Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE
hiawatha
hiawatha.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File hiawatha.changes of Package hiawatha
------------------------------------------------------------------- Fri Feb 11 08:22:15 UTC 2022 - Johannes Segitz <jsegitz@suse.com> - Allow read only access with ProtectHome=read-only to enable UserWebsites=yes Modified harden_hiawatha.service.patch and hiawatha.service ------------------------------------------------------------------- Wed Sep 22 08:03:45 UTC 2021 - Johannes Segitz <jsegitz@suse.com> - Added hardening to systemd service(s) (bsc#1181400). Added patch(es): * harden_hiawatha.service.patch Modified: * hiawatha.service ------------------------------------------------------------------- Wed Aug 19 09:26:18 UTC 2020 - Callum Farmer <callumjfarmer13@gmail.com> - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) ------------------------------------------------------------------- Thu Jul 16 20:10:30 UTC 2020 - Mariusz Fik <fisiu@opensuse.org> - Update to version 10.11: * Default value of MinTLSversion set to 1.2. * Small bugfixes. - Changes from 10.10: * Removed several build options. Functionalities are now always enabled. * Updated Let's Encrypt script due to changes in the API. * Bugfix: AlterMode not working correctly. ------------------------------------------------------------------- Wed Jul 24 09:26:57 UTC 2019 - matthias.gerstner@suse.com - removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by firewalld, see [1]. [1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html ------------------------------------------------------------------- Mon Mar 4 20:13:01 UTC 2019 - Mariusz Fik <fisiu@opensuse.org> - Update to version 10.9: * Let's Encrypt script installed via CMake. * Bugfix: Directory traversal when AllowDotFiles is enabled. * Small improvements. ------------------------------------------------------------------- Wed Sep 26 18:37:47 UTC 2018 - fisiu@opensuse.org - Update to version 10.8.3: * Several fixes in build system * Added build system for nghttp2 * New style for directory index * uri_depth added to XML for directory index ------------------------------------------------------------------- Tue May 8 20:49:52 UTC 2018 - fisiu@opensuse.org - Update to version 10.8.1.: * Removed support for secp192r1 and secp192k1 curves, to make it PCI DSS compliant out of the box. * Small improvements to Let's Encrypt ACMEv2 script. ------------------------------------------------------------------- Mon Mar 26 21:47:26 UTC 2018 - fisiu@opensuse.org - Ship Let's Encrypt script within subpackage. ------------------------------------------------------------------- Mon Mar 26 20:46:56 UTC 2018 - fisiu@opensuse.org - Add firewalld config files for Leap/SLE >= 15 and TW. ------------------------------------------------------------------- Mon Mar 26 19:59:45 UTC 2018 - fisiu@opensuse.org - Update to version 10.8: * New Let's Encrypt script that supports ACME v2. * Added Syslog option. * Added GZipExtensions option. * AllowDotFiles now used to show hidden files in directory listings. * Removed support for static RSA ciphers. * Hiawatha log format changed. * Small improvements. * Bugfix: certain characters in filenames disrupted directory index output. * Bugfix: requesting non-regular files now results in a 403 instead of blocking that thread. ------------------------------------------------------------------- Sat Feb 17 20:21:12 UTC 2018 - fisiu@opensuse.org - Fix build with mbedtls 2.7.0. ------------------------------------------------------------------- Tue Oct 24 19:48:10 UTC 2017 - fisiu@opensuse.org - Update to version 10.7: * Connect to a Unix socket via a reverse proxy. * Added BlockExtensions setting. * Small improvements. * Bugfix: error in handling renewal scripts in Let's Encrypt script. ------------------------------------------------------------------- Sat Jun 17 08:33:13 UTC 2017 - fisiu@opensuse.org - Update to version 10.6: * Added PublicKeyPins option. * Added renewal-scripts to Let's Encrypt script. * Small changes to CMake build system. * Added CustomHeaderBackend option. * Renamed CustomHeader option to CustomHeaderClient. Old name still works. * Hiawatha ignores FileHashes and ReverseProxy for Let's Encrypt authentication requests. * Small improvements and bugfixes. ------------------------------------------------------------------- Tue Nov 15 16:08:30 UTC 2016 - mpluskal@suse.com - Update to version 10.4: * SkipCacheCookie option added. * Added Systemd init script to Debian package. * Small improvements and bugfixes. - Small packaging changes and requirements update ------------------------------------------------------------------- Sun Oct 2 19:30:49 UTC 2016 - fisiu@opensuse.org - Build fails with mbedtls < 2. ------------------------------------------------------------------- Sat Aug 27 11:43:20 UTC 2016 - mpluskal@suse.com - Update to version 10.3: * PreventCSRF, PreventSQLi and PreventXSS improved. * Prevention of MySQL data mining via SQL injection. * Added revoke option to Let's Encrypt script. * Hiawatha ignores RequireTLS for Let's Encrypt authentication requests. * Small bugfixes and improvements. * Bugfix: possible HTTP request pipelining error after CSRF prevented. - Changes for version 10.2: * Added Let's Encrypt script (see extra/letsencrypt). * Added support for requesting Let's Encrypt certificates (see AccessList and PasswordFile settings in manual page). * Small improvements. * Bugfix: HideProxy not working for Forwarded header. - Changes for 10.1: * Added Extensions setting. * Added support for X-Sendfile header. * mbed TLS updated to 2.2.1. * Improved SQL injection detection. * Small bugfixes and improvements. - Changes for 10.0: * Usage of Directory sections changed. * Added support for RFC 5785. * Added support for GZip compression. Removed the UseGZfile option. * Added ECDSA support for TLS 1.0 and TLS 1.1. * Replaced UrlToolkit Expire option with ExpirePeriod in Directory section. * Replaced IgnoreDotHiawatha option with UseLocalConfig. * Removed the VolatileObject option. * Improved SQL injection detection. * mbed TLS updated to 2.2.0. * Small improvements. - Changes for 9.15: * Support for WebSockets via reverse proxy. * UNIX socket support for connections to WebSockets. * Responsive design for directory index and error message. * mbed TLS updated to 2.1.2. * Fixed mbed TLS linking in CMake configuration. * ListenBacklog option added. * Small bugfixes. - Changes for 9.14: * mbed TLS updated to 2.0.0. * Small bugfixes. * Bugfix: crash when sending very large request to FastCGI server. ------------------------------------------------------------------- Sat Jun 20 09:28:30 UTC 2015 - mpluskal@suse.com - Fix rpmlint warnings * add rcsymlink * fix log directory permissions ------------------------------------------------------------------- Mon Jun 15 22:07:08 UTC 2015 - fisiu@opensuse.org - Update to 9.13: * Renamed SSLcertFile to TLScertFile. * Renamed RequireSSL to RequireTLS. * Renamed SSL_* CGI environment variables to TLS_*. * Renamed UrlToolkit option UseSSL to UseTLS. * Replaced MinSSLversion by MinTLSversion. * LogTimeouts option added. * Added 'skip directories' parameter to reverse proxy. * Failed logins sent to Hiawatha Monitor. * Small bugfix and improvements. ------------------------------------------------------------------- Thu Feb 26 22:51:06 UTC 2015 - fisiu@opensuse.org - Update to 9.12: * Bugfix: memory leak in SSL library. * Small bugfix. ------------------------------------------------------------------- Tue Feb 3 18:19:55 UTC 2015 - fisiu@opensuse.org - Update to 9.11: * ChallengeClient option added. * UrlToolkit options TotalConnections and OmitRequestLog added. * Improvements to UrlToolkit and reverse proxy swap. * UrlToolkit rules are also applied to PUT and DELETE. * Small improvements. ------------------------------------------------------------------- Sun Jan 11 22:23:28 UTC 2015 - fisiu@opensuse.org - Update to 9.10: * Support for banning bad clients who connect via a proxy. * UrlToolkit option Do added. Changed how Call and Skip should be called. * General UrlToolkit improvements. See config/toolkit.conf for syntax. * Hiawatha now prefers reverse proxies with a scheme matching the one of the client connection. See config/toolkit.conf for syntax. * Hiawatha will now first process UrlToolkit rules before using ReverseProxy. * Small bugfixes and improvements. ------------------------------------------------------------------- Sat Dec 13 12:10:31 UTC 2014 - fisiu@opensuse.org - Update to 9.9: * HTTPAuthToCGI option added. * BanByCGI option added. * Improved SSL ciphersuite selections. * CAcertificates options added. * Dropped support for SSL3.0. * Small bugfixes and improvements. ------------------------------------------------------------------- Sun Nov 2 22:37:08 UTC 2014 - fisiu@opensuse.org - Update to 9.8: * Added support for websockets. WebSocket option added. * SSL key and certificate checks added to wigwam. * Small bugfixes and improvements. ------------------------------------------------------------------- Wed Sep 10 16:04:57 UTC 2014 - jengelh@inai.de - Avoid generating libpolarssl.so.7, which led to "have choice for libpolarssl.so.7: libpolarssl7 hiawatha" and make other polarssl-using applications not run in practice because the library is in a non-standard directory, yet discovered by rpm as a provider. ------------------------------------------------------------------- Sun Sep 7 23:29:36 UTC 2014 - fisiu@opensuse.org - Update to 9.7: * UseToolkit now possible in .hiawatha file at root of website. * Method option added to URL Toolkit. * SetResourceLimit option added. * ThreadKillRate option added. * Improved SQL injection detection. * Default value for DHsize set to 2048. * PolarSSL updated to version 1.3.8. * Memory allocation debugger module added. * Small bugfixes and improvements. * Bugfix: incorrect file hash printing by wigwam with directory as symlink. ------------------------------------------------------------------- Sun Jun 8 21:10:58 UTC 2014 - fisiu@opensuse.org - Update to 9.6: * Logfile rotation for access logfiles. * HTTP Strict Transport Security header made optional for RequireSSL. * Support for chunked transfer encoded requests (not for PUT). * Support for improved server statistics in Hiawatha Monitor. * The Hiawatha Monitor is now supported without the need for XSLT. * PolarSSL updated to version 1.3.7. * A few bugfixes as reported by Coverity. * Bugfix: SQL injection detection was broken since 8.6. * Bugfix: XSS detection didn't work for reverse proxy. * Small bugfixes. ------------------------------------------------------------------- Sun May 18 14:34:03 UTC 2014 - fisiu@opensuse.org - Update to 9.5: * Added support for CGI statistics in Hiawatha Monitor. * MonitorRequests and MonitorStatsInterval option removed. * Added support for Origin HTTP header to prevent CSRF. * EnforceFirstHostname option added. * ScriptAlias option added. * PolarSSL updated to version 1.3.6. * Dropped support for PolarSSL 1.2. ------------------------------------------------------------------- Mon Mar 24 23:25:24 UTC 2014 - fisiu@opensuse.org - Update to 9.4: * Keep-Alive connections for reverse proxy made optional. * ErrorXSLTfile option added. * IgnoreDotHiawatha option added. * RandomHeader option added. * Dropped support for RC4. * PolarSSL updated to version 1.3.4. * Added support for Hyper Text Coffee Pot Control Protocol (RFC2324). * Added SSL_CIPHER to CGI environment. * Added Public/Private to UrlToolkit expire option. * Small improvements. ------------------------------------------------------------------- Mon Feb 17 16:40:08 UTC 2014 - fisiu@opensuse.org - Add firewall rules for http and https. ------------------------------------------------------------------- Thu Dec 12 22:04:38 UTC 2013 - fisiu@opensuse.org - Update to 9.3.1: * Several bugfixes in reverse proxy. ------------------------------------------------------------------- Thu Nov 21 21:16:09 UTC 2013 - fisiu@opensuse.org - Update to 9.3: * PolarSSL updated to version 1.3.2. * Added support for Elliptic Curve Cryptography. * TunnelSSH option added. * AnonymizeIP option added. * Keep-alive connections for reverse proxy. * Small improvements. ------------------------------------------------------------------- Tue Aug 13 22:56:19 UTC 2013 - fisiu@opensuse.org - Don't use cutom pid file in systemd service. - Fix logrotate config. - Spec cleanup. ------------------------------------------------------------------- Thu Aug 1 19:39:47 UTC 2013 - fisiu@opensuse.org - Update source URL. ------------------------------------------------------------------- Mon Jun 24 13:11:42 UTC 2013 - fisiu@opensuse.org - Drop hiawatha.permissions file and related option. Use 0755 and %verify(not mode) for %{_sbindir}cgi-wrapper. ------------------------------------------------------------------- Sun Jun 23 16:58:59 UTC 2013 - fisiu@opensuse.org - Update to 9.2: * Added support for compiling Hiawatha against the system's default version (>=1.2.0) of the PolarSSL library. * PolarSSL updated to version 1.2.8. * Small bugfixes (memory leaks in error situations). * Bugfix: virtual hostname selection for IPv6 with non-standard port. ------------------------------------------------------------------- Sun Jun 2 13:22:55 UTC 2013 - fisiu@opensuse.org - Update to 9.1: * FileHashes option added. * PolarSSL updated to version 1.2.7. Enabled ciphersuite selection based on protocol version. * Enabled accf_http support for FreeBSD. Thanks to Martin Tournoij. * ImageReferer option removed. * Bugfix: incorrect BanOnFlooding behavior. * Small improvements. ------------------------------------------------------------------- Thu Apr 4 17:44:17 UTC 2013 - fisiu@opensuse.org - Update to 9.0: * Clients handled via thread pool instead of creating threads on the fly. * ThreadPoolSize option added. * Header option added to URL Toolkit. * Improved client SSL certificate handling. Environment variables renamed. * PolarSSL updated to version 1.2.6. * Improved Reverse Proxy caching support for requests with URL parameters. * CacheMinFilesize option removed. * DenyBot option removed. Use UrlToolkit's Header option instead. * OldBrowser option removed from URL Toolkit. Use Header option instead. * Improved UrlToolkit rule testing in wigwam. * Small bugfixes and improvements. ------------------------------------------------------------------- Wed Mar 20 11:29:41 UTC 2013 - fisiu@opensuse.org - Run server as wwwrun user. ------------------------------------------------------------------- Fri Mar 8 15:54:39 UTC 2013 - fisiu@opensuse.org - update to 8.8.1 (changes since 7.7): * Bugfix: Incorrect size of buffer for poll() can lead to a crash when using Tomahawk. * Caching for Reverse Proxy. CacheRProxyExtensions option added. * Basic HTTP authentication now supports the glibc2 version of crypt(). * Hostname in ImageReferer can now contain a wildcard. * DenyBody matching is now case insensitive. * PolarSSL updated to version 1.2.5. * Support for HTTP Strict Transport Security (RFC 6797). Integrated in RequireSSL option. * DHsize option added. * PolarSSL updated to version 1.2.3. * CloudFlare headers placed in environment variables. * Removed php-fcgi. * Bugfix: slow page loading via Reverse Proxy. * PolarSSL updated to version 1.2. Added support for TLS 1.2 and secure renegotiation. * Added support for Server Name Indication. * MinSSLversion option added. * ServerRoot option removed. * Improved MacOS X package building script. * Marked php-fcgi as deprecated. Use php-fpm instead. * Improved Reverse Proxy. * Changed error message style. * Renamed Command Channel to Tomahawk. * Return 403 instead of 401 upon correct password for HTTP authentication but user not in right group. * Bugfix: replaced select() with poll() to prevent crashes in case of large amount of simultaneous connections. Thanks to Peter Bex. * MaxServerLoad option added. * PolarSSL updated to version 1.1.4. * Bugfix: invalid reverse proxy request when URL parameters are present. * Bugfix: memory leak in SSL library. * Improved security for reverse proxy (works with PreventSQLi, etc). * ReverseProxy option added. * PolarSSL updated to version 1.1.3. * WebDAVapp option added. Enables support for WebDAV applications like ownCloud (http://owncloud.org/). * Removed support for the OPTIONS method. * AllowDotFiles option added. * Global forks setting in php-fcgi.conf moved to Server setting. * BanOnInvalidURL option added. * PolarSSL updated to version 1.1.1. * Bugfix: paths missing in default values and examples in manual pages. * Replaced Autoconf with CMake. Many thanks to Sander Niemeijer. * Replaced OpenSSL with PolarSSL. Many thanks to Paul Bakker. * AllowedCiphers and DHparameters options removed. * Added IE7 to UrlToolkit's OldBrowser list, removed IE5. * MaxUrlLength option added, can return 414 Request-URI Too Long. * Changed default value of TriggerOnCGIstatus to 'no'. * Equalized format of logfiles. * Extra checks added to php-fcgi. * Improved SQL injection detection. * Bugfix: memory leak in PreventSQLi routine. * Bugfix: potential server freeze with 100% CPU in CGI output caching. * Bugfix: null byte in HTTP header of cached CGI content. * Control CGI output cache via X-Hiawatha-Cache and X-Hiawatha-Cache-Remove CGI headers. See the CGI OUTPUT CACHE section in the manual page. * BanOnWrongPassword now also triggers on wrong username. * Bugfix: timeout issue with large POST requests on SSL connections. ------------------------------------------------------------------- Mon Oct 10 00:00:00 CET 2011 - detlef@links2linux.de - new upstream version <7.7> * First parameter of Alias can now contain subdirectories. * Improved stability for connections with SSL client authentication. * Bugfix: BanOnFlooding was broken. ------------------------------------------------------------------- Tue Sep 06 00:00:00 CET 2011 - detlef@links2linux.de - new upstream version <7.6> * PreventSQLi option rewritten. ------------------------------------------------------------------- Thu Jun 02 00:00:00 CET 2011 - detlef@links2linux.de - new upstream version <7.5> * OldBrowser option added to URL toolkit. * Improved mimetype configuration. * Do-not-track HTTP header support. * Password file entries can now be created with Wigwam. * Small bugfixes and improvements. * Bugfix: sent one byte too few for Range -XX. * Bugfix: possible crash when using PreventSQLi. ------------------------------------------------------------------- Tue Apr 12 19:00:00 CET 2011 - detlef@links2linux.de - new upstream version <7.4.1> * Bugfix: integer overflow in fetch_request() which could lead to a server crash. ------------------------------------------------------------------- Mon Nov 15 19:00:00 CET 2010 - detlef@links2linux.de - new upstream version <7.4> * Connections per IP added to RequestLimitMask. * NoExtensionAs made a per-host setting. * Small bugfixes and improvements. * Bugfix: usage of HideProxy caused Hiawatha to refuse new connections after ConnectionsTotal connections. * Bugfix: memory leak in XSLT module. ------------------------------------------------------------------- Fri Jun 11 19:00:00 CET 2010 - detlef@links2linux.de - new upstream version <7.3> * RequestLimitMask option added. * URL parameters for ErrorHandler. * Support for Haiku OS. * Small security bugfixes. ------------------------------------------------------------------- Thu Apr 22 04:00:00 CET 2010 - detlef@links2linux.de - new upstream version <7.2> * URL toolkit code restructured. * UseSSL option added to URL toolkit. * Digest HTTP authentication works with htdigest(1) created password files. * Small improvements. ------------------------------------------------------------------- Mon Mar 29 14:00:00 CET 2010 - detlef@links2linux.de - new upstream version <7.1> * Small bugfixes. * Bugfix: deny access and redirect result via toolkit subroutine. * Bugfix: broken flooding protection. ------------------------------------------------------------------- Mon Feb 15 23:25:00 CET 2010 - detlef@links2linux.de - new upstream version <7.0> - added logrotate/init file. ------------------------------------------------------------------- Mon Mar 9 16:50:22 CET 2009 - mrueckert@suse.de - update to 6.11 ------------------------------------------------------------------- Thu May 29 18:49:29 CEST 2008 - mrueckert@suse.de - update to 6.7 - added permissions file. ------------------------------------------------------------------- Tue Nov 13 06:03:10 CET 2007 - mrueckert@suse.de - update to version 6.1 * Format of ConnectTo changed. Old format will be valid for a few more releases. * Changed some CGI environment variables after URL rewriting. * Some URL rewrite checks included in Wigwam. * TriggerOnCGIstatus option added. * RequireResolveIP option removed. * Bugfix: POST data larger then 64kB via FastCGI. ------------------------------------------------------------------- Sat Oct 27 15:58:22 CEST 2007 - mrueckert@suse.de - update to version 6.0 ------------------------------------------------------------------- Fri Sep 28 05:39:52 CEST 2007 - mrueckert@suse.de - update to version 5.13 ------------------------------------------------------------------- Mon Sep 3 06:35:45 CEST 2007 - mrueckert@suse.de - update to version 5.12 ------------------------------------------------------------------- Wed Aug 8 05:38:49 CEST 2007 - mrueckert@suse.de - update to version 5.11 ------------------------------------------------------------------- Fri Jul 27 07:50:21 CEST 2007 - mrueckert@suse.de - update to version 5.10 ------------------------------------------------------------------- Sat May 12 22:13:14 CEST 2007 - mrueckert@suse.de - update to version 5.8
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor