add doc/initscripts.txt with description of lighttpd signal handling
and links to the initscripts of various operating system distros
remove doc/initscripts/*
x-ref:
"init scripts outdated, should be removed"
https://redmine.lighttpd.net/issues/2782
Lack of pipe2() on relic Unix as well as missing on Mac OSX is likely
one reason why threaded web servers such as nginx choose not to support
CGI except via an external service to the process. Without pipe2(),
race conditions exist and it is not safe for a threaded server to use
pipe() and fork() when the server also does not want to potentially leak
open file descriptors to various unrelated CGI scripts.
- "autoreconf --force --install" should be enough to get autobuild
running, manual cp / running ./autogen.sh should not be required
- reorganize files laters, e.g. scripts/{cmake,m4}
- include ax_prog_cc_for_build.m4 manually in configure.ac as it is not
automatically loaded if it is not in m4/
[mod_deflate] skip deflate if 1 min loadavg too high
deflate.max-loadavg = "3.50" # express value as string of float num
[mod_compress] skip compression if 1 min loadavg too high
compress.max-loadavg = "3.50" # express value as string of float num
Feature available on BSD-like systems which have getloadavg() in libc
Note: load average calculations are different on different operating
systems and different types of system loads, so there is no value that
can be recommended for one-size-fits-all.
x-ref:
"Enable mod_compress to abandon compression when load average is too high"
https://redmine.lighttpd.net/issues/1505
remove mod_authn_gssapi explicit dependency on -lresolv
This fixes build on FreeBSD when ./configure --with-krb5
(On systems that need libresolv, libkrb5 depends on libresolv)
Also remove obsolete hstrerror() references from build
prefer RAND_pseudo_bytes() (openssl), arc4random() or jrand48(),
if available, over rand()
These are not necessarily cryptographically secure, but should be better
than rand()
module status: experimental; more testing and review needed
Kerberos library calls have been preserved from original patch set
and should be reviewed.
module has been quickly tested with Basic auth (Use over TLS!)
SPNEGO -has not- been tested. Again, kerberos library calls have
been preserved from original patch set. YMMV. (Use over TLS!)
x-ref:
"Kerberos/GSSAPI Delegation Support"
https://redmine.lighttpd.net/issues/1899
lots of fixes and improvements
limitations: see comments at top of mod_deflate.c
missing functionality: encode streaming response
(module currently requires response be collected before being sent)
potential functionality: addition of compressed file cache would
allow mod_deflate to fully supplant mod_compress in lighttpd 1.4.x
x-ref:
"Adding mod_deflate to 1.4.xx"
https://redmine.lighttpd.net/issues/1824
"mod_deflate backport compile error if ENABLE_MMAP not defined"
https://redmine.lighttpd.net/issues/2753
github: closes #67
allow double-quotes, single-quotes or no quote on SSI param values
remove use of PCRE from mod_ssi
fix misspelling of 'unknow' to be 'unknown'
x-ref:
"mod_ssi doesn't accept single quotes"
https://redmine.lighttpd.net/issues/1768
libressl defines SSL_OP_NO_SSLv2 and SSL_OP_NO_SSLv3 as 0x0
(thx Christian Heckendorf)
libressl matches ERR_remove_thread_state() signature from openssl 1.0.2
(libressl pretends that libressl is openssl version 2.0.0,
but openssl 1.1.0 changes signature of ERR_remove_thread_state())
libressl does not yet provide compatibility interfaces for the new
prototypes introduced in openssl 1.1.0, including
DH_set0_pqg() and DH_set_length()
remove OPENSSL_NO_KRB5 from build config (added in 5fab991b in 2005)
(define USE_OPENSSL_KERBEROS if required)
(Note: OPENSSL_NO_KRB5 removed in openssl 1.1.0)
- a lot of code tried to handle manually adding terminating zeroes and
keeping track of the correct "used" count.
Replaced all "external" usages with simple wrapper functions:
* buffer_string_is_empty (used <= 1), buffer_is_empty (used == 0);
prefer buffer_string_is_empty
* buffer_string_set_length
* buffer_string_length
* CONST_BUF_LEN() macro
- removed "static" buffer hacks (buffers pointing to constant/stack
memory instead of malloc()ed data)
- buffer_append_strftime(): refactor buffer+strftime uses
- li_tohex(): no need for a buffer for binary-to-hex conversion:
the output data length is easy to predict
- remove "-Winline" from extra warnings: the "inline" keyword just
supresses the warning about unused but defined (static) functions;
don't care whether it actually gets inlined or not.
From: Stefan Bühler <stbuehler@web.de>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2979 152afb58-edef-0310-8abb-c4023f1b3aa9
Glenn Strauss
Stefan Bühler
Andreas Oberritter