Changes from previous:
----------------------
- Ignore ECONNABORTED on accept().
- Correctly implemented the config-file option change from "nosymlink" to
"nosymlinkcheck", which was supposedly done in version 2.24.
- Removed mailto: link from default index page.
- Allow CGIs to provide both Location and Status headers. (A. Skrobov)
- Better logic for figuring out CGI SERVER_NAME environment variable. (Oleg)
- Updated for clang, and general cleanup.
changed all through it). While there, make the package correctly fetch the
NetBSD logo.
Bump PKGREVISION, and after that I'll delete the copy ftp.netbsd.org
currently has. The tarball change doesn't happen often enough for this
package to justify the use of DIST_SUBDIR (and that avoids the hairy
problem of sharing the sitedrivenby.gif file).
PR#30641 by Jared Momose.
New in version 2.24:
* Added a bunch of MIME types.
* Fix minor problem with returning unknown protocol on some errors.
* Changed the config-file option for diabling symlink checking from "nosymlink" to "nosymlinkcheck" to make its function clearer.
* Allow blank lines in the config file.
* Handle more than one SIGHUP and SIGUSR2 (Cameron Gregory).
* Slight change to handle_newconnect() to better deal with unexpected errors from accept(), such as running out of file descriptors (Alex Keahan).
* Added optional minimum rate to throttles.
* Stats syslog messages downgraded from LOG_NOTICE to LOG_INFO.
* Use unsigned short consistently for port number.
* Prohibit slashes in the Host: header (Marcus Breiing).
* Added a -dd data_dir flag and corresponding config-file option.
* Got rid of the old timer-based zombie process reaper, replacing it with a SIGCHLD handler.
* Changed the idle connection checking from using a separate timer for each connection to using a single timer that checks all active connections.
* Correction to missing-slash directory redirect with query string.
* Added a watchdog alarm handler that forces a core dump if thttpd stops running its timers for too long.
* Don't send Content-Length header on 304 Not Modified responses.
* Allow user-agent log entries to be up to 200 characters long, instead only of 80.
* Fixed buffer overflow bug in defang().
* Re-arranged the order of calling de_dotdot() so that it doesn't get applied to query strings.
* Some fixes for the syslogtocern script (paul fox).
* Changed configure script to use "gcc -dumpversion" instead of "gcc --version" (Ed Goforth).
* Changed most uses of \r and \n to \015 and \012 (Jens Bauer).
* In ssi.c, lack of PATH_INFO is now non-fatal (David Phillips).
* Some improvements to fdwatch (David Burgess).
Changes since 2.21b:
* Added some Microsoft MIME types (Kevin Day).
* Switch htpasswd from using tmpnam to mkstemp.
* Rewrote figure_mime() to do binary search.
* Removed the x- from gzip and compress in mime_encodings.txt.
* Added rudimentary option to set cache-control headers.
* Simplified the IPv6 ifdefs.
* Allow filenames with ? in them (Cameron Gregory).
* Some improvements to the mmap cache - added a "panic mode" if you run out
of address space, added DESIRED_MAX_MAPPED_BYTES config.h option.
* Lowered OCCASIONAL_TIME from five minutes to two minutes.
* Fix CGI variable AUTH_TYPE (Alexandre CHERIF).
* Split clear_connection() into two routines, one which sends a possible
buffered response and the other which ignores such (David Burgess).
* Remove /./ in de_dotdot() (Dana Dahlstrom).
* Shortened LINGER_TIME from two seconds to half a second.
* Changed some write() calls to httpd_write_fully(), as suggested by
Neale Pickett.
* Changed the non-mmap() read() call in mmc.c to httpd_read_fully(), as
suggested by Cameron Gregory.
* Added an madvise(MADV_SEQUENTIAL) call in mmc.c.
* Added .xhtml and .xht to mime_types.txt (suggested by Dave Hodder).
* Added index.xhtml and index.xht to INDEX_NAMES (suggested by Dave Hodder).
* Got rid of the custom-jiggered syslog.c, now we just use the standard
system version. Also added a paragraph in the man page about the syslogd
flags needed to make syslogging work from inside a chroot tree.
* Added some OpenOffice MIME types (Dave Hodder).
* Lowered the default DESIRED_MAX_MAPPED_FILES from 2000 to 1000.
* Set up accept filters after listen() (Kris Spinka).
* Preserve query string when doing a missing-slash directory redirect.
* Special-case logging to '-' as stdout (Matt Armstrong).
* Added -s to usage line (Pavel Janík).
* Fix for security hole that exposed contents of .htpasswd in some cases
(noticed by zeno@cgisecurity.com).
* Allow (and ignore) extra fields in .htpasswd files.
* Added some calls to shutdown() in strategic places.
* Added a timer-kill of the CGI interpose input and output process.
These processes also now close the listen fd(s).
* Fixed rare file descriptor leak, when we get an unknown sockaddr family
(George Schlossnagle).
* Put virtual hostname in non-local referer syslog (Craig Leres).
* Added a P3P server privacy header setting (Henrik Schack Jensen).
And lots of other bug fixes.
New in version 2.19:
* Added hack to prevent MSIE 5 from censoring error messages.
* Minor fix to handling of shouldn't-happen error in ls().
* IPv6/Linux fix from Tero Pelander.
* Documented the -D flag.
New in version 2.18:
* Fixed URL-encoding of high-bit characters - used in directory
listings.
* Made a few more characters come through verbatim instead of %-encoded.
* Couple of minor code cleanups.
* Added some MIME types to support WAP/WML.
* IPv6 fix.
* Made MIME text character-set an option, with iso-8859-1 the default.
New in version 2.17:
* A change in the way wildcard matching works - now a single * only
matches strings that don't include a slash. To match entire pathnames
including slashes you have to use **.
* On systems with IPv6, automatically bind to both v4 and v6 sockets.
* Slight change to non-local referer checking to handle older browsers.
* Tweaks to some of the error-403 syslog messages.
* Portability tweak for OSF/1.
* Portability tweak for IPv6 systems.
* Fix for ssi.c from Marcel Telka.
* Added charset=iso-8859-1 to text MIME types.
* Added wildcards to redirect.
* Changed symlinks/nosymlinks config options to symlink/nosymlink, to
conform to the man page (old style still accepted).
upgrade 2.15 -> 2.16. changes from webpage:
- More explicit error pages for 403 Forbidden.
- New section in the manual page explaining how thttpd is picky about
file permissions.
- Couple of CGI tweaks from David Chaiken.
Main reason: IPv6. Changes:
New in version 2.15:
* Use standard isxdigit macro instead of is_hexit routine.
* Portability fix for Debian, which lacks gai_strerror().
* Fix for .htpasswd authorization, broken by 2.14's custom error pages
change.
New in version 2.14:
* Fix to non-local referer code - it was trying to dereference a null
pointer under some circumstances.
* Fix to If-Modified-Since - some leap year problems.
* Rewrote match() - it was using a whole lot of CPU time for patterns
with lots of |'s, such as those used by the new non-local-referer
filtering.
* Fix to host lookup code for -h flag.
* Fix custom error pages to work with 401 Unauthorized.
* Removed unused variable.
New in version 2.13:
* Portability fix for fdwatch on systems with poll() but not select().
* Renamed nph-redirect to redirect, now that thttpd does header parsing.
* Always chdir to / after a chroot.
* Some minor de-linting changes.
* Revived code that closes stdin/stdout/stderr, after adding a fix in the
CGI code to prevent descriptors from getting screwed up.
* Bugfix for CGI header parsing - if the CGI was sending binary data
(e.g. images), the result could get truncated or corrupted.
* Disallow ".." listing of virtual host directory.
* Revised snprintf portability fix.
* Rearranged the hc initialization so it's all in one place.
* New IPv6 code from KIKUCHI Takahiro.
* New non-local referer filtering code from Craig Leres.
* New custom error pages code from Catalin Ionescu.
New in version 2.12:
* Better heuristic for deciding between select() and poll().
* Added Red Hat RPM spec file.
New in version 2.11:
* Use poll() instead of select() when favorable.
* Do lazy allocation of part of the connection data structure, to save on
memory now that we can have thousands of simultaneous connections.
* Some speed optimizations.
* Add HTTP_HOST to CGI environment.
* Bugfix for rare uninitialized variable.
New in version 2.10:
* Bugfix for CGI header parsing.
* Call setlogin() if it's available.
Michael Santos in PR pkg/8801. Chances since version 2.04:
- New el-cheapo virtual hosting feature.
- Assorted bug fixes - non-anchored wildcard matching, truncated CGI
output, throttling, authorization cache, daemonization, date-header
parsing.
- Option to write pid to a file, re-open log file on SIGHUP.
- Now looks for index files from a list, instead of only index.html.
- Simple config file.
