1Changes between Mathopd 1.4 and Mathopd 1.5 2 3The string "[!]" after a change means: this change introduces 4an incompatibility with previous versions of this software. 5 6The string "[RFC2616]" after a change means: this change was 7made in order to attain HTTP/1.1 compliance. 8 9A list of changes follows. 10 11cgi.c: 12 13 All headers are now converted into HTTP_ environment 14 variables, not just some. (With the exception that 15 HTTP_CONTENT_LENGTH and HTTP_CONTENT_TYPE are not set, 16 because these are already in other variables, and 17 HTTP_AUTHORIZATION is not set if the user is 18 authenticated by Mathopd.) 19 20 Headers with the same name that occur multiple times 21 in a request are now concatenated. Previous versions 22 did not do this, which meant, for instance, that if 23 two "Cookie" headers where received, one of those 24 would be lost. 25 26 The value of GATEWAY_INTERFACE is now set. 27 If the user is authenticated by Mathopd, the value of 28 AUTH_TYPE is set. 29 30 The value of SERVER_NAME is set to the value of the 31 Host: header sent by the client. This appears to make 32 the most sense, especially for virtual servers that are 33 created with "AnyHost". 34 35 The server no longer allows scripts to run under the same 36 user-id as ourselves. Previously, we would not run a script 37 if neither ScriptUser nor RunScriptAsOwner were set. But 38 that does not catch cases where ScriptUser == User or 39 other anomalies. [!] 40 41 If the "StayRoot" flag is Off, CGI scripts can only run if 42 there is no ScriptUser or RunScriptsAsOwner. Previous 43 versions would ignore these keywords. [!] 44 45 The setting of PATH_INFO and PATH_TRANSLATED is now 46 independent on whether we run as a pure CGI program or 47 an 'External' script. The SCRIPT_FILENAME variable now 48 contains what would be in PATH_TRANSLATED for external 49 scripts. [!] 50 51 External scripts can now be called with added command-line 52 arguments. 53 54 The DNS lookup code has been removed. This means that 55 REMOTE_HOST will never be set. [!] 56 57 The ChildLog is now strftime-expanded, just like the 58 other logs. 59 60config.c: 61 62 The following keywords have been added:- 63 64 NumHeaders 65 ExtraHeaders 66 ScriptTimeout 67 ScriptBufSize 68 PathInfo 69 AutoIndexCommand 70 Backlog 71 TimeTaken 72 LocalAddress 73 LocalPort 74 MicroTime 75 Clobber 76 Wait [!] 77 SanitizePath 78 79 The following keywords have been removed:- 80 81 DNSLookups [!] 82 Name [!] 83 84 The "Virtual" keyword may now be used in a global context 85 as well. If used that way, the virtual server(s) that it 86 defines will be inherited by all subsequent Server blocks. 87 88 The value for the User parameter is now immediately checked 89 at configuration time, and the user and group IDs are stored 90 then. The ScriptUser gets a similar treatment. [!] 91 92core.c: 93 94 Connections are timed out properly. 95 96 The server no longer tries to accept() from a server socket if 97 there is no room for any new connection. 98 99 The connections are now stored in several linked lists, rather 100 than just one. This causes a significant speed increase, 101 especially if the server is run with NumConnections set to a 102 very high number. (It is not very efficient to loop over 1000 103 idle connections every time.) 104 105 As a side-effect of the above, if a connection comes in, and no 106 free connections are available, mathopd clobbers the connection 107 that has been idle for the longest period of time. Previously 108 a more or less random connection would be clobbered. 109 110 On certain systems, Mathopd can use sendfile() to send the 111 contents of a file to the client. At this moment this is known 112 to work on FreeBSD-4 and Linux 2.4 systems. 113 114 Previous Mathopd versions would 'clobber' connections that are 115 idle when it starts to run out of other connections. This 116 behaviour can now be turned off using the Clobber keyword. 117 118 There is a separate timeout for connections that are idling in 119 a keep-alive state between requests, via the "Wait" keyword. [!] 120 121dump.c: 122 123 Some extra statistics counters were added. The per-server 124 'accepted' counters are merged into one. The 'handled' 125 counters have gone, since these will now always equal the 126 'accepted' counters. 127 128 An 'internal dump' has been added to allow dumping to a file 129 in /tmp, rather than dumping to an HTTP client. This is triggered 130 by the SIGWINCH signal. 131 132imap.c: 133 134 Imagemap files are now limited to 1000 lines or less, since 135 processing these can be quite expensive in terms of CPU time. [!] 136 137log.c: 138 139 The server no longer logs to standard error if the '-n' 140 command-line option is set, because that interferes with the 141 ChildLog for forked requests. To get the old behaviour, run 142 Mathopd with the '-t' ('tee') option. [!] 143 144 Time stamps in the request log are more accurate. 145 146 Previous versions would stop logging after the log files were 147 rotated and /dev/stdout or /dev/stderr had been specified as 148 log file. This has been corrected. 149 150main.c: 151 152 The server no longer closes all file descriptors if the 153 '-n' flag is specified. 154 155 All initialization for child processes (i.e. CGI scripts) is 156 now done in the main process, rather than the child process. 157 This change makes it possible to use vfork() rather than 158 fork() to create child processes. This dramatically improves 159 CGI performances on some platforms. 160 161 The second argument to the listen() call is now dynamic via 162 the Backlog keyword. 163 164request.c: 165 166 The "Range" and "If-Range" headers are now handled properly. 167 168 The server now understands and implements the 169 "If-Unmodified-Since" header. [RFC2616] 170 171 If the first line after the Request-Line starts with a space, 172 it is no longer treated as a continuation of the Request-Line. 173 174 The server now returns a 400 rather than 404 error if a 175 virtual server cannot be found. [RFC2616] 176 177 Mathopd now understands requests with an absolute URI in the 178 Request-Line. [RFC2616] 179 180 The "Transfer-Encoding" header is parsed. [RFC2616] 181 182 Despite the above, POST requests to Mathopd that contain a 183 message body must have a Content-Length as well, and no 184 Transfer-Encoding. If a length is not present we return a 185 411 error. (Content-Length is required because CGI does not 186 specify what one should do with input that arrives in chunks.) 187 188 If the AutoIndexCommand is set for a control block, that 189 command is executed when a request is made for a directory 190 and there is no index, as specified by IndexNames. The 191 command may be a CGI script or an External; it may even be a 192 plain file, but that is probably not very useful. 193 194 The server now limits the size of Request-URIs (to 400 195 characters, but this can be changed by redefining STRLEN when 196 compiling the program.) If the Request-URI is too long, a 197 414 error is returned. Note that the size of the query part 198 (the bit that follows the '?' character) is not limited by 199 this factor. 200 201 Mathopd now closes the connection upon receipt of a 'HTTP/0.9' 202 request, that is, a request that does not contain a HTTP 203 version. Thus, we now support HTTP/0.9 requests, in the sense 204 that such requests are treated as an error. There are no 205 HTTP/0.9 browsers left so this should not be a problem. [!] 206 207 The files specified by Error401File etc. can now be CGI scripts. 208 209 Anything that is requested is now opened immediately. 210 Previous versions would call stat() first, which is a 211 time-consuming process. 212 213 As a side-effect, all files that are served by Mathopd must now 214 be readable, including compiled CGI programs. [!] 215 216 If the request included an "Expect: 100-continue" header, the 217 client is apparently sending a request-body next, and no part 218 of the request-body has been received, the server sends a 219 "100-continue" response. [RFC2616] 220 221 Mathopd now closes the connection after it has processed a 222 GET or HEAD request that contained a message body. Previous 223 versions would treat the message body as a new request. 224 225 Mathopd no longer generates Last-Modified dates that are in the 226 future, and ignores If-Modified-Since dates in the future. 227 [RFC2616] 228 229 Mathopd can now (optionally) allow //, /./ and /../ in URL 230 paths. Thanks for Peter Pentchev for suggesting this and providing 231 initial patches. 232 233 Host names that contain a slash are no longer allowed. 234 Problem pointed out by Mateusz Goik. 235 236stub.c: 237 238 This is a new file that contains code to pass data from and to 239 clients and CGI scripts. Originally this code was in the 'phpstub' 240 program, but it has since been mutilated beyond all recognition. 241 242sendfile.c: 243 244 This is a new file. It contains hooks into the sendfile() function. 245 See the comments about sendfile above for details. 246