0.14 - Simplified code for authentication and removed one memory allocation - Increased speed of finding length of URI and splitting GET parameters - Increased speed of escape replacing in URI - Doesn't log starting entry when used as inetd - Cache is correct also if a file is modified and the directory's inode is not affected (Linux only) - Allows old mechanism with the option --fastcache - Doesn't rely on envvars to handle virtualhosts - Much faster decode64 module, with removed iterations - On Linux, will avoid partial frames - Refactory of configuration loading, to have faster startup - CGI scripts are now terminated for sure when they exceed their limit - Uses C locale, to avoid problems with non-ascii chars - When using --tar on the root directory, suggests a default filename - Sends Accept-Ranges header in response, when content-length is known (David Kalnischkies) - Show "GNU/Linux" only on GNU/Linux systems - Added an option to print the capabilities of the server (useful for tools like qweborf) - Multiple instances of qweborf from the same user can operate in the same time - using pread() instead of emulating it with lseek() - support for chunked encoding - qweborf: checks if weborf supports authentication with socket - qweborf: uses the -B option, for an easier parsing - qweborf: doesn't crash when using miredo - qweborf: can use UPnP to open external ports in NAT devices 0.13 - Shows last modified column in directory listing (Rev 419) - Webdav module can send mimetype - Bug: fixes denial of service in case of malformed header range (Rev 429) - Bug: ported fix from 0.12.2 - Faster listing of directories with several hidden files - PROPFIND now gives %-escaped URIs (Rev 444) - Improved handling of Connection header in responses - Sends reason phrase in HTTP response - Directory listing can be cached on disk - Can support large files - Added GiB measure in directory listing - Ported fix from 0.12.3 (Rev. 465) - Reduced number of params for functions - Uses pthread calls for TLS instead of relying on __thread that doesn't work on OsX - Dav's PROPFIND with different required properties can be cached on disk - Can send Content-Type - Can be used with inetd/xinetd - Fixes crash on invalid request (Rev 492) - Will no longer terminate on failed accept - Heavy code refactory - Webdav method MOVE is now faster on directories - Support for embedded authentication policy - Support for If-Range header (Rev 516) - Migrated to GNU autotools - Now logs HTTP status code for each request - Ships qweborf: QT GUI for simple file sharing - Truncates files on PUT - Can send directories as tar.gz files 0.12.5 - Fixes DoS occurring with malformed fields in HTTP request 0.12.4 - Fixes DoS occurring on malformed HTTP request, backported from trunk 0.12.3 - Fixes directory traversal vulnerability 0.12.2 - Fixes DoS occurring when wide chars are used in some headers 0.12.1 - Fixes DoS occurring on malformed Range header, backported from trunk 0.12 - Fixed bug: now threads are closed again (Rev 305) - Using keep-alive with CGI only in case of small pages (Rev 306) - Reduced maximum size of generated pages (Rev 307) - Adjusted size of the buffers (Rev 307) - ETag headers are now sent only if the resource is static (Rev 308) - "Moved permanently" code is returned instead of "see other" when client requests directory without ending / (Rev 209) - Added wrapper for CGI python, which replaces the previous one (Rev 312) - Support for custom CGI formats - LSB tags added to the init script (Rev 323) - Support to PUT,DELETE,OPTIONS methods - Fixed bug: some file descriptors caused thread's termination (Rev 341) - Added wrapper for executables CGIs - Stub for webdav - Implemented MKCOL, COPY, MOVE methods - Bug: socket were closed randomly on non GET/POST methods - Bug: tamed buffers do not affect subsequent connections on the same thread - Daemon is able to start authentication server too, reading about it from weborf.conf (Rev 359) - Better and more resistant xml parsing of PROPFIND requests (Rev 363) - Bug: addresses are properly converted into strings (Rev 373) - CGI does chdir into script's directory (Rev 374) - Enables logging - Uses reentrant version of readdir (Rev 381) - Added more controls on memory allocation - Bug: buffer size corrected in queue.c - Logs insufficient memory - Can compile on OpenSolaris (manual edit of Makefile is needed) - Edited instance.h to workarond OpenSolaris bug #6775831 - Can use SIGUSR1 to print internal status on stdout - Edited daemon script to pass the new lintian's test - Attempt to resolve race-condition by refactoring - Changed astyle parameters to use the new version - Sorts content of directories when generating html index - Bug: replaced unsafe sprintf with snprintf (Rev 415) 0.11 - Support for ETag header - Support for If-None-Match header. Weborf will not re-send files that are cached into the browser - Cleaned up some send_header functions - Fixed bug: malformed range header was able to cause segfault (Rev 251) - Support for Last-Modified header (Rev 252) - Introduced optimizations in parsing request and sending an header - Code refactory to reduce amount of passed parameters - Will now send connection header if an old client is using keep-alive - Corrected sending post data to cgi-bin - Fixed REQUEST_URI header which was broken some revisions ago - Doesn't send CGI errors and warning to the client anymore - Shows CGI errors on standard error, but an option in options.h can hide them - Optimizations in CGI - Reduced system calls number - Reduced number of strlen and strstr - Fixed warnings in manpages 0.10 - Pipe with scripts are now closed - Support for cgi-php - Fixed some possibilities of buffer overflow - Enlarged default head's buffer, necessary for script generated headers - When the script is terminated for timeout, error 500 is sent to the client - Fixed error in cgi wrapper that didn't allow to use \r\n\r\n sequence in output - Compile on MacOsX without needing to edit the code - Embedded support for cgi - Support for list of index files - List of index files changable in weborf.conf - Refactory of code to send/execute pages and generate dir listing - Changed default optimizations - Support for virtualhost - Support for virtualhost in weborf.conf - Support for gzip encoding, when supported by client - Support for enabling/disabling cgi from weborf.conf - Heavy optimization in finding the end of the header - Added a buffered reader to reduce the overall amount of read syscalls - Replaced deprecated inet_ntoa with its replacement inet_ntop - POST can read binary data, with 0 bytes in the stream - Correct passing POST data to script. It brokes php since it has a bug, reported as #47825 - Added support to timeout - Addresses are converted in strings in threads instead of main thread. - Added manpage for weborf.conf - Queue does less operations on memory (rev 231) - Changed authentication from child process to unix socket (rev 232) - Partial (but enough) support for range headers (rev 235) - Solved problem which caused 100% cpu usage (Salvo Rinaldi) - Solved problem which caused partial resending of files - Removed redoundant conditions to free memory (Angelo Puglisi) 0.9 - Bug: fixed size hadling of NBUFFER - Reduced standard size of NBUFFER - Make install installs weborf as a daemon executable by init - Switch to compile using ipv4 or ipv6 - Memory leak fixed - Bug: can now handle firefox's post requests - Bug: no more segmentation fault on post requests issued by squid - Handles pipelined and not-pipelined requests - Timeout for scripts (not auth scripts) - Bug: buffer for requests is now reset after every request - Increased speed for identify request - Bug: unsigned value used when signed was needed - Bug: parameters within HTTP requests are now read correctly - Changed buffer allocation for string IP addresses in IPv4 mode - Possibility to use scripts as normal files - Exit codes now have a meaning (documented in manpage) 0.8 - Improved file listing - Added support for large files - Bug: Now authentication works even with spaces within file or directory's names - Prepared handling for content-lenght - Bug: POST works again - Maximum size for POST requests 0.7 - Escape sequences in POST requests are now correctly handled - Daemon mode added - Memory leak removed - Support for Basic authentication - Parsing program arguments with getopt - IPv6 support - Improved file listing - Changed thread policy: Now the MAXTHREAD number can be reached, because the last group of threads can be smaller - Some small changes to make it faster - Improved handling several requests on the same connection. It SHOULD work better now. 0.6 - Added comments - Improved speed on string operations - Memory leak corrected in script execution and page sending - Added control on non http messages - Reduced the use of mutex during thread creation - Improved signal handling - Reduced malloc's total number, this will increase speed - Uses printf's return value instead of strlen() - Corrected directory listing. Now doesn't show link to parent if already in parent directory. - Directory listing doesn't show link to self anymore. - Cleaned up logging. It will hide many informations by default - Now threads are aware of client's IP address 0.5 - Bug: active thread's counter was not reduced on thread's termination - Logs dropped connections due to not enough threads - Handles escape's sequences in url - Fixed a warning occurred in amd64 architecture - Improved list's generation for directories without index - Bug: directories without the ending / are now listed correctly - Added stub (not working) for authentication request - HTTP's request parameters are passed as enviromentals vars to the scripts - Added experimental support to POST method, and use of enviromental vars 0.4 - Bug: Relative paths can't be used, so the client can't go outside the basedir - Support for files with spaces in the name - Bug: Added checks on memory allocation failures, and in this case send an error to the client - Changed error's sending system - Threads are detached - Added a thread to monitor how many free threads there are, to stop some if there are too much - manpage added - Added make install, to copy the binary in /usr/local/bin and install manpage - It is possible to start weborf as root to use a low port number and then change the user 0.3 - Only a few threads are created when started. More are started when there are too few free ones - Index page is loaded automatically, even when not specified in the URL - When index file is missing, a list of file is dinamically generated, showing all regular files and directories (FIFO, devices and sockets aren't shown) - Handles command line parameters