Changes:
New in version 2.25b:
* Move fdwatch initialization before the chroot, so that
/dev/poll can work.
* Multiple fdwatch cleanups and fixes (Adam Zell).
New in version 2.25:
* Prohibit "Host: ." and "Host: .." (David Leadbeater).
* Don't free memory prematurely on SIGUSR1 (A.D.F.).
* Use the specified charset in directory listings and errors
(Jonas Ohlsson).
* Lowered THROTTLE_TIME from 60 seconds to 2 seconds, plus more
aggressive computation of sending rate, to improve throttle
reaction time (E Frank Ball).
* Added code to redistribute the throttled bandwidth fairly among
the currently sending connections.
* Some more throttling changes that smooth things out a lot.
* Added an experimental limitation on the number of simultaneous CGIs.
* Chown the log file when starting as root, so that it can later be
re-opened when running as nobody (or whatever user you configure).
Also tweak the logfile pathname so that it still works inside a
chroot tree.
* Make sure URL paths begin with a slash.
* Generate multiple MIME encodings in the correct order, and with the
correct separator.
* Ignore EINTR on read() and write().
* Fix error in httpd_read_fully() and httpd_write_fully() that could
cause incorrect data to be read or written (Daniel Jensen).
* Don't attempt to double-free a file descriptor if a connection times
out while it is paused for throttling.
* Save and restore errno in signal handlers.
* The non-local referer check is no longer fooled by URLs with query
strings.
* Simplified handling of HAVE_INT64T (Trisk). If this causes problems,
e.g. if there are still systems which don't have "long long", we can
back out the change.
* Keep a list of free connection structs, instead of doing linear search
to find a free one (Adam Zell).
* Added config.h option FLUSH_LOG_EVERY_TIME - if it's turned off, the
log does not get fflushed after each request (Adam Zell).
* Multiple robustness improvements to the fdwatch module (Adam Zell).
* Added /dev/poll support to fdwatch (Adam Zell).
* Automatically add no-cache control header on error responses.
New in version 2.24:
* Added a bunch of MIME types.
* Fix minor problem with returning unknown protocol on some errors.
* Changed the config-file option for diabling symlink checking from "nosymlink" to "nosymlinkcheck" to make its function clearer.
* Allow blank lines in the config file.
* Handle more than one SIGHUP and SIGUSR2 (Cameron Gregory).
* Slight change to handle_newconnect() to better deal with unexpected errors from accept(), such as running out of file descriptors (Alex Keahan).
* Added optional minimum rate to throttles.
* Stats syslog messages downgraded from LOG_NOTICE to LOG_INFO.
* Use unsigned short consistently for port number.
* Prohibit slashes in the Host: header (Marcus Breiing).
* Added a -dd data_dir flag and corresponding config-file option.
* Got rid of the old timer-based zombie process reaper, replacing it with a SIGCHLD handler.
* Changed the idle connection checking from using a separate timer for each connection to using a single timer that checks all active connections.
* Correction to missing-slash directory redirect with query string.
* Added a watchdog alarm handler that forces a core dump if thttpd stops running its timers for too long.
* Don't send Content-Length header on 304 Not Modified responses.
* Allow user-agent log entries to be up to 200 characters long, instead only of 80.
* Fixed buffer overflow bug in defang().
* Re-arranged the order of calling de_dotdot() so that it doesn't get applied to query strings.
* Some fixes for the syslogtocern script (paul fox).
* Changed configure script to use "gcc -dumpversion" instead of "gcc --version" (Ed Goforth).
* Changed most uses of \r and \n to \015 and \012 (Jens Bauer).
* In ssi.c, lack of PATH_INFO is now non-fatal (David Phillips).
* Some improvements to fdwatch (David Burgess).
have it be automatically included by bsd.pkg.mk if USE_PKGINSTALL is set
to "YES". This enforces the requirement that bsd.pkg.install.mk be
included at the end of a package Makefile. Idea suggested by Julio M.
Merino Vidal <jmmv at menta.net>.
Changes since 2.21b:
* Added some Microsoft MIME types (Kevin Day).
* Switch htpasswd from using tmpnam to mkstemp.
* Rewrote figure_mime() to do binary search.
* Removed the x- from gzip and compress in mime_encodings.txt.
* Added rudimentary option to set cache-control headers.
* Simplified the IPv6 ifdefs.
* Allow filenames with ? in them (Cameron Gregory).
* Some improvements to the mmap cache - added a "panic mode" if you run out
of address space, added DESIRED_MAX_MAPPED_BYTES config.h option.
* Lowered OCCASIONAL_TIME from five minutes to two minutes.
* Fix CGI variable AUTH_TYPE (Alexandre CHERIF).
* Split clear_connection() into two routines, one which sends a possible
buffered response and the other which ignores such (David Burgess).
* Remove /./ in de_dotdot() (Dana Dahlstrom).
* Shortened LINGER_TIME from two seconds to half a second.
* Changed some write() calls to httpd_write_fully(), as suggested by
Neale Pickett.
* Changed the non-mmap() read() call in mmc.c to httpd_read_fully(), as
suggested by Cameron Gregory.
* Added an madvise(MADV_SEQUENTIAL) call in mmc.c.
* Added .xhtml and .xht to mime_types.txt (suggested by Dave Hodder).
* Added index.xhtml and index.xht to INDEX_NAMES (suggested by Dave Hodder).
* Got rid of the custom-jiggered syslog.c, now we just use the standard
system version. Also added a paragraph in the man page about the syslogd
flags needed to make syslogging work from inside a chroot tree.
* Added some OpenOffice MIME types (Dave Hodder).
* Lowered the default DESIRED_MAX_MAPPED_FILES from 2000 to 1000.
* Set up accept filters after listen() (Kris Spinka).
* Preserve query string when doing a missing-slash directory redirect.
* Special-case logging to '-' as stdout (Matt Armstrong).
* Added -s to usage line (Pavel Janík).
* Fix for security hole that exposed contents of .htpasswd in some cases
(noticed by zeno@cgisecurity.com).
* Allow (and ignore) extra fields in .htpasswd files.
* Added some calls to shutdown() in strategic places.
* Added a timer-kill of the CGI interpose input and output process.
These processes also now close the listen fd(s).
* Fixed rare file descriptor leak, when we get an unknown sockaddr family
(George Schlossnagle).
* Put virtual hostname in non-local referer syslog (Craig Leres).
* Added a P3P server privacy header setting (Henrik Schack Jensen).
And lots of other bug fixes.
This value may be customized in various ways:
PKG_SYSCONFBASE is the main config directory under which all package
configuration files are to be found.
PKG_SYSCONFSUBDIR is the subdirectory of PKG_SYSCONFBASE under which the
configuration files for a particular package may be found.
PKG_SYSCONFDIR.${PKGBASE} overrides the value of ${PKG_SYSCONFDIR} for a
particular package.
Users will typically want to set PKG_SYSCONFBASE to /etc, or accept the
default location of ${PREFIX}/etc.
This obsoletes the use of CONFDIR, which was active for only 6 days, so no
need to have a workaround to still accept old CONFDIR settings.
bsd.pkg.install.mk:
* Remove old DEINSTALL/INSTALL scripts.
* Move some text printed at POST-INSTALL time into the MESSAGE file.
* Adjust rc.d scripts to respect rc.conf settings, so that the
script may be directly copied into /etc/rc.d.
Changes: Lots of bugfixes (lingering-close problem, USR1 handling,
off-by-1 in base64 decoding and others), throttling syslog, tuned
throttling, improvements on mmap cache, etc. See
http://www.acme.com/software/thttpd/#releasenotes
---
New in version 2.20b:
* Corrected version of Marcel Telka's ssi fix. My bad.
New in version 2.20:
* Performance improvements to the timer package via hashing, and
double-linking / sorting the lists. Partially based on a suggestion by
Michal Ostrowski.
* Performance improvement to the mmap cache package, from Evan Jones.
* Minor Linux fix for open files limit, from Jordan Ritter.
* Fix for null ClientData, which picky compilers didn't like.
* Unknown sockaddr type becomes a non-fatal error, preventing a DOS attack.
* Close extraneous file descriptors on CGI calls - from Russell Dill.
* Security fixes for the external ssi program, from ghandi@dopesquad.net and
Wolfgang Rupprecht.
* Fix to make the ssi program elide the HTML comment sequence, from Marcel
Telka.
* Red Hat packaging updates from Bennett Todd.
* Throttling fix from Tom Pavel.
New in version 2.19:
* Added hack to prevent MSIE 5 from censoring error messages.
* Minor fix to handling of shouldn't-happen error in ls().
* IPv6/Linux fix from Tero Pelander.
* Documented the -D flag.
New in version 2.18:
* Fixed URL-encoding of high-bit characters - used in directory
listings.
* Made a few more characters come through verbatim instead of %-encoded.
* Couple of minor code cleanups.
* Added some MIME types to support WAP/WML.
* IPv6 fix.
* Made MIME text character-set an option, with iso-8859-1 the default.
New in version 2.17:
* A change in the way wildcard matching works - now a single * only
matches strings that don't include a slash. To match entire pathnames
including slashes you have to use **.
* On systems with IPv6, automatically bind to both v4 and v6 sockets.
* Slight change to non-local referer checking to handle older browsers.
* Tweaks to some of the error-403 syslog messages.
* Portability tweak for OSF/1.
* Portability tweak for IPv6 systems.
* Fix for ssi.c from Marcel Telka.
* Added charset=iso-8859-1 to text MIME types.
* Added wildcards to redirect.
* Changed symlinks/nosymlinks config options to symlink/nosymlink, to
conform to the man page (old style still accepted).
upgrade 2.15 -> 2.16. changes from webpage:
- More explicit error pages for 403 Forbidden.
- New section in the manual page explaining how thttpd is picky about
file permissions.
- Couple of CGI tweaks from David Chaiken.
Main reason: IPv6. Changes:
New in version 2.15:
* Use standard isxdigit macro instead of is_hexit routine.
* Portability fix for Debian, which lacks gai_strerror().
* Fix for .htpasswd authorization, broken by 2.14's custom error pages
change.
New in version 2.14:
* Fix to non-local referer code - it was trying to dereference a null
pointer under some circumstances.
* Fix to If-Modified-Since - some leap year problems.
* Rewrote match() - it was using a whole lot of CPU time for patterns
with lots of |'s, such as those used by the new non-local-referer
filtering.
* Fix to host lookup code for -h flag.
* Fix custom error pages to work with 401 Unauthorized.
* Removed unused variable.
New in version 2.13:
* Portability fix for fdwatch on systems with poll() but not select().
* Renamed nph-redirect to redirect, now that thttpd does header parsing.
* Always chdir to / after a chroot.
* Some minor de-linting changes.
* Revived code that closes stdin/stdout/stderr, after adding a fix in the
CGI code to prevent descriptors from getting screwed up.
* Bugfix for CGI header parsing - if the CGI was sending binary data
(e.g. images), the result could get truncated or corrupted.
* Disallow ".." listing of virtual host directory.
* Revised snprintf portability fix.
* Rearranged the hc initialization so it's all in one place.
* New IPv6 code from KIKUCHI Takahiro.
* New non-local referer filtering code from Craig Leres.
* New custom error pages code from Catalin Ionescu.
New in version 2.12:
* Better heuristic for deciding between select() and poll().
* Added Red Hat RPM spec file.
New in version 2.11:
* Use poll() instead of select() when favorable.
* Do lazy allocation of part of the connection data structure, to save on
memory now that we can have thousands of simultaneous connections.
* Some speed optimizations.
* Add HTTP_HOST to CGI environment.
* Bugfix for rare uninitialized variable.
New in version 2.10:
* Bugfix for CGI header parsing.
* Call setlogin() if it's available.
Michael Santos in PR pkg/8801. Chances since version 2.04:
- New el-cheapo virtual hosting feature.
- Assorted bug fixes - non-anchored wildcard matching, truncated CGI
output, throttling, authorization cache, daemonization, date-header
parsing.
- Option to write pid to a file, re-open log file on SIGHUP.
- Now looks for index files from a list, instead of only index.html.
- Simple config file.