2 ===================================================================
3 --- src/base.h (.../tags/lighttpd-1.4.15) (revision 1878)
4 +++ src/base.h (.../branches/lighttpd-1.4.x) (revision 1878)
6 unsigned short use_ipv6;
8 unsigned short allow_http11;
9 + unsigned short etag_use_inode;
10 + unsigned short etag_use_mtime;
11 + unsigned short etag_use_size;
12 unsigned short force_lowercase_filenames; /* if the FS is case-insensitive, force all files to lower-case */
13 unsigned short max_request_size;
15 Index: src/connections.c
16 ===================================================================
17 --- src/connections.c (.../tags/lighttpd-1.4.15) (revision 1878)
18 +++ src/connections.c (.../branches/lighttpd-1.4.x) (revision 1878)
19 @@ -1252,6 +1252,16 @@
21 /* accept it and register the fd */
24 + * check if we can still open a new connections
29 + if (srv->conns->used >= srv->max_conns) {
33 cnt_len = sizeof(cnt_addr);
35 if (-1 == (cnt = accept(srv_socket->fd, (struct sockaddr *) &cnt_addr, &cnt_len))) {
37 case ECONNABORTED: /* this is a FreeBSD thingy */
38 /* we were stopped _after_ we had a connection */
44 log_error_write(srv, __FILE__, __LINE__, "ssd", "accept failed:", strerror(errno), errno);
47 } else if (con->in_error_handler) {
48 /* error-handler is back and has generated content */
49 /* if Status: was set, take it otherwise use 200 */
50 + con->http_status = con->error_handler_saved_status;
53 if (con->http_status == 0) con->http_status = 200;
54 Index: src/mod_staticfile.c
55 ===================================================================
56 --- src/mod_staticfile.c (.../tags/lighttpd-1.4.15) (revision 1878)
57 +++ src/mod_staticfile.c (.../branches/lighttpd-1.4.x) (revision 1878)
62 + unsigned short etags_used;
68 config_values_t cv[] = {
69 { "static-file.exclude-extensions", NULL, T_CONFIG_ARRAY, T_CONFIG_SCOPE_CONNECTION }, /* 0 */
70 + { "static-file.etags", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 1 */
71 { NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
76 s = calloc(1, sizeof(plugin_config));
77 s->exclude_ext = array_init();
80 cv[0].destination = s->exclude_ext;
81 + cv[1].destination = &(s->etags_used);
83 p->config_storage[i] = s;
86 plugin_config *s = p->config_storage[0];
91 /* skip the first, the global context */
92 for (i = 1; i < srv->config_context->used; i++) {
95 if (buffer_is_equal_string(du->key, CONST_STR_LEN("static-file.exclude-extensions"))) {
98 + } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("static-file.etags"))) {
104 @@ -446,11 +453,17 @@
105 response_header_overwrite(srv, con, CONST_STR_LEN("Accept-Ranges"), CONST_STR_LEN("bytes"));
108 - if (NULL == array_get_element(con->response.headers, "ETag")) {
109 - /* generate e-tag */
110 - etag_mutate(con->physical.etag, sce->etag);
111 + etag_flags_t flags;
113 - response_header_overwrite(srv, con, CONST_STR_LEN("ETag"), CONST_BUF_LEN(con->physical.etag));
114 + flags = (con->conf.etag_use_mtime ? ETAG_USE_MTIME : 0) | (con->conf.etag_use_inode ? ETAG_USE_INODE : 0) | (con->conf.etag_use_size ? ETAG_USE_SIZE : 0);
116 + if (p->conf.etags_used && flags != 0 && !buffer_is_empty(sce->etag)) {
117 + if (NULL == array_get_element(con->response.headers, "ETag")) {
118 + /* generate e-tag */
119 + etag_mutate(con->physical.etag, sce->etag);
121 + response_header_overwrite(srv, con, CONST_STR_LEN("ETag"), CONST_BUF_LEN(con->physical.etag));
126 Index: src/configfile.c
127 ===================================================================
128 --- src/configfile.c (.../tags/lighttpd-1.4.15) (revision 1878)
129 +++ src/configfile.c (.../branches/lighttpd-1.4.x) (revision 1878)
131 { "server.core-files", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 45 */
132 { "ssl.cipher-list", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER }, /* 46 */
133 { "ssl.use-sslv2", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 47 */
135 + { "etag.use-inode", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 48 */
136 + { "etag.use-mtime", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 49 */
137 + { "etag.use-size", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 50 */
138 { "server.host", "use server.bind instead", T_CONFIG_DEPRECATED, T_CONFIG_SCOPE_UNSET },
139 { "server.docroot", "use server.document-root instead", T_CONFIG_DEPRECATED, T_CONFIG_SCOPE_UNSET },
140 { "server.virtual-root", "load mod_simple_vhost and use simple-vhost.server-root instead", T_CONFIG_DEPRECATED, T_CONFIG_SCOPE_UNSET },
143 s->kbytes_per_second = 0;
145 + s->etag_use_inode = 1;
146 + s->etag_use_mtime = 1;
147 + s->etag_use_size = 1;
148 s->range_requests = 1;
149 s->force_lowercase_filenames = 0;
150 s->global_kbytes_per_second = 0;
153 cv[46].destination = s->ssl_cipher_list;
154 cv[47].destination = &(s->ssl_use_sslv2);
155 + cv[48].destination = &(s->etag_use_inode);
156 + cv[49].destination = &(s->etag_use_mtime);
157 + cv[50].destination = &(s->etag_use_size);
159 srv->config_storage[i] = s;
163 PATCH(ssl_cipher_list);
164 PATCH(ssl_use_sslv2);
167 + PATCH(etag_use_inode);
168 + PATCH(etag_use_mtime);
169 + PATCH(etag_use_size);
175 PATCH(max_read_idle);
176 } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("mimetype.use-xattr"))) {
178 + } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("etag.use-inode"))) {
179 + PATCH(etag_use_inode);
180 + } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("etag.use-mtime"))) {
181 + PATCH(etag_use_mtime);
182 + } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("etag.use-size"))) {
183 + PATCH(etag_use_size);
184 } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.pemfile"))) {
186 } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.ca-file"))) {
188 ===================================================================
189 --- src/etag.c (.../tags/lighttpd-1.4.15) (revision 1878)
190 +++ src/etag.c (.../branches/lighttpd-1.4.x) (revision 1878)
195 -int etag_create(buffer *etag, struct stat *st) {
196 - buffer_copy_off_t(etag, st->st_ino);
197 - buffer_append_string_len(etag, CONST_STR_LEN("-"));
198 - buffer_append_off_t(etag, st->st_size);
199 - buffer_append_string_len(etag, CONST_STR_LEN("-"));
200 - buffer_append_long(etag, st->st_mtime);
201 +int etag_create(buffer *etag, struct stat *st,etag_flags_t flags) {
202 + if (0 == flags) return 0;
204 + if (flags & ETAG_USE_INODE) {
205 + buffer_copy_off_t(etag, st->st_ino);
206 + buffer_append_string_len(etag, CONST_STR_LEN("-"));
209 + if (flags & ETAG_USE_SIZE) {
210 + buffer_append_off_t(etag, st->st_size);
211 + buffer_append_string_len(etag, CONST_STR_LEN("-"));
214 + if (flags & ETAG_USE_MTIME) {
215 + buffer_append_long(etag, st->st_mtime);
220 Index: src/mod_scgi.c
221 ===================================================================
222 --- src/mod_scgi.c (.../tags/lighttpd-1.4.15) (revision 1878)
223 +++ src/mod_scgi.c (.../branches/lighttpd-1.4.x) (revision 1878)
225 buffer_append_string_buffer(b, host->bin_path);
228 - execle("/bin/sh", "sh", "-c", b->ptr, NULL, env.ptr);
229 + execle("/bin/sh", "sh", "-c", b->ptr, (char *)NULL, env.ptr);
231 log_error_write(srv, __FILE__, __LINE__, "sbs",
232 "execl failed for:", host->bin_path, strerror(errno));
234 ===================================================================
235 --- src/etag.h (.../tags/lighttpd-1.4.15) (revision 1878)
236 +++ src/etag.h (.../branches/lighttpd-1.4.x) (revision 1878)
241 +typedef enum { ETAG_USE_INODE = 1, ETAG_USE_MTIME = 2, ETAG_USE_SIZE = 4 } etag_flags_t;
243 int etag_is_equal(buffer *etag, const char *matches);
244 -int etag_create(buffer *etag, struct stat *st);
245 +int etag_create(buffer *etag, struct stat *st, etag_flags_t flags);
246 int etag_mutate(buffer *mut, buffer *etag);
250 ===================================================================
251 --- src/request.c (.../tags/lighttpd-1.4.15) (revision 1878)
252 +++ src/request.c (.../branches/lighttpd-1.4.x) (revision 1878)
257 - data_string *ds = NULL;
260 * Request: "^(GET|POST|HEAD) ([^ ]+(\\?[^ ]+|)) (HTTP/1\\.[01])$"
261 * Option : "^([-a-zA-Z]+): (.+)$"
262 @@ -715,12 +713,24 @@
265 if (con->parse_request->ptr[i+1] == '\n') {
266 + data_string *ds = NULL;
268 /* End of Headerline */
269 con->parse_request->ptr[i] = '\0';
270 con->parse_request->ptr[i+1] = '\0';
276 + * we use a evil hack to handle the line-folding
278 + * As array_insert_unique() deletes 'ds' in the case of a duplicate
279 + * ds points somewhere and we get a evil crash. As a solution we keep the old
280 + * "key" and get the current value from the hash and append us
284 + if (!key || !key_len) {
287 if (srv->srvconf.log_request_header_on_error) {
289 con->response.keep_alive = 0;
292 - buffer_append_string(ds->value, value);
294 + key_b = buffer_init();
295 + buffer_copy_string_len(key_b, key, key_len);
297 + if (NULL != (ds = (data_string *)array_get_element(con->request.headers, key_b->ptr))) {
298 + buffer_append_string(ds->value, value);
301 + buffer_free(key_b);
304 key = con->parse_request->ptr + first;
312 + * for Bug 1230 keep the key_len a live
318 if (srv->srvconf.log_request_header_on_error) {
319 Index: src/stat_cache.c
320 ===================================================================
321 --- src/stat_cache.c (.../tags/lighttpd-1.4.15) (revision 1878)
322 +++ src/stat_cache.c (.../branches/lighttpd-1.4.x) (revision 1878)
323 @@ -608,14 +608,16 @@
327 - etag_create(sce->etag, &(sce->st));
328 + etag_create(sce->etag, &(sce->st),
329 + (con->conf.etag_use_mtime ? ETAG_USE_MTIME : 0) | (con->conf.etag_use_inode ? ETAG_USE_INODE : 0) | (con->conf.etag_use_size ? ETAG_USE_SIZE : 0));
331 - if (buffer_is_empty(sce->content_type)) {
332 + if (con->conf.use_xattr && buffer_is_empty(sce->content_type)) {
333 stat_cache_attr_get(sce->content_type, name->ptr);
336 } else if (S_ISDIR(st.st_mode)) {
337 - etag_create(sce->etag, &(sce->st));
338 + etag_create(sce->etag, &(sce->st),
339 + (con->conf.etag_use_mtime ? ETAG_USE_MTIME : 0) | (con->conf.etag_use_inode ? ETAG_USE_INODE : 0) | (con->conf.etag_use_size ? ETAG_USE_SIZE : 0));
343 Index: src/http_auth.c
344 ===================================================================
345 --- src/http_auth.c (.../tags/lighttpd-1.4.15) (revision 1878)
346 +++ src/http_auth.c (.../branches/lighttpd-1.4.x) (revision 1878)
349 username = buffer_init();
351 - base64_decode(username, realm_str);
352 + if (!base64_decode(username, realm_str)) {
353 + buffer_free(username);
355 + log_error_write(srv, __FILE__, __LINE__, "sb", "decodeing base64-string failed", username);
360 /* r2 == user:password */
361 if (NULL == (pw = strchr(username->ptr, ':'))) {
362 buffer_free(username);
364 for (c = b->ptr; *c; c++) {
365 /* skip whitespaces */
366 while (*c == ' ' || *c == '\t') c++;
370 for (i = 0; dkv[i].key; i++) {
371 if ((0 == strncmp(c, dkv[i].key, dkv[i].key_len))) {
372 @@ -1016,9 +1022,24 @@
374 log_error_write(srv, __FILE__, __LINE__, "s",
375 "digest: missing field");
382 + * protect the md5-sess against missing cnonce and nonce
385 + 0 == strcasecmp(algorithm, "md5-sess") &&
386 + (!nonce || !cnonce)) {
387 + log_error_write(srv, __FILE__, __LINE__, "s",
388 + "digest: (md5-sess: missing field");
394 m = get_http_method_name(con->request.http_method);
396 /* password-string == HA1 */
397 Index: src/mod_status.c
398 ===================================================================
399 --- src/mod_status.c (.../tags/lighttpd-1.4.15) (revision 1878)
400 +++ src/mod_status.c (.../branches/lighttpd-1.4.x) (revision 1878)
402 BUFFER_APPEND_STRING_CONST(b,
403 " <style type=\"text/css\">\n"
404 " table.status { border: black solid thin; }\n"
405 + " td { white-space: nowrap; }\n"
406 " td.int { background-color: #f0f0f0; text-align: right }\n"
407 " td.string { background-color: #f0f0f0; text-align: left }\n"
408 " th.status { background-color: black; color: white; font-weight: bold; }\n"
410 buffer_append_string_encoded(b, CONST_BUF_LEN(c->uri.path), ENCODING_HTML);
413 + if (!buffer_is_empty(c->uri.query)) {
414 + BUFFER_APPEND_STRING_CONST(b, "?");
415 + buffer_append_string_encoded(b, CONST_BUF_LEN(c->uri.query), ENCODING_HTML);
418 + if (!buffer_is_empty(c->request.orig_uri)) {
419 + BUFFER_APPEND_STRING_CONST(b, " (");
420 + buffer_append_string_encoded(b, CONST_BUF_LEN(c->request.orig_uri), ENCODING_HTML);
421 + BUFFER_APPEND_STRING_CONST(b, ")");
423 BUFFER_APPEND_STRING_CONST(b, "</td><td class=\"string\">");
425 buffer_append_string_buffer(b, c->physical.path);
427 ===================================================================
428 --- src/mod_ssi.c (.../tags/lighttpd-1.4.15) (revision 1878)
429 +++ src/mod_ssi.c (.../branches/lighttpd-1.4.x) (revision 1878)
434 - execl("/bin/sh", "sh", "-c", cmd, NULL);
435 + execl("/bin/sh", "sh", "-c", cmd, (char *)NULL);
437 log_error_write(srv, __FILE__, __LINE__, "sss", "spawing exec failed:", strerror(errno), cmd);
439 Index: src/spawn-fcgi.c
440 ===================================================================
441 --- src/spawn-fcgi.c (.../tags/lighttpd-1.4.15) (revision 1878)
442 +++ src/spawn-fcgi.c (.../branches/lighttpd-1.4.x) (revision 1878)
447 - execl("/bin/sh", "sh", "-c", b, NULL);
448 + execl("/bin/sh", "sh", "-c", b, (char *)NULL);
452 Index: src/mod_fastcgi.c
453 ===================================================================
454 --- src/mod_fastcgi.c (.../tags/lighttpd-1.4.15) (revision 1878)
455 +++ src/mod_fastcgi.c (.../branches/lighttpd-1.4.x) (revision 1878)
457 buffer *unixsocket; /* config.socket + "-" + id */
458 unsigned port; /* config.port + pno */
460 - buffer *connection_name; /* either tcp:<host>:<port> or unix:<socket> for debuggin purposes */
461 + buffer *connection_name; /* either tcp:<host>:<port> or unix:<socket> for debugging purposes */
463 pid_t pid; /* PID of the spawned process (0 if not spawned locally) */
466 size_t requests; /* see max_requests */
467 struct fcgi_proc *prev, *next; /* see first */
469 - time_t disabled_until; /* this proc is disabled until, use something else until than */
470 + time_t disabled_until; /* this proc is disabled until, use something else until then */
475 PROC_STATE_UNSET, /* init-phase */
476 PROC_STATE_RUNNING, /* alive */
477 PROC_STATE_OVERLOADED, /* listen-queue is full,
478 - don't send something to this proc for the next 2 seconds */
479 + don't send anything to this proc for the next 2 seconds */
480 PROC_STATE_DIED_WAIT_FOR_PID, /* */
481 PROC_STATE_DIED, /* marked as dead, should be restarted */
482 PROC_STATE_KILLED /* was killed as we don't have the load anymore */
484 unsigned short disable_time;
487 - * same fastcgi processes get a little bit larger
488 + * some fastcgi processes get a little bit larger
489 * than wanted. max_requests_per_proc kills a
490 * process after a number of handled requests.
493 * bin-path is the path to the binary
495 * check min_procs and max_procs for the number
496 - * of process to start-up
497 + * of process to start up
505 - * check_local tell you if the phys file is stat()ed
506 + * check_local tells you if the phys file is stat()ed
507 * or not. FastCGI doesn't care if the service is
508 * remote. If the web-server side doesn't contain
509 * the fastcgi-files we should not stat() for them
512 * append PATH_INFO to SCRIPT_FILENAME
514 - * php needs this if cgi.fix_pathinfo is provied
515 + * php needs this if cgi.fix_pathinfo is provided
522 only if a process is killed max_id waits for the process itself
523 - to die and decrements its afterwards */
524 + to die and decrements it afterwards */
526 buffer *strip_request_uri;
532 - /* set a usefull default */
533 + /* set a useful default */
534 fcgi_addr_in.sin_addr.s_addr = htonl(INADDR_ANY);
540 if (-1 == connect(fcgi_fd, fcgi_addr, servlen)) {
541 - /* server is not up, spawn in */
542 + /* server is not up, spawn it */
546 @@ -1029,10 +1029,11 @@
547 "child exited with status",
548 WEXITSTATUS(status), host->bin_path);
549 log_error_write(srv, __FILE__, __LINE__, "s",
550 - "if you try do run PHP as FastCGI backend make sure you use the FastCGI enabled version.\n"
551 + "If you're trying to run PHP as a FastCGI backend, make sure you're using the FastCGI-enabled version.\n"
552 "You can find out if it is the right one by executing 'php -v' and it should display '(cgi-fcgi)' "
553 - "in the output, NOT (cgi) NOR (cli)\n"
554 - "For more information check http://www.lighttpd.net/documentation/fastcgi.html#preparing-php-as-a-fastcgi-program");
555 + "in the output, NOT '(cgi)' NOR '(cli)'.\n"
556 + "For more information, check http://trac.lighttpd.net/trac/wiki/Docs%3AModFastCGI#preparing-php-as-a-fastcgi-program"
557 + "If this is PHP on Gentoo, add 'fastcgi' to the USE flags.");
558 } else if (WIFSIGNALED(status)) {
559 log_error_write(srv, __FILE__, __LINE__, "sd",
560 "terminated by signal:",
561 @@ -1040,9 +1041,9 @@
563 if (WTERMSIG(status) == 11) {
564 log_error_write(srv, __FILE__, __LINE__, "s",
565 - "to be exact: it seg-fault, crashed, died, ... you get the idea." );
566 + "to be exact: it segfaulted, crashed, died, ... you get the idea." );
567 log_error_write(srv, __FILE__, __LINE__, "s",
568 - "If this is PHP try to remove the byte-code caches for now and try again.");
569 + "If this is PHP, try removing the bytecode caches for now and try again.");
572 log_error_write(srv, __FILE__, __LINE__, "sd",
573 @@ -1066,7 +1067,7 @@
576 log_error_write(srv, __FILE__, __LINE__, "sb",
577 - "(debug) socket is already used, won't spawn:",
578 + "(debug) socket is already used; won't spawn:",
579 proc->connection_name);
582 @@ -1508,7 +1509,7 @@
584 * next step is resetting this attemp and setup a connection again
586 - * if we have more then 5 reconnects for the same request, die
587 + * if we have more than 5 reconnects for the same request, die
591 @@ -1626,7 +1627,7 @@
594 CONNECTION_DELAYED, /* retry after event, take same host */
595 - CONNECTION_OVERLOADED, /* disable for 1 seconds, take another backend */
596 + CONNECTION_OVERLOADED, /* disable for 1 second, take another backend */
597 CONNECTION_DEAD /* disable for 60 seconds, take another backend */
598 } connection_result_t;
600 @@ -1669,7 +1670,7 @@
601 fcgi_addr_in.sin_family = AF_INET;
602 if (0 == inet_aton(host->host->ptr, &(fcgi_addr_in.sin_addr))) {
603 log_error_write(srv, __FILE__, __LINE__, "sbs",
604 - "converting IP-adress failed for", host->host,
605 + "converting IP address failed for", host->host,
606 "\nBe sure to specify an IP address here");
609 @@ -1694,16 +1695,16 @@
611 if (hctx->conf.debug > 2) {
612 log_error_write(srv, __FILE__, __LINE__, "sb",
613 - "connect delayed, will continue later:", proc->connection_name);
614 + "connect delayed; will continue later:", proc->connection_name);
617 return CONNECTION_DELAYED;
618 } else if (errno == EAGAIN) {
619 if (hctx->conf.debug) {
620 log_error_write(srv, __FILE__, __LINE__, "sbsd",
621 - "This means that the you have more incoming requests than your fastcgi-backend can handle in parallel. "
622 - "Perhaps it helps to spawn more fastcgi backend or php-children, if not decrease server.max-connections."
623 - "The load for this fastcgi backend", proc->connection_name, "is", proc->load);
624 + "This means that you have more incoming requests than your FastCGI backend can handle in parallel."
625 + "It might help to spawn more FastCGI backends or PHP children; if not, decrease server.max-connections."
626 + "The load for this FastCGI backend", proc->connection_name, "is", proc->load);
629 return CONNECTION_OVERLOADED;
630 @@ -1881,8 +1882,6 @@
631 fcgi_env_add(p->fcgi_env, CONST_STR_LEN("REMOTE_ADDR"), s, strlen(s));
633 if (!buffer_is_empty(con->authed_user)) {
634 - fcgi_env_add(p->fcgi_env, CONST_STR_LEN("REMOTE_USER"), CONST_BUF_LEN(con->authed_user));
636 /* AUTH_TYPE fix by Troy Kruthoff (tkruthoff@gmail.com)
637 * section 4.1.1 of RFC 3875 (cgi spec) requires the server to set a AUTH_TYPE env
638 * declaring the type of authentication used. (see http://tools.ietf.org/html/rfc3875#page-11)
639 @@ -1896,6 +1895,8 @@
640 char *http_authorization = NULL;
643 + fcgi_env_add(p->fcgi_env, CONST_STR_LEN("REMOTE_USER"), CONST_BUF_LEN(con->authed_user));
645 if (NULL != (ds = (data_string *)array_get_element(con->request.headers, "Authorization"))) {
646 http_authorization = ds->value->ptr;
648 @@ -2055,8 +2056,8 @@
652 - /* we announce toWrite octects
653 - * now take all the request_content chunk that we need to fill this request
654 + /* we announce toWrite octets
655 + * now take all the request_content chunks that we need to fill this request
658 b = chunkqueue_get_append_buffer(hctx->wb);
659 @@ -2356,7 +2357,7 @@
662 if (packet->b->used < packet->len + 1) {
663 - /* we didn't got the full packet */
664 + /* we didn't get the full packet */
666 buffer_free(packet->b);
668 @@ -2558,7 +2559,7 @@
669 if (host->mode != FCGI_AUTHORIZER ||
670 !(con->http_status == 0 ||
671 con->http_status == 200)) {
672 - /* send chunk-end if nesseary */
673 + /* send chunk-end if necessary */
674 http_chunk_append_mem(srv, con, NULL, 0);
675 joblist_append(srv, con);
677 @@ -2653,7 +2654,7 @@
678 if (proc->state != PROC_STATE_DIED) break;
680 case PROC_STATE_DIED:
681 - /* local proc get restarted by us,
682 + /* local procs get restarted by us,
683 * remote ones hopefully by the admin */
685 if (proc->is_local) {
686 @@ -2774,7 +2775,7 @@
687 proc && proc->state != PROC_STATE_RUNNING;
690 - /* all childs are dead */
691 + /* all children are dead */
695 @@ -2834,7 +2835,7 @@
698 log_error_write(srv, __FILE__, __LINE__, "ssdsd",
699 - "backend is overloaded, we disable it for a 2 seconds and send the request to another backend instead:",
700 + "backend is overloaded; we'll disable it for 2 seconds and send the request to another backend instead:",
701 "reconnects:", hctx->reconnects,
702 "load:", host->load);
704 @@ -2864,7 +2865,7 @@
707 log_error_write(srv, __FILE__, __LINE__, "ssdsd",
708 - "backend died, we disable it for a 5 seconds and send the request to another backend instead:",
709 + "backend died; we'll disable it for 5 seconds and send the request to another backend instead:",
710 "reconnects:", hctx->reconnects,
711 "load:", host->load);
713 @@ -2950,7 +2951,7 @@
714 if (hctx->wb->bytes_out == 0 &&
715 hctx->reconnects < 5) {
716 usleep(10000); /* take away the load of the webserver
717 - * to let the php a chance to restart
718 + * to give the php a chance to restart
721 fcgi_reconnect(srv, hctx);
722 @@ -3152,9 +3153,9 @@
723 (con->http_status == 200 ||
724 con->http_status == 0)) {
726 - * If we are here in AUTHORIZER mode then a request for autorizer
727 - * was proceeded already, and status 200 has been returned. We need
728 - * now to handle autorized request.
729 + * If we are here in AUTHORIZER mode then a request for authorizer
730 + * was processed already, and status 200 has been returned. We need
731 + * now to handle authorized request.
734 buffer_copy_string_buffer(con->physical.doc_root, host->docroot);
735 @@ -3220,7 +3221,7 @@
738 if (con->file_started == 0) {
739 - /* nothing has been send out yet, try to use another child */
740 + /* nothing has been sent out yet, try to use another child */
742 if (hctx->wb->bytes_out == 0 &&
743 hctx->reconnects < 5) {
744 @@ -3270,8 +3271,8 @@
745 hctx->state == FCGI_STATE_WRITE) {
746 /* we are allowed to send something out
748 - * 1. in a unfinished connect() call
749 - * 2. in a unfinished write() call (long POST request)
750 + * 1. in an unfinished connect() call
751 + * 2. in an unfinished write() call (long POST request)
753 return mod_fastcgi_handle_subrequest(srv, con, p);
755 @@ -3286,8 +3287,8 @@
756 if (hctx->state == FCGI_STATE_CONNECT_DELAYED) {
757 /* getoptsock will catch this one (right ?)
759 - * if we are in connect we might get a EINPROGRESS
760 - * in the first call and a FDEVENT_HUP in the
761 + * if we are in connect we might get an EINPROGRESS
762 + * in the first call and an FDEVENT_HUP in the
765 * FIXME: as it is a bit ugly.
766 @@ -3485,7 +3486,7 @@
767 return HANDLER_FINISHED;
770 - /* a note about no handler is not sent yey */
771 + /* a note about no handler is not sent yet */
772 extension->note_is_sent = 0;
775 @@ -3520,7 +3521,7 @@
778 /* the prefix is the SCRIPT_NAME,
779 - * everthing from start to the next slash
780 + * everything from start to the next slash
781 * this is important for check-local = "disable"
783 * if prefix = /admin.fcgi
784 @@ -3630,13 +3631,13 @@
786 /* perhaps we should kill a connect attempt after 10-15 seconds
788 - * currently we wait for the TCP timeout which is on Linux 180 seconds
789 + * currently we wait for the TCP timeout which is 180 seconds on Linux
795 - /* check all childs if they are still up */
796 + /* check all children if they are still up */
798 for (i = 0; i < srv->config_context->used; i++) {
800 @@ -3718,11 +3719,11 @@
802 if (srv->cur_ts - proc->last_used > host->idle_timeout) {
803 /* a proc is idling for a long time now,
808 log_error_write(srv, __FILE__, __LINE__, "ssbsd",
809 - "idle-timeout reached, terminating child:",
810 + "idle-timeout reached; terminating child:",
811 "socket:", proc->connection_name,
814 Index: src/mod_access.c
815 ===================================================================
816 --- src/mod_access.c (.../tags/lighttpd-1.4.15) (revision 1878)
817 +++ src/mod_access.c (.../branches/lighttpd-1.4.x) (revision 1878)
825 + * we will get called twice:
826 + * - after the clean up of the URL and
827 + * - after the pathinfo checks are done
829 + * this handles the issue of trailing slashes
831 URIHANDLER_FUNC(mod_access_uri_handler) {
832 plugin_data *p = p_d;
834 @@ -122,28 +131,41 @@
836 s_len = con->uri.path->used - 1;
838 + if (con->conf.log_request_handling) {
839 + log_error_write(srv, __FILE__, __LINE__, "s",
840 + "-- mod_access_uri_handler called");
843 for (k = 0; k < p->conf.access_deny->used; k++) {
844 data_string *ds = (data_string *)p->conf.access_deny->data[k];
845 int ct_len = ds->value->used - 1;
849 if (ct_len > s_len) continue;
851 if (ds->value->used == 0) continue;
853 /* if we have a case-insensitive FS we have to lower-case the URI here too */
855 if (con->conf.force_lowercase_filenames) {
856 if (0 == strncasecmp(con->uri.path->ptr + s_len - ct_len, ds->value->ptr, ct_len)) {
857 - con->http_status = 403;
859 - return HANDLER_FINISHED;
863 if (0 == strncmp(con->uri.path->ptr + s_len - ct_len, ds->value->ptr, ct_len)) {
864 - con->http_status = 403;
869 - return HANDLER_FINISHED;
871 + con->http_status = 403;
873 + if (con->conf.log_request_handling) {
874 + log_error_write(srv, __FILE__, __LINE__, "sb",
875 + "url denied as we match:", ds->value);
878 + return HANDLER_FINISHED;
884 p->init = mod_access_init;
885 p->set_defaults = mod_access_set_defaults;
886 - p->handle_uri_clean = mod_access_uri_handler;
887 + p->handle_uri_clean = mod_access_uri_handler;
888 + p->handle_subrequest_start = mod_access_uri_handler;
889 p->cleanup = mod_access_free;
892 Index: src/mod_accesslog.c
893 ===================================================================
894 --- src/mod_accesslog.c (.../tags/lighttpd-1.4.15) (revision 1878)
895 +++ src/mod_accesslog.c (.../branches/lighttpd-1.4.x) (revision 1878)
900 - execl("/bin/sh", "sh", "-c", s->access_logfile->ptr + 1, NULL);
901 + execl("/bin/sh", "sh", "-c", s->access_logfile->ptr + 1, (char *)NULL);
903 log_error_write(srv, __FILE__, __LINE__, "sss",
904 "spawning log-process failed: ", strerror(errno),
906 ===================================================================
907 --- src/server.c (.../tags/lighttpd-1.4.15) (revision 1878)
908 +++ src/server.c (.../branches/lighttpd-1.4.x) (revision 1878)
914 + * we are not root can can't increase the fd-limit, but we can reduce it
916 + if (srv->srvconf.max_fds && srv->srvconf.max_fds < rlim.rlim_cur) {
919 + rlim.rlim_cur = srv->srvconf.max_fds;
921 + if (0 != setrlimit(RLIMIT_NOFILE, &rlim)) {
922 + log_error_write(srv, __FILE__, __LINE__,
923 + "ss", "couldn't set 'max filedescriptors'",
929 if (srv->event_handler == FDEVENT_HANDLER_SELECT) {
930 srv->max_fds = rlim.rlim_cur < FD_SETSIZE - 200 ? rlim.rlim_cur : FD_SETSIZE - 200;
932 Index: src/proc_open.c
933 ===================================================================
934 --- src/proc_open.c (.../tags/lighttpd-1.4.15) (revision 1878)
935 +++ src/proc_open.c (.../branches/lighttpd-1.4.x) (revision 1878)
938 proc_close_parents(proc);
940 - execl(shell, shell, "-c", command, NULL);
941 + execl(shell, shell, "-c", command, (char *)NULL);
944 } else if (child < 0) {
945 Index: tests/mod-auth.t
946 ===================================================================
947 --- tests/mod-auth.t (.../tags/lighttpd-1.4.15) (revision 1878)
948 +++ tests/mod-auth.t (.../branches/lighttpd-1.4.x) (revision 1878)
953 -use Test::More tests => 10;
954 +use Test::More tests => 13;
957 my $tf = LightyTest->new();
959 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 400 } ];
960 ok($tf->handle_http($t) == 0, 'Digest-Auth: missing nc (noncecount instead), no crash');
962 +$t->{REQUEST} = ( <<EOF
963 +GET /server-status HTTP/1.0
964 +Authorization: Basic =
967 +$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ];
968 +ok($tf->handle_http($t) == 0, 'Basic-Auth: Invalid Base64');
971 +$t->{REQUEST} = ( <<EOF
972 +GET /server-status HTTP/1.0
973 +User-Agent: Wget/1.9.1
974 +Authorization: Digest username="jan", realm="jan",
975 + nonce="b1d12348b4620437c43dd61c50ae4639", algorithm="md5-sess",
976 + uri="/MJ-BONG.xm.mpc", qop=auth, noncecount=00000001",
977 + cnonce="036FCA5B86F7E7C4965C7F9B8FE714B7",
979 + response="29B32C2953C763C6D033C8A49983B87E"
982 +$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ];
983 +ok($tf->handle_http($t) == 0, 'Digest-Auth: md5-sess + missing cnonce');
985 +$t->{REQUEST} = ( <<EOF
986 +GET /server-status HTTP/1.0
987 +User-Agent: Wget/1.9.1
988 +Authorization: Digest username="jan", realm="jan",
989 + nonce="b1d12348b4620437c43dd61c50ae4639", algorithm="md5-sess",
990 + uri="/MJ-BONG.xm.mpc", qop=auth, noncecount=00000001",
991 + cnonce="036FCA5B86F7E7C4965C7F9B8FE714B7",
993 + response="29B32C2953C763C6D033C8A49983B87E"
996 +$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ];
997 +ok($tf->handle_http($t) == 0, 'Digest-Auth: trailing WS');
1001 ok($tf->stop_proc == 0, "Stopping lighttpd");
1003 Index: tests/mod-access.t
1004 ===================================================================
1005 --- tests/mod-access.t (.../tags/lighttpd-1.4.15) (revision 1878)
1006 +++ tests/mod-access.t (.../branches/lighttpd-1.4.x) (revision 1878)
1011 -use Test::More tests => 3;
1012 +use Test::More tests => 4;
1015 my $tf = LightyTest->new();
1017 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 403 } ];
1018 ok($tf->handle_http($t) == 0, 'forbid access to ...~');
1020 +$t->{REQUEST} = ( <<EOF
1021 +GET /index.html~/ HTTP/1.0
1024 +$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 403 } ];
1025 +ok($tf->handle_http($t) == 0, '#1230 - forbid access to ...~ - trailing slash');
1027 ok($tf->stop_proc == 0, "Stopping lighttpd");
1029 Index: tests/core-request.t
1030 ===================================================================
1031 --- tests/core-request.t (.../tags/lighttpd-1.4.15) (revision 1878)
1032 +++ tests/core-request.t (.../branches/lighttpd-1.4.x) (revision 1878)
1037 -use Test::More tests => 33;
1038 +use Test::More tests => 36;
1041 my $tf = LightyTest->new();
1042 @@ -273,6 +273,38 @@
1043 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
1044 ok($tf->handle_http($t) == 0, 'uppercase filenames');
1046 +$t->{REQUEST} = ( <<EOF
1053 +$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
1054 +ok($tf->handle_http($t) == 0, '#1232 - duplicate headers with line-wrapping');
1056 +$t->{REQUEST} = ( <<EOF
1063 +$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
1064 +ok($tf->handle_http($t) == 0, '#1232 - duplicate headers with line-wrapping - test 2');
1066 +$t->{REQUEST} = ( <<EOF
1073 +$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
1074 +ok($tf->handle_http($t) == 0, '#1232 - duplicate headers with line-wrapping - test 3');
1079 ok($tf->stop_proc == 0, "Stopping lighttpd");
1081 Index: tests/prepare.sh
1082 ===================================================================
1083 --- tests/prepare.sh (.../tags/lighttpd-1.4.15) (revision 1878)
1084 +++ tests/prepare.sh (.../branches/lighttpd-1.4.x) (revision 1878)
1086 # copy everything into the right places
1087 cp $srcdir/docroot/www/*.html \
1088 $srcdir/docroot/www/*.php \
1089 + $srcdir/docroot/www/*.html~ \
1090 $srcdir/docroot/www/*.pl \
1091 $srcdir/docroot/www/*.fcgi \
1092 $srcdir/docroot/www/*.shtml \
1093 Index: tests/docroot/www/index.html~
1094 ===================================================================
1095 Index: tests/docroot/www/Makefile.am
1096 ===================================================================
1097 --- tests/docroot/www/Makefile.am (.../tags/lighttpd-1.4.15) (revision 1878)
1098 +++ tests/docroot/www/Makefile.am (.../branches/lighttpd-1.4.x) (revision 1878)
1100 EXTRA_DIST=cgi.php cgi.pl dummydir index.html index.txt phpinfo.php \
1101 redirect.php cgi-pathinfo.pl get-env.php get-server-env.php \
1102 nph-status.pl prefix.fcgi get-header.pl ssi.shtml get-post-len.pl \
1104 + exec-date.shtml index.html~
1105 SUBDIRS=go indexfile expire
1107 ===================================================================
1108 --- NEWS (.../tags/lighttpd-1.4.15) (revision 1878)
1109 +++ NEWS (.../branches/lighttpd-1.4.x) (revision 1878)
1116 + * added static-file.etags, etag.use-inode, etag.use-mtime, etag.use-size
1117 + to customize the generation of ETags for static files. (#1209)
1118 + (patch by <Yusufg@gmail.com>)
1119 + * fixed typecast of NULL on execl() (#1235)
1120 + (patch by F. Denis)
1121 + * fixed circumventing url.access-deny by trailing slash (#1230)
1122 + * fixed crash on duplicate headers with trailing WS (#1232)
1123 + * fixed accepting more connections then requested (#1216)
1124 + * fixed mem-leak in mod_auth (reported by Stefan Esser)
1125 + * fixed crash with md5-sess and cnonce not set in mod_auth (reported by Stefan Esser)
1126 + * fixed missing check for base64 encoded string in mod_auth and Basic auth
1127 + (reported by Stefan Esser)
1128 + * fixed possible crash in Auth-Digest header parser on trailing WS in
1129 + mod_auth (reported by Stefan Esser)
1131 - 1.4.15 - 2007-04-13
1133 - * fixed broken Set-Cookie headers
1134 + * fixed broken Set-Cookie headers
1136 - 1.4.14 - 2007-04-13
1139 * fix cpu hog in certain requests [1473] CVE-2007-1869
1140 * fix for handling hostnames with trailing dot [1406]
1141 * fixed header-injection via server.tag (#1106)
1142 - * disabled caching of files without a content-type to solve the
1143 + * disabled caching of files without a content-type to solve the
1144 aggressive caching of FF
1145 * remove trailing white-spaces from HTTP-requests before parsing (#1098)
1146 * fixed accesslog.use-syslog in a conditional and the caching of the
1148 * fixed crash on url.redirect and url.rewrite if %0 is used in a global context
1150 * fixed possible crash in debug-message in mod_extforward
1151 - * fixed compilation of mod_extforward on glibc < 2.3.4
1152 + * fixed compilation of mod_extforward on glibc < 2.3.4
1153 * fixed include of empty in the configfiles (#1076)
1154 * send SIGUSR1 to fastcgi children before SIGTERM. libfcgi wants SIGUSR1. (#737)
1155 * fixed missing AUTH_TYPE entry in the fastcgi environment. (#889)
1157 * added initgroups in spawn-fcgi (#871)
1158 * added apr1 support htpasswd in mod-auth (#870)
1159 * added lighty.stat() to mod_magnet
1160 - * fixed segfault in splitted CRLF CRLF sequences
1161 + * fixed segfault in splitted CRLF CRLF sequences
1162 (introduced in 1.4.12) (#876)
1163 * fixed compilation of LOCK support in mod-webdav
1164 * fixed fragments in request-URLs (#869)
1165 * fixed pkg-config check for lua5.1 on debian
1166 - * fixed Content-Length = 0 on HEAD requests without
1167 + * fixed Content-Length = 0 on HEAD requests without
1168 a known Content-Length (#119)
1169 * fixed mkdir() forcing 0700 (#884)
1170 * fixed writev() on FreeBSD 4.x and older (#875)
1171 - * removed warning about a 404-error-handler
1172 + * removed warning about a 404-error-handler
1174 * backported and fixed the buildsystem changes for