Glenn Strauss
86f64a0288
[mod_magnet] fix regression in lighty.stat ( fixes #2877 )
...
fix regression in mod_magnet lighty.stat introduced in lighttpd 1.4.49
in commit commit:b1df38ab
x-ref:
"lighty.stat failure"
https://redmine.lighttpd.net/issues/2877
5 years ago
Glenn Strauss
e21906b3b4
[core] fix crash if 'host' empty in config ( fixes #2876 )
...
x-ref:
"segfault with fastcgi app"
https://redmine.lighttpd.net/issues/2876
5 years ago
Glenn Strauss
78e25f0f50
[mod_extforward] allow explict IPs to be untrusted ( #2860 )
...
Allowing explicit IPs to be rejected might be useful in situations
where an internal network is to be allowed by CIDR mask, but there are
a small number of untrusted hosts on the network, e.g. hosts behind a
NAT to which some external ports are forwarded.
CIDR masks must be marked "trust", or else are ignored with a warning.
x-ref:
"RFE: mod_extforward CIDR support"
https://redmine.lighttpd.net/issues/2860
5 years ago
Glenn Strauss
ae54806dc2
- next is 1.4.50
5 years ago
Glenn Strauss
d0d5d4267b
[doc] NEWS
5 years ago
Glenn Strauss
758d24142b
[core] fix incorrect hash algorithm impl
...
fix incorrect implementation of djb hash algorithm
5 years ago
Glenn Strauss
5a6e4df85c
[mod_auth] check that digest realm matches config
5 years ago
Glenn Strauss
81b7e8e2fb
[mod_auth] constant time compare plain passwords
...
(digests have same length)
5 years ago
Glenn Strauss
7265c72b6c
[autoconf] reduce minimum automake version to 1.13
...
Although removal of AM_PROG_CC_C_O in f107bac8
5 years ago
Glenn Strauss
4a674224ab
[core] re-enable overloaded backends w/ multi wkrs
...
re-enable overloaded backends when server.max-worker is non-zero
(thx jens-maus)
x-ref:
"mod_proxy not re-enabling proxy with 1.4.48" (multiple workers)
https://redmine.lighttpd.net/boards/2/topics/7906
5 years ago
Glenn Strauss
fc7edb3946
[mod_extforward] CIDR support for trusted proxies ( fixes #2860 )
...
x-ref:
"RFE: mod_extforward CIDR support"
https://redmine.lighttpd.net/issues/2860
5 years ago
Glenn Strauss
cd2b51cb1a
[core] fix CONNECT w strict header parsing enabled
...
fix CONNECT with strict header parsing enabled (default)
(or set server.http-parseopt-header-strict = "disabled")
x-ref:
"ssh over https tunnel"
https://redmine.lighttpd.net/boards/2/topics/7805
5 years ago
Glenn Strauss
bd32f67046
[core] open additional fds O_CLOEXEC
5 years ago
Glenn Strauss
b1df38ab6a
[core] increase stat_cache abstraction
...
reduce dependency on struct connection
routines for getting/caching content_type and etag separate from stat
5 years ago
Glenn Strauss
2496c1af4c
[core] pass array_get_element_klen() const array *
5 years ago
Glenn Strauss
6a6d32698e
[core] fix path-info calculation in git master ( fixes #2861 )
...
(thx ReimuHakurei)
x-ref:
"Regression: PHP URLs return 404 from lighttpd when they contain PATH_INFO ending in a trailing slash."
https://redmine.lighttpd.net/issues/2861
5 years ago
Glenn Strauss
978a3f8dad
[core] add include sys/poll.h on Solaris ( fixes #2859 )
...
x-ref:
"fdevent_solaris_port.c header missing on Solaris 10"
https://redmine.lighttpd.net/issues/2859
5 years ago
Glenn Strauss
58a1793964
[core] fix 32-bit compile POST w/ chunked request body ( #2854 )
...
(thx the_jk)
x-ref:
"chunked transfer encoding in request body only works for tiny chunks"
https://redmine.lighttpd.net/issues/2854
5 years ago
Glenn Strauss
30fe3684f6
[mod_wstunnel] fix for frames larger than 64k ( fixes #2858 )
...
(thx rschmid)
x-ref:
"Wrong websocket frametype if frame is longer then UINT16_MAX"
https://redmine.lighttpd.net/issues/2858
5 years ago
Glenn Strauss
1c594f0629
[doc] minor update to *outdated* doc
...
x-ref:
"unknown config-key: auth.debug (ignored)"
https://redmine.lighttpd.net/boards/2/topics/7842
github: closes #89
5 years ago
Glenn Strauss
e6564641d8
[core] remove unused func
5 years ago
Glenn Strauss
dc1675ea32
[core] fix POST with chunked request body ( fixes #2854 )
...
(thx the_jk)
x-ref:
"chunked transfer encoding in request body only works for tiny chunks"
https://redmine.lighttpd.net/issues/2854
5 years ago
Glenn Strauss
cb371557e5
[core] merge redirect/rewrite pattern substitution
...
merge redirect/rewrite pattern substitution function (share code)
5 years ago
Glenn Strauss
a5a2654bd4
[core] code cleanup: separate physical path sub
...
code cleanup: separate subroutine to check physical path
5 years ago
Glenn Strauss
d5f37803dd
[mod_authn_ldap] auth with ldap referrals ( fixes #2846 )
...
use ldap_set_rebind_proc() to provide auth when rebinding following
ldap referrals (instead of rebinding anonymously for ldap referrals)
x-ref:
"LDAP authentication vs. AD: problems with referrals"
https://redmine.lighttpd.net/issues/2846
5 years ago
Glenn Strauss
ec9e6abcb3
[core] check for path-info forward down path
...
check for path-info forward down path rather than back from end of path
5 years ago
Glenn Strauss
76b9b1fa46
[mod_openssl] elliptic curve auto selection ( fixes #2833 )
...
elliptic curve auto selection where available
openssl v1.0.2 - SSL_CTX_set_ecdh_auto()
openssl v1.1.0 - ECDH support always enabled
x-ref:
"Using X25519 Key exchange"
https://redmine.lighttpd.net/issues/2833
"SSL_CTX_set_ecdh_auto is undefined for newer openssl's"
https://github.com/openssl/openssl/issues/1437
It has been removed from OpenSSL 1.1.0.
Here is the relevant CHANGES entry:
*) SSL_{CTX_}set_ecdh_auto() has been removed and ECDH is support is
always enabled now. If you want to disable the support you should
exclude it using the list of supported ciphers. This also means
that the "-no_ecdhe" option has been removed from s_server.
[Kurt Roeckx]
5 years ago
Glenn Strauss
f90ccdef51
[mod_openssl] minor code cleanup; reduce var scope
...
('git show -u -b -w <commit-sha>' to see minimal changes)
5 years ago
Glenn Strauss
b9df146b3c
[core] non-blocking write() to piped loggers
...
If pipe fills and would block, then discard remaining write.
Do not block lighttpd if the logger blocks, such as if disk fills up.
5 years ago
Glenn Strauss
e8226c11cb
[core] do not reparse request if async cb
...
do not reparse request if async callback, e.g. for mod_auth
5 years ago
Glenn Strauss
b28f03b5a4
[core] warn if mod_indexfile after dynamic handler
...
mod_indexfile should be listed in server.modules
prior to dynamic handlers
x-ref:
https://redmine.lighttpd.net/boards/2/topics/7797
5 years ago
Glenn Strauss
37f9b60d5e
[mod_authn_ldap] fix mem leak when ldap auth fails ( fixes #2849 )
...
thx, codehero
x-ref:
"Linux OOM kills lighttpd when using mod_authn_ldap"
https://redmine.lighttpd.net/issues/2849
5 years ago
Glenn Strauss
d4083effab
[core] fix base64 decode when char is unsigned ( fixes #2848 )
...
thx, codehero
x-ref:
"buffer_append_base64_decode() broken on compilers where char is assumed unsigned"
https://redmine.lighttpd.net/issues/2848
5 years ago
Glenn Strauss
0c95ed370f
[core] report to stderr if errorlog path ENOENT ( fixes #2847 )
...
x-ref:
"handling permissions at startup"
https://redmine.lighttpd.net/issues/2847
5 years ago
Glenn Strauss
84b5064dc4
[core] discard from socket using recv MSG_TRUNC
...
discard from socket using recv MSG_TRUNC on Linux TCP SOCK_STREAM socket
Currently, lighttpd supports only TCP SOCK_STREAM. If UDP SOCK_DGRAM
were to be supported in the future, then socket type will need to be
stored so that MSG_TRUNC is used appropriately for the desired effect.
To find out socket type on arbitrary socket fd:
getsockopt(..., SOL_SOCKET, SO_TYPE, ...)
but better to store it with each listening socket.
5 years ago
Glenn Strauss
e4ed2ed4ae
[mod_compress,mod_deflate] try mmap MAP_PRIVATE
...
try mmap MAP_PRIVATE if mmap MAP_SHARED fails with errno == EINVAL
Some file systems such as jffs2 and btrfs might not support MAP_SHARED
5 years ago
Glenn Strauss
bed3779617
[core] fix segfault if tempdirs fill up ( fixes #2843 )
...
(thx wolfram)
x-ref:
"lighttpd segfault if /var/tmp is full"
https://redmine.lighttpd.net/issues/2843
5 years ago
Glenn Strauss
d3b0eb8264
[mod_deflate] fix deflate of file > 2MB w/o mmap
...
fix deflate of file > 2MB when lighttpd is built without mmap support
5 years ago
Glenn Strauss
3770df2387
[mod_proxy] basic support for HTTP CONNECT method ( #2060 )
...
For security reasons, this supports only specific, pre-configured
target backends and not arbitrary CONNECT targets.
x-ref:
"mod_connect"
https://redmine.lighttpd.net/issues/2060
"ssh over https tunnel"
https://redmine.lighttpd.net/boards/2/topics/7805
https://en.wikipedia.org/wiki/HTTP_tunnel
https://nurdletech.com/linux-notes/ssh/via-http.html
5 years ago
Glenn Strauss
d5d0258362
[core] support POLLRDHUP, where available ( #2743 )
...
x-ref:
"mod_cgi, lighty not killing CGI if connection in the other end is closed"
https://redmine.lighttpd.net/boards/2/topics/5962
"1.4.40/41 mod_proxy, mod_scgi may trigger POLLHUP on *BSD,Darwin"
https://redmine.lighttpd.net/issues/2743
5 years ago
Glenn Strauss
9f02df2d39
[mod_accesslog] %{canonical,local,remote}p ( fixes #2840 )
...
x-ref:
"accesslog.format remote_port"
https://redmine.lighttpd.net/issues/2840
5 years ago
Glenn Strauss
e7f5e24aeb
[core] adjust offset if response header blank line
...
When backend returns an invalid response header which is exactly a
blank line (\n or \r\n), adjust the offset so as not to discard the
first character following, which is probably intended to be the
beginning of the response body.
5 years ago
Glenn Strauss
de937f47f8
- next is 1.4.49
5 years ago
Glenn Strauss
2c7d70eddb
[doc] NEWS
5 years ago
Glenn Strauss
d4cdaab15b
[doc] fix doc/config/conf.d/fastcgi.conf example
...
x-ref:
"Lighttpd not starting up with default fastcgi config"
https://redmine.lighttpd.net/boards/2/topics/7780
5 years ago
Stefan Bühler
d102a7113f
[scons] fix various python2/3 incompatibilities
5 years ago
Glenn Strauss
2728572af3
[core] fix dup typedef compiler warning
5 years ago
Glenn Strauss
06d108855d
[mod_openssl] quiet trace from TCP probes ( #2784 )
...
x-ref:
"huge amount of "SSL: -1 5 0 Success" messages"
https://redmine.lighttpd.net/issues/2784
5 years ago
Glenn Strauss
d61714dd0d
[mod_authn_sasl] SASL auth (new) ( fixes #2275 )
...
(experimental)
HTTP Basic authentication using saslauthd
server.modules += ( "mod_auth" )
server.modules += ( "mod_authn_sasl" )
auth.backend = "sasl"
auth.backend.sasl.opts = ( "pwcheck_method" => "saslauthd" ) # default
x-ref:
"SASL auth like libapache2-mod-authn-sasl"
https://redmine.lighttpd.net/issues/2275
5 years ago
Glenn Strauss
fdc4c324c4
[mod_authn_ldap] replace use of deprecated funcs
...
[mod_authn_ldap,mod_vhostdb_ldap]
replace use of deprecated funcs
remove -DLDAP_DEPRECATED
5 years ago
