-
Notifications
You must be signed in to change notification settings - Fork 0
/
ChangeLog
433 lines (402 loc) · 19.9 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
** Changes from 0.94.12 to 0.94.13
* Change many instances of log_error_mesg + exit to DIE macro
* Change all instance of log_error_mesg (without exit) to WARN macro
* do a much better job of checking return values from malloc and
especially strdup.
* check results of calling umask and getrlimit
* server_s is no longer a global int
* check results of fork via switch instead of if (fork())
* check for getopt.h and include it if found
* remove unused #defines, and add WARN macro, and replace
many calls to log_error_mesg(..) with WARN macro
* fix bug in get_commonlog_time where time_offset calculation was
the opposite of what it should be ('-' and '+' were swapped)
* fix compatability bug with old and newer versions of flex/yacc
* add check for AC_FUNC_MMAP to configure.in
* fix really lame thinko in normalize_path, which would prepend the
results of earlier calls to results from later calls
* Add MaxConnections, a configuration directive which allows the
user to specify the maximum number of connections that Boa will
accept concurrently.
* add SERVER_ADDR and REQUEST_URI to environment of CGI
* handle SIGBUS during writes of data that has been memory mapped
* minor optimization in select.c that prevents DEAD requests from
being added to the block set
* fix bug in CGI environment script_name - closes sf.net bug #576725
* make 'status' variable local to requests.c, not local to every file
by forgetting to declare 'extern' in globals.h :-|
* make getsockname non-fatal, and do it every time because we may
need it for the CGI
* some minor refactoring optimizations in hash.c
** Changes from 0.94.11 to 0.94.12
* Renamed Changelog ChangeLog, and moved up to top-level directory
* Next 3 items due in part or whole thanks to
Liam Widdowson
* when printf'ing a pid type, force to int, because it could be
something else on other platforms. Should probably change it to
a long, and use that.
* backported chroot commandline support from 0.95
* backported support for strdup, strstr, alphasort, and scandir
from 0.95
* Fixed src/Makefile.in -- it didn't remove index_dir.o
* backport create_temporary_file from 0.95
(instead of using tmpnam)
* Allow non-standard date format 31 September 2000 23:59:59 GMT
Patch by Landon Curt Noll
* Skip whitespace before HTTP/major.minor
Adapted patch from Landon Curt Noll
* open /dev/null first thing (affects chrooting)
* properly handle sigalrm -- use sigalrm_flag and sigalrm_run
instead of handling the signal in the signal handler
* update manpage slightly
* send 400 BAD Request when resource does not start with '/'
* add grp.h to boa.h's includes -- remove from boa.c and config.c
* removed duplicate header includes from boa.c, config.c, get.c,
ip.c, request.c, response.c
* factor out creating the server socket and dropping privs
into create_server_socket and drop_privs
* type all functions in boa.c (except main) as static
* set umask after opening /dev/null
* tie stdin/stdout to /dev/null before commandline parse
* removed old, unused chroot code
* move builds_needs_escape earlier in the startup
* move fork later in the startup
* type all c_set_* as static in config.c
* don't bother trying to change uid/gid (or error if the
requested uid/gid doesn't exist) if not UID 0
* return more appropriate error code when foo.html gives
access denied, but foo.html.gz gives some other error
(essentially report error associated with foo.html, not foo.html.gz)
* send NOT Implemented when an unknown method is attempted
* always attempt a 32k read right before close
(stopgap until blackhole can be merged)
* allow more than 1 space in logline between method, resource,
and http version
* don't use inline functions
* update configure.in so that autoconf 2.50 doesn't complain (as much)
* properly use VPATH and srcdir according to autoconf docs
* change curly-braces to parentheses in Makefilein
* use $^ instead of manually listing the dependencies in Makefile.in
* remove tests section in Makefile.in
* write tags not TAGS in Makefile.in
* Add gethostbyname and inet_aton to function checks
* Add code from 0.95 which checks for socket in -lsocket,
inet_aton in -lresolv, and gethost{by}name in -lnsl
* Also remove broken bc-based "how big is an unsigned int" checks:
assume minimum of 32 bits and check in escape.c at runtime.
* Added new file: README.chroot.solaris, based on a
modified version by Liam Widdowson
* Add check_struct_for.m4, which allows us to check a structure
for a member (found at http://www.gnu.org/software/ac-archive/
authored by Wes Hardaker
* Call "aclocal -I ." to rebuild aclocal.m4
* Using new check-struct-for-member autoconf macro, check
for tm_gmtoff and tm_zone in struct tm -- useful in
portability tests for localtime.
* Also check sockaddr_in for structure sin_len so we can set
it properly.
* index_dir.c (which ends up in boa_indexer) can now be compiled
with USE_LOCALTIME, and if so, it will report the local time
using the timezone name. Otherwise it uses UTC time and UTC
timezone designation.
* fix buglet in mmap_cache.c which shows up when under
heavy load by many different files.
Found and squashed by Michal Kara
* normalize paths on Aliases, log files, server root, dirmaker
This makes sure that paths are 'absolute'
* don't generate DOCUMENT_ROOT or SERVER_ROOT,
CGIs have no business knowing that information
* if CGI, chdir to the cgi's root path
Bug found by Matt Callaway
* remove ChrootPath and PidFile directives from the parser
(they aren't used anyway)
* keep track of maximum file descriptor in use to optimize call
to select()
* apply IPv6 patch from Jari Korva
* optimize keep-alive copy data routine
* try to use memcpy instead of strcpy/strcat in more places (alias.c)
* update .depend file
* use fcntl + GET_FL to get a file descriptor's flags, then
add or remove only the bits we want to set. This prevents
accidentally setting or unsettings bits we don't have anything
to do with inadvertantly. (removed, at least temporarily.
Show me a system where it is needed -- LRD)
* make sure to call FD_ZERO when we handle a restart
* in read.c, don't call boa_perror on read failure -- socket is
dead or messed up anyway, no reason to try to write to it.
* explicit .SUFFIXES in Makefile.in
* boa.objdump target added
* use @MAKE_SET@ (for when $(MAKE) != "make")
* add -Wundef -Wwrite-strings -Wredundant-decls -Winline to GCC_FLAGS
* change Paul Phillips' and Larry Doolittle's emails in source
* add --disable-debug, --enable-profile, --with-dmalloc, and --with-efence
* test for failed-but-return-was-successful setuid:
http://www.securityfocus.com/bid/1322
* use _exit not exit in CGI child
* always place new keepalive request on blocked list, we can't be
sure of the state of the active list, and since enqueue places
things at the *front* of the list, it doesn't do us much good
to place the new request on the active list anyway.
* update some Copyright statements for 2002
* When comparing the uri to an alias, only compare if
the uri length is greater than or equal to the length of the alias
* in init_script_alias, make sure to check for document_root before
trying to use it
* script_name is now just a copy of the request, rather
than some complicated variation on the pathname
* change the way the CGI environment is handled.
Now, it is allocated at request allocation time, and exists
throughout the life of the structure.
* check memory allocations, etc.. when creating the static
CGI environment and when making new CGI environment variables
* wait until process_option_end to call unescape_uri, clean_pathname,
and translate_uri
* remove debian package information
* move RedHat packaging information to contrib
* remove tests -- they weren't usable anyway
* add some new hash routines, and use djb2 (a variant on a
hash algorithm popularized by Dan J. Bernstein)
* a side-effect of the new hash routines is a bugfix,
involving negative return values from hash routines.
This has been fixed.
* add a routine, show_hash_stats, which is called with other
statistical output via sigalarm
* remove some duplicate prototypes from config.c
* make simple_itoa take an unsigned int
* try to make NOBLOCK handling in compat.h compatible with Solaris
* make sure to update current_time before calling signal handlers
* alter primary loop to make sure that select gets called even
when there are requests that are not blocking, and call fdset_update
and process_requests (when appropriate) after signal handlers but
before select to make sure that blocked requests are still handled
by select after a sighup. (Thanks to Karl Olsen)
* pull select loop into select.c
* poll server socket once per active connection
* add send_r_service_unavailable and use it when appropriate
* state uptime in seconds at normal program termination
* include sys/fcntl.h if it is found by configure
* fix POST bug where a content-length < 0 would cause Boa to
consume its full share of CPU until killed
Bug report by Landon Curt Noll
* add CGIPath configuration variable
based upon a patch by Landon Curt Noll
* add function boa_atoi, which wraps atoi, but does not
accept negative values. Additionally, it checks to make sure
the converted value and the original value are the same, avoiding
issues like "124.3" -> "123" and "123abc" -=> "123".
Either a value is an int or it isn't - no middle ground.
* use boa_atoi to convert content-length from client.
* add new #define - SINGLE_POST_LIMIT_DEFAULT, which defines
(in bytes) the *default* single_post_limit.
* single_post_limit is now in bytes.
* when adding aliases, only "normalize" paths that start
with "./" - this is a departure from previous behavior
* add "?" to the list of characters that it is safe to leave unescaped
* clean up Makefile.in of no-longer-pertinent comments
* add send_r_bad_gateway and use it
* tie stderr to either cgi_log_fd or devnullfd - either way
make sure stderr is a valid filehandle before cgi execution
* cgi_env is no longer allocated, it's part of the struct now
* fix bug in CgiPath logic
* when unable to allocate memory for an environment variable, log it
* add clear_common_env, which de-allocates the cgi_common_env stuff
[NEVER USE THIS outside of a terminal signal handler!]
* don't be so wasteful of memory in normalize_path
* adapted fix for alias expansion from Brieuc Jeunhomme
** Changes from 0.94.10.1 to 0.94.11
* use LIBS in Makefile.in (which propagates from autoconf)
* properly free memory allocated by scandir in index_dir.c
* rearrange some header files and includes
* on reads and writes, don't check for -1, check for < 0
* include fix by William Meadows
for escape.c which fixes segfaults due to improper allocation
* above fix by William Meadows no longer needed;
escape.c and escape.h rewritten by Larry Doolittle -- requires
at least 32 bit words, but is correct (jdn's 1st attempt was faulty)
** Changes from 0.94.10 to 0.94.10.1
* Actually update the SERVER_VERSION in src/defines.h
** Changes from 0.94.9 to 0.94.10
* Fixes escaping rules
* Fixes segfault when directory_index is undefined and
directory needs to be generated
* adds dummy signal handlers for SIGUSR1 and SIGUSR2 (Closes SF #425921)
* Update documentation regarding mime.types (Closes Debian #69991)
* Make sure documentation builds (Closes Debian #110818)
** Changes from 0.94.8.3 to 0.94.9
* src/Makefile.in updated to take CFLAGS, LIBS, and LDFLAGS
from autoconf
* Update escaping rules with latest RFC
* unescape_uri skips fragments and also stop parsing at '?'
* Don't accept fd over FD_SETSIZE in request.c:get_request
* use backported documentation from 0.95
* make sure POST fd gets closed even on client cancel
* use backported index_dir.c from 0.95
* support subdirectories in ScriptAlias directories
* add SinglePostLimit (int, in Kilobytes) to config system
* check for ENOSPC on body write
* use environment variable TMP (or "/tmp" if not available),
and chdir there when boa exits.
* add 1-time-only hack to make a 32kB read at the end of a request
on POST or PUT
* close unused file descriptors (/dev/null in boa.c, and the
unused part of the pipes call in cgi.c)
* made Makefile.in VPATH happy
** Changes from 0.94.8.2 to 0.94.8.3
* Move unescape_uri *before* clean_pathname to prevent
encoding of / and .. in pathname
* wrap execution of GUNZIP in cgi.c with #ifdef GUNZIP
* stop parsing when fragment found in URL ('#')
** Changes from 0.94.8.1 to 0.94.8.2
* close pipes[1] in child and generate HTTP_REFERER environment
variable in cgi.c
* Minor changes to the Debian package
** Changes from 0.94.8 to 0.94.8.1
* Change umask call from (umask(0600)) to (umask(~0600))
** Changes from 0.94.7 to 0.94.8
* Fix major thinko in temp file permissions
* unlink temporary file immediately following creation
* implement maximum # of active connections at 10 less than RLIMIT_NOFILE
to avoid or eliminate crashes resulting from running out of
file descriptors
* Fix thinko in POST
** Changes from 0.94.6 to 0.94.7
* STDIN and STDOUT are now tied to /dev/null
* sets PATH_MAX to 2048 if not defined (for Hurd)
* core dumps (should never happen) would be located in /tmp
* alter behavior when select gets a EBADF
* add translation for the \" char -> "
* remove use of sys_errlist. Use perror.
* better makedist.sh (still a stupid program though)
** Changes from 0.94.5 to 0.94.6
* Removed doc++ commenting
* Removed erroneous debugging statments
* Move some stuff out of config.c (read_config_file) to boa.c
* Altered some of fixup_server_root()
* Bug fix in get.c re: automatic gunzip
* Added some stubs for chroot code (*not* ready yet)
** Changes from 0.94.4 to 0.94.5
* Alteration of most of the comments and such for doc++ use
* Fixed buffer overflow in alias.c
* Fixed buffer underflow in util.c
** Changes from 0.94.3 to 0.94.4
* Better escaping of data to user, both for HTTP headers and HTML body
* Proper escaping of output in CGI example perl scripts
** Changes from 0.94.0 to 0.94.2
* Fixed obnoxious pipeline bug
* Fixed (sorta) a compilation/core bug for *BSD systems
Original code by Thomas Neumann
* Moved to GPLv2
* Changed manpage to section 8
* boa.sgml now references a .png file instead of evil .gif
** Changes from 0.93.19.2 to 0.94.0
* Added UseGMT to the configuration parser
* util.c commonlog now logs in Apache-style commonlog time format
* Remove SO_SNDBUF on-start message
** Changes from 0.93.19 to 0.93.19.2
* Changed to combined log (from NCSA access_log format) ala Drew Streib
* Altered POST cgi code to handle bug in Netscape
* SO_SNDBUF changes by Larry
** Changes from 0.93.17.2 to 0.93.19 (all 0.93.18.x changes inclusive)
* Update of some copyright statements for 99
* Replacement of sprintf with strlen/memcpy or strcpy/strcat
wherever possible
* Significant rearrangement in alias.c, minor functional differences
(some CGI environment variables handled differently)
* Removal of die function. Replace with log_err_mesg and exit.
* initial IPv6 stubs and support
* Move #include "config.h" to top of boa.h where it will do some good
* Stubs and functions for strstr and strdup
* Seperation of buffer code into it's own file
* Significant changes to cgi.c et al (cgi_header.c, etc...)
* Speed patches by removal of "extra" calls to time(): Use global variable!
* pipelining changes... it works now.
* require content-length from clients (ala rfc1945)
* alter body_read and body_write to work more efficiently with known content-length
* move read(2) part to *after* parsing...
* added support for additional header message in send_redirect_temp
* change use of NO_ZERO_FILL_LENGTH to offsetof() use
* Remove SO_REUSEADDR setting on each client socket, Paul Saab
* Avoid SO_SNDBUF setting if possible
* Large quantities of otherwise not-insignificant changes
** Changes from 0.93.17.2 to 0.93.17.3
* Put on-the-fly directories back in, stripped down from the 0.92 version
* Fixed DocumentRoot, ServerAdmin and ServerName null-value handling in
CGI environment generation
* Fixed argument order in Script* directives (bug introduced in 0.93.17.2)
* Got rid of MAX_CGI_VARS because it was not being used consistently, or
for that matter, at all, really.
* Added some more FASCIST_LOGGING to cgi.c
* Minor mmap patch by LRD for request.c
** Changes from 0.93.17.1 to 0.93.17.2
* Added "Listen" directive for server bind address, as most recently
suggested by David N. Welton
* Put virtualhost feature in, was experimental in 0.92q
** Changes from 0.93.16.2 to 0.93.17.1
* New config file parser (supposed to be more maintainable) (LRD)
* Support for "|command" and ":host:port" syntax for logfiles (untested) (LRD)
** Changes for the 0.93 version **
* Huge quantities of changes
* keepalive Bugfix in 0.93.16.2 by Jon Nelson
report by Craig Silverstein of Google fame.
* patch for config.h by Craig Silverstein
* fixed "Parent Directory" problem in boa_indexer for title "/"
(Debian bug #36165)
* More Craig Silverstein
modifications, namely:
ErrorLog (if omitted, print to stderr)
DocumentRoot (if omitted, can only server user-dir files)
DirectoryIndex (if omitted, always use DirectoryMaker)
MimeTypes (if omitted, don't load -- users can use AddType instead)
** Changes from v0.92o to v0.92p **
* Documented misbehavior of CGI, SIGHUP, short aliases, stale dircache.
* Documented how to patch signals.c for use on SunOS.
* Closed file descriptor leak when redirecting a bare directory URL to
one with an appended "/".
* Closed potential file descriptor leak if errors encountered generating
on-the-fly index.
* Cleaned up include file handling to be simultaneously compatible with
Linux, SunOS, HP-UX, and AIX.
* Supress message body for codes 302, 400, 403, 404, 500, and 501 if
incoming request is "HEAD".
** Changes from v0.91 to v0.92o **
(0.92o released 27 December, 1996)
* Maintenance handover from Paul Phillips to Larry Doolittle
* Changed (char)NULL to '\0'
* Cleaned up signal handler prototypes in signals.c
* Modified handling of CGI environment variable PATH_TRANSLATED,
should now work the same as NCSA.
* More conservative buffer size in add_cgi_env()
* Build argv list for a CGI script according to spec
* Speedup process_header_line, eliminate potential memory leak
* Occasional spelling fixes and lint removal
* Added REMOTE_PORT env var for CGI scripts, to allow easy ident lookups
* Changed rfc822 time format
* Log timeouts and broken connections
* Fix mime suffix handling for filenames with multiple "."s
* Initialize conn->time_last, fixes bug with rapid-fire connections
* Performance tweak to req_write()
* Changed http_version from float to char[8]
* Rewrote on-the-fly directory generation; it works now
* Added user configurable dircache directory in boa.conf
* Fixed "simple" response bugs, including incorrect CGI handling
* Keepalive (HTTP/1.1 draft) support, mostly by Jon Nelson
* Close data_fd in 304 Not Modified flow of control
* Switch socket flags to non-blocking before cgi handoff
* Try to handle errno properly in the face of multiple errors
* Close fd's of all other transactions before cgi handoff
* Move real work for sighup and sigchld out of signal handler
* Fix free(req->cgi_env) in request.c
* Response message cleanup - better match to HTML-2.0 DTD
* Experimental Virtual Host code from Russ Nelson
* Expand buffer for escaped URI in init_get()
* SIGTERM triggers lame duck mode until all pending transactions complete
* Close and unlink temp file for POST in parent process
** Changes from v0.90 to v0.91 **
* Cleaned up main while loop
* Optimized request line parsing
* Added state machine for header reads -- necessary to deal wtih
possibility of obtaining header data in multiple reads. This
also allows interactive use of server.
* Added 500/501 return codes for various conditions
** v0.90 **
* Initial release