| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
|
|
|
|
patch-src_fdevent__solaris__port.c was removed since what it solves is fixed
in this version.
Changes from 1.4.54
[core] fix compile error on Solaris
[core] attribute_pure
[core] array-specialized buffer_caseless_compare()
[core] specialized buffer_eq_*() for short strings
[core] mark some more funcs w/ attribute_pure
[core] use buffer_eq_icase* funcs
[multiple] replace strcasecmp() on short strings
[core] mark some more funcs w/ attribute_pure
[mod_webdav] fix startup crash w/ multiple conds
[core] cold func http_response_omit_header()
[core] use buffer_eq_icase_ssn func
[core] use buffer_eq_icase_ssn func
[core] correct attribute_pure syntax
[core] allocate unix socket paths with SUN_LEN()+1
Use explicit_memset from NetBSD if available for safe_memclear
Also use explicit_memset (NetBSD) with cmake, scons and meson
[cmake]: enable CMAKE_POSITION_INDEPENDENT_CODE by default
[core] improve http_headers[] data struct packing
[core] fdevent_poll() is effective periodic timer
[core] move con state handling to connections*.c
[core] issue config error for invalid ‘:’
[mod_deflate] fix choose encoding parse error
[core] retry on some fdevent set/del temporary err
[core] disable stat_cache FAM if FAM conn closed
[mod_auth] http_auth_const_time_memeq improvement
[build] prefer pkg-config for postgres
[mod_authn_gssapi] 500 if fail to delegate creds
[mod_authn_gssapi] option to store delegated creds
[mod_webdav] fix file uploads > 128M
[mod_auth] do not use quoted-string for algorithm
[mod_auth] require digest uri= match original URI
[mod_auth] Authentication-Info: nextnonce=…
[mod_auth] http_auth_const_time_memeq_pad()
[mod_auth] http_auth_const_time_memeq()
[build] PGSQL_CFLAGS with pkg-config for postgres
[core] avoid freeaddrinfo() on NULL ptr
[core] reject WS following header field-name
[core] reject Transfer-Encoding + Content-Length
[mod_openssl] reject invalid ALPN
[mod_accesslog] parse multiple cookies
[core] Oracle Solaris does not have POLLRDHUP
[multiple] address coverity warnings
[core] preserve %2b and %2B in query string
[core] fall back to accept() if accept4() EPERM
[mod_auth] close connection after bad password
[core] do not accept() > server.max-connections
[core] save errno before logging if execve() fails
[config] update /var/run → /run for systemd
[core] Solaris has getloadavg in sys/loadavg.h
[build] Fix build when using nested CMake
[core] fix one-byte OOB read (underflow)
|
|
|
|
lighttpd uses the USR1 signal to reload config files as pointed out in
PR pkg/54295. Tested and it works.
Closes PR pkg/54295 .
|
|
Fix build break on illumos, taken from upstream.
|
|
pkglint -Wall -F --only aligned --only indent -r
Manually excluded phraseanet since pkglint got the indentation wrong.
|
|
|
|
pkgsrc changes:
Replace use of legacy GeoIP library with libmaxminddb.
Uses a different module.
Changes:
Highlights
behavior change: strict URL parsing and normalization (configurable)
behavior change: mod_webdav now rejects partial PUT (configurable)
mod_auth: HTTP Auth Digest algorithm=SHA-256
mod_webdav: major rewrite: robustness, performance, RFC compliance
mod_maxminddb: new; obsoletes discontinued mod_geoip
Changes from 1.4.53
[mod_evhost] handle IPv6 literal addr; add tests
[core] separate server_main_loop() func, mark hot
[core] mark startup/shutdown funcs cold
[core] some server_main_loop() cleanup
[core] fdevent_process()
[core] srv→max_fds_lowat and srv→max_fds_hiwat
[core] remove server.h
[mod_staticfile] search ext array if not empty
[core] store joblist pointer on stack
[core] quickly clear request buffer for reuse
[core] helper funcs for connection_state_machine()
[core] perf: optimize connection_read_header()
[core] parse request in connection_read_header()
[core] log_request_header_on_error in one place
[core] copy request only if might need for logging
[core] make parse_request,request.request same buf
[core] prefer buffer_caseless_compare()
[core] pass req hdrs buffer to http_request_parse
[core] replace con→response.keep_alive
[core] mark log_error_write*() funcs cold
[core] http_request_parse() mark error paths cold
[core] lift code out of request line parse loop
[core] get_http_method_key() match by strlen first
[core] RFC7230 HTTP-version parse
[mod_accesslog] attempt to reconstruct req line
[multiple] minor: remove duplicated conditions
[mod_deflate] honor request for x-gzip, x-bzip2
[mod_auth] minor: adjust config validation
[core] discard oversized trailers
[core] no keep-alive if POLLRDHUP,empty read queue
[core] fix gw_backend spelling of directive in err
[multiple] reduce code dup in list resizing
[core] con→is_ssl_sock
[core] connection_handle_write() updates con state
[core] skip plugins_call_cleanup if not init’ed
[core] simpler loops to run plugin hooks
[core] fix mixed use of srv→split_vals array (fixes #2932)
[core] dispatch events from within event framework
[core] don’t call fd event handlers more than once, they might already be gone (fixes segfault)
[core] poll: fdarray uses fd as index, not fde_ndx
[core] map FDEVENT_* to OS system event frameworks
[core] prefer memchr() over strchr()
[core] use openssl to read,discard request body
[mod_openssl] inherit cipherlist from global scope
[mod_openssl] default: ssl.cipher-list = “HIGH”
[mod_proxy] pass Content-Length to backend if > 0
[core] config option to allow GET w/ request body
[core] some fdevent code streamlining
[core] remove fde_ndx member outside fdevents
[core] remove redundant check for allow_http11
[mod_openssl] use 16k static buffer instead of 64k
[core] pull server load checks out of main loop
[core] isolate fdevent processing
[core] release empty chunk buf when nothing read
[core] perf: pass (fdnode *) to epoll and kqueue
[core] modify config parser to handle multiple }
[core] pass (fdnode *) for registered fdevent fd
[mod_auth] http_auth_digest_hex2bin()
[mod_auth] http_auth_info_t digest abstraction
[mod_auth] pass http_auth_require_t for 401 Unauth
[core] no SOCK_NONBLOCK on QNX 7.0
[mod_auth] HTTP Auth Digest algorithm=SHA-256
[core] silence coverity warning
[mod_magnet] fix invalid script return-type crash (fixes #2938)
[build] remove -Wdeclaration-after-statement
[core] pass conf.follow_symlink in more places
[core] fix assertion with server.error-handler (fixes #2941)
[core] extend dir redirection to take HTTP status
[doc] minor adjust create-mime.conf.pl regex match (#2942)
[core] attribute((fallthrough)) for GCC 7.0
[core] fdevent_mkstemp_append() (shared)
[core] off_t upload_temp_file_size
[core] clear FDEVENT_RDHUP if no POLLRDHUP
[mod_wstunnel] fix ping-interval for big-endian (fixes #2944)
[core] fix abort in http-parseopts (fixes #2945)
[core] remove repeated slashes in http-parseopts
[core] fix 1.4.52 regression in mem use with POST (fixes #2948)
[multiple] cleaner calloc use in SETDEFAULTS_FUNC
[core] add const to some etag prototypes
[core] attribute((format …))
[core] struct log_error_st for error logging
[core] log_error, log_perror using printf-like fmt
[core] new worker_init hook to follow parent fork
[core] replace open() with fdevent_open_cloexec()
[mod_webdav] major rewrite (fixes #1818)
[core] 200 for OPTIONS /non-existent/path HTTP/1.1 (fixes #2939)
[mod_webdav] surround Lock-Token with “<…>”
[mod_webdav] fix uuid detection macro
[mod_webdav] fix misbehavior on blank nodes in PROPPATCH
[mod_webdav] clean up resources after do{}while(0)
[mod_webdav] check If-Match, If-Unmodified-Since (#1818)
[mod_webdav] deprecated unsafe partial PUT compat
[mod_webdav] provide ETag in more responses
[mod_webdav] platform portability fixes
[mod_webdav] disable elftc_copyfile() on FreeBSD
[mod_webdav] special-case If: ()
[mod_webdav] check If-None-Match (#1818)
[stat_cache] separate func for symlink policy chk
[stat_cache] separate symlink pol from data struct
[stat_cache] store entries without trailing slash
[stat_cache] pass age param for stat cache cleanup
[stat_cache] remove splaytree ins/del debug code
[stat_cache] FAM: reduce string copying
[stat_cache] FAM: check FAMNextEvent() return code
[stat_cache] FAM: use entry hash index as userdata
[stat_cache] FAM: improve handling modified file
[stat_cache] FAM: ignore follow-symlink config
[stat_cache] FAM: check hash collision before add
[stat_cache] FAM: ignore event with no valid match
[stat_cache] FAM: funcs to invalidate entries
[stat_cache] interfaces to invalidate entries
[mod_webdav] update stat_cache after file mod
[core] use high precision stat timestamp in etag
[scons] adjustment for static build under CentOS
[core] emit trace using path before clearing path
[core] http_chunk_append_file_fd()
[multiple] open target file earlier in some cases
[stat_cache] no longer stat() and open() for stat
[stat_cache] FAM: improve monitoring, cache 16 sec
[stat_cache] FAM: separate routine for FDEVENT_IN
[stat_cache] FAM: whitespace-only change
[mod_webdav] quiet coverity warnings
[doc] highlight relevance of module load order (fixes #2946)
[core] behavior change: stricter URL normalization
[stat_cache] fix compilation error for cmake
[cmake] help cmake on FreeBSD find sys/event.h
[scons] help scons on FreeBSD find sys/event.h
[build] detect FreeBSD elftc_copyfile()
[mod_openssl] use SSL_CTX_set_client_hello_cb()
[core] support weak etags with If-None-Match
[core] store log_state_handling flag on stack
[core] check if splay_tree NULL before invalidate
[mod_webdav] workaround Microsoft-WebDAV-MiniRedir
[mod_webdav] doc Microsoft-WebDAV-MiniRedir bugs
[mod_webdav] invalidate parent dir in stat_cache
[doc] systemd socket activation config example
[core] chunkqueue perf: code reuse
[core] chunkqueue perf: specialized buffer.h funcs
[core] chunkqueue perf: skip opening 0-length file
[core] chunkqueue perf: read small files into mem
[core] buffer_reset() should not be passed NULL
[tests] has_feature() helper func
[tests] skip mod-secdownload HMAC-SHA1,HMAC-SHA256
[core] use high precision stat timestamp on OS X
[mod_magnet] expose server addr (local IP) to lua
[core] adjust http_chunk read() retry loop
[mod_maxminddb] MaxMind GeoIP2 support
[mod_authn_ldap] ldap_set_option LDAP_OPT_RESTART (fixes #2940)
|
|
|
|
|
|
* [mod_cml,mod_flv_streaming] fix NULL ptr deref
* [mod_simple_vhost] t/test_mod_simple_vhost
* [mod_evhost] split uri handler func for testing
* [mod_evhost] restructure for unit tests
* [mod_evhost] t/test_mod_evhost
* [mod_access] restructure for unit tests
* [mod_access] t/test_mod_access
* [tests] include first.h and NDEBUG early
* [core] use kill_signal for gw_proc_kill()
* [tests] t/test_keyvalue
* [tests] some test config cleanup
* [tests] update skip count in mod-fastcgi.t
* [multiple] reduce initial buffer sz if large POST (fixes #2922)
* [mod_fastcgi] fix NULL ptr deref from bugfix #2922 (fixes #2923)
* [tests] more test config cleanup
* [core] perf: incremental hash of pathname w/o copy
* [core] perf: reuse buffer to redirect to directory
* [core] do not free() reused buffer
* [core] use connected sock port in dir redirect
* [core] http_response_buffer_append_authority()
* [core] use con->server_name for dir redir
* [core] memeq compare rounded to 64, not next 1M
* [core] define MD5_DIGEST_LENGTH 16
* [mod_auth] permit additional auth backends to load
* [core] send Connection: close if reqbody not read (fixes #2924)
* [core] cache rev DNS for localhost for dir redir
* [doc/conf] resolve some mime type conflicts from debian buster,
regenerate mime.conf
* [core] move winsock init to network_init()
* [core] move /dev/stdin graceful restart handling
* [core] network_srv_sockets_append() shared code
* [core] systemd socket activation support
* [build] autotools: try mysqlclient.pc and mariadb.pc (fixes #2925)
* [mod_expire] look up expire fallback "" explicitly
* [multiple] calloc match ptr type (clang --analyze)
* [multiple] quiet clang --analyze where trivial
* [mod_webdav] compare COPY, MOVE Destination scheme
* [core] con->uri.scheme is maintained lowercase
* [mod_openssl] ALPN and acme-tls/1 (fixes #2931)
* [core] Fix recursive include_shell invocations
* [mod_openssl] ssl.privkey directive (optional)
|
|
|
|
- 1.4.52 - 2018-11-28
* [mysql] MySQL 8 deprecates my_bool
* [core] typo in trace
* [build] Fix unportable test(1) operator
* [core] perf: call connection_reset() fewer times
* [core] perf: array_reset_data_strings()
* [core] perf: buffer_free_ptr() __attribute__ cold
* [core] perf: one-element cache for host normalize
* [core] perf: buffer_copy_string_len()
* [core] perf: skip redundant prepare copy calls
* [core] perf: buffer_align_size() identity if align
* [core] perf: size write buffers for reuse
* [core] perf: prepend headers directly into write q
* [core] perf: copy small strings; better buf reuse
* [core] perf: copy small strings; extend last chunk
* [core] perf: specialized func for array sorting
* [core] perf: append response directly into write q
* [core] perf: better buf reuse reading from backend
* [core] chunk.c code reuse
* [multiple] perf: write headers to backend write cq
* [multiple] perf: power-2 alloc large headers
* [multiple] perf: use larger initial backend buffer
* [core] permit env vars to be set with blank value
* [mod_fastcgi] perf: reduce data copies
* [mod_fastcgi] perf: reduce data copies
* [core] perf: chunk.c chunk pool
* [multiple] perf: reuse large buffers w/ backend
* [multiple] better packing of struct chunk
* [core] perf: inline buffer_append_string_buffer()
* [core] slightly simpler flag append to string
* [mod_cgi] perf: reuse buffers for creating CGI env
* [mod_fastcgi,mod_scgi] perf: env accumulation
* [core] Don't call RAND_cleanup with OpenSSL 1.1.x
* [mod_openssl] move SSL_shutdown() to separate func
* [mod_openssl] SSL_read before second SSL_shutdown
* [mod_cgi] perf: use stat_cache for cgi handler
* [mod_openssl] prefer using TLS_server_method()
* [mod_webdav] return 403 if file should exist
* [core] perf: chunkqueue buffers already sized up
* [core] perf: simpler buffer_string_space()
* [multiple] dynamic handlers hint backend header sz
* [core] use chunk_buf_sz instead of hard-coded num
* [multiple] perf: simplify chunkqueue_get_memory()
* [mod_wstunnel] perf: reuse large buffers
* [mod_cgi] perf: cache getenv() results at start up
* [core] fix 301 -> 302 overwrite with Location (fixes #2918)
* [core] fix setting of headers previously reset (fixes #2919)
* [mod_webdav] quiet coverity false positive
* [core] server.compat-module-load = "disable"
* [core] server.chunkqueue-chunk-sz = 4096
* [core] perf: simpler buffer_string_space() (fixed)
* [core] perf: faster HTTP pipelined requests
* [core] perf: simpler buffer_string_space() (tests)
* [mod_cgi] reset reused buffer on internal redir
* [core] clear chunk buffer upon release
* [mod_fastcgi] minor: copy packet without padding
* [mod_redirect,mod_rewrite] use server_name
* [mod_fastcgi] transfer chunks minus packet padding
* [core] separate func to reset FILE_CHUNK
* [core] perf: simple, quick buffer_clear()
* [core] perf: small improvement to encoding CGI var
* [core] perf: small improvement buffer_string_space
* [core] simpler physical path concatenation
* [mod_webdav] fix LOCK on incorrect URI path
* [mod_webdav] one fewer buffer copy for COPY,MOVE
* [core] perf: simplify buffer_move()
* [mod_cml] parse query string without modifying it
* [core] perf: buffer optimizations
* [mod_wstunnel] use buffer_string_length()
* [core] perf: inline buffer_copy_buffer()
* [core] cygwin helper func for getcwd
* [core] cygwin sample to run lighttpd under NSSM
* [core] limit con->uri.authority < 1024 octets
* [mod_webdav] separate func for each request method
* [core] reject decoded url-path without leading '/'
* [multiple] validate UTF-8 in url-decoded paths
* [mod_proxy] silence coverity false positive
* [core] fix typo
* [core] buffer_append_path_len()
* [core] quiet indexfile warning if mod not loaded
|
|
- 1.4.51 - 2018-10-14
* [core] split parsing header line into separate function
* [core] explicitly return 0 instead of constant result
* [core] header parsing: use goto for error handling
* [core,security] process headers after combining folded headers
* [core] replace folding whitespace with a single space
* [buffer] fix duplicate assert and comment
* [core] redo HTTP header line folding
* [core] parse header line strings before copying
* [core] abstraction to insert/modify response hdrs
* [core] code reuse with array_insert_key_value()
* [core] simplify parsing hdr key whitespace then :
* [core] http_request_parse_reqline() separate func
* [core] abstraction layer for HTTP header manip
* [core] code reuse with http_response_body_clear()
* [mod_proxy] fix proxy.forwarded and proxy.replace-http-host (fixes #2902)
* [mod_rewrite] fix url.rewrite-repeat and url.rewrite-if-not-file (fixes #2908)
* [core] fastcgi.h link to Open Market License (OML) (fixes #2901)
* [mod_proxy,mod_wstunnel] copy full plugin_config (fixes #2903)
* [mod_fastcgi,mod_scgi] error on oversized request (fixes #2905)
* [mod_auth] send 401 for mismatch HTTP auth scheme (fixes #2906)
* [core] code reuse array_match_*() routines
* [mod_skeleton] review and simplify
* [multiple] code reuse: employ array_match_*()
* [doc] lighttpd.service uses network-online.target
* [mod_flv_streaming] code simplifications
* [mod_authn_pam] mod_auth PAM support (fixes #688)
* [mod_sockproxy] add to build
* [core] fix include_shell on inline shell commands (fixes #2910)
* [multiple] code reuse: using array_*() funcs
* [tests] t/test_array.c
* [core] array_get_int_ptr()
* [core] more memory-efficient fn table for data_*
* [tests] #undef NDEBUG before assert.h in t/test_*
* [core] inline status_counter routines
* [core] log_failed_assert() __attribute__((cold))
* [core] http_status_append()
* [core] http_method_append()
* [core] prefer buffer_append_string_len()
* [build] fix SCons build for mod_authn_pam
* [mod_userdir] security: skip username "." and ".."
* [mod_deflate] null-check to quiet coverity warning
* [core] quiet coverity false positive
* [multiple] quiet compiler warnings --without-pcre
* [mod_secdownload] support if HMAC() is a macro
* [TLS] sys-crypto.h abstraction
* [TLS] sys-crypto.h abstraction
* [build] put request.c in common src
* [meson] build fixes for libmariadb and libsasl2
* [core] PATH_INFO calculation when basedir is "/" (fixes #2911)
* [core] better consistency in buffer_is_equal*()
* [core] fix missing param from prev commit
* [mod_openssl] no renegotiation in TLS 1.3 (fixes #2912)
* [core] reject Transfer-Encoding from proxy (#2913)
* [mod_auth] use SHA1_Init,Update,Final
* [mod_openssl] add support for wolfSSL
* [build] automake support for wolfSSL
* [build] SCons support for wolfSSL
* [build] meson support for wolfSSL
* [build] CMake support for wolfSSL
* [core] perf: buffer.c internal inlines
* [mod_openssl] wolfSSL does not support SSLv2
* [core] perf: buffer_string_append_len()
* [core] permit server.error_handler to static file
|
|
- 1.4.50 - 2018-08-13
* [mod_extforward] allow explict IPs to be untrusted (#2860)
* [core] fix crash if 'host' empty in config (fixes #2876)
* [mod_magnet] fix regression in lighty.stat (fixes #2877)
* [core] minor code cleanup in gw_recv_response()
* [core] fix rare race condition from backends (fixes #2878)
* [mod_proxy] fix segfault in Set-Cookie reverse map (fixes #2879)
* [core] fdevent_accept_listenfd() nonblock cloexec
* [build] remove m4 AC_PATH_PROG for PKG_CONFIG
* [core] some header cleanup
* [mod_wstunnel] better Sec-WebSocket-Protocol parse
* [mod_magnet] code reuse
* [mod_magnet] reduce buffer copies
* [mod_fastcgi,mod_scgi] fastcgi.balance,scgi.balance (fixes #2882)
* [core] check if SOCK_NONBLOCK is ignored (fixes #2883)
* [core] buffer_append_string_encoded_hex_lc()
* [core] more efficient hex2int()
* [mod_secdownload] compare bin MAC instead of hex
* [core] li_tohex_lc() explicitly uses lc hex chars
* [core] buffer_append_uint_hex_lc() uses lc hex
* [core] buffer_append_string_encoded() uc hex
* [tests] reduce test_base64 brute force tests
* [tests] remove test_buffer output, except on error
* [core] check for continuation in server.tag
* [core] CONNECT must be handled before fs hooks
* [mod_redirect, mod_rewrite] code reuse (sharing)
* [core] data_config_pcre_compile,exec()
* [tests] test_request unit tests
* [core] http_kv.[ch] method, status, version str
* [core] remove unused get_http_status_body_name()
* [core] remove proc_open.[ch], reduce stdio.h use
* [tests] move src/test_*.c to src/t/
* [core] server.http-parseopts URL normalization opt (fixes #1720)
* [core] inline some buffer.[ch] routines
* [core] remove some duplicative code in log.c
* [core] debug server.log-request-header-on-error
* [mod_redirect,mod_rewrite] short-circuit earlier
* [core] fix buffer_to_upper()
* [mod_cgi] handle CGI partial response header write
* [mod_redirect,mod_rewrite] pass request URI info
* [mod_redirect,mod_rewrite] encoding options (fixes #443, fixes #911)
* [mod_redirect,mod_rewrite] fix segfault w/ invalid syntax (fixes #2892)
* [mod_fastcgi] fix memleak with FastCGI auth,resp (fixes #2894)
* [mod_alias] security: potential path traversal with specific configs
* [mod_wstunnel] quiet 32-bit compiler warnings
* [core] POLLRDHUP handling for transparent proxying
* [mod_redirect,mod_rewrite] support up to 19 match
* [core] add missing includes to quiet compiler warn
* [mod_redirect,mod_rewrite] base64url encoding opt
* [mod_rewrite] require rewrite result to begin '/'
* [core] security: use-after-free invalid Range req
* [core] reset var if FAMMonitorDirectory() fails
* [core] option to propagate TCP FIN to backend host
* mod_sockproxy - socket forwarding
* [core] workaround Coverity cov-build bug with gcc7
* [build] add missing file for test_burl
* [core] quell insignificant coverity warning
* [core] extend server.http-parseopts
|
|
|
|
|
|
See https://www.lighttpd.net/2017/10/21/1.4.46/
|
|
|
|
|
|
|
|
|
|
|
|
- 1.4.49 - 2018-03-11
* [core] adjust offset if response header blank line
* [mod_accesslog] %{canonical,local,remote}p (fixes #2840)
* [core] support POLLRDHUP, where available (#2743)
* [mod_proxy] basic support for HTTP CONNECT method (#2060)
* [mod_deflate] fix deflate of file > 2MB w/o mmap
* [core] fix segfault if tempdirs fill up (fixes #2843)
* [mod_compress,mod_deflate] try mmap MAP_PRIVATE
* [core] discard from socket using recv MSG_TRUNC
* [core] report to stderr if errorlog path ENOENT (fixes #2847)
* [core] fix base64 decode when char is unsigned (fixes #2848)
* [mod_authn_ldap] fix mem leak when ldap auth fails (fixes #2849)
* [core] warn if mod_indexfile after dynamic handler
* [core] do not reparse request if async cb
* [core] non-blocking write() to piped loggers
* [mod_openssl] minor code cleanup; reduce var scope
* [mod_openssl] elliptic curve auto selection (fixes #2833)
* [core] check for path-info forward down path
* [mod_authn_ldap] auth with ldap referrals (fixes #2846)
* [core] code cleanup: separate physical path sub
* [core] merge redirect/rewrite pattern substitution
* [core] fix POST with chunked request body (fixes #2854)
* [core] remove unused func
* [doc] minor update to *outdated* doc
* [mod_wstunnel] fix for frames larger than 64k (fixes #2858)
* [core] fix 32-bit compile POST w/ chunked request body (#2854)
* [core] add include sys/poll.h on Solaris (fixes #2859)
* [core] fix path-info calculation in git master (fixes #2861)
* [core] pass array_get_element_klen() const array *
* [core] increase stat_cache abstraction
* [core] open additional fds O_CLOEXEC
* [core] fix CONNECT w strict header parsing enabled
* [mod_extforward] CIDR support for trusted proxies (fixes #2860)
* [core] re-enable overloaded backends w/ multi wkrs
* [autoconf] reduce minimum automake version to 1.13
* [mod_auth] constant time compare plain passwords
* [mod_auth] check that digest realm matches config
* [core] fix incorrect hash algorithm impl
|
|
|
|
Fix build problem with ldap PKG_OPTIONS.
|
|
|
|
This release fixes a few regressions from lighttpd 1.4.46 and adds
a new module mod_authn_sasl when lighttpd is built --with-sasl
|
|
|
|
|
|
- 1.4.47
* [mod_authn_gssapi] needs -lcom_err under Darwin
* [core] stricter validation of request-URI begin
* [core] fix 1.4.46 regression in config match
* [core] normalize config addrs for != match
* [core] normalize config addrs for eq and ne
* [doc] use https:// URLs to .lighttpd.net resources
* [core] fix 1.4.46 regression in Last-Modified
|
|
|
|
|
|
|
|
|
|
per message to pkgsrc-users@ from Glenn Strauss.
Bump PKGREVISION.
|
|
* [mod_cgi] skip local-redir handling if to self (fixes #2779, #2108)
* [mod_webdav] fix crash when plugin_ctx cleaned up (fixes #2780)
* [mod_fastcgi] detect child exit, restart proactively
* [mod_scgi] detect child exit, restart proactively
* [TLS] ssl.read-ahead = "disable" for low mem (fixes #2778)
pkgsrc changes:
- Rename non-standard "memcache" option to "memcached" (retaining
compatibility for the old option for a while)
|
|
|
|
------------------------------
- 1.4.44
* [mod_scgi] fix segfault (fixes #2762)
* [mod_authn_gssapi] fix memory leak
* [config] warn if mod_authn_ldap,mysql not listed
* [mod_magnet] fix magnet_cgi_set() set of env vars (fixes #2763)
* [mod_cgi] FreeBSD 9.3/MacOSX does not have pipe2() (fixes #2765)
* [mod_extforward] fix crash on invalid IP (fixes #2766)
* [mod_fastcgi] fix segfault if all backends down (fixes #2768)
* [mod_cgi] fix out of sockets error for POST to CGI (fixes #2771)
* [mod_auth] compile fix for Mac OS X XCode (fixes #2772)
* [mod_authn_gssapi] better resource cleanup
* [core] compile fix for Mac OS X 10.6 (old) (fixes #2773)
* fix race in dynamic handler configs (reentrancy) (fixes #2774)
* [mod_authn_mysql] close mysql_conn in cleanup
* [mod_webdav] compile fix when locking not enabled
* load mod_auth & mod_authn_file in sample/test.conf
* comment out auth.backend.ldap.* in tests/*.conf
* [mod_fastcgi,mod_scgi] warn if invalid "bin-path"
* RAND_pseudo_bytes() is deprecated in openssl 1.1.0
* openssl 1.1.0 init and cleanup
* [mod_cgi] remove direct calls to network_backend*
* [build] build network_*.c into lighttpd executable
* suggest inclusion of mod_geoip... before mod_ssi.
* set systemd settings similar to lighttpd2
* [doc] remove reference to Linux rt-signals
* [mod_authn_gssapi] fix missing error ret, coverity
* [core] rename li_rand() to li_rand_pseudo_bytes()
* remove #include "stream.h" where not used
* [mod_cml] include lua headers before base.h
* [core] combine duplicated connection reset code
* [mod_ssi] produce content in subrequest hook
* [core] remove srv->entropy[]
* [core] defer li_rand_init() until first use
* [core] permit connection-level state in modules
* [mod_dirlisting] render dirlisting as HTML (fixes #2767)
* [mod_proxy] replace HTTP Host sent to backend (fixes #2770)
* [mod_ssi] basic recursive SSI include virtual (fixes #536)
* [mod_ssi] implement, ignore <!--#comment ... -->
* [core] consolidate duplicated read-to-close code
* [core] fix segfault when parsing a bad config file
* [core] support Transfer-Encoding: chunked req body (fixes #2156)
* [autobuild] set NO_RDYNAMIC=yes for midipix
* [mod_proxy] proxy.balance = "sticky" option (fixes #2117)
* [mod_secdownload] warn if SHA used w/o SSL crypto
* [build] compile fixes for AIX
* [build] check for pipe2() at configure time
* [mod_evhost] fix an incorrect error trace
* [tests] mark tests/docroot/www/*.pl scripts a+x
* [mod_cgi] fall back to pipe() if pipe2() fails
* fix SCons fullstatic build with glibc pthreads
* [TLS] openssl 1.1.0 makes SSL_OP_NO_SSLv2 no-op
(pkgsrc changes)
- Add Selection on PLIST depending on options
|
|
Added geoip build option.
Changelog:
* [TLS] SSL_shutdown() only if handshake finished
* [mod_proxy,mod_scgi] shutdown remote only if local (#2743)
* [core] check if client half-closed TCP if POLLHUP (#2743)
* [core] enforce wait for POLLWR after EINPROGRESS (fixes #2744)
* [core] do not enter handler twice after read body
* [core] proxy,scgi omit shutdown() to backend (fixes #2743)
* [mod_dirlisting] dirlist does not handle POST
* [mod_dirlisting] js column sort for dirlist table (fixes #613, fixes #2315)
* [mod_auth] Digest auth fails after rewrite (fixes #2745)
* [mod_auth] refactor out auth backend code
* [mod_auth] extensible interface for auth backends
* [core] better DragonFlyBSD support (fixes #2746)
* [mod_auth] include base.h for USE_OPENSSL def
* [mod_auth] support CRYPT-MD5-NTLM algorithm (fixes #1743)
* [mod_auth] terminate salt for CRYPT-MD5-NTLM
* [core] fix crash if ready events on abandoned fd (fixes #2748)
* [mod_auth] http_auth_md5_hex2bin()
* [mod_auth] remove empty mod_auth.h
* [mod_auth] mod_authn_mysql.c MySQL auth backend (fixes #752, fixes #1845)
* [mod_cgi] permit CGI exec of unreadable files (fixes #2374)
* [mod_uploadprogress] add to default build
* [mod_geoip] add to default build (fixes #2705, fixes #2101, fixes #2092,
fixes #2025, fixes #1962, fixes #1938)
* [mod_fastcgi] Authorizer support with Responder (fixes #321, fixes #322)
* [tests] test coverage for issues (#321, #322)
* dynamic handlers store debug flag in handler_ctx
* [mod_fastcgi] allow authorizer, responder for same path/ext (#321)
* backport mod_deflate to lighttpd 1.4 (fixes #1824, fixes #2753)
* [autobuild] test_configfile might need vector.c (fixes #2752)
* [mod_deflate] fix longjmp clobber compiler warning
* remove unused array type TYPE_COUNT data_count
* [mod_auth] structured data, register auth schemes
* [mod_auth] mod_authn_gssapi Kerberos auth backend (fixes #1899)
* [autobuild] skip two new tests if no fcgi-auth
* [SCons] define with_krb5 for SCons build
* [SCons] fix syntax error in SConstruct
* [SCons] define with_geoip for SCons build
* [CMake] fix clang -Wcast-align warnings in lemon.c
* remove excess initializers (fix compiler warnings)
* fix errors detected by Coverity Scan
* performance: use Linux extended syscalls and flags
* [mod_scgi] add uwsgi protocol support
* [mod_auth] refactor LDAP code into smaller funcs
* [mod_auth] HTTP Basic auth backends also do authz (#1817)
* [mod_auth] ldap filter subst user for multiple '$' (fixes #1508)
* [mod_auth] permit specifying ldap DN; skip search (fixes #1248)
* [autobuild] update module/feature report
* [cmake] build mod_authn_gssapi if WITH_KRB5
* [mod_auth] fix printing of IP in error trace
* [mod_mysql_vhost] support multiple '?' replacement (fixes #2163)
* [core] make server.max-request-size scopeable (#1901)
* [core] server.max-request-field-size (fixes #2130)
* [core] optional condition in config "else" clause (fixes #1268)
* [core] restrict where config "else" clauses occur (#1268)
* silence warnings from clang ccc-analyzer
* consistent, shared code to create CGI env
* [TLS] replace env entries in https_add_ssl_entries
* [TLS] set SSL_CLIENT_M_SERIAL w/ client cert SN (fixes #2268)
* [TLS] set SSL_CLIENT_VERIFY w/ client cert (#1288, #2693)
* [TLS] set SSL_PROTOCOL, SSL_CIPHER* (fixes #2511)
* [core] rand.[ch] to use better RNGs when available
* [mod_cgi] fix pipe_cloexec() when no O_CLOEXEC
* ignore return value from fcntl() FD_CLOEXEC
* build w/o compiler warnings if no zlib or bz2lib
|
|
- 1.4.41
* remove long-deprecated, non-functional config opts
* [config] inherit server.use-ipv6 and server.set-v6only (fixes #678)
* [mod_auth] fix Digest auth to be better than Basic (fixes #1844)
* [mod_ssi] fix #config sizefmt="bytes"
* [autobuild] move inet_pton detection later
* [core] #include <sys/filio.h> for FIONREAD (fixes #2726)
* [autobuild] clock_gettime() -lrt with glibc < 2.17
* [security] do not emit HTTP_PROXY to CGI env
* [build_cmake] clock_gettime() -lrt w/ glibc < 2.17 (fixes #2737)
* [core] avoid spurious trace and error abort
* [core] stay in CON_STATE_CLOSE until done with req
* [core] $HTTP["remoteip"] must handle IPv6 w/o []
* [mod_status] show keep-alive status w/ text output (fixes #2740)
* do not set REDIRECT_URI in mod_magnet, mod_rewrite (#2738)
* revert 1.4.40 swap of REQUEST_URI, REDIRECT_URI (fixes #2738)
* [core] permit IPv6 address scope identifier
* [TLS] better handling of SSL_ERROR_WANT_READ/WRITE
* [TLS] read all available records from SSL_read()
* [core] try AF_INET after AF_INET6 if use-ipv6
* [core] set chunkqueue tempdirs at startup
* [security] ensure gid != 0 if server.username set (fixes #2725)
* [security] disable stat_cache if !follow-symlink (fixes #2724)
* [core] fix buffer_copy_string_hex() assert (fixes #2742)
* [security] encode quoting chars in HTML and XML
* [cmake] always define _GNU_SOURCE
* [cmake] enable warnings for GCC and Clang
* [cmake] set cmake_minimum_required to 2.8.2
|
|
- 1.4.40
* [mod_ssi] enhance support for ssi vars (thx fbrosson)
* add handling for lua 5.2 and 5.3 (fixes #2674)
* use libmemcached instead of deprecated libmemcache
* add force_assert for more allocation results
* [mod_cgi] use MAP_PRIVATE to mmap temporary file (fixes #2715)
* [core] do not send SIGHUP to process group unless server.max-workers is used (fixes #2711)
* [mod_cgi] edge case chdir "/" when docroot "/" (fixes #2460)
* [mod_cgi] issue trace and exit if execve() fails (closes #2302)
* [configparser] don't continue after parse error (fixes #2717)
* [core] never evaluate else branches until the previous branches are ready (fixes #2598)
* [core] fix conditional cache handling
* [core] improve conditional enabling (thx Gwenlliana, #2598)
* [mod_compress] case-insensitive content-codings (fixes #2645)
* [plugins] don't include dlfcn.h if not needed (fixes #2548)
* [mod_fastcgi] 404 for X-Sendfile file not found (fixes #2474)
* [mod_cgi] send 500 if CGI ends and there is no response (fixes #2542)
* [mod_cgi] consolidate CGI cleanup code
* [mod_cgi] simplify mod_cgi_handle_subrequest()
* [mod_cgi] kill CGI if fail to write request body
* [mod_proxy] use case-insensitive comparision to filter headers, send Connection: Close to backend (fixes #421)
* [mod_dirlisting] dir-listing.hide-dotfiles = "enabled" by default (fixes #1081)
* [mod_secdownload] fix buffer overflow in secdl_verify_mac (reported by Fortify Open Review Project)
* [mod_fastcgi,mod_scgi] fix leaking file-descriptor when backend spawning failed (reported by Fortify Open Review Project)
* [core] improve array API to prevent memory leaks
* [core] refactor array search; raise array size limit to SSIZE_MAX
* [core] fix memory leak in configparser_merge_data
* [core] provide array_extract_element and use it
* [core] configparser: error on duplicate keys in array merge (fixes #2685)
* [core] more careful parse of $SERVER["socket"] config str (prepare #2204)
* [core] accept $SERVER["socket"] without port, use server.port as fallback (fixes #2204)
* [mod_magnet] define lua_pushglobaltable (for lua5.1) and use it (fixes #2719)
* [ssl] support disabling ssl.verifyclient.activate in SNI callback (fixes #2531)
* restart (some) syscalls after SIGCHLD interrupted them; should fix LDAP problems (fixes #2464)
* [core] log remote address on request timeouts (fixes #652)
* [autobuild] use AC_CANONICAL_HOST instead of AC_CANONICAL_TARGET (fixes #1866)
* [core] fix request_start in keep-alive requests to mark time when received first byte (fixes #2412)
* [core] truncate pidfile on exit (fixes #2695)
* consistent inclusion of config.h at top of files (fixes #2073)
* [core] add generic vector implementation
* [core] replace array weakref with vector
* [base64] fix crash due to broken force_assert
* [unittests] add test_buffer and test_base64 unit tests
* [buffer] refactor buffer_path_simplify (fixes #2560)
* validate return values from strtol, strtoul (fixes #2564)
* [mod_ssi] Add SSI vars SCRIPT_{URI,URL} and REQUEST_SCHEME (fixes #2721)
* [config] warn if server.upload-dirs has non-existent dirs (fixes #2508)
* [mod_proxy] accept LF delimited headers, not just CRLF (fixes #2594)
* [core] wait for grandchild to be ready when daemonizing (fixes #2712, thx pasdVn)
* [core] respond 411 Length Required if request has Transfer-Encoding: chunked (fixes #631)
* [core] fixed the loading for default modules if they are specified explicitly
* [core] lighttpd -tt performs preflight startup checks (fixes #411)
* [stat] mimetype.xattr-name global config option (fixes #2631)
* [mod_webdav] allow Depth: Infinity lock on file (fixes #2296)
* [mod_status] use snprintf() instead of sprintf()
* pass buf size to li_tohex()
* use li_[iu]tostrn() instead of li_[iu]tostr()
* [stream] fstat() after open() to obtain file size
* [core] clean up srv before exiting for lighttpd -[vVh]
* [mod_fastcgi,mod_scgi] check for spawning on same unix socket (fixes #319)
* [mod_cgi] always set QUERY_STRING (fixes #1339)
* [mod_auth] send charset="UTF-8" in WWW-Authenticate (fixes #1468)
* [mod_magnet] rename var for clarity (fixes #1483)
* [mod_extforward] reset cond_cache for scheme (fixes #1499)
* [mod_webdav] readdir POSIX compat (fixes #1826)
* [mod_expire] reset caching response headers for error docs (fixes #1919)
* [mod_status] page refresh option (fixes #2170)
* [mod_status] table w/ count of con states (fixes #2427)
* [mod_dirlisting] class for dir <tr> (fixes #2304)
* [core] define __STDC_WANT_LIB_EXT1__ (fixes #2722)
* [core] setrlimit max-fds <= rlim_max for non-root (fixes #2723)
* [mod_ssi] config ssi.conditional-requests
* [mod_ssi] config ssi.exec (fixes #2051)
* [mod_redirect,mod_rewrite] short-circuit if blank replacement (fixes #2085)
* [mod_indexfile] save physical path to env (fixes #448, #892)
* [core] open fd when appending file to cq (fixes #2655)
* [config] server.listen-backlog option (fixes #1825, #2116)
* [core] retry tempdirs on partial write, ENOSPC (fixes #2588)
* [core] compile with upcoming openssl 1.1.0 release (fixes #2727)
* [core] improve dynamic handler control flow logic
* [core] defer reading request body until handle subrequest (fixes #2541)
* [core] always poll for client POLLHUP/POLLERR events (fixes #399)
* [mod_fastcgi,mod_scgi,mod_proxy] handlers can read response before sending req body (fixes #131, #2566)
* [mod_cgi] asynchronous send of request body to CGI
* [core] compile with upcoming openssl 1.1.0 release (fixes #2727)
* [core] set REDIRECT_STATUS to error_handler_saved_status (fixes #1828)
* [core] server.error-handler new directive for error pages (fixes #2702)
* [core] support IPv6 in $HTTP["remote-ip"] CIDR cond match (fixes #2706)
* [core] http_response_send_file() shared code (#2017)
* [mod_fastcgi] use http_response_xsendfile() (fixes #799, fixes #851, fixes #2017, fixes #2076)
* [mod_scgi] X-Sendfile feature (fixes #2253)
* [mod_cgi] X-Sendfile feature (fixes #2313)
* [mod_webdav] lseek,read if fs can not mmap (#2666, fixes #962)
* [mod_compress] use mmap and trap SIGBUS (#2666, fixes #1879)
* fallback to lseek()/read() if mmap() fails (#fixes 2666)
* [mod_auth] skip blank lines and comment lines (fixes #2327)
* [core] fallback to write if sendfile not supported (fixes #471, #987)
* [core] preserve PATH_INFO case on case-insensitive fs (fixes #406)
* [mod_ssi, mod_cml] set DOCUMENT_ROOT to basedir (fixes #2383)
* [core] cmd line opt to shutdown after idle time limit (fixes #2696)
* [core] lighttpd -1 handles single request on stdin socket (fixes #1584)
* [mod_fastcgi,mod_scgi] IPv6 support (fixes #2372)
* [mod_status] add JSON output option (fixed #2432)
* [mod_webdav] map COPY/MOVE Destination to aliases (fixes #1787)
* [mod_webdav] improve PROPFIND,PROPPATCH (#1818, #1953)
* [core] reset response headers, write_queue for error docs
* build with libressl
* static build instructions using SCons or make
* [mod_auth] preserve WWW-Authenticate for error docs (fixes #2730)
* check close() return code after writing to file
* adjustments for openssl 1.1.0 pre-release
* [config] support include file glob (fixes #1221)
* [mod_evasive] 302 redirect option if limit reached (fixes #2199)
* [build] enhancements for cross-compiling (fixes #2276)
* [mod_accesslog] report aborted con state with %X (fixes #1890)
* [mod_ssi] fix SSI statement parser
* [mod_ssi] include relative to alias,userdir (fixes #222)
* [mod_ssi] add PCRE_* options to constrain regex
* [mod_ssi] more flexible quoting (fixes #1768)
* [core] wrap IPv6 literal in "[]" in redirect URL
* [mod_ssi] fix parse of tag across buf boundary (fixes #2732)
* [mod_cgi,mod_scgi] X-Sendfile sets file_started (fixes #2733)
* [mod_fastcgi] no chunked response w/ X-Sendfile (fixes #2733)
* [config] opts for http header parsing strictness (fixes #551,
fixes #1086, fixes #1184, fixes #2143, #2258, #2281, fixes #946,
fixes #1330, fixes #602, #1016)
* [config] normalize IP strings in lighttpd.conf
* [build_cmake] use MODULE on Mac OS X (fixes #1761)
* [config] server.bsd-accept-filter option
* [mod_webdav] create file w/ LOCK request if ENOENT
* [core] buffer large responses to tempfiles (fixes #758, fixes #760, fixes #933, fixes #1387, #1283, fixes #2083)
* [core] stream response to client (#949)
* [TLS] release openssl buffers as used (fixes #1265, fixes #1283, #881)
* [config] config options to stream request/response (#949, #376)
* [core] option to stream request body to backend (fixes #376)
* [core] option to stream response body to client (fixes #949, #760, #1283, #1387)
* drain backend socket/pipe bufs upon FDEVENT_HUP
* remove excess calls to joblist_append()
* defer choosing "Transfer-Encoding: chunked"
* asynchronous, bidirectional streaming options
* fix errors detected by Coverity Scan
* [cygwin] fix mod_proxy and mod_fastcgi ioctl use
* [mod_webdav] remove excess SQL param to UNLOCK
* graceful shutdown without unnecessary 1 sec delay
* [core] disable Nagle algorithm (TCP_NODELAY)
* [core] add declarations to fdevent.h (#2373)
* [tests] remove dependency on CGI.pm
* [TLS] fix return value checks during cert init
* [core] fix server.max-request-size to be precise (fixes #2131)
* [mod_webdav] fix proppatch mem leak, other fixes (#fixes 1334, #fixes 2000)
* [autobuild] CMake check for struct tm tm_gmtoff (fixes #2014)
* [mod_uploadprogress] fix mem leak (#1858)
* [core] make server.max-request-size scopeable (fixes #1901)
* [mod_fastcgi,mod_scgi] check for spawning on same unix socket (#319)
* [mod_accesslog] %a %A %C %D %k %{}t %{}T (fixes #1145, fixes
#1415, fixes #2081)
* [mod_access] new directive url.access-allow (fixes #1421)
* [core] fdevent_libev: update use of ev_timer
* [mod_cgi] handle local redirect response (fixes #2108)
|
|
|
|
original manifest.xml file and the output from "svccfg export".
|
|
|
|
|
|
----------------
- 1.4.39 2015-12-19
* [core] fix memset_s call (fixes #2698)
* [chunk] fix use after free / double free (fixes #2700)
|
