3 40b71b68 2024-04-04 op ## 2024/04/04 - 2.0.2 “Lady Stardust” bugfix release
5 40b71b68 2024-04-04 op - fix `log access path' with `chroot' enabled.
6 40b71b68 2024-04-04 op - fix config dumping (-nn).
7 0d8eb9b6 2024-04-11 op - rework grammar to allow semicolons after top-level statements.
8 40b71b68 2024-04-04 op - don't make the log styles reserved keywords.
9 40b71b68 2024-04-04 op - contrib/vim: fixed indent, from Anna “CyberTailor”, thanks!
11 0baf7066 2024-01-24 op ## 2024/01/24 - 2.0.1 “Lady Stardust” bugfix release
13 0baf7066 2024-01-24 op * convert gmid to the new imsg API
14 0baf7066 2024-01-24 op * update bundled imsg
15 0baf7066 2024-01-24 op * configure: fix --mandir handling; from Anna “CyberTailor”, thanks!
17 38a0d7ee 2024-01-11 op ## 2024/01/11 - 2.0 “Lady Stardust”
19 707ec003 2024-01-10 op ### New Features
21 707ec003 2024-01-10 op * added `listen on' to specify per-server the list of addresses from where connections are to be accepted.
22 707ec003 2024-01-10 op * added titan(1), a simple titan client.
23 707ec003 2024-01-10 op * splitted the "configless" version of gmid as a standalone executable gemexp(1)
24 707ec003 2024-01-10 op * added ability to log to files with `log access <path>`
25 707ec003 2024-01-10 op * added ability to change the syslog(3) facility with `log syslog facility <facility>`
26 707ec003 2024-01-10 op * added ability to change the logging style with `log style <style>`
27 707ec003 2024-01-10 op * added `fastcgi strip'
28 89b564c3 2024-01-11 op * reworked the privsep implementation and added a privsep crypto engine
29 707ec003 2024-01-10 op * implemented `SCRIPT_NAME' and `PATH_INFO' splitting for fastcgi
33 707ec003 2024-01-10 op * fixed handling of TLS handshake failures
35 707ec003 2024-01-10 op ### Improvements
37 707ec003 2024-01-10 op * contrib/gencert: added -e to generate EC keys
38 707ec003 2024-01-10 op * use default prefork (3) in regress
39 707ec003 2024-01-10 op * removed the sha256 dependency of the regress suite
40 707ec003 2024-01-10 op * parse and log the fastcgi reply
41 707ec003 2024-01-10 op * revamped the fastcgi configuration, now it's per-location
42 707ec003 2024-01-10 op * attempt to load the TLS certificates, mimes and virtual hosts root as part of the configtest (-n) instead of verifying the syntax only.
43 707ec003 2024-01-10 op * synced the parameters with RFC3875 (CGI)
44 707ec003 2024-01-10 op * gg: exit with the gemini response code unless it's 2X
45 89b564c3 2024-01-11 op * gemexp: generate EC certificates too (it's also the new default)
46 707ec003 2024-01-10 op * (contrib/vim) added an ALE linter and updated the Vim syntax file; thanks Anna “CyberTailor”
48 707ec003 2024-01-10 op ### Breaking Changes
50 20fa7cde 2024-01-11 op * removed CGI support
51 707ec003 2024-01-10 op * gg now warns when the server doesn't use TLS' close_notify
52 707ec003 2024-01-10 op * deprecated the global `ipv6' and `port' settings in favour of the per-server `listen on` directive
53 707ec003 2024-01-10 op * removed the already deprecated config options `mime' and `map'
54 707ec003 2024-01-10 op * droped seccomp and capsicum support
55 89b564c3 2024-01-11 op * FastCGI: set REQUEST_METHOD to "GET" instead of the empty string
58 195f32d3 2022-12-02 op ## 2022/12/02 - 1.8.6 “Lightbulb Sun” bugfix release
60 195f32d3 2022-12-02 op * add tests and compat for setresuid setresgid
61 195f32d3 2022-12-02 op * add GEMINI_SEARCH_STRING fastcgi parameter / cgi env variable
62 195f32d3 2022-12-02 op * manpage fix: QUERY_STRING is *not* urldecoded
63 195f32d3 2022-12-02 op * fixed use-after-free in the fastcgi code
64 195f32d3 2022-12-02 op * when switching user also set the groups
65 195f32d3 2022-12-02 op * always cast is*() arguments to unsigned char
67 195f32d3 2022-12-02 op ## 2022/11/01 - 1.8.5 “Lightbulb Sun” bugfix release
69 8295757f 2022-11-01 op * removed OpenBSD' rc file because now is maintained in the ports tree
70 8295757f 2022-11-01 op * (hopefully) fix build on DragonflyBSD
71 8295757f 2022-11-01 op * call tzset(3) to fix times in logs
72 8295757f 2022-11-01 op * always send custom list of fcgi parameters (alex)
74 1f6de749 2022-07-04 op ## 2022/07/04 - 1.8.4 “Lightbulb Sun” bugfix release
78 1f6de749 2022-07-04 op * allow "@" and ":" in paths; spotted by freezr
79 1f6de749 2022-07-04 op * URL-encode the file names in the directory index; reported by cage
81 1f6de749 2022-07-04 op ### Improvements
83 1f6de749 2022-07-04 op * move the documentation about the config file in its own manual page: gmid.conf.5
84 1f6de749 2022-07-04 op * improvements to the mime handling: fixed a memory leak and improve lookup speed.
85 1f6de749 2022-07-04 op * log (with low priority) when gmid failed to open a file because of its permissions.
86 1f6de749 2022-07-04 op * include a trailing "/" for dirs in the auto-generated directory index.
88 1f6de749 2022-07-04 op ### Breaking Changes
90 1f6de749 2022-07-04 op * deprecated the `map' rule in favour of the new `types' block.
91 1f6de749 2022-07-04 op * the default list is not loaded anymore when `types' is used; except for the text/gemini to ".gmi"/".gemini" mappings.
94 1a04137e 2022-03-27 op ## 2022/03/27 - 1.8.3 “Lightbulb Sun” bugfix release
98 1a04137e 2022-03-27 op * fix a possible out-of-bound access in the CGI handling. It was introduced last October during a refactoring, but due to how many malloc(3) implementations works this hasn't been found until now. Otto' malloc is more strict fortunately.
101 62a46b03 2022-03-26 op ## 2022/03/26 - 1.8.2 “Lightbulb Sun” bugfix release
103 62a46b03 2022-03-26 op ### Bug fixes
105 62a46b03 2022-03-26 op * fix a CGI timing issue: if a connection handled by a CGI scripts is interrupted with the right timing it causes the server process to exit with "fatal in client_by_id: invalid id X".
107 62a46b03 2022-03-26 op ### New Features
109 62a46b03 2022-03-26 op * add a new block `type { ... }' to define mime types mapping.
111 62a46b03 2022-03-26 op ### Improvements
113 62a46b03 2022-03-26 op * use shell built-in `command' instead of which(1), prodded by cage and Allen Sobot.
114 62a46b03 2022-03-26 op * configure script: allow to set MANDIR from cmdline (Allen Sobot)
115 62a46b03 2022-03-26 op * add systemd-sysusers sample file in contrib/ (Nakaya)
116 62a46b03 2022-03-26 op * [linux/seccomp] allow fstatat64(2), llseek(2) and sigreturn(2), needed by glibc on armv7. (Tobias Berger)
117 62a46b03 2022-03-26 op * [linux/seccomp] tightens rules by allowing openat(2) only with the O_RDONLY flag.
120 c6ae2561 2022-02-10 op ## 2022/02/10 - 1.8.1 “Lightbulb Sun” bugfix release
122 c6ae2561 2022-02-10 op ### Bug fixes
124 c6ae2561 2022-02-10 op * fix landlock usage on linux: don't assume that access capabilities not listed are implicitly denied, because they are not. Mickaël Salaün, the landlock author, found the same error on game of trees:
126 c6ae2561 2022-02-10 op > In a nutshell, the ruleset's handled_access_fs is required for backward and forward compatibility (i.e. the kernel and user space may not know each other's supported restrictions), hence the need to be explicit about the denied-by-default access rights.
128 c6ae2561 2022-02-10 op In practice this affects only linux and only partially: thanks to the design of the daemon and the seccomp filter the effects of this mistake in handling landlock are fortunately limited. However, in theory at least, gmid could be for e.g. tricked into truncating existing files, so it's highly suggested to update.
130 c6ae2561 2022-02-10 op ## Improvements
132 c6ae2561 2022-02-10 op All by Anna “CyberTailor”, thanks!
134 c6ae2561 2022-02-10 op * don't skip unit tests when SKIP_RUNTIME_TEST is set
135 c6ae2561 2022-02-10 op * add `gg' to the regress target dependencies
136 c6ae2561 2022-02-10 op * fix the "implicit declaration of asprintf" warning
137 c6ae2561 2022-02-10 op * sync vim syntax
140 de721c43 2022-01-30 op ## 2022/01/30 - 1.8 “Lightbulb Sun”
142 de721c43 2022-01-30 op ### New Features
144 de721c43 2022-01-30 op * reverse proxying support: gmid now can relay gemini requests to other hosts.
145 de721c43 2022-01-30 op * install gg too: it's a simple gemini client ("gemini get") initially developed as part of the regression suite.
146 de721c43 2022-01-30 op * added OCSP stapling support (by @The-King-of-Toasters, thanks!)
147 de721c43 2022-01-30 op * add gencert, a simple script to generate self-signed certs.
148 de721c43 2022-01-30 op * add renew-certs, a script to automatically renew self-signed certs.
149 de721c43 2022-01-30 op * multiple -n partially dump the parsed configuration.
151 de721c43 2022-01-30 op ### Improvements
153 de721c43 2022-01-30 op * reworked the fastcgi subsystem, now it's completely asynchronous.
154 de721c43 2022-01-30 op * refactored the internal of the server too.
155 de721c43 2022-01-30 op * refactored the regression suite (in particular reduced the timeout for single tests from 30 to 10 seconds.)
156 de721c43 2022-01-30 op * configure: add support for --prefix=... autoconf-style flag.
157 de721c43 2022-01-30 op * relax the "wont proxy" check: don't check that the port in the request is the same we're listening on. Suggested and discussed with Allen Sobot, thanks!
158 de721c43 2022-01-30 op * relax the strict ordering of options, locations and proxy blocks inside a server block.
160 de721c43 2022-01-30 op ### Bug fixes
162 de721c43 2022-01-30 op * don't pass through illegal replies from CGI scripts.
163 de721c43 2022-01-30 op * fix the "double slash" error in logs.
164 de721c43 2022-01-30 op * fix the configure for cross-compilation: don't run the test binaries just built. Suggested by Nikolay Korotkiy (@sikmir), thanks!
165 de721c43 2022-01-30 op * (seccomp) allow ugetrlimit(2), needed by glibc on arm7l. By Max, thanks!
168 21dc3794 2022-01-28 op ## 2021/10/15 - 1.7.5 “Space-dye Vest” fifth bugfix release
170 21dc3794 2022-01-28 op This version includes the following bugfix
172 21dc3794 2022-01-28 op * don’t die when a connection is closed before being accepted by gmid (i.e. handle ‘ECONNRESET’)
175 21dc3794 2022-01-28 op ## 2021/09/24 - 1.7.4 “Space-dye Vest” fourth bugfix release
177 21dc3794 2022-01-28 op This version includes the following bugfix:
179 21dc3794 2022-01-28 op * fix a possible out-of-bound access when handling a request for a non-existent file in the root directory of a vhost that's matched by the cgi option
181 21dc3794 2022-01-28 op and the relative regression test.
184 21dc3794 2022-01-28 op ## 2021/09/19 - 1.7.3 “Space-dye Vest” third bugfix release
186 21dc3794 2022-01-28 op ### Improvements
188 21dc3794 2022-01-28 op * follows symlinks
189 21dc3794 2022-01-28 op * improved documentation and added key generation example (thanks! Anna)
193 21dc3794 2022-01-28 op * fix syslog logging on FreeBSD. Reported by Karl Jeacle, thanks!
194 21dc3794 2022-01-28 op * don't crash if ``-c'' is missing in configtest mode (-n). Reported by heph, thanks!
195 21dc3794 2022-01-28 op * allow fstat64 on linux (needed by glibc on aarch64). Reported by pine, thanks!
198 21dc3794 2022-01-28 op ## 2021/07/19 - 1.7.2 “Space-dye Vest” second bugfix release
200 21dc3794 2022-01-28 op This version incudes the following bugfix:
202 21dc3794 2022-01-28 op * an un-initialized field in the configless code path leads to a crash on the first request.
204 21dc3794 2022-01-28 op and the relative regression test.
207 21dc3794 2022-01-28 op ## 2021/07/11 - 1.7.1 “Space-dye Vest” bugfix release
209 21dc3794 2022-01-28 op This version includes two bugfixes:
210 21dc3794 2022-01-28 op * use ${MAKE} to recursively call make.
211 21dc3794 2022-01-28 op * fix the misleading example in the manpage: macros may not be reserved words
214 21dc3794 2022-01-28 op ## 2021/07/10 - 1.7 “Space-dye Vest”
216 21dc3794 2022-01-28 op Starting from this version gmid doesn't depend on lex anymore, but yacc is still needed.
218 21dc3794 2022-01-28 op ### New features
220 21dc3794 2022-01-28 op * initial fastcgi support! (it's still young!)
221 21dc3794 2022-01-28 op * added user-defined macros, either via ‘-Dname=val’ or directly in the configuration file.
222 21dc3794 2022-01-28 op * new ‘include’ keyword to load additional configuration files.
223 21dc3794 2022-01-28 op * new ‘env’ rule to define environment vars for CGI scripts.
224 21dc3794 2022-01-28 op * new ‘alias’ rule to define hostname aliases for a server.
225 21dc3794 2022-01-28 op * allow ‘root’ to be specified per-location block.
226 21dc3794 2022-01-28 op * pidfile support with the new ‘-P’ cli flag.
227 21dc3794 2022-01-28 op * define ‘TLS_VERSION’, ‘TLS_CIPHER’ and ‘TLS_CIPHER_STRENGTH’ for CGI scripts.
229 21dc3794 2022-01-28 op ### Improvements
231 21dc3794 2022-01-28 op * remove limits on the number of virtual hosts and location blocks that can be defined.
232 21dc3794 2022-01-28 op * print the datetime when logging to stderr.
233 21dc3794 2022-01-28 op * use ‘text/x-patch’ for ‘.patch’ and ‘.diff’ files.
234 21dc3794 2022-01-28 op * sort the auto index alphabetically.
235 21dc3794 2022-01-28 op * various improvements to the log management.
236 21dc3794 2022-01-28 op * drop the dependency on lex.
237 21dc3794 2022-01-28 op * added ‘--help’ as synonym of ‘-h’ and ‘-V’/‘--version‘ to print the version.
238 21dc3794 2022-01-28 op * c-like handling of strings in the configuration file: when two or more strings are next to each-others, are automatically joined into a single string. This is particularly useful with $-macros.
240 21dc3794 2022-01-28 op ### Bug fixes
242 21dc3794 2022-01-28 op * correctly handle CGI scripts that replies with the maxium header length allowed.
243 21dc3794 2022-01-28 op * fixed the static target.
244 21dc3794 2022-01-28 op * fixed recursive mkdirs for configless mode (i.e. create ‘~/.local/share/gmid’)
245 21dc3794 2022-01-28 op * logs sent to syslog now have proper priority (before every message ended up as LOG_CRIT). Found by Anna “CyberTailor”, thanks!
246 21dc3794 2022-01-28 op * ensure ‘%p’ (path) is always absolute in ‘block return’ rules.
247 21dc3794 2022-01-28 op * fix automatic certificate generation, it caused problems on some adroid devices. Found by Gnuserland, thanks!
248 21dc3794 2022-01-28 op * document the ‘log’ rule.
249 21dc3794 2022-01-28 op * the seccomp filter was reworked and now it's known to work properly on a vast range of architectures (to be more specific: all the architectures supported by alpine linux), see github issue #4. Prompted and tested by @begss, thanks!
250 21dc3794 2022-01-28 op * various improvements to the configure script, notified and fixed by Anna “CyberTailor”, thanks!
251 21dc3794 2022-01-28 op * added a timeout to the regression tests.
253 21dc3794 2022-01-28 op ### Breaking changes
255 21dc3794 2022-01-28 op * if duplicate rules are found in the configuration file, an error is now raised instead of silently using only the last value.
256 21dc3794 2022-01-28 op * (sort of) ‘gg’ moved to ‘regress’ as it's only used in the regression suite.
257 21dc3794 2022-01-28 op * (notice) the “mime "mime-type" "extension"” rule was deprecated and replaced by the new “map "mime-type" to-ext "extension"”. The ‘mime’ rule will be removed in a future version because its syntax is incompatible with the new string auto-concat mechanism.
