|
|
|
|
|
|
|
|
|
|
|
====
|
|
|
|
|
|
NEWS
|
|
|
|
|
|
====
|
|
|
|
|
|
|
|
|
|
|
|
- 1.4.30 -
|
|
|
|
|
|
* Always use our 'own' md5 implementation, fixes linking issues on MacOS (fixes #2331)
|
|
|
|
|
|
|
|
|
|
|
|
- 1.4.29 - 2011-07-03
|
|
|
|
|
|
* Fix mod_proxy waiting for response even if content-length is 0 (fixes #2259)
|
|
|
|
|
|
* Silence annoying "connection closed: poll() -> ERR" error.log message (fixes #2257)
|
|
|
|
|
|
* mod_cgi: make read buffer as big as incoming data block
|
|
|
|
|
|
* [build] Fix detection of libev (fixes #2300)
|
|
|
|
|
|
* ssl: Support for Diffie-Hellman and Elliptic-Curve Diffie-Hellman key exchange (fixes #2301)
|
|
|
|
|
|
add ssl.use-sslv3 (fixes #2246)
|
|
|
|
|
|
load all algorithms (fixes #2239)
|
|
|
|
|
|
* [ssl/md5] prefix our own md5 implementation with li_ so it doesn't conflict with the openssl one (fixes #2269)
|
|
|
|
|
|
* [ssl/build] some minor fixes; fix compile without ssl, cleanup ssl config buffers
|
|
|
|
|
|
* [proc,include_shell] log error if exec shell fails (fixes #2280)
|
|
|
|
|
|
* [*cgi] Use physical base dir (alias, userdir) as DOCUMENT_ROOT in cgi environments (fixes #2216)
|
|
|
|
|
|
* [doc] Move docs to outdated/ subdir and refer to wiki instead (fixes #2248)
|
|
|
|
|
|
* fdevent: add solaris eventports (fixes #2171)
|
|
|
|
|
|
|
|
|
|
|
|
- 1.4.28 - 2010-08-22
|
|
|
|
|
|
* Rename fdevent_event_add to _set to reflect what the function does. Fix some handlers. (fixes #2249)
|
|
|
|
|
|
* Fix buffer.h to include stdio.h as it is needer for SEGFAULT() (fixes #2250)
|
|
|
|
|
|
|
|
|
|
|
|
- 1.4.27 - 2010-08-13
|
|
|
|
|
|
* Fix handling return value of SSL_CTX_set_options (fixes #2157, thx mlcreech)
|
|
|
|
|
|
* Fix mod_proxy HUP handling (send final chunk, fix usage counter)
|
|
|
|
|
|
* mod_proxy: close connection on write error (fixes #2114)
|
|
|
|
|
|
* Check uri instead of physical path for directory redirect
|
|
|
|
|
|
* Fix detecting git repository (fixes #2173, thx ncopa)
|
|
|
|
|
|
* [mod_compress] Fix segfault when etags are disabled (fixes #2169)
|
|
|
|
|
|
* Reset uri.authority before TLS servername handling, reset all "keep-alive" data in connection_del (fixes #2125)
|
|
|
|
|
|
* Print double quotes properly when dumping config file (fixes #1806)
|
|
|
|
|
|
* Include IP addresses on error log on password failures (fixes #2191)
|
|
|
|
|
|
* Fix stalls while reading from ssl sockets (fixes #2197)
|
|
|
|
|
|
* Fix etag formatting on boxes with 32-bit longs
|
|
|
|
|
|
* Fix two compiler warnings
|
|
|
|
|
|
* mod_accesslog: fix %p for ipv6 sockets (fixes #2228, thx jo.henke)
|
|
|
|
|
|
* mod_fastcgi: Send 502 "Bad Gateway" if we couldn't open the file for X-Sendfile (fixes #2226)
|
|
|
|
|
|
* mod_staticfile: add debug output if we ignore a file with static-file.exclude-extensions (fixes #2215)
|
|
|
|
|
|
* mod_cgi: fix race condition leaving response not forwarded to client (fixes #2217)
|
|
|
|
|
|
* mod_accesslog: Fix var declarations mixed in source (fixes #2233)
|
|
|
|
|
|
* mod_status: Add version to status page (fixes #2219)
|
|
|
|
|
|
* mod_accesslog: optimize accesslog_append_escaped (fixes #2236, thx crypt)
|
|
|
|
|
|
* openssl: silence annoying error messages for errno==0 (fixes #2213)
|
|
|
|
|
|
* array.c: improve array_get_unused_element to check data type; fix mem leak if unused_element didn't find a matching entry (fixes #2145)
|
|
|
|
|
|
* add check to stop loading plugins twice
|
|
|
|
|
|
* cleanup fdevent code, removed linux-rtsig handler, replaced some fprintf calls
|
|
|
|
|
|
* only require FDEVENT_IN bit to be set for listening connections (fixes #2227)
|
|
|
|
|
|
* add libev fdevent handler: server.event-handler = "libev"
|
|
|
|
|
|
* mod_proxy: return response as soon as it is available (fixes #2196)
|
|
|
|
|
|
* don't overwrite global server.force-lowercase-filenames setting (fixes #2042)
|
|
|
|
|
|
* bind to IPV6-only if ipv6 address was specified (http://redmine.lighttpd.net/projects/lighttpd/wiki/IPv6-Config)
|
|
|
|
|
|
|
|
|
|
|
|
- 1.4.26 - 2010-02-07
|
|
|
|
|
|
* Fix request parser to handle packets with splitted \r\n\r\n (fixes #2105)
|
|
|
|
|
|
* Remove dependency on automake >= 1.11 with m4_ifdef check
|
|
|
|
|
|
* mod_accesslog: support %e (fixes #2113, thx presbrey)
|
|
|
|
|
|
* Fix mod_cgi cgi.execute-x-only option in global block
|
|
|
|
|
|
* mod_fastcgi: x-sendfile2 parse error debugging
|
|
|
|
|
|
* Fix mod_proxy dead host detection if connect() fails
|
|
|
|
|
|
* Fix fd leaks in mod_cgi (fds not closed on pipe/fork failures, found by Rodrigo, fixes #2158, #2159)
|
|
|
|
|
|
* Fix segfault with broken rewrite/redirect patterns (fixes #2140, found by crypt)
|
|
|
|
|
|
* Append to previous buffer in con read, fix DoS/OOM vulnerability (fixes #2147, found by liming, CVE-2010-0295)
|
|
|
|
|
|
* Fix HUP detection in close-state if event-backend doesn't support FDEVENT_HUP (like select or poll on FreeBSD)
|
|
|
|
|
|
|
|
|
|
|
|
- 1.4.25 - 2009-11-21
|
|
|
|
|
|
* mod_magnet: fix pairs() for normal tables and strings (fixes #1307)
|
|
|
|
|
|
* mod_magnet: add traceback for printing lua errors
|
|
|
|
|
|
* mod_rewrite: fix compile error if compiled without pcre
|
|
|
|
|
|
* disable warning "CLOSE-read" (fixes #2091)
|
|
|
|
|
|
* mod_rrdtool: fix creating file if it doesn't exist (#1788)
|
|
|
|
|
|
* reset tlsext_server_name in connection_reset - fixes random hostnames in the $HTTP["host"] conditional
|
|
|
|
|
|
* export some SSL_CLIENT_* vars for client cert validation (fixes #1288, thx presbrey)
|
|
|
|
|
|
* mod_fastcgi: fix mod_fastcgi packet parsing
|
|
|
|
|
|
* mod_fastcgi: Don't reconnect after connect() succeeded (fixes #2096)
|
|
|
|
|
|
* Fix configure.ac to allow autoreconf, also enables make V=0
|
|
|
|
|
|
|
|
|
|
|
|
- 1.4.24 - 2009-10-25
|
|
|
|
|
|
* Add T_CONFIG_INT for bigger integers from the config (needed for #1966)
|
|
|
|
|
|
* Use unsigned int (and T_CONFIG_INT) for max_request_size
|
|
|
|
|
|
* Use unsigned int for secdownload.timeout (fixes #1966)
|
|
|
|
|
|
* Keep url/host values from connection to display information while keep-alive in mod_status (fixes #1202)
|
|
|
|
|
|
* Add server.breakagelog, a "special" stderr (fixes #1863)
|
|
|
|
|
|
* Fix config evaluation for debug.log-timeouts option (#1529)
|
|
|
|
|
|
* Add "cgi.execute-x-only" to mod_cgi, requires +x for cgi scripts (fixes #2013)
|
|
|
|
|
|
* Fix FD_SETSIZE comparision warnings
|
|
|
|
|
|
* Add "lua-5.1" to searched pkg-config names for lua
|
|
|
|
|
|
* Fix unused function webdav_lockdiscovery in mod_webdav
|
|
|
|
|
|
* cmake: Fix crypt lib check
|
|
|
|
|
|
* cmake: Add -export-dynamic to link flags, fixes build on FreeBSD
|
|
|
|
|
|
* Set FD_CLOEXEC for bound sockets before pipe-logger forks (fixes #2026)
|
|
|
|
|
|
* Reset ignored signals to SIG_DFL before exec() in fastcgi/scgi (fixes #2029)
|
|
|
|
|
|
* Show "no uri specified -> 400" error only when "debug.log-request-header-on-error" is enabled (fixes #2030)
|
|
|
|
|
|
* Fix hanging connection in mod_scgi (fixes #2024)
|
|
|
|
|
|
* Allow digits in hostnames in more places (fixes #1148)
|
|
|
|
|
|
* Use connection_reset instead of handle_request_done for cleanup callbacks
|
|
|
|
|
|
* Change mod_expire to append Cache-Control instead of overwriting it (fixes #1997)
|
|
|
|
|
|
* Allow all comparisons for $SERVER["socket"] - only bind for "=="
|
|
|
|
|
|
* Remove strptime failed message (fixes #2031)
|
|
|
|
|
|
* Fix issues found with clang analyzer
|
|
|
|
|
|
* Try to fix server.tag issue with localized svnversion
|
|
|
|
|
|
* Fix handling network-write return values (#2024)
|
|
|
|
|
|
* Use disable-time in fastcgi for all disables after errors, default is 1sec (fixes #2040)
|
|
|
|
|
|
* Remove adaptive spawning code from fastcgi (was disabled for a long time)
|
|
|
|
|
|
* Allow mod_mysql_vhost to use stored procedures (fixes #2011, thx Ben Brown)
|
|
|
|
|
|
* Fix ipv6 in mod_proxy (fixes #2043)
|
|
|
|
|
|
* Print errors from include_shell to stderr
|
|
|
|
|
|
* Set tm.tm_isdst = 0 before mktime() (fixes #2047)
|
|
|
|
|
|
* Use linux-epoll by default if available (fixes #2021, thx Olaf van der Spek)
|
|
|
|
|
|
* Print an error if you use too many captures in a regex pattern (fixes #2059)
|
|
|
|
|
|
* Combine Cache-Control header value in mod_expire to existing HTTP header if header already added by other modules (fixes #2068)
|
|
|
|
|
|
* Remember keep-alive-idle in separate variable (fixes #1988)
|
|
|
|
|
|
* Fix header inclusion order, always include "config.h" before any system header
|
|
|
|
|
|
* mod_webdav: Patch to skip login information for domain part of Destination field (fixes #1793)
|
|
|
|
|
|
* mod_webdav: Delete old properties before updating new for MOVE (fixes #1317)
|
|
|
|
|
|
* Read hostname from absolute uris in the request line (fixes #1937)
|
|
|
|
|
|
* mod_fastcgi: don't disable backend if disable-time is 0 (fixes #1825)
|
|
|
|
|
|
* mod_compress: match partial+full content-type (fixes #1552)
|
|
|
|
|
|
* mod_fastcgi: fix is_local detection, respawn backends if bin-path is set (fixes #897)
|
|
|
|
|
|
* Fix linger-on-close behaviour to avoid rare failure conditions (was r2636, fixes #657)
|
|
|
|
|
|
* mod_fastcgi: restart local procs immediately after they terminated, fix local procs handling
|
|
|
|
|
|
* Fix segfault on invalid config "duplicate else conditions" (fixes #2065)
|
|
|
|
|
|
* mod_usertrack: Use T_CONFIG_INT for max-age, solves range problem (#1455)
|
|
|
|
|
|
* mod_accesslog: configurable timestamp logging (fixes #1479)
|
|
|
|
|
|
* always define _GNU_SOURCE
|
|
|
|
|
|
* Add some iterators for mod_magnet (fixes #1307)
|
|
|
|
|
|
* Fix close_timeout_ts trigger (should finally fix lingering close)
|
|
|
|
|
|
* mod_rewrite: add url.rewrite-[repeat-]if-not-file to rewrite if file doesn't exist or is not a regular file (fixes #985, thx lucas aerbeydt)
|
|
|
|
|
|
* Add TLS servername indication (SNI) support (fixes #386, thx Peter Colberg <peter@colberg.org>)
|
|
|
|
|
|
* Add SSL Client Certificate verification (#1288)
|
|
|
|
|
|
* mod_fastcgi: Fix host->active_procs counter, return 503 if connect wasn't successful after 5 tries (fixes #1825)
|
|
|
|
|
|
* mod_accesslog: escape special characters (fixes #1551, thx icy)
|
|
|
|
|
|
* fix mod_webdav crash from #1793 (fixes #2084, thx hiroya)
|
|
|
|
|
|
* Don't print ssl error if client didn't support TLS SNI
|
|
|
|
|
|
* Fix linger close timeout handling, drop timeout to 5 seconds (fixes #2086)
|
|
|
|
|
|
* Fix broken return values from int to enum in mod_fastcgi
|
|
|
|
|
|
|
|
|
|
|
|
- 1.4.23 - 2009-06-19
|
|
|
|
|
|
* Added some extra warning options in cmake and fix the resulting warnings (unused/static functions)
|
|
|
|
|
|
* New lighttpd man page (moved it to section 8) (fixes #1875)
|
|
|
|
|
|
* Create rrd file for empty rrdfile in mod_rrdtool (#1788)
|
|
|
|
|
|
* Fix workaround for incorrect path info/scriptname if fastcgi prefix is "/" (fixes #729)
|
|
|
|
|
|
* Finally removed spawn-fcgi
|
|
|
|
|
|
* Allow xattr to overwrite mime type (fixes #1929)
|
|
|
|
|
|
* Remove link from errormsg about fastcgi apps (fixes #1942)
|
|
|
|
|
|
* Strip trailing dot from "Host:" header
|
|
|
|
|
|
* Remove the optional port info from SERVER_NAME (thx Mr_Bond)
|
|
|
|
|
|
* Fix mod_proxy RoundRobin (off by one problem if only one backend is up)
|
|
|
|
|
|
* Rename configure.in to configure.ac, with small cleanups (fixes #1932)
|
|
|
|
|
|
* Add proper SUID bit detection (fixes #416)
|
|
|
|
|
|
* Check for regular file in mod_cgi, so we don't try to start directories
|
|
|
|
|
|
* Include mmap.h from chunk.h to fix some problems with #define mmap mmap64 (fixes #1923)
|
|
|
|
|
|
* Add support for pipe logging for server.errorlog (fixes #296)
|
|
|
|
|
|
* Add revision number to package version for svn/git checkouts
|
|
|
|
|
|
* Use server.tag for SERVER_SOFTWARE if configured (fixes #357)
|
|
|
|
|
|
* Fix trailing zero char in REQUEST_URI after "strip-request-uri" in mod_fastcgi
|
|
|
|
|
|
* mod_magnet: Add env["request.remote-ip"] (fixes #1740)
|
|
|
|
|
|
* mod_magnet: Add env["request.path-info"]
|
|
|
|
|
|
* Change name/version separator back to "/" (affects every place where the version is printed)
|
|
|
|
|
|
* Fix bug with FastCGI request id overflow under high load; just use always id 1 as we don't use multiplexing. (thx jgray)
|
|
|
|
|
|
* Add some dirlisting enhancements (fixes #1458)
|
|
|
|
|
|
* Add option to enable TCP_DEFER_ACCEPT (fixes #1447)
|
|
|
|
|
|
* Limit amount of bytes read for one read-event (fixes #1070)
|
|
|
|
|
|
* Add evasive.silent option (fixes #1438)
|
|
|
|
|
|
* Make mod_extforward headers configurable (fixes #1545)
|
|
|
|
|
|
* Add '%_' pattern for complete hostname in mod_evhost (fixes #1737)
|
|
|
|
|
|
* Add IPv6 support to mod_proxy (fixes #1537)
|
|
|
|
|
|
* mod_ssi printenv: print cgi env, add environment vars to cgi env (fixes #1713)
|
|
|
|
|
|
* Fix error message if no auth backend was set
|
|
|
|
|
|
* Fix SERVER_NAME port stripping (fixes #1968)
|
|
|
|
|
|
* Fix x-sendfile 2gb limiting (fixes #1970)
|
|
|
|
|
|
* Fix mod_cgi environment keys mangling (fixes #1969)
|
|
|
|
|
|
* Fix workaround for incorrect path info/scriptname if scgi prefix is "/" (fixes #729)
|
|
|
|
|
|
* Fix max-age value in mod_expire for 'modification' (fixes #1978)
|
|
|
|
|
|
* Fix evasive.silent option (#1438)
|
|
|
|
|
|
* Fix mod-fastcgi counters
|
|
|
|
|
|
* Modify fastcgi error message
|
|
|
|
|
|
* Backup errno for later usage (reported by Guido Reina via mailinglist)
|
|
|
|
|
|
* Improve FastCGI performance (fixes #1999)
|
|
|
|
|
|
* Workaround broken operating systems: check for trailing '/' in filenames (fixes #1989)
|
|
|
|
|
|
* Allow using pcre with cross-compiling (pcre-config got fixed; fixes #1986)
|
|
|
|
|
|
* Add "lighty.req_env" table to mod_magnet for setting/getting environment values for cgi (fixes #1967, thx presbrey)
|
|
|
|
|
|
* Fix segfault in mod_expire after failed config parsing (fixes #1992)
|
|
|
|
|
|
* Add ssi.content-type option (default text/html, fixes #615)
|
|
|
|
|
|
* Add support for "real" entropy from /dev/[u]random (fixes #1977)
|
|
|
|
|
|
* Adding support for additional chars in LDAP usernames (fixes #1941)
|
|
|
|
|
|
* Ignore multiple "If-None-Match" headers (only use first one, fixes #753)
|
|
|
|
|
|
* Fix 100% cpu usage if time() < 0 (thx to gaspa and cate, fixes #1964)
|
|
|
|
|
|
* Allow max-keep-alive-requests to depend on conditional (fixes #1881)
|
|
|
|
|
|
* Make dependency on svnversion/git optional (for devel versionstamp, fixes #2009)
|
|
|
|
|
|
|
|
|
|
|
|
- 1.4.22 - 2009-03-07
|
|
|
|
|
|
* Fix wrong lua type for CACHE_MISS/CACHE_HIT in mod_cml (fixes #533)
|
|
|
|
|
|
* Fix default vhost in mod_simple_vhost (fixes #1905)
|
|
|
|
|
|
* Handle EINTR in mod_rrdtool (fixes #604)
|
|
|
|
|
|
* Fix rrd error after graceful restart (fixes #419)
|
|
|
|
|
|
* Fix EAGAIN handling for freebsd sendfile (fixes #1913, thx AnMaster for spotting the problem)
|
|
|
|
|
|
* Fix segfault in mod_scgi (fixes #1911)
|
|
|
|
|
|
* Treat EPIPE as connection-closed error in network_freebsd_sendfile.c (another fix from #1913)
|
|
|
|
|
|
* Fix useless redirection of stderr in mod_rrdtool, as it gets redirected to /dev/null later. (fixes #1922)
|
|
|
|
|
|
* Fix some problems with more strict compilers (#1923)
|
|
|
|
|
|
* Fix segfault if siginfo_t* is NULL in sigaction handler (fixes #1926)
|
|
|
|
|
|
|
|
|
|
|
|
- 1.4.21 - 2009-02-16
|
|
|
|
|
|
|
|
|
|
|
|
* Fix base64 decoding in mod_auth (#1757, thx guido)
|
|
|
|
|
|
* Fix mod_cgi segfault when bound to unix domain socket (#653)
|
|
|
|
|
|
* Do not rely on ioctl FIONREAD (#673)
|
|
|
|
|
|
* Now really fix mod auth ldap (#1066)
|
|
|
|
|
|
* Fix leaving zombie process with include_shell (#1777)
|
|
|
|
|
|
* Removed debian/, openwrt/ and cygwin/; they weren't kept up-to-date, and we decided to remove dist. specific stuff
|
|
|
|
|
|
* Try to convert string options to shorts for numeric options in config file; allows to use env-vars for numeric options. (#1159, thx andrewb)
|
|
|
|
|
|
* Do not cache default vhost in mod_simple_vhost (#709)
|
|
|
|
|
|
* Trust pcre-config, do not check for pcre manually (#1769)
|
|
|
|
|
|
* Fix fastcgi authorization in subdirectories with check-local=disabled; don't split pathinfo for authorizer. (#963)
|
|
|
|
|
|
* Add possibility to disable methods in mod_compress (#1773)
|
|
|
|
|
|
* Fix duplicate connection keep-alive/transfer-encoding headers (#960)
|
|
|
|
|
|
* Fixed fix for round-robin in mod_proxy (forgot to increment the index) (#1715)
|
|
|
|
|
|
* Fix fastcgi-authorizer handling; Status: 200 is now accepted as the doc requests
|
|
|
|
|
|
* Compare address family in inet_ntop_cache
|
|
|
|
|
|
* Revert CVE-2008-4359 (#1720) fix "encoding+simplifying urls for rewrite/redirect": too many regressions.
|
|
|
|
|
|
* Use FD_CLOEXEC if possible (fixes #1821)
|
|
|
|
|
|
* Optimized buffer usage in mod_proxy (fixes #1850)
|
|
|
|
|
|
* Fix uninitialized value in time struct after strptime
|
|
|
|
|
|
* Do not pass Proxy-Connection: header from client to backend http server in mod_proxy (#1877)
|
|
|
|
|
|
* Fix wrong malloc sizes in mod_accesslog (probably nothing bad happened...) (fixes #1855, thx ycheng)
|
|
|
|
|
|
* Some small buffer.c fixes (closes #1837)
|
|
|
|
|
|
* Remove floating point math from server.c (fixes #1402)
|
|
|
|
|
|
* Disable SSLv2 by default
|
|
|
|
|
|
* Use/enforce sane max-connection values (fixes #1803)
|
|
|
|
|
|
* Allow mod_compress to return 304 (Not Modified); compress ignores the static-file.etags option.(fixes #1884)
|
|
|
|
|
|
* Add option to ignore the "Expect: 100-continue" header instead of returning 417 Expectation failed (closes #1017)
|
|
|
|
|
|
* Use modified etags in mod_compress (fixes #1800)
|
|
|
|
|
|
* Fix max-connection limit handling/100% cpu usage (fixes #1436)
|
|
|
|
|
|
* Fix error handling in freebsd-sendfile (fixes #1813)
|
|
|
|
|
|
* Silenced the annoying "request timed out" warning, enable with the "debug.log-timeouts" option (fixes #1529)
|
|
|
|
|
|
* Allow tabs in header values (fixes #1822)
|
|
|
|
|
|
* Added Language conditional (fixes #1119); patch by petar
|
|
|
|
|
|
* Fix wrong format strings (#1900, thx stepancheg)
|
|
|
|
|
|
|
|
|
|
|
|
- 1.4.20 - 2008-09-30
|
|
|
|
|
|
|
|
|
|
|
|
* Fix mod_compress to compile with old gcc version (#1592)
|
|
|
|
|
|
* Fix mod_extforward to compile with old gcc version (#1591)
|
|
|
|
|
|
* Update documentation for #1587
|
|
|
|
|
|
* Fix #285 again: read error after SSL_shutdown (thx marton.illes@balabit.com) and clear the error queue before some other calls (CVE-2008-1531)
|
|
|
|
|
|
* Fix mod_magnet: enable "request.method" and "request.protocol" in lighty.env (#1308)
|
|
|
|
|
|
* Fix segfault for appending matched parts if there was no regex matching (just give empty strings) (#1601)
|
|
|
|
|
|
* Use data_response_init in mod_fastcgi x-sendfile handling for response.headers, fix a small "memleak" (#1628)
|
|
|
|
|
|
* Don't send empty Server headers (#1620)
|
|
|
|
|
|
* Fix conditional interpretation of core options
|
|
|
|
|
|
* Enable escaping of % and $ in redirect/rewrite; only two cases changed their behaviour: "%%" => "%", "$$" => "$"
|
|
|
|
|
|
* Fix accesslog port (should be port from the connection, not the "server.port") (#1618)
|
|
|
|
|
|
* Fix mod_fastcgi prefix matching: match the prefix always against url, not the absolute filepath (regardless of check-local)
|
|
|
|
|
|
* Overwrite Content-Type header in mod_dirlisting instead of inserting (#1614), patch by Henrik Holst
|
|
|
|
|
|
* Handle EINTR in mod_cgi during write() (#1640)
|
|
|
|
|
|
* Allow all http status codes by default; disable body only for 204,205 and 304; generate error pages for 4xx and 5xx (#1639)
|
|
|
|
|
|
* Fix mod_magnet to set con->mode = p->id if it generates content, so returning 4xx/5xx doesn't append an error page
|
|
|
|
|
|
* Remove lighttpd.spec* from source, fixing all problems with it ;-)
|
|
|
|
|
|
* Do not rely on PATH_MAX (POSIX does not require it) (#580)
|
|
|
|
|
|
* Disable logging to access.log if filename is an empty string
|
|
|
|
|
|
* Implement a clean way to open /dev/null and use it to close stdin/out/err in the needed places (#624)
|
|
|
|
|
|
* merge spawn-fcgi changes from trunk (from @2191)
|
|
|
|
|
|
* let spawn-fcgi propagate exit code from spawned fcgi application
|
|
|
|
|
|
* close connection after redirect in trigger_b4_dl (thx icy)
|
|
|
|
|
|
* close connection in mod_magnet if returned status code
|
|
|
|
|
|
* fix bug with IPv6 in mod_evasive (#1579)
|
|
|
|
|
|
* fix scgi HTTP/1.* status parsing (#1638), found by met@uberstats.com
|
|
|
|
|
|
* [tests] fixed system, use foreground daemons and waitpid
|
|
|
|
|
|
* [tests] removed pidfile from test system
|
|
|
|
|
|
* [tests] fixed tests needing php running (if not running on port 1026, search php in env[PHP] or /usr/bin/php-cgi)
|
|
|
|
|
|
* fixed typo in mod_accesslog (#1699)
|
|
|
|
|
|
* replaced buffer_{append,copy}_string with the _len variant where possible (#1732) (thx crypt)
|
|
|
|
|
|
* case insensitive match for secdownload md5 token (#1710)
|
|
|
|
|
|
* Handle only HEAD, GET and POST in mod_dirlisting (same as in staticfile) (#1687)
|
|
|
|
|
|
* fixed mod_secdownload problem with unsigned time_t (#1688)
|
|
|
|
|
|
* handle EAGAIN and EINTR for freebsd sendfile (#1675)
|
|
|
|
|
|
* Use filedescriptor 0 for mod_scgi spawn socket, redirect STDERR to /dev/null (#1716)
|
|
|
|
|
|
* fixed round-robin balancing in mod_proxy (#1715)
|
|
|
|
|
|
* fixed EINTR handling for waitpid in mod_fastcgi
|
|
|
|
|
|
* mod_{fast,s}cgi: overwrite environment variables (#1722)
|
|
|
|
|
|
* inserted many con->mode checks; they should prevent two modules to handle the same request if they shouldn't (#631)
|
|
|
|
|
|
* fixed url encoding to encode more characters (#266)
|
|
|
|
|
|
* allow digits in [s]cgi env vars (#1712)
|
|
|
|
|
|
* fixed dropping last character of evhost pattern (#161)
|
|
|
|
|
|
* print helpful error message on conditionals in global block (#1550)
|
|
|
|
|
|
* decode url before matching in mod_rewrite (#1720) -- (reverted for 1.4.21)
|
|
|
|
|
|
* fixed conditional patching of ldap filter (#1564)
|
|
|
|
|
|
* Match headers case insensitive in response (removing of X-{Sendfile,LIGHTTPD-*}, catching Date/Server) [2281]
|
|
|
|
|
|
* fixed bug with case-insensitive filenames in mod_userdir (#1589), spotted by "anders1" (CVE-2008-4360)
|
|
|
|
|
|
* fixed format string bugs in mod_accesslog for SYSLOG
|
|
|
|
|
|
* replaced fprintf with log_error_write in fastcgi debug
|
|
|
|
|
|
* fixed mem leak in ssi expression parser (#1753), thx Take5k
|
|
|
|
|
|
* hide some ssl errors per default, enable them with debug.log-ssl-noise (#397)
|
|
|
|
|
|
* do not send content-encoding for 304 (#1754), thx yzlai
|
|
|
|
|
|
* fix segfault for stat_cache(fam) calls with relative path (without '/', can be triggered by x-sendfile) (#1750)
|
|
|
|
|
|
* fix splitting of auth-ldap filter
|
|
|
|
|
|
* workaround ldap connection leak if a ldap connection failed (restarting ldap)
|
|
|
|
|
|
* fix auth.backend.ldap.bind-dn/pw problems (only read from global context for temporary ldap reconnects, thx ruskie)
|
|
|
|
|
|
* fix memleak in request header parsing (#1774, thx qhy) (CVE-2008-4298)
|
|
|
|
|
|
* fix mod_rewrite memleak/endless loop detection (#1775, thx phy - again!)
|
|
|
|
|
|
* use decoded url for matching in mod_redirect (#1720) (CVE-2008-4359) -- (reverted for 1.4.21)
|
|
|
|
|
|
|
|
|
|
|
|
- 1.4.19 - 2008-03-10
|
|
|
|
|
|
|
|
|
|
|
|
* added support for If-Range: <date> (#1346)
|
|
|
|
|
|
* added support for matching $HTTP["scheme"] in configs
|
|
|
|
|
|
* fixed initgroups() called after chroot (#1384)
|
|
|
|
|
|
* fixed case-sensitive check for Auth-Method (#1456)
|
|
|
|
|
|
* execute fcgi app without /bin/sh if used as argument to spawn-fcgi (#1428)
|
|
|
|
|
|
* fixed a bug that made /-prefixed extensions being handled also when
|
|
|
|
|
|
matching the end of the uri in fcgi,scgi and proxy modules (#1489)
|
|
|
|
|
|
* print error if X-LIGHTTPD-send-file cannot be done; reset header
|
|
|
|
|
|
Content-Length for send-file. Patches by Stefan Buehler
|
|
|
|
|
|
* prevent crash in certain php-fcgi configurations (#841)
|
|
|
|
|
|
* add IdleServers and Scoreboard directives in ?auto mode for mod_status (#1507)
|
|
|
|
|
|
* open log immediately after daemonizing, fixes SIGPIPEs on startup (#165)
|
|
|
|
|
|
* HTTPS env var should be "on" when using mod_extforward and the X-Forwarded-Proto header is set. (#1499)
|
|
|
|
|
|
* generate ETag and Last-Modified headers for mod_ssi based on newest modified include (#1491)
|
|
|
|
|
|
* support letterhomes in mod_userdir (#1473)
|
|
|
|
|
|
* support chained proxies in mod_extforward (#1528)
|
|
|
|
|
|
* fixed bogus "cgi died ?" if we kill the CGI process on shutdown
|
|
|
|
|
|
* fixed ECONNRESET handling in network-openssl
|
|
|
|
|
|
* fixed handling of EAGAIN in network-linux-sendfile (#657)
|
|
|
|
|
|
* reset conditional cache (#1164)
|
|
|
|
|
|
* create directories in mod_compress (was broken with alias/userdir) (#1027)
|
|
|
|
|
|
* fixed out of range access in fd array (#1562, #372) (CVE-2008-0983)
|
|
|
|
|
|
* mod_compress should check if the request is already handled, e.g. by fastcgi (#1565)
|
|
|
|
|
|
* remove broken workaround for buggy Opera version with ssl/chunked encoding (#285)
|
|
|
|
|
|
* generate etag/last-modified header for on-the-fly-compressed files (#1171)
|
|
|
|
|
|
* req-method OPTIONS: do not insert default response if request was denied, do not deny OPTIONS by default (#1324)
|
|
|
|
|
|
* fixed memory leak on windows (#1347)
|
|
|
|
|
|
* fixed building outside of the src dir (#1349)
|
|
|
|
|
|
* fixed including of stdint.h/inttypes.h in etag.c (#1413)
|
|
|
|
|
|
* do not add Accept-Ranges header if range-request is disabled (#1449)
|
|
|
|
|
|
* log the ip of failed auth tries in error.log (enhancement #1544)
|
|
|
|
|
|
* fixed RoundRobin in mod_proxy (#516)
|
|
|
|
|
|
* check for symlinks after successful pathinfo matching (#1574)
|
|
|
|
|
|
* fixed mod-proxy.t to run with a builddir outside of the src dir
|
|
|
|
|
|
* do not suppress content on "307 Temporary Redirect" (#1412)
|
|
|
|
|
|
* fixed Content-Length header if response body gets removed in connections.c (#1412, part 2)
|
|
|
|
|
|
* do not generate a "Content-Length: 0" header for HEAD requests, added test too
|
|
|
|
|
|
* remove compress cache file if compression or write failed (#1150)
|
|
|
|
|
|
* fixed body handling of status 300 requests
|
|
|
|
|
|
* spawn-fcgi: only try to connect to unix socket (not tcp) before spawning (#1575)
|
|
|
|
|
|
* fix sending source of cgi script instead of 500 error if fork fails (CVE-2008-1111)
|
|
|
|
|
|
* fix min-procs handling in mod_scgi.c, just set to max-procs (patch from #623)
|
|
|
|
|
|
* fix sending "408 - Timeout" instead of "410 - Gone" for timedout urls in mod_secdownload (#1440)
|
|
|
|
|
|
* workaround #1587: require userdir.path to be set to enable mod_userdir (empty string allowed) (CVE-2008-1270)
|
|
|
|
|
|
* make configure checks for --with-pcre, --with-zlib and --with-bzip2 failing if the headers aren't found
|
|
|
|
|
|
* fixed handling of waitpid() == EINTR mod_ssi on solaris
|
|
|
|
|
|
|
|
|
|
|
|
- 1.4.18 - 2007-09-09
|
|
|
|
|
|
|
|
|
|
|
|
* fixed compile error on IRIX 6.5.x on prctl() (#1333)
|
|
|
|
|
|
* fixed forwarding a SIGINT and SIGHUP when using max-workers (#902)
|
|
|
|
|
|
* fixed FastCGI header overrun in mod_fastcgi (reported by mattias@secweb.se)
|
|
|
|
|
|
* fixed hanging redirects with keep-alive due to missing
|
|
|
|
|
|
"Content-Length: 0" headers
|
|
|
|
|
|
* fixed crashing when using undefined environment variables in the config
|
|
|
|
|
|
* fixed compilation of mod_mysql_vhost on irix (#1341)
|
|
|
|
|
|
|
|
|
|
|
|
- 1.4.17 - 2007-08-29
|
|
|
|
|
|
|
|
|
|
|
|
* added dir-listing.set-footer in mod_dirlisting (#1277)
|
|
|
|
|
|
* added sending UID and PID for SIGTERM and SIGINT to the logs
|
|
|
|
|
|
* fixed hardcoded font-sizes in mod_dirlisting (#1267)
|
|
|
|
|
|
* fixed different ETag length on 32/64 platforms (#1279)
|
|
|
|
|
|
* fixed compression of files < 128 bytes by disabling compression (#1241)
|
|
|
|
|
|
* fixed mysql server reconnects (#518)
|
|
|
|
|
|
* fixed disabled keep-alive for dynamic content with HTTP/1.0 (#1166)
|
|
|
|
|
|
* fixed crash on mixed EOL sequences in mod_cgi
|
|
|
|
|
|
* fixed key compare (#1287)
|
|
|
|
|
|
* fixed invalid char in header values (#1286)
|
|
|
|
|
|
* fixed invalid "304 Not Modified" on broken timestamps
|
|
|
|
|
|
* fixed endless loop on shrinked files with sendfile() on BSD (#1289)
|
|
|
|
|
|
* fixed counter overrun in ?auto in mod_status (#909)
|
|
|
|
|
|
* fixed too aggresive caching of nested conditionals (#41)
|
|
|
|
|
|
* fixed possible overflow in unix-socket path checks on BSD (#713)
|
|
|
|
|
|
* fixed extra Content-Length header on 1xx, 204 and 304 (#1002)
|
|
|
|
|
|
* fixed handling of duplicate If-Modified-Since to return 304
|
|
|
|
|
|
* fixed extracting status code from NPH scripts (#1125)
|
|
|
|
|
|
* fixed prctl() usage (#1310)
|
|
|
|
|
|
* removed config-check if passwd files exist (#1188)
|
|
|
|
|
|
* fixed crash when etags are disabled but the client sends one (#1322)
|
|
|
|
|
|
* fixed crash when freeing the config in mod_alias
|
|
|
|
|
|
* fixed server.error-handler-404 breakage from 1.4.16 (#1270)
|
|
|
|
|
|
* fixed entering 404-handler from dynamic content (#948)
|
|
|
|
|
|
* added more debug infos for FAM based stat-cache
|
|
|
|
|
|
* use more LSB like paths in the sample config (#1242)
|
|
|
|
|
|
|
|
|
|
|
|
- 1.4.16 - 2007-07-25
|
|
|
|
|
|
|
|
|
|
|
|
* added static-file.etags, etag.use-inode, etag.use-mtime, etag.use-size
|
|
|
|
|
|
to customize the generation of ETags for static files. (#1209)
|
|
|
|
|
|
(patch by <Yusufg@gmail.com>)
|
|
|
|
|
|
* fixed typecast of NULL on execl() (#1235)
|
|
|
|
|
|
(patch by F. Denis)
|
|
|
|
|
|
* fixed circumventing url.access-deny by trailing slash (#1230)
|
|
|
|
|
|
* fixed crash on duplicate headers with trailing WS (#1232)
|
|
|
|
|
|
* fixed accepting more connections then requested (#1216)
|
|
|
|
|
|
* fixed mem-leak in mod_auth (reported by Stefan Esser)
|
|
|
|
|
|
* fixed crash with md5-sess and cnonce not set in mod_auth (reported by Stefan Esser)
|
|
|
|
|
|
* fixed missing check for base64 encoded string in mod_auth and Basic auth
|
|
|
|
|
|
(reported by Stefan Esser)
|
|
|
|
|
|
* fixed possible crash in Auth-Digest header parser on trailing WS in
|
|
|
|
|
|
mod_auth (reported by Stefan Esser)
|
|
|
|
|
|
* fixed check on stale errno values, which broke handling of broken fastcgi
|
|
|
|
|
|
applications. (#1245)
|
|
|
|
|
|
* fixed crash on 32bit archs when debug-msgs are printed in mod_scgi, mod_fastcgi
|
|
|
|
|
|
and mod_webdav (#1263)
|
|
|
|
|
|
|
|
|
|
|
|
- 1.4.15 - 2007-04-13
|
|
|
|
|
|
|
|
|
|
|
|
* fixed broken Set-Cookie headers
|
|
|
|
|
|
|
|
|
|
|
|
- 1.4.14 - 2007-04-13
|
|
|
|
|
|
|
|
|
|
|
|
* fix crash if gethostbyaddr() failed on redirect [1718]
|
|
|
|
|
|
* properly handle 206 responses generated by *cgi scripts. (#755) [1716]
|
|
|
|
|
|
* added HTTPS=on to the environment of cgi scripts (#861) [1684]
|
|
|
|
|
|
* fix handling of 303 (#1045) [1678]
|
|
|
|
|
|
* made the configure check for lua more portable [1677]
|
|
|
|
|
|
* added mod_extforward module [1665]
|
|
|
|
|
|
* references to the fam stat cache engine should be conditional (#1039) [1664]
|
|
|
|
|
|
* fix http 500 errors (colin.stephen/at/o2.com) #1041 [1663]
|
|
|
|
|
|
* prevent wrong pidfile unlinking on graceful restart (Chris Webb) [1656]
|
|
|
|
|
|
* ignore empty packets from STDERR stream. #998
|
|
|
|
|
|
* fix a crash for files with an mtime of 0 reported by cubiq on irc [1519]
|
|
|
|
|
|
CVE-2007-1870
|
|
|
|
|
|
* allow empty passwords with ldap (J<>rg Sonnenberger) [1516]
|
|
|
|
|
|
* mod_scgi.c segfault fix #964 [1501]
|
|
|
|
|
|
* Added round-robin support to mod_fastcgi [1500]
|
|
|
|
|
|
* Handle DragonFlyBSD the same way as Freebsd (J<>rg Sonnenberger) [1492,1676]
|
|
|
|
|
|
* added now and weeks support to mod_expire. #943
|
|
|
|
|
|
* fix cpu hog in certain requests [1473] CVE-2007-1869
|
|
|
|
|
|
* fix for handling hostnames with trailing dot [1406]
|
|
|
|
|
|
* fixed header-injection via server.tag (#1106)
|
|
|
|
|
|
* disabled caching of files without a content-type to solve the
|
|
|
|
|
|
aggressive caching of FF
|
|
|
|
|
|
* remove trailing white-spaces from HTTP-requests before parsing (#1098)
|
|
|
|
|
|
* fixed accesslog.use-syslog in a conditional and the caching of the
|
|
|
|
|
|
accesslog for files (fixes #1064)
|
|
|
|
|
|
* fixed various crashes at startup on broken accesslog.format strings (#1000)
|
|
|
|
|
|
* fixed handling of %% in accesslog.format
|
|
|
|
|
|
* fixed conditional dir-listing.exclude (#930)
|
|
|
|
|
|
* reduced default PATH_MAX to 255 (#826)
|
|
|
|
|
|
* ECONNABORTED is not known on cygwin (#863)
|
|
|
|
|
|
* fixed crash on url.redirect and url.rewrite if %0 is used in a global context
|
|
|
|
|
|
(#800)
|
|
|
|
|
|
* fixed possible crash in debug-message in mod_extforward
|
|
|
|
|
|
* fixed compilation of mod_extforward on glibc < 2.3.4
|
|
|
|
|
|
* fixed include of empty in the configfiles (#1076)
|
|
|
