Project

General

Profile

Actions

Release Info

  • Version: 1.4.74
  • Previous version: 1.4.73
  • Branch: 1.4
  • Status: stable
  • Release Purpose: bug fixes
  • Release manager: gstrauss
  • Released date: 2024-02-19

Important changes from 1.4.73

  • bugs fixes, portability, expand CI

Downloads

Behavior Changes

  • Some messages sent to syslog() (if enabled in lighttpd config) have been
    changed to use different priorities (e.g. LOG\_WARNING, LOG\_DEBUG) instead
    of everything being sent with LOG\_ERROR priority. The change affects only
    lighttpd configs which set server.errorlog-use-syslog = "enable" (not default)
  • Use sendfile() with musl libc; fix build detection of sendfile() w/ musl libc
    Please report any issues, though any issues are unexpected since
    lighttpd falls back to writev() if sendfile() fails.

Future Scheduled Behavior Changes (for the next lighttpd release)

  • TLS cipher defaults will be incrementally updated to stronger defaults
    Proposed defaults are forward-secret and support authenticated encryption (AEAD)
    Proposed defaults: openssl ciphers 'EECDH+AESGCM:CHACHA20:!PSK:!DHE'
    Current defaults: openssl ciphers 'EECDH+AESGCM:AES256+EECDH:CHACHA20:!SHA1:!SHA256:!SHA384'
    Little or no impact is expected for lighttpd configs already using lighttpd TLS defaults
    (and supported clients, i.e. those which have not already reached end-of-life).
    Reference: https://developers.cloudflare.com/ssl/reference/cipher-suites/recommendations/
  • mod\_redirect: default url.redirect-code for HTTP/1.1 and later will be
    changed from 301 Moved Permanently to 308 Permanent Redirect
    (only if url.redirect is not explicitly set in lighttpd.conf)
    RFC7538: https://datatracker.ietf.org/doc/html/rfc7538
    (published almost 9 years ago)

Future Scheduled Behavior Changes (2025)

  • lighttpd TLS defaults will change to MinProtocol TLSv1.3
    Other configurations will still be supported, but will not be the default.
    Proposed default: MinProtocol TLSv1.3
    Current default: MinProtocol TLSv1.2

Changes from 1.4.73

  • [mod_h2] send 500 if backend oversized resp hdrs
  • [mod_h2] h2_send_1xx() lowercase field names (fixes #3233)
  • [mod_dirlisting] smaller funcs to generate listing
  • [mod_dirlisting] dir-listing.sort option (#3235)
  • [mod_dirlisting] check for response stream bufmin
  • [core] skip SIGUSR1 after clock jump if chroot'ed
  • [mod_deflate] move bzip2 to end of priority list
  • [mod_deflate] deflate.allowed-encodings default
  • [core] cfg "if","elif","elsif","elseif","else if"
  • [lemon] refresh LEMON parser to SQLite maint ver
  • [core] add newlines to config parsing error trace
  • [ls-hpack] sys/queue.h portability
  • [scons] remove -std=gnu99 to use modern defaults
  • [multiple] share code for upgrade: websocket
  • [core] check for SOCK_CLOEXEC earlier in startup
  • [autotools] report if ipv6 support disabled (fixes #3237)
  • [core] simpler error page header
  • [mod_status] simpler status page header
  • [h2] quicker server graceful shutdown of idle h2
  • [mod_openssl] kTLS: check for kernel tls offload
  • [mod_gnutls] kTLS: check for kernel tls offload
  • [core] quicker server graceful shutdown of websockets
  • [build] -D_LARGEFILE64_SOURCE for musl sendfile64()
  • [mod_setenv] code consistency
  • [mod_expire] resp tag check
  • [mod_expire] comment
  • [core] use SF_NODISKIO with sendfile() on FreeBSD
  • [core] chunk_file_pread_chunk()
  • [mod_deflate] prefer reusable buffer to read file
  • [core] reduce blocking I/O sending files to net
  • [core] reduce network send file fallback path
  • [core] try mmap() if not using sendfile()
  • [mod_wolfssl] mod_wolfssl_write_err()
  • [multiple] extend chunkqueue_peek_data() w/ nowait
  • [core] preadv2 RWF_NOWAIT EOPNOTSUPP on tmpfs (?!)
  • [build] type error in configure.ac sendfile probe (fixes #3238)
  • [core] update ls-hpack
  • [ls-hpack] sys/queue.h STAILQ_FOREACH portability
  • [core] chunk_open_file_chunk() in chunk.h
  • [multiple] use chunk_open_file_chunk()
  • [core] remove chunkqueue_open_file_chunk()
  • [core] use sendfile() with iovecs where available
  • [scons] remove CheckFunc() incorrect header usage
  • [core] spelling in comment in network_write.c
  • [cmake] check for sendfile64 only on Linux
  • [core] quiet compiler warning for NDEBUG redefined
  • [autoconf] config test for mbedtls needs mbedx509
  • [mod_h2] add con to job queue when wr alloc used
  • [mod_h2] use different flag for disk I/O busy
  • [crypto] use evp api for truncated sha-2 with libressl
  • [mod_expire] smaller options parse func
  • [mod_expire] check modification time to cur time
  • [tests] t/test_mod_expire.c
  • [tests] add mod_expire tests to tests/request.t
  • [core] log trace with priority for syslog() (#3239)
  • [core] avoid preprocessor use inside macros
  • [core] log_pri() and log_pri_multiline() (#3239)
  • [build] remove checks for sendfile64
  • [tests] clean up memleak on test exit
  • [build] quiet compiler warnings in LEMON parser
  • [core] simplify connection_handle_write() err case
  • [core] gw_host_get shared code
  • [doc] update doc/config/conf.d/mime.conf
  • [core] combine *BSD cond handling 0-len FILE_CHUNK
  • [meson] portability improvements
  • [core] DragonflyBSD portability
  • [tests] quiet compiler warning
  • [ci] enable github CI
  • [ci] adjust .github/workflows/meson.yml
  • [ci] quiet msys-clang32 stdcall compiler warning
  • [ci] #undef _XOPEN_SOURCE on Solaris
  • [core] fix recent solaris typo; compile failure
  • [ci] _WIN32 portability
  • [cmake,meson] skip tests/* under native Windows
  • [tests] support platforms without cp -n
  • [ci] cmake did not detect inet_pton on x86 _WIN32
  • [ci] use latest GCC and clang
  • [ci] adjust .github/workflows/meson.yml
  • [ci] further simplify
  • [ci] adjust NetBSD,OpenBSD tests .github/workflows
  • [ci] add Windows-VisualStudio to .github/workflows
  • [ci] add Solaris (disabled) to .github/workflows
  • [ci] add Windows-MSYS2 to .github/workflows
  • [ci] rename .github/workflows/meson.yml to pr.yml
  • [tests] adjust shell syntax in tests/prepare.sh
  • [tests] test_mod stub funcs for static builds
  • [ci] adjust Windows tests in .github/workflows
  • [mod_authn_dbi,mod_vhostdb_dbi] check for <dbi.h>
  • [ci] tailor scripts/ci-build.sh for FreeBSD
  • [ci] use set -e in .github/workflows run commands
  • [debug] debug.log-timeouts for all timeout logging
  • [debug] use log_debug_multiline() (#3239)
  • [debug] use log_debug() instead of log_error() (#3239)
  • [multiple] use log_warn() for config warnings (#3239)
  • [core] use log_warn(),log_notice(),log_info() (fixes #3239)
  • [ls-hpack] compat include of <sys/queue.h>
  • [tests] skip deflate tests if zlib not available
  • [core] ignore cc -Wcpp warning for <sys/cdefs.h>
  • [ci] mechanism to disable wolfssl in ci-build.sh
  • [ci] use Alpine Linux VMs to test additional arch
  • [ci] skip 32-bit builds on Windows; save resources
  • [tests] skip shutdown(SHUT_WR) in tests on s390x
  • [ci] add s390x arch
  • [meson] replace deprecated meson.build_root() use
  • [ci] x86_64 and x86 featureful builds on ubuntu
  • [ci] add x86_64 cmake ASAN build on ubuntu
  • [ci] ci-build.sh add some NO_* options
  • [ci] add Windows-Cygwin build
  • [ci] fail fast if x86 build fails on alpine
  • [ci] reduce some builds while maintaining coverage
  • [ci] remove config not actually running x86 ubuntu
  • [ci] more featureful build on macOS
  • [doc] cert-staple.sh check staple newer than cert
  • [ci] pr.yml format consistency
  • [tests] remove repeated file in prepare.sh cp
  • [wolfssl] renamed SSL_OP_NO_TICKET
  • [ci] more featureful build on NetBSD
  • [mod_authn_gssapi] ifndef GSS_KRB5_NT_PRINCIPAL_NAME
  • [build] check 'lua54' before other lua variants
  • [ci] OpenBSD CFLAGS LDFLAGS PKG_CONFIG_LIBDIR
  • [ci] more featureful build on OpenBSD
  • [ci] use bash on DragonflyBSD instead of csh
  • [ci] special-cases for running tests under MSYS2
  • [ci] basic build and run tests under MSYS2
  • [tests] remove stray comment from test_mod_expire
  • [ci] ci-build.sh NO_DBI option
  • [ci] ci-build.sh NO_UUID option
  • [ci] ci-build.sh NO_GNUTLS option
  • [ci] ci-build.sh NO_MYSQL option
  • [core] _WIN32 define PROT_WRITE to PAGE_READWRITE
  • [mod_authn_sasl] use HOSTNAME for fqdn on _WIN32
  • [ci] more featureful build on MSYS2
  • [mod_authn_sasl] fix typo
  • [ci] use cygwin test repos for latest packages
  • [ci] vmactions usesh: true
  • [ci] fix cmake generator path for MSVC
  • [mod_wstunnel] read and discard HTTP/1.1 req body
  • [core] use log_notice() for conn limit notice (#3239)
  • [core] gw_upgrade_policy() shared code
  • [mod_wstunnel] handle large kernel socket recv buf
  • [core] stat_cache.c replace assert w/ error codes
  • [core] remove dev assert in http_chunk_append_mem
  • [core] ck_static_assert()
  • [core] remove asserts from gw_status_get_counter()
  • [core] configparser.y combine assert, remove debug
  • [core] remove assert from sock_addr.c
  • [mod_fastcgi] check env w/ cond instead of assert
  • [core] shared code chunkqueue_close_tempchunk()
  • [core] buffer.c combine asserts
  • [core] array require nonnull for insert,replace
  • [core] li_tohex*() no longer adds '\0'
  • [core] accept 65536 in config for ushort values
  • [ci] add missing intermediate dep for Cygwin
  • [core] clarify configfile parse comment
  • [core] fix crash with invalid lighttpd.conf syntax
  • [core] lighttpd.conf detect,err if consecutive str
  • [mod_magnet] lighty.r.req_body.unspecified_len
  • [mod_proxy] handle HTTP/1.0 unspecified req len
  • [core] unset Upgrade if downgrade HTTP/1.1 to 1.0
  • [mod_magnet] interface to downgrade HTTP/1.1 to 1.0
  • [mod_magnet] expand guidance in error message (#3240)
  • [debug] use log_debug() instead of log_error() (#3239)
  • [mod_wstunnel] use log_warn(),log_notice(),log_info() (#3239)
  • [multiple] gw_backend_error_trace() (fixes #1406)
  • [mod_webdav] webdav_uuid_v4() to supplant libuuid (#1056)
  • [build] remove libuuid dependency (fixes #1056)
  • [mod_wstunnel] quiet coverity warning
  • [doc] fix typos in doc/config/lighttpd.conf
  • [mod_h2] send 502 if backend oversized resp hdrs

External references

Updated by gstrauss 10 months ago · 1 revisions