diff -Nru lighttpd-1.4.54/CMakeLists.txt lighttpd-1.4.55/CMakeLists.txt --- lighttpd-1.4.54/CMakeLists.txt 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/CMakeLists.txt 2020-02-01 02:49:09.000000000 +0000 @@ -2,7 +2,7 @@ cmake_minimum_required(VERSION 2.8.2 FATAL_ERROR) -set(CMAKE_MODULE_PATH ${CMAKE_SOURCE_DIR}/scripts/cmake) +set(CMAKE_MODULE_PATH ${CMAKE_CURRENT_SOURCE_DIR}/scripts/cmake) include(CTest) @@ -10,7 +10,7 @@ set(CPACK_PACKAGE_VERSION_MAJOR 1) set(CPACK_PACKAGE_VERSION_MINOR 4) -set(CPACK_PACKAGE_VERSION_PATCH 54) +set(CPACK_PACKAGE_VERSION_PATCH 55) set(CPACK_PACKAGE_VERSION "${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSION_MINOR}.${CPACK_PACKAGE_VERSION_PATCH}") set(CPACK_RESOURCE_FILE_LICENSE "${CMAKE_SOURCE_DIR}/COPYING") diff -Nru lighttpd-1.4.54/config.h.in lighttpd-1.4.55/config.h.in --- lighttpd-1.4.54/config.h.in 2019-05-27 21:04:02.000000000 +0000 +++ lighttpd-1.4.55/config.h.in 2020-02-01 02:49:25.000000000 +0000 @@ -48,6 +48,9 @@ /* Define to 1 if you have the `explicit_bzero' function. */ #undef HAVE_EXPLICIT_BZERO +/* Define to 1 if you have the `explicit_memset' function. */ +#undef HAVE_EXPLICIT_MEMSET + /* BSD extended attributes */ #undef HAVE_EXTATTR @@ -327,6 +330,9 @@ /* Define to 1 if you have the header file. */ #undef HAVE_SYS_FILIO_H +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_LOADAVG_H + /* Define to 1 if you have the header file. */ #undef HAVE_SYS_MMAN_H diff -Nru lighttpd-1.4.54/configure lighttpd-1.4.55/configure --- lighttpd-1.4.54/configure 2019-05-27 21:04:02.000000000 +0000 +++ lighttpd-1.4.55/configure 2020-02-01 02:49:25.000000000 +0000 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for lighttpd 1.4.54. +# Generated by GNU Autoconf 2.69 for lighttpd 1.4.55. # # Report bugs to . # @@ -590,8 +590,8 @@ # Identity of this package. PACKAGE_NAME='lighttpd' PACKAGE_TARNAME='lighttpd' -PACKAGE_VERSION='1.4.54' -PACKAGE_STRING='lighttpd 1.4.54' +PACKAGE_VERSION='1.4.55' +PACKAGE_STRING='lighttpd 1.4.55' PACKAGE_BUGREPORT='contact@lighttpd.net' PACKAGE_URL='' @@ -694,11 +694,11 @@ DBI_LIBS BUILD_WITH_DBI_FALSE BUILD_WITH_DBI_TRUE -PGSQL_INCLUDE -PGSQL_LIBS BUILD_WITH_PGSQL_FALSE BUILD_WITH_PGSQL_TRUE PGSQL_CONFIG +PGSQL_LIBS +PGSQL_CFLAGS BUILD_WITH_MYSQL_FALSE BUILD_WITH_MYSQL_TRUE MYSQL_CONFIG @@ -902,6 +902,8 @@ LIBEV_LIBS MYSQL_CFLAGS MYSQL_LIBS +PGSQL_CFLAGS +PGSQL_LIBS LIBUNWIND_CFLAGS LIBUNWIND_LIBS FAM_CFLAGS @@ -1452,7 +1454,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures lighttpd 1.4.54 to adapt to many kinds of systems. +\`configure' configures lighttpd 1.4.55 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1522,7 +1524,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of lighttpd 1.4.54:";; + short | recursive ) echo "Configuration of lighttpd 1.4.55:";; esac cat <<\_ACEOF @@ -1619,6 +1621,9 @@ MYSQL_CFLAGS C compiler flags for MYSQL, overriding pkg-config MYSQL_LIBS linker flags for MYSQL, overriding pkg-config + PGSQL_CFLAGS + C compiler flags for PGSQL, overriding pkg-config + PGSQL_LIBS linker flags for PGSQL, overriding pkg-config LIBUNWIND_CFLAGS C compiler flags for LIBUNWIND, overriding pkg-config LIBUNWIND_LIBS @@ -1699,7 +1704,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -lighttpd configure 1.4.54 +lighttpd configure 1.4.55 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2179,7 +2184,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by lighttpd $as_me 1.4.54, which was +It was created by lighttpd $as_me 1.4.55, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -3119,7 +3124,7 @@ # Define the identity of the package. PACKAGE='lighttpd' - VERSION='1.4.54' + VERSION='1.4.55' cat >>confdefs.h <<_ACEOF @@ -14145,6 +14150,7 @@ sys/epoll.h \ sys/event.h \ sys/filio.h \ + sys/loadavg.h \ sys/mman.h \ sys/poll.h \ sys/prctl.h \ @@ -15565,12 +15571,117 @@ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $WITH_PGSQL" >&5 $as_echo "$WITH_PGSQL" >&6; } -PGSQL_INCLUDE= +PGSQL_CFLAGS= PGSQL_LIBS= if test "$WITH_PGSQL" != no; then if test "$WITH_PGSQL" = yes; then - # Extract the first word of "pg_config", so it can be a program name with args. + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for PGSQL" >&5 +$as_echo_n "checking for PGSQL... " >&6; } + +if test -n "$PGSQL_CFLAGS"; then + pkg_cv_PGSQL_CFLAGS="$PGSQL_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libpq\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libpq") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_PGSQL_CFLAGS=`$PKG_CONFIG --cflags "libpq" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$PGSQL_LIBS"; then + pkg_cv_PGSQL_LIBS="$PGSQL_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libpq\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libpq") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_PGSQL_LIBS=`$PKG_CONFIG --libs "libpq" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + PGSQL_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libpq" 2>&1` + else + PGSQL_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libpq" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$PGSQL_PKG_ERRORS" >&5 + + + # Extract the first word of "pg_config", so it can be a program name with args. +set dummy pg_config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_PGSQL_CONFIG+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $PGSQL_CONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_PGSQL_CONFIG="$PGSQL_CONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_PGSQL_CONFIG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +PGSQL_CONFIG=$ac_cv_path_PGSQL_CONFIG +if test -n "$PGSQL_CONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PGSQL_CONFIG" >&5 +$as_echo "$PGSQL_CONFIG" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + + # Extract the first word of "pg_config", so it can be a program name with args. set dummy pg_config; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } @@ -15610,24 +15721,36 @@ fi + +else + PGSQL_CFLAGS=$pkg_cv_PGSQL_CFLAGS + PGSQL_LIBS=$pkg_cv_PGSQL_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + + PGSQL_CONFIG=$PKG_CONFIG + +fi else PGSQL_CONFIG=$WITH_PGSQL fi - if test -z "$PGSQL_CONFIG"; then - as_fn_error $? "pg_config is not found" "$LINENO" 5 - fi - if test ! -x "$PGSQL_CONFIG"; then - as_fn_error $? "pg_config not exists or not executable, use --with-pgsql=path-to-pg_config" "$LINENO" 5 - fi + if test "$PGSQL_CONFIG" != "$PKG_CONFIG"; then + if test -z "$PGSQL_CONFIG"; then + as_fn_error $? "pg_config is not found" "$LINENO" 5 + fi + if test ! -x "$PGSQL_CONFIG"; then + as_fn_error $? "pg_config not exists or not executable, use --with-pgsql=path-to-pg_config" "$LINENO" 5 + fi - PGSQL_INCLUDE="-I`"$PGSQL_CONFIG" --includedir`" - PGSQL_LIBS="-L`"$PGSQL_CONFIG" --libdir` -lpq" + PGSQL_CFLAGS="-I`"$PGSQL_CONFIG" --includedir`" + PGSQL_LIBS="-L`"$PGSQL_CONFIG" --libdir` -lpq" + fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for PgSQL includes at" >&5 $as_echo_n "checking for PgSQL includes at... " >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PGSQL_INCLUDE" >&5 -$as_echo "$PGSQL_INCLUDE" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PGSQL_CFLAGS" >&5 +$as_echo "$PGSQL_CFLAGS" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking for PgSQL libraries at" >&5 $as_echo_n "checking for PgSQL libraries at... " >&6; } @@ -18458,6 +18581,7 @@ clock_gettime \ epoll_ctl \ explicit_bzero \ + explicit_memset \ fork \ getloadavg \ getrlimit \ @@ -18954,7 +19078,7 @@ fi fi -LIGHTTPD_VERSION_ID=0x10436 +LIGHTTPD_VERSION_ID=0x10437 cat >>confdefs.h <<_ACEOF #define LIGHTTPD_VERSION_ID $LIGHTTPD_VERSION_ID @@ -19565,7 +19689,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by lighttpd $as_me 1.4.54, which was +This file was extended by lighttpd $as_me 1.4.55, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -19631,7 +19755,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -lighttpd config.status 1.4.54 +lighttpd config.status 1.4.55 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -Nru lighttpd-1.4.54/configure.ac lighttpd-1.4.55/configure.ac --- lighttpd-1.4.54/configure.ac 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/configure.ac 2020-02-01 02:49:09.000000000 +0000 @@ -14,7 +14,7 @@ dnl function call, the argument should be on different lines than the dnl wrapping braces AC_PREREQ(2.60) -AC_INIT([lighttpd], [1.4.54], [contact@lighttpd.net]) +AC_INIT([lighttpd], [1.4.55], [contact@lighttpd.net]) AC_CONFIG_SRCDIR([src/server.c]) AC_CONFIG_HEADER([config.h]) AC_CONFIG_MACRO_DIR([m4]) @@ -112,6 +112,7 @@ sys/epoll.h \ sys/event.h \ sys/filio.h \ + sys/loadavg.h \ sys/mman.h \ sys/poll.h \ sys/prctl.h \ @@ -298,28 +299,34 @@ ) AC_MSG_RESULT([$WITH_PGSQL]) -PGSQL_INCLUDE= +PGSQL_CFLAGS= PGSQL_LIBS= if test "$WITH_PGSQL" != no; then if test "$WITH_PGSQL" = yes; then - AC_PATH_PROG([PGSQL_CONFIG], [pg_config]) + PKG_CHECK_MODULES([PGSQL],[libpq],[ + PGSQL_CONFIG=$PKG_CONFIG + ],[ + AC_PATH_PROG([PGSQL_CONFIG], [pg_config]) + ]) else PGSQL_CONFIG=$WITH_PGSQL fi - if test -z "$PGSQL_CONFIG"; then - AC_MSG_ERROR([pg_config is not found]) - fi - if test ! -x "$PGSQL_CONFIG"; then - AC_MSG_ERROR([pg_config not exists or not executable, use --with-pgsql=path-to-pg_config]) - fi + if test "$PGSQL_CONFIG" != "$PKG_CONFIG"; then + if test -z "$PGSQL_CONFIG"; then + AC_MSG_ERROR([pg_config is not found]) + fi + if test ! -x "$PGSQL_CONFIG"; then + AC_MSG_ERROR([pg_config not exists or not executable, use --with-pgsql=path-to-pg_config]) + fi - PGSQL_INCLUDE="-I`"$PGSQL_CONFIG" --includedir`" - PGSQL_LIBS="-L`"$PGSQL_CONFIG" --libdir` -lpq" + PGSQL_CFLAGS="-I`"$PGSQL_CONFIG" --includedir`" + PGSQL_LIBS="-L`"$PGSQL_CONFIG" --libdir` -lpq" + fi AC_MSG_CHECKING([for PgSQL includes at]) - AC_MSG_RESULT([$PGSQL_INCLUDE]) + AC_MSG_RESULT([$PGSQL_CFLAGS]) AC_MSG_CHECKING([for PgSQL libraries at]) AC_MSG_RESULT([$PGSQL_LIBS]) @@ -329,7 +336,7 @@ AM_CONDITIONAL([BUILD_WITH_PGSQL], [test "$WITH_PGSQL" != no]) AC_SUBST([PGSQL_LIBS]) -AC_SUBST([PGSQL_INCLUDE]) +AC_SUBST([PGSQL_CFLAGS]) dnl Checks for libdbi library AC_MSG_NOTICE([----------------------------------------]) @@ -1211,6 +1218,7 @@ clock_gettime \ epoll_ctl \ explicit_bzero \ + explicit_memset \ fork \ getloadavg \ getrlimit \ diff -Nru lighttpd-1.4.54/debian/changelog lighttpd-1.4.55/debian/changelog --- lighttpd-1.4.54/debian/changelog 2020-02-18 12:55:22.000000000 +0000 +++ lighttpd-1.4.55/debian/changelog 2020-02-26 13:44:09.000000000 +0000 @@ -1,3 +1,57 @@ +lighttpd (1.4.55-1ubuntu1) focal; urgency=low + + * Merge from Debian unstable. Remaining changes: + - debian/control, debian/lighttpd-dev.install: + + Add lighttpd-dev package. + - debian/index.html: + + Corrected BTS Ubuntu link and branding on the default page. + - debian/lighttpd.conf: + + Comment 'use-ipv6.pl' by default, which causes failure + to bind port in ipv4. + - debian/control: + + Build-Depends on libgamin-dev rather than libfam-dev + to fix startup warning. + - debian/rules: + + Add override_dh_installinit to set "defaults 91 09" to not + start before apache2 but in the same runlevel with + the same priority. + - debian/lighttpd.dirs, debian/control, debian/rules, + debian/lighttpd.ufw.profile: + + Add the UFW profile. + + Make the application build sanely: + - Remove duplicate override on dh_install + - Remove duplicate outdated NEWS file + - Install updated upstream NEWS file and fix + cp: cannot stat /debian/tmp/changelog thingy to + fix FTBFS when built twice in a row. + + -- Gianfranco Costamagna Wed, 26 Feb 2020 14:44:09 +0100 + +lighttpd (1.4.55-1) unstable; urgency=medium + + [ Helmut Grohne ] + * add debian/upstream/metadata + * update expiration of Glenn's upstream signing key + * move lighttpd to team maintenance + * declare compliance with policy 4.5.0 + + [ Debian Janitor ] + * Bump debhelper from old 9 to 10. + * Drop unnecessary dependency on dh-autoreconf. + * Drop unnecessary dh arguments: --parallel + + [ Helmut Grohne ] + * Drop --with systemd from dh as it is enabled by compat 10 + * New upstream version 1.4.55 + + [ Glenn Strauss ] + * add debian/conf-available/05-setenv.conf + + [ Helmut Grohne ] + * pidfile now lives in /run/lighttpd.pid (Closes: #929203) + + -- Helmut Grohne Mon, 24 Feb 2020 14:30:34 +0100 + lighttpd (1.4.54-2ubuntu1) focal; urgency=low * Merge from Debian unstable. Remaining changes: diff -Nru lighttpd-1.4.54/debian/compat lighttpd-1.4.55/debian/compat --- lighttpd-1.4.54/debian/compat 2019-10-23 21:53:06.000000000 +0000 +++ lighttpd-1.4.55/debian/compat 2020-02-24 21:21:50.000000000 +0000 @@ -1 +1 @@ -9 +10 diff -Nru lighttpd-1.4.54/debian/conf-available/05-setenv.conf lighttpd-1.4.55/debian/conf-available/05-setenv.conf --- lighttpd-1.4.54/debian/conf-available/05-setenv.conf 1970-01-01 00:00:00.000000000 +0000 +++ lighttpd-1.4.55/debian/conf-available/05-setenv.conf 2020-02-11 16:27:13.000000000 +0000 @@ -0,0 +1,29 @@ +# /usr/share/doc/lighttpd/setenv.txt.gz + +server.modules += ( "mod_setenv" ) + + +#setenv.set-request-header = ( +# "My-Custom-Request-Header" => "set/overwrite request header" +#) +# +#setenv.set-response-header = ( +# "My-Custom-Response-Header" => "set/overwrite response header" +#) +# +#setenv.set-environment = ( +# "My-Custom-Environment-Variable" => "set/overwrite internal/backend env var" +#) +# +# +#setenv.add-request-header = ( +# "My-Custom-Request-Header" => "insert/append request header" +#) +# +#setenv.add-response-header = ( +# "My-Custom-Response-Header" => "insert/append response header" +#) +# +#setenv.add-environment = ( +# "My-Custom-Environment-Variable" => "insert/append internal/backend env var" +#) diff -Nru lighttpd-1.4.54/debian/control lighttpd-1.4.55/debian/control --- lighttpd-1.4.54/debian/control 2020-02-18 12:55:20.000000000 +0000 +++ lighttpd-1.4.55/debian/control 2020-02-24 21:21:49.000000000 +0000 @@ -1,13 +1,12 @@ Source: lighttpd Section: httpd Priority: optional -Maintainer: Debian QA Group +Maintainer: Debian lighttpd maintainers +Uploaders: Helmut Grohne , Glenn Strauss , Stefan Bühler Homepage: https://www.lighttpd.net/ Build-Depends: dpkg-dev (>= 1.16.1~), - debhelper (>= 9.20130624~), - debhelper (>= 9.20160709) | dh-systemd (>= 1.3), - dh-autoreconf, + debhelper (>= 10~), mime-support, libssl-dev, zlib1g-dev, @@ -37,7 +36,7 @@ php-cgi:native | php5-cgi:native , Vcs-Git: https://salsa.debian.org/debian/lighttpd.git Vcs-Browser: https://salsa.debian.org/debian/lighttpd -Standards-Version: 4.4.1 +Standards-Version: 4.5.0 Rules-Requires-Root: binary-targets Package: lighttpd diff -Nru lighttpd-1.4.54/debian/lighttpd.conf lighttpd-1.4.55/debian/lighttpd.conf --- lighttpd-1.4.54/debian/lighttpd.conf 2019-10-23 21:53:06.000000000 +0000 +++ lighttpd-1.4.55/debian/lighttpd.conf 2020-02-24 21:21:49.000000000 +0000 @@ -8,7 +8,7 @@ server.document-root = "/var/www/html" server.upload-dirs = ( "/var/cache/lighttpd/uploads" ) server.errorlog = "/var/log/lighttpd/error.log" -server.pid-file = "/var/run/lighttpd.pid" +server.pid-file = "/run/lighttpd.pid" server.username = "www-data" server.groupname = "www-data" server.port = 80 diff -Nru lighttpd-1.4.54/debian/patches/add-lighttpd.pc-configure.patch lighttpd-1.4.55/debian/patches/add-lighttpd.pc-configure.patch --- lighttpd-1.4.54/debian/patches/add-lighttpd.pc-configure.patch 2020-02-18 12:55:22.000000000 +0000 +++ lighttpd-1.4.55/debian/patches/add-lighttpd.pc-configure.patch 2020-02-26 13:44:07.000000000 +0000 @@ -3,11 +3,11 @@ Author: Andreas Moog Bug-Debian: http://bugs.debian.org/726934 -Index: lighttpd-1.4.54-2ubuntu1/configure.ac +Index: lighttpd-1.4.55-1ubuntu1/configure.ac =================================================================== ---- lighttpd-1.4.54-2ubuntu1.orig/configure.ac -+++ lighttpd-1.4.54-2ubuntu1/configure.ac -@@ -1426,6 +1426,7 @@ +--- lighttpd-1.4.55-1ubuntu1.orig/configure.ac ++++ lighttpd-1.4.55-1ubuntu1/configure.ac +@@ -1434,6 +1434,7 @@ tests/docroot/www/indexfile/Makefile \ tests/docroot/www/Makefile \ tests/Makefile \ diff -Nru lighttpd-1.4.54/debian/patches/series lighttpd-1.4.55/debian/patches/series --- lighttpd-1.4.54/debian/patches/series 2020-02-18 12:54:36.000000000 +0000 +++ lighttpd-1.4.55/debian/patches/series 2020-02-26 13:43:59.000000000 +0000 @@ -1,2 +1,3 @@ +var-run-929203.patch build-dev-package.patch add-lighttpd.pc-configure.patch diff -Nru lighttpd-1.4.54/debian/patches/var-run-929203.patch lighttpd-1.4.55/debian/patches/var-run-929203.patch --- lighttpd-1.4.54/debian/patches/var-run-929203.patch 1970-01-01 00:00:00.000000000 +0000 +++ lighttpd-1.4.55/debian/patches/var-run-929203.patch 2020-02-11 16:21:07.000000000 +0000 @@ -0,0 +1,11 @@ +--- lighttpd.orig/doc/lighttpd.8 ++++ lighttpd/doc/lighttpd.8 +@@ -59,7 +59,7 @@ + /etc/lighttpd/lighttpd.conf + The standard location for the configuration file. + .TP 8 +-/var/run/lighttpd.pid ++/run/lighttpd.pid + The standard location for the PID of the running \fBlighttpd\fP process. + . + .SH SEE ALSO diff -Nru lighttpd-1.4.54/debian/rules lighttpd-1.4.55/debian/rules --- lighttpd-1.4.54/debian/rules 2019-10-23 21:53:06.000000000 +0000 +++ lighttpd-1.4.55/debian/rules 2020-02-24 21:21:49.000000000 +0000 @@ -7,7 +7,7 @@ export DEB_BUILD_MAINT_OPTIONS=hardening=+all %: - dh $@ --parallel --with autoreconf,systemd + dh $@ override_dh_clean: dh_clean diff -Nru lighttpd-1.4.54/debian/upstream/metadata lighttpd-1.4.55/debian/upstream/metadata --- lighttpd-1.4.54/debian/upstream/metadata 1970-01-01 00:00:00.000000000 +0000 +++ lighttpd-1.4.55/debian/upstream/metadata 2020-01-25 08:33:02.000000000 +0000 @@ -0,0 +1,6 @@ +Bug-Database: https://redmine.lighttpd.net/projects/lighttpd/issues +Bug-Submit: https://redmine.lighttpd.net/projects/lighttpd/wiki/HowToReportABug +Documentation: https://redmine.lighttpd.net/projects/lighttpd/wiki +Repository: https://git.lighttpd.net/lighttpd/lighttpd1.4.git +Repository-Browse: https://git.lighttpd.net/lighttpd/lighttpd1.4.git +Security-Contact: security@lighttpd.net diff -Nru lighttpd-1.4.54/debian/upstream/signing-key.asc lighttpd-1.4.55/debian/upstream/signing-key.asc --- lighttpd-1.4.54/debian/upstream/signing-key.asc 2019-10-23 21:53:07.000000000 +0000 +++ lighttpd-1.4.55/debian/upstream/signing-key.asc 2020-02-24 21:21:50.000000000 +0000 @@ -142,74 +142,76 @@ YZkNlpZRb0i4Q9TDgj2OxMETdsRYeZEm/OPX9B9hHNrX49P/bEndEGlWXeFDdlJN HjyaXmgptfa6QX+w9kno9hnwjB/J0gXjTiBKcj8gn/XICacztEGPxbbFgWUsPbF1 D5mnoxXhEbzKMEQJsUBWV4GI0c8AEQEAAbQxR2xlbm4gU3RyYXVzcyAobGlnaHR0 -cGQpIDxnc3RyYXVzc0BnbHVlbG9naWMuY29tPokCPQQTAQIAJwIbAwUJBaOagAIe -AQIXgAUCV4n7RgULCQgHAwUVCgkICwUWAgMBAAAKCRBY8Up4b+GYyENCD/9TecA+ -RZypD2kU6Vuuk8T7JlqpCi96bBC4bu05uL7H5GGOOVEQcAzmKbfw8oxQEdznUn4D -ALABg9DoOWQZAwGXEBzEwbOOZkXg/mATBShtzSPWcdwZfAy3PLq6Fdqm2L6EW2G1 -92X4lmk+QE2pI7/MdbrMnd00RHqKFAW8OA9QRfz5hxt+231IOXmirEPFBCAHBM6Z -FuFEX82ifPWDMS8q24xywtNZxE58X8OQZ7IPxHVZjDjnmgWbk83xkpdioa4Epj0y -dmj+0PAHRN0jTuqmK+OXT6DV3FKOri0OAA9Ya6TiFeNoiOgR0yOo1TrfpFGFBIGq -nSZDXp5FIfuBKrbZJ99J99nfoALzlifVdfo/1zgbYwTM3ltOtnoSMr27PjV3EcF5 -CS1x92FasKDS3E+jmfMJD8XG68vUiLlLn6bwCuGkQXrfAuwRzq5zWK++C/KKWmYl -uUSl3ZL4wFkFylVjjEtE9HnqjuwvaphW3Vl+51Ce60UOrl6w2MlNui7XEtCT9ryr -vquEcPz4jHKq0n1xAf2C0SIdCIO/7Ux+nxQ5/qHF/AB5EcEcsFEharRt/LyMgNIX -zUTjp+jkWil9yFfev+1yuAsY5j2fjZTBgksdpvCirYYdOhlW23lzY0hkfTdtNZRF -guOOiMcbDcS8pPipSBMt9xkbBTWpWp24+Kx7KbkCDQRXifn1ARAAvNdNO/u5EeeW -feOIUueKdsvCwRxUOZ7xnaTa7x1Vg24Qqaz3+fWUO+2CHcDYyjr3ghK6+CYwY4Fe -E45LSKqr+aBTjJxcZI9YwtU4tPrtUG2EeAfKrTPBSWNidNgHQu25bQpgCjkfGG92 -Y7IE1m5wBoZSar+9MIcFHHoJr5snM5h3MIpg4Y1o8PshV9BD4iFou3PxYx8WZ4g1 -1BmptUMwderHk7A1bM8BVckfPz378YiWTHMlEGPujc0gvfUHrZzRLDh9ghjEmkXb -ws0ti/wiSPO9Lsd+76H7sY9c66ccjFpY+QGLL90A14hjUz+Sbdt5U593nnkI60aI -OjdJvgMD3+OvmYNBbZrHMJ1MtskbXMXOLz/72mZYgkNR976/WP3KgjbanK/OzjRB -NXBFv2a/VQA9ImD09m2hrz04iVPsLykpAq8GPyAuG1Fr3CtoUte0UEOBR+V9+OqC -PXKYGPMNz165pHGKIaoHWcuirQrlGzDYJ3Uek9x+7gYGIMMD5VxjvONNePgC+vLm -W4fo3reGeJInhjPC7xDyIjQz84zVkT+SQEFx4Cgl5+Hc3NEKhlUnvlSSpWV+xO4K -s504Z1vhIOaxUgHzpfqMM0JBqwWIt/8WQxOLuQZeSnEdzT6w+0Yx34mJxb/pUJUu -Dmf8P/HBVhHoDvM6pzO/JTbH9SXPVxkAEQEAAYkCJQQYAQIADwUCV4n59QIbDAUJ -BaOagAAKCRBY8Up4b+GYyHh6EACQJQWuF0oWHTb75XHsyVL40XJD2/qHsBja/lT3 -4zAGTlGBb/0KWjckTQnYoyHLkGLNZzfLUF2g2DAKfIfemyKidoil+RsZ0dI7fyBf -NnuZQTd8VE19h5hjEIsVQzITBKmA69GyKNgQoUdQfLcrRmTRXDMU7t/cVXo+5q16 -F7ys2ZkJRU9OhlbWHN3njjWbuc+QTdgmFsUNoBaWkqax2HjtiOHV7cg3HPbPPE2I -JID2iLkqU7SScT75sBykWa5Lc4VMIB+Wzr/bvjP5upz8A18eeLzltC41xwi/gZz9 -otpMtk31FKZbFDpe0uSIGepOdoBnfzOH+/RugSMd5EHiy7+qa6RRdur6m8uhydCd -c7goTZ4fdY8434OfjwjHif0b2zUCNthcYe+y5qRCHymHpcnhLMGySoEjTRRd6yLt -QsONP7jaTe6Zd1x2jrNJUyB9A6+S4T/riQTScnt/cpAFb8vX4JFyYuDxqkjkkGUd -EXpNIiCsbE0V7VmRPyShaswDoXip37DuhZYawsbbUE1emzEK8+X1RcU/wG4vCJCv -I/THJinE+02CdmH4OkTHXn6JjaHY6CQbtcdye82LB/6tVRZmrD2JF4TEOpMffQsY -i9EQ049VAVfx4n9bkLRx89GYI+FPzbdCLiSET484yY/99tRRu9CgEF6IYUV3hN9S -7zsht7kCDQRXiftnARAAws0pgW840X39EvuAdoBVryisO6Q/BKUdWMSJ1bsG5VX5 -Nv5lC4m5sBOr7gFxTnxwg8bMI9WDFyvNC9ysN12kJxXBa1C6nLJgznzGxief4J7v -l3zJV/psfwGOfTXc2ypNWzuvXz814lfYJk7KGNocjrJwOl+VW3AVCzw14uICE4PE -CyXGAJMJYK5e7KqjBnSoRFoUxwdbVbX9dG2YxSPoBcsa78MjO35gjEmSOAAQ7SmV -4JqpDPa9mIv/blRMi5ekYqfh/BYAFXgxge2t6ygEDYAHfX0Wz7/RmUMvnFLVu54m -sswB+w3LKgZ4bFcq9Ap8k2pheHpWwJWkx1Tc6g2DXvr8tqZLG/eaRsJhCZS5M/Nu -AwjRZ/+MkAv/G7MFfQh6892BuWxtWdLwJHXra0WMaq2CpBdUxeL3bXjKjcMi4NRE -SJco3JZmXhI5BpXRJO5bJZPLqi8Ew1s9ejq/b4zAIAwHsNtypE2fh4XmhmKZt+DY -ARfnHMfCw27KXYTbkiJomgb2gWA/3NLkKdx4SsjT8QBBpj3hG1NI89Gmi/RpJaDJ -Bl30s6/wM+JohtTtA2Xfrh/MKDpdcaid6SM6fAzVKoWn1BvmsHNH6lJlPghbawYY -Umr4Ly4L2yYeJXHASrtVHMwWtYUneU17W/wLKiXQVN5yI8vtOcNGwnuEr/iRzQcA -EQEAAYkERAQYAQIADwUCV4n7ZwIbAgUJBaOagAIpCRBY8Up4b+GYyMFdIAQZAQIA -BgUCV4n7ZwAKCRCG77X7rxbQ8LTVD/9RSua5SzSOU3cNH5bt62fi6QSJww5YW/aQ -14gFG7tkDoaGhmo9jfAr3HQ43xCu7+Prq0edQx3GoFAq5nY4l/rqAj0cOnikoL1e -TRTIRAyEEjTznOcDuWf2QNyu+fKsT2tqw4VE5Q5/0iE+XMGacfuPqq2NRwZSg4E7 -f/+VvxJFN4wTtBO/FSvEuM3vFBqO7rqYk9IxuZE3PlWTP7spsSFPY0j7nY1xZcyw -xClqC+U9jnT3YNf6iymG4Z2CHsUtuNOvVvNY+Y+OHyw2zCFpTLkKdThdWjzH86U0 -E9j+QIsJcYfqig9wHyVRz4BL6tarQ0DLeaH2hkwO7tFjDHvrxRP6wyXF81b3Xi7I -oCeD6XEtPCzDI1il9FQAZ1TMu6l3SrL3OkY0yaKKSm+Yge5hNl2wT9kYSDpVyDCy -u5tdil4DEh+EofOmRx0RmxIMUmALjzgcVESEK2mA88sgsEKI1K2rMKjj/pl21exB -7SdkUQYyZWzTyCF5HKKMTuSaXCYLRfDIgncMBvXK+Rgvg20V46UUL7ncU98LY+1j -44cwrlzbx3eUDu8Pcc8Lak7D7dhKuI2szhvjZwy5e2zYOODRRIX7pHM0aSnbUyZk -Mije+k3YgYPrDnkLIMTHtKfkeMzsx9N3yk4DbmzmLCJQ7MV5xm04ZHp6vBRbmHMs -5749ug+2cQbaD/9zfbpZ0Nfd1WfHRt+T2z1VX+auE5qqMramWN5v4i2VCu7f0o+U -hHqeKLwnpy27S+X67uJMYnE+ttvTntB3mX1w9RG8pkaU0u57NfXuYfiAjml1i76c -bFeYK/KYs2Nja/tlc537OsvxLCh9FNTndRz4z/7Ov7uFNIe+fZHYZMTUV9vnXQkW -52HiyVJjnOJDDf17AgpvyRvcN4mbWfj4SSAucNVv5Nwgyh9SVJbGwsXCgQJwbkNP -a1Fy8ZzsQRtO2pyyEjaylhdFRyFUG06JwR8bQyYkLXLi7LZHHAr51JYRyz9hjPts -uDxO7baTAEfn+Q57VIrxYapEutEgOYN9KV68DVw3DQA9Zj35OIPkzjr91OhoqVp7 -25YSiU7XDrDYbt7gnBHYGESC5m86ueQROQuqVLwFJ9PfyjgiaP+P+9crFqlR+jy3 -KaYnDqd92Ljkm+FOwD2kaLVbEApqC4pP8lGdPmTLmBa5kF13wsXpdJTDRCQCSXYM -iQq0PBVN+YjJdpYpnLIcGhiR0cWBsD5rfImhrYdsT0JGpc2oziSlfhAjj526pJej -KipARkJr8nN+kywwV1Ib2vqhyGYhyECdalJ6M2d/lNoqmPq2OM0PkjfLDF3DFcJH -KElTWIvisv/rDpHLxiEKl3mi4q8J0Dt/PLzMEwXPJuoph4V0IF4hQAftYg== -=MDwa +cGQpIDxnc3RyYXVzc0BnbHVlbG9naWMuY29tPokCVAQTAQgAPgIbAwIeAQIXgAUL +CQgHAwUVCgkICwUWAgMBABYhBGSdDddn/yBiAqdsUVjxSnhv4ZjIBQJeK8mjBQkQ +B9EuAAoJEFjxSnhv4ZjIy60P/RNNxLRIzzMekkTdRW/QwjSqJ4FDrCMovHgohhQY +Ic8M/g+jqy8pyLWxUykUQ8KUv/8npdLOmG9xpbkJnK2H2QsN2zuhKk3ADcE3G/HJ +C/YKvY2ocXKcgXDOD/TEpUBQDK/4JilrgSfQijNw6zl5AQZyptXgI4vinsHS69LA +zYibqbor7O9JdIGzow3Bhewti7mVPsAGaq26yWBaKgz0WY5A6ExcipuTohALH9gB +CTA9WSQChmX7eLIPPigwnzgmw1VcfdZTrO15C3y+Q1TFX/erfhXaxb2NK2wI2XDv +gguXPFsigna9VXB4vfSzRm0z8xC3p+liFUAZK3ZGL/M6K8jYiacfoTzaT+V4RWo8 +16bUQI84RHqopniVKVj3rPqo7YCOVyhQD+7JgpPg8f95x8AmX5NsyIw9X2HdEv8f +H9ZOsAIepzGLfLsJx1BYyl5kpMdxG05ZjJraViHr5kLF9DkkxgFt82usbtQ+HANz +LZB+oBgQQGINhKd/IuZ4qkwX8+GDiNKGUYeS+4+YKg68lfaN5D1nHBr9eX+DJbDv +F99d+ISO5d2kf6Y2M6TX5NoixsymdKanO+Oa4i0c0UJvpsrTASJ662DHt94slzeB +MLJcP9XZKnB0QbKXpp06TuCBaXpuu/q+chQMe/wvDMh8nI602187Gt2CMsVXypGq +zuW3uQINBFeJ+fUBEAC81007+7kR55Z944hS54p2y8LBHFQ5nvGdpNrvHVWDbhCp +rPf59ZQ77YIdwNjKOveCErr4JjBjgV4TjktIqqv5oFOMnFxkj1jC1Ti0+u1QbYR4 +B8qtM8FJY2J02AdC7bltCmAKOR8Yb3ZjsgTWbnAGhlJqv70whwUcegmvmyczmHcw +imDhjWjw+yFX0EPiIWi7c/FjHxZniDXUGam1QzB16seTsDVszwFVyR8/PfvxiJZM +cyUQY+6NzSC99QetnNEsOH2CGMSaRdvCzS2L/CJI870ux37vofuxj1zrpxyMWlj5 +AYsv3QDXiGNTP5Jt23lTn3eeeQjrRog6N0m+AwPf46+Zg0FtmscwnUy2yRtcxc4v +P/vaZliCQ1H3vr9Y/cqCNtqcr87ONEE1cEW/Zr9VAD0iYPT2baGvPTiJU+wvKSkC +rwY/IC4bUWvcK2hS17RQQ4FH5X346oI9cpgY8w3PXrmkcYohqgdZy6KtCuUbMNgn +dR6T3H7uBgYgwwPlXGO84014+AL68uZbh+jet4Z4kieGM8LvEPIiNDPzjNWRP5JA +QXHgKCXn4dzc0QqGVSe+VJKlZX7E7gqznThnW+Eg5rFSAfOl+owzQkGrBYi3/xZD +E4u5Bl5KcR3NPrD7RjHfiYnFv+lQlS4OZ/w/8cFWEegO8zqnM78lNsf1Jc9XGQAR +AQABiQI8BBgBCAAmAhsMFiEEZJ0N12f/IGICp2xRWPFKeG/hmMgFAl4ryl8FCRAH +0eoACgkQWPFKeG/hmMjKPw//WO1RIUhFOqRdKcYrfeoEutYKQFepF6gk/DoUQJ9g +y9sfyxXKo5aChLNSUDX2bZ2P1SGCBh5H8ajBEGggPAI8Acnx5CsykI5FHlb9zfSO +4J9tv5zQmykFyvbVCwpVGHRWh18ayNjXf407M5LeCi3Pa+899cbuxWWovHk4BDin +D3Qn35FbF/2ZJOWqf0wAbMNH/e8nrNSLMannUIotYq1hhzaSvkJY4TmoS2VvYWlE +8PmO5vJiQWe5okw9yr5uk9/XlPmPuMg/+Ih9HsqbMHH341owJHrdI8og4FJoYkYZ +u19somxU/EpEOte9Uj7bDu1KpfUJCV2/SfRrmtfYvRfdCKQA3Vx9iyTG4fTi75BG +yzxq4VwiHzCpX9ZbP7AD9W+uUJtudlgJcUGbUWJZ1e8hQZsIfmQOQfhHfYkDsoJl +uWgF08aZrnCb1uHRSCRhJhQlXah3fm+uFf4u1FxodnwuRMcYaWtcQ4Rv3QPWfhx5 +GrruATkAC0C/2852euj+KELPP6bVJ3ndNFE5Oiui4ZObuPqwPOzmMKF1Gl8yZ5eq +5BJyPghwGrxoqZeahlXABnAI8qMILJcsd0A7w82As9brbgV1gpYw2xYJ8EV7eecd +IczomzQkSNXZyRCPLOFDbl/GKEeGTL+3IdOAmCPrUzxptJMLBPn6cnMZG4Pgx8Tx +Enq5Ag0EV4n7ZwEQAMLNKYFvONF9/RL7gHaAVa8orDukPwSlHVjEidW7BuVV+Tb+ +ZQuJubATq+4BcU58cIPGzCPVgxcrzQvcrDddpCcVwWtQupyyYM58xsYnn+Ce75d8 +yVf6bH8Bjn013NsqTVs7r18/NeJX2CZOyhjaHI6ycDpflVtwFQs8NeLiAhODxAsl +xgCTCWCuXuyqowZ0qERaFMcHW1W1/XRtmMUj6AXLGu/DIzt+YIxJkjgAEO0pleCa +qQz2vZiL/25UTIuXpGKn4fwWABV4MYHtresoBA2AB319Fs+/0ZlDL5xS1bueJrLM +AfsNyyoGeGxXKvQKfJNqYXh6VsCVpMdU3OoNg176/LamSxv3mkbCYQmUuTPzbgMI +0Wf/jJAL/xuzBX0IevPdgblsbVnS8CR162tFjGqtgqQXVMXi9214yo3DIuDUREiX +KNyWZl4SOQaV0STuWyWTy6ovBMNbPXo6v2+MwCAMB7DbcqRNn4eF5oZimbfg2AEX +5xzHwsNuyl2E25IiaJoG9oFgP9zS5CnceErI0/EAQaY94RtTSPPRpov0aSWgyQZd +9LOv8DPiaIbU7QNl364fzCg6XXGonekjOnwM1SqFp9Qb5rBzR+pSZT4IW2sGGFJq ++C8uC9smHiVxwEq7VRzMFrWFJ3lNe1v8Cyol0FTeciPL7TnDRsJ7hK/4kc0HABEB +AAGJBFsEGAEIACYCGwIWIQRknQ3XZ/8gYgKnbFFY8Up4b+GYyAUCXivKXwUJEAfQ +eAIpwV0gBBkBAgAGBQJXiftnAAoJEIbvtfuvFtDwtNUP/1FK5rlLNI5Tdw0flu3r +Z+LpBInDDlhb9pDXiAUbu2QOhoaGaj2N8CvcdDjfEK7v4+urR51DHcagUCrmdjiX ++uoCPRw6eKSgvV5NFMhEDIQSNPOc5wO5Z/ZA3K758qxPa2rDhUTlDn/SIT5cwZpx ++4+qrY1HBlKDgTt//5W/EkU3jBO0E78VK8S4ze8UGo7uupiT0jG5kTc+VZM/uymx +IU9jSPudjXFlzLDEKWoL5T2OdPdg1/qLKYbhnYIexS24069W81j5j44fLDbMIWlM +uQp1OF1aPMfzpTQT2P5Aiwlxh+qKD3AfJVHPgEvq1qtDQMt5ofaGTA7u0WMMe+vF +E/rDJcXzVvdeLsigJ4PpcS08LMMjWKX0VABnVMy7qXdKsvc6RjTJoopKb5iB7mE2 +XbBP2RhIOlXIMLK7m12KXgMSH4Sh86ZHHRGbEgxSYAuPOBxURIQraYDzyyCwQojU +raswqOP+mXbV7EHtJ2RRBjJlbNPIIXkcooxO5JpcJgtF8MiCdwwG9cr5GC+DbRXj +pRQvudxT3wtj7WPjhzCuXNvHd5QO7w9xzwtqTsPt2Eq4jazOG+NnDLl7bNg44NFE +hfukczRpKdtTJmQyKN76TdiBg+sOeQsgxMe0p+R4zOzH03fKTgNubOYsIlDsxXnG +bThkenq8FFuYcyznvj26D7ZxCRBY8Up4b+GYyOrdD/9LWhu+NgSUhE67y2QZ1Q4p +UPlSE/GdSEHs8+Rz4ODI/bgthxdNiF7KSDIzH8lIOTXaEOHggNJf8kkWtruq1+Po +sxOVUvNm7z0srT0XVcpoymUggGQ4m/mxqOtxI+Y295e4GX1r2d139AcNCOHxjkkW +CH4NCvmkUtO3N4S7j1I148d1S350wW91+aXoZefaU97GjiEZAVrTLi42Ygb5BcAB +d1gCCtLZ+IBUryOx+/c14FuqLO6jIodalFYlJi3bItDFow4Aq+0eyuctT+Mo7NrT +wqkAxBn3F+9Z3ldsRHYuc5INOjL3k9NclL2armqtghEvZYBkB1T3LpgDDLIDJDru +eg9n1nfXQlNe+2nS99nWzczaXF4YnuFsurEMlzy2F/B5+9ranDJ5TmaJHEQkmPVT +vrlDuGJK3qaI1QonUC1b81fwFmoOqLGg2ALPHAKuA3FCXcd6b61IQybTuv8q0+aK +962OWKYIHNPAdozFXEBxRye0HdLQokKbA1rMy+c3B3+oKEvU9zTG5gPRrm+MhXUL +wuJ5Qoz+js4/hwEZlW2HcKJD9AAoXfYDTgoDA0hGuViMwa42vPu+U60pkgFtBuo1 +Gx864twuomT76/1lLsamcN3AwCVQ/xTbgMiFtmUwaTjJ5I3X+AdFxbIAGsjv/kB5 +d23DQMVq/hhv9awPMGcGEQ== +=mjrL -----END PGP PUBLIC KEY BLOCK----- diff -Nru lighttpd-1.4.54/doc/config/conf.d/Makefile.in lighttpd-1.4.55/doc/config/conf.d/Makefile.in --- lighttpd-1.4.54/doc/config/conf.d/Makefile.in 2019-05-27 21:04:03.000000000 +0000 +++ lighttpd-1.4.55/doc/config/conf.d/Makefile.in 2020-02-01 02:49:26.000000000 +0000 @@ -216,8 +216,8 @@ PATH_SEPARATOR = @PATH_SEPARATOR@ PCRECONFIG = @PCRECONFIG@ PCRE_LIB = @PCRE_LIB@ +PGSQL_CFLAGS = @PGSQL_CFLAGS@ PGSQL_CONFIG = @PGSQL_CONFIG@ -PGSQL_INCLUDE = @PGSQL_INCLUDE@ PGSQL_LIBS = @PGSQL_LIBS@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ diff -Nru lighttpd-1.4.54/doc/config/Makefile.in lighttpd-1.4.55/doc/config/Makefile.in --- lighttpd-1.4.54/doc/config/Makefile.in 2019-05-27 21:04:03.000000000 +0000 +++ lighttpd-1.4.55/doc/config/Makefile.in 2020-02-01 02:49:26.000000000 +0000 @@ -276,8 +276,8 @@ PATH_SEPARATOR = @PATH_SEPARATOR@ PCRECONFIG = @PCRECONFIG@ PCRE_LIB = @PCRE_LIB@ +PGSQL_CFLAGS = @PGSQL_CFLAGS@ PGSQL_CONFIG = @PGSQL_CONFIG@ -PGSQL_INCLUDE = @PGSQL_INCLUDE@ PGSQL_LIBS = @PGSQL_LIBS@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ diff -Nru lighttpd-1.4.54/doc/config/vhosts.d/Makefile.in lighttpd-1.4.55/doc/config/vhosts.d/Makefile.in --- lighttpd-1.4.54/doc/config/vhosts.d/Makefile.in 2019-05-27 21:04:03.000000000 +0000 +++ lighttpd-1.4.55/doc/config/vhosts.d/Makefile.in 2020-02-01 02:49:26.000000000 +0000 @@ -216,8 +216,8 @@ PATH_SEPARATOR = @PATH_SEPARATOR@ PCRECONFIG = @PCRECONFIG@ PCRE_LIB = @PCRE_LIB@ +PGSQL_CFLAGS = @PGSQL_CFLAGS@ PGSQL_CONFIG = @PGSQL_CONFIG@ -PGSQL_INCLUDE = @PGSQL_INCLUDE@ PGSQL_LIBS = @PGSQL_LIBS@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ diff -Nru lighttpd-1.4.54/doc/Makefile.in lighttpd-1.4.55/doc/Makefile.in --- lighttpd-1.4.54/doc/Makefile.in 2019-05-27 21:04:03.000000000 +0000 +++ lighttpd-1.4.55/doc/Makefile.in 2020-02-01 02:49:26.000000000 +0000 @@ -307,8 +307,8 @@ PATH_SEPARATOR = @PATH_SEPARATOR@ PCRECONFIG = @PCRECONFIG@ PCRE_LIB = @PCRE_LIB@ +PGSQL_CFLAGS = @PGSQL_CFLAGS@ PGSQL_CONFIG = @PGSQL_CONFIG@ -PGSQL_INCLUDE = @PGSQL_INCLUDE@ PGSQL_LIBS = @PGSQL_LIBS@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ diff -Nru lighttpd-1.4.54/doc/outdated/Makefile.in lighttpd-1.4.55/doc/outdated/Makefile.in --- lighttpd-1.4.54/doc/outdated/Makefile.in 2019-05-27 21:04:03.000000000 +0000 +++ lighttpd-1.4.55/doc/outdated/Makefile.in 2020-02-01 02:49:26.000000000 +0000 @@ -216,8 +216,8 @@ PATH_SEPARATOR = @PATH_SEPARATOR@ PCRECONFIG = @PCRECONFIG@ PCRE_LIB = @PCRE_LIB@ +PGSQL_CFLAGS = @PGSQL_CFLAGS@ PGSQL_CONFIG = @PGSQL_CONFIG@ -PGSQL_INCLUDE = @PGSQL_INCLUDE@ PGSQL_LIBS = @PGSQL_LIBS@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ diff -Nru lighttpd-1.4.54/doc/scripts/Makefile.in lighttpd-1.4.55/doc/scripts/Makefile.in --- lighttpd-1.4.54/doc/scripts/Makefile.in 2019-05-27 21:04:03.000000000 +0000 +++ lighttpd-1.4.55/doc/scripts/Makefile.in 2020-02-01 02:49:26.000000000 +0000 @@ -216,8 +216,8 @@ PATH_SEPARATOR = @PATH_SEPARATOR@ PCRECONFIG = @PCRECONFIG@ PCRE_LIB = @PCRE_LIB@ +PGSQL_CFLAGS = @PGSQL_CFLAGS@ PGSQL_CONFIG = @PGSQL_CONFIG@ -PGSQL_INCLUDE = @PGSQL_INCLUDE@ PGSQL_LIBS = @PGSQL_LIBS@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ diff -Nru lighttpd-1.4.54/doc/systemd/lighttpd.service lighttpd-1.4.55/doc/systemd/lighttpd.service --- lighttpd-1.4.54/doc/systemd/lighttpd.service 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/doc/systemd/lighttpd.service 2020-02-01 02:49:09.000000000 +0000 @@ -4,7 +4,7 @@ [Service] Type=simple -PIDFile=/var/run/lighttpd.pid +PIDFile=/run/lighttpd.pid ExecStartPre=/usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf ExecStart=/usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf ExecReload=/bin/kill -USR1 $MAINPID diff -Nru lighttpd-1.4.54/doc/systemd/Makefile.in lighttpd-1.4.55/doc/systemd/Makefile.in --- lighttpd-1.4.54/doc/systemd/Makefile.in 2019-05-27 21:04:03.000000000 +0000 +++ lighttpd-1.4.55/doc/systemd/Makefile.in 2020-02-01 02:49:26.000000000 +0000 @@ -216,8 +216,8 @@ PATH_SEPARATOR = @PATH_SEPARATOR@ PCRECONFIG = @PCRECONFIG@ PCRE_LIB = @PCRE_LIB@ +PGSQL_CFLAGS = @PGSQL_CFLAGS@ PGSQL_CONFIG = @PGSQL_CONFIG@ -PGSQL_INCLUDE = @PGSQL_INCLUDE@ PGSQL_LIBS = @PGSQL_LIBS@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ diff -Nru lighttpd-1.4.54/Makefile.in lighttpd-1.4.55/Makefile.in --- lighttpd-1.4.54/Makefile.in 2019-05-27 21:04:03.000000000 +0000 +++ lighttpd-1.4.55/Makefile.in 2020-02-01 02:49:26.000000000 +0000 @@ -299,8 +299,8 @@ PATH_SEPARATOR = @PATH_SEPARATOR@ PCRECONFIG = @PCRECONFIG@ PCRE_LIB = @PCRE_LIB@ +PGSQL_CFLAGS = @PGSQL_CFLAGS@ PGSQL_CONFIG = @PGSQL_CONFIG@ -PGSQL_INCLUDE = @PGSQL_INCLUDE@ PGSQL_LIBS = @PGSQL_LIBS@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ diff -Nru lighttpd-1.4.54/meson.build lighttpd-1.4.55/meson.build --- lighttpd-1.4.54/meson.build 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/meson.build 2020-02-01 02:49:09.000000000 +0000 @@ -1,4 +1,4 @@ -project('lighttpd', 'c', version: '1.4.54', default_options : ['c_std=c11']) +project('lighttpd', 'c', version: '1.4.55', default_options : ['c_std=c11']) subdir('src') subdir('tests') diff -Nru lighttpd-1.4.54/NEWS lighttpd-1.4.55/NEWS --- lighttpd-1.4.54/NEWS 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/NEWS 2020-02-01 02:49:09.000000000 +0000 @@ -3,6 +3,60 @@ NEWS ==== +- 1.4.55 - 2020-01-31 + * [core] fix compile error on Solaris (fixes #2959) + * [core] __attribute_pure__ + * [core] array-specialized buffer_caseless_compare() + * [core] specialized buffer_eq_*() for short strings + * [core] mark some more funcs w/ __attribute_pure__ + * [core] use buffer_eq_icase* funcs + * [multiple] replace strcasecmp() on short strings + * [core] mark some more funcs w/ __attribute_pure__ + * [mod_webdav] fix startup crash w/ multiple conds (fixes #2958) + * [core] cold func http_response_omit_header() + * [core] use buffer_eq_icase_ssn func + * [core] use buffer_eq_icase_ssn func + * [core] correct __attribute_pure__ syntax + * [core] allocate unix socket paths with SUN_LEN()+1 (fixes #2962) + * Use explicit_memset from NetBSD if available for safe_memclear (fixes #2971) + * Also use explicit_memset (NetBSD) with cmake, scons and meson + * [cmake]: enable CMAKE_POSITION_INDEPENDENT_CODE by default + * [core] improve http_headers[] data struct packing + * [core] fdevent_poll() is effective periodic timer + * [core] move con state handling to connections*.c + * [core] issue config error for invalid ':' (fixes #2980) + * [mod_deflate] fix choose encoding parse error (fixes #2981) + * [core] retry on some fdevent set/del temporary err + * [core] disable stat_cache FAM if FAM conn closed + * [mod_auth] http_auth_const_time_memeq improvement + * [build] prefer pkg-config for postgres (fixes #2965) + * [mod_authn_gssapi] 500 if fail to delegate creds (#2967) + * [mod_authn_gssapi] option to store delegated creds (fixes #2967) + * [mod_webdav] fix file uploads > 128M (fixes #2970) + * [mod_auth] do not use quoted-string for algorithm + * [mod_auth] require digest uri= match original URI + * [mod_auth] Authentication-Info: nextnonce=... + * [mod_auth] http_auth_const_time_memeq_pad() + * [mod_auth] http_auth_const_time_memeq() (#2975, #2976) + * [build] PGSQL_CFLAGS with pkg-config for postgres (#2965) + * [build] PGSQL_CFLAGS with pkg-config for postgres (#2965) + * [core] avoid freeaddrinfo() on NULL ptr (fixes #2984) + * [core] reject WS following header field-name (fixes #2985) + * [core] reject Transfer-Encoding + Content-Length (#2985) + * [mod_openssl] reject invalid ALPN + * [mod_accesslog] parse multiple cookies (fixes #2986) + * [core] Oracle Solaris does not have POLLRDHUP + * [multiple] address coverity warnings + * [core] preserve %2b and %2B in query string (fixes #2999) + * [core] fall back to accept() if accept4() EPERM (fixes #2998) + * [mod_auth] close connection after bad password + * [core] do not accept() > server.max-connections + * [core] save errno before logging if execve() fails + * [config] update /var/run -> /run for systemd + * [core] Solaris has getloadavg in sys/loadavg.h + * [build] Fix build when using nested CMake + * [core] fix one-byte OOB read (underflow) + - 1.4.54 - 2019-05-27 * [mod_evhost] handle IPv6 literal addr; add tests * [core] separate server_main_loop() func, mark hot diff -Nru lighttpd-1.4.54/SConstruct lighttpd-1.4.55/SConstruct --- lighttpd-1.4.54/SConstruct 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/SConstruct 2020-02-01 02:49:09.000000000 +0000 @@ -12,7 +12,7 @@ string_types = str package = 'lighttpd' -version = '1.4.54' +version = '1.4.55' underscorify_reg = re.compile('[^A-Z0-9]') def underscorify(id): @@ -360,6 +360,7 @@ 'sys/devpoll.h', 'sys/epoll.h', 'sys/filio.h', + 'sys/loadavg.h', 'sys/poll.h', 'sys/port.h', 'sys/prctl.h', @@ -388,6 +389,7 @@ 'dup2', 'epoll_ctl', 'explicit_bzero', + 'explicit_memset', 'fork', 'getcwd', 'gethostbyname', diff -Nru lighttpd-1.4.54/scripts/cmake/LighttpdMacros.cmake lighttpd-1.4.55/scripts/cmake/LighttpdMacros.cmake --- lighttpd-1.4.54/scripts/cmake/LighttpdMacros.cmake 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/scripts/cmake/LighttpdMacros.cmake 2020-02-01 02:49:09.000000000 +0000 @@ -25,9 +25,9 @@ macro(LEMON_PARSER SRCFILE) get_filename_component(SRCBASE ${SRCFILE} NAME_WE) add_custom_command(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/${SRCBASE}.c ${CMAKE_CURRENT_BINARY_DIR}/${SRCBASE}.h - COMMAND ${CMAKE_BINARY_DIR}/build/lemon - ARGS -q ${CMAKE_CURRENT_SOURCE_DIR}/${SRCFILE} ${CMAKE_SOURCE_DIR}/src/lempar.c - DEPENDS ${CMAKE_BINARY_DIR}/build/lemon ${CMAKE_CURRENT_SOURCE_DIR}/${SRCFILE} ${CMAKE_SOURCE_DIR}/src/lempar.c + COMMAND ${CMAKE_CURRENT_BINARY_DIR}/lemon + ARGS -q ${CMAKE_CURRENT_SOURCE_DIR}/${SRCFILE} ${CMAKE_CURRENT_SOURCE_DIR}/lempar.c + DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/lemon ${CMAKE_CURRENT_SOURCE_DIR}/${SRCFILE} ${CMAKE_CURRENT_SOURCE_DIR}/lempar.c COMMENT "Generating ${SRCBASE}.c from ${SRCFILE}" ) endmacro(LEMON_PARSER) diff -Nru lighttpd-1.4.54/src/array.c lighttpd-1.4.55/src/array.c --- lighttpd-1.4.54/src/array.c 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/src/array.c 2020-02-01 02:49:09.000000000 +0000 @@ -99,8 +99,26 @@ return du; } +__attribute_pure__ +static int array_caseless_compare(const char * const a, const char * const b, const size_t len) { + for (size_t i = 0; i < len; ++i) { + unsigned int ca = ((unsigned char *)a)[i]; + unsigned int cb = ((unsigned char *)b)[i]; + if (ca == cb) continue; + + /* always lowercase for transitive results */ + if (ca >= 'A' && ca <= 'Z') ca |= 32; + if (cb >= 'A' && cb <= 'Z') cb |= 32; + + if (ca == cb) continue; + return (int)(ca - cb); + } + return 0; +} + +__attribute_pure__ static int array_keycmp(const char *a, size_t alen, const char *b, size_t blen) { - return alen < blen ? -1 : alen > blen ? 1 : buffer_caseless_compare(a, alen, b, blen); + return alen < blen ? -1 : alen > blen ? 1 : array_caseless_compare(a, b, blen); } /* returns index of element or ARRAY_NOT_FOUND @@ -382,7 +400,7 @@ for (size_t i = 0; i < a->used; ++i) { const buffer * const key = a->data[i]->key; const size_t klen = buffer_string_length(key); - if (klen <= slen && 0 == strncasecmp(s, key->ptr, klen)) + if (klen <= slen && buffer_eq_icase_ssn(s, key->ptr, klen)) return a->data[i]; } return NULL; @@ -422,7 +440,7 @@ for (size_t i = 0; i < a->used; ++i) { const buffer * const value = ((data_string *)a->data[i])->value; const size_t vlen = buffer_string_length(value); - if (vlen <= blen && 0 == strncasecmp(b->ptr, value->ptr, vlen)) + if (vlen <= blen && buffer_eq_icase_ssn(b->ptr, value->ptr, vlen)) return value; } return NULL; @@ -452,7 +470,7 @@ for (size_t i = 0; i < a->used; ++i) { const buffer * const key = a->data[i]->key; const size_t klen = buffer_string_length(key); - if (klen <= blen && 0 == strncasecmp(end - klen, key->ptr, klen)) + if (klen <= blen && buffer_eq_icase_ssn(end - klen, key->ptr, klen)) return a->data[i]; } return NULL; @@ -482,7 +500,7 @@ for (size_t i = 0; i < a->used; ++i) { const buffer * const value = ((data_string *)a->data[i])->value; const size_t vlen = buffer_string_length(value); - if (vlen <= blen && 0 == strncasecmp(end - vlen, value->ptr, vlen)) + if (vlen <= blen && buffer_eq_icase_ssn(end - vlen, value->ptr, vlen)) return value; } return NULL; diff -Nru lighttpd-1.4.54/src/buffer.c lighttpd-1.4.55/src/buffer.c --- lighttpd-1.4.54/src/buffer.c 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/src/buffer.c 2020-02-01 02:49:09.000000000 +0000 @@ -346,6 +346,40 @@ return li_cton(hex,n) ? (char)n : 0xFF; } + +int buffer_eq_icase_ssn(const char * const a, const char * const b, const size_t len) { + for (size_t i = 0; i < len; ++i) { + unsigned int ca = ((unsigned char *)a)[i]; + unsigned int cb = ((unsigned char *)b)[i]; + if (ca != cb) { + ca |= 0x20; + cb |= 0x20; + if (ca != cb) return 0; + if (ca < 'a' || 'z' < ca) return 0; + if (cb < 'a' || 'z' < cb) return 0; + } + } + return 1; +} + +int buffer_eq_icase_ss(const char * const a, const size_t alen, const char * const b, const size_t blen) { + /* 1 = equal; 0 = not equal */ /* short string sizes expected (< INT_MAX) */ + return (alen == blen && buffer_eq_icase_ssn(a, b, blen)); +} + +int buffer_eq_icase_slen(const buffer * const b, const char * const s, const size_t slen) { + /* Note: b must be initialized, i.e. 0 != b->used; uninitialized is not eq*/ + /* 1 = equal; 0 = not equal */ /* short string sizes expected (< INT_MAX) */ + return (b->used == slen + 1 && buffer_eq_icase_ssn(b->ptr, s, slen)); +} + +int buffer_eq_slen(const buffer * const b, const char * const s, const size_t slen) { + /* Note: b must be initialized, i.e. 0 != b->used; uninitialized is not eq*/ + /* 1 = equal; 0 = not equal */ /* short string sizes expected (< INT_MAX) */ + return (b->used == slen + 1 && 0 == memcmp(b->ptr, s, slen)); +} + + /** * check if two buffer contain the same data */ @@ -369,28 +403,8 @@ int buffer_is_equal_caseless_string(const buffer *a, const char *s, size_t b_len) { force_assert(NULL != a && NULL != s); force_assert(b_len + 1 > b_len); - /* 1 = equal; 0 = not equal */ - return (a->used == b_len + 1 && 0 == strncasecmp(a->ptr, s, b_len)); -} - -int buffer_caseless_compare(const char *a, size_t a_len, const char *b, size_t b_len) { - size_t const len = (a_len < b_len) ? a_len : b_len; - size_t i; - - for (i = 0; i < len; ++i) { - unsigned char ca = a[i], cb = b[i]; - if (ca == cb) continue; - - /* always lowercase for transitive results */ - if (ca >= 'A' && ca <= 'Z') ca |= 32; - if (cb >= 'A' && cb <= 'Z') cb |= 32; - - if (ca == cb) continue; - return ((int)ca) - ((int)cb); - } - if (a_len == b_len) return 0; - return a_len < b_len ? -1 : 1; + return buffer_eq_icase_slen(a, s, b_len); } int buffer_is_equal_right_len(const buffer *b1, const buffer *b2, size_t len) { @@ -702,7 +716,11 @@ buffer_string_prepare_copy(b, s_len + 5); - if (is_http_header && NULL != s && 0 != strcasecmp(s, "CONTENT-TYPE")) { + if (is_http_header) { + if (s_len == 12 && buffer_eq_icase_ssn(s, "Content-Type", 12)) { + buffer_copy_string_len(b, CONST_STR_LEN("CONTENT_TYPE")); + return; + } buffer_copy_string_len(b, CONST_STR_LEN("HTTP_")); j = 5; /* "HTTP_" */ } diff -Nru lighttpd-1.4.54/src/buffer.h lighttpd-1.4.55/src/buffer.h --- lighttpd-1.4.54/src/buffer.h 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/src/buffer.h 2020-02-01 02:49:09.000000000 +0000 @@ -102,15 +102,35 @@ * unset "string" (buffer) config options are initialized to used == 0, * while setting an empty string leads to used == 1 */ +__attribute_pure__ static inline int buffer_is_empty(const buffer *b); /* NULL buffer, empty buffer (used == 0) or empty string (used == 1) */ +__attribute_pure__ static inline int buffer_string_is_empty(const buffer *b); +__attribute_pure__ +int buffer_eq_icase_ssn(const char * const a, const char * const b, const size_t len); + +__attribute_pure__ +int buffer_eq_icase_ss(const char * const a, const size_t alen, const char * const b, const size_t blen); + +__attribute_pure__ +int buffer_eq_icase_slen(const buffer * const b, const char * const s, const size_t slen); + +__attribute_pure__ +int buffer_eq_slen(const buffer * const b, const char * const s, const size_t slen); + +__attribute_pure__ int buffer_is_equal(const buffer *a, const buffer *b); + +__attribute_pure__ int buffer_is_equal_right_len(const buffer *a, const buffer *b, size_t len); + +__attribute_pure__ int buffer_is_equal_string(const buffer *a, const char *s, size_t b_len); + +__attribute_pure__ int buffer_is_equal_caseless_string(const buffer *a, const char *s, size_t b_len); -int buffer_caseless_compare(const char *a, size_t a_len, const char *b, size_t b_len); void buffer_substr_replace (buffer *b, size_t offset, size_t len, const buffer *replace); @@ -145,30 +165,37 @@ char hex2int(unsigned char c); char int2hex(char i); +__attribute_pure__ static inline int light_isdigit(int c); -static inline int light_isxdigit(int c); -static inline int light_isalpha(int c); -static inline int light_isalnum(int c); - static inline int light_isdigit(int c) { return (c >= '0' && c <= '9'); } +__attribute_pure__ +static inline int light_isxdigit(int c); static inline int light_isxdigit(int c) { return light_isdigit(c) || (c |= 32, c >= 'a' && c <= 'f'); } +__attribute_pure__ +static inline int light_isalpha(int c); static inline int light_isalpha(int c) { return (c |= 32, c >= 'a' && c <= 'z'); } +__attribute_pure__ +static inline int light_isalnum(int c); static inline int light_isalnum(int c) { return light_isdigit(c) || light_isalpha(c); } +__attribute_pure__ static inline size_t buffer_string_length(const buffer *b); /* buffer string length without terminating 0 */ + +__attribute_pure__ static inline size_t buffer_string_space(const buffer *b); /* maximum length of string that can be stored without reallocating */ + static inline void buffer_append_slash(buffer *b); /* append '/' no non-empty strings not ending in '/' */ void buffer_append_path_len(buffer *b, const char *a, size_t alen); /* join strings with '/', if '/' not present */ diff -Nru lighttpd-1.4.54/src/burl.c lighttpd-1.4.55/src/burl.c --- lighttpd-1.4.54/src/burl.c 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/src/burl.c 2020-02-01 02:49:09.000000000 +0000 @@ -139,7 +139,9 @@ else if (s[i]=='%' && li_cton(s[i+1], n1) && li_cton(s[i+2], n2)) { const unsigned int x = (n1 << 4) | n2; if (!encoded_chars_http_uri_reqd[x] - && (qs < 0 ? (x!='/'&&x!='?') : (x!='&'&&x!='='&&x!=';'))) { + && (qs < 0 + ? (x != '/' && x != '?') + : (x != '&' && x != '=' && x != ';' && x != '+'))) { p[j] = x; } else { @@ -177,7 +179,9 @@ } else if (s[i]=='%' && li_cton(s[i+1], n1) && li_cton(s[i+2], n2) && (encoded_chars_http_uri_reqd[(x = (n1 << 4) | n2)] - ||(qs < 0 ? (x=='/'||x=='?') : (x=='&'||x=='='||x==';')))){ + || (qs < 0 + ? (x == '/' || x == '?') + : (x == '&' || x == '=' || x == ';' || x == '+')))) { if (li_utf8_invalid_byte(x)) qs = -2; if (s[i+1] >= 'a') b->ptr[i+1] &= 0xdf; /* uppercase hex */ if (s[i+2] >= 'a') b->ptr[i+2] &= 0xdf; /* uppercase hex */ diff -Nru lighttpd-1.4.54/src/chunk.h lighttpd-1.4.55/src/chunk.h --- lighttpd-1.4.54/src/chunk.h 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/src/chunk.h 2020-02-01 02:49:09.000000000 +0000 @@ -100,10 +100,13 @@ int chunkqueue_open_file_chunk(struct server *srv, chunkqueue *cq); +__attribute_pure__ off_t chunkqueue_length(chunkqueue *cq); + void chunkqueue_free(chunkqueue *cq); void chunkqueue_reset(chunkqueue *cq); +__attribute_pure__ static inline int chunkqueue_is_empty(const chunkqueue *cq); static inline int chunkqueue_is_empty(const chunkqueue *cq) { return NULL == cq->first; diff -Nru lighttpd-1.4.54/src/CMakeLists.txt lighttpd-1.4.55/src/CMakeLists.txt --- lighttpd-1.4.54/src/CMakeLists.txt 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/src/CMakeLists.txt 2020-02-01 02:49:09.000000000 +0000 @@ -13,6 +13,9 @@ add_definitions(-D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGE_FILES) +# default to ON +set(CMAKE_POSITION_INDEPENDENT_CODE ON CACHE BOOL "Default value for ``POSITION_INDEPENDENT_CODE`` of targets.") + option(WITH_XATTR "with xattr-support for the stat-cache [default: off]") option(WITH_MYSQL "with mysql-support for mod_vhostdb_mysql [default: off]") option(WITH_PGSQL "with postgres-support for mod_vhostdb_pgsql [default: off]") @@ -83,6 +86,7 @@ check_include_files(sys/event.h HAVE_SYS_EVENT_H) set(CMAKE_REQUIRED_FLAGS) check_include_files(sys/mman.h HAVE_SYS_MMAN_H) +check_include_files(sys/loadavg.h HAVE_SYS_LOADAVG_H) check_include_files(sys/poll.h HAVE_SYS_POLL_H) check_include_files(sys/port.h HAVE_SYS_PORT_H) check_include_files(sys/prctl.h HAVE_SYS_PRCTL_H) @@ -185,6 +189,7 @@ check_function_exists(inet_pton HAVE_INET_PTON) check_function_exists(memset_s HAVE_MEMSET_S) check_function_exists(explicit_bzero HAVE_EXPLICIT_BZERO) +check_function_exists(explicit_memset HAVE_EXPLICIT_MEMSET) check_symbol_exists(clock_gettime "time.h" HAVE_CLOCK_GETTIME) if (NOT HAVE_CLOCK_GETTIME) check_library_exists(rt clock_gettime "time.h" HAVE_CLOCK_GETTIME) diff -Nru lighttpd-1.4.54/src/configfile.c lighttpd-1.4.55/src/configfile.c --- lighttpd-1.4.54/src/configfile.c 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/src/configfile.c 2020-02-01 02:49:09.000000000 +0000 @@ -1130,6 +1130,13 @@ t->offset += 2; tid = TK_FORCE_ASSIGN; buffer_copy_string_len(token, CONST_STR_LEN(":=")); + } else { + /* ERROR */ + log_error_write(srv, __FILE__, __LINE__, "sbsdsds", + "source:", t->source, + "line:", t->line, "pos:", t->line_pos, + "unexpected character ':'"); + return -1; } break; diff -Nru lighttpd-1.4.54/src/config.h.cmake lighttpd-1.4.55/src/config.h.cmake --- lighttpd-1.4.54/src/config.h.cmake 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/src/config.h.cmake 2020-02-01 02:49:09.000000000 +0000 @@ -16,6 +16,7 @@ #cmakedefine HAVE_SYS_DEVPOLL_H #cmakedefine HAVE_SYS_EPOLL_H #cmakedefine HAVE_SYS_EVENT_H +#cmakedefine HAVE_SYS_LOADAVG_H #cmakedefine HAVE_SYS_MMAN_H #cmakedefine HAVE_SYS_POLL_H #cmakedefine HAVE_SYS_PORT_H diff -Nru lighttpd-1.4.54/src/connections.c lighttpd-1.4.55/src/connections.c --- lighttpd-1.4.54/src/connections.c 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/src/connections.c 2020-02-01 02:49:09.000000000 +0000 @@ -33,6 +33,8 @@ #include "sys-socket.h" +#define HTTP_LINGER_TIMEOUT 5 + typedef struct { PLUGIN_DATA; } plugin_data; @@ -1370,3 +1372,134 @@ return 0; } + +static void connection_check_timeout (server * const srv, const time_t cur_ts, connection * const con) { + const int waitevents = fdevent_fdnode_interest(con->fdn); + int changed = 0; + int t_diff; + + if (con->state == CON_STATE_CLOSE) { + if (cur_ts - con->close_timeout_ts > HTTP_LINGER_TIMEOUT) { + changed = 1; + } + } else if (waitevents & FDEVENT_IN) { + if (con->request_count == 1 || con->state != CON_STATE_READ) { + /* e.g. CON_STATE_READ_POST || CON_STATE_WRITE */ + if (cur_ts - con->read_idle_ts > con->conf.max_read_idle) { + /* time - out */ + if (con->conf.log_request_handling) { + log_error(con->errh, __FILE__, __LINE__, + "connection closed - read timeout: %d", con->fd); + } + + connection_set_state(srv, con, CON_STATE_ERROR); + changed = 1; + } + } else { + if (cur_ts - con->read_idle_ts > con->keep_alive_idle) { + /* time - out */ + if (con->conf.log_request_handling) { + log_error(con->errh, __FILE__, __LINE__, + "connection closed - keep-alive timeout: %d", + con->fd); + } + + connection_set_state(srv, con, CON_STATE_ERROR); + changed = 1; + } + } + } + + /* max_write_idle timeout currently functions as backend timeout, + * too, after response has been started. + * future: have separate backend timeout, and then change this + * to check for write interest before checking for timeout */ + /*if (waitevents & FDEVENT_OUT)*/ + if ((con->state == CON_STATE_WRITE) && + (con->write_request_ts != 0)) { + #if 0 + if (cur_ts - con->write_request_ts > 60) { + log_error(con->errh, __FILE__, __LINE__, + "connection closed - pre-write-request-timeout: %d %d", + con->fd, cur_ts - con->write_request_ts); + } + #endif + + if (cur_ts - con->write_request_ts > con->conf.max_write_idle) { + /* time - out */ + if (con->conf.log_timeouts) { + log_error(con->errh, __FILE__, __LINE__, + "NOTE: a request from %.*s for %.*s timed out after writing " + "%zd bytes. We waited %d seconds. If this is a problem, " + "increase server.max-write-idle", + BUFFER_INTLEN_PTR(con->dst_addr_buf), + BUFFER_INTLEN_PTR(con->request.uri), + con->bytes_written, (int)con->conf.max_write_idle); + } + connection_set_state(srv, con, CON_STATE_ERROR); + changed = 1; + } + } + + /* we don't like div by zero */ + if (0 == (t_diff = cur_ts - con->connection_start)) t_diff = 1; + + if (con->traffic_limit_reached && + (con->conf.kbytes_per_second == 0 || + ((con->bytes_written / t_diff) < con->conf.kbytes_per_second * 1024))){ + /* enable connection again */ + con->traffic_limit_reached = 0; + + changed = 1; + } + + con->bytes_written_cur_second = 0; + + if (changed) { + connection_state_machine(srv, con); + } +} + +void connection_periodic_maint (server * const srv, const time_t cur_ts) { + /* check all connections for timeouts */ + connections * const conns = srv->conns; + for (size_t ndx = 0; ndx < conns->used; ++ndx) { + connection_check_timeout(srv, cur_ts, conns->ptr[ndx]); + } +} + +void connection_graceful_shutdown_maint (server *srv) { + connections *conns = srv->conns; + for (size_t ndx = 0; ndx < conns->used; ++ndx) { + connection * const con = conns->ptr[ndx]; + int changed = 0; + + if (con->state == CON_STATE_CLOSE) { + /* reduce remaining linger timeout to be + * (from zero) *up to* one more second, but no more */ + if (HTTP_LINGER_TIMEOUT > 1) + con->close_timeout_ts -= (HTTP_LINGER_TIMEOUT - 1); + if (srv->cur_ts - con->close_timeout_ts > HTTP_LINGER_TIMEOUT) + changed = 1; + } + else if (con->state == CON_STATE_READ && con->request_count > 1 + && chunkqueue_is_empty(con->read_queue)) { + /* close connections in keep-alive waiting for next request */ + connection_set_state(srv, con, CON_STATE_ERROR); + changed = 1; + } + + con->keep_alive = 0; /* disable keep-alive */ + + con->conf.kbytes_per_second = 0; /* disable rate limit */ + con->conf.global_kbytes_per_second = 0; /* disable rate limit */ + if (con->traffic_limit_reached) { + con->traffic_limit_reached = 0; + changed = 1; + } + + if (changed) { + connection_state_machine(srv, con); + } + } +} diff -Nru lighttpd-1.4.54/src/connections-glue.c lighttpd-1.4.55/src/connections-glue.c --- lighttpd-1.4.54/src/connections-glue.c 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/src/connections-glue.c 2020-02-01 02:49:09.000000000 +0000 @@ -436,7 +436,7 @@ && con->request.http_version != HTTP_VERSION_1_0 && chunkqueue_is_empty(con->write_queue) && con->is_writable) { buffer *vb = http_header_request_get(con, HTTP_HEADER_EXPECT, CONST_STR_LEN("Expect")); - if (NULL != vb && 0 == buffer_caseless_compare(CONST_BUF_LEN(vb), CONST_STR_LEN("100-continue"))) { + if (NULL != vb && buffer_eq_icase_slen(vb, CONST_STR_LEN("100-continue"))) { http_header_request_unset(con, HTTP_HEADER_EXPECT, CONST_STR_LEN("Expect")); if (!connection_write_100_continue(srv, con)) { return HANDLER_ERROR; diff -Nru lighttpd-1.4.54/src/connections.h lighttpd-1.4.55/src/connections.h --- lighttpd-1.4.54/src/connections.h 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/src/connections.h 2020-02-01 02:49:09.000000000 +0000 @@ -7,6 +7,11 @@ __attribute_cold__ void connections_free(server *srv); +__attribute_cold__ +void connection_graceful_shutdown_maint (server *srv); + +void connection_periodic_maint (server *srv, time_t cur_ts); + connection * connection_accept(server *srv, server_socket *srv_sock); connection * connection_accepted(server *srv, server_socket *srv_socket, sock_addr *cnt_addr, int cnt); diff -Nru lighttpd-1.4.54/src/fdevent.c lighttpd-1.4.55/src/fdevent.c --- lighttpd-1.4.54/src/fdevent.c 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/src/fdevent.c 2020-02-01 02:49:09.000000000 +0000 @@ -351,16 +351,64 @@ ev->pendclose = NULL; } +__attribute_cold__ +__attribute_noinline__ +static int fdevent_fdnode_event_unsetter_retry(fdevents *ev, fdnode *fdn) { + do { + switch (errno) { + #ifdef EWOULDBLOCK + #if EAGAIN != EWOULDBLOCK + case EWOULDBLOCK: + #endif + #endif + case EAGAIN: + case EINTR: + /* temporary error; retry */ + break; + /*case ENOMEM:*/ + default: + /* unrecoverable error; might leak fd */ + log_error_write(ev->srv, __FILE__, __LINE__, "sDsS", + "fdevent event_del failed on fd", fdn->fd, ":", + strerror(errno)); + return 0; + } + } while (0 != ev->event_del(ev, fdn)); + return 1; +} + static void fdevent_fdnode_event_unsetter(fdevents *ev, fdnode *fdn) { if (-1 == fdn->fde_ndx) return; - if (0 == ev->event_del(ev, fdn)) { - fdn->fde_ndx = -1; - fdn->events = 0; - } - else { - log_error_write(ev->srv, __FILE__, __LINE__, "SS", - "fdevent event_del failed: ", strerror(errno)); - } + if (0 != ev->event_del(ev, fdn)) + fdevent_fdnode_event_unsetter_retry(ev, fdn); + fdn->fde_ndx = -1; + fdn->events = 0; +} + +__attribute_cold__ +__attribute_noinline__ +static int fdevent_fdnode_event_setter_retry(fdevents *ev, fdnode *fdn, int events) { + do { + switch (errno) { + #ifdef EWOULDBLOCK + #if EAGAIN != EWOULDBLOCK + case EWOULDBLOCK: + #endif + #endif + case EAGAIN: + case EINTR: + /* temporary error; retry */ + break; + /*case ENOMEM:*/ + default: + /* unrecoverable error */ + log_error_write(ev->srv, __FILE__, __LINE__, "sDsS", + "fdevent event_set failed on fd", fdn->fd, ":", + strerror(errno)); + return 0; + } + } while (0 != ev->event_set(ev, fdn, events)); + return 1; } static void fdevent_fdnode_event_setter(fdevents *ev, fdnode *fdn, int events) { @@ -370,11 +418,9 @@ * then FDEVENT_HUP or FDEVENT_ERR will never be returned.) */ if (fdn->events == events) return;/*(no change; nothing to do)*/ - if (0 == ev->event_set(ev, fdn, events)) + if (0 == ev->event_set(ev, fdn, events) + || fdevent_fdnode_event_setter_retry(ev, fdn, events)) fdn->events = events; - else - log_error_write(ev->srv, __FILE__, __LINE__, "SS", - "fdevent event_set failed: ", strerror(errno)); } void fdevent_fdnode_event_del(fdevents *ev, fdnode *fdn) { @@ -591,9 +637,18 @@ fd = -1; } } - } else if (errno == ENOSYS || errno == ENOTSUP) { - fd = accept(listenfd, addr, &len); - sock_cloexec = 0; + } + else { + switch (errno) { + case ENOSYS: + case ENOTSUP: + case EPERM: + fd = accept(listenfd, addr, &len); + sock_cloexec = 0; + break; + default: + break; + } } } else { @@ -714,12 +769,13 @@ execve(name, argv, envp ? envp : environ); + int errnum = errno; if (0 == memcmp(argv[0], "/bin/sh", sizeof("/bin/sh")-1) && argv[1] && 0 == memcmp(argv[1], "-c", sizeof("-c")-1)) perror(argv[2]); else perror(argv[0]); - _exit(errno); + _exit(errnum); #else diff -Nru lighttpd-1.4.54/src/fdevent_freebsd_kqueue.c lighttpd-1.4.55/src/fdevent_freebsd_kqueue.c --- lighttpd-1.4.54/src/fdevent_freebsd_kqueue.c 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/src/fdevent_freebsd_kqueue.c 2020-02-01 02:49:09.000000000 +0000 @@ -37,6 +37,8 @@ } return (0 != n) ? kevent(ev->kq_fd, kev, n, NULL, 0, &ts) : 0; + /*(kevent() changelist still processed on EINTR, + * but EINTR should not be received since 0 == nevents)*/ } static int fdevent_freebsd_kqueue_event_set(fdevents *ev, fdnode *fdn, int events) { @@ -64,6 +66,8 @@ } return (0 != n) ? kevent(ev->kq_fd, kev, n, NULL, 0, &ts) : 0; + /*(kevent() changelist still processed on EINTR, + * but EINTR should not be received since 0 == nevents)*/ } static int fdevent_freebsd_kqueue_poll(fdevents * const ev, int timeout_ms) { diff -Nru lighttpd-1.4.54/src/fdevent_solaris_devpoll.c lighttpd-1.4.55/src/fdevent_solaris_devpoll.c --- lighttpd-1.4.54/src/fdevent_solaris_devpoll.c 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/src/fdevent_solaris_devpoll.c 2020-02-01 02:49:09.000000000 +0000 @@ -33,6 +33,9 @@ static int fdevent_solaris_devpoll_event_set(fdevents *ev, fdnode *fdn, int events) { struct pollfd pfd; pfd.fd = fdn->fde_ndx = fdn->fd; + #ifndef POLLRDHUP + events &= ~FDEVENT_RDHUP; + #endif pfd.events = events; pfd.revents = 0; return (-1 != write(ev->devpoll_fd, &pfd, sizeof(pfd))) ? 0 : -1; @@ -75,7 +78,9 @@ force_assert(POLLERR == FDEVENT_ERR); force_assert(POLLHUP == FDEVENT_HUP); force_assert(POLLNVAL == FDEVENT_NVAL); + #ifdef POLLRDHUP force_assert(POLLRDHUP == FDEVENT_RDHUP); + #endif ev->type = FDEVENT_HANDLER_SOLARIS_DEVPOLL; ev->event_set = fdevent_solaris_devpoll_event_set; diff -Nru lighttpd-1.4.54/src/fdevent_solaris_port.c lighttpd-1.4.55/src/fdevent_solaris_port.c --- lighttpd-1.4.54/src/fdevent_solaris_port.c 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/src/fdevent_solaris_port.c 2020-02-01 02:49:09.000000000 +0000 @@ -20,7 +20,7 @@ } static int fdevent_solaris_port_event_set(fdevents *ev, fdnode *fdn, int events) { - int fd = fdn->fdn_ndx = fdn->fd; + int fd = fdn->fde_ndx = fdn->fd; intptr_t ud = events & (POLLIN|POLLOUT); return port_associate(ev->port_fd,PORT_SOURCE_FD,fd,(int)ud,(void*)ud); } @@ -84,7 +84,9 @@ force_assert(POLLERR == FDEVENT_ERR); force_assert(POLLHUP == FDEVENT_HUP); force_assert(POLLNVAL == FDEVENT_NVAL); + #ifdef POLLRDHUP force_assert(POLLRDHUP == FDEVENT_RDHUP); + #endif ev->type = FDEVENT_HANDLER_SOLARIS_PORT; ev->event_set = fdevent_solaris_port_event_set; diff -Nru lighttpd-1.4.54/src/first.h lighttpd-1.4.55/src/first.h --- lighttpd-1.4.54/src/first.h 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/src/first.h 2020-02-01 02:49:09.000000000 +0000 @@ -129,5 +129,14 @@ #endif #endif +#ifndef __attribute_pure__ +#if __has_attribute(pure) \ + || __GNUC_PREREQ(2,96) +#define __attribute_pure__ __attribute__((__pure__)) +#else +#define __attribute_pure__ +#endif +#endif + #endif diff -Nru lighttpd-1.4.54/src/http_auth.c lighttpd-1.4.55/src/http_auth.c --- lighttpd-1.4.54/src/http_auth.c 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/src/http_auth.c 2020-02-01 02:49:09.000000000 +0000 @@ -51,16 +51,50 @@ } -int http_auth_const_time_memeq (const char *a, const size_t alen, const char *b, const size_t blen) +int http_auth_const_time_memeq (const void *a, const void *b, const size_t len) +{ + /* constant time memory compare, unless compiler figures it out + * (similar to mod_secdownload.c:const_time_memeq()) */ + /* caller should prefer http_auth_const_time_memeq_pad() + * if not operating on digests, which have defined lengths */ + /* Note: some libs provide similar funcs, e.g. + * OpenSSL: + * int CRYPTO_memcmp(const void * in_a, const void * in_b, size_t len) + * Note: some OS provide similar funcs, e.g. + * OpenBSD: int timingsafe_bcmp(const void *b1, const void *b2, size_t len) + * NetBSD: int consttime_memequal(void *b1, void *b2, size_t len) + */ + const volatile unsigned char * const av = (const unsigned char *)a; + const volatile unsigned char * const bv = (const unsigned char *)b; + int diff = 0; + for (size_t i = 0; i < len; ++i) { + diff |= (av[i] ^ bv[i]); + } + return (0 == diff); +} + + +int http_auth_const_time_memeq_pad (const void *a, const size_t alen, const void *b, const size_t blen) { /* constant time memory compare, unless compiler figures it out * (similar to mod_secdownload.c:const_time_memeq()) */ /* round to next multiple of 64 to avoid potentially leaking exact - * password length when subject to high precision timing attacks) */ + * password length when subject to high precision timing attacks) + * (not necessary when comparing digests, which have defined lengths) + */ + /* Note: some libs provide similar funcs but might not obscure length, e.g. + * OpenSSL: + * int CRYPTO_memcmp(const void * in_a, const void * in_b, size_t len) + * Note: some OS provide similar funcs but might not obscure length, e.g. + * OpenBSD: int timingsafe_bcmp(const void *b1, const void *b2, size_t len) + * NetBSD: int consttime_memequal(void *b1, void *b2, size_t len) + */ + const volatile unsigned char * const av = (const unsigned char *)a; + const volatile unsigned char * const bv = (const unsigned char *)b; size_t lim = ((alen >= blen ? alen : blen) + 0x3F) & ~0x3F; - int diff = 0; + int diff = (alen != blen); /*(never match if string length mismatch)*/ for (size_t i = 0, j = 0; lim; --lim) { - diff |= (a[i] ^ b[j]); + diff |= (av[i] ^ bv[j]); i += (i < alen); j += (j < blen); } diff -Nru lighttpd-1.4.54/src/http_auth.h lighttpd-1.4.55/src/http_auth.h --- lighttpd-1.4.54/src/http_auth.h 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/src/http_auth.h 2020-02-01 02:49:09.000000000 +0000 @@ -69,7 +69,12 @@ void http_auth_scheme_set (const http_auth_scheme_t *scheme); const http_auth_backend_t * http_auth_backend_get (const buffer *name); void http_auth_backend_set (const http_auth_backend_t *backend); -int http_auth_const_time_memeq (const char *a, size_t alen, const char *b, size_t blen); + +__attribute_pure__ +int http_auth_const_time_memeq (const void *a, const void *b, size_t len); + +__attribute_pure__ +int http_auth_const_time_memeq_pad (const void *a, size_t alen, const void *b, size_t blen); void http_auth_setenv(connection *con, const char *username, size_t ulen, const char *auth_type, size_t alen); diff -Nru lighttpd-1.4.54/src/http_header.c lighttpd-1.4.55/src/http_header.c --- lighttpd-1.4.54/src/http_header.c 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/src/http_header.c 2020-02-01 02:49:09.000000000 +0000 @@ -8,48 +8,49 @@ typedef struct keyvlenvalue { const int key; + const unsigned int vlen; const char * const value; - const size_t vlen; } keyvlenvalue; /* Note: must be sorted by length */ /* Note: must be kept in sync with http_header.h enum http_header_e */ +#define CONST_LEN_STR(x) (unsigned int)(sizeof(x)-1), (x) static const keyvlenvalue http_headers[] = { - { HTTP_HEADER_HOST, CONST_STR_LEN("Host") } - ,{ HTTP_HEADER_DATE, CONST_STR_LEN("Date") } - ,{ HTTP_HEADER_ETAG, CONST_STR_LEN("ETag") } - ,{ HTTP_HEADER_VARY, CONST_STR_LEN("Vary") } - ,{ HTTP_HEADER_RANGE, CONST_STR_LEN("Range") } - ,{ HTTP_HEADER_COOKIE, CONST_STR_LEN("Cookie") } - ,{ HTTP_HEADER_EXPECT, CONST_STR_LEN("Expect") } - ,{ HTTP_HEADER_STATUS, CONST_STR_LEN("Status") } - ,{ HTTP_HEADER_SERVER, CONST_STR_LEN("Server") } - ,{ HTTP_HEADER_UPGRADE, CONST_STR_LEN("Upgrade") } - ,{ HTTP_HEADER_LOCATION, CONST_STR_LEN("Location") } - ,{ HTTP_HEADER_FORWARDED, CONST_STR_LEN("Forwarded") } - ,{ HTTP_HEADER_CONNECTION, CONST_STR_LEN("Connection") } - ,{ HTTP_HEADER_SET_COOKIE, CONST_STR_LEN("Set-Cookie") } - ,{ HTTP_HEADER_CONTENT_TYPE, CONST_STR_LEN("Content-Type") } - ,{ HTTP_HEADER_LAST_MODIFIED, CONST_STR_LEN("Last-Modified") } - ,{ HTTP_HEADER_AUTHORIZATION, CONST_STR_LEN("Authorization") } - ,{ HTTP_HEADER_IF_NONE_MATCH, CONST_STR_LEN("If-None-Match") } - ,{ HTTP_HEADER_CACHE_CONTROL, CONST_STR_LEN("Cache-Control") } - ,{ HTTP_HEADER_CONTENT_LENGTH, CONST_STR_LEN("Content-Length") } - ,{ HTTP_HEADER_ACCEPT_ENCODING, CONST_STR_LEN("Accept-Encoding") } - ,{ HTTP_HEADER_X_FORWARDED_FOR, CONST_STR_LEN("X-Forwarded-For") } - ,{ HTTP_HEADER_CONTENT_ENCODING, CONST_STR_LEN("Content-Encoding") } - ,{ HTTP_HEADER_CONTENT_LOCATION, CONST_STR_LEN("Content-Location") } - ,{ HTTP_HEADER_IF_MODIFIED_SINCE, CONST_STR_LEN("If-Modified-Since") } - ,{ HTTP_HEADER_TRANSFER_ENCODING, CONST_STR_LEN("Transfer-Encoding") } - ,{ HTTP_HEADER_X_FORWARDED_PROTO, CONST_STR_LEN("X-Forwarded-Proto") } - ,{ HTTP_HEADER_OTHER, NULL, 0 } + { HTTP_HEADER_HOST, CONST_LEN_STR("Host") } + ,{ HTTP_HEADER_DATE, CONST_LEN_STR("Date") } + ,{ HTTP_HEADER_ETAG, CONST_LEN_STR("ETag") } + ,{ HTTP_HEADER_VARY, CONST_LEN_STR("Vary") } + ,{ HTTP_HEADER_RANGE, CONST_LEN_STR("Range") } + ,{ HTTP_HEADER_COOKIE, CONST_LEN_STR("Cookie") } + ,{ HTTP_HEADER_EXPECT, CONST_LEN_STR("Expect") } + ,{ HTTP_HEADER_STATUS, CONST_LEN_STR("Status") } + ,{ HTTP_HEADER_SERVER, CONST_LEN_STR("Server") } + ,{ HTTP_HEADER_UPGRADE, CONST_LEN_STR("Upgrade") } + ,{ HTTP_HEADER_LOCATION, CONST_LEN_STR("Location") } + ,{ HTTP_HEADER_FORWARDED, CONST_LEN_STR("Forwarded") } + ,{ HTTP_HEADER_CONNECTION, CONST_LEN_STR("Connection") } + ,{ HTTP_HEADER_SET_COOKIE, CONST_LEN_STR("Set-Cookie") } + ,{ HTTP_HEADER_CONTENT_TYPE, CONST_LEN_STR("Content-Type") } + ,{ HTTP_HEADER_LAST_MODIFIED, CONST_LEN_STR("Last-Modified") } + ,{ HTTP_HEADER_AUTHORIZATION, CONST_LEN_STR("Authorization") } + ,{ HTTP_HEADER_IF_NONE_MATCH, CONST_LEN_STR("If-None-Match") } + ,{ HTTP_HEADER_CACHE_CONTROL, CONST_LEN_STR("Cache-Control") } + ,{ HTTP_HEADER_CONTENT_LENGTH, CONST_LEN_STR("Content-Length") } + ,{ HTTP_HEADER_ACCEPT_ENCODING, CONST_LEN_STR("Accept-Encoding") } + ,{ HTTP_HEADER_X_FORWARDED_FOR, CONST_LEN_STR("X-Forwarded-For") } + ,{ HTTP_HEADER_CONTENT_ENCODING, CONST_LEN_STR("Content-Encoding") } + ,{ HTTP_HEADER_CONTENT_LOCATION, CONST_LEN_STR("Content-Location") } + ,{ HTTP_HEADER_IF_MODIFIED_SINCE, CONST_LEN_STR("If-Modified-Since") } + ,{ HTTP_HEADER_TRANSFER_ENCODING, CONST_LEN_STR("Transfer-Encoding") } + ,{ HTTP_HEADER_X_FORWARDED_PROTO, CONST_LEN_STR("X-Forwarded-Proto") } + ,{ HTTP_HEADER_OTHER, 0, NULL } }; enum http_header_e http_header_hkey_get(const char *s, size_t slen) { const struct keyvlenvalue * const kv = http_headers; for (int i = 0; kv[i].vlen && slen >= kv[i].vlen; ++i) { if (slen == kv[i].vlen - && 0 == buffer_caseless_compare(s, slen, kv[i].value, kv[i].vlen)) + && buffer_eq_icase_ssn(s, kv[i].value, slen)) return (enum http_header_e)kv[i].key; } return HTTP_HEADER_OTHER; diff -Nru lighttpd-1.4.54/src/http-header-glue.c lighttpd-1.4.55/src/http-header-glue.c --- lighttpd-1.4.54/src/http-header-glue.c 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/src/http-header-glue.c 2020-02-01 02:49:09.000000000 +0000 @@ -19,7 +19,6 @@ #include -#include "sys-strings.h" #include "sys-socket.h" #include @@ -641,7 +640,7 @@ if (dlen <= xlen && (!con->conf.force_lowercase_filenames ? 0 == memcmp(path->ptr, ds->value->ptr, dlen) - : 0 == strncasecmp(path->ptr, ds->value->ptr, dlen))) { + : buffer_eq_icase_ssn(path->ptr, ds->value->ptr, dlen))) { break; } } @@ -715,7 +714,7 @@ if (dlen <= xlen && (!con->conf.force_lowercase_filenames ? 0 == memcmp(b->ptr, ds->value->ptr, dlen) - : 0 == strncasecmp(b->ptr, ds->value->ptr, dlen))) { + : buffer_eq_icase_ssn(b->ptr, ds->value->ptr, dlen))) { break; } } @@ -985,8 +984,11 @@ con->http_status = 502; /* Bad Gateway */ break; } - } else if (id == HTTP_HEADER_OTHER && key_len > 9 - && 0==strncasecmp(key, CONST_STR_LEN("Variable-"))) { + } + else if (id == HTTP_HEADER_OTHER && key_len > 9 + && (key[0] & 0xdf) == 'V' + && buffer_eq_icase_ssn(key, + CONST_STR_LEN("Variable-"))) { http_header_env_append(con, key + 9, key_len - 9, value, strlen(value)); } continue; diff -Nru lighttpd-1.4.54/src/http_header.h lighttpd-1.4.55/src/http_header.h --- lighttpd-1.4.54/src/http_header.h 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/src/http_header.h 2020-02-01 02:49:09.000000000 +0000 @@ -39,6 +39,7 @@ ,HTTP_HEADER_X_FORWARDED_PROTO = 0x04000000 }; +__attribute_pure__ enum http_header_e http_header_hkey_get(const char *s, size_t slen); buffer * http_header_response_get(connection *con, enum http_header_e id, const char *k, size_t klen); diff -Nru lighttpd-1.4.54/src/lemon.c lighttpd-1.4.55/src/lemon.c --- lighttpd-1.4.54/src/lemon.c 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/src/lemon.c 2020-02-01 02:49:09.000000000 +0000 @@ -2215,7 +2215,7 @@ case WAITING_FOR_DESTRUCTOR_SYMBOL: if( !isalpha(x[0]) ){ ErrorMsg(psp->filename,psp->tokenlineno, - "Symbol name missing after %destructor keyword"); + "Symbol name missing after %%destructor keyword"); psp->errorcnt++; psp->state = RESYNC_AFTER_DECL_ERROR; }else{ @@ -2228,7 +2228,7 @@ case WAITING_FOR_DATATYPE_SYMBOL: if( !isalpha(x[0]) ){ ErrorMsg(psp->filename,psp->tokenlineno, - "Symbol name missing after %destructor keyword"); + "Symbol name missing after %%destructor keyword"); psp->errorcnt++; psp->state = RESYNC_AFTER_DECL_ERROR; }else{ @@ -2343,14 +2343,14 @@ rewind(fp); filebuf = (char *)malloc( filesize+1 ); if( filebuf==0 ){ - ErrorMsg(ps.filename,0,"Can't allocate %d of memory to hold this file.", + ErrorMsg(ps.filename,0,"Can't allocate %zu of memory to hold this file.", filesize+1); fclose(fp); gp->errorcnt++; return; } if( fread(filebuf,1,filesize,fp)!=filesize ){ - ErrorMsg(ps.filename,0,"Can't read in all %d bytes of this file.", + ErrorMsg(ps.filename,0,"Can't read in all %zu bytes of this file.", filesize); free(filebuf); fclose(fp); diff -Nru lighttpd-1.4.54/src/Makefile.am lighttpd-1.4.55/src/Makefile.am --- lighttpd-1.4.54/src/Makefile.am 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/src/Makefile.am 2020-02-01 02:49:09.000000000 +0000 @@ -209,7 +209,7 @@ mod_vhostdb_pgsql_la_SOURCES = mod_vhostdb_pgsql.c mod_vhostdb_pgsql_la_LDFLAGS = $(common_module_ldflags) mod_vhostdb_pgsql_la_LIBADD = $(PGSQL_LIBS) $(common_libadd) -mod_vhostdb_pgsql_la_CPPFLAGS = $(PGSQL_INCLUDE) +mod_vhostdb_pgsql_la_CPPFLAGS = $(PGSQL_CFLAGS) endif if BUILD_WITH_DBI @@ -522,7 +522,7 @@ endif if BUILD_WITH_PGSQL lighttpd_SOURCES += mod_vhostdb_pgsql.c -lighttpd_CPPFLAGS += $(PGSQL_INCLUDE) +lighttpd_CPPFLAGS += $(PGSQL_CFLAGS) lighttpd_LDADD += $(PGSQL_LIBS) endif if BUILD_WITH_DBI diff -Nru lighttpd-1.4.54/src/Makefile.in lighttpd-1.4.55/src/Makefile.in --- lighttpd-1.4.54/src/Makefile.in 2019-05-27 21:04:03.000000000 +0000 +++ lighttpd-1.4.55/src/Makefile.in 2020-02-01 02:49:27.000000000 +0000 @@ -132,7 +132,7 @@ @BUILD_WITH_MYSQL_TRUE@@LIGHTTPD_STATIC_TRUE@am__append_31 = $(MYSQL_CFLAGS) @BUILD_WITH_MYSQL_TRUE@@LIGHTTPD_STATIC_TRUE@am__append_32 = $(MYSQL_LIBS) @BUILD_WITH_PGSQL_TRUE@@LIGHTTPD_STATIC_TRUE@am__append_33 = mod_vhostdb_pgsql.c -@BUILD_WITH_PGSQL_TRUE@@LIGHTTPD_STATIC_TRUE@am__append_34 = $(PGSQL_INCLUDE) +@BUILD_WITH_PGSQL_TRUE@@LIGHTTPD_STATIC_TRUE@am__append_34 = $(PGSQL_CFLAGS) @BUILD_WITH_PGSQL_TRUE@@LIGHTTPD_STATIC_TRUE@am__append_35 = $(PGSQL_LIBS) @BUILD_WITH_DBI_TRUE@@LIGHTTPD_STATIC_TRUE@am__append_36 = mod_vhostdb_dbi.c @BUILD_WITH_DBI_TRUE@@LIGHTTPD_STATIC_TRUE@am__append_37 = $(DBI_CFLAGS) @@ -1346,8 +1346,8 @@ PATH_SEPARATOR = @PATH_SEPARATOR@ PCRECONFIG = @PCRECONFIG@ PCRE_LIB = @PCRE_LIB@ +PGSQL_CFLAGS = @PGSQL_CFLAGS@ PGSQL_CONFIG = @PGSQL_CONFIG@ -PGSQL_INCLUDE = @PGSQL_INCLUDE@ PGSQL_LIBS = @PGSQL_LIBS@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ @@ -1541,7 +1541,7 @@ @BUILD_WITH_PGSQL_TRUE@mod_vhostdb_pgsql_la_SOURCES = mod_vhostdb_pgsql.c @BUILD_WITH_PGSQL_TRUE@mod_vhostdb_pgsql_la_LDFLAGS = $(common_module_ldflags) @BUILD_WITH_PGSQL_TRUE@mod_vhostdb_pgsql_la_LIBADD = $(PGSQL_LIBS) $(common_libadd) -@BUILD_WITH_PGSQL_TRUE@mod_vhostdb_pgsql_la_CPPFLAGS = $(PGSQL_INCLUDE) +@BUILD_WITH_PGSQL_TRUE@mod_vhostdb_pgsql_la_CPPFLAGS = $(PGSQL_CFLAGS) @BUILD_WITH_DBI_TRUE@mod_vhostdb_dbi_la_SOURCES = mod_vhostdb_dbi.c @BUILD_WITH_DBI_TRUE@mod_vhostdb_dbi_la_LDFLAGS = $(common_module_ldflags) @BUILD_WITH_DBI_TRUE@mod_vhostdb_dbi_la_LIBADD = $(DBI_LIBS) $(common_libadd) diff -Nru lighttpd-1.4.54/src/meson.build lighttpd-1.4.55/src/meson.build --- lighttpd-1.4.54/src/meson.build 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/src/meson.build 2020-02-01 02:49:09.000000000 +0000 @@ -29,6 +29,7 @@ conf_data.set('HAVE_SYS_DEVPOLL_H', compiler.has_header('sys/devpoll.h')) conf_data.set('HAVE_SYS_EPOLL_H', compiler.has_header('sys/epoll.h')) conf_data.set('HAVE_SYS_EVENT_H', compiler.has_header('sys/event.h')) +conf_data.set('HAVE_SYS_LOADAVG_H', compiler.has_header('sys/loadavg.h')) conf_data.set('HAVE_SYS_MMAN_H', compiler.has_header('sys/mman.h')) conf_data.set('HAVE_SYS_POLL_H', compiler.has_header('sys/poll.h')) conf_data.set('HAVE_SYS_PORT_H', compiler.has_header('sys/port.h')) @@ -151,6 +152,7 @@ conf_data.set('HAVE_INET_PTON', compiler.has_function('inet_pton', args: defs)) conf_data.set('HAVE_MEMSET_S', compiler.has_function('memset_s', args: defs)) conf_data.set('HAVE_EXPLICIT_BZERO', compiler.has_function('explicit_bzero', args: defs)) +conf_data.set('HAVE_EXPLICIT_MEMSET', compiler.has_function('explicit_memset', args: defs)) conf_data.set('HAVE_CLOCK_GETTIME', compiler.has_header_symbol('time.h', 'clock_gettime')) clock_lib = [] diff -Nru lighttpd-1.4.54/src/mod_accesslog.c lighttpd-1.4.55/src/mod_accesslog.c --- lighttpd-1.4.54/src/mod_accesslog.c 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/src/mod_accesslog.c 2020-02-01 02:49:09.000000000 +0000 @@ -1098,7 +1098,7 @@ buffer_free(bstr); break; } else { - do { ++str; } while (*str != ' ' && *str != '\t' && *str != '\0'); + while (*str != ';' && *str != ' ' && *str != '\t' && *str != '\0') ++str; } while (*str == ' ' || *str == '\t') ++str; } while (*str++ == ';'); diff -Nru lighttpd-1.4.54/src/mod_auth.c lighttpd-1.4.55/src/mod_auth.c --- lighttpd-1.4.54/src/mod_auth.c 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/src/mod_auth.c 2020-02-01 02:49:09.000000000 +0000 @@ -560,7 +560,7 @@ return mod_auth_send_401_unauthorized_basic(srv, con, require->realm); } - if (0 != strncasecmp(b->ptr, "Basic ", sizeof("Basic ")-1)) { + if (!buffer_eq_icase_ssn(b->ptr, CONST_STR_LEN("Basic "))) { return mod_auth_send_401_unauthorized_basic(srv, con, require->realm); } #ifdef __COVERITY__ @@ -601,6 +601,7 @@ case HANDLER_ERROR: default: log_error_write(srv, __FILE__, __LINE__, "sbsBsB", "password doesn't match for", con->uri.path, "username:", username, ", IP:", con->dst_addr_buf); + con->keep_alive = 0; /*(disable keep-alive if bad password)*/ rc = HANDLER_UNSET; break; } @@ -637,7 +638,7 @@ SHA256_Update(&ctx, (unsigned char *)uri, strlen(uri)); #if 0 /* qop=auth-int not supported, already checked in caller */ - if (qop && strcasecmp(qop, "auth-int") == 0) { + if (qop && buffer_eq_icase_ss(qop, strlen(qop), CONST_STR_LEN("auth-int"))){ SHA256_Update(&ctx, CONST_STR_LEN(":")); SHA256_Update(&ctx, (unsigned char *) [body checksum], ai->dlen*2); } @@ -705,7 +706,7 @@ SHA512_256_Update(&ctx, (unsigned char *)uri, strlen(uri)); #if 0 /* qop=auth-int not supported, already checked in caller */ - if (qop && strcasecmp(qop, "auth-int") == 0) { + if (qop && buffer_eq_icase_ss(qop, strlen(qop), CONST_STR_LEN("auth-int"))){ SHA512_256_Update(&ctx, CONST_STR_LEN(":")); SHA512_256_Update(&ctx, (unsigned char *)[body checksum], ai->dlen*2); } @@ -777,7 +778,7 @@ li_MD5_Update(&ctx, (unsigned char *)uri, strlen(uri)); #if 0 /* qop=auth-int not supported, already checked in caller */ - if (qop && strcasecmp(qop, "auth-int") == 0) { + if (qop && buffer_eq_icase_ss(qop, strlen(qop), CONST_STR_LEN("auth-int"))){ li_MD5_Update(&ctx, CONST_STR_LEN(":")); li_MD5_Update(&ctx, (unsigned char *) [body checksum], ai->dlen*2); } @@ -868,9 +869,9 @@ } buffer_append_string_len(b, CONST_STR_LEN("Digest realm=\"")); buffer_append_string_buffer(b, require->realm); - buffer_append_string_len(b, CONST_STR_LEN("\", charset=\"UTF-8\", algorithm=\"")); + buffer_append_string_len(b, CONST_STR_LEN("\", charset=\"UTF-8\", algorithm=")); buffer_append_string_len(b, algoname[i], algolen[i]); - buffer_append_string_len(b, CONST_STR_LEN("\", nonce=\"")); + buffer_append_string_len(b, CONST_STR_LEN(", nonce=\"")); buffer_append_uint_hex(b, (uintmax_t)cur_ts); buffer_append_string_len(b, CONST_STR_LEN(":")); (append_nonce[i])(b, cur_ts, rnd); @@ -881,6 +882,33 @@ } } +static void mod_auth_digest_authentication_info(buffer *b, time_t cur_ts, int dalgo) { + const int rnd = li_rand_pseudo(); + void(*append_nonce)(buffer *, time_t, int); + switch (dalgo) { + #ifdef USE_OPENSSL_CRYPTO + #ifdef SHA512_256_DIGEST_LENGTH + case HTTP_AUTH_DIGEST_SHA512_256: + append_nonce = mod_auth_digest_nonce_sha512_256; + break; + #endif + case HTTP_AUTH_DIGEST_SHA256: + append_nonce = mod_auth_digest_nonce_sha256; + break; + #endif + /*case HTTP_AUTH_DIGEST_MD5:*/ + default: + append_nonce = mod_auth_digest_nonce_md5; + break; + } + buffer_clear(b); + buffer_append_string_len(b, CONST_STR_LEN("nextnonce=\"")); + buffer_append_uint_hex(b, (uintmax_t)cur_ts); + buffer_append_string_len(b, CONST_STR_LEN(":")); + (append_nonce)(b, cur_ts, rnd); + buffer_append_string_len(b, CONST_STR_LEN("\"")); +} + typedef struct { const char *key; int key_len; @@ -951,7 +979,7 @@ return mod_auth_send_401_unauthorized_digest(srv, con, require, 0); } - if (0 != strncasecmp(vb->ptr, "Digest ", sizeof("Digest ")-1)) { + if (!buffer_eq_icase_ssn(vb->ptr, CONST_STR_LEN("Digest "))) { return mod_auth_send_401_unauthorized_digest(srv, con, require, 0); } else { size_t n = buffer_string_length(vb); @@ -1055,7 +1083,7 @@ } } - if (qop && strcasecmp(qop, "auth-int") == 0) { + if (qop && buffer_eq_icase_ss(qop, strlen(qop), CONST_STR_LEN("auth-int"))){ log_error_write(srv, __FILE__, __LINE__, "s", "digest: qop=auth-int not supported"); @@ -1076,9 +1104,7 @@ * uri sent in client request. */ { const size_t ulen = strlen(uri); - const size_t rlen = buffer_string_length(con->request.orig_uri); - if (!buffer_is_equal_string(con->request.orig_uri, uri, ulen) - && !(rlen < ulen && 0 == memcmp(con->request.orig_uri->ptr, uri, rlen) && uri[rlen] == '?')) { + if (!buffer_is_equal_string(con->request.orig_uri, uri, ulen)) { log_error_write(srv, __FILE__, __LINE__, "sbsssB", "digest: auth failed: uri mismatch (", con->request.orig_uri, "!=", uri, "), IP:", con->dst_addr_buf); buffer_free(b); @@ -1097,16 +1123,18 @@ return HANDLER_FINISHED; case HANDLER_ERROR: default: + con->keep_alive = 0; /*(disable keep-alive if unknown user)*/ buffer_free(b); return mod_auth_send_401_unauthorized_digest(srv, con, require, 0); } mod_auth_digest_mutate(&ai,m,uri,nonce,cnonce,nc,qop); - if (0 != memcmp(rdigest, ai.digest, ai.dlen)) { + if (!http_auth_const_time_memeq(rdigest, ai.digest, ai.dlen)) { /* digest not ok */ log_error_write(srv, __FILE__, __LINE__, "sssB", "digest: auth failed for ", username, ": wrong password, IP:", con->dst_addr_buf); + con->keep_alive = 0; /*(disable keep-alive if bad password)*/ buffer_free(b); return mod_auth_send_401_unauthorized_digest(srv, con, require, 0); @@ -1138,7 +1166,12 @@ /* nonce is stale; have client regenerate digest */ buffer_free(b); return mod_auth_send_401_unauthorized_digest(srv, con, require, ai.dalgo); - } /*(future: might send nextnonce when expiration is imminent)*/ + } + else if (srv->cur_ts - ts > 540) { /*(9 mins)*/ + /*(send nextnonce when expiration is approaching)*/ + mod_auth_digest_authentication_info(srv->tmp_buf, srv->cur_ts, ai.dalgo); + http_header_response_set(con, HTTP_HEADER_OTHER, CONST_STR_LEN("Authentication-Info"), CONST_BUF_LEN(srv->tmp_buf)); + } } http_auth_setenv(con, ai.username, ai.ulen, CONST_STR_LEN("Digest")); diff -Nru lighttpd-1.4.54/src/mod_authn_file.c lighttpd-1.4.55/src/mod_authn_file.c --- lighttpd-1.4.54/src/mod_authn_file.c 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/src/mod_authn_file.c 2020-02-01 02:49:09.000000000 +0000 @@ -356,7 +356,7 @@ mod_authn_file_digest(&ai, pw, strlen(pw)); - return (0 == memcmp(htdigest, ai.digest, ai.dlen) + return (http_auth_const_time_memeq(htdigest, ai.digest, ai.dlen) && http_auth_match_rules(require, username->ptr, NULL, NULL)) ? HANDLER_GO_ON : HANDLER_ERROR; @@ -443,7 +443,7 @@ mod_authn_file_patch_connection(srv, con, p); rc = mod_authn_file_htpasswd_get(srv, p->conf.auth_plain_userfile, CONST_BUF_LEN(username), password_buf); if (0 == rc) { - rc = http_auth_const_time_memeq(CONST_BUF_LEN(password_buf), pw, strlen(pw)) ? 0 : -1; + rc = http_auth_const_time_memeq_pad(CONST_BUF_LEN(password_buf), pw, strlen(pw)) ? 0 : -1; } buffer_free(password_buf); return 0 == rc && http_auth_match_rules(require, username->ptr, NULL, NULL) diff -Nru lighttpd-1.4.54/src/mod_authn_gssapi.c lighttpd-1.4.55/src/mod_authn_gssapi.c --- lighttpd-1.4.54/src/mod_authn_gssapi.c 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/src/mod_authn_gssapi.c 2020-02-01 02:49:09.000000000 +0000 @@ -41,6 +41,7 @@ typedef struct { buffer *auth_gssapi_keytab; buffer *auth_gssapi_principal; + unsigned short int auth_gssapi_store_creds; } plugin_config; typedef struct { @@ -101,6 +102,7 @@ config_values_t cv[] = { { "auth.backend.gssapi.keytab", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, { "auth.backend.gssapi.principal", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, + { "auth.backend.gssapi.store-creds",NULL, T_CONFIG_BOOLEAN,T_CONFIG_SCOPE_CONNECTION }, { NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET } }; @@ -117,6 +119,9 @@ cv[0].destination = s->auth_gssapi_keytab; cv[1].destination = s->auth_gssapi_principal; + cv[2].destination = &s->auth_gssapi_store_creds; + /* default enabled for backwards compatibility; disable in future */ + s->auth_gssapi_store_creds = 1; p->config_storage[i] = s; @@ -137,6 +142,7 @@ PATCH(auth_gssapi_keytab); PATCH(auth_gssapi_principal); + PATCH(auth_gssapi_store_creds); /* skip the first, the global context */ for (i = 1; i < srv->config_context->used; i++) { @@ -154,6 +160,8 @@ PATCH(auth_gssapi_keytab); } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.gssapi.principal"))) { PATCH(auth_gssapi_principal); + } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.gssapi.store-creds"))) { + PATCH(auth_gssapi_store_creds); } } } @@ -269,6 +277,13 @@ * HTTP auth Negotiate */ +static handler_t mod_authn_gssapi_send_500_server_error (connection *con) +{ + con->http_status = 500; + con->mode = DIRECT; + return HANDLER_FINISHED; +} + static handler_t mod_authn_gssapi_send_401_unauthorized_negotiate (connection *con) { con->http_status = 401; @@ -334,7 +349,7 @@ gss_name_t client_name = GSS_C_NO_NAME; buffer *sprinc; - int ret = 0; + handler_t rc = HANDLER_UNSET; buffer *t_in = buffer_init(); if (!buffer_append_base64_decode(t_in, realm_str, strlen(realm_str), BASE64_STANDARD)) { @@ -421,19 +436,24 @@ goto end; } - if (!(acc_flags & GSS_C_DELEG_FLAG)) { - log_error_write(srv, __FILE__, __LINE__, "ss", "Unable to delegate credentials for user:", token_out.value); - goto end; - } - /* check the allow-rules */ if (!http_auth_match_rules(require, token_out.value, NULL, NULL)) { goto end; } - ret = mod_authn_gssapi_store_gss_creds(srv, con, p, token_out.value, client_cred); - if (ret) - http_auth_setenv(con, token_out.value, token_out.length, CONST_STR_LEN("GSSAPI")); + if (p->conf.auth_gssapi_store_creds) { + if (!(acc_flags & GSS_C_DELEG_FLAG)) { + log_error_write(srv, __FILE__, __LINE__, "ss", "Unable to delegate credentials for user:", token_out.value); + goto end; + } + else if (!mod_authn_gssapi_store_gss_creds(srv, con, p, token_out.value, client_cred)) { + rc = mod_authn_gssapi_send_500_server_error(con); + goto end; + } + } + + http_auth_setenv(con, token_out.value, token_out.length, CONST_STR_LEN("GSSAPI")); + rc = HANDLER_GO_ON; /* success */ end: buffer_free(t_in); @@ -459,7 +479,7 @@ if (token_out.length) gss_release_buffer(&st_minor, &token_out); - return ret ? HANDLER_GO_ON : mod_authn_gssapi_send_401_unauthorized_negotiate(con); + return rc != HANDLER_UNSET ? rc : mod_authn_gssapi_send_401_unauthorized_negotiate(con); } static handler_t mod_authn_gssapi_check (server *srv, connection *con, void *p_d, const struct http_auth_require_t *require, const struct http_auth_backend_t *backend) @@ -471,7 +491,7 @@ return mod_authn_gssapi_send_401_unauthorized_negotiate(con); } - if (0 != strncasecmp(vb->ptr, "Negotiate ", sizeof("Negotiate ")-1)) { + if (!buffer_eq_icase_ssn(vb->ptr, CONST_STR_LEN("Negotiate "))) { return mod_authn_gssapi_send_400_bad_request(srv, con); } @@ -719,6 +739,8 @@ goto end; } + if (!p->conf.auth_gssapi_store_creds) goto end; + ret = krb5_cc_resolve(kcontext, "MEMORY:", &ret_ccache); if (ret) { mod_authn_gssapi_log_krb5_error(srv, __FILE__, __LINE__, "krb5_cc_resolve", NULL, kcontext, ret); diff -Nru lighttpd-1.4.54/src/mod_authn_ldap.c lighttpd-1.4.55/src/mod_authn_ldap.c --- lighttpd-1.4.54/src/mod_authn_ldap.c 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/src/mod_authn_ldap.c 2020-02-01 02:49:09.000000000 +0000 @@ -104,7 +104,7 @@ if (!buffer_string_is_empty(srv->tmp_buf)) buffer_append_string_len(srv->tmp_buf, CONST_STR_LEN(",")); for (j = 0; j < sizeof(schemes)/sizeof(char *); ++j) { - if (0 == strncasecmp(b, schemes[j], strlen(schemes[j]))) { + if (buffer_eq_icase_ssn(b, schemes[j], strlen(schemes[j]))) { break; } } diff -Nru lighttpd-1.4.54/src/mod_authn_mysql.c lighttpd-1.4.55/src/mod_authn_mysql.c --- lighttpd-1.4.54/src/mod_authn_mysql.c 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/src/mod_authn_mysql.c 2020-02-01 02:49:09.000000000 +0000 @@ -380,7 +380,7 @@ /*(compare 16-byte MD5 binary instead of converting to hex strings * in order to then have to do case-insensitive hex str comparison)*/ return (0 == http_auth_digest_hex2bin(userpw, 32, md5pw, sizeof(md5pw))) - ? memcmp(HA1, md5pw, sizeof(md5pw)) + ? http_auth_const_time_memeq(HA1, md5pw, sizeof(md5pw)) ? 0 : 1 : -1; } diff -Nru lighttpd-1.4.54/src/mod_compress.c lighttpd-1.4.55/src/mod_compress.c --- lighttpd-1.4.54/src/mod_compress.c 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/src/mod_compress.c 2020-02-01 02:49:09.000000000 +0000 @@ -15,7 +15,6 @@ #include #include -#include "sys-strings.h" #include #include @@ -564,7 +563,6 @@ munmap(start, sce->st.st_size); close(ofd); - close(ifd); /* Remove the incomplete cache file, so that later hits aren't served from it */ if (-1 == unlink(p->ofn->ptr)) { @@ -579,7 +577,6 @@ log_error_write(srv, __FILE__, __LINE__, "sbss", "reading", fn, "failed", strerror(errno)); close(ofd); - close(ifd); free(start); /* Remove the incomplete cache file, so that later hits aren't served from it */ @@ -628,8 +625,6 @@ #endif free(start); - close(ifd); - if (0 != close(ofd) || ret != 0) { if (0 == ret) { log_error_write(srv, __FILE__, __LINE__, "sbss", "writing cachefile", p->ofn, "failed:", strerror(errno)); @@ -690,7 +685,6 @@ fn, ifd); munmap(start, sce->st.st_size); - close(ifd); return -1; } } else @@ -698,7 +692,6 @@ if (NULL == (start = malloc(sce->st.st_size)) || sce->st.st_size != read(ifd, start, sce->st.st_size)) { log_error_write(srv, __FILE__, __LINE__, "sbss", "reading", fn, "failed", strerror(errno)); - close(ifd); free(start); return -1; } @@ -732,8 +725,6 @@ #endif free(start); - close(ifd); - if (ret != 0) return -1; mod_compress_note_ratio(srv, con, sce->st.st_size, @@ -798,7 +789,7 @@ while (*m == ',' || *m == ' ' || *m == '\t') { ++m; } - if (0 == strncasecmp(m, encoding, len)) { + if (buffer_eq_icase_ssn(m, encoding, len)) { /*(not a full HTTP field parse: not parsing for q-values and not handling q=0)*/ m += len; if (*m == '\0' || *m == ',' || *m == ';' || *m == ' ' || *m == '\t') diff -Nru lighttpd-1.4.54/src/mod_deflate.c lighttpd-1.4.55/src/mod_deflate.c --- lighttpd-1.4.54/src/mod_deflate.c 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/src/mod_deflate.c 2020-02-01 02:49:09.000000000 +0000 @@ -997,7 +997,7 @@ #else for (; *value; ++value) { const char *v; - while (*value == ' ' || *value == ',') continue; + while (*value == ' ' || *value == ',') ++value; v = value; while (*value!=' ' && *value!=',' && *value!=';' && *value!='\0') ++value; diff -Nru lighttpd-1.4.54/src/mod_extforward.c lighttpd-1.4.55/src/mod_extforward.c --- lighttpd-1.4.54/src/mod_extforward.c 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/src/mod_extforward.c 2020-02-01 02:49:09.000000000 +0000 @@ -228,12 +228,12 @@ if (array_get_element(config->value, "extforward.forwarder")) { const data_string * const allds = (data_string *)array_get_element(s->forwarder, "all"); - s->forward_all = (NULL == allds) ? 0 : (0 == strcasecmp(allds->value->ptr, "trust")) ? 1 : -1; + s->forward_all = (NULL == allds) ? 0 : buffer_eq_icase_slen(allds->value, CONST_STR_LEN("trust")) ? 1 : -1; for (size_t j = 0; j < s->forwarder->used; ++j) { data_string * const ds = (data_string *)s->forwarder->data[j]; char * const nm_slash = strchr(ds->key->ptr, '/'); - if (0 != strcasecmp(ds->value->ptr, "trust")) { - if (0 != strcasecmp(ds->value->ptr, "untrusted")) { + if (!buffer_eq_icase_slen(ds->value, CONST_STR_LEN("trust"))) { + if (!buffer_eq_icase_slen(ds->value, CONST_STR_LEN("untrusted"))) { log_error_write(srv, __FILE__, __LINE__, "sbsbs", "ERROR: expect \"trust\", not \"", ds->key, "\" => \"", ds->value, "\"; treating as untrusted"); } if (NULL != nm_slash) { @@ -570,10 +570,10 @@ if (extforward_check_proxy) { http_header_env_set(con, CONST_STR_LEN("_L_EXTFORWARD_ACTUAL_PROTO"), CONST_BUF_LEN(con->uri.scheme)); } - if (0 == buffer_caseless_compare(proto, protolen, CONST_STR_LEN("https"))) { + if (buffer_eq_icase_ss(proto, protolen, CONST_STR_LEN("https"))) { buffer_copy_string_len(con->uri.scheme, CONST_STR_LEN("https")); config_cond_cache_reset_item(srv, con, COMP_HTTP_SCHEME); - } else if (0 == buffer_caseless_compare(proto, protolen, CONST_STR_LEN("http"))) { + } else if (buffer_eq_icase_ss(proto, protolen, CONST_STR_LEN("http"))) { buffer_copy_string_len(con->uri.scheme, CONST_STR_LEN("http")); config_cond_cache_reset_item(srv, con, COMP_HTTP_SCHEME); } @@ -735,7 +735,7 @@ do { j -= 3; /*(k, klen, v, vlen come in sets of 4)*/ } while ((3 != offsets[j+1] /* 3 == sizeof("for")-1 */ - || 0 != buffer_caseless_compare(s+offsets[j], 3, "for", 3)) + || !buffer_eq_icase_ssn(s+offsets[j], "for", 3)) && 0 != j-- && -1 != offsets[j]); if (j < 0) break; if (-1 == offsets[j]) { --j; continue; } @@ -816,27 +816,27 @@ switch (offsets[j+1]) { #if 0 case 2: - if (0 == buffer_caseless_compare(s+offsets[j],2,"by",2)) + if (buffer_eq_icase_ssn(s+offsets[j], "by", 2)) oby = j; break; #endif #if 0 /*(already handled above to find IP prior to earliest trusted proxy)*/ case 3: - if (0 == buffer_caseless_compare(s+offsets[j],3,"for",3)) + if (buffer_eq_icase_ssn(s+offsets[j], "for", 3)) ofor = j; break; #endif case 4: - if (0 == buffer_caseless_compare(s+offsets[j],4,"host",4)) + if (buffer_eq_icase_ssn(s+offsets[j], "host", 4)) ohost = j; break; case 5: - if (0 == buffer_caseless_compare(s+offsets[j],5,"proto",5)) + if (buffer_eq_icase_ssn(s+offsets[j], "proto", 5)) oproto = j; break; case 11: - if (0 == buffer_caseless_compare(s+offsets[j],11,"remote_user",11)) + if (buffer_eq_icase_ssn(s+offsets[j], "remote_user", 11)) oremote_user = j; break; default: @@ -876,7 +876,7 @@ for (j = i; j < used && -1 == ohost; ) { if (-1 == offsets[j]) { ++j; continue; } if (4 == offsets[j+1] - && 0 == buffer_caseless_compare(s+offsets[j], 4, "host", 4)) + && buffer_eq_icase_ssn(s+offsets[j], "host", 4)) ohost = j; j += 4; /*(k, klen, v, vlen come in sets of 4)*/ } @@ -926,7 +926,7 @@ for (j = i; j < used; ) { if (-1 == offsets[j]) { ++j; continue; } if (11 == offsets[j+1] - && 0==buffer_caseless_compare(s+offsets[j],11,"remote_user",11)) + && buffer_eq_icase_ssn(s+offsets[j], "remote_user", 11)) oremote_user = j; j += 4; /*(k, klen, v, vlen come in sets of 4)*/ } @@ -968,7 +968,7 @@ for (j = 0; j < used; ) { if (-1 == offsets[j]) { ++j; continue; } if (3 == offsets[j+1] - && 0 == buffer_caseless_compare(s+offsets[j], 3, "for", 3)) { + && buffer_eq_icase_ssn(s+offsets[j], "for", 3)) { if (!buffer_string_is_empty(xff)) buffer_append_string_len(xff, CONST_STR_LEN(", ")); /* quoted-string, IPv6 brackets, and :port already removed */ diff -Nru lighttpd-1.4.54/src/mod_openssl.c lighttpd-1.4.55/src/mod_openssl.c --- lighttpd-1.4.54/src/mod_openssl.c 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/src/mod_openssl.c 2020-02-01 02:49:09.000000000 +0000 @@ -662,7 +662,7 @@ for (unsigned int i = 0, n; i < inlen; i += n) { n = in[i++]; - if (i+n > inlen) break; + if (i+n > inlen || 0 == n) break; switch (n) { #if 0 case 2: /* "h2" */ diff -Nru lighttpd-1.4.54/src/mod_proxy.c lighttpd-1.4.55/src/mod_proxy.c --- lighttpd-1.4.54/src/mod_proxy.c 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/src/mod_proxy.c 2020-02-01 02:49:09.000000000 +0000 @@ -309,7 +309,7 @@ if (NULL == k) continue; mlen = buffer_string_length(k); } - if (mlen == alen && 0 == strncasecmp(s, k->ptr, alen)) { + if (buffer_eq_icase_ss(s, alen, k->ptr, mlen)) { if (buffer_is_equal_string(ds->value, CONST_STR_LEN("-"))) { return remap_hdrs->http_host; } @@ -462,7 +462,7 @@ ++e; switch ((int)(e - s - 1)) { case 4: - if (0 == strncasecmp(s, "path", 4)) { + if (buffer_eq_icase_ssn(s, "path", 4)) { if (*e == '"') ++e; if (*e != '/') continue; off = (size_t)(e - b->ptr); @@ -472,7 +472,7 @@ } break; case 6: - if (0 == strncasecmp(s, "domain", 6)) { + if (buffer_eq_icase_ssn(s, "domain", 6)) { size_t alen = 0; if (*e == '"') ++e; if (*e == '.') ++e; diff -Nru lighttpd-1.4.54/src/mod_ssi.c lighttpd-1.4.55/src/mod_ssi.c --- lighttpd-1.4.54/src/mod_ssi.c 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/src/mod_ssi.c 2020-02-01 02:49:09.000000000 +0000 @@ -17,7 +17,6 @@ #include #include -#include "sys-strings.h" #include #include @@ -574,7 +573,7 @@ if (!con->conf.force_lowercase_filenames ? buffer_is_equal_right_len(con->physical.path, con->physical.rel_path, remain) :(buffer_string_length(con->physical.path) >= remain - && 0 == strncasecmp(con->physical.path->ptr+buffer_string_length(con->physical.path)-remain, con->physical.rel_path->ptr+i, remain))) { + && buffer_eq_icase_ssn(con->physical.path->ptr+buffer_string_length(con->physical.path)-remain, con->physical.rel_path->ptr+i, remain))) { buffer_copy_string_len(p->stat_fn, con->physical.path->ptr, buffer_string_length(con->physical.path)-remain); buffer_append_string_len(p->stat_fn, srv->tmp_buf->ptr+i, buffer_string_length(srv->tmp_buf)-i); } else { @@ -591,7 +590,7 @@ } int fd = stat_cache_open_rdonly_fstat(p->stat_fn, &stb, con->conf.follow_symlink); - if (fd > 0) { + if (fd >= 0) { time_t t = stb.st_mtime; switch (ssicmd) { @@ -677,7 +676,7 @@ break; } - if (fd > 0) close(fd); + if (fd >= 0) close(fd); } else { log_error_write(srv, __FILE__, __LINE__, "sbs", "ssi: stating failed ", diff -Nru lighttpd-1.4.54/src/mod_vhostdb_ldap.c lighttpd-1.4.55/src/mod_vhostdb_ldap.c --- lighttpd-1.4.54/src/mod_vhostdb_ldap.c 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/src/mod_vhostdb_ldap.c 2020-02-01 02:49:09.000000000 +0000 @@ -68,7 +68,7 @@ if (!buffer_string_is_empty(srv->tmp_buf)) buffer_append_string_len(srv->tmp_buf, CONST_STR_LEN(",")); for (j = 0; j < sizeof(schemes)/sizeof(char *); ++j) { - if (0 == strncasecmp(b, schemes[j], strlen(schemes[j]))) { + if (buffer_eq_icase_ssn(b, schemes[j], strlen(schemes[j]))) { break; } } diff -Nru lighttpd-1.4.54/src/mod_webdav.c lighttpd-1.4.55/src/mod_webdav.c --- lighttpd-1.4.54/src/mod_webdav.c 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/src/mod_webdav.c 2020-02-01 02:49:09.000000000 +0000 @@ -171,7 +171,6 @@ #include /* rename() */ #include /* strtol() */ #include -#include /* strncasecmp() */ #include /* getpid() linkat() rmdir() unlinkat() */ #ifndef _D_EXACT_NAMLEN @@ -1275,8 +1274,8 @@ * across a fork() system call into the child process. */ plugin_data * const p = (plugin_data *)p_d; - plugin_config *s = p->config_storage[0]; - for (int n_context = p->nconfig+1; --n_context; ++s) { + for (int i = 0; i < p->nconfig; ++i) { + plugin_config *s = p->config_storage[i]; if (!buffer_is_empty(s->sqlite_db_name) && mod_webdav_sqlite3_prep(s->sql, s->sqlite_db_name, srv->errh) == HANDLER_ERROR) @@ -3326,7 +3325,7 @@ /*(request body provided in temporary file, so ok to mmap(). * Otherwise, must check defined(ENABLE_MMAP)) */ /* chunk_reset() or chunk_free() will clean up mmap'd chunk */ - /* close c->file.fd only faster mmap() succeeds, since it will not + /* close c->file.fd only after mmap() succeeds, since it will not * be able to be re-opened if it was a tmpfile that was unlinked */ /*assert(c->type == FILE_CHUNK);*/ if (MAP_FAILED != c->file.mmap.start) @@ -4275,6 +4274,9 @@ } buffer_clear(cq->last->mem); /* file already unlink()ed */ chunkqueue_set_tempdirs(cq, cq->tempdirs, INTMAX_MAX); + /* force huge cq->upload_temp_file_size since chunkqueue_set_tempdirs() + * might truncate upload_temp_file_size to chunk.c:MAX_TEMPFILE_SIZE */ + cq->upload_temp_file_size = INTMAX_MAX; cq->last->file.is_temp = 1; return HANDLER_GO_ON; @@ -5184,7 +5186,7 @@ const char *p = h->ptr; do { if ((*p | 0x20) == 's' - && 0 == strncasecmp(p, CONST_STR_LEN("second-"))) { + && buffer_eq_icase_ssn(p, CONST_STR_LEN("second-"))) { long t = strtol(p+sizeof("second-")-1, NULL, 10); if (0 < t && t < lockdata.timeout) lockdata.timeout = t > 5 ? t : 5; @@ -5200,7 +5202,7 @@ } #if 0 else if ((*p | 0x20) == 'i' - && 0 == strncasecmp(p, CONST_STR_LEN("infinity"))) { + && buffer_eq_icase_ssn(p, CONST_STR_LEN("infinity"))) { lockdata.timeout = INT32_MAX; break; } diff -Nru lighttpd-1.4.54/src/mod_wstunnel.c lighttpd-1.4.55/src/mod_wstunnel.c --- lighttpd-1.4.54/src/mod_wstunnel.c 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/src/mod_wstunnel.c 2020-02-01 02:49:09.000000000 +0000 @@ -411,7 +411,7 @@ { for (char *s = b->ptr; s; s = strchr(s, ',')) { while (*s == ' ' || *s == '\t' || *s == ',') ++s; - if (0 == strncasecmp(s, m, mlen)) { + if (buffer_eq_icase_ssn(s, m, mlen)) { s += mlen; if (*s == '\0' || *s == ' ' || *s == '\t' || *s == ',' || *s == ';') return 1; @@ -535,7 +535,7 @@ if (NULL != vb) { for (const char *s = vb->ptr; *s; ++s) { while (*s==' '||*s=='\t'||*s=='\r'||*s=='\n') ++s; - if (0 == strncasecmp(s, "binary", sizeof("binary")-1)) { + if (buffer_eq_icase_ssn(s, CONST_STR_LEN("binary"))) { s += sizeof("binary")-1; while (*s==' '||*s=='\t'||*s=='\r'||*s=='\n') ++s; if (*s==','||*s=='\0') { @@ -544,7 +544,7 @@ break; } } - else if (0 == strncasecmp(s, "base64", sizeof("base64")-1)) { + else if (buffer_eq_icase_ssn(s, CONST_STR_LEN("base64"))) { s += sizeof("base64")-1; while (*s==' '||*s=='\t'||*s=='\r'||*s=='\n') ++s; if (*s==','||*s=='\0') { diff -Nru lighttpd-1.4.54/src/network.c lighttpd-1.4.55/src/network.c --- lighttpd-1.4.54/src/network.c 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/src/network.c 2020-02-01 02:49:09.000000000 +0000 @@ -46,7 +46,7 @@ static handler_t network_server_handle_fdevent(server *srv, void *context, int revents) { server_socket *srv_socket = (server_socket *)context; connection *con; - int loops = 0; + int loops; UNUSED(context); @@ -61,9 +61,13 @@ /* accept()s at most 100 connections directly * * we jump out after 100 to give the waiting connections a chance */ - for (loops = 0; loops < 100 && NULL != (con = connection_accept(srv, srv_socket)); loops++) { + if (srv->conns->used >= srv->max_conns) return HANDLER_GO_ON; + loops = (int)(srv->max_conns - srv->conns->used + 1); + if (loops > 100) loops = 101; + + while (--loops && NULL != (con = connection_accept(srv, srv_socket))) connection_state_machine(srv, con); - } + return HANDLER_GO_ON; } diff -Nru lighttpd-1.4.54/src/request.c lighttpd-1.4.55/src/request.c --- lighttpd-1.4.54/src/request.c 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/src/request.c 2020-02-01 02:49:09.000000000 +0000 @@ -495,13 +495,13 @@ http_request_split_value(vals, v, vlen); /* split on , */ for (size_t vi = 0; vi < vals->used; ++vi) { data_string *dsv = (data_string *)vals->data[vi]; - if (0 == buffer_caseless_compare(CONST_BUF_LEN(dsv->value), - CONST_STR_LEN("keep-alive"))) { + if (buffer_eq_icase_slen(dsv->value, + CONST_STR_LEN("keep-alive"))) { state->keep_alive_set = HTTP_CONNECTION_KEEPALIVE; break; } - else if (0 == buffer_caseless_compare(CONST_BUF_LEN(dsv->value), - CONST_STR_LEN("close"))) { + else if (buffer_eq_icase_slen(dsv->value, + CONST_STR_LEN("close"))) { state->keep_alive_set = HTTP_CONNECTION_CLOSE; break; } @@ -603,9 +603,7 @@ size_t j, jlen; /* \r\n -> \0\0 */ - #ifdef __COVERITY__ if (0 == i) return 400; - #endif if (ptr[i-1] == '\r') { ptr[i-1] = '\0'; } else if (http_header_strict) { /* '\n' */ @@ -641,13 +639,13 @@ if (*uri == '/') { /* (common case) */ buffer_copy_string_len(con->request.uri, uri, jlen); - } else if (0 == buffer_caseless_compare(uri, 7, "http://", 7) && + } else if (jlen > 7 && buffer_eq_icase_ssn(uri, "http://", 7) && NULL != (nuri = memchr(uri + 7, '/', jlen-7))) { state->reqline_host = uri + 7; state->reqline_hostlen = nuri - state->reqline_host; buffer_copy_string_len(con->request.uri, nuri, proto - nuri - 1); - } else if (0 == buffer_caseless_compare(uri, 8, "https://", 8) && + } else if (jlen > 8 && buffer_eq_icase_ssn(uri, "https://", 8) && NULL != (nuri = memchr(uri + 8, '/', jlen-8))) { state->reqline_host = uri + 8; state->reqline_hostlen = nuri - state->reqline_host; @@ -723,6 +721,19 @@ switch(*cur) { case ' ': case '\t': + /* RFC7230 Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing + * 3.2.4. Field Parsing + * [...] + * No whitespace is allowed between the header field-name and colon. In + * the past, differences in the handling of such whitespace have led to + * security vulnerabilities in request routing and response handling. A + * server MUST reject any received request message that contains + * whitespace between a header field-name and colon with a response code + * of 400 (Bad Request). A proxy MUST remove any such whitespace from a + * response message before forwarding the message downstream. + */ + if (http_header_strict) + return http_request_header_line_invalid(srv, 400, "invalid whitespace between field-name and colon -> 400"); /* skip every thing up to the : */ do { ++cur; } while (*cur == ' ' || *cur == '\t'); if (*cur != ':') { @@ -864,7 +875,7 @@ return http_request_header_line_invalid(srv, 400, "HTTP/1.0 with Transfer-Encoding (bad HTTP/1.0 proxy?) -> 400"); } - if (0 != buffer_caseless_compare(CONST_BUF_LEN(vb), CONST_STR_LEN("chunked"))) { + if (!buffer_eq_icase_slen(vb, CONST_STR_LEN("chunked"))) { /* Transfer-Encoding might contain additional encodings, * which are not currently supported by lighttpd */ return http_request_header_line_invalid(srv, 501, NULL); /* Not Implemented */ @@ -874,9 +885,25 @@ * which must not be blindly forwarded to backends */ http_header_request_unset(con, HTTP_HEADER_TRANSFER_ENCODING, CONST_STR_LEN("Transfer-Encoding")); - /*(note: ignore whether or not Content-Length was provided)*/ if (con->request.htags & HTTP_HEADER_CONTENT_LENGTH) { - http_header_request_unset(con, HTTP_HEADER_CONTENT_LENGTH, CONST_STR_LEN("Content-Length")); + /* RFC7230 Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing + * 3.3.3. Message Body Length + * [...] + * If a message is received with both a Transfer-Encoding and a + * Content-Length header field, the Transfer-Encoding overrides the + * Content-Length. Such a message might indicate an attempt to + * perform request smuggling (Section 9.5) or response splitting + * (Section 9.4) and ought to be handled as an error. A sender MUST + * remove the received Content-Length field prior to forwarding such + * a message downstream. + */ + if (http_header_strict) { + return http_request_header_line_invalid(srv, 400, "invalid Transfer-Encoding + Content-Length -> 400"); + } + else { + /* ignore Content-Length */ + http_header_request_unset(con, HTTP_HEADER_CONTENT_LENGTH, CONST_STR_LEN("Content-Length")); + } } state.con_length_set = 1; diff -Nru lighttpd-1.4.54/src/response.c lighttpd-1.4.55/src/response.c --- lighttpd-1.4.54/src/response.c 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/src/response.c 2020-02-01 02:49:09.000000000 +0000 @@ -23,6 +23,31 @@ #include #include +__attribute_cold__ +static int http_response_omit_header(connection *con, const data_string * const ds) { + const size_t klen = buffer_string_length(ds->key); + if (klen == sizeof("X-Sendfile")-1 + && buffer_eq_icase_ssn(ds->key->ptr,CONST_STR_LEN("X-Sendfile"))) + return 1; + if (klen >= sizeof("X-LIGHTTPD-")-1 + && buffer_eq_icase_ssn(ds->key->ptr,CONST_STR_LEN("X-LIGHTTPD-"))) { + if (klen == sizeof("X-LIGHTTPD-KBytes-per-second")-1 + && buffer_eq_icase_ssn(ds->key->ptr+sizeof("X-LIGHTTPD-")-1, + CONST_STR_LEN("KBytes-per-second"))) { + /* "X-LIGHTTPD-KBytes-per-second" */ + long limit = strtol(ds->value->ptr, NULL, 10); + if (limit > 0 + && (limit < con->conf.kbytes_per_second + || 0 == con->conf.kbytes_per_second)) { + if (limit > USHRT_MAX) limit= USHRT_MAX; + con->conf.kbytes_per_second = limit; + } + } + return 1; + } + return 0; +} + int http_response_write_header(server *srv, connection *con) { buffer * const b = chunkqueue_prepend_buffer_open(con->write_queue); @@ -60,23 +85,10 @@ for (size_t i = 0; i < con->response.headers->used; ++i) { const data_string * const ds = (data_string *)con->response.headers->data[i]; - if (buffer_string_is_empty(ds->value) || buffer_string_is_empty(ds->key)) continue; - if ((ds->key->ptr[0] & 0xdf) == 'X') { - if (0 == strncasecmp(ds->key->ptr, CONST_STR_LEN("X-Sendfile"))) continue; - if (0 == strncasecmp(ds->key->ptr, CONST_STR_LEN("X-LIGHTTPD-"))) { - if (0 == strncasecmp(ds->key->ptr+sizeof("X-LIGHTTPD-")-1, CONST_STR_LEN("KBytes-per-second"))) { - /* "X-LIGHTTPD-KBytes-per-second" */ - long limit = strtol(ds->value->ptr, NULL, 10); - if (limit > 0 - && (limit < con->conf.kbytes_per_second - || 0 == con->conf.kbytes_per_second)) { - if (limit > USHRT_MAX) limit= USHRT_MAX; - con->conf.kbytes_per_second = limit; - } - } - continue; - } - } + if (buffer_string_is_empty(ds->value)) continue; + if (buffer_string_is_empty(ds->key)) continue; + if ((ds->key->ptr[0] & 0xdf)=='X' && http_response_omit_header(con, ds)) + continue; buffer_append_string_len(b, CONST_STR_LEN("\r\n")); buffer_append_string_buffer(b, ds->key); @@ -215,7 +227,7 @@ size_t len = strlen(pathinfo), reqlen; if (con->conf.force_lowercase_filenames && len <= (reqlen = buffer_string_length(con->request.uri)) - && 0 == strncasecmp(con->request.uri->ptr + reqlen - len, pathinfo, len)) { + && buffer_eq_icase_ssn(con->request.uri->ptr + reqlen - len, pathinfo, len)) { /* attempt to preserve case-insensitive PATH_INFO * (works in common case where mod_alias, mod_magnet, and other modules * have not modified the PATH_INFO portion of request URI, or did so diff -Nru lighttpd-1.4.54/src/safe_memclear.c lighttpd-1.4.55/src/safe_memclear.c --- lighttpd-1.4.54/src/safe_memclear.c 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/src/safe_memclear.c 2020-02-01 02:49:09.000000000 +0000 @@ -4,7 +4,7 @@ #include -#if !defined(HAVE_MEMSET_S) && !defined(HAVE_EXPLICIT_BZERO) +#if !defined(HAVE_MEMSET_S) && !defined(HAVE_EXPLICIT_BZERO) && !defined(HAVE_EXPLICIT_MEMSET) # if defined(HAVE_WEAK_SYMBOLS) /* it seems weak functions are never inlined, even for static builds */ @@ -41,6 +41,8 @@ memset_s(s, n, 0, n); #elif defined(HAVE_EXPLICIT_BZERO) explicit_bzero(s, n); +#elif defined(HAVE_EXPLICIT_MEMSET) + explicit_memset(s, 0, n); #else safe_memset(s, 0, n); #endif diff -Nru lighttpd-1.4.54/src/server.c lighttpd-1.4.55/src/server.c --- lighttpd-1.4.54/src/server.c 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/src/server.c 2020-02-01 02:49:09.000000000 +0000 @@ -63,6 +63,10 @@ # include #endif +#ifdef HAVE_SYS_LOADAVG_H +# include +#endif + #ifdef HAVE_SYS_RESOURCE_H # include #endif @@ -922,46 +926,9 @@ } __attribute_cold__ -static void server_graceful_shutdown_maint (server *srv) { - connections *conns = srv->conns; - for (size_t ndx = 0; ndx < conns->used; ++ndx) { - connection * const con = conns->ptr[ndx]; - int changed = 0; - - if (con->state == CON_STATE_CLOSE) { - /* reduce remaining linger timeout to be - * (from zero) *up to* one more second, but no more */ - if (HTTP_LINGER_TIMEOUT > 1) - con->close_timeout_ts -= (HTTP_LINGER_TIMEOUT - 1); - if (srv->cur_ts - con->close_timeout_ts > HTTP_LINGER_TIMEOUT) - changed = 1; - } - else if (con->state == CON_STATE_READ && con->request_count > 1 - && chunkqueue_is_empty(con->read_queue)) { - /* close connections in keep-alive waiting for next request */ - connection_set_state(srv, con, CON_STATE_ERROR); - changed = 1; - } - - con->keep_alive = 0; /* disable keep-alive */ - - con->conf.kbytes_per_second = 0; /* disable rate limit */ - con->conf.global_kbytes_per_second = 0; /* disable rate limit */ - if (con->traffic_limit_reached) { - con->traffic_limit_reached = 0; - changed = 1; - } - - if (changed) { - connection_state_machine(srv, con); - } - } -} - -__attribute_cold__ static void server_graceful_state (server *srv) { - if (!srv_shutdown) server_graceful_shutdown_maint(srv); + if (!srv_shutdown) connection_graceful_shutdown_maint(srv); if (!oneshot_fd && (2 == srv->sockets_disabled || 3 == srv->sockets_disabled)) return; @@ -1831,7 +1798,6 @@ __attribute_noinline__ static void server_handle_sigalrm (server * const srv, time_t min_ts, time_t last_active_ts) { - connections *conns = srv->conns; handler_t r; switch(r = plugins_call_handle_trigger(srv)) { @@ -1877,98 +1843,8 @@ srv->config_storage[i]->global_bytes_per_second_cnt = 0; } /* if graceful_shutdown, accelerate cleanup of recently completed request/responses */ - if (graceful_shutdown && !srv_shutdown) server_graceful_shutdown_maint(srv); - /** - * check all connections for timeouts - * - */ - for (size_t ndx = 0; ndx < conns->used; ++ndx) { - connection * const con = conns->ptr[ndx]; - const int waitevents = fdevent_fdnode_interest(con->fdn); - int changed = 0; - int t_diff; - - if (con->state == CON_STATE_CLOSE) { - if (srv->cur_ts - con->close_timeout_ts > HTTP_LINGER_TIMEOUT) { - changed = 1; - } - } else if (waitevents & FDEVENT_IN) { - if (con->request_count == 1 || con->state != CON_STATE_READ) { /* e.g. CON_STATE_READ_POST || CON_STATE_WRITE */ - if (srv->cur_ts - con->read_idle_ts > con->conf.max_read_idle) { - /* time - out */ - if (con->conf.log_request_handling) { - log_error_write(srv, __FILE__, __LINE__, "sd", - "connection closed - read timeout:", con->fd); - } - - connection_set_state(srv, con, CON_STATE_ERROR); - changed = 1; - } - } else { - if (srv->cur_ts - con->read_idle_ts > con->keep_alive_idle) { - /* time - out */ - if (con->conf.log_request_handling) { - log_error_write(srv, __FILE__, __LINE__, "sd", - "connection closed - keep-alive timeout:", con->fd); - } - - connection_set_state(srv, con, CON_STATE_ERROR); - changed = 1; - } - } - } - - /* max_write_idle timeout currently functions as backend timeout, - * too, after response has been started. - * future: have separate backend timeout, and then change this - * to check for write interest before checking for timeout */ - /*if (waitevents & FDEVENT_OUT)*/ - if ((con->state == CON_STATE_WRITE) && - (con->write_request_ts != 0)) { -#if 0 - if (srv->cur_ts - con->write_request_ts > 60) { - log_error_write(srv, __FILE__, __LINE__, "sdd", - "connection closed - pre-write-request-timeout:", con->fd, srv->cur_ts - con->write_request_ts); - } -#endif - - if (srv->cur_ts - con->write_request_ts > con->conf.max_write_idle) { - /* time - out */ - if (con->conf.log_timeouts) { - log_error_write(srv, __FILE__, __LINE__, "sbsbsosds", - "NOTE: a request from", - con->dst_addr_buf, - "for", - con->request.uri, - "timed out after writing", - con->bytes_written, - "bytes. We waited", - (int)con->conf.max_write_idle, - "seconds. If this a problem increase server.max-write-idle"); - } - connection_set_state(srv, con, CON_STATE_ERROR); - changed = 1; - } - } - - /* we don't like div by zero */ - if (0 == (t_diff = srv->cur_ts - con->connection_start)) t_diff = 1; - - if (con->traffic_limit_reached && - (con->conf.kbytes_per_second == 0 || - ((con->bytes_written / t_diff) < con->conf.kbytes_per_second * 1024))) { - /* enable connection again */ - con->traffic_limit_reached = 0; - - changed = 1; - } - - con->bytes_written_cur_second = 0; - - if (changed) { - connection_state_machine(srv, con); - } - } + if (graceful_shutdown && !srv_shutdown) connection_graceful_shutdown_maint(srv); + connection_periodic_maint(srv, min_ts); } __attribute_noinline__ @@ -2004,15 +1880,18 @@ if (server_handle_sighup(srv)) return -1; } + /*(USE_ALARM not used; fdevent_poll() is effective periodic timer)*/ + #ifdef USE_ALARM if (handle_sig_alarm) { - time_t min_ts = time(NULL); - #ifdef USE_ALARM handle_sig_alarm = 0; - #endif + #endif + time_t min_ts = time(NULL); if (min_ts != srv->cur_ts) { server_handle_sigalrm(srv, min_ts, last_active_ts); } + #ifdef USE_ALARM } + #endif if (handle_sig_child) { handle_sig_child = 0; diff -Nru lighttpd-1.4.54/src/settings.h lighttpd-1.4.55/src/settings.h --- lighttpd-1.4.54/src/settings.h 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/src/settings.h 2020-02-01 02:49:09.000000000 +0000 @@ -24,6 +24,4 @@ */ #define MAX_HTTP_REQUEST_HEADER (32 * 1024) -#define HTTP_LINGER_TIMEOUT 5 - #endif diff -Nru lighttpd-1.4.54/src/sock_addr.c lighttpd-1.4.55/src/sock_addr.c --- lighttpd-1.4.54/src/sock_addr.c 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/src/sock_addr.c 2020-02-01 02:49:09.000000000 +0000 @@ -544,10 +544,9 @@ } memcpy(saddr->un.sun_path, str, hostlen); #if defined(SUN_LEN) - *len = SUN_LEN(&saddr->un); + *len = SUN_LEN(&saddr->un)+1; #else - /* stevens says: */ - *len = hostlen + sizeof(saddr->un.sun_family); + *len = offsetof(struct sockaddr_un, sun_path) + hostlen; #endif } return 1; @@ -595,11 +594,12 @@ log_error_write(srv, __FILE__, __LINE__, "SSSs(S)", "could not parse ip address ", str, " because ", gai_strerror(result), strerror(errno)); + return result; } else if (addrlist == NULL) { log_error_write(srv, __FILE__, __LINE__, "SSS", "Problem in parsing ip address ", str, ": succeeded, but no information returned"); - result = -1; + return -1; } else switch (addrlist->ai_family) { case AF_INET: memcpy(&saddr->ipv4, addrlist->ai_addr, sizeof(saddr->ipv4)); diff -Nru lighttpd-1.4.54/src/stat_cache.c lighttpd-1.4.55/src/stat_cache.c --- lighttpd-1.4.54/src/stat_cache.c 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/src/stat_cache.c 2020-02-01 02:49:09.000000000 +0000 @@ -53,6 +53,7 @@ /* the famous DJB hash function for strings */ +__attribute_pure__ static uint32_t djbhash(const char *str, const size_t len) { const unsigned char * const s = (const unsigned char *)str; @@ -62,6 +63,7 @@ } +__attribute_pure__ static uint32_t hashme(const char *str, const size_t len) { /* strip highest bit of hash value for splaytree */ @@ -340,6 +342,11 @@ if (revent & (FDEVENT_HUP|FDEVENT_RDHUP)) { /* fam closed the connection */ + log_error_write(srv, __FILE__, __LINE__, "s", + "FAM connection closed; disabling stat_cache."); + /* (although effectively STAT_CACHE_ENGINE_NONE, + * do not change here so that periodic jobs clean up memory)*/ + /*srv->srvconf.stat_cache_engine = STAT_CACHE_ENGINE_NONE; */ fdevent_fdnode_event_del(srv->ev, scf->fdn); fdevent_unregister(srv->ev, scf->fd); scf->fdn = NULL; @@ -395,6 +402,7 @@ static fam_dir_entry * fam_dir_monitor(server *srv, stat_cache_fam *scf, char *fn, size_t dirlen, struct stat *st) { + if (NULL == scf->fdn) return NULL; /* FAM connection closed; do nothing */ const int fn_is_dir = S_ISDIR(st->st_mode); /*force_assert(0 != dirlen);*/ /*force_assert(fn[0] == '/');*/ @@ -637,7 +645,7 @@ /* suffix match */ const data_string *ds = (data_string *)con->conf.mimetypes->data[i]; const size_t klen = buffer_string_length(ds->key); - if (klen <= nlen && 0 == strncasecmp(end-klen, ds->key->ptr, klen)) + if (klen <= nlen && buffer_eq_icase_ssn(end-klen, ds->key->ptr, klen)) return ds->value; } } @@ -778,12 +786,10 @@ if (blen > len && b->ptr[len] == '/' && 0 == memcmp(b->ptr, name, len)) { stat_cache_entry *sce = t->data; sce->stat_ts = 0; - #ifdef HAVE_FAM_H if (sce->fam_dir != NULL) { --((fam_dir_entry *)sce->fam_dir)->refcnt; sce->fam_dir = NULL; } - #endif } } diff -Nru lighttpd-1.4.54/src/t/test_burl.c lighttpd-1.4.55/src/t/test_burl.c --- lighttpd-1.4.54/src/t/test_burl.c 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/src/t/test_burl.c 2020-02-01 02:49:09.000000000 +0000 @@ -78,6 +78,8 @@ run_burl_normalize(psrc, ptmp, flags, __LINE__, CONST_STR_LEN("/%2B"), CONST_STR_LEN("/+")); run_burl_normalize(psrc, ptmp, flags, __LINE__, CONST_STR_LEN("/%3a"), CONST_STR_LEN("/:")); run_burl_normalize(psrc, ptmp, flags, __LINE__, CONST_STR_LEN("/%3A"), CONST_STR_LEN("/:")); + run_burl_normalize(psrc, ptmp, flags, __LINE__, CONST_STR_LEN("/%2b?x=%2b"), CONST_STR_LEN("/+?x=%2B")); + run_burl_normalize(psrc, ptmp, flags, __LINE__, CONST_STR_LEN("/%2B?x=%2B"), CONST_STR_LEN("/+?x=%2B")); run_burl_normalize(psrc, ptmp, flags, __LINE__, CONST_STR_LEN("/~test%20ä_"), CONST_STR_LEN("/~test%20%C3%A4_")); run_burl_normalize(psrc, ptmp, flags, __LINE__, CONST_STR_LEN("/\375"), "", (size_t)-2); run_burl_normalize(psrc, ptmp, flags, __LINE__, CONST_STR_LEN("/\376"), "", (size_t)-2); diff -Nru lighttpd-1.4.54/src/t/test_request.c lighttpd-1.4.55/src/t/test_request.c --- lighttpd-1.4.54/src/t/test_request.c 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/src/t/test_request.c 2020-02-01 02:49:09.000000000 +0000 @@ -310,14 +310,11 @@ assert(buffer_is_equal_string(con->request.uri, CONST_STR_LEN("/"))); - run_http_request_parse(srv, con, __LINE__, 0, + run_http_request_parse(srv, con, __LINE__, 400, "whitespace after key", CONST_STR_LEN("GET / HTTP/1.0\r\n" "ABC : foo\r\n" "\r\n")); - ds = (data_string *) - array_get_element_klen(con->request.headers, CONST_STR_LEN("ABC")); - assert(ds && buffer_is_equal_string(ds->value, CONST_STR_LEN("foo"))); run_http_request_parse(srv, con, __LINE__, 400, "whitespace within key", diff -Nru lighttpd-1.4.54/tests/docroot/123/Makefile.in lighttpd-1.4.55/tests/docroot/123/Makefile.in --- lighttpd-1.4.54/tests/docroot/123/Makefile.in 2019-05-27 21:04:03.000000000 +0000 +++ lighttpd-1.4.55/tests/docroot/123/Makefile.in 2020-02-01 02:49:27.000000000 +0000 @@ -216,8 +216,8 @@ PATH_SEPARATOR = @PATH_SEPARATOR@ PCRECONFIG = @PCRECONFIG@ PCRE_LIB = @PCRE_LIB@ +PGSQL_CFLAGS = @PGSQL_CFLAGS@ PGSQL_CONFIG = @PGSQL_CONFIG@ -PGSQL_INCLUDE = @PGSQL_INCLUDE@ PGSQL_LIBS = @PGSQL_LIBS@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ diff -Nru lighttpd-1.4.54/tests/docroot/Makefile.in lighttpd-1.4.55/tests/docroot/Makefile.in --- lighttpd-1.4.54/tests/docroot/Makefile.in 2019-05-27 21:04:03.000000000 +0000 +++ lighttpd-1.4.55/tests/docroot/Makefile.in 2020-02-01 02:49:27.000000000 +0000 @@ -276,8 +276,8 @@ PATH_SEPARATOR = @PATH_SEPARATOR@ PCRECONFIG = @PCRECONFIG@ PCRE_LIB = @PCRE_LIB@ +PGSQL_CFLAGS = @PGSQL_CFLAGS@ PGSQL_CONFIG = @PGSQL_CONFIG@ -PGSQL_INCLUDE = @PGSQL_INCLUDE@ PGSQL_LIBS = @PGSQL_LIBS@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ diff -Nru lighttpd-1.4.54/tests/docroot/www/expire/Makefile.in lighttpd-1.4.55/tests/docroot/www/expire/Makefile.in --- lighttpd-1.4.54/tests/docroot/www/expire/Makefile.in 2019-05-27 21:04:03.000000000 +0000 +++ lighttpd-1.4.55/tests/docroot/www/expire/Makefile.in 2020-02-01 02:49:27.000000000 +0000 @@ -216,8 +216,8 @@ PATH_SEPARATOR = @PATH_SEPARATOR@ PCRECONFIG = @PCRECONFIG@ PCRE_LIB = @PCRE_LIB@ +PGSQL_CFLAGS = @PGSQL_CFLAGS@ PGSQL_CONFIG = @PGSQL_CONFIG@ -PGSQL_INCLUDE = @PGSQL_INCLUDE@ PGSQL_LIBS = @PGSQL_LIBS@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ diff -Nru lighttpd-1.4.54/tests/docroot/www/go/Makefile.in lighttpd-1.4.55/tests/docroot/www/go/Makefile.in --- lighttpd-1.4.54/tests/docroot/www/go/Makefile.in 2019-05-27 21:04:03.000000000 +0000 +++ lighttpd-1.4.55/tests/docroot/www/go/Makefile.in 2020-02-01 02:49:27.000000000 +0000 @@ -216,8 +216,8 @@ PATH_SEPARATOR = @PATH_SEPARATOR@ PCRECONFIG = @PCRECONFIG@ PCRE_LIB = @PCRE_LIB@ +PGSQL_CFLAGS = @PGSQL_CFLAGS@ PGSQL_CONFIG = @PGSQL_CONFIG@ -PGSQL_INCLUDE = @PGSQL_INCLUDE@ PGSQL_LIBS = @PGSQL_LIBS@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ diff -Nru lighttpd-1.4.54/tests/docroot/www/indexfile/Makefile.in lighttpd-1.4.55/tests/docroot/www/indexfile/Makefile.in --- lighttpd-1.4.54/tests/docroot/www/indexfile/Makefile.in 2019-05-27 21:04:03.000000000 +0000 +++ lighttpd-1.4.55/tests/docroot/www/indexfile/Makefile.in 2020-02-01 02:49:27.000000000 +0000 @@ -216,8 +216,8 @@ PATH_SEPARATOR = @PATH_SEPARATOR@ PCRECONFIG = @PCRECONFIG@ PCRE_LIB = @PCRE_LIB@ +PGSQL_CFLAGS = @PGSQL_CFLAGS@ PGSQL_CONFIG = @PGSQL_CONFIG@ -PGSQL_INCLUDE = @PGSQL_INCLUDE@ PGSQL_LIBS = @PGSQL_LIBS@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ diff -Nru lighttpd-1.4.54/tests/docroot/www/Makefile.in lighttpd-1.4.55/tests/docroot/www/Makefile.in --- lighttpd-1.4.54/tests/docroot/www/Makefile.in 2019-05-27 21:04:03.000000000 +0000 +++ lighttpd-1.4.55/tests/docroot/www/Makefile.in 2020-02-01 02:49:27.000000000 +0000 @@ -276,8 +276,8 @@ PATH_SEPARATOR = @PATH_SEPARATOR@ PCRECONFIG = @PCRECONFIG@ PCRE_LIB = @PCRE_LIB@ +PGSQL_CFLAGS = @PGSQL_CFLAGS@ PGSQL_CONFIG = @PGSQL_CONFIG@ -PGSQL_INCLUDE = @PGSQL_INCLUDE@ PGSQL_LIBS = @PGSQL_LIBS@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ diff -Nru lighttpd-1.4.54/tests/Makefile.in lighttpd-1.4.55/tests/Makefile.in --- lighttpd-1.4.54/tests/Makefile.in 2019-05-27 21:04:03.000000000 +0000 +++ lighttpd-1.4.55/tests/Makefile.in 2020-02-01 02:49:27.000000000 +0000 @@ -343,8 +343,8 @@ PATH_SEPARATOR = @PATH_SEPARATOR@ PCRECONFIG = @PCRECONFIG@ PCRE_LIB = @PCRE_LIB@ +PGSQL_CFLAGS = @PGSQL_CFLAGS@ PGSQL_CONFIG = @PGSQL_CONFIG@ -PGSQL_INCLUDE = @PGSQL_INCLUDE@ PGSQL_LIBS = @PGSQL_LIBS@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ diff -Nru lighttpd-1.4.54/tests/request.t lighttpd-1.4.55/tests/request.t --- lighttpd-1.4.54/tests/request.t 2019-05-27 21:03:50.000000000 +0000 +++ lighttpd-1.4.55/tests/request.t 2020-02-01 02:49:09.000000000 +0000 @@ -8,7 +8,7 @@ use strict; use IO::Socket; -use Test::More tests => 52; +use Test::More tests => 51; use LightyTest; my $tf = LightyTest->new(); @@ -503,16 +503,6 @@ ok($tf->handle_http($t) == 0, 'static file with forbidden pathinfo'); -print "\nConnection header\n"; -$t->{REQUEST} = ( <{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.1', 'HTTP-Status' => 200, 'HTTP-Content' => '12345'."\n", 'Content-Type' => 'text/plain', 'Connection' => 'close' } ]; -ok($tf->handle_http($t) == 0, 'Connection-header, spaces before ":"'); - $t->{REQUEST} = ( <