| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
|
|
right people" at Stanford, we finally succeed at getting the parts of
the code they wrote to be released under a BSD license. The other
components were written by USC and Xerox (who were quick at helping, 5
days and 6 weeks if I recall). Of the ~200 authors we have contacted
regarding license issues, this institution has been THE WORST to deal
with, and to think -- this is an American University. How far the edifice
of educational freedom has fallen.... shame on you Stanford.
|
|
|
|
deraadt@ ok.
|
|
Make sence if debugging.
millert@ ok
|
|
|
|
|
|
|
|
(c) jbm@
thanks to jbm@ for helping clear this up
|
|
OpenBSD but it could affect platforms which define
ISC_PLATFORM_NEEDVSNPRINTF. isc_print_snprintf contains a bug where
it could read off the end of an argument string for a format specifier
like "%.10s", where the .10 indicates precision. Reported to ISC and
confirmed as ISC bug #5191. OK jakob@
|
|
|
|
|
|
|
|
|
|
chmod/chown to root.www 0640, just in case a etag file from the initial
version is around.
ok cloder theo
|
|
Fixes some issues with quoting and allows no longer mistakes commands
starting with a variable assignment for environment variables.
|
|
|
|
the etag-state file wasn't readable after chroot and privilege drop.
therefore, make it root.www 640.
split the read and write portions to their own functions, and in init_etag,
try to write the etag-state; in case of any problem with that, create a new
one and read that.
|
|
|
|
|
|
check the length of the data
|
|
The at(1) code is now more tightly integrated into the cron codebase.
|
|
the crontab command; for POSIX compliance. Create an empty cron.deny
file to allow any user to run crontab:
install -c -o root -g crontab -m 660 /dev/null /var/cron/cron.deny
|
|
|
|
|
|
cron. When ISC cron 5.0 is out the integration will be even tighter.
Also rename /var/cron/{allow,deny} -> /var/cron/cron.{allow,deny}
for consistency with POSIX and at.{allow,deny} and install an empty
cron.deny file (as we do at.deny) since crontab will require this
in the near future for POSIX compliance.
After a "make build" you can update your system as follows:
# mv /var/at/* /var/cron
# mv /var/cron/jobs /var/cron/atjobs
# mv /var/cron.allow /var/cron/cron.allow
# mv /var/cron.deny /var/cron/cron.deny
# rm -rf /var/at
# kill `cat /var/run/cron.pid` ; cron
|
|
|
|
these are all Matthias Drochner, except:
gsckbd(4): miod@ + Drochner
wsdisplay(4): Harris + Drochner
|
|
|
|
the great intial witch hunt, as prompted by tdeval@
os-aix-dso.c: ok henning@
ab.C: ok drahn@
|
|
|
|
*installboot*: all Paul Kranenburg
pppctl(8): Brian Somers
rpc.bootparamd(8): public domain
|
|
bootpef(8), pppd(8): Carnegie Mellon
map-mbone(8), mrinfo(8): Xerox
pdisk(8): Apple
awk(1): Lucent
sectok(3): University of Michigan
|
|
these are all Regents of the University of California
|
|
|
|
|
|
|
|
des_crypt(3): Eric Young
aac(4): Michael Smith, BSDi, Niklas Hallqvist; ok niklas@
bktr(4): Amancio Hasty, Roger Hardiman
getopt(1): Henry Spencer (public domain)
pcnfds(8): Sun
|
|
|
|
the boundary could never ever be accidentally matched inside base64
data. Based on conversation with markus@, deraadt@, henning@. OK
deraadt@, henning@
|
|
ETag (entity tag) header value. Instead of including
the file modification date, inode, file size, etc.
directly in the ETag header, return a SHA1 hash of
these values instead.
This SHA1 hash is initialized with a pseudorandom
secret, so that it's harder to brute force inode
numbers. This initialization secret is saved in a
file called "etag-state" in the httpd chroot logs/
directory, so that the ETag header values are consistent
across httpd restarts (if the secret were different
each time httpd started, ETags would change unnecessarily
and thereby cause caches to refresh unnecessarily).
An additional change is introduced: we add the dev
number to the hash when (and only when) we add the
inode number to the hash.
Before:
HTTP/1.1 200 OK
Server: Apache/1.3.27 (Unix) mod_ssl/2.8.12 OpenSSL/0.9.7-beta3
ETag: "b10d3-1e59-3e49cbe4"
In this case, we can tell the inode number of index.html
is is b10d3 hex.
After:
HTTP/1.1 200 OK
Server: Apache/1.3.27 (Unix) mod_ssl/2.8.12 OpenSSL/0.9.7-beta3
ETag: "3f3b3cb2ce2e278087960b3be6a6e9844166e371"
Idea and solution by deraadt@. OK deraadt@, henning@. Any
bugs are my fault :)
|
|
the base64 alphabet includes the characters '/', '+', and '=', it may
violate section 4 of RFC 1341, which says that these kinds of characters
must be quoted in order to be used as a header parameter. Pointed out
by Wouter Clarie (rimshot AT pandora DOT be).
My solution is not to quote the parameter (I'm afraid that will break
simple browsers) but to replace special characters with alphabetic
characters so that the resulting string is entirely alphanumeric. We
don't want to use hex here, the alphabet is too small.
"not too ugly for me" deraadt@, "a bit ugly but good enough" henning@,
"that might be better than quoting" wouter
|
|
|
|
Instead, generate a random MIME boundary separator that is also
much longer, which makes it less likely to occur in the data.
Before:
HTTP/1.1 206 Partial Content
Server: Apache/1.3.27 (Unix) mod_ssl/2.8.12 OpenSSL/0.9.7-beta3
Content-Type: multipart/byteranges; boundary=3e4e7d648e6
where the first 6 hex digits of the boundary is the request
time and the last 4 hex digits of the boundary (48e6) is the PID
of the httpd process that served the request.
After:
HTTP/1.1 206 Partial Content
Server: Apache/1.3.27 (Unix) mod_ssl/2.8.12 OpenSSL/0.9.7-beta3
Content-Type: multipart/byteranges; boundary=lqmQDSxeaFSosnx+R46M94slY7G5BKGVPIhCc4ffoW852Vz0RbOaLJfMCAHHTfvR
The boundary now consists of 48 pseudorandom bytes encoded into 64
base64 characters. This is in accordance with RFC 1341 section 7.2.1.
Based on conversations with deraadt@. OK deraadt@
|
|
|
|
|
|
|
