Index: configure.in =================================================================== --- configure.in (.../tags/lighttpd-1.4.19) (revision 2145) +++ configure.in (.../branches/lighttpd-1.4.x) (revision 2145) @@ -1,7 +1,7 @@ # -*- Autoconf -*- # Process this file with autoconf to produce a configure script. AC_PREREQ(2.57) -AC_INIT(lighttpd, 1.4.19, jan@kneschke.de) +AC_INIT(lighttpd, 1.4.20, jan@kneschke.de) AC_CONFIG_SRCDIR([src/server.c]) AC_CANONICAL_TARGET Index: src/configfile-glue.c =================================================================== --- src/configfile-glue.c (.../tags/lighttpd-1.4.19) (revision 2145) +++ src/configfile-glue.c (.../branches/lighttpd-1.4.x) (revision 2145) @@ -529,7 +529,7 @@ int config_append_cond_match_buffer(connection *con, data_config *dc, buffer *buf, int n) { cond_cache_t *cache = &con->cond_cache[dc->context_ndx]; - if (n > cache->patterncount) { + if (n >= cache->patterncount) { return 0; } Index: src/connections.c =================================================================== --- src/connections.c (.../tags/lighttpd-1.4.19) (revision 2145) +++ src/connections.c (.../branches/lighttpd-1.4.x) (revision 2145) @@ -199,6 +199,7 @@ /* don't resize the buffer if we were in SSL_ERROR_WANT_* */ + ERR_clear_error(); do { if (!con->ssl_error_want_reuse_buffer) { b = buffer_init(); @@ -1668,21 +1669,51 @@ } #ifdef USE_OPENSSL if (srv_sock->is_ssl) { - int ret; + int ret, ssl_r; + unsigned long err; + ERR_clear_error(); switch ((ret = SSL_shutdown(con->ssl))) { case 1: /* ok */ break; case 0: - SSL_shutdown(con->ssl); - break; + ERR_clear_error(); + if (-1 != (ret = SSL_shutdown(con->ssl))) break; + + /* fall through */ default: - log_error_write(srv, __FILE__, __LINE__, "sds", "SSL:", - SSL_get_error(con->ssl, ret), - ERR_error_string(ERR_get_error(), NULL)); - return -1; + + switch ((ssl_r = SSL_get_error(con->ssl, ret))) { + case SSL_ERROR_WANT_WRITE: + case SSL_ERROR_WANT_READ: + break; + case SSL_ERROR_SYSCALL: + /* perhaps we have error waiting in our error-queue */ + if (0 != (err = ERR_get_error())) { + do { + log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:", + ssl_r, ret, + ERR_error_string(err, NULL)); + } while((err = ERR_get_error())); + } else { + log_error_write(srv, __FILE__, __LINE__, "sddds", "SSL (error):", + ssl_r, ret, errno, + strerror(errno)); + } + + break; + default: + while((err = ERR_get_error())) { + log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:", + ssl_r, ret, + ERR_error_string(err, NULL)); + } + + break; + } } } + ERR_clear_error(); #endif switch(con->mode) { Index: src/response.c =================================================================== --- src/response.c (.../tags/lighttpd-1.4.19) (revision 2145) +++ src/response.c (.../branches/lighttpd-1.4.x) (revision 2145) @@ -101,7 +101,7 @@ if (!have_server) { if (buffer_is_empty(con->conf.server_tag)) { BUFFER_APPEND_STRING_CONST(b, "\r\nServer: " PACKAGE_NAME "/" PACKAGE_VERSION); - } else { + } else if (con->conf.server_tag->used > 1) { BUFFER_APPEND_STRING_CONST(b, "\r\nServer: "); buffer_append_string_encoded(b, CONST_BUF_LEN(con->conf.server_tag), ENCODING_HTTP_HEADER); } Index: src/mod_extforward.c =================================================================== --- src/mod_extforward.c (.../tags/lighttpd-1.4.19) (revision 2145) +++ src/mod_extforward.c (.../branches/lighttpd-1.4.x) (revision 2145) @@ -281,8 +281,9 @@ static const char *last_not_in_array(array *a, plugin_data *p) { array *forwarder = p->conf.forwarder; + int i; - for (int i = a->used - 1; i >= 0; i--) { + for (i = a->used - 1; i >= 0; i--) { data_string *ds = (data_string *)a->data[i]; const char *ip = ds->value->ptr; Index: src/network_openssl.c =================================================================== --- src/network_openssl.c (.../tags/lighttpd-1.4.19) (revision 2145) +++ src/network_openssl.c (.../branches/lighttpd-1.4.x) (revision 2145) @@ -85,6 +85,7 @@ * */ + ERR_clear_error(); if ((r = SSL_write(ssl, offset, toSend)) <= 0) { unsigned long err; @@ -187,6 +188,7 @@ close(ifd); + ERR_clear_error(); if ((r = SSL_write(ssl, s, toSend)) <= 0) { unsigned long err; Index: src/mod_compress.c =================================================================== --- src/mod_compress.c (.../tags/lighttpd-1.4.19) (revision 2145) +++ src/mod_compress.c (.../branches/lighttpd-1.4.x) (revision 2145) @@ -178,9 +178,9 @@ } if (!buffer_is_empty(s->compress_cache_dir)) { + struct stat st; mkdir_recursive(s->compress_cache_dir->ptr); - struct stat st; if (0 != stat(s->compress_cache_dir->ptr, &st)) { log_error_write(srv, __FILE__, __LINE__, "sbs", "can't stat compress.cache-dir", s->compress_cache_dir, strerror(errno)); Index: src/mod_fastcgi.c =================================================================== --- src/mod_fastcgi.c (.../tags/lighttpd-1.4.19) (revision 2145) +++ src/mod_fastcgi.c (.../branches/lighttpd-1.4.x) (revision 2145) @@ -2544,7 +2544,10 @@ stat_cache_entry *sce; if (HANDLER_ERROR != stat_cache_get_entry(srv, con, ds->value, &sce)) { - data_string *dcls = data_string_init(); + data_string *dcls; + if (NULL == (dcls = (data_string *)array_get_unused_element(con->response.headers, TYPE_STRING))) { + dcls = data_response_init(); + } /* found */ http_chunk_append_file(srv, con, ds->value, 0, sce->st.st_size); hctx->send_content_body = 0; /* ignore the content */ Index: src/mod_magnet.c =================================================================== --- src/mod_magnet.c (.../tags/lighttpd-1.4.19) (revision 2145) +++ src/mod_magnet.c (.../branches/lighttpd-1.4.x) (revision 2145) @@ -414,10 +414,16 @@ case MAGNET_ENV_URI_AUTHORITY: dest = con->uri.authority; break; case MAGNET_ENV_URI_QUERY: dest = con->uri.query; break; - case MAGNET_ENV_REQUEST_METHOD: break; + case MAGNET_ENV_REQUEST_METHOD: + buffer_copy_string(srv->tmp_buf, get_http_method_name(con->request.http_method)); + dest = srv->tmp_buf; + break; case MAGNET_ENV_REQUEST_URI: dest = con->request.uri; break; case MAGNET_ENV_REQUEST_ORIG_URI: dest = con->request.orig_uri; break; - case MAGNET_ENV_REQUEST_PROTOCOL: break; + case MAGNET_ENV_REQUEST_PROTOCOL: + buffer_copy_string(srv->tmp_buf, get_http_version_name(con->request.http_version)); + dest = srv->tmp_buf; + break; case MAGNET_ENV_UNSET: break; } Index: doc/userdir.txt =================================================================== --- doc/userdir.txt (.../tags/lighttpd-1.4.19) (revision 2145) +++ doc/userdir.txt (.../branches/lighttpd-1.4.x) (revision 2145) @@ -46,10 +46,10 @@ Options ======= -userdir.path +userdir.path (required option) usually it should be set to "public_html" to take ~/public_html/ as the document root - Default: empty (document root is the home directory) + Default: unset (mod_userdir disabled; set it to "" if you want the home directory to be the document root as it was the default before 1.4.19) Example: :: userdir.path = "public_html" Index: SConstruct =================================================================== --- SConstruct (.../tags/lighttpd-1.4.19) (revision 2145) +++ SConstruct (.../branches/lighttpd-1.4.x) (revision 2145) @@ -5,7 +5,7 @@ from stat import * package = 'lighttpd' -version = '1.4.19' +version = '1.4.20' def checkCHeaders(autoconf, hdrs): p = re.compile('[^A-Z0-9]') Index: NEWS =================================================================== --- NEWS (.../tags/lighttpd-1.4.19) (revision 2145) +++ NEWS (.../branches/lighttpd-1.4.x) (revision 2145) @@ -3,8 +3,19 @@ NEWS ==== -- 1.4.19 - +- 1.4.20 - + * Fix mod_compress to compile with old gcc version (#1592) + * Fix mod_extforward to compile with old gcc version (#1591) + * Update documentation for #1587 + * Fix #285 again: read error after SSL_shutdown (thx marton.illes@balabit.com) and clear the error queue before some other calls (CVE-2008-1531) + * Fix mod_magnet: enable "request.method" and "request.protocol" in lighty.env (#1308) + * Fix segfault for appending matched parts if there was no regex matching (just give empty strings) (#1601) + * Use data_response_init in mod_fastcgi x-sendfile handling for response.headers, fix a small "memleak" (#1628) + * Don't send empty Server headers (#1620) + +- 1.4.19 - 2008-03-10 + * added support for If-Range: (#1346) * added support for matching $HTTP["scheme"] in configs * fixed initgroups() called after chroot (#1384) Property changes on: . ___________________________________________________________________ Name: svk:merge - 152afb58-edef-0310-8abb-c4023f1b3aa9:/branches/lighttpd-1.3.x:499 152afb58-edef-0310-8abb-c4023f1b3aa9:/branches/lighttpd-1.4.11-ssl-fixes:1346 152afb58-edef-0310-8abb-c4023f1b3aa9:/branches/lighttpd-merge-1.4.x:1041 152afb58-edef-0310-8abb-c4023f1b3aa9:/tags/lighttpd-1.4.11:1042 152afb58-edef-0310-8abb-c4023f1b3aa9:/tags/release-1.3.13:105 152afb58-edef-0310-8abb-c4023f1b3aa9:/trunk:104 a98e19e4-a712-0410-8832-6551a15ffc53:/local/branches/lighttpd-1.4.x:1557 ebd0e9cf-3e47-4385-9dd4-f0e25e97baa2:/local/lighttpd/branches/lighttpd-1.4.x:2164 + 152afb58-edef-0310-8abb-c4023f1b3aa9:/branches/lighttpd-1.3.x:499 152afb58-edef-0310-8abb-c4023f1b3aa9:/branches/lighttpd-1.4.11-ssl-fixes:1346 152afb58-edef-0310-8abb-c4023f1b3aa9:/branches/lighttpd-merge-1.4.x:1041 152afb58-edef-0310-8abb-c4023f1b3aa9:/tags/lighttpd-1.4.11:1042 152afb58-edef-0310-8abb-c4023f1b3aa9:/tags/release-1.3.13:105 152afb58-edef-0310-8abb-c4023f1b3aa9:/trunk:104 a98e19e4-a712-0410-8832-6551a15ffc53:/local/branches/lighttpd-1.4.x:1557 ebd0e9cf-3e47-4385-9dd4-f0e25e97baa2:/local/lighttpd/branches/lighttpd-1.4.x:2209