Commit Graph

1902 Commits

Author SHA1 Message Date
Glenn Strauss fde843f63e [mod_ssi] fix parse of tag across buf boundary (fixes #2732)
thx fbrosson

  "char copied to wrong place in SSI output"
2016-05-17 15:33:27 -04:00
Glenn Strauss a8c51b0cbe [core] wrap IPv6 literal in "[]" in redirect URL 2016-05-16 19:50:53 -04:00
Glenn Strauss a5fcfee6fc [mod_ssi] more flexible quoting (fixes #1768)
allow double-quotes, single-quotes or no quote on SSI param values

remove use of PCRE from mod_ssi

fix misspelling of 'unknow' to be 'unknown'

  "mod_ssi doesn't accept single quotes"
2016-05-14 05:50:37 -04:00
Glenn Strauss abfb9d9e2d [mod_ssi] add PCRE_* options to constrain regex 2016-05-14 01:17:52 -04:00
Glenn Strauss ede4d17913 [mod_ssi] include relative to alias,userdir (fixes #222)
adjust paths relative to changes made by mod_alias and mod_userdir

Note: this still works only for direct file inclusion.
lighttpd mod_ssi does not perform an "internal subrequest" for the
virtual path, so things like virtual include of CGI are not supported

  "ssi virtual include uses wrong path"
2016-05-14 01:17:52 -04:00
Glenn Strauss df146a7724 [mod_ssi] fix SSI statement parser
bug introduced in 8e3c6bf7 when statement parser was replaced
2016-05-14 01:17:52 -04:00
Glenn Strauss 45021708bf [mod_accesslog] report aborted con state with %X (fixes #1890)
(compatibility with Apache

  "%X in accesslog.format not working as expected"
2016-05-14 01:17:52 -04:00
Glenn Strauss 427acbf034 [build] enhancements for cross-compiling (fixes #2276)
  "libpcre - specify directory"
2016-05-14 01:17:52 -04:00
Glenn Strauss 0cd7f2dda8 [mod_evasive] 302 redirect option if limit reached (fixes #2199)
  "[mod_evasive] redirect if maximum connections exceeded"
2016-05-13 20:49:33 -04:00
Glenn Strauss bd66026fc2 [config] support include file glob (fixes #1221)
  "support *(wild card character) within include directive"
2016-05-13 20:49:31 -04:00
Glenn Strauss 1cd31ae2cc adjustments for openssl 1.1.0 pre-release 2016-05-11 00:58:26 -04:00
Glenn Strauss 239c7e3026 [doc] NEWS 2016-05-10 22:33:44 -04:00
Glenn Strauss a9568d0ad6 check close() return code after writing to file 2016-05-10 22:33:44 -04:00
Glenn Strauss 29e7468d46 [mod_auth] preserve WWW-Authenticate for error docs (fixes #2730)
fixes auth broken by 9973fdb0:
  [core] reset response headers, write_queue for error docs

  "http auth does not send WWW-Authenticate header in git rev 598cdd0"
2016-05-10 22:33:44 -04:00
Glenn Strauss 98acff0ea0 [core] add default modules while processing server config
(instead of doing separately, before processing server config)
2016-05-10 22:32:03 -04:00
Glenn Strauss edbe157245 [core] simplify config merge of array lists 2016-05-10 22:32:03 -04:00
Glenn Strauss 969456f3fa [core] fix config merge of array lists 2016-05-10 22:32:03 -04:00
Glenn Strauss 83d896d095 static build instructions using SCons or make 2016-05-10 22:32:03 -04:00
Glenn Strauss 598cdd0e5e [core] fix IPv6 address + port parsing (#2204) 2016-05-07 23:08:53 -04:00
Glenn Strauss 1ca52fdce3 build with libressl
libressl defines SSL_OP_NO_SSLv2 and SSL_OP_NO_SSLv3 as 0x0
  (thx Christian Heckendorf)

libressl matches ERR_remove_thread_state() signature from openssl 1.0.2
  (libressl pretends that libressl is openssl version 2.0.0,
   but openssl 1.1.0 changes signature of ERR_remove_thread_state())

libressl does not yet provide compatibility interfaces for the new
  prototypes introduced in openssl 1.1.0, including
  DH_set0_pqg() and DH_set_length()

remove OPENSSL_NO_KRB5 from build config (added in 5fab991b in 2005)
  (define USE_OPENSSL_KERBEROS if required)
  (Note: OPENSSL_NO_KRB5 removed in openssl 1.1.0)
2016-05-07 12:50:41 -04:00
Glenn Strauss 873eaf3f4a minor: fix compiler warning for extra ';' 2016-05-07 02:46:49 -04:00
Glenn Strauss ccb1f02b83 clean up oneshot_fd resource upon startup error 2016-05-07 01:47:19 -04:00
Glenn Strauss c6edb24803 fix typo in new cgi.x-sendfile directives 2016-05-07 01:18:34 -04:00
Glenn Strauss 299173a3b5 reset response headers, write_queue for error docs 2016-05-02 23:51:58 -04:00
Glenn Strauss 01ec2c458c [doc] NEWS 2016-05-02 23:51:50 -04:00
Glenn Strauss 9b14e017c8 [mod_webdav] improve PROPFIND,PROPPATCH; map COPY/MOVE Destination
map COPY/MOVE Destination to aliases

Merge branch 'bug-1787-webdav-alias-destination' into master

github: closes #61
2016-05-02 23:49:49 -04:00
Glenn Strauss 80bb42266e [mod_webdav] improve PROPFIND,PROPPATCH (#1818, #1953)
fix "allprop" propfind request to report all 'live' properties
add "supportedlock" 'live' property, if ./configure --with-webdav-locks
report collections (directory) paths with trailing slash ('/') on path
redirect operations on collections without trailing slash ('/') to URI
  with trailing slash ('/')

fix PROPPATCH to work properly and eliminate PROPPATCH memory leak
fix property update after MOVE
move CREATE TABLE statements *before* any prepare statements to avoid
  invalidating the prepare statements when the tables are first created
  **thx Uranus Zhou for the explanation:

  "Improve DAV support to be able to handle git as a client"
  "add RFC-compliant LOCK support to mod_webdav"  (still not compliant)

Note: this has not been tested whether or not mod_webdav works with git
The (highly) recommended method to support git via HTTP is to use
git-http-backend via CGI.  gitolite and gitosis provide other good
alternative ways to access git.

This patch does result in more WebDAV 'Litmus' tests passing, even
though mod_webdav still pretends to implement "If" conditional locking,
granting locks to all requestors and not strictly enforcing locks.
2016-05-02 23:48:31 -04:00
Glenn Strauss e0115208ec [mod_webdav] map COPY/MOVE Destination to aliases (fixes #1787)
attempt to remap COPY/MOVE Destination to aliased physical paths
by finding common URI prefix between request URI and Destination
and finding how that part of the request URI was mapped to a
physical path.

This will work if the aliased physical path is above the webdav root.
It is not a good idea to remap physical paths within a webdav root.

Note: webdav paths and webdav properties are managed by mod_webdav,
      so do not modify paths externally or else undefined behavior
      or corruption may occur

  "Bug in mod_webdav when using aliases and MOVE command"
2016-05-02 23:48:31 -04:00
Glenn Strauss 3dc67b3004 [mod_status] add JSON output option (fixed #2432)
  "Adding JSON Output support to mod_status (patch)"
2016-05-02 23:45:18 -04:00
Glenn Strauss 4059dcd60e [mod_fastcgi,mod_scgi] IPv6 support (fixes #2372)
(similar to mod_proxy issue

  "mod_*cgi and ipv6 address"
  "mod_proxy + ipv6"

github: closes #60
2016-05-02 15:34:56 -04:00
Glenn Strauss 89379011df lighttpd run modes for idle timeout, one-shot
lighttpd -i <secs> shutdown after idle time limit (fixes #2696)
lighttpd -1 handles single request on stdin socket (fixes #1584)

Merge branch 'feature-2696-idle-shutdown' into master

github: closes #43
2016-05-02 15:29:58 -04:00
Glenn Strauss 1812f5541a [core] lighttpd -1 handles single request on stdin socket (fixes #1584)
(e.g. when called from xinetd)

Note: lighttpd is designed as a high performance, long-running server,
not a one-shot executable.  This one-shot mode of operation has not been
tuned for performance.  lighttpd server start-up and initialization aims
for correctness, not speed.  If using this one-shot mode as part of fork
and exec from xinetd, then performance is already not of high concern.

  "support for xinetd"
2016-05-02 15:29:33 -04:00
Glenn Strauss 6c35e38fe1 [network] separate addr trans from socket creation
separate addr translation from socket creation in network_server_init()
2016-05-02 15:29:33 -04:00
Glenn Strauss 06b87dee34 [core] cmd line opt to shutdown after idle time limit (fixes #2696)
-i <secs>  graceful shutdown after <secs> of inactivity

Option might be used with applications such as git instaweb.
While git instaweb does have command line options of its own
to [start,stop,restart], some may find it convenient to configure
git instaweb to start lighttpd with a default idle time limit,
after which lighttpd will gracefully shut itself down without
any further action from the user.

  "[PATCH] support -i <secs> idle timeout option"
  original request and patch submitted by mackyle.  thx.
2016-05-02 15:29:17 -04:00
Glenn Strauss a0a7b9fbf5 [mod_ssi, mod_cml] set DOCUMENT_ROOT to basedir (fixes #2383)
fixes inconsistency w/ mod_fastcgi, mod_scgi, mod_cgi change in adc97e5b

  "mod_alias: use alias directory as doc-root too"
  "mod_userdir doesn't set environment variable DOCUMENT_ROOT"
2016-05-02 14:31:36 -04:00
Glenn Strauss 0f7c068010 [doc] NEWS 2016-04-28 13:39:57 -04:00
Glenn Strauss 7841bab0ec [doc] add mimetype.use-xattr to
  "Migrate to definition of xattr mimetype"
2016-04-28 13:29:31 -04:00
Glenn Strauss 4edb65cfa1 [core] preserve PATH_INFO case on case-insensitive fs (fixes #406)
attempt to preserve PATH_INFO case even when the
URI is mapped onto a case-insensitive file system.

NTFS (Windows) is case-insensitive (even though it is case-preserving)
HFS+ (Mac OS X) can be formatted to be case-insensitive

  "... PATH_INFO ... improperly converted to lowercase"
2016-04-28 13:23:29 -04:00
Glenn Strauss 0fb91b026e minor: add missing #include <errno.h>
(needed by connections-glue.c when not building with openssl)
2016-04-28 13:20:34 -04:00
Glenn Strauss c46f0ce027 [core] fallback to write if sendfile not supported (fixes #471, #987)
  "sendfile backends do not fall back to write/writev if they are not supported by the kernel"

github: closes #58
2016-04-28 13:14:39 -04:00
Glenn Strauss b47c393e26 [mod_auth] skip blank lines and comment lines (fixes #2327)
  "Ignore comments and empty lines in ht{digest,passwd} files"
2016-04-28 13:13:43 -04:00
Glenn Strauss 8e3c6bf754 fallback to lseek()/read() if mmap() fails (#fixes 2666)
fallback to lseek()/read() if mmap() fails (#fixes 2666)
e.g. when mmap() is used on lighttpd-controlled temporary files
used POST request body (mod_cgi) and PUT file upload (mod_webdav)

replace use of stream_open() on potentially untrusted files
(protect against SIGBUS if a file is modified while map is read)
Note: stream.[ch] may be removed in a future release
For now, stream.[ch] will read entire file into memory if mmap fails
and so it should only be used on trusted files, e.g. config files.

http_auth basic and digest files are typically small and so buffered
stdio fopen(), fgets(), fclose() will likely be approximately as fast
as mmap.

mod_dirlisting header and readme files are typically small and so
open(), read(), close() will typically be approximately as fast as mmap

mod_ssi will likely be much faster, now buffering SSI page construction
rather than a potentially huge number of file open() calls, one for each
tiny chunk of text between SSI directives.

mod_webdav COPY and MOVE may be slower due to removal of mmap, but are
now more resilient to partial writes.

  "handle filesystems without mmap() support"
  "WebDAV upload-> mmap failed: operation not permitted"
  "Lighttpd 1.4.20 Crash (SIGBUS in mod_compress)"
  "Crash SIGBUS"

github: closes #57
2016-04-28 13:13:36 -04:00
Glenn Strauss c9b56735b8 [mod_compress] use mmap and trap SIGBUS (#2666, fixes #1879)
use mmap and trap SIGBUS in mod_compress
(if lighttpd build with --enable-mmap)

mod_compress has not used mmap since Feb 2012 (see #2391)

  "Lighttpd 1.4.20 Crash (SIGBUS in mod_compress)"
  "Crash SIGBUS"
  "handle filesystems without mmap() support"

github: closes #56
2016-04-28 13:11:15 -04:00
Glenn Strauss 3b6fd58fd9 [mod_webdav] lseek,read if fs can not mmap (#2666, fixes #962)
For uploaded files or other request body, fall back to
lseek(),read() if filesystem does not support mmap()

(mmap(), if supported, is utilized regardless of --enable-mmap
 since request body is either in memory or stored in temporary
 files controlled by lighttpd)

  "WebDAV upload-> mmap failed: operation not permitted"
  "handle filesystems without mmap() support"

github: closes #55
2016-04-28 13:10:35 -04:00
Glenn Strauss c380d22729 [mod_cgi,mod_fastcgi,mod_scgi] X-Sendfile features
[core] http_response_send_file() shared code (#2017)
[mod_fastcgi] use http_response_xsendfile()
  (fixes #799, fixes #851, fixes #2017, fixes #2076)
[mod_scgi] X-Sendfile feature (fixes #2253)
[mod_cgi] X-Sendfile feature (fixes #2313)

Merge branch 'feature-2017-http_response_send_file' into master

github: closes #59
2016-04-28 12:58:58 -04:00
Glenn Strauss 1f23ba9adf [mod_cgi] X-Sendfile feature (fixes #2313)
handle X-Sendfile with http_response_xsendfile() if
  cgi.x-sendfile = "enable"

  "X-sendfile support for mod_cgi"
2016-04-27 23:10:24 -04:00
Glenn Strauss 0a907c643b [mod_scgi] X-Sendfile feature (fixes #2253)
handle X-Sendfile with http_response_xsendfile() if host configured
  ( "x-sendfile" = "enable" )

  "scgi x-sendfile"
2016-04-27 23:10:24 -04:00
Glenn Strauss b9940f9856 [mod_fastcgi] use http_response_xsendfile() (fixes #799, fixes #851, fixes #2017, fixes #2076)
handle X-Sendfile and X-LIGHTTPD-send-file w/ http_response_xsendfile()
  if host is configured ( "x-sendfile" = "enable" )

Note: X-Sendfile path is url-decoded for consistency, like X-Sendfile2
      (response headers should be url-encoded to avoid tripping over
       chars allowed in filesystem but which might change response
       header parsing semantics)

Note: deprecated: "allow-x-send-file";         use "x-sendfile"
Note: deprecated: X-LIGHTTPD-send-file header; use X-Sendfile header
Note: deprecated: X-Sendfile2 header;          use X-Sendfile header
For now, X-Sendfile2 is still handled internally by mod_fastcgi.

Since http_response_send_file() supports HTTP Range requests,
X-Sendfile2 is effectively obsolete.  However, any code, e.g. PHP,
currently using X-Sendfile2 is probably manually generating 206 Partial
Content status and Range response headers.  A future version of lighttpd
might *remove* X-Sendfile2.  Existing code should be converted to use
X-Sendfile, which is easily done by removing all the special logic
around using X-Sendfile2, since the 206 Partial Content status and Range
response headers are handled in http_response_send_file().

  "mod_fastcgi + X-Sendfile -> mod_staticfile"
  "Feature Request: New option "x-send-file-docroot""
  "X-Sendfile handoff to mod-static-file in 1.4.x"
  "X-sendfile should be able to set content-type"
2016-04-27 23:10:24 -04:00
Glenn Strauss 4a51d2ab8c [core] http_response_send_file() shared code (#2017)
move code from mod_staticfile.c to http-header-glue.c to allow reuse
(includes ETag, Last-Modified headers, Range requests for static files)

operate on path arg instead of con->physical.path
skip Range requests if con->http_status already set >= 300
remove redundant calls to stat_cache_get_entry() handling Range requests

  "X-Sendfile handoff to mod-static-file in 1.4.x"
2016-04-25 15:41:46 -04:00
Glenn Strauss 8f255d35df [doc] NEWS 2016-04-25 01:53:19 -04:00