Commit graph

71 commits

Author SHA1 Message Date
Jo-Philipp Wich
05a4200d56 uhttpd: fix query string handling
Update to latest Git in order to fix potential memory corruption and invalid
memory access when handling query strings in conjunction with active basic
authentication.

a235636 2017-11-04 file: fix query string handling

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-11-07 12:02:06 +01:00
Adrian Panella
ab26fc6c8d uhttp: update to latest version
3fd58e9 2017-08-19 uhttpd: add manifest support
88c0b4b 2017-07-09 file: fix basic auth regression
99957f6 2017-07-02 file: remove unused "auth" member from struct
path_info
c0a569d 2017-07-02 proc: expose HTTP_AUTH_USER and HTTP_AUTH_PASS
ad93be7 2017-07-02 auth: store parsed username and password
fa51d7f 2017-07-02 proc: do not declare empty process variables
a8bf9c0 2017-01-26 uhttpd: Add TCP_FASTOPEN support
e6cfc91 2016-10-25 lua: ensure that PATH_INFO starts with a slash

Signed-off-by: Adrian Panella <ianchi74@outlook.com>
2017-09-21 23:03:46 +02:00
Ansuel Smith
324ec18615 uhttpd: Enable integrated Lua by default
We enabled lua interpreter by default as it doesn't make any problem in the uhttpd config file and we modify the index page to use it.

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2017-05-16 16:57:01 +02:00
Felix Fietkau
47cf238779 uhttpd: drop uhttpd-mod-tls, it has been useless for years
Before the rewrite, uhttpd-mod-tls used to contain a tls plugin.
Afterwards it was left in for compatibility reasons, but given how much
has changed, and that we're about to change the default SSL
implementation again, it's better to just drop this now

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-22 16:46:01 +01:00
Felix Fietkau
c7c1cf5618 treewide: clean up and unify PKG_VERSION for git based downloads
Also use default defintions for PKG_SOURCE_SUBDIR, PKG_SOURCE

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-22 16:42:21 +01:00
Felix Fietkau
720b99215d treewide: clean up download hashes
Replace *MD5SUM with *HASH, replace MD5 hashes with SHA256

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-16 22:39:22 +01:00
Jo-Philipp Wich
81b256ee00 uhttpd: fix handling of special "/" prefix when matching handlers
The special prefix of "/" should match any url by definition but the final
assertion which ensures that the matched prefix ends in '\0' or '/' is causing
matches against the "/" prefix to fail.

Update to current HEAD in order to fix this particular case.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-10-25 16:38:50 +02:00
Felix Fietkau
175b59c59b uhttpd: update to the latest version, adds a small json handler fix
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-10-08 13:50:54 +02:00
Daniel Engberg
9edfe7dd13 source: Switch to xz for packages and tools where possible
* Change git packages to xz
* Update mirror checksums in packages where they are used
* Change a few source tarballs to xz if available upstream
* Remove unused lines in packages we're touching, requested by jow- and blogic
* We're relying more on xz-utils so add official mirror as primary source, master site as secondary.
* Add SHA256 checksums to multiple git tarball packages

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2016-10-06 12:16:56 +02:00
Hannu Nyman
3c4858eeb2 uhttpd: support using OpenSSL for certificate generation
Support the usage of the OpenSSL command-line tool for generating
the SSL certificate for uhttpd. Traditionally 'px5g' based on
PolarSSL (or mbedTLS in LEDE), has been used for the creation.

uhttpd init script is enhanced by adding detection of an installed
openssl command-line binary (provided by 'openssl-util' package),
and if found, the tool is used for certificate generation.

Note: After this patch the script prefers to use the OpenSSL tool
if both it and px5g are installed.

This enables creating a truly OpenSSL-only version of LuCI
without dependency to PolarSSL/mbedTLS based px5g.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2016-10-05 00:48:19 +02:00
Felix Fietkau
475e94b1d2 uhttpd: update to the latest version, adds some extensions to handler script support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-16 19:00:16 +02:00
John Crispin
62dc9831d3 package/*: update git urls for project repos
Signed-off-by: John Crispin <john@phrozen.org>
2016-06-13 22:51:41 +02:00
Jo-Philipp Wich
24a7ccb056 treewide: replace jow@openwrt.org with jo@mein.io
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-07 11:42:52 +02:00
Felix Fietkau
7eeb254cc4 treewide: replace nbd@openwrt.org with nbd@nbd.name
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-07 08:58:42 +02:00
Felix Fietkau
b570c0c88e uhttpd: use configured distribution name for SSL certificate CN
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-05-21 12:42:44 +02:00
Felix Fietkau
808a605453 uhttpd: add option for mbedtls
Signed-off-by: Daniel Golle <daniel@makrotopia.org>

SVN-Revision: 48343
2016-01-19 10:06:18 +00:00
Felix Fietkau
a5dc438274 uhttpd: move to git.openwrt.org
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48122
2016-01-04 15:12:21 +00:00
Felix Fietkau
1d6a530fe6 uhttpd: update to the latest version, adds support for redirect helper scripts
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47419
2015-11-08 20:39:09 +00:00
John Crispin
27002c207e uhttpd: update to latest git HEAD
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 47240
2015-10-20 18:16:05 +00:00
John Crispin
00df239f60 uhttpd: update to latest git revision
adds URL alias support

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 47206
2015-10-19 10:08:01 +00:00
Jo-Philipp Wich
b345461070 uhttpd: fix keep-alive bug (#20607, #20661)
The two commits

  5162e3b0ee7bd1d0fd6e75e1ca7993a1834b5291
	"allow request handlers to disable chunked reponses"

and

  618493e378e2239f0d30902e47adfa134e649fdc
	"file: disable chunked encoding for file responses"

broke the chunked transfer encoding handling for proc responses in keep-alive
connections that followed a file response with http status 204 or 304.

The effect of this bug is that cgi responses following a 204 or 304 one where
sent neither in chunked encoding nor with a content-length header, causing
browsers to stall until the keep alive timeout was reached.

Fix the logic flaw by inverting the chunk prevention flag in the client state
and by testing the chunked encoding preconditions every time instead of
once upon client (re-)initialization.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 47161
2015-10-07 22:14:48 +00:00
Felix Fietkau
b850e1e59f uhttpd: update to the latest version, fixes deferred cgi script processing (#20458)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 46807
2015-09-07 19:18:58 +00:00
Jo-Philipp Wich
241d151b9c uhttpd: pass X-HTTP-Method-Override header to cgi scripts
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 46677
2015-08-17 16:17:36 +00:00
Jo-Philipp Wich
531a7e469a uhttpd: use 307 for HTTPS redirections to retain request method
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 45853
2015-05-30 21:14:33 +00:00
Jo-Philipp Wich
4f58248a7d uhttpd: add support for enforcing https
Also set HTTPS environment variable for CGI programs on SSL connections.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 45852
2015-05-30 20:55:14 +00:00
Jo-Philipp Wich
be16b184e2 uhttpd: inhibit chunked transfer encoding for static file responses
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 45850
2015-05-30 14:05:40 +00:00
John Crispin
6aff392bff uhttpd: properly handle return codes
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 45153
2015-03-30 12:35:13 +00:00
Nicolas Thill
81ff0511df packages: more (e)glibc fixes after r44701
_GNU_SOURCE has been declared "deprecated" in favor of _DEFAULT_SOURCE in glibc

Signed-off-by: Nicolas Thill <nico@openwrt.org>

SVN-Revision: 44843
2015-03-16 12:32:22 +00:00
John Crispin
e69626901e uhttp: update to latest git HEAD
this add json-c 0.12, sorry forgot to push this earlier today

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 44682
2015-03-11 17:58:47 +00:00
Jo-Philipp Wich
b977134dc7 uhttpd: relay stderr to syslog
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 44548
2015-02-26 13:44:05 +00:00
Jo-Philipp Wich
a7c27877e2 uhttpd: fix another remaining relro issue in the Lua plugin
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 44143
2015-01-25 20:43:17 +00:00
Jo-Philipp Wich
634c8c215c uhttpd: fix time_t type mismatch on 32bit systems
The previous update introducing LFS support unconditionally changed the
sprintf() pattern used to print the file modification time to use PRIx64.

Explicitely convert the st_mtime member of the stat struct to uint64_t in
order to avoid type mismatch errors when building for non-64bit targets.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 44138
2015-01-25 17:59:08 +00:00
Jo-Philipp Wich
b82bd94b62 uhttpd: fix crash with enabled relro, memory leak in dirlists and lfs
* Fix the ubus plugin to not make its uhttpd_plugin entry symbol
   constant as uhttpd needs to modify its list_head member
 * Make sure that uhttpd supports large files by using 64bit ints
   where appropriate and by passing _FILE_OFFSET_BITS=64 to the build
 * Plug a possible memleak in the directory listing code

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 44135
2015-01-25 17:23:26 +00:00
John Crispin
74a3a77bcd license info - revert r43155
turns out that r43155 adds duplicate info.

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 43167
2014-11-03 09:56:44 +00:00
John Crispin
c10d97484a Add more license tags with SPDX identifiers
Note, that licensing stuff is a nightmare: many packages does not clearly
state their licenses, and often multiple source files are simply copied
together - each with different licensing information in the file headers.

I tried hard to ensure, that the license information extracted into the OpenWRT's
makefiles fit the "spirit" of the packages, e.g. such small packages which
come without a dedicated source archive "inherites" the OpenWRT's own license
in my opinion.

However, I can not garantee that I always picked the correct information
and/or did not miss license information.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>

SVN-Revision: 43155
2014-11-03 08:01:08 +00:00
Steven Barth
bec9d38fa4 Add a few SPDX tags
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43151
2014-11-02 12:20:54 +00:00
Jo-Philipp Wich
ba48074622 uhttpd: fix HTTP incompatibilities in file handler
* Fixes sending an extraneous message body for 204 and 304 resoponses which
   breaks Chrome in keep-alive mode.

 * Adds mimetypes for JSON and JSONP.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 43078
2014-10-27 10:25:07 +00:00
Jo-Philipp Wich
730589281e uhttpd: do not configure TLS parameters if libustream-ssl is not present
A quite frequent problem after sysupgrading from an older, SSL enabled build
is that ustream-ssl is not installed so uhttpd fails to come up again due to
https listening directives in the preserved configuration.

Skip key/cert and ssl listen options when libustream-ssl.so is not present.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 42284
2014-08-25 12:39:34 +00:00
Steven Barth
e50f3b4fc7 uhttpd: also bind to IPv6 by default
SVN-Revision: 41114
2014-06-11 12:11:55 +00:00
Felix Fietkau
6de020d241 uhttpd: update to the latest version, fixes musl compile issues
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 41057
2014-06-09 13:47:40 +00:00
Felix Fietkau
bddbcdfc1a uhttpd: update to the latest version, fixes cgi path handling issues
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 40743
2014-05-09 11:17:42 +00:00
Felix Fietkau
abd13cd85b uhttpd: update to latest version, improves cgi path handling
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 40005
2014-03-22 19:38:48 +00:00
Felix Fietkau
9138e8015e uhttpd: update to latest version, fixes HEAD requests to CGI scripts
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 40003
2014-03-21 20:49:56 +00:00
Felix Fietkau
5143157af8 uhttpd: update to the latest version, fixes crashes in the ubus plugin
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 38888
2013-11-21 21:52:24 +00:00
Jo-Philipp Wich
8a1d77efed uhttpd: return after processing -d switch, only set ubus prefix if not already defined
SVN-Revision: 38743
2013-11-11 19:14:01 +00:00
John Crispin
9f3b161a57 uhttp: make sure that the ubus module is loaded when when installed
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 38723
2013-11-11 12:18:58 +00:00
Felix Fietkau
f8ee248701 uhttpd: add a config option for using ustream-polarssl, and use it by default
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 38250
2013-09-29 11:26:09 +00:00
Jo-Philipp Wich
c3cc912ed9 uhttpd: udpat to git head
- fixes buffer corruption with JSON-RPC list calls
	- change JSON-RPC protocol to include the session ID into the call
	  attributes instead of passing it via the URL
	- forcibly pass effective session ID as "ubus_rpc_session" attribute
	  to called procedures
	- change ubus acl checking to conform with new ubus session namespace

SVN-Revision: 37962
2013-09-13 13:24:45 +00:00
Felix Fietkau
719adb6471 uhttpd: update to the latest version, fixes a crash on early cgi/lua process termination
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 37628
2013-07-31 22:07:09 +00:00
Felix Fietkau
8faa8a6420 uhttpd: update to latest version, fixes issues with POST and keep-alive (#13940)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 37556
2013-07-26 10:03:07 +00:00