522 Commits (29a10702998aa504054412a802f4d9c09cb24042)

Author SHA1 Message Date
Stefan Bühler 29a1070299 add comments for switch fall throughs 8 years ago
Stefan Bühler b239e7734a [mod_magnet] fix memory leak 8 years ago
Stefan Bühler b461e031f5 [mod_fastcgi,mod_scgi] fix resource leaks on spawning backends 8 years ago
Stefan Bühler d59c910d6a [mod_dirlisting] fix memory leak if pcre fails 8 years ago
Stefan Bühler 0aaf939e5e [mod_rrdtool] fix invalid read (string not null terminated) 8 years ago
Stefan Bühler fc3a060a04 [mod_fastcgi] fix use after free (only triggered if fastcgi debug is active) 8 years ago
Stefan Bühler b8a1835093 NEWS entry for previous commit 8 years ago
Stefan Bühler 0d855be97e - next is 1.4.35 8 years ago
Stefan Bühler 24994e113a [mod_webdav] fix fd leak found with parfait (fixes #2530, thx kukackajiri) 8 years ago
Stefan Bühler 657566828e [mod_mysql_vhost] fix memory leak on config init (#2530) 8 years ago
Stefan Bühler e346794d59 [auto* build] remove -no-undefined from linker flags, as we actually link modules with undefined symbols (fixes #2533) 8 years ago
Stefan Bühler f0e5c1415d [core] decode URL before rewrite, enabling it to work in $HTTP["url"] conditionals (fixes #2526) 8 years ago
Stefan Bühler 17762fad01 maintain physical.basedir (the "acting" doc-root as prefix of physical.path) in more places 8 years ago
Stefan Bühler c8fbc16985 [ssl] fix regression from CVE-2013-4508 (client-cert sessions were broken) 9 years ago
Stefan Bühler 99cddff73a [core] check success of setuid,setgid,setgroups (CVE-2013-4559) 9 years ago
Stefan Bühler d8b363c1d1 [stat-cache] fix FAM cleanup/fdevent handling 9 years ago
Stefan Bühler ae1335503a [stat-cache] FAM: fix use after free (CVE-2013-4560) 9 years ago
Stefan Bühler 6b7240f2d8 NEWS entry for previous commit 9 years ago
Stefan Bühler 1af871fcef [ssl] fix SNI handling; only use key+cert+verify-client from SNI specific config (fixes #2525, CVE-2013-4508) 9 years ago
Stefan Bühler 268c054c40 [mod_extforward] fix compilation without IPv6, (not) using undefined var (fixes #2515, thx mm) 9 years ago
Stefan Bühler 9b0d54d7cc [mod_auth] explicitly link ssl for SHA1 (fixes #2517) 9 years ago
Stefan Bühler 32199a7bdf - next is 1.4.34 9 years ago
Stefan Bühler 29ff92d9ba [core] set signal handlers before forking child processes in modules/plugins_call_set_defaults (fixes #2502) 9 years ago
Stefan Bühler 9cfc080ab7 [core] allow files to be used as document-root (fixes #2475) 9 years ago
Stefan Bühler c26b0f9617 [mod_accesslog] add accesslog.syslog-level option (fixes #2480) 9 years ago
Stefan Bühler f0e5b84c27 [mod_simple_vhost] fix cache; skip module if simple-vhost.server-root is empty (thx rm for reporting) 9 years ago
Stefan Bühler 92567b8b8f [core] check whether server.chroot exists 9 years ago
Stefan Bühler 916cf7cfc0 [core] remove requirement that default doc-root has to exist, there are reasonable scenarios not requiring static files at all 9 years ago
Stefan Bühler f9d58670d5 [auth] new method "extern" to use already present REMOTE_USER (from magnet, ssl, ...) (fixes #2436) 9 years ago
Stefan Bühler 559b198f86 [auth] put REMOTE_USER into cgi environment, making it accessible to lua via lighty.req_env (fixes #2495) 9 years ago
Stefan Bühler 93fd9ea7a4 [ssl] add option ssl.empty-fragments, defaulting to disabled (fixes #2492) 9 years ago
Stefan Bühler 6d4d2118c3 [ssl] accept ssl renegotiations if they are not disabled (fixes #2491) 9 years ago
Stefan Bühler 05858f6cf2 [ssl] Fix $HTTP["scheme"] conditional, could be "http" for ssl connections if the ssl $SERVER["socket"] conditional was nested (fixes #2501) 9 years ago
Stefan Bühler 25a3f2e826 [network] use constants available at compile time for maximum number of chunks for writev instead of calling sysconf (fixes #2470) 9 years ago
Stefan Bühler 6cdb46587c [ssl] use DH only if openssl supports it (fixes #2479) 9 years ago
Stefan Bühler 3df2ec9248 [core] recognize more http methods to forward to backends (fixes #2346) 9 years ago
Stefan Bühler 9b36534752 [core] return 501 Not Implemented in static file mode for all methods except GET/POST/HEAD/OPTIONS 9 years ago
Stefan Bühler 12c4a40b28 [mod_userdir] add userdir.active option, "enabled" by default 9 years ago
Stefan Bühler a6b42cc61e [auto* build] simplify autogen.sh, handle automake 1.13 test running (fixes #2490) 9 years ago
Stefan Bühler c008fd7ec8 [mod_auth] fix invalid read in digest qop=auth-int handling (fixes #2478) 9 years ago
Stefan Bühler 680b714543 [cmake] Use TARGET_LINK_LIBRARIES instead of LINK_FLAGS for library dependencies, also add -Wl,--as-needed to extra warnings (fixes #2448) 9 years ago
Stefan Bühler a0e93c678b fix undefined stuff found with clang 9 years ago
Stefan Bühler 661efa3f37 fix some bugs found with canalyze (fixes #2484, thx Zhenbo Xu) 9 years ago
Stefan Bühler ce4bc0c0f7 [mod_auth] fix base64_decode (#2484) 9 years ago
Stefan Bühler c26b50d9ad [mod_auth] add htpasswd -s (SHA1) support if openssl is used (needs openssl for SHA1). This doesn't use any salt, md5 with salt is probably better. 9 years ago
Stefan Bühler 0342dfef1d [mod_auth] use crypt() on encrypted password instead of extracting salt first (fixes #2483) 9 years ago
Stefan Bühler b5da12c008 reject non ASCII characters in HTTP header names 9 years ago
Stefan Bühler 25a2d665aa call ERR_clear_error only for ssl connections in CON_STATE_ERROR 9 years ago
Stefan Bühler 0e48ef6acb [mod_fastcgi,log] support multi line logging (fixes #2252) 9 years ago
Stefan Bühler 543bd249fb fix handling of If-Modified-Since if If-None-Match is present (don't return 412 for date parsing errors); follow current draft for HTTP/1.1, which tells us to ignore If-Modified-Since if we have matching etags. 9 years ago