lighttpd 1.4.x https://www.lighttpd.net/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

1943 lines
100 KiB

3 years ago
4 years ago
4 years ago
4 years ago
4 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
[mod_ssi] config ssi.conditional-requests Summary: A new SSI directive, "ssi.conditional-requests", allows to inform lighttpd which SSI pages should be considered as cacheable and which should not. In particular, the "ETag" & "Last-Modified" headers will only be sent for those SSI pages for which the directive is enabled. Long description: "ETag" and "Last-Modified" headers were being sent for all SSI pages, regardless of whether they were cacheable or not. And yet, there was no cache validation at all for any SSI page. This commit fixes these two minor issues by adding a new directive, "ssi.conditional-requests", which allows to specify which SSI pages are cacheable and which are not, and by adding cache validation to those SSI pages which are cacheable. And since sending ETags for non-cacheable documents is not appropriate, they are no longuer computed nor sent for those SSI pages which are not cacheable. Regarding the "Last-Modified" header for non-cacheable documents, the standards allow to either send the current date and time for that header or to simply skip it. The approach chosen is to not send it for non-cacheable SSI pages. "ETag" and "Last-Modified" headers are therefore only sent for an SSI page if ssi.conditional-requests is enabled for that page. The ssi.conditional-requests directive can be enabled or disabled globally and/or in any context. It is disabled by default. An index.shtml which only includes deterministic SSI commands such as: <!--#echo var="LAST_MODIFIED"--> is a trivial example of a dynamic SSI page that is cacheable.
5 years ago
[core] open fd when appending file to cq (fixes #2655) http_chunk_append_file() opens fd when appending file to chunkqueue. Defers calculation of content length until response is finished. This reduces race conditions pertaining to stat() and then (later) open(), when the result of the stat() was used for Content-Length or to generate chunked headers. Note: this does not change how lighttpd handles files that are modified in-place by another process after having been opened by lighttpd -- don't do that. This *does* improve handling of files that are frequently modified via a temporary file and then atomically renamed into place. mod_fastcgi has been modified to use http_chunk_append_file_range() with X-Sendfile2 and will open the target file multiple times if there are multiple ranges. Note: (future todo) not implemented for chunk.[ch] interfaces used by range requests in mod_staticfile or by mod_ssi. Those uses could lead to too many open fds. For mod_staticfile, limits should be put in place for max number of ranges accepted by mod_staticfile. For mod_ssi, limits would need to be placed on the maximum number of includes, and the primary SSI file split across lots of SSI directives should either copy the pieces or perhaps chunk.h could be extended to allow for an open fd to be shared across multiple chunks. Doing either of these would improve the performance of SSI since they would replace many file opens on the pieces of the SSI file around the SSI directives. x-ref: "Serving a file that is getting updated can cause an empty response or incorrect content-length error" https://redmine.lighttpd.net/issues/2655 github: Closes #49
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
fix buffer, chunk and http_chunk API * remove unused structs and functions (buffer_array, read_buffer) * change return type from int to void for many functions, as the return value (indicating error/success) was never checked, and the function would only fail on programming errors and not on invalid input; changed functions to use force_assert instead of returning an error. * all "len" parameters now are the real size of the memory to be read. the length of strings is given always without the terminating 0. * the "buffer" struct still counts the terminating 0 in ->used, provide buffer_string_length() to get the length of a string in a buffer. unset config "strings" have used == 0, which is used in some places to distinguish unset values from "" (empty string) values. * most buffer usages should now use it as string container. * optimise some buffer copying by "moving" data to other buffers * use (u)intmax_t for generic int-to-string functions * remove unused enum values: UNUSED_CHUNK, ENCODING_UNSET * converted BUFFER_APPEND_SLASH to inline function (no macro feature needed) * refactor: create chunkqueue_steal: moving (partial) chunks into another queue * http_chunk: added separate function to terminate chunked body instead of magic handling in http_chunk_append_mem(). http_chunk_append_* now handle empty chunks, and never terminate the chunked body. From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2975 152afb58-edef-0310-8abb-c4023f1b3aa9
6 years ago
  1. ====
  2. NEWS
  3. ====
  4. - 1.4.49 - 2018-03-11
  5. * [core] adjust offset if response header blank line
  6. * [mod_accesslog] %{canonical,local,remote}p (fixes #2840)
  7. * [core] support POLLRDHUP, where available (#2743)
  8. * [mod_proxy] basic support for HTTP CONNECT method (#2060)
  9. * [mod_deflate] fix deflate of file > 2MB w/o mmap
  10. * [core] fix segfault if tempdirs fill up (fixes #2843)
  11. * [mod_compress,mod_deflate] try mmap MAP_PRIVATE
  12. * [core] discard from socket using recv MSG_TRUNC
  13. * [core] report to stderr if errorlog path ENOENT (fixes #2847)
  14. * [core] fix base64 decode when char is unsigned (fixes #2848)
  15. * [mod_authn_ldap] fix mem leak when ldap auth fails (fixes #2849)
  16. * [core] warn if mod_indexfile after dynamic handler
  17. * [core] do not reparse request if async cb
  18. * [core] non-blocking write() to piped loggers
  19. * [mod_openssl] minor code cleanup; reduce var scope
  20. * [mod_openssl] elliptic curve auto selection (fixes #2833)
  21. * [core] check for path-info forward down path
  22. * [mod_authn_ldap] auth with ldap referrals (fixes #2846)
  23. * [core] code cleanup: separate physical path sub
  24. * [core] merge redirect/rewrite pattern substitution
  25. * [core] fix POST with chunked request body (fixes #2854)
  26. * [core] remove unused func
  27. * [doc] minor update to *outdated* doc
  28. * [mod_wstunnel] fix for frames larger than 64k (fixes #2858)
  29. * [core] fix 32-bit compile POST w/ chunked request body (#2854)
  30. * [core] add include sys/poll.h on Solaris (fixes #2859)
  31. * [core] fix path-info calculation in git master (fixes #2861)
  32. * [core] pass array_get_element_klen() const array *
  33. * [core] increase stat_cache abstraction
  34. * [core] open additional fds O_CLOEXEC
  35. * [core] fix CONNECT w strict header parsing enabled
  36. * [mod_extforward] CIDR support for trusted proxies (fixes #2860)
  37. * [core] re-enable overloaded backends w/ multi wkrs
  38. * [autoconf] reduce minimum automake version to 1.13
  39. * [mod_auth] constant time compare plain passwords
  40. * [mod_auth] check that digest realm matches config
  41. * [core] fix incorrect hash algorithm impl
  42. - 1.4.48 - 2017-11-11
  43. * [mod_webdav] fix crash if stat fails, not ENOENT
  44. * [core] fix build --disable-ipv6 (fixes #2832)
  45. * [scons] Merge branch 'personal/stbuehler/scons-cleanup'
  46. * [autobuild] Merge branch 'personal/stbuehler/autobuild-cleanup'
  47. * [meson] new build system
  48. * [core] fix var.CWD (regression in 1.4.46) (fixes #2835)
  49. * [core] fix implicit wildcard IPv4 and IPv6 listen
  50. * [autobuild] remove obsolete warning about mmap use
  51. * [core] isolate sock_addr manipulation
  52. * [stat_cache] remove debug code littered in file
  53. * [core] cleanup unused ifndef
  54. * [core] cleanup: consolidate FAM code in stat_cache
  55. * [core] consolidate backend network write handlers
  56. * [autobuild] allow sendfile() in cross-compile (fixes #2836)
  57. * [core] quiet pedantic cc warning for excess comma
  58. * [core] isolate backend fdevent handler defs
  59. * [mod_openssl] error if ssl.engine in wrong section (fixes #2837)
  60. * [core] fix lighttpd -1 one-shot graceful shutdown
  61. * [mod_cgi] quiet trace if mod_cgi sends SIGTERM (fixes #2838)
  62. * [build] fix link of test_configfile.c
  63. * [core] quiet coverity false positive
  64. * [mod_openssl] more pedantic check of return values
  65. * [mod_openssl] allow specifying server cert chain (fixes #2692)
  66. * [mod_openssl] ssl.openssl.ssl-conf-cmd (fixes #2758)
  67. * [doc] NEWS - fix improper format line breaks
  68. * [mod_authn_ldap] replace use of deprecated funcs
  69. * [mod_authn_sasl] SASL auth (new) (fixes #2275)
  70. * [mod_openssl] quiet trace from TCP probes (#2784)
  71. * [core] fix dup typedef compiler warning
  72. * [scons] fix various python2/3 incompatibilities
  73. * [doc] fix doc/config/conf.d/fastcgi.conf example
  74. - 1.4.47 - 2017-10-22
  75. * [mod_authn_gssapi] needs -lcom_err under Darwin
  76. * [core] stricter validation of request-URI begin
  77. * [core] fix 1.4.46 regression in config match (fixes #2830)
  78. * [core] normalize config addrs for != match (#2830)
  79. * [core] normalize config addrs for eq and ne (#2830)
  80. * [doc] use https:// URLs to .lighttpd.net resources
  81. * [core] fix 1.4.46 regression in Last-Modified
  82. - 1.4.46 - 2017-10-21
  83. * [TLS] mark code that uses -lcrypto but not -lssl
  84. * remove redundant calls to end-of-request hooks
  85. * [mod_mysql_vhost] remove dev debug code
  86. * [core] con interface for read/write; isolate SSL
  87. * [core] new plugin hooks to help isolate SSL
  88. * [mod_openssl] new module (preliminary layout)
  89. * [core] move network_open_file_chunk() to chunk.c
  90. * [mod_openssl] move openssl code into mod_openssl
  91. * [mod_openssl] move openssl config into mod_openssl
  92. * [core] move connection_read_cq() to connections.c
  93. * [mod_geoip] call from handle_request_env hook
  94. * [build] only mod_openssl depends on -lssl
  95. * [mod_auth] enable optional authz if extern authn (fixes #2481)
  96. * [mod_openssl] allow ssl.verifyclient on url paths (fixes #2245)
  97. * [core] do not emit req/response hdrs w/ blank val
  98. * [mod_setenv] directives to overwrite/remove hdrs (fixes #650, fixes #2295)
  99. * [mod_secdownload] new directives modify hash path (fixes #646, fixes #1904)
  100. * [core] move con throttling to connections-glue.c
  101. * [core] support Expect: 100-continue with HTTP/1.1 (fixes #377, #1017, #1953, #2438)
  102. * [mod_openssl] use TLS SNI to set host-based certs
  103. * [mod_ssi] send #exec cmd="..." output to temp file
  104. * [mod_scgi] tests/mod-scgi.t unit tests
  105. * [mod_auth] support LDAP groups for HTTP auth (fixes #1817)
  106. * [core] use getaddrinfo,inet_pton vs gethostbyname (fixes #2783)
  107. * [mod_auth] LDAP escape username in DN and filters
  108. * mod_vhostdb* (dbi,mysql,pgsql,ldap) (fixes #485, fixes #1936, fixes #2297)
  109. * [mod_auth] have LDAP template replace '?'
  110. * apply debian/patches/spelling.patch
  111. * [core] permit connection-level state in modules
  112. * [TLS] include <openssl/opensslv.h> in rand.c
  113. * [core] config match w/ arbitrary HTTP request hdrs (fixes #1556)
  114. * [mod_flv_streaming] add end pos param (fixes #1887)
  115. * [core] X-LIGHTTPD-KBytes-per-second from backends (fixes #954)
  116. * [core] improve accuracy of bandwidth write limits
  117. * [core] quicker graceful shutdown
  118. * [tests] remove unused file depending on CGI.pm
  119. * [doc] doc/initscripts.txt (fixes #2782)
  120. * [core] check issetugid() early in main()
  121. * [core] combine duplicated getrlimit, network_init
  122. * [core] move interval timer near worker event loop
  123. * [core] initialize globals at top of main()
  124. * [core] graceful restart with SIGUSR1 (fixes #2785)
  125. * [mod_authn_mysql] fix minor memleak at shutdown
  126. * [mod_rrdtool] no error if loaded but no config
  127. * [doc] SIGUSR1 doc and lighttpd-angel SIGUSR1
  128. * [mime.conf] add text/markdown to utf-8 list, regenerate mime.conf
  129. * [mod_cgi] RFC3875 CGI local-redir strict adherence (#2108)
  130. * [mod_cgi] do not send "Status" back to client
  131. * [core] add label for 308 Permanent Redirect
  132. * [mod_openssl] inherit ssl.* from global scope
  133. * [core] handle if backend sends Transfer-Encoding (#2786)
  134. * [core] use kqueue in level-triggered mode (fixes #2788)
  135. * [mod_fastcgi,mod_scgi] backend spawn EINTR retry (#2788)
  136. * [core] config opt to intercept dynamic handler err (fixes #974)
  137. * [core] set default server_tag in server.c
  138. * [core] include lighttpd vers in server started msg
  139. * [core] move version.h logic into server.c
  140. * [core] issue trace if max-fds too large (fixes #2789)
  141. * [mod_fastcgi,mod_scgi] consistent waitpid handling (fixes #2791)
  142. * [mod_cgi] fix CGI local-redir w/ url.rewrite-once (fixes #2793)
  143. * [mod_scgi] fix unused_procs bidirectional-links
  144. * [mod_scgi] fix potential repeated use of proc->id
  145. * [mod_fastcgi,mod_scgi] consolidate backend process accounting (#2788)
  146. * [mod_cgi] status 200 OK if no hdrs (deprecated) (#2786)
  147. * [core] fix regex condition subst w/ mod_extforward (fixes #2794)
  148. * [tests] correct skip count for mod-scgi.t
  149. * [mod_vhostdb_ldap] fix inverted logic (coverity)
  150. * [mod_cgi] cgi.local-redir = [enable|disable] (#2108, #2793)
  151. * [core] $REQUEST_HEADER[...] subsumes other config (#1556)
  152. * [mod_usertrack] usertrack.cookie-attrs config opt (fixes #2795)
  153. * [core] default server.max-fds=4096 if unspecified (#2789)
  154. * update .gitignore, add .gitattributes
  155. * [core] reduce con allocation for small max_conns
  156. * [config] more specific checks for array lists
  157. * [mod_authn_gssapi] needs -lcom_err under cygwin
  158. * [mod_cgi,fastcgi,scgi,proxy] fix streaming response (fixes #2796)
  159. * [mod_auth] Digest nonce on system with time <=1978
  160. * [doc] simple-vhost.debug takes an integer value (fixes #2797)
  161. * [core] fix crash if invalid config file (fixes #2798)
  162. * [core] remove unused member con->in_joblist
  163. * [mod_proxy] remove use of con->got_response
  164. * [core] consolidate dynamic handler response parse
  165. * [core] remove now-unused buffer_search_string_len
  166. * [mod_cgi] eliminate warning when compiled -Os
  167. * [mod_scgi] do not reconnect after connect succeeds
  168. * [tests] reduce time waiting for backends to start
  169. * [core] server.syslog-facility (fixes #2800)
  170. * [core] server.syslog-facility (use -1 for unset) (#2800)
  171. * [core] allow overriding prior config values (fixes #2799)
  172. * [mod_proxy] set Content-Length, if available
  173. * [mod_proxy] set X-Forwarded-Host (fixes #418)
  174. * [core] remove redundant Content-Length digit check
  175. * [core] remove some unused header includes
  176. * [core] use con->dst_addr_buf instead of ip recalc
  177. * [core] include "fdevent.h" where needed
  178. * [core] make stat_cache private to stat_cache.c
  179. * [core] collect ioctl FIONREAD code
  180. * [core] include <netdb.h> where needed
  181. * [core] report file path when mkstemp() fails (fixes #2802)
  182. * [core] export http_request_host_policy() for reuse
  183. * [mod_extforward] simplify header search
  184. * [mod_extforward] consolidate ipstr_to_sockaddr()
  185. * [mod_extforward] upd scheme after ipstr validated
  186. * [mod_extforward] rearrange code; prep Forwarded
  187. * [mod_extforward] support Forwarded HTTP Extension (#2703)
  188. * [mod_proxy] support Forwarded HTTP Extension (fixes #2703)
  189. * [core] inet_pton(), inet_ntop() on (sock_addr *)
  190. * [core] save connection-level proto in con->proto
  191. * [mod_extforward] support HAProxy "PROXY" protocol (fixes #2804)
  192. * [mod_extforward] fix typos in Forwarded handling
  193. * [core] fix stat_cache initialization error
  194. * [core] perf: stat_cache_mimetype_by_ext()
  195. * [core] inet_ntop_cache now 4-element cache
  196. * [mod_openssl] free local_send_buffer at exit
  197. * [core] extend mimetype search w/o leading '.'
  198. * [core] no SOCK_CLOEXEC on Linux kernel < 2.6.27
  199. * [core] inline simple buffer is empty checks
  200. * [core] buffer_substr_replace()
  201. * [core] sys-strings.h abstraction for strings.h
  202. * [mod_proxy] fix backslash escaping
  203. * [core] omit default port from normalized host str
  204. * [core] fix build issue without ipv6 support
  205. * [core] permit strings and integers in config array
  206. * [mod_accesslog] flag high precision ts for %T (fixes #2807)
  207. * [core] permit strings,ints,arrays in config array
  208. * [core] calloc plugin_config for consistent init
  209. * [mod_proxy] simple host/url mapping in headers (fixes #152)
  210. * [mod_uploadprogress] handle query str progress ID (fixes #2808)
  211. * [mod_fastcgi] consolidate backend read code
  212. * [mod_proxy,mod_scgi] fix truncated error trace
  213. * [core] skip socket shutdown() if con->fd negative
  214. * [core] act as transparent proxy after con Upgrade
  215. * [core] remove redundant resets of fde_ndx
  216. * [core] configparser: fix resource handling in error cases (fixes #2809)
  217. * [core] fix crash for invalid syntax in config file (fixes #2810)
  218. * [core] prep mod transitions to transparent proxy
  219. * [mod_proxy] basic support for Upgrade: websocket (fixes #2811)
  220. * [mod_extforward] compile on OSX
  221. * [core] set server.max-keep-alive-requests = 100 (fixes #2205)
  222. * [core] perf: skip redundant strlen() if len known
  223. * [core] optional condition in config "else" clause (fixes #1268)
  224. * [mod_cgi] basic support for Upgrade: websocket
  225. * [core] buffer to disk streaming to slow backends
  226. * [core] silence compiler warnings if !HAVE_FORK
  227. * [build] -Werror if --enable-extra-warnings=error
  228. * [build] autotools use AC_PROG_CC_STDC macro
  229. * [mod_openssl] ssl.ca-crl-file for CRL (fixes #2319)
  230. * [mod_openssl] ssl.ca-dn-file (fixes #2694)
  231. * [mod_proxy] fix typo identified by coverity
  232. * [mod_openssl] ignore client verification error if not enforced
  233. * [mod_openssl] fix compile with openssl 1.1.0
  234. * [mod_extforward] quiet clang compiler warning
  235. * [mod_dirlisting] sort "../" to top of names
  236. * [mod_openssl] safer_X509_NAME_oneline() (fixes #2693)
  237. * [core] allow earlier plugin init for SSL/TLS
  238. * [mod_openssl] adjust use of ssl.ca-dn-file
  239. * [core] fix compiler warnings on Mac OS X
  240. * [core] server.socket-perms to set perms on unix (fixes #656)
  241. * [core] get port from sock_addr if AF_INET,AF_INET6
  242. * [core] server.error_handler_404 X-Sendfile ENOENT (#2474)
  243. * [core] consolidate fork()/execve() code (#1393)
  244. * [core] mv log_error_{open,cycle.close} to server.c
  245. * [core] rename fd_close_on_exec()
  246. * [core] remove unused includes of stat_cache.h
  247. * [core] add missing include of stdlib.h
  248. * [core] reduce exposure of unistd.h, other includes
  249. * [core] sock_addr_from_str_hints reusable name res
  250. * [core] continue collecting use of netdb.h
  251. * [core] continue collecting use of netdb.h
  252. * [core] continue collecting use of netdb.h
  253. * [core] fdevent_connect_status() shared code
  254. * [core] add const to reduce .data segment size
  255. * [mod_proxy] move data_fastcgi into mod_proxy.c
  256. * [mod_proxy] store address family at config time
  257. * [mod_fastcgi] slightly simplify counters
  258. * [mod_fastcgi] consolidate connect() error handling
  259. * [mod_fastcgi] set request_id in fcgi_create_env()
  260. * [mod_fastcgi] move delayed connect() into switch()
  261. * [mod_fastcgi,mod_scgi] consistent connect() error
  262. * [mod_scgi] remove unused parse_response member
  263. * [mod_fastcgi,mod_scgi] struct member consistency
  264. * [mod_fastcgi,mod_scgi] parse bin_path at startup
  265. * [mod_fastcgi,mod_scgi] use temp buffer for cgi_env
  266. * [core] shared code for socket backends
  267. * [core] spread load on socket backend procs
  268. * [core] store sockaddr for socket backend procs
  269. * [core] resolve DNS at startup for socket backends
  270. * [core] adaptive spawning for socket backend procs (fixes #1162)
  271. * quell compiler warnings for -Wimplicit-fallthrough
  272. * [doc] update README
  273. * [core] fdevent_cycle_logger()
  274. * [core] reap lighttpd worker pids precisely
  275. * [core] restart piped loggers if they exit (fixes #1393)
  276. * [mod_webdav] PROPFIND getetag attr must match GET
  277. * [core] consistent behavior w/ and w/o SA_SIGINFO
  278. * [core] do not remove pid-file in test mode
  279. * [core] add public domain SHA1() if no crypto
  280. * [mod_wstunnel] websocket tunnel to other protocol
  281. * [core] forward SIGHUP only to lighttpd workers
  282. * [mod_dirlisting] treat README and HEADER as paths (fixes #2818)
  283. * [core] set one-shot mode fd O_NONBLOCK, FD_CLOEXEC
  284. * [core] remove fdevent fcntl_set hook
  285. * [mod_extforward] typo in comment
  286. * [mod_cgi] add missing #include
  287. * [core] fix invalid sizeof() identified by coverity
  288. * [core] add missing #include
  289. * [core] base_decls.h to quiet compiler warnings
  290. * [core] set socket perms after bind, before listen
  291. * [core] warn if backend server config contains '_'
  292. * [mod_extforward] PROXY proto and SSL_CLIENT_VERIFY
  293. * [core] workaround for AIX mmap define
  294. * [mod_accesslog] flush access logs every 4 seconds
  295. * [mod_cgi] fix bug to properly exec interpreter
  296. * [mod_fastcgi] fix return when streaming min buffer
  297. * [core] attempt to quiet coverity false positives
  298. * [core] attempt to quiet coverity false positives
  299. * [core] attempt to quiet compiler warning in LEDE
  300. * [core] SIGCHLD handle_waitpid hook for modules
  301. * [mod_rrdtool] handle_trigger returns HANDLER_GO_ON
  302. * [mod_openssl] ssl.read-ahead="disable" for stream
  303. * [mod_cgi] add FDEVENT_IN upon CGI exit
  304. * [mod_cgi] omit cgi_handle_fdevent after proc exit
  305. * [mod_webdav] check HAVE_UUID for -luuid
  306. * [core] adjust li_rand_pseudo* interfaces
  307. * [mod_wstunnel] fix config parsing bug
  308. * [core] fdevent setsockopt() helper functions
  309. * [core] make strftime_cache_get() 16-element cache
  310. * [core] disable Nagle if streaming to backend
  311. * [core] fix triggered assert on HTTP chunked input (fixes #2822)
  312. * [mod_wstunnel] fix NULL ptr deref
  313. * [algo_sha1] fix compile break and warnings
  314. * [lemon] fix gcc implicit-fallthrough warning
  315. * [core] URI scheme is case-insensitive
  316. * [network] do not append port to unix socket paths
  317. * [unittests] consolidate base64 test code
  318. * [core] use sun_path for addr string for AF_UNIX (fixes #2826)
  319. * [core] cleaner code; remove goto from network.c
  320. * [core] /dev/stdin listener for inetd wait yes
  321. * [core] compare listen addrs after DNS resolution
  322. * [core] inline chunkqueue_is_empty()
  323. * [core] limit use of TCP_CORK
  324. * [core] return from http_response_read if small rd
  325. * [core] gateways might Upgrade con before body read
  326. * [mod_wstunnel] set Sec-WebSocket-Protocol if bin
  327. * [mod_wstunnel] remove invalid appended '\0'
  328. * [core] quiet coverity warning
  329. * [core] handle fds pending close after poll timeout (fixes #2827)
  330. * [core] fix $REQUEST_HEADER[...] parsing in config (#1556)
  331. * [mod_dirlisting] custom js date parse func (fixes #2823)
  332. * [core] remove fd interest if create_env returns
  333. * [mod_openssl] copy data for larger SSL packets
  334. * [mod_openssl] remove erroneous SSL_set_shutdown()
  335. * [core] permit LF to end lines if !header-strict
  336. * [core] add back REQUEST_SCHEME for backends
  337. * [core] remove fdevent_sched_run from fdevent_libev (#2827)
  338. * [mod_openssl] ssl.read-ahead="disable" by default
  339. * [core] adjust parser for valid variable expansion
  340. * [cmake] handle WITH_WEBDAV_LOCKS option
  341. * [cmake] fix attr header detection and linking
  342. * [cmake] link mod_cml with memcached
  343. * [core] reproducible build: hide __DATE__ __TIME__ (fixes #2828)
  344. * [core] perf: more efficient fdevent_sched_run()
  345. * [core] translate DNS to IP str for cond socket cmp
  346. - 1.4.45 - 2017-01-14
  347. * [mod_cgi] skip local-redir handling if to self (fixes #2779, #2108)
  348. * [mod_webdav] fix crash when plugin_ctx cleaned up (fixes #2780)
  349. * [mod_fastcgi] detect child exit, restart proactively
  350. * [mod_scgi] detect child exit, restart proactively
  351. * [TLS] ssl.read-ahead = "disable" for low mem (fixes #2778)
  352. - 1.4.44 - 2016-12-24
  353. * [mod_scgi] fix segfault (fixes #2762)
  354. * [mod_authn_gssapi] fix memory leak
  355. * [config] warn if mod_authn_ldap,mysql not listed
  356. * [mod_magnet] fix magnet_cgi_set() set of env vars (fixes #2763)
  357. * [mod_cgi] FreeBSD 9.3/MacOSX does not have pipe2() (fixes #2765)
  358. * [mod_extforward] fix crash on invalid IP (fixes #2766)
  359. * [mod_fastcgi] fix segfault if all backends down (fixes #2768)
  360. * [mod_cgi] fix out of sockets error for POST to CGI (fixes #2771)
  361. * [mod_auth] compile fix for Mac OS X XCode (fixes #2772)
  362. * [mod_authn_gssapi] better resource cleanup
  363. * [core] compile fix for Mac OS X 10.6 (old) (fixes #2773)
  364. * fix race in dynamic handler configs (reentrancy) (fixes #2774)
  365. * [mod_authn_mysql] close mysql_conn in cleanup
  366. * [mod_webdav] compile fix when locking not enabled
  367. * load mod_auth & mod_authn_file in sample/test.conf
  368. * comment out auth.backend.ldap.* in tests/*.conf
  369. * [mod_fastcgi,mod_scgi] warn if invalid "bin-path"
  370. * RAND_pseudo_bytes() is deprecated in openssl 1.1.0
  371. * openssl 1.1.0 init and cleanup
  372. * [mod_cgi] remove direct calls to network_backend*
  373. * [build] build network_*.c into lighttpd executable
  374. * suggest inclusion of mod_geoip... before mod_ssi.
  375. * set systemd settings similar to lighttpd2
  376. * [doc] remove reference to Linux rt-signals
  377. * [mod_authn_gssapi] fix missing error ret, coverity
  378. * [core] rename li_rand() to li_rand_pseudo_bytes()
  379. * remove #include "stream.h" where not used
  380. * [mod_cml] include lua headers before base.h
  381. * [core] combine duplicated connection reset code
  382. * [mod_ssi] produce content in subrequest hook
  383. * [core] remove srv->entropy[]
  384. * [core] defer li_rand_init() until first use
  385. * [core] permit connection-level state in modules
  386. * [mod_dirlisting] render dirlisting as HTML (fixes #2767)
  387. * [mod_proxy] replace HTTP Host sent to backend (fixes #2770)
  388. * [mod_ssi] basic recursive SSI include virtual (fixes #536)
  389. * [mod_ssi] implement, ignore <!--#comment ... -->
  390. * [core] consolidate duplicated read-to-close code
  391. * [core] fix segfault when parsing a bad config file
  392. * [core] support Transfer-Encoding: chunked req body (fixes #2156)
  393. * [autobuild] set NO_RDYNAMIC=yes for midipix
  394. * [mod_proxy] proxy.balance = "sticky" option (fixes #2117)
  395. * [mod_secdownload] warn if SHA used w/o SSL crypto
  396. * [build] compile fixes for AIX
  397. * [build] check for pipe2() at configure time
  398. * [mod_evhost] fix an incorrect error trace
  399. * [tests] mark tests/docroot/www/*.pl scripts a+x
  400. * [mod_cgi] fall back to pipe() if pipe2() fails
  401. * fix SCons fullstatic build with glibc pthreads
  402. * [TLS] openssl 1.1.0 makes SSL_OP_NO_SSLv2 no-op
  403. - 1.4.43 - 2016-10-31
  404. * [autobuild] remove mod_authn_gssapi dep on resolv
  405. * [mod_deflate] ignore '*' in deflate.mimetypes
  406. * [autobuild] omit module stubs when missing deps
  407. * [TLS] openssl 1.1.0 hides struct bignum_st
  408. * [autobuild] move http_cgi_ssl_env() for Mac OS X (fixes #2757)
  409. * [core] use paccept() on NetBSD (replace accept4())
  410. * [TLS] remote IP conditions are valid for TLS SNI (fixes #2272)
  411. * [doc] lighttpd-angel.8 (fixes #2254)
  412. * [cmake] build fcgi-auth, fcgi-responder for tests
  413. * [mod_accesslog] %{ratio}n logs compression ratio (fixes #2133)
  414. * [mod_deflate] skip deflate if loadavg too high (fixes #1505)
  415. * [mod_expire] expire by mimetype (fixes #423)
  416. * [mod_evhost] partial matching patterns (fixes #1194)
  417. * build: use CC_FOR_BUILD for lemon when cross-compiling
  418. * [mod_dirlisting] config header and readme files
  419. * [config] warn if mod_authn_ldap,mysql not listed
  420. * fix FastCGI, SCGI, proxy reconnect on failure
  421. * [core] network_open_file_chunk() temp file opt
  422. * [mod_rewrite] add more info in error log msg
  423. * [core] fix fd leak when using libev (fixes #2761)
  424. * [core] fix potential streaming tempfile corruption (fixes #2760)
  425. * [mod_scgi] fix prefix matching to always match url
  426. * [autobuild] adjust Makefile.am for FreeBSD
  427. * [build] move some build scripts to scripts/
  428. * [autotools] fix configure.ac for opensuse 13.2
  429. - 1.4.42 - 2016-10-16
  430. * [TLS] SSL_shutdown() only if handshake finished
  431. * [mod_proxy,mod_scgi] shutdown remote only if local (#2743)
  432. * [core] check if client half-closed TCP if POLLHUP (#2743)
  433. * [core] enforce wait for POLLWR after EINPROGRESS (fixes #2744)
  434. * [core] do not enter handler twice after read body
  435. * [core] proxy,scgi omit shutdown() to backend (fixes #2743)
  436. * [mod_dirlisting] dirlist does not handle POST
  437. * [mod_dirlisting] js column sort for dirlist table (fixes #613, fixes #2315)
  438. * [mod_auth] Digest auth fails after rewrite (fixes #2745)
  439. * [mod_auth] refactor out auth backend code
  440. * [mod_auth] extensible interface for auth backends
  441. * [core] better DragonFlyBSD support (fixes #2746)
  442. * [mod_auth] include base.h for USE_OPENSSL def
  443. * [mod_auth] support CRYPT-MD5-NTLM algorithm (fixes #1743)
  444. * [mod_auth] terminate salt for CRYPT-MD5-NTLM
  445. * [core] fix crash if ready events on abandoned fd (fixes #2748)
  446. * [mod_auth] http_auth_md5_hex2bin()
  447. * [mod_auth] remove empty mod_auth.h
  448. * [mod_auth] mod_authn_mysql.c MySQL auth backend (fixes #752, fixes #1845)
  449. * [mod_cgi] permit CGI exec of unreadable files (fixes #2374)
  450. * [mod_uploadprogress] add to default build
  451. * [mod_geoip] add to default build (fixes #2705, fixes #2101, fixes #2092, fixes #2025, fixes #1962, fixes #1938)
  452. * [mod_fastcgi] Authorizer support with Responder (fixes #321, fixes #322)
  453. * [tests] test coverage for issues (#321, #322)
  454. * dynamic handlers store debug flag in handler_ctx
  455. * [mod_fastcgi] allow authorizer, responder for same path/ext (#321)
  456. * backport mod_deflate to lighttpd 1.4 (fixes #1824, fixes #2753)
  457. * [autobuild] test_configfile might need vector.c (fixes #2752)
  458. * [mod_deflate] fix longjmp clobber compiler warning
  459. * remove unused array type TYPE_COUNT data_count
  460. * [mod_auth] structured data, register auth schemes
  461. * [mod_auth] mod_authn_gssapi Kerberos auth backend (fixes #1899)
  462. * [autobuild] skip two new tests if no fcgi-auth
  463. * [SCons] define with_krb5 for SCons build
  464. * [SCons] fix syntax error in SConstruct
  465. * [SCons] define with_geoip for SCons build
  466. * [CMake] fix clang -Wcast-align warnings in lemon.c
  467. * remove excess initializers (fix compiler warnings)
  468. * fix errors detected by Coverity Scan
  469. * performance: use Linux extended syscalls and flags
  470. * [mod_scgi] add uwsgi protocol support
  471. * [mod_auth] refactor LDAP code into smaller funcs
  472. * [mod_auth] HTTP Basic auth backends also do authz (#1817)
  473. * [mod_auth] ldap filter subst user for multiple '$' (fixes #1508)
  474. * [mod_auth] permit specifying ldap DN; skip search (fixes #1248)
  475. * [autobuild] update module/feature report
  476. * [cmake] build mod_authn_gssapi if WITH_KRB5
  477. * [mod_auth] fix printing of IP in error trace
  478. * [mod_mysql_vhost] support multiple '?' replacement (fixes #2163)
  479. * [core] make server.max-request-size scopeable (#1901)
  480. * [core] server.max-request-field-size (fixes #2130)
  481. * [core] optional condition in config "else" clause (fixes #1268)
  482. * [core] restrict where config "else" clauses occur (#1268)
  483. * silence warnings from clang ccc-analyzer
  484. * consistent, shared code to create CGI env
  485. * [TLS] replace env entries in https_add_ssl_entries
  486. * [TLS] set SSL_CLIENT_M_SERIAL w/ client cert SN (fixes #2268)
  487. * [TLS] set SSL_CLIENT_VERIFY w/ client cert (#1288, #2693)
  488. * [TLS] set SSL_PROTOCOL, SSL_CIPHER* (fixes #2511)
  489. * [core] rand.[ch] to use better RNGs when available
  490. * [mod_cgi] fix pipe_cloexec() when no O_CLOEXEC
  491. * ignore return value from fcntl() FD_CLOEXEC
  492. * build w/o compiler warnings if no zlib or bz2lib
  493. - 1.4.41 - 2016-07-31
  494. * remove long-deprecated, non-functional config opts
  495. * [config] inherit server.use-ipv6 and server.set-v6only (fixes #678)
  496. * [mod_auth] fix Digest auth to be better than Basic (fixes #1844)
  497. * [mod_ssi] fix #config sizefmt="bytes"
  498. * [autobuild] move inet_pton detection later
  499. * [core] #include <sys/filio.h> for FIONREAD (fixes #2726)
  500. * [autobuild] clock_gettime() -lrt with glibc < 2.17
  501. * [security] do not emit HTTP_PROXY to CGI env
  502. * [build_cmake] clock_gettime() -lrt w/ glibc < 2.17 (fixes #2737)
  503. * [core] avoid spurious trace and error abort
  504. * [core] stay in CON_STATE_CLOSE until done with req
  505. * [core] $HTTP["remoteip"] must handle IPv6 w/o []
  506. * [mod_status] show keep-alive status w/ text output (fixes #2740)
  507. * do not set REDIRECT_URI in mod_magnet, mod_rewrite (#2738)
  508. * revert 1.4.40 swap of REQUEST_URI, REDIRECT_URI (fixes #2738)
  509. * [core] permit IPv6 address scope identifier
  510. * [TLS] better handling of SSL_ERROR_WANT_READ/WRITE
  511. * [TLS] read all available records from SSL_read()
  512. * [core] try AF_INET after AF_INET6 if use-ipv6
  513. * [core] set chunkqueue tempdirs at startup
  514. * [security] ensure gid != 0 if server.username set (fixes #2725)
  515. * [security] disable stat_cache if !follow-symlink (fixes #2724)
  516. * [core] fix buffer_copy_string_hex() assert (fixes #2742)
  517. * [security] encode quoting chars in HTML and XML
  518. * [cmake] always define _GNU_SOURCE
  519. * [cmake] enable warnings for GCC and Clang
  520. * [cmake] set cmake_minimum_required to 2.8.2
  521. - 1.4.40 - 2016-07-16
  522. * [mod_ssi] enhance support for ssi vars (thx fbrosson)
  523. * add handling for lua 5.2 and 5.3 (fixes #2674)
  524. * use libmemcached instead of deprecated libmemcache
  525. * add force_assert for more allocation results
  526. * [mod_cgi] use MAP_PRIVATE to mmap temporary file (fixes #2715)
  527. * [core] do not send SIGHUP to process group unless server.max-workers is used (fixes #2711)
  528. * [mod_cgi] edge case chdir "/" when docroot "/" (fixes #2460)
  529. * [mod_cgi] issue trace and exit if execve() fails (closes #2302)
  530. * [configparser] don't continue after parse error (fixes #2717)
  531. * [core] never evaluate else branches until the previous branches are ready (fixes #2598)
  532. * [core] fix conditional cache handling
  533. * [core] improve conditional enabling (thx Gwenlliana, #2598)
  534. * [mod_compress] case-insensitive content-codings (fixes #2645)
  535. * [plugins] don't include dlfcn.h if not needed (fixes #2548)
  536. * [mod_fastcgi] 404 for X-Sendfile file not found (fixes #2474)
  537. * [mod_cgi] send 500 if CGI ends and there is no response (fixes #2542)
  538. * [mod_cgi] consolidate CGI cleanup code
  539. * [mod_cgi] simplify mod_cgi_handle_subrequest()
  540. * [mod_cgi] kill CGI if fail to write request body
  541. * [mod_proxy] use case-insensitive comparision to filter headers, send Connection: Close to backend (fixes #421)
  542. * [mod_dirlisting] dir-listing.hide-dotfiles = "enabled" by default (fixes #1081)
  543. * [mod_secdownload] fix buffer overflow in secdl_verify_mac (reported by Fortify Open Review Project)
  544. * [mod_fastcgi,mod_scgi] fix leaking file-descriptor when backend spawning failed (reported by Fortify Open Review Project)
  545. * [core] improve array API to prevent memory leaks
  546. * [core] refactor array search; raise array size limit to SSIZE_MAX
  547. * [core] fix memory leak in configparser_merge_data
  548. * [core] provide array_extract_element and use it
  549. * [core] configparser: error on duplicate keys in array merge (fixes #2685)
  550. * [core] more careful parse of $SERVER["socket"] config str (prepare #2204)
  551. * [core] accept $SERVER["socket"] without port, use server.port as fallback (fixes #2204)
  552. * [mod_magnet] define lua_pushglobaltable (for lua5.1) and use it (fixes #2719)
  553. * [ssl] support disabling ssl.verifyclient.activate in SNI callback (fixes #2531)
  554. * restart (some) syscalls after SIGCHLD interrupted them; should fix LDAP problems (fixes #2464)
  555. * [core] log remote address on request timeouts (fixes #652)
  556. * [autobuild] use AC_CANONICAL_HOST instead of AC_CANONICAL_TARGET (fixes #1866)
  557. * [core] fix request_start in keep-alive requests to mark time when received first byte (fixes #2412)
  558. * [core] truncate pidfile on exit (fixes #2695)
  559. * consistent inclusion of config.h at top of files (fixes #2073)
  560. * [core] add generic vector implementation
  561. * [core] replace array weakref with vector
  562. * [base64] fix crash due to broken force_assert
  563. * [unittests] add test_buffer and test_base64 unit tests
  564. * [buffer] refactor buffer_path_simplify (fixes #2560)
  565. * validate return values from strtol, strtoul (fixes #2564)
  566. * [mod_ssi] Add SSI vars SCRIPT_{URI,URL} and REQUEST_SCHEME (fixes #2721)
  567. * [config] warn if server.upload-dirs has non-existent dirs (fixes #2508)
  568. * [mod_proxy] accept LF delimited headers, not just CRLF (fixes #2594)
  569. * [core] wait for grandchild to be ready when daemonizing (fixes #2712, thx pasdVn)
  570. * [core] respond 411 Length Required if request has Transfer-Encoding: chunked (fixes #631)
  571. * [core] fixed the loading for default modules if they are specified explicitly
  572. * [core] lighttpd -tt performs preflight startup checks (fixes #411)
  573. * [stat] mimetype.xattr-name global config option (fixes #2631)
  574. * [mod_webdav] allow Depth: Infinity lock on file (fixes #2296)
  575. * [mod_status] use snprintf() instead of sprintf()
  576. * pass buf size to li_tohex()
  577. * use li_[iu]tostrn() instead of li_[iu]tostr()
  578. * [stream] fstat() after open() to obtain file size
  579. * [core] clean up srv before exiting for lighttpd -[vVh]
  580. * [mod_fastcgi,mod_scgi] check for spawning on same unix socket (fixes #319)
  581. * [mod_cgi] always set QUERY_STRING (fixes #1339)
  582. * [mod_auth] send charset="UTF-8" in WWW-Authenticate (fixes #1468)
  583. * [mod_magnet] rename var for clarity (fixes #1483)
  584. * [mod_extforward] reset cond_cache for scheme (fixes #1499)
  585. * [mod_webdav] readdir POSIX compat (fixes #1826)
  586. * [mod_expire] reset caching response headers for error docs (fixes #1919)
  587. * [mod_status] page refresh option (fixes #2170)
  588. * [mod_status] table w/ count of con states (fixes #2427)
  589. * [mod_dirlisting] class for dir <tr> (fixes #2304)
  590. * [core] define __STDC_WANT_LIB_EXT1__ (fixes #2722)
  591. * [core] setrlimit max-fds <= rlim_max for non-root (fixes #2723)
  592. * [mod_ssi] config ssi.conditional-requests
  593. * [mod_ssi] config ssi.exec (fixes #2051)
  594. * [mod_redirect,mod_rewrite] short-circuit if blank replacement (fixes #2085)
  595. * [mod_indexfile] save physical path to env (fixes #448, #892)
  596. * [core] open fd when appending file to cq (fixes #2655)
  597. * [config] server.listen-backlog option (fixes #1825, #2116)
  598. * [core] retry tempdirs on partial write, ENOSPC (fixes #2588)
  599. * [core] compile with upcoming openssl 1.1.0 release (fixes #2727)
  600. * [core] improve dynamic handler control flow logic
  601. * [core] defer reading request body until handle subrequest (fixes #2541)
  602. * [core] always poll for client POLLHUP/POLLERR events (fixes #399)
  603. * [mod_fastcgi,mod_scgi,mod_proxy] handlers can read response before sending req body (fixes #131, #2566)
  604. * [mod_cgi] asynchronous send of request body to CGI
  605. * [core] compile with upcoming openssl 1.1.0 release (fixes #2727)
  606. * [core] set REDIRECT_STATUS to error_handler_saved_status (fixes #1828)
  607. * [core] server.error-handler new directive for error pages (fixes #2702)
  608. * [core] support IPv6 in $HTTP["remote-ip"] CIDR cond match (fixes #2706)
  609. * [core] http_response_send_file() shared code (#2017)
  610. * [mod_fastcgi] use http_response_xsendfile() (fixes #799, fixes #851, fixes #2017, fixes #2076)
  611. * [mod_scgi] X-Sendfile feature (fixes #2253)
  612. * [mod_cgi] X-Sendfile feature (fixes #2313)
  613. * [mod_webdav] lseek,read if fs can not mmap (#2666, fixes #962)
  614. * [mod_compress] use mmap and trap SIGBUS (#2666, fixes #1879)
  615. * fallback to lseek()/read() if mmap() fails (#fixes 2666)
  616. * [mod_auth] skip blank lines and comment lines (fixes #2327)
  617. * [core] fallback to write if sendfile not supported (fixes #471, #987)
  618. * [core] preserve PATH_INFO case on case-insensitive fs (fixes #406)
  619. * [mod_ssi, mod_cml] set DOCUMENT_ROOT to basedir (fixes #2383)
  620. * [core] cmd line opt to shutdown after idle time limit (fixes #2696)
  621. * [core] lighttpd -1 handles single request on stdin socket (fixes #1584)
  622. * [mod_fastcgi,mod_scgi] IPv6 support (fixes #2372)
  623. * [mod_status] add JSON output option (fixed #2432)
  624. * [mod_webdav] map COPY/MOVE Destination to aliases (fixes #1787)
  625. * [mod_webdav] improve PROPFIND,PROPPATCH (#1818, #1953)
  626. * [core] reset response headers, write_queue for error docs
  627. * build with libressl
  628. * static build instructions using SCons or make
  629. * [mod_auth] preserve WWW-Authenticate for error docs (fixes #2730)
  630. * check close() return code after writing to file
  631. * adjustments for openssl 1.1.0 pre-release
  632. * [config] support include file glob (fixes #1221)
  633. * [mod_evasive] 302 redirect option if limit reached (fixes #2199)
  634. * [build] enhancements for cross-compiling (fixes #2276)
  635. * [mod_accesslog] report aborted con state with %X (fixes #1890)
  636. * [mod_ssi] fix SSI statement parser
  637. * [mod_ssi] include relative to alias,userdir (fixes #222)
  638. * [mod_ssi] add PCRE_* options to constrain regex
  639. * [mod_ssi] more flexible quoting (fixes #1768)
  640. * [core] wrap IPv6 literal in "[]" in redirect URL
  641. * [mod_ssi] fix parse of tag across buf boundary (fixes #2732)
  642. * [mod_cgi,mod_scgi] X-Sendfile sets file_started (fixes #2733)
  643. * [mod_fastcgi] no chunked response w/ X-Sendfile (fixes #2733)
  644. * [config] opts for http header parsing strictness (fixes #551, fixes #1086, fixes #1184, fixes #2143, #2258, #2281, fixes #946, fixes #1330, fixes #602, #1016)
  645. * [config] normalize IP strings in lighttpd.conf
  646. * [build_cmake] use MODULE on Mac OS X (fixes #1761)
  647. * [config] server.bsd-accept-filter option
  648. * [mod_webdav] create file w/ LOCK request if ENOENT
  649. * [core] buffer large responses to tempfiles (fixes #758, fixes #760, fixes #933, fixes #1387, #1283, fixes #2083)
  650. * [core] stream response to client (#949)
  651. * [TLS] release openssl buffers as used (fixes #1265, fixes #1283, #881)
  652. * [config] config options to stream request/response (#949, #376)
  653. * [core] option to stream request body to backend (fixes #376)
  654. * [core] option to stream response body to client (fixes #949, #760, #1283, #1387)
  655. * drain backend socket/pipe bufs upon FDEVENT_HUP
  656. * remove excess calls to joblist_append()
  657. * defer choosing "Transfer-Encoding: chunked"
  658. * asynchronous, bidirectional streaming options
  659. * fix errors detected by Coverity Scan
  660. * [cygwin] fix mod_proxy and mod_fastcgi ioctl use
  661. * [mod_webdav] remove excess SQL param to UNLOCK
  662. * graceful shutdown without unnecessary 1 sec delay
  663. * [core] disable Nagle algorithm (TCP_NODELAY)
  664. * [core] add declarations to fdevent.h (#2373)
  665. * [tests] remove dependency on CGI.pm
  666. * [TLS] fix return value checks during cert init
  667. * [core] fix server.max-request-size to be precise (fixes #2131)
  668. * [mod_webdav] fix proppatch mem leak, other fixes (#fixes 1334, #fixes 2000)
  669. * [autobuild] CMake check for struct tm tm_gmtoff (fixes #2014)
  670. * [mod_uploadprogress] fix mem leak (#1858)
  671. * [core] make server.max-request-size scopeable (fixes #1901)
  672. * [mod_fastcgi,mod_scgi] check for spawning on same unix socket (#319)
  673. * [mod_accesslog] %a %A %C %D %k %{}t %{}T (fixes #1145, fixes #1415, fixes #2081)
  674. * [mod_access] new directive url.access-allow (fixes #1421)
  675. * [core] fdevent_libev: update use of ev_timer
  676. * [mod_cgi] handle local redirect response (fixes #2108)
  677. - 1.4.39 - 2016-01-02
  678. * [core] fix memset_s call (fixes #2698)
  679. * [chunk] fix use after free / double free (fixes #2700)
  680. - 1.4.38 - 2015-12-05
  681. * [stat-cache] fix handling of collisions, might have returned wrong data (fixes #2669)
  682. * [core] allocate at least 4k buffer for incoming data
  683. * [core] fix search for header end if split across chunks (fixes #2670)
  684. * [core] check configparserAlloc() result with force_assert
  685. * [mod_auth] implement and use safe_memclear, using memset_s or explicit_bzero if available (thx loganaden)
  686. * [core] don't buffer request bodies smaller than 64k on disk
  687. * add force_assert for many allocations and function results
  688. * [mod_secdownload] use a hopefully constant time comparison to check hash (fixes #2679)
  689. * [config] check config option scope; warn if server option is given in conditional
  690. * [core] revert increase of temp file size back to 1MB, provide a configure option "server.upload-temp-file-size" instead (fixes #2680)
  691. * [core] add '~' to safe characters in ENCODING_REL_URI/ENCODING_REL_URI_PART encoding
  692. * [core] encode path with ENCODING_REL_URI in redirect to directory (fixes #2661, thx gstrauss)
  693. * [mod_secdownload] add required algorithm option; old behaviour available as "md5", new options "hmac-sha1" and "hmac-sha256"
  694. * [mod_fastcgi/mod_scgi] zero sockaddr structs before use (fixes #2691, thx Kyle J. McKay)
  695. * [network] add darwin-sendfile backend (fixes #2687, thx Kyle J. McKay)
  696. * [core] show correct crypt support result (fixes #2690, thx Kyle J. McKay)
  697. - 1.4.37 - 2015-08-30
  698. * [mod_proxy] remove debug log line from error log (fixes #2659)
  699. * [mod_dirlisting] fix dir-listing.set-footer not showing
  700. * fix out-of-filedescriptors when uploading "large" files (fixes #2660, thx rmilecki)
  701. * increase upload temporary chunk file size from 1MB to 16MB
  702. * fix undefined integer shift
  703. * rewrite network sendfile/mmap/writev/write backends
  704. * fix some unchecked return value warnings
  705. * [kqueue] fix kevent call
  706. * [autoconf] define HAVE_CRYPT when crypt() is present
  707. * [bsd xattr] fix compile break with BSD extended attributes in stat_cache
  708. * [mod_cgi] rewrite mmap and generic (post body) send error handling
  709. * [mmap] fix mmap alignment
  710. * [plugins] when modules are linked statically still only load the modules given in the config
  711. * [mmap] handle SIGBUS in network; those get triggered if the file gets smaller during reading
  712. * fix some warnings found by coverity ("leak" in setup phase, not catching too long unix socket paths in mod_proxy)
  713. - 1.4.36 - 2015-07-26
  714. * use keep-alive timeout while waiting for HTTP headers; use always the read timeout while waiting for the HTTP body
  715. * fix bad shift in conditional netmask ".../0" handling
  716. * add more mime types and a script to generate mime.conf (fixes #2579)
  717. * add support for (Free)BSD extended attributes
  718. * [build] use fortify flags with "extra-warnings"
  719. * [mod_dirlisting,mod_redirect,mod_rewrite] abort config parsing if pcre-compile fails or isn't available
  720. * [ssl] disable SSL3.0 by default
  721. * fixed typo in example config found by openSUSE user (boo# 907709)
  722. * [network] fix compile break in calculation of sockaddr_un size if SUN_LEN is not defined (fixes #2609)
  723. * [connections] fix bug in connection state handling
  724. * print backtrace in assert logging with libunwind
  725. * major refactoring of internal buffer/chunk handling
  726. * [mod_auth] use crypt_r instead of crypt if available
  727. * fix error message for T_CONFIG_ARRAY config values if an entry value is not a string
  728. * fix segfaults in many plugins if they failed configuration
  729. * escape all strings for logging (fixes #2646 log file injection, reported by Jaanus Kääp)
  730. * fix hex escape in accesslog (fixes #2559)
  731. * show extforward re-run warning only with debug.log-request-handling (fixes #2561)
  732. * parse If-None-Match for ETag validation (fixes #2578)
  733. * fix memory leak in mod_status when no counters are set (found by coverity)
  734. * [mod_magnet] fix segfault when accessing not existing lighty.req_env[] entry (found by coverity)
  735. * fix segfault when temp file for upload couldn't be created (found by coverity)
  736. * mime.conf: add some new mime types, remove .dat, .sha1, .md5, update .vcf
  737. * [mod_proxy] add unix domain socket support (fixes #2653)
  738. * [configfile] fix reading uninitialized variable (found by Willian B.)
  739. - 1.4.35 - 2014-03-12
  740. * [network/ssl] fix build error if TLSEXT is disabled
  741. * [mod_fastcgi] fix use after free (only triggered if fastcgi debug is active)
  742. * [mod_rrdtool] fix invalid read (string not null terminated)
  743. * [mod_dirlisting] fix memory leak if pcre fails
  744. * [mod_fastcgi,mod_scgi] fix resource leaks on spawning backends
  745. * [mod_magnet] fix memory leak
  746. * add comments for switch fall throughs
  747. * remove logical dead code
  748. * [buffer] fix length check in buffer_is_equal_right_len
  749. * fix resource leaks in error cases on config parsing and other initializations
  750. * add force_assert() to enforce assertions as simple assert()s are disabled by -DNDEBUG (fixes #2546)
  751. * [mod_cml_lua] fix null pointer dereference
  752. * force assertion: setting FD_CLOEXEC must work (if available)
  753. * [network] check return value of lseek()
  754. * fix unchecked return values from stream_open/stat_cache_get_entry
  755. * [mod_webdav] fix logic error in handling file creation error
  756. * check length of unix domain socket filenames
  757. * fix SQL injection / host name validation (thx Jann Horn)
  758. - 1.4.34 - 2014-01-20
  759. * [mod_auth] explicitly link ssl for SHA1 (fixes #2517)
  760. * [mod_extforward] fix compilation without IPv6, (not) using undefined var (fixes #2515, thx mm)
  761. * [ssl] fix SNI handling; only use key+cert from SNI specific config (fixes #2525, CVE-2013-4508)
  762. * [doc] update ssl.cipher-list recommendation
  763. * [stat-cache] FAM: fix use after free (CVE-2013-4560)
  764. * [stat-cache] fix FAM cleanup/fdevent handling
  765. * [core] check success of setuid,setgid,setgroups (CVE-2013-4559)
  766. * [ssl] fix regression from CVE-2013-4508 (client-cert sessions were broken)
  767. * maintain physical.basedir (the "acting" doc-root as prefix of physical.path) in more places
  768. * [core] decode URL before rewrite, enabling it to work in $HTTP["url"] conditionals (fixes #2526)
  769. * [auto* build] remove -no-undefined from linker flags, as we actually link modules with undefined symbols (fixes #2533)
  770. * [mod_mysql_vhost] fix memory leak on config init (#2530)
  771. * [mod_webdav] fix fd leak found with parfait (fixes #2530, thx kukackajiri)
  772. - 1.4.33 - 2013-09-27
  773. * mod_fastcgi: fix mix up of "mode" => "authorizer" in other fastcgi configs (fixes #2465, thx peex)
  774. * fix handling of If-Modified-Since if If-None-Match is present (don't return 412 for date parsing errors);
  775. follow current draft for HTTP/1.1, which tells us to ignore If-Modified-Since if we have matching etags.
  776. * [mod_fastcgi,log] support multi line logging (fixes #2252)
  777. * call ERR_clear_error only for ssl connections in CON_STATE_ERROR
  778. * reject non ASCII characters in HTTP header names
  779. * [mod_auth] use crypt() on encrypted password instead of extracting salt first (fixes #2483)
  780. * [mod_auth] add htpasswd -s (SHA1) support if openssl is used (needs openssl for SHA1). This doesn't use any salt, md5 with salt is probably better.
  781. * [mod_auth] fix base64_decode (#2484)
  782. * fix some bugs found with canalyze (fixes #2484, thx Zhenbo Xu)
  783. * fix undefined stuff found with clang
  784. * [cmake] Use TARGET_LINK_LIBRARIES instead of LINK_FLAGS for library dependencies, also add -Wl,--as-needed to extra warnings (fixes #2448)
  785. * [mod_auth] fix invalid read in digest qop=auth-int handling (fixes #2478)
  786. * [auto* build] simplify autogen.sh, handle automake 1.13 test running (fixes #2490)
  787. * [mod_userdir] add userdir.active option, "enabled" by default
  788. * [core] return 501 Not Implemented in static file mode for all methods except GET/POST/HEAD/OPTIONS
  789. * [core] recognize more http methods to forward to backends (fixes #2346)
  790. * [ssl] use DH only if openssl supports it (fixes #2479)
  791. * [network] use constants available at compile time for maximum number of chunks for writev instead of calling sysconf (fixes #2470)
  792. * [ssl] Fix $HTTP["scheme"] conditional, could be "http" for ssl connections if the ssl $SERVER["socket"] conditional was nested (fixes #2501)
  793. * [ssl] accept ssl renegotiations if they are not disabled (fixes #2491)
  794. * [ssl] add option ssl.empty-fragments, defaulting to disabled (fixes #2492)
  795. * [auth] put REMOTE_USER into cgi environment, making it accessible to lua via lighty.req_env (fixes #2495)
  796. * [auth] new method "extern" to use already present REMOTE_USER (from magnet, ssl, ...) (fixes #2436)
  797. * [core] remove requirement that default doc-root has to exist, there are reasonable scenarios not requiring static files at all
  798. * [core] check whether server.chroot exists
  799. * [mod_simple_vhost] fix cache; skip module if simple-vhost.server-root is empty (thx rm for reporting)
  800. * [mod_accesslog] add accesslog.syslog-level option (fixes #2480)
  801. * [core] allow files to be used as document-root (fixes #2475)
  802. * [core] set signal handlers before forking child processes in modules/plugins_call_set_defaults (fixes #2502)
  803. - 1.4.32 - 2012-11-21
  804. * Code cleanup with clang/sparse (fixes #2437, thx kibi)
  805. * Ignore EPIPE/ECONNRESET after SSL_shutdown
  806. * Handle ENAMETOOLONG, return 404 Not Found (fixes #2396, thx dererkazo)
  807. * configure.ac: remove old stuff, add some new to fix warnings in automake 1.12 (fixes #2419, thx blino)
  808. * add PATCH method (fixes #2424)
  809. * fix :port handling in $HTTP["host"] checks (fixes #2135. thx liming)
  810. * network_server_init: fix double free and memleak on error (fixes #2440, thx kyprizel)
  811. * detect "x-gzip"/"x-bzip2" as separate encodings, more strict encoding matching (fixes #2443)
  812. * tests: make sure mod_proxy doesn't leave running processes (fixes #2435, thx kibi)
  813. * mod_extforward: log address of untrusted proxy with debug.log-request-handling
  814. * fix DoS in Connection header value split (reported by Jesse Sipprell, CVE-2012-5533)
  815. * remove whitespace at end of header keys
  816. - 1.4.31 - 2012-05-31
  817. * [ssl] fix segfault in counting renegotiations for openssl versions without TLSEXT/SNI (thx carpii for reporting)
  818. * Move fdevent subsystem includes to implementation files to reduce conflicts (fixes #2373)
  819. * [mod_compress] fix handling if etags are disabled but cache-dir is set - may lead to double response
  820. * disable mmap by default (fixes #2391)
  821. * buffer_caseless_compare: always convert letters to lowercase to get transitive results, fixing array lookups (fixes #2405)
  822. * Fix handling of empty header list entries in http_request_split_value, fixing invalid read in valgrind (fixes #2413)
  823. * Fix access log escaping of " and \\ (fixes #1551)
  824. * [mod_auth] Fix digest "md5-sess" implementation (Errata ID 1649, RFC 2617) (fixes #2410)
  825. * [auth] Add "AUTH_TYPE" environment (for *cgi), remove fastcgi specific workaround, add fastcgi test case (fixes #889)
  826. * [mod_*cgi,mod_accesslog] Fix splitting :port with ipv6 (fixes #2333, thx simoncpu)
  827. * Detect multiple -f options: show error message instead of assert (fixes #2416)
  828. * [mod_extforward] Support ipv6 addresses (fixes #1889)
  829. * [mod_redirect] Support url.redirect-code option (fixes #2247)
  830. * Fix --enable-mmap handling in configure.ac
  831. - 1.4.30 - 2011-12-18
  832. * Always use our 'own' md5 implementation, fixes linking issues on MacOS (fixes #2331)
  833. * Limit amount of bytes we send in one go; fixes stalling in one connection and timeouts on slow systems.
  834. * [ssl] fix build errors when Elliptic-Curve Diffie-Hellman is disabled
  835. * Add static-file.disable-pathinfo option to prevent handling of urls like .../secret.php/image.jpg as static file
  836. * Don't overwrite 401 (auth required) with 501 (unknown method) (fixes #2341)
  837. * Fix mod_status bug: always showed "0/0" in the "Read" column for uploads (fixes #2351)
  838. * [mod_auth] Fix signedness error in http_auth (fixes #2370, CVE-2011-4362)
  839. * [ssl] count renegotiations to prevent client renegotiations
  840. * [ssl] add option to honor server cipher order (fixes #2364, BEAST attack)
  841. * [core] accept dots in ipv6 addresses in host header (fixes #2359)
  842. * [ssl] fix ssl connection aborts if files are larger than the MAX_WRITE_LIMIT (256kb)
  843. * [libev/cgi] fix waitpid ECHILD errors in cgi with libev (fixes #2324)
  844. - 1.4.29 - 2011-07-03
  845. * Fix mod_proxy waiting for response even if content-length is 0 (fixes #2259)
  846. * Silence annoying "connection closed: poll() -> ERR" error.log message (fixes #2257)
  847. * mod_cgi: make read buffer as big as incoming data block
  848. * [build] Fix detection of libev (fixes #2300)
  849. * ssl: Support for Diffie-Hellman and Elliptic-Curve Diffie-Hellman key exchange (fixes #2301)
  850. add ssl.use-sslv3 (fixes #2246)
  851. load all algorithms (fixes #2239)
  852. * [ssl/md5] prefix our own md5 implementation with li_ so it doesn't conflict with the openssl one (fixes #2269)
  853. * [ssl/build] some minor fixes; fix compile without ssl, cleanup ssl config buffers
  854. * [proc,include_shell] log error if exec shell fails (fixes #2280)
  855. * [*cgi] Use physical base dir (alias, userdir) as DOCUMENT_ROOT in cgi environments (fixes #2216)
  856. * [doc] Move docs to outdated/ subdir and refer to wiki instead (fixes #2248)
  857. * fdevent: add solaris eventports (fixes #2171)
  858. - 1.4.28 - 2010-08-22
  859. * Rename fdevent_event_add to _set to reflect what the function does. Fix some handlers. (fixes #2249)
  860. * Fix buffer.h to include stdio.h as it is needer for SEGFAULT() (fixes #2250)
  861. - 1.4.27 - 2010-08-13
  862. * Fix handling return value of SSL_CTX_set_options (fixes #2157, thx mlcreech)
  863. * Fix mod_proxy HUP handling (send final chunk, fix usage counter)
  864. * mod_proxy: close connection on write error (fixes #2114)
  865. * Check uri instead of physical path for directory redirect
  866. * Fix detecting git repository (fixes #2173, thx ncopa)
  867. * [mod_compress] Fix segfault when etags are disabled (fixes #2169)
  868. * Reset uri.authority before TLS servername handling, reset all "keep-alive" data in connection_del (fixes #2125)
  869. * Print double quotes properly when dumping config file (fixes #1806)
  870. * Include IP addresses on error log on password failures (fixes #2191)
  871. * Fix stalls while reading from ssl sockets (fixes #2197)
  872. * Fix etag formatting on boxes with 32-bit longs
  873. * Fix two compiler warnings
  874. * mod_accesslog: fix %p for ipv6 sockets (fixes #2228, thx jo.henke)
  875. * mod_fastcgi: Send 502 "Bad Gateway" if we couldn't open the file for X-Sendfile (fixes #2226)
  876. * mod_staticfile: add debug output if we ignore a file with static-file.exclude-extensions (fixes #2215)
  877. * mod_cgi: fix race condition leaving response not forwarded to client (fixes #2217)
  878. * mod_accesslog: Fix var declarations mixed in source (fixes #2233)
  879. * mod_status: Add version to status page (fixes #2219)
  880. * mod_accesslog: optimize accesslog_append_escaped (fixes #2236, thx crypt)
  881. * openssl: silence annoying error messages for errno==0 (fixes #2213)
  882. * array.c: improve array_get_unused_element to check data type; fix mem leak if unused_element didn't find a matching entry (fixes #2145)
  883. * add check to stop loading plugins twice
  884. * cleanup fdevent code, removed linux-rtsig handler, replaced some fprintf calls
  885. * only require FDEVENT_IN bit to be set for listening connections (fixes #2227)
  886. * add libev fdevent handler: server.event-handler = "libev"
  887. * mod_proxy: return response as soon as it is available (fixes #2196)
  888. * don't overwrite global server.force-lowercase-filenames setting (fixes #2042)
  889. * bind to IPV6-only if ipv6 address was specified (https://redmine.lighttpd.net/projects/lighttpd/wiki/IPv6-Config)
  890. - 1.4.26 - 2010-02-07
  891. * Fix request parser to handle packets with splitted \r\n\r\n (fixes #2105)
  892. * Remove dependency on automake >= 1.11 with m4_ifdef check
  893. * mod_accesslog: support %e (fixes #2113, thx presbrey)
  894. * Fix mod_cgi cgi.execute-x-only option in global block
  895. * mod_fastcgi: x-sendfile2 parse error debugging
  896. * Fix mod_proxy dead host detection if connect() fails
  897. * Fix fd leaks in mod_cgi (fds not closed on pipe/fork failures, found by Rodrigo, fixes #2158, #2159)
  898. * Fix segfault with broken rewrite/redirect patterns (fixes #2140, found by crypt)
  899. * Append to previous buffer in con read, fix DoS/OOM vulnerability (fixes #2147, found by liming, CVE-2010-0295)
  900. * Fix HUP detection in close-state if event-backend doesn't support FDEVENT_HUP (like select or poll on FreeBSD)
  901. - 1.4.25 - 2009-11-21
  902. * mod_magnet: fix pairs() for normal tables and strings (fixes #1307)
  903. * mod_magnet: add traceback for printing lua errors
  904. * mod_rewrite: fix compile error if compiled without pcre
  905. * disable warning "CLOSE-read" (fixes #2091)
  906. * mod_rrdtool: fix creating file if it doesn't exist (#1788)
  907. * reset tlsext_server_name in connection_reset - fixes random hostnames in the $HTTP["host"] conditional
  908. * export some SSL_CLIENT_* vars for client cert validation (fixes #1288, thx presbrey)
  909. * mod_fastcgi: fix mod_fastcgi packet parsing
  910. * mod_fastcgi: Don't reconnect after connect() succeeded (fixes #2096)
  911. * Fix configure.ac to allow autoreconf, also enables make V=0
  912. - 1.4.24 - 2009-10-25
  913. * Add T_CONFIG_INT for bigger integers from the config (needed for #1966)
  914. * Use unsigned int (and T_CONFIG_INT) for max_request_size
  915. * Use unsigned int for secdownload.timeout (fixes #1966)
  916. * Keep url/host values from connection to display information while keep-alive in mod_status (fixes #1202)
  917. * Add server.breakagelog, a "special" stderr (fixes #1863)
  918. * Fix config evaluation for debug.log-timeouts option (#1529)
  919. * Add "cgi.execute-x-only" to mod_cgi, requires +x for cgi scripts (fixes #2013)
  920. * Fix FD_SETSIZE comparision warnings
  921. * Add "lua-5.1" to searched pkg-config names for lua
  922. * Fix unused function webdav_lockdiscovery in mod_webdav
  923. * cmake: Fix crypt lib check
  924. * cmake: Add -export-dynamic to link flags, fixes build on FreeBSD
  925. * Set FD_CLOEXEC for bound sockets before pipe-logger forks (fixes #2026)
  926. * Reset ignored signals to SIG_DFL before exec() in fastcgi/scgi (fixes #2029)
  927. * Show "no uri specified -> 400" error only when "debug.log-request-header-on-error" is enabled (fixes #2030)
  928. * Fix hanging connection in mod_scgi (fixes #2024)
  929. * Allow digits in hostnames in more places (fixes #1148)
  930. * Use connection_reset instead of handle_req