tag 1.8.2 -- "Lightbulb Sun" bugfix release gmid 1.8.2 "Lightbulb Sun" bugfix release ========================================= Released March 26, 2022. signify(1) pubkeys for this release: RWTy3UJQzpxBUAymBwb2EGLLm0b3H/1n8hzhaC9HYFYzNuTavGt9QSwC Bug Fixes ~~~~~~~~~ * fix a CGI timing issue: if a connection handled by a CGI scripts is interrupted with the right timing it causes the server process to exit with "fatal in client_by_id: invalid id X". New Features ~~~~~~~~~~~~ * add a new block `type { ... }' to define mime types mapping. Improvements ~~~~~~~~~~~~ * use shell built-in `command' instead of which(1), prodded by cage and Allen Sobot. * configure script: allow to set MANDIR from cmdline (Allen Sobot) * add systemd-sysusers sample file in contrib/ (Nakaya) * [linux/seccomp] allow fstatat64(2), llseek(2) and sigreturn(2), needed by glibc on armv7. (Tobias Berger) * [linux/seccomp] tightens rules by allowing openat(2) only with the O_RDONLY flag.

bump Mdocdate

add target `test' alias for `regress'

swap try_client_by_id with client_by_id i.e. allow client_by_id to fail and return NULL. Initially I thought it was a good idea to shut down a server process if we receive an invalid client id as reply from one of our requests to the executor process. This turned out not to be correct since a client can (read: will) disconnect in the delay beteewn we acknowledge their request and the cgi script execution. The fastcgi and proxy handler already handled this situation, so they're unaffected. This allows an attacker to make gmid unresponsible by just making enough requests until they hit the right timing.

move to a different server

break out if check_reply fails it's not a problem when we have only one check_reply at then end, since $? is kept across function boundaries, but when we have multiple checks we need to quit on the first error.

sync imsg-buffer.c original commit from eric@: change the barrier so that fd's are always passed and received with the first byte of the imsg they belong to. idea, tweaks and ok claudio@

sync recallocarary.c original commit from claudio@: Type-cast getpagesize() from int to size_t for the comparison with d. getpagesize() will only return positive numbers (there is no negative page size system) and it can not fail. Should fix some compiler warnings seen in -portable projects. OK otto@

const-ify some tables matches found with % grep -R '=[ ]*{' . | fgrep -v const

get rid of `which` in the configure too should have been done already in 12fcba2; reminded by Allen Sobot, thanks!

configure: allow to set MANDIR from args diff by Allen Sobot (chilledfrogs at disroot dot org), thanks!

mention gmid.sysusers in contrib together with gmid.service related to github issue #14

add missing newline

add description about systemd-sysusers on quickstart

add systemd-sysusers' config file