lighttpd/lighttpd1.4
2
0
Fork 0
Code Issues Releases Wiki Activity

Commit Graph

  • efc41b2bb1 check length of unix domain socket filenames stbuehler 2014-02-16 13:08:43 +00:00
  • 7bd0f54ab2 add some asserts to help static analyzers stbuehler 2014-02-16 13:08:41 +00:00
  • 326f2fb8a4 [mod_accesslog] don't close fd -1 stbuehler 2014-02-16 13:08:38 +00:00
  • 8e31e18b8e [mod_webdav] fix logic error in handling file creation error stbuehler 2014-02-16 13:08:36 +00:00
  • 57c661c191 fix unchecked return values from stream_open/stat_cache_get_entry stbuehler 2014-02-16 13:08:34 +00:00
  • b106513e58 [network] check return value of lseek() stbuehler 2014-02-16 13:08:32 +00:00
  • 9f2be4882d force assertion: setting FD_CLOEXEC must work (if available) stbuehler 2014-02-16 13:08:29 +00:00
  • ef0b353fee [mod_cml_lua] fix null pointer dereference stbuehler 2014-02-16 13:08:27 +00:00
  • 954184e949 [mod_scgi] use goto error for all error cases in mod_scgi_set_defaults stbuehler 2014-02-16 13:08:24 +00:00
  • 8f0e19738f fix r2943 (added invalid read after free) stbuehler 2014-02-16 13:08:22 +00:00
  • 07dd0bd0a5 add force_assert() to enforce assertions as simple assert()s are disabled by -DNDEBUG (fixes #2546) stbuehler 2014-02-16 13:08:20 +00:00
  • fba7dd6f43 fix resource leaks in error cases on config parsing and other initializations stbuehler 2014-02-14 21:06:19 +00:00
  • bf10267807 [buffer] fix length check in buffer_is_equal_right_len stbuehler 2014-02-14 21:06:16 +00:00
  • bcd35cc264 remove logical dead code stbuehler 2014-02-14 21:06:14 +00:00
  • 29a1070299 add comments for switch fall throughs stbuehler 2014-02-14 21:06:12 +00:00
  • b239e7734a [mod_magnet] fix memory leak stbuehler 2014-02-14 21:06:10 +00:00
  • b461e031f5 [mod_fastcgi,mod_scgi] fix resource leaks on spawning backends stbuehler 2014-02-14 21:06:07 +00:00
  • d59c910d6a [mod_dirlisting] fix memory leak if pcre fails stbuehler 2014-02-14 21:06:05 +00:00
  • 0aaf939e5e [mod_rrdtool] fix invalid read (string not null terminated) stbuehler 2014-02-14 21:06:03 +00:00
  • fc3a060a04 [mod_fastcgi] fix use after free (only triggered if fastcgi debug is active) stbuehler 2014-02-14 21:06:00 +00:00
  • b8a1835093 NEWS entry for previous commit stbuehler 2014-02-14 21:05:58 +00:00
  • a7396296da [network/ssl] fix build error if TLSEXT is disabled stbuehler 2014-01-20 21:31:26 +00:00
  • 9061670c28 [dist]: fix typo in link title generated by packdist.sh stbuehler 2014-01-20 14:20:09 +00:00
  • 0d855be97e - next is 1.4.35 stbuehler 2014-01-20 14:20:06 +00:00
  • 3ca6adc233 [docs] add !kPSK to the cipher string recommendation as the comments before already mention lighttpd-1.4.34 stbuehler 2014-01-20 12:07:36 +00:00
  • d7c90814c3 [tests] add cleanup.sh to cmake test runs, reset SLOWREQUEST in request.t stbuehler 2014-01-10 12:05:12 +00:00
  • 524e0a30a0 add two asserts to help parfait (#2530) stbuehler 2014-01-10 12:05:09 +00:00
  • 24994e113a [mod_webdav] fix fd leak found with parfait (fixes #2530, thx kukackajiri) stbuehler 2014-01-10 12:05:06 +00:00
  • 657566828e [mod_mysql_vhost] fix memory leak on config init (#2530) stbuehler 2014-01-10 12:05:04 +00:00
  • e346794d59 [auto* build] remove -no-undefined from linker flags, as we actually link modules with undefined symbols (fixes #2533) stbuehler 2014-01-10 12:05:02 +00:00
  • f0e5c1415d [core] decode URL before rewrite, enabling it to work in $HTTP["url"] conditionals (fixes #2526) stbuehler 2014-01-10 12:04:59 +00:00
  • 17762fad01 maintain physical.basedir (the "acting" doc-root as prefix of physical.path) in more places stbuehler 2014-01-10 12:04:57 +00:00
  • c8fbc16985 [ssl] fix regression from CVE-2013-4508 (client-cert sessions were broken) stbuehler 2013-11-13 17:18:39 +00:00
  • 18869bcfed [mod_ssi] fix "ssi_val_init" prototype stbuehler 2013-11-13 17:18:35 +00:00
  • 99cddff73a [core] check success of setuid,setgid,setgroups (CVE-2013-4559) stbuehler 2013-11-13 11:43:33 +00:00
  • d8b363c1d1 [stat-cache] fix FAM cleanup/fdevent handling stbuehler 2013-11-13 11:43:31 +00:00
  • ae1335503a [stat-cache] FAM: fix use after free (CVE-2013-4560) stbuehler 2013-11-13 11:43:28 +00:00
  • 6f208cfde1 fix/silence bugs reported by ccc-analyzer (clang) stbuehler 2013-11-13 11:43:26 +00:00
  • 6b7240f2d8 NEWS entry for previous commit stbuehler 2013-11-13 11:43:23 +00:00
  • cdcd49b547 [doc] update ssl.cipher-list recommendation stbuehler 2013-11-10 16:44:34 +00:00
  • ff86b5cc67 [autobuild] create m4/ before calling autoreconf stbuehler 2013-11-10 13:59:43 +00:00
  • 4938c94ada fix typo (fixes #2519) stbuehler 2013-11-10 13:49:47 +00:00
  • 1985df2a48 add "packdist.sh" script to build (pre-) releases stbuehler 2013-11-10 13:41:12 +00:00
  • cb02c73860 [autobuild] use autoreconf instead of calling tools manually; add generated files to .gitignore stbuehler 2013-11-10 13:41:09 +00:00
  • 1af871fcef [ssl] fix SNI handling; only use key+cert+verify-client from SNI specific config (fixes #2525, CVE-2013-4508) stbuehler 2013-11-05 15:29:07 +00:00
  • 3ce548c8d0 remove unused members from struct server_socket stbuehler 2013-11-05 15:29:04 +00:00
  • 268c054c40 [mod_extforward] fix compilation without IPv6, (not) using undefined var (fixes #2515, thx mm) stbuehler 2013-10-13 11:34:55 +00:00
  • 9b0d54d7cc [mod_auth] explicitly link ssl for SHA1 (fixes #2517) stbuehler 2013-10-13 11:16:55 +00:00
  • 32199a7bdf - next is 1.4.34 stbuehler 2013-09-27 20:22:12 +00:00
  • a4640b457e [tests] use list for perl exec to skip the sh wrapper lighttpd-1.4.33 stbuehler 2013-09-06 16:44:41 +00:00
  • 3863053b99 [mod_scgi] fix log typos stbuehler 2013-09-06 16:44:39 +00:00
  • 29ff92d9ba [core] set signal handlers before forking child processes in modules/plugins_call_set_defaults (fixes #2502) stbuehler 2013-08-30 15:46:13 +00:00
  • 9cfc080ab7 [core] allow files to be used as document-root (fixes #2475) stbuehler 2013-08-30 15:02:44 +00:00
  • c26b0f9617 [mod_accesslog] add accesslog.syslog-level option (fixes #2480) stbuehler 2013-08-30 14:13:43 +00:00
  • f0e5b84c27 [mod_simple_vhost] fix cache; skip module if simple-vhost.server-root is empty (thx rm for reporting) stbuehler 2013-08-30 13:15:03 +00:00
  • 95dc1ed79e [tests] add mod_simplevhost tests stbuehler 2013-08-30 13:15:01 +00:00
  • 92567b8b8f [core] check whether server.chroot exists stbuehler 2013-08-30 13:14:59 +00:00
  • 916cf7cfc0 [core] remove requirement that default doc-root has to exist, there are reasonable scenarios not requiring static files at all stbuehler 2013-08-30 13:14:57 +00:00
  • f9d58670d5 [auth] new method "extern" to use already present REMOTE_USER (from magnet, ssl, ...) (fixes #2436) stbuehler 2013-08-30 13:14:56 +00:00
  • 2bcf65c285 [mod_auth] some cleanup, only search for matching auth.require path once stbuehler 2013-08-30 13:14:54 +00:00
  • 559b198f86 [auth] put REMOTE_USER into cgi environment, making it accessible to lua via lighty.req_env (fixes #2495) stbuehler 2013-08-30 13:14:52 +00:00
  • 93fd9ea7a4 [ssl] add option ssl.empty-fragments, defaulting to disabled (fixes #2492) stbuehler 2013-08-30 13:14:50 +00:00
  • 6d4d2118c3 [ssl] accept ssl renegotiations if they are not disabled (fixes #2491) stbuehler 2013-08-30 13:14:48 +00:00
  • 292b8d621b move ssl.disable-client-renegotiation and added note that it currently doesnt work inside conditionals Marcus Rückert 2013-08-15 10:33:00 +00:00
  • f8e9462d2f [autoconf] pkg-config: search for lua5.1 and lua-5.1 before lua stbuehler 2013-07-31 20:23:23 +00:00
  • 05858f6cf2 [ssl] Fix $HTTP["scheme"] conditional, could be "http" for ssl connections if the ssl $SERVER["socket"] conditional was nested (fixes #2501) stbuehler 2013-07-31 20:23:21 +00:00
  • 7147c84671 [mod_accesslog] fix log buffer <-> log file mapping stbuehler 2013-07-31 20:23:18 +00:00
  • 25a3f2e826 [network] use constants available at compile time for maximum number of chunks for writev instead of calling sysconf (fixes #2470) stbuehler 2013-06-29 12:46:02 +00:00
  • 6cdb46587c [ssl] use DH only if openssl supports it (fixes #2479) stbuehler 2013-06-29 12:46:00 +00:00
  • 3df2ec9248 [core] recognize more http methods to forward to backends (fixes #2346) stbuehler 2013-06-29 10:53:24 +00:00
  • 9b36534752 [core] return 501 Not Implemented in static file mode for all methods except GET/POST/HEAD/OPTIONS stbuehler 2013-06-29 10:53:22 +00:00
  • f0a2c0f293 [mod_user] add test cases to check handling of encoded ~ as %7E (#2124) stbuehler 2013-06-29 10:07:45 +00:00
  • 12c4a40b28 [mod_userdir] add userdir.active option, "enabled" by default stbuehler 2013-06-29 10:07:43 +00:00
  • 46240fdb7e [mod_auth] fix distcheck, depends on openssl now for {SHA} crypted passwords stbuehler 2013-06-29 09:45:31 +00:00
  • a6b42cc61e [auto* build] simplify autogen.sh, handle automake 1.13 test running (fixes #2490) stbuehler 2013-06-29 09:45:29 +00:00
  • c008fd7ec8 [mod_auth] fix invalid read in digest qop=auth-int handling (fixes #2478) stbuehler 2013-06-29 09:45:27 +00:00
  • 3caf47ecd9 [fdevent-libev] fix type punning warnings stbuehler 2013-06-29 09:45:25 +00:00
  • 680b714543 [cmake] Use TARGET_LINK_LIBRARIES instead of LINK_FLAGS for library dependencies, also add -Wl,--as-needed to extra warnings (fixes #2448) stbuehler 2013-06-29 09:45:23 +00:00
  • 838d771550 added mime type for json files Marcus Rückert 2013-06-25 10:20:15 +00:00
  • a0e93c678b fix undefined stuff found with clang stbuehler 2013-05-15 10:31:09 +00:00
  • 661efa3f37 fix some bugs found with canalyze (fixes #2484, thx Zhenbo Xu) stbuehler 2013-05-15 10:31:07 +00:00
  • ce4bc0c0f7 [mod_auth] fix base64_decode (#2484) stbuehler 2013-05-15 10:31:04 +00:00
  • c26b50d9ad [mod_auth] add htpasswd -s (SHA1) support if openssl is used (needs openssl for SHA1). This doesn't use any salt, md5 with salt is probably better. stbuehler 2013-04-29 13:08:25 +00:00
  • 0342dfef1d [mod_auth] use crypt() on encrypted password instead of extracting salt first (fixes #2483) stbuehler 2013-04-29 13:08:23 +00:00
  • b5da12c008 reject non ASCII characters in HTTP header names stbuehler 2013-03-25 17:22:36 +00:00
  • 25a2d665aa call ERR_clear_error only for ssl connections in CON_STATE_ERROR stbuehler 2013-03-25 17:22:34 +00:00
  • 0e48ef6acb [mod_fastcgi,log] support multi line logging (fixes #2252) stbuehler 2013-03-25 17:22:32 +00:00
  • 543bd249fb fix handling of If-Modified-Since if If-None-Match is present (don't return 412 for date parsing errors); follow current draft for HTTP/1.1, which tells us to ignore If-Modified-Since if we have matching etags. stbuehler 2013-01-22 13:08:21 +00:00
  • 9cd8faa1b6 mod_fastcgi: fix mix up of "mode" => "authorizer" in other fastcgi configs (fixes #2465, thx peex) stbuehler 2013-01-04 13:54:38 +00:00
  • 5aef370a2d - next is 1.4.33 stbuehler 2012-11-21 12:34:49 +00:00
  • 79fed4ec04 remove whitespace at end of header keys lighttpd-1.4.32 stbuehler 2012-11-21 12:01:46 +00:00
  • 6edfc40f93 fix DoS in Connection header value split (reported by Jesse Sipprell, CVE-2012-5533) stbuehler 2012-11-21 12:01:44 +00:00
  • 6200764f05 tests: check different combination of empty values, leading/trailing spaces and commas in the Connection header stbuehler 2012-11-21 12:01:42 +00:00
  • 29b126d5d3 mod_extforward: log address of untrusted proxy with debug.log-request-handling stbuehler 2012-11-15 08:44:10 +00:00
  • 4f4bcdd3c3 tests: make sure mod_proxy doesn't leave running processes (fixes #2435, thx kibi) Cyril Brulebois 2012-11-09 14:23:25 +00:00
  • 4002dce596 detect "x-gzip"/"x-bzip2" as separate encodings, more strict encoding matching (fixes #2443) stbuehler 2012-11-09 14:23:24 +00:00
  • c3a9948c75 network_server_init: fix double free and memleak on error (fixes #2440, thx kyprizel) stbuehler 2012-11-09 14:23:22 +00:00
  • 9b246c5e09 fix :port handling in $HTTP["host"] checks (fixes #2135. thx liming) stbuehler 2012-11-07 14:23:00 +00:00
  • d4d1ff36aa add PATCH method (fixes #2424) stbuehler 2012-11-07 13:53:00 +00:00
  • fcb3f42f11 configure.ac: remove old stuff, add some new to fix warnings in automake 1.12 (fixes #2419, thx blino) stbuehler 2012-11-07 13:07:02 +00:00