CHANGES revision 1.27
11.27Smrg$NetBSD: CHANGES,v 1.27 2018/11/20 01:06:46 mrg Exp $ 21.26Smrg 31.26Smrgchanges in bozohttpd 20181118: 41.26Smrg o add url remap support via .bzremap file, from martin@netbsd.org 51.26Smrg o handle redirections for any protocol, not just http: 61.26Smrg o fix a denial of service attack against header contents, which 71.27Smrg is now bounded at 16KiB. reported by JP 81.27Smrg o reduce default timeouts, and add expand timeouts to handle the 91.27Smrg initial line, each header, and the total time spent 101.27Smrg o add -T option to expose new timeout settings 111.27Smrg o minor RFC fixes related to timeout handling 121.25Smrg 131.25Smrgchanges in bozohttpd 20170201: 141.25Smrg o fix an infinite loop in cgi processing 151.25Smrg o fixes and clean up for the testsuite 161.25Smrg o no longer sends encoding header for compressed formats 171.11Smrg 181.23Sagcchanges in bozohttpd 20160517: 191.25Smrg o add a bozo_get_version() function which returns the version number 201.23Sagc 211.22Smrgchanges in bozohttpd 20160415: 221.22Smrg o add search-word support for CGI 231.22Smrg o fix a security issue in CGI suffix handler support which would 241.22Smrg allow remote code execution, from shm@netbsd.org 251.22Smrg o -C option supports now CGI scripts only 261.22Smrg 271.21Sshmchanges in bozohttpd 20151028: 281.21Sshm o add CGI support for ~user translation (-E switch) 291.21Sshm o add redirects to ~user translation 301.21Sshm o fix bugs around ~user translation 311.21Sshm o add schema detection for absolute redirects 321.21Sshm o fixed few memory leaks 331.21Sshm o bunch of minor tweaks 341.21Sshm o removed -r support 351.21Sshm o smarter redirects 361.21Sshm 371.20Smrgchanges in bozohttpd 20150320: 381.20Smrg o fix redirection handling 391.20Smrg o support transport stream (.ts) and video object (.vob) files 401.20Smrg o directory listings show correct file sizes for large files 411.20Smrg 421.19Smrgchanges in bozohttpd 20140717: 431.20Smrg o properly handle SSL errors 441.19Smrg 451.18Smrgchanges in bozohttpd 20140708: 461.18Smrg o fixes for virtual host support, from rajeev_v_pillai@yahoo.com 471.18Smrg o avoid printing double errors, from shm@netbsd.org 481.18Smrg o fix a security issue in basic HTTP authentication which would allow 491.18Smrg authentication to be bypassed, from shm@netbsd.org 501.18Smrg 511.15Smrgchanges in bozohttpd 20140201: 521.16Smrg o support .svg files 531.15Smrg o fix a core dump when requests timeout 541.15Smrg 551.15Smrgchanges in bozohttpd 20140102: 561.14Smrg o update a few content types 571.14Smrg o add support for directly calling lua scripts to handle 581.14Smrg processes, from mbalmer@netbsd.org 591.13Smrg o properly escape generated HTML 601.13Smrg o add authentication for redirections, from martin@netbsd.org 611.13Smrg o handle chained ssl certifications, from elric@netbsd.org 621.13Smrg o add basic support for gzipped files, from elric@netbsd.org 631.12Smrg o properly escape generated URIs 641.12Smrg 651.15Smrgchanges in bozohttpd 20111118: 661.11Smrg o add -P <pidfile> option, from jmmv@netbsd.org 671.11Smrg o avoid crashes with http basic auth, from pooka@netbsd.org 681.11Smrg o add support for REDIRECT_STATUS variable, from tls@netbsd.org 691.11Smrg o support .mp4 files in the default map 701.11Smrg o directory indexes with files with : are now displayed properly, from 711.11Smrg reed@netbsd.org 721.11Smrg o allow -I option to be useful in non-inetd mode as well 731.9Smrg 741.15Smrgchanges in bozohttpd 20100920: 751.9Smrg o properly fully disable multi-file mode for now 761.9Smrg o fix the -t and -U options when used without the -e option, broken since 771.9Smrg the library-ifcation 781.9Smrg o be explicit that logs go to the FTP facility in syslog 791.10Smrg o use scandir() with alphasort() for sorted directory lists, from moof 801.10Smrg o fix a serious error in vhost handling; "Host:.." would allow access to 811.10Smrg the next level directory from the virtual root directory, from seanb 821.10Smrg o fix some various non standard compile time errors, from rudolf 831.10Smrg o fix dynamic CGI content maps, from rudolf 841.7Smrg 851.15Smrgchanges in bozohttpd 20100617: 861.7Smrg o fix some compile issues 871.8Smrg o fix SSL mode. from rtr 881.8Smrg o fix some cgi-bin issues, as seen with cvsweb 891.8Smrg o disable multi-file daemon mode for now, it breaks 901.8Smrg o return 404's instead of 403's when chdir of ~user dirs fail 911.8Smrg o remove "noreturn" attribute from bozo_http_error() that was 921.8Smrg causing incorrect runtime behaviour 931.6Smrg 941.15Smrgchanges in bozohttpd 20100509: 951.6Smrg o major rework and clean up of internal interfaces. move the main 961.6Smrg program into main.c, the remaining parts are useable as library. 971.6Smrg add bindings for lua. by Alistair G. Crooks <agc@netbsd.org> 981.6Smrg o fix http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566325 991.4Smrg 1001.15Smrgchanges in bozohttpd 20090522: 1011.4Smrg o avoid dying in daemon mode for some uncommon, but recoverable, errors 1021.4Smrg o close leaking file descriptors for CGI and daemon mode 1031.4Smrg o handle poll errors properly 1041.4Smrg o don't try to handle more than one request per process yet 1051.5Smrg o add subdirs for build "debug" and "small" versions 1061.5Smrg o clean up a bad merge / duplicate code 1071.5Smrg o make mmap() usage portable, fixes linux & ranges: support 1081.5Smrg o document the -f option 1091.5Smrg o daemon mode now serves 6 files per child 1101.3Smrg 1111.15Smrgchanges in bozohttpd 20090417: 1121.3Smrg o make bozohttpd internally more modular, preparing the way 1131.3Smrg to handle more than one request per process 1141.3Smrg o fix http-auth, set $REMOTE_USER not $REMOTEUSER. also fix 1151.3Smrg cgi-bin with cvsweb, from Holger Weiss <holger@CIS.FU-Berlin.DE> 1161.3Smrg o fix an uninitialised variable use in daemon mode 1171.3Smrg o fix ssl mode with newer OpenSSL 1181.3Smrg o mmap large files in manageable sizes so we can serve any size file 1191.3Smrg o refactor url processing to handle query strings correctly for CGI 1201.3Smrg from Sergey Katsev at Coyote Point 1211.3Smrg o add If-Modified-Since support, from Joerg Sonnenberger 1221.3Smrg <joerg@netbsd.org> 1231.3Smrg o many more manual fixes, from NetBSD 1241.3Smrg 1251.15Smrgchanges in bozohttpd 20080303: 1261.3Smrg o fix some cgi header processing, from <thelsdj@gmail.com> 1271.3Smrg o add simple Range: header processing, from <bad@bsd.de> 1281.3Smrg o man page fixes, from NetBSD 1291.3Smrg o clean up various parts, from NetBSD 1301.3Smrg 1311.15Smrgchanges in bozohttpd 20060710: 1321.3Smrg o prefix some function names with "bozo" 1331.3Smrg o align directory indexing <hr> markers 1341.3Smrg o clean up some code GCC4 grumbled about 1351.1Stls 1361.15Smrgchanges in bozohttpd 20060517: 1371.1Stls o don't allow "/.." or "../" files 1381.1Stls o don't write ":80" into urls for the http port 1391.1Stls o fix a fd leak when fork() fails 1401.1Stls o make directory indexing mode not look so ugly 1411.1Stls o build a text version of the manual page 1421.1Stls o make "make clean" work properly 1431.1Stls 1441.15Smrgchanges in bozohttpd 20050410: 1451.1Stls o fix some off-by-one errors from <roland.illig@gmx.de> 1461.1Stls o properly support nph- CGI 1471.1Stls o make content maps case insensitive 1481.1Stls o fix proto header merging to include the missing comma 1491.1Stls o major source reorganisation; most features are in separate files now 1501.1Stls o new -V flag that makes unknown virtualhosts use slashdir 1511.1Stls from <rumble@ephemeral.org> 1521.1Stls o HTTP/1.x protocol headers are now properly merged for CGI 1531.1Stls 1541.15Smrgchanges in bozohttpd 20040808: 1551.1Stls o CGI status is now properly handled (-a flag has been removed) 1561.1Stls o CGI file upload support works 1571.1Stls o %xy translations are no longer ever applied after the first '?', 1581.1Stls ala RFC2396. from lukem 1591.1Stls o daemon mode (-b) should no longer hang spinning forever if it 1601.1Stls sees no children. from lukem 1611.1Stls o new .bzabsredirect file support. from <martin@netbsd.org> 1621.1Stls o return a 404 error if we see %00 or %2f (/) 1631.1Stls o don't print 2 "200" headers for CGI 1641.1Stls o support .torrent files 1651.1Stls 1661.15Smrgchanges in bozohttpd 20040218: 1671.1Stls o new .bzredirect file support for sane directory redirection 1681.1Stls o new -Z option that enables SSL mode, from <rtr@eterna.com.au> 1691.1Stls o the -C option has been changed to take two explicit options, rather 1701.1Stls than a single option with a space separating the suffix and the 1711.1Stls interpreter. ``-C ".foo /path/to/bar"'' should now be written 1721.1Stls as ``-C .foo /path/to/bar'' 1731.1Stls o the -M option has been changed like -C and no longer requires or 1741.1Stls supports a single argument with space-separated options 1751.1Stls o with -a, still print the 200 OK. from <rtr@eterna.com.au> 1761.1Stls o with -r, if a .bzdirect file appears in a directory, allow direct 1771.1Stls access to this directory 1781.1Stls 1791.15Smrgchanges in bozohttpd 20031005: 1801.1Stls o fixes for basic authorisation. from <ecu@ipv42.net> 1811.1Stls o always display file size in directory index mode 1821.1Stls o add .xbel, .xml & .xsl -> text/xml mappings. from 1831.1Stls <wiz@danbala.ifoer.tuwien.ac.at> 1841.1Stls 1851.15Smrgchanges in bozohttpd 20030626: 1861.1Stls o fix a recent core dump when given no input 1871.1Stls o add new -r flag that ensures referrer is set to this host 1881.1Stls o fix several compile time errors with -DNO_CGIBIN_SUPPORT 1891.1Stls o fix some man page details. from lukem@wasabisystems.com 1901.1Stls o re-add a missing memset(), fixing a core dump. from lukem 1911.1Stls o support HTTP basic authorisation, disabled by default. from lukem 1921.1Stls o print the port number in redirects and errors. from lukem 1931.1Stls o only syslog the basename of the program. from lukem 1941.1Stls o add __attribute__() format checking. from lukem 1951.1Stls o fix cgibin SCRIPT_NAME to have a leading /. from zakj@nox.cx 1961.1Stls o simplify some code in -C to avoid a core dump. from lukem 1971.1Stls o add a .css -> css/text entry to the content_map[]. from zakj@nox.cx 1981.1Stls 1991.15Smrgchanges in bozohttpd 20030409: 2001.1Stls o -d without DEBUG enabled only prints one warning and continues 2011.1Stls o one can now define the C macro SERVER_SOFTWARE when building to 2021.1Stls change the Server: header and CGI variable of the same name 2031.1Stls o add new -s flag the force logging output to stderr. from zakj@nox.cx 2041.1Stls o add new -a flag for CGI bin that stops bozohttpd from outputting 2051.1Stls any HTTP reply, the CGI program must output these. from zakj@nox.cx 2061.1Stls o new REQUEST_URI and DATE_GMT environment variables for CGI. from 2071.1Stls zakj@nox.cx 2081.1Stls o add a "Makefile.boot" that should work with any make program 2091.1Stls o build on linux again 2101.1Stls o fix core dumps when using -C 2111.1Stls 2121.15Smrgchanges in bozohttpd 20030313: 2131.1Stls o deprecate -r flag; make this the default and silently ignore -r now 2141.1Stls o add support for file extentions to call CGI programs (from lukem) 2151.1Stls o add dynamic support to add new content map entries, allowing both 2161.1Stls new file types and non /cgi-bin CGI programs to be run with the 2171.1Stls new -C "suffix cgihandler" and -M "suffix type encoding encoding11" 2181.1Stls options 2191.1Stls o in -b mode, set the http date after accept() returns, not before we 2201.1Stls call accept() 2211.1Stls o in -b mode, bind all addresses found not just the first one 2221.1Stls o unsupport old hostname API 2231.1Stls o in -b mode, set the SO_REUSEADDR socket option (lukem) 2241.1Stls o allow -x (index.html) mode to work with CGI handlers 2251.1Stls 2261.15Smrgchanges in bozohttpd 20021106: 2271.1Stls o add .bz2 support 2281.1Stls o properly escape <, > and & in error messages, partly from 2291.1Stls Nicolas Jombart <ecu@mariejeanne.net> 2301.1Stls o new -H flag to hide .* files in directory index mode 2311.1Stls o fix buffer reallocation when parsing a request, to avoid 2321.1Stls overflowing the buffer with carriage returns (\r) 2331.1Stls o do not decode "%XY"-style cgi-bin data beyond the "?" 2341.1Stls 2351.15Smrgchanges in bozohttpd 5.15 (20020913): 2361.1Stls o add .ogg support -> `application/x-ogg' 2371.1Stls o fix CGI requests with "/" in the query part 2381.1Stls 2391.15Smrgchanges in bozohttpd 5.14 (20020823): 2401.1Stls o allow -X mode to work for "/" 2411.1Stls o work on systems without MADV_SEQUENTIAL 2421.1Stls o make a local cut-down copy of "queue.h" (fixes linux & solaris 2431.1Stls support at the very least) 2441.1Stls o portability fixes for pre-ipv6 socket api systems (eg, solaris 7) 2451.1Stls o portability fixes for missing _PATH_DEFPATH, LOG_FTP and __progname 2461.1Stls o better documentation on virtual host support 2471.1Stls 2481.15Smrgchanges in bozohttpd 5.13 (20020804): 2491.1Stls o support .mp3 files (type audio/mpeg) 2501.1Stls o use stat() to find out if something is a directory, for -X mode 2511.1Stls 2521.15Smrgchanges in bozohttpd 5.12 (20020803): 2531.1Stls o constification 2541.1Stls o fixes & enhancements for directory index mode (-X) 2551.1Stls 2561.15Smrgchanges in bozohttpd 5.11 (20020730): 2571.1Stls o more man page fixes from Thomas Klausner 2581.1Stls <wiz@danbala.ifoer.tuwien.ac.at> 2591.1Stls o de-K&R C-ification 2601.1Stls o fix Date: header for daemon mode 2611.1Stls o fix core dump when asking for /cgi-bin/ when CGI isn't configured 2621.1Stls o use a valid Server: header 2631.1Stls 2641.15Smrgchanges in bozohttpd 5.10 (20020710): 2651.1Stls - add freebsd support 2661.1Stls - fix a couple of header typos 2671.1Stls - many cgi-bin fixes from lukem@netbsd.org 2681.1Stls - add -T chrootdir and -U user, plus several minor other cleanups 2691.1Stls with signals and return values. from xs@kittenz.org 2701.1Stls - add -e that does not clear the environment for -T/-U 2711.1Stls - fix a formatting error noticed by ISIHARA Takanori <ishit@oak.dti.ne.jp> 2721.1Stls 2731.15Smrgchanges in bozohttpd 5.09 (20010922): 2741.1Stls - add a daemon mode 2751.1Stls - document how to use bozohttpd in netbsd inetd with more than 40 2761.1Stls connections per minute and also with cgibin 2771.1Stls - man page fixes from wiz@netbsd.org 2781.1Stls 2791.15Smrgchanges in bozohttpd 5.08 (20010812): 2801.1Stls - add directory index generation support (-X) from ad@netbsd.org 2811.1Stls - add .pa as an alias for .pac 2821.1Stls - make server software version configurable (RFC) 2831.1Stls 2841.15Smrgchanges in bozohttpd 5.07 (20010610): 2851.1Stls - add .png support 2861.1Stls - new "-x index.html" flag to change default file 2871.1Stls - new "-p public_html" flag to change default ~user directory 2881.1Stls - fixes cgi-bin support and more from chuck@research.att.com 2891.1Stls - add many new content-types, now support most common ones 2901.1Stls 2911.15Smrgchanges in bozohttpd 5.06 (20000825): 2921.1Stls - add IPv6 suppor from itojun@iijlab.net 2931.1Stls - man page fixes from jlam@netbsd.org 2941.1Stls 2951.15Smrgchanges in bozohttpd 5.05 (20000815): 2961.1Stls - fix a virtual host bug, from kleink@netbsd.org 2971.1Stls 2981.15Smrgchanges in bozohttpd 5.04 (20000427): 2991.1Stls - fix virtual host support; URI takes precedence over Host: 3001.1Stls 3011.15Smrgchanges in bozohttpd 5.03 (20000427): 3021.1Stls - fix a bug with chdir() 3031.1Stls 3041.15Smrgchanges in bozohttpd 5.02 (20000426): 3051.1Stls - .pac spport from simonb 3061.1Stls 3071.15Smrgchanges in bozohttpd 5.01 (20000421): 3081.1Stls - .swf support 3091.1Stls - virtual hosting support 310