|
|
|
|
|
|
|
|
|
|
|
====
|
|
|
|
|
|
NEWS
|
|
|
|
|
|
====
|
|
|
|
|
|
|
|
|
|
|
|
- 1.4.23 -
|
|
|
|
|
|
* Added some extra warning options in cmake and fix the resulting warnings (unused/static functions)
|
|
|
|
|
|
* New lighttpd man page (moved it to section 8) (fixes #1875)
|
|
|
|
|
|
* Create rrd file for empty rrdfile in mod_rrdtool (#1788)
|
|
|
|
|
|
* Fix workaround for incorrect path info/scriptname if fastcgi prefix is "/" (fixes #729)
|
|
|
|
|
|
* Finally removed spawn-fcgi
|
|
|
|
|
|
* Allow xattr to overwrite mime type (fixes #1929)
|
|
|
|
|
|
* Remove link from errormsg about fastcgi apps (fixes #1942)
|
|
|
|
|
|
* Strip trailing dot from "Host:" header
|
|
|
|
|
|
* Remove the optional port info from SERVER_NAME (thx Mr_Bond)
|
|
|
|
|
|
* Fix mod_proxy RoundRobin (off by one problem if only one backend is up)
|
|
|
|
|
|
* Rename configure.in to configure.ac, with small cleanups (fixes #1932)
|
|
|
|
|
|
* Add proper SUID bit detection (fixes #416)
|
|
|
|
|
|
* Check for regular file in mod_cgi, so we don't try to start directories
|
|
|
|
|
|
* Include mmap.h from chunk.h to fix some problems with #define mmap mmap64 (fixes #1923)
|
|
|
|
|
|
* Add support for pipe logging for server.errorlog (fixes #296)
|
|
|
|
|
|
* Add revision number to package version for svn/git checkouts
|
|
|
|
|
|
* Use server.tag for SERVER_SOFTWARE if configured (fixes #357)
|
|
|
|
|
|
* Fix trailing zero char in REQUEST_URI after "strip-request-uri" in mod_fastcgi
|
|
|
|
|
|
* mod_magnet: Add env["request.remote-ip"] (fixes #1740)
|
|
|
|
|
|
* mod_magnet: Add env["request.path-info"]
|
|
|
|
|
|
* Change name/version separator back to "/" (affects every place where the version is printed)
|
|
|
|
|
|
* Fix bug with FastCGI request id overflow under high load; just use always id 1 as we don't use multiplexing. (thx jgray)
|
|
|
|
|
|
* Add some dirlisting enhancements (fixes #1458)
|
|
|
|
|
|
* Add option to enable TCP_DEFER_ACCEPT (fixes #1447)
|
|
|
|
|
|
* Limit amount of bytes read for one read-event (fixes #1070)
|
|
|
|
|
|
* Add evasive.silent option (fixes #1438)
|
|
|
|
|
|
* Make mod_extforward headers configurable (fixes #1545)
|
|
|
|
|
|
* Add '%_' pattern for complete hostname in mod_evhost (fixes #1737)
|
|
|
|
|
|
* Add IPv6 support to mod_proxy (fixes #1537)
|
|
|
|
|
|
* mod_ssi printenv: print cgi env, add environment vars to cgi env (fixes #1713)
|
|
|
|
|
|
* Fix error message if no auth backend was set
|
|
|
|
|
|
* Fix SERVER_NAME port stripping (fixes #1968)
|
|
|
|
|
|
* Fix x-sendfile 2gb limiting (fixes #1970)
|
|
|
|
|
|
* Fix mod_cgi environment keys mangling (fixes #1969)
|
|
|
|
|
|
* Fix workaround for incorrect path info/scriptname if scgi prefix is "/" (fixes #729)
|
|
|
|
|
|
* Fix max-age value in mod_expire for 'modification' (fixes #1978)
|
|
|
|
|
|
* Fix evasive.silent option (#1438)
|
|
|
|
|
|
* Fix mod-fastcgi counters
|
|
|
|
|
|
* Modify fastcgi error message
|
|
|
|
|
|
* Backup errno for later usage (reported by Guido Reina via mailinglist)
|
|
|
|
|
|
* Improve FastCGI performance (fixes #1999)
|
|
|
|
|
|
* Workaround broken operating systems: check for trailing '/' in filenames (fixes #1989)
|
|
|
|
|
|
* Allow using pcre with cross-compiling (pcre-config got fixed; fixes #1986)
|
|
|
|
|
|
* Add "lighty.req_env" table to mod_magnet for setting/getting environment values for cgi (fixes #1967, thx presbrey)
|
|
|
|
|
|
* Fix segfault in mod_expire after failed config parsing (fixes #1992)
|
|
|
|
|
|
* Add ssi.content-type option (default text/html, fixes #615)
|
|
|
|
|
|
* Add support for "real" entropy from /dev/[u]random (fixes #1977)
|
|
|
|
|
|
* Adding support for additional chars in LDAP usernames (fixes #1941)
|
|
|
|
|
|
* Ignore multiple "If-None-Match" headers (only use first one, fixes #753)
|
|
|
|
|
|
* Add X-Sendfile-Range feature (fixes #2005)
|
|
|
|
|
|
* Fix 100% cpu usage if time() < 0 (thx to gaspa and cate, fixes #1964)
|
|
|
|
|
|
|
|
|
|
|
|
- 1.4.22 - 2009-03-07
|
|
|
|
|
|
* Fix wrong lua type for CACHE_MISS/CACHE_HIT in mod_cml (fixes #533)
|
|
|
|
|
|
* Fix default vhost in mod_simple_vhost (fixes #1905)
|
|
|
|
|
|
* Handle EINTR in mod_rrdtool (fixes #604)
|
|
|
|
|
|
* Fix rrd error after graceful restart (fixes #419)
|
|
|
|
|
|
* Fix EAGAIN handling for freebsd sendfile (fixes #1913, thx AnMaster for spotting the problem)
|
|
|
|
|
|
* Fix segfault in mod_scgi (fixes #1911)
|
|
|
|
|
|
* Treat EPIPE as connection-closed error in network_freebsd_sendfile.c (another fix from #1913)
|
|
|
|
|
|
* Fix useless redirection of stderr in mod_rrdtool, as it gets redirected to /dev/null later. (fixes #1922)
|
|
|
|
|
|
* Fix some problems with more strict compilers (#1923)
|
|
|
|
|
|
* Fix segfault if siginfo_t* is NULL in sigaction handler (fixes #1926)
|
|
|
|
|
|
|
|
|
|
|
|
- 1.4.21 - 2009-02-16
|
|
|
|
|
|
|
|
|
|
|
|
* Fix base64 decoding in mod_auth (#1757, thx guido)
|
|
|
|
|
|
* Fix mod_cgi segfault when bound to unix domain socket (#653)
|
|
|
|
|
|
* Do not rely on ioctl FIONREAD (#673)
|
|
|
|
|
|
* Now really fix mod auth ldap (#1066)
|
|
|
|
|
|
* Fix leaving zombie process with include_shell (#1777)
|
|
|
|
|
|
* Removed debian/, openwrt/ and cygwin/; they weren't kept up-to-date, and we decided to remove dist. specific stuff
|
|
|
|
|
|
* Try to convert string options to shorts for numeric options in config file; allows to use env-vars for numeric options. (#1159, thx andrewb)
|
|
|
|
|
|
* Do not cache default vhost in mod_simple_vhost (#709)
|
|
|
|
|
|
* Trust pcre-config, do not check for pcre manually (#1769)
|
|
|
|
|
|
* Fix fastcgi authorization in subdirectories with check-local=disabled; don't split pathinfo for authorizer. (#963)
|
|
|
|
|
|
* Add possibility to disable methods in mod_compress (#1773)
|
|
|
|
|
|
* Fix duplicate connection keep-alive/transfer-encoding headers (#960)
|
|
|
|
|
|
* Fixed fix for round-robin in mod_proxy (forgot to increment the index) (#1715)
|
|
|
|
|
|
* Fix fastcgi-authorizer handling; Status: 200 is now accepted as the doc requests
|
|
|
|
|
|
* Compare address family in inet_ntop_cache
|
|
|
|
|
|
* Revert CVE-2008-4359 (#1720) fix "encoding+simplifying urls for rewrite/redirect": too many regressions.
|
|
|
|
|
|
* Use FD_CLOEXEC if possible (fixes #1821)
|
|
|
|
|
|
* Optimized buffer usage in mod_proxy (fixes #1850)
|
|
|
|
|
|
* Fix uninitialized value in time struct after strptime
|
|
|
|
|
|
* Do not pass Proxy-Connection: header from client to backend http server in mod_proxy (#1877)
|
|
|
|
|
|
* Fix wrong malloc sizes in mod_accesslog (probably nothing bad happened...) (fixes #1855, thx ycheng)
|
|
|
|
|
|
* Some small buffer.c fixes (closes #1837)
|
|
|
|
|
|
* Remove floating point math from server.c (fixes #1402)
|
|
|
|
|
|
* Disable SSLv2 by default
|
|
|
|
|
|
* Use/enforce sane max-connection values (fixes #1803)
|
|
|
|
|
|
* Allow mod_compress to return 304 (Not Modified); compress ignores the static-file.etags option.(fixes #1884)
|
|
|
|
|
|
* Add option to ignore the "Expect: 100-continue" header instead of returning 417 Expectation failed (closes #1017)
|
|
|
|
|
|
* Use modified etags in mod_compress (fixes #1800)
|
|
|
|
|
|
* Fix max-connection limit handling/100% cpu usage (fixes #1436)
|
|
|
|
|
|
* Fix error handling in freebsd-sendfile (fixes #1813)
|
|
|
|
|
|
* Silenced the annoying "request timed out" warning, enable with the "debug.log-timeouts" option (fixes #1529)
|
|
|
|
|
|
* Allow tabs in header values (fixes #1822)
|
|
|
|
|
|
* Added Language conditional (fixes #1119); patch by petar
|
|
|
|
|
|
* Fix wrong format strings (#1900, thx stepancheg)
|
|
|
|
|
|
|
|
|
|
|
|
- 1.4.20 - 2008-09-30
|
|
|
|
|
|
|
|
|
|
|
|
* Fix mod_compress to compile with old gcc version (#1592)
|
|
|
|
|
|
* Fix mod_extforward to compile with old gcc version (#1591)
|
|
|
|
|
|
* Update documentation for #1587
|
|
|
|
|
|
* Fix #285 again: read error after SSL_shutdown (thx marton.illes@balabit.com) and clear the error queue before some other calls (CVE-2008-1531)
|
|
|
|
|
|
* Fix mod_magnet: enable "request.method" and "request.protocol" in lighty.env (#1308)
|
|
|
|
|
|
* Fix segfault for appending matched parts if there was no regex matching (just give empty strings) (#1601)
|
|
|
|
|
|
* Use data_response_init in mod_fastcgi x-sendfile handling for response.headers, fix a small "memleak" (#1628)
|
|
|
|
|
|
* Don't send empty Server headers (#1620)
|
|
|
|
|
|
* Fix conditional interpretation of core options
|
|
|
|
|
|
* Enable escaping of % and $ in redirect/rewrite; only two cases changed their behaviour: "%%" => "%", "$$" => "$"
|
|
|
|
|
|
* Fix accesslog port (should be port from the connection, not the "server.port") (#1618)
|
|
|
|
|
|
* Fix mod_fastcgi prefix matching: match the prefix always against url, not the absolute filepath (regardless of check-local)
|
|
|
|
|
|
* Overwrite Content-Type header in mod_dirlisting instead of inserting (#1614), patch by Henrik Holst
|
|
|
|
|
|
* Handle EINTR in mod_cgi during write() (#1640)
|
|
|
|
|
|
* Allow all http status codes by default; disable body only for 204,205 and 304; generate error pages for 4xx and 5xx (#1639)
|
|
|
|
|
|
* Fix mod_magnet to set con->mode = p->id if it generates content, so returning 4xx/5xx doesn't append an error page
|
|
|
|
|
|
* Remove lighttpd.spec* from source, fixing all problems with it ;-)
|
|
|
|
|
|
* Do not rely on PATH_MAX (POSIX does not require it) (#580)
|
|
|
|
|
|
* Disable logging to access.log if filename is an empty string
|
|
|
|
|
|
* Implement a clean way to open /dev/null and use it to close stdin/out/err in the needed places (#624)
|
|
|
|
|
|
* merge spawn-fcgi changes from trunk (from @2191)
|
|
|
|
|
|
* let spawn-fcgi propagate exit code from spawned fcgi application
|
|
|
|
|
|
* close connection after redirect in trigger_b4_dl (thx icy)
|
|
|
|
|
|
* close connection in mod_magnet if returned status code
|
|
|
|
|
|
* fix bug with IPv6 in mod_evasive (#1579)
|
|
|
|
|
|
* fix scgi HTTP/1.* status parsing (#1638), found by met@uberstats.com
|
|
|
|
|
|
* [tests] fixed system, use foreground daemons and waitpid
|
|
|
|
|
|
* [tests] removed pidfile from test system
|
|
|
|
|
|
* [tests] fixed tests needing php running (if not running on port 1026, search php in env[PHP] or /usr/bin/php-cgi)
|
|
|
|
|
|
* fixed typo in mod_accesslog (#1699)
|
|
|
|
|
|
* replaced buffer_{append,copy}_string with the _len variant where possible (#1732) (thx crypt)
|
|
|
|
|
|
* case insensitive match for secdownload md5 token (#1710)
|
|
|
|
|
|
* Handle only HEAD, GET and POST in mod_dirlisting (same as in staticfile) (#1687)
|
|
|
|
|
|
* fixed mod_secdownload problem with unsigned time_t (#1688)
|
|
|
|
|
|
* handle EAGAIN and EINTR for freebsd sendfile (#1675)
|
|
|
|
|
|
* Use filedescriptor 0 for mod_scgi spawn socket, redirect STDERR to /dev/null (#1716)
|
|
|
|
|
|
* fixed round-robin balancing in mod_proxy (#1715)
|
|
|
|
|
|
* fixed EINTR handling for waitpid in mod_fastcgi
|
|
|
|
|
|
* mod_{fast,s}cgi: overwrite environment variables (#1722)
|
|
|
|
|
|
* inserted many con->mode checks; they should prevent two modules to handle the same request if they shouldn't (#631)
|
|
|
|
|
|
* fixed url encoding to encode more characters (#266)
|
|
|
|
|
|
* allow digits in [s]cgi env vars (#1712)
|
|
|
|
|
|
* fixed dropping last character of evhost pattern (#161)
|
|
|
|
|
|
* print helpful error message on conditionals in global block (#1550)
|
|
|
|
|
|
* decode url before matching in mod_rewrite (#1720) -- (reverted for 1.4.21)
|
|
|
|
|
|
* fixed conditional patching of ldap filter (#1564)
|
|
|
|
|
|
* Match headers case insensitive in response (removing of X-{Sendfile,LIGHTTPD-*}, catching Date/Server) [2281]
|
|
|
|
|
|
* fixed bug with case-insensitive filenames in mod_userdir (#1589), spotted by "anders1" (CVE-2008-4360)
|
|
|
|
|
|
* fixed format string bugs in mod_accesslog for SYSLOG
|
|
|
|
|
|
* replaced fprintf with log_error_write in fastcgi debug
|
|
|
|
|
|
* fixed mem leak in ssi expression parser (#1753), thx Take5k
|
|
|
|
|
|
* hide some ssl errors per default, enable them with debug.log-ssl-noise (#397)
|
|
|
|
|
|
* do not send content-encoding for 304 (#1754), thx yzlai
|
|
|
|
|
|
* fix segfault for stat_cache(fam) calls with relative path (without '/', can be triggered by x-sendfile) (#1750)
|
|
|
|
|
|
* fix splitting of auth-ldap filter
|
|
|
|
|
|
* workaround ldap connection leak if a ldap connection failed (restarting ldap)
|
|
|
|
|
|
* fix auth.backend.ldap.bind-dn/pw problems (only read from global context for temporary ldap reconnects, thx ruskie)
|
|
|
|
|
|
* fix memleak in request header parsing (#1774, thx qhy) (CVE-2008-4298)
|
|
|
|
|
|
* fix mod_rewrite memleak/endless loop detection (#1775, thx phy - again!)
|
|
|
|
|
|
* use decoded url for matching in mod_redirect (#1720) (CVE-2008-4359) -- (reverted for 1.4.21)
|
|
|
|
|
|
|
|
|
|
|
|
- 1.4.19 - 2008-03-10
|
|
|
|
|
|
|
|
|
|
|
|
* added support for If-Range: <date> (#1346)
|
|
|
|
|
|
* added support for matching $HTTP["scheme"] in configs
|
|
|
|
|
|
* fixed initgroups() called after chroot (#1384)
|
|
|
|
|
|
* fixed case-sensitive check for Auth-Method (#1456)
|
|
|
|
|
|
* execute fcgi app without /bin/sh if used as argument to spawn-fcgi (#1428)
|
|
|
|
|
|
* fixed a bug that made /-prefixed extensions being handled also when
|
|
|
|
|
|
matching the end of the uri in fcgi,scgi and proxy modules (#1489)
|
|
|
|
|
|
* print error if X-LIGHTTPD-send-file cannot be done; reset header
|
|
|
|
|
|
Content-Length for send-file. Patches by Stefan Buehler
|
|
|
|
|
|
* prevent crash in certain php-fcgi configurations (#841)
|
|
|
|
|
|
* add IdleServers and Scoreboard directives in ?auto mode for mod_status (#1507)
|
|
|
|
|
|
* open log immediately after daemonizing, fixes SIGPIPEs on startup (#165)
|
|
|
|
|
|
* HTTPS env var should be "on" when using mod_extforward and the X-Forwarded-Proto header is set. (#1499)
|
|
|
|
|
|
* generate ETag and Last-Modified headers for mod_ssi based on newest modified include (#1491)
|
|
|
|
|
|
* support letterhomes in mod_userdir (#1473)
|
|
|
|
|
|
* support chained proxies in mod_extforward (#1528)
|
|
|
|
|
|
* fixed bogus "cgi died ?" if we kill the CGI process on shutdown
|
|
|
|
|
|
* fixed ECONNRESET handling in network-openssl
|
|
|
|
|
|
* fixed handling of EAGAIN in network-linux-sendfile (#657)
|
|
|
|
|
|
* reset conditional cache (#1164)
|
|
|
|
|
|
* create directories in mod_compress (was broken with alias/userdir) (#1027)
|
|
|
|
|
|
* fixed out of range access in fd array (#1562, #372) (CVE-2008-0983)
|
|
|
|
|
|
* mod_compress should check if the request is already handled, e.g. by fastcgi (#1565)
|
|
|
|
|
|
* remove broken workaround for buggy Opera version with ssl/chunked encoding (#285)
|
|
|
|
|
|
* generate etag/last-modified header for on-the-fly-compressed files (#1171)
|
|
|
|
|
|
* req-method OPTIONS: do not insert default response if request was denied, do not deny OPTIONS by default (#1324)
|
|
|
|
|
|
* fixed memory leak on windows (#1347)
|
|
|
|
|
|
* fixed building outside of the src dir (#1349)
|
|
|
|
|
|
* fixed including of stdint.h/inttypes.h in etag.c (#1413)
|
|
|
|
|
|
* do not add Accept-Ranges header if range-request is disabled (#1449)
|
|
|
|
|
|
* log the ip of failed auth tries in error.log (enhancement #1544)
|
|
|
|
|
|
* fixed RoundRobin in mod_proxy (#516)
|
|
|
|
|
|
* check for symlinks after successful pathinfo matching (#1574)
|
|
|
|
|
|
* fixed mod-proxy.t to run with a builddir outside of the src dir
|
|
|
|
|
|
* do not suppress content on "307 Temporary Redirect" (#1412)
|
|
|
|
|
|
* fixed Content-Length header if response body gets removed in connections.c (#1412, part 2)
|
|
|
|
|
|
* do not generate a "Content-Length: 0" header for HEAD requests, added test too
|
|
|
|
|
|
* remove compress cache file if compression or write failed (#1150)
|
|
|
|
|
|
* fixed body handling of status 300 requests
|
|
|
|
|
|
* spawn-fcgi: only try to connect to unix socket (not tcp) before spawning (#1575)
|
|
|
|
|
|
* fix sending source of cgi script instead of 500 error if fork fails (CVE-2008-1111)
|
|
|
|
|
|
* fix min-procs handling in mod_scgi.c, just set to max-procs (patch from #623)
|
|
|
|
|
|
* fix sending "408 - Timeout" instead of "410 - Gone" for timedout urls in mod_secdownload (#1440)
|
|
|
|
|
|
* workaround #1587: require userdir.path to be set to enable mod_userdir (empty string allowed) (CVE-2008-1270)
|
|
|
|
|
|
* make configure checks for --with-pcre, --with-zlib and --with-bzip2 failing if the headers aren't found
|
|
|
|
|
|
* fixed handling of waitpid() == EINTR mod_ssi on solaris
|
|
|
|
|
|
|
|
|
|
|
|
- 1.4.18 - 2007-09-09
|
|
|
|
|
|
|
|
|
|
|
|
* fixed compile error on IRIX 6.5.x on prctl() (#1333)
|
|
|
|
|
|
* fixed forwarding a SIGINT and SIGHUP when using max-workers (#902)
|
|
|
|
|
|
* fixed FastCGI header overrun in mod_fastcgi (reported by mattias@secweb.se)
|
|
|
|
|
|
* fixed hanging redirects with keep-alive due to missing
|
|
|
|
|
|
"Content-Length: 0" headers
|
|
|
|
|
|
* fixed crashing when using undefined environment variables in the config
|
|
|
|
|
|
* fixed compilation of mod_mysql_vhost on irix (#1341)
|
|
|
|
|
|
|
|
|
|
|
|
- 1.4.17 - 2007-08-29
|
|
|
|
|
|
|
|
|
|
|
|
* added dir-listing.set-footer in mod_dirlisting (#1277)
|
|
|
|
|
|
* added sending UID and PID for SIGTERM and SIGINT to the logs
|
|
|
|
|
|
* fixed hardcoded font-sizes in mod_dirlisting (#1267)
|
|
|
|
|
|
* fixed different ETag length on 32/64 platforms (#1279)
|
|
|
|
|
|
* fixed compression of files < 128 bytes by disabling compression (#1241)
|
|
|
|
|
|
* fixed mysql server reconnects (#518)
|
|
|
|
|
|
* fixed disabled keep-alive for dynamic content with HTTP/1.0 (#1166)
|
|
|
|
|
|
* fixed crash on mixed EOL sequences in mod_cgi
|
|
|
|
|
|
* fixed key compare (#1287)
|
|
|
|
|
|
* fixed invalid char in header values (#1286)
|
|
|
|
|
|
* fixed invalid "304 Not Modified" on broken timestamps
|
|
|
|
|
|
* fixed endless loop on shrinked files with sendfile() on BSD (#1289)
|
|
|
|
|
|
* fixed counter overrun in ?auto in mod_status (#909)
|
|
|
|
|
|
* fixed too aggresive caching of nested conditionals (#41)
|
|
|
|
|
|
* fixed possible overflow in unix-socket path checks on BSD (#713)
|
|
|
|
|
|
* fixed extra Content-Length header on 1xx, 204 and 304 (#1002)
|
|
|
|
|
|
* fixed handling of duplicate If-Modified-Since to return 304
|
|
|
|
|
|
* fixed extracting status code from NPH scripts (#1125)
|
|
|
|
|
|
* fixed prctl() usage (#1310)
|
|
|
|
|
|
* removed config-check if passwd files exist (#1188)
|
|
|
|
|
|
* fixed crash when etags are disabled but the client sends one (#1322)
|
|
|
|
|
|
* fixed crash when freeing the config in mod_alias
|
|
|
|
|
|
* fixed server.error-handler-404 breakage from 1.4.16 (#1270)
|
|
|
|
|
|
* fixed entering 404-handler from dynamic content (#948)
|
|
|
|
|
|
* added more debug infos for FAM based stat-cache
|
|
|
|
|
|
* use more LSB like paths in the sample config (#1242)
|
|
|
|
|
|
|
|
|
|
|
|
- 1.4.16 - 2007-07-25
|
|
|
|
|
|
|
|
|
|
|
|
* added static-file.etags, etag.use-inode, etag.use-mtime, etag.use-size
|
|
|
|
|
|
to customize the generation of ETags for static files. (#1209)
|
|
|
|
|
|
(patch by <Yusufg@gmail.com>)
|
|
|
|
|
|
* fixed typecast of NULL on execl() (#1235)
|
|
|
|
|
|
(patch by F. Denis)
|
|
|
|
|
|
* fixed circumventing url.access-deny by trailing slash (#1230)
|
|
|
|
|
|
* fixed crash on duplicate headers with trailing WS (#1232)
|
|
|
|
|
|
* fixed accepting more connections then requested (#1216)
|
|
|
|
|
|
* fixed mem-leak in mod_auth (reported by Stefan Esser)
|
|
|
|
|
|
* fixed crash with md5-sess and cnonce not set in mod_auth (reported by Stefan Esser)
|
|
|
|
|
|
* fixed missing check for base64 encoded string in mod_auth and Basic auth
|
|
|
|
|
|
(reported by Stefan Esser)
|
|
|
|
|
|
* fixed possible crash in Auth-Digest header parser on trailing WS in
|
|
|
|
|
|
mod_auth (reported by Stefan Esser)
|
|
|
|
|
|
* fixed check on stale errno values, which broke handling of broken fastcgi
|
|
|
|
|
|
applications. (#1245)
|
|
|
|
|
|
* fixed crash on 32bit archs when debug-msgs are printed in mod_scgi, mod_fastcgi
|
|
|
|
|
|
and mod_webdav (#1263)
|
|
|
|
|
|
|
|
|
|
|
|
- 1.4.15 - 2007-04-13
|
|
|
|
|
|
|
|
|
|
|
|
* fixed broken Set-Cookie headers
|
|
|
|
|
|
|
|
|
|
|
|
- 1.4.14 - 2007-04-13
|
|
|
|
|
|
|
|
|
|
|
|
* fix crash if gethostbyaddr() failed on redirect [1718]
|
|
|
|
|
|
* properly handle 206 responses generated by *cgi scripts. (#755) [1716]
|
|
|
|
|
|
* added HTTPS=on to the environment of cgi scripts (#861) [1684]
|
|
|
|
|
|
* fix handling of 303 (#1045) [1678]
|
|
|
|
|
|
* made the configure check for lua more portable [1677]
|
|
|
|
|
|
* added mod_extforward module [1665]
|
|
|
|
|
|
* references to the fam stat cache engine should be conditional (#1039) [1664]
|
|
|
|
|
|
* fix http 500 errors (colin.stephen/at/o2.com) #1041 [1663]
|
|
|
|
|
|
* prevent wrong pidfile unlinking on graceful restart (Chris Webb) [1656]
|
|
|
|
|
|
* ignore empty packets from STDERR stream. #998
|
|
|
|
|
|
* fix a crash for files with an mtime of 0 reported by cubiq on irc [1519]
|
|
|
|
|
|
CVE-2007-1870
|
|
|
|
|
|
* allow empty passwords with ldap (J<>rg Sonnenberger) [1516]
|
|
|
|
|
|
* mod_scgi.c segfault fix #964 [1501]
|
|
|
|
|
|
* Added round-robin support to mod_fastcgi [1500]
|
|
|
|
|
|
* Handle DragonFlyBSD the same way as Freebsd (J<>rg Sonnenberger) [1492,1676]
|
|
|
|
|
|
* added now and weeks support to mod_expire. #943
|
|
|
|
|
|
* fix cpu hog in certain requests [1473] CVE-2007-1869
|
|
|
|
|
|
* fix for handling hostnames with trailing dot [1406]
|
|
|
|
|
|
* fixed header-injection via server.tag (#1106)
|
|
|
|
|
|
* disabled caching of files without a content-type to solve the
|
|
|
|
|
|
aggressive caching of FF
|
|
|
|
|
|
* remove trailing white-spaces from HTTP-requests before parsing (#1098)
|
|
|
|
|
|
* fixed accesslog.use-syslog in a conditional and the caching of the
|
|
|
|
|
|
accesslog for files (fixes #1064)
|
|
|
|
|
|
* fixed various crashes at startup on broken accesslog.format strings (#1000)
|
|
|
|
|
|
* fixed handling of %% in accesslog.format
|
|
|
|
|
|
* fixed conditional dir-listing.exclude (#930)
|
|
|
|
|
|
* reduced default PATH_MAX to 255 (#826)
|
|
|
|
|
|
* ECONNABORTED is not known on cygwin (#863)
|
|
|
|
|
|
* fixed crash on url.redirect and url.rewrite if %0 is used in a global context
|
|
|
|
|
|
(#800)
|
|
|
|
|
|
* fixed possible crash in debug-message in mod_extforward
|
|
|
|
|
|
* fixed compilation of mod_extforward on glibc < 2.3.4
|
|
|
|
|
|
* fixed include of empty in the configfiles (#1076)
|
|
|
|
|
|
* send SIGUSR1 to fastcgi children before SIGTERM. libfcgi wants SIGUSR1. (#737)
|
|
|
|
|
|
* fixed missing AUTH_TYPE entry in the fastcgi environment. (#889)
|
|
|
|
|
|
* fixed compilation in network_writev.c on MacOS X 10.3.9 (#903)
|
|
|
|
|
|
* added kill-signal as another setting for fastcgi backends. See the wiki for more.
|
|
|
|
|
|
|
|
|
|
|
|
- 1.4.13 - 2006-10-09
|
|
|
|
|
|
|
|
|
|
|
|
* added initgroups in spawn-fcgi (#871)
|
|
|
|
|
|
* added apr1 support htpasswd in mod-auth (#870)
|
|
|
|
|
|
* added lighty.stat() to mod_magnet
|
|
|
|
|
|
* fixed segfault in splitted CRLF CRLF sequences
|
|
|
|
|
|
(introduced in 1.4.12) (#876)
|
|
|
|
|
|
* fixed compilation of LOCK support in mod-webdav
|
|
|
|
|
|
* fixed fragments in request-URLs (#869)
|
|
|
|
|
|
* fixed pkg-config check for lua5.1 on debian
|
|
|
|
|
|
* fixed Content-Length = 0 on HEAD requests without
|
|
|
|
|
|
a known Content-Length (#119)
|
|
|
|
|
|
* fixed mkdir() forcing 0700 (#884)
|
|
|
|
|
|
* fixed writev() on FreeBSD 4.x and older (#875)
|
|
|
|
|
|
* removed warning about a 404-error-handler
|
|
|
|
|
|
returned 404
|
|
|
|
|
|
* backported and fixed the buildsystem changes for
|
|
|
|
|
|
webdav locks
|
|
|
|
|
|
* fixed plugin loading so we can finally load lua
|
|
|
|
|
|
extensions in mod_magnet scripts
|
|
|
|
|
|
* fixed large uploads if xattr is enabled
|
|
|
|
|
|
|
|
|
|
|
|
- 1.4.12 - 2006-09-23
|
|
|
|
|
|
|
|
|
|
|
|
* added experimental LOCK support for webdav
|
|
|
|
|
|
* added Content-Range support for PUT in webdav
|
|
|
|
|
|
* added support for += on empty arrays in config-files
|
|
|
|
|
|
* added ssl.cipher-list and ssl.use-sslv2
|
|
|
|
|
|
* added $HTTP["querystring"] conditional
|
|
|
|
|
|
* added mod_magnet as long-term replacement for mod_cml
|
|
|
|
|
|
* added work-around for a Opera Bug with SSL + Chunked-Encoding
|
|
|
|
|
|
* changed --print-config to print to stdout instead of stderr
|
|
|
|
|
|
* changed no longer use 0600 for new files with webdav. umask is
|
|
|
|
|
|
honored. Make sure you have set a proper umask.
|
|
|
|
|
|
* fixed upload hangs with SSL
|
|
|
|
|
|
* fixed connection drops with SSL (aka bad retry)
|
|
|
|
|
|
* fixed path traversal with \ on cygwin
|
|
|
|
|
|
* fixed mem-leak in mod_flv_streaming
|
|
|
|
|
|
* fixed required trailing newline in configfiles (#142)
|
|
|
|
|
|
* fixed quoting the autoconf files (#466)
|
|
|
|
|
|
* fixed empty Host: + $HTTP["host"] handling (#458)
|
|
|
|
|
|
* fixed handling of If-Modified-Since if ETag is not set
|
|
|
|
|
|
* fixed default-shell if SHELL is not set (#441)
|
|
|
|
|
|
* fixed appending and assigning of env.* vars
|
|
|
|
|
|
* fixed empty FCGI_STDERR packets
|
|
|
|
|
|
* fixed conditional server.allow-http-11
|
|
|
|
|
|
* fixed handling of follow-symlink + lstat()
|
|
|
|
|
|
* fixed SIGHUP handling if max-workers is used
|
|
|
|
|
|
* fixed "Software caused connection abort" messages on FreeBSD
|
|
|
|
|
|
|
|
|
|
|
|
- 1.4.11 - 2006-03-09
|
|
|
|
|
|
|
|
|
|
|
|
* added ability to specify which ip address spawn-fci listens on
|
|
|
|
|
|
(agkr/at/pobox.com)
|
|
|
|
|
|
* added mod_flv_streaming to streaming Flash Movies efficiently
|
|
|
|
|
|
* fixed handling of error codes returned by mod_dav_svn behing a
|
|
|
|
|
|
mod_proxy
|
|
|
|
|
|
* fixed error-messages in mod_auth and mod_fastcgi
|
|
|
|
|
|
* fixed re-enabling overloaded local fastcgi backends
|
|
|
|
|
|
* fixed handling of deleted files in linux-sendfile
|
|
|
|
|
|
* fixed compilation on BSD and MacOSX
|
|
|
|
|
|
* fixed $SERVER["socket"] on a already bound socket
|
|
|
|
|
|
* fixed local source retrieval on windows
|
|
|
|
|
|
(secunia)
|
|
|
|
|
|
* fixed hanging cgi if remote side is dieing while reading
|
|
|
|
|
|
from the pipe (sandy/at/meebo.com)
|
|
|
|
|
|
|
|
|
|
|
|
- 1.4.10 - 2006-02-08
|
|
|
|
|
|
|
|
|
|
|
|
* added docs for mod_dirlisting
|
|
|
|
|
|
* added fastcgi.map-extensions to mod_fastcgi
|
|
|
|
|
|
* fixed load balancing for mod_fastcgi
|
|
|
|
|
|
* fixed extra newline for syslog() in mod_accesslog
|
|
|
|
|
|
* fixed user-track cookie for IE in mod_usertrack
|
|
|
|
|
|
* fixed crash in digest handling in mod_auth
|
|
|
|
|
|
* fixed handling of 301 response-bodies from a mod_proxy backend
|
|
|
|
|
|
* fixed loading of base modules if server.modules is not set
|
|
|
|
|
|
* fixed broken cgi if mod_scgi is loaded
|
|
|
|
|
|
|
|
|
|
|
|
- 1.4.9 - 2006-01-14
|
|
|
|
|
|
|
|
|
|
|
|
* added server.core-files option (sandy <sandy/at/meebo.com>)
|
|
|
|
|
|
* added docs for mod_status
|
|
|
|
|
|
* added mod_evasive to limit the number of connections by IP (<w1zzard/at/techpowerup.com>)
|
|
|
|
|
|
* added the power-magnet to mod_cml
|
|
|
|
|
|
* added internal statistics to mod_fastcgi
|
|
|
|
|
|
* added server.statistics-url to get internal statistics from mod_status
|
|
|
|
|
|
* added support for conditional range-requests through If-Range
|
|
|
|
|
|
* added static building via scons
|
|
|
|
|
|
* fixed 100% cpu loops in mod_cgi ("sandy" <sjen/at/cs.stanford.edu>)
|
|
|
|
|
|
* fixed handling for secure-download.timeout (jamis/at/37signals.com)
|
|
|
|
|
|
* fixed IE bug in content-charset in the output of mod_dirlisting (sniper/at/php.net)
|
|
|
|
|
|
* fixed typos and language in the docs (ryan-2005/at/ryandesign.com)
|
|
|
|
|
|
* fixed assertion in mod_cgi on HEAD request is Content-Length (<sandy/at/meebo.com>)
|
|
|
|
|
|
* fixed handling if equal but duplicate If-Modified-Since request headers
|
|
|
|
|
|
* fixed endless loops in mod_fastcgi if backend is dead
|
|
|
|
|
|
* fixed Depth: 1 handling in PROPFIND requests on empty dirs
|
|
|
|
|
|
* fixed encoding of UTF8 encoded dirlistings (Jani Taskinen <sniper/at/iki.fi>)
|
|
|
|
|
|
* fixed initial bind to a unix-domain socket through server.bind
|
|
|
|
|
|
* fixed handling of lowercase filesystems
|
|
|
|
|
|
* fixed duplicate request headers cause by mod_setenv
|
|
|
|
|
|
|
|
|
|
|
|
- 1.4.8 - 2005-11-23
|
|
|
|
|
|
|
|
|
|
|
|
* added auto-reconnect to ldap-server in mod_auth
|
|
|
|
|
|
(joerg/at/netbsd.org)
|
|
|
|
|
|
* changed auth.ldap-cafile to be optional
|
|
|
|
|
|
(joerg/at/netbsd.org)
|
|
|
|
|
|
* added strip_request_uri in mod_fastcgi
|
|
|
|
|
|
* added more X-* headers to mod_proxy
|
|
|
|
|
|
(Ben Grimm <bengrimm/at/gmail.com>)
|
|
|
|
|
|
* added 'debug' to simple-vhost to suppress the
|
|
|
|
|
|
(mod_simple_vhost.c.157) No such file or directory /servers/ww.lighttpd.net/pages/
|
|
|
|
|
|
messages by default
|
|
|
|
|
|
* added support to let the server listen on UNIX-socket
|
|
|
|
|
|
* changed default stat-cache-engine to 'simple'
|
|
|
|
|
|
* removed debian/ dir from source package on request by packager
|
|
|
|
|
|
* fixed max-age timestamps in mod_expire
|
|
|
|
|
|
* fixed encoding the filenames in PROPFIND in mod_webdav
|
|
|
|
|
|
* fixed range request handling in network_writev
|
|
|
|
|
|
* fixed retry on connect error in mod_fastcgi
|
|
|
|
|
|
(Robert G. Jakabosky <bobby/at/alphatrade.com>)
|
|
|
|
|
|
* fixed possible crash in mod_webdav if sqlite3 support
|
|
|
|
|
|
is available but not use
|
|
|
|
|
|
* fixed fdvent-handler init if server.max-worker was used
|
|
|
|
|
|
(Siddharth Vijayakrishnan <mail/at/bluefireworks.net>)
|
|
|
|
|
|
* fixed missing cleanup in mysql_vhost
|
|
|
|
|
|
* fixed assert() in "connections.c:962:
|
|
|
|
|
|
connection_handle_read_state: Assertion 'c->mem->used' failed."
|
|
|
|
|
|
* fixed 64bit issue in md5
|
|
|
|
|
|
* fixed crash in mod_status
|
|
|
|
|
|
* fixed duplicate headers in mod_proxy
|
|
|
|
|
|
* fixed Content-Length in HEAD request in mod_proxy
|
|
|
|
|
|
* fixed unsigned/signed comparisions
|
|
|
|
|
|
* fixed streaming in mod_cgi
|
|
|
|
|
|
* fixed possible overflow in password-salt handling
|
|
|
|
|
|
(reported on slashdot by james-web/at/and.org)
|
|
|
|
|
|
* fixed server-traffic-limit if connection limit is not set
|
|
|
|
|
|
|
|
|
|
|
|
- 1.4.7 - 2005-11-02
|
|
|
|
|
|
|
|
|
|
|
|
* added FD_CLOEXEC to fds which are kept open for a longer time
|
|
|
|
|
|
* added smaller, moving mmaped windows to network_writev
|
|
|
|
|
|
* added madvise() to instruct the kernel the do proper read-ahead in network_writev
|
|
|
|
|
|
* added support for %I in mod_accesslog
|
|
|
|
|
|
* added better compat to Apache for ?auto in mod_status
|
|
|
|
|
|
* added support for userdirs without a entry in /etc/passwd in mod_userdir
|
|
|
|
|
|
(rob/at/inversepath.com)
|
|
|
|
|
|
* added startup-time selectable network-backend
|
|
|
|
|
|
* added location of upload-files to config as array
|
|
|
|
|
|
* added webdav.log-xml for logging xml-content in mod_webdav
|
|
|
|
|
|
* added Cache-Control: max-age to mod_expire
|
|
|
|
|
|
* workaround missing client-bug by assuming we received a close-notify on
|
|
|
|
|
|
non-keep-alive requests in SSL request
|
|
|
|
|
|
* disabled kerberos5 support by default to fix compilation on RHEL
|
|
|
|
|
|
* fixed order of library checks to fix compilation on Solaris 9
|
|
|
|
|
|
* fixed open file-descriptors on read-error
|
|
|
|
|
|
* fixed crash if /var/tmp is not writable
|
|
|
|
|
|
|
|
|
|
|
|
- 1.4.6 - 2005-10-09
|
|
|
|
|
|
|
|
|
|
|
|
* fixed compilation on MacOS X and cygwin
|
|
|
|
|
|
* fixed compressed output if caching was disabled (seen in IE and Opera)
|
|
|
|
|
|
* fixed range-request option
|
|
|
|
|
|
* fixed mysql-vhost module (was broken in 1.4.5)
|
|
|
|
|
|
* fixed false positive in the detection of case-insensitive FS
|
|
|
|
|
