forked from lighttpd/lighttpd1.4
-
Notifications
You must be signed in to change notification settings - Fork 0
/
NEWS
2396 lines (2242 loc) · 122 KB
/
NEWS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
====
NEWS
====
- 1.4.55 - 2020-01-31
* [core] fix compile error on Solaris (fixes #2959)
* [core] __attribute_pure__
* [core] array-specialized buffer_caseless_compare()
* [core] specialized buffer_eq_*() for short strings
* [core] mark some more funcs w/ __attribute_pure__
* [core] use buffer_eq_icase* funcs
* [multiple] replace strcasecmp() on short strings
* [core] mark some more funcs w/ __attribute_pure__
* [mod_webdav] fix startup crash w/ multiple conds (fixes #2958)
* [core] cold func http_response_omit_header()
* [core] use buffer_eq_icase_ssn func
* [core] use buffer_eq_icase_ssn func
* [core] correct __attribute_pure__ syntax
* [core] allocate unix socket paths with SUN_LEN()+1 (fixes #2962)
* Use explicit_memset from NetBSD if available for safe_memclear (fixes #2971)
* Also use explicit_memset (NetBSD) with cmake, scons and meson
* [cmake]: enable CMAKE_POSITION_INDEPENDENT_CODE by default
* [core] improve http_headers[] data struct packing
* [core] fdevent_poll() is effective periodic timer
* [core] move con state handling to connections*.c
* [core] issue config error for invalid ':' (fixes #2980)
* [mod_deflate] fix choose encoding parse error (fixes #2981)
* [core] retry on some fdevent set/del temporary err
* [core] disable stat_cache FAM if FAM conn closed
* [mod_auth] http_auth_const_time_memeq improvement
* [build] prefer pkg-config for postgres (fixes #2965)
* [mod_authn_gssapi] 500 if fail to delegate creds (#2967)
* [mod_authn_gssapi] option to store delegated creds (fixes #2967)
* [mod_webdav] fix file uploads > 128M (fixes #2970)
* [mod_auth] do not use quoted-string for algorithm
* [mod_auth] require digest uri= match original URI
* [mod_auth] Authentication-Info: nextnonce=...
* [mod_auth] http_auth_const_time_memeq_pad()
* [mod_auth] http_auth_const_time_memeq() (#2975, #2976)
* [build] PGSQL_CFLAGS with pkg-config for postgres (#2965)
* [build] PGSQL_CFLAGS with pkg-config for postgres (#2965)
* [core] avoid freeaddrinfo() on NULL ptr (fixes #2984)
* [core] reject WS following header field-name (fixes #2985)
* [core] reject Transfer-Encoding + Content-Length (#2985)
* [mod_openssl] reject invalid ALPN
* [mod_accesslog] parse multiple cookies (fixes #2986)
* [core] Oracle Solaris does not have POLLRDHUP
* [multiple] address coverity warnings
* [core] preserve %2b and %2B in query string (fixes #2999)
* [core] fall back to accept() if accept4() EPERM (fixes #2998)
* [mod_auth] close connection after bad password
* [core] do not accept() > server.max-connections
* [core] save errno before logging if execve() fails
* [config] update /var/run -> /run for systemd
* [core] Solaris has getloadavg in sys/loadavg.h
* [build] Fix build when using nested CMake
* [core] fix one-byte OOB read (underflow)
- 1.4.54 - 2019-05-27
* [mod_evhost] handle IPv6 literal addr; add tests
* [core] separate server_main_loop() func, mark hot
* [core] mark startup/shutdown funcs cold
* [core] some server_main_loop() cleanup
* [core] fdevent_process()
* [core] srv->max_fds_lowat and srv->max_fds_hiwat
* [core] remove server.h
* [mod_staticfile] search ext array if not empty
* [core] store joblist pointer on stack
* [core] quickly clear request buffer for reuse
* [core] helper funcs for connection_state_machine()
* [core] perf: optimize connection_read_header()
* [core] parse request in connection_read_header()
* [core] log_request_header_on_error in one place
* [core] copy request only if might need for logging
* [core] make parse_request,request.request same buf
* [core] prefer buffer_caseless_compare()
* [core] pass req hdrs buffer to http_request_parse
* [core] replace con->response.keep_alive
* [core] mark log_error_write*() funcs cold
* [core] http_request_parse() mark error paths cold
* [core] lift code out of request line parse loop
* [core] get_http_method_key() match by strlen first
* [core] RFC7230 HTTP-version parse
* [mod_accesslog] attempt to reconstruct req line
* [multiple] minor: remove duplicated conditions
* [mod_deflate] honor request for x-gzip, x-bzip2
* [mod_auth] minor: adjust config validation
* [core] discard oversized trailers
* [core] no keep-alive if POLLRDHUP,empty read queue
* [core] fix gw_backend spelling of directive in err
* [multiple] reduce code dup in list resizing
* [core] con->is_ssl_sock
* [core] connection_handle_write() updates con state
* [core] skip plugins_call_cleanup if not init'ed
* [core] simpler loops to run plugin hooks
* [core] fix mixed use of srv->split_vals array (fixes #2932)
* [core] dispatch events from within event framework
* [core] don't call fd event handlers more than once, they might already be gone (fixes segfault)
* [core] poll: fdarray uses fd as index, not fde_ndx
* [core] map FDEVENT_* to OS system event frameworks
* [core] prefer memchr() over strchr()
* [core] use openssl to read,discard request body
* [mod_openssl] inherit cipherlist from global scope
* [mod_openssl] default: ssl.cipher-list = "HIGH"
* [mod_proxy] pass Content-Length to backend if > 0
* [core] config option to allow GET w/ request body
* [core] some fdevent code streamlining
* [core] remove fde_ndx member outside fdevents
* [core] remove redundant check for allow_http11
* [mod_openssl] use 16k static buffer instead of 64k
* [core] pull server load checks out of main loop
* [core] isolate fdevent processing
* [core] release empty chunk buf when nothing read
* [core] perf: pass (fdnode *) to epoll and kqueue
* [core] modify config parser to handle multiple }
* [core] pass (fdnode *) for registered fdevent fd
* [mod_auth] http_auth_digest_hex2bin()
* [mod_auth] http_auth_info_t digest abstraction
* [mod_auth] pass http_auth_require_t for 401 Unauth
* [core] no SOCK_NONBLOCK on QNX 7.0
* [mod_auth] HTTP Auth Digest algorithm=SHA-256
* [core] silence coverity warning
* [mod_magnet] fix invalid script return-type crash (fixes #2938)
* [build] remove -Wdeclaration-after-statement
* [core] pass conf.follow_symlink in more places
* [core] fix assertion with server.error-handler (fixes #2941)
* [core] extend dir redirection to take HTTP status
* [doc] minor adjust create-mime.conf.pl regex match (#2942)
* [core] __attribute__((fallthrough)) for GCC 7.0
* [core] fdevent_mkstemp_append() (shared)
* [core] off_t upload_temp_file_size
* [core] clear FDEVENT_RDHUP if no POLLRDHUP
* [mod_wstunnel] fix ping-interval for big-endian (fixes #2944)
* [core] fix abort in http-parseopts (fixes #2945)
* [core] remove repeated slashes in http-parseopts
* [core] fix 1.4.52 regression in mem use with POST (fixes #2948)
* [multiple] cleaner calloc use in SETDEFAULTS_FUNC
* [core] add const to some etag prototypes
* [core] __attribute__((format ...))
* [core] struct log_error_st for error logging
* [core] log_error, log_perror using printf-like fmt
* [core] new worker_init hook to follow parent fork
* [core] replace open() with fdevent_open_cloexec()
* [mod_webdav] major rewrite (fixes #1818)
* [core] 200 for OPTIONS /non-existent/path HTTP/1.1 (fixes #2939)
* [mod_webdav] surround Lock-Token with "<...>"
* [mod_webdav] fix uuid detection macro
* [mod_webdav] fix misbehavior on blank nodes in PROPPATCH
* [mod_webdav] clean up resources after do{}while(0)
* [mod_webdav] check If-Match, If-Unmodified-Since (#1818)
* [mod_webdav] deprecated unsafe partial PUT compat
* [mod_webdav] provide ETag in more responses
* [mod_webdav] platform portability fixes
* [mod_webdav] disable elftc_copyfile() on FreeBSD
* [mod_webdav] special-case If: (<DAV:no-lock>)
* [mod_webdav] check If-None-Match (#1818)
* [stat_cache] separate func for symlink policy chk
* [stat_cache] separate symlink pol from data struct
* [stat_cache] store entries without trailing slash
* [stat_cache] pass age param for stat cache cleanup
* [stat_cache] remove splaytree ins/del debug code
* [stat_cache] FAM: reduce string copying
* [stat_cache] FAM: check FAMNextEvent() return code
* [stat_cache] FAM: use entry hash index as userdata
* [stat_cache] FAM: improve handling modified file
* [stat_cache] FAM: ignore follow-symlink config
* [stat_cache] FAM: check hash collision before add
* [stat_cache] FAM: ignore event with no valid match
* [stat_cache] FAM: funcs to invalidate entries
* [stat_cache] interfaces to invalidate entries
* [mod_webdav] update stat_cache after file mod
* [core] use high precision stat timestamp in etag
* [scons] adjustment for static build under CentOS
* [core] emit trace using path before clearing path
* [core] http_chunk_append_file_fd()
* [multiple] open target file earlier in some cases
* [stat_cache] no longer stat() and open() for stat
* [stat_cache] FAM: improve monitoring, cache 16 sec
* [stat_cache] FAM: separate routine for FDEVENT_IN
* [stat_cache] FAM: whitespace-only change
* [mod_webdav] quiet coverity warnings
* [doc] highlight relevance of module load order (fixes #2946)
* [core] behavior change: stricter URL normalization
* [stat_cache] fix compilation error for cmake
* [cmake] help cmake on FreeBSD find sys/event.h
* [scons] help scons on FreeBSD find sys/event.h
* [build] detect FreeBSD elftc_copyfile()
* [mod_openssl] use SSL_CTX_set_client_hello_cb()
* [core] support weak etags with If-None-Match
* [core] store log_state_handling flag on stack
* [core] check if splay_tree NULL before invalidate
* [mod_webdav] workaround Microsoft-WebDAV-MiniRedir
* [mod_webdav] doc Microsoft-WebDAV-MiniRedir bugs
* [mod_webdav] invalidate parent dir in stat_cache
* [doc] systemd socket activation config example
* [core] chunkqueue perf: code reuse
* [core] chunkqueue perf: specialized buffer.h funcs
* [core] chunkqueue perf: skip opening 0-length file
* [core] chunkqueue perf: read small files into mem
* [core] buffer_reset() should not be passed NULL
* [tests] has_feature() helper func
* [tests] skip mod-secdownload HMAC-SHA1,HMAC-SHA256
* [core] use high precision stat timestamp on OS X
* [mod_magnet] expose server addr (local IP) to lua
* [core] adjust http_chunk read() retry loop
* [mod_maxminddb] MaxMind GeoIP2 support
* [mod_authn_ldap] ldap_set_option LDAP_OPT_RESTART (fixes #2940)
- 1.4.53 - 2019-01-27
* [mod_cml,mod_flv_streaming] fix NULL ptr deref
* [mod_simple_vhost] t/test_mod_simple_vhost
* [mod_evhost] split uri handler func for testing
* [mod_evhost] restructure for unit tests
* [mod_evhost] t/test_mod_evhost
* [mod_access] restructure for unit tests
* [mod_access] t/test_mod_access
* [tests] include first.h and NDEBUG early
* [core] use kill_signal for gw_proc_kill()
* [tests] t/test_keyvalue
* [tests] some test config cleanup
* [tests] update skip count in mod-fastcgi.t
* [multiple] reduce initial buffer sz if large POST (fixes #2922)
* [mod_fastcgi] fix NULL ptr deref from bugfix #2922 (fixes #2923)
* [tests] more test config cleanup
* [core] perf: incremental hash of pathname w/o copy
* [core] perf: reuse buffer to redirect to directory
* [core] do not free() reused buffer
* [core] use connected sock port in dir redirect
* [core] http_response_buffer_append_authority()
* [core] use con->server_name for dir redir
* [core] memeq compare rounded to 64, not next 1M
* [core] define MD5_DIGEST_LENGTH 16
* [mod_auth] permit additional auth backends to load
* [core] send Connection: close if reqbody not read (fixes #2924)
* [core] cache rev DNS for localhost for dir redir
* [doc/conf] resolve some mime type conflicts from debian buster, regenerate mime.conf
* [core] move winsock init to network_init()
* [core] move /dev/stdin graceful restart handling
* [core] network_srv_sockets_append() shared code
* [core] systemd socket activation support
* [build] autotools: try mysqlclient.pc and mariadb.pc (fixes #2925)
* [mod_expire] look up expire fallback "" explicitly
* [multiple] calloc match ptr type (clang --analyze)
* [multiple] quiet clang --analyze where trivial
* [mod_webdav] compare COPY, MOVE Destination scheme
* [core] con->uri.scheme is maintained lowercase
* [mod_openssl] ALPN and acme-tls/1 (fixes #2931)
* [core] Fix recursive include_shell invocations
* [mod_openssl] ssl.privkey directive (optional)
- 1.4.52 - 2018-11-28
* [mysql] MySQL 8 deprecates my_bool
* [core] typo in trace
* [build] Fix unportable test(1) operator
* [core] perf: call connection_reset() fewer times
* [core] perf: array_reset_data_strings()
* [core] perf: buffer_free_ptr() __attribute__ cold
* [core] perf: one-element cache for host normalize
* [core] perf: buffer_copy_string_len()
* [core] perf: skip redundant prepare copy calls
* [core] perf: buffer_align_size() identity if align
* [core] perf: size write buffers for reuse
* [core] perf: prepend headers directly into write q
* [core] perf: copy small strings; better buf reuse
* [core] perf: copy small strings; extend last chunk
* [core] perf: specialized func for array sorting
* [core] perf: append response directly into write q
* [core] perf: better buf reuse reading from backend
* [core] chunk.c code reuse
* [multiple] perf: write headers to backend write cq
* [multiple] perf: power-2 alloc large headers
* [multiple] perf: use larger initial backend buffer
* [core] permit env vars to be set with blank value
* [mod_fastcgi] perf: reduce data copies
* [mod_fastcgi] perf: reduce data copies
* [core] perf: chunk.c chunk pool
* [multiple] perf: reuse large buffers w/ backend
* [multiple] better packing of struct chunk
* [core] perf: inline buffer_append_string_buffer()
* [core] slightly simpler flag append to string
* [mod_cgi] perf: reuse buffers for creating CGI env
* [mod_fastcgi,mod_scgi] perf: env accumulation
* [core] Don't call RAND_cleanup with OpenSSL 1.1.x
* [mod_openssl] move SSL_shutdown() to separate func
* [mod_openssl] SSL_read before second SSL_shutdown
* [mod_cgi] perf: use stat_cache for cgi handler
* [mod_openssl] prefer using TLS_server_method()
* [mod_webdav] return 403 if file should exist
* [core] perf: chunkqueue buffers already sized up
* [core] perf: simpler buffer_string_space()
* [multiple] dynamic handlers hint backend header sz
* [core] use chunk_buf_sz instead of hard-coded num
* [multiple] perf: simplify chunkqueue_get_memory()
* [mod_wstunnel] perf: reuse large buffers
* [mod_cgi] perf: cache getenv() results at start up
* [core] fix 301 -> 302 overwrite with Location (fixes #2918)
* [core] fix setting of headers previously reset (fixes #2919)
* [mod_webdav] quiet coverity false positive
* [core] server.compat-module-load = "disable"
* [core] server.chunkqueue-chunk-sz = 4096
* [core] perf: simpler buffer_string_space() (fixed)
* [core] perf: faster HTTP pipelined requests
* [core] perf: simpler buffer_string_space() (tests)
* [mod_cgi] reset reused buffer on internal redir
* [core] clear chunk buffer upon release
* [mod_fastcgi] minor: copy packet without padding
* [mod_redirect,mod_rewrite] use server_name
* [mod_fastcgi] transfer chunks minus packet padding
* [core] separate func to reset FILE_CHUNK
* [core] perf: simple, quick buffer_clear()
* [core] perf: small improvement to encoding CGI var
* [core] perf: small improvement buffer_string_space
* [core] simpler physical path concatenation
* [mod_webdav] fix LOCK on incorrect URI path
* [mod_webdav] one fewer buffer copy for COPY,MOVE
* [core] perf: simplify buffer_move()
* [mod_cml] parse query string without modifying it
* [core] perf: buffer optimizations
* [mod_wstunnel] use buffer_string_length()
* [core] perf: inline buffer_copy_buffer()
* [core] cygwin helper func for getcwd
* [core] cygwin sample to run lighttpd under NSSM
* [core] limit con->uri.authority < 1024 octets
* [mod_webdav] separate func for each request method
* [core] reject decoded url-path without leading '/'
* [multiple] validate UTF-8 in url-decoded paths
* [mod_proxy] silence coverity false positive
* [core] fix typo
* [core] buffer_append_path_len()
* [core] quiet indexfile warning if mod not loaded
- 1.4.51 - 2018-10-14
* [core] split parsing header line into separate function
* [core] explicitly return 0 instead of constant result
* [core] header parsing: use goto for error handling
* [core,security] process headers after combining folded headers
* [core] replace folding whitespace with a single space
* [buffer] fix duplicate assert and comment
* [core] redo HTTP header line folding
* [core] parse header line strings before copying
* [core] abstraction to insert/modify response hdrs
* [core] code reuse with array_insert_key_value()
* [core] simplify parsing hdr key whitespace then :
* [core] http_request_parse_reqline() separate func
* [core] abstraction layer for HTTP header manip
* [core] code reuse with http_response_body_clear()
* [mod_proxy] fix proxy.forwarded and proxy.replace-http-host (fixes #2902)
* [mod_rewrite] fix url.rewrite-repeat and url.rewrite-if-not-file (fixes #2908)
* [core] fastcgi.h link to Open Market License (OML) (fixes #2901)
* [mod_proxy,mod_wstunnel] copy full plugin_config (fixes #2903)
* [mod_fastcgi,mod_scgi] error on oversized request (fixes #2905)
* [mod_auth] send 401 for mismatch HTTP auth scheme (fixes #2906)
* [core] code reuse array_match_*() routines
* [mod_skeleton] review and simplify
* [multiple] code reuse: employ array_match_*()
* [doc] lighttpd.service uses network-online.target
* [mod_flv_streaming] code simplifications
* [mod_authn_pam] mod_auth PAM support (fixes #688)
* [mod_sockproxy] add to build
* [core] fix include_shell on inline shell commands (fixes #2910)
* [multiple] code reuse: using array_*() funcs
* [tests] t/test_array.c
* [core] array_get_int_ptr()
* [core] more memory-efficient fn table for data_*
* [tests] #undef NDEBUG before assert.h in t/test_*
* [core] inline status_counter routines
* [core] log_failed_assert() __attribute__((cold))
* [core] http_status_append()
* [core] http_method_append()
* [core] prefer buffer_append_string_len()
* [build] fix SCons build for mod_authn_pam
* [mod_userdir] security: skip username "." and ".."
* [mod_deflate] null-check to quiet coverity warning
* [core] quiet coverity false positive
* [multiple] quiet compiler warnings --without-pcre
* [mod_secdownload] support if HMAC() is a macro
* [TLS] sys-crypto.h abstraction
* [TLS] sys-crypto.h abstraction
* [build] put request.c in common src
* [meson] build fixes for libmariadb and libsasl2
* [core] PATH_INFO calculation when basedir is "/" (fixes #2911)
* [core] better consistency in buffer_is_equal*()
* [core] fix missing param from prev commit
* [mod_openssl] no renegotiation in TLS 1.3 (fixes #2912)
* [core] reject Transfer-Encoding from proxy (#2913)
* [mod_auth] use SHA1_Init,Update,Final
* [mod_openssl] add support for wolfSSL
* [build] automake support for wolfSSL
* [build] SCons support for wolfSSL
* [build] meson support for wolfSSL
* [build] CMake support for wolfSSL
* [core] perf: buffer.c internal inlines
* [mod_openssl] wolfSSL does not support SSLv2
* [core] perf: buffer_string_append_len()
* [core] permit server.error_handler to static file
- 1.4.50 - 2018-08-13
* [mod_extforward] allow explict IPs to be untrusted (#2860)
* [core] fix crash if 'host' empty in config (fixes #2876)
* [mod_magnet] fix regression in lighty.stat (fixes #2877)
* [core] minor code cleanup in gw_recv_response()
* [core] fix rare race condition from backends (fixes #2878)
* [mod_proxy] fix segfault in Set-Cookie reverse map (fixes #2879)
* [core] fdevent_accept_listenfd() nonblock cloexec
* [build] remove m4 AC_PATH_PROG for PKG_CONFIG
* [core] some header cleanup
* [mod_wstunnel] better Sec-WebSocket-Protocol parse
* [mod_magnet] code reuse
* [mod_magnet] reduce buffer copies
* [mod_fastcgi,mod_scgi] fastcgi.balance,scgi.balance (fixes #2882)
* [core] check if SOCK_NONBLOCK is ignored (fixes #2883)
* [core] buffer_append_string_encoded_hex_lc()
* [core] more efficient hex2int()
* [mod_secdownload] compare bin MAC instead of hex
* [core] li_tohex_lc() explicitly uses lc hex chars
* [core] buffer_append_uint_hex_lc() uses lc hex
* [core] buffer_append_string_encoded() uc hex
* [tests] reduce test_base64 brute force tests
* [tests] remove test_buffer output, except on error
* [core] check for continuation in server.tag
* [core] CONNECT must be handled before fs hooks
* [mod_redirect, mod_rewrite] code reuse (sharing)
* [core] data_config_pcre_compile,exec()
* [tests] test_request unit tests
* [core] http_kv.[ch] method, status, version str
* [core] remove unused get_http_status_body_name()
* [core] remove proc_open.[ch], reduce stdio.h use
* [tests] move src/test_*.c to src/t/
* [core] server.http-parseopts URL normalization opt (fixes #1720)
* [core] inline some buffer.[ch] routines
* [core] remove some duplicative code in log.c
* [core] debug server.log-request-header-on-error
* [mod_redirect,mod_rewrite] short-circuit earlier
* [core] fix buffer_to_upper()
* [mod_cgi] handle CGI partial response header write
* [mod_redirect,mod_rewrite] pass request URI info
* [mod_redirect,mod_rewrite] encoding options (fixes #443, fixes #911)
* [mod_redirect,mod_rewrite] fix segfault w/ invalid syntax (fixes #2892)
* [mod_fastcgi] fix memleak with FastCGI auth,resp (fixes #2894)
* [mod_alias] security: potential path traversal with specific configs
* [mod_wstunnel] quiet 32-bit compiler warnings
* [core] POLLRDHUP handling for transparent proxying
* [mod_redirect,mod_rewrite] support up to 19 match
* [core] add missing includes to quiet compiler warn
* [mod_redirect,mod_rewrite] base64url encoding opt
* [mod_rewrite] require rewrite result to begin '/'
* [core] security: use-after-free invalid Range req
* [core] reset var if FAMMonitorDirectory() fails
* [core] option to propagate TCP FIN to backend host
* mod_sockproxy - socket forwarding
* [core] workaround Coverity cov-build bug with gcc7
* [build] add missing file for test_burl
* [core] quell insignificant coverity warning
* [core] extend server.http-parseopts
* [mod_alias] security: path traversal in mod_alias (in some use cases) (fixes #2898)
* [core] security: use-after-free after invalid Range request (fixes #2899)
- 1.4.49 - 2018-03-11
* [core] adjust offset if response header blank line
* [mod_accesslog] %{canonical,local,remote}p (fixes #2840)
* [core] support POLLRDHUP, where available (#2743)
* [mod_proxy] basic support for HTTP CONNECT method (#2060)
* [mod_deflate] fix deflate of file > 2MB w/o mmap
* [core] fix segfault if tempdirs fill up (fixes #2843)
* [mod_compress,mod_deflate] try mmap MAP_PRIVATE
* [core] discard from socket using recv MSG_TRUNC
* [core] report to stderr if errorlog path ENOENT (fixes #2847)
* [core] fix base64 decode when char is unsigned (fixes #2848)
* [mod_authn_ldap] fix mem leak when ldap auth fails (fixes #2849)
* [core] warn if mod_indexfile after dynamic handler
* [core] do not reparse request if async cb
* [core] non-blocking write() to piped loggers
* [mod_openssl] minor code cleanup; reduce var scope
* [mod_openssl] elliptic curve auto selection (fixes #2833)
* [core] check for path-info forward down path
* [mod_authn_ldap] auth with ldap referrals (fixes #2846)
* [core] code cleanup: separate physical path sub
* [core] merge redirect/rewrite pattern substitution
* [core] fix POST with chunked request body (fixes #2854)
* [core] remove unused func
* [doc] minor update to *outdated* doc
* [mod_wstunnel] fix for frames larger than 64k (fixes #2858)
* [core] fix 32-bit compile POST w/ chunked request body (#2854)
* [core] add include sys/poll.h on Solaris (fixes #2859)
* [core] fix path-info calculation in git master (fixes #2861)
* [core] pass array_get_element_klen() const array *
* [core] increase stat_cache abstraction
* [core] open additional fds O_CLOEXEC
* [core] fix CONNECT w strict header parsing enabled
* [mod_extforward] CIDR support for trusted proxies (fixes #2860)
* [core] re-enable overloaded backends w/ multi wkrs
* [autoconf] reduce minimum automake version to 1.13
* [mod_auth] constant time compare plain passwords
* [mod_auth] check that digest realm matches config
* [core] fix incorrect hash algorithm impl
- 1.4.48 - 2017-11-11
* [mod_webdav] fix crash if stat fails, not ENOENT
* [core] fix build --disable-ipv6 (fixes #2832)
* [scons] Merge branch 'personal/stbuehler/scons-cleanup'
* [autobuild] Merge branch 'personal/stbuehler/autobuild-cleanup'
* [meson] new build system
* [core] fix var.CWD (regression in 1.4.46) (fixes #2835)
* [core] fix implicit wildcard IPv4 and IPv6 listen
* [autobuild] remove obsolete warning about mmap use
* [core] isolate sock_addr manipulation
* [stat_cache] remove debug code littered in file
* [core] cleanup unused ifndef
* [core] cleanup: consolidate FAM code in stat_cache
* [core] consolidate backend network write handlers
* [autobuild] allow sendfile() in cross-compile (fixes #2836)
* [core] quiet pedantic cc warning for excess comma
* [core] isolate backend fdevent handler defs
* [mod_openssl] error if ssl.engine in wrong section (fixes #2837)
* [core] fix lighttpd -1 one-shot graceful shutdown
* [mod_cgi] quiet trace if mod_cgi sends SIGTERM (fixes #2838)
* [build] fix link of test_configfile.c
* [core] quiet coverity false positive
* [mod_openssl] more pedantic check of return values
* [mod_openssl] allow specifying server cert chain (fixes #2692)
* [mod_openssl] ssl.openssl.ssl-conf-cmd (fixes #2758)
* [doc] NEWS - fix improper format line breaks
* [mod_authn_ldap] replace use of deprecated funcs
* [mod_authn_sasl] SASL auth (new) (fixes #2275)
* [mod_openssl] quiet trace from TCP probes (#2784)
* [core] fix dup typedef compiler warning
* [scons] fix various python2/3 incompatibilities
* [doc] fix doc/config/conf.d/fastcgi.conf example
- 1.4.47 - 2017-10-22
* [mod_authn_gssapi] needs -lcom_err under Darwin
* [core] stricter validation of request-URI begin
* [core] fix 1.4.46 regression in config match (fixes #2830)
* [core] normalize config addrs for != match (#2830)
* [core] normalize config addrs for eq and ne (#2830)
* [doc] use https:// URLs to .lighttpd.net resources
* [core] fix 1.4.46 regression in Last-Modified
- 1.4.46 - 2017-10-21
* [TLS] mark code that uses -lcrypto but not -lssl
* remove redundant calls to end-of-request hooks
* [mod_mysql_vhost] remove dev debug code
* [core] con interface for read/write; isolate SSL
* [core] new plugin hooks to help isolate SSL
* [mod_openssl] new module (preliminary layout)
* [core] move network_open_file_chunk() to chunk.c
* [mod_openssl] move openssl code into mod_openssl
* [mod_openssl] move openssl config into mod_openssl
* [core] move connection_read_cq() to connections.c
* [mod_geoip] call from handle_request_env hook
* [build] only mod_openssl depends on -lssl
* [mod_auth] enable optional authz if extern authn (fixes #2481)
* [mod_openssl] allow ssl.verifyclient on url paths (fixes #2245)
* [core] do not emit req/response hdrs w/ blank val
* [mod_setenv] directives to overwrite/remove hdrs (fixes #650, fixes #2295)
* [mod_secdownload] new directives modify hash path (fixes #646, fixes #1904)
* [core] move con throttling to connections-glue.c
* [core] support Expect: 100-continue with HTTP/1.1 (fixes #377, #1017, #1953, #2438)
* [mod_openssl] use TLS SNI to set host-based certs
* [mod_ssi] send #exec cmd="..." output to temp file
* [mod_scgi] tests/mod-scgi.t unit tests
* [mod_auth] support LDAP groups for HTTP auth (fixes #1817)
* [core] use getaddrinfo,inet_pton vs gethostbyname (fixes #2783)
* [mod_auth] LDAP escape username in DN and filters
* mod_vhostdb* (dbi,mysql,pgsql,ldap) (fixes #485, fixes #1936, fixes #2297)
* [mod_auth] have LDAP template replace '?'
* apply debian/patches/spelling.patch
* [core] permit connection-level state in modules
* [TLS] include <openssl/opensslv.h> in rand.c
* [core] config match w/ arbitrary HTTP request hdrs (fixes #1556)
* [mod_flv_streaming] add end pos param (fixes #1887)
* [core] X-LIGHTTPD-KBytes-per-second from backends (fixes #954)
* [core] improve accuracy of bandwidth write limits
* [core] quicker graceful shutdown
* [tests] remove unused file depending on CGI.pm
* [doc] doc/initscripts.txt (fixes #2782)
* [core] check issetugid() early in main()
* [core] combine duplicated getrlimit, network_init
* [core] move interval timer near worker event loop
* [core] initialize globals at top of main()
* [core] graceful restart with SIGUSR1 (fixes #2785)
* [mod_authn_mysql] fix minor memleak at shutdown
* [mod_rrdtool] no error if loaded but no config
* [doc] SIGUSR1 doc and lighttpd-angel SIGUSR1
* [mime.conf] add text/markdown to utf-8 list, regenerate mime.conf
* [mod_cgi] RFC3875 CGI local-redir strict adherence (#2108)
* [mod_cgi] do not send "Status" back to client
* [core] add label for 308 Permanent Redirect
* [mod_openssl] inherit ssl.* from global scope
* [core] handle if backend sends Transfer-Encoding (#2786)
* [core] use kqueue in level-triggered mode (fixes #2788)
* [mod_fastcgi,mod_scgi] backend spawn EINTR retry (#2788)
* [core] config opt to intercept dynamic handler err (fixes #974)
* [core] set default server_tag in server.c
* [core] include lighttpd vers in server started msg
* [core] move version.h logic into server.c
* [core] issue trace if max-fds too large (fixes #2789)
* [mod_fastcgi,mod_scgi] consistent waitpid handling (fixes #2791)
* [mod_cgi] fix CGI local-redir w/ url.rewrite-once (fixes #2793)
* [mod_scgi] fix unused_procs bidirectional-links
* [mod_scgi] fix potential repeated use of proc->id
* [mod_fastcgi,mod_scgi] consolidate backend process accounting (#2788)
* [mod_cgi] status 200 OK if no hdrs (deprecated) (#2786)
* [core] fix regex condition subst w/ mod_extforward (fixes #2794)
* [tests] correct skip count for mod-scgi.t
* [mod_vhostdb_ldap] fix inverted logic (coverity)
* [mod_cgi] cgi.local-redir = [enable|disable] (#2108, #2793)
* [core] $REQUEST_HEADER[...] subsumes other config (#1556)
* [mod_usertrack] usertrack.cookie-attrs config opt (fixes #2795)
* [core] default server.max-fds=4096 if unspecified (#2789)
* update .gitignore, add .gitattributes
* [core] reduce con allocation for small max_conns
* [config] more specific checks for array lists
* [mod_authn_gssapi] needs -lcom_err under cygwin
* [mod_cgi,fastcgi,scgi,proxy] fix streaming response (fixes #2796)
* [mod_auth] Digest nonce on system with time <=1978
* [doc] simple-vhost.debug takes an integer value (fixes #2797)
* [core] fix crash if invalid config file (fixes #2798)
* [core] remove unused member con->in_joblist
* [mod_proxy] remove use of con->got_response
* [core] consolidate dynamic handler response parse
* [core] remove now-unused buffer_search_string_len
* [mod_cgi] eliminate warning when compiled -Os
* [mod_scgi] do not reconnect after connect succeeds
* [tests] reduce time waiting for backends to start
* [core] server.syslog-facility (fixes #2800)
* [core] server.syslog-facility (use -1 for unset) (#2800)
* [core] allow overriding prior config values (fixes #2799)
* [mod_proxy] set Content-Length, if available
* [mod_proxy] set X-Forwarded-Host (fixes #418)
* [core] remove redundant Content-Length digit check
* [core] remove some unused header includes
* [core] use con->dst_addr_buf instead of ip recalc
* [core] include "fdevent.h" where needed
* [core] make stat_cache private to stat_cache.c
* [core] collect ioctl FIONREAD code
* [core] include <netdb.h> where needed
* [core] report file path when mkstemp() fails (fixes #2802)
* [core] export http_request_host_policy() for reuse
* [mod_extforward] simplify header search
* [mod_extforward] consolidate ipstr_to_sockaddr()
* [mod_extforward] upd scheme after ipstr validated
* [mod_extforward] rearrange code; prep Forwarded
* [mod_extforward] support Forwarded HTTP Extension (#2703)
* [mod_proxy] support Forwarded HTTP Extension (fixes #2703)
* [core] inet_pton(), inet_ntop() on (sock_addr *)
* [core] save connection-level proto in con->proto
* [mod_extforward] support HAProxy "PROXY" protocol (fixes #2804)
* [mod_extforward] fix typos in Forwarded handling
* [core] fix stat_cache initialization error
* [core] perf: stat_cache_mimetype_by_ext()
* [core] inet_ntop_cache now 4-element cache
* [mod_openssl] free local_send_buffer at exit
* [core] extend mimetype search w/o leading '.'
* [core] no SOCK_CLOEXEC on Linux kernel < 2.6.27
* [core] inline simple buffer is empty checks
* [core] buffer_substr_replace()
* [core] sys-strings.h abstraction for strings.h
* [mod_proxy] fix backslash escaping
* [core] omit default port from normalized host str
* [core] fix build issue without ipv6 support
* [core] permit strings and integers in config array
* [mod_accesslog] flag high precision ts for %T (fixes #2807)
* [core] permit strings,ints,arrays in config array
* [core] calloc plugin_config for consistent init
* [mod_proxy] simple host/url mapping in headers (fixes #152)
* [mod_uploadprogress] handle query str progress ID (fixes #2808)
* [mod_fastcgi] consolidate backend read code
* [mod_proxy,mod_scgi] fix truncated error trace
* [core] skip socket shutdown() if con->fd negative
* [core] act as transparent proxy after con Upgrade
* [core] remove redundant resets of fde_ndx
* [core] configparser: fix resource handling in error cases (fixes #2809)
* [core] fix crash for invalid syntax in config file (fixes #2810)
* [core] prep mod transitions to transparent proxy
* [mod_proxy] basic support for Upgrade: websocket (fixes #2811)
* [mod_extforward] compile on OSX
* [core] set server.max-keep-alive-requests = 100 (fixes #2205)
* [core] perf: skip redundant strlen() if len known
* [core] optional condition in config "else" clause (fixes #1268)
* [mod_cgi] basic support for Upgrade: websocket
* [core] buffer to disk streaming to slow backends
* [core] silence compiler warnings if !HAVE_FORK
* [build] -Werror if --enable-extra-warnings=error
* [build] autotools use AC_PROG_CC_STDC macro
* [mod_openssl] ssl.ca-crl-file for CRL (fixes #2319)
* [mod_openssl] ssl.ca-dn-file (fixes #2694)
* [mod_proxy] fix typo identified by coverity
* [mod_openssl] ignore client verification error if not enforced
* [mod_openssl] fix compile with openssl 1.1.0
* [mod_extforward] quiet clang compiler warning
* [mod_dirlisting] sort "../" to top of names
* [mod_openssl] safer_X509_NAME_oneline() (fixes #2693)
* [core] allow earlier plugin init for SSL/TLS
* [mod_openssl] adjust use of ssl.ca-dn-file
* [core] fix compiler warnings on Mac OS X
* [core] server.socket-perms to set perms on unix (fixes #656)
* [core] get port from sock_addr if AF_INET,AF_INET6
* [core] server.error_handler_404 X-Sendfile ENOENT (#2474)
* [core] consolidate fork()/execve() code (#1393)
* [core] mv log_error_{open,cycle.close} to server.c
* [core] rename fd_close_on_exec()
* [core] remove unused includes of stat_cache.h
* [core] add missing include of stdlib.h
* [core] reduce exposure of unistd.h, other includes
* [core] sock_addr_from_str_hints reusable name res
* [core] continue collecting use of netdb.h
* [core] continue collecting use of netdb.h
* [core] continue collecting use of netdb.h
* [core] fdevent_connect_status() shared code
* [core] add const to reduce .data segment size
* [mod_proxy] move data_fastcgi into mod_proxy.c
* [mod_proxy] store address family at config time
* [mod_fastcgi] slightly simplify counters
* [mod_fastcgi] consolidate connect() error handling
* [mod_fastcgi] set request_id in fcgi_create_env()
* [mod_fastcgi] move delayed connect() into switch()
* [mod_fastcgi,mod_scgi] consistent connect() error
* [mod_scgi] remove unused parse_response member
* [mod_fastcgi,mod_scgi] struct member consistency
* [mod_fastcgi,mod_scgi] parse bin_path at startup
* [mod_fastcgi,mod_scgi] use temp buffer for cgi_env
* [core] shared code for socket backends
* [core] spread load on socket backend procs
* [core] store sockaddr for socket backend procs
* [core] resolve DNS at startup for socket backends
* [core] adaptive spawning for socket backend procs (fixes #1162)
* quell compiler warnings for -Wimplicit-fallthrough
* [doc] update README
* [core] fdevent_cycle_logger()
* [core] reap lighttpd worker pids precisely
* [core] restart piped loggers if they exit (fixes #1393)
* [mod_webdav] PROPFIND getetag attr must match GET
* [core] consistent behavior w/ and w/o SA_SIGINFO
* [core] do not remove pid-file in test mode
* [core] add public domain SHA1() if no crypto
* [mod_wstunnel] websocket tunnel to other protocol
* [core] forward SIGHUP only to lighttpd workers
* [mod_dirlisting] treat README and HEADER as paths (fixes #2818)
* [core] set one-shot mode fd O_NONBLOCK, FD_CLOEXEC
* [core] remove fdevent fcntl_set hook
* [mod_extforward] typo in comment
* [mod_cgi] add missing #include
* [core] fix invalid sizeof() identified by coverity
* [core] add missing #include
* [core] base_decls.h to quiet compiler warnings
* [core] set socket perms after bind, before listen
* [core] warn if backend server config contains '_'
* [mod_extforward] PROXY proto and SSL_CLIENT_VERIFY
* [core] workaround for AIX mmap define
* [mod_accesslog] flush access logs every 4 seconds
* [mod_cgi] fix bug to properly exec interpreter
* [mod_fastcgi] fix return when streaming min buffer
* [core] attempt to quiet coverity false positives
* [core] attempt to quiet coverity false positives
* [core] attempt to quiet compiler warning in LEDE
* [core] SIGCHLD handle_waitpid hook for modules
* [mod_rrdtool] handle_trigger returns HANDLER_GO_ON
* [mod_openssl] ssl.read-ahead="disable" for stream
* [mod_cgi] add FDEVENT_IN upon CGI exit
* [mod_cgi] omit cgi_handle_fdevent after proc exit
* [mod_webdav] check HAVE_UUID for -luuid
* [core] adjust li_rand_pseudo* interfaces
* [mod_wstunnel] fix config parsing bug
* [core] fdevent setsockopt() helper functions
* [core] make strftime_cache_get() 16-element cache
* [core] disable Nagle if streaming to backend
* [core] fix triggered assert on HTTP chunked input (fixes #2822)
* [mod_wstunnel] fix NULL ptr deref
* [algo_sha1] fix compile break and warnings
* [lemon] fix gcc implicit-fallthrough warning
* [core] URI scheme is case-insensitive
* [network] do not append port to unix socket paths
* [unittests] consolidate base64 test code
* [core] use sun_path for addr string for AF_UNIX (fixes #2826)
* [core] cleaner code; remove goto from network.c
* [core] /dev/stdin listener for inetd wait yes
* [core] compare listen addrs after DNS resolution
* [core] inline chunkqueue_is_empty()
* [core] limit use of TCP_CORK
* [core] return from http_response_read if small rd
* [core] gateways might Upgrade con before body read
* [mod_wstunnel] set Sec-WebSocket-Protocol if bin
* [mod_wstunnel] remove invalid appended '\0'
* [core] quiet coverity warning
* [core] handle fds pending close after poll timeout (fixes #2827)
* [core] fix $REQUEST_HEADER[...] parsing in config (#1556)
* [mod_dirlisting] custom js date parse func (fixes #2823)
* [core] remove fd interest if create_env returns
* [mod_openssl] copy data for larger SSL packets
* [mod_openssl] remove erroneous SSL_set_shutdown()
* [core] permit LF to end lines if !header-strict
* [core] add back REQUEST_SCHEME for backends
* [core] remove fdevent_sched_run from fdevent_libev (#2827)
* [mod_openssl] ssl.read-ahead="disable" by default
* [core] adjust parser for valid variable expansion
* [cmake] handle WITH_WEBDAV_LOCKS option
* [cmake] fix attr header detection and linking
* [cmake] link mod_cml with memcached
* [core] reproducible build: hide __DATE__ __TIME__ (fixes #2828)
* [core] perf: more efficient fdevent_sched_run()
* [core] translate DNS to IP str for cond socket cmp
- 1.4.45 - 2017-01-14
* [mod_cgi] skip local-redir handling if to self (fixes #2779, #2108)
* [mod_webdav] fix crash when plugin_ctx cleaned up (fixes #2780)
* [mod_fastcgi] detect child exit, restart proactively
* [mod_scgi] detect child exit, restart proactively
* [TLS] ssl.read-ahead = "disable" for low mem (fixes #2778)
- 1.4.44 - 2016-12-24
* [mod_scgi] fix segfault (fixes #2762)
* [mod_authn_gssapi] fix memory leak
* [config] warn if mod_authn_ldap,mysql not listed
* [mod_magnet] fix magnet_cgi_set() set of env vars (fixes #2763)
* [mod_cgi] FreeBSD 9.3/MacOSX does not have pipe2() (fixes #2765)
* [mod_extforward] fix crash on invalid IP (fixes #2766)
* [mod_fastcgi] fix segfault if all backends down (fixes #2768)
* [mod_cgi] fix out of sockets error for POST to CGI (fixes #2771)
* [mod_auth] compile fix for Mac OS X XCode (fixes #2772)
* [mod_authn_gssapi] better resource cleanup
* [core] compile fix for Mac OS X 10.6 (old) (fixes #2773)
* fix race in dynamic handler configs (reentrancy) (fixes #2774)
* [mod_authn_mysql] close mysql_conn in cleanup
* [mod_webdav] compile fix when locking not enabled
* load mod_auth & mod_authn_file in sample/test.conf
* comment out auth.backend.ldap.* in tests/*.conf
* [mod_fastcgi,mod_scgi] warn if invalid "bin-path"
* RAND_pseudo_bytes() is deprecated in openssl 1.1.0
* openssl 1.1.0 init and cleanup
* [mod_cgi] remove direct calls to network_backend*
* [build] build network_*.c into lighttpd executable
* suggest inclusion of mod_geoip... before mod_ssi.
* set systemd settings similar to lighttpd2
* [doc] remove reference to Linux rt-signals
* [mod_authn_gssapi] fix missing error ret, coverity
* [core] rename li_rand() to li_rand_pseudo_bytes()
* remove #include "stream.h" where not used
* [mod_cml] include lua headers before base.h
* [core] combine duplicated connection reset code
* [mod_ssi] produce content in subrequest hook
* [core] remove srv->entropy[]
* [core] defer li_rand_init() until first use
* [core] permit connection-level state in modules
* [mod_dirlisting] render dirlisting as HTML (fixes #2767)
* [mod_proxy] replace HTTP Host sent to backend (fixes #2770)
* [mod_ssi] basic recursive SSI include virtual (fixes #536)
* [mod_ssi] implement, ignore <!--#comment ... -->
* [core] consolidate duplicated read-to-close code
* [core] fix segfault when parsing a bad config file
* [core] support Transfer-Encoding: chunked req body (fixes #2156)
* [autobuild] set NO_RDYNAMIC=yes for midipix
* [mod_proxy] proxy.balance = "sticky" option (fixes #2117)
* [mod_secdownload] warn if SHA used w/o SSL crypto
* [build] compile fixes for AIX
* [build] check for pipe2() at configure time
* [mod_evhost] fix an incorrect error trace
* [tests] mark tests/docroot/www/*.pl scripts a+x
* [mod_cgi] fall back to pipe() if pipe2() fails
* fix SCons fullstatic build with glibc pthreads
* [TLS] openssl 1.1.0 makes SSL_OP_NO_SSLv2 no-op
- 1.4.43 - 2016-10-31
* [autobuild] remove mod_authn_gssapi dep on resolv
* [mod_deflate] ignore '*' in deflate.mimetypes
* [autobuild] omit module stubs when missing deps
* [TLS] openssl 1.1.0 hides struct bignum_st
* [autobuild] move http_cgi_ssl_env() for Mac OS X (fixes #2757)
* [core] use paccept() on NetBSD (replace accept4())
* [TLS] remote IP conditions are valid for TLS SNI (fixes #2272)
* [doc] lighttpd-angel.8 (fixes #2254)
* [cmake] build fcgi-auth, fcgi-responder for tests
* [mod_accesslog] %{ratio}n logs compression ratio (fixes #2133)
* [mod_deflate] skip deflate if loadavg too high (fixes #1505)
* [mod_expire] expire by mimetype (fixes #423)
* [mod_evhost] partial matching patterns (fixes #1194)
* build: use CC_FOR_BUILD for lemon when cross-compiling
* [mod_dirlisting] config header and readme files
* [config] warn if mod_authn_ldap,mysql not listed
* fix FastCGI, SCGI, proxy reconnect on failure
* [core] network_open_file_chunk() temp file opt
* [mod_rewrite] add more info in error log msg
* [core] fix fd leak when using libev (fixes #2761)
* [core] fix potential streaming tempfile corruption (fixes #2760)
* [mod_scgi] fix prefix matching to always match url
* [autobuild] adjust Makefile.am for FreeBSD
* [build] move some build scripts to scripts/
* [autotools] fix configure.ac for opensuse 13.2
- 1.4.42 - 2016-10-16
* [TLS] SSL_shutdown() only if handshake finished
* [mod_proxy,mod_scgi] shutdown remote only if local (#2743)
* [core] check if client half-closed TCP if POLLHUP (#2743)
* [core] enforce wait for POLLWR after EINPROGRESS (fixes #2744)
* [core] do not enter handler twice after read body
* [core] proxy,scgi omit shutdown() to backend (fixes #2743)
* [mod_dirlisting] dirlist does not handle POST
* [mod_dirlisting] js column sort for dirlist table (fixes #613, fixes #2315)
* [mod_auth] Digest auth fails after rewrite (fixes #2745)
* [mod_auth] refactor out auth backend code
* [mod_auth] extensible interface for auth backends
* [core] better DragonFlyBSD support (fixes #2746)
* [mod_auth] include base.h for USE_OPENSSL def
* [mod_auth] support CRYPT-MD5-NTLM algorithm (fixes #1743)
* [mod_auth] terminate salt for CRYPT-MD5-NTLM
* [core] fix crash if ready events on abandoned fd (fixes #2748)
* [mod_auth] http_auth_md5_hex2bin()
* [mod_auth] remove empty mod_auth.h
* [mod_auth] mod_authn_mysql.c MySQL auth backend (fixes #752, fixes #1845)
* [mod_cgi] permit CGI exec of unreadable files (fixes #2374)
* [mod_uploadprogress] add to default build
* [mod_geoip] add to default build (fixes #2705, fixes #2101, fixes #2092, fixes #2025, fixes #1962, fixes #1938)
* [mod_fastcgi] Authorizer support with Responder (fixes #321, fixes #322)
* [tests] test coverage for issues (#321, #322)
* dynamic handlers store debug flag in handler_ctx
* [mod_fastcgi] allow authorizer, responder for same path/ext (#321)
* backport mod_deflate to lighttpd 1.4 (fixes #1824, fixes #2753)
* [autobuild] test_configfile might need vector.c (fixes #2752)
* [mod_deflate] fix longjmp clobber compiler warning
* remove unused array type TYPE_COUNT data_count
* [mod_auth] structured data, register auth schemes
* [mod_auth] mod_authn_gssapi Kerberos auth backend (fixes #1899)
* [autobuild] skip two new tests if no fcgi-auth
* [SCons] define with_krb5 for SCons build
* [SCons] fix syntax error in SConstruct
* [SCons] define with_geoip for SCons build
* [CMake] fix clang -Wcast-align warnings in lemon.c
* remove excess initializers (fix compiler warnings)
* fix errors detected by Coverity Scan
* performance: use Linux extended syscalls and flags
* [mod_scgi] add uwsgi protocol support
* [mod_auth] refactor LDAP code into smaller funcs
* [mod_auth] HTTP Basic auth backends also do authz (#1817)
* [mod_auth] ldap filter subst user for multiple '$' (fixes #1508)
* [mod_auth] permit specifying ldap DN; skip search (fixes #1248)
* [autobuild] update module/feature report
* [cmake] build mod_authn_gssapi if WITH_KRB5
* [mod_auth] fix printing of IP in error trace
* [mod_mysql_vhost] support multiple '?' replacement (fixes #2163)
* [core] make server.max-request-size scopeable (#1901)
* [core] server.max-request-field-size (fixes #2130)
* [core] optional condition in config "else" clause (fixes #1268)
* [core] restrict where config "else" clauses occur (#1268)
* silence warnings from clang ccc-analyzer
* consistent, shared code to create CGI env
* [TLS] replace env entries in https_add_ssl_entries
* [TLS] set SSL_CLIENT_M_SERIAL w/ client cert SN (fixes #2268)
* [TLS] set SSL_CLIENT_VERIFY w/ client cert (#1288, #2693)
* [TLS] set SSL_PROTOCOL, SSL_CIPHER* (fixes #2511)
* [core] rand.[ch] to use better RNGs when available
* [mod_cgi] fix pipe_cloexec() when no O_CLOEXEC
* ignore return value from fcntl() FD_CLOEXEC
* build w/o compiler warnings if no zlib or bz2lib
- 1.4.41 - 2016-07-31
* remove long-deprecated, non-functional config opts
* [config] inherit server.use-ipv6 and server.set-v6only (fixes #678)
* [mod_auth] fix Digest auth to be better than Basic (fixes #1844)
* [mod_ssi] fix #config sizefmt="bytes"
* [autobuild] move inet_pton detection later
* [core] #include <sys/filio.h> for FIONREAD (fixes #2726)
* [autobuild] clock_gettime() -lrt with glibc < 2.17
* [security] do not emit HTTP_PROXY to CGI env
* [build_cmake] clock_gettime() -lrt w/ glibc < 2.17 (fixes #2737)
* [core] avoid spurious trace and error abort
* [core] stay in CON_STATE_CLOSE until done with req
* [core] $HTTP["remoteip"] must handle IPv6 w/o []
* [mod_status] show keep-alive status w/ text output (fixes #2740)
* do not set REDIRECT_URI in mod_magnet, mod_rewrite (#2738)
* revert 1.4.40 swap of REQUEST_URI, REDIRECT_URI (fixes #2738)
* [core] permit IPv6 address scope identifier
* [TLS] better handling of SSL_ERROR_WANT_READ/WRITE
* [TLS] read all available records from SSL_read()
* [core] try AF_INET after AF_INET6 if use-ipv6
* [core] set chunkqueue tempdirs at startup
* [security] ensure gid != 0 if server.username set (fixes #2725)
* [security] disable stat_cache if !follow-symlink (fixes #2724)
* [core] fix buffer_copy_string_hex() assert (fixes #2742)
* [security] encode quoting chars in HTML and XML
* [cmake] always define _GNU_SOURCE
* [cmake] enable warnings for GCC and Clang
* [cmake] set cmake_minimum_required to 2.8.2
- 1.4.40 - 2016-07-16
* [mod_ssi] enhance support for ssi vars (thx fbrosson)
* add handling for lua 5.2 and 5.3 (fixes #2674)
* use libmemcached instead of deprecated libmemcache
* add force_assert for more allocation results
* [mod_cgi] use MAP_PRIVATE to mmap temporary file (fixes #2715)
* [core] do not send SIGHUP to process group unless server.max-workers is used (fixes #2711)
* [mod_cgi] edge case chdir "/" when docroot "/" (fixes #2460)
* [mod_cgi] issue trace and exit if execve() fails (closes #2302)
* [configparser] don't continue after parse error (fixes #2717)
* [core] never evaluate else branches until the previous branches are ready (fixes #2598)
* [core] fix conditional cache handling
* [core] improve conditional enabling (thx Gwenlliana, #2598)
* [mod_compress] case-insensitive content-codings (fixes #2645)
* [plugins] don't include dlfcn.h if not needed (fixes #2548)
* [mod_fastcgi] 404 for X-Sendfile file not found (fixes #2474)