** Changes from 0.94.12 to 0.94.13 * Change many instances of log_error_mesg + exit to DIE macro * Change all instance of log_error_mesg (without exit) to WARN macro * do a much better job of checking return values from malloc and especially strdup. * check results of calling umask and getrlimit * server_s is no longer a global int * check results of fork via switch instead of if (fork()) * check for getopt.h and include it if found * remove unused #defines, and add WARN macro, and replace many calls to log_error_mesg(..) with WARN macro * fix bug in get_commonlog_time where time_offset calculation was the opposite of what it should be ('-' and '+' were swapped) * fix compatability bug with old and newer versions of flex/yacc * add check for AC_FUNC_MMAP to configure.in * fix really lame thinko in normalize_path, which would prepend the results of earlier calls to results from later calls * Add MaxConnections, a configuration directive which allows the user to specify the maximum number of connections that Boa will accept concurrently. * add SERVER_ADDR and REQUEST_URI to environment of CGI * handle SIGBUS during writes of data that has been memory mapped * minor optimization in select.c that prevents DEAD requests from being added to the block set * fix bug in CGI environment script_name - closes sf.net bug #576725 * make 'status' variable local to requests.c, not local to every file by forgetting to declare 'extern' in globals.h :-| * make getsockname non-fatal, and do it every time because we may need it for the CGI * some minor refactoring optimizations in hash.c ** Changes from 0.94.11 to 0.94.12 * Renamed Changelog ChangeLog, and moved up to top-level directory * Next 3 items due in part or whole thanks to Liam Widdowson * when printf'ing a pid type, force to int, because it could be something else on other platforms. Should probably change it to a long, and use that. * backported chroot commandline support from 0.95 * backported support for strdup, strstr, alphasort, and scandir from 0.95 * Fixed src/Makefile.in -- it didn't remove index_dir.o * backport create_temporary_file from 0.95 (instead of using tmpnam) * Allow non-standard date format 31 September 2000 23:59:59 GMT Patch by Landon Curt Noll * Skip whitespace before HTTP/major.minor Adapted patch from Landon Curt Noll * open /dev/null first thing (affects chrooting) * properly handle sigalrm -- use sigalrm_flag and sigalrm_run instead of handling the signal in the signal handler * update manpage slightly * send 400 BAD Request when resource does not start with '/' * add grp.h to boa.h's includes -- remove from boa.c and config.c * removed duplicate header includes from boa.c, config.c, get.c, ip.c, request.c, response.c * factor out creating the server socket and dropping privs into create_server_socket and drop_privs * type all functions in boa.c (except main) as static * set umask after opening /dev/null * tie stdin/stdout to /dev/null before commandline parse * removed old, unused chroot code * move builds_needs_escape earlier in the startup * move fork later in the startup * type all c_set_* as static in config.c * don't bother trying to change uid/gid (or error if the requested uid/gid doesn't exist) if not UID 0 * return more appropriate error code when foo.html gives access denied, but foo.html.gz gives some other error (essentially report error associated with foo.html, not foo.html.gz) * send NOT Implemented when an unknown method is attempted * always attempt a 32k read right before close (stopgap until blackhole can be merged) * allow more than 1 space in logline between method, resource, and http version * don't use inline functions * update configure.in so that autoconf 2.50 doesn't complain (as much) * properly use VPATH and srcdir according to autoconf docs * change curly-braces to parentheses in Makefilein * use $^ instead of manually listing the dependencies in Makefile.in * remove tests section in Makefile.in * write tags not TAGS in Makefile.in * Add gethostbyname and inet_aton to function checks * Add code from 0.95 which checks for socket in -lsocket, inet_aton in -lresolv, and gethost{by}name in -lnsl * Also remove broken bc-based "how big is an unsigned int" checks: assume minimum of 32 bits and check in escape.c at runtime. * Added new file: README.chroot.solaris, based on a modified version by Liam Widdowson * Add check_struct_for.m4, which allows us to check a structure for a member (found at http://www.gnu.org/software/ac-archive/ authored by Wes Hardaker * Call "aclocal -I ." to rebuild aclocal.m4 * Using new check-struct-for-member autoconf macro, check for tm_gmtoff and tm_zone in struct tm -- useful in portability tests for localtime. * Also check sockaddr_in for structure sin_len so we can set it properly. * index_dir.c (which ends up in boa_indexer) can now be compiled with USE_LOCALTIME, and if so, it will report the local time using the timezone name. Otherwise it uses UTC time and UTC timezone designation. * fix buglet in mmap_cache.c which shows up when under heavy load by many different files. Found and squashed by Michal Kara * normalize paths on Aliases, log files, server root, dirmaker This makes sure that paths are 'absolute' * don't generate DOCUMENT_ROOT or SERVER_ROOT, CGIs have no business knowing that information * if CGI, chdir to the cgi's root path Bug found by Matt Callaway * remove ChrootPath and PidFile directives from the parser (they aren't used anyway) * keep track of maximum file descriptor in use to optimize call to select() * apply IPv6 patch from Jari Korva * optimize keep-alive copy data routine * try to use memcpy instead of strcpy/strcat in more places (alias.c) * update .depend file * use fcntl + GET_FL to get a file descriptor's flags, then add or remove only the bits we want to set. This prevents accidentally setting or unsettings bits we don't have anything to do with inadvertantly. (removed, at least temporarily. Show me a system where it is needed -- LRD) * make sure to call FD_ZERO when we handle a restart * in read.c, don't call boa_perror on read failure -- socket is dead or messed up anyway, no reason to try to write to it. * explicit .SUFFIXES in Makefile.in * boa.objdump target added * use @MAKE_SET@ (for when $(MAKE) != "make") * add -Wundef -Wwrite-strings -Wredundant-decls -Winline to GCC_FLAGS * change Paul Phillips' and Larry Doolittle's emails in source * add --disable-debug, --enable-profile, --with-dmalloc, and --with-efence * test for failed-but-return-was-successful setuid: http://www.securityfocus.com/bid/1322 * use _exit not exit in CGI child * always place new keepalive request on blocked list, we can't be sure of the state of the active list, and since enqueue places things at the *front* of the list, it doesn't do us much good to place the new request on the active list anyway. * update some Copyright statements for 2002 * When comparing the uri to an alias, only compare if the uri length is greater than or equal to the length of the alias * in init_script_alias, make sure to check for document_root before trying to use it * script_name is now just a copy of the request, rather than some complicated variation on the pathname * change the way the CGI environment is handled. Now, it is allocated at request allocation time, and exists throughout the life of the structure. * check memory allocations, etc.. when creating the static CGI environment and when making new CGI environment variables * wait until process_option_end to call unescape_uri, clean_pathname, and translate_uri * remove debian package information * move RedHat packaging information to contrib * remove tests -- they weren't usable anyway * add some new hash routines, and use djb2 (a variant on a hash algorithm popularized by Dan J. Bernstein) * a side-effect of the new hash routines is a bugfix, involving negative return values from hash routines. This has been fixed. * add a routine, show_hash_stats, which is called with other statistical output via sigalarm * remove some duplicate prototypes from config.c * make simple_itoa take an unsigned int * try to make NOBLOCK handling in compat.h compatible with Solaris * make sure to update current_time before calling signal handlers * alter primary loop to make sure that select gets called even when there are requests that are not blocking, and call fdset_update and process_requests (when appropriate) after signal handlers but before select to make sure that blocked requests are still handled by select after a sighup. (Thanks to Karl Olsen) * pull select loop into select.c * poll server socket once per active connection * add send_r_service_unavailable and use it when appropriate * state uptime in seconds at normal program termination * include sys/fcntl.h if it is found by configure * fix POST bug where a content-length < 0 would cause Boa to consume its full share of CPU until killed Bug report by Landon Curt Noll * add CGIPath configuration variable based upon a patch by Landon Curt Noll * add function boa_atoi, which wraps atoi, but does not accept negative values. Additionally, it checks to make sure the converted value and the original value are the same, avoiding issues like "124.3" -> "123" and "123abc" -=> "123". Either a value is an int or it isn't - no middle ground. * use boa_atoi to convert content-length from client. * add new #define - SINGLE_POST_LIMIT_DEFAULT, which defines (in bytes) the *default* single_post_limit. * single_post_limit is now in bytes. * when adding aliases, only "normalize" paths that start with "./" - this is a departure from previous behavior * add "?" to the list of characters that it is safe to leave unescaped * clean up Makefile.in of no-longer-pertinent comments * add send_r_bad_gateway and use it * tie stderr to either cgi_log_fd or devnullfd - either way make sure stderr is a valid filehandle before cgi execution * cgi_env is no longer allocated, it's part of the struct now * fix bug in CgiPath logic * when unable to allocate memory for an environment variable, log it * add clear_common_env, which de-allocates the cgi_common_env stuff [NEVER USE THIS outside of a terminal signal handler!] * don't be so wasteful of memory in normalize_path * adapted fix for alias expansion from Brieuc Jeunhomme ** Changes from 0.94.10.1 to 0.94.11 * use LIBS in Makefile.in (which propagates from autoconf) * properly free memory allocated by scandir in index_dir.c * rearrange some header files and includes * on reads and writes, don't check for -1, check for < 0 * include fix by William Meadows for escape.c which fixes segfaults due to improper allocation * above fix by William Meadows no longer needed; escape.c and escape.h rewritten by Larry Doolittle -- requires at least 32 bit words, but is correct (jdn's 1st attempt was faulty) ** Changes from 0.94.10 to 0.94.10.1 * Actually update the SERVER_VERSION in src/defines.h ** Changes from 0.94.9 to 0.94.10 * Fixes escaping rules * Fixes segfault when directory_index is undefined and directory needs to be generated * adds dummy signal handlers for SIGUSR1 and SIGUSR2 (Closes SF #425921) * Update documentation regarding mime.types (Closes Debian #69991) * Make sure documentation builds (Closes Debian #110818) ** Changes from 0.94.8.3 to 0.94.9 * src/Makefile.in updated to take CFLAGS, LIBS, and LDFLAGS from autoconf * Update escaping rules with latest RFC * unescape_uri skips fragments and also stop parsing at '?' * Don't accept fd over FD_SETSIZE in request.c:get_request * use backported documentation from 0.95 * make sure POST fd gets closed even on client cancel * use backported index_dir.c from 0.95 * support subdirectories in ScriptAlias directories * add SinglePostLimit (int, in Kilobytes) to config system * check for ENOSPC on body write * use environment variable TMP (or "/tmp" if not available), and chdir there when boa exits. * add 1-time-only hack to make a 32kB read at the end of a request on POST or PUT * close unused file descriptors (/dev/null in boa.c, and the unused part of the pipes call in cgi.c) * made Makefile.in VPATH happy ** Changes from 0.94.8.2 to 0.94.8.3 * Move unescape_uri *before* clean_pathname to prevent encoding of / and .. in pathname * wrap execution of GUNZIP in cgi.c with #ifdef GUNZIP * stop parsing when fragment found in URL ('#') ** Changes from 0.94.8.1 to 0.94.8.2 * close pipes[1] in child and generate HTTP_REFERER environment variable in cgi.c * Minor changes to the Debian package ** Changes from 0.94.8 to 0.94.8.1 * Change umask call from (umask(0600)) to (umask(~0600)) ** Changes from 0.94.7 to 0.94.8 * Fix major thinko in temp file permissions * unlink temporary file immediately following creation * implement maximum # of active connections at 10 less than RLIMIT_NOFILE to avoid or eliminate crashes resulting from running out of file descriptors * Fix thinko in POST ** Changes from 0.94.6 to 0.94.7 * STDIN and STDOUT are now tied to /dev/null * sets PATH_MAX to 2048 if not defined (for Hurd) * core dumps (should never happen) would be located in /tmp * alter behavior when select gets a EBADF * add translation for the \" char -> " * remove use of sys_errlist. Use perror. * better makedist.sh (still a stupid program though) ** Changes from 0.94.5 to 0.94.6 * Removed doc++ commenting * Removed erroneous debugging statments * Move some stuff out of config.c (read_config_file) to boa.c * Altered some of fixup_server_root() * Bug fix in get.c re: automatic gunzip * Added some stubs for chroot code (*not* ready yet) ** Changes from 0.94.4 to 0.94.5 * Alteration of most of the comments and such for doc++ use * Fixed buffer overflow in alias.c * Fixed buffer underflow in util.c ** Changes from 0.94.3 to 0.94.4 * Better escaping of data to user, both for HTTP headers and HTML body * Proper escaping of output in CGI example perl scripts ** Changes from 0.94.0 to 0.94.2 * Fixed obnoxious pipeline bug * Fixed (sorta) a compilation/core bug for *BSD systems Original code by Thomas Neumann * Moved to GPLv2 * Changed manpage to section 8 * boa.sgml now references a .png file instead of evil .gif ** Changes from 0.93.19.2 to 0.94.0 * Added UseGMT to the configuration parser * util.c commonlog now logs in Apache-style commonlog time format * Remove SO_SNDBUF on-start message ** Changes from 0.93.19 to 0.93.19.2 * Changed to combined log (from NCSA access_log format) ala Drew Streib * Altered POST cgi code to handle bug in Netscape * SO_SNDBUF changes by Larry ** Changes from 0.93.17.2 to 0.93.19 (all 0.93.18.x changes inclusive) * Update of some copyright statements for 99 * Replacement of sprintf with strlen/memcpy or strcpy/strcat wherever possible * Significant rearrangement in alias.c, minor functional differences (some CGI environment variables handled differently) * Removal of die function. Replace with log_err_mesg and exit. * initial IPv6 stubs and support * Move #include "config.h" to top of boa.h where it will do some good * Stubs and functions for strstr and strdup * Seperation of buffer code into it's own file * Significant changes to cgi.c et al (cgi_header.c, etc...) * Speed patches by removal of "extra" calls to time(): Use global variable! * pipelining changes... it works now. * require content-length from clients (ala rfc1945) * alter body_read and body_write to work more efficiently with known content-length * move read(2) part to *after* parsing... * added support for additional header message in send_redirect_temp * change use of NO_ZERO_FILL_LENGTH to offsetof() use * Remove SO_REUSEADDR setting on each client socket, Paul Saab * Avoid SO_SNDBUF setting if possible * Large quantities of otherwise not-insignificant changes ** Changes from 0.93.17.2 to 0.93.17.3 * Put on-the-fly directories back in, stripped down from the 0.92 version * Fixed DocumentRoot, ServerAdmin and ServerName null-value handling in CGI environment generation * Fixed argument order in Script* directives (bug introduced in 0.93.17.2) * Got rid of MAX_CGI_VARS because it was not being used consistently, or for that matter, at all, really. * Added some more FASCIST_LOGGING to cgi.c * Minor mmap patch by LRD for request.c ** Changes from 0.93.17.1 to 0.93.17.2 * Added "Listen" directive for server bind address, as most recently suggested by David N. Welton * Put virtualhost feature in, was experimental in 0.92q ** Changes from 0.93.16.2 to 0.93.17.1 * New config file parser (supposed to be more maintainable) (LRD) * Support for "|command" and ":host:port" syntax for logfiles (untested) (LRD) ** Changes for the 0.93 version ** * Huge quantities of changes * keepalive Bugfix in 0.93.16.2 by Jon Nelson report by Craig Silverstein of Google fame. * patch for config.h by Craig Silverstein * fixed "Parent Directory" problem in boa_indexer for title "/" (Debian bug #36165) * More Craig Silverstein modifications, namely: ErrorLog (if omitted, print to stderr) DocumentRoot (if omitted, can only server user-dir files) DirectoryIndex (if omitted, always use DirectoryMaker) MimeTypes (if omitted, don't load -- users can use AddType instead) ** Changes from v0.92o to v0.92p ** * Documented misbehavior of CGI, SIGHUP, short aliases, stale dircache. * Documented how to patch signals.c for use on SunOS. * Closed file descriptor leak when redirecting a bare directory URL to one with an appended "/". * Closed potential file descriptor leak if errors encountered generating on-the-fly index. * Cleaned up include file handling to be simultaneously compatible with Linux, SunOS, HP-UX, and AIX. * Supress message body for codes 302, 400, 403, 404, 500, and 501 if incoming request is "HEAD". ** Changes from v0.91 to v0.92o ** (0.92o released 27 December, 1996) * Maintenance handover from Paul Phillips to Larry Doolittle * Changed (char)NULL to '\0' * Cleaned up signal handler prototypes in signals.c * Modified handling of CGI environment variable PATH_TRANSLATED, should now work the same as NCSA. * More conservative buffer size in add_cgi_env() * Build argv list for a CGI script according to spec * Speedup process_header_line, eliminate potential memory leak * Occasional spelling fixes and lint removal * Added REMOTE_PORT env var for CGI scripts, to allow easy ident lookups * Changed rfc822 time format * Log timeouts and broken connections * Fix mime suffix handling for filenames with multiple "."s * Initialize conn->time_last, fixes bug with rapid-fire connections * Performance tweak to req_write() * Changed http_version from float to char[8] * Rewrote on-the-fly directory generation; it works now * Added user configurable dircache directory in boa.conf * Fixed "simple" response bugs, including incorrect CGI handling * Keepalive (HTTP/1.1 draft) support, mostly by Jon Nelson * Close data_fd in 304 Not Modified flow of control * Switch socket flags to non-blocking before cgi handoff * Try to handle errno properly in the face of multiple errors * Close fd's of all other transactions before cgi handoff * Move real work for sighup and sigchld out of signal handler * Fix free(req->cgi_env) in request.c * Response message cleanup - better match to HTML-2.0 DTD * Experimental Virtual Host code from Russ Nelson * Expand buffer for escaped URI in init_get() * SIGTERM triggers lame duck mode until all pending transactions complete * Close and unlink temp file for POST in parent process ** Changes from v0.90 to v0.91 ** * Cleaned up main while loop * Optimized request line parsing * Added state machine for header reads -- necessary to deal wtih possibility of obtaining header data in multiple reads. This also allows interactive use of server. * Added 500/501 return codes for various conditions ** v0.90 ** * Initial release