-
Notifications
You must be signed in to change notification settings - Fork 31
/
ChangeLog
3993 lines (3284 loc) · 153 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
Fri 23 Feb 2024 21:00:00 UZT
Releasing GNU libmicrohttpd 1.0.1 -EG
February 2024
Fixed builds without messages. -JP & CG
Fixed builds with external MD5 calculation.
Fixed SHA-512/256 code for hypothetical extra large sizes.
Fixed response handling during daemon shutdown.
Fixed code logic for builds without messages.
Reduced the binary size for builds without messages by removing
the strings with filenames used for panic reports.
Fixed tests and examples for builds without messages and for builds
without basic auth.
Fixed some compiler warnings. -EG
Thu 01 Feb 2024 15:00:00 CET
Releasing GNU libmicrohttpd 1.0.0 -EG
January 2024
add missing lock, do not call 'close(-1)' on very rare error path.
use correct HTTP header (content type, not content encoding) for mime type
in examples.
fix memory leak on error path. -CG
MHD_OPTION_CONNECTION_MEMORY_{LIMIT,INCREMENT}: added ignore of zero value.
test_upgrade{,_large}{,_tls}: unified code, removed workarounds, added new
test.
digest_auth_example_adv: added new advanced example for the new Digest
Auth API use.
Fixed compiler warnings in configure, lib, examples, tests.
test_digestauth2: supported old libcurl versions.
Fixed tests with GnuTLS in non-default path.
configure: sorted messages in final config summary.
Fixed non-debug build without HTTPS.
configure: removed old workaround for Solaris.
test_upgrade: adapted for macOS. -EG
December 2023
"Upgraded" TLS connections: fixed data pumping in various edge conditions.
'bootstrap': fixes and simplifications.
Digest Auth: added default timeout and max nc values, added daemon options
for default nonce timeout and max nc values, added testing, implemented
setting DAuth defaults by configure parameters. -EG
November 2023
Updated HTTP methods, headers and reason phrases.
Renamed one new basic auth function, improved doxy.
digest auth: updated header, slightly modified multi-value processing. -EG
websocket_threaded_example: fix websocket url string. -Evgeniy Gavrilenko
configure: warn if building without threads. -EG
configure: added detection of FD_SETSIZE value and ability to override it.
internal.h: added macros for polling mode detection.
Added use of configure-detected system default FD_SETSIZE value.
internal.h: added macros for internal threads modes detection.
Added MHD_OPTION_APP_FD_SETSIZE and MHD_FEATURE_FLEXIBLE_FD_SETSIZE.
daemon.c: moved processing and checking of app-provided listen socket.
MHD_start_daemon(): mark listen as UNIX based on available information.
MHD_start_daemon(): added stricter checks for bind() and listen() return
values.
MHD_start_daemon(): added check for epoll FD to fit fd_set for external
polling mode.
Implemented and documented MHD_OPTION_LISTEN_SOCKET followed by
MHD_INVALID_SOCKET.
Fixed ignored daemon port when MHD_OPTION_LISTEN_SOCKET or
MHD_OPTION_SOCK_ADDR are used as documented.
MHD_start_daemon(): further improved UNIX / IP socket detection.
Implemented new option MHD_OPTION_SOCK_ADDR_LEN.
MHD_start_daemon(): added check for app-provided socket to fit fd_set.
MHD_start_daemon(): fixed leaked listen socket when daemon start failed.
MHD_add_connection(): added more checks for correct members of sockaddr.
Timeout handling added detection of more conditions to process the data
without waiting.
MHD_quiesce_daemon(): fixed return value if already quiesced.
MHD_start_daemon(): reject INTERNAL_POLLING_THREAD if threads are disabled.
test_daemon: fixed to not skip the test if failed.
test_digestauth2: fixed order of the initial checks.
Improved daemon shutdown handling in external polling mode.
Unified and simplified fd_set filling.
Added new daemon flag MHD_USE_NO_THREAD_SAFETY and testing.
Officially support zero for MHD_OPTION_THREAD_POOL_SIZE.
test_upgrade: used sized send and receive, removed VLA, other improvements.
test_upgrade: implemented proper timeout detection and handling. -EG
September 2023
fix #7928: correct tutorial direntry.
proper fix for #7757. -CG
W32 VS projects: added perf_replies.
W32 VS projects: added .editorconfig.
perf_replies improvements for W32.
mhd_threads: muted compiler warning on W32.
mhd_threads: fixed check for error when starting a new thread on W32.
Renamed 'pid' -> 'tid' when used for threads.
mhd_str: fixed possible compiler and run-time sanitizers warnings.
Muted and fixed some compiler warnings.
W32 VS project: corrected compiler settings.
W32 VS: really muted run-time false warnings about data truncation.
examples/sessions.c: fixes.
Fixed missing <errno.h> includes.
Refactored threads support to handle platforms without "invalid" ID value.
Fixed MHD_CONNECTION_INFO_DAEMON: return master daemon. -EG
check rvalues from pthread_mutex_, MHD_add_response_header,
MHD_post_process in examples.
Theoretical use-after-free in test on error path. -CG
Do no use internal magic number if it is used by the remote client.
Refactoring: store "request target" original length.
Detect error earlier if request HTTP version is bad.
Added calculation of request headers total size.
Rewritten handling of exhaustion of memory pool when receiving.
tests: fixed compiler warnings, copy-paste error, added error reporting.
test_long_header: re-use the same port for all checks.
Control acceptance of LF as CRLF in chunked encoding in the same way as
in headers parsing.
Improved compatibility with old compilers.
Fixed more compiler warnings. -EG
Sun Sep 3 12:23:18 AM CEST 2023
Prevent queueing of responses if connection is not currently in the
access handler callback (which was always not allowed per API spec,
but is now met with an appropriate error response). Fixes #7757. -CG
August 2023
Improved CPU cores detection in perf_replies. -EG
July 2023
Added new tool perf_replies with automatic detection of number of available
CPU on system and for the program. -EG
June 2023
Bump version numbers as v0.9.77 was released on parallel branch.
Added test for MHD_get_version{,_bin} function and related macros.
base64 decoding: added more compact code version.
Refactoring: check whether memory pool block is resizeable.
Re-implemented parsing of the request line from scratch with strict
conformance with RFC 9110 and 9112 requirements.
Re-implemented parsing of the request headers and footers from scratch with
strict conformance with RFC 9110 and 9112 requirements.
Fuzzing tests: almost completely re-implemented. The new version is unified
and much easier to maintain.
Added new tests for folded headers.
Corrected HTTP error responses for clients.
connection: fixed pipelined requests processing.
Added checks for correct values specified for connection memory limits.
process new connection: fixed missing mutex unlock in error handling path.
W32 VS Projects: fixed code parsing by GUI.
Focused all read-buffer grows in a single point, related improvements. -EG
May 2023
Improved portability of boostrap (and autogen.sh)
Muted more compiler warnings in configure.
Tests: updated to support new libcurl APIs and fixed deprecation
warnings with new versions (the old versions are supported still).
Tests: minor and cosmetic fixes and improvements.
Tests: compiler warnings fixes.
configure: bump gettext version.
Tests: fixed build with C89 compilers.
Tests: fixed tests on Darwin 22.x (Ventura).
Tests: redesigned one tests group to avoid stress-testing of the OS.
configure: improved portability for exotic platforms.
examples: removed non-portable functions, added some checking,
fixed compiler warnings, fixed erroneously commented out code.
configure: fixed detection of __FUNCTION__ magic macro.
Unified function name magic macros usage in code.
W32 VS projects: supported ARM and ARM64.
Fixed compiler warning on x32.
Some minor fixes for W32 VS compilation. -EG
April 2023
Implemented and used new function MHD_pool_deallocate().
Updated libtool fixes.
Removed some autotools files from git.
Added autoconf patches and fixes.
{md5,sha256}_ext.c: fixed processing of initialisation error with NULL
handler. -EG
March 2023
Upgraded TLS: fixed inefficient communication.
Upgraded TLS: use more available memory for pumping the data. -EG
Web 29 Mar 2023 20:56:00 CEST
Bumped version as the hotfix was released based on the separate branch. -EG
March 2023
configure: reordered checks for compiler flags.
configure: fixed checks for tsearch() and related changes.
Makefile: fixed build with 'make' without nested vars support.
configure: fixed compiler warnings.
libcurl.m4: patched to fix compiler warning.
configure: internal fixes, compiler warning fixes, cosmetics, better
POSIX compatibility, fixed compatibility with old autoconf.
Upgraded TLS: warn if emergency buffer is used. -EG
Sun Feb 26 05:49:30 PM CET 2023
Fix potential DoS vector in MHD_PostProcessor discovered
by Gynvael Coldwind and Dejan Alvadzijevic (CVE-2023-27371). -CG
February 2023
epoll: immediately notice when other side closes the socket, instead of
waiting for timeout. -CG
December 2022
Refactored cookies parsing.
Always close connection after reply if both Content-Length and chucked are
used. This is specified by RFC.
Added new daemon option MHD_OPTION_CLIENT_DISCIPLINE_LV with more detailed
control of accepted/rejected non-standard requests.
Added new M4 helper macro.
configure: used better detection of some functions when cross-compiling.
configure: try to detect whether eventfd is enabled.
Compiler warning fixes.
Improved reported strings in tests. -EG
November 2022
connection: refuse requests with unsupported Transfer-Encoding.
connection: reject or log requests with both chunked encoding and
Content-Length.
tests: fixed checking response headers as null-terminated string.
Some tests fixes.
configure: check fixes.
Refactored user-poison: minimized scope of non-sanitized code.
digestauth: avoided malloc() repeating by using the new function.
MHD_get_version_bin(): added new function.
test_parse_cookies: rewritten. -EG
October 2022
Reworked HTTPS tests. Removed hardcoded TLS version and ciphers, updated
self-signed certificate.
Fixed delayed call of connection notification callback in
thread-per-connection mode.
Fixed delayed new connection notification in thread-per-connection mode.
Minor internal code improvements.
Added handling of "DEBUG" preprocessor macro as an alias of "_DEBUG".
TLS initialisation: re-implemented. New implementation trying to use
"libmicrohttpd" system-wide GnuTLS configuration by default with fallbacks
to generic system-wide GnuTLS configuration and default GnuTLS
configuration.
New daemon option to use addition to default configuration instead of
specifying full configuration string.
Added relevant tests for GnuTLS initialization.
Added reporting of failed part of GnuTLS configuration string.
Added MHD_FEATURE_DEBUG_BUILD value.
Implemented internal protection from some wild data hypothetically reported
by accept4().
Internal refactoring.
Prevented sending "100 continue" if request has no body or if any part of
request data has been received.
Reworked handling of situation when app just partially processed the data:
if any data was processed then zero timeout if used for polling sockets,
if no data was processed then callback in not called until the new data
arrived.
Fixed handling of various errors conditions detected in requests.
Added test with Content-Length broken value in request.
test_head: added check for excess data in reply
Improved epoll connection handling.
Fuzzing tests: fixed CPPFLAGS.
configure: do not pass AM_TESTS_ENVIRONMENT directly.
configure: added summary message about heavy and fuzzing tests
test-suite: marked some tests as "very heavy" tests
configure: improved check for asserts. -EG
September 2022
Added testing of userdigest and userhash calculations.
Implemented SHA-512/256 from scratch.
Digest Auth: implemented SHA-512/256 support, added
MHD_FEATURE_DIGEST_AUTH_SHA512_256 and relevant tests.
Made all algorithms (MD5, SHA-256, SHA-512/256) optional with ability
to remove by configure parameter.
Digest Auth: internal refactoring and improvements.
configure: minor improvements.
Fixed initialisation of very old GnuTLS versions.
Replace public domain MD5 implementation with the new implementation
written from scratch.
MD5, SHA-256, SHA-512/256: various code improvements, special versions for
compact code.
Digest Auth: changed internal algorithm for re-use of nonce-nc slot.
Digest Auth: used weak pseudo-random generators to avoid slot clashes.
Implemented optional ability to use GnuTLS functions for MD5 and SHA-256
calculations.
Fixed harmless unwanted extra data processing resulting in triggering of
the assert.
Added testing of HEAD requests.
Minor internal changes.
Fixed compiler warnings for compact code version.
Muted compiler warnings with clang.
Configure: more workarounds for clang on W32 with incorrect headers.
Removed long-unused "gauger" from tests.
Fixed compiler warnings in test.
test_add_conn: added reasonable limits. -EG
August 2022
Added testing of userhash parameter parsing.
Added testing of the auth type headers in one request.
Warn in log if random data has not been initialised.
Digest Auth: improved response header in RFC2069 mode.
Added more string processing internal functions.
Digest Auth: added new option MHD_OPTION_DIGEST_AUTH_NONCE_BIND_TYPE to
control nonces generation.
Increased testing for Digest Auth.
Digest Auth: do not use reproducible nonces generation by default.
Minor correction for auth headers processing.
Digest Auth: internal refactoring.
Digest Auth: added algorithm value to username info (required for userhash
values).
Digest Auth: added new public functions for userhash and userdigest
calculations. -EG
July 2022
Digest Auth: internal optimisations and refactoring, digest_auth_check
almost completely rewritten.
Digest Auth: removed use of VLA.
Digest Auth: added support for username in extended notation and test
for extended notation.
Digest Auth: implemented userhash support and tests for extended notation.
MHD_add_response_entry(): refactoring
Digest Auth: implemented DAuth response function
MHD_queue_auth_required_response3() from scratch. Removed old
implementations, old functions converted to wrappers for the new function.
Digest Auth: added new group of tests.
Digest Auth: added related MHD_FEATURES_* values.
Digest Auth: added detection of the algorithm used by the client and
use specified algorithm if allowed by application.
Configure: cosmetics and reports improvements, control static and shared
enablement by --enable-build-type=.
Added new daemon option MHD_OPTION_DIGEST_AUTH_RANDOM_COPY and tests.
Digest Auth: implemented support for old RFC 2069 (if allowed by app) and
tests for RFC 2069.
Internal refactoring: moved all request-related connection struct members
to dedicated struct. The same for reply-related struct members.
Implemented support for both Basic and Digest headers in the same
request. -EG
June 2022
Fixed compiler warnings in main code and examples.
Added error checking in examples.
Added test for parsing auth headers.
Improved parsing of auth headers.
Added more internal functions for quoted string processing.
Added test for quoting string processing.
Digest Auth: internal optimisations.
Basic Auth: fixed handling of realms with slashes and/or double quotes.
Digest Auth: fixed use of possible maximum client nonce length as maximum
server nonce length. Reduced size of internal arrays.
Basic Auth: new function MHD_queue_basic_auth_fail_response3() with support
for RFC 7617.
Basic Auth: added new function MHD_basic_auth_get_username_password3() with
more details about username and password. Technically allow binary zero in
username and in password.
Fixed data races when closing upgraded connection.
Replaced public domain Base64 decoder with the new implementation written
from scratch. The new implementation has very precise checks for the input
data.
Added new test for Base64 decoding.
Updated examples to use new Basic Auth functions.
Fixed and improved postprocessor tests.
Ported test to non-VLA compilers.
Added configure parameter --enable-compact-code.
Removed duplication of "Connection: upgrade" header. Patch by Alexander
Irion.
Configure: removed some unneeded compiler flags.
Digest Auth: improved RFC match (qop value caseless match), check
parameters length validity before checking the values validity, correctly
compare URLs with binary zeros, check URL arguments only in the same order
as specified in DAuth header.
Added internal functions for percent-decoding and tests for
percent-decoding.
Added internal function for hex to bin decoding, tests for hex<->bin
decoding.
Digest Auth: added new function MHD_digest_auth_get_request_info3() and
MHD_digest_auth_get_username3() with detailed information about DAuth
request. -EG
Fixed memory leaks in tests.
Fixed wrong array size for Digest Auth. -CG
May 2022
Improved public doxy.
Digest Auth: fixed missing mark on 'nc' value as 'used'.
Digest Auth: added internal checks for unrealistically high values.
Digest Auth: added check for correct values from application.
Digest Auth: nonce timestamps changed to milliseconds to lower conflict
probability.
Digest Auth: implemented management nonce-nc map array slots so old
entries are removed safely while trying to avoid to remove the new entries.
configure: added 'debugger' build type.
Added more tests for cookies parsing.
Digest Auth: use nonce-nc map arrays with locks in master daemon only
so works can re-use the nonces and nc information.
MHD_set_connection_option(): reduced scope for the lock.
Fixed leak of mutexes when daemon creation failed and when closing daemon
with thread pool.
Digest Auth: fixed stale nonce result value ambiguity.
Digest Auth: added special check for fabricated nonces.
Added new functions MHD_digest_auth_check3() and
MHD_digest_auth_check_digest3() with detailed result of the checks.
Added return NULL MHD_CONNECTION_INFO_CLIENT_ADDRESS when information is
not available.
Improved internal handling of non-IP connections (UNIX sockets or pipes)
when processing the client address.
Fixed compiler warnings.
Increased testing of cookies parsing.
Completely re-written cookies parsing. The new code follow RFC 6265.
Made cookies parsing functionality optional, can be disabled by configure.
Configure: added more warning flags.
Configure: internal improvements.
Globally changed '#if HAVE_SOMETHING' to '#ifdef HAVE_SOMETHING'.
Enabled more compiler warnings in W32 projects.
Fixed MHD functionality with blocking sockets. Patch by Kolja Nowak.
Moved some macros and declaration to new specialised headers: basicauth.h
and digestauth.h.
Added new function to process quoted strings.
Digest Auth: reworking support for multiple digest algorithms.
Response processing: better handle unrealistic but broken situation.
Basic and Digest Auth: completely reworked headers parsing, unified code.
Added new autoconf macros.
Configure: added more workarounds for clang.
Fixed possible use of uninitialised variable.
Added new test for Basic Auth.
Some code readability improvements. -EG
April 2022
Added autoconf macro for checking compiler parameter/flag.
Improved -fvisibility compiler flag support detection in configure.
Fixed compiler warnings.
Moved fixed libtool-specific flags to Makefile from configure.
Configure: added reporting of final compiler/linker flags.
Fixed ignored user linker flags when building library binary.
Improved makefiles dependency specification.
Implemented --enable-build-type=TYPE configure parameters for ready-to-use
configuration sets (defaults).
Separated internal types for request headers and response headers.
Fixed many unneeded drops of 'const' qualifier, converted some pointers
to 'const'.
Added use of _MHD_EXTERN with all external function definitions.
Refactored response creation functions.
Added new function MHD_create_response_from_buffer_static() to avoid
unwanted dropping of 'const' when application is using static strings.
Added new API function MHD_create_response_from_buffer_copy().
Public doxy improvements.
Improved handling of TLS backends for libcurl when testing HTTPS.
Updated TLS certificates for tests and examples. New certificates
were generated with SAN fields to match actual requirements.
Fixed old style function definitions in examples.
Tuned compiler warning flags.
Fixed many preprocessor macros (removed space before bracket).
Fixed printf() format specifications in examples.
Removed non-literal strings for printf in examples.
Improved portability of examples.
Fixed unaligned access via sockaddr_in pointers.
Fixed unaligned access in MHD_get_connection_info() and
MHD_get_daemon_info().
Compiler warning fixes.
Changed: any negative number returned by response data generation
callback function is treated as an error.
Fixed setting custom connection timeout value for thread-per-connection
mode.
Fixed short (lees then one second) busy-waiting when connection is about
to expire by switching to milliseconds accuracy instead of seconds.
Added new functions MHD_get_timeout64(), MHD_get_timeout64s(),
MHD_get_timeout_i().
Added some checks for possible value trim due to width conversion.
Digest Auth: continuation of refactoring, optimisations.
Digest Auth: do not use nonces provided by the client if they were not
generated previously by MHD. -EG
March 2022
Added internal check for suitability of used response.
Improved doxy.
Improved handling of application-provide "Content-Length" header.
Internally separated "Icy" flag from the response code.
Fixed Address Sanitizer unpoison of memory when memory pool is destroyed.
Improved log messages.
Added more checks for "Upgrade" handling.
Better internally separated response type handling:
headers only without
body-specific headers, body-specific headers without body
(Content-Length/Transfer-Encoding),
all headers with body.
Blocked MHD_SIZE_UNKNOWN value for buffer-based responses.
Significantly improved doxy for MHD_queue_response().
Added new function MHD_create_response_empty()
Fixed compiler flags for UBsan in configure.
Added new option for "--enable-sanitizers=" parameter.
Improved autoconf macros. -EG
January 2022
Tuned automake options.
Fixed compiler warning in examples.
Fixed use of initialised variable in tests.
Removed unused autotools files.
.gitignore: cleanup and update.
Autotools: always let user override build flags.
Moved 'po' files to separate directory.
Fixed missing include file in docs.
Fixed 'make distcheck'.
Fixed use on GNU/kFreeBSD.
Fixed HTTP/1.1 or 1.0 selection in tests.
Other tests improvements and fixes.
Digest Auth: changed "md5" / "sha-256" to "MD5" / "SHA-256" to better
match RFC (while clients should use caseless matching).
Initial digest auth refactoring, reject invalid input.
Global rename of callback parameter 'con_cls' -> 'req_cls'.
Digest auth tests improvements and fixes.
Added test for parallel digest auth requests.
Minor autoconf macros fixes. -EG
December 2021
configure: fixed unwanted output on Fedora.
configure: clarified licence message.
Doxy corrections and improvments. -EG
Sun 26 Dec 2021 20:30:00 MSK
Releasing GNU libmicrohttpd 0.9.75 -EG
December 2021
Fixed Makefile warning on MinGW.
Fixed compiler warning on MinGW.
Fixed "configure" portability (for NetBSD).
MSVC project cosmetics.
MSVC fixed project to fix linker warning.
Fixed compiler warning on some platforms.
Further improved test_client_put_stop to get stable results on all
platforms.
Added workaround for platforms (like OpenBSD) where system monotonic clocks
may jump forward and back.
Added more checks in test_large_put, increased timeout (was too small for
this test). -EG
Sun 19 Dec 2021 18:30:00 MSK
Releasing GNU libmicrohttpd 0.9.74 -EG
December 2021
Fixed doxy for MHD_suspend_connection().
Some code improvements for new test test_client_put_stop.
Added special log message if thread creation failed due to system limits.
Fully restructured new_connection_process_() to correctly handle errors,
fixed missing decrement of number of daemon connections if any error
encountered, fixed app notification of connection termination when app has
not been notified about connection start, fixed (highly unlikely) reset of
the list of connections if reached daemon's connections limit.
configure: fixed some compiler warnings reported in config.log.
Fixed tests on FreeBSD to support system-limited rate of RST packets and
'blackhole' system setting. -EG
Fixed tests for libmagic to really use libmagic in examples. -CG
Used tricks in code formatting to workaround uncrustify bugs.
configure: improved compatibility with various shells.
configure: added selective enable of sanitizers.
Fixed compatibility with old GnuTLS versions.
Fixed tests compatibility with old libcurl versions.
Fixed busy-waiting in test_timeout (fixed CPU load spikes in the test).
test_https_time_out: check rewritten, previously it is was no-op.
test_upgrade{,_large}: fixed passing of socket value to GnuTLS on W32.
Simplified Makefile for HTTPS tests.
Added detection of old broken GnuTLS builds (on RHEL6 and clones) and
disabled some tests broken with these builds.
Muted compiler warnings with old libcurl versions.
Reworked dlltool support: added support for weakened oversimplified
half-broken llvm-dlltool
Silenced MS lib tool warning and MS lib tool invocation.
Added Makefiles rules for automatic regeneration of all required files if
anything is missing.
Added Makefile silent rules support for W32 RC and W32 static libs.
Added local patches for autotools (mainly for libtool) to build MHD
correctly on modern MinGW64/Clang.
Updated HTTP headers macros from registry. -EG
November 2021
Clarified comments and doxy for MHD_str* and related tests.
MHD_uint32_to_strx(): rewritten for readability and minor optimization,
used indexes instead of pointers.
Documented in doxy how to use MHD_AccessHandlerCallback.
mhd_sockets: added more network error codes.
W32 socket pair: set TCP_NODELAY to avoid unwanted buffering and delays.
Additional doxy fixes in microhttpd.h.
Fixed blocking sockets setting in tests and examples for W32.
Added checks for fcntl() results in tests and examples.
Added series of tests based on simple HTTP client implementation developed
for testing of MHD.
Renamed 'early_response' connection flag to 'discard_request' and reworked
handling of connection's flags.
Clarified request termination reasons doxy, fixed reporting of
MHD_REQUEST_TERMINATED_READ_ERROR (previously this code was not really used
in reporting).
Enforce all libcurl tests exit code to be zero or one.
Rewritten client upload processing: removed redundant checks, fixed
skipping of chunk closure when not data is not received yet, fixed skipping
of the last LF in termination chunk, handle correctly chunk sizes with more
than 16 digits (leading zeros are valid according to HTTP RFC), fixed
handling of CRCR, LFCR, LFLF, and bare CR as single line delimiters, report
error when invalid chunk format is received without waiting to receive
(possibly missing) end of the line, reply to the client with special error
if chunk size is too large to be handled by MHD (>16 EiB).
Added error reply if client used too large request payload (>16 EiB).
Fixed return value for MHD_FEATURE_AUTOSUPPRESS_SIGPIPE on W32, now it
returns MHD_YES as W32 does not need sigpipe suppression.
configure: reordered and improved headers detection. Some headers require
other headers to be included before, now configure supports it.
Added missing ifdef guard for <stdbool.h>.
mhd_sockets: reordered includes for better compatibility.
Some code readability and formatting improvements. -EG
October 2021
Added test family test_toolarge to check correct handling of the buffers
when the size of data is larger than free space.
Fixed missing updated of read and write buffers sizes.
Added detection and use of supported "noreturn" keyword for function
declaration. It should help compiler and static analyser.
Added support for leak sanitizer.
Fixed analyser errors on W32.
Partially reworked memory allocation from the pool, more robust
implementation, always track read and write buffers.
Added custom memory poisoning in memory pool with address sanitizer.
Added missing update of the read buffer size.
Addition for doxy for new behaviour of MHD_del_response_header().
Added two tests with non-standard symbols in requests.
Removed double close of connection with error in headers processing.
Respond to the client with error if chunked request has broken chunked
encoding as required by HTTP RFC instead of just closing the connection.
Fixed request headers processing. Do not recognize bare CR as end of line.
Fixed processing of CRCR, bare CR, LFCR, and LFLF as end of the line for
request chunked encoding. Now only CRLF or bare LF are recognized as end
of line.
Added Lawrence Sebald to the AUTHORS file (iovec-based responses).
Check for PAGESIZE and PAGE_SIZE macros and check whether they can be used
for static variable initialization.
Include "MHD_config.h" before all other includes to set macros required to
be set before standard includes.
Chunked response: abort with error if application returns more data than
requested.
Monotonic clock: use only native clock on W32 as all other clocks are just
wrappers.
W32: fixed builds with MSVC, added projects for VS2022, added MSVC
universal project that use latest available toolset, use C17 if supported.
Chunked response: fixed calculation of number of bytes left to send.
microhttpd.h: doxy clarifications for sockets polling.
Updated HTTP statuses, methods, and headers names from the registries.
Further improved doxy for MHD_add_response_header().
A few comments improvements and clarifications.
Added internal connection's flag indicating discard of the request. -EG
Websockets update by David Gausmann. -DG
Fixed reported value for MHD_CONNECTION_INFO_CONNECTION_TIMEOUT.
Minor code readability improvements in MHD_set_connection_option().
Improved doxy for MHD_get_timeout().
Memorypool: minor code improvements. -EG
September 2021
Improved system includes headers detection and usage. Removed unused
headers detection.
Added indirect calculation of maximum values at compile time by
using types size detection. These values are used only to mute
compiler warnings.
Fixed pre-compiler errors if various *_MAX macros defined with
non-digits symbols not readable for pre-compiler.
Limit number of used CPU cores in tests to 6, unless heavy tests are
enabled.
Disabled parallel tests with libcurl if heavy tests are enabled.
configure: removed '--enable-sanitizer' and added '--enable-sanitizers'
parameters. Added testing for supported sanitizers and enabling only
supported sanitizers.
Added support for run-time sanitizers settings for tests when
sanitizers are enabled.
Added support for undefined behavior sanitizer without run-time library.
Fixed various undefined behavior sanitizer detected errors, improved
portability.
Fixed how bitwise NOT is used with enum, fixed portability.
microhttpd.h: changed macros MHD_CONTENT_READER_* to use ssize_t.
test_postprocessor: added more check, improved error reporting, added
new test data.
postprocessor: fixed undefined behavior (memcpy(), memmove() with zero
size and NULL pointer).
Updated copyright year in W32 DLLs.
postprocessor: fixed empty key processing.
test_postprocessor: added tests with hex-encoded values.
postprocessor: fixed incomplete processing of the last part of hex-encoded
value if data was broken into certain sized pieces.
Used type specifiers for printf() from inttypes.h to improved compatibility
with various run-time libs. Fallback to standard values if type specifiers
are not defined.
Added detection of used run-time library (MSVCRT/UCRT) on W32.
testcurl: fixed incorrect case-insensitive match for method name. Method
name must be checked by using case-sensitive match.
microhttpd.h: clarified some doxy descriptions.
Prevented potential double sending of error responses.
Fixed application notification with MHD_REQUEST_TERMINATED_COMPLETED_OK
when error response has been sent (MHD_REQUEST_TERMINATED_WITH_ERROR is
used).
Avoid trying to send error response if response is already being sent.
Improved log error message when error response is processing. -EG
August 2021
Silently drop "keep-alive" token from response "connection" header,
"keep-alive" cannot be enforced and always enabled if possible.
Further improved doxy for MHD_add_response_header().
Added detection of the "Date:" header in the response headers set by
app at response forming time.
Disallow space in response header name, allow tab in response header
value.
Added internal MHD_uint8_to_str_pad() function.
Used internal MHD_uint8_to_str_pad() in datestamp generation function.
Added detection and reporting of incorrect "Upgrade" responses. -EG
Fixed short busy waiting (up to one second) when connection is going
to be closed. -AI
Minor improvement for test_callback, test_get_chunked
Fixed chunked responses with known size.
Added two more tests for chunked response.
Fixed chunked responses with predefined data (without data callback).
Fixed calculation of the buffer size for the next response chunk.
Completely rewritten reply header build function. The old version
had several levels of hacks, was unmaintainable, did not follow
HTTP specification in details; fixed used caseless header matching
where case-sensitive matching must be used; removed two passes of
header building. New version use clear logic and can be extended
when needed.
Changed behaviour: "Connection: keep-alive" is not being sent
for HTTP/1.1 connection (as per HTTP RFC).
test_get_chunked: fixed error reporting.
HTTPS tests: fixed memory leaks if function failed.
libcurl tests: improved handling of curl multi_*.
Added two tests for correct choice of "Keep-Alive" or "Close".
Simplified Makefile for testcurl.
Fixed select() error handling in tests.
microhttpd.h: minor macro formatting
Changed behaviour: if response size is unknown and chunked encoding is
allowed, chunked encoding is used even for non-keep-alive connection as
required by HTTP RFC.
Added two more tests for chunked replies.
Simplified keepalive_possible(); added new value for MHD_ConnKeepAlive,
added third state "Upgrade".
Changed behaviour: used HTTP/1.1 replies for HTTP/1.0 requests as
required by HTTP RFC. HTTP/1.0 reply still can be enforced by response
flag.
Added more doxy for MHD_ResponseFlags, added new names with the same
values as old names: MHD_RF_HTTP_1_0_COMPATIBLE_STRICT and
MHD_RF_HTTP_1_0_SERVER.
Added new value MHD_RF_SEND_KEEP_ALIVE_HEADER to enforce sending of
"Connection: keep-alive" even for HTTP/1.1 clients when keep-alive is
used.
test_get_close_keep_alive: added more combinations of parameters to
check.
Added separate flag for chunked response in connection instead of
reusing the same flag as for chunked request.
Added new connection's flag "stop_with_error".
Fixed empty first line processing: the request could be not processed
unless something else kicks next processing the same connection again.
Added new connection states: MHD_CONNECTION_REQ_LINE_RECEIVING,
MHD_CONNECTION_FULL_REQ_RECEIVED, MHD_CONNECTION_START_REPLY to
simplify states logic.
Changed write buffer allocation logic: as connection buffer size is
known and fixed, use initially use full buffer for writing and reduce
size of part used for writing if another allocation from the same
buffer needs to be done. Implemented helper function to automatically
reduce the size of read or write part to allocate buffer for other
needs.
Added define of NDEBUG if neither _DEBUG nor NDEBUG are defined.
As accepted sockets inherit non-blocking flag from listening socket
on all platform except Linux, track this state to use less number
of syscalls.
Fixed compiler and static analyser warnings.
Moved HTTPS tests helper file to the HTTPS tests directory.
Minor Makefiles cleanup.
Added support for new monotonic clock ids.
Added new internal monotonic clock function with milliseconds accuracy.
Fixed support of custom connection timeout in thread-per-connection mode.
Added more error checking to test_timeout.
microhttpd.h: removed duplicated macro.
Refined timeouts handling. Switched from seconds resolution to milliseconds
resolution, added automatic detection and support of low-resolution system
clock to avoid busy-waiting at connection expiration. Added log message
for too large timeout period (> 146 million years) with trim to supported
values. -EG
Wed 04 Aug 2021 06:56:52 PM CEST
Introduce new MHD_CONNECTION_INFO_HTTP_STATUS. -CG
July 2021
Added automatic response flags with detection when response
is being formed.
Added special processing for response "Connection" headers, combined
multiple "Connection" headers into single header.
Restructured MSVC project files.
Changed MSVC project defaults to Vista+ (WinXP is still supported).
Fixed copy-paste error in mhd_aligh.h, added support for MSVC.
Added internal function for printing hex and decimals numbers.
Reply chunked body handling fixes, used new internal functions
instead of snprintf().
Added automatic response flag when app sets chunked encoding header.
New internal function for chunked reply footer forming. Unification with
reply header forming function just over-complicated things and made
function hardly maintainable.
Added new function MHD_get_reason_phrase_len_for(), related tests and
updated scripts for response phrases.
Added more tests for chunked replies.
Added function to reset connection state after finishing processing of
request-reply to prepare for the next request.
Added even more tests for chunked replies.
Added internal function for printing uint64_t decimal numbers. -EG
June 2021
Tests: implemented checking of response footer.
Fixed loss of incoming data if more than half of buffer is
used for the next request data.
Fixed completely broken calculation of request header size.
Chunked response: do not ask app callback for more data then
it is possible to process (more than 16 MBytes).
Check and report if app used wrong response code (>999 or <100)
Refuse to add second "Transfer-Encoding" header.
HTTPS tests: check whether all libcurl function succeeded.
HTTPS tests: implemented new detection of TLS backend.
HTTPS tests: fixed tests with new TLS defaults (SSL forbidden).
Implemented detection of basic HTTP methods, fixed wrong
caseless matching for HTTP method names.
MHD_create_response_*() functions: improved doxy.
MHD_add_response_header: added detailed comment about automatic
headers.
Do not allow responses with 1xx codes for HTTP/1.0 requests.
Fixed used order of headers: now user response headers are used in
the same order as was added by application.
Added new internal function MHD_get_response_element_n_().
Added detection of more compiler built-ins for bits rotations.
Minor optimisation of caseless strings matching.
Added MHD_str_remove_token_caseless_() function and tests.
Added MHD_str_remove_tokens_caseless_() function and tests. -EG
May 2021
Doxy description clarifications for MHD_get_timeout() and related
functions.
Added MHD_create_response_from_buffer_with_free_callback_cls().
Added SHA-1 calculation (required for WebSockets).
Added new internal header mhd_aligh.h for checking alignment of
variables.
Fixed SHA-256 and MD5 calculation with unaligned data.
Added tests for hashes with unaligned data.
Used compiler built-ins for bits rotations.
Added detection of HTTP version at early stage.
Added early response of unsupported HTTP version.
Fixed wrong caseless matches for HTTP version strings.
Added calculation of error responses at compile time (avoided
repeated strlen() for known data). -EG
April 2021
New test for reply chunked encoding. -EG
Mon 26 Apr 2021 02:09:46 PM CEST
Importing experimental Websocket support by David Gausmann. -CG
Sun 25 Apr 2021 14:00:00 MSK
Releasing GNU libmicrohttpd 0.9.73. -EG
Sat 24 Apr 2021 23:00:00 MSK
Fixed build with Clang and Visual Studio.
MSVS project files updated.
Enabled bind port autodetection with MSVS builds. -EG
Fri 23 Apr 2021 14:27:00 MSK
Fixed build without TLS lib.
Fixed build without system poll() function.
Fixed compiler warnings on 32-bit platforms.
Fixed various compiler warnings. -EG
Thu 22 Apr 2021 12:32:00 MSK
Fixed some typos.
Force disable TCP_CORK, TCP_NOPUSH, and TCP_NODELAY before switching
connection to "upgraded" mode.
Improved portability of the test-suite for upgraded connections. -EG
Tue 20 Apr 2021 17:11:00 MSK
Disabled NLS by default in configure. -EG
Mon 19 Apr 2021 18:58:00 MSK
Fixed testzzuf/test_put_chanked to correctly use MHD.
Added internal error code for TLS errors.
Added all missing messages to the .pot file.
Detect more types of errors for receiving data and report
error description in the MHD log.
Added support for ALPN on TLS connections if supported by
used TLS library. -EG
Sun 18 Apr 2021 20:47:00 MSK
Removed dead code.
Limited iov-backed responses size to SSIZE_MAX as limited by
system calls.
Report error message in MHD log for send errors. -EG
Sat 17 Apr 2021 18:50:00 MSK
Unified upgrade test behavior for all platforms.
Some code simplification and unification.
Compiler warning (false positive) fixed. -EG
Fri 16 Apr 2021 17:58:00 MSK
Used run-time value if IOV_MAX if available.
Fixed portability of error handling for sending functions.
Detect pipes/unix sockets on fly and do not use TCP/IP specific
functions with them.
Fixed support of UNIX sockets on non-Linux kernels. -EG
Fri 16 Apr 2021 10:23:39 AM CEST
Detect if a socket is a UNIX domain socket and do not try to play
with TCP corking options in this case (avoids useless failed
syscalls). -CG
Thu 15 Apr 2021 18:56:00 MSK
Fixed configure '--enable-sanitizer' parameter.
Stopped pushing of partial responses when limited by system maximum size
for sendmsg(). -EG
Web 14 Apr 2021 22:20:00 MSK
Fixed: use sendmsg() in POSIX-compatible way, do not try to send more
than IOV_MAX elements per single call. -EG
Sun 11 Apr 2021 15:44:00 MSK
Updated test TLS certificates to not expired modern versions, restored
HTTPS examples compatibility with modern browsers.
TCP_NODELAY is not pre-enabled for HTTPS connection as it actually
does not speed-up TLS handshakes on moders OSes. -EG
Thu 01 Apr 2021 21:29:46 MSK
Fixed MD5 digest authorization broken when compiled without variable
length arrays support (notably with MSVC).
Fixed and muted compiler warning.
Deeper test with zzuf if configured with --enable-heavy-tests.
Removed run-check of assert() in configure to avoid core dumps. -EG
Thu 01 Apr 2021 17:46:00 MSK
Added new function MHD_run_wait() useful for single-threaded applications
without other network activity.
Added tests for the new function. -EG
Wed 17 Mar 2021 20:53:33 MSK
Re-factored startup log parameters processing. Warn user if wrong logger
could be used potentially.
Added headers doxy with information about minimal MHD version when
particular symbols were introduced.
Added new daemon option to indicate SIGPIPE handling by application for
daemons being run in application thread. -EG
Wed 24 Feb 2021 19:23:00 MSK
SIGPIPE-related macro minor refactoring for readability.
Added new response iov function (and related framework), based on the patch
provided by Lawrence Sebald and Damon N. Earp from NASA. -EG
Thu 04 Feb 2021 06:41:34 PM CET
Fix PostProcessor to always properly stop iteration when application callback
tells it to do so. -CG
Sun 24 Jan 2021 21:30:00 MSK
Added '--enable-heavy-tests' configure parameter.
Minor configure.ac and Makefiles fixes. -EG
Tue 19 Jan 2021 17:59:00 MSK
Fixed compatibility with autoconf. 2.70
Updated M4 macros. -EG
Wed 06 Jan 2021 08:39:58 PM CET
Return timeout of zero also for connections awaiting cleanup. -CG
Tue 29 Dec 2020 15:39:00 MSK
Improved speed of TLS handshake by pre-enabling TCP_NODELAY. -EG
Mon 28 Dec 2020 21:36:00 MSK
Releasing libmicrohttpd 0.9.72. -EG
Mon 28 Dec 2020 09:37:00 MSK
Completely reworked and rewritten TCP_CORK, TCP_NOPUSH, TCP_NODELAY and
MSG_MORE handling. Reduced number of sys-calls, fixed portability for
FreeBSD, OpenBSD, NetBSD, Darwin, W32, Solaris.
Removed usage of gnutls_record_cork() as it fully blocks stream until
final block is ready.
Fixed compatibility with C90 compilers.
Really started using sendmsg() for header + body combined single-call
response sending.
Fixed sending of response body by sendmsg() when it shouldn't be sent,
like responses for HEAD requests.
Improved error handling for gnutls_record_send().
Updated W32 resources for .DLLs.
Fixed building with various disabled features (like messages, HTTPS,
http-upgrade, authorization etc.)
Fixed possible SIGPIPE generation when sendfile() is used (it was always
possible on Linux that sendfile() produce SIGPIPE, now it's fixed).
Several compiler warnings muted and/or fixed in the lib code and in
the examples. -EG
Sun 01 Nov 2020 17:17:00 MSK
Fixed conflict with system CPU_COUNT macro.
Minor improvements of error reporting in MHD daemon.
Fixed FTBFS with GnuTLS versions before 3.1.9
Fixed test_add_conn for multi-CPU machines.
Fixed analyzer warnings.
Fixed use-after-free and resources leaks for upgraded connections
in TLS mode with thread-per-connection. -EG
Sun 25 Oct 2020 19:31:00 MSK
Fixed epoll mode without listening socket.
Minor improvements of thread sync.
Fixed broken sendfile on FreeBSD.
Fixed broken MHD with thread-pool and without listening socket.
Added four tests for MHD_add_connection().
Fixed several resources leaks in error handlers.
Re-implemented scheme of handling of externally added connections,
fixed thread-safety. -EG
Wed 21 Oct 2020 10:00:58 AM CEST
Corking should be OFF when sending the footer (#6610). -AP/CG