"SfR Fresh" - the SfR Freeware/Shareware Archive 
Member "cgiwrap-4.1/doc/changes" of archive cgiwrap-4.1.tar.gz:
As a special service "SfR Fresh" has tried to format the requested source page into HTML format using source code syntax highlighting with prefixed line numbers.
Alternatively you can here view or download the uninterpreted source code file.
That can be also achieved for any archive member file by clicking within an archive contents listing on the first character of the file(path) respectively on the according byte size field.
1 CGIWrap - Change Log
2
3 These are some of the changes that have occured in CGIWrap from version
4 to version.
5 __________________________________________________________________
6
7 New in version 4.1:
8
9 * Added support for specifying a character set to use for cgiwrap
10 output to address a vulnerability in how IE handles documents
11 without a charset specified. The vulnerability allowed cross site
12 scripting when cgiwrap URLs were accessed from a JA version of IE.
13 To specify the charset to use, provide the "--with-charset=X"
14 option to configure when building cgiwrap. It will default to
15 iso-8859-1 if not specifically set.
16 __________________________________________________________________
17
18 New in version 4.0:
19
20 * Bumped version number to 4.0 to deal with screwed up release
21 numbering of earlier versions.
22 * Added --with-soft-rlimits-only option based on patch from
23 jplinderman@sf.net
24 * Added --with-block-svn-paths and --with-block-cvs-paths options to
25 prevent execution of files in those dirs.
26 * Added --with-eruby-interpreter option from BlackSun, Inc.
27 * Added support for setting SIGXCPU even when sigset unavailable -
28 from BlackSun, Inc.
29 * Fixed some warnings.
30 * Added support for overriding DESTDIR to install in separate dir
31 (for packaging), from debian/d3xter
32
33 New in version 3.10:
34
35 * Applied several patches from Javier Fernandez-Sanguino Pen~a for
36 information release security. Removes additional output when quiet
37 errors is enabled.
38 * Fixed setting of LD_LIBRARY_PATH when configured to do so.
39 * Fixed setting of ARGV for both regular and interpreted scripts when
40 script is in a subdir. Clean up code related to this based on a
41 patch from Jack .
42 * Updated autoconf helpers to much newer release
43
44 New in version 3.9:
45
46 * Fixed a minor typo preventing allow files from working
47 * Added support for +@netgroup syntax optionally in allow/deny files.
48 * Fixed problem with php-nonexec-only not working properly since exec
49 check done too late.
50 * Applied Piotr's patch few support of newer PHP versions.
51 * Added support for ASP interpreter execution, similar to PHP
52 support.
53 * Fix content of PATH_INFO when it should be / or undefined. Based on
54 patch from Cliff Woolley.
55
56 New in version 3.8:
57
58 * Merged in special handling for PHP scripts by popular demand. This
59 is based mostly on Piotr Klaban's php-cgiwrap patch, with minor
60 changes.
61 * Added options for php support. --with-php-interpreter and
62 --with-php-cgiwrap
63 * Rewrote the path translated support. Is it finally correct?
64 * Patch from san@cobalt.rmnet.it to use REDIRECT_URL if available for
65 SCRIPT_NAME.
66 * Added support for access control files specific to each HTTP_HOST,
67 useful for ISP's using Apache handlers to run cgi's that want to
68 restrict which userids can run cgi's on certain vhosts. If enabled,
69 the vhost access control files must exist.
70 * Added option to require that REDIRECT_URL be specified in
71 environment. Can be used to require that cgiwrap be invoked via a
72 handler/action or some other internal apache redirection/rewrite.
73 Primarily of use when invoking cgi's for virtual hosts via
74 Action/SetHandler.
75 * Modified san's REDIRECT_URL support to be --with-use-redirect-url
76 instead of --with-check-redirect-url, since it's more a functional
77 change, not a security check.
78 * Added a --with-quiet-errors option to allow significantly
79 restricting the amount of internal information that an error
80 message displays.
81 * Added ability to override the vhost that cgiwrap users via an
82 optional CGIWRAP_AUTH_VHOST env var, which if present and feature
83 enabled, will be used instead of HTTP_HOST. This is useful for when
84 you have wildcard servernames in apache. Enable the
85 --with-vhost-override option if you want this capabillity. Only
86 applicable if vhost allow/deny dir is enabled.
87 * Added ability to only allow scripts run by a specific userid if the
88 CGIWRAP_REQUIRE_USER env var is specified and the
89 --with-env-require-user feature is enabled.
90 * Changed to autoconf 2.5 style templates and eliminated acconfig.h.
91 * Added option to enable the special PHP support only for
92 non-executable files.
93 * Added modified patch by Gabriel Ambuehl to use SCRIPT_URL for
94 SCRIPT_NAME generation.
95
96 New in version 3.7.1:
97
98 * Added --with-minimum-gid option to check minimum user GID and
99 auxilliary groups. This is in response to complaints on BugTraq
100 about suexec not checking auxgroups.
101
102 New in version 3.7:
103
104 * Encode user supplied output in error messages to fix cross-site
105 scripting vulnerability reported by Hiromitsu Takagi.
106 * Minor warning cleanup
107 * Slight improvement to a couple diagnostic messages.
108
109 New in version 3.6.5:
110
111 * Fixed small problem with glibc2.1 and errno.h vs. sys/errno.h
112 * Added simple chroot support for expert installations.
113 * Applied fix for path translated, removed option for not enabling
114 correct path_translated value.
115 * Added multiuser cgi script directory support.
116 * Added patch from Scott Sutherland for fixing parsing of auth files.
117 * Added patch from Christian Kruse for better symlink handling.
118
119 New in version 3.6.4:
120
121 * Changed license to GPL finally.
122 * Fixed netmask comparison
123 * Added anonymous CVS server info
124 * Updates from David Hollenberg for misc. error checking/handling and
125 overflow protection.
126 * Added check for making sure cgiwrap is setuid and printing out a
127 usable error message if not.
128 * Now prints out path to access control files if one or both are
129 missing.
130 * Slight changes to aux groups code just in case setgroups() doesn't
131 support a empty list.
132 * Added some extra info to server userid error message.
133 * Added some info to the FAQ.
134
135 New in version 3.6.3:
136
137 * Added support for checking if user has a valid shell, similar to
138 what ftpd does. The BSD licensed getusershell.o has been included
139 for support where needed.
140 * Bug fix for SEGV condition when certain syntax is used for the
141 request. It did not appear exploitable, but would cause cgiwrap to
142 core as root. Thanks to Michael Bryan (michael@blueneptune.com) for
143 the fix.
144
145 New in version 3.6.2:
146
147 * Fixed the !logfd check. Thanks to Alexander Wolgast for pointing
148 this out.
149 * Added support for reporting rusage/return code after executing
150 script.
151 * Changed logging to use close-on-exec flag of file descriptor, so it
152 can be left open for reporting rusage if enabled.
153 * Added support for reporting approximate elapsed execution time of a
154 cgi script.
155
156 New in version 3.6.1:
157
158 * Fixed the UserInFile routine. It broke cause I forgot to remove
159 newlines.
160
161 New in version 3.6:
162
163 * Removed check for ./ in the path of the script. The check for ../
164 is still there. There doesn't seem to be any need for this check as
165 it appears to be harmless. It is being removed to allow for users
166 with "./" in their home dir (for chrooting with wuftpd) to be able
167 to use cgiwrap.
168 * Added code to optionally prevent script execution if the script is
169 group or world writable. I cannot make the check for world writable
170 forced on, since on my site using AFS, the permission bits aren't
171 used, and some scripts might be marked as world writable. Can't
172 break user scripts without a major hassle.
173 * Added code to optionally check if script file is a symbolic link.
174 Of course, the script dir itself could still be a symbolic link.
175 * Changed to GNU autoconf for configuration
176 * Makefile now supports 'install' target with --install-path is
177 specified with configure.
178 * Support added for setting PATH and TZ environment variables before
179 executing script
180 * Support added for setting a bunch of different RLIMIT_ parameters
181 before executing script, as well as allowing the administrator to
182 set the limits with the --with-rlimit-*=value option to configure.
183 * Error messages are now more verbose and output in HTML if possible.
184 * Support for calling script using system() has been removed as it is
185 not really needed for anything, and just slows things down.
186 * Fixed malloc() error check in GetUserDir routines
187 * Fixed race condition with permissions and opening of log file
188 * initgroups() and setgroups() support now enabled by default
189 * Eliminated buffer overrun in error message about chmod'ing script.
190 Thanks to Duncan Simpson (dps@io.stargate.co.uk)
191 * Added --with-minimum-uid option
192 * Fixed the subdirectory restrict option. (Thanks to Jeffery Chow )
193 for pointing this out and for testing the fix.
194 * Added CondenseSlashes routine to eliminate doubled and trailing
195 slashes
196 * Added SafeMalloc routine to eliminate the need to check malloc
197 result throughout the code.
198 * Changed tardist target to touch all files and directories so that a
199 consistent time stamp is reached. This should eliminate spurious
200 calls to autoheader when building cgiwrap.
201 * Added in code to configure.in for the various information options
202 such as local-site-url, local-contact-phone, etc.
203 * Added fcntl.h include, needed by open(). Problem reported by Seth
204 Chaiklin . Also fixed quoting in the configure.in related to log
205 file.
206 * Finished splitting up logging functions and changes to use the
207 Context structure.
208 * Minor changes to the makefile, including telling it to use the
209 CFLAGS, and improving the tardist target.
210 * Moved extra flag stuff for AFS into it's own section and only run
211 it if needed for AFS support.
212 * Not sure why, but 3.6 works with AIX 4, 3.5 did not.
213 * Cleaned up Makefile, finished support for building in a separate
214 directory from the source, added a 'dep' target using depend.awk
215 from mutt distribution.
216 * Fixed problem with CHECKHOST/CHECKHOSTS typos.
217 * Added support for using "*" with checkhost support to restrict ALL
218 userids from being accessed from that host. (*@x.x.x.x/y.y.y.y)
219 * Made 'no way to change uids' a compile time error with #error
220 * Fixed bug with ALLOWFILE define in util.c.
221
222 New in version 3.5:
223
224 * Fixed strerror checking in Configure script and util.c for systems
225 without strerror, can now use strerror, sys_errlist, perror, or
226 just errno.
227 * Major documentation overhaul, create all HTML based docs
228 * Added option (defaulting to yes) to correctly set the
229 PATH_TRANSLATED environment variable.
230 * Fixed bug with the configure script and the use_system option. It
231 would cause a preprocessor error if the system call was not found.
232 * Cleaned up various things with the Configure script
233 * Changed file prompting to allow using ~ paths.
234
235 New in version 3.4:
236
237 * Fixed typo "&" instead of "&&" in setgroups stuff
238 * Added cgiwrap.aliases option to rewrite home dirs of users.
239 * Moved entire cgiwrap source build tree to CVS, will make tracking
240 changes easier.
241 * CGIwrap now changes directories to the directory the script is
242 located in before executing the script. Before, it always just
243 changed to the main CGI directory. This behavior is only different
244 if you were using scripts in subdirectories.
245 * Changed style of cgiwrap.allow, cgiwrap.deny files to be the same
246 as cron's allow/deny files.
247
248 New in version 3.3:
249
250 * Added support for attaching a label to syslog log messages.
251 * Added code to rewrite the PATH_TRANSLATED environment variable.
252
253 New in version 3.24:
254
255 * Added support for logging to syslog.
256
257 New in version 3.23:
258
259 * Setgroups was being used no matter what you said in configure -
260 fixed
261 * Problem with undefined variables in Log call for subdirectories -
262 fixed
263 * Removed declaration of sys_errlist, and errno in util.c, since I
264 don't think they were necessary. And they were causing problems on
265 some architectures.
266 * Added in user contributed host address checking code
267 * Upgraded to using dist-3.0 PL60 for building the Configure script.
268 * Separated initgroups() and setgroups() checks into two separate
269 defines, and improved documentation in configure script for these
270 options.
271
272 New in version 3.22:
273
274 * argv[0] is now automatically changed to the name of the script that
275 is being executed
276
277 New in version 3.21:
278
279 * Rlimit defines weren't set properly when rlimit not available -
280 fixed
281 * The optimizer/debugger flag wasn't being used in the makefile --
282 fixed
283 * Defaults for checks (y/n) were not being set - fixed
284
285 New in version 3.2:
286
287 * MAJOR code cleanup and simplification. The code should be ALOT
288 easier to read and understand.
289 * Fixed the problem in the Makefile on certain architectures with the
290 $(var) not being escaped properly. This should solve problems with
291 Linux machines and BSD machines that I know of.
292 * Changes way PATH_INFO is modified, CGIwrap will now correct
293 SCRIPT_NAME for ?user=USER&script=SCRIPT type requests as well as
294 /user/script type requests.
295 * Subdirectories are now supported for both types of requests
296 * Debugging output has been condensed and is a little easier to read.
297 * Documentation has been reworked, it should be a little easier to
298 use.
299 * Fixed prototypes for all the functions in the cgiwrap source.
300 * Removed a few unnecessary routines
301 * Changed "mystrcpy" to be "strdup", and is compiled only if the
302 current architecture does not have strdup available in it's
303 standard library.
304
305 New in version 3.11:
306
307 * Fixed incorrectly indented # directives that were causing problems
308 with some machines.
309
310 New in version 3.1:
311
312 * Added CONF_ALLOWFILE and CONF_DENYFILE options.
313 * Added logging of REMOTE_USER and a status message to the log file
314 * Added an unsupported directory for user contributed scripts and
315 add-ons
316 * Restructured logic for which 'set' method gets used.
317 * Removed option to not check if gid changed, it was an oversight
318 that this was left in. There isn't any case I know of that you
319 wouldn't want to check this.
320 * Moved id setting routines into util.c
321 * Added new source file for allow/deny code.
322 * Removed some error output that didn't make sense (system error
323 messages that were getting returned when I issued a regular cgiwrap
324 error)
325 * Added a 'remake' target to the makefile which does a clean, then a
326 Configure -S, then a make all to rebuild he entire binary. This is
327 useful if you have multiple config.sh files (eg. you're building
328 for several setups from the same dir)
329
330 New in version 3.0:
331
332 * Set up Configure scripts for CGIwrap
333 * Renamed many of the config options to make more consistent
334 * Rearranged directory structure of CGIwrap distribution
335 * Removed "CONF_SANITIZE" option, it is always on now.
336 * Removed "CONF_CHECK_UID" option, it is always on now.
337 * Removed "CONF_FORCE_DEBUG" option, and "CONF_DEBUG_BY_NAME" option,
338 cgiwrap automatically does debugging output by name now.
339 * Added info about setting up an access-controlled cgiwrap which
340 allows users to control access to their scripts.
341 * Renamed DEBUG to CONF_DEBUG to solve a compile problem with some
342 systems wanting to add -DDEBUG to CFLAGS.
343
344 New in version 2.7:
345
346 * Added HTTPD_USER and CHECK_HTTPD_USER to verify that cgiwrap is
347 being called by the server. This is for (access to scripts)
348 security, it doesn't affect system security any.
349 * Added AFS PAG support
350
351 New in version 2.6:
352
353 * Moved rlimit call into new subroutine SetLimits
354 * Changed exec call to an execv and passed argv to support argument
355 passing This will only work correctly for scripts called with no
356 other arguments... Eg, must use "cgiwrap/user/script?" syntax
357
358 New in version 2.5:
359
360 * Fixed problem with not correctly falling back from PATH_INFO
361 * Added SETUID_SETEUID option for setting UID's
362 * Added checks to make sure effective ugid changed as well as real.
363
364 New in version 2.4:
365
366 * Fixed incorrect exec call, added null at end.
367
368 New in version 2.3:
369
370 * Fixed location of setgroups() call
371 * Added INSTALL file and fixed PROMO that was old.
372
373 New in version 2.2:
374
375 * More debug outpt for environment variables
376 * Option to check exec bit on script and error msg if not set
377
378 New in version 2.1:
379
380 * Fixed ~ bug
381 * Added PATH_INFO and SCRIPT_NAME rewrite code
382 * Added SETGROUPS option to config
383 * Added RLIMIT option to config
384
385 New in version 2.0:
386
387 * Added support for PATH_INFO specification of user/script
388 * Added stderr redirection to stdout
389 * Added option for doing debugging output by cmd name
390 * Added option to use exec or system calls
391
392 New in version 1.0:
393
394 * Everything! This is the first public distribution.