------------------------------------------------------------------- Wed May 31 04:59:03 UTC 2023 - Andreas Stieger - libmicrohttpd 0.9.77: * improvements for Digest and Basic authorizations * fix efficiency for TLS upgraded connections * fix processing of folded headers in requests * fix functionality with blocking sockets - update upstream signing key ------------------------------------------------------------------- Tue Feb 28 21:20:34 UTC 2023 - Andreas Stieger - libmicrohttpd 0.9.76 * CVE-2023-27371: Fix potential DoS vector in MHD_PostProcessor (boo#1208745) ------------------------------------------------------------------- Mon Dec 27 09:52:13 UTC 2021 - Andreas Stieger - libmicrohttpd 0.9.75: * fixes for where "monotonic" clock may jump back ------------------------------------------------------------------- Mon Dec 20 19:41:33 UTC 2021 - Andreas Stieger - libmicrohttpd 0.9.74: * new experimental implementation of WebSockets disabled by default * improved compliance with the RFC HTTP specifications * new implementation of reply header forming * new implementation of request chunked encoding parsing * new automatic error replies * Keep-alive header is omitted by default for HTTP/1.1 connections. Use of header can be enforced by response flag. * Chunked encoding is used for HTTP/1.1 non-keep-alive connections for responses with unknown size. Previously MHD used "indication of the end of the response by closing connection" in such cases, however it is not correct for HTTP/1.1 connections as per HTTP RFC. * As required by HTTP RFC, use HTTP/1.1 version instead of HTTP/1.0 in reply headers when client is HTTP/1.0 . HTTP/1.0 version can be enforced by response flag. * User response headers are used in replies in the same order as was added by application. * Allowed tab characters in response header values. * All custom "Connection:" response headers are automatically combined into single "Connection:" header. * "keep-alive" token silently dropped from custom "Connection:" response header. "Keep-alive" cannot be enforced and used automatically if possible. * Allow tab character in custom response header value. * Disallow space character in custom response header value. * Do not allow responses with 1xx codes for HTTP/1.0 requests. * Detected and reported incorrect "Upgrade" responses. ------------------------------------------------------------------- Tue May 18 09:54:14 UTC 2021 - Andreas Stieger - libmicrohttpd 0.9.73: * new function for vector-backed responses * compatibility with autoconf 2.70+ * Implement ALPN support ------------------------------------------------------------------- Tue Dec 29 13:25:29 UTC 2020 - Andreas Stieger - libmicrohttpd 0.9.72: * improved performance with stay-alive HTTP and HTTPS connections * bug fixes - remove deprecated texinfo macros ------------------------------------------------------------------- Sat Jul 4 17:40:48 UTC 2020 - Andreas Stieger - libmicrohttpd 0.9.71: * Fix buffer overflow issue in URL parser [boo#1173718] * Fixed PostProcessor bug * Documentation and example fixes ------------------------------------------------------------------- Sun Feb 9 10:15:21 UTC 2020 - Martin Hauke - Update to 0.9.70: * Fixed 100-continue handling for PATCH method * Fixed FTBFS from wrong #endif position for certain builds * Fixed connection overflow issue when combining MHD_USE_NO_LISTEN_SOCKET with MHD_USE_THREAD_PER_CONNECTION * Updated m4 script to fix FTBFS when using -Werror=unused-but-set-parameter * Adding fix for urlencoding of keys without values in post-processor logic. * Adding patch from Ethan Tuttle with test case for urlencoding in post-processor for keys without values. ------------------------------------------------------------------- Sun Dec 15 18:50:33 UTC 2019 - Martin Hauke - update to 0.9.69: * If application suspends a connection before we could send 100 CONTINUE, give application another shot at queuing a reply before the upload begins. ------------------------------------------------------------------- Tue Nov 5 08:20:42 UTC 2019 - Andreas Stieger - update to 0.9.68: * Fix regression where MHD would fail to return an empty response when used with HTTPS. * Introduce MHD_RF_INSANITY_HEADER_CONTENT_LENGTH - drop libmicrohttpd-0.9.67-fix-nonvoid-return.patch, in release ------------------------------------------------------------------- Thu Oct 24 19:45:52 UTC 2019 - Andreas Stieger - update to 0.9.67: * improvements that eliminate system and C library calls - drop libmicrohttpd-0.9.66-fix-gnutls-dependency.patch, upstream - add libmicrohttpd-0.9.67-fix-nonvoid-return.patch from upstream ------------------------------------------------------------------- Fri Aug 2 13:53:59 UTC 2019 - Andreas Stieger - fix build with SLE 12 with older GnuTLS: * libmicrohttpd-0.9.66-fix-gnutls-dependency.patch ------------------------------------------------------------------- Fri Aug 2 10:53:30 UTC 2019 - Andreas Stieger - update to 0.9.66: * Fix issue with discarding unhandled upload data discovered * Fix hanging situation with large transmission over upgraded (i.e. Web socket) connection with epoll() and HTTPS enabled * Add MHD_OPTION_HTTPS_CERT_CALLBACK2 to allow OCSP stapling and MHD_FEATURE_HTTPS_CERT_CALLBACK2 to check for - clean up build dependency list ------------------------------------------------------------------- Sat Jul 6 11:02:36 UTC 2019 - Martin Hauke - Update to versin 0.9.65: * Many fixes and improvements for connection-specific memory pool * Better handled connection's memory shortage situations: + error response could be sent to client even if all buffer space was used; + if buffer space become low when receiving, do not allocate last buffer space and use small receive blocks instead. * Improved sending speed by using all available buffer space for sending. ------------------------------------------------------------------- Mon Jun 10 14:06:44 UTC 2019 - Martin Hauke - Update to version 0.9.64: * Updated HTTP headers, methods and status codes from registries, * Added scripts to import new headers, methods and status codes from registries. * Reodered includes in microhttpd.h * Fixed compiler warnings * Updated and fixed libcurl tests. * Added checks for too long TLS parameters strings. * Spelling fixes. * Fixed example for non-64bits platforms. * Optimized and improved processing speed by using precalculated and already calculated lengths of strings. * Store connection's keys and values with sizes; * Speedup keys search be comparing key length first; * Added functions for working with keys and values with binary zeros; * Fixed test_postprocessor_amp to fail on problems. * Reverted change of MHD_KeyValueIterator, implemented MHD_KeyValueIteratorN with sizes for connection's key and value to get keys and values with binary zeros. * Fixed signed/unsigned comparison in example http_chunked_compression.c. * Bit manipulations moved to separate header file. * Improved shell compatibility for 'bootstrap', removed bash-ism. * Adding additional "value_length" argument to MHD_KeyValueIterator callback to support binary zeros in values. This is done in a backwards-compatible way, but may require adding a cast to existing code to avoid a compiler warning. * Added example for how to compress a chunked HTTP response. ------------------------------------------------------------------- Sun Feb 10 22:00:54 UTC 2019 - mardnh@gmx.de - Update to version 0.9.63: * Extended test_get to test URI logging and query string parsing to avoid regression fixed in previous patch in the future. * Preliminary patch for the raw query string issue, to be tested. * Added minimal example for how to compress HTTP response. * Check for GNUTLS_E_AGAIN instead of GNUTLS_E_INTERRUPTED when giving up on a TLS connection. -LM/CG * Fix connection timeout logic if in thread-per-connection mode the working thread takes longer than the timeout to queue the response. * Add logic to avoid VLA arrays with compilers that do not support them. * Fixed missing WSA_FLAG_OVERLAPPED which can cause W32 to block on socket races when using threadpool. (See very detailed description of the issue in the libmicrohttpd mailinglist post of today.) * Added test for RFC 7616 and documented new API. - Update to version 0.9.62: * Added test for RFC 7616 and documented new API. * Adding support for RFC 7616, experimental, needs testing and documentation still! * Add option to build MHD without any threads and MHD_FEATURE_THREADS to test for it. * Renamed all occurrences from _model(s)_ to _mode(s)_. * Optimized the function MHD_create_response_from_callback() for Windows by increasing its internal buffer size and allowed to customize it via macro MHD_FD_BLOCK_SIZE. * Referenced the gnutls_load_file() function in the HTTPs examples. * Fix regression causing URLs to be unescaped twice. ------------------------------------------------------------------- Fri Dec 7 13:28:42 UTC 2018 - malte.kraus@suse.com - Update to version 0.9.61: * parse arguments with (properly) escaped URLs correctly. Replace sprintf with snprintf in testcases. * Fix build issue with GnuTLS < 3.0. * Add MHD_create_response_from_buffer_with_free_callback. - Update to version 0.9.60: * gettext updated to 0.19.8 * can use epoll() without listen socket now * in thread-per-connection mode, socket closure is now communicated in a timely fashion to the application * added MHD_RF_HTTP_VERSION_1_0_RESPONSE option * preventing bogus transfer-encoding values * Added MHD_OPTION_GNUTLS_PSK_CRED_HANDLER * allow digest authentication with hashed password * ensure request completed callback is called from correct thread and also for upgraded connections ------------------------------------------------------------------- Mon Feb 26 19:05:14 UTC 2018 - mardnh@gmx.de - Update to version 0.9.59: * Fix masking operation. * Fix deadlock when failing to prepare chunked response * Fix __clang_major__ related warnings for non-clang compilers. * Fixed tests on platforms with huge number of CPUs. * Doxygen configuration was updated. * Various doxygen fixes. - Update to version 0.9.58: * Fixed HTTPS tests on modern platforms. * Minor documentation installation fixes. * Tolerate AF_UNIX when trying to determine our binding port from socket. Use `sockaddr_storage` instead of trying to guess the sockaddr type before calling getsockname(). ------------------------------------------------------------------- Fri Dec 1 14:05:56 UTC 2017 - tchvatal@suse.com - Install copying ------------------------------------------------------------------- Thu Nov 30 15:01:33 UTC 2017 - mpluskal@suse.com - Update to version 0.9.57: * See provided Changelog for details - Drop no longer needed patches: * libmicrohttpd_test_data.patch * disable-stalling-test.patch ------------------------------------------------------------------- Mon May 29 09:38:20 UTC 2017 - tchvatal@suse.com - Version update to 0.9.55 bsc#1041216: * See provided Changelog for details ------------------------------------------------------------------- Mon May 15 11:49:20 UTC 2017 - mpluskal@suse.com - Update licensing information ------------------------------------------------------------------- Thu May 11 08:15:24 UTC 2017 - mpluskal@suse.com - Update to version 0.9.54: * See provided Changelog for details ------------------------------------------------------------------- Thu Apr 13 17:02:21 UTC 2017 - mpluskal@suse.com - Update to version 0.9.53: * See provided Changelog for details - Refresh patch: * libmicrohttpd_test_data.patch ------------------------------------------------------------------- Wed Mar 8 13:17:21 UTC 2017 - tchvatal@suse.com - Do not abort on failing tests, as they randomly fail quite a lot bsc#1012840 ------------------------------------------------------------------- Mon Dec 12 11:03:32 UTC 2016 - tchvatal@suse.com - Version update to 0.9.52: * See provided Changelog for details - Refresh patch: * disable-stalling-test.patch ------------------------------------------------------------------- Fri Jun 3 08:23:38 UTC 2016 - mpluskal@suse.com - Update to version 0.9.50: * See provided Changelog for details ------------------------------------------------------------------- Thu Apr 14 18:10:40 UTC 2016 - mpluskal@suse.com - Update to 0.9.49 * See provided Changelog for details - Fix typo in previous changelog entry - Refresh patches - Use pkgconfig style dependencies ------------------------------------------------------------------- Sun Dec 20 09:24:05 UTC 2015 - mpluskal@suse.com - Update to 0.9.48 * Improved compatibility with VS2010 and other older compilers. * Default backlog size for listen socket was changed from 32 to SOMAXCONN, added new option MHD_OPTION_LISTEN_BACKLOG_SIZE to override default backlog size. * If not all connections can be handled by MHD_select() than at least some of connections will be processed instead of failing without any processing. * Fixed redefenition of FD_SETSIZE on W32 so select() will work with 2000 connections instead of 64. * Better handled redefenition of FD_SETSIZE on all platforms. * Close sockets more aggressively in multi-threaded mode (possibly relevant for idle servers). - Update dependencies ------------------------------------------------------------------- Sat Dec 5 09:22:32 UTC 2015 - mpluskal@suse.com - Update to 0.9.47 * Reworked VS project files. Used x64 build tools by efault, many optimizations, fixes. dded project files for VS 2015. -EG * SPDY is dead, killing experimental libmicrospdy. -CG * New logic for controlling socket buffer modes. Eliminated delay before last packet in response and before "100 Continue" response on all platforms. Also response header are pushed to client without waiting for response body. -EG * Remove 200ms delay observable with keep-alive on Darwin and *BSD platfroms. -EG * Fix issue with shutdown if connection was resumed just before shutdown. -FC - Update dependencies ------------------------------------------------------------------- Fri Nov 13 14:01:04 UTC 2015 - mpluskal@suse.com - Enable http2/spdy - Don't build examples as we don't ship them anyway - Disable tests as linking fails for them with spdy enabled ------------------------------------------------------------------- Tue Nov 10 14:23:58 UTC 2015 - mpluskal@suse.com - Update to 0.9.46 * Undoing change from Sun Oct 25 15:29:23 CET 2015 as the original code was counter-intuitive but correct, and the new code does break pipelining. Ignore empty lines at the beginning of an HTTP request (more tolerant implementation). ------------------------------------------------------------------- Sun Nov 1 11:44:58 UTC 2015 - mpluskal@suse.com - Update to 0.9.45 * Rework deprecation maros: fix errors with old GCC versions, improved support for old clang and new GCC. -EG * Return correct header kind in MHD_get_connection_values() even if a bitmask is used for the "kind" argument. -FC/CG * Fixing transient resource leak affecting long-lived connections with many keep-alives and HTTP request pipelining under certain circumstances (which reduced the receive window). * Fixed assertion failure triggered by a race in thread-per-connection mode on shutdown in rare circumstances. -CG * Deduplicate code between digestauth and connection parsing logic for URI arguments, shared code moved to new MHD_parse_arguments_ function in internal.c. -CG ------------------------------------------------------------------- Fri Oct 2 12:33:17 UTC 2015 - mpluskal@suse.com - Update to 0.9.44 * Various fixes for W32 VS project files. * Fix digest authentication with URL arguments where value-less keys are given before the last argument. * Do not use shutdown() on listen socket if MHD_USE_PIPE_FOR_SHUTDOWN is set. ------------------------------------------------------------------- Sat Sep 19 10:43:28 UTC 2015 - mpluskal@suse.com - Update to 0.9.43 * Call resume_suspended_connections() when the user is running its own mainloop and calls MHD_run_from_select() to support resuming connections with external select. -FC * Correct documentation as to when MHD_USE_EPOLL_LINUX_ONLY is allowed. -CG * Reimplement monotonic clock functions for better support various platforms. Print more information during configure. -EG * Export MHD_get_reason_phrase_for() symbol. -CG * Added checks for overflows and buffer overruns, fixed possible buffer overrun. Updated md5 implementation. Fixed many compiler warning (mostly for VC compiler). -EG * Fix failure to properly clean up timed out connections if running in external select mode without listen socket, which caused busy waiting until new connections arrived. (Fixes #3924, thanks to slimp for reporting and testcase). -CG * Ignore close() errors on sockets except for EBADF, fixes #3926. -CG * Make sure to decrement connection counter before calling connection notifier so that MHD_DAEMON_INFO_CURRENT_CONNECTIONS does not present stale information (relevant if this is used for termination detection of a daemon stopped via MHD_quiesce_daemon()). Thanks to Markus Doppelbauer for reporting. -CG * Fix (automatic) handling of HEAD requests with MHD_create_response_from_callback() and HTTP/1.1 connection keep-alives. Thanks to Cristian Klein for reporting. -CG * Add new functions MHD_create_response_from_fd64() and MHD_create_response_from_fd_at_offset64(). -EG * Fixing memory leak in digest authentication. -AW * Add deprecation compiler messages for deprecated functions and macros. -EG * Fixing digest authentication when used in combination with escaped characters in URLs. -CG/AW - Disable spdy support for now as spdylay is missing - Drop libmicrohttpd_test_session.patch as it is fixed now ------------------------------------------------------------------- Wed Jul 15 16:42:35 UTC 2015 - matwey.kornilov@gmail.com - fux build for SLES11: * explicitly require libgnutls-devel in -devel package ------------------------------------------------------------------- Mon Jul 13 13:01:26 UTC 2015 - matwey.kornilov@gmail.com - fix build for SLES11: * update disable-stalling-test.patch: Instead of disabling testcase in Makefile disable testcases in code, this could be even better we can disable only broken test but not the whole testcase. * add libmicrohttpd_test_session.patch: Disable test relying on available libcurl version (see https://gnunet.org/bugs/view.php?id=3893 for details) * wrap libmicrosdpy into macro to disable building on systems with openssl < 1.0.1 - update to 0.9.42: * fix off-by-one in MHD_start_daemon_va() error handling logic * fix #3784: actually implement MHD_CONNECTION_INFO_SOCKET_CONTEXT ------------------------------------------------------------------- Sun May 3 10:26:32 UTC 2015 - astieger@suse.com - update to 0.9.41: * fix bugs relating to various threading modes * fix some HTTP 1.0 tests ------------------------------------------------------------------- Mon Apr 13 11:39:23 UTC 2015 - meissner@suse.com - updated to 0.9.40 - Fix potential deadlock issue in MHD_USE_THREAD_PER_CONNECTION mode if shutdown is initiated while connections are active. -CG - Fix issue in thread-pool mode where a MHD_stop_daemon() might not reach threads that stopped listening because we hit the maximum number of concurrent connections and the option MHD_USE_PIPE_FOR_SHUTDOWN was also not used. Testcase added as well. -CG - Update HTTPS testcases to avoid SSLv3, as SSLv3 is dead. - Do not enforce FD_SETSIZE-limit on worker control pipe when using MHD_USE_EPOLL_LINUX_ONLY (#3751). -MH/CG - Adding MHD_OPTION_NOTIFY_CONNECTION, MHD_CONNECTION_NOTIFY_STARTED, MHD_CONNECTION_NOTIFY_CLOSED and MHD_CONNECTION_INFO_SOCKET_CONTEXT to allow applications to trigger operations when TCP connections start or end, instead of just exposing HTTP requests starting and ending. -RG/CG - Fixing bug that prevented MHD_OPTION_HTTPS_MEM_DHPARAMS from working within a MHD_OPTION_ARRAY. -DD - Adding MHD_OPTION_HTTPS_KEY_PASSWORD as proposed by Andrew Basile. -CG/AB - Fix issue where for HTTP/1.0-clients that set Connection: Keep-Alive header a response of indefinite size was generated with chunked encoding. -CG - Fix potential infinite loop on shutdown in multi-threaded mode under certain conditions. -CG - fixed info deinstall ------------------------------------------------------------------- Thu Jan 8 08:48:47 UTC 2015 - meissner@suse.com - libmicrohttpd.keyring: replaced maintainers keyring by new one with: pub 4096R/E29FC3CC 2014-12-09 uid Christian Grothoff uid Christian Grothoff uid Christian Grothoff sub 4096R/117E1AFB 2014-12-09 ------------------------------------------------------------------- Wed Jan 7 13:44:46 UTC 2015 - prusnak@opensuse.org - updated to 0.9.39 - dropped libmicrohttpd-0.9.34-spdy-pc.patch (included upstream) ------------------------------------------------------------------- Thu May 8 14:00:36 UTC 2014 - meissner@suse.com - do not define test_data before system header inclusion, libgcrypt uses this as argument parameters. (libmicrohttpd_test_data.patch) ------------------------------------------------------------------- Mon Apr 28 07:23:50 UTC 2014 - coolo@suse.com - disable problematic test case that causes the testsuite to deadlock just too often (disable-stalling-test.patch) ------------------------------------------------------------------- Thu Apr 24 07:32:10 UTC 2014 - dmueller@suse.com - remove dependency on gpg-offline, source validator already does that ------------------------------------------------------------------- Mon Apr 21 06:44:06 UTC 2014 - tchvatal@suse.com - Version bump to 0.9.34: * Drop tls patch seems to build fine * Remove code for other distros we build against 13.1+ anywhere within obs and it just clutters the spec. * Explicitely name switches in configure to make sure things go the desired way. * Fix install of libmicrohttpspdy pc file. + Added support for TCP FASTOPEN. + Removed dependency on plibc for simpler compilation for W32. + Added configure option "--disable-pipes" to use socketpairs instead of pipes for signalling to child threads. Pipes are always disabled on W32. + Corrected some uses of 'int' vs. 'size_t'. + MHD_USE_DUAL_STACK in libmicrohttpd currently just *inhibits setting* the IPV6_V6ONLY socket option, but per Microsoft's documentation the default on Windows is that this is enabled, thus MHD_USE_DUAL_STACK will not work (since it leaves the default). libmicrohttpd should probably just unconditionally set IPV6_V6ONLY to the desired value when the option is available. + Allow Keep-Alive with HTTP 1.0 (if explicitly requested), and automatically set "Connection: Keep-Alive" in response in this case as well. + Adding explicit annotations to hide symbols that are not for export in the C code (gcc 4.0 or higher only). + Adding a few lines to avoid warnings from picky compilers. - Added patches: * libmicrohttpd-0.9.34-spdy-pc.patch - Dropped patches: * libmicrohttpd-drop-test_tls_options.patch ------------------------------------------------------------------- Tue Mar 4 12:42:30 UTC 2014 - coolo@suse.com - do not run checks in parallel - they deadlock from time to time - enable make debug to debug the problem on OBS in case it reappears ------------------------------------------------------------------- Mon Jan 27 19:52:38 UTC 2014 - sleep_walker@suse.cz - refresh libmicrohttpd-drop-test_tls_options.patch - add there also ignoring test_https_sni - Update to 0.9.33 bsc#854443 CVE-2013-7038 CVE-2013-7039 + Fixed an issue with a missing argument in the postexample. + Fixed issue with bogus offset increment involving sendfile on GNU/Linux. Adding support for SNI. + Fix for per-worker daemon pipes enabled with MHD_USE_SUSPEND_RESUME that were not closed in MHD_stop_daemon. + Fixing warnings and build issue if --disable-https is given to configure. + 0.9.32: + Security fix: do not read past 0-terminator when unescaping strings (thanks to Florian Weimer for reporting). + Signaling n times for shutdown works, but for resume we need to wake up the correct daemon. Even if we signal n times in that case also, there's no guarantee that some daemon can't run through its select loop more than once before the daemon we want to wake up gets a chance to read. Thus we need a signal pipe per thread in the thread pool IF MHD_suspend_connection is used. This introduces a new flag MHD_USE_SUSPEND_RESUME to add those additional pipes and only allow MHD_suspend_connection to be used in conjunction with this flag. Also, as MHD_resume_connection() will be called on a non-daemon thread, but none of the queue insert/delete calls are thread safe, we need to be concerned about (a) corrupting the queue, and (b) having to add mutex protection around every access to the queues, including loops through timer queues, etc. This wasn't a problem before adding resume; even suspend should be safe since it happens in a callback from the daemon. I think it's easier to (a) have MHD_suspend_connection() move the connection to a suspended queue, (b) have MHD_resume_connection() mark the connection as resuming, and then (c) do all the actual queue manipulations in MHD_select (poll, epoll, etc.) to move the resumed connections back to their normal queues, in response to the wake up. The changes are simpler & cleaner. There is a cost to the basic select loop that is avoided by making suspend/resume a startup option. The per-worker pipes can then also be enabled only with that option set. + Eliminating theoretical stack overflow by limiting length of URIs in authentication headers to 32k (only applicable if the application explicitly raised the memroy limits, and only applies to MHD_digest_auth_check). Issue was reported by Florian Weimer. + Fix race on shutdown signal with thread pool on non-Linux systems by signalling n times for n threads. + Introduce state to mark connections in suspended state (with epoll); add missing locking operations in MHD_suspend_connection. + Fix definition of MHD_TLS_CONNECTION_INIT. + Fixing issue in PostProcessor when getting partial boundary at the beginning, expanding test suite. + Implementing faster processing of upload data in multipart encoding (thanks to performance analysis by Adam Homolya). + Adding support for connection flow control via MHD_suspend_connection and MHD_resume_connection. 0.9.31: + Fixing build issues on OS X with CLOCK_MONOTONIC not being implemented on OS X. + Make libmicrohttpd play nicely with upcoming libgcrypt 1.6.0. + Improved configure checks for cURL. + Signal connection termination as OK (and not as ERROR) if the stream was terminated by the callback returning MHD_CONTENT_READER_END_OF_STREAM. Also, release response mutex before calling the termination callback, to avoid possible deadlock if the client destroys the response in the termination callback (due to non-recursiveness of the lock). + Adding #define MHD_HTTP_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN. + Also pass MHD connection handle in URI log callback. + Improved check for proper OpenSSL version for libmicrospdy. + Set IPV6_V6ONLY socket option correctly when IPv6 is enabled (MHD_USE_IPv6) but not dual stack (MHD_USE_DUAL_STACK) ------------------------------------------------------------------- Thu Oct 3 12:59:19 UTC 2013 - mvyskocil@suse.com - Update to 0.9.30 + implements the "SHOULD" clause of RFC 2616 section 8.1.4, which may reduce bandwidth consumption when clients cancel requests. + fixes build errors with various combinations of operating systems, libc versions, and configure flags. + fixes a use-after-free crash when using epoll() in combination with read errors 0.9.29: + epoll can now also be used with SSL connections + following recent HTTP/1.1 clarfications, MHD no longer send a "Content-length" header in CONNECT responses. + the "MHD_add_connection" call now consistently sets an "errno" value to indicate the cause of errors. Connections added this way are now always processed immediately. + fixes a recently-introduced bug which prevented HTTP pipelining from working properly in some cases and a build error in conjunction with the "--disable-messages" configure option. - Enable build of (experimental) SPDY support. ------------------------------------------------------------------- Wed Jul 24 10:18:44 UTC 2013 - mvyskocil@suse.com - Update to 0.9.28 + support for epoll-based event loops (Linux-only) + various new options: - MHD_USE_DUAL_STACK for binding to IPv4 and IPv6 at the same time - MHD_USE_PIPE_FOR_SHUTDOWN to cleanly support MHD_quiesce_daemon on non-Linux systems - MHD_CONNECTION_INFO_CONNECTION_FD to allow COMET applications to disable TCP Nagle - MHD_OPTION_CONNECTION_MEMORY_INCREMENT for better control over buffer size allocations + and fixes various minor bugs ------------------------------------------------------------------- Thu Jun 6 08:15:30 UTC 2013 - mvyskocil@suse.com - drop test_tls_options if build is in OBS libmicrohttpd-drop-test_tls_options.patch ------------------------------------------------------------------- Wed Jun 5 16:42:38 UTC 2013 - jengelh@inai.de - More robust make install call - Remove redundant %clean section - Requires(pre) is useless without a %pre script ------------------------------------------------------------------- Thu May 16 07:42:59 UTC 2013 - mvyskocil@suse.com - Update to 0.9.27 + performance improvements for POST processing + new API call to reduce the number of select calls (if in "external" select mode) + new function to allow applications to stop MHD from processing new incoming connections while finishing ongoing requests + fixes an initialization problem on some platforms + fixes bug in the postprocessor's URL parser. + SSL connections are no longer dropped if the system uptime is less than the connection timeout + allows creating responses with zero bytes using MHD_create_response_from_callback. + few "const" statements have been added to allow keeping more static strings in ROM. + post processor now tolerates uploads which don't contain "\r\n" and also returns keys which don't have a matching value + fixes the loss of a parameter in processing POST data from IE8 and Chrome. It automatically sets a "Connection: close" header if the client requests the connection to be closed. Finally, given both 'chunked' encoding and 'content-length', MHD now ignores the 'content-length' header as per the RFC + adds support for building libmicrohttpd for Android + fixes an issue with data in TLS buffers sometimes not being completely drained if there was no activity on the socket. - reenabled tests and moved to %check - add source verification using gpg ------------------------------------------------------------------- Wed Oct 3 11:33:35 CEST 2012 - fcrozat@suse.com - Add copyright header to specfile. ------------------------------------------------------------------- Fri Sep 28 09:57:40 UTC 2012 - fcrozat@suse.com - Update to 0.9.22: + Allow to configure basic and digest authentication separately + Fix URI argument parsing when string contained keys without equals sign in middle of the argument. + Reduce default size in poft processor buffer. - Remove --enable-client-side from configure call, it doesn't exist anymore. - Update License tag to new SPDX format. ------------------------------------------------------------------- Fri Aug 10 21:48:48 UTC 2012 - bitshuffler@opensuse.org - Updated to 0.9.21 ------------------------------------------------------------------- Sun Feb 5 13:02:18 UTC 2012 - bitshuffler@opensuse.org - Updated to 0.9.19 ------------------------------------------------------------------- Sun Nov 27 13:23:42 UTC 2011 - bitshuffler@opensuse.org - Updated to 0.9.17 ------------------------------------------------------------------- Sat Nov 12 20:37:00 UTC 2011 - bitshuffler@opensuse.org - Updated to 0.9.16 ------------------------------------------------------------------- Sun Oct 16 11:37:43 UTC 2011 - bitshuffler@opensuse.org - Updated to 0.9.15 ------------------------------------------------------------------- Sat May 21 12:31:02 UTC 2011 - bitshuffler@opensuse.org - Updated to 0.9.11 ------------------------------------------------------------------- Fri Apr 29 18:06:18 UTC 2011 - bitshuffler@opensuse.org - Updated to 0.9.10 ------------------------------------------------------------------- Wed Mar 30 16:50:42 UTC 2011 - bitshuffler@opensuse.org - Updated to 0.9.9 ------------------------------------------------------------------- Sat Mar 5 21:38:11 UTC 2011 - bitshuffler@opensuse.org - Updated to 0.9.8 ------------------------------------------------------------------- Tue Feb 15 16:54:35 UTC 2011 - bitshuffler@opensuse.org - Updated to 0.9.7 ------------------------------------------------------------------- Thu Jan 27 02:33:32 UTC 2011 - bitshuffler@opensuse.org - Updated to 0.9.6 ------------------------------------------------------------------- Sat Jan 15 15:02:29 UTC 2011 - bitshuffler@opensuse.org - Updated to 0.9.5 ------------------------------------------------------------------- Wed Dec 29 15:15:48 UTC 2010 - bitshuffler@opensuse.org - Updated to 0.9.4 ------------------------------------------------------------------- Wed Nov 24 16:02:15 UTC 2010 - bitshuffler@opensuse.org - Updated to 0.9.3 ------------------------------------------------------------------- Thu Oct 21 13:21:06 UTC 2010 - bitshuffler@opensuse.org - Updated to 0.9.2 ------------------------------------------------------------------- Mon Sep 20 17:17:03 UTC 2010 - bitshuffler@opensuse.org - Updated to 0.9.1 ------------------------------------------------------------------- Tue Jul 27 07:26:27 UTC 2010 - bitshuffler@opensuse.org - Updated to 0.9.0 ------------------------------------------------------------------- Mon Mar 15 08:35:12 UTC 2010 - pascal.bleser@opensuse.org - update to 0.4.6: * fixes use of poll causing busy waiting * fixes a segfault if inconsistent options were used * fixes SSL support on big-endian architectures * fixes an issue with error signalling for PUT/POST requests in HTTP 1.1 ------------------------------------------------------------------- Tue Feb 2 13:10:52 UTC 2010 - bitshuffler@opensuse.org - Updated to 0.4.5. ------------------------------------------------------------------- Sun Jan 17 19:52:07 UTC 2010 - bitshuffler@opensuse.org - Initial RPM.