Glenn Strauss
cd2b51cb1a
[core] fix CONNECT w strict header parsing enabled
...
fix CONNECT with strict header parsing enabled (default)
(or set server.http-parseopt-header-strict = "disabled")
x-ref:
"ssh over https tunnel"
https://redmine.lighttpd.net/boards/2/topics/7805
4 years ago
Glenn Strauss
bd32f67046
[core] open additional fds O_CLOEXEC
4 years ago
Glenn Strauss
b1df38ab6a
[core] increase stat_cache abstraction
...
reduce dependency on struct connection
routines for getting/caching content_type and etag separate from stat
4 years ago
Glenn Strauss
2496c1af4c
[core] pass array_get_element_klen() const array *
4 years ago
Glenn Strauss
6a6d32698e
[core] fix path-info calculation in git master ( fixes #2861 )
...
(thx ReimuHakurei)
x-ref:
"Regression: PHP URLs return 404 from lighttpd when they contain PATH_INFO ending in a trailing slash."
https://redmine.lighttpd.net/issues/2861
4 years ago
Glenn Strauss
978a3f8dad
[core] add include sys/poll.h on Solaris ( fixes #2859 )
...
x-ref:
"fdevent_solaris_port.c header missing on Solaris 10"
https://redmine.lighttpd.net/issues/2859
4 years ago
Glenn Strauss
58a1793964
[core] fix 32-bit compile POST w/ chunked request body ( #2854 )
...
(thx the_jk)
x-ref:
"chunked transfer encoding in request body only works for tiny chunks"
https://redmine.lighttpd.net/issues/2854
4 years ago
Glenn Strauss
30fe3684f6
[mod_wstunnel] fix for frames larger than 64k ( fixes #2858 )
...
(thx rschmid)
x-ref:
"Wrong websocket frametype if frame is longer then UINT16_MAX"
https://redmine.lighttpd.net/issues/2858
4 years ago
Glenn Strauss
1c594f0629
[doc] minor update to *outdated* doc
...
x-ref:
"unknown config-key: auth.debug (ignored)"
https://redmine.lighttpd.net/boards/2/topics/7842
github: closes #89
4 years ago
Glenn Strauss
e6564641d8
[core] remove unused func
4 years ago
Glenn Strauss
dc1675ea32
[core] fix POST with chunked request body ( fixes #2854 )
...
(thx the_jk)
x-ref:
"chunked transfer encoding in request body only works for tiny chunks"
https://redmine.lighttpd.net/issues/2854
4 years ago
Glenn Strauss
cb371557e5
[core] merge redirect/rewrite pattern substitution
...
merge redirect/rewrite pattern substitution function (share code)
4 years ago
Glenn Strauss
a5a2654bd4
[core] code cleanup: separate physical path sub
...
code cleanup: separate subroutine to check physical path
4 years ago
Glenn Strauss
d5f37803dd
[mod_authn_ldap] auth with ldap referrals ( fixes #2846 )
...
use ldap_set_rebind_proc() to provide auth when rebinding following
ldap referrals (instead of rebinding anonymously for ldap referrals)
x-ref:
"LDAP authentication vs. AD: problems with referrals"
https://redmine.lighttpd.net/issues/2846
4 years ago
Glenn Strauss
ec9e6abcb3
[core] check for path-info forward down path
...
check for path-info forward down path rather than back from end of path
4 years ago
Glenn Strauss
76b9b1fa46
[mod_openssl] elliptic curve auto selection ( fixes #2833 )
...
elliptic curve auto selection where available
openssl v1.0.2 - SSL_CTX_set_ecdh_auto()
openssl v1.1.0 - ECDH support always enabled
x-ref:
"Using X25519 Key exchange"
https://redmine.lighttpd.net/issues/2833
"SSL_CTX_set_ecdh_auto is undefined for newer openssl's"
https://github.com/openssl/openssl/issues/1437
It has been removed from OpenSSL 1.1.0.
Here is the relevant CHANGES entry:
*) SSL_{CTX_}set_ecdh_auto() has been removed and ECDH is support is
always enabled now. If you want to disable the support you should
exclude it using the list of supported ciphers. This also means
that the "-no_ecdhe" option has been removed from s_server.
[Kurt Roeckx]
4 years ago
Glenn Strauss
f90ccdef51
[mod_openssl] minor code cleanup; reduce var scope
...
('git show -u -b -w <commit-sha>' to see minimal changes)
4 years ago
Glenn Strauss
b9df146b3c
[core] non-blocking write() to piped loggers
...
If pipe fills and would block, then discard remaining write.
Do not block lighttpd if the logger blocks, such as if disk fills up.
4 years ago
Glenn Strauss
e8226c11cb
[core] do not reparse request if async cb
...
do not reparse request if async callback, e.g. for mod_auth
4 years ago
Glenn Strauss
b28f03b5a4
[core] warn if mod_indexfile after dynamic handler
...
mod_indexfile should be listed in server.modules
prior to dynamic handlers
x-ref:
https://redmine.lighttpd.net/boards/2/topics/7797
4 years ago
Glenn Strauss
37f9b60d5e
[mod_authn_ldap] fix mem leak when ldap auth fails ( fixes #2849 )
...
thx, codehero
x-ref:
"Linux OOM kills lighttpd when using mod_authn_ldap"
https://redmine.lighttpd.net/issues/2849
4 years ago
Glenn Strauss
d4083effab
[core] fix base64 decode when char is unsigned ( fixes #2848 )
...
thx, codehero
x-ref:
"buffer_append_base64_decode() broken on compilers where char is assumed unsigned"
https://redmine.lighttpd.net/issues/2848
4 years ago
Glenn Strauss
0c95ed370f
[core] report to stderr if errorlog path ENOENT ( fixes #2847 )
...
x-ref:
"handling permissions at startup"
https://redmine.lighttpd.net/issues/2847
5 years ago
Glenn Strauss
84b5064dc4
[core] discard from socket using recv MSG_TRUNC
...
discard from socket using recv MSG_TRUNC on Linux TCP SOCK_STREAM socket
Currently, lighttpd supports only TCP SOCK_STREAM. If UDP SOCK_DGRAM
were to be supported in the future, then socket type will need to be
stored so that MSG_TRUNC is used appropriately for the desired effect.
To find out socket type on arbitrary socket fd:
getsockopt(..., SOL_SOCKET, SO_TYPE, ...)
but better to store it with each listening socket.
5 years ago
Glenn Strauss
e4ed2ed4ae
[mod_compress,mod_deflate] try mmap MAP_PRIVATE
...
try mmap MAP_PRIVATE if mmap MAP_SHARED fails with errno == EINVAL
Some file systems such as jffs2 and btrfs might not support MAP_SHARED
5 years ago
Glenn Strauss
bed3779617
[core] fix segfault if tempdirs fill up ( fixes #2843 )
...
(thx wolfram)
x-ref:
"lighttpd segfault if /var/tmp is full"
https://redmine.lighttpd.net/issues/2843
5 years ago
Glenn Strauss
d3b0eb8264
[mod_deflate] fix deflate of file > 2MB w/o mmap
...
fix deflate of file > 2MB when lighttpd is built without mmap support
5 years ago
Glenn Strauss
3770df2387
[mod_proxy] basic support for HTTP CONNECT method ( #2060 )
...
For security reasons, this supports only specific, pre-configured
target backends and not arbitrary CONNECT targets.
x-ref:
"mod_connect"
https://redmine.lighttpd.net/issues/2060
"ssh over https tunnel"
https://redmine.lighttpd.net/boards/2/topics/7805
https://en.wikipedia.org/wiki/HTTP_tunnel
https://nurdletech.com/linux-notes/ssh/via-http.html
5 years ago
Glenn Strauss
d5d0258362
[core] support POLLRDHUP, where available ( #2743 )
...
x-ref:
"mod_cgi, lighty not killing CGI if connection in the other end is closed"
https://redmine.lighttpd.net/boards/2/topics/5962
"1.4.40/41 mod_proxy, mod_scgi may trigger POLLHUP on *BSD,Darwin"
https://redmine.lighttpd.net/issues/2743
5 years ago
Glenn Strauss
9f02df2d39
[mod_accesslog] %{canonical,local,remote}p ( fixes #2840 )
...
x-ref:
"accesslog.format remote_port"
https://redmine.lighttpd.net/issues/2840
5 years ago
Glenn Strauss
e7f5e24aeb
[core] adjust offset if response header blank line
...
When backend returns an invalid response header which is exactly a
blank line (\n or \r\n), adjust the offset so as not to discard the
first character following, which is probably intended to be the
beginning of the response body.
5 years ago
Glenn Strauss
de937f47f8
- next is 1.4.49
5 years ago
Glenn Strauss
2c7d70eddb
[doc] NEWS
5 years ago
Glenn Strauss
d4cdaab15b
[doc] fix doc/config/conf.d/fastcgi.conf example
...
x-ref:
"Lighttpd not starting up with default fastcgi config"
https://redmine.lighttpd.net/boards/2/topics/7780
5 years ago
Stefan Bühler
d102a7113f
[scons] fix various python2/3 incompatibilities
5 years ago
Glenn Strauss
2728572af3
[core] fix dup typedef compiler warning
5 years ago
Glenn Strauss
06d108855d
[mod_openssl] quiet trace from TCP probes ( #2784 )
...
x-ref:
"huge amount of "SSL: -1 5 0 Success" messages"
https://redmine.lighttpd.net/issues/2784
5 years ago
Glenn Strauss
d61714dd0d
[mod_authn_sasl] SASL auth (new) ( fixes #2275 )
...
(experimental)
HTTP Basic authentication using saslauthd
server.modules += ( "mod_auth" )
server.modules += ( "mod_authn_sasl" )
auth.backend = "sasl"
auth.backend.sasl.opts = ( "pwcheck_method" => "saslauthd" ) # default
x-ref:
"SASL auth like libapache2-mod-authn-sasl"
https://redmine.lighttpd.net/issues/2275
5 years ago
Glenn Strauss
fdc4c324c4
[mod_authn_ldap] replace use of deprecated funcs
...
[mod_authn_ldap,mod_vhostdb_ldap]
replace use of deprecated funcs
remove -DLDAP_DEPRECATED
5 years ago
Glenn Strauss
5a5ce3dc75
[doc] NEWS - fix improper format line breaks
5 years ago
Glenn Strauss
c09acbeb8a
[mod_openssl] ssl.openssl.ssl-conf-cmd ( fixes #2758 )
...
(similar to Apache mod_ssl SSLOpenSSLConfCmd directive)
(experimental)
This new directive is for use with OpenSSL only, and is not currently
available in LibreSSL.
https://wiki.openssl.org/index.php/Manual:SSL_CONF_cmd(3)
lighttpd takes "file commands" not "command line commands" as
openssl SSL_CONF_cmd() appears to permit only one mode at a time.
lighttpd processes this directive after all other ssl.* directives
have been applied for the $SERVER["socket"] scope.
x-ref:
"Option to disable TLS session tickets"
https://redmine.lighttpd.net/issues/2758
"Allow to selectively disable TLS 1.0, 1.1 and 1.2 versions"
https://github.com/lighttpd/lighttpd1.4/pull/84
github: closes #84
5 years ago
Glenn Strauss
1a22ca87f9
[mod_openssl] allow specifying server cert chain ( fixes #2692 )
...
x-ref:
"allow setting explicit SSL server certificate chain"
https://redmine.lighttpd.net/issues/2692
https://github.com/lighttpd/lighttpd1.4/pull/62
github: closes #62
5 years ago
Glenn Strauss
35ecd4dd9d
[mod_openssl] more pedantic check of return values
...
more pedantic check of return values for openssl interfaces
(and minor adjustment of whitespace)
x-ref:
https://redmine.lighttpd.net/issues/2692
https://github.com/lighttpd/lighttpd1.4/pull/62
5 years ago
Glenn Strauss
da6b2dc1b6
[core] quiet coverity false positive
5 years ago
Glenn Strauss
a9d1c46fb9
[build] fix link of test_configfile.c
5 years ago
Glenn Strauss
d6e184aca9
[mod_cgi] quiet trace if mod_cgi sends SIGTERM ( fixes #2838 )
...
(spurious trace began in lighttpd 1.4.46)
x-ref:
".47 always kills git-http-backend"
https://redmine.lighttpd.net/issues/2838
5 years ago
Glenn Strauss
0e84df8180
[core] fix lighttpd -1 one-shot graceful shutdown
...
fix lighttpd -1 graceful shutdown (one-shot mode)
(regression in lighttpd 1.4.46)
5 years ago
Glenn Strauss
bfef0907bd
[mod_openssl] error if ssl.engine in wrong section ( fixes #2837 )
...
error if ssl.engine in wrong section of config.
ssl.engine is valid only in global scope or $SERVER["socket"] condition
x-ref:
"HTTPS requests timeout when cert not set for socket"
https://redmine.lighttpd.net/issues/2837
5 years ago
Glenn Strauss
8f3bbd7f13
[core] isolate backend fdevent handler defs
5 years ago
Glenn Strauss
7b2514cdad
[core] quiet pedantic cc warning for excess comma
5 years ago
