CHANGES ------- The major number changes for such things as code rewrites, changes in syntax, and/or dramatic changes in functionality. The minor number changes for corrections, enhancements, etc. made to the code. There is no set schedule for releases. --TODO-- + Figure out why Links browser doesn't work. + Add FastCGI support. + Add .hibachi directory access control file support (think .htaccess) + Add support to run-as-user under Windows. --3.0.4-- ! cgi: Changed session status handling. Previously we required the "HTTP/1.0 200 OK" response line to be supplied by the CGI, but now we can also detect a Status: header and output a response line or if both are missing provide our own 200 OK response line. This better supports PHP CGI binary and reduces the need to change existing PHP scripts to be entirely NPH. --3.0.3-- ! Add CGI_READ_TIMEOUT constant. ! options.c: replaced optDnsMaxTimeout and optDnsRoundRobin with pdq.h supplied definitions. --3.0.2-- ! Added verb_timers and verb_mutex guards around several TIMER_START calls. ! unix.c: removed SIGPROF from signal blocking. ! serverInit: fixed appending to the interfaces_fd table; was using the incorrect index such that later in serverChild the call to socketTimeouts in the accept loop would poll the wrong set of file decriptors, return immediately, and drive the CPU to 100% --3.0.1-- * Requires LibSnert 1.69.19 + Add +info option to output configure and compile options. + Add mime-types option list. Requested by April Lorenzen. ! serverInit: call pidLock following pidSave. + Added Img/icon-32x32.* for favicon. ! serverInit: fixed handling of socket initialisation errors. ! Added verb_timers and verb_mutex guards around several TIMER_START calls. --3.0.0-- * Requires LibSnert 1.69.2 ! Complete overhaul of threading model from classic client/server of accept and thread spawn to using a pool of pre-spawned server threads. Similar to work done for BarricadeMX 2.0 and 2.1. ! IPv6 support corrected. ! findFile: ignores files that are not readable by the web process. + Added NullSoft installer script for Windows. ! Moved default/ and localhost/ into a sites/ directory. Modified configure.in, MANIFEST.TXT.in, install.sh.in. This is more for Windows installs. --2.13-- + Added process fork() support when there is no POSIX threads. Minix 3.1.2 doesn't support threads yet. ! Several minor changes to support Minix 3.1.2. In particular the ./configure and ./config.status scripts have to be run using ksh with a chmem setting of about 2MB. ! ServerMain() fixed possible memory for accept() errors. ! Fixed convertDate() porting error concerning time zones from milter-date. --2.12-- ! Fixed log and pid file to support multiple running instances on different ports. The port number is now part of the file name. ! unix: Fix the dropping of privileges to be more precise with respect to the saved IDs, which can be problematic on some OSes which handle setuid() with slightly different semantics. The following was an interesting discussion of the issues: http://www.cs.berkeley.edu/~daw/papers/setuid-usenix02.pdf ! unix: Fixed binding to a port < 1024 when using -u. The dropping of privileges happened too soon. ! Test for missing option arguments. --2.11-- ! Moved setting of conn->requestId from worker() to ServerMain(). Removes need for mutex lock. ! errorFile() now reports the HTTP reply code. ! Added mutex locking to appLogOpen(). ! Separate unix and Windows startup code for better clarity. ! Make sure to set the user's supplemental groups or release those of root. --2.10-- ! unix: rearrange cgi() routine. ! cgi() now uses _exit() on error in the child process before we've execle() to the CGI so as to avoid invoking the atexit() routine that might remove things like the pid file that the parent requires. ! unix: on daemon startup chdir to server root, if this directory is writeable by the process owner, then core dumps can be saved + Windows: Implemented simple symbolic links for the virtual host's DOCUMENT_ROOT. Windows shortcuts are specific to the Explorer shell and not built into the OS. Windows junctions could be used, but they require tools to manage them. So we implement our own as simple text files in the server root containing an absolute directory path (max. length 255 bytes). ! unix: hasInput() when using poll(): changed POLLHUP condition to return EPIPE only once all input has been exhausted. Changed CGI child-to-client proxy I/O loop to match. --2.9-- ! Some minor documentation presentation changes. !! Complete revision of license to correspond with other Snert software. --2.8-- + Added SIGCHLD handler to reap dead child processes. + Added calls to signalReaper() in some places where an I/O call has returned with errno set to EINTR so as to catch dead child that occur between the end of the signalReaper() waitpid loop and the return from the SIGCHLD handler, because signals are not queued and we could miss reaping some dead children otherwise. ! Fixed possible memory leaks caused by independent threads not running detached. --2.7-- + Unix: Added SIGHUP handler to reread options and reopen log file. + Added more logging with client-IP address & request number. ! Simplified logged request line to only specify the status code before the number of bytes in and out. ! Simplified CGI and .asis status code capturing. ! Unix: changed CGI proxy I/O loops to use non-blocking reads and then use select() or poll() to detect if there is input waiting from the client or the CGI. For Tick Cafe this fixes a problem where two or more running CGI's block during I/O preventing more than one login and/or counters from running. ! Fixed bug with conditional GET time comparision (doh!). ! Unix: Fixed random crashes caused by threads getting SIGPIPE even though "signal(SIGPIPE, SIG_IGN)" was specified in main(). The sendData() function now blocks SIGPIPE and clears any pending SIGPIPE signals caused by send(). ! Changed sendData() to always return the number of bytes sent, even those partially sent before an error. ! Fixed server crash at the top of the ProxyInput() thread, previously ForwardInput(), caused when the client breaks the connection and the worker thread frees the data before ProxyInput() can even copy the necessary fields. A separate copy of the necessary data is prepared in advance and passed to the ProxyInput() thread, who then frees its workspace. The possibility of this happening was noted in 2.5. NOTE this change effects the accurate counting of bytes-in, which reflects the size of the request headers, but not POST content. This is because we cannot pass the Connection structure to update bytesIn and the ProxyInput() thread can remain active for a very long time while it waits for the child to finish processing (consider Tick Cafe session CGI that can remain running on average of 30 minutes or more). ! Unix: Close the log file before invoking the CGI. ! Fixed file descriptor leak, because of conditional GET/HEAD returning 304 Not Modified without closing the file handle. --2.6-- ! Unix: ForwardInput() now uses waitpid() status macros for more detailed logging. ! Unix: Fixed printf string format error for child exit status. ! Renamed files to avoid destroying modified copies: default/404.asis -> default/sample.404.asis default/index.asis -> default/sample.index.asis src/hibachi.cf.sample -> src/sample.hibachi.cf The sample. prefix was used instead of a suffix, because the way hibachi handles index.* lookups, index.asis.sample would interfer with a prefered index.asis. + Added support for Date, Last-Modified:, and If-Modified-Since: headers. Mozilla, Firefox, and Opera support conditional GET. This can improve performance both for the server and client. + The CGI response line is now captured and saved to the log instead of "000 Response Unknown". Since we were already proxy the I/O between client and CGI, its simple enough to capture the response. ! Fixed CGI proxy loops to limit their I/O to the size of the socket output buffer. See comment in version 2.2. --2.5-- ! Unix: fix problem with zombie child processes as a result of the use of waitpid(WNOHANG). ! Fix possible server crash due to a possible race condition in the ForwardInput() thread when it references the Connection structure after it has been freed by the worker() thread. ! Restructured configure and makefile layout. ! A /var/run/hibachi.pid file is only created when hibachi is started by root. The Windows .pid file is no longer created. ! Unix: Fix SYSTEMROOT null reference. ! Fix 404 Not Found handling. If you pass some non-existant path, you no longer default to the document root index file or script. This disallows having an index.cgi in the document root and passing some non-existant URI in the expectation that it will invoke the index.cgi with PATH_INFO set to the non-existant path: GET /does/not/exist HTTP/1.0 Should return 404 Not Found. The only way to invoke an index.cgi with a PATH_INFO value is to explicitly state the index file in the request. These examples will work: GET /index.cgi/does/not/exist HTTP/1.0 GET /index.txt/does/not/exist HTTP/1.0 GET /index.html/does/not/exist HTTP/1.0 GET /index.asis/does/not/exist HTTP/1.0 ! Unix: When started by a non-root user, the server would silently fail when it could not create /var/log/hibachi.log. Now the error appears on standard error. --2.4-- ! Fixed problem for CGI's returning error code 10106. It appears that for Windows, you need to include SYSTEMROOT environment variable, otherwise the CGI cannot find libraries like wsock32.dll or ws2_32.dll. ! Change Windows version MAX_EXIT_TIMEOUT from 30s to 0s. This change was made for my Tick Cafe 3.4 project, where the CGI becomes a session server and does not terminate quickly. Similarly, the Unix version uses waitpid() WNOHANG. If the CGI closes standard output, then hibachi will terminate the child- to-client relay and complete the request. This allows a CGI to return 204 Accepted and continue processing without delaying the response to the client request. ! Fixed Unix version to close all unused file descriptors before starting the child CGI. Failure to do so, means that hibachi could block indefinitely in the child-to-client relay loop, because there remains an open copy of the file descriptor. + See LICENSE.TXT. Note that while version 1.0 is in the public domain, Hibachi 2.0 is NOT. There are significant and numerous enhancements as of Hibachi 2.0, such that it is an original work written by myself, Anthony C Howe. --2.3-- ! hibachi-w32.exe: Fix -a problem where application mode starts and there is no standard streams, because a Windows GUI has no console window. A console window is now allocated and initial log output directed to it. CTRL-C in the console window will terminate hibachi in application mode. - The `-l stderr' has been dropped. The option -a implies this. ! The .pid file is now properly created in daemon mode. + hibachi-w32.exe: Fixed the passing of command-line options to the Windows service. --2.2-- ! Fix crashes caused by invalid requests such as: a) improperly formatted request line; b) unsupported method ! findFile(): Fixed seg. fault when directory does not exist. ! ServiceMain(), worker(): Fetch and use the system socket send buffer size for the file read/send loop. If the amount of data send was too much for send(), then errors (probably EAGAIN, ENOBUFS or EMSGSIZE) would occur and the output was clipped. Now partial sends properly handled. + Added environment variable: REQUEST_URI + Add support for a hibachi.cf options file. Particularly useful when running as a Windows service. + When the server is run as root, hibachi chroot() to the server root directory by default. Use -x to disable this. ! Changed "--- Response Unknown" to "000 Response Unknown". ! Defined MAX_ARGV_LENGTH constant for Windows command line parsing. ! The default error response for responce code 501 is now: 501 Not Implemented ! setup-links.sh: Now creates symbolic links for all inet IP found using ifconfig. ! makefile.in: Fixed install targets. ! Layout of installed files varies between Unix and Windows. ! configure.in: Some changes to clean up compiler differences and replace tests based on OS with those based on features. * Tested as Cygwin, OpenBSD 3.6, and Windows binaries. --2.1-- ! Changed -d to -v. + Added a default virtual host directory called `Default'. + Added support for PATH_INFO and PATH_TRANSLATED. + Added .asis file support, ie. a file supplies its own HTTP response, headers, and content. ! Fixed bug when looking for index files in a directory, a double slash would be added to the SCRIPT_FILENAME path. + Send SIGTERM to child CGI if the client breaks the connection. ! Set pool buffer size to be larger than request buffer, since we are essentially copying the headers to an environment space. + The following environment variables are available to a CGI: CONTENT_LENGTH (CGI/1.1) CONTENT_TYPE (CGI/1.1) DOCUMENT_ROOT GATEWAY_INTERFACE (CGI/1.1) PATH (SHELL) PATH_INFO (CGI/1.1) PATH_TRANSLATED (CGI/1.1) QUERY_STRING (CGI/1.1) REMOTE_ADDR (CGI/1.1) REQUEST_METHOD (CGI/1.1) SCRIPT_FILENAME (PHP) SCRIPT_NAME (CGI/1.1) SERVER_NAME (CGI/1.1) SERVER_PORT (CGI/1.1) SERVER_PROTOCOL (CGI/1.1) SERVER_SOFTWARE (CGI/1.1) In addition all the request headers are available as all upper case HTTP_ prefixed environment variables. So for example if the client broswer sends a Cookie header, then HTTP_COOKIE will be defined in the environment. + Added support for error documents, which can be a static file found in the virtual host's document root directory or the default virtual host directory. It cannot be a CGI (yet). The file name is the error number plus file extension, for example: 404.txt 404.html 404.asis If no document exists, then a simple text/plain response is returned. The following error documents are supported: 400 Bad Request 404 File Not Found 500 Internal Server Error 501 Unsupported The 404 File Not Found status is used instead of 403 Forbidden, as permitted by RFC 2616 section 10.4.4. NOTE that a .asis error file could return a different HTTP response code, such as 302 Found or 200 OK. ! Fixed builds using Borland C++ 5.5. + configure.in: now has option for Cygwin's gcc -mno-cygwin option to compile native Windows applications without cygwin1.dll. Compiling with gcc -mno-cygwin produces smaller code than Borland C. + Add -w option to toggle install/remove as a Windows service. When installed as a Windows service, executing the program simply launches the service. Note that the -v, -l, -p, and -r options can be used for manual starts of the hibachi service. When -r is not given, then the default server root is the directory containing hibachi.exe. + Add -a option to start hibachi as an application. By default the hibachi starts as a Unix daemon or Windows service. ! Fixed Windows environment bug, where not all the environment variables were given to the CGI, because of a difference in how Unix and Windows pass the environment. * NOTE that when Hibachi is built as native Windows application, Windows shortcuts do not work for aliasing a virtual host directory (yet) :( * Tested as Cygwin and Windows binaries. --2.0-- + Initial release of POSIX and Windows threaded version. + Improved the CGI/1.1 support. + Added command line options: -d debug meessages -g group only root can set this -l log default none; file, or stderr -p port default 8008 -r directory default current directory -u user only root can set this ! Change main() return codes to be 1 on error, 2 on usage error. + Version 2 is NOT in the Public Domain. There was significant amount of work involved to convert to a threaded and add Windows support. + See LICENSE.TXT. --1.0-- Initial release. Submission to the IOCCC 2004. --0.8-- + Add support for SCRIPT_FILENAME for PHP/CGI. + Restructured directories. + Added autoconf configure.in script and friends. --0.7-- ! Replaced print() macro by expansion in status(). Only used in one place. This also fixes a macro expansion bug in status(). ! status() now correctly passes the size of the status response headers to send(). ! Fixed transform.sed which incorrectly transform Host: header string into h:. + Experimented with configure.in and makefile.in. Not really necessary and the testing of macros resulting #defines in the source would exceed the size limit. --0.6-- ! Renamed error() to status(). Set content-length to that of the response message or static file. + Added more details comments with citiations of relavent paragraphs from RFC 2616 and the CGI/1.1 specification. ! Enlarged header parsing buffer from 4KB to 8KB. ! Changed parsing of request CRLF to allow for just LF. + Fold case of request headers to lower case, because of problem with Lynx not specifying headers as they appear in RFC 2616. --0.5-- + First attempt static file web server, with virtual host support. + Added support for CGI/1.1 specification, in particular "nph" CGIs with a selected set of necessary environment variables. -END-