Project

General

Profile

1.4.46

2017-10-21

100%

62 issues   (62 closed — 0 open)

Release Info

  • Version: 1.4.46
  • Previous version: 1.4.45
  • Branch: 1.4
  • Status: stable
  • Release Purpose: bug fixes
  • Release manager: gstrauss
  • Released date: 2017-10-21

Important changes from 1.4.45

  • new modules: mod_openssl, mod_vhostdb, mod_wstunnel
  • new protocols: Upgrade: websocket, HAProxy PROXY, RFC7239 Forwarded
  • bug fixes

Downloads

Selected features

  • HTTP/1.1 Upgrade: websocket (mod_proxy, mod_cgi, and mod_wstunnel)
  • HTTP/1.1 Expect: 100-continue
  • proxy: HAProxy PROXY protocol (mod_extforward, mod_proxy)
  • proxy: RFC7239 Forwared HTTP extension (mod_extforward, mod_proxy)
  • proxy: basic host/URL header remapping to/from backend
  • config: resolve DNS names to first IP returned at lighttpd startup
  • config: allow overriding prior config values using :=
  • config: allow conditions on arbitrary HTTP request headers ($REQUEST_HEADER[])
  • new module: mod_openssl - isolate SSL/TLS code; cleaner abstractions
  • new module: mod_vhostdb* - framework for mass vhost via database backends
  • new module: mod_wstunnel - decode/encode websocket proto to/from backend
  • common code for dynamic backends; common features; better process management
  • numerous new directives for experimental new features

Bug Fixes

  • core: fix streaming response when client catches up to stream from backend
  • CGI: RFC3875 CGI local-redir strict adherence; local-redir disable dy default
  • BSD: use kqueue in level-triggered mode
  • fix triggered assert on HTTP chunked input
  • SSL: fix bidirectional streaming over SSL

Behavior Changes

  • mod_scgi binds to INADDR_LOOPBACK if no host is specified
    (prior behavior used INADDR_ANY)
    If lighttpd is spawning SCGI backend, default is now to limit exposure
    to localhost unless explicitly configured otherwise. This matches the
    behavior (since 2008) in mod_fastcgi.
  • core: mimetype.assign matches basename or longest extension(s) (".tar.gz"),
    not just any suffix match, if 16 or more entries
  • core: increase default server.max-keep-alive-requests from 16 to 100
  • proxy: add X-Forwarded-Host
  • openssl: ssl.read-ahead = "disable" default (safer for slow embedded systems)
  • mod_cgi cgi.local-redir = "disable" default
    (RFC3875 6.2.2 local-redir optimization added in lighttpd 1.4.40)
  • reproducible builds: omit __DATE__ and __TIME__ in lighttpd -h or lighttpd -v

Changes from 1.4.45

  • [TLS] mark code that uses -lcrypto but not -lssl
  • remove redundant calls to end-of-request hooks
  • [mod_mysql_vhost] remove dev debug code
  • [core] con interface for read/write; isolate SSL
  • [core] new plugin hooks to help isolate SSL
  • [mod_openssl] new module (preliminary layout)
  • [core] move network_open_file_chunk() to chunk.c
  • [mod_openssl] move openssl code into mod_openssl
  • [mod_openssl] move openssl config into mod_openssl
  • [core] move connection_read_cq() to connections.c
  • [mod_geoip] call from handle_request_env hook
  • [build] only mod_openssl depends on -lssl
  • [mod_auth] enable optional authz if extern authn (fixes #2481)
  • [mod_openssl] allow ssl.verifyclient on url paths (fixes #2245)
  • [core] do not emit req/response hdrs w/ blank val
  • [mod_setenv] directives to overwrite/remove hdrs (fixes #650, fixes #2295)
  • [mod_secdownload] new directives modify hash path (fixes #646, fixes #1904)
  • [core] move con throttling to connections-glue.c
  • [core] support Expect: 100-continue with HTTP/1.1 (fixes #377, #1017, #1953, #2438)
  • [mod_openssl] use TLS SNI to set host-based certs
  • [mod_ssi] send #exec cmd="..." output to temp file
  • [mod_scgi] tests/mod-scgi.t unit tests
  • [mod_auth] support LDAP groups for HTTP auth (fixes #1817)
  • [core] use getaddrinfo,inet_pton vs gethostbyname (fixes #2783)
  • [mod_auth] LDAP escape username in DN and filters
  • mod_vhostdb* (dbi,mysql,pgsql,ldap) (fixes #485, fixes #1936, fixes #2297)
  • [mod_auth] have LDAP template replace '?'
  • apply debian/patches/spelling.patch
  • [core] permit connection-level state in modules
  • [TLS] include <openssl/opensslv.h> in rand.c
  • [core] config match w/ arbitrary HTTP request hdrs (fixes #1556)
  • [mod_flv_streaming] add end pos param (fixes #1887)
  • [core] X-LIGHTTPD-KBytes-per-second from backends (fixes #954)
  • [core] improve accuracy of bandwidth write limits
  • [core] quicker graceful shutdown
  • [tests] remove unused file depending on CGI.pm
  • [doc] doc/initscripts.txt (fixes #2782)
  • [core] check issetugid() early in main()
  • [core] combine duplicated getrlimit, network_init
  • [core] move interval timer near worker event loop
  • [core] initialize globals at top of main()
  • [core] graceful restart with SIGUSR1 (fixes #2785)
  • [mod_authn_mysql] fix minor memleak at shutdown
  • [mod_rrdtool] no error if loaded but no config
  • [doc] SIGUSR1 doc and lighttpd-angel SIGUSR1
  • [mime.conf] add text/markdown to utf-8 list, regenerate mime.conf
  • [mod_cgi] RFC3875 CGI local-redir strict adherence (#2108)
  • [mod_cgi] do not send "Status" back to client
  • [core] add label for 308 Permanent Redirect
  • [mod_openssl] inherit ssl.* from global scope
  • [core] handle if backend sends Transfer-Encoding (#2786)
  • [core] use kqueue in level-triggered mode (fixes #2788)
  • [mod_fastcgi,mod_scgi] backend spawn EINTR retry (#2788)
  • [core] config opt to intercept dynamic handler err (fixes #974)
  • [core] set default server_tag in server.c
  • [core] include lighttpd vers in server started msg
  • [core] move version.h logic into server.c
  • [core] issue trace if max-fds too large (fixes #2789)
  • [mod_fastcgi,mod_scgi] consistent waitpid handling (fixes #2791)
  • [mod_cgi] fix CGI local-redir w/ url.rewrite-once (fixes #2793)
  • [mod_scgi] fix unused_procs bidirectional-links
  • [mod_scgi] fix potential repeated use of proc->id
  • [mod_fastcgi,mod_scgi] consolidate backend process accounting (#2788)
  • [mod_cgi] status 200 OK if no hdrs (deprecated) (#2786)
  • [core] fix regex condition subst w/ mod_extforward (fixes #2794)
  • [tests] correct skip count for mod-scgi.t
  • [mod_vhostdb_ldap] fix inverted logic (coverity)
  • [mod_cgi] cgi.local-redir = [enable|disable] (#2108, #2793)
  • [core] $REQUEST_HEADER[...] subsumes other config (#1556)
  • [mod_usertrack] usertrack.cookie-attrs config opt (fixes #2795)
  • [core] default server.max-fds=4096 if unspecified (#2789)
  • update .gitignore, add .gitattributes
  • [core] reduce con allocation for small max_conns
  • [config] more specific checks for array lists
  • [mod_authn_gssapi] needs -lcom_err under cygwin
  • [mod_cgi,fastcgi,scgi,proxy] fix streaming response (fixes #2796)
  • [mod_auth] Digest nonce on system with time <=1978
  • [doc] simple-vhost.debug takes an integer value (fixes #2797)
  • [core] fix crash if invalid config file (fixes #2798)
  • [core] remove unused member con->in_joblist
  • [mod_proxy] remove use of con->got_response
  • [core] consolidate dynamic handler response parse
  • [core] remove now-unused buffer_search_string_len
  • [mod_cgi] eliminate warning when compiled -Os
  • [mod_scgi] do not reconnect after connect succeeds
  • [tests] reduce time waiting for backends to start
  • [core] server.syslog-facility (fixes #2800)
  • [core] server.syslog-facility (use -1 for unset) (#2800)
  • [core] allow overriding prior config values (fixes #2799)
  • [mod_proxy] set Content-Length, if available
  • [mod_proxy] set X-Forwarded-Host (fixes #418)
  • [core] remove redundant Content-Length digit check
  • [core] remove some unused header includes
  • [core] use con->dst_addr_buf instead of ip recalc
  • [core] include "fdevent.h" where needed
  • [core] make stat_cache private to stat_cache.c
  • [core] collect ioctl FIONREAD code
  • [core] include <netdb.h> where needed
  • [core] report file path when mkstemp() fails (fixes #2802)
  • [core] export http_request_host_policy() for reuse
  • [mod_extforward] simplify header search
  • [mod_extforward] consolidate ipstr_to_sockaddr()
  • [mod_extforward] upd scheme after ipstr validated
  • [mod_extforward] rearrange code; prep Forwarded
  • [mod_extforward] support Forwarded HTTP Extension (#2703)
  • [mod_proxy] support Forwarded HTTP Extension (fixes #2703)
  • [core] inet_pton(), inet_ntop() on (sock_addr *)
  • [core] save connection-level proto in con->proto
  • [mod_extforward] support HAProxy "PROXY" protocol (fixes #2804)
  • [mod_extforward] fix typos in Forwarded handling
  • [core] fix stat_cache initialization error
  • [core] perf: stat_cache_mimetype_by_ext()
  • [core] inet_ntop_cache now 4-element cache
  • [mod_openssl] free local_send_buffer at exit
  • [core] extend mimetype search w/o leading '.'
  • [core] no SOCK_CLOEXEC on Linux kernel < 2.6.27
  • [core] inline simple buffer is empty checks
  • [core] buffer_substr_replace()
  • [core] sys-strings.h abstraction for strings.h
  • [mod_proxy] fix backslash escaping
  • [core] omit default port from normalized host str
  • [core] fix build issue without ipv6 support
  • [core] permit strings and integers in config array
  • [mod_accesslog] flag high precision ts for %T (fixes #2807)
  • [core] permit strings,ints,arrays in config array
  • [core] calloc plugin_config for consistent init
  • [mod_proxy] simple host/url mapping in headers (fixes #152)
  • [mod_uploadprogress] handle query str progress ID (fixes #2808)
  • [mod_fastcgi] consolidate backend read code
  • [mod_proxy,mod_scgi] fix truncated error trace
  • [core] skip socket shutdown() if con->fd negative
  • [core] act as transparent proxy after con Upgrade
  • [core] remove redundant resets of fde_ndx
  • [core] configparser: fix resource handling in error cases (fixes #2809)
  • [core] fix crash for invalid syntax in config file (fixes #2810)
  • [core] prep mod transitions to transparent proxy
  • [mod_proxy] basic support for Upgrade: websocket (fixes #2811)
  • [mod_extforward] compile on OSX
  • [core] set server.max-keep-alive-requests = 100 (fixes #2205)
  • [core] perf: skip redundant strlen() if len known
  • [core] optional condition in config "else" clause (fixes #1268)
  • [mod_cgi] basic support for Upgrade: websocket
  • [core] buffer to disk streaming to slow backends
  • [core] silence compiler warnings if !HAVE_FORK
  • [build] -Werror if --enable-extra-warnings=error
  • [build] autotools use AC_PROG_CC_STDC macro
  • [mod_openssl] ssl.ca-crl-file for CRL (fixes #2319)
  • [mod_openssl] ssl.ca-dn-file (fixes #2694)
  • [mod_proxy] fix typo identified by coverity
  • [mod_openssl] ignore client verification error if not enforced
  • [mod_openssl] fix compile with openssl 1.1.0
  • [mod_extforward] quiet clang compiler warning
  • [mod_dirlisting] sort "../" to top of names
  • [mod_openssl] safer_X509_NAME_oneline() (fixes #2693)
  • [core] allow earlier plugin init for SSL/TLS
  • [mod_openssl] adjust use of ssl.ca-dn-file
  • [core] fix compiler warnings on Mac OS X
  • [core] server.socket-perms to set perms on unix (fixes #656)
  • [core] get port from sock_addr if AF_INET,AF_INET6
  • [core] server.error_handler_404 X-Sendfile ENOENT (#2474)
  • [core] consolidate fork()/execve() code (#1393)
  • [core] mv log_error_{open,cycle.close} to server.c
  • [core] rename fd_close_on_exec()
  • [core] remove unused includes of stat_cache.h
  • [core] add missing include of stdlib.h
  • [core] reduce exposure of unistd.h, other includes
  • [core] sock_addr_from_str_hints reusable name res
  • [core] continue collecting use of netdb.h
  • [core] continue collecting use of netdb.h
  • [core] continue collecting use of netdb.h
  • [core] fdevent_connect_status() shared code
  • [core] add const to reduce .data segment size
  • [mod_proxy] move data_fastcgi into mod_proxy.c
  • [mod_proxy] store address family at config time
  • [mod_fastcgi] slightly simplify counters
  • [mod_fastcgi] consolidate connect() error handling
  • [mod_fastcgi] set request_id in fcgi_create_env()
  • [mod_fastcgi] move delayed connect() into switch()
  • [mod_fastcgi,mod_scgi] consistent connect() error
  • [mod_scgi] remove unused parse_response member
  • [mod_fastcgi,mod_scgi] struct member consistency
  • [mod_fastcgi,mod_scgi] parse bin_path at startup
  • [mod_fastcgi,mod_scgi] use temp buffer for cgi_env
  • [core] shared code for socket backends
  • [core] spread load on socket backend procs
  • [core] store sockaddr for socket backend procs
  • [core] resolve DNS at startup for socket backends
  • [core] adaptive spawning for socket backend procs (fixes #1162)
  • quell compiler warnings for -Wimplicit-fallthrough
  • [doc] update README
  • [core] fdevent_cycle_logger()
  • [core] reap lighttpd worker pids precisely
  • [core] restart piped loggers if they exit (fixes #1393)
  • [mod_webdav] PROPFIND getetag attr must match GET
  • [core] consistent behavior w/ and w/o SA_SIGINFO
  • [core] do not remove pid-file in test mode
  • [core] add public domain SHA1 if no crypto
  • [mod_wstunnel] websocket tunnel to other protocol
  • [core] forward SIGHUP only to lighttpd workers
  • [mod_dirlisting] treat README and HEADER as paths (fixes #2818)
  • [core] set one-shot mode fd O_NONBLOCK, FD_CLOEXEC
  • [core] remove fdevent fcntl_set hook
  • [mod_extforward] typo in comment
  • [mod_cgi] add missing #include
  • [core] fix invalid sizeof() identified by coverity
  • [core] add missing #include
  • [core] base_decls.h to quiet compiler warnings
  • [core] set socket perms after bind, before listen
  • [core] warn if backend server config contains '_'
  • [mod_extforward] PROXY proto and SSL_CLIENT_VERIFY
  • [core] workaround for AIX mmap define
  • [mod_accesslog] flush access logs every 4 seconds
  • [mod_cgi] fix bug to properly exec interpreter
  • [mod_fastcgi] fix return when streaming min buffer
  • [core] attempt to quiet coverity false positives
  • [core] attempt to quiet coverity false positives
  • [core] attempt to quiet compiler warning in LEDE
  • [core] SIGCHLD handle_waitpid hook for modules
  • [mod_rrdtool] handle_trigger returns HANDLER_GO_ON
  • [mod_openssl] ssl.read-ahead="disable" for stream
  • [mod_cgi] add FDEVENT_IN upon CGI exit
  • [mod_cgi] omit cgi_handle_fdevent after proc exit
  • [mod_webdav] check HAVE_UUID for -luuid
  • [core] adjust li_rand_pseudo* interfaces
  • [mod_wstunnel] fix config parsing bug
  • [core] fdevent setsockopt() helper functions
  • [core] make strftime_cache_get() 16-element cache
  • [core] disable Nagle if streaming to backend
  • [core] fix triggered assert on HTTP chunked input (fixes #2822)
  • [mod_wstunnel] fix NULL ptr deref
  • [algo_sha1] fix compile break and warnings
  • [lemon] fix gcc implicit-fallthrough warning
  • [core] URI scheme is case-insensitive
  • [network] do not append port to unix socket paths
  • [unittests] consolidate base64 test code
  • [core] use sun_path for addr string for AF_UNIX (fixes #2826)
  • [core] cleaner code; remove goto from network.c
  • [core] /dev/stdin listener for inetd wait yes
  • [core] compare listen addrs after DNS resolution
  • [core] inline chunkqueue_is_empty()
  • [core] limit use of TCP_CORK
  • [core] return from http_response_read if small rd
  • [core] gateways might Upgrade con before body read
  • [mod_wstunnel] set Sec-WebSocket-Protocol if bin
  • [mod_wstunnel] remove invalid appended '\0'
  • [core] quiet coverity warning
  • [core] handle fds pending close after poll timeout (fixes #2827)
  • [core] fix $REQUEST_HEADER[...] parsing in config (#1556)
  • [mod_dirlisting] custom js date parse func (fixes #2823)
  • [core] remove fd interest if create_env returns
  • [mod_openssl] copy data for larger SSL packets
  • [mod_openssl] remove erroneous SSL_set_shutdown()
  • [core] permit LF to end lines if !header-strict
  • [core] add back REQUEST_SCHEME for backends
  • [core] remove fdevent_sched_run from fdevent_libev (#2827)
  • [mod_openssl] ssl.read-ahead="disable" by default
  • [core] adjust parser for valid variable expansion
  • [cmake] handle WITH_WEBDAV_LOCKS option
  • [cmake] fix attr header detection and linking
  • [cmake] link mod_cml with memcached
  • [core] reproducible build: hide __DATE__ __TIME__ (fixes #2828)
  • [core] perf: more efficient fdevent_sched_run()
  • [core] translate DNS to IP str for cond socket cmp

External references

Issues by
Bug

22/22

Feature

40/40