Age | Commit message (Collapse) | Author | Files | Lines |
|
- various possible NULL pointer references
- two cases were uninitialised memory is used or memory could be
corrupted. This might be exploitable to execute arbitrary code.
- possible mod_access by-pass by appending /
- a local DOS by broken FastCGI handlers
|
|
Most important changes are:
- fix a crash for files with an mtime of 0
- fix cpu hog in certain requests
- added mod_extforward module
- reduced default PATH_MAX to 255
|
|
Patch provided by Sergey Svishchev in private mail.
|
|
Changes in 1.4.13:
* added initgroups in spawn-fcgi (#871)
* added apr1 support htpasswd in mod-auth (#870)
* added lighty.stat() to mod_magnet
* fixed segfault in splitted CRLF CRLF sequences
(introduced in 1.4.12) (#876)
* fixed compilation of LOCK support in mod-webdav
* fixed fragments in request-URLs (#869)
* fixed pkg-config check for lua5.1 on debian
* fixed Content-Length = 0 on HEAD requests without
a known Content-Length (#119)
* fixed mkdir() forcing 0700 (#884)
* fixed writev() on FreeBSD 4.x and older (#875)
* removed warning about a 404-error-handler
returned 404
* backported and fixed the buildsystem changes for
webdav locks
* fixed plugin loading so we can finally load lua
extensions in mod_magnet scripts
* fixed large uploads if xattr is enabled
Changes in 1.4.12:
* added experimental LOCK support for webdav
* added Content-Range support for PUT in webdav
* added support for += on empty arrays in config-files
* added ssl.cipher-list and ssl.use-sslv2
* added $HTTP["querystring"] conditional
* added mod_magnet as long-term replacement for mod_cml
* added work-around for a Opera Bug with SSL + Chunked-Encoding
* changed --print-config to print to stdout instead of stderr
* changed no longer use 0600 for new files with webdav. umask is
honored. Make sure you have set a proper umask.
* fixed upload hangs with SSL
* fixed connection drops with SSL (aka bad retry)
* fixed path traversal with \ on cygwin
* fixed mem-leak in mod_flv_streaming
* fixed required trailing newline in configfiles (#142)
* fixed quoting the autoconf files (#466)
* fixed empty Host: + $HTTP["host"] handling (#458)
* fixed handling of If-Modified-Since if ETag is not set
* fixed default-shell if SHELL is not set (#441)
* fixed appending and assigning of env.* vars
* fixed empty FCGI_STDERR packets
* fixed conditional server.allow-http-11
* fixed handling of follow-symlink + lstat()
* fixed SIGHUP handling if max-workers is used
* fixed "Software caused connection abort" messages on FreeBSD
In addition fix a nasty problem in LDAP auth when using with buggy
commercial servers. Some threat an empty password as anonymous bind
and would only fail on the first query, if that requires privileges.
Patch will be included with 1.4.14.
|
|
Noticed by Peter Avalos.
|
|
|
|
set OVERRIDE_DIRDEPTH to find any libtool scripts deeper in the WRKSRC
tree unless they're named something other than "libtool".
SHLIBTOOL_OVERRIDE generally doesn't need to be specified either -- just
define it to the empty list and shlibtool-override will look for libtool
scripts.
|
|
packages. Convert LDAP-based applications to depend on openldap-client, and
bump PKGREVISION for those that depend on it by default.
|
|
* added ability to specify which ip address spawn-fci listens on
(agkr@pobox.com)
* added mod_flv_streaming to streaming Flash Movies efficiently
* fixed handling of error codes returned by mod_dav_svn behing a
mod_proxy
* fixed error-messages in mod_auth and mod_fastcgi
* fixed re-enabling overloaded local fastcgi backends
* fixed handling of deleted files in linux-sendfile
* fixed compilation on BSD and MacOSX
* fixed $SERVER["socket"] on a already bound socket
* fixed local source retrieval on windows
(secunia)
* fixed hanging cgi if remote side is dieing while reading
from the pipe (sandy@meebo.com)
|
|
|
|
From NEWS:
1.4.10 - 2005-02-08
* added docs for mod_dirlisting
* added fastcgi.map-extensions to mod_fastcgi
* fixed load balancing for mod_fastcgi
* fixed extra newline for syslog() in mod_accesslog
* fixed user-track cookie for IE in mod_usertrack
* fixed crash in digest handling in mod_auth
* fixed handling of 301 response-bodies from a mod_proxy backend
* fixed loading of base modules if server.modules is not set
* fixed broken cgi if mod_scgi is loaded
1.4.9 - 2006-01-14
* added server.core-files option (sandy <sandy@meebo.com>)
* added docs for mod_status
* added mod_evasive to limit the number of connections by IP (<w1zzard@techpowerup.com>)
* added the power-magnet to mod_cml
* added internal statistics to mod_fastcgi
* added server.statistics-url to get internal statistics from mod_status
* added support for conditional range-requests through If-Range
* added static building via scons
* fixed 100% cpu loops in mod_cgi ("sandy" <sjen@cs.stanford.edu>)
* fixed handling for secure-download.timeout (jamis@37signals.com)
* fixed IE bug in content-charset in the output of mod_dirlisting (sniper@php.net)
* fixed typos and language in the docs (ryan-2005@ryandesign.com)
* fixed assertion in mod_cgi on HEAD request is Content-Length (<sandy@meebo.com>)
* fixed handling if equal but duplicate If-Modified-Since request headers
* fixed endless loops in mod_fastcgi if backend is dead
* fixed Depth: 1 handling in PROPFIND requests on empty dirs
* fixed encoding of UTF8 encoded dirlistings (Jani Taskinen <sniper@iki.fi>)
* fixed initial bind to a unix-domain socket through server.bind
* fixed handling of lowercase filesystems
* fixed duplicate request headers cause by mod_setenv
|
|
pkg has been changed to 5.x). Reminded by wiz... thanks.
|
|
automatically detects whether we want the pkginstall machinery to be
used by the package Makefile.
|
|
From NEWS:
* added auto-reconnect to ldap-server in mod_auth
(joerg@netbsd.org)
* changed auth.ldap-cafile to be optional
(joerg@netbsd.org)
* added strip_request_uri in mod_fastcgi
* added more X-* headers to mod_proxy
(Ben Grimm <bengrimm@gmail.com>)
* added 'debug' to simple-vhost to suppress the
(mod_simple_vhost.c.157) No such file or directory /servers/ww.lighttpd.net/pages/
messages by default
* added support to let the server listen on UNIX-socket
* changed default stat-cache-engine to 'simple'
* fixed max-age timestamps in mod_expire
* fixed encoding the filenames in PROPFIND in mod_webdav
* fixed range request handling in network_writev
* fixed retry on connect error in mod_fastcgi
(Robert G. Jakabosky <bobby@alphatrade.com>)
* fixed possible crash in mod_webdav if sqlite3 support
is available but not use
* fixed fdvent-handler init if server.max-worker was used
(Siddharth Vijayakrishnan <mail@bluefireworks.net>)
* fixed missing cleanup in mysql_vhost
* fixed assert() in "connections.c:962:
connection_handle_read_state: Assertion 'c->mem->used' failed."
* fixed 64bit issue in md5
* fixed crash in mod_status
* fixed duplicate headers in mod_proxy
* fixed Content-Length in HEAD request in mod_proxy
* fixed unsigned/signed comparisions
* fixed streaming in mod_cgi
* fixed possible overflow in password-salt handling
(reported on slashdot by james-web@and.org)
* fixed server-traffic-limit if connection limit is not set
|
|
CONFIGURE_ARGS.
|
|
* added FD_CLOEXEC to fds which are kept open for a longer time
* added smaller, moving mmaped windows to network_writev
* added madvise() to instruct the kernel the do proper read-ahead in
network_writev
* added support for %I in mod_accesslog
* added better compat to Apache for ?auto in mod_status
* added support for userdirs without a entry in /etc/passwd in
mod_userdir
* added startup-time selectable network-backend
* added location of upload-files to config as array
* added webdav.log-xml for logging xml-content in mod_webdav
* added Cache-Control: max-age to mod_expire
* workaround missing client-bug by assuming we received a close-notify
on non-keep-alive requests in SSL request
* disabled kerberos5 support by default to fix compilation on RHEL
* fixed order of library checks to fix compilation on Solaris 9
* fixed open file-descriptors on read-error
* fixed crash if /var/tmp is not writable
|
|
Activate memcache option, now that devel/libmemcache is imported.
From NEWS:
- 1.4.6 - 2005-10-09
* fixed compilation on MacOS X and cygwin
* fixed compressed output if caching was disabled (seen in IE and
Opera)
* fixed range-request option
* fixed mysql-vhost module (was broken in 1.4.5)
* fixed false positive in the detection of case-insensitive FS
- 1.4.5 - 2005-10-02
* added all DeltaV methods as known methods
* added buffer-to-disk of request content
* added warning for unused variables in conditionals
* added global index-generators to mod_indexfile
* fixed caching for remote-ip conditionals with keep-alive
* fixed redirects with content
* fixed infinite loop in exec-cmd in mod_ssi
* fixed segfault in config handling for mod_mysql_vhost
* fixed segfault on FIFOs/Sockets
* fixed possible crash on uninit memory if If-Modified-Since was too long
* fixed accounting of mem-chunks
* fixed starving of connections on high load
* fixed crc errors in mod_compress on 64bit platforms
* fixed handling of overlapping fastcgi packets (bug added in 1.4.4)
* fixed logic of conditionals if a header was not set
* fixed a segfault in mod_rewrite if %1 references were used
* fixed handling of empty request URIs in HTTP requests
- 1.4.4 - 2005-09-16
* added support for %V in mod_accesslog
* added a option for a FastCGI responser to send static files
* added md5 and blowfish hashes to htpasswd
* fixed METHOD in mod_accesslog of WebDAV methods
* fixed check for permission before files in sent
* fixed mod-proxy and content for non-POST requests
* fixed compilation of mod_cml on MacOS X
* fixed SSL errmsg after accept()
* fixed memleak in stat-cache
* fixed aborted connections if file was moved while in transfer
* fixed mem-usage for large FastCGI transfers
|
|
|
|
LightTPD is a secure, fast, compliant, and very flexible web-server
which designed and optimized for for high-performance environments.
With a small memory footprint compared to other webservers, effective
management of the CPU load, and advanced feature set (FastCGI, CGI,
Auth, Output-Compression, URL-Rewriting and many more), LightTPD is
the perfect solution for every server that is suffering load problems.
This is loosely based on the lighttpd package from pkgsrc-wip by
Piotr Stolc <socrtp@soclab.eu.org>.
|