no dist-xz for ac

[packages/lighttpd.git] / lighttpd-branch.diff

diff --git a/lighttpd-branch.diff b/lighttpd-branch.diff
index 82b8a770d955738c1bf2814178e6db28a2d06527..76f06ce17cb591b31c716dc962d936cf96c36b2c 100644 (file)
--- a/lighttpd-branch.diff
+++ b/lighttpd-branch.diff
@@ -1,3217 +1,1957 @@
-Index: cmake/LighttpdMacros.cmake
+# Revision 2815
+Index: src/http_auth_digest.c

 ===================================================================
 ===================================================================

---- cmake/LighttpdMacros.cmake (.../tags/lighttpd-1.4.20)      (revision 0)
-+++ cmake/LighttpdMacros.cmake (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -0,0 +1,43 @@
-+## our modules are without the "lib" prefix
-+
-+MACRO(ADD_AND_INSTALL_LIBRARY LIBNAME SRCFILES)
-+  IF(BUILD_STATIC)
-+    ADD_LIBRARY(${LIBNAME} STATIC ${SRCFILES})
-+    TARGET_LINK_LIBRARIES(lighttpd ${LIBNAME})
-+  ELSE(BUILD_STATIC)
-+    ADD_LIBRARY(${LIBNAME} SHARED ${SRCFILES})
-+    SET(L_INSTALL_TARGETS ${L_INSTALL_TARGETS} ${LIBNAME})
-+    ## Windows likes to link it this way back to app!
-+    IF(WIN32)
-+        SET_TARGET_PROPERTIES(${LIBNAME} PROPERTIES LINK_FLAGS lighttpd.lib)
-+    ENDIF(WIN32)
-+
-+    IF(APPLE)
-+        SET_TARGET_PROPERTIES(${LIBNAME} PROPERTIES LINK_FLAGS "-flat_namespace -undefined suppress")
-+    ENDIF(APPLE)
-+  ENDIF(BUILD_STATIC)
-+ENDMACRO(ADD_AND_INSTALL_LIBRARY)
-+
-+MACRO(LEMON_PARSER SRCFILE)
-+  GET_FILENAME_COMPONENT(SRCBASE ${SRCFILE} NAME_WE)
-+  ADD_CUSTOM_COMMAND(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/${SRCBASE}.c ${CMAKE_CURRENT_BINARY_DIR}/${SRCBASE}.h
-+  COMMAND ${CMAKE_BINARY_DIR}/build/lemon
-+  ARGS -q ${CMAKE_CURRENT_SOURCE_DIR}/${SRCFILE} ${CMAKE_SOURCE_DIR}/src/lempar.c
-+    DEPENDS ${CMAKE_BINARY_DIR}/build/lemon ${CMAKE_CURRENT_SOURCE_DIR}/${SRCFILE} ${CMAKE_SOURCE_DIR}/src/lempar.c
-+  COMMENT "Generating ${SRCBASE}.c from ${SRCFILE}"
-+)
-+ENDMACRO(LEMON_PARSER)
-+
-+MACRO(ADD_TARGET_PROPERTIES _target _name)
-+  SET(_properties)
-+  FOREACH(_prop ${ARGN})
-+    SET(_properties "${_properties} ${_prop}")
-+  ENDFOREACH(_prop)
-+  GET_TARGET_PROPERTY(_old_properties ${_target} ${_name})
-+  MESSAGE("adding property to ${_target} ${_name}:" ${_properties})
-+  IF(NOT _old_properties)
-+    # in case it's NOTFOUND
-+    SET(_old_properties)
-+  ENDIF(NOT _old_properties)
-+  SET_TARGET_PROPERTIES(${_target} PROPERTIES ${_name} "${_old_properties} ${_properties}")
-+ENDMACRO(ADD_TARGET_PROPERTIES)
-Index: configure.in
-===================================================================
-Index: src/configfile-glue.c
+--- src/http_auth_digest.c     (.../tags/lighttpd-1.4.29)
++++ src/http_auth_digest.c     (.../branches/lighttpd-1.4.x)
+@@ -1,26 +0,0 @@
+-#include "buffer.h"
+-
+-#include "http_auth_digest.h"
+-
+-#include <string.h>
+-
+-#ifndef USE_OPENSSL
+-# include "md5.h"
+-
+-typedef li_MD5_CTX MD5_CTX;
+-#define MD5_Init li_MD5_Init
+-#define MD5_Update li_MD5_Update
+-#define MD5_Final li_MD5_Final
+-
+-#endif
+-
+-void CvtHex(IN HASH Bin, OUT HASHHEX Hex) {
+-      unsigned short i;
+-
+-      for (i = 0; i < HASHLEN; i++) {
+-              Hex[i*2] = int2hex((Bin[i] >> 4) & 0xf);
+-              Hex[i*2+1] = int2hex(Bin[i] & 0xf);
+-      }
+-      Hex[HASHHEXLEN] = '\0';
+-}
+-
+Index: src/http_auth_digest.h

 ===================================================================
 ===================================================================

---- src/configfile-glue.c      (.../tags/lighttpd-1.4.20)      (revision 2392)
-+++ src/configfile-glue.c      (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -1,4 +1,5 @@
- #include <string.h>
-+#include <stdlib.h>
- 
- #include "base.h"
- #include "buffer.h"
-@@ -90,6 +91,22 @@
-                       case TYPE_STRING: {
-                               data_string *ds = (data_string *)du;
- 
-+                              /* If the value came from an environment variable, then it is a
-+                               * data_string, although it may contain a number in ASCII
-+                               * decimal format.  We try to interpret the string as a decimal
-+                               * short before giving up, in order to support setting numeric
-+                               * values with environment variables (eg, port number).
-+                               */
-+                              if (ds->value->ptr && *ds->value->ptr) {
-+                                      char *e;
-+                                      long l = strtol(ds->value->ptr, &e, 10);
-+                                      if (e != ds->value->ptr && !*e && l >=0 && l <= 65535) {
-+                                              *((unsigned short *)(cv[i].destination)) = l;
-+                                              break;
-+
-+                                      }
-+                              }
-+
-                               log_error_write(srv, __FILE__, __LINE__, "ssb", "got a string but expected a short:", cv[i].key, ds->value);
- 
-                               return -1;
-@@ -396,6 +413,15 @@
- 
-               break;
-       }
-+      case COMP_HTTP_LANGUAGE: {
-+              data_string *ds;
-+              if (NULL != (ds = (data_string *)array_get_element(con->request.headers, "Accept-Language"))) {
-+                      l = ds->value;
-+              } else {
-+                      l = srv->empty_string;
-+              }
-+              break;
-+      }
-       default:
-               return COND_RESULT_FALSE;
-       }
-Index: src/mod_cgi.c
+--- src/http_auth_digest.h     (.../tags/lighttpd-1.4.29)
++++ src/http_auth_digest.h     (.../branches/lighttpd-1.4.x)
+@@ -1,24 +0,0 @@
+-#ifndef _DIGCALC_H_
+-#define _DIGCALC_H_
+-
+-#ifdef HAVE_CONFIG_H
+-# include "config.h"
+-#endif
+-
+-#define HASHLEN 16
+-typedef unsigned char HASH[HASHLEN];
+-#define HASHHEXLEN 32
+-typedef char HASHHEX[HASHHEXLEN+1];
+-#ifdef USE_OPENSSL
+-#define IN const
+-#else
+-#define IN
+-#endif
+-#define OUT
+-
+-void CvtHex(
+-    IN HASH Bin,
+-    OUT HASHHEX Hex
+-    );
+-
+-#endif
+Index: src/network_write.c

 ===================================================================
 ===================================================================

---- src/mod_cgi.c      (.../tags/lighttpd-1.4.20)      (revision 2392)
-+++ src/mod_cgi.c      (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -822,15 +822,27 @@
-                       );
-               cgi_env_add(&env, CONST_STR_LEN("SERVER_PORT"), buf, strlen(buf));
- 
-+              switch (srv_sock->addr.plain.sa_family) {
- #ifdef HAVE_IPV6
--              s = inet_ntop(srv_sock->addr.plain.sa_family,
--                            srv_sock->addr.plain.sa_family == AF_INET6 ?
--                            (const void *) &(srv_sock->addr.ipv6.sin6_addr) :
--                            (const void *) &(srv_sock->addr.ipv4.sin_addr),
--                            b2, sizeof(b2)-1);
-+              case AF_INET6:
-+                      s = inet_ntop(srv_sock->addr.plain.sa_family,
-+                                    (const void *) &(srv_sock->addr.ipv6.sin6_addr),
-+                                    b2, sizeof(b2)-1);
-+                      break;
-+              case AF_INET:
-+                      s = inet_ntop(srv_sock->addr.plain.sa_family,
-+                                    (const void *) &(srv_sock->addr.ipv4.sin_addr),
-+                                    b2, sizeof(b2)-1);
-+                      break;
- #else
--              s = inet_ntoa(srv_sock->addr.ipv4.sin_addr);
-+              case AF_INET:
-+                      s = inet_ntoa(srv_sock->addr.ipv4.sin_addr);
-+                      break;
+--- src/network_write.c        (.../tags/lighttpd-1.4.29)
++++ src/network_write.c        (.../branches/lighttpd-1.4.x)
+@@ -24,17 +24,16 @@
+ # include <sys/resource.h>

  #endif
  #endif

-+              default:
-+                      s = "";
-+                      break;
-+              }
-               cgi_env_add(&env, CONST_STR_LEN("SERVER_ADDR"), s, strlen(s));
- 
-               s = get_http_method_name(con->request.http_method);
-@@ -848,15 +860,27 @@
-               }
- 

  
  

-+              switch (con->dst_addr.plain.sa_family) {
- #ifdef HAVE_IPV6
--              s = inet_ntop(con->dst_addr.plain.sa_family,
--                            con->dst_addr.plain.sa_family == AF_INET6 ?
--                            (const void *) &(con->dst_addr.ipv6.sin6_addr) :
--                            (const void *) &(con->dst_addr.ipv4.sin_addr),
--                            b2, sizeof(b2)-1);
-+              case AF_INET6:
-+                      s = inet_ntop(con->dst_addr.plain.sa_family,
-+                                    (const void *) &(con->dst_addr.ipv6.sin6_addr),
-+                                    b2, sizeof(b2)-1);
-+                      break;
-+              case AF_INET:
-+                      s = inet_ntop(con->dst_addr.plain.sa_family,
-+                                    (const void *) &(con->dst_addr.ipv4.sin_addr),
-+                                    b2, sizeof(b2)-1);
-+                      break;
- #else
--              s = inet_ntoa(con->dst_addr.ipv4.sin_addr);
-+              case AF_INET:
-+                      s = inet_ntoa(con->dst_addr.ipv4.sin_addr);
-+                      break;
+-int network_write_chunkqueue_write(server *srv, connection *con, int fd, chunkqueue *cq) {
++int network_write_chunkqueue_write(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes) {
+       chunk *c;
+-      size_t chunks_written = 0;
+ 
+-      for(c = cq->first; c; c = c->next) {
++      for(c = cq->first; (max_bytes > 0) && (NULL != c); c = c->next) {
+               int chunk_finished = 0;
+ 
+               switch(c->type) {
+               case MEM_CHUNK: {
+                       char * offset;
+-                      size_t toSend;
++                      off_t toSend;
+                       ssize_t r;
+ 
+                       if (c->mem->used == 0) {
+@@ -44,6 +43,8 @@
+ 
+                       offset = c->mem->ptr + c->offset;
+                       toSend = c->mem->used - 1 - c->offset;
++                      if (toSend > max_bytes) toSend = max_bytes;
++
+ #ifdef __WIN32
+                       if ((r = send(fd, offset, toSend, 0)) < 0) {
+                               /* no error handling for windows... */
+@@ -72,6 +73,7 @@
+ 
+                       c->offset += r;
+                       cq->bytes_out += r;
++                      max_bytes -= r;
+ 
+                       if (c->offset == (off_t)c->mem->used - 1) {
+                               chunk_finished = 1;
+@@ -85,7 +87,7 @@

  #endif
  #endif

-+              default:
-+                      s = "";
-+                      break;
-+              }
-               cgi_env_add(&env, CONST_STR_LEN("REMOTE_ADDR"), s, strlen(s));
+                       ssize_t r;
+                       off_t offset;
+-                      size_t toSend;
++                      off_t toSend;
+                       stat_cache_entry *sce = NULL;
+                       int ifd;

  
  

-               LI_ltostr(buf,
-Index: src/base.h
-===================================================================
---- src/base.h (.../tags/lighttpd-1.4.20)      (revision 2392)
-+++ src/base.h (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -260,6 +260,7 @@
-       unsigned short log_response_header;
-       unsigned short log_condition_handling;
-       unsigned short log_ssl_noise;
-+      unsigned short log_timeouts;
+@@ -98,6 +100,8 @@
+                       offset = c->file.start + c->offset;
+                       toSend = c->file.length - c->offset;

  
  

++                      if (toSend > max_bytes) toSend = max_bytes;
++
+                       if (offset > sce->st.st_size) {
+                               log_error_write(srv, __FILE__, __LINE__, "sb", "file was shrinked:", c->file.name);

  
  

-       /* server wide */
-@@ -497,6 +498,7 @@
- #endif
-       } stat_cache_engine;
-       unsigned short enable_cores;
-+      unsigned short reject_expect_100_with_417;
- } server_config;
+@@ -181,6 +185,7 @@

  
  

- typedef struct {
-Index: src/mod_rewrite.c
-===================================================================
---- src/mod_rewrite.c  (.../tags/lighttpd-1.4.20)      (revision 2392)
-+++ src/mod_rewrite.c  (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -350,11 +350,7 @@
- 
-       if (!p->conf.rewrite) return HANDLER_GO_ON;
+                       c->offset += r;
+                       cq->bytes_out += r;
++                      max_bytes -= r;

  
  

--      buffer_copy_string_buffer(p->match_buf, con->uri.path);
--      if (con->uri.query->used > 0) {
--              buffer_append_string_len(p->match_buf, CONST_STR_LEN("?"));
--              buffer_append_string_buffer(p->match_buf, con->uri.query);
--      }
-+      buffer_copy_string_buffer(p->match_buf, con->request.uri);
+                       if (c->offset == c->file.length) {
+                               chunk_finished = 1;
+@@ -200,11 +205,9 @@

  
  

-       for (i = 0; i < p->conf.rewrite->used; i++) {
-               pcre *match;
-Index: src/connections.c
-===================================================================
---- src/connections.c  (.../tags/lighttpd-1.4.20)      (revision 2392)
-+++ src/connections.c  (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -330,15 +330,13 @@
-       buffer_prepare_copy(b, 4 * 1024);
-       len = recv(con->fd, b->ptr, b->size - 1, 0);
- #else
--      if (ioctl(con->fd, FIONREAD, &toread)) {
--              log_error_write(srv, __FILE__, __LINE__, "sd",
--                              "unexpected end-of-file:",
--                              con->fd);
--              return -1;
-+      if (ioctl(con->fd, FIONREAD, &toread) || toread == 0) {
-+              b = chunkqueue_get_append_buffer(con->read_queue);
-+              buffer_prepare_copy(b, 4 * 1024);
-+      } else {
-+              b = chunkqueue_get_append_buffer(con->read_queue);
-+              buffer_prepare_copy(b, toread + 1);
-       }
--      b = chunkqueue_get_append_buffer(con->read_queue);
--      buffer_prepare_copy(b, toread + 1);
+                       break;
+               }

 -
 -

-       len = read(con->fd, b->ptr, b->size - 1);
- #endif
- 
-@@ -1066,6 +1064,9 @@
-                                               if (dst_c->file.fd == -1) {
-                                                       /* this should not happen as we cache the fd, but you never know */
-                                                       dst_c->file.fd = open(dst_c->file.name->ptr, O_WRONLY | O_APPEND);
-+#ifdef FD_CLOEXEC
-+                                                      fcntl(dst_c->file.fd, F_SETFD, FD_CLOEXEC);
-+#endif
-                                               }
-                                       } else {
-                                               /* the chunk is too large now, close it */
-Index: src/array.h
-===================================================================
---- src/array.h        (.../tags/lighttpd-1.4.20)      (revision 2392)
-+++ src/array.h        (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -87,6 +87,7 @@
-       COMP_HTTP_HOST,
-       COMP_HTTP_REFERER,
-       COMP_HTTP_USER_AGENT,
-+      COMP_HTTP_LANGUAGE,
-       COMP_HTTP_COOKIE,
-       COMP_HTTP_REMOTE_IP,
-       COMP_HTTP_QUERY_STRING,
-Index: src/mod_alias.c
-===================================================================
---- src/mod_alias.c    (.../tags/lighttpd-1.4.20)      (revision 2392)
-+++ src/mod_alias.c    (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -103,9 +103,8 @@
-                                       }
-                                       /* ok, they have same prefix. check position */
-                                       if (a->sorted[j] < a->sorted[k]) {
--                                              fprintf(stderr, "url.alias: `%s' will never match as `%s' matched first\n",
--                                                              key->ptr,
--                                                              prefix->ptr);
-+                                              log_error_write(srv, __FILE__, __LINE__, "SBSBS",
-+                                                      "url.alias: `", key, "' will never match as `", prefix, "' matched first");
-                                               return HANDLER_ERROR;
-                                       }
-                               }
-Index: src/configfile.c
-===================================================================
---- src/configfile.c   (.../tags/lighttpd-1.4.20)      (revision 2392)
-+++ src/configfile.c   (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -91,9 +91,11 @@
-               { "server.core-files",           NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 46 */
-               { "ssl.cipher-list",             NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER },      /* 47 */
-               { "ssl.use-sslv2",               NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 48 */
--              { "etag.use-inode",             NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 49 */
--              { "etag.use-mtime",             NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 50 */
--              { "etag.use-size",             NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 51 */
-+              { "etag.use-inode",              NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 49 */
-+              { "etag.use-mtime",              NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 50 */
-+              { "etag.use-size",               NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 51 */
-+              { "server.reject-expect-100-with-417",  NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 52 */
-+              { "debug.log-timeouts",          NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 53 */
-               { "server.host",                 "use server.bind instead", T_CONFIG_DEPRECATED, T_CONFIG_SCOPE_UNSET },
-               { "server.docroot",              "use server.document-root instead", T_CONFIG_DEPRECATED, T_CONFIG_SCOPE_UNSET },
-               { "server.virtual-root",         "load mod_simple_vhost and use simple-vhost.server-root instead", T_CONFIG_DEPRECATED, T_CONFIG_SCOPE_UNSET },
-@@ -135,6 +137,7 @@
- 
-       cv[43].destination = &(srv->srvconf.max_conns);
-       cv[12].destination = &(srv->srvconf.max_request_size);
-+      cv[52].destination = &(srv->srvconf.reject_expect_100_with_417);
-       srv->config_storage = calloc(1, srv->config_context->used * sizeof(specific_config *));
+-              chunks_written++;
+       }

  
  

-       assert(srv->config_storage);
-@@ -159,7 +162,7 @@
-               s->max_write_idle = 360;
-               s->use_xattr     = 0;
-               s->is_ssl        = 0;
--              s->ssl_use_sslv2 = 1;
-+              s->ssl_use_sslv2 = 0;
-               s->use_ipv6      = 0;
- #ifdef HAVE_LSTAT
-               s->follow_symlink = 1;
-@@ -207,6 +210,7 @@
-               cv[33].destination = &(s->log_response_header);
-               cv[34].destination = &(s->log_request_header);
-               cv[35].destination = &(s->log_ssl_noise);
-+              cv[53].destination = &(s->log_timeouts);
- 
-               cv[36].destination = &(s->allow_http11);
-               cv[39].destination = s->ssl_ca_file;
-@@ -374,6 +378,8 @@
-                               PATCH(log_file_not_found);
-                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("debug.log-ssl-noise"))) {
-                               PATCH(log_ssl_noise);
-+                      } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("debug.log-timeouts"))) {
-+                              PATCH(log_timeouts);
-                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("server.protocol-http11"))) {
-                               PATCH(allow_http11);
-                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("server.force-lowercase-filenames"))) {
-@@ -940,7 +946,6 @@
+-      return chunks_written;
++      return 0;

  }
  
  }
  

- int config_parse_cmd(server *srv, config_t *context, const char *cmd) {
--      proc_handler_t proc;
-       tokenizer_t t;
-       int ret;
-       buffer *source;
-@@ -960,7 +965,7 @@
-               chdir(context->basedir->ptr);
-       }
- 
--      if (0 != proc_open_buffer(&proc, cmd, NULL, out, NULL)) {
-+      if (0 != proc_open_buffer(cmd, NULL, out, NULL)) {
-               log_error_write(srv, __FILE__, __LINE__, "sbss",
-                               "opening", source, "failed:", strerror(errno));
-               ret = -1;
-Index: src/mod_trigger_b4_dl.c
+ #if 0
+Index: src/mod_secure_download.c

 ===================================================================
 ===================================================================

---- src/mod_trigger_b4_dl.c    (.../tags/lighttpd-1.4.20)      (revision 2392)
-+++ src/mod_trigger_b4_dl.c    (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -1,5 +1,6 @@
- #include <ctype.h>
+--- src/mod_secure_download.c  (.../tags/lighttpd-1.4.29)
++++ src/mod_secure_download.c  (.../branches/lighttpd-1.4.x)
+@@ -8,18 +8,8 @@

  #include <stdlib.h>
  #include <stdlib.h>

-+#include <fcntl.h>

  #include <string.h>
  
  #include <string.h>
  

- #include "base.h"
-@@ -180,6 +181,9 @@
-                                               "gdbm-open failed");
-                               return HANDLER_ERROR;
-                       }
-+#ifdef FD_CLOEXEC
-+                      fcntl(gdbm_fdesc(s->db), F_SETFD, FD_CLOEXEC);
-+#endif
-               }
- #endif
- #if defined(HAVE_PCRE_H)
-Index: src/mod_mysql_vhost.c
-===================================================================
---- src/mod_mysql_vhost.c      (.../tags/lighttpd-1.4.20)      (revision 2392)
-+++ src/mod_mysql_vhost.c      (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -245,7 +245,6 @@
-               if (!(buffer_is_empty(s->myuser) ||
-                     buffer_is_empty(s->mydb))) {
-                       my_bool reconnect = 1;
--                      int fd;
- 
-                       if (NULL == (s->mysql = mysql_init(NULL))) {
-                               log_error_write(srv, __FILE__, __LINE__, "s", "mysql_init() failed, exiting...");
-@@ -267,19 +266,27 @@
-                               return HANDLER_ERROR;
-                       }
- #undef FOO
-+
-+#if 0
-                       /* set close_on_exec for mysql the hard way */
-                       /* Note: this only works as it is done during startup, */
-                       /* otherwise we cannot be sure that mysql is fd i-1 */
--                      if (-1 == (fd = open("/dev/null", 0))) {
-+                      { int fd;
-+                      if (-1 != (fd = open("/dev/null", 0))) {
-                               close(fd);
-+#ifdef FD_CLOEXEC
-                               fcntl(fd-1, F_SETFD, FD_CLOEXEC);
--                      }
-+#endif
-+                      } }
-+#else
-+#ifdef FD_CLOEXEC
-+                      fcntl(s->mysql->net.fd, F_SETFD, FD_CLOEXEC);
-+#endif
-+#endif
-               }
-       }
+-#ifdef USE_OPENSSL
+-# include <openssl/md5.h>
+-#else
+-# include "md5.h"
++#include "md5.h"

  
  

+-typedef li_MD5_CTX MD5_CTX;
+-#define MD5_Init li_MD5_Init
+-#define MD5_Update li_MD5_Update
+-#define MD5_Final li_MD5_Final

 -
 -

+-#endif

 -
 -

--        return HANDLER_GO_ON;
-+      return HANDLER_GO_ON;
- }
+ #define HASHLEN 16
+ typedef unsigned char HASH[HASHLEN];
+ #define HASHHEXLEN 32
+@@ -200,7 +190,7 @@
+ 
+ URIHANDLER_FUNC(mod_secdownload_uri_handler) {
+       plugin_data *p = p_d;
+-      MD5_CTX Md5Ctx;
++      li_MD5_CTX Md5Ctx;
+       HASH HA1;
+       const char *rel_uri, *ts_str, *md5_str;
+       time_t ts = 0;
+@@ -266,9 +256,9 @@
+       buffer_append_string(p->md5, rel_uri);
+       buffer_append_string_len(p->md5, ts_str, 8);
+ 
+-      MD5_Init(&Md5Ctx);
+-      MD5_Update(&Md5Ctx, (unsigned char *)p->md5->ptr, p->md5->used - 1);
+-      MD5_Final(HA1, &Md5Ctx);
++      li_MD5_Init(&Md5Ctx);
++      li_MD5_Update(&Md5Ctx, (unsigned char *)p->md5->ptr, p->md5->used - 1);
++      li_MD5_Final(HA1, &Md5Ctx);
+ 
+       buffer_copy_string_hex(p->md5, (char *)HA1, 16);

  
  

- #define PATCH(x) \
-Index: src/request.c
-===================================================================
---- src/request.c      (.../tags/lighttpd-1.4.20)      (revision 2392)
-+++ src/request.c      (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -894,11 +894,12 @@
-                                                                *
-                                                                */
- 
--                                                              con->http_status = 417;
--                                                              con->keep_alive = 0;
--
--                                                              array_insert_unique(con->request.headers, (data_unset *)ds);
--                                                              return 0;
-+                                                              if (srv->srvconf.reject_expect_100_with_417 && 0 == buffer_caseless_compare(CONST_BUF_LEN(ds->value), CONST_STR_LEN("100-continue"))) {
-+                                                                      con->http_status = 417;
-+                                                                      con->keep_alive = 0;
-+                                                                      array_insert_unique(con->request.headers, (data_unset *)ds);
-+                                                                      return 0;
-+                                                              }
-                                                       } else if (cmp > 0 && 0 == (cmp = buffer_caseless_compare(CONST_BUF_LEN(ds->key), CONST_STR_LEN("Host")))) {
-                                                               if (!con->request.http_host) {
-                                                                       con->request.http_host = ds->value;
-@@ -1020,7 +1021,7 @@
-                               /* strip leading WS */
-                               if (value == cur) value = cur+1;
-                       default:
--                              if (*cur >= 0 && *cur < 32) {
-+                              if (*cur >= 0 && *cur < 32 && *cur != '\t') {
-                                       if (srv->srvconf.log_request_header_on_error) {
-                                               log_error_write(srv, __FILE__, __LINE__, "sds",
-                                                               "invalid char in header", (int)*cur, "-> 400");
-Index: src/inet_ntop_cache.c
+Index: src/base.h

 ===================================================================
 ===================================================================

---- src/inet_ntop_cache.c      (.../tags/lighttpd-1.4.20)      (revision 2392)
-+++ src/inet_ntop_cache.c      (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -11,7 +11,7 @@
- #ifdef HAVE_IPV6
-       size_t ndx = 0, i;
-       for (i = 0; i < INET_NTOP_CACHE_MAX; i++) {
--              if (srv->inet_ntop_cache[i].ts != 0) {
-+              if (srv->inet_ntop_cache[i].ts != 0 && srv->inet_ntop_cache[i].family == addr->plain.sa_family) {
-                       if (srv->inet_ntop_cache[i].family == AF_INET6 &&
-                           0 == memcmp(srv->inet_ntop_cache[i].addr.ipv6.s6_addr, addr->ipv6.sin6_addr.s6_addr, 16)) {
-                               /* IPv6 found in cache */
-Index: src/mod_rrdtool.c
+--- src/base.h (.../tags/lighttpd-1.4.29)
++++ src/base.h (.../branches/lighttpd-1.4.x)
+@@ -277,6 +277,7 @@
+       buffer *ssl_cipher_list;
+       buffer *ssl_dh_file;
+       buffer *ssl_ec_curve;
++      unsigned short ssl_honor_cipher_order; /* determine SSL cipher in server-preferred order, not client-order */
+       unsigned short ssl_use_sslv2;
+       unsigned short ssl_use_sslv3;
+       unsigned short ssl_verifyclient;
+@@ -284,6 +285,7 @@
+       unsigned short ssl_verifyclient_depth;
+       buffer *ssl_verifyclient_username;
+       unsigned short ssl_verifyclient_export_cert;
++      unsigned short ssl_disable_client_renegotiation;
+ 
+       unsigned short use_ipv6, set_v6only; /* set_v6only is only a temporary option */
+       unsigned short defer_accept;
+@@ -437,6 +439,7 @@
+ # ifndef OPENSSL_NO_TLSEXT
+       buffer *tlsext_server_name;
+ # endif
++      unsigned int renegotiations; /* count of SSL_CB_HANDSHAKE_START */
+ #endif
+       /* etag handling */
+       etag_flags_t etag_flags;
+@@ -647,11 +650,9 @@
+ 
+       fdevent_handler_t event_handler;
+ 
+-      int (* network_backend_write)(struct server *srv, connection *con, int fd, chunkqueue *cq);
+-      int (* network_backend_read)(struct server *srv, connection *con, int fd, chunkqueue *cq);
++      int (* network_backend_write)(struct server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes);
+ #ifdef USE_OPENSSL
+-      int (* network_ssl_backend_write)(struct server *srv, connection *con, SSL *ssl, chunkqueue *cq);
+-      int (* network_ssl_backend_read)(struct server *srv, connection *con, SSL *ssl, chunkqueue *cq);
++      int (* network_ssl_backend_write)(struct server *srv, connection *con, SSL *ssl, chunkqueue *cq, off_t max_bytes);
+ #endif
+ 
+       uid_t uid;
+Index: src/connections.c

 ===================================================================
 ===================================================================

---- src/mod_rrdtool.c  (.../tags/lighttpd-1.4.20)      (revision 2392)
-+++ src/mod_rrdtool.c  (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -179,6 +179,11 @@
-               p->read_fd = from_rrdtool_fds[0];
-               p->rrdtool_pid = pid;
- 
-+#ifdef FD_CLOEXEC
-+              fcntl(p->write_fd, F_SETFD, FD_CLOEXEC);
-+              fcntl(p->read_fd, F_SETFD, FD_CLOEXEC);
-+#endif
+--- src/connections.c  (.../tags/lighttpd-1.4.29)
++++ src/connections.c  (.../branches/lighttpd-1.4.x)
+@@ -223,6 +223,12 @@
+ 
+               len = SSL_read(con->ssl, b->ptr + read_offset, toread);
+ 
++              if (con->renegotiations > 1 && con->conf.ssl_disable_client_renegotiation) {
++                      connection_set_state(srv, con, CON_STATE_ERROR);
++                      log_error_write(srv, __FILE__, __LINE__, "s", "SSL: renegotiation initiated by client");
++                      return -1;
++              }

 +
 +

+               if (len > 0) {
+                       if (b->used > 0) b->used--;
+                       b->used += len;
+@@ -445,6 +451,7 @@
+               default:
+                       switch(con->http_status) {
+                       case 400: /* bad request */
++                      case 401: /* authorization required */
+                       case 414: /* overload request header */
+                       case 505: /* unknown protocol */
+                       case 207: /* this was webdav */
+@@ -617,8 +624,9 @@
+ }
+ 
+ static int connection_handle_write(server *srv, connection *con) {
+-      switch(network_write_chunkqueue(srv, con, con->write_queue)) {
++      switch(network_write_chunkqueue(srv, con, con->write_queue, MAX_WRITE_LIMIT)) {
+       case 0:
++              con->write_request_ts = srv->cur_ts;
+               if (con->file_finished) {
+                       connection_set_state(srv, con, CON_STATE_RESPONSE_END);
+                       joblist_append(srv, con);
+@@ -635,6 +643,7 @@
+               joblist_append(srv, con);

                break;
                break;

-       }
-       }
-Index: src/response.c
-===================================================================
---- src/response.c     (.../tags/lighttpd-1.4.20)      (revision 2392)
-+++ src/response.c     (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -44,16 +44,15 @@
-       buffer_append_string(b, get_http_status_name(con->http_status));
- 
-       if (con->request.http_version != HTTP_VERSION_1_1 || con->keep_alive == 0) {
--              buffer_append_string_len(b, CONST_STR_LEN("\r\nConnection: "));
-               if (con->keep_alive) {
--                      buffer_append_string_len(b, CONST_STR_LEN("keep-alive"));
-+                      response_header_overwrite(srv, con, CONST_STR_LEN("Connection"), CONST_STR_LEN("keep-alive"));
-               } else {
--                      buffer_append_string_len(b, CONST_STR_LEN("close"));
-+                      response_header_overwrite(srv, con, CONST_STR_LEN("Connection"), CONST_STR_LEN("close"));
+       case 1:
++              con->write_request_ts = srv->cur_ts;
+               con->is_writable = 0;
+ 
+               /* not finished yet -> WRITE */
+@@ -1251,8 +1260,6 @@
+                       log_error_write(srv, __FILE__, __LINE__, "ds",
+                                       con->fd,
+                                       "handle write failed.");
+-              } else if (con->state == CON_STATE_WRITE) {
+-                      con->write_request_ts = srv->cur_ts;

                }
        }
  
                }
        }
  

-       if (con->response.transfer_encoding & HTTP_TRANSFER_ENCODING_CHUNKED) {
--              buffer_append_string_len(b, CONST_STR_LEN("\r\nTransfer-Encoding: chunked"));
-+              response_header_overwrite(srv, con, CONST_STR_LEN("Transfer-Encoding"), CONST_STR_LEN("chunked"));
-       }
+@@ -1352,6 +1359,7 @@
+                               return NULL;
+                       }

  
  

++                      con->renegotiations = 0;
+ #ifndef OPENSSL_NO_TLSEXT
+                       SSL_set_app_data(con->ssl, con);
+ #endif
+@@ -1667,8 +1675,6 @@
+                                                       con->fd,
+                                                       "handle write failed.");
+                                       connection_set_state(srv, con, CON_STATE_ERROR);
+-                              } else if (con->state == CON_STATE_WRITE) {
+-                                      con->write_request_ts = srv->cur_ts;
+                               }
+                       }

  
  

-@@ -199,6 +198,7 @@
-               config_patch_connection(srv, con, COMP_HTTP_REMOTE_IP); /* Client-IP */
-               config_patch_connection(srv, con, COMP_HTTP_REFERER);   /* Referer:     */
-               config_patch_connection(srv, con, COMP_HTTP_USER_AGENT);/* User-Agent:  */
-+              config_patch_connection(srv, con, COMP_HTTP_LANGUAGE);  /* Accept-Language:  */
-               config_patch_connection(srv, con, COMP_HTTP_COOKIE);    /* Cookie:  */
-               config_patch_connection(srv, con, COMP_HTTP_REQUEST_METHOD); /* REQUEST_METHOD */
+Index: src/mod_staticfile.c
+===================================================================
+--- src/mod_staticfile.c       (.../tags/lighttpd-1.4.29)
++++ src/mod_staticfile.c       (.../branches/lighttpd-1.4.x)
+@@ -26,6 +26,7 @@
+ typedef struct {
+       array *exclude_ext;
+       unsigned short etags_used;
++      unsigned short disable_pathinfo;
+ } plugin_config;

  
  

-@@ -233,6 +233,27 @@
-               }
+ typedef struct {
+@@ -84,6 +85,7 @@
+       config_values_t cv[] = {
+               { "static-file.exclude-extensions", NULL, T_CONFIG_ARRAY, T_CONFIG_SCOPE_CONNECTION },       /* 0 */
+               { "static-file.etags",    NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 1 */
++              { "static-file.disable-pathinfo", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 2 */
+               { NULL,                         NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
+       };

  
  

+@@ -97,9 +99,11 @@
+               s = calloc(1, sizeof(plugin_config));
+               s->exclude_ext    = array_init();
+               s->etags_used     = 1;
++              s->disable_pathinfo = 0;

  
  

-+              /**
-+               *
-+               * call plugins
-+               *
-+               * - based on the raw URL
-+               *
-+               */
-+
-+              switch(r = plugins_call_handle_uri_raw(srv, con)) {
-+              case HANDLER_GO_ON:
-+                      break;
-+              case HANDLER_FINISHED:
-+              case HANDLER_COMEBACK:
-+              case HANDLER_WAIT_FOR_EVENT:
-+              case HANDLER_ERROR:
-+                      return r;
-+              default:
-+                      log_error_write(srv, __FILE__, __LINE__, "sd", "handle_uri_raw: unknown return value", r);
-+                      break;
-+              }
-+
-               /* build filename
-                *
-                * - decode url-encodings  (e.g. %20 -> ' ')
-@@ -240,6 +261,7 @@
-                */
+               cv[0].destination = s->exclude_ext;
+               cv[1].destination = &(s->etags_used);
++              cv[2].destination = &(s->disable_pathinfo);

  
  

+               p->config_storage[i] = s;

  
  

-+
-               if (con->request.http_method == HTTP_METHOD_OPTIONS &&
-                   con->uri.path_raw->ptr[0] == '*' && con->uri.path_raw->ptr[1] == '\0') {
-                       /* OPTIONS * ... */
-@@ -255,32 +277,10 @@
-                       log_error_write(srv, __FILE__, __LINE__,  "sb", "URI-path     : ", con->uri.path);
-               }
+@@ -119,6 +123,7 @@

  
  

--
-               /**
-                *
-                * call plugins
-                *
--               * - based on the raw URL
--               *
--               */
--
--              switch(r = plugins_call_handle_uri_raw(srv, con)) {
--              case HANDLER_GO_ON:
--                      break;
--              case HANDLER_FINISHED:
--              case HANDLER_COMEBACK:
--              case HANDLER_WAIT_FOR_EVENT:
--              case HANDLER_ERROR:
--                      return r;
--              default:
--                      log_error_write(srv, __FILE__, __LINE__, "sd", "handle_uri_raw: unknown return value", r);
--                      break;
--              }
--
--              /**
--               *
--               * call plugins
--               *
-                * - based on the clean URL
-                *
-                */
-Index: src/buffer.c
-===================================================================
---- src/buffer.c       (.../tags/lighttpd-1.4.20)      (revision 2392)
-+++ src/buffer.c       (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -159,7 +159,7 @@
-       if (!src) return -1;
- 
-       if (src->used == 0) {
--              b->used = 0;
-+              buffer_reset(b);
-               return 0;
-       }
-       return buffer_copy_string_len(b, src->ptr, src->used - 1);
-@@ -187,6 +187,7 @@
-       if (!s || !b) return -1;
- 
-       s_len = strlen(s);
-+      if (s_len > maxlen)  s_len = maxlen;
-       buffer_prepare_append(b, maxlen + 1);
-       if (b->used == 0)
-               b->used++;
-Index: src/mod_simple_vhost.c
-===================================================================
---- src/mod_simple_vhost.c     (.../tags/lighttpd-1.4.20)      (revision 2392)
-+++ src/mod_simple_vhost.c     (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -249,6 +249,8 @@
-                               return HANDLER_GO_ON;
-                       } else {
-                               buffer_copy_string_buffer(con->server_name, p->conf.default_host);
-+                              /* do not cache default host */
-+                              return HANDLER_GO_ON;
-                       }
-               } else {
-                       buffer_copy_string_buffer(con->server_name, con->uri.authority);
-Index: src/mod_proxy.c
-===================================================================
---- src/mod_proxy.c    (.../tags/lighttpd-1.4.20)      (revision 2392)
-+++ src/mod_proxy.c    (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -454,6 +454,7 @@
- 
-               if (ds->value->used && ds->key->used) {
-                       if (buffer_is_equal_string(ds->key, CONST_STR_LEN("Connection"))) continue;
-+                      if (buffer_is_equal_string(ds->key, CONST_STR_LEN("Proxy-Connection"))) continue;
- 
-                       buffer_append_string_buffer(b, ds->key);
-                       buffer_append_string_len(b, CONST_STR_LEN(": "));
-@@ -652,7 +653,7 @@
-                       buffer_prepare_append(hctx->response, b + 1);
-                       hctx->response->used = 1;
-               } else {
--                      buffer_prepare_append(hctx->response, hctx->response->used + b);
-+                      buffer_prepare_append(hctx->response, b);
+       PATCH(exclude_ext);
+       PATCH(etags_used);
++      PATCH(disable_pathinfo);
+ 
+       /* skip the first, the global context */
+       for (i = 1; i < srv->config_context->used; i++) {
+@@ -136,7 +141,9 @@
+                               PATCH(exclude_ext);
+                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("static-file.etags"))) {
+                               PATCH(etags_used);
+-                      } 
++                      } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("static-file.disable-pathinfo"))) {
++                              PATCH(disable_pathinfo);
++                      }

                }
                }

+       }

  
  

-               if (-1 == (r = read(hctx->fd, hctx->response->ptr + hctx->response->used - 1, b))) {
-@@ -1198,7 +1199,8 @@
-               host = (data_proxy *)extension->value->data[0];
+@@ -350,7 +357,6 @@
+ URIHANDLER_FUNC(mod_staticfile_subrequest) {
+       plugin_data *p = p_d;
+       size_t k;
+-      int s_len;
+       stat_cache_entry *sce = NULL;
+       buffer *mtime = NULL;
+       data_string *ds;
+@@ -376,7 +382,12 @@

  
  

-               /* Use last_used_ndx from first host in list */
--              k = ndx = host->last_used_ndx;
-+              k = host->last_used_ndx;
-+              ndx = k + 1; /* use next host after the last one */
-               if (ndx < 0) ndx = 0;
+       mod_staticfile_patch_connection(srv, con, p);

  
  

-               /* Search first active host after last_used_ndx */
-Index: src/config.h.cmake
-===================================================================
---- src/config.h.cmake (.../tags/lighttpd-1.4.20)      (revision 0)
-+++ src/config.h.cmake (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -0,0 +1,157 @@
-+/*
-+    CMake autogenerated config.h file. Do not edit!
-+*/
-+
-+/* Package details */
-+#define LIGHTTPD_VERSION_ID ${LIGHTTPD_VERSION_ID}
-+#define PACKAGE_NAME "${PACKAGE_NAME}"
-+#define PACKAGE_VERSION "${PACKAGE_VERSION}"
-+#define PACKAGE_BUILD_DATE "${PACKAGE_BUILD_DATE}"
-+#define LIBRARY_DIR "${LIGHTTPD_LIBRARY_DIR}"
-+
-+/* System */
-+#cmakedefine  HAVE_SYS_DEVPOLL_H
-+#cmakedefine  HAVE_SYS_EPOLL_H
-+#cmakedefine  HAVE_SYS_EVENT_H
-+#cmakedefine  HAVE_SYS_MMAN_H
-+#cmakedefine  HAVE_SYS_POLL_H
-+#cmakedefine  HAVE_SYS_PORT_H
-+#cmakedefine  HAVE_SYS_PRCTL_H
-+#cmakedefine  HAVE_SYS_RESOURCE_H
-+#cmakedefine  HAVE_SYS_SENDFILE_H
-+#cmakedefine  HAVE_SYS_SELECT_H
-+#cmakedefine  HAVE_SYS_SYSLIMITS_H
-+#cmakedefine  HAVE_SYS_TYPES_H
-+#cmakedefine  HAVE_SYS_UIO_H
-+#cmakedefine  HAVE_SYS_UN_H
-+#cmakedefine  HAVE_SYS_WAIT_H
-+#cmakedefine HAVE_SYS_TIME_H
-+#cmakedefine HAVE_UNISTD_H
-+#cmakedefine HAVE_PTHREAD_H
-+#cmakedefine HAVE_INET_ATON
-+#cmakedefine HAVE_IPV6
-+
-+/* XATTR */
-+#cmakedefine HAVE_ATTR_ATTRIBUTES_H
-+#cmakedefine HAVE_XATTR
-+
-+/* mySQL */
-+#cmakedefine  HAVE_MYSQL_H
-+#cmakedefine  HAVE_MYSQL
-+
-+/* OpenSSL */
-+#cmakedefine  HAVE_OPENSSL_SSL_H
-+#cmakedefine  HAVE_LIBCRYPTO
-+#cmakedefine  OPENSSL_NO_KRB5
-+#cmakedefine  HAVE_LIBSSL
-+
-+/* BZip */
-+#cmakedefine  HAVE_BZLIB_H
-+#cmakedefine  HAVE_LIBBZ2
-+
-+/* FAM */
-+#cmakedefine  HAVE_FAM_H
-+#cmakedefine  HAVE_FAMNOEXISTS
-+
-+/* getopt */
-+#cmakedefine  HAVE_GETOPT_H
-+
-+#cmakedefine  HAVE_INTTYPES_H
-+
-+/* LDAP */
-+#cmakedefine  HAVE_LDAP_H
-+#cmakedefine  HAVE_LIBLDAP
-+#cmakedefine  HAVE_LBER_H
-+#cmakedefine  HAVE_LIBLBER
-+#cmakedefine  LDAP_DEPRECATED 1
-+
-+/* XML */
-+#cmakedefine  HAVE_LIBXML_H
-+#cmakedefine  HAVE_LIBXML
-+
-+/* PCRE */
-+#cmakedefine  HAVE_PCRE_H
-+#cmakedefine  HAVE_LIBPCRE
-+
-+#cmakedefine  HAVE_POLL_H
-+#cmakedefine  HAVE_PWD_H
-+
-+/* sqlite3 */
-+#cmakedefine  HAVE_SQLITE3_H
-+#cmakedefine  HAVE_LIBPCRE
-+
-+#cmakedefine  HAVE_STDDEF_H
-+#cmakedefine  HAVE_STDINT_H
-+#cmakedefine  HAVE_SYSLOG_H
-+
-+/* UUID */
-+#cmakedefine  HAVE_UUID_UUID_H
-+#cmakedefine  HAVE_LIBUUID
-+
-+/* ZLIB */
-+#cmakedefine  HAVE_ZLIB_H
-+#cmakedefine  HAVE_LIBZ
-+
-+/* lua */
-+#cmakedefine  HAVE_LUA_H
-+#cmakedefine  HAVE_LIBLUA
-+
-+/* gdbm */
-+#cmakedefine  HAVE_GDBM_H
-+#cmakedefine  HAVE_GDBM
-+
-+/* memcache */
-+#cmakedefine  HAVE_MEMCACHE_H
-+
-+/* inotify */
-+#cmakedefine  HAVE_INOTIFY_INIT
-+#cmakedefine  HAVE_SYS_INOTIFY_H
-+
-+/* Types */
-+#cmakedefine  HAVE_SOCKLEN_T
-+#cmakedefine  SIZEOF_LONG ${SIZEOF_LONG}
-+#cmakedefine  SIZEOF_OFF_T ${SIZEOF_OFF_T}
-+
-+/* Functions */
-+#cmakedefine  HAVE_CHROOT
-+#cmakedefine  HAVE_CRYPT
-+#cmakedefine  HAVE_EPOLL_CTL
-+#cmakedefine  HAVE_FORK
-+#cmakedefine  HAVE_GETRLIMIT
-+#cmakedefine  HAVE_GETUID
-+#cmakedefine  HAVE_GMTIME_R
-+#cmakedefine  HAVE_INET_NTOP
-+#cmakedefine  HAVE_KQUEUE
-+#cmakedefine  HAVE_LOCALTIME_R
-+#cmakedefine  HAVE_LSTAT
-+#cmakedefine  HAVE_MADVISE
-+#cmakedefine  HAVE_MEMCPY
-+#cmakedefine  HAVE_MEMSET
-+#cmakedefine  HAVE_MMAP
-+#cmakedefine  HAVE_PATHCONF
-+#cmakedefine  HAVE_POLL
-+#cmakedefine  HAVE_PORT_CREATE
-+#cmakedefine  HAVE_PRCTL
-+#cmakedefine  HAVE_PREAD
-+#cmakedefine  HAVE_POSIX_FADVISE
-+#cmakedefine  HAVE_SELECT
-+#cmakedefine  HAVE_SENDFILE
-+#cmakedefine  HAVE_SEND_FILE
-+#cmakedefine  HAVE_SENDFILE64
-+#cmakedefine  HAVE_SENDFILEV
-+#cmakedefine  HAVE_SIGACTION
-+#cmakedefine  HAVE_SIGNAL
-+#cmakedefine  HAVE_SIGTIMEDWAIT
-+#cmakedefine  HAVE_STRPTIME
-+#cmakedefine  HAVE_SYSLOG
-+#cmakedefine  HAVE_WRITEV
-+
-+/* libcrypt */
-+#cmakedefine  HAVE_CRYPT_H
-+#cmakedefine  HAVE_LIBCRYPT
-+
-+/* fastcgi */
-+#cmakedefine HAVE_FASTCGI_H
-+#cmakedefine HAVE_FASTCGI_FASTCGI_H
-+
-+#cmakedefine LIGHTTPD_STATIC
-Index: src/network_freebsd_sendfile.c
-===================================================================
---- src/network_freebsd_sendfile.c     (.../tags/lighttpd-1.4.20)      (revision 2392)
-+++ src/network_freebsd_sendfile.c     (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -167,6 +167,7 @@
-                               switch(errno) {
-                               case EAGAIN:
-                               case EINTR:
-+                                      r = 0; /* try again later */
-                                       break;
-                               case ENOTCONN:
-                                       return -2;
-@@ -174,10 +175,7 @@
-                                       log_error_write(srv, __FILE__, __LINE__, "ssd", "sendfile: ", strerror(errno), errno);
-                                       return -1;
-                               }
--                      }
--
--                      if (r == 0 && (errno != EAGAIN && errno != EINTR)) {
--                              int oerrno = errno;
-+                      } else if (r == 0) {
-                               /* We got an event to write but we wrote nothing
-                                *
-                                * - the file shrinked -> error
-@@ -190,12 +188,9 @@
- 
-                               if (offset >= sce->st.st_size) {
-                                       /* file shrinked, close the connection */
--                                      errno = oerrno;
--
-                                       return -1;
-                               }
- 
--                              errno = oerrno;
-                               return -2;
-                       }
+-      s_len = con->uri.path->used - 1;
++      if (p->conf.disable_pathinfo && 0 != con->request.pathinfo->used) {
++              if (con->conf.log_request_handling) {
++                      log_error_write(srv, __FILE__, __LINE__,  "s",  "-- NOT handling file as static file, pathinfo forbidden");
++              }
++              return HANDLER_GO_ON;
++      }

  
  

-Index: src/http_auth.c
+       /* ignore certain extensions */
+       for (k = 0; k < p->conf.exclude_ext->used; k++) {
+Index: src/network.c

 ===================================================================
 ===================================================================

---- src/http_auth.c    (.../tags/lighttpd-1.4.20)      (revision 2392)
-+++ src/http_auth.c    (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -57,22 +57,25 @@
- 
- static const char base64_pad = '=';
- 
-+/* "A-Z a-z 0-9 + /" maps to 0-63 */
- static const short base64_reverse_table[256] = {
--              -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
--                      -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
--                      -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 62, -1, -1, -1, 63,
--                      52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -1, -1, -1, -1, -1, -1,
--                      -1,  0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14,
--                      15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, -1,
--                      -1, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40,
--                      41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -1, -1, -1, -1, -1,
--                      -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
--                      -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
--                      -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
--                      -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
--                      -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
--                      -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
--                      -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1
-+/*     0   1   2   3   4   5   6   7   8   9   A   B   C   D   E   F */
-+      -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0x00 - 0x0F */
-+      -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0x10 - 0x1F */
-+      -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 62, -1, -1, -1, 63, /* 0x20 - 0x2F */
-+      52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -1, -1, -1, -1, -1, -1, /* 0x30 - 0x3F */
-+      -1,  0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, /* 0x40 - 0x4F */
-+      15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, -1, /* 0x50 - 0x5F */
-+      -1, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, /* 0x60 - 0x6F */
-+      41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -1, -1, -1, -1, -1, /* 0x70 - 0x7F */
-+      -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0x80 - 0x8F */
-+      -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0x90 - 0x9F */
-+      -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0xA0 - 0xAF */
-+      -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0xB0 - 0xBF */
-+      -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0xC0 - 0xCF */
-+      -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0xD0 - 0xDF */
-+      -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0xE0 - 0xEF */
-+      -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0xF0 - 0xFF */
- };
- 
- 
-@@ -697,7 +700,7 @@
-               }
-       } else if (p->conf.auth_backend == AUTH_BACKEND_LDAP) {
- #ifdef USE_LDAP
--              LDAP *ldap = NULL;
-+              LDAP *ldap;
-               LDAPMessage *lm, *first;
-               char *dn;
-               int ret;
-@@ -742,56 +745,45 @@
-               buffer_append_string_buffer(p->ldap_filter, username);
-               buffer_append_string_buffer(p->ldap_filter, p->conf.ldap_filter_post);
+--- src/network.c      (.../tags/lighttpd-1.4.29)
++++ src/network.c      (.../branches/lighttpd-1.4.x)
+@@ -27,6 +27,19 @@
+ # include <openssl/rand.h>
+ #endif

  
  

++#ifdef USE_OPENSSL
++static void ssl_info_callback(const SSL *ssl, int where, int ret) {
++      UNUSED(ret);

 +
 +

-               /* 2. */
--              if (p->conf.ldap == NULL ||
--                  LDAP_SUCCESS != (ret = ldap_search_s(p->conf.ldap, p->conf.auth_ldap_basedn->ptr, LDAP_SCOPE_SUBTREE, p->ldap_filter->ptr, attrs, 0, &lm))) {
--                      /* try again if ldap was only temporary down */
--                      if (p->conf.ldap == NULL || ret != LDAP_SERVER_DOWN ||  LDAP_SUCCESS != (ret = ldap_search_s(p->conf.ldap, p->conf.auth_ldap_basedn->ptr, LDAP_SCOPE_SUBTREE, p->ldap_filter->ptr, attrs, 0, &lm))) {
--                              if (auth_ldap_init(srv, &p->conf) != HANDLER_GO_ON)
-+              if (p->anon_conf->ldap == NULL ||
-+                  LDAP_SUCCESS != (ret = ldap_search_s(p->anon_conf->ldap, p->conf.auth_ldap_basedn->ptr, LDAP_SCOPE_SUBTREE, p->ldap_filter->ptr, attrs, 0, &lm))) {
-+
-+                      /* try again; the ldap library sometimes fails for the first call but reconnects */
-+                      if (p->anon_conf->ldap == NULL || ret != LDAP_SERVER_DOWN ||
-+                          LDAP_SUCCESS != (ret = ldap_search_s(p->anon_conf->ldap, p->conf.auth_ldap_basedn->ptr, LDAP_SCOPE_SUBTREE, p->ldap_filter->ptr, attrs, 0, &lm))) {
++      if (0 != (where & SSL_CB_HANDSHAKE_START)) {
++              connection *con = SSL_get_app_data(ssl);
++              ++con->renegotiations;
++      } else if (0 != (where & SSL_CB_HANDSHAKE_DONE)) {
++              ssl->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
++      }
++}
++#endif

 +
 +

-+                              if (auth_ldap_init(srv, p->anon_conf) != HANDLER_GO_ON)
-                                       return -1;
+ static handler_t network_server_handle_fdevent(server *srv, void *context, int revents) {
+       server_socket *srv_socket = (server_socket *)context;
+       connection *con;
+@@ -480,9 +493,11 @@
+       network_backend_t backend;

  
  

--                              ldap = p->conf.ldap; /* save temporary ldap connection (TODO: redo ldap) */
--                              if (LDAP_SUCCESS != (ret = ldap_search_s(p->conf.ldap, p->conf.auth_ldap_basedn->ptr, LDAP_SCOPE_SUBTREE, p->ldap_filter->ptr, attrs, 0, &lm))) {
-+                              if (p->anon_conf->ldap == NULL ||
-+                                  LDAP_SUCCESS != (ret = ldap_search_s(p->anon_conf->ldap, p->conf.auth_ldap_basedn->ptr, LDAP_SCOPE_SUBTREE, p->ldap_filter->ptr, attrs, 0, &lm))) {
-                                       log_error_write(srv, __FILE__, __LINE__, "sssb",
-                                                       "ldap:", ldap_err2string(ret), "filter:", p->ldap_filter);
--                                      /* destroy temporary ldap connection (TODO: redo ldap) */
--                                      ldap_unbind_s(ldap);
-                                       return -1;
-                               }
-                       }
-               }
+ #if OPENSSL_VERSION_NUMBER >= 0x0090800fL
++#ifndef OPENSSL_NO_ECDH
+       EC_KEY *ecdh;
+       int nid;
+ #endif
++#endif

  
  

--              if (NULL == (first = ldap_first_entry(p->conf.ldap, lm))) {
--                      /* No matching entry is not an error */
--                      /* log_error_write(srv, __FILE__, __LINE__, "s", "ldap ..."); */
-+              if (NULL == (first = ldap_first_entry(p->anon_conf->ldap, lm))) {
-+                      log_error_write(srv, __FILE__, __LINE__, "s", "ldap ...");
+ #ifdef USE_OPENSSL
+       DH *dh;
+@@ -553,6 +568,11 @@
+       /* load SSL certificates */
+       for (i = 0; i < srv->config_context->used; i++) {
+               specific_config *s = srv->config_storage[i];
++#ifndef SSL_OP_NO_COMPRESSION
++# define SSL_OP_NO_COMPRESSION 0
++#endif
++              long ssloptions =
++                      SSL_OP_ALL | SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION | SSL_OP_NO_COMPRESSION;

  
  

-                       ldap_msgfree(lm);
+               if (buffer_is_empty(s->ssl_pemfile)) continue;

  
  

--                      /* destroy temporary ldap connection (TODO: redo ldap) */
--                      if (NULL != ldap) {
--                              ldap_unbind_s(ldap);
--                      }
+@@ -586,6 +606,9 @@

                        return -1;
                }
  
                        return -1;
                }
  

--              if (NULL == (dn = ldap_get_dn(p->conf.ldap, first))) {
--                      log_error_write(srv, __FILE__, __LINE__, "s", "ldap: ldap_get_dn failed");
-+              if (NULL == (dn = ldap_get_dn(p->anon_conf->ldap, first))) {
-+                      log_error_write(srv, __FILE__, __LINE__, "s", "ldap ...");
- 
-                       ldap_msgfree(lm);
- 
--                      /* destroy temporary ldap connection (TODO: redo ldap) */
--                      if (NULL != ldap) {
--                              ldap_unbind_s(ldap);
--                      }
-                       return -1;
++              SSL_CTX_set_options(s->ssl_ctx, ssloptions);
++              SSL_CTX_set_info_callback(s->ssl_ctx, ssl_info_callback);
++
+               if (!s->ssl_use_sslv2) {
+                       /* disable SSLv2 */
+                       if (!(SSL_OP_NO_SSLv2 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv2))) {
+@@ -611,6 +634,10 @@
+                                               ERR_error_string(ERR_get_error(), NULL));
+                               return -1;
+                       }
++
++                      if (s->ssl_honor_cipher_order) {
++                              SSL_CTX_set_options(s->ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
++                      }

                }
  
                }
  

-               ldap_msgfree(lm);
- 
--              /* destroy temporary ldap connection (TODO: redo ldap) */
--              if (NULL != ldap) {
--                      ldap_unbind_s(ldap);
--              }
- 
-               /* 3. */
-               if (NULL == (ldap = ldap_init(p->conf.auth_ldap_hostname->ptr, LDAP_PORT))) {
-Index: src/mod_redirect.c
-===================================================================
---- src/mod_redirect.c (.../tags/lighttpd-1.4.20)      (revision 2392)
-+++ src/mod_redirect.c (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -178,11 +178,7 @@
+               /* Support for Diffie-Hellman key exchange */
+@@ -847,7 +874,7 @@
+       return 0;
+ }

  
  

-       mod_redirect_patch_connection(srv, con, p);
+-int network_write_chunkqueue(server *srv, connection *con, chunkqueue *cq) {
++int network_write_chunkqueue(server *srv, connection *con, chunkqueue *cq, off_t max_bytes) {
+       int ret = -1;
+       off_t written = 0;
+ #ifdef TCP_CORK
+@@ -855,16 +882,34 @@
+ #endif
+       server_socket *srv_socket = con->srv_socket;
+ 
+-      if (con->conf.global_kbytes_per_second &&
+-          *(con->conf.global_bytes_per_second_cnt_ptr) > con->conf.global_kbytes_per_second * 1024) {
+-              /* we reached the global traffic limit */
++      if (con->conf.global_kbytes_per_second) {
++              off_t limit = con->conf.global_kbytes_per_second * 1024 - *(con->conf.global_bytes_per_second_cnt_ptr);
++              if (limit <= 0) {
++                      /* we reached the global traffic limit */
+ 
+-              con->traffic_limit_reached = 1;
+-              joblist_append(srv, con);
++                      con->traffic_limit_reached = 1;
++                      joblist_append(srv, con);
+ 
+-              return 1;
++                      return 1;
++              } else {
++                      if (max_bytes > limit) max_bytes = limit;
++              }
+       }

  
  

--      buffer_copy_string_buffer(p->match_buf, con->uri.path);
--      if (con->uri.query->used > 0) {
--              buffer_append_string_len(p->match_buf, CONST_STR_LEN("?"));
--              buffer_append_string_buffer(p->match_buf, con->uri.query);
--      }
-+      buffer_copy_string_buffer(p->match_buf, con->request.uri);
++      if (con->conf.kbytes_per_second) {
++              off_t limit = con->conf.kbytes_per_second * 1024 - con->bytes_written_cur_second;
++              if (limit <= 0) {
++                      /* we reached the traffic limit */
++
++                      con->traffic_limit_reached = 1;
++                      joblist_append(srv, con);
++
++                      return 1;
++              } else {
++                      if (max_bytes > limit) max_bytes = limit;
++              }
++      }
++
+       written = cq->bytes_out;

  
  

-       for (i = 0; i < p->conf.redirect->used; i++) {
-               pcre *match;
-Index: src/http_auth.h
-===================================================================
---- src/http_auth.h    (.../tags/lighttpd-1.4.20)      (revision 2392)
-+++ src/http_auth.h    (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -63,7 +63,7 @@
+ #ifdef TCP_CORK
+@@ -879,10 +924,10 @@

  
  

-       mod_auth_plugin_config **config_storage;
+       if (srv_socket->is_ssl) {
+ #ifdef USE_OPENSSL
+-              ret = srv->network_ssl_backend_write(srv, con, con->ssl, cq);
++              ret = srv->network_ssl_backend_write(srv, con, con->ssl, cq, max_bytes);
+ #endif
+       } else {
+-              ret = srv->network_backend_write(srv, con, con->fd, cq);
++              ret = srv->network_backend_write(srv, con, con->fd, cq, max_bytes);
+       }

  
  

--      mod_auth_plugin_config conf; /* this is only used as long as no handler_ctx is setup */
-+      mod_auth_plugin_config conf, *anon_conf; /* this is only used as long as no handler_ctx is setup */
- } mod_auth_plugin_data;
+       if (ret >= 0) {
+@@ -903,12 +948,5 @@

  
  

- int http_auth_basic_check(server *srv, connection *con, mod_auth_plugin_data *p, array *req, buffer *url, const char *realm_str);
-Index: src/mod_webdav.c
-===================================================================
---- src/mod_webdav.c   (.../tags/lighttpd-1.4.20)      (revision 2392)
-+++ src/mod_webdav.c   (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -1026,6 +1026,8 @@
-                               if (MAP_FAILED == (c->file.mmap.start = mmap(0, c->file.length, PROT_READ, MAP_SHARED, c->file.fd, 0))) {
-                                       log_error_write(srv, __FILE__, __LINE__, "ssbd", "mmap failed: ",
-                                                       strerror(errno), c->file.name,  c->file.fd);
-+                                      close(c->file.fd);
-+                                      c->file.fd = -1;
+       *(con->conf.global_bytes_per_second_cnt_ptr) += written;

  
  

-                                       return -1;
-                               }
-@@ -1723,6 +1725,8 @@
-                                       if (MAP_FAILED == (c->file.mmap.start = mmap(0, c->file.length, PROT_READ, MAP_SHARED, c->file.fd, 0))) {
-                                               log_error_write(srv, __FILE__, __LINE__, "ssbd", "mmap failed: ",
-                                                               strerror(errno), c->file.name,  c->file.fd);
-+                                              close(c->file.fd);
-+                                              c->file.fd = -1;
- 
-                                               return HANDLER_ERROR;
-                                       }
-Index: src/configparser.y
-===================================================================
---- src/configparser.y (.../tags/lighttpd-1.4.20)      (revision 2392)
-+++ src/configparser.y (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -427,6 +427,7 @@
-       { COMP_HTTP_REFERER,       CONST_STR_LEN("HTTP[\"referer\"]"    ) },
-       { COMP_HTTP_USER_AGENT,    CONST_STR_LEN("HTTP[\"useragent\"]"  ) },
-       { COMP_HTTP_USER_AGENT,    CONST_STR_LEN("HTTP[\"user-agent\"]"  ) },
-+      { COMP_HTTP_LANGUAGE,      CONST_STR_LEN("HTTP[\"language\"]"   ) },
-       { COMP_HTTP_COOKIE,        CONST_STR_LEN("HTTP[\"cookie\"]"     ) },
-       { COMP_HTTP_REMOTE_IP,     CONST_STR_LEN("HTTP[\"remoteip\"]"   ) },
-       { COMP_HTTP_REMOTE_IP,     CONST_STR_LEN("HTTP[\"remote-ip\"]"   ) },
-Index: src/mod_compress.c
+-      if (con->conf.kbytes_per_second &&
+-          (con->bytes_written_cur_second > con->conf.kbytes_per_second * 1024)) {
+-              /* we reached the traffic limit */
+-
+-              con->traffic_limit_reached = 1;
+-              joblist_append(srv, con);
+-      }
+       return ret;
+ }
+Index: src/network.h

 ===================================================================
 ===================================================================

---- src/mod_compress.c (.../tags/lighttpd-1.4.20)      (revision 2392)
-+++ src/mod_compress.c (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -49,6 +49,7 @@
-       buffer *compress_cache_dir;
-       array  *compress;
-       off_t   compress_max_filesize; /** max filesize in kb */
-+      int     allowed_encodings;
- } plugin_config;
+--- src/network.h      (.../tags/lighttpd-1.4.29)
++++ src/network.h      (.../branches/lighttpd-1.4.x)
+@@ -3,7 +3,7 @@

  
  

- typedef struct {
-@@ -154,6 +155,7 @@
-               { "compress.cache-dir",             NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
-               { "compress.filetype",              NULL, T_CONFIG_ARRAY, T_CONFIG_SCOPE_CONNECTION },
-               { "compress.max-filesize",          NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_CONNECTION },
-+              { "compress.allowed-encodings",     NULL, T_CONFIG_ARRAY, T_CONFIG_SCOPE_CONNECTION },
-               { NULL,                             NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
-       };
- 
-@@ -161,15 +163,18 @@
- 
-       for (i = 0; i < srv->config_context->used; i++) {
-               plugin_config *s;
-+              array  *encodings_arr = array_init();
- 
-               s = calloc(1, sizeof(plugin_config));
-               s->compress_cache_dir = buffer_init();
-               s->compress = array_init();
-               s->compress_max_filesize = 0;
-+              s->allowed_encodings = 0;
+ #include "server.h"

  
  

-               cv[0].destination = s->compress_cache_dir;
-               cv[1].destination = s->compress;
-               cv[2].destination = &(s->compress_max_filesize);
-+              cv[3].destination = encodings_arr; /* temp array for allowed encodings list */
+-int network_write_chunkqueue(server *srv, connection *con, chunkqueue *c);
++int network_write_chunkqueue(server *srv, connection *con, chunkqueue *c, off_t max_bytes);

  
  

-               p->config_storage[i] = s;
- 
-@@ -177,6 +182,39 @@
-                       return HANDLER_ERROR;
-               }
+ int network_init(server *srv);
+ int network_close(server *srv);
+Index: src/configfile.c
+===================================================================
+--- src/configfile.c   (.../tags/lighttpd-1.4.29)
++++ src/configfile.c   (.../branches/lighttpd-1.4.x)
+@@ -105,6 +105,8 @@
+               { "ssl.use-sslv3",               NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER },     /* 62 */
+               { "ssl.dh-file",                 NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER },      /* 63 */
+               { "ssl.ec-curve",                NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER },      /* 64 */
++              { "ssl.disable-client-renegotiation", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER },/* 65 */
++              { "ssl.honor-cipher-order",      NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER },     /* 66 */

  
  

-+              if (encodings_arr->used) {
-+                      size_t j = 0;
-+                      for (j = 0; j < encodings_arr->used; j++) {
-+                              data_string *ds = (data_string *)encodings_arr->data[j];
-+#ifdef USE_ZLIB
-+                              if (NULL != strstr(ds->value->ptr, "gzip"))
-+                                      s->allowed_encodings |= HTTP_ACCEPT_ENCODING_GZIP;
-+                              if (NULL != strstr(ds->value->ptr, "deflate"))
-+                                      s->allowed_encodings |= HTTP_ACCEPT_ENCODING_DEFLATE;
-+                              /*
-+                              if (NULL != strstr(ds->value->ptr, "compress"))
-+                                      s->allowed_encodings |= HTTP_ACCEPT_ENCODING_COMPRESS;
-+                              */
-+#endif
-+#ifdef USE_BZ2LIB
-+                              if (NULL != strstr(ds->value->ptr, "bzip2"))
-+                                      s->allowed_encodings |= HTTP_ACCEPT_ENCODING_BZIP2;
-+#endif
-+                      }
-+              } else {
-+                      /* default encodings */
-+                      s->allowed_encodings = 0
-+#ifdef USE_ZLIB
-+                              | HTTP_ACCEPT_ENCODING_GZIP | HTTP_ACCEPT_ENCODING_DEFLATE
-+#endif
-+#ifdef USE_BZ2LIB
-+                              | HTTP_ACCEPT_ENCODING_BZIP2
-+#endif
-+                              ;
-+              }
-+
-+              array_free(encodings_arr);
-+
-               if (!buffer_is_empty(s->compress_cache_dir)) {
-                       struct stat st;
-                       mkdir_recursive(s->compress_cache_dir->ptr);
-@@ -587,6 +625,7 @@
-       PATCH(compress_cache_dir);
-       PATCH(compress);
-       PATCH(compress_max_filesize);
-+      PATCH(allowed_encodings);
+               { "server.host",                 "use server.bind instead", T_CONFIG_DEPRECATED, T_CONFIG_SCOPE_UNSET },
+               { "server.docroot",              "use server.document-root instead", T_CONFIG_DEPRECATED, T_CONFIG_SCOPE_UNSET },
+@@ -176,6 +178,7 @@
+               s->max_write_idle = 360;
+               s->use_xattr     = 0;
+               s->is_ssl        = 0;
++              s->ssl_honor_cipher_order = 1;
+               s->ssl_use_sslv2 = 0;
+               s->ssl_use_sslv3 = 1;
+               s->use_ipv6      = 0;
+@@ -199,6 +202,7 @@
+               s->ssl_verifyclient_username = buffer_init();
+               s->ssl_verifyclient_depth = 9;
+               s->ssl_verifyclient_export_cert = 0;
++              s->ssl_disable_client_renegotiation = 1;
+ 
+               cv[2].destination = s->errorfile_prefix;
+ 
+@@ -245,6 +249,8 @@
+               cv[62].destination = &(s->ssl_use_sslv3);
+               cv[63].destination = s->ssl_dh_file;
+               cv[64].destination = s->ssl_ec_curve;
++              cv[66].destination = &(s->ssl_honor_cipher_order);
++
+               cv[49].destination = &(s->etag_use_inode);
+               cv[50].destination = &(s->etag_use_mtime);
+               cv[51].destination = &(s->etag_use_size);
+@@ -255,6 +261,7 @@
+               cv[58].destination = &(s->ssl_verifyclient_depth);
+               cv[59].destination = s->ssl_verifyclient_username;
+               cv[60].destination = &(s->ssl_verifyclient_export_cert);
++              cv[65].destination = &(s->ssl_disable_client_renegotiation);
+ 
+               srv->config_storage[i] = s;
+ 
+@@ -335,6 +342,7 @@
+       PATCH(ssl_cipher_list);
+       PATCH(ssl_dh_file);
+       PATCH(ssl_ec_curve);
++      PATCH(ssl_honor_cipher_order);
+       PATCH(ssl_use_sslv2);
+       PATCH(ssl_use_sslv3);
+       PATCH(etag_use_inode);
+@@ -346,6 +354,7 @@
+       PATCH(ssl_verifyclient_depth);
+       PATCH(ssl_verifyclient_username);
+       PATCH(ssl_verifyclient_export_cert);
++      PATCH(ssl_disable_client_renegotiation);

  
  

-       /* skip the first, the global context */
-       for (i = 1; i < srv->config_context->used; i++) {
-@@ -606,6 +645,8 @@
-                               PATCH(compress);
-                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("compress.max-filesize"))) {
-                               PATCH(compress_max_filesize);
-+                      } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("compress.allowed-encodings"))) {
-+                              PATCH(allowed_encodings);
+       return 0;
+ }
+@@ -400,6 +409,8 @@
+ #endif
+                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.ca-file"))) {
+                               PATCH(ssl_ca_file);
++                      } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.honor-cipher-order"))) {
++                              PATCH(ssl_honor_cipher_order);
+                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.use-sslv2"))) {
+                               PATCH(ssl_use_sslv2);
+                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.use-sslv3"))) {
+@@ -454,6 +465,8 @@
+                               PATCH(ssl_verifyclient_username);
+                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.verifyclient.exportcert"))) {
+                               PATCH(ssl_verifyclient_export_cert);
++                      } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.disable-client-renegotiation"))) {
++                              PATCH(ssl_disable_client_renegotiation);

                        }
                }
        }
                        }
                }
        }

-@@ -619,6 +660,7 @@
-       size_t m;
-       off_t max_fsize;
-       stat_cache_entry *sce = NULL;
-+      buffer *mtime = NULL;
- 
-       if (con->mode != DIRECT || con->http_status) return HANDLER_GO_ON;
+Index: src/mod_scgi.c
+===================================================================
+--- src/mod_scgi.c     (.../tags/lighttpd-1.4.29)
++++ src/mod_scgi.c     (.../branches/lighttpd-1.4.x)
+@@ -2296,7 +2296,7 @@

  
  

-@@ -636,8 +678,30 @@
+               /* fall through */
+       case FCGI_STATE_WRITE:
+-              ret = srv->network_backend_write(srv, con, hctx->fd, hctx->wb);
++              ret = srv->network_backend_write(srv, con, hctx->fd, hctx->wb, MAX_WRITE_LIMIT);

  
  

-       max_fsize = p->conf.compress_max_filesize;
+               chunkqueue_remove_finished_chunks(hctx->wb);

  
  

--      stat_cache_get_entry(srv, con, con->physical.path, &sce);
-+      if (con->conf.log_request_handling) {
-+              log_error_write(srv, __FILE__, __LINE__,  "s",  "-- handling file as static file");
-+      }
+Index: src/request.c
+===================================================================
+--- src/request.c      (.../tags/lighttpd-1.4.29)
++++ src/request.c      (.../branches/lighttpd-1.4.x)
+@@ -49,7 +49,7 @@
+                               if (++colon_cnt > 7) {
+                                       return -1;
+                               }
+-                      } else if (!light_isxdigit(*c)) {
++                      } else if (!light_isxdigit(*c) && '.' != *c) {
+                               return -1;
+                       }
+               }
+Index: src/network_backends.h
+===================================================================
+--- src/network_backends.h     (.../tags/lighttpd-1.4.29)
++++ src/network_backends.h     (.../branches/lighttpd-1.4.x)
+@@ -47,18 +47,18 @@
+ #include "base.h"

  
  

-+      if (HANDLER_ERROR == stat_cache_get_entry(srv, con, con->physical.path, &sce)) {
-+              con->http_status = 403;
-+
-+              log_error_write(srv, __FILE__, __LINE__, "sbsb",
-+                              "not a regular file:", con->uri.path,
-+                              "->", con->physical.path);
-+
-+              return HANDLER_FINISHED;
-+      }
-+
-+      /* we only handle regular files */
-+#ifdef HAVE_LSTAT
-+      if ((sce->is_symlink == 1) && !con->conf.follow_symlink) {
-+              return HANDLER_GO_ON;
-+      }
-+#endif
-+      if (!S_ISREG(sce->st.st_mode)) {
-+              return HANDLER_GO_ON;
-+      }
-+
-       /* don't compress files that are too large as we need to much time to handle them */
-       if (max_fsize && (sce->st.st_size >> 10) > max_fsize) return HANDLER_GO_ON;
- 
-@@ -668,27 +732,21 @@
-                       if (NULL != (ds = (data_string *)array_get_element(con->request.headers, "Accept-Encoding"))) {
-                               int accept_encoding = 0;
-                               char *value = ds->value->ptr;
--                              int srv_encodings = 0;
-                               int matched_encodings = 0;
- 
-                               /* get client side support encodings */
-+#ifdef USE_ZLIB
-                               if (NULL != strstr(value, "gzip")) accept_encoding |= HTTP_ACCEPT_ENCODING_GZIP;
-                               if (NULL != strstr(value, "deflate")) accept_encoding |= HTTP_ACCEPT_ENCODING_DEFLATE;
-                               if (NULL != strstr(value, "compress")) accept_encoding |= HTTP_ACCEPT_ENCODING_COMPRESS;
-+#endif
-+#ifdef USE_BZ2LIB
-                               if (NULL != strstr(value, "bzip2")) accept_encoding |= HTTP_ACCEPT_ENCODING_BZIP2;
-+#endif
-                               if (NULL != strstr(value, "identity")) accept_encoding |= HTTP_ACCEPT_ENCODING_IDENTITY;
+ /* return values:
+- * >= 0 : chunks completed
++ * >= 0 : no error
+  *   -1 : error (on our side)
+  *   -2 : remote close
+  */
+ 
+-int network_write_chunkqueue_write(server *srv, connection *con, int fd, chunkqueue *cq);
+-int network_write_chunkqueue_writev(server *srv, connection *con, int fd, chunkqueue *cq);
+-int network_write_chunkqueue_linuxsendfile(server *srv, connection *con, int fd, chunkqueue *cq);
+-int network_write_chunkqueue_freebsdsendfile(server *srv, connection *con, int fd, chunkqueue *cq);
+-int network_write_chunkqueue_solarissendfilev(server *srv, connection *con, int fd, chunkqueue *cq);
++int network_write_chunkqueue_write(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes);
++int network_write_chunkqueue_writev(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes);
++int network_write_chunkqueue_linuxsendfile(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes);
++int network_write_chunkqueue_freebsdsendfile(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes);
++int network_write_chunkqueue_solarissendfilev(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes);
+ #ifdef USE_OPENSSL
+-int network_write_chunkqueue_openssl(server *srv, connection *con, SSL *ssl, chunkqueue *cq);
++int network_write_chunkqueue_openssl(server *srv, connection *con, SSL *ssl, chunkqueue *cq, off_t max_bytes);
+ #endif

  
  

--                              /* get server side supported ones */
--#ifdef USE_BZ2LIB
--                              srv_encodings |= HTTP_ACCEPT_ENCODING_BZIP2;
--#endif
--#ifdef USE_ZLIB
--                              srv_encodings |= HTTP_ACCEPT_ENCODING_GZIP;
--                              srv_encodings |= HTTP_ACCEPT_ENCODING_DEFLATE;
+ #endif
+Index: src/SConscript
+===================================================================
+--- src/SConscript     (.../tags/lighttpd-1.4.29)
++++ src/SConscript     (.../branches/lighttpd-1.4.x)
+@@ -12,7 +12,8 @@
+       data_integer.c md5.c data_fastcgi.c \
+       fdevent_select.c fdevent_libev.c \
+       fdevent_poll.c fdevent_linux_sysepoll.c \
+-      fdevent_solaris_devpoll.c fdevent_freebsd_kqueue.c \
++      fdevent_solaris_devpoll.c fdevent_solaris_port.c \
++      fdevent_freebsd_kqueue.c \
+       data_config.c bitset.c \
+       inet_ntop_cache.c crc32.c \
+       connections-glue.c \
+@@ -62,7 +63,7 @@
+       'mod_redirect' : { 'src' : [ 'mod_redirect.c' ], 'lib' : [ env['LIBPCRE'] ] },
+       'mod_rewrite' : { 'src' : [ 'mod_rewrite.c' ], 'lib' : [ env['LIBPCRE'] ] },
+       'mod_auth' : {
+-              'src' : [ 'mod_auth.c', 'http_auth_digest.c', 'http_auth.c' ],
++              'src' : [ 'mod_auth.c', 'http_auth.c' ],
+               'lib' : [ env['LIBCRYPT'], env['LIBLDAP'], env['LIBLBER'] ] },
+       'mod_webdav' : { 'src' : [ 'mod_webdav.c' ], 'lib' : [ env['LIBXML2'], env['LIBSQLITE3'], env['LIBUUID'] ] },
+       'mod_mysql_vhost' : { 'src' : [ 'mod_mysql_vhost.c' ], 'lib' : [ env['LIBMYSQL'] ] },
+Index: src/mod_cml_funcs.c
+===================================================================
+--- src/mod_cml_funcs.c        (.../tags/lighttpd-1.4.29)
++++ src/mod_cml_funcs.c        (.../branches/lighttpd-1.4.x)
+@@ -17,18 +17,8 @@
+ #include <dirent.h>
+ #include <stdio.h>
+ 
+-#ifdef USE_OPENSSL
+-# include <openssl/md5.h>
+-#else
+-# include "md5.h"
++#include "md5.h"
+ 
+-typedef li_MD5_CTX MD5_CTX;
+-#define MD5_Init li_MD5_Init
+-#define MD5_Update li_MD5_Update
+-#define MD5_Final li_MD5_Final
+-

 -#endif
 -
 -#endif
 -

-                               /* find matching entries */
--                              matched_encodings = accept_encoding & srv_encodings;
-+                              matched_encodings = accept_encoding & p->conf.allowed_encodings;
+ #define HASHLEN 16
+ typedef unsigned char HASH[HASHLEN];
+ #define HASHHEXLEN 32
+@@ -43,7 +33,7 @@
+ #ifdef HAVE_LUA_H
+ 
+ int f_crypto_md5(lua_State *L) {
+-      MD5_CTX Md5Ctx;
++      li_MD5_CTX Md5Ctx;
+       HASH HA1;
+       buffer b;
+       char hex[33];
+@@ -63,9 +53,9 @@
+               lua_error(L);
+       }

  
  

-                               if (matched_encodings) {
-                                       const char *dflt_gzip = "gzip";
-@@ -698,6 +756,17 @@
-                                       const char *compression_name = NULL;
-                                       int compression_type = 0;
+-      MD5_Init(&Md5Ctx);
+-      MD5_Update(&Md5Ctx, (unsigned char *)lua_tostring(L, 1), lua_strlen(L, 1));
+-      MD5_Final(HA1, &Md5Ctx);
++      li_MD5_Init(&Md5Ctx);
++      li_MD5_Update(&Md5Ctx, (unsigned char *)lua_tostring(L, 1), lua_strlen(L, 1));
++      li_MD5_Final(HA1, &Md5Ctx);

  
  

-+                                      mtime = strftime_cache_get(srv, sce->st.st_mtime);
-+
-+                                      /* try matching original etag of uncompressed version */
-+                                      etag_mutate(con->physical.etag, sce->etag);
-+                                      if (HANDLER_FINISHED == http_response_handle_cachable(srv, con, mtime)) {
-+                                              response_header_overwrite(srv, con, CONST_STR_LEN("Content-Type"), CONST_BUF_LEN(sce->content_type));
-+                                              response_header_overwrite(srv, con, CONST_STR_LEN("Last-Modified"), CONST_BUF_LEN(mtime));
-+                                              response_header_overwrite(srv, con, CONST_STR_LEN("ETag"), CONST_BUF_LEN(con->physical.etag));
-+                                              return HANDLER_FINISHED;
-+                                      }
-+
-                                       /* select best matching encoding */
-                                       if (matched_encodings & HTTP_ACCEPT_ENCODING_BZIP2) {
-                                               compression_type = HTTP_ACCEPT_ENCODING_BZIP2;
-@@ -710,41 +779,34 @@
-                                               compression_name = dflt_deflate;
-                                       }
+       buffer_copy_string_hex(&b, (char *)HA1, 16);

  
  

--                                      /* deflate it */
--                                      if (p->conf.compress_cache_dir->used) {
--                                              if (0 == deflate_file_to_file(srv, con, p,
--                                                                            con->physical.path, sce, compression_type)) {
--                                                      buffer *mtime;
-+                                      /* try matching etag of compressed version */
-+                                      buffer_copy_string_buffer(srv->tmp_buf, sce->etag);
-+                                      buffer_append_string_len(srv->tmp_buf, CONST_STR_LEN("-"));
-+                                      buffer_append_string(srv->tmp_buf, compression_name);
-+                                      etag_mutate(con->physical.etag, srv->tmp_buf);
- 
--                                                      response_header_overwrite(srv, con, CONST_STR_LEN("Content-Encoding"), compression_name, strlen(compression_name));
--
--                                                      mtime = strftime_cache_get(srv, sce->st.st_mtime);
--                                                      response_header_overwrite(srv, con, CONST_STR_LEN("Last-Modified"), CONST_BUF_LEN(mtime));
--
--                                                      etag_mutate(con->physical.etag, sce->etag);
--                                                      response_header_overwrite(srv, con, CONST_STR_LEN("ETag"), CONST_BUF_LEN(con->physical.etag));
--
--                                                      response_header_overwrite(srv, con, CONST_STR_LEN("Content-Type"), CONST_BUF_LEN(sce->content_type));
--
--                                                      return HANDLER_GO_ON;
--                                              }
--                                      } else if (0 == deflate_file_to_buffer(srv, con, p,
--                                                                             con->physical.path, sce, compression_type)) {
--                                              buffer *mtime;
--
-+                                      if (HANDLER_FINISHED == http_response_handle_cachable(srv, con, mtime)) {
-                                               response_header_overwrite(srv, con, CONST_STR_LEN("Content-Encoding"), compression_name, strlen(compression_name));
--
--                                              mtime = strftime_cache_get(srv, sce->st.st_mtime);
-+                                              response_header_overwrite(srv, con, CONST_STR_LEN("Content-Type"), CONST_BUF_LEN(sce->content_type));
-                                               response_header_overwrite(srv, con, CONST_STR_LEN("Last-Modified"), CONST_BUF_LEN(mtime));
--
--                                              etag_mutate(con->physical.etag, sce->etag);
-                                               response_header_overwrite(srv, con, CONST_STR_LEN("ETag"), CONST_BUF_LEN(con->physical.etag));
--
--                                              response_header_overwrite(srv, con, CONST_STR_LEN("Content-Type"), CONST_BUF_LEN(sce->content_type));
--
-                                               return HANDLER_FINISHED;
-                                       }
--                                      break;
-+
-+                                      /* deflate it */
-+                                      if (p->conf.compress_cache_dir->used) {
-+                                              if (0 != deflate_file_to_file(srv, con, p, con->physical.path, sce, compression_type))
-+                                                      return HANDLER_GO_ON;
-+                                      } else {
-+                                              if (0 != deflate_file_to_buffer(srv, con, p, con->physical.path, sce, compression_type))
-+                                                      return HANDLER_GO_ON;
-+                                      }
-+                                      response_header_overwrite(srv, con, CONST_STR_LEN("Content-Encoding"), compression_name, strlen(compression_name));
-+                                      response_header_overwrite(srv, con, CONST_STR_LEN("Last-Modified"), CONST_BUF_LEN(mtime));
-+                                      response_header_overwrite(srv, con, CONST_STR_LEN("ETag"), CONST_BUF_LEN(con->physical.etag));
-+                                      response_header_overwrite(srv, con, CONST_STR_LEN("Content-Type"), CONST_BUF_LEN(sce->content_type));
-+                                      /* let mod_staticfile handle the cached compressed files, physical path was modified */
-+                                      return p->conf.compress_cache_dir->used ? HANDLER_GO_ON : HANDLER_FINISHED;
-                               }
-                       }
-               }
-Index: src/spawn-fcgi.c
+Index: src/mod_userdir.c

 ===================================================================
 ===================================================================

---- src/spawn-fcgi.c   (.../tags/lighttpd-1.4.20)      (revision 2392)
-+++ src/spawn-fcgi.c   (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -58,7 +58,7 @@
+--- src/mod_userdir.c  (.../tags/lighttpd-1.4.29)
++++ src/mod_userdir.c  (.../branches/lighttpd-1.4.x)
+@@ -166,7 +166,6 @@
+ 
+ URIHANDLER_FUNC(mod_userdir_docroot_handler) {
+       plugin_data *p = p_d;
+-      int uri_len;
+       size_t k;
+       char *rel_url;
+ #ifdef HAVE_PWD_H
+@@ -182,8 +181,6 @@
+        */
+       if (p->conf.path->used == 0) return HANDLER_GO_ON;
+ 
+-      uri_len = con->uri.path->used - 1;
+-
+       /* /~user/foo.html -> /home/user/public_html/foo.html */

  
  

+       if (con->uri.path->ptr[0] != '/' ||
+Index: src/mod_proxy.c
+===================================================================
+--- src/mod_proxy.c    (.../tags/lighttpd-1.4.29)
++++ src/mod_proxy.c    (.../branches/lighttpd-1.4.x)
+@@ -825,7 +825,7 @@

  
  

-       if (unixsocket) {
--              memset(&fcgi_addr, 0, sizeof(fcgi_addr));
-+              memset(&fcgi_addr_un, 0, sizeof(fcgi_addr_un));
+               /* fall through */
+       case PROXY_STATE_WRITE:;
+-              ret = srv->network_backend_write(srv, con, hctx->fd, hctx->wb);
++              ret = srv->network_backend_write(srv, con, hctx->fd, hctx->wb, MAX_WRITE_LIMIT);

  
  

-               fcgi_addr_un.sun_family = AF_UNIX;
-               strcpy(fcgi_addr_un.sun_path, unixsocket);
-@@ -72,12 +72,13 @@
-               socket_type = AF_UNIX;
-               fcgi_addr = (struct sockaddr *) &fcgi_addr_un;
-       } else {
-+              memset(&fcgi_addr_in, 0, sizeof(fcgi_addr_in));
-               fcgi_addr_in.sin_family = AF_INET;
--                if (addr != NULL) {
--                        fcgi_addr_in.sin_addr.s_addr = inet_addr(addr);
--                } else {
--                        fcgi_addr_in.sin_addr.s_addr = htonl(INADDR_ANY);
--                }
-+              if (addr != NULL) {
-+                      fcgi_addr_in.sin_addr.s_addr = inet_addr(addr);
-+              } else {
-+                      fcgi_addr_in.sin_addr.s_addr = htonl(INADDR_ANY);
-+              }
-               fcgi_addr_in.sin_port = htons(port);
-               servlen = sizeof(fcgi_addr_in);
+               chunkqueue_remove_finished_chunks(hctx->wb);

  
  

-Index: src/mod_auth.c
+Index: src/Makefile.am
+===================================================================
+--- src/Makefile.am    (.../tags/lighttpd-1.4.29)
++++ src/Makefile.am    (.../branches/lighttpd-1.4.x)
+@@ -241,7 +241,7 @@
+ mod_compress_la_LIBADD = $(Z_LIB) $(BZ_LIB) $(common_libadd)
+ 
+ lib_LTLIBRARIES += mod_auth.la
+-mod_auth_la_SOURCES = mod_auth.c http_auth_digest.c http_auth.c
++mod_auth_la_SOURCES = mod_auth.c http_auth.c
+ mod_auth_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
+ mod_auth_la_LIBADD = $(CRYPT_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd)
+ 
+@@ -268,7 +268,7 @@
+ 
+ hdr = server.h buffer.h network.h log.h keyvalue.h \
+       response.h request.h fastcgi.h chunk.h \
+-      settings.h http_chunk.h http_auth_digest.h \
++      settings.h http_chunk.h \
+       md5.h http_auth.h stream.h \
+       fdevent.h connections.h base.h stat_cache.h \
+       plugin.h mod_auth.h \
+Index: src/network_writev.c

 ===================================================================
 ===================================================================

---- src/mod_auth.c     (.../tags/lighttpd-1.4.20)      (revision 2392)
-+++ src/mod_auth.c     (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -115,7 +115,7 @@
-       PATCH(auth_ldap_starttls);
-       PATCH(auth_ldap_allow_empty_pw);
- #ifdef USE_LDAP
--      PATCH(ldap);
-+      p->anon_conf = s;
-       PATCH(ldap_filter_pre);
-       PATCH(ldap_filter_post);
+--- src/network_writev.c       (.../tags/lighttpd-1.4.29)
++++ src/network_writev.c       (.../branches/lighttpd-1.4.x)
+@@ -30,17 +30,16 @@
+ #define LOCAL_BUFFERING 1

  #endif
  #endif

-@@ -149,7 +149,7 @@
-                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.ldap.hostname"))) {
-                               PATCH(auth_ldap_hostname);
- #ifdef USE_LDAP
--                              PATCH(ldap);
-+                              p->anon_conf = s;
+ 
+-int network_write_chunkqueue_writev(server *srv, connection *con, int fd, chunkqueue *cq) {
++int network_write_chunkqueue_writev(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes) {
+       chunk *c;
+-      size_t chunks_written = 0;
+ 
+-      for(c = cq->first; c; c = c->next) {
++      for(c = cq->first; (max_bytes > 0) && (NULL != c); c = c->next) {
+               int chunk_finished = 0;
+ 
+               switch(c->type) {
+               case MEM_CHUNK: {
+                       char * offset;
+-                      size_t toSend;
++                      off_t toSend;
+                       ssize_t r;
+ 
+                       size_t num_chunks, i;
+@@ -65,12 +64,10 @@
+ #error "sysconf() doesnt return _SC_IOV_MAX ..., check the output of 'man writev' for the EINVAL error and send the output to jan@kneschke.de"

  #endif
  #endif

-                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.ldap.base-dn"))) {
-                               PATCH(auth_ldap_basedn);
-@@ -527,7 +527,7 @@
+ 
+-                      /* we can't send more then SSIZE_MAX bytes in one chunk */
+-
+                       /* build writev list
+                        *
+                        * 1. limit: num_chunks < max_chunks
+-                       * 2. limit: num_bytes < SSIZE_MAX
++                       * 2. limit: num_bytes < max_bytes
+                        */
+                       for (num_chunks = 0, tc = c; tc && tc->type == MEM_CHUNK && num_chunks < max_chunks; num_chunks++, tc = tc->next);
+ 
+@@ -87,9 +84,9 @@
+                                       chunks[i].iov_base = offset;
+ 
+                                       /* protect the return value of writev() */
+-                                      if (toSend > SSIZE_MAX ||
+-                                          num_bytes + toSend > SSIZE_MAX) {
+-                                              chunks[i].iov_len = SSIZE_MAX - num_bytes;
++                                      if (toSend > max_bytes ||
++                                          (off_t) num_bytes + toSend > max_bytes) {
++                                              chunks[i].iov_len = max_bytes - num_bytes;
+ 
+                                               num_chunks = i + 1;
+                                               break;
+@@ -121,6 +118,7 @@

                        }
                        }

-               }

  
  

--              switch(s->auth_backend) {
-+              switch(s->auth_ldap_hostname->used) {
-               case AUTH_BACKEND_LDAP: {
-                       handler_t ret = auth_ldap_init(srv, s);
-                       if (ret == HANDLER_ERROR)
-@@ -554,6 +554,9 @@
- #endif
+                       cq->bytes_out += r;
++                      max_bytes -= r;

  
  

-       if (s->auth_ldap_hostname->used) {
-+              /* free old context */
-+              if (NULL != s->ldap) ldap_unbind_s(s->ldap);
-+
-               if (NULL == (s->ldap = ldap_init(s->auth_ldap_hostname->ptr, LDAP_PORT))) {
-                       log_error_write(srv, __FILE__, __LINE__, "ss", "ldap ...", strerror(errno));
+                       /* check which chunks have been written */

  
  

-Index: src/http-header-glue.c
-===================================================================
---- src/http-header-glue.c     (.../tags/lighttpd-1.4.20)      (revision 2392)
-+++ src/http-header-glue.c     (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -280,6 +280,7 @@
-                                               strncpy(buf, con->request.http_if_modified_since, used_len);
-                                               buf[used_len] = '\0';
- 
-+                                              tm.tm_isdst = 0;
-                                               if (NULL == strptime(buf, "%a, %d %b %Y %H:%M:%S GMT", &tm)) {
-                                                       con->http_status = 412;
-                                                       con->mode = DIRECT;
-@@ -329,6 +330,7 @@
-                       strncpy(buf, con->request.http_if_modified_since, used_len);
-                       buf[used_len] = '\0';
- 
-+                      tm.tm_isdst = 0;
-                       if (NULL == strptime(buf, "%a, %d %b %Y %H:%M:%S GMT", &tm)) {
-                               /**
-                                * parsing failed, let's get out of here 
-Index: src/mod_fastcgi.c
-===================================================================
---- src/mod_fastcgi.c  (.../tags/lighttpd-1.4.20)      (revision 2392)
-+++ src/mod_fastcgi.c  (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -3252,6 +3252,7 @@
-                               fcgi_connection_close(srv, hctx);
- 
-                               con->mode = DIRECT;
-+                              con->http_status = 0;
-                               con->file_started = 1; /* fcgi_extension won't touch the request afterwards */
-                       } else {
-                               /* we are done */
-@@ -3608,47 +3609,50 @@
-                               "handling it in mod_fastcgi");
-                       }
+@@ -132,11 +130,10 @@

  
  

--                      /* the prefix is the SCRIPT_NAME,
--                       * everything from start to the next slash
--                       * this is important for check-local = "disable"
--                       *
--                       * if prefix = /admin.fcgi
--                       *
--                       * /admin.fcgi/foo/bar
--                       *
--                       * SCRIPT_NAME = /admin.fcgi
--                       * PATH_INFO   = /foo/bar
--                       *
--                       * if prefix = /fcgi-bin/
--                       *
--                       * /fcgi-bin/foo/bar
--                       *
--                       * SCRIPT_NAME = /fcgi-bin/foo
--                       * PATH_INFO   = /bar
--                       *
--                       * if prefix = /, and fix-root-path-name is enable
--                       *
--                       * /fcgi-bin/foo/bar
--                       *
--                       * SCRIPT_NAME = /fcgi-bin/foo
--                       * PATH_INFO   = /bar
--                       *
--                       */
-+                      /* do not split path info for authorizer */
-+                      if (host->mode != FCGI_AUTHORIZER) {
-+                              /* the prefix is the SCRIPT_NAME,
-+                              * everything from start to the next slash
-+                              * this is important for check-local = "disable"
-+                              *
-+                              * if prefix = /admin.fcgi
-+                              *
-+                              * /admin.fcgi/foo/bar
-+                              *
-+                              * SCRIPT_NAME = /admin.fcgi
-+                              * PATH_INFO   = /foo/bar
-+                              *
-+                              * if prefix = /fcgi-bin/
-+                              *
-+                              * /fcgi-bin/foo/bar
-+                              *
-+                              * SCRIPT_NAME = /fcgi-bin/foo
-+                              * PATH_INFO   = /bar
-+                              *
-+                              * if prefix = /, and fix-root-path-name is enable
-+                              *
-+                              * /fcgi-bin/foo/bar
-+                              *
-+                              * SCRIPT_NAME = /fcgi-bin/foo
-+                              * PATH_INFO   = /bar
-+                              *
-+                              */
- 
--                      /* the rewrite is only done for /prefix/? matches */
--                      if (extension->key->ptr[0] == '/' &&
--                          con->uri.path->used > extension->key->used &&
--                          NULL != (pathinfo = strchr(con->uri.path->ptr + extension->key->used - 1, '/'))) {
--                              /* rewrite uri.path and pathinfo */
-+                              /* the rewrite is only done for /prefix/? matches */
-+                              if (extension->key->ptr[0] == '/' &&
-+                                      con->uri.path->used > extension->key->used &&
-+                                      NULL != (pathinfo = strchr(con->uri.path->ptr + extension->key->used - 1, '/'))) {
-+                                      /* rewrite uri.path and pathinfo */
- 
--                              buffer_copy_string(con->request.pathinfo, pathinfo);
-+                                      buffer_copy_string(con->request.pathinfo, pathinfo);
- 
--                              con->uri.path->used -= con->request.pathinfo->used - 1;
--                              con->uri.path->ptr[con->uri.path->used - 1] = '\0';
--                      } else if (host->fix_root_path_name && extension->key->ptr[0] == '/' && extension->key->ptr[1] == '\0') {
--                              buffer_copy_string(con->request.pathinfo, con->uri.path->ptr);
--                              con->uri.path->used = 1;
--                              con->uri.path->ptr[con->uri.path->used - 1] = '\0';
-+                                      con->uri.path->used -= con->request.pathinfo->used - 1;
-+                                      con->uri.path->ptr[con->uri.path->used - 1] = '\0';
-+                              } else if (host->fix_root_path_name && extension->key->ptr[0] == '/' && extension->key->ptr[1] == '\0') {
-+                                      buffer_copy_string(con->request.pathinfo, con->uri.path->ptr);
-+                                      con->uri.path->used = 1;
-+                                      con->uri.path->ptr[con->uri.path->used - 1] = '\0';
-+                              }
+                                       if (chunk_finished) {
+                                               /* skip the chunks from further touches */
+-                                              chunks_written++;
+                                               c = c->next;
+                                       } else {
+                                               /* chunks_written + c = c->next is done in the for()*/
+-                                              chunk_finished++;
++                                              chunk_finished = 1;
+                                       }
+                               } else {
+                                       /* partially written */
+@@ -284,6 +281,8 @@
+                               assert(toSend < 0);

                        }
                        }

-               }
-       } else {
-Index: src/CMakeLists.txt
-===================================================================
---- src/CMakeLists.txt (.../tags/lighttpd-1.4.20)      (revision 0)
-+++ src/CMakeLists.txt (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -0,0 +1,598 @@
-+INCLUDE(CheckCSourceCompiles)
-+INCLUDE(CheckIncludeFiles)
-+INCLUDE(CheckFunctionExists)
-+INCLUDE(CheckVariableExists)
-+INCLUDE(CheckTypeSize)
-+INCLUDE(CheckLibraryExists)
-+INCLUDE(CMakeDetermineCCompiler)
-+INCLUDE(FindThreads)
-+INCLUDE(FindPkgConfig)
-+
-+INCLUDE(LighttpdMacros)
-+
-+ADD_DEFINITIONS(-D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGE_FILES)
-+
-+OPTION(WITH_XATTR "with xattr-support for the stat-cache [default: off]")
-+OPTION(WITH_MYSQL "with mysql-support for the mod_sql_vhost [default: off]")
-+# OPTION(WITH_POSTGRESQL "with postgress-support for the mod_sql_vhost [default: off]")
-+OPTION(WITH_OPENSSL "with openssl-support [default: off]")
-+OPTION(WITH_PCRE "with regex support [default: on]" ON)
-+OPTION(WITH_WEBDAV_PROPS "with property-support for mod_webdav [default: off]")
-+OPTION(WITH_WEBDAV_LOCKS "locks in webdav [default: off]")
-+OPTION(WITH_BZIP "with bzip2-support for mod_compress [default: off]")
-+OPTION(WITH_ZLIB "with deflate-support for mod_compress [default: on]" ON)
-+OPTION(WITH_LDAP "with LDAP-support for the mod_auth [default: off]")
-+OPTION(WITH_LUA "with lua 5.1 for mod_magnet [default: off]")
-+# OPTION(WITH_VALGRIND "with internal support for valgrind [default: off]")
-+# OPTION(WITH_KERBEROS5 "use Kerberos5 support with OpenSSL [default: off]")
-+OPTION(WITH_FAM "fam/gamin for reducing number of stat() calls [default: off]")
-+OPTION(WITH_GDBM "gdbm storage for mod_trigger_b4_dl [default: off]")
-+OPTION(WITH_MEMCACHE "memcached storage for mod_trigger_b4_dl [default: off]")
-+
-+OPTION(BUILD_STATIC "build a static lighttpd with all modules added")
-+
-+IF(BUILD_STATIC)
-+  SET(LIGHTTPD_STATIC 1)
-+ELSE(BUILD_STATIC)
-+  SET(CMAKE_SHARED_LIBRARY_PREFIX "")
-+ENDIF(BUILD_STATIC)
-+
-+IF(WITH_WEBDAV_PROPS)
-+  SET(WITH_XML 1)
-+  SET(WITH_SQLITE3 1)
-+  SET(WITH_UUID 1)
-+ENDIF(WITH_WEBDAV_PROPS)
-+
-+CHECK_INCLUDE_FILES(sys/devpoll.h HAVE_SYS_DEVPOLL_H)
-+CHECK_INCLUDE_FILES(sys/epoll.h HAVE_SYS_EPOLL_H)
-+CHECK_INCLUDE_FILES(sys/event.h HAVE_SYS_EVENT_H)
-+CHECK_INCLUDE_FILES(sys/mman.h HAVE_SYS_MMAN_H)
-+CHECK_INCLUDE_FILES(sys/poll.h HAVE_SYS_POLL_H)
-+CHECK_INCLUDE_FILES(sys/port.h HAVE_SYS_PORT_H)
-+CHECK_INCLUDE_FILES(sys/prctl.h HAVE_SYS_PRCTL_H)
-+CHECK_INCLUDE_FILES(sys/resource.h HAVE_SYS_RESOURCE_H)
-+CHECK_INCLUDE_FILES(sys/sendfile.h HAVE_SYS_SENDFILE_H)
-+CHECK_INCLUDE_FILES(sys/select.h HAVE_SYS_SELECT_H)
-+CHECK_INCLUDE_FILES(sys/syslimits.h HAVE_SYS_SYSLIMITS_H)
-+CHECK_INCLUDE_FILES(sys/types.h HAVE_SYS_TYPES_H)
-+CHECK_INCLUDE_FILES(sys/uio.h HAVE_SYS_UIO_H)
-+CHECK_INCLUDE_FILES(sys/un.h HAVE_SYS_UN_H)
-+CHECK_INCLUDE_FILES(sys/wait.h HAVE_SYS_WAIT_H)
-+CHECK_INCLUDE_FILES(sys/time.h HAVE_SYS_TIME_H)
-+CHECK_INCLUDE_FILES(unistd.h HAVE_UNISTD_H)
-+CHECK_INCLUDE_FILES(pthread.h HAVE_PTHREAD_H)
-+CHECK_INCLUDE_FILES(getopt.h HAVE_GETOPT_H)
-+CHECK_INCLUDE_FILES(inttypes.h HAVE_INTTYPES_H)
-+CHECK_INCLUDE_FILES(poll.h HAVE_POLL_H)
-+CHECK_INCLUDE_FILES(pwd.h HAVE_PWD_H)
-+CHECK_INCLUDE_FILES(stddef.h HAVE_STDDEF_H)
-+CHECK_INCLUDE_FILES(stdint.h HAVE_STDINT_H)
-+CHECK_INCLUDE_FILES(syslog.h HAVE_SYSLOG_H)
-+
-+# check for fastcgi lib, for the tests only
-+CHECK_INCLUDE_FILES(fastcgi.h HAVE_FASTCGI_H)
-+CHECK_INCLUDE_FILES(fastcgi/fastcgi.h HAVE_FASTCGI_FASTCGI_H)
-+
-+CHECK_INCLUDE_FILES(crypt.h HAVE_CRYPT_H)
-+IF(HAVE_CRYPT_H)
-+  ## check if we need libcrypt for crypt()
-+  CHECK_LIBRARY_EXISTS(crypt crypt "" HAVE_LIBCRYPT)
-+ENDIF(HAVE_CRYPT_H)
-+
-+CHECK_INCLUDE_FILES(sys/inotify.h HAVE_SYS_INOTIFY_H)
-+IF(HAVE_SYS_INOTIFY_H)
-+  CHECK_FUNCTION_EXISTS(inotify_init HAVE_INOTIFY_INIT)
-+ENDIF(HAVE_SYS_INOTIFY_H)
-+
-+SET(CMAKE_EXTRA_INCLUDE_FILES sys/socket.h)
-+CHECK_TYPE_SIZE(socklen_t HAVE_SOCKLEN_T)
-+SET(CMAKE_EXTRA_INCLUDE_FILES)
-+
-+CHECK_TYPE_SIZE(long SIZEOF_LONG)
-+CHECK_TYPE_SIZE(off_t SIZEOF_OFF_T)
-+
-+CHECK_FUNCTION_EXISTS(chroot HAVE_CHROOT)
-+CHECK_FUNCTION_EXISTS(crypt HAVE_CRYPT)
-+CHECK_FUNCTION_EXISTS(epoll_ctl HAVE_EPOLL_CTL)
-+CHECK_FUNCTION_EXISTS(fork HAVE_FORK)
-+CHECK_FUNCTION_EXISTS(getrlimit HAVE_GETRLIMIT)
-+CHECK_FUNCTION_EXISTS(getuid HAVE_GETUID)
-+CHECK_FUNCTION_EXISTS(gmtime_r HAVE_GMTIME_R)
-+CHECK_FUNCTION_EXISTS(inet_ntop HAVE_INET_NTOP)
-+CHECK_FUNCTION_EXISTS(kqueue HAVE_KQUEUE)
-+CHECK_FUNCTION_EXISTS(localtime_r HAVE_LOCALTIME_R)
-+CHECK_FUNCTION_EXISTS(lstat HAVE_LSTAT)
-+CHECK_FUNCTION_EXISTS(madvise HAVE_MADVISE)
-+CHECK_FUNCTION_EXISTS(memcpy HAVE_MEMCPY)
-+CHECK_FUNCTION_EXISTS(memset HAVE_MEMSET)
-+CHECK_FUNCTION_EXISTS(mmap HAVE_MMAP)
-+CHECK_FUNCTION_EXISTS(pathconf HAVE_PATHCONF)
-+CHECK_FUNCTION_EXISTS(poll HAVE_POLL)
-+CHECK_FUNCTION_EXISTS(port_create HAVE_PORT_CREATE)
-+CHECK_FUNCTION_EXISTS(prctl HAVE_PRCTL)
-+CHECK_FUNCTION_EXISTS(pread HAVE_PREAD)
-+CHECK_FUNCTION_EXISTS(posix_fadvise HAVE_POSIX_FADVISE)
-+CHECK_FUNCTION_EXISTS(select HAVE_SELECT)
-+CHECK_FUNCTION_EXISTS(sendfile HAVE_SENDFILE)
-+CHECK_FUNCTION_EXISTS(send_file HAVE_SEND_FILE)
-+CHECK_FUNCTION_EXISTS(sendfile64 HAVE_SENDFILE64)
-+CHECK_FUNCTION_EXISTS(sendfilev HAVE_SENDFILEV)
-+CHECK_FUNCTION_EXISTS(sigaction HAVE_SIGACTION)
-+CHECK_FUNCTION_EXISTS(signal HAVE_SIGNAL)
-+CHECK_FUNCTION_EXISTS(sigtimedwait HAVE_SIGTIMEDWAIT)
-+CHECK_FUNCTION_EXISTS(strptime HAVE_STRPTIME)
-+CHECK_FUNCTION_EXISTS(syslog HAVE_SYSLOG)
-+CHECK_FUNCTION_EXISTS(writev HAVE_WRITEV)
-+CHECK_FUNCTION_EXISTS(inet_aton HAVE_INET_ATON)
-+CHECK_C_SOURCE_COMPILES("
-+      #include <sys/types.h>
-+      #include <sys/socket.h>
-+      #include <netinet/in.h>
-+      
-+      int main() {
-+              struct sockaddr_in6 s; struct in6_addr t=in6addr_any; int i=AF_INET6; s; t.s6_addr[0] = 0;
-+              return 0;
-+      }" HAVE_IPV6)
-+
-+## refactor me
-+MACRO(XCONFIG _package _include_DIR _link_DIR _link_FLAGS _cflags)
-+# reset the variables at the beginning
-+  SET(${_include_DIR})
-+  SET(${_link_DIR})
-+  SET(${_link_FLAGS})
-+  SET(${_cflags})
-+
-+  FIND_PROGRAM(${_package}CONFIG_EXECUTABLE NAMES ${_package} PATHS /usr/local/bin )
-+
-+  # if pkg-config has been found
-+  IF(${_package}CONFIG_EXECUTABLE)
-+    SET(XCONFIG_EXECUTABLE "${${_package}CONFIG_EXECUTABLE}")
-+    MESSAGE(STATUS "found ${_package}: ${XCONFIG_EXECUTABLE}")
-+
-+    EXEC_PROGRAM(${XCONFIG_EXECUTABLE} ARGS --libs OUTPUT_VARIABLE __link_FLAGS)
-+    STRING(REPLACE "\n" "" ${_link_FLAGS} ${__link_FLAGS})
-+    EXEC_PROGRAM(${XCONFIG_EXECUTABLE} ARGS --cflags OUTPUT_VARIABLE __cflags)
-+    STRING(REPLACE "\n" "" ${_cflags} ${__cflags})
-+
-+  ELSE(${_package}CONFIG_EXECUTABLE)
-+    MESSAGE(STATUS "found ${_package}: no")
-+  ENDIF(${_package}CONFIG_EXECUTABLE)
-+ENDMACRO(XCONFIG _package _include_DIR _link_DIR _link_FLAGS _cflags)
-+
-+IF(WITH_XATTR)
-+  CHECK_INCLUDE_FILES(attr/attributes.h HAVE_ATTR_ATTRIBUTES_H)
-+  CHECK_LIBRARY_EXISTS(attr attr_get "" HAVE_XATTR)
-+ENDIF(WITH_XATTR)
-+
-+IF(WITH_MYSQL)
-+  XCONFIG(mysql_config MYSQL_INCDIR MYSQL_LIBDIR MYSQL_LDFLAGS MYSQL_CFLAGS)
-+
-+  SET(CMAKE_REQUIRED_INCLUDES /usr/include/mysql)
-+  CHECK_INCLUDE_FILES(mysql.h HAVE_MYSQL_H)
-+  SET(CMAKE_REQUIRED_INCLUDES)
-+  IF(HAVE_MYSQL_H)
-+    CHECK_LIBRARY_EXISTS(mysqlclient mysql_real_connect "" HAVE_MYSQL)
-+  ENDIF(HAVE_MYSQL_H)
-+ENDIF(WITH_MYSQL)
-+
-+IF(WITH_OPENSSL)
-+  CHECK_INCLUDE_FILES(openssl/ssl.h HAVE_OPENSSL_SSL_H)
-+  IF(HAVE_OPENSSL_SSL_H)
-+    CHECK_LIBRARY_EXISTS(crypto BIO_f_base64 "" HAVE_LIBCRYPTO)
-+    IF(HAVE_LIBCRYPTO)
-+      SET(OPENSSL_NO_KRB5 1)
-+      CHECK_LIBRARY_EXISTS(ssl SSL_new "" HAVE_LIBSSL)
-+    ENDIF(HAVE_LIBCRYPTO)
-+  ENDIF(HAVE_OPENSSL_SSL_H)
-+ENDIF(WITH_OPENSSL)
-+
-+IF(WITH_PCRE)
-+  ## if we have pcre-config, use it
-+  XCONFIG(pcre-config PCRE_INCDIR PCRE_LIBDIR PCRE_LDFLAGS PCRE_CFLAGS)
-+  IF(PCRE_LDFLAGS OR PCRE_CFLAGS)
-+    MESSAGE(STATUS "found pcre at: LDFLAGS: ${PCRE_LDFLAGS} CFLAGS: ${PCRE_CFLAGS}")
-+
-+    IF(NOT PCRE_CFLAGS STREQUAL "\n")
-+      ## if it is empty we'll get newline returned
-+      SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${PCRE_CFLAGS}")
-+    ENDIF(NOT PCRE_CFLAGS STREQUAL "\n")
-+
-+    SET(HAVE_PCRE_H 1)
-+    SET(HAVE_LIBPCRE 1)
-+  ELSE(PCRE_LDFLAGS OR PCRE_CFLAGS) 
-+    IF(NOT WIN32)
-+      CHECK_INCLUDE_FILES(pcre.h HAVE_PCRE_H)
-+      CHECK_LIBRARY_EXISTS(pcre pcre_exec "" HAVE_LIBPCRE)
-+      SET(PCRE_LDFLAGS -lpcre)
-+    ELSE(NOT WIN32)
-+      FIND_PATH(PCRE_INCLUDE_DIR pcre.h
-+      /usr/local/include
-+      /usr/include
-+      )
-+  
-+      SET(PCRE_NAMES pcre)
-+      FIND_LIBRARY(PCRE_LIBRARY
-+      NAMES ${PCRE_NAMES}
-+      PATHS /usr/lib /usr/local/lib
-+      )
-+  
-+      IF(PCRE_INCLUDE_DIR AND PCRE_LIBRARY)
-+        SET(CMAKE_REQUIRED_INCLUDES ${PCRE_INCLUDE_DIR})
-+        SET(CMAKE_REQUIRED_LIBRARIES ${PCRE_LIBRARY})
-+        CHECK_INCLUDE_FILES(pcre.h HAVE_PCRE_H)
-+        CHECK_LIBRARY_EXISTS(pcre pcre_exec "" HAVE_LIBPCRE)
-+        SET(CMAKE_REQUIRED_INCLUDES)
-+        SET(CMAKE_REQUIRED_LIBRARIES)
-+        INCLUDE_DIRECTORIES(${PCRE_INCLUDE_DIR})
-+      ENDIF(PCRE_INCLUDE_DIR AND PCRE_LIBRARY)
-+    ENDIF(NOT WIN32)
-+  ENDIF(PCRE_LDFLAGS OR PCRE_CFLAGS) 
-+
-+  IF(NOT HAVE_PCRE_H)
-+    MESSAGE(FATAL_ERROR "pcre.h couldn't be found")
-+  ENDIF(NOT HAVE_PCRE_H)
-+  IF(NOT HAVE_LIBPCRE)
-+    MESSAGE(FATAL_ERROR "libpcre couldn't be found")
-+  ENDIF(NOT HAVE_LIBPCRE)
-+
-+ENDIF(WITH_PCRE)
-+
-+
-+IF(WITH_XML)
-+  XCONFIG(xml2-config XML2_INCDIR XML2_LIBDIR XML2_LDFLAGS XML2_CFLAGS)
-+  IF(XML2_LDFLAGS OR XML2_CFLAGS) 
-+    MESSAGE(STATUS "found xml2 at: LDFLAGS: ${XML2_LDFLAGS} CFLAGS: ${XML2_CFLAGS}")
-+
-+    ## if it is empty we'll get newline returned
-+    SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${XML2_CFLAGS}")
-+
-+    CHECK_INCLUDE_FILES(libxml/tree.h HAVE_LIBXML_H)
-+
-+    SET(CMAKE_REQUIRED_FLAGS ${XML2_LDFLAGS})
-+    CHECK_LIBRARY_EXISTS(xml2 xmlParseChunk "" HAVE_LIBXML)
-+    SET(CMAKE_REQUIRED_FLAGS)
-+  ELSE(XML2_LDFLAGS OR XML2_CFLAGS) 
-+    CHECK_INCLUDE_FILES(libxml.h HAVE_LIBXML_H)
-+    CHECK_LIBRARY_EXISTS(xml2 xmlParseChunk "" HAVE_LIBXML)
-+  ENDIF(XML2_LDFLAGS OR XML2_CFLAGS) 
-+
-+  IF(NOT HAVE_LIBXML_H)
-+    MESSAGE(FATAL_ERROR "libxml/tree.h couldn't be found")
-+  ENDIF(NOT HAVE_LIBXML_H)
-+  IF(NOT HAVE_LIBXML)
-+    MESSAGE(FATAL_ERROR "libxml2 couldn't be found")
-+  ENDIF(NOT HAVE_LIBXML)
-+
-+ENDIF(WITH_XML)
-+
-+IF(WITH_SQLITE3)
-+  CHECK_INCLUDE_FILES(sqlite3.h HAVE_SQLITE3_H)
-+  CHECK_LIBRARY_EXISTS(sqlite3 sqlite3_reset "" HAVE_SQLITE3)
-+ENDIF(WITH_SQLITE3)
-+
-+IF(WITH_UUID)
-+  CHECK_INCLUDE_FILES(uuid/uuid.h HAVE_UUID_UUID_H)
-+  CHECK_LIBRARY_EXISTS(uuid uuid_generate "" NEED_LIBUUID)
-+  IF(NOT NEED_LIBUUID)
-+    CHECK_FUNCTION_EXISTS(uuid_generate HAVE_LIBUUID)
-+  ELSE(NOT NEED_LIBUUID)
-+    SET(HAVE_LIBUUID 1)
-+  ENDIF(NOT NEED_LIBUUID)
-+ENDIF(WITH_UUID)
-+
-+IF(WITH_ZLIB)
-+  IF(NOT WIN32)
-+    CHECK_INCLUDE_FILES(zlib.h HAVE_ZLIB_H)
-+    CHECK_LIBRARY_EXISTS(z deflate "" HAVE_LIBZ)
-+              SET(ZLIB_LIBRARY z)
-+  ELSE(NOT WIN32)
-+    FIND_PATH(ZLIB_INCLUDE_DIR zlib.h
-+    /usr/local/include
-+    /usr/include
-+    )
-+  
-+    SET(ZLIB_NAMES z zlib zdll)
-+    FIND_LIBRARY(ZLIB_LIBRARY
-+    NAMES ${ZLIB_NAMES}
-+    PATHS /usr/lib /usr/local/lib
-+    )
-+  
-+  
-+    IF(ZLIB_INCLUDE_DIR AND ZLIB_LIBRARY)
-+      SET(CMAKE_REQUIRED_INCLUDES ${ZLIB_INCLUDE_DIR})
-+      SET(CMAKE_REQUIRED_LIBRARIES ${ZLIB_LIBRARY})
-+      GET_FILENAME_COMPONENT(ZLIB_NAME ${ZLIB_LIBRARY} NAME)
-+      CHECK_INCLUDE_FILES(zlib.h HAVE_ZLIB_H)
-+      CHECK_LIBRARY_EXISTS(${ZLIB_NAME} deflate "" HAVE_LIBZ)
-+      SET(CMAKE_REQUIRED_INCLUDES)
-+      SET(CMAKE_REQUIRED_LIBRARIES)
-+      INCLUDE_DIRECTORIES(${ZLIB_INCLUDE_DIR})
-+  
-+    ENDIF(ZLIB_INCLUDE_DIR AND ZLIB_LIBRARY)
-+  ENDIF(NOT WIN32)
-+ENDIF(WITH_ZLIB)
-+
-+IF(WITH_BZIP)
-+  CHECK_INCLUDE_FILES(bzlib.h HAVE_BZLIB_H)
-+  CHECK_LIBRARY_EXISTS(bz2 BZ2_bzCompress "" HAVE_LIBBZ2)
-+ENDIF(WITH_BZIP)
-+
-+IF(WITH_LDAP)
-+  CHECK_INCLUDE_FILES(ldap.h HAVE_LDAP_H)
-+  CHECK_LIBRARY_EXISTS(ldap ldap_bind "" HAVE_LIBLDAP)
-+  CHECK_INCLUDE_FILES(lber.h HAVE_LBER_H)
-+  CHECK_LIBRARY_EXISTS(lber ber_printf "" HAVE_LIBLBER)
-+  SET(LDAP_DEPRECATED 1) # Using deprecated ldap api
-+ENDIF(WITH_LDAP)
-+
-+IF(WITH_LUA)
-+  pkg_search_module(LUA REQUIRED lua lua5.1)
-+  MESSAGE(STATUS "found lua at: INCDIR: ${LUA_INCLUDE_DIRS} LIBDIR: ${LUA_LIBRARY_DIRS} LDFLAGS: ${LUA_LDFLAGS} CFLAGS: ${LUA_CFLAGS}")
-+  SET(HAVE_LIBLUA 1 "Have liblua")
-+  SET(HAVE_LUA_H  1 "Have liblua header")
-+ENDIF(WITH_LUA)
-+
-+IF(WITH_FAM)
-+  CHECK_INCLUDE_FILES(fam.h HAVE_FAM_H)
-+  CHECK_LIBRARY_EXISTS(fam FAMOpen2 "" HAVE_LIBFAM)
-+  IF(HAVE_LIBFAM)
-+    SET(CMAKE_REQUIRED_LIBRARIES fam)
-+    CHECK_FUNCTION_EXISTS(FAMNoExists HAVE_FAMNOEXISTS)
-+  ENDIF(HAVE_LIBFAM)
-+ENDIF(WITH_FAM)
-+
-+IF(WITH_GDBM)
-+  CHECK_INCLUDE_FILES(gdbm.h HAVE_GDBM_H)
-+  CHECK_LIBRARY_EXISTS(gdbm gdbm_open "" HAVE_GDBM)
-+ENDIF(WITH_GDBM)
-+
-+IF(WITH_MEMCACHE)
-+  CHECK_INCLUDE_FILES(memcache.h HAVE_MEMCACHE_H)
-+  CHECK_LIBRARY_EXISTS(memcache mc_new "" HAVE_MEMCACHE)
-+ENDIF(WITH_MEMCACHE)
-+
-+IF(NOT BUILD_STATIC)
-+  CHECK_INCLUDE_FILES(dlfcn.h HAVE_DLFCN_H)
-+ENDIF(NOT BUILD_STATIC)
-+
-+IF(HAVE_DLFCN_H)
-+  CHECK_LIBRARY_EXISTS(dl dlopen "" HAVE_LIBDL)
-+ENDIF(HAVE_DLFCN_H)
-+
-+SET(LIGHTTPD_VERSION_ID 10400)
-+SET(PACKAGE_NAME "${CMAKE_PROJECT_NAME}")
-+SET(PACKAGE_VERSION "${CPACK_PACKAGE_VERSION}")
-+EXEC_PROGRAM(date ARGS "'+%b %d %Y %H:%M:%S UTC'" OUTPUT_VARIABLE PACKAGE_BUILD_DATE)
-+
-+IF(NOT SBINDIR)
-+    SET(SBINDIR "sbin")
-+ENDIF(NOT SBINDIR)
-+
-+IF(NOT LIGHTTPD_MODULES_DIR)
-+    SET(LIGHTTPD_MODULES_DIR "lib${LIB_SUFFIX}/lighttpd")
-+ENDIF(NOT LIGHTTPD_MODULES_DIR)
-+
-+IF(NOT WIN32)
-+      SET(LIGHTTPD_LIBRARY_DIR "${CMAKE_INSTALL_PREFIX}/${LIGHTTPD_MODULES_DIR}")
-+ELSE(NOT WIN32)
-+      ## We use relative path in windows
-+      SET(LIGHTTPD_LIBRARY_DIR "lib")
-+ENDIF(NOT WIN32)
-+
-+## Write out config.h
-+CONFIGURE_FILE(${CMAKE_CURRENT_SOURCE_DIR}/config.h.cmake ${CMAKE_CURRENT_BINARY_DIR}/config.h)
-+
-+ADD_DEFINITIONS(-DHAVE_CONFIG_H)
-+
-+INCLUDE_DIRECTORIES(${CMAKE_CURRENT_BINARY_DIR} ${CMAKE_CURRENT_SOURCE_DIR})
-+
-+SET(COMMON_SRC
-+      buffer.c log.c
-+      keyvalue.c chunk.c
-+      http_chunk.c stream.c fdevent.c
-+      stat_cache.c plugin.c joblist.c etag.c array.c
-+      data_string.c data_count.c data_array.c
-+      data_integer.c md5.c data_fastcgi.c
-+      fdevent_select.c fdevent_linux_rtsig.c
-+      fdevent_poll.c fdevent_linux_sysepoll.c
-+      fdevent_solaris_devpoll.c fdevent_freebsd_kqueue.c
-+      data_config.c bitset.c
-+      inet_ntop_cache.c crc32.c
-+      connections-glue.c
-+      configfile-glue.c
-+      http-header-glue.c
-+      splaytree.c network_writev.c
-+      network_write.c network_linux_sendfile.c
-+      network_freebsd_sendfile.c
-+      network_solaris_sendfilev.c network_openssl.c
-+      status_counter.c
-+)
-+
-+IF(WIN32)
-+  MESSAGE(STATUS "Adding local getopt implementation.")
-+  SET(COMMON_SRC ${COMMON_SRC} xgetopt.c)
-+ENDIF(WIN32)
-+
-+ADD_EXECUTABLE(lemon lemon.c)
-+
-+## Build parsers by using lemon...
-+LEMON_PARSER(configparser.y)
-+LEMON_PARSER(mod_ssi_exprparser.y)
-+
-+SET(L_INSTALL_TARGETS)
-+
-+ADD_EXECUTABLE(spawn-fcgi spawn-fcgi.c)
-+SET(L_INSTALL_TARGETS ${L_INSTALL_TARGETS} spawn-fcgi)
-+
-+ADD_EXECUTABLE(lighttpd
-+      server.c
-+      response.c
-+      connections.c
-+      network.c
-+      configfile.c
-+      configparser.c
-+      request.c
-+      proc_open.c
-+      ${COMMON_SRC}
-+)
-+SET(L_INSTALL_TARGETS ${L_INSTALL_TARGETS} lighttpd)
-+
-+ADD_AND_INSTALL_LIBRARY(mod_access mod_access.c)
-+ADD_AND_INSTALL_LIBRARY(mod_accesslog mod_accesslog.c)
-+ADD_AND_INSTALL_LIBRARY(mod_alias mod_alias.c)
-+ADD_AND_INSTALL_LIBRARY(mod_auth "mod_auth.c;http_auth_digest.c;http_auth.c")
-+IF(NOT WIN32)
-+ADD_AND_INSTALL_LIBRARY(mod_cgi mod_cgi.c)
-+ENDIF(NOT WIN32)
-+ADD_AND_INSTALL_LIBRARY(mod_cml "mod_cml.c;mod_cml_lua.c;mod_cml_funcs.c")
-+ADD_AND_INSTALL_LIBRARY(mod_compress mod_compress.c)
-+ADD_AND_INSTALL_LIBRARY(mod_dirlisting mod_dirlisting.c)
-+ADD_AND_INSTALL_LIBRARY(mod_evasive mod_evasive.c)
-+ADD_AND_INSTALL_LIBRARY(mod_evhost mod_evhost.c)
-+ADD_AND_INSTALL_LIBRARY(mod_expire mod_expire.c)
-+ADD_AND_INSTALL_LIBRARY(mod_extforward mod_extforward.c)
-+ADD_AND_INSTALL_LIBRARY(mod_fastcgi mod_fastcgi.c)
-+ADD_AND_INSTALL_LIBRARY(mod_flv_streaming mod_flv_streaming.c)
-+ADD_AND_INSTALL_LIBRARY(mod_indexfile mod_indexfile.c)
-+ADD_AND_INSTALL_LIBRARY(mod_magnet "mod_magnet.c;mod_magnet_cache.c")
-+ADD_AND_INSTALL_LIBRARY(mod_mysql_vhost mod_mysql_vhost.c)
-+ADD_AND_INSTALL_LIBRARY(mod_proxy mod_proxy.c)
-+ADD_AND_INSTALL_LIBRARY(mod_redirect mod_redirect.c)
-+ADD_AND_INSTALL_LIBRARY(mod_rewrite mod_rewrite.c)
-+ADD_AND_INSTALL_LIBRARY(mod_rrdtool mod_rrdtool.c)
-+ADD_AND_INSTALL_LIBRARY(mod_scgi mod_scgi.c)
-+ADD_AND_INSTALL_LIBRARY(mod_secdownload mod_secure_download.c)
-+ADD_AND_INSTALL_LIBRARY(mod_setenv mod_setenv.c)
-+ADD_AND_INSTALL_LIBRARY(mod_simple_vhost mod_simple_vhost.c)
-+ADD_AND_INSTALL_LIBRARY(mod_ssi "mod_ssi_exprparser.c;mod_ssi_expr.c;mod_ssi.c")
-+ADD_AND_INSTALL_LIBRARY(mod_staticfile mod_staticfile.c)
-+ADD_AND_INSTALL_LIBRARY(mod_status mod_status.c)
-+ADD_AND_INSTALL_LIBRARY(mod_trigger_b4_dl mod_trigger_b4_dl.c)
-+ADD_AND_INSTALL_LIBRARY(mod_uploadprogress mod_uploadprogress.c)
-+ADD_AND_INSTALL_LIBRARY(mod_userdir mod_userdir.c)
-+ADD_AND_INSTALL_LIBRARY(mod_usertrack mod_usertrack.c)
-+ADD_AND_INSTALL_LIBRARY(mod_webdav mod_webdav.c)
-+
-+IF(HAVE_PCRE_H)
-+  ADD_TARGET_PROPERTIES(lighttpd LINK_FLAGS ${PCRE_LDFLAGS})
-+  ADD_TARGET_PROPERTIES(lighttpd COMPILE_FLAGS ${PCRE_CFLAGS})
-+  ADD_TARGET_PROPERTIES(mod_rewrite LINK_FLAGS ${PCRE_LDFLAGS})
-+  ADD_TARGET_PROPERTIES(mod_rewrite COMPILE_FLAGS ${PCRE_CFLAGS})
-+  ADD_TARGET_PROPERTIES(mod_dirlisting LINK_FLAGS ${PCRE_LDFLAGS})
-+  ADD_TARGET_PROPERTIES(mod_dirlisting COMPILE_FLAGS ${PCRE_CFLAGS})
-+  ADD_TARGET_PROPERTIES(mod_redirect LINK_FLAGS ${PCRE_LDFLAGS})
-+  ADD_TARGET_PROPERTIES(mod_redirect COMPILE_FLAGS ${PCRE_CFLAGS})
-+  ADD_TARGET_PROPERTIES(mod_ssi LINK_FLAGS ${PCRE_LDFLAGS})
-+  ADD_TARGET_PROPERTIES(mod_ssi COMPILE_FLAGS ${PCRE_CFLAGS})
-+  ADD_TARGET_PROPERTIES(mod_trigger_b4_dl LINK_FLAGS ${PCRE_LDFLAGS})
-+  ADD_TARGET_PROPERTIES(mod_trigger_b4_dl COMPILE_FLAGS ${PCRE_CFLAGS})
-+ENDIF(HAVE_PCRE_H)
-+
-+ADD_TARGET_PROPERTIES(mod_magnet LINK_FLAGS ${LUA_LDFLAGS})
-+ADD_TARGET_PROPERTIES(mod_magnet COMPILE_FLAGS ${LUA_CFLAGS})
-+
-+ADD_TARGET_PROPERTIES(mod_cml LINK_FLAGS ${LUA_LDFLAGS})
-+ADD_TARGET_PROPERTIES(mod_cml COMPILE_FLAGS ${LUA_CFLAGS})
-+
-+IF(HAVE_MYSQL_H AND HAVE_LIBMYSQL)
-+  TARGET_LINK_LIBRARIES(mod_mysql_vhost mysqlclient)
-+  INCLUDE_DIRECTORIES(/usr/include/mysql)
-+ENDIF(HAVE_MYSQL_H AND HAVE_LIBMYSQL)
-+
-+SET(L_MOD_WEBDAV)
-+IF(HAVE_SQLITE3_H)
-+  SET(L_MOD_WEBDAV ${L_MOD_WEBDAV} sqlite3)
-+ENDIF(HAVE_SQLITE3_H)
-+IF(HAVE_LIBXML_H)
-+  SET_TARGET_PROPERTIES(mod_webdav PROPERTIES LINK_FLAGS ${XML2_LDFLAGS})
-+ENDIF(HAVE_LIBXML_H)
-+IF(HAVE_UUID_H)
-+  IF(NEED_LIBUUID)
-+    SET(L_MOD_WEBDAV ${L_MOD_WEBDAV} uuid)
-+  ENDIF(NEED_LIBUUID)
-+ENDIF(HAVE_UUID_H)
-+
-+TARGET_LINK_LIBRARIES(mod_webdav ${L_MOD_WEBDAV})
-+
-+SET(L_MOD_AUTH)
-+IF(HAVE_LIBCRYPT)
-+  SET(L_MOD_AUTH ${L_MOD_AUTH} crypt)
-+ENDIF(HAVE_LIBCRYPT)
-+
-+IF(HAVE_LDAP_H)
-+  SET(L_MOD_AUTH ${L_MOD_AUTH} ldap lber)
-+ENDIF(HAVE_LDAP_H)
-+TARGET_LINK_LIBRARIES(mod_auth ${L_MOD_AUTH})
-+
-+IF(HAVE_ZLIB_H)
-+  IF(HAVE_BZLIB_H)
-+    TARGET_LINK_LIBRARIES(mod_compress ${ZLIB_LIBRARY} bz2)
-+  ELSE(HAVE_BZLIB_H)
-+    TARGET_LINK_LIBRARIES(mod_compress ${ZLIB_LIBRARY})
-+  ENDIF(HAVE_BZLIB_H)
-+ENDIF(HAVE_ZLIB_H)
-+
-+IF(HAVE_LIBFAM)
-+  TARGET_LINK_LIBRARIES(lighttpd fam)
-+ENDIF(HAVE_LIBFAM)
-+
-+IF(HAVE_GDBM_H)
-+  TARGET_LINK_LIBRARIES(mod_trigger_b4_dl gdbm)
-+ENDIF(HAVE_GDBM_H)
-+
-+IF(HAVE_MEMCACHE_H)
-+  TARGET_LINK_LIBRARIES(mod_trigger_b4_dl memcache)
-+ENDIF(HAVE_MEMCACHE_H)
-+
-+IF(CMAKE_COMPILER_IS_GNUCC)
-+  SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=gnu99 -Wall -g -Wshadow -W -pedantic")
-+  SET(CMAKE_C_FLAGS_RELEASE        "${CMAKE_C_FLAGS_RELEASE}     -O2")
-+  SET(CMAKE_C_FLAGS_DEBUG          "${CMAKE_C_FLAGS_DEBUG}       -O0")
-+  SET(CMAKE_C_FLAGS_RELWITHDEBINFO "${CMAKE_C_FLAGS_WITHDEBINFO} -O2")
-+  ADD_DEFINITIONS(-D_GNU_SOURCE)
-+ENDIF(CMAKE_COMPILER_IS_GNUCC)
-+
-+SET_TARGET_PROPERTIES(lighttpd PROPERTIES CMAKE_INSTALL_PREFIX ${CMAKE_INSTALL_PREFIX})
-+
-+IF(WIN32)
-+  SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DNVALGRIND")
-+  ADD_TARGET_PROPERTIES(lighttpd COMPILE_FLAGS "-DLI_DECLARE_EXPORTS")
-+  TARGET_LINK_LIBRARIES(lighttpd ws2_32)
-+  TARGET_LINK_LIBRARIES(mod_proxy ws2_32)
-+  TARGET_LINK_LIBRARIES(mod_fcgi ws2_32)
-+  TARGET_LINK_LIBRARIES(mod_scgi ws2_32)
-+  TARGET_LINK_LIBRARIES(mod_ssi ws2_32)
-+
-+  IF(MINGW)
-+    TARGET_LINK_LIBRARIES(lighttpd msvcr70)
-+    ADD_TARGET_PROPERTIES(lighttpd LINK_FLAGS "-Wl,-subsystem,console")
-+  ENDIF(MINGW)
-+ENDIF(WIN32)
-+
-+IF(NOT BUILD_STATIC)
-+  IF(HAVE_LIBDL)
-+    TARGET_LINK_LIBRARIES(lighttpd dl)
-+  ENDIF(HAVE_LIBDL)
-+ENDIF(NOT BUILD_STATIC)
-+
-+IF(HAVE_LIBSSL AND HAVE_LIBCRYPTO)
-+  TARGET_LINK_LIBRARIES(lighttpd ssl)
-+  TARGET_LINK_LIBRARIES(lighttpd crypto)
-+ENDIF(HAVE_LIBSSL AND HAVE_LIBCRYPTO)
+ 
++                      if (toSend > max_bytes) toSend = max_bytes;

 +
 +

-+IF(NOT WIN32)
-+INSTALL(TARGETS ${L_INSTALL_TARGETS}
-+      RUNTIME DESTINATION ${SBINDIR}
-+      LIBRARY DESTINATION ${LIGHTTPD_MODULES_DIR}
-+      ARCHIVE DESTINATION ${LIGHTTPD_MODULES_DIR}/static)
-+ELSE(NOT WIN32)
-+## HACK to make win32 to install our libraries in desired directory..
-+INSTALL(TARGETS lighttpd
-+      RUNTIME DESTINATION ${SBINDIR}
-+      ARCHIVE DESTINATION lib/static)
-+LIST(REMOVE_ITEM L_INSTALL_TARGETS lighttpd)
-+INSTALL(TARGETS ${L_INSTALL_TARGETS}
-+      RUNTIME DESTINATION ${SBINDIR}/lib
-+      LIBRARY DESTINATION lib
-+      ARCHIVE DESTINATION lib/static)
-+ENDIF(NOT WIN32)
-Index: src/mod_accesslog.c
+ #ifdef LOCAL_BUFFERING
+                       start = c->mem->ptr;
+ #else
+@@ -309,6 +308,7 @@
+ 
+                       c->offset += r;
+                       cq->bytes_out += r;
++                      max_bytes -= r;
+ 
+                       if (c->offset == c->file.length) {
+                               chunk_finished = 1;
+@@ -334,11 +334,9 @@
+ 
+                       break;
+               }
+-
+-              chunks_written++;
+       }
+ 
+-      return chunks_written;
++      return 0;
+ }
+ 
+ #endif
+Index: src/network_freebsd_sendfile.c

 ===================================================================
 ===================================================================

---- src/mod_accesslog.c        (.../tags/lighttpd-1.4.20)      (revision 2392)
-+++ src/mod_accesslog.c        (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -169,13 +169,13 @@
-                               if (fields->size == 0) {
-                                       fields->size = 16;
-                                       fields->used = 0;
--                                      fields->ptr = malloc(fields->size * sizeof(format_fields * ));
-+                                      fields->ptr = malloc(fields->size * sizeof(format_field * ));
-                               } else if (fields->used == fields->size) {
-                                       fields->size += 16;
--                                      fields->ptr = realloc(fields->ptr, fields->size * sizeof(format_fields * ));
-+                                      fields->ptr = realloc(fields->ptr, fields->size * sizeof(format_field * ));
-                               }
+--- src/network_freebsd_sendfile.c     (.../tags/lighttpd-1.4.29)
++++ src/network_freebsd_sendfile.c     (.../branches/lighttpd-1.4.x)
+@@ -31,17 +31,16 @@
+ # endif
+ #endif

  
  

--                              fields->ptr[fields->used] = malloc(sizeof(format_fields));
-+                              fields->ptr[fields->used] = malloc(sizeof(format_field));
-                               fields->ptr[fields->used]->type = FIELD_STRING;
-                               fields->ptr[fields->used]->string = buffer_init();
- 
-@@ -189,10 +189,10 @@
-                       if (fields->size == 0) {
-                               fields->size = 16;
-                               fields->used = 0;
--                              fields->ptr = malloc(fields->size * sizeof(format_fields * ));
-+                              fields->ptr = malloc(fields->size * sizeof(format_field * ));
-                       } else if (fields->used == fields->size) {
-                               fields->size += 16;
--                              fields->ptr = realloc(fields->ptr, fields->size * sizeof(format_fields * ));
-+                              fields->ptr = realloc(fields->ptr, fields->size * sizeof(format_field * ));
-                       }
+-int network_write_chunkqueue_freebsdsendfile(server *srv, connection *con, int fd, chunkqueue *cq) {
++int network_write_chunkqueue_freebsdsendfile(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes) {
+       chunk *c;
+-      size_t chunks_written = 0;

  
  

-                       /* search for the terminating command */
-@@ -211,7 +211,7 @@
- 
-                                       /* found key */
- 
--                                      fields->ptr[fields->used] = malloc(sizeof(format_fields));
-+                                      fields->ptr[fields->used] = malloc(sizeof(format_field));
-                                       fields->ptr[fields->used]->type = FIELD_FORMAT;
-                                       fields->ptr[fields->used]->field = fmap[j].type;
-                                       fields->ptr[fields->used]->string = NULL;
-@@ -258,7 +258,7 @@
- 
-                                       /* found key */
- 
--                                      fields->ptr[fields->used] = malloc(sizeof(format_fields));
-+                                      fields->ptr[fields->used] = malloc(sizeof(format_field));
-                                       fields->ptr[fields->used]->type = FIELD_FORMAT;
-                                       fields->ptr[fields->used]->field = fmap[j].type;
-                                       fields->ptr[fields->used]->string = buffer_init();
-@@ -291,7 +291,7 @@
- 
-                                       /* found key */
- 
--                                      fields->ptr[fields->used] = malloc(sizeof(format_fields));
-+                                      fields->ptr[fields->used] = malloc(sizeof(format_field));
-                                       fields->ptr[fields->used]->type = FIELD_FORMAT;
-                                       fields->ptr[fields->used]->field = fmap[j].type;
-                                       fields->ptr[fields->used]->string = NULL;
-@@ -321,13 +321,13 @@
-               if (fields->size == 0) {
-                       fields->size = 16;
-                       fields->used = 0;
--                      fields->ptr = malloc(fields->size * sizeof(format_fields * ));
-+                      fields->ptr = malloc(fields->size * sizeof(format_field * ));
-               } else if (fields->used == fields->size) {
-                       fields->size += 16;
--                      fields->ptr = realloc(fields->ptr, fields->size * sizeof(format_fields * ));
-+                      fields->ptr = realloc(fields->ptr, fields->size * sizeof(format_field * ));
-               }
+-      for(c = cq->first; c; c = c->next, chunks_written++) {
++      for(c = cq->first; (max_bytes > 0) && (NULL != c); c = c->next) {
+               int chunk_finished = 0;

  
  

--              fields->ptr[fields->used] = malloc(sizeof(format_fields));
-+              fields->ptr[fields->used] = malloc(sizeof(format_field));
-               fields->ptr[fields->used]->type = FIELD_STRING;
-               fields->ptr[fields->used]->string = buffer_init();
+               switch(c->type) {
+               case MEM_CHUNK: {
+                       char * offset;
+-                      size_t toSend;
++                      off_t toSend;
+                       ssize_t r;

  
  

-@@ -540,8 +540,9 @@
+                       size_t num_chunks, i;
+@@ -49,12 +48,10 @@
+                       chunk *tc;
+                       size_t num_bytes = 0;

  
  

-                       return HANDLER_ERROR;
-               }
-+#ifdef FD_CLOEXEC
-               fcntl(s->log_access_fd, F_SETFD, FD_CLOEXEC);
+-                      /* we can't send more then SSIZE_MAX bytes in one chunk */

 -
 -

-+#endif
-       }
+                       /* build writev list
+                        *
+                        * 1. limit: num_chunks < UIO_MAXIOV
+-                       * 2. limit: num_bytes < SSIZE_MAX
++                       * 2. limit: num_bytes < max_bytes
+                        */
+                       for(num_chunks = 0, tc = c; tc && tc->type == MEM_CHUNK && num_chunks < UIO_MAXIOV; num_chunks++, tc = tc->next);
+ 
+@@ -69,9 +66,9 @@
+                                       chunks[i].iov_base = offset;
+ 
+                                       /* protect the return value of writev() */
+-                                      if (toSend > SSIZE_MAX ||
+-                                          num_bytes + toSend > SSIZE_MAX) {
+-                                              chunks[i].iov_len = SSIZE_MAX - num_bytes;
++                                      if (toSend > max_bytes ||
++                                          (off_t) num_bytes + toSend > max_bytes) {
++                                              chunks[i].iov_len = max_bytes - num_bytes;
+ 
+                                               num_chunks = i + 1;
+                                               break;
+@@ -105,6 +102,7 @@
+ 
+                       /* check which chunks have been written */
+                       cq->bytes_out += r;
++                      max_bytes -= r;
+ 
+                       for(i = 0, tc = c; i < num_chunks; i++, tc = tc->next) {
+                               if (r >= (ssize_t)chunks[i].iov_len) {
+@@ -114,11 +112,10 @@
+ 
+                                       if (chunk_finished) {
+                                               /* skip the chunks from further touches */
+-                                              chunks_written++;
+                                               c = c->next;
+                                       } else {
+                                               /* chunks_written + c = c->next is done in the for()*/
+-                                              chunk_finished++;
++                                              chunk_finished = 1;
+                                       }
+                               } else {
+                                       /* partially written */
+@@ -134,7 +131,7 @@
+               }
+               case FILE_CHUNK: {
+                       off_t offset, r;
+-                      size_t toSend;
++                      off_t toSend;
+                       stat_cache_entry *sce = NULL;
+ 
+                       if (HANDLER_ERROR == stat_cache_get_entry(srv, con, c->file.name, &sce)) {
+@@ -144,9 +141,8 @@
+                       }

  
  

-       return HANDLER_GO_ON;
-@@ -584,6 +585,9 @@
+                       offset = c->file.start + c->offset;
+-                      /* limit the toSend to 2^31-1 bytes in a chunk */
+-                      toSend = c->file.length - c->offset > ((1 << 30) - 1) ?
+-                              ((1 << 30) - 1) : c->file.length - c->offset;
++                      toSend = c->file.length - c->offset;
++                      if (toSend > max_bytes) toSend = max_bytes;

  
  

-                               return HANDLER_ERROR;
-                       }
-+#ifdef FD_CLOEXEC
-+                      fcntl(s->log_access_fd, F_SETFD, FD_CLOEXEC);
-+#endif
+                       if (-1 == c->file.fd) {
+                               if (-1 == (c->file.fd = open(c->file.name->ptr, O_RDONLY))) {
+@@ -197,6 +193,7 @@
+ 
+                       c->offset += r;
+                       cq->bytes_out += r;
++                      max_bytes -= r;
+ 
+                       if (c->offset == c->file.length) {
+                               chunk_finished = 1;
+@@ -218,7 +215,7 @@

                }
        }
  
                }
        }
  

-Index: src/fdevent_linux_sysepoll.c
-===================================================================
---- src/fdevent_linux_sysepoll.c       (.../tags/lighttpd-1.4.20)      (revision 2392)
-+++ src/fdevent_linux_sysepoll.c       (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -91,7 +91,7 @@
-       if (e & EPOLLHUP) events |= FDEVENT_HUP;
-       if (e & EPOLLPRI) events |= FDEVENT_PRI;
- 
--      return e;
-+      return events;
+-      return chunks_written;
++      return 0;

  }
  
  }
  

- static int fdevent_linux_sysepoll_event_get_fd(fdevents *ev, size_t ndx) {
-Index: src/server.c
+ #endif
+Index: src/network_openssl.c

 ===================================================================
 ===================================================================

---- src/server.c       (.../tags/lighttpd-1.4.20)      (revision 2392)
-+++ src/server.c       (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -210,6 +210,7 @@
-       srv->srvconf.modules_dir = buffer_init_string(LIBRARY_DIR);
-       srv->srvconf.network_backend = buffer_init();
-       srv->srvconf.upload_tempdirs = array_init();
-+      srv->srvconf.reject_expect_100_with_417 = 1;
- 
-       /* use syslog */
-       srv->errorlog_fd = -1;
-@@ -844,15 +845,16 @@
+--- src/network_openssl.c      (.../tags/lighttpd-1.4.29)
++++ src/network_openssl.c      (.../branches/lighttpd-1.4.x)
+@@ -27,10 +27,9 @@
+ # include <openssl/ssl.h>
+ # include <openssl/err.h>
+ 
+-int network_write_chunkqueue_openssl(server *srv, connection *con, SSL *ssl, chunkqueue *cq) {
++int network_write_chunkqueue_openssl(server *srv, connection *con, SSL *ssl, chunkqueue *cq, off_t max_bytes) {
+       int ssl_r;
+       chunk *c;
+-      size_t chunks_written = 0;
+ 
+       /* this is a 64k sendbuffer
+        *
+@@ -59,13 +58,13 @@
+               SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN);

        }
  
        }
  

-       /* set max-conns */
--      if (srv->srvconf.max_conns > srv->max_fds) {
--              /* we can't have more connections than max-fds */
--              srv->max_conns = srv->max_fds;
-+      if (srv->srvconf.max_conns > srv->max_fds/2) {
-+              /* we can't have more connections than max-fds/2 */
-+              log_error_write(srv, __FILE__, __LINE__, "sdd", "can't have more connections than fds/2: ", srv->srvconf.max_conns, srv->max_fds);
-+              srv->max_conns = srv->max_fds/2;
-       } else if (srv->srvconf.max_conns) {
-               /* otherwise respect the wishes of the user */
-               srv->max_conns = srv->srvconf.max_conns;
-       } else {
--              /* or use the default */
--              srv->max_conns = srv->max_fds;
-+              /* or use the default: we really don't want to hit max-fds */
-+              srv->max_conns = srv->max_fds/3;
-       }
+-      for(c = cq->first; c; c = c->next) {
++      for(c = cq->first; (max_bytes > 0) && (NULL != c); c = c->next) {
+               int chunk_finished = 0;

  
  

-       if (HANDLER_GO_ON != plugins_call_init(srv)) {
-@@ -1243,8 +1245,8 @@
- 
-                                               if (srv->cur_ts - con->write_request_ts > con->conf.max_write_idle) {
-                                                       /* time - out */
--#if 1
--                                                      log_error_write(srv, __FILE__, __LINE__, "sbsosds",
-+                                                      if (con->conf.log_timeouts) {
-+                                                              log_error_write(srv, __FILE__, __LINE__, "sbsosds",
-                                                                       "NOTE: a request for",
-                                                                       con->request.uri,
-                                                                       "timed out after writing",
-@@ -1252,7 +1254,7 @@
-                                                                       "bytes. We waited",
-                                                                       (int)con->conf.max_write_idle,
-                                                                       "seconds. If this a problem increase server.max-write-idle");
--#endif
-+                                                      }
-                                                       connection_set_state(srv, con, CON_STATE_ERROR);
-                                                       changed = 1;
-                                               }
-@@ -1295,8 +1297,8 @@
-               if (srv->sockets_disabled) {
-                       /* our server sockets are disabled, why ? */
- 
--                      if ((srv->cur_fds + srv->want_fds < srv->max_fds * 0.8) && /* we have enough unused fds */
--                          (srv->conns->used < srv->max_conns * 0.9) &&
-+                      if ((srv->cur_fds + srv->want_fds < srv->max_fds * 8 / 10) && /* we have enough unused fds */
-+                          (srv->conns->used <= srv->max_conns * 9 / 10) &&
-                           (0 == graceful_shutdown)) {
-                               for (i = 0; i < srv->srv_sockets.used; i++) {
-                                       server_socket *srv_socket = srv->srv_sockets.ptr[i];
-@@ -1308,8 +1310,8 @@
-                               srv->sockets_disabled = 0;
-                       }
-               } else {
--                      if ((srv->cur_fds + srv->want_fds > srv->max_fds * 0.9) || /* out of fds */
--                          (srv->conns->used > srv->max_conns) || /* out of connections */
-+                      if ((srv->cur_fds + srv->want_fds > srv->max_fds * 9 / 10) || /* out of fds */
-+                          (srv->conns->used >= srv->max_conns) || /* out of connections */
-                           (graceful_shutdown)) { /* graceful_shutdown */
- 
-                               /* disable server-fds */
-@@ -1348,7 +1350,7 @@
- 
-                               if (graceful_shutdown) {
-                                       log_error_write(srv, __FILE__, __LINE__, "s", "[note] graceful shutdown started");
--                              } else if (srv->conns->used > srv->max_conns) {
-+                              } else if (srv->conns->used >= srv->max_conns) {
-                                       log_error_write(srv, __FILE__, __LINE__, "s", "[note] sockets disabled, connection limit reached");
-                               } else {
-                                       log_error_write(srv, __FILE__, __LINE__, "s", "[note] sockets disabled, out-of-fds");
-Index: src/log.c
-===================================================================
---- src/log.c  (.../tags/lighttpd-1.4.20)      (revision 2392)
-+++ src/log.c  (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -146,6 +146,10 @@
-                       /* ok, new log is open, close the old one */
-                       close(srv->errorlog_fd);
-                       srv->errorlog_fd = new_fd;
-+#ifdef FD_CLOEXEC
-+                      /* close fd on exec (cgi) */
-+                      fcntl(srv->errorlog_fd, F_SETFD, FD_CLOEXEC);
-+#endif
-               }
-       }
+               switch(c->type) {
+               case MEM_CHUNK: {
+                       char * offset;
+-                      size_t toSend;
++                      off_t toSend;
+                       ssize_t r;

  
  

-Index: src/proc_open.c
-===================================================================
---- src/proc_open.c    (.../tags/lighttpd-1.4.20)      (revision 2392)
-+++ src/proc_open.c    (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -287,32 +287,33 @@
- }
- /* }}} */
- /* {{{ proc_open_buffer */
--int proc_open_buffer(proc_handler_t *proc, const char *command, buffer *in, buffer *out, buffer *err) {
-+int proc_open_buffer(const char *command, buffer *in, buffer *out, buffer *err) {
-+      proc_handler_t proc;
+                       if (c->mem->used == 0 || c->mem->used == 1) {
+@@ -75,6 +74,7 @@

  
  

--      UNUSED(err);
--
--      if (proc_open(proc, command) != 0) {
-+      if (proc_open(&proc, command) != 0) {
-               return -1;
-       }
+                       offset = c->mem->ptr + c->offset;
+                       toSend = c->mem->used - 1 - c->offset;
++                      if (toSend > max_bytes) toSend = max_bytes;

  
  

-       if (in) {
--              if (write(proc->in.fd, (void *)in->ptr, in->used) < 0) {
-+              if (write(proc.in.fd, (void *)in->ptr, in->used) < 0) {
-                       perror("error writing pipe");
-                       return -1;
-               }
-       }
--      pipe_close(&proc->in);
-+      pipe_close(&proc.in);
+                       /**
+                        * SSL_write man-page
+@@ -87,7 +87,14 @@
+                        */

  
  

-       if (out) {
--              proc_read_fd_to_buffer(proc->out.fd, out);
-+              proc_read_fd_to_buffer(proc.out.fd, out);
-       }
--      pipe_close(&proc->out);
-+      pipe_close(&proc.out);
+                       ERR_clear_error();
+-                      if ((r = SSL_write(ssl, offset, toSend)) <= 0) {
++                      r = SSL_write(ssl, offset, toSend);
++
++                      if (con->renegotiations > 1 && con->conf.ssl_disable_client_renegotiation) {
++                              log_error_write(srv, __FILE__, __LINE__, "s", "SSL: renegotiation initiated by client");
++                              return -1;
++                      }
++
++                      if (r <= 0) {
+                               unsigned long err;

  
  

-       if (err) {
--              proc_read_fd_to_buffer(proc->err.fd, err);
-+              proc_read_fd_to_buffer(proc.err.fd, err);
-       }
--      pipe_close(&proc->err);
-+      pipe_close(&proc.err);
+                               switch ((ssl_r = SSL_get_error(ssl, r))) {
+@@ -139,6 +146,7 @@
+                       } else {
+                               c->offset += r;
+                               cq->bytes_out += r;
++                              max_bytes -= r;
+                       }
+ 
+                       if (c->offset == (off_t)c->mem->used - 1) {
+@@ -168,6 +176,7 @@
+                       do {
+                               off_t offset = c->file.start + c->offset;
+                               off_t toSend = c->file.length - c->offset;
++                              if (toSend > max_bytes) toSend = max_bytes;
+ 
+                               if (toSend > LOCAL_SEND_BUFSIZE) toSend = LOCAL_SEND_BUFSIZE;
+ 
+@@ -190,7 +199,14 @@
+                               close(ifd);

  
  

-+      proc_close(&proc);
+                               ERR_clear_error();
+-                              if ((r = SSL_write(ssl, s, toSend)) <= 0) {
++                              r = SSL_write(ssl, s, toSend);

 +
 +

-       return 0;
- }
- /* }}} */
-@@ -366,7 +367,7 @@
-               RESET();
- 
-               fprintf(stdout, "test: echo 321 with read\n"); fflush(stdout);
--              if (proc_open_buffer(&proc, "echo 321", NULL, out, err) != 0) {
-+              if (proc_open_buffer("echo 321", NULL, out, err) != 0) {
-                       ERROR_OUT();
++                              if (con->renegotiations > 1 && con->conf.ssl_disable_client_renegotiation) {
++                                      log_error_write(srv, __FILE__, __LINE__, "s", "SSL: renegotiation initiated by client");
++                                      return -1;
++                              }
++
++                              if (r <= 0) {
+                                       unsigned long err;
+ 
+                                       switch ((ssl_r = SSL_get_error(ssl, r))) {
+@@ -243,12 +259,13 @@
+                               } else {
+                                       c->offset += r;
+                                       cq->bytes_out += r;
++                                      max_bytes -= r;
+                               }
+ 
+                               if (c->offset == c->file.length) {
+                                       chunk_finished = 1;
+                               }
+-                      } while(!chunk_finished && !write_wait);
++                      } while (!chunk_finished && !write_wait && max_bytes > 0);
+ 
+                       break;

                }
                }

-               fprintf(stdout, "result: ->%s<-\n\n", out->ptr); fflush(stdout);
-@@ -374,7 +375,7 @@
- 
-               fprintf(stdout, "test: echo 123 | " CMD_CAT "\n"); fflush(stdout);
-               buffer_copy_string_len(in, CONST_STR_LEN("123\n"));
--              if (proc_open_buffer(&proc, CMD_CAT, in, out, err) != 0) {
-+              if (proc_open_buffer(CMD_CAT, in, out, err) != 0) {
-                       ERROR_OUT();
+@@ -263,11 +280,9 @@
+ 
+                       break;

                }
                }

-               fprintf(stdout, "result: ->%s<-\n\n", out->ptr); fflush(stdout);
-Index: src/proc_open.h
-===================================================================
---- src/proc_open.h    (.../tags/lighttpd-1.4.20)      (revision 2392)
-+++ src/proc_open.h    (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -22,4 +22,4 @@
- 
- int proc_close(proc_handler_t *ht);
- int proc_open(proc_handler_t *ht, const char *command);
--int proc_open_buffer(proc_handler_t *ht, const char *command, buffer *in, buffer *out, buffer *err);
-+int proc_open_buffer(const char *command, buffer *in, buffer *out, buffer *err);
-Index: tests/mod-proxy.t
-===================================================================
---- tests/mod-proxy.t  (.../tags/lighttpd-1.4.20)      (revision 2392)
-+++ tests/mod-proxy.t  (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -8,14 +8,24 @@
+-
+-              chunks_written++;
+       }

  
  

- use strict;
- use IO::Socket;
--use Test::More tests => 6;
-+use Test::More tests => 9;
- use LightyTest;
+-      return chunks_written;
++      return 0;
+ }
+ #endif

  
  

- my $tf_real = LightyTest->new();
- my $tf_proxy = LightyTest->new();
+Index: src/http_auth.c
+===================================================================
+--- src/http_auth.c    (.../tags/lighttpd-1.4.29)
++++ src/http_auth.c    (.../branches/lighttpd-1.4.x)
+@@ -1,7 +1,6 @@
+ #include "server.h"
+ #include "log.h"
+ #include "http_auth.h"
+-#include "http_auth_digest.h"
+ #include "inet_ntop_cache.h"
+ #include "stream.h"
+ 
+@@ -28,18 +27,23 @@
+ #include <unistd.h>
+ #include <ctype.h>

  
  

- my $t;
-+my $php_child = -1;
+-#ifdef USE_OPENSSL
+-# include <openssl/md5.h>
+-#else
+-# include "md5.h"
++#include "md5.h"
+ 
+-typedef li_MD5_CTX MD5_CTX;
+-#define MD5_Init li_MD5_Init
+-#define MD5_Update li_MD5_Update
+-#define MD5_Final li_MD5_Final
++#define HASHLEN 16
++#define HASHHEXLEN 32
++typedef unsigned char HASH[HASHLEN];
++typedef char HASHHEX[HASHHEXLEN+1];

  
  

-+my $phpbin = (defined $ENV{'PHP'} ? $ENV{'PHP'} : '/usr/bin/php-cgi');
-+$ENV{'PHP'} = $phpbin;
-+
-+SKIP: {
-+      skip "PHP already running on port 1026", 1 if $tf_real->listening_on(1026);
-+      skip "no php binary found", 1 unless -x $phpbin;
-+      ok(-1 != ($php_child = $tf_real->spawnfcgi($phpbin, 1026)), "Spawning php");
+-#endif
++static void CvtHex(const HASH Bin, char Hex[33]) {
++      unsigned short i;
+ 
++      for (i = 0; i < 16; i++) {
++              Hex[i*2] = int2hex((Bin[i] >> 4) & 0xf);
++              Hex[i*2+1] = int2hex(Bin[i] & 0xf);
++      }
++      Hex[32] = '\0';

 +}
 +
 +}
 +

- ## we need two procs
- ## 1. the real webserver
- ## 2. the proxy server
-@@ -26,9 +36,9 @@
- $tf_proxy->{PORT} = 2050;
- $tf_proxy->{CONFIGFILE} = 'proxy.conf';
+ /**
+  * the $apr1$ handling is taken from apache 1.3.x
+  */
+@@ -95,7 +99,7 @@
+       ch = in[0];
+       /* run through the whole string, converting as we go */
+       for (i = 0; i < in_len; i++) {
+-              ch = in[i];
++              ch = (unsigned char) in[i];
+ 
+               if (ch == '\0') break;
+ 
+@@ -435,7 +439,7 @@
+ 
+ static void to64(char *s, unsigned long v, int n)
+ {
+-    static unsigned char itoa64[] =         /* 0 ... 63 => ASCII - 64 */
++    static const unsigned char itoa64[] =         /* 0 ... 63 => ASCII - 64 */
+         "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+ 
+     while (--n >= 0) {
+@@ -455,7 +459,7 @@
+     const char *sp, *ep;
+     unsigned char final[APR_MD5_DIGESTSIZE];
+     ssize_t sl, pl, i;
+-    MD5_CTX ctx, ctx1;
++    li_MD5_CTX ctx, ctx1;
+     unsigned long l;
+ 
+     /*
+@@ -487,33 +491,33 @@
+     /*
+      * 'Time to make the doughnuts..'
+      */
+-    MD5_Init(&ctx);
++    li_MD5_Init(&ctx);
+ 
+     /*
+      * The password first, since that is what is most unknown
+      */
+-    MD5_Update(&ctx, pw, strlen(pw));
++    li_MD5_Update(&ctx, pw, strlen(pw));
+ 
+     /*
+      * Then our magic string
+      */
+-    MD5_Update(&ctx, APR1_ID, strlen(APR1_ID));
++    li_MD5_Update(&ctx, APR1_ID, strlen(APR1_ID));
+ 
+     /*
+      * Then the raw salt
+      */
+-    MD5_Update(&ctx, sp, sl);
++    li_MD5_Update(&ctx, sp, sl);
+ 
+     /*
+      * Then just as many characters of the MD5(pw, salt, pw)
+      */
+-    MD5_Init(&ctx1);
+-    MD5_Update(&ctx1, pw, strlen(pw));
+-    MD5_Update(&ctx1, sp, sl);
+-    MD5_Update(&ctx1, pw, strlen(pw));
+-    MD5_Final(final, &ctx1);
++    li_MD5_Init(&ctx1);
++    li_MD5_Update(&ctx1, pw, strlen(pw));
++    li_MD5_Update(&ctx1, sp, sl);
++    li_MD5_Update(&ctx1, pw, strlen(pw));
++    li_MD5_Final(final, &ctx1);
+     for (pl = strlen(pw); pl > 0; pl -= APR_MD5_DIGESTSIZE) {
+-        MD5_Update(&ctx, final,
++        li_MD5_Update(&ctx, final,
+                       (pl > APR_MD5_DIGESTSIZE) ? APR_MD5_DIGESTSIZE : pl);
+     }

  
  

--ok($tf_real->start_proc == 0, "Starting lighttpd") or die();
-+ok($tf_real->start_proc == 0, "Starting lighttpd") or goto cleanup;
+@@ -527,10 +531,10 @@
+      */
+     for (i = strlen(pw); i != 0; i >>= 1) {
+         if (i & 1) {
+-            MD5_Update(&ctx, final, 1);
++            li_MD5_Update(&ctx, final, 1);
+         }
+         else {
+-            MD5_Update(&ctx, pw, 1);
++            li_MD5_Update(&ctx, pw, 1);
+         }
+     }

  
  

--ok($tf_proxy->start_proc == 0, "Starting lighttpd as proxy") or die();
-+ok($tf_proxy->start_proc == 0, "Starting lighttpd as proxy") or goto cleanup;
+@@ -542,7 +546,7 @@
+     strncat(passwd, sp, sl);
+     strcat(passwd, "$");
+ 
+-    MD5_Final(final, &ctx);
++    li_MD5_Final(final, &ctx);
+ 
+     /*
+      * And now, just to make sure things don't run too fast..
+@@ -550,28 +554,28 @@
+      * need 30 seconds to build a 1000 entry dictionary...
+      */
+     for (i = 0; i < 1000; i++) {
+-        MD5_Init(&ctx1);
++        li_MD5_Init(&ctx1);
+         if (i & 1) {
+-            MD5_Update(&ctx1, pw, strlen(pw));
++            li_MD5_Update(&ctx1, pw, strlen(pw));
+         }
+         else {
+-            MD5_Update(&ctx1, final, APR_MD5_DIGESTSIZE);
++            li_MD5_Update(&ctx1, final, APR_MD5_DIGESTSIZE);
+         }
+         if (i % 3) {
+-            MD5_Update(&ctx1, sp, sl);
++            li_MD5_Update(&ctx1, sp, sl);
+         }
+ 
+         if (i % 7) {
+-            MD5_Update(&ctx1, pw, strlen(pw));
++            li_MD5_Update(&ctx1, pw, strlen(pw));
+         }
+ 
+         if (i & 1) {
+-            MD5_Update(&ctx1, final, APR_MD5_DIGESTSIZE);
++            li_MD5_Update(&ctx1, final, APR_MD5_DIGESTSIZE);
+         }
+         else {
+-            MD5_Update(&ctx1, pw, strlen(pw));
++            li_MD5_Update(&ctx1, pw, strlen(pw));
+         }
+-        MD5_Final(final,&ctx1);
++        li_MD5_Final(final,&ctx1);
+     }

  
  

- $t->{REQUEST}  = ( <<EOF
- GET /index.html HTTP/1.0
-@@ -46,6 +56,31 @@
- $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200, 'Server' => 'Apache 1.3.29' } ];
- ok($tf_proxy->handle_http($t) == 0, 'drop Server from real server');
- 
-+SKIP: {
-+      skip "no PHP running on port 1026", 1 unless $tf_real->listening_on(1026);
-+      $t->{REQUEST}  = ( <<EOF
-+GET /rewrite/all/some+test%3axxx%20with%20space HTTP/1.0
-+Host: www.example.org
-+EOF
-+ );
-+      $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200, 'HTTP-Content' => '/some+test%3axxx%20with%20space' } ];
-+      ok($tf_proxy->handle_http($t) == 0, 'rewrited urls work with encoded path');
-+}
-+
- ok($tf_proxy->stop_proc == 0, "Stopping lighttpd proxy");
+     p = passwd + strlen(passwd);
+@@ -614,17 +618,17 @@
+                * user:realm:md5(user:realm:password)
+                */

  
  

- ok($tf_real->stop_proc == 0, "Stopping lighttpd");
-+
-+SKIP: {
-+      skip "PHP not started, cannot stop it", 1 unless $php_child != -1;
-+      ok(0 == $tf_real->endspawnfcgi($php_child), "Stopping php");
-+      $php_child = -1;
-+}
-+
-+exit 0;
-+
-+cleanup:
-+
-+$tf_real->endspawnfcgi($php_child) if $php_child != -1;
-+
-+die();
-Index: tests/CMakeLists.txt
+-              MD5_CTX Md5Ctx;
++              li_MD5_CTX Md5Ctx;
+               HASH HA1;
+               char a1[256];
+ 
+-              MD5_Init(&Md5Ctx);
+-              MD5_Update(&Md5Ctx, (unsigned char *)username->ptr, username->used - 1);
+-              MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+-              MD5_Update(&Md5Ctx, (unsigned char *)realm->ptr, realm->used - 1);
+-              MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+-              MD5_Update(&Md5Ctx, (unsigned char *)pw, strlen(pw));
+-              MD5_Final(HA1, &Md5Ctx);
++              li_MD5_Init(&Md5Ctx);
++              li_MD5_Update(&Md5Ctx, (unsigned char *)username->ptr, username->used - 1);
++              li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
++              li_MD5_Update(&Md5Ctx, (unsigned char *)realm->ptr, realm->used - 1);
++              li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
++              li_MD5_Update(&Md5Ctx, (unsigned char *)pw, strlen(pw));
++              li_MD5_Final(HA1, &Md5Ctx);
+ 
+               CvtHex(HA1, a1);
+ 
+@@ -930,7 +934,7 @@
+       int i;
+       buffer *password, *b, *username_buf, *realm_buf;
+ 
+-      MD5_CTX Md5Ctx;
++      li_MD5_CTX Md5Ctx;
+       HASH HA1;
+       HASH HA2;
+       HASH RespHash;
+@@ -1067,13 +1071,13 @@
+ 
+       if (p->conf.auth_backend == AUTH_BACKEND_PLAIN) {
+               /* generate password from plain-text */
+-              MD5_Init(&Md5Ctx);
+-              MD5_Update(&Md5Ctx, (unsigned char *)username, strlen(username));
+-              MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+-              MD5_Update(&Md5Ctx, (unsigned char *)realm, strlen(realm));
+-              MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+-              MD5_Update(&Md5Ctx, (unsigned char *)password->ptr, password->used - 1);
+-              MD5_Final(HA1, &Md5Ctx);
++              li_MD5_Init(&Md5Ctx);
++              li_MD5_Update(&Md5Ctx, (unsigned char *)username, strlen(username));
++              li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
++              li_MD5_Update(&Md5Ctx, (unsigned char *)realm, strlen(realm));
++              li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
++              li_MD5_Update(&Md5Ctx, (unsigned char *)password->ptr, password->used - 1);
++              li_MD5_Final(HA1, &Md5Ctx);
+       } else if (p->conf.auth_backend == AUTH_BACKEND_HTDIGEST) {
+               /* HA1 */
+               /* transform the 32-byte-hex-md5 to a 16-byte-md5 */
+@@ -1090,45 +1094,45 @@
+ 
+       if (algorithm &&
+           strcasecmp(algorithm, "md5-sess") == 0) {
+-              MD5_Init(&Md5Ctx);
+-              MD5_Update(&Md5Ctx, (unsigned char *)HA1, 16);
+-              MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+-              MD5_Update(&Md5Ctx, (unsigned char *)nonce, strlen(nonce));
+-              MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+-              MD5_Update(&Md5Ctx, (unsigned char *)cnonce, strlen(cnonce));
+-              MD5_Final(HA1, &Md5Ctx);
++              li_MD5_Init(&Md5Ctx);
++              li_MD5_Update(&Md5Ctx, (unsigned char *)HA1, 16);
++              li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
++              li_MD5_Update(&Md5Ctx, (unsigned char *)nonce, strlen(nonce));
++              li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
++              li_MD5_Update(&Md5Ctx, (unsigned char *)cnonce, strlen(cnonce));
++              li_MD5_Final(HA1, &Md5Ctx);
+       }
+ 
+       CvtHex(HA1, a1);
+ 
+       /* calculate H(A2) */
+-      MD5_Init(&Md5Ctx);
+-      MD5_Update(&Md5Ctx, (unsigned char *)m, strlen(m));
+-      MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+-      MD5_Update(&Md5Ctx, (unsigned char *)uri, strlen(uri));
++      li_MD5_Init(&Md5Ctx);
++      li_MD5_Update(&Md5Ctx, (unsigned char *)m, strlen(m));
++      li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
++      li_MD5_Update(&Md5Ctx, (unsigned char *)uri, strlen(uri));
+       if (qop && strcasecmp(qop, "auth-int") == 0) {
+-              MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+-              MD5_Update(&Md5Ctx, (unsigned char *)"", HASHHEXLEN);
++              li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
++              li_MD5_Update(&Md5Ctx, (unsigned char *)"", HASHHEXLEN);
+       }
+-      MD5_Final(HA2, &Md5Ctx);
++      li_MD5_Final(HA2, &Md5Ctx);
+       CvtHex(HA2, HA2Hex);
+ 
+       /* calculate response */
+-      MD5_Init(&Md5Ctx);
+-      MD5_Update(&Md5Ctx, (unsigned char *)a1, HASHHEXLEN);
+-      MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+-      MD5_Update(&Md5Ctx, (unsigned char *)nonce, strlen(nonce));
+-      MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
++      li_MD5_Init(&Md5Ctx);
++      li_MD5_Update(&Md5Ctx, (unsigned char *)a1, HASHHEXLEN);
++      li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
++      li_MD5_Update(&Md5Ctx, (unsigned char *)nonce, strlen(nonce));
++      li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+       if (qop && *qop) {
+-              MD5_Update(&Md5Ctx, (unsigned char *)nc, strlen(nc));
+-              MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+-              MD5_Update(&Md5Ctx, (unsigned char *)cnonce, strlen(cnonce));
+-              MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+-              MD5_Update(&Md5Ctx, (unsigned char *)qop, strlen(qop));
+-              MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
++              li_MD5_Update(&Md5Ctx, (unsigned char *)nc, strlen(nc));
++              li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
++              li_MD5_Update(&Md5Ctx, (unsigned char *)cnonce, strlen(cnonce));
++              li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
++              li_MD5_Update(&Md5Ctx, (unsigned char *)qop, strlen(qop));
++              li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+       };
+-      MD5_Update(&Md5Ctx, (unsigned char *)HA2Hex, HASHHEXLEN);
+-      MD5_Final(RespHash, &Md5Ctx);
++      li_MD5_Update(&Md5Ctx, (unsigned char *)HA2Hex, HASHHEXLEN);
++      li_MD5_Final(RespHash, &Md5Ctx);
+       CvtHex(RespHash, a2);
+ 
+       if (0 != strcmp(a2, respons)) {
+@@ -1171,24 +1175,24 @@
+ 
+ int http_auth_digest_generate_nonce(server *srv, mod_auth_plugin_data *p, buffer *fn, char out[33]) {
+       HASH h;
+-      MD5_CTX Md5Ctx;
++      li_MD5_CTX Md5Ctx;
+       char hh[32];
+ 
+       UNUSED(p);
+ 
+       /* generate shared-secret */
+-      MD5_Init(&Md5Ctx);
+-      MD5_Update(&Md5Ctx, (unsigned char *)fn->ptr, fn->used - 1);
+-      MD5_Update(&Md5Ctx, (unsigned char *)"+", 1);
++      li_MD5_Init(&Md5Ctx);
++      li_MD5_Update(&Md5Ctx, (unsigned char *)fn->ptr, fn->used - 1);
++      li_MD5_Update(&Md5Ctx, (unsigned char *)"+", 1);
+ 
+       /* we assume sizeof(time_t) == 4 here, but if not it ain't a problem at all */
+       LI_ltostr(hh, srv->cur_ts);
+-      MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
+-      MD5_Update(&Md5Ctx, (unsigned char *)srv->entropy, sizeof(srv->entropy));
++      li_MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
++      li_MD5_Update(&Md5Ctx, (unsigned char *)srv->entropy, sizeof(srv->entropy));
+       LI_ltostr(hh, rand());
+-      MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
++      li_MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
+ 
+-      MD5_Final(h, &Md5Ctx);
++      li_MD5_Final(h, &Md5Ctx);
+ 
+       CvtHex(h, out);
+ 
+Index: src/mod_usertrack.c

 ===================================================================
 ===================================================================

---- tests/CMakeLists.txt       (.../tags/lighttpd-1.4.20)      (revision 0)
-+++ tests/CMakeLists.txt       (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -0,0 +1,34 @@
-+SET(T_FILES
-+      prepare.sh
-+      cachable.t
-+      core-404-handler.t
-+      core-condition.t
-+      core-keepalive.t
-+      core-request.t
-+      core-response.t
-+      core.t
-+      core-var-include.t
-+      lowercase.t
-+      mod-access.t
-+      mod-auth.t
-+      mod-cgi.t
-+      mod-compress.t
-+      mod-extforward.t
-+      mod-fastcgi.t
-+      mod-proxy.t
-+      mod-redirect.t
-+      mod-rewrite.t
-+      mod-secdownload.t
-+      mod-setenv.t
-+      mod-ssi.t
-+      mod-userdir.t
-+      request.t
-+      symlink.t
-+)
-+
-+FOREACH(it ${T_FILES})
-+  ADD_TEST(${it} "${lighttpd_SOURCE_DIR}/tests/wrapper.sh"
-+              "${lighttpd_SOURCE_DIR}/tests"
-+              "${lighttpd_BINARY_DIR}"
-+              "${lighttpd_SOURCE_DIR}/tests/${it}")
-+ENDFOREACH(it)
-Index: tests/SConscript
+--- src/mod_usertrack.c        (.../tags/lighttpd-1.4.29)
++++ src/mod_usertrack.c        (.../branches/lighttpd-1.4.x)
+@@ -8,18 +8,8 @@
+ #include <stdlib.h>
+ #include <string.h>
+ 
+-#ifdef USE_OPENSSL
+-# include <openssl/md5.h>
+-#else
+-# include "md5.h"
++#include "md5.h"
+ 
+-typedef li_MD5_CTX MD5_CTX;
+-#define MD5_Init li_MD5_Init
+-#define MD5_Update li_MD5_Update
+-#define MD5_Final li_MD5_Final
+-
+-#endif
+-
+ /* plugin config for all request/connections */
+ 
+ typedef struct {
+@@ -182,7 +172,7 @@
+       plugin_data *p = p_d;
+       data_string *ds;
+       unsigned char h[16];
+-      MD5_CTX Md5Ctx;
++      li_MD5_CTX Md5Ctx;
+       char hh[32];
+ 
+       if (con->uri.path->used == 0) return HANDLER_GO_ON;
+@@ -228,18 +218,18 @@
+       /* taken from mod_auth.c */
+ 
+       /* generate shared-secret */
+-      MD5_Init(&Md5Ctx);
+-      MD5_Update(&Md5Ctx, (unsigned char *)con->uri.path->ptr, con->uri.path->used - 1);
+-      MD5_Update(&Md5Ctx, (unsigned char *)"+", 1);
++      li_MD5_Init(&Md5Ctx);
++      li_MD5_Update(&Md5Ctx, (unsigned char *)con->uri.path->ptr, con->uri.path->used - 1);
++      li_MD5_Update(&Md5Ctx, (unsigned char *)"+", 1);
+ 
+       /* we assume sizeof(time_t) == 4 here, but if not it ain't a problem at all */
+       LI_ltostr(hh, srv->cur_ts);
+-      MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
+-      MD5_Update(&Md5Ctx, (unsigned char *)srv->entropy, sizeof(srv->entropy));
++      li_MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
++      li_MD5_Update(&Md5Ctx, (unsigned char *)srv->entropy, sizeof(srv->entropy));
+       LI_ltostr(hh, rand());
+-      MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
++      li_MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
+ 
+-      MD5_Final(h, &Md5Ctx);
++      li_MD5_Final(h, &Md5Ctx);
+ 
+       buffer_append_string_encoded(ds->value, (char *)h, 16, ENCODING_HEX);
+       buffer_append_string_len(ds->value, CONST_STR_LEN("; Path=/"));
+Index: src/mod_status.c

 ===================================================================
 ===================================================================

---- tests/SConscript   (.../tags/lighttpd-1.4.20)      (revision 2392)
-+++ tests/SConscript   (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -23,6 +23,7 @@
-       mod-auth.t \
-       mod-cgi.t \
-       mod-compress.t \
-+      mod-compress.conf \
-       mod-fastcgi.t \
-       mod-redirect.t \
-       mod-userdir.t \
-Index: tests/mod-compress.conf
+--- src/mod_status.c   (.../tags/lighttpd-1.4.29)
++++ src/mod_status.c   (.../branches/lighttpd-1.4.x)
+@@ -487,7 +487,7 @@
+ 
+               buffer_append_string_len(b, CONST_STR_LEN("</td><td class=\"int\">"));
+ 
+-              if (con->request.content_length) {
++              if (c->request.content_length) {
+                       buffer_append_long(b, c->request_content_queue->bytes_in);
+                       buffer_append_string_len(b, CONST_STR_LEN("/"));
+                       buffer_append_long(b, c->request.content_length);
+Index: src/settings.h

 ===================================================================
 ===================================================================

---- tests/mod-compress.conf    (.../tags/lighttpd-1.4.20)      (revision 0)
-+++ tests/mod-compress.conf    (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -0,0 +1,32 @@
-+debug.log-request-handling   = "enable"
-+debug.log-response-header   = "disable"
-+debug.log-request-header   = "disable"
-+
-+server.document-root         = env.SRCDIR + "/tmp/lighttpd/servers/www.example.org/pages/"
-+server.pid-file              = env.SRCDIR + "/tmp/lighttpd/lighttpd.pid"
-+
-+## bind to port (default: 80)
-+server.port                 = 2048
-+
-+## bind to localhost (default: all interfaces)
-+server.bind                = "localhost"
-+server.errorlog            = env.SRCDIR + "/tmp/lighttpd/logs/lighttpd.error.log"
-+server.name                = "www.example.org"
-+
-+server.modules = (
-+      "mod_compress"
-+)
-+
-+######################## MODULE CONFIG ############################
-+
-+mimetype.assign = (
-+      ".html" => "text/html",
-+      ".txt"  => "text/plain",
-+)
-+
-+$HTTP["host"] == "cache.example.org" {
-+      compress.cache-dir = env.SRCDIR + "/tmp/lighttpd/cache/compress/"
-+}
-+compress.filetype = ("text/plain", "text/html")
-+
-+compress.allowed-encodings = ( "gzip", "deflate" )
-Index: tests/mod-fastcgi.t
+--- src/settings.h     (.../tags/lighttpd-1.4.29)
++++ src/settings.h     (.../branches/lighttpd-1.4.x)
+@@ -21,8 +21,11 @@
+  * 64kB (no real reason, just a guess)
+  */
+ #define BUFFER_MAX_REUSE_SIZE  (4 * 1024)
+-#define MAX_READ_LIMIT (4*1024*1024)
+ 
++/* both should be way smaller than SSIZE_MAX :) */
++#define MAX_READ_LIMIT (256*1024)
++#define MAX_WRITE_LIMIT (256*1024)
++
+ /**
+  * max size of the HTTP request header
+  *
+Index: src/mod_cml_lua.c

 ===================================================================
 ===================================================================

---- tests/mod-fastcgi.t        (.../tags/lighttpd-1.4.20)      (revision 2392)
-+++ tests/mod-fastcgi.t        (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -7,7 +7,7 @@
- }
+--- src/mod_cml_lua.c  (.../tags/lighttpd-1.4.29)
++++ src/mod_cml_lua.c  (.../branches/lighttpd-1.4.x)
+@@ -11,18 +11,6 @@
+ #include <time.h>
+ #include <string.h>

  
  

- use strict;
--use Test::More tests => 49;
-+use Test::More tests => 50;
- use LightyTest;
+-#ifdef USE_OPENSSL
+-# include <openssl/md5.h>
+-#else
+-# include "md5.h"
+-
+-typedef li_MD5_CTX MD5_CTX;
+-#define MD5_Init li_MD5_Init
+-#define MD5_Update li_MD5_Update
+-#define MD5_Final li_MD5_Final
+-
+-#endif
+-
+ #define HASHLEN 16
+ typedef unsigned char HASH[HASHLEN];
+ #define HASHHEXLEN 32
+Index: src/mod_fastcgi.c
+===================================================================
+--- src/mod_fastcgi.c  (.../tags/lighttpd-1.4.29)
++++ src/mod_fastcgi.c  (.../branches/lighttpd-1.4.x)
+@@ -3075,7 +3075,7 @@
+               fcgi_set_state(srv, hctx, FCGI_STATE_WRITE);
+               /* fall through */
+       case FCGI_STATE_WRITE:
+-              ret = srv->network_backend_write(srv, con, hctx->fd, hctx->wb);
++              ret = srv->network_backend_write(srv, con, hctx->fd, hctx->wb, MAX_WRITE_LIMIT);
+ 
+               chunkqueue_remove_finished_chunks(hctx->wb);
+ 
+@@ -3132,7 +3132,6 @@
+       plugin_data *p = p_d;
+ 
+       handler_ctx *hctx = con->plugin_ctx[p->id];
+-      fcgi_proc *proc;
+       fcgi_extension_host *host;
+ 
+       if (NULL == hctx) return HANDLER_GO_ON;
+@@ -3201,7 +3200,6 @@
+       /* ok, create the request */
+       switch(fcgi_write_request(srv, hctx)) {
+       case HANDLER_ERROR:
+-              proc = hctx->proc;
+               host = hctx->host;
+ 
+               if (hctx->state == FCGI_STATE_INIT ||
+Index: src/network_solaris_sendfilev.c
+===================================================================
+--- src/network_solaris_sendfilev.c    (.../tags/lighttpd-1.4.29)
++++ src/network_solaris_sendfilev.c    (.../branches/lighttpd-1.4.x)
+@@ -38,17 +38,16 @@
+  */
+ 
+ 
+-int network_write_chunkqueue_solarissendfilev(server *srv, connection *con, int fd, chunkqueue *cq) {
++int network_write_chunkqueue_solarissendfilev(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes) {
+       chunk *c;
+-      size_t chunks_written = 0;
+ 
+-      for(c = cq->first; c; c = c->next, chunks_written++) {
++      for(c = cq->first; (max_bytes > 0) && (NULL != c); c = c->next) {
+               int chunk_finished = 0;
+ 
+               switch(c->type) {
+               case MEM_CHUNK: {
+                       char * offset;
+-                      size_t toSend;
++                      off_t toSend;
+                       ssize_t r;
+ 
+                       size_t num_chunks, i;
+@@ -77,9 +76,9 @@
+                                       chunks[i].iov_base = offset;
+ 
+                                       /* protect the return value of writev() */
+-                                      if (toSend > SSIZE_MAX ||
+-                                          num_bytes + toSend > SSIZE_MAX) {
+-                                              chunks[i].iov_len = SSIZE_MAX - num_bytes;
++                                      if (toSend > max_bytes ||
++                                          (off_t) num_bytes + toSend > max_bytes) {
++                                              chunks[i].iov_len = max_bytes - num_bytes;
+ 
+                                               num_chunks = i + 1;
+                                               break;
+@@ -119,11 +118,10 @@
+ 
+                                       if (chunk_finished) {
+                                               /* skip the chunks from further touches */
+-                                              chunks_written++;
+                                               c = c->next;
+                                       } else {
+                                               /* chunks_written + c = c->next is done in the for()*/
+-                                              chunk_finished++;
++                                              chunk_finished = 1;
+                                       }
+                               } else {
+                                       /* partially written */
+@@ -139,8 +137,8 @@
+               }
+               case FILE_CHUNK: {
+                       ssize_t r;
+-                      off_t offset;
+-                      size_t toSend, written;
++                      off_t offset, toSend;
++                      size_t written;
+                       sendfilevec_t fvec;
+                       stat_cache_entry *sce = NULL;
+                       int ifd;
+@@ -153,6 +151,7 @@
+ 
+                       offset = c->file.start + c->offset;
+                       toSend = c->file.length - c->offset;
++                      if (toSend > max_bytes) toSend = max_bytes;
+ 
+                       if (offset > sce->st.st_size) {
+                               log_error_write(srv, __FILE__, __LINE__, "sb", "file was shrinked:", c->file.name);
+@@ -186,6 +185,7 @@
+                       close(ifd);
+                       c->offset += written;
+                       cq->bytes_out += written;
++                      max_bytes -= written;
+ 
+                       if (c->offset == c->file.length) {
+                               chunk_finished = 1;
+@@ -207,7 +207,7 @@
+               }
+       }

  
  

- my $tf = LightyTest->new();
-@@ -215,7 +215,7 @@
+-      return chunks_written;
++      return 0;

  }
  
  }
  

- SKIP: {
--      skip "no fcgi-auth found", 4 unless -x $tf->{BASEDIR}."/tests/fcgi-auth" || -x $tf->{BASEDIR}."/tests/fcgi-auth.exe"; 
-+      skip "no fcgi-auth found", 5 unless -x $tf->{BASEDIR}."/tests/fcgi-auth" || -x $tf->{BASEDIR}."/tests/fcgi-auth.exe"; 
- 
-       $tf->{CONFIGFILE} = 'fastcgi-auth.conf';
-       ok($tf->start_proc == 0, "Starting lighttpd with $tf->{CONFIGFILE}") or die();
-@@ -235,6 +235,14 @@
-       $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 403 } ];
-       ok($tf->handle_http($t) == 0, 'FastCGI - Auth');
+ #endif
+Index: src/CMakeLists.txt
+===================================================================
+Index: src/mod_dirlisting.c
+===================================================================
+--- src/mod_dirlisting.c       (.../tags/lighttpd-1.4.29)
++++ src/mod_dirlisting.c       (.../branches/lighttpd-1.4.x)
+@@ -657,7 +657,8 @@
+       i = dir->used - 1;
+ 
+ #ifdef HAVE_PATHCONF
+-      if (-1 == (name_max = pathconf(dir->ptr, _PC_NAME_MAX))) {
++      if (0 >= (name_max = pathconf(dir->ptr, _PC_NAME_MAX))) {
++              /* some broken fs (fuse) return 0 instead of -1 */
+ #ifdef NAME_MAX
+               name_max = NAME_MAX;
+ #else
+Index: src/network_linux_sendfile.c
+===================================================================
+--- src/network_linux_sendfile.c       (.../tags/lighttpd-1.4.29)
++++ src/network_linux_sendfile.c       (.../branches/lighttpd-1.4.x)
+@@ -27,17 +27,16 @@
+ /* on linux 2.4.29 + debian/ubuntu we have crashes if this is enabled */
+ #undef HAVE_POSIX_FADVISE
+ 
+-int network_write_chunkqueue_linuxsendfile(server *srv, connection *con, int fd, chunkqueue *cq) {
++int network_write_chunkqueue_linuxsendfile(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes) {
+       chunk *c;
+-      size_t chunks_written = 0;
+ 
+-      for(c = cq->first; c; c = c->next, chunks_written++) {
++      for(c = cq->first; (max_bytes > 0) && (NULL != c); c = c->next) {
+               int chunk_finished = 0;
+ 
+               switch(c->type) {
+               case MEM_CHUNK: {
+                       char * offset;
+-                      size_t toSend;
++                      off_t toSend;
+                       ssize_t r;
+ 
+                       size_t num_chunks, i;
+@@ -45,12 +44,10 @@
+                       chunk *tc;
+                       size_t num_bytes = 0;
+ 
+-                      /* we can't send more then SSIZE_MAX bytes in one chunk */
+-
+                       /* build writev list
+                        *
+                        * 1. limit: num_chunks < UIO_MAXIOV
+-                       * 2. limit: num_bytes < SSIZE_MAX
++                       * 2. limit: num_bytes < max_bytes
+                        */
+                       for (num_chunks = 0, tc = c;
+                            tc && tc->type == MEM_CHUNK && num_chunks < UIO_MAXIOV;
+@@ -67,9 +64,9 @@
+                                       chunks[i].iov_base = offset;
+ 
+                                       /* protect the return value of writev() */
+-                                      if (toSend > SSIZE_MAX ||
+-                                          num_bytes + toSend > SSIZE_MAX) {
+-                                              chunks[i].iov_len = SSIZE_MAX - num_bytes;
++                                      if (toSend > max_bytes ||
++                                          (off_t) num_bytes + toSend > max_bytes) {
++                                              chunks[i].iov_len = max_bytes - num_bytes;
+ 
+                                               num_chunks = i + 1;
+                                               break;
+@@ -100,6 +97,7 @@
+ 
+                       /* check which chunks have been written */
+                       cq->bytes_out += r;
++                      max_bytes -= r;
+ 
+                       for(i = 0, tc = c; i < num_chunks; i++, tc = tc->next) {
+                               if (r >= (ssize_t)chunks[i].iov_len) {
+@@ -109,11 +107,10 @@
+ 
+                                       if (chunk_finished) {
+                                               /* skip the chunks from further touches */
+-                                              chunks_written++;
+                                               c = c->next;
+                                       } else {
+                                               /* chunks_written + c = c->next is done in the for()*/
+-                                              chunk_finished++;
++                                              chunk_finished = 1;
+                                       }
+                               } else {
+                                       /* partially written */
+@@ -130,13 +127,12 @@
+               case FILE_CHUNK: {
+                       ssize_t r;
+                       off_t offset;
+-                      size_t toSend;
++                      off_t toSend;
+                       stat_cache_entry *sce = NULL;
+ 
+                       offset = c->file.start + c->offset;
+-                      /* limit the toSend to 2^31-1 bytes in a chunk */
+-                      toSend = c->file.length - c->offset > ((1 << 30) - 1) ?
+-                              ((1 << 30) - 1) : c->file.length - c->offset;
++                      toSend = c->file.length - c->offset;
++                      if (toSend > max_bytes) toSend = max_bytes;
+ 
+                       /* open file if not already opened */
+                       if (-1 == c->file.fd) {
+@@ -215,6 +211,7 @@
+ 
+                       c->offset += r;
+                       cq->bytes_out += r;
++                      max_bytes -= r;
+ 
+                       if (c->offset == c->file.length) {
+                               chunk_finished = 1;
+@@ -243,7 +240,7 @@
+               }
+       }

  
  

-+      $t->{REQUEST}  = ( <<EOF
-+GET /expire/access.txt?ok HTTP/1.0
-+Host: www.example.org
-+EOF
-+ );
-+      $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
-+      ok($tf->handle_http($t) == 0, 'FastCGI - Auth in subdirectory');
-+
-       ok($tf->stop_proc == 0, "Stopping lighttpd");
+-      return chunks_written;
++      return 0;

  }
  
  }
  

-Index: tests/mod-rewrite.t
+ #endif
+Index: tests/mod-auth.t

 ===================================================================
 ===================================================================

---- tests/mod-rewrite.t        (.../tags/lighttpd-1.4.20)      (revision 2392)
-+++ tests/mod-rewrite.t        (.../branches/lighttpd-1.4.x)   (revision 2392)
+--- tests/mod-auth.t   (.../tags/lighttpd-1.4.29)
++++ tests/mod-auth.t   (.../branches/lighttpd-1.4.x)

 @@ -8,7 +8,7 @@
  
  use strict;
  use IO::Socket;
 @@ -8,7 +8,7 @@
  
  use strict;
  use IO::Socket;

--use Test::More tests => 8;
-+use Test::More tests => 7;
+-use Test::More tests => 14;
++use Test::More tests => 15;

  use LightyTest;
  
  my $tf = LightyTest->new();
  use LightyTest;
  
  my $tf = LightyTest->new();

-@@ -35,7 +35,7 @@
-  );
-       $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200, 'HTTP-Content' => '' } ];
-       ok($tf->handle_http($t) == 0, 'valid request');
--
-+    
-       $t->{REQUEST}  = ( <<EOF
- GET /rewrite/foo?a=b HTTP/1.0
- Host: www.example.org
-@@ -52,14 +52,6 @@
-       $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200, 'HTTP-Content' => 'bar&a=b' } ];
-       ok($tf->handle_http($t) == 0, 'valid request');
- 
--      $t->{REQUEST}  = ( <<EOF
--GET %2Frewrite/f%6Fo?a=b HTTP/1.0
--Host: www.example.org
--EOF
-- );
--      $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200, 'HTTP-Content' => 'a=b' } ];
--      ok($tf->handle_http($t) == 0, 'valid request with url encoded characters');
--
-       ok($tf->stop_proc == 0, "Stopping lighttpd");
- }
+@@ -25,6 +25,14 @@

  
  

-Index: tests/lighttpd.conf
-===================================================================
---- tests/lighttpd.conf        (.../tags/lighttpd-1.4.20)      (revision 2392)
-+++ tests/lighttpd.conf        (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -217,4 +217,5 @@
- 
- $HTTP["host"] == "etag.example.org" {
-     static-file.etags = "disable"
-+    compress.filetype = ()
- }
-Index: tests/fastcgi-auth.conf
-===================================================================
---- tests/fastcgi-auth.conf    (.../tags/lighttpd-1.4.20)      (revision 2392)
-+++ tests/fastcgi-auth.conf    (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -89,6 +89,7 @@
-                                   "bin-path" => env.SRCDIR + "/fcgi-auth",
-                                     "mode" => "authorizer",
-                                     "docroot" => env.SRCDIR + "/tmp/lighttpd/servers/www.example.org/pages/",
-+                                    "check-local" => "disable",
- 
-                                 )
-                               )
-Index: tests/proxy.conf
-===================================================================
---- tests/proxy.conf   (.../tags/lighttpd-1.4.20)      (revision 2392)
-+++ tests/proxy.conf   (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -122,7 +122,8 @@
- url.redirect                = ( "^/redirect/$" => "http://localhost:2048/" )
- 
- url.rewrite               = ( "^/rewrite/foo($|\?.+)" => "/indexfile/rewrite.php$1",
--                              "^/rewrite/bar(?:$|\?(.+))" => "/indexfile/rewrite.php?bar&$1" )
-+                              "^/rewrite/bar(?:$|\?(.+))" => "/indexfile/rewrite.php?bar&$1",
-+                              "^/rewrite/all(/.*)$" => "/indexfile/rewrite.php?$1" )
- 
- expire.url                  = ( "/expire/access" => "access 2 hours",
-                               "/expire/modification" => "access plus 1 seconds 2 minutes")
-Index: tests/Makefile.am
-===================================================================
---- tests/Makefile.am  (.../tags/lighttpd-1.4.20)      (revision 2392)
-+++ tests/Makefile.am  (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -38,6 +38,7 @@
-       mod-auth.t \
-       mod-cgi.t \
-       mod-compress.t \
-+      mod-compress.conf \
-       mod-fastcgi.t \
-       mod-redirect.t \
-       mod-rewrite.t \
-Index: tests/mod-compress.t
+ $t->{REQUEST}  = ( <<EOF
+ GET /server-status HTTP/1.0
++Authorization: Basic \x80mFuOmphb
++EOF
++ );
++$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ];
++ok($tf->handle_http($t) == 0, 'Basic-Auth: Invalid base64 Auth-token');
++
++$t->{REQUEST}  = ( <<EOF
++GET /server-status HTTP/1.0
+ Authorization: Basic amFuOmphb
+ EOF
+  );
+Index: tests/request.t

 ===================================================================
 ===================================================================

---- tests/mod-compress.t       (.../tags/lighttpd-1.4.20)      (revision 2392)
-+++ tests/mod-compress.t       (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -8,12 +8,14 @@
+--- tests/request.t    (.../tags/lighttpd-1.4.29)
++++ tests/request.t    (.../branches/lighttpd-1.4.x)
+@@ -8,7 +8,7 @@

  
  use strict;
  use IO::Socket;
  
  use strict;
  use IO::Socket;

--use Test::More tests => 10;
-+use Test::More tests => 11;
+-use Test::More tests => 44;
++use Test::More tests => 46;

  use LightyTest;
  
  my $tf = LightyTest->new();
  use LightyTest;
  
  my $tf = LightyTest->new();

- my $t;
+@@ -413,5 +413,21 @@
+ $t->{SLOWREQUEST} = 1;
+ ok($tf->handle_http($t) == 0, 'GET, slow \\r\\n\\r\\n (#2105)');

  
  

-+$tf->{CONFIGFILE} = 'mod-compress.conf';
++print "\nPathinfo for static files\n";
++$t->{REQUEST}  = ( <<EOF
++GET /image.jpg/index.php HTTP/1.0
++EOF
++ );
++$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200, 'Content-Type' => 'image/jpeg' } ];
++ok($tf->handle_http($t) == 0, 'static file accepting pathinfo by default');

 +
 +

- ok($tf->start_proc == 0, "Starting lighttpd") or die();
- 
- $t->{REQUEST}  = ( <<EOF
-@@ -88,5 +90,14 @@
- $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200, '+Vary' => '', 'Content-Type' => "text/plain" } ];
- ok($tf->handle_http($t) == 0, 'Empty Accept-Encoding');
- 

 +$t->{REQUEST}  = ( <<EOF
 +$t->{REQUEST}  = ( <<EOF

-+GET /index.txt HTTP/1.0
-+Accept-Encoding: bzip2, gzip, deflate
-+Host: cache.example.org
++GET /image.jpg/index.php HTTP/1.0
++Host: zzz.example.org

 +EOF
 + );
 +EOF
 + );

-+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200, '+Vary' => '', 'Content-Encoding' => 'gzip', 'Content-Type' => "text/plain" } ];
-+ok($tf->handle_http($t) == 0, 'bzip2 requested but disabled');
- 
++$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 403 } ];
++ok($tf->handle_http($t) == 0, 'static file with forbidden pathinfo');

 +
  ok($tf->stop_proc == 0, "Stopping lighttpd");
 +
  ok($tf->stop_proc == 0, "Stopping lighttpd");

-Index: doc/redirect.txt
+ 
+Index: tests/wrapper.sh

 ===================================================================
 ===================================================================

---- doc/redirect.txt   (.../tags/lighttpd-1.4.20)      (revision 2392)
-+++ doc/redirect.txt   (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -39,3 +39,9 @@
-     $HTTP["host"] =~ "^www\.(.*)" {
-       url.redirect = ( "^/(.*)" => "http://%1/$1" )
-     }
-+
-+Warning
-+=======
-+
-+Do NOT use mod_redirect to protect specific urls, as the original url passed from the client
-+is matched against your rules, for example strings like "/abc/../xyz%2f/path".
-Index: doc/compress.txt
+--- tests/wrapper.sh   (.../tags/lighttpd-1.4.29)
++++ tests/wrapper.sh   (.../branches/lighttpd-1.4.x)
+@@ -6,4 +6,4 @@
+ top_builddir=$2
+ export SHELL srcdir top_builddir
+ 
+-$3
++exec $3
+Index: tests/lighttpd.conf

 ===================================================================
 ===================================================================

---- doc/compress.txt   (.../tags/lighttpd-1.4.20)      (revision 2392)
-+++ doc/compress.txt   (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -6,13 +6,7 @@
- Module: mod_compress
- --------------------
- 
--:Author: Jan Kneschke
--:Date: $Date$
--:Revision: $Revision$
- 
--:abstract:
--  a nice, short abstrace about the module
--
- .. meta::
-   :keywords: lighttpd, compress
- 
-@@ -22,16 +16,57 @@
- ===========
- 
- Output compression reduces the network load and can improve the overall
--throughput of the webserver.
-+throughput of the webserver. All major http-clients support compression by
-+announcing it in the Accept-Encoding header. This is used to negotiate the
-+most suitable compression method. We support deflate, gzip and bzip2.
- 
--Only static content is supported up to now.
-+deflate (RFC1950, RFC1951) and gzip (RFC1952) depend on zlib while bzip2
-+depends on libbzip2. bzip2 is only supported by lynx and some other console
-+text-browsers.
- 
--The server negotiates automaticly which compression method is used.
--Supported are gzip, deflate, bzip.
-+We currently limit to compression support to static files.
- 
-+Caching
-+-------
-+
-+mod_compress can store compressed files on disk to optimize the compression
-+on a second request away. As soon as compress.cache-dir is set the files are
-+compressed.
-+
-+(You will need to create the cache directory if it doesn't already exist. The web server will not do this for you.  The directory will also need the proper ownership.  For Debian/Ubuntu the user and group ids should both be www-data.)
-+
-+The names of the cache files are made of the filename, the compression method
-+and the etag associated to the file.
-+
-+Cleaning the cache is left to the user. A cron job deleting files older than
-+10 days could do it: ::
-+
-+  find /var/www/cache -type f -mtime +10 | xargs -r rm
-+
-+Limitations
-+-----------
-+
-+The module limits the compression of files to files smaller than 128 MByte and
-+larger than 128 Byte.
-+
-+The lower limit is set as small files tend to become larger by compressing due
-+to the compression headers, the upper limit is set to work sensibly with
-+memory and cpu-time.
-+
-+Directories containing a tilde ('~') are not created automatically (See ticket
-+#113). To enable compression for user dirs you have to create the directories
-+by hand in the cache directory.
-+
- Options
- =======
- 
-+compress.allowed-encodings
-+  override default set of allowed encodings
-+
-+  e.g.: ::
-+
-+    compress.allowed-encodings = ("bzip2", "gzip", "deflate")
-+
- compress.cache-dir
-   name of the directory where compressed content will be cached
- 
-@@ -47,20 +82,111 @@
-   Default: not set, compress the file for every request
- 
- compress.filetype
--  mimetypes where might get compressed
-+  mimetypes which might get compressed
- 
-   e.g.: ::
- 
-     compress.filetype           = ("text/plain", "text/html")
- 
-+  Keep in mind that compressed JavaScript and CSS files are broken in some
-+  browsers. Not setting any filetypes will result in no files being compressed.
-+
-+  NOTE: You have to specify the full mime-type! If you also define a charset, for example, you have to use "text/plain; charset=utf-8" instead of just "text/plain".
-+
-   Default: not set
- 
-+compress.max-filesize
-+  maximum size of the original file to be compressed kBytes.
- 
-+  This is meant to protect the server against DoSing as compressing large
-+  (let's say 1Gbyte) takes a lot of time and would delay the whole operation
-+  of the server.
-+
-+  There is a hard upper limit of 128Mbyte.
-+
-+  Default: unlimited (== hard-limit of 128MByte)
-+
-+Display compressed files
-+========================
-+
-+If you enable mod_compress, and you want to force clients to uncompress and display compressed text files, please force mimetype to nothing.
-+Exemple :
-+If you want to add headers for uncompress and display diff.gz files , add this section in your conf : ::
-+
-+  $HTTP["url"] =~ "\.diff\.gz" {
-+    setenv.add-response-header = ( "Content-Encoding" => "gzip" )
-+    mimetype.assign = ()
-+  }
-+
-+
- Compressing Dynamic Content
- ===========================
- 
-+PHP
-+---
-+
- To compress dynamic content with PHP please enable ::
- 
-   zlib.output_compression = 1
-+  zlib.output_handler = On
+--- tests/lighttpd.conf        (.../tags/lighttpd-1.4.29)
++++ tests/lighttpd.conf        (.../branches/lighttpd-1.4.x)
+@@ -149,6 +149,7 @@
+ $HTTP["host"] == "zzz.example.org" {
+   server.document-root = env.SRCDIR + "/tmp/lighttpd/servers/www.example.org/pages/"
+   server.name = "zzz.example.org"
++  static-file.disable-pathinfo = "enable"
+ }

  
  

- in the php.ini as PHP provides compression support by itself.
-+
-+mod_compress of lighttpd 1.5 r1992 may not set correct Content-Encoding with php-fcgi. A solution to that problem would be:
-+
-+1.disable mod_compress when request a php file::
-+
-+    $HTTP["url"] !~ "\.php$" {
-+      compress.filetype = ("text/plain", "text/html", "text/javascript", "text/css", "text/xml")
-+    }
-+
-+2.enable mod_setenv of your lighttpd::
-+
-+    server.modules  += ( "mod_setenv" )
-+
-+3.manually set Content-Encoding::
-+
-+    $HTTP["url"] =~ "\.php$" {
-+      setenv.add-response-header  = ( "Content-Encoding" => "gzip")
-+    }
-+
-+
-+TurboGears
-+----------
-+
-+To compress dynamic content with TurboGears please enable ::
-+
-+  [/]
-+  gzip_filter.on = True
-+  gzip_filter.mime_types = ["application/x-javascript", "text/javascript", "text/html", "text/css", "text/plain"]
-+
-+in the config/app.cfg file in your TurboGears application.  The above lines should already be in the file.  You just need to remove the comment symbol in front of the lines to make them active.
-+
-+Django
-+------
-+
-+To compress dynamic content with Django please enable the GZipMiddleware ::
-+
-+  MIDDLEWARE_CLASSES = (
-+      'django.middleware.gzip.GZipMiddleware',
-+      ...
-+  )
-+
-+in the settings.py file in your Django project.
-+
-+Catalyst
-+--------
-+
-+To compress dynamic content with Perl/Catalyst, simply use the Catalyst::Plugin::Compress::Gzip module available on CPAN ::
-+
-+  use Catalyst qw(
-+      Compress::Gzip
-+      ...
-+  );
-+
-+in your main package (MyApp.pm). Further configuration is not required.
-+
-+}}}
-+
-+
-+
-Index: doc/configuration.txt
+ $HTTP["host"] == "symlink.example.org" {
+Index: configure.ac

 ===================================================================
 ===================================================================

---- doc/configuration.txt      (.../tags/lighttpd-1.4.20)      (revision 2392)
-+++ doc/configuration.txt      (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -90,13 +90,21 @@
- $HTTP["host"]
-   match on host
- $HTTP["useragent"]
-+$HTTP["user-agent"]
-   match on useragent
- $HTTP["referer"]
-   match on referer
-+$HTTP["method"]
-+  math on the http method
- $HTTP["url"]
-   match on url
-+$HTTP["query-string"]
-+  match on the (not decoded) query-string
- $HTTP["remoteip"]
-+$HTTP["remote-ip"]
-   match on the remote IP or a remote Network
-+$HTTP["language"]
-+  match on the Accept-Language header
- $SERVER["socket"]
-   match on socket. Value must be on the format "ip:port" where ip is an IP
-   address and port a port number. Only equal match (==) is supported.
-Index: doc/rewrite.txt
+Index: doc/config/lighttpd.conf

 ===================================================================
 ===================================================================

---- doc/rewrite.txt    (.../tags/lighttpd-1.4.20)      (revision 2392)
-+++ doc/rewrite.txt    (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -43,6 +43,12 @@
- The options ``url.rewrite`` and ``url.rewrite-final`` were mapped to ``url.rewrite-once``
- in 1.3.16.
- 
-+Warning
-+=======
-+
-+Do NOT use mod_rewrite to protect specific urls, as the original url passed from the client
-+is matched against your rules, for example strings like "/abc/../xyz%2f/path".
-+
- Examples
- ========
- 
+--- doc/config/lighttpd.conf   (.../tags/lighttpd-1.4.29)
++++ doc/config/lighttpd.conf   (.../branches/lighttpd-1.4.x)
+@@ -394,6 +394,25 @@
+ ##   $SERVER["socket"] == "10.0.0.1:443" {
+ ##     ssl.engine                  = "enable"
+ ##     ssl.pemfile                 = "/etc/ssl/private/www.example.com.pem"
++##     #
++##     # Mitigate BEAST attack:
++##     #
++##     # A stricter base cipher suite. For details see:
++##     # http://blog.ivanristic.com/2011/10/mitigating-the-beast-attack-on-tls.html
++##     #
++##     ssl.ciphers                 = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
++##     #
++##     # Make the server prefer the order of the server side cipher suite instead of the client suite.
++##     # This is necessary to mitigate the BEAST attack (unless you disable all non RC4 algorithms).
++##     # This option is enabled by default, but only used if ssl.ciphers is set.
++##     #
++##     # ssl.honor-cipher-order = "enable"
++##     #
++##     # Mitigate CVE-2009-3555 by disabling client triggered renegotation
++##     # This is enabled by default.
++##     #
++##     # ssl.disable-client-renegotiation = "enable"
++##     #
+ ##     server.name                 = "www.example.com"
+ ##
+ ##     server.document-root        = "/srv/www/vhosts/example.com/www/"

 Index: SConstruct
 ===================================================================
 Index: SConstruct
 ===================================================================

---- SConstruct (.../tags/lighttpd-1.4.20)      (revision 2392)
-+++ SConstruct (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -5,7 +5,7 @@
- from stat import *
- 
- package = 'lighttpd'
--version = '1.4.20'
-+version = '1.4.21'
- 
- def checkCHeaders(autoconf, hdrs):
-       p = re.compile('[^A-Z0-9]')
-Index: Makefile.am
-===================================================================
---- Makefile.am        (.../tags/lighttpd-1.4.20)      (revision 2392)
-+++ Makefile.am        (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -1,4 +1,4 @@
--SUBDIRS=src doc tests cygwin openwrt
-+SUBDIRS=src doc tests
- 
- EXTRA_DIST=autogen.sh SConstruct
- 

 Index: NEWS
 ===================================================================
 Index: NEWS
 ===================================================================

---- NEWS       (.../tags/lighttpd-1.4.20)      (revision 2392)
-+++ NEWS       (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -3,8 +3,44 @@
+--- NEWS       (.../tags/lighttpd-1.4.29)
++++ NEWS       (.../branches/lighttpd-1.4.x)
+@@ -3,7 +3,20 @@

  NEWS
  ====
  
  NEWS
  ====
  

--- 1.4.20 -
-+- 1.4.21 -
- 
-+  * Fix base64 decoding in mod_auth (#1757, thx guido)
-+  * Fix mod_cgi segfault when bound to unix domain socket (#653)
-+  * Do not rely on ioctl FIONREAD (#673)
-+  * Now really fix mod auth ldap (#1066)
-+  * Fix leaving zombie process with include_shell (#1777)
-+  * Removed debian/, openwrt/ and cygwin/; they weren't kept up-to-date, and we decided to remove dist. specific stuff
-+  * Try to convert string options to shorts for numeric options in config file; allows to use env-vars for numeric options. (#1159, thx andrewb)
-+  * Do not cache default vhost in mod_simple_vhost (#709)
-+  * Trust pcre-config, do not check for pcre manually (#1769)
-+  * Fix fastcgi authorization in subdirectories with check-local=disabled; don't split pathinfo for authorizer. (#963)
-+  * Add possibility to disable methods in mod_compress (#1773)
-+  * Fix duplicate connection keep-alive/transfer-encoding headers (#960)
-+  * Fixed fix for round-robin in mod_proxy (forgot to increment the index) (#1715)
-+  * Fix fastcgi-authorizer handling; Status: 200 is now accepted as the doc requests
-+  * Compare address family in inet_ntop_cache
-+  * Revert CVE-2008-4359 (#1720) fix "encoding+simplifying urls for rewrite/redirect": too many regressions.
-+  * Use FD_CLOEXEC if possible (fixes #1821)
-+  * Optimized buffer usage in mod_proxy (fixes #1850)
-+  * Fix uninitialized value in time struct after strptime
-+  * Do not pass Proxy-Connection: header from client to backend http server in mod_proxy (#1877)
-+  * Fix wrong malloc sizes in mod_accesslog (probably nothing bad happened...) (fixes #1855, thx ycheng)
-+  * Some small buffer.c fixes (closes #1837)
-+  * Remove floating point math from server.c (fixes #1402)
-+  * Disable SSLv2 by default
-+  * Use/enforce sane max-connection values (fixes #1803)
-+  * Allow mod_compress to return 304 (Not Modified); compress ignores the static-file.etags option.(fixes #1884)
-+  * Add option to ignore the "Expect: 100-continue" header instead of returning 417 Expectation failed (closes #1017)
-+  * Use modified etags in mod_compress (fixes #1800)
-+  * Fix max-connection limit handling/100% cpu usage (fixes #1436)
-+  * Fix error handling in freebsd-sendfile (fixes #1813)
-+  * Silenced the annoying "request timed out" warning, enable with the "debug.log-timeouts" option (fixes #1529)
-+  * Allow tabs in header values (fixes #1822)
-+  * Added Language conditional (fixes #1119); patch by petar
-+
-+- 1.4.20 - 2008-09-30
-+
-   * Fix mod_compress to compile with old gcc version (#1592)
-   * Fix mod_extforward to compile with old gcc version (#1591)
-   * Update documentation for #1587
-@@ -49,10 +85,10 @@
-   * allow digits in [s]cgi env vars (#1712)
-   * fixed dropping last character of evhost pattern (#161)
-   * print helpful error message on conditionals in global block (#1550)
--  * decode url before matching in mod_rewrite (#1720)
-+  * decode url before matching in mod_rewrite (#1720) -- (reverted for 1.4.21)
-   * fixed conditional patching of ldap filter (#1564)
--  * Match headers case insensitive in response (removing of X-{Sendfile,LIGHTTPD-*}, catching Date/Server)
--  * fixed bug with case-insensitive filenames in mod_userdir (#1589), spotted by "anders1"
-+  * Match headers case insensitive in response (removing of X-{Sendfile,LIGHTTPD-*}, catching Date/Server) [2281]
-+  * fixed bug with case-insensitive filenames in mod_userdir (#1589), spotted by "anders1" (CVE-2008-4360)
-   * fixed format string bugs in mod_accesslog for SYSLOG
-   * replaced fprintf with log_error_write in fastcgi debug
-   * fixed mem leak in ssi expression parser (#1753), thx Take5k
-@@ -62,9 +98,9 @@
-   * fix splitting of auth-ldap filter
-   * workaround ldap connection leak if a ldap connection failed (restarting ldap)
-   * fix auth.backend.ldap.bind-dn/pw problems (only read from global context for temporary ldap reconnects, thx ruskie)
--  * fix memleak in request header parsing (#1774, thx qhy)
-+  * fix memleak in request header parsing (#1774, thx qhy) (CVE-2008-4298)
-   * fix mod_rewrite memleak/endless loop detection (#1775, thx phy - again!)
--  * use decoded url for matching in mod_redirect (#1720)
-+  * use decoded url for matching in mod_redirect (#1720) (CVE-2008-4359) -- (reverted for 1.4.21)
- 
- - 1.4.19 - 2008-03-10
- 
+-- 1.4.29 -
++- 1.4.30 -
++  * Always use our 'own' md5 implementation, fixes linking issues on MacOS (fixes #2331)
++  * Limit amount of bytes we send in one go; fixes stalling in one connection and timeouts on slow systems.
++  * [ssl] fix build errors when Elliptic-Curve Diffie-Hellman is disabled
++  * Add static-file.disable-pathinfo option to prevent handling of urls like .../secret.php/image.jpg as static file
++  * Don't overwrite 401 (auth required) with 501 (unknown method) (fixes #2341)
++  * Fix mod_status bug: always showed "0/0" in the "Read" column for uploads (fixes #2351)
++  * [mod_auth] Fix signedness error in http_auth (fixes #2370, CVE-2011-4362)
++  * [ssl] count renegotiations to prevent client renegotiations
++  * [ssl] add option to honor server cipher order (fixes #2364, BEAST attack)
++  * [core] accept dots in ipv6 addresses in host header (fixes #2359)
++  * [ssl] fix ssl connection aborts if files are larger than the MAX_WRITE_LIMIT (256kb)
++
++- 1.4.29 - 2011-07-03
+   * Fix mod_proxy waiting for response even if content-length is 0 (fixes #2259)
+   * Silence annoying "connection closed: poll() -> ERR" error.log message (fixes #2257)
+   * mod_cgi: make read buffer as big as incoming data block

 Index: CMakeLists.txt
 ===================================================================
 Index: CMakeLists.txt
 ===================================================================

---- CMakeLists.txt     (.../tags/lighttpd-1.4.20)      (revision 0)
-+++ CMakeLists.txt     (.../branches/lighttpd-1.4.x)   (revision 2392)
-@@ -0,0 +1,27 @@
-+PROJECT(lighttpd C)
-+
-+CMAKE_MINIMUM_REQUIRED(VERSION 2.4.0 FATAL_ERROR)
-+
-+SET(CMAKE_MODULE_PATH ${CMAKE_SOURCE_DIR}/cmake)
-+
-+INCLUDE(CTest)
-+
-+ENABLE_TESTING()
-+
-+SET(CPACK_PACKAGE_VERSION_MAJOR 1)
-+SET(CPACK_PACKAGE_VERSION_MINOR 4)
-+SET(CPACK_PACKAGE_VERSION_PATCH 21)
-+SET(CPACK_PACKAGE_VERSION "${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSION_MINOR}.${CPACK_PACKAGE_VERSION_PATCH}")
-+
-+SET(CPACK_RESOURCE_FILE_LICENSE "${CMAKE_SOURCE_DIR}/COPYING")
-+SET(CPACK_RESOURCE_FILE_README "${CMAKE_SOURCE_DIR}/README")
-+SET(CPACK_PACKAGE_VENDOR "jan@kneschke.de")
-+
-+SET(CPACK_SOURCE_GENERATOR "TGZ")
-+SET(CPACK_SOURCE_IGNORE_FILES "/\\\\.;~$;/_;build/;CMakeFiles/;CMakeCache;gz$;Makefile\\\\.;trace;Testing/;foo;autom4te;cmake_install;CPack;\\\\.pem;ltmain.sh;configure;libtool;/config\\\\.;missing;autogen.sh;install-sh;Dart;aclocal;log$;Makefile$")
-+
-+SET(CPACK_SOURCE_PACKAGE_FILE_NAME "${CMAKE_PROJECT_NAME}-${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSION_MINOR}.${CPACK_PACKAGE_VERSION_PATCH}")
-+
-+ADD_SUBDIRECTORY(src build)
-+#ADD_SUBDIRECTORY(doc)
-+ADD_SUBDIRECTORY(tests)
-
-Property changes on: .
-___________________________________________________________________
-Modified: bzr:revision-info
-   - timestamp: 2008-09-23 21:04:22.819999933 +0200
-committer: Stefan Bühler <stbuehler@web.de>
-properties: 
-       branch-nick: lighttpd-1.4.x
-
-   + timestamp: 2009-02-05 23:27:05.799999952 +0100
-committer: Stefan Bühler <stbuehler@web.de>
-properties: 
-       branch-nick: lighttpd-1.4.x
-
-Modified: bzr:revision-id:v3-trunk0
-   - 1127 stbuehler@web.de-20080728081644-j4cxnhduw8kbt8um
-1128 stbuehler@web.de-20080728084246-axvxdtjsrratxixs
-1129 stbuehler@web.de-20080729211700-s8v6nq2cu06qesls
-1130 stbuehler@web.de-20080729211726-4yxb6e5dva1cn0lz
-1131 stbuehler@web.de-20080729211750-4ulzigswx17uciyu
-1132 stbuehler@web.de-20080729211850-nliz3kd0m576ztuu
-1133 stbuehler@web.de-20080730163440-dg2y2sbf0u4grmn4
-1134 stbuehler@web.de-20080730173952-kiutzg6geqy7mick
-1135 stbuehler@web.de-20080730193616-9kc2ms7rrhv1lkn7
-1136 stbuehler@web.de-20080730211457-z4a6uth1y29glbqh
-1137 stbuehler@web.de-20080730213517-b6sjcrdwbmipl334
-1138 stbuehler@web.de-20080731102617-2xw8unjfqic7lsew
-1139 stbuehler@web.de-20080731102703-q4tu5a6em9y8xdg0
-1140 stbuehler@web.de-20080731102729-l6vn5b05w9swqbg5
-1141 stbuehler@web.de-20080731102756-oj3d4tnk0l90mj77
-1142 stbuehler@web.de-20080731204442-blw14cj2fkr3l8ly
-1143 stbuehler@web.de-20080731204508-imtfnurf922mg7tj
-1144 stbuehler@web.de-20080801112347-girnwswdkwm8wuip
-1145 stbuehler@web.de-20080801161245-kx1temr529o7xko9
-1146 stbuehler@web.de-20080801175332-oc9e7x8edn1owcc0
-1147 stbuehler@web.de-20080801183454-5i66v0gsdv0cgmia
-1148 stbuehler@web.de-20080801192849-6zklfbb832sx0hvr
-1149 stbuehler@web.de-20080801203119-o16elp8w854s6lol
-1150 stbuehler@web.de-20080802162146-a4v57svc788pwdsv
-1151 stbuehler@web.de-20080802162202-9udlc1wuwt09pyh2
-1152 stbuehler@web.de-20080804135803-yuor9ze06px7qta4
-1153 stbuehler@web.de-20080812194728-fupt781o6q058unh
-1154 stbuehler@web.de-20080818162116-piz0ukqsaecv2li2
-1155 stbuehler@web.de-20080818235700-94t0xc6ml70zojwq
-1156 stbuehler@web.de-20080819163650-1qhwsqszr78cr4xx
-1157 stbuehler@web.de-20080819163757-1qq3t1f1wj69t8xs
-1158 stbuehler@web.de-20080819163914-rklhkurg8apv85l2
-1159 stbuehler@web.de-20080819163953-tlqew751e43phf5b
-1160 stbuehler@web.de-20080819164108-8ogh68sm1uyteawe
-1161 stbuehler@web.de-20080819173911-w5bqpb7cp9jmdqye
-1162 stbuehler@web.de-20080819222242-c0ta5gnli9p3j35a
-1163 stbuehler@web.de-20080820100730-g1bwdh4nqb53ag9u
-1164 stbuehler@web.de-20080820100752-9pggugdyfnnps8qu
-1165 stbuehler@web.de-20080820164258-v2j00motsrsc5esp
-1166 stbuehler@web.de-20080827144628-hi9hf4ch3n1wf9ao
-1167 stbuehler@web.de-20080827144903-tfxu4yehlyu5kegc
-1168 stbuehler@web.de-20080827155155-7mt92orehbxkh2lh
-1169 stbuehler@web.de-20080917142048-zbcwpk39q9ewd516
-1170 stbuehler@web.de-20080917142300-16gzt21x4nbjtj87
-1171 stbuehler@web.de-20080919160134-385anjnd3txxdw3x
-1172 stbuehler@web.de-20080920134142-fvvwaw2ys51dg4rj
-1173 stbuehler@web.de-20080921153311-1f7rn01atdilmxmy
-1174 stbuehler@web.de-20080922101346-wel327kjmykkpvmp
-1175 stbuehler@web.de-20080923190422-uow06l38ndue36o4
-
-   + 1127 stbuehler@web.de-20080728081644-j4cxnhduw8kbt8um
-1128 stbuehler@web.de-20080728084246-axvxdtjsrratxixs
-1129 stbuehler@web.de-20080729211700-s8v6nq2cu06qesls
-1130 stbuehler@web.de-20080729211726-4yxb6e5dva1cn0lz
-1131 stbuehler@web.de-20080729211750-4ulzigswx17uciyu
-1132 stbuehler@web.de-20080729211850-nliz3kd0m576ztuu
-1133 stbuehler@web.de-20080730163440-dg2y2sbf0u4grmn4
-1134 stbuehler@web.de-20080730173952-kiutzg6geqy7mick
-1135 stbuehler@web.de-20080730193616-9kc2ms7rrhv1lkn7
-1136 stbuehler@web.de-20080730211457-z4a6uth1y29glbqh
-1137 stbuehler@web.de-20080730213517-b6sjcrdwbmipl334
-1138 stbuehler@web.de-20080731102617-2xw8unjfqic7lsew
-1139 stbuehler@web.de-20080731102703-q4tu5a6em9y8xdg0
-1140 stbuehler@web.de-20080731102729-l6vn5b05w9swqbg5
-1141 stbuehler@web.de-20080731102756-oj3d4tnk0l90mj77
-1142 stbuehler@web.de-20080731204442-blw14cj2fkr3l8ly
-1143 stbuehler@web.de-20080731204508-imtfnurf922mg7tj
-1144 stbuehler@web.de-20080801112347-girnwswdkwm8wuip
-1145 stbuehler@web.de-20080801161245-kx1temr529o7xko9
-1146 stbuehler@web.de-20080801175332-oc9e7x8edn1owcc0
-1147 stbuehler@web.de-20080801183454-5i66v0gsdv0cgmia
-1148 stbuehler@web.de-20080801192849-6zklfbb832sx0hvr
-1149 stbuehler@web.de-20080801203119-o16elp8w854s6lol
-1150 stbuehler@web.de-20080802162146-a4v57svc788pwdsv
-1151 stbuehler@web.de-20080802162202-9udlc1wuwt09pyh2
-1152 stbuehler@web.de-20080804135803-yuor9ze06px7qta4
-1153 stbuehler@web.de-20080812194728-fupt781o6q058unh
-1154 stbuehler@web.de-20080818162116-piz0ukqsaecv2li2
-1155 stbuehler@web.de-20080818235700-94t0xc6ml70zojwq
-1156 stbuehler@web.de-20080819163650-1qhwsqszr78cr4xx
-1157 stbuehler@web.de-20080819163757-1qq3t1f1wj69t8xs
-1158 stbuehler@web.de-20080819163914-rklhkurg8apv85l2
-1159 stbuehler@web.de-20080819163953-tlqew751e43phf5b
-1160 stbuehler@web.de-20080819164108-8ogh68sm1uyteawe
-1161 stbuehler@web.de-20080819173911-w5bqpb7cp9jmdqye
-1162 stbuehler@web.de-20080819222242-c0ta5gnli9p3j35a
-1163 stbuehler@web.de-20080820100730-g1bwdh4nqb53ag9u
-1164 stbuehler@web.de-20080820100752-9pggugdyfnnps8qu
-1165 stbuehler@web.de-20080820164258-v2j00motsrsc5esp
-1166 stbuehler@web.de-20080827144628-hi9hf4ch3n1wf9ao
-1167 stbuehler@web.de-20080827144903-tfxu4yehlyu5kegc
-1168 stbuehler@web.de-20080827155155-7mt92orehbxkh2lh
-1169 stbuehler@web.de-20080917142048-zbcwpk39q9ewd516
-1170 stbuehler@web.de-20080917142300-16gzt21x4nbjtj87
-1171 stbuehler@web.de-20080919160134-385anjnd3txxdw3x
-1172 stbuehler@web.de-20080920134142-fvvwaw2ys51dg4rj
-1173 stbuehler@web.de-20080921153311-1f7rn01atdilmxmy
-1174 stbuehler@web.de-20080922101346-wel327kjmykkpvmp
-1175 stbuehler@web.de-20080923190422-uow06l38ndue36o4
-1176 stbuehler@web.de-20080930112012-53jby2m8xslmd1hm
-1177 stbuehler@web.de-20080930134824-j9q72rwuiczzof5k
-1178 stbuehler@web.de-20080930142037-32pb6m3zjcwryw1w
-1179 stbuehler@web.de-20080930142756-ueovgoshyb996bce
-1180 stbuehler@web.de-20080930152935-1zfy67brol3xdbc0
-1181 stbuehler@web.de-20080930193919-13n2q4c6fbgw0dkx
-1182 stbuehler@web.de-20080930211152-4hmgs95wyg2deol7
-1183 stbuehler@web.de-20081001132402-hxnyu6yzyk3mjf4d
-1184 stbuehler@web.de-20081001155102-qf0mmu2kkpgr7xf0
-1185 stbuehler@web.de-20081001160009-n67ss0vzlac2y60k
-1186 stbuehler@web.de-20081001200802-l5og517etnneitk0
-1188 stbuehler@web.de-20081004160711-ygaohrecmutiqlla
-1189 stbuehler@web.de-20081004211932-vq16u26mthbeed7d
-1191 stbuehler@web.de-20081005224446-1bztt6zqrjh8w8fd
-1192 stbuehler@web.de-20081012114652-ihgz590f0gl5gxpw
-1193 stbuehler@web.de-20081012114716-jnzljhexi4z2gh92
-1195 stbuehler@web.de-20081016120614-kz39vxtz1pebho0o
-1196 stbuehler@web.de-20081016121103-trug4hts0o62d1ut
-1197 stbuehler@web.de-20081016121114-65quosenmso8frf8
-1198 stbuehler@web.de-20081016121421-xjjb7fb53pxu6odj
-1199 stbuehler@web.de-20081205222033-6qok7y19pwp3kxm9
-1200 stbuehler@web.de-20081205222811-49izmzxui0y9ncq6
-1201 stbuehler@web.de-20081205233903-708beaujtf26gprx
-1202 stbuehler@web.de-20081207151631-yv9bdf94zw83jxpv
-1203 stbuehler@web.de-20081207151822-mhyg0gkedmttdqvd
-1204 stbuehler@web.de-20081207151835-1m3yta2fjc4pgb8y
-1205 stbuehler@web.de-20081218221139-w8los43bjbhy9urh
-1206 stbuehler@web.de-20081218222305-5wz7000a62iqa81r
-1208 stbuehler@web.de-20090203201352-ivan8lsb3nkv1go5
-1209 stbuehler@web.de-20090203204231-03zjmk7qiol9yxgq
-1210 stbuehler@web.de-20090203210157-bx1e59fqple5oj3v
-1211 stbuehler@web.de-20090203221006-qd6w80m7lmeqgrjh
-1212 stbuehler@web.de-20090203225303-3dwmialad2u720h8
-1213 stbuehler@web.de-20090204102521-jl3vo2ftp5rsbx9y
-1214 stbuehler@web.de-20090204151616-n56of74dydkqdkgh
-1215 stbuehler@web.de-20090204172956-6wzsv0nm5nxcgfym
-1216 stbuehler@web.de-20090205105134-6i5key9439wspueq
-1217 stbuehler@web.de-20090205114017-0voscqjd5bdm9mwv
-1218 stbuehler@web.de-20090205114442-peekxwpevjl3t7j3
-1219 stbuehler@web.de-20090205215425-vicbc6hzb3at7gj9
-1220 stbuehler@web.de-20090205220741-vqz9l1eui3dwnulq
-1221 stbuehler@web.de-20090205222705-8179v6jkv2x38l70
-
-