From 170f212a0a93f058286a41cb5b9d76c3e5dc17ec Mon Sep 17 00:00:00 2001 From: =?utf8?q?Elan=20Ruusam=C3=A4e?= Date: Mon, 19 Jan 2009 10:06:14 +0000 Subject: [PATCH] - update to 2371: - Fix fastcgi-authorizer handling; Status: 200 is now accepted as the doc requests - Compare address family in inet_ntop_cache - Revert CVE-2008-4359 (#1720) fix "encoding+simplifying urls for rewrite/redirect": too many regressions. - Use FD_CLOEXEC if possible (fixes #1821) - Optimized buffer usage in mod_proxy (fixes #1850) - Fix uninitialized value in time struct after strptime Changed files: lighttpd-branch.diff -> 1.43 --- lighttpd-branch.diff | 1558 ++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 1506 insertions(+), 52 deletions(-) diff --git a/lighttpd-branch.diff b/lighttpd-branch.diff index d585596..deacdb0 100644 --- a/lighttpd-branch.diff +++ b/lighttpd-branch.diff @@ -1,9 +1,57 @@ +Index: cmake/LighttpdMacros.cmake +=================================================================== +--- cmake/LighttpdMacros.cmake (.../tags/lighttpd-1.4.20) (revision 0) ++++ cmake/LighttpdMacros.cmake (.../branches/lighttpd-1.4.x) (revision 2371) +@@ -0,0 +1,43 @@ ++## our modules are without the "lib" prefix ++ ++MACRO(ADD_AND_INSTALL_LIBRARY LIBNAME SRCFILES) ++ IF(BUILD_STATIC) ++ ADD_LIBRARY(${LIBNAME} STATIC ${SRCFILES}) ++ TARGET_LINK_LIBRARIES(lighttpd ${LIBNAME}) ++ ELSE(BUILD_STATIC) ++ ADD_LIBRARY(${LIBNAME} SHARED ${SRCFILES}) ++ SET(L_INSTALL_TARGETS ${L_INSTALL_TARGETS} ${LIBNAME}) ++ ## Windows likes to link it this way back to app! ++ IF(WIN32) ++ SET_TARGET_PROPERTIES(${LIBNAME} PROPERTIES LINK_FLAGS lighttpd.lib) ++ ENDIF(WIN32) ++ ++ IF(APPLE) ++ SET_TARGET_PROPERTIES(${LIBNAME} PROPERTIES LINK_FLAGS "-flat_namespace -undefined suppress") ++ ENDIF(APPLE) ++ ENDIF(BUILD_STATIC) ++ENDMACRO(ADD_AND_INSTALL_LIBRARY) ++ ++MACRO(LEMON_PARSER SRCFILE) ++ GET_FILENAME_COMPONENT(SRCBASE ${SRCFILE} NAME_WE) ++ ADD_CUSTOM_COMMAND(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/${SRCBASE}.c ${CMAKE_CURRENT_BINARY_DIR}/${SRCBASE}.h ++ COMMAND ${CMAKE_BINARY_DIR}/build/lemon ++ ARGS -q ${CMAKE_CURRENT_SOURCE_DIR}/${SRCFILE} ${CMAKE_SOURCE_DIR}/src/lempar.c ++ DEPENDS ${CMAKE_BINARY_DIR}/build/lemon ${CMAKE_CURRENT_SOURCE_DIR}/${SRCFILE} ${CMAKE_SOURCE_DIR}/src/lempar.c ++ COMMENT "Generating ${SRCBASE}.c from ${SRCFILE}" ++) ++ENDMACRO(LEMON_PARSER) ++ ++MACRO(ADD_TARGET_PROPERTIES _target _name) ++ SET(_properties) ++ FOREACH(_prop ${ARGN}) ++ SET(_properties "${_properties} ${_prop}") ++ ENDFOREACH(_prop) ++ GET_TARGET_PROPERTY(_old_properties ${_target} ${_name}) ++ MESSAGE("adding property to ${_target} ${_name}:" ${_properties}) ++ IF(NOT _old_properties) ++ # in case it's NOTFOUND ++ SET(_old_properties) ++ ENDIF(NOT _old_properties) ++ SET_TARGET_PROPERTIES(${_target} PROPERTIES ${_name} "${_old_properties} ${_properties}") ++ENDMACRO(ADD_TARGET_PROPERTIES) Index: configure.in =================================================================== Index: src/configfile-glue.c =================================================================== ---- src/configfile-glue.c (.../tags/lighttpd-1.4.20) (revision 2336) -+++ src/configfile-glue.c (.../branches/lighttpd-1.4.x) (revision 2336) +--- src/configfile-glue.c (.../tags/lighttpd-1.4.20) (revision 2371) ++++ src/configfile-glue.c (.../branches/lighttpd-1.4.x) (revision 2371) @@ -1,4 +1,5 @@ #include +#include @@ -35,8 +83,8 @@ Index: src/configfile-glue.c return -1; Index: src/mod_cgi.c =================================================================== ---- src/mod_cgi.c (.../tags/lighttpd-1.4.20) (revision 2336) -+++ src/mod_cgi.c (.../branches/lighttpd-1.4.x) (revision 2336) +--- src/mod_cgi.c (.../tags/lighttpd-1.4.20) (revision 2371) ++++ src/mod_cgi.c (.../branches/lighttpd-1.4.x) (revision 2371) @@ -822,15 +822,27 @@ ); cgi_env_add(&env, CONST_STR_LEN("SERVER_PORT"), buf, strlen(buf)); @@ -105,10 +153,27 @@ Index: src/mod_cgi.c cgi_env_add(&env, CONST_STR_LEN("REMOTE_ADDR"), s, strlen(s)); LI_ltostr(buf, +Index: src/mod_rewrite.c +=================================================================== +--- src/mod_rewrite.c (.../tags/lighttpd-1.4.20) (revision 2371) ++++ src/mod_rewrite.c (.../branches/lighttpd-1.4.x) (revision 2371) +@@ -350,11 +350,7 @@ + + if (!p->conf.rewrite) return HANDLER_GO_ON; + +- buffer_copy_string_buffer(p->match_buf, con->uri.path); +- if (con->uri.query->used > 0) { +- buffer_append_string_len(p->match_buf, CONST_STR_LEN("?")); +- buffer_append_string_buffer(p->match_buf, con->uri.query); +- } ++ buffer_copy_string_buffer(p->match_buf, con->request.uri); + + for (i = 0; i < p->conf.rewrite->used; i++) { + pcre *match; Index: src/connections.c =================================================================== ---- src/connections.c (.../tags/lighttpd-1.4.20) (revision 2336) -+++ src/connections.c (.../branches/lighttpd-1.4.x) (revision 2336) +--- src/connections.c (.../tags/lighttpd-1.4.20) (revision 2371) ++++ src/connections.c (.../branches/lighttpd-1.4.x) (revision 2371) @@ -330,15 +330,13 @@ buffer_prepare_copy(b, 4 * 1024); len = recv(con->fd, b->ptr, b->size - 1, 0); @@ -131,10 +196,36 @@ Index: src/connections.c len = read(con->fd, b->ptr, b->size - 1); #endif +@@ -1066,6 +1064,9 @@ + if (dst_c->file.fd == -1) { + /* this should not happen as we cache the fd, but you never know */ + dst_c->file.fd = open(dst_c->file.name->ptr, O_WRONLY | O_APPEND); ++#ifdef FD_CLOEXEC ++ fcntl(dst_c->file.fd, F_SETFD, FD_CLOEXEC); ++#endif + } + } else { + /* the chunk is too large now, close it */ +Index: src/mod_alias.c +=================================================================== +--- src/mod_alias.c (.../tags/lighttpd-1.4.20) (revision 2371) ++++ src/mod_alias.c (.../branches/lighttpd-1.4.x) (revision 2371) +@@ -103,9 +103,8 @@ + } + /* ok, they have same prefix. check position */ + if (a->sorted[j] < a->sorted[k]) { +- fprintf(stderr, "url.alias: `%s' will never match as `%s' matched first\n", +- key->ptr, +- prefix->ptr); ++ log_error_write(srv, __FILE__, __LINE__, "SBSBS", ++ "url.alias: `", key, "' will never match as `", prefix, "' matched first"); + return HANDLER_ERROR; + } + } Index: src/configfile.c =================================================================== ---- src/configfile.c (.../tags/lighttpd-1.4.20) (revision 2336) -+++ src/configfile.c (.../branches/lighttpd-1.4.x) (revision 2336) +--- src/configfile.c (.../tags/lighttpd-1.4.20) (revision 2371) ++++ src/configfile.c (.../branches/lighttpd-1.4.x) (revision 2371) @@ -940,7 +940,6 @@ } @@ -152,10 +243,105 @@ Index: src/configfile.c log_error_write(srv, __FILE__, __LINE__, "sbss", "opening", source, "failed:", strerror(errno)); ret = -1; +Index: src/mod_trigger_b4_dl.c +=================================================================== +--- src/mod_trigger_b4_dl.c (.../tags/lighttpd-1.4.20) (revision 2371) ++++ src/mod_trigger_b4_dl.c (.../branches/lighttpd-1.4.x) (revision 2371) +@@ -1,5 +1,6 @@ + #include + #include ++#include + #include + + #include "base.h" +@@ -180,6 +181,9 @@ + "gdbm-open failed"); + return HANDLER_ERROR; + } ++#ifdef FD_CLOEXEC ++ fcntl(gdbm_fdesc(s->db), F_SETFD, FD_CLOEXEC); ++#endif + } + #endif + #if defined(HAVE_PCRE_H) +Index: src/mod_mysql_vhost.c +=================================================================== +--- src/mod_mysql_vhost.c (.../tags/lighttpd-1.4.20) (revision 2371) ++++ src/mod_mysql_vhost.c (.../branches/lighttpd-1.4.x) (revision 2371) +@@ -245,7 +245,6 @@ + if (!(buffer_is_empty(s->myuser) || + buffer_is_empty(s->mydb))) { + my_bool reconnect = 1; +- int fd; + + if (NULL == (s->mysql = mysql_init(NULL))) { + log_error_write(srv, __FILE__, __LINE__, "s", "mysql_init() failed, exiting..."); +@@ -267,19 +266,27 @@ + return HANDLER_ERROR; + } + #undef FOO ++ ++#if 0 + /* set close_on_exec for mysql the hard way */ + /* Note: this only works as it is done during startup, */ + /* otherwise we cannot be sure that mysql is fd i-1 */ +- if (-1 == (fd = open("/dev/null", 0))) { ++ { int fd; ++ if (-1 != (fd = open("/dev/null", 0))) { + close(fd); ++#ifdef FD_CLOEXEC + fcntl(fd-1, F_SETFD, FD_CLOEXEC); +- } ++#endif ++ } } ++#else ++#ifdef FD_CLOEXEC ++ fcntl(s->mysql->net.fd, F_SETFD, FD_CLOEXEC); ++#endif ++#endif + } + } + +- +- +- return HANDLER_GO_ON; ++ return HANDLER_GO_ON; + } + + #define PATCH(x) \ +Index: src/inet_ntop_cache.c +=================================================================== +--- src/inet_ntop_cache.c (.../tags/lighttpd-1.4.20) (revision 2371) ++++ src/inet_ntop_cache.c (.../branches/lighttpd-1.4.x) (revision 2371) +@@ -11,7 +11,7 @@ + #ifdef HAVE_IPV6 + size_t ndx = 0, i; + for (i = 0; i < INET_NTOP_CACHE_MAX; i++) { +- if (srv->inet_ntop_cache[i].ts != 0) { ++ if (srv->inet_ntop_cache[i].ts != 0 && srv->inet_ntop_cache[i].family == addr->plain.sa_family) { + if (srv->inet_ntop_cache[i].family == AF_INET6 && + 0 == memcmp(srv->inet_ntop_cache[i].addr.ipv6.s6_addr, addr->ipv6.sin6_addr.s6_addr, 16)) { + /* IPv6 found in cache */ +Index: src/mod_rrdtool.c +=================================================================== +--- src/mod_rrdtool.c (.../tags/lighttpd-1.4.20) (revision 2371) ++++ src/mod_rrdtool.c (.../branches/lighttpd-1.4.x) (revision 2371) +@@ -179,6 +179,11 @@ + p->read_fd = from_rrdtool_fds[0]; + p->rrdtool_pid = pid; + ++#ifdef FD_CLOEXEC ++ fcntl(p->write_fd, F_SETFD, FD_CLOEXEC); ++ fcntl(p->read_fd, F_SETFD, FD_CLOEXEC); ++#endif ++ + break; + } + } Index: src/response.c =================================================================== ---- src/response.c (.../tags/lighttpd-1.4.20) (revision 2336) -+++ src/response.c (.../branches/lighttpd-1.4.x) (revision 2336) +--- src/response.c (.../tags/lighttpd-1.4.20) (revision 2371) ++++ src/response.c (.../branches/lighttpd-1.4.x) (revision 2371) @@ -44,16 +44,15 @@ buffer_append_string(b, get_http_status_name(con->http_status)); @@ -176,10 +362,79 @@ Index: src/response.c } +@@ -233,6 +232,27 @@ + } + + ++ /** ++ * ++ * call plugins ++ * ++ * - based on the raw URL ++ * ++ */ ++ ++ switch(r = plugins_call_handle_uri_raw(srv, con)) { ++ case HANDLER_GO_ON: ++ break; ++ case HANDLER_FINISHED: ++ case HANDLER_COMEBACK: ++ case HANDLER_WAIT_FOR_EVENT: ++ case HANDLER_ERROR: ++ return r; ++ default: ++ log_error_write(srv, __FILE__, __LINE__, "sd", "handle_uri_raw: unknown return value", r); ++ break; ++ } ++ + /* build filename + * + * - decode url-encodings (e.g. %20 -> ' ') +@@ -240,6 +260,7 @@ + */ + + ++ + if (con->request.http_method == HTTP_METHOD_OPTIONS && + con->uri.path_raw->ptr[0] == '*' && con->uri.path_raw->ptr[1] == '\0') { + /* OPTIONS * ... */ +@@ -255,32 +276,10 @@ + log_error_write(srv, __FILE__, __LINE__, "sb", "URI-path : ", con->uri.path); + } + +- + /** + * + * call plugins + * +- * - based on the raw URL +- * +- */ +- +- switch(r = plugins_call_handle_uri_raw(srv, con)) { +- case HANDLER_GO_ON: +- break; +- case HANDLER_FINISHED: +- case HANDLER_COMEBACK: +- case HANDLER_WAIT_FOR_EVENT: +- case HANDLER_ERROR: +- return r; +- default: +- log_error_write(srv, __FILE__, __LINE__, "sd", "handle_uri_raw: unknown return value", r); +- break; +- } +- +- /** +- * +- * call plugins +- * + * - based on the clean URL + * + */ Index: src/mod_simple_vhost.c =================================================================== ---- src/mod_simple_vhost.c (.../tags/lighttpd-1.4.20) (revision 2336) -+++ src/mod_simple_vhost.c (.../branches/lighttpd-1.4.x) (revision 2336) +--- src/mod_simple_vhost.c (.../tags/lighttpd-1.4.20) (revision 2371) ++++ src/mod_simple_vhost.c (.../branches/lighttpd-1.4.x) (revision 2371) @@ -249,6 +249,8 @@ return HANDLER_GO_ON; } else { @@ -191,8 +446,17 @@ Index: src/mod_simple_vhost.c buffer_copy_string_buffer(con->server_name, con->uri.authority); Index: src/mod_proxy.c =================================================================== ---- src/mod_proxy.c (.../tags/lighttpd-1.4.20) (revision 2336) -+++ src/mod_proxy.c (.../branches/lighttpd-1.4.x) (revision 2336) +--- src/mod_proxy.c (.../tags/lighttpd-1.4.20) (revision 2371) ++++ src/mod_proxy.c (.../branches/lighttpd-1.4.x) (revision 2371) +@@ -652,7 +652,7 @@ + buffer_prepare_append(hctx->response, b + 1); + hctx->response->used = 1; + } else { +- buffer_prepare_append(hctx->response, hctx->response->used + b); ++ buffer_prepare_append(hctx->response, b); + } + + if (-1 == (r = read(hctx->fd, hctx->response->ptr + hctx->response->used - 1, b))) { @@ -1198,7 +1198,8 @@ host = (data_proxy *)extension->value->data[0]; @@ -203,10 +467,165 @@ Index: src/mod_proxy.c if (ndx < 0) ndx = 0; /* Search first active host after last_used_ndx */ +Index: src/config.h.cmake +=================================================================== +--- src/config.h.cmake (.../tags/lighttpd-1.4.20) (revision 0) ++++ src/config.h.cmake (.../branches/lighttpd-1.4.x) (revision 2371) +@@ -0,0 +1,150 @@ ++/* ++ CMake autogenerated config.h file. Do not edit! ++*/ ++ ++/* System */ ++#cmakedefine HAVE_SYS_DEVPOLL_H ++#cmakedefine HAVE_SYS_EPOLL_H ++#cmakedefine HAVE_SYS_EVENT_H ++#cmakedefine HAVE_SYS_MMAN_H ++#cmakedefine HAVE_SYS_POLL_H ++#cmakedefine HAVE_SYS_PORT_H ++#cmakedefine HAVE_SYS_PRCTL_H ++#cmakedefine HAVE_SYS_RESOURCE_H ++#cmakedefine HAVE_SYS_SENDFILE_H ++#cmakedefine HAVE_SYS_SELECT_H ++#cmakedefine HAVE_SYS_SYSLIMITS_H ++#cmakedefine HAVE_SYS_TYPES_H ++#cmakedefine HAVE_SYS_UIO_H ++#cmakedefine HAVE_SYS_UN_H ++#cmakedefine HAVE_SYS_WAIT_H ++#cmakedefine HAVE_SYS_TIME_H ++#cmakedefine HAVE_UNISTD_H ++#cmakedefine HAVE_PTHREAD_H ++#cmakedefine HAVE_INET_ATON ++#cmakedefine HAVE_IPV6 ++ ++/* XATTR */ ++#cmakedefine HAVE_ATTR_ATTRIBUTES_H ++#cmakedefine HAVE_XATTR ++ ++/* mySQL */ ++#cmakedefine HAVE_MYSQL_H ++#cmakedefine HAVE_MYSQL ++ ++/* OpenSSL */ ++#cmakedefine HAVE_OPENSSL_SSL_H ++#cmakedefine HAVE_LIBCRYPTO ++#cmakedefine OPENSSL_NO_KRB5 ++#cmakedefine HAVE_LIBSSL ++ ++/* BZip */ ++#cmakedefine HAVE_BZLIB_H ++#cmakedefine HAVE_LIBBZ2 ++ ++/* FAM */ ++#cmakedefine HAVE_FAM_H ++#cmakedefine HAVE_FAMNOEXISTS ++ ++/* getopt */ ++#cmakedefine HAVE_GETOPT_H ++ ++#cmakedefine HAVE_INTTYPES_H ++ ++/* LDAP */ ++#cmakedefine HAVE_LDAP_H ++#cmakedefine HAVE_LIBLDAP ++#cmakedefine HAVE_LBER_H ++#cmakedefine HAVE_LIBLBER ++#cmakedefine LDAP_DEPRECATED 1 ++ ++/* XML */ ++#cmakedefine HAVE_LIBXML_H ++#cmakedefine HAVE_LIBXML ++ ++/* PCRE */ ++#cmakedefine HAVE_PCRE_H ++#cmakedefine HAVE_LIBPCRE ++ ++#cmakedefine HAVE_POLL_H ++#cmakedefine HAVE_PWD_H ++ ++/* sqlite3 */ ++#cmakedefine HAVE_SQLITE3_H ++#cmakedefine HAVE_LIBPCRE ++ ++#cmakedefine HAVE_STDDEF_H ++#cmakedefine HAVE_STDINT_H ++#cmakedefine HAVE_SYSLOG_H ++ ++/* UUID */ ++#cmakedefine HAVE_UUID_UUID_H ++#cmakedefine HAVE_LIBUUID ++ ++/* ZLIB */ ++#cmakedefine HAVE_ZLIB_H ++#cmakedefine HAVE_LIBZ ++ ++/* lua */ ++#cmakedefine HAVE_LUA_H ++#cmakedefine HAVE_LIBLUA ++ ++/* gdbm */ ++#cmakedefine HAVE_GDBM_H ++#cmakedefine HAVE_GDBM ++ ++/* memcache */ ++#cmakedefine HAVE_MEMCACHE_H ++ ++/* inotify */ ++#cmakedefine HAVE_INOTIFY_INIT ++#cmakedefine HAVE_SYS_INOTIFY_H ++ ++/* Types */ ++#cmakedefine HAVE_SOCKLEN_T ++#cmakedefine SIZEOF_LONG ${SIZEOF_LONG} ++#cmakedefine SIZEOF_OFF_T ${SIZEOF_OFF_T} ++ ++/* Functions */ ++#cmakedefine HAVE_CHROOT ++#cmakedefine HAVE_CRYPT ++#cmakedefine HAVE_EPOLL_CTL ++#cmakedefine HAVE_FORK ++#cmakedefine HAVE_GETRLIMIT ++#cmakedefine HAVE_GETUID ++#cmakedefine HAVE_GMTIME_R ++#cmakedefine HAVE_INET_NTOP ++#cmakedefine HAVE_KQUEUE ++#cmakedefine HAVE_LOCALTIME_R ++#cmakedefine HAVE_LSTAT ++#cmakedefine HAVE_MADVISE ++#cmakedefine HAVE_MEMCPY ++#cmakedefine HAVE_MEMSET ++#cmakedefine HAVE_MMAP ++#cmakedefine HAVE_PATHCONF ++#cmakedefine HAVE_POLL ++#cmakedefine HAVE_PORT_CREATE ++#cmakedefine HAVE_PRCTL ++#cmakedefine HAVE_PREAD ++#cmakedefine HAVE_POSIX_FADVISE ++#cmakedefine HAVE_SELECT ++#cmakedefine HAVE_SENDFILE ++#cmakedefine HAVE_SEND_FILE ++#cmakedefine HAVE_SENDFILE64 ++#cmakedefine HAVE_SENDFILEV ++#cmakedefine HAVE_SIGACTION ++#cmakedefine HAVE_SIGNAL ++#cmakedefine HAVE_SIGTIMEDWAIT ++#cmakedefine HAVE_STRPTIME ++#cmakedefine HAVE_SYSLOG ++#cmakedefine HAVE_WRITEV ++ ++/* libcrypt */ ++#cmakedefine HAVE_CRYPT_H ++#cmakedefine HAVE_LIBCRYPT ++ ++/* fastcgi */ ++#cmakedefine HAVE_FASTCGI_H ++#cmakedefine HAVE_FASTCGI_FASTCGI_H ++ ++#cmakedefine LIGHTTPD_STATIC Index: src/http_auth.c =================================================================== ---- src/http_auth.c (.../tags/lighttpd-1.4.20) (revision 2336) -+++ src/http_auth.c (.../branches/lighttpd-1.4.x) (revision 2336) +--- src/http_auth.c (.../tags/lighttpd-1.4.20) (revision 2371) ++++ src/http_auth.c (.../branches/lighttpd-1.4.x) (revision 2371) @@ -57,22 +57,25 @@ static const char base64_pad = '='; @@ -329,10 +748,27 @@ Index: src/http_auth.c /* 3. */ if (NULL == (ldap = ldap_init(p->conf.auth_ldap_hostname->ptr, LDAP_PORT))) { +Index: src/mod_redirect.c +=================================================================== +--- src/mod_redirect.c (.../tags/lighttpd-1.4.20) (revision 2371) ++++ src/mod_redirect.c (.../branches/lighttpd-1.4.x) (revision 2371) +@@ -178,11 +178,7 @@ + + mod_redirect_patch_connection(srv, con, p); + +- buffer_copy_string_buffer(p->match_buf, con->uri.path); +- if (con->uri.query->used > 0) { +- buffer_append_string_len(p->match_buf, CONST_STR_LEN("?")); +- buffer_append_string_buffer(p->match_buf, con->uri.query); +- } ++ buffer_copy_string_buffer(p->match_buf, con->request.uri); + + for (i = 0; i < p->conf.redirect->used; i++) { + pcre *match; Index: src/http_auth.h =================================================================== ---- src/http_auth.h (.../tags/lighttpd-1.4.20) (revision 2336) -+++ src/http_auth.h (.../branches/lighttpd-1.4.x) (revision 2336) +--- src/http_auth.h (.../tags/lighttpd-1.4.20) (revision 2371) ++++ src/http_auth.h (.../branches/lighttpd-1.4.x) (revision 2371) @@ -63,7 +63,7 @@ mod_auth_plugin_config **config_storage; @@ -342,10 +778,32 @@ Index: src/http_auth.h } mod_auth_plugin_data; int http_auth_basic_check(server *srv, connection *con, mod_auth_plugin_data *p, array *req, buffer *url, const char *realm_str); +Index: src/mod_webdav.c +=================================================================== +--- src/mod_webdav.c (.../tags/lighttpd-1.4.20) (revision 2371) ++++ src/mod_webdav.c (.../branches/lighttpd-1.4.x) (revision 2371) +@@ -1026,6 +1026,8 @@ + if (MAP_FAILED == (c->file.mmap.start = mmap(0, c->file.length, PROT_READ, MAP_SHARED, c->file.fd, 0))) { + log_error_write(srv, __FILE__, __LINE__, "ssbd", "mmap failed: ", + strerror(errno), c->file.name, c->file.fd); ++ close(c->file.fd); ++ c->file.fd = -1; + + return -1; + } +@@ -1723,6 +1725,8 @@ + if (MAP_FAILED == (c->file.mmap.start = mmap(0, c->file.length, PROT_READ, MAP_SHARED, c->file.fd, 0))) { + log_error_write(srv, __FILE__, __LINE__, "ssbd", "mmap failed: ", + strerror(errno), c->file.name, c->file.fd); ++ close(c->file.fd); ++ c->file.fd = -1; + + return HANDLER_ERROR; + } Index: src/mod_compress.c =================================================================== ---- src/mod_compress.c (.../tags/lighttpd-1.4.20) (revision 2336) -+++ src/mod_compress.c (.../branches/lighttpd-1.4.x) (revision 2336) +--- src/mod_compress.c (.../tags/lighttpd-1.4.20) (revision 2371) ++++ src/mod_compress.c (.../branches/lighttpd-1.4.x) (revision 2371) @@ -49,6 +49,7 @@ buffer *compress_cache_dir; array *compress; @@ -471,10 +929,42 @@ Index: src/mod_compress.c if (matched_encodings) { const char *dflt_gzip = "gzip"; +Index: src/spawn-fcgi.c +=================================================================== +--- src/spawn-fcgi.c (.../tags/lighttpd-1.4.20) (revision 2371) ++++ src/spawn-fcgi.c (.../branches/lighttpd-1.4.x) (revision 2371) +@@ -58,7 +58,7 @@ + + + if (unixsocket) { +- memset(&fcgi_addr, 0, sizeof(fcgi_addr)); ++ memset(&fcgi_addr_un, 0, sizeof(fcgi_addr_un)); + + fcgi_addr_un.sun_family = AF_UNIX; + strcpy(fcgi_addr_un.sun_path, unixsocket); +@@ -72,12 +72,13 @@ + socket_type = AF_UNIX; + fcgi_addr = (struct sockaddr *) &fcgi_addr_un; + } else { ++ memset(&fcgi_addr_in, 0, sizeof(fcgi_addr_in)); + fcgi_addr_in.sin_family = AF_INET; +- if (addr != NULL) { +- fcgi_addr_in.sin_addr.s_addr = inet_addr(addr); +- } else { +- fcgi_addr_in.sin_addr.s_addr = htonl(INADDR_ANY); +- } ++ if (addr != NULL) { ++ fcgi_addr_in.sin_addr.s_addr = inet_addr(addr); ++ } else { ++ fcgi_addr_in.sin_addr.s_addr = htonl(INADDR_ANY); ++ } + fcgi_addr_in.sin_port = htons(port); + servlen = sizeof(fcgi_addr_in); + Index: src/mod_auth.c =================================================================== ---- src/mod_auth.c (.../tags/lighttpd-1.4.20) (revision 2336) -+++ src/mod_auth.c (.../branches/lighttpd-1.4.x) (revision 2336) +--- src/mod_auth.c (.../tags/lighttpd-1.4.20) (revision 2371) ++++ src/mod_auth.c (.../branches/lighttpd-1.4.x) (revision 2371) @@ -115,7 +115,7 @@ PATCH(auth_ldap_starttls); PATCH(auth_ldap_allow_empty_pw); @@ -512,11 +1002,39 @@ Index: src/mod_auth.c if (NULL == (s->ldap = ldap_init(s->auth_ldap_hostname->ptr, LDAP_PORT))) { log_error_write(srv, __FILE__, __LINE__, "ss", "ldap ...", strerror(errno)); +Index: src/http-header-glue.c +=================================================================== +--- src/http-header-glue.c (.../tags/lighttpd-1.4.20) (revision 2371) ++++ src/http-header-glue.c (.../branches/lighttpd-1.4.x) (revision 2371) +@@ -280,6 +280,7 @@ + strncpy(buf, con->request.http_if_modified_since, used_len); + buf[used_len] = '\0'; + ++ tm.tm_isdst = 0; + if (NULL == strptime(buf, "%a, %d %b %Y %H:%M:%S GMT", &tm)) { + con->http_status = 412; + con->mode = DIRECT; +@@ -329,6 +330,7 @@ + strncpy(buf, con->request.http_if_modified_since, used_len); + buf[used_len] = '\0'; + ++ tm.tm_isdst = 0; + if (NULL == strptime(buf, "%a, %d %b %Y %H:%M:%S GMT", &tm)) { + /** + * parsing failed, let's get out of here Index: src/mod_fastcgi.c =================================================================== ---- src/mod_fastcgi.c (.../tags/lighttpd-1.4.20) (revision 2336) -+++ src/mod_fastcgi.c (.../branches/lighttpd-1.4.x) (revision 2336) -@@ -3608,47 +3608,50 @@ +--- src/mod_fastcgi.c (.../tags/lighttpd-1.4.20) (revision 2371) ++++ src/mod_fastcgi.c (.../branches/lighttpd-1.4.x) (revision 2371) +@@ -3252,6 +3252,7 @@ + fcgi_connection_close(srv, hctx); + + con->mode = DIRECT; ++ con->http_status = 0; + con->file_started = 1; /* fcgi_extension won't touch the request afterwards */ + } else { + /* we are done */ +@@ -3608,47 +3609,50 @@ "handling it in mod_fastcgi"); } @@ -605,10 +1123,672 @@ Index: src/mod_fastcgi.c } } } else { +Index: src/CMakeLists.txt +=================================================================== +--- src/CMakeLists.txt (.../tags/lighttpd-1.4.20) (revision 0) ++++ src/CMakeLists.txt (.../branches/lighttpd-1.4.x) (revision 2371) +@@ -0,0 +1,604 @@ ++INCLUDE(CheckCSourceCompiles) ++INCLUDE(CheckIncludeFiles) ++INCLUDE(CheckFunctionExists) ++INCLUDE(CheckVariableExists) ++INCLUDE(CheckTypeSize) ++INCLUDE(CheckLibraryExists) ++INCLUDE(CMakeDetermineCCompiler) ++INCLUDE(FindThreads) ++INCLUDE(FindPkgConfig) ++ ++INCLUDE(LighttpdMacros) ++ ++ADD_DEFINITIONS(-D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGE_FILES) ++ ++OPTION(WITH_XATTR "with xattr-support for the stat-cache [default: off]") ++OPTION(WITH_MYSQL "with mysql-support for the mod_sql_vhost [default: off]") ++# OPTION(WITH_POSTGRESQL "with postgress-support for the mod_sql_vhost [default: off]") ++OPTION(WITH_OPENSSL "with openssl-support [default: off]") ++OPTION(WITH_PCRE "with regex support [default: on]" ON) ++OPTION(WITH_WEBDAV_PROPS "with property-support for mod_webdav [default: off]") ++OPTION(WITH_WEBDAV_LOCKS "locks in webdav [default: off]") ++OPTION(WITH_BZIP "with bzip2-support for mod_compress [default: off]") ++OPTION(WITH_ZLIB "with deflate-support for mod_compress [default: on]" ON) ++OPTION(WITH_LDAP "with LDAP-support for the mod_auth [default: off]") ++OPTION(WITH_LUA "with lua 5.1 for mod_magnet [default: off]") ++# OPTION(WITH_VALGRIND "with internal support for valgrind [default: off]") ++# OPTION(WITH_KERBEROS5 "use Kerberos5 support with OpenSSL [default: off]") ++OPTION(WITH_FAM "fam/gamin for reducing number of stat() calls [default: off]") ++OPTION(WITH_GDBM "gdbm storage for mod_trigger_b4_dl [default: off]") ++OPTION(WITH_MEMCACHE "memcached storage for mod_trigger_b4_dl [default: off]") ++ ++OPTION(BUILD_STATIC "build a static lighttpd with all modules added") ++ ++IF(BUILD_STATIC) ++ SET(LIGHTTPD_STATIC 1) ++ELSE(BUILD_STATIC) ++ SET(CMAKE_SHARED_LIBRARY_PREFIX "") ++ENDIF(BUILD_STATIC) ++ ++IF(WITH_WEBDAV_PROPS) ++ SET(WITH_XML 1) ++ SET(WITH_SQLITE3 1) ++ SET(WITH_UUID 1) ++ENDIF(WITH_WEBDAV_PROPS) ++ ++CHECK_INCLUDE_FILES(sys/devpoll.h HAVE_SYS_DEVPOLL_H) ++CHECK_INCLUDE_FILES(sys/epoll.h HAVE_SYS_EPOLL_H) ++CHECK_INCLUDE_FILES(sys/event.h HAVE_SYS_EVENT_H) ++CHECK_INCLUDE_FILES(sys/mman.h HAVE_SYS_MMAN_H) ++CHECK_INCLUDE_FILES(sys/poll.h HAVE_SYS_POLL_H) ++CHECK_INCLUDE_FILES(sys/port.h HAVE_SYS_PORT_H) ++CHECK_INCLUDE_FILES(sys/prctl.h HAVE_SYS_PRCTL_H) ++CHECK_INCLUDE_FILES(sys/resource.h HAVE_SYS_RESOURCE_H) ++CHECK_INCLUDE_FILES(sys/sendfile.h HAVE_SYS_SENDFILE_H) ++CHECK_INCLUDE_FILES(sys/select.h HAVE_SYS_SELECT_H) ++CHECK_INCLUDE_FILES(sys/syslimits.h HAVE_SYS_SYSLIMITS_H) ++CHECK_INCLUDE_FILES(sys/types.h HAVE_SYS_TYPES_H) ++CHECK_INCLUDE_FILES(sys/uio.h HAVE_SYS_UIO_H) ++CHECK_INCLUDE_FILES(sys/un.h HAVE_SYS_UN_H) ++CHECK_INCLUDE_FILES(sys/wait.h HAVE_SYS_WAIT_H) ++CHECK_INCLUDE_FILES(sys/time.h HAVE_SYS_TIME_H) ++CHECK_INCLUDE_FILES(unistd.h HAVE_UNISTD_H) ++CHECK_INCLUDE_FILES(pthread.h HAVE_PTHREAD_H) ++CHECK_INCLUDE_FILES(getopt.h HAVE_GETOPT_H) ++CHECK_INCLUDE_FILES(inttypes.h HAVE_INTTYPES_H) ++CHECK_INCLUDE_FILES(poll.h HAVE_POLL_H) ++CHECK_INCLUDE_FILES(pwd.h HAVE_PWD_H) ++CHECK_INCLUDE_FILES(stddef.h HAVE_STDDEF_H) ++CHECK_INCLUDE_FILES(stdint.h HAVE_STDINT_H) ++CHECK_INCLUDE_FILES(syslog.h HAVE_SYSLOG_H) ++ ++# check for fastcgi lib, for the tests only ++CHECK_INCLUDE_FILES(fastcgi.h HAVE_FASTCGI_H) ++CHECK_INCLUDE_FILES(fastcgi/fastcgi.h HAVE_FASTCGI_FASTCGI_H) ++ ++CHECK_INCLUDE_FILES(crypt.h HAVE_CRYPT_H) ++IF(HAVE_CRYPT_H) ++ ## check if we need libcrypt for crypt() ++ CHECK_LIBRARY_EXISTS(crypt crypt "" HAVE_LIBCRYPT) ++ENDIF(HAVE_CRYPT_H) ++ ++CHECK_INCLUDE_FILES(sys/inotify.h HAVE_SYS_INOTIFY_H) ++IF(HAVE_SYS_INOTIFY_H) ++ CHECK_FUNCTION_EXISTS(inotify_init HAVE_INOTIFY_INIT) ++ENDIF(HAVE_SYS_INOTIFY_H) ++ ++SET(CMAKE_EXTRA_INCLUDE_FILES sys/socket.h) ++CHECK_TYPE_SIZE(socklen_t HAVE_SOCKLEN_T) ++SET(CMAKE_EXTRA_INCLUDE_FILES) ++ ++CHECK_TYPE_SIZE(long SIZEOF_LONG) ++CHECK_TYPE_SIZE(off_t SIZEOF_OFF_T) ++ ++CHECK_FUNCTION_EXISTS(chroot HAVE_CHROOT) ++CHECK_FUNCTION_EXISTS(crypt HAVE_CRYPT) ++CHECK_FUNCTION_EXISTS(epoll_ctl HAVE_EPOLL_CTL) ++CHECK_FUNCTION_EXISTS(fork HAVE_FORK) ++CHECK_FUNCTION_EXISTS(getrlimit HAVE_GETRLIMIT) ++CHECK_FUNCTION_EXISTS(getuid HAVE_GETUID) ++CHECK_FUNCTION_EXISTS(gmtime_r HAVE_GMTIME_R) ++CHECK_FUNCTION_EXISTS(inet_ntop HAVE_INET_NTOP) ++CHECK_FUNCTION_EXISTS(kqueue HAVE_KQUEUE) ++CHECK_FUNCTION_EXISTS(localtime_r HAVE_LOCALTIME_R) ++CHECK_FUNCTION_EXISTS(lstat HAVE_LSTAT) ++CHECK_FUNCTION_EXISTS(madvise HAVE_MADVISE) ++CHECK_FUNCTION_EXISTS(memcpy HAVE_MEMCPY) ++CHECK_FUNCTION_EXISTS(memset HAVE_MEMSET) ++CHECK_FUNCTION_EXISTS(mmap HAVE_MMAP) ++CHECK_FUNCTION_EXISTS(pathconf HAVE_PATHCONF) ++CHECK_FUNCTION_EXISTS(poll HAVE_POLL) ++CHECK_FUNCTION_EXISTS(port_create HAVE_PORT_CREATE) ++CHECK_FUNCTION_EXISTS(prctl HAVE_PRCTL) ++CHECK_FUNCTION_EXISTS(pread HAVE_PREAD) ++CHECK_FUNCTION_EXISTS(posix_fadvise HAVE_POSIX_FADVISE) ++CHECK_FUNCTION_EXISTS(select HAVE_SELECT) ++CHECK_FUNCTION_EXISTS(sendfile HAVE_SENDFILE) ++CHECK_FUNCTION_EXISTS(send_file HAVE_SEND_FILE) ++CHECK_FUNCTION_EXISTS(sendfile64 HAVE_SENDFILE64) ++CHECK_FUNCTION_EXISTS(sendfilev HAVE_SENDFILEV) ++CHECK_FUNCTION_EXISTS(sigaction HAVE_SIGACTION) ++CHECK_FUNCTION_EXISTS(signal HAVE_SIGNAL) ++CHECK_FUNCTION_EXISTS(sigtimedwait HAVE_SIGTIMEDWAIT) ++CHECK_FUNCTION_EXISTS(strptime HAVE_STRPTIME) ++CHECK_FUNCTION_EXISTS(syslog HAVE_SYSLOG) ++CHECK_FUNCTION_EXISTS(writev HAVE_WRITEV) ++CHECK_FUNCTION_EXISTS(inet_aton HAVE_INET_ATON) ++CHECK_C_SOURCE_COMPILES(" ++ #include ++ #include ++ #include ++ ++ int main() { ++ struct sockaddr_in6 s; struct in6_addr t=in6addr_any; int i=AF_INET6; s; t.s6_addr[0] = 0; ++ return 0; ++ }" HAVE_IPV6) ++ ++## refactor me ++MACRO(XCONFIG _package _include_DIR _link_DIR _link_FLAGS _cflags) ++# reset the variables at the beginning ++ SET(${_include_DIR}) ++ SET(${_link_DIR}) ++ SET(${_link_FLAGS}) ++ SET(${_cflags}) ++ ++ FIND_PROGRAM(${_package}CONFIG_EXECUTABLE NAMES ${_package} PATHS /usr/local/bin ) ++ ++ # if pkg-config has been found ++ IF(${_package}CONFIG_EXECUTABLE) ++ SET(XCONFIG_EXECUTABLE "${${_package}CONFIG_EXECUTABLE}") ++ MESSAGE(STATUS "found ${_package}: ${XCONFIG_EXECUTABLE}") ++ ++ EXEC_PROGRAM(${XCONFIG_EXECUTABLE} ARGS --libs OUTPUT_VARIABLE __link_FLAGS) ++ STRING(REPLACE "\n" "" ${_link_FLAGS} ${__link_FLAGS}) ++ EXEC_PROGRAM(${XCONFIG_EXECUTABLE} ARGS --cflags OUTPUT_VARIABLE __cflags) ++ STRING(REPLACE "\n" "" ${_cflags} ${__cflags}) ++ ++ ELSE(${_package}CONFIG_EXECUTABLE) ++ MESSAGE(STATUS "found ${_package}: no") ++ ENDIF(${_package}CONFIG_EXECUTABLE) ++ENDMACRO(XCONFIG _package _include_DIR _link_DIR _link_FLAGS _cflags) ++ ++IF(WITH_XATTR) ++ CHECK_INCLUDE_FILES(attr/attributes.h HAVE_ATTR_ATTRIBUTES_H) ++ CHECK_LIBRARY_EXISTS(attr attr_get "" HAVE_XATTR) ++ENDIF(WITH_XATTR) ++ ++IF(WITH_MYSQL) ++ XCONFIG(mysql_config MYSQL_INCDIR MYSQL_LIBDIR MYSQL_LDFLAGS MYSQL_CFLAGS) ++ ++ SET(CMAKE_REQUIRED_INCLUDES /usr/include/mysql) ++ CHECK_INCLUDE_FILES(mysql.h HAVE_MYSQL_H) ++ SET(CMAKE_REQUIRED_INCLUDES) ++ IF(HAVE_MYSQL_H) ++ CHECK_LIBRARY_EXISTS(mysqlclient mysql_real_connect "" HAVE_MYSQL) ++ ENDIF(HAVE_MYSQL_H) ++ENDIF(WITH_MYSQL) ++ ++IF(WITH_OPENSSL) ++ CHECK_INCLUDE_FILES(openssl/ssl.h HAVE_OPENSSL_SSL_H) ++ IF(HAVE_OPENSSL_SSL_H) ++ CHECK_LIBRARY_EXISTS(crypto BIO_f_base64 "" HAVE_LIBCRYPTO) ++ IF(HAVE_LIBCRYPTO) ++ SET(OPENSSL_NO_KRB5 1) ++ CHECK_LIBRARY_EXISTS(ssl SSL_new "" HAVE_LIBSSL) ++ ENDIF(HAVE_LIBCRYPTO) ++ ENDIF(HAVE_OPENSSL_SSL_H) ++ENDIF(WITH_OPENSSL) ++ ++IF(WITH_PCRE) ++ ## if we have pcre-config, use it ++ XCONFIG(pcre-config PCRE_INCDIR PCRE_LIBDIR PCRE_LDFLAGS PCRE_CFLAGS) ++ IF(PCRE_LDFLAGS OR PCRE_CFLAGS) ++ MESSAGE(STATUS "found pcre at: LDFLAGS: ${PCRE_LDFLAGS} CFLAGS: ${PCRE_CFLAGS}") ++ ++ IF(NOT PCRE_CFLAGS STREQUAL "\n") ++ ## if it is empty we'll get newline returned ++ SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${PCRE_CFLAGS}") ++ ENDIF(NOT PCRE_CFLAGS STREQUAL "\n") ++ ++ SET(HAVE_PCRE_H 1) ++ SET(HAVE_LIBPCRE 1) ++ ELSE(PCRE_LDFLAGS OR PCRE_CFLAGS) ++ IF(NOT WIN32) ++ CHECK_INCLUDE_FILES(pcre.h HAVE_PCRE_H) ++ CHECK_LIBRARY_EXISTS(pcre pcre_exec "" HAVE_LIBPCRE) ++ SET(PCRE_LDFLAGS -lpcre) ++ ELSE(NOT WIN32) ++ FIND_PATH(PCRE_INCLUDE_DIR pcre.h ++ /usr/local/include ++ /usr/include ++ ) ++ ++ SET(PCRE_NAMES pcre) ++ FIND_LIBRARY(PCRE_LIBRARY ++ NAMES ${PCRE_NAMES} ++ PATHS /usr/lib /usr/local/lib ++ ) ++ ++ IF(PCRE_INCLUDE_DIR AND PCRE_LIBRARY) ++ SET(CMAKE_REQUIRED_INCLUDES ${PCRE_INCLUDE_DIR}) ++ SET(CMAKE_REQUIRED_LIBRARIES ${PCRE_LIBRARY}) ++ CHECK_INCLUDE_FILES(pcre.h HAVE_PCRE_H) ++ CHECK_LIBRARY_EXISTS(pcre pcre_exec "" HAVE_LIBPCRE) ++ SET(CMAKE_REQUIRED_INCLUDES) ++ SET(CMAKE_REQUIRED_LIBRARIES) ++ INCLUDE_DIRECTORIES(${PCRE_INCLUDE_DIR}) ++ ENDIF(PCRE_INCLUDE_DIR AND PCRE_LIBRARY) ++ ENDIF(NOT WIN32) ++ ENDIF(PCRE_LDFLAGS OR PCRE_CFLAGS) ++ ++ IF(NOT HAVE_PCRE_H) ++ MESSAGE(FATAL_ERROR "pcre.h couldn't be found") ++ ENDIF(NOT HAVE_PCRE_H) ++ IF(NOT HAVE_LIBPCRE) ++ MESSAGE(FATAL_ERROR "libpcre couldn't be found") ++ ENDIF(NOT HAVE_LIBPCRE) ++ ++ENDIF(WITH_PCRE) ++ ++ ++IF(WITH_XML) ++ XCONFIG(xml2-config XML2_INCDIR XML2_LIBDIR XML2_LDFLAGS XML2_CFLAGS) ++ IF(XML2_LDFLAGS OR XML2_CFLAGS) ++ MESSAGE(STATUS "found xml2 at: LDFLAGS: ${XML2_LDFLAGS} CFLAGS: ${XML2_CFLAGS}") ++ ++ ## if it is empty we'll get newline returned ++ SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${XML2_CFLAGS}") ++ ++ CHECK_INCLUDE_FILES(libxml/tree.h HAVE_LIBXML_H) ++ ++ SET(CMAKE_REQUIRED_FLAGS ${XML2_LDFLAGS}) ++ CHECK_LIBRARY_EXISTS(xml2 xmlParseChunk "" HAVE_LIBXML) ++ SET(CMAKE_REQUIRED_FLAGS) ++ ELSE(XML2_LDFLAGS OR XML2_CFLAGS) ++ CHECK_INCLUDE_FILES(libxml.h HAVE_LIBXML_H) ++ CHECK_LIBRARY_EXISTS(xml2 xmlParseChunk "" HAVE_LIBXML) ++ ENDIF(XML2_LDFLAGS OR XML2_CFLAGS) ++ ++ IF(NOT HAVE_LIBXML_H) ++ MESSAGE(FATAL_ERROR "libxml/tree.h couldn't be found") ++ ENDIF(NOT HAVE_LIBXML_H) ++ IF(NOT HAVE_LIBXML) ++ MESSAGE(FATAL_ERROR "libxml2 couldn't be found") ++ ENDIF(NOT HAVE_LIBXML) ++ ++ENDIF(WITH_XML) ++ ++IF(WITH_SQLITE3) ++ CHECK_INCLUDE_FILES(sqlite3.h HAVE_SQLITE3_H) ++ CHECK_LIBRARY_EXISTS(sqlite3 sqlite3_reset "" HAVE_SQLITE3) ++ENDIF(WITH_SQLITE3) ++ ++IF(WITH_UUID) ++ CHECK_INCLUDE_FILES(uuid/uuid.h HAVE_UUID_UUID_H) ++ CHECK_LIBRARY_EXISTS(uuid uuid_generate "" NEED_LIBUUID) ++ IF(NOT NEED_LIBUUID) ++ CHECK_FUNCTION_EXISTS(uuid_generate HAVE_LIBUUID) ++ ELSE(NOT NEED_LIBUUID) ++ SET(HAVE_LIBUUID 1) ++ ENDIF(NOT NEED_LIBUUID) ++ENDIF(WITH_UUID) ++ ++IF(WITH_ZLIB) ++ IF(NOT WIN32) ++ CHECK_INCLUDE_FILES(zlib.h HAVE_ZLIB_H) ++ CHECK_LIBRARY_EXISTS(z deflate "" HAVE_LIBZ) ++ SET(ZLIB_LIBRARY z) ++ ELSE(NOT WIN32) ++ FIND_PATH(ZLIB_INCLUDE_DIR zlib.h ++ /usr/local/include ++ /usr/include ++ ) ++ ++ SET(ZLIB_NAMES z zlib zdll) ++ FIND_LIBRARY(ZLIB_LIBRARY ++ NAMES ${ZLIB_NAMES} ++ PATHS /usr/lib /usr/local/lib ++ ) ++ ++ ++ IF(ZLIB_INCLUDE_DIR AND ZLIB_LIBRARY) ++ SET(CMAKE_REQUIRED_INCLUDES ${ZLIB_INCLUDE_DIR}) ++ SET(CMAKE_REQUIRED_LIBRARIES ${ZLIB_LIBRARY}) ++ GET_FILENAME_COMPONENT(ZLIB_NAME ${ZLIB_LIBRARY} NAME) ++ CHECK_INCLUDE_FILES(zlib.h HAVE_ZLIB_H) ++ CHECK_LIBRARY_EXISTS(${ZLIB_NAME} deflate "" HAVE_LIBZ) ++ SET(CMAKE_REQUIRED_INCLUDES) ++ SET(CMAKE_REQUIRED_LIBRARIES) ++ INCLUDE_DIRECTORIES(${ZLIB_INCLUDE_DIR}) ++ ++ ENDIF(ZLIB_INCLUDE_DIR AND ZLIB_LIBRARY) ++ ENDIF(NOT WIN32) ++ENDIF(WITH_ZLIB) ++ ++IF(WITH_BZIP) ++ CHECK_INCLUDE_FILES(bzlib.h HAVE_BZLIB_H) ++ CHECK_LIBRARY_EXISTS(bz2 BZ2_bzCompress "" HAVE_LIBBZ2) ++ENDIF(WITH_BZIP) ++ ++IF(WITH_LDAP) ++ CHECK_INCLUDE_FILES(ldap.h HAVE_LDAP_H) ++ CHECK_LIBRARY_EXISTS(ldap ldap_bind "" HAVE_LIBLDAP) ++ CHECK_INCLUDE_FILES(lber.h HAVE_LBER_H) ++ CHECK_LIBRARY_EXISTS(lber ber_printf "" HAVE_LIBLBER) ++ SET(LDAP_DEPRECATED 1) # Using deprecated ldap api ++ENDIF(WITH_LDAP) ++ ++IF(WITH_LUA) ++ pkg_search_module(LUA REQUIRED lua lua5.1) ++ MESSAGE(STATUS "found lua at: INCDIR: ${LUA_INCLUDE_DIRS} LIBDIR: ${LUA_LIBRARY_DIRS} LDFLAGS: ${LUA_LDFLAGS} CFLAGS: ${LUA_CFLAGS}") ++ SET(HAVE_LIBLUA 1 "Have liblua") ++ SET(HAVE_LUA_H 1 "Have liblua header") ++ENDIF(WITH_LUA) ++ ++IF(WITH_FAM) ++ CHECK_INCLUDE_FILES(fam.h HAVE_FAM_H) ++ CHECK_LIBRARY_EXISTS(fam FAMOpen2 "" HAVE_LIBFAM) ++ IF(HAVE_LIBFAM) ++ SET(CMAKE_REQUIRED_LIBRARIES fam) ++ CHECK_FUNCTION_EXISTS(FAMNoExists HAVE_FAMNOEXISTS) ++ ENDIF(HAVE_LIBFAM) ++ENDIF(WITH_FAM) ++ ++IF(WITH_GDBM) ++ CHECK_INCLUDE_FILES(gdbm.h HAVE_GDBM_H) ++ CHECK_LIBRARY_EXISTS(gdbm gdbm_open "" HAVE_GDBM) ++ENDIF(WITH_GDBM) ++ ++IF(WITH_MEMCACHE) ++ CHECK_INCLUDE_FILES(memcache.h HAVE_MEMCACHE_H) ++ CHECK_LIBRARY_EXISTS(memcache mc_new "" HAVE_MEMCACHE) ++ENDIF(WITH_MEMCACHE) ++ ++IF(NOT BUILD_STATIC) ++ CHECK_INCLUDE_FILES(dlfcn.h HAVE_DLFCN_H) ++ENDIF(NOT BUILD_STATIC) ++ ++IF(HAVE_DLFCN_H) ++ CHECK_LIBRARY_EXISTS(dl dlopen "" HAVE_LIBDL) ++ENDIF(HAVE_DLFCN_H) ++ ++ADD_DEFINITIONS( ++ -DLIGHTTPD_VERSION_ID=10400 ++ -DPACKAGE_NAME="\\"${CMAKE_PROJECT_NAME}\\"" ++ -DPACKAGE_VERSION="\\"${CPACK_PACKAGE_VERSION}\\"" ++ -DPACKAGE_BUILD_DATE="\\"-\\"" ++ ) ++ ++IF(NOT SBINDIR) ++ SET(SBINDIR "sbin") ++ENDIF(NOT SBINDIR) ++ ++IF(NOT LIGHTTPD_MODULES_DIR) ++ SET(LIGHTTPD_MODULES_DIR "lib${LIB_SUFFIX}/lighttpd") ++ENDIF(NOT LIGHTTPD_MODULES_DIR) ++ ++IF(NOT WIN32) ++ADD_DEFINITIONS( ++ -DLIBRARY_DIR="\\"${CMAKE_INSTALL_PREFIX}/${LIGHTTPD_MODULES_DIR}\\"" ++) ++ELSE(NOT WIN32) ++## We use relative path in windows ++ADD_DEFINITIONS( ++ -DLIBRARY_DIR="\\"lib\\"" ++) ++ENDIF(NOT WIN32) ++ ++## Write out config.h ++CONFIGURE_FILE(${CMAKE_CURRENT_SOURCE_DIR}/config.h.cmake ${CMAKE_CURRENT_BINARY_DIR}/config.h) ++ ++ADD_DEFINITIONS(-DHAVE_CONFIG_H) ++ ++INCLUDE_DIRECTORIES(${CMAKE_CURRENT_BINARY_DIR} ${CMAKE_CURRENT_SOURCE_DIR}) ++ ++SET(COMMON_SRC ++ buffer.c log.c ++ keyvalue.c chunk.c ++ http_chunk.c stream.c fdevent.c ++ stat_cache.c plugin.c joblist.c etag.c array.c ++ data_string.c data_count.c data_array.c ++ data_integer.c md5.c data_fastcgi.c ++ fdevent_select.c fdevent_linux_rtsig.c ++ fdevent_poll.c fdevent_linux_sysepoll.c ++ fdevent_solaris_devpoll.c fdevent_freebsd_kqueue.c ++ data_config.c bitset.c ++ inet_ntop_cache.c crc32.c ++ connections-glue.c ++ configfile-glue.c ++ http-header-glue.c ++ splaytree.c network_writev.c ++ network_write.c network_linux_sendfile.c ++ network_freebsd_sendfile.c ++ network_solaris_sendfilev.c network_openssl.c ++ status_counter.c ++) ++ ++IF(WIN32) ++ MESSAGE(STATUS "Adding local getopt implementation.") ++ SET(COMMON_SRC ${COMMON_SRC} xgetopt.c) ++ENDIF(WIN32) ++ ++ADD_EXECUTABLE(lemon lemon.c) ++ ++## Build parsers by using lemon... ++LEMON_PARSER(configparser.y) ++LEMON_PARSER(mod_ssi_exprparser.y) ++ ++SET(L_INSTALL_TARGETS) ++ ++ADD_EXECUTABLE(spawn-fcgi spawn-fcgi.c) ++SET(L_INSTALL_TARGETS ${L_INSTALL_TARGETS} spawn-fcgi) ++ ++ADD_EXECUTABLE(lighttpd ++ server.c ++ response.c ++ connections.c ++ network.c ++ configfile.c ++ configparser.c ++ request.c ++ proc_open.c ++ ${COMMON_SRC} ++) ++SET(L_INSTALL_TARGETS ${L_INSTALL_TARGETS} lighttpd) ++ ++ADD_AND_INSTALL_LIBRARY(mod_access mod_access.c) ++ADD_AND_INSTALL_LIBRARY(mod_accesslog mod_accesslog.c) ++ADD_AND_INSTALL_LIBRARY(mod_alias mod_alias.c) ++ADD_AND_INSTALL_LIBRARY(mod_auth "mod_auth.c;http_auth_digest.c;http_auth.c") ++IF(NOT WIN32) ++ADD_AND_INSTALL_LIBRARY(mod_cgi mod_cgi.c) ++ENDIF(NOT WIN32) ++ADD_AND_INSTALL_LIBRARY(mod_cml "mod_cml.c;mod_cml_lua.c;mod_cml_funcs.c") ++ADD_AND_INSTALL_LIBRARY(mod_compress mod_compress.c) ++ADD_AND_INSTALL_LIBRARY(mod_dirlisting mod_dirlisting.c) ++ADD_AND_INSTALL_LIBRARY(mod_evasive mod_evasive.c) ++ADD_AND_INSTALL_LIBRARY(mod_evhost mod_evhost.c) ++ADD_AND_INSTALL_LIBRARY(mod_expire mod_expire.c) ++ADD_AND_INSTALL_LIBRARY(mod_extforward mod_extforward.c) ++ADD_AND_INSTALL_LIBRARY(mod_fastcgi mod_fastcgi.c) ++ADD_AND_INSTALL_LIBRARY(mod_flv_streaming mod_flv_streaming.c) ++ADD_AND_INSTALL_LIBRARY(mod_indexfile mod_indexfile.c) ++ADD_AND_INSTALL_LIBRARY(mod_magnet "mod_magnet.c;mod_magnet_cache.c") ++ADD_AND_INSTALL_LIBRARY(mod_mysql_vhost mod_mysql_vhost.c) ++ADD_AND_INSTALL_LIBRARY(mod_proxy mod_proxy.c) ++ADD_AND_INSTALL_LIBRARY(mod_redirect mod_redirect.c) ++ADD_AND_INSTALL_LIBRARY(mod_rewrite mod_rewrite.c) ++ADD_AND_INSTALL_LIBRARY(mod_rrdtool mod_rrdtool.c) ++ADD_AND_INSTALL_LIBRARY(mod_scgi mod_scgi.c) ++ADD_AND_INSTALL_LIBRARY(mod_secdownload mod_secure_download.c) ++ADD_AND_INSTALL_LIBRARY(mod_setenv mod_setenv.c) ++ADD_AND_INSTALL_LIBRARY(mod_simple_vhost mod_simple_vhost.c) ++ADD_AND_INSTALL_LIBRARY(mod_ssi "mod_ssi_exprparser.c;mod_ssi_expr.c;mod_ssi.c") ++ADD_AND_INSTALL_LIBRARY(mod_staticfile mod_staticfile.c) ++ADD_AND_INSTALL_LIBRARY(mod_status mod_status.c) ++ADD_AND_INSTALL_LIBRARY(mod_trigger_b4_dl mod_trigger_b4_dl.c) ++ADD_AND_INSTALL_LIBRARY(mod_uploadprogress mod_uploadprogress.c) ++ADD_AND_INSTALL_LIBRARY(mod_userdir mod_userdir.c) ++ADD_AND_INSTALL_LIBRARY(mod_usertrack mod_usertrack.c) ++ADD_AND_INSTALL_LIBRARY(mod_webdav mod_webdav.c) ++ ++IF(HAVE_PCRE_H) ++ ADD_TARGET_PROPERTIES(lighttpd LINK_FLAGS ${PCRE_LDFLAGS}) ++ ADD_TARGET_PROPERTIES(lighttpd COMPILE_FLAGS ${PCRE_CFLAGS}) ++ ADD_TARGET_PROPERTIES(mod_rewrite LINK_FLAGS ${PCRE_LDFLAGS}) ++ ADD_TARGET_PROPERTIES(mod_rewrite COMPILE_FLAGS ${PCRE_CFLAGS}) ++ ADD_TARGET_PROPERTIES(mod_dirlisting LINK_FLAGS ${PCRE_LDFLAGS}) ++ ADD_TARGET_PROPERTIES(mod_dirlisting COMPILE_FLAGS ${PCRE_CFLAGS}) ++ ADD_TARGET_PROPERTIES(mod_redirect LINK_FLAGS ${PCRE_LDFLAGS}) ++ ADD_TARGET_PROPERTIES(mod_redirect COMPILE_FLAGS ${PCRE_CFLAGS}) ++ ADD_TARGET_PROPERTIES(mod_ssi LINK_FLAGS ${PCRE_LDFLAGS}) ++ ADD_TARGET_PROPERTIES(mod_ssi COMPILE_FLAGS ${PCRE_CFLAGS}) ++ ADD_TARGET_PROPERTIES(mod_trigger_b4_dl LINK_FLAGS ${PCRE_LDFLAGS}) ++ ADD_TARGET_PROPERTIES(mod_trigger_b4_dl COMPILE_FLAGS ${PCRE_CFLAGS}) ++ENDIF(HAVE_PCRE_H) ++ ++ADD_TARGET_PROPERTIES(mod_magnet LINK_FLAGS ${LUA_LDFLAGS}) ++ADD_TARGET_PROPERTIES(mod_magnet COMPILE_FLAGS ${LUA_CFLAGS}) ++ ++ADD_TARGET_PROPERTIES(mod_cml LINK_FLAGS ${LUA_LDFLAGS}) ++ADD_TARGET_PROPERTIES(mod_cml COMPILE_FLAGS ${LUA_CFLAGS}) ++ ++IF(HAVE_MYSQL_H AND HAVE_LIBMYSQL) ++ TARGET_LINK_LIBRARIES(mod_mysql_vhost mysqlclient) ++ INCLUDE_DIRECTORIES(/usr/include/mysql) ++ENDIF(HAVE_MYSQL_H AND HAVE_LIBMYSQL) ++ ++SET(L_MOD_WEBDAV) ++IF(HAVE_SQLITE3_H) ++ SET(L_MOD_WEBDAV ${L_MOD_WEBDAV} sqlite3) ++ENDIF(HAVE_SQLITE3_H) ++IF(HAVE_LIBXML_H) ++ SET_TARGET_PROPERTIES(mod_webdav PROPERTIES LINK_FLAGS ${XML2_LDFLAGS}) ++ENDIF(HAVE_LIBXML_H) ++IF(HAVE_UUID_H) ++ IF(NEED_LIBUUID) ++ SET(L_MOD_WEBDAV ${L_MOD_WEBDAV} uuid) ++ ENDIF(NEED_LIBUUID) ++ENDIF(HAVE_UUID_H) ++ ++TARGET_LINK_LIBRARIES(mod_webdav ${L_MOD_WEBDAV}) ++ ++SET(L_MOD_AUTH) ++IF(HAVE_LIBCRYPT) ++ SET(L_MOD_AUTH ${L_MOD_AUTH} crypt) ++ENDIF(HAVE_LIBCRYPT) ++ ++IF(HAVE_LDAP_H) ++ SET(L_MOD_AUTH ${L_MOD_AUTH} ldap lber) ++ENDIF(HAVE_LDAP_H) ++TARGET_LINK_LIBRARIES(mod_auth ${L_MOD_AUTH}) ++ ++IF(HAVE_ZLIB_H) ++ IF(HAVE_BZLIB_H) ++ TARGET_LINK_LIBRARIES(mod_compress ${ZLIB_LIBRARY} bz2) ++ ELSE(HAVE_BZLIB_H) ++ TARGET_LINK_LIBRARIES(mod_compress ${ZLIB_LIBRARY}) ++ ENDIF(HAVE_BZLIB_H) ++ENDIF(HAVE_ZLIB_H) ++ ++IF(HAVE_LIBFAM) ++ TARGET_LINK_LIBRARIES(lighttpd fam) ++ENDIF(HAVE_LIBFAM) ++ ++IF(HAVE_GDBM_H) ++ TARGET_LINK_LIBRARIES(mod_trigger_b4_dl gdbm) ++ENDIF(HAVE_GDBM_H) ++ ++IF(HAVE_MEMCACHE_H) ++ TARGET_LINK_LIBRARIES(mod_trigger_b4_dl memcache) ++ENDIF(HAVE_MEMCACHE_H) ++ ++IF(CMAKE_COMPILER_IS_GNUCC) ++ SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=gnu99 -Wall -g -Wshadow -W -pedantic") ++ SET(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE} -O2") ++ SET(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -O0") ++ SET(CMAKE_C_FLAGS_RELWITHDEBINFO "${CMAKE_C_FLAGS_WITHDEBINFO} -O2") ++ ADD_DEFINITIONS(-D_GNU_SOURCE) ++ENDIF(CMAKE_COMPILER_IS_GNUCC) ++ ++SET_TARGET_PROPERTIES(lighttpd PROPERTIES CMAKE_INSTALL_PREFIX ${CMAKE_INSTALL_PREFIX}) ++ ++IF(WIN32) ++ SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DNVALGRIND") ++ ADD_TARGET_PROPERTIES(lighttpd COMPILE_FLAGS "-DLI_DECLARE_EXPORTS") ++ TARGET_LINK_LIBRARIES(lighttpd ws2_32) ++ TARGET_LINK_LIBRARIES(mod_proxy ws2_32) ++ TARGET_LINK_LIBRARIES(mod_fcgi ws2_32) ++ TARGET_LINK_LIBRARIES(mod_scgi ws2_32) ++ TARGET_LINK_LIBRARIES(mod_ssi ws2_32) ++ ++ IF(MINGW) ++ TARGET_LINK_LIBRARIES(lighttpd msvcr70) ++ ADD_TARGET_PROPERTIES(lighttpd LINK_FLAGS "-Wl,-subsystem,console") ++ ENDIF(MINGW) ++ENDIF(WIN32) ++ ++IF(NOT BUILD_STATIC) ++ IF(HAVE_LIBDL) ++ TARGET_LINK_LIBRARIES(lighttpd dl) ++ ENDIF(HAVE_LIBDL) ++ENDIF(NOT BUILD_STATIC) ++ ++IF(HAVE_LIBSSL AND HAVE_LIBCRYPTO) ++ TARGET_LINK_LIBRARIES(lighttpd ssl) ++ TARGET_LINK_LIBRARIES(lighttpd crypto) ++ENDIF(HAVE_LIBSSL AND HAVE_LIBCRYPTO) ++ ++IF(NOT WIN32) ++INSTALL(TARGETS ${L_INSTALL_TARGETS} ++ RUNTIME DESTINATION ${SBINDIR} ++ LIBRARY DESTINATION ${LIGHTTPD_MODULES_DIR} ++ ARCHIVE DESTINATION ${LIGHTTPD_MODULES_DIR}/static) ++ELSE(NOT WIN32) ++## HACK to make win32 to install our libraries in desired directory.. ++INSTALL(TARGETS lighttpd ++ RUNTIME DESTINATION ${SBINDIR} ++ ARCHIVE DESTINATION lib/static) ++LIST(REMOVE_ITEM L_INSTALL_TARGETS lighttpd) ++INSTALL(TARGETS ${L_INSTALL_TARGETS} ++ RUNTIME DESTINATION ${SBINDIR}/lib ++ LIBRARY DESTINATION lib ++ ARCHIVE DESTINATION lib/static) ++ENDIF(NOT WIN32) +Index: src/mod_accesslog.c +=================================================================== +--- src/mod_accesslog.c (.../tags/lighttpd-1.4.20) (revision 2371) ++++ src/mod_accesslog.c (.../branches/lighttpd-1.4.x) (revision 2371) +@@ -540,8 +540,9 @@ + + return HANDLER_ERROR; + } ++#ifdef FD_CLOEXEC + fcntl(s->log_access_fd, F_SETFD, FD_CLOEXEC); +- ++#endif + } + + return HANDLER_GO_ON; +@@ -584,6 +585,9 @@ + + return HANDLER_ERROR; + } ++#ifdef FD_CLOEXEC ++ fcntl(s->log_access_fd, F_SETFD, FD_CLOEXEC); ++#endif + } + } + +Index: src/fdevent_linux_sysepoll.c +=================================================================== +--- src/fdevent_linux_sysepoll.c (.../tags/lighttpd-1.4.20) (revision 2371) ++++ src/fdevent_linux_sysepoll.c (.../branches/lighttpd-1.4.x) (revision 2371) +@@ -91,7 +91,7 @@ + if (e & EPOLLHUP) events |= FDEVENT_HUP; + if (e & EPOLLPRI) events |= FDEVENT_PRI; + +- return e; ++ return events; + } + + static int fdevent_linux_sysepoll_event_get_fd(fdevents *ev, size_t ndx) { +Index: src/log.c +=================================================================== +--- src/log.c (.../tags/lighttpd-1.4.20) (revision 2371) ++++ src/log.c (.../branches/lighttpd-1.4.x) (revision 2371) +@@ -146,6 +146,10 @@ + /* ok, new log is open, close the old one */ + close(srv->errorlog_fd); + srv->errorlog_fd = new_fd; ++#ifdef FD_CLOEXEC ++ /* close fd on exec (cgi) */ ++ fcntl(srv->errorlog_fd, F_SETFD, FD_CLOEXEC); ++#endif + } + } + Index: src/proc_open.c =================================================================== ---- src/proc_open.c (.../tags/lighttpd-1.4.20) (revision 2336) -+++ src/proc_open.c (.../branches/lighttpd-1.4.x) (revision 2336) +--- src/proc_open.c (.../tags/lighttpd-1.4.20) (revision 2371) ++++ src/proc_open.c (.../branches/lighttpd-1.4.x) (revision 2371) @@ -287,32 +287,33 @@ } /* }}} */ @@ -673,18 +1853,143 @@ Index: src/proc_open.c fprintf(stdout, "result: ->%s<-\n\n", out->ptr); fflush(stdout); Index: src/proc_open.h =================================================================== ---- src/proc_open.h (.../tags/lighttpd-1.4.20) (revision 2336) -+++ src/proc_open.h (.../branches/lighttpd-1.4.x) (revision 2336) +--- src/proc_open.h (.../tags/lighttpd-1.4.20) (revision 2371) ++++ src/proc_open.h (.../branches/lighttpd-1.4.x) (revision 2371) @@ -22,4 +22,4 @@ int proc_close(proc_handler_t *ht); int proc_open(proc_handler_t *ht, const char *command); -int proc_open_buffer(proc_handler_t *ht, const char *command, buffer *in, buffer *out, buffer *err); +int proc_open_buffer(const char *command, buffer *in, buffer *out, buffer *err); +Index: tests/mod-proxy.t +=================================================================== +--- tests/mod-proxy.t (.../tags/lighttpd-1.4.20) (revision 2371) ++++ tests/mod-proxy.t (.../branches/lighttpd-1.4.x) (revision 2371) +@@ -8,14 +8,24 @@ + + use strict; + use IO::Socket; +-use Test::More tests => 6; ++use Test::More tests => 9; + use LightyTest; + + my $tf_real = LightyTest->new(); + my $tf_proxy = LightyTest->new(); + + my $t; ++my $php_child = -1; + ++my $phpbin = (defined $ENV{'PHP'} ? $ENV{'PHP'} : '/usr/bin/php-cgi'); ++$ENV{'PHP'} = $phpbin; ++ ++SKIP: { ++ skip "PHP already running on port 1026", 1 if $tf_real->listening_on(1026); ++ skip "no php binary found", 1 unless -x $phpbin; ++ ok(-1 != ($php_child = $tf_real->spawnfcgi($phpbin, 1026)), "Spawning php"); ++} ++ + ## we need two procs + ## 1. the real webserver + ## 2. the proxy server +@@ -26,9 +36,9 @@ + $tf_proxy->{PORT} = 2050; + $tf_proxy->{CONFIGFILE} = 'proxy.conf'; + +-ok($tf_real->start_proc == 0, "Starting lighttpd") or die(); ++ok($tf_real->start_proc == 0, "Starting lighttpd") or goto cleanup; + +-ok($tf_proxy->start_proc == 0, "Starting lighttpd as proxy") or die(); ++ok($tf_proxy->start_proc == 0, "Starting lighttpd as proxy") or goto cleanup; + + $t->{REQUEST} = ( <{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200, 'Server' => 'Apache 1.3.29' } ]; + ok($tf_proxy->handle_http($t) == 0, 'drop Server from real server'); + ++SKIP: { ++ skip "no PHP running on port 1026", 1 unless $tf_real->listening_on(1026); ++ $t->{REQUEST} = ( <{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200, 'HTTP-Content' => '/some+test%3axxx%20with%20space' } ]; ++ ok($tf_proxy->handle_http($t) == 0, 'rewrited urls work with encoded path'); ++} ++ + ok($tf_proxy->stop_proc == 0, "Stopping lighttpd proxy"); + + ok($tf_real->stop_proc == 0, "Stopping lighttpd"); ++ ++SKIP: { ++ skip "PHP not started, cannot stop it", 1 unless $php_child != -1; ++ ok(0 == $tf_real->endspawnfcgi($php_child), "Stopping php"); ++ $php_child = -1; ++} ++ ++exit 0; ++ ++cleanup: ++ ++$tf_real->endspawnfcgi($php_child) if $php_child != -1; ++ ++die(); +Index: tests/CMakeLists.txt +=================================================================== +--- tests/CMakeLists.txt (.../tags/lighttpd-1.4.20) (revision 0) ++++ tests/CMakeLists.txt (.../branches/lighttpd-1.4.x) (revision 2371) +@@ -0,0 +1,34 @@ ++SET(T_FILES ++ prepare.sh ++ cachable.t ++ core-404-handler.t ++ core-condition.t ++ core-keepalive.t ++ core-request.t ++ core-response.t ++ core.t ++ core-var-include.t ++ lowercase.t ++ mod-access.t ++ mod-auth.t ++ mod-cgi.t ++ mod-compress.t ++ mod-extforward.t ++ mod-fastcgi.t ++ mod-proxy.t ++ mod-redirect.t ++ mod-rewrite.t ++ mod-secdownload.t ++ mod-setenv.t ++ mod-ssi.t ++ mod-userdir.t ++ request.t ++ symlink.t ++) ++ ++FOREACH(it ${T_FILES}) ++ ADD_TEST(${it} "${lighttpd_SOURCE_DIR}/tests/wrapper.sh" ++ "${lighttpd_SOURCE_DIR}/tests" ++ "${lighttpd_BINARY_DIR}" ++ "${lighttpd_SOURCE_DIR}/tests/${it}") ++ENDFOREACH(it) +Index: tests/SConscript +=================================================================== +--- tests/SConscript (.../tags/lighttpd-1.4.20) (revision 2371) ++++ tests/SConscript (.../branches/lighttpd-1.4.x) (revision 2371) +@@ -23,6 +23,7 @@ + mod-auth.t \ + mod-cgi.t \ + mod-compress.t \ ++ mod-compress.conf \ + mod-fastcgi.t \ + mod-redirect.t \ + mod-userdir.t \ Index: tests/mod-compress.conf =================================================================== --- tests/mod-compress.conf (.../tags/lighttpd-1.4.20) (revision 0) -+++ tests/mod-compress.conf (.../branches/lighttpd-1.4.x) (revision 2336) ++++ tests/mod-compress.conf (.../branches/lighttpd-1.4.x) (revision 2371) @@ -0,0 +1,32 @@ +debug.log-request-handling = "enable" +debug.log-response-header = "disable" @@ -720,8 +2025,8 @@ Index: tests/mod-compress.conf +compress.allowed-encodings = ( "gzip", "deflate" ) Index: tests/mod-fastcgi.t =================================================================== ---- tests/mod-fastcgi.t (.../tags/lighttpd-1.4.20) (revision 2336) -+++ tests/mod-fastcgi.t (.../branches/lighttpd-1.4.x) (revision 2336) +--- tests/mod-fastcgi.t (.../tags/lighttpd-1.4.20) (revision 2371) ++++ tests/mod-fastcgi.t (.../branches/lighttpd-1.4.x) (revision 2371) @@ -7,7 +7,7 @@ } @@ -755,10 +2060,47 @@ Index: tests/mod-fastcgi.t ok($tf->stop_proc == 0, "Stopping lighttpd"); } +Index: tests/mod-rewrite.t +=================================================================== +--- tests/mod-rewrite.t (.../tags/lighttpd-1.4.20) (revision 2371) ++++ tests/mod-rewrite.t (.../branches/lighttpd-1.4.x) (revision 2371) +@@ -8,7 +8,7 @@ + + use strict; + use IO::Socket; +-use Test::More tests => 8; ++use Test::More tests => 7; + use LightyTest; + + my $tf = LightyTest->new(); +@@ -35,7 +35,7 @@ + ); + $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200, 'HTTP-Content' => '' } ]; + ok($tf->handle_http($t) == 0, 'valid request'); +- ++ + $t->{REQUEST} = ( <{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200, 'HTTP-Content' => 'bar&a=b' } ]; + ok($tf->handle_http($t) == 0, 'valid request'); + +- $t->{REQUEST} = ( <{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200, 'HTTP-Content' => 'a=b' } ]; +- ok($tf->handle_http($t) == 0, 'valid request with url encoded characters'); +- + ok($tf->stop_proc == 0, "Stopping lighttpd"); + } + Index: tests/fastcgi-auth.conf =================================================================== ---- tests/fastcgi-auth.conf (.../tags/lighttpd-1.4.20) (revision 2336) -+++ tests/fastcgi-auth.conf (.../branches/lighttpd-1.4.x) (revision 2336) +--- tests/fastcgi-auth.conf (.../tags/lighttpd-1.4.20) (revision 2371) ++++ tests/fastcgi-auth.conf (.../branches/lighttpd-1.4.x) (revision 2371) @@ -89,6 +89,7 @@ "bin-path" => env.SRCDIR + "/fcgi-auth", "mode" => "authorizer", @@ -767,10 +2109,36 @@ Index: tests/fastcgi-auth.conf ) ) +Index: tests/proxy.conf +=================================================================== +--- tests/proxy.conf (.../tags/lighttpd-1.4.20) (revision 2371) ++++ tests/proxy.conf (.../branches/lighttpd-1.4.x) (revision 2371) +@@ -122,7 +122,8 @@ + url.redirect = ( "^/redirect/$" => "http://localhost:2048/" ) + + url.rewrite = ( "^/rewrite/foo($|\?.+)" => "/indexfile/rewrite.php$1", +- "^/rewrite/bar(?:$|\?(.+))" => "/indexfile/rewrite.php?bar&$1" ) ++ "^/rewrite/bar(?:$|\?(.+))" => "/indexfile/rewrite.php?bar&$1", ++ "^/rewrite/all(/.*)$" => "/indexfile/rewrite.php?$1" ) + + expire.url = ( "/expire/access" => "access 2 hours", + "/expire/modification" => "access plus 1 seconds 2 minutes") +Index: tests/Makefile.am +=================================================================== +--- tests/Makefile.am (.../tags/lighttpd-1.4.20) (revision 2371) ++++ tests/Makefile.am (.../branches/lighttpd-1.4.x) (revision 2371) +@@ -38,6 +38,7 @@ + mod-auth.t \ + mod-cgi.t \ + mod-compress.t \ ++ mod-compress.conf \ + mod-fastcgi.t \ + mod-redirect.t \ + mod-rewrite.t \ Index: tests/mod-compress.t =================================================================== ---- tests/mod-compress.t (.../tags/lighttpd-1.4.20) (revision 2336) -+++ tests/mod-compress.t (.../branches/lighttpd-1.4.x) (revision 2336) +--- tests/mod-compress.t (.../tags/lighttpd-1.4.20) (revision 2371) ++++ tests/mod-compress.t (.../branches/lighttpd-1.4.x) (revision 2371) @@ -8,12 +8,14 @@ use strict; @@ -802,10 +2170,24 @@ Index: tests/mod-compress.t + ok($tf->stop_proc == 0, "Stopping lighttpd"); +Index: doc/redirect.txt +=================================================================== +--- doc/redirect.txt (.../tags/lighttpd-1.4.20) (revision 2371) ++++ doc/redirect.txt (.../branches/lighttpd-1.4.x) (revision 2371) +@@ -39,3 +39,9 @@ + $HTTP["host"] =~ "^www\.(.*)" { + url.redirect = ( "^/(.*)" => "http://%1/$1" ) + } ++ ++Warning ++======= ++ ++Do NOT use mod_redirect to protect specific urls, as the original url passed from the client ++is matched against your rules, for example strings like "/abc/../xyz%2f/path". Index: doc/compress.txt =================================================================== ---- doc/compress.txt (.../tags/lighttpd-1.4.20) (revision 2336) -+++ doc/compress.txt (.../branches/lighttpd-1.4.x) (revision 2336) +--- doc/compress.txt (.../tags/lighttpd-1.4.20) (revision 2371) ++++ doc/compress.txt (.../branches/lighttpd-1.4.x) (revision 2371) @@ -6,13 +6,7 @@ Module: mod_compress -------------------- @@ -995,10 +2377,27 @@ Index: doc/compress.txt + + + +Index: doc/rewrite.txt +=================================================================== +--- doc/rewrite.txt (.../tags/lighttpd-1.4.20) (revision 2371) ++++ doc/rewrite.txt (.../branches/lighttpd-1.4.x) (revision 2371) +@@ -43,6 +43,12 @@ + The options ``url.rewrite`` and ``url.rewrite-final`` were mapped to ``url.rewrite-once`` + in 1.3.16. + ++Warning ++======= ++ ++Do NOT use mod_rewrite to protect specific urls, as the original url passed from the client ++is matched against your rules, for example strings like "/abc/../xyz%2f/path". ++ + Examples + ======== + Index: SConstruct =================================================================== ---- SConstruct (.../tags/lighttpd-1.4.20) (revision 2336) -+++ SConstruct (.../branches/lighttpd-1.4.x) (revision 2336) +--- SConstruct (.../tags/lighttpd-1.4.20) (revision 2371) ++++ SConstruct (.../branches/lighttpd-1.4.x) (revision 2371) @@ -5,7 +5,7 @@ from stat import * @@ -1010,8 +2409,8 @@ Index: SConstruct p = re.compile('[^A-Z0-9]') Index: Makefile.am =================================================================== ---- Makefile.am (.../tags/lighttpd-1.4.20) (revision 2336) -+++ Makefile.am (.../branches/lighttpd-1.4.x) (revision 2336) +--- Makefile.am (.../tags/lighttpd-1.4.20) (revision 2371) ++++ Makefile.am (.../branches/lighttpd-1.4.x) (revision 2371) @@ -1,4 +1,4 @@ -SUBDIRS=src doc tests cygwin openwrt +SUBDIRS=src doc tests @@ -1020,9 +2419,9 @@ Index: Makefile.am Index: NEWS =================================================================== ---- NEWS (.../tags/lighttpd-1.4.20) (revision 2336) -+++ NEWS (.../branches/lighttpd-1.4.x) (revision 2336) -@@ -3,8 +3,24 @@ +--- NEWS (.../tags/lighttpd-1.4.20) (revision 2371) ++++ NEWS (.../branches/lighttpd-1.4.x) (revision 2371) +@@ -3,8 +3,30 @@ NEWS ==== @@ -1042,22 +2441,33 @@ Index: NEWS + * Add possibility to disable methods in mod_compress (#1773) + * Fix duplicate connection keep-alive/transfer-encoding headers (#960) + * Fixed fix for round-robin in mod_proxy (forgot to increment the index) (#1715) ++ * Fix fastcgi-authorizer handling; Status: 200 is now accepted as the doc requests ++ * Compare address family in inet_ntop_cache ++ * Revert CVE-2008-4359 (#1720) fix "encoding+simplifying urls for rewrite/redirect": too many regressions. ++ * Use FD_CLOEXEC if possible (fixes #1821) ++ * Optimized buffer usage in mod_proxy (fixes #1850) ++ * Fix uninitialized value in time struct after strptime + +- 1.4.20 - 2008-09-30 + * Fix mod_compress to compile with old gcc version (#1592) * Fix mod_extforward to compile with old gcc version (#1591) * Update documentation for #1587 -@@ -52,7 +68,7 @@ - * decode url before matching in mod_rewrite (#1720) +@@ -49,10 +71,10 @@ + * allow digits in [s]cgi env vars (#1712) + * fixed dropping last character of evhost pattern (#161) + * print helpful error message on conditionals in global block (#1550) +- * decode url before matching in mod_rewrite (#1720) ++ * decode url before matching in mod_rewrite (#1720) -- (reverted for 1.4.21) * fixed conditional patching of ldap filter (#1564) - * Match headers case insensitive in response (removing of X-{Sendfile,LIGHTTPD-*}, catching Date/Server) +- * Match headers case insensitive in response (removing of X-{Sendfile,LIGHTTPD-*}, catching Date/Server) - * fixed bug with case-insensitive filenames in mod_userdir (#1589), spotted by "anders1" ++ * Match headers case insensitive in response (removing of X-{Sendfile,LIGHTTPD-*}, catching Date/Server) [2281] + * fixed bug with case-insensitive filenames in mod_userdir (#1589), spotted by "anders1" (CVE-2008-4360) * fixed format string bugs in mod_accesslog for SYSLOG * replaced fprintf with log_error_write in fastcgi debug * fixed mem leak in ssi expression parser (#1753), thx Take5k -@@ -62,9 +78,9 @@ +@@ -62,9 +84,9 @@ * fix splitting of auth-ldap filter * workaround ldap connection leak if a ldap connection failed (restarting ldap) * fix auth.backend.ldap.bind-dn/pw problems (only read from global context for temporary ldap reconnects, thx ruskie) @@ -1065,10 +2475,41 @@ Index: NEWS + * fix memleak in request header parsing (#1774, thx qhy) (CVE-2008-4298) * fix mod_rewrite memleak/endless loop detection (#1775, thx phy - again!) - * use decoded url for matching in mod_redirect (#1720) -+ * use decoded url for matching in mod_redirect (#1720) (CVE-2008-4359) ++ * use decoded url for matching in mod_redirect (#1720) (CVE-2008-4359) -- (reverted for 1.4.21) - 1.4.19 - 2008-03-10 +Index: CMakeLists.txt +=================================================================== +--- CMakeLists.txt (.../tags/lighttpd-1.4.20) (revision 0) ++++ CMakeLists.txt (.../branches/lighttpd-1.4.x) (revision 2371) +@@ -0,0 +1,26 @@ ++PROJECT(lighttpd C) ++ ++CMAKE_MINIMUM_REQUIRED(VERSION 2.4.0 FATAL_ERROR) ++ ++SET(CMAKE_MODULE_PATH ${CMAKE_SOURCE_DIR}/cmake) ++ ++INCLUDE(CTest) ++ ++ENABLE_TESTING() ++ ++SET(CPACK_PACKAGE_VERSION_MAJOR 2) ++SET(CPACK_PACKAGE_VERSION_MINOR 0) ++SET(CPACK_PACKAGE_VERSION_PATCH 0) ++ ++SET(CPACK_RESOURCE_FILE_LICENSE "${CMAKE_SOURCE_DIR}/COPYING") ++SET(CPACK_RESOURCE_FILE_README "${CMAKE_SOURCE_DIR}/README") ++SET(CPACK_PACKAGE_VENDOR "jan@kneschke.de") ++ ++SET(CPACK_SOURCE_GENERATOR "TGZ") ++SET(CPACK_SOURCE_IGNORE_FILES "/\\\\.;~$;/_;build/;CMakeFiles/;CMakeCache;gz$;Makefile\\\\.;trace;Testing/;foo;autom4te;cmake_install;CPack;\\\\.pem;ltmain.sh;configure;libtool;/config\\\\.;missing;autogen.sh;install-sh;Dart;aclocal;log$;Makefile$") ++ ++SET(CPACK_SOURCE_PACKAGE_FILE_NAME "${CMAKE_PROJECT_NAME}-${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSION_MINOR}.${CPACK_PACKAGE_VERSION_PATCH}") ++ ++ADD_SUBDIRECTORY(src build) ++#ADD_SUBDIRECTORY(doc) ++ADD_SUBDIRECTORY(tests) Property changes on: . ___________________________________________________________________ @@ -1078,11 +2519,10 @@ committer: Stefan Bühler properties: branch-nick: lighttpd-1.4.x - + timestamp: 2008-10-06 00:44:46.096999884 +0200 + + timestamp: 2008-12-18 23:23:05.487999916 +0100 committer: Stefan Bühler properties: branch-nick: lighttpd-1.4.x - rebase-of: stbuehler@web.de-20081005224446-yvb2zjumu0opxywc Modified: bzr:revision-id:v3-trunk0 - 1127 stbuehler@web.de-20080728081644-j4cxnhduw8kbt8um @@ -1198,5 +2638,19 @@ Modified: bzr:revision-id:v3-trunk0 1188 stbuehler@web.de-20081004160711-ygaohrecmutiqlla 1189 stbuehler@web.de-20081004211932-vq16u26mthbeed7d 1191 stbuehler@web.de-20081005224446-1bztt6zqrjh8w8fd +1192 stbuehler@web.de-20081012114652-ihgz590f0gl5gxpw +1193 stbuehler@web.de-20081012114716-jnzljhexi4z2gh92 +1195 stbuehler@web.de-20081016120614-kz39vxtz1pebho0o +1196 stbuehler@web.de-20081016121103-trug4hts0o62d1ut +1197 stbuehler@web.de-20081016121114-65quosenmso8frf8 +1198 stbuehler@web.de-20081016121421-xjjb7fb53pxu6odj +1199 stbuehler@web.de-20081205222033-6qok7y19pwp3kxm9 +1200 stbuehler@web.de-20081205222811-49izmzxui0y9ncq6 +1201 stbuehler@web.de-20081205233903-708beaujtf26gprx +1202 stbuehler@web.de-20081207151631-yv9bdf94zw83jxpv +1203 stbuehler@web.de-20081207151822-mhyg0gkedmttdqvd +1204 stbuehler@web.de-20081207151835-1m3yta2fjc4pgb8y +1205 stbuehler@web.de-20081218221139-w8los43bjbhy9urh +1206 stbuehler@web.de-20081218222305-5wz7000a62iqa81r -- 2.44.0