Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Commits on May 16, 2023

  1. Add SQLite MIME type

    sudnam authored and vinoski committed May 16, 2023

Commits on Mar 9, 2023

Commits on Feb 14, 2023

  1. Add .gitattributes

    vinoski committed Feb 14, 2023

Commits on Feb 8, 2023

  1. Prevent CRLF injections in redirects

    Redirect mappings specified in configuration are subject to CRLF
    injections, where the path to be redirected to on another domain is
    copied in the Location header, including unencoded \r and \n
    characters. This could lead to unwanted headers being added in the
    server reply, for example, a Set-cookie directive.
    
    Example in conf:
    
    <server domain1>
     <redirect>
      / = 301 https://domain2
     </redirect>
    </server>
    
    Now, going to
    
    https://domain1/%0D%0ASet-Cookie:crlfinjection=crlfinjection
    
    would generate this reply:
    
    HTTP 1.1 301 Moved Permanently
    Location: https://domain2/
    Set-Cookie: crlfinjection=crlfinjection
    ...
    
    Encode \r and \n characters as normal characters to prevent injection.
    Nico authored and vinoski committed Feb 8, 2023
  2. Fix ubuntu version in github action

    Specify ubuntu-20.04 so we can test all the Erlang/OTP versions that
    Yaws supports.
    vinoski committed Feb 8, 2023

Commits on Nov 14, 2022

  1. Fix workflow for Node 16

    vinoski committed Nov 14, 2022
  2. Regenerate TLS snakeoil cert

    The erlang emulator complains about not having enough security when
    using the TLS snakeoil (i.e. self-signed) cert shipped. This is because
    SHA-1 is used for signing algorithm. Nothing in the TLS standard states
    that it shouldn't be allowed, but the erlang emulator doesn't allow it.
    
    The TLS snakeoil cert is regenerated using SHA-256 as signing algorithm.
    avtobiff authored and vinoski committed Nov 14, 2022

Commits on Sep 23, 2022

Commits on Sep 1, 2022

  1. Add erlyaws-list mailing list link

    Also add a link to the mailing list archives, and remove Klacke's
    contact info (he retired a few years ago).
    vinoski committed Sep 1, 2022

Commits on Aug 16, 2022

  1. Make all erlang files UTF-8

    All the Erlang versions that are currently supported by yaws,
    default to UTF-8 files. This converts the couple comments that
    were encoded in Latin-1 to UTF-8 and removes the coding comments.
    michalmuskala authored and vinoski committed Aug 16, 2022

Commits on Jun 14, 2022

  1. applications/yapp: Update edoc

    Fix warnings using deprecated @SPEC and @type edoc tags.
    avtobiff authored and vinoski committed Jun 14, 2022

Commits on Jun 11, 2022

  1. Inline hardcoding of some automake variables for deterministic build

    Putting various automake variables in the examples.mk include file
    includes the build path. This makes the build non-deterministic.
    
    Running diffoscope reports that the files www/code/Makefile and
    www/shoppingcart/Makefile, differ between two different installation
    directories because of this.
    
    Inline and hardcode these automake variables to enable deterministic
    builds.
    avtobiff authored and vinoski committed Jun 11, 2022

Commits on May 21, 2022

  1. Add support for OTP 25.0

    Yaws supports 3 major OTP versions, so now that OTP 25.0 has been
    released, change our minimum supported OTP release to 22.0. Fix
    configure.ac and rebar.config to enforce this. Fix the README files
    and yaws.tex to document this.
    
    Add 25.0 to the github workflow matrix. Also add missing point
    releases for versions 22 and 23.
    vinoski committed May 21, 2022

Commits on Apr 6, 2022

  1. Drop stacktrace polyfill

    Yaws requires OTP 21.3 - the Class:Reason:Stack syntax was introduced in
    OTP 21, thus the macro filling in for compatibility with older versions
    is no longer needed and can be removed.
    michalmuskala committed Apr 6, 2022

Commits on Mar 16, 2022

  1. Fix README to drop rebar references

    In README.md, drop references to rebar and replace them with
    rebar3. Also note that rebar3 currently works only with the
    rebar3-support branch.
    vinoski committed Mar 16, 2022
  2. Move to python3

    Since python 2.x is no longer supported, and since MacOS 12.3 has
    fully dropped python 2.x, switch uses of python to python3.
    vinoski committed Mar 16, 2022

Commits on Mar 11, 2022

Commits on Feb 27, 2022

  1. Disable urldecode for JSON-RPC

    None of the popular JSON-RPC clients apply urlencode to the produced JSON
    request. Consequently, any method parameter that contains percent symbol will be
    either decoded to a wrong value or, more often, will cause request handling
    failure.
    Vladislav Glinsky authored and vinoski committed Feb 27, 2022

Commits on Feb 4, 2022

  1. Pick up some rebar3 fixes from rebar3-support

    The rebar3-support branch is still the only current way to build Yaws
    with rebar3, but these changes fix some obvious problems.
    vinoski committed Feb 4, 2022
  2. Bumped version to 2.1.1

    vinoski committed Feb 4, 2022
  3. Add a new known dialyzer warning

    Dialyzer complains about the yaws_config not being able to match the
    atom 'undefined' when it calls yaws_generated functions; this is
    because yaws_generated is generated code, as its name implies, so it
    handles constants as if they were variables. Ignore this complaint by
    adding it to known_dialyzer_warnings.
    
    Also in known_dialyzer_warnings, augment each regular expression to
    optionally match a column number.
    vinoski committed Feb 4, 2022

Commits on Jan 31, 2022

  1. Fix handling of SOURCE_DATE_EPOCH

    If no SOURCE_DATE_EPOCH is specified via configure, then it can't be
    set as an environment variable in doc/Makefile.am build rules. Change
    the build rules to check if SOURCE_DATE_EPOCH is non-empty and use it
    if so, otherwise leave it out of the commands.
    
    Also fix verbosity for make in doc/Makefile.am. If V=1 is passed on
    the make command line, echo the build commands, otherwise echo
    abbreviated commands. Special handling is needed because of the "if"
    commands in the build rules have echo unconditionally disabled via @.
    vinoski committed Jan 31, 2022

Commits on Jan 24, 2022

  1. Reenable warnings as errors

    The -Werror "warnings as errors" option was disabled some time ago due
    to the deprecated ssl:cipher_suites/0 function. This was fixed awhile
    ago, so reenable -Werror.
    vinoski committed Jan 24, 2022

Commits on Jan 23, 2022

  1. Create a deterministic build environment

    Enable reproducible builds with a deterministic build environment.
    
    * Let configure set +debug_info/+deterministic and SOURCE_DATE_EPOCH
    
      New options to ./configure:
    
        --enable-deterministic-build
    
        --with-source-date-epoch=EPOCH
    
      The ./configure script also understands the following two
      environment variables:
    
        YAWS_DETERMINISTIC_BUILD
    
        SOURCE_DATE_EPOCH
    
      Configuring with either the ./configure options or setting the
      enviroment variables before running autoconf and configure will
      enable a deterministic build.
    
      A deterministic build sets the erlc flag +deterministic instead of
      +debug_info and also sets the DETERMINISTIC macro.
    
      When configuring a deterministic build, several scripts and
      Makefiles are generated with predefined values; notably include.mk
      and scripts/gen-yaws-generated are now generated by ./configure.
    
    * If YAWS_DETERMINISTIC_BUILD is set, set the +deterministic compiler
      flag.
    
      But remove +deterministic when building tests, as the *_SUITE_data
      directories will not be handled correctly if +deterministic is
      used. When the beam files are built once, they will try to rebuild
      on the next make invocation and it will not work. In other words, if
      the beam is built, it will be built again. This breaks the pattern
      make && make install.
    
      Add +debug_info when building tests. Prior to using +deterministic,
      this was the default, and since +deterministic isn't used for
      building tests, keep +debug_info.
    
      Set +deterministic as appropriate in rebar.config.script and
      scripts/rebar-pre-script based on YAWS_DETERMINISTIC_BUILD.
    
    * Hardcode include path in generated mime_types.erl for deterministic
      build.
    
    * Generate deterministic www/*/Makefile
    
      Several things are taken from the build environment when building,
      but they are not needed to build or use the examples, and are hence
      hardcoded or just removed.
    
      Add the examples.mk fragment to support reproducible builds in the
      examples. In it, set the SHELL variable instead of using the one
      from the environment. Omit build environment paths. Remove calls to
      ac-aux/missing and ac-aux/install-sh, as they include absolute build
      environment paths. Include examples.mk in www/code/Makefile and
      www/shoppingcart/Makefile.
    
    See #446 for more information.
    
    Signed-off-by: Steve Vinoski <vinoski@ieee.org>
    avtobiff authored and vinoski committed Jan 23, 2022

Commits on Jan 9, 2022

  1. Fix build status badge

    Replace the old Travis-CI build status badge with one for Github
    Actions.
    vinoski committed Jan 9, 2022
  2. Document reproducible builds of YAWS

    Document how to enable reproducible builds (export environment variables
    YAWS_DETERMINISTIC_BUILD and SOURCE_DATE_EPOCH when building) and what
    that entails for the build artefacts. Also note that various paths are
    included in generated files, i.e. installation prefix affects build
    artefacts, which can be mitigated by using DESTDIR.
    
    SOURCE_DATE_EPOCH is understood by pdflatex, thus setting it to the same
    Unix timestamp across builds will make yaws.pdf build deterministically.
    However, latex/dvips does not understand SOURCE_DATE_EPOCH, thus the
    generated date in the DVIPSSource comment is generated from
    SOURCE_DATE_EPOCH if set.
    
    Fixes #446
    avtobiff authored and vinoski committed Jan 9, 2022

Commits on Jan 5, 2022

  1. Add YAWS_DETERMINISTIC_BUILD env var

    To avoid embedding different paths for VARDIR and ETCDIR in the
    compiled yaws_generated.erl beam file, allow the user to set the
    environment variable YAWS_DETERMINISTIC_BUILD to any value. When
    generating yaws_generated.erl, Yaws looks for this environment
    variable and if found, it makes yaws_generated:vardir() and
    yaws_generated:etcdir() return undefined instead of pathname strings.
    vinoski committed Jan 5, 2022

Commits on Dec 22, 2021

  1. Detect externally rotated logfiles

    Currently, Yaws does not play well with an external log rotation
    mechanism (Linux logrotate or BSD newsyslog). When such an external
    program rotates a Yaws log, it will customarily move the existing log
    to a new name, open a new logfile with the old name, and (optionally)
    send a (configurable) signal to the program that writes to the log, to
    notify it to re-open the logfile.
    
    Yaws supports wrapping its logs at a given size (configuration
    variable log_wrap_size), but it does not support wrapping it in a
    time-based fashion (e.g., wrap once a day at midnight), which is why
    an external log rotator is useful.
    
    The problem is that in such a case, Yaws will continue writing to the
    old logfile. There is logic to detect that the logfile has been
    wrapped, but it does not work if the log rotator creates a new file
    in place of the old. In such case, Yaws should detect that the logfile
    it sees at the expected path is smaller than what it knows to have
    written to the log, and take that as a signal that the log has been
    wrapped.
    
    This patch adds support for just this. To make use of it, one should
    arrange for the log rotator to issue a 'yaws --hup' post rotating the
    files. This will trigger Yaws to immediately re-evaluate the
    conditions and lead to migrating to the newly opened logfile.
    Otherwise, it will take up to 10 minutes for this to happen, and Yaws
    will have been writing to the old file (via the file descriptor it is
    holding to) prior to that.
    Tom Szilagyi authored and vinoski committed Dec 22, 2021

Commits on Dec 21, 2021

  1. Fix url_encode issue

    Commit 9cd9173 introduced a problem with yaws_api:url_encode/1 that
    wasn't caught because "make check" sometimes reports success on macOS
    even when a failure occurs.
    
    Fix verified on Ubuntu and macOS.
    vinoski committed Dec 21, 2021
  2. Fix #440: handle TLSv1.3-only server

    The Erlang/OTP ssl configuration settings "secure_renegotiate" and
    "client_renegotiation" don't apply to TLS version 1.3, but Yaws sets
    both to defaults that differ from Erlang/OTP defaults and so always
    tries to include them when setting up SSL listening, which results in
    an error for servers configured for only TLSv1.3.
    
    If a server is configured for TLSv1.3 only, set secure_renegotiate and
    client_renegotiation to undefined. Also modify supported configuration
    settings for these variables to allow them to be set to true, false,
    or undefined, where the latter setting restores the Erlang/OTP
    default. Modify the documentation to describe the undefined setting.
    
    Add a new test to sconf_SUITE to verify settings in an #ssl{} record
    when a server is configured for only TLSv1.3. Note that this test is
    skipped for OTP 21.3 since it doesn't support TLSv1.3.
    vinoski committed Dec 21, 2021

Commits on Dec 16, 2021

  1. Allow colons in dir listing file references

    When encoding filenames for use as relative URLs in directory
    listings, if a file contains only colons as encoded characters, use
    the original filename prefixed with "./" as its relative URL as per
    RFC3986 section 4.2.
    vinoski committed Dec 16, 2021

Commits on Dec 15, 2021

  1. Fix jsonrpc Content-Length header value

    OTP 24.2 tightened up header checking in httpc:request calls, which
    uncovered a call in jsonrpc passing Content-Length as an integer
    rather than a string. Fix it to pass the value as a string.
    vinoski committed Dec 15, 2021
  2. Turn off parallel checks in workflow

    Running "make check" in parallel doesn't always work. Remove the "-j4"
    option so that "make check" runs serially.
    vinoski committed Dec 15, 2021
Older