eris/CHANGES

176 lines
6.4 KiB
Plaintext

fix punctuation and typo
4.4:
Also log when called from stunnel
4.3.1:
Add .webm mime type
4.3:
Very stupid CONNECT handling mechanism.
4.2:
Remove some bugs in CGI's "Status:" code (reported by Alyssa Milburn).
Make extract_header_field less fragile (reported by Alyssa Milburn).
Possibly fix fake_sendfile (reported by Alyssa Milburn).
4.1:
Fix 0.9 not detected with query_string (Alyssa Milburn).
4.0:
Fix directory traversal vulnerability (Alyssa Milburn).
3.1.4:
Have 304 (Not Modified) responses generate a log entry.
3.1.3:
Have directory indexes generate a log entry.
Remove nop -a option.
Add some accessories in contrib/
3.1.2:
Change how version is extracted from CHANGES, to deal with
build systems that set CFLAGS.
Stop hating Ryan Finnie.
3.1.1:
Restructure code to make it easier to package for Debian.
I hate you so much right now, Ryan Finnie.
3.1:
Add -. flag to disable vhosting
Support server push CGI
Handle busybox tcpsvd
Changed formatting of directory indexing
Handle read timeout
Fix if-modified-since bug with keepalive connections
Change to CGI's directory on exec
3.0:
More or less a ground-up rewrite. A few fnord parts remain
here and there.
2.0:
Replace poll with select, which is more portable and may be
slightly faster; however, it's only called for CGI and by
that point you've lost quite a bit in terms of speed
Remove Accept header parsing: it was broken and the result was
that the Accept header had no effect
Remove the .gz trick: I never used it, but I would not be averse
to adding it back if people liked it
Rename to "eris httpd" to acknowledge fork
Add regression test suite
Replace compile-time options with command-line ones
Fix segfault with directory listing of /
Replace buffer_1 and buffer_2 with stdio
Replace libowfat with libc
Add all patches from (defunct) Debian package
Fix if-modified-since date parsing
Make text content-types use charset=UTF-8
Change default content-type to application/octet-stream
Makefile no longer overrides CC and CPP from parent makes
Don't send Content-type if there's no content
New maintainer: Neale Pickett <neale@woozle.org>
1.10:
have fallback in case sendfile fails
1.9:
chdir to cgi's base dir (Kuba Winnicki)
set HTTP_ACCEPT_ENCODING environment variable (Kuba Winnicki)
We actually should export all HTTP headers as HTTP_[header]
Any takers?
Try not to send error message HTTP headers if we already sent the
headers from the CGI (Kuba Winnicki)
<ims -> <=ims (Gerrit Pape)
64-bit file I/O cleanliness
fix HTTP ranges (Joachim Berdal Haga via Gerrit Pape)
1.8:
keep current environment in CGI (Laurent Bercot)
make fnord-conf use the UID and not the user name (Fridtjof Busse)
fix typo in buffer_putulonglong (Gerrit Pape)
fix CGI POST off-by-two typo (Mark Hopf)
fix gif->png conversion (Thomas Seck)
remove == bashism from fnord-conf (Thomas Seck)
add bittorrent mime type
make authorization data available to CGIs for GET, too (Paul Jarc)
fix conversion of host name to lower case (Gerrit Pape)
add small test cgi: cgi-post.c
fix CGI POST bug (Moe Wibble)
fix CGI PATH_TRANSLATED bug (Nicolas George)
add optional authentication support (Nicolas George, see README.auth)
make sure error messages are text/html
move /. -> /: conversion before demangling so it can actually be
used as security measure for installations that don't use chroot
1.7:
add .mov and .qt for quicktime, .mpg for video/mpeg and .wav for audio/x-wav
add mmap based file serving (should do zero-copy tcp just like sendfile)
add Pragma: no-cache to CGI responses
fix (apparently not exploitable) buffer overrun in do_cgi
This bug was found by Ralf Wildenhues. To my knowledge it is
impossible to exploit this bug on any platform known to me.
fix (harmless) access to uninitialized data
1.6:
add support for $PATH_INFO in CGI environment.
add .pac for netscape proxy autoconfig
add .sig for application/pgp-signature
1.5:
fix write timeout handling (found by Lukas Beeler)
fix fnord-conf to use the symbolic account name in run script
(Sebastian D.B. Krause)
1.4:
add dangling symlink based whole-host redirection (see README). This
has the advantage that it can serve normal sites and redirect sites
on the same IP.
add support for non-TCP UCSPI environments (like ucspi-ssl). Please
get the latest version of my ucspi-tcp IPv6 patch as I violated the
UCSPI spec with all versions before 0.88-diff11.
change logging from "127.0.0.1 200 23 Links_(0.96;_Unix) none /index.html"
to "127.0.0.1 200 23 localhost Links_(0.96;_Unix) none /index.html"
(i.e. include the Host: header). Suggested by Thomas Bader.
add "immediate mode". If you give fnord a command line argument, it
will change to that directory and if no "default" directory is
given, it will assume there are no virtual hosts and serve from the
current directory. I have a shell script called "http" that does
tcpserver -RHl localhost 0 8000 /home/leitner/bin/fnord-idx .
to share some directory on my hard drive with some poor Windows
users without npoll (http://www.fefe.de/ncp/). fnord-idx is a new
target (a fnord with DIR_LIST) that is auto-built by make.
1.3:
make directory listings use non-proportional fonts (thanks, Antonio Dias)
fnord will now optionally (default: enabled) normalize the incoming
host name, i.e. "www.domain.com" -> "www.domain.com:80". That
should cut down on the number of symbolic links. ;)
remove timeout error message. fnord will not drop the connection
without error message. Mozilla used to display the error message
when the user caused another request on the connection with the
timeout.
Uwe Ohse found two more compilation problems.
1.2:
Olaf: I changed my initial CGI-interface to NOT use the filesystem but
two pipes.
Add whole-host redirect (see README)
Olaf: added directory-lists and "index.cgi" support (normal CGI only !
"nph-index.cgi" is not supported). Fixed some problematic parts in the
CGI-interface (\n -> \r\n converter for http-header and CGI crash
handling)
Fix gzip encoding bug that only happened with keep-alive
1.1:
ship with the parts from libowfat that we actually use
minor speed-up. sendfile is a drag for very small files, so those are
now sent through the same buffer the header is sent through. That
sends the whole answer in one TCP packet if you are lucky, even
without the TCP_CORK magic from Linux. Major speed-up for
benchmarks ;)
1.0:
initial release