lighttpd 1.4.x https://www.lighttpd.net/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
lighttpd1.4/NEWS

3708 lines
185 KiB

====
NEWS
====
10 months ago
- 1.4.63 - 2021-12-04
* [core] import xxHash v0.8.1
* [core] isolate use of sys/filio.h
* [core] fix reqpool mem corruption in 1.4.62 (fixes #3118)
10 months ago
- 1.4.62 - 2021-12-01
* [mod_alias] fix use-after-free bug (fixes #3114)
* [core] clean up fdlog_st and log_error_st decls
* [core] 'struct log_error_st' -> 'log_error_st'
* [core] remove redundant asserts
* [core] explicitly include sys/cdefs.h
* [tests] t/test_mod_ssi
* [core] fdevent_socket_nb_cloexec_init()
* [core] fdevent_impl.c separate from fdevent.c
* [core] merge fdevent impls into fdevent_impl.c
* [core] fdevent_fdnode.c separate from fdevent.c
* [core] close backend socket fds more quickly
* [core] use TCP_CORK w/ TLS if cq length > 16k
* [core] warn if dynamic modules before mod_auth
* [mod_cgi] check fd-to-cgi not -1 before close
* [core] libev EV_ERROR conflicts with kqueue
* [tests] disable test_mod_ssi in cmake (temporary)
* [tests] disable test_mod_ssi in cmake (temporary)
* [tests] reenable test_mod_ssi in cmake
* [core] run plugin cleanup hooks in reverse
* [core] fix removal of server.pid-file when testing (fixes #3115)
* [doc] improve sample configs
* [doc] expand vhosts.template
* [doc] improve sample configs
* [core] use ck_assert() in vector.[ch]
* [tests] mod_ssi tests moved to src/t/test_mod_ssi
* [mod_ssi] 0-init ssi_val_t in ssi_ctx_t
* [mod_ssi] fix ancient bugs; replace cond parser
* [mod_ssi] remove mod_ssi parser generator file
* [mod_ssi] merge mod_ssi_expr.c into mod_ssi.c
* [core] uint_fast32_t tweaks
* [core] better asm for binary num to ascii string
* [tests] t/test_mod now runs all t/test_mod_*.c
* [tests] t/test_mod_alias.c
* [tests] remove unused mod from tests/lighttpd.conf
* [mod_evasive] smaller funcs for testing
* [tests] t/test_mod_evasive.c
* [mod_evasive] update comment to add references
* [tests] combine tests into test_common.c
* [core] get_http_method_key() tweak
* [mod_dirlisting] check for disabled cache at start
* [core] buffer_append_string_encoded_json()
* [mod_dirlisting] (experimental) json (disabled)
* [tests] t/test_mod needs -ldl on Debian
* [core] save config regex captures only if used
* [core] save pcre result state in config_pcre_match
* [core] use stack w/ pcre_exec unless save captures
* [core] extend pcre_keyvalue_ctx to pass more state
* [core] pcre2 support (--with-pcre2)
* [core] allocate one fewer cond_match_t, if needed
* [core] allocate pcre output vector on demand
* [build] configure.ac with AC_PROG_CC_C99 (fixes #3116)
* [build] CI builds now use pcre2 (upgrade pcre)
* [core] fix compiler warning in 32-bit build
* [build] fix CMake pcre2 detection
* [mod_auth] RFC7616 HTTP Digest username* userhash
* [mod_dirlisting] fix bug not showing HEADER.txt
* [tests] t/test_mod_ssi adjust to follow symlinks
* [mod_auth] quiet coverity warning
* [doc] refresh/update dependency lists in doc
* [core] fix crash when using lighttpd -1 with pipes (fixes #3117)
11 months ago
- 1.4.61 - 2021-10-28
* [core] define __BEGIN_DECLS, __END_DECLS if needed
* [core] Y2038: error log high-precision timestamps
* [multiple] __attribute_nonnull__ now takes params
* [core] bounds check while url-decoding
* [mod_magnet] prefer lua_newuserdatauv() w/ lua 5.4
* [core] earlier macOS need define for errno_t (fixes #3107)
* [tests] force POSIX::WNOHANG() autovivification (fixes #3110)
* [mod_dirlisting] sort "../" to top (fixes #3109)
* [tests] force Fcntl::F_SETFD() autovivification (#3110)
* [core] avoid repeated typedef for fdlog_st
* [doc] update INSTALL
* [mod_extforward] keep remote IP thru request reset
* [core] fix HTTP/2 upload > 64k w/ max-request-size (fixes #3108)
* [mod_auth] fix Basic auth passwd cache (fixes #3112)
* [mod_ajp13,mod_fastcgi] comment: no response body
* [mod_webdav] ignore PROPFIND Depth for files
* [core] add comment to ck_memeq_const_time()
* [core] accept up to 5 digit port num in host cond
* [core] expose chunkqueue_remove_empty_chunks()
* [core] short-circuit if response body recv w/ hdrs (fixes #3111)
* [core] resched HTTP/2 streams w/ pending data (#3111)
* [core] separate func for gw_authorizer_ok()
* [core] make ck_memeq_const_time() more generic (#3112)
* [mod_auth] revert adjustment to auth passwd cache (#3112)
* [core] thwart h2c smuggling when Upgrade enabled
* [core] separate funcs to check for valid chars
* [core] thwart h2 request tunnelling
* [core] clear shared log buffer after writes
* [mod_nss] quiet trace for PR_END_OF_FILE_ERROR
* [core] allow debug.log-state-handling in condition
* [core] combine more dup header processing code
* [mod_ajp13,mod_fastcgi] check resp w/ content len
* [mod_proxy] Length Req if proxy forcing HTTP/1.0
* [core] restart dead proc on connect error if local
* [mod_ajp13,mod_fastcgi] recv_parse smaller funcs
* [multiple] warn deprecated mods slated for removal
* [core] remove redundant checks in same context
* [core] tighten chunkqueue_steal* code; better asm
* [build] check for preadv(), pwritev()
* [core] pwritev w/ chunkqueue_steal_with_tempfiles
* [core] tighten chunkqueue_mark_written; better asm
* [doc] uncomment mod_auth load in conf.d/auth.conf
* [core] tighten chunkqueue_small_resp_optim()
* [core] chunkqueue_small_resp_optim if resp < 16k
* [mod_auth] clear crypt() output if len >= 13
* [multiple] add assert after malloc in two spots
* [core] add HTTP/2 check resp finished w/ empty cq (#3111)
* [core] chunkqueue_small_resp_optim() comment
12 months ago
- 1.4.60 - 2021-10-03
* [meson] add with_zstd to meson_options.txt
* [mod_magnet] reject stat() of empty string (fixes #3064)
* [mod_magnet] avoid infinite loop in atpanic (fixes #3065)
* [mod_magnet] do not call luaL_error outside pcall (#3065)
* [core] 101 upgrade fails if Content-Length incl (fixes #3063)
* [mod_gnutls,mod_mbedtls] recog common cipherstring
* [tests] remove stray option in test lighttpd.conf
* [mod_auth] close HTTP/2 connection after bad pass
* [build] fix SCons pkg-config err handling (fixes #3066)
* [core] inline funcs to decode h2 framing nums (fixes #3067)
* [build] use -pipe with gcc and clang
* [mod_mbedtls] preproc wrap ssl_parse_client_hello
* [build] augment configure.ac msgs to remove FAM (#3068)
* [core] allow '*' in "*:80" socket spec
* [core] rename local var
* [core] mark config registration funcs cold
* [core] fix -fsanitize=undefined pedantic warning (fixes #3069)
* [core] algo_hmac.[ch] wrapper (portability)
* [mod_secdownload] use algo_hmac.[ch]
* [mod_secdownload] use http_auth_const_time_memeq()
* [autoconf] add ajp13 to build msgs
* [mod_auth] send 401 if digest algo not supported
* [mod_deflate] do not cache 206 Partial Content
* [core] chunkqueue_append_cq_range()
* [core] http_range.[ch] RFC 7233 Range handling
* [core] RFC 7233 Range handling for non-streaming
* [TLS] fix crash for (broken) nested $SERVER[] cfg
* [core] ignore server.event-handler = "libev"
* [mod_openssl] use newer openssl 3.0.0 interfaces
* [core] quiet coverity warning
* [core] http_cgi_local_redir() rename
* [core] http_cgi.[ch] CGI interfaces (RFC 3875)
* [core] save parsed listen addrs at startup
* [core] http_cgi_encode_varname()
* [core] add some ifdefs in algo_hmac.c
* [core] use epoll_create1() if available
* [core] adjust stat_cache_get_entry() conditions
* [core] _WIN32 impl of read-only mmap(), munmap()
* [core] remove stream.[ch]
* [multiple] use binary '|' to reconstruct ts
* [core] check EAGAIN if unix socket connect() delay
* [multiple] prefer monotonic time for internal use
* [core] optimize buffer_urldecode_path()
* [mod_openssl] skip cert chain build if self-issued
* [mod_nss] avoid NSS crash w/ config file error
* [multiple] prefer monotonic time for internal use
* [core] http_response_handle_cachable() optim
* [core] fix chunkqueue_small_resp_optim partial rd
* [core] defer pcre_compile until after config parse
* [multiple] PCRE w/ PCRE_STUDY_JIT_COMPILE (fixes #2361)
* [mod_dirlisting, mod_trigger_b4_dl] use keyvalue
* [multiple] add attrs from gcc -Wsuggest-attribute=
* [mod_gnutls] quiet clang warning
* [core] http_response_physical_path_error()
* [multiple] buffer_has_slash_suffix()
* [core] modify path in-place checking for path-info
* [multiple] optimize primitives, buffer_extend()
* [multiple] do not clear physical.path if finished
* [core] http_kv.[ch] perf tuning
* [core] remove bad prototype from algo_splaytree.h
* [multiple] mark addtl funcs attr returns_nonnull
* [TLS] init STEK even if time is 1970 (fixes #3075)
* [core] restart if large large clock jump detected (#3075)
* [core] copy string and len directly from tmp_buf
* [core] move special case for Content-Type CGI hdr
* [mod_ssi] inline some buffers in ssi plugin_data
* [core] use monotonic secs for piped loggers start
* [mod_cml] use cached time from log_epoch_secs
* [mod_dirlisting] limit buffer use for large dirs
* [multiple] http_header APIs to reduce str copies
* [mod_userdir] use stat_cache_path_isdir()
* [mod_indexfile] reduce copying of base path
* [TLS] https_add_ssl_client_verify_err()
* [TLS] use stack for SSL_CLIENT_S_DN_* tag
* [core] buffer_append_strftime() perf annotations
* [mod_userdir] use 2-element cache
* [mod_magnet] use http_chunk_* APIs
* [mod_accesslog] reformat numeric timestamp
* [mod_accesslog] strftime %z for numeric timestamp
* [mod_accesslog] reformat numeric timestamp code
* [multiple] strftime %F and %T
* [mod_trigger_b4_dl] gdbm_reorganize once a day
* [mod_status] double-buffer large output to tmpfile
* [mod_ssi] shared code to wrap strftime()
* [mod_ssi] use intermediate chunkqueue to aggregate
* [multiple] pass len when copying constant strings
* [core] short-circuit encoding if nothing to encode
* [build] check for mempcpy()
* [core] buffer_append_* aggregates
* [core] config_vars_init()
* [multiple] use buffer_append_* aggregates
* [core] define __attribute_nonnull__
* [core] mark select buffer.[ch] funcs attr nonnull
* [core] mark select http_kv.[ch] funcs attr nonnull
* [core] mark some chunk.h funcs attr cold
* [core] remove an excess check
* [core] mark debug path unlikely
* [core] ignore empty headers unless pseudo-headers
* [multiple] buffer_copy_path_len2() aggregate
* [mod_dirlisting] process dir in subrequest handler
* [mod_dirlisting] restructure and keep state
* [mod_dirlisting] read dir in pieces; less blocking
* [mod_dirlisting] upper limit on parallel dirlist
* [mod_dirlisting] parse query string in javascript
* [mod_dirlisting] dir-listing.cache option
* [mod_webdav] webdav_log_xml_response()
* [mod_webdav] limit mem use under extreme condition
* [core] vector.h tweaks
* [mod_proxy] send HTTP/1.0 to backend if no Host
* [build] fix zstd option in meson (fixes #3076)
* [multiple] more reuse of http_date_time_to_str()
* [TLS] rename ssl.verifyclient.ca-*file options
* [mod_openssl] issue error trace if < openssl 1.1.1
* [mod_webdav] always define webdav_mmap_file_chunk
* [mod_dirlisting] ignore error if include file fail
* [multiple] quiet coverity warnings
* [scons] link lighttpd with pcre for fullstatic
* [scons] link lighttpd with pcre for static build
* [core] exit 0 upon shutdown if no connections open
* [mod_nss] define TLSv1_3 as bitflag
* [core] update ls-hpack
* [core] discard some HTTP/2 DATA after response (fixes #3078)
* [mod_expires,mod_webdav] fix truncated date string
* [mod_expire] accept time labels without plural 's'
* [mod_webdav] accept alt syntax in webdav.opts
* [core] recognize "enabled"/"disabled" for bool
* [mod_expire] check for default if mime not found
* [core] move timegm() impl inline in sys-time.h
* [mod_expire] send only Cache-Control to >=HTTP/1.1
* [mod_webdav] quiet pedantic compiler warning
* [core] reuse code to parse backend response
* [core] consistent inclusion of sys-time.h
* [mod_authn_file] wipe password/digest after use
* [TLS] ALPN h2 policy
* [core] tolerate dup array config values if match
* [multiple] static file optimization; reuse cache
* [mod_staticfile] move cold paths to separate func
* [build] --with-nss add test for /usr/include/nspr4
* [core] li_base64_decode similar to li_to_base64
* [core] li_base64_decode mark cold code path
* [core] li_to_base64 alt code to add padding
* [core] buffer_append_base64_encode_opt()
* [core] base64_charset enum supports only 2 tables
* [core] consolidate overflow checks in li_to_base64
* [mod_auth] include unistd.h for crypt() on Mac OS
* [core] tighten code in request_check_hostname()
* [core] merge http_response_send_file 0-size case
* [mod_extforward] shared mod_extforward_bad_request
* [core] http_response_send_file() mark cold paths
* [core] improve HTTP/2 behavior w/ max-request-size
* [tests] disable secdownload HMAC tests for NSS
* [core] check for Upgrade before h2 upgrade check
* [core] remove buffer_is_equal_right_len()
* [core] buffer_is_equal_string -> buffer_eq_slen
* [core] mark cold paths in http_response_config
* [core] http_response_prepare() OPTIONS *, CONNECT
* [core] mark some likely hot paths (better asm)
* [core] simplify buffer_path_simplify()
* [core] remove excess assertions in buffer_commit()
* [core] quiet coverity noise
* [mod_auth] include unistd.h for crypt() on *nix
* [cmake] improve cmake detection of timegm
* [cmake] update src/config.h.cmake
* [core] adjust r->http_host ptr caching
* [core] merge uri_raw and uri_clean hooks
* [core] reorder hook enum for better mem locality
* [core] remove redundant check for max_conns
* [multiple] mark con->srv_socket a const ptr
* [core] accept in network_server_handle_fdevent()
* [mod_*_dbi] fix sqlite3_dbdir spelling in comments
* [core] remove HANDLER_UNSET enum value
* [core] add option to read config file from stdin
* [mod_flv_streaming] check range before sending FLV
* [mod_magnet] use http_chunk_append_file_ref_range
* [core] range chk http_chunk_append_file_ref_range
* [core] remove some (now) unused http_chunk APIs
* [core] document error edge case for HTTP/1.0
* [core] fix kill workers and shutdown by signal
* [core] store int* ptr to common gw status counters
* [tests] quite coverity warning in test_request.c
* [core] tighter OS event poll loops (better asm)
* [core] omit fdevent select() code if poll() avail
* [core] adjust some array code (better asm)
* [core] base64 encode round-up for required space
* [core] base64 encode w/ reduced data dependencies
* [core] merge base64 encoding to li_base64_enc()
* [core] li_base64_dec() on 4 bytes at a time
* [core] load padding char from base64_table
* [core] remove size maint in algo_splaytree
* [core] remove excess counts from print config
* [core] consolidate config printing code
* [core] move data_{array,integer,string} to array.c
* [core] define __attribute_unused__ if needed
* [core] ck.[ch] - C11 Annex K wrappers
* [multiple] use thread-safe strerror where avail
* [multiple] move const time cmp funcs to ck.[ch]
* [multiple] rename safe_memclear() -> ck_memzero()
* [multiple] http_auth_digest_hex2bin -> li_hex2bin
* [mod_auth,mod_vhostdb] move helper funcs to mods
* [mod_auth*] rename http_auth.* -> mod_auth_api.*
* [mod_vhostdb*] rename http_vhostdb->mod_vhostdb_api
* [core] comment out ck_getenv_s() (unused)
* [mod_secdownload] include algo_hmac.c in mod
* [core] make insert_dup an optional array method
* [core] return entry from array_insert_data_at_pos
* [core] network_write optimizations
* [core] network_write prefer writev() over write()
* [core] connection_handle_read_state mark hot case
* [core] buffer_commit() optim; better asm
* [TLS] write_cq_ssl defer remove_finished_chunks
* [core] compare entire "/bin/sh" "-c" after execve
* [core] reduce repeated work in http_cgi_headers()
* [core] code reuse with array_match_value_prefix()
* [build] adjustments for autotools on Mac OS X
* [build] autoupdate; still autoconf 2.60 compatible
* [build] MacOS linker compat
* [core] http_header_hkey_get() perf (better asm)
* [TLS] reset stek_rotate_ts if clock moves backward
* [core] sock_addr_from_buffer_hints_numeric unused
* [core] tweaks writing response header (better asm)
* [core] adjust buffer use for hdr name for lshpack
* [core] comment out unused part of http_etag_remix
* [core] inline fam_dir_entry buffer 'name' member
* [multiple] reduce redundant NULL buffer checks
* [core] calculate backend host gw_hash at startup
* [core] gw_host_get() comment out devel debugging
* [core] request_config_reset()
* [mod_magnet] inline name and etag buffers in cache
* [mod_magnet] sync script load w/ stat_cache
* [core] clear etag in stat_cache_get_entry_open()
* [mod_auth] merge some repeated code; code reuse
* [core] add iovec wrappers to sys-crypto-md.h
* [core] li_base64_dec()
* [multiple] use <algo>_iov() digest funcs
* [mod_auth] mod_auth_digest_get()
* [mod_auth] mod_auth_algorithm_parse() w/ algo len
* [mod_authn_dbi] copy strings before escaping
* [mod_auth] refactor mod_auth_check_digest()
* [mod_auth] refactor mod_auth_check_basic()
* [build] look for memcpy and define HAVE_MEMCPY
* [core] buffer_path_simplify() quick(er) path
* [core] reduce memcmp in http_request_parse_header
* [build] look for port.h on Solaris, not sys/port.h
* [core] buffer_realloc() using power-2 realloc
* [core] lowercase r->http_host, r->uri.authority
* [multiple] buffer_copy_string_len_lc()
* [mod_magnet] cache script objects at config time
* [core] move backtrace and assert macros to ck.[ch]
* [core] allocate initial request pool w/ srv->conns
* [mod_extforward] inline some more data structures
* [mod_access] remove excess trace
* [multiple] reduce use of BUFFER_INTLEN_PTR
* [multiple] inline struct in con->dst_addr_buf
* [core] reset large path buffers from long URLs
* [core] construct file path after docroot hook
* [core] avoid inlining buffer_eq_icase_ssn()
* [core] order gw_proc members for packing and usage
* [core] order gw_host members for packing and usage
* [mod_proxy] proxy_response_headers load v earlier
* [core] proxy_create_env() tweaks
* [core] write_all() simpler loop; better asm
* [core] http_date_time_append() convenience macro
* [core] reduce excess cc inlining in http_chunk.c
* [core] const buffer * in config_check_cond_nocache
* [core] parse $HTTP["remote-ip"] CIDR mask at start
* [core] reduce $HTTP["host"] compare str scanning
* [multiple] http_method_buf()
* [core] config_check_cond_nocache() xor return code
* [core] refactor config_check_cond_nocache() flow
* [mod_deflate] use deflate.allowed-encodings order
* [mod_deflate] use ZSTD_c_strategy w/ compress lvl
* [mod_deflate] deflate.params per-encoder params
* [mod_deflate] use brotli quality 5 by default
* [mod_deflate] improve compress.*->deflate.* remap
* [mod_auth] detect and skip BWS (bad whitespace)
* [core] better trace if TLS received on clear port
* [core] replace strncasecmp w/ buffer_eq_icase_ssn
* [tests] use generated date in HTTP If conditionals
* [tests] update t/test_request.c
* [tests] mv tests from request.t to test_request.c
* [tests] t/test_mod_staticfile
* [tests] combine *.t using tests/lighttpd.conf
* [tests] combine *.t using tests/condition.conf
* [tests] speed up mod-fastcgi and mod-scgi tests
* [core] report Y2038 support in lighttpd -V
* [autoconf] add AC_SYS_LARGEFILE for lfs
* [multiple] Y2038 32-bit signed time_t mitigations
* [mod_deflate] use http_header_str_contains_token
* [core] tune http_response_process_headers()
* [core] use CLOCK_MONOTONIC_COARSE where available
* [core] log_clock_gettime->clock_gettime for 64-bit
* [core] Y2038: use _TIME_BITS=64 on 32-bit glibc
* [core] define _DEFAULT_SOURCE in first.h
* [build] check for sys/filio.h in CMake and meson
* [core] quiet compiler warnings
* [mod_openssl] no ALPN fatal error w/ mod_sockproxy (fixes #3081)
* [core] make missing mod_deflate not a fatal error
* [core] store time for last r/w to a backend socket
* [core] gw_backend_error() shared code
* [core] connect, write, read timeouts on backends (fixes #3086)
* [doc] https://wiki.lighttpd.net/Docs_Performance
* [core] tweak buffer merging to reduce mem
* [core] chunkqueue_append_buffer always clears buf
* [core] http_response_append_{buffer,mem}()
* [core] improve handling of suboptimal backend wr
* [core] http_response_read() indicate resp finished
* [mod_cgi] cgi.limits "read-timeout" "write-timeout" (#3086)
* [core] clarify error message in gw_backend.c
* [core] set min srv->max_fds = 32 (sanity check)
* [core] adjust server overload check
* [core] free fdwaitqueue list when empty
* [core] adjust srv->srvconf.max_conns at startup
* [core] conns_pool separate from conns list (#3084)
* [build] update ax_prog_cc_for_build.m4
* [core] add wolfssl-specific include
* [core] rename srv->max_conns -> srv->lim_conns
* [core] change srv->conns to doubly-linked-list
* [core] change con joblist to singly-linked-list
* [core] remove connection_list_append()
* [core] clear request,connection pools every 64 sec (#3084)
* [mod_wolfssl] wolfSSL_sk_X509_NAME_push change
* [core] clarify an error message
* [core] reduce optim inline of cold funcs
* [core] remove HANDLER_WAIT_FOR_FD
* [mod_cgi] reuse chunk buffers
* [mod_cgi] use linked list for process list
* [mod_uploadprogress] use splay_tree for req list
* [multiple] remove base.h include where not used
* [mod_indexfile] section into subroutines
* [mod_extforward] HAProxy PROXY env PP2_UNIQUE_ID
* [mod_magnet] reuse lighty lua table
* [core] li_hmac_sha512()
* [mod_magnet] expose md and hmac funcs to lua
* [mod_magnet] allow modification of request headers
* [mod_magnet] lighty.stat now returns userdata obj
* [mod_magnet] protect and control lighty table mod
* [mod_magnet] expose enc/dec str funcs to lua
* [mod_magnet] look up env id by strlen, then strcmp
* [core] reuse some cold duplicate hdr match code
* [core] use mod name in trace instead of mod_gw
* [mod_magnet] lighty.r.* interfaces to request
* [core] refuse excess h2 streams at con start (fixes #3093)
* [mod_magnet] lighty.c.cookie_tokens
* [mod_magnet] lighty.c.readdir
* [mod_magnet] use blank str for nil (do not panic)
* [mod_magnet] rename magnet_cgi_ to magnet_envvar_
* [mod_magnet] reset config cache for uri components
* [mod_magnet] reset config cache for remote addr
* [core] sock_addr_set_port()
* [mod_magnet] attrs for remote port and server port
* [mod_magnet] detect MAGNET_RESTART_REQUEST loops
* [mod_magnet] ignore 1xx return in response start
* [mod_echo] test module to echo request as response
* [core] base64url pad char is '='; change from '.'
* [mod_cgi] improve CGI offloading
* [mod_openssl] default disable client renegotiation
* [core] log_error_multiline()
* [tests] t/test_mod_indexfile
* [tests] IO::Socket::INET->new( Timeout => 1 )
* [mod_indexfile] update path with buffer path funcs
* [tests] move tests/docroot/www contents up 1 level
* [build] look for malloc.h and mallopt()
* [core] config mallopt(M_ARENA_MAX, 2) (#3084)
* [core] periodically malloc_trim() to release mem (fixes #3084)
* [build] propagate HAVE_DLFCN_H in builds
* [core] cfg server.bindhost after $SERVER["socket"]
* [core] TCP_CORK w/ MEM_CHUNK then FILE_CHUNK
* [core] remove server.upload-temp-file-size limit
* [core] expose ck_bt() for debugging
* [core] change backtrace format to put addr first
* [core] reduce stack use in main()
* [core] write all cq MEM_CHUNK if spill to tempfile
* [core] realloc buffer power-2 size + 1 for '\0'
* [mod_cgi] cgi.limits "tcp-fin-propagate" => "SIG"
* [core] consolidate more gw_host, gw_proc init code
* [core] mark cold more gateway maintenance code
* [core] reduce wait time in gw_spawn_connection()
* [core] remove redundant waitpid() on each backend
* [multiple] quiet coverity warnings
* [build] define rsize_t on FreeBSD
* [core] quiet coverity warnings
* [tests] skip time-sensitive test during CI testing
* [core] clear buffer after backend dechunk
* [core] update comment about server.max-write-idle
* [core] fdlog.[ch]; fdevent_*_logger_* -> fdlog_*
* [multiple] de-dup file and piped loggers (fixes #3101)
* [multiple] prefer r->tmp_buf to p->tmp_buf
* [core] shared temp buffer for log_*error*()
* [core] refuse excess initial streams only if block (fixes #3100)
* [core] quiet coverity warnings
* [core] reject HTTP/2 pseudo-header in trailers (#3102)
* [core] remove redundant check in h2_recv_headers()
* [core] reduce oversized mem alloc for backends
* [core] HTTP/2 GOAWAY after timeout before read (fixes #3102)
* [core] default backend "connect-timeout" to 8 (#3086)
* [core] HTTP/2 GOAWAY after timeout before read (#3102)
* [core] mark attr malloc, returns nonnull
* [core] separate mem pool for FILE_CHUNK reuse
* [core] retain largest chunk on oversized chunk lst
* [core] improve chunk buffer reuse from backends
* [multiple] internal control for backend read bytes
* [core] option: errorlog high precision timestamps
* [core] create temp file name in chunk buffer
* [core] chunkqueue_get_append_newtempfile()
* [core] remove redundant checks for tempfile chunk
* [multiple] fdevent_mkostemp()
* [build] check for pread(), pwrite(), splice()
* [multiple] _WIN32 fdevent_pipe_cloexec()
* [core] _WIN32 impl of fdevent_mkostemp()
* [multiple] check feature flags funcs; code reuse
* [multiple] avoid empty chunks in chunkqueue
* [core] splice() data from backends to tempfiles
* [core] fix chunked decoding from backend (#3044, #3046)
* [core] remove obsolete comment about r->gw_dechunk
* [core] improve chunk buffer reuse from backends
* [mod_cgi] improve chunk buffer reuse from backends
* [core] disable streaming response with authorizer (fixes #3106)
* [multiple] clarify error msg when no cert avail
* [core] disable server.graceful-restart-bg if spawn
* [tests] ignore SIGINT, SIGUSR1 in fcgi-responder
* [core] cap size of data framed for HTTP/2 response
* [core] fix typo in h2_send_cqdata()
* [core] use pread() to skip lseek()
* [core] h2_send_cqdata() returns how much data sent
* [core] allow up to 32k of data frames per stream
* [core] limit initial response header backend read
* [core] read files into mem when framed for HTTP/2
* [core] chunkqueue_mmap_chunk_len() for code reuse
* [core] chunkqueue_peek_data() mmap experiment
* [core] quiet coverity warnings
* [core] portability tweaks for various platforms/cc
* [core] fix chunked decoding from backend (#3044, #3046)
* [doc] update config files
* [mod_openssl] boringssl compat
* [core] adjust indent for clarity
2 years ago
- 1.4.59 - 2021-02-02
* [mod_webdav] hide unused funcs depending on build
* [mod_mbedtls] include mbedtls/platform_util.h
* [mod_mbedtls] use local strncmp_const()
* [mod_gnutls] use local strncmp_const()
* [mod_dirlisting] place vars closer to where used
* [autotools] autoupdate; subst deprecated/obsolete
* [autoconf] update ax_prog_cc_for_build.m4
* [core] fix crash at shutdown w/ certain config
* [tests] use ephemeral ports in tests
* [mod_wolfssl] minor updates for wolfSSL v4.6.0
* [doc] create-mime.conf.pl improve case handling
* [mod_openssl] extend ssl.openssl.ssl-conf-cmd
* [mod_extforward] config warning for module order
* [mod_extforward] fix extforward.headers defaults (fixes #3051)
* [multiple] use HTTP_HEADER_* enum before strcmp
* [multiple] replace buffer_is_equal_caseless_string
* [mod_dirlisting] quiet coverity false positive
* [doc] create-mime.conf.pl improve case handling
* [autoconf] fix LT_INIT syntax
* [doc] create-mime.conf.pl -v for warnings
* [core] fix crash in error trace if backend is down (fixes #3052)
* [doc] create-mime.conf.pl -v silent for mult vnd
* [mod_openssl] update LIBRESSL_VERSION_NUMBER check
* [multiple] fix: honor CipherString for alt TLS lib
* [mod_openssl] set Ciphersuites once API available
* [mod_dirlisting] use fdopendir(), fstatat()
* [mod_deflate] support Accept-Encoding: zstd
* [mod_deflate] use zstd streaming API
* [mod_dirlisting] hide unused variable on MacOS
* [doc] add --with-zstd to INSTALL
* [mod_access] mark mod_access_check attribute pure
* [core] add decls in connections.h
* [build] update scripts/ci-build.sh
* [core] check ifdef WOLFSSL_SHA512 for SHA512 avail
* [build] scripts/ci-build.sh --with-nettle
* [mod_openssl] update LIBRESSL_VERSION_NUMBER check
* [build] scripts/ci-build.sh w/o --with-wolfssl
* [build] scripts/ci-build.sh adjustments
* [build] fix typo in src/CMakeLists.txt
* [build] adjust mbedtls vars in src/CMakeLists.txt
* [build] scripts/ci-build.sh adjustments
* [build] adjust crypto vars in src/CMakeLists.txt
* [core] avoid multiple definition of SHA512_CTX
* [build] adjust crypto vars in src/CMakeLists.txt
* [mod_alias] modify r->physical.path in place
* [build] scripts/ci-build.sh add --with-maxminddb
* build] scripts/ci-build.sh remove --with-maxminddb
* [mod_deflate] use zstd typedefs (minor cleanup)
* [mod_deflate] compat with zstd < v1.4.0
* [multiple] fix coverity warnings
* [multiple] fix TLS config string parsing
* [mod_gnutls] fix ssl.ca_dn_file data access
* [mod_wolfssl] wipe ssl_pemfile_pkey before free()
* [mod_wolfssl] fix syntax errors
* [multiple] fix TLS config string parsing
* [mod_gnutls] fix alt code for coverity
* [core] check more carefully after SSL_WANT_WRITE
* [core] fix 100% CPU spin if traffic limit hit
* [core] skip interest in POLLRDHUP after POLLRDHUP (#3059)
* [TLS] detect expired stapling file at startup (fixes #3056)
* [multiple] avoid duplicate parsing in trigger func (#3056)
* [multiple] quiet some clang-analyzer warnings
* [core] enable HTTP/2 by default
* [mod_ajp13] AJPv13 Tomcat connector for lighttpd
* [core] const data_unset *array_get_element_klen()
* [core] tighten struct data_config and related code
* [core] fix merging large headers across mult reads (fixes #3059)
* [mod_gnutls,mod_mbedtls] recog common cipherstring
* [build] fix typo in SConstruct (fixes #3061)
* [mod_wolfssl] wolfSSL might repeat SNI_Callback()
* [TLS] fix invalid cfg warning
* [mod_openssl] fix acme-tls/1 challenge bootstrap
* [TLS] set r->uri.authority empty str upon accept()
* [mod_gnutls] fix acme-tls/1 challenge bootstrap
* [mod_nss] fix acme-tls/1 challenge bootstrap
* [mod_wolfssl] copy stapling buf for OCSP resp
* [mod_mbedtls] fix acme-tls/1 challenge bootstrap
* [mod_mbedtls] fix acme-tls/1 challenge bootstrap
* [mod_cgi] fix assert if empty X-Sendfile path (fixes #3062)
* [mod_mbedtls] restore ALPN chk after client hello
* [core] re-validate h2 CONTINUATION frame len in cq
* [mod_mbedtls] remove redundant condition check
* [core] quiet coverity warning
2 years ago
- 1.4.58 - 2020-12-27
* [mod_wolfssl] use wolfSSL TLS version defines
* [mod_wolfssl] compile with earlier wolfSSL vers
* [tests] collect code for "die-at-end" tests
* [tests] remove FastCGI test dependency on libfcgi
* [core] prefer IPv6+IPv4 func vs IPv4-specific func
* [tests] remove FastCGI test dependency on PHP
* [core] reuse large mem chunks (fix mem usage) (fixes #3033)
* [core] add comment for FastCGI mem use in hctx->rb (#3033)
* [mod_proxy] fix sending of initial reqbody chunked
* [multiple] fdevent_waitpid() wrapper
* [core] sys-time.h - localtime_r,gmtime_r macros
* [core] http_date.[ch] encapsulate HTTP-date parse
* [core] specialized strptime() for HTTP date fmts
* [multiple] employ http_date.h, sys-time.h
* [core] http_date_timegm() (portable timegm())
* buffer_append_path_len() to join paths
* [core] inet_ntop_cache -> sock_addr_cache
* [tests] slight speed up checking for server ready
* [tests] load required modules in alt .conf tests
* [multiple] etag.[ch] -> http_etag.[ch]; better imp
* [core] fix crash after specific err in config file
* [core] fix bug in FastCGI uploads (#3033)
* [tests] OpenBSD crypt() support limited to bcrypt
* [core] http_response_match_if_range()
* [mod_webdav] typedef off_t loff_t for FreeBSD
* [multiple] chunkqueue_write_chunk()
* [build] add GNUMAKEFLAGS=--no-print-directory
* [tests] consolidate some tests/ content
* [core] fix bug in read retry found by coverity
2 years ago
- 1.4.57 - 2020-12-17
* [core] attempt to quiet some coverity warnings
* [mod_webdav] compile fix for Mac OSX/11
* [core] handle U+00A0 in config parser
* [core] fix lighttpd -1 one-shot with pipes
* [core] quiet start/shutdown trace in one-shot mode
* [core] allow keep-alives in one-shot mode (#3042)
* [mod_webdav] define _ATFILE_SOURCE if AT_FDCWD
* [core] setsockopt IPV6_V6ONLY if server.v4mapped
* [build] fix meson.build when building all TLS mods
* [core] prefer inet_aton() over inet_addr()
* [build] fix SCons build when building all TLS mods
* [core] add missing mod_wolfssl to ssl compat list
* [mod_openssl] remove ancient preprocessor logic
* [core] SHA512_Init, SHA512_Update, SHA512_Final
* [mod_wolfssl] add complex preproc logic for SNI
* [core] wrap a macro value with parens
* [core] fix handling chunked response from backend (fixes #3044)
* [core] always set file.fd = -1 on FILE_CHUNK reset (fixes #3044)
* [core] skip some trace if backend Upgrade (#3044)
* [TLS] cert-staple.sh POSIX sh compat (fixes #3043)
* [core] portability fix if st_mtime not defined
* [mod_nss] portability fix
* [core] warn if mod_authn_file needed in conf
* [core] fix chunked decoding from backend (fixes #3044)
* [core] reject excess data after chunked encoding (#3046)
* [core] track chunked encoding state from backend (fixes #3046)
* [core] li_restricted_strtoint64()
* [core] track Content-Length from backend (fixes #3046)
* [core] enhance config parsing debugging (#3047)
* [core] reorder srv->config_context to match ndx (fixes #3047)
* [mod_proxy] proxy.header = ("force-http10" => ...)
* [mod_authn_ldap] fix crash (fixes #3048)
* [mod_authn_ldap, mod_vhostdb_ldap] default cafile
* [core] fix array_copy_array() sorted[]
* [multiple] replace fall through comment with attr
* [core] fix crash printing trace if backend is down
* [core] fix decoding chunked from backend (fixes #3049)
* [core] attempt to quiet some coverity warnings
2 years ago
- 1.4.56 - 2020-11-29
2 years ago
* [core] perf: request processing
* [core] http_header_str_contains_token()
* [mod_flv_streaming] parse query string w/o copying
* [mod_evhost] use local array to split values
* [core] remove srv->split_vals
* [core] add User-Agent to http_header_e enum
* [core] store struct server * in struct connection
* [core] use func rc to indicate done reading header
* [core] replace connection_set_state w/ assignment
* [core] do not pass srv to http header parsing func
* [core] cold buffer_string_prepare_append_resize()
* [core] chunkqueue_compact_mem()
* [core] connection_chunkqueue_compact()
* [core] pass con around request, not srv and con
* [core] reduce use of struct parse_header_state
* [core] perf: HTTP header parsing using \n offsets
* [core] no need to pass srv to connection_set_state
* [core] perf: connection_read_header_more()
* [core] perf: connection_read_header_hoff() hot
* [core] inline connection_read_header()
* [core] pass ptr to http_request_parse()
* [core] more 'const' in request.c prototypes
* [core] handle common case of alnum or - field-name
* [mod_extforward] simplify code: use light_isxdigit
* [core] perf: array.c performance enhancements
* [core] mark some data_* funcs cold
* [core] http_header.c internal inline funcs
* [core] remove unused array_reset()
* [core] prefer uint32_t to size_t in base.h
* [core] uint32_t for struct buffer sizes
* [core] remove unused members of struct server
* [core] short-circuit path to clear request.headers
* [core] array keys are non-empty in key-value list
* [core] keep a->data[] sorted; remove a->sorted[]
* [core] __attribute_returns_nonnull__
* [core] differentiate array_get_* for ro and rw
* [core] (const buffer *) in (struct burl_parts_t)
* [core] (const buffer *) for con->server_name
* [core] perf: initialize con->conf using memcpy()
* [core] run config_setup_connection() fewer times
* [core] isolate data_config.c, vector.c
* [core] treat con->conditional_is_valid as bitfield
* [core] http_header_hkey_get() over const array
* [core] inline buffer as part of DATA_UNSET key
* [core] inline buffer key for *_patch_connection()
* [core] (data_unset *) from array_get_element_klen
* [core] inline buffer as part of data_string value
* [core] add const to callers of http_header_*_get()
* [core] inline array as part of data_array value
* [core] const char *op in data_config
* [core] buffer string in data_config
* [core] streamline config_check_cond()
* [core] keep a->data[] sorted (REVERT)
* [core] array a->sorted[] as ptrs rather than pos
* [core] inline header and env arrays into con
* [mod_accesslog] avoid alloc for parsing cookie val
* [core] simpler config_check_cond()
* [mod_redirect,mod_rewrite] store context_ndx
* [core] const char *name in struct plugin
* [core] srv->plugin_slots as compact list
* [core] rearrange server_config, server members
* [core] macros CONST_LEN_STR and CONST_STR_LEN
* [core] struct plugin_data_base
* [core] improve condition caching perf
* [core] config_plugin_values_init() new interface
* [mod_access] use config_plugin_values_init()
* [core] (const buffer *) from strftime_cache_get()
* [core] mv config_setup_connection to connections.c
* [core] use (const char *) in config file parsing
* [mod_staticfile] use config_plugin_values_init()
* [mod_skeleton] use config_plugin_values_init()
* [mod_setenv] use config_plugin_values_init()
* [mod_alias] use config_plugin_values_init()
* [mod_indexfile] use config_plugin_values_init()
* [mod_expire] use config_plugin_values_init()
* [mod_flv_streaming] use config_plugin_values_init()
* [mod_magnet] use config_plugin_values_init()
* [mod_usertrack] use config_plugin_values_init()
* [mod_userdir] split policy from userdir path build
* [mod_userdir] use config_plugin_values_init()
* [mod_ssi] use config_plugin_values_init()
* [mod_uploadprogress] use config_plugin_values_init()
* [mod_status] use config_plugin_values_init()
* [mod_cml] use config_plugin_values_init()
* [mod_secdownload] use config_plugin_values_init()
* [mod_geoip] use config_plugin_values_init()
* [mod_evasive] use config_plugin_values_init()
* [mod_trigger_b4_dl] use config_plugin_values_init()
* [mod_accesslog] use config_plugin_values_init()
* [mod_simple_vhost] use config_plugin_values_init()
* [mod_evhost] use config_plugin_values_init()
* [mod_vhostdb*] use config_plugin_values_init()
* [mod_mysql_vhost] use config_plugin_values_init()
* [mod_maxminddb] use config_plugin_values_init()
* [mod_auth*] use config_plugin_values_init()
* [mod_deflate] use config_plugin_values_init()
* [mod_compress] use config_plugin_values_init()
* [core] add xsendfile* check if xdocroot is NULL
* [mod_cgi] use config_plugin_values_init()
* [mod_dirlisting] use config_plugin_values_init()
* [mod_extforward] use config_plugin_values_init()
* [mod_webdav] use config_plugin_values_init()
* [core] store addtl data in pcre_keyvalue_buffer
* [mod_redirect] use config_plugin_values_init()
* [mod_rewrite] use config_plugin_values_init()
* [mod_rrdtool] use config_plugin_values_init()
* [multiple] gw_backends config_plugin_values_init()
* [core] config_get_config_cond_info()
* [mod_openssl] use config_plugin_values_init()
* [core] use config_plugin_values_init()
* [core] collect more config logic into configfile.c
* [core] config_plugin_values_init_block()
* [core] gw_backend config_plugin_values_init_block
* [core] remove old config_insert_values_*() funcs
* [multiple] plugin.c handles common FREE_FUNC code
* [core] run all trigger and sighup handlers
* [mod_wstunnel] change DEBUG_LOG to use log_error()
* [core] stat_cache_path_contains_symlink use errh
* [core] isolate use of data_config, configfile.h
* [core] split cond cache from cond matches
* [mod_auth] inline arrays in http_auth_require_t
* [core] array_init() arg for initial size
* [core] gw_exts_clear_check_local()
* [core] gw_backend less pointer chasing
* [core] connection_handle_errdoc() separate func
* [multiple] prefer (connection *) to (srv *)
* [core] create http chunk header on the stack
* [multiple] connection hooks no longer get (srv *)
* [multiple] plugin_stats array
* [core] read up-to fixed size chunk before fionread
* [core] default chunk size 8k (was 4k)
* [core] pass con around gw_backend instead of srv
* [core] log_error_multiline_buffer()
* [multiple] reduce direct use of srv->cur_ts
* [multiple] extern log_epoch_secs
* [multiple] reduce direct use of srv->errh
* [multiple] stat_cache singleton
* [mod_expire] parse config into structured data
* [multiple] generic config array type checking
* [multiple] rename r to rc rv rd wr to be different
* [core] (minor) config_plugin_keys_t data packing
* [core] inline buffer in log_error_st errh
* [multiple] store srv->tmp_buf in tb var
* [multiple] quiet clang compiler warnings
* [core] http_status_set_error_close()
* [core] http_request_host_policy w/ http_parseopts
* [multiple] con->proto_default_port
* [core] store log filename in (log_error_st *)
* [core] separate log_error_open* funcs
* [core] fdevent uses uint32_t instead of size_t
* [mod_webdav] large buffer reuse
* [mod_accesslog] flush file log buffer at 8k size
* [core] include settings.h where used
* [core] static buffers for mtime_cache
* [core] convenience macros to check req methods
* [core] support multiple error logs
* [multiple] omit passing srv to fdevent_handler
* [core] remove unused arg to fdevent_fcntl_set_nb*
* [core] slightly simpify server_(over)load_check()
* [core] isolate fdevent subsystem
* [core] isolate stat_cache subsystem
* [core] remove include base.h where unused
* [core] restart dead piped loggers every 64 sec
* [mod_webdav] use copy_file_range() if available
* [core] perf: buffer copy and append
* [core] copy some srv->srvconf into con->conf
* [core] move keep_alive flag into request_st
* [core] pass scheme port to http_request_parse()
* [core] pass http_parseopts around request.c
* [core] rename specific_config to request_config
* [core] move request_st,request_config to request.h
* [core] pass (request_st *) to request.c funcs
* [core] remove unused request_st member 'request'
* [core] rename content_length to reqbody_length
* [core] t/test_request.c using (request_st *)
* [core] (const connection *) in http_header_*_get()
* [mod_accesslog] log_access_record() fmt log record
* [core] move request start ts into (request_st *)
* [core] move addtl request-specific struct members
* [core] move addtl request-specific struct members
* [core] move plugin_ctx into (request_st *)
* [core] move addtl request-specific struct members
* [core] move request state into (request_st *)
* [core] store (plugin *) in p->data
* [core] store subrequest_handler instead of mode
* [multiple] copy small struct instead of memcpy()
* [multiple] split con, request (very large change)
* [core] r->uri.path always set, though might be ""
* [core] C99 restrict on some base funcs
* [tests] stub out config funcs in test_mod_*
* [tests] t/test_mod_userdir
* [core] dispatch handler in handle_request func
* [core] http_request_parse_target()
* [mod_magnet] modify r->target with "uri.path-raw"
* [core] remove r->uri.path_raw; generate as needed
* [core] http_response_comeback()
* [core] http_response_config()
* [tests] use buffer_eq_slen() for str comparison
* [core] http_status_append() short-circuit 200 OK
* [core] mark some chunk.c funcs as pure
* [core] use uint32_t in http_header.[ch]
* [core] perf: tighten some code in some hot paths
* [core] parse header label before end of line
* [doc] add link to wiki in doc/outdated/ssl.txt
* [doc] src/t/README
* [mod_auth] "nonce_secret" option to validate nonce (fixes #2976)
* [build] fix build on MacOS X Tiger
* [doc] lighttpd.conf: lighttpd choose event-handler
* [config] blank server.tag if whitespace-only
* [mod_proxy] stream request using HTTP/1.1 chunked (fixes #3006)
* [multiple] correct misspellings in comments
* [multiple] fix some cc warnings in 32-bit, powerpc
* [tests] fix skip count in mod-fastcgi w/o php-cgi
* [multiple] ./configure --with-nettle to use Nettle
* [core] skip excess close() when FD_CLOEXEC defined
* [mod_cgi] remove redundant calls to set FD_CLOEXEC
* [core] return EINVAL if stat_cache_get_entry w/o /
* [mod_webdav] define PATH_MAX if not defined
* [mod_accesslog] process backslash-escapes in fmt
* [mod_openssl] disable cert vrfy if ALPN acme-tls/1
* [core] add seed before openssl RAND_pseudo_bytes()
* [mod_mbedtls] mbedTLS option for TLS
* [core] prefer getxattr() instead of get_attr()
* [multiple] use *(unsigned char *) with ctypes
* [mod_openssl] do not log ECONNRESET unless debug
* [mod_openssl] SSL_R_UNEXPECTED_EOF_WHILE_READING
* [mod_gnutls] GnuTLS option for TLS (fixes #109)
* [mod_openssl] rotate session ticket encryption key
* [mod_openssl] set cert from callback in 1.0.2+ (fixes #2842)
* [mod_openssl] set chains from callback in 1.0.2+ (#2842)
* [core] RFC-strict parse of Content-Length
* [build] point ./configure --help to support forum
* [core] stricter parse of numerical digits
* [multiple] add summaries to top of some modules
* [core] sys-crypto-md.h w/ inline message digest fn
* [mod_openssl] enable read-ahead, if set, after SNI
* [mod_openssl] issue warning for deprecated options
* [mod_openssl] use SSL_OP_NO_RENEGOTIATION if avail
* [mod_openssl] use openssl feature define for ALPN
* [mod_openssl] update default DH params
* [core] SecureZeroMemory() on _WIN32
* [core] safe memset calls memset() through volatile
* [doc] update comments in doc/config/modules.conf
* [core] more precise check for request stream flags
* [mod_openssl] rotate session ticket encryption key
* [mod_openssl] ssl.stek-file to specify encrypt key
* [mod_mbedtls] ssl.stek-file to specify encrypt key
* [mod_gnutls] ssl.stek-file to specify encrypt key
* [mod_openssl] disable session cache; prefer ticket
* [mod_openssl] compat with LibreSSL
* [mod_openssl] compat with WolfSSL
* [mod_openssl] set SSL_OP_PRIORITIZE_CHACHA
* [mod_openssl] move SSL_CTX curve conf to new func
* [mod_openssl] basic SSL_CONF_cmd for alt TLS libs
* [mod_openssl] OCSP stapling (fixes #2469)
* [TLS] cert-staple.sh - refresh OCSP responses (#2469)
* [mod_openssl] compat with BoringSSL
* [mod_gnutls] option to override GnuTLS priority
* [mod_gnutls] OCSP stapling (#2469)
* [mod_extforward] config warning for module order
* [mod_webdav] store webdav.opts as bitflags
* [mod_webdav] limit webdav_propfind_dir() recursion
* [mod_webdav] unsafe-propfind-follow-symlink option
* [mod_webdav] webdav.opts "propfind-depth-infinity"
* [mod_openssl] detect certs marked OCSP Must-Staple
* [mod_gnutls] detect certs marked OCSP Must-Staple
* [mod_openssl] default to set MinProtocol TLSv1.2
* [mod_nss] NSS option for TLS (fixes #1218)
* [core] fdevent_load_file() shared code
* [mod_openssl,mbedtls,gnutls,nss] fdevent_load_file
* [core] error if s->socket_perms chmod() fails
* [mod_openssl] prefer some WolfSSL native APIs
* quiet clang analyzer scan-build warnings
* [core] uint32_t is plenty large for path names
* [mod_mysql_vhost] deprecated; use mod_vhostdb_mysql
* [core] splaytree_djbhash() in splaytree.h (reuse)
* [cmake] update deps for src/t/test_*
* [cmake] update deps for src/t/test_*
* [build] remove tests/mod-userdir.t from builds
* [build] fix typo in src/Makefile.am EXTRA_DIST
* [core] remove unused mbedtls_enabled flag
* [core] store fd in srv->stdin_fd during setup
* [multiple] address coverity warnings
* [mod_webdav] fix theoretical NULL dereference
* [mod_webdav] update rc for PROPFIND allprop
* [mod_webdav] build fix: ifdef live_properties
* [multiple] address coverity warnings
* [meson] fix libmariadb dependency
* [meson] add missing libmaxminddb section
* [mod_auth,mod_vhostdb] add caching option (fixes #2805)
* [mod_authn_ldap,mod_vhostdb_ldap] add timeout opt (#2805)
* [mod_auth] accept "nonce-secret" & "nonce_secret"
* [mod_openssl] fix build warnings on MacOS X
* [core] Nettle assert()s if buffer len > digest sz
* [mod_authn_dbi] authn backend employing DBI
* [mod_authn_mysql,file] use crypt() to save stack
* [mod_vhostdb_dbi] allow strings and ints in config
* add ci-build.sh
* move ci-build.sh to scripts
* [build] build fixes for AIX
* [mod_deflate] Brotli support
* [build] bzip2 default to not-enabled in build
* [mod_deflate] fix typo in config option
* [mod_deflate] propagate errs from internal funcs
* [mod_deflate] deflate.cache-dir compressed cache
* [mod_deflate] mod_deflate subsumes mod_compress
* [doc] mod_compress -> mod_deflate
* [tests] mod_compress -> mod_deflate
* [mod_compress] remove mod_compress
* [build] add --with-brotli to CI build
* [core] server.feature-flags extensible config
* [core] con layer plugin_ctx separate from request
* [multiple] con hooks store ctx in con->plugin_ctx
* [core] separate funcs to reset (request_st *)
* [multiple] rename connection_reset hook to request
* [mod_nss] func renames for consistency
* [core] detect and reject TLS connect to cleartext
* [mod_deflate] quicker check for Content-Encoding
* [mod_openssl] read secret data w/ BIO_new_mem_buf
* [core] decode Transfer-Encoding: chunked from gw
* [mod_fastcgi] decode Transfer-Encoding: chunked
* [core] stricter parsing of POST chunked block hdr
* [mod_proxy] send HTTP/1.1 requests to backends
* [tests] test_base64.c clear buf vs reset
* [core] http_header_remove_token()
* [mod_webdav] fix inadvertent string truncation
* [core] add some missing standard includes
* [mod_extforward] attempt to quiet Coverity warning
* [mod_authn_dbi,mod_authn_mysql] fix coverity issue
* [build] fix SCons build for detection of brotli
* [build] SCons build with brotli needs -lm on *BSD
* [build] SCons build mod_deflate w/ libm for brotli
* [build] SCons brotli needs pkg-config --static
* [build] avoid accept_filter_arg compiler warning
* [build] SCons fix space/tabs inconsistency
* scons: fix check environment
* Add avahi service file under doc/avahi/
* [mod_webdav] fix fallback if linkat() fails
* [mod_proxy] do not forward Expect: 100-continue
* [core] chunkqueue_compact_mem() must upd cq->last
* [core] dlsym for FAMNoExists() for compat w/ fam
* [core] disperse settings.h to appropriate headers
* [core] inline buffer_reset()
* [mod_extforward] save proto per connection
* [mod_extforward] skip after HANDLER_COMEBACK
* [core] server.feature-flags to enable h2
* [core] HTTP_VERSION_2
* [multiple] allow TLS ALPN "h2" if "server.h2proto"
* [mod_extforward] preserve changed addr for h2 con
* [core] do not send Connection: close if h2
* [core] lowercase response hdr field names for h2
* [core] recognize status: 421 Misdirected Request
* [core] parse h2 pseudo-headers
* [core] request_headers_process()
* [core] connection_state_machine_loop()
* [core] reset connection counters per connection
* [mod_accesslog,mod_rrdtool] HTTP/2 basic accounting
* [core] connection_set_fdevent_interest()
* [core] HTTP2-Settings
* [core] adjust http_request_headers_process()
* [core] http_header_parse_hoff()
* [core] move http_request_headers_process()
* [core] reqpool.[ch] for (request_st *)
* [multiple] modules read reqbody via fn ptr
* [multiple] isolate more con code in connections.c
* [core] isolate more resp code in response.c
* [core] h2.[ch] with stub funcs (incomplete)
* [core] alternate between two joblists
* [core] connection transition to HTTP/2; incomplete
* [core] mark some error paths with attribute cold
* [core] discard 100 102 103 responses from backend
* [core] skip write throttle for 100 Continue
* [core] adjust (disabled) debug code
* [core] update comment
* [core] link in ls-hpack (EXPERIMENTAL)
* [core] HTTP/2 HPACK using LiteSpeed ls-hpack
* [core] h2_send_headers() specialized for resp hdrs
* [core] http_request_parse_header() specialized
* [core] comment possible future ls-hpack optimize
* [mod_status] separate funcs to print request table
* [mod_status] adjust to print HTTP/2 requests
* [core] redirect to dir using relative-path
* [core] ignore empty field-name from backends
* [build] fix meson build
* [mod_auth] fix crash if auth.require misconfigured (fixes #3023)
* [core] fix 1-char trunc of default server.tag
* [core] request_acquire(), request_release()
* [core] keep pool of (request_st *) for HTTP/2
* [mod_status] dedicated funcs for r->state labels
* [core] move connections_get_state to connections.c
* [core] fix crash on master after graceful restart
* [core] defer optimization to read small files
* [core] do not require '\0' term for k,v hdr parse
* [scripts] cert-staple.sh enhancements
* [core] document algorithm used in lighttpd etag
* [core] ls-hpack optimizations
* [core] fix crash on master if blank line request
* [build] fix typo in option description for wolfSSL
* [core] use djbhash in gw_backend to choose host
* [core] rename md5.[ch] to algo_md5.[ch]
* [core] move djbhash(), dekhash() to algo_md.h
* [core] rename splaytree.[ch] to algo_splaytree.[ch]
* [core] import xxHash v0.8.0
* [build] modify build, includes for xxHash v0.8.0
* [build] remove ls-hpack/deps
* [core] xxhash no inline hints; let compiler choose
* [mod_dirlisting] fix config parsing crash
* [mod_openssl] clarify trace w/ deprecated options
* [doc] refresh doc/config/*/*
* [core] code size: disable XXH64(), XXH3()
* [doc] update README and INSTALL
* [build] add to autogen.sh hint listing reqd pkgs
* [core] combine Cookie request headers with ';'
* [core] log stream id with debug.log-state-handling
* [core] set r->state in h2.c
* [mod_ssi] update chunk after shell output redirect
* [mod_webdav] preserve bytes_out when chunks merged
* [multiple] inline chunkqueue_length()
* [core] cold h2_log_response_header*() funcs
* [core] update HTTP status codes list from IANA
* [mod_wolfssl] standalone module
* [core] Content-Length in http_response_send_file()
* [core] adjust response header prep for common case
* [core] light_isupper(), light_islower()
* [core] tst,set,clr macros for r->{rqst,resp}_htags
* [core] separate http_header_e from _htags bitmask
* [core] http_header_hkey_get_lc() for HTTP/2
* [core] array.[ch] using uint32_t instead of size_t
* [core] extend (data_string *) to store header id
* [multiple] extend enum http_header_e list
* [core] http_header_e <=> lshpack_static_hdr_idx
* [core] skip ls-hpack decode work unused by lighttpd
* [TLS] error if inherit empty TLS cfg from globals
* [core] connection_check_expect_100()
* [core] support multiple 1xx responses from backend
* [core] reload c after chunkqueue_compact_mem()
* [core] relay 1xx from backend over HTTP/2
* [core] relay 1xx from backend over HTTP/1.1
* [core] chunkqueue_{peek,read}_data(), squash
* [multiple] TLS modules use chunkqueue_peek_data()
* [mod_magnet] magnet.attract-response-start-to
* [multiple] code reuse chunkqueue_peek_data()
* [core] reuse r->start_hp.tv_sec for r->start_ts
* [core] config_plugin_value_tobool() accept "0","1"
* [core] graceful and immediate restart option
* [mod_ssi] init status var before waitpid()
* [core] graceful shutdown timeout option
* [core] lighttpd -1 supports pipes (e.g. netcat)
* [core] perf adjustments to avoid load miss
* [multiple] use sock_addr_get_family in more places
* [multiple] inline chunkqueue where always alloc'd
* [core] propagate state after writing
* [core] server_run_con_queue()
* [core] defer handling FDEVENT_HUP and FDEVENT_ERR
* [core] handle unexpected EOF reading FILE_CHUNK
* [core] short-circuit connection_write_throttle()
* [core] walk queue in connection_write_chunkqueue()
* [core] connection_joblist global
* [core] be more precise checking streaming flags
* [core] fdevent_load_file_bytes()
* [TLS] use fdevent_load_file_bytes() for STEK file
* [core] allow symlinks under /dev for rand devices
* [multiple] use light_btst() for hdr existence chk
* [mod_deflate] fix potential NULL deref in err case
* [core] save errno around close() if fstat() fails
* [mod_ssi] use stat_cache_open_rdonly_fstat()
* [core] fdevent_dup_cloexec()
* [core] dup FILE_CHUNK fd when splitting FILE_CHUNK
* [core] stat_cache_path_isdir()
* [multiple] use stat_cache_path_isdir()
* [mod_mbedtls] quiet CLOSE_NOTIFY after conn reset
* [mod_gnutls] quiet CLOSE_NOTIFY after conn reset
* [core] limit num ranges in Range requests
* [core] remove unused r->content_length
* [core] http_response_parse_range() const file sz
* [core] pass open fd to http_response_parse_range
* [core] stat_cache_get_entry_open()
* [core,mod_deflate] leverage cache of open fd
* [doc] comment out config disabling Range for .pdf
* [core] coalesce nearby ranges in Range requests
* [tests] simulate slow, small packets more quickly
* [mod_fastcgi] decode chunked is cold code path
* [core] fix chunkqueue_compact_mem w/ partial chunk
* [core] alloc optim reading file, sending chunked
* [core] reuse chunkqueue_compact_mem*()
* [mod_cgi] use splice() to send input to CGI
* [multiple] ignore openssl 3.0.0 deprecation warns
* [mod_openssl] migrate ticket cb to openssl 3.0.0
* [mod_openssl] construct OSSL_PARAM on stack
* [mod_openssl] merge ssl_tlsext_ticket_key_cb impls
* [multiple] openssl 3.0.0 digest interface migrate
* [tests] detect multiple SSL/TLS/crypto providers
* [core] sys-crypto-md.h consistent interfaces
* [wolfssl] wolfSSL_CTX_set_mode differs from others
* [multiple] use NSS crypto if no other crypto avail
* [multiple] stat_cache_path_stat() for struct st
* [TLS] ignore empty "CipherString" in ssl-conf-cmd
* [multiple] remove chunk file.start member
* [core] modify use of getrlimit() to not be fatal
* [mod_webdav] add missing update to cq accounting
* [mod_webdav] update defaults after worker_init
* [mod_openssl] use newer openssl 3.0.0 func
* [core] config_plugin_value_to_int32()