SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for hiawatha-10.9-21.1.x86_64.rpm :
Mon Aug 7 14:00:00 2017 andre.ramnitzAATTmail.de
- Init repo for Leap 42.x (forked from factory)

* use inbuilt mbedtls lib

Sat Jun 17 14:00:00 2017 fisiuAATTopensuse.org
- Update to version 10.6:

* Added PublicKeyPins option.

* Added renewal-scripts to Let\'s Encrypt script.

* Small changes to CMake build system.

* Added CustomHeaderBackend option.

* Renamed CustomHeader option to CustomHeaderClient. Old name still works.

* Hiawatha ignores FileHashes and ReverseProxy for Let\'s Encrypt
authentication requests.

* Small improvements and bugfixes.

Tue Nov 15 13:00:00 2016 mpluskalAATTsuse.com
- Update to version 10.4:

* SkipCacheCookie option added.

* Added Systemd init script to Debian package.

* Small improvements and bugfixes.
- Small packaging changes and requirements update

Sun Oct 2 14:00:00 2016 fisiuAATTopensuse.org
- Build fails with mbedtls < 2.

Sat Aug 27 14:00:00 2016 mpluskalAATTsuse.com
- Update to version 10.3:

* PreventCSRF, PreventSQLi and PreventXSS improved.

* Prevention of MySQL data mining via SQL injection.

* Added revoke option to Let\'s Encrypt script.

* Hiawatha ignores RequireTLS for Let\'s Encrypt authentication
requests.

* Small bugfixes and improvements.

* Bugfix: possible HTTP request pipelining error after CSRF
prevented.
- Changes for version 10.2:

* Added Let\'s Encrypt script (see extra/letsencrypt).

* Added support for requesting Let\'s Encrypt certificates (see
AccessList and PasswordFile settings in manual page).

* Small improvements.

* Bugfix: HideProxy not working for Forwarded header.
- Changes for 10.1:

* Added Extensions setting.

* Added support for X-Sendfile header.

* mbed TLS updated to 2.2.1.

* Improved SQL injection detection.

* Small bugfixes and improvements.
- Changes for 10.0:

* Usage of Directory sections changed.

* Added support for RFC 5785.

* Added support for GZip compression. Removed the UseGZfile
option.

* Added ECDSA support for TLS 1.0 and TLS 1.1.

* Replaced UrlToolkit Expire option with ExpirePeriod in
Directory section.

* Replaced IgnoreDotHiawatha option with UseLocalConfig.

* Removed the VolatileObject option.

* Improved SQL injection detection.

* mbed TLS updated to 2.2.0.

* Small improvements.
- Changes for 9.15:

* Support for WebSockets via reverse proxy.

* UNIX socket support for connections to WebSockets.

* Responsive design for directory index and error message.

* mbed TLS updated to 2.1.2.

* Fixed mbed TLS linking in CMake configuration.

* ListenBacklog option added.

* Small bugfixes.
- Changes for 9.14:

* mbed TLS updated to 2.0.0.

* Small bugfixes.

* Bugfix: crash when sending very large request to FastCGI
server.

Sat Jun 20 14:00:00 2015 mpluskalAATTsuse.com
- Fix rpmlint warnings

* add rcsymlink

* fix log directory permissions

Mon Jun 15 14:00:00 2015 fisiuAATTopensuse.org
- Update to 9.13:

* Renamed SSLcertFile to TLScertFile.

* Renamed RequireSSL to RequireTLS.

* Renamed SSL_
* CGI environment variables to TLS_
*.

* Renamed UrlToolkit option UseSSL to UseTLS.

* Replaced MinSSLversion by MinTLSversion.

* LogTimeouts option added.

* Added \'skip directories\' parameter to reverse proxy.

* Failed logins sent to Hiawatha Monitor.

* Small bugfix and improvements.

Thu Feb 26 13:00:00 2015 fisiuAATTopensuse.org
- Update to 9.12:

* Bugfix: memory leak in SSL library.

* Small bugfix.

Tue Feb 3 13:00:00 2015 fisiuAATTopensuse.org
- Update to 9.11:

* ChallengeClient option added.

* UrlToolkit options TotalConnections and OmitRequestLog added.

* Improvements to UrlToolkit and reverse proxy swap.

* UrlToolkit rules are also applied to PUT and DELETE.

* Small improvements.

Sun Jan 11 13:00:00 2015 fisiuAATTopensuse.org
- Update to 9.10:

* Support for banning bad clients who connect via a proxy.

* UrlToolkit option Do added. Changed how Call and Skip should be called.

* General UrlToolkit improvements. See config/toolkit.conf for syntax.

* Hiawatha now prefers reverse proxies with a scheme matching the one of the
client connection. See config/toolkit.conf for syntax.

* Hiawatha will now first process UrlToolkit rules before using ReverseProxy.

* Small bugfixes and improvements.

Sat Dec 13 13:00:00 2014 fisiuAATTopensuse.org
- Update to 9.9:

* HTTPAuthToCGI option added.

* BanByCGI option added.

* Improved SSL ciphersuite selections.

* CAcertificates options added.

* Dropped support for SSL3.0.

* Small bugfixes and improvements.

Sun Nov 2 13:00:00 2014 fisiuAATTopensuse.org
- Update to 9.8:

* Added support for websockets. WebSocket option added.

* SSL key and certificate checks added to wigwam.

* Small bugfixes and improvements.

Wed Sep 10 14:00:00 2014 jengelhAATTinai.de
- Avoid generating libpolarssl.so.7, which led to \"have choice
for libpolarssl.so.7: libpolarssl7 hiawatha\" and make other
polarssl-using applications not run in practice because the
library is in a non-standard directory, yet discovered by rpm
as a provider.

Sun Sep 7 14:00:00 2014 fisiuAATTopensuse.org
- Update to 9.7:

* UseToolkit now possible in .hiawatha file at root of website.

* Method option added to URL Toolkit.

* SetResourceLimit option added.

* ThreadKillRate option added.

* Improved SQL injection detection.

* Default value for DHsize set to 2048.

* PolarSSL updated to version 1.3.8.

* Memory allocation debugger module added.

* Small bugfixes and improvements.

* Bugfix: incorrect file hash printing by wigwam with directory as symlink.

Sun Jun 8 14:00:00 2014 fisiuAATTopensuse.org
- Update to 9.6:

* Logfile rotation for access logfiles.

* HTTP Strict Transport Security header made optional for RequireSSL.

* Support for chunked transfer encoded requests (not for PUT).

* Support for improved server statistics in Hiawatha Monitor.

* The Hiawatha Monitor is now supported without the need for XSLT.

* PolarSSL updated to version 1.3.7.

* A few bugfixes as reported by Coverity.

* Bugfix: SQL injection detection was broken since 8.6.

* Bugfix: XSS detection didn\'t work for reverse proxy.

* Small bugfixes.

Sun May 18 14:00:00 2014 fisiuAATTopensuse.org
- Update to 9.5:

* Added support for CGI statistics in Hiawatha Monitor.

* MonitorRequests and MonitorStatsInterval option removed.

* Added support for Origin HTTP header to prevent CSRF.

* EnforceFirstHostname option added.

* ScriptAlias option added.

* PolarSSL updated to version 1.3.6.

* Dropped support for PolarSSL 1.2.

Mon Mar 24 13:00:00 2014 fisiuAATTopensuse.org
- Update to 9.4:

* Keep-Alive connections for reverse proxy made optional.

* ErrorXSLTfile option added.

* IgnoreDotHiawatha option added.

* RandomHeader option added.

* Dropped support for RC4.

* PolarSSL updated to version 1.3.4.

* Added support for Hyper Text Coffee Pot Control Protocol (RFC2324).

* Added SSL_CIPHER to CGI environment.

* Added Public/Private to UrlToolkit expire option.

* Small improvements.

Mon Feb 17 13:00:00 2014 fisiuAATTopensuse.org
- Add firewall rules for http and https.

Thu Dec 12 13:00:00 2013 fisiuAATTopensuse.org
- Update to 9.3.1:

* Several bugfixes in reverse proxy.

Thu Nov 21 13:00:00 2013 fisiuAATTopensuse.org
- Update to 9.3:

* PolarSSL updated to version 1.3.2.

* Added support for Elliptic Curve Cryptography.

* TunnelSSH option added.

* AnonymizeIP option added.

* Keep-alive connections for reverse proxy.

* Small improvements.

Tue Aug 13 14:00:00 2013 fisiuAATTopensuse.org
- Don\'t use cutom pid file in systemd service.
- Fix logrotate config.
- Spec cleanup.

Thu Aug 1 14:00:00 2013 fisiuAATTopensuse.org
- Update source URL.

Mon Jun 24 14:00:00 2013 fisiuAATTopensuse.org
- Drop hiawatha.permissions file and related option. Use 0755 and
%verify(not mode) for %{_sbindir}cgi-wrapper.

Sun Jun 23 14:00:00 2013 fisiuAATTopensuse.org
- Update to 9.2:

* Added support for compiling Hiawatha against the system\'s
default version (>=1.2.0) of the PolarSSL library.

* PolarSSL updated to version 1.2.8.

* Small bugfixes (memory leaks in error situations).

* Bugfix: virtual hostname selection for IPv6 with non-standard
port.

Sun Jun 2 14:00:00 2013 fisiuAATTopensuse.org
- Update to 9.1:

* FileHashes option added.

* PolarSSL updated to version 1.2.7. Enabled ciphersuite
selection based on protocol version.

* Enabled accf_http support for FreeBSD. Thanks to Martin
Tournoij.

* ImageReferer option removed.

* Bugfix: incorrect BanOnFlooding behavior.

* Small improvements.

Thu Apr 4 14:00:00 2013 fisiuAATTopensuse.org
- Update to 9.0:

* Clients handled via thread pool instead of creating threads on
the fly.

* ThreadPoolSize option added.

* Header option added to URL Toolkit.

* Improved client SSL certificate handling. Environment variables
renamed.

* PolarSSL updated to version 1.2.6.

* Improved Reverse Proxy caching support for requests with URL
parameters.

* CacheMinFilesize option removed.

* DenyBot option removed. Use UrlToolkit\'s Header option instead.

* OldBrowser option removed from URL Toolkit. Use Header option
instead.

* Improved UrlToolkit rule testing in wigwam.

* Small bugfixes and improvements.

Wed Mar 20 13:00:00 2013 fisiuAATTopensuse.org
- Run server as wwwrun user.

Fri Mar 8 13:00:00 2013 fisiuAATTopensuse.org
- update to 8.8.1 (changes since 7.7):

* Bugfix: Incorrect size of buffer for poll() can lead to a crash when using
Tomahawk.

* Caching for Reverse Proxy. CacheRProxyExtensions option added.

* Basic HTTP authentication now supports the glibc2 version of crypt().

* Hostname in ImageReferer can now contain a wildcard.

* DenyBody matching is now case insensitive.

* PolarSSL updated to version 1.2.5.

* Support for HTTP Strict Transport Security (RFC 6797). Integrated in
RequireSSL option.

* DHsize option added.

* PolarSSL updated to version 1.2.3.

* CloudFlare headers placed in environment variables.

* Removed php-fcgi.

* Bugfix: slow page loading via Reverse Proxy.

* PolarSSL updated to version 1.2. Added support for TLS 1.2 and secure
renegotiation.

* Added support for Server Name Indication.

* MinSSLversion option added.

* ServerRoot option removed.

* Improved MacOS X package building script.

* Marked php-fcgi as deprecated. Use php-fpm instead.

* Improved Reverse Proxy.

* Changed error message style.

* Renamed Command Channel to Tomahawk.

* Return 403 instead of 401 upon correct password for HTTP authentication but
user not in right group.

* Bugfix: replaced select() with poll() to prevent crashes in case of large
amount of simultaneous connections. Thanks to Peter Bex.

* MaxServerLoad option added.

* PolarSSL updated to version 1.1.4.

* Bugfix: invalid reverse proxy request when URL parameters are present.

* Bugfix: memory leak in SSL library.

* Improved security for reverse proxy (works with PreventSQLi, etc).

* ReverseProxy option added.

* PolarSSL updated to version 1.1.3.

* WebDAVapp option added. Enables support for WebDAV applications like
ownCloud (http://owncloud.org/).

* Removed support for the OPTIONS method.

* AllowDotFiles option added.

* Global forks setting in php-fcgi.conf moved to Server setting.

* BanOnInvalidURL option added.

* PolarSSL updated to version 1.1.1.

* Bugfix: paths missing in default values and examples in manual pages.

* Replaced Autoconf with CMake. Many thanks to Sander Niemeijer.

* Replaced OpenSSL with PolarSSL. Many thanks to Paul Bakker.

* AllowedCiphers and DHparameters options removed.

* Added IE7 to UrlToolkit\'s OldBrowser list, removed IE5.

* MaxUrlLength option added, can return 414 Request-URI Too Long.

* Changed default value of TriggerOnCGIstatus to \'no\'.

* Equalized format of logfiles.

* Extra checks added to php-fcgi.

* Improved SQL injection detection.

* Bugfix: memory leak in PreventSQLi routine.

* Bugfix: potential server freeze with 100% CPU in CGI output caching.

* Bugfix: null byte in HTTP header of cached CGI content.

* Control CGI output cache via X-Hiawatha-Cache and X-Hiawatha-Cache-Remove
CGI headers. See the CGI OUTPUT CACHE section in the manual page.

* BanOnWrongPassword now also triggers on wrong username.

* Bugfix: timeout issue with large POST requests on SSL connections.

Sun Oct 9 14:00:00 2011 detlefAATTlinks2linux.de
- new upstream version <7.7>

* First parameter of Alias can now contain subdirectories.

* Improved stability for connections with SSL client authentication.

* Bugfix: BanOnFlooding was broken.

Mon Sep 5 14:00:00 2011 detlefAATTlinks2linux.de
- new upstream version <7.6>

* PreventSQLi option rewritten.

Wed Jun 1 14:00:00 2011 detlefAATTlinks2linux.de
- new upstream version <7.5>

* OldBrowser option added to URL toolkit.

* Improved mimetype configuration.

* Do-not-track HTTP header support.

* Password file entries can now be created with Wigwam.

* Small bugfixes and improvements.

* Bugfix: sent one byte too few for Range -XX.

* Bugfix: possible crash when using PreventSQLi.

Tue Apr 12 14:00:00 2011 detlefAATTlinks2linux.de
- new upstream version <7.4.1>

* Bugfix: integer overflow in fetch_request() which could
lead to a server crash.

Mon Nov 15 13:00:00 2010 detlefAATTlinks2linux.de
- new upstream version <7.4>

* Connections per IP added to RequestLimitMask.

* NoExtensionAs made a per-host setting.

* Small bugfixes and improvements.

* Bugfix: usage of HideProxy caused Hiawatha to refuse new connections
after ConnectionsTotal connections.

* Bugfix: memory leak in XSLT module.

Fri Jun 11 14:00:00 2010 detlefAATTlinks2linux.de
- new upstream version <7.3>

* RequestLimitMask option added.

* URL parameters for ErrorHandler.

* Support for Haiku OS.

* Small security bugfixes.

Thu Apr 22 14:00:00 2010 detlefAATTlinks2linux.de
- new upstream version <7.2>

* URL toolkit code restructured.

* UseSSL option added to URL toolkit.

* Digest HTTP authentication works with htdigest(1) created password files.

* Small improvements.

Mon Mar 29 14:00:00 2010 detlefAATTlinks2linux.de
- new upstream version <7.1>

* Small bugfixes.

* Bugfix: deny access and redirect result via toolkit subroutine.

* Bugfix: broken flooding protection.

Mon Feb 15 13:00:00 2010 detlefAATTlinks2linux.de
- new upstream version <7.0>
- added logrotate/init file.

Mon Mar 9 13:00:00 2009 mrueckertAATTsuse.de
- update to 6.11


  
ICM