Karlson2k/libmicrohttpd

🐛 This is the first non-bugfix release since version 0.9.75 and the first ever stable release of GNU libmicrohttpd. It is a huge one with new features and fixes.

• The major changes:
• Rewritten parsing of clients' requests, fully aligned with current RFCs (9110 and 9112) requirements. Added detailed control of strict or lenient specification enforcement. Application may choose between more compatible mode or more strict and secure mode.
• Reworked Digest Auth, greater enhanced support for current RFC 7617 features. MHD currently is the only known server-side implementation with support for SHA-512/256, userhash and username in extended notation. At the same time the very old RFC2069 is supported, as well as MD5 and SHA-256.
• Improved functionality in multi-threading environment, especially with external sockets polling modes.
• Reworked Basic Auth, adding new convenient API functions.
• Re-implemented GnuTLS initialisation. Now supported libmicrohttpd-specific system-wide configuration, as well as generic GnuTLS system-wide configuration. Application may adjust settings based on system configuration instead of specifying its own full configuration.
• Tons of other new functionality and various fixes. For detailed changes see the [ChangeLog](https://github.com/Karlson2k/libmicrohttpd/blob/v1.0.0/ChangeLog) or [Git commit logs](https://github.com/Karlson2k/libmicrohttpd/compare/v0.9.75...v1.0.0).
• Since last non-bugfix release there are 1062 commits added with 67007 lines insertions and 26616 deletions.

📋 API changes:

• + Added new function `MHD_get_version_bin()`.

📦 Improvements and enhancements:

• Digest Auth: changed algorithm identifiers in server generated headers from `md5` / `sha-256` to `MD5` / `SHA-256` to better match RFC (while clients should use caseless matching).
• Improved Base64 decoding by new implementation with robust input data validation checks.
• Improved configure for cross-compiling, for better compatibility with POSIX and for better compatibility with the latest compiler versions.
• New internal tests: for Base64 decoding, Basic Auth and folded headers.
• Supported new libcurl API in tests to mute deprecation warnings.
• Supported ARM and ARM64 for VC compilers.

📋 Functionality changes:

• any negative number returned by response data generation callback function is treated as an error. Previously negative values except predefined error codes could produce undefined behaviour.
• Added handling of `DEBUG` preprocessor macro as an alias of `_DEBUG`.

🐛 Fixes:

• Fixed functionality with blocking sockets.
• Fixed very inefficient data pumping for upgraded TLS connections.
• Fixed processing of folded headers in the requests.
• Fixed data races when closing upgraded connection.
• Removed duplication of "Connection: upgrade" header.
• Digest auth: fixed thread sync to avoid "stale hash" results.
• Fixed harmless unwanted extra data processing resulting in triggering of the assert.
• Fixed tests for LTO.
• + 8 more

📋 API changes:

• + Added new function `MHD_get_reason_phrase_len_for()`.
• + Added `MHD_CONNECTION_INFO_HTTP_STATUS` type of information queried by `MHD_get_connection_info()`.
• + Added new response flag `MHD_RF_SEND_KEEP_ALIVE_HEADER` to force sending of "keep-alive" header even if not required by RFC.
• + Added new response creation function `MHD_create_response_from_buffer_with_free_callback_cls()` with custom cleanup callback.
• + Added new response flag `MHD_RF_HTTP_1_0_COMPATIBLE_STRICT` with the same functionality as existing `MHD_RF_HTTP_VERSION_1_0_ONLY` flag. The old flag will be deprecated.
• + Added new response flag `MHD_RF_HTTP_1_0_SERVER` with the same functionality as existing `MHD_RF_HTTP_VERSION_1_0_RESPONSE` flag. The old flag will be deprecated.

✨ New features:

• + Added experimental WebSockets extension with separate header. Disabled by default as it is not fully tested yet.
• + Added `--enable-sanitizers[=address,undefined,leak,user-poison]` configure parameter (instead of `--enable-sanitizer`), implemented custom memory poisoning for memory pools.

📦 Improvements and enhancements:

• Doxy function descriptions was corrected, clarified, extended, and improved. Now it should be much easier to learn MHD just by reading the headers.
• Completely rewritten reply header forming. New implementation is more robust, simpler maintainable and expandable, and better follows RFC HTTP specifications.
• Performance improvements: now HTTP version and request method are decoded one time only (previously MHD used string comparison many times during processing the data).
• Rewritten request chunked payload decoding. The new implementation better conforms to the HTTP RFC, detects format problems earlier, replies to the clients with description of detected problems, handles untypical (but syntactically correct) values properly.
• Added special replies for wrong/unsupported HTTP versions in requests, broken HTTP chunked encoding in requests,
• As required by HTTP RFC, added automatic error replies if client used broken chunked encoding, too large chunk size, too large payload size, or broken Content-Length header.
• Optimized connection's memory pool handling.
• Changed timeout precision from one second to one millisecond.
• + 12 more

📋 Functional changes:

• Keep-alive header is omitted by default for HTTP/1.1 connections. Use of header can be enforced by response flag.
• Chunked encoding is used for HTTP/1.1 non-keep-alive connections for responses with unknown size. Previously MHD used "indication
• of the end of the response by closing connection" in such cases, however it is not correct for HTTP/1.1 connections as per HTTP RFC.
• As required by HTTP RFC, use HTTP/1.1 version instead of HTTP/1.0 in reply headers when client is HTTP/1.0 . HTTP/1.0 version can be enforced by response flag.
• User response headers are used in replies in the same order as was added by application.
• Allowed tab characters in response header values.
• All custom "Connection:" response headers are automatically combined into single "Connection:" header.
• "keep-alive" token silently dropped from custom "Connection:" response header. "Keep-alive" cannot be enforced and used automatically if possible.
• + 5 more

🐛 Fixes:

• Fixed short busy-waiting (up to one second) when connection is going to be expired and closed.
• Fixed handling of errors during start of new connection, fixed inability to accept new connections in thread-per-connection mode due to the missing decrement of number of daemon's connections if start of new thread is failed.
• Fixed incorrect parsing of LFLF, LFCR, CRCR, and bare CR as single linefeed in request header and request chunked payload. Now only CRLF or bare LF are recognized as linefeed.
• Fixed response chunked encoding handling. Now it works properly with non-keep-alive connection, with fixed size replies (if chunked was enforced by header), and in other situations.
• Other fixes for chunked replies.
• Fixed handling of custom connection timeout in thread-per-connection mode.
• Fixed wrongly used `MHD_REQUEST_TERMINATED_COMPLETED_OK` code for application notification when `MHD_REQUEST_TERMINATED_WITH_ERROR` code must be used.
• Fixed code `MHD_REQUEST_TERMINATED_READ_ERROR` not reported (code `MHD_REQUEST_TERMINATED_WITH_ERROR` was incorrectly used instead).
• + 19 more

📋 Changes

• Return timeout of zero also for connections awaiting cleanup.
• Compatibility with autoconf >=2.70, used new autoconf features.
• Warn user when custom logger option is not the first option.
• Added information to the header about minimal MHD version when particular symbols were introduced.
• Updated test certificates to be compatible with modern browsers.
• Added on-fly detection of UNIX domain sockets and pipes, MHD does not try to use TCP/IP-specific socket options on them.
• Report more detailed error description in the MHD log for send and receive errors.
• Enabled bind port autodetection for MSVC builds.
• + 5 more

📋 Changes

• Fully rewritten code for buffering/pushing from kernel network buffers for compatibility with various OSes. Reduced number of additional sys-calls, network is better utilized, responses are delivered faster. Restored optimal `sendfile()` usage on FreeBSD.
• MHD now takes care about `SIGPIPE` handling by blocking it in internal threads and avoiding functions (like `sendfile()`) that could generate `SIGPIPE` when blocking of this signal is not possible.
• Fixed crash in PostProcessor.
• Fixed several resources leaks in corner cases.
• Improved thread sync, thread safety and fixed one use-after-free under special conditions during stopping of daemon.
• Updated HTTP status codes, header names and methods from the registries.
• Fixed functioning without listen socket and with internal threads.
• Fixed streaming of chunked responses for both HTTP and HTTPS.
• + 3 more