NetBSD Problem Report #56026
From ryo@tetera.org Fri Feb 26 16:30:29 2021
Return-Path: <ryo@tetera.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id D9BEB1A921F
for <gnats-bugs@gnats.NetBSD.org>; Fri, 26 Feb 2021 16:30:28 +0000 (UTC)
Message-Id: <60392221.1c69fb81.f19ff.8470@mx.google.com>
Date: Sat, 27 Feb 2021 01:30:21 +0900
From: ryo@tetera.org
Reply-To: ryo@tetera.org
To: gnats-bugs@NetBSD.org
Subject: MIME type of .tar.xz file on ny{cdn,ftp}.NetBSD.org is invalid
X-Send-Pr-Version: 3.95
>Number: 56026
>Category: misc
>Synopsis: MIME type of .tar.xz file on ny{cdn,ftp}.NetBSD.org is invalid
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: mrg
>State: closed
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Fri Feb 26 16:35:00 +0000 2021
>Closed-Date: Sun Oct 03 13:31:57 +0000 2021
>Last-Modified: Wed May 18 00:50:04 +0000 2022
>Originator: Ryo ONODERA
>Release: NetBSD 9.99.80
>Organization:
Ryo ONODERA // ryo@tetera.org
PGP fingerprint = 82A2 DC91 76E0 A10A 8ABB FD1B F404 27FA C7D1 15F3
>Environment:
System: NetBSD brownie 9.99.80 NetBSD 9.99.80 (DTRACE7) #0: Fri Feb 26 15:59:31 JST 2021 ryoon@brownie:/usr/world/9.99/amd64/obj/sys/arch/amd64/compile/DTRACE7 amd64
Architecture: x86_64
Machine: amd64
>Description:
.tar.xz files on ny{cdn,ftp}.NetBSD.org has text/plain as MIME type.
It is obviously incorrect.
I have no idea about correct MIME type, however text/plain is invalid
for these binary files.
$ w3m -dump_head http://nycdn.netbsd.org/pub/NetBSD-daily/HEAD/202102250220Z/amd64/binary/sets/base.tar.xz
HTTP/1.1 200 OK
Server: bozohttpd/20190228
Last-Modified: Thu, 25 Feb 2021 05:03:20 GMT
Content-Type: text/plain
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Age: 0
Content-Length: 45929176
Date: Fri, 26 Feb 2021 16:25:11 GMT
Connection: close
X-Served-By: cache-lga21923-LGA, cache-itm18827-ITM
X-Cache: MISS, MISS
X-Cache-Hits: 0, 0
X-Timer: S1614356712.615618,VS0,VE333
$ w3m -dump_head http://nyftp.netbsd.org/pub/NetBSD-daily/HEAD/202102250220Z/amd64/binary/sets/base.tar.xz
HTTP/1.0 200 OK
Date: Fri, 26 Feb 2021 16:25:54 GMT
Server: bozohttpd/20190228
Accept-Ranges: bytes
Last-Modified: Thu, 25 Feb 2021 05:03:20 GMT
Content-Type: text/plain
Content-Length: 45929176
If MIME type is text/plain, I cannot download .tar.xz files
with pkgsrc/www/w3m web browser by default.
>How-To-Repeat:
See Description section.
>Fix:
I have no idea.
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: misc-bug-people->mrg
Responsible-Changed-By: mrg@NetBSD.org
Responsible-Changed-When: Sat, 27 Feb 2021 12:56:35 +0000
Responsible-Changed-Why:
i commited a fix, will need pullups and installation.
State-Changed-From-To: open->analyzed
State-Changed-By: mrg@NetBSD.org
State-Changed-When: Sat, 27 Feb 2021 12:56:35 +0000
State-Changed-Why:
problem is known, solution is in progress
From: "matthew green" <mrg@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/56026 CVS commit: src/libexec/httpd
Date: Sat, 27 Feb 2021 12:55:25 +0000
Module Name: src
Committed By: mrg
Date: Sat Feb 27 12:55:25 UTC 2021
Modified Files:
src/libexec/httpd: CHANGES bozohttpd.c content-bozo.c
Log Message:
changes in bozohttpd 20210227:
o new support for content types: .tar.bz2, .tar.xz, .tar.lz,
.tar.zst, .tbz2, .txz, .tlz, .zipx, .xz, .zst, .sz, .lz, .lzma,
.lzo, .7z, .lzo, .cab, .dmg, .jar, and .rar. should fix
netbsd PR#56026:
MIME type of .tar.xz file on ny{cdn,ftp}.NetBSD.org is invalid
To generate a diff of this commit:
cvs rdiff -u -r1.46 -r1.47 src/libexec/httpd/CHANGES
cvs rdiff -u -r1.127 -r1.128 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.19 -r1.20 src/libexec/httpd/content-bozo.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "matthew green" <mrg@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/56026 CVS commit: pkgsrc/www/bozohttpd
Date: Wed, 3 Mar 2021 10:09:13 +0000
Module Name: pkgsrc
Committed By: mrg
Date: Wed Mar 3 10:09:13 UTC 2021
Modified Files:
pkgsrc/www/bozohttpd: Makefile distinfo
pkgsrc/www/bozohttpd/patches: patch-Makefile.boot
Log Message:
update to bozohttpd 20210227.
changes in bozohttpd 20210227:
o new support for content types: .tar.bz2, .tar.xz, .tar.lz,
.tar.zst, .tbz2, .txz, .tlz, .zipx, .xz, .zst, .sz, .lz, .lzma,
.lzo, .7z, .lzo, .cab, .dmg, .jar, and .rar. should fix
netbsd PR#56026:
MIME type of .tar.xz file on ny{cdn,ftp}.NetBSD.org is invalid
changes in bozohttpd 20210211:
o fix various NULL derefs from malformed headers. mostly from
<emily@ingalls.rocks>.
o fix memory leaks in library interface: add bozo_cleanup().
To generate a diff of this commit:
cvs rdiff -u -r1.95 -r1.96 pkgsrc/www/bozohttpd/Makefile
cvs rdiff -u -r1.73 -r1.74 pkgsrc/www/bozohttpd/distinfo
cvs rdiff -u -r1.1 -r1.2 pkgsrc/www/bozohttpd/patches/patch-Makefile.boot
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "Martin Husemann" <martin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/56026 CVS commit: [netbsd-9] src
Date: Fri, 5 Mar 2021 13:34:20 +0000
Module Name: src
Committed By: martin
Date: Fri Mar 5 13:34:19 UTC 2021
Modified Files:
src/lib/lua/bozohttpd [netbsd-9]: Makefile
src/libexec/httpd [netbsd-9]: CHANGES Makefile Makefile.boot
auth-bozo.c bozohttpd.8 bozohttpd.c bozohttpd.h cgi-bozo.c
content-bozo.c daemon-bozo.c dir-index-bozo.c main.c printenv.lua
ssl-bozo.c
src/libexec/httpd/libbozohttpd [netbsd-9]: Makefile libbozohttpd.3
src/libexec/httpd/small [netbsd-9]: Makefile
src/libexec/httpd/testsuite [netbsd-9]: Makefile
Added Files:
src/libexec/httpd/testsuite [netbsd-9]: t16.out t17.out t18.out
Log Message:
Pull up the following (all via patch), requested by mrg in ticket #1221:
lib/lua/bozohttpd/Makefile (apply patch)
libexec/httpd/Makefile 1.30-1.31
libexec/httpd/Makefile.boot 1.7-1.9
libexec/httpd/auth-bozo.c 1.25-1.26
libexec/httpd/bozohttpd.8 1.80-1.87
libexec/httpd/bozohttpd.c 1.114-1.123,1.125-1.128
libexec/httpd/bozohttpd.h 1.61-1.68
libexec/httpd/cgi-bozo.c 1.49-1.53
libexec/httpd/content-bozo.c 1.17-1.20
libexec/httpd/daemon-bozo.c 1-.22
libexec/httpd/dir-index-bozo.c 1.33-1.34
libexec/httpd/main.c 1.23-1.27
libexec/httpd/printenv.lua 1.4-1.5
libexec/httpd/ssl-bozo.c 1.27-1.29
libexec/httpd/libbozohttpd/libbozohttpd.3 1.5-1.6
libexec/httpd/small/Makefile 1.4
libexec/httpd/testsuite/Makefile 1.14
libexec/httpd/testsuite/t16.in 1.1
libexec/httpd/testsuite/t16.out 1.1
libexec/httpd/testsuite/t17.in 1.1
libexec/httpd/testsuite/t17.out 1.1
libexec/httpd/testsuite/t18.in 1.1
libexec/httpd/testsuite/t18.out 1.1
Update to bozohttpd 20210227.
Apply lua build fix (no blocklist support on this branch).
changes in bozohttpd 20210227:
o new support for content types: .tar.bz2, .tar.xz, .tar.lz,
.tar.zst, .tbz2, .txz, .tlz, .zipx, .xz, .zst, .sz, .lz, .lzma,
.lzo, .7z, .lzo, .cab, .dmg, .jar, and .rar. should fix
netbsd PR#56026:
MIME type of .tar.xz file on ny{cdn,ftp}.NetBSD.org is invalid
changes in bozohttpd 20210211:
o fix various NULL derefs from malformed headers. mostly from
<emily@ingalls.rocks>.
o fix memory leaks in library interface: add bozo_cleanup().
changes in bozohttpd 20201014:
o also set -D_GNU_SOURCE in Makefile.boot. from
hadrien.lacour@posteo.net.
o fix array size botch (assertion, not exploitable.) from
martin@netbsd.org.
o also match %2F as well as %2f. from leah@vuxu.org.
o many manual and help fixes. clean ups for higher lint levels,
consistency/style clean ups. various option fixes including made
-f imply -b. from <henrik@gulbra.net> for freebsd.
changes in bozohttpd 20200912:
o add .m4a and .m4v file extensions.
changes in bozohttpd 20200820:
o make this work on sun2 by reducing mmap window there.
o fix SSL shutdown sequence. from spz@netbsd.org.
o add readme support to directory indexing. from jmcneill@netbsd.org
o add blocklist(8) support. from jruoho@netbsd.org.
To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.1.6.1 src/lib/lua/bozohttpd/Makefile
cvs rdiff -u -r1.40 -r1.40.2.1 src/libexec/httpd/CHANGES
cvs rdiff -u -r1.28 -r1.28.2.1 src/libexec/httpd/Makefile
cvs rdiff -u -r1.6 -r1.6.28.1 src/libexec/httpd/Makefile.boot
cvs rdiff -u -r1.24 -r1.24.2.1 src/libexec/httpd/auth-bozo.c
cvs rdiff -u -r1.79 -r1.79.2.1 src/libexec/httpd/bozohttpd.8
cvs rdiff -u -r1.113.2.1 -r1.113.2.2 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.60 -r1.60.2.1 src/libexec/httpd/bozohttpd.h
cvs rdiff -u -r1.48 -r1.48.2.1 src/libexec/httpd/cgi-bozo.c
cvs rdiff -u -r1.16 -r1.16.2.1 src/libexec/httpd/content-bozo.c
cvs rdiff -u -r1.21 -r1.21.2.1 src/libexec/httpd/daemon-bozo.c
cvs rdiff -u -r1.32 -r1.32.2.1 src/libexec/httpd/dir-index-bozo.c
cvs rdiff -u -r1.22 -r1.22.2.1 src/libexec/httpd/main.c
cvs rdiff -u -r1.3 -r1.3.18.1 src/libexec/httpd/printenv.lua
cvs rdiff -u -r1.26 -r1.26.2.1 src/libexec/httpd/ssl-bozo.c
cvs rdiff -u -r1.3 -r1.3.12.1 src/libexec/httpd/libbozohttpd/Makefile
cvs rdiff -u -r1.4 -r1.4.14.1 src/libexec/httpd/libbozohttpd/libbozohttpd.3
cvs rdiff -u -r1.3 -r1.3.26.1 src/libexec/httpd/small/Makefile
cvs rdiff -u -r1.13 -r1.13.2.1 src/libexec/httpd/testsuite/Makefile
cvs rdiff -u -r0 -r1.1.2.2 src/libexec/httpd/testsuite/t16.out \
src/libexec/httpd/testsuite/t17.out src/libexec/httpd/testsuite/t18.out
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "Martin Husemann" <martin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/56026 CVS commit: [netbsd-8] src/libexec/httpd
Date: Sat, 27 Mar 2021 13:38:52 +0000
Module Name: src
Committed By: martin
Date: Sat Mar 27 13:38:52 UTC 2021
Modified Files:
src/libexec/httpd [netbsd-8]: CHANGES Makefile Makefile.boot
auth-bozo.c bozohttpd.8 bozohttpd.c bozohttpd.h cgi-bozo.c
content-bozo.c daemon-bozo.c dir-index-bozo.c main.c printenv.lua
ssl-bozo.c
src/libexec/httpd/libbozohttpd [netbsd-8]: Makefile libbozohttpd.3
src/libexec/httpd/small [netbsd-8]: Makefile
src/libexec/httpd/testsuite [netbsd-8]: Makefile
Added Files:
src/libexec/httpd/testsuite [netbsd-8]: t16.in t16.out t17.in t17.out
t18.in t18.out
Log Message:
Pull up the following via patch, requested by mrg in ticket #1668:
Makefile 1.30-1.31
Makefile.boot 1.7-1.9
auth-bozo.c 1.25-1.26
bozohttpd.8 1.80-1.87
bozohttpd.c 1.114-1.123,1.125-1.128
bozohttpd.h 1.61-1.68
cgi-bozo.c 1.49-1.53
content-bozo.c 1.17-1.20
daemon-bozo.c 1-.22
dir-index-bozo.c 1.33-1.34
main.c 1.23-1.27
printenv.lua 1.4-1.5
ssl-bozo.c 1.27-1.29
libbozohttpd/libbozohttpd.3 1.5-1.6
small/Makefile 1.4
testsuite/Makefile 1.14
testsuite/t16.in 1.1
testsuite/t16.out 1.1
testsuite/t17.in 1.1
testsuite/t17.out 1.1
testsuite/t18.in 1.1
testsuite/t18.out 1.1
Update to bozohttpd 20210227.
changes in bozohttpd 20210227:
o new support for content types: .tar.bz2, .tar.xz, .tar.lz,
.tar.zst, .tbz2, .txz, .tlz, .zipx, .xz, .zst, .sz, .lz, .lzma,
.lzo, .7z, .lzo, .cab, .dmg, .jar, and .rar. should fix
netbsd PR#56026:
MIME type of .tar.xz file on ny{cdn,ftp}.NetBSD.org is invalid
changes in bozohttpd 20210211:
o fix various NULL derefs from malformed headers. mostly from
<emily@ingalls.rocks>.
o fix memory leaks in library interface: add bozo_cleanup().
changes in bozohttpd 20201014:
o also set -D_GNU_SOURCE in Makefile.boot. from
hadrien.lacour@posteo.net.
o fix array size botch (assertion, not exploitable.) from
martin@netbsd.org.
o also match %2F as well as %2f. from leah@vuxu.org.
o many manual and help fixes. clean ups for higher lint levels,
consistency/style clean ups. various option fixes including made
-f imply -b. from <henrik@gulbra.net> for freebsd.
changes in bozohttpd 20200912:
o add .m4a and .m4v file extensions.
changes in bozohttpd 20200820:
o make this work on sun2 by reducing mmap window there.
o fix SSL shutdown sequence. from spz@netbsd.org.
o add readme support to directory indexing. from jmcneill@netbsd.org
o add blocklist(8) support. from jruoho@netbsd.org.
To generate a diff of this commit:
cvs rdiff -u -r1.25.4.3 -r1.25.4.4 src/libexec/httpd/CHANGES
cvs rdiff -u -r1.27.2.1 -r1.27.2.2 src/libexec/httpd/Makefile
cvs rdiff -u -r1.6 -r1.6.18.1 src/libexec/httpd/Makefile.boot
cvs rdiff -u -r1.18.8.2 -r1.18.8.3 src/libexec/httpd/auth-bozo.c
cvs rdiff -u -r1.65.4.2 -r1.65.4.3 src/libexec/httpd/bozohttpd.8
cvs rdiff -u -r1.86.4.5 -r1.86.4.6 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.47.4.3 -r1.47.4.4 src/libexec/httpd/bozohttpd.h
cvs rdiff -u -r1.37.4.4 -r1.37.4.5 src/libexec/httpd/cgi-bozo.c
cvs rdiff -u -r1.14.6.1 -r1.14.6.2 src/libexec/httpd/content-bozo.c
cvs rdiff -u -r1.17.8.2 -r1.17.8.3 src/libexec/httpd/daemon-bozo.c
cvs rdiff -u -r1.25.8.2 -r1.25.8.3 src/libexec/httpd/dir-index-bozo.c
cvs rdiff -u -r1.16.6.2 -r1.16.6.3 src/libexec/httpd/main.c
cvs rdiff -u -r1.3 -r1.3.8.1 src/libexec/httpd/printenv.lua
cvs rdiff -u -r1.22.8.2 -r1.22.8.3 src/libexec/httpd/ssl-bozo.c
cvs rdiff -u -r1.3 -r1.3.2.1 src/libexec/httpd/libbozohttpd/Makefile
cvs rdiff -u -r1.4 -r1.4.4.1 src/libexec/httpd/libbozohttpd/libbozohttpd.3
cvs rdiff -u -r1.3 -r1.3.16.1 src/libexec/httpd/small/Makefile
cvs rdiff -u -r1.7.4.2 -r1.7.4.3 src/libexec/httpd/testsuite/Makefile
cvs rdiff -u -r0 -r1.1.2.2 src/libexec/httpd/testsuite/t16.in \
src/libexec/httpd/testsuite/t17.in src/libexec/httpd/testsuite/t18.in
cvs rdiff -u -r0 -r1.1.4.2 src/libexec/httpd/testsuite/t16.out \
src/libexec/httpd/testsuite/t17.out src/libexec/httpd/testsuite/t18.out
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: analyzed->closed
State-Changed-By: ryoon@NetBSD.org
State-Changed-When: Sun, 03 Oct 2021 13:31:57 +0000
State-Changed-Why:
Works fine for me now. Thank you.
From: "matthew green" <mrg@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/56026 CVS commit: pkgsrc/www/bozohttpd
Date: Wed, 18 May 2022 00:46:46 +0000
Module Name: pkgsrc
Committed By: mrg
Date: Wed May 18 00:46:46 UTC 2022
Modified Files:
pkgsrc/www/bozohttpd: Makefile distinfo
Log Message:
update to bozohttpd 20220517. changes include:
o remove obsolete .bzdirect handling.
o new "-m tlsversion" option to set the minimum TLS version
available. partially from <sunil@nimmagadda.net>.
o extend the list of available ciphers to include most of the
openssl "HIGH" with some additional disables. retain the current
list of bad options. should deal with PR#51278.
o don't assume host BUFSIZ is sufficient. small BUFSIZ leads to
always happens errors in the testsuite. switch all these buffers
to be 4KiB sized. reported by embr <git@liclac.eu>
o fix a denial of service attack against initial request contents,
now bounded at 16KiB. reported by Justin Parrott in PR#56085
o new support for content types: .tar.bz2, .tar.xz, .tar.lz,
.tar.zst, .tbz2, .txz, .tlz, .zipx, .xz, .zst, .sz, .lz, .lzma,
.lzo, .7z, .lzo, .cab, .dmg, .jar, and .rar. should fix
netbsd PR#56026:
MIME type of .tar.xz file on ny{cdn,ftp}.NetBSD.org is invalid
o fix various NULL derefs from malformed headers. mostly from
<emily@ingalls.rocks>.
o fix memory leaks in library interface: add bozo_cleanup().
To generate a diff of this commit:
cvs rdiff -u -r1.97 -r1.98 pkgsrc/www/bozohttpd/Makefile
cvs rdiff -u -r1.76 -r1.77 pkgsrc/www/bozohttpd/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.