netbsd PR#56026:
           MIME type of .tar.xz file on ny{cdn,ftp}.NetBSD.org is invalid

changes in bozohttpd 20210211:
        o  fix various NULL derefs from malformed headers.  mostly from
           <emily@ingalls.rocks>.
        o  fix memory leaks in library interface: add bozo_cleanup().
   2020-10-15 06:42:06 by matthew green | Files touched by this commit (4) | Package updated
Log message:
update to bozohttpd 20201014.  changes include:

        o  also set -D_GNU_SOURCE in Makefile.boot.  from
           hadrien.lacour@posteo.net.
        o  fix array size botch (assertion, not exploitable.)  from
           martin@netbsd.org.
        o  also match %2F as well as %2f.  from leah@vuxu.org.
        o  many manual and help fixes.  clean ups for higher lint levels,
           consistency/style clean ups.  various option fixes including made
           -f imply -b.  from <henrik@gulbra.net> for freebsd.
        o  add .m4a and .m4v file extensions.
        o  make this work on sun2 by reducing mmap window there.
        o  fix SSL shutdown sequence.  from spz@netbsd.org.
        o  add readme support to directory indexing.  from jmcneill@netbsd.org
        o  add blocklist(8) support.  from jruoho@netbsd.org.
   2020-01-18 22:51:16 by Jonathan Perkin | Files touched by this commit (1836)
Log message:
*: Recursive revision bump for openssl 1.1.1.
   2019-06-11 11:41:02 by matthew green | Files touched by this commit (2) | Package updated
Log message:
update to bozohttpd 20190228.  changes include:

o  extend timeout facility to ssl and stop servers hanging forever
   if the client never sends anything.  reported by Steffen in netbsd
   PR#50655.
o  don't display special files in the directory index.  they aren't
   served, but links to them are generated.
o  fix CGI '+' parameter handling, some error checking, and a double
   free.  from rajeev_v_pillai@yahoo.com
o  more directory indexing clean up.  from rajeev_v_pillai@yahoo.com