| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
workaround for gvfs dir redir bug
fix for unhandled live properties
(thx montvid)
x-ref:
"lighttpd webdav does not work with Nemo, Nautilus gvfs"
https://redmine.lighttpd.net/boards/2/topics/9516
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For IPv6 listen addresses:
server.v4mapped = "disable" results in IPV6_V6ONLY socket opt set to 0
server.v4mapped = "enable" results in IPV6_V6ONLY socket opt set to 1
server.v4mapped has an effect only if explicitly set in lighttpd.conf.
If not set, the socket option is inherited from kernel defaults, which
may vary on different OS.
server.v4mapped takes priority over server.set_v6only
server.set_v6only behavior is inconsistent and depreacted.
server.set_v6only behavior differs from server.v4mapped in that
server.set_v6only = "enable" will cause the IPV6_V6ONLY socket
option to be set to 1 for IPv6 listening sockets configured via
$SERVER["socket"] in lighttpd.conf, is enabled by default, and
has no effect if set to "disable"
Note: IPv4-mapped addresses may bring potential security issues,
depending on the situation. For example, lighttpd does not attempt
to match IPv4 addresses with IPv4-mapped addresses. Other writings:
https://tools.ietf.org/html/draft-itojun-v6ops-v4mapped-harmful-02.html
|
| |
|
| |
|
|
|
|
| |
Note: filesystem access race conditions exist without _ATFILE_SOURCE
|
|
|
|
| |
so that path can be removed from stat_cache
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
quiet more request parse errors unless debug enabled with
debug.log-request-header-on-error = "enable"
x-ref:
"invalid character in URI -> 400 config?"
https://redmine.lighttpd.net/boards/2/topics/9512
|
| |
|
|
|
|
|
|
|
|
|
|
| |
more consistent use of shared code config_plugin_value_tobool()
(thx tow-conf)
x-ref:
"The on/off keywords in boolean configuration options is inconsistent, which might be misleading and error-prone."
https://redmine.lighttpd.net/issues/3036
|
|
|
|
| |
fix inverted logic when HTTP/2 frames span chunkqueue chunks
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When server.stream-request-body = 0 (the default), the entire request
body is collected before engaging the backend. For backends which
require data framing, this could lead to growth in memory use as large
requests were framed all at once.
Prefer to retain large request bodies in temporary files on disk and
frame in portions as write queue to backend drains below a threshold.
x-ref:
"Memory Growth with PUT and full buffered streams"
https://redmine.lighttpd.net/issues/3033
|
|
|
|
|
|
|
|
|
| |
(bug on master branch)
With lighttpd defaults, including fully buffering request body, and
if request body > 1 MB, then multiple temporary files are used and
might not have open fd in chunkqueue. This would result in failure
to send request body to CGI. (bug commited to master branch 1 month ago)
|
|
|
|
| |
(bug on master branch)
|
|
|
|
| |
filter out modules duplicated in server.modules list
|
|
|
|
|
|
|
|
| |
(bug on master branch)
x-ref:
"Debian Bullseye/sid arm64 - lighttp broken after update"
https://discussions.flightaware.com/t/debian-bullseye-sid-arm64-lighttp-broken-after-update/70756/20
|
| |
|
| |
|
|
|
|
| |
make public func for benefit of external, third-party mod_authn_tkt
|
|
|
|
|
|
|
|
|
|
| |
accept "HTTP/2.0" and "HTTP/3.0" NPH from naive non-proxy backends
(thx flynn)
x-ref:
"uwsgi fails with HTTP/2"
https://redmine.lighttpd.net/issues/3031
|
|
|
|
|
|
|
|
| |
pkg-config libxxhash.pc might not be provided with xxhash < 0.7.3
x-ref:
"Update build-dep for xxhash [...]"
https://salsa.debian.org/debian/lighttpd/-/merge_requests/29
|
|
|
|
|
|
|
|
|
|
| |
accept "HTTP/2.0" and "HTTP/3.0" NPH from naive non-proxy backends
(thx flynn)
x-ref:
"uwsgi fails with HTTP/2"
https://redmine.lighttpd.net/issues/3031
|
|
|
|
|
|
|
|
|
|
| |
(bug on master branch; never released)
(thx flynn)
x-ref:
"Fastcgi fails if server.tag is empty"
https://redmine.lighttpd.net/issues/3030
|
|
|
|
|
|
|
|
|
|
| |
allow LIGHTTPD_EXE_PATH override to be able to run source tree tests/*.t
against installed executable, e.g. LIGHTTPD_EXE_PATH=/usr/sbin/lighttpd
Beware that tests might not pass or might not be supported if the target
executable is not the same version as that of the source tree
(Possible use for this override is by Debian autopkgtests)
|
|
|
|
|
|
|
|
|
|
| |
(bug on master branch; never released)
(thx maxentry)
x-ref:
"maxminddb.env error 1.4.56"
https://redmine.lighttpd.net/boards/2/topics/9480
|
|
|
|
| |
libressl >= 0x3000000fL has SSL_set1_chain(), but not some other APIs
|
| |
|
|
|
|
|
|
| |
This alternative approach attempts to work around error:
invalid application of 'sizeof' to incomplete type 'struct kevent'
seen in continuous integration (CI) autoconf build on FreeBSD VM
|
|
|
|
| |
add some additional LIBRESSL_VERSION_NUMBER checks for feature support
|
|
|
|
|
|
|
|
|
|
| |
disable server.graceful-restart-bg on OpenBSD and NetBSD
kqueue is not inherited across fork, and OpenBSD and NetBSD do not
implement rfork() (implemented on FreeBSD and DragonFly)
lighttpd has not implemented rebuilding the kqueues after fork,
so server.graceful-restart-bg is disabled on OpenBSD and NetBSD.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Note: there have always been limitations with lighttpd stat_cache.[ch]
using FAM/gamin on *BSD via kqueue() as lighttpd stat_cache.[ch] only
monitors directories. This kqueue() implementation also only monitors
directories and has limitations.
lighttpd stat_cache.[ch] is notified about additions and removals of
files within a monitored directory but might not be notified of changes
such as timestamps (touch), ownership, or even changes in contents
(e.g. if a file is edited through a hard link)
server.stat-cache-engine = "disable" should be used when files should
not be cached. Full stop. Similarly, "disable" is recommended if files
change frequently. If using server.stat-cache-engine with any engine,
there are caching effects and tradeoffs.
On *BSD and using kqueue() on directories, any change detected clears
the stat_cache of all entries in that directory, since monitoring only
the directory does not indicate which file was added or removed. This
is not efficient for directories containing frequently changed files.
|
|
|
|
| |
gw_recv_response_error()
|
|
|
|
|
|
| |
x-ref:
"mod_wstunnel kills child on disconnect after idle-timeout from connection start"
https://redmine.lighttpd.net/issues/3029
|
|
|
|
|
|
|
|
| |
Update: NSS developer explains:
"The way that we currently operate is to tie the session key encryption
to the server public key. Which only works if you have an RSA key
configured"
https://bugzilla.mozilla.org/show_bug.cgi?id=1673254
|
| |
|
|
|
|
| |
use inotify in stat_cache.[ch] on Linux, replacing FAM/gamin
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
--with-xxhash
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
include wolfssl/options.h crypto lib config
after selecting crypto lib to use
wolfSSL does not prefix its defines with a wolfSSL-specific namespace
(so we would like to avoid unnecessarily polluting preproc namespace)
This commit further isolates wolfSSL after split from mod_openssl.
Cleans up some preprocessor logic that was put in place when using
the wolfSSL compatibility layer for openssl, before creating a
dedicated mod_wolfssl.
|
|
|
|
|
| |
include mbedtls/config.h crypto lib config
after selecting crypto lib to use
|
| |
|
|
|
|
| |
adjust wolfssl types.h workaround for another edge case
|