| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
* Update comment about TCP_INFO on OpenBSD
* [mod_ajp13] fix crash with bad response headers (fixes #3170)
* [core] handle RDHUP when collecting chunked body
* [core] tweak streaming request body to backends
* [core] handle ENOSPC with pwritev() (#3171)
* [core] manually calculate off_t max (fixes #3171)
* [autoconf] force large file support (#3171)
* [multiple] quiet coverity warnings using casts
* [meson] add license keyword to project declaration
|
|
|
|
* [core] h2: optim: send window update in 16k units
* [mod_magnet] reset for http-response-send-file
* [multiple] fix json encoding
* [core] buffer_append_bs_escaped_json()
* [autoconf] update ax_prog_cc_for_build.m4
* [doc] add libdeflate to INSTALL
* [mod_webdav] cold func if xml reqbody w/o db conf
* [mod_webdav] check reqbody Content-Type is XML
* [doc] more consistent use of vars in examples
* [core] do not load indexfile, dirlisting if unused
* [mod_dirlisting] send ETag, Cache-Control w/ cache
* [mod_openssl] compile compat w/ openssl < 1.1.0
* [mod_webdav] webdav_reqbody_type_xml() fixes
* [core] clarify server.username = "root" error msg
* [mod_wolfssl] compat with older wolfssl versions
* [core] fix li_base64_dec() on whitespace
* [core] perf tweak buffer_eq_icase_ssn()
* [mod_deflate] fix use of libdeflate for files>128k (fixes #3161)
* [core] fix buffer_substr_replace() extend (fixes #3160)
* [mod_webdav] build with Android NDK
* [core] check r->http_status before handling Range
* [core] preprocessor option to force crypto lib
* [core] fix SIGUSR1 graceful restart w/ TLS (fixes #3164)
* [mod_authn_gssapi] warn if no confidentiality flag (fixes #3163)
* [mod_wstunnel] fix crash with bad hybivers (fixes #3165)
* [core] perf: adjust max h2 stream send increment
* [core] fix HTTP/2 downloads >= 4GiB (fixes #3166)
|
|
|
|
HIGHLIGHTS
* WebSockets over HTTP/2
RFC 8441 Bootstrapping WebSockets with HTTP/2
* HTTP/2 PRIORITY_UPDATE
RFC 9218 Extensible Prioritization Scheme for HTTP
* prefix/suffix conditions in lighttpd.conf
* mod_webdav safe partial-PUT
webdav.opts += ("partial-put-copy-modify" => "enable")
* mod_accesslog option: accesslog.escaping = "json"
* mod_deflate libdeflate build option
* speed up request body uploads via HTTP/2
BEHAVIOR CHANGES:
* change default server.max-keep-alive-requests = 1000 to adjust
to increasing HTTP/2 usage and to web2/web3 application usage
(prior default was 100)
* mod_status HTML now includes HTTP/2 control stream id 0 in the output
which contains aggregate counts for the HTTP/2 connection
(These lines can be identified with URL '*', part of "PRI *" preface)
alternative: https://wiki.lighttpd.net/ModMagnetExamples#lua-mod_status
* MIME type application/javascript is translated to text/javascript (RFC 9239)
|
|
|
|
## Important changes
* remove deprecated modules, bugfixes, CVE-2022-22707 (rare configs)
## Behavior Changes
(previously announced and scheduled)
* graceful restart/shutdown timeout changed from 0 (disabled) to 8 seconds
configure an alternative with:
server.feature-flags += ("server.graceful-shutdown-timeout" => 8)
* build: lighttpd defaults to --with-pcre2 instead of --with-pcre
pcre2 is current. pcre is no longer maintained.
Explicitly specify --with-pcre in build to use pcre instead of pcre2.
* deprecated modules (previously announced) have been removed
* mod_authn_mysql
* mod_mysql_vhost
* mod_cml
* mod_flv_streaming
* mod_geoip
* mod_trigger_b4_dl
## Changes from 1.4.63
* [core] fix trace issued for loading mod_auth (fixes #3121)
* [meson] need -lrt with glibc < 2.17 (fixes #3120)
* [core] adjust time jump detection (fixes #3123)
* [core] make setrlimit() warn, not fatal
* [core] add remote IP to some error msgs (fixes #3122)
* [mod_webdav] If-None-Match on non-existent entity
* [build] check getxattr before attr_get and -lattr
* [doc] SELinux: setsebool -P httpd_setrlimit on
* [build] create sha512sum file with release
* [build] CI builds now use make -j 2
* [core] http_response_send_file() takes const path
* [core] use ETag response header to check cachable
* [core] add more const to stat_cache_update_entry()
* [multiple] remove r->physical.etag
* [mod_magnet] interface to http_response_send_file
* [build] add headers for sendfile() detect on MacOS
* [core] http_response_write_prepare optimization
* [core] define static_assert for uClibc (fixes #3127)
* [build] -Wno-implicit-fallthrough for ls-hpack
* [core] ignore pcre2 "bad JIT option" warning
* [build] pcre2: use pkg-config before pcre2-config
* [core] http_response_has_error_handler()
* [core] consolidate request restart loop check
* [core] defer retrieving Last-Modified until needed
* [mod_dirlisting] fix logic inversion in cache
* [core] mark expect cond in http_response_send_file
* [core] connection_handle_read_state() tweak
* [core] connection_state_machine_loop() tweaks
* [core] connection_state_machine_h2() tweaks
* [core] quiet coverity noise
* [core] use lower limit for max-fds if !setrlimit
* [build] do not check for prctl; HAVE_PRCTL unused
* [core] server.core-files support on FreeBSD (fixes #3128)
* [mod_extforward] support longer PROXY v2 TLV vec
* [mod_webdav] detect truncated copy_file_range()
* [mod_webdav] copy_file_range() new in FreeBSD 13
* [mod_webdav] copy_file_range() new in FreeBSD 13
* [build] feature consistency between build types
* [build] cmake build now defaults to C11
* [core] CCRandomGenerateBytes() for rand on macOS (fixes #3129)
* [multiple] remove long-deprecated modules
* [build] default --with-pcre2 unless --with-pcre
* [core] "server.graceful-shutdown-timeout" => 8
* [build] adjust trace for regex-conditionals
* [build] update tests/SConscript
* [core] errno_t detection on Illumos
* [build] cmake build now defaults to C11
* [build] meson: find pcre2 w/o pkg-config
* [core] define _EXTENSIONS_ on Illumos
* [build] cmake,meson socket libs for win32, Illumos (fixes #3130)
* [core] hide bsd_accept_filter code on OpenBSD (fixes #3131)
* [core] errno_t and rsize_t detection on Illumos
* [mod_webdav] copy acceleration
* [mod_webdav] define HAVE_RENAMEAT2 earlier
* [build] meson misdetects mempcpy on some platforms
* [build] cmake: skip "-Wl,-export-dynamic" Illumos
* [build] adjust .gitignore for macOS
* [build] meson crypt and dl detection on *BSD (fixes #3133)
* [core] /dev/null is a symlink on Illumos (fixes #3132)
* [core] server.core-files support for solaris (fixes #3135)
* [build] feature consistency between build types
* [build] Haiku build fix (fixes #3136)
* [lemon] silence coverity warnings
* [cmake] raise minimum version to 3.7
* [cmake] add address/undefined sanitize compile options
* [asan tests] fix memory leaks
* [array] use speaking names for array "fn" vtables for better debugging experience
* [ci] add cmake-asan build type
* [core] buffer_copy_string() use "" if s is NULL
* [mod_authn_gssapi] code reuse: fdevent_mkostemp()
* [mod_authn_gssapi] reduce KRB5CCNAME mem alloc
* [build] adjust help strings for pcre2 default
* [core] (const char *) for srvconf.modules_dir
* [multiple] remove buffer_init_string()
* [multiple] remove buffer_init_buffer()
* [mod_extforward] fix out-of-bounds (OOB) write (fixes #3134)
* [build] use -fstack-protector-strong w/ extra warn
* [build] collect Sun-specific headers and funcs
* [build] collect Sun-specific headers and funcs
* [build] rm redundant check for -lnetwork on Haiku
* [build] check headers before some funcs
* [core] allow LISTEN_PID to be ppid if TRACEME (fixes #3137)
* [core] allow tests/tmp/bind.conf override (#3137)
* [mod_webdav] no sys/ioctl.h on _WIN32
* [tests] _WIN32 adjustments in LightyTest.pm
* [tests] revert _WIN32 adjustments in LightyTest.pm
* [mod_gnutls] lift size check out of DN loop
* [mod_mbedtls] lift size check out of DN loop
* [mbedtls] save (mbedtls_ssl_config *) in hctx
* [multiple] permit UTF-8 in SSL_CLIENT_S_DN_*
* [mod_openssl] do not esc UTF-8 in cert subject
* [mod_mbedtls] reconstruct SSL_CLIENT_S_DN
* [mod_mbedtls] changes to build with mbedtls 3.0.0
* [mod_mbedtls] remove use of out_left in mbedtls 3
* [mod_mbedtls] mbedtls_ssl_conf_groups for 3.1.0
pkgsrc changes:
- Remove options 'gdbm' and 'memcached', no longer used
|
|
|
|
|
|
- [core] import xxHash v0.8.1
- [core] isolate use of sys/filio.h
- [core] fix reqpool mem corruption in 1.4.62 (fixes #3118)
pkgsrc changes:
- Link with pkgsrc xxhash instead of the vendored copy
|
|
- support pcre2; HTTP Digest auth userhash; bugfixes
pkgsrc changes:
- switch to pcre2
|
|
|
|
Add missing test dependency.
- 1.4.61 - 2021-10-28
* [core] define __BEGIN_DECLS, __END_DECLS if needed
* [core] Y2038: error log high-precision timestamps
* [multiple] __attribute_nonnull__ now takes params
* [core] bounds check while url-decoding
* [mod_magnet] prefer lua_newuserdatauv() w/ lua 5.4
* [core] earlier macOS need define for errno_t (fixes #3107)
* [tests] force POSIX::WNOHANG() autovivification (fixes #3110)
* [mod_dirlisting] sort "../" to top (fixes #3109)
* [tests] force Fcntl::F_SETFD() autovivification (#3110)
* [core] avoid repeated typedef for fdlog_st
* [doc] update INSTALL
* [mod_extforward] keep remote IP thru request reset
* [core] fix HTTP/2 upload > 64k w/ max-request-size (fixes #3108)
* [mod_auth] fix Basic auth passwd cache (fixes #3112)
* [mod_ajp13,mod_fastcgi] comment: no response body
* [mod_webdav] ignore PROPFIND Depth for files
* [core] add comment to ck_memeq_const_time()
* [core] accept up to 5 digit port num in host cond
* [core] expose chunkqueue_remove_empty_chunks()
* [core] short-circuit if response body recv w/ hdrs (fixes #3111)
* [core] resched HTTP/2 streams w/ pending data (#3111)
* [core] separate func for gw_authorizer_ok()
* [core] make ck_memeq_const_time() more generic (#3112)
* [mod_auth] revert adjustment to auth passwd cache (#3112)
* [core] thwart h2c smuggling when Upgrade enabled
* [core] separate funcs to check for valid chars
* [core] thwart h2 request tunnelling
* [core] clear shared log buffer after writes
* [mod_nss] quiet trace for PR_END_OF_FILE_ERROR
* [core] allow debug.log-state-handling in condition
* [core] combine more dup header processing code
* [mod_ajp13,mod_fastcgi] check resp w/ content len
* [mod_proxy] Length Req if proxy forcing HTTP/1.0
* [core] restart dead proc on connect error if local
* [mod_ajp13,mod_fastcgi] recv_parse smaller funcs
* [multiple] warn deprecated mods slated for removal
* [core] remove redundant checks in same context
* [core] tighten chunkqueue_steal* code; better asm
* [build] check for preadv(), pwritev()
* [core] pwritev w/ chunkqueue_steal_with_tempfiles
* [core] tighten chunkqueue_mark_written; better asm
* [doc] uncomment mod_auth load in conf.d/auth.conf
* [core] tighten chunkqueue_small_resp_optim()
* [core] chunkqueue_small_resp_optim if resp < 16k
* [mod_auth] clear crypt() output if len >= 13
* [multiple] add assert after malloc in two spots
* [core] add HTTP/2 check resp finished w/ empty cq (#3111)
* [core] chunkqueue_small_resp_optim() comment
|
|
All checksums have been double-checked against existing RMD160 and
SHA512 hashes
Not committed (merge conflicts):
www/nghttp2/distinfo
Unfetchable distfiles (almost certainly fetched conditionally...):
./www/nginx-devel/distinfo array-var-nginx-module-0.05.tar.gz
./www/nginx-devel/distinfo echo-nginx-module-0.62.tar.gz
./www/nginx-devel/distinfo encrypted-session-nginx-module-0.08.tar.gz
./www/nginx-devel/distinfo form-input-nginx-module-0.12.tar.gz
./www/nginx-devel/distinfo headers-more-nginx-module-0.33.tar.gz
./www/nginx-devel/distinfo lua-nginx-module-0.10.19.tar.gz
./www/nginx-devel/distinfo naxsi-1.3.tar.gz
./www/nginx-devel/distinfo nginx-dav-ext-module-3.0.0.tar.gz
./www/nginx-devel/distinfo nginx-rtmp-module-1.2.2.tar.gz
./www/nginx-devel/distinfo nginx_http_push_module-1.2.10.tar.gz
./www/nginx-devel/distinfo ngx_cache_purge-2.5.1.tar.gz
./www/nginx-devel/distinfo ngx_devel_kit-0.3.1.tar.gz
./www/nginx-devel/distinfo ngx_http_geoip2_module-3.3.tar.gz
./www/nginx-devel/distinfo njs-0.5.0.tar.gz
./www/nginx-devel/distinfo set-misc-nginx-module-0.32.tar.gz
./www/nginx/distinfo array-var-nginx-module-0.05.tar.gz
./www/nginx/distinfo echo-nginx-module-0.62.tar.gz
./www/nginx/distinfo encrypted-session-nginx-module-0.08.tar.gz
./www/nginx/distinfo form-input-nginx-module-0.12.tar.gz
./www/nginx/distinfo headers-more-nginx-module-0.33.tar.gz
./www/nginx/distinfo lua-nginx-module-0.10.19.tar.gz
./www/nginx/distinfo naxsi-1.3.tar.gz
./www/nginx/distinfo nginx-dav-ext-module-3.0.0.tar.gz
./www/nginx/distinfo nginx-rtmp-module-1.2.2.tar.gz
./www/nginx/distinfo nginx_http_push_module-1.2.10.tar.gz
./www/nginx/distinfo ngx_cache_purge-2.5.1.tar.gz
./www/nginx/distinfo ngx_devel_kit-0.3.1.tar.gz
./www/nginx/distinfo ngx_http_geoip2_module-3.3.tar.gz
./www/nginx/distinfo njs-0.5.0.tar.gz
./www/nginx/distinfo set-misc-nginx-module-0.32.tar.gz
|
|
its buildlink3.mk now includes openssl's buildlink3.mk
|
|
patch 2a3cca7.
|
|
|
|
Highlights
* improve performance, reduce memory use, bugfixes
* HTTP/2 smoother and lower memory use (in general)
* HTTP/2 tuning to better handle aggressive client initial requests
* reduce memory footprint; workaround poor glibc behavior; jemalloc is better
* mod_magnet lua performance improvements
* mod_dirlisting performance improvements and new caching option
* memory constraints for extreme edge cases in mod_dirlisting, mod_ssi, mod_webdav
* connect(), write(), read() time limits on backends (separate from client timeouts)
* lighttpd restarts if large discontinuity in time occurs (embedded systems)
* RFC7233 Range support for all non-streaming responses, not only static files
|
|
|
|
|
|
as well as adding options for other SSL libraries, disabling options
explicitly should cause less problems when the OS contains libraries used
by the options.
|
|
|
|
Summary:
HTTP/2 enabled by default, mod_deflate zstd support, mod_ajp13
(new), bugfixes.
Future Scheduled Behavior Changes:
* graceful restart/shutdown default timeout will change from 0
(infinite/no timeout) to 5 seconds (or some similar non-zero period)
configure an alternative with:
server.feature-flags += ("server.graceful-shutdown-timeout" => 5)
* mod_compress is DEPRECATED; use mod_deflate
mod_compress has been subsumed by mod_deflate
Note: mod_compress config options may be removed in a future release
* mod_geoip is DEPRECATED; use mod_maxminddb
Note: mod_geoip will be removed from a future lighttpd release
* mod_authn_mysql is DEPRECATED; use mod_authn_dbi
Note: mod_authn_mysql will be removed from a future lighttpd release
* mod_mysql_vhost is DEPRECATED; use mod_vhostdb_dbi or mod_vhostdb_mysql
Note: mod_mysql_vhost will be removed from a future lighttpd release
* mod_cml is DEPRECATED; use mod_magnet
Note: mod_cml will be removed from a future lighttpd release
Changes from 1.4.58:
* [mod_webdav] hide unused funcs depending on build
* [mod_mbedtls] include mbedtls/platform_util.h
* [mod_mbedtls] use local strncmp_const()
* [mod_gnutls] use local strncmp_const()
* [mod_dirlisting] place vars closer to where used
* [autotools] autoupdate; subst deprecated/obsolete
* [autoconf] update ax_prog_cc_for_build.m4
* [core] fix crash at shutdown w/ certain config
* [tests] use ephemeral ports in tests
* [mod_wolfssl] minor updates for wolfSSL v4.6.0
* [doc] create-mime.conf.pl improve case handling
* [mod_openssl] extend ssl.openssl.ssl-conf-cmd
* [mod_extforward] config warning for module order
* [mod_extforward] fix extforward.headers defaults (fixes #3051)
* [multiple] use HTTP_HEADER_* enum before strcmp
* [multiple] replace buffer_is_equal_caseless_string
* [mod_dirlisting] quiet coverity false positive
* [doc] create-mime.conf.pl improve case handling
* [autoconf] fix LT_INIT syntax
* [doc] create-mime.conf.pl -v for warnings
* [core] fix crash in error trace if backend is down (fixes #3052)
* [doc] create-mime.conf.pl -v silent for mult vnd
* [mod_openssl] update LIBRESSL_VERSION_NUMBER check
* [multiple] fix: honor CipherString for alt TLS lib
* [mod_openssl] set Ciphersuites once API available
* [mod_dirlisting] use fdopendir(), fstatat()
* [mod_deflate] support Accept-Encoding: zstd
* [mod_deflate] use zstd streaming API
* [mod_dirlisting] hide unused variable on MacOS
* [doc] add --with-zstd to INSTALL
* [mod_access] mark mod_access_check attribute pure
* [core] add decls in connections.h
* [build] update scripts/ci-build.sh
* [core] check ifdef WOLFSSL_SHA512 for SHA512 avail
* [build] scripts/ci-build.sh --with-nettle
* [mod_openssl] update LIBRESSL_VERSION_NUMBER check
* [build] scripts/ci-build.sh w/o --with-wolfssl
* [build] scripts/ci-build.sh adjustments
* [build] fix typo in src/CMakeLists.txt
* [build] adjust mbedtls vars in src/CMakeLists.txt
* [build] scripts/ci-build.sh adjustments
* [build] adjust crypto vars in src/CMakeLists.txt
* [core] avoid multiple definition of SHA512_CTX
* [build] adjust crypto vars in src/CMakeLists.txt
* [mod_alias] modify r->physical.path in place
* [build] scripts/ci-build.sh add --with-maxminddb
* build] scripts/ci-build.sh remove --with-maxminddb
* [mod_deflate] use zstd typedefs (minor cleanup)
* [mod_deflate] compat with zstd < v1.4.0
* [multiple] fix coverity warnings
* [multiple] fix TLS config string parsing
* [mod_gnutls] fix ssl.ca_dn_file data access
* [mod_wolfssl] wipe ssl_pemfile_pkey before free()
* [mod_wolfssl] fix syntax errors
* [multiple] fix TLS config string parsing
* [mod_gnutls] fix alt code for coverity
* [core] check more carefully after SSL_WANT_WRITE
* [core] fix 100% CPU spin if traffic limit hit
* [core] skip interest in POLLRDHUP after POLLRDHUP (#3059)
* [TLS] detect expired stapling file at startup (fixes #3056)
* [multiple] avoid duplicate parsing in trigger func (#3056)
* [multiple] quiet some clang-analyzer warnings
* [core] enable HTTP/2 by default
* [mod_ajp13] AJPv13 Tomcat connector for lighttpd
* [core] const data_unset *array_get_element_klen()
* [core] tighten struct data_config and related code
* [core] fix merging large headers across mult reads (fixes #3059)
* [mod_gnutls,mod_mbedtls] recog common cipherstring
* [build] fix typo in SConstruct (fixes #3061)
* [mod_wolfssl] wolfSSL might repeat SNI_Callback()
* [TLS] fix invalid cfg warning
* [mod_openssl] fix acme-tls/1 challenge bootstrap
* [TLS] set r->uri.authority empty str upon accept()
* [mod_gnutls] fix acme-tls/1 challenge bootstrap
* [mod_nss] fix acme-tls/1 challenge bootstrap
* [mod_wolfssl] copy stapling buf for OCSP resp
* [mod_mbedtls] fix acme-tls/1 challenge bootstrap
* [mod_mbedtls] fix acme-tls/1 challenge bootstrap
* [mod_cgi] fix assert if empty X-Sendfile path (fixes #3062)
* [mod_mbedtls] restore ALPN chk after client hello
* [core] re-validate h2 CONTINUATION frame len in cq
* [mod_mbedtls] remove redundant condition check
* [core] quiet coverity warning
|
|
- [tests] collect code for "die-at-end" tests
- [tests] remove FastCGI test dependency on libfcgi
- [core] prefer IPv6+IPv4 func vs IPv4-specific func
- [tests] remove FastCGI test dependency on PHP
- [core] reuse large mem chunks (fix mem usage) (fixes #3033)
- [core] add comment for FastCGI mem use in hctx→rb (#3033)
- [mod_proxy] fix sending of initial reqbody chunked
- [multiple] fdevent_waitpid() wrapper
- [core] sys-time.h – localtime_r,gmtime_r macros
- [core] http_date.[ch] encapsulate HTTP-date parse
- [core] specialized strptime() for HTTP date fmts
- [multiple] employ http_date.h, sys-time.h
- [core] http_date_timegm() (portable timegm())
- buffer_append_path_len() to join paths
- [core] inet_ntop_cache -> sock_addr_cache
- [tests] slight speed up checking for server ready
- [tests] load required modules in alt .conf tests
- [multiple] etag.[ch] -> http_etag.[ch]; better imp
- [core] fix crash after specific err in config file
- [core] fix bug in FastCGI uploads (#3033)
- [tests] OpenBSD crypt() support limited to bcrypt
- [core] http_response_match_if_range()
- [mod_webdav] typedef off_t loff_t for FreeBSD
- [multiple] chunkqueue_write_chunk()
- [build] add GNUMAKEFLAGS=—no-print-directory
- [tests] consolidate some tests/ content
- [core] fix bug in read retry found by coverity
Updating during the freeze for (also from the changelog) "important
changes: bugfixes, portability".
|
|
- [core] attempt to quiet some coverity warnings
- [mod_webdav] compile fix for Mac OSX/11
- [core] handle U+00A0 in config parser
- [core] fix lighttpd -1 one-shot with pipes
- [core] quiet start/shutdown trace in one-shot mode
- [core] allow keep-alives in one-shot mode (#3042)
- [mod_webdav] define _ATFILE_SOURCE if AT_FDCWD
- [core] setsockopt IPV6_V6ONLY if server.v4mapped
- [build] fix meson.build when building all TLS mods
- [core] prefer inet_aton() over inet_addr()
- [build] fix SCons build when building all TLS mods
- [core] add missing mod_wolfssl to ssl compat list
- [mod_openssl] remove ancient preprocessor logic
- [core] SHA512_Init, SHA512_Update, SHA512_Final
- [mod_wolfssl] add complex preproc logic for SNI
- [core] wrap a macro value with parens
- [core] fix handling chunked response from backend (fixes #3044)
- [core] always set file.fd = -1 on FILE_CHUNK reset (fixes #3044)
- [core] skip some trace if backend Upgrade (#3044)
- [TLS] cert-staple.sh POSIX sh compat (fixes #3043)
- [core] portability fix if st_mtime not defined
- [mod_nss] portability fix
- [core] warn if mod_authn_file needed in conf
- [core] fix chunked decoding from backend (fixes #3044)
- [core] reject excess data after chunked encoding (#3046)
- [core] track chunked encoding state from backend (fixes #3046)
- [core] li_restricted_strtoint64()
- [core] track Content-Length from backend (fixes #3046)
- [core] enhance config parsing debugging (#3047)
- [core] reorder srv->config_context to match ndx (fixes #3047)
- [mod_proxy] proxy.header = ("force-http10" => ...)
- [mod_authn_ldap] fix crash (fixes #3048)
- [mod_authn_ldap, mod_vhostdb_ldap] default cafile
- [core] fix array_copy_array() sorted[]
- [multiple] replace fall through comment with attr
- [core] fix crash printing trace if backend is down
- [core] fix decoding chunked from backend (fixes #3049)
- [core] attempt to quiet some coverity warnings
|
|
|
|
add options for other SSL libraries later. Add 'libdbi' option to enable
mod_vhostdb_dbi and the new mod_authn_dbi module, off by default. Bump
PKGREVISION.
|
|
# Highlights
- HTTP/2 support
- must be enabled in lighttpd.conf in lighttpd 1.4.56;
may be enabled by default in a future release
- `server.feature-flags += ("server.h2proto" => "enable", "server.h2c" => "enable")`
- TLS library options: OpenSSL, mbedTLS, wolfSSL, GnuTLS, NSS
- mod_openssl (existing)
- mod_mbedtls (experimental)
- mod_wolfssl (experimental)
- mod_gnutls (experimental)
- mod_nss (experimental)
- TLS OCSP stapling
(except mbedTLS; not currently supported by mbedTLS)
- TLS session ticket key rotation control
(except NSS; API limitation in NSS)
- mod_deflate brotli support
- mod_proxy makes HTTP/1.1 requests to backends (change from HTTP/1.0)
- RFC 8297 support for 103 Early Hints produced by backends (scripts)
- graceful restart option to transfer listen fds (minimal pause)
- `server.systemd-socket-activation = "enable"`
- `server.feature-flags += ("server.graceful-restart-bg" => "enable", "server.graceful-shutdown-timeout" => "15")`
# Behavior Changes
- mod_openssl
- default MinProtocol TLSv1.2
TLSv1 and TLSv1.1 are deprecated and no longer supported by major browsers.
<https://news.netcraft.com/archives/2020/03/03/browsers-on-track-to-block-850000-tls-1-0-sites.html>
If prior behavior is required, configure:
`ssl.openssl.ssl-conf-cmd = ("MinProtocol" => "TLSv1")`
If using openssl <= 1.0.2 (end-of-life)
`ssl.openssl.ssl-conf-cmd = ("Protocol" => "-ALL, TLSv1, TLSv1.1, TLSv1.2")`
- (internal) TLS session cache is disabled by default,
replaced by lighttpd robust TLSv1.2 session ticket support
If backward compatibility is needed:
`server.feature-flags += ("ssl.session-cache" => "enable")`
- (internal) openssl creates a session ticket encryption key per SSL_CTX.
lighttpd 1.4.56 and later assigns a single session ticket encryption key
for the lighttpd server (across all SSL_CTX) for consistency.
- behavior change with ssl.ca-dn-file (uncommon); applies to client
certificate verification and ssl.ca-dn-file (uncommon)
If client certificate verification is enabled
(ssl.verifyclient.activate = "enable"),
all CAs used for client certificate verification must be present in
ssl.ca-file. This is the typical use case when client certificate
verification is enabled. Certificates in (optional) ssl.ca-dn-file
are used to send issuer names to client when the server sends a
client certificate request. These names are use by the client
during certificate selection, and the server requires that the
certificate sent by the client be issued by one of the subjects
in ssl.ca-dn-file.
(Prior behavior merged ssl.ca-file and ssl.ca-dn-file for trusted CAs.
New behavior requires all trusted CAs be listed in ssl.ca-file,
and a subset be duplicated into ssl.ca-dn-file to specify allowed
client cert issuer.)
- mod_deflate: support for bzip2 is now disabled by default in the build
- (enable using `./configure --with-bzip2`)
bzip2 Content-Encoding is not widely supported
Prefer to build `--with-brotli`
brotli Content-Encoding is more widely supported than bzip2
# Future Scheduled Behavior Changes
- HTTP/2 support will be enabled by default in a future release
- graceful restart/shutdown default timeout will change from
0 (infinite/no timeout) to 5 seconds (or some similar non-zero period)
configure an alternative with:
`server.feature-flags += ("server.graceful-shutdown-timeout" => 5)`
- mod_compress is DEPRECATED; use mod_deflate
mod_compress has been subsumed by mod_deflate
Note: mod_compress config options may be removed in a future release
- mod_geoip is DEPRECATED; use mod_maxminddb
Note: mod_geoip will be removed from a future lighttpd release
- mod_authn_mysql is DEPRECATED; use mod_authn_dbi
Note: mod_authn_mysql will be removed from a future lighttpd release
- mod_mysql_vhost is DEPRECATED; use mod_vhostdb_dbi or mod_vhostdb_mysql
Note: mod_mysql_vhost will be removed from a future lighttpd release
- mod_cml is DEPRECATED; use mod_magnet
Note: mod_cml will be removed from a future lighttpd release
|
|
|
|
webdav_propfind_dir) on NetBSD. Bump PKGREVISION.
|
|
|
|
|
|
|
|
|
|
patch-src_fdevent__solaris__port.c was removed since what it solves is fixed
in this version.
Changes from 1.4.54
[core] fix compile error on Solaris
[core] attribute_pure
[core] array-specialized buffer_caseless_compare()
[core] specialized buffer_eq_*() for short strings
[core] mark some more funcs w/ attribute_pure
[core] use buffer_eq_icase* funcs
[multiple] replace strcasecmp() on short strings
[core] mark some more funcs w/ attribute_pure
[mod_webdav] fix startup crash w/ multiple conds
[core] cold func http_response_omit_header()
[core] use buffer_eq_icase_ssn func
[core] use buffer_eq_icase_ssn func
[core] correct attribute_pure syntax
[core] allocate unix socket paths with SUN_LEN()+1
Use explicit_memset from NetBSD if available for safe_memclear
Also use explicit_memset (NetBSD) with cmake, scons and meson
[cmake]: enable CMAKE_POSITION_INDEPENDENT_CODE by default
[core] improve http_headers[] data struct packing
[core] fdevent_poll() is effective periodic timer
[core] move con state handling to connections*.c
[core] issue config error for invalid ‘:’
[mod_deflate] fix choose encoding parse error
[core] retry on some fdevent set/del temporary err
[core] disable stat_cache FAM if FAM conn closed
[mod_auth] http_auth_const_time_memeq improvement
[build] prefer pkg-config for postgres
[mod_authn_gssapi] 500 if fail to delegate creds
[mod_authn_gssapi] option to store delegated creds
[mod_webdav] fix file uploads > 128M
[mod_auth] do not use quoted-string for algorithm
[mod_auth] require digest uri= match original URI
[mod_auth] Authentication-Info: nextnonce=…
[mod_auth] http_auth_const_time_memeq_pad()
[mod_auth] http_auth_const_time_memeq()
[build] PGSQL_CFLAGS with pkg-config for postgres
[core] avoid freeaddrinfo() on NULL ptr
[core] reject WS following header field-name
[core] reject Transfer-Encoding + Content-Length
[mod_openssl] reject invalid ALPN
[mod_accesslog] parse multiple cookies
[core] Oracle Solaris does not have POLLRDHUP
[multiple] address coverity warnings
[core] preserve %2b and %2B in query string
[core] fall back to accept() if accept4() EPERM
[mod_auth] close connection after bad password
[core] do not accept() > server.max-connections
[core] save errno before logging if execve() fails
[config] update /var/run → /run for systemd
[core] Solaris has getloadavg in sys/loadavg.h
[build] Fix build when using nested CMake
[core] fix one-byte OOB read (underflow)
|
|
|
|
lighttpd uses the USR1 signal to reload config files as pointed out in
PR pkg/54295. Tested and it works.
Closes PR pkg/54295 .
|
|
Fix build break on illumos, taken from upstream.
|
|
pkglint -Wall -F --only aligned --only indent -r
Manually excluded phraseanet since pkglint got the indentation wrong.
|
|
|
|
pkgsrc changes:
Replace use of legacy GeoIP library with libmaxminddb.
Uses a different module.
Changes:
Highlights
behavior change: strict URL parsing and normalization (configurable)
behavior change: mod_webdav now rejects partial PUT (configurable)
mod_auth: HTTP Auth Digest algorithm=SHA-256
mod_webdav: major rewrite: robustness, performance, RFC compliance
mod_maxminddb: new; obsoletes discontinued mod_geoip
Changes from 1.4.53
[mod_evhost] handle IPv6 literal addr; add tests
[core] separate server_main_loop() func, mark hot
[core] mark startup/shutdown funcs cold
[core] some server_main_loop() cleanup
[core] fdevent_process()
[core] srv→max_fds_lowat and srv→max_fds_hiwat
[core] remove server.h
[mod_staticfile] search ext array if not empty
[core] store joblist pointer on stack
[core] quickly clear request buffer for reuse
[core] helper funcs for connection_state_machine()
[core] perf: optimize connection_read_header()
[core] parse request in connection_read_header()
[core] log_request_header_on_error in one place
[core] copy request only if might need for logging
[core] make parse_request,request.request same buf
[core] prefer buffer_caseless_compare()
[core] pass req hdrs buffer to http_request_parse
[core] replace con→response.keep_alive
[core] mark log_error_write*() funcs cold
[core] http_request_parse() mark error paths cold
[core] lift code out of request line parse loop
[core] get_http_method_key() match by strlen first
[core] RFC7230 HTTP-version parse
[mod_accesslog] attempt to reconstruct req line
[multiple] minor: remove duplicated conditions
[mod_deflate] honor request for x-gzip, x-bzip2
[mod_auth] minor: adjust config validation
[core] discard oversized trailers
[core] no keep-alive if POLLRDHUP,empty read queue
[core] fix gw_backend spelling of directive in err
[multiple] reduce code dup in list resizing
[core] con→is_ssl_sock
[core] connection_handle_write() updates con state
[core] skip plugins_call_cleanup if not init’ed
[core] simpler loops to run plugin hooks
[core] fix mixed use of srv→split_vals array (fixes #2932)
[core] dispatch events from within event framework
[core] don’t call fd event handlers more than once, they might already be gone (fixes segfault)
[core] poll: fdarray uses fd as index, not fde_ndx
[core] map FDEVENT_* to OS system event frameworks
[core] prefer memchr() over strchr()
[core] use openssl to read,discard request body
[mod_openssl] inherit cipherlist from global scope
[mod_openssl] default: ssl.cipher-list = “HIGH”
[mod_proxy] pass Content-Length to backend if > 0
[core] config option to allow GET w/ request body
[core] some fdevent code streamlining
[core] remove fde_ndx member outside fdevents
[core] remove redundant check for allow_http11
[mod_openssl] use 16k static buffer instead of 64k
[core] pull server load checks out of main loop
[core] isolate fdevent processing
[core] release empty chunk buf when nothing read
[core] perf: pass (fdnode *) to epoll and kqueue
[core] modify config parser to handle multiple }
[core] pass (fdnode *) for registered fdevent fd
[mod_auth] http_auth_digest_hex2bin()
[mod_auth] http_auth_info_t digest abstraction
[mod_auth] pass http_auth_require_t for 401 Unauth
[core] no SOCK_NONBLOCK on QNX 7.0
[mod_auth] HTTP Auth Digest algorithm=SHA-256
[core] silence coverity warning
[mod_magnet] fix invalid script return-type crash (fixes #2938)
[build] remove -Wdeclaration-after-statement
[core] pass conf.follow_symlink in more places
[core] fix assertion with server.error-handler (fixes #2941)
[core] extend dir redirection to take HTTP status
[doc] minor adjust create-mime.conf.pl regex match (#2942)
[core] attribute((fallthrough)) for GCC 7.0
[core] fdevent_mkstemp_append() (shared)
[core] off_t upload_temp_file_size
[core] clear FDEVENT_RDHUP if no POLLRDHUP
[mod_wstunnel] fix ping-interval for big-endian (fixes #2944)
[core] fix abort in http-parseopts (fixes #2945)
[core] remove repeated slashes in http-parseopts
[core] fix 1.4.52 regression in mem use with POST (fixes #2948)
[multiple] cleaner calloc use in SETDEFAULTS_FUNC
[core] add const to some etag prototypes
[core] attribute((format …))
[core] struct log_error_st for error logging
[core] log_error, log_perror using printf-like fmt
[core] new worker_init hook to follow parent fork
[core] replace open() with fdevent_open_cloexec()
[mod_webdav] major rewrite (fixes #1818)
[core] 200 for OPTIONS /non-existent/path HTTP/1.1 (fixes #2939)
[mod_webdav] surround Lock-Token with “<…>”
[mod_webdav] fix uuid detection macro
[mod_webdav] fix misbehavior on blank nodes in PROPPATCH
[mod_webdav] clean up resources after do{}while(0)
[mod_webdav] check If-Match, If-Unmodified-Since (#1818)
[mod_webdav] deprecated unsafe partial PUT compat
[mod_webdav] provide ETag in more responses
[mod_webdav] platform portability fixes
[mod_webdav] disable elftc_copyfile() on FreeBSD
[mod_webdav] special-case If: ()
[mod_webdav] check If-None-Match (#1818)
[stat_cache] separate func for symlink policy chk
[stat_cache] separate symlink pol from data struct
[stat_cache] store entries without trailing slash
[stat_cache] pass age param for stat cache cleanup
[stat_cache] remove splaytree ins/del debug code
[stat_cache] FAM: reduce string copying
[stat_cache] FAM: check FAMNextEvent() return code
[stat_cache] FAM: use entry hash index as userdata
[stat_cache] FAM: improve handling modified file
[stat_cache] FAM: ignore follow-symlink config
[stat_cache] FAM: check hash collision before add
[stat_cache] FAM: ignore event with no valid match
[stat_cache] FAM: funcs to invalidate entries
[stat_cache] interfaces to invalidate entries
[mod_webdav] update stat_cache after file mod
[core] use high precision stat timestamp in etag
[scons] adjustment for static build under CentOS
[core] emit trace using path before clearing path
[core] http_chunk_append_file_fd()
[multiple] open target file earlier in some cases
[stat_cache] no longer stat() and open() for stat
[stat_cache] FAM: improve monitoring, cache 16 sec
[stat_cache] FAM: separate routine for FDEVENT_IN
[stat_cache] FAM: whitespace-only change
[mod_webdav] quiet coverity warnings
[doc] highlight relevance of module load order (fixes #2946)
[core] behavior change: stricter URL normalization
[stat_cache] fix compilation error for cmake
[cmake] help cmake on FreeBSD find sys/event.h
[scons] help scons on FreeBSD find sys/event.h
[build] detect FreeBSD elftc_copyfile()
[mod_openssl] use SSL_CTX_set_client_hello_cb()
[core] support weak etags with If-None-Match
[core] store log_state_handling flag on stack
[core] check if splay_tree NULL before invalidate
[mod_webdav] workaround Microsoft-WebDAV-MiniRedir
[mod_webdav] doc Microsoft-WebDAV-MiniRedir bugs
[mod_webdav] invalidate parent dir in stat_cache
[doc] systemd socket activation config example
[core] chunkqueue perf: code reuse
[core] chunkqueue perf: specialized buffer.h funcs
[core] chunkqueue perf: skip opening 0-length file
[core] chunkqueue perf: read small files into mem
[core] buffer_reset() should not be passed NULL
[tests] has_feature() helper func
[tests] skip mod-secdownload HMAC-SHA1,HMAC-SHA256
[core] use high precision stat timestamp on OS X
[mod_magnet] expose server addr (local IP) to lua
[core] adjust http_chunk read() retry loop
[mod_maxminddb] MaxMind GeoIP2 support
[mod_authn_ldap] ldap_set_option LDAP_OPT_RESTART (fixes #2940)
|
|
|
|
|
|
* [mod_cml,mod_flv_streaming] fix NULL ptr deref
* [mod_simple_vhost] t/test_mod_simple_vhost
* [mod_evhost] split uri handler func for testing
* [mod_evhost] restructure for unit tests
* [mod_evhost] t/test_mod_evhost
* [mod_access] restructure for unit tests
* [mod_access] t/test_mod_access
* [tests] include first.h and NDEBUG early
* [core] use kill_signal for gw_proc_kill()
* [tests] t/test_keyvalue
* [tests] some test config cleanup
* [tests] update skip count in mod-fastcgi.t
* [multiple] reduce initial buffer sz if large POST (fixes #2922)
* [mod_fastcgi] fix NULL ptr deref from bugfix #2922 (fixes #2923)
* [tests] more test config cleanup
* [core] perf: incremental hash of pathname w/o copy
* [core] perf: reuse buffer to redirect to directory
* [core] do not free() reused buffer
* [core] use connected sock port in dir redirect
* [core] http_response_buffer_append_authority()
* [core] use con->server_name for dir redir
* [core] memeq compare rounded to 64, not next 1M
* [core] define MD5_DIGEST_LENGTH 16
* [mod_auth] permit additional auth backends to load
* [core] send Connection: close if reqbody not read (fixes #2924)
* [core] cache rev DNS for localhost for dir redir
* [doc/conf] resolve some mime type conflicts from debian buster,
regenerate mime.conf
* [core] move winsock init to network_init()
* [core] move /dev/stdin graceful restart handling
* [core] network_srv_sockets_append() shared code
* [core] systemd socket activation support
* [build] autotools: try mysqlclient.pc and mariadb.pc (fixes #2925)
* [mod_expire] look up expire fallback "" explicitly
* [multiple] calloc match ptr type (clang --analyze)
* [multiple] quiet clang --analyze where trivial
* [mod_webdav] compare COPY, MOVE Destination scheme
* [core] con->uri.scheme is maintained lowercase
* [mod_openssl] ALPN and acme-tls/1 (fixes #2931)
* [core] Fix recursive include_shell invocations
* [mod_openssl] ssl.privkey directive (optional)
|
|
|
|
- 1.4.52 - 2018-11-28
* [mysql] MySQL 8 deprecates my_bool
* [core] typo in trace
* [build] Fix unportable test(1) operator
* [core] perf: call connection_reset() fewer times
* [core] perf: array_reset_data_strings()
* [core] perf: buffer_free_ptr() __attribute__ cold
* [core] perf: one-element cache for host normalize
* [core] perf: buffer_copy_string_len()
* [core] perf: skip redundant prepare copy calls
* [core] perf: buffer_align_size() identity if align
* [core] perf: size write buffers for reuse
* [core] perf: prepend headers directly into write q
* [core] perf: copy small strings; better buf reuse
* [core] perf: copy small strings; extend last chunk
* [core] perf: specialized func for array sorting
* [core] perf: append response directly into write q
* [core] perf: better buf reuse reading from backend
* [core] chunk.c code reuse
* [multiple] perf: write headers to backend write cq
* [multiple] perf: power-2 alloc large headers
* [multiple] perf: use larger initial backend buffer
* [core] permit env vars to be set with blank value
* [mod_fastcgi] perf: reduce data copies
* [mod_fastcgi] perf: reduce data copies
* [core] perf: chunk.c chunk pool
* [multiple] perf: reuse large buffers w/ backend
* [multiple] better packing of struct chunk
* [core] perf: inline buffer_append_string_buffer()
* [core] slightly simpler flag append to string
* [mod_cgi] perf: reuse buffers for creating CGI env
* [mod_fastcgi,mod_scgi] perf: env accumulation
* [core] Don't call RAND_cleanup with OpenSSL 1.1.x
* [mod_openssl] move SSL_shutdown() to separate func
* [mod_openssl] SSL_read before second SSL_shutdown
* [mod_cgi] perf: use stat_cache for cgi handler
* [mod_openssl] prefer using TLS_server_method()
* [mod_webdav] return 403 if file should exist
* [core] perf: chunkqueue buffers already sized up
* [core] perf: simpler buffer_string_space()
* [multiple] dynamic handlers hint backend header sz
* [core] use chunk_buf_sz instead of hard-coded num
* [multiple] perf: simplify chunkqueue_get_memory()
* [mod_wstunnel] perf: reuse large buffers
* [mod_cgi] perf: cache getenv() results at start up
* [core] fix 301 -> 302 overwrite with Location (fixes #2918)
* [core] fix setting of headers previously reset (fixes #2919)
* [mod_webdav] quiet coverity false positive
* [core] server.compat-module-load = "disable"
* [core] server.chunkqueue-chunk-sz = 4096
* [core] perf: simpler buffer_string_space() (fixed)
* [core] perf: faster HTTP pipelined requests
* [core] perf: simpler buffer_string_space() (tests)
* [mod_cgi] reset reused buffer on internal redir
* [core] clear chunk buffer upon release
* [mod_fastcgi] minor: copy packet without padding
* [mod_redirect,mod_rewrite] use server_name
* [mod_fastcgi] transfer chunks minus packet padding
* [core] separate func to reset FILE_CHUNK
* [core] perf: simple, quick buffer_clear()
* [core] perf: small improvement to encoding CGI var
* [core] perf: small improvement buffer_string_space
* [core] simpler physical path concatenation
* [mod_webdav] fix LOCK on incorrect URI path
* [mod_webdav] one fewer buffer copy for COPY,MOVE
* [core] perf: simplify buffer_move()
* [mod_cml] parse query string without modifying it
* [core] perf: buffer optimizations
* [mod_wstunnel] use buffer_string_length()
* [core] perf: inline buffer_copy_buffer()
* [core] cygwin helper func for getcwd
* [core] cygwin sample to run lighttpd under NSSM
* [core] limit con->uri.authority < 1024 octets
* [mod_webdav] separate func for each request method
* [core] reject decoded url-path without leading '/'
* [multiple] validate UTF-8 in url-decoded paths
* [mod_proxy] silence coverity false positive
* [core] fix typo
* [core] buffer_append_path_len()
* [core] quiet indexfile warning if mod not loaded
|
|
- 1.4.51 - 2018-10-14
* [core] split parsing header line into separate function
* [core] explicitly return 0 instead of constant result
* [core] header parsing: use goto for error handling
* [core,security] process headers after combining folded headers
* [core] replace folding whitespace with a single space
* [buffer] fix duplicate assert and comment
* [core] redo HTTP header line folding
* [core] parse header line strings before copying
* [core] abstraction to insert/modify response hdrs
* [core] code reuse with array_insert_key_value()
* [core] simplify parsing hdr key whitespace then :
* [core] http_request_parse_reqline() separate func
* [core] abstraction layer for HTTP header manip
* [core] code reuse with http_response_body_clear()
* [mod_proxy] fix proxy.forwarded and proxy.replace-http-host (fixes #2902)
* [mod_rewrite] fix url.rewrite-repeat and url.rewrite-if-not-file (fixes #2908)
* [core] fastcgi.h link to Open Market License (OML) (fixes #2901)
* [mod_proxy,mod_wstunnel] copy full plugin_config (fixes #2903)
* [mod_fastcgi,mod_scgi] error on oversized request (fixes #2905)
* [mod_auth] send 401 for mismatch HTTP auth scheme (fixes #2906)
* [core] code reuse array_match_*() routines
* [mod_skeleton] review and simplify
* [multiple] code reuse: employ array_match_*()
* [doc] lighttpd.service uses network-online.target
* [mod_flv_streaming] code simplifications
* [mod_authn_pam] mod_auth PAM support (fixes #688)
* [mod_sockproxy] add to build
* [core] fix include_shell on inline shell commands (fixes #2910)
* [multiple] code reuse: using array_*() funcs
* [tests] t/test_array.c
* [core] array_get_int_ptr()
* [core] more memory-efficient fn table for data_*
* [tests] #undef NDEBUG before assert.h in t/test_*
* [core] inline status_counter routines
* [core] log_failed_assert() __attribute__((cold))
* [core] http_status_append()
* [core] http_method_append()
* [core] prefer buffer_append_string_len()
* [build] fix SCons build for mod_authn_pam
* [mod_userdir] security: skip username "." and ".."
* [mod_deflate] null-check to quiet coverity warning
* [core] quiet coverity false positive
* [multiple] quiet compiler warnings --without-pcre
* [mod_secdownload] support if HMAC() is a macro
* [TLS] sys-crypto.h abstraction
* [TLS] sys-crypto.h abstraction
* [build] put request.c in common src
* [meson] build fixes for libmariadb and libsasl2
* [core] PATH_INFO calculation when basedir is "/" (fixes #2911)
* [core] better consistency in buffer_is_equal*()
* [core] fix missing param from prev commit
* [mod_openssl] no renegotiation in TLS 1.3 (fixes #2912)
* [core] reject Transfer-Encoding from proxy (#2913)
* [mod_auth] use SHA1_Init,Update,Final
* [mod_openssl] add support for wolfSSL
* [build] automake support for wolfSSL
* [build] SCons support for wolfSSL
* [build] meson support for wolfSSL
* [build] CMake support for wolfSSL
* [core] perf: buffer.c internal inlines
* [mod_openssl] wolfSSL does not support SSLv2
* [core] perf: buffer_string_append_len()
* [core] permit server.error_handler to static file
|
|
- 1.4.50 - 2018-08-13
* [mod_extforward] allow explict IPs to be untrusted (#2860)
* [core] fix crash if 'host' empty in config (fixes #2876)
* [mod_magnet] fix regression in lighty.stat (fixes #2877)
* [core] minor code cleanup in gw_recv_response()
* [core] fix rare race condition from backends (fixes #2878)
* [mod_proxy] fix segfault in Set-Cookie reverse map (fixes #2879)
* [core] fdevent_accept_listenfd() nonblock cloexec
* [build] remove m4 AC_PATH_PROG for PKG_CONFIG
* [core] some header cleanup
* [mod_wstunnel] better Sec-WebSocket-Protocol parse
* [mod_magnet] code reuse
* [mod_magnet] reduce buffer copies
* [mod_fastcgi,mod_scgi] fastcgi.balance,scgi.balance (fixes #2882)
* [core] check if SOCK_NONBLOCK is ignored (fixes #2883)
* [core] buffer_append_string_encoded_hex_lc()
* [core] more efficient hex2int()
* [mod_secdownload] compare bin MAC instead of hex
* [core] li_tohex_lc() explicitly uses lc hex chars
* [core] buffer_append_uint_hex_lc() uses lc hex
* [core] buffer_append_string_encoded() uc hex
* [tests] reduce test_base64 brute force tests
* [tests] remove test_buffer output, except on error
* [core] check for continuation in server.tag
* [core] CONNECT must be handled before fs hooks
* [mod_redirect, mod_rewrite] code reuse (sharing)
* [core] data_config_pcre_compile,exec()
* [tests] test_request unit tests
* [core] http_kv.[ch] method, status, version str
* [core] remove unused get_http_status_body_name()
* [core] remove proc_open.[ch], reduce stdio.h use
* [tests] move src/test_*.c to src/t/
* [core] server.http-parseopts URL normalization opt (fixes #1720)
* [core] inline some buffer.[ch] routines
* [core] remove some duplicative code in log.c
* [core] debug server.log-request-header-on-error
* [mod_redirect,mod_rewrite] short-circuit earlier
* [core] fix buffer_to_upper()
* [mod_cgi] handle CGI partial response header write
* [mod_redirect,mod_rewrite] pass request URI info
* [mod_redirect,mod_rewrite] encoding options (fixes #443, fixes #911)
* [mod_redirect,mod_rewrite] fix segfault w/ invalid syntax (fixes #2892)
* [mod_fastcgi] fix memleak with FastCGI auth,resp (fixes #2894)
* [mod_alias] security: potential path traversal with specific configs
* [mod_wstunnel] quiet 32-bit compiler warnings
* [core] POLLRDHUP handling for transparent proxying
* [mod_redirect,mod_rewrite] support up to 19 match
* [core] add missing includes to quiet compiler warn
* [mod_redirect,mod_rewrite] base64url encoding opt
* [mod_rewrite] require rewrite result to begin '/'
* [core] security: use-after-free invalid Range req
* [core] reset var if FAMMonitorDirectory() fails
* [core] option to propagate TCP FIN to backend host
* mod_sockproxy - socket forwarding
* [core] workaround Coverity cov-build bug with gcc7
* [build] add missing file for test_burl
* [core] quell insignificant coverity warning
* [core] extend server.http-parseopts
|
|
|
