Permalink
Browse files

Release 9.1

  • Loading branch information...
1 parent 8030ce0 commit 5d663cd5db31a8a7a5c96e090de1c6a45d9f303a @hsleisink committed Apr 16, 2013
View
@@ -1 +0,0 @@
-The Hiawatha webserver has been written by Hugo Leisink <hugo@leisink.net>.
View
@@ -14,13 +14,13 @@ set(hiawatha_src
src/cgi.c
src/client.c
src/envir.c
+ src/filehashes.c
src/hiawatha.c
src/http.c
src/httpauth.c
+ src/ip.c
src/libfs.c
- src/libip.c
src/liblist.c
- src/libssl.c
src/libstr.c
src/log.c
src/mimetype.c
@@ -29,6 +29,7 @@ set(hiawatha_src
src/send.c
src/serverconfig.c
src/session.c
+ src/ssl.c
src/target.c
src/tomahawk.c
src/toolkit.c
@@ -37,14 +38,14 @@ set(hiawatha_src
src/xslt.c
)
if(NOT ENABLE_SSL)
- set(hiawatha_src ${hiawatha_src} polarssl/library/base64.c polarssl/library/md5.c)
+ set(hiawatha_src ${hiawatha_src} polarssl/library/base64.c polarssl/library/md5.c polarssl/library/sha2.c)
endif()
# ssi-cgi sources
set(ssi_cgi_src
src/alternative.c
+ src/ip.c
src/libfs.c
- src/libip.c
src/liblist.c
src/libstr.c
src/ssi-cgi.c
@@ -53,13 +54,15 @@ set(ssi_cgi_src
# wigwam sources
set(wigwam_src
src/alternative.c
+ src/filehashes.c
+ src/ip.c
src/libfs.c
- src/libip.c
src/libstr.c
src/liblist.c
src/toolkit.c
src/wigwam.c
polarssl/library/md5.c
+ polarssl/library/sha2.c
)
# configuration files
View
@@ -22,6 +22,7 @@ include(CheckIncludeFile)
include(CheckIncludeFiles)
include(CheckFunctionExists)
include(CheckLibraryExists)
+include(CheckSymbolExists)
if(ENABLE_XSLT)
include(FindLibXml2)
include(FindLibXslt)
@@ -31,7 +32,7 @@ include(cmake/CopyIfNotExists.cmake)
# Settings
set(HIAWATHA_VERSION_MAJOR 9)
-set(HIAWATHA_VERSION_MINOR 0)
+set(HIAWATHA_VERSION_MINOR 1)
set(HIAWATHA_VERSION_PATCH 0)
string(TOLOWER ${CMAKE_PROJECT_NAME} PROJECT_NAME)
if(${HIAWATHA_VERSION_PATCH} EQUAL 0)
@@ -68,6 +69,8 @@ check_library_exists(crypt crypt_r "" HAVE_CRYPT_R)
check_library_exists(network socket "" HAVE_NETWORK_LIBRARY)
check_library_exists(z gzdopen "" HAVE_Z_LIBRARY)
+check_symbol_exists("SO_ACCEPTFILTER" "sys/socket.h" HAVE_ACCF)
+
if(HAVE_CRYPT_LIBRARY)
set(CRYPT_LIBRARY "crypt")
endif()
View
@@ -1,3 +1,17 @@
+hiawatha (9.1) stable; urgency=low
+
+ * FileHashes option added.
+ * PolarSSL updated to version 1.2.7. Enabled ciphersuite selection based
+ on protocol version.
+ * Enabled accf_http support for FreeBSD. Thanks to Martin Tournoij.
+ * Better handling of previous installed configuration files under MacOS X.
+ Thanks to Sander Niemeijer.
+ * ImageReferer option removed.
+ * Bugfix: incorrect BanOnFlooding behavior.
+ * Small improvements.
+
+ -- Hugo Leisink <hugo@leisink.net> Mon, 15 Apr 2013 17:56:48 +0200
+
hiawatha (9.0) stable; urgency=low
* Clients handled via thread pool instead of creating threads on the fly.
View
37 INSTALL
@@ -1,37 +0,0 @@
-If your CMake version is lower than 2.8.4, download the latest version from http://www.cmake.org/cmake/resources/software.html and install it. Make sure other CMake versions are removed from your system.
- tar -xzf cmake-<version>.tar.gz
- cd cmake-<version>
- ./configure
- sudo make install
-
-Use the following commands to compile and install Hiawatha. This will install Hiawatha in /usr/local.
- mkdir build
- cd build
- cmake .. [options]
- sudo make install/strip
-
-The following options for cmake are available. Default value is in uppercase.
- -DENABLE_CACHE=ON|off Enable internal cache support.
- -DENABLE_DEBUG=on|OFF Enable debug information (for development only).
- -DENABLE_IPV6=ON|off Enable IPv6 support.
- -DENABLE_MONITOR=on|OFF Enable support for the Hiawatha Monitor.
- -DENABLE_RPROXY=ON|off Enable reverse proxy support.
- -DENABLE_SSL=ON|off Enable SSL (PolarSSL) support.
- -DENABLE_TOMAHAWK=on|OFF Enable Tomahawk, Hiawatha command shell.
- -DENABLE_TOOLKIT=ON|off Enable the URL Toolkit.
- -DENABLE_XSLT=ON|off Enable XSLT support.
-
-The following path settings are available for cmake.
- -DCMAKE_INSTALL_PREFIX=<path> The prefix for all other CMAKE_INSTALL directories.
- -DCMAKE_INSTALL_BINDIR=<path> Location of the ssi-cgi binary.
- -DCMAKE_INSTALL_SBINDIR=<path> Location of the other Hiawatha binaries.
- -DCMAKE_INSTALL_SYSCONFDIR=<path> The configuration files will be installed in <path>/hiawatha.
- -DCMAKE_INSTALL_LIBDIR=<path> The PolarSSL shared library will be installed in <path>/hiawatha.
- -DCMAKE_INSTALL_MANDIR=<path> Manual pages will be installed in <path>/man1.
- -DCONFIG_DIR=<path> Location of the Hiawatha configuration files.
- -DLOG_DIR=<path> Log directory used in the default hiawatha.conf.
- -DPID_DIR=<path> Location of the Hiawatha PID file.
- -DWEBROOT_DIR=<path> Webroot directory used in the default hiawatha.conf.
- -DWORK_DIR=<path> Path of directory where Hiawatha can write temporary files.
-
-Look inside the directory 'extra' for scripts to build packages for Debian, MacOS X and Windows (via Cygwin).
View
@@ -1,9 +1,57 @@
Hiawatha
========
+Hiawatha is an open source webserver with security, easy to use and lightweight as the three key features. It supports among others (Fast)CGI, IPv6, URL rewriting and reverse proxy and has security features no other webserver has, like blocking SQL injections, XSS, CSRF and exploit attempts. Hiawatha runs perfectly on Linux, BSD and MacOS X.
-Hiawatha is an open source webserver with security, easy to use and lightweight as the three key features. Hiawatha supports among others (Fast)CGI, IPv6, URL rewriting and reverse proxy. It has security features no other webserver has, like blocking SQL injections, XSS and CSRF attacks and exploit attempts. The built-in monitoring tool makes it perfect for large scale deployments.
+The Hiawatha webserver has been written by Hugo Leisink <hugo@leisink.net>. More information about the Hiawatha webserver can be found at http://www.hiawatha-webserver.org/.
Installation
------------
+If the CMake version installed on your system is lower than 2.8.4, remove it, download the latest version from http://www.cmake.org/cmake/resources/software.html and install it.
-See the INSTALL file for installation instructions.
+ tar -xzf cmake-<version>.tar.gz
+ cd cmake-<version>
+ ./configure
+ sudo make install
+
+Use the following commands to compile and install Hiawatha. This will install Hiawatha in /usr/local.
+
+ mkdir build
+ cd build
+ cmake .. [options]
+ sudo make install/strip
+
+The following options for cmake are available. Default value is in uppercase.
+
+ -DENABLE_CACHE=ON|off Enable internal cache support.
+ -DENABLE_DEBUG=on|OFF Enable debug information (for development only).
+ -DENABLE_IPV6=ON|off Enable IPv6 support.
+ -DENABLE_MONITOR=on|OFF Enable support for the Hiawatha Monitor.
+ -DENABLE_RPROXY=ON|off Enable reverse proxy support.
+ -DENABLE_SSL=ON|off Enable SSL (PolarSSL) support.
+ -DENABLE_TOMAHAWK=on|OFF Enable Tomahawk, the Hiawatha command shell.
+ -DENABLE_TOOLKIT=ON|off Enable the URL Toolkit.
+ -DENABLE_XSLT=ON|off Enable XSLT support.
+
+The following path settings are available for cmake.
+
+ -DCMAKE_INSTALL_PREFIX=<path> The prefix for all other CMAKE_INSTALL directories.
+ -DCMAKE_INSTALL_BINDIR=<path> Location of the ssi-cgi binary.
+ -DCMAKE_INSTALL_SBINDIR=<path> Location of the other Hiawatha binaries.
+ -DCMAKE_INSTALL_SYSCONFDIR=<path> The configuration files will be installed in <path>/hiawatha.
+ -DCMAKE_INSTALL_LIBDIR=<path> The PolarSSL shared library will be installed in <path>/hiawatha.
+ -DCMAKE_INSTALL_MANDIR=<path> Manual pages will be installed in <path>/man1.
+ -DCONFIG_DIR=<path> Location of the Hiawatha configuration files.
+ -DLOG_DIR=<path> Log directory used in the default hiawatha.conf.
+ -DPID_DIR=<path> Location of the Hiawatha PID file.
+ -DWEBROOT_DIR=<path> Webroot directory used in the default hiawatha.conf.
+ -DWORK_DIR=<path> Path of directory where Hiawatha can write temporary files.
+
+Look inside the directory 'extra' for scripts to build packages for Debian, MacOS X and Windows (via Cygwin).
+
+Related projects
+----------------
+The Hiawatha Monitor is a monitoring tool for Hiawatha. It helps you to keep track of all your Hiawatha installation. It's a PHP5 webapplication and requires a MySQL database and the cron daemon for periodic downloading of statistical information from the webservers it monitors. More information about the Hiawatha Monitor can be found at http://hiawatha-webserver.org/monitor.
+
+The Banshee PHP framework has also been written with security in mind. It has a Model-View-Controller architecture (XSLT for the views) and requires a MySQL database. More information about Banshee can be found at http://www.banshee-php.org/.
+
+Other interesting projects can be found at http://projects.leisink.net/.
View
@@ -47,3 +47,7 @@
#cmakedefine HAVE_STRNCASECMP ${HAVE_STRNCASECMP}
#cmakedefine HAVE_STRNSTR ${HAVE_STRNSTR}
#cmakedefine HAVE_STRCASESTR ${HAVE_STRCASESTR}
+
+/* Features
+ */
+#cmakedefine HAVE_ACCF ${HAVE_ACCF}
@@ -5,7 +5,7 @@ cd /usr/local/etc/hiawatha
files="cgi-wrapper.conf hiawatha.conf index.xslt mimetype.conf"
for file in $files ; do
- if [ -f $file.installer.backup ]; then
- mv $file.installer.backup $file
- fi
-done
+ if [ -f $file.installer.backup ]; then
+ mv -f $file.installer.backup $file
+ fi
+done
@@ -5,7 +5,7 @@ cd /usr/local/etc/hiawatha
files="cgi-wrapper.conf hiawatha.conf index.xslt mimetype.conf"
for file in $files ; do
- if [ -f $file ]; then
- mv $file $file.installer.backup
- fi
+ if [ -f $file ]; then
+ mv -f $file $file.installer.backup
+ fi
done
@@ -16,7 +16,7 @@ fi
# Checking for tools required for building a MacOS X package
#
echo "-- Checking for required tools"
-tools="/usr/bin/cc /usr/bin/pkgbuild /usr/bin/productbuild /usr/bin/hdiutil"
+tools="/usr/bin/gcc /usr/bin/pkgbuild /usr/bin/productbuild /usr/bin/hdiutil"
missing=""
for tool in ${tools}; do
if [ ! -f ${tool} ]; then
View
@@ -179,7 +179,7 @@ Logfile for all misformed HTTP requests.
.br
Example: GarbageLogfile = @LOG_DIR@/garbage.log
.TP
-.B HideProxy = <ip-address>[, <ip-address>, ...]
+.B HideProxy = <ip-address>[/netmask][, <ip-address>[/netmask], ...]
A request sent from the supplied IP address will be searched for a X-Forwarded-For header. When found, the last IP address in that field will be used as the client IP address. Make sure you only allow trusted reverse proxies in this IP list. This option does not affect the ConnectionsPerIP setting.
.br
Example: HideProxy = 192.168.10.20
@@ -339,6 +339,11 @@ The binding ID can be used to hook a virtual host to a binding (see RequiredBind
.br
Example: BindingId = LAN
.TP
+.B EnableAccf = yes|no
+Enable the HTTP accept filter. This is only available on FreeBSD. This requires the accf_http kernel module to be loaded.
+.br
+Default = no, example: EnableAccf = yes
+.TP
.B EnableAlter = yes|no
Enable the PUT and DELETE HTTP request method for this binding (see AlterList and UploadDirectory for more information).
.br
@@ -464,6 +469,11 @@ Allow execution of CGI programs.
.br
Default = no, example: ExecuteCGI = yes
.TP
+.B FileHashes = <file containing file hashes>
+Points Hiawatha to a file containing SHA256 hashes for every file in the webroot directory. Before serving a file, Hiawatha checks the file hash of that file. If it doesn't match, access is denied. This protects against file changes or uploading of malware. FastCGI scripts are also checked if the FastCGI server can be reached via a UNIX socket. The file hashes file can be created via the -s option of the wigwam(1) tool.
+.br
+Example: FireHashes = /etc/hiawatha/hashes/my_website.txt
+.TP
.B FollowSymlinks = yes|no
Allow Hiawatha to follow symlinks to files and directories. Symlinks that stay inside the webroot or are owned by root are always followed. Note that this does not apply to CGI's which are executed via FastCGI, because Hiawatha is not able to look for symlinks on remote FastCGI servers.
.br
@@ -474,11 +484,6 @@ Name(s) of the host that Hiawatha will be serving. May start with a wildcard, ex
.br
Example: Hostname = www.my-domain.com, *.my-domain.com, www.some-alias.com
.TP
-.B ImageReferer = hostname[, hostname, ...]:<alternative image>
-If the referer of a request for an image is not one of the specified hosts, return the alternative image instead.
-.br
-Example: ImageReferer = my-domain.com:/var/www/pics/forbidden.gif
-.TP
.B LoginMessage = <text>
Message that will be displayed in the login window in case of HTTP authentication (see PasswordFile for more information). When using Digest HTTP authentication, the LoginMessage should not contain a ':' sign.
.br
@@ -671,9 +676,6 @@ Default = no, example: UseGZfile = yes
.B FollowSymlinks
,
.br
-.B ImageReferer
-,
-.br
.B PasswordFile
,
.br
@@ -769,7 +771,7 @@ Perform an action when the client is connection via a SSL secured connection, wh
Call, Exit, Goto, Return or Skip.
.TP
-The <action> statements mentioned above are described here:
+An exclamation mark in front of a pattern (negative pattern matching) makes Hiawatha perform the action when the pattern does not match. The <action> statements mentioned above are described here:
.TP
.B Ban <seconds>
.br
View
@@ -21,6 +21,8 @@ wigwam - check the Hiawatha webserver configuration for non-critical errors
.br
-q: don't print the test results.
.br
+-s: print file hashes for current directory.
+.br
-t <toolkit_id>: test URL toolkit rule(s).
.br
-v: show version and exit.
View
@@ -1,5 +1,17 @@
PolarSSL ChangeLog
+= Version 1.2.7 released 2013-04-13
+Features
+ * Ability to specify allowed ciphersuites based on the protocol version.
+
+Changes
+ * Default Blowfish keysize is now 128-bits
+ * Test suites made smaller to accommodate Raspberry Pi
+
+Bugfix
+ * Fix for MPI assembly for ARM
+ * GCM adapted to support sizes > 2^29
+
= Version 1.2.6 released 2013-03-11
Bugfix
* Fixed memory leak in ssl_free() and ssl_reset() for active session
@@ -606,7 +606,7 @@
: "=m" (c), "=m" (d), "=m" (s) \
: "m" (s), "m" (d), "m" (c), "m" (b) \
: "r0", "r1", "r2", "r3", "r4", "r5", \
- "r6", "r7", "r8", "r9" \
+ "r6", "r7", "r8", "r9", "cc" \
);
#else
@@ -640,7 +640,7 @@
: "=m" (c), "=m" (d), "=m" (s) \
: "m" (s), "m" (d), "m" (c), "m" (b) \
: "r0", "r1", "r2", "r3", "r4", "r5", \
- "r6", "r7" \
+ "r6", "r7", "cc" \
);
#endif /* Thumb */
@@ -198,6 +198,9 @@ int md_free_ctx( md_context_t *ctx );
*/
static inline unsigned char md_get_size( const md_info_t *md_info )
{
+ if( md_info == NULL )
+ return( 0 );
+
return md_info->size;
}
@@ -210,6 +213,9 @@ static inline unsigned char md_get_size( const md_info_t *md_info )
*/
static inline md_type_t md_get_type( const md_info_t *md_info )
{
+ if( md_info == NULL )
+ return( POLARSSL_MD_NONE );
+
return md_info->type;
}
@@ -222,6 +228,9 @@ static inline md_type_t md_get_type( const md_info_t *md_info )
*/
static inline const char *md_get_name( const md_info_t *md_info )
{
+ if( md_info == NULL )
+ return( NULL );
+
return md_info->name;
}
Oops, something went wrong.

0 comments on commit 5d663cd

Please sign in to comment.