-Index: lighttpd.spec.in
+# Revision 2815
+Index: src/http_auth_digest.c
===================================================================
---- lighttpd.spec.in (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ lighttpd.spec.in (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -1,83 +0,0 @@
--Summary: A fast webserver with minimal memory-footprint (lighttpd)
--Name: lighttpd
--Version: @VERSION@
--Release: 1
--Source: http://jan.kneschke.de/projects/lighttpd/download/lighttpd-%version.tar.gz
--Packager: Jan Kneschke <jan@kneschke.de>
--License: BSD
--Group: Networking/Daemons
--URL: http://www.lighttpd.net/
--Requires: pcre >= 3.1 zlib
--BuildRequires: libtool zlib-devel
--BuildRoot: %{_tmppath}/%{name}-root
+--- src/http_auth_digest.c (.../tags/lighttpd-1.4.29)
++++ src/http_auth_digest.c (.../branches/lighttpd-1.4.x)
+@@ -1,26 +0,0 @@
+-#include "buffer.h"
-
--%description
--lighttpd is intented to be a frontend for ad-servers which have to deliver
--small files concurrently to many connections.
+-#include "http_auth_digest.h"
-
--Available rpmbuild rebuild options:
----with: ssl mysql lua memcache
+-#include <string.h>
-
--%prep
--%setup -q
+-#ifndef USE_OPENSSL
+-# include "md5.h"
-
--%build
--rm -rf %{buildroot}
--%configure \
-- %{?_with_mysql: --with-mysql} \
-- %{?_with_lua: --with-lua} \
-- %{?_with_memcache: --with-memcache} \
-- %{?_with_ssl: --with-openssl}
--make
+-typedef li_MD5_CTX MD5_CTX;
+-#define MD5_Init li_MD5_Init
+-#define MD5_Update li_MD5_Update
+-#define MD5_Final li_MD5_Final
-
--%install
--%makeinstall
+-#endif
-
--mkdir -p %{buildroot}%{_sysconfdir}/{init.d,sysconfig}
--if [ -f /etc/redhat-release -o -f /etc/fedora-release ]; then
-- install -m 755 doc/rc.lighttpd.redhat %{buildroot}%{_sysconfdir}/init.d/lighttpd
--else
-- install -m 755 doc/rc.lighttpd %{buildroot}%{_sysconfdir}/init.d/lighttpd
--fi
--install -m 644 doc/sysconfig.lighttpd %{buildroot}%{_sysconfdir}/sysconfig/lighttpd
+-void CvtHex(IN HASH Bin, OUT HASHHEX Hex) {
+- unsigned short i;
-
--%clean
--rm -rf %{buildroot}
--
--%post
--## read http://www.fedora.us/docs/spec.html next time :)
--if [ "$1" = "1" ]; then
-- # real install, not upgrade
-- /sbin/chkconfig --add lighttpd
--fi
+- for (i = 0; i < HASHLEN; i++) {
+- Hex[i*2] = int2hex((Bin[i] >> 4) & 0xf);
+- Hex[i*2+1] = int2hex(Bin[i] & 0xf);
+- }
+- Hex[HASHHEXLEN] = '\0';
+-}
-
--%preun
--if [ "$1" = "0"]; then
-- # real uninstall, not upgrade
-- %{_sysconfdir}/init.d/lighttpd stop
-- /sbin/chkconfig --del lighttpd
--fi
+Index: src/http_auth_digest.h
+===================================================================
+--- src/http_auth_digest.h (.../tags/lighttpd-1.4.29)
++++ src/http_auth_digest.h (.../branches/lighttpd-1.4.x)
+@@ -1,24 +0,0 @@
+-#ifndef _DIGCALC_H_
+-#define _DIGCALC_H_
-
--%files
--%defattr(-,root,root)
--%doc doc/lighttpd.conf doc/lighttpd.user README INSTALL ChangeLog COPYING AUTHORS
--%doc doc/*.txt
--%config(noreplace) %attr(0755,root,root) %{_sysconfdir}/init.d/lighttpd
--%config(noreplace) %attr(0644,root,root) %{_sysconfdir}/sysconfig/lighttpd
--%{_mandir}/*
--%{_libdir}/*
--%{_sbindir}/*
--%{_bindir}/*
+-#ifdef HAVE_CONFIG_H
+-# include "config.h"
+-#endif
-
--%changelog
--* Thu Sep 30 2004 12:41 <jan@kneschke.de> 1.3.1
--- upgraded to 1.3.1
+-#define HASHLEN 16
+-typedef unsigned char HASH[HASHLEN];
+-#define HASHHEXLEN 32
+-typedef char HASHHEX[HASHHEXLEN+1];
+-#ifdef USE_OPENSSL
+-#define IN const
+-#else
+-#define IN
+-#endif
+-#define OUT
-
--* Tue Jun 29 2004 17:26 <jan@kneschke.de> 1.2.3
--- rpmlint'ed the package
--- added URL
--- added (noreplace) to start-script
--- change group to Networking/Daemon (like apache)
+-void CvtHex(
+- IN HASH Bin,
+- OUT HASHHEX Hex
+- );
-
--* Sun Feb 23 2003 15:04 <jan@kneschke.de>
--- initial version
-Index: configure.in
+-#endif
+Index: src/network_write.c
===================================================================
-Index: src/mod_ssi_exprparser.h
-===================================================================
---- src/mod_ssi_exprparser.h (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/mod_ssi_exprparser.h (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -1,12 +0,0 @@
--#define TK_AND 1
--#define TK_OR 2
--#define TK_EQ 3
--#define TK_NE 4
--#define TK_GT 5
--#define TK_GE 6
--#define TK_LT 7
--#define TK_LE 8
--#define TK_NOT 9
--#define TK_LPARAN 10
--#define TK_RPARAN 11
--#define TK_VALUE 12
-Index: src/configfile-glue.c
-===================================================================
---- src/configfile-glue.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/configfile-glue.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -155,7 +155,7 @@
- /* touched */
- touched = data_string_init();
-
-- buffer_copy_string(touched->value, "");
-+ buffer_copy_string_len(touched->value, CONST_STR_LEN(""));
- buffer_copy_string_buffer(touched->key, du->key);
-
- array_insert_unique(srv->config_touched, (data_unset *)touched);
-@@ -260,7 +260,7 @@
- if (ck_colon) {
- /* condition "host:port" but client send "host" */
- buffer_copy_string_buffer(srv->cond_check_buf, l);
-- BUFFER_APPEND_STRING_CONST(srv->cond_check_buf, ":");
-+ buffer_append_string_len(srv->cond_check_buf, CONST_STR_LEN(":"));
- buffer_append_long(srv->cond_check_buf, sock_addr_get_port(&(srv_sock->addr)));
- l = srv->cond_check_buf;
- } else if (!ck_colon) {
-@@ -529,7 +529,7 @@
- int config_append_cond_match_buffer(connection *con, data_config *dc, buffer *buf, int n)
- {
- cond_cache_t *cache = &con->cond_cache[dc->context_ndx];
-- if (n > cache->patterncount) {
-+ if (n >= cache->patterncount) {
- return 0;
- }
+--- src/network_write.c (.../tags/lighttpd-1.4.29)
++++ src/network_write.c (.../branches/lighttpd-1.4.x)
+@@ -24,17 +24,16 @@
+ # include <sys/resource.h>
+ #endif
-Index: src/mod_cgi.c
-===================================================================
---- src/mod_cgi.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/mod_cgi.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -912,7 +912,7 @@
- buffer_reset(p->tmp_buf);
-
- if (0 != strcasecmp(ds->key->ptr, "CONTENT-TYPE")) {
-- buffer_copy_string(p->tmp_buf, "HTTP_");
-+ buffer_copy_string_len(p->tmp_buf, CONST_STR_LEN("HTTP_"));
- p->tmp_buf->used--; /* strip \0 after HTTP_ */
- }
+-int network_write_chunkqueue_write(server *srv, connection *con, int fd, chunkqueue *cq) {
++int network_write_chunkqueue_write(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes) {
+ chunk *c;
+- size_t chunks_written = 0;
-@@ -949,7 +949,7 @@
+- for(c = cq->first; c; c = c->next) {
++ for(c = cq->first; (max_bytes > 0) && (NULL != c); c = c->next) {
+ int chunk_finished = 0;
- for (j = 0; j < ds->key->used - 1; j++) {
- p->tmp_buf->ptr[p->tmp_buf->used++] =
-- isalpha((unsigned char)ds->key->ptr[j]) ?
-+ light_isalnum((unsigned char)ds->key->ptr[j]) ?
- toupper((unsigned char)ds->key->ptr[j]) : '_';
- }
- p->tmp_buf->ptr[p->tmp_buf->used++] = '\0';
-@@ -987,6 +987,8 @@
- *c = '/';
- }
+ switch(c->type) {
+ case MEM_CHUNK: {
+ char * offset;
+- size_t toSend;
++ off_t toSend;
+ ssize_t r;
+
+ if (c->mem->used == 0) {
+@@ -44,6 +43,8 @@
-+ openDevNull(STDERR_FILENO);
+ offset = c->mem->ptr + c->offset;
+ toSend = c->mem->used - 1 - c->offset;
++ if (toSend > max_bytes) toSend = max_bytes;
+
- /* we don't need the client socket */
- for (i = 3; i < 256; i++) {
- if (i != srv->errorlog_fd) close(i);
-@@ -995,7 +997,7 @@
- /* exec the cgi */
- execve(args[0], args, env.ptr);
-
-- log_error_write(srv, __FILE__, __LINE__, "sss", "CGI failed:", strerror(errno), args[0]);
-+ /* log_error_write(srv, __FILE__, __LINE__, "sss", "CGI failed:", strerror(errno), args[0]); */
-
- /* */
- SEGFAULT();
-@@ -1058,8 +1060,9 @@
- switch(errno) {
- case ENOSPC:
- con->http_status = 507;
--
- break;
-+ case EINTR:
-+ continue;
- default:
- con->http_status = 403;
- break;
-@@ -1071,8 +1074,9 @@
- switch(errno) {
- case ENOSPC:
- con->http_status = 507;
--
- break;
-+ case EINTR:
-+ continue;
- default:
- con->http_status = 403;
- break;
-@@ -1087,6 +1091,8 @@
- c->offset += r;
- cq->bytes_out += r;
- } else {
-+ log_error_write(srv, __FILE__, __LINE__, "ss", "write() failed due to: ", strerror(errno));
-+ con->http_status = 500;
- break;
- }
- chunkqueue_remove_finished_chunks(cq);
-@@ -1174,6 +1180,8 @@
- plugin_data *p = p_d;
- buffer *fn = con->physical.path;
+ #ifdef __WIN32
+ if ((r = send(fd, offset, toSend, 0)) < 0) {
+ /* no error handling for windows... */
+@@ -72,6 +73,7 @@
+
+ c->offset += r;
+ cq->bytes_out += r;
++ max_bytes -= r;
+
+ if (c->offset == (off_t)c->mem->used - 1) {
+ chunk_finished = 1;
+@@ -85,7 +87,7 @@
+ #endif
+ ssize_t r;
+ off_t offset;
+- size_t toSend;
++ off_t toSend;
+ stat_cache_entry *sce = NULL;
+ int ifd;
-+ if (con->mode != DIRECT) return HANDLER_GO_ON;
+@@ -98,6 +100,8 @@
+ offset = c->file.start + c->offset;
+ toSend = c->file.length - c->offset;
+
++ if (toSend > max_bytes) toSend = max_bytes;
+
- if (fn->used == 0) return HANDLER_GO_ON;
+ if (offset > sce->st.st_size) {
+ log_error_write(srv, __FILE__, __LINE__, "sb", "file was shrinked:", c->file.name);
+
+@@ -181,6 +185,7 @@
- mod_cgi_patch_connection(srv, con, p);
-@@ -1189,6 +1197,7 @@
+ c->offset += r;
+ cq->bytes_out += r;
++ max_bytes -= r;
+
+ if (c->offset == c->file.length) {
+ chunk_finished = 1;
+@@ -200,11 +205,9 @@
+
+ break;
+ }
+-
+- chunks_written++;
+ }
- if (0 == strncmp(fn->ptr + s_len - ct_len, ds->key->ptr, ct_len)) {
- if (cgi_create_env(srv, con, p, ds->value)) {
-+ con->mode = DIRECT;
- con->http_status = 500;
+- return chunks_written;
++ return 0;
+ }
- buffer_reset(con->physical.path);
+ #if 0
Index: src/mod_secure_download.c
===================================================================
---- src/mod_secure_download.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/mod_secure_download.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -204,6 +204,8 @@
- time_t ts = 0;
- size_t i;
+--- src/mod_secure_download.c (.../tags/lighttpd-1.4.29)
++++ src/mod_secure_download.c (.../branches/lighttpd-1.4.x)
+@@ -8,18 +8,8 @@
+ #include <stdlib.h>
+ #include <string.h>
-+ if (con->mode != DIRECT) return HANDLER_GO_ON;
-+
- if (con->uri.path->used == 0) return HANDLER_GO_ON;
+-#ifdef USE_OPENSSL
+-# include <openssl/md5.h>
+-#else
+-# include "md5.h"
++#include "md5.h"
- mod_secdownload_patch_connection(srv, con, p);
-@@ -243,8 +245,8 @@
- }
+-typedef li_MD5_CTX MD5_CTX;
+-#define MD5_Init li_MD5_Init
+-#define MD5_Update li_MD5_Update
+-#define MD5_Final li_MD5_Final
+-
+-#endif
+-
+ #define HASHLEN 16
+ typedef unsigned char HASH[HASHLEN];
+ #define HASHHEXLEN 32
+@@ -200,7 +190,7 @@
- /* timed-out */
-- if (srv->cur_ts - ts > p->conf.timeout ||
-- srv->cur_ts - ts < -p->conf.timeout) {
-+ if ( (srv->cur_ts > ts && srv->cur_ts - ts > p->conf.timeout) ||
-+ (srv->cur_ts < ts && ts - srv->cur_ts > p->conf.timeout) ) {
- /* "Gone" as the url will never be valid again instead of "408 - Timeout" where the request may be repeated */
- con->http_status = 410;
+ URIHANDLER_FUNC(mod_secdownload_uri_handler) {
+ plugin_data *p = p_d;
+- MD5_CTX Md5Ctx;
++ li_MD5_CTX Md5Ctx;
+ HASH HA1;
+ const char *rel_uri, *ts_str, *md5_str;
+ time_t ts = 0;
+@@ -266,9 +256,9 @@
+ buffer_append_string(p->md5, rel_uri);
+ buffer_append_string_len(p->md5, ts_str, 8);
-@@ -268,7 +270,7 @@
+- MD5_Init(&Md5Ctx);
+- MD5_Update(&Md5Ctx, (unsigned char *)p->md5->ptr, p->md5->used - 1);
+- MD5_Final(HA1, &Md5Ctx);
++ li_MD5_Init(&Md5Ctx);
++ li_MD5_Update(&Md5Ctx, (unsigned char *)p->md5->ptr, p->md5->used - 1);
++ li_MD5_Final(HA1, &Md5Ctx);
buffer_copy_string_hex(p->md5, (char *)HA1, 16);
-- if (0 != strncmp(md5_str, p->md5->ptr, 32)) {
-+ if (0 != strncasecmp(md5_str, p->md5->ptr, 32)) {
- con->http_status = 403;
-
- log_error_write(srv, __FILE__, __LINE__, "sss",
-Index: src/array.c
+Index: src/base.h
===================================================================
---- src/array.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/array.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -330,30 +330,30 @@
- a = array_init();
-
- ds = data_string_init();
-- buffer_copy_string(ds->key, "abc");
-- buffer_copy_string(ds->value, "alfrag");
-+ buffer_copy_string_len(ds->key, CONST_STR_LEN("abc"));
-+ buffer_copy_string_len(ds->value, CONST_STR_LEN("alfrag"));
+--- src/base.h (.../tags/lighttpd-1.4.29)
++++ src/base.h (.../branches/lighttpd-1.4.x)
+@@ -277,6 +277,7 @@
+ buffer *ssl_cipher_list;
+ buffer *ssl_dh_file;
+ buffer *ssl_ec_curve;
++ unsigned short ssl_honor_cipher_order; /* determine SSL cipher in server-preferred order, not client-order */
+ unsigned short ssl_use_sslv2;
+ unsigned short ssl_use_sslv3;
+ unsigned short ssl_verifyclient;
+@@ -284,6 +285,7 @@
+ unsigned short ssl_verifyclient_depth;
+ buffer *ssl_verifyclient_username;
+ unsigned short ssl_verifyclient_export_cert;
++ unsigned short ssl_disable_client_renegotiation;
+
+ unsigned short use_ipv6, set_v6only; /* set_v6only is only a temporary option */
+ unsigned short defer_accept;
+@@ -437,6 +439,7 @@
+ # ifndef OPENSSL_NO_TLSEXT
+ buffer *tlsext_server_name;
+ # endif
++ unsigned int renegotiations; /* count of SSL_CB_HANDSHAKE_START */
+ #endif
+ /* etag handling */
+ etag_flags_t etag_flags;
+@@ -647,11 +650,9 @@
- array_insert_unique(a, (data_unset *)ds);
+ fdevent_handler_t event_handler;
- ds = data_string_init();
-- buffer_copy_string(ds->key, "abc");
-- buffer_copy_string(ds->value, "hameplman");
-+ buffer_copy_string_len(ds->key, CONST_STR_LEN("abc"));
-+ buffer_copy_string_len(ds->value, CONST_STR_LEN("hameplman"));
+- int (* network_backend_write)(struct server *srv, connection *con, int fd, chunkqueue *cq);
+- int (* network_backend_read)(struct server *srv, connection *con, int fd, chunkqueue *cq);
++ int (* network_backend_write)(struct server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes);
+ #ifdef USE_OPENSSL
+- int (* network_ssl_backend_write)(struct server *srv, connection *con, SSL *ssl, chunkqueue *cq);
+- int (* network_ssl_backend_read)(struct server *srv, connection *con, SSL *ssl, chunkqueue *cq);
++ int (* network_ssl_backend_write)(struct server *srv, connection *con, SSL *ssl, chunkqueue *cq, off_t max_bytes);
+ #endif
- array_insert_unique(a, (data_unset *)ds);
+ uid_t uid;
+Index: src/connections.c
+===================================================================
+--- src/connections.c (.../tags/lighttpd-1.4.29)
++++ src/connections.c (.../branches/lighttpd-1.4.x)
+@@ -223,6 +223,12 @@
- ds = data_string_init();
-- buffer_copy_string(ds->key, "123");
-- buffer_copy_string(ds->value, "alfrag");
-+ buffer_copy_string_len(ds->key, CONST_STR_LEN("123"));
-+ buffer_copy_string_len(ds->value, CONST_STR_LEN("alfrag"));
+ len = SSL_read(con->ssl, b->ptr + read_offset, toread);
- array_insert_unique(a, (data_unset *)ds);
++ if (con->renegotiations > 1 && con->conf.ssl_disable_client_renegotiation) {
++ connection_set_state(srv, con, CON_STATE_ERROR);
++ log_error_write(srv, __FILE__, __LINE__, "s", "SSL: renegotiation initiated by client");
++ return -1;
++ }
++
+ if (len > 0) {
+ if (b->used > 0) b->used--;
+ b->used += len;
+@@ -445,6 +451,7 @@
+ default:
+ switch(con->http_status) {
+ case 400: /* bad request */
++ case 401: /* authorization required */
+ case 414: /* overload request header */
+ case 505: /* unknown protocol */
+ case 207: /* this was webdav */
+@@ -617,8 +624,9 @@
+ }
- dc = data_count_init();
-- buffer_copy_string(dc->key, "def");
-+ buffer_copy_string_len(dc->key, CONST_STR_LEN("def"));
+ static int connection_handle_write(server *srv, connection *con) {
+- switch(network_write_chunkqueue(srv, con, con->write_queue)) {
++ switch(network_write_chunkqueue(srv, con, con->write_queue, MAX_WRITE_LIMIT)) {
+ case 0:
++ con->write_request_ts = srv->cur_ts;
+ if (con->file_finished) {
+ connection_set_state(srv, con, CON_STATE_RESPONSE_END);
+ joblist_append(srv, con);
+@@ -635,6 +643,7 @@
+ joblist_append(srv, con);
+ break;
+ case 1:
++ con->write_request_ts = srv->cur_ts;
+ con->is_writable = 0;
- array_insert_unique(a, (data_unset *)dc);
+ /* not finished yet -> WRITE */
+@@ -1251,8 +1260,6 @@
+ log_error_write(srv, __FILE__, __LINE__, "ds",
+ con->fd,
+ "handle write failed.");
+- } else if (con->state == CON_STATE_WRITE) {
+- con->write_request_ts = srv->cur_ts;
+ }
+ }
- dc = data_count_init();
-- buffer_copy_string(dc->key, "def");
-+ buffer_copy_string_len(dc->key, CONST_STR_LEN("def"));
+@@ -1352,6 +1359,7 @@
+ return NULL;
+ }
- array_insert_unique(a, (data_unset *)dc);
++ con->renegotiations = 0;
+ #ifndef OPENSSL_NO_TLSEXT
+ SSL_set_app_data(con->ssl, con);
+ #endif
+@@ -1667,8 +1675,6 @@
+ con->fd,
+ "handle write failed.");
+ connection_set_state(srv, con, CON_STATE_ERROR);
+- } else if (con->state == CON_STATE_WRITE) {
+- con->write_request_ts = srv->cur_ts;
+ }
+ }
-Index: src/base.h
+Index: src/mod_staticfile.c
===================================================================
---- src/base.h (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/base.h (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -259,6 +259,7 @@
- unsigned short log_request_handling;
- unsigned short log_response_header;
- unsigned short log_condition_handling;
-+ unsigned short log_ssl_noise;
+--- src/mod_staticfile.c (.../tags/lighttpd-1.4.29)
++++ src/mod_staticfile.c (.../branches/lighttpd-1.4.x)
+@@ -26,6 +26,7 @@
+ typedef struct {
+ array *exclude_ext;
+ unsigned short etags_used;
++ unsigned short disable_pathinfo;
+ } plugin_config;
+ typedef struct {
+@@ -84,6 +85,7 @@
+ config_values_t cv[] = {
+ { "static-file.exclude-extensions", NULL, T_CONFIG_ARRAY, T_CONFIG_SCOPE_CONNECTION }, /* 0 */
+ { "static-file.etags", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 1 */
++ { "static-file.disable-pathinfo", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 2 */
+ { NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
+ };
+
+@@ -97,9 +99,11 @@
+ s = calloc(1, sizeof(plugin_config));
+ s->exclude_ext = array_init();
+ s->etags_used = 1;
++ s->disable_pathinfo = 0;
+
+ cv[0].destination = s->exclude_ext;
+ cv[1].destination = &(s->etags_used);
++ cv[2].destination = &(s->disable_pathinfo);
+
+ p->config_storage[i] = s;
+
+@@ -119,6 +123,7 @@
+
+ PATCH(exclude_ext);
+ PATCH(etags_used);
++ PATCH(disable_pathinfo);
+
+ /* skip the first, the global context */
+ for (i = 1; i < srv->config_context->used; i++) {
+@@ -136,7 +141,9 @@
+ PATCH(exclude_ext);
+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("static-file.etags"))) {
+ PATCH(etags_used);
+- }
++ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("static-file.disable-pathinfo"))) {
++ PATCH(disable_pathinfo);
++ }
+ }
+ }
- /* server wide */
-Index: src/mod_rewrite.c
-===================================================================
---- src/mod_rewrite.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/mod_rewrite.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -350,7 +350,11 @@
+@@ -350,7 +357,6 @@
+ URIHANDLER_FUNC(mod_staticfile_subrequest) {
+ plugin_data *p = p_d;
+ size_t k;
+- int s_len;
+ stat_cache_entry *sce = NULL;
+ buffer *mtime = NULL;
+ data_string *ds;
+@@ -376,7 +382,12 @@
- if (!p->conf.rewrite) return HANDLER_GO_ON;
+ mod_staticfile_patch_connection(srv, con, p);
-- buffer_copy_string_buffer(p->match_buf, con->request.uri);
-+ buffer_copy_string_buffer(p->match_buf, con->uri.path);
-+ if (con->uri.query->used > 0) {
-+ buffer_append_string_len(p->match_buf, CONST_STR_LEN("?"));
-+ buffer_append_string_buffer(p->match_buf, con->uri.query);
+- s_len = con->uri.path->used - 1;
++ if (p->conf.disable_pathinfo && 0 != con->request.pathinfo->used) {
++ if (con->conf.log_request_handling) {
++ log_error_write(srv, __FILE__, __LINE__, "s", "-- NOT handling file as static file, pathinfo forbidden");
++ }
++ return HANDLER_GO_ON;
+ }
- for (i = 0; i < p->conf.rewrite->used; i++) {
- pcre *match;
-@@ -385,8 +389,7 @@
-
- start = 0; end = pattern_len;
- for (k = 0; k < pattern_len; k++) {
-- if ((pattern[k] == '$' || pattern[k] == '%') &&
-- isdigit((unsigned char)pattern[k + 1])) {
-+ if (pattern[k] == '$' || pattern[k] == '%') {
- /* got one */
-
- size_t num = pattern[k + 1] - '0';
-@@ -395,7 +398,10 @@
-
- buffer_append_string_len(con->request.uri, pattern + start, end - start);
-
-- if (pattern[k] == '$') {
-+ if (!isdigit((unsigned char)pattern[k + 1])) {
-+ /* enable escape: "%%" => "%", "%a" => "%a", "$$" => "$" */
-+ buffer_append_string_len(con->request.uri, pattern+k, pattern[k] == pattern[k+1] ? 1 : 2);
-+ } else if (pattern[k] == '$') {
- /* n is always > 0 */
- if (num < (size_t)n) {
- buffer_append_string(con->request.uri, list[num]);
-Index: src/lempar.c
-===================================================================
---- src/lempar.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/lempar.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -210,7 +210,7 @@
- */
- const char *ParseTokenName(int tokenType){
- #ifndef NDEBUG
-- if( tokenType>0 && tokenType<(sizeof(yyTokenName)/sizeof(yyTokenName[0])) ){
-+ if( tokenType>0 && (size_t)tokenType<(sizeof(yyTokenName)/sizeof(yyTokenName[0])) ){
- return yyTokenName[tokenType];
- }else{
- return "Unknown";
-@@ -335,7 +335,7 @@
- return YY_NO_ACTION;
- }
- i += iLookAhead;
-- if( i<0 || i>=YY_SZ_ACTTAB || yy_lookahead[i]!=iLookAhead ){
-+ if( i<0 || (size_t)i>=YY_SZ_ACTTAB || yy_lookahead[i]!=iLookAhead ){
- #ifdef YYFALLBACK
- int iFallback; /* Fallback token */
- if( iLookAhead<sizeof(yyFallback)/sizeof(yyFallback[0])
-@@ -378,7 +378,7 @@
- return YY_NO_ACTION;
- }
- i += iLookAhead;
-- if( i<0 || i>=YY_SZ_ACTTAB || yy_lookahead[i]!=iLookAhead ){
-+ if( i<0 || (size_t)i>=YY_SZ_ACTTAB || yy_lookahead[i]!=iLookAhead ){
- return yy_default[stateno];
- }else{
- return yy_action[i];
-@@ -456,7 +456,7 @@
- yymsp = &yypParser->yystack[yypParser->yyidx];
- #ifndef NDEBUG
- if( yyTraceFILE && yyruleno>=0
-- && yyruleno<sizeof(yyRuleName)/sizeof(yyRuleName[0]) ){
-+ && (size_t)yyruleno<sizeof(yyRuleName)/sizeof(yyRuleName[0]) ){
- fprintf(yyTraceFILE, "%sReduce [%s].\n", yyTracePrompt,
- yyRuleName[yyruleno]);
- }
-@@ -511,6 +511,8 @@
- int yymajor, /* The major type of the error token */
- YYMINORTYPE yyminor /* The minor type of the error token */
- ){
-+ UNUSED(yymajor);
-+ UNUSED(yyminor);
- ParseARG_FETCH;
- #define TOKEN (yyminor.yy0)
- %%
-Index: src/connections.c
+ /* ignore certain extensions */
+ for (k = 0; k < p->conf.exclude_ext->used; k++) {
+Index: src/network.c
===================================================================
---- src/connections.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/connections.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -199,6 +199,7 @@
-
- /* don't resize the buffer if we were in SSL_ERROR_WANT_* */
-
-+ ERR_clear_error();
- do {
- if (!con->ssl_error_want_reuse_buffer) {
- b = buffer_init();
-@@ -275,9 +276,19 @@
- /* fall thourgh */
- default:
- while((ssl_err = ERR_get_error())) {
-+ switch (ERR_GET_REASON(ssl_err)) {
-+ case SSL_R_SSL_HANDSHAKE_FAILURE:
-+ case SSL_R_TLSV1_ALERT_UNKNOWN_CA:
-+ case SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN:
-+ case SSL_R_SSLV3_ALERT_BAD_CERTIFICATE:
-+ if (!con->conf.log_ssl_noise) continue;
-+ break;
-+ default:
-+ break;
-+ }
- /* get all errors from the error-queue */
- log_error_write(srv, __FILE__, __LINE__, "sds", "SSL:",
-- r, ERR_error_string(ssl_err, NULL));
-+ r, ERR_error_string(ssl_err, NULL));
+--- src/network.c (.../tags/lighttpd-1.4.29)
++++ src/network.c (.../branches/lighttpd-1.4.x)
+@@ -27,6 +27,19 @@
+ # include <openssl/rand.h>
+ #endif
+
++#ifdef USE_OPENSSL
++static void ssl_info_callback(const SSL *ssl, int where, int ret) {
++ UNUSED(ret);
++
++ if (0 != (where & SSL_CB_HANDSHAKE_START)) {
++ connection *con = SSL_get_app_data(ssl);
++ ++con->renegotiations;
++ } else if (0 != (where & SSL_CB_HANDSHAKE_DONE)) {
++ ssl->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
++ }
++}
++#endif
++
+ static handler_t network_server_handle_fdevent(server *srv, void *context, int revents) {
+ server_socket *srv_socket = (server_socket *)context;
+ connection *con;
+@@ -480,9 +493,11 @@
+ network_backend_t backend;
+
+ #if OPENSSL_VERSION_NUMBER >= 0x0090800fL
++#ifndef OPENSSL_NO_ECDH
+ EC_KEY *ecdh;
+ int nid;
+ #endif
++#endif
+
+ #ifdef USE_OPENSSL
+ DH *dh;
+@@ -553,6 +568,11 @@
+ /* load SSL certificates */
+ for (i = 0; i < srv->config_context->used; i++) {
+ specific_config *s = srv->config_storage[i];
++#ifndef SSL_OP_NO_COMPRESSION
++# define SSL_OP_NO_COMPRESSION 0
++#endif
++ long ssloptions =
++ SSL_OP_ALL | SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION | SSL_OP_NO_COMPRESSION;
+
+ if (buffer_is_empty(s->ssl_pemfile)) continue;
+
+@@ -586,6 +606,9 @@
+ return -1;
+ }
+
++ SSL_CTX_set_options(s->ssl_ctx, ssloptions);
++ SSL_CTX_set_info_callback(s->ssl_ctx, ssl_info_callback);
++
+ if (!s->ssl_use_sslv2) {
+ /* disable SSLv2 */
+ if (!(SSL_OP_NO_SSLv2 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv2))) {
+@@ -611,6 +634,10 @@
+ ERR_error_string(ERR_get_error(), NULL));
+ return -1;
}
- break;
++
++ if (s->ssl_honor_cipher_order) {
++ SSL_CTX_set_options(s->ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
++ }
}
-@@ -299,6 +310,8 @@
+ /* Support for Diffie-Hellman key exchange */
+@@ -847,7 +874,7 @@
return 0;
- #else
-+ UNUSED(srv);
-+ UNUSED(con);
- return -1;
- #endif
}
-@@ -427,21 +440,22 @@
+
+-int network_write_chunkqueue(server *srv, connection *con, chunkqueue *cq) {
++int network_write_chunkqueue(server *srv, connection *con, chunkqueue *cq, off_t max_bytes) {
+ int ret = -1;
+ off_t written = 0;
+ #ifdef TCP_CORK
+@@ -855,16 +882,34 @@
+ #endif
+ server_socket *srv_socket = con->srv_socket;
+
+- if (con->conf.global_kbytes_per_second &&
+- *(con->conf.global_bytes_per_second_cnt_ptr) > con->conf.global_kbytes_per_second * 1024) {
+- /* we reached the global traffic limit */
++ if (con->conf.global_kbytes_per_second) {
++ off_t limit = con->conf.global_kbytes_per_second * 1024 - *(con->conf.global_bytes_per_second_cnt_ptr);
++ if (limit <= 0) {
++ /* we reached the global traffic limit */
+
+- con->traffic_limit_reached = 1;
+- joblist_append(srv, con);
++ con->traffic_limit_reached = 1;
++ joblist_append(srv, con);
+
+- return 1;
++ return 1;
++ } else {
++ if (max_bytes > limit) max_bytes = limit;
++ }
}
- switch(con->http_status) {
-- case 400: /* class: header + custom body */
-- case 401:
-- case 403:
-- case 404:
-- case 408:
-- case 409:
-- case 411:
-- case 416:
-- case 423:
-- case 500:
-- case 501:
-- case 503:
-- case 505:
-+ case 204: /* class: header only */
-+ case 205:
-+ case 304:
-+ /* disable chunked encoding again as we have no body */
-+ con->response.transfer_encoding &= ~HTTP_TRANSFER_ENCODING_CHUNKED;
-+ con->parsed_response &= ~HTTP_CONTENT_LENGTH;
-+ chunkqueue_reset(con->write_queue);
++ if (con->conf.kbytes_per_second) {
++ off_t limit = con->conf.kbytes_per_second * 1024 - con->bytes_written_cur_second;
++ if (limit <= 0) {
++ /* we reached the traffic limit */
+
-+ con->file_finished = 1;
-+ break;
-+ default: /* class: header + body */
- if (con->mode != DIRECT) break;
-
-+ /* only custom body for 4xx and 5xx */
-+ if (con->http_status < 400 || con->http_status >= 600) break;
++ con->traffic_limit_reached = 1;
++ joblist_append(srv, con);
+
- con->file_finished = 0;
-
- buffer_reset(con->physical.path);
-@@ -451,7 +465,8 @@
- stat_cache_entry *sce = NULL;
++ return 1;
++ } else {
++ if (max_bytes > limit) max_bytes = limit;
++ }
++ }
++
+ written = cq->bytes_out;
- buffer_copy_string_buffer(con->physical.path, con->conf.errorfile_prefix);
-- buffer_append_string(con->physical.path, get_http_status_body_name(con->http_status));
-+ buffer_append_long(con->physical.path, con->http_status);
-+ buffer_append_string_len(con->physical.path, CONST_STR_LEN(".html"));
-
- if (HANDLER_ERROR != stat_cache_get_entry(srv, con, con->physical.path, &sce)) {
- con->file_finished = 1;
-@@ -470,57 +485,34 @@
- b = chunkqueue_get_append_buffer(con->write_queue);
-
- /* build default error-page */
-- buffer_copy_string(b,
-+ buffer_copy_string_len(b, CONST_STR_LEN(
- "<?xml version=\"1.0\" encoding=\"iso-8859-1\"?>\n"
- "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"\n"
- " \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n"
- "<html xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"en\" lang=\"en\">\n"
- " <head>\n"
-- " <title>");
-+ " <title>"));
- buffer_append_long(b, con->http_status);
-- buffer_append_string(b, " - ");
-+ buffer_append_string_len(b, CONST_STR_LEN(" - "));
- buffer_append_string(b, get_http_status_name(con->http_status));
-
-- buffer_append_string(b,
-+ buffer_append_string_len(b, CONST_STR_LEN(
- "</title>\n"
- " </head>\n"
- " <body>\n"
-- " <h1>");
-+ " <h1>"));
- buffer_append_long(b, con->http_status);
-- buffer_append_string(b, " - ");
-+ buffer_append_string_len(b, CONST_STR_LEN(" - "));
- buffer_append_string(b, get_http_status_name(con->http_status));
-
-- buffer_append_string(b,"</h1>\n"
-+ buffer_append_string_len(b, CONST_STR_LEN("</h1>\n"
- " </body>\n"
- "</html>\n"
-- );
-+ ));
-
- response_header_overwrite(srv, con, CONST_STR_LEN("Content-Type"), CONST_STR_LEN("text/html"));
- }
-- /* fall through */
-- case 207:
-- case 200: /* class: header + body */
-- case 201:
-- case 300:
-- case 301:
-- case 302:
-- case 303:
-- case 307:
- break;
--
-- case 206: /* write_queue is already prepared */
-- break;
-- case 204:
-- case 205: /* class: header only */
-- case 304:
-- default:
-- /* disable chunked encoding again as we have no body */
-- con->response.transfer_encoding &= ~HTTP_TRANSFER_ENCODING_CHUNKED;
-- con->parsed_response &= ~HTTP_CONTENT_LENGTH;
-- chunkqueue_reset(con->write_queue);
--
-- con->file_finished = 1;
-- break;
- }
+ #ifdef TCP_CORK
+@@ -879,10 +924,10 @@
- if (con->file_finished) {
-@@ -544,7 +536,7 @@
- data_string *ds;
- /* no Content-Body, no Content-Length */
- if (NULL != (ds = (data_string*) array_get_element(con->response.headers, "Content-Length"))) {
-- buffer_reset(ds->value); // Headers with empty values are ignored for output
-+ buffer_reset(ds->value); /* Headers with empty values are ignored for output */
- }
- } else if (qlen > 0 || con->request.http_method != HTTP_METHOD_HEAD) {
- /* qlen = 0 is important for Redirects (301, ...) as they MAY have
-@@ -846,7 +838,7 @@
+ if (srv_socket->is_ssl) {
+ #ifdef USE_OPENSSL
+- ret = srv->network_ssl_backend_write(srv, con, con->ssl, cq);
++ ret = srv->network_ssl_backend_write(srv, con, con->ssl, cq, max_bytes);
+ #endif
+ } else {
+- ret = srv->network_backend_write(srv, con, con->fd, cq);
++ ret = srv->network_backend_write(srv, con, con->fd, cq, max_bytes);
}
- /* The cond_cache gets reset in response.c */
--// config_cond_cache_reset(srv, con);
-+ /* config_cond_cache_reset(srv, con); */
+ if (ret >= 0) {
+@@ -903,12 +948,5 @@
- #ifdef USE_OPENSSL
- if (con->ssl_error_want_reuse_buffer) {
-@@ -1668,21 +1660,51 @@
- }
- #ifdef USE_OPENSSL
- if (srv_sock->is_ssl) {
-- int ret;
-+ int ret, ssl_r;
-+ unsigned long err;
-+ ERR_clear_error();
- switch ((ret = SSL_shutdown(con->ssl))) {
- case 1:
- /* ok */
- break;
- case 0:
-- SSL_shutdown(con->ssl);
-- break;
-+ ERR_clear_error();
-+ if (-1 != (ret = SSL_shutdown(con->ssl))) break;
-+
-+ /* fall through */
- default:
-- log_error_write(srv, __FILE__, __LINE__, "sds", "SSL:",
-- SSL_get_error(con->ssl, ret),
-- ERR_error_string(ERR_get_error(), NULL));
-- return -1;
-+
-+ switch ((ssl_r = SSL_get_error(con->ssl, ret))) {
-+ case SSL_ERROR_WANT_WRITE:
-+ case SSL_ERROR_WANT_READ:
-+ break;
-+ case SSL_ERROR_SYSCALL:
-+ /* perhaps we have error waiting in our error-queue */
-+ if (0 != (err = ERR_get_error())) {
-+ do {
-+ log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:",
-+ ssl_r, ret,
-+ ERR_error_string(err, NULL));
-+ } while((err = ERR_get_error()));
-+ } else {
-+ log_error_write(srv, __FILE__, __LINE__, "sddds", "SSL (error):",
-+ ssl_r, ret, errno,
-+ strerror(errno));
-+ }
-+
-+ break;
-+ default:
-+ while((err = ERR_get_error())) {
-+ log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:",
-+ ssl_r, ret,
-+ ERR_error_string(err, NULL));
-+ }
-+
-+ break;
-+ }
- }
- }
-+ ERR_clear_error();
- #endif
+ *(con->conf.global_bytes_per_second_cnt_ptr) += written;
- switch(con->mode) {
-Index: src/mod_staticfile.c
+- if (con->conf.kbytes_per_second &&
+- (con->bytes_written_cur_second > con->conf.kbytes_per_second * 1024)) {
+- /* we reached the traffic limit */
+-
+- con->traffic_limit_reached = 1;
+- joblist_append(srv, con);
+- }
+ return ret;
+ }
+Index: src/network.h
===================================================================
---- src/mod_staticfile.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/mod_staticfile.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -282,22 +282,22 @@
+--- src/network.h (.../tags/lighttpd-1.4.29)
++++ src/network.h (.../branches/lighttpd-1.4.x)
+@@ -3,7 +3,7 @@
- b = chunkqueue_get_append_buffer(con->write_queue);
+ #include "server.h"
-- buffer_copy_string(b, "\r\n--");
-+ buffer_copy_string_len(b, CONST_STR_LEN("\r\n--"));
- buffer_append_string(b, boundary);
+-int network_write_chunkqueue(server *srv, connection *con, chunkqueue *c);
++int network_write_chunkqueue(server *srv, connection *con, chunkqueue *c, off_t max_bytes);
- /* write Content-Range */
-- buffer_append_string(b, "\r\nContent-Range: bytes ");
-+ buffer_append_string_len(b, CONST_STR_LEN("\r\nContent-Range: bytes "));
- buffer_append_off_t(b, start);
-- buffer_append_string(b, "-");
-+ buffer_append_string_len(b, CONST_STR_LEN("-"));
- buffer_append_off_t(b, end);
-- buffer_append_string(b, "/");
-+ buffer_append_string_len(b, CONST_STR_LEN("/"));
- buffer_append_off_t(b, sce->st.st_size);
+ int network_init(server *srv);
+ int network_close(server *srv);
+Index: src/configfile.c
+===================================================================
+--- src/configfile.c (.../tags/lighttpd-1.4.29)
++++ src/configfile.c (.../branches/lighttpd-1.4.x)
+@@ -105,6 +105,8 @@
+ { "ssl.use-sslv3", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 62 */
+ { "ssl.dh-file", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER }, /* 63 */
+ { "ssl.ec-curve", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER }, /* 64 */
++ { "ssl.disable-client-renegotiation", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER },/* 65 */
++ { "ssl.honor-cipher-order", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 66 */
-- buffer_append_string(b, "\r\nContent-Type: ");
-+ buffer_append_string_len(b, CONST_STR_LEN("\r\nContent-Type: "));
- buffer_append_string_buffer(b, content_type);
+ { "server.host", "use server.bind instead", T_CONFIG_DEPRECATED, T_CONFIG_SCOPE_UNSET },
+ { "server.docroot", "use server.document-root instead", T_CONFIG_DEPRECATED, T_CONFIG_SCOPE_UNSET },
+@@ -176,6 +178,7 @@
+ s->max_write_idle = 360;
+ s->use_xattr = 0;
+ s->is_ssl = 0;
++ s->ssl_honor_cipher_order = 1;
+ s->ssl_use_sslv2 = 0;
+ s->ssl_use_sslv3 = 1;
+ s->use_ipv6 = 0;
+@@ -199,6 +202,7 @@
+ s->ssl_verifyclient_username = buffer_init();
+ s->ssl_verifyclient_depth = 9;
+ s->ssl_verifyclient_export_cert = 0;
++ s->ssl_disable_client_renegotiation = 1;
+
+ cv[2].destination = s->errorfile_prefix;
+
+@@ -245,6 +249,8 @@
+ cv[62].destination = &(s->ssl_use_sslv3);
+ cv[63].destination = s->ssl_dh_file;
+ cv[64].destination = s->ssl_ec_curve;
++ cv[66].destination = &(s->ssl_honor_cipher_order);
++
+ cv[49].destination = &(s->etag_use_inode);
+ cv[50].destination = &(s->etag_use_mtime);
+ cv[51].destination = &(s->etag_use_size);
+@@ -255,6 +261,7 @@
+ cv[58].destination = &(s->ssl_verifyclient_depth);
+ cv[59].destination = s->ssl_verifyclient_username;
+ cv[60].destination = &(s->ssl_verifyclient_export_cert);
++ cv[65].destination = &(s->ssl_disable_client_renegotiation);
- /* write END-OF-HEADER */
-- buffer_append_string(b, "\r\n\r\n");
-+ buffer_append_string_len(b, CONST_STR_LEN("\r\n\r\n"));
+ srv->config_storage[i] = s;
- con->response.content_length += b->used - 1;
+@@ -335,6 +342,7 @@
+ PATCH(ssl_cipher_list);
+ PATCH(ssl_dh_file);
+ PATCH(ssl_ec_curve);
++ PATCH(ssl_honor_cipher_order);
+ PATCH(ssl_use_sslv2);
+ PATCH(ssl_use_sslv3);
+ PATCH(etag_use_inode);
+@@ -346,6 +354,7 @@
+ PATCH(ssl_verifyclient_depth);
+ PATCH(ssl_verifyclient_username);
+ PATCH(ssl_verifyclient_export_cert);
++ PATCH(ssl_disable_client_renegotiation);
-@@ -325,7 +325,7 @@
+ return 0;
+ }
+@@ -400,6 +409,8 @@
+ #endif
+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.ca-file"))) {
+ PATCH(ssl_ca_file);
++ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.honor-cipher-order"))) {
++ PATCH(ssl_honor_cipher_order);
+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.use-sslv2"))) {
+ PATCH(ssl_use_sslv2);
+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.use-sslv3"))) {
+@@ -454,6 +465,8 @@
+ PATCH(ssl_verifyclient_username);
+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.verifyclient.exportcert"))) {
+ PATCH(ssl_verifyclient_export_cert);
++ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.disable-client-renegotiation"))) {
++ PATCH(ssl_disable_client_renegotiation);
+ }
+ }
+ }
+Index: src/mod_scgi.c
+===================================================================
+--- src/mod_scgi.c (.../tags/lighttpd-1.4.29)
++++ src/mod_scgi.c (.../branches/lighttpd-1.4.x)
+@@ -2296,7 +2296,7 @@
- /* set header-fields */
+ /* fall through */
+ case FCGI_STATE_WRITE:
+- ret = srv->network_backend_write(srv, con, hctx->fd, hctx->wb);
++ ret = srv->network_backend_write(srv, con, hctx->fd, hctx->wb, MAX_WRITE_LIMIT);
-- buffer_copy_string(p->range_buf, "multipart/byteranges; boundary=");
-+ buffer_copy_string_len(p->range_buf, CONST_STR_LEN("multipart/byteranges; boundary="));
- buffer_append_string(p->range_buf, boundary);
+ chunkqueue_remove_finished_chunks(hctx->wb);
- /* overwrite content-type */
-@@ -333,11 +333,11 @@
- } else {
- /* add Content-Range-header */
-
-- buffer_copy_string(p->range_buf, "bytes ");
-+ buffer_copy_string_len(p->range_buf, CONST_STR_LEN("bytes "));
- buffer_append_off_t(p->range_buf, start);
-- buffer_append_string(p->range_buf, "-");
-+ buffer_append_string_len(p->range_buf, CONST_STR_LEN("-"));
- buffer_append_off_t(p->range_buf, end);
-- buffer_append_string(p->range_buf, "/");
-+ buffer_append_string_len(p->range_buf, CONST_STR_LEN("/"));
- buffer_append_off_t(p->range_buf, sce->st.st_size);
-
- response_header_insert(srv, con, CONST_STR_LEN("Content-Range"), CONST_BUF_LEN(p->range_buf));
-Index: src/network.c
+Index: src/request.c
+===================================================================
+--- src/request.c (.../tags/lighttpd-1.4.29)
++++ src/request.c (.../branches/lighttpd-1.4.x)
+@@ -49,7 +49,7 @@
+ if (++colon_cnt > 7) {
+ return -1;
+ }
+- } else if (!light_isxdigit(*c)) {
++ } else if (!light_isxdigit(*c) && '.' != *c) {
+ return -1;
+ }
+ }
+Index: src/network_backends.h
===================================================================
---- src/network.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/network.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -494,7 +494,7 @@
- b = buffer_init();
+--- src/network_backends.h (.../tags/lighttpd-1.4.29)
++++ src/network_backends.h (.../branches/lighttpd-1.4.x)
+@@ -47,18 +47,18 @@
+ #include "base.h"
- buffer_copy_string_buffer(b, srv->srvconf.bindhost);
-- buffer_append_string(b, ":");
-+ buffer_append_string_len(b, CONST_STR_LEN(":"));
- buffer_append_long(b, srv->srvconf.port);
+ /* return values:
+- * >= 0 : chunks completed
++ * >= 0 : no error
+ * -1 : error (on our side)
+ * -2 : remote close
+ */
- if (0 != network_server_init(srv, b, srv->config_storage[0])) {
-Index: src/configfile.c
+-int network_write_chunkqueue_write(server *srv, connection *con, int fd, chunkqueue *cq);
+-int network_write_chunkqueue_writev(server *srv, connection *con, int fd, chunkqueue *cq);
+-int network_write_chunkqueue_linuxsendfile(server *srv, connection *con, int fd, chunkqueue *cq);
+-int network_write_chunkqueue_freebsdsendfile(server *srv, connection *con, int fd, chunkqueue *cq);
+-int network_write_chunkqueue_solarissendfilev(server *srv, connection *con, int fd, chunkqueue *cq);
++int network_write_chunkqueue_write(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes);
++int network_write_chunkqueue_writev(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes);
++int network_write_chunkqueue_linuxsendfile(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes);
++int network_write_chunkqueue_freebsdsendfile(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes);
++int network_write_chunkqueue_solarissendfilev(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes);
+ #ifdef USE_OPENSSL
+-int network_write_chunkqueue_openssl(server *srv, connection *con, SSL *ssl, chunkqueue *cq);
++int network_write_chunkqueue_openssl(server *srv, connection *con, SSL *ssl, chunkqueue *cq, off_t max_bytes);
+ #endif
+
+ #endif
+Index: src/SConscript
===================================================================
---- src/configfile.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/configfile.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -7,6 +7,7 @@
- #include <string.h>
+--- src/SConscript (.../tags/lighttpd-1.4.29)
++++ src/SConscript (.../branches/lighttpd-1.4.x)
+@@ -12,7 +12,8 @@
+ data_integer.c md5.c data_fastcgi.c \
+ fdevent_select.c fdevent_libev.c \
+ fdevent_poll.c fdevent_linux_sysepoll.c \
+- fdevent_solaris_devpoll.c fdevent_freebsd_kqueue.c \
++ fdevent_solaris_devpoll.c fdevent_solaris_port.c \
++ fdevent_freebsd_kqueue.c \
+ data_config.c bitset.c \
+ inet_ntop_cache.c crc32.c \
+ connections-glue.c \
+@@ -62,7 +63,7 @@
+ 'mod_redirect' : { 'src' : [ 'mod_redirect.c' ], 'lib' : [ env['LIBPCRE'] ] },
+ 'mod_rewrite' : { 'src' : [ 'mod_rewrite.c' ], 'lib' : [ env['LIBPCRE'] ] },
+ 'mod_auth' : {
+- 'src' : [ 'mod_auth.c', 'http_auth_digest.c', 'http_auth.c' ],
++ 'src' : [ 'mod_auth.c', 'http_auth.c' ],
+ 'lib' : [ env['LIBCRYPT'], env['LIBLDAP'], env['LIBLBER'] ] },
+ 'mod_webdav' : { 'src' : [ 'mod_webdav.c' ], 'lib' : [ env['LIBXML2'], env['LIBSQLITE3'], env['LIBUUID'] ] },
+ 'mod_mysql_vhost' : { 'src' : [ 'mod_mysql_vhost.c' ], 'lib' : [ env['LIBMYSQL'] ] },
+Index: src/mod_cml_funcs.c
+===================================================================
+--- src/mod_cml_funcs.c (.../tags/lighttpd-1.4.29)
++++ src/mod_cml_funcs.c (.../branches/lighttpd-1.4.x)
+@@ -17,18 +17,8 @@
+ #include <dirent.h>
#include <stdio.h>
- #include <ctype.h>
-+#include <limits.h>
- #include <assert.h>
- #include "server.h"
-@@ -74,24 +75,25 @@
- { "debug.log-request-handling", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 32 */
- { "debug.log-response-header", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 33 */
- { "debug.log-request-header", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 34 */
-+ { "debug.log-ssl-noise", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 35 */
-
-- { "server.protocol-http11", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 35 */
-- { "debug.log-request-header-on-error", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 36 */
-- { "debug.log-state-handling", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 37 */
-- { "ssl.ca-file", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER }, /* 38 */
-+ { "server.protocol-http11", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 36 */
-+ { "debug.log-request-header-on-error", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 37 */
-+ { "debug.log-state-handling", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 38 */
-+ { "ssl.ca-file", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER }, /* 39 */
-
-- { "server.errorlog-use-syslog", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 39 */
-- { "server.range-requests", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 40 */
-- { "server.stat-cache-engine", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 41 */
-- { "server.max-connections", NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_SERVER }, /* 42 */
-- { "server.network-backend", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 43 */
-- { "server.upload-dirs", NULL, T_CONFIG_ARRAY, T_CONFIG_SCOPE_CONNECTION }, /* 44 */
-- { "server.core-files", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 45 */
-- { "ssl.cipher-list", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER }, /* 46 */
-- { "ssl.use-sslv2", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 47 */
-- { "etag.use-inode", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 48 */
-- { "etag.use-mtime", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 49 */
-- { "etag.use-size", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 50 */
-+ { "server.errorlog-use-syslog", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 40 */
-+ { "server.range-requests", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 41 */
-+ { "server.stat-cache-engine", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 42 */
-+ { "server.max-connections", NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_SERVER }, /* 43 */
-+ { "server.network-backend", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 44 */
-+ { "server.upload-dirs", NULL, T_CONFIG_ARRAY, T_CONFIG_SCOPE_CONNECTION }, /* 45 */
-+ { "server.core-files", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 46 */
-+ { "ssl.cipher-list", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER }, /* 47 */
-+ { "ssl.use-sslv2", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 48 */
-+ { "etag.use-inode", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 49 */
-+ { "etag.use-mtime", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 50 */
-+ { "etag.use-size", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 51 */
- { "server.host", "use server.bind instead", T_CONFIG_DEPRECATED, T_CONFIG_SCOPE_UNSET },
- { "server.docroot", "use server.document-root instead", T_CONFIG_DEPRECATED, T_CONFIG_SCOPE_UNSET },
- { "server.virtual-root", "load mod_simple_vhost and use simple-vhost.server-root instead", T_CONFIG_DEPRECATED, T_CONFIG_SCOPE_UNSET },
-@@ -120,18 +122,18 @@
-
- cv[13].destination = &(srv->srvconf.max_worker);
- cv[23].destination = &(srv->srvconf.max_fds);
-- cv[36].destination = &(srv->srvconf.log_request_header_on_error);
-- cv[37].destination = &(srv->srvconf.log_state_handling);
-+ cv[37].destination = &(srv->srvconf.log_request_header_on_error);
-+ cv[38].destination = &(srv->srvconf.log_state_handling);
-
-- cv[39].destination = &(srv->srvconf.errorlog_use_syslog);
-+ cv[40].destination = &(srv->srvconf.errorlog_use_syslog);
-
- stat_cache_string = buffer_init();
-- cv[41].destination = stat_cache_string;
-- cv[43].destination = srv->srvconf.network_backend;
-- cv[44].destination = srv->srvconf.upload_tempdirs;
-- cv[45].destination = &(srv->srvconf.enable_cores);
-+ cv[42].destination = stat_cache_string;
-+ cv[44].destination = srv->srvconf.network_backend;
-+ cv[45].destination = srv->srvconf.upload_tempdirs;
-+ cv[46].destination = &(srv->srvconf.enable_cores);
-
-- cv[42].destination = &(srv->srvconf.max_conns);
-+ cv[43].destination = &(srv->srvconf.max_conns);
- cv[12].destination = &(srv->srvconf.max_request_size);
- srv->config_storage = calloc(1, srv->config_context->used * sizeof(specific_config *));
-
-@@ -204,16 +206,17 @@
- cv[32].destination = &(s->log_request_handling);
- cv[33].destination = &(s->log_response_header);
- cv[34].destination = &(s->log_request_header);
-+ cv[35].destination = &(s->log_ssl_noise);
-
-- cv[35].destination = &(s->allow_http11);
-- cv[38].destination = s->ssl_ca_file;
-- cv[40].destination = &(s->range_requests);
-+ cv[36].destination = &(s->allow_http11);
-+ cv[39].destination = s->ssl_ca_file;
-+ cv[41].destination = &(s->range_requests);
-
-- cv[46].destination = s->ssl_cipher_list;
-- cv[47].destination = &(s->ssl_use_sslv2);
-- cv[48].destination = &(s->etag_use_inode);
-- cv[49].destination = &(s->etag_use_mtime);
-- cv[50].destination = &(s->etag_use_size);
-+ cv[47].destination = s->ssl_cipher_list;
-+ cv[48].destination = &(s->ssl_use_sslv2);
-+ cv[49].destination = &(s->etag_use_inode);
-+ cv[50].destination = &(s->etag_use_mtime);
-+ cv[51].destination = &(s->etag_use_size);
+-#ifdef USE_OPENSSL
+-# include <openssl/md5.h>
+-#else
+-# include "md5.h"
++#include "md5.h"
- srv->config_storage[i] = s;
+-typedef li_MD5_CTX MD5_CTX;
+-#define MD5_Init li_MD5_Init
+-#define MD5_Update li_MD5_Update
+-#define MD5_Final li_MD5_Final
+-
+-#endif
+-
+ #define HASHLEN 16
+ typedef unsigned char HASH[HASHLEN];
+ #define HASHHEXLEN 32
+@@ -43,7 +33,7 @@
+ #ifdef HAVE_LUA_H
+
+ int f_crypto_md5(lua_State *L) {
+- MD5_CTX Md5Ctx;
++ li_MD5_CTX Md5Ctx;
+ HASH HA1;
+ buffer b;
+ char hex[33];
+@@ -63,9 +53,9 @@
+ lua_error(L);
+ }
+
+- MD5_Init(&Md5Ctx);
+- MD5_Update(&Md5Ctx, (unsigned char *)lua_tostring(L, 1), lua_strlen(L, 1));
+- MD5_Final(HA1, &Md5Ctx);
++ li_MD5_Init(&Md5Ctx);
++ li_MD5_Update(&Md5Ctx, (unsigned char *)lua_tostring(L, 1), lua_strlen(L, 1));
++ li_MD5_Final(HA1, &Md5Ctx);
+
+ buffer_copy_string_hex(&b, (char *)HA1, 16);
-@@ -279,6 +282,7 @@
- PATCH(log_request_handling);
- PATCH(log_condition_handling);
- PATCH(log_file_not_found);
-+ PATCH(log_ssl_noise);
+Index: src/mod_userdir.c
+===================================================================
+--- src/mod_userdir.c (.../tags/lighttpd-1.4.29)
++++ src/mod_userdir.c (.../branches/lighttpd-1.4.x)
+@@ -166,7 +166,6 @@
- PATCH(range_requests);
- PATCH(force_lowercase_filenames);
-@@ -305,9 +309,6 @@
- data_config *dc = (data_config *)srv->config_context->data[i];
- specific_config *s = srv->config_storage[i];
+ URIHANDLER_FUNC(mod_userdir_docroot_handler) {
+ plugin_data *p = p_d;
+- int uri_len;
+ size_t k;
+ char *rel_url;
+ #ifdef HAVE_PWD_H
+@@ -182,8 +181,6 @@
+ */
+ if (p->conf.path->used == 0) return HANDLER_GO_ON;
-- /* not our stage */
-- if (comp != dc->comp) continue;
+- uri_len = con->uri.path->used - 1;
-
- /* condition didn't match */
- if (!config_check_cond(srv, con, dc)) continue;
-
-@@ -371,6 +372,8 @@
- PATCH(log_condition_handling);
- } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("debug.log-file-not-found"))) {
- PATCH(log_file_not_found);
-+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("debug.log-ssl-noise"))) {
-+ PATCH(log_ssl_noise);
- } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("server.protocol-http11"))) {
- PATCH(allow_http11);
- } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("server.force-lowercase-filenames"))) {
-@@ -410,8 +413,8 @@
+ /* /~user/foo.html -> /home/user/public_html/foo.html */
- #if 0
- static int tokenizer_open(server *srv, tokenizer_t *t, buffer *basedir, const char *fn) {
-- if (buffer_is_empty(basedir) &&
-- (fn[0] == '/' || fn[0] == '\\') &&
-+ if (buffer_is_empty(basedir) ||
-+ (fn[0] == '/' || fn[0] == '\\') ||
- (fn[0] == '.' && (fn[1] == '/' || fn[1] == '\\'))) {
- t->file = buffer_init_string(fn);
- } else {
-@@ -480,7 +483,7 @@
- if (t->input[t->offset + 1] == '>') {
- t->offset += 2;
+ if (con->uri.path->ptr[0] != '/' ||
+Index: src/mod_proxy.c
+===================================================================
+--- src/mod_proxy.c (.../tags/lighttpd-1.4.29)
++++ src/mod_proxy.c (.../branches/lighttpd-1.4.x)
+@@ -825,7 +825,7 @@
-- buffer_copy_string(token, "=>");
-+ buffer_copy_string_len(token, CONST_STR_LEN("=>"));
+ /* fall through */
+ case PROXY_STATE_WRITE:;
+- ret = srv->network_backend_write(srv, con, hctx->fd, hctx->wb);
++ ret = srv->network_backend_write(srv, con, hctx->fd, hctx->wb, MAX_WRITE_LIMIT);
- tid = TK_ARRAY_ASSIGN;
- } else {
-@@ -494,13 +497,13 @@
- if (t->input[t->offset + 1] == '=') {
- t->offset += 2;
+ chunkqueue_remove_finished_chunks(hctx->wb);
+
+Index: src/Makefile.am
+===================================================================
+--- src/Makefile.am (.../tags/lighttpd-1.4.29)
++++ src/Makefile.am (.../branches/lighttpd-1.4.x)
+@@ -241,7 +241,7 @@
+ mod_compress_la_LIBADD = $(Z_LIB) $(BZ_LIB) $(common_libadd)
+
+ lib_LTLIBRARIES += mod_auth.la
+-mod_auth_la_SOURCES = mod_auth.c http_auth_digest.c http_auth.c
++mod_auth_la_SOURCES = mod_auth.c http_auth.c
+ mod_auth_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
+ mod_auth_la_LIBADD = $(CRYPT_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd)
+
+@@ -268,7 +268,7 @@
+
+ hdr = server.h buffer.h network.h log.h keyvalue.h \
+ response.h request.h fastcgi.h chunk.h \
+- settings.h http_chunk.h http_auth_digest.h \
++ settings.h http_chunk.h \
+ md5.h http_auth.h stream.h \
+ fdevent.h connections.h base.h stat_cache.h \
+ plugin.h mod_auth.h \
+Index: src/network_writev.c
+===================================================================
+--- src/network_writev.c (.../tags/lighttpd-1.4.29)
++++ src/network_writev.c (.../branches/lighttpd-1.4.x)
+@@ -30,17 +30,16 @@
+ #define LOCAL_BUFFERING 1
+ #endif
-- buffer_copy_string(token, "==");
-+ buffer_copy_string_len(token, CONST_STR_LEN("=="));
+-int network_write_chunkqueue_writev(server *srv, connection *con, int fd, chunkqueue *cq) {
++int network_write_chunkqueue_writev(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes) {
+ chunk *c;
+- size_t chunks_written = 0;
+
+- for(c = cq->first; c; c = c->next) {
++ for(c = cq->first; (max_bytes > 0) && (NULL != c); c = c->next) {
+ int chunk_finished = 0;
+
+ switch(c->type) {
+ case MEM_CHUNK: {
+ char * offset;
+- size_t toSend;
++ off_t toSend;
+ ssize_t r;
+
+ size_t num_chunks, i;
+@@ -65,12 +64,10 @@
+ #error "sysconf() doesnt return _SC_IOV_MAX ..., check the output of 'man writev' for the EINVAL error and send the output to jan@kneschke.de"
+ #endif
+
+- /* we can't send more then SSIZE_MAX bytes in one chunk */
+-
+ /* build writev list
+ *
+ * 1. limit: num_chunks < max_chunks
+- * 2. limit: num_bytes < SSIZE_MAX
++ * 2. limit: num_bytes < max_bytes
+ */
+ for (num_chunks = 0, tc = c; tc && tc->type == MEM_CHUNK && num_chunks < max_chunks; num_chunks++, tc = tc->next);
- tid = TK_EQ;
- } else if (t->input[t->offset + 1] == '~') {
- t->offset += 2;
+@@ -87,9 +84,9 @@
+ chunks[i].iov_base = offset;
-- buffer_copy_string(token, "=~");
-+ buffer_copy_string_len(token, CONST_STR_LEN("=~"));
+ /* protect the return value of writev() */
+- if (toSend > SSIZE_MAX ||
+- num_bytes + toSend > SSIZE_MAX) {
+- chunks[i].iov_len = SSIZE_MAX - num_bytes;
++ if (toSend > max_bytes ||
++ (off_t) num_bytes + toSend > max_bytes) {
++ chunks[i].iov_len = max_bytes - num_bytes;
- tid = TK_MATCH;
- } else {
-@@ -533,13 +536,13 @@
- if (t->input[t->offset + 1] == '=') {
- t->offset += 2;
+ num_chunks = i + 1;
+ break;
+@@ -121,6 +118,7 @@
+ }
-- buffer_copy_string(token, "!=");
-+ buffer_copy_string_len(token, CONST_STR_LEN("!="));
+ cq->bytes_out += r;
++ max_bytes -= r;
- tid = TK_NE;
- } else if (t->input[t->offset + 1] == '~') {
- t->offset += 2;
+ /* check which chunks have been written */
-- buffer_copy_string(token, "!~");
-+ buffer_copy_string_len(token, CONST_STR_LEN("!~"));
+@@ -132,11 +130,10 @@
- tid = TK_NOMATCH;
+ if (chunk_finished) {
+ /* skip the chunks from further touches */
+- chunks_written++;
+ c = c->next;
+ } else {
+ /* chunks_written + c = c->next is done in the for()*/
+- chunk_finished++;
++ chunk_finished = 1;
+ }
} else {
-@@ -594,7 +597,7 @@
- }
- t->in_key = 1;
- tid = TK_EOL;
-- buffer_copy_string(token, "(EOL)");
-+ buffer_copy_string_len(token, CONST_STR_LEN("(EOL)"));
- } else {
- config_skip_newline(t);
- t->line_pos = 1;
-@@ -605,7 +608,7 @@
- if (t->in_brace > 0) {
- tid = TK_COMMA;
-
-- buffer_copy_string(token, "(COMMA)");
-+ buffer_copy_string_len(token, CONST_STR_LEN("(COMMA)"));
+ /* partially written */
+@@ -284,6 +281,8 @@
+ assert(toSend < 0);
}
- t->offset++;
-@@ -614,7 +617,7 @@
- case '"':
- /* search for the terminating " */
- start = t->input + t->offset + 1;
-- buffer_copy_string(token, "");
-+ buffer_copy_string_len(token, CONST_STR_LEN(""));
++ if (toSend > max_bytes) toSend = max_bytes;
++
+ #ifdef LOCAL_BUFFERING
+ start = c->mem->ptr;
+ #else
+@@ -309,6 +308,7 @@
- for (i = 1; t->input[t->offset + i]; i++) {
- if (t->input[t->offset + i] == '\\' &&
-@@ -660,7 +663,7 @@
+ c->offset += r;
+ cq->bytes_out += r;
++ max_bytes -= r;
- tid = TK_LPARAN;
+ if (c->offset == c->file.length) {
+ chunk_finished = 1;
+@@ -334,11 +334,9 @@
-- buffer_copy_string(token, "(");
-+ buffer_copy_string_len(token, CONST_STR_LEN("("));
break;
- case ')':
- t->offset++;
-@@ -668,7 +671,7 @@
+ }
+-
+- chunks_written++;
+ }
- tid = TK_RPARAN;
+- return chunks_written;
++ return 0;
+ }
-- buffer_copy_string(token, ")");
-+ buffer_copy_string_len(token, CONST_STR_LEN(")"));
- break;
- case '$':
- t->offset++;
-@@ -677,19 +680,19 @@
- t->in_cond = 1;
- t->in_key = 0;
+ #endif
+Index: src/network_freebsd_sendfile.c
+===================================================================
+--- src/network_freebsd_sendfile.c (.../tags/lighttpd-1.4.29)
++++ src/network_freebsd_sendfile.c (.../branches/lighttpd-1.4.x)
+@@ -31,17 +31,16 @@
+ # endif
+ #endif
-- buffer_copy_string(token, "$");
-+ buffer_copy_string_len(token, CONST_STR_LEN("$"));
+-int network_write_chunkqueue_freebsdsendfile(server *srv, connection *con, int fd, chunkqueue *cq) {
++int network_write_chunkqueue_freebsdsendfile(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes) {
+ chunk *c;
+- size_t chunks_written = 0;
- break;
+- for(c = cq->first; c; c = c->next, chunks_written++) {
++ for(c = cq->first; (max_bytes > 0) && (NULL != c); c = c->next) {
+ int chunk_finished = 0;
- case '+':
- if (t->input[t->offset + 1] == '=') {
- t->offset += 2;
-- buffer_copy_string(token, "+=");
-+ buffer_copy_string_len(token, CONST_STR_LEN("+="));
- tid = TK_APPEND;
- } else {
- t->offset++;
- tid = TK_PLUS;
-- buffer_copy_string(token, "+");
-+ buffer_copy_string_len(token, CONST_STR_LEN("+"));
- }
- break;
+ switch(c->type) {
+ case MEM_CHUNK: {
+ char * offset;
+- size_t toSend;
++ off_t toSend;
+ ssize_t r;
-@@ -698,7 +701,7 @@
+ size_t num_chunks, i;
+@@ -49,12 +48,10 @@
+ chunk *tc;
+ size_t num_bytes = 0;
- tid = TK_LCURLY;
+- /* we can't send more then SSIZE_MAX bytes in one chunk */
+-
+ /* build writev list
+ *
+ * 1. limit: num_chunks < UIO_MAXIOV
+- * 2. limit: num_bytes < SSIZE_MAX
++ * 2. limit: num_bytes < max_bytes
+ */
+ for(num_chunks = 0, tc = c; tc && tc->type == MEM_CHUNK && num_chunks < UIO_MAXIOV; num_chunks++, tc = tc->next);
-- buffer_copy_string(token, "{");
-+ buffer_copy_string_len(token, CONST_STR_LEN("{"));
+@@ -69,9 +66,9 @@
+ chunks[i].iov_base = offset;
- break;
+ /* protect the return value of writev() */
+- if (toSend > SSIZE_MAX ||
+- num_bytes + toSend > SSIZE_MAX) {
+- chunks[i].iov_len = SSIZE_MAX - num_bytes;
++ if (toSend > max_bytes ||
++ (off_t) num_bytes + toSend > max_bytes) {
++ chunks[i].iov_len = max_bytes - num_bytes;
-@@ -707,7 +710,7 @@
+ num_chunks = i + 1;
+ break;
+@@ -105,6 +102,7 @@
- tid = TK_RCURLY;
+ /* check which chunks have been written */
+ cq->bytes_out += r;
++ max_bytes -= r;
-- buffer_copy_string(token, "}");
-+ buffer_copy_string_len(token, CONST_STR_LEN("}"));
+ for(i = 0, tc = c; i < num_chunks; i++, tc = tc->next) {
+ if (r >= (ssize_t)chunks[i].iov_len) {
+@@ -114,11 +112,10 @@
- break;
+ if (chunk_finished) {
+ /* skip the chunks from further touches */
+- chunks_written++;
+ c = c->next;
+ } else {
+ /* chunks_written + c = c->next is done in the for()*/
+- chunk_finished++;
++ chunk_finished = 1;
+ }
+ } else {
+ /* partially written */
+@@ -134,7 +131,7 @@
+ }
+ case FILE_CHUNK: {
+ off_t offset, r;
+- size_t toSend;
++ off_t toSend;
+ stat_cache_entry *sce = NULL;
-@@ -716,7 +719,7 @@
+ if (HANDLER_ERROR == stat_cache_get_entry(srv, con, c->file.name, &sce)) {
+@@ -144,9 +141,8 @@
+ }
- tid = TK_LBRACKET;
+ offset = c->file.start + c->offset;
+- /* limit the toSend to 2^31-1 bytes in a chunk */
+- toSend = c->file.length - c->offset > ((1 << 30) - 1) ?
+- ((1 << 30) - 1) : c->file.length - c->offset;
++ toSend = c->file.length - c->offset;
++ if (toSend > max_bytes) toSend = max_bytes;
-- buffer_copy_string(token, "[");
-+ buffer_copy_string_len(token, CONST_STR_LEN("["));
+ if (-1 == c->file.fd) {
+ if (-1 == (c->file.fd = open(c->file.name->ptr, O_RDONLY))) {
+@@ -197,6 +193,7 @@
- break;
+ c->offset += r;
+ cq->bytes_out += r;
++ max_bytes -= r;
-@@ -725,7 +728,7 @@
+ if (c->offset == c->file.length) {
+ chunk_finished = 1;
+@@ -218,7 +215,7 @@
+ }
+ }
- tid = TK_RBRACKET;
+- return chunks_written;
++ return 0;
+ }
-- buffer_copy_string(token, "]");
-+ buffer_copy_string_len(token, CONST_STR_LEN("]"));
+ #endif
+Index: src/network_openssl.c
+===================================================================
+--- src/network_openssl.c (.../tags/lighttpd-1.4.29)
++++ src/network_openssl.c (.../branches/lighttpd-1.4.x)
+@@ -27,10 +27,9 @@
+ # include <openssl/ssl.h>
+ # include <openssl/err.h>
- break;
- case '#':
-@@ -884,8 +887,8 @@
- int ret;
- buffer *filename;
-
-- if (buffer_is_empty(context->basedir) &&
-- (fn[0] == '/' || fn[0] == '\\') &&
-+ if (buffer_is_empty(context->basedir) ||
-+ (fn[0] == '/' || fn[0] == '\\') ||
- (fn[0] == '.' && (fn[1] == '/' || fn[1] == '\\'))) {
- filename = buffer_init_string(fn);
- } else {
-@@ -912,15 +915,39 @@
- return ret;
- }
+-int network_write_chunkqueue_openssl(server *srv, connection *con, SSL *ssl, chunkqueue *cq) {
++int network_write_chunkqueue_openssl(server *srv, connection *con, SSL *ssl, chunkqueue *cq, off_t max_bytes) {
+ int ssl_r;
+ chunk *c;
+- size_t chunks_written = 0;
-+static char* getCWD() {
-+ char *s, *s1;
-+ size_t len;
-+#ifdef PATH_MAX
-+ len = PATH_MAX;
-+#else
-+ len = 4096;
-+#endif
-+
-+ s = malloc(len);
-+ if (!s) return NULL;
-+ while (NULL == getcwd(s, len)) {
-+ if (errno != ERANGE || SSIZE_MAX - len < len) return NULL;
-+ len *= 2;
-+ s1 = realloc(s, len);
-+ if (!s1) {
-+ free(s);
-+ return NULL;
-+ }
-+ s = s1;
-+ }
-+ return s;
-+}
-+
- int config_parse_cmd(server *srv, config_t *context, const char *cmd) {
- proc_handler_t proc;
- tokenizer_t t;
- int ret;
- buffer *source;
- buffer *out;
-- char oldpwd[PATH_MAX];
-+ char *oldpwd;
-
-- if (NULL == getcwd(oldpwd, sizeof(oldpwd))) {
-+ if (NULL == (oldpwd = getCWD())) {
- log_error_write(srv, __FILE__, __LINE__, "s",
- "cannot get cwd", strerror(errno));
- return -1;
-@@ -945,6 +972,7 @@
- buffer_free(source);
- buffer_free(out);
- chdir(oldpwd);
-+ free(oldpwd);
- return ret;
- }
-
-@@ -986,7 +1014,7 @@
+ /* this is a 64k sendbuffer
+ *
+@@ -59,13 +58,13 @@
+ SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN);
}
- dc = data_config_init();
-- buffer_copy_string(dc->key, "global");
-+ buffer_copy_string_len(dc->key, CONST_STR_LEN("global"));
-
- assert(context.all_configs->used == 0);
- dc->context_ndx = context.all_configs->used;
-@@ -997,14 +1025,14 @@
- srv->config = dc->value;
- dpid = data_integer_init();
- dpid->value = getpid();
-- buffer_copy_string(dpid->key, "var.PID");
-+ buffer_copy_string_len(dpid->key, CONST_STR_LEN("var.PID"));
- array_insert_unique(srv->config, (data_unset *)dpid);
-
- dcwd = data_string_init();
- buffer_prepare_copy(dcwd->value, 1024);
- if (NULL != getcwd(dcwd->value->ptr, dcwd->value->size - 1)) {
- dcwd->value->used = strlen(dcwd->value->ptr) + 1;
-- buffer_copy_string(dcwd->key, "var.CWD");
-+ buffer_copy_string_len(dcwd->key, CONST_STR_LEN("var.CWD"));
- array_insert_unique(srv->config, (data_unset *)dcwd);
- }
+- for(c = cq->first; c; c = c->next) {
++ for(c = cq->first; (max_bytes > 0) && (NULL != c); c = c->next) {
+ int chunk_finished = 0;
-@@ -1038,7 +1066,7 @@
- /* prepend default modules */
- if (NULL == array_get_element(modules->value, "mod_indexfile")) {
- ds = data_string_init();
-- buffer_copy_string(ds->value, "mod_indexfile");
-+ buffer_copy_string_len(ds->value, CONST_STR_LEN("mod_indexfile"));
- array_insert_unique(prepends->value, (data_unset *)ds);
- }
+ switch(c->type) {
+ case MEM_CHUNK: {
+ char * offset;
+- size_t toSend;
++ off_t toSend;
+ ssize_t r;
-@@ -1051,13 +1079,13 @@
- /* append default modules */
- if (NULL == array_get_element(modules->value, "mod_dirlisting")) {
- ds = data_string_init();
-- buffer_copy_string(ds->value, "mod_dirlisting");
-+ buffer_copy_string_len(ds->value, CONST_STR_LEN("mod_dirlisting"));
- array_insert_unique(modules->value, (data_unset *)ds);
- }
+ if (c->mem->used == 0 || c->mem->used == 1) {
+@@ -75,6 +74,7 @@
- if (NULL == array_get_element(modules->value, "mod_staticfile")) {
- ds = data_string_init();
-- buffer_copy_string(ds->value, "mod_staticfile");
-+ buffer_copy_string_len(ds->value, CONST_STR_LEN("mod_staticfile"));
- array_insert_unique(modules->value, (data_unset *)ds);
- }
- } else {
-@@ -1067,18 +1095,18 @@
-
- /* server.modules is not set */
- ds = data_string_init();
-- buffer_copy_string(ds->value, "mod_indexfile");
-+ buffer_copy_string_len(ds->value, CONST_STR_LEN("mod_indexfile"));
- array_insert_unique(modules->value, (data_unset *)ds);
-
- ds = data_string_init();
-- buffer_copy_string(ds->value, "mod_dirlisting");
-+ buffer_copy_string_len(ds->value, CONST_STR_LEN("mod_dirlisting"));
- array_insert_unique(modules->value, (data_unset *)ds);
-
- ds = data_string_init();
-- buffer_copy_string(ds->value, "mod_staticfile");
-+ buffer_copy_string_len(ds->value, CONST_STR_LEN("mod_staticfile"));
- array_insert_unique(modules->value, (data_unset *)ds);
-
-- buffer_copy_string(modules->key, "server.modules");
-+ buffer_copy_string_len(modules->key, CONST_STR_LEN("server.modules"));
- array_insert_unique(srv->config, (data_unset *)modules);
- }
+ offset = c->mem->ptr + c->offset;
+ toSend = c->mem->used - 1 - c->offset;
++ if (toSend > max_bytes) toSend = max_bytes;
-Index: src/mod_trigger_b4_dl.c
-===================================================================
---- src/mod_trigger_b4_dl.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/mod_trigger_b4_dl.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -316,6 +316,8 @@
- # define N 10
- int ovec[N * 3];
+ /**
+ * SSL_write man-page
+@@ -87,7 +87,14 @@
+ */
-+ if (con->mode != DIRECT) return HANDLER_GO_ON;
+ ERR_clear_error();
+- if ((r = SSL_write(ssl, offset, toSend)) <= 0) {
++ r = SSL_write(ssl, offset, toSend);
+
- if (con->uri.path->used == 0) return HANDLER_GO_ON;
-
- mod_trigger_b4_dl_patch_connection(srv, con, p);
-@@ -425,8 +427,8 @@
- /* not found, redirect */
-
- response_header_insert(srv, con, CONST_STR_LEN("Location"), CONST_BUF_LEN(p->conf.deny_url));
--
- con->http_status = 307;
-+ con->file_finished = 1;
-
- return HANDLER_FINISHED;
- }
-@@ -440,6 +442,7 @@
-
- response_header_insert(srv, con, CONST_STR_LEN("Location"), CONST_BUF_LEN(p->conf.deny_url));
- con->http_status = 307;
-+ con->file_finished = 1;
-
- if (p->conf.db) {
- if (0 != gdbm_delete(p->conf.db, key)) {
-@@ -490,6 +493,7 @@
- response_header_insert(srv, con, CONST_STR_LEN("Location"), CONST_BUF_LEN(p->conf.deny_url));
-
- con->http_status = 307;
-+ con->file_finished = 1;
++ if (con->renegotiations > 1 && con->conf.ssl_disable_client_renegotiation) {
++ log_error_write(srv, __FILE__, __LINE__, "s", "SSL: renegotiation initiated by client");
++ return -1;
++ }
++
++ if (r <= 0) {
+ unsigned long err;
- return HANDLER_FINISHED;
+ switch ((ssl_r = SSL_get_error(ssl, r))) {
+@@ -139,6 +146,7 @@
+ } else {
+ c->offset += r;
+ cq->bytes_out += r;
++ max_bytes -= r;
}
-Index: src/mod_evhost.c
-===================================================================
---- src/mod_evhost.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/mod_evhost.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -95,7 +95,7 @@
- s->path_pieces = realloc(s->path_pieces,(s->len+1) * sizeof(*s->path_pieces));
- s->path_pieces[s->len] = buffer_init();
-
-- buffer_append_memory(s->path_pieces[s->len],pos,ptr-pos);
-+ buffer_copy_string_len(s->path_pieces[s->len],pos,ptr-pos);
-
- s->len += 1;
- }
-@@ -181,7 +181,7 @@
- }
- ds = data_string_init();
-- buffer_copy_string(ds->key,"%0");
-+ buffer_copy_string_len(ds->key,CONST_STR_LEN("%0"));
-
- /* if we stopped at a dot, skip the dot */
- if (*ptr == '.') ptr++;
-@@ -197,7 +197,7 @@
- if (ptr != colon - 1) {
- /* is something between the dots */
- ds = data_string_init();
-- buffer_copy_string(ds->key,"%");
-+ buffer_copy_string_len(ds->key,CONST_STR_LEN("%"));
- buffer_append_long(ds->key, i++);
- buffer_copy_string_len(ds->value,ptr+1,colon-ptr-1);
-
-@@ -210,7 +210,7 @@
- /* if the . is not the first charactor of the hostname */
- if (colon != ptr) {
- ds = data_string_init();
-- buffer_copy_string(ds->key,"%");
-+ buffer_copy_string_len(ds->key,CONST_STR_LEN("%"));
- buffer_append_long(ds->key, i++);
- buffer_copy_string_len(ds->value,ptr,colon-ptr);
-
-@@ -286,7 +286,7 @@
-
- if (*(ptr+1) == '%') {
- /* %% */
-- BUFFER_APPEND_STRING_CONST(p->tmp_buf,"%");
-+ buffer_append_string_len(p->tmp_buf,CONST_STR_LEN("%"));
- } else if (NULL != (ds = (data_string *)array_get_element(parsed_host,p->conf.path_pieces[i]->ptr))) {
- if (ds->value->used) {
- buffer_append_string_buffer(p->tmp_buf,ds->value);
-Index: src/chunk.c
-===================================================================
---- src/chunk.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/chunk.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -296,7 +296,7 @@
-
- buffer_copy_string_buffer(template, ds->value);
- BUFFER_APPEND_SLASH(template);
-- BUFFER_APPEND_STRING_CONST(template, "lighttpd-upload-XXXXXX");
-+ buffer_append_string_len(template, CONST_STR_LEN("lighttpd-upload-XXXXXX"));
-
- if (-1 != (c->file.fd = mkstemp(template->ptr))) {
- /* only trigger the unlink if we created the temp-file successfully */
-Index: src/lemon.c
-===================================================================
---- src/lemon.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/lemon.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -12,6 +12,19 @@
- #include <ctype.h>
- #include <stdlib.h>
+ if (c->offset == (off_t)c->mem->used - 1) {
+@@ -168,6 +176,7 @@
+ do {
+ off_t offset = c->file.start + c->offset;
+ off_t toSend = c->file.length - c->offset;
++ if (toSend > max_bytes) toSend = max_bytes;
-+#ifdef HAVE_CONFIG_H
-+#include "config.h"
-+#endif
-+
-+#ifdef HAVE_STDINT_H
-+# include <stdint.h>
-+#endif
-+#ifdef HAVE_INTTYPES_H
-+# include <inttypes.h>
-+#endif
-+
-+#define UNUSED(x) ( (void)(x) )
-+
- extern void qsort();
- extern double strtod();
- extern long strtol();
-@@ -983,6 +996,7 @@
- {
- struct symbol *spx, *spy;
- int errcnt = 0;
-+ UNUSED(errsym);
- assert( apx->sp==apy->sp ); /* Otherwise there would be no conflict */
- if( apx->type==SHIFT && apy->type==REDUCE ){
- spx = apx->sp;
-@@ -1347,6 +1361,7 @@
- struct lemon lem;
- char *def_tmpl_name = "lempar.c";
-
-+ UNUSED(argc);
- OptInit(argv,options,stderr);
- if( version ){
- printf("Lemon version 1.0\n");
-@@ -1651,7 +1666,7 @@
- }else if( op[j].type==OPT_FLAG ){
- *((int*)op[j].arg) = v;
- }else if( op[j].type==OPT_FFLAG ){
-- (*(void(*)())(op[j].arg))(v);
-+ (*(void(*)())(intptr_t)(op[j].arg))(v);
- }else{
- if( err ){
- fprintf(err,"%smissing argument on switch.\n",emsg);
-@@ -1733,19 +1748,19 @@
- *(double*)(op[j].arg) = dv;
- break;
- case OPT_FDBL:
-- (*(void(*)())(op[j].arg))(dv);
-+ (*(void(*)())(intptr_t)(op[j].arg))(dv);
- break;
- case OPT_INT:
- *(int*)(op[j].arg) = lv;
- break;
- case OPT_FINT:
-- (*(void(*)())(op[j].arg))((int)lv);
-+ (*(void(*)())(intptr_t)(op[j].arg))((int)lv);
- break;
- case OPT_STR:
- *(char**)(op[j].arg) = sv;
- break;
- case OPT_FSTR:
-- (*(void(*)())(op[j].arg))(sv);
-+ (*(void(*)())(intptr_t)(op[j].arg))(sv);
- break;
- }
- }
-@@ -2286,10 +2301,10 @@
- ** token is passed to the function "parseonetoken" which builds all
- ** the appropriate data structures in the global state vector "gp".
- */
-+struct pstate ps;
- void Parse(gp)
- struct lemon *gp;
- {
-- struct pstate ps;
- FILE *fp;
- char *filebuf;
- size_t filesize;
-Index: src/mod_skeleton.c
-===================================================================
---- src/mod_skeleton.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/mod_skeleton.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -169,6 +169,8 @@
+ if (toSend > LOCAL_SEND_BUFSIZE) toSend = LOCAL_SEND_BUFSIZE;
- UNUSED(srv);
+@@ -190,7 +199,14 @@
+ close(ifd);
-+ if (con->mode != DIRECT) return HANDLER_GO_ON;
+ ERR_clear_error();
+- if ((r = SSL_write(ssl, s, toSend)) <= 0) {
++ r = SSL_write(ssl, s, toSend);
+
- if (con->uri.path->used == 0) return HANDLER_GO_ON;
-
- mod_skeleton_patch_connection(srv, con, p);
-Index: src/mod_scgi.c
-===================================================================
---- src/mod_scgi.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/mod_scgi.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -202,6 +202,15 @@
- *
- */
-
-+ /*
-+ * workaround for program when prefix="/"
-+ *
-+ * rule to build PATH_INFO is hardcoded for when check_local is disabled
-+ * enable this option to use the workaround
-+ *
-+ */
++ if (con->renegotiations > 1 && con->conf.ssl_disable_client_renegotiation) {
++ log_error_write(srv, __FILE__, __LINE__, "s", "SSL: renegotiation initiated by client");
++ return -1;
++ }
+
-+ unsigned short fix_root_path_name;
- ssize_t load; /* replace by host->load */
++ if (r <= 0) {
+ unsigned long err;
- size_t max_id; /* corresponds most of the time to
-@@ -233,6 +242,7 @@
- typedef struct {
- buffer *key; /* like .php */
+ switch ((ssl_r = SSL_get_error(ssl, r))) {
+@@ -243,12 +259,13 @@
+ } else {
+ c->offset += r;
+ cq->bytes_out += r;
++ max_bytes -= r;
+ }
-+ int note_is_sent;
- scgi_extension_host **hosts;
+ if (c->offset == c->file.length) {
+ chunk_finished = 1;
+ }
+- } while(!chunk_finished && !write_wait);
++ } while (!chunk_finished && !write_wait && max_bytes > 0);
- size_t used;
-@@ -583,6 +593,7 @@
+ break;
+ }
+@@ -263,11 +280,9 @@
- static int env_add(char_array *env, const char *key, size_t key_len, const char *val, size_t val_len) {
- char *dst;
-+ size_t i;
+ break;
+ }
+-
+- chunks_written++;
+ }
- if (!key || !val) return -1;
+- return chunks_written;
++ return 0;
+ }
+ #endif
-@@ -592,6 +603,15 @@
- /* add the \0 from the value */
- memcpy(dst + key_len + 1, val, val_len + 1);
+Index: src/http_auth.c
+===================================================================
+--- src/http_auth.c (.../tags/lighttpd-1.4.29)
++++ src/http_auth.c (.../branches/lighttpd-1.4.x)
+@@ -1,7 +1,6 @@
+ #include "server.h"
+ #include "log.h"
+ #include "http_auth.h"
+-#include "http_auth_digest.h"
+ #include "inet_ntop_cache.h"
+ #include "stream.h"
+
+@@ -28,18 +27,23 @@
+ #include <unistd.h>
+ #include <ctype.h>
-+ for (i = 0; i < env->used; i++) {
-+ if (0 == strncmp(dst, env->ptr[i], key_len + 1)) {
-+ /* don't care about free as we are in a forked child which is going to exec(...) */
-+ /* free(env->ptr[i]); */
-+ env->ptr[i] = dst;
-+ return 0;
-+ }
+-#ifdef USE_OPENSSL
+-# include <openssl/md5.h>
+-#else
+-# include "md5.h"
++#include "md5.h"
+
+-typedef li_MD5_CTX MD5_CTX;
+-#define MD5_Init li_MD5_Init
+-#define MD5_Update li_MD5_Update
+-#define MD5_Final li_MD5_Final
++#define HASHLEN 16
++#define HASHHEXLEN 32
++typedef unsigned char HASH[HASHLEN];
++typedef char HASHHEX[HASHHEXLEN+1];
+
+-#endif
++static void CvtHex(const HASH Bin, char Hex[33]) {
++ unsigned short i;
+
++ for (i = 0; i < 16; i++) {
++ Hex[i*2] = int2hex((Bin[i] >> 4) & 0xf);
++ Hex[i*2+1] = int2hex(Bin[i] & 0xf);
+ }
++ Hex[32] = '\0';
++}
+
- if (env->size == 0) {
- env->size = 16;
- env->ptr = malloc(env->size * sizeof(*env->ptr));
-@@ -749,11 +769,20 @@
- env.size = 0;
- env.used = 0;
-
-+ if (scgi_fd != 0) {
-+ close(0);
-+ dup2(scgi_fd, 0);
-+ close(scgi_fd);
-+ scgi_fd = 0;
-+ }
-+
- /* we don't need the client socket */
- for (fd = 3; fd < 256; fd++) {
-- if (fd != 2 && fd != scgi_fd) close(fd);
-+ close(fd);
- }
-
-+ openDevNull(STDERR_FILENO);
-+
- /* build clean environment */
- if (host->bin_env_copy->used) {
- for (i = 0; i < host->bin_env_copy->used; i++) {
-@@ -794,7 +823,7 @@
- env.ptr[env.used] = NULL;
-
- b = buffer_init();
-- buffer_copy_string(b, "exec ");
-+ buffer_copy_string_len(b, CONST_STR_LEN("exec "));
- buffer_append_string_buffer(b, host->bin_path);
-
- /* exec the cgi */
-@@ -968,6 +997,7 @@
-
- { "bin-environment", NULL, T_CONFIG_ARRAY, T_CONFIG_SCOPE_CONNECTION }, /* 11 */
- { "bin-copy-environment", NULL, T_CONFIG_ARRAY, T_CONFIG_SCOPE_CONNECTION }, /* 12 */
-+ { "fix-root-scriptname", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 13 */
-
-
- { NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
-@@ -990,6 +1020,7 @@
- df->max_load_per_proc = 1;
- df->idle_timeout = 60;
- df->disable_time = 60;
-+ df->fix_root_path_name = 0;
-
- fcv[0].destination = df->host;
- fcv[1].destination = df->docroot;
-@@ -1006,6 +1037,7 @@
-
- fcv[11].destination = df->bin_env;
- fcv[12].destination = df->bin_env_copy;
-+ fcv[13].destination = &(df->fix_root_path_name);
-
-
- if (0 != config_insert_values_internal(srv, da_host->value, fcv)) {
-@@ -1084,7 +1116,7 @@
- proc->port = df->port + pno;
- } else {
- buffer_copy_string_buffer(proc->socket, df->unixsocket);
-- buffer_append_string(proc->socket, "-");
-+ buffer_append_string_len(proc->socket, CONST_STR_LEN("-"));
- buffer_append_long(proc->socket, pno);
- }
-
-@@ -1155,11 +1187,6 @@
- p = hctx->plugin_data;
- con = hctx->remote_conn;
-
-- if (con->mode != p->id) {
-- WP();
-- return;
-- }
--
- if (hctx->fd != -1) {
- fdevent_event_del(srv->ev, &(hctx->fde_ndx), hctx->fd);
- fdevent_unregister(srv->ev, hctx->fd);
-@@ -1366,7 +1393,7 @@
- buffer_reset(srv->tmp_buf);
-
- if (0 != strcasecmp(ds->key->ptr, "CONTENT-TYPE")) {
-- BUFFER_COPY_STRING_CONST(srv->tmp_buf, "HTTP_");
-+ buffer_copy_string_len(srv->tmp_buf, CONST_STR_LEN("HTTP_"));
- srv->tmp_buf->used--;
- }
-
-@@ -1394,7 +1421,7 @@
- buffer_prepare_append(srv->tmp_buf, ds->key->used + 2);
- for (j = 0; j < ds->key->used - 1; j++) {
- srv->tmp_buf->ptr[srv->tmp_buf->used++] =
-- isalpha((unsigned char)ds->key->ptr[j]) ?
-+ light_isalnum((unsigned char)ds->key->ptr[j]) ?
- toupper((unsigned char)ds->key->ptr[j]) : '_';
- }
- srv->tmp_buf->ptr[srv->tmp_buf->used++] = '\0';
-@@ -1673,9 +1700,8 @@
-
- status = strtol(s+9, NULL, 10);
-
-- if (con->http_status >= 100 &&
-- con->http_status < 1000) {
-- /* we expected 3 digits and didn't got them */
-+ if (status >= 100 && status < 1000) {
-+ /* we expected 3 digits got them */
- con->parsed_response |= HTTP_STATUS;
- con->http_status = status;
- }
-@@ -2438,15 +2464,11 @@
- p = hctx->plugin_data;
- con = hctx->remote_conn;
-
-- if (con->mode != p->id) return HANDLER_GO_ON;
--
- log_error_write(srv, __FILE__, __LINE__, "ssdsd",
- "emergency exit: scgi:",
- "connection-fd:", con->fd,
- "fcgi-fd:", hctx->fd);
+ /**
+ * the $apr1$ handling is taken from apache 1.3.x
+ */
+@@ -95,7 +99,7 @@
+ ch = in[0];
+ /* run through the whole string, converting as we go */
+ for (i = 0; i < in_len; i++) {
+- ch = in[i];
++ ch = (unsigned char) in[i];
--
--
- scgi_connection_cleanup(srv, hctx);
+ if (ch == '\0') break;
- return HANDLER_FINISHED;
-@@ -2668,11 +2690,13 @@
- plugin_data *p = p_d;
- size_t s_len;
- int used = -1;
-- int ndx;
- size_t k;
- buffer *fn;
- scgi_extension *extension = NULL;
-+ scgi_extension_host *host = NULL;
+@@ -435,7 +439,7 @@
-+ if (con->mode != DIRECT) return HANDLER_GO_ON;
-+
- /* Possibly, we processed already this request */
- if (con->file_started == 1) return HANDLER_GO_ON;
+ static void to64(char *s, unsigned long v, int n)
+ {
+- static unsigned char itoa64[] = /* 0 ... 63 => ASCII - 64 */
++ static const unsigned char itoa64[] = /* 0 ... 63 => ASCII - 64 */
+ "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+
+ while (--n >= 0) {
+@@ -455,7 +459,7 @@
+ const char *sp, *ep;
+ unsigned char final[APR_MD5_DIGESTSIZE];
+ ssize_t sl, pl, i;
+- MD5_CTX ctx, ctx1;
++ li_MD5_CTX ctx, ctx1;
+ unsigned long l;
+
+ /*
+@@ -487,33 +491,33 @@
+ /*
+ * 'Time to make the doughnuts..'
+ */
+- MD5_Init(&ctx);
++ li_MD5_Init(&ctx);
+
+ /*
+ * The password first, since that is what is most unknown
+ */
+- MD5_Update(&ctx, pw, strlen(pw));
++ li_MD5_Update(&ctx, pw, strlen(pw));
+
+ /*
+ * Then our magic string
+ */
+- MD5_Update(&ctx, APR1_ID, strlen(APR1_ID));
++ li_MD5_Update(&ctx, APR1_ID, strlen(APR1_ID));
+
+ /*
+ * Then the raw salt
+ */
+- MD5_Update(&ctx, sp, sl);
++ li_MD5_Update(&ctx, sp, sl);
+
+ /*
+ * Then just as many characters of the MD5(pw, salt, pw)
+ */
+- MD5_Init(&ctx1);
+- MD5_Update(&ctx1, pw, strlen(pw));
+- MD5_Update(&ctx1, sp, sl);
+- MD5_Update(&ctx1, pw, strlen(pw));
+- MD5_Final(final, &ctx1);
++ li_MD5_Init(&ctx1);
++ li_MD5_Update(&ctx1, pw, strlen(pw));
++ li_MD5_Update(&ctx1, sp, sl);
++ li_MD5_Update(&ctx1, pw, strlen(pw));
++ li_MD5_Final(final, &ctx1);
+ for (pl = strlen(pw); pl > 0; pl -= APR_MD5_DIGESTSIZE) {
+- MD5_Update(&ctx, final,
++ li_MD5_Update(&ctx, final,
+ (pl > APR_MD5_DIGESTSIZE) ? APR_MD5_DIGESTSIZE : pl);
+ }
-@@ -2712,95 +2736,59 @@
- }
+@@ -527,10 +531,10 @@
+ */
+ for (i = strlen(pw); i != 0; i >>= 1) {
+ if (i & 1) {
+- MD5_Update(&ctx, final, 1);
++ li_MD5_Update(&ctx, final, 1);
+ }
+ else {
+- MD5_Update(&ctx, pw, 1);
++ li_MD5_Update(&ctx, pw, 1);
+ }
+ }
- /* get best server */
-- for (k = 0, ndx = -1; k < extension->used; k++) {
-- scgi_extension_host *host = extension->hosts[k];
-+ for (k = 0; k < extension->used; k++) {
-+ scgi_extension_host *h = extension->hosts[k];
-
-- /* we should have at least one proc that can do somthing */
-- if (host->active_procs == 0) continue;
-+ /* we should have at least one proc that can do something */
-+ if (h->active_procs == 0) {
-+ continue;
-+ }
+@@ -542,7 +546,7 @@
+ strncat(passwd, sp, sl);
+ strcat(passwd, "$");
+
+- MD5_Final(final, &ctx);
++ li_MD5_Final(final, &ctx);
+
+ /*
+ * And now, just to make sure things don't run too fast..
+@@ -550,28 +554,28 @@
+ * need 30 seconds to build a 1000 entry dictionary...
+ */
+ for (i = 0; i < 1000; i++) {
+- MD5_Init(&ctx1);
++ li_MD5_Init(&ctx1);
+ if (i & 1) {
+- MD5_Update(&ctx1, pw, strlen(pw));
++ li_MD5_Update(&ctx1, pw, strlen(pw));
+ }
+ else {
+- MD5_Update(&ctx1, final, APR_MD5_DIGESTSIZE);
++ li_MD5_Update(&ctx1, final, APR_MD5_DIGESTSIZE);
+ }
+ if (i % 3) {
+- MD5_Update(&ctx1, sp, sl);
++ li_MD5_Update(&ctx1, sp, sl);
+ }
+
+ if (i % 7) {
+- MD5_Update(&ctx1, pw, strlen(pw));
++ li_MD5_Update(&ctx1, pw, strlen(pw));
+ }
+
+ if (i & 1) {
+- MD5_Update(&ctx1, final, APR_MD5_DIGESTSIZE);
++ li_MD5_Update(&ctx1, final, APR_MD5_DIGESTSIZE);
+ }
+ else {
+- MD5_Update(&ctx1, pw, strlen(pw));
++ li_MD5_Update(&ctx1, pw, strlen(pw));
+ }
+- MD5_Final(final,&ctx1);
++ li_MD5_Final(final,&ctx1);
+ }
-- if (used == -1 || host->load < used) {
-- used = host->load;
-+ if (used == -1 || h->load < used) {
-+ used = h->load;
+ p = passwd + strlen(passwd);
+@@ -614,17 +618,17 @@
+ * user:realm:md5(user:realm:password)
+ */
-- ndx = k;
-+ host = h;
- }
- }
+- MD5_CTX Md5Ctx;
++ li_MD5_CTX Md5Ctx;
+ HASH HA1;
+ char a1[256];
+
+- MD5_Init(&Md5Ctx);
+- MD5_Update(&Md5Ctx, (unsigned char *)username->ptr, username->used - 1);
+- MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+- MD5_Update(&Md5Ctx, (unsigned char *)realm->ptr, realm->used - 1);
+- MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+- MD5_Update(&Md5Ctx, (unsigned char *)pw, strlen(pw));
+- MD5_Final(HA1, &Md5Ctx);
++ li_MD5_Init(&Md5Ctx);
++ li_MD5_Update(&Md5Ctx, (unsigned char *)username->ptr, username->used - 1);
++ li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
++ li_MD5_Update(&Md5Ctx, (unsigned char *)realm->ptr, realm->used - 1);
++ li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
++ li_MD5_Update(&Md5Ctx, (unsigned char *)pw, strlen(pw));
++ li_MD5_Final(HA1, &Md5Ctx);
+
+ CvtHex(HA1, a1);
+
+@@ -930,7 +934,7 @@
+ int i;
+ buffer *password, *b, *username_buf, *realm_buf;
+
+- MD5_CTX Md5Ctx;
++ li_MD5_CTX Md5Ctx;
+ HASH HA1;
+ HASH HA2;
+ HASH RespHash;
+@@ -1067,13 +1071,13 @@
+
+ if (p->conf.auth_backend == AUTH_BACKEND_PLAIN) {
+ /* generate password from plain-text */
+- MD5_Init(&Md5Ctx);
+- MD5_Update(&Md5Ctx, (unsigned char *)username, strlen(username));
+- MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+- MD5_Update(&Md5Ctx, (unsigned char *)realm, strlen(realm));
+- MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+- MD5_Update(&Md5Ctx, (unsigned char *)password->ptr, password->used - 1);
+- MD5_Final(HA1, &Md5Ctx);
++ li_MD5_Init(&Md5Ctx);
++ li_MD5_Update(&Md5Ctx, (unsigned char *)username, strlen(username));
++ li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
++ li_MD5_Update(&Md5Ctx, (unsigned char *)realm, strlen(realm));
++ li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
++ li_MD5_Update(&Md5Ctx, (unsigned char *)password->ptr, password->used - 1);
++ li_MD5_Final(HA1, &Md5Ctx);
+ } else if (p->conf.auth_backend == AUTH_BACKEND_HTDIGEST) {
+ /* HA1 */
+ /* transform the 32-byte-hex-md5 to a 16-byte-md5 */
+@@ -1090,45 +1094,45 @@
+
+ if (algorithm &&
+ strcasecmp(algorithm, "md5-sess") == 0) {
+- MD5_Init(&Md5Ctx);
+- MD5_Update(&Md5Ctx, (unsigned char *)HA1, 16);
+- MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+- MD5_Update(&Md5Ctx, (unsigned char *)nonce, strlen(nonce));
+- MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+- MD5_Update(&Md5Ctx, (unsigned char *)cnonce, strlen(cnonce));
+- MD5_Final(HA1, &Md5Ctx);
++ li_MD5_Init(&Md5Ctx);
++ li_MD5_Update(&Md5Ctx, (unsigned char *)HA1, 16);
++ li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
++ li_MD5_Update(&Md5Ctx, (unsigned char *)nonce, strlen(nonce));
++ li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
++ li_MD5_Update(&Md5Ctx, (unsigned char *)cnonce, strlen(cnonce));
++ li_MD5_Final(HA1, &Md5Ctx);
+ }
+
+ CvtHex(HA1, a1);
+
+ /* calculate H(A2) */
+- MD5_Init(&Md5Ctx);
+- MD5_Update(&Md5Ctx, (unsigned char *)m, strlen(m));
+- MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+- MD5_Update(&Md5Ctx, (unsigned char *)uri, strlen(uri));
++ li_MD5_Init(&Md5Ctx);
++ li_MD5_Update(&Md5Ctx, (unsigned char *)m, strlen(m));
++ li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
++ li_MD5_Update(&Md5Ctx, (unsigned char *)uri, strlen(uri));
+ if (qop && strcasecmp(qop, "auth-int") == 0) {
+- MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+- MD5_Update(&Md5Ctx, (unsigned char *)"", HASHHEXLEN);
++ li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
++ li_MD5_Update(&Md5Ctx, (unsigned char *)"", HASHHEXLEN);
+ }
+- MD5_Final(HA2, &Md5Ctx);
++ li_MD5_Final(HA2, &Md5Ctx);
+ CvtHex(HA2, HA2Hex);
+
+ /* calculate response */
+- MD5_Init(&Md5Ctx);
+- MD5_Update(&Md5Ctx, (unsigned char *)a1, HASHHEXLEN);
+- MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+- MD5_Update(&Md5Ctx, (unsigned char *)nonce, strlen(nonce));
+- MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
++ li_MD5_Init(&Md5Ctx);
++ li_MD5_Update(&Md5Ctx, (unsigned char *)a1, HASHHEXLEN);
++ li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
++ li_MD5_Update(&Md5Ctx, (unsigned char *)nonce, strlen(nonce));
++ li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+ if (qop && *qop) {
+- MD5_Update(&Md5Ctx, (unsigned char *)nc, strlen(nc));
+- MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+- MD5_Update(&Md5Ctx, (unsigned char *)cnonce, strlen(cnonce));
+- MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+- MD5_Update(&Md5Ctx, (unsigned char *)qop, strlen(qop));
+- MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
++ li_MD5_Update(&Md5Ctx, (unsigned char *)nc, strlen(nc));
++ li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
++ li_MD5_Update(&Md5Ctx, (unsigned char *)cnonce, strlen(cnonce));
++ li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
++ li_MD5_Update(&Md5Ctx, (unsigned char *)qop, strlen(qop));
++ li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+ };
+- MD5_Update(&Md5Ctx, (unsigned char *)HA2Hex, HASHHEXLEN);
+- MD5_Final(RespHash, &Md5Ctx);
++ li_MD5_Update(&Md5Ctx, (unsigned char *)HA2Hex, HASHHEXLEN);
++ li_MD5_Final(RespHash, &Md5Ctx);
+ CvtHex(RespHash, a2);
+
+ if (0 != strcmp(a2, respons)) {
+@@ -1171,24 +1175,24 @@
+
+ int http_auth_digest_generate_nonce(server *srv, mod_auth_plugin_data *p, buffer *fn, char out[33]) {
+ HASH h;
+- MD5_CTX Md5Ctx;
++ li_MD5_CTX Md5Ctx;
+ char hh[32];
+
+ UNUSED(p);
+
+ /* generate shared-secret */
+- MD5_Init(&Md5Ctx);
+- MD5_Update(&Md5Ctx, (unsigned char *)fn->ptr, fn->used - 1);
+- MD5_Update(&Md5Ctx, (unsigned char *)"+", 1);
++ li_MD5_Init(&Md5Ctx);
++ li_MD5_Update(&Md5Ctx, (unsigned char *)fn->ptr, fn->used - 1);
++ li_MD5_Update(&Md5Ctx, (unsigned char *)"+", 1);
+
+ /* we assume sizeof(time_t) == 4 here, but if not it ain't a problem at all */
+ LI_ltostr(hh, srv->cur_ts);
+- MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
+- MD5_Update(&Md5Ctx, (unsigned char *)srv->entropy, sizeof(srv->entropy));
++ li_MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
++ li_MD5_Update(&Md5Ctx, (unsigned char *)srv->entropy, sizeof(srv->entropy));
+ LI_ltostr(hh, rand());
+- MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
++ li_MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
+
+- MD5_Final(h, &Md5Ctx);
++ li_MD5_Final(h, &Md5Ctx);
+
+ CvtHex(h, out);
-- /* found a server */
-- if (ndx != -1) {
-- scgi_extension_host *host = extension->hosts[ndx];
-+ if (!host) {
-+ /* sorry, we don't have a server alive for this ext */
-+ buffer_reset(con->physical.path);
-+ con->http_status = 500;
-
-- /*
-- * if check-local is disabled, use the uri.path handler
-- *
-- */
-+ /* only send the 'no handler' once */
-+ if (!extension->note_is_sent) {
-+ extension->note_is_sent = 1;
-
-- /* init handler-context */
-- if (uri_path_handler) {
-- if (host->check_local == 0) {
-- handler_ctx *hctx;
-- char *pathinfo;
-+ log_error_write(srv, __FILE__, __LINE__, "sbsbs",
-+ "all handlers for ", con->uri.path,
-+ "on", extension->key,
-+ "are down.");
-+ }
+Index: src/mod_usertrack.c
+===================================================================
+--- src/mod_usertrack.c (.../tags/lighttpd-1.4.29)
++++ src/mod_usertrack.c (.../branches/lighttpd-1.4.x)
+@@ -8,18 +8,8 @@
+ #include <stdlib.h>
+ #include <string.h>
-- hctx = handler_ctx_init();
-+ return HANDLER_FINISHED;
-+ }
+-#ifdef USE_OPENSSL
+-# include <openssl/md5.h>
+-#else
+-# include "md5.h"
++#include "md5.h"
-- hctx->remote_conn = con;
-- hctx->plugin_data = p;
-- hctx->host = host;
-- hctx->proc = NULL;
-+ /* a note about no handler is not sent yet */
-+ extension->note_is_sent = 0;
-
-- hctx->conf.exts = p->conf.exts;
-- hctx->conf.debug = p->conf.debug;
-+ /*
-+ * if check-local is disabled, use the uri.path handler
-+ *
-+ */
-
-- con->plugin_ctx[p->id] = hctx;
-+ /* init handler-context */
-+ if (uri_path_handler) {
-+ if (host->check_local == 0) {
-+ handler_ctx *hctx;
-+ char *pathinfo;
-
-- host->load++;
--
-- con->mode = p->id;
--
-- if (con->conf.log_request_handling) {
-- log_error_write(srv, __FILE__, __LINE__, "s", "handling it in mod_scgi");
-- }
+-typedef li_MD5_CTX MD5_CTX;
+-#define MD5_Init li_MD5_Init
+-#define MD5_Update li_MD5_Update
+-#define MD5_Final li_MD5_Final
-
-- /* the prefix is the SCRIPT_NAME,
-- * everthing from start to the next slash
-- * this is important for check-local = "disable"
-- *
-- * if prefix = /admin.fcgi
-- *
-- * /admin.fcgi/foo/bar
-- *
-- * SCRIPT_NAME = /admin.fcgi
-- * PATH_INFO = /foo/bar
-- *
-- * if prefix = /fcgi-bin/
-- *
-- * /fcgi-bin/foo/bar
-- *
-- * SCRIPT_NAME = /fcgi-bin/foo
-- * PATH_INFO = /bar
-- *
-- */
+-#endif
-
-- /* the rewrite is only done for /prefix/? matches */
-- if (extension->key->ptr[0] == '/' &&
-- con->uri.path->used > extension->key->used &&
-- NULL != (pathinfo = strchr(con->uri.path->ptr + extension->key->used - 1, '/'))) {
-- /* rewrite uri.path and pathinfo */
--
-- buffer_copy_string(con->request.pathinfo, pathinfo);
--
-- con->uri.path->used -= con->request.pathinfo->used - 1;
-- con->uri.path->ptr[con->uri.path->used - 1] = '\0';
-- }
-- }
-- return HANDLER_GO_ON;
-- } else {
-- handler_ctx *hctx;
- hctx = handler_ctx_init();
-
- hctx->remote_conn = con;
- hctx->plugin_data = p;
- hctx->host = host;
-- hctx->proc = NULL;
-+ hctx->proc = NULL;
-
- hctx->conf.exts = p->conf.exts;
- hctx->conf.debug = p->conf.debug;
-@@ -2812,22 +2800,69 @@
- con->mode = p->id;
-
- if (con->conf.log_request_handling) {
-- log_error_write(srv, __FILE__, __LINE__, "s", "handling it in mod_fastcgi");
-+ log_error_write(srv, __FILE__, __LINE__, "s",
-+ "handling it in mod_fastcgi");
- }
+ /* plugin config for all request/connections */
-- return HANDLER_GO_ON;
-+ /* the prefix is the SCRIPT_NAME,
-+ * everything from start to the next slash
-+ * this is important for check-local = "disable"
-+ *
-+ * if prefix = /admin.fcgi
-+ *
-+ * /admin.fcgi/foo/bar
-+ *
-+ * SCRIPT_NAME = /admin.fcgi
-+ * PATH_INFO = /foo/bar
-+ *
-+ * if prefix = /fcgi-bin/
-+ *
-+ * /fcgi-bin/foo/bar
-+ *
-+ * SCRIPT_NAME = /fcgi-bin/foo
-+ * PATH_INFO = /bar
-+ *
-+ */
-+
-+ /* the rewrite is only done for /prefix/? matches */
-+ if (extension->key->ptr[0] == '/' &&
-+ con->uri.path->used > extension->key->used &&
-+ NULL != (pathinfo = strchr(con->uri.path->ptr + extension->key->used - 1, '/'))) {
-+ /* rewrite uri.path and pathinfo */
-+
-+ buffer_copy_string(con->request.pathinfo, pathinfo);
-+
-+ con->uri.path->used -= con->request.pathinfo->used - 1;
-+ con->uri.path->ptr[con->uri.path->used - 1] = '\0';
-+ } else if (host->fix_root_path_name && extension->key->ptr[0] == '/' && extension->key->ptr[1] == '\0') {
-+ buffer_copy_string(con->request.pathinfo, con->uri.path->ptr);
-+ con->uri.path->used = 1;
-+ con->uri.path->ptr[con->uri.path->used - 1] = '\0';
-+ }
- }
- } else {
-- /* no handler found */
-- buffer_reset(con->physical.path);
-- con->http_status = 500;
-+ handler_ctx *hctx;
-+ hctx = handler_ctx_init();
-
-- log_error_write(srv, __FILE__, __LINE__, "sb",
-- "no fcgi-handler found for:",
-- fn);
-+ hctx->remote_conn = con;
-+ hctx->plugin_data = p;
-+ hctx->host = host;
-+ hctx->proc = NULL;
-
-- return HANDLER_FINISHED;
-+ hctx->conf.exts = p->conf.exts;
-+ hctx->conf.debug = p->conf.debug;
-+
-+ con->plugin_ctx[p->id] = hctx;
-+
-+ host->load++;
-+
-+ con->mode = p->id;
-+
-+ if (con->conf.log_request_handling) {
-+ log_error_write(srv, __FILE__, __LINE__, "s", "handling it in mod_fastcgi");
-+ }
- }
-+
- return HANDLER_GO_ON;
- }
+ typedef struct {
+@@ -182,7 +172,7 @@
+ plugin_data *p = p_d;
+ data_string *ds;
+ unsigned char h[16];
+- MD5_CTX Md5Ctx;
++ li_MD5_CTX Md5Ctx;
+ char hh[32];
-@@ -2949,7 +2984,7 @@
- fp->port = host->port + fp->id;
- } else {
- buffer_copy_string_buffer(fp->socket, host->unixsocket);
-- buffer_append_string(fp->socket, "-");
-+ buffer_append_string_len(fp->socket, CONST_STR_LEN("-"));
- buffer_append_long(fp->socket, fp->id);
- }
+ if (con->uri.path->used == 0) return HANDLER_GO_ON;
+@@ -228,18 +218,18 @@
+ /* taken from mod_auth.c */
-Index: src/mod_mysql_vhost.c
-===================================================================
---- src/mod_mysql_vhost.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/mod_mysql_vhost.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -410,6 +410,7 @@
-
- ERR500: if (result) mysql_free_result(result);
- con->http_status = 500; /* Internal Error */
-+ con->mode = DIRECT;
- return HANDLER_FINISHED;
- }
+ /* generate shared-secret */
+- MD5_Init(&Md5Ctx);
+- MD5_Update(&Md5Ctx, (unsigned char *)con->uri.path->ptr, con->uri.path->used - 1);
+- MD5_Update(&Md5Ctx, (unsigned char *)"+", 1);
++ li_MD5_Init(&Md5Ctx);
++ li_MD5_Update(&Md5Ctx, (unsigned char *)con->uri.path->ptr, con->uri.path->used - 1);
++ li_MD5_Update(&Md5Ctx, (unsigned char *)"+", 1);
+
+ /* we assume sizeof(time_t) == 4 here, but if not it ain't a problem at all */
+ LI_ltostr(hh, srv->cur_ts);
+- MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
+- MD5_Update(&Md5Ctx, (unsigned char *)srv->entropy, sizeof(srv->entropy));
++ li_MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
++ li_MD5_Update(&Md5Ctx, (unsigned char *)srv->entropy, sizeof(srv->entropy));
+ LI_ltostr(hh, rand());
+- MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
++ li_MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
+
+- MD5_Final(h, &Md5Ctx);
++ li_MD5_Final(h, &Md5Ctx);
-Index: src/mod_flv_streaming.c
+ buffer_append_string_encoded(ds->value, (char *)h, 16, ENCODING_HEX);
+ buffer_append_string_len(ds->value, CONST_STR_LEN("; Path=/"));
+Index: src/mod_status.c
===================================================================
---- src/mod_flv_streaming.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/mod_flv_streaming.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -193,6 +193,8 @@
-
- UNUSED(srv);
-
-+ if (con->mode != DIRECT) return HANDLER_GO_ON;
-+
- if (buffer_is_empty(con->physical.path)) return HANDLER_GO_ON;
+--- src/mod_status.c (.../tags/lighttpd-1.4.29)
++++ src/mod_status.c (.../branches/lighttpd-1.4.x)
+@@ -487,7 +487,7 @@
- mod_flv_streaming_patch_connection(srv, con, p);
-@@ -245,7 +247,7 @@
+ buffer_append_string_len(b, CONST_STR_LEN("</td><td class=\"int\">"));
- /* we are safe now, let's build a flv header */
- b = chunkqueue_get_append_buffer(con->write_queue);
-- BUFFER_COPY_STRING_CONST(b, "FLV\x1\x1\0\0\0\x9\0\0\0\x9");
-+ buffer_copy_string_len(b, CONST_STR_LEN("FLV\x1\x1\0\0\0\x9\0\0\0\x9"));
-
- http_chunk_append_file(srv, con, con->physical.path, start, sce->st.st_size - start);
-
-Index: src/lighttpd-angel.c
+- if (con->request.content_length) {
++ if (c->request.content_length) {
+ buffer_append_long(b, c->request_content_queue->bytes_in);
+ buffer_append_string_len(b, CONST_STR_LEN("/"));
+ buffer_append_long(b, c->request.content_length);
+Index: src/settings.h
===================================================================
---- src/lighttpd-angel.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/lighttpd-angel.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -28,9 +28,12 @@
- static volatile sig_atomic_t graceful_restart = 0;
- static volatile pid_t pid = -1;
+--- src/settings.h (.../tags/lighttpd-1.4.29)
++++ src/settings.h (.../branches/lighttpd-1.4.x)
+@@ -21,8 +21,11 @@
+ * 64kB (no real reason, just a guess)
+ */
+ #define BUFFER_MAX_REUSE_SIZE (4 * 1024)
+-#define MAX_READ_LIMIT (4*1024*1024)
-+#define UNUSED(x) ( (void)(x) )
-+
- static void sigaction_handler(int sig, siginfo_t *si, void *context) {
- int exitcode;
-
-+ UNUSED(context);
- switch (sig) {
- case SIGINT:
- case SIGTERM:
-@@ -60,6 +63,8 @@
- int is_shutdown = 0;
- struct sigaction act;
-
-+ UNUSED(argc);
++/* both should be way smaller than SSIZE_MAX :) */
++#define MAX_READ_LIMIT (256*1024)
++#define MAX_WRITE_LIMIT (256*1024)
+
- /**
- * we are running as root BEWARE
- */
-Index: src/mod_rrdtool.c
-===================================================================
---- src/mod_rrdtool.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/mod_rrdtool.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -148,6 +148,8 @@
- args[i++] = dash;
- args[i++] = NULL;
-
-+ openDevNull(STDERR_FILENO);
-+
- /* we don't need the client socket */
- for (i = 3; i < 256; i++) {
- close(i);
-@@ -156,7 +158,7 @@
- /* exec the cgi */
- execv(args[0], args);
-
-- log_error_write(srv, __FILE__, __LINE__, "sss", "spawing rrdtool failed: ", strerror(errno), args[0]);
-+ /* log_error_write(srv, __FILE__, __LINE__, "sss", "spawing rrdtool failed: ", strerror(errno), args[0]); */
-
- /* */
- SEGFAULT();
-@@ -202,24 +204,25 @@
- int r ;
- /* create a new one */
-
-- BUFFER_COPY_STRING_CONST(p->cmd, "create ");
-+ buffer_copy_string_len(p->cmd, CONST_STR_LEN("create "));
- buffer_append_string_buffer(p->cmd, s->path_rrd);
-- buffer_append_string(p->cmd, " --step 60 ");
-- buffer_append_string(p->cmd, "DS:InOctets:ABSOLUTE:600:U:U ");
-- buffer_append_string(p->cmd, "DS:OutOctets:ABSOLUTE:600:U:U ");
-- buffer_append_string(p->cmd, "DS:Requests:ABSOLUTE:600:U:U ");
-- buffer_append_string(p->cmd, "RRA:AVERAGE:0.5:1:600 ");
-- buffer_append_string(p->cmd, "RRA:AVERAGE:0.5:6:700 ");
-- buffer_append_string(p->cmd, "RRA:AVERAGE:0.5:24:775 ");
-- buffer_append_string(p->cmd, "RRA:AVERAGE:0.5:288:797 ");
-- buffer_append_string(p->cmd, "RRA:MAX:0.5:1:600 ");
-- buffer_append_string(p->cmd, "RRA:MAX:0.5:6:700 ");
-- buffer_append_string(p->cmd, "RRA:MAX:0.5:24:775 ");
-- buffer_append_string(p->cmd, "RRA:MAX:0.5:288:797 ");
-- buffer_append_string(p->cmd, "RRA:MIN:0.5:1:600 ");
-- buffer_append_string(p->cmd, "RRA:MIN:0.5:6:700 ");
-- buffer_append_string(p->cmd, "RRA:MIN:0.5:24:775 ");
-- buffer_append_string(p->cmd, "RRA:MIN:0.5:288:797\n");
-+ buffer_append_string_len(p->cmd, CONST_STR_LEN(
-+ " --step 60 "
-+ "DS:InOctets:ABSOLUTE:600:U:U "
-+ "DS:OutOctets:ABSOLUTE:600:U:U "
-+ "DS:Requests:ABSOLUTE:600:U:U "
-+ "RRA:AVERAGE:0.5:1:600 "
-+ "RRA:AVERAGE:0.5:6:700 "
-+ "RRA:AVERAGE:0.5:24:775 "
-+ "RRA:AVERAGE:0.5:288:797 "
-+ "RRA:MAX:0.5:1:600 "
-+ "RRA:MAX:0.5:6:700 "
-+ "RRA:MAX:0.5:24:775 "
-+ "RRA:MAX:0.5:288:797 "
-+ "RRA:MIN:0.5:1:600 "
-+ "RRA:MIN:0.5:6:700 "
-+ "RRA:MIN:0.5:24:775 "
-+ "RRA:MIN:0.5:288:797\n"));
-
- if (-1 == (r = write(p->write_fd, p->cmd->ptr, p->cmd->used - 1))) {
- log_error_write(srv, __FILE__, __LINE__, "ss",
-@@ -372,15 +375,15 @@
-
- if (HANDLER_GO_ON != mod_rrdtool_create_rrd(srv, p, s)) return HANDLER_ERROR;
-
-- BUFFER_COPY_STRING_CONST(p->cmd, "update ");
-+ buffer_copy_string_len(p->cmd, CONST_STR_LEN("update "));
- buffer_append_string_buffer(p->cmd, s->path_rrd);
-- BUFFER_APPEND_STRING_CONST(p->cmd, " N:");
-+ buffer_append_string_len(p->cmd, CONST_STR_LEN(" N:"));
- buffer_append_off_t(p->cmd, s->bytes_read);
-- BUFFER_APPEND_STRING_CONST(p->cmd, ":");
-+ buffer_append_string_len(p->cmd, CONST_STR_LEN(":"));
- buffer_append_off_t(p->cmd, s->bytes_written);
-- BUFFER_APPEND_STRING_CONST(p->cmd, ":");
-+ buffer_append_string_len(p->cmd, CONST_STR_LEN(":"));
- buffer_append_long(p->cmd, s->requests);
-- BUFFER_APPEND_STRING_CONST(p->cmd, "\n");
-+ buffer_append_string_len(p->cmd, CONST_STR_LEN("\n"));
-
- if (-1 == (r = write(p->write_fd, p->cmd->ptr, p->cmd->used - 1))) {
- p->rrdtool_running = 0;
-Index: src/mod_ssi_expr.c
+ /**
+ * max size of the HTTP request header
+ *
+Index: src/mod_cml_lua.c
===================================================================
---- src/mod_ssi_expr.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/mod_ssi_expr.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -59,7 +59,7 @@
- t->offset++;
- t->line_pos++;
+--- src/mod_cml_lua.c (.../tags/lighttpd-1.4.29)
++++ src/mod_cml_lua.c (.../branches/lighttpd-1.4.x)
+@@ -11,18 +11,6 @@
+ #include <time.h>
+ #include <string.h>
-- buffer_copy_string(token, "(=)");
-+ buffer_copy_string_len(token, CONST_STR_LEN("(=)"));
+-#ifdef USE_OPENSSL
+-# include <openssl/md5.h>
+-#else
+-# include "md5.h"
+-
+-typedef li_MD5_CTX MD5_CTX;
+-#define MD5_Init li_MD5_Init
+-#define MD5_Update li_MD5_Update
+-#define MD5_Final li_MD5_Final
+-
+-#endif
+-
+ #define HASHLEN 16
+ typedef unsigned char HASH[HASHLEN];
+ #define HASHHEXLEN 32
+Index: src/mod_fastcgi.c
+===================================================================
+--- src/mod_fastcgi.c (.../tags/lighttpd-1.4.29)
++++ src/mod_fastcgi.c (.../branches/lighttpd-1.4.x)
+@@ -3075,7 +3075,7 @@
+ fcgi_set_state(srv, hctx, FCGI_STATE_WRITE);
+ /* fall through */
+ case FCGI_STATE_WRITE:
+- ret = srv->network_backend_write(srv, con, hctx->fd, hctx->wb);
++ ret = srv->network_backend_write(srv, con, hctx->fd, hctx->wb, MAX_WRITE_LIMIT);
- break;
- case '>':
-@@ -69,14 +69,14 @@
+ chunkqueue_remove_finished_chunks(hctx->wb);
- tid = TK_GE;
+@@ -3132,7 +3132,6 @@
+ plugin_data *p = p_d;
-- buffer_copy_string(token, "(>=)");
-+ buffer_copy_string_len(token, CONST_STR_LEN("(>=)"));
- } else {
- t->offset += 1;
- t->line_pos += 1;
+ handler_ctx *hctx = con->plugin_ctx[p->id];
+- fcgi_proc *proc;
+ fcgi_extension_host *host;
- tid = TK_GT;
+ if (NULL == hctx) return HANDLER_GO_ON;
+@@ -3201,7 +3200,6 @@
+ /* ok, create the request */
+ switch(fcgi_write_request(srv, hctx)) {
+ case HANDLER_ERROR:
+- proc = hctx->proc;
+ host = hctx->host;
-- buffer_copy_string(token, "(>)");
-+ buffer_copy_string_len(token, CONST_STR_LEN("(>)"));
- }
+ if (hctx->state == FCGI_STATE_INIT ||
+Index: src/network_solaris_sendfilev.c
+===================================================================
+--- src/network_solaris_sendfilev.c (.../tags/lighttpd-1.4.29)
++++ src/network_solaris_sendfilev.c (.../branches/lighttpd-1.4.x)
+@@ -38,17 +38,16 @@
+ */
- break;
-@@ -87,14 +87,14 @@
- tid = TK_LE;
+-int network_write_chunkqueue_solarissendfilev(server *srv, connection *con, int fd, chunkqueue *cq) {
++int network_write_chunkqueue_solarissendfilev(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes) {
+ chunk *c;
+- size_t chunks_written = 0;
-- buffer_copy_string(token, "(<=)");
-+ buffer_copy_string_len(token, CONST_STR_LEN("(<=)"));
- } else {
- t->offset += 1;
- t->line_pos += 1;
+- for(c = cq->first; c; c = c->next, chunks_written++) {
++ for(c = cq->first; (max_bytes > 0) && (NULL != c); c = c->next) {
+ int chunk_finished = 0;
- tid = TK_LT;
+ switch(c->type) {
+ case MEM_CHUNK: {
+ char * offset;
+- size_t toSend;
++ off_t toSend;
+ ssize_t r;
-- buffer_copy_string(token, "(<)");
-+ buffer_copy_string_len(token, CONST_STR_LEN("(<)"));
- }
+ size_t num_chunks, i;
+@@ -77,9 +76,9 @@
+ chunks[i].iov_base = offset;
- break;
-@@ -106,14 +106,14 @@
+ /* protect the return value of writev() */
+- if (toSend > SSIZE_MAX ||
+- num_bytes + toSend > SSIZE_MAX) {
+- chunks[i].iov_len = SSIZE_MAX - num_bytes;
++ if (toSend > max_bytes ||
++ (off_t) num_bytes + toSend > max_bytes) {
++ chunks[i].iov_len = max_bytes - num_bytes;
- tid = TK_NE;
+ num_chunks = i + 1;
+ break;
+@@ -119,11 +118,10 @@
-- buffer_copy_string(token, "(!=)");
-+ buffer_copy_string_len(token, CONST_STR_LEN("(!=)"));
- } else {
- t->offset += 1;
- t->line_pos += 1;
+ if (chunk_finished) {
+ /* skip the chunks from further touches */
+- chunks_written++;
+ c = c->next;
+ } else {
+ /* chunks_written + c = c->next is done in the for()*/
+- chunk_finished++;
++ chunk_finished = 1;
+ }
+ } else {
+ /* partially written */
+@@ -139,8 +137,8 @@
+ }
+ case FILE_CHUNK: {
+ ssize_t r;
+- off_t offset;
+- size_t toSend, written;
++ off_t offset, toSend;
++ size_t written;
+ sendfilevec_t fvec;
+ stat_cache_entry *sce = NULL;
+ int ifd;
+@@ -153,6 +151,7 @@
- tid = TK_NOT;
+ offset = c->file.start + c->offset;
+ toSend = c->file.length - c->offset;
++ if (toSend > max_bytes) toSend = max_bytes;
-- buffer_copy_string(token, "(!)");
-+ buffer_copy_string_len(token, CONST_STR_LEN("(!)"));
- }
+ if (offset > sce->st.st_size) {
+ log_error_write(srv, __FILE__, __LINE__, "sb", "file was shrinked:", c->file.name);
+@@ -186,6 +185,7 @@
+ close(ifd);
+ c->offset += written;
+ cq->bytes_out += written;
++ max_bytes -= written;
- break;
-@@ -124,7 +124,7 @@
+ if (c->offset == c->file.length) {
+ chunk_finished = 1;
+@@ -207,7 +207,7 @@
+ }
+ }
- tid = TK_AND;
+- return chunks_written;
++ return 0;
+ }
-- buffer_copy_string(token, "(&&)");
-+ buffer_copy_string_len(token, CONST_STR_LEN("(&&)"));
- } else {
- log_error_write(srv, __FILE__, __LINE__, "sds",
- "pos:", t->line_pos,
-@@ -140,7 +140,7 @@
+ #endif
+Index: src/CMakeLists.txt
+===================================================================
+Index: src/mod_dirlisting.c
+===================================================================
+--- src/mod_dirlisting.c (.../tags/lighttpd-1.4.29)
++++ src/mod_dirlisting.c (.../branches/lighttpd-1.4.x)
+@@ -657,7 +657,8 @@
+ i = dir->used - 1;
+
+ #ifdef HAVE_PATHCONF
+- if (-1 == (name_max = pathconf(dir->ptr, _PC_NAME_MAX))) {
++ if (0 >= (name_max = pathconf(dir->ptr, _PC_NAME_MAX))) {
++ /* some broken fs (fuse) return 0 instead of -1 */
+ #ifdef NAME_MAX
+ name_max = NAME_MAX;
+ #else
+Index: src/network_linux_sendfile.c
+===================================================================
+--- src/network_linux_sendfile.c (.../tags/lighttpd-1.4.29)
++++ src/network_linux_sendfile.c (.../branches/lighttpd-1.4.x)
+@@ -27,17 +27,16 @@
+ /* on linux 2.4.29 + debian/ubuntu we have crashes if this is enabled */
+ #undef HAVE_POSIX_FADVISE
+
+-int network_write_chunkqueue_linuxsendfile(server *srv, connection *con, int fd, chunkqueue *cq) {
++int network_write_chunkqueue_linuxsendfile(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes) {
+ chunk *c;
+- size_t chunks_written = 0;
+
+- for(c = cq->first; c; c = c->next, chunks_written++) {
++ for(c = cq->first; (max_bytes > 0) && (NULL != c); c = c->next) {
+ int chunk_finished = 0;
+
+ switch(c->type) {
+ case MEM_CHUNK: {
+ char * offset;
+- size_t toSend;
++ off_t toSend;
+ ssize_t r;
+
+ size_t num_chunks, i;
+@@ -45,12 +44,10 @@
+ chunk *tc;
+ size_t num_bytes = 0;
+
+- /* we can't send more then SSIZE_MAX bytes in one chunk */
+-
+ /* build writev list
+ *
+ * 1. limit: num_chunks < UIO_MAXIOV
+- * 2. limit: num_bytes < SSIZE_MAX
++ * 2. limit: num_bytes < max_bytes
+ */
+ for (num_chunks = 0, tc = c;
+ tc && tc->type == MEM_CHUNK && num_chunks < UIO_MAXIOV;
+@@ -67,9 +64,9 @@
+ chunks[i].iov_base = offset;
+
+ /* protect the return value of writev() */
+- if (toSend > SSIZE_MAX ||
+- num_bytes + toSend > SSIZE_MAX) {
+- chunks[i].iov_len = SSIZE_MAX - num_bytes;
++ if (toSend > max_bytes ||
++ (off_t) num_bytes + toSend > max_bytes) {
++ chunks[i].iov_len = max_bytes - num_bytes;
+
+ num_chunks = i + 1;
+ break;
+@@ -100,6 +97,7 @@
- tid = TK_OR;
+ /* check which chunks have been written */
+ cq->bytes_out += r;
++ max_bytes -= r;
-- buffer_copy_string(token, "(||)");
-+ buffer_copy_string_len(token, CONST_STR_LEN("(||)"));
- } else {
- log_error_write(srv, __FILE__, __LINE__, "sds",
- "pos:", t->line_pos,
-@@ -183,7 +183,7 @@
+ for(i = 0, tc = c; i < num_chunks; i++, tc = tc->next) {
+ if (r >= (ssize_t)chunks[i].iov_len) {
+@@ -109,11 +107,10 @@
- tid = TK_LPARAN;
+ if (chunk_finished) {
+ /* skip the chunks from further touches */
+- chunks_written++;
+ c = c->next;
+ } else {
+ /* chunks_written + c = c->next is done in the for()*/
+- chunk_finished++;
++ chunk_finished = 1;
+ }
+ } else {
+ /* partially written */
+@@ -130,13 +127,12 @@
+ case FILE_CHUNK: {
+ ssize_t r;
+ off_t offset;
+- size_t toSend;
++ off_t toSend;
+ stat_cache_entry *sce = NULL;
-- buffer_copy_string(token, "(");
-+ buffer_copy_string_len(token, CONST_STR_LEN("("));
- break;
- case ')':
- t->offset++;
-@@ -191,7 +191,7 @@
+ offset = c->file.start + c->offset;
+- /* limit the toSend to 2^31-1 bytes in a chunk */
+- toSend = c->file.length - c->offset > ((1 << 30) - 1) ?
+- ((1 << 30) - 1) : c->file.length - c->offset;
++ toSend = c->file.length - c->offset;
++ if (toSend > max_bytes) toSend = max_bytes;
- tid = TK_RPARAN;
+ /* open file if not already opened */
+ if (-1 == c->file.fd) {
+@@ -215,6 +211,7 @@
-- buffer_copy_string(token, ")");
-+ buffer_copy_string_len(token, CONST_STR_LEN(")"));
- break;
- case '$':
- if (t->input[t->offset + 1] == '{') {
-@@ -219,7 +219,7 @@
- } else if (NULL != (ds = (data_string *)array_get_element(p->ssi_vars, token->ptr))) {
- buffer_copy_string_buffer(token, ds->value);
- } else {
-- buffer_copy_string(token, "");
-+ buffer_copy_string_len(token, CONST_STR_LEN(""));
- }
+ c->offset += r;
+ cq->bytes_out += r;
++ max_bytes -= r;
- t->offset += i;
-Index: src/stat_cache.c
-===================================================================
---- src/stat_cache.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/stat_cache.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -445,7 +445,9 @@
- /* dir-check */
- if (srv->srvconf.stat_cache_engine == STAT_CACHE_ENGINE_FAM) {
- if (0 != buffer_copy_dirname(sc->dir_name, name)) {
-- SEGFAULT();
-+ log_error_write(srv, __FILE__, __LINE__, "sb",
-+ "no '/' found in filename:", name);
-+ return HANDLER_ERROR;
+ if (c->offset == c->file.length) {
+ chunk_finished = 1;
+@@ -243,7 +240,7 @@
}
-
- buffer_copy_string_buffer(sc->hash_key, sc->dir_name);
-Index: src/response.c
-===================================================================
---- src/response.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/response.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -35,21 +35,25 @@
- b = chunkqueue_get_prepend_buffer(con->write_queue);
-
- if (con->request.http_version == HTTP_VERSION_1_1) {
-- BUFFER_COPY_STRING_CONST(b, "HTTP/1.1 ");
-+ buffer_copy_string_len(b, CONST_STR_LEN("HTTP/1.1 "));
- } else {
-- BUFFER_COPY_STRING_CONST(b, "HTTP/1.0 ");
-+ buffer_copy_string_len(b, CONST_STR_LEN("HTTP/1.0 "));
- }
- buffer_append_long(b, con->http_status);
-- BUFFER_APPEND_STRING_CONST(b, " ");
-+ buffer_append_string_len(b, CONST_STR_LEN(" "));
- buffer_append_string(b, get_http_status_name(con->http_status));
-
- if (con->request.http_version != HTTP_VERSION_1_1 || con->keep_alive == 0) {
-- BUFFER_APPEND_STRING_CONST(b, "\r\nConnection: ");
-- buffer_append_string(b, con->keep_alive ? "keep-alive" : "close");
-+ buffer_append_string_len(b, CONST_STR_LEN("\r\nConnection: "));
-+ if (con->keep_alive) {
-+ buffer_append_string_len(b, CONST_STR_LEN("keep-alive"));
-+ } else {
-+ buffer_append_string_len(b, CONST_STR_LEN("close"));
-+ }
}
- if (con->response.transfer_encoding & HTTP_TRANSFER_ENCODING_CHUNKED) {
-- BUFFER_APPEND_STRING_CONST(b, "\r\nTransfer-Encoding: chunked");
-+ buffer_append_string_len(b, CONST_STR_LEN("\r\nTransfer-Encoding: chunked"));
- }
+- return chunks_written;
++ return 0;
+ }
+ #endif
+Index: tests/mod-auth.t
+===================================================================
+--- tests/mod-auth.t (.../tags/lighttpd-1.4.29)
++++ tests/mod-auth.t (.../branches/lighttpd-1.4.x)
+@@ -8,7 +8,7 @@
-@@ -60,14 +64,15 @@
- ds = (data_string *)con->response.headers->data[i];
-
- if (ds->value->used && ds->key->used &&
-- 0 != strncmp(ds->key->ptr, "X-LIGHTTPD-", sizeof("X-LIGHTTPD-") - 1) &&
-- 0 != strncmp(ds->key->ptr, "X-Sendfile", sizeof("X-Sendfile") - 1)) {
-- if (buffer_is_equal_string(ds->key, CONST_STR_LEN("Date"))) have_date = 1;
-- if (buffer_is_equal_string(ds->key, CONST_STR_LEN("Server"))) have_server = 1;
-+ 0 != strncasecmp(ds->key->ptr, CONST_STR_LEN("X-LIGHTTPD-")) &&
-+ 0 != strcasecmp(ds->key->ptr, "X-Sendfile")) {
-+ if (0 == strcasecmp(ds->key->ptr, "Date")) have_date = 1;
-+ if (0 == strcasecmp(ds->key->ptr, "Server")) have_server = 1;
-+ if (0 == strcasecmp(ds->key->ptr, "Content-Encoding") && 304 == con->http_status) continue;
-
-- BUFFER_APPEND_STRING_CONST(b, "\r\n");
-+ buffer_append_string_len(b, CONST_STR_LEN("\r\n"));
- buffer_append_string_buffer(b, ds->key);
-- BUFFER_APPEND_STRING_CONST(b, ": ");
-+ buffer_append_string_len(b, CONST_STR_LEN(": "));
- #if 0
- /**
- * the value might contain newlines, encode them with at least one white-space
-@@ -81,7 +86,7 @@
-
- if (!have_date) {
- /* HTTP/1.1 requires a Date: header */
-- BUFFER_APPEND_STRING_CONST(b, "\r\nDate: ");
-+ buffer_append_string_len(b, CONST_STR_LEN("\r\nDate: "));
-
- /* cache the generated timestamp */
- if (srv->cur_ts != srv->last_generated_date_ts) {
-@@ -100,14 +105,14 @@
-
- if (!have_server) {
- if (buffer_is_empty(con->conf.server_tag)) {
-- BUFFER_APPEND_STRING_CONST(b, "\r\nServer: " PACKAGE_NAME "/" PACKAGE_VERSION);
-- } else {
-- BUFFER_APPEND_STRING_CONST(b, "\r\nServer: ");
-+ buffer_append_string_len(b, CONST_STR_LEN("\r\nServer: " PACKAGE_NAME "/" PACKAGE_VERSION));
-+ } else if (con->conf.server_tag->used > 1) {
-+ buffer_append_string_len(b, CONST_STR_LEN("\r\nServer: "));
- buffer_append_string_encoded(b, CONST_BUF_LEN(con->conf.server_tag), ENCODING_HTTP_HEADER);
- }
- }
+ use strict;
+ use IO::Socket;
+-use Test::More tests => 14;
++use Test::More tests => 15;
+ use LightyTest;
-- BUFFER_APPEND_STRING_CONST(b, "\r\n\r\n");
-+ buffer_append_string_len(b, CONST_STR_LEN("\r\n\r\n"));
+ my $tf = LightyTest->new();
+@@ -25,6 +25,14 @@
+ $t->{REQUEST} = ( <<EOF
+ GET /server-status HTTP/1.0
++Authorization: Basic \x80mFuOmphb
++EOF
++ );
++$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ];
++ok($tf->handle_http($t) == 0, 'Basic-Auth: Invalid base64 Auth-token');
++
++$t->{REQUEST} = ( <<EOF
++GET /server-status HTTP/1.0
+ Authorization: Basic amFuOmphb
+ EOF
+ );
+Index: tests/request.t
+===================================================================
+--- tests/request.t (.../tags/lighttpd-1.4.29)
++++ tests/request.t (.../branches/lighttpd-1.4.x)
+@@ -8,7 +8,7 @@
- con->bytes_header = b->used - 1;
-@@ -152,7 +157,7 @@
- * */
+ use strict;
+ use IO::Socket;
+-use Test::More tests => 44;
++use Test::More tests => 46;
+ use LightyTest;
- config_cond_cache_reset(srv, con);
-- config_setup_connection(srv, con); // Perhaps this could be removed at other places.
-+ config_setup_connection(srv, con); /* Perhaps this could be removed at other places. */
+ my $tf = LightyTest->new();
+@@ -413,5 +413,21 @@
+ $t->{SLOWREQUEST} = 1;
+ ok($tf->handle_http($t) == 0, 'GET, slow \\r\\n\\r\\n (#2105)');
- if (con->conf.log_condition_handling) {
- log_error_write(srv, __FILE__, __LINE__, "s", "run condition");
-@@ -181,7 +186,11 @@
- *
- */
++print "\nPathinfo for static files\n";
++$t->{REQUEST} = ( <<EOF
++GET /image.jpg/index.php HTTP/1.0
++EOF
++ );
++$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200, 'Content-Type' => 'image/jpeg' } ];
++ok($tf->handle_http($t) == 0, 'static file accepting pathinfo by default');
++
++$t->{REQUEST} = ( <<EOF
++GET /image.jpg/index.php HTTP/1.0
++Host: zzz.example.org
++EOF
++ );
++$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 403 } ];
++ok($tf->handle_http($t) == 0, 'static file with forbidden pathinfo');
++
+ ok($tf->stop_proc == 0, "Stopping lighttpd");
-- buffer_copy_string(con->uri.scheme, con->conf.is_ssl ? "https" : "http");
-+ if (con->conf.is_ssl) {
-+ buffer_copy_string_len(con->uri.scheme, CONST_STR_LEN("https"));
-+ } else {
-+ buffer_copy_string_len(con->uri.scheme, CONST_STR_LEN("http"));
-+ }
- buffer_copy_string_buffer(con->uri.authority, con->request.http_host);
- buffer_to_lower(con->uri.authority);
+Index: tests/wrapper.sh
+===================================================================
+--- tests/wrapper.sh (.../tags/lighttpd-1.4.29)
++++ tests/wrapper.sh (.../branches/lighttpd-1.4.x)
+@@ -6,4 +6,4 @@
+ top_builddir=$2
+ export SHELL srcdir top_builddir
-@@ -224,27 +233,6 @@
- }
+-$3
++exec $3
+Index: tests/lighttpd.conf
+===================================================================
+--- tests/lighttpd.conf (.../tags/lighttpd-1.4.29)
++++ tests/lighttpd.conf (.../branches/lighttpd-1.4.x)
+@@ -149,6 +149,7 @@
+ $HTTP["host"] == "zzz.example.org" {
+ server.document-root = env.SRCDIR + "/tmp/lighttpd/servers/www.example.org/pages/"
+ server.name = "zzz.example.org"
++ static-file.disable-pathinfo = "enable"
+ }
+ $HTTP["host"] == "symlink.example.org" {
+Index: configure.ac
+===================================================================
+Index: doc/config/lighttpd.conf
+===================================================================
+--- doc/config/lighttpd.conf (.../tags/lighttpd-1.4.29)
++++ doc/config/lighttpd.conf (.../branches/lighttpd-1.4.x)
+@@ -394,6 +394,25 @@
+ ## $SERVER["socket"] == "10.0.0.1:443" {
+ ## ssl.engine = "enable"
+ ## ssl.pemfile = "/etc/ssl/private/www.example.com.pem"
++## #
++## # Mitigate BEAST attack:
++## #
++## # A stricter base cipher suite. For details see:
++## # http://blog.ivanristic.com/2011/10/mitigating-the-beast-attack-on-tls.html
++## #
++## ssl.ciphers = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
++## #
++## # Make the server prefer the order of the server side cipher suite instead of the client suite.
++## # This is necessary to mitigate the BEAST attack (unless you disable all non RC4 algorithms).
++## # This option is enabled by default, but only used if ssl.ciphers is set.
++## #
++## # ssl.honor-cipher-order = "enable"
++## #
++## # Mitigate CVE-2009-3555 by disabling client triggered renegotation
++## # This is enabled by default.
++## #
++## # ssl.disable-client-renegotiation = "enable"
++## #
+ ## server.name = "www.example.com"
+ ##
+ ## server.document-root = "/srv/www/vhosts/example.com/www/"
+Index: SConstruct
+===================================================================
+Index: NEWS
+===================================================================
+--- NEWS (.../tags/lighttpd-1.4.29)
++++ NEWS (.../branches/lighttpd-1.4.x)
+@@ -3,7 +3,20 @@
+ NEWS
+ ====
-- /**
-- *
-- * call plugins
-- *
-- * - based on the raw URL
-- *
-- */
--
-- switch(r = plugins_call_handle_uri_raw(srv, con)) {
-- case HANDLER_GO_ON:
-- break;
-- case HANDLER_FINISHED:
-- case HANDLER_COMEBACK:
-- case HANDLER_WAIT_FOR_EVENT:
-- case HANDLER_ERROR:
-- return r;
-- default:
-- log_error_write(srv, __FILE__, __LINE__, "sd", "handle_uri_raw: unknown return value", r);
-- break;
-- }
--
- /* build filename
- *
- * - decode url-encodings (e.g. %20 -> ' ')
-@@ -252,7 +240,6 @@
- */
-
-
--
- if (con->request.http_method == HTTP_METHOD_OPTIONS &&
- con->uri.path_raw->ptr[0] == '*' && con->uri.path_raw->ptr[1] == '\0') {
- /* OPTIONS * ... */
-@@ -268,10 +255,32 @@
- log_error_write(srv, __FILE__, __LINE__, "sb", "URI-path : ", con->uri.path);
- }
-
-+
- /**
- *
- * call plugins
- *
-+ * - based on the raw URL
-+ *
-+ */
-+
-+ switch(r = plugins_call_handle_uri_raw(srv, con)) {
-+ case HANDLER_GO_ON:
-+ break;
-+ case HANDLER_FINISHED:
-+ case HANDLER_COMEBACK:
-+ case HANDLER_WAIT_FOR_EVENT:
-+ case HANDLER_ERROR:
-+ return r;
-+ default:
-+ log_error_write(srv, __FILE__, __LINE__, "sd", "handle_uri_raw: unknown return value", r);
-+ break;
-+ }
-+
-+ /**
-+ *
-+ * call plugins
-+ *
- * - based on the clean URL
- *
- */
-Index: src/plugin.c
-===================================================================
---- src/plugin.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/plugin.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -131,12 +131,12 @@
-
- buffer_copy_string_buffer(srv->tmp_buf, srv->srvconf.modules_dir);
-
-- buffer_append_string(srv->tmp_buf, "/");
-+ buffer_append_string_len(srv->tmp_buf, CONST_STR_LEN("/"));
- buffer_append_string(srv->tmp_buf, modules);
- #if defined(__WIN32) || defined(__CYGWIN__)
-- buffer_append_string(srv->tmp_buf, ".dll");
-+ buffer_append_string_len(srv->tmp_buf, CONST_STR_LEN(".dll"));
- #else
-- buffer_append_string(srv->tmp_buf, ".so");
-+ buffer_append_string_len(srv->tmp_buf, CONST_STR_LEN(".so"));
- #endif
-
- p = plugin_init();
-@@ -173,7 +173,7 @@
- #endif
- buffer_reset(srv->tmp_buf);
- buffer_copy_string(srv->tmp_buf, modules);
-- buffer_append_string(srv->tmp_buf, "_plugin_init");
-+ buffer_append_string_len(srv->tmp_buf, CONST_STR_LEN("_plugin_init"));
-
- #ifdef __WIN32
- init = GetProcAddress(p->lib, srv->tmp_buf->ptr);
-@@ -197,7 +197,7 @@
-
- #else
- #if 1
-- init = (int (*)(plugin *))dlsym(p->lib, srv->tmp_buf->ptr);
-+ init = (int (*)(plugin *))(intptr_t)dlsym(p->lib, srv->tmp_buf->ptr);
- #else
- *(void **)(&init) = dlsym(p->lib, srv->tmp_buf->ptr);
- #endif
-Index: src/SConscript
-===================================================================
---- src/SConscript (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/SConscript (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -43,6 +43,7 @@
- 'mod_cgi' : { 'src' : [ 'mod_cgi.c' ] },
- 'mod_fastcgi' : { 'src' : [ 'mod_fastcgi.c' ] },
- 'mod_scgi' : { 'src' : [ 'mod_scgi.c' ] },
-+ 'mod_extforward' : { 'src' : [ 'mod_extforward.c' ] },
- 'mod_staticfile' : { 'src' : [ 'mod_staticfile.c' ] },
- 'mod_dirlisting' : { 'src' : [ 'mod_dirlisting.c' ], 'lib' : [ env['LIBPCRE'] ] },
- 'mod_indexfile' : { 'src' : [ 'mod_indexfile.c' ] },
-Index: src/buffer.c
-===================================================================
---- src/buffer.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/buffer.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -55,6 +55,8 @@
- free(b->ptr);
- b->ptr = NULL;
- b->size = 0;
-+ } else if (b->size) {
-+ b->ptr[0] = '\0';
- }
-
- b->used = 0;
-@@ -626,6 +628,7 @@
- return 0;
- }
-
-+/* everything except: ! ( ) * - . 0-9 A-Z _ a-z */
- const char encoded_chars_rel_uri_part[] = {
- /*
- 0 1 2 3 4 5 6 7 8 9 A B C D E F
-@@ -633,11 +636,11 @@
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* 00 - 0F control chars */
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* 10 - 1F */
- 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, /* 20 - 2F space " # $ % & ' + , / */
-- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, /* 30 - 3F : ; = ? @ < > */
-- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 40 - 4F */
-- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 50 - 5F */
-- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 60 - 6F */
-- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, /* 70 - 7F DEL */
-+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, /* 30 - 3F : ; < = > ? */
-+ 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 40 - 4F @ */
-+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 0, /* 50 - 5F [ \ ] ^ */
-+ 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 60 - 6F ` */
-+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, /* 70 - 7F { | } ~ DEL */
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* 80 - 8F */
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* 90 - 9F */
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* A0 - AF */
-@@ -648,18 +651,19 @@
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* F0 - FF */
- };
-
-+/* everything except: ! ( ) * - . / 0-9 A-Z _ a-z */
- const char encoded_chars_rel_uri[] = {
- /*
- 0 1 2 3 4 5 6 7 8 9 A B C D E F
- */
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* 00 - 0F control chars */
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* 10 - 1F */
-- 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 1, 0, 0, 0, /* 20 - 2F space " # $ % & ' + , / */
-- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, /* 30 - 3F : ; = ? @ < > */
-- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 40 - 4F */
-- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 50 - 5F */
-- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 60 - 6F */
-- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, /* 70 - 7F DEL */
-+ 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 1, 0, 0, 0, /* 20 - 2F space " # $ % & ' + , */
-+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, /* 30 - 3F : ; < = > ? */
-+ 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 40 - 4F @ */
-+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 0, /* 50 - 5F [ \ ] ^ */
-+ 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 60 - 6F ` */
-+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, /* 70 - 7F { | } ~ DEL */
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* 80 - 8F */
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* 90 - 9F */
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* A0 - AF */
-Index: src/mod_userdir.c
-===================================================================
---- src/mod_userdir.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/mod_userdir.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -262,6 +262,9 @@
- return HANDLER_GO_ON;
- }
- }
-+ if (con->conf.force_lowercase_filenames) {
-+ buffer_to_lower(p->username);
-+ }
-
- buffer_copy_string_buffer(p->temp_path, p->conf.basepath);
- BUFFER_APPEND_SLASH(p->temp_path);
-@@ -284,8 +287,24 @@
- }
- }
-
-+ /* the physical rel_path is basically the same as uri.path;
-+ * but it is converted to lowercase in case of force_lowercase_filenames and some special handling
-+ * for trailing '.', ' ' and '/' on windows
-+ * we assume that no docroot/physical handler changed this
-+ * (docroot should only set the docroot/server name, phyiscal should only change the phyiscal.path;
-+ * the exception mod_secure_download doesn't work with userdir anyway)
-+ */
- BUFFER_APPEND_SLASH(p->temp_path);
-- buffer_append_string(p->temp_path, rel_url + 1); /* skip the / */
-+ /* if no second '/' is found, we assume that it was stripped from the uri.path for the special handling
-+ * on windows.
-+ * we do not care about the trailing slash here on windows, as we already ensured it is a directory
-+ *
-+ * TODO: what to do with trailing dots in usernames on windows? they may result in the same directory
-+ * as a username without them.
-+ */
-+ if (NULL != (rel_url = strchr(con->physical.rel_path->ptr + 2, '/'))) {
-+ buffer_append_string(p->temp_path, rel_url + 1); /* skip the / */
-+ }
- buffer_copy_string_buffer(con->physical.path, p->temp_path);
-
- buffer_reset(p->temp_path);
-Index: src/mod_proxy.c
-===================================================================
---- src/mod_proxy.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/mod_proxy.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -432,10 +432,10 @@
-
- /* request line */
- buffer_copy_string(b, get_http_method_name(con->request.http_method));
-- BUFFER_APPEND_STRING_CONST(b, " ");
-+ buffer_append_string_len(b, CONST_STR_LEN(" "));
-
- buffer_append_string_buffer(b, con->request.uri);
-- BUFFER_APPEND_STRING_CONST(b, " HTTP/1.0\r\n");
-+ buffer_append_string_len(b, CONST_STR_LEN(" HTTP/1.0\r\n"));
-
- proxy_append_header(con, "X-Forwarded-For", (char *)inet_ntop_cache_get_ip(srv, &(con->dst_addr)));
- /* http_host is NOT is just a pointer to a buffer
-@@ -456,13 +456,13 @@
- if (buffer_is_equal_string(ds->key, CONST_STR_LEN("Connection"))) continue;
-
- buffer_append_string_buffer(b, ds->key);
-- BUFFER_APPEND_STRING_CONST(b, ": ");
-+ buffer_append_string_len(b, CONST_STR_LEN(": "));
- buffer_append_string_buffer(b, ds->value);
-- BUFFER_APPEND_STRING_CONST(b, "\r\n");
-+ buffer_append_string_len(b, CONST_STR_LEN("\r\n"));
- }
- }
-
-- BUFFER_APPEND_STRING_CONST(b, "\r\n");
-+ buffer_append_string_len(b, CONST_STR_LEN("\r\n"));
-
- hctx->wb->bytes_in += b->used - 1;
- /* body */
-@@ -1060,6 +1060,8 @@
- data_array *extension = NULL;
- size_t path_info_offset;
-
-+ if (con->mode != DIRECT) return HANDLER_GO_ON;
-+
- /* Possibly, we processed already this request */
- if (con->file_started == 1) return HANDLER_GO_ON;
-
-@@ -1118,7 +1120,13 @@
- log_error_write(srv, __FILE__, __LINE__, "s", "proxy - ext found");
- }
-
-- switch(p->conf.balance) {
-+ if (extension->value->used == 1) {
-+ if ( ((data_proxy *)extension->value->data[0])->is_disabled ) {
-+ ndx = -1;
-+ } else {
-+ ndx = 0;
-+ }
-+ } else if (extension->value->used != 0) switch(p->conf.balance) {
- case PROXY_BALANCE_HASH:
- /* hash balancing */
-
-@@ -1175,7 +1183,9 @@
- }
-
- break;
-- case PROXY_BALANCE_RR:
-+ case PROXY_BALANCE_RR: {
-+ data_proxy *host;
-+
- /* round robin */
- if (p->conf.debug) {
- log_error_write(srv, __FILE__, __LINE__, "s",
-@@ -1185,31 +1195,32 @@
- /* just to be sure */
- assert(extension->value->used < INT_MAX);
-
-- for (k = 0, ndx = -1, max_usage = INT_MAX; k < extension->value->used; k++) {
-- data_proxy *host = (data_proxy *)extension->value->data[k];
-+ host = (data_proxy *)extension->value->data[0];
-
-- if (host->is_disabled) continue;
-+ /* Use last_used_ndx from first host in list */
-+ k = ndx = host->last_used_ndx;
-+ if (ndx < 0) ndx = 0;
-
-- /* first usable ndx */
-- if (max_usage == INT_MAX) {
-- max_usage = k;
-- }
-+ /* Search first active host after last_used_ndx */
-+ while ( ndx < (int) extension->value->used
-+ && (host = (data_proxy *)extension->value->data[ndx])->is_disabled ) ndx++;
-
-- /* get next ndx */
-- if ((int)k > host->last_used_ndx) {
-- ndx = k;
-- host->last_used_ndx = k;
--
-- break;
-+ if (ndx >= (int) extension->value->used) {
-+ /* didn't found a higher id, wrap to the start */
-+ for (ndx = 0; ndx < (int) k; ndx++) {
-+ host = (data_proxy *)extension->value->data[ndx];
-+ if (!host->is_disabled) break;
- }
-- }
-
-- /* didn't found a higher id, wrap to the start */
-- if (ndx == -1 && max_usage != INT_MAX) {
-- ndx = max_usage;
-+ /* No active host found */
-+ if (host->is_disabled) ndx = -1;
- }
-
-+ /* Save new index for next round */
-+ ((data_proxy *)extension->value->data[0])->last_used_ndx = ndx;
-+
- break;
-+ }
- default:
- break;
- }
-Index: src/mod_extforward.c
-===================================================================
---- src/mod_extforward.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/mod_extforward.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -281,8 +281,9 @@
- static const char *last_not_in_array(array *a, plugin_data *p)
- {
- array *forwarder = p->conf.forwarder;
-+ int i;
-
-- for (int i = a->used - 1; i >= 0; i--) {
-+ for (i = a->used - 1; i >= 0; i--) {
- data_string *ds = (data_string *)a->data[i];
- const char *ip = ds->value->ptr;
-
-Index: src/Makefile.am
-===================================================================
---- src/Makefile.am (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/Makefile.am (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -3,7 +3,7 @@
- noinst_PROGRAMS=proc_open lemon # simple-fcgi #graphic evalo bench ajp ssl error_test adserver gen-license
- sbin_PROGRAMS=lighttpd lighttpd-angel
- bin_PROGRAMS=spawn-fcgi
--LEMON=$(top_builddir)/src/lemon
-+LEMON=$(top_builddir)/src/lemon$(EXEEXT)
-
- lemon_SOURCES=lemon.c
-
-@@ -15,21 +15,26 @@
- if CROSS_COMPILING
- configparser.c configparser.h:
- mod_ssi_exprparser.c mod_ssi_exprparser.h:
-+
-+.PHONY: parsers
-+parsers:
- else
--$(srcdir)/configparser.y: lemon
--$(srcdir)/mod_ssi_exprparser.y: lemon
--
--configparser.c configparser.h: $(srcdir)/configparser.y
-+configparser.h: configparser.c
-+configparser.c: $(srcdir)/configparser.y $(srcdir)/lempar.c lemon$(EXEEXT)
- rm -f configparser.h
- $(LEMON) -q $(srcdir)/configparser.y $(srcdir)/lempar.c
-
--mod_ssi_exprparser.c mod_ssi_exprparser.h: $(srcdir)/mod_ssi_exprparser.y
-+mod_ssi_exprparser.h: mod_ssi_exprparser.c
-+mod_ssi_exprparser.c: $(srcdir)/mod_ssi_exprparser.y $(srcdir)/lempar.c lemon$(EXEEXT)
- rm -f mod_ssi_exprparser.h
- $(LEMON) -q $(srcdir)/mod_ssi_exprparser.y $(srcdir)/lempar.c
-+
-+.PHONY: parsers
-+parsers: configparser.c mod_ssi_exprparser.c
- endif
-
--$(srcdir)/configfile.c: configparser.h
--$(srcdir)/mod_ssi_expr.c: mod_ssi_exprparser.h
-+BUILT_SOURCES = parsers
-+MAINTAINERCLEANFILES = configparser.c configparser.h mod_ssi_exprparser.c mod_ssi_exprparser.h
-
- common_src=buffer.c log.c \
- keyvalue.c chunk.c \
-Index: src/mod_expire.c
-===================================================================
---- src/mod_expire.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/mod_expire.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -339,7 +339,7 @@
- response_header_overwrite(srv, con, CONST_STR_LEN("Expires"), CONST_BUF_LEN(p->expire_tstmp));
-
- /* HTTP/1.1 */
-- buffer_copy_string(p->expire_tstmp, "max-age=");
-+ buffer_copy_string_len(p->expire_tstmp, CONST_STR_LEN("max-age="));
- buffer_append_long(p->expire_tstmp, ts);
-
- response_header_overwrite(srv, con, CONST_STR_LEN("Cache-Control"), CONST_BUF_LEN(p->expire_tstmp));
-Index: src/network_openssl.c
-===================================================================
---- src/network_openssl.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/network_openssl.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -85,6 +85,7 @@
- *
- */
-
-+ ERR_clear_error();
- if ((r = SSL_write(ssl, offset, toSend)) <= 0) {
- unsigned long err;
-
-@@ -187,6 +188,7 @@
-
- close(ifd);
-
-+ ERR_clear_error();
- if ((r = SSL_write(ssl, s, toSend)) <= 0) {
- unsigned long err;
-
-Index: src/network_freebsd_sendfile.c
-===================================================================
---- src/network_freebsd_sendfile.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/network_freebsd_sendfile.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -166,6 +166,7 @@
- if (-1 == sendfile(c->file.fd, fd, offset, toSend, NULL, &r, 0)) {
- switch(errno) {
- case EAGAIN:
-+ case EINTR:
- break;
- case ENOTCONN:
- return -2;
-@@ -175,7 +176,7 @@
- }
- }
-
-- if (r == 0) {
-+ if (r == 0 && (errno != EAGAIN && errno != EINTR)) {
- int oerrno = errno;
- /* We got an event to write but we wrote nothing
- *
-Index: src/mod_redirect.c
-===================================================================
---- src/mod_redirect.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/mod_redirect.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -215,8 +215,7 @@
-
- start = 0; end = pattern_len;
- for (k = 0; k < pattern_len; k++) {
-- if ((pattern[k] == '$' || pattern[k] == '%') &&
-- isdigit((unsigned char)pattern[k + 1])) {
-+ if (pattern[k] == '$' || pattern[k] == '%') {
- /* got one */
-
- size_t num = pattern[k + 1] - '0';
-@@ -225,7 +224,10 @@
-
- buffer_append_string_len(p->location, pattern + start, end - start);
-
-- if (pattern[k] == '$') {
-+ if (!isdigit((unsigned char)pattern[k + 1])) {
-+ /* enable escape: "%%" => "%", "%a" => "%a", "$$" => "$" */
-+ buffer_append_string_len(p->location, pattern+k, pattern[k] == pattern[k+1] ? 1 : 2);
-+ } else if (pattern[k] == '$') {
- /* n is always > 0 */
- if (num < (size_t)n) {
- buffer_append_string(p->location, list[num]);
-@@ -251,6 +253,7 @@
- response_header_insert(srv, con, CONST_STR_LEN("Location"), CONST_BUF_LEN(p->location));
-
- con->http_status = 301;
-+ con->mode = DIRECT;
- con->file_finished = 1;
-
- return HANDLER_FINISHED;
-Index: src/http_auth.c
-===================================================================
---- src/http_auth.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/http_auth.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -697,7 +697,7 @@
- }
- } else if (p->conf.auth_backend == AUTH_BACKEND_LDAP) {
- #ifdef USE_LDAP
-- LDAP *ldap;
-+ LDAP *ldap = NULL;
- LDAPMessage *lm, *first;
- char *dn;
- int ret;
-@@ -742,39 +742,56 @@
- buffer_append_string_buffer(p->ldap_filter, username);
- buffer_append_string_buffer(p->ldap_filter, p->conf.ldap_filter_post);
-
--
- /* 2. */
- if (p->conf.ldap == NULL ||
- LDAP_SUCCESS != (ret = ldap_search_s(p->conf.ldap, p->conf.auth_ldap_basedn->ptr, LDAP_SCOPE_SUBTREE, p->ldap_filter->ptr, attrs, 0, &lm))) {
-- if (auth_ldap_init(srv, &p->conf) != HANDLER_GO_ON)
-- return -1;
-- if (LDAP_SUCCESS != (ret = ldap_search_s(p->conf.ldap, p->conf.auth_ldap_basedn->ptr, LDAP_SCOPE_SUBTREE, p->ldap_filter->ptr, attrs, 0, &lm))) {
-+ /* try again if ldap was only temporary down */
-+ if (p->conf.ldap == NULL || ret != LDAP_SERVER_DOWN || LDAP_SUCCESS != (ret = ldap_search_s(p->conf.ldap, p->conf.auth_ldap_basedn->ptr, LDAP_SCOPE_SUBTREE, p->ldap_filter->ptr, attrs, 0, &lm))) {
-+ if (auth_ldap_init(srv, &p->conf) != HANDLER_GO_ON)
-+ return -1;
-
-- log_error_write(srv, __FILE__, __LINE__, "sssb",
-- "ldap:", ldap_err2string(ret), "filter:", p->ldap_filter);
--
-- return -1;
-+ ldap = p->conf.ldap; /* save temporary ldap connection (TODO: redo ldap) */
-+ if (LDAP_SUCCESS != (ret = ldap_search_s(p->conf.ldap, p->conf.auth_ldap_basedn->ptr, LDAP_SCOPE_SUBTREE, p->ldap_filter->ptr, attrs, 0, &lm))) {
-+ log_error_write(srv, __FILE__, __LINE__, "sssb",
-+ "ldap:", ldap_err2string(ret), "filter:", p->ldap_filter);
-+ /* destroy temporary ldap connection (TODO: redo ldap) */
-+ ldap_unbind_s(ldap);
-+ return -1;
-+ }
- }
- }
-
- if (NULL == (first = ldap_first_entry(p->conf.ldap, lm))) {
-- log_error_write(srv, __FILE__, __LINE__, "s", "ldap ...");
-+ /* No matching entry is not an error */
-+ /* log_error_write(srv, __FILE__, __LINE__, "s", "ldap ..."); */
-
- ldap_msgfree(lm);
-
-+ /* destroy temporary ldap connection (TODO: redo ldap) */
-+ if (NULL != ldap) {
-+ ldap_unbind_s(ldap);
-+ }
- return -1;
- }
-
- if (NULL == (dn = ldap_get_dn(p->conf.ldap, first))) {
-- log_error_write(srv, __FILE__, __LINE__, "s", "ldap ...");
-+ log_error_write(srv, __FILE__, __LINE__, "s", "ldap: ldap_get_dn failed");
-
- ldap_msgfree(lm);
-
-+ /* destroy temporary ldap connection (TODO: redo ldap) */
-+ if (NULL != ldap) {
-+ ldap_unbind_s(ldap);
-+ }
- return -1;
- }
-
- ldap_msgfree(lm);
-
-+ /* destroy temporary ldap connection (TODO: redo ldap) */
-+ if (NULL != ldap) {
-+ ldap_unbind_s(ldap);
-+ }
-
- /* 3. */
- if (NULL == (ldap = ldap_init(p->conf.auth_ldap_hostname->ptr, LDAP_PORT))) {
-Index: src/mod_usertrack.c
-===================================================================
---- src/mod_usertrack.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/mod_usertrack.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -103,7 +103,7 @@
- }
-
- if (buffer_is_empty(s->cookie_name)) {
-- buffer_copy_string(s->cookie_name, "TRACKID");
-+ buffer_copy_string_len(s->cookie_name, CONST_STR_LEN("TRACKID"));
- } else {
- size_t j;
- for (j = 0; j < s->cookie_name->used - 1; j++) {
-@@ -214,9 +214,9 @@
- if (NULL == (ds = (data_string *)array_get_unused_element(con->response.headers, TYPE_STRING))) {
- ds = data_response_init();
- }
-- buffer_copy_string(ds->key, "Set-Cookie");
-+ buffer_copy_string_len(ds->key, CONST_STR_LEN("Set-Cookie"));
- buffer_copy_string_buffer(ds->value, p->conf.cookie_name);
-- buffer_append_string(ds->value, "=");
-+ buffer_append_string_len(ds->value, CONST_STR_LEN("="));
-
-
- /* taken from mod_auth.c */
-@@ -235,16 +235,16 @@
- MD5_Final(h, &Md5Ctx);
-
- buffer_append_string_encoded(ds->value, (char *)h, 16, ENCODING_HEX);
-- buffer_append_string(ds->value, "; Path=/");
-- buffer_append_string(ds->value, "; Version=1");
-+ buffer_append_string_len(ds->value, CONST_STR_LEN("; Path=/"));
-+ buffer_append_string_len(ds->value, CONST_STR_LEN("; Version=1"));
-
- if (!buffer_is_empty(p->conf.cookie_domain)) {
-- buffer_append_string(ds->value, "; Domain=");
-+ buffer_append_string_len(ds->value, CONST_STR_LEN("; Domain="));
- buffer_append_string_encoded(ds->value, CONST_BUF_LEN(p->conf.cookie_domain), ENCODING_REL_URI);
- }
-
- if (p->conf.cookie_max_age) {
-- buffer_append_string(ds->value, "; max-age=");
-+ buffer_append_string_len(ds->value, CONST_STR_LEN("; max-age="));
- buffer_append_long(ds->value, p->conf.cookie_max_age);
- }
-
-Index: src/mod_webdav.c
-===================================================================
---- src/mod_webdav.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/mod_webdav.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -485,23 +485,23 @@
- UNUSED(con);
-
- if (value) {
-- buffer_append_string(b,"<");
-+ buffer_append_string_len(b,CONST_STR_LEN("<"));
- buffer_append_string(b, prop_name);
-- buffer_append_string(b, " xmlns=\"");
-+ buffer_append_string_len(b, CONST_STR_LEN(" xmlns=\""));
- buffer_append_string(b, prop_ns);
-- buffer_append_string(b, "\">");
-+ buffer_append_string_len(b, CONST_STR_LEN("\">"));
-
- buffer_append_string(b, value);
-
-- buffer_append_string(b,"</");
-+ buffer_append_string_len(b,CONST_STR_LEN("</"));
- buffer_append_string(b, prop_name);
-- buffer_append_string(b, ">");
-+ buffer_append_string_len(b, CONST_STR_LEN(">"));
- } else {
-- buffer_append_string(b,"<");
-+ buffer_append_string_len(b,CONST_STR_LEN("<"));
- buffer_append_string(b, prop_name);
-- buffer_append_string(b, " xmlns=\"");
-+ buffer_append_string_len(b, CONST_STR_LEN(" xmlns=\""));
- buffer_append_string(b, prop_ns);
-- buffer_append_string(b, "\"/>");
-+ buffer_append_string_len(b, CONST_STR_LEN("\"/>"));
- }
-
- return 0;
-@@ -511,24 +511,24 @@
- static int webdav_gen_response_status_tag(server *srv, connection *con, physical *dst, int status, buffer *b) {
- UNUSED(srv);
-
-- buffer_append_string(b,"<D:response xmlns:ns0=\"urn:uuid:c2f41010-65b3-11d1-a29f-00aa00c14882/\">\n");
-+ buffer_append_string_len(b,CONST_STR_LEN("<D:response xmlns:ns0=\"urn:uuid:c2f41010-65b3-11d1-a29f-00aa00c14882/\">\n"));
-
-- buffer_append_string(b,"<D:href>\n");
-+ buffer_append_string_len(b,CONST_STR_LEN("<D:href>\n"));
- buffer_append_string_buffer(b, dst->rel_path);
-- buffer_append_string(b,"</D:href>\n");
-- buffer_append_string(b,"<D:status>\n");
-+ buffer_append_string_len(b,CONST_STR_LEN("</D:href>\n"));
-+ buffer_append_string_len(b,CONST_STR_LEN("<D:status>\n"));
-
- if (con->request.http_version == HTTP_VERSION_1_1) {
-- BUFFER_COPY_STRING_CONST(b, "HTTP/1.1 ");
-+ buffer_copy_string_len(b, CONST_STR_LEN("HTTP/1.1 "));
- } else {
-- BUFFER_COPY_STRING_CONST(b, "HTTP/1.0 ");
-+ buffer_copy_string_len(b, CONST_STR_LEN("HTTP/1.0 "));
- }
- buffer_append_long(b, status);
-- BUFFER_APPEND_STRING_CONST(b, " ");
-+ buffer_append_string_len(b, CONST_STR_LEN(" "));
- buffer_append_string(b, get_http_status_name(status));
-
-- buffer_append_string(b,"</D:status>\n");
-- buffer_append_string(b,"</D:response>\n");
-+ buffer_append_string_len(b,CONST_STR_LEN("</D:status>\n"));
-+ buffer_append_string_len(b,CONST_STR_LEN("</D:response>\n"));
-
- return 0;
- }
-@@ -570,6 +570,8 @@
- /* */
- }
- }
-+#else
-+ UNUSED(p);
- #endif
- }
-
-@@ -730,6 +732,8 @@
- }
- }
- }
-+#else
-+ UNUSED(p);
- #endif
- return status;
- }
-@@ -840,12 +844,12 @@
-
- if (0 == strcmp(prop_name, "resourcetype")) {
- if (S_ISDIR(sce->st.st_mode)) {
-- buffer_append_string(b, "<D:resourcetype><D:collection/></D:resourcetype>");
-+ buffer_append_string_len(b, CONST_STR_LEN("<D:resourcetype><D:collection/></D:resourcetype>"));
- found = 1;
- }
- } else if (0 == strcmp(prop_name, "getcontenttype")) {
- if (S_ISDIR(sce->st.st_mode)) {
-- buffer_append_string(b, "<D:getcontenttype>httpd/unix-directory</D:getcontenttype>");
-+ buffer_append_string_len(b, CONST_STR_LEN("<D:getcontenttype>httpd/unix-directory</D:getcontenttype>"));
- found = 1;
- } else if(S_ISREG(sce->st.st_mode)) {
- for (k = 0; k < con->conf.mimetypes->used; k++) {
-@@ -854,9 +858,9 @@
- if (ds->key->used == 0) continue;
-
- if (buffer_is_equal_right_len(dst->path, ds->key, ds->key->used - 1)) {
-- buffer_append_string(b,"<D:getcontenttype>");
-+ buffer_append_string_len(b,CONST_STR_LEN("<D:getcontenttype>"));
- buffer_append_string_buffer(b, ds->value);
-- buffer_append_string(b, "</D:getcontenttype>");
-+ buffer_append_string_len(b, CONST_STR_LEN("</D:getcontenttype>"));
- found = 1;
-
- break;
-@@ -864,26 +868,26 @@
- }
- }
- } else if (0 == strcmp(prop_name, "creationdate")) {
-- buffer_append_string(b, "<D:creationdate ns0:dt=\"dateTime.tz\">");
-+ buffer_append_string_len(b, CONST_STR_LEN("<D:creationdate ns0:dt=\"dateTime.tz\">"));
- strftime(ctime_buf, sizeof(ctime_buf), "%Y-%m-%dT%H:%M:%SZ", gmtime(&(sce->st.st_ctime)));
- buffer_append_string(b, ctime_buf);
-- buffer_append_string(b, "</D:creationdate>");
-+ buffer_append_string_len(b, CONST_STR_LEN("</D:creationdate>"));
- found = 1;
- } else if (0 == strcmp(prop_name, "getlastmodified")) {
-- buffer_append_string(b,"<D:getlastmodified ns0:dt=\"dateTime.rfc1123\">");
-+ buffer_append_string_len(b,CONST_STR_LEN("<D:getlastmodified ns0:dt=\"dateTime.rfc1123\">"));
- strftime(mtime_buf, sizeof(mtime_buf), "%a, %d %b %Y %H:%M:%S GMT", gmtime(&(sce->st.st_mtime)));
- buffer_append_string(b, mtime_buf);
-- buffer_append_string(b, "</D:getlastmodified>");
-+ buffer_append_string_len(b, CONST_STR_LEN("</D:getlastmodified>"));
- found = 1;
- } else if (0 == strcmp(prop_name, "getcontentlength")) {
-- buffer_append_string(b,"<D:getcontentlength>");
-+ buffer_append_string_len(b,CONST_STR_LEN("<D:getcontentlength>"));
- buffer_append_off_t(b, sce->st.st_size);
-- buffer_append_string(b, "</D:getcontentlength>");
-+ buffer_append_string_len(b, CONST_STR_LEN("</D:getcontentlength>"));
- found = 1;
- } else if (0 == strcmp(prop_name, "getcontentlanguage")) {
-- buffer_append_string(b,"<D:getcontentlanguage>");
-- buffer_append_string(b, "en");
-- buffer_append_string(b, "</D:getcontentlanguage>");
-+ buffer_append_string_len(b,CONST_STR_LEN("<D:getcontentlanguage>"));
-+ buffer_append_string_len(b, CONST_STR_LEN("en"));
-+ buffer_append_string_len(b, CONST_STR_LEN("</D:getcontentlanguage>"));
- found = 1;
- }
- }
-@@ -1103,44 +1107,44 @@
-
- b = chunkqueue_get_append_buffer(con->write_queue);
-
-- buffer_copy_string(b, "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n");
-+ buffer_copy_string_len(b, CONST_STR_LEN("<?xml version=\"1.0\" encoding=\"utf-8\"?>\n"));
-
-- buffer_append_string(b,"<D:prop xmlns:D=\"DAV:\" xmlns:ns0=\"urn:uuid:c2f41010-65b3-11d1-a29f-00aa00c14882/\">\n");
-- buffer_append_string(b,"<D:lockdiscovery>\n");
-- buffer_append_string(b,"<D:activelock>\n");
-+ buffer_append_string_len(b,CONST_STR_LEN("<D:prop xmlns:D=\"DAV:\" xmlns:ns0=\"urn:uuid:c2f41010-65b3-11d1-a29f-00aa00c14882/\">\n"));
-+ buffer_append_string_len(b,CONST_STR_LEN("<D:lockdiscovery>\n"));
-+ buffer_append_string_len(b,CONST_STR_LEN("<D:activelock>\n"));
-
-- buffer_append_string(b,"<D:lockscope>");
-- buffer_append_string(b,"<D:");
-+ buffer_append_string_len(b,CONST_STR_LEN("<D:lockscope>"));
-+ buffer_append_string_len(b,CONST_STR_LEN("<D:"));
- buffer_append_string(b, lockscope);
-- buffer_append_string(b, "/>");
-- buffer_append_string(b,"</D:lockscope>\n");
-+ buffer_append_string_len(b, CONST_STR_LEN("/>"));
-+ buffer_append_string_len(b,CONST_STR_LEN("</D:lockscope>\n"));
-
-- buffer_append_string(b,"<D:locktype>");
-- buffer_append_string(b,"<D:");
-+ buffer_append_string_len(b,CONST_STR_LEN("<D:locktype>"));
-+ buffer_append_string_len(b,CONST_STR_LEN("<D:"));
- buffer_append_string(b, locktype);
-- buffer_append_string(b, "/>");
-- buffer_append_string(b,"</D:locktype>\n");
-+ buffer_append_string_len(b, CONST_STR_LEN("/>"));
-+ buffer_append_string_len(b,CONST_STR_LEN("</D:locktype>\n"));
-
-- buffer_append_string(b,"<D:depth>");
-+ buffer_append_string_len(b,CONST_STR_LEN("<D:depth>"));
- buffer_append_string(b, depth == 0 ? "0" : "infinity");
-- buffer_append_string(b,"</D:depth>\n");
-+ buffer_append_string_len(b,CONST_STR_LEN("</D:depth>\n"));
-
-- buffer_append_string(b,"<D:timeout>");
-- buffer_append_string(b, "Second-600");
-- buffer_append_string(b,"</D:timeout>\n");
-+ buffer_append_string_len(b,CONST_STR_LEN("<D:timeout>"));
-+ buffer_append_string_len(b, CONST_STR_LEN("Second-600"));
-+ buffer_append_string_len(b,CONST_STR_LEN("</D:timeout>\n"));
-
-- buffer_append_string(b,"<D:owner>");
-- buffer_append_string(b,"</D:owner>\n");
-+ buffer_append_string_len(b,CONST_STR_LEN("<D:owner>"));
-+ buffer_append_string_len(b,CONST_STR_LEN("</D:owner>\n"));
-
-- buffer_append_string(b,"<D:locktoken>");
-- buffer_append_string(b, "<D:href>");
-+ buffer_append_string_len(b,CONST_STR_LEN("<D:locktoken>"));
-+ buffer_append_string_len(b, CONST_STR_LEN("<D:href>"));
- buffer_append_string_buffer(b, locktoken);
-- buffer_append_string(b, "</D:href>");
-- buffer_append_string(b,"</D:locktoken>\n");
-+ buffer_append_string_len(b, CONST_STR_LEN("</D:href>"));
-+ buffer_append_string_len(b,CONST_STR_LEN("</D:locktoken>\n"));
-
-- buffer_append_string(b,"</D:activelock>\n");
-- buffer_append_string(b,"</D:lockdiscovery>\n");
-- buffer_append_string(b,"</D:prop>\n");
-+ buffer_append_string_len(b,CONST_STR_LEN("</D:activelock>\n"));
-+ buffer_append_string_len(b,CONST_STR_LEN("</D:lockdiscovery>\n"));
-+ buffer_append_string_len(b,CONST_STR_LEN("</D:prop>\n"));
-
- return 0;
- }
-@@ -1154,6 +1158,7 @@
- int has_lock = 1;
-
- #ifdef USE_LOCKS
-+ UNUSED(srv);
- data_string *ds;
-
- /**
-@@ -1192,6 +1197,11 @@
- has_lock = 0;
- }
- }
-+#else
-+ UNUSED(srv);
-+ UNUSED(con);
-+ UNUSED(p);
-+ UNUSED(uri);
- #endif
-
- return has_lock;
-@@ -1334,9 +1344,9 @@
-
- b = chunkqueue_get_append_buffer(con->write_queue);
-
-- buffer_copy_string(b, "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n");
-+ buffer_copy_string_len(b, CONST_STR_LEN("<?xml version=\"1.0\" encoding=\"utf-8\"?>\n"));
-
-- buffer_append_string(b,"<D:multistatus xmlns:D=\"DAV:\" xmlns:ns0=\"urn:uuid:c2f41010-65b3-11d1-a29f-00aa00c14882/\">\n");
-+ buffer_append_string_len(b,CONST_STR_LEN("<D:multistatus xmlns:D=\"DAV:\" xmlns:ns0=\"urn:uuid:c2f41010-65b3-11d1-a29f-00aa00c14882/\">\n"));
-
- /* allprop */
-
-@@ -1348,40 +1358,40 @@
- /* Depth: 0 */
- webdav_get_props(srv, con, p, &(con->physical), req_props, prop_200, prop_404);
-
-- buffer_append_string(b,"<D:response>\n");
-- buffer_append_string(b,"<D:href>");
-+ buffer_append_string_len(b,CONST_STR_LEN("<D:response>\n"));
-+ buffer_append_string_len(b,CONST_STR_LEN("<D:href>"));
- buffer_append_string_buffer(b, con->uri.scheme);
-- buffer_append_string(b,"://");
-+ buffer_append_string_len(b,CONST_STR_LEN("://"));
- buffer_append_string_buffer(b, con->uri.authority);
- buffer_append_string_encoded(b, CONST_BUF_LEN(con->uri.path), ENCODING_REL_URI);
-- buffer_append_string(b,"</D:href>\n");
-+ buffer_append_string_len(b,CONST_STR_LEN("</D:href>\n"));
-
- if (!buffer_is_empty(prop_200)) {
-- buffer_append_string(b,"<D:propstat>\n");
-- buffer_append_string(b,"<D:prop>\n");
-+ buffer_append_string_len(b,CONST_STR_LEN("<D:propstat>\n"));
-+ buffer_append_string_len(b,CONST_STR_LEN("<D:prop>\n"));
-
- buffer_append_string_buffer(b, prop_200);
-
-- buffer_append_string(b,"</D:prop>\n");
-+ buffer_append_string_len(b,CONST_STR_LEN("</D:prop>\n"));
-
-- buffer_append_string(b,"<D:status>HTTP/1.1 200 OK</D:status>\n");
-+ buffer_append_string_len(b,CONST_STR_LEN("<D:status>HTTP/1.1 200 OK</D:status>\n"));
-
-- buffer_append_string(b,"</D:propstat>\n");
-+ buffer_append_string_len(b,CONST_STR_LEN("</D:propstat>\n"));
- }
- if (!buffer_is_empty(prop_404)) {
-- buffer_append_string(b,"<D:propstat>\n");
-- buffer_append_string(b,"<D:prop>\n");
-+ buffer_append_string_len(b,CONST_STR_LEN("<D:propstat>\n"));
-+ buffer_append_string_len(b,CONST_STR_LEN("<D:prop>\n"));
-
- buffer_append_string_buffer(b, prop_404);
-
-- buffer_append_string(b,"</D:prop>\n");
-+ buffer_append_string_len(b,CONST_STR_LEN("</D:prop>\n"));
-
-- buffer_append_string(b,"<D:status>HTTP/1.1 404 Not Found</D:status>\n");
-+ buffer_append_string_len(b,CONST_STR_LEN("<D:status>HTTP/1.1 404 Not Found</D:status>\n"));
-
-- buffer_append_string(b,"</D:propstat>\n");
-+ buffer_append_string_len(b,CONST_STR_LEN("</D:propstat>\n"));
- }
-
-- buffer_append_string(b,"</D:response>\n");
-+ buffer_append_string_len(b,CONST_STR_LEN("</D:response>\n"));
-
- break;
- case 1:
-@@ -1417,40 +1427,40 @@
-
- webdav_get_props(srv, con, p, &d, req_props, prop_200, prop_404);
-
-- buffer_append_string(b,"<D:response>\n");
-- buffer_append_string(b,"<D:href>");
-+ buffer_append_string_len(b,CONST_STR_LEN("<D:response>\n"));
-+ buffer_append_string_len(b,CONST_STR_LEN("<D:href>"));
- buffer_append_string_buffer(b, con->uri.scheme);
-- buffer_append_string(b,"://");
-+ buffer_append_string_len(b,CONST_STR_LEN("://"));
- buffer_append_string_buffer(b, con->uri.authority);
- buffer_append_string_encoded(b, CONST_BUF_LEN(d.rel_path), ENCODING_REL_URI);
-- buffer_append_string(b,"</D:href>\n");
-+ buffer_append_string_len(b,CONST_STR_LEN("</D:href>\n"));
-
- if (!buffer_is_empty(prop_200)) {
-- buffer_append_string(b,"<D:propstat>\n");
-- buffer_append_string(b,"<D:prop>\n");
-+ buffer_append_string_len(b,CONST_STR_LEN("<D:propstat>\n"));
-+ buffer_append_string_len(b,CONST_STR_LEN("<D:prop>\n"));
-
- buffer_append_string_buffer(b, prop_200);
-
-- buffer_append_string(b,"</D:prop>\n");
-+ buffer_append_string_len(b,CONST_STR_LEN("</D:prop>\n"));
-
-- buffer_append_string(b,"<D:status>HTTP/1.1 200 OK</D:status>\n");
-+ buffer_append_string_len(b,CONST_STR_LEN("<D:status>HTTP/1.1 200 OK</D:status>\n"));
-
-- buffer_append_string(b,"</D:propstat>\n");
-+ buffer_append_string_len(b,CONST_STR_LEN("</D:propstat>\n"));
- }
- if (!buffer_is_empty(prop_404)) {
-- buffer_append_string(b,"<D:propstat>\n");
-- buffer_append_string(b,"<D:prop>\n");
-+ buffer_append_string_len(b,CONST_STR_LEN("<D:propstat>\n"));
-+ buffer_append_string_len(b,CONST_STR_LEN("<D:prop>\n"));
-
- buffer_append_string_buffer(b, prop_404);
-
-- buffer_append_string(b,"</D:prop>\n");
-+ buffer_append_string_len(b,CONST_STR_LEN("</D:prop>\n"));
-
-- buffer_append_string(b,"<D:status>HTTP/1.1 404 Not Found</D:status>\n");
-+ buffer_append_string_len(b,CONST_STR_LEN("<D:status>HTTP/1.1 404 Not Found</D:status>\n"));
-
-- buffer_append_string(b,"</D:propstat>\n");
-+ buffer_append_string_len(b,CONST_STR_LEN("</D:propstat>\n"));
- }
-
-- buffer_append_string(b,"</D:response>\n");
-+ buffer_append_string_len(b,CONST_STR_LEN("</D:response>\n"));
- }
- closedir(dir);
- buffer_free(d.path);
-@@ -1473,7 +1483,7 @@
- buffer_free(prop_200);
- buffer_free(prop_404);
-
-- buffer_append_string(b,"</D:multistatus>\n");
-+ buffer_append_string_len(b,CONST_STR_LEN("</D:multistatus>\n"));
-
- if (p->conf.log_xml) {
- log_error_write(srv, __FILE__, __LINE__, "sb", "XML-response-body:", b);
-@@ -1548,13 +1558,13 @@
-
- b = chunkqueue_get_append_buffer(con->write_queue);
-
-- buffer_copy_string(b, "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n");
-+ buffer_copy_string_len(b, CONST_STR_LEN("<?xml version=\"1.0\" encoding=\"utf-8\"?>\n"));
-
-- buffer_append_string(b,"<D:multistatus xmlns:D=\"DAV:\">\n");
-+ buffer_append_string_len(b,CONST_STR_LEN("<D:multistatus xmlns:D=\"DAV:\">\n"));
-
- buffer_append_string_buffer(b, multi_status_resp);
-
-- buffer_append_string(b,"</D:multistatus>\n");
-+ buffer_append_string_len(b,CONST_STR_LEN("</D:multistatus>\n"));
-
- if (p->conf.log_xml) {
- log_error_write(srv, __FILE__, __LINE__, "sb", "XML-response-body:", b);
-@@ -2286,7 +2296,7 @@
- uuid_generate(id);
- uuid_unparse(id, uuid);
-
-- buffer_copy_string(p->tmp_buf, "opaquelocktoken:");
-+ buffer_copy_string_len(p->tmp_buf, CONST_STR_LEN("opaquelocktoken:"));
- buffer_append_string(p->tmp_buf, uuid);
-
- /* "CREATE TABLE locks ("
-Index: src/configparser.y
-===================================================================
---- src/configparser.y (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/configparser.y (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -21,6 +21,10 @@
- dc->parent = ctx->current;
- array_insert_unique(dc->parent->childs, (data_unset *)dc);
- }
-+ if (ctx->configs_stack->used > 0 && ctx->current->context_ndx == 0) {
-+ fprintf(stderr, "Cannot use conditionals inside a global { ... } block\n");
-+ exit(-1);
-+ }
- array_insert_unique(ctx->configs_stack, (data_unset *)ctx->current);
- ctx->current = dc;
- }
-Index: src/mod_status.c
-===================================================================
---- src/mod_status.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/mod_status.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -143,24 +143,24 @@
-
-
- static int mod_status_row_append(buffer *b, const char *key, const char *value) {
-- BUFFER_APPEND_STRING_CONST(b, " <tr>\n");
-- BUFFER_APPEND_STRING_CONST(b, " <td><b>");
-+ buffer_append_string_len(b, CONST_STR_LEN(" <tr>\n"));
-+ buffer_append_string_len(b, CONST_STR_LEN(" <td><b>"));
- buffer_append_string(b, key);
-- BUFFER_APPEND_STRING_CONST(b, "</b></td>\n");
-- BUFFER_APPEND_STRING_CONST(b, " <td>");
-+ buffer_append_string_len(b, CONST_STR_LEN("</b></td>\n"));
-+ buffer_append_string_len(b, CONST_STR_LEN(" <td>"));
- buffer_append_string(b, value);
-- BUFFER_APPEND_STRING_CONST(b, "</td>\n");
-- BUFFER_APPEND_STRING_CONST(b, " </tr>\n");
-+ buffer_append_string_len(b, CONST_STR_LEN("</td>\n"));
-+ buffer_append_string_len(b, CONST_STR_LEN(" </tr>\n"));
-
- return 0;
- }
-
- static int mod_status_header_append(buffer *b, const char *key) {
-- BUFFER_APPEND_STRING_CONST(b, " <tr>\n");
-- BUFFER_APPEND_STRING_CONST(b, " <th colspan=\"2\">");
-+ buffer_append_string_len(b, CONST_STR_LEN(" <tr>\n"));
-+ buffer_append_string_len(b, CONST_STR_LEN(" <th colspan=\"2\">"));
- buffer_append_string(b, key);
-- BUFFER_APPEND_STRING_CONST(b, "</th>\n");
-- BUFFER_APPEND_STRING_CONST(b, " </tr>\n");
-+ buffer_append_string_len(b, CONST_STR_LEN("</th>\n"));
-+ buffer_append_string_len(b, CONST_STR_LEN(" </tr>\n"));
-
- return 0;
- }
-@@ -169,13 +169,13 @@
- plugin_data *p = p_d;
-
- if (p->conf.sort) {
-- BUFFER_APPEND_STRING_CONST(b, "<th class=\"status\"><a href=\"#\" class=\"sortheader\" onclick=\"resort(this);return false;\">");
-+ buffer_append_string_len(b, CONST_STR_LEN("<th class=\"status\"><a href=\"#\" class=\"sortheader\" onclick=\"resort(this);return false;\">"));
- buffer_append_string(b, key);
-- BUFFER_APPEND_STRING_CONST(b, "<span class=\"sortarrow\">:</span></a></th>\n");
-+ buffer_append_string_len(b, CONST_STR_LEN("<span class=\"sortarrow\">:</span></a></th>\n"));
- } else {
-- BUFFER_APPEND_STRING_CONST(b, "<th class=\"status\">");
-+ buffer_append_string_len(b, CONST_STR_LEN("<th class=\"status\">"));
- buffer_append_string(b, key);
-- BUFFER_APPEND_STRING_CONST(b, "</th>\n");
-+ buffer_append_string_len(b, CONST_STR_LEN("</th>\n"));
- }
-
- return 0;
-@@ -209,15 +209,14 @@
-
- b = chunkqueue_get_append_buffer(con->write_queue);
-
-- BUFFER_COPY_STRING_CONST(b,
-+ buffer_copy_string_len(b, CONST_STR_LEN(
- "<?xml version=\"1.0\" encoding=\"iso-8859-1\"?>\n"
- "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"\n"
- " \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n"
- "<html xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"en\" lang=\"en\">\n"
- " <head>\n"
-- " <title>Status</title>\n");
-+ " <title>Status</title>\n"
-
-- BUFFER_APPEND_STRING_CONST(b,
- " <style type=\"text/css\">\n"
- " table.status { border: black solid thin; }\n"
- " td { white-space: nowrap; }\n"
-@@ -226,16 +225,15 @@
- " th.status { background-color: black; color: white; font-weight: bold; }\n"
- " a.sortheader { background-color: black; color: white; font-weight: bold; text-decoration: none; display: block; }\n"
- " span.sortarrow { color: white; text-decoration: none; }\n"
-- " </style>\n");
-+ " </style>\n"));
-
- if (p->conf.sort) {
-- BUFFER_APPEND_STRING_CONST(b,
-+ buffer_append_string_len(b, CONST_STR_LEN(
- "<script type=\"text/javascript\">\n"
- "// <!--\n"
- "var sort_column;\n"
-- "var prev_span = null;\n");
-+ "var prev_span = null;\n"
-
-- BUFFER_APPEND_STRING_CONST(b,
- "function get_inner_text(el) {\n"
- " if((typeof el == 'string')||(typeof el == 'undefined'))\n"
- " return el;\n"
-@@ -251,9 +249,8 @@
- " }\n"
- " }\n"
- " return str;\n"
-- "}\n");
-+ "}\n"
-
-- BUFFER_APPEND_STRING_CONST(b,
- "function sortfn(a,b) {\n"
- " var at = get_inner_text(a.cells[sort_column]);\n"
- " var bt = get_inner_text(b.cells[sort_column]);\n"
-@@ -266,9 +263,8 @@
- " else if (aa<bb) return -1;\n"
- " else return 1;\n"
- " }\n"
-- "}\n");
-+ "}\n"
-
-- BUFFER_APPEND_STRING_CONST(b,
- "function resort(lnk) {\n"
- " var span = lnk.childNodes[1];\n"
- " var table = lnk.parentNode.parentNode.parentNode.parentNode;\n"
-@@ -276,9 +272,8 @@
- " for (j=1;j<table.rows.length;j++)\n"
- " rows[j-1] = table.rows[j];\n"
- " sort_column = lnk.parentNode.cellIndex;\n"
-- " rows.sort(sortfn);\n");
-+ " rows.sort(sortfn);\n"
-
-- BUFFER_APPEND_STRING_CONST(b,
- " if (prev_span != null) prev_span.innerHTML = '';\n"
- " if (span.getAttribute('sortdir')=='down') {\n"
- " span.innerHTML = '↑';\n"
-@@ -293,25 +288,25 @@
- " prev_span = span;\n"
- "}\n"
- "// -->\n"
-- "</script>\n");
-+ "</script>\n"));
- }
-
-- BUFFER_APPEND_STRING_CONST(b,
-+ buffer_append_string_len(b, CONST_STR_LEN(
- " </head>\n"
-- " <body>\n");
-+ " <body>\n"));
-
-
-
- /* connection listing */
-- BUFFER_APPEND_STRING_CONST(b, "<h1>Server-Status</h1>");
-+ buffer_append_string_len(b, CONST_STR_LEN("<h1>Server-Status</h1>"));
-
-- BUFFER_APPEND_STRING_CONST(b, "<table summary=\"status\" class=\"status\">");
-- BUFFER_APPEND_STRING_CONST(b, "<tr><td>Hostname</td><td class=\"string\">");
-+ buffer_append_string_len(b, CONST_STR_LEN("<table summary=\"status\" class=\"status\">"));
-+ buffer_append_string_len(b, CONST_STR_LEN("<tr><td>Hostname</td><td class=\"string\">"));
- buffer_append_string_buffer(b, con->uri.authority);
-- BUFFER_APPEND_STRING_CONST(b, " (");
-+ buffer_append_string_len(b, CONST_STR_LEN(" ("));
- buffer_append_string_buffer(b, con->server_name);
-- BUFFER_APPEND_STRING_CONST(b, ")</td></tr>\n");
-- BUFFER_APPEND_STRING_CONST(b, "<tr><td>Uptime</td><td class=\"string\">");
-+ buffer_append_string_len(b, CONST_STR_LEN(")</td></tr>\n"));
-+ buffer_append_string_len(b, CONST_STR_LEN("<tr><td>Uptime</td><td class=\"string\">"));
-
- ts = srv->cur_ts - srv->startup_ts;
-
-@@ -328,98 +323,98 @@
-
- if (days) {
- buffer_append_long(b, days);
-- BUFFER_APPEND_STRING_CONST(b, " days ");
-+ buffer_append_string_len(b, CONST_STR_LEN(" days "));
- }
-
- if (hours) {
- buffer_append_long(b, hours);
-- BUFFER_APPEND_STRING_CONST(b, " hours ");
-+ buffer_append_string_len(b, CONST_STR_LEN(" hours "));
- }
-
- if (mins) {
- buffer_append_long(b, mins);
-- BUFFER_APPEND_STRING_CONST(b, " min ");
-+ buffer_append_string_len(b, CONST_STR_LEN(" min "));
- }
-
- buffer_append_long(b, seconds);
-- BUFFER_APPEND_STRING_CONST(b, " s");
-+ buffer_append_string_len(b, CONST_STR_LEN(" s"));
-
-- BUFFER_APPEND_STRING_CONST(b, "</td></tr>\n");
-- BUFFER_APPEND_STRING_CONST(b, "<tr><td>Started at</td><td class=\"string\">");
-+ buffer_append_string_len(b, CONST_STR_LEN("</td></tr>\n"));
-+ buffer_append_string_len(b, CONST_STR_LEN("<tr><td>Started at</td><td class=\"string\">"));
-
- ts = srv->startup_ts;
-
- strftime(buf, sizeof(buf) - 1, "%Y-%m-%d %H:%M:%S", localtime(&ts));
- buffer_append_string(b, buf);
-- BUFFER_APPEND_STRING_CONST(b, "</td></tr>\n");
-+ buffer_append_string_len(b, CONST_STR_LEN("</td></tr>\n"));
-
-
-- BUFFER_APPEND_STRING_CONST(b, "<tr><th colspan=\"2\">absolute (since start)</th></tr>\n");
-+ buffer_append_string_len(b, CONST_STR_LEN("<tr><th colspan=\"2\">absolute (since start)</th></tr>\n"));
-
-- BUFFER_APPEND_STRING_CONST(b, "<tr><td>Requests</td><td class=\"string\">");
-+ buffer_append_string_len(b, CONST_STR_LEN("<tr><td>Requests</td><td class=\"string\">"));
- avg = p->abs_requests;
-
- mod_status_get_multiplier(&avg, &multiplier, 1000);
-
- buffer_append_long(b, avg);
-- BUFFER_APPEND_STRING_CONST(b, " ");
-+ buffer_append_string_len(b, CONST_STR_LEN(" "));
- if (multiplier) buffer_append_string_len(b, &multiplier, 1);
-- BUFFER_APPEND_STRING_CONST(b, "req</td></tr>\n");
-+ buffer_append_string_len(b, CONST_STR_LEN("req</td></tr>\n"));
-
-- BUFFER_APPEND_STRING_CONST(b, "<tr><td>Traffic</td><td class=\"string\">");
-+ buffer_append_string_len(b, CONST_STR_LEN("<tr><td>Traffic</td><td class=\"string\">"));
- avg = p->abs_traffic_out;
-
- mod_status_get_multiplier(&avg, &multiplier, 1024);
-
- sprintf(buf, "%.2f", avg);
- buffer_append_string(b, buf);
-- BUFFER_APPEND_STRING_CONST(b, " ");
-+ buffer_append_string_len(b, CONST_STR_LEN(" "));
- if (multiplier) buffer_append_string_len(b, &multiplier, 1);
-- BUFFER_APPEND_STRING_CONST(b, "byte</td></tr>\n");
-+ buffer_append_string_len(b, CONST_STR_LEN("byte</td></tr>\n"));
-
-
-
-- BUFFER_APPEND_STRING_CONST(b, "<tr><th colspan=\"2\">average (since start)</th></tr>\n");
-+ buffer_append_string_len(b, CONST_STR_LEN("<tr><th colspan=\"2\">average (since start)</th></tr>\n"));
-
-- BUFFER_APPEND_STRING_CONST(b, "<tr><td>Requests</td><td class=\"string\">");
-+ buffer_append_string_len(b, CONST_STR_LEN("<tr><td>Requests</td><td class=\"string\">"));
- avg = p->abs_requests / (srv->cur_ts - srv->startup_ts);
-
- mod_status_get_multiplier(&avg, &multiplier, 1000);
-
- buffer_append_long(b, avg);
-- BUFFER_APPEND_STRING_CONST(b, " ");
-+ buffer_append_string_len(b, CONST_STR_LEN(" "));
- if (multiplier) buffer_append_string_len(b, &multiplier, 1);
-- BUFFER_APPEND_STRING_CONST(b, "req/s</td></tr>\n");
-+ buffer_append_string_len(b, CONST_STR_LEN("req/s</td></tr>\n"));
-
-- BUFFER_APPEND_STRING_CONST(b, "<tr><td>Traffic</td><td class=\"string\">");
-+ buffer_append_string_len(b, CONST_STR_LEN("<tr><td>Traffic</td><td class=\"string\">"));
- avg = p->abs_traffic_out / (srv->cur_ts - srv->startup_ts);
-
- mod_status_get_multiplier(&avg, &multiplier, 1024);
-
- sprintf(buf, "%.2f", avg);
- buffer_append_string(b, buf);
-- BUFFER_APPEND_STRING_CONST(b, " ");
-+ buffer_append_string_len(b, CONST_STR_LEN(" "));
- if (multiplier) buffer_append_string_len(b, &multiplier, 1);
-- BUFFER_APPEND_STRING_CONST(b, "byte/s</td></tr>\n");
-+ buffer_append_string_len(b, CONST_STR_LEN("byte/s</td></tr>\n"));
-
-
-
-- BUFFER_APPEND_STRING_CONST(b, "<tr><th colspan=\"2\">average (5s sliding average)</th></tr>\n");
-+ buffer_append_string_len(b, CONST_STR_LEN("<tr><th colspan=\"2\">average (5s sliding average)</th></tr>\n"));
- for (j = 0, avg = 0; j < 5; j++) {
- avg += p->mod_5s_requests[j];
- }
-
- avg /= 5;
-
-- BUFFER_APPEND_STRING_CONST(b, "<tr><td>Requests</td><td class=\"string\">");
-+ buffer_append_string_len(b, CONST_STR_LEN("<tr><td>Requests</td><td class=\"string\">"));
-
- mod_status_get_multiplier(&avg, &multiplier, 1000);
-
- buffer_append_long(b, avg);
-- BUFFER_APPEND_STRING_CONST(b, " ");
-+ buffer_append_string_len(b, CONST_STR_LEN(" "));
- if (multiplier) buffer_append_string_len(b, &multiplier, 1);
-
-- BUFFER_APPEND_STRING_CONST(b, "req/s</td></tr>\n");
-+ buffer_append_string_len(b, CONST_STR_LEN("req/s</td></tr>\n"));
-
- for (j = 0, avg = 0; j < 5; j++) {
- avg += p->mod_5s_traffic_out[j];
-@@ -427,28 +422,29 @@
-
- avg /= 5;
-
-- BUFFER_APPEND_STRING_CONST(b, "<tr><td>Traffic</td><td class=\"string\">");
-+ buffer_append_string_len(b, CONST_STR_LEN("<tr><td>Traffic</td><td class=\"string\">"));
-
- mod_status_get_multiplier(&avg, &multiplier, 1024);
-
- sprintf(buf, "%.2f", avg);
- buffer_append_string(b, buf);
-- BUFFER_APPEND_STRING_CONST(b, " ");
-+ buffer_append_string_len(b, CONST_STR_LEN(" "));
- if (multiplier) buffer_append_string_len(b, &multiplier, 1);
-- BUFFER_APPEND_STRING_CONST(b, "byte/s</td></tr>\n");
-+ buffer_append_string_len(b, CONST_STR_LEN("byte/s</td></tr>\n"));
-
-- BUFFER_APPEND_STRING_CONST(b, "</table>\n");
-+ buffer_append_string_len(b, CONST_STR_LEN("</table>\n"));
-
-
-- BUFFER_APPEND_STRING_CONST(b, "<hr />\n<pre><b>legend</b>\n");
-- BUFFER_APPEND_STRING_CONST(b, ". = connect, C = close, E = hard error\n");
-- BUFFER_APPEND_STRING_CONST(b, "r = read, R = read-POST, W = write, h = handle-request\n");
-- BUFFER_APPEND_STRING_CONST(b, "q = request-start, Q = request-end\n");
-- BUFFER_APPEND_STRING_CONST(b, "s = response-start, S = response-end\n");
-+ buffer_append_string_len(b, CONST_STR_LEN(
-+ "<hr />\n<pre><b>legend</b>\n"
-+ ". = connect, C = close, E = hard error\n"
-+ "r = read, R = read-POST, W = write, h = handle-request\n"
-+ "q = request-start, Q = request-end\n"
-+ "s = response-start, S = response-end\n"));
-
-- BUFFER_APPEND_STRING_CONST(b, "<b>");
-+ buffer_append_string_len(b, CONST_STR_LEN("<b>"));
- buffer_append_long(b, srv->conns->used);
-- BUFFER_APPEND_STRING_CONST(b, " connections</b>\n");
-+ buffer_append_string_len(b, CONST_STR_LEN(" connections</b>\n"));
-
- for (j = 0; j < srv->conns->used; j++) {
- connection *c = srv->conns->ptr[j];
-@@ -457,14 +453,14 @@
- buffer_append_string_len(b, state, 1);
-
- if (((j + 1) % 50) == 0) {
-- BUFFER_APPEND_STRING_CONST(b, "\n");
-+ buffer_append_string_len(b, CONST_STR_LEN("\n"));
- }
- }
-
-- BUFFER_APPEND_STRING_CONST(b, "\n</pre><hr />\n<h2>Connections</h2>\n");
-+ buffer_append_string_len(b, CONST_STR_LEN("\n</pre><hr />\n<h2>Connections</h2>\n"));
-
-- BUFFER_APPEND_STRING_CONST(b, "<table summary=\"status\" class=\"status\">\n");
-- BUFFER_APPEND_STRING_CONST(b, "<tr>");
-+ buffer_append_string_len(b, CONST_STR_LEN("<table summary=\"status\" class=\"status\">\n"));
-+ buffer_append_string_len(b, CONST_STR_LEN("<tr>"));
- mod_status_header_append_sort(b, p_d, "Client IP");
- mod_status_header_append_sort(b, p_d, "Read");
- mod_status_header_append_sort(b, p_d, "Written");
-@@ -473,40 +469,40 @@
- mod_status_header_append_sort(b, p_d, "Host");
- mod_status_header_append_sort(b, p_d, "URI");
- mod_status_header_append_sort(b, p_d, "File");
-- BUFFER_APPEND_STRING_CONST(b, "</tr>\n");
-+ buffer_append_string_len(b, CONST_STR_LEN("</tr>\n"));
-
- for (j = 0; j < srv->conns->used; j++) {
- connection *c = srv->conns->ptr[j];
-
-- BUFFER_APPEND_STRING_CONST(b, "<tr><td class=\"string\">");
-+ buffer_append_string_len(b, CONST_STR_LEN("<tr><td class=\"string\">"));
-
- buffer_append_string(b, inet_ntop_cache_get_ip(srv, &(c->dst_addr)));
-
-- BUFFER_APPEND_STRING_CONST(b, "</td><td class=\"int\">");
-+ buffer_append_string_len(b, CONST_STR_LEN("</td><td class=\"int\">"));
-
- if (con->request.content_length) {
- buffer_append_long(b, c->request_content_queue->bytes_in);
-- BUFFER_APPEND_STRING_CONST(b, "/");
-+ buffer_append_string_len(b, CONST_STR_LEN("/"));
- buffer_append_long(b, c->request.content_length);
- } else {
-- BUFFER_APPEND_STRING_CONST(b, "0/0");
-+ buffer_append_string_len(b, CONST_STR_LEN("0/0"));
- }
-
-- BUFFER_APPEND_STRING_CONST(b, "</td><td class=\"int\">");
-+ buffer_append_string_len(b, CONST_STR_LEN("</td><td class=\"int\">"));
-
- buffer_append_off_t(b, chunkqueue_written(c->write_queue));
-- BUFFER_APPEND_STRING_CONST(b, "/");
-+ buffer_append_string_len(b, CONST_STR_LEN("/"));
- buffer_append_off_t(b, chunkqueue_length(c->write_queue));
-
-- BUFFER_APPEND_STRING_CONST(b, "</td><td class=\"string\">");
-+ buffer_append_string_len(b, CONST_STR_LEN("</td><td class=\"string\">"));
-
- buffer_append_string(b, connection_get_state(c->state));
-
-- BUFFER_APPEND_STRING_CONST(b, "</td><td class=\"int\">");
-+ buffer_append_string_len(b, CONST_STR_LEN("</td><td class=\"int\">"));
-
- buffer_append_long(b, srv->cur_ts - c->request_start);
-
-- BUFFER_APPEND_STRING_CONST(b, "</td><td class=\"string\">");
-+ buffer_append_string_len(b, CONST_STR_LEN("</td><td class=\"string\">"));
-
- if (buffer_is_empty(c->server_name)) {
- buffer_append_string_buffer(b, c->uri.authority);
-@@ -515,38 +511,38 @@
- buffer_append_string_buffer(b, c->server_name);
- }
-
-- BUFFER_APPEND_STRING_CONST(b, "</td><td class=\"string\">");
-+ buffer_append_string_len(b, CONST_STR_LEN("</td><td class=\"string\">"));
-
- if (!buffer_is_empty(c->uri.path)) {
- buffer_append_string_encoded(b, CONST_BUF_LEN(c->uri.path), ENCODING_HTML);
- }
-
- if (!buffer_is_empty(c->uri.query)) {
-- BUFFER_APPEND_STRING_CONST(b, "?");
-+ buffer_append_string_len(b, CONST_STR_LEN("?"));
- buffer_append_string_encoded(b, CONST_BUF_LEN(c->uri.query), ENCODING_HTML);
- }
-
- if (!buffer_is_empty(c->request.orig_uri)) {
-- BUFFER_APPEND_STRING_CONST(b, " (");
-+ buffer_append_string_len(b, CONST_STR_LEN(" ("));
- buffer_append_string_encoded(b, CONST_BUF_LEN(c->request.orig_uri), ENCODING_HTML);
-- BUFFER_APPEND_STRING_CONST(b, ")");
-+ buffer_append_string_len(b, CONST_STR_LEN(")"));
- }
-- BUFFER_APPEND_STRING_CONST(b, "</td><td class=\"string\">");
-+ buffer_append_string_len(b, CONST_STR_LEN("</td><td class=\"string\">"));
-
- buffer_append_string_buffer(b, c->physical.path);
-
-- BUFFER_APPEND_STRING_CONST(b, "</td></tr>\n");
-+ buffer_append_string_len(b, CONST_STR_LEN("</td></tr>\n"));
- }
-
-
-- BUFFER_APPEND_STRING_CONST(b,
-- "</table>\n");
-+ buffer_append_string_len(b, CONST_STR_LEN(
-+ "</table>\n"));
-
-
-- BUFFER_APPEND_STRING_CONST(b,
-+ buffer_append_string_len(b, CONST_STR_LEN(
- " </body>\n"
- "</html>\n"
-- );
-+ ));
-
- response_header_overwrite(srv, con, CONST_STR_LEN("Content-Type"), CONST_STR_LEN("text/html"));
-
-@@ -566,45 +562,45 @@
- b = chunkqueue_get_append_buffer(con->write_queue);
-
- /* output total number of requests */
-- BUFFER_APPEND_STRING_CONST(b, "Total Accesses: ");
-+ buffer_append_string_len(b, CONST_STR_LEN("Total Accesses: "));
- avg = p->abs_requests;
- snprintf(buf, sizeof(buf) - 1, "%.0f", avg);
- buffer_append_string(b, buf);
-- BUFFER_APPEND_STRING_CONST(b, "\n");
-+ buffer_append_string_len(b, CONST_STR_LEN("\n"));
-
- /* output total traffic out in kbytes */
-- BUFFER_APPEND_STRING_CONST(b, "Total kBytes: ");
-+ buffer_append_string_len(b, CONST_STR_LEN("Total kBytes: "));
- avg = p->abs_traffic_out / 1024;
- snprintf(buf, sizeof(buf) - 1, "%.0f", avg);
- buffer_append_string(b, buf);
-- BUFFER_APPEND_STRING_CONST(b, "\n");
-+ buffer_append_string_len(b, CONST_STR_LEN("\n"));
-
- /* output uptime */
-- BUFFER_APPEND_STRING_CONST(b, "Uptime: ");
-+ buffer_append_string_len(b, CONST_STR_LEN("Uptime: "));
- ts = srv->cur_ts - srv->startup_ts;
- buffer_append_long(b, ts);
-- BUFFER_APPEND_STRING_CONST(b, "\n");
-+ buffer_append_string_len(b, CONST_STR_LEN("\n"));
-
- /* output busy servers */
-- BUFFER_APPEND_STRING_CONST(b, "BusyServers: ");
-+ buffer_append_string_len(b, CONST_STR_LEN("BusyServers: "));
- buffer_append_long(b, srv->conns->used);
-- BUFFER_APPEND_STRING_CONST(b, "\n");
-+ buffer_append_string_len(b, CONST_STR_LEN("\n"));
-
-- BUFFER_APPEND_STRING_CONST(b, "IdleServers: ");
-+ buffer_append_string_len(b, CONST_STR_LEN("IdleServers: "));
- buffer_append_long(b, srv->conns->size - srv->conns->used);
-- BUFFER_APPEND_STRING_CONST(b, "\n");
-+ buffer_append_string_len(b, CONST_STR_LEN("\n"));
-
- /* output scoreboard */
-- BUFFER_APPEND_STRING_CONST(b, "Scoreboard: ");
-+ buffer_append_string_len(b, CONST_STR_LEN("Scoreboard: "));
- for (k = 0; k < srv->conns->used; k++) {
- connection *c = srv->conns->ptr[k];
- const char *state = connection_get_short_state(c->state);
- buffer_append_string_len(b, state, 1);
- }
- for (l = 0; l < srv->conns->size - srv->conns->used; l++) {
-- BUFFER_APPEND_STRING_CONST(b, "_");
-+ buffer_append_string_len(b, CONST_STR_LEN("_"));
- }
-- BUFFER_APPEND_STRING_CONST(b, "\n");
-+ buffer_append_string_len(b, CONST_STR_LEN("\n"));
-
- /* set text/plain output */
-
-@@ -633,9 +629,9 @@
- size_t ndx = st->sorted[i];
-
- buffer_append_string_buffer(b, st->data[ndx]->key);
-- buffer_append_string(b, ": ");
-+ buffer_append_string_len(b, CONST_STR_LEN(": "));
- buffer_append_long(b, ((data_integer *)(st->data[ndx]))->value);
-- buffer_append_string(b, "\n");
-+ buffer_append_string_len(b, CONST_STR_LEN("\n"));
- }
-
- response_header_overwrite(srv, con, CONST_STR_LEN("Content-Type"), CONST_STR_LEN("text/plain"));
-@@ -696,7 +692,7 @@
-
- b = chunkqueue_get_append_buffer(con->write_queue);
-
-- BUFFER_COPY_STRING_CONST(b,
-+ buffer_copy_string_len(b, CONST_STR_LEN(
- "<?xml version=\"1.0\" encoding=\"iso-8859-1\"?>\n"
- "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"\n"
- " \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n"
-@@ -706,7 +702,7 @@
- " </head>\n"
- " <body>\n"
- " <h1>" PACKAGE_NAME " " PACKAGE_VERSION "</h1>\n"
-- " <table summary=\"status\" border=\"1\">\n");
-+ " <table summary=\"status\" border=\"1\">\n"));
-
- mod_status_header_append(b, "Server-Features");
- #ifdef HAVE_PCRE_H
-@@ -733,19 +729,19 @@
- if (i == 0) {
- buffer_copy_string_buffer(m, pl->name);
- } else {
-- BUFFER_APPEND_STRING_CONST(m, "<br />");
-+ buffer_append_string_len(m, CONST_STR_LEN("<br />"));
- buffer_append_string_buffer(m, pl->name);
- }
- }
-
- mod_status_row_append(b, "Loaded Modules", m->ptr);
-
-- BUFFER_APPEND_STRING_CONST(b, " </table>\n");
-+ buffer_append_string_len(b, CONST_STR_LEN(" </table>\n"));
-
-- BUFFER_APPEND_STRING_CONST(b,
-+ buffer_append_string_len(b, CONST_STR_LEN(
- " </body>\n"
- "</html>\n"
-- );
-+ ));
-
- response_header_overwrite(srv, con, CONST_STR_LEN("Content-Type"), CONST_STR_LEN("text/html"));
-
-@@ -796,6 +792,8 @@
- static handler_t mod_status_handler(server *srv, connection *con, void *p_d) {
- plugin_data *p = p_d;
-
-+ if (con->mode != DIRECT) return HANDLER_GO_ON;
-+
- mod_status_patch_connection(srv, con, p);
-
- if (!buffer_is_empty(p->conf.status_url) &&
-Index: src/md5.c
-===================================================================
---- src/md5.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/md5.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -52,9 +52,9 @@
- #define S43 15
- #define S44 21
-
--static void MD5Transform (UINT4 [4], unsigned char [64]);
-+static void MD5Transform (UINT4 [4], const unsigned char [64]);
- static void Encode (unsigned char *, UINT4 *, unsigned int);
--static void Decode (UINT4 *, unsigned char *, unsigned int);
-+static void Decode (UINT4 *, const unsigned char *, unsigned int);
-
- #ifdef HAVE_MEMCPY
- #define MD5_memcpy(output, input, len) memcpy((output), (input), (len))
-@@ -126,12 +126,13 @@
- operation, processing another message block, and updating the
- context.
- */
--void MD5_Update (context, input, inputLen)
-+void MD5_Update (context, _input, inputLen)
- MD5_CTX *context; /* context */
--unsigned char *input; /* input block */
-+const void *_input; /* input block */
- unsigned int inputLen; /* length of input block */
- {
- unsigned int i, ndx, partLen;
-+ const unsigned char *input = (const unsigned char*) _input;
-
- /* Compute number of bytes mod 64 */
- ndx = (unsigned int)((context->count[0] >> 3) & 0x3F);
-@@ -200,7 +201,7 @@
- */
- static void MD5Transform (state, block)
- UINT4 state[4];
--unsigned char block[64];
-+const unsigned char block[64];
- {
- UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16];
-
-@@ -313,7 +314,7 @@
- */
- static void Decode (output, input, len)
- UINT4 *output;
--unsigned char *input;
-+const unsigned char *input;
- unsigned int len;
- {
- unsigned int i, j;
-Index: src/mod_compress.c
-===================================================================
---- src/mod_compress.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/mod_compress.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -102,7 +102,7 @@
- return HANDLER_GO_ON;
- }
-
--// 0 on success, -1 for error
-+/* 0 on success, -1 for error */
- int mkdir_recursive(char *dir) {
- char *p = dir;
-
-@@ -118,13 +118,13 @@
- }
-
- *p++ = '/';
-- if (!*p) return 0; // Ignore trailing slash
-+ if (!*p) return 0; /* Ignore trailing slash */
- }
-
- return (mkdir(dir, 0700) != 0) && (errno != EEXIST) ? -1 : 0;
- }
-
--// 0 on success, -1 for error
-+/* 0 on success, -1 for error */
- int mkdir_for_file(char *filename) {
- char *p = filename;
-
-@@ -140,7 +140,7 @@
- }
-
- *p++ = '/';
-- if (!*p) return -1; // Unexpected trailing slash in filename
-+ if (!*p) return -1; /* Unexpected trailing slash in filename */
- }
-
- return 0;
-@@ -178,9 +178,9 @@
- }
-
- if (!buffer_is_empty(s->compress_cache_dir)) {
-+ struct stat st;
- mkdir_recursive(s->compress_cache_dir->ptr);
-
-- struct stat st;
- if (0 != stat(s->compress_cache_dir->ptr, &st)) {
- log_error_write(srv, __FILE__, __LINE__, "sbs", "can't stat compress.cache-dir",
- s->compress_cache_dir, strerror(errno));
-@@ -396,13 +396,13 @@
-
- switch(type) {
- case HTTP_ACCEPT_ENCODING_GZIP:
-- buffer_append_string(p->ofn, "-gzip-");
-+ buffer_append_string_len(p->ofn, CONST_STR_LEN("-gzip-"));
- break;
- case HTTP_ACCEPT_ENCODING_DEFLATE:
-- buffer_append_string(p->ofn, "-deflate-");
-+ buffer_append_string_len(p->ofn, CONST_STR_LEN("-deflate-"));
- break;
- case HTTP_ACCEPT_ENCODING_BZIP2:
-- buffer_append_string(p->ofn, "-bzip2-");
-+ buffer_append_string_len(p->ofn, CONST_STR_LEN("-bzip2-"));
- break;
- default:
- log_error_write(srv, __FILE__, __LINE__, "sd", "unknown compression type", type);
-Index: src/md5.h
-===================================================================
---- src/md5.h (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/md5.h (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -42,6 +42,6 @@
- } MD5_CTX;
-
- void MD5_Init (MD5_CTX *);
--void MD5_Update (MD5_CTX *, unsigned char *, unsigned int);
-+void MD5_Update (MD5_CTX *, const void *, unsigned int);
- void MD5_Final (unsigned char [16], MD5_CTX *);
-
-Index: src/mod_ssi.c
-===================================================================
---- src/mod_ssi.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/mod_ssi.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -177,7 +177,7 @@
- }
-
- if (0 != strcasecmp(ds->key->ptr, "CONTENT-TYPE")) {
-- buffer_copy_string(srv->tmp_buf, "HTTP_");
-+ buffer_copy_string_len(srv->tmp_buf, CONST_STR_LEN("HTTP_"));
- srv->tmp_buf->used--;
- }
-
-@@ -419,7 +419,7 @@
-
- b = chunkqueue_get_append_buffer(con->write_queue);
- if (0 == strftime(buf, sizeof(buf), p->timefmt->ptr, localtime(&t))) {
-- buffer_copy_string(b, "(none)");
-+ buffer_copy_string_len(b, CONST_STR_LEN("(none)"));
- } else {
- buffer_copy_string(b, buf);
- }
-@@ -430,7 +430,7 @@
-
- b = chunkqueue_get_append_buffer(con->write_queue);
- if (0 == strftime(buf, sizeof(buf), p->timefmt->ptr, localtime(&t))) {
-- buffer_copy_string(b, "(none)");
-+ buffer_copy_string_len(b, CONST_STR_LEN("(none)"));
- } else {
- buffer_copy_string(b, buf);
- }
-@@ -441,7 +441,7 @@
-
- b = chunkqueue_get_append_buffer(con->write_queue);
- if (0 == strftime(buf, sizeof(buf), p->timefmt->ptr, gmtime(&t))) {
-- buffer_copy_string(b, "(none)");
-+ buffer_copy_string_len(b, CONST_STR_LEN("(none)"));
- } else {
- buffer_copy_string(b, buf);
- }
-@@ -472,7 +472,7 @@
- if (NULL != (ds = (data_string *)array_get_element(p->ssi_cgi_env, var_val))) {
- buffer_copy_string_buffer(b, ds->value);
- } else {
-- buffer_copy_string(b, "(none)");
-+ buffer_copy_string_len(b, CONST_STR_LEN("(none)"));
- }
-
- break;
-@@ -519,7 +519,7 @@
- if (file_path) {
- /* current doc-root */
- if (NULL == (sl = strrchr(con->physical.path->ptr, '/'))) {
-- buffer_copy_string(p->stat_fn, "/");
-+ buffer_copy_string_len(p->stat_fn, CONST_STR_LEN("/"));
- } else {
- buffer_copy_string_len(p->stat_fn, con->physical.path->ptr, sl - con->physical.path->ptr + 1);
- }
-@@ -573,7 +573,7 @@
- case SSI_FLASTMOD:
- b = chunkqueue_get_append_buffer(con->write_queue);
- if (0 == strftime(buf, sizeof(buf), p->timefmt->ptr, localtime(&t))) {
-- buffer_copy_string(b, "(none)");
-+ buffer_copy_string_len(b, CONST_STR_LEN("(none)"));
- } else {
- buffer_copy_string(b, buf);
- }
-@@ -656,17 +656,17 @@
- if (p->if_is_false) break;
-
- b = chunkqueue_get_append_buffer(con->write_queue);
-- buffer_copy_string(b, "<pre>");
-+ buffer_copy_string_len(b, CONST_STR_LEN("<pre>"));
- for (i = 0; i < p->ssi_vars->used; i++) {
- data_string *ds = (data_string *)p->ssi_vars->data[p->ssi_vars->sorted[i]];
-
- buffer_append_string_buffer(b, ds->key);
-- buffer_append_string(b, ": ");
-+ buffer_append_string_len(b, CONST_STR_LEN(": "));
- buffer_append_string_buffer(b, ds->value);
-- buffer_append_string(b, "<br />");
-+ buffer_append_string_len(b, CONST_STR_LEN("<br />"));
-
- }
-- buffer_append_string(b, "</pre>");
-+ buffer_append_string_len(b, CONST_STR_LEN("</pre>"));
-
- break;
- case SSI_EXEC: {
-@@ -924,7 +924,7 @@
-
- array_reset(p->ssi_vars);
- array_reset(p->ssi_cgi_env);
-- buffer_copy_string(p->timefmt, "%a, %d %b %Y %H:%M:%S %Z");
-+ buffer_copy_string_len(p->timefmt, CONST_STR_LEN("%a, %d %b %Y %H:%M:%S %Z"));
- p->sizefmt = 0;
- build_ssi_cgi_vars(srv, con, p);
- p->if_is_false = 0;
-@@ -1027,6 +1027,7 @@
-
- con->file_started = 1;
- con->file_finished = 1;
-+ con->mode = p->id;
-
- response_header_overwrite(srv, con, CONST_STR_LEN("Content-Type"), CONST_STR_LEN("text/html"));
-
-@@ -1094,6 +1095,8 @@
- plugin_data *p = p_d;
- size_t k;
-
-+ if (con->mode != DIRECT) return HANDLER_GO_ON;
-+
- if (con->physical.path->used == 0) return HANDLER_GO_ON;
-
- mod_ssi_patch_connection(srv, con, p);
-@@ -1109,6 +1112,7 @@
- if (mod_ssi_handle_request(srv, con, p)) {
- /* on error */
- con->http_status = 500;
-+ con->mode = DIRECT;
- }
-
- return HANDLER_FINISHED;
-Index: src/spawn-fcgi.c
-===================================================================
---- src/spawn-fcgi.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/spawn-fcgi.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -37,9 +37,9 @@
- #endif
-
- #ifdef HAVE_SYS_UN_H
--int fcgi_spawn_connection(char *appPath, char **appArgv, char *addr, unsigned short port, const char *unixsocket, int child_count, int pid_fd, int nofork) {
-+int fcgi_spawn_connection(char *appPath, char **appArgv, char *addr, unsigned short port, const char *unixsocket, int fork_count, int child_count, int pid_fd, int nofork) {
- int fcgi_fd;
-- int socket_type, status;
-+ int socket_type, status, rc = 0;
- struct timeval tv = { 0, 100 * 1000 };
-
- struct sockaddr_un fcgi_addr_un;
-@@ -48,9 +48,6 @@
-
- socklen_t servlen;
-
-- pid_t child;
-- int val;
--
- if (child_count < 2) {
- child_count = 5;
- }
-@@ -74,25 +71,6 @@
- #endif
- socket_type = AF_UNIX;
- fcgi_addr = (struct sockaddr *) &fcgi_addr_un;
--
-- /* check if some backend is listening on the socket
-- * as if we delete the socket-file and rebind there will be no "socket already in use" error
-- */
-- if (-1 == (fcgi_fd = socket(socket_type, SOCK_STREAM, 0))) {
-- fprintf(stderr, "%s.%d\n",
-- __FILE__, __LINE__);
-- return -1;
-- }
--
-- if (-1 != connect(fcgi_fd, fcgi_addr, servlen)) {
-- fprintf(stderr, "%s.%d: socket is already used, can't spawn\n",
-- __FILE__, __LINE__);
-- return -1;
-- }
--
-- /* cleanup previous socket if it exists */
-- unlink(unixsocket);
-- close(fcgi_fd);
- } else {
- fcgi_addr_in.sin_family = AF_INET;
- if (addr != NULL) {
-@@ -107,133 +85,176 @@
- fcgi_addr = (struct sockaddr *) &fcgi_addr_in;
- }
-
-- /* open socket */
- if (-1 == (fcgi_fd = socket(socket_type, SOCK_STREAM, 0))) {
- fprintf(stderr, "%s.%d\n",
- __FILE__, __LINE__);
- return -1;
- }
-
-- val = 1;
-- if (setsockopt(fcgi_fd, SOL_SOCKET, SO_REUSEADDR, &val, sizeof(val)) < 0) {
-- fprintf(stderr, "%s.%d\n",
-- __FILE__, __LINE__);
-- return -1;
-- }
-+ if (-1 == connect(fcgi_fd, fcgi_addr, servlen)) {
-+ /* server is not up, spawn in */
-+ pid_t child;
-+ int val;
-
-- /* create socket */
-- if (-1 == bind(fcgi_fd, fcgi_addr, servlen)) {
-- fprintf(stderr, "%s.%d: bind failed: %s\n",
-- __FILE__, __LINE__,
-- strerror(errno));
-- return -1;
-- }
-+ if (unixsocket) unlink(unixsocket);
-
-- if (-1 == listen(fcgi_fd, 1024)) {
-- fprintf(stderr, "%s.%d: fd = -1\n",
-- __FILE__, __LINE__);
-- return -1;
-- }
-+ close(fcgi_fd);
-
-- if (!nofork) {
-- child = fork();
-- } else {
-- child = 0;
-- }
-+ /* reopen socket */
-+ if (-1 == (fcgi_fd = socket(socket_type, SOCK_STREAM, 0))) {
-+ fprintf(stderr, "%s.%d\n",
-+ __FILE__, __LINE__);
-+ return -1;
-+ }
-
-- switch (child) {
-- case 0: {
-- char cgi_childs[64];
-+ val = 1;
-+ if (setsockopt(fcgi_fd, SOL_SOCKET, SO_REUSEADDR, &val, sizeof(val)) < 0) {
-+ fprintf(stderr, "%s.%d\n",
-+ __FILE__, __LINE__);
-+ return -1;
-+ }
-
-- int i = 0;
--
-- /* is safe as we limit to 256 childs */
-- sprintf(cgi_childs, "PHP_FCGI_CHILDREN=%d", child_count);
--
-- if(fcgi_fd != FCGI_LISTENSOCK_FILENO) {
-- close(FCGI_LISTENSOCK_FILENO);
-- dup2(fcgi_fd, FCGI_LISTENSOCK_FILENO);
-- close(fcgi_fd);
-+ /* create socket */
-+ if (-1 == bind(fcgi_fd, fcgi_addr, servlen)) {
-+ fprintf(stderr, "%s.%d: bind failed: %s\n",
-+ __FILE__, __LINE__,
-+ strerror(errno));
-+ return -1;
- }
-
-- /* we don't need the client socket */
-- for (i = 3; i < 256; i++) {
-- close(i);
-+ if (-1 == listen(fcgi_fd, 1024)) {
-+ fprintf(stderr, "%s.%d: fd = -1\n",
-+ __FILE__, __LINE__);
-+ return -1;
- }
-
-- /* create environment */
-+ while (fork_count-- > 0) {
-
-- putenv(cgi_childs);
-+ if (!nofork) {
-+ child = fork();
-+ } else {
-+ child = 0;
-+ }
-
-- /* fork and replace shell */
-- if (appArgv) {
-- execv(appArgv[0], appArgv);
-+ switch (child) {
-+ case 0: {
-+ char cgi_childs[64];
-+ int max_fd = 0;
-
-- } else {
-- char *b = malloc(strlen("exec ") + strlen(appPath) + 1);
-- strcpy(b, "exec ");
-- strcat(b, appPath);
-+ int i = 0;
-
-- /* exec the cgi */
-- execl("/bin/sh", "sh", "-c", b, (char *)NULL);
-- }
-+ /* loose control terminal */
-+ setsid();
-
-- exit(errno);
-+ /* is safe as we limit to 256 childs */
-+ sprintf(cgi_childs, "PHP_FCGI_CHILDREN=%d", child_count);
-
-- break;
-- }
-- case -1:
-- /* error */
-- break;
-- default:
-- /* father */
-+ if(fcgi_fd != FCGI_LISTENSOCK_FILENO) {
-+ close(FCGI_LISTENSOCK_FILENO);
-+ dup2(fcgi_fd, FCGI_LISTENSOCK_FILENO);
-+ close(fcgi_fd);
-+ }
-
-- /* wait */
-- select(0, NULL, NULL, NULL, &tv);
-+ max_fd = open("/dev/null", O_RDWR);
-+ close(STDERR_FILENO);
-+ dup2(max_fd, STDERR_FILENO);
-+ close(max_fd);
-
-- switch (waitpid(child, &status, WNOHANG)) {
-- case 0:
-- fprintf(stderr, "%s.%d: child spawned successfully: PID: %d\n",
-- __FILE__, __LINE__,
-- child);
-+ max_fd = open("/dev/null", O_RDWR);
-+ close(STDOUT_FILENO);
-+ dup2(max_fd, STDOUT_FILENO);
-+ close(max_fd);
-
-- /* write pid file */
-- if (pid_fd != -1) {
-- /* assume a 32bit pid_t */
-- char pidbuf[12];
-+ /* we don't need the client socket */
-+ for (i = 3; i < max_fd; i++) {
-+ if (i != FCGI_LISTENSOCK_FILENO) close(i);
-+ }
-
-- snprintf(pidbuf, sizeof(pidbuf) - 1, "%d", child);
-+ /* create environment */
-
-- write(pid_fd, pidbuf, strlen(pidbuf));
-- close(pid_fd);
-- pid_fd = -1;
-+ putenv(cgi_childs);
-+
-+ /* fork and replace shell */
-+ if (appArgv) {
-+ execv(appArgv[0], appArgv);
-+
-+ } else {
-+ char *b = malloc(strlen("exec ") + strlen(appPath) + 1);
-+ strcpy(b, "exec ");
-+ strcat(b, appPath);
-+
-+ /* exec the cgi */
-+ execl("/bin/sh", "sh", "-c", b, (char *)NULL);
-+ }
-+
-+ exit(errno);
-+
-+ break;
- }
-+ case -1:
-+ /* error */
-+ break;
-+ default:
-+ /* father */
-
-- break;
-- case -1:
-- break;
-- default:
-- if (WIFEXITED(status)) {
-- fprintf(stderr, "%s.%d: child exited with: %d, %s\n",
-- __FILE__, __LINE__,
-- WEXITSTATUS(status), strerror(WEXITSTATUS(status)));
-- } else if (WIFSIGNALED(status)) {
-- fprintf(stderr, "%s.%d: child signaled: %d\n",
-- __FILE__, __LINE__,
-- WTERMSIG(status));
-- } else {
-- fprintf(stderr, "%s.%d: child died somehow: %d\n",
-- __FILE__, __LINE__,
-- status);
-+ /* wait */
-+ select(0, NULL, NULL, NULL, &tv);
-+
-+ switch (waitpid(child, &status, WNOHANG)) {
-+ case 0:
-+ fprintf(stdout, "%s.%d: child spawned successfully: PID: %d\n",
-+ __FILE__, __LINE__,
-+ child);
-+
-+ /* write pid file */
-+ if (pid_fd != -1) {
-+ /* assume a 32bit pid_t */
-+ char pidbuf[12];
-+
-+ snprintf(pidbuf, sizeof(pidbuf) - 1, "%d", child);
-+
-+ write(pid_fd, pidbuf, strlen(pidbuf));
-+ /* avoid eol for the last one */
-+ if (fork_count != 0) {
-+ write(pid_fd, "\n", 1);
-+ }
-+ }
-+
-+ break;
-+ case -1:
-+ break;
-+ default:
-+ if (WIFEXITED(status)) {
-+ fprintf(stderr, "%s.%d: child exited with: %d\n",
-+ __FILE__, __LINE__, WEXITSTATUS(status));
-+ rc = WEXITSTATUS(status);
-+ } else if (WIFSIGNALED(status)) {
-+ fprintf(stderr, "%s.%d: child signaled: %d\n",
-+ __FILE__, __LINE__,
-+ WTERMSIG(status));
-+ rc = 1;
-+ } else {
-+ fprintf(stderr, "%s.%d: child died somehow: %d\n",
-+ __FILE__, __LINE__,
-+ status);
-+ rc = status;
-+ }
-+ }
-+
-+ break;
- }
- }
--
-- break;
-+ close(pid_fd);
-+ pid_fd = -1;
-+ } else {
-+ fprintf(stderr, "%s.%d: socket is already used, can't spawn\n",
-+ __FILE__, __LINE__);
-+ return -1;
- }
-
- close(fcgi_fd);
-
-- return 0;
-+ return rc;
- }
-
-
-@@ -256,6 +277,7 @@
- " -p <port> bind to tcp-port\n" \
- " -s <path> bind to unix-domain socket\n" \
- " -C <childs> (PHP only) numbers of childs to spawn (default 5)\n" \
-+" -F <childs> numbers of childs to fork (default 1)\n" \
- " -P <path> name of PID-file for spawed process\n" \
- " -n no fork (for daemontools)\n" \
- " -v show version\n" \
-@@ -276,20 +298,21 @@
- char **fcgi_app_argv = { NULL };
- unsigned short port = 0;
- int child_count = 5;
-+ int fork_count = 1;
- int i_am_root, o;
- int pid_fd = -1;
- int nofork = 0;
- struct sockaddr_un un;
-- const size_t sun_path_len = sizeof(un.sun_path);
-
- i_am_root = (getuid() == 0);
-
-- while(-1 != (o = getopt(argc, argv, "c:f:g:hna:p:u:vC:s:P:"))) {
-+ while (-1 != (o = getopt(argc, argv, "c:f:g:hna:p:u:vC:F:s:P:"))) {
- switch(o) {
- case 'f': fcgi_app = optarg; break;
- case 'a': addr = optarg;/* ip addr */ break;
- case 'p': port = strtol(optarg, NULL, 10);/* port */ break;
- case 'C': child_count = strtol(optarg, NULL, 10);/* */ break;
-+ case 'F': fork_count = strtol(optarg, NULL, 10);/* */ break;
- case 's': unixsocket = optarg; /* unix-domain socket */ break;
- case 'c': if (i_am_root) { changeroot = optarg; }/* chroot() */ break;
- case 'u': if (i_am_root) { username = optarg; } /* set user */ break;
-@@ -321,7 +344,7 @@
- return -1;
- }
-
-- if (unixsocket && strlen(unixsocket) > sun_path_len - 1) {
-+ if (unixsocket && strlen(unixsocket) > sizeof(un.sun_path) - 1) {
- fprintf(stderr, "%s.%d: %s\n",
- __FILE__, __LINE__,
- "path of the unix socket is too long\n");
-@@ -416,18 +439,15 @@
- "I will not set gid to 0\n");
- return -1;
- }
-- }
-
-- /*
-- * Change group before chroot, when we have access
-- * to /etc/group
-- */
-- if (groupname) {
-+ /* do the change before we do the chroot() */
- setgid(grp->gr_gid);
-- setgroups(0, NULL);
-+ setgroups(0, NULL);
-+
- if (username) {
- initgroups(username, grp->gr_gid);
- }
-+
- }
-
- if (changeroot) {
-@@ -451,7 +471,7 @@
- }
- }
-
-- return fcgi_spawn_connection(fcgi_app, fcgi_app_argv, addr, port, unixsocket, child_count, pid_fd, nofork);
-+ return fcgi_spawn_connection(fcgi_app, fcgi_app_argv, addr, port, unixsocket, fork_count, child_count, pid_fd, nofork);
- }
- #else
- int main() {
-Index: src/mod_auth.c
-===================================================================
---- src/mod_auth.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/mod_auth.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -150,13 +150,15 @@
- PATCH(auth_ldap_hostname);
- #ifdef USE_LDAP
- PATCH(ldap);
-- PATCH(ldap_filter_pre);
-- PATCH(ldap_filter_post);
- #endif
- } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.ldap.base-dn"))) {
- PATCH(auth_ldap_basedn);
- } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.ldap.filter"))) {
- PATCH(auth_ldap_filter);
-+#ifdef USE_LDAP
-+ PATCH(ldap_filter_pre);
-+ PATCH(ldap_filter_post);
-+#endif
- } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.ldap.ca-file"))) {
- PATCH(auth_ldap_cafile);
- } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.ldap.starttls"))) {
-@@ -248,6 +250,7 @@
- if (0 == strcmp(method->value->ptr, "digest")) {
- if (-1 == (auth_satisfied = http_auth_digest_check(srv, con, p, req, con->uri.path, auth_realm+1))) {
- con->http_status = 400;
-+ con->mode = DIRECT;
-
- /* a field was missing */
-
-@@ -268,22 +271,23 @@
- realm = (data_string *)array_get_element(req, "realm");
-
- con->http_status = 401;
-+ con->mode = DIRECT;
-
- if (0 == strcmp(method->value->ptr, "basic")) {
-- buffer_copy_string(p->tmp_buf, "Basic realm=\"");
-+ buffer_copy_string_len(p->tmp_buf, CONST_STR_LEN("Basic realm=\""));
- buffer_append_string_buffer(p->tmp_buf, realm->value);
-- buffer_append_string(p->tmp_buf, "\"");
-+ buffer_append_string_len(p->tmp_buf, CONST_STR_LEN("\""));
-
- response_header_insert(srv, con, CONST_STR_LEN("WWW-Authenticate"), CONST_BUF_LEN(p->tmp_buf));
- } else if (0 == strcmp(method->value->ptr, "digest")) {
- char hh[33];
- http_auth_digest_generate_nonce(srv, p, srv->tmp_buf, hh);
-
-- buffer_copy_string(p->tmp_buf, "Digest realm=\"");
-+ buffer_copy_string_len(p->tmp_buf, CONST_STR_LEN("Digest realm=\""));
- buffer_append_string_buffer(p->tmp_buf, realm->value);
-- buffer_append_string(p->tmp_buf, "\", nonce=\"");
-+ buffer_append_string_len(p->tmp_buf, CONST_STR_LEN("\", nonce=\""));
- buffer_append_string(p->tmp_buf, hh);
-- buffer_append_string(p->tmp_buf, "\", qop=\"auth\"");
-+ buffer_append_string_len(p->tmp_buf, CONST_STR_LEN("\", qop=\"auth\""));
-
- response_header_insert(srv, con, CONST_STR_LEN("WWW-Authenticate"), CONST_BUF_LEN(p->tmp_buf));
- } else {
-@@ -393,6 +397,23 @@
- }
- }
-
-+#ifdef USE_LDAP
-+ if (s->auth_ldap_filter->used) {
-+ char *dollar;
-+
-+ /* parse filter */
-+
-+ if (NULL == (dollar = strchr(s->auth_ldap_filter->ptr, '$'))) {
-+ log_error_write(srv, __FILE__, __LINE__, "s", "ldap: auth.backend.ldap.filter is missing a replace-operator '$'");
-+
-+ return HANDLER_ERROR;
-+ }
-+
-+ buffer_copy_string_len(s->ldap_filter_pre, s->auth_ldap_filter->ptr, dollar - s->auth_ldap_filter->ptr);
-+ buffer_copy_string(s->ldap_filter_post, dollar+1);
-+ }
-+#endif
-+
- /* no auth.require for this section */
- if (NULL == (da = (data_array *)array_get_element(ca, "auth.require"))) continue;
-
-@@ -479,21 +500,21 @@
-
- ds = data_string_init();
-
-- buffer_copy_string(ds->key, "method");
-+ buffer_copy_string_len(ds->key, CONST_STR_LEN("method"));
- buffer_copy_string(ds->value, method);
-
- array_insert_unique(a->value, (data_unset *)ds);
-
- ds = data_string_init();
-
-- buffer_copy_string(ds->key, "realm");
-+ buffer_copy_string_len(ds->key, CONST_STR_LEN("realm"));
- buffer_copy_string(ds->value, realm);
-
- array_insert_unique(a->value, (data_unset *)ds);
-
- ds = data_string_init();
-
-- buffer_copy_string(ds->key, "require");
-+ buffer_copy_string_len(ds->key, CONST_STR_LEN("require"));
- buffer_copy_string(ds->value, require);
-
- array_insert_unique(a->value, (data_unset *)ds);
-@@ -507,97 +528,83 @@
- handler_t ret = auth_ldap_init(srv, s);
- if (ret == HANDLER_ERROR)
- return (ret);
-- break;
-+ break;
- }
-- default:
-- break;
-- }
-- }
-+ default:
-+ break;
-+ }
-+ }
-
-- return HANDLER_GO_ON;
-+ return HANDLER_GO_ON;
- }
-
- handler_t auth_ldap_init(server *srv, mod_auth_plugin_config *s) {
- #ifdef USE_LDAP
-- int ret;
-+ int ret;
- #if 0
-- if (s->auth_ldap_basedn->used == 0) {
-- log_error_write(srv, __FILE__, __LINE__, "s", "ldap: auth.backend.ldap.base-dn has to be set");
-+ if (s->auth_ldap_basedn->used == 0) {
-+ log_error_write(srv, __FILE__, __LINE__, "s", "ldap: auth.backend.ldap.base-dn has to be set");
-
-- return HANDLER_ERROR;
-- }
-+ return HANDLER_ERROR;
-+ }
- #endif
-
-- if (s->auth_ldap_filter->used) {
-- char *dollar;
-+ if (s->auth_ldap_hostname->used) {
-+ if (NULL == (s->ldap = ldap_init(s->auth_ldap_hostname->ptr, LDAP_PORT))) {
-+ log_error_write(srv, __FILE__, __LINE__, "ss", "ldap ...", strerror(errno));
-
-- /* parse filter */
-+ return HANDLER_ERROR;
-+ }
-
-- if (NULL == (dollar = strchr(s->auth_ldap_filter->ptr, '$'))) {
-- log_error_write(srv, __FILE__, __LINE__, "s", "ldap: auth.backend.ldap.filter is missing a replace-operator '$'");
-+ ret = LDAP_VERSION3;
-+ if (LDAP_OPT_SUCCESS != (ret = ldap_set_option(s->ldap, LDAP_OPT_PROTOCOL_VERSION, &ret))) {
-+ log_error_write(srv, __FILE__, __LINE__, "ss", "ldap:", ldap_err2string(ret));
-
-- return HANDLER_ERROR;
-- }
-+ return HANDLER_ERROR;
-+ }
-
-- buffer_copy_string_len(s->ldap_filter_pre, s->auth_ldap_filter->ptr, dollar - s->auth_ldap_filter->ptr);
-- buffer_copy_string(s->ldap_filter_post, dollar+1);
-- }
-+ if (s->auth_ldap_starttls) {
-+ /* if no CA file is given, it is ok, as we will use encryption
-+ * if the server requires a CAfile it will tell us */
-+ if (!buffer_is_empty(s->auth_ldap_cafile)) {
-+ if (LDAP_OPT_SUCCESS != (ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE,
-+ s->auth_ldap_cafile->ptr))) {
-+ log_error_write(srv, __FILE__, __LINE__, "ss",
-+ "Loading CA certificate failed:", ldap_err2string(ret));
-
-- if (s->auth_ldap_hostname->used) {
-- if (NULL == (s->ldap = ldap_init(s->auth_ldap_hostname->ptr, LDAP_PORT))) {
-- log_error_write(srv, __FILE__, __LINE__, "ss", "ldap ...", strerror(errno));
--
- return HANDLER_ERROR;
- }
-+ }
-
-- ret = LDAP_VERSION3;
-- if (LDAP_OPT_SUCCESS != (ret = ldap_set_option(s->ldap, LDAP_OPT_PROTOCOL_VERSION, &ret))) {
-- log_error_write(srv, __FILE__, __LINE__, "ss", "ldap:", ldap_err2string(ret));
-+ if (LDAP_OPT_SUCCESS != (ret = ldap_start_tls_s(s->ldap, NULL, NULL))) {
-+ log_error_write(srv, __FILE__, __LINE__, "ss", "ldap startTLS failed:", ldap_err2string(ret));
-
-- return HANDLER_ERROR;
-- }
-+ return HANDLER_ERROR;
-+ }
-+ }
-
-- if (s->auth_ldap_starttls) {
-- /* if no CA file is given, it is ok, as we will use encryption
-- * if the server requires a CAfile it will tell us */
-- if (!buffer_is_empty(s->auth_ldap_cafile)) {
-- if (LDAP_OPT_SUCCESS != (ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE,
-- s->auth_ldap_cafile->ptr))) {
-- log_error_write(srv, __FILE__, __LINE__, "ss",
-- "Loading CA certificate failed:", ldap_err2string(ret));
-
-- return HANDLER_ERROR;
-- }
-- }
-+ /* 1. */
-+ if (s->auth_ldap_binddn->used) {
-+ if (LDAP_SUCCESS != (ret = ldap_simple_bind_s(s->ldap, s->auth_ldap_binddn->ptr, s->auth_ldap_bindpw->ptr))) {
-+ log_error_write(srv, __FILE__, __LINE__, "ss", "ldap:", ldap_err2string(ret));
-
-- if (LDAP_OPT_SUCCESS != (ret = ldap_start_tls_s(s->ldap, NULL, NULL))) {
-- log_error_write(srv, __FILE__, __LINE__, "ss", "ldap startTLS failed:", ldap_err2string(ret));
-+ return HANDLER_ERROR;
-+ }
-+ } else {
-+ if (LDAP_SUCCESS != (ret = ldap_simple_bind_s(s->ldap, NULL, NULL))) {
-+ log_error_write(srv, __FILE__, __LINE__, "ss", "ldap:", ldap_err2string(ret));
-
-- return HANDLER_ERROR;
-- }
-- }
--
--
-- /* 1. */
-- if (s->auth_ldap_binddn->used) {
-- if (LDAP_SUCCESS != (ret = ldap_simple_bind_s(s->ldap, s->auth_ldap_binddn->ptr, s->auth_ldap_bindpw->ptr))) {
-- log_error_write(srv, __FILE__, __LINE__, "ss", "ldap:", ldap_err2string(ret));
--
-- return HANDLER_ERROR;
-- }
-- } else {
-- if (LDAP_SUCCESS != (ret = ldap_simple_bind_s(s->ldap, NULL, NULL))) {
-- log_error_write(srv, __FILE__, __LINE__, "ss", "ldap:", ldap_err2string(ret));
--
-- return HANDLER_ERROR;
-- }
-- }
-+ return HANDLER_ERROR;
- }
-+ }
-+ }
-+ return HANDLER_GO_ON;
- #else
-- log_error_write(srv, __FILE__, __LINE__, "s", "no ldap support available");
-- return HANDLER_ERROR;
-+ UNUSED(s);
-+ log_error_write(srv, __FILE__, __LINE__, "s", "no ldap support available");
-+ return HANDLER_ERROR;
- #endif
-- return HANDLER_GO_ON;
- }
-
- int mod_auth_plugin_init(plugin *p) {
-Index: src/data_string.c
-===================================================================
---- src/data_string.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/data_string.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -37,7 +37,7 @@
- data_string *ds_src = (data_string *)src;
-
- if (ds_dst->value->used) {
-- buffer_append_string(ds_dst->value, ", ");
-+ buffer_append_string_len(ds_dst->value, CONST_STR_LEN(", "));
- buffer_append_string_buffer(ds_dst->value, ds_src->value);
- } else {
- buffer_copy_string_buffer(ds_dst->value, ds_src->value);
-@@ -53,9 +53,9 @@
- data_string *ds_src = (data_string *)src;
-
- if (ds_dst->value->used) {
-- buffer_append_string(ds_dst->value, "\r\n");
-+ buffer_append_string_len(ds_dst->value, CONST_STR_LEN("\r\n"));
- buffer_append_string_buffer(ds_dst->value, ds_dst->key);
-- buffer_append_string(ds_dst->value, ": ");
-+ buffer_append_string_len(ds_dst->value, CONST_STR_LEN(": "));
- buffer_append_string_buffer(ds_dst->value, ds_src->value);
- } else {
- buffer_copy_string_buffer(ds_dst->value, ds_src->value);
-Index: src/http-header-glue.c
-===================================================================
---- src/http-header-glue.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/http-header-glue.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -109,9 +109,9 @@
- o = buffer_init();
-
- if (con->conf.is_ssl) {
-- buffer_copy_string(o, "https://");
-+ buffer_copy_string_len(o, CONST_STR_LEN("https://"));
- } else {
-- buffer_copy_string(o, "http://");
-+ buffer_copy_string_len(o, CONST_STR_LEN("http://"));
- }
- if (con->uri.authority->used) {
- buffer_append_string_buffer(o, con->uri.authority);
-@@ -180,14 +180,14 @@
-
- if (!((con->conf.is_ssl == 0 && srv->srvconf.port == 80) ||
- (con->conf.is_ssl == 1 && srv->srvconf.port == 443))) {
-- buffer_append_string(o, ":");
-+ buffer_append_string_len(o, CONST_STR_LEN(":"));
- buffer_append_long(o, srv->srvconf.port);
- }
- }
- buffer_append_string_buffer(o, con->uri.path);
-- buffer_append_string(o, "/");
-+ buffer_append_string_len(o, CONST_STR_LEN("/"));
- if (!buffer_is_empty(con->uri.query)) {
-- buffer_append_string(o, "?");
-+ buffer_append_string_len(o, CONST_STR_LEN("?"));
- buffer_append_string_buffer(o, con->uri.query);
- }
-
-@@ -272,6 +272,7 @@
- con->request.http_if_modified_since, used_len, sizeof(buf) - 1);
-
- con->http_status = 412;
-+ con->mode = DIRECT;
- return HANDLER_FINISHED;
- }
-
-@@ -281,6 +282,7 @@
-
- if (NULL == strptime(buf, "%a, %d %b %Y %H:%M:%S GMT", &tm)) {
- con->http_status = 412;
-+ con->mode = DIRECT;
- return HANDLER_FINISHED;
- }
- t_header = mktime(&tm);
-@@ -299,6 +301,7 @@
- }
- } else {
- con->http_status = 412;
-+ con->mode = DIRECT;
- return HANDLER_FINISHED;
- }
- }
-Index: src/mod_evasive.c
-===================================================================
---- src/mod_evasive.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/mod_evasive.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -138,24 +138,47 @@
- /* no limit set, nothing to block */
- if (p->conf.max_conns == 0) return HANDLER_GO_ON;
-
-+ switch (con->dst_addr.plain.sa_family) {
-+ case AF_INET:
-+#ifdef HAVE_IPV6
-+ case AF_INET6:
-+#endif
-+ break;
-+ default: // Address family not supported
-+ return HANDLER_GO_ON;
-+ };
-+
- for (j = 0; j < srv->conns->used; j++) {
- connection *c = srv->conns->ptr[j];
-
- /* check if other connections are already actively serving data for the same IP
- * we can only ban connections which are already behind the 'read request' state
- * */
-- if (c->dst_addr.ipv4.sin_addr.s_addr == con->dst_addr.ipv4.sin_addr.s_addr &&
-- c->state > CON_STATE_REQUEST_END) {
-- conns_by_ip++;
-+ if (c->dst_addr.plain.sa_family != con->dst_addr.plain.sa_family) continue;
-+ if (c->state <= CON_STATE_REQUEST_END) continue;
-
-- if (conns_by_ip > p->conf.max_conns) {
-- log_error_write(srv, __FILE__, __LINE__, "ss",
-- inet_ntop_cache_get_ip(srv, &(con->dst_addr)),
-- "turned away. Too many connections.");
-+ switch (con->dst_addr.plain.sa_family) {
-+ case AF_INET:
-+ if (c->dst_addr.ipv4.sin_addr.s_addr != con->dst_addr.ipv4.sin_addr.s_addr) continue;
-+ break;
-+#ifdef HAVE_IPV6
-+ case AF_INET6:
-+ if (0 != memcmp(c->dst_addr.ipv6.sin6_addr.s6_addr, con->dst_addr.ipv6.sin6_addr.s6_addr, 16)) continue;
-+ break;
-+#endif
-+ default: /* Address family not supported, should never be reached */
-+ continue;
-+ };
-+ conns_by_ip++;
-
-- con->http_status = 403;
-- return HANDLER_FINISHED;
-- }
-+ if (conns_by_ip > p->conf.max_conns) {
-+ log_error_write(srv, __FILE__, __LINE__, "ss",
-+ inet_ntop_cache_get_ip(srv, &(con->dst_addr)),
-+ "turned away. Too many connections.");
-+
-+ con->http_status = 403;
-+ con->mode = DIRECT;
-+ return HANDLER_FINISHED;
- }
- }
-
-Index: src/mod_indexfile.c
-===================================================================
---- src/mod_indexfile.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/mod_indexfile.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -140,6 +140,8 @@
- size_t k;
- stat_cache_entry *sce = NULL;
-
-+ if (con->mode != DIRECT) return HANDLER_GO_ON;
-+
- if (con->uri.path->used == 0) return HANDLER_GO_ON;
- if (con->uri.path->ptr[con->uri.path->used - 2] != '/') return HANDLER_GO_ON;
-
-Index: src/mod_uploadprogress.c
-===================================================================
-Index: src/mod_fastcgi.c
-===================================================================
---- src/mod_fastcgi.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/mod_fastcgi.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -236,6 +236,16 @@
- unsigned short break_scriptfilename_for_php;
-
- /*
-+ * workaround for program when prefix="/"
-+ *
-+ * rule to build PATH_INFO is hardcoded for when check_local is disabled
-+ * enable this option to use the workaround
-+ *
-+ */
-+
-+ unsigned short fix_root_path_name;
-+
-+ /*
- * If the backend includes X-LIGHTTPD-send-file in the response
- * we use the value as filename and ignore the content.
- *
-@@ -380,10 +390,10 @@
- static handler_t fcgi_handle_fdevent(void *s, void *ctx, int revents);
-
- int fastcgi_status_copy_procname(buffer *b, fcgi_extension_host *host, fcgi_proc *proc) {
-- buffer_copy_string(b, "fastcgi.backend.");
-+ buffer_copy_string_len(b, CONST_STR_LEN("fastcgi.backend."));
- buffer_append_string_buffer(b, host->id);
- if (proc) {
-- buffer_append_string(b, ".");
-+ buffer_append_string_len(b, CONST_STR_LEN("."));
- buffer_append_long(b, proc->id);
- }
-
-@@ -393,7 +403,7 @@
- int fastcgi_status_init(server *srv, buffer *b, fcgi_extension_host *host, fcgi_proc *proc) {
- #define CLEAN(x) \
- fastcgi_status_copy_procname(b, host, proc); \
-- buffer_append_string(b, x); \
-+ buffer_append_string_len(b, CONST_STR_LEN(x)); \
- status_counter_set(srv, CONST_BUF_LEN(b), 0);
-
- CLEAN(".disabled");
-@@ -406,7 +416,7 @@
-
- #define CLEAN(x) \
- fastcgi_status_copy_procname(b, host, NULL); \
-- buffer_append_string(b, x); \
-+ buffer_append_string_len(b, CONST_STR_LEN(x)); \
- status_counter_set(srv, CONST_BUF_LEN(b), 0);
-
- CLEAN(".load");
-@@ -693,6 +703,7 @@
-
- static int env_add(char_array *env, const char *key, size_t key_len, const char *val, size_t val_len) {
- char *dst;
-+ size_t i;
-
- if (!key || !val) return -1;
-
-@@ -702,6 +713,15 @@
- /* add the \0 from the value */
- memcpy(dst + key_len + 1, val, val_len + 1);
-
-+ for (i = 0; i < env->used; i++) {
-+ if (0 == strncmp(dst, env->ptr[i], key_len + 1)) {
-+ /* don't care about free as we are in a forked child which is going to exec(...) */
-+ /* free(env->ptr[i]); */
-+ env->ptr[i] = dst;
-+ return 0;
-+ }
-+ }
-+
- if (env->size == 0) {
- env->size = 16;
- env->ptr = malloc(env->size * sizeof(*env->ptr));
-@@ -811,7 +831,7 @@
- socket_type = AF_UNIX;
- fcgi_addr = (struct sockaddr *) &fcgi_addr_un;
-
-- buffer_copy_string(proc->connection_name, "unix:");
-+ buffer_copy_string_len(proc->connection_name, CONST_STR_LEN("unix:"));
- buffer_append_string_buffer(proc->connection_name, proc->unixsocket);
-
- #else
-@@ -857,13 +877,13 @@
- socket_type = AF_INET;
- fcgi_addr = (struct sockaddr *) &fcgi_addr_in;
-
-- buffer_copy_string(proc->connection_name, "tcp:");
-+ buffer_copy_string_len(proc->connection_name, CONST_STR_LEN("tcp:"));
- if (!buffer_is_empty(host->host)) {
- buffer_append_string_buffer(proc->connection_name, host->host);
- } else {
-- buffer_append_string(proc->connection_name, "localhost");
-+ buffer_append_string_len(proc->connection_name, CONST_STR_LEN("localhost"));
- }
-- buffer_append_string(proc->connection_name, ":");
-+ buffer_append_string_len(proc->connection_name, CONST_STR_LEN(":"));
- buffer_append_long(proc->connection_name, proc->port);
- }
-
-@@ -937,6 +957,8 @@
- close(fcgi_fd);
- }
-
-+ openDevNull(STDERR_FILENO);
-+
- /* we don't need the client socket */
- for (i = 3; i < 256; i++) {
- close(i);
-@@ -1000,8 +1022,8 @@
- /* exec the cgi */
- execve(arg.ptr[0], arg.ptr, env.ptr);
-
-- log_error_write(srv, __FILE__, __LINE__, "sbs",
-- "execve failed for:", host->bin_path, strerror(errno));
-+ /* log_error_write(srv, __FILE__, __LINE__, "sbs",
-+ "execve failed for:", host->bin_path, strerror(errno)); */
-
- exit(errno);
-
-@@ -1193,6 +1215,7 @@
- { "allow-x-send-file", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 15 */
- { "strip-request-uri", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 16 */
- { "kill-signal", NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_CONNECTION }, /* 17 */
-+ { "fix-root-scriptname", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 18 */
-
- { NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
- };
-@@ -1220,6 +1243,7 @@
- host->break_scriptfilename_for_php = 0;
- host->allow_xsendfile = 0; /* handle X-LIGHTTPD-send-file */
- host->kill_signal = SIGTERM;
-+ host->fix_root_path_name = 0;
-
- fcv[0].destination = host->host;
- fcv[1].destination = host->docroot;
-@@ -1241,6 +1265,7 @@
- fcv[15].destination = &(host->allow_xsendfile);
- fcv[16].destination = host->strip_request_uri;
- fcv[17].destination = &(host->kill_signal);
-+ fcv[18].destination = &(host->fix_root_path_name);
-
- if (0 != config_insert_values_internal(srv, da_host->value, fcv)) {
- return HANDLER_ERROR;
-@@ -1324,7 +1349,7 @@
- proc->port = host->port + pno;
- } else {
- buffer_copy_string_buffer(proc->unixsocket, host->unixsocket);
-- buffer_append_string(proc->unixsocket, "-");
-+ buffer_append_string_len(proc->unixsocket, CONST_STR_LEN("-"));
- buffer_append_long(proc->unixsocket, pno);
- }
-
-@@ -1482,7 +1507,7 @@
- status_counter_dec(srv, CONST_STR_LEN("fastcgi.active-requests"));
-
- fastcgi_status_copy_procname(p->statuskey, hctx->host, hctx->proc);
-- buffer_append_string(p->statuskey, ".load");
-+ buffer_append_string_len(p->statuskey, CONST_STR_LEN(".load"));
-
- status_counter_set(srv, CONST_BUF_LEN(p->statuskey), hctx->proc->load);
-
-@@ -1683,7 +1708,7 @@
-
- if (buffer_is_empty(proc->connection_name)) {
- /* on remote spawing we have to set the connection-name now */
-- buffer_copy_string(proc->connection_name, "unix:");
-+ buffer_copy_string_len(proc->connection_name, CONST_STR_LEN("unix:"));
- buffer_append_string_buffer(proc->connection_name, proc->unixsocket);
- }
- #else
-@@ -1709,13 +1734,13 @@
-
- if (buffer_is_empty(proc->connection_name)) {
- /* on remote spawing we have to set the connection-name now */
-- buffer_copy_string(proc->connection_name, "tcp:");
-+ buffer_copy_string_len(proc->connection_name, CONST_STR_LEN("tcp:"));
- if (!buffer_is_empty(host->host)) {
- buffer_append_string_buffer(proc->connection_name, host->host);
- } else {
-- buffer_append_string(proc->connection_name, "localhost");
-+ buffer_append_string_len(proc->connection_name, CONST_STR_LEN("localhost"));
- }
-- buffer_append_string(proc->connection_name, ":");
-+ buffer_append_string_len(proc->connection_name, CONST_STR_LEN(":"));
- buffer_append_long(proc->connection_name, proc->port);
- }
- }
-@@ -1771,7 +1796,7 @@
- buffer_reset(srv->tmp_buf);
-
- if (0 != strcasecmp(ds->key->ptr, "CONTENT-TYPE")) {
-- BUFFER_COPY_STRING_CONST(srv->tmp_buf, "HTTP_");
-+ buffer_copy_string_len(srv->tmp_buf, CONST_STR_LEN("HTTP_"));
- srv->tmp_buf->used--;
- }
-
-@@ -2026,7 +2051,7 @@
- */
- if ('/' != host->strip_request_uri->ptr[host->strip_request_uri->used - 2]) {
- /* fix the user-input to have / as last char */
-- buffer_append_string(host->strip_request_uri, "/");
-+ buffer_append_string_len(host->strip_request_uri, CONST_STR_LEN("/"));
- }
-
- if (con->request.orig_uri->used >= host->strip_request_uri->used &&
-@@ -2094,12 +2119,12 @@
- hctx->wb->bytes_in += sizeof(header);
-
- if (p->conf.debug > 10) {
-- fprintf(stderr, "%s.%d: tosend: %lld / %lld\n", __FILE__, __LINE__, offset, req_cq->bytes_in);
-+ log_error_write(srv, __FILE__, __LINE__, "soso", "tosend:", offset, "/", req_cq->bytes_in);
- }
-
- for (written = 0; written != weWant; ) {
- if (p->conf.debug > 10) {
-- fprintf(stderr, "%s.%d: chunk: %lld / %lld\n", __FILE__, __LINE__, written, weWant);
-+ log_error_write(srv, __FILE__, __LINE__, "soso", "chunk:", written, "/", weWant);
- }
-
- switch (req_c->type) {
-@@ -2109,12 +2134,10 @@
- if (weHave > weWant - written) weHave = weWant - written;
-
- if (p->conf.debug > 10) {
-- fprintf(stderr, "%s.%d: sending %lld bytes from (%lld / %lld) %s\n",
-- __FILE__, __LINE__,
-- weHave,
-- req_c->offset,
-- req_c->file.length,
-- req_c->file.name->ptr);
-+ log_error_write(srv, __FILE__, __LINE__, "soSosOsb",
-+ "sending", weHave, "bytes from (",
-+ req_c->offset, "/", req_c->file.length, ")",
-+ req_c->file.name);
- }
-
- assert(weHave != 0);
-@@ -2143,7 +2166,7 @@
- chunk *c;
-
- if (p->conf.debug > 10) {
-- fprintf(stderr, "%s.%d: next chunk\n", __FILE__, __LINE__);
-+ log_error_write(srv, __FILE__, __LINE__, "s", "next chunk");
- }
- c = hctx->wb->last;
-
-@@ -2173,7 +2196,7 @@
-
- hctx->wb->bytes_in += weHave;
-
-- if (req_c->offset == req_c->mem->used - 1) {
-+ if (req_c->offset == (off_t) req_c->mem->used - 1) {
- chunkqueue_remove_finished_chunks(req_cq);
-
- req_c = req_cq->first;
-@@ -2368,7 +2391,7 @@
- offset = sizeof(*header);
-
- /* ->b should only be the content */
-- buffer_copy_string(packet->b, ""); /* used == 1 */
-+ buffer_copy_string_len(packet->b, CONST_STR_LEN("")); /* used == 1 */
-
- if (packet->len) {
- /* copy the content */
-@@ -2544,7 +2567,10 @@
- stat_cache_entry *sce;
-
- if (HANDLER_ERROR != stat_cache_get_entry(srv, con, ds->value, &sce)) {
-- data_string *dcls = data_string_init();
-+ data_string *dcls;
-+ if (NULL == (dcls = (data_string *)array_get_unused_element(con->response.headers, TYPE_STRING))) {
-+ dcls = data_response_init();
-+ }
- /* found */
- http_chunk_append_file(srv, con, ds->value, 0, sce->st.st_size);
- hctx->send_content_body = 0; /* ignore the content */
-@@ -2663,30 +2689,48 @@
-
- /* the child should not terminate at all */
-
-- switch(waitpid(proc->pid, &status, WNOHANG)) {
-- case 0:
-- /* child is still alive */
-- break;
-- case -1:
-- break;
-- default:
-- if (WIFEXITED(status)) {
-+ for ( ;; ) {
-+ switch(waitpid(proc->pid, &status, WNOHANG)) {
-+ case 0:
-+ /* child is still alive */
-+ if (srv->cur_ts <= proc->disabled_until) break;
-+
-+ proc->state = PROC_STATE_RUNNING;
-+ host->active_procs++;
-+
-+ log_error_write(srv, __FILE__, __LINE__, "sbdb",
-+ "fcgi-server re-enabled:",
-+ host->host, host->port,
-+ host->unixsocket);
-+ break;
-+ case -1:
-+ if (errno == EINTR) continue;
-+
-+ log_error_write(srv, __FILE__, __LINE__, "sd",
-+ "child died somehow, waitpid failed:",
-+ errno);
-+ proc->state = PROC_STATE_DIED;
-+ break;
-+ default:
-+ if (WIFEXITED(status)) {
- #if 0
-- log_error_write(srv, __FILE__, __LINE__, "sdsd",
-- "child exited, pid:", proc->pid,
-- "status:", WEXITSTATUS(status));
-+ log_error_write(srv, __FILE__, __LINE__, "sdsd",
-+ "child exited, pid:", proc->pid,
-+ "status:", WEXITSTATUS(status));
- #endif
-- } else if (WIFSIGNALED(status)) {
-- log_error_write(srv, __FILE__, __LINE__, "sd",
-- "child signaled:",
-- WTERMSIG(status));
-- } else {
-- log_error_write(srv, __FILE__, __LINE__, "sd",
-- "child died somehow:",
-- status);
-+ } else if (WIFSIGNALED(status)) {
-+ log_error_write(srv, __FILE__, __LINE__, "sd",
-+ "child signaled:",
-+ WTERMSIG(status));
-+ } else {
-+ log_error_write(srv, __FILE__, __LINE__, "sd",
-+ "child died somehow:",
-+ status);
-+ }
-+
-+ proc->state = PROC_STATE_DIED;
-+ break;
- }
--
-- proc->state = PROC_STATE_DIED;
- break;
- }
-
-@@ -2797,7 +2841,7 @@
- hctx->proc->state = PROC_STATE_DIED;
-
- fastcgi_status_copy_procname(p->statuskey, hctx->host, hctx->proc);
-- buffer_append_string(p->statuskey, ".died");
-+ buffer_append_string_len(p->statuskey, CONST_STR_LEN(".died"));
-
- status_counter_inc(srv, CONST_BUF_LEN(p->statuskey));
-
-@@ -2889,7 +2933,7 @@
- hctx->proc->state = PROC_STATE_OVERLOADED;
-
- fastcgi_status_copy_procname(p->statuskey, hctx->host, hctx->proc);
-- buffer_append_string(p->statuskey, ".overloaded");
-+ buffer_append_string_len(p->statuskey, CONST_STR_LEN(".overloaded"));
-
- status_counter_inc(srv, CONST_BUF_LEN(p->statuskey));
-
-@@ -2915,7 +2959,7 @@
- "load:", host->load);
-
- fastcgi_status_copy_procname(p->statuskey, hctx->host, hctx->proc);
-- buffer_append_string(p->statuskey, ".died");
-+ buffer_append_string_len(p->statuskey, CONST_STR_LEN(".died"));
-
- status_counter_inc(srv, CONST_BUF_LEN(p->statuskey));
-
-@@ -2941,19 +2985,19 @@
- status_counter_inc(srv, CONST_STR_LEN("fastcgi.active-requests"));
-
- fastcgi_status_copy_procname(p->statuskey, hctx->host, hctx->proc);
-- buffer_append_string(p->statuskey, ".connected");
-+ buffer_append_string_len(p->statuskey, CONST_STR_LEN(".connected"));
-
- status_counter_inc(srv, CONST_BUF_LEN(p->statuskey));
-
- /* the proc-load */
- fastcgi_status_copy_procname(p->statuskey, hctx->host, hctx->proc);
-- buffer_append_string(p->statuskey, ".load");
-+ buffer_append_string_len(p->statuskey, CONST_STR_LEN(".load"));
-
- status_counter_set(srv, CONST_BUF_LEN(p->statuskey), hctx->proc->load);
-
- /* the host-load */
- fastcgi_status_copy_procname(p->statuskey, hctx->host, NULL);
-- buffer_append_string(p->statuskey, ".load");
-+ buffer_append_string_len(p->statuskey, CONST_STR_LEN(".load"));
-
- status_counter_set(srv, CONST_BUF_LEN(p->statuskey), hctx->host->load);
-
-@@ -3074,7 +3118,7 @@
-
- /* check if the next server has no load. */
- ndx = hctx->ext->last_used_ndx + 1;
-- if(ndx >= hctx->ext->used || ndx < 0) ndx = 0;
-+ if(ndx >= (int) hctx->ext->used || ndx < 0) ndx = 0;
- host = hctx->ext->hosts[ndx];
- if (host->load > 0) {
- /* get backend with the least load. */
-@@ -3418,6 +3462,8 @@
- fcgi_extension *extension = NULL;
- fcgi_extension_host *host = NULL;
-
-+ if (con->mode != DIRECT) return HANDLER_GO_ON;
-+
- /* Possibly, we processed already this request */
- if (con->file_started == 1) return HANDLER_GO_ON;
-
-@@ -3480,13 +3526,12 @@
-
- ct_len = extension->key->used - 1;
-
-- if (s_len < ct_len) continue;
--
-- /* check extension in the form "/fcgi_pattern" */
-- if (*(extension->key->ptr) == '/') {
-- if (strncmp(fn->ptr, extension->key->ptr, ct_len) == 0)
-+ /* check _url_ in the form "/fcgi_pattern" */
-+ if (extension->key->ptr[0] == '/') {
-+ if ((ct_len <= con->uri.path->used -1) &&
-+ (strncmp(con->uri.path->ptr, extension->key->ptr, ct_len) == 0))
- break;
-- } else if (0 == strncmp(fn->ptr + s_len - ct_len, extension->key->ptr, ct_len)) {
-+ } else if ((ct_len <= s_len) && (0 == strncmp(fn->ptr + s_len - ct_len, extension->key->ptr, ct_len))) {
- /* check extension in the form ".fcg" */
- break;
- }
-@@ -3499,16 +3544,15 @@
-
- /* check if we have at least one server for this extension up and running */
- for (k = 0; k < extension->used; k++) {
-- host = extension->hosts[k];
-+ fcgi_extension_host *h = extension->hosts[k];
-
- /* we should have at least one proc that can do something */
-- if (host->active_procs == 0) {
-- host = NULL;
--
-+ if (h->active_procs == 0) {
- continue;
- }
-
- /* we found one host that is alive */
-+ host = h;
- break;
- }
-
-@@ -3582,6 +3626,13 @@
- * SCRIPT_NAME = /fcgi-bin/foo
- * PATH_INFO = /bar
- *
-+ * if prefix = /, and fix-root-path-name is enable
-+ *
-+ * /fcgi-bin/foo/bar
-+ *
-+ * SCRIPT_NAME = /fcgi-bin/foo
-+ * PATH_INFO = /bar
-+ *
- */
-
- /* the rewrite is only done for /prefix/? matches */
-@@ -3594,6 +3645,10 @@
-
- con->uri.path->used -= con->request.pathinfo->used - 1;
- con->uri.path->ptr[con->uri.path->used - 1] = '\0';
-+ } else if (host->fix_root_path_name && extension->key->ptr[0] == '/' && extension->key->ptr[1] == '\0') {
-+ buffer_copy_string(con->request.pathinfo, con->uri.path->ptr);
-+ con->uri.path->used = 1;
-+ con->uri.path->ptr[con->uri.path->used - 1] = '\0';
- }
- }
- } else {
-@@ -3738,7 +3793,7 @@
- proc->port = host->port + proc->id;
- } else {
- buffer_copy_string_buffer(proc->unixsocket, host->unixsocket);
-- buffer_append_string(proc->unixsocket, "-");
-+ buffer_append_string_len(proc->unixsocket, CONST_STR_LEN("-"));
- buffer_append_long(proc->unixsocket, proc->id);
- }
-
-Index: src/mod_ssi_exprparser.y
-===================================================================
---- src/mod_ssi_exprparser.y (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/mod_ssi_exprparser.y (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -105,12 +105,13 @@
- }
-
- value(A) ::= VALUE(B). {
-- A = buffer_init_string(B->ptr);
-+ A = B;
- }
-
- value(A) ::= value(B) VALUE(C). {
- A = B;
- buffer_append_string_buffer(A, C);
-+ buffer_free(C);
- }
-
- cond(A) ::= EQ. { A = SSI_COND_EQ; }
-Index: src/mod_access.c
-===================================================================
---- src/mod_access.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/mod_access.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -159,6 +159,7 @@
-
- if (denied) {
- con->http_status = 403;
-+ con->mode = DIRECT;
-
- if (con->conf.log_request_handling) {
- log_error_write(srv, __FILE__, __LINE__, "sb",
-Index: src/mod_accesslog.c
-===================================================================
---- src/mod_accesslog.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/mod_accesslog.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -356,7 +356,7 @@
- if (s->use_syslog) {
- # ifdef HAVE_SYSLOG_H
- if (s->access_logbuffer->used > 2) {
-- syslog(LOG_INFO, "%*s", s->access_logbuffer->used - 2, s->access_logbuffer->ptr);
-+ syslog(LOG_INFO, "%*s", (int) s->access_logbuffer->used - 2, s->access_logbuffer->ptr);
- }
- # endif
- } else if (s->log_access_fd != -1) {
-@@ -433,7 +433,7 @@
- if (i == 0 && buffer_is_empty(s->format)) {
- /* set a default logfile string */
-
-- buffer_copy_string(s->format, "%h %V %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"");
-+ buffer_copy_string_len(s->format, CONST_STR_LEN("%h %V %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""));
- }
-
- /* parse */
-@@ -473,7 +473,7 @@
- continue;
- }
-
-- if (buffer_is_empty(s->access_logfile)) continue;
-+ if (s->access_logfile->used < 2) continue;
-
- if (s->access_logfile->ptr[0] == '|') {
- #ifdef HAVE_FORK
-@@ -498,6 +498,8 @@
- /* not needed */
- close(to_log_fds[1]);
-
-+ openDevNull(STDERR_FILENO);
-+
- /* we don't need the client socket */
- for (i = 3; i < 256; i++) {
- close(i);
-@@ -559,7 +561,7 @@
- #ifdef HAVE_SYSLOG_H
- if (s->access_logbuffer->used > 2) {
- /* syslog appends a \n on its own */
-- syslog(LOG_INFO, "%*s", s->access_logbuffer->used - 2, s->access_logbuffer->ptr);
-+ syslog(LOG_INFO, "%*s", (int) s->access_logbuffer->used - 2, s->access_logbuffer->ptr);
- }
- #endif
- } else if (s->log_access_fd != -1) {
-@@ -570,7 +572,7 @@
- }
-
- if (s->use_syslog == 0 &&
-- !buffer_is_empty(s->access_logfile) &&
-+ s->access_logfile->used > 1 &&
- s->access_logfile->ptr[0] != '|') {
-
- close(s->log_access_fd);
-@@ -647,9 +649,12 @@
-
- mod_accesslog_patch_connection(srv, con, p);
-
-+ /* No output device, nothing to do */
-+ if (!p->conf.use_syslog && p->conf.log_access_fd == -1) return HANDLER_GO_ON;
-+
- b = p->conf.access_logbuffer;
- if (b->used == 0) {
-- buffer_copy_string(b, "");
-+ buffer_copy_string_len(b, CONST_STR_LEN(""));
- }
-
- for (j = 0; j < p->conf.parsed_format->used; j++) {
-@@ -674,23 +679,23 @@
- localtime_r(&(srv->cur_ts), &tm);
- strftime(p->conf.ts_accesslog_str->ptr, p->conf.ts_accesslog_str->size - 1, "[%d/%b/%Y:%H:%M:%S ", &tm);
- # else
-- strftime(p->conf.ts_accesslog_str->ptr, p->conf.ts_accesslog_str->size - 1, "[%d/%b/%Y:%H:%M:%S ", localtime_r(&(srv->cur_ts)));
-+ strftime(p->conf.ts_accesslog_str->ptr, p->conf.ts_accesslog_str->size - 1, "[%d/%b/%Y:%H:%M:%S ", localtime(&(srv->cur_ts)));
- # endif
- p->conf.ts_accesslog_str->used = strlen(p->conf.ts_accesslog_str->ptr) + 1;
-
-- buffer_append_string(p->conf.ts_accesslog_str, tm.tm_gmtoff >= 0 ? "+" : "-");
-+ buffer_append_string_len(p->conf.ts_accesslog_str, tm.tm_gmtoff >= 0 ? "+" : "-", 1);
-
- scd = abs(tm.tm_gmtoff);
- hrs = scd / 3600;
- min = (scd % 3600) / 60;
-
- /* hours */
-- if (hrs < 10) buffer_append_string(p->conf.ts_accesslog_str, "0");
-+ if (hrs < 10) buffer_append_string_len(p->conf.ts_accesslog_str, CONST_STR_LEN("0"));
- buffer_append_long(p->conf.ts_accesslog_str, hrs);
-
-- if (min < 10) buffer_append_string(p->conf.ts_accesslog_str, "0");
-+ if (min < 10) buffer_append_string_len(p->conf.ts_accesslog_str, CONST_STR_LEN("0"));
- buffer_append_long(p->conf.ts_accesslog_str, min);
-- BUFFER_APPEND_STRING_CONST(p->conf.ts_accesslog_str, "]");
-+ buffer_append_string_len(p->conf.ts_accesslog_str, CONST_STR_LEN("]"));
- #else
- #ifdef HAVE_GMTIME_R
- gmtime_r(&(srv->cur_ts), &tm);
-@@ -717,13 +722,13 @@
- break;
- case FORMAT_REMOTE_IDENT:
- /* ident */
-- BUFFER_APPEND_STRING_CONST(b, "-");
-+ buffer_append_string_len(b, CONST_STR_LEN("-"));
- break;
- case FORMAT_REMOTE_USER:
- if (con->authed_user->used > 1) {
- buffer_append_string_buffer(b, con->authed_user);
- } else {
-- BUFFER_APPEND_STRING_CONST(b, "-");
-+ buffer_append_string_len(b, CONST_STR_LEN("-"));
- }
- break;
- case FORMAT_REQUEST_LINE:
-@@ -740,42 +745,42 @@
- buffer_append_off_t(b,
- con->bytes_written - con->bytes_header <= 0 ? 0 : con->bytes_written - con->bytes_header);
- } else {
-- BUFFER_APPEND_STRING_CONST(b, "-");
-+ buffer_append_string_len(b, CONST_STR_LEN("-"));
- }
- break;
- case FORMAT_HEADER:
- if (NULL != (ds = (data_string *)array_get_element(con->request.headers, p->conf.parsed_format->ptr[j]->string->ptr))) {
- buffer_append_string_buffer(b, ds->value);
- } else {
-- BUFFER_APPEND_STRING_CONST(b, "-");
-+ buffer_append_string_len(b, CONST_STR_LEN("-"));
- }
- break;
- case FORMAT_RESPONSE_HEADER:
- if (NULL != (ds = (data_string *)array_get_element(con->response.headers, p->conf.parsed_format->ptr[j]->string->ptr))) {
- buffer_append_string_buffer(b, ds->value);
- } else {
-- BUFFER_APPEND_STRING_CONST(b, "-");
-+ buffer_append_string_len(b, CONST_STR_LEN("-"));
- }
- break;
- case FORMAT_FILENAME:
- if (con->physical.path->used > 1) {
- buffer_append_string_buffer(b, con->physical.path);
- } else {
-- BUFFER_APPEND_STRING_CONST(b, "-");
-+ buffer_append_string_len(b, CONST_STR_LEN("-"));
- }
- break;
- case FORMAT_BYTES_OUT:
- if (con->bytes_written > 0) {
- buffer_append_off_t(b, con->bytes_written);
- } else {
-- BUFFER_APPEND_STRING_CONST(b, "-");
-+ buffer_append_string_len(b, CONST_STR_LEN("-"));
- }
- break;
- case FORMAT_BYTES_IN:
- if (con->bytes_read > 0) {
- buffer_append_off_t(b, con->bytes_read);
- } else {
-- BUFFER_APPEND_STRING_CONST(b, "-");
-+ buffer_append_string_len(b, CONST_STR_LEN("-"));
- }
- break;
- case FORMAT_TIME_USED:
-@@ -785,28 +790,35 @@
- if (con->server_name->used > 1) {
- buffer_append_string_buffer(b, con->server_name);
- } else {
-- BUFFER_APPEND_STRING_CONST(b, "-");
-+ buffer_append_string_len(b, CONST_STR_LEN("-"));
- }
- break;
- case FORMAT_HTTP_HOST:
- if (con->uri.authority->used > 1) {
- buffer_append_string_buffer(b, con->uri.authority);
- } else {
-- BUFFER_APPEND_STRING_CONST(b, "-");
-+ buffer_append_string_len(b, CONST_STR_LEN("-"));
- }
- break;
- case FORMAT_REQUEST_PROTOCOL:
-- buffer_append_string(b,
-- con->request.http_version == HTTP_VERSION_1_1 ? "HTTP/1.1" : "HTTP/1.0");
-+ buffer_append_string_len(b,
-+ con->request.http_version == HTTP_VERSION_1_1 ? "HTTP/1.1" : "HTTP/1.0", 8);
- break;
- case FORMAT_REQUEST_METHOD:
- buffer_append_string(b, get_http_method_name(con->request.http_method));
- break;
- case FORMAT_PERCENT:
-- buffer_append_string(b, "%");
-+ buffer_append_string_len(b, CONST_STR_LEN("%"));
- break;
- case FORMAT_SERVER_PORT:
-- buffer_append_long(b, srv->srvconf.port);
-+ {
-+ char *colon = strchr(((server_socket*)(con->srv_socket))->srv_token->ptr, ':');
-+ if (colon) {
-+ buffer_append_string(b, colon+1);
-+ } else {
-+ buffer_append_long(b, srv->srvconf.port);
-+ }
-+ }
- break;
- case FORMAT_QUERY_STRING:
- buffer_append_string_buffer(b, con->uri.query);
-@@ -816,8 +828,8 @@
- break;
- case FORMAT_CONNECTION_STATUS:
- switch(con->keep_alive) {
-- case 0: buffer_append_string(b, "-"); break;
-- default: buffer_append_string(b, "+"); break;
-+ case 0: buffer_append_string_len(b, CONST_STR_LEN("-")); break;
-+ default: buffer_append_string_len(b, CONST_STR_LEN("+")); break;
- }
- break;
- default:
-@@ -837,7 +849,7 @@
- }
- }
-
-- BUFFER_APPEND_STRING_CONST(b, "\n");
-+ buffer_append_string_len(b, CONST_STR_LEN("\n"));
-
- if (p->conf.use_syslog || /* syslog doesn't cache */
- (p->conf.access_logfile->used && p->conf.access_logfile->ptr[0] == '|') || /* pipes don't cache */
-@@ -847,7 +859,7 @@
- #ifdef HAVE_SYSLOG_H
- if (b->used > 2) {
- /* syslog appends a \n on its own */
-- syslog(LOG_INFO, "%*s", b->used - 2, b->ptr);
-+ syslog(LOG_INFO, "%*s", (int) b->used - 2, b->ptr);
- }
- #endif
- } else if (p->conf.log_access_fd != -1) {
-Index: src/server.c
-===================================================================
---- src/server.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/server.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -80,7 +80,7 @@
- switch (sig) {
- case SIGTERM:
- srv_shutdown = 1;
-- memcpy(&last_sigterm_info, si, sizeof(*si));
-+ last_sigterm_info = *si;
- break;
- case SIGINT:
- if (graceful_shutdown) {
-@@ -88,7 +88,7 @@
- } else {
- graceful_shutdown = 1;
- }
-- memcpy(&last_sigterm_info, si, sizeof(*si));
-+ last_sigterm_info = *si;
-
- break;
- case SIGALRM:
-@@ -104,7 +104,7 @@
- */
- if (!forwarded_sig_hup) {
- handle_sig_hup = 1;
-- memcpy(&last_sighup_info, si, sizeof(*si));
-+ last_sighup_info = *si;
- } else {
- forwarded_sig_hup = 0;
- }
-@@ -573,20 +573,9 @@
- }
-
- /* close stdin and stdout, as they are not needed */
-- /* move stdin to /dev/null */
-- if (-1 != (fd = open("/dev/null", O_RDONLY))) {
-- close(STDIN_FILENO);
-- dup2(fd, STDIN_FILENO);
-- close(fd);
-- }
-+ openDevNull(STDIN_FILENO);
-+ openDevNull(STDOUT_FILENO);
-
-- /* move stdout to /dev/null */
-- if (-1 != (fd = open("/dev/null", O_WRONLY))) {
-- close(STDOUT_FILENO);
-- dup2(fd, STDOUT_FILENO);
-- close(fd);
-- }
--
- if (0 != config_set_defaults(srv)) {
- log_error_write(srv, __FILE__, __LINE__, "s",
- "setting default values failed");
-@@ -887,14 +876,14 @@
- /* write pid file */
- if (pid_fd != -1) {
- buffer_copy_long(srv->tmp_buf, getpid());
-- buffer_append_string(srv->tmp_buf, "\n");
-+ buffer_append_string_len(srv->tmp_buf, CONST_STR_LEN("\n"));
- write(pid_fd, srv->tmp_buf->ptr, srv->tmp_buf->used - 1);
- close(pid_fd);
- pid_fd = -1;
- }
-
-- // Close stderr ASAP in the child process to make sure that nothing
-- // is being written to that fd which may not be valid anymore.
-+ /* Close stderr ASAP in the child process to make sure that nothing
-+ * is being written to that fd which may not be valid anymore. */
- if (-1 == log_error_open(srv)) {
- log_error_write(srv, __FILE__, __LINE__, "s", "Opening errorlog failed. Going down.");
-
-Index: src/mod_dirlisting.c
-===================================================================
---- src/mod_dirlisting.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/mod_dirlisting.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -454,21 +454,21 @@
- static void http_list_directory_header(server *srv, connection *con, plugin_data *p, buffer *out) {
- UNUSED(srv);
-
-- BUFFER_APPEND_STRING_CONST(out,
-+ buffer_append_string_len(out, CONST_STR_LEN(
- "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.1//EN\" \"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd\">\n"
- "<html xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"en\">\n"
- "<head>\n"
- "<title>Index of "
-- );
-+ ));
- buffer_append_string_encoded(out, CONST_BUF_LEN(con->uri.path), ENCODING_MINIMAL_XML);
-- BUFFER_APPEND_STRING_CONST(out, "</title>\n");
-+ buffer_append_string_len(out, CONST_STR_LEN("</title>\n"));
-
- if (p->conf.external_css->used > 1) {
-- BUFFER_APPEND_STRING_CONST(out, "<link rel=\"stylesheet\" type=\"text/css\" href=\"");
-+ buffer_append_string_len(out, CONST_STR_LEN("<link rel=\"stylesheet\" type=\"text/css\" href=\""));
- buffer_append_string_buffer(out, p->conf.external_css);
-- BUFFER_APPEND_STRING_CONST(out, "\" />\n");
-+ buffer_append_string_len(out, CONST_STR_LEN("\" />\n"));
- } else {
-- BUFFER_APPEND_STRING_CONST(out,
-+ buffer_append_string_len(out, CONST_STR_LEN(
- "<style type=\"text/css\">\n"
- "a, a:active {text-decoration: none; color: blue;}\n"
- "a:visited {color: #48468F;}\n"
-@@ -485,8 +485,6 @@
- " padding-right: 14px;"
- " padding-bottom: 3px;"
- "}\n"
-- );
-- BUFFER_APPEND_STRING_CONST(out,
- "td {padding-right: 14px;}\n"
- "td.s, th.s {text-align: right;}\n"
- "div.list {"
-@@ -502,10 +500,10 @@
- " padding-top: 4px;"
- "}\n"
- "</style>\n"
-- );
-+ ));
- }
-
-- BUFFER_APPEND_STRING_CONST(out, "</head>\n<body>\n");
-+ buffer_append_string_len(out, CONST_STR_LEN("</head>\n<body>\n"));
-
- /* HEADER.txt */
- if (p->conf.show_header) {
-@@ -514,19 +512,19 @@
-
- buffer_copy_string_buffer(p->tmp_buf, con->physical.path);
- BUFFER_APPEND_SLASH(p->tmp_buf);
-- BUFFER_APPEND_STRING_CONST(p->tmp_buf, "HEADER.txt");
-+ buffer_append_string_len(p->tmp_buf, CONST_STR_LEN("HEADER.txt"));
-
- if (-1 != stream_open(&s, p->tmp_buf)) {
-- BUFFER_APPEND_STRING_CONST(out, "<pre class=\"header\">");
-+ buffer_append_string_len(out, CONST_STR_LEN("<pre class=\"header\">"));
- buffer_append_string_encoded(out, s.start, s.size, ENCODING_MINIMAL_XML);
-- BUFFER_APPEND_STRING_CONST(out, "</pre>");
-+ buffer_append_string_len(out, CONST_STR_LEN("</pre>"));
- }
- stream_close(&s);
- }
-
-- BUFFER_APPEND_STRING_CONST(out, "<h2>Index of ");
-+ buffer_append_string_len(out, CONST_STR_LEN("<h2>Index of "));
- buffer_append_string_encoded(out, CONST_BUF_LEN(con->uri.path), ENCODING_MINIMAL_XML);
-- BUFFER_APPEND_STRING_CONST(out,
-+ buffer_append_string_len(out, CONST_STR_LEN(
- "</h2>\n"
- "<div class=\"list\">\n"
- "<table summary=\"Directory Listing\" cellpadding=\"0\" cellspacing=\"0\">\n"
-@@ -545,17 +543,17 @@
- "<td class=\"s\">- </td>"
- "<td class=\"t\">Directory</td>"
- "</tr>\n"
-- );
-+ ));
- }
-
- static void http_list_directory_footer(server *srv, connection *con, plugin_data *p, buffer *out) {
- UNUSED(srv);
-
-- BUFFER_APPEND_STRING_CONST(out,
-+ buffer_append_string_len(out, CONST_STR_LEN(
- "</tbody>\n"
- "</table>\n"
- "</div>\n"
-- );
-+ ));
-
- if (p->conf.show_readme) {
- stream s;
-@@ -563,33 +561,33 @@
-
- buffer_copy_string_buffer(p->tmp_buf, con->physical.path);
- BUFFER_APPEND_SLASH(p->tmp_buf);
-- BUFFER_APPEND_STRING_CONST(p->tmp_buf, "README.txt");
-+ buffer_append_string_len(p->tmp_buf, CONST_STR_LEN("README.txt"));
-
- if (-1 != stream_open(&s, p->tmp_buf)) {
-- BUFFER_APPEND_STRING_CONST(out, "<pre class=\"readme\">");
-+ buffer_append_string_len(out, CONST_STR_LEN("<pre class=\"readme\">"));
- buffer_append_string_encoded(out, s.start, s.size, ENCODING_MINIMAL_XML);
-- BUFFER_APPEND_STRING_CONST(out, "</pre>");
-+ buffer_append_string_len(out, CONST_STR_LEN("</pre>"));
- }
- stream_close(&s);
- }
-
-- BUFFER_APPEND_STRING_CONST(out,
-+ buffer_append_string_len(out, CONST_STR_LEN(
- "<div class=\"foot\">"
-- );
-+ ));
-
- if (p->conf.set_footer->used > 1) {
- buffer_append_string_buffer(out, p->conf.set_footer);
- } else if (buffer_is_empty(con->conf.server_tag)) {
-- BUFFER_APPEND_STRING_CONST(out, PACKAGE_NAME "/" PACKAGE_VERSION);
-+ buffer_append_string_len(out, CONST_STR_LEN(PACKAGE_NAME "/" PACKAGE_VERSION));
- } else {
- buffer_append_string_buffer(out, con->conf.server_tag);
- }
-
-- BUFFER_APPEND_STRING_CONST(out,
-+ buffer_append_string_len(out, CONST_STR_LEN(
- "</div>\n"
- "</body>\n"
- "</html>\n"
-- );
-+ ));
- }
-
- static int http_list_directory(server *srv, connection *con, plugin_data *p, buffer *dir) {
-@@ -742,13 +740,13 @@
- if (files.used) http_dirls_sort(files.ent, files.used);
-
- out = chunkqueue_get_append_buffer(con->write_queue);
-- BUFFER_COPY_STRING_CONST(out, "<?xml version=\"1.0\" encoding=\"");
-+ buffer_copy_string_len(out, CONST_STR_LEN("<?xml version=\"1.0\" encoding=\""));
- if (buffer_is_empty(p->conf.encoding)) {
-- BUFFER_APPEND_STRING_CONST(out, "iso-8859-1");
-+ buffer_append_string_len(out, CONST_STR_LEN("iso-8859-1"));
- } else {
- buffer_append_string_buffer(out, p->conf.encoding);
- }
-- BUFFER_APPEND_STRING_CONST(out, "\"?>\n");
-+ buffer_append_string_len(out, CONST_STR_LEN("\"?>\n"));
- http_list_directory_header(srv, con, p, out);
-
- /* directories */
-@@ -762,13 +760,13 @@
- strftime(datebuf, sizeof(datebuf), "%Y-%b-%d %H:%M:%S", localtime(&(tmp->mtime)));
- #endif
-
-- BUFFER_APPEND_STRING_CONST(out, "<tr><td class=\"n\"><a href=\"");
-+ buffer_append_string_len(out, CONST_STR_LEN("<tr><td class=\"n\"><a href=\""));
- buffer_append_string_encoded(out, DIRLIST_ENT_NAME(tmp), tmp->namelen, ENCODING_REL_URI_PART);
-- BUFFER_APPEND_STRING_CONST(out, "/\">");
-+ buffer_append_string_len(out, CONST_STR_LEN("/\">"));
- buffer_append_string_encoded(out, DIRLIST_ENT_NAME(tmp), tmp->namelen, ENCODING_MINIMAL_XML);
-- BUFFER_APPEND_STRING_CONST(out, "</a>/</td><td class=\"m\">");
-+ buffer_append_string_len(out, CONST_STR_LEN("</a>/</td><td class=\"m\">"));
- buffer_append_string_len(out, datebuf, sizeof(datebuf) - 1);
-- BUFFER_APPEND_STRING_CONST(out, "</td><td class=\"s\">- </td><td class=\"t\">Directory</td></tr>\n");
-+ buffer_append_string_len(out, CONST_STR_LEN("</td><td class=\"s\">- </td><td class=\"t\">Directory</td></tr>\n"));
-
- free(tmp);
- }
-@@ -818,17 +816,17 @@
- #endif
- http_list_directory_sizefmt(sizebuf, tmp->size);
-
-- BUFFER_APPEND_STRING_CONST(out, "<tr><td class=\"n\"><a href=\"");
-+ buffer_append_string_len(out, CONST_STR_LEN("<tr><td class=\"n\"><a href=\""));
- buffer_append_string_encoded(out, DIRLIST_ENT_NAME(tmp), tmp->namelen, ENCODING_REL_URI_PART);
-- BUFFER_APPEND_STRING_CONST(out, "\">");
-+ buffer_append_string_len(out, CONST_STR_LEN("\">"));
- buffer_append_string_encoded(out, DIRLIST_ENT_NAME(tmp), tmp->namelen, ENCODING_MINIMAL_XML);
-- BUFFER_APPEND_STRING_CONST(out, "</a></td><td class=\"m\">");
-+ buffer_append_string_len(out, CONST_STR_LEN("</a></td><td class=\"m\">"));
- buffer_append_string_len(out, datebuf, sizeof(datebuf) - 1);
-- BUFFER_APPEND_STRING_CONST(out, "</td><td class=\"s\">");
-+ buffer_append_string_len(out, CONST_STR_LEN("</td><td class=\"s\">"));
- buffer_append_string(out, sizebuf);
-- BUFFER_APPEND_STRING_CONST(out, "</td><td class=\"t\">");
-+ buffer_append_string_len(out, CONST_STR_LEN("</td><td class=\"t\">"));
- buffer_append_string(out, content_type);
-- BUFFER_APPEND_STRING_CONST(out, "</td></tr>\n");
-+ buffer_append_string_len(out, CONST_STR_LEN("</td></tr>\n"));
-
- free(tmp);
- }
-@@ -841,11 +839,11 @@
-
- /* Insert possible charset to Content-Type */
- if (buffer_is_empty(p->conf.encoding)) {
-- response_header_insert(srv, con, CONST_STR_LEN("Content-Type"), CONST_STR_LEN("text/html"));
-+ response_header_overwrite(srv, con, CONST_STR_LEN("Content-Type"), CONST_STR_LEN("text/html"));
- } else {
-- buffer_copy_string(p->content_charset, "text/html; charset=");
-+ buffer_copy_string_len(p->content_charset, CONST_STR_LEN("text/html; charset="));
- buffer_append_string_buffer(p->content_charset, p->conf.encoding);
-- response_header_insert(srv, con, CONST_STR_LEN("Content-Type"), CONST_BUF_LEN(p->content_charset));
-+ response_header_overwrite(srv, con, CONST_STR_LEN("Content-Type"), CONST_BUF_LEN(p->content_charset));
- }
-
- con->file_finished = 1;
-@@ -861,6 +859,18 @@
-
- UNUSED(srv);
-
-+ /* we only handle GET, POST and HEAD */
-+ switch(con->request.http_method) {
-+ case HTTP_METHOD_GET:
-+ case HTTP_METHOD_POST:
-+ case HTTP_METHOD_HEAD:
-+ break;
-+ default:
-+ return HANDLER_GO_ON;
-+ }
-+
-+ if (con->mode != DIRECT) return HANDLER_GO_ON;
-+
- if (con->physical.path->used == 0) return HANDLER_GO_ON;
- if (con->uri.path->used == 0) return HANDLER_GO_ON;
- if (con->uri.path->ptr[con->uri.path->used - 2] != '/') return HANDLER_GO_ON;
-Index: src/http_chunk.c
-===================================================================
---- src/http_chunk.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/http_chunk.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -27,7 +27,7 @@
- b = srv->tmp_chunk_len;
-
- if (len == 0) {
-- buffer_copy_string(b, "0");
-+ buffer_copy_string_len(b, CONST_STR_LEN("0"));
- } else {
- for (i = 0; i < 8 && len; i++) {
- len >>= 4;
-@@ -44,7 +44,7 @@
- b->ptr[b->used++] = '\0';
- }
-
-- buffer_append_string(b, "\r\n");
-+ buffer_append_string_len(b, CONST_STR_LEN("\r\n"));
- chunkqueue_append_buffer(con->write_queue, b);
-
- return 0;
-Index: src/mod_magnet.c
-===================================================================
---- src/mod_magnet.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/mod_magnet.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -414,10 +414,16 @@
- case MAGNET_ENV_URI_AUTHORITY: dest = con->uri.authority; break;
- case MAGNET_ENV_URI_QUERY: dest = con->uri.query; break;
-
-- case MAGNET_ENV_REQUEST_METHOD: break;
-+ case MAGNET_ENV_REQUEST_METHOD:
-+ buffer_copy_string(srv->tmp_buf, get_http_method_name(con->request.http_method));
-+ dest = srv->tmp_buf;
-+ break;
- case MAGNET_ENV_REQUEST_URI: dest = con->request.uri; break;
- case MAGNET_ENV_REQUEST_ORIG_URI: dest = con->request.orig_uri; break;
-- case MAGNET_ENV_REQUEST_PROTOCOL: break;
-+ case MAGNET_ENV_REQUEST_PROTOCOL:
-+ buffer_copy_string(srv->tmp_buf, get_http_version_name(con->request.http_version));
-+ dest = srv->tmp_buf;
-+ break;
-
- case MAGNET_ENV_UNSET: break;
- }
-@@ -647,6 +653,7 @@
- assert(lua_gettop(L) == 0); /* only the function should be on the stack */
-
- con->http_status = 500;
-+ con->mode = DIRECT;
-
- return HANDLER_FINISHED;
- }
-@@ -744,6 +751,7 @@
- assert(lua_gettop(L) == 1); /* only the function should be on the stack */
-
- con->http_status = 500;
-+ con->mode = DIRECT;
-
- return HANDLER_FINISHED;
- }
-@@ -766,9 +774,13 @@
- /* try { ...*/
- if (0 == setjmp(exceptionjmp)) {
- magnet_attach_content(srv, con, p, L);
-+ if (!chunkqueue_is_empty(con->write_queue)) {
-+ con->mode = p->id;
-+ }
- } else {
- /* } catch () { */
- con->http_status = 500;
-+ con->mode = DIRECT;
- }
-
- assert(lua_gettop(L) == 1); /* only the function should be on the stack */
-Index: src/log.c
-===================================================================
---- src/log.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/log.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -31,6 +31,29 @@
- # define O_LARGEFILE 0
- #endif
-
-+/* Close fd and _try_ to get a /dev/null for it instead.
-+ * close() alone may trigger some bugs when a
-+ * process opens another file and gets fd = STDOUT_FILENO or STDERR_FILENO
-+ * and later tries to just print on stdout/stderr
-+ *
-+ * Returns 0 on success and -1 on failure (fd gets closed in all cases)
-+ */
-+int openDevNull(int fd) {
-+ int tmpfd;
-+ close(fd);
-+#if defined(__WIN32)
-+ /* Cygwin should work with /dev/null */
-+ tmpfd = open("nul", O_RDWR);
-+#else
-+ tmpfd = open("/dev/null", O_RDWR);
-+#endif
-+ if (tmpfd != -1 && tmpfd != fd) {
-+ dup2(tmpfd, fd);
-+ close(tmpfd);
-+ }
-+ return (tmpfd != -1) ? 0 : -1;
-+}
-+
- /**
- * open the errorlog
- *
-@@ -44,7 +67,6 @@
- */
-
- int log_error_open(server *srv) {
-- int fd;
- int close_stderr = 1;
-
- #ifdef HAVE_SYSLOG_H
-@@ -78,15 +100,16 @@
- /* don't close stderr for debugging purposes if run in valgrind */
- if (RUNNING_ON_VALGRIND) close_stderr = 0;
- #endif
-- if (srv->errorlog_mode == ERRORLOG_STDERR) close_stderr = 0;
-
-+ if (srv->errorlog_mode == ERRORLOG_STDERR && srv->srvconf.dont_daemonize) {
-+ /* We can only log to stderr in dont-daemonize mode;
-+ * if we do daemonize and no errorlog file is specified, we log into /dev/null
-+ */
-+ close_stderr = 0;
-+ }
-+
- /* move stderr to /dev/null */
-- if (close_stderr &&
-- -1 != (fd = open("/dev/null", O_WRONLY))) {
-- close(STDERR_FILENO);
-- dup2(fd, STDERR_FILENO);
-- close(fd);
-- }
-+ if (close_stderr) openDevNull(STDERR_FILENO);
- return 0;
- }
-
-@@ -162,18 +185,18 @@
- }
-
- buffer_copy_string_buffer(srv->errorlog_buf, srv->ts_debug_str);
-- BUFFER_APPEND_STRING_CONST(srv->errorlog_buf, ": (");
-+ buffer_append_string_len(srv->errorlog_buf, CONST_STR_LEN(": ("));
- break;
- case ERRORLOG_SYSLOG:
- /* syslog is generating its own timestamps */
-- BUFFER_COPY_STRING_CONST(srv->errorlog_buf, "(");
-+ buffer_copy_string_len(srv->errorlog_buf, CONST_STR_LEN("("));
- break;
- }
-
- buffer_append_string(srv->errorlog_buf, filename);
-- BUFFER_APPEND_STRING_CONST(srv->errorlog_buf, ".");
-+ buffer_append_string_len(srv->errorlog_buf, CONST_STR_LEN("."));
- buffer_append_long(srv->errorlog_buf, line);
-- BUFFER_APPEND_STRING_CONST(srv->errorlog_buf, ") ");
-+ buffer_append_string_len(srv->errorlog_buf, CONST_STR_LEN(") "));
-
-
- for(va_start(ap, fmt); *fmt; fmt++) {
-@@ -186,28 +209,28 @@
- case 's': /* string */
- s = va_arg(ap, char *);
- buffer_append_string(srv->errorlog_buf, s);
-- BUFFER_APPEND_STRING_CONST(srv->errorlog_buf, " ");
-+ buffer_append_string_len(srv->errorlog_buf, CONST_STR_LEN(" "));
- break;
- case 'b': /* buffer */
- b = va_arg(ap, buffer *);
- buffer_append_string_buffer(srv->errorlog_buf, b);
-- BUFFER_APPEND_STRING_CONST(srv->errorlog_buf, " ");
-+ buffer_append_string_len(srv->errorlog_buf, CONST_STR_LEN(" "));
- break;
- case 'd': /* int */
- d = va_arg(ap, int);
- buffer_append_long(srv->errorlog_buf, d);
-- BUFFER_APPEND_STRING_CONST(srv->errorlog_buf, " ");
-+ buffer_append_string_len(srv->errorlog_buf, CONST_STR_LEN(" "));
- break;
- case 'o': /* off_t */
- o = va_arg(ap, off_t);
- buffer_append_off_t(srv->errorlog_buf, o);
-- BUFFER_APPEND_STRING_CONST(srv->errorlog_buf, " ");
-+ buffer_append_string_len(srv->errorlog_buf, CONST_STR_LEN(" "));
- break;
- case 'x': /* int (hex) */
- d = va_arg(ap, int);
-- BUFFER_APPEND_STRING_CONST(srv->errorlog_buf, "0x");
-+ buffer_append_string_len(srv->errorlog_buf, CONST_STR_LEN("0x"));
- buffer_append_long_hex(srv->errorlog_buf, d);
-- BUFFER_APPEND_STRING_CONST(srv->errorlog_buf, " ");
-+ buffer_append_string_len(srv->errorlog_buf, CONST_STR_LEN(" "));
- break;
- case 'S': /* string */
- s = va_arg(ap, char *);
-@@ -221,6 +244,15 @@
- d = va_arg(ap, int);
- buffer_append_long(srv->errorlog_buf, d);
- break;
-+ case 'O': /* off_t */
-+ o = va_arg(ap, off_t);
-+ buffer_append_off_t(srv->errorlog_buf, o);
-+ break;
-+ case 'X': /* int (hex) */
-+ d = va_arg(ap, int);
-+ buffer_append_string_len(srv->errorlog_buf, CONST_STR_LEN("0x"));
-+ buffer_append_long_hex(srv->errorlog_buf, d);
-+ break;
- case '(':
- case ')':
- case '<':
-@@ -235,11 +267,11 @@
-
- switch(srv->errorlog_mode) {
- case ERRORLOG_FILE:
-- BUFFER_APPEND_STRING_CONST(srv->errorlog_buf, "\n");
-+ buffer_append_string_len(srv->errorlog_buf, CONST_STR_LEN("\n"));
- write(srv->errorlog_fd, srv->errorlog_buf->ptr, srv->errorlog_buf->used - 1);
- break;
- case ERRORLOG_STDERR:
-- BUFFER_APPEND_STRING_CONST(srv->errorlog_buf, "\n");
-+ buffer_append_string_len(srv->errorlog_buf, CONST_STR_LEN("\n"));
- write(STDERR_FILENO, srv->errorlog_buf->ptr, srv->errorlog_buf->used - 1);
- break;
- case ERRORLOG_SYSLOG:
-Index: src/proc_open.c
-===================================================================
---- src/proc_open.c (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/proc_open.c (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -184,7 +184,7 @@
- buffer_append_string(cmdline, shell);
- } else {
- buffer_append_string(cmdline, windir);
-- buffer_append_string(cmdline, "\\system32\\cmd.exe");
-+ buffer_append_string_len(cmdline, CONST_STR_LEN("\\system32\\cmd.exe"));
- }
- buffer_append_string_len(cmdline, CONST_STR_LEN(" /c "));
- buffer_append_string(cmdline, command);
-Index: src/log.h
-===================================================================
---- src/log.h (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ src/log.h (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -3,6 +3,11 @@
-
- #include "server.h"
-
-+/* Close fd and _try_ to get a /dev/null for it instead.
-+ * Returns 0 on success and -1 on failure (fd gets closed in all cases)
-+ */
-+int openDevNull(int fd);
-+
- #define WP() log_error_write(srv, __FILE__, __LINE__, "");
-
- int log_error_open(server *srv);
-Index: tests/env-variables.conf
-===================================================================
---- tests/env-variables.conf (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ tests/env-variables.conf (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -1 +0,0 @@
--server.document-root = env.CWD
-Index: tests/env-variables.t
-===================================================================
---- tests/env-variables.t (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ tests/env-variables.t (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -1,21 +0,0 @@
--#!/usr/bin/perl
--BEGIN {
-- # add current source dir to the include-path
-- # we need this for make distcheck
-- (my $srcdir = $0) =~ s,/[^/]+$,/,;
-- unshift @INC, $srcdir;
--}
--
--use strict;
--use IO::Socket;
--use Test::More tests => 2;
--use LightyTest;
--
--my $tf = LightyTest->new();
--$tf->{CONFIGFILE} = 'env-variables.conf';
--
--TODO: {
-- local $TODO = 'we still crash on undefined environment variables';
-- ok($tf->start_proc == 0, "Starting lighttpd");
-- ok($tf->stop_proc == 0, "Stopping lighttpd");
--};
-Index: tests/bug-12.conf
-===================================================================
---- tests/bug-12.conf (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ tests/bug-12.conf (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -1,5 +1,4 @@
- server.document-root = env.SRCDIR + "/tmp/lighttpd/servers/www.example.org/pages/"
--server.pid-file = env.SRCDIR + "/tmp/lighttpd/lighttpd.pid"
-
- ## bind to port (default: 80)
- server.port = 2048
-Index: tests/fastcgi-10.conf
-===================================================================
---- tests/fastcgi-10.conf (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ tests/fastcgi-10.conf (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -1,5 +1,4 @@
- server.document-root = env.SRCDIR + "/tmp/lighttpd/servers/www.example.org/pages/"
--server.pid-file = env.SRCDIR + "/tmp/lighttpd/lighttpd.pid"
-
- ## bind to port (default: 80)
- server.port = 2048
-Index: tests/bug-06.conf
-===================================================================
---- tests/bug-06.conf (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ tests/bug-06.conf (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -1,5 +1,4 @@
- server.document-root = env.SRCDIR + "/tmp/lighttpd/servers/www.example.org/pages/"
--server.pid-file = env.SRCDIR + "/tmp/lighttpd/lighttpd.pid"
-
- ## bind to port (default: 80)
- server.port = 2048
-Index: tests/mod-extforward.conf
-===================================================================
-
-Property changes on: tests/symlink.t
-___________________________________________________________________
-Added: svn:executable
- + *
-
-Index: tests/request.t
-===================================================================
---- tests/request.t (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ tests/request.t (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -101,7 +101,7 @@
- Expect: 100-continue
- EOF
- );
--$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.1', 'HTTP-Status' => 417, '-HTTP-Content' => ''} ];
-+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.1', 'HTTP-Status' => 417 } ];
- ok($tf->handle_http($t) == 0, 'Continue, Expect');
-
- ## ranges
-Index: tests/var-include.conf
-===================================================================
---- tests/var-include.conf (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ tests/var-include.conf (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -3,7 +3,6 @@
- debug.log-condition-handling = "enable"
-
- server.document-root = env.SRCDIR + "/tmp/lighttpd/servers/www.example.org/pages/"
--server.pid-file = env.SRCDIR + "/tmp/lighttpd/lighttpd.pid"
-
- ## bind to port (default: 80)
- server.port = 2048
-Index: tests/mod-proxy.t
-===================================================================
---- tests/mod-proxy.t (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ tests/mod-proxy.t (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -22,11 +22,9 @@
-
- $tf_real->{PORT} = 2048;
- $tf_real->{CONFIGFILE} = 'lighttpd.conf';
--$tf_real->{LIGHTTPD_PIDFILE} = $tf_real->{TESTDIR}.'/tmp/lighttpd/lighttpd.pid';
-
- $tf_proxy->{PORT} = 2050;
- $tf_proxy->{CONFIGFILE} = 'proxy.conf';
--$tf_proxy->{LIGHTTPD_PIDFILE} = $tf_proxy->{TESTDIR}.'/tmp/lighttpd/lighttpd-proxy.pid';
-
- ok($tf_real->start_proc == 0, "Starting lighttpd") or die();
-
-Index: tests/404-handler.conf
-===================================================================
---- tests/404-handler.conf (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ tests/404-handler.conf (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -3,7 +3,6 @@
- debug.log-request-header = "enable"
-
- server.document-root = env.SRCDIR + "/tmp/lighttpd/servers/www.example.org/pages/"
--server.pid-file = env.SRCDIR + "/tmp/lighttpd/lighttpd.pid"
-
- ## bind to port (default: 80)
- server.port = 2048
-Index: tests/lowercase.conf
-===================================================================
---- tests/lowercase.conf (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ tests/lowercase.conf (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -1,5 +1,4 @@
- server.document-root = env.SRCDIR + "/tmp/lighttpd/servers/www.example.org/pages/"
--server.pid-file = env.SRCDIR + "/tmp/lighttpd/lighttpd.pid"
-
- ## bind to port (default: 80)
- server.port = 2048
-Index: tests/condition.conf
-===================================================================
---- tests/condition.conf (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ tests/condition.conf (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -3,7 +3,6 @@
- debug.log-condition-handling = "enable"
-
- server.document-root = env.SRCDIR + "/tmp/lighttpd/servers/www.example.org/pages/"
--server.pid-file = env.SRCDIR + "/tmp/lighttpd/lighttpd.pid"
-
- ## bind to port (default: 80)
- server.port = 2048
-Index: tests/fastcgi-13.conf
-===================================================================
---- tests/fastcgi-13.conf (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ tests/fastcgi-13.conf (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -1,5 +1,4 @@
- server.document-root = env.SRCDIR + "/tmp/lighttpd/servers/www.example.org/pages/"
--server.pid-file = env.SRCDIR + "/tmp/lighttpd/lighttpd.pid"
-
- debug.log-request-header = "enable"
- debug.log-response-header = "enable"
-@@ -85,7 +84,7 @@
- "grisu" => (
- "host" => "127.0.0.1",
- "port" => 1048,
-- "bin-path" => "/usr/bin/php-cgi",
-+ "bin-path" => env.PHP,
- "bin-copy-environment" => ( "PATH", "SHELL", "USER" ),
- )
- )
-Index: tests/mod-fastcgi.t
-===================================================================
---- tests/mod-fastcgi.t (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ tests/mod-fastcgi.t (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -7,17 +7,27 @@
- }
-
- use strict;
--use Test::More tests => 47;
-+use Test::More tests => 49;
- use LightyTest;
-
- my $tf = LightyTest->new();
-
- my $t;
-+my $php_child = -1;
-
-+my $phpbin = (defined $ENV{'PHP'} ? $ENV{'PHP'} : '/usr/bin/php-cgi');
-+$ENV{'PHP'} = $phpbin;
-+
- SKIP: {
-+ skip "PHP already running on port 1026", 1 if $tf->listening_on(1026);
-+ skip "no php binary found", 1 unless -x $phpbin;
-+ ok(-1 != ($php_child = $tf->spawnfcgi($phpbin, 1026)), "Spawning php");
-+}
-+
-+SKIP: {
- skip "no PHP running on port 1026", 29 unless $tf->listening_on(1026);
-
-- ok($tf->start_proc == 0, "Starting lighttpd") or die();
-+ ok($tf->start_proc == 0, "Starting lighttpd") or goto cleanup;
-
- $t->{REQUEST} = ( <<EOF
- GET /phpinfo.php HTTP/1.0
-@@ -65,7 +75,7 @@
- EOF
- );
- $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200, 'HTTP-Content' => '/get-server-env.php' } ];
-- ok($tf->handle_http($t) == 0, '$_SERVER["PHP_SELF"]');
-+ ok($tf->handle_http($t) == 0, '$_SERVER["SCRIPT_NAME"]');
-
- $t->{REQUEST} = ( <<EOF
- GET /get-server-env.php/foo?env=PATH_INFO HTTP/1.0
-@@ -161,7 +171,7 @@
-
-
- $tf->{CONFIGFILE} = 'fastcgi-10.conf';
-- ok($tf->start_proc == 0, "Starting lighttpd with $tf->{CONFIGFILE}") or die();
-+ ok($tf->start_proc == 0, "Starting lighttpd with $tf->{CONFIGFILE}") or goto cleanup;
- $t->{REQUEST} = ( <<EOF
- GET /get-server-env.php?env=SERVER_NAME HTTP/1.0
- Host: zzz.example.org
-@@ -173,7 +183,7 @@
- ok($tf->stop_proc == 0, "Stopping lighttpd");
-
- $tf->{CONFIGFILE} = 'bug-06.conf';
-- ok($tf->start_proc == 0, "Starting lighttpd with $tf->{CONFIGFILE}") or die();
-+ ok($tf->start_proc == 0, "Starting lighttpd with $tf->{CONFIGFILE}") or goto cleanup;
- $t->{REQUEST} = ( <<EOF
- GET /indexfile/ HTTP/1.0
- Host: www.example.org
-@@ -185,7 +195,7 @@
- ok($tf->stop_proc == 0, "Stopping lighttpd");
-
- $tf->{CONFIGFILE} = 'bug-12.conf';
-- ok($tf->start_proc == 0, "Starting lighttpd with bug-12.conf") or die();
-+ ok($tf->start_proc == 0, "Starting lighttpd with bug-12.conf") or goto cleanup;
- $t->{REQUEST} = ( <<EOF
- POST /indexfile/abc HTTP/1.0
- Host: www.example.org
-@@ -199,6 +209,12 @@
- }
-
- SKIP: {
-+ skip "PHP not started, cannot stop it", 1 unless $php_child != -1;
-+ ok(0 == $tf->endspawnfcgi($php_child), "Stopping php");
-+ $php_child = -1;
-+}
-+
-+SKIP: {
- skip "no fcgi-auth found", 4 unless -x $tf->{BASEDIR}."/tests/fcgi-auth" || -x $tf->{BASEDIR}."/tests/fcgi-auth.exe";
-
- $tf->{CONFIGFILE} = 'fastcgi-auth.conf';
-@@ -223,7 +239,7 @@
- }
-
- SKIP: {
-- skip "no php found", 5 unless -x "/usr/bin/php-cgi";
-+ skip "no php found", 5 unless -x $phpbin;
- $tf->{CONFIGFILE} = 'fastcgi-13.conf';
- ok($tf->start_proc == 0, "Starting lighttpd with $tf->{CONFIGFILE}") or die();
- $t->{REQUEST} = ( <<EOF
-@@ -325,3 +341,10 @@
- ok($tf->stop_proc == 0, "Stopping lighttpd");
- }
-
-+exit 0;
-+
-+cleanup: ;
-+
-+$tf->endspawnfcgi($php_child) if $php_child != -1;
-+
-+die();
-Index: tests/mod-rewrite.t
-===================================================================
---- tests/mod-rewrite.t (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ tests/mod-rewrite.t (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -8,18 +8,26 @@
-
- use strict;
- use IO::Socket;
--use Test::More tests => 5;
-+use Test::More tests => 8;
- use LightyTest;
-
- my $tf = LightyTest->new();
- my $t;
-+my $php_child = -1;
-
-+my $phpbin = (defined $ENV{'PHP'} ? $ENV{'PHP'} : '/usr/bin/php-cgi');
-
- SKIP: {
-- skip "no PHP running on port 1026", 5 unless $tf->listening_on(1026);
-+ skip "PHP already running on port 1026", 1 if $tf->listening_on(1026);
-+ skip "no php binary found", 1 unless -x $phpbin;
-+ ok(-1 != ($php_child = $tf->spawnfcgi($phpbin, 1026)), "Spawning php");
-+}
-
-- ok($tf->start_proc == 0, "Starting lighttpd") or die();
-+SKIP: {
-+ skip "no PHP running on port 1026", 6 unless $tf->listening_on(1026);
-
-+ ok($tf->start_proc == 0, "Starting lighttpd") or goto cleanup;
-+
- $t->{REQUEST} = ( <<EOF
- GET /rewrite/foo HTTP/1.0
- Host: www.example.org
-@@ -44,5 +52,27 @@
- $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200, 'HTTP-Content' => 'bar&a=b' } ];
- ok($tf->handle_http($t) == 0, 'valid request');
-
-+ $t->{REQUEST} = ( <<EOF
-+GET %2Frewrite/f%6Fo?a=b HTTP/1.0
-+Host: www.example.org
-+EOF
-+ );
-+ $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200, 'HTTP-Content' => 'a=b' } ];
-+ ok($tf->handle_http($t) == 0, 'valid request with url encoded characters');
-+
- ok($tf->stop_proc == 0, "Stopping lighttpd");
- }
-+
-+SKIP: {
-+ skip "PHP not started, cannot stop it", 1 unless $php_child != -1;
-+ ok(0 == $tf->endspawnfcgi($php_child), "Stopping php");
-+}
-+
-+
-+exit 0;
-+
-+cleanup: ;
-+
-+$tf->endspawnfcgi($php_child) if $php_child != -1;
-+
-+die();
-Index: tests/lighttpd.conf
-===================================================================
---- tests/lighttpd.conf (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ tests/lighttpd.conf (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -3,7 +3,6 @@
- debug.log-response-header = "enable"
- debug.log-condition-handling = "enable"
- server.document-root = env.SRCDIR + "/tmp/lighttpd/servers/www.example.org/pages/"
--server.pid-file = env.SRCDIR + "/tmp/lighttpd/lighttpd.pid"
-
- ## 64 Mbyte ... nice limit
- server.max-request-size = 65000
-Index: tests/fastcgi-responder.conf
-===================================================================
---- tests/fastcgi-responder.conf (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ tests/fastcgi-responder.conf (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -1,5 +1,4 @@
- server.document-root = env.SRCDIR + "/tmp/lighttpd/servers/www.example.org/pages/"
--server.pid-file = env.SRCDIR + "/tmp/lighttpd/lighttpd.pid"
-
- #debug.log-request-header = "enable"
- #debug.log-response-header = "enable"
-Index: tests/fastcgi-auth.conf
-===================================================================
---- tests/fastcgi-auth.conf (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ tests/fastcgi-auth.conf (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -1,5 +1,4 @@
- server.document-root = env.SRCDIR + "/tmp/lighttpd/servers/www.example.org/pages/"
--server.pid-file = env.SRCDIR + "/tmp/lighttpd/lighttpd.pid"
-
- debug.log-request-header = "enable"
- debug.log-response-header = "enable"
-Index: tests/proxy.conf
-===================================================================
---- tests/proxy.conf (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ tests/proxy.conf (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -1,5 +1,4 @@
- server.document-root = env.SRCDIR + "/tmp/lighttpd/servers/www.example.org/pages/"
--server.pid-file = env.SRCDIR + "/tmp/lighttpd/lighttpd-proxy.pid"
-
- ## bind to port (default: 80)
- server.port = 2050
-Index: tests/docroot/www/get-env.php
-===================================================================
---- tests/docroot/www/get-env.php (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ tests/docroot/www/get-env.php (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -1,3 +1,4 @@
- <?php
-- print $_ENV[$_GET["env"]];
-+ $env = $_GET["env"];
-+ print isset($_ENV[$env]) ? $_ENV[$env] : '';
- ?>
-Index: tests/docroot/www/Makefile.am
-===================================================================
---- tests/docroot/www/Makefile.am (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ tests/docroot/www/Makefile.am (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -1,4 +1,4 @@
--EXTRA_DIST=cgi.php cgi.pl dummydir index.html index.txt phpinfo.php \
-+EXTRA_DIST=cgi.php cgi.pl index.html index.txt phpinfo.php \
- redirect.php cgi-pathinfo.pl get-env.php get-server-env.php \
- nph-status.pl prefix.fcgi get-header.pl ssi.shtml get-post-len.pl \
- exec-date.shtml index.html~ 404.fcgi 404.html 404.pl send404.pl crlfcrash.pl
-Index: tests/Makefile.am
-===================================================================
---- tests/Makefile.am (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ tests/Makefile.am (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -42,8 +42,6 @@
- mod-redirect.t \
- mod-rewrite.t \
- mod-userdir.t \
-- env-variables.t \
-- env-variables.conf \
- symlink.t \
- request.t \
- mod-ssi.t \
-
-Property changes on: tests/core-404-handler.t
-___________________________________________________________________
-Added: svn:executable
- + *
-
-Index: tests/LightyTest.pm
-===================================================================
---- tests/LightyTest.pm (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ tests/LightyTest.pm (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -6,6 +6,7 @@
- use Test::More;
- use Socket;
- use Cwd 'abs_path';
-+use POSIX ":sys_wait_h";
-
- sub mtime {
- my $file = shift;
-@@ -30,14 +31,17 @@
-
-
- if (mtime($self->{BASEDIR}.'/src/lighttpd') > mtime($self->{BASEDIR}.'/build/lighttpd')) {
-- $self->{LIGHTTPD_PATH} = $self->{BASEDIR}.'/src/lighttpd';
-- $self->{MODULES_PATH} = $self->{BASEDIR}.'/src/.libs';
-+ $self->{BINDIR} = $self->{BASEDIR}.'/src';
-+ if (mtime($self->{BASEDIR}.'/src/.libs')) {
-+ $self->{MODULES_PATH} = $self->{BASEDIR}.'/src/.libs';
-+ } else {
-+ $self->{MODULES_PATH} = $self->{BASEDIR}.'/src';
-+ }
- } else {
-- $self->{LIGHTTPD_PATH} = $self->{BASEDIR}.'/build/lighttpd';
-+ $self->{BINDIR} = $self->{BASEDIR}.'/build';
- $self->{MODULES_PATH} = $self->{BASEDIR}.'/build';
- }
-- $self->{LIGHTTPD_PIDFILE} = $self->{TESTDIR}.'/tmp/lighttpd/lighttpd.pid';
-- $self->{PIDOF_PIDFILE} = $self->{TESTDIR}.'/tmp/lighttpd/pidof.pid';
-+ $self->{LIGHTTPD_PATH} = $self->{BINDIR}.'/lighttpd';
- $self->{PORT} = 2048;
-
- my ($name, $aliases, $addrtype, $net) = gethostbyaddr(inet_aton("127.0.0.1"), AF_INET);
-@@ -66,59 +70,73 @@
- sub stop_proc {
- my $self = shift;
-
-- open F, $self->{LIGHTTPD_PIDFILE} or return -1;
-- my $pid = <F>;
-- close F;
-+ my $pid = $self->{LIGHTTPD_PID};
-+ if (defined $pid && $pid != -1) {
-+ kill('TERM', $pid) or return -1;
-+ return -1 if ($pid != waitpid($pid, 0));
-+ } else {
-+ diag("Process not started, nothing to stop");
-+ return -1;
-+ }
-
-- if (defined $pid) {
-- kill('TERM',$pid) or return -1;
-+ return 0;
-+}
-+
-+sub wait_for_port_with_proc {
-+ my $self = shift;
-+ my $port = shift;
-+ my $child = shift;
-+
-+ while (0 == $self->listening_on($port)) {
- select(undef, undef, undef, 0.1);
-+
-+ # the process is gone, we failed
-+ if (0 != waitpid($child, WNOHANG)) {
-+ return -1;
-+ }
- }
-
- return 0;
- }
-
--
- sub start_proc {
- my $self = shift;
- # kill old proc if necessary
-- $self->stop_proc;
-+ #$self->stop_proc;
-
- # pre-process configfile if necessary
- #
-
- $ENV{'SRCDIR'} = $self->{BASEDIR}.'/tests';
-+ $ENV{'PORT'} = $self->{PORT};
-
-- unlink($self->{LIGHTTPD_PIDFILE});
-+ my $cmdline = $self->{LIGHTTPD_PATH}." -D -f ".$self->{SRCDIR}."/".$self->{CONFIGFILE}." -m ".$self->{MODULES_PATH};
- if (defined $ENV{"TRACEME"} && $ENV{"TRACEME"} eq 'strace') {
-- system("strace -tt -s 512 -o strace ".$self->{LIGHTTPD_PATH}." -D -f ".$self->{SRCDIR}."/".$self->{CONFIGFILE}." -m ".$self->{MODULES_PATH}." &");
-+ $cmdline = "strace -tt -s 512 -o strace ".$cmdline;
- } elsif (defined $ENV{"TRACEME"} && $ENV{"TRACEME"} eq 'truss') {
-- system("/usr/dtrctkit/bin/dtruss -d -e ".$self->{LIGHTTPD_PATH}." -D -f ".$self->{SRCDIR}."/".$self->{CONFIGFILE}." -m ".$self->{MODULES_PATH}." 2> strace &");
-+ $cmdline = "truss -a -l -w all -v all -o strace ".$cmdline;
-+ } elsif (defined $ENV{"TRACEME"} && $ENV{"TRACEME"} eq 'gdb') {
-+ $cmdline = "gdb --batch --ex 'run' --ex 'bt' --args ".$cmdline." > gdb.out";
- } elsif (defined $ENV{"TRACEME"} && $ENV{"TRACEME"} eq 'valgrind') {
-- system("valgrind --tool=memcheck --show-reachable=yes --leak-check=yes --log-file=valgrind ".$self->{LIGHTTPD_PATH}." -D -f ".$self->{SRCDIR}."/".$self->{CONFIGFILE}." -m ".$self->{MODULES_PATH}." &");
-- } else {
-- system($self->{LIGHTTPD_PATH}." -f ".$self->{SRCDIR}."/".$self->{CONFIGFILE}." -m ".$self->{MODULES_PATH});
-+ $cmdline = "valgrind --tool=memcheck --show-reachable=yes --leak-check=yes --log-file=valgrind ".$cmdline;
- }
--
-- select(undef, undef, undef, 0.1);
-- if (not -e $self->{LIGHTTPD_PIDFILE} or 0 == kill 0, `cat $self->{LIGHTTPD_PIDFILE}`) {
-- select(undef, undef, undef, 2);
-- }
--
-- unlink($self->{TESTDIR}."/tmp/cfg.file");
--
-- # no pidfile, we failed
-- if (not -e $self->{LIGHTTPD_PIDFILE}) {
-- diag(sprintf('Could not find pidfile: %s', $self->{LIGHTTPD_PIDFILE}));
-+ # diag("starting lighttpd at :".$self->{PORT}.", cmdline: ".$cmdline );
-+ my $child = fork();
-+ if (not defined $child) {
-+ diag("Fork failed");
- return -1;
- }
-+ if ($child == 0) {
-+ exec $cmdline or die($?);
-+ }
-
-- # the process is gone, we failed
-- if (0 == kill 0, `cat $self->{LIGHTTPD_PIDFILE}`) {
-- diag(sprintf('the process referenced by %s is not up', $self->{LIGHTTPD_PIDFILE}));
-+ if (0 != $self->wait_for_port_with_proc($self->{PORT}, $child)) {
-+ diag(sprintf('The process %i is not up', $child));
- return -1;
- }
-
-+ $self->{LIGHTTPD_PID} = $child;
-+
- 0;
- }
-
-@@ -131,6 +149,7 @@
-
- my @request = $t->{REQUEST};
- my @response = $t->{RESPONSE};
-+ my $is_debug = $ENV{"TRACE_HTTP"};
-
- my $remote =
- IO::Socket::INET->new(Proto => "tcp",
-@@ -144,20 +163,27 @@
-
- $remote->autoflush(1);
-
-+ diag("sending request header to ".$host.":".$self->{PORT}) if $is_debug;
- foreach(@request) {
- # pipeline requests
- s/\r//g;
- s/\n/$EOL/g;
-
-- print $remote $_.$BLANK;
-+ print $remote $_.$BLANK;
-+ diag("<< ".$_) if $is_debug;
- }
-+ shutdown($remote, 1); # I've stopped writing data
-+ diag("... done") if $is_debug;
-
- my $lines = "";
-
-+ diag("receiving response") if $is_debug;
- # read everything
- while(<$remote>) {
- $lines .= $_;
-+ diag(">> ".$_) if $is_debug;
- }
-+ diag("... done") if $is_debug;
-
- close $remote;
-
-@@ -187,18 +213,24 @@
- (my $h = $1) =~ tr/[A-Z]/[a-z]/;
-
- if (defined $resp_hdr{$h}) {
-- diag(sprintf("header %s is duplicated: %s and %s\n",
-- $h, $resp_hdr{$h}, $2));
-+# diag(sprintf("header '%s' is duplicated: '%s' and '%s'\n",
-+# $h, $resp_hdr{$h}, $2));
-+ $resp_hdr{$h} .= ', '.$2;
- } else {
- $resp_hdr{$h} = $2;
- }
- } else {
-- diag(sprintf("unexpected line '$line'\n"));
-+ diag(sprintf("unexpected line '%s'\n", $line));
- return -1;
- }
- }
- }
-
-+ if (not defined($resp_line)) {
-+ diag(sprintf("empty response\n"));
-+ return -1;
-+ }
-+
- $t->{etag} = $resp_hdr{'etag'};
- $t->{date} = $resp_hdr{'date'};
-
-@@ -227,7 +259,7 @@
- return -1;
- }
- } else {
-- diag(sprintf("unexpected resp_line '$resp_line'\n"));
-+ diag(sprintf("unexpected resp_line '%s'\n", $resp_line));
- return -1;
- }
-
-@@ -237,7 +269,9 @@
- diag(sprintf("body failed: expected '%s', got '%s'\n", $href->{'HTTP-Content'}, $resp_body));
- return -1;
- }
-- } elsif (defined $href->{'-HTTP-Content'}) {
-+ }
-+
-+ if (defined $href->{'-HTTP-Content'}) {
- if (defined $resp_body && $resp_body ne '') {
- diag(sprintf("body failed: expected empty body, got '%s'\n", $resp_body));
- return -1;
-@@ -245,7 +279,6 @@
- }
-
- foreach (keys %{ $href }) {
-- ## filter special keys
- next if $_ eq 'HTTP-Protocol';
- next if $_ eq 'HTTP-Status';
- next if $_ eq 'HTTP-Content';
-@@ -257,7 +290,6 @@
- my $key_inverted = 0;
-
- if (substr($k, 0, 1) eq '+') {
-- ## the key has to exist, but the value is ignored
- $k = substr($k, 1);
- $verify_value = 0;
- } elsif (substr($k, 0, 1) eq '-') {
-@@ -265,11 +297,11 @@
- $k = substr($k, 1);
- $key_inverted = 1;
- $verify_value = 0; ## skip the value check
-- }
-+ }
-
- if ($key_inverted) {
- if (defined $resp_hdr{$k}) {
-- diag(sprintf("required header '%s' is missing\n", $k));
-+ diag(sprintf("header '%s' MUST not be set\n", $k));
- return -1;
- }
- } else {
-@@ -297,12 +329,38 @@
-
- # we should have sucked up everything
- if (defined $lines) {
-- diag(sprintf("unexpected lines '$lines'\n"));
-+ diag(sprintf("unexpected lines '%s'\n", $lines));
- return -1;
- }
-
- return 0;
- }
--
-+
-+sub spawnfcgi {
-+ my ($self, $binary, $port) = @_;
-+ my $child = fork();
-+ if (not defined $child) {
-+ diag("Couldn't fork\n");
-+ return -1;
-+ }
-+ if ($child == 0) {
-+ my $cmd = $self->{BINDIR}.'/spawn-fcgi -n -p '.$port.' -f "'.$binary.'"';
-+ exec $cmd or die($?);
-+ } else {
-+ if (0 != $self->wait_for_port_with_proc($port, $child)) {
-+ diag(sprintf('The process %i is not up (port %i, %s)', $child, $port, $binary));
-+ return -1;
-+ }
-+ return $child;
-+ }
-+}
-+
-+sub endspawnfcgi {
-+ my ($self, $pid) = @_;
-+ return -1 if (-1 == $pid);
-+ kill(2, $pid);
-+ waitpid($pid, 0);
-+ return 0;
-+}
-+
- 1;
--
-Index: tests/run-tests.pl
-===================================================================
---- tests/run-tests.pl (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ tests/run-tests.pl (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -3,17 +3,18 @@
- use strict;
-
- use Test::Harness qw(&runtests $verbose);
--$verbose = (defined $ENV{'VERBOSE'} ? $ENV{'VERBOSE'} : 0);;
-+$verbose = (defined $ENV{'VERBOSE'} ? $ENV{'VERBOSE'} : 0);
-+my $tests = (defined $ENV{'TESTS'} ? $ENV{'TESTS'} : '');
-
- my $srcdir = (defined $ENV{'srcdir'} ? $ENV{'srcdir'} : '.');
-
- opendir DIR, $srcdir;
- my (@fs, $f);
- while ($f = readdir(DIR)) {
-- if ($f =~ /\.t$/) {
-+ if ($f =~ /^(.*)\.t$/) {
-+ next if ($tests ne '' and $tests !~ /(^|\s+)$1(\s+|$)/);
- push @fs, $srcdir.'/'.$f;
- }
- }
- closedir DIR;
- runtests @fs;
--
-Index: doc/userdir.txt
-===================================================================
---- doc/userdir.txt (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ doc/userdir.txt (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -46,10 +46,10 @@
- Options
- =======
-
--userdir.path
-+userdir.path (required option)
- usually it should be set to "public_html" to take ~/public_html/ as the document root
-
-- Default: empty (document root is the home directory)
-+ Default: unset (mod_userdir disabled; set it to "" if you want the home directory to be the document root as it was the default before 1.4.19)
- Example: ::
-
- userdir.path = "public_html"
-Index: doc/configuration.txt
-===================================================================
---- doc/configuration.txt (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ doc/configuration.txt (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -513,3 +513,6 @@
-
- debug.log-request-handling
- default: disabled
-+
-+debug.log-ssl-noise
-+ default: disabled
-Index: SConstruct
-===================================================================
---- SConstruct (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ SConstruct (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -5,7 +5,7 @@
- from stat import *
-
- package = 'lighttpd'
--version = '1.4.19'
-+version = '1.4.20'
-
- def checkCHeaders(autoconf, hdrs):
- p = re.compile('[^A-Z0-9]')
-Index: Makefile.am
-===================================================================
---- Makefile.am (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ Makefile.am (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -1,3 +1,5 @@
- SUBDIRS=src doc tests cygwin openwrt
-
--EXTRA_DIST=lighttpd.spec autogen.sh SConstruct
-+EXTRA_DIST=autogen.sh SConstruct
-+
-+distcleancheck_listfiles = find -type f -exec sh -c 'test -f $(srcdir)/{} || echo {}' ';'
-Index: NEWS
-===================================================================
---- NEWS (.../tags/lighttpd-1.4.19) (revision 2303)
-+++ NEWS (.../branches/lighttpd-1.4.x) (revision 2303)
-@@ -3,8 +3,67 @@
- NEWS
- ====
-
--- 1.4.19 -
-+- 1.4.20 -
-
-+ * Fix mod_compress to compile with old gcc version (#1592)
-+ * Fix mod_extforward to compile with old gcc version (#1591)
-+ * Update documentation for #1587
-+ * Fix #285 again: read error after SSL_shutdown (thx marton.illes@balabit.com) and clear the error queue before some other calls (CVE-2008-1531)
-+ * Fix mod_magnet: enable "request.method" and "request.protocol" in lighty.env (#1308)
-+ * Fix segfault for appending matched parts if there was no regex matching (just give empty strings) (#1601)
-+ * Use data_response_init in mod_fastcgi x-sendfile handling for response.headers, fix a small "memleak" (#1628)
-+ * Don't send empty Server headers (#1620)
-+ * Fix conditional interpretation of core options
-+ * Enable escaping of % and $ in redirect/rewrite; only two cases changed their behaviour: "%%" => "%", "$$" => "$"
-+ * Fix accesslog port (should be port from the connection, not the "server.port") (#1618)
-+ * Fix mod_fastcgi prefix matching: match the prefix always against url, not the absolute filepath (regardless of check-local)
-+ * Overwrite Content-Type header in mod_dirlisting instead of inserting (#1614), patch by Henrik Holst
-+ * Handle EINTR in mod_cgi during write() (#1640)
-+ * Allow all http status codes by default; disable body only for 204,205 and 304; generate error pages for 4xx and 5xx (#1639)
-+ * Fix mod_magnet to set con->mode = p->id if it generates content, so returning 4xx/5xx doesn't append an error page
-+ * Remove lighttpd.spec* from source, fixing all problems with it ;-)
-+ * Do not rely on PATH_MAX (POSIX does not require it) (#580)
-+ * Disable logging to access.log if filename is an empty string
-+ * Implement a clean way to open /dev/null and use it to close stdin/out/err in the needed places (#624)
-+ * merge spawn-fcgi changes from trunk (from @2191)
-+ * let spawn-fcgi propagate exit code from spawned fcgi application
-+ * close connection after redirect in trigger_b4_dl (thx icy)
-+ * close connection in mod_magnet if returned status code
-+ * fix bug with IPv6 in mod_evasive (#1579)
-+ * fix scgi HTTP/1.* status parsing (#1638), found by met@uberstats.com
-+ * [tests] fixed system, use foreground daemons and waitpid
-+ * [tests] removed pidfile from test system
-+ * [tests] fixed tests needing php running (if not running on port 1026, search php in env[PHP] or /usr/bin/php-cgi)
-+ * fixed typo in mod_accesslog (#1699)
-+ * replaced buffer_{append,copy}_string with the _len variant where possible (#1732) (thx crypt)
-+ * case insensitive match for secdownload md5 token (#1710)
-+ * Handle only HEAD, GET and POST in mod_dirlisting (same as in staticfile) (#1687)
-+ * fixed mod_secdownload problem with unsigned time_t (#1688)
-+ * handle EAGAIN and EINTR for freebsd sendfile (#1675)
-+ * Use filedescriptor 0 for mod_scgi spawn socket, redirect STDERR to /dev/null (#1716)
-+ * fixed round-robin balancing in mod_proxy (#1715)
-+ * fixed EINTR handling for waitpid in mod_fastcgi
-+ * mod_{fast,s}cgi: overwrite environment variables (#1722)
-+ * inserted many con->mode checks; they should prevent two modules to handle the same request if they shouldn't (#631)
-+ * fixed url encoding to encode more characters (#266)
-+ * allow digits in [s]cgi env vars (#1712)
-+ * fixed dropping last character of evhost pattern (#161)
-+ * print helpful error message on conditionals in global block (#1550)
-+ * decode url before matching in mod_rewrite (#1720)
-+ * fixed conditional patching of ldap filter (#1564)
-+ * Match headers case insensitive in response (removing of X-{Sendfile,LIGHTTPD-*}, catching Date/Server)
-+ * fixed bug with case-insensitive filenames in mod_userdir (#1589), spotted by "anders1"
-+ * fixed format string bugs in mod_accesslog for SYSLOG
-+ * replaced fprintf with log_error_write in fastcgi debug
-+ * fixed mem leak in ssi expression parser (#1753), thx Take5k
-+ * hide some ssl errors per default, enable them with debug.log-ssl-noise (#397)
-+ * do not send content-encoding for 304 (#1754), thx yzlai
-+ * fix segfault for stat_cache(fam) calls with relative path (without '/', can be triggered by x-sendfile) (#1750)
-+ * fix splitting of auth-ldap filter
-+ * workaround ldap connection leak if a ldap connection failed (restarting ldap)
-+
-+- 1.4.19 - 2008-03-10
-+
- * added support for If-Range: <date> (#1346)
- * added support for matching $HTTP["scheme"] in configs
- * fixed initgroups() called after chroot (#1384)
-Index: .cvsignore
+-- 1.4.29 -
++- 1.4.30 -
++ * Always use our 'own' md5 implementation, fixes linking issues on MacOS (fixes #2331)
++ * Limit amount of bytes we send in one go; fixes stalling in one connection and timeouts on slow systems.
++ * [ssl] fix build errors when Elliptic-Curve Diffie-Hellman is disabled
++ * Add static-file.disable-pathinfo option to prevent handling of urls like .../secret.php/image.jpg as static file
++ * Don't overwrite 401 (auth required) with 501 (unknown method) (fixes #2341)
++ * Fix mod_status bug: always showed "0/0" in the "Read" column for uploads (fixes #2351)
++ * [mod_auth] Fix signedness error in http_auth (fixes #2370, CVE-2011-4362)
++ * [ssl] count renegotiations to prevent client renegotiations
++ * [ssl] add option to honor server cipher order (fixes #2364, BEAST attack)
++ * [core] accept dots in ipv6 addresses in host header (fixes #2359)
++ * [ssl] fix ssl connection aborts if files are larger than the MAX_WRITE_LIMIT (256kb)
++
++- 1.4.29 - 2011-07-03
+ * Fix mod_proxy waiting for response even if content-length is 0 (fixes #2259)
+ * Silence annoying "connection closed: poll() -> ERR" error.log message (fixes #2257)
+ * mod_cgi: make read buffer as big as incoming data block
+Index: CMakeLists.txt
===================================================================
-
-Property changes on: .
-___________________________________________________________________
-Modified: svk:merge
- - 152afb58-edef-0310-8abb-c4023f1b3aa9:/branches/lighttpd-1.3.x:499
-152afb58-edef-0310-8abb-c4023f1b3aa9:/branches/lighttpd-1.4.11-ssl-fixes:1346
-152afb58-edef-0310-8abb-c4023f1b3aa9:/branches/lighttpd-merge-1.4.x:1041
-152afb58-edef-0310-8abb-c4023f1b3aa9:/tags/lighttpd-1.4.11:1042
-152afb58-edef-0310-8abb-c4023f1b3aa9:/tags/release-1.3.13:105
-152afb58-edef-0310-8abb-c4023f1b3aa9:/trunk:104
-a98e19e4-a712-0410-8832-6551a15ffc53:/local/branches/lighttpd-1.4.x:1557
-ebd0e9cf-3e47-4385-9dd4-f0e25e97baa2:/local/lighttpd/branches/lighttpd-1.4.x:2164
- + 152afb58-edef-0310-8abb-c4023f1b3aa9:/branches/lighttpd-1.3.x:499
-152afb58-edef-0310-8abb-c4023f1b3aa9:/branches/lighttpd-1.4.11-ssl-fixes:1346
-152afb58-edef-0310-8abb-c4023f1b3aa9:/branches/lighttpd-merge-1.4.x:1041
-152afb58-edef-0310-8abb-c4023f1b3aa9:/tags/lighttpd-1.4.11:1042
-152afb58-edef-0310-8abb-c4023f1b3aa9:/tags/release-1.3.13:105
-152afb58-edef-0310-8abb-c4023f1b3aa9:/trunk:104
-a98e19e4-a712-0410-8832-6551a15ffc53:/local/branches/lighttpd-1.4.x:1557
-ebd0e9cf-3e47-4385-9dd4-f0e25e97baa2:/local/lighttpd/branches/lighttpd-1.4.x:2250
-Added: bzr:revision-info
- + timestamp: 2008-09-17 16:23:00.644000053 +0200
-committer: Stefan Bühler <stbuehler@web.de>
-properties:
- branch-nick: lighttpd-1.4.x
-
-Added: bzr:file-ids
- +
-Added: bzr:revision-id:v3-trunk0
- + 1127 stbuehler@web.de-20080728081644-j4cxnhduw8kbt8um
-1128 stbuehler@web.de-20080728084246-axvxdtjsrratxixs
-1129 stbuehler@web.de-20080729211700-s8v6nq2cu06qesls
-1130 stbuehler@web.de-20080729211726-4yxb6e5dva1cn0lz
-1131 stbuehler@web.de-20080729211750-4ulzigswx17uciyu
-1132 stbuehler@web.de-20080729211850-nliz3kd0m576ztuu
-1133 stbuehler@web.de-20080730163440-dg2y2sbf0u4grmn4
-1134 stbuehler@web.de-20080730173952-kiutzg6geqy7mick
-1135 stbuehler@web.de-20080730193616-9kc2ms7rrhv1lkn7
-1136 stbuehler@web.de-20080730211457-z4a6uth1y29glbqh
-1137 stbuehler@web.de-20080730213517-b6sjcrdwbmipl334
-1138 stbuehler@web.de-20080731102617-2xw8unjfqic7lsew
-1139 stbuehler@web.de-20080731102703-q4tu5a6em9y8xdg0
-1140 stbuehler@web.de-20080731102729-l6vn5b05w9swqbg5
-1141 stbuehler@web.de-20080731102756-oj3d4tnk0l90mj77
-1142 stbuehler@web.de-20080731204442-blw14cj2fkr3l8ly
-1143 stbuehler@web.de-20080731204508-imtfnurf922mg7tj
-1144 stbuehler@web.de-20080801112347-girnwswdkwm8wuip
-1145 stbuehler@web.de-20080801161245-kx1temr529o7xko9
-1146 stbuehler@web.de-20080801175332-oc9e7x8edn1owcc0
-1147 stbuehler@web.de-20080801183454-5i66v0gsdv0cgmia
-1148 stbuehler@web.de-20080801192849-6zklfbb832sx0hvr
-1149 stbuehler@web.de-20080801203119-o16elp8w854s6lol
-1150 stbuehler@web.de-20080802162146-a4v57svc788pwdsv
-1151 stbuehler@web.de-20080802162202-9udlc1wuwt09pyh2
-1152 stbuehler@web.de-20080804135803-yuor9ze06px7qta4
-1153 stbuehler@web.de-20080812194728-fupt781o6q058unh
-1154 stbuehler@web.de-20080818162116-piz0ukqsaecv2li2
-1155 stbuehler@web.de-20080818235700-94t0xc6ml70zojwq
-1156 stbuehler@web.de-20080819163650-1qhwsqszr78cr4xx
-1157 stbuehler@web.de-20080819163757-1qq3t1f1wj69t8xs
-1158 stbuehler@web.de-20080819163914-rklhkurg8apv85l2
-1159 stbuehler@web.de-20080819163953-tlqew751e43phf5b
-1160 stbuehler@web.de-20080819164108-8ogh68sm1uyteawe
-1161 stbuehler@web.de-20080819173911-w5bqpb7cp9jmdqye
-1162 stbuehler@web.de-20080819222242-c0ta5gnli9p3j35a
-1163 stbuehler@web.de-20080820100730-g1bwdh4nqb53ag9u
-1164 stbuehler@web.de-20080820100752-9pggugdyfnnps8qu
-1165 stbuehler@web.de-20080820164258-v2j00motsrsc5esp
-1166 stbuehler@web.de-20080827144628-hi9hf4ch3n1wf9ao
-1167 stbuehler@web.de-20080827144903-tfxu4yehlyu5kegc
-1168 stbuehler@web.de-20080827155155-7mt92orehbxkh2lh
-1169 stbuehler@web.de-20080917142048-zbcwpk39q9ewd516
-1170 stbuehler@web.de-20080917142300-16gzt21x4nbjtj87
-
-