(thx glen)
Regression in lighttpd 1.4.56 - 1.4.58 when extforward.headers is
not set in lighttpd.conf.
Workaround: extforward.headers = ("X-Forwarded-For")
(or appropriate value depending on header sent by upstream proxy)
x-ref:
"mod_extforward regression 1.4.56"
https://redmine.lighttpd.net/issues/3051
extend ssl.openssl.ssl-conf-cmd to accept "SecurityLevel"
(lighttpd extension) and use the (string) value to call the
openssl-specific SSL_CTX_set_security_level()
If server.systemd-socket-activation = "enable" and one or more of the
sockets is not listed in lighttpd.conf, then when the server is shutting
down, a buffer from the config file is free()d twice.
On some older gcc, strncmp is a macro and expects three arguments,
but does not see expansion of lighttpd CONST_STR_LEN() macro before
warning/error about incorrect number of arguments
On some older gcc, strncmp is a macro and expects three arguments,
but does not see expansion of lighttpd CONST_STR_LEN() macro before
warning/error about incorrect number of arguments
include mbedtls/platform_util.h for mbedtls_platform_zeroize()
(instead of relying on an indirect include)
(fixes build with (very old) mbedtls-2.14.0)
create API in chunk.[ch] for writing a chunk to an fd
(pull similar code from mod_cgi and mod_webdav)
This new API is intended for use on request body input, which is
written to size-limited temporary files controlled by lighttpd and
written to files or pipes.
(network_backend_write() is for writing chunkqueues to sockets)
FreeBSD provides an API similar to Linux copy_file_range()
but uses off_t instead of loff_t in the syscall.
off_t is equivalent to off64_t when lighttpd is built with LFS
(and lighttpd is built with LFS enabled by default)
OpenBSD crypt() does not support (insecure) crypt-des or crypt-md5
(The password used in the tests and lighttpd.htpasswd is crypt-des.
Something else could be used so that the tests can execute,
though that something might be different on different platforms.)
sys-time.h - localtime_r,gmtime_r macros if needed
provide rudimentary localtime_r() and gmtime_r() if not present
(wraps localtime() and gmtime() funtions, but are not thread-safe since
they do not take a lock around access to localtime() and gmtime())
(import from one of my development branches from 2015)
(thx flynn)
fix large memory usage for large file downloads from dynamic backends
reuse or release large memory chunks
x-ref:
"Memory Growth with PUT and full buffered streams"
https://redmine.lighttpd.net/issues/3033
- rewrite fcgi-responder as standalone app
fcgi-responder is now a minimal, standalone FastCGI server for tests
- remove dependency on fcgi-devel package
- merge fcgi-auth into fcgi-responder
compatibility to compile with earlier wolfSSL versions
compile-tested back to wolfSSL tag v3.14.0-stable
configured with (possibly extra flags)
./configure --enable-opensslextra --enable-opensslall --enable-sni \
--enable-lighty --enable-stunnel --enable-nginx --enable-haproxy
Functionality has not been tested!
Please consider using the latest stable release of wolfSSL.
now that mod_wolfssl is a standalone module, use wolfSSL TLS ver defines
(Increase compatibility of mod_wolfssl with wolfSSL versions prior to
wolfSSL v4.2.0)
Glenn Strauss