Commit Graph

1966 Commits (052a049f29ca7478d5e86924add77bce481d68bf)

Author SHA1 Message Date
Stefan Bühler a7396296da [network/ssl] fix build error if TLSEXT is disabled
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2937 152afb58-edef-0310-8abb-c4023f1b3aa9
2014-01-20 21:31:26 +00:00
Stefan Bühler 9061670c28 [dist]: fix typo in link title generated by packdist.sh
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2936 152afb58-edef-0310-8abb-c4023f1b3aa9
2014-01-20 14:20:09 +00:00
Stefan Bühler 0d855be97e - next is 1.4.35
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2935 152afb58-edef-0310-8abb-c4023f1b3aa9
2014-01-20 14:20:06 +00:00
Stefan Bühler 3ca6adc233 [docs] add !kPSK to the cipher string recommendation as the comments before already mention
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2933 152afb58-edef-0310-8abb-c4023f1b3aa9
2014-01-20 12:07:36 +00:00
Stefan Bühler d7c90814c3 [tests] add cleanup.sh to cmake test runs, reset SLOWREQUEST in request.t
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2932 152afb58-edef-0310-8abb-c4023f1b3aa9
2014-01-10 12:05:12 +00:00
Stefan Bühler 524e0a30a0 add two asserts to help parfait (#2530)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2931 152afb58-edef-0310-8abb-c4023f1b3aa9
2014-01-10 12:05:09 +00:00
Stefan Bühler 24994e113a [mod_webdav] fix fd leak found with parfait (fixes #2530, thx kukackajiri)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2930 152afb58-edef-0310-8abb-c4023f1b3aa9
2014-01-10 12:05:06 +00:00
Stefan Bühler 657566828e [mod_mysql_vhost] fix memory leak on config init (#2530)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2929 152afb58-edef-0310-8abb-c4023f1b3aa9
2014-01-10 12:05:04 +00:00
Stefan Bühler e346794d59 [auto* build] remove -no-undefined from linker flags, as we actually link modules with undefined symbols (fixes #2533)
On platforms that support linking modules with undefined symbols we
actually do it; so most of the time -no-undefined should result in an
error.
On platforms that don't support it, it will result in an error sooner or
later anyway (on those it should build a shared libary with the core
code to link the modules against).

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2928 152afb58-edef-0310-8abb-c4023f1b3aa9
2014-01-10 12:05:02 +00:00
Stefan Bühler f0e5c1415d [core] decode URL before rewrite, enabling it to work in $HTTP["url"] conditionals (fixes #2526)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2927 152afb58-edef-0310-8abb-c4023f1b3aa9
2014-01-10 12:04:59 +00:00
Stefan Bühler 17762fad01 maintain physical.basedir (the "acting" doc-root as prefix of physical.path) in more places
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2926 152afb58-edef-0310-8abb-c4023f1b3aa9
2014-01-10 12:04:57 +00:00
Stefan Bühler c8fbc16985 [ssl] fix regression from CVE-2013-4508 (client-cert sessions were broken)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2925 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-11-13 17:18:39 +00:00
Stefan Bühler 18869bcfed [mod_ssi] fix "ssi_val_init" prototype
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2924 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-11-13 17:18:35 +00:00
Stefan Bühler 99cddff73a [core] check success of setuid,setgid,setgroups (CVE-2013-4559)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2923 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-11-13 11:43:33 +00:00
Stefan Bühler d8b363c1d1 [stat-cache] fix FAM cleanup/fdevent handling
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2922 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-11-13 11:43:31 +00:00
Stefan Bühler ae1335503a [stat-cache] FAM: fix use after free (CVE-2013-4560)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2921 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-11-13 11:43:28 +00:00
Stefan Bühler 6f208cfde1 fix/silence bugs reported by ccc-analyzer (clang)
These should all be non critical:
 * memory leaks on startup in error cases (which lead to
   immediate shutdowns anyway)
 * http_auth/ldap: passing uninitialized "ret" to ldap_err2string
 * sizeof(T) not matching the target pointer in malloc/calloc calls;
   those cases were either:
   * T being the wrong pointer type - shouldn't matter as long as all
     pointers have same size
   * T being larger than the type needed
 * mod_accesslog: direct use after free in cleanup (server shutdown);
   could crash before "clean" shutdown
 * some false positives (mod_compress, mod_expire)
 * assert(srv->config_context->used > 0); - this is always the case,
   as there is always a global config block

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2920 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-11-13 11:43:26 +00:00
Stefan Bühler 6b7240f2d8 NEWS entry for previous commit
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2919 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-11-13 11:43:23 +00:00
Stefan Bühler cdcd49b547 [doc] update ssl.cipher-list recommendation
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2918 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-11-10 16:44:34 +00:00
Stefan Bühler ff86b5cc67 [autobuild] create m4/ before calling autoreconf
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2917 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-11-10 13:59:43 +00:00
Stefan Bühler 4938c94ada fix typo (fixes #2519)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2916 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-11-10 13:49:47 +00:00
Stefan Bühler 1985df2a48 add "packdist.sh" script to build (pre-) releases
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2915 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-11-10 13:41:12 +00:00
Stefan Bühler cb02c73860 [autobuild] use autoreconf instead of calling tools manually; add generated files to .gitignore
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2914 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-11-10 13:41:09 +00:00
Stefan Bühler 1af871fcef [ssl] fix SNI handling; only use key+cert+verify-client from SNI specific config (fixes #2525, CVE-2013-4508)
pull all ssl.ca-file values into all SSL_CTXs, but use only the local
ssl.ca-file for verify-client; correct SNI name is no requirement,
so enforcing verification for a subset of SNI names doesn't actually
protect those.

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2913 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-11-05 15:29:07 +00:00
Stefan Bühler 3ce548c8d0 remove unused members from struct server_socket
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2912 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-11-05 15:29:04 +00:00
Stefan Bühler 268c054c40 [mod_extforward] fix compilation without IPv6, (not) using undefined var (fixes #2515, thx mm)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2911 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-10-13 11:34:55 +00:00
Stefan Bühler 9b0d54d7cc [mod_auth] explicitly link ssl for SHA1 (fixes #2517)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2910 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-10-13 11:16:55 +00:00
Stefan Bühler 32199a7bdf - next is 1.4.34
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2909 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-09-27 20:22:12 +00:00
Stefan Bühler a4640b457e [tests] use list for perl exec to skip the sh wrapper
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2903 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-09-06 16:44:41 +00:00
Stefan Bühler 3863053b99 [mod_scgi] fix log typos
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2902 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-09-06 16:44:39 +00:00
Stefan Bühler 29ff92d9ba [core] set signal handlers before forking child processes in modules/plugins_call_set_defaults (fixes #2502)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2901 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-08-30 15:46:13 +00:00
Stefan Bühler 9cfc080ab7 [core] allow files to be used as document-root (fixes #2475)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2900 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-08-30 15:02:44 +00:00
Stefan Bühler c26b0f9617 [mod_accesslog] add accesslog.syslog-level option (fixes #2480)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2899 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-08-30 14:13:43 +00:00
Stefan Bühler f0e5b84c27 [mod_simple_vhost] fix cache; skip module if simple-vhost.server-root is empty (thx rm for reporting)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2898 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-08-30 13:15:03 +00:00
Stefan Bühler 95dc1ed79e [tests] add mod_simplevhost tests
* next commit fixes the bug

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2897 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-08-30 13:15:01 +00:00
Stefan Bühler 92567b8b8f [core] check whether server.chroot exists
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2896 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-08-30 13:14:59 +00:00
Stefan Bühler 916cf7cfc0 [core] remove requirement that default doc-root has to exist, there are reasonable scenarios not requiring static files at all
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2895 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-08-30 13:14:57 +00:00
Stefan Bühler f9d58670d5 [auth] new method "extern" to use already present REMOTE_USER (from magnet, ssl, ...) (fixes #2436)
can be combined with ssl:
    ssl.verifyclient.username = "SSL_CLIENT_S_DN_UID"
	auth.require = ("/" => ( "require" => "valid-user", "method" => "extern") )

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2894 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-08-30 13:14:56 +00:00
Stefan Bühler 2bcf65c285 [mod_auth] some cleanup, only search for matching auth.require path once
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2893 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-08-30 13:14:54 +00:00
Stefan Bühler 559b198f86 [auth] put REMOTE_USER into cgi environment, making it accessible to lua via lighty.req_env (fixes #2495)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2892 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-08-30 13:14:52 +00:00
Stefan Bühler 93fd9ea7a4 [ssl] add option ssl.empty-fragments, defaulting to disabled (fixes #2492)
if ssl.empty-fragments is set to enabled, but the openssl version used
  to compile lighttpd doesn't support empty fragments, a warning is
  displayed (it might still work).

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2891 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-08-30 13:14:50 +00:00
Stefan Bühler 6d4d2118c3 [ssl] accept ssl renegotiations if they are not disabled (fixes #2491)
* don't fiddle with ssl internals
 * renegotiations should be safe with recent openssl versions,
   openssl itself should reject unsafe renegotiations

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2890 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-08-30 13:14:48 +00:00
Marcus Rückert 292b8d621b move ssl.disable-client-renegotiation and added note that it currently doesnt work inside conditionals
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2889 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-08-15 10:33:00 +00:00
Stefan Bühler f8e9462d2f [autoconf] pkg-config: search for lua5.1 and lua-5.1 before lua
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2888 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-07-31 20:23:23 +00:00
Stefan Bühler 05858f6cf2 [ssl] Fix $HTTP["scheme"] conditional, could be "http" for ssl connections if the ssl $SERVER["socket"] conditional was nested (fixes #2501)
con->conf.is_ssl got removed and replaced by:
 * con->conf.ssl_enabled for the config var "ssl.engine" - it is only
   used to determine which server-sockets should use ssl. (usually not
   needed as it is mandatory and enough to set ssl.pemfile anyway)
 * con->srv_socket->is_ssl to detect the actual ssl status of the
   bound socket, which is the same as the ssl status of the connection
 * con->uri.scheme for the actual $HTTP["scheme"] value, also used for
   the CGI "HTTPS=ON" variable. This defaults to "https" if the
   connection uses ssl, but can be changed for example by mod_extforward
   if X-Forwarded-Proto: is set to either "http" or "https" (other values
   are ignored right now)

Also removed the broken srv_socket->is_proxy_ssl as it was a connection
value in a server_socket struct...

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2887 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-07-31 20:23:21 +00:00
Stefan Bühler 7147c84671 [mod_accesslog] fix log buffer <-> log file mapping
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2886 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-07-31 20:23:18 +00:00
Stefan Bühler 25a3f2e826 [network] use constants available at compile time for maximum number of chunks for writev instead of calling sysconf (fixes #2470)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2885 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-06-29 12:46:02 +00:00
Stefan Bühler 6cdb46587c [ssl] use DH only if openssl supports it (fixes #2479)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2884 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-06-29 12:46:00 +00:00
Stefan Bühler 3df2ec9248 [core] recognize more http methods to forward to backends (fixes #2346)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2883 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-06-29 10:53:24 +00:00
Stefan Bühler 9b36534752 [core] return 501 Not Implemented in static file mode for all methods except GET/POST/HEAD/OPTIONS
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2882 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-06-29 10:53:22 +00:00