Commits
Commit:
a555e0d67baef271ffe4a186326ee5f1c16fff75
Author:
Omar Polo <op@omarpolo.com>
Date:
Mon Jul 4 09:48:39 2022 UTC
copyright years
Commit:
f2f8eb35c86c4e1c1d858e782c864deac0511cd3
Author:
Omar Polo <op@omarpolo.com>
Date:
Mon Jul 4 09:31:36 2022 UTC
encode file names in the directory index

Spotted the hard way by cage
Commit:
5e41063f1b0cd8f096ec925777bc4cf4ef6ba828
Author:
Omar Polo <op@omarpolo.com>
Date:
Mon Jul 4 08:15:39 2022 UTC
bugfix: allow @ and : in paths

gmid would disallow the '@' and ':' characters in paths (unless
percent-encoded.) Issue reported by freezr.
Commit:
4842c72d9f3f45478cb641e15a3272e541fb8a18
Author:
Omar Polo <op@omarpolo.com>
Date:
Mon Oct 18 10:05:55 2021 UTC
fmt
Commit:
fa0299a26d6e0cc83135a7f46e74710a9d5a8efa
Author:
Omar Polo <op@omarpolo.com>
Date:
Sat Oct 2 17:20:56 2021 UTC
drop now unused trim_req_iri
Commit:
e15fc9573666054bdff5feecf8b2b130ca00cc76
Author:
Omar Polo <op@omarpolo.com>
Date:
Fri Sep 24 08:12:40 2021 UTC
change struct initialization

makes more explicit which fields we're setting.

(and kill an extra empty line)
Commit:
df0c2926ccb753d07a3f20f3626a20f7079453ee
Author:
Omar Polo <op@omarpolo.com>
Date:
Fri Sep 24 08:08:49 2021 UTC
use memset(3) rather than bzero(3)

There's no difference, but bzero(3) says

STANDARDS
The bzero() function conforms to the X/Open System Interfaces option of
the IEEE Std 1003.1-2004 (“POSIX.1”) specification. It was removed from
the standard in IEEE Std 1003.1-2008 (“POSIX.1”), which recommends using
memset(3) instead.

so here we are.
Commit:
a8a1f439210de9538b196c6bb5470c306379128c
Author:
Omar Polo <op@omarpolo.com>
Date:
Wed Jul 7 09:46:37 2021 UTC
style(9)-ify
Commit:
80fbf1e934ed1e2dafea65e88bb91a501f175a3b
Author:
Omar Polo <op@omarpolo.com>
Date:
Wed Jun 16 15:04:42 2021 UTC
make sure l is always initialized

I can't think of cases where we reach serialize_iri and path is NULL,
but let's keep the safe side and initialize l. gcc 8 found this,
clang didn't.
Commit:
9d092b607a25f4598557792be5ec35f02c3ae966
Author:
Omar Polo <op@omarpolo.com>
Date:
Mon Apr 12 20:11:47 2021 UTC
fix IRI-parsing bug

Some particularly crafted IRIs can cause a denial of service (DOS).
IRIs which have a trailing `..' segment and resolve to a valid IRI
(i.e. a .. that's not escaping the root directory) will make the
server process loop forever.

This is """just""" an DOS vulnerability, it doesn't expose anything
sensitive or give an attacker anything else.
Commit:
52418c8d828bc25e0e84cc25d5e349a84be0b397
Author:
Omar Polo <op@omarpolo.com>
Date:
Fri Feb 12 12:47:20 2021 UTC
fix various compilation errors

Include gmid.h as first header in every file, as it then includes
config.h (that defines _GNU_SOURCE for instance).

Fix also a warning about unsigned vs signed const char pointers in
openssl.
Commit:
9f006a2127398af12ecf9159cd5ef28b3685e7a6
Author:
Omar Polo <op@omarpolo.com>
Date:
Sun Feb 7 18:55:04 2021 UTC
[cgi] split the query in words if needed and add them to the argv
Commit:
19e7bd00a3d1b2574e3ed149fa354d45e83a8b50
Author:
Omar Polo <op@omarpolo.com>
Date:
Sat Feb 6 09:33:48 2021 UTC
[iri] accept also : and @

again, to be RFC3986 compliant.
Commit:
8404ec301fed4f0bb5a3d1e7b5a2e184a93cc4e5
Author:
Omar Polo <op@omarpolo.com>
Date:
Fri Feb 5 14:31:53 2021 UTC
don't %-decode the query
Commit:
2fafa2d23e5607def335902b7a9d10a9de5247a9
Author:
Omar Polo <op@omarpolo.com>
Date:
Mon Feb 1 11:11:43 2021 UTC
bring the CGI implementation in par with GLV-1.12556
Omar Polo