lighttpd1.4

lighttpd/lighttpd1.4

Fork 0

Commit Graph

Select branches

Hide Pull Requests

master

personal/gstrauss/master

personal/stbuehler/1.4.48-mod-proxy-fix

personal/stbuehler/ci-build

personal/stbuehler/cleanup-build

personal/stbuehler/fix-fdevent

personal/stbuehler/mod-csrf

personal/stbuehler/mod-csrf-old

personal/stbuehler/tests-path

lighttpd-1.3.11

lighttpd-1.3.12

lighttpd-1.3.13

lighttpd-1.3.14

lighttpd-1.3.15

lighttpd-1.3.16

lighttpd-1.4.1

lighttpd-1.4.10

lighttpd-1.4.11

lighttpd-1.4.12

lighttpd-1.4.13

lighttpd-1.4.14

lighttpd-1.4.15

lighttpd-1.4.16

lighttpd-1.4.17

lighttpd-1.4.18

lighttpd-1.4.19

lighttpd-1.4.2

lighttpd-1.4.20

lighttpd-1.4.21

lighttpd-1.4.22

lighttpd-1.4.23

lighttpd-1.4.24

lighttpd-1.4.25

lighttpd-1.4.26

lighttpd-1.4.27

lighttpd-1.4.28

lighttpd-1.4.29

lighttpd-1.4.3

lighttpd-1.4.30

lighttpd-1.4.31

lighttpd-1.4.32

lighttpd-1.4.33

lighttpd-1.4.34

lighttpd-1.4.35

lighttpd-1.4.36

lighttpd-1.4.36--rc1

lighttpd-1.4.37

lighttpd-1.4.38

lighttpd-1.4.39

lighttpd-1.4.4

lighttpd-1.4.40

lighttpd-1.4.41

lighttpd-1.4.42

lighttpd-1.4.43

lighttpd-1.4.44

lighttpd-1.4.45

lighttpd-1.4.46

lighttpd-1.4.47

lighttpd-1.4.48

lighttpd-1.4.49

lighttpd-1.4.5

lighttpd-1.4.50

lighttpd-1.4.51

lighttpd-1.4.52

lighttpd-1.4.53

lighttpd-1.4.54

lighttpd-1.4.55

lighttpd-1.4.56

lighttpd-1.4.56-rc1

lighttpd-1.4.56-rc2

lighttpd-1.4.56-rc3

lighttpd-1.4.56-rc4

lighttpd-1.4.56-rc5

lighttpd-1.4.56-rc6

lighttpd-1.4.56-rc7

lighttpd-1.4.57

lighttpd-1.4.58

lighttpd-1.4.59

lighttpd-1.4.6

lighttpd-1.4.60

lighttpd-1.4.61

lighttpd-1.4.62

lighttpd-1.4.63

lighttpd-1.4.64

lighttpd-1.4.65

lighttpd-1.4.66

lighttpd-1.4.67

lighttpd-1.4.68

lighttpd-1.4.69

lighttpd-1.4.7

lighttpd-1.4.70

lighttpd-1.4.71

lighttpd-1.4.72

lighttpd-1.4.73

lighttpd-1.4.74

lighttpd-1.4.75

lighttpd-1.4.76

lighttpd-1.4.77

lighttpd-1.4.78

lighttpd-1.4.79

lighttpd-1.4.8

lighttpd-1.4.9

3605a3bec3 use keep-alive timeout while waiting for HTTP headers; use always the read timeout while waiting for the HTTP body Stefan Bühler 2014-04-02 10:04:11 +00:00
e1b1c52028 - next is 1.4.36 Stefan Bühler 2014-04-02 10:04:09 +00:00
d1a2356916 fix SQL injection / host name validation (thx Jann Horn) lighttpd-1.4.35 Stefan Bühler 2014-03-12 12:03:55 +00:00
efc41b2bb1 check length of unix domain socket filenames Stefan Bühler 2014-02-16 13:08:43 +00:00
7bd0f54ab2 add some asserts to help static analyzers Stefan Bühler 2014-02-16 13:08:41 +00:00
326f2fb8a4 [mod_accesslog] don't close fd -1 Stefan Bühler 2014-02-16 13:08:38 +00:00
8e31e18b8e [mod_webdav] fix logic error in handling file creation error Stefan Bühler 2014-02-16 13:08:36 +00:00
57c661c191 fix unchecked return values from stream_open/stat_cache_get_entry Stefan Bühler 2014-02-16 13:08:34 +00:00
b106513e58 [network] check return value of lseek() Stefan Bühler 2014-02-16 13:08:32 +00:00
9f2be4882d force assertion: setting FD_CLOEXEC must work (if available) Stefan Bühler 2014-02-16 13:08:29 +00:00
ef0b353fee [mod_cml_lua] fix null pointer dereference Stefan Bühler 2014-02-16 13:08:27 +00:00
954184e949 [mod_scgi] use goto error for all error cases in mod_scgi_set_defaults Stefan Bühler 2014-02-16 13:08:24 +00:00
8f0e19738f fix r2943 (added invalid read after free) Stefan Bühler 2014-02-16 13:08:22 +00:00
07dd0bd0a5 add force_assert() to enforce assertions as simple assert()s are disabled by -DNDEBUG (fixes #2546) Stefan Bühler 2014-02-16 13:08:20 +00:00
fba7dd6f43 fix resource leaks in error cases on config parsing and other initializations Stefan Bühler 2014-02-14 21:06:19 +00:00
bf10267807 [buffer] fix length check in buffer_is_equal_right_len Stefan Bühler 2014-02-14 21:06:16 +00:00
bcd35cc264 remove logical dead code Stefan Bühler 2014-02-14 21:06:14 +00:00
29a1070299 add comments for switch fall throughs Stefan Bühler 2014-02-14 21:06:12 +00:00
b239e7734a [mod_magnet] fix memory leak Stefan Bühler 2014-02-14 21:06:10 +00:00
b461e031f5 [mod_fastcgi,mod_scgi] fix resource leaks on spawning backends Stefan Bühler 2014-02-14 21:06:07 +00:00
d59c910d6a [mod_dirlisting] fix memory leak if pcre fails Stefan Bühler 2014-02-14 21:06:05 +00:00
0aaf939e5e [mod_rrdtool] fix invalid read (string not null terminated) Stefan Bühler 2014-02-14 21:06:03 +00:00
fc3a060a04 [mod_fastcgi] fix use after free (only triggered if fastcgi debug is active) Stefan Bühler 2014-02-14 21:06:00 +00:00
b8a1835093 NEWS entry for previous commit Stefan Bühler 2014-02-14 21:05:58 +00:00
a7396296da [network/ssl] fix build error if TLSEXT is disabled Stefan Bühler 2014-01-20 21:31:26 +00:00
9061670c28 [dist]: fix typo in link title generated by packdist.sh Stefan Bühler 2014-01-20 14:20:09 +00:00
0d855be97e - next is 1.4.35 Stefan Bühler 2014-01-20 14:20:06 +00:00
3ca6adc233 [docs] add !kPSK to the cipher string recommendation as the comments before already mention lighttpd-1.4.34 Stefan Bühler 2014-01-20 12:07:36 +00:00
d7c90814c3 [tests] add cleanup.sh to cmake test runs, reset SLOWREQUEST in request.t Stefan Bühler 2014-01-10 12:05:12 +00:00
524e0a30a0 add two asserts to help parfait (#2530) Stefan Bühler 2014-01-10 12:05:09 +00:00
24994e113a [mod_webdav] fix fd leak found with parfait (fixes #2530, thx kukackajiri) Stefan Bühler 2014-01-10 12:05:06 +00:00
657566828e [mod_mysql_vhost] fix memory leak on config init (#2530) Stefan Bühler 2014-01-10 12:05:04 +00:00
e346794d59 [auto* build] remove -no-undefined from linker flags, as we actually link modules with undefined symbols (fixes #2533) Stefan Bühler 2014-01-10 12:05:02 +00:00
f0e5c1415d [core] decode URL before rewrite, enabling it to work in $HTTP["url"] conditionals (fixes #2526) Stefan Bühler 2014-01-10 12:04:59 +00:00
17762fad01 maintain physical.basedir (the "acting" doc-root as prefix of physical.path) in more places Stefan Bühler 2014-01-10 12:04:57 +00:00
c8fbc16985 [ssl] fix regression from CVE-2013-4508 (client-cert sessions were broken) Stefan Bühler 2013-11-13 17:18:39 +00:00
18869bcfed [mod_ssi] fix "ssi_val_init" prototype Stefan Bühler 2013-11-13 17:18:35 +00:00
99cddff73a [core] check success of setuid,setgid,setgroups (CVE-2013-4559) Stefan Bühler 2013-11-13 11:43:33 +00:00
d8b363c1d1 [stat-cache] fix FAM cleanup/fdevent handling Stefan Bühler 2013-11-13 11:43:31 +00:00
ae1335503a [stat-cache] FAM: fix use after free (CVE-2013-4560) Stefan Bühler 2013-11-13 11:43:28 +00:00
6f208cfde1 fix/silence bugs reported by ccc-analyzer (clang) Stefan Bühler 2013-11-13 11:43:26 +00:00
6b7240f2d8 NEWS entry for previous commit Stefan Bühler 2013-11-13 11:43:23 +00:00
cdcd49b547 [doc] update ssl.cipher-list recommendation Stefan Bühler 2013-11-10 16:44:34 +00:00
ff86b5cc67 [autobuild] create m4/ before calling autoreconf Stefan Bühler 2013-11-10 13:59:43 +00:00
4938c94ada fix typo (fixes #2519) Stefan Bühler 2013-11-10 13:49:47 +00:00
1985df2a48 add "packdist.sh" script to build (pre-) releases Stefan Bühler 2013-11-10 13:41:12 +00:00
cb02c73860 [autobuild] use autoreconf instead of calling tools manually; add generated files to .gitignore Stefan Bühler 2013-11-10 13:41:09 +00:00
1af871fcef [ssl] fix SNI handling; only use key+cert+verify-client from SNI specific config (fixes #2525, CVE-2013-4508) Stefan Bühler 2013-11-05 15:29:07 +00:00
3ce548c8d0 remove unused members from struct server_socket Stefan Bühler 2013-11-05 15:29:04 +00:00
268c054c40 [mod_extforward] fix compilation without IPv6, (not) using undefined var (fixes #2515, thx mm) Stefan Bühler 2013-10-13 11:34:55 +00:00
9b0d54d7cc [mod_auth] explicitly link ssl for SHA1 (fixes #2517) Stefan Bühler 2013-10-13 11:16:55 +00:00
32199a7bdf - next is 1.4.34 Stefan Bühler 2013-09-27 20:22:12 +00:00
a4640b457e [tests] use list for perl exec to skip the sh wrapper lighttpd-1.4.33 Stefan Bühler 2013-09-06 16:44:41 +00:00
3863053b99 [mod_scgi] fix log typos Stefan Bühler 2013-09-06 16:44:39 +00:00
29ff92d9ba [core] set signal handlers before forking child processes in modules/plugins_call_set_defaults (fixes #2502) Stefan Bühler 2013-08-30 15:46:13 +00:00
9cfc080ab7 [core] allow files to be used as document-root (fixes #2475) Stefan Bühler 2013-08-30 15:02:44 +00:00
c26b0f9617 [mod_accesslog] add accesslog.syslog-level option (fixes #2480) Stefan Bühler 2013-08-30 14:13:43 +00:00
f0e5b84c27 [mod_simple_vhost] fix cache; skip module if simple-vhost.server-root is empty (thx rm for reporting) Stefan Bühler 2013-08-30 13:15:03 +00:00
95dc1ed79e [tests] add mod_simplevhost tests Stefan Bühler 2013-08-30 13:15:01 +00:00
92567b8b8f [core] check whether server.chroot exists Stefan Bühler 2013-08-30 13:14:59 +00:00
916cf7cfc0 [core] remove requirement that default doc-root has to exist, there are reasonable scenarios not requiring static files at all Stefan Bühler 2013-08-30 13:14:57 +00:00
f9d58670d5 [auth] new method "extern" to use already present REMOTE_USER (from magnet, ssl, ...) (fixes #2436) Stefan Bühler 2013-08-30 13:14:56 +00:00
2bcf65c285 [mod_auth] some cleanup, only search for matching auth.require path once Stefan Bühler 2013-08-30 13:14:54 +00:00
559b198f86 [auth] put REMOTE_USER into cgi environment, making it accessible to lua via lighty.req_env (fixes #2495) Stefan Bühler 2013-08-30 13:14:52 +00:00
93fd9ea7a4 [ssl] add option ssl.empty-fragments, defaulting to disabled (fixes #2492) Stefan Bühler 2013-08-30 13:14:50 +00:00
6d4d2118c3 [ssl] accept ssl renegotiations if they are not disabled (fixes #2491) Stefan Bühler 2013-08-30 13:14:48 +00:00
292b8d621b move ssl.disable-client-renegotiation and added note that it currently doesnt work inside conditionals Marcus Rückert 2013-08-15 10:33:00 +00:00
f8e9462d2f [autoconf] pkg-config: search for lua5.1 and lua-5.1 before lua Stefan Bühler 2013-07-31 20:23:23 +00:00
05858f6cf2 [ssl] Fix $HTTP["scheme"] conditional, could be "http" for ssl connections if the ssl $SERVER["socket"] conditional was nested (fixes #2501) Stefan Bühler 2013-07-31 20:23:21 +00:00
7147c84671 [mod_accesslog] fix log buffer <-> log file mapping Stefan Bühler 2013-07-31 20:23:18 +00:00
25a3f2e826 [network] use constants available at compile time for maximum number of chunks for writev instead of calling sysconf (fixes #2470) Stefan Bühler 2013-06-29 12:46:02 +00:00
6cdb46587c [ssl] use DH only if openssl supports it (fixes #2479) Stefan Bühler 2013-06-29 12:46:00 +00:00
3df2ec9248 [core] recognize more http methods to forward to backends (fixes #2346) Stefan Bühler 2013-06-29 10:53:24 +00:00
9b36534752 [core] return 501 Not Implemented in static file mode for all methods except GET/POST/HEAD/OPTIONS Stefan Bühler 2013-06-29 10:53:22 +00:00
f0a2c0f293 [mod_user] add test cases to check handling of encoded ~ as %7E (#2124) Stefan Bühler 2013-06-29 10:07:45 +00:00
12c4a40b28 [mod_userdir] add userdir.active option, "enabled" by default Stefan Bühler 2013-06-29 10:07:43 +00:00
46240fdb7e [mod_auth] fix distcheck, depends on openssl now for {SHA} crypted passwords Stefan Bühler 2013-06-29 09:45:31 +00:00
a6b42cc61e [auto* build] simplify autogen.sh, handle automake 1.13 test running (fixes #2490) Stefan Bühler 2013-06-29 09:45:29 +00:00
c008fd7ec8 [mod_auth] fix invalid read in digest qop=auth-int handling (fixes #2478) Stefan Bühler 2013-06-29 09:45:27 +00:00
3caf47ecd9 [fdevent-libev] fix type punning warnings Stefan Bühler 2013-06-29 09:45:25 +00:00
680b714543 [cmake] Use TARGET_LINK_LIBRARIES instead of LINK_FLAGS for library dependencies, also add -Wl,--as-needed to extra warnings (fixes #2448) Stefan Bühler 2013-06-29 09:45:23 +00:00
838d771550 added mime type for json files Marcus Rückert 2013-06-25 10:20:15 +00:00
a0e93c678b fix undefined stuff found with clang Stefan Bühler 2013-05-15 10:31:09 +00:00
661efa3f37 fix some bugs found with canalyze (fixes #2484, thx Zhenbo Xu) Stefan Bühler 2013-05-15 10:31:07 +00:00
ce4bc0c0f7 [mod_auth] fix base64_decode (#2484) Stefan Bühler 2013-05-15 10:31:04 +00:00
c26b50d9ad [mod_auth] add htpasswd -s (SHA1) support if openssl is used (needs openssl for SHA1). This doesn't use any salt, md5 with salt is probably better. Stefan Bühler 2013-04-29 13:08:25 +00:00
0342dfef1d [mod_auth] use crypt() on encrypted password instead of extracting salt first (fixes #2483) Stefan Bühler 2013-04-29 13:08:23 +00:00
b5da12c008 reject non ASCII characters in HTTP header names Stefan Bühler 2013-03-25 17:22:36 +00:00
25a2d665aa call ERR_clear_error only for ssl connections in CON_STATE_ERROR Stefan Bühler 2013-03-25 17:22:34 +00:00
0e48ef6acb [mod_fastcgi,log] support multi line logging (fixes #2252) Stefan Bühler 2013-03-25 17:22:32 +00:00
543bd249fb fix handling of If-Modified-Since if If-None-Match is present (don't return 412 for date parsing errors); follow current draft for HTTP/1.1, which tells us to ignore If-Modified-Since if we have matching etags. Stefan Bühler 2013-01-22 13:08:21 +00:00
9cd8faa1b6 mod_fastcgi: fix mix up of "mode" => "authorizer" in other fastcgi configs (fixes #2465, thx peex) Stefan Bühler 2013-01-04 13:54:38 +00:00
5aef370a2d - next is 1.4.33 Stefan Bühler 2012-11-21 12:34:49 +00:00
79fed4ec04 remove whitespace at end of header keys lighttpd-1.4.32 Stefan Bühler 2012-11-21 12:01:46 +00:00
6edfc40f93 fix DoS in Connection header value split (reported by Jesse Sipprell, CVE-2012-5533) Stefan Bühler 2012-11-21 12:01:44 +00:00
6200764f05 tests: check different combination of empty values, leading/trailing spaces and commas in the Connection header Stefan Bühler 2012-11-21 12:01:42 +00:00
29b126d5d3 mod_extforward: log address of untrusted proxy with debug.log-request-handling Stefan Bühler 2012-11-15 08:44:10 +00:00
4f4bcdd3c3 tests: make sure mod_proxy doesn't leave running processes (fixes #2435, thx kibi) Cyril Brulebois 2012-11-09 14:23:25 +00:00
4002dce596 detect "x-gzip"/"x-bzip2" as separate encodings, more strict encoding matching (fixes #2443) Stefan Bühler 2012-11-09 14:23:24 +00:00
c3a9948c75 network_server_init: fix double free and memleak on error (fixes #2440, thx kyprizel) Stefan Bühler 2012-11-09 14:23:22 +00:00