Commit Graph

3505 Commits (e6a87a894d1b88301e59ab4b38718393d5e5bdd9)

Author SHA1 Message Date
Glenn Strauss d2d5f27f80 [core] chunkqueue_compact_mem() must upd cq->last 2020-08-10 12:54:33 -04:00
Glenn Strauss 346280fed7 [mod_proxy] do not forward Expect: 100-continue
do not forward Expect: 100-continue to backend
since we do not handle HTTP/1.1 100 Continue response
2020-08-10 12:54:33 -04:00
Glenn Strauss 8b4abaf498 [mod_webdav] fix fallback if linkat() fails
fix fallback if linkat() fails

check at startup if /proc/self/fd is present on systems with O_TMPFILE
(containers might not mount /proc)

  "mod_webdav - PUT files with < 64kb Content-Length reults in zero length file"
2020-08-10 12:54:33 -04:00
Jeff Zignego 3470919212 Add avahi service file under doc/avahi/
github: closes #104
2020-08-03 11:32:30 -04:00
Stefan Bühler 5515bb2a08 scons: fix check environment
if os.environ is a special class the scons.Environment Clone() doesn't
work properly.

show builddir in so we can actually see it works.
2020-08-02 20:05:33 +02:00
Glenn Strauss e012705b43 [build] SCons fix space/tabs inconsistency 2020-08-02 13:48:48 -04:00
Glenn Strauss eb4f953396 [build] avoid accept_filter_arg compiler warning
avoid compiler warning for struct accept_filter_arg af_name strncpy()
2020-08-02 12:55:18 -04:00
Glenn Strauss cea7e92157 [build] SCons brotli needs pkg-config --static
SCons fullstatic build including brotli needs pkg-config --static
2020-08-02 12:55:18 -04:00
Glenn Strauss f358f04bdc [build] SCons build mod_deflate w/ libm for brotli 2020-08-02 12:32:37 -04:00
Glenn Strauss 17b378c00e [build] SCons build with brotli needs -lm on *BSD 2020-08-02 10:16:55 -04:00
Glenn Strauss abfa915d97 [build] fix SCons build for detection of brotli 2020-08-02 09:17:04 -04:00
Glenn Strauss 4663564c8a [mod_authn_dbi,mod_authn_mysql] fix coverity issue 2020-08-02 09:00:17 -04:00
Glenn Strauss 7bc7082d32 [mod_extforward] attempt to quiet Coverity warning 2020-08-02 09:00:17 -04:00
Glenn Strauss 4a1960958a [core] add some missing standard includes 2020-08-02 07:47:42 -04:00
Glenn Strauss b2d7635801 [mod_webdav] fix inadvertent string truncation
(bug on master branch; never released)
2020-08-02 07:47:42 -04:00
Glenn Strauss 0fb391c096 [core] http_header_remove_token() 2020-08-02 07:47:42 -04:00
Glenn Strauss d44a26bfa3 [tests] test_base64.c clear buf vs reset
(can be slightly faster to clear buffer than to reset buffer)
2020-08-02 07:47:42 -04:00
Glenn Strauss f7919c1ae3 [mod_proxy] send HTTP/1.1 requests to backends
For prior behavior (HTTP/1.0 requests to backend), force HTTP/1.0 with:
  server.feature-flags = ("proxy.force-http10" => "enable")
2020-08-02 07:47:42 -04:00
Glenn Strauss c3073b4da6 [core] stricter parsing of POST chunked block hdr 2020-08-02 07:47:42 -04:00
Glenn Strauss 9ca668c870 [mod_fastcgi] decode Transfer-Encoding: chunked
decode Transfer-Encoding: chunked from mod_fastcgi backend
2020-08-02 07:47:42 -04:00
Glenn Strauss 7420526ddb [core] decode Transfer-Encoding: chunked from gw
decode Transfer-Encoding: chunked from gw (gateway backends)

Transfer-Encoding: chunked is a hop-by-hop header.

Handling chunked encoding remove a hurdle for mod_proxy to send HTTP/1.1
requests to backends and be able to handle HTTP/1.1 responses.

Other backends ought not to send Transfer-Encoding: chunked, but in
practice, some implementations do.
2020-08-02 07:47:42 -04:00
Glenn Strauss dbd438cca0 [mod_openssl] read secret data w/ BIO_new_mem_buf
Using BIO_new_mem_buf() allows lighttpd to control file reads and
securely wiping memory, avoiding the use of BIO_s_file(), which
employs stdio and BIO internal copying without securely wiping memory.

BIO_new_mem_buf() is also much more performant than BIO_s_file()
or BIO_new_fd() without a buffering BIO, which might make many
syscalls reading a single character at a time.

BIO_new_mem_buf() appears to be supported by older OpenSSL versions
as well as by numerous OpenSSL-compatible APIs, e.g. in BoringSSL,
LibreSSL, WolfSSL
2020-08-02 07:47:42 -04:00
Glenn Strauss 4b755d2b03 [mod_deflate] quicker check for Content-Encoding
The response is not a candidate for mod_deflate if
Content-Encoding was already set by something else.
2020-08-02 07:47:42 -04:00
Glenn Strauss 496dc6d9c5 [core] detect and reject TLS connect to cleartext
detect and reject TLS connection to cleartext listening port
(alternative to failing to receive HTTP header and waiting to time out)
2020-08-02 07:47:42 -04:00
Glenn Strauss 87428818a1 [mod_nss] func renames for consistency
mod_nss was written using mod_mbedtls and mod_gnutls as templates,
but some code was accidentally committed with those other modules'
2020-08-02 07:47:41 -04:00
Glenn Strauss 33c8cf41db [multiple] rename connection_reset hook to request
rename connection_reset to handle_request_reset
2020-08-02 07:47:41 -04:00
Glenn Strauss bb6a5d7821 [core] separate funcs to reset (request_st *)
request_init(), request_free(), request_reset() separate from (and
called by) connection_init(), connection_free(), connection_reset()
2020-08-02 07:47:41 -04:00
Glenn Strauss 164f7600b7 [multiple] con hooks store ctx in con->plugin_ctx
modules with connection level hooks now store ctx in con->plugin_ctx
2020-08-02 07:47:41 -04:00
Glenn Strauss fea5bdc873 [core] con layer plugin_ctx separate from request 2020-08-02 07:47:41 -04:00
Glenn Strauss 5f7bf472c7 [core] server.feature-flags extensible config
server.feature-flags = ("server.xxxx" => "enable")
2020-08-02 07:46:27 -04:00
Glenn Strauss 5d7071293a [build] add --with-brotli to CI build
(thx stbuehler)
2020-08-02 06:46:22 -04:00
Glenn Strauss bc5d4b3492 [mod_compress] remove mod_compress 2020-08-02 06:46:22 -04:00
Glenn Strauss de9e2f9881 [tests] mod_compress -> mod_deflate 2020-08-02 06:46:22 -04:00
Glenn Strauss 672891a7d6 [doc] mod_compress -> mod_deflate 2020-08-02 06:46:22 -04:00
Glenn Strauss 8dd33a72dd [mod_deflate] mod_deflate subsumes mod_compress
translate config server.modules "mod_compress" to "mod_deflate"
accept compress.* directives, but issue DEPRECATED warning trace

mod_deflate differences from mod_compress:
- mod_compress compress.filetype was exact match; deflate.mimetypes is
  prefix match (behavior change might compress longer mimetype matches,
  which are likely of similar type and compressability)
- mod_compress always sent entire (compressed) file for Range request
  mod_deflate will stream compress range result (not stored in cache)
- mod_compress would short-circuit request with 403 Forbidden error
  if request file did not exist (stat() failed) (This behavior was
  unfriendly to other handlers)
- mod_compress compress.cache-dir layout differs from deflate.cache-dir
  layout; file cache should be cleared (or renamed) when migrating from
  mod_compress to mod_deflate
- mod_deflate does not issue Vary: Accept-Encoding if request does not
  contain Accept-Encoding.  The identity response can be cache by
  proxies and served to clients.  Historically, some proxies disabled
  caching if any Vary: response was seen.  If the Vary header is
  desirable, mod_deflate code which checks for Accept-Encoding and
  compression type can be moved down a few lines to be below the
  setting of the Vary response header.
2020-08-02 06:46:22 -04:00
Glenn Strauss be6da785c5 [mod_deflate] deflate.cache-dir compressed cache
(achieves feature parity with mod_compress)
2020-08-02 06:46:22 -04:00
Glenn Strauss 5b15c1f449 [mod_deflate] propagate errs from internal funcs
also, pass one less arg to internal funcs
2020-08-02 06:46:22 -04:00
Glenn Strauss b2fe37f0a9 [mod_deflate] fix typo in config option
(typo on master branch; never released)
2020-08-02 06:46:22 -04:00
Glenn Strauss f47ffb438c [build] bzip2 default to not-enabled in build
./configure --with-bzip2 to enable

(autoconf build previously had bzip2 enabled by default, but bzip2
 already disabled by default in CMake, SCONS, and meson build configs)
2020-08-02 06:46:22 -04:00
Glenn Strauss 8d5e237c60 [mod_deflate] Brotli support
configuration option: ./configure --with-brotli
2020-08-02 06:46:22 -04:00
Glenn Strauss be8047d82f [build] build fixes for AIX
  "Compile on AIX conflicting types for 'etag_create'"
2020-07-21 12:08:27 -04:00
Stefan Bühler 5722574df5 move to scripts 2020-07-21 12:04:12 +02:00
Stefan Bühler 852de34113 add 2020-07-21 12:01:50 +02:00
Glenn Strauss 1a516b4c4c [mod_vhostdb_dbi] allow strings and ints in config
e.g. allow "port" value to be a string or integer instead of requiring
     port be a string
2020-07-16 00:30:20 -04:00
Glenn Strauss 3dca923591 [mod_authn_mysql,file] use crypt() to save stack
use crypt() instead of crypt_r() to save stack space,
as struct crypt_data might be very large.

While crypt() is not thread-safe, lighttpd is single-threaded
2020-07-16 00:29:43 -04:00
Glenn Strauss fed2ecae19 [mod_authn_dbi] authn backend employing DBI 2020-07-16 00:29:43 -04:00
Glenn Strauss dba4a328c2 [core] Nettle assert()s if buffer len > digest sz 2020-07-13 17:39:30 -04:00
Glenn Strauss c3dd167dd9 [mod_openssl] fix build warnings on MacOS X
need undef OPENSSL_NO_STDIO for a few funcs which access filesystem
2020-07-13 17:39:30 -04:00
Glenn Strauss 33ae830291 [mod_auth] accept "nonce-secret" & "nonce_secret" 2020-07-13 17:39:30 -04:00
Glenn Strauss 563fe5f013 [mod_authn_ldap,mod_vhostdb_ldap] add timeout opt (#2805)
auth.backend.ldap.timeout = "2000000"    # quoted-string; microseconds
vhostdb.ldap += ("timeout" => "2000000") # quoted-string; microseconds

Default is 2000000 microseconds (2 secs)

These values are converted to struct timeval and passed to
  ldap_set_option(ld, LDAP_OPT_NETWORK_TIMEOUT, );
  ldap_set_option(ld, LDAP_OPT_TIMEOUT, ...);
if those LDAP_OPT_* values are available (both are OpenLDAP-specific).

  "mod_auth caching"
2020-07-13 17:39:30 -04:00