Releases: Yellow-Camper/libevhtp
v1.2.18
v1.2.18
o Add htp__evbuffer_add_iovec_ helper for libevent < 2.1 (8991567 Nathan French)
o [#122] Fix compilation without deprecated OpenSSL 1.1 APIs (78e8e41 Rosen Penev)
o [#122] Reorganize OpenSSL < 1.0.0 compatibility for greater readability. (8e543fe Rosen Penev)
o [#123] add missing include <sys/types.h> for ssize_t (6a74ec7 maxice8)
o [#123] include sys/types only if EVHTP_HAS_SYS_TYPES is set (0839f8e Nathan French)
o [#122] cleanup for ssl locking changes (7d0fd5d Nathan French)
o better get0_notBefore ssl defs (8ae5cdd Nathan French)
o cleanup / optimization for iovec operations (874a225 Nathan French)
TL;DR:
- SSL 1.x compatability.
- Big performance fixes with iovec scatter/gather io
- General fixes.
Thank you all for your patches, support, and suggestions. DLT:M
v.1.2.17-beta
o Fix cmake include dirs (b7df3fc Piotr Padlewski)
o Change case of oniguruma in package_deps (b8ff92b Piotr Padlewski)
o fix memory leak in evthr_free when compiled with EVHTP_THR_SHARED_PIPE (919e4ea t00416110)
o cleanups / added uncrustify configurations (d008f21 Nathan French)
o Feature/better thread distribution (#102) (1454b6c Nathan French)
o add content-length for client requests (fb1e594 Nathan French)
o add client buffer_out after headers (5c8640c Nathan French)
o added changelog release script (845c193 Nathan French)
o [unescape_string] do not set *out to NULL (reported by @ripulpatel) (606f3e3 Nathan French)
o http access-log API (a0a8641 Nathan French)
o fixed missing exported symbols for header_(new|find) (ec75536 Nathan French)
o access-log API finalization / cleanups and overhauls (5f74f32 Nathan French)
o evhtp_unescape_string tests (ae731f1 Nathan French)
o Added test of a on_connection_finished hook (5a17742 Nathan French)
Thank you all,
Cheers!
- Nathan M<3D
1.2.17-alpha
o Rename test->test_general (test is reservet target name in cmake) (d18c6d0 Vladimir Romanov)
o Fix CMake files (a2fcb3d Vladimir Romanov)
o Fix compilation (74537f5 Vladimir Romanov)
o [#32] fix crash in evhtp_unbind_socket when evlistener fails (8149a84 Nathan French)
o [#31] use CURRENT_SOURCE_DIR instead of SOURCE_DIR in cmake (aa8a989 Nathan French)
o Added EVHTP_DEBUG option (with new logging) (f20e5cf Nathan French)
o minor updates for pull #33 (ccf5ce4 Nathan French)
o Make github stop bitching about newlines. (2c98506 Nathan French)
o transparent reference counting API (6f4dc08 Nathan French)
o Added some debug logs (0a79919 Nathan French)
o use evhtp/onig (76ad658 Nathan French)
o [#38] some extra debug logging (9db2231 Nathan French)
o [#38] I'm an idiot, fix for parser_init. (7c13a57 Nathan French)
o proper format str for logging in parser (de287b0 Nathan French)
o Fix typo in evthr_new()
function name (3cfeb03 Vincent Bernat)
o Use evhtp/onig when system version isn't found. (a59b625 Nathan French)
o fix build on SunOS (0c54892 Sebastian Wiedenroth)
o Parser cleanup. (db040e9 Nathan French)
o add onigposix to build dir evhtp if sys not found (7b9d1a2 Nathan French)
o Ignore me, just formatting. (d911f58 Nathan French)
o Update LICENSE file (new authors / dates), no other changes (12ed7e8 Nathan French)
o fixes #43 (no need to check for -ldl or -lrt (bb0630c Nathan French)
o Likely defect fix for issue 42. Check connection->type to ensure that it is not evhtp_type_client. Also checked for c->htp to not be null in a couple of ssl related functions. (77a0752
Dan Henderson)
o Bugfixes and cleanup for htp__connection_writecb_ (440e5b9 Nathan French)
o Update issues template. (960a788 Nathan French)
o [Bugfix #51] htp__callback_find_ length check fix (44ddf9a Nathan French)
o Better error handling for connection_ssl_new (369fe77 Nathan French)
M<3D
1.2.16
v1.2.16
This release addresses some bugs in the parser reported by @Lixiangyun, additional OpenSSL v1x support, potential deadlocks when it comes to request pausing, and more.
o Added various SSL utility functions (ab190e1 Nathan French)
o Fix compilation with shared libraries (6075565 Vincent Bernat)
o Extensive example of streaming data without hogging memory (8f50b83 Nathan French)
o Added EVHTP_FLAG_ENABLE_ALL to enable all socket flags (756a7e2 Nathan French)
o only warn if setsockopt fails on EOPNOTSUPP (e5a3bdf Nathan French)
o sslutil API updates [documentation / parsers / x-hdr helpers] (22207ad Nathan French)
o OpenSSL 1.1.0 updates (load_/_init/_add) (3819073 Nathan French)
o example_https_server now uses htp_sslutil_verify2opts (086afd1 Nathan French)
o added example_https_client.c (933febf Nathan French)
o [#69] Fix potential out of bound write to p->buf (8b68657 Nathan French)
o [#72] Fix for oob read from htparser_get_strerror (75574ba Nathan French)
o [#70] Do not disable EV_WRITE when pausing requests; The assumption
that libevent would automatically start transferring pending data was wrong. (4cb782d Ultima1252)
Thanks go out to all who submitted patches and reported bugs.
@Ultima1252
@pchero
@ousado
@vincentbernat
@tonylambiris
Cheers! M<3D
v1.2.15
o deprecated unset_hook and set_hook / cleanup (f1d2bd1 Nathan French)
o updated travis configuration (45003e1 Nathan French)
o Latest revision to support multiple SSL versions (4e353ba Tony Lambiris)
o remove silly comment (d3da401 Nathan French)
o check for errors in SSL RAND_(poll|bytes) calls (018dec8 Nathan French)
o Added new virtualhost examples and functions (3467382 Nathan French)
o added example request pausing app (282a1c9 Nathan French)
o Added a more extensive SSL sandbox. (1e0c241 Nathan French)
o Add examples/https/README (6ecf7e7 Nathan French)
o exit failure in example_https when SSL is disabled (0848e08 Nathan French)
o [#26] Use SSL_CTX_use_certificate_chain_file (4c4eb3a Nathan French)
Yours,
Nathan French
M<3D
Version 1.2.14 (SECURITY RELATED)
SECURITY UPDATE
Oniguruma (the regex library used by libevhtp) was packaged with the source; this was dumb. There were several CVE's recently published that made libevhtp insecure when regex was enabled.
NOTE TO USERS
Libevhtp will no longer ship Oniguruma with the source. Instead, the build process will attempt and find a system-installed version. There is a big red warning if it is not found.
A big thanks must go to @flokli (GitHub) for pointing this out!
v1.2.13
I would like to thank everyone that has supported this code with issues and pull requests.
o Rename test->test_general (test is reservet target name in cmake) (d18c6d0 Vladimir Romanov)
o Fix CMake files (a2fcb3d Vladimir Romanov)
o Fix compilation (74537f5 Vladimir Romanov)
o [#32] fix crash in evhtp_unbind_socket when evlistener fails (8149a84 Nathan French)
o [#31] use CURRENT_SOURCE_DIR instead of SOURCE_DIR in cmake (aa8a989 Nathan French)
o Added EVHTP_DEBUG option (with new logging) (f20e5cf Nathan French)
o [#38] some extra debug logging (9db2231 Nathan French)
o [#38] fix for parser_init. (7c13a57 Nathan French)
o proper format str for logging in parser (de287b0 Nathan French)
o Fix typo in evthr_new()
function name (3cfeb03 Vincent Bernat)
o Use evhtp/onig when system version isn't found. (a59b625 Nathan French)
o fix build on SunOS (0c54892 Sebastian Wiedenroth)
o Parser cleanup. (db040e9 Nathan French)
o add onigposix to build dir evhtp if sys not found (7b9d1a2 Nathan French)
o Update LICENSE file (new authors / dates), no other changes (12ed7e8 Nathan French)
o fixes #43 (no need to check for -ldl or -lrt (bb0630c Nathan French)
o Likely defect fix for issue 42. Check connection->type to ensure that it is not evhtp_type_client. Also checked for c->htp to not
be null in a couple of ssl related functions. (77a0752 Dan Henderson)
o Bugfixes and cleanup for htp__connection_writecb_ (440e5b9 Nathan French)
o Update issues template. (960a788 Nathan French)
o [Bugfix #51] htp__callback_find_ length check fix (44ddf9a Nathan French)
o Better error handling for connection_ssl_new (369fe77 Nathan French)
o connection_ssl_new log errors to stderr (a1f6926 Nathan French)
o Add evhtp_query_free for test_query (b150ebe Nathan French)
o Add RPM to package generation (8479c02 Tony Lambiris)
o replace cruft in evhtp_unset_all_hooks with for loop (4e62d69 Nathan French)
o [#55] More flexible package generation (4c5dbe2 Nathan French)
o added colors.cmake for pretty printing (bec3451 Nathan French)
Yours,
Nathan French M<D
1.2.12-1
My release trigger-finger was too unsteady. This fixes a minor bug (which created bigger issues) with heap-allocated values (for key/val headers).
1.2.12
I would like to thank everyone who has shown support with patches, commentary, and issues. If it wasn't for you, none of this would matter. We live in a crazy world, sometimes it's hard to cope with all of the horrors around us. But the open-source community should stand united, to represent and be an example of what international goodwill can produce.
Code often, and code with respect.
Thank you!
Changes
o remove evhtp_heap, never used (d132721 Nathan French)
o remove evhtp_json, never used (aec4b3c Nathan French)
o [Issue#20] Include pathing (80a69cc Nathan French)
o Fix deprecated usage (f4c42c7 Roman Gershman)
o Create issue_template.md (8d1a95f Nathan French)
o [Issue#25] Return NULL if callbacks == NULL for get_cb (cfcdba4 Nathan French)
o adding more null checks. I wish attr(nonull) was portable (9b552b7 Nathan French)
o adding some struct accessor defines to make life easier (613c5bf Nathan French)
o I think I worked out most of the potential derefs (acb42cf Nathan French)
o Fix potential null deref in htp__strndup_ (60b85ca Nathan French)
o Fix dead assignments in parser.c (e0a48e1 Nathan French)
o Eat our own dogfood (use_thread_wexit()) (ea37928 Nathan French)
o No use for strlen() in a loop (6833080 Nathan French)
o use PROJECT_BINARY_DIR for sys/ compat headers (012341c Nathan French)
o return int for htp__path_new_ (bf59eb1 Nathan French)
o more return normalization (91008a6 Nathan French)
o allocation functions set out to NULL (0305c10 Nathan French)
o do not return on error from requie_uri (ddc2ce6 Nathan French)
o added user-defined custom memory functions (73b54c6 Nathan French)
o for some reason, htparser_init was being called manually with type_request?? (a153e5f Nathan French)
o Add htp__strndup_ memfn wrapper (763168c Nathan French)
o add a callback member in evhtp_ssl_cfg_t for customized decrypt privfile. fixes #16 (b3a4d42 h00360646)
o Internalize some structs / deprecate evhtp_set_hook() (50ab327 Nathan French)
o remove cruft (1b1a037 Nathan French)
o add include directory for compat/sys headers (948c547 Nathan French)
o export flag functions (3467cbb Nathan French)
o formatting (4ec8dd3 Nathan French)
o (evhtp_send_reply): Grab reference to bufferevent during write. (a976a2f Marcus Sundberg)
o add thread exit callback for cleaning (0c7d9c4 jgli)
o fix memory leak (a6b00cc jgli)
o fix thread exit callback type (c8978b6 jgli)
o Updates for threading functionality. (b634002 Mark Ellzey)
o Added evhtp_accept_socket (a497a14 Mark Ellzey)
o Forgot to export evhtp_accept_socke. (c94cb5b Mark Ellzey)
o Formatting. (4a78297 Mark Ellzey)
o Maybe I should spell rite. (2114210 Mark Ellzey)
o Fix cmake compilation issue in centos7 (dfc8c2b kaustubh-d)
o Remove double-free when SSL is used. (ee32b2a Jacob Marble)
o Add CPack commands to build a debian package. (0c4a8ec Tom Pusateri)
o [docs] added some doxygen groups (8a247f1 Mark Ellzey)
o check res for bufferevent_socket_connect (#136) (70b68d4 mthomas)
o Regression from commit 67ed0bc (c96c51e Ultima1252)
o Added build/ to gitignore (c64f1dc Mark Ellzey)
o Updating license to include Marcus Sundberg (801c52f Mark Ellzey)
o [htparse] fix up some stuff to make coverity happy (abc7eb4 Mark Ellzey)
o More coverity fixes (7d3cc52 Mark Ellzey)
o check for sockopt returns (534bb48 Mark Ellzey)
o master travis updates (2c6bb88 Mark Ellzey)
o added testbigendian module for old cmake (fb6a866 Mark Ellzey)
o Added initial evhtp_json API (6e48770 Mark Ellzey)
o LICENSE update for ripping liblz json api (fb473ef Mark Ellzey)
o Removing the SIGNED.md file (outdated anyway) (d4bcfa8 Mark Ellzey)
o Update README (6ef073e Mark Ellzey)
o updates / formatting / renames (926e355 Nathan French)
o static funcs from now on will just return int (5112b6d Nathan French)
o fix htp__use_threads_ call error (2ed2f7f weijiazhen)
o FIX : Socket leakage on error #6 (d13b72b Nathan French)
o Issue#6: make evhtp_accept_socket conform to api (d0347dc Nathan French)
o Establish conformity through flags. (58da6dd Nathan French)
o request flags (71341d9 Nathan French)
o EVHTP_CONN flags (087e9a7 Nathan French)
o Flag ops (and related functions) / cleanup (0abc96f Nathan French)
o Add flags accessor (e0f04aa Nathan French)