| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
x-ref:
https://redmine.lighttpd.net/issues/3199
|
|
|
|
|
|
|
|
|
| |
recognize unix domain sockets starting with '/' in extforward.forwarder
before attempting to parse netmask after last '/' in string
x-ref:
"Add support for unix domain sockets in extforward.forwarder"
https://redmine.lighttpd.net/issues/3198
|
|
|
|
| |
do not check for HTTP/2 pseudo headers already tagged by ls-hpack
|
|
|
|
|
|
|
|
|
|
| |
check chunk file open early in chunkqueue_chunk_file_viewadj()
(thx shangzhi_xu)
x-ref:
"Found an UAF bug in /src/chunk.c"
https://redmine.lighttpd.net/issues/3197
|
|
|
|
| |
extract to separate func; still gets inlined in optimized builds
|
| |
|
|
|
|
| |
SSL_CTX_set_options() takes uint64_t for options in openssl 3.0+
|
| |
|
|
|
|
| |
add log_request_header to http_header_parse_ctx
|
|
|
|
|
|
|
|
|
|
|
| |
e.g.
/usr/sbin/lighttpd -D -f <(cat <<END
server.document-root = "/web/"
END
)
x-ref:
https://www.reddit.com/r/bash/comments/11wysi0/combining_heredocs_with_process_substitution/
|
| |
|
| |
|
| |
|
|
|
|
| |
(see "(lighttpd customization)" in ls-hpack/lshpack.h)
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(thx pmconrad)
IPv4: mask final octet (8 bits) of address
IPv6: mask final 10 octets (80 bits) of address
x-ref:
Enable partial masking of IP addresses in access logs
https://github.com/lighttpd/lighttpd1.4/pull/124
IP masking in Universal Analytics
https://support.google.com/analytics/answer/2763052
github: closes #124
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
manage remote addr per request for HTTP/2 requests,
rather than remote addr per connection.
Modern load balancers often provide options to reuse connections for
*different* clients, and therefore mod_extforward might change the
remote addr per request.
x-ref:
"RFE: mod_extforward and multiplexed requests via HTTP/2"
https://redmine.lighttpd.net/issues/3192
"Evaluation of remote_addr for mod_maxminddb for multiplexed connections"
https://redmine.lighttpd.net/issues/3191
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
adds two pointers to (request_st *) (cost: 16 bytes in 64-bit builds)
prepares for upcoming changes to mod_extforward to manage remote addr
per request for HTTP/2 requests, rather than remote addr per connection.
Modern load balancers often provide options to reuse connections for
*different* clients, and therefore mod_extforward might change the
remote addr per request.
x-ref:
"RFE: mod_extforward and multiplexed requests via HTTP/2"
https://redmine.lighttpd.net/issues/3192
"Evaluation of remote_addr for mod_maxminddb for multiplexed connections"
https://redmine.lighttpd.net/issues/3191
|
|
|
|
|
|
|
|
|
|
|
| |
Many load balancers have options to reuse the same connection for
multiple clients, so check remote IP each request to detect if remote IP
has changed for a subsequent requests on the same connection, e.g. due
to mod_extforward.
x-ref:
"Evaluation of remote_addr for mod_maxminddb for multiplexed connections"
https://redmine.lighttpd.net/issues/3191
|
|
|
|
| |
cache formatted secs string for high precision errorlog timestamp
|
|
|
|
|
|
|
|
|
| |
skip building separate modules for built-in modules
Small modules with minimal dependencies are now built-in to lighttpd.
All 12 of these modules have a memory footprint that is approximately
the same as 1 single module built as a .dll due to mandatory minimum
binary sections and memory page sizes (4k each).
|
|
|
|
|
|
|
|
|
| |
chmod u+w configparser.c for lemon
configparser.c might be created mode 444 and then a subsequent
repeat call to lemon will fail EACCES
This fixes that scenario in top level ./packdist.sh script.
|
|
|
|
|
| |
remove extra HTTP/2 HEADERS frame len check
(now that the check has been added to proper place in prior commit)
|
|
|
|
|
|
|
|
|
| |
(thx Sig Run for reproduction cases, ASAN logs, valgrind logs)
credit: sig.run https://hackerone.com/sigrun
2023.02.10 edit:
CVE ID assignment requested a few days ago, but id not yet assigned
|
|
|
|
| |
send 409 Conflict if PUT into parent collection which does not exist
|
|
|
|
|
|
|
|
|
|
|
| |
cgi.local-redir occurs in the subrequest handler, by which point
path-info has been set. Since CGI local redir might restart the
request for an entirely different URL, reset the path info.
Note: mod_rewrite, mod_magnet, and others which may restart the request
do so prior to path-info being set.
path-info is always reset between different requests.
|
|
|
|
| |
path-info in debug trace (debug.log-request-handling) may be unset
|
| |
|
|
|
|
| |
remove the special-case which disabled this for issue in older cygwin
|
| |
|
| |
|
|
|
|
| |
fdevent_poll_poll avoid potential race with pollfds list being extended
|
|
|
|
| |
remove excess +1 per env string
|
| |
|
|
|
|
| |
move headers to help isolate fdevent layer from layers above
|
|
|
|
|
| |
x-ref:
https://redmine.lighttpd.net/boards/3/topics/10842
|
|
|
|
|
|
|
| |
x-ref:
https://redmine.lighttpd.net/boards/3/topics/10842
https://github.com/ndfred/iperf-ios/issues/17
https://github.com/dotnet/runtime/pull/69436
|
|
|
|
| |
remove issock flag; on _WIN32, select(), WSAPoll() work only on sockets
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
-DMOD_WEBDAV_BUILD_MINIMAL preprocessor option to disable PROPPATCH,
LOCK, UNLOCK by removing dependencies on libxml2, libsqlite3, libuuid
(even if built --with-webdav-props --with-webdav-locks)
This permits building mod_webdav.so and an alternative mod_webdav_min.so
without the extra dependencies if the build system is extended to build
mod_webdav_min, compiling mod_webdav.c with -DMOD_WEBDAV_BUILD_MINIMAL
-Dmod_webdav_plugin_init=mod_webdav_min_plugin_init
(note: build systems have not been extended here for mod_webdav_min.so)
x-ref:
"lighttpd-mod-webdav dependency to SQLite"
https://redmine.lighttpd.net/issues/3188
|
|
|
|
|
|
|
|
|
|
|
| |
modify OPTIONS response if webdav.sqlite-db-name is not configured
if webdav.sqlite-db-name is not configured, then in OPTIONS response
- do not advertise PROPPATCH, LOCK, or UNLOCK in "Allow" response header
- do not advertise DAV Compliance Class 2 in "DAV" response header
x-ref:
https://redmine.lighttpd.net/issues/3188
|
|
|
|
|
| |
reset SIGUSR1 to SIG_DFL in fdevent_fork_execve() before execve()
(in case SIGUSR1 had been set to SIG_IGN for server.max-worker > 0)
|
|
|
|
|
|
|
|
|
|
|
| |
adjustments to compile warnings-free with recent clang changes that
warn about potential behavior change for non-prototypes, including
generic function pointers e.g. int(*)()
x-ref:
https://discourse.llvm.org/t/rfc-enabling-wstrict-prototypes-by-default-in-c/60521
https://www.open-std.org/jtc1/sc22/wg14/www/docs/n2432.pdf
https://www.open-std.org/jtc1/sc22/wg14/www/docs/n2841.htm
|
|
|
|
|
|
|
|
|
|
| |
cygwin O_NOFOLLOW fixed in cygwin 3.4.5-1
x-ref:
[ANNOUNCEMENT] cygwin 3.4.5-1
https://cygwin.com/pipermail/cygwin/2023-January/252900.html
Fix an uninitialized variable having weird side-effects in path handling.
https://cygwin.com/pipermail/cygwin/2022-December/252734.html
|
|
|
|
|
|
|
|
|
|
| |
transition to h2 state half closed local if END_STREAM sent with HEADERS
(thx gjoe)
x-ref:
HTTP 2 connections not properly closed
https://redmine.lighttpd.net/issues/3186
|
|
|
|
|
|
|
|
| |
(thx brad)
x-ref:
"CMake: issue with modules path"
https://redmine.lighttpd.net/issues/3185
|
| |
|