Commits
- Commit:
381fccdc5678f3c47b09fca182a68d0515cbdf66
- From:
- Omar Polo <op@omarpolo.com>
- Date:
lower padding
- Commit:
a9885c6d6b49a7d577417ea6987559062d8b361d
- From:
- Omar Polo <op@omarpolo.com>
- Date:
remove outdated note
- Commit:
effbc069ba6d954276182d63a7914d2a784bcffb
- From:
- Omar Polo <op@omarpolo.com>
- Date:
suggest to reload daemons too
- Commit:
379d2608e9b3449d3fb8aba8b383643e177e119a
- From:
- Omar Polo <op@omarpolo.com>
- Date:
suggest /etc/systemd/system instead of /lib/
- Commit:
a9dc6fc60661479bf7961e8198dcdd2746abdacc
- From:
- Omar Polo <op@omarpolo.com>
- Date:
rephrase dockerfile description
- Commit:
456a4c6b6e2d1e506816be64dfc7cb36ca0c822a
- From:
- Omar Polo <op@omarpolo.com>
- Date:
add a "contributing" section
- Commit:
2a7f69f4eeb32a561a5a731e05145136030b4a71
- From:
- Omar Polo <op@omarpolo.com>
- Date:
fix `make static': compile `gg' too!
- Commit:
4252e62cad7a923226723cb2f0f054c12b89b3c2
- From:
- Omar Polo <op@omarpolo.com>
- Date:
"a posix libc" can be left implicit
- Commit:
a68203f089038d253de90759aaf385f79d3ec861
- From:
- Omar Polo <op@omarpolo.com>
- Date:
remove docker section; it's already showed off in the contrib page
- Commit:
f6a65aaef915b0bf8d08f912f40ab132316df8bb
- From:
- Omar Polo <op@omarpolo.com>
- Date:
link the tar.bz2 too
- Commit:
efe75a7660c162c805f528162abc067f9bbe7b7d
- From:
- Omar Polo <op@omarpolo.com>
- Date:
missing version bump in the site generator
- Commit:
1a04137e1869781efcd635a1abd4387ccfa6e56d
- From:
- Omar Polo <op@omarpolo.com>
- Date:
tag 1.8.3 -- "Lightbulb Sun" bugfix release
gmid 1.8.3 "Lightbulb Sun" bugfix release
=========================================
Released March 27, 2022.
signify(1) pubkeys for this release:
RWTy3UJQzpxBUAymBwb2EGLLm0b3H/1n8hzhaC9HYFYzNuTavGt9QSwC
Bug Fixes
~~~~~~~~~
* fix a possible out-of-bound access in the CGI handling. It was
introduced last October during a refactoring, but due to how
many malloc(3) implementations works this hasn't been found
until now. Otto' malloc is more strict fortunately.
- Commit:
ea27eaaa83d61792e75858dc624c58fe1fa13dc9
- From:
- Omar Polo <op@omarpolo.com>
- Date:
fix an out-of-bound access in start_cgi
Long time ago, client->req was a static buffer so the memcpy was safe.
However, it's been since moved to a dynamically allocated string, so
it's very often smaller than sizeof(req.buf) (1024), hence the out of
bound access which results in a SIGSEGV very often on OpenBSD thanks to
Otto' malloc.
The situation with the iri parser, client->req and how the request is
forwarded to the other process needs to be improved: this is just a fix
to address the issue quickly, a better one would be to restructure the
iri parser APIs and rethink how the info is forwarded to the ex process.
- Commit:
6084a9a5ba263ddc8cd67f7e03f2ee0481d4ea77
- From:
- Omar Polo <op@omarpolo.com>
- Date:
prefer sizeof(x) instead of datalen
- Commit:
62a46b03c6f911f3674d6cb7b77a49bac8efad42
- From:
- Omar Polo <op@omarpolo.com>
- Date:
tag 1.8.2 -- "Lightbulb Sun" bugfix release
gmid 1.8.2 "Lightbulb Sun" bugfix release
=========================================
Released March 26, 2022.
signify(1) pubkeys for this release:
RWTy3UJQzpxBUAymBwb2EGLLm0b3H/1n8hzhaC9HYFYzNuTavGt9QSwC
Bug Fixes
~~~~~~~~~
* fix a CGI timing issue: if a connection handled by a CGI scripts
is interrupted with the right timing it causes the server
process to exit with "fatal in client_by_id: invalid id X".
New Features
~~~~~~~~~~~~
* add a new block `type { ... }' to define mime types mapping.
Improvements
~~~~~~~~~~~~
* use shell built-in `command' instead of which(1), prodded by
cage and Allen Sobot.
* configure script: allow to set MANDIR from cmdline (Allen Sobot)
* add systemd-sysusers sample file in contrib/ (Nakaya)
* [linux/seccomp] allow fstatat64(2), llseek(2) and sigreturn(2),
needed by glibc on armv7. (Tobias Berger)
* [linux/seccomp] tightens rules by allowing openat(2) only with
the O_RDONLY flag.