aboutsummaryrefslogtreecommitdiff
path: root/site/changelog.gmi
blob: 5822a6ea8e257df8b7792ac303e86dfb64fbf210 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
# change log

## 2024/08/25 - 2.1.1 “From Mars To Sirius” bugfix release

* fix getprogname() check in the configure script
* fix fastcgi parameter SERVER_PORT; by Christoph Liebender, thank you!
* work around comically tiny HOST_NAME_MAX on glibc-based system; reported by Anna “CyberTailor”, thanks!

## 2024/08/03 - 2.1 “From Mars To Sirius”

### New Features

* support for the proxy protocol v1 both when accepting connections and when proxying via the new `proxy-v1' keyword available in `listen' and `proxy' directives.

### Bug fixes

* fixed typo in bound check that resulted in "chroot path too long" on some systems
* correctly propagate the prefork value; was causing failures if it was changed from the default
* titan: improve error check when reading from standard input; errors such as "no space left on device" would have been silently ignored.

## 2024/06/11 - 2.0.5 “Lady Stardust” security release

This release fixes a logic error that can result in a DoS; therefore is a strongly recommended update for all users.  It's safe to update to it from any version of the 2.0.x series.

* allow again empty lines at the start of the configuration file
* change how strnvis(3) is handled: on systems with the broken interface gmid will just use its own built-in version
* reject requests with NUL bytes in them.
* don't error on a '..' component at the start of the path.

## 2024/06/06 - 2.0.4 “Lady Stardust” bugfix release

* add a nicer error message if the removed `cgi' option is still used.  Reported by freezr.
* portability fix for systems with a wrong strnvis(3).

## 2024/06/04 - 2.0.3 “Lady Stardust” bugfix release

* relax the SNI requirements
* gg: add -q to avoid printing the "Server Says:" line
* gg: unbreak -n
* fix parsing of IPv6 addresses
* fix `fastcgi off' handling

## 2024/04/04 - 2.0.2 “Lady Stardust” bugfix release

* fix `log access path' with `chroot' enabled.
* fix config dumping (-nn).
* rework grammar to allow semicolons after top-level statements.
* don't make the log styles reserved keywords.
* contrib/vim: fixed indent, from Anna “CyberTailor”, thanks!

## 2024/01/24 - 2.0.1 “Lady Stardust” bugfix release

* convert gmid to the new imsg API
* update bundled imsg
* configure: fix --mandir handling; from Anna “CyberTailor”, thanks!

## 2024/01/11 - 2.0 “Lady Stardust”

### New Features

* added `listen on' to specify per-server the list of addresses from where connections are to be accepted.
* added titan(1), a simple titan client.
* split the "configless" version of gmid as a standalone executable gemexp(1)
* added ability to log to files with `log access <path>`
* added ability to change the syslog(3) facility with `log syslog facility <facility>`
* added ability to change the logging style with `log style <style>`
* added `fastcgi strip'
* reworked the privsep implementation and added a privsep crypto engine
* implemented `SCRIPT_NAME' and `PATH_INFO' splitting for fastcgi

### Bug fixes

* fixed handling of TLS handshake failures

### Improvements

* contrib/gencert: added -e to generate EC keys
* use default prefork (3) in regress
* removed the sha256 dependency of the regress suite
* parse and log the fastcgi reply
* revamped the fastcgi configuration, now it's per-location
* attempt to load the TLS certificates, mimes and virtual hosts root as part of the configtest (-n) instead of verifying the syntax only.
* synced the parameters with RFC3875 (CGI)
* gg: exit with the gemini response code unless it's 2X
* gemexp: generate EC certificates too (it's also the new default)
* (contrib/vim) added an ALE linter and updated the Vim syntax file; thanks Anna “CyberTailor”

### Breaking Changes

* removed CGI support
* gg now warns when the server doesn't use TLS' close_notify
* deprecated the global `ipv6' and `port' settings in favour of the per-server `listen on` directive
* removed the already deprecated config options `mime' and `map'
* dropped seccomp and capsicum support
* FastCGI: set REQUEST_METHOD to "GET" instead of the empty string


## 2022/12/02 - 1.8.6 “Lightbulb Sun” bugfix release

* add tests and compat for setresuid setresgid
* add GEMINI_SEARCH_STRING fastcgi parameter / cgi env variable
* manpage fix: QUERY_STRING is *not* urldecoded
* fixed use-after-free in the fastcgi code
* when switching user also set the groups
* always cast is*() arguments to unsigned char

## 2022/11/01 - 1.8.5 “Lightbulb Sun” bugfix release

* removed OpenBSD' rc file because now is maintained in the ports tree
* (hopefully) fix build on DragonflyBSD
* call tzset(3) to fix times in logs
* always send custom list of fcgi parameters (alex)

## 2022/07/04 - 1.8.4 “Lightbulb Sun” bugfix release

### Bug fixes

* allow "@" and ":" in paths; spotted by freezr
* URL-encode the file names in the directory index; reported by cage

### Improvements

* move the documentation about the config file in its own manual page: gmid.conf.5
* improvements to the mime handling: fixed a memory leak and improve lookup speed.
* log (with low priority) when gmid failed to open a file because of its permissions.
* include a trailing "/" for dirs in the auto-generated directory index.

### Breaking Changes

* deprecated the `map' rule in favour of the new `types' block.
* the default list is not loaded anymore when `types' is used; except for the text/gemini to ".gmi"/".gemini" mappings.


## 2022/03/27 - 1.8.3 “Lightbulb Sun” bugfix release

### Bug fixes

* fix a possible out-of-bound access in the CGI handling.  It was introduced last October during a refactoring, but due to how many malloc(3) implementations works this hasn't been found until now.  Otto' malloc is more strict fortunately.


## 2022/03/26 - 1.8.2 “Lightbulb Sun” bugfix release

### Bug fixes

* fix a CGI timing issue: if a connection handled by a CGI scripts is interrupted with the right timing it causes the server process to exit with "fatal in client_by_id: invalid id X".

### New Features

* add a new block `type { ... }' to define mime types mapping.

### Improvements

* use shell built-in `command' instead of which(1), prodded by cage and Allen Sobot.
* configure script: allow to set MANDIR from cmdline (Allen Sobot)
* add systemd-sysusers sample file in contrib/ (Nakaya)
* [linux/seccomp] allow fstatat64(2), llseek(2) and sigreturn(2), needed by glibc on armv7.  (Tobias Berger)
* [linux/seccomp] tightens rules by allowing openat(2) only with the O_RDONLY flag.


## 2022/02/10 - 1.8.1 “Lightbulb Sun” bugfix release

### Bug fixes

* fix landlock usage on linux: don't assume that access capabilities not listed are implicitly denied, because they are not.  Mickaël Salaün, the landlock author, found the same error on game of trees:

> In a nutshell, the ruleset's handled_access_fs is required for backward and forward compatibility (i.e. the kernel and user space may not know each other's supported restrictions), hence the need to be explicit about the denied-by-default access rights.

In practice this affects only linux and only partially: thanks to the design of the daemon and the seccomp filter the effects of this mistake in handling landlock are fortunately limited.  However, in theory at least, gmid could be for e.g. tricked into truncating existing files, so it's highly suggested to update.

## Improvements

All by Anna “CyberTailor”, thanks!

* don't skip unit tests when SKIP_RUNTIME_TEST is set
* add `gg' to the regress target dependencies
* fix the "implicit declaration of asprintf" warning
* sync vim syntax


## 2022/01/30 - 1.8 “Lightbulb Sun”

### New Features

* reverse proxying support: gmid now can relay gemini requests to other hosts.
* install gg too: it's a simple gemini client ("gemini get") initially developed as part of the regression suite.
* added OCSP stapling support (by @The-King-of-Toasters, thanks!)
* add gencert, a simple script to generate self-signed certs.
* add renew-certs, a script to automatically renew self-signed certs.
* multiple -n partially dump the parsed configuration.

### Improvements

* reworked the fastcgi subsystem, now it's completely asynchronous.
* refactored the internal of the server too.
* refactored the regression suite (in particular reduced the timeout for single tests from 30 to 10 seconds.)
* configure: add support for --prefix=... autoconf-style flag.
* relax the "won't proxy" check: don't check that the port in the request is the same we're listening on.  Suggested and discussed with Allen Sobot, thanks!
* relax the strict ordering of options, locations and proxy blocks inside a server block.

### Bug fixes

* don't pass through illegal replies from CGI scripts.
* fix the "double slash" error in logs.
* fix the configure for cross-compilation: don't run the test binaries just built.  Suggested by Nikolay Korotkiy (@sikmir), thanks!
* (seccomp) allow ugetrlimit(2), needed by glibc on arm7l.  By Max, thanks!


## 2021/10/15 - 1.7.5 “Space-dye Vest” fifth bugfix release

This version includes the following bugfix

* don’t die when a connection is closed before being accepted by gmid (i.e. handle ‘ECONNRESET’)


## 2021/09/24 - 1.7.4 “Space-dye Vest” fourth bugfix release

This version includes the following bugfix:

* fix a possible out-of-bound access when handling a request for a non-existent file in the root directory of a vhost that's matched by the cgi option

and the relative regression test.


## 2021/09/19 - 1.7.3 “Space-dye Vest” third bugfix release

### Improvements

* follows symlinks
* improved documentation and added key generation example (thanks! Anna)

### Bugfix

* fix syslog logging on FreeBSD.  Reported by Karl Jeacle, thanks!
* don't crash if ``-c'' is missing in configtest mode (-n).  Reported by heph, thanks!
* allow fstat64 on linux (needed by glibc on aarch64).  Reported by pine, thanks!


## 2021/07/19 - 1.7.2 “Space-dye Vest” second bugfix release

This version includes the following bugfix:

* an un-initialized field in the configless code path leads to a crash on the first request.

and the relative regression test.


## 2021/07/11 - 1.7.1 “Space-dye Vest” bugfix release

This version includes two bugfixes:
* use ${MAKE} to recursively call make.
* fix the misleading example in the manpage: macros may not be reserved words


## 2021/07/10 - 1.7 “Space-dye Vest”

Starting from this version gmid doesn't depend on lex anymore, but yacc is still needed.

### New features

* initial fastcgi support!  (it's still young!)
* added user-defined macros, either via ‘-Dname=val’ or directly in the configuration file.
* new ‘include’ keyword to load additional configuration files.
* new ‘env’ rule to define environment vars for CGI scripts.
* new ‘alias’ rule to define hostname aliases for a server.
* allow ‘root’ to be specified per-location block.
* pidfile support with the new ‘-P’ cli flag.
* define ‘TLS_VERSION’, ‘TLS_CIPHER’ and ‘TLS_CIPHER_STRENGTH’ for CGI scripts.

### Improvements

* remove limits on the number of virtual hosts and location blocks that can be defined.
* print the datetime when logging to stderr.
* use ‘text/x-patch’ for ‘.patch’ and ‘.diff’ files.
* sort the auto index alphabetically.
* various improvements to the log management.
* drop the dependency on lex.
* added ‘--help’ as synonym of ‘-h’ and ‘-V’/‘--version‘ to print the version.
* c-like handling of strings in the configuration file: when two or more strings are next to each-others, are automatically joined into a single string.  This is particularly useful with $-macros.

### Bug fixes

* correctly handle CGI scripts that replies with the maximum header length allowed.
* fixed the static target.
* fixed recursive mkdirs for configless mode (i.e. create ‘~/.local/share/gmid’)
* logs sent to syslog now have proper priority (before every message ended up as LOG_CRIT).  Found by Anna “CyberTailor”, thanks!
* ensure ‘%p’ (path) is always absolute in ‘block return’ rules.
* fix automatic certificate generation, it caused problems on some adroid devices.  Found by Gnuserland, thanks!
* document the ‘log’ rule.
* the seccomp filter was reworked and now it's known to work properly on a vast range of architectures (to be more specific: all the architectures supported by alpine linux), see github issue #4.  Prompted and tested by @begss, thanks!
* various improvements to the configure script, notified and fixed by Anna “CyberTailor”, thanks!
* added a timeout to the regression tests.

### Breaking changes

* if duplicate rules are found in the configuration file, an error is now raised instead of silently using only the last value.
* (sort of) ‘gg’ moved to ‘regress’ as it's only used in the regression suite.
* (notice) the “mime "mime-type" "extension"” rule was deprecated and replaced by the new “map "mime-type" to-ext "extension"”.  The ‘mime’ rule will be removed in a future version because its syntax is incompatible with the new string auto-concat mechanism.