516 Commits (b8a1835093f124dc820b31fd4753ef3cf2897606)

Author SHA1 Message Date
Stefan Bühler b8a1835093 NEWS entry for previous commit 8 years ago
Stefan Bühler 0d855be97e - next is 1.4.35 8 years ago
Stefan Bühler 24994e113a [mod_webdav] fix fd leak found with parfait (fixes #2530, thx kukackajiri) 8 years ago
Stefan Bühler 657566828e [mod_mysql_vhost] fix memory leak on config init (#2530) 8 years ago
Stefan Bühler e346794d59 [auto* build] remove -no-undefined from linker flags, as we actually link modules with undefined symbols (fixes #2533) 8 years ago
Stefan Bühler f0e5c1415d [core] decode URL before rewrite, enabling it to work in $HTTP["url"] conditionals (fixes #2526) 8 years ago
Stefan Bühler 17762fad01 maintain physical.basedir (the "acting" doc-root as prefix of physical.path) in more places 8 years ago
Stefan Bühler c8fbc16985 [ssl] fix regression from CVE-2013-4508 (client-cert sessions were broken) 9 years ago
Stefan Bühler 99cddff73a [core] check success of setuid,setgid,setgroups (CVE-2013-4559) 9 years ago
Stefan Bühler d8b363c1d1 [stat-cache] fix FAM cleanup/fdevent handling 9 years ago
Stefan Bühler ae1335503a [stat-cache] FAM: fix use after free (CVE-2013-4560) 9 years ago
Stefan Bühler 6b7240f2d8 NEWS entry for previous commit 9 years ago
Stefan Bühler 1af871fcef [ssl] fix SNI handling; only use key+cert+verify-client from SNI specific config (fixes #2525, CVE-2013-4508) 9 years ago
Stefan Bühler 268c054c40 [mod_extforward] fix compilation without IPv6, (not) using undefined var (fixes #2515, thx mm) 9 years ago
Stefan Bühler 9b0d54d7cc [mod_auth] explicitly link ssl for SHA1 (fixes #2517) 9 years ago
Stefan Bühler 32199a7bdf - next is 1.4.34 9 years ago
Stefan Bühler 29ff92d9ba [core] set signal handlers before forking child processes in modules/plugins_call_set_defaults (fixes #2502) 9 years ago
Stefan Bühler 9cfc080ab7 [core] allow files to be used as document-root (fixes #2475) 9 years ago
Stefan Bühler c26b0f9617 [mod_accesslog] add accesslog.syslog-level option (fixes #2480) 9 years ago
Stefan Bühler f0e5b84c27 [mod_simple_vhost] fix cache; skip module if simple-vhost.server-root is empty (thx rm for reporting) 9 years ago
Stefan Bühler 92567b8b8f [core] check whether server.chroot exists 9 years ago
Stefan Bühler 916cf7cfc0 [core] remove requirement that default doc-root has to exist, there are reasonable scenarios not requiring static files at all 9 years ago
Stefan Bühler f9d58670d5 [auth] new method "extern" to use already present REMOTE_USER (from magnet, ssl, ...) (fixes #2436) 9 years ago
Stefan Bühler 559b198f86 [auth] put REMOTE_USER into cgi environment, making it accessible to lua via lighty.req_env (fixes #2495) 9 years ago
Stefan Bühler 93fd9ea7a4 [ssl] add option ssl.empty-fragments, defaulting to disabled (fixes #2492) 9 years ago
Stefan Bühler 6d4d2118c3 [ssl] accept ssl renegotiations if they are not disabled (fixes #2491) 9 years ago
Stefan Bühler 05858f6cf2 [ssl] Fix $HTTP["scheme"] conditional, could be "http" for ssl connections if the ssl $SERVER["socket"] conditional was nested (fixes #2501) 9 years ago
Stefan Bühler 25a3f2e826 [network] use constants available at compile time for maximum number of chunks for writev instead of calling sysconf (fixes #2470) 9 years ago
Stefan Bühler 6cdb46587c [ssl] use DH only if openssl supports it (fixes #2479) 9 years ago
Stefan Bühler 3df2ec9248 [core] recognize more http methods to forward to backends (fixes #2346) 9 years ago
Stefan Bühler 9b36534752 [core] return 501 Not Implemented in static file mode for all methods except GET/POST/HEAD/OPTIONS 9 years ago
Stefan Bühler 12c4a40b28 [mod_userdir] add userdir.active option, "enabled" by default 9 years ago
Stefan Bühler a6b42cc61e [auto* build] simplify autogen.sh, handle automake 1.13 test running (fixes #2490) 9 years ago
Stefan Bühler c008fd7ec8 [mod_auth] fix invalid read in digest qop=auth-int handling (fixes #2478) 9 years ago
Stefan Bühler 680b714543 [cmake] Use TARGET_LINK_LIBRARIES instead of LINK_FLAGS for library dependencies, also add -Wl,--as-needed to extra warnings (fixes #2448) 9 years ago
Stefan Bühler a0e93c678b fix undefined stuff found with clang 9 years ago
Stefan Bühler 661efa3f37 fix some bugs found with canalyze (fixes #2484, thx Zhenbo Xu) 9 years ago
Stefan Bühler ce4bc0c0f7 [mod_auth] fix base64_decode (#2484) 9 years ago
Stefan Bühler c26b50d9ad [mod_auth] add htpasswd -s (SHA1) support if openssl is used (needs openssl for SHA1). This doesn't use any salt, md5 with salt is probably better. 9 years ago
Stefan Bühler 0342dfef1d [mod_auth] use crypt() on encrypted password instead of extracting salt first (fixes #2483) 9 years ago
Stefan Bühler b5da12c008 reject non ASCII characters in HTTP header names 9 years ago
Stefan Bühler 25a2d665aa call ERR_clear_error only for ssl connections in CON_STATE_ERROR 9 years ago
Stefan Bühler 0e48ef6acb [mod_fastcgi,log] support multi line logging (fixes #2252) 9 years ago
Stefan Bühler 543bd249fb fix handling of If-Modified-Since if If-None-Match is present (don't return 412 for date parsing errors); follow current draft for HTTP/1.1, which tells us to ignore If-Modified-Since if we have matching etags. 9 years ago
Stefan Bühler 9cd8faa1b6 mod_fastcgi: fix mix up of "mode" => "authorizer" in other fastcgi configs (fixes #2465, thx peex) 10 years ago
Stefan Bühler 5aef370a2d - next is 1.4.33 10 years ago
Stefan Bühler 79fed4ec04 remove whitespace at end of header keys 10 years ago
Stefan Bühler 6edfc40f93 fix DoS in Connection header value split (reported by Jesse Sipprell, CVE-2012-5533) 10 years ago
Stefan Bühler 29b126d5d3 mod_extforward: log address of untrusted proxy with debug.log-request-handling 10 years ago
Cyril Brulebois 4f4bcdd3c3 tests: make sure mod_proxy doesn't leave running processes (fixes #2435, thx kibi) 10 years ago