- update branch diff:

[packages/lighttpd.git] / lighttpd-branch.diff

# Revision 2812
Index: src/http_auth_digest.c
===================================================================
--- src/http_auth_digest.c	(.../tags/lighttpd-1.4.29)
+++ src/http_auth_digest.c	(.../branches/lighttpd-1.4.x)
@@ -1,26 +0,0 @@
-#include "buffer.h"
-
-#include "http_auth_digest.h"
-
-#include <string.h>
-
-#ifndef USE_OPENSSL
-# include "md5.h"
-
-typedef li_MD5_CTX MD5_CTX;
-#define MD5_Init li_MD5_Init
-#define MD5_Update li_MD5_Update
-#define MD5_Final li_MD5_Final
-
-#endif
-
-void CvtHex(IN HASH Bin, OUT HASHHEX Hex) {
-	unsigned short i;
-
-	for (i = 0; i < HASHLEN; i++) {
-		Hex[i*2] = int2hex((Bin[i] >> 4) & 0xf);
-		Hex[i*2+1] = int2hex(Bin[i] & 0xf);
-	}
-	Hex[HASHHEXLEN] = '\0';
-}
-
Index: src/http_auth_digest.h
===================================================================
--- src/http_auth_digest.h	(.../tags/lighttpd-1.4.29)
+++ src/http_auth_digest.h	(.../branches/lighttpd-1.4.x)
@@ -1,24 +0,0 @@
-#ifndef _DIGCALC_H_
-#define _DIGCALC_H_
-
-#ifdef HAVE_CONFIG_H
-# include "config.h"
-#endif
-
-#define HASHLEN 16
-typedef unsigned char HASH[HASHLEN];
-#define HASHHEXLEN 32
-typedef char HASHHEX[HASHHEXLEN+1];
-#ifdef USE_OPENSSL
-#define IN const
-#else
-#define IN
-#endif
-#define OUT
-
-void CvtHex(
-    IN HASH Bin,
-    OUT HASHHEX Hex
-    );
-
-#endif
Index: src/network_write.c
===================================================================
--- src/network_write.c	(.../tags/lighttpd-1.4.29)
+++ src/network_write.c	(.../branches/lighttpd-1.4.x)
@@ -24,17 +24,16 @@
 # include <sys/resource.h>
 #endif
 
-int network_write_chunkqueue_write(server *srv, connection *con, int fd, chunkqueue *cq) {
+int network_write_chunkqueue_write(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes) {
 	chunk *c;
-	size_t chunks_written = 0;
 
-	for(c = cq->first; c; c = c->next) {
+	for(c = cq->first; (max_bytes > 0) && (NULL != c); c = c->next) {
 		int chunk_finished = 0;
 
 		switch(c->type) {
 		case MEM_CHUNK: {
 			char * offset;
-			size_t toSend;
+			off_t toSend;
 			ssize_t r;
 
 			if (c->mem->used == 0) {
@@ -44,6 +43,8 @@
 
 			offset = c->mem->ptr + c->offset;
 			toSend = c->mem->used - 1 - c->offset;
+			if (toSend > max_bytes) toSend = max_bytes;
+
 #ifdef __WIN32
 			if ((r = send(fd, offset, toSend, 0)) < 0) {
 				/* no error handling for windows... */
@@ -72,6 +73,7 @@
 
 			c->offset += r;
 			cq->bytes_out += r;
+			max_bytes -= r;
 
 			if (c->offset == (off_t)c->mem->used - 1) {
 				chunk_finished = 1;
@@ -85,7 +87,7 @@
 #endif
 			ssize_t r;
 			off_t offset;
-			size_t toSend;
+			off_t toSend;
 			stat_cache_entry *sce = NULL;
 			int ifd;
 
@@ -98,6 +100,8 @@
 			offset = c->file.start + c->offset;
 			toSend = c->file.length - c->offset;
 
+			if (toSend > max_bytes) toSend = max_bytes;
+
 			if (offset > sce->st.st_size) {
 				log_error_write(srv, __FILE__, __LINE__, "sb", "file was shrinked:", c->file.name);
 
@@ -181,6 +185,7 @@
 
 			c->offset += r;
 			cq->bytes_out += r;
+			max_bytes -= r;
 
 			if (c->offset == c->file.length) {
 				chunk_finished = 1;
@@ -200,11 +205,9 @@
 
 			break;
 		}
-
-		chunks_written++;
 	}
 
-	return chunks_written;
+	return 0;
 }
 
 #if 0
Index: src/mod_secure_download.c
===================================================================
--- src/mod_secure_download.c	(.../tags/lighttpd-1.4.29)
+++ src/mod_secure_download.c	(.../branches/lighttpd-1.4.x)
@@ -8,18 +8,8 @@
 #include <stdlib.h>
 #include <string.h>
 
-#ifdef USE_OPENSSL
-# include <openssl/md5.h>
-#else
-# include "md5.h"
+#include "md5.h"
 
-typedef li_MD5_CTX MD5_CTX;
-#define MD5_Init li_MD5_Init
-#define MD5_Update li_MD5_Update
-#define MD5_Final li_MD5_Final
-
-#endif
-
 #define HASHLEN 16
 typedef unsigned char HASH[HASHLEN];
 #define HASHHEXLEN 32
@@ -200,7 +190,7 @@
 
 URIHANDLER_FUNC(mod_secdownload_uri_handler) {
 	plugin_data *p = p_d;
-	MD5_CTX Md5Ctx;
+	li_MD5_CTX Md5Ctx;
 	HASH HA1;
 	const char *rel_uri, *ts_str, *md5_str;
 	time_t ts = 0;
@@ -266,9 +256,9 @@
 	buffer_append_string(p->md5, rel_uri);
 	buffer_append_string_len(p->md5, ts_str, 8);
 
-	MD5_Init(&Md5Ctx);
-	MD5_Update(&Md5Ctx, (unsigned char *)p->md5->ptr, p->md5->used - 1);
-	MD5_Final(HA1, &Md5Ctx);
+	li_MD5_Init(&Md5Ctx);
+	li_MD5_Update(&Md5Ctx, (unsigned char *)p->md5->ptr, p->md5->used - 1);
+	li_MD5_Final(HA1, &Md5Ctx);
 
 	buffer_copy_string_hex(p->md5, (char *)HA1, 16);
 
Index: src/base.h
===================================================================
--- src/base.h	(.../tags/lighttpd-1.4.29)
+++ src/base.h	(.../branches/lighttpd-1.4.x)
@@ -277,6 +277,7 @@
 	buffer *ssl_cipher_list;
 	buffer *ssl_dh_file;
 	buffer *ssl_ec_curve;
+	unsigned short ssl_honor_cipher_order; /* determine SSL cipher in server-preferred order, not client-order */
 	unsigned short ssl_use_sslv2;
 	unsigned short ssl_use_sslv3;
 	unsigned short ssl_verifyclient;
@@ -284,6 +285,7 @@
 	unsigned short ssl_verifyclient_depth;
 	buffer *ssl_verifyclient_username;
 	unsigned short ssl_verifyclient_export_cert;
+	unsigned short ssl_disable_client_renegotiation;
 
 	unsigned short use_ipv6, set_v6only; /* set_v6only is only a temporary option */
 	unsigned short defer_accept;
@@ -437,6 +439,7 @@
 # ifndef OPENSSL_NO_TLSEXT
 	buffer *tlsext_server_name;
 # endif
+	unsigned int renegotiations; /* count of SSL_CB_HANDSHAKE_START */
 #endif
 	/* etag handling */
 	etag_flags_t etag_flags;
@@ -647,11 +650,9 @@
 
 	fdevent_handler_t event_handler;
 
-	int (* network_backend_write)(struct server *srv, connection *con, int fd, chunkqueue *cq);
-	int (* network_backend_read)(struct server *srv, connection *con, int fd, chunkqueue *cq);
+	int (* network_backend_write)(struct server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes);
 #ifdef USE_OPENSSL
-	int (* network_ssl_backend_write)(struct server *srv, connection *con, SSL *ssl, chunkqueue *cq);
-	int (* network_ssl_backend_read)(struct server *srv, connection *con, SSL *ssl, chunkqueue *cq);
+	int (* network_ssl_backend_write)(struct server *srv, connection *con, SSL *ssl, chunkqueue *cq, off_t max_bytes);
 #endif
 
 	uid_t uid;
Index: src/connections.c
===================================================================
--- src/connections.c	(.../tags/lighttpd-1.4.29)
+++ src/connections.c	(.../branches/lighttpd-1.4.x)
@@ -223,6 +223,12 @@
 
 		len = SSL_read(con->ssl, b->ptr + read_offset, toread);
 
+		if (con->renegotiations > 1 && con->conf.ssl_disable_client_renegotiation) {
+			connection_set_state(srv, con, CON_STATE_ERROR);
+			log_error_write(srv, __FILE__, __LINE__, "s", "SSL: renegotiation initiated by client");
+			return -1;
+		}
+
 		if (len > 0) {
 			if (b->used > 0) b->used--;
 			b->used += len;
@@ -445,6 +451,7 @@
 		default:
 			switch(con->http_status) {
 			case 400: /* bad request */
+			case 401: /* authorization required */
 			case 414: /* overload request header */
 			case 505: /* unknown protocol */
 			case 207: /* this was webdav */
@@ -617,8 +624,9 @@
 }
 
 static int connection_handle_write(server *srv, connection *con) {
-	switch(network_write_chunkqueue(srv, con, con->write_queue)) {
+	switch(network_write_chunkqueue(srv, con, con->write_queue, MAX_WRITE_LIMIT)) {
 	case 0:
+		con->write_request_ts = srv->cur_ts;
 		if (con->file_finished) {
 			connection_set_state(srv, con, CON_STATE_RESPONSE_END);
 			joblist_append(srv, con);
@@ -635,6 +643,7 @@
 		joblist_append(srv, con);
 		break;
 	case 1:
+		con->write_request_ts = srv->cur_ts;
 		con->is_writable = 0;
 
 		/* not finished yet -> WRITE */
@@ -1251,8 +1260,6 @@
 			log_error_write(srv, __FILE__, __LINE__, "ds",
 					con->fd,
 					"handle write failed.");
-		} else if (con->state == CON_STATE_WRITE) {
-			con->write_request_ts = srv->cur_ts;
 		}
 	}
 
@@ -1352,6 +1359,7 @@
 				return NULL;
 			}
 
+			con->renegotiations = 0;
 #ifndef OPENSSL_NO_TLSEXT
 			SSL_set_app_data(con->ssl, con);
 #endif
@@ -1667,8 +1675,6 @@
 							con->fd,
 							"handle write failed.");
 					connection_set_state(srv, con, CON_STATE_ERROR);
-				} else if (con->state == CON_STATE_WRITE) {
-					con->write_request_ts = srv->cur_ts;
 				}
 			}
 
Index: src/mod_staticfile.c
===================================================================
--- src/mod_staticfile.c	(.../tags/lighttpd-1.4.29)
+++ src/mod_staticfile.c	(.../branches/lighttpd-1.4.x)
@@ -26,6 +26,7 @@
 typedef struct {
 	array *exclude_ext;
 	unsigned short etags_used;
+	unsigned short disable_pathinfo;
 } plugin_config;
 
 typedef struct {
@@ -84,6 +85,7 @@
 	config_values_t cv[] = {
 		{ "static-file.exclude-extensions", NULL, T_CONFIG_ARRAY, T_CONFIG_SCOPE_CONNECTION },       /* 0 */
 		{ "static-file.etags",    NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 1 */
+		{ "static-file.disable-pathinfo", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 2 */
 		{ NULL,                         NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
 	};
 
@@ -97,9 +99,11 @@
 		s = calloc(1, sizeof(plugin_config));
 		s->exclude_ext    = array_init();
 		s->etags_used     = 1;
+		s->disable_pathinfo = 0;
 
 		cv[0].destination = s->exclude_ext;
 		cv[1].destination = &(s->etags_used);
+		cv[2].destination = &(s->disable_pathinfo);
 
 		p->config_storage[i] = s;
 
@@ -119,6 +123,7 @@
 
 	PATCH(exclude_ext);
 	PATCH(etags_used);
+	PATCH(disable_pathinfo);
 
 	/* skip the first, the global context */
 	for (i = 1; i < srv->config_context->used; i++) {
@@ -136,7 +141,9 @@
 				PATCH(exclude_ext);
 			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("static-file.etags"))) {
 				PATCH(etags_used);
-			} 
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("static-file.disable-pathinfo"))) {
+				PATCH(disable_pathinfo);
+			}
 		}
 	}
 
@@ -350,7 +357,6 @@
 URIHANDLER_FUNC(mod_staticfile_subrequest) {
 	plugin_data *p = p_d;
 	size_t k;
-	int s_len;
 	stat_cache_entry *sce = NULL;
 	buffer *mtime = NULL;
 	data_string *ds;
@@ -376,7 +382,12 @@
 
 	mod_staticfile_patch_connection(srv, con, p);
 
-	s_len = con->uri.path->used - 1;
+	if (p->conf.disable_pathinfo && 0 != con->request.pathinfo->used) {
+		if (con->conf.log_request_handling) {
+			log_error_write(srv, __FILE__, __LINE__,  "s",  "-- NOT handling file as static file, pathinfo forbidden");
+		}
+		return HANDLER_GO_ON;
+	}
 
 	/* ignore certain extensions */
 	for (k = 0; k < p->conf.exclude_ext->used; k++) {
Index: src/network.c
===================================================================
--- src/network.c	(.../tags/lighttpd-1.4.29)
+++ src/network.c	(.../branches/lighttpd-1.4.x)
@@ -27,6 +27,19 @@
 # include <openssl/rand.h>
 #endif
 
+#ifdef USE_OPENSSL
+static void ssl_info_callback(const SSL *ssl, int where, int ret) {
+	UNUSED(ret);
+
+	if (0 != (where & SSL_CB_HANDSHAKE_START)) {
+		connection *con = SSL_get_app_data(ssl);
+		++con->renegotiations;
+	} else if (0 != (where & SSL_CB_HANDSHAKE_DONE)) {
+		ssl->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
+	}
+}
+#endif
+
 static handler_t network_server_handle_fdevent(server *srv, void *context, int revents) {
 	server_socket *srv_socket = (server_socket *)context;
 	connection *con;
@@ -480,9 +493,11 @@
 	network_backend_t backend;
 
 #if OPENSSL_VERSION_NUMBER >= 0x0090800fL
+#ifndef OPENSSL_NO_ECDH
 	EC_KEY *ecdh;
 	int nid;
 #endif
+#endif
 
 #ifdef USE_OPENSSL
 	DH *dh;
@@ -553,6 +568,11 @@
 	/* load SSL certificates */
 	for (i = 0; i < srv->config_context->used; i++) {
 		specific_config *s = srv->config_storage[i];
+#ifndef SSL_OP_NO_COMPRESSION
+# define SSL_OP_NO_COMPRESSION 0
+#endif
+		long ssloptions =
+			SSL_OP_ALL | SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION | SSL_OP_NO_COMPRESSION;
 
 		if (buffer_is_empty(s->ssl_pemfile)) continue;
 
@@ -586,6 +606,9 @@
 			return -1;
 		}
 
+		SSL_CTX_set_options(s->ssl_ctx, ssloptions);
+		SSL_CTX_set_info_callback(s->ssl_ctx, ssl_info_callback);
+
 		if (!s->ssl_use_sslv2) {
 			/* disable SSLv2 */
 			if (!(SSL_OP_NO_SSLv2 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv2))) {
@@ -611,6 +634,10 @@
 						ERR_error_string(ERR_get_error(), NULL));
 				return -1;
 			}
+
+			if (s->ssl_honor_cipher_order) {
+				SSL_CTX_set_options(s->ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
+			}
 		}
 
 		/* Support for Diffie-Hellman key exchange */
@@ -847,7 +874,7 @@
 	return 0;
 }
 
-int network_write_chunkqueue(server *srv, connection *con, chunkqueue *cq) {
+int network_write_chunkqueue(server *srv, connection *con, chunkqueue *cq, off_t max_bytes) {
 	int ret = -1;
 	off_t written = 0;
 #ifdef TCP_CORK
@@ -855,16 +882,34 @@
 #endif
 	server_socket *srv_socket = con->srv_socket;
 
-	if (con->conf.global_kbytes_per_second &&
-	    *(con->conf.global_bytes_per_second_cnt_ptr) > con->conf.global_kbytes_per_second * 1024) {
-		/* we reached the global traffic limit */
+	if (con->conf.global_kbytes_per_second) {
+		off_t limit = con->conf.global_kbytes_per_second * 1024 - *(con->conf.global_bytes_per_second_cnt_ptr);
+		if (limit <= 0) {
+			/* we reached the global traffic limit */
 
-		con->traffic_limit_reached = 1;
-		joblist_append(srv, con);
+			con->traffic_limit_reached = 1;
+			joblist_append(srv, con);
 
-		return 1;
+			return 1;
+		} else {
+			if (max_bytes > limit) max_bytes = limit;
+		}
 	}
 
+	if (con->conf.kbytes_per_second) {
+		off_t limit = con->conf.kbytes_per_second * 1024 - con->bytes_written_cur_second;
+		if (limit <= 0) {
+			/* we reached the traffic limit */
+
+			con->traffic_limit_reached = 1;
+			joblist_append(srv, con);
+
+			return 1;
+		} else {
+			if (max_bytes > limit) max_bytes = limit;
+		}
+	}
+
 	written = cq->bytes_out;
 
 #ifdef TCP_CORK
@@ -879,10 +924,10 @@
 
 	if (srv_socket->is_ssl) {
 #ifdef USE_OPENSSL
-		ret = srv->network_ssl_backend_write(srv, con, con->ssl, cq);
+		ret = srv->network_ssl_backend_write(srv, con, con->ssl, cq, max_bytes);
 #endif
 	} else {
-		ret = srv->network_backend_write(srv, con, con->fd, cq);
+		ret = srv->network_backend_write(srv, con, con->fd, cq, max_bytes);
 	}
 
 	if (ret >= 0) {
@@ -903,12 +948,5 @@
 
 	*(con->conf.global_bytes_per_second_cnt_ptr) += written;
 
-	if (con->conf.kbytes_per_second &&
-	    (con->bytes_written_cur_second > con->conf.kbytes_per_second * 1024)) {
-		/* we reached the traffic limit */
-
-		con->traffic_limit_reached = 1;
-		joblist_append(srv, con);
-	}
 	return ret;
 }
Index: src/network.h
===================================================================
--- src/network.h	(.../tags/lighttpd-1.4.29)
+++ src/network.h	(.../branches/lighttpd-1.4.x)
@@ -3,7 +3,7 @@
 
 #include "server.h"
 
-int network_write_chunkqueue(server *srv, connection *con, chunkqueue *c);
+int network_write_chunkqueue(server *srv, connection *con, chunkqueue *c, off_t max_bytes);
 
 int network_init(server *srv);
 int network_close(server *srv);
Index: src/configfile.c
===================================================================
--- src/configfile.c	(.../tags/lighttpd-1.4.29)
+++ src/configfile.c	(.../branches/lighttpd-1.4.x)
@@ -105,6 +105,8 @@
 		{ "ssl.use-sslv3",               NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER },     /* 62 */
 		{ "ssl.dh-file",                 NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER },      /* 63 */
 		{ "ssl.ec-curve",                NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER },      /* 64 */
+		{ "ssl.disable-client-renegotiation", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER },/* 65 */
+		{ "ssl.honor-cipher-order",      NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER },     /* 66 */
 
 		{ "server.host",                 "use server.bind instead", T_CONFIG_DEPRECATED, T_CONFIG_SCOPE_UNSET },
 		{ "server.docroot",              "use server.document-root instead", T_CONFIG_DEPRECATED, T_CONFIG_SCOPE_UNSET },
@@ -176,6 +178,7 @@
 		s->max_write_idle = 360;
 		s->use_xattr     = 0;
 		s->is_ssl        = 0;
+		s->ssl_honor_cipher_order = 1;
 		s->ssl_use_sslv2 = 0;
 		s->ssl_use_sslv3 = 1;
 		s->use_ipv6      = 0;
@@ -199,6 +202,7 @@
 		s->ssl_verifyclient_username = buffer_init();
 		s->ssl_verifyclient_depth = 9;
 		s->ssl_verifyclient_export_cert = 0;
+		s->ssl_disable_client_renegotiation = 1;
 
 		cv[2].destination = s->errorfile_prefix;
 
@@ -245,6 +249,8 @@
 		cv[62].destination = &(s->ssl_use_sslv3);
 		cv[63].destination = s->ssl_dh_file;
 		cv[64].destination = s->ssl_ec_curve;
+		cv[65].destination = &(s->ssl_honor_cipher_order);
+
 		cv[49].destination = &(s->etag_use_inode);
 		cv[50].destination = &(s->etag_use_mtime);
 		cv[51].destination = &(s->etag_use_size);
@@ -255,6 +261,7 @@
 		cv[58].destination = &(s->ssl_verifyclient_depth);
 		cv[59].destination = s->ssl_verifyclient_username;
 		cv[60].destination = &(s->ssl_verifyclient_export_cert);
+		cv[65].destination = &(s->ssl_disable_client_renegotiation);
 
 		srv->config_storage[i] = s;
 
@@ -335,6 +342,7 @@
 	PATCH(ssl_cipher_list);
 	PATCH(ssl_dh_file);
 	PATCH(ssl_ec_curve);
+	PATCH(ssl_honor_cipher_order);
 	PATCH(ssl_use_sslv2);
 	PATCH(ssl_use_sslv3);
 	PATCH(etag_use_inode);
@@ -346,6 +354,7 @@
 	PATCH(ssl_verifyclient_depth);
 	PATCH(ssl_verifyclient_username);
 	PATCH(ssl_verifyclient_export_cert);
+	PATCH(ssl_disable_client_renegotiation);
 
 	return 0;
 }
@@ -400,6 +409,8 @@
 #endif
 			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.ca-file"))) {
 				PATCH(ssl_ca_file);
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.honor-cipher-order"))) {
+				PATCH(ssl_honor_cipher_order);
 			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.use-sslv2"))) {
 				PATCH(ssl_use_sslv2);
 			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.use-sslv3"))) {
@@ -454,6 +465,8 @@
 				PATCH(ssl_verifyclient_username);
 			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.verifyclient.exportcert"))) {
 				PATCH(ssl_verifyclient_export_cert);
+			} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.disable-client-renegotiation"))) {
+				PATCH(ssl_disable_client_renegotiation);
 			}
 		}
 	}
Index: src/mod_scgi.c
===================================================================
--- src/mod_scgi.c	(.../tags/lighttpd-1.4.29)
+++ src/mod_scgi.c	(.../branches/lighttpd-1.4.x)
@@ -2296,7 +2296,7 @@
 
 		/* fall through */
 	case FCGI_STATE_WRITE:
-		ret = srv->network_backend_write(srv, con, hctx->fd, hctx->wb);
+		ret = srv->network_backend_write(srv, con, hctx->fd, hctx->wb, MAX_WRITE_LIMIT);
 
 		chunkqueue_remove_finished_chunks(hctx->wb);
 
Index: src/request.c
===================================================================
--- src/request.c	(.../tags/lighttpd-1.4.29)
+++ src/request.c	(.../branches/lighttpd-1.4.x)
@@ -49,7 +49,7 @@
 				if (++colon_cnt > 7) {
 					return -1;
 				}
-			} else if (!light_isxdigit(*c)) {
+			} else if (!light_isxdigit(*c) && '.' != *c) {
 				return -1;
 			}
 		}
Index: src/network_backends.h
===================================================================
--- src/network_backends.h	(.../tags/lighttpd-1.4.29)
+++ src/network_backends.h	(.../branches/lighttpd-1.4.x)
@@ -47,18 +47,18 @@
 #include "base.h"
 
 /* return values:
- * >= 0 : chunks completed
+ * >= 0 : no error
  *   -1 : error (on our side)
  *   -2 : remote close
  */
 
-int network_write_chunkqueue_write(server *srv, connection *con, int fd, chunkqueue *cq);
-int network_write_chunkqueue_writev(server *srv, connection *con, int fd, chunkqueue *cq);
-int network_write_chunkqueue_linuxsendfile(server *srv, connection *con, int fd, chunkqueue *cq);
-int network_write_chunkqueue_freebsdsendfile(server *srv, connection *con, int fd, chunkqueue *cq);
-int network_write_chunkqueue_solarissendfilev(server *srv, connection *con, int fd, chunkqueue *cq);
+int network_write_chunkqueue_write(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes);
+int network_write_chunkqueue_writev(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes);
+int network_write_chunkqueue_linuxsendfile(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes);
+int network_write_chunkqueue_freebsdsendfile(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes);
+int network_write_chunkqueue_solarissendfilev(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes);
 #ifdef USE_OPENSSL
-int network_write_chunkqueue_openssl(server *srv, connection *con, SSL *ssl, chunkqueue *cq);
+int network_write_chunkqueue_openssl(server *srv, connection *con, SSL *ssl, chunkqueue *cq, off_t max_bytes);
 #endif
 
 #endif
Index: src/SConscript
===================================================================
--- src/SConscript	(.../tags/lighttpd-1.4.29)
+++ src/SConscript	(.../branches/lighttpd-1.4.x)
@@ -12,7 +12,8 @@
       data_integer.c md5.c data_fastcgi.c \
       fdevent_select.c fdevent_libev.c \
       fdevent_poll.c fdevent_linux_sysepoll.c \
-      fdevent_solaris_devpoll.c fdevent_freebsd_kqueue.c \
+      fdevent_solaris_devpoll.c fdevent_solaris_port.c \
+      fdevent_freebsd_kqueue.c \
       data_config.c bitset.c \
       inet_ntop_cache.c crc32.c \
       connections-glue.c \
@@ -62,7 +63,7 @@
 	'mod_redirect' : { 'src' : [ 'mod_redirect.c' ], 'lib' : [ env['LIBPCRE'] ] },
 	'mod_rewrite' : { 'src' : [ 'mod_rewrite.c' ], 'lib' : [ env['LIBPCRE'] ] },
 	'mod_auth' : {
-		'src' : [ 'mod_auth.c', 'http_auth_digest.c', 'http_auth.c' ],
+		'src' : [ 'mod_auth.c', 'http_auth.c' ],
 		'lib' : [ env['LIBCRYPT'], env['LIBLDAP'], env['LIBLBER'] ] },
 	'mod_webdav' : { 'src' : [ 'mod_webdav.c' ], 'lib' : [ env['LIBXML2'], env['LIBSQLITE3'], env['LIBUUID'] ] },
 	'mod_mysql_vhost' : { 'src' : [ 'mod_mysql_vhost.c' ], 'lib' : [ env['LIBMYSQL'] ] },
Index: src/mod_cml_funcs.c
===================================================================
--- src/mod_cml_funcs.c	(.../tags/lighttpd-1.4.29)
+++ src/mod_cml_funcs.c	(.../branches/lighttpd-1.4.x)
@@ -17,18 +17,8 @@
 #include <dirent.h>
 #include <stdio.h>
 
-#ifdef USE_OPENSSL
-# include <openssl/md5.h>
-#else
-# include "md5.h"
+#include "md5.h"
 
-typedef li_MD5_CTX MD5_CTX;
-#define MD5_Init li_MD5_Init
-#define MD5_Update li_MD5_Update
-#define MD5_Final li_MD5_Final
-
-#endif
-
 #define HASHLEN 16
 typedef unsigned char HASH[HASHLEN];
 #define HASHHEXLEN 32
@@ -43,7 +33,7 @@
 #ifdef HAVE_LUA_H
 
 int f_crypto_md5(lua_State *L) {
-	MD5_CTX Md5Ctx;
+	li_MD5_CTX Md5Ctx;
 	HASH HA1;
 	buffer b;
 	char hex[33];
@@ -63,9 +53,9 @@
 		lua_error(L);
 	}
 
-	MD5_Init(&Md5Ctx);
-	MD5_Update(&Md5Ctx, (unsigned char *)lua_tostring(L, 1), lua_strlen(L, 1));
-	MD5_Final(HA1, &Md5Ctx);
+	li_MD5_Init(&Md5Ctx);
+	li_MD5_Update(&Md5Ctx, (unsigned char *)lua_tostring(L, 1), lua_strlen(L, 1));
+	li_MD5_Final(HA1, &Md5Ctx);
 
 	buffer_copy_string_hex(&b, (char *)HA1, 16);
 
Index: src/mod_userdir.c
===================================================================
--- src/mod_userdir.c	(.../tags/lighttpd-1.4.29)
+++ src/mod_userdir.c	(.../branches/lighttpd-1.4.x)
@@ -166,7 +166,6 @@
 
 URIHANDLER_FUNC(mod_userdir_docroot_handler) {
 	plugin_data *p = p_d;
-	int uri_len;
 	size_t k;
 	char *rel_url;
 #ifdef HAVE_PWD_H
@@ -182,8 +181,6 @@
 	 */
 	if (p->conf.path->used == 0) return HANDLER_GO_ON;
 
-	uri_len = con->uri.path->used - 1;
-
 	/* /~user/foo.html -> /home/user/public_html/foo.html */
 
 	if (con->uri.path->ptr[0] != '/' ||
Index: src/mod_proxy.c
===================================================================
--- src/mod_proxy.c	(.../tags/lighttpd-1.4.29)
+++ src/mod_proxy.c	(.../branches/lighttpd-1.4.x)
@@ -825,7 +825,7 @@
 
 		/* fall through */
 	case PROXY_STATE_WRITE:;
-		ret = srv->network_backend_write(srv, con, hctx->fd, hctx->wb);
+		ret = srv->network_backend_write(srv, con, hctx->fd, hctx->wb, MAX_WRITE_LIMIT);
 
 		chunkqueue_remove_finished_chunks(hctx->wb);
 
Index: src/Makefile.am
===================================================================
--- src/Makefile.am	(.../tags/lighttpd-1.4.29)
+++ src/Makefile.am	(.../branches/lighttpd-1.4.x)
@@ -241,7 +241,7 @@
 mod_compress_la_LIBADD = $(Z_LIB) $(BZ_LIB) $(common_libadd)
 
 lib_LTLIBRARIES += mod_auth.la
-mod_auth_la_SOURCES = mod_auth.c http_auth_digest.c http_auth.c
+mod_auth_la_SOURCES = mod_auth.c http_auth.c
 mod_auth_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
 mod_auth_la_LIBADD = $(CRYPT_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd)
 
@@ -268,7 +268,7 @@
 
 hdr = server.h buffer.h network.h log.h keyvalue.h \
       response.h request.h fastcgi.h chunk.h \
-      settings.h http_chunk.h http_auth_digest.h \
+      settings.h http_chunk.h \
       md5.h http_auth.h stream.h \
       fdevent.h connections.h base.h stat_cache.h \
       plugin.h mod_auth.h \
Index: src/network_writev.c
===================================================================
--- src/network_writev.c	(.../tags/lighttpd-1.4.29)
+++ src/network_writev.c	(.../branches/lighttpd-1.4.x)
@@ -30,17 +30,16 @@
 #define LOCAL_BUFFERING 1
 #endif
 
-int network_write_chunkqueue_writev(server *srv, connection *con, int fd, chunkqueue *cq) {
+int network_write_chunkqueue_writev(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes) {
 	chunk *c;
-	size_t chunks_written = 0;
 
-	for(c = cq->first; c; c = c->next) {
+	for(c = cq->first; (max_bytes > 0) && (NULL != c); c = c->next) {
 		int chunk_finished = 0;
 
 		switch(c->type) {
 		case MEM_CHUNK: {
 			char * offset;
-			size_t toSend;
+			off_t toSend;
 			ssize_t r;
 
 			size_t num_chunks, i;
@@ -65,12 +64,10 @@
 #error "sysconf() doesnt return _SC_IOV_MAX ..., check the output of 'man writev' for the EINVAL error and send the output to jan@kneschke.de"
 #endif
 
-			/* we can't send more then SSIZE_MAX bytes in one chunk */
-
 			/* build writev list
 			 *
 			 * 1. limit: num_chunks < max_chunks
-			 * 2. limit: num_bytes < SSIZE_MAX
+			 * 2. limit: num_bytes < max_bytes
 			 */
 			for (num_chunks = 0, tc = c; tc && tc->type == MEM_CHUNK && num_chunks < max_chunks; num_chunks++, tc = tc->next);
 
@@ -87,9 +84,9 @@
 					chunks[i].iov_base = offset;
 
 					/* protect the return value of writev() */
-					if (toSend > SSIZE_MAX ||
-					    num_bytes + toSend > SSIZE_MAX) {
-						chunks[i].iov_len = SSIZE_MAX - num_bytes;
+					if (toSend > max_bytes ||
+					    (off_t) num_bytes + toSend > max_bytes) {
+						chunks[i].iov_len = max_bytes - num_bytes;
 
 						num_chunks = i + 1;
 						break;
@@ -121,6 +118,7 @@
 			}
 
 			cq->bytes_out += r;
+			max_bytes -= r;
 
 			/* check which chunks have been written */
 
@@ -132,11 +130,10 @@
 
 					if (chunk_finished) {
 						/* skip the chunks from further touches */
-						chunks_written++;
 						c = c->next;
 					} else {
 						/* chunks_written + c = c->next is done in the for()*/
-						chunk_finished++;
+						chunk_finished = 1;
 					}
 				} else {
 					/* partially written */
@@ -284,6 +281,8 @@
 				assert(toSend < 0);
 			}
 
+			if (toSend > max_bytes) toSend = max_bytes;
+
 #ifdef LOCAL_BUFFERING
 			start = c->mem->ptr;
 #else
@@ -309,6 +308,7 @@
 
 			c->offset += r;
 			cq->bytes_out += r;
+			max_bytes -= r;
 
 			if (c->offset == c->file.length) {
 				chunk_finished = 1;
@@ -334,11 +334,9 @@
 
 			break;
 		}
-
-		chunks_written++;
 	}
 
-	return chunks_written;
+	return 0;
 }
 
 #endif
Index: src/network_freebsd_sendfile.c
===================================================================
--- src/network_freebsd_sendfile.c	(.../tags/lighttpd-1.4.29)
+++ src/network_freebsd_sendfile.c	(.../branches/lighttpd-1.4.x)
@@ -31,17 +31,16 @@
 # endif
 #endif
 
-int network_write_chunkqueue_freebsdsendfile(server *srv, connection *con, int fd, chunkqueue *cq) {
+int network_write_chunkqueue_freebsdsendfile(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes) {
 	chunk *c;
-	size_t chunks_written = 0;
 
-	for(c = cq->first; c; c = c->next, chunks_written++) {
+	for(c = cq->first; (max_bytes > 0) && (NULL != c); c = c->next) {
 		int chunk_finished = 0;
 
 		switch(c->type) {
 		case MEM_CHUNK: {
 			char * offset;
-			size_t toSend;
+			off_t toSend;
 			ssize_t r;
 
 			size_t num_chunks, i;
@@ -49,12 +48,10 @@
 			chunk *tc;
 			size_t num_bytes = 0;
 
-			/* we can't send more then SSIZE_MAX bytes in one chunk */
-
 			/* build writev list
 			 *
 			 * 1. limit: num_chunks < UIO_MAXIOV
-			 * 2. limit: num_bytes < SSIZE_MAX
+			 * 2. limit: num_bytes < max_bytes
 			 */
 			for(num_chunks = 0, tc = c; tc && tc->type == MEM_CHUNK && num_chunks < UIO_MAXIOV; num_chunks++, tc = tc->next);
 
@@ -69,9 +66,9 @@
 					chunks[i].iov_base = offset;
 
 					/* protect the return value of writev() */
-					if (toSend > SSIZE_MAX ||
-					    num_bytes + toSend > SSIZE_MAX) {
-						chunks[i].iov_len = SSIZE_MAX - num_bytes;
+					if (toSend > max_bytes ||
+					    (off_t) num_bytes + toSend > max_bytes) {
+						chunks[i].iov_len = max_bytes - num_bytes;
 
 						num_chunks = i + 1;
 						break;
@@ -105,6 +102,7 @@
 
 			/* check which chunks have been written */
 			cq->bytes_out += r;
+			max_bytes -= r;
 
 			for(i = 0, tc = c; i < num_chunks; i++, tc = tc->next) {
 				if (r >= (ssize_t)chunks[i].iov_len) {
@@ -114,11 +112,10 @@
 
 					if (chunk_finished) {
 						/* skip the chunks from further touches */
-						chunks_written++;
 						c = c->next;
 					} else {
 						/* chunks_written + c = c->next is done in the for()*/
-						chunk_finished++;
+						chunk_finished = 1;
 					}
 				} else {
 					/* partially written */
@@ -134,7 +131,7 @@
 		}
 		case FILE_CHUNK: {
 			off_t offset, r;
-			size_t toSend;
+			off_t toSend;
 			stat_cache_entry *sce = NULL;
 
 			if (HANDLER_ERROR == stat_cache_get_entry(srv, con, c->file.name, &sce)) {
@@ -144,9 +141,8 @@
 			}
 
 			offset = c->file.start + c->offset;
-			/* limit the toSend to 2^31-1 bytes in a chunk */
-			toSend = c->file.length - c->offset > ((1 << 30) - 1) ?
-				((1 << 30) - 1) : c->file.length - c->offset;
+			toSend = c->file.length - c->offset;
+			if (toSend > max_bytes) toSend = max_bytes;
 
 			if (-1 == c->file.fd) {
 				if (-1 == (c->file.fd = open(c->file.name->ptr, O_RDONLY))) {
@@ -197,6 +193,7 @@
 
 			c->offset += r;
 			cq->bytes_out += r;
+			max_bytes -= r;
 
 			if (c->offset == c->file.length) {
 				chunk_finished = 1;
@@ -218,7 +215,7 @@
 		}
 	}
 
-	return chunks_written;
+	return 0;
 }
 
 #endif
Index: src/network_openssl.c
===================================================================
--- src/network_openssl.c	(.../tags/lighttpd-1.4.29)
+++ src/network_openssl.c	(.../branches/lighttpd-1.4.x)
@@ -27,10 +27,9 @@
 # include <openssl/ssl.h>
 # include <openssl/err.h>
 
-int network_write_chunkqueue_openssl(server *srv, connection *con, SSL *ssl, chunkqueue *cq) {
+int network_write_chunkqueue_openssl(server *srv, connection *con, SSL *ssl, chunkqueue *cq, off_t max_bytes) {
 	int ssl_r;
 	chunk *c;
-	size_t chunks_written = 0;
 
 	/* this is a 64k sendbuffer
 	 *
@@ -59,13 +58,13 @@
 		SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN);
 	}
 
-	for(c = cq->first; c; c = c->next) {
+	for(c = cq->first; (max_bytes > 0) && (NULL != c); c = c->next) {
 		int chunk_finished = 0;
 
 		switch(c->type) {
 		case MEM_CHUNK: {
 			char * offset;
-			size_t toSend;
+			off_t toSend;
 			ssize_t r;
 
 			if (c->mem->used == 0 || c->mem->used == 1) {
@@ -75,6 +74,7 @@
 
 			offset = c->mem->ptr + c->offset;
 			toSend = c->mem->used - 1 - c->offset;
+			if (toSend > max_bytes) toSend = max_bytes;
 
 			/**
 			 * SSL_write man-page
@@ -87,7 +87,14 @@
 			 */
 
 			ERR_clear_error();
-			if ((r = SSL_write(ssl, offset, toSend)) <= 0) {
+			r = SSL_write(ssl, offset, toSend);
+
+			if (con->renegotiations > 1 && con->conf.ssl_disable_client_renegotiation) {
+				log_error_write(srv, __FILE__, __LINE__, "s", "SSL: renegotiation initiated by client");
+				return -1;
+			}
+
+			if (r <= 0) {
 				unsigned long err;
 
 				switch ((ssl_r = SSL_get_error(ssl, r))) {
@@ -139,6 +146,7 @@
 			} else {
 				c->offset += r;
 				cq->bytes_out += r;
+				max_bytes -= r;
 			}
 
 			if (c->offset == (off_t)c->mem->used - 1) {
@@ -168,6 +176,7 @@
 			do {
 				off_t offset = c->file.start + c->offset;
 				off_t toSend = c->file.length - c->offset;
+				if (toSend > max_bytes) toSend = max_bytes;
 
 				if (toSend > LOCAL_SEND_BUFSIZE) toSend = LOCAL_SEND_BUFSIZE;
 
@@ -190,7 +199,14 @@
 				close(ifd);
 
 				ERR_clear_error();
-				if ((r = SSL_write(ssl, s, toSend)) <= 0) {
+				r = SSL_write(ssl, s, toSend);
+
+				if (con->renegotiations > 1 && con->conf.ssl_disable_client_renegotiation) {
+					log_error_write(srv, __FILE__, __LINE__, "s", "SSL: renegotiation initiated by client");
+					return -1;
+				}
+
+				if (r <= 0) {
 					unsigned long err;
 
 					switch ((ssl_r = SSL_get_error(ssl, r))) {
@@ -243,6 +259,7 @@
 				} else {
 					c->offset += r;
 					cq->bytes_out += r;
+					max_bytes -= r;
 				}
 
 				if (c->offset == c->file.length) {
@@ -263,11 +280,9 @@
 
 			break;
 		}
-
-		chunks_written++;
 	}
 
-	return chunks_written;
+	return 0;
 }
 #endif
 
Index: src/http_auth.c
===================================================================
--- src/http_auth.c	(.../tags/lighttpd-1.4.29)
+++ src/http_auth.c	(.../branches/lighttpd-1.4.x)
@@ -1,7 +1,6 @@
 #include "server.h"
 #include "log.h"
 #include "http_auth.h"
-#include "http_auth_digest.h"
 #include "inet_ntop_cache.h"
 #include "stream.h"
 
@@ -28,18 +27,23 @@
 #include <unistd.h>
 #include <ctype.h>
 
-#ifdef USE_OPENSSL
-# include <openssl/md5.h>
-#else
-# include "md5.h"
+#include "md5.h"
 
-typedef li_MD5_CTX MD5_CTX;
-#define MD5_Init li_MD5_Init
-#define MD5_Update li_MD5_Update
-#define MD5_Final li_MD5_Final
+#define HASHLEN 16
+#define HASHHEXLEN 32
+typedef unsigned char HASH[HASHLEN];
+typedef char HASHHEX[HASHHEXLEN+1];
 
-#endif
+static void CvtHex(const HASH Bin, char Hex[33]) {
+	unsigned short i;
 
+	for (i = 0; i < 16; i++) {
+		Hex[i*2] = int2hex((Bin[i] >> 4) & 0xf);
+		Hex[i*2+1] = int2hex(Bin[i] & 0xf);
+	}
+	Hex[32] = '\0';
+}
+
 /**
  * the $apr1$ handling is taken from apache 1.3.x
  */
@@ -95,7 +99,7 @@
 	ch = in[0];
 	/* run through the whole string, converting as we go */
 	for (i = 0; i < in_len; i++) {
-		ch = in[i];
+		ch = (unsigned char) in[i];
 
 		if (ch == '\0') break;
 
@@ -435,7 +439,7 @@
 
 static void to64(char *s, unsigned long v, int n)
 {
-    static unsigned char itoa64[] =         /* 0 ... 63 => ASCII - 64 */
+    static const unsigned char itoa64[] =         /* 0 ... 63 => ASCII - 64 */
         "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
 
     while (--n >= 0) {
@@ -455,7 +459,7 @@
     const char *sp, *ep;
     unsigned char final[APR_MD5_DIGESTSIZE];
     ssize_t sl, pl, i;
-    MD5_CTX ctx, ctx1;
+    li_MD5_CTX ctx, ctx1;
     unsigned long l;
 
     /*
@@ -487,33 +491,33 @@
     /*
      * 'Time to make the doughnuts..'
      */
-    MD5_Init(&ctx);
+    li_MD5_Init(&ctx);
 
     /*
      * The password first, since that is what is most unknown
      */
-    MD5_Update(&ctx, pw, strlen(pw));
+    li_MD5_Update(&ctx, pw, strlen(pw));
 
     /*
      * Then our magic string
      */
-    MD5_Update(&ctx, APR1_ID, strlen(APR1_ID));
+    li_MD5_Update(&ctx, APR1_ID, strlen(APR1_ID));
 
     /*
      * Then the raw salt
      */
-    MD5_Update(&ctx, sp, sl);
+    li_MD5_Update(&ctx, sp, sl);
 
     /*
      * Then just as many characters of the MD5(pw, salt, pw)
      */
-    MD5_Init(&ctx1);
-    MD5_Update(&ctx1, pw, strlen(pw));
-    MD5_Update(&ctx1, sp, sl);
-    MD5_Update(&ctx1, pw, strlen(pw));
-    MD5_Final(final, &ctx1);
+    li_MD5_Init(&ctx1);
+    li_MD5_Update(&ctx1, pw, strlen(pw));
+    li_MD5_Update(&ctx1, sp, sl);
+    li_MD5_Update(&ctx1, pw, strlen(pw));
+    li_MD5_Final(final, &ctx1);
     for (pl = strlen(pw); pl > 0; pl -= APR_MD5_DIGESTSIZE) {
-        MD5_Update(&ctx, final,
+        li_MD5_Update(&ctx, final,
                       (pl > APR_MD5_DIGESTSIZE) ? APR_MD5_DIGESTSIZE : pl);
     }
 
@@ -527,10 +531,10 @@
      */
     for (i = strlen(pw); i != 0; i >>= 1) {
         if (i & 1) {
-            MD5_Update(&ctx, final, 1);
+            li_MD5_Update(&ctx, final, 1);
         }
         else {
-            MD5_Update(&ctx, pw, 1);
+            li_MD5_Update(&ctx, pw, 1);
         }
     }
 
@@ -542,7 +546,7 @@
     strncat(passwd, sp, sl);
     strcat(passwd, "$");
 
-    MD5_Final(final, &ctx);
+    li_MD5_Final(final, &ctx);
 
     /*
      * And now, just to make sure things don't run too fast..
@@ -550,28 +554,28 @@
      * need 30 seconds to build a 1000 entry dictionary...
      */
     for (i = 0; i < 1000; i++) {
-        MD5_Init(&ctx1);
+        li_MD5_Init(&ctx1);
         if (i & 1) {
-            MD5_Update(&ctx1, pw, strlen(pw));
+            li_MD5_Update(&ctx1, pw, strlen(pw));
         }
         else {
-            MD5_Update(&ctx1, final, APR_MD5_DIGESTSIZE);
+            li_MD5_Update(&ctx1, final, APR_MD5_DIGESTSIZE);
         }
         if (i % 3) {
-            MD5_Update(&ctx1, sp, sl);
+            li_MD5_Update(&ctx1, sp, sl);
         }
 
         if (i % 7) {
-            MD5_Update(&ctx1, pw, strlen(pw));
+            li_MD5_Update(&ctx1, pw, strlen(pw));
         }
 
         if (i & 1) {
-            MD5_Update(&ctx1, final, APR_MD5_DIGESTSIZE);
+            li_MD5_Update(&ctx1, final, APR_MD5_DIGESTSIZE);
         }
         else {
-            MD5_Update(&ctx1, pw, strlen(pw));
+            li_MD5_Update(&ctx1, pw, strlen(pw));
         }
-        MD5_Final(final,&ctx1);
+        li_MD5_Final(final,&ctx1);
     }
 
     p = passwd + strlen(passwd);
@@ -614,17 +618,17 @@
 		 * user:realm:md5(user:realm:password)
 		 */
 
-		MD5_CTX Md5Ctx;
+		li_MD5_CTX Md5Ctx;
 		HASH HA1;
 		char a1[256];
 
-		MD5_Init(&Md5Ctx);
-		MD5_Update(&Md5Ctx, (unsigned char *)username->ptr, username->used - 1);
-		MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
-		MD5_Update(&Md5Ctx, (unsigned char *)realm->ptr, realm->used - 1);
-		MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
-		MD5_Update(&Md5Ctx, (unsigned char *)pw, strlen(pw));
-		MD5_Final(HA1, &Md5Ctx);
+		li_MD5_Init(&Md5Ctx);
+		li_MD5_Update(&Md5Ctx, (unsigned char *)username->ptr, username->used - 1);
+		li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+		li_MD5_Update(&Md5Ctx, (unsigned char *)realm->ptr, realm->used - 1);
+		li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+		li_MD5_Update(&Md5Ctx, (unsigned char *)pw, strlen(pw));
+		li_MD5_Final(HA1, &Md5Ctx);
 
 		CvtHex(HA1, a1);
 
@@ -930,7 +934,7 @@
 	int i;
 	buffer *password, *b, *username_buf, *realm_buf;
 
-	MD5_CTX Md5Ctx;
+	li_MD5_CTX Md5Ctx;
 	HASH HA1;
 	HASH HA2;
 	HASH RespHash;
@@ -1067,13 +1071,13 @@
 
 	if (p->conf.auth_backend == AUTH_BACKEND_PLAIN) {
 		/* generate password from plain-text */
-		MD5_Init(&Md5Ctx);
-		MD5_Update(&Md5Ctx, (unsigned char *)username, strlen(username));
-		MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
-		MD5_Update(&Md5Ctx, (unsigned char *)realm, strlen(realm));
-		MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
-		MD5_Update(&Md5Ctx, (unsigned char *)password->ptr, password->used - 1);
-		MD5_Final(HA1, &Md5Ctx);
+		li_MD5_Init(&Md5Ctx);
+		li_MD5_Update(&Md5Ctx, (unsigned char *)username, strlen(username));
+		li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+		li_MD5_Update(&Md5Ctx, (unsigned char *)realm, strlen(realm));
+		li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+		li_MD5_Update(&Md5Ctx, (unsigned char *)password->ptr, password->used - 1);
+		li_MD5_Final(HA1, &Md5Ctx);
 	} else if (p->conf.auth_backend == AUTH_BACKEND_HTDIGEST) {
 		/* HA1 */
 		/* transform the 32-byte-hex-md5 to a 16-byte-md5 */
@@ -1090,45 +1094,45 @@
 
 	if (algorithm &&
 	    strcasecmp(algorithm, "md5-sess") == 0) {
-		MD5_Init(&Md5Ctx);
-		MD5_Update(&Md5Ctx, (unsigned char *)HA1, 16);
-		MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
-		MD5_Update(&Md5Ctx, (unsigned char *)nonce, strlen(nonce));
-		MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
-		MD5_Update(&Md5Ctx, (unsigned char *)cnonce, strlen(cnonce));
-		MD5_Final(HA1, &Md5Ctx);
+		li_MD5_Init(&Md5Ctx);
+		li_MD5_Update(&Md5Ctx, (unsigned char *)HA1, 16);
+		li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+		li_MD5_Update(&Md5Ctx, (unsigned char *)nonce, strlen(nonce));
+		li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+		li_MD5_Update(&Md5Ctx, (unsigned char *)cnonce, strlen(cnonce));
+		li_MD5_Final(HA1, &Md5Ctx);
 	}
 
 	CvtHex(HA1, a1);
 
 	/* calculate H(A2) */
-	MD5_Init(&Md5Ctx);
-	MD5_Update(&Md5Ctx, (unsigned char *)m, strlen(m));
-	MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
-	MD5_Update(&Md5Ctx, (unsigned char *)uri, strlen(uri));
+	li_MD5_Init(&Md5Ctx);
+	li_MD5_Update(&Md5Ctx, (unsigned char *)m, strlen(m));
+	li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+	li_MD5_Update(&Md5Ctx, (unsigned char *)uri, strlen(uri));
 	if (qop && strcasecmp(qop, "auth-int") == 0) {
-		MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
-		MD5_Update(&Md5Ctx, (unsigned char *)"", HASHHEXLEN);
+		li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+		li_MD5_Update(&Md5Ctx, (unsigned char *)"", HASHHEXLEN);
 	}
-	MD5_Final(HA2, &Md5Ctx);
+	li_MD5_Final(HA2, &Md5Ctx);
 	CvtHex(HA2, HA2Hex);
 
 	/* calculate response */
-	MD5_Init(&Md5Ctx);
-	MD5_Update(&Md5Ctx, (unsigned char *)a1, HASHHEXLEN);
-	MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
-	MD5_Update(&Md5Ctx, (unsigned char *)nonce, strlen(nonce));
-	MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+	li_MD5_Init(&Md5Ctx);
+	li_MD5_Update(&Md5Ctx, (unsigned char *)a1, HASHHEXLEN);
+	li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+	li_MD5_Update(&Md5Ctx, (unsigned char *)nonce, strlen(nonce));
+	li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
 	if (qop && *qop) {
-		MD5_Update(&Md5Ctx, (unsigned char *)nc, strlen(nc));
-		MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
-		MD5_Update(&Md5Ctx, (unsigned char *)cnonce, strlen(cnonce));
-		MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
-		MD5_Update(&Md5Ctx, (unsigned char *)qop, strlen(qop));
-		MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+		li_MD5_Update(&Md5Ctx, (unsigned char *)nc, strlen(nc));
+		li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+		li_MD5_Update(&Md5Ctx, (unsigned char *)cnonce, strlen(cnonce));
+		li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+		li_MD5_Update(&Md5Ctx, (unsigned char *)qop, strlen(qop));
+		li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
 	};
-	MD5_Update(&Md5Ctx, (unsigned char *)HA2Hex, HASHHEXLEN);
-	MD5_Final(RespHash, &Md5Ctx);
+	li_MD5_Update(&Md5Ctx, (unsigned char *)HA2Hex, HASHHEXLEN);
+	li_MD5_Final(RespHash, &Md5Ctx);
 	CvtHex(RespHash, a2);
 
 	if (0 != strcmp(a2, respons)) {
@@ -1171,24 +1175,24 @@
 
 int http_auth_digest_generate_nonce(server *srv, mod_auth_plugin_data *p, buffer *fn, char out[33]) {
 	HASH h;
-	MD5_CTX Md5Ctx;
+	li_MD5_CTX Md5Ctx;
 	char hh[32];
 
 	UNUSED(p);
 
 	/* generate shared-secret */
-	MD5_Init(&Md5Ctx);
-	MD5_Update(&Md5Ctx, (unsigned char *)fn->ptr, fn->used - 1);
-	MD5_Update(&Md5Ctx, (unsigned char *)"+", 1);
+	li_MD5_Init(&Md5Ctx);
+	li_MD5_Update(&Md5Ctx, (unsigned char *)fn->ptr, fn->used - 1);
+	li_MD5_Update(&Md5Ctx, (unsigned char *)"+", 1);
 
 	/* we assume sizeof(time_t) == 4 here, but if not it ain't a problem at all */
 	LI_ltostr(hh, srv->cur_ts);
-	MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
-	MD5_Update(&Md5Ctx, (unsigned char *)srv->entropy, sizeof(srv->entropy));
+	li_MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
+	li_MD5_Update(&Md5Ctx, (unsigned char *)srv->entropy, sizeof(srv->entropy));
 	LI_ltostr(hh, rand());
-	MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
+	li_MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
 
-	MD5_Final(h, &Md5Ctx);
+	li_MD5_Final(h, &Md5Ctx);
 
 	CvtHex(h, out);
 
Index: src/mod_usertrack.c
===================================================================
--- src/mod_usertrack.c	(.../tags/lighttpd-1.4.29)
+++ src/mod_usertrack.c	(.../branches/lighttpd-1.4.x)
@@ -8,18 +8,8 @@
 #include <stdlib.h>
 #include <string.h>
 
-#ifdef USE_OPENSSL
-# include <openssl/md5.h>
-#else
-# include "md5.h"
+#include "md5.h"
 
-typedef li_MD5_CTX MD5_CTX;
-#define MD5_Init li_MD5_Init
-#define MD5_Update li_MD5_Update
-#define MD5_Final li_MD5_Final
-
-#endif
-
 /* plugin config for all request/connections */
 
 typedef struct {
@@ -182,7 +172,7 @@
 	plugin_data *p = p_d;
 	data_string *ds;
 	unsigned char h[16];
-	MD5_CTX Md5Ctx;
+	li_MD5_CTX Md5Ctx;
 	char hh[32];
 
 	if (con->uri.path->used == 0) return HANDLER_GO_ON;
@@ -228,18 +218,18 @@
 	/* taken from mod_auth.c */
 
 	/* generate shared-secret */
-	MD5_Init(&Md5Ctx);
-	MD5_Update(&Md5Ctx, (unsigned char *)con->uri.path->ptr, con->uri.path->used - 1);
-	MD5_Update(&Md5Ctx, (unsigned char *)"+", 1);
+	li_MD5_Init(&Md5Ctx);
+	li_MD5_Update(&Md5Ctx, (unsigned char *)con->uri.path->ptr, con->uri.path->used - 1);
+	li_MD5_Update(&Md5Ctx, (unsigned char *)"+", 1);
 
 	/* we assume sizeof(time_t) == 4 here, but if not it ain't a problem at all */
 	LI_ltostr(hh, srv->cur_ts);
-	MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
-	MD5_Update(&Md5Ctx, (unsigned char *)srv->entropy, sizeof(srv->entropy));
+	li_MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
+	li_MD5_Update(&Md5Ctx, (unsigned char *)srv->entropy, sizeof(srv->entropy));
 	LI_ltostr(hh, rand());
-	MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
+	li_MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
 
-	MD5_Final(h, &Md5Ctx);
+	li_MD5_Final(h, &Md5Ctx);
 
 	buffer_append_string_encoded(ds->value, (char *)h, 16, ENCODING_HEX);
 	buffer_append_string_len(ds->value, CONST_STR_LEN("; Path=/"));
Index: src/mod_status.c
===================================================================
--- src/mod_status.c	(.../tags/lighttpd-1.4.29)
+++ src/mod_status.c	(.../branches/lighttpd-1.4.x)
@@ -487,7 +487,7 @@
 
 		buffer_append_string_len(b, CONST_STR_LEN("</td><td class=\"int\">"));
 
-		if (con->request.content_length) {
+		if (c->request.content_length) {
 			buffer_append_long(b, c->request_content_queue->bytes_in);
 			buffer_append_string_len(b, CONST_STR_LEN("/"));
 			buffer_append_long(b, c->request.content_length);
Index: src/settings.h
===================================================================
--- src/settings.h	(.../tags/lighttpd-1.4.29)
+++ src/settings.h	(.../branches/lighttpd-1.4.x)
@@ -21,8 +21,11 @@
  * 64kB (no real reason, just a guess)
  */
 #define BUFFER_MAX_REUSE_SIZE  (4 * 1024)
-#define MAX_READ_LIMIT (4*1024*1024)
 
+/* both should be way smaller than SSIZE_MAX :) */
+#define MAX_READ_LIMIT (256*1024)
+#define MAX_WRITE_LIMIT (256*1024)
+
 /**
  * max size of the HTTP request header
  *
Index: src/mod_cml_lua.c
===================================================================
--- src/mod_cml_lua.c	(.../tags/lighttpd-1.4.29)
+++ src/mod_cml_lua.c	(.../branches/lighttpd-1.4.x)
@@ -11,18 +11,6 @@
 #include <time.h>
 #include <string.h>
 
-#ifdef USE_OPENSSL
-# include <openssl/md5.h>
-#else
-# include "md5.h"
-
-typedef li_MD5_CTX MD5_CTX;
-#define MD5_Init li_MD5_Init
-#define MD5_Update li_MD5_Update
-#define MD5_Final li_MD5_Final
-
-#endif
-
 #define HASHLEN 16
 typedef unsigned char HASH[HASHLEN];
 #define HASHHEXLEN 32
Index: src/mod_fastcgi.c
===================================================================
--- src/mod_fastcgi.c	(.../tags/lighttpd-1.4.29)
+++ src/mod_fastcgi.c	(.../branches/lighttpd-1.4.x)
@@ -3075,7 +3075,7 @@
 		fcgi_set_state(srv, hctx, FCGI_STATE_WRITE);
 		/* fall through */
 	case FCGI_STATE_WRITE:
-		ret = srv->network_backend_write(srv, con, hctx->fd, hctx->wb);
+		ret = srv->network_backend_write(srv, con, hctx->fd, hctx->wb, MAX_WRITE_LIMIT);
 
 		chunkqueue_remove_finished_chunks(hctx->wb);
 
@@ -3132,7 +3132,6 @@
 	plugin_data *p = p_d;
 
 	handler_ctx *hctx = con->plugin_ctx[p->id];
-	fcgi_proc *proc;
 	fcgi_extension_host *host;
 
 	if (NULL == hctx) return HANDLER_GO_ON;
@@ -3201,7 +3200,6 @@
 	/* ok, create the request */
 	switch(fcgi_write_request(srv, hctx)) {
 	case HANDLER_ERROR:
-		proc = hctx->proc;
 		host = hctx->host;
 
 		if (hctx->state == FCGI_STATE_INIT ||
Index: src/network_solaris_sendfilev.c
===================================================================
--- src/network_solaris_sendfilev.c	(.../tags/lighttpd-1.4.29)
+++ src/network_solaris_sendfilev.c	(.../branches/lighttpd-1.4.x)
@@ -38,17 +38,16 @@
  */
 
 
-int network_write_chunkqueue_solarissendfilev(server *srv, connection *con, int fd, chunkqueue *cq) {
+int network_write_chunkqueue_solarissendfilev(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes) {
 	chunk *c;
-	size_t chunks_written = 0;
 
-	for(c = cq->first; c; c = c->next, chunks_written++) {
+	for(c = cq->first; (max_bytes > 0) && (NULL != c); c = c->next) {
 		int chunk_finished = 0;
 
 		switch(c->type) {
 		case MEM_CHUNK: {
 			char * offset;
-			size_t toSend;
+			off_t toSend;
 			ssize_t r;
 
 			size_t num_chunks, i;
@@ -77,9 +76,9 @@
 					chunks[i].iov_base = offset;
 
 					/* protect the return value of writev() */
-					if (toSend > SSIZE_MAX ||
-					    num_bytes + toSend > SSIZE_MAX) {
-						chunks[i].iov_len = SSIZE_MAX - num_bytes;
+					if (toSend > max_bytes ||
+					    (off_t) num_bytes + toSend > max_bytes) {
+						chunks[i].iov_len = max_bytes - num_bytes;
 
 						num_chunks = i + 1;
 						break;
@@ -119,11 +118,10 @@
 
 					if (chunk_finished) {
 						/* skip the chunks from further touches */
-						chunks_written++;
 						c = c->next;
 					} else {
 						/* chunks_written + c = c->next is done in the for()*/
-						chunk_finished++;
+						chunk_finished = 1;
 					}
 				} else {
 					/* partially written */
@@ -139,8 +137,8 @@
 		}
 		case FILE_CHUNK: {
 			ssize_t r;
-			off_t offset;
-			size_t toSend, written;
+			off_t offset, toSend;
+			size_t written;
 			sendfilevec_t fvec;
 			stat_cache_entry *sce = NULL;
 			int ifd;
@@ -153,6 +151,7 @@
 
 			offset = c->file.start + c->offset;
 			toSend = c->file.length - c->offset;
+			if (toSend > max_bytes) toSend = max_bytes;
 
 			if (offset > sce->st.st_size) {
 				log_error_write(srv, __FILE__, __LINE__, "sb", "file was shrinked:", c->file.name);
@@ -186,6 +185,7 @@
 			close(ifd);
 			c->offset += written;
 			cq->bytes_out += written;
+			max_bytes -= written;
 
 			if (c->offset == c->file.length) {
 				chunk_finished = 1;
@@ -207,7 +207,7 @@
 		}
 	}
 
-	return chunks_written;
+	return 0;
 }
 
 #endif
Index: src/CMakeLists.txt
===================================================================
Index: src/mod_dirlisting.c
===================================================================
--- src/mod_dirlisting.c	(.../tags/lighttpd-1.4.29)
+++ src/mod_dirlisting.c	(.../branches/lighttpd-1.4.x)
@@ -657,7 +657,8 @@
 	i = dir->used - 1;
 
 #ifdef HAVE_PATHCONF
-	if (-1 == (name_max = pathconf(dir->ptr, _PC_NAME_MAX))) {
+	if (0 >= (name_max = pathconf(dir->ptr, _PC_NAME_MAX))) {
+		/* some broken fs (fuse) return 0 instead of -1 */
 #ifdef NAME_MAX
 		name_max = NAME_MAX;
 #else
Index: src/network_linux_sendfile.c
===================================================================
--- src/network_linux_sendfile.c	(.../tags/lighttpd-1.4.29)
+++ src/network_linux_sendfile.c	(.../branches/lighttpd-1.4.x)
@@ -27,17 +27,16 @@
 /* on linux 2.4.29 + debian/ubuntu we have crashes if this is enabled */
 #undef HAVE_POSIX_FADVISE
 
-int network_write_chunkqueue_linuxsendfile(server *srv, connection *con, int fd, chunkqueue *cq) {
+int network_write_chunkqueue_linuxsendfile(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes) {
 	chunk *c;
-	size_t chunks_written = 0;
 
-	for(c = cq->first; c; c = c->next, chunks_written++) {
+	for(c = cq->first; (max_bytes > 0) && (NULL != c); c = c->next) {
 		int chunk_finished = 0;
 
 		switch(c->type) {
 		case MEM_CHUNK: {
 			char * offset;
-			size_t toSend;
+			off_t toSend;
 			ssize_t r;
 
 			size_t num_chunks, i;
@@ -45,12 +44,10 @@
 			chunk *tc;
 			size_t num_bytes = 0;
 
-			/* we can't send more then SSIZE_MAX bytes in one chunk */
-
 			/* build writev list
 			 *
 			 * 1. limit: num_chunks < UIO_MAXIOV
-			 * 2. limit: num_bytes < SSIZE_MAX
+			 * 2. limit: num_bytes < max_bytes
 			 */
 			for (num_chunks = 0, tc = c;
 			     tc && tc->type == MEM_CHUNK && num_chunks < UIO_MAXIOV;
@@ -67,9 +64,9 @@
 					chunks[i].iov_base = offset;
 
 					/* protect the return value of writev() */
-					if (toSend > SSIZE_MAX ||
-					    num_bytes + toSend > SSIZE_MAX) {
-						chunks[i].iov_len = SSIZE_MAX - num_bytes;
+					if (toSend > max_bytes ||
+					    (off_t) num_bytes + toSend > max_bytes) {
+						chunks[i].iov_len = max_bytes - num_bytes;
 
 						num_chunks = i + 1;
 						break;
@@ -100,6 +97,7 @@
 
 			/* check which chunks have been written */
 			cq->bytes_out += r;
+			max_bytes -= r;
 
 			for(i = 0, tc = c; i < num_chunks; i++, tc = tc->next) {
 				if (r >= (ssize_t)chunks[i].iov_len) {
@@ -109,11 +107,10 @@
 
 					if (chunk_finished) {
 						/* skip the chunks from further touches */
-						chunks_written++;
 						c = c->next;
 					} else {
 						/* chunks_written + c = c->next is done in the for()*/
-						chunk_finished++;
+						chunk_finished = 1;
 					}
 				} else {
 					/* partially written */
@@ -130,13 +127,12 @@
 		case FILE_CHUNK: {
 			ssize_t r;
 			off_t offset;
-			size_t toSend;
+			off_t toSend;
 			stat_cache_entry *sce = NULL;
 
 			offset = c->file.start + c->offset;
-			/* limit the toSend to 2^31-1 bytes in a chunk */
-			toSend = c->file.length - c->offset > ((1 << 30) - 1) ?
-				((1 << 30) - 1) : c->file.length - c->offset;
+			toSend = c->file.length - c->offset;
+			if (toSend > max_bytes) toSend = max_bytes;
 
 			/* open file if not already opened */
 			if (-1 == c->file.fd) {
@@ -215,6 +211,7 @@
 
 			c->offset += r;
 			cq->bytes_out += r;
+			max_bytes -= r;
 
 			if (c->offset == c->file.length) {
 				chunk_finished = 1;
@@ -243,7 +240,7 @@
 		}
 	}
 
-	return chunks_written;
+	return 0;
 }
 
 #endif
Index: tests/mod-auth.t
===================================================================
--- tests/mod-auth.t	(.../tags/lighttpd-1.4.29)
+++ tests/mod-auth.t	(.../branches/lighttpd-1.4.x)
@@ -8,7 +8,7 @@
 
 use strict;
 use IO::Socket;
-use Test::More tests => 14;
+use Test::More tests => 15;
 use LightyTest;
 
 my $tf = LightyTest->new();
@@ -25,6 +25,14 @@
 
 $t->{REQUEST}  = ( <<EOF
 GET /server-status HTTP/1.0
+Authorization: Basic \x80mFuOmphb
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ];
+ok($tf->handle_http($t) == 0, 'Basic-Auth: Invalid base64 Auth-token');
+
+$t->{REQUEST}  = ( <<EOF
+GET /server-status HTTP/1.0
 Authorization: Basic amFuOmphb
 EOF
  );
Index: tests/request.t
===================================================================
--- tests/request.t	(.../tags/lighttpd-1.4.29)
+++ tests/request.t	(.../branches/lighttpd-1.4.x)
@@ -8,7 +8,7 @@
 
 use strict;
 use IO::Socket;
-use Test::More tests => 44;
+use Test::More tests => 46;
 use LightyTest;
 
 my $tf = LightyTest->new();
@@ -413,5 +413,21 @@
 $t->{SLOWREQUEST} = 1;
 ok($tf->handle_http($t) == 0, 'GET, slow \\r\\n\\r\\n (#2105)');
 
+print "\nPathinfo for static files\n";
+$t->{REQUEST}  = ( <<EOF
+GET /image.jpg/index.php HTTP/1.0
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200, 'Content-Type' => 'image/jpeg' } ];
+ok($tf->handle_http($t) == 0, 'static file accepting pathinfo by default');
+
+$t->{REQUEST}  = ( <<EOF
+GET /image.jpg/index.php HTTP/1.0
+Host: zzz.example.org
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 403 } ];
+ok($tf->handle_http($t) == 0, 'static file with forbidden pathinfo');
+
 ok($tf->stop_proc == 0, "Stopping lighttpd");
 
Index: tests/wrapper.sh
===================================================================
--- tests/wrapper.sh	(.../tags/lighttpd-1.4.29)
+++ tests/wrapper.sh	(.../branches/lighttpd-1.4.x)
@@ -6,4 +6,4 @@
 top_builddir=$2
 export SHELL srcdir top_builddir
 
-$3
+exec $3
Index: tests/lighttpd.conf
===================================================================
--- tests/lighttpd.conf	(.../tags/lighttpd-1.4.29)
+++ tests/lighttpd.conf	(.../branches/lighttpd-1.4.x)
@@ -149,6 +149,7 @@
 $HTTP["host"] == "zzz.example.org" {
   server.document-root = env.SRCDIR + "/tmp/lighttpd/servers/www.example.org/pages/"
   server.name = "zzz.example.org"
+  static-file.disable-pathinfo = "enable"
 }
 
 $HTTP["host"] == "symlink.example.org" {
Index: configure.ac
===================================================================
Index: doc/config/lighttpd.conf
===================================================================
--- doc/config/lighttpd.conf	(.../tags/lighttpd-1.4.29)
+++ doc/config/lighttpd.conf	(.../branches/lighttpd-1.4.x)
@@ -394,6 +394,8 @@
 ##   $SERVER["socket"] == "10.0.0.1:443" {
 ##     ssl.engine                  = "enable"
 ##     ssl.pemfile                 = "/etc/ssl/private/www.example.com.pem"
+##     # http://blog.ivanristic.com/2011/10/mitigating-the-beast-attack-on-tls.html
+##     ssl.ciphers                 = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
 ##     server.name                 = "www.example.com"
 ##
 ##     server.document-root        = "/srv/www/vhosts/example.com/www/"
Index: SConstruct
===================================================================
Index: NEWS
===================================================================
--- NEWS	(.../tags/lighttpd-1.4.29)
+++ NEWS	(.../branches/lighttpd-1.4.x)
@@ -3,7 +3,19 @@
 NEWS
 ====
 
-- 1.4.29 -
+- 1.4.30 -
+  * Always use our 'own' md5 implementation, fixes linking issues on MacOS (fixes #2331)
+  * Limit amount of bytes we send in one go; fixes stalling in one connection and timeouts on slow systems.
+  * [ssl] fix build errors when Elliptic-Curve Diffie-Hellman is disabled
+  * Add static-file.disable-pathinfo option to prevent handling of urls like .../secret.php/image.jpg as static file
+  * Don't overwrite 401 (auth required) with 501 (unknown method) (fixes #2341)
+  * Fix mod_status bug: always showed "0/0" in the "Read" column for uploads (fixes #2351)
+  * [mod_auth] Fix signedness error in http_auth (fixes #2370, CVE-2011-4362)
+  * [ssl] count renegotiations to prevent client renegotiations
+  * [ssl] add option to honor server cipher order (fixes #2364, BEAST attack)
+  * [core] accept dots in ipv6 addresses in host header (fixes #2359)
+
+- 1.4.29 - 2011-07-03
   * Fix mod_proxy waiting for response even if content-length is 0 (fixes #2259)
   * Silence annoying "connection closed: poll() -> ERR" error.log message (fixes #2257)
   * mod_cgi: make read buffer as big as incoming data block
Index: CMakeLists.txt
===================================================================