untrusted comment: signature from openbsd 6.2 base secret key
RWRVWzAMgtyg7muXnnH4b4wF8m2Nk6cTN+IJpH3FdrAHXKaCqqWl/urPPwC8GZfsyR40d0UAvAOvv3i3GoiKJlnXgHcSXNw5HAM=

OpenBSD 6.2 errata 012, April 21, 2018:

httpd can leak file descriptors when servicing range requests.

Apply by doing:
   signify -Vep /etc/signify/openbsd-62-base.pub -x 012_httpd.patch.sig \
       -m - | (cd /usr/src && patch -p0)

And then rebuild and install httpd:
   cd /usr/src/usr.sbin/httpd
   make obj
   make depend
   make
   make install

Index: usr.sbin/httpd/server_http.c
===================================================================
RCS file: /cvs/src/usr.sbin/httpd/server_http.c,v
retrieving revision 1.117
diff -u -p -r1.117 server_http.c
--- usr.sbin/httpd/server_http.c        15 May 2017 10:40:47 -0000      1.117
+++ usr.sbin/httpd/server_http.c        18 Apr 2018 09:47:29 -0000
@@ -701,6 +701,7 @@ server_read_httprange(struct bufferevent
               r->range_index++;
               break;
       case TOREAD_HTTP_NONE:
+               goto done;
       case 0:
               break;
       }

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.