Commit Graph

2135 Commits (d5f64cd85fcd1eba62f5148b97def5f373f65533)

Author SHA1 Message Date
Glenn Strauss d5f64cd85f [mod_webdav] compile fix when locking not enabled 2016-11-28 17:41:28 -05:00
Glenn Strauss 4d95a8e300 [mod_authn_mysql] close mysql_conn in cleanup
close cached mysql_conn in server cleanup when server shuts down
2016-11-28 15:00:22 -05:00
Glenn Strauss 5bf5e1adcc fix race in dynamic handler configs (reentrancy) (fixes #2774)
(thx tobbe303)

x-ref:
  "CGI request not handled"
  https://redmine.lighttpd.net/issues/2774
2016-11-28 12:39:37 -05:00
Glenn Strauss df61f19daf [core] compile fix for Mac OS X 10.6 (old) (fixes #2773)
Mac OS X 10.7 Lion introduces arc4random_buf()

(thx ryandesign)

x-ref:
  "Mac OS X build issue Undefined symbols"
  https://redmine.lighttpd.net/issues/2773
2016-11-28 12:39:11 -05:00
Glenn Strauss e628fc3509 [mod_authn_gssapi] better resource cleanup 2016-11-27 22:18:15 -05:00
Glenn Strauss f635ae7a07 [mod_auth] compile fix for Mac OS X XCode (fixes #2772)
memcpy() may be a macro and gave error for missing arguement when
CONST_STR_LEN() macro is used (which expands to two arguments)

(thx ryandesign)

x-ref:
  "mod_authn_file.c:683:56: error: too few arguments provided to function-like macro invocation (memcpy)"
  https://redmine.lighttpd.net/issues/2772
2016-11-25 04:40:32 -05:00
Glenn Strauss 99925202dd [mod_cgi] fix out of sockets error for POST to CGI (fixes #2771)
(thx asifgoldpk)

x-ref:
  "With mod_cgi I am getting sockets disabled, out-of-fds error"
  https://redmine.lighttpd.net/issues/2771
2016-11-24 09:36:09 -05:00
Glenn Strauss 40e05e9b8c [mod_fastcgi] fix segfault if all backends down (fixes #2768)
(thx HenrikHolst)

x-ref:
  "mod_fastcgi segfault in lighttpd-1.4.43"
  https://redmine.lighttpd.net/issues/2768
2016-11-24 09:36:09 -05:00
Glenn Strauss bb30f44530 [mod_extforward] fix crash on invalid IP (fixes #2766)
x-ref:
  "crashes for invalid IP addresses when using mod_extforward"
  https://redmine.lighttpd.net/issues/2766
2016-11-24 09:36:09 -05:00
Glenn Strauss 6533056289 [mod_cgi] FreeBSD 9.3/MacOSX does not have pipe2() (fixes #2765)
FreeBSD 9.3 has O_CLOEXEC, but does not have pipe2() until FreeBSD 10.
FreeBSD 10 also adds SOCK_CLOEXEC, so use that as indicator
https://wiki.freebsd.org/AtomicCloseOnExec

Note: FreeBSD 9.3 will soon reach its "extended" EOL date (31 Dec 2016),
so those using FreeBSD 9.3 should consider upgrading.
https://www.freebsd.org/security/security.html#sup

Mac OS X does not have pipe2().  User reported:
  Undefined symbols for architecture x86_64:
    "_pipe2", referenced from:
        _mod_cgi_handle_subrequest in mod_cgi.o

x-ref:
  "Undefined symbols _pipe2"
  https://redmine.lighttpd.net/issues/2765
2016-11-24 09:36:09 -05:00
Glenn Strauss c74bdf834b [mod_magnet] fix magnet_cgi_set() set of env vars (fixes #2763)
(thx flynn)

x-ref:
  "Setting REMOTE_USER with lua does not work"
  https://redmine.lighttpd.net/issues/2763
2016-11-24 09:36:09 -05:00
Glenn Strauss 26c44e0057 [config] warn if mod_authn_ldap,mysql not listed
warn if mod_authn_ldap is not listed in server.modules in lighttpd.conf
but auth.backend = "ldap" is in lighttpd.conf

warn if mod_authn_mysql is not listed in server.modules in lighttpd.conf
but auth.backend = "mysql" is in lighttpd.conf

A future release of lighttpd 1.4.x will cease automatically loading
these modules.  After that, lighttpd will fail to start up if
auth.backend requires one of these modules and the module is not loaded.

(The purpose of this change is to remove from the lighttpd core server
 the dependencies on LDAP or MariaDB libraries.)
2016-11-24 09:36:09 -05:00
Stefan Bühler d352790331 [mod_authn_gssapi] fix memory leak 2016-11-02 09:23:47 +01:00
Stefan Bühler 5e3653dc5d [mod_scgi] fix segfault (fixes #2762) 2016-11-02 08:13:44 +01:00
Glenn Strauss 33e3504bcb - next is 1.4.44 2016-10-31 09:58:23 -04:00
Glenn Strauss 7349aa4a21 [build] fix warning for (potentially) unused func 2016-10-31 09:11:27 -04:00
Glenn Strauss f910e0917d [autotools] fix configure.ac for opensuse 13.2
x-ref:
  https://mail.gnome.org/archives/commits-list/2016-June/msg02601.html
2016-10-31 08:45:09 -04:00
Glenn Strauss 3d04bc45f6 [build] move some build scripts to scripts/ 2016-10-30 16:47:53 -04:00
Glenn Strauss f59ff32fd9 [mod_cgi] FreeBSD 9.3 does not have pipe2()
FreeBSD 9.3 has O_CLOEXEC, but does not have pipe2() until FreeBSD 10.
FreeBSD 10 also adds F_DUPFD_CLOEXEC, so use that as indicator
https://wiki.freebsd.org/AtomicCloseOnExec

Note: FreeBSD 9.3 will soon reach its "extended" EOL date (31 Dec 2016),
so those using FreeBSD 9.3 should consider upgrading.
https://www.freebsd.org/security/security.html#sup
2016-10-30 16:40:59 -04:00
Stefan Bühler ca074babb1 [scons] only apply FreeBSD11 workaround on FreeBSD 2016-10-29 20:00:03 +02:00
Stefan Bühler fbe3a84907 [scons] workaround FreeBSD11 fullstatic link error
The error for reference:

/usr/lib/libc.a(arc4random.o): In function `arc4random':
/usr/src/lib/libc/gen/arc4random.c:(.text+0x410): multiple definition of `arc4random'
/usr/local/lib/libcrypto.a(arc4random.o):(.text+0x0): first defined here
/usr/lib/libc.a(arc4random.o): In function `arc4random_buf':
/usr/src/lib/libc/gen/arc4random.c:(.text+0x580): multiple definition of `arc4random_buf'
/usr/local/lib/libcrypto.a(arc4random.o):(.text+0x80): first defined here
2016-10-29 19:30:49 +02:00
Stefan Bühler 8e678653be [autobuild] put ax_prog_cc_for_build.m4 in top directory
- "autoreconf --force --install" should be enough to get autobuild
  running, manual cp / running ./autogen.sh should not be required
- reorganize files laters, e.g. scripts/{cmake,m4}
- include ax_prog_cc_for_build.m4 manually in configure.ac as it is not
  automatically loaded if it is not in m4/
2016-10-29 18:02:12 +02:00
Glenn Strauss de4946e647 [autobuild] build fix for lemon.c 2016-10-29 11:19:37 -04:00
Glenn Strauss 193e7f9904 [autobuild] add lemon.c to src/Makefile.am 2016-10-29 11:06:48 -04:00
Glenn Strauss 738ebd5b29 [doc] NEWS 2016-10-29 10:41:44 -04:00
Glenn Strauss 06cc3dfa59 [core] check fcntl O_APPEND succeeds w/ mkstemp() 2016-10-29 10:32:41 -04:00
Glenn Strauss 5ee1483373 [autobuild] adjust Makefile.am for FreeBSD
the cross-compile build rule does not seem to like $^ for lemon,
so specify lemon.c explicitly in the build command

(thx stbuehler for suggested workaround)
2016-10-29 10:05:54 -04:00
Glenn Strauss cd48c2804b move script to doc/scripts/ax_prog_cc_for_build.m4
m4/ directory is listed in .gitignore and should be generated
2016-10-29 09:51:37 -04:00
Glenn Strauss b29e69e5b7 [mod_scgi] fix prefix matching to always match url
Fix mod_scgi prefix matching: match the prefix always against url,
not the absolute filepath (regardless of check-local)

(apply fix similar to commit:fe8b7e57 applied to mod_fastcgi in 2008)
2016-10-29 09:14:07 -04:00
Glenn Strauss 204df06814 minor: coverity comments 2016-10-29 09:14:07 -04:00
Glenn Strauss 23503883ba [core] fix potential streaming tempfile corruption (fixes #2760)
set O_APPEND after mkstemp() in chunk.c  (mkostemp() is not as portable)
(also set FD_CLOEXEC to avoid potentially leaking open tempfiles to CGI)

(thx dieter.ro for helping track this down)

x-ref:
  https://redmine.lighttpd.net/boards/3/topics/6884
  "potential tempfile corruption when streaming response"
  https://redmine.lighttpd.net/issues/2760
2016-10-29 09:14:07 -04:00
Glenn Strauss eb37615a47 [core] fix fd leak when using libev (fixes #2761)
server.event-handler = "libev" would leak fds after the change made
in commit:40f16d5 since fdevent_libev.c:fdevent_libev_poll() always
returned 0 ready events after handling the event callbacks itself.
Therefore, fdevent_libev.c:fdevent_libev_poll() must also call
fdevent_sched_run() to handled fds scheduled to be closed.

This bug was introduced in 1.4.42.

(thx mittwinter for troubleshooting and identifying problem)

Note: server.event-handler = "libev" is no longer recommended.
lighttpd provides event handlers optimized for modern systems for most
platforms, and the limited way that lighttpd uses libev does not provide
any advantages over the OS-specific optimized event handlers.

x-ref:
  "fd leak with libev in 1.4.42"
  https://redmine.lighttpd.net/issues/2761
2016-10-29 09:13:49 -04:00
Glenn Strauss 86c68ecbc7 [mod_rewrite] add more info in error log msg
add more info in ENDLESS LOOP error log msg

x-ref:
  https://redmine.lighttpd.net/boards/2/topics/6899
2016-10-26 11:47:06 -04:00
Glenn Strauss b2ab1c8d0e [core] network_open_file_chunk() temp file opt
network_open_file_chunk() temp file optimization:
skip file size checks if file is temp file created by lighttpd

If not temp file, always fstat() for file size check instead of
using potentially out-of-date info from stat_cache

x-ref:
  https://redmine.lighttpd.net/boards/3/topics/6884
2016-10-25 23:36:06 -04:00
Glenn Strauss fa67918d3e fix FastCGI, SCGI, proxy reconnect on failure
factor modules for consistent code flow for reconnect on failure
2016-10-25 20:30:17 -04:00
Glenn Strauss 988ee80060 [config] warn if mod_authn_ldap,mysql not listed
warn if mod_authn_ldap is not listed in server.modules in lighttpd.conf
but auth.backend = "ldap" is in lighttpd.conf

warn if mod_authn_mysql is not listed in server.modules in lighttpd.conf
but auth.backend = "mysql" is in lighttpd.conf

A future release of lighttpd 1.4.x will cease automatically loading
these modules.  After that, lighttpd will fail to start up if
auth.backend requires one of these modules and the module is not loaded.

(The purpose of this change is to remove from the lighttpd core server
 the dependencies on LDAP or MariaDB libraries.)
2016-10-21 18:20:02 -04:00
Glenn Strauss f5eef270bb [mod_dirlisting] config header and readme files
dir-listing.show-header = "HEADER.txt"
dir-listing.show-readme = "README.txt"

now take a filename to display, in addition to "enable" or "disable".

The filename to display can not literally be "enable" or "disable",
since those retain current behavior of displaying "HEADER.txt" or
"README.txt", or disabling inclusion of a file for that directive.
2016-10-21 01:44:14 -04:00
Glenn Strauss 76514e7a39 [lemon] standalone; remove #include "first.h"
also remove extern declarations for functions from standard headers
2016-10-20 16:57:45 -04:00
Andreas Oberritter 30c54b65e4 build: use CC_FOR_BUILD for lemon when cross-compiling 2016-10-20 16:50:28 -04:00
Glenn Strauss 75040e9988 [mod_evhost] mod-evhost.t tests (#1194)
(thx Daniel-Brandt)

x-ref:
  "Partial matching in mod_evhost patterns"
  https://redmine.lighttpd.net/issues/1194
2016-10-20 14:22:46 -04:00
Glenn Strauss a3bba43b30 [mod_evhost] partial matching patterns (fixes #1194)
"%%" "%_" "%x" "%{x.y}" where x and y are *single digit* 0 - 9
and y is the 1-indexed position of a single char to add, similar to
http://httpd.apache.org/docs/2.4/mod/mod_vhost_alias.html
(but not supporting the entire Apache mod_vhost_alias syntax)

The lighttpd syntax for adding a single char at a give position requires
that the "%{x.y}" syntax, including the curly braces, which is different
from the Apache mod_vhost_alias syntax.

x-ref:
  "Partial matching in mod_evhost patterns"
  https://redmine.lighttpd.net/issues/1194
2016-10-20 13:55:32 -04:00
Glenn Strauss 9f93454d56 [mod_expire] expire by mimetype (fixes #423)
new directive expire.mimetypes for list of mimetypes and expirations

mod_expire is now processed at the start of the response, and so now
may be applied to all responses, including dynamic responses.

mod_expire now applies only to GET and HEAD requests where the response
status is 200 OK or 206 Partial Content, and for which no other modules
or backend has already added a Cache-Control response header.

expire.url takes precedence over expire.mimetypes

x-ref:
  "Add expire by Mimetype"
  https://redmine.lighttpd.net/issues/423
2016-10-20 10:48:06 -04:00
Glenn Strauss 1f3ad401ba [mod_deflate] skip deflate if loadavg too high (fixes #1505)
[mod_deflate] skip deflate if 1 min loadavg too high
deflate.max-loadavg  = "3.50"  # express value as string of float num

[mod_compress] skip compression if 1 min loadavg too high
compress.max-loadavg = "3.50"  # express value as string of float num

Feature available on BSD-like systems which have getloadavg() in libc

Note: load average calculations are different on different operating
systems and different types of system loads, so there is no value that
can be recommended for one-size-fits-all.

x-ref:
  "Enable mod_compress to abandon compression when load average is too high"
  https://redmine.lighttpd.net/issues/1505
2016-10-19 16:38:47 -04:00
Glenn Strauss 72a5ff1f21 [mod_accesslog] %{ratio}n logs compression ratio (fixes #2133)
mod_deflate and mod_compress now provide data for mod_accesslog
"%{ratio}n%%" log format to log compression ratio

Implementation detail: compression ratio is stored in con->environment
since lighttpd does not currently have concept of module notes, which is
from where %{VARNAME}n originates.  In the future, this might change in
lighttpd, so be sure to use %{ratio}n%% and not %{...}e for this info.

x-ref:
  "accesslog support "%n" (compress ratio)"
  https://redmine.lighttpd.net/issues/2133
2016-10-19 16:37:22 -04:00
Glenn Strauss b11d059843 [cmake] build fcgi-auth, fcgi-responder for tests
Aside: must have cmake enable building openssl for tests to pass
due to tests/lighttpd.conf including config options requiring openssl
algorithms in mod_secdownload.c:
  (secdownload.algorithm       = "hmac-sha1")
  (secdownload.algorithm       = "hmac-sha256")

$ cmake -L .
$ cmake -DWITH_OPENSSL:BOOL=ON .
$ make -j 4 -k
$ make test

x-ref:
  https://blog.lighttpd.net/articles/2006/12/25/1-5-0-goes-cmake/
2016-10-18 17:47:33 -04:00
Glenn Strauss 4943dac851 [doc] lighttpd-angel.8 (fixes #2254)
x-ref:
  "lighttpd-angel doesn't have man page"
  https://redmine.lighttpd.net/issues/2254
2016-10-18 13:09:48 -04:00
Glenn Strauss ee40397fa5 [TLS] remote IP conditions are valid for TLS SNI (fixes #2272)
x-ref:
  "To allow different ssl.pemfile settings for different $HTTP["remoteip"]"
  https://redmine.lighttpd.net/issues/2272
2016-10-18 12:46:11 -04:00
Glenn Strauss bad5f68ade [core] use paccept() on NetBSD (replace accept4())
thx nros (NetBSD)
2016-10-17 19:07:37 -04:00
Glenn Strauss ab07c71111 [autobuild] move http_cgi_ssl_env() for Mac OS X (fixes #2757)
move http_cgi_ssl_env() from response.c to http-header-glue.c
for symbol visibility on Mac OS X.

x-ref:
  "Undefined symbols: _http_cgi_ssl_env"
  https://redmine.lighttpd.net/issues/2757
2016-10-17 14:25:40 -04:00
Glenn Strauss 961eba9e27 [TLS] openssl 1.1.0 hides struct bignum_st 2016-10-17 14:15:50 -04:00