~lastrosade/jsthttpd

2845bf5b — Anthony G. Basile 3 years ago v2.27.1
Merge pull request #4 from alpire/master

src/libhttpd.c: fix heap buffer overflow in de_dotdot
c0dc63a4 — Alexandre Rebert 3 years ago
Fix heap buffer overflow in de_dotdot
7e157611 — Anthony G. Basile 4 years ago
Merge pull request #1 from mmcco/master

Clean up free() calls
27d5f19c — Michael McConville 5 years ago
Clean up free() calls
aa3f36c0 — Anthony G. Basile 5 years ago
src/{lib,t}httpd.c: use memmove() over strcpy()

This patch is currently being included in OpenSUSE.  See

https://build.opensuse.org/package/view_file/server:http/thttpd/thttpd-2.25b-strcpy.patch?expand=1

Suggested by Marcos Mello <marcosfrm@gmail.com>.

X-sthttpd-Bug: 8
X-sthttpd-Bug-URL: http://opensource.dyc.edu/bugzilla3/show_bug.cgi?id=8

Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
bd2ea55b — Anthony G. Basile 5 years ago
src/version.h: switch server name to sthttpd and date to DDmmmYYYY

X-sthttpd-Bug: 7
X-sthttpd-Bug-URL: http://opensource.dyc.edu/bugzilla3/show_bug.cgi?id=7

Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
7d214e7b — Marcos Mello 5 years ago
src/libhttpd.c: defines must happen after thttpd.h and version.h includes

X-sthttpd-Bug: 5
X-sthttpd-Bug-URL: http://opensource.dyc.edu/bugzilla3/show_bug.cgi?id=5

Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
65ed2e7e — Marcos Mello 5 years ago
configure.ac: fix hstrerror check.

X-sthttpd-Bug: 6
X-sthttpd-Bug-URL: http://opensource.dyc.edu/bugzilla3/show_bug.cgi?id=6

Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
dcc0f4d2 — Anthony G. Basile 5 years ago
README.md: Fixup format

Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
8c75cc16 — Anthony G. Basile 5 years ago
README.md: updated

Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
773a8b2e — Anthony G. Basile 5 years ago
Add .travis.yml

Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
a1c5b3c3 — Anthony G. Basile 6 years ago
configure.ac: bump to 2.27.0

Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
9d69a2d5 — Jean-Philippe Ouellet 6 years ago
extras/htpasswd.c: remove unused argument in fprintf

Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
f263bb1d — Jean-Philippe Ouellet 6 years ago
src/libhttpd.c: size_t wants %zu, not %d

Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
e2a23875 — Anthony G. Basile 6 years ago
extras/Makefile.am: fix 'make distcheck'

Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
14c53528 — Anthony G. Basile 6 years ago
.gitignore: ignore all generate files

Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
a5568c27 — Anthony G. Basile 6 years ago
Fix white spaces

Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
a1843e5f — Bob Tennent 6 years ago
Correct headers for .svgz content

X-sthttpd-Bug: 3
X-sthttpd-Bug-URL: http://opensource.dyc.edu/bugzilla3/show_bug.cgi?id=3

Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
32540107 — Michael Mair-Keimberger 7 years ago
configure.ac: use the env variable for ar

This replaces 'AR = ar' with 'AR = @@AR@@' in Makefile.in so that
the environment value of ar found by AC_CHECK_TOOL is used.  This
is important for cross compiling.

X-gentoo-Bug: 462758
X-gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=462758

Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
7f9eabdd — Vitezslav Cizek 7 years ago
Fix possible DOS on specially crafted .htpasswd, CVE-2012-5640

A local attacker with the ability to alter .htpasswd files could
cause a Denial of Service in thttpd by specially-crafting them,
with for exampe:

$ echo 'foo:$2a$a875CeSLbja8w' >> .htpasswd

Authenticating then triggers a seg fault in thttpd.

X-opensuse-Bug: 783165
X-opensuse-Bug-URL: https://bugzilla.novell.com/show_bug.cgi?id=783165
Reported-by:  Matthias Weckbecker <mweckbecker@suse.com>
Patch-by: Vitezslav Cizek <vcizek@suse.com>
Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
d2e186db — Anthony G. Basile 7 years ago
src/thttpd.c: Fix world readable log, CVE-2013-0348.

Make sure that the logfile is created or reopened as read/write
by thttpd user only.

X-gentoo-Bug: 458896
X-gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=458896
Reported-by:  Agostino Sarubbo <ago@gentoo.org>
Signed-off-by: Anthony G. Basile <basile@opensource.dyc.edu>
Next