lighttpd 1.4.x https://www.lighttpd.net/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

2397 lines
122 KiB

====
NEWS
====
3 years ago
- 1.4.55 - 2020-01-31
* [core] fix compile error on Solaris (fixes #2959)
* [core] __attribute_pure__
* [core] array-specialized buffer_caseless_compare()
* [core] specialized buffer_eq_*() for short strings
* [core] mark some more funcs w/ __attribute_pure__
* [core] use buffer_eq_icase* funcs
* [multiple] replace strcasecmp() on short strings
* [core] mark some more funcs w/ __attribute_pure__
* [mod_webdav] fix startup crash w/ multiple conds (fixes #2958)
* [core] cold func http_response_omit_header()
* [core] use buffer_eq_icase_ssn func
* [core] use buffer_eq_icase_ssn func
* [core] correct __attribute_pure__ syntax
* [core] allocate unix socket paths with SUN_LEN()+1 (fixes #2962)
* Use explicit_memset from NetBSD if available for safe_memclear (fixes #2971)
* Also use explicit_memset (NetBSD) with cmake, scons and meson
* [cmake]: enable CMAKE_POSITION_INDEPENDENT_CODE by default
* [core] improve http_headers[] data struct packing
* [core] fdevent_poll() is effective periodic timer
* [core] move con state handling to connections*.c
* [core] issue config error for invalid ':' (fixes #2980)
* [mod_deflate] fix choose encoding parse error (fixes #2981)
* [core] retry on some fdevent set/del temporary err
* [core] disable stat_cache FAM if FAM conn closed
* [mod_auth] http_auth_const_time_memeq improvement
* [build] prefer pkg-config for postgres (fixes #2965)
* [mod_authn_gssapi] 500 if fail to delegate creds (#2967)
* [mod_authn_gssapi] option to store delegated creds (fixes #2967)
* [mod_webdav] fix file uploads > 128M (fixes #2970)
* [mod_auth] do not use quoted-string for algorithm
* [mod_auth] require digest uri= match original URI
* [mod_auth] Authentication-Info: nextnonce=...
* [mod_auth] http_auth_const_time_memeq_pad()
* [mod_auth] http_auth_const_time_memeq() (#2975, #2976)
* [build] PGSQL_CFLAGS with pkg-config for postgres (#2965)
* [build] PGSQL_CFLAGS with pkg-config for postgres (#2965)
* [core] avoid freeaddrinfo() on NULL ptr (fixes #2984)
* [core] reject WS following header field-name (fixes #2985)
* [core] reject Transfer-Encoding + Content-Length (#2985)
* [mod_openssl] reject invalid ALPN
* [mod_accesslog] parse multiple cookies (fixes #2986)
* [core] Oracle Solaris does not have POLLRDHUP
* [multiple] address coverity warnings
* [core] preserve %2b and %2B in query string (fixes #2999)
* [core] fall back to accept() if accept4() EPERM (fixes #2998)
* [mod_auth] close connection after bad password
* [core] do not accept() > server.max-connections
* [core] save errno before logging if execve() fails
* [config] update /var/run -> /run for systemd
* [core] Solaris has getloadavg in sys/loadavg.h
* [build] Fix build when using nested CMake
* [core] fix one-byte OOB read (underflow)
3 years ago
- 1.4.54 - 2019-05-27
* [mod_evhost] handle IPv6 literal addr; add tests
* [core] separate server_main_loop() func, mark hot
* [core] mark startup/shutdown funcs cold
* [core] some server_main_loop() cleanup
* [core] fdevent_process()
* [core] srv->max_fds_lowat and srv->max_fds_hiwat
* [core] remove server.h
* [mod_staticfile] search ext array if not empty
* [core] store joblist pointer on stack
* [core] quickly clear request buffer for reuse
* [core] helper funcs for connection_state_machine()
* [core] perf: optimize connection_read_header()
* [core] parse request in connection_read_header()
* [core] log_request_header_on_error in one place
* [core] copy request only if might need for logging
* [core] make parse_request,request.request same buf
* [core] prefer buffer_caseless_compare()
* [core] pass req hdrs buffer to http_request_parse
* [core] replace con->response.keep_alive
* [core] mark log_error_write*() funcs cold
* [core] http_request_parse() mark error paths cold
* [core] lift code out of request line parse loop
* [core] get_http_method_key() match by strlen first
* [core] RFC7230 HTTP-version parse
* [mod_accesslog] attempt to reconstruct req line
* [multiple] minor: remove duplicated conditions
* [mod_deflate] honor request for x-gzip, x-bzip2
* [mod_auth] minor: adjust config validation
* [core] discard oversized trailers
* [core] no keep-alive if POLLRDHUP,empty read queue
* [core] fix gw_backend spelling of directive in err
* [multiple] reduce code dup in list resizing
* [core] con->is_ssl_sock
* [core] connection_handle_write() updates con state
* [core] skip plugins_call_cleanup if not init'ed
* [core] simpler loops to run plugin hooks
* [core] fix mixed use of srv->split_vals array (fixes #2932)
* [core] dispatch events from within event framework
* [core] don't call fd event handlers more than once, they might already be gone (fixes segfault)
* [core] poll: fdarray uses fd as index, not fde_ndx
* [core] map FDEVENT_* to OS system event frameworks
* [core] prefer memchr() over strchr()
* [core] use openssl to read,discard request body
* [mod_openssl] inherit cipherlist from global scope
* [mod_openssl] default: ssl.cipher-list = "HIGH"
* [mod_proxy] pass Content-Length to backend if > 0
* [core] config option to allow GET w/ request body
* [core] some fdevent code streamlining
* [core] remove fde_ndx member outside fdevents
* [core] remove redundant check for allow_http11
* [mod_openssl] use 16k static buffer instead of 64k
* [core] pull server load checks out of main loop
* [core] isolate fdevent processing
* [core] release empty chunk buf when nothing read
* [core] perf: pass (fdnode *) to epoll and kqueue
* [core] modify config parser to handle multiple }
* [core] pass (fdnode *) for registered fdevent fd
* [mod_auth] http_auth_digest_hex2bin()
* [mod_auth] http_auth_info_t digest abstraction
* [mod_auth] pass http_auth_require_t for 401 Unauth
* [core] no SOCK_NONBLOCK on QNX 7.0
* [mod_auth] HTTP Auth Digest algorithm=SHA-256
* [core] silence coverity warning
* [mod_magnet] fix invalid script return-type crash (fixes #2938)
* [build] remove -Wdeclaration-after-statement
* [core] pass conf.follow_symlink in more places
* [core] fix assertion with server.error-handler (fixes #2941)
* [core] extend dir redirection to take HTTP status
* [doc] minor adjust create-mime.conf.pl regex match (#2942)
* [core] __attribute__((fallthrough)) for GCC 7.0
* [core] fdevent_mkstemp_append() (shared)
* [core] off_t upload_temp_file_size
* [core] clear FDEVENT_RDHUP if no POLLRDHUP
* [mod_wstunnel] fix ping-interval for big-endian (fixes #2944)
* [core] fix abort in http-parseopts (fixes #2945)
* [core] remove repeated slashes in http-parseopts
* [core] fix 1.4.52 regression in mem use with POST (fixes #2948)
* [multiple] cleaner calloc use in SETDEFAULTS_FUNC
* [core] add const to some etag prototypes
* [core] __attribute__((format ...))
* [core] struct log_error_st for error logging
* [core] log_error, log_perror using printf-like fmt
* [core] new worker_init hook to follow parent fork
* [core] replace open() with fdevent_open_cloexec()
* [mod_webdav] major rewrite (fixes #1818)
* [core] 200 for OPTIONS /non-existent/path HTTP/1.1 (fixes #2939)
* [mod_webdav] surround Lock-Token with "<...>"
* [mod_webdav] fix uuid detection macro
* [mod_webdav] fix misbehavior on blank nodes in PROPPATCH
* [mod_webdav] clean up resources after do{}while(0)
* [mod_webdav] check If-Match, If-Unmodified-Since (#1818)
* [mod_webdav] deprecated unsafe partial PUT compat
* [mod_webdav] provide ETag in more responses
* [mod_webdav] platform portability fixes
* [mod_webdav] disable elftc_copyfile() on FreeBSD
* [mod_webdav] special-case If: (<DAV:no-lock>)
* [mod_webdav] check If-None-Match (#1818)
* [stat_cache] separate func for symlink policy chk
* [stat_cache] separate symlink pol from data struct
* [stat_cache] store entries without trailing slash
* [stat_cache] pass age param for stat cache cleanup
* [stat_cache] remove splaytree ins/del debug code
* [stat_cache] FAM: reduce string copying
* [stat_cache] FAM: check FAMNextEvent() return code
* [stat_cache] FAM: use entry hash index as userdata
* [stat_cache] FAM: improve handling modified file
* [stat_cache] FAM: ignore follow-symlink config
* [stat_cache] FAM: check hash collision before add
* [stat_cache] FAM: ignore event with no valid match
* [stat_cache] FAM: funcs to invalidate entries
* [stat_cache] interfaces to invalidate entries
* [mod_webdav] update stat_cache after file mod
* [core] use high precision stat timestamp in etag
* [scons] adjustment for static build under CentOS
* [core] emit trace using path before clearing path
* [core] http_chunk_append_file_fd()
* [multiple] open target file earlier in some cases
* [stat_cache] no longer stat() and open() for stat
* [stat_cache] FAM: improve monitoring, cache 16 sec
* [stat_cache] FAM: separate routine for FDEVENT_IN
* [stat_cache] FAM: whitespace-only change
* [mod_webdav] quiet coverity warnings
* [doc] highlight relevance of module load order (fixes #2946)
* [core] behavior change: stricter URL normalization
* [stat_cache] fix compilation error for cmake
* [cmake] help cmake on FreeBSD find sys/event.h
* [scons] help scons on FreeBSD find sys/event.h
* [build] detect FreeBSD elftc_copyfile()
* [mod_openssl] use SSL_CTX_set_client_hello_cb()
* [core] support weak etags with If-None-Match
* [core] store log_state_handling flag on stack
* [core] check if splay_tree NULL before invalidate
* [mod_webdav] workaround Microsoft-WebDAV-MiniRedir
* [mod_webdav] doc Microsoft-WebDAV-MiniRedir bugs
* [mod_webdav] invalidate parent dir in stat_cache
* [doc] systemd socket activation config example
* [core] chunkqueue perf: code reuse
* [core] chunkqueue perf: specialized buffer.h funcs
* [core] chunkqueue perf: skip opening 0-length file
* [core] chunkqueue perf: read small files into mem
* [core] buffer_reset() should not be passed NULL
* [tests] has_feature() helper func
* [tests] skip mod-secdownload HMAC-SHA1,HMAC-SHA256
* [core] use high precision stat timestamp on OS X
* [mod_magnet] expose server addr (local IP) to lua
* [core] adjust http_chunk read() retry loop
* [mod_maxminddb] MaxMind GeoIP2 support
* [mod_authn_ldap] ldap_set_option LDAP_OPT_RESTART (fixes #2940)
4 years ago
- 1.4.53 - 2019-01-27
* [mod_cml,mod_flv_streaming] fix NULL ptr deref
* [mod_simple_vhost] t/test_mod_simple_vhost
* [mod_evhost] split uri handler func for testing
* [mod_evhost] restructure for unit tests
* [mod_evhost] t/test_mod_evhost
* [mod_access] restructure for unit tests
* [mod_access] t/test_mod_access
* [tests] include first.h and NDEBUG early
* [core] use kill_signal for gw_proc_kill()
* [tests] t/test_keyvalue
* [tests] some test config cleanup
* [tests] update skip count in mod-fastcgi.t
* [multiple] reduce initial buffer sz if large POST (fixes #2922)
* [mod_fastcgi] fix NULL ptr deref from bugfix #2922 (fixes #2923)
* [tests] more test config cleanup
* [core] perf: incremental hash of pathname w/o copy
* [core] perf: reuse buffer to redirect to directory
* [core] do not free() reused buffer
* [core] use connected sock port in dir redirect
* [core] http_response_buffer_append_authority()
* [core] use con->server_name for dir redir
* [core] memeq compare rounded to 64, not next 1M
* [core] define MD5_DIGEST_LENGTH 16
* [mod_auth] permit additional auth backends to load
* [core] send Connection: close if reqbody not read (fixes #2924)
* [core] cache rev DNS for localhost for dir redir
* [doc/conf] resolve some mime type conflicts from debian buster, regenerate mime.conf
* [core] move winsock init to network_init()
* [core] move /dev/stdin graceful restart handling
* [core] network_srv_sockets_append() shared code
* [core] systemd socket activation support
* [build] autotools: try mysqlclient.pc and mariadb.pc (fixes #2925)
* [mod_expire] look up expire fallback "" explicitly
* [multiple] calloc match ptr type (clang --analyze)
* [multiple] quiet clang --analyze where trivial
* [mod_webdav] compare COPY, MOVE Destination scheme
* [core] con->uri.scheme is maintained lowercase
* [mod_openssl] ALPN and acme-tls/1 (fixes #2931)
* [core] Fix recursive include_shell invocations
* [mod_openssl] ssl.privkey directive (optional)
4 years ago
- 1.4.52 - 2018-11-28
* [mysql] MySQL 8 deprecates my_bool
* [core] typo in trace
* [build] Fix unportable test(1) operator
* [core] perf: call connection_reset() fewer times
* [core] perf: array_reset_data_strings()
* [core] perf: buffer_free_ptr() __attribute__ cold
* [core] perf: one-element cache for host normalize
* [core] perf: buffer_copy_string_len()
* [core] perf: skip redundant prepare copy calls
* [core] perf: buffer_align_size() identity if align
* [core] perf: size write buffers for reuse
* [core] perf: prepend headers directly into write q
* [core] perf: copy small strings; better buf reuse
* [core] perf: copy small strings; extend last chunk
* [core] perf: specialized func for array sorting
* [core] perf: append response directly into write q
* [core] perf: better buf reuse reading from backend
* [core] chunk.c code reuse
* [multiple] perf: write headers to backend write cq
* [multiple] perf: power-2 alloc large headers
* [multiple] perf: use larger initial backend buffer
* [core] permit env vars to be set with blank value
* [mod_fastcgi] perf: reduce data copies
* [mod_fastcgi] perf: reduce data copies
* [core] perf: chunk.c chunk pool
* [multiple] perf: reuse large buffers w/ backend
* [multiple] better packing of struct chunk
* [core] perf: inline buffer_append_string_buffer()
* [core] slightly simpler flag append to string
* [mod_cgi] perf: reuse buffers for creating CGI env
* [mod_fastcgi,mod_scgi] perf: env accumulation
* [core] Don't call RAND_cleanup with OpenSSL 1.1.x
* [mod_openssl] move SSL_shutdown() to separate func
* [mod_openssl] SSL_read before second SSL_shutdown
* [mod_cgi] perf: use stat_cache for cgi handler
* [mod_openssl] prefer using TLS_server_method()
* [mod_webdav] return 403 if file should exist
* [core] perf: chunkqueue buffers already sized up
* [core] perf: simpler buffer_string_space()
* [multiple] dynamic handlers hint backend header sz
* [core] use chunk_buf_sz instead of hard-coded num
* [multiple] perf: simplify chunkqueue_get_memory()
* [mod_wstunnel] perf: reuse large buffers
* [mod_cgi] perf: cache getenv() results at start up
* [core] fix 301 -> 302 overwrite with Location (fixes #2918)
* [core] fix setting of headers previously reset (fixes #2919)
* [mod_webdav] quiet coverity false positive
* [core] server.compat-module-load = "disable"
* [core] server.chunkqueue-chunk-sz = 4096
* [core] perf: simpler buffer_string_space() (fixed)
* [core] perf: faster HTTP pipelined requests
* [core] perf: simpler buffer_string_space() (tests)
* [mod_cgi] reset reused buffer on internal redir
* [core] clear chunk buffer upon release
* [mod_fastcgi] minor: copy packet without padding
* [mod_redirect,mod_rewrite] use server_name
* [mod_fastcgi] transfer chunks minus packet padding
* [core] separate func to reset FILE_CHUNK
* [core] perf: simple, quick buffer_clear()
* [core] perf: small improvement to encoding CGI var
* [core] perf: small improvement buffer_string_space
* [core] simpler physical path concatenation
* [mod_webdav] fix LOCK on incorrect URI path
* [mod_webdav] one fewer buffer copy for COPY,MOVE
* [core] perf: simplify buffer_move()
* [mod_cml] parse query string without modifying it
* [core] perf: buffer optimizations
* [mod_wstunnel] use buffer_string_length()
* [core] perf: inline buffer_copy_buffer()
* [core] cygwin helper func for getcwd
* [core] cygwin sample to run lighttpd under NSSM
* [core] limit con->uri.authority < 1024 octets
* [mod_webdav] separate func for each request method
* [core] reject decoded url-path without leading '/'
* [multiple] validate UTF-8 in url-decoded paths
* [mod_proxy] silence coverity false positive
* [core] fix typo
* [core] buffer_append_path_len()
* [core] quiet indexfile warning if mod not loaded
4 years ago
4 years ago
- 1.4.51 - 2018-10-14
* [core] split parsing header line into separate function
* [core] explicitly return 0 instead of constant result
* [core] header parsing: use goto for error handling
* [core,security] process headers after combining folded headers
* [core] replace folding whitespace with a single space
* [buffer] fix duplicate assert and comment
* [core] redo HTTP header line folding
* [core] parse header line strings before copying
* [core] abstraction to insert/modify response hdrs
* [core] code reuse with array_insert_key_value()
* [core] simplify parsing hdr key whitespace then :
* [core] http_request_parse_reqline() separate func
* [core] abstraction layer for HTTP header manip
* [core] code reuse with http_response_body_clear()
* [mod_proxy] fix proxy.forwarded and proxy.replace-http-host (fixes #2902)
* [mod_rewrite] fix url.rewrite-repeat and url.rewrite-if-not-file (fixes #2908)
* [core] fastcgi.h link to Open Market License (OML) (fixes #2901)
* [mod_proxy,mod_wstunnel] copy full plugin_config (fixes #2903)
* [mod_fastcgi,mod_scgi] error on oversized request (fixes #2905)
* [mod_auth] send 401 for mismatch HTTP auth scheme (fixes #2906)
* [core] code reuse array_match_*() routines
* [mod_skeleton] review and simplify
* [multiple] code reuse: employ array_match_*()
* [doc] lighttpd.service uses network-online.target
* [mod_flv_streaming] code simplifications
* [mod_authn_pam] mod_auth PAM support (fixes #688)
* [mod_sockproxy] add to build
* [core] fix include_shell on inline shell commands (fixes #2910)
* [multiple] code reuse: using array_*() funcs
* [tests] t/test_array.c
* [core] array_get_int_ptr()
* [core] more memory-efficient fn table for data_*
* [tests] #undef NDEBUG before assert.h in t/test_*
* [core] inline status_counter routines
* [core] log_failed_assert() __attribute__((cold))
* [core] http_status_append()
* [core] http_method_append()
* [core] prefer buffer_append_string_len()
* [build] fix SCons build for mod_authn_pam
* [mod_userdir] security: skip username "." and ".."
* [mod_deflate] null-check to quiet coverity warning
* [core] quiet coverity false positive
* [multiple] quiet compiler warnings --without-pcre
* [mod_secdownload] support if HMAC() is a macro
* [TLS] sys-crypto.h abstraction
* [TLS] sys-crypto.h abstraction
* [build] put request.c in common src
* [meson] build fixes for libmariadb and libsasl2
* [core] PATH_INFO calculation when basedir is "/" (fixes #2911)
* [core] better consistency in buffer_is_equal*()
* [core] fix missing param from prev commit
* [mod_openssl] no renegotiation in TLS 1.3 (fixes #2912)
* [core] reject Transfer-Encoding from proxy (#2913)
* [mod_auth] use SHA1_Init,Update,Final
* [mod_openssl] add support for wolfSSL
* [build] automake support for wolfSSL
* [build] SCons support for wolfSSL
* [build] meson support for wolfSSL
* [build] CMake support for wolfSSL
* [core] perf: buffer.c internal inlines
* [mod_openssl] wolfSSL does not support SSLv2
* [core] perf: buffer_string_append_len()
* [core] permit server.error_handler to static file
4 years ago
4 years ago
- 1.4.50 - 2018-08-13
* [mod_extforward] allow explict IPs to be untrusted (#2860)
* [core] fix crash if 'host' empty in config (fixes #2876)
* [mod_magnet] fix regression in lighty.stat (fixes #2877)
* [core] minor code cleanup in gw_recv_response()
* [core] fix rare race condition from backends (fixes #2878)
* [mod_proxy] fix segfault in Set-Cookie reverse map (fixes #2879)
* [core] fdevent_accept_listenfd() nonblock cloexec
* [build] remove m4 AC_PATH_PROG for PKG_CONFIG
* [core] some header cleanup
* [mod_wstunnel] better Sec-WebSocket-Protocol parse
* [mod_magnet] code reuse
* [mod_magnet] reduce buffer copies
* [mod_fastcgi,mod_scgi] fastcgi.balance,scgi.balance (fixes #2882)
* [core] check if SOCK_NONBLOCK is ignored (fixes #2883)
* [core] buffer_append_string_encoded_hex_lc()
* [core] more efficient hex2int()
* [mod_secdownload] compare bin MAC instead of hex
* [core] li_tohex_lc() explicitly uses lc hex chars
* [core] buffer_append_uint_hex_lc() uses lc hex
* [core] buffer_append_string_encoded() uc hex
* [tests] reduce test_base64 brute force tests
* [tests] remove test_buffer output, except on error
* [core] check for continuation in server.tag
* [core] CONNECT must be handled before fs hooks
* [mod_redirect, mod_rewrite] code reuse (sharing)
* [core] data_config_pcre_compile,exec()
* [tests] test_request unit tests
* [core] http_kv.[ch] method, status, version str
* [core] remove unused get_http_status_body_name()
* [core] remove proc_open.[ch], reduce stdio.h use
* [tests] move src/test_*.c to src/t/
* [core] server.http-parseopts URL normalization opt (fixes #1720)
* [core] inline some buffer.[ch] routines
* [core] remove some duplicative code in log.c
* [core] debug server.log-request-header-on-error
* [mod_redirect,mod_rewrite] short-circuit earlier
* [core] fix buffer_to_upper()
* [mod_cgi] handle CGI partial response header write
* [mod_redirect,mod_rewrite] pass request URI info
* [mod_redirect,mod_rewrite] encoding options (fixes #443, fixes #911)
* [mod_redirect,mod_rewrite] fix segfault w/ invalid syntax (fixes #2892)
* [mod_fastcgi] fix memleak with FastCGI auth,resp (fixes #2894)
* [mod_alias] security: potential path traversal with specific configs
* [mod_wstunnel] quiet 32-bit compiler warnings
* [core] POLLRDHUP handling for transparent proxying
* [mod_redirect,mod_rewrite] support up to 19 match
* [core] add missing includes to quiet compiler warn
* [mod_redirect,mod_rewrite] base64url encoding opt
* [mod_rewrite] require rewrite result to begin '/'
* [core] security: use-after-free invalid Range req
* [core] reset var if FAMMonitorDirectory() fails
* [core] option to propagate TCP FIN to backend host
* mod_sockproxy - socket forwarding
* [core] workaround Coverity cov-build bug with gcc7
* [build] add missing file for test_burl
* [core] quell insignificant coverity warning
* [core] extend server.http-parseopts
4 years ago
* [mod_alias] security: path traversal in mod_alias (in some use cases) (fixes #2898)
* [core] security: use-after-free after invalid Range request (fixes #2899)
4 years ago
4 years ago
- 1.4.49 - 2018-03-11
* [core] adjust offset if response header blank line
* [mod_accesslog] %{canonical,local,remote}p (fixes #2840)
* [core] support POLLRDHUP, where available (#2743)
* [mod_proxy] basic support for HTTP CONNECT method (#2060)
* [mod_deflate] fix deflate of file > 2MB w/o mmap
* [core] fix segfault if tempdirs fill up (fixes #2843)
* [mod_compress,mod_deflate] try mmap MAP_PRIVATE
* [core] discard from socket using recv MSG_TRUNC
* [core] report to stderr if errorlog path ENOENT (fixes #2847)
* [core] fix base64 decode when char is unsigned (fixes #2848)
* [mod_authn_ldap] fix mem leak when ldap auth fails (fixes #2849)
* [core] warn if mod_indexfile after dynamic handler
* [core] do not reparse request if async cb
* [core] non-blocking write() to piped loggers
* [mod_openssl] minor code cleanup; reduce var scope
* [mod_openssl] elliptic curve auto selection (fixes #2833)
* [core] check for path-info forward down path
* [mod_authn_ldap] auth with ldap referrals (fixes #2846)
* [core] code cleanup: separate physical path sub
* [core] merge redirect/rewrite pattern substitution
* [core] fix POST with chunked request body (fixes #2854)
* [core] remove unused func
* [doc] minor update to *outdated* doc
* [mod_wstunnel] fix for frames larger than 64k (fixes #2858)
* [core] fix 32-bit compile POST w/ chunked request body (#2854)
* [core] add include sys/poll.h on Solaris (fixes #2859)
* [core] fix path-info calculation in git master (fixes #2861)
* [core] pass array_get_element_klen() const array *
* [core] increase stat_cache abstraction
* [core] open additional fds O_CLOEXEC
* [core] fix CONNECT w strict header parsing enabled
* [mod_extforward] CIDR support for trusted proxies (fixes #2860)
* [core] re-enable overloaded backends w/ multi wkrs
* [autoconf] reduce minimum automake version to 1.13
* [mod_auth] constant time compare plain passwords
* [mod_auth] check that digest realm matches config
* [core] fix incorrect hash algorithm impl
5 years ago
- 1.4.48 - 2017-11-11
5 years ago
* [mod_webdav] fix crash if stat fails, not ENOENT
* [core] fix build --disable-ipv6 (fixes #2832)
* [scons] Merge branch 'personal/stbuehler/scons-cleanup'
* [autobuild] Merge branch 'personal/stbuehler/autobuild-cleanup'
* [meson] new build system
* [core] fix var.CWD (regression in 1.4.46) (fixes #2835)
* [core] fix implicit wildcard IPv4 and IPv6 listen
* [autobuild] remove obsolete warning about mmap use
* [core] isolate sock_addr manipulation
* [stat_cache] remove debug code littered in file
* [core] cleanup unused ifndef
* [core] cleanup: consolidate FAM code in stat_cache
* [core] consolidate backend network write handlers
* [autobuild] allow sendfile() in cross-compile (fixes #2836)
* [core] quiet pedantic cc warning for excess comma
* [core] isolate backend fdevent handler defs
* [mod_openssl] error if ssl.engine in wrong section (fixes #2837)
* [core] fix lighttpd -1 one-shot graceful shutdown
* [mod_cgi] quiet trace if mod_cgi sends SIGTERM (fixes #2838)
* [build] fix link of test_configfile.c
* [core] quiet coverity false positive
* [mod_openssl] more pedantic check of return values
* [mod_openssl] allow specifying server cert chain (fixes #2692)
* [mod_openssl] ssl.openssl.ssl-conf-cmd (fixes #2758)
* [doc] NEWS - fix improper format line breaks
* [mod_authn_ldap] replace use of deprecated funcs
* [mod_authn_sasl] SASL auth (new) (fixes #2275)
* [mod_openssl] quiet trace from TCP probes (#2784)
* [core] fix dup typedef compiler warning
* [scons] fix various python2/3 incompatibilities
* [doc] fix doc/config/conf.d/fastcgi.conf example
5 years ago
- 1.4.47 - 2017-10-22
5 years ago
* [mod_authn_gssapi] needs -lcom_err under Darwin
* [core] stricter validation of request-URI begin
* [core] fix 1.4.46 regression in config match (fixes #2830)
* [core] normalize config addrs for != match (#2830)
* [core] normalize config addrs for eq and ne (#2830)
* [doc] use https:// URLs to .lighttpd.net resources
* [core] fix 1.4.46 regression in Last-Modified
5 years ago
- 1.4.46 - 2017-10-21
5 years ago
* [TLS] mark code that uses -lcrypto but not -lssl
* remove redundant calls to end-of-request hooks
* [mod_mysql_vhost] remove dev debug code
* [core] con interface for read/write; isolate SSL
* [core] new plugin hooks to help isolate SSL
* [mod_openssl] new module (preliminary layout)
* [core] move network_open_file_chunk() to chunk.c
* [mod_openssl] move openssl code into mod_openssl
* [mod_openssl] move openssl config into mod_openssl
* [core] move connection_read_cq() to connections.c
* [mod_geoip] call from handle_request_env hook
* [build] only mod_openssl depends on -lssl
* [mod_auth] enable optional authz if extern authn (fixes #2481)
* [mod_openssl] allow ssl.verifyclient on url paths (fixes #2245)
* [core] do not emit req/response hdrs w/ blank val
* [mod_setenv] directives to overwrite/remove hdrs (fixes #650, fixes #2295)
* [mod_secdownload] new directives modify hash path (fixes #646, fixes #1904)
* [core] move con throttling to connections-glue.c
* [core] support Expect: 100-continue with HTTP/1.1 (fixes #377, #1017, #1953, #2438)
* [mod_openssl] use TLS SNI to set host-based certs
* [mod_ssi] send #exec cmd="..." output to temp file
* [mod_scgi] tests/mod-scgi.t unit tests
* [mod_auth] support LDAP groups for HTTP auth (fixes #1817)
* [core] use getaddrinfo,inet_pton vs gethostbyname (fixes #2783)
* [mod_auth] LDAP escape username in DN and filters
* mod_vhostdb* (dbi,mysql,pgsql,ldap) (fixes #485, fixes #1936, fixes #2297)
* [mod_auth] have LDAP template replace '?'
* apply debian/patches/spelling.patch
* [core] permit connection-level state in modules
* [TLS] include <openssl/opensslv.h> in rand.c
* [core] config match w/ arbitrary HTTP request hdrs (fixes #1556)
* [mod_flv_streaming] add end pos param (fixes #1887)
* [core] X-LIGHTTPD-KBytes-per-second from backends (fixes #954)
* [core] improve accuracy of bandwidth write limits
* [core] quicker graceful shutdown
* [tests] remove unused file depending on CGI.pm
* [doc] doc/initscripts.txt (fixes #2782)
* [core] check issetugid() early in main()
* [core] combine duplicated getrlimit, network_init
* [core] move interval timer near worker event loop
* [core] initialize globals at top of main()
* [core] graceful restart with SIGUSR1 (fixes #2785)
* [mod_authn_mysql] fix minor memleak at shutdown
* [mod_rrdtool] no error if loaded but no config
* [doc] SIGUSR1 doc and lighttpd-angel SIGUSR1
* [mime.conf] add text/markdown to utf-8 list, regenerate mime.conf
* [mod_cgi] RFC3875 CGI local-redir strict adherence (#2108)
* [mod_cgi] do not send "Status" back to client
* [core] add label for 308 Permanent Redirect
* [mod_openssl] inherit ssl.* from global scope
* [core] handle if backend sends Transfer-Encoding (#2786)
* [core] use kqueue in level-triggered mode (fixes #2788)
* [mod_fastcgi,mod_scgi] backend spawn EINTR retry (#2788)
* [core] config opt to intercept dynamic handler err (fixes #974)
* [core] set default server_tag in server.c
* [core] include lighttpd vers in server started msg
* [core] move version.h logic into server.c
* [core] issue trace if max-fds too large (fixes #2789)
* [mod_fastcgi,mod_scgi] consistent waitpid handling (fixes #2791)
* [mod_cgi] fix CGI local-redir w/ url.rewrite-once (fixes #2793)
* [mod_scgi] fix unused_procs bidirectional-links
* [mod_scgi] fix potential repeated use of proc->id
* [mod_fastcgi,mod_scgi] consolidate backend process accounting (#2788)
* [mod_cgi] status 200 OK if no hdrs (deprecated) (#2786)
* [core] fix regex condition subst w/ mod_extforward (fixes #2794)
* [tests] correct skip count for mod-scgi.t
* [mod_vhostdb_ldap] fix inverted logic (coverity)
* [mod_cgi] cgi.local-redir = [enable|disable] (#2108, #2793)
* [core] $REQUEST_HEADER[...] subsumes other config (#1556)
* [mod_usertrack] usertrack.cookie-attrs config opt (fixes #2795)
* [core] default server.max-fds=4096 if unspecified (#2789)
* update .gitignore, add .gitattributes
* [core] reduce con allocation for small max_conns
* [config] more specific checks for array lists
* [mod_authn_gssapi] needs -lcom_err under cygwin
* [mod_cgi,fastcgi,scgi,proxy] fix streaming response (fixes #2796)
* [mod_auth] Digest nonce on system with time <=1978
* [doc] simple-vhost.debug takes an integer value (fixes #2797)
* [core] fix crash if invalid config file (fixes #2798)
* [core] remove unused member con->in_joblist
* [mod_proxy] remove use of con->got_response
* [core] consolidate dynamic handler response parse
* [core] remove now-unused buffer_search_string_len
* [mod_cgi] eliminate warning when compiled -Os
* [mod_scgi] do not reconnect after connect succeeds
* [tests] reduce time waiting for backends to start
* [core] server.syslog-facility (fixes #2800)
* [core] server.syslog-facility (use -1 for unset) (#2800)
* [core] allow overriding prior config values (fixes #2799)
* [mod_proxy] set Content-Length, if available
* [mod_proxy] set X-Forwarded-Host (fixes #418)
* [core] remove redundant Content-Length digit check
* [core] remove some unused header includes
* [core] use con->dst_addr_buf instead of ip recalc
* [core] include "fdevent.h" where needed
* [core] make stat_cache private to stat_cache.c
* [core] collect ioctl FIONREAD code
* [core] include <netdb.h> where needed
* [core] report file path when mkstemp() fails (fixes #2802)
* [core] export http_request_host_policy() for reuse
* [mod_extforward] simplify header search
* [mod_extforward] consolidate ipstr_to_sockaddr()
* [mod_extforward] upd scheme after ipstr validated
* [mod_extforward] rearrange code; prep Forwarded
* [mod_extforward] support Forwarded HTTP Extension (#2703)
* [mod_proxy] support Forwarded HTTP Extension (fixes #2703)
* [core] inet_pton(), inet_ntop() on (sock_addr *)
* [core] save connection-level proto in con->proto
* [mod_extforward] support HAProxy "PROXY" protocol (fixes #2804)
* [mod_extforward] fix typos in Forwarded handling
* [core] fix stat_cache initialization error
* [core] perf: stat_cache_mimetype_by_ext()
* [core] inet_ntop_cache now 4-element cache
* [mod_openssl] free local_send_buffer at exit
* [core] extend mimetype search w/o leading '.'
* [core] no SOCK_CLOEXEC on Linux kernel < 2.6.27
* [core] inline simple buffer is empty checks
* [core] buffer_substr_replace()
* [core] sys-strings.h abstraction for strings.h
* [mod_proxy] fix backslash escaping
* [core] omit default port from normalized host str
* [core] fix build issue without ipv6 support
* [core] permit strings and integers in config array
* [mod_accesslog] flag high precision ts for %T (fixes #2807)
* [core] permit strings,ints,arrays in config array
* [core] calloc plugin_config for consistent init
* [mod_proxy] simple host/url mapping in headers (fixes #152)
* [mod_uploadprogress] handle query str progress ID (fixes #2808)
* [mod_fastcgi] consolidate backend read code
* [mod_proxy,mod_scgi] fix truncated error trace
* [core] skip socket shutdown() if con->fd negative
* [core] act as transparent proxy after con Upgrade
* [core] remove redundant resets of fde_ndx
* [core] configparser: fix resource handling in error cases (fixes #2809)
* [core] fix crash for invalid syntax in config file (fixes #2810)
* [core] prep mod transitions to transparent proxy
* [mod_proxy] basic support for Upgrade: websocket (fixes #2811)
* [mod_extforward] compile on OSX
* [core] set server.max-keep-alive-requests = 100 (fixes #2205)
* [core] perf: skip redundant strlen() if len known
* [core] optional condition in config "else" clause (fixes #1268)
* [mod_cgi] basic support for Upgrade: websocket
* [core] buffer to disk streaming to slow backends
* [core] silence compiler warnings if !HAVE_FORK
* [build] -Werror if --enable-extra-warnings=error
* [build] autotools use AC_PROG_CC_STDC macro
* [mod_openssl] ssl.ca-crl-file for CRL (fixes #2319)
* [mod_openssl] ssl.ca-dn-file (fixes #2694)
* [mod_proxy] fix typo identified by coverity
* [mod_openssl] ignore client verification error if not enforced
* [mod_openssl] fix compile with openssl 1.1.0
* [mod_extforward] quiet clang compiler warning
* [mod_dirlisting] sort "../" to top of names
* [mod_openssl] safer_X509_NAME_oneline() (fixes #2693)
* [core] allow earlier plugin init for SSL/TLS
* [mod_openssl] adjust use of ssl.ca-dn-file
* [core] fix compiler warnings on Mac OS X
* [core] server.socket-perms to set perms on unix (fixes #656)
* [core] get port from sock_addr if AF_INET,AF_INET6
* [core] server.error_handler_404 X-Sendfile ENOENT (#2474)
* [core] consolidate fork()/execve() code (#1393)
* [core] mv log_error_{open,cycle.close} to server.c
* [core] rename fd_close_on_exec()
* [core] remove unused includes of stat_cache.h
* [core] add missing include of stdlib.h
* [core] reduce exposure of unistd.h, other includes
* [core] sock_addr_from_str_hints reusable name res
* [core] continue collecting use of netdb.h
* [core] continue collecting use of netdb.h
* [core] continue collecting use of netdb.h
* [core] fdevent_connect_status() shared code
* [core] add const to reduce .data segment size
* [mod_proxy] move data_fastcgi into mod_proxy.c
* [mod_proxy] store address family at config time
* [mod_fastcgi] slightly simplify counters
* [mod_fastcgi] consolidate connect() error handling
* [mod_fastcgi] set request_id in fcgi_create_env()
* [mod_fastcgi] move delayed connect() into switch()
* [mod_fastcgi,mod_scgi] consistent connect() error
* [mod_scgi] remove unused parse_response member
* [mod_fastcgi,mod_scgi] struct member consistency
* [mod_fastcgi,mod_scgi] parse bin_path at startup
* [mod_fastcgi,mod_scgi] use temp buffer for cgi_env
* [core] shared code for socket backends
* [core] spread load on socket backend procs
* [core] store sockaddr for socket backend procs
* [core] resolve DNS at startup for socket backends
* [core] adaptive spawning for socket backend procs (fixes #1162)
* quell compiler warnings for -Wimplicit-fallthrough
* [doc] update README
* [core] fdevent_cycle_logger()
* [core] reap lighttpd worker pids precisely
* [core] restart piped loggers if they exit (fixes #1393)
* [mod_webdav] PROPFIND getetag attr must match GET
* [core] consistent behavior w/ and w/o SA_SIGINFO
* [core] do not remove pid-file in test mode
* [core] add public domain SHA1() if no crypto
* [mod_wstunnel] websocket tunnel to other protocol
* [core] forward SIGHUP only to lighttpd workers
* [mod_dirlisting] treat README and HEADER as paths (fixes #2818)
* [core] set one-shot mode fd O_NONBLOCK, FD_CLOEXEC
* [core] remove fdevent fcntl_set hook
* [mod_extforward] typo in comment
* [mod_cgi] add missing #include
* [core] fix invalid sizeof() identified by coverity
* [core] add missing #include
* [core] base_decls.h to quiet compiler warnings
* [core] set socket perms after bind, before listen
* [core] warn if backend server config contains '_'
* [mod_extforward] PROXY proto and SSL_CLIENT_VERIFY
* [core] workaround for AIX mmap define
* [mod_accesslog] flush access logs every 4 seconds
* [mod_cgi] fix bug to properly exec interpreter
* [mod_fastcgi] fix return when streaming min buffer
* [core] attempt to quiet coverity false positives
* [core] attempt to quiet coverity false positives
* [core] attempt to quiet compiler warning in LEDE
* [core] SIGCHLD handle_waitpid hook for modules
* [mod_rrdtool] handle_trigger returns HANDLER_GO_ON
* [mod_openssl] ssl.read-ahead="disable" for stream
* [mod_cgi] add FDEVENT_IN upon CGI exit
* [mod_cgi] omit cgi_handle_fdevent after proc exit
* [mod_webdav] check HAVE_UUID for -luuid
* [core] adjust li_rand_pseudo* interfaces
* [mod_wstunnel] fix config parsing bug
* [core] fdevent setsockopt() helper functions
* [core] make strftime_cache_get() 16-element cache
* [core] disable Nagle if streaming to backend
* [core] fix triggered assert on HTTP chunked input (fixes #2822)
* [mod_wstunnel] fix NULL ptr deref
* [algo_sha1] fix compile break and warnings
* [lemon] fix gcc implicit-fallthrough warning
* [core] URI scheme is case-insensitive
* [network] do not append port to unix socket paths
* [unittests] consolidate base64 test code
* [core] use sun_path for addr string for AF_UNIX (fixes #2826)
* [core] cleaner code; remove goto from network.c
* [core] /dev/stdin listener for inetd wait yes
* [core] compare listen addrs after DNS resolution
* [core] inline chunkqueue_is_empty()
* [core] limit use of TCP_CORK
* [core] return from http_response_read if small rd
* [core] gateways might Upgrade con before body read
* [mod_wstunnel] set Sec-WebSocket-Protocol if bin
* [mod_wstunnel] remove invalid appended '\0'
* [core] quiet coverity warning
* [core] handle fds pending close after poll timeout (fixes #2827)
* [core] fix $REQUEST_HEADER[...] parsing in config (#1556)
* [mod_dirlisting] custom js date parse func (fixes #2823)
* [core] remove fd interest if create_env returns
* [mod_openssl] copy data for larger SSL packets
* [mod_openssl] remove erroneous SSL_set_shutdown()
* [core] permit LF to end lines if !header-strict
* [core] add back REQUEST_SCHEME for backends
* [core] remove fdevent_sched_run from fdevent_libev (#2827)
* [mod_openssl] ssl.read-ahead="disable" by default
* [core] adjust parser for valid variable expansion
* [cmake] handle WITH_WEBDAV_LOCKS option
* [cmake] fix attr header detection and linking
* [cmake] link mod_cml with memcached
* [core] reproducible build: hide __DATE__ __TIME__ (fixes #2828)
* [core] perf: more efficient fdevent_sched_run()
* [core] translate DNS to IP str for cond socket cmp
6 years ago
- 1.4.45 - 2017-01-14
6 years ago
* [mod_cgi] skip local-redir handling if to self (fixes #2779, #2108)
* [mod_webdav] fix crash when plugin_ctx cleaned up (fixes #2780)
* [mod_fastcgi] detect child exit, restart proactively
* [mod_scgi] detect child exit, restart proactively
* [TLS] ssl.read-ahead = "disable" for low mem (fixes #2778)
6 years ago
- 1.4.44 - 2016-12-24
* [mod_scgi] fix segfault (fixes #2762)
* [mod_authn_gssapi] fix memory leak
6 years ago
* [config] warn if mod_authn_ldap,mysql not listed
* [mod_magnet] fix magnet_cgi_set() set of env vars (fixes #2763)
* [mod_cgi] FreeBSD 9.3/MacOSX does not have pipe2() (fixes #2765)
* [mod_extforward] fix crash on invalid IP (fixes #2766)
* [mod_fastcgi] fix segfault if all backends down (fixes #2768)
* [mod_cgi] fix out of sockets error for POST to CGI (fixes #2771)
* [mod_auth] compile fix for Mac OS X XCode (fixes #2772)
* [mod_authn_gssapi] better resource cleanup
* [core] compile fix for Mac OS X 10.6 (old) (fixes #2773)
* fix race in dynamic handler configs (reentrancy) (fixes #2774)
* [mod_authn_mysql] close mysql_conn in cleanup
* [mod_webdav] compile fix when locking not enabled
* load mod_auth & mod_authn_file in sample/test.conf
* comment out auth.backend.ldap.* in tests/*.conf
* [mod_fastcgi,mod_scgi] warn if invalid "bin-path"
* RAND_pseudo_bytes() is deprecated in openssl 1.1.0
* openssl 1.1.0 init and cleanup
* [mod_cgi] remove direct calls to network_backend*
* [build] build network_*.c into lighttpd executable
* suggest inclusion of mod_geoip... before mod_ssi.
* set systemd settings similar to lighttpd2
* [doc] remove reference to Linux rt-signals
* [mod_authn_gssapi] fix missing error ret, coverity
* [core] rename li_rand() to li_rand_pseudo_bytes()
* remove #include "stream.h" where not used
* [mod_cml] include lua headers before base.h
* [core] combine duplicated connection reset code
* [mod_ssi] produce content in subrequest hook
* [core] remove srv->entropy[]
* [core] defer li_rand_init() until first use
* [core] permit connection-level state in modules
* [mod_dirlisting] render dirlisting as HTML (fixes #2767)
* [mod_proxy] replace HTTP Host sent to backend (fixes #2770)
* [mod_ssi] basic recursive SSI include virtual (fixes #536)
* [mod_ssi] implement, ignore <!--#comment ... -->
* [core] consolidate duplicated read-to-close code
* [core] fix segfault when parsing a bad config file
* [core] support Transfer-Encoding: chunked req body (fixes #2156)
* [autobuild] set NO_RDYNAMIC=yes for midipix
* [mod_proxy] proxy.balance = "sticky" option (fixes #2117)
* [mod_secdownload] warn if SHA used w/o SSL crypto
* [build] compile fixes for AIX
* [build] check for pipe2() at configure time
* [mod_evhost] fix an incorrect error trace
* [tests] mark tests/docroot/www/*.pl scripts a+x
* [mod_cgi] fall back to pipe() if pipe2() fails
* fix SCons fullstatic build with glibc pthreads
* [TLS] openssl 1.1.0 makes SSL_OP_NO_SSLv2 no-op
6 years ago
- 1.4.43 - 2016-10-31
6 years ago
* [autobuild] remove mod_authn_gssapi dep on resolv
* [mod_deflate] ignore '*' in deflate.mimetypes
* [autobuild] omit module stubs when missing deps
* [TLS] openssl 1.1.0 hides struct bignum_st
* [autobuild] move http_cgi_ssl_env() for Mac OS X (fixes #2757)
* [core] use paccept() on NetBSD (replace accept4())
* [TLS] remote IP conditions are valid for TLS SNI (fixes #2272)
* [doc] lighttpd-angel.8 (fixes #2254)
* [cmake] build fcgi-auth, fcgi-responder for tests
* [mod_accesslog] %{ratio}n logs compression ratio (fixes #2133)
* [mod_deflate] skip deflate if loadavg too high (fixes #1505)
* [mod_expire] expire by mimetype (fixes #423)
* [mod_evhost] partial matching patterns (fixes #1194)
* build: use CC_FOR_BUILD for lemon when cross-compiling
* [mod_dirlisting] config header and readme files
* [config] warn if mod_authn_ldap,mysql not listed
* fix FastCGI, SCGI, proxy reconnect on failure
* [core] network_open_file_chunk() temp file opt
* [mod_rewrite] add more info in error log msg
* [core] fix fd leak when using libev (fixes #2761)
* [core] fix potential streaming tempfile corruption (fixes #2760)
* [mod_scgi] fix prefix matching to always match url
* [autobuild] adjust Makefile.am for FreeBSD
6 years ago
* [build] move some build scripts to scripts/
* [autotools] fix configure.ac for opensuse 13.2
6 years ago
- 1.4.42 - 2016-10-16
6 years ago
* [TLS] SSL_shutdown() only if handshake finished
* [mod_proxy,mod_scgi] shutdown remote only if local (#2743)
* [core] check if client half-closed TCP if POLLHUP (#2743)
* [core] enforce wait for POLLWR after EINPROGRESS (fixes #2744)
* [core] do not enter handler twice after read body
* [core] proxy,scgi omit shutdown() to backend (fixes #2743)
* [mod_dirlisting] dirlist does not handle POST
* [mod_dirlisting] js column sort for dirlist table (fixes #613, fixes #2315)
* [mod_auth] Digest auth fails after rewrite (fixes #2745)
* [mod_auth] refactor out auth backend code
* [mod_auth] extensible interface for auth backends
* [core] better DragonFlyBSD support (fixes #2746)
* [mod_auth] include base.h for USE_OPENSSL def
* [mod_auth] support CRYPT-MD5-NTLM algorithm (fixes #1743)
* [mod_auth] terminate salt for CRYPT-MD5-NTLM
* [core] fix crash if ready events on abandoned fd (fixes #2748)
* [mod_auth] http_auth_md5_hex2bin()
* [mod_auth] remove empty mod_auth.h
* [mod_auth] mod_authn_mysql.c MySQL auth backend (fixes #752, fixes #1845)
* [mod_cgi] permit CGI exec of unreadable files (fixes #2374)
* [mod_uploadprogress] add to default build
* [mod_geoip] add to default build (fixes #2705, fixes #2101, fixes #2092, fixes #2025, fixes #1962, fixes #1938)
* [mod_fastcgi] Authorizer support with Responder (fixes #321, fixes #322)
* [tests] test coverage for issues (#321, #322)
* dynamic handlers store debug flag in handler_ctx
* [mod_fastcgi] allow authorizer, responder for same path/ext (#321)
* backport mod_deflate to lighttpd 1.4 (fixes #1824, fixes #2753)
* [autobuild] test_configfile might need vector.c (fixes #2752)
* [mod_deflate] fix longjmp clobber compiler warning
* remove unused array type TYPE_COUNT data_count
* [mod_auth] structured data, register auth schemes
* [mod_auth] mod_authn_gssapi Kerberos auth backend (fixes #1899)
* [autobuild] skip two new tests if no fcgi-auth
* [SCons] define with_krb5 for SCons build
* [SCons] fix syntax error in SConstruct
* [SCons] define with_geoip for SCons build
* [CMake] fix clang -Wcast-align warnings in lemon.c
* remove excess initializers (fix compiler warnings)
* fix errors detected by Coverity Scan
* performance: use Linux extended syscalls and flags
* [mod_scgi] add uwsgi protocol support
* [mod_auth] refactor LDAP code into smaller funcs
* [mod_auth] HTTP Basic auth backends also do authz (#1817)
* [mod_auth] ldap filter subst user for multiple '$' (fixes #1508)
* [mod_auth] permit specifying ldap DN; skip search (fixes #1248)
* [autobuild] update module/feature report
* [cmake] build mod_authn_gssapi if WITH_KRB5
* [mod_auth] fix printing of IP in error trace
* [mod_mysql_vhost] support multiple '?' replacement (fixes #2163)
* [core] make server.max-request-size scopeable (#1901)
* [core] server.max-request-field-size (fixes #2130)
* [core] optional condition in config "else" clause (fixes #1268)
* [core] restrict where config "else" clauses occur (#1268)
* silence warnings from clang ccc-analyzer
* consistent, shared code to create CGI env
* [TLS] replace env entries in https_add_ssl_entries
* [TLS] set SSL_CLIENT_M_SERIAL w/ client cert SN (fixes #2268)
* [TLS] set SSL_CLIENT_VERIFY w/ client cert (#1288, #2693)
* [TLS] set SSL_PROTOCOL, SSL_CIPHER* (fixes #2511)
* [core] rand.[ch] to use better RNGs when available
* [mod_cgi] fix pipe_cloexec() when no O_CLOEXEC
* ignore return value from fcntl() FD_CLOEXEC
* build w/o compiler warnings if no zlib or bz2lib
6 years ago
- 1.4.41 - 2016-07-31
6 years ago
* remove long-deprecated, non-functional config opts
* [config] inherit server.use-ipv6 and server.set-v6only (fixes #678)
* [mod_auth] fix Digest auth to be better than Basic (fixes #1844)
* [mod_ssi] fix #config sizefmt="bytes"
* [autobuild] move inet_pton detection later
* [core] #include <sys/filio.h> for FIONREAD (fixes #2726)
* [autobuild] clock_gettime() -lrt with glibc < 2.17
* [security] do not emit HTTP_PROXY to CGI env
* [build_cmake] clock_gettime() -lrt w/ glibc < 2.17 (fixes #2737)
* [core] avoid spurious trace and error abort
* [core] stay in CON_STATE_CLOSE until done with req
* [core] $HTTP["remoteip"] must handle IPv6 w/o []
* [mod_status] show keep-alive status w/ text output (fixes #2740)
* do not set REDIRECT_URI in mod_magnet, mod_rewrite (#2738)
* revert 1.4.40 swap of REQUEST_URI, REDIRECT_URI (fixes #2738)
* [core] permit IPv6 address scope identifier
* [TLS] better handling of SSL_ERROR_WANT_READ/WRITE
* [TLS] read all available records from SSL_read()
* [core] try AF_INET after AF_INET6 if use-ipv6
* [core] set chunkqueue tempdirs at startup
* [security] ensure gid != 0 if server.username set (fixes #2725)
* [security] disable stat_cache if !follow-symlink (fixes #2724)
* [core] fix buffer_copy_string_hex() assert (fixes #2742)
* [security] encode quoting chars in HTML and XML
* [cmake] always define _GNU_SOURCE
* [cmake] enable warnings for GCC and Clang
* [cmake] set cmake_minimum_required to 2.8.2
6 years ago
- 1.4.40 - 2016-07-16
* [mod_ssi] enhance support for ssi vars (thx fbrosson)
* add handling for lua 5.2 and 5.3 (fixes #2674)
* use libmemcached instead of deprecated libmemcache
* add force_assert for more allocation results
* [mod_cgi] use MAP_PRIVATE to mmap temporary file (fixes #2715)
* [core] do not send SIGHUP to process group unless server.max-workers is used (fixes #2711)
* [mod_cgi] edge case chdir "/" when docroot "/" (fixes #2460)
* [mod_cgi] issue trace and exit if execve() fails (closes #2302)
* [configparser] don't continue after parse error (fixes #2717)
* [core] never evaluate else branches until the previous branches are ready (fixes #2598)
* [core] fix conditional cache handling
* [core] improve conditional enabling (thx Gwenlliana, #2598)
* [mod_compress] case-insensitive content-codings (fixes #2645)
* [plugins] don't include dlfcn.h if not needed (fixes #2548)
* [mod_fastcgi] 404 for X-Sendfile file not found (fixes #2474)
* [mod_cgi] send 500 if CGI ends and there is no response (fixes #2542)
* [mod_cgi] consolidate CGI cleanup code
* [mod_cgi] simplify mod_cgi_handle_subrequest()
* [mod_cgi] kill CGI if fail to write request body
* [mod_proxy] use case-insensitive comparision to filter headers, send Connection: Close to backend (fixes #421)
* [mod_dirlisting] dir-listing.hide-dotfiles = "enabled" by default (fixes #1081)
* [mod_secdownload] fix buffer overflow in secdl_verify_mac (reported by Fortify Open Review Project)
* [mod_fastcgi,mod_scgi] fix leaking file-descriptor when backend spawning failed (reported by Fortify Open Review Project)
* [core] improve array API to prevent memory leaks
* [core] refactor array search; raise array size limit to SSIZE_MAX
* [core] fix memory leak in configparser_merge_data
* [core] provide array_extract_element and use it
* [core] configparser: error on duplicate keys in array merge (fixes #2685)
* [core] more careful parse of $SERVER["socket"] config str (prepare #2204)
* [core] accept $SERVER["socket"] without port, use server.port as fallback (fixes #2204)
* [mod_magnet] define lua_pushglobaltable (for lua5.1) and use it (fixes #2719)
* [ssl] support disabling ssl.verifyclient.activate in SNI callback (fixes #2531)
* restart (some) syscalls after SIGCHLD interrupted them; should fix LDAP problems (fixes #2464)
* [core] log remote address on request timeouts (fixes #652)
* [autobuild] use AC_CANONICAL_HOST instead of AC_CANONICAL_TARGET (fixes #1866)
* [core] fix request_start in keep-alive requests to mark time when received first byte (fixes #2412)
* [core] truncate pidfile on exit (fixes #2695)
* consistent inclusion of config.h at top of files (fixes #2073)
* [core] add generic vector implementation
* [core] replace array weakref with vector
* [base64] fix crash due to broken force_assert
* [unittests] add test_buffer and test_base64 unit tests
* [buffer] refactor buffer_path_simplify (fixes #2560)
* validate return values from strtol, strtoul (fixes #2564)
* [mod_ssi] Add SSI vars SCRIPT_{URI,URL} and REQUEST_SCHEME (fixes #2721)
* [config] warn if server.upload-dirs has non-existent dirs (fixes #2508)
* [mod_proxy] accept LF delimited headers, not just CRLF (fixes #2594)
* [core] wait for grandchild to be ready when daemonizing (fixes #2712, thx pasdVn)
* [core] respond 411 Length Required if request has Transfer-Encoding: chunked (fixes #631)
* [core] fixed the loading for default modules if they are specified explicitly
* [core] lighttpd -tt performs preflight startup checks (fixes #411)
* [stat] mimetype.xattr-name global config option (fixes #2631)
* [mod_webdav] allow Depth: Infinity lock on file (fixes #2296)
* [mod_status] use snprintf() instead of sprintf()
* pass buf size to li_tohex()
* use li_[iu]tostrn() instead of li_[iu]tostr()
* [stream] fstat() after open() to obtain file size
* [core] clean up srv before exiting for lighttpd -[vVh]