Commit Graph

2540 Commits

Author SHA1 Message Date
Glenn Strauss ec9e6abcb3 [core] check for path-info forward down path
check for path-info forward down path rather than back from end of path
2018-01-06 22:23:51 -05:00
Glenn Strauss 76b9b1fa46 [mod_openssl] elliptic curve auto selection (fixes #2833)
elliptic curve auto selection where available
openssl v1.0.2 - SSL_CTX_set_ecdh_auto()
openssl v1.1.0 - ECDH support always enabled

  "Using X25519 Key exchange"

  "SSL_CTX_set_ecdh_auto is undefined for newer openssl's"
  It has been removed from OpenSSL 1.1.0.
  Here is the relevant CHANGES entry:
  *) SSL_{CTX_}set_ecdh_auto() has been removed and ECDH is support is
     always enabled now.  If you want to disable the support you should
     exclude it using the list of supported ciphers. This also means
     that the "-no_ecdhe" option has been removed from s_server.
     [Kurt Roeckx]
2018-01-06 20:15:09 -05:00
Glenn Strauss f90ccdef51 [mod_openssl] minor code cleanup; reduce var scope
('git show -u -b -w <commit-sha>' to see minimal changes)
2018-01-06 19:05:26 -05:00
Glenn Strauss b9df146b3c [core] non-blocking write() to piped loggers
If pipe fills and would block, then discard remaining write.
Do not block lighttpd if the logger blocks, such as if disk fills up.
2018-01-02 21:01:41 -05:00
Glenn Strauss e8226c11cb [core] do not reparse request if async cb
do not reparse request if async callback, e.g. for mod_auth
2018-01-01 17:06:05 -05:00
Glenn Strauss b28f03b5a4 [core] warn if mod_indexfile after dynamic handler
mod_indexfile should be listed in server.modules
prior to dynamic handlers

2018-01-01 07:32:52 -05:00
Glenn Strauss 37f9b60d5e [mod_authn_ldap] fix mem leak when ldap auth fails (fixes #2849)
thx, codehero

  "Linux OOM kills lighttpd when using mod_authn_ldap"
2017-12-21 17:44:23 -05:00
Glenn Strauss d4083effab [core] fix base64 decode when char is unsigned (fixes #2848)
thx, codehero

  "buffer_append_base64_decode() broken on compilers where char is assumed unsigned"
2017-12-21 17:41:17 -05:00
Glenn Strauss 0c95ed370f [core] report to stderr if errorlog path ENOENT (fixes #2847)
  "handling permissions at startup"
2017-12-11 22:17:00 -05:00
Glenn Strauss 84b5064dc4 [core] discard from socket using recv MSG_TRUNC
discard from socket using recv MSG_TRUNC on Linux TCP SOCK_STREAM socket

Currently, lighttpd supports only TCP SOCK_STREAM.  If UDP SOCK_DGRAM
were to be supported in the future, then socket type will need to be
stored so that MSG_TRUNC is used appropriately for the desired effect.

To find out socket type on arbitrary socket fd:
  getsockopt(..., SOL_SOCKET, SO_TYPE, ...)
but better to store it with each listening socket.
2017-12-11 21:35:31 -05:00
Glenn Strauss e4ed2ed4ae [mod_compress,mod_deflate] try mmap MAP_PRIVATE
try mmap MAP_PRIVATE if mmap MAP_SHARED fails with errno == EINVAL
Some file systems such as jffs2 and btrfs might not support MAP_SHARED
2017-12-09 20:22:29 -05:00
Glenn Strauss bed3779617 [core] fix segfault if tempdirs fill up (fixes #2843)
(thx wolfram)

  "lighttpd segfault if /var/tmp is full"
2017-11-26 17:03:07 -05:00
Glenn Strauss d3b0eb8264 [mod_deflate] fix deflate of file > 2MB w/o mmap
fix deflate of file > 2MB when lighttpd is built without mmap support
2017-11-26 12:40:34 -05:00
Glenn Strauss 3770df2387 [mod_proxy] basic support for HTTP CONNECT method (#2060)
For security reasons, this supports only specific, pre-configured
target backends and not arbitrary CONNECT targets.

  "ssh over https tunnel"
2017-11-25 19:01:16 -05:00
Glenn Strauss d5d0258362 [core] support POLLRDHUP, where available (#2743)
  "mod_cgi, lighty not killing CGI if connection in the other end is closed"
  "1.4.40/41 mod_proxy, mod_scgi may trigger POLLHUP on *BSD,Darwin"
2017-11-19 12:01:09 -05:00
Glenn Strauss 9f02df2d39 [mod_accesslog] %{canonical,local,remote}p (fixes #2840)
  "accesslog.format remote_port"
2017-11-17 22:19:40 -05:00
Glenn Strauss e7f5e24aeb [core] adjust offset if response header blank line
When backend returns an invalid response header which is exactly a
blank line (\n or \r\n), adjust the offset so as not to discard the
first character following, which is probably intended to be the
beginning of the response body.
2017-11-15 06:36:58 -05:00
Glenn Strauss de937f47f8 - next is 1.4.49 2017-11-12 00:53:51 -05:00
Glenn Strauss 2c7d70eddb [doc] NEWS 2017-11-11 11:13:39 -05:00
Glenn Strauss d4cdaab15b [doc] fix doc/config/conf.d/fastcgi.conf example
  "Lighttpd not starting up with default fastcgi config"
2017-11-09 22:16:22 -05:00
Stefan Bühler d102a7113f [scons] fix various python2/3 incompatibilities 2017-11-08 00:02:54 -05:00
Glenn Strauss 2728572af3 [core] fix dup typedef compiler warning 2017-11-07 08:52:55 -05:00
Glenn Strauss 06d108855d [mod_openssl] quiet trace from TCP probes (#2784)
  "huge amount of "SSL: -1 5 0 Success" messages"
2017-11-06 21:39:00 -05:00
Glenn Strauss d61714dd0d [mod_authn_sasl] SASL auth (new) (fixes #2275)

HTTP Basic authentication using saslauthd

server.modules += ( "mod_auth" )
server.modules += ( "mod_authn_sasl" )
auth.backend = "sasl"
auth.backend.sasl.opts = ( "pwcheck_method" => "saslauthd" ) # default

  "SASL auth like libapache2-mod-authn-sasl"
2017-11-05 20:11:07 -05:00
Glenn Strauss fdc4c324c4 [mod_authn_ldap] replace use of deprecated funcs
replace use of deprecated funcs
2017-11-05 18:50:25 -05:00
Glenn Strauss 5a5ce3dc75 [doc] NEWS - fix improper format line breaks 2017-11-05 00:36:16 -04:00
Glenn Strauss c09acbeb8a [mod_openssl] ssl.openssl.ssl-conf-cmd (fixes #2758)
(similar to Apache mod_ssl SSLOpenSSLConfCmd directive)


This new directive is for use with OpenSSL only, and is not currently
available in LibreSSL.

lighttpd takes "file commands" not "command line commands" as
openssl SSL_CONF_cmd() appears to permit only one mode at a time.

lighttpd processes this directive after all other ssl.* directives
have been applied for the $SERVER["socket"] scope.

  "Option to disable TLS session tickets"
  "Allow to selectively disable TLS 1.0, 1.1 and 1.2 versions"

github: closes #84
2017-11-04 21:45:33 -04:00
Glenn Strauss 1a22ca87f9 [mod_openssl] allow specifying server cert chain (fixes #2692)
  "allow setting explicit SSL server certificate chain"

github: closes #62
2017-11-04 17:01:32 -04:00
Glenn Strauss 35ecd4dd9d [mod_openssl] more pedantic check of return values
more pedantic check of return values for openssl interfaces

(and minor adjustment of whitespace)

2017-11-04 17:01:01 -04:00
Glenn Strauss da6b2dc1b6 [core] quiet coverity false positive 2017-11-03 23:51:37 -04:00
Glenn Strauss a9d1c46fb9 [build] fix link of test_configfile.c 2017-11-03 23:34:49 -04:00
Glenn Strauss d6e184aca9 [mod_cgi] quiet trace if mod_cgi sends SIGTERM (fixes #2838)
(spurious trace began in lighttpd 1.4.46)

  ".47 always kills git-http-backend"
2017-11-03 23:04:22 -04:00
Glenn Strauss 0e84df8180 [core] fix lighttpd -1 one-shot graceful shutdown
fix lighttpd -1 graceful shutdown (one-shot mode)
(regression in lighttpd 1.4.46)
2017-11-03 23:02:08 -04:00
Glenn Strauss bfef0907bd [mod_openssl] error if ssl.engine in wrong section (fixes #2837)
error if ssl.engine in wrong section of config.
ssl.engine is valid only in global scope or $SERVER["socket"] condition

  "HTTPS requests timeout when cert not set for socket"
2017-11-03 23:02:08 -04:00
Glenn Strauss 8f3bbd7f13 [core] isolate backend fdevent handler defs 2017-11-03 23:02:08 -04:00
Glenn Strauss 7b2514cdad [core] quiet pedantic cc warning for excess comma 2017-11-02 00:41:53 -04:00
Glenn Strauss 82d374328f [autobuild] allow sendfile() in cross-compile (fixes #2836)
allow sendfile() in cross-compile if sys/sendfile.h header detected
and sendfile() symbol detected (e.g. in libc)

If sendfile() is present but always returns ENOSYS, lighttpd will
be slightly less efficient, but will fall back to writev() or write()

User should explicitly set = "writev" in
lighttpd.conf on systems with broken sendfile()

  "Remove check for broken sendfile implementations"
2017-11-02 00:41:53 -04:00
Glenn Strauss 142971a80c [core] consolidate backend network write handlers
network_write.[ch] isolates various write, writev, sendfile wrappers
2017-11-02 00:41:53 -04:00
Glenn Strauss 9287c87dcd [core] cleanup: consolidate FAM code in stat_cache 2017-10-29 22:37:29 -04:00
Glenn Strauss 6e87da7195 [core] cleanup unused ifndef 2017-10-29 12:12:55 -04:00
Glenn Strauss f97f2e359c [stat_cache] remove debug code littered in file 2017-10-29 11:28:32 -04:00
Glenn Strauss 1367f60626 [core] isolate sock_addr manipulation 2017-10-29 01:23:19 -04:00
Glenn Strauss caab4cdf8a [autobuild] remove obsolete warning about mmap use
lighttpd protects against SIGBUS when accessing mmap'd files
2017-10-28 23:02:32 -04:00
Glenn Strauss f394207d5f [core] fix implicit wildcard IPv4 and IPv6 listen
fix implicit wildcard IPv4 and IPv6 listening (regression in 1.4.46)

(broken in commit:5248b46c)

workaround (without this patch): server.set-v6only = "disable"
(which may produce a warning when lighttpd parses config)

2017-10-28 22:58:12 -04:00
Glenn Strauss b27f1c0910 [core] fix var.CWD (regression in 1.4.46) (fixes #2835)
(broken in commit:86bb8be2)

  "empty var.CWD"
2017-10-28 22:58:12 -04:00
Stefan Bühler 16c4530e61 [meson] new build system
Needed to extend lemon to take an output path parameter.
2017-10-28 22:54:45 -04:00
Glenn Strauss 02ad06b080 [autobuild] Merge branch 'personal/stbuehler/autobuild-cleanup' 2017-10-28 22:49:40 -04:00
Stefan Bühler 6976b5e8a8 [autobuild] generate version id with m4 instead of awk 2017-10-28 22:48:12 -04:00
Stefan Bühler a45f3bac58 [autobuild] improve feature+module counting 2017-10-28 22:48:12 -04:00
Stefan Bühler 6751571805 [autobuild] simple check for fork 2017-10-28 22:48:12 -04:00