Changes since 2.21b:
* Added some Microsoft MIME types (Kevin Day).
* Switch htpasswd from using tmpnam to mkstemp.
* Rewrote figure_mime() to do binary search.
* Removed the x- from gzip and compress in mime_encodings.txt.
* Added rudimentary option to set cache-control headers.
* Simplified the IPv6 ifdefs.
* Allow filenames with ? in them (Cameron Gregory).
* Some improvements to the mmap cache - added a "panic mode" if you run out
of address space, added DESIRED_MAX_MAPPED_BYTES config.h option.
* Lowered OCCASIONAL_TIME from five minutes to two minutes.
* Fix CGI variable AUTH_TYPE (Alexandre CHERIF).
* Split clear_connection() into two routines, one which sends a possible
buffered response and the other which ignores such (David Burgess).
* Remove /./ in de_dotdot() (Dana Dahlstrom).
* Shortened LINGER_TIME from two seconds to half a second.
* Changed some write() calls to httpd_write_fully(), as suggested by
Neale Pickett.
* Changed the non-mmap() read() call in mmc.c to httpd_read_fully(), as
suggested by Cameron Gregory.
* Added an madvise(MADV_SEQUENTIAL) call in mmc.c.
* Added .xhtml and .xht to mime_types.txt (suggested by Dave Hodder).
* Added index.xhtml and index.xht to INDEX_NAMES (suggested by Dave Hodder).
* Got rid of the custom-jiggered syslog.c, now we just use the standard
system version. Also added a paragraph in the man page about the syslogd
flags needed to make syslogging work from inside a chroot tree.
* Added some OpenOffice MIME types (Dave Hodder).
* Lowered the default DESIRED_MAX_MAPPED_FILES from 2000 to 1000.
* Set up accept filters after listen() (Kris Spinka).
* Preserve query string when doing a missing-slash directory redirect.
* Special-case logging to '-' as stdout (Matt Armstrong).
* Added -s to usage line (Pavel Janík).
* Fix for security hole that exposed contents of .htpasswd in some cases
(noticed by zeno@cgisecurity.com).
* Allow (and ignore) extra fields in .htpasswd files.
* Added some calls to shutdown() in strategic places.
* Added a timer-kill of the CGI interpose input and output process.
These processes also now close the listen fd(s).
* Fixed rare file descriptor leak, when we get an unknown sockaddr family
(George Schlossnagle).
* Put virtual hostname in non-local referer syslog (Craig Leres).
* Added a P3P server privacy header setting (Henrik Schack Jensen).
And lots of other bug fixes.
Main reason: IPv6. Changes:
New in version 2.15:
* Use standard isxdigit macro instead of is_hexit routine.
* Portability fix for Debian, which lacks gai_strerror().
* Fix for .htpasswd authorization, broken by 2.14's custom error pages
change.
New in version 2.14:
* Fix to non-local referer code - it was trying to dereference a null
pointer under some circumstances.
* Fix to If-Modified-Since - some leap year problems.
* Rewrote match() - it was using a whole lot of CPU time for patterns
with lots of |'s, such as those used by the new non-local-referer
filtering.
* Fix to host lookup code for -h flag.
* Fix custom error pages to work with 401 Unauthorized.
* Removed unused variable.
New in version 2.13:
* Portability fix for fdwatch on systems with poll() but not select().
* Renamed nph-redirect to redirect, now that thttpd does header parsing.
* Always chdir to / after a chroot.
* Some minor de-linting changes.
* Revived code that closes stdin/stdout/stderr, after adding a fix in the
CGI code to prevent descriptors from getting screwed up.
* Bugfix for CGI header parsing - if the CGI was sending binary data
(e.g. images), the result could get truncated or corrupted.
* Disallow ".." listing of virtual host directory.
* Revised snprintf portability fix.
* Rearranged the hc initialization so it's all in one place.
* New IPv6 code from KIKUCHI Takahiro.
* New non-local referer filtering code from Craig Leres.
* New custom error pages code from Catalin Ionescu.
New in version 2.12:
* Better heuristic for deciding between select() and poll().
* Added Red Hat RPM spec file.
New in version 2.11:
* Use poll() instead of select() when favorable.
* Do lazy allocation of part of the connection data structure, to save on
memory now that we can have thousands of simultaneous connections.
* Some speed optimizations.
* Add HTTP_HOST to CGI environment.
* Bugfix for rare uninitialized variable.
New in version 2.10:
* Bugfix for CGI header parsing.
* Call setlogin() if it's available.
Michael Santos in PR pkg/8801. Chances since version 2.04:
- New el-cheapo virtual hosting feature.
- Assorted bug fixes - non-anchored wildcard matching, truncated CGI
output, throttling, authorization cache, daemonization, date-header
parsing.
- Option to write pid to a file, re-open log file on SIGHUP.
- Now looks for index files from a list, instead of only index.html.
- Simple config file.
