2 ===================================================================
3 --- src/base.h (.../tags/lighttpd-1.4.15) (revision 1880)
4 +++ src/base.h (.../branches/lighttpd-1.4.x) (revision 1880)
6 unsigned short use_ipv6;
8 unsigned short allow_http11;
9 + unsigned short etag_use_inode;
10 + unsigned short etag_use_mtime;
11 + unsigned short etag_use_size;
12 unsigned short force_lowercase_filenames; /* if the FS is case-insensitive, force all files to lower-case */
13 unsigned short max_request_size;
15 Index: src/connections.c
16 ===================================================================
17 --- src/connections.c (.../tags/lighttpd-1.4.15) (revision 1880)
18 +++ src/connections.c (.../branches/lighttpd-1.4.x) (revision 1880)
19 @@ -1252,6 +1252,16 @@
21 /* accept it and register the fd */
24 + * check if we can still open a new connections
29 + if (srv->conns->used >= srv->max_conns) {
33 cnt_len = sizeof(cnt_addr);
35 if (-1 == (cnt = accept(srv_socket->fd, (struct sockaddr *) &cnt_addr, &cnt_len))) {
37 case ECONNABORTED: /* this is a FreeBSD thingy */
38 /* we were stopped _after_ we had a connection */
44 log_error_write(srv, __FILE__, __LINE__, "ssd", "accept failed:", strerror(errno), errno);
47 } else if (con->in_error_handler) {
48 /* error-handler is back and has generated content */
49 /* if Status: was set, take it otherwise use 200 */
50 + con->http_status = con->error_handler_saved_status;
53 if (con->http_status == 0) con->http_status = 200;
54 Index: src/mod_staticfile.c
55 ===================================================================
56 --- src/mod_staticfile.c (.../tags/lighttpd-1.4.15) (revision 1880)
57 +++ src/mod_staticfile.c (.../branches/lighttpd-1.4.x) (revision 1880)
62 + unsigned short etags_used;
68 config_values_t cv[] = {
69 { "static-file.exclude-extensions", NULL, T_CONFIG_ARRAY, T_CONFIG_SCOPE_CONNECTION }, /* 0 */
70 + { "static-file.etags", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 1 */
71 { NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
76 s = calloc(1, sizeof(plugin_config));
77 s->exclude_ext = array_init();
80 cv[0].destination = s->exclude_ext;
81 + cv[1].destination = &(s->etags_used);
83 p->config_storage[i] = s;
86 plugin_config *s = p->config_storage[0];
91 /* skip the first, the global context */
92 for (i = 1; i < srv->config_context->used; i++) {
95 if (buffer_is_equal_string(du->key, CONST_STR_LEN("static-file.exclude-extensions"))) {
98 + } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("static-file.etags"))) {
104 @@ -446,11 +453,17 @@
105 response_header_overwrite(srv, con, CONST_STR_LEN("Accept-Ranges"), CONST_STR_LEN("bytes"));
108 - if (NULL == array_get_element(con->response.headers, "ETag")) {
109 - /* generate e-tag */
110 - etag_mutate(con->physical.etag, sce->etag);
111 + etag_flags_t flags;
113 - response_header_overwrite(srv, con, CONST_STR_LEN("ETag"), CONST_BUF_LEN(con->physical.etag));
114 + flags = (con->conf.etag_use_mtime ? ETAG_USE_MTIME : 0) | (con->conf.etag_use_inode ? ETAG_USE_INODE : 0) | (con->conf.etag_use_size ? ETAG_USE_SIZE : 0);
116 + if (p->conf.etags_used && flags != 0 && !buffer_is_empty(sce->etag)) {
117 + if (NULL == array_get_element(con->response.headers, "ETag")) {
118 + /* generate e-tag */
119 + etag_mutate(con->physical.etag, sce->etag);
121 + response_header_overwrite(srv, con, CONST_STR_LEN("ETag"), CONST_BUF_LEN(con->physical.etag));
126 Index: src/configfile.c
127 ===================================================================
128 --- src/configfile.c (.../tags/lighttpd-1.4.15) (revision 1880)
129 +++ src/configfile.c (.../branches/lighttpd-1.4.x) (revision 1880)
131 { "server.core-files", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 45 */
132 { "ssl.cipher-list", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER }, /* 46 */
133 { "ssl.use-sslv2", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 47 */
135 + { "etag.use-inode", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 48 */
136 + { "etag.use-mtime", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 49 */
137 + { "etag.use-size", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 50 */
138 { "server.host", "use server.bind instead", T_CONFIG_DEPRECATED, T_CONFIG_SCOPE_UNSET },
139 { "server.docroot", "use server.document-root instead", T_CONFIG_DEPRECATED, T_CONFIG_SCOPE_UNSET },
140 { "server.virtual-root", "load mod_simple_vhost and use simple-vhost.server-root instead", T_CONFIG_DEPRECATED, T_CONFIG_SCOPE_UNSET },
143 s->kbytes_per_second = 0;
145 + s->etag_use_inode = 1;
146 + s->etag_use_mtime = 1;
147 + s->etag_use_size = 1;
148 s->range_requests = 1;
149 s->force_lowercase_filenames = 0;
150 s->global_kbytes_per_second = 0;
153 cv[46].destination = s->ssl_cipher_list;
154 cv[47].destination = &(s->ssl_use_sslv2);
155 + cv[48].destination = &(s->etag_use_inode);
156 + cv[49].destination = &(s->etag_use_mtime);
157 + cv[50].destination = &(s->etag_use_size);
159 srv->config_storage[i] = s;
163 PATCH(ssl_cipher_list);
164 PATCH(ssl_use_sslv2);
167 + PATCH(etag_use_inode);
168 + PATCH(etag_use_mtime);
169 + PATCH(etag_use_size);
175 PATCH(max_read_idle);
176 } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("mimetype.use-xattr"))) {
178 + } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("etag.use-inode"))) {
179 + PATCH(etag_use_inode);
180 + } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("etag.use-mtime"))) {
181 + PATCH(etag_use_mtime);
182 + } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("etag.use-size"))) {
183 + PATCH(etag_use_size);
184 } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.pemfile"))) {
186 } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.ca-file"))) {
188 ===================================================================
189 --- src/etag.c (.../tags/lighttpd-1.4.15) (revision 1880)
190 +++ src/etag.c (.../branches/lighttpd-1.4.x) (revision 1880)
195 -int etag_create(buffer *etag, struct stat *st) {
196 - buffer_copy_off_t(etag, st->st_ino);
197 - buffer_append_string_len(etag, CONST_STR_LEN("-"));
198 - buffer_append_off_t(etag, st->st_size);
199 - buffer_append_string_len(etag, CONST_STR_LEN("-"));
200 - buffer_append_long(etag, st->st_mtime);
201 +int etag_create(buffer *etag, struct stat *st,etag_flags_t flags) {
202 + if (0 == flags) return 0;
204 + buffer_reset(etag);
206 + if (flags & ETAG_USE_INODE) {
207 + buffer_append_off_t(etag, st->st_ino);
208 + buffer_append_string_len(etag, CONST_STR_LEN("-"));
211 + if (flags & ETAG_USE_SIZE) {
212 + buffer_append_off_t(etag, st->st_size);
213 + buffer_append_string_len(etag, CONST_STR_LEN("-"));
216 + if (flags & ETAG_USE_MTIME) {
217 + buffer_append_long(etag, st->st_mtime);
223 Index: src/mod_scgi.c
224 ===================================================================
225 --- src/mod_scgi.c (.../tags/lighttpd-1.4.15) (revision 1880)
226 +++ src/mod_scgi.c (.../branches/lighttpd-1.4.x) (revision 1880)
228 buffer_append_string_buffer(b, host->bin_path);
231 - execle("/bin/sh", "sh", "-c", b->ptr, NULL, env.ptr);
232 + execle("/bin/sh", "sh", "-c", b->ptr, (char *)NULL, env.ptr);
234 log_error_write(srv, __FILE__, __LINE__, "sbs",
235 "execl failed for:", host->bin_path, strerror(errno));
237 ===================================================================
238 --- src/etag.h (.../tags/lighttpd-1.4.15) (revision 1880)
239 +++ src/etag.h (.../branches/lighttpd-1.4.x) (revision 1880)
244 +typedef enum { ETAG_USE_INODE = 1, ETAG_USE_MTIME = 2, ETAG_USE_SIZE = 4 } etag_flags_t;
246 int etag_is_equal(buffer *etag, const char *matches);
247 -int etag_create(buffer *etag, struct stat *st);
248 +int etag_create(buffer *etag, struct stat *st, etag_flags_t flags);
249 int etag_mutate(buffer *mut, buffer *etag);
253 ===================================================================
254 --- src/request.c (.../tags/lighttpd-1.4.15) (revision 1880)
255 +++ src/request.c (.../branches/lighttpd-1.4.x) (revision 1880)
260 - data_string *ds = NULL;
263 * Request: "^(GET|POST|HEAD) ([^ ]+(\\?[^ ]+|)) (HTTP/1\\.[01])$"
264 * Option : "^([-a-zA-Z]+): (.+)$"
265 @@ -715,12 +713,24 @@
268 if (con->parse_request->ptr[i+1] == '\n') {
269 + data_string *ds = NULL;
271 /* End of Headerline */
272 con->parse_request->ptr[i] = '\0';
273 con->parse_request->ptr[i+1] = '\0';
279 + * we use a evil hack to handle the line-folding
281 + * As array_insert_unique() deletes 'ds' in the case of a duplicate
282 + * ds points somewhere and we get a evil crash. As a solution we keep the old
283 + * "key" and get the current value from the hash and append us
287 + if (!key || !key_len) {
290 if (srv->srvconf.log_request_header_on_error) {
292 con->response.keep_alive = 0;
295 - buffer_append_string(ds->value, value);
297 + key_b = buffer_init();
298 + buffer_copy_string_len(key_b, key, key_len);
300 + if (NULL != (ds = (data_string *)array_get_element(con->request.headers, key_b->ptr))) {
301 + buffer_append_string(ds->value, value);
304 + buffer_free(key_b);
307 key = con->parse_request->ptr + first;
315 + * for Bug 1230 keep the key_len a live
321 if (srv->srvconf.log_request_header_on_error) {
322 Index: src/stat_cache.c
323 ===================================================================
324 --- src/stat_cache.c (.../tags/lighttpd-1.4.15) (revision 1880)
325 +++ src/stat_cache.c (.../branches/lighttpd-1.4.x) (revision 1880)
326 @@ -608,14 +608,16 @@
330 - etag_create(sce->etag, &(sce->st));
331 + etag_create(sce->etag, &(sce->st),
332 + (con->conf.etag_use_mtime ? ETAG_USE_MTIME : 0) | (con->conf.etag_use_inode ? ETAG_USE_INODE : 0) | (con->conf.etag_use_size ? ETAG_USE_SIZE : 0));
334 - if (buffer_is_empty(sce->content_type)) {
335 + if (con->conf.use_xattr && buffer_is_empty(sce->content_type)) {
336 stat_cache_attr_get(sce->content_type, name->ptr);
339 } else if (S_ISDIR(st.st_mode)) {
340 - etag_create(sce->etag, &(sce->st));
341 + etag_create(sce->etag, &(sce->st),
342 + (con->conf.etag_use_mtime ? ETAG_USE_MTIME : 0) | (con->conf.etag_use_inode ? ETAG_USE_INODE : 0) | (con->conf.etag_use_size ? ETAG_USE_SIZE : 0));
346 Index: src/http_auth.c
347 ===================================================================
348 --- src/http_auth.c (.../tags/lighttpd-1.4.15) (revision 1880)
349 +++ src/http_auth.c (.../branches/lighttpd-1.4.x) (revision 1880)
352 username = buffer_init();
354 - base64_decode(username, realm_str);
355 + if (!base64_decode(username, realm_str)) {
356 + buffer_free(username);
358 + log_error_write(srv, __FILE__, __LINE__, "sb", "decodeing base64-string failed", username);
363 /* r2 == user:password */
364 if (NULL == (pw = strchr(username->ptr, ':'))) {
365 buffer_free(username);
367 for (c = b->ptr; *c; c++) {
368 /* skip whitespaces */
369 while (*c == ' ' || *c == '\t') c++;
373 for (i = 0; dkv[i].key; i++) {
374 if ((0 == strncmp(c, dkv[i].key, dkv[i].key_len))) {
375 @@ -1016,9 +1022,24 @@
377 log_error_write(srv, __FILE__, __LINE__, "s",
378 "digest: missing field");
385 + * protect the md5-sess against missing cnonce and nonce
388 + 0 == strcasecmp(algorithm, "md5-sess") &&
389 + (!nonce || !cnonce)) {
390 + log_error_write(srv, __FILE__, __LINE__, "s",
391 + "digest: (md5-sess: missing field");
397 m = get_http_method_name(con->request.http_method);
399 /* password-string == HA1 */
400 Index: src/mod_status.c
401 ===================================================================
402 --- src/mod_status.c (.../tags/lighttpd-1.4.15) (revision 1880)
403 +++ src/mod_status.c (.../branches/lighttpd-1.4.x) (revision 1880)
405 BUFFER_APPEND_STRING_CONST(b,
406 " <style type=\"text/css\">\n"
407 " table.status { border: black solid thin; }\n"
408 + " td { white-space: nowrap; }\n"
409 " td.int { background-color: #f0f0f0; text-align: right }\n"
410 " td.string { background-color: #f0f0f0; text-align: left }\n"
411 " th.status { background-color: black; color: white; font-weight: bold; }\n"
413 buffer_append_string_encoded(b, CONST_BUF_LEN(c->uri.path), ENCODING_HTML);
416 + if (!buffer_is_empty(c->uri.query)) {
417 + BUFFER_APPEND_STRING_CONST(b, "?");
418 + buffer_append_string_encoded(b, CONST_BUF_LEN(c->uri.query), ENCODING_HTML);
421 + if (!buffer_is_empty(c->request.orig_uri)) {
422 + BUFFER_APPEND_STRING_CONST(b, " (");
423 + buffer_append_string_encoded(b, CONST_BUF_LEN(c->request.orig_uri), ENCODING_HTML);
424 + BUFFER_APPEND_STRING_CONST(b, ")");
426 BUFFER_APPEND_STRING_CONST(b, "</td><td class=\"string\">");
428 buffer_append_string_buffer(b, c->physical.path);
430 ===================================================================
431 --- src/mod_ssi.c (.../tags/lighttpd-1.4.15) (revision 1880)
432 +++ src/mod_ssi.c (.../branches/lighttpd-1.4.x) (revision 1880)
437 - execl("/bin/sh", "sh", "-c", cmd, NULL);
438 + execl("/bin/sh", "sh", "-c", cmd, (char *)NULL);
440 log_error_write(srv, __FILE__, __LINE__, "sss", "spawing exec failed:", strerror(errno), cmd);
442 Index: src/spawn-fcgi.c
443 ===================================================================
444 --- src/spawn-fcgi.c (.../tags/lighttpd-1.4.15) (revision 1880)
445 +++ src/spawn-fcgi.c (.../branches/lighttpd-1.4.x) (revision 1880)
450 - execl("/bin/sh", "sh", "-c", b, NULL);
451 + execl("/bin/sh", "sh", "-c", b, (char *)NULL);
455 Index: src/mod_fastcgi.c
456 ===================================================================
457 --- src/mod_fastcgi.c (.../tags/lighttpd-1.4.15) (revision 1880)
458 +++ src/mod_fastcgi.c (.../branches/lighttpd-1.4.x) (revision 1880)
460 buffer *unixsocket; /* config.socket + "-" + id */
461 unsigned port; /* config.port + pno */
463 - buffer *connection_name; /* either tcp:<host>:<port> or unix:<socket> for debuggin purposes */
464 + buffer *connection_name; /* either tcp:<host>:<port> or unix:<socket> for debugging purposes */
466 pid_t pid; /* PID of the spawned process (0 if not spawned locally) */
469 size_t requests; /* see max_requests */
470 struct fcgi_proc *prev, *next; /* see first */
472 - time_t disabled_until; /* this proc is disabled until, use something else until than */
473 + time_t disabled_until; /* this proc is disabled until, use something else until then */
478 PROC_STATE_UNSET, /* init-phase */
479 PROC_STATE_RUNNING, /* alive */
480 PROC_STATE_OVERLOADED, /* listen-queue is full,
481 - don't send something to this proc for the next 2 seconds */
482 + don't send anything to this proc for the next 2 seconds */
483 PROC_STATE_DIED_WAIT_FOR_PID, /* */
484 PROC_STATE_DIED, /* marked as dead, should be restarted */
485 PROC_STATE_KILLED /* was killed as we don't have the load anymore */
487 unsigned short disable_time;
490 - * same fastcgi processes get a little bit larger
491 + * some fastcgi processes get a little bit larger
492 * than wanted. max_requests_per_proc kills a
493 * process after a number of handled requests.
496 * bin-path is the path to the binary
498 * check min_procs and max_procs for the number
499 - * of process to start-up
500 + * of process to start up
508 - * check_local tell you if the phys file is stat()ed
509 + * check_local tells you if the phys file is stat()ed
510 * or not. FastCGI doesn't care if the service is
511 * remote. If the web-server side doesn't contain
512 * the fastcgi-files we should not stat() for them
515 * append PATH_INFO to SCRIPT_FILENAME
517 - * php needs this if cgi.fix_pathinfo is provied
518 + * php needs this if cgi.fix_pathinfo is provided
525 only if a process is killed max_id waits for the process itself
526 - to die and decrements its afterwards */
527 + to die and decrements it afterwards */
529 buffer *strip_request_uri;
535 - /* set a usefull default */
536 + /* set a useful default */
537 fcgi_addr_in.sin_addr.s_addr = htonl(INADDR_ANY);
543 if (-1 == connect(fcgi_fd, fcgi_addr, servlen)) {
544 - /* server is not up, spawn in */
545 + /* server is not up, spawn it */
549 @@ -1029,10 +1029,11 @@
550 "child exited with status",
551 WEXITSTATUS(status), host->bin_path);
552 log_error_write(srv, __FILE__, __LINE__, "s",
553 - "if you try do run PHP as FastCGI backend make sure you use the FastCGI enabled version.\n"
554 + "If you're trying to run PHP as a FastCGI backend, make sure you're using the FastCGI-enabled version.\n"
555 "You can find out if it is the right one by executing 'php -v' and it should display '(cgi-fcgi)' "
556 - "in the output, NOT (cgi) NOR (cli)\n"
557 - "For more information check http://www.lighttpd.net/documentation/fastcgi.html#preparing-php-as-a-fastcgi-program");
558 + "in the output, NOT '(cgi)' NOR '(cli)'.\n"
559 + "For more information, check http://trac.lighttpd.net/trac/wiki/Docs%3AModFastCGI#preparing-php-as-a-fastcgi-program"
560 + "If this is PHP on Gentoo, add 'fastcgi' to the USE flags.");
561 } else if (WIFSIGNALED(status)) {
562 log_error_write(srv, __FILE__, __LINE__, "sd",
563 "terminated by signal:",
564 @@ -1040,9 +1041,9 @@
566 if (WTERMSIG(status) == 11) {
567 log_error_write(srv, __FILE__, __LINE__, "s",
568 - "to be exact: it seg-fault, crashed, died, ... you get the idea." );
569 + "to be exact: it segfaulted, crashed, died, ... you get the idea." );
570 log_error_write(srv, __FILE__, __LINE__, "s",
571 - "If this is PHP try to remove the byte-code caches for now and try again.");
572 + "If this is PHP, try removing the bytecode caches for now and try again.");
575 log_error_write(srv, __FILE__, __LINE__, "sd",
576 @@ -1066,7 +1067,7 @@
579 log_error_write(srv, __FILE__, __LINE__, "sb",
580 - "(debug) socket is already used, won't spawn:",
581 + "(debug) socket is already used; won't spawn:",
582 proc->connection_name);
585 @@ -1508,7 +1509,7 @@
587 * next step is resetting this attemp and setup a connection again
589 - * if we have more then 5 reconnects for the same request, die
590 + * if we have more than 5 reconnects for the same request, die
594 @@ -1626,7 +1627,7 @@
597 CONNECTION_DELAYED, /* retry after event, take same host */
598 - CONNECTION_OVERLOADED, /* disable for 1 seconds, take another backend */
599 + CONNECTION_OVERLOADED, /* disable for 1 second, take another backend */
600 CONNECTION_DEAD /* disable for 60 seconds, take another backend */
601 } connection_result_t;
603 @@ -1669,7 +1670,7 @@
604 fcgi_addr_in.sin_family = AF_INET;
605 if (0 == inet_aton(host->host->ptr, &(fcgi_addr_in.sin_addr))) {
606 log_error_write(srv, __FILE__, __LINE__, "sbs",
607 - "converting IP-adress failed for", host->host,
608 + "converting IP address failed for", host->host,
609 "\nBe sure to specify an IP address here");
612 @@ -1694,16 +1695,16 @@
614 if (hctx->conf.debug > 2) {
615 log_error_write(srv, __FILE__, __LINE__, "sb",
616 - "connect delayed, will continue later:", proc->connection_name);
617 + "connect delayed; will continue later:", proc->connection_name);
620 return CONNECTION_DELAYED;
621 } else if (errno == EAGAIN) {
622 if (hctx->conf.debug) {
623 log_error_write(srv, __FILE__, __LINE__, "sbsd",
624 - "This means that the you have more incoming requests than your fastcgi-backend can handle in parallel. "
625 - "Perhaps it helps to spawn more fastcgi backend or php-children, if not decrease server.max-connections."
626 - "The load for this fastcgi backend", proc->connection_name, "is", proc->load);
627 + "This means that you have more incoming requests than your FastCGI backend can handle in parallel."
628 + "It might help to spawn more FastCGI backends or PHP children; if not, decrease server.max-connections."
629 + "The load for this FastCGI backend", proc->connection_name, "is", proc->load);
632 return CONNECTION_OVERLOADED;
633 @@ -1881,8 +1882,6 @@
634 fcgi_env_add(p->fcgi_env, CONST_STR_LEN("REMOTE_ADDR"), s, strlen(s));
636 if (!buffer_is_empty(con->authed_user)) {
637 - fcgi_env_add(p->fcgi_env, CONST_STR_LEN("REMOTE_USER"), CONST_BUF_LEN(con->authed_user));
639 /* AUTH_TYPE fix by Troy Kruthoff (tkruthoff@gmail.com)
640 * section 4.1.1 of RFC 3875 (cgi spec) requires the server to set a AUTH_TYPE env
641 * declaring the type of authentication used. (see http://tools.ietf.org/html/rfc3875#page-11)
642 @@ -1896,6 +1895,8 @@
643 char *http_authorization = NULL;
646 + fcgi_env_add(p->fcgi_env, CONST_STR_LEN("REMOTE_USER"), CONST_BUF_LEN(con->authed_user));
648 if (NULL != (ds = (data_string *)array_get_element(con->request.headers, "Authorization"))) {
649 http_authorization = ds->value->ptr;
651 @@ -2055,8 +2056,8 @@
655 - /* we announce toWrite octects
656 - * now take all the request_content chunk that we need to fill this request
657 + /* we announce toWrite octets
658 + * now take all the request_content chunks that we need to fill this request
661 b = chunkqueue_get_append_buffer(hctx->wb);
662 @@ -2356,7 +2357,7 @@
665 if (packet->b->used < packet->len + 1) {
666 - /* we didn't got the full packet */
667 + /* we didn't get the full packet */
669 buffer_free(packet->b);
671 @@ -2439,7 +2440,6 @@
672 b->used = r + 1; /* one extra for the fake \0 */
673 b->ptr[b->used - 1] = '\0';
675 - if (errno == EAGAIN) return 0;
676 log_error_write(srv, __FILE__, __LINE__, "ssdsb",
677 "unexpected end-of-file (perhaps the fastcgi process died):",
679 @@ -2558,7 +2558,7 @@
680 if (host->mode != FCGI_AUTHORIZER ||
681 !(con->http_status == 0 ||
682 con->http_status == 200)) {
683 - /* send chunk-end if nesseary */
684 + /* send chunk-end if necessary */
685 http_chunk_append_mem(srv, con, NULL, 0);
686 joblist_append(srv, con);
688 @@ -2653,7 +2653,7 @@
689 if (proc->state != PROC_STATE_DIED) break;
691 case PROC_STATE_DIED:
692 - /* local proc get restarted by us,
693 + /* local procs get restarted by us,
694 * remote ones hopefully by the admin */
696 if (proc->is_local) {
697 @@ -2774,7 +2774,7 @@
698 proc && proc->state != PROC_STATE_RUNNING;
701 - /* all childs are dead */
702 + /* all children are dead */
706 @@ -2834,7 +2834,7 @@
709 log_error_write(srv, __FILE__, __LINE__, "ssdsd",
710 - "backend is overloaded, we disable it for a 2 seconds and send the request to another backend instead:",
711 + "backend is overloaded; we'll disable it for 2 seconds and send the request to another backend instead:",
712 "reconnects:", hctx->reconnects,
713 "load:", host->load);
715 @@ -2864,7 +2864,7 @@
718 log_error_write(srv, __FILE__, __LINE__, "ssdsd",
719 - "backend died, we disable it for a 5 seconds and send the request to another backend instead:",
720 + "backend died; we'll disable it for 5 seconds and send the request to another backend instead:",
721 "reconnects:", hctx->reconnects,
722 "load:", host->load);
724 @@ -2950,7 +2950,7 @@
725 if (hctx->wb->bytes_out == 0 &&
726 hctx->reconnects < 5) {
727 usleep(10000); /* take away the load of the webserver
728 - * to let the php a chance to restart
729 + * to give the php a chance to restart
732 fcgi_reconnect(srv, hctx);
733 @@ -3152,9 +3152,9 @@
734 (con->http_status == 200 ||
735 con->http_status == 0)) {
737 - * If we are here in AUTHORIZER mode then a request for autorizer
738 - * was proceeded already, and status 200 has been returned. We need
739 - * now to handle autorized request.
740 + * If we are here in AUTHORIZER mode then a request for authorizer
741 + * was processed already, and status 200 has been returned. We need
742 + * now to handle authorized request.
745 buffer_copy_string_buffer(con->physical.doc_root, host->docroot);
746 @@ -3220,7 +3220,7 @@
749 if (con->file_started == 0) {
750 - /* nothing has been send out yet, try to use another child */
751 + /* nothing has been sent out yet, try to use another child */
753 if (hctx->wb->bytes_out == 0 &&
754 hctx->reconnects < 5) {
755 @@ -3270,8 +3270,8 @@
756 hctx->state == FCGI_STATE_WRITE) {
757 /* we are allowed to send something out
759 - * 1. in a unfinished connect() call
760 - * 2. in a unfinished write() call (long POST request)
761 + * 1. in an unfinished connect() call
762 + * 2. in an unfinished write() call (long POST request)
764 return mod_fastcgi_handle_subrequest(srv, con, p);
766 @@ -3286,8 +3286,8 @@
767 if (hctx->state == FCGI_STATE_CONNECT_DELAYED) {
768 /* getoptsock will catch this one (right ?)
770 - * if we are in connect we might get a EINPROGRESS
771 - * in the first call and a FDEVENT_HUP in the
772 + * if we are in connect we might get an EINPROGRESS
773 + * in the first call and an FDEVENT_HUP in the
776 * FIXME: as it is a bit ugly.
777 @@ -3485,7 +3485,7 @@
778 return HANDLER_FINISHED;
781 - /* a note about no handler is not sent yey */
782 + /* a note about no handler is not sent yet */
783 extension->note_is_sent = 0;
786 @@ -3520,7 +3520,7 @@
789 /* the prefix is the SCRIPT_NAME,
790 - * everthing from start to the next slash
791 + * everything from start to the next slash
792 * this is important for check-local = "disable"
794 * if prefix = /admin.fcgi
795 @@ -3630,13 +3630,13 @@
797 /* perhaps we should kill a connect attempt after 10-15 seconds
799 - * currently we wait for the TCP timeout which is on Linux 180 seconds
800 + * currently we wait for the TCP timeout which is 180 seconds on Linux
806 - /* check all childs if they are still up */
807 + /* check all children if they are still up */
809 for (i = 0; i < srv->config_context->used; i++) {
811 @@ -3718,11 +3718,11 @@
813 if (srv->cur_ts - proc->last_used > host->idle_timeout) {
814 /* a proc is idling for a long time now,
819 log_error_write(srv, __FILE__, __LINE__, "ssbsd",
820 - "idle-timeout reached, terminating child:",
821 + "idle-timeout reached; terminating child:",
822 "socket:", proc->connection_name,
825 Index: src/mod_access.c
826 ===================================================================
827 --- src/mod_access.c (.../tags/lighttpd-1.4.15) (revision 1880)
828 +++ src/mod_access.c (.../branches/lighttpd-1.4.x) (revision 1880)
836 + * we will get called twice:
837 + * - after the clean up of the URL and
838 + * - after the pathinfo checks are done
840 + * this handles the issue of trailing slashes
842 URIHANDLER_FUNC(mod_access_uri_handler) {
843 plugin_data *p = p_d;
845 @@ -122,28 +131,41 @@
847 s_len = con->uri.path->used - 1;
849 + if (con->conf.log_request_handling) {
850 + log_error_write(srv, __FILE__, __LINE__, "s",
851 + "-- mod_access_uri_handler called");
854 for (k = 0; k < p->conf.access_deny->used; k++) {
855 data_string *ds = (data_string *)p->conf.access_deny->data[k];
856 int ct_len = ds->value->used - 1;
860 if (ct_len > s_len) continue;
862 if (ds->value->used == 0) continue;
864 /* if we have a case-insensitive FS we have to lower-case the URI here too */
866 if (con->conf.force_lowercase_filenames) {
867 if (0 == strncasecmp(con->uri.path->ptr + s_len - ct_len, ds->value->ptr, ct_len)) {
868 - con->http_status = 403;
870 - return HANDLER_FINISHED;
874 if (0 == strncmp(con->uri.path->ptr + s_len - ct_len, ds->value->ptr, ct_len)) {
875 - con->http_status = 403;
880 - return HANDLER_FINISHED;
882 + con->http_status = 403;
884 + if (con->conf.log_request_handling) {
885 + log_error_write(srv, __FILE__, __LINE__, "sb",
886 + "url denied as we match:", ds->value);
889 + return HANDLER_FINISHED;
895 p->init = mod_access_init;
896 p->set_defaults = mod_access_set_defaults;
897 - p->handle_uri_clean = mod_access_uri_handler;
898 + p->handle_uri_clean = mod_access_uri_handler;
899 + p->handle_subrequest_start = mod_access_uri_handler;
900 p->cleanup = mod_access_free;
903 Index: src/mod_accesslog.c
904 ===================================================================
905 --- src/mod_accesslog.c (.../tags/lighttpd-1.4.15) (revision 1880)
906 +++ src/mod_accesslog.c (.../branches/lighttpd-1.4.x) (revision 1880)
911 - execl("/bin/sh", "sh", "-c", s->access_logfile->ptr + 1, NULL);
912 + execl("/bin/sh", "sh", "-c", s->access_logfile->ptr + 1, (char *)NULL);
914 log_error_write(srv, __FILE__, __LINE__, "sss",
915 "spawning log-process failed: ", strerror(errno),
917 ===================================================================
918 --- src/server.c (.../tags/lighttpd-1.4.15) (revision 1880)
919 +++ src/server.c (.../branches/lighttpd-1.4.x) (revision 1880)
925 + * we are not root can can't increase the fd-limit, but we can reduce it
927 + if (srv->srvconf.max_fds && srv->srvconf.max_fds < rlim.rlim_cur) {
930 + rlim.rlim_cur = srv->srvconf.max_fds;
932 + if (0 != setrlimit(RLIMIT_NOFILE, &rlim)) {
933 + log_error_write(srv, __FILE__, __LINE__,
934 + "ss", "couldn't set 'max filedescriptors'",
940 if (srv->event_handler == FDEVENT_HANDLER_SELECT) {
941 srv->max_fds = rlim.rlim_cur < FD_SETSIZE - 200 ? rlim.rlim_cur : FD_SETSIZE - 200;
943 Index: src/proc_open.c
944 ===================================================================
945 --- src/proc_open.c (.../tags/lighttpd-1.4.15) (revision 1880)
946 +++ src/proc_open.c (.../branches/lighttpd-1.4.x) (revision 1880)
949 proc_close_parents(proc);
951 - execl(shell, shell, "-c", command, NULL);
952 + execl(shell, shell, "-c", command, (char *)NULL);
955 } else if (child < 0) {
956 Index: tests/mod-auth.t
957 ===================================================================
958 --- tests/mod-auth.t (.../tags/lighttpd-1.4.15) (revision 1880)
959 +++ tests/mod-auth.t (.../branches/lighttpd-1.4.x) (revision 1880)
964 -use Test::More tests => 10;
965 +use Test::More tests => 13;
968 my $tf = LightyTest->new();
970 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 400 } ];
971 ok($tf->handle_http($t) == 0, 'Digest-Auth: missing nc (noncecount instead), no crash');
973 +$t->{REQUEST} = ( <<EOF
974 +GET /server-status HTTP/1.0
975 +Authorization: Basic =
978 +$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ];
979 +ok($tf->handle_http($t) == 0, 'Basic-Auth: Invalid Base64');
982 +$t->{REQUEST} = ( <<EOF
983 +GET /server-status HTTP/1.0
984 +User-Agent: Wget/1.9.1
985 +Authorization: Digest username="jan", realm="jan",
986 + nonce="b1d12348b4620437c43dd61c50ae4639", algorithm="md5-sess",
987 + uri="/MJ-BONG.xm.mpc", qop=auth, noncecount=00000001",
988 + cnonce="036FCA5B86F7E7C4965C7F9B8FE714B7",
990 + response="29B32C2953C763C6D033C8A49983B87E"
993 +$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ];
994 +ok($tf->handle_http($t) == 0, 'Digest-Auth: md5-sess + missing cnonce');
996 +$t->{REQUEST} = ( <<EOF
997 +GET /server-status HTTP/1.0
998 +User-Agent: Wget/1.9.1
999 +Authorization: Digest username="jan", realm="jan",
1000 + nonce="b1d12348b4620437c43dd61c50ae4639", algorithm="md5-sess",
1001 + uri="/MJ-BONG.xm.mpc", qop=auth, noncecount=00000001",
1002 + cnonce="036FCA5B86F7E7C4965C7F9B8FE714B7",
1004 + response="29B32C2953C763C6D033C8A49983B87E"
1007 +$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ];
1008 +ok($tf->handle_http($t) == 0, 'Digest-Auth: trailing WS');
1012 ok($tf->stop_proc == 0, "Stopping lighttpd");
1014 Index: tests/mod-access.t
1015 ===================================================================
1016 --- tests/mod-access.t (.../tags/lighttpd-1.4.15) (revision 1880)
1017 +++ tests/mod-access.t (.../branches/lighttpd-1.4.x) (revision 1880)
1022 -use Test::More tests => 3;
1023 +use Test::More tests => 4;
1026 my $tf = LightyTest->new();
1028 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 403 } ];
1029 ok($tf->handle_http($t) == 0, 'forbid access to ...~');
1031 +$t->{REQUEST} = ( <<EOF
1032 +GET /index.html~/ HTTP/1.0
1035 +$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 403 } ];
1036 +ok($tf->handle_http($t) == 0, '#1230 - forbid access to ...~ - trailing slash');
1038 ok($tf->stop_proc == 0, "Stopping lighttpd");
1040 Index: tests/core-request.t
1041 ===================================================================
1042 --- tests/core-request.t (.../tags/lighttpd-1.4.15) (revision 1880)
1043 +++ tests/core-request.t (.../branches/lighttpd-1.4.x) (revision 1880)
1048 -use Test::More tests => 33;
1049 +use Test::More tests => 36;
1052 my $tf = LightyTest->new();
1053 @@ -273,6 +273,38 @@
1054 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
1055 ok($tf->handle_http($t) == 0, 'uppercase filenames');
1057 +$t->{REQUEST} = ( <<EOF
1064 +$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
1065 +ok($tf->handle_http($t) == 0, '#1232 - duplicate headers with line-wrapping');
1067 +$t->{REQUEST} = ( <<EOF
1074 +$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
1075 +ok($tf->handle_http($t) == 0, '#1232 - duplicate headers with line-wrapping - test 2');
1077 +$t->{REQUEST} = ( <<EOF
1084 +$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
1085 +ok($tf->handle_http($t) == 0, '#1232 - duplicate headers with line-wrapping - test 3');
1090 ok($tf->stop_proc == 0, "Stopping lighttpd");
1092 Index: tests/prepare.sh
1093 ===================================================================
1094 --- tests/prepare.sh (.../tags/lighttpd-1.4.15) (revision 1880)
1095 +++ tests/prepare.sh (.../branches/lighttpd-1.4.x) (revision 1880)
1097 # copy everything into the right places
1098 cp $srcdir/docroot/www/*.html \
1099 $srcdir/docroot/www/*.php \
1100 + $srcdir/docroot/www/*.html~ \
1101 $srcdir/docroot/www/*.pl \
1102 $srcdir/docroot/www/*.fcgi \
1103 $srcdir/docroot/www/*.shtml \
1104 Index: tests/docroot/www/index.html~
1105 ===================================================================
1106 Index: tests/docroot/www/Makefile.am
1107 ===================================================================
1108 --- tests/docroot/www/Makefile.am (.../tags/lighttpd-1.4.15) (revision 1880)
1109 +++ tests/docroot/www/Makefile.am (.../branches/lighttpd-1.4.x) (revision 1880)
1111 EXTRA_DIST=cgi.php cgi.pl dummydir index.html index.txt phpinfo.php \
1112 redirect.php cgi-pathinfo.pl get-env.php get-server-env.php \
1113 nph-status.pl prefix.fcgi get-header.pl ssi.shtml get-post-len.pl \
1115 + exec-date.shtml index.html~
1116 SUBDIRS=go indexfile expire
1118 ===================================================================
1119 --- NEWS (.../tags/lighttpd-1.4.15) (revision 1880)
1120 +++ NEWS (.../branches/lighttpd-1.4.x) (revision 1880)
1127 + * added static-file.etags, etag.use-inode, etag.use-mtime, etag.use-size
1128 + to customize the generation of ETags for static files. (#1209)
1129 + (patch by <Yusufg@gmail.com>)
1130 + * fixed typecast of NULL on execl() (#1235)
1131 + (patch by F. Denis)
1132 + * fixed circumventing url.access-deny by trailing slash (#1230)
1133 + * fixed crash on duplicate headers with trailing WS (#1232)
1134 + * fixed accepting more connections then requested (#1216)
1135 + * fixed mem-leak in mod_auth (reported by Stefan Esser)
1136 + * fixed crash with md5-sess and cnonce not set in mod_auth (reported by Stefan Esser)
1137 + * fixed missing check for base64 encoded string in mod_auth and Basic auth
1138 + (reported by Stefan Esser)
1139 + * fixed possible crash in Auth-Digest header parser on trailing WS in
1140 + mod_auth (reported by Stefan Esser)
1141 + * fixed check on stale errno values, which broke handling of broken fastcgi
1142 + applications. (#1245)
1144 - 1.4.15 - 2007-04-13
1146 - * fixed broken Set-Cookie headers
1147 + * fixed broken Set-Cookie headers
1149 - 1.4.14 - 2007-04-13
1152 * fix cpu hog in certain requests [1473] CVE-2007-1869
1153 * fix for handling hostnames with trailing dot [1406]
1154 * fixed header-injection via server.tag (#1106)
1155 - * disabled caching of files without a content-type to solve the
1156 + * disabled caching of files without a content-type to solve the
1157 aggressive caching of FF
1158 * remove trailing white-spaces from HTTP-requests before parsing (#1098)
1159 * fixed accesslog.use-syslog in a conditional and the caching of the
1161 * fixed crash on url.redirect and url.rewrite if %0 is used in a global context
1163 * fixed possible crash in debug-message in mod_extforward
1164 - * fixed compilation of mod_extforward on glibc < 2.3.4
1165 + * fixed compilation of mod_extforward on glibc < 2.3.4
1166 * fixed include of empty in the configfiles (#1076)
1167 * send SIGUSR1 to fastcgi children before SIGTERM. libfcgi wants SIGUSR1. (#737)
1168 * fixed missing AUTH_TYPE entry in the fastcgi environment. (#889)
1170 * added initgroups in spawn-fcgi (#871)
1171 * added apr1 support htpasswd in mod-auth (#870)
1172 * added lighty.stat() to mod_magnet
1173 - * fixed segfault in splitted CRLF CRLF sequences
1174 + * fixed segfault in splitted CRLF CRLF sequences
1175 (introduced in 1.4.12) (#876)
1176 * fixed compilation of LOCK support in mod-webdav
1177 * fixed fragments in request-URLs (#869)
1178 * fixed pkg-config check for lua5.1 on debian
1179 - * fixed Content-Length = 0 on HEAD requests without
1180 + * fixed Content-Length = 0 on HEAD requests without
1181 a known Content-Length (#119)
1182 * fixed mkdir() forcing 0700 (#884)
1183 * fixed writev() on FreeBSD 4.x and older (#875)
1184 - * removed warning about a 404-error-handler
1185 + * removed warning about a 404-error-handler
1187 * backported and fixed the buildsystem changes for
projects / packages / lighttpd.git / blob