diff --git a/core/busybox/APKBUILD b/core/busybox/APKBUILD
index 56b6a2a9e1268af2630e05700318130de7fdab38..688b0028fc5d054c0b19bcfde16176a47b7b2d59 100644
--- a/core/busybox/APKBUILD
+++ b/core/busybox/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=busybox
pkgver=1.14.1
-pkgrel=0
+pkgrel=1
pkgdesc="Size optimized toolbox of many common UNIX utilities"
url=http://busybox.net
license=GPL-2
@@ -11,9 +11,11 @@ source="http://busybox.net/downloads/$pkgname-$pkgver.tar.bz2
$pkgname-1.12.1-vi-path.patch
$pkgname-1.11.1-bb.patch
busybox-1.14.1-ftpd.patch
+ busybox-1.14.1-httpd.patch
busybox-1.14.1-modprobe.patch
busybox-1.14.1-telnetd.patch
bb-tar-numeric-owner.patch
+ ash.patch
$install
busyboxconfig"
@@ -47,9 +49,11 @@ md5sums="d5186821d4f4cf6017452c7c8730cf19 busybox-1.14.1.tar.bz2
f5a8ae3145aa249868c1a1abc319c228 busybox-1.12.1-vi-path.patch
4c0f3b486eaa0674961b7ddcd0c60a9b busybox-1.11.1-bb.patch
b49e33a98d7be2a52d772f3600c4aa78 busybox-1.14.1-ftpd.patch
+9bdb6b91d7dd21253b3725c84e21347e busybox-1.14.1-httpd.patch
11877bde19afe1f6e1f55d9b5c9ee900 busybox-1.14.1-modprobe.patch
9020600467cdb1a1df7df41a1ba0c6e9 busybox-1.14.1-telnetd.patch
0b5b2d7db201f90cd08f4a3164ee29a1 bb-tar-numeric-owner.patch
+fa4e7c44c423a3a42d23836d65f6e416 ash.patch
56b78c358797cd15fb64719a48939267 busybox.post-install
56b78c358797cd15fb64719a48939267 busybox.post-upgrade
6d9cd13b546d9c6063d36c0d3d963887 busyboxconfig"
diff --git a/core/busybox/ash.patch b/core/busybox/ash.patch
new file mode 100644
index 0000000000000000000000000000000000000000..9c78c10fd6b61d097f28719dabf30044b368911c
--- /dev/null
+++ b/core/busybox/ash.patch
@@ -0,0 +1,29 @@
+commit daeeceff057dd3317f1e69aebde01dd9d489d18a
+Author: Natanael Copa <natanael.copa@gmail.com>
+Date: Fri Jun 12 17:11:51 2009 +0200
+
+ Revert "ash: make dot command search current directory first, as bash does."
+
+ This reverts commit 8ad78e1ec7b2e873953f9f476fb63b5893526c39.
+
+diff --git a/shell/ash.c b/shell/ash.c
+index 3452351..b62c2cd 100644
+--- a/shell/ash.c
++++ b/shell/ash.c
+@@ -11904,16 +11904,7 @@ find_dot_file(char *name)
+ if (strchr(name, '/'))
+ return name;
+
+- /* IIRC standards do not say whether . is to be searched.
+- * And it is even smaller this way, making it unconditional for now:
+- */
+- if (1) { /* ENABLE_ASH_BASH_COMPAT */
+- fullname = name;
+- goto try_cur_dir;
+- }
+-
+ while ((fullname = padvance(&path, name)) != NULL) {
+- try_cur_dir:
+ if ((stat(fullname, &statb) == 0) && S_ISREG(statb.st_mode)) {
+ /*
+ * Don't bother freeing here, since it will
diff --git a/core/busybox/busybox-1.14.1-httpd.patch b/core/busybox/busybox-1.14.1-httpd.patch
new file mode 100644
index 0000000000000000000000000000000000000000..3395cf074c2516ff3e1cd118ab2ead135f7e088f
--- /dev/null
+++ b/core/busybox/busybox-1.14.1-httpd.patch
@@ -0,0 +1,655 @@
+diff -urpN busybox-1.14.1/include/libbb.h busybox-1.14.1-httpd/include/libbb.h
+--- busybox-1.14.1/include/libbb.h 2009-05-27 18:01:37.000000000 +0200
++++ busybox-1.14.1-httpd/include/libbb.h 2009-06-12 09:07:39.000000000 +0200
+@@ -1099,6 +1099,8 @@ const char *get_signame(int number) FAST
+ void print_signames(void) FAST_FUNC;
+
+ char *bb_simplify_path(const char *path) FAST_FUNC;
++/* Returns ptr to NUL */
++char *bb_simplify_abs_path_inplace(char *path) FAST_FUNC;
+
+ #define FAIL_DELAY 3
+ extern void bb_do_delay(int seconds) FAST_FUNC;
+diff -urpN busybox-1.14.1/libbb/simplify_path.c busybox-1.14.1-httpd/libbb/simplify_path.c
+--- busybox-1.14.1/libbb/simplify_path.c 2009-05-27 18:00:23.000000000 +0200
++++ busybox-1.14.1-httpd/libbb/simplify_path.c 2009-06-03 12:50:48.000000000 +0200
+@@ -6,22 +6,13 @@
+ *
+ * Licensed under GPLv2 or later, see file LICENSE in this tarball for details.
+ */
+-
+ #include "libbb.h"
+
+-char* FAST_FUNC bb_simplify_path(const char *path)
++char* FAST_FUNC bb_simplify_abs_path_inplace(char *start)
+ {
+- char *s, *start, *p;
++ char *s, *p;
+
+- if (path[0] == '/')
+- start = xstrdup(path);
+- else {
+- s = xrealloc_getcwd_or_warn(NULL);
+- start = concat_path_file(s, path);
+- free(s);
+- }
+ p = s = start;
+-
+ do {
+ if (*p == '/') {
+ if (*s == '/') { /* skip duplicate (or initial) slash */
+@@ -47,7 +38,22 @@ char* FAST_FUNC bb_simplify_path(const c
+ if ((p == start) || (*p != '/')) { /* not a trailing slash */
+ ++p; /* so keep last character */
+ }
+- *p = 0;
++ *p = '\0';
++ return p;
++}
++
++char* FAST_FUNC bb_simplify_path(const char *path)
++{
++ char *s, *p;
++
++ if (path[0] == '/')
++ s = xstrdup(path);
++ else {
++ p = xrealloc_getcwd_or_warn(NULL);
++ s = concat_path_file(p, path);
++ free(p);
++ }
+
+- return start;
++ bb_simplify_abs_path_inplace(s);
++ return s;
+ }
+diff -urpN busybox-1.14.1/networking/httpd.c busybox-1.14.1-httpd/networking/httpd.c
+--- busybox-1.14.1/networking/httpd.c 2009-05-27 18:00:23.000000000 +0200
++++ busybox-1.14.1-httpd/networking/httpd.c 2009-06-12 08:53:46.000000000 +0200
+@@ -32,7 +32,7 @@
+ * foo=`httpd -d $foo` # decode "Hello%20World" as "Hello World"
+ * bar=`httpd -e "<Hello World>"` # encode as "<Hello World>"
+ * Note that url encoding for arguments is not the same as html encoding for
+- * presentation. -d decodes a url-encoded argument while -e encodes in html
++ * presentation. -d decodes an url-encoded argument while -e encodes in html
+ * for page display.
+ *
+ * httpd.conf has the following format:
+@@ -54,7 +54,7 @@
+ * /adm:admin:setup # Require user admin, pwd setup on urls starting with /adm/
+ * /adm:toor:PaSsWd # or user toor, pwd PaSsWd on urls starting with /adm/
+ * .au:audio/basic # additional mime type for audio.au files
+- * *.php:/path/php # running cgi.php scripts through an interpreter
++ * *.php:/path/php # run xxx.php through an interpreter
+ *
+ * A/D may be as a/d or allow/deny - only first char matters.
+ * Deny/Allow IP logic:
+@@ -94,13 +94,13 @@
+ * server exits with an error.
+ *
+ */
++ /* TODO: use TCP_CORK, parse_config() */
+
+ #include "libbb.h"
+ #if ENABLE_FEATURE_HTTPD_USE_SENDFILE
+ # include <sys/sendfile.h>
+ #endif
+
+-//#define DEBUG 1
+ #define DEBUG 0
+
+ #define IOBUF_SIZE 8192 /* IO buffer */
+@@ -115,8 +115,8 @@
+
+ #define HEADER_READ_TIMEOUT 60
+
+-static const char default_path_httpd_conf[] ALIGN1 = "/etc";
+-static const char httpd_conf[] ALIGN1 = "httpd.conf";
++static const char DEFAULT_PATH_HTTPD_CONF[] ALIGN1 = "/etc";
++static const char HTTPD_CONF[] ALIGN1 = "httpd.conf";
+ static const char HTTP_200[] ALIGN1 = "HTTP/1.0 200 OK\r\n";
+
+ typedef struct has_next_ptr {
+@@ -242,7 +242,7 @@ struct globals {
+ const char *bind_addr_or_port;
+
+ const char *g_query;
+- const char *configFile;
++ const char *opt_c_configFile;
+ const char *home_httpd;
+ const char *index_page;
+
+@@ -289,7 +289,7 @@ struct globals {
+ #define rmt_ip (G.rmt_ip )
+ #define bind_addr_or_port (G.bind_addr_or_port)
+ #define g_query (G.g_query )
+-#define configFile (G.configFile )
++#define opt_c_configFile (G.opt_c_configFile )
+ #define home_httpd (G.home_httpd )
+ #define index_page (G.index_page )
+ #define found_mime_type (G.found_mime_type )
+@@ -452,14 +452,6 @@ static int scan_ip_mask(const char *str,
+ /*
+ * Parse configuration file into in-memory linked list.
+ *
+- * The first non-white character is examined to determine if the config line
+- * is one of the following:
+- * .ext:mime/type # new mime type not compiled into httpd
+- * [adAD]:from # ip address allow/deny, * for wildcard
+- * /path:user:pass # username/password
+- * Ennn:error.html # error page for status nnn
+- * P:/url:[http://]hostname[:port]/new/path # reverse proxy
+- *
+ * Any previous IP rules are discarded.
+ * If the flag argument is not SUBDIR_PARSE then all /path and mime rules
+ * are also discarded. That is, previous settings are retained if flag is
+@@ -469,99 +461,150 @@ static int scan_ip_mask(const char *str,
+ * path Path where to look for httpd.conf (without filename).
+ * flag Type of the parse request.
+ */
+-/* flag */
+-#define FIRST_PARSE 0
+-#define SUBDIR_PARSE 1
+-#define SIGNALED_PARSE 2
+-#define FIND_FROM_HTTPD_ROOT 3
++/* flag param: */
++enum {
++ FIRST_PARSE = 0, /* path will be "/etc" */
++ SIGNALED_PARSE = 1, /* path will be "/etc" */
++ SUBDIR_PARSE = 2, /* path will be derived from URL */
++};
+ static void parse_conf(const char *path, int flag)
+ {
++ /* internally used extra flag state */
++ enum { TRY_CURDIR_PARSE = 3 };
++
+ FILE *f;
+-#if ENABLE_FEATURE_HTTPD_BASIC_AUTH
+- Htaccess *prev;
+-#endif
+- Htaccess *cur;
+- const char *filename = configFile;
++ const char *filename;
+ char buf[160];
+- char *p, *p0;
+- char *after_colon;
+- Htaccess_IP *pip;
+
+ /* discard old rules */
+ free_Htaccess_IP_list(&ip_a_d);
+ flg_deny_all = 0;
+ /* retain previous auth and mime config only for subdir parse */
+ if (flag != SUBDIR_PARSE) {
++ free_Htaccess_list(&mime_a);
+ #if ENABLE_FEATURE_HTTPD_BASIC_AUTH
+ free_Htaccess_list(&g_auth);
+ #endif
+- free_Htaccess_list(&mime_a);
+ #if ENABLE_FEATURE_HTTPD_CONFIG_WITH_SCRIPT_INTERPR
+ free_Htaccess_list(&script_i);
+ #endif
+ }
+
++ filename = opt_c_configFile;
+ if (flag == SUBDIR_PARSE || filename == NULL) {
+- filename = alloca(strlen(path) + sizeof(httpd_conf) + 2);
+- sprintf((char *)filename, "%s/%s", path, httpd_conf);
++ filename = alloca(strlen(path) + sizeof(HTTPD_CONF) + 2);
++ sprintf((char *)filename, "%s/%s", path, HTTPD_CONF);
+ }
+
+ while ((f = fopen_for_read(filename)) == NULL) {
+- if (flag == SUBDIR_PARSE || flag == FIND_FROM_HTTPD_ROOT) {
++ if (flag >= SUBDIR_PARSE) { /* SUBDIR or TRY_CURDIR */
+ /* config file not found, no changes to config */
+ return;
+ }
+- if (configFile && flag == FIRST_PARSE) /* if -c option given */
+- bb_simple_perror_msg_and_die(filename);
+- flag = FIND_FROM_HTTPD_ROOT;
+- filename = httpd_conf;
++ if (flag == FIRST_PARSE) {
++ /* -c CONFFILE given, but CONFFILE doesn't exist? */
++ if (opt_c_configFile)
++ bb_simple_perror_msg_and_die(opt_c_configFile);
++ /* else: no -c, thus we looked at /etc/httpd.conf,
++ * and it's not there. try ./httpd.conf: */
++ }
++ flag = TRY_CURDIR_PARSE;
++ filename = HTTPD_CONF;
+ }
+
+ #if ENABLE_FEATURE_HTTPD_BASIC_AUTH
+- prev = g_auth;
+-#endif
+- /* This could stand some work */
+- while ((p0 = fgets(buf, sizeof(buf), f)) != NULL) {
+- after_colon = NULL;
+- for (p = p0; *p0 != '\0' && *p0 != '#'; p0++) {
+- if (!isspace(*p0)) {
+- *p++ = *p0;
+- if (*p0 == ':' && after_colon == NULL)
+- after_colon = p;
++ /* in "/file:user:pass" lines, we prepend path in subdirs */
++ if (flag != SUBDIR_PARSE)
++ path = "";
++#endif
++ /* The lines can be:
++ *
++ * I:default_index_file
++ * H:http_home
++ * [AD]:IP[/mask] # allow/deny, * for wildcard
++ * Ennn:error.html # error page for status nnn
++ * P:/url:[http://]hostname[:port]/new/path # reverse proxy
++ * .ext:mime/type # mime type
++ * *.php:/path/php # run xxx.php through an interpreter
++ * /file:user:pass # username and password
++ */
++ while (fgets(buf, sizeof(buf), f) != NULL) {
++ unsigned strlen_buf;
++ unsigned char ch;
++ char *after_colon;
++
++ { /* remove all whitespace, and # comments */
++ char *p, *p0;
++
++ p0 = buf;
++ /* skip non-whitespace beginning. Often the whole line
++ * is non-whitespace. We want this case to work fast,
++ * without needless copying, therefore we don't merge
++ * this operation into next while loop. */
++ while ((ch = *p0) != '\0' && ch != '\n' && ch != '#'
++ && ch != ' ' && ch != '\t'
++ ) {
++ p0++;
++ }
++ p = p0;
++ /* if we enter this loop, we have some whitespace.
++ * discard it */
++ while (ch != '\0' && ch != '\n' && ch != '#') {
++ if (ch != ' ' && ch != '\t') {
++ *p++ = ch;
++ }
++ ch = *++p0;
+ }
++ *p = '\0';
++ strlen_buf = p - buf;
++ if (strlen_buf == 0)
++ continue; /* empty line */
+ }
+- *p = '\0';
+
+- /* test for empty or strange line */
+- if (after_colon == NULL || *after_colon == '\0')
++ after_colon = strchr(buf, ':');
++ /* strange line? */
++ if (after_colon == NULL || *++after_colon == '\0')
++ goto config_error;
++
++ ch = (buf[0] & ~0x20); /* toupper if it's a letter */
++
++ if (ch == 'I') {
++ index_page = xstrdup(after_colon);
+ continue;
+- p0 = buf;
+- if (*p0 == 'd' || *p0 == 'a')
+- *p0 -= 0x20; /* a/d -> A/D */
+- if (*after_colon == '*') {
+- if (*p0 == 'D') {
+- /* memorize "deny all" */
+- flg_deny_all = 1;
+- }
+- /* skip assumed "A:*", it is a default anyway */
++ }
++
++ /* do not allow jumping around using H in subdir's configs */
++ if (flag == FIRST_PARSE && ch == 'H') {
++ home_httpd = xstrdup(after_colon);
++ xchdir(home_httpd);
+ continue;
+ }
+
+- if (*p0 == 'A' || *p0 == 'D') {
+- /* storing current config IP line */
+- pip = xzalloc(sizeof(Htaccess_IP));
+- if (scan_ip_mask(after_colon, &(pip->ip), &(pip->mask))) {
++ if (ch == 'A' || ch == 'D') {
++ Htaccess_IP *pip;
++
++ if (*after_colon == '*') {
++ if (ch == 'D') {
++ /* memorize "deny all" */
++ flg_deny_all = 1;
++ }
++ /* skip assumed "A:*", it is a default anyway */
++ continue;
++ }
++ /* store "allow/deny IP/mask" line */
++ pip = xzalloc(sizeof(*pip));
++ if (scan_ip_mask(after_colon, &pip->ip, &pip->mask)) {
+ /* IP{/mask} syntax error detected, protect all */
+- *p0 = 'D';
++ ch = 'D';
+ pip->mask = 0;
+ }
+- pip->allow_deny = *p0;
+- if (*p0 == 'D') {
++ pip->allow_deny = ch;
++ if (ch == 'D') {
+ /* Deny:from_IP - prepend */
+ pip->next = ip_a_d;
+ ip_a_d = pip;
+ } else {
+- /* A:from_IP - append (thus D precedes A) */
++ /* A:from_IP - append (thus all D's precedes A's) */
+ Htaccess_IP *prev_IP = ip_a_d;
+ if (prev_IP == NULL) {
+ ip_a_d = pip;
+@@ -575,12 +618,12 @@ static void parse_conf(const char *path,
+ }
+
+ #if ENABLE_FEATURE_HTTPD_ERROR_PAGES
+- if (flag == FIRST_PARSE && *p0 == 'E') {
++ if (flag == FIRST_PARSE && ch == 'E') {
+ unsigned i;
+- int status = atoi(++p0); /* error status code */
++ int status = atoi(buf + 1); /* error status code */
++
+ if (status < HTTP_CONTINUE) {
+- bb_error_msg("config error '%s' in '%s'", buf, filename);
+- continue;
++ goto config_error;
+ }
+ /* then error page; find matching status */
+ for (i = 0; i < ARRAY_SIZE(http_response_type); i++) {
+@@ -597,7 +640,7 @@ static void parse_conf(const char *path,
+ #endif
+
+ #if ENABLE_FEATURE_HTTPD_PROXY
+- if (flag == FIRST_PARSE && *p0 == 'P') {
++ if (flag == FIRST_PARSE && ch == 'P') {
+ /* P:/url:[http://]hostname[:port]/new/path */
+ char *url_from, *host_port, *url_to;
+ Htaccess_Proxy *proxy_entry;
+@@ -605,23 +648,20 @@ static void parse_conf(const char *path,
+ url_from = after_colon;
+ host_port = strchr(after_colon, ':');
+ if (host_port == NULL) {
+- bb_error_msg("config error '%s' in '%s'", buf, filename);
+- continue;
++ goto config_error;
+ }
+ *host_port++ = '\0';
+ if (strncmp(host_port, "http://", 7) == 0)
+ host_port += 7;
+ if (*host_port == '\0') {
+- bb_error_msg("config error '%s' in '%s'", buf, filename);
+- continue;
++ goto config_error;
+ }
+ url_to = strchr(host_port, '/');
+ if (url_to == NULL) {
+- bb_error_msg("config error '%s' in '%s'", buf, filename);
+- continue;
++ goto config_error;
+ }
+ *url_to = '\0';
+- proxy_entry = xzalloc(sizeof(Htaccess_Proxy));
++ proxy_entry = xzalloc(sizeof(*proxy_entry));
+ proxy_entry->url_from = xstrdup(url_from);
+ proxy_entry->host_port = xstrdup(host_port);
+ *url_to = '/';
+@@ -631,115 +671,87 @@ static void parse_conf(const char *path,
+ continue;
+ }
+ #endif
++ /* the rest of directives are non-alphabetic,
++ * must avoid using "toupper'ed" ch */
++ ch = buf[0];
+
+-#if ENABLE_FEATURE_HTTPD_BASIC_AUTH
+- if (*p0 == '/') {
+- /* make full path from httpd root / current_path / config_line_path */
+- const char *tp = (flag == SUBDIR_PARSE ? path : "");
+- p0 = xmalloc(strlen(tp) + (after_colon - buf) + 2 + strlen(after_colon));
+- after_colon[-1] = '\0';
+- sprintf(p0, "/%s%s", tp, buf);
+-
+- /* looks like bb_simplify_path... */
+- tp = p = p0;
+- do {
+- if (*p == '/') {
+- if (*tp == '/') { /* skip duplicate (or initial) slash */
+- continue;
+- }
+- if (*tp == '.') {
+- if (tp[1] == '/' || tp[1] == '\0') { /* remove extra '.' */
+- continue;
+- }
+- if ((tp[1] == '.') && (tp[2] == '/' || tp[2] == '\0')) {
+- ++tp;
+- if (p > p0) {
+- while (*--p != '/') /* omit previous dir */
+- continue;
+- }
+- continue;
+- }
+- }
+- }
+- *++p = *tp;
+- } while (*++tp);
++ if (ch == '.' /* ".ext:mime/type" */
++#if ENABLE_FEATURE_HTTPD_CONFIG_WITH_SCRIPT_INTERPR
++ || (ch == '*' && buf[1] == '.') /* "*.php:/path/php" */
++#endif
++ ) {
++ char *p;
++ Htaccess *cur;
+
+- if ((p == p0) || (*p != '/')) { /* not a trailing slash */
+- ++p; /* so keep last character */
++ cur = xzalloc(sizeof(*cur) /* includes space for NUL */ + strlen_buf);
++ strcpy(cur->before_colon, buf);
++ p = cur->before_colon + (after_colon - buf);
++ p[-1] = '\0';
++ cur->after_colon = p;
++ if (ch == '.') {
++ /* .mime line: prepend to mime_a list */
++ cur->next = mime_a;
++ mime_a = cur;
++ }
++#if ENABLE_FEATURE_HTTPD_CONFIG_WITH_SCRIPT_INTERPR
++ else {
++ /* script interpreter line: prepend to script_i list */
++ cur->next = script_i;
++ script_i = cur;
+ }
+- *p = ':';
+- strcpy(p + 1, after_colon);
+- }
+ #endif
+- if (*p0 == 'I') {
+- index_page = xstrdup(after_colon);
+- continue;
+- }
+-
+- /* Do not allow jumping around using H in subdir's configs */
+- if (flag == FIRST_PARSE && *p0 == 'H') {
+- home_httpd = xstrdup(after_colon);
+- xchdir(home_httpd);
+ continue;
+ }
+
+- /* storing current config line */
+- cur = xzalloc(sizeof(Htaccess) + strlen(p0));
+- strcpy(cur->before_colon, p0);
+-#if ENABLE_FEATURE_HTTPD_BASIC_AUTH
+- if (*p0 == '/') /* was malloced - see above */
+- free(p0);
+-#endif
+- cur->after_colon = strchr(cur->before_colon, ':');
+- *cur->after_colon++ = '\0';
+- if (cur->before_colon[0] == '.') {
+- /* .mime line: prepend to mime_a list */
+- cur->next = mime_a;
+- mime_a = cur;
+- continue;
+- }
+-#if ENABLE_FEATURE_HTTPD_CONFIG_WITH_SCRIPT_INTERPR
+- if (cur->before_colon[0] == '*' && cur->before_colon[1] == '.') {
+- /* script interpreter line: prepend to script_i list */
+- cur->next = script_i;
+- script_i = cur;
+- continue;
+- }
+-#endif
+ #if ENABLE_FEATURE_HTTPD_BASIC_AUTH
+-//TODO: we do not test for leading "/"??
+-//also, do we leak cur if BASIC_AUTH is off?
+- if (prev == NULL) {
+- /* first line */
+- g_auth = prev = cur;
+- } else {
+- /* sort path, if current length eq or bigger then move up */
+- Htaccess *prev_hti = g_auth;
+- size_t l = strlen(cur->before_colon);
+- Htaccess *hti;
+-
+- for (hti = prev_hti; hti; hti = hti->next) {
+- if (l >= strlen(hti->before_colon)) {
+- /* insert before hti */
+- cur->next = hti;
+- if (prev_hti != hti) {
+- prev_hti->next = cur;
+- } else {
+- /* insert as top */
+- g_auth = cur;
++ if (ch == '/') { /* "/file:user:pass" */
++ char *p;
++ Htaccess *cur;
++ unsigned file_len;
++
++ /* note: path is "" unless we are in SUBDIR parse,
++ * otherwise it does NOT start with "/" */
++ cur = xzalloc(sizeof(*cur) /* includes space for NUL */
++ + 1 + strlen(path)
++ + strlen_buf
++ );
++ /* form "/path/file" */
++ sprintf(cur->before_colon, "/%s%.*s",
++ path,
++ (int) (after_colon - buf - 1), /* includes "/", but not ":" */
++ buf);
++ /* canonicalize it */
++ p = bb_simplify_abs_path_inplace(cur->before_colon);
++ file_len = p - cur->before_colon;
++ /* add "user:pass" after NUL */
++ strcpy(++p, after_colon);
++ cur->after_colon = p;
++
++ /* insert cur into g_auth */
++ /* g_auth is sorted by decreased filename length */
++ {
++ Htaccess *auth, **authp;
++
++ authp = &g_auth;
++ while ((auth = *authp) != NULL) {
++ if (file_len >= strlen(auth->before_colon)) {
++ /* insert cur before auth */
++ cur->next = auth;
++ break;
+ }
+- break;
++ authp = &auth->next;
+ }
+- if (prev_hti != hti)
+- prev_hti = prev_hti->next;
+- }
+- if (!hti) { /* not inserted, add to bottom */
+- prev->next = cur;
+- prev = cur;
++ *authp = cur;
+ }
++ continue;
+ }
+ #endif /* BASIC_AUTH */
++
++ /* the line is not recognized */
++ config_error:
++ bb_error_msg("config error '%s' in '%s'", buf, filename);
+ } /* while (fgets) */
++
+ fclose(f);
+ }
+
+@@ -1527,11 +1539,6 @@ static NOINLINE void send_file_and_exit(
+ send_headers_and_exit(HTTP_NOT_FOUND);
+ log_and_exit();
+ }
+-
+- if (DEBUG)
+- bb_error_msg("sending file '%s' content-type: %s",
+- url, found_mime_type);
+-
+ /* If you want to know about EPIPE below
+ * (happens if you abort downloads from local httpd): */
+ signal(SIGPIPE, SIG_IGN);
+@@ -1559,6 +1566,11 @@ static NOINLINE void send_file_and_exit(
+ }
+ }
+ }
++
++ if (DEBUG)
++ bb_error_msg("sending file '%s' content-type: %s",
++ url, found_mime_type);
++
+ #if ENABLE_FEATURE_HTTPD_RANGES
+ if (what == SEND_BODY)
+ range_start = 0; /* err pages and ranges don't mix */
+@@ -2031,8 +2043,8 @@ static void handle_incoming_and_exit(con
+ /* We are done reading headers, disable peer timeout */
+ alarm(0);
+
+- if (strcmp(bb_basename(urlcopy), httpd_conf) == 0 || !ip_allowed) {
+- /* protect listing [/path]/httpd_conf or IP deny */
++ if (strcmp(bb_basename(urlcopy), HTTPD_CONF) == 0 || !ip_allowed) {
++ /* protect listing [/path]/httpd.conf or IP deny */
+ send_headers_and_exit(HTTP_FORBIDDEN);
+ }
+
+@@ -2074,7 +2086,7 @@ static void handle_incoming_and_exit(con
+ header_ptr += 2;
+ write(proxy_fd, header_buf, header_ptr - header_buf);
+ free(header_buf); /* on the order of 8k, free it */
+- /* cgi_io_loop_and_exit needs to have two disctinct fds */
++ /* cgi_io_loop_and_exit needs to have two distinct fds */
+ cgi_io_loop_and_exit(proxy_fd, dup(proxy_fd), length);
+ }
+ #endif
+@@ -2245,7 +2257,7 @@ static void mini_httpd_inetd(void)
+
+ static void sighup_handler(int sig UNUSED_PARAM)
+ {
+- parse_conf(default_path_httpd_conf, SIGNALED_PARSE);
++ parse_conf(DEFAULT_PATH_HTTPD_CONF, SIGNALED_PARSE);
+ }
+
+ enum {
+@@ -2304,7 +2316,7 @@ int httpd_main(int argc UNUSED_PARAM, ch
+ USE_FEATURE_HTTPD_AUTH_MD5("m:")
+ USE_FEATURE_HTTPD_SETUID("u:")
+ "p:ifv",
+- &configFile, &url_for_decode, &home_httpd
++ &opt_c_configFile, &url_for_decode, &home_httpd
+ USE_FEATURE_HTTPD_ENCODE_URL_STR(, &url_for_encode)
+ USE_FEATURE_HTTPD_BASIC_AUTH(, &g_realm)
+ USE_FEATURE_HTTPD_AUTH_MD5(, &pass)
+@@ -2375,7 +2387,7 @@ int httpd_main(int argc UNUSED_PARAM, ch
+ }
+ #endif
+
+- parse_conf(default_path_httpd_conf, FIRST_PARSE);
++ parse_conf(DEFAULT_PATH_HTTPD_CONF, FIRST_PARSE);
+ if (!(opt & OPT_INETD))
+ signal(SIGHUP, sighup_handler);
+