| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
| |
glibc likes to do weird things (such as calling stat) when you use
fread(3) and friends, so try to use functions that are more likely to
just do a single syscall.
Also, copy over some more paranoid read/write procedures to http.
|
| |
|
|
|
|
|
|
|
| |
* buffer, pager, config: add meta-refresh value, which makes it possible
to follow http-equiv=refresh META tags.
* config: clean up redundant format mode parser
* timeout: accept varargs for params to pass on to functions
* pager: add "options" dict to JS gotoURL
* twtstr: remove redundant startsWithNoCase
|
| | |
|
| |
|
|
|
|
|
| |
Equivalent to curl --insecure.
Note: unfortunately this does not help if the server is using unsafe
legacy renegotiation, you have to allow that in the OpenSSL config.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
glibc apparently calls fstat from fread, and we didn't allow it in
seccomp. So:
* allow fstat in the sandbox; no reason not to, and it seems too big of
a footgun to assume we never call fread
* use read(2) in http; no need for buffered i/o here
|
| |
|
|
|
|
|
|
|
|
|
|
| |
pledge is a bit more fine-grained than Capsicum's capability mode,
so the buffer & http ("network") sandboxes are now split up into
two parts.
I applied the same hack as in FreeBSD for overriding the buffer
selector kqueue, because a) I didn't want to request sysctl promise
b) I'm not sure if it would even work and c) if it breaks on OpenBSD,
then it's broken on FreeBSD too, so there's a greater chance of
discovering the bug.
|
| |
|
|
| |
causes problems with header parsing
|
| |
|
|
|
|
|
|
|
|
|
| |
The empty string comparison here was in fact pointless; in cw-out.c,
libcurl only calls cwb (which is curlWriteHeader in this case) if blen
is not 0, so the string will never be empty. (Instead, it is expected
to be \r\n; I've added \n too since CGI can already parse headers like
that.)
Normally it still worked because we just passed through the line to
cgi.nim. However, it choked horribly on HTTP/2 early hints.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
It's the sandboxing system of FreeBSD. Quite pleasant to work with.
(Just trying to figure out the basics with this one before tackling the
abomination that is seccomp.)
Indeed, the only non-trivial part was getting newSelector to work with
Capsicum. Long story short it doesn't, so we use an ugly pointer cast +
assignment. But even that is stdlib's "fault", not Capsicum's.
This also gets rid of that ugly SocketPath global.
|
| |
|
|
|
|
|
| |
buffering output kind of defeats the purpose of the entire loader select
machinery
(we don't buffer streams either for the same reason)
|
| | |
|
| |
|
|
| |
also in ftp: clean up resources before exit
|
| |
|
|
|
|
|
| |
* Makefile: fix parallel build, add new binaries to install target
* twtstr: split out libunicode-related stuff to luwrap
* config: quote default gopher2html URL env var for unquote
* adapter/: get rid of types/url dependency, use CURL url in all cases
|
| | |
|
|
|
Now it is (technically) no longer mandatory to link to libcurl.
Also, Chawan is at last completely protocol and network backend
agnostic :)
* Implement multipart requests in local CGI
* Implement simultaneous download of CGI data
* Add REQUEST_HEADERS env var with all headers
* cssparser: add a missing check in consumeEscape
|