ksgi
/
versions.xml
1751 строка · 67.1 Кб
1<?xml version="1.0" encoding="UTF-8" ?>2<!-- vim: set tw=100: -->3<articles>4<article data-sblg-article="1" data-sblg-tags="version">5<header>6<h1>0.13.3</h1>7<address>Kristaps Dzonsons</address>8<time datetime="2023-12-02">2023-12-02</time>9</header>10<aside>11<div>12Fix shared library on Mac OS X.13</div>14</aside>15</article>16<article data-sblg-article="1" data-sblg-tags="version">17<header>18<h1>0.13.2</h1>19<address>Kristaps Dzonsons</address>20<time datetime="2023-11-25">2023-11-25</time>21</header>22<aside>23<div>24Un-break seccomp for i386.25</div>26<div>27Start installing shared libraries alongside the static archives.28Also restrict symbol visibility to the contents of the public header29files.30</div>31<div>32Decouple writer libraries (<a href="kcgihtml.3.html">kcgihtml(3)</a>33and such) from reaching into private functions of34<a href="libkcgi.3.html">libkcgi(3)</a>. This meant moving some35writer functions (e.g.,36<a href="kcgi_writer_write.3.html">kcgi_writer_write(3)</a> into the37public header file.38This also allows for creating external writer routines.39</div>40</aside>41</article>42<article data-sblg-article="1" data-sblg-tags="version">43<header>44<h1>0.13.1</h1>45<address>Kristaps Dzonsons</address>46<time datetime="2023-11-19">2023-11-19</time>47</header>48<aside>49<div>50Re-enable seccomp by default after introducing51<a href="https://github.com/kristapsdz/kcgi/actions">GitHub actions</a>52to test on53alternate architectures (armv7, aarch64, etc.).54</div>55<div>56Add57<a href="khttp_fcgi_getfd.3.html">khttp_fcgi_getfd(3)</a>, which58allows for asynchronous applications (those with a descriptor59polling loop) to incorporate <span class="nm">kcgi</span>.60</div>61</aside>62</article>63<article data-sblg-article="1" data-sblg-tags="version">64<header>65<h1>0.13.0</h1>66<address>Kristaps Dzonsons</address>67<time datetime="2021-09-23">2021-09-23</time>68</header>69<aside>70<div>71<strong>Disable Linux's seccomp by default.</strong>72I'm just not able to maintain this facility in a reliable way. For73future work, it looks like <a href="https://landlock.io">landlock</a>74might be a better solution. Maintainers can enable seccomp by75editing the Makefile to re-add support. (This will also add76debugging.) I'll continue to add patches for those running with77seccomp, but don't have the bandwidth to test them.78</div>79<div>80Allow81<a href="khttpbasic_validate.3.html">khttpbasic_validate(3)</a>82to validate both <q>bearer</q> and <q>basic</q> requests.83This follows from conventional usage of bearer tokens.84</div>85</aside>86</article>87<article data-sblg-article="1" data-sblg-tags="version">88<header>89<h1>0.12.5</h1>90<address>Kristaps Dzonsons</address>91<time datetime="2021-05-08">2021-05-08</time>92</header>93<aside>94<div>95Add support for <q>bearer</q> authorisation tokens. These are96described in97<a href="https://tools.ietf.org/html/rfc6750">RFC 6750</a>.98Fix <a href="khttp_fcgi_test.3.html">khttp_fcgi_test(3)</a> to work99properly when in variable-pool mode.100</div>101</aside>102</article>103<article data-sblg-article="1" data-sblg-tags="version">104<header>105<h1>0.12.4</h1>106<address>Kristaps Dzonsons</address>107<time datetime="2021-03-02">2021-03-02</time>108</header>109<aside>110<div>111Add some attributes and elements for112<a href="https://www.w3.org/TR/html52/">HTML5.2</a>, which is the113standard supported by <a href="kcgihtml.3.html">kcgihtml(3)</a>.114</div>115</aside>116</article>117<article data-sblg-article="1" data-sblg-tags="version">118<header>119<h1>0.12.3</h1>120<address>Kristaps Dzonsons</address>121<time datetime="2021-01-20">2021-01-20</time>122</header>123<aside>124<div>125<b>Bug fix</b>: fix some bad pointer arithmetic on a regression test126on Linux. While here, fix how <code>make regress</code> would spam127some systems with erroneous warning messages.128</div>129</aside>130</article>131<article data-sblg-article="1" data-sblg-tags="version">132<header>133<h1>0.12.2</h1>134<address>Kristaps Dzonsons</address>135<time datetime="2020-07-24">2020-07-24</time>136</header>137<aside>138<div>139<b>Bug fix</b>: some errors encountered writing connection140file-descriptors to child processors in FastCGI were accidentally141ignored.142This came because the function returned success, failure, or hangup,143while the caller was testing for failure/success.144No such error has ever been reported in the wild—it would145probably signify much larger issues that would soon be caught146anyway—but the fix is still valid.147</div>148<div>149Significant simplification of the back-end in removing several150crufty interfaces.151Back-end logging now uses the front-end logging functions for152consistency and to avoid having separate loggers.153The same applies to the <code>debugging</code> parameter passed into154<a href="khttp_parse.3.html">khttp_parse(3)</a>.155</div>156<div>157<b>Bug fix</b> for FreeBSD with Capsicum when logging to a file158opened with <a href="kutil_openlog.3.html">kutil_openlog(3)</a>.159Same goes with the Linux and Darwin sandboxes.160</div>161</aside>162</article>163<article data-sblg-article="1" data-sblg-tags="version">164<header>165<h1>0.12.1</h1>166<address>Kristaps Dzonsons</address>167<time datetime="2020-05-11">2020-05-11</time>168</header>169<aside>170<div>171Deprecate172<code>kutil_date2epoch</code>,173<code>kutil_date_check</code>,174<code>kutil_datetime2epoch</code>, and175<code>kutil_datetime_check</code>176in favour of177<a href="khttp_datetime2epoch.3.html">khttp_datetime2epoch(3)</a> and178<a href="khttp_datetime2epoch.3.html">khttp_date2epoch(3)</a>.179These variants use portable implementations of180<a href="https://man.openbsd.org/gmtime">gmtime(3)</a> and181<a href="https://man.openbsd.org/timegm">timegm(3)</a>182that are not183encumbered by per-system constraints such as FreeBSD not accepting184years prior to 1900 and of course the 32-bit problem.185</div>186<div>187Add188<a href="khttp_epoch2datetime.3.html">khttp_epoch2datetime(3)</a>189to symmetrise190<a href="khttp_datetime2epoch.3.html">khttp_datetime2epoch(3)</a>.191</div>192<div>193Further deprecate <code>kutil_epoch2str</code>,194<code>kutil_epoch2utcstr</code>,195<code>kutil_epoch2tmvals</code>, and196<code>KUTIL_EPOCH2TM</code> as197<a href="khttp_epoch2str.3.html">khttp_epoch2str</a>,198<a href="khttp_epoch2str.3.html">khttp_epoch2ustr</a>,199<a href="khttp_epoch2tms.3.html">khttp_epoch2tms</a>, and200<a href="khttp_epoch2tms.3.html">KHTTP_EPOCH2TM</a>, respectively.201The new forms, besides having consistent naming, specifically202account for corner cases like negative dates, years with more than203four digits, etc.204These no longer use the system205<a href="https://man.openbsd.org/strtime">strtime(3)</a>206due to inconsistencies between implementations (e.g., Oracle Solaris207not printing >4 digit years) and the 32-bit problem.208</div>209</aside>210</article>211<article data-sblg-article="1" data-sblg-tags="version">212<header>213<h1>0.12.0</h1>214<address>Kristaps Dzonsons</address>215<time datetime="2020-04-10">2020-04-10</time>216</header>217<aside>218<div>219Add the <a href="khttp_urlpart.3.html">khttp_urlpart(3)</a> family220to replace the now-deprecated <code>kutil_urlpart</code> functions.221These are for the most part a re-name of the old functions that222remove the unused <code>struct kreq</code> argument.223There are some small behaviour changes from the original in corner224case usage: they have an empty suffix (not just <code>NULL</code>)225inhibit printing the dot-suffix, allow a <code>NULL</code> page, and226have an empty or <code>NULL</code> page also inhibit the suffix.227This way, these functions only produce valid URLs, and also allow228for some previously-disallowed (but valid) forms such as229<code>/?foo=bar</code>.230</div>231<div>232The previous functions have been retained with the original233behaviour <strong>with one exception</strong>: before, an empty234suffix would still print the period separator. Now, this is235suppressed.236</div>237<div>238The <code>khttp_vurlpart</code> and <code>khttp_vurlpartx</code>239forms, which accept a variable-length type, are also now exposed for240use.241</div>242<div>243Add the <a href="khttp_urlabs.3.html">khttp_urlabs(3)</a> function,244which is similar to the earlier <code>kutil_urlabs</code> but245significantly more robust and accepts query string arguments.246The earlier <code>kutil_urlabs</code> is retained, but deprecated.247</div>248<div>249Add <a href="khttp_urlencode.3.html">khttp_urlencode(3)</a> and250<a href="khttp_urldecode.3.html">khttp_urldecode(3)</a>,251replacing the legacy <code>kutil_urlencode</code> and252<code>kutil_urldecode</code>. They're identical253except in how <code>NULL</code> values are handled, in the first254case returning them as empty strings instead of <code>NULL</code>,255in the second regarding them as errors.256For the encoder, this allows all URL formatting tools to pass257<code>NULL</code> values as query string values without errors.258The earlier functions have been retained with the original behaviour259<strong>with one exception</strong>, in that a <code>NULL</code>260destination argument for <code>kutil_urldecode</code> triggers a261<code>KCGI_FORM</code> return.262</div>263<div>264Have <a href="kxml_puts.3.html">kxml_puts(3)</a>265and <a href="kxml_write.3.html">kxml_write(3)</a>266handle <code>NULL</code> pointers as content.267</div>268<div>269Verify and fix that all scope-opening functions in270<a href="kcgixml.3.html">kcgixml(3)</a> and271<a href="kcgihtml.3.html">kcgihtml(3)</a>272properly close variable arguments contexts on error.273</div>274<div>275Instead of aborting when the maximum number of scopes in276<a href="kcgijson.3.html">kcgijson(3)</a>,277<a href="kcgihtml.3.html">kcgihtml(3)</a>, or278<a href="kcgixml.3.html">kcgixml(3)</a>279has been reached, return <code>KCGI_ENOMEM</code>.280</div>281<div>282Check that the element index passed to283<a href="kxml_pushnull.3.html">kxml_pushnull(3)</a> is valid.284</div>285<div>286<strong>Behaviour change</strong>: previously, several287<a href="kcgixml.3.html">kcgixml(3)</a> functions would return288<code>KCGI_FORM</code>, such as when popping from an empty stack.289To prevent other <code>KCGI_FORM</code> errors from being masked,290use <code>KCGI_WRITER</code> to handle these situations.291</div>292<div>293Split apart <a href="kcgixml.3.html">kcgixml(3)</a> into one manpage294per function.295</div>296</aside>297</article>298<article data-sblg-article="1" data-sblg-tags="version">299<header>300<h1>0.11.0</h1>301<address>Kristaps Dzonsons</address>302<time datetime="2020-03-27">2020-03-27</time>303</header>304<aside>305<div>306Bumping minor number due to some API and behaviour changes.307</div>308<div>309<strong>API change</strong>: previously,310<a href="khtml_ncr.3.html">khtml_ncr(3)</a> accepted a311<code>uint16_t</code> for its entity value.312However, these values can legitimately be 32 bits.313It has been changed to <code>uint32_t</code>.314</div>315<div>316<strong>API change</strong>: the <code>struct khtmlreq</code>317pointer passed into318<a href="khtml_elemat.3.html">khtml_elemat(3)</a> is now319<code>const</code>.320</div>321<div>322<strong>Behaviour change</strong>: previously,323<a href="khtml_closeto.3.html">khtml_closeto(3)</a> would return324<code>KCGI_FORM</code> if given a stack position greater than the325current stack.326This is inconsistent with other functions, so such values are now327simply ignored.328It also masks other problems that cause <code>KCGI_FORM</code> to329return.330Furthermore, if this function was invoked at the current depth, it331would close all scopes instead of none.332This has also been fixed.333</div>334<div>335<strong>Behaviour change</strong>: previously, many336<a href="kcgijson.3.html">kcgijson(3)</a> functions would return337<code>KCGI_FORM</code> if used out-of-context, for example, trying338to open a named object in an array context.339To prevent other <code>KCGI_FORM</code> errors from being masked,340introduce a new error code <code>KCGI_WRITER</code> to handle these341situations.342</div>343<div>344Passing a345<code>NULL</code> pointer value to the string writing functions of346<a href="khttp_puts.3.html">khttp_puts(3)</a>,347<a href="khttp_write.3.html">khttp_write(3)</a>,348<a href="kcgihtml.3.html">kcgihtml(3)</a> or349<a href="kcgijson.3.html">kcgijson(3)</a> would cause undefined350behaviour.351Now these are noops.352</div>353<div>354Add355<a href="khtml_printf.3.html">khtml_printf(3)</a>.356Split apart357<a href="kcgihtml.3.html">kcgihtml(3)</a> into one manpage per function.358Split apart359<a href="kcgijson.3.html">kcgijson(3)</a> into one manpage per function.360</div>361</aside>362</article>363<article data-sblg-article="1" data-sblg-tags="version">364<header>365<h1>0.10.18</h1>366<address>Kristaps Dzonsons</address>367<time datetime="2020-03-22">2020-03-22</time>368</header>369<aside>370<div>371Add372<a href="khttp_printf.3.html">khttp_printf(3)</a> and373<a href="kcgi_buf_printf.3.html">kcgi_buf_printf(3)</a>.374Split out manual pages for375<a href="khttp_putc.3.html">khttp_putc(3)</a>,376<a href="khttp_puts.3.html">khttp_puts(3)</a>,377<a href="khttp_printf.3.html">khttp_printf(3)</a>, and378<a href="khttp_write.3.html">khttp_write(3)</a>; and also379<a href="kcgi_buf_putc.3.html">kcgi_buf_putc(3)</a>,380<a href="kcgi_buf_puts.3.html">kcgi_buf_puts(3)</a>,381<a href="kcgi_buf_printf.3.html">kcgi_buf_printf(3)</a>, and382<a href="kcgi_buf_write.3.html">kcgi_buf_write(3)</a>.383Add many more regression tests for the behaviour of these functions.384</div>385</aside>386</article>387<article data-sblg-article="1" data-sblg-tags="version">388<header>389<h1>0.10.16</h1>390<address>Kristaps Dzonsons</address>391<time datetime="2020-03-17">2020-03-17</time>392</header>393<aside>394<div>395System now works out-of-the-box on OpenBSD, FreeBSD, NetBSD, Linux,396SunOS, OmniOS (IllumOS), Darwin.397</div>398</aside>399</article>400<article data-sblg-article="1" data-sblg-tags="version">401<header>402<h1>0.10.15</h1>403<address>Kristaps Dzonsons</address>404<time datetime="2020-03-11">2020-03-11</time>405</header>406<aside>407<div>408Portability updates to the build system.409Bring in the newest410<a href="https://github.com/kristapsdz/oconfigure">oconfigure</a>.411</div>412</aside>413</article>414<article data-sblg-article="1" data-sblg-tags="version">415<header>416<h1>0.10.14</h1>417<address>Kristaps Dzonsons</address>418<time datetime="2020-02-27">2020-02-27</time>419</header>420<aside>421<div>422Start using423<a href="https://man.openbsd.org/pkg-config">pkg-config</a> for all424<span class="nm">kcgi</span> libraries.425This makes it much easier to use the system without knowing426installation details.427All documentation has been upgraded to note the fact.428</div>429</aside>430</article>431<article data-sblg-article="1" data-sblg-tags="version">432<header>433<h1>0.10.13</h1>434<address>Kristaps Dzonsons</address>435<time datetime="2020-02-17">2020-02-17</time>436</header>437<aside>438<div>439Re-write the internal logging function so that it does not use a440static buffer, lifting the previous 1024 byte limit.441This means that log messages might exhaust memory, but that seems442the lesser of two evils.443</div>444<div>445Relax <a href="kvalid_string.3.html">kvalid_email(3)</a> so that it446accepts three-byte e-mails (e.g., <code>a@b</code>) but tighten it447to require not starting or ending with a <code>@</code>.448</div>449<div>450Add a new user-visible wrapper function, <a451href="kmalloc.3.html">kvasprintf(3)</a>.452</div>453<div>454Protect against <code>NULL</code> format strings being passed to the455logging functions.456</div>457</aside>458</article>459<article data-sblg-article="1" data-sblg-tags="version">460<header>461<h1>0.10.12</h1>462<address>Kristaps Dzonsons</address>463<time datetime="2020-01-12">2020-01-12</time>464</header>465<aside>466<div>467Fix regression framework.468This was failing for FastCGI tests because the framework wasn't469properly prefixing the HTTP version as it was for CGI tests.470This now allows all tests to run under the new curl.471</div>472<div>473Use the proper Capsicum header for FreeBSD.474</div>475<div>476Bring in the latest <a477href="https://github.com/kristapsdz/oconfigure">oconfigure</a>478and also merge dependent changes for seccomp on Linux.479Then enable seccomp protection for aarch64 on Linux.480</div>481<div>482Bring in optimisations and corrections in URL decoding by Dapeng483Gao, thanks!484</div>485</aside>486</article>487<article data-sblg-article="1" data-sblg-tags="version">488<header>489<h1>0.10.11</h1>490<address>Kristaps Dzonsons</address>491<time datetime="2019-07-05">2019-07-05</time>492</header>493<aside>494<div>495Maintenance release:496bring up to date with latest <a497href="https://github.com/kristapsdz/oconfigure">oconfigure</a>,498merge pending <a href="https://github.com/kristapsdz/kcgi">GitHub</a> pulls.499</div>500</aside>501</article>502<article data-sblg-article="1" data-sblg-tags="version">503<header>504<h1>0.10.10</h1>505<address>Kristaps Dzonsons</address>506<time datetime="2018-12-27">2018-12-27</time>507</header>508<aside>509<div>510A lot of work for functioning on FreeBSD (specifically, breakage511with the sandbox) and musl libc.512Thanks to <code>href@random.sh</code> for access to a FreeBSD513machine for testing and solving this issue!514</div>515<div>516Add <a href="kutil_urlencode.3.html">kutil_urldecode(3)</a> and517<a href="kutil_urlencode.3.html">kutil_urldecode_inplace(3)</a>,518which are the reverse of the existing encode functions.519</div>520<div>521Also, revert to using BSD Makefile instead of GNU.522Linux downstream will need to adjust to use <code>bmake</code> for523the build sequence.524</div>525</aside>526</article>527<article data-sblg-article="1" data-sblg-tags="version">528<header>529<h1>0.10.8</h1>530<address>Kristaps Dzonsons</address>531<time datetime="2018-12-18">2018-12-18</time>532</header>533<aside>534<div>535Good-bye, systrace(4)…536</div>537<div>538Many minor documentation fixes from the GitHub pulls and issues page.539Thank you for everybody's submissions!540</div>541<div>542Many thanks to Valentin Pistol for verifying that the regressions543suite works properly on newer (Majove) builds of MacOS.544</div>545<div>546Allow compilation on547<a href="https://www.musl-libc.org/">musl</a>548by bringing in latest549<a href="https://github.com/kristapsdz/oconfigure">oconfigure</a>550and making some tweaks.551This also makes building without zlib to complete without compiler552warnings.553</div>554<div>555Fix transmitting certain UTF-8 characters via JSON.556</div>557</aside>558</article>559<article data-sblg-article="1" data-sblg-tags="version">560<header>561<h1>0.10.7</h1>562<address>Kristaps Dzonsons</address>563<time datetime="2018-06-19">2018-06-19</time>564</header>565<aside>566<div>567Some excellent fixes from <a568href="https://github.com/mk-f">mk-f@</a> in getting better569support for <a href="https://kristaps.bsd.lv/kcaldav">kcaldav</a>:570fixing the <code>nc</code> value in digest authentication to be hex571and adding support for <code>application/xml</code> to the list of572supported MIME types.573Thanks!574</div>575<div>576Remove <strong>-lbsd</strong> requirement for Linux regression577tests.578Fix another issue where <a579href="https://man.openbsd.org/fpclassify.3">fpclassify(3)</a>580on Linux requires <strong>-lm</strong>.581</div>582</aside>583</article>584<article data-sblg-article="1" data-sblg-tags="version">585<header>586<h1>0.10.6</h1>587<address>Kristaps Dzonsons</address>588<time datetime="2018-04-19">2018-04-19</time>589</header>590<aside>591<div>592Quick fix from Ross Richardson regarding URL encoding with the high bit set.593Thank you so much!594Also push in some small fixes from the <a595href="https://github.com/kristapsdz/kcgi">GitHub</a> list.596</div>597</aside>598</article>599<article data-sblg-article="1" data-sblg-tags="version">600<header>601<h1>0.10.5</h1>602<address>Kristaps Dzonsons</address>603<time datetime="2018-04-19">2018-04-19</time>604</header>605<aside>606<div>607Add <a href="kcgi_strerror.3.html">kcgi_strerror(3)</a> for a string608representation of the error codes. Split <a609href="kutil_invalidate.3.html">kutil_invalidate(3)</a> into610its own manpage.611Fix up some corner cases in template handling: trailing delimiters,612empty key sequences, and so on.613Also allow for escaping delimeters, <code>\@@</code>, allowing for614the existence of delimeters as opaque text.615</div>616<div>617These fixes were implemented or suggested by Ingo Schwarze618(<q>schwarze@</q>) in an audit generously funded by CAPEM Solutions,619Inc.620Thank you so much!621</div>622</aside>623</article>624<article data-sblg-article="1" data-sblg-tags="version">625<header>626<h1>0.10.3</h1>627<address>Kristaps Dzonsons</address>628<time datetime="2018-04-10">2018-04-10</time>629</header>630<aside>631<div>632The <q>FastCGI release</q>: when running <span633class="nm">kcgi</span>'s FastCGI mode on nginx, processes634were being mysteriously killed under high load.635This was due to the end-point closing the connection before all data636was being read or written.637To wit, I now establish a difference (in FastCGI) between the638connection closing (which is a recoverable error) and the manager639killing the connection or the control socket exiting, which are not640recoverable.641Since most of this development was on Linux/ARM with nginx, the642sandbox for Linux has also been tooled up.643A <strong>big</strong> thanks to Elouan Pignet, who was kind enough644to diagnose the problem and provide access to his system for a fix,645including several failed attempts.646Thanks, Elouan!647</div>648<div>649To this end (<strong>API change</strong>), <a650href="khttp_fcgi_parse.3.html">khttp_fcgi_parse(3)</a> now651returns the <code>KCGI_EXIT</code> when the system has exited.652The <code>KCGI_HUP</code> is reserved for when the output channel653has closed (after parsing) and the current connection is no longer654valid.655The documentation has been updated for relevant functions.656</div>657<div>658While studying these code paths, make sure that a sequence of writes659(using <a href="khttp_write.3.html">khttp_write(3)</a> or any of the660writing front-ends) won't fail if <a661href="khttp_body.3.html">khttp_body(3)</a> wasn't able to662complete due to the connection closing.663Specifically, if the connection closes during <a664href="khttp_body.3.html">khttp_body(3)</a> (returning665<code>KCGI_HUP</code>), the system will still expect headers.666Earlier, it would assert with subsequent <a667href="khttp_write.3.html">khttp_write(3)</a> if the error668were not caught and the669In the modified behaviour, it will return <code>KCGI_FORM</code> to670indicate that the system is out of state.671</div>672<div>673Make <a href="khttp_fcgi_parse.3.html">khttp_fcgi_parse(3)</a> only674require that callers invoke <a675href="khttp_free.3.html">khttp_free(3)</a> if exiting with success.676This mirrors <a href="khttp_parse.3.html">khttp_parse(3)</a>.677</div>678<div>679Merge a set of tutorial fixes from <a680href="https://github.com/cyball">cyball</a>, thanks!681</div>682<div>683Allow the <a href="kutil_log.3.html">kutil_log(3)</a> functions to684accept a <code>NULL</code> request.685This makes it possible to use these functions for consistent logging686without a request.687</div>688<div>689Lastly, run through all code snippets, apply <a690href="https://man.openbsd.org/style.9">style(9)</a>, and691make sure that the MIME type is properly checked.692And add a new tutorial, <a href="tutorial6.html">Best practises for693pledge(2) security</a>.694</div>695</aside>696</article>697<article data-sblg-article="1" data-sblg-tags="version">698<header>699<h1>0.10.2</h1>700<address>Kristaps Dzonsons</address>701<time datetime="2018-03-24">2018-03-24</time>702</header>703<aside>704<div>705Merge a set of patches from <a706href="https://github.com/kristapsdz/kcgi/pull/26">pull/26</a>.707These fix the digest authorisation in <q>auth-int</q> mode, most708often used by CalDAV systems.709Thanks to Charles Collicutt for the contribution!710</div>711<div>712While raising <a href="https://kristaps.bsd.lv/kcaldav">kcaldav</a>713from the dead, fix where the XML writer wasn't returning the correct714error code and causing strange errors.715</div>716<div>717Lastly, fix the Linux sandbox when running on ARM machines, enable718building for C++ applications, and add a tutorial and sample file.719Pull in most recent <a href="https://github.com/kristapsdz/oconfigure">oconfigure</a>.720</div>721</aside>722</article>723<article data-sblg-article="1" data-sblg-tags="version">724<header>725<h1>0.10.1</h1>726<address>Kristaps Dzonsons</address>727<time datetime="2018-03-06">2018-03-06</time>728</header>729<aside>730<div>731Many of the improvements and fixes in this release were implemented or732suggested by Ingo Schwarze (<q>schwarze@</q>) in an audit generously733funded by CAPEM Solutions, Inc.734Thank you so much!735</div>736<div>737Proper versioning in the header file as documented in <a738href="kcgi.3.html">kcgi(3)</a>.739</div>740<div>741Fix <a href="kcgijson.3.html">kcgijson_string_write(3)</a> and742friends to not emit a superfluous quote before each invocation.743</div>744<div>745Add <a href="kcgi_buf_write.3.html">kcgi_buf_write(3)</a> and746friends to make working with747<a href="khttp_template.3.html">khttp_templatex(3)</a> easier.748(I also use it for <a749href="https://curl.haxx.se/libcurl">libcurl(3)</a> in-memory750buffers.)751</div>752<div>753<strong>API change</strong>: complete the change-over to writing754functions returning values by modifying <a755href="khttp_template.3.html">khttp_template(3)</a> and756friends to return a proper error code.757While here, significantly improve the manpage.758</div>759</aside>760</article>761<article data-sblg-article="1" data-sblg-tags="version">762<header>763<h1>0.10.0</h1>764<address>Kristaps Dzonsons</address>765<time datetime="2018-01-18">2018-01-18</time>766</header>767<aside>768<div>769A minor bump here due to API changes, along with a plethora of770improvements: date handling, simplification of general code, and771getting error codes exported in the write sequence.772Many of the improvements and fixes in this release were implemented or773suggested by Ingo Schwarze (<q>schwarze@</q>) in an audit generously774funded by CAPEM Solutions, Inc.775Thank you so much!776</div>777<div>778<strong>Memory leak fix</strong>: fix <a779href="khttp_free.3.html">khttp_free(3)</a> to free a780forgotten allocation.781Probably only affects FastCGI processes at 16 bytes lost per request782parsed.783</div>784<div>785<strong>Feature</strong>: add the <a786href="kcgi_writer_disable.3.html">kcgi_writer_disable(3)</a>787function, which allows callers to788determine which front-end writers (e.g.,789<a href="kcgixml.3.html">kcgixml(3)</a>)790are allowed to exist.791This locks down the output formatting mechanism.792</div>793<div>794<strong>API change</strong>: the <a795href="kcgixml.3.html">kcgixml(3)</a> library now no longer796prints the XML prologue with <code>kxml_open()</code>.797This must be manually printed with <code>kxml_prologue()</code>.798</div>799<div>800<strong>API change</strong>: the801<a href="kcgijson.3.html">kcgijson(3)</a>,802<a href="kcgihtml.3.html">kcgihtml(3)</a>, and803<a href="kcgixml.3.html">kcgixml(3)</a> now return a consistent804error code for all operations.805The <code>khtml_text</code> function has been removed (it was deprecated).806</div>807<div>808<strong>API change</strong>: the809<a href="kutil_urlencode.3.html">kutil_urlencode(3)</a> family of810functions now all return <code>NULL</code> on memory failure.811Earlier, this was inconsistent.812</div>813<div>814<strong>API change</strong>: the815<a href="khttp_write.3.html">khttp_write(3)</a> family of816functions now all return <code>enum kcgi_err</code> to indicate a817failure condition.818</div>819<div>820<strong>API change</strong>: the <a821href="khttp_body.3.html">khttp_body(3)</a> function now822returns <code>enum kcgi_err</code> to indicate a failure condition823<strong>instead of</strong> whether compression was enabled.824</div>825<div>826<strong>API change</strong>: the <a827href="khttp_body.3.html">khttp_body_compress(3)</a> function828now returns <code>enum kcgi_err</code> to indicate a failure829condition <strong>instead of</strong> whether compression was830enabled.831Furthermore, the <code>comp</code> argument simply dictates whether832compression should be enabled or not, preventing confusion.833</div>834<div>835<strong>API change</strong>: the <a836href="khttp_head.3.html">khttp_head(3)</a> function now837returns <code>enum kcgi_err</code> to indicate a failure condition.838Furthermore, this function now dynamically allocates header lengths,839removing prior bounds on header length.840</div>841<div>842While here, improve <a href="khttp_head.3.html">khttp_head(3)</a>,843<a href="khttp_body.3.html">khttp_body(3)</a>,844<a href="kvalid_string.3.html">kvalid_string(3)</a>, and845<a href="kmalloc.3.html">kmalloc(3)</a> manpages.846</div>847<div>848Lastly, the <a href="kvalid_string.3.html">kvalid_date(3)</a>849function has been generalised for arbitrary dates, prompting the850addition of <a href="kutil_epoch2str.3.html">kutil_date_valid(3)</a>851and <a href="kutil_epoch2str.3.html">kutil_datetime_valid(3)</a>852functions to validate broken-down dates.853And bring up to date with latest <a854href="https://github.com/kristapsdz/oconfigure">oconfigure</a>.855</div>856</aside>857</article>858<article data-sblg-article="1" data-sblg-tags="version">859<header>860<h1>0.9.10</h1>861<address>Kristaps Dzonsons</address>862<time datetime="2017-11-21">2017-11-21</time>863</header>864<aside>865<div>866Many internal small issues (allocation catches, better logging,867simplifying logic) fixed as found by Ingo Schwarze868(<q>schwarze@</q>) in an extensive audit generously funded by CAPEM869Solutions, Inc. None of these change application behaviour except870that standalone query parts are let through. For example,871<code>localhost/foo?bar=baz&xyzzy</code> now passes872<code>xyzzy</code> as a key-pair with a zero-length pair.873</div>874<div>875Note that parsing <code>text/plain</code> enctypes is now876deprecated, as I'm yet to see this ever used.877</div>878</aside>879</article>880<article data-sblg-article="1" data-sblg-tags="version">881<header>882<h1>0.9.9</h1>883<address>Kristaps Dzonsons</address>884<time datetime="2017-10-30">2017-10-30</time>885</header>886<aside>887<div>888Switch to using <a889href="https://github.com/kristapsdz/oconfigure">oconfigure</a>.890Add the <a href="kvalid_string.3.html">kvalid_bit(3)</a> function891for bit fields.892</div>893</aside>894</article>895<article data-sblg-article="1" data-sblg-tags="version">896<header>897<h1>0.9.8</h1>898<address>Kristaps Dzonsons</address>899<time datetime="2017-10-18">2017-10-18</time>900</header>901<aside>902<div>903<strong>API changes</strong>: use the appropriate904<code>uint32_t</code> size for the HTTP digest authorisation nonce905count. This follows <a906href="https://tools.ietf.org/html/rfc7616">RFC 7616</a>,907sec. 3.4. Also add the <a href="kutil_log.3.html">kutil_err(3)</a>908family of functions, which report an error and exit. Split that909into <a href="kutil_openlog.3.html">kutil_openlog(3)</a> as well.910Lastly, commit considerable improvements to the <a911href="khttp_parse.3.html">khttp_parse(3)</a> and other912manpages, as well as some extra warning messages due to RFC913violations during HTTP parse. Most of these were found and patched914by Ingo Schwarze (<q>schwarze@</q>) in an extensive audit generously915funded by CAPEM Solutions, Inc. Thank you!916</div>917</aside>918</article>919<article data-sblg-article="1" data-sblg-tags="version">920<header>921<h1>0.9.7</h1>922<address>Kristaps Dzonsons</address>923<time datetime="2017-09-23">2017-09-23</time>924</header>925<aside>926<div>927Fix C headers in the documentation to be more minimal and928standards-compliant.929</div>930<div>931Add Ross Richardson's <a href="tutorial4.html">Using Pages</a>932tutorial. Ross developed the new <a933href="https://undeadly.org">Undeadly Journal</a>!934</div>935<div>936Bug fixes… Clarify some function elements in <a937href="khttp_parse.3.html">khttp_parse(3)</a>. Fixed938undefined behaviour caused when <a939href="khttp_template.3.html">khttp_templatex_buf(3)</a> is940passed a fallback function and mis-reports the input key length.941(If you use templating with a fallback function, you <strong>must942update</strong>.) Fix all instances of zero-length943allocations. These are non-portable and might cause erroneous944failure on some systems. Fix an error where using digest945authentication via <a946href="khttpdigest_validate.3.html">khttpdigest_validate(3)</a>947might crash with an unknown HTTP method. Most of these were found948by Ingo Schwarze (<q>schwarze@</q>) in an extensive audit generously949funded by CAPEM Solutions, Inc. Thank you!950</div>951</aside>952</article>953<article data-sblg-article="1" data-sblg-tags="version">954<header>955<h1>0.9.6</h1>956<address>Kristaps Dzonsons</address>957<time datetime="2017-08-31">2017-08-31</time>958</header>959<aside>960<div>961Add the <a href="khttp_template.3.html">khttp_template_fd(3)</a>962functions for passing a file descriptor into the template utility963instead of an open file or buffer. (Also clean up that964documentation.)965</div>966</aside>967</article>968<article data-sblg-article="1" data-sblg-tags="version">969<header>970<h1>0.9.5</h1>971<address>Kristaps Dzonsons</address>972<time datetime="2017-05-31">2017-05-31</time>973</header>974<aside>975<div>976Clarify documentation for <a href="kcgijson.3.html">kcgijson(3)</a>977and add an <code>uninstall</code> rule to the GNUmakefile for those978not using a package-managed version of the library. No code979changes.980</div>981</aside>982</article>983<article data-sblg-article="1" data-sblg-tags="version">984<header>985<h1>0.9.4</h1>986<address>Kristaps Dzonsons</address>987<time datetime="2017-03-12">2017-03-12</time>988</header>989<aside>990<div>991Add a feature inspired by Ross Richardson: a fallback function for992templates. As described for the <a993href="khttp_template.3.html">khttp_template(3)</a> family of994functions, a fallback function is invoked if none of the fixed keys995are found. This is handy because you can provide parsed template996keys, e.g., <code>foo[bar]</code> and <code>foo[baz]</code>, which997would be parsed for a type <code>foo</code> that's passed a dynamic998value <code>bar</code> or <code>baz</code>.999</div>1000<div>1001<strong>Nota bene</strong>: this required the <a1002href="khttp_template.3.html">khttp_templatex(3)</a> and <a1003href="khttp_template.3.html">khttp_templatex_buf(3)</a>1004functions to have an argument change.1005</div>1006</aside>1007</article>1008<article data-sblg-article="1" data-sblg-tags="version">1009<header>1010<h1>0.9.3</h1>1011<address>Kristaps Dzonsons</address>1012<time datetime="2017-01-25">2017-01-25</time>1013</header>1014<aside>1015<div>1016Numerous spelling errors fixed (no functional change) and added <a1017href="kutil_epoch2str.3.html">kutil_epoch2utcstr(3)</a> for1018formatting ISO 8601 dates. Also fixed <a1019href="kutil_epoch2str.3.html">KUTIL_EPOCH2TM(3)</a> macro to1020set correct fields.1021</div>1022</aside>1023</article>1024<article data-sblg-article="1" data-sblg-tags="version">1025<header>1026<h1>0.5.9</h1>1027<address>Kristaps Dzonsons</address>1028<time datetime="2015-06-17">2015-06-17</time>1029</header>1030<aside>1031<div>1032Add ability to retrieve HTTP headers from the request. This adds1033several fields to the structure filled in by <a1034href="khttp_parse.3.html">khttp_parse(3)</a> that allow for1035mapped (indexed by known header) and listed header fields. The HTTP1036headers are reconstituted from the CGI environmental variables1037according to the RFC. These fields existed in earlier releases, but1038were not documented and, moreover, did not reconstitute the HTTP1039header name from the CGI environment variable name. A regression1040test has been added to test this behaviour. While adding this1041documentation, clean up the type list in <a1042href="khttp_parse.3.html">khttp_parse(3)</a>.1043</div>1044<div>1045Add <a href="khttp_body.3.html">khttp_body_compress(3)</a>, which1046allows for stipulating auto-compression (the default for <a1047href="khttp_body.3.html">khttp_body(3)</a>), compression1048without emitting the appropriate header (for applications providing1049the <q>Content-Encoding</q> parameter themselves), and no1050compression (for applications taking full control of output1051themselves). While there, make the test for requested compression1052be sensitive to the <a1053href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html">RFC10542616</a> <q>qvalue</q>. Both functions now return whether1055compression has been enabled. This functionality augments existing1056behaviour: it does not change it.1057</div>1058<div>1059Add HTTP error codes described by <a1060href="https://tools.ietf.org/html/rfc6585">RFC 6585</a>.1061</div>1062</aside>1063</article>1064<article data-sblg-article="1" data-sblg-tags="version">1065<header>1066<h1>0.4.2</h1>1067<address>Kristaps Dzonsons</address>1068<time datetime="2014-11-30">2014-11-30</time>1069</header>1070<aside>1071<div>1072Implement the <a href="kcgijson.3.html">kcgijson(3)</a> library for1073convenient JSON functions, remove function prototype names as per1074OpenBSD's <a1075href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man9/style.9?query=style">style(9)</a>,1076polish documentation.1077</div>1078</aside>1079</article>1080<article data-sblg-article="1" data-sblg-tags="version">1081<header>1082<h1>0.4.3</h1>1083<address>Kristaps Dzonsons</address>1084<time datetime="2014-12-03">2014-12-03</time>1085</header>1086<aside>1087<div>1088Make sure that <a href="khttp_parse.3.html">khttp_parse(3)</a>1089returns an error code indicating what actually went wrong. This is1090a minor API change because the function no longer returns 0, but an1091enumeration (where 0, incidentally, means success). Also audit the1092parsing trailer to make sure that the parent doesn't exit in the1093event of memory exhaustion.1094</div>1095</aside>1096</article>1097<article data-sblg-article="1" data-sblg-tags="version">1098<header>1099<h1>0.4.4</h1>1100<address>Kristaps Dzonsons</address>1101<time datetime="2014-12-15">2014-12-15</time>1102</header>1103<aside>1104<div>1105Add the Boolean and NULL types to <a1106href="kcgijson.3.html">kcgijson(3)</a>. Fix control code1107serialisation in the same.1108</div>1109</aside>1110</article>1111<article data-sblg-article="1" data-sblg-tags="version">1112<header>1113<h1>0.5</h1>1114<address>Kristaps Dzonsons</address>1115<time datetime="2014-12-18">2014-12-18</time>1116</header>1117<aside>1118<div>1119Expand the functionality of the template system with <a1120href="khttp_template.3.html">khttp_templatex(3)</a> and <a1121href="khttp_template.3.html">khttp_templatex_buf(3)</a>,1122which allow the writing function to be overriden. This allows1123templates to play nicely with other systems such as <a1124href="kcgijson.3.html">kcgijson(3)</a> and general dynamic1125buffer creation. I use this for creating mails for sending with <a1126href="http://curl.haxx.se/libcurl/">libcurl</a>. Also1127create an automated test harness <a1128href="kcgi_regress.3.html">kcgi_regress(3)</a> that, for1129internal automated regression testing, uses <a1130href="http://curl.haxx.se/libcurl/">libcurl</a> to create1131and parse HTTP messages over a local socket and a small server to1132translate the requests into CGI variables for <span1133class="nm">kcgi</span>. The internal tests can be run with1134<code>make regress</code>.1135</div>1136</aside>1137</article>1138<article data-sblg-article="1" data-sblg-tags="version">1139<header>1140<h1>0.5.1</h1>1141<address>Kristaps Dzonsons</address>1142<time datetime="2015-03-14">2015-03-14</time>1143</header>1144<aside>1145<div>1146Allow <a href="kcgi_regress.3.html">kcgi_regress(3)</a> to handle1147query strings and forms for validation testing. Pick out one1148assertion failure in the parser by using the <a1149href="http://lcamtuf.coredump.cx/afl/">American fuzzy1150lop</a>. Add an a test harness for AFL as well. Recognise1151CONNECT, DELETE, HEAD, TRACE, PUT, and OPTIONS methods.1152</div>1153</aside>1154</article>1155<article data-sblg-article="1" data-sblg-tags="version">1156<header>1157<h1>0.5.2</h1>1158<address>Kristaps Dzonsons</address>1159<time datetime="2015-04-05">2015-04-05</time>1160</header>1161<aside>1162<div>1163Allow for opaque HTTP message bodies: if our content type isn't1164<code>application/x-www-form-urlencoded</code>,1165<code>multipart/form-data</code>, or <code>text/plain</code> (during1166a POST only), then accept the HTTP body as a single object and1167validate it against the empty-key validator. Add HTTP methods and1168headers stipulated by <a1169href="http://tools.ietf.org/html/rfc4918">HTTP Extensions1170for Web Distributed Authoring and Versioning (WebDAV)</a>1171and <a href="http://tools.ietf.org/html/rfc4791">Calendaring1172Extensions to WebDAV (CalDAV)</a>. Allow for the HTTP1173request headers to be exported to the <code>struct kreq</code>1174object as both a list and, for common HTTP headers, an indexed map.1175Added <a href="kcgixml.3.html">kcgixml(3)</a> bits for some simple1176XML support and added <code>khtml_putc()</code> and1177<code>khtml_puts()</code> to <a1178href="kcgihtml.3.html">kcgihtml(3)</a> for consistency.1179Specify that a <code>NULL</code> template passed to the <a1180href="khttp_template.3.html">khttp_template(3)</a> functions1181simply causes the named file or buffer to be outputted without any1182processing. Lastly, recognise <a1183href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/getentropy.2">getentropy(2)</a>1184as a white-listed system call in the <a1185href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/systrace.4">systrace(4)</a>1186sandbox.1187</div>1188</aside>1189</article>1190<article data-sblg-article="1" data-sblg-tags="version">1191<header>1192<h1>0.5.3</h1>1193<address>Kristaps Dzonsons</address>1194<time datetime="2015-04-10">2015-04-10</time>1195</header>1196<aside>1197<div>1198Fully process the <code>Authentication</code> header, implementing1199<a href="https://tools.ietf.org/html/rfc2617">RFC 2617</a>. This1200was originally developed in <a1201href="http://kristaps.bsd.lv/kcaldav">kcaldav</a>, but makes1202more sense to be run here inside of the untrusted child. Values are1203stored in the <code>struct khttpauth</code> field documented in <a1204href="khttp_parse.3.html">khttp_parse(3)</a>.1205</div>1206</aside>1207</article>1208<article data-sblg-article="1" data-sblg-tags="version">1209<header>1210<h1>0.5.4</h1>1211<address>Kristaps Dzonsons</address>1212<time datetime="2015-04-12">2015-04-12</time>1213</header>1214<aside>1215<div>1216Single bug-fix: the nonce count parsed from an HTTP digest was not1217being correctly recorded.1218</div>1219</aside>1220</article>1221<article data-sblg-article="1" data-sblg-tags="version">1222<header>1223<h1>0.5.5</h1>1224<address>Kristaps Dzonsons</address>1225<time datetime="2015-04-12">2015-04-12</time>1226</header>1227<aside>1228<div>1229Bug-fix when linking to <a href="kcgihtml.3.html">kcgihtml(3)</a>.1230Added the access scheme (HTTP or HTTPS) to <code>struct kreq</code>.1231Have validation for document body correctly set the1232<code>ctypepos</code> prior to validation. While there, properly1233decode the content-type field (i.e., discarding parameters) when1234looking up the type in the known types.1235</div>1236</aside>1237</article>1238<article data-sblg-article="1" data-sblg-tags="version">1239<header>1240<h1>0.5.6</h1>1241<address>Kristaps Dzonsons</address>1242<time datetime="2015-04-23">2015-04-23</time>1243</header>1244<aside>1245<div>1246Bug-fix for Capsicum sandbox, found by Baptiste Daroussin. (Thanks!)1247Also fix passing a zero-length buffer into the template buffer functions.1248</div>1249</aside>1250</article>1251<article data-sblg-article="1" data-sblg-tags="version">1252<header>1253<h1>0.5.7</h1>1254<address>Kristaps Dzonsons</address>1255<time datetime="2015-04-27">2015-04-27</time>1256</header>1257<aside>1258<div>1259Rename <code>khtml_close</code> to <code>khtml_closeelem</code> in <a href="kcgihtml.3.html">kcgihtml(3)</a>, then re-add the1260close function and an open function to harmonise with <a href="kcgijson.3.html">kcgijson(3)</a> and <a1261href="kcgixml.3.html">kcgixml(3)</a>.1262In the process, allow the closing functions in all libraries to unwind any remaining context, and have the closing functions1263return whether the request was out of bounds.1264Prevent some bogus calls to <a href="kcgihtml.3.html">kcgihtml(3)</a> from aborting.1265Bug-fix for detecting zlib on FreeBSD, found by Baptiste Daroussin. (Thanks!)1266</div>1267</aside>1268</article>1269<article data-sblg-article="1" data-sblg-tags="version">1270<header>1271<h1>0.5.8</h1>1272<address>Kristaps Dzonsons</address>1273<time datetime="2015-05-11">2015-05-11</time>1274</header>1275<aside>1276<div>1277Update the included sample file and correct the documentation regarding its compilation.1278Fix noted by Jan Schreiber — thanks!1279While doing so, add some documentation bits to the manpages and considerable documentation to the webpage.1280No functional changes.1281</div>1282</aside>1283</article>1284<article data-sblg-article="1" data-sblg-tags="version">1285<header>1286<h1>0.6</h1>1287<address>Kristaps Dzonsons</address>1288<time datetime="2015-07-07">2015-07-07</time>1289</header>1290<aside>1291<div>1292Import initial Linux <a href="http://man7.org/linux/man-pages/man2/seccomp.2.html">seccomp(2)</a> (via <a1293href="http://man7.org/linux/man-pages/man2/prctl.2.html">prctl(2)</a>) sandbox!1294This uses the implementation of <a href="http://www.openssh.com/">OpenSSH</a>, tweaked to work within the <span1295class="nm">kcgi</span> framework.1296For now, it only allows arm, i386, and x86_64: if you're using another architecture, please let me know your <code>uname -m</code>,1297as the sandbox (ridiculously) needs to know the system architecture.1298(Better yet: also send me the relevant <code>AUDIT_ARCH_xxx</code> from <code>/usr/include/linux/audit.h</code>.)1299While here, allow for compilation on <a href="http://www.musl-libc.org/">musl</a>.1300I've also moved the tutorial into a separate file and fleshed it out a little.1301I'll probably add more tutorials in time.1302</div>1303</aside>1304</article>1305<article data-sblg-article="1" data-sblg-tags="version">1306<header>1307<h1>0.6.1</h1>1308<address>Kristaps Dzonsons</address>1309<time datetime="2015-07-09">2015-07-09</time>1310</header>1311<aside>1312<div>1313One-line bug-fix to include new Linux seccomp patch into source archive. Ouch. Noted by James Turner—thanks!1314</div>1315</aside>1316</article>1317More FastCGI: move control socket handling into its own process.1327The control socket is a UNIX socket (or similar) bound by the FastCGI runner, which is either the web server or an1328application like <a href="kfcgi.8.html">kfcgi(8)</a>, then passed as <code>STDIN_FILENO</code> to the FastCGI1329application.1330<span class="nm">kcgi</span> will then wait on this socket for incoming connections, which are acted upon with <a1331href="khttp_fcgi_parse.3.html">khttp_fcgi_parse(3)</a>.1332In this release, this logic has been moved into its own process instead of being managed by the web application itself1333during calls to <a href="khttp_fcgi_parse.3.html">khttp_fcgi_parse(3)</a>.1334While here, I cleaned up and simplified a lot of the sandbox and inter-process socket logic.1335The control socket is not yet sandboxed: that will come with later releases.1336Again, the FastCGI implementation is <strong>experimental</strong>!1337</div>1338<div>1339Patches for deployment on FreeBSD contributed by Baptiste Daroussin—thanks!1340In analysis, found that the <code>argfree</code> function to <a href="khttp_parse.3.html">khttp_parse(3)</a> wasn't1341being invoked if the <code>arg</code> was itself NULL.1342(This is clearly bad behaviour—not all functions need that argument!)1343This has been fixed as well.1344</div>1345</aside>1346</article>1347While the existing functionality wasn't logically altered, it was shuffled around quite a lot and abstracted to1358accomodate for the new FastCGI functions.1359The implementation is documented in <a href="kfcgi.8.html">kfcgi(8)</a>, <a1360href="khttp_fcgi_init.3.html">khttp_fcgi_init(3)</a>, and <a1361href="khttp_fcgi_parse.3.html">khttp_fcgi_parse(3)</a>, and <a1362href="khttp_fcgi_free.3.html">khttp_fcgi_free(3)</a>.1363<strong>This functionality is experimental</strong>, and needs strong analysis before casual deployment.1364It is also not quite feature-complete: HTTP compression is not yet functional for FastCGI applications.1365The <a href="kfcgi.8.html">kfcgi(8)</a> launcher is also very bare-bones—this will be improved in subsequent releases.1366Again: this functionality is <strong>experimental</strong> and under development!1367</div>1368<div>1369Also fixed a bug where calling <a href="khttp_free.3.html">khttp_free(3)</a> after a prior <a1370href="khttp_parse.3.html">khttp_parse(3)</a> failure would cause a NULL dereference.1371Added the missing <code>txt</code> and <code>xml</code> suffixes to the suffix table.1372Fix that the request port number was erroneously disallowed to be >80.1373</div>1374</aside>1375</article>1376<article data-sblg-article="1" data-sblg-tags="version">1377<header>1378<h1>0.6.4</h1>1379<address>Kristaps Dzonsons</address>1380<time datetime="2015-08-01">2015-08-01</time>1381</header>1382<aside>1383<div>1384Add some proper security to <a href="kfcgi.8.html">kfcgi(8)</a>: place child FastCGI processes in a file-system jail,1385drop privileges, and ensure proper ownership of the socket.1386While here, begin sandbox mechanisms for the FastCGI control process.1387This only works for Mac OSX for now, but will expand to others.1388Again, until the next minor version bump, <strong>FastCGI support is experimental</strong>.1389</div>1390<div>1391On that note, finalise the API for FastCGI calls.1392This involved moving most function arguments previously in <a href="khttp_fcgi_parse.3.html">khttp_fcgi_parse(3)</a>1393into <a href="khttp_fcgi_init.3.html">khttp_fcgi_init(3)</a>.1394To wit, the <code>khttp_fcgi_parsex()</code> function has been removed: all of the logic has been moved to the1395initialisation function, making the parse function much simpler.1396Cement this by adding several new regression tests that exercise the FastCGI functionality.1397These, of course, required that FastCGI functionality be added to the regression suite.1398This is documented in <a href="kcgiregress.3.html">kcgiregress(3)</a> (the manpage was renamed from <code>kcgi_regress</code>).1399</div>1400<div>1401In adding the regression suite, one critical FastCGI bug was found (and fixed) for forms >1 kB.1402Fix another critical bug when writing large contiguous blocks, which would be silently truncated.1403(A regression test has been added for this.)1404The same would trigger a failure on Linux due to the sandbox: this has also been fixed.1405Internally, the behaviour of read and write sockets is consistently non-blocking.1406There has been a report of large compressed output failing on FreeBSD, but this has not yet been verified.1407</div>1408<div>1409Lastly, incorporate a patch from Baptiste Daroussin (thanks!) for a tighter Capsicum sandbox for the parser process.1410</div>1411</aside>1412</article>1413<article data-sblg-article="1" data-sblg-tags="version">1414<header>1415<h1>0.7.0</h1>1416<address>Kristaps Dzonsons</address>1417<time datetime="2015-08-07">2015-08-07</time>1418</header>1419<aside>1420<div>1421Implement the <a href="http://www.fastcgi.com/drupal/node/6?q=node/22">FastCGI</a> control process's sandbox for all1422supported operating systems.1423(The FastCGI control process is forked from each application process, and is responsible for accepting new FastCGI1424connections and passing the descriptors to the application for output and worker process for parsing.)1425This is the last <q>feature</q> for the FastCGI implementation: it now has the same protection as the CGI implementation1426for all child processes.1427Add sandbox for OpenBSD's <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/tame.2">tame(2)</a>,1428although this technically isn't supported yet (in snapshots, anyway) and returns <code>ENOSYS</code>.1429On OpenBSD machines with both sandboxes, this is tried first.1430This effort derives from a patch submitted by Reyk Floeter—thanks!1431</div>1432<div>1433The FastCGI interface is no longer an experimental feature, but baked into the system.1434</div>1435<div>1436In addition to the above, some variables were added to the manpages (which were also cleaned up a bit) and the AFL1437system was updated with the socket re-write.1438</div>1439</aside>1440</article>1441<article data-sblg-article="1" data-sblg-tags="version">1442<header>1443<h1>0.7.1</h1>1444<address>Kristaps Dzonsons</address>1445<time datetime="2015-08-11">2015-08-11</time>1446</header>1447<aside>1448<div>1449Fix: forgot to install <a href="kfcgi.8.html">kfcgi(8)</a>.1450Add flag to <a href="kfcgi.8.html">kfcgi(8)</a> to specify the connection backlog.1451Add <a href="khttp_fcgi_test.3.html">khttp_fcgi_test(3)</a> to see if an application should use the FastCGI or regular1452CGI functions.1453A regression noted by James Turner (thanks!): re-add the CGI sample, <span class="file">sample.c</span>, into the1454distributed source.1455There is also a FastCGI sample, <span class="file">sample-fcgi.c</span>.1456There is also a non-<span class="nm">kcgi</span> sample, <span class="file">sample-cgi.c</span>, used in creating the1457performance graphs.1458</div>1459</aside>1460</article>1461<article data-sblg-article="1" data-sblg-tags="version">1462<header>1463<h1>0.7.2</h1>1464<address>Kristaps Dzonsons</address>1465<time datetime="2015-09-04">2015-09-04</time>1466</header>1467<aside>1468<div>1469If a FastCGI connection closes, don't make1470failing writes to that connection bring down the1471application.1472Also work around a very weird Mac OS X bug1473wherein a poll will return a timeout even though1474the poll request is blocking.1475</div>1476</aside>1477</article>1478<article data-sblg-article="1" data-sblg-tags="version">1479<header>1480<h1>0.7.3</h1>1481<address>Kristaps Dzonsons</address>1482<time datetime="2015-09-30">2015-09-30</time>1483</header>1484<aside>1485<div>1486Fix for proper FastCGI support on <a href="http://www.nginx.org">nginx</a>.1487This work was prompted by Daniel Sinclair, who fixed a read type mismatch (when reading the padding length) that inspired1488a further fix to serialise the response FastCGI header properly.1489Lastly, a latent Apache2 FastCGI bug was fixed in incorrectly reporting the return code status.1490</div>1491</aside>1492</article>1493<article data-sblg-article="1" data-sblg-tags="version">1494<header>1495<h1>0.7.4</h1>1496<address>Kristaps Dzonsons</address>1497<time datetime="2015-11-12">2015-11-12</time>1498</header>1499<aside>1500<div>1501Replace support for tame(2) (which was never enabled in the operating system) with the renamed <a1502href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/pledge.2">pledge(2)</a>.1503From a patch by James Turner—thank you!1504</div>1505</aside>1506</article>1507<article data-sblg-article="1" data-sblg-tags="version">1508<header>1509<h1>0.7.5</h1>1510<address>Kristaps Dzonsons</address>1511<time datetime="2016-01-04">2016-01-04</time>1512</header>1513<aside>1514<div>1515Added ability to easily perform HTTP digest authentication, <a1516href="khttpdigest_validate.3.html">khttpdigest_validate(3)</a>, which is heavily used in <a1517href="http://kristaps.bsd.lv/kcaldav">kcaldav</a> and a few other systems.1518This manages all of the aspects of the sequences, from the child process performing an MD5 hash on the full data stream1519to the end check against a hash.1520While there, also add <a href="khttpbasic_validate.3.html">khttpbasic_validate(3)</a> for completeness.1521</div>1522<div>1523Add an experimental feature for debugging input and output streams.1524One can set debugging fields with <a href="khttp_parse.3.html">khttp_parsex(3)</a> or <a1525href="khttp_fcgi_init.3.html">khttp_fcgi_initx(3)</a> and have request reads or response writes logged to1526standard output.1527<strong>Note</strong>: this changes the system API, so make sure any systems calling the above functions are upgraded to1528account for the extra argument!1529Also merged a thorough documentation patch by Svyatoslav Mishyn—thanks!1530</div>1531</aside>1532</article>1533<article data-sblg-article="1" data-sblg-tags="version">1534<header>1535<h1>0.7.6</h1>1536<address>Kristaps Dzonsons</address>1537<time datetime="2016-01-25">2016-01-25</time>1538</header>1539<aside>1540<div>1541Push read-only repository to <a href="https://github.com/kristapsdz/kcgi.git">GitHub</a>.1542<span class="nm">kcgi</span> has been accepted as a <a href="https://scan.coverity.com/projects/kcgi">Coverity</a>1543project.1544The initial scan revealed a pair of error-path resource links and some false positives.1545(All of these are visible on the Coverity project site.)1546It also found one legitimate bug in the newly-installed HTTP basic authentication code.1547This, obviously, has been fixed.1548Thanks, <a href="http://coverity.com">Coverity</a>!1549</div>1550</aside>1551</article>1552<article data-sblg-article="1" data-sblg-tags="version">1553<header>1554<h1>0.7.7</h1>1555<address>Kristaps Dzonsons</address>1556<time datetime="2016-02-10">2016-02-10</time>1557</header>1558<aside>1559<div>1560Allow for the developer to set a write buffer size when invoking <a href="khttp_parse.3.html">khttp_parsex(3)</a> or <a1561href="khttp_fcgi_init.3.html">khttp_fcgi_initx(3)</a>.1562The write buffer hooks into <a href="khttp_write.3.html">khttp_write(3)</a> and, if set to a non-zero size, will cause1563writes to be buffered.1564This changes existing behaviour where writes were never buffered.1565Note that this function is invoked by all writing functions, both within <a href="kcgi.3.html">kcgi(3)</a> and its1566libraries such as <a href="kcgijson.3.html">kcgijson(3)</a>.1567The buffer is flushed when its size is exceeded or when <a href="khttp_free.3.html">khttp_free(3)</a> is invoked.1568If not provided, the default is 8 KiB for CGI and 65 KiB for FastCGI.1569Also renamed the <code>xmalloc</code>-style internal functions so as not to override weak symbols in any interfacing1570applications.1571This was noted by Okan Demirmen—thanks!1572</div>1573</aside>1574</article>1575<article data-sblg-article="1" data-sblg-tags="version">1576<header>1577<h1>0.7.8</h1>1578<address>Kristaps Dzonsons</address>1579<time datetime="2016-03-02">2016-03-02</time>1580</header>1581<aside>1582<div>1583Use <a1584href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/strtonum.3">strtonum(3)</a> whenever possible,1585inspired by a patch from Jan Schreiber—thanks!1586Add <a href="khttpdigest_validate.3.html">khttpdigest_validatehash(3)</a>, which authenticates an HTTP digest session using a pre-computed hash.1587(The existing function builds the hash from a password.)1588This is required by <a href="http://kristaps.bsd.lv/kcaldav">kCalDAV</a>.1589</div>1590</aside>1591</article>1592<article data-sblg-article="1" data-sblg-tags="version">1593<header>1594<h1>0.8.1</h1>1595<address>Kristaps Dzonsons</address>1596<time datetime="2016-03-15">2016-03-15</time>1597</header>1598<aside>1599<div>1600Significantly update the FastCGI handling.1601There were two foci to this effort:1602first, to make the existing FastCGI1603system more robust in terms of starting1604and stopping; the second, to extend1605FastCGI so that <a1606href="kfcgi.8.html">kfcgi(8)</a>1607can handle variable-sized pools of1608workers instead of a fixed number.1609The method of extending FastCGI is1610described in <a1611href="extending01.html">FastCGI1612Extensions for Management1613Control</a>, and is implemented1614by the -<span class="flag">r</span> flag1615in <a href="kfcgi.8.html">kfcgi(8)</a>.1616</div>1617</aside>1618</article>1619<article data-sblg-article="1" data-sblg-tags="version">1620<header>1621<h1>0.8.2</h1>1622<address>Kristaps Dzonsons</address>1623<time datetime="2016-04-06">2016-04-06</time>1624</header>1625<aside>1626<div>1627Fix the -<span class="flag">l</span> flag in <a href="kfcgi.8.html">kfcgi(8)</a> as dictated in <a1628href="https://github.com/kristapsdz/kcgi/pull/1">pull/1</a> on the <a1629href="https://github.com/kristapsdz/kcgi">GitHub</a>.1630Thanks, <a href="https://github.com/cornett">cornett</a>!1631</div>1632</aside>1633</article>1634<article data-sblg-article="1" data-sblg-tags="version">1635<header>1636<h1>0.8.3</h1>1637<address>Kristaps Dzonsons</address>1638<time datetime="2016-04-19">2016-04-19</time>1639</header>1640<aside>1641<div>1642Work around an <a href="https://marc.info/?l=openbsd-tech&m=144571751203238&w=2">old but fatal FastCGI1643problem</a> only found on OpenBSD's <a href="https://github.com/reyk/httpd">httpd</a>.1644This assumes that HTTP headers are only on the first FastCGI packet, which is not part of the standard.1645The workaround is to have HTTP headers buffer just like the HTTP body, which will cause multiple headers to lump1646into (hopefully) one packet.1647Headers are still flushed when the HTTP body begins, however, although I'm still unsure whether this is a good1648idea.1649(It pushes the status code to the web server faster, but incurs an extra trip on the wire.)1650If you've disabled buffering in <a href="khttp_fcgi_init.3.html">khttp_fcgi_init(3)</a>, or you have so many1651headers that the output buffer is flushed before the last header, <a1652href="https://github.com/reyk/httpd">httpd</a> will intermix your body with headers.1653Ew.1654This problem was raised as <a href="https://github.com/kristapsdz/kcgi/issues/2">issues/2</a> by <a1655href="https://github.com/cornett">@cornett</a>—thanks!1656Also fix <a href="https://github.com/kristapsdz/kcgi/issues/3">issues/3</a>, raised by the same—thanks1657again!1658</div>1659</aside>1660</article>1661<article data-sblg-article="1" data-sblg-tags="version">1662<header>1663<h1>0.8.4</h1>1664<address>Kristaps Dzonsons</address>1665<time datetime="2016-06-14">2016-06-14</time>1666</header>1667<aside>1668<div>1669Fix several documentation bugs that erroneously noted values can be NULL when they would instead by empty1670strings.1671Also fixed some broken links.1672</div>1673</aside>1674</article>1675<article data-sblg-article="1" data-sblg-tags="version">1676<header>1677<h1>0.8.5</h1>1678<address>Kristaps Dzonsons</address>1679<time datetime="2016-08-19">2016-08-19</time>1680</header>1681<aside>1682<div>1683Some documentation fixes and clarifications as suggested by Ross Richardson—thanks!1684Also added a <a href="tutorial3.html">custom validation tutorial</a>.1685</div>1686</aside>1687</article>1688<article data-sblg-article="1" data-sblg-tags="version">1689<header>1690<h1>0.9.0</h1>1691<address>Kristaps Dzonsons</address>1692<time datetime="2016-10-10">2016-10-10</time>1693</header>1694<aside>1695<div>1696Regressions, regressions, regressions, regressions.1697Fix <a href="kcgiregress.3.html">kcgiregress(3)</a> to work in a more general fashion, adding an example usage1698along the way.1699Regression tests are (sadly) not used often for web applications, so this tool should be a welcome one!1700Also add two useful functions: <a href="kutil_epoch2str.3.html">kutil_epoch2str(3)</a> for converting from1701integral (epoch) UNIX time into an HTTP date and <a href="kutil_date2epoch.3.html">kutil_date2epoch(3)</a> and <a1702href="kutil_date2epoch.3.html">kutil_datetime2epoch(3)</a> for converting from dates to integral time.1703Lastly, clarify that <a href="khttp_parse.3.html">khttp_parse(3)</a> requires a call to <a1704href="khttp_free.3.html">khttp_free(3)</a> if and only if it returns success.1705</div>1706</aside>1707</article>1708<article data-sblg-article="1" data-sblg-tags="version">1709<header>1710<h1>0.9.1</h1>1711<address>Kristaps Dzonsons</address>1712<time datetime="2016-10-17">2016-10-17</time>1713</header>1714<aside>1715<div>1716Get rid of BSD make in favour of <a href="https://www.gnu.org/software/make/">GNU make</a>.1717I generally don't like GNU software, so let me explain: portability and readability.1718The original Makefile was almost 500 lines; the new one is 350.1719While this software isn't exactly a moving target, it's still annoying to add the same lines over and over1720again.1721If you can think of a better way, please let me know.1722</div>1723<div>1724Next, add some logging functions: <a href="kutil_log.3.html">kutil_log(3)</a> and friends.1725Why?1726I find myself re-rolling these same routines over and over again.1727They're similar (enough) to the NCSA format, sanitise (and bound) output, and time-stamp without tripping <a1728href="http://man.openbsd.org/pledge.2">pledge(2)</a>.1729</div>1730<div>1731Lastly, add an index of all <a href="functions.html">functions</a>.1732</div>1733</aside>1734</article>1735<article data-sblg-article="1" data-sblg-tags="version">1736<header>1737<h1>0.9.2</h1>1738<address>Kristaps Dzonsons</address>1739<time datetime="2016-11-27">2016-11-27</time>1740</header>1741<aside>1742<div>1743Following a report by Ross Richardson (thanks!), fix cookie handling.1744Before, cookie values (and keys) were being handled as URL-encoded strings.1745Now they're correctly handled as opaque values; and moreover, they use a stricter check against <a1746href="https://tools.ietf.org/html/rfc6265">RFC 6265</a>.1747While there, update some spelling and typos (thanks Svyatoslav!).1748</div>1749</aside>1750</article>1751</articles>1752