Commits
Commit:
2025e96d976677a7bf6bbe54185eb7bca026fe9d
From:
Omar Polo <op@omarpolo.com>
Date:
Sat Sep 10 09:48:30 2022 UTC
drop cgi vestiges from the struct host The `env' list is no longer used since CGI scripts were removed
Commit:
cd5826b8ba3b43ed9802309688ae029c0f5c4081
From:
Omar Polo <op@omarpolo.com>
Date:
Sat Sep 10 09:43:57 2022 UTC
retire the deprecated `mime' and `map' config options
Commit:
aa9543b9fd1963d86f63fda13addb356f9039c37
From:
Omar Polo <op@omarpolo.com>
Date:
Sat Sep 10 09:40:05 2022 UTC
make the mime types fixed-sized too
Commit:
7277bb7dc2971fad2a51b7975df85dda1df4c936
From:
Omar Polo <op@omarpolo.com>
Date:
Sat Sep 10 09:21:09 2022 UTC
make config fields `chroot' and `user' fixed-size
Commit:
760009951357d4c36991c4c6a62db973289b32d9
From:
Omar Polo <op@omarpolo.com>
Date:
Tue Sep 6 16:40:38 2022 UTC
optionally disable the sandbox on some systems The FreeBSD and Linux' sandbox can't deal with `fastcgi' and `proxy' configuration rules: new sockets needs to be opened and it's either impossible (the former) or a huge pain in the arse (the latter). The sandbox is still always used in case only static files are served.
Commit:
d29a2ee2246e1b1b0c5222a823820e42422c894e
From:
Omar Polo <op@omarpolo.com>
Date:
Tue Sep 6 16:11:09 2022 UTC
get rid of the CGI support I really want to get rid of the `executor' process hack for CGI scripts and its escalation to allow fastcgi and proxying to work on non-OpenBSD. This drops the CGI support and the `executor' process entirely and is the first step towards gmid 2.0. It also allows to have more secure defaults. On non-OpenBSD systems this means that the sandbox will be deactivated as soon as fastcgi or proxying are used: you can't open sockets under FreeBSD' capsicum(4) and I don't want to go thru the pain of making it work under linux' seccomp/landlock. Patches are always welcome however. For folks using CGI scripts (hey, I'm one of you!) not all hope is lost: fcgiwrap or OpenBSD' slowcgi(8) are ways to run CGI scripts as they were FastCGI applications. fixes for the documentation and to the non-OpenBSD sandboxes will follow.
Commit:
54203115cd0121ee0e44f5e58202a4d8054b9c09
From:
Omar Polo <op@omarpolo.com>
Date:
Fri Apr 8 13:52:35 2022 UTC
don't load the built-in list when using `types'
Commit:
d8d170aa5ee1498babee095078b3888f1525a2b3
From:
Omar Polo <op@omarpolo.com>
Date:
Fri Apr 8 13:44:49 2022 UTC
allow add_mime to fail add_mime nows allocate dinamically copies of the passed strings, so that we can actually free what we parse from the config file. This matters a lot especially with lengthy `types' block: strings that reach the internal mapping are never free'd, so every manual addition is leaked.
Commit:
6468868fee132f062133ad9a1d373ef213e689f1
From:
Omar Polo <op@omarpolo.com>
Date:
Thu Apr 7 16:15:55 2022 UTC
print a deprecation message for the map rule
Commit:
e5d82d9472513ef742dbb0b5ac451337625feb58
From:
Omar Polo <op@omarpolo.com>
Date:
Sat Mar 19 11:02:42 2022 UTC
const-ify some tables matches found with % grep -R '=[ ]*{' . | fgrep -v const
Commit:
ee219d702e4b1db5a985be5087f0e682b567618b
From:
Omar Polo <op@omarpolo.com>
Date:
Sat Feb 26 14:00:20 2022 UTC
add type { ... } block to define mime types mapping The `map' rule is powerful but quite annoying to use if you have/need lots of entries (and clutters the configuration file too.) The `type' block is blatantly stolen from httpd(8) and allows for a way more nice usage: type { include "/usr/share/misc/mime.types" } or even type { text/markdown md markdown text/x-perl pl pm # ... }
Commit:
88971f9a4e71c199c28fac3a1e9ccf39f44279f1
From:
Omar Polo <op@omarpolo.com>
Date:
Sat Feb 26 13:49:24 2022 UTC
add missing token include to the list of tokens
Commit:
1f1f381068ac81bb86177e7d55e75f440522643f
From:
Anna “CyberTailor” <cyber@sysrq.in>
Via:
Omar Polo <op@omarpolo.com>
Date:
Thu Feb 3 10:13:45 2022 UTC
include gmid.h before other headers to get all the prototypes > implicit declaration of function 'asprintf'; did you mean 'vsprintf'?
Commit:
1cdea97b6c74ec86e202431a208b5c99343f7273
From:
Omar Polo <op@omarpolo.com>
Date:
Sun Jan 30 10:14:44 2022 UTC
allow using a custom hostname for SNI during proxying add a `sni' option for the `proxy' block: the given name is used instead of the one extracted by the `relay-to' rule.
Commit:
ba94a608a89110740cb24ef098c476c84d371918
From:
Omar Polo <op@omarpolo.com>
Date:
Tue Jan 4 23:14:34 2022 UTC
add `require client ca' for proxy blocks refactor the code that calls validate_against_ca into an helper function to reuse it in both apply_require_ca and (optionally) in apply_reverse_proxy.
Omar Polo