gmid 1.8.3 "Lightbulb Sun" bugfix release
=========================================
Released March 27, 2022.
signify(1) pubkeys for this release:
RWTy3UJQzpxBUAymBwb2EGLLm0b3H/1n8hzhaC9HYFYzNuTavGt9QSwC
Bug Fixes
~~~~~~~~~
* fix a possible out-of-bound access in the CGI handling. It was
introduced last October during a refactoring, but due to how
many malloc(3) implementations works this hasn't been found
until now. Otto' malloc is more strict fortunately.
gmid 1.8.2 "Lightbulb Sun" bugfix release
=========================================
Released March 26, 2022.
signify(1) pubkeys for this release:
RWTy3UJQzpxBUAymBwb2EGLLm0b3H/1n8hzhaC9HYFYzNuTavGt9QSwC
Bug Fixes
~~~~~~~~~
* fix a CGI timing issue: if a connection handled by a CGI scripts
is interrupted with the right timing it causes the server
process to exit with "fatal in client_by_id: invalid id X".
New Features
~~~~~~~~~~~~
* add a new block `type { ... }' to define mime types mapping.
Improvements
~~~~~~~~~~~~
* use shell built-in `command' instead of which(1), prodded by
cage and Allen Sobot.
* configure script: allow to set MANDIR from cmdline (Allen Sobot)
* add systemd-sysusers sample file in contrib/ (Nakaya)
* [linux/seccomp] allow fstatat64(2), llseek(2) and sigreturn(2),
needed by glibc on armv7. (Tobias Berger)
* [linux/seccomp] tightens rules by allowing openat(2) only with
the O_RDONLY flag.
Currently dogfooding this patch at gemini.sgregoratto.me. To test,
run the following command and look for the "OCSP response" header:
openssl s_client -connect "gemini.sgregoratto.me:1965" -status
This adds a barebone dumping of the parsed configuration. It is not
complete, but I'm interested in dumping the full path to `cert' and
`key' in order to write some scripts that can inspect the
configuration, extract the certificates and renew them when expired
automatically.
It's not easy to parse gmid configuration otherwise because the syntax
is flexible and users can use macros. Instead, the idea is to run
gmid and let it dump the configuration once it's been parsed in a
static and predictable format.
Now is possible to parse gmid configuration with, say, awk or perl.
Just read in a mail from Ingo to tech@
> Using \\ outside macro definitions (i.e., outside the bodies of roff(7)
> .de and similar requests) is almost always wrong even in low-level roff
> code, and \\ must never be used in manual pages.
This version includes two bugfixes:
- use ${MAKE} to recursively call make
- fix the misleading example in the man page: macros name may not be
reserved words
Both bugs found and fixed by Anna “CyberTailor”, thanks!
In the same spite of the last commit, add the missing separators
between strings to avoid the auto-concat pitfalls. `=>' is used to
separate between `env' and `param' arguments, while for `fastcgi' the
keyword `port' is required between the hostname/ip address and the
port (if provided).
Since `env', `param' and `fastcgi' are all new stuff, there's no need
to keep compatibility.
With the newish automatic string concatenation, options like `mime'
that accepts two strings as parameter start to become ambiguous: which
strings gets concatenated? Instead of trying to document in the
manpage which argument(s) is subject to string concatenation, do the
concat always and introduce a separator. In the case of mime,
`to-ext' now acts as a separator to distinguish. While there, also
use a new keyword because it sounds better.
It's dead-easy to upgrade to the new configuration, possibly with some
sed magic, but for the moment the old `mime' form is preserved: (with
a warning!) Will be dropped in the next release.
Now that we have this auto concat string thingy, macros can simply
expand to standalone strings in place, as single words.
Forgot to point it out in previous commits, but now we can
cert = "/etc/keys"
server "foo" {
cert $cert "/foo.crt"
...
}
Omar Polo
Stephen Gregoratto
Anna “CyberTailor”