đž Archived View for gmid.omarpolo.com âş changelog.gmi captured on 2022-04-29 at 11:24:15. Gemini links have been rewritten to link to archived content
View Raw
More Information
âŹ
ď¸ Previous capture (2022-04-28)
âĄď¸ Next capture (2022-07-16)
-=-=-=-=-=-=-
home
contrib
guide
faq
change log
2022/03/27 - 1.8.3 âLightbulb Sunâ bugfix release
Bug fixes
- fix a possible out-of-bound access in the CGI handling. It was introduced last October during a refactoring, but due to how many malloc(3) implementations works this hasn't been found until now. Otto' malloc is more strict fortunately.
2022/03/26 - 1.8.2 âLightbulb Sunâ bugfix release
Bug fixes
- fix a CGI timing issue: if a connection handled by a CGI scripts is interrupted with the right timing it causes the server process to exit with "fatal in client_by_id: invalid id X".
New Features
- add a new block `type { ... }' to define mime types mapping.
Improvements
- use shell built-in `command' instead of which(1), prodded by cage and Allen Sobot.
- configure script: allow to set MANDIR from cmdline (Allen Sobot)
- add systemd-sysusers sample file in contrib/ (Nakaya)
- [linux/seccomp] allow fstatat64(2), llseek(2) and sigreturn(2), needed by glibc on armv7. (Tobias Berger)
- [linux/seccomp] tightens rules by allowing openat(2) only with the O_RDONLY flag.
2022/02/10 - 1.8.1 âLightbulb Sunâ bugfix release
Bug fixes
- fix landlock usage on linux: don't assume that access capabilities not listed are implicitly denied, because they are not. MickaĂŤl SalaĂźn, the landlock author, found the same error on game of trees:
In a nutshell, the ruleset's handled_access_fs is required for backward and forward compatibility (i.e. the kernel and user space may not know each other's supported restrictions), hence the need to be explicit about the denied-by-default access rights.
In practice this affects only linux and only partially: thanks to the design of the daemon and the seccomp filter the effects of this mistake in handling landlock are fortunately limited. However, in theory at least, gmid could be for e.g. tricked into truncating existing files, so it's highly suggested to update.
Improvements
All by Anna âCyberTailorâ, thanks!
- don't skip unit tests when SKIP_RUNTIME_TEST is set
- add `gg' to the regress target dependencies
- fix the "implicit declaration of asprintf" warning
- sync vim syntax
2022/01/30 - 1.8 âLightbulb Sunâ
New Features
- reverse proxying support: gmid now can relay gemini requests to other hosts.
- install gg too: it's a simple gemini client ("gemini get") initially developed as part of the regression suite.
- added OCSP stapling support (by @The-King-of-Toasters, thanks!)
- add gencert, a simple script to generate self-signed certs.
- add renew-certs, a script to automatically renew self-signed certs.
- multiple -n partially dump the parsed configuration.
Improvements
- reworked the fastcgi subsystem, now it's completely asynchronous.
- refactored the internal of the server too.
- refactored the regression suite (in particular reduced the timeout for single tests from 30 to 10 seconds.)
- configure: add support for --prefix=... autoconf-style flag.
- relax the "wont proxy" check: don't check that the port in the request is the same we're listening on. Suggested and discussed with Allen Sobot, thanks!
- relax the strict ordering of options, locations and proxy blocks inside a server block.
Bug fixes
- don't pass through illegal replies from CGI scripts.
- fix the "double slash" error in logs.
- fix the configure for cross-compilation: don't run the test binaries just built. Suggested by Nikolay Korotkiy (@sikmir), thanks!
- (seccomp) allow ugetrlimit(2), needed by glibc on arm7l. By Max, thanks!
2021/10/15 - 1.7.5 âSpace-dye Vestâ fifth bugfix release
This version includes the following bugfix
- donât die when a connection is closed before being accepted by gmid (i.e. handle âECONNRESETâ)
2021/09/24 - 1.7.4 âSpace-dye Vestâ fourth bugfix release
This version includes the following bugfix:
- fix a possible out-of-bound access when handling a request for a non-existent file in the root directory of a vhost that's matched by the cgi option
and the relative regression test.
2021/09/19 - 1.7.3 âSpace-dye Vestâ third bugfix release
Improvements
- follows symlinks
- improved documentation and added key generation example (thanks! Anna)
Bugfix
- fix syslog logging on FreeBSD. Reported by Karl Jeacle, thanks!
- don't crash if ``-c'' is missing in configtest mode (-n). Reported by heph, thanks!
- allow fstat64 on linux (needed by glibc on aarch64). Reported by pine, thanks!
2021/07/19 - 1.7.2 âSpace-dye Vestâ second bugfix release
This version incudes the following bugfix:
- an un-initialized field in the configless code path leads to a crash on the first request.
and the relative regression test.
2021/07/11 - 1.7.1 âSpace-dye Vestâ bugfix release
This version includes two bugfixes:
- use ${MAKE} to recursively call make.
- fix the misleading example in the manpage: macros may not be reserved words
2021/07/10 - 1.7 âSpace-dye Vestâ
Starting from this version gmid doesn't depend on lex anymore, but yacc is still needed.
New features
- initial fastcgi support! (it's still young!)
- added user-defined macros, either via â-Dname=valâ or directly in the configuration file.
- new âincludeâ keyword to load additional configuration files.
- new âenvâ rule to define environment vars for CGI scripts.
- new âaliasâ rule to define hostname aliases for a server.
- allow ârootâ to be specified per-location block.
- pidfile support with the new â-Pâ cli flag.
- define âTLS_1.8.3IONâ, âTLS_CIPHERâ and âTLS_CIPHER_STRENGTHâ for CGI scripts.
Improvements
- remove limits on the number of virtual hosts and location blocks that can be defined.
- print the datetime when logging to stderr.
- use âtext/x-patchâ for â.patchâ and â.diffâ files.
- sort the auto index alphabetically.
- various improvements to the log management.
- drop the dependency on lex.
- added â--helpâ as synonym of â-hâ and â-Vâ/â--versionâ to print the version.
- c-like handling of strings in the configuration file: when two or more strings are next to each-others, are automatically joined into a single string. This is particularly useful with $-macros.
Bug fixes
- correctly handle CGI scripts that replies with the maxium header length allowed.
- fixed the static target.
- fixed recursive mkdirs for configless mode (i.e. create â~/.local/share/gmidâ)
- logs sent to syslog now have proper priority (before every message ended up as LOG_CRIT). Found by Anna âCyberTailorâ, thanks!
- ensure â%pâ (path) is always absolute in âblock returnâ rules.
- fix automatic certificate generation, it caused problems on some adroid devices. Found by Gnuserland, thanks!
- document the âlogâ rule.
- the seccomp filter was reworked and now it's known to work properly on a vast range of architectures (to be more specific: all the architectures supported by alpine linux), see github issue #4. Prompted and tested by @begss, thanks!
- various improvements to the configure script, notified and fixed by Anna âCyberTailorâ, thanks!
- added a timeout to the regression tests.
Breaking changes
- if duplicate rules are found in the configuration file, an error is now raised instead of silently using only the last value.
- (sort of) âggâ moved to âregressâ as it's only used in the regression suite.
- (notice) the âmime "mime-type" "extension"â rule was deprecated and replaced by the new âmap "mime-type" to-ext "extension"â. The âmimeâ rule will be removed in a future version because its syntax is incompatible with the new string auto-concat mechanism.