changed all through it). While there, make the package correctly fetch the
NetBSD logo.
Bump PKGREVISION, and after that I'll delete the copy ftp.netbsd.org
currently has. The tarball change doesn't happen often enough for this
package to justify the use of DIST_SUBDIR (and that avoids the hairy
problem of sharing the sitedrivenby.gif file).
PR#30641 by Jared Momose.
Changes:
New in version 2.25b:
* Move fdwatch initialization before the chroot, so that
/dev/poll can work.
* Multiple fdwatch cleanups and fixes (Adam Zell).
New in version 2.25:
* Prohibit "Host: ." and "Host: .." (David Leadbeater).
* Don't free memory prematurely on SIGUSR1 (A.D.F.).
* Use the specified charset in directory listings and errors
(Jonas Ohlsson).
* Lowered THROTTLE_TIME from 60 seconds to 2 seconds, plus more
aggressive computation of sending rate, to improve throttle
reaction time (E Frank Ball).
* Added code to redistribute the throttled bandwidth fairly among
the currently sending connections.
* Some more throttling changes that smooth things out a lot.
* Added an experimental limitation on the number of simultaneous CGIs.
* Chown the log file when starting as root, so that it can later be
re-opened when running as nobody (or whatever user you configure).
Also tweak the logfile pathname so that it still works inside a
chroot tree.
* Make sure URL paths begin with a slash.
* Generate multiple MIME encodings in the correct order, and with the
correct separator.
* Ignore EINTR on read() and write().
* Fix error in httpd_read_fully() and httpd_write_fully() that could
cause incorrect data to be read or written (Daniel Jensen).
* Don't attempt to double-free a file descriptor if a connection times
out while it is paused for throttling.
* Save and restore errno in signal handlers.
* The non-local referer check is no longer fooled by URLs with query
strings.
* Simplified handling of HAVE_INT64T (Trisk). If this causes problems,
e.g. if there are still systems which don't have "long long", we can
back out the change.
* Keep a list of free connection structs, instead of doing linear search
to find a free one (Adam Zell).
* Added config.h option FLUSH_LOG_EVERY_TIME - if it's turned off, the
log does not get fflushed after each request (Adam Zell).
* Multiple robustness improvements to the fdwatch module (Adam Zell).
* Added /dev/poll support to fdwatch (Adam Zell).
* Automatically add no-cache control header on error responses.
New in version 2.24:
* Added a bunch of MIME types.
* Fix minor problem with returning unknown protocol on some errors.
* Changed the config-file option for diabling symlink checking from "nosymlink" to "nosymlinkcheck" to make its function clearer.
* Allow blank lines in the config file.
* Handle more than one SIGHUP and SIGUSR2 (Cameron Gregory).
* Slight change to handle_newconnect() to better deal with unexpected errors from accept(), such as running out of file descriptors (Alex Keahan).
* Added optional minimum rate to throttles.
* Stats syslog messages downgraded from LOG_NOTICE to LOG_INFO.
* Use unsigned short consistently for port number.
* Prohibit slashes in the Host: header (Marcus Breiing).
* Added a -dd data_dir flag and corresponding config-file option.
* Got rid of the old timer-based zombie process reaper, replacing it with a SIGCHLD handler.
* Changed the idle connection checking from using a separate timer for each connection to using a single timer that checks all active connections.
* Correction to missing-slash directory redirect with query string.
* Added a watchdog alarm handler that forces a core dump if thttpd stops running its timers for too long.
* Don't send Content-Length header on 304 Not Modified responses.
* Allow user-agent log entries to be up to 200 characters long, instead only of 80.
* Fixed buffer overflow bug in defang().
* Re-arranged the order of calling de_dotdot() so that it doesn't get applied to query strings.
* Some fixes for the syslogtocern script (paul fox).
* Changed configure script to use "gcc -dumpversion" instead of "gcc --version" (Ed Goforth).
* Changed most uses of \r and \n to \015 and \012 (Jens Bauer).
* In ssi.c, lack of PATH_INFO is now non-fatal (David Phillips).
* Some improvements to fdwatch (David Burgess).
Changes since 2.21b:
* Added some Microsoft MIME types (Kevin Day).
* Switch htpasswd from using tmpnam to mkstemp.
* Rewrote figure_mime() to do binary search.
* Removed the x- from gzip and compress in mime_encodings.txt.
* Added rudimentary option to set cache-control headers.
* Simplified the IPv6 ifdefs.
* Allow filenames with ? in them (Cameron Gregory).
* Some improvements to the mmap cache - added a "panic mode" if you run out
of address space, added DESIRED_MAX_MAPPED_BYTES config.h option.
* Lowered OCCASIONAL_TIME from five minutes to two minutes.
* Fix CGI variable AUTH_TYPE (Alexandre CHERIF).
* Split clear_connection() into two routines, one which sends a possible
buffered response and the other which ignores such (David Burgess).
* Remove /./ in de_dotdot() (Dana Dahlstrom).
* Shortened LINGER_TIME from two seconds to half a second.
* Changed some write() calls to httpd_write_fully(), as suggested by
Neale Pickett.
* Changed the non-mmap() read() call in mmc.c to httpd_read_fully(), as
suggested by Cameron Gregory.
* Added an madvise(MADV_SEQUENTIAL) call in mmc.c.
* Added .xhtml and .xht to mime_types.txt (suggested by Dave Hodder).
* Added index.xhtml and index.xht to INDEX_NAMES (suggested by Dave Hodder).
* Got rid of the custom-jiggered syslog.c, now we just use the standard
system version. Also added a paragraph in the man page about the syslogd
flags needed to make syslogging work from inside a chroot tree.
* Added some OpenOffice MIME types (Dave Hodder).
* Lowered the default DESIRED_MAX_MAPPED_FILES from 2000 to 1000.
* Set up accept filters after listen() (Kris Spinka).
* Preserve query string when doing a missing-slash directory redirect.
* Special-case logging to '-' as stdout (Matt Armstrong).
* Added -s to usage line (Pavel Janík).
* Fix for security hole that exposed contents of .htpasswd in some cases
(noticed by zeno@cgisecurity.com).
* Allow (and ignore) extra fields in .htpasswd files.
* Added some calls to shutdown() in strategic places.
* Added a timer-kill of the CGI interpose input and output process.
These processes also now close the listen fd(s).
* Fixed rare file descriptor leak, when we get an unknown sockaddr family
(George Schlossnagle).
* Put virtual hostname in non-local referer syslog (Craig Leres).
* Added a P3P server privacy header setting (Henrik Schack Jensen).
And lots of other bug fixes.
Changes: Lots of bugfixes (lingering-close problem, USR1 handling,
off-by-1 in base64 decoding and others), throttling syslog, tuned
throttling, improvements on mmap cache, etc. See
http://www.acme.com/software/thttpd/#releasenotes
