CHANGE LOG for WN package ========================= ----------------------------------------------- CHANGES from version 2.4.7 to 2.5.0 (12/2008) ----------------------------------------------- Switched to the IPv6 API. Corrected a few errors in debugging logging that could cause core dumps. Added new configuration items to configure and to startup arguments. ----------------------------------------------- CHANGES from version 2.4.6 to 2.4.7 (6//2005) ----------------------------------------------- Added MAC_OS_X to configure script. Changed MIDLEN in wn/common.h from 2048 to 3*1024. Most other string lengths are functions of this, e.g. SMALLLEN = MIDLEN/8, etc. Added /text/calendar mime type with suffix ics to /lib/mime.types ----------------------------------------------- CHANGES from version 2.4.5 to 2.4.6 (1/18/2004) ----------------------------------------------- Modified dedot in prequest.c to be more efficient and eliminate possible denial of service. Fixed bug in get_remote_info in util.c which did not check if NO_DNS_LOG was set for the default log type. Fixed two bugs related to syslogging reported (with suggested fixes) by Doug Hardie. The first involved closing too many file descriptors at startup, including the one for syslog. The second involved the failure of SIGHUP to cause the virtual hosts file to be read when syslogging was in use. ----------------------------------------------- CHANGES from version 2.4.4 to 2.4.5 (4/20/2002) ----------------------------------------------- Fixed bug in wn/standalone.c which caused failure to chown and chmod suexec key file. Hence the server would not start. This bug has been around a while, but a kernel update caused it to start showing up. Added audio/mpeg -- mp3 to mime.types file. Added application/x-java-jnlp-file -- jnlp to mime.types file. Added -i command line option. The options -i 112.123.123.123 or -i all cause the server to listen for incoming connections on interface with IP address or on all interfaces. This is useful only if you have a system with more than one NIC. Disabled TRACE method by default for security. It can be enabled by editing config.h and setting WN_ENABLE_TRACE to (TRUE). Added "#define OPENSSL_NO_KRB5" to wnssl/wnssl.h to get compilation to work with new versions of openssl. ----------------------------------------------- CHANGES from version 2.4.3 to 2.4.4 (9/7/2002) ----------------------------------------------- Fixed wn/init.c so that verbose syslog entries end up on a single line each (as they should). Reported by J. Ross Also improved error messages in wn/init.c, i.e. more use of strerror(). If wndex cannot open the mime.types file it now complains by default unless run with the "quiet" flag. Before it only complained with the "verbose" flag. In wn/send.c write errors with errno = EAGAIN will now sleep one second and try again. The error occurs on some systems with slow network connection. Reported by Ken Flaxman. Moved URL_SCHEME to the set of environment variables provided for authentication (in wn/cgi.c). Modified daemon_logerr in /wn/init.c to better handle syslog. Added -F option to wnsd. This causes it to be run in the foreground instead of the background (useful for things like daemontools, I am told). Contributed by John Mulder. ----------------------------------------------- CHANGES from version 2.4.2 to 2.4.3 (2/11/2002) ----------------------------------------------- Added images wn-ssl1.png wn-secure.png and wn-ssl.png to docs/images. Thanks to RobM. Added support for SSL certificate chain files. Thanks to Mark Feenstra. Usage: You need your cert and a chain file; copy the cert to a new file and cat the chain (pem) file to the end of the new file. Then add -z chain=./chain.pem to the command line. (chain.pem is the new file). Fixed bug in wn/init.c which caused a missing space in verbose logs. Thanks to Florian Forster. Fixed documentation docs/setup.html to correctly document verbose log field for X-Forwarded-For. Thanks to Florian Forster. Fixed bug in wn/chkcntrl.c which caused incorrect log format for documents with access control. Simplified code for log_logfile in wn/init.c. Added text/css to the file wn/content.h. It was already in the mime.types file. Fixed bug in wn/init.c which caused syslog logging not to be "verbose" even when the "-v vsyslog" option was used. Reported by Jeff Ross. Fixed bug in wndex/wndex.c and wndex/content.c which caused Charset= file directive to be ignored. Reported by Gabor Kiss. ----------------------------------------------- CHANGES from version 2.4.1 to 2.4.2 (10/6/2001) ----------------------------------------------- Fixed bug in send.c and wn.c which caused CGI scripts which set cookies and then redirected to fail. Headers from the CGI script were not being sent. Found and fixed by Scott Sorrell. Fixed bug in wndex/content.c which caused core dump in some circumstances when filenames ended in .z or .gz and content type was specified. Reported by Paul Hoffman. In conjunction with the above, the server no longer automatically sets a content-encoding. Content-encoding headers will be sent only when specified by Content-encoding= line in the index.wn file. Fixed a bug in wndex/wndex.c which caused default charset not to be included in the content-type when the content-type was specified in the index.wn file. Fixed bug in tilde.c which caused failure of user directories when TILDE_USER_STRING ended with a '/' 9as in "/people/") instead of something like "/~". Reported by Christopher F. Miller. Fixed "Location: mailto" again. Reported by John Bolding. ----------------------------------------------- CHANGES from version 2.4.0 to 2.4.1 (8/8/2001) ----------------------------------------------- Fixed Snprint3 -> Snprintf2 bug in wn/send.c Fixed bug in cgi.c which caused PATH_INFO and PATH_TRANSLATED environment variables not to be correctly set in some circumstances when using cgi-handlers. Reported and diagnosed by Doug Hardie. ----------------------------------------------- CHANGES from version 2.4.0pre3 to 2.4.0 (5/10/2001) ----------------------------------------------- Better error messages are logged if suexec fails. CHANGES from version 2.4.0pre2 to 2.4.0pre3 (4/25/2001) ----------------------------------------------- Added #include to wn.h so RedHat 7.1 works. CHANGES from version 2.4.0pre to 2.4.0pre2 (3/22/2001) ----------------------------------------------- WNssl now has its own directory and can be made from the top directory by running "make wnssl". Fixed bug in wn/chkcntrl.c read_dir_info() which caused errors which field values contain '=". (reported by M. Neitzel). Fixed bug in wndex/wndex.c which broke serveall. (reported by D. Duffy and Ken Flaxman). Fixed bug in wn/init.c which caused compile failures reporting "init_mime" not found (reported by many). Fixed bug in wn/init.c which caused core dumps in wnsslsd when no cert file was available or password was wrong. (reported by Mark Feenstra). Fixed problem in configure script for IRIX and ranlib (reported by RobM). Simplified redirect code in wn/parse.c. All redirects are now external. CHANGES from version 2.3.13 to 2.4.0pre (3/11/2001) ----------------------------------------------- Fixed bug in init.c which caused core dump in attempted wn_exit() after certain initialization errors. Thanks to Doug Hardie Fixed bug in wn/evalif.c which caused virtual host match up set in the virtual hosts file. The documentation has been updated to reflect this and Sander has supplied documenttaion on installing suexec. Subsequently, I have further modified both WN and suexec to the extent that any problems are surely my fault not Sander's. This is still in pre-beta form, but it would be good to test it. To use it, start by editing config.h (look for WN_SU_EXEC). You will also have to edit Makefile and suexec/suexec.h. You must use virtual hosts with suexec. Virtual hosts now allow you to turn off the possbility of user home directories (a feature some of you wanted). See docs/multi.html for more information. Fixed bug in wn/evalif.c which caused bogus "string terminated" errors to be logged when some #if constructs (e.g. && and ||) were used. Reported and diagnosed by P. Pennock and D. Simpkinson. Fixed bug in wndex/wndex.c where tmpfpath was incorrectly set. Thanks to Craig Milo Rogers. Error logging is now automatically done in verbose mode. Fixed bug in wn.c which caused a slowdown when pdf files were served to MSIE using the acrobat plugin. Reported by Ken Flaxman. Fixed bug in wn.c which caused an extra erroneous \r\n after a cookie header which is generated by a script. CHANGES from version 2.3.7 to 2.3.8 (4/28/2000) ----------------------------------------------- Fixed bug in wn/init.c which caused crash in wnssl when the key file and the cert file were not the same. Thanks to Doug Hardie. Improved wn/Makefile.wn.dist to do a better job of finding SSL include files. Thanks to Doug Hardie. Moved the #define DEFAULT_SSL_PORT to config.h(.dist) where it belongs from wn/wnssl.h. Doug Hardie again. Some cleanup of Makefiles and renaming of files. CHANGES from version 2.3.6 to 2.3.7 (4/25/2000) ----------------------------------------------- Removed stray diagnostic message from wn/chkauth.c which was entered in error log each time authentication was used. CHANGES from version 2.3.5 to 2.3.6 (4/19/2000) ----------------------------------------------- Added support for HTTP Via header. It's contents is now placed in the CGI variable HTTP_VIA. Fixed bug in wndex/wndex.c which caused ampersands in titles, fields, etc. to not be escaped as they should. Thanks to Karl Vogel. Fixed bug in wndex/wndex.c which caused Default-attributes=md5 to fail to work. Reported by Jasper Jongmans. Fixed bug in wndex/content.c which caused CGI scripts not to have the attribute WN_CGI. Added support for CGI_EXT_LIST, replacing CGI_EXT. Fixed bug in wnputh/puth.c where an incorrect macro Snprintf caused compiliation errors. Thanks to Craig Milo Rogers. Fixed bug in wn/parse.c which caused improper handling of complicated wrappers. Fixed bug in wn/standalone.c where an incorrect clearing of the environment caused server to crash on some systems. Thanks to Craig Milo Rogers. The configure script now preserves the value of WN_USER which you enter when you run the script. Thanks to Craig Milo Rogers. CHANGES from version 2.3.4 to 2.3.5 (3/10/2000) ----------------------------------------------- Added support for the Charset and Default-Charset directives. Fixed bug in wnauth/wnauth.c. Minor bug in wnauth/wn_md5passwd.dist fixed thanks to Frank Denis. CHANGES from version 2.3.3 to 2.3.4 (2/20/2000) ----------------------------------------------- Fixed configure script and wndex/Makefile so that SGI systems will not stop because they don't have (and don't need) ranlib. Fixed bug in wn/chkauth.c which cause REMOTE_USER environment variable not to be set when Basic authentication is used. Modified Makefiles and directory organization. There is now a wn/md5 directory which contains MD5 related code. Most of this is now borrowed from openssl. The configure script will now try to see if the standard openssl libraries have been installed and use them if they have. WN's own MD5 library (which is now from openssl) will also be built but should only be used if openssl has not been installed. Modified the Set-Cookie directive and added a Default-Cookie directive. In addition to specifying a static cookie you can now start the value with '!' in which case it will be interpreted as a script to run to generate the cookie. Several mundane changes including new functions fmt2 fmt3 and making mystrncat a macro. The parameter "meta" is now synonymous with "info". In other words http://host/foo.html;meta does the same thing that http://host/foo.html;info has always done. I bet the "info" parameter is an old feature no one knows about. CHANGES from version 2.3.2 to 2.3.3 (2/12/2000) ----------------------------------------------- Fixed some portability problems. AIX needs time.h and it was not being included. Added '@' to the characters allowed in the pathinfo part of a CGI URL. CHANGES from version 2.3.1 to 2.3.2 (2/9/2000) ----------------------------------------------- Modified configure script and wn/Makefile to be more portable with the new PAM and wnssl support. In wn/ there is now a Makefile.wn.dist which gets copied with modifications by the confingure script. Added a README.wnssl with a very brief description of how to use it. CHANGES from version 2.3.0 to 2.3.1 (2/5/2000) ----------------------------------------------- Modified server so that data reflected to client in automatically generated pages is sanitized. This is was done for internally generated search responses and the clients query data returned by . Data returned from environment variables is NOT sanitized. Sanitized means any character except alphanumerics and '.', ':', '/', and '@' are changed to space. Integrated wnssl support into base distribution. This is not yet documented. You first need to install openssl version 0.9X or later. Then create a new config.h (or use the old one) and name it "config_ssl.h" (put it in the same directory as "config.h"). Then cd to the wn subdirectory and run "make wnssl" optionally followed by "make install_wnssl". Added support for PAM (plugable authentication modules) in authmodules. There is a PAM module included in the wnauth directory with the same functionality as wnauth. To create it install openssl and then in the wnauth directory run "make wn_pamauth". Fixed bug in wn/parse.c which caused "Parse construct to large" error to be logged for very large comments (i.e. with "<-- something ... -->") in parsed html. Fixed bug in wn/chkcntrl.c (syntax error when WN_IP_ONLY_ACCESS is #defined). Fixed bug in wn/chkcntrl.c that ended some headers with just \n instead of \r\n. Attribute 'cacheable' now works for authenticated items. CHANGES from version 2.2.4 to 2.3.0 (12/23/1999) ----------------------------------------------- This version contains a rudimentary handler for the PUT, DELETE, and MOVE methods ( in the puth/ directory). See the documentation for the '-P' option to wnsd and the Put-Handler, Put-Authorization-Module, etc. file directives. Added new logtype directory directive and new more flexible '-v' option for setting log type on the command line. These are described in the documentation. CHANGES from version 2.2.3 to 2.2.4 (12/19/1999) ----------------------------------------------- Fixed bug in wn/cgi.c and wn/tilde.c which caused CGI environment variable to be incorrectly set when a CGI script in a user directory is executed. Reported by Joris Bontje. Replaced missing colophone.html file in doc/ directory. CHANGES from version 2.2.2 to 2.2.3 (12/04/99) ----------------------------------------------- Added a workaround for bugs in browsers and/or plugins that made multipart/byteranges fail. Either the client or the plugin is not strictly adhering to the HTTP spec. This was causing problems with pdf files, which this workaround fixes. Support for TRUE64 on Dec Alphas added. Thanks to Joe Klemmer for testing. Also changed names FREE_BSD2 to FREE_BSD and SOLARIS2 to SOLARIS in configure script. Fixed bug in wnauth/wnauth which caused it to fail on systems with an MD5 based crypt(). Thanks to Kenji Rikitake. Also fixed a bug in wnauth/wn_mkmd5passwd. Added a new #define in config.h.dist which turns off persistent connections for all POST transactions. This will be the default behavior but can be overriden by editing config.h.dist. Fixed bug in wn/init.c which caused syslog error logging to fail in certain circumstances. CHANGES from version 2.2.1 to 2.2.2 (11/5/99) ----------------------------------------------- In honor of "burn all gifs day" (see http://burnallgifs.org/) I have replaced all .gif files in the distribution with .png files. The .gif files were probably not legal as I have not paid royalties to Unisys and the files were created with GPL'd tools. I fixed up a couple of other minor problems with the Makefile (reported by P. Hoffman) and with the "configure" script. Some minor revisions and improvements to wnauth were included There is no real reason to upgrade to this version if you are using 2.2.1 and don't use authentication. CHANGES from version 2.2.0 to 2.2.1 (11/2/99) ----------------------------------------------- Fixed bug in wn/image.c which caused possible buffer overflow. This only created a potential vulnerability if you were using the builtin imagemap facilities of WN. CHANGES from version 2.1.7 to 2.2.0 (10/31/99) ----------------------------------------------- Added a few error diagnostics (errno) when logfile openning fails. Fixed an obscure bug in wn/util.c. Fixed buffer overflow vulnerability in wn/util.c. Added further security protections. Removed unneeded #include sys/signal.h from mod.c and util.c CHANGES from version 2.1.6 to 2.1.7 (5/12/99) ----------------------------------------------- Added support for a new attribute, "no-keepalive". This causes the server not to use persistent connections after serving a file with this attribute or directory with this default attribute Fixed bug in wn/cgi.c that caused REMOTE_ADDR and other environment variables not to be set in some circumstances with persistent connections. Fixed bug in wn/evalif.c which cause parsed #if clauses to fail if there was no space between tokens as in . Reported by Jerry Sweet. Changed default value of index file from "index" to "index.wn" in wndex. Wndex will still check for "index" if default is not found. Also if the -i option is used the value is saved and remembered the next time wndex is run. Fixed bug in wn/send.c which caused failure to compile on Sun/OS and other systems with no snprintf. CHANGES from version 2.1.5 to 2.1.6 (2/14/99) ----------------------------------------------- Added support for the incoming X-Forwarded-For header from proxies. This is now recorded when verbose logging is done and is put in the CGI environment variable HTTP_X_FORWARDED_FOR. Thanks to Kenji Rikitake for supplying the patch to do this. Fixed bug in wn/parse.c which caused redirects to mailto: URLs to fail. Fixed bug in wn/wn.c and wn/send.c that caused redirects (301) not to include content length. The new version now also includes a short html body about redirects. CHANGES from version 2.1.4 to 2.1.5 (12/12/98) ----------------------------------------------- Fixed bug which made raw documents accessible when handled by CGI-handler or filters (raw = before handled or filtered). Also fixed bug in wn/cgi.c that in certain circumstances caused the server to try to execute the file to be handled rather than the handler. Thanks to Peter van Dijk for finding these. CHANGES from version 2.1.3 to 2.1.4 (12/8/98) ----------------------------------------------- Fixed bug which made source of scripts accessible. This is serious security issue if you run CGI scripts which contain confidential information. Fixed bug in wndex/content.c which caused core dump when Attributes=MD5 was used on a non-existent file. Fixed bug in wn/parse.c in function dolocation which caused internal redirects to POST documents to fail. Fixed bug in wn/tilde.c. If the path to a user's "public_html" directory is longer than 31 bytes it was being truncated and requests for files from that directory failed. CHANGES from version 2.1.2 to 2.1.3 (10/18/98) ----------------------------------------------- Fixed bug in wndex/serveall.c which caused wndex to fail when the -a and -r options were used. Thanks to Kenji Rikitake. CHANGES from version 2.1.1 to 2.1.2 (10/11/98) ----------------------------------------------- Fixed bug in init.c which caused the last character of the timezone to be truncated in the log file. Thanks to Kenji Rikitake. CHANGES from version 2.1.0 to 2.1.1 (10/9/98) ----------------------------------------------- This file is now called "changelog". WN now sends the header "Last-Modified" instead of "Last-modified". Fixed bug in wn/wn.c where my_id in function remk_postdir() was not set. Rewrote functions mystrncpy() and mystrncat() in wn/util.c. They now have a new semantics and log overflow errors. Added support for the HTTP headers TE, Accept-Charset, Accept-Language and Accept-Encoding. They are put in the environment variables HTTP_TE, HTTP_ACCEPT_CHARSET, HTTP_ACCEPT_LANGUAGE, and HTTP_ACCEPT_ENCODING respectively. They can also be matched with conditional #if matching. Fixed bug in wn/evalif.c which showed up with use of #if language. Fixed bug in init.c which caused error logging not to use syslog facilities when it should. Added support for a CGI environment variable called REMOTE_PORT which indicates the port the remote client or proxy is using. CHANGES from version 2.0.2 to 2.1.0 (9/16/98) ----------------------------------------------- The wnsd daemon now opens the wnpid file before switching its userid to "nobody". This makes root the owner of wnpid. Fixed bug in wn/gsearch.c and wn/csearch.c that caused search wrappers to fail when there are multiple search requests in a single persistent connection. Access files now allow comments (starting with '#') to begin anywhere in a line, not just at the beginning of a line. Support for T/TCP in RFC931 lookups. Thanks to Kenji Rikitake. *********************************************************************** CHANGES from version 2.0.5 to 2.0.6 (2/14/99) ----------------------------------------------- Fixed bug in wn/wn.c which caused "Content-length: 0" not to be sent with redirects (status code 301). Fixed bug in wn/parse.c which caused redirects to mailto: URLs to fail. Changed keepalive timeout from 20 seconds to 10 seconds. CHANGES from version 2.0.4 to 2.0.5 (12/12/98) ----------------------------------------------- Fixed bug which made raw documents accessible when handled by CGI-handler or filters (raw = before handled or filtered). Also fixed bug in wn/cgi.c that in certain circumstances caused the server to try to execute the file to be handled rather than the handler. Thanks to Peter van Dijk for finding these. Added release number to cofig.h.dist and Makefile.dist for future use. CHANGES from version 2.0.3 to 2.0.4 (12/7/98) ----------------------------------------------- Fixed bug which made source of scripts accessible. This is serious security issue if you run CGI scripts which contain confidential information. Fixed bug in wndex/content.c which caused core dump when Attributes=MD5 was used on a non-existent file. CHANGES from version 2.0.2 to 2.0.3 (10/9/98) ----------------------------------------------- WN now sends the header "Last-Modified" instead of "Last-modified". Fixed bug in wn/wn.c where my_id in function remk_postdir() was not set. Fixed bug in wn/evalif.c which showed up with use of #if language. Fixed bug in init.c which caused error logging not to use syslog facilities when it should. CHANGES from version 2.0.1 to 2.0.2 (9/16/98) ----------------------------------------------- Fixed bug in cgi.c that caused REMOTE_IDENT not to be put in the environment when it should. Fixed minor bug in wndex/wndex.c which mishandled lines with multiple #'s. CHANGES from version 2.0.0 to 2.0.1 (8/4/98) ----------------------------------------------- Jean Pierre LeJacq has put in a tremendous amount of work cleaning and formatting all the WN documentation. The main motivation for this release is to give everyone the benefits of his work. We all owe him a big thank you. Fixed bug that allowed text/plain files to sometimes be parsed. Fixed bug in wn/wn.c so that if directory /tmp/wn_tmpdir gets removed it is automatically re-created. Fixed bug in wn/chkcntrl.c that improperly initialized handler and filter. Fixed bug that caused a body to be sent (incorrectly) in response to certain errors with the HEAD method. CHANGES from version 1.19.9 to 2.0.0 (5/9/98) ----------------------------------------------- General cleanup so gcc -Wall provides a clean compile Removed extern declaration of malloc() and replaced with appropriate #include. Fixed bug that caused MD5 header to be sent on range requests. Added support for return status 413 "Request entity too large". This is sent if POST data is larger than 5 meg (MAXPOST in config.h). Added support for CHANGES from version 1.19.8 to 1.19.9 (5/3/98) ----------------------------------------------- Redirects now work if nothing has been sent. I.e. now works. Implemented Content-MD5 header for static documents. See Attribute=MD5 in appendixB.html. Fixed bug in chkcntrl.c which allowed the use of POST method only if Attributes=post was set. This prevented the use of one script for both GET and POST. CHANGES from version 1.19.7 to 1.19.8 (3/29/98) ----------------------------------------------- Fixed bug in vhost.h (missing '='). Fixed bug in wn.c/chkcntrl.c that caused the server not to chunk files sent with a filemodule (HTTP/1.1) or not to close the TCP connection (HTTP/1.0). Made tempfile for posting more secure. Added evnironment variables DOCUMENT_ROOT (replacing WN_ROOT) and SCRIPT_FILENAME Fixed bug in common.h which caused attibutes=cacheable to also set attributes=post CHANGES from version 1.19.6 to 1.19.7 (2/23/98) ----------------------------------------------- Added support for " is 2K. Fixed bug in wn/wn.c which was not always handling NOACCESS and redirects correctly. Fixed bug in parse.c that caused chunking not to be done when a parsed text redirect was not done because the condition was not satisfied. CHANGES from version 1.19.5 to 1.19.6 (1/25/98) ----------------------------------------------- Fixed bug in wn/wn.c that caused connections to timeout after 20 seconds rather than the default of 10 minutes. Fixed bug that caused transactions to HTTP/1.0 protocol instead of 1.1 even if the client is 1.1. CHANGES from version 1.19.4 to 1.19.5 (1/24/98) ----------------------------------------------- Added support for && (and) and || (or) in . Fixed bug in gsearch that caused attempt to parse plain text documents for things like lines in text/plain files. Reported by Scott McMullan. Fixed bug in wn/common.h. OUT_BUFFSIZE was #defined to be (128). It should be (4096). CHANGES from version 1.16.0 to 1.17.0 (10/29/96) ----------------------------------------------- Fixed bug in send.c which the file being sent to be closed twice. This caused problems on some linux systems. Fixed bug in send.c that caused the Filter= directive only to work if its complete path name from the server root was given. Fixed bug in configure script which caused it to add extra "-O3" arguments to the CFLAGS variable in the Makefile. Thanks to J. Norden. Added support for the "Max-Age" and "Default-Max-Age" directives. For example, "Max-age=3 weeks" will cause the Expires header to be set for a date 3 weeks after the document is served. The units seconds, minutes, hours, and days are permitted in place of weeks (but multiple units like "3 days and 2 hours" are not allowed). Also the directive "Max-age=3 weeks after last-mod" will cause the Expires header to be set to 3 weeks after the last-modified date of the file. Added support for and parsing instructions see docs/appendixC.html. Added support for directives Default-Includes and Default-Wrappers. For more information see docs/appendixB.html. The search type can now be set in a forms field called "mode". For more details see http://hopf.math.nwu.edu/docs/search.html#mode CHANGES from version 1.15.8 to 1.16.0 (10/10/96) ----------------------------------------------- There is a new CGI environment variable URL_SCHEME which contains "http" if a normal wn or swn is being run or "https" if the server has been patched to use secure sockets layer (SSL). The temp file used by wndex is now name "indxcach.tmp" by default so it works on filesystems which require 8.3 names. Fixed bug in wndex which caused it to list "indxcach.tmp" in the index.cache file if the serveall directive is used. (Thanks to P. DuBois) CHANGES from version 1.15.7 to 1.15.8 (9/14/96) ----------------------------------------------- Version 1.15.7 erroneously contained many of files from 1.15.6. It will run fine but the fixes listed for 1.15.7 won't actually work until you get 1.15.8. Fixed mistake in /docs/examples/shape.map -- a missing point in the polygon description (thanks to I. To). Fixed bug in chkauth.c that caused sporadic authentication problems with IRIX systems (thanks to P. Tyers). CHANGES from version 1.15.6 to 1.15.7 (9/12/96) ----------------------------------------------- Fixed bug that caused turning off persistent connections to fail. To turn them off #define NO_KEEPALIVE in config.h Created timeout for authwn. Also REMOTE_USER and AUTH_TYPE should now be set for authentication modules. Fixed bug that caused "write error" to be logged in error log whenever the remote client disonnected in mid transaction. Improved wn/Makefile. CHANGES from version 1.15.5 to 1.15.6 (8/25/96) ----------------------------------------------- Rewrote much of the low level buffering for file output. This needed doing anyway, but an interesting paper by John Heidemann at http://www.isi.edu/lsam/publications/phttp_tcp_interactions/paper.html was a prime motivator. The two suggestions suggested in this article are incorporated in this version. CHANGES from version 1.15.4 to 1.15.5 (8/22/96) ----------------------------------------------- Added support for the NCSA extended log format. This is invoked with the -v option as in "-v " where is one of "common", "verbose", or "ncsa." NOTE: THIS IS AN INCOMPATIBLE CHANGE TO THE -v OPTION. Fixed bug in isearch.c which caused Content-Length header to be sent for search results. It shouldn't be sent. Also fixed the same thing for line ranges. (reported by R. Bixler) Fixed bug in wn/prequest.c so virtual host name comparison is not case sensitive. (thanks to A. Roelofs) Fixed bug in wn/wn.c thiscon.authuser and thiscon.rfc931name were not properly initialized. Fixed bug in wn/wn.c, to actually have the "Netscape hanging" bug fix take effect. Fixed bug in wn/send.c which caused some redirected documents to be logged twice. Fixed bug in handling of redirects with '#' in anchor (thanks to D. Capshaw). Added support for . (Thanks to S. Trier) Added support for the CGI environment variables AUTH_TYPE, HTTP_ACCEPT_LANGUAGE and HTTP_ACCEPT_CHARSET. CHANGES from version 1.15.3 to 1.15.4 (7/28/96) ----------------------------------------------- Fixed bug in wn/chkcntl.c that failed to make CGI docs dynamic when they should be. (Reported by Roy Bixler) With substantial help from D. Capshaw I think the "Netscape hanging" bug is fixed. Fixed bug in wndex/serveall.c which caused the temp file "index.cache.temp" to be listed in the index.cache file when Attributes=serveall is used. (Reported by P. DuBois) Fixed bug in wn/parse.c. The array bigbuf[] was not properly initialized. (Thanks to I. Levinson) Rewrote "get_input" in wn/wn.c to read() rather than fgets(). Added support for a group file to authwn. See docs/access.html. The configure script now asks if you want persistent connections. The default is yes for 1.15.x and no for 1.14.x CHANGES from version 1.15.2 to 1.15.3 (7/11/96) ----------------------------------------------- Fixed distribution which was not assembled properly for 1.15.2 (i.e. it had some old files so all the fixes weren't there). Fixed bug in wn/parse.c. The array bigbuf[] was not properly initialized. (Thanks to I. Levinson) CHANGES from version 1.15.1 to 1.15.2 (7/8/96) ------------------------------------------- Fixed bug in chkcntrl.c that caused filemodules to fail. They now also work with Attributes=serveall (thanks to W. Zekoll) Fixed bug in chkcntrl.c which caused a segmentation fault if a request for a file in a non-existent directory was received. (reported by N. Walsh) Fixed bug in wn/cgi.c which caused sporadic failures for simple /bin/sh CGI scripts. (reported by S. Trier). Fixed wn/gsearch.c which produced some HTML in search responses which was not legal. Fixed bug in wn/wn.c which made Accept-Ranges header wrong causing PDF files to fail with Netscape plugin. CHANGES from version 1.15.0 to 1.15.1 (6/12/96) ------------------------------------------- Fixed bug in wn/image.c which caused the "point" method to sometimes fail. Fixed bug in wn/init.c which caused the error logging to always fail. Added support for multiple byteranges with the Range: header. CHANGES from version 1.14.2 to 1.15.0 (6/4/96) ------------------------------------------- Implemented "lazy logging". DNS lookups and logging now take place after the end of a connection. (A connection may be persistent and include several transactions.) This can cause an improvement in user peceived speed. It is not really more efficient since the same work must be done, it is just done after the document is transmitted. Increased constants in wndex/serveall.c to allow more files in a directory using serveall. CHANGES from version 1.14.1 to 1.14.2 (6/4/96) ------------------------------------------- Added feature to wndex suggested by many to have it write initially an index.cache.temp file and then use rename() to move that to index.cache when it is finished. Fixed bug in wn/wn.c which caused http_prolog() to give an incorrect zero content length header in 401 (not authorized) responses. CHANGES from version 1.14.0 to 1.14.1 (5/31/96) ------------------------------------------- Improved portability for SOLARIS2 and AIX. I.e. AIX now compiles correctly and Solaris works with cc (before it worked with gcc). Fixed wndex so it no longer issues warning when a redirected file does not exist and has no title. Fixed bug in "configure" that caused it not to ask for a substitute value for "public_html" when using the TILDE_TABLE feature. Also "configure" now asks if you are using gcc or cc. This is necessary for proper configuration of Solaris. A number of documentation improvements. Many typos fixed thanks to C. M. Rogers. Fixed bug in cgi.c that could have caused the loss of some bytes from CGI output in some circumstances. (Thanks to U. Pfeifer) Put timehack() back in standalone.c -- somehow it got lost between 1.09 and 1.10. This is a dummy lookup of time and DNS stuff, done once when the server starts up to get some standard info from the system. It should improve performance slightly. CHANGES from version 1.13.5 to 1.14.0 (5/24/96) ------------------------------------------- Fixed bug in do_list_search() from wn/csearch.c which caused list searches to create an incorrect form at the end of matches. Fixed problem in wndex/content.c which caused compile to fail on systems for which NEED_STRCASECMP is defined. (reported by H. MacEwan). Fixed bug in wn/prequest.c which caused looping when requests like http://host/cgi-bin/dir/foo are made. CGI scripts must be in a directory named cgi-bin or end with suffix .cgi. The file manual section /docs/cgi.html now emphasizes this. Fixed problem in wn/parse.c which caused the Default-document directive to fail when used in users' directories, i.e. with URL's like "http://host/~user/". (reported by H. MacEwan and U. Pfeifer). Fixed bug in wn/chkcntrl.c that caused incorrect value of directory owner in Link: headers. Fixed bug in wn/common.h to make ".tex" files have content type text/plain. Changed date format for Date: and Last-Modified: headers to be consistent with RFC 1123. Fixed bug that caused NO_SUCH_FILE URL redirection not to work when the non-existent file is in a non-existent directory. (reported by K. Lyon) Added support for conditional inclusion based on virtual hostname (see docs/appendixC.html). CHANGES from version 1.13.4 to 1.13.5 (5/6/96) ------------------------------------------- Fixed bug in init.c which caused compile failure when USE_VIRTUAL_HOSTS is #defined, but VIRTUAL_HOSTS_FILE is not. Fixed bug int wn/wn.c and wn/chkcntrl.c which caused error message not to be sent when a non-existent file was requested and no custom error message had be specified (reported by H. MacEwan). Improved compatibilty for RISCOS (thanks to P. DuBois). CHANGES from version 1.13.3 to 1.13.4 (4/29/96) ------------------------------------------- The "virtual hosts" feature of the WN server has been enhanced in two ways. First it is now possible to use a file containing a list of virtual host names, their IP addresses and the data root directory for each. Secondly the server now supports the "Host: " header implemented by some browsers (e.g. Netscape2.x) and so-called "full URLs". For browsers that support either of these features it is now possible to have multiple virtual hosts with a single IP address! The HTTP/1.1 protocol will require browsers to support the Host: header. Fixed bugs in parse.c which caused redirects with "#" to fail and caused to fail. Fixed bug which caused error logging to sometimes fail when call to getpeername fails. Imagemap changes: A file named foo.map (i.e. with suffix .map) will automatically be considerd to have "Attributes=imagemap" set when wndex is run unless a "Content-type=whatever" line is supplied for it. This will also work if "serveall" is specified and there is no entry for foo.map. But it is necessary to run wndex, i.e. the server will not recognize foo.map as an imagemap file if wndex has not been run on the directory containing it. There are three new per directory directives which may be placed in index files. Access-denied-URL=http://host/dir/foo.html No-Such-File-URL=http://host/dir/foo.html Auth-denied-file=~/dir/foo.html The first is a URL to which to redirect if the request is denied because of an accessfile restriction. The second it a URL to which redirect a request for a non-existent file. The third is a file containing an HTML doc to use as an error message which password authentication fails. See /docs/appendixB.html for more details. Fixed bug in send.c which caused rewriting of same data when there is a partial write. (reported by T. William Wells) Fixed bug in csearch.c (reported by P. DuBois) and bug in standalone.c (reported by J. Polterock) CHANGES from version 1.13.2 to 1.13.3 (3/7/96) ------------------------------------------- There have been some significant changes with the serveall attribute. A minor change is that it is no longer the case that non world readable documents will not be served. Now any document readable by the server will be served unless it ends in '~' or starts with '.'. The big change is that now running wndex in a directory with attribute=serveall enters all the servable documents in the index.cache file. This means they are all searchable and that HTML files among them will have the correct title. Changed Allow-Range: header to Accept-Range: header per spec change. Fixed bug that caused wrong document root to be used sometimes if the document root was changed in the middle of a multi-request connection. Fixed bug that made caused content length header to be off by one in range requests of the form "bytes=n-". Fixed bug that caused some spurious Write Error messages to be logged and that caused some images to "hang". Fixed bug in wndex/wndex.c that caused Default-Attributes to fail. (Thanks to Hans de Graaff). Fixed bug that caused some repeated simple searches to fail because the URL might have two "query=" strings at the end. Fixed bug that caused by a NULL value of errlogfp. CHANGES from version 1.13.1 to 1.13.2 (2/17/96) ------------------------------------------- Added support for a new additional format in access files restricting directory access to certain hosts. The new format for a line in an access file is nnn.nnn.nnn.nnn/mmm.mmm.mmm.mmm consisting of an IP net address and an IP mask. The procedure is to take the IP address of the remote client, do a logical "and" of each of its four parts with the four parts of the mask (mmm.mmm.mmm.mmm) and check that the four results agree with the four parts of nnn.nnn.nnn.nnn. For example, the line "123.123.123.0/255.255.255.0" will match (and allow access to) precisely those machines with IP address of the form 123.123.123.x because the "x" part is "anded" with 0 and hence becomes 0, while the other four parts are anded with 255 and hence unchanged, so they must all equal 123. Added support for to include the contents of any environment variable in a parsed HTML document. Added support for a new command line argument "-q pidfile" which specifies the name of a file in which the server puts its process id rather than printing it to standard output. This filename can also be specified when the configure script is run. For more details see docs/access.html. Any redirection to a URL containing "#whatever" is now sent out as an HTTP 302 redirect and not done locally. Fixed bug in wn/parse.c which broke imagemaps on some systems. Fixed bug in wn/parse.c which caused not to work. Fixed bug in wn/prequest.c which caused markline documents to have incorrect Content-Length. Fixed bug in chkcntrl.c which caused CGI documents not to be marked dynamic when they occur in an index file with attribute=serveall set. Hopefully fixed bug which caused documents to be truncated when they were included in wrappers which are executed or used includes which were executed. CHANGES from version 1.13.0 to 1.13.1 (1/17/96) ------------------------------------------- Fixed bug in standalone.c which caused SYSV systems to fail to compile with an "undeclared function zombie..." error. Fixed bug in wn/chkcntrl.c and wn/wn.c whicn caused "Default-Document" and "Default-Content" directives to fail. If a Redirect directive is given with a trailing '?' as in Redirect=http://host/foo? Then the server will append the "query" part of the original request before doing the redirect. The query part is anything after a '?' in the URL. This applies also to which works like other conditional parsed text but matches against clients request. BTW either =~ or ~ works in these conditional parsing constructs. I have decided that =~ is better so I changed the documentation to reflect that. If swn receives a HUP signal (via "kill -HUP server_pid") it will close the logfiles and then reopen them. This is useful for logfile rotation scripts. This will have an effect only if the logfiles have been moved with "mv" before the kill -HUP is done. (Thanks to George Headley) To help with this swn will now print its pid to standard output when it it starts. Thus invoking it with a command like "swn /path/wnroot > /path/wn.pid" will put the process id of the server in the file /path/wn.pid for use in logfile scripts (See /docs/setup.html#logging). If the server gets its hostname from config.h or the command line it will now get the appropriate IP address from gethostbyname(). This allows running multiple instances of the server on the same port, but with different IP addresses. See docs/multi.html. (Thanks to George Headley) Timeouts are now logged in the main logfile not the error logfile. The error logfile is intended for potential problems of which the maintainer should be aware. Thus while timeouts aren't exactly normal they usually don't indicate a server problem. There is a new environment variable set for CGI scripts. It is called HTTP_POST_FILE and contains the path to a file containing the data posted by the client. The file is removed after the CGI script exits. This is intended for use with the new file upload capability of the Netscape browser (and hopefully others). CGI scripts should be able to rename or copy this file (of course the content of the file is still avaiable on standard input). Note that there is a maximum allowable size for a post which is currently 1 meg. This can be changed by altering the value of the MAX_POST #define in wn/wn.c. You can now put multiple attributes in a single attribute directive separated by commas. I.e. Attributes=nosearch, parse, dynamic is equivalent to 3 separate Attributes lines with the values nosearch, parse, dynamic. Note that "Attrtibutes=" (with the 's') is equivalent to "Attribute=". CHANGES from version 1.08 to 1.09 (9/20/95) ------------------------------------------- The HTTP_AUTHORIZATION environment variable is gone. The authorization header information is now communicated to authorization modules by first URL-encoding it and then passing it as the first (command line) argument. This means that wn 1.09 is not compatible with versions of authwn which are pre-1.09. Sorry. Of course wn-1.09 works with authwn wn-1.09 and no changes in your index file should be needed. BUT: Henceforth authwn and other Authorization-Modules can only be used when the server is run with the -t or the -T option or the (new) -a or -A option and with the trusted user or group the owner of the index.cache file listing the Authorization-Module. This is to protect against counterfeit Authorization-Modules. Fixed bug in wn/standalone.c caused by typo. It should be daemon_logerr not daemon)logerr. (Thanks to P. Dubois). Fixed bug in parse.c which caused context search references (things with #WN_mark) to fail when they were parsed. (Reported by R. Firth) When a redirect is done because a trailing '/' has been left off the request the :port is left off if port = 80. I.e. if the old redirect to http://host:80/dir/index.html will now be http://host/dir/index.html. When a '/' is tacked on the end of a file (not directory) URL then access is now denied. (reported by G. Retti) Fixed bug which caused to fail if redirect was local and file redirected to contained #includes. (reported by J. van Wezel) Fixed bug in wn/csearch.c which caused title searches sometimes to return matches from directories which were marked with Attribute=nosearch. wndex no longer warns about empty fields for Field#= if it is run with the -q (quiet) option. CHANGES from version 1.07 to 1.08 (8/30/95) ------------------------------------------- Added support for use of a "" URL in an imagemap file. This causes the server to send a status 204 "no response" header which tells the client to do nothing and leave the display alone. This means in imagemaps you can have a region (say the background) where nothing will happen if the user clicks. The page won't be reloaded and won't change. You can also use "Redirect=" lines in a file record of an index file. Added support for a new directory directive, "Default-Document". Now a line like "Default-Document=foo.html" in an index file in /dir will mean that http://host/dir/ will return foo.html instead of index.html. This is especially useful if you want to use a CGI script as the default document. Added Appendix E to documentation. This is a document for users who are not webmasters on how to set up a homepage in their own directory (assuming the "/~user" stuff has been enabled. Fixed bug in wn/standalone.c which caused swn to die sometimes when an accept() system call fails. Fixed bug in wn/chkcntrl.c which sent inappropriate error when a line in an accessfile does not end in a \n. Fixed bug in wn/chkcntrl.c which caused problems with Attributes=serveall and files ending in .z or .gz not being properly typed. Also unrecoginized suffixes caused a core dump. Fixed bug in wndex/content.c which caused wndex to fail to extract items properly from lines in HTML docs. (thanks to G. Anker) Added support for ISC systems to configure script (thanks to J. Bailey) Added support for "nocoords" in ismap support. This allows non-graphical browsers to be sent a message when an ismap graphic is selected. (thanks to S. Trier) In conditionally included text like , , etc. not to work in searchwrappers and nomatchsubs. Fixed bug in wn/chkcntrl.c (directory attributes were not initialized so, for example, some directories were marked non-searchable which should not have been). Fixed bug in wn/util.c in get_rmote_info() which caused failure to send error message when a bad ~user URL is requested. Fixed bug in wn/chkcntrl.c in chkaccess() which exited when accessfile could not be opened instead of treating it like an access denial. Added built in support for imagemaps. Just put a standard mapfile in your index with the "Attribute=imagemap" and make an ISMAP anchor point to it instead of the imagemap program. See docs/click.html and docs/examples/ismap.html. Added support for in parsed documents. Added support for in parsed documents. If this is encountered in a parsed document and no text has been sent then a redirection to "some_url" will be done. E.G. [Real document here] If verbose logging is used the HTTP Cookie is now logged if it is present. CHANGES from version 1.05 to 1.06 (7/11/95) ------------------------------------------- Fixed bug in "configure" script caused by typo. (reported by Adam Jack) Added support for Attributes=serveall directive allowing the serving of all files in a directory which are world readable and do not start with '.' (index and index.cache are excluded). See the last section of docs/index_desc.html for more details. Added documentation for the "Nomatchsub=" directive (formerly called "Emptysub" but undocumented). This permits the customization of the response to searches which find no matches. See the last section of docs/search.html or appendixB.html for more details. Changed all occurances of "uint" and "uchar" in reg.* to "unsigned" and "unsigned char" respectively. (suggested by Paul Dubois). Corrected various typos in documentation. CHANGES from version 1.04 to 1.05 (7/6/95) ------------------------------------------- Added strncasecmp code to wndex/wndex.c which now needs it (only for those systems which don't have it and have #defined NEED_STRNCASECMP) Fixed bug in wn/chkcntrl.c which caused it to allow access to IP address xxx.xxx.xxx.5, for example when only xxx.xxx.xxx.51 was supposed to have access. Fixed bug in wn/prequest.c which caused references like http://host/~user to fail to be redirected to http://host/~user/ (with final '/' added) as they should be. Instead they were redirected to a document relative to the main hierarchy. (Thanks to Stephen White). Improved the configuration script to handle setting up user homepages. Replaced the use of "BSD" in config.h and elsewhere with "BSD_LIKE" in order not to conflict with some systems use of BSD. CHANGES from version 1.03 to 1.04 (6/5/95) ------------------------------------------- Added "conditional included text" for parsed documents. This allows you to have public documents contain links to restricted documents with the link being invisible unless the client has access to the restricted document. But it also does *much* more. See the files docs/parse.html and docs/appendixC.html for full details. Do take a look at this, it is, IMHO, a significant new feature. Added a new attribute "cgi". If you add the line Attributes=CGI to an item in your index file then the standard CGI environment variables will be set up. This is useful for filters and for execed server-side includes. Fixed bug in wndex/wndex.c that caused mishandling of '&', '<', and '>' in the title field of an indexfile. (Reported by Paul Dubois) Fixed wn/util.c so that get_local_info doesn't use DNS to overwrite local hostname specified by #define WN_HOSTNAME in config.h (thanks to Stephen Trier) Fixed bug in wn/misc.c in functions strcasecmp() and strncasecmp() which caused problem on systems which don't have these. Added timezone to date logfiles and made error logfile have exactly the same format as the regular logs. Fixed wn/standalone.c so that an overloaded server doesn't just exit, but simply discards a request and keeps on going. Fixed bug in wn/init.c in function logerr which needed to reset date to the empty string. Fixed bug in wn/wn.c which caused erroneous HTML to be generated and served when an error occurs and the senderr() function is called. (Thanks to Stephen Trier) CHANGES from version 1.02 to 1.03 (5/7/95) ------------------------------------------- Fixed serious bug in wn/chkcntrl.c which caused -e option to fail. Fixed bug in wn/csearch.c that resulted in a missing
    for search wrapped title, keyword and field searches. Fixed bug in wndex which caused mishandling of empty tag pair. A request like GET /dir1/dir now generates a redirect to /dir1/dir/ rather than /dir1/dir/index.html. (Thanks to Christopher Davis) Fixed bug in wn/cgi.c which caused CGI output headers to be handled incorrectly if they ended with . Also fixed bug in wn/wn.c that caused HTTP header "MIME-version:" not to be sent. (Thanks to Mike Gallaher for these fixes). Fixed bug in send.c which caused it to fail to put WN_KEY into the environment properly. (Thanks to Mike Gallaher). Added support for the server attempting RFC931 (aka RFC1413, IDENT, or TAP) lookups on clients. This may be good for additional logging information, but should not be trusted for authentication. (Thanks to Christopher Davis). To use this you need to edit the file config.h and uncomment the /* #define RFC931_TIMEOUT (10) */ line. Added minimal support for different data roots corresponding to different IP interfaces. See the section of docs/tilde.html called "Hierarchies based on IP address." Added better support for Netscapeisms: Refresh and Cookie/Set-Cookie. See docs/appendixB.html for more details. More info about Cookie/Set-Cookie is in docs/cookie. CHANGES from version 1.01 to 1.02 (4/9/95) ------------------------------------------- Fixed bug in wn/prequest.c which caused title and keyword searches from WN root to fail. Fixed wndex so it can now handle HTML documents whose titles are not on a single line. E.g. This is the title can now be used instead of just This is the title Fixed bug in wn/wn.c so that CGI scripts never return "304 Not Modified" but always rerun the script. Added to security chapter of users' guide. CHANGES from version 1.00 to 1.01 (3/31/95) ------------------------------------------- Fixed bug in wndex that caused it to put Keywords in index.cache twice when they were listed in a element of and HTML file. Fixed bug in wndex which caused incorrect default content-type and created index.html files with missing
      when wndex was run with -r option (thanks to Mike Meyer) Fixed bug in wn/prequest.c which cause CGI scripts not to work when used as DEFAULT_URI. Also fixed bug that caused /~user/ not to be translated to /~user/index.html and then to /index.html in directory ~user/public_html/. Fixed bug in wn/cgi.c that sometimes caused spurious headers on returned CGI documents. This showed up most noticeably when doing "server push" transactions supported by Netscape. In /wn/util.c added '.' to remotehost name before doing lookup for efficiency. (thanks to S. Bennett) Fixed bug in bin/digest which made using first line of records fail (thanks to Andrew Pam) CHANGES from version 0.99 to 1.00 (3/13/95) ------------------------------------------- Added support for /~user URLs and table lookup for root directory change. Details are in a new chapter of the users guide (/docs/tilde.html). Fixed bug in wn/chkcntrl.c which caused access to be granted to 123.123.123.123 when the accessfile only gave permission to 123.123.123.12. It is now necessary when listing an IP subdomain in an accessfile to end it with a period, e.g. the entry cannot be 123.123 but must instead be 123.123. to grant access to all hosts with IP adresses 123.123.xxx.xxx. Note that complete IP addresses like 123.123.123.123 must not end with a period, however. Fixed problems in init.c with syslog. Added new #define LOGPRIORITY to config.h (thanks to Rob Jenson). WN_HOSTNAME need no longer be set in config.h. It has been moved to the optional items there. By default it is #defined to be "". In this case if the -h option is not used the server will query the host (if it needs to) to find the name and the port. Of course if you want to set it you may, and that value will be used. The advantage of the new scheme is a binary compiled once may be used on several hosts without the -h option. I should point out the hostname is almost never used: it is put in the environment for CGI scripts to consult if they wish and it is used in certain fairly rare redirections because stupid browsers don't handle relative URLs in redirections. (In part this is thanks to David Capshaw) If VERBOSELOG is #defined in config.h the the user agent and referrer are logged. Changed cgi.c so that CGI scripts now use unbuffered i/o. This should work with Netscape's "server push". CHANGES from version 0.98 to 0.99 (2/20/95) ------------------------------------------- Fixed bug that caused executable includes to fail. Also documented this feature. (Maybe this wasn't really a bug since the feature had never been documented.) Fixed many typos in the documentation (thanks to Paul DuBois) and updated some sections. Some security enhancements. CHANGES from version 0.97 to 0.98 (2/14/95) ------------------------------------------- Fixed potential security problem involving attack similar to the famous internet worm fingerd vulnerability. There is now a #define DEFAULT_URI in the config.h file. It is set to "/index.hmtl". This is the document returned in response to a request with only the hostname. You would need to change it if, for example, you wanted to have the default server response be to run a CGI script. The default value of TIMEOUT has been reduced to 5 mins, but the timer is now reset each time 1024 lines of text or 128K of binary data have been sent. The DNS name lookup (from the IP address) is now checked more carefully to help prevent spoofing. (Thanks to David Capshaw). The NONET #define is gone and there is now a #define NO_DNS_HOSTNAMES line in config.h. Uncommenting this line will mean that there will be no hostnames in your log file, just IP addresses. This will reduce the load on your server (but probably not speed up responses since the lookups usually take place after the transaction is complete. Keep in mind that uncommenting this will mean that none of your CGI scripts will get the hostname and also that your access files cannot have hostnames in them, just IP addresses. CHANGES from version 0.97 to 0.97a (2/8/95) ------------------------------------------- Fixed bug in authwn.c that caused a segmentation violation if authwn was run with no arguments. Removed code to put strerror(errno) in errlog for portability reasons. CHANGES from version 0.96 to 0.97 (2/7/95) ------------------------------------------- Removed external declaration of strrchr() from wndex/content.c which was causing some problems. Fixed bug in wndex/wndex.c (content-type could sometimes be wrong). Fixed bug which caused "304 Not modified" transactions not to be logged. Fixed a couple of places where senderr() had an argument of the wrong type. Wndex now removes trailing whitespace from any lines it reads in an index file. Errorlog now contains output of strerror(errno). If WN_ERRORLOGFILE is set to "" and the server is run with the -S option then error logging will be handled by the syslog facility. If a CGI script is run and has been authenticated the environment variable REMOTE_USER is now set to the user name. When wndex creates an index.html file it now notifies the user of this fact and moves any existing file of that name to index.html.bak. Fixed bug in senderr() which caused logging to sometimes omit the URL and/or file name. Added function dedot() to prequest.c which replaces "/xxxx/../" and "/./" in URI path with a single /. Moved the invocation of get_remote_info() to a point later in the serving process. Now, for most transactions, this will take place after the document is sent so response time to clients should be faster. CHANGES from version 0.95 to 0.96 (1/13/95) ------------------------------------------- Fixed bug in bin/mkpasswd which required a password file to exist before working. (Patch thanks to Ron Pool). Fixed bug in wndex/wndex.c that caused segmentation violation when used with the -r option on some systems. (reported by Chael Hall) Added more to Appendix B in the user's guide. Also documented "line searches" for directories and context and grep searches for files in search.html. Fixed bug in file context and grep searches (wn/gsearch.c) which caused results to be returned as text/plain rather than text/html. CHANGES from version 0.94 to 0.95 (12/21/94) ------------------------------------------- Fixed bugs in logging which caused wrong status to be logged for many transactions and neglected to log username for authenticated transactions. Changed authwn.c to supply username to wn for logging. Fixed bug which caused incorrect "Bad field in cache" entries in the error log. Applied patch from S. Trier dealing with error returns from a file module. CHANGES from version 0.93 to 0.94 (12/15/94) ------------------------------------------- Added support for authentication via module authwn. See /docs/access.html. Added support for modules returning failing status. Fixed bug that allowed searching titles of authenticated directories without authentication. Filters and modules have a general mechanism for specifying path: If 1st char is '/' it's relative to system root, if it starts with ~/ it's relative to WN root, otherwise it is rel current directory. The -E -e and -u command line flags now affect modules as well as CGI, filters, etc. Fixed bug in wndex which caused it sometimes to run out of file descriptors (some files weren't being closed). Fixed bug in wndex that caused it sometimes to give two content types to a single document. Added support for putting Keywords in HTTP headers and reading them from lines in HTML documents. Replaced last half of docs/appendixB.html which somehow got truncated prior to 0.93. Corrected documentation on the "digest" utility to indicate the the proper order of arguments. Fixed bug in cgi.c which caused environment variable SERVER_PORT not to be set correctly (reported by A. Damini). Fixed bug in gsearch.h that caused context searches of filtered files to fail. CHANGES from version 0.9 to 0.93 (11/28/94) ------------------------------------------- Added #define for S_ISLNK(m) for systems which don't have it. Added #include in prequest.c and chkcntrl.c and removed #define from wrap.c. Added utility indexmaker in bin. Added file mime.types which was missing in the first release. It is in /lib Fixed bug exercised when Netscape uses If-Modified-Since with POST method. Fixed bug that caused documents requested with If-Modified-Since to be returned with no Content-type.