Upstream changes:
New in version 1.27:
Fixed bug that prevented binary CGI results from working. This bug was introduced in 1.23. Noticed and diagnosed by Qipeng Zhang.
New in version 1.26:
Long-standing bug on FreeBSD using http but not https. Files were getting truncated at 1MB. This was due to improper usage of sendfile(2), and not testing the http path since I only use mini_httpd for https. Since Linux has a completely different sendfile(2) call, it was not affected. And since https does not use sendfile(2), it also was not affected.
New in version 1.25:
Improvements to the FreeBSD startup script. (Craig Leres)
Improvement to SSL support.
New in version 1.24:
Disable SSLv2 to prevent DROWN attack.
Fix binary POST request reading. (Erik Waling)
New in version 1.23:
Fixed CVE-2015-1548, a buffer overflow via snprintf.
New in version 1.22:
Don't do TCP_NOPUSH on SSL connections. It doesn't help and causes problems.
Use memmove() for self-overlapping string copies instead of strcpy().
408b45185c