“Stargazers” bugfix release

This release improves the seccomp filter on linux, so now it should compile and work also on architectures different from amd64 and aarch64.

See the GitHub issue #4.

“Stargazers” hotfix

This is an hotfix release for a bug in the IRI parser that can lead to a denial of service.

IRIs with multiple .. components that ends with .. (but not ../) and that don't escapes the root will cause an infinite loop, locking up one server process.

---

This release also backports the fix for the Dockerfile by @kornellapacz.

“Stargazers”

Blog post.

New features

• reload configuration on SIGHUP without disconnecting the clients
• added block return, strip and entrypoint options
• added a prefork option to control the number of server processes (default: 3)
• added require client ca option to require client certificates signed by a specific CA
• added log option to enable/disable logging per-vhost
• define TLS_CLIENT_NOT_BEFORE and TLS_CLIENT_NOT_AFTER for CGI scripts

Improvements

• improved the directory listing: print the path of the current directory
• for CGI scripts, split the query in words and pass each of them via argv too
• [FreeBSD] add capsicum to the logger process

Bug fixes

• CGI scripts now have only std{in,out,err} open
• change some CGI variables to match the correct behaviour

Breaking changes

• relative paths are not allowed in the configuration file
• some environment variables for CGI script were changed.

“Interstellar Overdrive”

Blog post.

New features

• vhost support
• configuration file
• sandboxed by default on OpenBSD, FreeBSD and linux
• customize the accepted TLS version
• customizable default type
• customizable mime mappings
• provide a dockerfile
• provide a lang parameter when serving text/gemini files
• added a ‘configure’ script
• customizable directory index
• directory listings (disabled by default)
• [config] location blocks support
• chroot support
• punycode support

Improvements

• log ip, port, full request and response code (even for CGI scripts)
• host name matching with globbing rules
• automatically generate TLS certificates when running in config-less mode and no certificate was found

Bugfixes

• [IRI] normalize scheme
• [IRI] normalize hostnames
• [IRI] accept a wider range of codepoints in hostnames
• set SERVER_NAME when executing CGI scripts

Breaking changes

• removed -C, -K flags
• -d changed meaning: the directory to serve is now given as positional parameter and -d is used to specify the directory for the TLS certificates (either autogenerated or not.)

1.4.1: fix build on non-OpenBSD systems

fixes the build on non OpenBSD system

1.4

New stuff:

• uri parser rewritten
• accept only absolute URI in requests
• IRI (Internationalized Resource Identifiers) support (RFC3987)
• dual stack: with -6 will accept also connections over IPv6
• daemon mode by default: pass -f to stays in the foreground
• log also the port, not only the remote IP

Possible breaking changes:

• -l flag retired. Now we log to syslog, or to stderr if -f is given

Bugfixes:

• -d accepts relative paths
• reject connections if the scheme isn't gemini