Check in 1.2.5

Makefile.in

@@ -558,7 +558,7 @@ distcheck: dist
 	*.zip*) \
 	  unzip $(distdir).zip ;;\
 	esac
-	chmod -R a-w $(distdir); chmod u+w $(distdir)
+	chmod -R a-w $(distdir); chmod a+w $(distdir)
 	mkdir $(distdir)/_build
 	mkdir $(distdir)/_inst
 	chmod a-w $(distdir)

configure

@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for openlitespeed 1.2.4.
+# Generated by GNU Autoconf 2.69 for openlitespeed 1.2.5.
 #
 # Report bugs to <[email protected]>.
 #
@@ -580,8 +580,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='openlitespeed'
 PACKAGE_TARNAME='openlitespeed'
-PACKAGE_VERSION='1.2.4'
-PACKAGE_STRING='openlitespeed 1.2.4'
+PACKAGE_VERSION='1.2.5'
+PACKAGE_STRING='openlitespeed 1.2.5'
 PACKAGE_BUGREPORT='[email protected]'
 PACKAGE_URL='http://www.litespeedtech.com/'
 
@@ -745,6 +745,7 @@ with_email
 enable_adminssl
 enable_spdy
 enable_debug
+enable_profiling
 enable_rpath
 with_libdir
 with_zlib
@@ -1306,7 +1307,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures openlitespeed 1.2.4 to adapt to many kinds of systems.
+\`configure' configures openlitespeed 1.2.5 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1372,7 +1373,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of openlitespeed 1.2.4:";;
+     short | recursive ) echo "Configuration of openlitespeed 1.2.5:";;
    esac
   cat <<\_ACEOF
 
@@ -1391,6 +1392,8 @@ Optional Features:
   --enable-spdy           Enable SPDY over HTTPS (Spdy is disabled by default)
   --enable-debug          Enable debugging symbols (Debug is disabled by
                           default)
+  --enable-profiling      Enable cpu profiling (profiling is disabled by
+                          default)
   --disable-rpath         Disable rpath (It is 'no' by default)
 
 Optional Packages:
@@ -1492,7 +1495,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-openlitespeed configure 1.2.4
+openlitespeed configure 1.2.5
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2129,7 +2132,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by openlitespeed $as_me 1.2.4, which was
+It was created by openlitespeed $as_me 1.2.5, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -2956,7 +2959,7 @@ fi
 
 # Define the identity of the package.
  PACKAGE='openlitespeed'
- VERSION='1.2.4'
+ VERSION='1.2.5'
 
 
 # Some tools Automake needs.
@@ -5149,12 +5152,26 @@ if test "${enable_debug+set}" = set; then :
                     CFLAGS="-g -O3"
                     CXXFLAGS="-g -O3"
                 fi
-                echo "OPENLSWS_DEBUG='$OPENLSWS_DEBUG'  CFLAGS='$CFLAGS'"
+                echo "OPENLSWS_DEBUG='$OPENLSWS_DEBUG'"
 
 fi
 
+
+# Check whether --enable-profiling was given.
+if test "${enable_profiling+set}" = set; then :
+  enableval=$enable_profiling; OPENLSWS_PROF="$enableval"
+                if test "$OPENLSWS_PROF" = "yes" ; then
+                    CFLAGS="$CFLAGS -pg"
+                    CXXFLAGS="$CXXFLAGS -pg"
+                fi
+                echo "OPENLSWS_PROF='$OPENLSWS_PROF'"
+
+fi
+
+
 CFLAGS="$CFLAGS -fstack-protector"
 CXXFLAGS="$CXXFLAGS -fstack-protector"
+echo "Final CFLAGS='$CFLAGS' CXXFLAGS='$CXXFLAGS'"
 
 # Check whether --enable-rpath was given.
 if test "${enable_rpath+set}" = set; then :
@@ -7616,7 +7633,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by openlitespeed $as_me 1.2.4, which was
+This file was extended by openlitespeed $as_me 1.2.5, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -7683,7 +7700,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-openlitespeed config.status 1.2.4
+openlitespeed config.status 1.2.5
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 

configure.in

@@ -5,8 +5,8 @@ m4_include(ax_lib_expat.m4)
 
 dnl Process this file with autoconf to produce a configure script.
 AC_PREREQ([2.69])
-AC_INIT([openlitespeed],[1.2.4],[[email protected]],[openlitespeed],[http://www.litespeedtech.com/])
-AM_INIT_AUTOMAKE([1.2.4 foreign no-define ])
+AC_INIT([openlitespeed],[1.2.5],[[email protected]],[openlitespeed],[http://www.litespeedtech.com/])
+AM_INIT_AUTOMAKE([1.2.5 foreign no-define ])
 
 AM_CONFIG_HEADER(src/config.h:src/config.h.in)
 
@@ -96,11 +96,24 @@ AC_ARG_ENABLE([debug],
                     CFLAGS="-g -O3"
                     CXXFLAGS="-g -O3"
                 fi
-                echo "OPENLSWS_DEBUG='$OPENLSWS_DEBUG'  CFLAGS='$CFLAGS'"
+                echo "OPENLSWS_DEBUG='$OPENLSWS_DEBUG'"
                 ], [])
+
+AC_ARG_ENABLE([profiling],
+              [AC_HELP_STRING([--enable-profiling],
+                              [Enable cpu profiling (profiling is disabled by default)])],
+              [OPENLSWS_PROF="$enableval"
+                if test "$OPENLSWS_PROF" = "yes" ; then 
+                    CFLAGS="$CFLAGS -pg"
+                    CXXFLAGS="$CXXFLAGS -pg"
+                fi
+                echo "OPENLSWS_PROF='$OPENLSWS_PROF'"
+                ], [])                
+
 CFLAGS="$CFLAGS -fstack-protector"
 CXXFLAGS="$CXXFLAGS -fstack-protector"
-
+echo "Final CFLAGS='$CFLAGS' CXXFLAGS='$CXXFLAGS'"
+
 AC_ARG_ENABLE([rpath],
               [AC_HELP_STRING([--disable-rpath], 
                               [Disable rpath (It is 'no' by default)])],

dist/VERSION

@@ -1 +1 @@
-1.2.4
+1.2.5

dist/admin/html.open/classes/ows/DATTR_HELP_inc.php

@@ -242,6 +242,7 @@
 		$this->db['sname'] = new DATTR_HELP_ITEM('Name - Server', 'The unique name that identifies this server. This is the  "Server Name" specified in the general configuration.', '', '', '');
 		$this->db['sndBufSize'] = new DATTR_HELP_ITEM('Send Buffer Size', 'The sending buffer size of each TCP socket. Set to 0 to use the default  buffer size of the operating system. 65535 is the maximum allowed buffer size.', '[Performance] If your web site serves large static files, increase the send buffer  size to improve performance.', 'Integer number', '');
 		$this->db['softLimit'] = new DATTR_HELP_ITEM('Connection Soft Limit', 'Specifies the soft limit of concurrent connections allowed from one IP.  This soft limit can be exceeded temporarily during &quot;Grace Period (sec)&quot; as long as  the number is below the &quot;Connection Hard Limit&quot;, but Keep-Alive connections  will be closed as soon as possible until the number of connections is lower  than the limit. If number of connections is still over the limit after the  &quot;Grace Period (sec)&quot;, that IP will be blocked for the &quot;Banned Period (sec)&quot;.<br/><br/>For example, if a page contains many small graphs, the browser may try to set up  many connections at same time, especially for HTTP/1.0 clients. You would want to allow  those connections for a short period.<br/><br/>HTTP/1.1 clients may also set up multiple connections to speed up downloading and SSL   requires separate connections from non-SSL connections. Make sure the limit is set properly,   as not to adversely affect normal service. The recommended limit is between 5 and 10.', '[Security] A lower number will enable serving more distinct clients.<br/>[Security] Trusted IPs or sub-networks are not affected. <br/>[Performance] Set to a high value when you are performing benchmark tests  with a large number of concurrent client machines.', 'Integer number', '');
+		$this->db['spdyAdHeader'] = new DATTR_HELP_ITEM('SPDY Advertisement', 'Specifies whether to advertise to clients that SPDY protocol is available. If set, LSWS will send an Alternate-Protocol  response header when a client accesses SPDY-enabled websites through an HTTP connection.  This requires the website to have both HTTP and HTTPS connections set up, and SPDY support enabled.', '', 'port:protocol string', 'If SPDY/3 is enabled on port 443, you can set the string to &quot;443:npn-spdy/3&quot;');
 		$this->db['sslCert'] = new DATTR_HELP_ITEM('SSL Private Key & Certificate', 'Every SSL listener requires a paired SSL private key and SSL certificate.  Multiple SSL listeners can share the same key and certificate.    You can generate SSL private keys yourself using an SSL software package,  such as OpenSSL. SSL certificates can also be purchased from an authorized certificate  issuer like VeriSign or Thawte. You can also sign the certificate yourself.  That certificate will not be trusted by web browsers and should not be used on public web  sites containing critical data. However, a self-signed certificate is good  enough for internal use, e.g. for encrypting traffic  to LiteSpeed Web Server&#039;s WebAdmin console.', '', '', '');
 		$this->db['sslOCSP'] = new DATTR_HELP_ITEM('OCSP Stapling', 'Online Certificate Status Protocol (OCSP) is a more efficient method  of checking whether a digital certificate is valid. It works by communicating  with another server — the OCSP responder — to get verification that the certificate  is valid instead of checking through certificate revocation lists (CRL).   OCSP stapling is a further improvement on this protocol, allowing the server to  check with the OCSP responder at regular intervals instead of every time a certificate  is requested. See the <a href=&quot;http://en.wikipedia.org/wiki/OCSP_Stapling&quot;>OCSP Wikipedia page</a> for more details.', '', '', '');
 		$this->db['sslProtocol'] = new DATTR_HELP_ITEM('SSL Protocol Version', 'Specifies which version of SSL protocol will be used. You can choose from  SSL v3.0 and TLS v1.0. Since OpenSSL 1.0.1, TLS v1.1 and TLS v1.2 are also supported.', '', '', '');

dist/admin/html.open/classes/ows/DPageDef.php

@@ -75,7 +75,7 @@ protected function add_FilePage_vh()
 		$pages = array();
 		$pages[] = new DFileSect(
 			array(
-				'VH_GENERAL', 'VH_LOG',	'VH_ACLOG',	'VH_INDXF',	'VH_ERRPG',
+				'VH_GENERAL', 'VH_LOG', 'VH_ACLOG', 'VH_INDXF', 'VH_ERRPG',
 				'A_SCRIPT',	'VH_EXPIRES',
 				'A_SECAC', 'VH_REALM_SEL',
 				'A_EXT_SEL', 'VH_CTX_SEL',

dist/admin/html.open/classes/ows/DTblDef.php

@@ -266,6 +266,7 @@ protected function loadCommonAttrs()
 			'vh_maxKeepAliveReq' => new DAttr('maxKeepAliveReq', 'uint', 'Max Keep-Alive Requests', 'text', true, 0, 32767, NULL, 0, 'vhMaxKeepAliveReq'),
 			'vh_smartKeepAlive' => new DAttr('smartKeepAlive', 'bool', 'Smart Keep-Alive', 'radio', true, NULL, NULL, NULL, 0, 'vhSmartKeepAlive'),
 			'vh_enableGzip' => new DAttr('enableGzip', 'bool', 'Enable GZIP Compression', 'radio'),
+			'vh_spdyAdHeader' => new DAttr('spdyAdHeader', 'parse', 'SPDY Advertisement', 'text', true, "/^\d+:npn-spdy\/[23]$/", 'required format: ssl_port:npn-spdy/version like 443:npn-spdy/3', $this->_options['text_size']),			
 			'vh_allowSymbolLink' => new DAttr('allowSymbolLink', 'sel', 'Follow Symbolic Link', 'select', true, 0, $this->_options['symbolLink']),
 			'vh_enableScript' => new DAttr('enableScript', 'bool', 'Enable Scripts/ExtApps', 'radio', false),
 			'vh_restrained' => new DAttr('restrained', 'bool', 'Restrained', 'radio', false),
@@ -963,7 +964,8 @@ protected function add_VH_GENERAL($id)
 			new DAttr('docRoot', 'path', 'Document Root', 'text', false, 3, '', $this->_options['text_size']),//no validation, maybe suexec owner
 			$this->_attrs['adminEmails'],
 			$this->_attrs['vh_enableGzip'],
-			$this->_attrs['enableIpGeo']
+			$this->_attrs['enableIpGeo'],
+			$this->_attrs['vh_spdyAdHeader']
 			);
 		$this->_tblDef[$id]->setAttr($attrs, 'general');
 	}
@@ -1675,9 +1677,10 @@ protected function add_TP_GENERAL($id)
 			$this->_attrs['vh_maxKeepAliveReq'],
 			$this->_attrs['vh_smartKeepAlive'],
 			$this->_attrs['tp_vrFile']->dup('docRoot', 'Document Root', NULL),
+			$this->_attrs['adminEmails'],
 			$this->_attrs['vh_enableGzip'],
 			$this->_attrs['enableIpGeo'],
-			$this->_attrs['adminEmails']
+			$this->_attrs['vh_spdyAdHeader']
 			);
 // to do: need check path contain VH variable.
 		$this->_tblDef[$id]->setAttr($attrs, 'general');
@@ -1704,9 +1707,10 @@ protected function add_TP_GENERAL2($id)
 		$this->_tblDef[$id] = new DTbl($id);
 		$attrs = array(
 			$this->_attrs['tp_vrFile']->dup('docRoot', 'Document Root', NULL),
+			$this->_attrs['adminEmails'],
 			$this->_attrs['vh_enableGzip'],
 			$this->_attrs['enableIpGeo'],
-			$this->_attrs['adminEmails']
+			$this->_attrs['vh_spdyAdHeader']
 			);
 		$this->_tblDef[$id]->setAttr($attrs, 'general');
 	}

dist/admin/html.open/utility/build_php/buildconf.inc.php

@@ -11,24 +11,14 @@
 
 $PHP_VER = array('5'=>
 		 array(
-		 	'5.5.2',
-		 	'5.5.1',
-		 	'5.5.0',
-		 	'5.4.18',
-		 	'5.4.17',
-		 	'5.4.16',
-		 	'5.4.15',
-			'5.4.14',
-		 	'5.4.13',
-			'5.4.12',
+		 	'5.5.3',
+		 	'5.4.19',
 		 	'5.3.27',
-			'5.2.17',
-			'5.2.9',
-			'5.1.6'),
+			'5.2.17'),
 		 '4'=>
-		 array('4.4.9',
-		       '4.4.8'));
-
+		 array('4.4.9'));
+
+		 
 define ('LSAPI_VERSION', '6.3');
 define ('SUHOSIN_VERSION', '0.9.33');
 define ('APC_VERSION', '3.1.9');

dist/functions.sh

@@ -280,9 +280,10 @@ EOF
 
 
 # generate password file
-		ENCRYPT_PASS=`"$LSINSTALL_DIR/admin/fcgi-bin/admin_php" -q "$LSINSTALL_DIR/admin/misc/htpasswd.php" $PASS_ONE`
-		echo "$ADMIN_USER:$ENCRYPT_PASS" > "$LSINSTALL_DIR/admin/conf/htpasswd"
-
+        if [ ! -f  "$LSINSTALL_DIR/admin/conf/htpasswd" ] ; then
+            ENCRYPT_PASS=`"$LSINSTALL_DIR/admin/fcgi-bin/admin_php" -q "$LSINSTALL_DIR/admin/misc/htpasswd.php" $PASS_ONE`
+            echo "$ADMIN_USER:$ENCRYPT_PASS" > "$LSINSTALL_DIR/admin/conf/htpasswd"
+        fi
 	fi
 
 }
@@ -890,9 +891,10 @@ installation()
         rm -rf "$LSWS_HOME/admin/html.$VERSION"
     fi
 
-    util_mkdir "$SDIR_OWN" $DIR_MOD admin bin docs fcgi-bin php lib logs docs/css docs/img admin/logs add-ons share share/autoindex share/autoindex/icons admin/fcgi-bin admin/html.$VERSION admin/misc tmp tmp/ocspcache 
+    util_mkdir "$SDIR_OWN" $DIR_MOD admin bin docs fcgi-bin php lib logs docs/css docs/img admin/logs add-ons share share/autoindex share/autoindex/icons admin/fcgi-bin admin/html.$VERSION admin/misc tmp  
     util_mkdir "$CONF_OWN" $SDIR_MOD conf conf/cert conf/templates admin/conf admin/tmp phpbuild
     util_mkdir "$SDIR_OWN" $SDIR_MOD admin/cgid admin/cgid/secret
+    util_mkdir "$DIR_OWN" $SDIR_MOD tmp/ocspcache
     chgrp  $WS_GROUP $LSWS_HOME/admin/tmp $LSWS_HOME/admin/cgid
     chmod  g+x $LSWS_HOME/admin/tmp $LSWS_HOME/admin/cgid
     chown  $CONF_OWN $LSWS_HOME/admin/tmp/sess_* 1>/dev/null 2>&1

dist/install.sh

@@ -141,10 +141,9 @@ else
     chmod "$EXEC_MOD" "$LSWS_HOME/admin/fcgi-bin/admin_php"
 fi
 
-if [ ! -f "$LSWS_HOME/admin/conf/htpasswd" ] ; then
-    ENCRYPT_PASS=`"$LSWS_HOME/admin/fcgi-bin/admin_php" -q "$LSWS_HOME/admin/misc/htpasswd.php" $PASS_ONE`
-    echo "$ADMIN_USER:$ENCRYPT_PASS" > "$LSWS_HOME/admin/conf/htpasswd"
-fi
+ENCRYPT_PASS=`"$LSWS_HOME/admin/fcgi-bin/admin_php" -q "$LSWS_HOME/admin/misc/htpasswd.php" $PASS_ONE`
+echo "$ADMIN_USER:$ENCRYPT_PASS" > "$LSWS_HOME/admin/conf/htpasswd"
+
 
 
 if [ -f "$LSWS_HOME/fcgi-bin/lsphp" ]; then

src/extensions/proxy/proxyconn.cpp

@@ -400,6 +400,11 @@ int ProxyConn::processResp()
             {
                 setupChunkIS();
             }
+            else if (!(respState & HEC_RESP_CONT_LEN ))
+            {
+                m_iRespBodySize = INT_MAX;
+            }
+
             m_pBufBegin = pBuf;
             m_pBufEnd = pBuf + len;
             if ( D_ENABLED( DL_MEDIUM ) )

src/http/clientcache.cpp

@@ -231,6 +231,7 @@ static int resetQuotas( GHash::iterator iter )
     ClientInfo * pInfo = ((ClientInfo *)iter->second());
     if ( !pInfo )
         return 0;
+    pInfo->setSslNewConn( 0 );
     pInfo->getThrottleCtrl().resetQuotas();
     register time_t tm = pInfo->getOverLimitTime();
     if ( tm )

src/http/httpcgitool.cpp

@@ -177,7 +177,11 @@ int HttpCgiTool::processHeaderLine( HttpExtConnector * pExtConn, const char * pL
         {
             long lContentLen = strtol( pValue, NULL, 10 );
             if (( lContentLen >= 0 )&&( lContentLen != LONG_MAX ))
+            {
                 pResp->setContentLen( lContentLen );
+                status |= HEC_RESP_CONT_LEN;
+                pReq->orContextState( RESP_CONT_LEN_SET );
+            }
         }
         //fall through
     case HttpRespHeaders::H_KEEP_ALIVE:

src/http/httpconnection.cpp

@@ -1274,7 +1274,8 @@ int HttpConnection::buildErrorResponse( const char * errMsg )
             int len = HttpStatusCode::getBodyLen( errCode );
             m_response.setContentLen( len );
             m_response.parseAdd( HttpStatusCode::getHeaders( errCode ), HttpStatusCode::getHeadersLen( errCode ));
-            m_response.finalizeHeader( ver, errCode);
+            m_response.finalizeHeader( ver, errCode, m_request.getVHost());
+
             if ( getStream()->isSpdy() )
                 sendSpdyHeaders();
             m_response.getIov().append( pHtml, len );
@@ -1283,7 +1284,7 @@ int HttpConnection::buildErrorResponse( const char * errMsg )
             return 0;
         }
     }
-    m_response.finalizeHeader( ver, errCode);
+    m_response.finalizeHeader( ver, errCode, m_request.getVHost() );
     if ( getStream()->isSpdy() )
         sendSpdyHeaders();
     return 0;
@@ -2250,7 +2251,7 @@ int HttpConnection::prepareDynRespHeader( int complete, int nobuffer )
             m_response.addGzipEncodingHeader();
     }
     m_response.prepareHeaders( &m_request );
-    m_response.finalizeHeader( m_request.getVersion(), m_request.getStatusCode());
+    m_response.finalizeHeader( m_request.getVersion(), m_request.getStatusCode(), m_request.getVHost() );
     return 0;
 }
 

src/http/httpreq.cpp

@@ -2072,6 +2072,16 @@ void HttpReq::dumpHeader()
 {
     const char * pBegin = getOrgReqLine();
     char * pEnd = (char *)pBegin + getOrgReqLineLen();
+    if ( m_iHeaderStatus == HEADER_REQUEST_LINE ) 
+        return;
+    if ( pEnd >= m_headerBuf.begin() + m_iReqHeaderBufFinished )
+    {
+        pEnd = m_headerBuf.begin() + m_iReqHeaderBufFinished;
+        if ( pEnd >= m_headerBuf.begin() + m_headerBuf.capacity() )
+            pEnd = m_headerBuf.begin() + m_headerBuf.capacity() - 1;
+    }
+    if ( pEnd < pBegin )
+        pEnd = (char *)pBegin;
     *pEnd = 0;
     LOG_INFO(( getLogger(), "[%s] Content len: %d, Request line: \n%s", getLogId(),
                m_lEntityLength, pBegin ));