summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* [docs] add !kPSK to the cipher string recommendation as the comments before ↵lighttpd-1.4.34Stefan Bühler2014-01-201-2/+2
| | | | | | | | already mention From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2933 152afb58-edef-0310-8abb-c4023f1b3aa9
* [tests] add cleanup.sh to cmake test runs, reset SLOWREQUEST in request.tStefan Bühler2014-01-102-0/+2
| | | | | | From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2932 152afb58-edef-0310-8abb-c4023f1b3aa9
* add two asserts to help parfait (#2530)Stefan Bühler2014-01-102-0/+2
| | | | | | From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2931 152afb58-edef-0310-8abb-c4023f1b3aa9
* [mod_webdav] fix fd leak found with parfait (fixes #2530, thx kukackajiri)Stefan Bühler2014-01-102-2/+3
| | | | | | From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2930 152afb58-edef-0310-8abb-c4023f1b3aa9
* [mod_mysql_vhost] fix memory leak on config init (#2530)Stefan Bühler2014-01-102-21/+27
| | | | | | From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2929 152afb58-edef-0310-8abb-c4023f1b3aa9
* [auto* build] remove -no-undefined from linker flags, as we actually link ↵Stefan Bühler2014-01-102-33/+34
| | | | | | | | | | | | | | | modules with undefined symbols (fixes #2533) On platforms that support linking modules with undefined symbols we actually do it; so most of the time -no-undefined should result in an error. On platforms that don't support it, it will result in an error sooner or later anyway (on those it should build a shared libary with the core code to link the modules against). From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2928 152afb58-edef-0310-8abb-c4023f1b3aa9
* [core] decode URL before rewrite, enabling it to work in $HTTP["url"] ↵Stefan Bühler2014-01-103-44/+37
| | | | | | | | conditionals (fixes #2526) From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2927 152afb58-edef-0310-8abb-c4023f1b3aa9
* maintain physical.basedir (the "acting" doc-root as prefix of physical.path) ↵Stefan Bühler2014-01-105-1/+9
| | | | | | | | in more places From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2926 152afb58-edef-0310-8abb-c4023f1b3aa9
* [ssl] fix regression from CVE-2013-4508 (client-cert sessions were broken)Stefan Bühler2013-11-132-0/+9
| | | | | | From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2925 152afb58-edef-0310-8abb-c4023f1b3aa9
* [mod_ssi] fix "ssi_val_init" prototypeStefan Bühler2013-11-131-1/+1
| | | | | | From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2924 152afb58-edef-0310-8abb-c4023f1b3aa9
* [core] check success of setuid,setgid,setgroups (CVE-2013-4559)Stefan Bühler2013-11-132-3/+13
| | | | | | From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2923 152afb58-edef-0310-8abb-c4023f1b3aa9
* [stat-cache] fix FAM cleanup/fdevent handlingStefan Bühler2013-11-134-41/+32
| | | | | | From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2922 152afb58-edef-0310-8abb-c4023f1b3aa9
* [stat-cache] FAM: fix use after free (CVE-2013-4560)Stefan Bühler2013-11-132-0/+2
| | | | | | From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2921 152afb58-edef-0310-8abb-c4023f1b3aa9
* fix/silence bugs reported by ccc-analyzer (clang)Stefan Bühler2013-11-1341-65/+78
| | | | | | | | | | | | | | | | | | | | | These should all be non critical: * memory leaks on startup in error cases (which lead to immediate shutdowns anyway) * http_auth/ldap: passing uninitialized "ret" to ldap_err2string * sizeof(T) not matching the target pointer in malloc/calloc calls; those cases were either: * T being the wrong pointer type - shouldn't matter as long as all pointers have same size * T being larger than the type needed * mod_accesslog: direct use after free in cleanup (server shutdown); could crash before "clean" shutdown * some false positives (mod_compress, mod_expire) * assert(srv->config_context->used > 0); - this is always the case, as there is always a global config block From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2920 152afb58-edef-0310-8abb-c4023f1b3aa9
* NEWS entry for previous commitStefan Bühler2013-11-131-0/+1
| | | | | | From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2919 152afb58-edef-0310-8abb-c4023f1b3aa9
* [doc] update ssl.cipher-list recommendationStefan Bühler2013-11-101-6/+14
| | | | | | From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2918 152afb58-edef-0310-8abb-c4023f1b3aa9
* [autobuild] create m4/ before calling autoreconfStefan Bühler2013-11-101-0/+7
| | | | | | From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2917 152afb58-edef-0310-8abb-c4023f1b3aa9
* fix typo (fixes #2519)Stefan Bühler2013-11-101-1/+1
| | | | | | From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2916 152afb58-edef-0310-8abb-c4023f1b3aa9
* add "packdist.sh" script to build (pre-) releasesStefan Bühler2013-11-101-0/+295
| | | | | | From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2915 152afb58-edef-0310-8abb-c4023f1b3aa9
* [autobuild] use autoreconf instead of calling tools manually; add generated ↵Stefan Bühler2013-11-102-23/+16
| | | | | | | | files to .gitignore From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2914 152afb58-edef-0310-8abb-c4023f1b3aa9
* [ssl] fix SNI handling; only use key+cert+verify-client from SNI specific ↵Stefan Bühler2013-11-055-50/+191
| | | | | | | | | | | | | config (fixes #2525, CVE-2013-4508) pull all ssl.ca-file values into all SSL_CTXs, but use only the local ssl.ca-file for verify-client; correct SNI name is no requirement, so enforcing verification for a subset of SNI names doesn't actually protect those. From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2913 152afb58-edef-0310-8abb-c4023f1b3aa9
* remove unused members from struct server_socketStefan Bühler2013-11-052-9/+0
| | | | | | From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2912 152afb58-edef-0310-8abb-c4023f1b3aa9
* [mod_extforward] fix compilation without IPv6, (not) using undefined var ↵Stefan Bühler2013-10-132-1/+1
| | | | | | | | (fixes #2515, thx mm) From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2911 152afb58-edef-0310-8abb-c4023f1b3aa9
* [mod_auth] explicitly link ssl for SHA1 (fixes #2517)Stefan Bühler2013-10-132-2/+2
| | | | | | From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2910 152afb58-edef-0310-8abb-c4023f1b3aa9
* - next is 1.4.34Stefan Bühler2013-09-274-4/+7
| | | | | | From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2909 152afb58-edef-0310-8abb-c4023f1b3aa9
* [tests] use list for perl exec to skip the sh wrapperlighttpd-1.4.33Stefan Bühler2013-09-061-8/+13
| | | | | | From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2903 152afb58-edef-0310-8abb-c4023f1b3aa9
* [mod_scgi] fix log typosStefan Bühler2013-09-061-2/+2
| | | | | | From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2902 152afb58-edef-0310-8abb-c4023f1b3aa9
* [core] set signal handlers before forking child processes in ↵Stefan Bühler2013-08-302-45/+46
| | | | | | | | modules/plugins_call_set_defaults (fixes #2502) From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2901 152afb58-edef-0310-8abb-c4023f1b3aa9
* [core] allow files to be used as document-root (fixes #2475)Stefan Bühler2013-08-303-2/+4
| | | | | | From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2900 152afb58-edef-0310-8abb-c4023f1b3aa9
* [mod_accesslog] add accesslog.syslog-level option (fixes #2480)Stefan Bühler2013-08-302-1/+9
| | | | | | From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2899 152afb58-edef-0310-8abb-c4023f1b3aa9
* [mod_simple_vhost] fix cache; skip module if simple-vhost.server-root is ↵Stefan Bühler2013-08-302-31/+31
| | | | | | | | empty (thx rm for reporting) From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2898 152afb58-edef-0310-8abb-c4023f1b3aa9
* [tests] add mod_simplevhost testsStefan Bühler2013-08-305-22/+98
| | | | | | | | * next commit fixes the bug From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2897 152afb58-edef-0310-8abb-c4023f1b3aa9
* [core] check whether server.chroot existsStefan Bühler2013-08-302-0/+13
| | | | | | From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2896 152afb58-edef-0310-8abb-c4023f1b3aa9
* [core] remove requirement that default doc-root has to exist, there are ↵Stefan Bühler2013-08-302-21/+1
| | | | | | | | reasonable scenarios not requiring static files at all From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2895 152afb58-edef-0310-8abb-c4023f1b3aa9
* [auth] new method "extern" to use already present REMOTE_USER (from magnet, ↵Stefan Bühler2013-08-302-11/+26
| | | | | | | | | | | | ssl, ...) (fixes #2436) can be combined with ssl: ssl.verifyclient.username = "SSL_CLIENT_S_DN_UID" auth.require = ("/" => ( "require" => "valid-user", "method" => "extern") ) From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2894 152afb58-edef-0310-8abb-c4023f1b3aa9
* [mod_auth] some cleanup, only search for matching auth.require path onceStefan Bühler2013-08-303-27/+10
| | | | | | From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2893 152afb58-edef-0310-8abb-c4023f1b3aa9
* [auth] put REMOTE_USER into cgi environment, making it accessible to lua via ↵Stefan Bühler2013-08-3010-35/+27
| | | | | | | | lighty.req_env (fixes #2495) From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2892 152afb58-edef-0310-8abb-c4023f1b3aa9
* [ssl] add option ssl.empty-fragments, defaulting to disabled (fixes #2492)Stefan Bühler2013-08-304-0/+18
| | | | | | | | | | if ssl.empty-fragments is set to enabled, but the openssl version used to compile lighttpd doesn't support empty fragments, a warning is displayed (it might still work). From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2891 152afb58-edef-0310-8abb-c4023f1b3aa9
* [ssl] accept ssl renegotiations if they are not disabled (fixes #2491)Stefan Bühler2013-08-304-5/+4
| | | | | | | | | | * don't fiddle with ssl internals * renegotiations should be safe with recent openssl versions, openssl itself should reject unsafe renegotiations From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2890 152afb58-edef-0310-8abb-c4023f1b3aa9
* move ssl.disable-client-renegotiation and added note that it currently ↵Marcus Rückert2013-08-151-5/+8
| | | | | | doesnt work inside conditionals git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2889 152afb58-edef-0310-8abb-c4023f1b3aa9
* [autoconf] pkg-config: search for lua5.1 and lua-5.1 before luaStefan Bühler2013-07-311-11/+11
| | | | git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2888 152afb58-edef-0310-8abb-c4023f1b3aa9
* [ssl] Fix $HTTP["scheme"] conditional, could be "http" for ssl connections ↵Stefan Bühler2013-07-3114-47/+49
| | | | | | | | | | | | | | | | | | | | | if the ssl $SERVER["socket"] conditional was nested (fixes #2501) con->conf.is_ssl got removed and replaced by: * con->conf.ssl_enabled for the config var "ssl.engine" - it is only used to determine which server-sockets should use ssl. (usually not needed as it is mandatory and enough to set ssl.pemfile anyway) * con->srv_socket->is_ssl to detect the actual ssl status of the bound socket, which is the same as the ssl status of the connection * con->uri.scheme for the actual $HTTP["scheme"] value, also used for the CGI "HTTPS=ON" variable. This defaults to "https" if the connection uses ssl, but can be changed for example by mod_extforward if X-Forwarded-Proto: is set to either "http" or "https" (other values are ignored right now) Also removed the broken srv_socket->is_proxy_ssl as it was a connection value in a server_socket struct... git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2887 152afb58-edef-0310-8abb-c4023f1b3aa9
* [mod_accesslog] fix log buffer <-> log file mappingStefan Bühler2013-07-311-22/+17
| | | | git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2886 152afb58-edef-0310-8abb-c4023f1b3aa9
* [network] use constants available at compile time for maximum number of ↵Stefan Bühler2013-06-292-19/+15
| | | | | | chunks for writev instead of calling sysconf (fixes #2470) git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2885 152afb58-edef-0310-8abb-c4023f1b3aa9
* [ssl] use DH only if openssl supports it (fixes #2479)Stefan Bühler2013-06-292-1/+12
| | | | git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2884 152afb58-edef-0310-8abb-c4023f1b3aa9
* [core] recognize more http methods to forward to backends (fixes #2346)Stefan Bühler2013-06-293-37/+78
| | | | git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2883 152afb58-edef-0310-8abb-c4023f1b3aa9
* [core] return 501 Not Implemented in static file mode for all methods except ↵Stefan Bühler2013-06-293-20/+3
| | | | | | GET/POST/HEAD/OPTIONS git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2882 152afb58-edef-0310-8abb-c4023f1b3aa9
* [mod_user] add test cases to check handling of encoded ~ as %7E (#2124)Stefan Bühler2013-06-291-1/+15
| | | | git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2881 152afb58-edef-0310-8abb-c4023f1b3aa9
* [mod_userdir] add userdir.active option, "enabled" by defaultStefan Bühler2013-06-292-2/+12
| | | | git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2880 152afb58-edef-0310-8abb-c4023f1b3aa9
* [mod_auth] fix distcheck, depends on openssl now for {SHA} crypted passwordsStefan Bühler2013-06-291-0/+2
| | | | git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2879 152afb58-edef-0310-8abb-c4023f1b3aa9
View Lorry Controller Status