release.txt

嵌入式Linux系统用的web server,开源代码,非常好用

=====================================
GoAhead WebServer 2.1.8 Release Notes
=====================================

.. NOTES:
.. This document is maintained using the reStructuredText markup system. 
.. You may download this from <http://docutils.sf.net>. Also note that running 
.. the docutils code requires that a version of Python version 2.1 or later
.. be installed on the machine. Since the GoAhead release procedure itself 
.. runs in Python, this should not be a problem.
.. 
.. To add new entries to the release notes, follow the markup shown below 
.. (releases should be underlined with a row of '=' characters, each item
.. noted within a release should be underlined with '-' characters.


.. contents::

GoAhead WebServer 2.1.8 Release Notes
=====================================

Release Date:
   02 Dec 2003

Problems with Unicode build
----------------------------------------

Description:
   Missing T() caused trouble in Unicode build.

Fix:
   Added T() macros.

Modified for Windows CE .NET
----------------------------------------

Description:
   Modified to work with Windows CE .NET and eMbedded Visual C++ 4.

Bug with URLs like "<...>.asp/" 
----------------------------------------

Description:
   URLs ending in ".asp/", ".asp\\", ".as%70" and other variants made the
   WebServer serve Ejscript source code.

Fix: 
   Added code to ignore these differences.

GoAhead WebServer 2.1.7 Release Notes
=====================================

Release Date:
   01 Oct 2003

Added support for the Mocana SSL Toolkit
----------------------------------------

Description:
   Added support for Mocana Corporation's embedded SSL server

Changes to ``dbSearchString()``
-------------------------------

Description:
   
   Pass ``DB_CASE_INSENSITIVE`` as the "flags" argument to
   dbSearchString() to force a case-insensitive search.
   

Use ``memcpy()`` when converting to/from Unicode
------------------------------------------------
Description:
   The functions ``uniToAsc()`` and ``ascToUni()`` were using the relatively
   slow ``strncpy()`` runtime library function. 

Fix:
   A new preprocessor macro ``kUseMemcopy`` was added to ``misc.c``, and both
   functions were recoded to use ``memcpy()`` when that macro is defined.
   Remove the definition to revert to the earlier code, using ``strncpy()``.


Bug when using UTF-8 encoded text inside ASP/Ejscript blocks   
---------------------------------------------------------------

Description:
   When reading ASP code containing UTF-8 encoded source text, any characters
   encountered having a value > 127 were treated as an error by the parser.

Fix:
   The ring queue code in ``ringq.c`` was modified so that it can correctly
   handle any character it encounters by casting to unsigned char before
   casting back to signed integer.

Wrong error code on invalid password
------------------------------------

Description:
   The WebServer was sending back an inappropriate error code when it received
   an incorrect password.

Fix:
   Changed error code returned from ``405`` to ``401``. (Thanks to Jay
   Chalfant).

Windows CE .NET   
-----------------

Description:
   Removed "compatibility functions" that are directly supported in Windows
   CE .NET.

LYNX ``Makefile``
-----------------

Description:
   Corrected problem in LYNX Makefile that prevented OpenSSL from being linked
   in correctly.

GoAhead WebServer 2.1.6 Release Notes
=====================================
Release Date:
   25 Mar 2003

``NULL`` pointer crash in ``websSafeUrl()``
-------------------------------------------

Description:
   Passing a NULL pointer into the ``websSafeUrl()`` function (as would happen
   when the server is processing an invalid URL) crashes the server.

Fix:
   Code modified to check for NULL pointer before performing any string
   operations.


GoAhead WebServer 2.1.5 Release Notes
=====================================
Release Date:
   19 Mar 2003



``bopen()`` failure mode
------------------------



Description:
   New failure behavior for ``bopen()`` (see ``balloc.c``)

Fix:
   Changed failure behavior of the bopen() function (suggested by Simon
   Byholm).  If the malloc() request fails, we reset the bopenCount
   variable, and thus allow the client code to reattempt the open with
   a smaller memory request.

   
Windows 95/98/ME ``AUX`` Denial of Service
------------------------------------------


  
Description:
   When running on Windows 95/98/ME, URLs requested with path components
   matching a set of reserved DOS device names caused the WebServer to crash.
   
   The names that cause the crash are::

      aux
      con
      nul
      clock$
      config$

   
   

Fix:
   Code added to the ``websValidateUrl()`` function to check the contents of
   the parsed URL against the list of prohibited names. If any of those names
   are present in the parsed URL, the URL is rejected as invalid.

   The code that checks for these prohibited pathname components checks for
   them in the form of either::

      http://<<server address>>/aux

   or::

      http://<<server address>>/aux:

   where any non-alphanumeric character following one of the prohibited names
   will cause the URL request to be rejected.


404 Cross-site Scripting Exploit   
-----------------------------------


Description:
   Malicious users could request an invalid URL containing embedded JavaScript
   code that would be executed in the user's browser.

Fix:
   404 (and other error messages) returned by the WebServer no longer display
   the invalid URL.

Long URL Overflow Crash
-----------------------


Description:
   URLs containing more than 64 levels of path components caused the WebServer
   to crash, entering a buffer overflow condition.

Fix:
   The WebServer now keeps track of the depth as it validates the URL. URLs
   that are too long are now rejected with an error message.

Incorrect Error Code in ``security.c``
--------------------------------------


Description:
   Pages assigned an access level of ``AM_NONE`` should return an error code
   of 404 instead of 400 when an attempt it made to access them.

Fix:
   Error code corrected.

Pragma Code for RISC Architectures   
-------------------------------------


Description:
   A pragma was not set correctly when compiling for SPARC machines.

Fix:
   Code added to ``uemf.h``::
      
      #ifdef sparc
      # define __NO_PACK
      #endif /* sparc */




   
GoAhead