File hiawatha.changes of Package hiawatha

-------------------------------------------------------------------
Wed Jul 24 09:26:57 UTC 2019 - matthias.gerstner@suse.com

- removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by
  firewalld, see [1].

  [1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html

-------------------------------------------------------------------
Mon Mar  4 20:13:01 UTC 2019 - Mariusz Fik <fisiu@opensuse.org>

- Update to version 10.9:
  * Let's Encrypt script installed via CMake.
  * Bugfix: Directory traversal when AllowDotFiles is enabled.
  * Small improvements.

-------------------------------------------------------------------
Wed Sep 26 18:37:47 UTC 2018 - fisiu@opensuse.org

- Update to version 10.8.3:
  * Several fixes in build system
  * Added build system for nghttp2
  * New style for directory index
  * uri_depth added to XML for directory index

-------------------------------------------------------------------
Tue May  8 20:49:52 UTC 2018 - fisiu@opensuse.org

- Update to version 10.8.1.:
  * Removed support for secp192r1 and secp192k1 curves, to make it PCI DSS
    compliant out of the box.
  * Small improvements to Let's Encrypt ACMEv2 script.

-------------------------------------------------------------------
Mon Mar 26 21:47:26 UTC 2018 - fisiu@opensuse.org

- Ship Let's Encrypt script within subpackage.

-------------------------------------------------------------------
Mon Mar 26 20:46:56 UTC 2018 - fisiu@opensuse.org

- Add firewalld config files for Leap/SLE >= 15 and TW.

-------------------------------------------------------------------
Mon Mar 26 19:59:45 UTC 2018 - fisiu@opensuse.org

- Update to version 10.8:
  * New Let's Encrypt script that supports ACME v2.
  * Added Syslog option.
  * Added GZipExtensions option.
  * AllowDotFiles now used to show hidden files in directory listings.
  * Removed support for static RSA ciphers.
  * Hiawatha log format changed.
  * Small improvements.
  * Bugfix: certain characters in filenames disrupted directory index output.
  * Bugfix: requesting non-regular files now results in a 403 instead of
    blocking that thread.

-------------------------------------------------------------------
Sat Feb 17 20:21:12 UTC 2018 - fisiu@opensuse.org

- Fix build with mbedtls 2.7.0.

-------------------------------------------------------------------
Tue Oct 24 19:48:10 UTC 2017 - fisiu@opensuse.org

- Update to version 10.7:
  * Connect to a Unix socket via a reverse proxy.
  * Added BlockExtensions setting.
  * Small improvements.
  * Bugfix: error in handling renewal scripts in Let's Encrypt script.

-------------------------------------------------------------------
Sat Jun 17 08:33:13 UTC 2017 - fisiu@opensuse.org

- Update to version 10.6:
  * Added PublicKeyPins option.
  * Added renewal-scripts to Let's Encrypt script.
  * Small changes to CMake build system.
  * Added CustomHeaderBackend option.
  * Renamed CustomHeader option to CustomHeaderClient. Old name still works.
  * Hiawatha ignores FileHashes and ReverseProxy for Let's Encrypt
    authentication requests.
  * Small improvements and bugfixes.

-------------------------------------------------------------------
Tue Nov 15 16:08:30 UTC 2016 - mpluskal@suse.com

- Update to version 10.4:
  * SkipCacheCookie option added.
  * Added Systemd init script to Debian package.
  * Small improvements and bugfixes.
- Small packaging changes and requirements update

-------------------------------------------------------------------
Sun Oct  2 19:30:49 UTC 2016 - fisiu@opensuse.org

- Build fails with mbedtls < 2.

-------------------------------------------------------------------
Sat Aug 27 11:43:20 UTC 2016 - mpluskal@suse.com

- Update to version 10.3:
  * PreventCSRF, PreventSQLi and PreventXSS improved.
  * Prevention of MySQL data mining via SQL injection.
  * Added revoke option to Let's Encrypt script.
  * Hiawatha ignores RequireTLS for Let's Encrypt authentication
    requests.
  * Small bugfixes and improvements.
  * Bugfix: possible HTTP request pipelining error after CSRF
    prevented.
- Changes for version 10.2:
  * Added Let's Encrypt script (see extra/letsencrypt).
  * Added support for requesting Let's Encrypt certificates (see
    AccessList and PasswordFile settings in manual page).
  * Small improvements.
  * Bugfix: HideProxy not working for Forwarded header.
- Changes for 10.1:
  * Added Extensions setting.
  * Added support for X-Sendfile header.
  * mbed TLS updated to 2.2.1.
  * Improved SQL injection detection.
  * Small bugfixes and improvements.
- Changes for 10.0:
  * Usage of Directory sections changed.
  * Added support for RFC 5785.
  * Added support for GZip compression. Removed the UseGZfile
    option.
  * Added ECDSA support for TLS 1.0 and TLS 1.1.
  * Replaced UrlToolkit Expire option with ExpirePeriod in
    Directory section.
  * Replaced IgnoreDotHiawatha option with UseLocalConfig.
  * Removed the VolatileObject option.
  * Improved SQL injection detection.
  * mbed TLS updated to 2.2.0.
  * Small improvements.
- Changes for 9.15:
  * Support for WebSockets via reverse proxy.
  * UNIX socket support for connections to WebSockets.
  * Responsive design for directory index and error message.
  * mbed TLS updated to 2.1.2.
  * Fixed mbed TLS linking in CMake configuration.
  * ListenBacklog option added.
  * Small bugfixes.
- Changes for 9.14:
  * mbed TLS updated to 2.0.0.
  * Small bugfixes.
  * Bugfix: crash when sending very large request to FastCGI
    server.

-------------------------------------------------------------------
Sat Jun 20 09:28:30 UTC 2015 - mpluskal@suse.com

- Fix rpmlint warnings
  * add rcsymlink
  * fix log directory permissions

-------------------------------------------------------------------
Mon Jun 15 22:07:08 UTC 2015 - fisiu@opensuse.org

- Update to 9.13:
  * Renamed SSLcertFile to TLScertFile.
  * Renamed RequireSSL to RequireTLS.
  * Renamed SSL_* CGI environment variables to TLS_*.
  * Renamed UrlToolkit option UseSSL to UseTLS.
  * Replaced MinSSLversion by MinTLSversion.
  * LogTimeouts option added.
  * Added 'skip directories' parameter to reverse proxy.
  * Failed logins sent to Hiawatha Monitor.
  * Small bugfix and improvements.

-------------------------------------------------------------------
Thu Feb 26 22:51:06 UTC 2015 - fisiu@opensuse.org

- Update to 9.12:
  * Bugfix: memory leak in SSL library.
  * Small bugfix.

-------------------------------------------------------------------
Tue Feb  3 18:19:55 UTC 2015 - fisiu@opensuse.org

- Update to 9.11:
  * ChallengeClient option added.
  * UrlToolkit options TotalConnections and OmitRequestLog added.
  * Improvements to UrlToolkit and reverse proxy swap.
  * UrlToolkit rules are also applied to PUT and DELETE.
  * Small improvements.

-------------------------------------------------------------------
Sun Jan 11 22:23:28 UTC 2015 - fisiu@opensuse.org

- Update to 9.10:
  * Support for banning bad clients who connect via a proxy.
  * UrlToolkit option Do added. Changed how Call and Skip should be called.
  * General UrlToolkit improvements. See config/toolkit.conf for syntax.
  * Hiawatha now prefers reverse proxies with a scheme matching the one of the
    client connection. See config/toolkit.conf for syntax.
  * Hiawatha will now first process UrlToolkit rules before using ReverseProxy.
  * Small bugfixes and improvements.

-------------------------------------------------------------------
Sat Dec 13 12:10:31 UTC 2014 - fisiu@opensuse.org

- Update to 9.9:
  * HTTPAuthToCGI option added.
  * BanByCGI option added.
  * Improved SSL ciphersuite selections.
  * CAcertificates options added.
  * Dropped support for SSL3.0.
  * Small bugfixes and improvements.

-------------------------------------------------------------------
Sun Nov  2 22:37:08 UTC 2014 - fisiu@opensuse.org

- Update to 9.8:
  * Added support for websockets. WebSocket option added.
  * SSL key and certificate checks added to wigwam.
  * Small bugfixes and improvements.

-------------------------------------------------------------------
Wed Sep 10 16:04:57 UTC 2014 - jengelh@inai.de

- Avoid generating libpolarssl.so.7, which led to "have choice
  for libpolarssl.so.7: libpolarssl7 hiawatha" and make other
  polarssl-using applications not run in practice because the
  library is in a non-standard directory, yet discovered by rpm
  as a provider.

-------------------------------------------------------------------
Sun Sep  7 23:29:36 UTC 2014 - fisiu@opensuse.org

- Update to 9.7:
  * UseToolkit now possible in .hiawatha file at root of website.
  * Method option added to URL Toolkit.
  * SetResourceLimit option added.
  * ThreadKillRate option added.
  * Improved SQL injection detection.
  * Default value for DHsize set to 2048.
  * PolarSSL updated to version 1.3.8.
  * Memory allocation debugger module added.
  * Small bugfixes and improvements.
  * Bugfix: incorrect file hash printing by wigwam with directory as symlink.

-------------------------------------------------------------------
Sun Jun  8 21:10:58 UTC 2014 - fisiu@opensuse.org

- Update to 9.6:
  * Logfile rotation for access logfiles.
  * HTTP Strict Transport Security header made optional for RequireSSL.
  * Support for chunked transfer encoded requests (not for PUT).
  * Support for improved server statistics in Hiawatha Monitor.
  * The Hiawatha Monitor is now supported without the need for XSLT.
  * PolarSSL updated to version 1.3.7.
  * A few bugfixes as reported by Coverity.
  * Bugfix: SQL injection detection was broken since 8.6.
  * Bugfix: XSS detection didn't work for reverse proxy.
  * Small bugfixes.

-------------------------------------------------------------------
Sun May 18 14:34:03 UTC 2014 - fisiu@opensuse.org

- Update to 9.5:
  * Added support for CGI statistics in Hiawatha Monitor.
  * MonitorRequests and MonitorStatsInterval option removed.
  * Added support for Origin HTTP header to prevent CSRF.
  * EnforceFirstHostname option added.
  * ScriptAlias option added.
  * PolarSSL updated to version 1.3.6.
  * Dropped support for PolarSSL 1.2.

-------------------------------------------------------------------
Mon Mar 24 23:25:24 UTC 2014 - fisiu@opensuse.org

- Update to 9.4:
  * Keep-Alive connections for reverse proxy made optional.
  * ErrorXSLTfile option added.
  * IgnoreDotHiawatha option added.
  * RandomHeader option added.
  * Dropped support for RC4.
  * PolarSSL updated to version 1.3.4.
  * Added support for Hyper Text Coffee Pot Control Protocol (RFC2324).
  * Added SSL_CIPHER to CGI environment.
  * Added Public/Private to UrlToolkit expire option.
  * Small improvements.

-------------------------------------------------------------------
Mon Feb 17 16:40:08 UTC 2014 - fisiu@opensuse.org

- Add firewall rules for http and https.

-------------------------------------------------------------------
Thu Dec 12 22:04:38 UTC 2013 - fisiu@opensuse.org

- Update to 9.3.1:
  * Several bugfixes in reverse proxy.

-------------------------------------------------------------------
Thu Nov 21 21:16:09 UTC 2013 - fisiu@opensuse.org

- Update to 9.3:
  * PolarSSL updated to version 1.3.2.
  * Added support for Elliptic Curve Cryptography.
  * TunnelSSH option added.
  * AnonymizeIP option added.
  * Keep-alive connections for reverse proxy.
  * Small improvements.

-------------------------------------------------------------------
Tue Aug 13 22:56:19 UTC 2013 - fisiu@opensuse.org

- Don't use cutom pid file in systemd service.
- Fix logrotate config.
- Spec cleanup.

-------------------------------------------------------------------
Thu Aug  1 19:39:47 UTC 2013 - fisiu@opensuse.org

- Update source URL.

-------------------------------------------------------------------
Mon Jun 24 13:11:42 UTC 2013 - fisiu@opensuse.org

- Drop hiawatha.permissions file and related option. Use 0755 and
  %verify(not mode) for %{_sbindir}cgi-wrapper.

-------------------------------------------------------------------
Sun Jun 23 16:58:59 UTC 2013 - fisiu@opensuse.org

- Update to 9.2:
  * Added support for compiling Hiawatha against the system's
    default version (>=1.2.0) of the PolarSSL library.
  * PolarSSL updated to version 1.2.8.
  * Small bugfixes (memory leaks in error situations).
  * Bugfix: virtual hostname selection for IPv6 with non-standard
    port.

-------------------------------------------------------------------
Sun Jun  2 13:22:55 UTC 2013 - fisiu@opensuse.org

- Update to 9.1:
  * FileHashes option added.
  * PolarSSL updated to version 1.2.7. Enabled ciphersuite
    selection based on protocol version.
  * Enabled accf_http support for FreeBSD. Thanks to Martin
    Tournoij.
  * ImageReferer option removed.
  * Bugfix: incorrect BanOnFlooding behavior.
  * Small improvements.

-------------------------------------------------------------------
Thu Apr  4 17:44:17 UTC 2013 - fisiu@opensuse.org

- Update to 9.0:
  * Clients handled via thread pool instead of creating threads on
    the fly.
  * ThreadPoolSize option added.
  * Header option added to URL Toolkit.
  * Improved client SSL certificate handling. Environment variables
    renamed.
  * PolarSSL updated to version 1.2.6.
  * Improved Reverse Proxy caching support for requests with URL
    parameters.
  * CacheMinFilesize option removed.
  * DenyBot option removed. Use UrlToolkit's Header option instead.
  * OldBrowser option removed from URL Toolkit. Use Header option
    instead.
  * Improved UrlToolkit rule testing in wigwam.
  * Small bugfixes and improvements.

-------------------------------------------------------------------
Wed Mar 20 11:29:41 UTC 2013 - fisiu@opensuse.org

- Run server as wwwrun user.

-------------------------------------------------------------------
Fri Mar  8 15:54:39 UTC 2013 - fisiu@opensuse.org

- update to 8.8.1 (changes since 7.7):
  * Bugfix: Incorrect size of buffer for poll() can lead to a crash when using
    Tomahawk.
  * Caching for Reverse Proxy. CacheRProxyExtensions option added.
  * Basic HTTP authentication now supports the glibc2 version of crypt().
  * Hostname in ImageReferer can now contain a wildcard.
  * DenyBody matching is now case insensitive.
  * PolarSSL updated to version 1.2.5.
  * Support for HTTP Strict Transport Security (RFC 6797). Integrated in
    RequireSSL option.
  * DHsize option added.
  * PolarSSL updated to version 1.2.3.
  * CloudFlare headers placed in environment variables.
  * Removed php-fcgi.
  * Bugfix: slow page loading via Reverse Proxy.
  * PolarSSL updated to version 1.2. Added support for TLS 1.2 and secure
    renegotiation.
  * Added support for Server Name Indication.
  * MinSSLversion option added.
  * ServerRoot option removed.
  * Improved MacOS X package building script.
  * Marked php-fcgi as deprecated. Use php-fpm instead.
  * Improved Reverse Proxy.
  * Changed error message style.
  * Renamed Command Channel to Tomahawk.
  * Return 403 instead of 401 upon correct password for HTTP authentication but
    user not in right group.
  * Bugfix: replaced select() with poll() to prevent crashes in case of large
    amount of simultaneous connections. Thanks to Peter Bex.
  * MaxServerLoad option added.
  * PolarSSL updated to version 1.1.4.
  * Bugfix: invalid reverse proxy request when URL parameters are present.
  * Bugfix: memory leak in SSL library.
  * Improved security for reverse proxy (works with PreventSQLi, etc).
  * ReverseProxy option added.
  * PolarSSL updated to version 1.1.3.
  * WebDAVapp option added. Enables support for WebDAV applications like
    ownCloud (http://owncloud.org/).
  * Removed support for the OPTIONS method.
  * AllowDotFiles option added.
  * Global forks setting in php-fcgi.conf moved to Server setting.
  * BanOnInvalidURL option added.
  * PolarSSL updated to version 1.1.1.
  * Bugfix: paths missing in default values and examples in manual pages.
  * Replaced Autoconf with CMake. Many thanks to Sander Niemeijer.
  * Replaced OpenSSL with PolarSSL. Many thanks to Paul Bakker.
  * AllowedCiphers and DHparameters options removed.
  * Added IE7 to UrlToolkit's OldBrowser list, removed IE5.
  * MaxUrlLength option added, can return 414 Request-URI Too Long.
  * Changed default value of TriggerOnCGIstatus to 'no'.
  * Equalized format of logfiles.
  * Extra checks added to php-fcgi.
  * Improved SQL injection detection.
  * Bugfix: memory leak in PreventSQLi routine.
  * Bugfix: potential server freeze with 100% CPU in CGI output caching.
  * Bugfix: null byte in HTTP header of cached CGI content.
  * Control CGI output cache via X-Hiawatha-Cache and X-Hiawatha-Cache-Remove
    CGI headers. See the CGI OUTPUT CACHE section in the manual page.
  * BanOnWrongPassword now also triggers on wrong username.
  * Bugfix: timeout issue with large POST requests on SSL connections.

-------------------------------------------------------------------
Mon Oct 10 00:00:00 CET 2011 - detlef@links2linux.de

- new upstream version <7.7>

  * First parameter of Alias can now contain subdirectories.
  * Improved stability for connections with SSL client authentication.
  * Bugfix: BanOnFlooding was broken.

-------------------------------------------------------------------
Tue Sep 06 00:00:00 CET 2011 - detlef@links2linux.de

- new upstream version <7.6>

  * PreventSQLi option rewritten.

-------------------------------------------------------------------
Thu Jun 02 00:00:00 CET 2011 - detlef@links2linux.de

- new upstream version <7.5>

  * OldBrowser option added to URL toolkit.
  * Improved mimetype configuration.
  * Do-not-track HTTP header support.
  * Password file entries can now be created with Wigwam.
  * Small bugfixes and improvements.
  * Bugfix: sent one byte too few for Range -XX.
  * Bugfix: possible crash when using PreventSQLi.

-------------------------------------------------------------------
Tue Apr 12 19:00:00 CET 2011 - detlef@links2linux.de

- new upstream version <7.4.1>
  * Bugfix: integer overflow in fetch_request() which could
    lead to a server crash.

-------------------------------------------------------------------
Mon Nov 15 19:00:00 CET 2010 - detlef@links2linux.de

- new upstream version <7.4>
  * Connections per IP added to RequestLimitMask.
  * NoExtensionAs made a per-host setting.
  * Small bugfixes and improvements.
  * Bugfix: usage of HideProxy caused Hiawatha to refuse new connections
    after ConnectionsTotal connections.
  * Bugfix: memory leak in XSLT module.

-------------------------------------------------------------------
Fri Jun 11 19:00:00 CET 2010 - detlef@links2linux.de

- new upstream version <7.3>
  * RequestLimitMask option added.
  * URL parameters for ErrorHandler.
  * Support for Haiku OS.
  * Small security bugfixes.

-------------------------------------------------------------------
Thu Apr 22 04:00:00 CET 2010 - detlef@links2linux.de

- new upstream version <7.2>
  * URL toolkit code restructured.
  * UseSSL option added to URL toolkit.
  * Digest HTTP authentication works with htdigest(1) created password files.
  * Small improvements.

-------------------------------------------------------------------
Mon Mar 29 14:00:00 CET 2010 - detlef@links2linux.de

- new upstream version <7.1>
  * Small bugfixes.
  * Bugfix: deny access and redirect result via toolkit subroutine.
  * Bugfix: broken flooding protection.

-------------------------------------------------------------------
Mon Feb 15 23:25:00 CET 2010 - detlef@links2linux.de

- new upstream version <7.0>
- added logrotate/init file.

-------------------------------------------------------------------
Mon Mar  9 16:50:22 CET 2009 - mrueckert@suse.de

- update to 6.11

-------------------------------------------------------------------
Thu May 29 18:49:29 CEST 2008 - mrueckert@suse.de

- update to 6.7
- added permissions file.

-------------------------------------------------------------------
Tue Nov 13 06:03:10 CET 2007 - mrueckert@suse.de

- update to version 6.1
  * Format of ConnectTo changed. Old format will be valid for a few
    more releases.
  * Changed some CGI environment variables after URL rewriting.
  * Some URL rewrite checks included in Wigwam.
  * TriggerOnCGIstatus option added.
  * RequireResolveIP option removed.
  * Bugfix: POST data larger then 64kB via FastCGI.

-------------------------------------------------------------------
Sat Oct 27 15:58:22 CEST 2007 - mrueckert@suse.de

- update to version 6.0

-------------------------------------------------------------------
Fri Sep 28 05:39:52 CEST 2007 - mrueckert@suse.de

- update to version 5.13

-------------------------------------------------------------------
Mon Sep  3 06:35:45 CEST 2007 - mrueckert@suse.de

- update to version 5.12

-------------------------------------------------------------------
Wed Aug  8 05:38:49 CEST 2007 - mrueckert@suse.de

- update to version 5.11

-------------------------------------------------------------------
Fri Jul 27 07:50:21 CEST 2007 - mrueckert@suse.de

- update to version 5.10

-------------------------------------------------------------------
Sat May 12 22:13:14 CEST 2007 - mrueckert@suse.de

- update to version 5.8