ChangeLog

2026-03-02 19:24  rsadowski

	* usr.sbin/httpd/: config.c, control.c, httpd.c, httpd.h, log.c,
	  log.h, logger.c, parse.y, proc.c, server.c, server_fcgi.c,
	  server_http.c: Standardize logging with bgpd

	  Tweak and OK claudio@

2026-02-28 09:36  rsadowski

	* usr.sbin/httpd/: httpd.h, server.c, server_http.c: remove empty
	  server_http_init

	  OK claudio

2026-02-27 20:32  bluhm

	* usr.bin/htpasswd/htpasswd.c: replace pledge "stdio rpath tmppath"
	  with unveil "/tmp" "rwc" to satisfy mktemp(3) type operations,
	  unveil "/" "r" for reading all over the tree, and pledge "stdio
	  rpath wpath cpath" to permit both unveils subject to their own
	  limitations.

	  pledge "rpath tmppath" is replace with unveil "/" "r", unveil
	  "/tmp" "rwc", and "rpath wpath cpath" from deraadt@; ok semarie

	  This was using pledge "tmppath" with "rpath wpath cpath".  The
	  "tmppath" is not needed.  from deraadt@; ok semarie and others

	  uses tmpfile(), which is why it used "tmppath", which is why it
	  now needs "rpath wpath cpath" from deraadt@; spotted by brynet

	  Instead of pledge "tmppath rpath", setup a "rwc" unveil on
	  "/tmp", a "r" unveil on "/", and then pledge "rpath wpath cpath".
	   from deraadt@; ok semarie and others

	  This is using pledge "tmppath" with "rpath wpath cpath".  The
	  "tmppath" is not needed.  from deraadt@; ok semarie and others

	  These programs are using pledge "tmppath" with "rpath wpath
	  cpath".  The "tmppath" is not needed.  from deraadt@; ok semarie
	  and others

	  Use unveil() instead of pledge "tmppath".  There is a bit of
	  bulldozering here to handle the many codeflows regarding output
	  files, and I hope ingo improves it later.  from deraadt@; Some
	  help with regression validation from job

	  nc(1) has the more crazy unveil + pledge configuration based upon
	  argument flags.  I think this correctly replaces "tmppath" with
	  an unveil.  from deraadt@

	  Since this program is "rpath wpath cpath", it does not need to
	  use "tmppath" from deraadt@; ok op

	  replace pledge "tmppath" with unveil "/tmp" "rwc" and "rpath
	  wpath cpath".  from deraadt@; ok ok

	  this is errata/7.7/021_tmppath.patch.sig

2026-02-27 20:31  bluhm

	* usr.bin/htpasswd/htpasswd.c: replace pledge "stdio rpath tmppath"
	  with unveil "/tmp" "rwc" to satisfy mktemp(3) type operations,
	  unveil "/" "r" for reading all over the tree, and pledge "stdio
	  rpath wpath cpath" to permit both unveils subject to their own
	  limitations.

	  pledge "rpath tmppath" is replace with unveil "/" "r", unveil
	  "/tmp" "rwc", and "rpath wpath cpath" from deraadt@; ok semarie

	  This was using pledge "tmppath" with "rpath wpath cpath".  The
	  "tmppath" is not needed.  from deraadt@; ok semarie and others

	  uses tmpfile(), which is why it used "tmppath", which is why it
	  now needs "rpath wpath cpath" from deraadt@; spotted by brynet

	  Instead of pledge "tmppath rpath", setup a "rwc" unveil on
	  "/tmp", a "r" unveil on "/", and then pledge "rpath wpath cpath".
	   from deraadt@; ok semarie and others

	  This is using pledge "tmppath" with "rpath wpath cpath".  The
	  "tmppath" is not needed.  from deraadt@; ok semarie and others

	  These programs are using pledge "tmppath" with "rpath wpath
	  cpath".  The "tmppath" is not needed.  from deraadt@; ok semarie
	  and others

	  Use unveil() instead of pledge "tmppath".  There is a bit of
	  bulldozering here to handle the many codeflows regarding output
	  files, and I hope ingo improves it later.  from deraadt@; Some
	  help with regression validation from job

	  nc(1) has the more crazy unveil + pledge configuration based upon
	  argument flags.  I think this correctly replaces "tmppath" with
	  an unveil.  from deraadt@

	  Since this program is "rpath wpath cpath", it does not need to
	  use "tmppath" from deraadt@; ok op

	  replace pledge "tmppath" with unveil "/tmp" "rwc" and "rpath
	  wpath cpath".  from deraadt@; ok ok

	  this is errata/7.8/015_tmppath.patch.sig

2026-02-26 19:49  claudio

	* usr.sbin/httpd/server_http.c: Error out  on presence of
	  Content-Length and Transfer-Encoding headers for GET, HEAD and
	  other methods that should have no body.

	  Ignoring the Content-Length header makes httpd vulnerable to HTTP
	  request smuggling. A crafted GET request may embed an extra HTTP
	  request which could bypass a proxy or WAF but then is handled by
	  httpd.

	  Remove the special case for TRACE and CONNECT in the
	  Content-Length handling. Move those checks into the method switch
	  at the end of the header parsing phase and by that also cover
	  more methods including GET and HEAD. If either header is present
	  simply abort the connection, nobody should send extra data along
	  GET and HEAD requests.

	  Add an an explicit HTTP_METHOD_TRACE case above the default case
	  to indicated that we deliberately don't handle TRACE requests.

	  This security vulnerability was found by Nicola Staller of SySS
	  GmbH.

	  With and OK rsadowski@ previous version also OK florian@

2026-02-18 15:23  deraadt

	* usr.bin/htpasswd/htpasswd.c: This is using pledge "tmppath" with
	  "rpath wpath cpath".	The "tmppath" is not needed.  ok semarie
	  and others

2026-02-02 13:44  bluhm

	* usr.sbin/httpd/server_http.c: In server_read_httpchunks() do not
	  blindly enable the bufferevent.

	  This leads to a use-after-free since the bev->readcb() call could
	  free the memory holding the bev right before the
	  bufferevent_enable() call.

	  Reported by Pontus Stenetorp.  from clauio@; OK florian@
	  rsadowski@

	  this is errata/7.7/019_httpd.patch.sig

2026-02-02 13:43  bluhm

	* usr.sbin/httpd/server_http.c: In server_read_httpchunks() do not
	  blindly enable the bufferevent.

	  This leads to a use-after-free since the bev->readcb() call could
	  free the memory holding the bev right before the
	  bufferevent_enable() call.

	  Reported by Pontus Stenetorp.  from clauio@; OK florian@
	  rsadowski@

	  this is errata/7.8/013_httpd.patch.sig

2026-02-02 13:37  claudio

	* usr.sbin/httpd/server_http.c: In server_read_httpchunks() do not
	  blindly enable the bufferevent.

	  This leads to a use-after-free since the bev->readcb() call could
	  free the memory holding the bev right before the
	  bufferevent_enable() call.

	  Reported by Pontus Stenetorp.  OK florian@ rsadowski@

2026-01-18 16:38  schwarze

	* usr.sbin/httpd/httpd.conf.5: Slightly iprove a confusing wording
	  in the parse.y manuals: The things that need quoting are not
	  necessarily "argument names", and not even necessarily "names" at
	  all, so just talk about "arguments".

	  "I guess?" florian@ and no objection from otto@, both back in
	  July 2025.

	  Actually, the quoting rules are more complicated than the text
	  makes believe, but i do not know how to better describe them.  It
	  may not be easy because some suspect the implementation may be
	  somewhat adhoc rather than based on cleary defined lexical rules.

2026-01-04 06:43  rsadowski

	* usr.sbin/httpd/config.c: validate return_uri_len before copying
	  data

	  Spotted by tb@, ok claudio

2026-01-02 08:45  rsadowski

	* usr.sbin/httpd/: httpd.c, server.c, server_fcgi.c: fix scan-build
	  dead stores findings

	  - httpd.c:533 – q assigned but immediately overwritten in the
	  loop - server.c:891 – inrd/inwr assigned, then reassigned,
	  never actually needed - server_fcgi.c:678,690 – kv result
	  unused

	  OK stsp@

2025-12-20 23:12  tb

	* usr.sbin/httpd/server_http.c: httpd: fix server_http_time() to
	  emit GMT times again

	  The HTTP standard RFC 9110 requires GMT, in HTTP-date. We used to
	  do this until a recent change to localtime.c changed GMT to UTC.

	  From Sören Tempel, ok sthen

2025-11-28 16:10  rsadowski

	* usr.sbin/httpd/: config.c, httpd.conf.5, httpd.h, parse.y,
	  server_fcgi.c, server_http.c: Add "no banner" option to suppress
	  Server header

	  Introduces a global and per-server "[no] banner" directive that
	  prevents httpd from sending the Server HTTP response header and
	  removes server identification from error documents. The
	  SERVER_SOFTWARE CGI environment variable remains set as required
	  by RFC 3875.

	  Diff by Lloyd (thanks), ok kirill@

2025-11-27 15:22  rsadowski

	* usr.sbin/httpd/httpd.h: Add missing GZIP_STATIC flag to
	  SRVFLAG_BITS macro

	  GZIP_STATIC flag at position \33 was missing from the debug
	  string.

	  Also correct the truncated PATH_REWRITE/NO_PATH_REWRITE flag
	  names.  The PATH_REWRITE and NO_PATH_REWRITE flag names were
	  truncated to PATH and NO_PATH in the SRVFLAG_BITS string
	  definition.

	  OK kirill@ deraadt@

2025-11-12 11:24  deraadt

	* usr.sbin/httpd/: config.c, httpd.c, parse.y: Systopia team at UBC
	  found 5 info leaks in the private privsep protocol between httpd
	  programs, and provided a fix.  ok claudio benno florian

2025-07-08 14:26  schwarze

	* usr.sbin/httpd/httpd.conf.5: Make internal hyperlinking work by
	  moving custom sections from .Sh to .Ss and the titles from all
	  caps to sentence case such that they match the table of contents,
	  and switch from .Sy to .Sx as needed.  OK florian@

2025-07-07 20:56  schwarze

	* usr.sbin/httpd/httpd.conf.5: In the manual pages for
	  configuration files based on parse.y, describe the syntax of both
	  defining and using macros, rather than exclusively relying on
	  examples, which some of the pages do not even provide.  In those
	  pages containing tables of content, also clarify that the
	  "Macros" section contains *definitions* of variables.  Both
	  changes were already committed to vm.conf(5) earlier.

	  In those few pages that referenced cpp(1) and m4(1), stop doing
	  that because the macro definition syntax and the macro
	  dereferencing syntax of both languages is totally different from
	  the parse.y syntax.

	  OK florian@, and deraadt also requests keeping these manuals in
	  sync.

2025-05-26 06:18  anton

	* regress/usr.sbin/httpd/patterns/patterns-tester.c: Remove by now
	  incorrect usage of malloc_options in httpd patterns regress. As
	  stated in bsd.regress.mk(5), one is advised favor the
	  MALLOC_OPTIONS environment variable.

2025-02-21 10:19  mbuhl

	* etc/examples/httpd.conf: Remove acme-challenge location from
	  HTTPS server configuration as RFC8555 8.3 explicitly states that
	  the challenge must be over HTTP.

	  From Lucas de Sena (lucas AT seninha.org), thanks!

	  ok sdk@

2024-12-22 13:51  florian

	* usr.sbin/httpd/server_http.c: Set correct request timeout once we
	  found the correct server block.

	  On accept(2), httpd(8) sets the timeout based on ip:port. Once we
	  have parsed the http headers we can find the name-based server
	  block and apply its request timeout.

	  Problem identified and fix from Nick Owens, thanks!

	  OK tb

2024-11-26 06:12  tb

	* share/mk/bsd.regress.mk: Pass -g to CFLAGS for regression testing

	  It is annoying to have a regress test crash and then be faced
	  with question marks in the backtrace, and then have to recompile
	  and pass -g via DEBUG or similar.

	  This may bite people with small obj/. Let's see if anyone shouts.

	  ok anton claudio

2024-11-21 13:38  claudio

	* usr.sbin/httpd/: control.c, proc.c: Convert various reyk proc.c
	  daemons over to new imsgbuf_init and imsgbuf_allow_fdpass.

	  OK tb@

2024-11-21 13:21  claudio

	* usr.sbin/httpd/: control.c, proc.c: Convert the common
	  imsgbuf_read calls to the post EAGAIN world.

	  OK tb@

2024-11-21 13:18  claudio

	* usr.sbin/httpd/proc.c: Use imsgbuf_queuelen() instead of
	  accessing the w.queue member.

	  OK tb@

2024-11-21 13:17  claudio

	* usr.sbin/httpd/control.c: Use imsgbuf_clear() where appropriate
	  instead of msgbuf_clear().

	  OK tb@

2024-11-21 13:17  claudio

	* usr.sbin/httpd/: control.c, proc.c: Rename imsg_init, imsg_clear,
	  imsg_read, imsg_write and imsg_flush to imsgbuf_init,
	  imsgbuf_clear, imsgbuf_read, imsgbuf_write and imsgbuf_flush.

	  This separates the imsgbuf API from the per-imsg API.

	  OK tb@

2024-11-21 13:16  claudio

	* usr.sbin/httpd/: control.c, proc.c: Convert imsg_write() callers
	  to the new simplified return logic.

	  OK tb@

2024-11-21 13:10  claudio

	* usr.sbin/httpd/: control.c, proc.c: Introduce imsg_write() and
	  use it instead of msgbuf_write().

	  imsg_write() is just a thin wrapper around msgbuf_write(). So
	  this is mostly search and replace.

	  OK tb@

2024-11-21 13:06  claudio

	* usr.sbin/httpd/proc.c: imsg_flush no longer returns EAGAIN.
	  Simplify proc_flush_imsg() accordingly.

	  Issue spotted by op@

2024-10-08 05:28  jsg

	* usr.sbin/httpd/httpd.h: remove unused struct

2024-06-14 15:12  bluhm

	* regress/usr.sbin/httpd/tests/funcs.pl: Replace deprecated
	  given/when and smartmatch operator in Perl scripts.

2024-06-03 14:46  op

	* usr.sbin/httpd/css.h.in: httpd: render "emojis" as text in
	  directory listing

	  The "up and down" character used in the directory listing is
	  technically an emoji and can, depending on the browser
	  configuration, be rendered in colors and whatnot.  set
	  `font-variant-emoji' to ask the browser to render it as text.
	  This property, as of now, needs to be enabled manually in some
	  browsers, but since it's part of the "CSS Fonts Module Level 4"
	  spec, support for it is expected to be implemented and turned on
	  "soon" in major browsers.

	  While here, remove the italic for directories.

	  Diff from Paul W. Rankin (hello (at) paulwrankin dot com) ok
	  claudio@

2024-04-29 16:17  florian

	* usr.sbin/httpd/server_file.c: plug fd leak introduced in "avoid
	  toctu" rewrite.

	  Issue reported by job OK tb, job

2024-04-16 17:15  florian

	* usr.sbin/httpd/server_file.c: Prevent toctu issues in static file
	  serving and auto index generation.

	  This fixes a problem in passing, reported by matthieu@ where
	  httpd would return 500 Internal Server Error when it could
	  stat(2) but not open(2) a file. The correct error code is 403.

	  testing matthieu ok tobhe, tl;dr ok stsp input & OK deraadt

2024-04-09 15:48  tobhe

	* usr.sbin/httpd/proc.c: Sync removal of setsid(), setpgid() and a
	  few dup2() from relayd. They are redundant since we call daemon()
	  earlier.

	  ok bluhm@

2024-04-08 12:45  tobhe

	* usr.sbin/httpd/: httpd.c, proc.c: Call daemon() only in parent
	  and before proc_exec() to avoid orphaning child processes. Synced
	  from relayd.

	  ok kn@

2024-03-24 10:53  job

	* usr.sbin/httpd/http.h: Sync with IANA Status Code Registry

	  From
	  https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml

	  OK sthen@ miod@

2024-02-13 14:00  claudio

	* usr.sbin/httpd/server_http.c: Stop logging misleading errors when
	  custom generic error pages are in use.

	  Only call the open(2) log_warn for errnos that are not ENOENT.
	  Since that is an error worth logging.

	  Based on a diff from Carsten Reith (carsten.reith t-online.de) OK
	  florian@ deraadt@

2024-01-22 19:26  deraadt

	* lib/libc/crypt/cryptutil.c: make login.conf(5) and
	  crypt_newhash(3) and the underlying code consistant regarding
	  bcrypt,a instead of blowfish,a.  "blowfish" is a historical alias
	  which we don't need to document as firmly as "bcrypt".  report
	  about difficult manual page discovery from ataraxia937 ok millert

2024-01-17 08:22  claudio

	* usr.sbin/httpd/: config.c, logger.c, proc.c: Convert to use
	  imsg_get_fd() since proc_forward_imsg() never forwards a file
	  descriptor just use -1 there.  OK tb@

2024-01-17 08:20  claudio

	* usr.sbin/httpd/config.c: Get all variable-length values for the
	  parent server before linking the server onto various list. Fixes
	  a use-after-free if former fails.  OK tb@

2024-01-06 11:29  espie

	* usr.sbin/httpd/: js.h.in, server_file.c: put the real sizes into
	  the "title" attribute so that hovering shows the exact value.

	  adjust/refactor javascript sorter accordingly

2024-01-04 18:17  espie

	* usr.sbin/httpd/: Makefile, css.h.in, js.h.in, server_file.c,
	  toheader.sed: make auto-index better - make it an actual table -
	  use "human readable sizes" for the file sizes - add some
	  decoration and javascript to be able to sort it per-column
	  (client side) (this means some extra column attribute) - add glue
	  to facilitate embedding js + css directly in the program - add
	  some graphical indication for directories - should still validate
	  as proper html everywhere (custom properties need to be called
	  data-* for this!)

	  Work with claudio@ and tb@, many thanks to claudio@ for some of
	  the finer points of css handling, and tb@ for some fine spaces
	  fixes.

	  I've tried it with lynx as well, shows up correctly.

	  One big plus is that the size of columns work as utf-8, so you
	  can expose filenames without any problems (I've tried it with
	  non-js text navigators as well as firefox, chromium and friends)

	  And it looks slightly less yahoo ca. 1995.

	  It's still "one size fits all". If people object to the current
	  look, adding httpd.conf(5) properties to override the default css
	  should be easy.

	  okay claudio@, tb@

2023-12-28 18:05  espie

	* usr.sbin/httpd/server_file.c: don't add values we won't print,
	  use scandir properly

	  okay tb@

	  (logic NOT simplified because I don't want to risk introducing
	  bugs, and the compiler knows as much boolean logic as me)

2023-11-20 18:17  bluhm

	* usr.sbin/httpd/: httpd.h, server.c, server_fcgi.c: Avoid a NULL
	  dereference when handling a malformed fastcgi request.

	  Rework the hack to avoid a use-after-free in the fastcgi code.
	  Since server_fcgi() can be called by server_read_httpcontent() we
	  can't set clt_fcgi_error to NULL.  Instead, we implement a simple
	  reference count to track when a fastcgi session is in progress to
	  avoid closing the http session prematurely on fastcgi error.
	  Based on a diff from and OK by tb@.  Reported by Ben Kallus.
	  from millert@

	  this is errata/7.3/020_httpd.patch.sig

2023-11-20 18:14  bluhm

	* usr.sbin/httpd/: httpd.h, server.c, server_fcgi.c: Avoid a NULL
	  dereference when handling a malformed fastcgi request.

	  Rework the hack to avoid a use-after-free in the fastcgi code.
	  Since server_fcgi() can be called by server_read_httpcontent() we
	  can't set clt_fcgi_error to NULL.  Instead, we implement a simple
	  reference count to track when a fastcgi session is in progress to
	  avoid closing the http session prematurely on fastcgi error.
	  Based on a diff from and OK by tb@.  Reported by Ben Kallus.
	  from millert@

	  this is errata/7.4/006_httpd.patch.sig

2023-11-08 19:19  millert

	* usr.sbin/httpd/: httpd.h, server.c, server_fcgi.c: Avoid a NULL
	  dereference when handling a malformed fastcgi request.

	  Rework the hack to avoid a use-after-free in the fastcgi code.
	  Since server_fcgi() can be called by server_read_httpcontent() we
	  can't set clt_fcgi_error to NULL.  Instead, we implement a simple
	  reference count to track when a fastcgi session is in progress to
	  avoid closing the http session prematurely on fastcgi error.
	  Based on a diff from and OK by tb@.  Reported by Ben Kallus.

2023-11-08 11:17  deraadt

	* usr.sbin/httpd/patterns.7: remove accidental double space

2023-11-03 13:03  espie

	* usr.sbin/httpd/httpd.conf.5: Be explicit in saying what a shell
	  pattern is.  I'm not a big fan of idiosyncratic lua patterns,
	  especially in that context, but pointing towards them and not
	  mentionning glob(7) is thoroughly confusing. Don't push lua
	  patterns down people throats !

	  At least you know what the incredibly fuzzy "shell patterns"
	  refers to now !

	  okay millert@, jmc@

2023-10-29 11:27  kn

	* usr.sbin/httpd/httpd.conf.5: Unmention/don't explain SSL, drop 9y
	  old "ssl" keyword/deprecation warning

	  Switch "ssl" to "tls" in relayd.conf(5) if you haven't done so in
	  the last ten years, "ssl" is now an error.

	  Say "TLS" not "SSL/TLS" and drop the primer in the TLS RELAYS
	  section.

	  OK benno

2023-09-24 08:28  tb

	* share/mk/bsd.regress.mk: Make REGRESS_LOG more useful again

	  Enabling REGRESS_FAIL_EARLY made REGRESS_LOG error out at the
	  first error, which is pointless. So default to no if REGRESS_LOG
	  is set unless the user explicitly enabled it.

	  Requested by claudio ok bluhm

2023-09-15 07:13  tb

	* share/mk/bsd.regress.mk: Default REGRESS_FAIL_EARLY to yes

	  The current fail open behavior may be desirable in some
	  circumstances, but it is an unexpected and dangerous default
	  since one expects some kind of feedback when running a test
	  suite. Currently failing tests are only visible on inspecting the
	  log, which led to unsuspecting people missing failures several
	  times in the past. Flip the default to fail closed. For those
	  that want to have the old behavior, it is easy enough to set the
	  variable to no.

	  Positive feedback job and schwarze ok kn

2023-09-03 10:18  nicm

	* usr.sbin/httpd/server.c: Use EVBUFFER_DATA instead of reaching
	  into struct evbuffer. ok tb

2023-08-17 07:25  op

	* usr.sbin/httpd/httpd.conf.5: use "example.com" instead of
	  "default" as server name in the various examples: it matches the
	  sample config and avoids tricking the user into thinking that
	  "default" as server name has a special meaning.

	  While here, document also that http uses the first server
	  matching the listening port when there's no match on the server
	  name.  (was corrected on this by Crystal Kolipe, thanks)

	  ok kn on a previous version, improvements from sthen and jmc, ok
	  sthen

2023-07-12 12:46  tb

	* usr.sbin/httpd/: httpd.h, server.c, server_fcgi.c: Work around
	  use after free in httpd(8)

	  A malformed HTTP request can cause httpd in fastcgi mode to crash
	  due to a use-after-free. This is an awful hack, but it's good
	  enough until someone figures out the correct way of dealing with
	  server_close() here.

	  Reported by Jesper Wallin <jesper () ifconfig.se>

	  "this will do the trick for now" claudio ok beck deraadt

	  This is errata/7.2/029_httpd.patch.sig

2023-07-12 12:46  tb

	* usr.sbin/httpd/: httpd.h, server.c, server_fcgi.c: Work around
	  use after free in httpd(8)

	  A malformed HTTP request can cause httpd in fastcgi mode to crash
	  due to a use-after-free. This is an awful hack, but it's good
	  enough until someone figures out the correct way of dealing with
	  server_close() here.

	  Reported by Jesper Wallin <jesper () ifconfig.se>

	  "this will do the trick for now" claudio ok beck deraadt

2023-07-12 12:37  tb

	* usr.sbin/httpd/: httpd.h, server.c, server_fcgi.c: Work around
	  use after free in httpd(8)

	  A malformed HTTP request can cause httpd in fastcgi mode to crash
	  due to a use-after-free. This is an awful hack, but it's good
	  enough until someone figures out the correct way of dealing with
	  server_close() here.

	  "this will do the trick for now" claudio ok beck deraadt

2023-03-08 04:43  guenther

	* usr.sbin/httpd/control.c: Delete obsolete /* ARGSUSED */ lint
	  comments.

	  ok miod@ millert@

2023-02-15 20:44  tobhe

	* usr.sbin/httpd/proc.c: proc_ispeer() is not used anywhere anymore
	  so remove it everywhere.

	  ok florian@ bluhm@ ok for vmd mlarkin@

2022-12-28 21:30  jmc

	* usr.sbin/httpd/config.c: spelling fixes; from paul tagliamonte
	  any parts of his diff not taken are noted on tech

2022-12-27 17:10  jmc

	* lib/libutil/fmt_scaled.c: spelling fixes; from paul tagliamonte
	  any changes not taken noted on tech, but chiefly here i did not
	  take the cancelation - cancellation changes;

2022-12-09 09:30  tb

	* share/mk/bsd.regress.mk: Allow overriding default run-regress-*
	  targets

	  Overriding a default run-regress-* target with custom commands is
	  already possible and done by many tests. The fact that it
	  currently works depends on behavior in the BUGs section of
	  make.1, however. The fix is not to add commands if the target is
	  already defined with commands.

	  tested by anton correct fix from espie, ok anton

2022-10-24 15:02  jmc

	* usr.sbin/httpd/: httpd.8, httpd.h: remove unused references to
	  httpd.sock; found by dante catalfamo ok florian

2022-09-21 05:55  yasuoka

	* usr.sbin/httpd/server_http.c: Default request message body size
	  should be 0.

	  ok claudio

2022-09-02 07:38  benno

	* usr.sbin/httpd/: httpd.c, httpd.conf.5: Make newer mime type
	  definitions take precedence over existing ones.

	  Patch from Ben Fuller <ben -AT- bvnf -DOT- space>, helped along
	  by florian@ ok florian@ and some mumblings from claudio who does
	  not want okays in httpd.

2022-09-01 20:36  tb

	* usr.sbin/httpd/server_http.c: ugly whitespace

2022-08-28 11:11  jsg

	* lib/libc/crypt/blowfish.c: remove unused blowfish inline defines
	  inline use was removed in 1998

2022-08-15 12:29  claudio

	* usr.sbin/httpd/: httpd.h, server_fcgi.c: Neither clt_descreq nor
	  clt_descresp in struct client need to be void *.  They both are
	  only used as struct http_descriptor.	OK tb@

2022-08-15 10:29  claudio

	* usr.sbin/httpd/server_fcgi.c: For FCGI_END_REQUEST reset the clt
	  struct similar to what is done in the file and other cases.
	  Especially when the session uses keep-alive it is important to
	  set TOREAD_HTTP_HEADER so that the state machine knows what's
	  next.  OK op@

2022-08-15 09:40  op

	* usr.sbin/httpd/server_file.c: plug some memory leaks in
	  server_file_index when failures occur

	  namelist and its entries are not freed if escape_html fails or if
	  we fail in the inner loop.  Move scandir later so it's closer to
	  the for loop and handle escape_html and url_encode failures.

	  With lots of help from tb, thanks!

	  ok tb@

2022-08-15 09:36  op

	* usr.sbin/httpd/server_http.c: plug a fd leak in read_errdoc if
	  fstat fails or if the file is empty

	  tweak/ok tb@

2022-08-12 08:40  claudio

	* usr.sbin/httpd/server_fcgi.c: Use break instead of return so that
	  a HEAD request still consumes all data.  OK op@

2022-08-12 06:41  op

	* usr.sbin/httpd/server_fcgi.c: fix regression introduced in
	  previous commit.  HEAD replies don't have a body so
	  server_fcgi_error shouldn't print the end marker.

	  OK claudio@

2022-08-11 14:25  op

	* usr.sbin/httpd/server_fcgi.c: correctly handle an abnormal
	  fastcgi termination.	httpd handles the disconnection from the
	  fastcgi application via server_file_error which assumes that the
	  reply was completey done.  However, if the fastcgi reply wasn't
	  complete (e.g. because slowcgi hit the timeout) the HTTP client
	  are left "hanging" and waiting for a reply until they give up.

	  This adds a server_fcgi_error callback to handle the "no headers"
	  and "incomplete data" cases and properly close the reply before
	  falling back to server_file_error.

	  OK claudio@

2022-05-11 17:23  millert

	* lib/libutil/util.h: Mark pw_error as __dead in prototype to match
	  the function definition.  From Matthew Martin.

2022-05-04 18:57  deraadt

	* lib/libc/gen/vis.c: Found two multiple evaluation macros. One of
	  them so long and scary it too many people to unravel correctly
	  and place into a static function.  While here, move the flags
	  bits into local variables, which reduces the amount of () in the
	  checks.  help from millert, miod, tedu

2022-04-20 14:00  millert

	* lib/libutil/util.h: Make the termp and winp arguments for
	  openpty, et al. const.  This matches the prototypes in glibc and
	  musl libc.  From Matthew Martin. OK tb@

2022-03-31 17:27  naddy

	* usr.bin/htpasswd/htpasswd.1: man pages: add missing commas
	  between subordinate and main clauses

	  jmc@ dislikes a comma before "then" in a conditional, so leave
	  those untouched.

	  ok jmc@

2022-03-11 09:04  dtucker

	* lib/libutil/fmt_scaled.c: Revert previous commit.  The problem it
	  was attempting to fix was already fixed by tb@ in rev 1.20.
	  Spotted by tb@

2022-03-11 07:29  dtucker

	* lib/libutil/fmt_scaled.c: Check for underflow as well as overflow
	  when scaling negative numbers.  ok millert@

2022-03-09 13:50  jsg

	* usr.sbin/httpd/httpd.conf.5: bandwith -> bandwidth

2022-03-04 01:46  deraadt

	* usr.sbin/httpd/server_file.c: Only provide the .gz file if
	  timestamp is >= the non-gzip file.  Make sure it is a regular
	  file.  Use the timestamp of the non-gzip file as the
	  last-modified timestamp, as proposed by claudio.  ok claudio
	  bluhm millert

2022-03-02 23:27  deraadt

	* usr.sbin/httpd/server_file.c: struct stat from early file
	  inspection was being used after actual file open() which means
	  the stat could refer to the wrong file.  Mostly this relates to
	  st_size use.	This bug could mean that httpd sends new files
	  truncated to the old length, saying "I am sure you have the
	  correct file now"? Could have other bad effects.  ok tb millert
	  bluhm

2022-03-02 19:52  tb

	* usr.sbin/httpd/server_file.c: Simplify .gz handling a bit

	  Combine strlcpy + strlcat into a single snprintf and remove a few
	  unnecessary parentheses.

	  ok deraadt millert

2022-03-02 11:10  florian

	* usr.sbin/httpd/: httpd.c, httpd.h, server_fcgi.c, server_http.c:
	  Nothing uses kv_flags.

	  John (j AT bitminer.ca) pointed out that we didn't correctly
	  initialize struct kv and might use slower KV_FLAG_GLOBBING path
	  in kv_find depending on stack garbage. Instead of fixing the
	  initialization just delete kv_flags from struct kv.

	  OK claudio, tb

2022-02-27 20:30  bluhm

	* usr.sbin/httpd/: httpd.conf.5, httpd.h, parse.y, server_file.c:
	  Add gzip-static option to httpd.  This allows to deliver
	  precompressed files with content-encoding gzip.  from prx at si3t
	  dot ch; OK tracey@

2022-02-18 10:24  jsg

	* usr.sbin/httpd/patterns.7: prefer https links in man pages ok
	  gnezdo@ miod@ jmc@

2021-12-22 15:54  bluhm

	* regress/usr.sbin/httpd/tests/: Client.pm, LICENSE, Makefile,
	  funcs.pl: Replace deprecated IO::Socket::INET6 with
	  IO::Socket::IP.

2021-12-04 06:52  florian

	* usr.sbin/httpd/proc.c: Do not setup pipes between SERVER
	  processes, they don't talk to each other. Since this generates a
	  full mesh, the amount of filedescriptors needed grows
	  quadratically with the amount of configured prefork processes.

	  Might fix an out of filedescriptor bug that beck is seeing.  OK
	  benno

2021-12-02 17:10  kn

	* regress/usr.sbin/httpd/tests/Makefile: Tell testers which
	  packages to install right away (and why)

	  Other regress tests do it differently;  just fix/thouch those
	  that did not mention any package name at all.

	  This helps grepping logs for SKIPPED to find instructions for the
	  next run.

2021-11-29 01:04  djm

	* include/blf.h, lib/libc/crypt/blowfish.c: Niels agreed to remove
	  the advertising clause; switching these to 3-term BSD license.

2021-11-11 15:52  claudio

	* usr.sbin/httpd/server_http.c: Move the assignment of http_query
	  down. Also do not assign a non-malloced string to it since the
	  code assumes it can call free on it.	Fixes crashes noticed by
	  tobhe@ and florian@ OK otto@ tobhe@

2021-11-05 19:01  benno

	* usr.sbin/httpd/server_http.c: Perform stricter checking on the
	  version string (which RFC 7230 says must be "HTTP" "/" DIGIT "."
	  DIGIT), and answer 505 version not supported when the number is
	  outside of what we support, and 400 bad request when the version
	  format is wrong.  from Ross L Richardson, thanks! ok claudio@

2021-10-24 16:01  ian

	* usr.sbin/httpd/: config.c, httpd.conf.5, httpd.h, parse.y,
	  server_http.c: Add httpd custom error page facility. Adapted by
	  me from https://github.com/mpfr/httpd-plus.  Improvements from &
	  (earlier version) reads fine to tracey@; improvements & OK this
	  version benno@, florian@. Thanks.

2021-10-23 15:52  benno

	* usr.sbin/httpd/server_fcgi.c: * stop sending the content for head
	  requests, even when its supplied by the   fcgi. Required by RFC
	  7231 and RFC 3875 section 4.3.2.  * If the client sends an empty
	  body without a Content-Lenght:   do not add the Content-Lenght if
	  it's a HEAD request.	  If it's a HEAD request, the
	  Content-Lenght should show the size of the	equivalent GET
	  request, but we don't know how much that will be so	 don't lie.

	  found by and fix suggested by Ross L Richardson, Thanks!

	  Additionally:

	  * when the fcgi supplies a Content-Length header, do not remove
	  it and   set Transfer-Encoding: chunked. Instead, leave the
	  Content-Lenght   header in place, as obviously the fcgi knows how
	  much data will come.

	  ok claudio@

2021-10-23 15:30  benno

	* usr.sbin/httpd/server_http.c: annotate a 413 error with "request
	  body too large" in the error log.  ok claudio@

2021-10-22 08:51  benno

	* usr.sbin/httpd/server_http.c: return unsupported version for
	  version less than HTTP/0.9 and higher than HTTP/1.9. Downgrade
	  version >= HTTP/1.2++ to 1.1.

	  Found by "J. K." (openbsd DOT list AT krottmayer DOT com) ok
	  claudio@

2021-10-21 11:48  benno

	* usr.sbin/httpd/server_http.c: when a client sends header lines
	  without a colon, respond with 400 Bad Request instead of 500
	  Internal Server Error.  ok claudio@

2021-10-15 15:01  naddy

	* usr.sbin/httpd/parse.y: Don't declare variables as "unsigned char
	  *" that are passed to functions that take "char *" arguments.
	  Where such chars are assigned to int or passed to ctype
	  functions, explicitly cast them to unsigned char.

	  For OpenBSD's clang, -Wpointer-sign has been disabled by default,
	  but when the parse.y code was built elsewhere, the compiler would
	  complain.

	  With help from millert@ ok benno@ deraadt@

2021-10-05 17:40  anton

	* regress/usr.sbin/httpd/tests/: Httpd.pm, Makefile, Proc.pm: add
	  missing sudo and handle arguments

2021-08-31 23:33  bluhm

	* share/mk/bsd.regress.mk: Make include bsd.prog.mk is supporting
	  PROGS for a while.  Allow multiple programs also in
	  bsd.regress.mk for consistency.  OK anton@

2021-07-14 13:33  kn

	* usr.sbin/httpd/server.c: Remove unneeded calls to tls_init(3)

	  As per the manual and lib/libtls/tls.c revision 1.79 from 2018
	  "Automatically handle library initialisation for libtls."
	  initialisation is handled automatically by other tls_*(3)
	  functions.

	  Remove explicit tls_init() calls from base to not give the
	  impression of it being needed.

	  Feedback tb OK Tests mestre

2021-07-12 15:09  beck

	* usr.bin/htpasswd/htpasswd.c: Change the error reporting pattern
	  throughout the tree when unveil fails to report the path that the
	  failure occured on. Suggested by deraadt@ after some tech
	  discussion.

	  Work done and verified by Ashton Fagg <ashton@fagg.id.au>

	  ok deraadt@ semarie@ claudio@

2021-06-20 14:08  tb

	* lib/libutil/fmt_scaled.c: scan_scaled: fix rescaling for negative
	  numbers

	  As found by djm by fuzzing ssh, scan_scaled can overflow for
	  negative numbers when rescaling is needed. This is because the
	  rescaled fractional part is added without taking the sign into
	  account.

	  ok ian jca

2021-06-07 10:53  tb

	* usr.sbin/httpd/httpd.conf.5: tweak previous: avoid markup and
	  refer to an HTTP header only by its name as is done elsewhere on
	  this page.

	  pointed out by jmc

2021-06-06 22:00  tb

	* usr.sbin/httpd/httpd.conf.5: appease mandoc -Tlint

2021-06-06 21:59  tb

	* usr.sbin/httpd/httpd.conf.5: Add .Pp for consistency with all
	  other config blocks.

2021-05-20 15:12  florian

	* usr.sbin/httpd/server_fcgi.c: Fix previous.  Only set
	  Content-Length when we no the body is empty and we disable
	  chunked encoding. Otherwise we break the nextcloud app again :/
	  Pointed out by Matthias Pressfreund, thanks!

2021-05-19 19:42  florian

	* usr.sbin/httpd/server_fcgi.c: When we disable "Transfer-Encoding:
	  chunked" in the fastcgi backend because we are going to send an
	  empty body we have to provide "Content-Length: 0" otherwise some
	  browsers (Firefox, Safari) just hang until httpd(8) closes the
	  connection.  Problem reported by Matthias Pressfreund, debugged
	  with weerd@ who pointed out that the problem is browser
	  dependent.  OK tracey

2021-05-17 09:26  florian

	* usr.sbin/httpd/: httpd.h, server_fcgi.c: Do not try to chunk
	  encode an empty http body coming from an fcgi upstream.

	  Found the hard way by Chris Narkiewicz who tracked failing
	  uploads in the nextcloud mobile app down to httpd(8) trying to
	  chunk encode a "204 No Content" resonse.

	  Testing by Steve Williams Testing & OK stsp

2021-05-15 15:08  florian

	* usr.sbin/httpd/server_fcgi.c: Remove outdated comment. We got all
	  httpd headers from the fcgi server at this point.

2021-04-29 18:23  dv

	* usr.sbin/httpd/server_file.c: Use relative reference URIs in
	  Location header on directory redirects.

	  This adds support for front-ending httpd(8) with a
	  TLS-terminating gateway like relayd(8) that forwards unencrypted
	  http traffic.

	  Previously httpd(8) would use a full URL in the Location header
	  in 301 redirects when a user-agent requests a directory but
	  without the trailing '/'. If the user-agent originally connected
	  with https, this caused the redirected url to be http.

	  This change conforms to RFC7231 section 7.1.2.

	  Reported by Vincent Lee.

	  OK claudio@

2021-04-20 21:11  dv

	* usr.sbin/httpd/: control.c, httpd.h, proc.c: Move TAILQ
	  initialization to files where they are used.

	  These priv-sep daemons all follow a similar design and use TAILQs
	  for tracking control process connections. In most cases, the
	  TAILQs are initialized separate from where they are used. Since
	  the scope of use is generally confined to a specific control
	  process file, this commit also removes any extern definitions and
	  exposing the TAILQ structures to other compilation units.

	  ok bluhm@, tb@

2021-04-10 10:10  claudio

	* usr.sbin/httpd/: httpd.h, parse.y, server.c: Do not compare TLS
	  config params for non-TLS servers. This allows to mix 'listen *
	  port 80' and 'listen * tls port 443' in one server block.  Also
	  the last argument of server_tls_cmp - match_keypair - is always 0
	  so remove this code.	OK florian@ tb@ some long time ago

2021-04-06 06:28  jmc

	* usr.sbin/httpd/httpd.conf.5: use "braces" consistenly; fastcgi
	  can take multiple options; original issue and text from laurence
	  tratt, with updates from raf czlonka

2021-03-16 06:44  otto

	* usr.sbin/httpd/server_file.c: A socket buffer is not the best
	  size to read from a disk.  Use st_blksize to set high water mark;
	  florian@

2021-01-27 07:21  deraadt

	* usr.sbin/httpd/: httpd.c, httpd.h, logger.c: these programs (with
	  common ancestry) had a -fno-common problem related to
	  privsep_procid.  ok mortimer

2021-01-22 13:07  benno

	* usr.sbin/httpd/parse.y: fix a memory leak, found by rob@ in
	  relayd.

	  ok tb@

2021-01-18 18:47  tb

	* usr.sbin/httpd/parse.y: Fix httpd example config

	  A server configuration yields multiple struct server_config in
	  the env->sc_servers queue: an actual server ("parent") and one
	  for each location directive in httpd.conf.  In
	  parent_configure(), the parents are configured first, then the
	  corresponding locations.

	  parse.y r1.118 kills the parent if an error is encountered on
	  loading the TLS keypairs but leaves the locations in the
	  sc_servers queue.  When running the default config without TLS
	  keys already in place, this then leads to the self-explanatory
	  "invalid location" error message. Its intention is to indicates
	  the unexpected situation that config_setserver() encounters a
	  location without an associated server.

	  Fix this by not only destroying the parent but also removing all
	  of its locations.

	  ok jsing

2021-01-05 19:56  tb

	* usr.sbin/httpd/server_http.c: unwrap a line

2021-01-02 18:35  tb

	* usr.sbin/httpd/server.c: Pull tls_close() and tls_free() further
	  up, so tls_free() will already be in the right spot once
	  tls_close() is handled by libevent.

	  suggested by jsing

2021-01-02 18:31  tb

	* usr.sbin/httpd/server.c: Call tls_close() before closing the
	  underlying socket

	  In order to end a TLS connection regularly, an implementation
	  MUST send a close_notify alert.  libtls does this in tls_close()
	  via SSL_shutdown(), so the socket had better still be open.

	  The incorrect order in server_close() caused a leak on each tls
	  connection due to a bug in libssl (fixed in tls_record_layer.c
	  r1.56).

	  As pointed out by claudio, tls_close() should really be handled
	  from the main event loop. This will be addressed in a later
	  commit.

	  ok claudio florian jsing

2020-12-31 14:17  tb

	* usr.sbin/httpd/server.c: Don't leak the log message in
	  server_sendlog

	  While there, use the length calculated by vasprintf() instead of
	  using strlen needlessly.

	  ok claudio florian

2020-12-31 14:15  tb

	* usr.sbin/httpd/logger.c: Don't leak access.log and error.log on
	  reload.

	  ok florian

2020-12-30 18:40  benno

	* usr.sbin/httpd/parse.y: getifaddrs() can return entries where
	  ifa_addr is NULL. Check for this before accessing anything in
	  ifa_addr.  ok claudio@

2020-12-17 14:54  bluhm

	* share/mk/bsd.regress.mk: Run setup_once targets in a sepearate
	  block with headline before all other targets.  OK tb@

2020-12-17 00:51  bluhm

	* regress/usr.sbin/httpd/tests/Makefile: Remove echo headlines.

2020-12-16 16:53  bluhm

	* share/mk/bsd.regress.mk: When debugging tests, it is useful to
	  see the target name and which output belongs to it.  Echo
	  headline with regress target and empty line afterwards.  OK
	  sthen@ tb@ OK claudio@

2020-11-20 20:39  jung

	* usr.sbin/httpd/parse.y: remove an unused struct

	  from Edgar Pettijohn

	  ok kn

2020-11-04 10:34  denis

	* etc/examples/httpd.conf: Back out last commit.

	  Some devs are not convinced.

2020-11-02 20:30  denis

	* etc/examples/httpd.conf: acme response challenge location to
	  issue better error code

	  Notified to me by jmc@

	  Diff by Matthias Pressfreund <mpfr @ fn de>, thanks

2020-10-29 12:30  denis

	* usr.sbin/httpd/: httpd.conf.5, httpd.h, parse.y, server_http.c:
	  Add location (found|not found) option to test for resource path
	  existence.

	  Diff by Matthias Pressfreund <mpfr @ fn de>. Thanks.

2020-10-26 19:31  denis

	* usr.sbin/httpd/parse.y: Do not allow duplicate "location"
	  directive.

	  Found and fix by Matthias Pressfreund <mpfr @ fn de>. Thanks.

2020-10-12 22:08  deraadt

	* lib/libutil/fmt_scaled.c: make fixed-sized fixed-value mib[]
	  arrays be const ok guenther tb millert

2020-10-11 03:21  tb

	* usr.sbin/httpd/: parse.y, server.c: Handle absence of TLS certs
	  while parsing the config

	  There is a soft fail mechanism to handle missing certs for
	  seamless interaction with acme-client. Move this to the config
	  parser. This is simpler than server.c r1.117 and avoids a crash
	  due to listening on port 443 without having set up the TLS
	  context first. More precisely, the crash happens if a server with
	  missing certificate is visited via https in a configuration where
	  there is a second server with valid certificate and key.

	  From Joshua Sing (joshua at hypera dot dev)

	  ok benno

2020-09-21 09:42  tobhe

	* usr.sbin/httpd/config.c: Fix memory leak in "iov".

	  ok jca@

2020-09-12 07:34  yasuoka

	* usr.sbin/httpd/: http.h, server_fcgi.c, server_http.c: Use the
	  original requested URI for REQUEST_URI.

	  ok millert florian

2020-09-05 11:49  tb

	* usr.sbin/httpd/httpd.conf.5: httpd(8) uses TLSv1.3 and TLSv1.2 by
	  default

	  Update the httpd.conf(5) manual to reflect this. Initially
	  prompted by a question from tj and reminded by a diff from Navan
	  Carson.

	  ok kn

2020-08-29 07:53  florian

	* usr.sbin/httpd/httpd.h: typo; pointed out by Matthias (mpfr AT
	  fn.de), thanks!

2020-08-26 06:50  florian

	* usr.sbin/httpd/: config.c, httpd.h, parse.y: Set fastcgi socket
	  default on server and location.  This allows "fastcgi" directly
	  inside of a server directive without giving specifying socket.
	  OK tracey

2020-08-25 13:50  tracey

	* usr.sbin/httpd/parse.y: check that fcgiport string value is
	  within range remove redundant error message tweaks and ok
	  florian@

2020-08-24 15:49  tracey

	* usr.sbin/httpd/: config.c, httpd.conf.5, httpd.h, parse.y,
	  server_fcgi.c: Add support for non-localhost fastcgi sockets.

	  Lots of review time kn@ Lots of review time, tweaks, and ok
	  florian@

2020-08-03 11:05  benno

	* usr.sbin/httpd/: httpd.c, httpd.h: remove unused functions from
	  Ross L Richardson <openbsd AT rlr DOT id DOT au>, Thanks ok
	  claudio@

2020-08-03 10:59  benno

	* usr.sbin/httpd/server_http.c: remove another tautology from Ross
	  L Richardson <openbsd AT rlr DOT id DOT au>, Thanks ok claudio@

2020-08-03 10:58  benno

	* usr.sbin/httpd/server_fcgi.c: remove unused assignment from Ross
	  L Richardson <openbsd AT rlr DOT id DOT au>, Thanks ok claudio@

2020-08-03 10:57  benno

	* usr.sbin/httpd/proc.c: remove tautological condition from Ross L
	  Richardson <openbsd AT rlr DOT id DOT au>, Thanks ok claudio@

2020-08-03 10:55  benno

	* usr.sbin/httpd/config.c: remove dead assignments from Ross L
	  Richardson <openbsd AT rlr DOT id DOT au>, Thanks ok claudio@

2020-07-30 21:06  benno

	* usr.sbin/httpd/: httpd.c, httpd.h: Remove the unused function
	  canonicalize_host(), it was copied from relayd.  Found by Ross L
	  Richardson, Thanks.

2020-07-25 21:12  benno

	* usr.sbin/httpd/httpd.h: remove unsused enum key_type, copied
	  initialy from relays.  found by Ross L Richardson, thanks! ok
	  deraadt@

2020-07-06 13:33  pirofti

	* lib/libc/crypt/bcrypt.c: Add support for timeconting in userland.

	  This diff exposes parts of clock_gettime(2) and gettimeofday(2)
	  to userland via libc eliberating processes from the need for a
	  context switch everytime they want to count the passage of time.

	  If a timecounter clock can be exposed to userland than it needs
	  to set its tc_user member to a non-zero value. Tested with one or
	  multiple counters per architecture.

	  The timing data is shared through a pointer found in the new ELF
	  auxiliary vector AUX_openbsd_timekeep containing timehands
	  information that is frequently updated by the kernel.

	  Timing differences between the last kernel update and the current
	  time are adjusted in userland by the tc_get_timecount() function
	  inside the MD usertc.c file.

	  This permits a much more responsive environment, quite visible in
	  browsers, office programs and gaming (apparently one is are able
	  to fly in Minecraft now).

	  Tested by robert@, sthen@, naddy@, kmos@, phessler@, and many
	  others!

	  OK from at least kettenis@, cheloha@, naddy@, sthen@

2020-05-22 07:18  bentley

	* usr.sbin/httpd/: server_file.c, server_http.c: Use the simpler
	  HTML5 idiom to declare charset in autogenerated pages.

	  This came from a suggestion by Andras Farkas to replace use of
	  XHTML self-closing tags.

	  ok cwen@ danj@ florian@

2020-05-18 14:40  cwen

	* usr.sbin/httpd/: server_file.c, server_http.c: httpd: add a "dark
	  mode" in directory listings and error pages

	  Introduce a new "dark mode" for httpd(8) directory listings and
	  error pages, using the prefers-color-scheme css function. It uses
	  the colorscheme already used in OpenBSD project websites.

	  This version will only be displayed if the user's browser
	  specifically sends a "prefer darker themes if available" request.

	  Input from florian@, danj@ and clematis.

	  OK florian@, danj@ (on a previous version with the wrong
	  background color)

2020-05-16 16:58  jmc

	* usr.sbin/httpd/httpd.conf.5: list example files in FILES with a
	  short description: generally, "Example configuration file.", but
	  occasionally something else fit better; at the same time, try to
	  make the format for FILES more consistent;

	  original diff from clematis

2020-04-23 21:10  jmc

	* usr.sbin/httpd/httpd.conf.5: replace examples of "Ic arg Ic arg"
	  with "Ic arg arg" and stop the spread;

2020-02-25 15:18  sthen

	* usr.sbin/httpd/: httpd.conf.5, server_http.c: httpd: allow
	  $REQUEST_SCHEME in redirect targets, ok jung@ florian@

	  Sometimes you want to redirect a request to another site but
	  maintaining the same type of connection (http or https) as the
	  original request.  Allow a $REQUEST_SCHEME variable to be used in
	  redirect locations to allow this, e.g.

	    location "/cgi-bin/foobar*" { block return 302
	  "$REQUEST_SCHEME://foobar.example.org$REQUEST_URI" }

2020-02-09 09:44  florian

	* usr.sbin/httpd/: httpd.conf.5, httpd.h, parse.y, server_fcgi.c:
	  Implement "strip" option for fastcgi to be able to have multiple
	  chroots under /var/www for FastCGI servers.  From Nazar Zhuk
	  (nazar AT zhuk DOT online), thanks! Ok benno

2020-01-14 20:48  benno

	* usr.sbin/httpd/server_http.c: Pick the value for "max requests
	  number" from the correct server {} section in the config, by
	  moving the code down where the Host: header has been read and the
	  correct server configuration selected.

	  Note that it may not be that useful to have this option per
	  server, because it is valid to send requests with different Host:
	  headers over the same tcp connection.

	  problem noted and diff from Tracey Emery, thanks! ok florian@

2019-11-04 14:58  benno

	* usr.sbin/httpd/server_http.c: remove useless NULL check, it's
	  checked 7 lines further up.  found by Clemens Goessnitzer, ok and
	  prodded by florian@

2019-10-22 09:31  florian

	* usr.sbin/httpd/server_http.c: Do not log "(null)" in debug
	  logging.  OK deraadt

2019-10-14 11:07  florian

	* usr.sbin/httpd/server.c: httpd(8) sent a 408 response every time
	  a connection request timeout was reached. This is not what other
	  servers are doing, it leads to ugly log messages and might
	  confuse some clients.  benno@ analyzed that the correct behavior
	  is (probably) to send a 408 when we are in the middle of
	  receiving headers and time out there and just close the
	  connection in all other cases.  In particular, if a connection
	  gets opened and no request is received at all just close the
	  connection. If a connection is set to keep-alive and a request
	  was handled and no further request is coming in just close the
	  connection. The later is the usual cause for spurious log
	  messages and client confusion.

	  Reported over the years by many.  Input, explanations and OK
	  benno

2019-08-30 03:57  deraadt

	* lib/libutil/util.h: uucplock(3) is incorrectly named in some
	  places, it is actually uu_lock(3) (more unclear is if anything in
	  ports uses this, as our base no longer does)

2019-07-12 19:31  bluhm

	* regress/usr.sbin/httpd/tests/Makefile: Test should also run if
	  there is no obj directory.  Name regress targets consistently
	  with a run- prefix.

2019-06-28 13:32  deraadt

	* usr.sbin/httpd/: parse.y, server.c: When system calls indicate an
	  error they return -1, not some arbitrary value < 0.  errno is
	  only updated in this case.  Change all (most?) callers of
	  syscalls to follow this better, and let's see if this strictness
	  helps us in the future.

2019-06-17 17:20  espie

	* share/mk/bsd.regress.mk: add REGRESS_EXPECTED_FAILURES variable,
	  for those tests that are expected to fail because they're not yet
	  implemented.

	  okay bluhm@

2019-06-15 07:30  espie

	* share/mk/bsd.regress.mk: simplify cleanup handling okay bluhm@

2019-06-11 18:14  espie

	* share/mk/bsd.regress.mk: make things slightly less insane: -
	  actually use the ERRORS framework for REGRESS_LOG - put it at end
	  of file, as best working (years of practice on bsd.port.mk) -
	  actually use .SILENT - fix REGRESS_IGNORE_FAIL. Don't put a - in
	  front of lines, but just don't error out as false on FAILED
	  tests.  This finally allows ^C to actually interrupt a testsuite.
	   - add one missing .PHONY (quite a few more for later)

	  okay bluhm@

2019-05-14 16:43  bluhm

	* share/mk/bsd.regress.mk: Remove the REGRESS_MAXTIME feature from
	  regress framework.  The timeout based on CPU seconds is pretty
	  useless, most hanging tests sleep and do not spin.  The timeout
	  could not be distinguished from failure.  Only 3 tests used it.
	  OK anton@ schwarze@ cheloha@ otto@

2019-05-08 21:46  tb

	* usr.sbin/httpd/: httpd.conf.5, server_http.c: The QUERY_STRING
	  macro is not actually URL encoded, so fix the manual.  Add a
	  QUERY_STRING_ENC macro that is URL encoded.

	  Patch from Tim Baumgartner

	  ok reyk

2019-05-08 21:41  tb

	* usr.sbin/httpd/: http.h, server_fcgi.c, server_http.c: Set the
	  REQUEST_URI CGI variable to the requested URI and query string
	  instead of the rewritten path and query string.

	  Patch from Tim Baumgard, reminded by Mischa Peters.

	  ok benno, reyk

2019-05-08 19:57  reyk

	* usr.sbin/httpd/: config.c, httpd.h, parse.y, server_fcgi.c,
	  server_http.c: spacing

2019-05-03 17:16  tb

	* usr.sbin/httpd/: httpd.conf.5, httpd.h, parse.y, server_http.c:
	  Add a "forwarded" log format that extends the "combined" log
	  format by including the contents of the X-Forwarded-For and
	  X-Forwarded-Port headers.  If httpd(8) runs behind a proxy like
	  relayd(8), this allows tracking the origin of the requests.  The
	  format is compatible with log analyzers such as GoAccess and
	  Webalizer.

	  Patch from Bruno Flueckiger

	  ok benno, reyk

2019-05-02 22:32  kn

	* usr.sbin/httpd/logger.c: Avoid opening log files on "no log"

	  When not logging anything, do not open files in the first place.
	  This prevents startup failures on configurations where the log/
	  directory is missing but logging is disabled anyway.

	  OK aja solene reyk

2019-04-16 20:52  jmc

	* usr.sbin/httpd/httpd.conf.5: document where multiline {} is
	  applicable; lack of documentation and original diff provided by
	  alfred morgan; benno helped me track down the applicable options;

	  ok benno

2019-03-12 21:38  jmc

	* usr.sbin/httpd/httpd.conf.5: reference the /etc/examples files
	  for httpd and acme-client. started from a thread by alfred
	  morgan, who wanted a tls example in the man page. florian noted
	  that they exist already in /etc/examples;

	  ok florian

2019-02-19 11:37  pirofti

	* usr.sbin/httpd/: config.c, httpd.conf.5, httpd.h, parse.y,
	  server.c, server_fcgi.c: httpd(8): add support for setting custom
	  FastCGI parameters.

	  This commit extends the existing grammar by adding the param
	  option to the fastcgi directive: fastcgi param name value.

	  Example usage:   fastcgi param VAR1 hello   fastcgi param VAR2
	  world

	  With help and OK florian@ Rogue manpage bits, feel free to modify
	  them.

2019-02-13 22:57  deraadt

	* usr.sbin/httpd/parse.y: (unsigned) means (unsigned int) which on
	  ptrdiff_t or size_t or other larger types really is a range
	  reduction...	Almost any cast to (unsigned) is a bug.  ok millert
	  tb benno

2019-02-10 13:41  benno

	* usr.sbin/httpd/server_http.c: log X509 peer's cert subject name
	  when tls client authentication is used, in the same way as the
	  http authenticated username is loged.  From Karel Gardas, gardask
	  at gmail dot com, Thanks! ok florian@

2019-02-08 11:46  florian

	* usr.sbin/httpd/httpd.conf.5: Improve fastcgi socket documentation
	  and mention that TCP is supported in addition to UNIX domain
	  sockets.  Prompted by a mail from Daniel Gracia ( paladdin AT
	  gmail ) pointing out that we are not documenting TCP support at
	  all, thanks! Prodding by and with jmc@

2019-01-14 23:52  bluhm

	* lib/libutil/fmt_scaled.c: Calling llabs(LLONG_MIN) is undefined
	  behavior, llvm 7.0.1 does not work with our old code.  In
	  fmt_scaled() move the check before calling llabs().  found by
	  regress/lib/libutil/fmt_scaled; OK deraadt@ millert@ tedu@

2019-01-08 18:35  florian

	* usr.sbin/httpd/: parse.y, server.c: Allow httpd(8) to start when
	  TLS is configured but a cert is not yet available.  Assuming a
	  httpd.conf based on /etc/examples/httpd.conf, httpd(8) will only
	  listen on port 80 and serve the acme-challenge directory for
	  acme-client(1).  The workflow to get a certificate then becomes
	  acme-client -vAD example.com && rcctl reload httpd Without the
	  need to edit the httpd.conf yet again. Once the cert is in place
	  and httpd is reloaded it starts to serve on port 443.

	  Idea, tweaks & OK deraadt, OK benno

2018-12-04 18:12  florian

	* usr.sbin/httpd/server_http.c: Check maxrequestbody when we found
	  the right server / location.	Very patiently pointed out
	  repeatedly by Tracey Emery ( tracey AT traceyemery.net ), thanks!
	  OK benno

2018-12-03 22:30  bluhm

	* share/mk/bsd.regress.mk: If a regress uses REGRESS_SKIP_TARGETS
	  to skip part of its tests, print SKIPPED.  This helps to detect
	  such incomplete tests.  OK anton@

2018-11-04 05:56  guenther

	* usr.sbin/httpd/server_http.c: isalpha(3) requires an unsigned
	  char value (or -1).

	  from Hiltjo Posthuma (hiltjo(at)codemadness.org)

2018-11-01 00:18  sashan

	* usr.sbin/httpd/parse.y: - odd condition/test in PF lexer   (and
	  other lexers too)

	  This commit rectifies earlier change:

	      in the lex... even inside quotes, a \ followed by space or
	  tab should
	      expand to space or tab, and a \ followed by newline should be
	  ignored
	      (as a line continuation).  compatible with the needs of
	  hoststated
	      (which has the most strict quoted string requirements), and
	  ifstated
	      (where one commonly does line continuations in strings).

	  OK deraadt@, OK millert@

2018-10-31 07:39  mestre

	* usr.bin/htpasswd/htpasswd.c: htpasswd(1) when in batch mode (-I)
	  and 1 argument is used, or when not in batch mode and 2 arguments
	  are used we know we have to access argv[0] with rwc permissions
	  and also to rwc a temporary file in /tmp so we can unveil(2) both
	  argv[0] and /tmp with rwc permissions. In order to avoid adding
	  "unveil" to pledge(2), just call it after getopt(3).

	  Remaining code paths already have fs access disabled via
	  pledge(2).

	  OK florian@ deraadt@

2018-10-15 08:16  bentley

	* usr.sbin/httpd/: server_fcgi.c, server_http.c: Omit HSTS headers
	  over unencrypted connections, per RFC 6797.

	  ok florian@

2018-10-11 09:52  benno

	* usr.sbin/httpd/: httpd.h, server.c, server_http.c: Backout my
	  previous commit:

	   date: 2018/10/01 19:24:09; author: benno; state: Exp; lines: +7
	  -1;
	     commitid: 0O8fyHPNvPd8rvYU;
	   Only send 408 Timeout responses when we have seen at least part
	  of a
	   request.  Without a request, just close the connection when we
	  hit
	   request timeout.
	   Prompted by a bug report from Nikola Kolev, thanks.
	   ok reyk@ and some suggestions from claudio@ and bluhm@

	  Mark Patruck (mark AT wrapped DOT cx) found a problem with it,
	  thanks for the report.

	  ok reyk@ bluhm@ sthen@ deraadt@

2018-10-06 10:52  bluhm

	* regress/usr.sbin/httpd/tests/Makefile: Simplify regress tests by
	  using the new setup and cleanup feature.

2018-10-05 11:15  bluhm

	* share/mk/bsd.regress.mk: Add regress variable to run setup once
	  for all tests.  OK anton@ benno@

2018-10-01 19:24  benno

	* usr.sbin/httpd/: httpd.h, server.c, server_http.c: Only send 408
	  Timeout responses when we have seen at least part of a request.
	  Without a request, just close the connection when we hit request
	  timeout.  Prompted by a bug report from Nikola Kolev, thanks.  ok
	  reyk@ and some suggestions from claudio@ and bluhm@

2018-09-26 09:34  bluhm

	* share/mk/bsd.regress.mk: Add variables for setup and cleanup of
	  regression tests.  OK anton@ jca@ tb@ benno@

2018-09-09 21:06  bluhm

	* usr.sbin/httpd/: httpd.c, httpd.h, proc.c: During the fork+exec
	  implementation, daemon(3) was moved after proc_init().  As a
	  consequence httpd(8) and relayd(8) child processes did not detach
	  from the terminal anymore.  Dup /dev/null to the stdio file
	  descriptors in the children.	OK benno@

2018-09-07 09:31  florian

	* usr.sbin/httpd/server_http.c: Do not send a Content-Length header
	  for 1xx and 204 status codes since RFC 7230 states that a server
	  MUST NOT do so.  At least relayd chokes on this.

	  Pointed out & diff by Carlin Bingham (cb AT walcyrge.org),
	  thanks! OK benno

2018-09-07 07:35  miko

	* usr.sbin/httpd/parse.y: replace malloc()+strlcpy() with strndup()
	  in cmdline_symset().

	  "looks good" gilles@ halex@

2018-08-19 18:03  jasper

	* usr.sbin/httpd/httpd.h: double the allowed length for the 'tls
	  ciphers' option

	  for example now it can hold the recommended cipher list from the
	  mozilla ssl config generator rather than failing with a "ciphers
	  too long" error.

	  ok benno@ sthen@ tb@

2018-07-11 07:39  krw

	* usr.sbin/httpd/parse.y: Do for most running out of memory err()
	  what was done for most running out of memory log_warn(). i.e.
	  ("%s", __func__) instead of manual function names and redundant
	  verbiage about which wrapper detected the out of memory
	  condition.

	  ok henning@

2018-07-09 12:05  krw

	* usr.sbin/httpd/parse.y: No need to mention which memory
	  allocation entry point failed (malloc, calloc or strdup), we just
	  need to log that we ran out of memory in a particular function.

	  Recommended by florian@ and deraadt@

	  ok benno@ henning@ tb@

2018-06-20 16:43  reyk

	* usr.sbin/httpd/: config.c, httpd.conf.5, httpd.h, parse.y,
	  server_http.c: Add support for simple one-off internal rewrites.

	  For example:

		  location match "/page/(%d+)/.*" {
			  request rewrite
	  "/static/index.php?id=%1&$QUERY_STRING"
		  }

	  Requested by many.

	  Ok benno@

2018-06-18 06:04  jmc

	* usr.sbin/httpd/httpd.conf.5: remove the SECTIONS header, since a
	  one line DESCRIPTION is a bit silly; use a more general text for
	  the sections, and avoid the catchup issue that was trying to
	  document how many there were;

	  ok benno rob

2018-06-15 17:17  reyk

	* usr.sbin/httpd/httpd.conf.5: Something went wrong - the strip
	  option was documented twice.

	  Found by Mischa Peters, thanks

2018-06-15 12:36  reyk

	* usr.sbin/httpd/: server_file.c, server_http.c: Fix 304 Not
	  Modified response: don't send a body, use the correct MIME type.

	  Reported by Hidvegi Gabor  gaborca  websivision  hu

	  Fix found by anton@

	  OK anton@

2018-06-13 16:52  jmc

	* usr.sbin/httpd/httpd.conf.5: one too many .El;

2018-06-13 15:08  reyk

	* etc/examples/httpd.conf, usr.sbin/httpd/httpd.conf.5,
	  usr.sbin/httpd/parse.y: Rename httpd.conf "root strip" option to
	  "request strip".

	  "root strip" was semantically incorrect and did cause some
	  confusion as it never stripped the root but the client's request
	  path.

	  Discussed with many.	Heads up: this is a grammar change that
	  also affects acme-client(1) configurations (see current.html).

	  OK claudio@

2018-06-11 12:12  reyk

	* usr.sbin/httpd/: httpd.conf.5, server_http.c: The http_query is
	  already url_encoded; don't encode it twice.

	  This fixes a bug in the macros and log file handler that
	  double-encoded the query.  This does not change FCGI as it was
	  already handling the query correctly.

	  Additional verification of the QUERY_STRING should be implemented
	  as well.

	  OK claudio@

2018-06-11 10:04  denis

	* usr.sbin/httpd/parse.y: Sorry, forgot a whitespace.

	  Spotted by benno@

2018-06-11 10:01  denis

	* usr.sbin/httpd/parse.y: Fix an off-by-one line count when using
	  include statements.

	  Thanks to otto@ for the initial diff.

	  OK benno@

2018-05-23 19:11  bluhm

	* usr.sbin/httpd/parse.y: Set the port.op value when parsing the
	  httpd.conf port value.  Otherwise the default port for http or
	  https may used depending on uninitialized memory.  Fixes regress
	  on i386.  OK reyk@

2018-05-23 19:02  reyk

	* usr.sbin/httpd/httpd.conf.5: Forgot to revert another "port 80"

	  Pointed out by jmc@

2018-05-19 13:57  jsing

	* regress/usr.sbin/httpd/tests/: Client.pm, Httpd.pm, Makefile,
	  args-tls-verify.pl: Add regress for httpd client certificate
	  authentication.

	  From Jack Burton <jack at saosce dot com dot au> - thanks!

2018-05-19 13:56  jsing

	* usr.sbin/httpd/: config.c, httpd.conf.5, httpd.h, parse.y,
	  server.c, server_fcgi.c: Add support for client certificate
	  authentication to httpd.

	  From Jack Burton <jack at saosce dot com dot au> - thanks!

	  Also tested by Jan Klemkow <j.klemkow at wemelug dot de>.

	  ok beck@ reyk@

2018-05-18 15:20  reyk

	* usr.sbin/httpd/parse.y: Move LISTEN ON {} code into a function
	  listen_on().

	  No functional change, but it makes it easier to deal with the
	  grammar.

2018-05-18 15:04  reyk

	* usr.sbin/httpd/httpd.conf.5: Revert manpage description as well

2018-05-18 14:24  reyk

	* usr.sbin/httpd/: httpd.conf.5, parse.y: Revert previous: it
	  introduced a shift/reduce conflict in the grammar.

2018-05-18 14:07  reyk

	* usr.sbin/httpd/: httpd.conf.5, parse.y: Allow to omit the listen
	  port configuration. Default to port 80, tls port 443.

	  OK florian@ jmc@

2018-05-14 04:39  djm

	* lib/libutil/fmt_scaled.c: constrain fractional part to [0-9]
	  (less confusing to static analysis); ok ian@

2018-04-26 14:12  krw

	* usr.sbin/httpd/parse.y: Plug leak in error case of the common
	  'varset' implementations.

	  ok benno@

2018-04-18 09:37  benno

	* usr.sbin/httpd/server_http.c: Merge usr.sbin/httpd/server_http.c
	  revision 1.119 to 6.3-stable:

	      revision 1.119
	      date: 2018/04/06 13:02:07;  author: florian;  state: Exp;
	  lines: +2 -1;  commitid: fU72v0$

	      After processing of a range request httpd would never close
	  the
	      connection and eventually stop answering queries because of
	  file
	      descriptor starvation.

	      Problem reported by, minimal testcase provided and testing by
	  trondd
	      _AT_ kagu-tsuchi.com, thanks!

	      Testing Nick Holland and millert

	      OK deraadt

	  ok florian@

2018-04-18 09:36  benno

	* usr.sbin/httpd/server_http.c: Merge usr.sbin/httpd/server_http.c
	  revision 1.119 to 6.2-stable:

	      revision 1.119
	      date: 2018/04/06 13:02:07;  author: florian;  state: Exp;
	  lines: +2 -1;  commitid: fU72v0$

	      After processing of a range request httpd would never close
	  the
	      connection and eventually stop answering queries because of
	  file
	      descriptor starvation.

	      Problem reported by, minimal testcase provided and testing by
	  trondd
	      _AT_ kagu-tsuchi.com, thanks!

	      Testing Nick Holland and millert

	      OK deraadt

	  ok florian@

2018-04-11 15:51  florian

	* etc/examples/httpd.conf: "listen on * port 80" means all v4 and
	  v6 addresses these days.  OK benno

2018-04-11 15:50  florian

	* usr.sbin/httpd/: httpd.conf.5, httpd.h, parse.y: Make httpd
	  listen on all IPv4 and IPv6 addresses for "listen on * port 80".
	  While here accept up to 16 addresses from DNS or interface
	  groups.

	  requested by & "lovely" deraadt@ OK kn@

2018-04-06 13:02  florian

	* usr.sbin/httpd/server_http.c: After processing of a range request
	  httpd would never close the connection and eventually stop
	  answering queries because of file descriptor starvation.

	  Problem reported by, minimal testcase provided and testing by
	  trondd _AT_ kagu-tsuchi.com, thanks!

	  Testing Nick Holland and millert

	  OK deraadt

2018-03-23 11:36  florian

	* etc/examples/httpd.conf: Provide an example httpd.conf that's
	  actually useful.  With & OK deraadt input sthen looks better to
	  beck OK benno

2018-02-07 03:28  florian

	* usr.sbin/httpd/: httpd.h, logger.c: NAME_MAX is the length of the
	  thing between / / in a path *without* the terminating NUL.  Do
	  not use it for a "small string" or a "probably short path".
	  Replace it with new defines or PATH_MAX.  It also makes the life
	  easier for people auditing the tree for real usage of NAME_MAX.
	  OK deraadt, benno

2018-01-15 20:38  bluhm

	* share/mk/bsd.regress.mk: We have no deprecated regress variables
	  in our tree.	Remove the compatibility layer.

2018-01-04 20:38  jmc

	* usr.sbin/httpd/httpd.conf.5: from paul de weerd: provide a more
	  helpful Xr to ocspcheck, and note that the path to "file" is not
	  relative to the chroot;

2017-12-21 21:03  jmc

	* usr.sbin/httpd/httpd.conf.5: typo;

2017-12-14 21:19  benno

	* usr.sbin/httpd/server_http.c: set Location header for 307 and 308
	  status codes ok sthen@ phessler@

2017-11-29 16:55  beck

	* usr.sbin/httpd/: httpd.conf.5, server.c: Don't do OCSP stapling
	  only if the staple file is 0 length.

	  This allows something external (like ocspcheck) to disable the
	  stapling deliberatly if it can not retreive a valid staple by
	  truncating the staple file to indicate "do not provide a staple",
	  while the file not existin will still be treated as a
	  configuration error ok claudio@ florian@, and prompted by @jsing

2017-11-28 09:40  jmc

	* usr.sbin/httpd/httpd.conf.5: tweak previous;

2017-11-28 01:21  beck

	* usr.sbin/httpd/: httpd.conf.5, server.c: Disable oscp stapling on
	  invalid staple, rather than failing to start.  ok claudio@
	  florian@

2017-11-10 23:29  naddy

	* regress/usr.sbin/httpd/tests/Makefile: replace last instances of
	  /dev/arandom with /dev/urandom

2017-08-28 06:00  florian

	* usr.sbin/httpd/parse.y: 65535 is a valid port to listen on.
	  Off-by-one pointed out by and diff from Kris Katterjohn
	  katterjohn AT gmail, thanks! chris@ pointed out that more than
	  httpd(8) is effected.  OK gilles@

2017-08-11 20:30  jmc

	* usr.sbin/httpd/httpd.conf.5: punctuation;

2017-08-11 18:48  jsing

	* usr.sbin/httpd/: httpd.conf.5, httpd.h, parse.y, server.c:
	  Convert httpd to tls_config_set_ecdhecurves(), allowing a list of
	  curves to be specified, rather than a single curve.

	  ok beck@

2017-07-31 08:02  ians

	* usr.sbin/httpd/server_fcgi.c: Don't set HTTP date header if
	  already set.

	  Thanks Nick Owens

	  OK florian@

2017-07-19 17:36  jsing

	* usr.sbin/httpd/: config.c, httpd.h, server.c: Rework the way that
	  TLS configuration is sent/received via imsgs, so that are no
	  longer limited by the 16KB maximum size of a single imsg.
	  Configuration data that is larger than a single message is now
	  chunked and sent via multiple imsgs.

	  Prompted by a diff from Jack Burton <jack at saosce dot com dot
	  au>.

	  ok reyk@

2017-07-14 13:31  bluhm

	* regress/usr.sbin/httpd/tests/: LICENSE, Makefile,
	  args-get-1048576.pl, args-get-1073741824.pl, args-get-512.pl,
	  args-get-range-512.pl, args-get-range-multipart.pl,
	  args-get-slash.pl, args-tls-get-range-512.pl,
	  args-tls-get-range-multipart.pl, funcs.pl: Do not mix Perl read()
	  with sysread().  Data could get stuck in the buffered IO and test
	  run-regress-args-get-1073741824.pl would fail on slow hardware.
	  Introduce a common function read_part() that uses Perl read().
	  Limit debug output to one line per 1% of data.  Remove unused
	  function http_server().  Fix whitespace.  Cleanup Makefile.

2017-07-09 21:23  espie

	* usr.bin/htpasswd/Makefile: remove redundant variable declarations
	  in Makefiles, since those are the default.

	  okay millert@

2017-07-07 16:30  schwarze

	* usr.bin/htpasswd/htpasswd.1: clarify which httpd we are talking
	  about; from Raf Czlonka <rczlonka at gmail dot com>

2017-07-03 22:21  espie

	* usr.sbin/httpd/Makefile: no need to generate y.tab.h if nothing
	  uses it, set YFLAGS to nothing instead of CLEANFILES += y.tab.h

	  okay millert@

2017-06-10 13:31  schwarze

	* usr.sbin/httpd/patterns.7: Fix broken escaping: "\." is almost
	  never what you want; found with mandoc -Tlint.  While here, make
	  macro usage more consistent.

2017-06-07 09:11  awolk

	* usr.bin/htpasswd/htpasswd.c: htpasswd: use crypt_newhash instead
	  of the bcrypt API

	  man bcrypt states:	  These functions are deprecated in favor
	  of crypt_checkpass(3) and	 crypt_newhash(3).

	  hence with this change we move htpasswd to the new API, while
	  here also change the rounds from a hardcoded 8 to automatic
	  selection based on system performance.

	  OK florian@

2017-05-28 10:37  benno

	* usr.sbin/httpd/: config.c, httpd.c, httpd.h, proc.c: use __func__
	  in log messages.  From Hiltjo Posthuma hiltjo -AT codemadness
	  -DOT- org, thanks! ok florian, claudio

2017-05-15 10:40  jsg

	* usr.sbin/httpd/server_http.c: Avoid a crash servicing requests
	  when a server is configured with "block return 401".	Problem
	  reported by Jurjen Oskam.  ok florian@

2017-04-20 17:48  nicm

	* lib/libutil/util.h: Add getptmfd(), fdopenpty(), fdforkpty()
	  functions. These allow programs to separate the open(/dev/ptm)
	  from the ioctl(PTMGET) for privilege separation or pledge().

	  Based on a diff from reyk@.

	  ok deraadt millert

2017-04-17 21:58  deraadt

	* usr.sbin/httpd/server.c: some freezero() calls

2017-04-16 10:19  jsg

	* usr.bin/htpasswd/Makefile: remove -g from CFLAGS at florian's
	  request

2017-04-16 10:16  jsg

	* usr.bin/htpasswd/Makefile: Different compilers and versions of
	  compilers have different warnings.  Remove -Werror to give code a
	  greater chance of building.

	  ok deraadt@ florian@

2017-04-16 08:50  ajacoutot

	* etc/examples/httpd.conf: Remove /etc/ssl/acme/. We don't need it
	  now that we have a default acme-conf(5) that direclty uses
	  /etc/ssl/{,private} by default. Adapt the httpd.conf example
	  accordingly.

	  ok florian@ benno@ millert@

2017-04-09 09:13  florian

	* usr.sbin/httpd/httpd.conf.5: image/svg+xml is a default inbuilt
	  media type.  Pointed out by Anton Lindqvist (anton.lindqvist AT
	  gmail), thanks!

2017-04-04 20:16  claudio

	* usr.sbin/httpd/httpd.c: Do not purge the CONFIG_SERVERS config in
	  the parent. The ticket code uses the servers config for its
	  rekeying handling. Without this no rekeying happens and httpd
	  stops working. Learned the hard way by me and beck@ OK reyk@

2017-03-25 17:25  claudio

	* usr.sbin/httpd/: config.c, httpd.c, httpd.conf.5, httpd.h,
	  parse.y, server.c: Implement TLS ticket support in httpd. Off by
	  default. Use	    tls ticket lifetime default to turn it on with
	  a 2h ticket lifetime.  Rekeying happens after a quarter of that
	  time.  OK reky@ and bob@

2017-03-21 12:06  bluhm

	* usr.sbin/httpd/log.c: From a syslog perspective it does not make
	  sense to log fatal and warn with the same severity.  Switch
	  log_warn() to LOG_ERR and keep fatal() at LOG_CRIT.  OK reyk@
	  florian@

2017-03-16 10:18  florian

	* usr.sbin/httpd/: httpd.conf.5, server_http.c: Expand $HTTP_HOST
	  in redirects.  From Rivo Nurges Rivo.Nurges AT smit.ee, thanks!
	  OK reyk

2017-03-16 02:40  dtucker

	* lib/libutil/fmt_scaled.c: Fix overly-conservative overflow checks
	  on mulitplications and add checks on additions.  This allows
	  scan_scaled to work up to +/-LLONG_MAX (LLONG_MIN will still be
	  flagged as a range error).  ok millert@

2017-03-15 05:25  dtucker

	* lib/libutil/fmt_scaled.c: Collapse underflow and overflow checks
	  into a single block.	ok djm@ millert@

2017-03-15 00:13  dtucker

	* lib/libutil/fmt_scaled.c: Catch integer underflow in scan_scaled
	  reported by Nicolas Iooss.  ok deraadt@ djm@

2017-03-11 23:37  djm

	* lib/libutil/fmt_scaled.c: fix signed integer overflow in
	  scan_scaled. Found by Nicolas Iooss using AFL against ssh_config.
	  ok deraadt@ millert@

2017-03-10 21:06  reyk

	* usr.sbin/httpd/server_http.c: Sync from relayd: DELETE can have a
	  body.

	  Fix by Rivo Nurges, fixes a problem with Atlassian JIRA

	  OK benno@

2017-02-07 12:27  reyk

	* usr.sbin/httpd/: httpd.conf.5, httpd.h, parse.y, server.c:
	  /tmp/cvsspEkok

2017-02-07 12:22  reyk

	* usr.sbin/httpd/server_http.c: Improve parsing of the HTTP request
	  line

	  Make sure that the beginning of a new request starts with an
	  alphabetic character.  This is a quick way to detect non-ASCII
	  requests (eg. TLS on port 80).  The full validation of the
	  request method is done once the input line is read.

	  Make sure that non-terminated lines do not exceed the
	  SERVER_MAXHEADERLENGTH which is 8k.  As the current read
	  watermark is set to 64k, this means that the limit check is
	  triggered after max.	64k of input, depending on the TCP read
	  buffer.

	  OK benno@ jsing@

2017-02-03 08:23  guenther

	* usr.sbin/httpd/httpd.h: Stop assuming that in_{addr,port}_t are
	  typedefed in <sys/types.h> and instead pull in <netinet/in.h> or
	  <arpa/inet.h> when those are needed.

	  ok florian@ beck@ millert@

2017-02-02 22:19  reyk

	* usr.sbin/httpd/: httpd.h, server.c, server_file.c, server_http.c:
	  Fix support for HTTP pipelining by handling all requests in the
	  buffer.

	  Tested & OK jung@

2017-02-02 11:18  tb

	* regress/usr.sbin/httpd/tests/README: sudo -> SUDO and some other
	  minor tweaks

2017-02-01 10:44  reyk

	* regress/usr.sbin/httpd/tests/README: SUDO is doas

2017-02-01 10:26  reyk

	* regress/usr.sbin/httpd/tests/: args-get-range-512.pl,
	  args-get-range-multipart.pl, args-tls-get-range-512.pl,
	  args-tls-get-range-multipart.pl, funcs.pl: Add Range and
	  multipart tests.

2017-01-31 21:07  benno

	* usr.sbin/httpd/: server_file.c: A bug in the processing of range
	  headers in httpd can lead to memory exhaustion and possibly crash
	  httpd.

	  This patch disables range header processing.

	  The problem is fixed in future versions of httpd (OpenBSD 6.1) by
	  changing the way the file size is determined.

	  found by Pierre Kim (pierre.kim.sec at gmail.com), thanks.  fix
	  by sunil@

	  ok reyk@ sunil@ and beck@ danj@ tb@ and tj@ on the errata.

2017-01-31 20:08  beck

	* usr.sbin/httpd/server.c: remove extra call setting OCSP staple
	  now that it is done above using keypair_ocsp..  ok reyk@

2017-01-31 17:25  beck

	* usr.sbin/httpd/server.c: Correct mistake I made when converting
	  this to new funciton

2017-01-31 16:18  beck

	* usr.sbin/httpd/server.c: Add tls_config_[add|set]keypair_ocsp
	  functions so that ocsp staples may be added associated to a
	  keypair used for SNI, and are usable for more than just the
	  "main" certificate. Modify httpd to use this.  Bump libtls minor.

	  ok jsing@

2017-01-31 14:39  reyk

	* usr.sbin/httpd/: httpd.h, server_file.c, server_http.c:
	  Reimplement httpd's support for byte ranges.

	  The previous implementation loaded all the output into a single
	  output buffer and used its size to determine the Content-Length
	  of the body.

	  The new implementation calculates the body length first and
	  writes the individual ranges in an async way using the
	  bufferevent mechanism.

	  This prevents httpd from using too much memory and applies the
	  watermark and throttling mechanisms to range requests.

	  Problem reported by Pierre Kim (pierre.kim.sec at gmail.com)

	  OK benno@ sunil@

2017-01-31 12:21  reyk

	* usr.sbin/httpd/: httpd.h, server_http.c: The variable clt_done is
	  used in too many places.

	  Introduce a new variable clt_headersdone in the async HTTP
	  parser.

	  OK sunil@ benno@

2017-01-31 12:20  reyk

	* usr.sbin/httpd/server.c: Do not set EVBUFFER_EOF on read/write
	  errors and handle EOF correctly.

	  Either libevent or the TLS callback can trigger an EOF when the
	  connection is closed.

	  OK sunil@ jung@ benno@

2017-01-30 21:18  reyk

	* regress/usr.sbin/httpd/tests/: Httpd.pm, Makefile: Fix TLS tests.
	  Keys and log files are now in obj, not in obj/htdocs

2017-01-30 18:25  reyk

	* regress/usr.sbin/httpd/tests/Makefile: Adjust CLEANFILES for new
	  httpd root

2017-01-30 18:19  reyk

	* regress/usr.sbin/httpd/tests/Makefile: unbreak httpd regress
	  tests after wobj change

	  Previously, the tests used the obj dir as the httpd chroot/root.
	  But the www user cannot access any files since we switched obj to
	  0750.  The fix is to create another 0755 subdirectory obj/htdocs
	  as the root.

2017-01-30 09:54  reyk

	* usr.sbin/httpd/server_file.c: Fix error path of range requests,
	  found while reviewing byte range support.

	  OK jsg@

2017-01-27 07:03  tom

	* usr.sbin/httpd/parse.y: More s/OSCP/OCSP/ typos

	  ok jmc@

2017-01-24 13:28  jmc

	* usr.sbin/httpd/httpd.conf.5: sort SEE ALSO;

2017-01-24 12:37  beck

	* usr.sbin/httpd/httpd.conf.5: add ocspcheck to see also

2017-01-23 04:25  deraadt

	* usr.sbin/httpd/httpd.c: Split pledge "ioctl" into "tape" and
	  "bpf", and allow SIOCGIFGROUP only upon "inet".  Adjust the 4
	  programs that care about this.

2017-01-21 11:32  guenther

	* usr.sbin/httpd/server_fcgi.c: The POSIX APIs that that sockaddrs
	  all ignore the s*_len field in the incoming socket, so userspace
	  doesn't need to set it unless it has its own reasons for tracking
	  the size along with the sockaddr.

	  ok phessler@ deraadt@ florian@

2017-01-17 22:10  krw

	* usr.sbin/httpd/proc.c: Nuke some whitespace that keeps poking me
	  in the eye as I try to steal code.

2017-01-09 14:49  reyk

	* usr.sbin/httpd/: control.c, httpd.c, httpd.h, log.c, proc.c,
	  server.c: Stop accessing verbose and debug variables from log.c
	  directly.

	  This replaces log_verbose() and "extern int verbose" with the two
	  functions log_setverbose() and log_getverbose().

	  Pointed out by benno@ OK krw@ eric@ gilles@ (OK gilles@ for the
	  snmpd bits as well)

2017-01-09 14:04  krw

	* usr.sbin/httpd/control.c: Replace hand-rolled for(;;) traversal
	  of ctl_conns TAILQ with TAILQ_FOREACH().

	  No intentional functional change.

	  ok reyk@

2017-01-08 20:31  reyk

	* usr.sbin/httpd/log.c: Sync log.c with the latest version from
	  vmd/log.c that preserves errno so it is safe calling log_* after
	  an error without loosing the it.

2017-01-05 13:53  krw

	* usr.sbin/httpd/parse.y: Replace hand-rolled for(;;) emptying of
	  'symhead' TAILQ with more modern TAILQ_FOREACH_SAFE().

	  No intentional functional change.

	  ok millert@ bluhm@ gilles@

2017-01-05 12:42  krw

	* usr.sbin/httpd/parse.y: Replace symset()'s hand-rolled for(;;)
	  traversal of 'symhead' TAILQ with more modern TAILQ_FOREACH().
	  This what symget() was already doing.

	  Add paranoia '{}' around body of symget()'s TAILQ_FOREACH().

	  No intentional functional change.

	  ok bluhm@ otto@

2016-11-17 14:58  jsing

	* usr.sbin/httpd/server.c: Check the return value of
	  tls_config_set_protocols(), now that it returns an int.

2016-11-17 14:52  jsing

	* usr.sbin/httpd/: httpd.h, parse.y, server.c: Move OCSP loading
	  into a separate function - it is not part of the keypair and this
	  way we can give a separate specific error message.

	  ok beck@ reyk@

2016-11-14 10:28  schwarze

	* usr.sbin/httpd/httpd.conf.5: specify ordering and precedence of
	  location { } sections; patch from grunk@; feedback and OK jmc@;
	  OK florian@

2016-11-10 13:21  jca

	* usr.sbin/httpd/server.c: Fix tcp ip ttl / minttl on IPv6 sockets.

	  ok florian@

2016-11-06 16:05  beck

	* usr.sbin/httpd/server.c: conditionalize ocsp load properly ok
	  jsing@

2016-11-06 15:50  beck

	* usr.sbin/httpd/parse.y: since ocsp stapling is optional, make
	  sure we guard if we do not have it.  ok jsing@

2016-11-06 11:27  jmc

	* usr.sbin/httpd/httpd.conf.5: tweak previous;

2016-11-06 10:49  beck

	* usr.sbin/httpd/: config.c, httpd.conf.5, httpd.h, parse.y,
	  server.c: Add OCSP stapling support to httpd ok jsing@ bcook@

2016-10-12 11:57  reyk

	* usr.sbin/httpd/log.c: copy updated log.c from vmd: for
	  correctness, save errno when doing additional actions before
	  printing it.	OK rzalamena@

2016-10-12 10:57  reyk

	* usr.sbin/httpd/: config.c, httpd.h, proc.c: Prevent fd exhaustion
	  in the parent when loading the listening server sockets by
	  sending the fd one-by-one.  This allows to start httpd with max
	  32 server instances and many server sockets without changing the
	  default rlimits in any way.

	  OK rzalamena@

2016-10-10 21:53  rzalamena

	* usr.sbin/httpd/proc.c: Modify httpd(8)'s proc.c to use less file
	  descriptors during the daemon start up. To achieve this
	  proc_init() initiates only the necessary pipes between child and
	  parent, allocate and distribute fds in proc_connect().

	  In case of configuration checks ('-n') we do nothing in
	  proc_init() and proc_connect().

	  ok reyk@

2016-10-10 16:31  rzalamena

	* usr.sbin/httpd/proc.c: Fix msgbuf_write() usage idiom and modify
	  the treatment for socket close to exit gracefully instead of
	  fatal()ing.

	  ok reyk@

2016-10-10 11:13  rzalamena

	* usr.sbin/httpd/proc.c: Add more context to fatal*() messages so
	  it makes easier to debug proc.c internals.

	  ok phessler@

2016-10-07 07:37  patrick

	* usr.sbin/httpd/server_fcgi.c: The strchr() call either returns a
	  NULL pointer, on which the code will break out of the loop, or a
	  pointer to ':'.  Thus the extra check for ':' is unnecessary and
	  can be removed.

	  ok jung@

2016-10-07 07:33  patrick

	* usr.sbin/httpd/server_fcgi.c: Empty lines cause
	  server_fcgi_getheaders() to immediately return.  Unfortunately in
	  that case the line was not freed.  This lead to a memleak on each
	  request.  Thus, save the return value prior to returning, free
	  the line and return the saved value.

	  ok jung@

2016-10-05 17:13  rzalamena

	* usr.sbin/httpd/proc.c: Check if oldd == newd before dup2(), if
	  that is the case we need to remove the CLOEXEC flag ourselves.

	  ok bluhm@, deraadt@

2016-10-05 17:09  reyk

	* usr.sbin/httpd/proc.c: Call setsid() to create a new session for
	  the executed processes.

	  From deraadt@ OK rzalamena@

2016-10-05 16:58  reyk

	* usr.sbin/httpd/: httpd.h, proc.c: sync proc.c with vmd: add p_pw
	  to specify a non-standard user for a process.

	  OK rzalamena@

2016-09-28 12:02  reyk

	* usr.sbin/httpd/Makefile: Add -Wcast-qual after syncing proc.c fix

2016-09-28 12:01  reyk

	* usr.sbin/httpd/: httpd.c, httpd.h, proc.c: sync proc.c from
	  switchd, includes minor cast qual fix and removal of p_env.

2016-09-23 20:02  bluhm

	* regress/usr.sbin/httpd/tests/Makefile: Remove leftovers from
	  relayd tests.

2016-09-17 20:05  tj

	* etc/examples/httpd.conf: pathnames for cert and key files need to
	  be quoted.

	  reported by brynet

2016-09-17 15:04  tj

	* etc/examples/httpd.conf: add example certificate and key files
	  generated with acme-client.

	  ok florian

2016-09-15 20:57  jmc

	* usr.sbin/httpd/httpd.8: add some Xr for acme-client(1);

2016-09-03 14:44  reyk

	* usr.sbin/httpd/: httpd.h, parse.y, proc.c: Replace
	  [RELAY|SERVER]_MAXPROC with the new PROC_MAX_INSTANCES variable
	  and limit it from 128 to 32 instances (the old value).  While
	  here, move a few PROC_ defines around.

	  OK rzalamena@

2016-09-03 10:02  reyk

	* usr.sbin/httpd/proc.c: Use DPRINTF instead of #ifdef DEBUG +
	  log_debug().

	  Pointed out by benno@

2016-09-02 21:30  bluhm

	* regress/usr.sbin/httpd/tests/Makefile: Print SKIPPED if a regress
	  test cannot be executed for some reason.  This allows to identify
	  such tests by looking at their output.

2016-09-02 11:25  reyk

	* usr.sbin/httpd/: httpd.c, httpd.h, proc.c: proc.c tweaks: Rename
	  proc_listento() to proc_accept() as it is the receiving side of
	  proc_connect().  Move some code from main into proc_init(), the
	  function is now called by parent and children, not just the
	  parent and it is less copy + paste for other daemons.

	  OK florian@

2016-09-01 16:07  reyk

	* usr.sbin/httpd/config.c: The fork+exec diff broke "what?!", the
	  ps_what field determines the configuration that has to be
	  initialized in each process and was inherited from the parent
	  instead of setting it everywhere.  I'm surprised that it worked.

	  OK florian

2016-09-01 14:50  reyk

	* usr.sbin/httpd/proc.c: Don't print "lost child" if the child
	  process exited okay.	This is the old behaviour and unbreaks the
	  regress tests.

2016-09-01 14:44  reyk

	* regress/usr.sbin/httpd/tests/args-get-slash.pl: Fix regress test,
	  server returns 400 instead of 500 now

2016-09-01 11:13  florian

	* usr.sbin/httpd/: httpd.h, server_fcgi.c: struct client starts to
	  become the kitchen sink. Move fastcgi data to its own struct.
	  Requested by and OK reyk@

2016-09-01 10:59  reyk

	* usr.sbin/httpd/: control.c, httpd.h, logger.c, proc.c,
	  server_fcgi.c: spacing

2016-09-01 10:57  reyk

	* usr.sbin/httpd/proc.c: Adjust log message, use process title now
	  that it works again

2016-09-01 09:47  rzalamena

	* usr.sbin/httpd/: httpd.c, httpd.h, proc.c: Teach httpd/proc.c how
	  to fork+exec.

	  This commit implemented the basic functions to proc.c to make it
	  not rely on global variables, malloc()ed memory and CLOEXEC
	  pipes.

	  Fix child proc titles from reyk@ ok reyk@, florian@

2016-08-30 14:31  rzalamena

	* usr.sbin/httpd/: httpd.h, logger.c, proc.c, server.c: Kill
	  (remove) the ps_pid from privsep struct since it is not being
	  used anymore. Also fix the process initialization prototypes.

	  ok reyk@

2016-08-30 13:46  rzalamena

	* usr.sbin/httpd/: httpd.c, proc.c: Terminate daemon using the
	  socket status instead of watching SIGCHLD or kill()ing child
	  process.

	  "Looks good to me" millert@ ok benno@

2016-08-30 13:37  rzalamena

	* usr.sbin/httpd/httpd.h: Remove duplicated prototypes from header.

	  "Looks good to me" natano@

2016-08-30 10:54  florian

	* usr.sbin/httpd/: httpd.h, server_fcgi.c: Do not assume that the
	  full http response header is in the first fastcgi stdout record.
	  Keep processing stdout records until we found the header / body
	  separator and only then generate the header response.  Problem
	  reported by many.

	  OK jung@

2016-08-27 11:13  rzalamena

	* usr.sbin/httpd/: control.c, httpd.h, logger.c, proc.c, server.c:
	  Kill p_instance from proc.c and remove static proc_id unused
	  variables.

	  To keep the debug functionality intact and correct we'll use the
	  pid field in the imsg header to pass the instance number.
	  Remember to always pass 'ps_instance + 1' otherwise libutil will
	  fill imsg header pid field with the imsgbuf pid (which is the
	  current process pid).

	  ok reyk@

2016-08-26 12:24  rzalamena

	* usr.sbin/httpd/: httpd.c, httpd.h, proc.c: Kill the ps_ninstances
	  from proc.c.

	  We got the same information in ps_instances[proc] (more accurate)
	  and we avoid allocating unnecessary memory for pipe storage.

	  ok reyk@

2016-08-26 10:46  rzalamena

	* usr.sbin/httpd/: httpd.h, logger.c, server.c, server_http.c:
	  Replace the static env variables with a single global variable.

	  ok reyk@

2016-08-26 08:25  guenther

	* lib/libc/crypt/bcrypt.c: Pull in <time.h> for clock_gettime()

	  ok deraadt@

2016-08-22 15:02  jsing

	* usr.sbin/httpd/: httpd.h, parse.y, server.c: Enable SNI support
	  in httpd(8).

	  ok reyk@

2016-08-16 18:41  tedu

	* usr.sbin/httpd/: httpd.c, httpd.h, logger.c, server.c: stop
	  including sys/param.h for nitems. define locally as needed.  ok
	  natano reyk

2016-08-16 17:10  reyk

	* usr.sbin/httpd/server.c: Turn "TLS handshake failed -" log
	  message into a debug message - it happens way too often and does
	  not provide much information.

	  OK jung@

2016-08-16 08:36  reyk

	* usr.sbin/httpd/server.c: Rename server_handshake_tls() to
	  server_tls_handshake() to align with the other server_tls_*
	  functions (and I like the prefix notation better).  No functional
	  change.

2016-08-15 16:12  jsing

	* usr.sbin/httpd/: httpd.h, parse.y, server.c: Move server_match()
	  from parse.y to server.c; use env instead of conf, which is
	  actually the same thing (cluebat from reyk@).

2016-08-15 14:14  jsing

	* usr.sbin/httpd/: config.c, server.c: Use lowercase 'tls' in debug
	  and log messages for consistency.

	  Requested by reyk@

2016-08-15 13:48  jsing

	* usr.sbin/httpd/: httpd.h, parse.y, server.c: Make httpd stricter
	  with respect to TLS configuration - in particular, do not allow
	  TLS and non-TLS to be configured on the same port, do not allow
	  TLS options to be specified without a TLS listener and ensure
	  that the TLS options are the same when a server is specified on
	  the same address/port.  Currently, these configurations are
	  permitted but do not work as intended.

	  Also factor out and reuse the server matching code, which was
	  previously duplicated.

	  ok reyk@

2016-08-01 21:15  benno

	* usr.sbin/httpd/http.h: sync http.h with relayd ok reyk@

2016-07-27 11:02  reyk

	* usr.sbin/httpd/server_http.c: According to RFC 7231 4.3.7,
	  OPTIONS may have body. "Although this specification does not
	  define any use for such a payload, future extensions to HTTP
	  might use the OPTIONS body to make more detailed queries about
	  the target resource." The future has arrived.

	  Found and tested by Michael Lechtermann OK benno@

2016-07-13 16:35  jsing

	* usr.sbin/httpd/httpd.h: Adjust existing tls_config_set_cipher()
	  callers for TLS cipher group changes - map the previous
	  configuration to the equivalent in the new groups. This will be
	  revisited post release.

	  Discussed with beck@

2016-06-26 21:04  tedu

	* lib/libc/crypt/bcrypt.c: increase the minimum for auto rounds to
	  6. that was the previous low bound for login.conf, and we don't
	  want to go lower.

2016-06-21 21:35  benno

	* usr.sbin/httpd/parse.y: do not allow whitespace in macro names,
	  i.e. "this is" = "a variable".  change this in all config parsers
	  in our tree that support macros.  problem reported by sven
	  falempin.

	  feedback from henning@, stsp@, deraadt@ ok florian@ mikeb@

2016-06-10 18:32  jmc

	* usr.sbin/httpd/httpd.8: grammar fix; from nick permyakov

2016-06-10 12:09  florian

	* usr.sbin/httpd/httpd.c: & expands to the maximum amount of needed
	  space; fix comment.  Pointed out by Frank Schoep, thanks!

2016-05-31 15:28  jsing

	* usr.sbin/httpd/config.c: Unbreak compilation with -DDEBUG.

	  From Fabian Raetz <fabian dot raetz at gmail dot com>

2016-05-27 11:24  krw

	* usr.sbin/httpd/server_http.c: Return "400 Bad Request" instead of
	  "500 Server Internal Error" for requests lacking
	  "HTTP/<version>".

	  This makes it more obvious that httpd(8) does not attempt to
	  support HTTP v0.9 (circa 1991), when "GET <url>\r\n" was valid.

	  ok millert@ florian@

2016-05-22 19:20  jung

	* usr.sbin/httpd/server_http.c: makes sure the value of the
	  asprintf buffer is zeroed on error

	  from Hiltjo Posthuma

	  "do." deraadt

2016-05-22 19:19  jung

	* usr.sbin/httpd/httpd.c: fix unbalanced va_start and va_end macros

	  from Hiltjo Posthuma

	  "do." deraadt

2016-05-17 03:12  deraadt

	* usr.sbin/httpd/server_file.c: Repair some file descriptor leaks.
	  ok beck krw millert

2016-05-09 19:36  tj

	* usr.sbin/httpd/httpd.conf.5: in the http redirect example, also
	  include the requested url instead of just going to the home page.

	  requested by and ok beck

2016-05-03 19:13  bluhm

	* regress/usr.sbin/httpd/tests/: Proc.pm, funcs.pl, httpd.pl: Fix
	  some Perl statements perlcritic was bitching about: Variable
	  declared in conditional statement.

2016-04-28 22:16  schwarze

	* usr.sbin/httpd/httpd.conf.5: Avoid unusual Content-Type: even in
	  an example; people might get hurt when doing copy & paste.  Patch
	  from Hiltjo Posthuma <hiltjo at codemadness dot org>.  OK
	  florian@ jmc@

2016-04-28 17:18  jsing

	* usr.sbin/httpd/server.c: Include the TLS configuration errors in
	  log messages. Also set the certificate and private key at the
	  same time.

2016-04-28 14:20  jsing

	* usr.sbin/httpd/: config.c, httpd.h: Simplify TLS configuration
	  handling. Instead of matching by address/port, match by
	  configuration ID. This also prevents a memory leak when there are
	  multiple certificates specified for the same server.

	  ok beck@

2016-04-24 21:06  jmc

	* usr.sbin/httpd/httpd.conf.5: new sentence, new line;

2016-04-24 20:12  chrisz

	* usr.sbin/httpd/httpd.conf.5: Document CGI variables. Work done by
	  Tim Baumgard <openbsd@bmgrd.com> I clarified DOCUMENT_URI and
	  SCRIPT_NAME.

	  ok florian@

2016-04-24 20:09  chrisz

	* usr.sbin/httpd/server_fcgi.c: Always pass QUERY_STRING variable.
	  According to the RFC it is empty when no query string was found.
	  From Tim Baumgard <openbsd@bmgrd.com>o

	  ok florian@

2016-04-20 12:48  jmc

	* usr.sbin/httpd/httpd.conf.5: from tim baumgard: a location
	  section may not include hsts; to that, i've added alias and tls

	  no feedback on this diff, so let's hope i'm right/.

2016-04-19 16:22  jsing

	* usr.sbin/httpd/server.c: Use log_warnx() instead of log_warn()
	  when the failure will not have resulted in errno being set.

	  ok reyk@

2016-03-08 09:33  florian

	* usr.sbin/httpd/: server_file.c, server_http.c: Set content
	  charset for auto index generated page.  Pointed out and diff by
	  dhill, thanks! Tweaks and same change for error documents by me.

2016-02-14 18:20  semarie

	* usr.sbin/httpd/patterns.c: httpd patterns double free

	  issue and diff from Alexander Schrijver alex at flupzor nl

	  ok reyk@

2016-02-11 19:30  tim

	* usr.sbin/httpd/server_http.c: Back out previous; requested by
	  jung@

2016-02-11 16:14  tim

	* usr.sbin/httpd/server_http.c: Include the server port number in
	  the common and combined logs. This is useful to distinguish
	  between http and https requests.

	  OK florian@ reyk@ a while ago

2016-02-02 17:51  sthen

	* usr.sbin/httpd/httpd.c: Remove setproctitle() for the parent
	  process. Because rc.d(8) uses process titles (including flags) to
	  distinguish between daemons, this makes it possible to manage
	  multiple copies of a daemon using the normal infrastructure by
	  symlinking rc.d scripts to a new name. ok jung@ ajacoutot@, smtpd
	  ok gilles@

2015-12-12 19:59  mmcc

	* usr.sbin/httpd/patterns.h: Remove a needless inclusion of
	  sys/cdefs.h. Inspired by reyk's recent commit doing the same.

2015-12-07 20:30  mmcc

	* usr.sbin/httpd/server_http.c: No need to check for NULL before
	  free().

2015-12-07 16:05  reyk

	* usr.sbin/httpd/proc.c: Add imsg "peerid" to debug messages (only
	  within -DDEBUG).

2015-12-07 12:13  reyk

	* usr.sbin/httpd/log.c: sync with vmd

2015-12-05 13:15  claudio

	* usr.sbin/httpd/: control.c, proc.c: EAGAIN handling for
	  imsg_read. OK henning@ benno@

2015-12-03 11:46  reyk

	* usr.sbin/httpd/: httpd.c, server_http.c: Remove unnecessary NULL
	  checks before free().

	  From Jan Schreiber

2015-12-03 07:01  deraadt

	* usr.sbin/httpd/httpd.c: the grammar can prompt DNS lookups, so
	  pledge "dns" also.  from Gregor Best, discussed with florian

2015-12-02 15:13  reyk

	* usr.sbin/httpd/: config.c, httpd.c, httpd.h, logger.c, proc.c,
	  server.c: sync with relayd, use proc_compose()

2015-11-23 20:56  reyk

	* usr.sbin/httpd/: control.c, httpd.c, httpd.h, proc.c, server.c,
	  server_fcgi.c: Retire socket_set_blockmode() in favor of the
	  SOCK_NONBLOCK type flag.  As done in iked and snmpd.

	  OK jung@

2015-11-23 16:43  reyk

	* usr.sbin/httpd/proc.c: Sync proc.c with iked.

2015-11-22 13:27  reyk

	* usr.sbin/httpd/: httpd.c, httpd.h, log.c, parse.y, proc.c: Update
	  log.c: change fatal() and fatalx() into variadic functions,
	  include the process name, and replace all calls of fatal*(NULL)
	  with fatal(__func__) for better debugging.

	  OK benno@

2015-11-21 13:46  reyk

	* usr.sbin/httpd/log.c: Once again, fix the license text.  After
	  many years, we just cannot get rid of the "LOSS OF MIND" joke.
	  Haha.  We keep on removing it and it shows up again because it
	  accidentally gets synced from somewhere else.  bgpd and ospfd
	  don't have it anymore, but their offsprings still carry it. If
	  you see it, remove it, and, in the OpenBSD ISC case, use the
	  original text from /usr/share/misc/license.template.	All authors
	  agree.

2015-11-21 12:40  reyk

	* usr.sbin/httpd/: httpd.c, httpd.h, log.c: Move local logging
	  functions into httpd.c, and sync log.c with relayd - both daemons
	  are now sharing the same file.  No functional changes.

2015-11-19 21:32  mmcc

	* usr.sbin/httpd/httpd.c: Simplify all instances of get_string()
	  and get_data() using malloc() and strndup().

	  ok millert@

2015-11-05 20:07  florian

	* usr.bin/htpasswd/htpasswd.c: Make our initial pledge stricter
	  once we figured out in which mode we are running.  In batch mode
	  we are only reading from stdin and writing to stdout.  If no file
	  is specified we are reading from stdin, writing to stdout and
	  need to control the tty for readpassphrase.  OK deraadt@ on an
	  earlier version some time ago.

2015-11-05 18:00  florian

	* usr.sbin/httpd/: httpd.c, logger.c, server.c: pledge(2) for
	  httpd.

	  1) The main process listens on sockets and accepts connections.
	  It creates and opens log files, creates and kills child
	  processes. On start up and on receiving a HUP signal it parses
	  the configuration. It passes on file descriptors for logging or
	  requests to it's children.  2) The logger process writes log
	  messages to a file descriptor passed in from the main process.
	  3) The server process reads the request from a file descriptor
	  passed in from the main process. It reads a file or creates a
	  directory index to send a response.  Additionally this process
	  handles fastcgi requests. It connects to AF_UNIX, AF_INET or
	  AF_INET6 sockets. A re-factoring might make it possible to drop
	  the additional fastcgi privileges when only static files are
	  served.

	  with deraadt@ some time ago prodding & OK deraadt@ tweaks and OK
	  reyk@

2015-10-31 10:10  jung

	* usr.sbin/httpd/httpd.c: revert -r1.42 as it breaks slowcgi and
	  php-fpm setups as reported by jturner

2015-10-28 15:50  mmcc

	* usr.sbin/httpd/httpd.c: Remove a few more NULL-checks before
	  free.

2015-10-28 15:45  mmcc

	* usr.sbin/httpd/httpd.c: While I'm in here, drop a NULL-check
	  before free.

2015-10-26 11:03  jung

	* usr.sbin/httpd/httpd.c: fix PATH_INFO for / requests

	  diff from Denis Fondras

	  ok reyk

2015-10-16 13:37  millert

	* usr.bin/htpasswd/htpasswd.c: Implement real "flock" request and
	  add it to userland programs that use pledge and file locking.  OK
	  deraadt@

2015-10-14 08:02  reyk

	* usr.sbin/httpd/httpd.c: Two more char -> unsigned char in ctype
	  functions.

2015-10-13 08:33  sunil

	* usr.sbin/httpd/server_http.c: Plug a leak.

	  Ok gilles@, reyk@

2015-10-13 07:57  reyk

	* usr.sbin/httpd/: httpd.c, server_http.c: Pass unsigned chars to
	  ctype functions.

	  From Michael McConville

2015-10-09 01:37  deraadt

	* usr.bin/htpasswd/htpasswd.c: Change all tame callers to
	  namechange to pledge(2).

2015-10-08 09:40  jsg

	* usr.sbin/httpd/server_fcgi.c: fix an fd leak if socket connection
	  fails; from Carlin Bingham ok reyk@

2015-10-08 09:32  jsg

	* usr.sbin/httpd/server_fcgi.c: fix a typo; from Carlin Bingham

2015-10-07 06:44  deraadt

	* usr.bin/htpasswd/htpasswd.c: tame "stdio rpath wpath cpath
	  tmppath tty".  "tty" is the important part here, permitting use
	  of readpassphrase()

2015-09-13 15:33  guenther

	* lib/libc/crypt/: bcrypt.c, cryptutil.c: Wrap <pwd.h> so that
	  calls go direct and the symbols are all weak.  Hide
	  bcrypt_autorounds(), prefixing with an underbar for static
	  builds.

2015-09-13 12:42  millert

	* lib/libc/crypt/bcrypt.c: The number of rounds is just two digits
	  in the salt.	We've already verified that they are there via
	  isdigit() so we can convert from ASCII to an int without using
	  atoi().  OK guenther@ deraadt@

2015-09-13 11:32  guenther

	* lib/libc/gen/vis.c: Wrap <vis.h> so that calls go direct and the
	  symbols are all weak

2015-09-12 14:56  guenther

	* lib/libc/crypt/cryptutil.c: Wrap <unistd.h> so that internal
	  calls go direct and they're all weak symbols Delete unused 'fd'
	  argument from internal function oldttyname()

2015-09-11 13:21  jsing

	* usr.sbin/httpd/server.c: Fix server_handshake_tls() - we should
	  only call server_input() in the case where the handshake has
	  successfully completed.

	  ok beck@

2015-09-11 09:18  guenther

	* lib/libc/crypt/blowfish.c: Wrap blowfish, sha*, md5, and rmd160
	  so that internal calls go direct

	  ok deraadt@

2015-09-10 13:53  beck

	* usr.sbin/httpd/server.c: fix return type for tls_read/write
	  jointly with jsing@

2015-09-10 10:42  beck

	* usr.sbin/httpd/server.c: fix after libtls api changes ok jsing@

2015-09-10 10:15  jsing

	* usr.sbin/httpd/server.c: Update httpd to call tls_handshake()
	  after tls_accept_socket().

	  ok beck@

2015-09-07 14:46  reyk

	* usr.sbin/httpd/: httpd.h, server.c, server_http.c: Fix a
	  regression that was introduced with server.c r1.64: Do NOT free
	  srv_conf->auth in serverconfig_free() because it was not
	  allocated in config_getserver() but assigned as a reference by id
	  from a global list that is maintained independently.	This fixes
	  a potential double-free.  This fix also makes srv_conf->auth
	  "const" to emphasize that the read-only auth pointer was not
	  allocated here.

	  OK jsing@

2015-08-21 07:30  reyk

	* usr.sbin/httpd/server_http.c: The WebDAV MOVE method was not
	  included in the switch statement handling the HTTP methods in
	  server_http.c which resulted in a 405 method not allowed error
	  when trying to use it.

	  Fix by jaminh on github

2015-08-20 22:39  deraadt

	* usr.sbin/httpd/parse.y: stdlib.h is in scope; do not cast
	  malloc/calloc/realloc* ok millert krw

2015-08-20 13:00  reyk

	* usr.sbin/httpd/: config.c, httpd.c, httpd.h, log.c, logger.c,
	  parse.y, proc.c, server.c, server_fcgi.c, server_http.c: Change
	  httpd(8) to use C99-style fixed-width integers (uintN_t instead
	  of u_intN_t) and replace u_int with unsigned int.  Mixing both
	  variants is a bad style and most contributors seem to prefer this
	  style; it also helps us to get used to it, portability, and
	  standardization.

	  Theoretically no binary change, except one in practice: httpd.o
	  has a different checksum because gcc with -O2 pads/optimizes
	  "struct privsep" differently when using "unsigned int" instead
	  "u_int" for the affected members.  "u_int" is just a typedef of
	  "unsigned int", -O0 doesn't build the difference and clang with
	  -O2 doesn't do it either - it is just another curiosity from
	  gcc-land.

	  OK semarie@

2015-08-19 21:26  reyk

	* usr.sbin/httpd/parse.y: spacing

2015-08-18 08:26  reyk

	* usr.sbin/httpd/patterns.c: str_match() checked the return value
	  of str_find_aux() incorrectly: it might return a negative number;
	  the return value of match_error() which returns (-1). This was
	  technically a bug, and it exists in 5.8, but there is no impact
	  because the error is correctly catched with the returned non-NULL
	  error string.

	  Found by Leandro Pereira

2015-08-03 11:45  florian

	* usr.sbin/httpd/: httpd.h, server.c, server_fcgi.c, server_file.c:
	  Fix rev 1.70 of server.c by only re-enabling the bufferevent if
	  we previously disabled it because we were reading to fast (from
	  disk).  Problem noted and tracked down to that commit by weerd@
	  and independently by stsp@.  Tested by weerd@, stsp@, reyk@ OK
	  bluhm@, reyk@

2015-07-31 00:10  benno

	* usr.sbin/httpd/: httpd.h, server_fcgi.c, server_http.c: repair
	  hsts header output, wrong format strings caused broken
	  Strict-Transport-Security headers. Add __format__ attribute to
	  kv_set() and kv_setkey() to make it easier to spot such problems.

	  Found by and fix from Donovan Watteau <tsoomi -AT- gmail -DOT-
	  com>, thanks for your help.

	  ok deraadt@

2015-07-29 22:03  reyk

	* usr.sbin/httpd/: httpd.h, server.c, server_fcgi.c, server_http.c:
	  backout the previous:  it broke wordpress somehow.  we need more
	  care to find a proper fix for the fastcgi headers.

	  acknowledged by deraadt@

2015-07-29 20:03  florian

	* usr.sbin/httpd/: httpd.h, server.c, server_fcgi.c, server_http.c:
	  Read fcgi response records until we have the whole http header
	  and can parse it. Otherwise http headers can leak into the body.
	  Pointed out by Jean-Philippe Ouellet on bugs@ Thanks! OK reyk,
	  commit ASAP deraadt@

2015-07-28 10:13  florian

	* usr.sbin/httpd/server_fcgi.c: add HSTS to fcgi responses OK reyk

2015-07-23 22:19  tedu

	* lib/libc/crypt/cryptutil.c: permit "bcrypt" as an alias for
	  "blowfish". this is, after all, what 99% of the world calls it.
	  allow just "bcrypt" without params to mean auto-tune
	  ("bcrypt,a").  default remains 8 rounds (for now) ok deraadt

2015-07-23 09:36  semarie

	* usr.sbin/httpd/server_http.c: The realm in authenticate directive
	  of config file isn't escaped for '"' char.  The diff corrects
	  this problem by using VIS_DQ.

	  ok reyk@ florian@

2015-07-20 11:38  semarie

	* usr.sbin/httpd/server_file.c: ensure http_path is escaped before
	  using it in Location redirection.

	  OK reyk@

2015-07-20 01:52  millert

	* lib/libc/gen/vis.c: Add VIS_DQ to escape double quotes.  OK
	  deraadt@ semarie@ reyk@

2015-07-19 16:34  blambert

	* usr.sbin/httpd/server_fcgi.c: handle error returns from
	  bufferevent_write()

	  ok florian@

2015-07-19 05:17  reyk

	* usr.sbin/httpd/: config.c, httpd.conf.5, httpd.h, parse.y,
	  server_http.c: For the completeness of HSTS, add the non-standard
	  preload option.

	  OK florian@

2015-07-18 22:42  blambert

	* usr.sbin/httpd/server_fcgi.c: remove XXX and handle error return
	  from evbuffer_add()

	  ok florian@

2015-07-18 22:19  reyk

	* usr.sbin/httpd/: httpd.h, server.c: libtls has been changed to
	  set SSL_MODE_ENABLE_PARTIAL_WRITE and
	  SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER by default.  This gives
	  tls_write() a similar short write semantics as write(2) and a
	  workaround in httpd to cope with the previous differences can be
	  removed.  Specifically, httpd can stop copying data into a local
	  buffer that was used to keep it around for repeated writes.

	  OK bluhm@

2015-07-18 19:17  benno

	* regress/usr.sbin/httpd/tests/funcs.pl: whitespace, no functional
	  change

2015-07-18 16:42  blambert

	* usr.sbin/httpd/server_fcgi.c: treat asprintf failure in
	  REQUEST_URI case as a fatal error

	  ok florian@

2015-07-18 14:36  kili

	* usr.sbin/httpd/server_file.c: Fix check against NULL which was
	  reverted by accident in r1.56.

	  ok reyk@

2015-07-18 09:29  jmc

	* usr.sbin/httpd/httpd.conf.5: tweak previous;

2015-07-18 06:00  reyk

	* usr.sbin/httpd/: config.c, httpd.c, httpd.conf.5, httpd.h,
	  parse.y, server_file.c, server_http.c: Allow to change the
	  default media type globally or per-location, eg. default type
	  text/html.

	  OK florian@

2015-07-18 05:41  florian

	* usr.sbin/httpd/: config.c, httpd.conf.5, httpd.h, parse.y,
	  server_http.c: Implement HTTP Strict Transport Security (HSTS).
	  Input & OK reyk

2015-07-18 00:56  tedu

	* lib/libc/crypt/bcrypt.c: standards compliant error return (null).
	  will make ruby happier, at least.  ok deraadt jeremy

2015-07-17 21:53  reyk

	* usr.sbin/httpd/server_file.c: Adjust server_file_modified_since()
	  to our style.  Please keep httpd clean.

2015-07-17 20:44  reyk

	* usr.sbin/httpd/server_fcgi.c: According to RFC 3875 PATH_INFO
	  should either contain a full path or be empty ("").  It was not
	  set at all when there is nothing to set which caused problems
	  with some FastCGI applications (like Flask/Python through uWSGI).

	  From hrkfdn via github

2015-07-16 19:05  reyk

	* usr.sbin/httpd/: parse.y, server_file.c, server_http.c: spacing

2015-07-16 18:57  reyk

	* regress/usr.sbin/httpd/tests/args-tls-get-1073741824.pl: Add
	  gigabit test over tls

2015-07-16 18:50  reyk

	* regress/usr.sbin/httpd/tests/funcs.pl: Print the received
	  percentage in client.log instead of dots.  This makes it nicer
	  when waiting for large test files.

2015-07-16 18:18  reyk

	* regress/usr.sbin/httpd/tests/funcs.pl: Use sysread instead of
	  <STDIN> for the stream.

2015-07-16 17:00  reyk

	* regress/usr.sbin/httpd/tests/Makefile: Fix non-sparse mode

2015-07-16 16:43  reyk

	* regress/usr.sbin/httpd/tests/args-get-512.pl: Add another test
	  for small packets

2015-07-16 16:38  reyk

	* regress/usr.sbin/httpd/tests/funcs.pl: Remove my copyright here

2015-07-16 16:35  reyk

	* regress/usr.sbin/httpd/: Makefile, tests/Client.pm,
	  tests/Httpd.pm, tests/LICENSE, tests/Makefile, tests/Proc.pm,
	  tests/README, tests/args-default.pl, tests/args-get-1048576.pl,
	  tests/args-get-1073741824.pl, tests/args-get-slash.pl,
	  tests/args-log-user-agent.pl, tests/args-tls.pl, tests/funcs.pl,
	  tests/httpd.pl: Add httpd regression tests based on bluhm's
	  regression suite for relayd - "bluhm test".  This is just the
	  initial version, more tests and changes will be done.

	  As discussed with bluhm@ florian@

2015-07-16 16:29  florian

	* usr.sbin/httpd/: httpd.h, server.c: If we can read faster from
	  disk than send data to the client stop reading from disk when we
	  hold a certain amount of data in RAM. Re-enable reading once we
	  send enough data to the client. Otherwise we might end up with
	  the whole file (which can be huge) in RAM.  Reported by Matthew
	  Martin ( matt.a.martin AT gmail ) on bugs@, thanks! OK reyk@,
	  benno@

2015-07-16 04:46  reyk

	* usr.sbin/httpd/httpd.h: VIS_QUOTE is not there yet, unbreak the
	  tree. Noticed by semarie@

2015-07-15 23:16  reyk

	* usr.sbin/httpd/: httpd.h, server.c, server_http.c: Escape the
	  message in server_log() as well.

	  OK benno@

2015-07-15 22:23  reyk

	* usr.sbin/httpd/server_http.c: For some values like the
	  User-Agent, use vis(3) instead of url_encode().  This makes the
	  output more readable and matches Apache's log encoding.

	  OK sthen@ brynet@

2015-07-15 17:52  reyk

	* usr.sbin/httpd/server_http.c: Simplify the error path of the
	  previous commit: by using ret = -1 by default and only setting it
	  to 0 on success, we don't have to set it in each error case.
	  While here, also remove two superfluous NULL checks (as pointed
	  out by semarie).

	  OK semarie@

2015-07-15 17:29  jsing

	* usr.sbin/httpd/server.c: Close connections that fail to complete
	  a TLS handshake.

	  Based on a diff from Jack Burton <jack at saosce dot com dot au>.

	  ok reyk@

2015-07-15 17:14  jsing

	* usr.sbin/httpd/parse.y: Unbreak configurations that have a
	  non-TLS listen statement followed by a TLS listen statement. A
	  bug was introduced in r1.68 of parse.y, which results in flags
	  being directly copied from the parent, meaning that the TLS flag
	  for the second server gets lost.

	  ok reyk@

2015-07-15 17:11  jsing

	* usr.sbin/httpd/server.c: Fix typo in comment.

2015-07-15 17:10  jsing

	* usr.sbin/httpd/httpd.conf.5: Document default locations for TLS
	  certificate and key.

	  ok reyk@

2015-07-15 16:02  semarie

	* usr.sbin/httpd/server_http.c: httpd don't sanitize variables
	  before putting them in logs. It is possible for an attacker to
	  push arbitaries characters in logs (newline for forging entries,
	  or some control escaping interpreted by terminal emulator).

	  OK reyk@

2015-07-15 16:00  jsing

	* usr.sbin/httpd/: config.c, httpd.h, server.c: Send the TLS
	  certificate and key via separate imsgs, rather than including
	  them in the IMSG_CFG_SERVER imsg. This allows the certificate and
	  key to each be almost 16KB (the maximum size for an imsg), rather
	  than having a combined total of less than 16KB (which can be
	  reached with large keys, certificate bundles or by including text
	  versions of certificates).

	  ok reyk@

2015-07-15 14:49  jsing

	* usr.sbin/httpd/server.c: Explicitly check for and handle EOF on a
	  TLS connection.

	  ok reyk@

2015-07-15 14:39  jsing

	* usr.sbin/httpd/: config.c, server.c: Fix memory leaks that can
	  occur when config_getserver() fails.

	  config.c r1.34 and r1.30 introduced potential memory leaks for
	  auth and return_uri when config_getserver fails. Fix this by
	  switching to serverconfig_free() and adding the missing free for
	  srv_conf->auth.  While here, make serverconfig_free() a little
	  more bulletproof by explicit_bzero()ing key material.

	  ok reyk@

2015-06-30 19:01  jmc

	* usr.sbin/httpd/patterns.7: new sentence, new line; my apologies
	  to semarie for not pointing this out when he asked for an ok...

2015-06-30 08:28  semarie

	* usr.sbin/httpd/patterns.7: Add a small paragraph about some
	  difference with Lua implementation.  Suggestion from Theo
	  Buehler.

	  OK jmc@ reyk@

2015-06-27 04:22  semarie

	* usr.sbin/httpd/patterns.7: Corrects the manpage for patterns(7):
	  the indexing for empty capture follow C-style (starting from 0)
	  and not the Lua-style (starting from 1).

	  Patch from Theo Buehler.

	  OK reyk@

2015-06-26 17:26  semarie

	* usr.sbin/httpd/patterns.h: move #include inside #ifndef
	  PATTERNS_H

	  OK reyk@

2015-06-26 10:09  semarie

	* regress/usr.sbin/httpd/patterns/test-patterns.out: change
	  test-patterns.out in order to reflect the error message change in
	  patterns.c

2015-06-26 10:07  semarie

	* usr.sbin/httpd/patterns.c: Corrects some minors nits. Patch from
	  Theo Buehler.

	  - cleanup in included headers (removing unsed assert.h, and
	  reorder) - one remaining '%%' in an error string corrected in '%'

	  while here, add sys/types.h for off_t type.

	  OK reyk@

2015-06-23 19:33  reyk

	* regress/usr.sbin/httpd/patterns/: Makefile,
	  test-patterns-lua.out: Fix the optional lua patterns test with
	  obj and different versions.

2015-06-23 18:03  semarie

	* regress/usr.sbin/httpd/: Makefile, patterns/Makefile,
	  patterns/patterns-tester.c, patterns/patterns-tester.lua,
	  patterns/test-patterns-lua.out, patterns/test-patterns.in,
	  patterns/test-patterns.out: add regress tests for httpd

	  - this testsuite covers patterns

2015-06-23 17:29  jmc

	* usr.sbin/httpd/: httpd.conf.5, patterns.7: various tweaks;

2015-06-23 17:25  semarie

	* usr.sbin/httpd/server_http.c: escape the matched substrings
	  before using it in expansion.

	  ok reyk@

2015-06-23 15:35  semarie

	* usr.sbin/httpd/patterns.c: remove a deprecated character class.

	  it was deprecated in lua code, but here the code is new. The
	  documentation don't mention it either.

	  ok reyk@

2015-06-23 15:23  reyk

	* usr.sbin/httpd/: Makefile, httpd.conf.5, httpd.h, parse.y,
	  patterns.7, patterns.c, patterns.h, server_http.c: Add initial
	  support for pattern matching using Lua's pattern matching code.

	  With important help on the pattern matcher from semarie@

	  OK semarie@

2015-06-22 11:46  reyk

	* usr.sbin/httpd/server_http.c: After the last change, we also have
	  to url_encode $SERVER_NAME and $REMOTE_USER before using them in
	  the Location.

	  From Sebastien Marie (semarie)

2015-06-21 13:08  reyk

	* usr.sbin/httpd/server_http.c: When encoding the Location url,
	  only encode the query and path elements from the user input and
	  not the constants from the configuration.  This makes it possible
	  to specify chars like '?' in the uri.

	  OK Sebastien Marie

2015-06-11 18:49  reyk

	* usr.sbin/httpd/http.h: Use "compliant" header guards by avoiding
	  the reserved '_' namespace.

	  Pointed out by Markus Elfring

	  OK mikeb@ millert@

2015-06-09 08:50  jung

	* usr.sbin/httpd/server_fcgi.c: plug fd leak found by Todd Mortimer

	  ok claudio deraadt florian

2015-06-03 02:24  millert

	* usr.sbin/httpd/httpd.c: Do not assume that asprintf() clears the
	  pointer on failure, which is non-portable.  Also add missing
	  asprintf() return value checks.  OK deraadt@ guenther@ doug@

2015-05-28 19:29  jmc

	* usr.sbin/httpd/httpd.conf.5: use "uri"; from yegor timoschenko

2015-05-28 17:08  florian

	* usr.sbin/httpd/: control.c, httpd.c: Do not try to unlink the
	  control socket in an unprivileged child process on shutdown.
	  Found while working on tame(2).  OK benno@

2015-05-20 09:28  kettenis

	* usr.sbin/httpd/: httpd.h, server_http.c: Use off_t instead of
	  size_t to pass file size and print it using %lld when
	  constructing the Content-Length header field.  Should fix some,
	  but probably not all, problems with serving files bigger than 2G
	  on 32-bit architectures.

	  ok reyk@, florian@

2015-05-19 18:16  sobrado

	* usr.sbin/httpd/httpd.conf.5: better spacing in media types.

	  ok reyk@

2015-05-19 18:12  sobrado

	* usr.sbin/httpd/httpd.conf.5: sort media type extensions for
	  text/html and image/jpeg as given in /usr/share/misc/mime.types;
	  do not include shtml as it is for Server Side Includes (SSI) --
	  we will never do SSI.

	  joint work with reyk@

	  ok reyk@

2015-05-19 18:03  sobrado

	* usr.sbin/httpd/httpd.conf.5: drop comment about being possible to
	  include /etc/nginx/mime.types, we do not have to care about nginx
	  anymore.

	  ok jmc@ (who thinks previously suggested removing it), and reyk@

2015-05-05 11:10  florian

	* usr.sbin/httpd/server_file.c: Implement If-Modified-Since.  From
	  Kyle Thompson <jmp AT giga DOT moe>.	Tweaks by me.  OK benno@

2015-05-03 18:39  florian

	* usr.sbin/httpd/: server_file.c, server_http.c: Implement byte
	  ranges.  From Sunil Nimmagadda <sunil At nimmagadda DOT net> OK
	  benno@

2015-04-30 22:18  sthen

	* usr.sbin/httpd/: server.c: MFC
	  usr.sbin/httpd/server.c:1.62->1.63, req by florian@

	  We cannot log errors with server_close() before allocating
	  clt_log evbuffer.  server_close() calls server_log() which uses
	  ctl_log.  Crash reported by Daniel Jakots <vigdis AT chown DOT
	  me>, thanks! OK benno

2015-04-25 14:40  florian

	* usr.sbin/httpd/server_file.c: Prepend files or directories
	  containing ":" with "./" in directory indexes as per RFC 3986: A
	  path segment that contains a colon character (e.g., "this:that")
	  cannot be used as the first segment of a relative-path reference,
	  as it would be mistaken for a scheme name.  Such a segment must
	  be preceded by a dot-segment (e.g., "./this:that") to make a
	  relative- path reference.

	  While here add a "/" to the end of directory names, this saves us
	  one redirect round trip.

	  Found the hard way & "functionality wise, OK" ajacoutot@ RFC
	  pointer & OK benno@

2015-04-23 16:59  florian

	* usr.sbin/httpd/server.c: We cannot log errors with server_close()
	  before allocating clt_log evbuffer.  server_close() calls
	  server_log() which uses ctl_log.  Crash reported by Daniel Jakots
	  <vigdis AT chown DOT me>, thanks! OK benno

2015-04-18 09:27  jsg

	* usr.sbin/httpd/server_http.c: Regis Leroy reported that httpd
	  does not strictly accept CRLF for newlines which could lead to
	  http response splitting/smuggling if a badly behaved proxy is in
	  front of httpd.

	  Switch from evbuffer_readline() to evbuffer_readln() with
	  EVBUFFER_EOL_CRLF_STRICT to avoid this.

	  ok florian@

2015-04-11 14:52  jsing

	* usr.sbin/httpd/: config.c, logger.c, server.c: Always check the
	  return value of proc_composev_imsg() and handle failures
	  appropriately. Otherwise imsg construction can silently fail,
	  resulting in non-obvious problems.

	  Found the hard way by Theodore Wynnychenko.

	  ok doug@ florian@

2015-04-09 16:48  florian

	* usr.sbin/httpd/server_http.c: Revert previous as this breaks
	  stuff.  I fscked up the testing, sorry! Found the hard way by
	  jsg@

2015-04-08 19:39  florian

	* usr.sbin/httpd/server_http.c: Do not silently accept multiple
	  Content-Length headers.  Pointed out by Regis Leroy (regis.leroy
	  AT makina-corpus DOT com), thanks! Tweak and OK reyk@

2015-04-01 04:51  jsg

	* usr.sbin/httpd/parse.y: Zero the tls cert/key length variables
	  when inheriting a server configuration for multiple listen
	  statements in a server block.  Otherwise httpd will crash when a
	  listen statement with tls is followed by a listen statement
	  without tls.

	  Problem reported by Kent Fritz on misc.

	  ok jsing@ looks good deraadt@

2015-03-26 19:16  jmc

	* usr.sbin/httpd/: httpd.8, httpd.conf.5: pointers to slowcgi(8);
	  from alexei malinin

2015-03-26 09:01  florian

	* usr.sbin/httpd/server_fcgi.c: Allow more characters in CGI
	  environment variables as specified by RFC 7230 and RFC 3875.
	  sthen@ suggested to add a comment to explain where the list of
	  characters is coming from.  Found the hard way and initial diff
	  from Tim van der Molen (tbvdm at xs4all), thanks! Some more
	  allowed characters added by me.  OK sthen@

2015-03-15 22:08  florian

	* usr.sbin/httpd/: httpd.h, server.c: Prevent use after free.
	  While here unconditionally free clt and move declaration of
	  server_inflight_dec() into server.c Found while investigating if
	  (foo != NULL) free(foo) patterns pointed out by Markus Elfring.
	  OK reyk

2015-03-11 21:52  reyk

	* usr.sbin/httpd/httpd.conf.5: Wrap long line.	This is another
	  airplane commit from an 747-8 somewhere over Siberia and I think
	  I'm just getting into minor turbulences.

2015-03-09 15:51  reyk

	* usr.sbin/httpd/httpd.conf.5: Document the TLSv1.2-only change.

	  Figured out sthen@

2015-03-09 15:46  reyk

	* usr.sbin/httpd/parse.y: Make httpd TLSv1.2-only by default.  Some
	  older browsers, like IE 10, will be incompatible with this
	  change.  We do this early in the release cycle, so there is a
	  good chance to get more experience with the impact of it and the
	  upcoming restricted cipher modes.

	  OK jsing@ deraadt@ benno@ bmercer@ krw@ florian@

2015-03-06 05:10  reyk

	* usr.sbin/httpd/httpd.conf.5: Fix minor manpage bug: it is a
	  server, not a relay.

	  OK deraadt@

2015-02-24 19:19  tedu

	* lib/libc/crypt/cryptutil.c: Set errno to EINVAL, instead of
	  letting ERANGE escape out.  Printing strerror() in that case will
	  say result too large, even if rounds is actually too small.
	  invalid is less specific, but less incorrect.  ok millert

2015-02-24 07:56  bentley

	* usr.sbin/httpd/httpd.8: Mark up filenames with Pa.

	  ok reyk@

2015-02-23 19:22  chrisz

	* usr.sbin/httpd/server_fcgi.c: Use the rewritten (index file
	  appended) uri as DOCUMENT_URI.

	  OK florian@

2015-02-23 18:43  reyk

	* usr.sbin/httpd/: httpd.c, httpd.conf.5, httpd.h, server_http.c:
	  Allow to specify CGI variables as macros in redirection strings,
	  eg.  block return 301 "http://www.example.com/$REQUEST_URI"

	  OK tedu@ florian@

2015-02-23 11:48  reyk

	* usr.sbin/httpd/config.c: Fix an issues that was found by halex@:
	  we didn't set the return_uri in non-location virtual hosts.  Add
	  comments clarify the variable-length values.

	  OK halex@

2015-02-23 10:39  reyk

	* usr.sbin/httpd/Makefile: Add -O0 to the DEBUG example.  Figured
	  out while analysing core dumps with halex@.  No binary change -
	  it is commented out.

2015-02-23 09:52  reyk

	* usr.sbin/httpd/server.c: Add return_uri to serverconfig_reset()
	  to avoid using garbage from the imsg buffer.

	  Debugging & OK halex@

2015-02-19 09:19  florian

	* usr.sbin/httpd/httpd.conf.5: Typo.  From Navan Carson, thanks!

2015-02-15 13:43  jsing

	* usr.sbin/httpd/httpd.conf.5: Document the tls protocols option.

2015-02-12 10:05  reyk

	* usr.sbin/httpd/: httpd.c, httpd.h, server_file.c: Rename
	  escape_uri() to url_encode() because it is the opposite of
	  url_decode().  No functional change.

2015-02-12 04:40  jsing

	* usr.sbin/httpd/: httpd.h, parse.y, server.c: Allow TLS protocols
	  to be specified via a "tls protocols" configuration option.

	  ok reyk@

2015-02-12 04:23  jsing

	* usr.sbin/httpd/server.c: Change TLS_PROTOCOLS_DEFAULT to be
	  TLSv1.2 only. Add a TLS_PROTOCOLS_ALL that includes all currently
	  supported protocols (TLSv1.0, TLSv1.1 and TLSv1.2). Change all
	  users of libtls to use TLS_PROTOCOLS_ALL so that they maintain
	  existing behaviour.

	  Discussed with tedu@ and reyk@.

2015-02-11 12:52  florian

	* usr.sbin/httpd/http.h: More http status codes.  OK benno@, reyk@

2015-02-10 08:12  florian

	* usr.sbin/httpd/: httpd.c, httpd.h, server_file.c: Encode
	  directory listings.  Problem pointed out by remco AT
	  d-compu.dyndns.org some time ago.  Input / OK reyk@

2015-02-08 23:40  deraadt

	* usr.bin/htpasswd/htpasswd.c: in getopt() blocks, stop
	  incrementing flag variable which are supposed to just be 0/1 ok
	  miod florian

2015-02-08 04:50  reyk

	* usr.sbin/httpd/parse.y: Use AI_ADDRCONFIG when resolv hosts on
	  startup.

	  OK henning@

2015-02-07 23:59  reyk

	* usr.sbin/httpd/: server_http.c, httpd.c, logger.c, parse.y,
	  server_file.c: spacing

2015-02-07 23:56  reyk

	* usr.sbin/httpd/: config.c, httpd.h, server.c: Remove
	  server_load_file() in favor of tls_load_file(3)

2015-02-07 08:12  jmc

	* usr.sbin/httpd/httpd.conf.5: double word fix;

2015-02-07 06:46  jsing

	* usr.sbin/httpd/httpd.conf.5: Document tls dhe and tls ecdhe
	  options.

2015-02-07 06:26  jsing

	* usr.sbin/httpd/: httpd.h, parse.y, server.c: Add httpd
	  configuration options to allow the specification of DHE
	  parameters and the ECDHE curve. This primarily allows for DHE
	  cipher suites to be enabled.

	  ok reyk@

2015-02-07 01:23  reyk

	* usr.sbin/httpd/: config.c, httpd.conf.5, httpd.h, parse.y,
	  server.c, server_http.c: Add support for blocking, dropping, and
	  redirecting requests.

	  OK florian@

2015-02-06 13:05  reyk

	* usr.sbin/httpd/: httpd.h, parse.y, server_http.c: Fix log options
	  in locations.

	  Reported and tested by Markus Bergkvist OK florian@

2015-02-05 10:47  reyk

	* usr.sbin/httpd/server_http.c: Fix potential NULL pointer
	  dereference.

2015-02-05 10:46  reyk

	* usr.sbin/httpd/config.c: Add missing error case to free allocated
	  server_config on failure.

2015-02-04 08:39  florian

	* etc/examples/httpd.conf: Typo From Michael (lesniewskister AT
	  gmail), thanks!

2015-01-29 08:52  reyk

	* usr.sbin/httpd/parse.y: Fix a regression that removed support for
	  using service names instead of ports.  It is now possible to use
	  "listen on * port www" again.

	  Found by ajacoutot@ OK ajacoutot@ blambert@

2015-01-28 23:33  tedu

	* lib/libc/crypt/bcrypt.c: dial the time back to about 0.1s, closer
	  to the original targets and friendlier for users. requested by
	  deraadt

2015-01-21 22:23  reyk

	* usr.sbin/httpd/: httpd.h, server_fcgi.c: Ooops, no need to
	  include sys/cdefs.h.

	  Pointed out by florian@

2015-01-21 22:21  reyk

	* usr.sbin/httpd/: config.c, control.c, httpd.c, httpd.h, log.c,
	  logger.c, parse.y, proc.c, server.c, server_fcgi.c,
	  server_file.c, server_http.c: httpd is based on relayd and had
	  included many headers that are only needed by its ancestor.
	  jsg@, include-what-you-use, and some manual review helped to
	  cleanup the headers (take iwyu with a grain of salt).  Based on
	  common practice, httpd.h now also includes the necessary headers
	  for itself.

	  OK florian@

2015-01-19 21:07  reyk

	* usr.sbin/httpd/: config.c, parse.y: No need to include pfvar.h,
	  another leftover from relayd.  It was also used for portrange
	  operators which weren't used in httpd.

	  OK florian@

2015-01-19 20:01  florian

	* usr.sbin/httpd/server_http.c: Log the remote user in the
	  access.log.  Pointed out by, tweak & OK reyk@

2015-01-19 20:00  florian

	* usr.sbin/httpd/: httpd.h, server_fcgi.c, server_http.c:
	  s/clt_fcgi_remote_user/clt_remote_user/ OK reyk@

2015-01-19 19:37  reyk

	* usr.sbin/httpd/: config.c, httpd.c, httpd.conf.5, httpd.h,
	  parse.y, server.c, server_fcgi.c, server_http.c: Decouple auth
	  parameters from struct server_config into struct auth.

	  OK florian@

2015-01-18 18:39  florian

	* usr.sbin/httpd/httpd.conf.5: tweak previous with help from jmc@

2015-01-18 14:01  florian

	* usr.sbin/httpd/: httpd.conf.5, httpd.h, parse.y, server_fcgi.c,
	  server_http.c: First stab at implementing basic auth.  Currently
	  the htpasswd file needs to be in the chroot; will hopefully
	  improved soonish.  Based on a diff from Oscar Linderholm many
	  months ago but turned into a complete rewrite.  input/OK reyk@

2015-01-16 06:40  deraadt

	* usr.sbin/httpd/: httpd.c, httpd.h, logger.c, parse.y, server.c,
	  server_fcgi.c, server_file.c, server_http.c: Replace
	  <sys/param.h> with <limits.h> and other less dirty headers where
	  possible.  Annotate <sys/param.h> lines with their current
	  reasons.  Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1,
	  LOGIN_NAME_MAX, etc.	Change MIN() and MAX() to local definitions
	  of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the
	  pollution.  These are the files confirmed through binary
	  verification.  ok guenther, millert, doug (helped with the
	  verification protocol)

2015-01-15 17:32  chl

	* lib/libc/crypt/cryptutil.c: remove unused variable

	  ok tedu@

2015-01-13 09:21  reyk

	* usr.sbin/httpd/: config.c, http.h, httpd.conf.5, httpd.h,
	  parse.y, server.c, server_file.c, server_http.c: bump copyright
	  year

2015-01-13 08:54  reyk

	* usr.sbin/httpd/server_fcgi.c: Abort if fcgi_chunked is not true
	  to avoid sending additional garbage after the response.

	  Found by Erik Lax

	  ok florian@

2015-01-12 03:20  tedu

	* lib/libc/crypt/bcrypt.c: rename blocks to words. bcrypt "blocks"
	  are unrelated to blowfish blocks, nor are they the same size.

2015-01-07 16:57  reyk

	* usr.sbin/httpd/http.h: SVG is common enough to add it to the
	  default types.

2015-01-07 16:05  tedu

	* lib/libc/crypt/bcrypt.c: stupid me. need errno.h

2015-01-07 15:46  tedu

	* lib/libc/crypt/bcrypt.c: set errno = EINVAL for invalid salts and
	  hashes in most functions.  remember to set EACCES in
	  bcrypt_checkpass for hash differences.  the higher level
	  crypt_checkpass function will reset errno to EACCES in all cases,
	  which is probably the right behavior, but this change gives code
	  working with the lower level functions the correct errno if they
	  care.

2015-01-07 11:04  reyk

	* usr.sbin/httpd/parse.y: Relax configuration list parsing to allow
	  multi-line blocks for tls, root, tcp etc.

	  Based on a diff from Nathanael Rensen.  OK florian@

2015-01-06 17:55  stsp

	* usr.sbin/httpd/server_file.c: Make httpd return "404 not found"
	  if an intermediate component of a requested file path does not
	  exist rather than returning "500 internal server error".  ok reyk

2015-01-06 17:48  reyk

	* usr.sbin/httpd/server_http.c: I missed one goto abort instead of
	  free(line).

	  Found by Fabian Raetz at gmail

2015-01-06 14:07  reyk

	* usr.sbin/httpd/: config.c, parse.y, server.c: Only open a socket
	  once for each unique "listen on" statement.  This prevents
	  running out of file descriptors when loading a configuration with
	  many aliases.

	  OK florian@

2015-01-06 13:48  reyk

	* usr.sbin/httpd/server_http.c: Instead of calling free(line) in
	  each error case, call it once in fail:.

	  From Fabian Raetz at gmail

2015-01-06 13:38  reyk

	* usr.sbin/httpd/server_http.c: Return "400 Bad Request" instead of
	  "500 Internal Server Error" for unknown/invalid HTTP requests.

	  From Fabian Raetz at gmail

2015-01-05 13:10  tedu

	* lib/libc/crypt/bcrypt.c: convert clock() to clock_gettime() for
	  improved precision (and accuracy?) guenther suggested using
	  thread time, which actually may improve accuracy if somebody puts
	  this in a threaded program.

2015-01-05 11:03  reyk

	* usr.sbin/httpd/httpd.conf.5: Be more specific: path is a
	  component of the URI/URL, so use "path" instead of "URI" or "URL"
	  when referring to it.

2015-01-04 22:23  chrisz

	* usr.sbin/httpd/: httpd.conf.5, httpd.h, parse.y, server_fcgi.c,
	  server_file.c, server_http.c: add new url stripping option:

	  strip number	  Strip number path components from the beginning
	  of the  request URI before looking up the stripped-down URI at
	  the document root.

	  reviewed with much patience and OK by reyk@

2015-01-03 23:54  reyk

	* usr.sbin/httpd/parse.y: Reset tls key and cert to NULL when
	  duplicating a server - avoids a possible double free in the error
	  path of the parser.

	  Found by + OK doug@

2015-01-03 16:20  reyk

	* usr.sbin/httpd/parse.y: Tweak previous - add a missing free in
	  the error path.

2015-01-03 15:49  reyk

	* usr.sbin/httpd/: config.c, httpd.conf.5, parse.y: Support alias
	  names and multiple listen statements per server block.  The
	  implementation is done in the parser by expanding each
	  alias/listen into an independent server configuration; this makes
	  it easier to handle internally without adding additional loops or
	  conditions.

	  OK florian@

2015-01-02 19:09  reyk

	* usr.sbin/httpd/httpd.h: Bump config flags field to 32bits.  Makes
	  room for future changes - but no functional change yet.

2015-01-01 14:15  reyk

	* usr.sbin/httpd/: server_file.c, server_http.c: Use the HTML5
	  doctype for error and auto index pages because it is shorter,
	  newer, and the recommendation.  From James Jerkins.

	  Exclude the charset for now because it is not explicitly handled
	  by httpd.

	  OK validator.w3.org (This document was successfully checked as
	  HTML5!)

2014-12-30 10:27  tedu

	* lib/libc/crypt/: bcrypt.c, cryptutil.c: copy bcrypt autotune from
	  encrypt(1) and expose via crypt_newhash ok deraadt miod

2014-12-28 13:55  reyk

	* etc/examples/httpd.conf: Change the default ext_addr from
	  "egress" to "*".  Listening on the egress group only works if you
	  have a default route; this confused some people.

2014-12-28 13:53  reyk

	* usr.sbin/httpd/httpd.conf.5: Change the default example from
	  "listen on egress" to "listen on *".	Listening on the egress
	  group only works if you have a default route; this confused some
	  people.

2014-12-24 22:10  tedu

	* lib/libc/crypt/cryptutil.c: simplify crypt_checkpass. The API
	  promise is that this function doesn't use global data. The
	  simplest fix is to only check blowfish passwords, and implicitly
	  lock out DES passwords.  crypt_checkpass is currently only used
	  in one place, passwd, to verify the local user's password, so
	  this is probably acceptable.	Gives people a little more time to
	  migrate away from DES before introduing checkpass into more
	  places.

2014-12-21 00:54  guenther

	* usr.sbin/httpd/: config.c, control.c, log.c, logger.c, parse.y,
	  proc.c, server.c, server_fcgi.c, server_file.c, server_http.c:
	  Stop pulling in <arpa/inet.h> or <arpa/nameser.h> when
	  unnecessary.	*Do* pull it in when in_{port,addr}_h is needed and
	  <netinet/in.h> isn't.

	  ok reyk@

2014-12-18 10:18  reyk

	* usr.sbin/httpd/httpd.conf.5: Document * and :: to listen on all
	  IPv4 or IPv6 addresses.

2014-12-18 10:10  reyk

	* usr.sbin/httpd/parse.y: Accept * as an alias for the default ipv4
	  listen address.

	  OK jsg@

2014-12-18 09:00  reyk

	* usr.sbin/httpd/httpd.conf.5: "tcp nodelay" shouldn't be
	  discussing relaying SSH; this was a remnant from relayd.conf.5.

	  From Ross L Richardson

2014-12-16 03:35  millert

	* usr.sbin/httpd/proc.c: Replace setpgrp(0, getpid()) with
	  setpgid(0, 0).  OK deraadt@ tedu@

2014-12-12 14:45  reyk

	* etc/examples/httpd.conf, usr.sbin/httpd/config.c,
	  usr.sbin/httpd/httpd.8, usr.sbin/httpd/httpd.conf.5,
	  usr.sbin/httpd/httpd.h, usr.sbin/httpd/parse.y,
	  usr.sbin/httpd/server.c, usr.sbin/httpd/server_fcgi.c,
	  usr.sbin/httpd/server_file.c: Like previously done in relayd,
	  change the keyword "ssl" to "tls" to reflect reality.

	  OK benno@

2014-12-11 17:06  schwarze

	* usr.sbin/httpd/httpd.c: When scanning backwards for the last dot
	  in a filename, stop at the '/' marking the beginning of the
	  filename.  This allows to configure a Content-Type for a filename
	  without a dot.  OK reyk@

2014-12-08 19:31  florian

	* usr.sbin/httpd/server_http.c: Do not send an error body in a HEAD
	  request answer.  From Bertrand Janin (b at janin dot com),
	  thanks! OK reyk@

2014-12-07 16:05  florian

	* usr.sbin/httpd/config.c: Avoid NULL deref in error case; found
	  with llvm.  OK reyk

2014-12-04 02:44  tedu

	* usr.sbin/httpd/: httpd.c, parse.y, server.c, server_fcgi.c,
	  server_file.c, server_http.c: stop viral header propagation. none
	  of this code uses sys/hash.h from Max Fillinger

2014-11-24 22:47  tedu

	* lib/libc/crypt/bcrypt.c: introduce a hashspace define and check
	  that there's enough space to write out a hash. also simplify
	  writing out the hash.

2014-11-24 21:36  tedu

	* lib/libc/crypt/cryptutil.c: check crypt() for null. noticed by
	  Jonas Termansen

2014-11-22 00:24  tedu

	* usr.sbin/httpd/: config.c, httpd.c: use size_t where appropriate.
	  ok deraadt reyk

2014-11-21 17:49  deraadt

	* usr.sbin/httpd/httpd.c: white space begone

2014-11-21 12:32  schwarze

	* lib/libc/crypt/cryptutil.c: Let crypt_checkpass() set EACCES
	  after bcrypt_checkpass() failure; ok tedu@

2014-11-21 05:13  tedu

	* lib/libc/crypt/cryptutil.c: change prototype for crypt_newhash.
	  the login_cap_t is a holdover from its pwd_gensalt origins, but a
	  string argument works equally work and is more friendly to
	  consumers beyond local user accounts.  ok deraadt

2014-11-20 07:48  jasper

	* usr.sbin/httpd/: config.c, http.h, httpd.c, httpd.h, logger.c,
	  parse.y, server.c, server_fcgi.c, server_file.c, server_http.c:
	  httpd was developed very rapidly in the weeks before 5.6 release,
	  and it has a few flaws.  It would be nice to get these flaws
	  fully remediated before the next release, and that requires the
	  community to want to use it.	Therefore here is a "jumbo" patch
	  that brings in the most important fixes.

	  committing on behalf of reyk@

2014-11-20 05:51  jsg

	* usr.sbin/httpd/parse.y: Don't allow embedded nul characters in
	  strings.  Fixes a pfctl crash with an anchor name containing an
	  embedded nul found with the afl fuzzer.

	  pfctl parse.y patch from and ok deraadt@

2014-11-17 19:48  millert

	* lib/libc/gen/vis.c: Add stravis(), an allocating version of
	  strvis().  OK doug@

2014-11-17 16:47  tedu

	* lib/libc/crypt/cryptutil.c: add new function crypt_newhash to
	  simplify creating new hashes.  does most of the work pwd_gensalt
	  did, but also creates the hash.  (unused yet)

2014-11-12 16:52  jmc

	* usr.sbin/httpd/httpd.conf.5: tweak previous;

2014-11-11 15:54  beck

	* usr.sbin/httpd/: httpd.c, httpd.conf.5, httpd.h, logger.c,
	  parse.y: Allow the log directory to be configurable in the config
	  file, rather than fixed as /logs within the chroot.  As this
	  httpd is properly privesp'ed this has the nice property of
	  allowing us to put the logs outside the chroot if we want to.  ok
	  reyk@

2014-11-10 14:16  beck

	* usr.sbin/httpd/logger.c: Don't attempt to open log files when
	  using syslog, as we are not going to use them.  ok reyk@

2014-11-03 18:43  bluhm

	* usr.sbin/httpd/: httpd.h, parse.y: Convert the logic in
	  yyerror().  Instead of creating a temporary format string, create
	  a temporary message.	OK deraadt@

2014-11-03 03:46  doug

	* usr.sbin/httpd/parse.y: Add gcc format attributes to yyerror() in
	  httpd.

	  Fix a few format characters as well.	ok bluhm@

2014-10-31 13:49  jsing

	* usr.sbin/httpd/: Makefile, httpd.h, server.c: Update httpd(8) to
	  use libtls instead of libressl.

2014-10-25 03:23  lteo

	* usr.sbin/httpd/: log.c, proc.c, server.c, server_fcgi.c,
	  server_file.c, server_http.c: Remove unnecessary
	  netinet/in_systm.h include.

	  ok millert@

2014-10-22 09:48  reyk

	* usr.sbin/httpd/: httpd.c, httpd.h, server_http.c: URL-decode the
	  request path.

	  Tested by ajacoutot@ and others OK doug@

2014-10-21 13:00  reyk

	* usr.sbin/httpd/: server_file.c, server_http.c: Rework the error
	  message a little bit: Do not send details of the error.
	  Traditionally, web servers responsed with the request path on 40x
	  errors which could be abused to inject JavaScript etc.  Instead
	  of sanitizing the path, we just don't reprint it.  Also modify
	  the style a little bit but keep Comic Sans.

	  With input from Jonas Lindemann and doug@

2014-10-03 13:41  jsing

	* usr.sbin/httpd/server.c: Update ressl configuration to handle
	  recent changes in the library.

	  ok tedu@

2014-10-02 19:22  reyk

	* usr.sbin/httpd/: server.c, server_file.c: Fix an error case that
	  was never handled ending up in an endless event loop that could
	  eat all CPU.	I thought that the previous (correct) commit fixed
	  it which wasn't the case.  But this one is obvious.

	  ok florian@

2014-09-29 19:30  deraadt

	* usr.sbin/httpd/: http.h, httpd.c, server_fcgi.c, server_http.c:
	  whitespace spotted while studying the code

2014-09-27 12:49  reyk

	* usr.sbin/httpd/server_file.c: In addition to READ, disable WRITE
	  events when closing the file descriptor of the file I/O
	  bufferevent. This fixes a potential event flood.

	  OK florian@

2014-09-15 08:00  reyk

	* usr.sbin/httpd/server_http.c: Make the HTTP version mandatory and
	  abort if it is missing in the request.

2014-09-10 15:39  reyk

	* usr.sbin/httpd/: httpd.h, server_http.c: Handle different
	  possible variations of the Host header (eg.  www.example.com,
	  www.example.com:80, [2001:db8::1], [2001:db8::1]:80).  The port
	  is optional and is typically used on non-default ports.  If the
	  server name is a plain IPv6 address, it is commonly specified in
	  square brackets.

	  Makes ajacoutot@ happy OK florian@

2014-09-05 15:06  reyk

	* usr.sbin/httpd/: http.h, server_http.c: Add various RFC-based
	  WebDAV methods to the list of accepted HTTP methods.	This fixes
	  (Fast)CGI-based WebDAV and CalDAV (calendar) servers with httpd.

	  ok benno@ stsp@

2014-09-05 10:04  reyk

	* usr.sbin/httpd/: config.c, httpd.c, httpd.h, parse.y, server.c,
	  server_http.c: Remove a limitation that only allowed to specify a
	  server name once.  The key has been changed to server name +
	  address + port and now it is possible to use the same server name
	  for multiple servers with different addresses, eg.
	  http://www.example.com and https://www.example.com/.

	  OK doug@ florian@

2014-09-04 13:45  reyk

	* usr.sbin/httpd/parse.y: One line change adding the 'include'
	  directive to the valid server options.  This allows to include
	  external configuration files from within server and location
	  sections, not just from global context, for example to share
	  common configuration within multiple servers (or virtual hosts).

2014-09-02 16:20  reyk

	* usr.sbin/httpd/: httpd.h, server.c, server_fcgi.c: FastCGI did
	  not support persistent connections.  Add initial support for
	  persistent connections with FastCGI by implementing chunked
	  Transfer-Encoding.  This only works with HTTP/1.1.

	  With input and help from florian@ who found some FastCGI edge
	  cases.

	  OK florian@

2014-09-01 12:28  reyk

	* usr.sbin/httpd/server_fcgi.c: Don't pass the local buffer array
	  by reference.

	  OK florian@

2014-09-01 12:22  jmc

	* usr.sbin/httpd/httpd.conf.5: remove Xr, but not the reference, to
	  nginx, after some discussion with reyk;

2014-09-01 09:32  reyk

	* usr.sbin/httpd/: httpd.c, httpd.h, server_fcgi.c: Replace the
	  code to get the FastCGI Status header with a proper way to parse
	  and write the headers using the http response descriptor.  This
	  allows to add other tweaks, like support for chunked encoding,
	  later.

	  OK florian@

2014-08-29 13:01  reyk

	* usr.sbin/httpd/: httpd.h, server_fcgi.c, server_file.c,
	  server_http.c: Use two instead of one http descriptor for request
	  and response.

	  OK chrisz@

2014-08-27 09:51  reyk

	* usr.sbin/httpd/server.c: Write all data before closing the server
	  socket if the output buffer is not empty.  This fixes a bug of
	  short responses that could happen with large files or fcgi data
	  on connections with a higher latency.

	  OK florian@

2014-08-26 21:50  jmc

	* usr.bin/htpasswd/htpasswd.1: fix SEE ALSO;

2014-08-26 20:03  robert

	* usr.bin/htpasswd/htpasswd.1: remove nginx references

2014-08-25 14:27  reyk

	* etc/examples/httpd.conf, usr.sbin/httpd/httpd.conf.5,
	  usr.sbin/httpd/parse.y: Add a generic system-wide
	  /usr/share/misc/mime.types file that can be included in
	  httpd.conf.  httpd(8) now supports both mime.types flavours with
	  or without semicolon at the end of the line (nginx- or
	  apache-style).

	  Discussed with many, with input from halex@ OK halex@

2014-08-21 19:23  chrisz

	* usr.sbin/httpd/: httpd.h, server_fcgi.c, server_file.c,
	  server_http.c: Add Last-Modified: HTTP header.

	  OK reyk@

2014-08-17 18:46  jmc

	* usr.sbin/httpd/httpd.conf.5: don;t mark up {};

2014-08-14 09:12  doug

	* usr.sbin/httpd/http.h: Sync with RFC 7230-7235 phrases and IANA
	  registered status codes.

	  ok reyk@

2014-08-14 07:50  chrisz

	* usr.sbin/httpd/server_file.c: Remove obsolete struct stat
	  parameters.

	  ok reyk@

2014-08-13 18:00  chrisz

	* usr.sbin/httpd/server_fcgi.c: For a non-existent root we don't
	  want the root prefix to show up in PATH_INFO.  Therefore put a
	  lower bound of strlen(root) on scriptlen.  This makes perfect
	  sense for virtual FastCGI scripts which run chrooted in another
	  directory from httpd.

	  ok reyk@

2014-08-13 16:04  reyk

	* usr.sbin/httpd/: httpd.c, httpd.h, server_fcgi.c: Provide a
	  failsafe version of the path_info() function that doesn't need a
	  temporary path variable.  Based on an initial diff from chrisz@.

	  "Commit any failsafe version and I'm ok with it" chrisz@

2014-08-13 08:08  chrisz

	* usr.sbin/httpd/httpd.c: fix early loop termination in httpd
	  path_info() without this fix httpd always put at least the first
	  path component in SCRIPT_NAME even when it did not exist.  Now
	  for completely non-existant paths everything goes into PATH_INFO.

2014-08-11 15:26  deraadt

	* usr.sbin/httpd/server_fcgi.c: make a few variables more local

2014-08-09 09:07  jmc

	* usr.sbin/httpd/httpd.conf.5: some minor tweaks;

2014-08-09 08:54  jmc

	* usr.sbin/httpd/httpd.conf.5: sort "prefork", and remove a useless
	  macro;

2014-08-09 08:49  jmc

	* usr.sbin/httpd/httpd.8: basic cleanup;

2014-08-09 07:35  reyk

	* usr.sbin/httpd/parse.y: Allow to inclue the types section
	  anywhere in the configuration file.

	  Found by chris@ OK doug@

2014-08-08 18:29  reyk

	* usr.sbin/httpd/: http.h, httpd.h, server_fcgi.c, server_file.c,
	  server_http.c: When opening directories, re-match the location
	  after the index file has been appended.  This allows to use a
	  fastcgi target as the default index, for example index.php.

	  OK florian@

2014-08-08 15:46  reyk

	* usr.sbin/httpd/server_http.c: Allow to serve emtpy (0 bytes)
	  files.

	  Found by jasper@ OK florian@

2014-08-07 18:21  reyk

	* usr.sbin/httpd/httpd.8: Fix and simplify the description of
	  httpd(8)'s signal handling.  httpd does not re-executed itself on
	  SIGHUP, it simply reload the configuration and sends it to its
	  child processes.

	  ok deraadt@

2014-08-07 12:43  florian

	* usr.sbin/httpd/server_fcgi.c: Don't try to ouput FCGI_STDERR into
	  error.log if there is no data.  Problem noticed by naddy@, OK
	  reyk@

2014-08-07 10:52  florian

	* usr.sbin/httpd/server_fcgi.c: Opportunistically try to parse
	  "Status: $code" in the very first response from the fcgi daemon
	  and use that code as HTTP response code. If it doesn't work out
	  fall back to code 200.  This might fix naddy@'s issue with
	  redirects in cvsweb.	To be revisited after unlock.  Discussed
	  with & grudgingly OK reyk@

2014-08-07 06:56  deraadt

	* usr.sbin/httpd/httpd.8: shorten signal text a bit

2014-08-06 22:33  doug

	* usr.sbin/httpd/httpd.8: Mention how httpd responds to SIGHUP and
	  SIGUSR1.

	  Description from reyk@

2014-08-06 21:08  reyk

	* usr.sbin/httpd/server_fcgi.c: Write STDERR from the CGI to the
	  web server error log as intended.

	  OK florian@

2014-08-06 20:56  florian

	* usr.sbin/httpd/server_fcgi.c: If the very first fcgi STDOUT
	  record has length 0 the cgi script didn't send anything back.
	  This is an internal server error.  OK reyk@

2014-08-06 20:29  reyk

	* etc/examples/httpd.conf, usr.sbin/httpd/httpd.conf.5,
	  usr.sbin/httpd/parse.y: Change grammar to remove a shift/reduce
	  conflict that was introduced with the ssl options.  "listen on
	  $ip port 443 ssl" turns into "listen on $ip ssl port 443".

	  ok florian@

2014-08-06 18:40  reyk

	* usr.sbin/httpd/server_fcgi.c: Always zero-out the fcgi record
	  header for STDIN data.

	  OK florian@

2014-08-06 18:38  reyk

	* usr.sbin/httpd/: server.c, server_fcgi.c: Use memset(buf instead
	  of memset(&buf.

	  Pointed out by deraadt@

2014-08-06 18:21  reyk

	* usr.sbin/httpd/: config.c, httpd.conf.5, httpd.h, parse.y,
	  server_http.c: Limit the body size in client requests (eg. POST
	  data) to 1M by default; add a configuration option to change the
	  limit.

	  ok florian@

2014-08-06 16:31  jsing

	* usr.sbin/httpd/httpd.conf.5: Document the SSL configuration for
	  httpd (partly based on relayd.conf(5)).

2014-08-06 16:11  jsing

	* usr.sbin/httpd/parse.y: Provide configuration options that allow
	  the SSL certificate, key and ciphers to be specified for each
	  server.

	  ok deraadt@ reyk@

2014-08-06 16:10  jsing

	* usr.sbin/httpd/server.c: Also clean up the public key when it is
	  no longer needed.

	  ok deraadt@ reyk@

2014-08-06 16:09  jsing

	* usr.sbin/httpd/: httpd.h, parse.y, server.c: Configure the
	  default SSL ciphers as HIGH:!aNULL.

	  ok deraadt@ reyk@

2014-08-06 15:08  florian

	* usr.sbin/httpd/: httpd.h, server.c, server_fcgi.c, server_http.c:
	  http POST support with & OK reyk@

2014-08-06 13:40  florian

	* usr.sbin/httpd/server_fcgi.c: Content-Length and Content-Type are
	  transmitted as CONTENT_LENGTH and CONTENT_TYPE environment
	  variables to cgi scripts, without the HTTP_ prefix.  OK reyk@

2014-08-06 12:56  reyk

	* usr.sbin/httpd/: logger.c, parse.y, server.c: spacing

2014-08-06 12:29  jsg

	* usr.sbin/httpd/logger.c: avoid displaying a NULL pointer ok
	  deraadt@ reyk@

2014-08-06 11:24  reyk

	* usr.sbin/httpd/: server.c, server_file.c: The watermark exposed a
	  bug in server_write that broke keep-alive support.  Instead of
	  calling server_close from server_write, we have to proceed to the
	  next connection by calling the error handler.

	  OK jsg@

2014-08-06 09:40  reyk

	* usr.sbin/httpd/server.c: Bring back the last read (done) / last
	  write (done) messages instead of just "done" to simplify
	  connection debugging.

2014-08-06 09:36  reyk

	* usr.sbin/httpd/: httpd.h, server.c, server_file.c: Adjust the
	  read/write watermarks according to the TCP send buffer.  This
	  fixes sending of large files.  Previously, httpd was reading the
	  input file too quickly and could run out of memory when filling
	  the input buffer.

	  Found by jsg@ OK florian@

2014-08-06 09:34  reyk

	* usr.sbin/httpd/server_http.c: Add braces.  Style-only change.

2014-08-06 05:47  doug

	* usr.sbin/httpd/httpd.8: Add an overview of the features for httpd
	  in the description section.

	  "commit" deraadt@

2014-08-06 04:39  jsg

	* usr.sbin/httpd/server.c: add missing va_start/va_end calls ok
	  deraadt@ guenther@

2014-08-06 02:31  doug

	* usr.sbin/httpd/httpd.8: Explain the options in httpd.8

	  ok deraadt@

2014-08-06 02:04  jsing

	* usr.sbin/httpd/: config.c, httpd.8, httpd.h, parse.y, server.c:
	  Load the SSL public/private keys in the parent process, then
	  provide them to the privsep process via imsg. This allows the
	  keys to be moved out of the chroot (now /etc/ssl/server.crt,
	  /etc/ssl/private/server.key).

	  ok reyk@

2014-08-05 18:01  reyk

	* etc/examples/httpd.conf, usr.sbin/httpd/config.c,
	  usr.sbin/httpd/httpd.conf.5, usr.sbin/httpd/httpd.h,
	  usr.sbin/httpd/parse.y, usr.sbin/httpd/server_http.c: Add
	  configuration options for the most-important connection limits:
	  max requests (per connection) and timeout.  We don't want to add
	  too many button, and there are good defaults, but these ones are
	  kind of mandatory.

2014-08-05 17:13  reyk

	* usr.sbin/httpd/httpd.conf.5: Tweak the httpd.conf manpage with
	  "sub-lists".

2014-08-05 17:03  reyk

	* usr.sbin/httpd/: httpd.conf.5, parse.y: Bring back the tcp/ip
	  configuration options.  This code was already there and is from
	  relayd.  We can decide later which options should be added or
	  removed, but it shouldn't do any harm.

2014-08-05 16:46  reyk

	* usr.sbin/httpd/parse.y: Add srv_conf helper variable to make the
	  code more readable.  No functional change.

2014-08-05 16:30  reyk

	* usr.sbin/httpd/: httpd.h, server_http.c: Limit the number of
	  (Keep-Alive) requests per connection to 100.	(Same default as in
	  nginx and Apache).

2014-08-05 15:36  reyk

	* usr.sbin/httpd/: config.c, httpd.c, httpd.conf.5, httpd.h,
	  logger.c, parse.y, server.c: Improve logging to allow per-
	  server/location log files.  The log files can also be owned by
	  root now: they're opened by the parent and send to the logger
	  process with fd passing.  This also works with reload.

	  ok deraadt@

2014-08-05 14:36  deraadt

	* usr.sbin/httpd/server_http.c: retire blink because this is
	  serious software now; ok beck

2014-08-05 14:35  deraadt

	* usr.sbin/httpd/config.c: spaces

2014-08-05 09:24  jsg

	* usr.sbin/httpd/: httpd.c, httpd.conf.5, httpd.h, parse.y: add a
	  config option to specify the chroot directory ok reyk@

2014-08-04 18:12  reyk

	* usr.sbin/httpd/: httpd.8, httpd.h, server.c: Temporarily move the
	  default location of the SSL/TLS server key and certificate from
	  /var/www/ to /var/www/conf/.	Don't get scared - this will be
	  changed soon!  They're currently located in the chroot directory
	  but will be moved outside as soon as we adopted some of the key
	  privsep from relayd in ressl/httpd.

2014-08-04 18:00  reyk

	* usr.sbin/httpd/: config.c, server_fcgi.c: Add HTTPS = on CGI
	  variable.

2014-08-04 17:50  reyk

	* etc/examples/httpd.conf: Add HTTPS server example.

2014-08-04 17:43  reyk

	* usr.sbin/httpd/server_file.c: Redirect to https:// if SSL/TLS is
	  enabled.

2014-08-04 17:38  reyk

	* usr.sbin/httpd/: Makefile, config.c, httpd.conf.5, httpd.h,
	  parse.y, server.c: Proxy commit for jsing@: "Add TLS/SSL support
	  to httpd, based on the recent ressl commits."

	  From jsing@ ok reyk@

2014-08-04 17:12  reyk

	* usr.sbin/httpd/: httpd.8, httpd.conf.5: manpage tweaks about
	  logging

2014-08-04 16:07  reyk

	* etc/examples/httpd.conf, usr.sbin/httpd/parse.y: Change grammar
	  from "log [style]" to "log style [style]".

2014-08-04 15:57  reyk

	* usr.sbin/httpd/logger.c: Print error message if the log files
	  cannot be opened.

2014-08-04 15:49  reyk

	* usr.sbin/httpd/: Makefile, config.c, control.c, httpd.c,
	  httpd.conf.5, httpd.h, logger.c, parse.y, proc.c, server.c: Add
	  initial support for log files in /var/www/logs/.  Logging with
	  syslog is still supported but disabled by default.

	  ok deraadt@

2014-08-04 14:49  reyk

	* usr.sbin/httpd/: httpd.c, httpd.h, server_fcgi.c: Implement
	  PATH_INFO and add DOCUMENT_ROOT.  PATH_INFO was requested by
	  naddy@ who successfully tested it with "cvsweb".

	  ok naddy@

2014-08-04 11:09  reyk

	* usr.sbin/httpd/: Makefile, config.c, control.c, httpd.c, log.c,
	  parse.y, proc.c, server.c, server_fcgi.c, server_file.c,
	  server_http.c: httpd doesn't support SSL/TLS yet, remove the
	  remaining bits.  The secrect plan is to add it later using the
	  ressl wrapper library.

2014-08-04 06:35  deraadt

	* usr.sbin/httpd/control.c: no need for param.h

2014-08-04 06:35  deraadt

	* usr.sbin/httpd/: httpd.h, proc.c, server_http.c: whitespace

2014-08-03 22:47  reyk

	* usr.sbin/httpd/server_file.c: Only allow GET and HEAD for static
	  files or return 405.

	  ok florian@

2014-08-03 22:38  reyk

	* usr.sbin/httpd/: server_file.c, server_http.c: Also write log
	  messages, like 404 Not Found, on error.  This is a bit tricky
	  because we couldn't guarantee a sane state after
	  server_response_http() so fail hard afterwards and close the
	  connection.

	  ok doug@

2014-08-03 22:06  florian

	* usr.sbin/httpd/server_fcgi.c: c-type functions / makros need a
	  cast to unsigned char, not int "feel free to commit" reyk@

2014-08-03 21:33  reyk

	* usr.sbin/httpd/: http.h, server_http.c: Allocate http_host
	  instead of carrying a buffer in the descriptor.

2014-08-03 20:43  reyk

	* usr.sbin/httpd/: parse.y, server.c, server_fcgi.c: spacing

2014-08-03 20:39  reyk

	* usr.sbin/httpd/: httpd.h, server_fcgi.c, server_http.c:
	  Dynamically pass HTTP request headers as protocol-specific HTTP_*
	  CGI meta-variables.

	  ok florian@

2014-08-03 12:26  reyk

	* usr.sbin/httpd/: httpd.h, server_fcgi.c, server_http.c: Add
	  function to iterate all headers.  No functional change.

2014-08-03 11:51  reyk

	* etc/examples/httpd.conf: The first server example should be the
	  "minimal default" to illustrate that you don't have to push all
	  kinds of buttons to run httpd.

2014-08-03 11:28  reyk

	* etc/examples/httpd.conf: More examples, include FastCGI for php
	  and cgi-bin and logging.

2014-08-03 11:16  reyk

	* usr.sbin/httpd/: config.c, httpd.h, parse.y, server_fcgi.c,
	  server_file.c: Split fastcgi socket path and document root option
	  and add the SCRIPT_FILENAME CGI param with a prepended root.
	  This fixes php-fpm that expects SCRIPT_FILENAME and also works
	  with slowcgi if you configure the root correctly.  For example,
	  if SCRIPT_NAME and REQUEST_URI are /php/index.php, root is
	  /htdocs, SCRIPT_FILENAME will be /htdocs/php/index.php.  As
	  tested and discussed with florian@

2014-08-03 10:38  reyk

	* usr.sbin/httpd/server_fcgi.c: Add missing log call for FastCGI
	  requests.

2014-08-03 10:26  reyk

	* usr.sbin/httpd/: httpd.conf.5, httpd.h, parse.y, server.c,
	  server_http.c: Add another log mode "connection" for a
	  relayd(8)-style log entry after each connection, not every
	  request.  The code was already there and enabled on debug, I just
	  turned it into an alternative log format.

2014-08-03 10:22  reyk

	* usr.sbin/httpd/server_http.c: Prefer getnameinfo() with
	  NI_NUMERICHOST over inet_ntop because it is also aware of the
	  IPv6 scope Id.  We already have a function print_host() that uses
	  getnameinfo, so no need for the inet_ntop cases. Confirmed by
	  florian@

2014-08-02 21:21  doug

	* usr.sbin/httpd/: config.c, httpd.conf.5, httpd.h, parse.y,
	  server_http.c: Locations now inherit access log settings from the
	  server.

	  Add log to the server flags.

	  input/"Looks ok" reyk@

2014-08-02 17:42  florian

	* usr.sbin/httpd/server_fcgi.c: don't leak fcgi fd

2014-08-02 17:05  florian

	* usr.sbin/httpd/: httpd.h, server_fcgi.c: Padding of fcgi records
	  is optional, but if we receive padding data we should read it.

2014-08-02 11:59  florian

	* usr.sbin/httpd/server_fcgi.c: We need to read from the fcgi
	  bufferevent until it's empty because the event handler will not
	  be called again if no new data arrives.  Debugged with and OK
	  reyk@

2014-08-02 11:52  reyk

	* usr.sbin/httpd/: httpd.h, server.c, server_fcgi.c: Allow to
	  specify a FastCGI TCP socket on localhost (eg. :9000).  Used for
	  debugging, you should prefer local UNIX sockets, but it helped to
	  find an issue that will be fixed with the next commit.

	  OK florian@

2014-08-02 10:24  reyk

	* usr.sbin/httpd/httpd.conf.5: 'fastcgi socket "path"' is the
	  correct syntax; update the manpage.  Found by jsg@

2014-08-02 09:54  reyk

	* usr.sbin/httpd/: httpd.c, server_fcgi.c, server_file.c: spacing

2014-08-02 09:46  reyk

	* usr.sbin/httpd/server_file.c: scandir(3)-based directory auto
	  index didn't work on NFS because the file system is not filling
	  in d_type properly.  Using st_mode from the stat call fixes the
	  problem, eg. S_ISDIR(st.st_mode) instead of dp->d_type == DT_DIR.
	  Pointed out by pelikan@

2014-08-02 08:07  jmc

	* usr.sbin/httpd/httpd.conf.5: remove nasty unclosed Xo in
	  previous; ok reyk

2014-08-01 22:24  reyk

	* usr.sbin/httpd/: httpd.h, server.c, server_http.c: Use the log
	  buffer to defer the logging until the connection is closed or the
	  request completed.  Turn the old log message into a debug
	  message.

	  ok doug@

2014-08-01 21:59  reyk

	* usr.sbin/httpd/: httpd.c, httpd.conf.5, httpd.h, parse.y,
	  server.c: remove the global "log updates/all" option that came
	  from relayd.

2014-08-01 21:51  doug

	* usr.sbin/httpd/: httpd.conf.5, httpd.h, parse.y, server_http.c:
	  Add common and combined access logging to httpd.

	  ok reyk@

2014-08-01 18:26  florian

	* usr.sbin/httpd/server_fcgi.c: Rewrite fcgi_add_param and hand
	  over a lot more http headers etc. to the cgi script.	OK reyk@
	  "blanket OK" for changes in httpd for the time beeing from
	  deraadt@

2014-08-01 08:34  florian

	* usr.sbin/httpd/: httpd.h, server.c, server_fcgi.c: Correctly
	  parse fcgi records if we don't get the whole record in one
	  bufferevent_read().  Input/OK reyk@

2014-07-31 18:07  reyk

	* usr.sbin/httpd/: httpd.h, server_fcgi.c, server_http.c: Only
	  write the HTTP header for the first fastcgi chunk.

2014-07-31 17:55  reyk

	* usr.sbin/httpd/: httpd.h, server_fcgi.c, server_file.c,
	  server_http.c: some fastcgi improvements: - DPRINTF instead of
	  log_info for internal debugging.  - submit QUERY_STRING, if it
	  exists - use a proper function to create an HTTP header.  - use
	  server_file_error() to detect EOF and fastcgi stream errors.	-
	  disable keep-alive/persist for now until we have a reliable way
	  to get the content length from the cgi response or support
	  chunked encoding.

	  "Cool, jep" florian@

2014-07-31 14:25  reyk

	* usr.sbin/httpd/: httpd.h, server.c, server_fcgi.c, server_file.c:
	  One bufferevent can be shared by file and fcgi.

2014-07-31 14:18  reyk

	* usr.sbin/httpd/: config.c, httpd.conf.5, httpd.h, parse.y,
	  server_fcgi.c: Allow to specify a non-default fastcgi socket.

2014-07-31 13:28  reyk

	* usr.sbin/httpd/: config.c, httpd.h, parse.y, server_file.c:
	  Rename the "docroot" variable to "path" because it will be used
	  for either files or the fastcgi socket (and there's no need to
	  use a union yet).

2014-07-31 09:34  reyk

	* usr.sbin/httpd/: config.c, httpd.conf.5, httpd.h, parse.y,
	  server_http.c: Add a configuration variable "fastcgi" to enable
	  it per server or location.

2014-07-31 09:23  florian

	* usr.sbin/httpd/: Makefile, httpd.h, server_fcgi.c, server_http.c:
	  Put in first stab at fastcgi. Very early work in progress.
	  Putting it in now so that we can quickly work on it in tree.
	  Requested by reyk@.  deraadt@ is OK with this according to reyk@.

2014-07-30 13:49  reyk

	* usr.sbin/httpd/: config.c, httpd.h, parse.y, server.c,
	  server_http.c: Make "location" work with name-based virtual
	  servers.

2014-07-30 10:05  reyk

	* etc/examples/httpd.conf, usr.sbin/httpd/config.c,
	  usr.sbin/httpd/httpd.conf.5, usr.sbin/httpd/httpd.h,
	  usr.sbin/httpd/parse.y, usr.sbin/httpd/server.c,
	  usr.sbin/httpd/server_http.c: Add "location" keyword to specify
	  path-specific configuration in servers, for example auto index
	  for a sub-directory only.  Internally, a "location" is just a
	  special type of a "virtual" server.

2014-07-30 09:51  reyk

	* usr.sbin/httpd/httpd.conf.5: Small fix and clarification

2014-07-30 07:09  reyk

	* usr.sbin/httpd/server_file.c: Reserve an extra file descriptor
	  per connection instead of per request.  This fixes fd accounting
	  with persistent connections and reduces the complexity of the
	  implementation.

	  ok benno@

2014-07-29 16:38  reyk

	* usr.sbin/httpd/server.c: The inflight decremented message should
	  only be printed with DEBUG.

2014-07-29 16:17  reyk

	* etc/examples/httpd.conf, usr.sbin/httpd/httpd.conf.5,
	  usr.sbin/httpd/httpd.h, usr.sbin/httpd/parse.y,
	  usr.sbin/httpd/server_file.c: Add extended directory index
	  options: "[no] index" and "[no] auto index".	The option
	  "directory auto index" implements basic directory listing and is
	  turned off by default.

	  ok deraadt@

2014-07-29 12:16  reyk

	* usr.sbin/httpd/: httpd.h, server.c: Move configurable TCP options
	  into struct server_config.

2014-07-27 23:52  deraadt

	* usr.sbin/httpd/Makefile: turn of -Werror, unless you are sure
	  both gcc work...

2014-07-26 22:38  reyk

	* usr.sbin/httpd/server_file.c: Remove redundant slash

2014-07-26 10:27  reyk

	* etc/examples/httpd.conf: Add more examples.  Requested by
	  deraadt@

2014-07-26 09:59  reyk

	* usr.sbin/httpd/httpd.c: bzero is over, memset is cool.  pointed
	  out by halex@

2014-07-25 23:30  reyk

	* usr.sbin/httpd/: config.c, httpd.h, server.c: Differentiate
	  servers by address and port, not just by address.

2014-07-25 23:25  reyk

	* usr.sbin/httpd/server_http.c: Reset the default Host for each
	  request

2014-07-25 23:23  reyk

	* usr.sbin/httpd/: http.h, httpd.h, server.c, server_file.c,
	  server_http.c: It is recommended to use a URL in the Location
	  header of 3xx responses.  To accomplish this, add some semantics
	  to retrieve the server host name of a connection: either IP,
	  IP:PORT (if not 80) or [IP6]:PORT, or Host value (if valid).

2014-07-25 21:48  reyk

	* usr.sbin/httpd/server_http.c: Append mandatory Date header to
	  each response.

2014-07-25 21:36  reyk

	* usr.sbin/httpd/server_http.c: New HTTP/1.1 RFC 7231 prefers
	  IMF-fixdate from RFC 5322.

2014-07-25 21:29  reyk

	* usr.sbin/httpd/: httpd.c, httpd.h, server_file.c, server_http.c:
	  Canonicalize the request path once without the docroot and
	  prepend the docroot only only when it's needed.  Suggested by
	  deraadt@.

2014-07-25 20:13  reyk

	* usr.sbin/httpd/server_file.c: Don't leak docroot in the error
	  message if the default index file is missing.

	  OK florian@

2014-07-25 17:49  reyk

	* usr.sbin/httpd/httpd.conf.5: Add multiple-servers "virtual hosts"
	  example.

2014-07-25 17:04  reyk

	* usr.sbin/httpd/parse.y: Add a single line to fix the address
	  matching of multiple server blocks with non-virtual hosts.  I had
	  this line in a previous diff.

2014-07-25 16:23  reyk

	* usr.sbin/httpd/: config.c, httpd.c, httpd.h, parse.y, server.c,
	  server_http.c: Add support for "virtual hosts" aka. server blocks
	  aka. multiple servers with the same or "overlapping" IP address
	  but a different name.

	  ok beck@

2014-07-25 15:47  reyk

	* usr.sbin/httpd/: httpd.conf.5, parse.y: Add and document 'root'
	  configuration option for the docroot.

2014-07-25 13:10  reyk

	* usr.sbin/httpd/: httpd.h, server.c, server_file.c, server_http.c:
	  Split server and server_config.

2014-07-25 12:46  reyk

	* usr.sbin/httpd/: httpd.h, server.c, server_file.c, server_http.c:
	  Rename a field, needed later, no functional change.

2014-07-25 12:42  reyk

	* usr.sbin/httpd/: httpd.h, parse.y, server_file.c: Move the
	  docroot into the server block.

2014-07-24 08:32  reyk

	* usr.sbin/httpd/: httpd.c, server.c, server_http.c: Plug a memleak
	  by correctly free'ing the HTTP descriptor that contains all the
	  headers etc. of a connection.

2014-07-24 08:11  reyk

	* usr.sbin/httpd/httpd.h: Remove unused fields from structure

2014-07-23 23:10  reyk

	* usr.sbin/httpd/httpd.c: When canonicalizing the path, it is
	  better to fail on truncation.

	  Pointed out by Doug Hogan.

2014-07-23 22:56  reyk

	* usr.sbin/httpd/httpd.c: I wanted to know if people pay attention.

	  Doug Hogan found an off-by-one.  More improvements will follow.

2014-07-23 22:20  reyk

	* usr.sbin/httpd/server_file.c: The default index page shouldn't be
	  a directory.	It's a 500.

2014-07-23 22:18  reyk

	* usr.sbin/httpd/server_file.c: Don't expose the docroot on error.

2014-07-23 22:02  reyk

	* usr.sbin/httpd/: httpd.c, parse.y: The media_encoding is not used
	  in parse.y but stack garbage could lead to a double free; set it
	  to NULL.

	  This should fix a problem that was found by deraadt@

2014-07-23 21:43  reyk

	* usr.sbin/httpd/: server_file.c, server_http.c: First attempt at
	  verifying the request path and the access permissions.  We also
	  have to redirect with 301 if a directory name was requested
	  without the trailing slash.

2014-07-23 19:03  reyk

	* usr.sbin/httpd/: httpd.c, httpd.h, server_file.c: Add
	  canonicalize_path() to canonicalize the requested URL path.

2014-07-23 13:26  reyk

	* usr.sbin/httpd/: config.c, httpd.h, server.c: Correctly shutdown
	  the servers when the process is terminating; prevents a crash on
	  exit.  With debugging help from blambert@.

2014-07-23 12:01  reyk

	* usr.sbin/httpd/httpd.h: always enable DPRINTF with compiled with
	  DEBUG

2014-07-22 19:03  jmc

	* usr.sbin/httpd/: httpd.8, httpd.conf.5: some minor fixes;

2014-07-22 18:31  ajacoutot

	* usr.sbin/httpd/httpd.conf.5: Typo.

	  no ok needed miod@ guenther@

2014-07-22 17:54  reyk

	* usr.sbin/httpd/httpd.8: There is no httpctl yet.

	  Found by jturner

2014-07-22 17:49  deraadt

	* usr.sbin/httpd/httpd.8: floating ,

2014-07-22 16:58  reyk

	* etc/examples/httpd.conf: Add initial httpd.conf(5) example for
	  httpd(8)

	  Requested by deraadt@

2014-07-20 04:22  guenther

	* lib/libc/crypt/bcrypt.c: From ISO/IEC 9899:1999 and 9899:201x,
	  6.11.5 - Storage-class specifiers:	 The placement of a
	  storage-class specifier other than at the	beginning of the
	  declaration specifiers in a declaration is	 an obsolescent
	  feature.

	  Diff from Jean-Philippe Ouellet (jean-philippe (at) ouellet.biz)

2014-07-19 18:15  miod

	* share/mk/bsd.regress.mk: Explicitely check the value of
	  REGRESS_SKIP_SLOW rather than its emptyness, for it defaults to a
	  non-empty value; Doug Hogan

2014-07-17 11:35  stsp

	* usr.sbin/httpd/server_http.c: Move comment about strcasecmp() to
	  a more suitable spot.  ok reyk benno

2014-07-17 11:32  stsp

	* usr.sbin/httpd/httpd.conf.5: Fix typo in example httpd config
	  which caused error on startup.  /etc/httpd.conf:8: failed to add
	  media type ok reyk

2014-07-16 10:25  reyk

	* usr.sbin/httpd/: httpd.h, server.c, server_file.c, server_http.c:
	  Implement file descriptor accounting.  The concept was taken from
	  relayd but had to be adjusted for httpd.  It now handles
	  single-pass HTTP connections, persistent connections with
	  multiple requests, and body-less HEAD requests.  With input from
	  benno@

2014-07-15 09:51  reyk

	* usr.sbin/httpd/server_file.c: don't diplay the full path in error
	  messages

2014-07-14 09:03  reyk

	* usr.sbin/httpd/server_http.c: Track Connection: Keep-Alive

2014-07-14 00:19  reyk

	* usr.sbin/httpd/: httpd.h, server.c, server_file.c, server_http.c:
	  first step towards keep-alive/persistent connections support

2014-07-13 15:39  reyk

	* usr.sbin/httpd/server_http.c: Remove a debug message

2014-07-13 15:11  reyk

	* usr.sbin/httpd/http.h: Sync file to be identical in relayd(8) and
	  httpd(8).

2014-07-13 15:07  reyk

	* usr.sbin/httpd/: server.c, server_file.c: Finish writing the
	  output before closing the connection (adopted from relayd).

2014-07-13 14:46  reyk

	* usr.sbin/httpd/server.c: Close the connection after the response
	  is completed (no Keepalive yet).

2014-07-13 14:17  reyk

	* usr.sbin/httpd/: config.c, http.h, httpd.c, httpd.conf.5,
	  httpd.h, parse.y, server.c, server_file.c, server_http.c: Add
	  support for media types (aka. MIME types): the types section is
	  compatible to nginx' mime.types file which can be included
	  directly.  If not present, use a few built-in defaults for html,
	  css, txt, jpeg, gif, png, and js.

2014-07-13 09:46  beck

	* usr.sbin/httpd/server_http.c: Make error messages more obvious to
	  the user.  ok reyk@ florian@

2014-07-12 23:55  reyk

	* usr.sbin/httpd/server_http.c: Use Comic Sans (or Chalkboard) as
	  the default font for HTTP error messages because we love web
	  hipsters.

	  ok beck@

2014-07-12 23:34  reyk

	* usr.sbin/httpd/: Makefile, config.c, control.c, http.h, httpd.8,
	  httpd.c, httpd.conf.5, httpd.h, log.c, parse.y, proc.c, server.c,
	  server_file.c, server_http.c: Add httpd(8), an attempt to turn
	  the relayd(8) codebase into a simple web server.  It is not
	  finished yet and I just started it today, but the goal is to
	  provide an HTTP server that a) provides minimal features, b)
	  serves static files, c) provides FastCGI support, and d) follows
	  common coding practices of OpenBSD.

	  It will neither support plugins, nor custom memory allocators,
	  EBCDIC support, PCRE or any other things that can be found
	  elsewhere.  httpd(8) is not intended to provide a fully-featured
	  replacement for nginx(8) or the Apache, but it will provide
	  enough functionality that is needed in the OpenBSD base system.

	  ok deraadt@