Elan Ruusamäe [Mon, 23 Oct 2017 08:08:49 +0000 (11:08 +0300)]
up to 1.4.47, fixes regressions in 1.4.46
- [mod_authn_gssapi] needs -lcom_err under Darwin
- [core] stricter validation of request-URI begin
- [core] fix 1.4.46 regression in config match (fixes #2830)
- [core] normalize config addrs for != match (#2830)
- [core] normalize config addrs for eq and ne (#2830)
- [doc] use https:// URLs to .lighttpd.net resources
- [core] fix 1.4.46 regression in Last-Modified
Important changes:
- new modules: mod_openssl, mod_vhostdb, mod_wstunnel
- new protocols: Upgrade: websocket, HAProxy PROXY, RFC7239 Forwarded
Selected features:
- HTTP/1.1 Upgrade: websocket (mod_proxy, mod_cgi, and mod_wstunnel)
- HTTP/1.1 Expect: 100-continue
- proxy: HAProxy PROXY protocol (mod_extforward, mod_proxy)
- proxy: RFC7239 Forwared HTTP extension (mod_extforward, mod_proxy)
- proxy: basic host/URL header remapping to/from backend
- config: resolve DNS names to first IP returned at lighttpd startup
- config: allow overriding prior config values using :=
- config: allow conditions on arbitrary HTTP request headers ($REQUEST_HEADER[])
- new module: mod_openssl - isolate SSL/TLS code; cleaner abstractions
- new module: mod_vhostdb* - framework for mass vhost via database backends
- new module: mod_wstunnel - decode/encode websocket proto to/from backend
- common code for dynamic backends; common features; better process management
- numerous new directives for experimental new features
Bug Fixes:
- core: fix streaming response when client catches up to stream from backend
- CGI: RFC3875 CGI local-redir strict adherence; local-redir disable dy default
- BSD: use kqueue in level-triggered mode
- fix triggered assert on HTTP chunked input
- SSL: fix bidirectional streaming over SSL
Behavior Changes:
- mod_scgi binds to INADDR_LOOPBACK if no host is specified (prior behavior
used INADDR_ANY) If lighttpd is spawning SCGI backend, default is now to
limit exposure to localhost unless explicitly configured otherwise. This
matches the behavior (since 2008) in mod_fastcgi.
- core: mimetype.assign matches basename or longest extension(s) (".tar.gz"),
not just any suffix match, if 16 or more entries
- core: increase default server.max-keep-alive-requests from 16 to 100
- proxy: add X-Forwarded-Host
- openssl: ssl.read-ahead = "disable" default (safer for slow embedded systems)
- mod_cgi cgi.local-redir = "disable" default (RFC3875 6.2.2 local-redir
optimization added in lighttpd 1.4.40)
- reproducible builds: omit __DATE__ and __TIME__ in lighttpd -h or lighttpd -v
Elan Ruusamäe [Wed, 10 May 2017 15:13:02 +0000 (18:13 +0300)]
load authn_ldap
fixes warnings from logs:
2017-05-10 18:11:33: (configfile.c.41) Warning: please add "mod_authn_ldap" to server.modules list in lighttpd.conf. A future release of lighttpd 1.4.x will not automatically load mod_authn_ldap and lighttpd will fail to start up since your lighttpd.conf uses auth.backend = "ldap".
Elan Ruusamäe [Sat, 24 Dec 2016 17:26:16 +0000 (19:26 +0200)]
up to 1.4.44
- [mod_scgi] fix segfault (fixes #2762)
- [mod_authn_gssapi] fix memory leak
- [config] warn if mod_authn_ldap,mysql not listed
- [mod_magnet] fix magnet_cgi_set() set of env vars (fixes #2763)
- [mod_cgi] FreeBSD 9.3/MacOSX does not have pipe2() (fixes #2765)
- [mod_extforward] fix crash on invalid IP (fixes #2766)
- [mod_fastcgi] fix segfault if all backends down (fixes #2768)
- [mod_cgi] fix out of sockets error for POST to CGI (fixes #2771)
- [mod_auth] compile fix for Mac OS X XCode (fixes #2772)
- [mod_authn_gssapi] better resource cleanup
- [core] compile fix for Mac OS X 10.6 (old) (fixes #2773)
- fix race in dynamic handler configs (reentrancy) (fixes #2774)
- [mod_authn_mysql] close mysql_conn in cleanup
- [mod_webdav] compile fix when locking not enabled
- load mod_auth & mod_authn_file in sample/test.conf
- comment out auth.backend.ldap.* in tests/*.conf
- [mod_fastcgi,mod_scgi] warn if invalid "bin-path"
- RAND_pseudo_bytes() is deprecated in openssl 1.1.0
- openssl 1.1.0 init and cleanup
- [mod_cgi] remove direct calls to network_backend*
- [build] build network_*.c into lighttpd executable
- suggest inclusion of mod_geoip... before mod_ssi.
- set systemd settings similar to lighttpd2
- [doc] remove reference to Linux rt-signals
- [mod_authn_gssapi] fix missing error ret, coverity
- [core] rename li_rand() to li_rand_pseudo_bytes()
- remove #include "stream.h" where not used
- [mod_cml] include lua headers before base.h
- [core] combine duplicated connection reset code
- [mod_ssi] produce content in subrequest hook
- [core] remove srv->entropy[]
- [core] defer li_rand_init() until first use
- [core] permit connection-level state in modules
- [mod_dirlisting] render dirlisting as HTML (fixes #2767)
- [mod_proxy] replace HTTP Host sent to backend (fixes #2770)
- [mod_ssi] basic recursive SSI include virtual (fixes #536)
- [mod_ssi] implement, ignore <!--#comment ... -->
- [core] consolidate duplicated read-to-close code
- [core] fix segfault when parsing a bad config file
- [core] support Transfer-Encoding: chunked req body (fixes #2156)
- [autobuild] set NO_RDYNAMIC=yes for midipix
- [mod_proxy] proxy.balance = "sticky" option (fixes #2117)
- [mod_secdownload] warn if SHA used w/o SSL crypto
- [build] compile fixes for AIX
- [build] check for pipe2() at configure time
- [mod_evhost] fix an incorrect error trace
- [tests] mark tests/docroot/www/*.pl scripts a+x
- [mod_cgi] fall back to pipe() if pipe2() fails
- fix SCons fullstatic build with glibc pthreads
- [TLS] openssl 1.1.0 makes SSL_OP_NO_SSLv2 no-op
Elan Ruusamäe [Mon, 5 Dec 2016 16:38:24 +0000 (18:38 +0200)]
run aclocal before autoheader
+ autoheader
aclocal.m4:17: warning: this file was generated for autoconf 2.69.
You have another version of autoconf. It may work, but is not guaranteed to.
If you have problems, you may need to regenerate the build system entirely.
To do so, use the procedure documented by the package, typically 'autoreconf'.
Elan Ruusamäe [Sun, 16 Oct 2016 14:02:17 +0000 (17:02 +0300)]
up to 1.4.42
Important changes
- new modules, expanded features, rewritten auth framework
- fix bugs introduced in 1.4.40/1.4.41
Highlights
* new modules, expanded features
* performance: use extended socket/file syscalls and flags
* rewritten auth framework
* updated mod_authn_ldap
* new mod_authn_gssapi
* new mod_authn_mysql
* new mod_deflate
* new mod_geoip
* new mod_uploadprogress
* mod_dirlisting sortable columns
* mod_fastcgi support for authorizer, responder keyed with same path/extension
* mod_cgi permit CGI exec of unreadable files
* mod_scgi support for uwsgi protocol for Python WSGI backends
* add some SSL_* variables to CGI environment
* bug fixes
* remove preemptive shutdown() to backend
* fix backend socket connect issue: enforce wait for POLLWR after EINPROGRESS
* fix crash if ready events on abandoned fd
* fix broken digest auth
* behavior changes
* behavior change in mod_ssi to conform to same CGI env as CGI, FastCGI, SCGI:
* REQUEST_URI is original client request, instead of URI modified by mod_rewrite.
* DOCUMENT_ROOT changes if mod_alias or mod_userdir changes basedir.
Elan Ruusamäe [Sun, 6 Dec 2015 10:14:58 +0000 (12:14 +0200)]
up to 1.4.38
Important changes
- mod_secdownload now requires an algorithm option to be set
- fix a header parse bug (#2670)
- sendfile support for darwin (just select "sendfile" as backend)
Elan Ruusamäe [Sun, 26 Jul 2015 15:23:12 +0000 (18:23 +0300)]
up to 1.4.36
Important changes:
- [ssl] disable SSL3.0 by default
- escape all strings for logging
- fix segfault when temp file for upload couldn't be created (found by coverity)
- changes to the internal API for buffers, chunks and more; 3rd party plugins are likely to break