| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- remove obsolete modules
- replace mod_compress directives with mod_deflate
- do not enable debug.log-request-handling by default
(should not be enabled *by default* on any production system,
especially not an embedded system)
- update TLS syntax for modern recommended use
(separate files for certificate+chain, and private key)
- remove incorrect comment about server.event-handler
lighttpd defaults correctly to use kqueue on *BSD systems
- remove ancient config which disables range requests for PDF
(cargo-culted config from ~15 years ago to address problem
in then-popular PDF client)
- use recommend config file include syntax
(more efficient and more deterministic include file ordering)
(From OE-Core rev: b52a12e66d2f9ed0751b63cea01e96890da15998)
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- add configtest option
- add configtest before starting, restart, reload, force-reload
- change reload,force-reload to use lighttpd graceful restart
via kill signal USR1
(From OE-Core rev: 589450af505de6a00ba7d7a3b647a514d1d1282f)
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
fix-missing-test.patch
removed since it's included in new verion.
(From OE-Core rev: b88ffd2c41d99099d444e9a05b6d1b84090160a0)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
Rename options where appropriate. pcre option supports pcre2 now, so convert to that.
(From OE-Core rev: 7da38c6bdce5692b1c0b24c7d7694123b5329588)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
=============
* Update comment about TCP_INFO on OpenBSD
* [mod_ajp13] fix crash with bad response headers (fixes #3170)
* [core] handle RDHUP when collecting chunked body
* [core] tweak streaming request body to backends
* [core] handle ENOSPC with pwritev() (#3171)
* [core] manually calculate off_t max (fixes #3171)
* [autoconf] force large file support (#3171)
* [multiple] quiet coverity warnings using casts
* [meson] add license keyword to project declaration
(From OE-Core rev: 7a399862bb2e1503fbffa18e7ec0767643f76132)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
Backport the fix from upstream to fix this CVE.
(From OE-Core rev: 59f69125fb00dc8fd335f32fe6898e7a480141e4)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
0001-mod_extforward-fix-out-of-bounds-OOB-write-fixes-313.patch
removed since it's included in 1.4.64.
with_gdbm, with_memcached
removed since they're not applicable in 1.4.64.
Changelog:
=========
Important changes
remove deprecated modules, bugfixes, CVE-2022-22707 (rare configs)
Behavior Changes
(previously announced and scheduled)
-graceful restart/shutdown timeout changed from 0 (disabled) to 8 seconds
configure an alternative with:
server.feature-flags += ("server.graceful-shutdown-timeout" => 8)
build: lighttpd defaults to -with-pcre2 instead of -with-pcre
pcre2 is current. pcre is no longer maintained.
Explicitly specify -with-pcre in build to use pcre instead of pcre2.
-deprecated modules (previously announced) have been removed
mod_authn_mysql
mod_mysql_vhost
mod_cml
mod_flv_streaming
mod_geoip
mod_trigger_b4_dl
https://wiki.lighttpd.net/Docs_ConfigurationOptions#Deprecated
suggests migration steps for replacements, if needed
Changes from 1.4.63
[core] fix trace issued for loading mod_auth (fixes #3121)
[meson] need -lrt with glibc < 2.17 (fixes #3120)
[core] adjust time jump detection (fixes #3123)
[core] make setrlimit() warn, not fatal
[core] add remote IP to some error msgs (fixes #3122)
[mod_webdav] If-None-Match on non-existent entity
[build] check getxattr before attr_get and -lattr
[doc] SELinux: setsebool -P httpd_setrlimit on
[build] create sha512sum file with release
[build] CI builds now use make -j 2
[core] http_response_send_file() takes const path
[core] use ETag response header to check cachable
[core] add more const to stat_cache_update_entry()
[multiple] remove r->physical.etag
[mod_magnet] interface to http_response_send_file
[build] add headers for sendfile() detect on MacOS
[core] http_response_write_prepare optimization
[core] define static_assert for uClibc (fixes #3127)
[build] -Wno-implicit-fallthrough for ls-hpack
[core] ignore pcre2 "bad JIT option" warning
[build] pcre2: use pkg-config before pcre2-config
[core] http_response_has_error_handler()
[core] consolidate request restart loop check
[core] defer retrieving Last-Modified until needed
[mod_dirlisting] fix logic inversion in cache
[core] mark expect cond in http_response_send_file
[core] connection_handle_read_state() tweak
[core] connection_state_machine_loop() tweaks
[core] connection_state_machine_h2() tweaks
[core] quiet coverity noise
[core] use lower limit for max-fds if !setrlimit
[build] do not check for prctl; HAVE_PRCTL unused
[core] server.core-files support on FreeBSD (fixes #3128)
[mod_extforward] support longer PROXY v2 TLV vec
[mod_webdav] detect truncated copy_file_range()
[mod_webdav] copy_file_range() new in FreeBSD 13
[mod_webdav] copy_file_range() new in FreeBSD 13
[build] feature consistency between build types
[build] cmake build now defaults to C11
[core] CCRandomGenerateBytes() for rand on macOS (fixes #3129)
[multiple] remove long-deprecated modules
[build] default -with-pcre2 unless -with-pcre
[core] "server.graceful-shutdown-timeout" => 8
[build] adjust trace for regex-conditionals
[build] update tests/SConscript
[core] errno_t detection on Illumos
[build] cmake build now defaults to C11
[build] meson: find pcre2 w/o pkg-config
[core] define EXTENSIONS on Illumos
[build] cmake,meson socket libs for win32, Illumos (fixes #3130)
[core] hide bsd_accept_filter code on OpenBSD (fixes #3131)
[core] errno_t and rsize_t detection on Illumos
[mod_webdav] copy acceleration
[mod_webdav] define HAVE_RENAMEAT2 earlier
[build] meson misdetects mempcpy on some platforms
[build] cmake: skip "-Wl,-export-dynamic" Illumos
[build] adjust .gitignore for macOS
[build] meson crypt and dl detection on *BSD (fixes #3133)
[core] /dev/null is a symlink on Illumos (fixes #3132)
[core] server.core-files support for solaris (fixes #3135)
[build] feature consistency between build types
[build] Haiku build fix (fixes #3136)
[lemon] silence coverity warnings
[cmake] raise minimum version to 3.7
[cmake] add address/undefined sanitize compile options
[asan tests] fix memory leaks
[array] use speaking names for array "fn" vtables for better debugging experience
[ci] add cmake-asan build type
[core] buffer_copy_string() use "" if s is NULL
[mod_authn_gssapi] code reuse: fdevent_mkostemp()
[mod_authn_gssapi] reduce KRB5CCNAME mem alloc
[build] adjust help strings for pcre2 default
[core] (const char *) for srvconf.modules_dir
[multiple] remove buffer_init_string()
[multiple] remove buffer_init_buffer()
[mod_extforward] fix out-of-bounds (OOB) write (fixes #3134)
[build] use -fstack-protector-strong w/ extra warn
[build] collect Sun-specific headers and funcs
[build] collect Sun-specific headers and funcs
[build] rm redundant check for -lnetwork on Haiku
[build] check headers before some funcs
[core] allow LISTEN_PID to be ppid if TRACEME (fixes #3137)
[core] allow tests/tmp/bind.conf override (#3137)
[mod_webdav] no sys/ioctl.h on _WIN32
[tests] _WIN32 adjustments in LightyTest.pm
[tests] revert _WIN32 adjustments in LightyTest.pm
[mod_gnutls] lift size check out of DN loop
[mod_mbedtls] lift size check out of DN loop
[mbedtls] save (mbedtls_ssl_config *) in hctx
[multiple] permit UTF-8 in SSL_CLIENT_S_DN_*
[mod_openssl] do not esc UTF-8 in cert subject
[mod_mbedtls] reconstruct SSL_CLIENT_S_DN
[mod_mbedtls] changes to build with mbedtls 3.0.0
[mod_mbedtls] remove use of out_left in mbedtls 3
[mod_mbedtls] mbedtls_ssl_conf_groups for 3.1.0
(From OE-Core rev: 478f5f30bf783fae513dbe6e8be9af9f6ec8a6a8)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
Backport the fix for CVE-2022-22707, a buffer overflow in mod_extforward.
(From OE-Core rev: 7758596613cc442f647fd4625b36532f30e6129f)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
| |
(From OE-Core rev: cf6f8daf24c5c5bd2c7cde2dc4ecfefd79de61ee)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
| |
(From OE-Core rev: 1377aeba6bbdb6a8d0bfa9cb754ef52f6e9b06d1)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: f7753438aa164be1371f599969c829a276881589)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
virtual/crypt is a hard dependency in meson builds.
ipv6 support is determined automatically.
The rest of the options are converted where available;
not every autoconf option exists in meson.
Modules are now packaged in /usr/lib/lighttpd, so adjust packaging accordingly.
(From OE-Core rev: a0a34524016050a78cb49d6657fcca5a2261d7fe)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
We shipped an old version that was missing several fixes.
A minor incompatibility is that this moves
/etc/lighttpd.conf -> /etc/lighttpd/lighttpd.conf
(From OE-Core rev: bd46eeee09e99ae4646a92f5bf5bc3c619e63cde)
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
Refresh the pcre pkg-config patch.
(From OE-Core rev: 01ff1c5929ef9293097da00b810ab94ceaf4a0dd)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
Rebase pkgconfig.patch
(From OE-Core rev: 45fac4161cb230bc03c6c08d21cc768e52700f02)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
lighttpd fails to load when mod_cgi is enabled at run time, with the
message "dlopen() failed for: /usr/lib/mod_cgi.so /usr/lib/mod_cgi.so:
undefined symbol: chunkqueue_written".
This is caused by a patch intended to prevent memory exhaustion by
naively streaming CGIs, aimed at upstream issue
http://redmine.lighttpd.net/issues/1264 . The patch uses internal API
functions from older versions of lighttpd which don't exist in this
version. Remove the patch, pending a better fix.
[ YOCTO #9289 ]
(From OE-Core rev: 880a346bf1bc4aa6c8569c6319c141433e13e1dd)
Signed-off-by: Nick Leverton <nick@leverton.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade lighttpd from 1.4.35 to 1.4.36.
* Remove PR
* Update context of 0001-mod_cgi-buffers-data-without-bound.patch
(From OE-Core rev: 082e54077a88a6104226bc7a2068ea6c10ea1f99)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If there is a CGI that provides a continuous stream of data,
If lighttpd client reads slower then the CGI is pushing the data,
then lighttpd's buffers will grow until the (embedded) machine OOMs.
Ref: http://redmine.lighttpd.net/issues/1264
(From OE-Core rev: 6d098587415be098913a3b551b0b7ee8c0270274)
Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Add a '\n' to the last line of the file to fix:
No newline at end of file
(From OE-Core rev: b3090263ba31702631270643c7a7d7af8f4d9234)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
| |
(From OE-Core rev: d2457880e7bb08b9c2f8d60e70b1d59ed84e9da9)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Extend default config file by a directive to include config file
fragments from /etc/lighttpd.d. This allows other web application
packages to put their configuration there.
(From OE-Core rev: 949ef58cf0684147b07745bd1199014ac57b437c)
Signed-off-by: Steffen Sledz <sledz@dresearch-fe.de>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 1d376b40552e60b1fd18d95c6dd24d30aae849c8)
Signed-off-by: Valentin Popa <valentin.popa@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|