Commits
- Commit:
2a7f69f4eeb32a561a5a731e05145136030b4a71
- From:
- Omar Polo <op@omarpolo.com>
- Date:
fix `make static': compile `gg' too!
- Commit:
4252e62cad7a923226723cb2f0f054c12b89b3c2
- From:
- Omar Polo <op@omarpolo.com>
- Date:
"a posix libc" can be left implicit
- Commit:
a68203f089038d253de90759aaf385f79d3ec861
- From:
- Omar Polo <op@omarpolo.com>
- Date:
remove docker section; it's already showed off in the contrib page
- Commit:
f6a65aaef915b0bf8d08f912f40ab132316df8bb
- From:
- Omar Polo <op@omarpolo.com>
- Date:
link the tar.bz2 too
- Commit:
efe75a7660c162c805f528162abc067f9bbe7b7d
- From:
- Omar Polo <op@omarpolo.com>
- Date:
missing version bump in the site generator
- Commit:
1a04137e1869781efcd635a1abd4387ccfa6e56d
- From:
- Omar Polo <op@omarpolo.com>
- Date:
tag 1.8.3 -- "Lightbulb Sun" bugfix release
gmid 1.8.3 "Lightbulb Sun" bugfix release
=========================================
Released March 27, 2022.
signify(1) pubkeys for this release:
RWTy3UJQzpxBUAymBwb2EGLLm0b3H/1n8hzhaC9HYFYzNuTavGt9QSwC
Bug Fixes
~~~~~~~~~
* fix a possible out-of-bound access in the CGI handling. It was
introduced last October during a refactoring, but due to how
many malloc(3) implementations works this hasn't been found
until now. Otto' malloc is more strict fortunately.
- Commit:
ea27eaaa83d61792e75858dc624c58fe1fa13dc9
- From:
- Omar Polo <op@omarpolo.com>
- Date:
fix an out-of-bound access in start_cgi
Long time ago, client->req was a static buffer so the memcpy was safe.
However, it's been since moved to a dynamically allocated string, so
it's very often smaller than sizeof(req.buf) (1024), hence the out of
bound access which results in a SIGSEGV very often on OpenBSD thanks to
Otto' malloc.
The situation with the iri parser, client->req and how the request is
forwarded to the other process needs to be improved: this is just a fix
to address the issue quickly, a better one would be to restructure the
iri parser APIs and rethink how the info is forwarded to the ex process.
- Commit:
6084a9a5ba263ddc8cd67f7e03f2ee0481d4ea77
- From:
- Omar Polo <op@omarpolo.com>
- Date:
prefer sizeof(x) instead of datalen
- Commit:
62a46b03c6f911f3674d6cb7b77a49bac8efad42
- From:
- Omar Polo <op@omarpolo.com>
- Date:
tag 1.8.2 -- "Lightbulb Sun" bugfix release
gmid 1.8.2 "Lightbulb Sun" bugfix release
=========================================
Released March 26, 2022.
signify(1) pubkeys for this release:
RWTy3UJQzpxBUAymBwb2EGLLm0b3H/1n8hzhaC9HYFYzNuTavGt9QSwC
Bug Fixes
~~~~~~~~~
* fix a CGI timing issue: if a connection handled by a CGI scripts
is interrupted with the right timing it causes the server
process to exit with "fatal in client_by_id: invalid id X".
New Features
~~~~~~~~~~~~
* add a new block `type { ... }' to define mime types mapping.
Improvements
~~~~~~~~~~~~
* use shell built-in `command' instead of which(1), prodded by
cage and Allen Sobot.
* configure script: allow to set MANDIR from cmdline (Allen Sobot)
* add systemd-sysusers sample file in contrib/ (Nakaya)
* [linux/seccomp] allow fstatat64(2), llseek(2) and sigreturn(2),
needed by glibc on armv7. (Tobias Berger)
* [linux/seccomp] tightens rules by allowing openat(2) only with
the O_RDONLY flag.
- Commit:
da613aba4b0d28c5d8368ba2fc5e91cf5f6604b1
- From:
- Omar Polo <op@omarpolo.com>
- Date:
bump Mdocdate
- Commit:
57d2fca4b460c3c6aceb3f3aa6cc97ece9316022
- From:
- Omar Polo <op@omarpolo.com>
- Date:
add target `test' alias for `regress'
- Commit:
3fdc457c8db0550a6143ab626bfefe3351ab0b93
- From:
- Omar Polo <op@omarpolo.com>
- Date:
swap try_client_by_id with client_by_id
i.e. allow client_by_id to fail and return NULL.
Initially I thought it was a good idea to shut down a server process
if we receive an invalid client id as reply from one of our requests
to the executor process. This turned out not to be correct since a
client can (read: will) disconnect in the delay beteewn we acknowledge
their request and the cgi script execution.
The fastcgi and proxy handler already handled this situation, so
they're unaffected.
This allows an attacker to make gmid unresponsible by just making
enough requests until they hit the right timing.
- Commit:
409a2599b30159207a7d4da6a7fd7aede4a4327f
- From:
- Omar Polo <op@omarpolo.com>
- Date:
move to a different server
- Commit:
91971201e545529098ac2b9bc374a383a637e28f
- From:
- Omar Polo <op@omarpolo.com>
- Date:
break out if check_reply fails
it's not a problem when we have only one check_reply at then end,
since $? is kept across function boundaries, but when we have multiple
checks we need to quit on the first error.
- Commit:
894e998423b80574490efa9c50ad82adfa874b47
- From:
- Omar Polo <op@omarpolo.com>
- Date:
sync imsg-buffer.c
original commit from eric@:
change the barrier so that fd's are always passed and received with
the first byte of the imsg they belong to.
idea, tweaks and ok claudio@