potential tempfile corruption when streaming response
When streaming response (not the default in lighttpd 1.4.40 - 1.4.43), it is possible to partially send a tempfile to client which is then subsequently updated with more data from backend. However, the position in the file was not updated, so this could result in corruption of the response.
Further discussion in https://redmine.lighttpd.net/boards/3/topics/6884
[core] fix potential streaming tempfile corruption (fixes #2760)
set O_APPEND after mkstemp() in chunk.c (mkostemp() is not as portable)
(also set FD_CLOEXEC to avoid potentially leaking open tempfiles to CGI)
(thx dieter.ro for helping track this down)
Also available in: Atom