==== NEWS ==== - 1.4.60 - 2021-10-03 * [meson] add with_zstd to meson_options.txt * [mod_magnet] reject stat() of empty string (fixes #3064) * [mod_magnet] avoid infinite loop in atpanic (fixes #3065) * [mod_magnet] do not call luaL_error outside pcall (#3065) * [core] 101 upgrade fails if Content-Length incl (fixes #3063) * [mod_gnutls,mod_mbedtls] recog common cipherstring * [tests] remove stray option in test lighttpd.conf * [mod_auth] close HTTP/2 connection after bad pass * [build] fix SCons pkg-config err handling (fixes #3066) * [core] inline funcs to decode h2 framing nums (fixes #3067) * [build] use -pipe with gcc and clang * [mod_mbedtls] preproc wrap ssl_parse_client_hello * [build] augment configure.ac msgs to remove FAM (#3068) * [core] allow '*' in "*:80" socket spec * [core] rename local var * [core] mark config registration funcs cold * [core] fix -fsanitize=undefined pedantic warning (fixes #3069) * [core] algo_hmac.[ch] wrapper (portability) * [mod_secdownload] use algo_hmac.[ch] * [mod_secdownload] use http_auth_const_time_memeq() * [autoconf] add ajp13 to build msgs * [mod_auth] send 401 if digest algo not supported * [mod_deflate] do not cache 206 Partial Content * [core] chunkqueue_append_cq_range() * [core] http_range.[ch] RFC 7233 Range handling * [core] RFC 7233 Range handling for non-streaming * [TLS] fix crash for (broken) nested $SERVER[] cfg * [core] ignore server.event-handler = "libev" * [mod_openssl] use newer openssl 3.0.0 interfaces * [core] quiet coverity warning * [core] http_cgi_local_redir() rename * [core] http_cgi.[ch] CGI interfaces (RFC 3875) * [core] save parsed listen addrs at startup * [core] http_cgi_encode_varname() * [core] add some ifdefs in algo_hmac.c * [core] use epoll_create1() if available * [core] adjust stat_cache_get_entry() conditions * [core] _WIN32 impl of read-only mmap(), munmap() * [core] remove stream.[ch] * [multiple] use binary '|' to reconstruct ts * [core] check EAGAIN if unix socket connect() delay * [multiple] prefer monotonic time for internal use * [core] optimize buffer_urldecode_path() * [mod_openssl] skip cert chain build if self-issued * [mod_nss] avoid NSS crash w/ config file error * [multiple] prefer monotonic time for internal use * [core] http_response_handle_cachable() optim * [core] fix chunkqueue_small_resp_optim partial rd * [core] defer pcre_compile until after config parse * [multiple] PCRE w/ PCRE_STUDY_JIT_COMPILE (fixes #2361) * [mod_dirlisting, mod_trigger_b4_dl] use keyvalue * [multiple] add attrs from gcc -Wsuggest-attribute= * [mod_gnutls] quiet clang warning * [core] http_response_physical_path_error() * [multiple] buffer_has_slash_suffix() * [core] modify path in-place checking for path-info * [multiple] optimize primitives, buffer_extend() * [multiple] do not clear physical.path if finished * [core] http_kv.[ch] perf tuning * [core] remove bad prototype from algo_splaytree.h * [multiple] mark addtl funcs attr returns_nonnull * [TLS] init STEK even if time is 1970 (fixes #3075) * [core] restart if large large clock jump detected (#3075) * [core] copy string and len directly from tmp_buf * [core] move special case for Content-Type CGI hdr * [mod_ssi] inline some buffers in ssi plugin_data * [core] use monotonic secs for piped loggers start * [mod_cml] use cached time from log_epoch_secs * [mod_dirlisting] limit buffer use for large dirs * [multiple] http_header APIs to reduce str copies * [mod_userdir] use stat_cache_path_isdir() * [mod_indexfile] reduce copying of base path * [TLS] https_add_ssl_client_verify_err() * [TLS] use stack for SSL_CLIENT_S_DN_* tag * [core] buffer_append_strftime() perf annotations * [mod_userdir] use 2-element cache * [mod_magnet] use http_chunk_* APIs * [mod_accesslog] reformat numeric timestamp * [mod_accesslog] strftime %z for numeric timestamp * [mod_accesslog] reformat numeric timestamp code * [multiple] strftime %F and %T * [mod_trigger_b4_dl] gdbm_reorganize once a day * [mod_status] double-buffer large output to tmpfile * [mod_ssi] shared code to wrap strftime() * [mod_ssi] use intermediate chunkqueue to aggregate * [multiple] pass len when copying constant strings * [core] short-circuit encoding if nothing to encode * [build] check for mempcpy() * [core] buffer_append_* aggregates * [core] config_vars_init() * [multiple] use buffer_append_* aggregates * [core] define __attribute_nonnull__ * [core] mark select buffer.[ch] funcs attr nonnull * [core] mark select http_kv.[ch] funcs attr nonnull * [core] mark some chunk.h funcs attr cold * [core] remove an excess check * [core] mark debug path unlikely * [core] ignore empty headers unless pseudo-headers * [multiple] buffer_copy_path_len2() aggregate * [mod_dirlisting] process dir in subrequest handler * [mod_dirlisting] restructure and keep state * [mod_dirlisting] read dir in pieces; less blocking * [mod_dirlisting] upper limit on parallel dirlist * [mod_dirlisting] parse query string in javascript * [mod_dirlisting] dir-listing.cache option * [mod_webdav] webdav_log_xml_response() * [mod_webdav] limit mem use under extreme condition * [core] vector.h tweaks * [mod_proxy] send HTTP/1.0 to backend if no Host * [build] fix zstd option in meson (fixes #3076) * [multiple] more reuse of http_date_time_to_str() * [TLS] rename ssl.verifyclient.ca-*file options * [mod_openssl] issue error trace if < openssl 1.1.1 * [mod_webdav] always define webdav_mmap_file_chunk * [mod_dirlisting] ignore error if include file fail * [multiple] quiet coverity warnings * [scons] link lighttpd with pcre for fullstatic * [scons] link lighttpd with pcre for static build * [core] exit 0 upon shutdown if no connections open * [mod_nss] define TLSv1_3 as bitflag * [core] update ls-hpack * [core] discard some HTTP/2 DATA after response (fixes #3078) * [mod_expires,mod_webdav] fix truncated date string * [mod_expire] accept time labels without plural 's' * [mod_webdav] accept alt syntax in webdav.opts * [core] recognize "enabled"/"disabled" for bool * [mod_expire] check for default if mime not found * [core] move timegm() impl inline in sys-time.h * [mod_expire] send only Cache-Control to >=HTTP/1.1 * [mod_webdav] quiet pedantic compiler warning * [core] reuse code to parse backend response * [core] consistent inclusion of sys-time.h * [mod_authn_file] wipe password/digest after use * [TLS] ALPN h2 policy * [core] tolerate dup array config values if match * [multiple] static file optimization; reuse cache * [mod_staticfile] move cold paths to separate func * [build] --with-nss add test for /usr/include/nspr4 * [core] li_base64_decode similar to li_to_base64 * [core] li_base64_decode mark cold code path * [core] li_to_base64 alt code to add padding * [core] buffer_append_base64_encode_opt() * [core] base64_charset enum supports only 2 tables * [core] consolidate overflow checks in li_to_base64 * [mod_auth] include unistd.h for crypt() on Mac OS * [core] tighten code in request_check_hostname() * [core] merge http_response_send_file 0-size case * [mod_extforward] shared mod_extforward_bad_request * [core] http_response_send_file() mark cold paths * [core] improve HTTP/2 behavior w/ max-request-size * [tests] disable secdownload HMAC tests for NSS * [core] check for Upgrade before h2 upgrade check * [core] remove buffer_is_equal_right_len() * [core] buffer_is_equal_string -> buffer_eq_slen * [core] mark cold paths in http_response_config * [core] http_response_prepare() OPTIONS *, CONNECT * [core] mark some likely hot paths (better asm) * [core] simplify buffer_path_simplify() * [core] remove excess assertions in buffer_commit() * [core] quiet coverity noise * [mod_auth] include unistd.h for crypt() on *nix * [cmake] improve cmake detection of timegm * [cmake] update src/config.h.cmake * [core] adjust r->http_host ptr caching * [core] merge uri_raw and uri_clean hooks * [core] reorder hook enum for better mem locality * [core] remove redundant check for max_conns * [multiple] mark con->srv_socket a const ptr * [core] accept in network_server_handle_fdevent() * [mod_*_dbi] fix sqlite3_dbdir spelling in comments * [core] remove HANDLER_UNSET enum value * [core] add option to read config file from stdin * [mod_flv_streaming] check range before sending FLV * [mod_magnet] use http_chunk_append_file_ref_range * [core] range chk http_chunk_append_file_ref_range * [core] remove some (now) unused http_chunk APIs * [core] document error edge case for HTTP/1.0 * [core] fix kill workers and shutdown by signal * [core] store int* ptr to common gw status counters * [tests] quite coverity warning in test_request.c * [core] tighter OS event poll loops (better asm) * [core] omit fdevent select() code if poll() avail * [core] adjust some array code (better asm) * [core] base64 encode round-up for required space * [core] base64 encode w/ reduced data dependencies * [core] merge base64 encoding to li_base64_enc() * [core] li_base64_dec() on 4 bytes at a time * [core] load padding char from base64_table * [core] remove size maint in algo_splaytree * [core] remove excess counts from print config * [core] consolidate config printing code * [core] move data_{array,integer,string} to array.c * [core] define __attribute_unused__ if needed * [core] ck.[ch] - C11 Annex K wrappers * [multiple] use thread-safe strerror where avail * [multiple] move const time cmp funcs to ck.[ch] * [multiple] rename safe_memclear() -> ck_memzero() * [multiple] http_auth_digest_hex2bin -> li_hex2bin * [mod_auth,mod_vhostdb] move helper funcs to mods * [mod_auth*] rename http_auth.* -> mod_auth_api.* * [mod_vhostdb*] rename http_vhostdb->mod_vhostdb_api * [core] comment out ck_getenv_s() (unused) * [mod_secdownload] include algo_hmac.c in mod * [core] make insert_dup an optional array method * [core] return entry from array_insert_data_at_pos * [core] network_write optimizations * [core] network_write prefer writev() over write() * [core] connection_handle_read_state mark hot case * [core] buffer_commit() optim; better asm * [TLS] write_cq_ssl defer remove_finished_chunks * [core] compare entire "/bin/sh" "-c" after execve * [core] reduce repeated work in http_cgi_headers() * [core] code reuse with array_match_value_prefix() * [build] adjustments for autotools on Mac OS X * [build] autoupdate; still autoconf 2.60 compatible * [build] MacOS linker compat * [core] http_header_hkey_get() perf (better asm) * [TLS] reset stek_rotate_ts if clock moves backward * [core] sock_addr_from_buffer_hints_numeric unused * [core] tweaks writing response header (better asm) * [core] adjust buffer use for hdr name for lshpack * [core] comment out unused part of http_etag_remix * [core] inline fam_dir_entry buffer 'name' member * [multiple] reduce redundant NULL buffer checks * [core] calculate backend host gw_hash at startup * [core] gw_host_get() comment out devel debugging * [core] request_config_reset() * [mod_magnet] inline name and etag buffers in cache * [mod_magnet] sync script load w/ stat_cache * [core] clear etag in stat_cache_get_entry_open() * [mod_auth] merge some repeated code; code reuse * [core] add iovec wrappers to sys-crypto-md.h * [core] li_base64_dec() * [multiple] use _iov() digest funcs * [mod_auth] mod_auth_digest_get() * [mod_auth] mod_auth_algorithm_parse() w/ algo len * [mod_authn_dbi] copy strings before escaping * [mod_auth] refactor mod_auth_check_digest() * [mod_auth] refactor mod_auth_check_basic() * [build] look for memcpy and define HAVE_MEMCPY * [core] buffer_path_simplify() quick(er) path * [core] reduce memcmp in http_request_parse_header * [build] look for port.h on Solaris, not sys/port.h * [core] buffer_realloc() using power-2 realloc * [core] lowercase r->http_host, r->uri.authority * [multiple] buffer_copy_string_len_lc() * [mod_magnet] cache script objects at config time * [core] move backtrace and assert macros to ck.[ch] * [core] allocate initial request pool w/ srv->conns * [mod_extforward] inline some more data structures * [mod_access] remove excess trace * [multiple] reduce use of BUFFER_INTLEN_PTR * [multiple] inline struct in con->dst_addr_buf * [core] reset large path buffers from long URLs * [core] construct file path after docroot hook * [core] avoid inlining buffer_eq_icase_ssn() * [core] order gw_proc members for packing and usage * [core] order gw_host members for packing and usage * [mod_proxy] proxy_response_headers load v earlier * [core] proxy_create_env() tweaks * [core] write_all() simpler loop; better asm * [core] http_date_time_append() convenience macro * [core] reduce excess cc inlining in http_chunk.c * [core] const buffer * in config_check_cond_nocache * [core] parse $HTTP["remote-ip"] CIDR mask at start * [core] reduce $HTTP["host"] compare str scanning * [multiple] http_method_buf() * [core] config_check_cond_nocache() xor return code * [core] refactor config_check_cond_nocache() flow * [mod_deflate] use deflate.allowed-encodings order * [mod_deflate] use ZSTD_c_strategy w/ compress lvl * [mod_deflate] deflate.params per-encoder params * [mod_deflate] use brotli quality 5 by default * [mod_deflate] improve compress.*->deflate.* remap * [mod_auth] detect and skip BWS (bad whitespace) * [core] better trace if TLS received on clear port * [core] replace strncasecmp w/ buffer_eq_icase_ssn * [tests] use generated date in HTTP If conditionals * [tests] update t/test_request.c * [tests] mv tests from request.t to test_request.c * [tests] t/test_mod_staticfile * [tests] combine *.t using tests/lighttpd.conf * [tests] combine *.t using tests/condition.conf * [tests] speed up mod-fastcgi and mod-scgi tests * [core] report Y2038 support in lighttpd -V * [autoconf] add AC_SYS_LARGEFILE for lfs * [multiple] Y2038 32-bit signed time_t mitigations * [mod_deflate] use http_header_str_contains_token * [core] tune http_response_process_headers() * [core] use CLOCK_MONOTONIC_COARSE where available * [core] log_clock_gettime->clock_gettime for 64-bit * [core] Y2038: use _TIME_BITS=64 on 32-bit glibc * [core] define _DEFAULT_SOURCE in first.h * [build] check for sys/filio.h in CMake and meson * [core] quiet compiler warnings * [mod_openssl] no ALPN fatal error w/ mod_sockproxy (fixes #3081) * [core] make missing mod_deflate not a fatal error * [core] store time for last r/w to a backend socket * [core] gw_backend_error() shared code * [core] connect, write, read timeouts on backends (fixes #3086) * [doc] https://wiki.lighttpd.net/Docs_Performance * [core] tweak buffer merging to reduce mem * [core] chunkqueue_append_buffer always clears buf * [core] http_response_append_{buffer,mem}() * [core] improve handling of suboptimal backend wr * [core] http_response_read() indicate resp finished * [mod_cgi] cgi.limits "read-timeout" "write-timeout" (#3086) * [core] clarify error message in gw_backend.c * [core] set min srv->max_fds = 32 (sanity check) * [core] adjust server overload check * [core] free fdwaitqueue list when empty * [core] adjust srv->srvconf.max_conns at startup * [core] conns_pool separate from conns list (#3084) * [build] update ax_prog_cc_for_build.m4 * [core] add wolfssl-specific include * [core] rename srv->max_conns -> srv->lim_conns * [core] change srv->conns to doubly-linked-list * [core] change con joblist to singly-linked-list * [core] remove connection_list_append() * [core] clear request,connection pools every 64 sec (#3084) * [mod_wolfssl] wolfSSL_sk_X509_NAME_push change * [core] clarify an error message * [core] reduce optim inline of cold funcs * [core] remove HANDLER_WAIT_FOR_FD * [mod_cgi] reuse chunk buffers * [mod_cgi] use linked list for process list * [mod_uploadprogress] use splay_tree for req list * [multiple] remove base.h include where not used * [mod_indexfile] section into subroutines * [mod_extforward] HAProxy PROXY env PP2_UNIQUE_ID * [mod_magnet] reuse lighty lua table * [core] li_hmac_sha512() * [mod_magnet] expose md and hmac funcs to lua * [mod_magnet] allow modification of request headers * [mod_magnet] lighty.stat now returns userdata obj * [mod_magnet] protect and control lighty table mod * [mod_magnet] expose enc/dec str funcs to lua * [mod_magnet] look up env id by strlen, then strcmp * [core] reuse some cold duplicate hdr match code * [core] use mod name in trace instead of mod_gw * [mod_magnet] lighty.r.* interfaces to request * [core] refuse excess h2 streams at con start (fixes #3093) * [mod_magnet] lighty.c.cookie_tokens * [mod_magnet] lighty.c.readdir * [mod_magnet] use blank str for nil (do not panic) * [mod_magnet] rename magnet_cgi_ to magnet_envvar_ * [mod_magnet] reset config cache for uri components * [mod_magnet] reset config cache for remote addr * [core] sock_addr_set_port() * [mod_magnet] attrs for remote port and server port * [mod_magnet] detect MAGNET_RESTART_REQUEST loops * [mod_magnet] ignore 1xx return in response start * [mod_echo] test module to echo request as response * [core] base64url pad char is '='; change from '.' * [mod_cgi] improve CGI offloading * [mod_openssl] default disable client renegotiation * [core] log_error_multiline() * [tests] t/test_mod_indexfile * [tests] IO::Socket::INET->new( Timeout => 1 ) * [mod_indexfile] update path with buffer path funcs * [tests] move tests/docroot/www contents up 1 level * [build] look for malloc.h and mallopt() * [core] config mallopt(M_ARENA_MAX, 2) (#3084) * [core] periodically malloc_trim() to release mem (fixes #3084) * [build] propagate HAVE_DLFCN_H in builds * [core] cfg server.bindhost after $SERVER["socket"] * [core] TCP_CORK w/ MEM_CHUNK then FILE_CHUNK * [core] remove server.upload-temp-file-size limit * [core] expose ck_bt() for debugging * [core] change backtrace format to put addr first * [core] reduce stack use in main() * [core] write all cq MEM_CHUNK if spill to tempfile * [core] realloc buffer power-2 size + 1 for '\0' * [mod_cgi] cgi.limits "tcp-fin-propagate" => "SIG" * [core] consolidate more gw_host, gw_proc init code * [core] mark cold more gateway maintenance code * [core] reduce wait time in gw_spawn_connection() * [core] remove redundant waitpid() on each backend * [multiple] quiet coverity warnings * [build] define rsize_t on FreeBSD * [core] quiet coverity warnings * [tests] skip time-sensitive test during CI testing * [core] clear buffer after backend dechunk * [core] update comment about server.max-write-idle * [core] fdlog.[ch]; fdevent_*_logger_* -> fdlog_* * [multiple] de-dup file and piped loggers (fixes #3101) * [multiple] prefer r->tmp_buf to p->tmp_buf * [core] shared temp buffer for log_*error*() * [core] refuse excess initial streams only if block (fixes #3100) * [core] quiet coverity warnings * [core] reject HTTP/2 pseudo-header in trailers (#3102) * [core] remove redundant check in h2_recv_headers() * [core] reduce oversized mem alloc for backends * [core] HTTP/2 GOAWAY after timeout before read (fixes #3102) * [core] default backend "connect-timeout" to 8 (#3086) * [core] HTTP/2 GOAWAY after timeout before read (#3102) * [core] mark attr malloc, returns nonnull * [core] separate mem pool for FILE_CHUNK reuse * [core] retain largest chunk on oversized chunk lst * [core] improve chunk buffer reuse from backends * [multiple] internal control for backend read bytes * [core] option: errorlog high precision timestamps * [core] create temp file name in chunk buffer * [core] chunkqueue_get_append_newtempfile() * [core] remove redundant checks for tempfile chunk * [multiple] fdevent_mkostemp() * [build] check for pread(), pwrite(), splice() * [multiple] _WIN32 fdevent_pipe_cloexec() * [core] _WIN32 impl of fdevent_mkostemp() * [multiple] check feature flags funcs; code reuse * [multiple] avoid empty chunks in chunkqueue * [core] splice() data from backends to tempfiles * [core] fix chunked decoding from backend (#3044, #3046) * [core] remove obsolete comment about r->gw_dechunk * [core] improve chunk buffer reuse from backends * [mod_cgi] improve chunk buffer reuse from backends * [core] disable streaming response with authorizer (fixes #3106) * [multiple] clarify error msg when no cert avail * [core] disable server.graceful-restart-bg if spawn * [tests] ignore SIGINT, SIGUSR1 in fcgi-responder * [core] cap size of data framed for HTTP/2 response * [core] fix typo in h2_send_cqdata() * [core] use pread() to skip lseek() * [core] h2_send_cqdata() returns how much data sent * [core] allow up to 32k of data frames per stream * [core] limit initial response header backend read * [core] read files into mem when framed for HTTP/2 * [core] chunkqueue_mmap_chunk_len() for code reuse * [core] chunkqueue_peek_data() mmap experiment * [core] quiet coverity warnings * [core] portability tweaks for various platforms/cc * [core] fix chunked decoding from backend (#3044, #3046) * [doc] update config files * [mod_openssl] boringssl compat * [core] adjust indent for clarity - 1.4.59 - 2021-02-02 * [mod_webdav] hide unused funcs depending on build * [mod_mbedtls] include mbedtls/platform_util.h * [mod_mbedtls] use local strncmp_const() * [mod_gnutls] use local strncmp_const() * [mod_dirlisting] place vars closer to where used * [autotools] autoupdate; subst deprecated/obsolete * [autoconf] update ax_prog_cc_for_build.m4 * [core] fix crash at shutdown w/ certain config * [tests] use ephemeral ports in tests * [mod_wolfssl] minor updates for wolfSSL v4.6.0 * [doc] create-mime.conf.pl improve case handling * [mod_openssl] extend ssl.openssl.ssl-conf-cmd * [mod_extforward] config warning for module order * [mod_extforward] fix extforward.headers defaults (fixes #3051) * [multiple] use HTTP_HEADER_* enum before strcmp * [multiple] replace buffer_is_equal_caseless_string * [mod_dirlisting] quiet coverity false positive * [doc] create-mime.conf.pl improve case handling * [autoconf] fix LT_INIT syntax * [doc] create-mime.conf.pl -v for warnings * [core] fix crash in error trace if backend is down (fixes #3052) * [doc] create-mime.conf.pl -v silent for mult vnd * [mod_openssl] update LIBRESSL_VERSION_NUMBER check * [multiple] fix: honor CipherString for alt TLS lib * [mod_openssl] set Ciphersuites once API available * [mod_dirlisting] use fdopendir(), fstatat() * [mod_deflate] support Accept-Encoding: zstd * [mod_deflate] use zstd streaming API * [mod_dirlisting] hide unused variable on MacOS * [doc] add --with-zstd to INSTALL * [mod_access] mark mod_access_check attribute pure * [core] add decls in connections.h * [build] update scripts/ci-build.sh * [core] check ifdef WOLFSSL_SHA512 for SHA512 avail * [build] scripts/ci-build.sh --with-nettle * [mod_openssl] update LIBRESSL_VERSION_NUMBER check * [build] scripts/ci-build.sh w/o --with-wolfssl * [build] scripts/ci-build.sh adjustments * [build] fix typo in src/CMakeLists.txt * [build] adjust mbedtls vars in src/CMakeLists.txt * [build] scripts/ci-build.sh adjustments * [build] adjust crypto vars in src/CMakeLists.txt * [core] avoid multiple definition of SHA512_CTX * [build] adjust crypto vars in src/CMakeLists.txt * [mod_alias] modify r->physical.path in place * [build] scripts/ci-build.sh add --with-maxminddb * build] scripts/ci-build.sh remove --with-maxminddb * [mod_deflate] use zstd typedefs (minor cleanup) * [mod_deflate] compat with zstd < v1.4.0 * [multiple] fix coverity warnings * [multiple] fix TLS config string parsing * [mod_gnutls] fix ssl.ca_dn_file data access * [mod_wolfssl] wipe ssl_pemfile_pkey before free() * [mod_wolfssl] fix syntax errors * [multiple] fix TLS config string parsing * [mod_gnutls] fix alt code for coverity * [core] check more carefully after SSL_WANT_WRITE * [core] fix 100% CPU spin if traffic limit hit * [core] skip interest in POLLRDHUP after POLLRDHUP (#3059) * [TLS] detect expired stapling file at startup (fixes #3056) * [multiple] avoid duplicate parsing in trigger func (#3056) * [multiple] quiet some clang-analyzer warnings * [core] enable HTTP/2 by default * [mod_ajp13] AJPv13 Tomcat connector for lighttpd * [core] const data_unset *array_get_element_klen() * [core] tighten struct data_config and related code * [core] fix merging large headers across mult reads (fixes #3059) * [mod_gnutls,mod_mbedtls] recog common cipherstring * [build] fix typo in SConstruct (fixes #3061) * [mod_wolfssl] wolfSSL might repeat SNI_Callback() * [TLS] fix invalid cfg warning * [mod_openssl] fix acme-tls/1 challenge bootstrap * [TLS] set r->uri.authority empty str upon accept() * [mod_gnutls] fix acme-tls/1 challenge bootstrap * [mod_nss] fix acme-tls/1 challenge bootstrap * [mod_wolfssl] copy stapling buf for OCSP resp * [mod_mbedtls] fix acme-tls/1 challenge bootstrap * [mod_mbedtls] fix acme-tls/1 challenge bootstrap * [mod_cgi] fix assert if empty X-Sendfile path (fixes #3062) * [mod_mbedtls] restore ALPN chk after client hello * [core] re-validate h2 CONTINUATION frame len in cq * [mod_mbedtls] remove redundant condition check * [core] quiet coverity warning - 1.4.58 - 2020-12-27 * [mod_wolfssl] use wolfSSL TLS version defines * [mod_wolfssl] compile with earlier wolfSSL vers * [tests] collect code for "die-at-end" tests * [tests] remove FastCGI test dependency on libfcgi * [core] prefer IPv6+IPv4 func vs IPv4-specific func * [tests] remove FastCGI test dependency on PHP * [core] reuse large mem chunks (fix mem usage) (fixes #3033) * [core] add comment for FastCGI mem use in hctx->rb (#3033) * [mod_proxy] fix sending of initial reqbody chunked * [multiple] fdevent_waitpid() wrapper * [core] sys-time.h - localtime_r,gmtime_r macros * [core] http_date.[ch] encapsulate HTTP-date parse * [core] specialized strptime() for HTTP date fmts * [multiple] employ http_date.h, sys-time.h * [core] http_date_timegm() (portable timegm()) * buffer_append_path_len() to join paths * [core] inet_ntop_cache -> sock_addr_cache * [tests] slight speed up checking for server ready * [tests] load required modules in alt .conf tests * [multiple] etag.[ch] -> http_etag.[ch]; better imp * [core] fix crash after specific err in config file * [core] fix bug in FastCGI uploads (#3033) * [tests] OpenBSD crypt() support limited to bcrypt * [core] http_response_match_if_range() * [mod_webdav] typedef off_t loff_t for FreeBSD * [multiple] chunkqueue_write_chunk() * [build] add GNUMAKEFLAGS=--no-print-directory * [tests] consolidate some tests/ content * [core] fix bug in read retry found by coverity - 1.4.57 - 2020-12-17 * [core] attempt to quiet some coverity warnings * [mod_webdav] compile fix for Mac OSX/11 * [core] handle U+00A0 in config parser * [core] fix lighttpd -1 one-shot with pipes * [core] quiet start/shutdown trace in one-shot mode * [core] allow keep-alives in one-shot mode (#3042) * [mod_webdav] define _ATFILE_SOURCE if AT_FDCWD * [core] setsockopt IPV6_V6ONLY if server.v4mapped * [build] fix meson.build when building all TLS mods * [core] prefer inet_aton() over inet_addr() * [build] fix SCons build when building all TLS mods * [core] add missing mod_wolfssl to ssl compat list * [mod_openssl] remove ancient preprocessor logic * [core] SHA512_Init, SHA512_Update, SHA512_Final * [mod_wolfssl] add complex preproc logic for SNI * [core] wrap a macro value with parens * [core] fix handling chunked response from backend (fixes #3044) * [core] always set file.fd = -1 on FILE_CHUNK reset (fixes #3044) * [core] skip some trace if backend Upgrade (#3044) * [TLS] cert-staple.sh POSIX sh compat (fixes #3043) * [core] portability fix if st_mtime not defined * [mod_nss] portability fix * [core] warn if mod_authn_file needed in conf * [core] fix chunked decoding from backend (fixes #3044) * [core] reject excess data after chunked encoding (#3046) * [core] track chunked encoding state from backend (fixes #3046) * [core] li_restricted_strtoint64() * [core] track Content-Length from backend (fixes #3046) * [core] enhance config parsing debugging (#3047) * [core] reorder srv->config_context to match ndx (fixes #3047) * [mod_proxy] proxy.header = ("force-http10" => ...) * [mod_authn_ldap] fix crash (fixes #3048) * [mod_authn_ldap, mod_vhostdb_ldap] default cafile * [core] fix array_copy_array() sorted[] * [multiple] replace fall through comment with attr * [core] fix crash printing trace if backend is down * [core] fix decoding chunked from backend (fixes #3049) * [core] attempt to quiet some coverity warnings - 1.4.56 - 2020-11-29 * [core] perf: request processing * [core] http_header_str_contains_token() * [mod_flv_streaming] parse query string w/o copying * [mod_evhost] use local array to split values * [core] remove srv->split_vals * [core] add User-Agent to http_header_e enum * [core] store struct server * in struct connection * [core] use func rc to indicate done reading header * [core] replace connection_set_state w/ assignment * [core] do not pass srv to http header parsing func * [core] cold buffer_string_prepare_append_resize() * [core] chunkqueue_compact_mem() * [core] connection_chunkqueue_compact() * [core] pass con around request, not srv and con * [core] reduce use of struct parse_header_state * [core] perf: HTTP header parsing using \n offsets * [core] no need to pass srv to connection_set_state * [core] perf: connection_read_header_more() * [core] perf: connection_read_header_hoff() hot * [core] inline connection_read_header() * [core] pass ptr to http_request_parse() * [core] more 'const' in request.c prototypes * [core] handle common case of alnum or - field-name * [mod_extforward] simplify code: use light_isxdigit * [core] perf: array.c performance enhancements * [core] mark some data_* funcs cold * [core] http_header.c internal inline funcs * [core] remove unused array_reset() * [core] prefer uint32_t to size_t in base.h * [core] uint32_t for struct buffer sizes * [core] remove unused members of struct server * [core] short-circuit path to clear request.headers * [core] array keys are non-empty in key-value list * [core] keep a->data[] sorted; remove a->sorted[] * [core] __attribute_returns_nonnull__ * [core] differentiate array_get_* for ro and rw * [core] (const buffer *) in (struct burl_parts_t) * [core] (const buffer *) for con->server_name * [core] perf: initialize con->conf using memcpy() * [core] run config_setup_connection() fewer times * [core] isolate data_config.c, vector.c * [core] treat con->conditional_is_valid as bitfield * [core] http_header_hkey_get() over const array * [core] inline buffer as part of DATA_UNSET key * [core] inline buffer key for *_patch_connection() * [core] (data_unset *) from array_get_element_klen * [core] inline buffer as part of data_string value * [core] add const to callers of http_header_*_get() * [core] inline array as part of data_array value * [core] const char *op in data_config * [core] buffer string in data_config * [core] streamline config_check_cond() * [core] keep a->data[] sorted (REVERT) * [core] array a->sorted[] as ptrs rather than pos * [core] inline header and env arrays into con * [mod_accesslog] avoid alloc for parsing cookie val * [core] simpler config_check_cond() * [mod_redirect,mod_rewrite] store context_ndx * [core] const char *name in struct plugin * [core] srv->plugin_slots as compact list * [core] rearrange server_config, server members * [core] macros CONST_LEN_STR and CONST_STR_LEN * [core] struct plugin_data_base * [core] improve condition caching perf * [core] config_plugin_values_init() new interface * [mod_access] use config_plugin_values_init() * [core] (const buffer *) from strftime_cache_get() * [core] mv config_setup_connection to connections.c * [core] use (const char *) in config file parsing * [mod_staticfile] use config_plugin_values_init() * [mod_skeleton] use config_plugin_values_init() * [mod_setenv] use config_plugin_values_init() * [mod_alias] use config_plugin_values_init() * [mod_indexfile] use config_plugin_values_init() * [mod_expire] use config_plugin_values_init() * [mod_flv_streaming] use config_plugin_values_init() * [mod_magnet] use config_plugin_values_init() * [mod_usertrack] use config_plugin_values_init() * [mod_userdir] split policy from userdir path build * [mod_userdir] use config_plugin_values_init() * [mod_ssi] use config_plugin_values_init() * [mod_uploadprogress] use config_plugin_values_init() * [mod_status] use config_plugin_values_init() * [mod_cml] use config_plugin_values_init() * [mod_secdownload] use config_plugin_values_init() * [mod_geoip] use config_plugin_values_init() * [mod_evasive] use config_plugin_values_init() * [mod_trigger_b4_dl] use config_plugin_values_init() * [mod_accesslog] use config_plugin_values_init() * [mod_simple_vhost] use config_plugin_values_init() * [mod_evhost] use config_plugin_values_init() * [mod_vhostdb*] use config_plugin_values_init() * [mod_mysql_vhost] use config_plugin_values_init() * [mod_maxminddb] use config_plugin_values_init() * [mod_auth*] use config_plugin_values_init() * [mod_deflate] use config_plugin_values_init() * [mod_compress] use config_plugin_values_init() * [core] add xsendfile* check if xdocroot is NULL * [mod_cgi] use config_plugin_values_init() * [mod_dirlisting] use config_plugin_values_init() * [mod_extforward] use config_plugin_values_init() * [mod_webdav] use config_plugin_values_init() * [core] store addtl data in pcre_keyvalue_buffer * [mod_redirect] use config_plugin_values_init() * [mod_rewrite] use config_plugin_values_init() * [mod_rrdtool] use config_plugin_values_init() * [multiple] gw_backends config_plugin_values_init() * [core] config_get_config_cond_info() * [mod_openssl] use config_plugin_values_init() * [core] use config_plugin_values_init() * [core] collect more config logic into configfile.c * [core] config_plugin_values_init_block() * [core] gw_backend config_plugin_values_init_block * [core] remove old config_insert_values_*() funcs * [multiple] plugin.c handles common FREE_FUNC code * [core] run all trigger and sighup handlers * [mod_wstunnel] change DEBUG_LOG to use log_error() * [core] stat_cache_path_contains_symlink use errh * [core] isolate use of data_config, configfile.h * [core] split cond cache from cond matches * [mod_auth] inline arrays in http_auth_require_t * [core] array_init() arg for initial size * [core] gw_exts_clear_check_local() * [core] gw_backend less pointer chasing * [core] connection_handle_errdoc() separate func * [multiple] prefer (connection *) to (srv *) * [core] create http chunk header on the stack * [multiple] connection hooks no longer get (srv *) * [multiple] plugin_stats array * [core] read up-to fixed size chunk before fionread * [core] default chunk size 8k (was 4k) * [core] pass con around gw_backend instead of srv * [core] log_error_multiline_buffer() * [multiple] reduce direct use of srv->cur_ts * [multiple] extern log_epoch_secs * [multiple] reduce direct use of srv->errh * [multiple] stat_cache singleton * [mod_expire] parse config into structured data * [multiple] generic config array type checking * [multiple] rename r to rc rv rd wr to be different * [core] (minor) config_plugin_keys_t data packing * [core] inline buffer in log_error_st errh * [multiple] store srv->tmp_buf in tb var * [multiple] quiet clang compiler warnings * [core] http_status_set_error_close() * [core] http_request_host_policy w/ http_parseopts * [multiple] con->proto_default_port * [core] store log filename in (log_error_st *) * [core] separate log_error_open* funcs * [core] fdevent uses uint32_t instead of size_t * [mod_webdav] large buffer reuse * [mod_accesslog] flush file log buffer at 8k size * [core] include settings.h where used * [core] static buffers for mtime_cache * [core] convenience macros to check req methods * [core] support multiple error logs * [multiple] omit passing srv to fdevent_handler * [core] remove unused arg to fdevent_fcntl_set_nb* * [core] slightly simpify server_(over)load_check() * [core] isolate fdevent subsystem * [core] isolate stat_cache subsystem * [core] remove include base.h where unused * [core] restart dead piped loggers every 64 sec * [mod_webdav] use copy_file_range() if available * [core] perf: buffer copy and append * [core] copy some srv->srvconf into con->conf * [core] move keep_alive flag into request_st * [core] pass scheme port to http_request_parse() * [core] pass http_parseopts around request.c * [core] rename specific_config to request_config * [core] move request_st,request_config to request.h * [core] pass (request_st *) to request.c funcs * [core] remove unused request_st member 'request' * [core] rename content_length to reqbody_length * [core] t/test_request.c using (request_st *) * [core] (const connection *) in http_header_*_get() * [mod_accesslog] log_access_record() fmt log record * [core] move request start ts into (request_st *) * [core] move addtl request-specific struct members * [core] move addtl request-specific struct members * [core] move plugin_ctx into (request_st *) * [core] move addtl request-specific struct members * [core] move request state into (request_st *) * [core] store (plugin *) in p->data * [core] store subrequest_handler instead of mode * [multiple] copy small struct instead of memcpy() * [multiple] split con, request (very large change) * [core] r->uri.path always set, though might be "" * [core] C99 restrict on some base funcs * [tests] stub out config funcs in test_mod_* * [tests] t/test_mod_userdir * [core] dispatch handler in handle_request func * [core] http_request_parse_target() * [mod_magnet] modify r->target with "uri.path-raw" * [core] remove r->uri.path_raw; generate as needed * [core] http_response_comeback() * [core] http_response_config() * [tests] use buffer_eq_slen() for str comparison * [core] http_status_append() short-circuit 200 OK * [core] mark some chunk.c funcs as pure * [core] use uint32_t in http_header.[ch] * [core] perf: tighten some code in some hot paths * [core] parse header label before end of line * [doc] add link to wiki in doc/outdated/ssl.txt * [doc] src/t/README * [mod_auth] "nonce_secret" option to validate nonce (fixes #2976) * [build] fix build on MacOS X Tiger * [doc] lighttpd.conf: lighttpd choose event-handler * [config] blank server.tag if whitespace-only * [mod_proxy] stream request using HTTP/1.1 chunked (fixes #3006) * [multiple] correct misspellings in comments * [multiple] fix some cc warnings in 32-bit, powerpc * [tests] fix skip count in mod-fastcgi w/o php-cgi * [multiple] ./configure --with-nettle to use Nettle * [core] skip excess close() when FD_CLOEXEC defined * [mod_cgi] remove redundant calls to set FD_CLOEXEC * [core] return EINVAL if stat_cache_get_entry w/o / * [mod_webdav] define PATH_MAX if not defined * [mod_accesslog] process backslash-escapes in fmt * [mod_openssl] disable cert vrfy if ALPN acme-tls/1 * [core] add seed before openssl RAND_pseudo_bytes() * [mod_mbedtls] mbedTLS option for TLS * [core] prefer getxattr() instead of get_attr() * [multiple] use *(unsigned char *) with ctypes * [mod_openssl] do not log ECONNRESET unless debug * [mod_openssl] SSL_R_UNEXPECTED_EOF_WHILE_READING * [mod_gnutls] GnuTLS option for TLS (fixes #109) * [mod_openssl] rotate session ticket encryption key * [mod_openssl] set cert from callback in 1.0.2+ (fixes #2842) * [mod_openssl] set chains from callback in 1.0.2+ (#2842) * [core] RFC-strict parse of Content-Length * [build] point ./configure --help to support forum * [core] stricter parse of numerical digits * [multiple] add summaries to top of some modules * [core] sys-crypto-md.h w/ inline message digest fn * [mod_openssl] enable read-ahead, if set, after SNI * [mod_openssl] issue warning for deprecated options * [mod_openssl] use SSL_OP_NO_RENEGOTIATION if avail * [mod_openssl] use openssl feature define for ALPN * [mod_openssl] update default DH params * [core] SecureZeroMemory() on _WIN32 * [core] safe memset calls memset() through volatile * [doc] update comments in doc/config/modules.conf * [core] more precise check for request stream flags * [mod_openssl] rotate session ticket encryption key * [mod_openssl] ssl.stek-file to specify encrypt key * [mod_mbedtls] ssl.stek-file to specify encrypt key * [mod_gnutls] ssl.stek-file to specify encrypt key * [mod_openssl] disable session cache; prefer ticket * [mod_openssl] compat with LibreSSL * [mod_openssl] compat with WolfSSL * [mod_openssl] set SSL_OP_PRIORITIZE_CHACHA * [mod_openssl] move SSL_CTX curve conf to new func * [mod_openssl] basic SSL_CONF_cmd for alt TLS libs * [mod_openssl] OCSP stapling (fixes #2469) * [TLS] cert-staple.sh - refresh OCSP responses (#2469) * [mod_openssl] compat with BoringSSL * [mod_gnutls] option to override GnuTLS priority * [mod_gnutls] OCSP stapling (#2469) * [mod_extforward] config warning for module order * [mod_webdav] store webdav.opts as bitflags * [mod_webdav] limit webdav_propfind_dir() recursion * [mod_webdav] unsafe-propfind-follow-symlink option * [mod_webdav] webdav.opts "propfind-depth-infinity" * [mod_openssl] detect certs marked OCSP Must-Staple * [mod_gnutls] detect certs marked OCSP Must-Staple * [mod_openssl] default to set MinProtocol TLSv1.2 * [mod_nss] NSS option for TLS (fixes #1218) * [core] fdevent_load_file() shared code * [mod_openssl,mbedtls,gnutls,nss] fdevent_load_file * [core] error if s->socket_perms chmod() fails * [mod_openssl] prefer some WolfSSL native APIs * quiet clang analyzer scan-build warnings * [core] uint32_t is plenty large for path names * [mod_mysql_vhost] deprecated; use mod_vhostdb_mysql * [core] splaytree_djbhash() in splaytree.h (reuse) * [cmake] update deps for src/t/test_* * [cmake] update deps for src/t/test_* * [build] remove tests/mod-userdir.t from builds * [build] fix typo in src/Makefile.am EXTRA_DIST * [core] remove unused mbedtls_enabled flag * [core] store fd in srv->stdin_fd during setup * [multiple] address coverity warnings * [mod_webdav] fix theoretical NULL dereference * [mod_webdav] update rc for PROPFIND allprop * [mod_webdav] build fix: ifdef live_properties * [multiple] address coverity warnings * [meson] fix libmariadb dependency * [meson] add missing libmaxminddb section * [mod_auth,mod_vhostdb] add caching option (fixes #2805) * [mod_authn_ldap,mod_vhostdb_ldap] add timeout opt (#2805) * [mod_auth] accept "nonce-secret" & "nonce_secret" * [mod_openssl] fix build warnings on MacOS X * [core] Nettle assert()s if buffer len > digest sz * [mod_authn_dbi] authn backend employing DBI * [mod_authn_mysql,file] use crypt() to save stack * [mod_vhostdb_dbi] allow strings and ints in config * add ci-build.sh * move ci-build.sh to scripts * [build] build fixes for AIX * [mod_deflate] Brotli support * [build] bzip2 default to not-enabled in build * [mod_deflate] fix typo in config option * [mod_deflate] propagate errs from internal funcs * [mod_deflate] deflate.cache-dir compressed cache * [mod_deflate] mod_deflate subsumes mod_compress * [doc] mod_compress -> mod_deflate * [tests] mod_compress -> mod_deflate * [mod_compress] remove mod_compress * [build] add --with-brotli to CI build * [core] server.feature-flags extensible config * [core] con layer plugin_ctx separate from request * [multiple] con hooks store ctx in con->plugin_ctx * [core] separate funcs to reset (request_st *) * [multiple] rename connection_reset hook to request * [mod_nss] func renames for consistency * [core] detect and reject TLS connect to cleartext * [mod_deflate] quicker check for Content-Encoding * [mod_openssl] read secret data w/ BIO_new_mem_buf * [core] decode Transfer-Encoding: chunked from gw * [mod_fastcgi] decode Transfer-Encoding: chunked * [core] stricter parsing of POST chunked block hdr * [mod_proxy] send HTTP/1.1 requests to backends * [tests] test_base64.c clear buf vs reset * [core] http_header_remove_token() * [mod_webdav] fix inadvertent string truncation * [core] add some missing standard includes * [mod_extforward] attempt to quiet Coverity warning * [mod_authn_dbi,mod_authn_mysql] fix coverity issue * [build] fix SCons build for detection of brotli * [build] SCons build with brotli needs -lm on *BSD * [build] SCons build mod_deflate w/ libm for brotli * [build] SCons brotli needs pkg-config --static * [build] avoid accept_filter_arg compiler warning * [build] SCons fix space/tabs inconsistency * scons: fix check environment * Add avahi service file under doc/avahi/ * [mod_webdav] fix fallback if linkat() fails * [mod_proxy] do not forward Expect: 100-continue * [core] chunkqueue_compact_mem() must upd cq->last * [core] dlsym for FAMNoExists() for compat w/ fam * [core] disperse settings.h to appropriate headers * [core] inline buffer_reset() * [mod_extforward] save proto per connection * [mod_extforward] skip after HANDLER_COMEBACK * [core] server.feature-flags to enable h2 * [core] HTTP_VERSION_2 * [multiple] allow TLS ALPN "h2" if "server.h2proto" * [mod_extforward] preserve changed addr for h2 con * [core] do not send Connection: close if h2 * [core] lowercase response hdr field names for h2 * [core] recognize status: 421 Misdirected Request * [core] parse h2 pseudo-headers * [core] request_headers_process() * [core] connection_state_machine_loop() * [core] reset connection counters per connection * [mod_accesslog,mod_rrdtool] HTTP/2 basic accounting * [core] connection_set_fdevent_interest() * [core] HTTP2-Settings * [core] adjust http_request_headers_process() * [core] http_header_parse_hoff() * [core] move http_request_headers_process() * [core] reqpool.[ch] for (request_st *) * [multiple] modules read reqbody via fn ptr * [multiple] isolate more con code in connections.c * [core] isolate more resp code in response.c * [core] h2.[ch] with stub funcs (incomplete) * [core] alternate between two joblists * [core] connection transition to HTTP/2; incomplete * [core] mark some error paths with attribute cold * [core] discard 100 102 103 responses from backend * [core] skip write throttle for 100 Continue * [core] adjust (disabled) debug code * [core] update comment * [core] link in ls-hpack (EXPERIMENTAL) * [core] HTTP/2 HPACK using LiteSpeed ls-hpack * [core] h2_send_headers() specialized for resp hdrs * [core] http_request_parse_header() specialized * [core] comment possible future ls-hpack optimize * [mod_status] separate funcs to print request table * [mod_status] adjust to print HTTP/2 requests * [core] redirect to dir using relative-path * [core] ignore empty field-name from backends * [build] fix meson build * [mod_auth] fix crash if auth.require misconfigured (fixes #3023) * [core] fix 1-char trunc of default server.tag * [core] request_acquire(), request_release() * [core] keep pool of (request_st *) for HTTP/2 * [mod_status] dedicated funcs for r->state labels * [core] move connections_get_state to connections.c * [core] fix crash on master after graceful restart * [core] defer optimization to read small files * [core] do not require '\0' term for k,v hdr parse * [scripts] cert-staple.sh enhancements * [core] document algorithm used in lighttpd etag * [core] ls-hpack optimizations * [core] fix crash on master if blank line request * [build] fix typo in option description for wolfSSL * [core] use djbhash in gw_backend to choose host * [core] rename md5.[ch] to algo_md5.[ch] * [core] move djbhash(), dekhash() to algo_md.h * [core] rename splaytree.[ch] to algo_splaytree.[ch] * [core] import xxHash v0.8.0 * [build] modify build, includes for xxHash v0.8.0 * [build] remove ls-hpack/deps * [core] xxhash no inline hints; let compiler choose * [mod_dirlisting] fix config parsing crash * [mod_openssl] clarify trace w/ deprecated options * [doc] refresh doc/config/*/* * [core] code size: disable XXH64(), XXH3() * [doc] update README and INSTALL * [build] add to autogen.sh hint listing reqd pkgs * [core] combine Cookie request headers with ';' * [core] log stream id with debug.log-state-handling * [core] set r->state in h2.c * [mod_ssi] update chunk after shell output redirect * [mod_webdav] preserve bytes_out when chunks merged * [multiple] inline chunkqueue_length() * [core] cold h2_log_response_header*() funcs * [core] update HTTP status codes list from IANA * [mod_wolfssl] standalone module * [core] Content-Length in http_response_send_file() * [core] adjust response header prep for common case * [core] light_isupper(), light_islower() * [core] tst,set,clr macros for r->{rqst,resp}_htags * [core] separate http_header_e from _htags bitmask * [core] http_header_hkey_get_lc() for HTTP/2 * [core] array.[ch] using uint32_t instead of size_t * [core] extend (data_string *) to store header id * [multiple] extend enum http_header_e list * [core] http_header_e <=> lshpack_static_hdr_idx * [core] skip ls-hpack decode work unused by lighttpd * [TLS] error if inherit empty TLS cfg from globals * [core] connection_check_expect_100() * [core] support multiple 1xx responses from backend * [core] reload c after chunkqueue_compact_mem() * [core] relay 1xx from backend over HTTP/2 * [core] relay 1xx from backend over HTTP/1.1 * [core] chunkqueue_{peek,read}_data(), squash * [multiple] TLS modules use chunkqueue_peek_data() * [mod_magnet] magnet.attract-response-start-to * [multiple] code reuse chunkqueue_peek_data() * [core] reuse r->start_hp.tv_sec for r->start_ts * [core] config_plugin_value_tobool() accept "0","1" * [core] graceful and immediate restart option * [mod_ssi] init status var before waitpid() * [core] graceful shutdown timeout option * [core] lighttpd -1 supports pipes (e.g. netcat) * [core] perf adjustments to avoid load miss * [multiple] use sock_addr_get_family in more places * [multiple] inline chunkqueue where always alloc'd * [core] propagate state after writing * [core] server_run_con_queue() * [core] defer handling FDEVENT_HUP and FDEVENT_ERR * [core] handle unexpected EOF reading FILE_CHUNK * [core] short-circuit connection_write_throttle() * [core] walk queue in connection_write_chunkqueue() * [core] connection_joblist global * [core] be more precise checking streaming flags * [core] fdevent_load_file_bytes() * [TLS] use fdevent_load_file_bytes() for STEK file * [core] allow symlinks under /dev for rand devices * [multiple] use light_btst() for hdr existence chk * [mod_deflate] fix potential NULL deref in err case * [core] save errno around close() if fstat() fails * [mod_ssi] use stat_cache_open_rdonly_fstat() * [core] fdevent_dup_cloexec() * [core] dup FILE_CHUNK fd when splitting FILE_CHUNK * [core] stat_cache_path_isdir() * [multiple] use stat_cache_path_isdir() * [mod_mbedtls] quiet CLOSE_NOTIFY after conn reset * [mod_gnutls] quiet CLOSE_NOTIFY after conn reset * [core] limit num ranges in Range requests * [core] remove unused r->content_length * [core] http_response_parse_range() const file sz * [core] pass open fd to http_response_parse_range * [core] stat_cache_get_entry_open() * [core,mod_deflate] leverage cache of open fd * [doc] comment out config disabling Range for .pdf * [core] coalesce nearby ranges in Range requests * [tests] simulate slow, small packets more quickly * [mod_fastcgi] decode chunked is cold code path * [core] fix chunkqueue_compact_mem w/ partial chunk * [core] alloc optim reading file, sending chunked * [core] reuse chunkqueue_compact_mem*() * [mod_cgi] use splice() to send input to CGI * [multiple] ignore openssl 3.0.0 deprecation warns * [mod_openssl] migrate ticket cb to openssl 3.0.0 * [mod_openssl] construct OSSL_PARAM on stack * [mod_openssl] merge ssl_tlsext_ticket_key_cb impls * [multiple] openssl 3.0.0 digest interface migrate * [tests] detect multiple SSL/TLS/crypto providers * [core] sys-crypto-md.h consistent interfaces * [wolfssl] wolfSSL_CTX_set_mode differs from others * [multiple] use NSS crypto if no other crypto avail * [multiple] stat_cache_path_stat() for struct st * [TLS] ignore empty "CipherString" in ssl-conf-cmd * [multiple] remove chunk file.start member * [core] modify use of getrlimit() to not be fatal * [mod_webdav] add missing update to cq accounting * [mod_webdav] update defaults after worker_init * [mod_openssl] use newer openssl 3.0.0 func * [core] config_plugin_value_to_int32() * [core] minimize pause during graceful restart * [mod_deflate] use large mmap chunks to compress * [core] stat_cache_entry reference counting * [core] FILE_CHUNK can hold stat_cache_entry ref * [core] http_chunk_append_file_ref_range() * [multiple] use http_chunk_append_file_ref() * [core] always lseek() with shared fd * [core] silence coverity warnings (false positives) * [core] silence coverity warnings in ls-hpack * [core] silence coverity warnings (another try) * [core] fix fd sharing when splitting file chunk * [mod_mbedtls] quiet unused variable warning * [core] use inline funcs in sys-crypto-md.h * [core] add missing declaration for NSS rand * [core] init NSS lib for basic crypto algorithms * [doc] change mod_compress refs to mod_deflate * [doc] replace bzip2 refs with brotli * [build] remove svnversion from versionstamp rule * [doc] /var/run -> /run * [multiple] test for nss includes * [mod_nss] more nss includes fixes * [build] more portable autogen.sh shell script * [mod_webdav] define _NETBSD_SOURCE on NetBSD * [core] silence coverity warnings (another try) * [mod_mbedtls] newer mbedTLS vers support TLSv1.3 * [mod_accesslog] update defaults after cycling log * [multiple] add some missing config cleanup * [core] fix (startup) mem leaks in configparser.y * [core] STAILQ_* -> SIMPLEQ_* on OpenBSD * [tests] OpenBSD crypt() support limited to bcrypt * [build] mark dependencies on crypto lib for MD5() * [build] use pkg-config with wolfssl * [mod_wolfssl] use more wolfssl/options.h defines * [mod_wolfssl] cripple SNI if not built OPENSSL_ALL * [mod_wolfssl] need to build --enable-alpn for ALPN * [mod_secdownload] fix compile w/ NSS on FreeBSD * [build] fix lib paths for GnuTLS, NSS * [build] add --with-brotli to meson.build * [build] CMake mod_openssl, mod_wolfssl can coexist * [build] CMake use pkg_check_modules() w/ wolfssl * [build] detect nss3/nss.h or nss/nss.h for NSS * [build] WITHOUT_LIB_CRYPTO option in code * [build] adjust meson.build for use by OpenWRT * [mod_mbedtls] wrap addtl code in preproc defines * [TLS] server.feature-flags "ssl.session-cache" * [core] workaround fragile code in wolfssl types.h * [core] move misplaced error trace to match option * [core] adjust wolfssl workaround for another case * [multiple] consistent order for crypto lib select * [multiple] include mbedtls/config.h after select * [multiple] include wolfssl/options.h after select * [core] set NSS_VER_INCLUDE after crypto lib select * [core] use system xxhash lib if available * [build] fix typo in configure.ac * [build] option to use system-provided libxxhash * [build] meson --with-xxhash option * [doc] refresh doc/config/conf.d/mime.conf * [meson] add matching -I for lua lib version * [build] prepend search for lua version 5.4 * [core] use inotify in stat_cache.[ch] on Linux * [build] detect inotify header * [mod_nss] update session ticket NSS devel comment * [core] set last_used on rd/wr from backend (fixes #3029) * [core] cold func for gw_recv_response error case * [core] use kqueue() instead of FAM/gamin on *BSD * [core] no graceful-restart-bg on OpenBSD, NetBSD * [mod_openssl] add LIBRESSL_VERSION_NUMBER checks * [core] use struct kevent on stack in stat_cache * [core] stat_cache preprocessor paranoia * [mod_openssl] adjust LIBRESSL_VERSION_NUMBER check * [mod_maxminddb] fix config validation typo * [tests] allow LIGHTTPD_EXE_PATH override * [multiple] handle NULL val as empty in *_env_add (fixes #3030) * [core] accept "HTTP/2.0", "HTTP/3.0" from backends (fixes #3031) * [build] check for xxhash in more ways * [core] accept "HTTP/2.0", "HTTP/3.0" from backends (#3031) * [core] http_response_buffer_append_authority() * [core] define SHA*_DIGEST_LENGTH macros if missing * [doc] update optional pkg dependencies in INSTALL * [mod_alias] validate given order, not sorted order * [core] filter out duplicate modules * [mod_cgi] fix crash if initial write to CGI fails * [mod_cgi] ensure tmp file open() before splice() * [multiple] add back-pressure gw data pump (fixes #3033) * [core] fix bug when HTTP/2 frames span chunks * [multiple] more forgiving config str to boolean (fixes #3036) * [core] check for __builtin_expect() availability * [core] quiet more request parse errs unless debug * [core] consolidate chunk size checks * [mod_flv_streaming] use stat_cache_get_entry_open * [mod_webdav] pass full path to webdav_unlinkat() * [mod_webdav] fallbacks if _ATFILE_SOURCE not avail * [mod_fastcgi] move src/fastcgi.h into src/compat/ * [mod_status] add additional HTML-encoding * [core] server.v4mapped option * [mod_webdav] workaround for gvfs dir redir bug - 1.4.55 - 2020-01-31 * [core] fix compile error on Solaris (fixes #2959) * [core] __attribute_pure__ * [core] array-specialized buffer_caseless_compare() * [core] specialized buffer_eq_*() for short strings * [core] mark some more funcs w/ __attribute_pure__ * [core] use buffer_eq_icase* funcs * [multiple] replace strcasecmp() on short strings * [core] mark some more funcs w/ __attribute_pure__ * [mod_webdav] fix startup crash w/ multiple conds (fixes #2958) * [core] cold func http_response_omit_header() * [core] use buffer_eq_icase_ssn func * [core] use buffer_eq_icase_ssn func * [core] correct __attribute_pure__ syntax * [core] allocate unix socket paths with SUN_LEN()+1 (fixes #2962) * Use explicit_memset from NetBSD if available for safe_memclear (fixes #2971) * Also use explicit_memset (NetBSD) with cmake, scons and meson * [cmake]: enable CMAKE_POSITION_INDEPENDENT_CODE by default * [core] improve http_headers[] data struct packing * [core] fdevent_poll() is effective periodic timer * [core] move con state handling to connections*.c * [core] issue config error for invalid ':' (fixes #2980) * [mod_deflate] fix choose encoding parse error (fixes #2981) * [core] retry on some fdevent set/del temporary err * [core] disable stat_cache FAM if FAM conn closed * [mod_auth] http_auth_const_time_memeq improvement * [build] prefer pkg-config for postgres (fixes #2965) * [mod_authn_gssapi] 500 if fail to delegate creds (#2967) * [mod_authn_gssapi] option to store delegated creds (fixes #2967) * [mod_webdav] fix file uploads > 128M (fixes #2970) * [mod_auth] do not use quoted-string for algorithm * [mod_auth] require digest uri= match original URI * [mod_auth] Authentication-Info: nextnonce=... * [mod_auth] http_auth_const_time_memeq_pad() * [mod_auth] http_auth_const_time_memeq() (#2975, #2976) * [build] PGSQL_CFLAGS with pkg-config for postgres (#2965) * [build] PGSQL_CFLAGS with pkg-config for postgres (#2965) * [core] avoid freeaddrinfo() on NULL ptr (fixes #2984) * [core] reject WS following header field-name (fixes #2985) * [core] reject Transfer-Encoding + Content-Length (#2985) * [mod_openssl] reject invalid ALPN * [mod_accesslog] parse multiple cookies (fixes #2986) * [core] Oracle Solaris does not have POLLRDHUP * [multiple] address coverity warnings * [core] preserve %2b and %2B in query string (fixes #2999) * [core] fall back to accept() if accept4() EPERM (fixes #2998) * [mod_auth] close connection after bad password * [core] do not accept() > server.max-connections * [core] save errno before logging if execve() fails * [config] update /var/run -> /run for systemd * [core] Solaris has getloadavg in sys/loadavg.h * [build] Fix build when using nested CMake * [core] fix one-byte OOB read (underflow) - 1.4.54 - 2019-05-27 * [mod_evhost] handle IPv6 literal addr; add tests * [core] separate server_main_loop() func, mark hot * [core] mark startup/shutdown funcs cold * [core] some server_main_loop() cleanup * [core] fdevent_process() * [core] srv->max_fds_lowat and srv->max_fds_hiwat * [core] remove server.h * [mod_staticfile] search ext array if not empty * [core] store joblist pointer on stack * [core] quickly clear request buffer for reuse * [core] helper funcs for connection_state_machine() * [core] perf: optimize connection_read_header() * [core] parse request in connection_read_header() * [core] log_request_header_on_error in one place * [core] copy request only if might need for logging * [core] make parse_request,request.request same buf * [core] prefer buffer_caseless_compare() * [core] pass req hdrs buffer to http_request_parse * [core] replace con->response.keep_alive * [core] mark log_error_write*() funcs cold * [core] http_request_parse() mark error paths cold * [core] lift code out of request line parse loop * [core] get_http_method_key() match by strlen first * [core] RFC7230 HTTP-version parse * [mod_accesslog] attempt to reconstruct req line * [multiple] minor: remove duplicated conditions * [mod_deflate] honor request for x-gzip, x-bzip2 * [mod_auth] minor: adjust config validation * [core] discard oversized trailers * [core] no keep-alive if POLLRDHUP,empty read queue * [core] fix gw_backend spelling of directive in err * [multiple] reduce code dup in list resizing * [core] con->is_ssl_sock * [core] connection_handle_write() updates con state * [core] skip plugins_call_cleanup if not init'ed * [core] simpler loops to run plugin hooks * [core] fix mixed use of srv->split_vals array (fixes #2932) * [core] dispatch events from within event framework * [core] don't call fd event handlers more than once, they might already be gone (fixes segfault) * [core] poll: fdarray uses fd as index, not fde_ndx * [core] map FDEVENT_* to OS system event frameworks * [core] prefer memchr() over strchr() * [core] use openssl to read,discard request body * [mod_openssl] inherit cipherlist from global scope * [mod_openssl] default: ssl.cipher-list = "HIGH" * [mod_proxy] pass Content-Length to backend if > 0 * [core] config option to allow GET w/ request body * [core] some fdevent code streamlining * [core] remove fde_ndx member outside fdevents * [core] remove redundant check for allow_http11 * [mod_openssl] use 16k static buffer instead of 64k * [core] pull server load checks out of main loop * [core] isolate fdevent processing * [core] release empty chunk buf when nothing read * [core] perf: pass (fdnode *) to epoll and kqueue * [core] modify config parser to handle multiple } * [core] pass (fdnode *) for registered fdevent fd * [mod_auth] http_auth_digest_hex2bin() * [mod_auth] http_auth_info_t digest abstraction * [mod_auth] pass http_auth_require_t for 401 Unauth * [core] no SOCK_NONBLOCK on QNX 7.0 * [mod_auth] HTTP Auth Digest algorithm=SHA-256 * [core] silence coverity warning * [mod_magnet] fix invalid script return-type crash (fixes #2938) * [build] remove -Wdeclaration-after-statement * [core] pass conf.follow_symlink in more places * [core] fix assertion with server.error-handler (fixes #2941) * [core] extend dir redirection to take HTTP status * [doc] minor adjust create-mime.conf.pl regex match (#2942) * [core] __attribute__((fallthrough)) for GCC 7.0 * [core] fdevent_mkstemp_append() (shared) * [core] off_t upload_temp_file_size * [core] clear FDEVENT_RDHUP if no POLLRDHUP * [mod_wstunnel] fix ping-interval for big-endian (fixes #2944) * [core] fix abort in http-parseopts (fixes #2945) * [core] remove repeated slashes in http-parseopts * [core] fix 1.4.52 regression in mem use with POST (fixes #2948) * [multiple] cleaner calloc use in SETDEFAULTS_FUNC * [core] add const to some etag prototypes * [core] __attribute__((format ...)) * [core] struct log_error_st for error logging * [core] log_error, log_perror using printf-like fmt * [core] new worker_init hook to follow parent fork * [core] replace open() with fdevent_open_cloexec() * [mod_webdav] major rewrite (fixes #1818) * [core] 200 for OPTIONS /non-existent/path HTTP/1.1 (fixes #2939) * [mod_webdav] surround Lock-Token with "<...>" * [mod_webdav] fix uuid detection macro * [mod_webdav] fix misbehavior on blank nodes in PROPPATCH * [mod_webdav] clean up resources after do{}while(0) * [mod_webdav] check If-Match, If-Unmodified-Since (#1818) * [mod_webdav] deprecated unsafe partial PUT compat * [mod_webdav] provide ETag in more responses * [mod_webdav] platform portability fixes * [mod_webdav] disable elftc_copyfile() on FreeBSD * [mod_webdav] special-case If: () * [mod_webdav] check If-None-Match (#1818) * [stat_cache] separate func for symlink policy chk * [stat_cache] separate symlink pol from data struct * [stat_cache] store entries without trailing slash * [stat_cache] pass age param for stat cache cleanup * [stat_cache] remove splaytree ins/del debug code * [stat_cache] FAM: reduce string copying * [stat_cache] FAM: check FAMNextEvent() return code * [stat_cache] FAM: use entry hash index as userdata * [stat_cache] FAM: improve handling modified file * [stat_cache] FAM: ignore follow-symlink config * [stat_cache] FAM: check hash collision before add * [stat_cache] FAM: ignore event with no valid match * [stat_cache] FAM: funcs to invalidate entries * [stat_cache] interfaces to invalidate entries * [mod_webdav] update stat_cache after file mod * [core] use high precision stat timestamp in etag * [scons] adjustment for static build under CentOS * [core] emit trace using path before clearing path * [core] http_chunk_append_file_fd() * [multiple] open target file earlier in some cases * [stat_cache] no longer stat() and open() for stat * [stat_cache] FAM: improve monitoring, cache 16 sec * [stat_cache] FAM: separate routine for FDEVENT_IN * [stat_cache] FAM: whitespace-only change * [mod_webdav] quiet coverity warnings * [doc] highlight relevance of module load order (fixes #2946) * [core] behavior change: stricter URL normalization * [stat_cache] fix compilation error for cmake * [cmake] help cmake on FreeBSD find sys/event.h * [scons] help scons on FreeBSD find sys/event.h * [build] detect FreeBSD elftc_copyfile() * [mod_openssl] use SSL_CTX_set_client_hello_cb() * [core] support weak etags with If-None-Match * [core] store log_state_handling flag on stack * [core] check if splay_tree NULL before invalidate * [mod_webdav] workaround Microsoft-WebDAV-MiniRedir * [mod_webdav] doc Microsoft-WebDAV-MiniRedir bugs * [mod_webdav] invalidate parent dir in stat_cache * [doc] systemd socket activation config example * [core] chunkqueue perf: code reuse * [core] chunkqueue perf: specialized buffer.h funcs * [core] chunkqueue perf: skip opening 0-length file * [core] chunkqueue perf: read small files into mem * [core] buffer_reset() should not be passed NULL * [tests] has_feature() helper func * [tests] skip mod-secdownload HMAC-SHA1,HMAC-SHA256 * [core] use high precision stat timestamp on OS X * [mod_magnet] expose server addr (local IP) to lua * [core] adjust http_chunk read() retry loop * [mod_maxminddb] MaxMind GeoIP2 support * [mod_authn_ldap] ldap_set_option LDAP_OPT_RESTART (fixes #2940) - 1.4.53 - 2019-01-27 * [mod_cml,mod_flv_streaming] fix NULL ptr deref * [mod_simple_vhost] t/test_mod_simple_vhost * [mod_evhost] split uri handler func for testing * [mod_evhost] restructure for unit tests * [mod_evhost] t/test_mod_evhost * [mod_access] restructure for unit tests * [mod_access] t/test_mod_access * [tests] include first.h and NDEBUG early * [core] use kill_signal for gw_proc_kill() * [tests] t/test_keyvalue * [tests] some test config cleanup * [tests] update skip count in mod-fastcgi.t * [multiple] reduce initial buffer sz if large POST (fixes #2922) * [mod_fastcgi] fix NULL ptr deref from bugfix #2922 (fixes #2923) * [tests] more test config cleanup * [core] perf: incremental hash of pathname w/o copy * [core] perf: reuse buffer to redirect to directory * [core] do not free() reused buffer * [core] use connected sock port in dir redirect * [core] http_response_buffer_append_authority() * [core] use con->server_name for dir redir * [core] memeq compare rounded to 64, not next 1M * [core] define MD5_DIGEST_LENGTH 16 * [mod_auth] permit additional auth backends to load * [core] send Connection: close if reqbody not read (fixes #2924) * [core] cache rev DNS for localhost for dir redir * [doc/conf] resolve some mime type conflicts from debian buster, regenerate mime.conf * [core] move winsock init to network_init() * [core] move /dev/stdin graceful restart handling * [core] network_srv_sockets_append() shared code * [core] systemd socket activation support * [build] autotools: try mysqlclient.pc and mariadb.pc (fixes #2925) * [mod_expire] look up expire fallback "" explicitly * [multiple] calloc match ptr type (clang --analyze) * [multiple] quiet clang --analyze where trivial * [mod_webdav] compare COPY, MOVE Destination scheme * [core] con->uri.scheme is maintained lowercase * [mod_openssl] ALPN and acme-tls/1 (fixes #2931) * [core] Fix recursive include_shell invocations * [mod_openssl] ssl.privkey directive (optional) - 1.4.52 - 2018-11-28 * [mysql] MySQL 8 deprecates my_bool * [core] typo in trace * [build] Fix unportable test(1) operator * [core] perf: call connection_reset() fewer times * [core] perf: array_reset_data_strings() * [core] perf: buffer_free_ptr() __attribute__ cold * [core] perf: one-element cache for host normalize * [core] perf: buffer_copy_string_len() * [core] perf: skip redundant prepare copy calls * [core] perf: buffer_align_size() identity if align * [core] perf: size write buffers for reuse * [core] perf: prepend headers directly into write q * [core] perf: copy small strings; better buf reuse * [core] perf: copy small strings; extend last chunk * [core] perf: specialized func for array sorting * [core] perf: append response directly into write q * [core] perf: better buf reuse reading from backend * [core] chunk.c code reuse * [multiple] perf: write headers to backend write cq * [multiple] perf: power-2 alloc large headers * [multiple] perf: use larger initial backend buffer * [core] permit env vars to be set with blank value * [mod_fastcgi] perf: reduce data copies * [mod_fastcgi] perf: reduce data copies * [core] perf: chunk.c chunk pool * [multiple] perf: reuse large buffers w/ backend * [multiple] better packing of struct chunk * [core] perf: inline buffer_append_string_buffer() * [core] slightly simpler flag append to string * [mod_cgi] perf: reuse buffers for creating CGI env * [mod_fastcgi,mod_scgi] perf: env accumulation * [core] Don't call RAND_cleanup with OpenSSL 1.1.x * [mod_openssl] move SSL_shutdown() to separate func * [mod_openssl] SSL_read before second SSL_shutdown * [mod_cgi] perf: use stat_cache for cgi handler * [mod_openssl] prefer using TLS_server_method() * [mod_webdav] return 403 if file should exist * [core] perf: chunkqueue buffers already sized up * [core] perf: simpler buffer_string_space() * [multiple] dynamic handlers hint backend header sz * [core] use chunk_buf_sz instead of hard-coded num * [multiple] perf: simplify chunkqueue_get_memory() * [mod_wstunnel] perf: reuse large buffers * [mod_cgi] perf: cache getenv() results at start up * [core] fix 301 -> 302 overwrite with Location (fixes #2918) * [core] fix setting of headers previously reset (fixes #2919) * [mod_webdav] quiet coverity false positive * [core] server.compat-module-load = "disable" * [core] server.chunkqueue-chunk-sz = 4096 * [core] perf: simpler buffer_string_space() (fixed) * [core] perf: faster HTTP pipelined requests * [core] perf: simpler buffer_string_space() (tests) * [mod_cgi] reset reused buffer on internal redir * [core] clear chunk buffer upon release * [mod_fastcgi] minor: copy packet without padding * [mod_redirect,mod_rewrite] use server_name * [mod_fastcgi] transfer chunks minus packet padding * [core] separate func to reset FILE_CHUNK * [core] perf: simple, quick buffer_clear() * [core] perf: small improvement to encoding CGI var * [core] perf: small improvement buffer_string_space * [core] simpler physical path concatenation * [mod_webdav] fix LOCK on incorrect URI path * [mod_webdav] one fewer buffer copy for COPY,MOVE * [core] perf: simplify buffer_move() * [mod_cml] parse query string without modifying it * [core] perf: buffer optimizations * [mod_wstunnel] use buffer_string_length() * [core] perf: inline buffer_copy_buffer() * [core] cygwin helper func for getcwd * [core] cygwin sample to run lighttpd under NSSM * [core] limit con->uri.authority < 1024 octets * [mod_webdav] separate func for each request method * [core] reject decoded url-path without leading '/' * [multiple] validate UTF-8 in url-decoded paths * [mod_proxy] silence coverity false positive * [core] fix typo * [core] buffer_append_path_len() * [core] quiet indexfile warning if mod not loaded - 1.4.51 - 2018-10-14 * [core] split parsing header line into separate function * [core] explicitly return 0 instead of constant result * [core] header parsing: use goto for error handling * [core,security] process headers after combining folded headers * [core] replace folding whitespace with a single space * [buffer] fix duplicate assert and comment * [core] redo HTTP header line folding * [core] parse header line strings before copying * [core] abstraction to insert/modify response hdrs * [core] code reuse with array_insert_key_value() * [core] simplify parsing hdr key whitespace then : * [core] http_request_parse_reqline() separate func * [core] abstraction layer for HTTP header manip * [core] code reuse with http_response_body_clear() * [mod_proxy] fix proxy.forwarded and proxy.replace-http-host (fixes #2902) * [mod_rewrite] fix url.rewrite-repeat and url.rewrite-if-not-file (fixes #2908) * [core] fastcgi.h link to Open Market License (OML) (fixes #2901) * [mod_proxy,mod_wstunnel] copy full plugin_config (fixes #2903) * [mod_fastcgi,mod_scgi] error on oversized request (fixes #2905) * [mod_auth] send 401 for mismatch HTTP auth scheme (fixes #2906) * [core] code reuse array_match_*() routines * [mod_skeleton] review and simplify * [multiple] code reuse: employ array_match_*() * [doc] lighttpd.service uses network-online.target * [mod_flv_streaming] code simplifications * [mod_authn_pam] mod_auth PAM support (fixes #688) * [mod_sockproxy] add to build * [core] fix include_shell on inline shell commands (fixes #2910) * [multiple] code reuse: using array_*() funcs * [tests] t/test_array.c * [core] array_get_int_ptr() * [core] more memory-efficient fn table for data_* * [tests] #undef NDEBUG before assert.h in t/test_* * [core] inline status_counter routines * [core] log_failed_assert() __attribute__((cold)) * [core] http_status_append() * [core] http_method_append() * [core] prefer buffer_append_string_len() * [build] fix SCons build for mod_authn_pam * [mod_userdir] security: skip username "." and ".." * [mod_deflate] null-check to quiet coverity warning * [core] quiet coverity false positive * [multiple] quiet compiler warnings --without-pcre * [mod_secdownload] support if HMAC() is a macro * [TLS] sys-crypto.h abstraction * [TLS] sys-crypto.h abstraction * [build] put request.c in common src * [meson] build fixes for libmariadb and libsasl2 * [core] PATH_INFO calculation when basedir is "/" (fixes #2911) * [core] better consistency in buffer_is_equal*() * [core] fix missing param from prev commit * [mod_openssl] no renegotiation in TLS 1.3 (fixes #2912) * [core] reject Transfer-Encoding from proxy (#2913) * [mod_auth] use SHA1_Init,Update,Final * [mod_openssl] add support for wolfSSL * [build] automake support for wolfSSL * [build] SCons support for wolfSSL * [build] meson support for wolfSSL * [build] CMake support for wolfSSL * [core] perf: buffer.c internal inlines * [mod_openssl] wolfSSL does not support SSLv2 * [core] perf: buffer_string_append_len() * [core] permit server.error_handler to static file - 1.4.50 - 2018-08-13 * [mod_extforward] allow explicit IPs to be untrusted (#2860) * [core] fix crash if 'host' empty in config (fixes #2876) * [mod_magnet] fix regression in lighty.stat (fixes #2877) * [core] minor code cleanup in gw_recv_response() * [core] fix rare race condition from backends (fixes #2878) * [mod_proxy] fix segfault in Set-Cookie reverse map (fixes #2879) * [core] fdevent_accept_listenfd() nonblock cloexec * [build] remove m4 AC_PATH_PROG for PKG_CONFIG * [core] some header cleanup * [mod_wstunnel] better Sec-WebSocket-Protocol parse * [mod_magnet] code reuse * [mod_magnet] reduce buffer copies * [mod_fastcgi,mod_scgi] fastcgi.balance,scgi.balance (fixes #2882) * [core] check if SOCK_NONBLOCK is ignored (fixes #2883) * [core] buffer_append_string_encoded_hex_lc() * [core] more efficient hex2int() * [mod_secdownload] compare bin MAC instead of hex * [core] li_tohex_lc() explicitly uses lc hex chars * [core] buffer_append_uint_hex_lc() uses lc hex * [core] buffer_append_string_encoded() uc hex * [tests] reduce test_base64 brute force tests * [tests] remove test_buffer output, except on error * [core] check for continuation in server.tag * [core] CONNECT must be handled before fs hooks * [mod_redirect, mod_rewrite] code reuse (sharing) * [core] data_config_pcre_compile,exec() * [tests] test_request unit tests * [core] http_kv.[ch] method, status, version str * [core] remove unused get_http_status_body_name() * [core] remove proc_open.[ch], reduce stdio.h use * [tests] move src/test_*.c to src/t/ * [core] server.http-parseopts URL normalization opt (fixes #1720) * [core] inline some buffer.[ch] routines * [core] remove some duplicative code in log.c * [core] debug server.log-request-header-on-error * [mod_redirect,mod_rewrite] short-circuit earlier * [core] fix buffer_to_upper() * [mod_cgi] handle CGI partial response header write * [mod_redirect,mod_rewrite] pass request URI info * [mod_redirect,mod_rewrite] encoding options (fixes #443, fixes #911) * [mod_redirect,mod_rewrite] fix segfault w/ invalid syntax (fixes #2892) * [mod_fastcgi] fix memleak with FastCGI auth,resp (fixes #2894) * [mod_alias] security: potential path traversal with specific configs * [mod_wstunnel] quiet 32-bit compiler warnings * [core] POLLRDHUP handling for transparent proxying * [mod_redirect,mod_rewrite] support up to 19 match * [core] add missing includes to quiet compiler warn * [mod_redirect,mod_rewrite] base64url encoding opt * [mod_rewrite] require rewrite result to begin '/' * [core] security: use-after-free invalid Range req * [core] reset var if FAMMonitorDirectory() fails * [core] option to propagate TCP FIN to backend host * mod_sockproxy - socket forwarding * [core] workaround Coverity cov-build bug with gcc7 * [build] add missing file for test_burl * [core] quell insignificant coverity warning * [core] extend server.http-parseopts * [mod_alias] security: path traversal in mod_alias (in some use cases) (fixes #2898) * [core] security: use-after-free after invalid Range request (fixes #2899) - 1.4.49 - 2018-03-11 * [core] adjust offset if response header blank line * [mod_accesslog] %{canonical,local,remote}p (fixes #2840) * [core] support POLLRDHUP, where available (#2743) * [mod_proxy] basic support for HTTP CONNECT method (#2060) * [mod_deflate] fix deflate of file > 2MB w/o mmap * [core] fix segfault if tempdirs fill up (fixes #2843) * [mod_compress,mod_deflate] try mmap MAP_PRIVATE * [core] discard from socket using recv MSG_TRUNC * [core] report to stderr if errorlog path ENOENT (fixes #2847) * [core] fix base64 decode when char is unsigned (fixes #2848) * [mod_authn_ldap] fix mem leak when ldap auth fails (fixes #2849) * [core] warn if mod_indexfile after dynamic handler * [core] do not reparse request if async cb * [core] non-blocking write() to piped loggers * [mod_openssl] minor code cleanup; reduce var scope * [mod_openssl] elliptic curve auto selection (fixes #2833) * [core] check for path-info forward down path * [mod_authn_ldap] auth with ldap referrals (fixes #2846) * [core] code cleanup: separate physical path sub * [core] merge redirect/rewrite pattern substitution * [core] fix POST with chunked request body (fixes #2854) * [core] remove unused func * [doc] minor update to *outdated* doc * [mod_wstunnel] fix for frames larger than 64k (fixes #2858) * [core] fix 32-bit compile POST w/ chunked request body (#2854) * [core] add include sys/poll.h on Solaris (fixes #2859) * [core] fix path-info calculation in git master (fixes #2861) * [core] pass array_get_element_klen() const array * * [core] increase stat_cache abstraction * [core] open additional fds O_CLOEXEC * [core] fix CONNECT w strict header parsing enabled * [mod_extforward] CIDR support for trusted proxies (fixes #2860) * [core] re-enable overloaded backends w/ multi wkrs * [autoconf] reduce minimum automake version to 1.13 * [mod_auth] constant time compare plain passwords * [mod_auth] check that digest realm matches config * [core] fix incorrect hash algorithm impl - 1.4.48 - 2017-11-11 * [mod_webdav] fix crash if stat fails, not ENOENT * [core] fix build --disable-ipv6 (fixes #2832) * [scons] Merge branch 'personal/stbuehler/scons-cleanup' * [autobuild] Merge branch 'personal/stbuehler/autobuild-cleanup' * [meson] new build system * [core] fix var.CWD (regression in 1.4.46) (fixes #2835) * [core] fix implicit wildcard IPv4 and IPv6 listen * [autobuild] remove obsolete warning about mmap use * [core] isolate sock_addr manipulation * [stat_cache] remove debug code littered in file * [core] cleanup unused ifndef * [core] cleanup: consolidate FAM code in stat_cache * [core] consolidate backend network write handlers * [autobuild] allow sendfile() in cross-compile (fixes #2836) * [core] quiet pedantic cc warning for excess comma * [core] isolate backend fdevent handler defs * [mod_openssl] error if ssl.engine in wrong section (fixes #2837) * [core] fix lighttpd -1 one-shot graceful shutdown * [mod_cgi] quiet trace if mod_cgi sends SIGTERM (fixes #2838) * [build] fix link of test_configfile.c * [core] quiet coverity false positive * [mod_openssl] more pedantic check of return values * [mod_openssl] allow specifying server cert chain (fixes #2692) * [mod_openssl] ssl.openssl.ssl-conf-cmd (fixes #2758) * [doc] NEWS - fix improper format line breaks * [mod_authn_ldap] replace use of deprecated funcs * [mod_authn_sasl] SASL auth (new) (fixes #2275) * [mod_openssl] quiet trace from TCP probes (#2784) * [core] fix dup typedef compiler warning * [scons] fix various python2/3 incompatibilities * [doc] fix doc/config/conf.d/fastcgi.conf example - 1.4.47 - 2017-10-22 * [mod_authn_gssapi] needs -lcom_err under Darwin * [core] stricter validation of request-URI begin * [core] fix 1.4.46 regression in config match (fixes #2830) * [core] normalize config addrs for != match (#2830) * [core] normalize config addrs for eq and ne (#2830) * [doc] use https:// URLs to .lighttpd.net resources * [core] fix 1.4.46 regression in Last-Modified - 1.4.46 - 2017-10-21 * [TLS] mark code that uses -lcrypto but not -lssl * remove redundant calls to end-of-request hooks * [mod_mysql_vhost] remove dev debug code * [core] con interface for read/write; isolate SSL * [core] new plugin hooks to help isolate SSL * [mod_openssl] new module (preliminary layout) * [core] move network_open_file_chunk() to chunk.c * [mod_openssl] move openssl code into mod_openssl * [mod_openssl] move openssl config into mod_openssl * [core] move connection_read_cq() to connections.c * [mod_geoip] call from handle_request_env hook * [build] only mod_openssl depends on -lssl * [mod_auth] enable optional authz if extern authn (fixes #2481) * [mod_openssl] allow ssl.verifyclient on url paths (fixes #2245) * [core] do not emit req/response hdrs w/ blank val * [mod_setenv] directives to overwrite/remove hdrs (fixes #650, fixes #2295) * [mod_secdownload] new directives modify hash path (fixes #646, fixes #1904) * [core] move con throttling to connections-glue.c * [core] support Expect: 100-continue with HTTP/1.1 (fixes #377, #1017, #1953, #2438) * [mod_openssl] use TLS SNI to set host-based certs * [mod_ssi] send #exec cmd="..." output to temp file * [mod_scgi] tests/mod-scgi.t unit tests * [mod_auth] support LDAP groups for HTTP auth (fixes #1817) * [core] use getaddrinfo,inet_pton vs gethostbyname (fixes #2783) * [mod_auth] LDAP escape username in DN and filters * mod_vhostdb* (dbi,mysql,pgsql,ldap) (fixes #485, fixes #1936, fixes #2297) * [mod_auth] have LDAP template replace '?' * apply debian/patches/spelling.patch * [core] permit connection-level state in modules * [TLS] include in rand.c * [core] config match w/ arbitrary HTTP request hdrs (fixes #1556) * [mod_flv_streaming] add end pos param (fixes #1887) * [core] X-LIGHTTPD-KBytes-per-second from backends (fixes #954) * [core] improve accuracy of bandwidth write limits * [core] quicker graceful shutdown * [tests] remove unused file depending on CGI.pm * [doc] doc/initscripts.txt (fixes #2782) * [core] check issetugid() early in main() * [core] combine duplicated getrlimit, network_init * [core] move interval timer near worker event loop * [core] initialize globals at top of main() * [core] graceful restart with SIGUSR1 (fixes #2785) * [mod_authn_mysql] fix minor memleak at shutdown * [mod_rrdtool] no error if loaded but no config * [doc] SIGUSR1 doc and lighttpd-angel SIGUSR1 * [mime.conf] add text/markdown to utf-8 list, regenerate mime.conf * [mod_cgi] RFC3875 CGI local-redir strict adherence (#2108) * [mod_cgi] do not send "Status" back to client * [core] add label for 308 Permanent Redirect * [mod_openssl] inherit ssl.* from global scope * [core] handle if backend sends Transfer-Encoding (#2786) * [core] use kqueue in level-triggered mode (fixes #2788) * [mod_fastcgi,mod_scgi] backend spawn EINTR retry (#2788) * [core] config opt to intercept dynamic handler err (fixes #974) * [core] set default server_tag in server.c * [core] include lighttpd vers in server started msg * [core] move version.h logic into server.c * [core] issue trace if max-fds too large (fixes #2789) * [mod_fastcgi,mod_scgi] consistent waitpid handling (fixes #2791) * [mod_cgi] fix CGI local-redir w/ url.rewrite-once (fixes #2793) * [mod_scgi] fix unused_procs bidirectional-links * [mod_scgi] fix potential repeated use of proc->id * [mod_fastcgi,mod_scgi] consolidate backend process accounting (#2788) * [mod_cgi] status 200 OK if no hdrs (deprecated) (#2786) * [core] fix regex condition subst w/ mod_extforward (fixes #2794) * [tests] correct skip count for mod-scgi.t * [mod_vhostdb_ldap] fix inverted logic (coverity) * [mod_cgi] cgi.local-redir = [enable|disable] (#2108, #2793) * [core] $REQUEST_HEADER[...] subsumes other config (#1556) * [mod_usertrack] usertrack.cookie-attrs config opt (fixes #2795) * [core] default server.max-fds=4096 if unspecified (#2789) * update .gitignore, add .gitattributes * [core] reduce con allocation for small max_conns * [config] more specific checks for array lists * [mod_authn_gssapi] needs -lcom_err under cygwin * [mod_cgi,fastcgi,scgi,proxy] fix streaming response (fixes #2796) * [mod_auth] Digest nonce on system with time <=1978 * [doc] simple-vhost.debug takes an integer value (fixes #2797) * [core] fix crash if invalid config file (fixes #2798) * [core] remove unused member con->in_joblist * [mod_proxy] remove use of con->got_response * [core] consolidate dynamic handler response parse * [core] remove now-unused buffer_search_string_len * [mod_cgi] eliminate warning when compiled -Os * [mod_scgi] do not reconnect after connect succeeds * [tests] reduce time waiting for backends to start * [core] server.syslog-facility (fixes #2800) * [core] server.syslog-facility (use -1 for unset) (#2800) * [core] allow overriding prior config values (fixes #2799) * [mod_proxy] set Content-Length, if available * [mod_proxy] set X-Forwarded-Host (fixes #418) * [core] remove redundant Content-Length digit check * [core] remove some unused header includes * [core] use con->dst_addr_buf instead of ip recalc * [core] include "fdevent.h" where needed * [core] make stat_cache private to stat_cache.c * [core] collect ioctl FIONREAD code * [core] include where needed * [core] report file path when mkstemp() fails (fixes #2802) * [core] export http_request_host_policy() for reuse * [mod_extforward] simplify header search * [mod_extforward] consolidate ipstr_to_sockaddr() * [mod_extforward] upd scheme after ipstr validated * [mod_extforward] rearrange code; prep Forwarded * [mod_extforward] support Forwarded HTTP Extension (#2703) * [mod_proxy] support Forwarded HTTP Extension (fixes #2703) * [core] inet_pton(), inet_ntop() on (sock_addr *) * [core] save connection-level proto in con->proto * [mod_extforward] support HAProxy "PROXY" protocol (fixes #2804) * [mod_extforward] fix typos in Forwarded handling * [core] fix stat_cache initialization error * [core] perf: stat_cache_mimetype_by_ext() * [core] inet_ntop_cache now 4-element cache * [mod_openssl] free local_send_buffer at exit * [core] extend mimetype search w/o leading '.' * [core] no SOCK_CLOEXEC on Linux kernel < 2.6.27 * [core] inline simple buffer is empty checks * [core] buffer_substr_replace() * [core] sys-strings.h abstraction for strings.h * [mod_proxy] fix backslash escaping * [core] omit default port from normalized host str * [core] fix build issue without ipv6 support * [core] permit strings and integers in config array * [mod_accesslog] flag high precision ts for %T (fixes #2807) * [core] permit strings,ints,arrays in config array * [core] calloc plugin_config for consistent init * [mod_proxy] simple host/url mapping in headers (fixes #152) * [mod_uploadprogress] handle query str progress ID (fixes #2808) * [mod_fastcgi] consolidate backend read code * [mod_proxy,mod_scgi] fix truncated error trace * [core] skip socket shutdown() if con->fd negative * [core] act as transparent proxy after con Upgrade * [core] remove redundant resets of fde_ndx * [core] configparser: fix resource handling in error cases (fixes #2809) * [core] fix crash for invalid syntax in config file (fixes #2810) * [core] prep mod transitions to transparent proxy * [mod_proxy] basic support for Upgrade: websocket (fixes #2811) * [mod_extforward] compile on OSX * [core] set server.max-keep-alive-requests = 100 (fixes #2205) * [core] perf: skip redundant strlen() if len known * [core] optional condition in config "else" clause (fixes #1268) * [mod_cgi] basic support for Upgrade: websocket * [core] buffer to disk streaming to slow backends * [core] silence compiler warnings if !HAVE_FORK * [build] -Werror if --enable-extra-warnings=error * [build] autotools use AC_PROG_CC_STDC macro * [mod_openssl] ssl.ca-crl-file for CRL (fixes #2319) * [mod_openssl] ssl.ca-dn-file (fixes #2694) * [mod_proxy] fix typo identified by coverity * [mod_openssl] ignore client verification error if not enforced * [mod_openssl] fix compile with openssl 1.1.0 * [mod_extforward] quiet clang compiler warning * [mod_dirlisting] sort "../" to top of names * [mod_openssl] safer_X509_NAME_oneline() (fixes #2693) * [core] allow earlier plugin init for SSL/TLS * [mod_openssl] adjust use of ssl.ca-dn-file * [core] fix compiler warnings on Mac OS X * [core] server.socket-perms to set perms on unix (fixes #656) * [core] get port from sock_addr if AF_INET,AF_INET6 * [core] server.error_handler_404 X-Sendfile ENOENT (#2474) * [core] consolidate fork()/execve() code (#1393) * [core] mv log_error_{open,cycle.close} to server.c * [core] rename fd_close_on_exec() * [core] remove unused includes of stat_cache.h * [core] add missing include of stdlib.h * [core] reduce exposure of unistd.h, other includes * [core] sock_addr_from_str_hints reusable name res * [core] continue collecting use of netdb.h * [core] continue collecting use of netdb.h * [core] continue collecting use of netdb.h * [core] fdevent_connect_status() shared code * [core] add const to reduce .data segment size * [mod_proxy] move data_fastcgi into mod_proxy.c * [mod_proxy] store address family at config time * [mod_fastcgi] slightly simplify counters * [mod_fastcgi] consolidate connect() error handling * [mod_fastcgi] set request_id in fcgi_create_env() * [mod_fastcgi] move delayed connect() into switch() * [mod_fastcgi,mod_scgi] consistent connect() error * [mod_scgi] remove unused parse_response member * [mod_fastcgi,mod_scgi] struct member consistency * [mod_fastcgi,mod_scgi] parse bin_path at startup * [mod_fastcgi,mod_scgi] use temp buffer for cgi_env * [core] shared code for socket backends * [core] spread load on socket backend procs * [core] store sockaddr for socket backend procs * [core] resolve DNS at startup for socket backends * [core] adaptive spawning for socket backend procs (fixes #1162) * quell compiler warnings for -Wimplicit-fallthrough * [doc] update README * [core] fdevent_cycle_logger() * [core] reap lighttpd worker pids precisely * [core] restart piped loggers if they exit (fixes #1393) * [mod_webdav] PROPFIND getetag attr must match GET * [core] consistent behavior w/ and w/o SA_SIGINFO * [core] do not remove pid-file in test mode * [core] add public domain SHA1() if no crypto * [mod_wstunnel] websocket tunnel to other protocol * [core] forward SIGHUP only to lighttpd workers * [mod_dirlisting] treat README and HEADER as paths (fixes #2818) * [core] set one-shot mode fd O_NONBLOCK, FD_CLOEXEC * [core] remove fdevent fcntl_set hook * [mod_extforward] typo in comment * [mod_cgi] add missing #include * [core] fix invalid sizeof() identified by coverity * [core] add missing #include * [core] base_decls.h to quiet compiler warnings * [core] set socket perms after bind, before listen * [core] warn if backend server config contains '_' * [mod_extforward] PROXY proto and SSL_CLIENT_VERIFY * [core] workaround for AIX mmap define * [mod_accesslog] flush access logs every 4 seconds * [mod_cgi] fix bug to properly exec interpreter * [mod_fastcgi] fix return when streaming min buffer * [core] attempt to quiet coverity false positives * [core] attempt to quiet coverity false positives * [core] attempt to quiet compiler warning in LEDE * [core] SIGCHLD handle_waitpid hook for modules * [mod_rrdtool] handle_trigger returns HANDLER_GO_ON * [mod_openssl] ssl.read-ahead="disable" for stream * [mod_cgi] add FDEVENT_IN upon CGI exit * [mod_cgi] omit cgi_handle_fdevent after proc exit * [mod_webdav] check HAVE_UUID for -luuid * [core] adjust li_rand_pseudo* interfaces * [mod_wstunnel] fix config parsing bug * [core] fdevent setsockopt() helper functions * [core] make strftime_cache_get() 16-element cache * [core] disable Nagle if streaming to backend * [core] fix triggered assert on HTTP chunked input (fixes #2822) * [mod_wstunnel] fix NULL ptr deref * [algo_sha1] fix compile break and warnings * [lemon] fix gcc implicit-fallthrough warning * [core] URI scheme is case-insensitive * [network] do not append port to unix socket paths * [unittests] consolidate base64 test code * [core] use sun_path for addr string for AF_UNIX (fixes #2826) * [core] cleaner code; remove goto from network.c * [core] /dev/stdin listener for inetd wait yes * [core] compare listen addrs after DNS resolution * [core] inline chunkqueue_is_empty() * [core] limit use of TCP_CORK * [core] return from http_response_read if small rd * [core] gateways might Upgrade con before body read * [mod_wstunnel] set Sec-WebSocket-Protocol if bin * [mod_wstunnel] remove invalid appended '\0' * [core] quiet coverity warning * [core] handle fds pending close after poll timeout (fixes #2827) * [core] fix $REQUEST_HEADER[...] parsing in config (#1556) * [mod_dirlisting] custom js date parse func (fixes #2823) * [core] remove fd interest if create_env returns * [mod_openssl] copy data for larger SSL packets * [mod_openssl] remove erroneous SSL_set_shutdown() * [core] permit LF to end lines if !header-strict * [core] add back REQUEST_SCHEME for backends * [core] remove fdevent_sched_run from fdevent_libev (#2827) * [mod_openssl] ssl.read-ahead="disable" by default * [core] adjust parser for valid variable expansion * [cmake] handle WITH_WEBDAV_LOCKS option * [cmake] fix attr header detection and linking * [cmake] link mod_cml with memcached * [core] reproducible build: hide __DATE__ __TIME__ (fixes #2828) * [core] perf: more efficient fdevent_sched_run() * [core] translate DNS to IP str for cond socket cmp - 1.4.45 - 2017-01-14 * [mod_cgi] skip local-redir handling if to self (fixes #2779, #2108) * [mod_webdav] fix crash when plugin_ctx cleaned up (fixes #2780) * [mod_fastcgi] detect child exit, restart proactively * [mod_scgi] detect child exit, restart proactively * [TLS] ssl.read-ahead = "disable" for low mem (fixes #2778) - 1.4.44 - 2016-12-24 * [mod_scgi] fix segfault (fixes #2762) * [mod_authn_gssapi] fix memory leak * [config] warn if mod_authn_ldap,mysql not listed * [mod_magnet] fix magnet_cgi_set() set of env vars (fixes #2763) * [mod_cgi] FreeBSD 9.3/MacOSX does not have pipe2() (fixes #2765) * [mod_extforward] fix crash on invalid IP (fixes #2766) * [mod_fastcgi] fix segfault if all backends down (fixes #2768) * [mod_cgi] fix out of sockets error for POST to CGI (fixes #2771) * [mod_auth] compile fix for Mac OS X XCode (fixes #2772) * [mod_authn_gssapi] better resource cleanup * [core] compile fix for Mac OS X 10.6 (old) (fixes #2773) * fix race in dynamic handler configs (reentrancy) (fixes #2774) * [mod_authn_mysql] close mysql_conn in cleanup * [mod_webdav] compile fix when locking not enabled * load mod_auth & mod_authn_file in sample/test.conf * comment out auth.backend.ldap.* in tests/*.conf * [mod_fastcgi,mod_scgi] warn if invalid "bin-path" * RAND_pseudo_bytes() is deprecated in openssl 1.1.0 * openssl 1.1.0 init and cleanup * [mod_cgi] remove direct calls to network_backend* * [build] build network_*.c into lighttpd executable * suggest inclusion of mod_geoip... before mod_ssi. * set systemd settings similar to lighttpd2 * [doc] remove reference to Linux rt-signals * [mod_authn_gssapi] fix missing error ret, coverity * [core] rename li_rand() to li_rand_pseudo_bytes() * remove #include "stream.h" where not used * [mod_cml] include lua headers before base.h * [core] combine duplicated connection reset code * [mod_ssi] produce content in subrequest hook * [core] remove srv->entropy[] * [core] defer li_rand_init() until first use * [core] permit connection-level state in modules * [mod_dirlisting] render dirlisting as HTML (fixes #2767) * [mod_proxy] replace HTTP Host sent to backend (fixes #2770) * [mod_ssi] basic recursive SSI include virtual (fixes #536) * [mod_ssi] implement, ignore * [core] consolidate duplicated read-to-close code * [core] fix segfault when parsing a bad config file * [core] support Transfer-Encoding: chunked req body (fixes #2156) * [autobuild] set NO_RDYNAMIC=yes for midipix * [mod_proxy] proxy.balance = "sticky" option (fixes #2117) * [mod_secdownload] warn if SHA used w/o SSL crypto * [build] compile fixes for AIX * [build] check for pipe2() at configure time * [mod_evhost] fix an incorrect error trace * [tests] mark tests/docroot/www/*.pl scripts a+x * [mod_cgi] fall back to pipe() if pipe2() fails * fix SCons fullstatic build with glibc pthreads * [TLS] openssl 1.1.0 makes SSL_OP_NO_SSLv2 no-op - 1.4.43 - 2016-10-31 * [autobuild] remove mod_authn_gssapi dep on resolv * [mod_deflate] ignore '*' in deflate.mimetypes * [autobuild] omit module stubs when missing deps * [TLS] openssl 1.1.0 hides struct bignum_st * [autobuild] move http_cgi_ssl_env() for Mac OS X (fixes #2757) * [core] use paccept() on NetBSD (replace accept4()) * [TLS] remote IP conditions are valid for TLS SNI (fixes #2272) * [doc] lighttpd-angel.8 (fixes #2254) * [cmake] build fcgi-auth, fcgi-responder for tests * [mod_accesslog] %{ratio}n logs compression ratio (fixes #2133) * [mod_deflate] skip deflate if loadavg too high (fixes #1505) * [mod_expire] expire by mimetype (fixes #423) * [mod_evhost] partial matching patterns (fixes #1194) * build: use CC_FOR_BUILD for lemon when cross-compiling * [mod_dirlisting] config header and readme files * [config] warn if mod_authn_ldap,mysql not listed * fix FastCGI, SCGI, proxy reconnect on failure * [core] network_open_file_chunk() temp file opt * [mod_rewrite] add more info in error log msg * [core] fix fd leak when using libev (fixes #2761) * [core] fix potential streaming tempfile corruption (fixes #2760) * [mod_scgi] fix prefix matching to always match url * [autobuild] adjust Makefile.am for FreeBSD * [build] move some build scripts to scripts/ * [autotools] fix configure.ac for opensuse 13.2 - 1.4.42 - 2016-10-16 * [TLS] SSL_shutdown() only if handshake finished * [mod_proxy,mod_scgi] shutdown remote only if local (#2743) * [core] check if client half-closed TCP if POLLHUP (#2743) * [core] enforce wait for POLLWR after EINPROGRESS (fixes #2744) * [core] do not enter handler twice after read body * [core] proxy,scgi omit shutdown() to backend (fixes #2743) * [mod_dirlisting] dirlist does not handle POST * [mod_dirlisting] js column sort for dirlist table (fixes #613, fixes #2315) * [mod_auth] Digest auth fails after rewrite (fixes #2745) * [mod_auth] refactor out auth backend code * [mod_auth] extensible interface for auth backends * [core] better DragonFlyBSD support (fixes #2746) * [mod_auth] include base.h for USE_OPENSSL def * [mod_auth] support CRYPT-MD5-NTLM algorithm (fixes #1743) * [mod_auth] terminate salt for CRYPT-MD5-NTLM * [core] fix crash if ready events on abandoned fd (fixes #2748) * [mod_auth] http_auth_md5_hex2bin() * [mod_auth] remove empty mod_auth.h * [mod_auth] mod_authn_mysql.c MySQL auth backend (fixes #752, fixes #1845) * [mod_cgi] permit CGI exec of unreadable files (fixes #2374) * [mod_uploadprogress] add to default build * [mod_geoip] add to default build (fixes #2705, fixes #2101, fixes #2092, fixes #2025, fixes #1962, fixes #1938) * [mod_fastcgi] Authorizer support with Responder (fixes #321, fixes #322) * [tests] test coverage for issues (#321, #322) * dynamic handlers store debug flag in handler_ctx * [mod_fastcgi] allow authorizer, responder for same path/ext (#321) * backport mod_deflate to lighttpd 1.4 (fixes #1824, fixes #2753) * [autobuild] test_configfile might need vector.c (fixes #2752) * [mod_deflate] fix longjmp clobber compiler warning * remove unused array type TYPE_COUNT data_count * [mod_auth] structured data, register auth schemes * [mod_auth] mod_authn_gssapi Kerberos auth backend (fixes #1899) * [autobuild] skip two new tests if no fcgi-auth * [SCons] define with_krb5 for SCons build * [SCons] fix syntax error in SConstruct * [SCons] define with_geoip for SCons build * [CMake] fix clang -Wcast-align warnings in lemon.c * remove excess initializers (fix compiler warnings) * fix errors detected by Coverity Scan * performance: use Linux extended syscalls and flags * [mod_scgi] add uwsgi protocol support * [mod_auth] refactor LDAP code into smaller funcs * [mod_auth] HTTP Basic auth backends also do authz (#1817) * [mod_auth] ldap filter subst user for multiple '$' (fixes #1508) * [mod_auth] permit specifying ldap DN; skip search (fixes #1248) * [autobuild] update module/feature report * [cmake] build mod_authn_gssapi if WITH_KRB5 * [mod_auth] fix printing of IP in error trace * [mod_mysql_vhost] support multiple '?' replacement (fixes #2163) * [core] make server.max-request-size scopeable (#1901) * [core] server.max-request-field-size (fixes #2130) * [core] optional condition in config "else" clause (fixes #1268) * [core] restrict where config "else" clauses occur (#1268) * silence warnings from clang ccc-analyzer * consistent, shared code to create CGI env * [TLS] replace env entries in https_add_ssl_entries * [TLS] set SSL_CLIENT_M_SERIAL w/ client cert SN (fixes #2268) * [TLS] set SSL_CLIENT_VERIFY w/ client cert (#1288, #2693) * [TLS] set SSL_PROTOCOL, SSL_CIPHER* (fixes #2511) * [core] rand.[ch] to use better RNGs when available * [mod_cgi] fix pipe_cloexec() when no O_CLOEXEC * ignore return value from fcntl() FD_CLOEXEC * build w/o compiler warnings if no zlib or bz2lib - 1.4.41 - 2016-07-31 * remove long-deprecated, non-functional config opts * [config] inherit server.use-ipv6 and server.set-v6only (fixes #678) * [mod_auth] fix Digest auth to be better than Basic (fixes #1844) * [mod_ssi] fix #config sizefmt="bytes" * [autobuild] move inet_pton detection later * [core] #include for FIONREAD (fixes #2726) * [autobuild] clock_gettime() -lrt with glibc < 2.17 * [security] do not emit HTTP_PROXY to CGI env * [build_cmake] clock_gettime() -lrt w/ glibc < 2.17 (fixes #2737) * [core] avoid spurious trace and error abort * [core] stay in CON_STATE_CLOSE until done with req * [core] $HTTP["remoteip"] must handle IPv6 w/o [] * [mod_status] show keep-alive status w/ text output (fixes #2740) * do not set REDIRECT_URI in mod_magnet, mod_rewrite (#2738) * revert 1.4.40 swap of REQUEST_URI, REDIRECT_URI (fixes #2738) * [core] permit IPv6 address scope identifier * [TLS] better handling of SSL_ERROR_WANT_READ/WRITE * [TLS] read all available records from SSL_read() * [core] try AF_INET after AF_INET6 if use-ipv6 * [core] set chunkqueue tempdirs at startup * [security] ensure gid != 0 if server.username set (fixes #2725) * [security] disable stat_cache if !follow-symlink (fixes #2724) * [core] fix buffer_copy_string_hex() assert (fixes #2742) * [security] encode quoting chars in HTML and XML * [cmake] always define _GNU_SOURCE * [cmake] enable warnings for GCC and Clang * [cmake] set cmake_minimum_required to 2.8.2 - 1.4.40 - 2016-07-16 * [mod_ssi] enhance support for ssi vars (thx fbrosson) * add handling for lua 5.2 and 5.3 (fixes #2674) * use libmemcached instead of deprecated libmemcache * add force_assert for more allocation results * [mod_cgi] use MAP_PRIVATE to mmap temporary file (fixes #2715) * [core] do not send SIGHUP to process group unless server.max-workers is used (fixes #2711) * [mod_cgi] edge case chdir "/" when docroot "/" (fixes #2460) * [mod_cgi] issue trace and exit if execve() fails (closes #2302) * [configparser] don't continue after parse error (fixes #2717) * [core] never evaluate else branches until the previous branches are ready (fixes #2598) * [core] fix conditional cache handling * [core] improve conditional enabling (thx Gwenlliana, #2598) * [mod_compress] case-insensitive content-codings (fixes #2645) * [plugins] don't include dlfcn.h if not needed (fixes #2548) * [mod_fastcgi] 404 for X-Sendfile file not found (fixes #2474) * [mod_cgi] send 500 if CGI ends and there is no response (fixes #2542) * [mod_cgi] consolidate CGI cleanup code * [mod_cgi] simplify mod_cgi_handle_subrequest() * [mod_cgi] kill CGI if fail to write request body * [mod_proxy] use case-insensitive comparison to filter headers, send Connection: Close to backend (fixes #421) * [mod_dirlisting] dir-listing.hide-dotfiles = "enabled" by default (fixes #1081) * [mod_secdownload] fix buffer overflow in secdl_verify_mac (reported by Fortify Open Review Project) * [mod_fastcgi,mod_scgi] fix leaking file-descriptor when backend spawning failed (reported by Fortify Open Review Project) * [core] improve array API to prevent memory leaks * [core] refactor array search; raise array size limit to SSIZE_MAX * [core] fix memory leak in configparser_merge_data * [core] provide array_extract_element and use it * [core] configparser: error on duplicate keys in array merge (fixes #2685) * [core] more careful parse of $SERVER["socket"] config str (prepare #2204) * [core] accept $SERVER["socket"] without port, use server.port as fallback (fixes #2204) * [mod_magnet] define lua_pushglobaltable (for lua5.1) and use it (fixes #2719) * [ssl] support disabling ssl.verifyclient.activate in SNI callback (fixes #2531) * restart (some) syscalls after SIGCHLD interrupted them; should fix LDAP problems (fixes #2464) * [core] log remote address on request timeouts (fixes #652) * [autobuild] use AC_CANONICAL_HOST instead of AC_CANONICAL_TARGET (fixes #1866) * [core] fix request_start in keep-alive requests to mark time when received first byte (fixes #2412) * [core] truncate pidfile on exit (fixes #2695) * consistent inclusion of config.h at top of files (fixes #2073) * [core] add generic vector implementation * [core] replace array weakref with vector * [base64] fix crash due to broken force_assert * [unittests] add test_buffer and test_base64 unit tests * [buffer] refactor buffer_path_simplify (fixes #2560) * validate return values from strtol, strtoul (fixes #2564) * [mod_ssi] Add SSI vars SCRIPT_{URI,URL} and REQUEST_SCHEME (fixes #2721) * [config] warn if server.upload-dirs has non-existent dirs (fixes #2508) * [mod_proxy] accept LF delimited headers, not just CRLF (fixes #2594) * [core] wait for grandchild to be ready when daemonizing (fixes #2712, thx pasdVn) * [core] respond 411 Length Required if request has Transfer-Encoding: chunked (fixes #631) * [core] fixed the loading for default modules if they are specified explicitly * [core] lighttpd -tt performs preflight startup checks (fixes #411) * [stat] mimetype.xattr-name global config option (fixes #2631) * [mod_webdav] allow Depth: Infinity lock on file (fixes #2296) * [mod_status] use snprintf() instead of sprintf() * pass buf size to li_tohex() * use li_[iu]tostrn() instead of li_[iu]tostr() * [stream] fstat() after open() to obtain file size * [core] clean up srv before exiting for lighttpd -[vVh] * [mod_fastcgi,mod_scgi] check for spawning on same unix socket (fixes #319) * [mod_cgi] always set QUERY_STRING (fixes #1339) * [mod_auth] send charset="UTF-8" in WWW-Authenticate (fixes #1468) * [mod_magnet] rename var for clarity (fixes #1483) * [mod_extforward] reset cond_cache for scheme (fixes #1499) * [mod_webdav] readdir POSIX compat (fixes #1826) * [mod_expire] reset caching response headers for error docs (fixes #1919) * [mod_status] page refresh option (fixes #2170) * [mod_status] table w/ count of con states (fixes #2427) * [mod_dirlisting] class for dir (fixes #2304) * [core] define __STDC_WANT_LIB_EXT1__ (fixes #2722) * [core] setrlimit max-fds <= rlim_max for non-root (fixes #2723) * [mod_ssi] config ssi.conditional-requests * [mod_ssi] config ssi.exec (fixes #2051) * [mod_redirect,mod_rewrite] short-circuit if blank replacement (fixes #2085) * [mod_indexfile] save physical path to env (fixes #448, #892) * [core] open fd when appending file to cq (fixes #2655) * [config] server.listen-backlog option (fixes #1825, #2116) * [core] retry tempdirs on partial write, ENOSPC (fixes #2588) * [core] compile with upcoming openssl 1.1.0 release (fixes #2727) * [core] improve dynamic handler control flow logic * [core] defer reading request body until handle subrequest (fixes #2541) * [core] always poll for client POLLHUP/POLLERR events (fixes #399) * [mod_fastcgi,mod_scgi,mod_proxy] handlers can read response before sending req body (fixes #131, #2566) * [mod_cgi] asynchronous send of request body to CGI * [core] compile with upcoming openssl 1.1.0 release (fixes #2727) * [core] set REDIRECT_STATUS to error_handler_saved_status (fixes #1828) * [core] server.error-handler new directive for error pages (fixes #2702) * [core] support IPv6 in $HTTP["remote-ip"] CIDR cond match (fixes #2706) * [core] http_response_send_file() shared code (#2017) * [mod_fastcgi] use http_response_xsendfile() (fixes #799, fixes #851, fixes #2017, fixes #2076) * [mod_scgi] X-Sendfile feature (fixes #2253) * [mod_cgi] X-Sendfile feature (fixes #2313) * [mod_webdav] lseek,read if fs can not mmap (#2666, fixes #962) * [mod_compress] use mmap and trap SIGBUS (#2666, fixes #1879) * fallback to lseek()/read() if mmap() fails (#fixes 2666) * [mod_auth] skip blank lines and comment lines (fixes #2327) * [core] fallback to write if sendfile not supported (fixes #471, #987) * [core] preserve PATH_INFO case on case-insensitive fs (fixes #406) * [mod_ssi, mod_cml] set DOCUMENT_ROOT to basedir (fixes #2383) * [core] cmd line opt to shutdown after idle time limit (fixes #2696) * [core] lighttpd -1 handles single request on stdin socket (fixes #1584) * [mod_fastcgi,mod_scgi] IPv6 support (fixes #2372) * [mod_status] add JSON output option (fixed #2432) * [mod_webdav] map COPY/MOVE Destination to aliases (fixes #1787) * [mod_webdav] improve PROPFIND,PROPPATCH (#1818, #1953) * [core] reset response headers, write_queue for error docs * build with libressl * static build instructions using SCons or make * [mod_auth] preserve WWW-Authenticate for error docs (fixes #2730) * check close() return code after writing to file * adjustments for openssl 1.1.0 pre-release * [config] support include file glob (fixes #1221) * [mod_evasive] 302 redirect option if limit reached (fixes #2199) * [build] enhancements for cross-compiling (fixes #2276) * [mod_accesslog] report aborted con state with %X (fixes #1890) * [mod_ssi] fix SSI statement parser * [mod_ssi] include relative to alias,userdir (fixes #222) * [mod_ssi] add PCRE_* options to constrain regex * [mod_ssi] more flexible quoting (fixes #1768) * [core] wrap IPv6 literal in "[]" in redirect URL * [mod_ssi] fix parse of tag across buf boundary (fixes #2732) * [mod_cgi,mod_scgi] X-Sendfile sets file_started (fixes #2733) * [mod_fastcgi] no chunked response w/ X-Sendfile (fixes #2733) * [config] opts for http header parsing strictness (fixes #551, fixes #1086, fixes #1184, fixes #2143, #2258, #2281, fixes #946, fixes #1330, fixes #602, #1016) * [config] normalize IP strings in lighttpd.conf * [build_cmake] use MODULE on Mac OS X (fixes #1761) * [config] server.bsd-accept-filter option * [mod_webdav] create file w/ LOCK request if ENOENT * [core] buffer large responses to tempfiles (fixes #758, fixes #760, fixes #933, fixes #1387, #1283, fixes #2083) * [core] stream response to client (#949) * [TLS] release openssl buffers as used (fixes #1265, fixes #1283, #881) * [config] config options to stream request/response (#949, #376) * [core] option to stream request body to backend (fixes #376) * [core] option to stream response body to client (fixes #949, #760, #1283, #1387) * drain backend socket/pipe bufs upon FDEVENT_HUP * remove excess calls to joblist_append() * defer choosing "Transfer-Encoding: chunked" * asynchronous, bidirectional streaming options * fix errors detected by Coverity Scan * [cygwin] fix mod_proxy and mod_fastcgi ioctl use * [mod_webdav] remove excess SQL param to UNLOCK * graceful shutdown without unnecessary 1 sec delay * [core] disable Nagle algorithm (TCP_NODELAY) * [core] add declarations to fdevent.h (#2373) * [tests] remove dependency on CGI.pm * [TLS] fix return value checks during cert init * [core] fix server.max-request-size to be precise (fixes #2131) * [mod_webdav] fix proppatch mem leak, other fixes (#fixes 1334, #fixes 2000) * [autobuild] CMake check for struct tm tm_gmtoff (fixes #2014) * [mod_uploadprogress] fix mem leak (#1858) * [core] make server.max-request-size scopeable (fixes #1901) * [mod_fastcgi,mod_scgi] check for spawning on same unix socket (#319) * [mod_accesslog] %a %A %C %D %k %{}t %{}T (fixes #1145, fixes #1415, fixes #2081) * [mod_access] new directive url.access-allow (fixes #1421) * [core] fdevent_libev: update use of ev_timer * [mod_cgi] handle local redirect response (fixes #2108) - 1.4.39 - 2016-01-02 * [core] fix memset_s call (fixes #2698) * [chunk] fix use after free / double free (fixes #2700) - 1.4.38 - 2015-12-05 * [stat-cache] fix handling of collisions, might have returned wrong data (fixes #2669) * [core] allocate at least 4k buffer for incoming data * [core] fix search for header end if split across chunks (fixes #2670) * [core] check configparserAlloc() result with force_assert * [mod_auth] implement and use safe_memclear, using memset_s or explicit_bzero if available (thx loganaden) * [core] don't buffer request bodies smaller than 64k on disk * add force_assert for many allocations and function results * [mod_secdownload] use a hopefully constant time comparison to check hash (fixes #2679) * [config] check config option scope; warn if server option is given in conditional * [core] revert increase of temp file size back to 1MB, provide a configure option "server.upload-temp-file-size" instead (fixes #2680) * [core] add '~' to safe characters in ENCODING_REL_URI/ENCODING_REL_URI_PART encoding * [core] encode path with ENCODING_REL_URI in redirect to directory (fixes #2661, thx gstrauss) * [mod_secdownload] add required algorithm option; old behaviour available as "md5", new options "hmac-sha1" and "hmac-sha256" * [mod_fastcgi/mod_scgi] zero sockaddr structs before use (fixes #2691, thx Kyle J. McKay) * [network] add darwin-sendfile backend (fixes #2687, thx Kyle J. McKay) * [core] show correct crypt support result (fixes #2690, thx Kyle J. McKay) - 1.4.37 - 2015-08-30 * [mod_proxy] remove debug log line from error log (fixes #2659) * [mod_dirlisting] fix dir-listing.set-footer not showing * fix out-of-filedescriptors when uploading "large" files (fixes #2660, thx rmilecki) * increase upload temporary chunk file size from 1MB to 16MB * fix undefined integer shift * rewrite network sendfile/mmap/writev/write backends * fix some unchecked return value warnings * [kqueue] fix kevent call * [autoconf] define HAVE_CRYPT when crypt() is present * [bsd xattr] fix compile break with BSD extended attributes in stat_cache * [mod_cgi] rewrite mmap and generic (post body) send error handling * [mmap] fix mmap alignment * [plugins] when modules are linked statically still only load the modules given in the config * [mmap] handle SIGBUS in network; those get triggered if the file gets smaller during reading * fix some warnings found by coverity ("leak" in setup phase, not catching too long unix socket paths in mod_proxy) - 1.4.36 - 2015-07-26 * use keep-alive timeout while waiting for HTTP headers; use always the read timeout while waiting for the HTTP body * fix bad shift in conditional netmask ".../0" handling * add more mime types and a script to generate mime.conf (fixes #2579) * add support for (Free)BSD extended attributes * [build] use fortify flags with "extra-warnings" * [mod_dirlisting,mod_redirect,mod_rewrite] abort config parsing if pcre-compile fails or isn't available * [ssl] disable SSL3.0 by default * fixed typo in example config found by openSUSE user (boo# 907709) * [network] fix compile break in calculation of sockaddr_un size if SUN_LEN is not defined (fixes #2609) * [connections] fix bug in connection state handling * print backtrace in assert logging with libunwind * major refactoring of internal buffer/chunk handling * [mod_auth] use crypt_r instead of crypt if available * fix error message for T_CONFIG_ARRAY config values if an entry value is not a string * fix segfaults in many plugins if they failed configuration * escape all strings for logging (fixes #2646 log file injection, reported by Jaanus Kääp) * fix hex escape in accesslog (fixes #2559) * show extforward re-run warning only with debug.log-request-handling (fixes #2561) * parse If-None-Match for ETag validation (fixes #2578) * fix memory leak in mod_status when no counters are set (found by coverity) * [mod_magnet] fix segfault when accessing not existing lighty.req_env[] entry (found by coverity) * fix segfault when temp file for upload couldn't be created (found by coverity) * mime.conf: add some new mime types, remove .dat, .sha1, .md5, update .vcf * [mod_proxy] add unix domain socket support (fixes #2653) * [configfile] fix reading uninitialized variable (found by Willian B.) - 1.4.35 - 2014-03-12 * [network/ssl] fix build error if TLSEXT is disabled * [mod_fastcgi] fix use after free (only triggered if fastcgi debug is active) * [mod_rrdtool] fix invalid read (string not null terminated) * [mod_dirlisting] fix memory leak if pcre fails * [mod_fastcgi,mod_scgi] fix resource leaks on spawning backends * [mod_magnet] fix memory leak * add comments for switch fall throughs * remove logical dead code * [buffer] fix length check in buffer_is_equal_right_len * fix resource leaks in error cases on config parsing and other initializations * add force_assert() to enforce assertions as simple assert()s are disabled by -DNDEBUG (fixes #2546) * [mod_cml_lua] fix null pointer dereference * force assertion: setting FD_CLOEXEC must work (if available) * [network] check return value of lseek() * fix unchecked return values from stream_open/stat_cache_get_entry * [mod_webdav] fix logic error in handling file creation error * check length of unix domain socket filenames * fix SQL injection / host name validation (thx Jann Horn) - 1.4.34 - 2014-01-20 * [mod_auth] explicitly link ssl for SHA1 (fixes #2517) * [mod_extforward] fix compilation without IPv6, (not) using undefined var (fixes #2515, thx mm) * [ssl] fix SNI handling; only use key+cert from SNI specific config (fixes #2525, CVE-2013-4508) * [doc] update ssl.cipher-list recommendation * [stat-cache] FAM: fix use after free (CVE-2013-4560) * [stat-cache] fix FAM cleanup/fdevent handling * [core] check success of setuid,setgid,setgroups (CVE-2013-4559) * [ssl] fix regression from CVE-2013-4508 (client-cert sessions were broken) * maintain physical.basedir (the "acting" doc-root as prefix of physical.path) in more places * [core] decode URL before rewrite, enabling it to work in $HTTP["url"] conditionals (fixes #2526) * [auto* build] remove -no-undefined from linker flags, as we actually link modules with undefined symbols (fixes #2533) * [mod_mysql_vhost] fix memory leak on config init (#2530) * [mod_webdav] fix fd leak found with parfait (fixes #2530, thx kukackajiri) - 1.4.33 - 2013-09-27 * mod_fastcgi: fix mix up of "mode" => "authorizer" in other fastcgi configs (fixes #2465, thx peex) * fix handling of If-Modified-Since if If-None-Match is present (don't return 412 for date parsing errors); follow current draft for HTTP/1.1, which tells us to ignore If-Modified-Since if we have matching etags. * [mod_fastcgi,log] support multi line logging (fixes #2252) * call ERR_clear_error only for ssl connections in CON_STATE_ERROR * reject non ASCII characters in HTTP header names * [mod_auth] use crypt() on encrypted password instead of extracting salt first (fixes #2483) * [mod_auth] add htpasswd -s (SHA1) support if openssl is used (needs openssl for SHA1). This doesn't use any salt, md5 with salt is probably better. * [mod_auth] fix base64_decode (#2484) * fix some bugs found with canalyze (fixes #2484, thx Zhenbo Xu) * fix undefined stuff found with clang * [cmake] Use TARGET_LINK_LIBRARIES instead of LINK_FLAGS for library dependencies, also add -Wl,--as-needed to extra warnings (fixes #2448) * [mod_auth] fix invalid read in digest qop=auth-int handling (fixes #2478) * [auto* build] simplify autogen.sh, handle automake 1.13 test running (fixes #2490) * [mod_userdir] add userdir.active option, "enabled" by default * [core] return 501 Not Implemented in static file mode for all methods except GET/POST/HEAD/OPTIONS * [core] recognize more http methods to forward to backends (fixes #2346) * [ssl] use DH only if openssl supports it (fixes #2479) * [network] use constants available at compile time for maximum number of chunks for writev instead of calling sysconf (fixes #2470) * [ssl] Fix $HTTP["scheme"] conditional, could be "http" for ssl connections if the ssl $SERVER["socket"] conditional was nested (fixes #2501) * [ssl] accept ssl renegotiations if they are not disabled (fixes #2491) * [ssl] add option ssl.empty-fragments, defaulting to disabled (fixes #2492) * [auth] put REMOTE_USER into cgi environment, making it accessible to lua via lighty.req_env (fixes #2495) * [auth] new method "extern" to use already present REMOTE_USER (from magnet, ssl, ...) (fixes #2436) * [core] remove requirement that default doc-root has to exist, there are reasonable scenarios not requiring static files at all * [core] check whether server.chroot exists * [mod_simple_vhost] fix cache; skip module if simple-vhost.server-root is empty (thx rm for reporting) * [mod_accesslog] add accesslog.syslog-level option (fixes #2480) * [core] allow files to be used as document-root (fixes #2475) * [core] set signal handlers before forking child processes in modules/plugins_call_set_defaults (fixes #2502) - 1.4.32 - 2012-11-21 * Code cleanup with clang/sparse (fixes #2437, thx kibi) * Ignore EPIPE/ECONNRESET after SSL_shutdown * Handle ENAMETOOLONG, return 404 Not Found (fixes #2396, thx dererkazo) * configure.ac: remove old stuff, add some new to fix warnings in automake 1.12 (fixes #2419, thx blino) * add PATCH method (fixes #2424) * fix :port handling in $HTTP["host"] checks (fixes #2135. thx liming) * network_server_init: fix double free and memleak on error (fixes #2440, thx kyprizel) * detect "x-gzip"/"x-bzip2" as separate encodings, more strict encoding matching (fixes #2443) * tests: make sure mod_proxy doesn't leave running processes (fixes #2435, thx kibi) * mod_extforward: log address of untrusted proxy with debug.log-request-handling * fix DoS in Connection header value split (reported by Jesse Sipprell, CVE-2012-5533) * remove whitespace at end of header keys - 1.4.31 - 2012-05-31 * [ssl] fix segfault in counting renegotiations for openssl versions without TLSEXT/SNI (thx carpii for reporting) * Move fdevent subsystem includes to implementation files to reduce conflicts (fixes #2373) * [mod_compress] fix handling if etags are disabled but cache-dir is set - may lead to double response * disable mmap by default (fixes #2391) * buffer_caseless_compare: always convert letters to lowercase to get transitive results, fixing array lookups (fixes #2405) * Fix handling of empty header list entries in http_request_split_value, fixing invalid read in valgrind (fixes #2413) * Fix access log escaping of " and \\ (fixes #1551) * [mod_auth] Fix digest "md5-sess" implementation (Errata ID 1649, RFC 2617) (fixes #2410) * [auth] Add "AUTH_TYPE" environment (for *cgi), remove fastcgi specific workaround, add fastcgi test case (fixes #889) * [mod_*cgi,mod_accesslog] Fix splitting :port with ipv6 (fixes #2333, thx simoncpu) * Detect multiple -f options: show error message instead of assert (fixes #2416) * [mod_extforward] Support ipv6 addresses (fixes #1889) * [mod_redirect] Support url.redirect-code option (fixes #2247) * Fix --enable-mmap handling in configure.ac - 1.4.30 - 2011-12-18 * Always use our 'own' md5 implementation, fixes linking issues on MacOS (fixes #2331) * Limit amount of bytes we send in one go; fixes stalling in one connection and timeouts on slow systems. * [ssl] fix build errors when Elliptic-Curve Diffie-Hellman is disabled * Add static-file.disable-pathinfo option to prevent handling of urls like .../secret.php/image.jpg as static file * Don't overwrite 401 (auth required) with 501 (unknown method) (fixes #2341) * Fix mod_status bug: always showed "0/0" in the "Read" column for uploads (fixes #2351) * [mod_auth] Fix signedness error in http_auth (fixes #2370, CVE-2011-4362) * [ssl] count renegotiations to prevent client renegotiations * [ssl] add option to honor server cipher order (fixes #2364, BEAST attack) * [core] accept dots in ipv6 addresses in host header (fixes #2359) * [ssl] fix ssl connection aborts if files are larger than the MAX_WRITE_LIMIT (256kb) * [libev/cgi] fix waitpid ECHILD errors in cgi with libev (fixes #2324) - 1.4.29 - 2011-07-03 * Fix mod_proxy waiting for response even if content-length is 0 (fixes #2259) * Silence annoying "connection closed: poll() -> ERR" error.log message (fixes #2257) * mod_cgi: make read buffer as big as incoming data block * [build] Fix detection of libev (fixes #2300) * ssl: Support for Diffie-Hellman and Elliptic-Curve Diffie-Hellman key exchange (fixes #2301) add ssl.use-sslv3 (fixes #2246) load all algorithms (fixes #2239) * [ssl/md5] prefix our own md5 implementation with li_ so it doesn't conflict with the openssl one (fixes #2269) * [ssl/build] some minor fixes; fix compile without ssl, cleanup ssl config buffers * [proc,include_shell] log error if exec shell fails (fixes #2280) * [*cgi] Use physical base dir (alias, userdir) as DOCUMENT_ROOT in cgi environments (fixes #2216) * [doc] Move docs to outdated/ subdir and refer to wiki instead (fixes #2248) * fdevent: add solaris eventports (fixes #2171) - 1.4.28 - 2010-08-22 * Rename fdevent_event_add to _set to reflect what the function does. Fix some handlers. (fixes #2249) * Fix buffer.h to include stdio.h as it is needer for SEGFAULT() (fixes #2250) - 1.4.27 - 2010-08-13 * Fix handling return value of SSL_CTX_set_options (fixes #2157, thx mlcreech) * Fix mod_proxy HUP handling (send final chunk, fix usage counter) * mod_proxy: close connection on write error (fixes #2114) * Check uri instead of physical path for directory redirect * Fix detecting git repository (fixes #2173, thx ncopa) * [mod_compress] Fix segfault when etags are disabled (fixes #2169) * Reset uri.authority before TLS servername handling, reset all "keep-alive" data in connection_del (fixes #2125) * Print double quotes properly when dumping config file (fixes #1806) * Include IP addresses on error log on password failures (fixes #2191) * Fix stalls while reading from ssl sockets (fixes #2197) * Fix etag formatting on boxes with 32-bit longs * Fix two compiler warnings * mod_accesslog: fix %p for ipv6 sockets (fixes #2228, thx jo.henke) * mod_fastcgi: Send 502 "Bad Gateway" if we couldn't open the file for X-Sendfile (fixes #2226) * mod_staticfile: add debug output if we ignore a file with static-file.exclude-extensions (fixes #2215) * mod_cgi: fix race condition leaving response not forwarded to client (fixes #2217) * mod_accesslog: Fix var declarations mixed in source (fixes #2233) * mod_status: Add version to status page (fixes #2219) * mod_accesslog: optimize accesslog_append_escaped (fixes #2236, thx crypt) * openssl: silence annoying error messages for errno==0 (fixes #2213) * array.c: improve array_get_unused_element to check data type; fix mem leak if unused_element didn't find a matching entry (fixes #2145) * add check to stop loading plugins twice * cleanup fdevent code, removed linux-rtsig handler, replaced some fprintf calls * only require FDEVENT_IN bit to be set for listening connections (fixes #2227) * add libev fdevent handler: server.event-handler = "libev" * mod_proxy: return response as soon as it is available (fixes #2196) * don't overwrite global server.force-lowercase-filenames setting (fixes #2042) * bind to IPV6-only if ipv6 address was specified (https://redmine.lighttpd.net/projects/lighttpd/wiki/IPv6-Config) - 1.4.26 - 2010-02-07 * Fix request parser to handle packets split on \r\n\r\n (fixes #2105) * Remove dependency on automake >= 1.11 with m4_ifdef check * mod_accesslog: support %e (fixes #2113, thx presbrey) * Fix mod_cgi cgi.execute-x-only option in global block * mod_fastcgi: x-sendfile2 parse error debugging * Fix mod_proxy dead host detection if connect() fails * Fix fd leaks in mod_cgi (fds not closed on pipe/fork failures, found by Rodrigo, fixes #2158, #2159) * Fix segfault with broken rewrite/redirect patterns (fixes #2140, found by crypt) * Append to previous buffer in con read, fix DoS/OOM vulnerability (fixes #2147, found by liming, CVE-2010-0295) * Fix HUP detection in close-state if event-backend doesn't support FDEVENT_HUP (like select or poll on FreeBSD) - 1.4.25 - 2009-11-21 * mod_magnet: fix pairs() for normal tables and strings (fixes #1307) * mod_magnet: add traceback for printing lua errors * mod_rewrite: fix compile error if compiled without pcre * disable warning "CLOSE-read" (fixes #2091) * mod_rrdtool: fix creating file if it doesn't exist (#1788) * reset tlsext_server_name in connection_reset - fixes random hostnames in the $HTTP["host"] conditional * export some SSL_CLIENT_* vars for client cert validation (fixes #1288, thx presbrey) * mod_fastcgi: fix mod_fastcgi packet parsing * mod_fastcgi: Don't reconnect after connect() succeeded (fixes #2096) * Fix configure.ac to allow autoreconf, also enables make V=0 - 1.4.24 - 2009-10-25 * Add T_CONFIG_INT for bigger integers from the config (needed for #1966) * Use unsigned int (and T_CONFIG_INT) for max_request_size * Use unsigned int for secdownload.timeout (fixes #1966) * Keep url/host values from connection to display information while keep-alive in mod_status (fixes #1202) * Add server.breakagelog, a "special" stderr (fixes #1863) * Fix config evaluation for debug.log-timeouts option (#1529) * Add "cgi.execute-x-only" to mod_cgi, requires +x for cgi scripts (fixes #2013) * Fix FD_SETSIZE comparison warnings * Add "lua-5.1" to searched pkg-config names for lua * Fix unused function webdav_lockdiscovery in mod_webdav * cmake: Fix crypt lib check * cmake: Add -export-dynamic to link flags, fixes build on FreeBSD * Set FD_CLOEXEC for bound sockets before pipe-logger forks (fixes #2026) * Reset ignored signals to SIG_DFL before exec() in fastcgi/scgi (fixes #2029) * Show "no uri specified -> 400" error only when "debug.log-request-header-on-error" is enabled (fixes #2030) * Fix hanging connection in mod_scgi (fixes #2024) * Allow digits in hostnames in more places (fixes #1148) * Use connection_reset instead of handle_request_done for cleanup callbacks * Change mod_expire to append Cache-Control instead of overwriting it (fixes #1997) * Allow all comparisons for $SERVER["socket"] - only bind for "==" * Remove strptime failed message (fixes #2031) * Fix issues found with clang analyzer * Try to fix server.tag issue with localized svnversion * Fix handling network-write return values (#2024) * Use disable-time in fastcgi for all disables after errors, default is 1sec (fixes #2040) * Remove adaptive spawning code from fastcgi (was disabled for a long time) * Allow mod_mysql_vhost to use stored procedures (fixes #2011, thx Ben Brown) * Fix ipv6 in mod_proxy (fixes #2043) * Print errors from include_shell to stderr * Set tm.tm_isdst = 0 before mktime() (fixes #2047) * Use linux-epoll by default if available (fixes #2021, thx Olaf van der Spek) * Print an error if you use too many captures in a regex pattern (fixes #2059) * Combine Cache-Control header value in mod_expire to existing HTTP header if header already added by other modules (fixes #2068) * Remember keep-alive-idle in separate variable (fixes #1988) * Fix header inclusion order, always include "config.h" before any system header * mod_webdav: Patch to skip login information for domain part of Destination field (fixes #1793) * mod_webdav: Delete old properties before updating new for MOVE (fixes #1317) * Read hostname from absolute uris in the request line (fixes #1937) * mod_fastcgi: don't disable backend if disable-time is 0 (fixes #1825) * mod_compress: match partial+full content-type (fixes #1552) * mod_fastcgi: fix is_local detection, respawn backends if bin-path is set (fixes #897) * Fix linger-on-close behaviour to avoid rare failure conditions (was r2636, fixes #657) * mod_fastcgi: restart local procs immediately after they terminated, fix local procs handling * Fix segfault on invalid config "duplicate else conditions" (fixes #2065) * mod_usertrack: Use T_CONFIG_INT for max-age, solves range problem (#1455) * mod_accesslog: configurable timestamp logging (fixes #1479) * always define _GNU_SOURCE * Add some iterators for mod_magnet (fixes #1307) * Fix close_timeout_ts trigger (should finally fix lingering close) * mod_rewrite: add url.rewrite-[repeat-]if-not-file to rewrite if file doesn't exist or is not a regular file (fixes #985, thx lucas aerbeydt) * Add TLS servername indication (SNI) support (fixes #386, thx Peter Colberg ) * Add SSL Client Certificate verification (#1288) * mod_fastcgi: Fix host->active_procs counter, return 503 if connect wasn't successful after 5 tries (fixes #1825) * mod_accesslog: escape special characters (fixes #1551, thx icy) * fix mod_webdav crash from #1793 (fixes #2084, thx hiroya) * Don't print ssl error if client didn't support TLS SNI * Fix linger close timeout handling, drop timeout to 5 seconds (fixes #2086) * Fix broken return values from int to enum in mod_fastcgi - 1.4.23 - 2009-06-19 * Added some extra warning options in cmake and fix the resulting warnings (unused/static functions) * New lighttpd man page (moved it to section 8) (fixes #1875) * Create rrd file for empty rrdfile in mod_rrdtool (#1788) * Fix workaround for incorrect path info/scriptname if fastcgi prefix is "/" (fixes #729) * Finally removed spawn-fcgi * Allow xattr to overwrite mime type (fixes #1929) * Remove link from errormsg about fastcgi apps (fixes #1942) * Strip trailing dot from "Host:" header * Remove the optional port info from SERVER_NAME (thx Mr_Bond) * Fix mod_proxy RoundRobin (off by one problem if only one backend is up) * Rename configure.in to configure.ac, with small cleanups (fixes #1932) * Add proper SUID bit detection (fixes #416) * Check for regular file in mod_cgi, so we don't try to start directories * Include mmap.h from chunk.h to fix some problems with #define mmap mmap64 (fixes #1923) * Add support for pipe logging for server.errorlog (fixes #296) * Add revision number to package version for svn/git checkouts * Use server.tag for SERVER_SOFTWARE if configured (fixes #357) * Fix trailing zero char in REQUEST_URI after "strip-request-uri" in mod_fastcgi * mod_magnet: Add env["request.remote-ip"] (fixes #1740) * mod_magnet: Add env["request.path-info"] * Change name/version separator back to "/" (affects every place where the version is printed) * Fix bug with FastCGI request id overflow under high load; just use always id 1 as we don't use multiplexing. (thx jgray) * Add some dirlisting enhancements (fixes #1458) * Add option to enable TCP_DEFER_ACCEPT (fixes #1447) * Limit amount of bytes read for one read-event (fixes #1070) * Add evasive.silent option (fixes #1438) * Make mod_extforward headers configurable (fixes #1545) * Add '%_' pattern for complete hostname in mod_evhost (fixes #1737) * Add IPv6 support to mod_proxy (fixes #1537) * mod_ssi printenv: print cgi env, add environment vars to cgi env (fixes #1713) * Fix error message if no auth backend was set * Fix SERVER_NAME port stripping (fixes #1968) * Fix x-sendfile 2gb limiting (fixes #1970) * Fix mod_cgi environment keys mangling (fixes #1969) * Fix workaround for incorrect path info/scriptname if scgi prefix is "/" (fixes #729) * Fix max-age value in mod_expire for 'modification' (fixes #1978) * Fix evasive.silent option (#1438) * Fix mod-fastcgi counters * Modify fastcgi error message * Backup errno for later usage (reported by Guido Reina via mailinglist) * Improve FastCGI performance (fixes #1999) * Workaround broken operating systems: check for trailing '/' in filenames (fixes #1989) * Allow using pcre with cross-compiling (pcre-config got fixed; fixes #1986) * Add "lighty.req_env" table to mod_magnet for setting/getting environment values for cgi (fixes #1967, thx presbrey) * Fix segfault in mod_expire after failed config parsing (fixes #1992) * Add ssi.content-type option (default text/html, fixes #615) * Add support for "real" entropy from /dev/[u]random (fixes #1977) * Adding support for additional chars in LDAP usernames (fixes #1941) * Ignore multiple "If-None-Match" headers (only use first one, fixes #753) * Fix 100% cpu usage if time() < 0 (thx to gaspa and cate, fixes #1964) * Allow max-keep-alive-requests to depend on conditional (fixes #1881) * Make dependency on svnversion/git optional (for devel versionstamp, fixes #2009) - 1.4.22 - 2009-03-07 * Fix wrong lua type for CACHE_MISS/CACHE_HIT in mod_cml (fixes #533) * Fix default vhost in mod_simple_vhost (fixes #1905) * Handle EINTR in mod_rrdtool (fixes #604) * Fix rrd error after graceful restart (fixes #419) * Fix EAGAIN handling for freebsd sendfile (fixes #1913, thx AnMaster for spotting the problem) * Fix segfault in mod_scgi (fixes #1911) * Treat EPIPE as connection-closed error in network_freebsd_sendfile.c (another fix from #1913) * Fix useless redirection of stderr in mod_rrdtool, as it gets redirected to /dev/null later. (fixes #1922) * Fix some problems with more strict compilers (#1923) * Fix segfault if siginfo_t* is NULL in sigaction handler (fixes #1926) - 1.4.21 - 2009-02-16 * Fix base64 decoding in mod_auth (#1757, thx guido) * Fix mod_cgi segfault when bound to unix domain socket (#653) * Do not rely on ioctl FIONREAD (#673) * Now really fix mod auth ldap (#1066) * Fix leaving zombie process with include_shell (#1777) * Removed debian/, openwrt/ and cygwin/; they weren't kept up-to-date, and we decided to remove dist. specific stuff * Try to convert string options to shorts for numeric options in config file; allows to use env-vars for numeric options. (#1159, thx andrewb) * Do not cache default vhost in mod_simple_vhost (#709) * Trust pcre-config, do not check for pcre manually (#1769) * Fix fastcgi authorization in subdirectories with check-local=disabled; don't split pathinfo for authorizer. (#963) * Add possibility to disable methods in mod_compress (#1773) * Fix duplicate connection keep-alive/transfer-encoding headers (#960) * Fixed fix for round-robin in mod_proxy (forgot to increment the index) (#1715) * Fix fastcgi-authorizer handling; Status: 200 is now accepted as the doc requests * Compare address family in inet_ntop_cache * Revert CVE-2008-4359 (#1720) fix "encoding+simplifying urls for rewrite/redirect": too many regressions. * Use FD_CLOEXEC if possible (fixes #1821) * Optimized buffer usage in mod_proxy (fixes #1850) * Fix uninitialized value in time struct after strptime * Do not pass Proxy-Connection: header from client to backend http server in mod_proxy (#1877) * Fix wrong malloc sizes in mod_accesslog (probably nothing bad happened...) (fixes #1855, thx ycheng) * Some small buffer.c fixes (closes #1837) * Remove floating point math from server.c (fixes #1402) * Disable SSLv2 by default * Use/enforce sane max-connection values (fixes #1803) * Allow mod_compress to return 304 (Not Modified); compress ignores the static-file.etags option.(fixes #1884) * Add option to ignore the "Expect: 100-continue" header instead of returning 417 Expectation failed (closes #1017) * Use modified etags in mod_compress (fixes #1800) * Fix max-connection limit handling/100% cpu usage (fixes #1436) * Fix error handling in freebsd-sendfile (fixes #1813) * Silenced the annoying "request timed out" warning, enable with the "debug.log-timeouts" option (fixes #1529) * Allow tabs in header values (fixes #1822) * Added Language conditional (fixes #1119); patch by petar * Fix wrong format strings (#1900, thx stepancheg) - 1.4.20 - 2008-09-30 * Fix mod_compress to compile with old gcc version (#1592) * Fix mod_extforward to compile with old gcc version (#1591) * Update documentation for #1587 * Fix #285 again: read error after SSL_shutdown (thx marton.illes@balabit.com) and clear the error queue before some other calls (CVE-2008-1531) * Fix mod_magnet: enable "request.method" and "request.protocol" in lighty.env (#1308) * Fix segfault for appending matched parts if there was no regex matching (just give empty strings) (#1601) * Use data_response_init in mod_fastcgi x-sendfile handling for response.headers, fix a small "memleak" (#1628) * Don't send empty Server headers (#1620) * Fix conditional interpretation of core options * Enable escaping of % and $ in redirect/rewrite; only two cases changed their behaviour: "%%" => "%", "$$" => "$" * Fix accesslog port (should be port from the connection, not the "server.port") (#1618) * Fix mod_fastcgi prefix matching: match the prefix always against url, not the absolute filepath (regardless of check-local) * Overwrite Content-Type header in mod_dirlisting instead of inserting (#1614), patch by Henrik Holst * Handle EINTR in mod_cgi during write() (#1640) * Allow all http status codes by default; disable body only for 204,205 and 304; generate error pages for 4xx and 5xx (#1639) * Fix mod_magnet to set con->mode = p->id if it generates content, so returning 4xx/5xx doesn't append an error page * Remove lighttpd.spec* from source, fixing all problems with it ;-) * Do not rely on PATH_MAX (POSIX does not require it) (#580) * Disable logging to access.log if filename is an empty string * Implement a clean way to open /dev/null and use it to close stdin/out/err in the needed places (#624) * merge spawn-fcgi changes from trunk (from @2191) * let spawn-fcgi propagate exit code from spawned fcgi application * close connection after redirect in trigger_b4_dl (thx icy) * close connection in mod_magnet if returned status code * fix bug with IPv6 in mod_evasive (#1579) * fix scgi HTTP/1.* status parsing (#1638), found by met@uberstats.com * [tests] fixed system, use foreground daemons and waitpid * [tests] removed pidfile from test system * [tests] fixed tests needing php running (if not running on port 1026, search php in env[PHP] or /usr/bin/php-cgi) * fixed typo in mod_accesslog (#1699) * replaced buffer_{append,copy}_string with the _len variant where possible (#1732) (thx crypt) * case insensitive match for secdownload md5 token (#1710) * Handle only HEAD, GET and POST in mod_dirlisting (same as in staticfile) (#1687) * fixed mod_secdownload problem with unsigned time_t (#1688) * handle EAGAIN and EINTR for freebsd sendfile (#1675) * Use filedescriptor 0 for mod_scgi spawn socket, redirect STDERR to /dev/null (#1716) * fixed round-robin balancing in mod_proxy (#1715) * fixed EINTR handling for waitpid in mod_fastcgi * mod_{fast,s}cgi: overwrite environment variables (#1722) * inserted many con->mode checks; they should prevent two modules to handle the same request if they shouldn't (#631) * fixed url encoding to encode more characters (#266) * allow digits in [s]cgi env vars (#1712) * fixed dropping last character of evhost pattern (#161) * print helpful error message on conditionals in global block (#1550) * decode url before matching in mod_rewrite (#1720) -- (reverted for 1.4.21) * fixed conditional patching of ldap filter (#1564) * Match headers case insensitive in response (removing of X-{Sendfile,LIGHTTPD-*}, catching Date/Server) [2281] * fixed bug with case-insensitive filenames in mod_userdir (#1589), spotted by "anders1" (CVE-2008-4360) * fixed format string bugs in mod_accesslog for SYSLOG * replaced fprintf with log_error_write in fastcgi debug * fixed mem leak in ssi expression parser (#1753), thx Take5k * hide some ssl errors per default, enable them with debug.log-ssl-noise (#397) * do not send content-encoding for 304 (#1754), thx yzlai * fix segfault for stat_cache(fam) calls with relative path (without '/', can be triggered by x-sendfile) (#1750) * fix splitting of auth-ldap filter * workaround ldap connection leak if a ldap connection failed (restarting ldap) * fix auth.backend.ldap.bind-dn/pw problems (only read from global context for temporary ldap reconnects, thx ruskie) * fix memleak in request header parsing (#1774, thx qhy) (CVE-2008-4298) * fix mod_rewrite memleak/endless loop detection (#1775, thx phy - again!) * use decoded url for matching in mod_redirect (#1720) (CVE-2008-4359) -- (reverted for 1.4.21) - 1.4.19 - 2008-03-10 * added support for If-Range: (#1346) * added support for matching $HTTP["scheme"] in configs * fixed initgroups() called after chroot (#1384) * fixed case-sensitive check for Auth-Method (#1456) * execute fcgi app without /bin/sh if used as argument to spawn-fcgi (#1428) * fixed a bug that made /-prefixed extensions being handled also when matching the end of the uri in fcgi,scgi and proxy modules (#1489) * print error if X-LIGHTTPD-send-file cannot be done; reset header Content-Length for send-file. Patches by Stefan Buehler * prevent crash in certain php-fcgi configurations (#841) * add IdleServers and Scoreboard directives in ?auto mode for mod_status (#1507) * open log immediately after daemonizing, fixes SIGPIPEs on startup (#165) * HTTPS env var should be "on" when using mod_extforward and the X-Forwarded-Proto header is set. (#1499) * generate ETag and Last-Modified headers for mod_ssi based on newest modified include (#1491) * support letterhomes in mod_userdir (#1473) * support chained proxies in mod_extforward (#1528) * fixed bogus "cgi died ?" if we kill the CGI process on shutdown * fixed ECONNRESET handling in network-openssl * fixed handling of EAGAIN in network-linux-sendfile (#657) * reset conditional cache (#1164) * create directories in mod_compress (was broken with alias/userdir) (#1027) * fixed out of range access in fd array (#1562, #372) (CVE-2008-0983) * mod_compress should check if the request is already handled, e.g. by fastcgi (#1565) * remove broken workaround for buggy Opera version with ssl/chunked encoding (#285) * generate etag/last-modified header for on-the-fly-compressed files (#1171) * req-method OPTIONS: do not insert default response if request was denied, do not deny OPTIONS by default (#1324) * fixed memory leak on windows (#1347) * fixed building outside of the src dir (#1349) * fixed including of stdint.h/inttypes.h in etag.c (#1413) * do not add Accept-Ranges header if range-request is disabled (#1449) * log the ip of failed auth tries in error.log (enhancement #1544) * fixed RoundRobin in mod_proxy (#516) * check for symlinks after successful pathinfo matching (#1574) * fixed mod-proxy.t to run with a builddir outside of the src dir * do not suppress content on "307 Temporary Redirect" (#1412) * fixed Content-Length header if response body gets removed in connections.c (#1412, part 2) * do not generate a "Content-Length: 0" header for HEAD requests, added test too * remove compress cache file if compression or write failed (#1150) * fixed body handling of status 300 requests * spawn-fcgi: only try to connect to unix socket (not tcp) before spawning (#1575) * fix sending source of cgi script instead of 500 error if fork fails (CVE-2008-1111) * fix min-procs handling in mod_scgi.c, just set to max-procs (patch from #623) * fix sending "408 - Timeout" instead of "410 - Gone" for timedout urls in mod_secdownload (#1440) * workaround #1587: require userdir.path to be set to enable mod_userdir (empty string allowed) (CVE-2008-1270) * make configure checks for --with-pcre, --with-zlib and --with-bzip2 failing if the headers aren't found * fixed handling of waitpid() == EINTR mod_ssi on solaris - 1.4.18 - 2007-09-09 * fixed compile error on IRIX 6.5.x on prctl() (#1333) * fixed forwarding a SIGINT and SIGHUP when using max-workers (#902) * fixed FastCGI header overrun in mod_fastcgi (reported by mattias@secweb.se) * fixed hanging redirects with keep-alive due to missing "Content-Length: 0" headers * fixed crashing when using undefined environment variables in the config * fixed compilation of mod_mysql_vhost on irix (#1341) - 1.4.17 - 2007-08-29 * added dir-listing.set-footer in mod_dirlisting (#1277) * added sending UID and PID for SIGTERM and SIGINT to the logs * fixed hardcoded font-sizes in mod_dirlisting (#1267) * fixed different ETag length on 32/64 platforms (#1279) * fixed compression of files < 128 bytes by disabling compression (#1241) * fixed mysql server reconnects (#518) * fixed disabled keep-alive for dynamic content with HTTP/1.0 (#1166) * fixed crash on mixed EOL sequences in mod_cgi * fixed key compare (#1287) * fixed invalid char in header values (#1286) * fixed invalid "304 Not Modified" on broken timestamps * fixed endless loop on shrunk files with sendfile() on BSD (#1289) * fixed counter overrun in ?auto in mod_status (#909) * fixed too aggressive caching of nested conditionals (#41) * fixed possible overflow in unix-socket path checks on BSD (#713) * fixed extra Content-Length header on 1xx, 204 and 304 (#1002) * fixed handling of duplicate If-Modified-Since to return 304 * fixed extracting status code from NPH scripts (#1125) * fixed prctl() usage (#1310) * removed config-check if passwd files exist (#1188) * fixed crash when etags are disabled but the client sends one (#1322) * fixed crash when freeing the config in mod_alias * fixed server.error-handler-404 breakage from 1.4.16 (#1270) * fixed entering 404-handler from dynamic content (#948) * added more debug infos for FAM based stat-cache * use more LSB like paths in the sample config (#1242) - 1.4.16 - 2007-07-25 * added static-file.etags, etag.use-inode, etag.use-mtime, etag.use-size to customize the generation of ETags for static files. (#1209) (patch by ) * fixed typecast of NULL on execl() (#1235) (patch by F. Denis) * fixed circumventing url.access-deny by trailing slash (#1230) * fixed crash on duplicate headers with trailing WS (#1232) * fixed accepting more connections then requested (#1216) * fixed mem-leak in mod_auth (reported by Stefan Esser) * fixed crash with md5-sess and cnonce not set in mod_auth (reported by Stefan Esser) * fixed missing check for base64 encoded string in mod_auth and Basic auth (reported by Stefan Esser) * fixed possible crash in Auth-Digest header parser on trailing WS in mod_auth (reported by Stefan Esser) * fixed check on stale errno values, which broke handling of broken fastcgi applications. (#1245) * fixed crash on 32bit archs when debug-msgs are printed in mod_scgi, mod_fastcgi and mod_webdav (#1263) - 1.4.15 - 2007-04-13 * fixed broken Set-Cookie headers - 1.4.14 - 2007-04-13 * fix crash if gethostbyaddr() failed on redirect [1718] * properly handle 206 responses generated by *cgi scripts. (#755) [1716] * added HTTPS=on to the environment of cgi scripts (#861) [1684] * fix handling of 303 (#1045) [1678] * made the configure check for lua more portable [1677] * added mod_extforward module [1665] * references to the fam stat cache engine should be conditional (#1039) [1664] * fix http 500 errors (colin.stephen/at/o2.com) #1041 [1663] * prevent wrong pidfile unlinking on graceful restart (Chris Webb) [1656] * ignore empty packets from STDERR stream. #998 * fix a crash for files with an mtime of 0 reported by cubiq on irc [1519] CVE-2007-1870 * allow empty passwords with ldap (Jörg Sonnenberger) [1516] * mod_scgi.c segfault fix #964 [1501] * Added round-robin support to mod_fastcgi [1500] * Handle DragonFlyBSD the same way as Freebsd (Jörg Sonnenberger) [1492,1676] * added now and weeks support to mod_expire. #943 * fix cpu hog in certain requests [1473] CVE-2007-1869 * fix for handling hostnames with trailing dot [1406] * fixed header-injection via server.tag (#1106) * disabled caching of files without a content-type to solve the aggressive caching of FF * remove trailing white-spaces from HTTP-requests before parsing (#1098) * fixed accesslog.use-syslog in a conditional and the caching of the accesslog for files (fixes #1064) * fixed various crashes at startup on broken accesslog.format strings (#1000) * fixed handling of %% in accesslog.format * fixed conditional dir-listing.exclude (#930) * reduced default PATH_MAX to 255 (#826) * ECONNABORTED is not known on cygwin (#863) * fixed crash on url.redirect and url.rewrite if %0 is used in a global context (#800) * fixed possible crash in debug-message in mod_extforward * fixed compilation of mod_extforward on glibc < 2.3.4 * fixed include of empty in the configfiles (#1076) * send SIGUSR1 to fastcgi children before SIGTERM. libfcgi wants SIGUSR1. (#737) * fixed missing AUTH_TYPE entry in the fastcgi environment. (#889) * fixed compilation in network_writev.c on MacOS X 10.3.9 (#903) * added kill-signal as another setting for fastcgi backends. See the wiki for more. - 1.4.13 - 2006-10-09 * added initgroups in spawn-fcgi (#871) * added apr1 support htpasswd in mod-auth (#870) * added lighty.stat() to mod_magnet * fixed segfault in split CRLF CRLF sequences (introduced in 1.4.12) (#876) * fixed compilation of LOCK support in mod-webdav * fixed fragments in request-URLs (#869) * fixed pkg-config check for lua5.1 on debian * fixed Content-Length = 0 on HEAD requests without a known Content-Length (#119) * fixed mkdir() forcing 0700 (#884) * fixed writev() on FreeBSD 4.x and older (#875) * removed warning about a 404-error-handler returned 404 * backported and fixed the buildsystem changes for webdav locks * fixed plugin loading so we can finally load lua extensions in mod_magnet scripts * fixed large uploads if xattr is enabled - 1.4.12 - 2006-09-23 * added experimental LOCK support for webdav * added Content-Range support for PUT in webdav * added support for += on empty arrays in config-files * added ssl.cipher-list and ssl.use-sslv2 * added $HTTP["querystring"] conditional * added mod_magnet as long-term replacement for mod_cml * added work-around for a Opera Bug with SSL + Chunked-Encoding * changed --print-config to print to stdout instead of stderr * changed no longer use 0600 for new files with webdav. umask is honored. Make sure you have set a proper umask. * fixed upload hangs with SSL * fixed connection drops with SSL (aka bad retry) * fixed path traversal with \ on cygwin * fixed mem-leak in mod_flv_streaming * fixed required trailing newline in configfiles (#142) * fixed quoting the autoconf files (#466) * fixed empty Host: + $HTTP["host"] handling (#458) * fixed handling of If-Modified-Since if ETag is not set * fixed default-shell if SHELL is not set (#441) * fixed appending and assigning of env.* vars * fixed empty FCGI_STDERR packets * fixed conditional server.allow-http-11 * fixed handling of follow-symlink + lstat() * fixed SIGHUP handling if max-workers is used * fixed "Software caused connection abort" messages on FreeBSD - 1.4.11 - 2006-03-09 * added ability to specify which ip address spawn-fci listens on (agkr/at/pobox.com) * added mod_flv_streaming to streaming Flash Movies efficiently * fixed handling of error codes returned by mod_dav_svn behind a mod_proxy * fixed error-messages in mod_auth and mod_fastcgi * fixed re-enabling overloaded local fastcgi backends * fixed handling of deleted files in linux-sendfile * fixed compilation on BSD and MacOSX * fixed $SERVER["socket"] on a already bound socket * fixed local source retrieval on windows (secunia) * fixed hanging cgi if remote side is dying while reading from the pipe (sandy/at/meebo.com) - 1.4.10 - 2006-02-08 * added docs for mod_dirlisting * added fastcgi.map-extensions to mod_fastcgi * fixed load balancing for mod_fastcgi * fixed extra newline for syslog() in mod_accesslog * fixed user-track cookie for IE in mod_usertrack * fixed crash in digest handling in mod_auth * fixed handling of 301 response-bodies from a mod_proxy backend * fixed loading of base modules if server.modules is not set * fixed broken cgi if mod_scgi is loaded - 1.4.9 - 2006-01-14 * added server.core-files option (sandy ) * added docs for mod_status * added mod_evasive to limit the number of connections by IP () * added the power-magnet to mod_cml * added internal statistics to mod_fastcgi * added server.statistics-url to get internal statistics from mod_status * added support for conditional range-requests through If-Range * added static building via scons * fixed 100% cpu loops in mod_cgi ("sandy" ) * fixed handling for secure-download.timeout (jamis/at/37signals.com) * fixed IE bug in content-charset in the output of mod_dirlisting (sniper/at/php.net) * fixed typos and language in the docs (ryan-2005/at/ryandesign.com) * fixed assertion in mod_cgi on HEAD request is Content-Length () * fixed handling if equal but duplicate If-Modified-Since request headers * fixed endless loops in mod_fastcgi if backend is dead * fixed Depth: 1 handling in PROPFIND requests on empty dirs * fixed encoding of UTF8 encoded dirlistings (Jani Taskinen ) * fixed initial bind to a unix-domain socket through server.bind * fixed handling of lowercase filesystems * fixed duplicate request headers cause by mod_setenv - 1.4.8 - 2005-11-23 * added auto-reconnect to ldap-server in mod_auth (joerg/at/netbsd.org) * changed auth.ldap-cafile to be optional (joerg/at/netbsd.org) * added strip_request_uri in mod_fastcgi * added more X-* headers to mod_proxy (Ben Grimm ) * added 'debug' to simple-vhost to suppress the (mod_simple_vhost.c.157) No such file or directory /servers/ww.lighttpd.net/pages/ messages by default * added support to let the server listen on UNIX-socket * changed default stat-cache-engine to 'simple' * removed debian/ dir from source package on request by packager * fixed max-age timestamps in mod_expire * fixed encoding the filenames in PROPFIND in mod_webdav * fixed range request handling in network_writev * fixed retry on connect error in mod_fastcgi (Robert G. Jakabosky ) * fixed possible crash in mod_webdav if sqlite3 support is available but not use * fixed fdvent-handler init if server.max-worker was used (Siddharth Vijayakrishnan ) * fixed missing cleanup in mysql_vhost * fixed assert() in "connections.c:962: connection_handle_read_state: Assertion 'c->mem->used' failed." * fixed 64bit issue in md5 * fixed crash in mod_status * fixed duplicate headers in mod_proxy * fixed Content-Length in HEAD request in mod_proxy * fixed unsigned/signed comparisons * fixed streaming in mod_cgi * fixed possible overflow in password-salt handling (reported on slashdot by james-web/at/and.org) * fixed server-traffic-limit if connection limit is not set - 1.4.7 - 2005-11-02 * added FD_CLOEXEC to fds which are kept open for a longer time * added smaller, moving mmaped windows to network_writev * added madvise() to instruct the kernel the do proper read-ahead in network_writev * added support for %I in mod_accesslog * added better compat to Apache for ?auto in mod_status * added support for userdirs without a entry in /etc/passwd in mod_userdir (rob/at/inversepath.com) * added startup-time selectable network-backend * added location of upload-files to config as array * added webdav.log-xml for logging xml-content in mod_webdav * added Cache-Control: max-age to mod_expire * workaround missing client-bug by assuming we received a close-notify on non-keep-alive requests in SSL request * disabled kerberos5 support by default to fix compilation on RHEL * fixed order of library checks to fix compilation on Solaris 9 * fixed open file-descriptors on read-error * fixed crash if /var/tmp is not writable - 1.4.6 - 2005-10-09 * fixed compilation on MacOS X and cygwin * fixed compressed output if caching was disabled (seen in IE and Opera) * fixed range-request option * fixed mysql-vhost module (was broken in 1.4.5) * fixed false positive in the detection of case-insensitive FS - 1.4.5 - 2005-10-02 * added all DeltaV methods as known methods * added buffer-to-disk of request content * added warning for unused variables in conditionals * added global index-generators to mod_indexfile * fixed caching for remote-ip conditionals with keep-alive * fixed redirects with content * fixed infinite loop in exec-cmd in mod_ssi * fixed segfault in config handling for mod_mysql_vhost * fixed segfault on FIFOs/Sockets * fixed possible crash on uninit memory if If-Modified-Since was too long * fixed accounting of mem-chunks * fixed starving of connections on high load * fixed crc errors in mod_compress on 64bit platforms * fixed handling of overlapping fastcgi packets (bug added in 1.4.4) * fixed logic of conditionals if a header was not set * fixed a segfault in mod_rewrite if %1 references were used * fixed handling of empty request URIs in HTTP requests - 1.4.4 - 2005-09-16 * added support for %V in mod_accesslog * added a option for a FastCGI responder to send static files * added md5 and blowfish hashes to htpasswd * fixed METHOD in mod_accesslog of WebDAV methods * fixed check for permission before files in sent * fixed mod-proxy and content for non-POST requests * fixed compilation of mod_cml on MacOS X * fixed SSL errmsg after accept() * fixed memleak in stat-cache * fixed aborted connections if file was moved while in transfer * fixed mem-usage for large FastCGI transfers - 1.4.3 - 2005-09-01 * added graceful shutdown * added server.max-connections * fixed compilation on all BSD platforms * fixed init of kqueue and /dev/poll after daemonize * fixed segfault if select() is event-handler and more than FD_SETSIZE fds are opened * fixed compilation of mod_cml * fixed bin-copy-env in mod_fastcgi - 1.4.2 - 2005-08-29 * fixed mimetype detection on uppercase extensions * fixed memleak in stat-cache * fixed infinite loop in mod_cgi * fixed alignment crashes on sparc64 and alpha64 * fixed test system for gentoo ebuild * fixed infinite loop in SSL * fixed range request for files > 2Gb - 1.4.1 - 2005-08-22 * added a complete Class 1 compliant mod_webdav * fixed ssl support (especially on OpenBSD) * fixed response header in body problem in mod_cgi * fixed numbers before body problem * fixed compilation on Solaris and FreeBSD * fixed conditional options in mod_dirlisting * fixed segfault in mod_dirlisting for NFS directories * fixed check for docroot in change-root environments - 1.4.0 - 2005-08-17 * added nested conditionals * added remote-ip to $HTTP * added support for stat-cache via FAM * added a read-only WebDAV module * fixed cleanup in mod_proxy and mod_fastcgi * fixed handling of filenames on case-insensitive filesystems - 1.3.16 - 2005-07-31 * added Date: headers to dynamic HTTP/1.0 requests * added support for OPTION * HTTP/1.1 * added support for accesslog to syslog * added support for PATH_INFO guessing if check-local is disabled in mod_fastcgi * added switch to disable range-requests * added valid-user option for mod_auth (tigger at gentoo.org) * added JavaScript based sorting to mod_status (erik) * added selective TCP_CORK (Christian von Roques) * break up endless loops with Status: 500 * fixed endless loops in mod_rewrite * mapped url.rewrite and url.rewrite-final to uri.rewrite-once * fixed compilation for mod_trigger_b4_dl * fixed 'can't reach host' in mod_proxy * error-handler-404 defaults to Status: 200 and static files work now - 1.3.15 - 2005-07-15 * added mod_cml * added mod_trigger_b4_dl * added encoding to mod_dirlisting * added ?auto to mod_status * relaxed handling of characters in URIs even more * fixed detection of sendfile() on Linux 2.4.x * fixed comparison of buffers for short strings * server.errorfile-prefix is now conditional * fixed mod_rrdtool to close STDERR - 1.3.14 - 2005-06-15 * added SCGI support via mod_scgi * added hash-based and round-robin load balancing to mod_proxy * fixed range requests larger than 2Gb * fixed compilation on Solaris * fixed endless loops in mod_fastcgi, mod_cgi and mod_proxy * fixed handling of URIs for '+' and characters > 127 - 1.3.13 - 2005-03-06 * added customizable directory listings * fixed compile error on all BSD unixes * fixed PATHINFO handling for FastCGI * fixed handling of remote-close on FreeBSD and OpenSSL - 1.3.12 - 2005-03-02 * added ssl.ca-file * added support for \n\n as terminator * rewrote test-framework and added more tests * fixed cgi.assign with empty handler * fixed segfault in debug-code * fixed mod_expire if modification-timestamps are used * fixed segfault on duplication Host-headers * fixed endless loop in mod_fastcgi * fixed handling of dead fastcgi-processes - 1.3.11 - 2005-02-20 * added REMOTE_PORT and SERVER_ADDR to CGI-env * relaxed handling of newlines before keep-alive requests * relaxed uri-parser again * fixed PHP_SELF for php * fixed compilation on MacOS X * fixed handling of EPIPE and ECONNRESET * fixed crash in mod_auth if config-options are missing * fixed handling of missing trailing / in mod_userdir * fixed conditional secdownload.secret * fixed REPORT ME error due to failed reconnects in mod_fastcgi * fixed cmdline handling in mod_fastcgi - 1.3.10 - 2005-02-06 * added support for full commandline in spawn-fcgi * fixed missing check for IP-address in mod_fastcgi * fixed compile error with openssl in mod_fastcgi * removed a debug-message from network-functions - 1.3.9 - 2005-02-06 * added a stricter URI parser * added a check to the CGI spawner if the cgi-handler exists * added documentation for SSL and mod_status * added handling of startup environment to FastCGI * improved performance in FastCGI in buildind the FastCGI header * fixed min-procs and max-procs in FastCGI on PowerPC * fixed crash in setenv.add-response-header * fixed handling of nph-scripts in CGI * fixed accidentally sending out physical file in CGI on error * fixed cygwin support * fixed handling of missing files * fixed HEAD requests for dynamic requests - 1.3.8 - 2005-01-30 * added traffic shaping by remote host and virtual server * added auto-spawning of FastCGI process on demand * added virtual host based on MySQL * added mod_setenv to add environment and http headers on the fly * added support for syslog in mod_accesslog * improved output of mod_status * improved debug output in request handling * fixed build problems on netbsd 1.4.x and 1.5.x * fixed status.url configuration * fixed handling of != and !~ in configutation * fixed special cases in keep-alive handling * fixed timeout handling in handling POST requests * fixed mode AUTHORIZER in FastCGI * fixed handling if internal redirects if no Host: is supplied * fixed mod_alias + pathinfo * fixed directory indexes and permissions * enabled sending errorlog to syslog again - 1.3.7 - 2004-12-11 * added retries for a fastcgi connect if a php-childs dies at startup * update the debian directory * added setgroups() to drop all group-privs * added native port to windows via mingw32 * added server.tag = '...' * added support for ${...} in mod_ssi * ported all plugins to conditional support * fixed multipart handling in cgi * fixed kqueue event-handler * fixed wrap-around in mod_status * fixed crash with SSL + FastCGI * fixed detection of SSL headers * fixed handling of dangling SSL_shutdown * fixed detection of keep-alive of Firefox - 1.3.6 - 2004-11-03 * added spawn-fcgi to the distribution * added support in fastcgi module to spawn fastcgi processes itself * fixed logfile cycling if external logging is used * fixed connection handling in fastcgi if no chunk encoding is used * fixed internal redirects on directories if a query string is supplied * fixed cgi-module for POST request above 4k * fixed mod_alias and follow-symlink - 1.3.5 - 2004-10-31 * added mod_alias * added mod_userdir * added the exec command to the SSI handler * added a switch to disable follow-symlinks * added a switch to disable IPv6 at compile-time * fixed compilation on FreeBSD and NetBSD 1.3.x * fixed segfault in pipelining * fixed a segfault in writev() handler if LFS is used - 1.3.4 - 2004-10-24 * added limiter for open files * added logging of user supplied data to accesslogs * added build target for OpenWRT * added plain backend support for auth-digest * fixed handling the external accesslog processes * fixed SERVER_NAME in CGI and FastCGI - 1.3.3 - 2004-10-16 * added support for NL terminators in CGI-scripts * added support for conditionals in mod_auth, mod_simple_vhost and mod_evhost * added a error-handler for 404 codes * fixed request counter in the rrdtool module * fixed log-file cycling * fixed seg-fault - 1.3.2 - 2004-09-30 * fixed file-cache - 1.3.1 - 2004-09-30 * fixed file-cache * fixed parsing of IPv6 addresses * fixed cgi for cygwin * fixed test-suite for FreeBSD and IRIX * fixed handling of shrunken files * fixed handling of REQUEST_URI after rewrite - 1.3.0 - 2004-09-17 * added build for MacOS X and Cygwin * added handling of more than one socket * added config-conditions for User-Agent and Referer * added final rewrite-rules - 1.2.8 - 2004-09-11 * added a cache for mimetypes * added X-Forwarded-For for mod_proxy * fixed handling of comments in If-Modified-Since * fixed error handling in FastCGI code * fixed expire plugin for second Expire header - 1.2.7 - 2004-09-04 * added mod_rrdtool for internal statistics * added xattr support * added user-controlable timeouts * improved documentation for many plugins * fixed POST requests for mod_proxy * fixed rare hang with CGI * fixed seg-fault if no configfile is specified * fixed rare problem in FastCGI header generation - 1.2.6 - 2004-08-26 * added apache-like accesslog definition * enabled timestamp cache again * improved performance in the string compare functions * fixed double-free in fastcgi handler * fixed error-handling in cgi handler - 1.2.5 - 2004-08-10 * added skeleton for solaris 10 port-API * added compression support even if no cachedir is set * added conditional configoptions * fixed compilation on OpenBSD * fixed kqueue support * fixed pipelining bug * fixed parallel build (triggered by Gentoo) * updated debian postinst - 1.2.4 - 2004-07-31 * added kqueue support * added server-side includes (mod_ssi) * fixed large post uploads in fastcgi * fixed rt-signals handling of delayed events - 1.2.3 - 2004-07-10 * added a proxy module for Java and friends * added support to pass accesslog through an external program * added mimetypes for text/css and text/javascript * fixed index-files for FastCGI if webserver is in chroot * fixed error messages of CGI process fails to exec() * fixed detection of pcre on IRIX and FreeBSD * fixed timestamps in Last-Modified checks * fixed 64bit builds * fixed mmap-caching of large files * relaxed the HTTP parser on empty headerfields - 1.2.2 - 2004-06-15 * added support for unix domain sockets in FastCGI * fixed mmap caching * fixed compile-time check for linux sendfile() * fixed check for pcre.h on Fedora Core 2 - 1.2.1 - 2004-05-30 * added experimental support for AIX send_file() * added an mmap cache to the filehandle cache * enabled FreeBSD sendfile support again * added support for calling CGI binaries directly * fixed pipelining for POST requests * fixed some seg-faults if no configfile is used - 1.2.0 - 2004-05-17 * added conforming Expect: handling * added a module for secure and fast downloading * rewrote the event handling interface * fixed array handling which might lead to 'missing header' * fixed pipelining support * fixed build of the localizer extension * fixed cgi handling for headers which are flushed to often * fixed compilation on Solaris 2.5 - 1.1.9 - 2004-04-29 * added AUTHORIZER mode to the FastCGI module * added 'check-local' option to disable local stat() in the FastCGI module * added prefix-notation for FastCGI module * added 'mod_usertrack' * improved CGI/FastCGI spec conformance * more code cleanup * fixed HTTP/1.1 chunk headers * fixed POST handling * fixed SSL network handler * fixed writev() network handler - 1.1.8 - 2004-04-16 * code cleanup * limiting the size of the request-body and the request-header * minor speed improvements * tightend the HTTP-Parser again - 1.1.7 - 2004-04-12 * added REMOTE_USER to the Server->FastCGI parameters * added bzip2 compression * improved the error-messages from the new configfile parser * fixed accesslog writing for erroneous requests * fixed LFS (64bit filesizes) handling * fixed Content-Length for HEAD requests * fixed some memory leaks in the configfile parser - 1.1.6 - 2004-04-10 * tightend the HTTP-Parser * rewrote the configfile parser (based on lemon) * fixed openssl support * fixed mmap+write support * use localtime in accesslog if possible - 1.1.5 - 2004-04-07 * added ldap backend to the auth * added a mod_expire * added debian packaging structure * merged redhat and suse spec-file * fixed eventhandler for solaris * fixed 64bit fileoffsets * fixed permissions of the PID-file - 1.1.4 - 2004-04-04 * added server.pid-file * added support for solaris /dev/poll and solaris sendfilev() * added support for writev() * added PATHINFO support (again) * fixed CLF logfile writing - 1.1.3 - 2004-03-25 * set default event-handler to 'poll' * fixed logcycling in chroot() * fixed hostname detection * added syslog() as fallback for error-logging - 1.1.2 - 2004-03-22 * added a "docroot" setting for fastcgi processes * performance improvements * improved configure script * rewrote the fastcgi config parser * added a rc-script for RedHat * added epoll() support for Linux 2.6.x - 1.1.1 - 2004-03-15 * added localizer module * performance improvements * code cleanup - 1.1.0 - 2004-03-06 * changed some configuration keys for better readability * moved the virtual-host code to mod_simple_vhost * added enhanced virtual host plugin from Christian Kruse * added two new auth-backends (htpasswd, htdigest) * fixed and improved authentication * stricter parsing of the Host: field * added a warning for unused configuration keys * improved FastCGI documentation - 1.0.3 - 2004-02-13 * a startup script has been added (LSB compliant) * HEAD requests were submitting the content like a GET request * the virtual directory listing got a face-lifting and fixes * request-headers are now handled case-in-sensitive as required by the standard. this fixes POST requests for w3m and some Proxies. - 1.0.2 - 2004-02-07 * rearrangement of the default configfile * some updates in the documentation * a entry in the error-log for a 404 * stdout is no longer the default for the accesslog