summaryrefslogtreecommitdiff
path: root/NEWS
Commit message (Collapse)AuthorAgeFilesLines
...
* [core] log remote address on request timeouts (fixes #652)Stefan Bühler2016-03-191-0/+1
| | | | | | From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3109 152afb58-edef-0310-8abb-c4023f1b3aa9
* restart (some) syscalls after SIGCHLD interrupted them; should fix LDAP ↵Stefan Bühler2016-03-191-0/+1
| | | | | | | | problems (fixes #2464) From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3108 152afb58-edef-0310-8abb-c4023f1b3aa9
* [ssl] support disabling ssl.verifyclient.activate in SNI callback (fixes #2531)Stefan Bühler2016-03-191-0/+1
| | | | | | From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3107 152afb58-edef-0310-8abb-c4023f1b3aa9
* [mod_magnet] define lua_pushglobaltable (for lua5.1) and use it (fixes #2719)Stefan Bühler2016-03-191-0/+1
| | | | | | From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3106 152afb58-edef-0310-8abb-c4023f1b3aa9
* [core] accept $SERVER["socket"] without port, use server.port as fallback ↵Stefan Bühler2016-03-191-0/+1
| | | | | | | | (fixes #2204) From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3105 152afb58-edef-0310-8abb-c4023f1b3aa9
* [core] more careful parse of $SERVER["socket"] config str (prepare #2204)Glenn Strauss2016-03-191-0/+1
| | | | | | | | | detect unix domain socket path earlier detect IPv6 addr without port (might contain ':' within addr, e.g. [::]) From: Glenn Strauss <gstrauss@gluelogic.com> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3104 152afb58-edef-0310-8abb-c4023f1b3aa9
* [core] configparser: error on duplicate keys in array merge (fixes #2685)Glenn Strauss2016-03-151-0/+1
| | | | | | From: Glenn Strauss <gstrauss@gluelogic.com> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3103 152afb58-edef-0310-8abb-c4023f1b3aa9
* [core] provide array_extract_element and use itStefan Bühler2016-03-151-0/+1
| | | | | | From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3102 152afb58-edef-0310-8abb-c4023f1b3aa9
* [core] fix memory leak in configparser_merge_dataStefan Bühler2016-03-151-0/+1
| | | | | | | | | Release op1 memory on failure; fixes some theoretical memory leaks (a failure results in early exit anyway). From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3101 152afb58-edef-0310-8abb-c4023f1b3aa9
* [core] refactor array search; raise array size limit to SSIZE_MAXStefan Bühler2016-03-151-0/+1
| | | | | | | | | | | | | | - raise array size limit from INT_MAX to SSIZE_MAX. INT_MAX already is way to high to be hit in any sane scenario, but SSIZE_MAX can *obviously* not be hit due to memory constraints. - use size_t for array indices instead of int - use binary search instead of next_power_of_2 hack; document invariants and check them in debug mode (asserts). - return the actual insert position instead of something near From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3100 152afb58-edef-0310-8abb-c4023f1b3aa9
* [core] improve array API to prevent theoretical memory leaksStefan Bühler2016-03-151-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | - refactor insert into array_find_or_insert; if the element already exists the caller must resolve the conflict manually: - array_replace frees the old element - array_insert_unique calls "insert_dup" both have no return value anymore - fix usages of array_replace; they now don't need to delete the old entry anymore; usage in configparser was probably broken, as it possibly deleted the old element before calling array_replace This should fix a lot of the issues reported in "Fortify Open Review Project - lighttpd 1.4.39" (usually hitting the array limit): when the array size limit was hit "new" entries leaked instead of getting added. On 32-bit INT_MAX entries cannot actually be reached (each entry requires at least 48 bytes, leading to a total of 96GB memory). On 64-bit INT_MAX entries would require 224GB memory, so it would be theoretically possible. But it would need 2^27 reallocations of two C-arrays of up to 16GB size. From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3098 152afb58-edef-0310-8abb-c4023f1b3aa9
* [mod_fastcgi,mod_scgi] fix leaking file-descriptor when backend spawning ↵Stefan Bühler2016-03-141-0/+1
| | | | | | | | | | | | failed (reported by Fortify Open Review Project) Reference: Fortify Open Review Project - lighttpd 1.4.39 ID 22708161 - Unreleased Resource ID 22708163 - Unreleased Resource From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3097 152afb58-edef-0310-8abb-c4023f1b3aa9
* [mod_secdownload] fix buffer overflow in secdl_verify_mac (reported by ↵Stefan Bühler2016-03-131-0/+1
| | | | | | | | | | | | | | Fortify Open Review Project) Impact is probably low on most platforms, as it will probably overwrite one byte of "HASH HA1" which isn't used afterwards anymore. Reference: Fortify Open Review Project - lighttpd 1.4.39 ID 22708159 - Buffer Overflow: Off-by-One From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3096 152afb58-edef-0310-8abb-c4023f1b3aa9
* [mod_dirlisting] dir-listing.hide-dotfiles = "enabled" by default (fixes #1081)Stefan Bühler2016-03-041-0/+1
| | | | | | From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3094 152afb58-edef-0310-8abb-c4023f1b3aa9
* [mod_proxy] use case-insensitive comparision to filter headers, send ↵Stefan Bühler2016-03-041-0/+1
| | | | | | | | Connection: Close to backend (fixes #421) From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3093 152afb58-edef-0310-8abb-c4023f1b3aa9
* [mod_cgi] kill CGI if fail to write request bodyGlenn Strauss2016-03-041-0/+1
| | | | | | | | (clean up potential zombie processes from unreaped children) From: Glenn Strauss <gstrauss@gluelogic.com> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3092 152afb58-edef-0310-8abb-c4023f1b3aa9
* [mod_cgi] simplify mod_cgi_handle_subrequest()Glenn Strauss2016-03-041-0/+1
| | | | | | | | | | | | | | wait for CGI to close stdout, so we read EOF on pipe to end CGI response remove extra call to waitpid() which will occur after process exits if it has not already been explicitly closed by CGI (and has not been inherited by CGI forked children) (If CGI forks, then it should close its stdout response pipe when response is done, especially if it intends to perform lengthy post-processing in the background.) From: Glenn Strauss <gstrauss@gluelogic.com> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3091 152afb58-edef-0310-8abb-c4023f1b3aa9
* [mod_cgi] consolidate CGI cleanup codeGlenn Strauss2016-03-041-0/+1
| | | | | | | | (more consistent behavior) From: Glenn Strauss <gstrauss@gluelogic.com> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3090 152afb58-edef-0310-8abb-c4023f1b3aa9
* [mod_cgi] send 500 if CGI ends and there is no response (fixes #2542)Glenn Strauss2016-03-041-0/+1
| | | | | | | | (Thx, anomie, who identified and explained problem in above ticket) From: Glenn Strauss <gstrauss@gluelogic.com> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3089 152afb58-edef-0310-8abb-c4023f1b3aa9
* [mod_fastcgi] 404 for X-Sendfile file not found (fixes #2474)Glenn Strauss2016-03-041-0/+1
| | | | | | | | (slightly modified from patch by bert) From: Glenn Strauss <gstrauss@gluelogic.com> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3088 152afb58-edef-0310-8abb-c4023f1b3aa9
* [plugins] don't include dlfcn.h if not needed (fixes #2548)Stefan Bühler2016-02-281-0/+1
| | | | | | From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3087 152afb58-edef-0310-8abb-c4023f1b3aa9
* [mod_compress] case-insensitive content-codings (fixes #2645)Glenn Strauss2016-02-281-0/+1
| | | | | | From: Glenn Strauss <gstrauss@gluelogic.com> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3086 152afb58-edef-0310-8abb-c4023f1b3aa9
* [core] improve conditional enabling (thx Gwenlliana, #2598)Stefan Bühler2016-02-211-0/+1
| | | | | | | | | | | | | | instead of looping over all config blocks for each conditional var that gets enabled, enable them all and run over them once. Right now it seems we actually set all variables at once in normal config handling (SNI only sets a subset); future modifications might introduce new variables which are activated at a later stage (physical path related for example). From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3083 152afb58-edef-0310-8abb-c4023f1b3aa9
* [core] fix conditional cache handlingStefan Bühler2016-02-211-0/+1
| | | | | | | | | | | | | | | - add new "skip" result to mark conditions that didn't actually get evaluated to false but just skipped because the preconditions failed. - add "local_result" for each cache entry to remember whether the condition itself matched (not including the preconditions). this can be reused after a cache reset if the condition itself was not reset, but the preconditions were - clear result of subtree (children and else-branches) when clearing a condition cache From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3082 152afb58-edef-0310-8abb-c4023f1b3aa9
* [core] never evaluate else branches until the previous branches are aready ↵Glenn Strauss2016-02-211-0/+1
| | | | | | | | | | | | | | | | | | (fixes #2598) The first condition which evaluates true in any if-else... condition chain short-circuits the chain, and any remaining conditions in the chain are marked false. Previous conditions in if-else condition chaining must be evaluatable (to true or false) -- must not remain in unset (not yet evaluatable) state -- prior to evaluating later conditions. Since any true condition short-circuits remaining conditions, all prev conditions must be false prior to evaluating later conditions. From: Glenn Strauss <gstrauss@gluelogic.com> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3081 152afb58-edef-0310-8abb-c4023f1b3aa9
* [configparser] don't continue after parse error (fixes #2717)Stefan Bühler2016-02-191-0/+1
| | | | | | | | | only use values in reduce actions when the config is still valid (ctx->ok). From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3080 152afb58-edef-0310-8abb-c4023f1b3aa9
* [mod_cgi] issue trace and exit if execve() fails (closes #2302)Glenn Strauss2016-02-141-0/+1
| | | | | | | | (replace SEGFAULT if execve() fails) From: Glenn Strauss <gstrauss@gluelogic.com> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3079 152afb58-edef-0310-8abb-c4023f1b3aa9
* [mod_cgi] edge case chdir "/" when docroot "/" (fixes #2460)Glenn Strauss2016-02-141-0/+1
| | | | | | From: Glenn Strauss <gstrauss@gluelogic.com> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3077 152afb58-edef-0310-8abb-c4023f1b3aa9
* [core] do not send SIGHUP to process group unless server.max-workers is used ↵Glenn Strauss2016-02-141-0/+1
| | | | | | | | | | | | | | | | | | (fixes #2711) do not propagate sighup if 0 == server.max-workers; reduce impact of sighup on child processes, such as piped loggers, by not forwarding sighup signal unless server.max-workers configured For those configuring server.max-workers, it is recommended that piped loggers be used to avoid log corruption, and then admins can avoid sending lighttpd SIGHUP as there is currently no benefit to doing so with the standard modules (beyond that of log rotation of non-piped access and error logs). From: Glenn Strauss <gstrauss@gluelogic.com> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3076 152afb58-edef-0310-8abb-c4023f1b3aa9
* [mod_cgi] use MAP_PRIVATE to mmap temporary file instead of MAP_SHARED ↵Glenn Strauss2016-02-101-0/+1
| | | | | | | | | | | | | | | | (fixes #2715) Flash filesystem JFFS2 does not support mmap PROT_READ MAP_SHARED, though it does support mmap PROT_READ MAP_PRIVATE Although MAP_SHARED is preferred, CGI input body is fully collected prior to handler invoking the CGI, so the temporary file is never modified after being mapped. Since the request input body is specific to request and is temporary file, mmap PROT_READ MAP_PRIVATE works fine. From: Glenn Strauss <gstrauss@gluelogic.com> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3075 152afb58-edef-0310-8abb-c4023f1b3aa9
* add force_assert for more allocation resultsStefan Bühler2016-01-301-0/+1
| | | | | | From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3072 152afb58-edef-0310-8abb-c4023f1b3aa9
* use libmemcached instead of deprecated libmemcacheStefan Bühler2016-01-031-0/+1
| | | | | | | | Differential Revision: https://review.lighttpd.net/D5 From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3071 152afb58-edef-0310-8abb-c4023f1b3aa9
* add handling for lua 5.2 and 5.3 (fixes #2674)Stefan Bühler2016-01-031-0/+1
| | | | | | | | | | Reviewers: stbuehler Differential Revision: https://review.lighttpd.net/D4 From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3070 152afb58-edef-0310-8abb-c4023f1b3aa9
* [mod_ssi] enhance support for ssi varsfbrosson2016-01-031-0/+1
| | | | | | | | | Try ssi_vars if ssi_cgi_env does not have a matching var name. Allow var names to also include digits after the initial letter or underscore. From: fbrosson <fbrosson@users.noreply.github.com> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3069 152afb58-edef-0310-8abb-c4023f1b3aa9
* - next is 1.4.40Stefan Bühler2016-01-031-1/+3
| | | | | | From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3068 152afb58-edef-0310-8abb-c4023f1b3aa9
* [chunk] fix use after free / double free (fixes #2700)Stefan Bühler2015-12-191-0/+1
| | | | | | From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3065 152afb58-edef-0310-8abb-c4023f1b3aa9
* [core] fix memset_s call (fixes #2698)Stefan Bühler2015-12-181-0/+1
| | | | | | From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3064 152afb58-edef-0310-8abb-c4023f1b3aa9
* - next ist 1.4.39Stefan Bühler2015-12-051-1/+3
| | | | | | From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3063 152afb58-edef-0310-8abb-c4023f1b3aa9
* [core] show correct crypt support result (fixes #2690)lighttpd-1.4.38Kyle J. McKay2015-12-041-0/+1
| | | | | | | | | | | | | If the crypt function is available as part of the standard system library, then HAVE_LIBCRYPT will not be set, but HAVE_CRYPT or HAVE_CRYPT_R will. Make server.c test HAVE_CRYPT, HAVE_CRYPT_R and HAVE_LIBCRYPT to determine the correct value of crypt support. Signed-off-by: Kyle J. McKay git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3061 152afb58-edef-0310-8abb-c4023f1b3aa9
* [network] add darwin-sendfile backend (fixes #2687)Kyle J. McKay2015-12-041-0/+1
| | | | | | | | | | | | | | | | | | | The FreeBSD version of sendfile is already supported. Starting with OS X 10.5, Darwin also supports sendfile, but using a slightly different argument list even though much of the implementation is likely taken from FreeBSD just like the man page is. Add support for darwin's sendfile by introducing a new network_darwin_sendfile.c file that's just a copy of the network_freebsd_sendfile.c file except with the arguments adjusted to compensate for the minor API difference (FreeBSD has separate in and out byte count arguments whereas Darwin has a combined in/out byte count argument). Signed-off-by: Kyle J. McKay <mackyle@gmail.com> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3060 152afb58-edef-0310-8abb-c4023f1b3aa9
* [mod_fastcgi/mod_scgi] zero sockaddr structs before use (fixes #2691)Kyle J. McKay2015-12-041-0/+1
| | | | | | | | | | | | | | | When a sockaddr_un, sockaddr_in or sockaddr_in6 structure is allocated on the stack or heap, it may contain random byte values. The "unused" and "reserved" parts must be zerod otherwise unexpected failures may occur. The simplest way to do this and be compatible with various platforms' struct layouts is just to memset them to 0. Signed-off-by: Kyle J. McKay <mackyle@gmail.com> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3059 152afb58-edef-0310-8abb-c4023f1b3aa9
* [mod_secdownload] add required algorithm option; old behaviour available as ↵Stefan Bühler2015-11-221-0/+1
| | | | | | | | | | "md5", new options "hmac-sha1" and "hmac-sha256" Differential Revision: https://review.lighttpd.net/D7 From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3054 152afb58-edef-0310-8abb-c4023f1b3aa9
* [core] encode path with ENCODING_REL_URI in redirect to directory (fixes ↵Stefan Bühler2015-11-071-0/+1
| | | | | | | | #2661, thx gstrauss) From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3052 152afb58-edef-0310-8abb-c4023f1b3aa9
* [core] add '~' to safe characters in ENCODING_REL_URI/ENCODING_REL_URI_PART ↵Stefan Bühler2015-11-071-0/+1
| | | | | | | | encoding From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3051 152afb58-edef-0310-8abb-c4023f1b3aa9
* [core] revert increase of temp file size back to 1MB, provide a configure ↵Stefan Bühler2015-11-071-0/+1
| | | | | | | | option "server.upload-temp-file-size" instead (fixes #2680) From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3050 152afb58-edef-0310-8abb-c4023f1b3aa9
* [config] check config option scope; warn if server option is given in ↵Stefan Bühler2015-11-071-0/+1
| | | | | | | | conditional From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3049 152afb58-edef-0310-8abb-c4023f1b3aa9
* [mod_secdownload] use a hopefully constant time comparison to check hash ↵Stefan Bühler2015-10-271-0/+1
| | | | | | | | (fixes #2679) From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3048 152afb58-edef-0310-8abb-c4023f1b3aa9
* add force_assert for many allocations and function resultsGaurav2015-10-161-0/+1
| | | | | | From: Gaurav <g.gupta@samsung.com> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3047 152afb58-edef-0310-8abb-c4023f1b3aa9
* [core] don't buffer request bodies smaller than 64k on diskStefan Bühler2015-10-131-0/+1
| | | | | | From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3046 152afb58-edef-0310-8abb-c4023f1b3aa9
* [mod_auth] implement and use safe_memclear, using memset_s or explicit_bzero ↵Loganaden Velvindron2015-09-261-0/+1
| | | | | | | | if available From: Loganaden Velvindron <logan@elandsys.com> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3045 152afb58-edef-0310-8abb-c4023f1b3aa9
View Lorry Controller Status