(thx povcfe-bug)
In some scenarios with lighttpd -1 on pipes, the event handler
associated with the connection (con) will have been cleaned up,
and a pending event on the one-off oneshot_fdn will not yet have
been handled, leading to a crash. lighttpd typically is used to
handle requests on sockets, not pipes. With nc (netcat), the
requests might be sent over pipes. The bug occurred with the
accommodations made in lighttpd to handle the request over pipes.
x-ref:
"Trigger crash when using lighttpd -1 with pipes"
https://redmine.lighttpd.net/issues/3117
RFC7616 HTTP Digest username* and userhash support (if configured)
userhash support must be configured to enable:
auth.require = ( "/" => ( "userhash" => "enable", ... ) )
and one of
auth.backend = "htdigest" # mod_authn_file
or
auth.backend = "dbi" # mod_authn_dbi
and appropriate modification to add userhash into htdigest or db table
along with adding "sql-userhash" => "..." SQL query for mod_authn_dbi
Note: open issue with curl preventing userhash from working with curl:
https://github.com/curl/curl/pull/8066
use stack w/ pcre_exec unless saving captures from config conditions
reduce memory allocations per request where lighttpd.conf does not
contain url.redirect or url.rewrite rules where replacements reference
a match of the enclosing lighttpd.conf condition (e.g. %0, %1, %2 ...)
move cond_cache_t 'patterncount' to cond_match_t 'captures'
While cond_match_t is no longer sized power-2, it is generally expected
to be used much less frequently than before (which was all the time),
since it is now used only with url.redirect or url.rewrite with
references %0, %1, %2, ...
rename data_config_pcre_exec() to config_pcre_match()
and move logic saving pcre result state from
config_check_cond_nocache()
split config_check_cond_nocache() into two funcs
config_check_cond_nocache() participates in recursion
config_check_cond_nocache_eval() evaluates the condition
save config regex captures separately only if used by url.redirect
or url.rewrite replacement directives within the condition
(or for conditions containing directives from any other module
which calls config_capture() for its directives during init)
keep pointer to match data (cond_match_t *) in r->cond_match[]
rather than cond_match_t to reduce data copying in h2_init_stream().
h2_init_stream() copies the results for already-evaluated conditions
to avoid re-evaluating connection-level conditions for each and every
stream. When conditions are reset, then the pointer in r->cond_match[]
is updated when the condition is re-evaluated. (This all assumes that
HTTP/2 connection-level conditions are not unset or re-evaluated once
HTTP/2 streams begin.)
checkpoint (experimental) json output (disabled) from mod_dirlisting
Soliciting feedback from anyone who might write client javascript
employing json output from mod_dirlisting. What should be changed?
(thx dinoex)
fix removal of server.pid-file when testing config with lighttpd -tt
(regression in lighttpd 1.4.60, 1.4.61)
x-ref:
"Test the configuration file while lighttpd is running."
https://redmine.lighttpd.net/issues/3115
warn if known dynamic modules listed before mod_auth in server.modules
e.g. mod_auth must be listed before mod_fastcgi in server.modules
for fastcgi.server = ( "mode" => "authorizer" ) to work properly
Istiak Ferdous