1.4.46
closedRelease Info¶
- Version: 1.4.46
- Previous version: 1.4.45
- Branch: 1.4
- Status: stable
- Release Purpose: bug fixes
- Release manager: gstrauss
- Released date: 2017-10-21
Important changes from 1.4.45¶
- new modules: mod_openssl, mod_vhostdb, mod_wstunnel
- new protocols: Upgrade: websocket, HAProxy PROXY, RFC7239 Forwarded
- bug fixes
Downloads¶
- https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.46.tar.gz
- GPG signature: https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.46.tar.gz.asc
- SHA256:
17025112e02eab13855e83288bdc9d1174b301dcc65a8d2cf911cdcaa9480553
- https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.46.tar.xz
- GPG signature: https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.46.tar.xz.asc
- SHA256:
a2abfc9752992ae3260209f9c4228e7511af4ae12d5fca5e9463234e9e2b47ee
- SHA256 checksums: https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.46.sha256sum
Selected features¶
- HTTP/1.1 Upgrade: websocket (mod_proxy, mod_cgi, and mod_wstunnel)
- HTTP/1.1 Expect: 100-continue
- proxy: HAProxy PROXY protocol (mod_extforward, mod_proxy)
- proxy: RFC7239 Forwared HTTP extension (mod_extforward, mod_proxy)
- proxy: basic host/URL header remapping to/from backend
- config: resolve DNS names to first IP returned at lighttpd startup
- config: allow overriding prior config values using :=
- config: allow conditions on arbitrary HTTP request headers ($REQUEST_HEADER[])
- new module: mod_openssl - isolate SSL/TLS code; cleaner abstractions
- new module: mod_vhostdb* - framework for mass vhost via database backends
- new module: mod_wstunnel - decode/encode websocket proto to/from backend
- common code for dynamic backends; common features; better process management
- numerous new directives for experimental new features
Bug Fixes¶
- core: fix streaming response when client catches up to stream from backend
- CGI: RFC3875 CGI local-redir strict adherence; local-redir disable dy default
- BSD: use kqueue in level-triggered mode
- fix triggered assert on HTTP chunked input
- SSL: fix bidirectional streaming over SSL
Behavior Changes¶
- mod_scgi binds to INADDR_LOOPBACK if no host is specified
(prior behavior used INADDR_ANY)
If lighttpd is spawning SCGI backend, default is now to limit exposure
to localhost unless explicitly configured otherwise. This matches the
behavior (since 2008) in mod_fastcgi. - core: mimetype.assign matches basename or longest extension(s) (".tar.gz"),
not just any suffix match, if 16 or more entries - core: increase default server.max-keep-alive-requests from 16 to 100
- proxy: add X-Forwarded-Host
- openssl: ssl.read-ahead = "disable" default (safer for slow embedded systems)
- mod_cgi cgi.local-redir = "disable" default
(RFC3875 6.2.2 local-redir optimization added in lighttpd 1.4.40) - reproducible builds: omit
__DATE__
and__TIME__
in lighttpd -h or lighttpd -v
Changes from 1.4.45¶
- [TLS] mark code that uses -lcrypto but not -lssl
- remove redundant calls to end-of-request hooks
- [mod_mysql_vhost] remove dev debug code
- [core] con interface for read/write; isolate SSL
- [core] new plugin hooks to help isolate SSL
- [mod_openssl] new module (preliminary layout)
- [core] move network_open_file_chunk() to chunk.c
- [mod_openssl] move openssl code into mod_openssl
- [mod_openssl] move openssl config into mod_openssl
- [core] move connection_read_cq() to connections.c
- [mod_geoip] call from handle_request_env hook
- [build] only mod_openssl depends on -lssl
- [mod_auth] enable optional authz if extern authn (fixes #2481)
- [mod_openssl] allow ssl.verifyclient on url paths (fixes #2245)
- [core] do not emit req/response hdrs w/ blank val
- [mod_setenv] directives to overwrite/remove hdrs (fixes #650, fixes #2295)
- [mod_secdownload] new directives modify hash path (fixes #646, fixes #1904)
- [core] move con throttling to connections-glue.c
- [core] support Expect: 100-continue with HTTP/1.1 (fixes #377, #1017, #1953, #2438)
- [mod_openssl] use TLS SNI to set host-based certs
- [mod_ssi] send #exec cmd="..." output to temp file
- [mod_scgi] tests/mod-scgi.t unit tests
- [mod_auth] support LDAP groups for HTTP auth (fixes #1817)
- [core] use getaddrinfo,inet_pton vs gethostbyname (fixes #2783)
- [mod_auth] LDAP escape username in DN and filters
- mod_vhostdb* (dbi,mysql,pgsql,ldap) (fixes #485, fixes #1936, fixes #2297)
- [mod_auth] have LDAP template replace '?'
- apply debian/patches/spelling.patch
- [core] permit connection-level state in modules
- [TLS] include <openssl/opensslv.h> in rand.c
- [core] config match w/ arbitrary HTTP request hdrs (fixes #1556)
- [mod_flv_streaming] add end pos param (fixes #1887)
- [core] X-LIGHTTPD-KBytes-per-second from backends (fixes #954)
- [core] improve accuracy of bandwidth write limits
- [core] quicker graceful shutdown
- [tests] remove unused file depending on CGI.pm
- [doc] doc/initscripts.txt (fixes #2782)
- [core] check issetugid() early in main()
- [core] combine duplicated getrlimit, network_init
- [core] move interval timer near worker event loop
- [core] initialize globals at top of main()
- [core] graceful restart with SIGUSR1 (fixes #2785)
- [mod_authn_mysql] fix minor memleak at shutdown
- [mod_rrdtool] no error if loaded but no config
- [doc] SIGUSR1 doc and lighttpd-angel SIGUSR1
- [mime.conf] add text/markdown to utf-8 list, regenerate mime.conf
- [mod_cgi] RFC3875 CGI local-redir strict adherence (#2108)
- [mod_cgi] do not send "Status" back to client
- [core] add label for 308 Permanent Redirect
- [mod_openssl] inherit ssl.* from global scope
- [core] handle if backend sends Transfer-Encoding (#2786)
- [core] use kqueue in level-triggered mode (fixes #2788)
- [mod_fastcgi,mod_scgi] backend spawn EINTR retry (#2788)
- [core] config opt to intercept dynamic handler err (fixes #974)
- [core] set default server_tag in server.c
- [core] include lighttpd vers in server started msg
- [core] move version.h logic into server.c
- [core] issue trace if max-fds too large (fixes #2789)
- [mod_fastcgi,mod_scgi] consistent waitpid handling (fixes #2791)
- [mod_cgi] fix CGI local-redir w/ url.rewrite-once (fixes #2793)
- [mod_scgi] fix unused_procs bidirectional-links
- [mod_scgi] fix potential repeated use of proc->id
- [mod_fastcgi,mod_scgi] consolidate backend process accounting (#2788)
- [mod_cgi] status 200 OK if no hdrs (deprecated) (#2786)
- [core] fix regex condition subst w/ mod_extforward (fixes #2794)
- [tests] correct skip count for mod-scgi.t
- [mod_vhostdb_ldap] fix inverted logic (coverity)
- [mod_cgi] cgi.local-redir = [enable|disable] (#2108, #2793)
- [core] $REQUEST_HEADER[...] subsumes other config (#1556)
- [mod_usertrack] usertrack.cookie-attrs config opt (fixes #2795)
- [core] default server.max-fds=4096 if unspecified (#2789)
- update .gitignore, add .gitattributes
- [core] reduce con allocation for small max_conns
- [config] more specific checks for array lists
- [mod_authn_gssapi] needs -lcom_err under cygwin
- [mod_cgi,fastcgi,scgi,proxy] fix streaming response (fixes #2796)
- [mod_auth] Digest nonce on system with time <=1978
- [doc] simple-vhost.debug takes an integer value (fixes #2797)
- [core] fix crash if invalid config file (fixes #2798)
- [core] remove unused member con->in_joblist
- [mod_proxy] remove use of con->got_response
- [core] consolidate dynamic handler response parse
- [core] remove now-unused buffer_search_string_len
- [mod_cgi] eliminate warning when compiled -Os
- [mod_scgi] do not reconnect after connect succeeds
- [tests] reduce time waiting for backends to start
- [core] server.syslog-facility (fixes #2800)
- [core] server.syslog-facility (use -1 for unset) (#2800)
- [core] allow overriding prior config values (fixes #2799)
- [mod_proxy] set Content-Length, if available
- [mod_proxy] set X-Forwarded-Host (fixes #418)
- [core] remove redundant Content-Length digit check
- [core] remove some unused header includes
- [core] use con->dst_addr_buf instead of ip recalc
- [core] include "fdevent.h" where needed
- [core] make stat_cache private to stat_cache.c
- [core] collect ioctl FIONREAD code
- [core] include <netdb.h> where needed
- [core] report file path when mkstemp() fails (fixes #2802)
- [core] export http_request_host_policy() for reuse
- [mod_extforward] simplify header search
- [mod_extforward] consolidate ipstr_to_sockaddr()
- [mod_extforward] upd scheme after ipstr validated
- [mod_extforward] rearrange code; prep Forwarded
- [mod_extforward] support Forwarded HTTP Extension (#2703)
- [mod_proxy] support Forwarded HTTP Extension (fixes #2703)
- [core] inet_pton(), inet_ntop() on (sock_addr *)
- [core] save connection-level proto in con->proto
- [mod_extforward] support HAProxy "PROXY" protocol (fixes #2804)
- [mod_extforward] fix typos in Forwarded handling
- [core] fix stat_cache initialization error
- [core] perf: stat_cache_mimetype_by_ext()
- [core] inet_ntop_cache now 4-element cache
- [mod_openssl] free local_send_buffer at exit
- [core] extend mimetype search w/o leading '.'
- [core] no SOCK_CLOEXEC on Linux kernel < 2.6.27
- [core] inline simple buffer is empty checks
- [core] buffer_substr_replace()
- [core] sys-strings.h abstraction for strings.h
- [mod_proxy] fix backslash escaping
- [core] omit default port from normalized host str
- [core] fix build issue without ipv6 support
- [core] permit strings and integers in config array
- [mod_accesslog] flag high precision ts for %T (fixes #2807)
- [core] permit strings,ints,arrays in config array
- [core] calloc plugin_config for consistent init
- [mod_proxy] simple host/url mapping in headers (fixes #152)
- [mod_uploadprogress] handle query str progress ID (fixes #2808)
- [mod_fastcgi] consolidate backend read code
- [mod_proxy,mod_scgi] fix truncated error trace
- [core] skip socket shutdown() if con->fd negative
- [core] act as transparent proxy after con Upgrade
- [core] remove redundant resets of fde_ndx
- [core] configparser: fix resource handling in error cases (fixes #2809)
- [core] fix crash for invalid syntax in config file (fixes #2810)
- [core] prep mod transitions to transparent proxy
- [mod_proxy] basic support for Upgrade: websocket (fixes #2811)
- [mod_extforward] compile on OSX
- [core] set server.max-keep-alive-requests = 100 (fixes #2205)
- [core] perf: skip redundant strlen() if len known
- [core] optional condition in config "else" clause (fixes #1268)
- [mod_cgi] basic support for Upgrade: websocket
- [core] buffer to disk streaming to slow backends
- [core] silence compiler warnings if !HAVE_FORK
- [build] -Werror if --enable-extra-warnings=error
- [build] autotools use AC_PROG_CC_STDC macro
- [mod_openssl] ssl.ca-crl-file for CRL (fixes #2319)
- [mod_openssl] ssl.ca-dn-file (fixes #2694)
- [mod_proxy] fix typo identified by coverity
- [mod_openssl] ignore client verification error if not enforced
- [mod_openssl] fix compile with openssl 1.1.0
- [mod_extforward] quiet clang compiler warning
- [mod_dirlisting] sort "../" to top of names
- [mod_openssl] safer_X509_NAME_oneline() (fixes #2693)
- [core] allow earlier plugin init for SSL/TLS
- [mod_openssl] adjust use of ssl.ca-dn-file
- [core] fix compiler warnings on Mac OS X
- [core] server.socket-perms to set perms on unix (fixes #656)
- [core] get port from sock_addr if AF_INET,AF_INET6
- [core] server.error_handler_404 X-Sendfile ENOENT (#2474)
- [core] consolidate fork()/execve() code (#1393)
- [core] mv log_error_{open,cycle.close} to server.c
- [core] rename fd_close_on_exec()
- [core] remove unused includes of stat_cache.h
- [core] add missing include of stdlib.h
- [core] reduce exposure of unistd.h, other includes
- [core] sock_addr_from_str_hints reusable name res
- [core] continue collecting use of netdb.h
- [core] continue collecting use of netdb.h
- [core] continue collecting use of netdb.h
- [core] fdevent_connect_status() shared code
- [core] add const to reduce .data segment size
- [mod_proxy] move data_fastcgi into mod_proxy.c
- [mod_proxy] store address family at config time
- [mod_fastcgi] slightly simplify counters
- [mod_fastcgi] consolidate connect() error handling
- [mod_fastcgi] set request_id in fcgi_create_env()
- [mod_fastcgi] move delayed connect() into switch()
- [mod_fastcgi,mod_scgi] consistent connect() error
- [mod_scgi] remove unused parse_response member
- [mod_fastcgi,mod_scgi] struct member consistency
- [mod_fastcgi,mod_scgi] parse bin_path at startup
- [mod_fastcgi,mod_scgi] use temp buffer for cgi_env
- [core] shared code for socket backends
- [core] spread load on socket backend procs
- [core] store sockaddr for socket backend procs
- [core] resolve DNS at startup for socket backends
- [core] adaptive spawning for socket backend procs (fixes #1162)
- quell compiler warnings for -Wimplicit-fallthrough
- [doc] update README
- [core] fdevent_cycle_logger()
- [core] reap lighttpd worker pids precisely
- [core] restart piped loggers if they exit (fixes #1393)
- [mod_webdav] PROPFIND getetag attr must match GET
- [core] consistent behavior w/ and w/o SA_SIGINFO
- [core] do not remove pid-file in test mode
- [core] add public domain SHA1 if no crypto
- [mod_wstunnel] websocket tunnel to other protocol
- [core] forward SIGHUP only to lighttpd workers
- [mod_dirlisting] treat README and HEADER as paths (fixes #2818)
- [core] set one-shot mode fd O_NONBLOCK, FD_CLOEXEC
- [core] remove fdevent fcntl_set hook
- [mod_extforward] typo in comment
- [mod_cgi] add missing #include
- [core] fix invalid sizeof() identified by coverity
- [core] add missing #include
- [core] base_decls.h to quiet compiler warnings
- [core] set socket perms after bind, before listen
- [core] warn if backend server config contains '_'
- [mod_extforward] PROXY proto and SSL_CLIENT_VERIFY
- [core] workaround for AIX mmap define
- [mod_accesslog] flush access logs every 4 seconds
- [mod_cgi] fix bug to properly exec interpreter
- [mod_fastcgi] fix return when streaming min buffer
- [core] attempt to quiet coverity false positives
- [core] attempt to quiet coverity false positives
- [core] attempt to quiet compiler warning in LEDE
- [core] SIGCHLD handle_waitpid hook for modules
- [mod_rrdtool] handle_trigger returns HANDLER_GO_ON
- [mod_openssl] ssl.read-ahead="disable" for stream
- [mod_cgi] add FDEVENT_IN upon CGI exit
- [mod_cgi] omit cgi_handle_fdevent after proc exit
- [mod_webdav] check HAVE_UUID for -luuid
- [core] adjust li_rand_pseudo* interfaces
- [mod_wstunnel] fix config parsing bug
- [core] fdevent setsockopt() helper functions
- [core] make strftime_cache_get() 16-element cache
- [core] disable Nagle if streaming to backend
- [core] fix triggered assert on HTTP chunked input (fixes #2822)
- [mod_wstunnel] fix NULL ptr deref
- [algo_sha1] fix compile break and warnings
- [lemon] fix gcc implicit-fallthrough warning
- [core] URI scheme is case-insensitive
- [network] do not append port to unix socket paths
- [unittests] consolidate base64 test code
- [core] use sun_path for addr string for AF_UNIX (fixes #2826)
- [core] cleaner code; remove goto from network.c
- [core] /dev/stdin listener for inetd wait yes
- [core] compare listen addrs after DNS resolution
- [core] inline chunkqueue_is_empty()
- [core] limit use of TCP_CORK
- [core] return from http_response_read if small rd
- [core] gateways might Upgrade con before body read
- [mod_wstunnel] set Sec-WebSocket-Protocol if bin
- [mod_wstunnel] remove invalid appended '\0'
- [core] quiet coverity warning
- [core] handle fds pending close after poll timeout (fixes #2827)
- [core] fix $REQUEST_HEADER[...] parsing in config (#1556)
- [mod_dirlisting] custom js date parse func (fixes #2823)
- [core] remove fd interest if create_env returns
- [mod_openssl] copy data for larger SSL packets
- [mod_openssl] remove erroneous SSL_set_shutdown()
- [core] permit LF to end lines if !header-strict
- [core] add back REQUEST_SCHEME for backends
- [core] remove fdevent_sched_run from fdevent_libev (#2827)
- [mod_openssl] ssl.read-ahead="disable" by default
- [core] adjust parser for valid variable expansion
- [cmake] handle WITH_WEBDAV_LOCKS option
- [cmake] fix attr header detection and linking
- [cmake] link mod_cml with memcached
- [core] reproducible build: hide
__DATE__
__TIME__
(fixes #2828) - [core] perf: more efficient fdevent_sched_run()
- [core] translate DNS to IP str for cond socket cmp
External references¶
Also available in: TXT