Releases: omar-polo/gmid
2.1.1 “From Mars To Sirius” bugfix release
signify(1) public key for this release: RWSMZUrn4u03g0AwurM9kGiIfhetO5OISPlMMb4+th+Bw8ViotgbzKss
Bug fixes
- fix getprogname(3) check in the configure script
- fix fastcgi parameter
SERVER_PORT
; by @Sir-Photch, thank you! - work around comically tiny
HOST_NAME_MAX
on glibc-based system; reported by Anna “CyberTailor”, thanks!
2.1 “From Mars To Sirius”
signify(1) public key for this release: RWSMZUrn4u03g0AwurM9kGiIfhetO5OISPlMMb4+th+Bw8ViotgbzKss
New Features
- support for the proxy protocol v1 both when accepting connections and when proxying via the new
proxy-v1
keyword available inlisten
andproxy
directives.
Bug Fixes
- fixed typo in bound check that resulted in "chroot path too long" on some systems
- correctly propagate the prefork value; was causing failures if it was changed from the default
- titan: improve error check when reading from standard input; errors such as "no space left on device" would have been silently ignored.
2.0.5 “Lady Stardust” security release
signify(1) public key for this release: RWQ+Bm0F0FtPLtTnpRe09x/Z6Fiodk4toTZe2TJ4yCqDZ6l0c5wiU9te
This release fixes a logic error that can result in a DoS; therefore is a strongly recommended update for all users. It is safe to update from any version of the 2.0.x series since there were no breaking changes.
- allow again empty lines at the start of the configuration.
- change how strnvis(3) is handled: on systems with the broken interface gmid will just use its own built-in version.
- reject requests with
NUL
bytes in them. - don't error on a
..
component at the start of the path.
2.0.4 “Lady Stardust” bugfix release
signify(1) pubkeys for this release: RWQ+Bm0F0FtPLtTnpRe09x/Z6Fiodk4toTZe2TJ4yCqDZ6l0c5wiU9te
- add a nicer error message if the removed
cgi
option is still used. Reported by freezr. - portability fix for systems with a wrong strnvis(3).
2.0.3 “Lady Stardust” bugfix release
signify(1) pubkeys for this release: RWQ+Bm0F0FtPLtTnpRe09x/Z6Fiodk4toTZe2TJ4yCqDZ6l0c5wiU9te
- relax the SNI requirements
- gg: add -q to avoid printing the "Server Says:" line
- gg: unbreak -n
- fix parsing of IPv6 addresses
- fix
fastcgi off
handling
2.0.2 “Lady Stardust” bugfix release
signify(1) pubkeys for this release: RWQ+Bm0F0FtPLtTnpRe09x/Z6Fiodk4toTZe2TJ4yCqDZ6l0c5wiU9te
- fix
log access path
withchroot
enabled. - fix config dumping (
-nn
). - rework grammar to allow semicolors after top-level statements.
- don't make the log styles reserved keywords.
- contrib/vim: fixed indent, from Anna “CyberTailor”, thanks!
2.0.1 “Lady Stardust” bugfix release
signify(1) pubkeys for this release: RWQ+Bm0F0FtPLtTnpRe09x/Z6Fiodk4toTZe2TJ4yCqDZ6l0c5wiU9te
Changelog
- convert gmid to the new imsg API
- update bundled imsg
- configure: fix
--mandir
handling; from Anna “CyberTailor”, thanks!
2.0 -- "Lady Stardust"
signify(1) pubkeys for this release: RWQ+Bm0F0FtPLtTnpRe09x/Z6Fiodk4toTZe2TJ4yCqDZ6l0c5wiU9te
New Features
- added
listen on
to specify per-server the list of addresses from where connections are to be accepted. - added titan(1), a simple titan client.
- splitted the "configless" version of gmid as a standalone executable gemexp(1)
- added ability to log to files with
log access <path>
- added ability to change the syslog(3) facility with
log syslog facility <facility>
- added ability to change the logging style with
log style <style>
- added `fastcgi strip'
- reworked the privsep implementation and added a privsep crypto engine
- implemented
SCRIPT_NAME' and
PATH_INFO' splitting for fastcgi
Bug fixes
- fixed handling of TLS handshake failures
Improvements
- contrib/gencert: added -e to generate EC keys
- use default prefork (3) in regress
- removed the sha256 dependency of the regress suite
- parse and log the fastcgi reply
- revamped the fastcgi configuration, now it's per-location
- attempt to load the TLS certificates, mimes and virtual hosts root as part of the configtest (-n) instead of verifying the syntax only.
- synced the parameters with RFC3875 (CGI)
- gg: exit with the gemini response code unless it's 2X
- gemexp: generate EC certificates too (it's also the new default)
- (contrib/vim) added an ALE linter and updated the Vim syntax file; thanks Anna “CyberTailor”
Breaking Changes
- removed CGI support
- gg now warns when the server doesn't use TLS' close_notify
- deprecated the global
ipv6
andport
settings in favour of the per-serverlisten on
directive - removed the already deprecated config options
mime' and
map' - droped seccomp and capsicum support
- FastCGI: set REQUEST_METHOD to "GET" instead of the empty string
1.8.6 - “Lightbulb Sun” bugfix release
signify(1) pubkey for this release: RWTy3UJQzpxBUAymBwb2EGLLm0b3H/1n8hzhaC9HYFYzNuTavGt9QSwC
- add tests and compat for setresuid setresgid
- add GEMINI_SEARCH_STRING fastcgi parameter / cgi env variable
- manpage fix: QUERY_STRING is not urldecoded
- fixed use-after-free in the fastcgi code
- when switching user also set the groups
- always cast is*() arguments to unsigned char
Starting with this release tags are also signed with my ssh key like I'm doing with other projects as well:
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0nD5I8BNVJknT87gnpLIJWK0fXTayDktQOlS38CGj4 op@omarpolo.com
“Lightbulb Sun” bugfix release
Released November 1, 2022.
signify(1) pubkeys for this release: RWTy3UJQzpxBUAymBwb2EGLLm0b3H/1n8hzhaC9HYFYzNuTavGt9QSwC
Bug Fixes
- removed OpenBSD' rc file. it's now maintained in the ports tree
- (hopefully) fix build on DragonflyBSD
- call tzset(3) to fix times in logs
- always send custom list of fcgi parameters (@nytpu)