Index: www/bozohttpd/Makefile =================================================================== --- www/bozohttpd/Makefile (revision 534072) +++ www/bozohttpd/Makefile (working copy) @@ -2,58 +2,71 @@ # $FreeBSD$ PORTNAME= bozohttpd -PORTVERSION= 20130711 +PORTVERSION= 20201014 CATEGORIES= www MASTER_SITES= http://www.eterna.com.au/bozohttpd/ \ NETBSD MAINTAINER= jmohacsi@bsd.hu -COMMENT= The bozotic HTTP server +COMMENT= Bozotic HTTP server from NetBSD LICENSE= BSD2CLAUSE -USE_RC_SUBR= bozohttpd +USES= cpe uidfix tar:bzip2 +CPE_VENDOR= eterna -#options handling -OPTIONS_DEFINE= HTPASSWD SSL CGI -OPTIONS_DEFAULT= SSL CGI +OPTIONS_DEFINE= BLACKLIST CGI DAEMON DEBUG DIRINDEX\ + DYNAMIC HTPASSWD LUA SSL USER +OPTIONS_DEFAULT= BLACKLIST CGI DAEMON DEBUG DIRINDEX\ + DYNAMIC HTPASSWD LUA SSL USER -SSL_USES= ssl -SSL_CFLAGS= -I${OPENSSLINC} -SSL_LDFLAGS= -L${OPENSSLLIB} +BLACKLIST_DESC= Report Unauthorized and Forbidden accesses to blacklistd +BLACKLIST_CFLAGS_OFF= -DNO_BLACKLIST_SUPPORT +BLACKLIST_LIBS= -lblacklist -USES= cpe uidfix tar:bzip2 -CPE_VENDOR= eterna +CGI_DESC= Common Gateway Interface (CGI) support (-C, -c, -E, -e) +CGI_CFLAGS_OFF= -DNO_CGIBIN_SUPPORT -HTPASSWD_DESC= Enable htpassword support -CGI_DESC= Enable CGI support +DAEMON_DESC= Optional daemon mode (-b) +DAEMON_CFLAGS_OFF= -DNO_DAEMON_MODE +DEBUG_DESC= Debug support (-d) +DEBUG_CFLAGS_OFF= -DNO_DEBUG + +DIRINDEX_DESC= Automatic directory index if index.html is missing (-X) +DIRINDEX_CFLAGS_OFF= -DNO_DIRINDEX_SUPPORT + +DYNAMIC_DESC= Dynamic content based on file suffixes (-C, -M) +DYNAMIC_CFLAGS_OFF= -DNO_DYNAMIC_CONTENT + +HTPASSWD_DESC= Basic authentication with .htpasswd files +HTPASSWD_CFLAGS= -DDO_HTPASSWD +HTPASSWD_LIBS= -lcrypt + +SSL_DESC= SSL/TLS for HTTPS requests (-Z, -z) +SSL_CFLAGS= -I${OPENSSLINC} +SSL_CFLAGS_OFF= -DNO_SSL_SUPPORT +SSL_LDFLAGS= -L${OPENSSLLIB} +SSL_LIBS= -lcrypto -lssl +SSL_USES= ssl + +LUA_DESC= Lua scripts for dynamic content (-L) +LUA_CFLAGS= -I${LUA_INCDIR} +LUA_CFLAGS_OFF= -DNO_LUA_SUPPORT +LUA_LDFLAGS= -L${LUA_LIBDIR} +LUA_LIBS= -llua-${LUA_VER} +LUA_USES= lua + +USER_DESC= Optional /~user transformation (-e, -p, -u) +USER_CFLAGS_OFF= -DNO_USER_SUPPORT + .include -.if ${PORT_OPTIONS:MHTPASSWD} -MAKE_ARGS+= 'COPTS+= -DDO_HTPASSWD' \ - 'LDFLAGS+= -lcrypt' -.else -MAKE_ARGS+= 'COPTS+= -UDO_HTPASSWD' -.endif +MAKE_ARGS= LDADD="$(LIBS)" -.if ${PORT_OPTIONS:MSSL} -MAKE_ARGS+= 'COPTS+= -UNO_SSL_SUPPORT' -.else -MAKE_ARGS+= 'COPTS+= -DNO_SSL_SUPPORT' \ - 'CRYPTOLIBS=' \ - 'CRYPTODEPS=' -.endif +USE_RC_SUBR= bozohttpd -.if ${PORT_OPTIONS:MCGI} -MAKE_ARGS+= 'COPTS+= -UNO_CGIBIN_SUPPORT' -.else -MAKE_ARGS+= 'COPTS+= -DNO_CGIBIN_SUPPORT' -.endif - -PLIST_FILES= libexec/bozohttpd \ +PLIST_FILES= bin/bozohttpd \ man/man8/bozohttpd.8.gz -post-patch: - @${REINPLACE_CMD} -e 's|@@PREFIX@@|${PREFIX}|g' ${WRKSRC}/bozohttpd.8 .include Index: www/bozohttpd/distinfo =================================================================== --- www/bozohttpd/distinfo (revision 534072) +++ www/bozohttpd/distinfo (working copy) @@ -1,2 +1,3 @@ -SHA256 (bozohttpd-20130711.tar.bz2) = b9682e37ae2c4a1b7309225e95787df8c037239fe1d8c9dd8faede35921e910b -SIZE (bozohttpd-20130711.tar.bz2) = 48974 +TIMESTAMP = 1613243155 +SHA256 (bozohttpd-20201014.tar.bz2) = 5bbca7a3cf5cdadb1de2a40c41c51c8e8ded8569dd1e8f81962cca6b4c0b97ed +SIZE (bozohttpd-20201014.tar.bz2) = 76913 Index: www/bozohttpd/files/bozohttpd.in =================================================================== --- www/bozohttpd/files/bozohttpd.in (revision 534072) +++ www/bozohttpd/files/bozohttpd.in (working copy) @@ -25,6 +25,6 @@ : ${bozohttpd_enable="NO"} : ${bozohttpd_flags="-b -t /var/empty -U nobody /"} -command=%%PREFIX%%/libexec/${name} +command=%%PREFIX%%/bin/${name} run_rc_command "$1" Index: www/bozohttpd/files/patch-Makefile =================================================================== --- www/bozohttpd/files/patch-Makefile (revision 534072) +++ www/bozohttpd/files/patch-Makefile (working copy) @@ -1,53 +1,45 @@ ---- Makefile.orig +--- Makefile.orig 2020-10-15 04:35:06 UTC +++ Makefile -@@ -19,30 +19,34 @@ +@@ -14,7 +14,7 @@ + # NO_SSL_SUPPORT /* don't support ssl (https) */ + # DO_HTPASSWD /* support .htpasswd files */ + # NO_LUA_SUPPORT /* don't support Lua for dynamic content */ +-# NO_BLOCKLIST_SUPPORT /* don't support blocklist */ ++# NO_BLACKLIST_SUPPORT /* don't support blacklist */ + # + # other system specific defines: + # HAVE_NBUTIL_H /* netbsd compat is in +@@ -24,20 +24,17 @@ + # for setting CFLAGS relevant to your make, eg # % make COPTS="-DDO_HTPASSWD" - COPTS+= -DDO_HTPASSWD --PROG= httpd --MAN= httpd.8 --BUILDSYMLINKS+=bozohttpd.8 httpd.8 -+PROG= bozohttpd -+MAN= bozohttpd.8 -+#BUILDSYMLINKS+=bozohttpd.8 +-COPTS+= -DDO_HTPASSWD + PROG= bozohttpd +-LINKS= ${BINDIR}/bozohttpd ${BINDIR}/httpd + MAN= bozohttpd.8 +-MLINKS+=bozohttpd.8 httpd.8 SRCS= bozohttpd.c ssl-bozo.c auth-bozo.c cgi-bozo.c daemon-bozo.c \ - tilde-luzah-bozo.c dir-index-bozo.c content-bozo.c + tilde-luzah-bozo.c dir-index-bozo.c content-bozo.c lua-bozo.c SRCS+= main.c --LDADD= -lcrypt -+LDADD= -lcrypt -lcrypto -lssl - DPADD= ${LIBCRYPT} +-LDADD= -lblocklist -lcrypt -llua -lm +-DPADD= ${LIBBLOCKLIST} ${LIBCRYPT} ${LIBLUA} ${LIBM} +- + WARNS?= 4 - WARNS?= 4 -+NO_WERROR=1 -+ -+BINDIR=$(PREFIX)/libexec ++BINDIR=$(PREFIX)/bin +MANDIR=$(PREFIX)/man/man - --.include ++ + .if defined(.OS.MAKE) + OPSYS= ${.OS.MAKE} + .else +@@ -48,9 +45,6 @@ OPSYS:= ${:!uname -s!:S/-//g:S/\///g} + CPPFLAGS+= -DHAVE_NBUTIL_H + LDADD+= -lnbutil + .endif - --.if ${MKCRYPTO} != "no" -- -LDADD+= -lssl -lcrypto -DPADD+= ${LIBSSL} ${LIBCRYPTO} -- --.else -- --COPTS+= -DNO_SSL_SUPPORT -- --.endif -+#.include -+# -+#.if ${PORT_OPTIONS:MSSL} -+# -+#LDADD+= -lssl -lcrypto -+#DPADD+= ${LIBSSL} ${LIBCRYPTO} -+# -+#.else -+# -+#COPTS+= -DNO_SSL_SUPPORT -+# -+#.endif # # Build release things. Index: www/bozohttpd/files/patch-bozohttpd.8 =================================================================== --- www/bozohttpd/files/patch-bozohttpd.8 (revision 534072) +++ www/bozohttpd/files/patch-bozohttpd.8 (working copy) @@ -1,22 +1,153 @@ ---- bozohttpd.8.orig +--- bozohttpd.8.orig 2020-10-15 04:35:06 UTC +++ bozohttpd.8 -@@ -316,8 +316,8 @@ +@@ -354,12 +354,26 @@ since version 20040828, they take multiple options (2 + .Fl C + and 4 in the case of + .Fl M . ) ++.Ss DEFAULT CONFIGURATION ++On ++.Fx , ++.Nm ++can be enabled as the default web server by adding the following options to ++.Pa /etc/rc.conf ++: ++.Bd -literal ++bozohttpd_enable (bool): Set it to "YES" to enable bozohttpd. ++ Default is "NO". ++bozohttpd_flags (str): Options to pass to bozohttpd. ++ Default is "-b -t /var/empty -U nobody /". ++ The last argument, slashdir, is required. ++.Ed + .Ss INETD CONFIGURATION + As + .Nm +-uses ++normally uses + .Xr inetd 8 +-by default to process incoming TCP connections for HTTP requests ++to process incoming TCP connections for HTTP requests + (but see the + .Fl b + option), +@@ -371,8 +385,8 @@ A typical .Xr inetd.conf 5 entry would be: .Bd -literal -http stream tcp nowait:600 _httpd /usr/libexec/httpd httpd /var/www -http stream tcp6 nowait:600 _httpd /usr/libexec/httpd httpd /var/www -+http stream tcp nowait:600 _httpd @@PREFIX@@/libexec/httpd httpd /var/www -+http stream tcp6 nowait:600 _httpd @@PREFIX@@/libexec/httpd httpd /var/www ++http stream tcp nowait:600 www /usr/local/bin/bozohttpd httpd /var/www ++http stream tcp6 nowait:600 www /usr/local/bin/bozohttpd httpd /var/www .Ed .Pp This would serve web pages from -@@ -447,7 +447,7 @@ +@@ -386,7 +400,7 @@ requests per minute to 600, up from the + default of 40. + .Pp + Using the +-.Nx ++.Fx + .Xr inetd 8 , + you can provide multiple IP-address based HTTP servers by having multiple + listening ports with different configurations. +@@ -438,15 +452,15 @@ jeremy:A.xewbx2DpQ8I + .Ed + .Pp + On +-.Nx , ++.Fx , + the +-.Xr pwhash 1 ++.Xr openssl-passwd 1 + utility may be used to generate hashed passwords. + .Pp +-While ++While the ++.Fx ++port of + .Nm +-distributed with +-.Nx + has support for HTTP Basic Authorization enabled by default, + in the portable distribution it is excluded. + Compile +@@ -456,21 +470,21 @@ with + on the compiler command line to enable this support. + It may require linking with the crypt library, using + .Dq -lcrypt . +-.Ss BLOCKLIST SUPPORT ++.Ss BLACKLIST SUPPORT + On +-.Nx , ++.Fx , + .Nm + supports +-.Xr blocklistd 8 ++.Xr blacklistd 8 + by default. + The support can be disabled with the +-.Dq -DNO_BLOCKLIST_SUPPORT ++.Dq -DNO_BLACKLIST_SUPPORT + compilation option. + .Pp + Upon occurrence, + .Nm + reports two HTTP status codes to +-.Xr blocklistd 8 ++.Xr blacklistd 8 + as failures: + .Em 401 + (``Unauthorized'') +@@ -482,7 +496,7 @@ Of these, + is the one received upon authorization failure with the + HTTP Basic Authorization mechanism. + A successful authorization decreases the counter kept by +-.Xr blocklistd 8 . ++.Xr blacklistd 8 . + .Pp + Note that the implementation of the HTTP Basic Authorization mechanism + uses a redirection; a status code +@@ -491,7 +505,7 @@ is always initially received. + Therefore, a single authorization failure of + .Pa .htpasswd + is reported as two failures to +-.Xr blocklistd 8 , ++.Xr blacklistd 8 , + but no failures are recorded upon successful authorization + due to the decrease of the failure counter. + .Ss SSL SUPPORT +@@ -584,7 +598,7 @@ To configure set of virtual hosts, one would use an .Xr inetd.conf 5 entry like: .Bd -literal -http stream tcp nowait:600 _httpd /usr/libexec/httpd httpd -v /var/vroot /var/www -+http stream tcp nowait:600 _httpd @@PREFIX@@/libexec/httpd httpd -v /var/vroot /var/www ++http stream tcp nowait:600 www /usr/local/bin/bozohttpd httpd -v /var/vroot /var/www .Ed .Pp and inside +@@ -602,7 +616,7 @@ with PHP, one must use the + option to specify a CGI handler for a particular file type. + Typically this will be like: + .Bd -literal +-httpd -C .php /usr/pkg/bin/php-cgi /var/www ++bozohttpd -C .php /usr/pkg/bin/php-cgi /var/www + .Ed + .Pp + Note that a plain script interpreter can not be used directly as a cgihandler, +@@ -615,7 +629,7 @@ might do. + .Pp + It would be invoked like: + .Bd -literal +-httpd -C .pl /www-scripts/bin/run.perl /var/www ++bozohttpd -C .pl /www-scripts/bin/run.perl /var/www + .Ed + and the script could look like: + .Bd -literal +@@ -809,7 +823,7 @@ provided chroot and change-to-user support, and other + .An Jukka Ruohonen + .Aq Mt jruoho@NetBSD.org + provided support for +-.Xr blocklist 8 ++.Xr blacklist 8 + .It + .An Jared McNeill + .Aq Mt jmcneill@NetBSD.org Index: www/bozohttpd/pkg-descr =================================================================== --- www/bozohttpd/pkg-descr (revision 534072) +++ www/bozohttpd/pkg-descr (working copy) @@ -1,10 +1,23 @@ Bozohttpd is a small and secure HTTP version 1.1 server. Its main feature is the lack of features, reducing the code size and improving verifiability. +This is also the minimal web server that is shipped by default in NetBSD. -It supports CGI/1.1, HTTP/1.1, HTTP/1.0, HTTP/0.9, ~user translations, +It supports SSL, CGI/1.1, HTTP/1.1, HTTP/1.0, HTTP/0.9, ~user translations, virtual hosting support, as well as multiple IP-based servers on a single -machine. It is capable of services pages via the IPv6 protocol. It has no -configuration file by design. Recently added features are htpasswd, SSL, -and dynamic redirection, that can be easily disabled. +machine. It is capable of serving pages via the IPv6 protocol. It has no +configuration file by design. Many features are enabled with CLI options. +For extra security, unused features can be excluded when you build the port: + + o Support for blacklistd(8) to avoid DoS abuse + o Common Gateway Interface (CGI) support (-C, -c, -E, -e) + o Optional daemon mode (-b) + o Debug support (-d) + o Automatic directory index if index.html is missing (-X) + o Dynamic content based on file suffixes (-C, -M) + o Basic authentication with .htpasswd files + o SSL/TLS for HTTPS requests (-Z, -z) + o Lua scripts for dynamic content (-L) + o Optional /~user transformation (-e, -p, -u) + WWW: http://www.eterna.com.au/bozohttpd/