check getxattr before attr_get and -lattr;
do not link with -lattr if getxattr is available from glibc
(modern glibc systems do not require libattr-devel build dependency)
fix logic inversion on If-None-Match test on non-existent entity
return 412 if If-None-Match: "*" for non-existent entity
x-ref:
"trying to use Joplin Android App with lighttpd"
https://redmine.lighttpd.net/boards/3/topics/10193
adjust time jump detection to handle when server.max-workers is non-zero
x-ref:
"child exit causes time jump false positive when server.max-workers is non-zero"
https://redmine.lighttpd.net/issues/3123
(thx povcfe-bug)
In some scenarios with lighttpd -1 on pipes, the event handler
associated with the connection (con) will have been cleaned up,
and a pending event on the one-off oneshot_fdn will not yet have
been handled, leading to a crash. lighttpd typically is used to
handle requests on sockets, not pipes. With nc (netcat), the
requests might be sent over pipes. The bug occurred with the
accommodations made in lighttpd to handle the request over pipes.
x-ref:
"Trigger crash when using lighttpd -1 with pipes"
https://redmine.lighttpd.net/issues/3117
RFC7616 HTTP Digest username* and userhash support (if configured)
userhash support must be configured to enable:
auth.require = ( "/" => ( "userhash" => "enable", ... ) )
and one of
auth.backend = "htdigest" # mod_authn_file
or
auth.backend = "dbi" # mod_authn_dbi
and appropriate modification to add userhash into htdigest or db table
along with adding "sql-userhash" => "..." SQL query for mod_authn_dbi
Note: open issue with curl preventing userhash from working with curl:
https://github.com/curl/curl/pull/8066
use stack w/ pcre_exec unless saving captures from config conditions
reduce memory allocations per request where lighttpd.conf does not
contain url.redirect or url.rewrite rules where replacements reference
a match of the enclosing lighttpd.conf condition (e.g. %0, %1, %2 ...)
move cond_cache_t 'patterncount' to cond_match_t 'captures'
While cond_match_t is no longer sized power-2, it is generally expected
to be used much less frequently than before (which was all the time),
since it is now used only with url.redirect or url.rewrite with
references %0, %1, %2, ...
rename data_config_pcre_exec() to config_pcre_match()
and move logic saving pcre result state from
config_check_cond_nocache()
split config_check_cond_nocache() into two funcs
config_check_cond_nocache() participates in recursion
config_check_cond_nocache_eval() evaluates the condition
save config regex captures separately only if used by url.redirect
or url.rewrite replacement directives within the condition
(or for conditions containing directives from any other module
which calls config_capture() for its directives during init)
keep pointer to match data (cond_match_t *) in r->cond_match[]
rather than cond_match_t to reduce data copying in h2_init_stream().
h2_init_stream() copies the results for already-evaluated conditions
to avoid re-evaluating connection-level conditions for each and every
stream. When conditions are reset, then the pointer in r->cond_match[]
is updated when the condition is re-evaluated. (This all assumes that
HTTP/2 connection-level conditions are not unset or re-evaluated once
HTTP/2 streams begin.)
checkpoint (experimental) json output (disabled) from mod_dirlisting
Soliciting feedback from anyone who might write client javascript
employing json output from mod_dirlisting. What should be changed?
Glenn Strauss