CHANGE LOG for WN package ========================= CHANGES from version 2.0.5 to 2.0.6 (2/14/99) ----------------------------------------------- Fixed bug in wn/wn.c which caused "Content-length: 0" not to be sent with redirects (status code 301). Fixed bug in wn/parse.c which caused redirects to mailto: URLs to fail. Changed keepalive timeout from 20 seconds to 10 seconds. CHANGES from version 2.0.4 to 2.0.5 (12/12/98) ----------------------------------------------- Fixed bug which made raw documents accessible when handled by CGI-handler or filters (raw = before handled or filtered). Also fixed bug in wn/cgi.c that in certain circumstances caused the server to try to execute the file to be handled rather than the handler. Thanks to Peter van Dijk for finding these. Added release number to cofig.h.dist and Makefile.dist for future use. CHANGES from version 2.0.3 to 2.0.4 (12/7/98) ----------------------------------------------- Fixed bug which made source of scripts accessible. This is serious security issue if you run CGI scripts which contain confidential information. Fixed bug in wndex/content.c which caused core dump when Attributes=MD5 was used on a non-existent file. CHANGES from version 2.0.2 to 2.0.3 (10/9/98) ----------------------------------------------- WN now sends the header "Last-Modified" instead of "Last-modified". Fixed bug in wn/wn.c where my_id in function remk_postdir() was not set. Fixed bug in wn/evalif.c which showed up with use of #if language. Fixed bug in init.c which caused error logging not to use syslog facilities when it should. CHANGES from version 2.0.1 to 2.0.2 (9/16/98) ----------------------------------------------- Fixed bug in cgi.c that caused REMOTE_IDENT not to be put in the environment when it should. Fixed minor bug in wndex/wndex.c which mishandled lines with multiple #'s. CHANGES from version 2.0.0 to 2.0.1 (8/3/98) ----------------------------------------------- Jean Pierre LeJacq has put in a tremendous amount of work cleaning and formatting all the WN documentation. The main motivation for this release is to give everyone the benefits of his work. We all owe him a big thank you. Fixed bug that allowed text/plain files to sometimes beparsed. Fixed bug in wn/wn.c so that if directory /tmp/wn_tmpdir gets removed it is automatically re-created. Fixed bug in wn/chkcntrl.c that improperly initialized handler and filter. Fixed bug that caused a body to be sent (incorrectly) in response to certain errors with the HEAD method. CHANGES from version 1.19.9 to 2.0.0 (5/9/98) ----------------------------------------------- General cleanup so gcc -Wall provides a clean compile Removed extern declaration of malloc() and replaced with appropriate #include. Fixed bug that caused MD5 header to be sent on range requests. Added support for return status 413 "Request entity too large". This is sent if POST data is larger than 5 meg (MAXPOST in config.h). Added support for CHANGES from version 1.19.8 to 1.19.9 (5/3/98) ----------------------------------------------- Redirects now work if nothing has been sent. I.e. now works. Implemented Content-MD5 header for static documents. See Attribute=MD5 in appendixB.html. Fixed bug in chkcntrl.c which allowed the use of POST method only if Attributes=post was set. This prevented the use of one script for both GET and POST. CHANGES from version 1.19.7 to 1.19.8 (3/29/98) ----------------------------------------------- Fixed bug in vhost.h (missing '='). Fixed bug in wn.c/chkcntrl.c that caused the server not to chunk files sent with a filemodule (HTTP/1.1) or not to close the TCP connection (HTTP/1.0). Made tempfile for posting more secure. Added evnironment variables DOCUMENT_ROOT (replacing WN_ROOT) and SCRIPT_FILENAME Fixed bug in common.h which caused attibutes=cacheable to also set attributes=post CHANGES from version 1.19.6 to 1.19.7 (2/23/98) ----------------------------------------------- Added support for " is 2K. Fixed bug in wn/wn.c which was not always handling NOACCESS and redirects correctly. Fixed bug in parse.c that caused chunking not to be done when a parsed text redirect was not done because the condition was not satisfied. CHANGES from version 1.19.5 to 1.19.6 (1/25/98) ----------------------------------------------- Fixed bug in wn/wn.c that caused connections to timeout after 20 seconds rather than the default of 10 minutes. Fixed bug that caused transactions to HTTP/1.0 protocol instead of 1.1 even if the client is 1.1. CHANGES from version 1.19.4 to 1.19.5 (1/24/98) ----------------------------------------------- Added support for && (and) and || (or) in . Fixed bug in gsearch that caused attempt to parse plain text documents for things like lines in text/plain files. Reported by Scott McMullan. Fixed bug in wn/common.h. OUT_BUFFSIZE was #defined to be (128). It should be (4096). CHANGES from version 1.16.0 to 1.17.0 (10/29/96) ----------------------------------------------- Fixed bug in send.c which the file being sent to be closed twice. This caused problems on some linux systems. Fixed bug in send.c that caused the Filter= directive only to work if its complete path name from the server root was given. Fixed bug in configure script which caused it to add extra "-O3" arguments to the CFLAGS variable in the Makefile. Thanks to J. Norden. Added support for the "Max-Age" and "Default-Max-Age" directives. For example, "Max-age=3 weeks" will cause the Expires header to be set for a date 3 weeks after the document is served. The units seconds, minutes, hours, and days are permitted in place of weeks (but multiple units like "3 days and 2 hours" are not allowed). Also the directive "Max-age=3 weeks after last-mod" will cause the Expires header to be set to 3 weeks after the last-modified date of the file. Added support for and parsing instructions see docs/appendixC.html. Added support for directives Default-Includes and Default-Wrappers. For more information see docs/appendixB.html. The search type can now be set in a forms field called "mode". For more details see http://hopf.math.nwu.edu/docs/search.html#mode CHANGES from version 1.15.8 to 1.16.0 (10/10/96) ----------------------------------------------- There is a new CGI environment variable URL_SCHEME which contains "http" if a normal wn or swn is being run or "https" if the server has been patched to use secure sockets layer (SSL). The temp file used by wndex is now name "indxcach.tmp" by default so it works on filesystems which require 8.3 names. Fixed bug in wndex which caused it to list "indxcach.tmp" in the index.cache file if the serveall directive is used. (Thanks to P. DuBois) CHANGES from version 1.15.7 to 1.15.8 (9/14/96) ----------------------------------------------- Version 1.15.7 erroneously contained many of files from 1.15.6. It will run fine but the fixes listed for 1.15.7 won't actually work until you get 1.15.8. Fixed mistake in /docs/examples/shape.map -- a missing point in the polygon description (thanks to I. To). Fixed bug in chkauth.c that caused sporadic authentication problems with IRIX systems (thanks to P. Tyers). CHANGES from version 1.15.6 to 1.15.7 (9/12/96) ----------------------------------------------- Fixed bug that caused turning off persistent connections to fail. To turn them off #define NO_KEEPALIVE in config.h Created timeout for authwn. Also REMOTE_USER and AUTH_TYPE should now be set for authentication modules. Fixed bug that caused "write error" to be logged in error log whenever the remote client disonnected in mid transaction. Improved wn/Makefile. CHANGES from version 1.15.5 to 1.15.6 (8/25/96) ----------------------------------------------- Rewrote much of the low level buffering for file output. This needed doing anyway, but an interesting paper by John Heidemann at http://www.isi.edu/lsam/publications/phttp_tcp_interactions/paper.html was a prime motivator. The two suggestions suggested in this article are incorporated in this version. CHANGES from version 1.15.4 to 1.15.5 (8/22/96) ----------------------------------------------- Added support for the NCSA extended log format. This is invoked with the -v option as in "-v " where is one of "common", "verbose", or "ncsa." NOTE: THIS IS AN INCOMPATIBLE CHANGE TO THE -v OPTION. Fixed bug in isearch.c which caused Content-Length header to be sent for search results. It shouldn't be sent. Also fixed the same thing for line ranges. (reported by R. Bixler) Fixed bug in wn/prequest.c so virtual host name comparison is not case sensitive. (thanks to A. Roelofs) Fixed bug in wn/wn.c thiscon.authuser and thiscon.rfc931name were not properly initialized. Fixed bug in wn/wn.c, to actually have the "Netscape hanging" bug fix take effect. Fixed bug in wn/send.c which caused some redirected documents to be logged twice. Fixed bug in handling of redirects with '#' in anchor (thanks to D. Capshaw). Added support for . (Thanks to S. Trier) Added support for the CGI environment variables AUTH_TYPE, HTTP_ACCEPT_LANGUAGE and HTTP_ACCEPT_CHARSET. CHANGES from version 1.15.3 to 1.15.4 (7/28/96) ----------------------------------------------- Fixed bug in wn/chkcntl.c that failed to make CGI docs dynamic when they should be. (Reported by Roy Bixler) With substantial help from D. Capshaw I think the "Netscape hanging" bug is fixed. Fixed bug in wndex/serveall.c which caused the temp file "index.cache.temp" to be listed in the index.cache file when Attributes=serveall is used. (Reported by P. DuBois) Fixed bug in wn/parse.c. The array bigbuf[] was not properly initialized. (Thanks to I. Levinson) Rewrote "get_input" in wn/wn.c to read() rather than fgets(). Added support for a group file to authwn. See docs/access.html. The configure script now asks if you want persistent connections. The default is yes for 1.15.x and no for 1.14.x CHANGES from version 1.15.2 to 1.15.3 (7/11/96) ----------------------------------------------- Fixed distribution which was not assembled properly for 1.15.2 (i.e. it had some old files so all the fixes weren't there). Fixed bug in wn/parse.c. The array bigbuf[] was not properly initialized. (Thanks to I. Levinson) CHANGES from version 1.15.1 to 1.15.2 (7/8/96) ------------------------------------------- Fixed bug in chkcntrl.c that caused filemodules to fail. They now also work with Attributes=serveall (thanks to W. Zekoll) Fixed bug in chkcntrl.c which caused a segmentation fault if a request for a file in a non-existent directory was received. (reported by N. Walsh) Fixed bug in wn/cgi.c which caused sporadic failures for simple /bin/sh CGI scripts. (reported by S. Trier). Fixed wn/gsearch.c which produced some HTML in search responses which was not legal. Fixed bug in wn/wn.c which made Accept-Ranges header wrong causing PDF files to fail with Netscape plugin. CHANGES from version 1.15.0 to 1.15.1 (6/12/96) ------------------------------------------- Fixed bug in wn/image.c which caused the "point" method to sometimes fail. Fixed bug in wn/init.c which caused the error logging to always fail. Added support for multiple byteranges with the Range: header. CHANGES from version 1.14.2 to 1.15.0 (6/4/96) ------------------------------------------- Implemented "lazy logging". DNS lookups and logging now take place after the end of a connection. (A connection may be persistent and include several transactions.) This can cause an improvement in user peceived speed. It is not really more efficient since the same work must be done, it is just done after the document is transmitted. Increased constants in wndex/serveall.c to allow more files in a directory using serveall. CHANGES from version 1.14.1 to 1.14.2 (6/4/96) ------------------------------------------- Added feature to wndex suggested by many to have it write initially an index.cache.temp file and then use rename() to move that to index.cache when it is finished. Fixed bug in wn/wn.c which caused http_prolog() to give an incorrect zero content length header in 401 (not authorized) responses. CHANGES from version 1.14.0 to 1.14.1 (5/31/96) ------------------------------------------- Improved portability for SOLARIS2 and AIX. I.e. AIX now compiles correctly and Solaris works with cc (before it worked with gcc). Fixed wndex so it no longer issues warning when a redirected file does not exist and has no title. Fixed bug in "configure" that caused it not to ask for a substitute value for "public_html" when using the TILDE_TABLE feature. Also "configure" now asks if you are using gcc or cc. This is necessary for proper configuration of Solaris. A number of documentation improvements. Many typos fixed thanks to C. M. Rogers. Fixed bug in cgi.c that could have caused the loss of some bytes from CGI output in some circumstances. (Thanks to U. Pfeifer) Put timehack() back in standalone.c -- somehow it got lost between 1.09 and 1.10. This is a dummy lookup of time and DNS stuff, done once when the server starts up to get some standard info from the system. It should improve performance slightly. CHANGES from version 1.13.5 to 1.14.0 (5/24/96) ------------------------------------------- Fixed bug in do_list_search() from wn/csearch.c which caused list searches to create an incorrect form at the end of matches. Fixed problem in wndex/content.c which caused compile to fail on systems for which NEED_STRCASECMP is defined. (reported by H. MacEwan). Fixed bug in wn/prequest.c which caused looping when requests like http://host/cgi-bin/dir/foo are made. CGI scripts must be in a directory named cgi-bin or end with suffix .cgi. The file manual section /docs/cgi.html now emphasizes this. Fixed problem in wn/parse.c which caused the Default-document directive to fail when used in users' directories, i.e. with URL's like "http://host/~user/". (reported by H. MacEwan and U. Pfeifer). Fixed bug in wn/chkcntrl.c that caused incorrect value of directory owner in Link: headers. Fixed bug in wn/common.h to make ".tex" files have content type text/plain. Changed date format for Date: and Last-Modified: headers to be consistent with RFC 1123. Fixed bug that caused NO_SUCH_FILE URL redirection not to work when the non-existent file is in a non-existent directory. (reported by K. Lyon) Added support for conditional inclusion based on virtual hostname (see docs/appendixC.html). CHANGES from version 1.13.4 to 1.13.5 (5/6/96) ------------------------------------------- Fixed bug in init.c which caused compile failure when USE_VIRTUAL_HOSTS is #defined, but VIRTUAL_HOSTS_FILE is not. Fixed bug int wn/wn.c and wn/chkcntrl.c which caused error message not to be sent when a non-existent file was requested and no custom error message had be specified (reported by H. MacEwan). Improved compatibilty for RISCOS (thanks to P. DuBois). CHANGES from version 1.13.3 to 1.13.4 (4/29/96) ------------------------------------------- The "virtual hosts" feature of the WN server has been enhanced in two ways. First it is now possible to use a file containing a list of virtual host names, their IP addresses and the data root directory for each. Secondly the server now supports the "Host: " header implemented by some browsers (e.g. Netscape2.x) and so-called "full URLs". For browsers that support either of these features it is now possible to have multiple virtual hosts with a single IP address! The HTTP/1.1 protocol will require browsers to support the Host: header. Fixed bugs in parse.c which caused redirects with "#" to fail and caused to fail. Fixed bug which caused error logging to sometimes fail when call to getpeername fails. Imagemap changes: A file named foo.map (i.e. with suffix .map) will automatically be considerd to have "Attributes=imagemap" set when wndex is run unless a "Content-type=whatever" line is supplied for it. This will also work if "serveall" is specified and there is no entry for foo.map. But it is necessary to run wndex, i.e. the server will not recognize foo.map as an imagemap file if wndex has not been run on the directory containing it. There are three new per directory directives which may be placed in index files. Access-denied-URL=http://host/dir/foo.html No-Such-File-URL=http://host/dir/foo.html Auth-denied-file=~/dir/foo.html The first is a URL to which to redirect if the request is denied because of an accessfile restriction. The second it a URL to which redirect a request for a non-existent file. The third is a file containing an HTML doc to use as an error message which password authentication fails. See /docs/appendixB.html for more details. Fixed bug in send.c which caused rewriting of same data when there is a partial write. (reported by T. William Wells) Fixed bug in csearch.c (reported by P. DuBois) and bug in standalone.c (reported by J. Polterock) CHANGES from version 1.13.2 to 1.13.3 (3/7/96) ------------------------------------------- There have been some significant changes with the serveall attribute. A minor change is that it is no longer the case that non world readable documents will not be served. Now any document readable by the server will be served unless it ends in '~' or starts with '.'. The big change is that now running wndex in a directory with attribute=serveall enters all the servable documents in the index.cache file. This means they are all searchable and that HTML files among them will have the correct title. Changed Allow-Range: header to Accept-Range: header per spec change. Fixed bug that caused wrong document root to be used sometimes if the document root was changed in the middle of a multi-request connection. Fixed bug that made caused content length header to be off by one in range requests of the form "bytes=n-". Fixed bug that caused some spurious Write Error messages to be logged and that caused some images to "hang". Fixed bug in wndex/wndex.c that caused Default-Attributes to fail. (Thanks to Hans de Graaff). Fixed bug that caused some repeated simple searches to fail because the URL might have two "query=" strings at the end. Fixed bug that caused by a NULL value of errlogfp. CHANGES from version 1.13.1 to 1.13.2 (2/17/96) ------------------------------------------- Added support for a new additional format in access files restricting directory access to certain hosts. The new format for a line in an access file is nnn.nnn.nnn.nnn/mmm.mmm.mmm.mmm consisting of an IP net address and an IP mask. The procedure is to take the IP address of the remote client, do a logical "and" of each of its four parts with the four parts of the mask (mmm.mmm.mmm.mmm) and check that the four results agree with the four parts of nnn.nnn.nnn.nnn. For example, the line "123.123.123.0/255.255.255.0" will match (and allow access to) precisely those machines with IP address of the form 123.123.123.x because the "x" part is "anded" with 0 and hence becomes 0, while the other four parts are anded with 255 and hence unchanged, so they must all equal 123. Added support for to include the contents of any environment variable in a parsed HTML document. Added support for a new command line argument "-q pidfile" which specifies the name of a file in which the server puts its process id rather than printing it to standard output. This filename can also be specified when the configure script is run. For more details see docs/access.html. Any redirection to a URL containing "#whatever" is now sent out as an HTTP 302 redirect and not done locally. Fixed bug in wn/parse.c which broke imagemaps on some systems. Fixed bug in wn/parse.c which caused not to work. Fixed bug in wn/prequest.c which caused markline documents to have incorrect Content-Length. Fixed bug in chkcntrl.c which caused CGI documents not to be marked dynamic when they occur in an index file with attribute=serveall set. Hopefully fixed bug which caused documents to be truncated when they were included in wrappers which are executed or used includes which were executed. CHANGES from version 1.13.0 to 1.13.1 (1/17/96) ------------------------------------------- Fixed bug in standalone.c which caused SYSV systems to fail to compile with an "undeclared function zombie..." error. Fixed bug in wn/chkcntrl.c and wn/wn.c whicn caused "Default-Document" and "Default-Content" directives to fail. If a Redirect directive is given with a trailing '?' as in Redirect=http://host/foo? Then the server will append the "query" part of the original request before doing the redirect. The query part is anything after a '?' in the URL. This applies also to which works like other conditional parsed text but matches against clients request. BTW either =~ or ~ works in these conditional parsing constructs. I have decided that =~ is better so I changed the documentation to reflect that. If swn receives a HUP signal (via "kill -HUP server_pid") it will close the logfiles and then reopen them. This is useful for logfile rotation scripts. This will have an effect only if the logfiles have been moved with "mv" before the kill -HUP is done. (Thanks to George Headley) To help with this swn will now print its pid to standard output when it it starts. Thus invoking it with a command like "swn /path/wnroot > /path/wn.pid" will put the process id of the server in the file /path/wn.pid for use in logfile scripts (See /docs/setup.html#logging). If the server gets its hostname from config.h or the command line it will now get the appropriate IP address from gethostbyname(). This allows running multiple instances of the server on the same port, but with different IP addresses. See docs/multi.html. (Thanks to George Headley) Timeouts are now logged in the main logfile not the error logfile. The error logfile is intended for potential problems of which the maintainer should be aware. Thus while timeouts aren't exactly normal they usually don't indicate a server problem. There is a new environment variable set for CGI scripts. It is called HTTP_POST_FILE and contains the path to a file containing the data posted by the client. The file is removed after the CGI script exits. This is intended for use with the new file upload capability of the Netscape browser (and hopefully others). CGI scripts should be able to rename or copy this file (of course the content of the file is still avaiable on standard input). Note that there is a maximum allowable size for a post which is currently 1 meg. This can be changed by altering the value of the MAX_POST #define in wn/wn.c. You can now put multiple attributes in a single attribute directive separated by commas. I.e. Attributes=nosearch, parse, dynamic is equivalent to 3 separate Attributes lines with the values nosearch, parse, dynamic. Note that "Attrtibutes=" (with the 's') is equivalent to "Attribute=". CHANGES from version 1.08 to 1.09 (9/20/95) ------------------------------------------- The HTTP_AUTHORIZATION environment variable is gone. The authorization header information is now communicated to authorization modules by first URL-encoding it and then passing it as the first (command line) argument. This means that wn 1.09 is not compatible with versions of authwn which are pre-1.09. Sorry. Of course wn-1.09 works with authwn wn-1.09 and no changes in your index file should be needed. BUT: Henceforth authwn and other Authorization-Modules can only be used when the server is run with the -t or the -T option or the (new) -a or -A option and with the trusted user or group the owner of the index.cache file listing the Authorization-Module. This is to protect against counterfeit Authorization-Modules. Fixed bug in wn/standalone.c caused by typo. It should be daemon_logerr not daemon)logerr. (Thanks to P. Dubois). Fixed bug in parse.c which caused context search references (things with #WN_mark) to fail when they were parsed. (Reported by R. Firth) When a redirect is done because a trailing '/' has been left off the request the :port is left off if port = 80. I.e. if the old redirect to http://host:80/dir/index.html will now be http://host/dir/index.html. When a '/' is tacked on the end of a file (not directory) URL then access is now denied. (reported by G. Retti) Fixed bug which caused to fail if redirect was local and file redirected to contained #includes. (reported by J. van Wezel) Fixed bug in wn/csearch.c which caused title searches sometimes to return matches from directories which were marked with Attribute=nosearch. wndex no longer warns about empty fields for Field#= if it is run with the -q (quiet) option. CHANGES from version 1.07 to 1.08 (8/30/95) ------------------------------------------- Added support for use of a "" URL in an imagemap file. This causes the server to send a status 204 "no response" header which tells the client to do nothing and leave the display alone. This means in imagemaps you can have a region (say the background) where nothing will happen if the user clicks. The page won't be reloaded and won't change. You can also use "Redirect=" lines in a file record of an index file. Added support for a new directory directive, "Default-Document". Now a line like "Default-Document=foo.html" in an index file in /dir will mean that http://host/dir/ will return foo.html instead of index.html. This is especially useful if you want to use a CGI script as the default document. Added Appendix E to documentation. This is a document for users who are not webmasters on how to set up a homepage in their own directory (assuming the "/~user" stuff has been enabled. Fixed bug in wn/standalone.c which caused swn to die sometimes when an accept() system call fails. Fixed bug in wn/chkcntrl.c which sent inappropriate error when a line in an accessfile does not end in a \n. Fixed bug in wn/chkcntrl.c which caused problems with Attributes=serveall and files ending in .z or .gz not being properly typed. Also unrecoginized suffixes caused a core dump. Fixed bug in wndex/content.c which caused wndex to fail to extract items properly from lines in HTML docs. (thanks to G. Anker) Added support for ISC systems to configure script (thanks to J. Bailey) Added support for "nocoords" in ismap support. This allows non-graphical browsers to be sent a message when an ismap graphic is selected. (thanks to S. Trier) In conditionally included text like , , etc. not to work in searchwrappers and nomatchsubs. Fixed bug in wn/chkcntrl.c (directory attributes were not initialized so, for example, some directories were marked non-searchable which should not have been). Fixed bug in wn/util.c in get_rmote_info() which caused failure to send error message when a bad ~user URL is requested. Fixed bug in wn/chkcntrl.c in chkaccess() which exited when accessfile could not be opened instead of treating it like an access denial. Added built in support for imagemaps. Just put a standard mapfile in your index with the "Attribute=imagemap" and make an ISMAP anchor point to it instead of the imagemap program. See docs/click.html and docs/examples/ismap.html. Added support for in parsed documents. Added support for in parsed documents. If this is encountered in a parsed document and no text has been sent then a redirection to "some_url" will be done. E.G. [Real document here] If verbose logging is used the HTTP Cookie is now logged if it is present. CHANGES from version 1.05 to 1.06 (7/11/95) ------------------------------------------- Fixed bug in "configure" script caused by typo. (reported by Adam Jack) Added support for Attributes=serveall directive allowing the serving of all files in a directory which are world readable and do not start with '.' (index and index.cache are excluded). See the last section of docs/index_desc.html for more details. Added documentation for the "Nomatchsub=" directive (formerly called "Emptysub" but undocumented). This permits the customization of the response to searches which find no matches. See the last section of docs/search.html or appendixB.html for more details. Changed all occurances of "uint" and "uchar" in reg.* to "unsigned" and "unsigned char" respectively. (suggested by Paul Dubois). Corrected various typos in documentation. CHANGES from version 1.04 to 1.05 (7/6/95) ------------------------------------------- Added strncasecmp code to wndex/wndex.c which now needs it (only for those systems which don't have it and have #defined NEED_STRNCASECMP) Fixed bug in wn/chkcntrl.c which caused it to allow access to IP address xxx.xxx.xxx.5, for example when only xxx.xxx.xxx.51 was supposed to have access. Fixed bug in wn/prequest.c which caused references like http://host/~user to fail to be redirected to http://host/~user/ (with final '/' added) as they should be. Instead they were redirected to a document relative to the main hierarchy. (Thanks to Stephen White). Improved the configuration script to handle setting up user homepages. Replaced the use of "BSD" in config.h and elsewhere with "BSD_LIKE" in order not to conflict with some systems use of BSD. CHANGES from version 1.03 to 1.04 (6/5/95) ------------------------------------------- Added "conditional included text" for parsed documents. This allows you to have public documents contain links to restricted documents with the link being invisible unless the client has access to the restricted document. But it also does *much* more. See the files docs/parse.html and docs/appendixC.html for full details. Do take a look at this, it is, IMHO, a significant new feature. Added a new attribute "cgi". If you add the line Attributes=CGI to an item in your index file then the standard CGI environment variables will be set up. This is useful for filters and for execed server-side includes. Fixed bug in wndex/wndex.c that caused mishandling of '&', '<', and '>' in the title field of an indexfile. (Reported by Paul Dubois) Fixed wn/util.c so that get_local_info doesn't use DNS to overwrite local hostname specified by #define WN_HOSTNAME in config.h (thanks to Stephen Trier) Fixed bug in wn/misc.c in functions strcasecmp() and strncasecmp() which caused problem on systems which don't have these. Added timezone to date logfiles and made error logfile have exactly the same format as the regular logs. Fixed wn/standalone.c so that an overloaded server doesn't just exit, but simply discards a request and keeps on going. Fixed bug in wn/init.c in function logerr which needed to reset date to the empty string. Fixed bug in wn/wn.c which caused erroneous HTML to be generated and served when an error occurs and the senderr() function is called. (Thanks to Stephen Trier) CHANGES from version 1.02 to 1.03 (5/7/95) ------------------------------------------- Fixed serious bug in wn/chkcntrl.c which caused -e option to fail. Fixed bug in wn/csearch.c that resulted in a missing
    for search wrapped title, keyword and field searches. Fixed bug in wndex which caused mishandling of empty tag pair. A request like GET /dir1/dir now generates a redirect to /dir1/dir/ rather than /dir1/dir/index.html. (Thanks to Christopher Davis) Fixed bug in wn/cgi.c which caused CGI output headers to be handled incorrectly if they ended with . Also fixed bug in wn/wn.c that caused HTTP header "MIME-version:" not to be sent. (Thanks to Mike Gallaher for these fixes). Fixed bug in send.c which caused it to fail to put WN_KEY into the environment properly. (Thanks to Mike Gallaher). Added support for the server attempting RFC931 (aka RFC1413, IDENT, or TAP) lookups on clients. This may be good for additional logging information, but should not be trusted for authentication. (Thanks to Christopher Davis). To use this you need to edit the file config.h and uncomment the /* #define RFC931_TIMEOUT (10) */ line. Added minimal support for different data roots corresponding to different IP interfaces. See the section of docs/tilde.html called "Hierarchies based on IP address." Added better support for Netscapeisms: Refresh and Cookie/Set-Cookie. See docs/appendixB.html for more details. More info about Cookie/Set-Cookie is in docs/cookie. CHANGES from version 1.01 to 1.02 (4/9/95) ------------------------------------------- Fixed bug in wn/prequest.c which caused title and keyword searches from WN root to fail. Fixed wndex so it can now handle HTML documents whose titles are not on a single line. E.g. This is the title can now be used instead of just This is the title Fixed bug in wn/wn.c so that CGI scripts never return "304 Not Modified" but always rerun the script. Added to security chapter of users' guide. CHANGES from version 1.00 to 1.01 (3/31/95) ------------------------------------------- Fixed bug in wndex that caused it to put Keywords in index.cache twice when they were listed in a element of and HTML file. Fixed bug in wndex which caused incorrect default content-type and created index.html files with missing
      when wndex was run with -r option (thanks to Mike Meyer) Fixed bug in wn/prequest.c which cause CGI scripts not to work when used as DEFAULT_URI. Also fixed bug that caused /~user/ not to be translated to /~user/index.html and then to /index.html in directory ~user/public_html/. Fixed bug in wn/cgi.c that sometimes caused spurious headers on returned CGI documents. This showed up most noticeably when doing "server push" transactions supported by Netscape. In /wn/util.c added '.' to remotehost name before doing lookup for efficiency. (thanks to S. Bennett) Fixed bug in bin/digest which made using first line of records fail (thanks to Andrew Pam) CHANGES from version 0.99 to 1.00 (3/13/95) ------------------------------------------- Added support for /~user URLs and table lookup for root directory change. Details are in a new chapter of the users guide (/docs/tilde.html). Fixed bug in wn/chkcntrl.c which caused access to be granted to 123.123.123.123 when the accessfile only gave permission to 123.123.123.12. It is now necessary when listing an IP subdomain in an accessfile to end it with a period, e.g. the entry cannot be 123.123 but must instead be 123.123. to grant access to all hosts with IP adresses 123.123.xxx.xxx. Note that complete IP addresses like 123.123.123.123 must not end with a period, however. Fixed problems in init.c with syslog. Added new #define LOGPRIORITY to config.h (thanks to Rob Jenson). WN_HOSTNAME need no longer be set in config.h. It has been moved to the optional items there. By default it is #defined to be "". In this case if the -h option is not used the server will query the host (if it needs to) to find the name and the port. Of course if you want to set it you may, and that value will be used. The advantage of the new scheme is a binary compiled once may be used on several hosts without the -h option. I should point out the hostname is almost never used: it is put in the environment for CGI scripts to consult if they wish and it is used in certain fairly rare redirections because stupid browsers don't handle relative URLs in redirections. (In part this is thanks to David Capshaw) If VERBOSELOG is #defined in config.h the the user agent and referrer are logged. Changed cgi.c so that CGI scripts now use unbuffered i/o. This should work with Netscape's "server push". CHANGES from version 0.98 to 0.99 (2/20/95) ------------------------------------------- Fixed bug that caused executable includes to fail. Also documented this feature. (Maybe this wasn't really a bug since the feature had never been documented.) Fixed many typos in the documentation (thanks to Paul DuBois) and updated some sections. Some security enhancements. CHANGES from version 0.97 to 0.98 (2/14/95) ------------------------------------------- Fixed potential security problem involving attack similar to the famous internet worm fingerd vulnerability. There is now a #define DEFAULT_URI in the config.h file. It is set to "/index.hmtl". This is the document returned in response to a request with only the hostname. You would need to change it if, for example, you wanted to have the default server response be to run a CGI script. The default value of TIMEOUT has been reduced to 5 mins, but the timer is now reset each time 1024 lines of text or 128K of binary data have been sent. The DNS name lookup (from the IP address) is now checked more carefully to help prevent spoofing. (Thanks to David Capshaw). The NONET #define is gone and there is now a #define NO_DNS_HOSTNAMES line in config.h. Uncommenting this line will mean that there will be no hostnames in your log file, just IP addresses. This will reduce the load on your server (but probably not speed up responses since the lookups usually take place after the transaction is complete. Keep in mind that uncommenting this will mean that none of your CGI scripts will get the hostname and also that your access files cannot have hostnames in them, just IP addresses. CHANGES from version 0.97 to 0.97a (2/8/95) ------------------------------------------- Fixed bug in authwn.c that caused a segmentation violation if authwn was run with no arguments. Removed code to put strerror(errno) in errlog for portability reasons. CHANGES from version 0.96 to 0.97 (2/7/95) ------------------------------------------- Removed external declaration of strrchr() from wndex/content.c which was causing some problems. Fixed bug in wndex/wndex.c (content-type could sometimes be wrong). Fixed bug which caused "304 Not modified" transactions not to be logged. Fixed a couple of places where senderr() had an argument of the wrong type. Wndex now removes trailing whitespace from any lines it reads in an index file. Errorlog now contains output of strerror(errno). If WN_ERRORLOGFILE is set to "" and the server is run with the -S option then error logging will be handled by the syslog facility. If a CGI script is run and has been authenticated the environment variable REMOTE_USER is now set to the user name. When wndex creates an index.html file it now notifies the user of this fact and moves any existing file of that name to index.html.bak. Fixed bug in senderr() which caused logging to sometimes omit the URL and/or file name. Added function dedot() to prequest.c which replaces "/xxxx/../" and "/./" in URI path with a single /. Moved the invocation of get_remote_info() to a point later in the serving process. Now, for most transactions, this will take place after the document is sent so response time to clients should be faster. CHANGES from version 0.95 to 0.96 (1/13/95) ------------------------------------------- Fixed bug in bin/mkpasswd which required a password file to exist before working. (Patch thanks to Ron Pool). Fixed bug in wndex/wndex.c that caused segmentation violation when used with the -r option on some systems. (reported by Chael Hall) Added more to Appendix B in the user's guide. Also documented "line searches" for directories and context and grep searches for files in search.html. Fixed bug in file context and grep searches (wn/gsearch.c) which caused results to be returned as text/plain rather than text/html. CHANGES from version 0.94 to 0.95 (12/21/94) ------------------------------------------- Fixed bugs in logging which caused wrong status to be logged for many transactions and neglected to log username for authenticated transactions. Changed authwn.c to supply username to wn for logging. Fixed bug which caused incorrect "Bad field in cache" entries in the error log. Applied patch from S. Trier dealing with error returns from a file module. CHANGES from version 0.93 to 0.94 (12/15/94) ------------------------------------------- Added support for authentication via module authwn. See /docs/access.html. Added support for modules returning failing status. Fixed bug that allowed searching titles of authenticated directories without authentication. Filters and modules have a general mechanism for specifying path: If 1st char is '/' it's relative to system root, if it starts with ~/ it's relative to WN root, otherwise it is rel current directory. The -E -e and -u command line flags now affect modules as well as CGI, filters, etc. Fixed bug in wndex which caused it sometimes to run out of file descriptors (some files weren't being closed). Fixed bug in wndex that caused it sometimes to give two content types to a single document. Added support for putting Keywords in HTTP headers and reading them from lines in HTML documents. Replaced last half of docs/appendixB.html which somehow got truncated prior to 0.93. Corrected documentation on the "digest" utility to indicate the the proper order of arguments. Fixed bug in cgi.c which caused environment variable SERVER_PORT not to be set correctly (reported by A. Damini). Fixed bug in gsearch.h that caused context searches of filtered files to fail. CHANGES from version 0.9 to 0.93 (11/28/94) ------------------------------------------- Added #define for S_ISLNK(m) for systems which don't have it. Added #include in prequest.c and chkcntrl.c and removed #define from wrap.c. Added utility indexmaker in bin. Added file mime.types which was missing in the first release. It is in /lib Fixed bug exercised when Netscape uses If-Modified-Since with POST method. Fixed bug that caused documents requested with If-Modified-Since to be returned with no Content-type.