Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package darkhttpd for openSUSE:Factory checked in at 2024-02-29 21:49:38 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/darkhttpd (Old) and /work/SRC/openSUSE:Factory/.darkhttpd.new.1770 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "darkhttpd" Thu Feb 29 21:49:38 2024 rev:4 rq:1153053 version:1.16 Changes: -------- --- /work/SRC/openSUSE:Factory/darkhttpd/darkhttpd.changes 2024-01-18 21:54:34.647319905 +0100 +++ /work/SRC/openSUSE:Factory/.darkhttpd.new.1770/darkhttpd.changes 2024-02-29 21:49:46.752713143 +0100 @@ -1,0 +2,7 @@ +Wed Feb 28 23:37:03 UTC 2024 - Joshua Smith <jsmithfpv@gmail.com> + +- Version 1.16: + * Support chroot as non-root on FreeBSD 14+ + * Listen to IPv4 and IPv6 at the same time when --ipv6 is passed. + +------------------------------------------------------------------- Old: ---- v1.15.tar.gz New: ---- v1.16.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ darkhttpd.spec ++++++ --- /var/tmp/diff_new_pack.OaufMW/_old 2024-02-29 21:49:47.904755613 +0100 +++ /var/tmp/diff_new_pack.OaufMW/_new 2024-02-29 21:49:47.908755761 +0100 @@ -18,7 +18,7 @@ %define pkg_home %{_localstatedir}/lib/%{name} Name: darkhttpd -Version: 1.15 +Version: 1.16 Release: 0 Summary: When you need a web server in a hurry License: ISC ++++++ v1.15.tar.gz -> v1.16.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/darkhttpd-1.15/.gitignore new/darkhttpd-1.16/.gitignore --- old/darkhttpd-1.15/.gitignore 2024-01-18 10:37:34.000000000 +0100 +++ new/darkhttpd-1.16/.gitignore 2024-02-28 23:45:12.000000000 +0100 @@ -1,2 +1,10 @@ darkhttpd __pycache__/ +*.gcov +devel/a.out +*.gcno +devel/test.out.log +devel/test.out.stdout +devel/test.out.stderr +devel/test_make_safe_uri +devel/test_password_equal diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/darkhttpd-1.15/Makefile new/darkhttpd-1.16/Makefile --- old/darkhttpd-1.15/Makefile 2024-01-18 10:37:34.000000000 +0100 +++ new/darkhttpd-1.16/Makefile 2024-02-28 23:45:12.000000000 +0100 @@ -10,6 +10,9 @@ darkhttpd-static: darkhttpd.c $(CC) -static $(CFLAGS) $(LDFLAGS) $(LIBS) darkhttpd.c -o $@ +test: + $(MAKE) -C devel + clean: rm -f darkhttpd core darkhttpd.core darkhttpd-static darkhttpd-static.core diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/darkhttpd-1.15/README.md new/darkhttpd-1.16/README.md --- old/darkhttpd-1.15/README.md 2024-01-18 10:37:34.000000000 +0100 +++ new/darkhttpd-1.16/README.md 2024-02-28 23:45:12.000000000 +0100 @@ -23,6 +23,7 @@ * Can serve 301 redirects based on Host header. * Uses sendfile() on FreeBSD, Solaris and Linux. * Can use acceptfilter on FreeBSD. +* Can use chroot as non-root on FreeBSD 14+. * At some point worked on FreeBSD, Linux, OpenBSD, Solaris. * ISC license. * suckless.org says [darkhttpd sucks less](http://suckless.org/rocks/). @@ -174,3 +175,15 @@ ``` Enjoy. + +## How to test darkhttpd + +``` +make test +``` + +If that isn't working for you, and you're on FreeBSD, you may need to run something closer to the following: + +``` +ASAN_OPTIONS=" " PYTHON=python3.11 make test +``` diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/darkhttpd-1.15/darkhttpd.c new/darkhttpd-1.16/darkhttpd.c --- old/darkhttpd-1.15/darkhttpd.c 2024-01-18 10:37:34.000000000 +0100 +++ new/darkhttpd-1.16/darkhttpd.c 2024-02-28 23:45:12.000000000 +0100 @@ -18,7 +18,7 @@ */ static const char - pkgname[] = "darkhttpd/1.15", + pkgname[] = "darkhttpd/1.16", copyright[] = "copyright (c) 2003-2024 Emil Mikulic"; /* Possible build options: -DDEBUG -DNO_IPV6 */ @@ -71,6 +71,18 @@ #include <time.h> #include <unistd.h> +/* This is for non-root chroot support on FreeBSD 14.0+ */ +/* Must set sysctl security.bsd.unprivileged_chroot=1 to allow this. */ +#ifdef __FreeBSD__ +# if __FreeBSD_version >= 1400000 +# define HAVE_NON_ROOT_CHROOT +# endif +#endif + +#ifdef HAVE_NON_ROOT_CHROOT +#include <sys/procctl.h> +#endif + #if defined(__has_feature) # if __has_feature(memory_sanitizer) # include <sanitizer/msan_interface.h> @@ -782,7 +794,7 @@ } } -/* Initialize the sockin global. This is the socket that we accept +/* Initialize the sockin global. This is the socket that we accept * connections from. */ static void init_sockin(void) { @@ -797,7 +809,7 @@ if (inet6) { memset(&addrin6, 0, sizeof(addrin6)); if (inet_pton(AF_INET6, bindaddr ? bindaddr : "::", - &addrin6.sin6_addr) == -1) { + &addrin6.sin6_addr) != 1) { errx(1, "malformed --addr argument"); } sockin = socket(PF_INET6, SOCK_STREAM, 0); @@ -826,6 +838,18 @@ &sockopt, sizeof(sockopt)) == -1) err(1, "setsockopt(TCP_NODELAY)"); +#ifdef HAVE_INET6 + if (inet6) { + /* Listen on IPv4 and IPv6 on the same socket. */ + /* Only relevant if listening on ::, but behaves normally if */ + /* listening on a specific address. */ + sockopt = 0; + if (setsockopt(sockin, IPPROTO_IPV6, IPV6_V6ONLY, + &sockopt, sizeof (sockopt)) < 0) + err(1, "setsockopt (IPV6_V6ONLY)"); + } +#endif + #ifdef TORTURE /* torture: cripple the kernel-side send buffer so we can only squeeze out * one byte at a time (this is for debugging) @@ -2882,6 +2906,14 @@ /* security */ if (want_chroot) { + #ifdef HAVE_NON_ROOT_CHROOT + /* We run this even as root, which should never be a bad thing. */ + int arg = PROC_NO_NEW_PRIVS_ENABLE; + int error = procctl(P_PID, (int)getpid(), PROC_NO_NEW_PRIVS_CTL, &arg); + if (error != 0) + err(1, "procctl"); + #endif + tzset(); /* read /etc/localtime before we chroot */ if (chdir(wwwroot) == -1) err(1, "chdir(%s)", wwwroot); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/darkhttpd-1.15/devel/run-tests new/darkhttpd-1.16/devel/run-tests --- old/darkhttpd-1.15/devel/run-tests 2024-01-18 10:37:34.000000000 +0100 +++ new/darkhttpd-1.16/devel/run-tests 2024-02-28 23:45:12.000000000 +0100 @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # # Build a coverage-enabled darkhttpd, run unit tests and calculate coverage. # @@ -13,10 +13,21 @@ if [[ -z "$CC" ]]; then CC="$(which gcc)" fi +if [[ -z "$CC" ]]; then + CC="$(which cc)" +fi if [[ -z "$CLANG" ]]; then CLANG="$(which clang)" fi +if [[ -z "$ASAN_OPTIONS" ]]; then + ASAN_OPTIONS="detect_leaks=1" +fi + +if [[ -z "$PYTHON" ]]; then + PYTHON="python3" +fi + runtests() { if [ -e $DIR ]; then rm -rf $DIR || exit 1 @@ -33,12 +44,26 @@ # Early exit if we can't even survive usage. ./a.out >/dev/null 2>>test.out.stderr || exit 1 + echo "===> run test for binding to bogus address (IPv4)" + # Should exit immediately. + # Error is "Can't assign requested adddress" on FreeBSD and "Cannot assign requested address" on Linux. + ./a.out $DIR --port $PORT --addr 8.8.8.8 2>&1 | grep -F "t assign requested address" > /dev/null || exit 1 + + echo "===> run test for binding to bogus address (IPv6)" + # Should exit immediately. + # Error is "Can't assign requested adddress" on FreeBSD and "Cannot assign requested address" on Linux. + ./a.out $DIR --port $PORT --ipv6 --addr ::8888 2>&1 | grep -F "t assign requested address" > /dev/null || exit 1 + + echo "===> run test for binding to IPv4 when IPv6 requested" + # Should exit immediately. + ./a.out $DIR --port $PORT --ipv6 --addr 127.0.0.1 2>&1 | grep -F "malformed --addr argument" > /dev/null || exit 1 + echo "===> run tests against a basic instance (generates darkhttpd.gcda)" ./a.out $DIR --port $PORT --log test.out.log \ >>test.out.stdout 2>>test.out.stderr & PID=$! kill -0 $PID || exit 1 - python3 test.py + $PYTHON test.py kill $PID wait $PID @@ -49,7 +74,7 @@ >>test.out.stdout 2>>test.out.stderr & PID=$! kill -0 $PID || exit 1 - python3 test_forward.py + $PYTHON test_forward.py kill $PID wait $PID @@ -60,7 +85,7 @@ >>test.out.stdout 2>>test.out.stderr & PID=$! kill -0 $PID || exit 1 - python3 test_forward_all.py + $PYTHON test_forward_all.py kill $PID wait $PID @@ -69,7 +94,7 @@ >>test.out.stdout 2>>test.out.stderr & PID=$! kill -0 $PID || exit 1 - python3 test_server_id.py + $PYTHON test_server_id.py kill $PID wait $PID @@ -85,7 +110,7 @@ >>test.out.stdout 2>>test.out.stderr & PID=$! kill -0 $PID || exit 1 - python3 test_mimemap.py + $PYTHON test_mimemap.py kill $PID wait $PID @@ -94,7 +119,7 @@ >>test.out.stdout 2>>test.out.stderr & PID=$! kill -0 $PID || exit 1 - python3 test_no_listing.py + $PYTHON test_no_listing.py kill $PID wait $PID @@ -103,7 +128,7 @@ >>test.out.stdout 2>>test.out.stderr & PID=$! kill -0 $PID || exit 1 - python3 test_timeout.py + $PYTHON test_timeout.py kill $PID wait $PID @@ -116,7 +141,7 @@ >>test.out.stdout 2>>test.out.stderr & PID=$! kill -0 $PID || exit 1 - python3 test_auth.py + $PYTHON test_auth.py kill $PID wait $PID @@ -132,7 +157,7 @@ >>test.out.stdout 2>>test.out.stderr & PID=$! kill -0 $PID || exit 1 - python3 test_custom_headers.py + $PYTHON test_custom_headers.py kill $PID wait $PID @@ -141,7 +166,7 @@ >>test.out.stdout 2>>test.out.stderr & PID=$! kill -0 $PID || exit 1 - python3 test_forward_https.py + $PYTHON test_forward_https.py kill $PID wait $PID @@ -205,7 +230,7 @@ $CC -g -O2 -fprofile-arcs -ftest-coverage -fsanitize=address \ -fsanitize=undefined -fno-omit-frame-pointer -DDEBUG -DAPBUF_INIT=1 \ ../darkhttpd.c || exit 1 -(export ASAN_OPTIONS=detect_leaks=1; runtests) || { +(export ASAN_OPTIONS; runtests) || { echo "FAILED! stderr was:" echo "---" cat test.out.stderr