384 lines
16 KiB
Plaintext
384 lines
16 KiB
Plaintext
$NetBSD: CHANGES,v 1.53 2022/01/04 06:08:14 kim Exp $
|
|
|
|
changes in bozohttpd 20220104:
|
|
o remove obsolete .bzdirect handling.
|
|
|
|
changes in bozohttpd 20210824:
|
|
o new "-m tlsversion" option to set the minimum TLS version
|
|
available. partially from <sunil@nimmagadda.net>.
|
|
o extend the list of available ciphers to include most of the
|
|
openssl "HIGH" with some additional disables. retain the current
|
|
list of bad options. should deal with PR#51278.
|
|
|
|
changes in bozohttpd 20210504:
|
|
o don't assume host BUFSIZ is sufficient. small BUFSIZ leads to
|
|
always happens errors in the testsuite. switch all these buffers
|
|
to be 4KiB sized. reported by embr <git@liclac.eu>
|
|
|
|
changes in bozohttpd 20210403:
|
|
o fix a denial of service attack against initial request contents,
|
|
now bounded at 16KiB. reported by Justin Parrott in PR#56085
|
|
|
|
changes in bozohttpd 20210227:
|
|
o new support for content types: .tar.bz2, .tar.xz, .tar.lz,
|
|
.tar.zst, .tbz2, .txz, .tlz, .zipx, .xz, .zst, .sz, .lz, .lzma,
|
|
.lzo, .7z, .lzo, .cab, .dmg, .jar, and .rar. should fix
|
|
netbsd PR#56026:
|
|
MIME type of .tar.xz file on ny{cdn,ftp}.NetBSD.org is invalid
|
|
|
|
changes in bozohttpd 20210211:
|
|
o fix various NULL derefs from malformed headers. mostly from
|
|
<emily@ingalls.rocks>.
|
|
o fix memory leaks in library interface: add bozo_cleanup().
|
|
|
|
changes in bozohttpd 20201014:
|
|
o also set -D_GNU_SOURCE in Makefile.boot. from
|
|
hadrien.lacour@posteo.net.
|
|
o fix array size botch (assertion, not exploitable.) from
|
|
martin@netbsd.org.
|
|
o also match %2F as well as %2f. from leah@vuxu.org.
|
|
o many manual and help fixes. clean ups for higher lint levels,
|
|
consistency/style clean ups. various option fixes including made
|
|
-f imply -b. from <henrik@gulbra.net> for freebsd.
|
|
|
|
changes in bozohttpd 20200912:
|
|
o add .m4a and .m4v file extensions.
|
|
|
|
changes in bozohttpd 20200820:
|
|
o make this work on sun2 by reducing mmap window there.
|
|
o fix SSL shutdown sequence. from spz@netbsd.org.
|
|
o add readme support to directory indexing. from jmcneill@netbsd.org
|
|
o add blocklist(8) support. from jruoho@netbsd.org.
|
|
|
|
changes in bozohttpd 20190228:
|
|
o extend timeout facility to ssl and stop servers hanging forever
|
|
if the client never sends anything. reported by Steffen in netbsd
|
|
PR#50655.
|
|
o don't display special files in the directory index. they aren't
|
|
served, but links to them are generated.
|
|
o fix CGI '+' parameter handling, some error checking, and a double
|
|
free. from rajeev_v_pillai@yahoo.com
|
|
o more directory indexing clean up. from rajeev_v_pillai@yahoo.com
|
|
|
|
changes in bozohttpd 20181215:
|
|
o fix .htpasswd bypass for authenticated users. reported by JP,
|
|
from leot@netbsd.org
|
|
o avoid possible null dereference when receiving a big request that
|
|
timeout. reported by maya@netbsd.org, from leot@netbsd.org
|
|
o fix handling of -T option, from leot@netbsd.org
|
|
o cleanups and portability improvements, from maya@netbsd.org
|
|
o change directory indexing to use html tables, from
|
|
rajeev_v_pillai@yahoo.com
|
|
|
|
changes in bozohttpd 20181125:
|
|
o fixes for option parsing introduced in bozohttpd 20181123
|
|
|
|
changes in bozohttpd 20181121:
|
|
o add url remap support via .bzremap file, from martin@netbsd.org
|
|
o handle redirections for any protocol, not just http:
|
|
o fix a denial of service attack against header contents, which
|
|
is now bounded at 16KiB. reported by JP
|
|
o reduce default timeouts, and add expand timeouts to handle the
|
|
initial line, each header, and the total time spent
|
|
o add -T option to expose new timeout settings
|
|
o minor RFC fixes related to timeout handling
|
|
o fix special file (.htpasswd, .bz*) bypass. reported by JP
|
|
|
|
changes in bozohttpd 20170201:
|
|
o fix an infinite loop in cgi processing
|
|
o fixes and clean up for the testsuite
|
|
o no longer sends encoding header for compressed formats
|
|
|
|
changes in bozohttpd 20160517:
|
|
o add a bozo_get_version() function which returns the version number
|
|
|
|
changes in bozohttpd 20160415:
|
|
o add search-word support for CGI
|
|
o fix a security issue in CGI suffix handler support which would
|
|
allow remote code execution, from shm@netbsd.org
|
|
o -C option supports now CGI scripts only
|
|
|
|
changes in bozohttpd 20151028:
|
|
o add CGI support for ~user translation (-E switch)
|
|
o add redirects to ~user translation
|
|
o fix bugs around ~user translation
|
|
o add schema detection for absolute redirects
|
|
o fixed few memory leaks
|
|
o bunch of minor tweaks
|
|
o removed -r support
|
|
o smarter redirects
|
|
|
|
changes in bozohttpd 20150320:
|
|
o fix redirection handling
|
|
o support transport stream (.ts) and video object (.vob) files
|
|
o directory listings show correct file sizes for large files
|
|
|
|
changes in bozohttpd 20140717:
|
|
o properly handle SSL errors
|
|
|
|
changes in bozohttpd 20140708:
|
|
o fixes for virtual host support, from rajeev_v_pillai@yahoo.com
|
|
o avoid printing double errors, from shm@netbsd.org
|
|
o fix a security issue in basic HTTP authentication which would allow
|
|
authentication to be bypassed, from shm@netbsd.org
|
|
|
|
changes in bozohttpd 20140201:
|
|
o support .svg files
|
|
o fix a core dump when requests timeout
|
|
|
|
changes in bozohttpd 20140102:
|
|
o update a few content types
|
|
o add support for directly calling lua scripts to handle
|
|
processes, from mbalmer@netbsd.org
|
|
o properly escape generated HTML
|
|
o add authentication for redirections, from martin@netbsd.org
|
|
o handle chained ssl certifications, from elric@netbsd.org
|
|
o add basic support for gzipped files, from elric@netbsd.org
|
|
o properly escape generated URIs
|
|
|
|
changes in bozohttpd 20111118:
|
|
o add -P <pidfile> option, from jmmv@netbsd.org
|
|
o avoid crashes with http basic auth, from pooka@netbsd.org
|
|
o add support for REDIRECT_STATUS variable, from tls@netbsd.org
|
|
o support .mp4 files in the default map
|
|
o directory indexes with files with : are now displayed properly, from
|
|
reed@netbsd.org
|
|
o allow -I option to be useful in non-inetd mode as well
|
|
|
|
changes in bozohttpd 20100920:
|
|
o properly fully disable multi-file mode for now
|
|
o fix the -t and -U options when used without the -e option, broken since
|
|
the library-ifcation
|
|
o be explicit that logs go to the FTP facility in syslog
|
|
o use scandir() with alphasort() for sorted directory lists, from moof
|
|
o fix a serious error in vhost handling; "Host:.." would allow access to
|
|
the next level directory from the virtual root directory, from seanb
|
|
o fix some various non standard compile time errors, from rudolf
|
|
o fix dynamic CGI content maps, from rudolf
|
|
|
|
changes in bozohttpd 20100617:
|
|
o fix some compile issues
|
|
o fix SSL mode. from rtr
|
|
o fix some cgi-bin issues, as seen with cvsweb
|
|
o disable multi-file daemon mode for now, it breaks
|
|
o return 404's instead of 403's when chdir of ~user dirs fail
|
|
o remove "noreturn" attribute from bozo_http_error() that was
|
|
causing incorrect runtime behaviour
|
|
|
|
changes in bozohttpd 20100509:
|
|
o major rework and clean up of internal interfaces. move the main
|
|
program into main.c, the remaining parts are useable as library
|
|
add bindings for lua. by Alistair G. Crooks <agc@netbsd.org>
|
|
o fix http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566325
|
|
|
|
changes in bozohttpd 20090522:
|
|
o avoid dying in daemon mode for some uncommon, but recoverable, errors
|
|
o close leaking file descriptors for CGI and daemon mode
|
|
o handle poll errors properly
|
|
o don't try to handle more than one request per process yet
|
|
o add subdirs for build "debug" and "small" versions
|
|
o clean up a bad merge / duplicate code
|
|
o make mmap() usage portable, fixes linux & ranges: support
|
|
o document the -f option
|
|
o daemon mode now serves 6 files per child
|
|
|
|
changes in bozohttpd 20090417:
|
|
o make bozohttpd internally more modular, preparing the way
|
|
to handle more than one request per process
|
|
o fix http-auth, set $REMOTE_USER not $REMOTEUSER. also fix
|
|
cgi-bin with cvsweb, from Holger Weiss <holger@CIS.FU-Berlin.DE>
|
|
o fix an uninitialised variable use in daemon mode
|
|
o fix ssl mode with newer OpenSSL
|
|
o mmap large files in manageable sizes so we can serve any size file
|
|
o refactor url processing to handle query strings correctly for CGI
|
|
from Sergey Katsev at Coyote Point
|
|
o add If-Modified-Since support, from Joerg Sonnenberger
|
|
<joerg@netbsd.org>
|
|
o many more manual fixes, from NetBSD
|
|
|
|
changes in bozohttpd 20080303:
|
|
o fix some cgi header processing, from <thelsdj@gmail.com>
|
|
o add simple Range: header processing, from <bad@bsd.de>
|
|
o man page fixes, from NetBSD
|
|
o clean up various parts, from NetBSD
|
|
|
|
changes in bozohttpd 20060710:
|
|
o prefix some function names with "bozo"
|
|
o align directory indexing <hr> markers
|
|
o clean up some code GCC4 grumbled about
|
|
|
|
changes in bozohttpd 20060517:
|
|
o don't allow "/.." or "../" files
|
|
o don't write ":80" into urls for the http port
|
|
o fix a fd leak when fork() fails
|
|
o make directory indexing mode not look so ugly
|
|
o build a text version of the manual page
|
|
o make "make clean" work properly
|
|
|
|
changes in bozohttpd 20050410:
|
|
o fix some off-by-one errors from <roland.illig@gmx.de>
|
|
o properly support nph- CGI
|
|
o make content maps case insensitive
|
|
o fix proto header merging to include the missing comma
|
|
o major source reorganisation; most features are in separate files now
|
|
o new -V flag that makes unknown virtualhosts use slashdir
|
|
from <rumble@ephemeral.org>
|
|
o HTTP/1.x protocol headers are now properly merged for CGI
|
|
|
|
changes in bozohttpd 20040808:
|
|
o CGI status is now properly handled (-a flag has been removed)
|
|
o CGI file upload support works
|
|
o %xy translations are no longer ever applied after the first '?',
|
|
ala RFC2396. from lukem
|
|
o daemon mode (-b) should no longer hang spinning forever if it
|
|
sees no children. from lukem
|
|
o new .bzabsredirect file support. from <martin@netbsd.org>
|
|
o return a 404 error if we see %00 or %2f (/)
|
|
o don't print 2 "200" headers for CGI
|
|
o support .torrent files
|
|
|
|
changes in bozohttpd 20040218:
|
|
o new .bzredirect file support for sane directory redirection
|
|
o new -Z option that enables SSL mode, from <rtr@eterna.com.au>
|
|
o the -C option has been changed to take two explicit options, rather
|
|
than a single option with a space separating the suffix and the
|
|
interpreter. ``-C ".foo /path/to/bar"'' should now be written
|
|
as ``-C .foo /path/to/bar''
|
|
o the -M option has been changed like -C and no longer requires or
|
|
supports a single argument with space-separated options
|
|
o with -a, still print the 200 OK. from <rtr@eterna.com.au>
|
|
o with -r, if a .bzdirect file appears in a directory, allow direct
|
|
access to this directory
|
|
|
|
changes in bozohttpd 20031005:
|
|
o fixes for basic authorisation. from <ecu@ipv42.net>
|
|
o always display file size in directory index mode
|
|
o add .xbel, .xml & .xsl -> text/xml mappings. from
|
|
<wiz@danbala.ifoer.tuwien.ac.at>
|
|
|
|
changes in bozohttpd 20030626:
|
|
o fix a recent core dump when given no input
|
|
o add new -r flag that ensures referrer is set to this host
|
|
o fix several compile time errors with -DNO_CGIBIN_SUPPORT
|
|
o fix some man page details. from lukem@wasabisystems.com
|
|
o re-add a missing memset(), fixing a core dump. from lukem
|
|
o support HTTP basic authorisation, disabled by default. from lukem
|
|
o print the port number in redirects and errors. from lukem
|
|
o only syslog the basename of the program. from lukem
|
|
o add __attribute__() format checking. from lukem
|
|
o fix cgibin SCRIPT_NAME to have a leading /. from zakj@nox.cx
|
|
o simplify some code in -C to avoid a core dump. from lukem
|
|
o add a .css -> css/text entry to the content_map[]. from zakj@nox.cx
|
|
|
|
changes in bozohttpd 20030409:
|
|
o -d without DEBUG enabled only prints one warning and continues
|
|
o one can now define the C macro SERVER_SOFTWARE when building to
|
|
change the Server: header and CGI variable of the same name
|
|
o add new -s flag the force logging output to stderr. from zakj@nox.cx
|
|
o add new -a flag for CGI bin that stops bozohttpd from outputting
|
|
any HTTP reply, the CGI program must output these. from zakj@nox.cx
|
|
o new REQUEST_URI and DATE_GMT environment variables for CGI. from
|
|
zakj@nox.cx
|
|
o add a "Makefile.boot" that should work with any make program
|
|
o build on linux again
|
|
o fix core dumps when using -C
|
|
|
|
changes in bozohttpd 20030313:
|
|
o deprecate -r flag; make this the default and silently ignore -r now
|
|
o add support for file extensions to call CGI programs (from lukem)
|
|
o add dynamic support to add new content map entries, allowing both
|
|
new file types and non /cgi-bin CGI programs to be run with the
|
|
new -C "suffix cgihandler" and -M "suffix type encoding encoding11"
|
|
options
|
|
o in -b mode, set the http date after accept() returns, not before we
|
|
call accept()
|
|
o in -b mode, bind all addresses found not just the first one
|
|
o unsupport old hostname API
|
|
o in -b mode, set the SO_REUSEADDR socket option (lukem)
|
|
o allow -x (index.html) mode to work with CGI handlers
|
|
|
|
changes in bozohttpd 20021106:
|
|
o add .bz2 support
|
|
o properly escape <, > and & in error messages, partly from
|
|
Nicolas Jombart <ecu@mariejeanne.net>
|
|
o new -H flag to hide .* files in directory index mode
|
|
o fix buffer reallocation when parsing a request, to avoid
|
|
overflowing the buffer with carriage returns (\r)
|
|
o do not decode "%XY"-style cgi-bin data beyond the "?"
|
|
|
|
changes in bozohttpd 5.15 (20020913):
|
|
o add .ogg support -> `application/x-ogg'
|
|
o fix CGI requests with "/" in the query part
|
|
|
|
changes in bozohttpd 5.14 (20020823):
|
|
o allow -X mode to work for "/"
|
|
o work on systems without MADV_SEQUENTIAL
|
|
o make a local cut-down copy of "queue.h" (fixes linux & solaris
|
|
support at the very least)
|
|
o portability fixes for pre-ipv6 socket api systems (eg, solaris 7)
|
|
o portability fixes for missing _PATH_DEFPATH, LOG_FTP and __progname
|
|
o better documentation on virtual host support
|
|
|
|
changes in bozohttpd 5.13 (20020804):
|
|
o support .mp3 files (type audio/mpeg)
|
|
o use stat() to find out if something is a directory, for -X mode
|
|
|
|
changes in bozohttpd 5.12 (20020803):
|
|
o constification
|
|
o fixes & enhancements for directory index mode (-X)
|
|
|
|
changes in bozohttpd 5.11 (20020730):
|
|
o more man page fixes from Thomas Klausner
|
|
<wiz@danbala.ifoer.tuwien.ac.at>
|
|
o de-K&R C-ification
|
|
o fix Date: header for daemon mode
|
|
o fix core dump when asking for /cgi-bin/ when CGI isn't configured
|
|
o use a valid Server: header
|
|
|
|
changes in bozohttpd 5.10 (20020710):
|
|
- add freebsd support
|
|
- fix a couple of header typos
|
|
- many cgi-bin fixes from lukem@netbsd.org
|
|
- add -T chrootdir and -U user, plus several minor other cleanups
|
|
with signals and return values. from xs@kittenz.org
|
|
- add -e that does not clear the environment for -T/-U
|
|
- fix a formatting error noticed by ISIHARA Takanori <ishit@oak.dti.ne.jp>
|
|
|
|
changes in bozohttpd 5.09 (20010922):
|
|
- add a daemon mode
|
|
- document how to use bozohttpd in netbsd inetd with more than 40
|
|
connections per minute and also with cgibin
|
|
- man page fixes from wiz@netbsd.org
|
|
|
|
changes in bozohttpd 5.08 (20010812):
|
|
- add directory index generation support (-X) from ad@netbsd.org
|
|
- add .pa as an alias for .pac
|
|
- make server software version configurable (RFC)
|
|
|
|
changes in bozohttpd 5.07 (20010610):
|
|
- add .png support
|
|
- new "-x index.html" flag to change default file
|
|
- new "-p public_html" flag to change default ~user directory
|
|
- fixes cgi-bin support and more from chuck@research.att.com
|
|
- add many new content-types, now support most common ones
|
|
|
|
changes in bozohttpd 5.06 (20000825):
|
|
- add IPv6 support from itojun@iijlab.net
|
|
- man page fixes from jlam@netbsd.org
|
|
|
|
changes in bozohttpd 5.05 (20000815):
|
|
- fix a virtual host bug, from kleink@netbsd.org
|
|
|
|
changes in bozohttpd 5.04 (20000427):
|
|
- fix virtual host support; URI takes precedence over Host:
|
|
|
|
changes in bozohttpd 5.03 (20000427):
|
|
- fix a bug with chdir()
|
|
|
|
changes in bozohttpd 5.02 (20000426):
|
|
- .pac spport from simonb
|
|
|
|
changes in bozohttpd 5.01 (20000421):
|
|
- .swf support
|
|
- virtual hosting support
|