Changes:
New in version 2.25b:
* Move fdwatch initialization before the chroot, so that
/dev/poll can work.
* Multiple fdwatch cleanups and fixes (Adam Zell).
New in version 2.25:
* Prohibit "Host: ." and "Host: .." (David Leadbeater).
* Don't free memory prematurely on SIGUSR1 (A.D.F.).
* Use the specified charset in directory listings and errors
(Jonas Ohlsson).
* Lowered THROTTLE_TIME from 60 seconds to 2 seconds, plus more
aggressive computation of sending rate, to improve throttle
reaction time (E Frank Ball).
* Added code to redistribute the throttled bandwidth fairly among
the currently sending connections.
* Some more throttling changes that smooth things out a lot.
* Added an experimental limitation on the number of simultaneous CGIs.
* Chown the log file when starting as root, so that it can later be
re-opened when running as nobody (or whatever user you configure).
Also tweak the logfile pathname so that it still works inside a
chroot tree.
* Make sure URL paths begin with a slash.
* Generate multiple MIME encodings in the correct order, and with the
correct separator.
* Ignore EINTR on read() and write().
* Fix error in httpd_read_fully() and httpd_write_fully() that could
cause incorrect data to be read or written (Daniel Jensen).
* Don't attempt to double-free a file descriptor if a connection times
out while it is paused for throttling.
* Save and restore errno in signal handlers.
* The non-local referer check is no longer fooled by URLs with query
strings.
* Simplified handling of HAVE_INT64T (Trisk). If this causes problems,
e.g. if there are still systems which don't have "long long", we can
back out the change.
* Keep a list of free connection structs, instead of doing linear search
to find a free one (Adam Zell).
* Added config.h option FLUSH_LOG_EVERY_TIME - if it's turned off, the
log does not get fflushed after each request (Adam Zell).
* Multiple robustness improvements to the fdwatch module (Adam Zell).
* Added /dev/poll support to fdwatch (Adam Zell).
* Automatically add no-cache control header on error responses.
New in version 2.24:
* Added a bunch of MIME types.
* Fix minor problem with returning unknown protocol on some errors.
* Changed the config-file option for diabling symlink checking from "nosymlink" to "nosymlinkcheck" to make its function clearer.
* Allow blank lines in the config file.
* Handle more than one SIGHUP and SIGUSR2 (Cameron Gregory).
* Slight change to handle_newconnect() to better deal with unexpected errors from accept(), such as running out of file descriptors (Alex Keahan).
* Added optional minimum rate to throttles.
* Stats syslog messages downgraded from LOG_NOTICE to LOG_INFO.
* Use unsigned short consistently for port number.
* Prohibit slashes in the Host: header (Marcus Breiing).
* Added a -dd data_dir flag and corresponding config-file option.
* Got rid of the old timer-based zombie process reaper, replacing it with a SIGCHLD handler.
* Changed the idle connection checking from using a separate timer for each connection to using a single timer that checks all active connections.
* Correction to missing-slash directory redirect with query string.
* Added a watchdog alarm handler that forces a core dump if thttpd stops running its timers for too long.
* Don't send Content-Length header on 304 Not Modified responses.
* Allow user-agent log entries to be up to 200 characters long, instead only of 80.
* Fixed buffer overflow bug in defang().
* Re-arranged the order of calling de_dotdot() so that it doesn't get applied to query strings.
* Some fixes for the syslogtocern script (paul fox).
* Changed configure script to use "gcc -dumpversion" instead of "gcc --version" (Ed Goforth).
* Changed most uses of \r and \n to \015 and \012 (Jens Bauer).
* In ssi.c, lack of PATH_INFO is now non-fatal (David Phillips).
* Some improvements to fdwatch (David Burgess).
Changes since 2.21b:
* Added some Microsoft MIME types (Kevin Day).
* Switch htpasswd from using tmpnam to mkstemp.
* Rewrote figure_mime() to do binary search.
* Removed the x- from gzip and compress in mime_encodings.txt.
* Added rudimentary option to set cache-control headers.
* Simplified the IPv6 ifdefs.
* Allow filenames with ? in them (Cameron Gregory).
* Some improvements to the mmap cache - added a "panic mode" if you run out
of address space, added DESIRED_MAX_MAPPED_BYTES config.h option.
* Lowered OCCASIONAL_TIME from five minutes to two minutes.
* Fix CGI variable AUTH_TYPE (Alexandre CHERIF).
* Split clear_connection() into two routines, one which sends a possible
buffered response and the other which ignores such (David Burgess).
* Remove /./ in de_dotdot() (Dana Dahlstrom).
* Shortened LINGER_TIME from two seconds to half a second.
* Changed some write() calls to httpd_write_fully(), as suggested by
Neale Pickett.
* Changed the non-mmap() read() call in mmc.c to httpd_read_fully(), as
suggested by Cameron Gregory.
* Added an madvise(MADV_SEQUENTIAL) call in mmc.c.
* Added .xhtml and .xht to mime_types.txt (suggested by Dave Hodder).
* Added index.xhtml and index.xht to INDEX_NAMES (suggested by Dave Hodder).
* Got rid of the custom-jiggered syslog.c, now we just use the standard
system version. Also added a paragraph in the man page about the syslogd
flags needed to make syslogging work from inside a chroot tree.
* Added some OpenOffice MIME types (Dave Hodder).
* Lowered the default DESIRED_MAX_MAPPED_FILES from 2000 to 1000.
* Set up accept filters after listen() (Kris Spinka).
* Preserve query string when doing a missing-slash directory redirect.
* Special-case logging to '-' as stdout (Matt Armstrong).
* Added -s to usage line (Pavel Janík).
* Fix for security hole that exposed contents of .htpasswd in some cases
(noticed by zeno@cgisecurity.com).
* Allow (and ignore) extra fields in .htpasswd files.
* Added some calls to shutdown() in strategic places.
* Added a timer-kill of the CGI interpose input and output process.
These processes also now close the listen fd(s).
* Fixed rare file descriptor leak, when we get an unknown sockaddr family
(George Schlossnagle).
* Put virtual hostname in non-local referer syslog (Craig Leres).
* Added a P3P server privacy header setting (Henrik Schack Jensen).
And lots of other bug fixes.
Changes: Lots of bugfixes (lingering-close problem, USR1 handling,
off-by-1 in base64 decoding and others), throttling syslog, tuned
throttling, improvements on mmap cache, etc. See
http://www.acme.com/software/thttpd/#releasenotes
