ref: v2.27.1 jsthttpd/src d---------
2845bf5b — Anthony G. Basile 4 years ago v2.27.1
Merge pull request #4 from alpire/master

src/libhttpd.c: fix heap buffer overflow in de_dotdot
c0dc63a4 — Alexandre Rebert 4 years ago
Fix heap buffer overflow in de_dotdot
7e157611 — Anthony G. Basile 5 years ago
Merge pull request #1 from mmcco/master

Clean up free() calls
27d5f19c — Michael McConville 5 years ago
Clean up free() calls
aa3f36c0 — Anthony G. Basile 6 years ago
src/{lib,t}httpd.c: use memmove() over strcpy()

This patch is currently being included in OpenSUSE.  See


Suggested by Marcos Mello <marcosfrm@gmail.com>.

X-sthttpd-Bug: 8
X-sthttpd-Bug-URL: http://opensource.dyc.edu/bugzilla3/show_bug.cgi?id=8

Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
bd2ea55b — Anthony G. Basile 6 years ago
src/version.h: switch server name to sthttpd and date to DDmmmYYYY

X-sthttpd-Bug: 7
X-sthttpd-Bug-URL: http://opensource.dyc.edu/bugzilla3/show_bug.cgi?id=7

Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
7d214e7b — Marcos Mello 6 years ago
src/libhttpd.c: defines must happen after thttpd.h and version.h includes

X-sthttpd-Bug: 5
X-sthttpd-Bug-URL: http://opensource.dyc.edu/bugzilla3/show_bug.cgi?id=5

Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
a1c5b3c3 — Anthony G. Basile 7 years ago
configure.ac: bump to 2.27.0

Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
src/libhttpd.c: size_t wants %zu, not %d

Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
a5568c27 — Anthony G. Basile 7 years ago
Fix white spaces

Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
a1843e5f — Bob Tennent 7 years ago
Correct headers for .svgz content

X-sthttpd-Bug: 3
X-sthttpd-Bug-URL: http://opensource.dyc.edu/bugzilla3/show_bug.cgi?id=3

Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
7f9eabdd — Vitezslav Cizek 8 years ago
Fix possible DOS on specially crafted .htpasswd, CVE-2012-5640

A local attacker with the ability to alter .htpasswd files could
cause a Denial of Service in thttpd by specially-crafting them,
with for exampe:

$ echo 'foo:$2a$a875CeSLbja8w' >> .htpasswd

Authenticating then triggers a seg fault in thttpd.

X-opensuse-Bug: 783165
X-opensuse-Bug-URL: https://bugzilla.novell.com/show_bug.cgi?id=783165
Reported-by:  Matthias Weckbecker <mweckbecker@suse.com>
Patch-by: Vitezslav Cizek <vcizek@suse.com>
Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
d2e186db — Anthony G. Basile 8 years ago
src/thttpd.c: Fix world readable log, CVE-2013-0348.

Make sure that the logfile is created or reopened as read/write
by thttpd user only.

X-gentoo-Bug: 458896
X-gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=458896
Reported-by:  Agostino Sarubbo <ago@gentoo.org>
Signed-off-by: Anthony G. Basile <basile@opensource.dyc.edu>
50885022 — Anthony G. Basile 9 years ago
src/timers.c: Fix monotonic clock support on systems without librt

This patch replaces HAVE_LIBRT_MONO in favor of HAVE_CLOCK_MONO in
src/timers.c to provide monotonic clock support on systems without
librt such as OpenBSD.

X-sthttpd-Bug: 2
X-sthttpd-Bug-URL: http://opensource.dyc.edu/bugzilla3/show_bug.cgi?id=2
Reported-by: Brad Smith <brad@comstyle.com>
Signed-off-by: Anthony G. Basile <basile@opensource.dyc.edu>
cff1f394 — Anthony G. Basile 9 years ago
Restructure includes of <time.h> and <sys/time.h>

CLOCK_MONOTONIC is inherited from <bits/time.h> via <time.h>.
This was missing from src/timers.c which inherits a local header
"timers.h".  Including <time.h> in "timers.h" fixes the problem
but makes the inclusion of <time.h> and <sys/time.h> redundant
int libhttpd.c and thttpd.c.
93f9b143 — Anthony G. Basile 9 years ago
Beginning next major release
d76919c7 — Anthony G. Basile 9 years ago
Branch 2.26
4137ce3e — Anthony G. Basile 9 years ago
configure.ac: remove strerror and check hstrerror
978f9cc9 — Anthony G. Basile 9 years ago
Install www files below /www
cb9629d3 — Anthony G. Basile 9 years ago
build system: share headers and a convenience library