CHANGES revision 1.22 
1$eterna: CHANGES,v 1.78 2011/11/18 01:25:11 mrg Exp $
2
3changes in bozohttpd 20160415:
4	o  add search-word support for CGI
5	o  fix a security issue in CGI suffix handler support which would
6	   allow remote code execution, from shm@netbsd.org
7	o  -C option supports now CGI scripts only
8
9changes in bozohttpd 20151028:
10	o  add CGI support for ~user translation (-E switch)
11	o  add redirects to ~user translation
12	o  fix bugs around ~user translation
13	o  add schema detection for absolute redirects
14	o  fixed few memory leaks
15	o  bunch of minor tweaks
16	o  removed -r support
17	o  smarter redirects 
18
19changes in bozohttpd 20150320:
20	o  fix redirection handling
21	o  support transport stream (.ts) and video object (.vob) files
22	o  directory listings show correct file sizes for large files
23
24changes in bozohttpd 20140717:
25	o  properly handle SSL errors
26
27changes in bozohttpd 20140708:
28	o  fixes for virtual host support, from rajeev_v_pillai@yahoo.com
29	o  avoid printing double errors, from shm@netbsd.org
30	o  fix a security issue in basic HTTP authentication which would allow
31	   authentication to be bypassed, from shm@netbsd.org
32
33changes in bozohttpd 20140201:
34	o  support .svg files
35	o  fix a core dump when requests timeout
36
37changes in bozohttpd 20140102:
38	o  update a few content types
39	o  add support for directly calling lua scripts to handle
40	   processes, from mbalmer@netbsd.org
41	o  properly escape generated HTML
42	o  add authentication for redirections, from martin@netbsd.org
43	o  handle chained ssl certifications, from elric@netbsd.org
44	o  add basic support for gzipped files, from elric@netbsd.org
45	o  properly escape generated URIs
46
47changes in bozohttpd 20111118:
48	o  add -P <pidfile> option, from jmmv@netbsd.org
49	o  avoid crashes with http basic auth, from pooka@netbsd.org
50	o  add support for REDIRECT_STATUS variable, from tls@netbsd.org
51	o  support .mp4 files in the default map
52	o  directory indexes with files with : are now displayed properly, from
53	   reed@netbsd.org
54	o  allow -I option to be useful in non-inetd mode as well
55
56changes in bozohttpd 20100920:
57	o  properly fully disable multi-file mode for now
58	o  fix the -t and -U options when used without the -e option, broken since
59	   the library-ifcation
60	o  be explicit that logs go to the FTP facility in syslog
61	o  use scandir() with alphasort() for sorted directory lists, from moof
62	o  fix a serious error in vhost handling; "Host:.." would allow access to
63	   the next level directory from the virtual root directory, from seanb
64	o  fix some various non standard compile time errors, from rudolf
65	o  fix dynamic CGI content maps, from rudolf
66
67changes in bozohttpd 20100617:
68	o  fix some compile issues
69	o  fix SSL mode.  from rtr
70	o  fix some cgi-bin issues, as seen with cvsweb
71	o  disable multi-file daemon mode for now, it breaks
72	o  return 404's instead of 403's when chdir of ~user dirs fail
73	o  remove "noreturn" attribute from bozo_http_error() that was
74	   causing incorrect runtime behaviour
75
76changes in bozohttpd 20100509:
77	o  major rework and clean up of internal interfaces.  move the main
78	   program into main.c, the remaining parts are useable as library.
79	   add bindings for lua.  by Alistair G. Crooks <agc@netbsd.org>
80	o  fix http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566325
81
82changes in bozohttpd 20090522:
83	o  avoid dying in daemon mode for some uncommon, but recoverable, errors
84	o  close leaking file descriptors for CGI and daemon mode
85	o  handle poll errors properly
86	o  don't try to handle more than one request per process yet
87	o  add subdirs for build "debug" and "small" versions
88	o  clean up a bad merge / duplicate code
89	o  make mmap() usage portable, fixes linux & ranges: support
90	o  document the -f option
91	o  daemon mode now serves 6 files per child
92
93changes in bozohttpd 20090417:
94	o  make bozohttpd internally more modular, preparing the way
95	   to handle more than one request per process
96	o  fix http-auth, set $REMOTE_USER not $REMOTEUSER.  also fix
97	   cgi-bin with cvsweb, from Holger Weiss <holger@CIS.FU-Berlin.DE>
98	o  fix an uninitialised variable use in daemon mode
99	o  fix ssl mode with newer OpenSSL
100	o  mmap large files in manageable sizes so we can serve any size file
101	o  refactor url processing to handle query strings correctly for CGI
102	   from Sergey Katsev at Coyote Point
103	o  add If-Modified-Since support, from Joerg Sonnenberger
104	   <joerg@netbsd.org>
105	o  many more manual fixes, from NetBSD
106
107changes in bozohttpd 20080303:
108	o  fix some cgi header processing, from <thelsdj@gmail.com>
109	o  add simple Range: header processing, from <bad@bsd.de>
110	o  man page fixes, from NetBSD
111	o  clean up various parts, from NetBSD
112
113changes in bozohttpd 20060710:
114	o  prefix some function names with "bozo"
115	o  align directory indexing <hr> markers
116	o  clean up some code GCC4 grumbled about
117
118changes in bozohttpd 20060517:
119	o  don't allow "/.." or "../" files
120	o  don't write ":80" into urls for the http port
121	o  fix a fd leak when fork() fails
122	o  make directory indexing mode not look so ugly
123	o  build a text version of the manual page
124	o  make "make clean" work properly
125
126changes in bozohttpd 20050410:
127	o  fix some off-by-one errors from <roland.illig@gmx.de>
128	o  properly support nph- CGI
129	o  make content maps case insensitive
130	o  fix proto header merging to include the missing comma
131	o  major source reorganisation; most features are in separate files now
132	o  new -V flag that makes unknown virtualhosts use slashdir
133	   from <rumble@ephemeral.org>
134	o  HTTP/1.x protocol headers are now properly merged for CGI
135
136changes in bozohttpd 20040808:
137	o  CGI status is now properly handled (-a flag has been removed)
138	o  CGI file upload support works
139	o  %xy translations are no longer ever applied after the first '?',
140	   ala RFC2396.  from lukem
141	o  daemon mode (-b) should no longer hang spinning forever if it
142	   sees no children.  from lukem
143	o  new .bzabsredirect file support. from <martin@netbsd.org>
144	o  return a 404 error if we see %00 or %2f (/)
145	o  don't print 2 "200" headers for CGI
146	o  support .torrent files
147
148changes in bozohttpd 20040218:
149	o  new .bzredirect file support for sane directory redirection
150	o  new -Z option that enables SSL mode, from <rtr@eterna.com.au>
151	o  the -C option has been changed to take two explicit options, rather
152	   than a single option with a space separating the suffix and the
153	   interpreter.  ``-C ".foo /path/to/bar"'' should now be written
154	   as ``-C .foo /path/to/bar''
155	o  the -M option has been changed like -C and no longer requires or
156	   supports a single argument with space-separated options
157	o  with -a, still print the 200 OK.  from <rtr@eterna.com.au>
158	o  with -r, if a .bzdirect file appears in a directory, allow direct
159	   access to this directory
160
161changes in bozohttpd 20031005:
162	o  fixes for basic authorisation.  from <ecu@ipv42.net>
163	o  always display file size in directory index mode
164	o  add .xbel, .xml & .xsl -> text/xml mappings.  from
165	   <wiz@danbala.ifoer.tuwien.ac.at>
166
167changes in bozohttpd 20030626:
168	o  fix a recent core dump when given no input
169	o  add new -r flag that ensures referrer is set to this host
170	o  fix several compile time errors with -DNO_CGIBIN_SUPPORT
171	o  fix some man page details. from lukem@wasabisystems.com
172	o  re-add a missing memset(), fixing a core dump. from lukem
173	o  support HTTP basic authorisation, disabled by default.  from lukem
174	o  print the port number in redirects and errors. from lukem
175	o  only syslog the basename of the program. from lukem
176	o  add __attribute__() format checking. from lukem
177	o  fix cgibin SCRIPT_NAME to have a leading /.  from zakj@nox.cx
178	o  simplify some code in -C to avoid a core dump.  from lukem
179	o  add a .css -> css/text entry to the content_map[].  from zakj@nox.cx
180
181changes in bozohttpd 20030409:
182	o  -d without DEBUG enabled only prints one warning and continues
183	o  one can now define the C macro SERVER_SOFTWARE when building to
184	   change the Server: header and CGI variable of the same name
185	o  add new -s flag the force logging output to stderr. from zakj@nox.cx
186	o  add new -a flag for CGI bin that stops bozohttpd from outputting
187	   any HTTP reply, the CGI program must output these.  from zakj@nox.cx
188	o  new REQUEST_URI and DATE_GMT environment variables for CGI.  from
189	   zakj@nox.cx
190	o  add a "Makefile.boot" that should work with any make program
191	o  build on linux again
192	o  fix core dumps when using -C
193
194changes in bozohttpd 20030313:
195	o  deprecate -r flag; make this the default and silently ignore -r now
196	o  add support for file extentions to call CGI programs (from lukem)
197	o  add dynamic support to add new content map entries, allowing both
198	   new file types and non /cgi-bin CGI programs to be run with the
199	   new -C "suffix cgihandler" and -M "suffix type encoding encoding11"
200	   options
201	o  in -b mode, set the http date after accept() returns, not before we
202	   call accept()
203	o  in -b mode, bind all addresses found not just the first one
204	o  unsupport old hostname API
205	o  in -b mode, set the SO_REUSEADDR socket option (lukem)
206	o  allow -x (index.html) mode to work with CGI handlers
207
208changes in bozohttpd 20021106:
209	o  add .bz2 support
210	o  properly escape <, > and & in error messages, partly from
211	   Nicolas Jombart <ecu@mariejeanne.net>
212	o  new -H flag to hide .* files in directory index mode
213	o  fix buffer reallocation when parsing a request, to avoid
214	   overflowing the buffer with carriage returns (\r)
215	o  do not decode "%XY"-style cgi-bin data beyond the "?"
216
217changes in bozohttpd 5.15 (20020913):
218	o  add .ogg support -> `application/x-ogg'
219	o  fix CGI requests with "/" in the query part
220
221changes in bozohttpd 5.14 (20020823):
222	o  allow -X mode to work for "/"
223	o  work on systems without MADV_SEQUENTIAL
224	o  make a local cut-down copy of "queue.h" (fixes linux & solaris
225	   support at the very least)
226	o  portability fixes for pre-ipv6 socket api systems (eg, solaris 7)
227	o  portability fixes for missing _PATH_DEFPATH, LOG_FTP and __progname
228	o  better documentation on virtual host support
229
230changes in bozohttpd 5.13 (20020804):
231	o  support .mp3 files (type audio/mpeg)
232	o  use stat() to find out if something is a directory, for -X mode
233
234changes in bozohttpd 5.12 (20020803):
235	o  constification
236	o  fixes & enhancements for directory index mode (-X)
237
238changes in bozohttpd 5.11 (20020730):
239	o  more man page fixes from Thomas Klausner
240	   <wiz@danbala.ifoer.tuwien.ac.at>
241	o  de-K&R C-ification
242	o  fix Date: header for daemon mode
243	o  fix core dump when asking for /cgi-bin/ when CGI isn't configured
244	o  use a valid Server: header
245
246changes in bozohttpd 5.10 (20020710):
247	- add freebsd support 
248	- fix a couple of header typos
249	- many cgi-bin fixes from lukem@netbsd.org
250	- add -T chrootdir and -U user, plus several minor other cleanups
251	with signals and return values.  from xs@kittenz.org
252	- add -e that does not clear the environment for -T/-U
253	- fix a formatting error noticed by ISIHARA Takanori <ishit@oak.dti.ne.jp>
254
255changes in bozohttpd 5.09 (20010922):
256	- add a daemon mode
257	- document how to use bozohttpd in netbsd inetd with more than 40 
258	connections per minute and also with cgibin
259	- man page fixes from wiz@netbsd.org
260
261changes in bozohttpd 5.08 (20010812):
262	- add directory index generation support (-X) from ad@netbsd.org
263	- add .pa as an alias for .pac
264	- make server software version configurable (RFC)
265
266changes in bozohttpd 5.07 (20010610):
267	- add .png support 
268	- new "-x index.html" flag to change default file
269	- new "-p public_html" flag to change default ~user directory
270	- fixes cgi-bin support and more from chuck@research.att.com
271	- add many new content-types, now support most common ones
272
273changes in bozohttpd 5.06 (20000825):
274	- add IPv6 suppor from itojun@iijlab.net
275	- man page fixes from jlam@netbsd.org
276
277changes in bozohttpd 5.05 (20000815):
278	- fix a virtual host bug, from kleink@netbsd.org
279
280changes in bozohttpd 5.04 (20000427):
281	- fix virtual host support; URI takes precedence over Host:
282
283changes in bozohttpd 5.03 (20000427):
284	- fix a bug with chdir() 
285
286changes in bozohttpd 5.02 (20000426):
287	- .pac spport from simonb
288
289changes in bozohttpd 5.01 (20000421):
290	- .swf support 
291	- virtual hosting support 
292