
                            CGIWrap - Change Log

   These  are  some  of  the  changes  that  have occured in CGIWrap from
   version to version.
     _________________________________________________________________

  New in version 3.7.1:

     * Added  --with-minimum-gid  option  to  check  minimum user GID and
       auxilliary  groups.  This  is in response to complaints on BugTraq
       about suexec not checking auxgroups.

  New in version 3.7:

     * Encode  user  supplied  output in error messages to fix cross-site
       scripting vulnerability reported by Hiromitsu Takagi.
     * Minor warning cleanup
     * Slight improvement to a couple diagnostic messages.

  New in version 3.6.5:

     * Fixed small problem with glibc2.1 and errno.h vs. sys/errno.h
     * Added simple chroot support for expert installations.
     * Applied  fix  for path translated, removed option for not enabling
       correct path_translated value.
     * Added multiuser cgi script directory support.
     * Added  patch  from  Scott  Sutherland  for  fixing parsing of auth
       files.
     * Added patch from Christian Kruse for better symlink handling.

  New in version 3.6.4:

     * Changed license to GPL finally.
     * Fixed netmask comparison
     * Added anonymous CVS server info
     * Updates  from  David  Hollenberg for misc. error checking/handling
       and overflow protection.
     * Added  check  for making sure cgiwrap is setuid and printing out a
       usable error message if not.
     * Now  prints  out  path  to access control files if one or both are
       missing.
     * Slight changes to aux groups code just in case setgroups() doesn't
       support a empty list.
     * Added some extra info to server userid error message.
     * Added some info to the FAQ.

  New in version 3.6.3:

     * Added  support  for checking if user has a valid shell, similar to
       what  ftpd does. The BSD licensed getusershell.o has been included
       for support where needed.
     * Bug  fix  for  SEGV  condition when certain syntax is used for the
       request. It did not appear exploitable, but would cause cgiwrap to
       core  as  root.  Thanks to Michael Bryan (michael@blueneptune.com)
       for the fix.

  New in version 3.6.2:

     * Fixed  the  !logfd check. Thanks to Alexander Wolgast for pointing
       this out.
     * Added  support  for  reporting  rusage/return code after executing
       script.
     * Changed  logging  to use close-on-exec flag of file descriptor, so
       it can be left open for reporting rusage if enabled.
     * Added  support for reporting approximate elapsed execution time of
       a cgi script.

  New in version 3.6.1:

     * Fixed  the  UserInFile  routine. It broke cause I forgot to remove
       newlines.

  New in version 3.6:

     * Removed  check for ./ in the path of the script. The check for ../
       is  still  there. There doesn't seem to be any need for this check
       as  it  appears  to  be harmless. It is being removed to allow for
       users  with  "./" in their home dir (for chrooting with wuftpd) to
       be able to use cgiwrap.
     * Added code to optionally prevent script execution if the script is
       group  or  world  writable.  I  cannot  make  the  check for world
       writable  forced  on,  since  on my site using AFS, the permission
       bits  aren't  used,  and  some  scripts  might  be marked as world
       writable. Can't break user scripts without a major hassle.
     * Added  code to optionally check if script file is a symbolic link.
       Of course, the script dir itself could still be a symbolic link.
     * Changed to GNU autoconf for configuration
     * Makefile  now  supports  'install'  target  with --install-path is
       specified with configure.
     * Support added for setting PATH and TZ environment variables before
       executing script
     * Support  added for setting a bunch of different RLIMIT_ parameters
       before  executing script, as well as allowing the administrator to
       set the limits with the --with-rlimit-*=value option to configure.
     * Error  messages  are  now  more  verbose  and  output  in  HTML if
       possible.
     * Support  for  calling script using system() has been removed as it
       is not really needed for anything, and just slows things down.
     * Fixed malloc() error check in GetUserDir routines
     * Fixed race condition with permissions and opening of log file
     * initgroups() and setgroups() support now enabled by default
     * Eliminated buffer overrun in error message about chmod'ing script.
       Thanks to Duncan Simpson (dps@io.stargate.co.uk)
     * Added --with-minimum-uid option
     * Fixed  the subdirectory restrict option. (Thanks to Jeffery Chow )
       for pointing this out and for testing the fix.
     * Added  CondenseSlashes  routine  to eliminate doubled and trailing
       slashes
     * Added  SafeMalloc  routine  to  eliminate the need to check malloc
       result throughout the code.
     * Changed  tardist target to touch all files and directories so that
       a consistent time stamp is reached. This should eliminate spurious
       calls to autoheader when building cgiwrap.
     * Added  in code to configure.in for the various information options
       such as local-site-url, local-contact-phone, etc.
     * Added  fcntl.h include, needed by open(). Problem reported by Seth
       Chaiklin  .  Also fixed quoting in the configure.in related to log
       file.
     * Finished  splitting  up  logging  functions and changes to use the
       Context structure.
     * Minor  changes  to  the  makefile, including telling it to use the
       CFLAGS, and improving the tardist target.
     * Moved  extra flag stuff for AFS into it's own section and only run
       it if needed for AFS support.
     * Not sure why, but 3.6 works with AIX 4, 3.5 did not.
     * Cleaned  up  Makefile, finished support for building in a separate
       directory  from  the source, added a 'dep' target using depend.awk
       from mutt distribution.
     * Fixed problem with CHECKHOST/CHECKHOSTS typos.
     * Added support for using "*" with checkhost support to restrict ALL
       userids from being accessed from that host. (*@x.x.x.x/y.y.y.y)
     * Made 'no way to change uids' a compile time error with #error
     * Fixed bug with ALLOWFILE define in util.c.

  New in version 3.5:

     * Fixed strerror checking in Configure script and util.c for systems
       without  strerror,  can  now use strerror, sys_errlist, perror, or
       just errno.
     * Major documentation overhaul, create all HTML based docs
     * Added   option   (defaulting   to   yes)   to  correctly  set  the
       PATH_TRANSLATED environment variable.
     * Fixed  bug with the configure script and the use_system option. It
       would cause a preprocessor error if the system call was not found.
     * Cleaned up various things with the Configure script
     * Changed file prompting to allow using ~ paths.

  New in version 3.4:

     * Fixed typo "&" instead of "&&" in setgroups stuff
     * Added cgiwrap.aliases option to rewrite home dirs of users.
     * Moved  entire cgiwrap source build tree to CVS, will make tracking
       changes easier.
     * CGIwrap  now  changes  directories  to the directory the script is
       located  in  before  executing  the script. Before, it always just
       changed to the main CGI directory. This behavior is only different
       if you were using scripts in subdirectories.
     * Changed  style of cgiwrap.allow, cgiwrap.deny files to be the same
       as cron's allow/deny files.

  New in version 3.3:

     * Added support for attaching a label to syslog log messages.
     * Added code to rewrite the PATH_TRANSLATED environment variable.

  New in version 3.24:

     * Added support for logging to syslog.

  New in version 3.23:

     * Setgroups  was  being  used no matter what you said in configure -
       fixed
     * Problem  with undefined variables in Log call for subdirectories -
       fixed
     * Removed  declaration  of sys_errlist, and errno in util.c, since I
       don't think they were necessary. And they were causing problems on
       some architectures.
     * Added in user contributed host address checking code
     * Upgraded to using dist-3.0 PL60 for building the Configure script.
     * Separated  initgroups()  and  setgroups() checks into two separate
       defines,  and improved documentation in configure script for these
       options.

  New in version 3.22:

     * argv[0]  is  now  automatically  changed to the name of the script
       that is being executed

  New in version 3.21:

     * Rlimit  defines  weren't  set properly when rlimit not available -
       fixed
     * The  optimizer/debugger  flag wasn't being used in the makefile --
       fixed
     * Defaults for checks (y/n) were not being set - fixed

  New in version 3.2:

     * MAJOR  code  cleanup  and  simplification. The code should be ALOT
       easier to read and understand.
     * Fixed  the  problem  in the Makefile on certain architectures with
       the  $(var) not being escaped properly. This should solve problems
       with Linux machines and BSD machines that I know of.
     * Changes  way  PATH_INFO  is  modified,  CGIwrap  will  now correct
       SCRIPT_NAME  for ?user=USER&script=SCRIPT type requests as well as
       /user/script type requests.
     * Subdirectories are now supported for both types of requests
     * Debugging  output  has  been  condensed  and is a little easier to
       read.
     * Documentation  has  been reworked, it should be a little easier to
       use.
     * Fixed prototypes for all the functions in the cgiwrap source.
     * Removed a few unnecessary routines
     * Changed  "mystrcpy"  to  be  "strdup", and is compiled only if the
       current  architecture  does  not  have  strdup  available  in it's
       standard library.

  New in version 3.11:

     * Fixed incorrectly indented # directives that were causing problems
       with some machines.

  New in version 3.1:

     * Added CONF_ALLOWFILE and CONF_DENYFILE options.
     * Added logging of REMOTE_USER and a status message to the log file
     * Added  an  unsupported  directory for user contributed scripts and
       add-ons
     * Restructured logic for which 'set' method gets used.
     * Removed  option  to  not check if gid changed, it was an oversight
       that  this  was  left  in. There isn't any case I know of that you
       wouldn't want to check this.
     * Moved id setting routines into util.c
     * Added new source file for allow/deny code.
     * Removed  some  error  output  that didn't make sense (system error
       messages  that  were  getting  returned  when  I  issued a regular
       cgiwrap error)
     * Added a 'remake' target to the makefile which does a clean, then a
       Configure -S, then a make all to rebuild he entire binary. This is
       useful  if  you have multiple config.sh files (eg. you're building
       for several setups from the same dir)

  New in version 3.0:

     * Set up Configure scripts for CGIwrap
     * Renamed many of the config options to make more consistent
     * Rearranged directory structure of CGIwrap distribution
     * Removed "CONF_SANITIZE" option, it is always on now.
     * Removed "CONF_CHECK_UID" option, it is always on now.
     * Removed   "CONF_FORCE_DEBUG"   option,   and  "CONF_DEBUG_BY_NAME"
       option, cgiwrap automatically does debugging output by name now.
     * Added  info  about  setting  up an access-controlled cgiwrap which
       allows users to control access to their scripts.
     * Renamed  DEBUG  to CONF_DEBUG to solve a compile problem with some
       systems wanting to add -DDEBUG to CFLAGS.

  New in version 2.7:

     * Added  HTTPD_USER  and  CHECK_HTTPD_USER to verify that cgiwrap is
       being  called  by  the  server.  This  is  for (access to scripts)
       security, it doesn't affect system security any.
     * Added AFS PAG support

  New in version 2.6:

     * Moved rlimit call into new subroutine SetLimits
     * Changed  exec call to an execv and passed argv to support argument
       passing  This  will only work correctly for scripts called with no
       other arguments... Eg, must use "cgiwrap/user/script?" syntax

  New in version 2.5:

     * Fixed problem with not correctly falling back from PATH_INFO
     * Added SETUID_SETEUID option for setting UID's
     * Added checks to make sure effective ugid changed as well as real.

  New in version 2.4:

     * Fixed incorrect exec call, added null at end.

  New in versoin 2.3:

     * Fixed location of setgroups() call
     * Added INSTALL file and fixed PROMO that was old.

  New in version 2.2:

     * More debug outpt for environment variables
     * Option to check exec bit on script and error msg if not set

  New in version 2.1:

     * Fixed ~ bug
     * Added PATH_INFO and SCRIPT_NAME rewrite code
     * Added SETGROUPS option to config
     * Added RLIMIT option to config

  New in version 2.0:

     * Added support for PATH_INFO specification of user/script
     * Added stderr redirection to stdout
     * Added option for doing debugging output by cmd name
     * Added option to use exec or system calls

  New in version 1.0:

     * Everything! This is the first public distribution.
