pkgsrc/www/lighttpd/distinfo

$NetBSD: distinfo,v 1.61 2021/02/03 08:49:49 schmonz Exp $

SHA1 (lighttpd-1.4.59.tar.xz) = f954a4a2513c97e55e4f39a7648f23c7b28a15d9
RMD160 (lighttpd-1.4.59.tar.xz) = e7191e39e555549e2e932998fed9396acc18accb
SHA512 (lighttpd-1.4.59.tar.xz) = 94d312f6ac65c32057018b749c4865220b43b3e4b7fe9396848aa403ea7fdc2ccbf3f4f91daf281b754cf272a52a8bcdc689502773ea33cae36eead2785daa0f
Size (lighttpd-1.4.59.tar.xz) = 968352 bytes
SHA1 (patch-doc_config_lighttpd.conf) = 32a4b6bd32f88d05dd75f65de6ec57b203c37d8b
SHA1 (patch-doc_lighttpd.8) = e08ac362784aebaca566d0f65380b70a829d6b4e
Update to 1.4.59. From the changelog: Summary: HTTP/2 enabled by default, mod_deflate zstd support, mod_ajp13 (new), bugfixes. Future Scheduled Behavior Changes: * graceful restart/shutdown default timeout will change from 0 (infinite/no timeout) to 5 seconds (or some similar non-zero period) configure an alternative with: server.feature-flags += ("server.graceful-shutdown-timeout" => 5) * mod_compress is DEPRECATED; use mod_deflate mod_compress has been subsumed by mod_deflate Note: mod_compress config options may be removed in a future release * mod_geoip is DEPRECATED; use mod_maxminddb Note: mod_geoip will be removed from a future lighttpd release * mod_authn_mysql is DEPRECATED; use mod_authn_dbi Note: mod_authn_mysql will be removed from a future lighttpd release * mod_mysql_vhost is DEPRECATED; use mod_vhostdb_dbi or mod_vhostdb_mysql Note: mod_mysql_vhost will be removed from a future lighttpd release * mod_cml is DEPRECATED; use mod_magnet Note: mod_cml will be removed from a future lighttpd release Changes from 1.4.58: * [mod_webdav] hide unused funcs depending on build * [mod_mbedtls] include mbedtls/platform_util.h * [mod_mbedtls] use local strncmp_const() * [mod_gnutls] use local strncmp_const() * [mod_dirlisting] place vars closer to where used * [autotools] autoupdate; subst deprecated/obsolete * [autoconf] update ax_prog_cc_for_build.m4 * [core] fix crash at shutdown w/ certain config * [tests] use ephemeral ports in tests * [mod_wolfssl] minor updates for wolfSSL v4.6.0 * [doc] create-mime.conf.pl improve case handling * [mod_openssl] extend ssl.openssl.ssl-conf-cmd * [mod_extforward] config warning for module order * [mod_extforward] fix extforward.headers defaults (fixes #3051) * [multiple] use HTTP_HEADER_* enum before strcmp * [multiple] replace buffer_is_equal_caseless_string * [mod_dirlisting] quiet coverity false positive * [doc] create-mime.conf.pl improve case handling * [autoconf] fix LT_INIT syntax * [doc] create-mime.conf.pl -v for warnings * [core] fix crash in error trace if backend is down (fixes #3052) * [doc] create-mime.conf.pl -v silent for mult vnd * [mod_openssl] update LIBRESSL_VERSION_NUMBER check * [multiple] fix: honor CipherString for alt TLS lib * [mod_openssl] set Ciphersuites once API available * [mod_dirlisting] use fdopendir(), fstatat() * [mod_deflate] support Accept-Encoding: zstd * [mod_deflate] use zstd streaming API * [mod_dirlisting] hide unused variable on MacOS * [doc] add --with-zstd to INSTALL * [mod_access] mark mod_access_check attribute pure * [core] add decls in connections.h * [build] update scripts/ci-build.sh * [core] check ifdef WOLFSSL_SHA512 for SHA512 avail * [build] scripts/ci-build.sh --with-nettle * [mod_openssl] update LIBRESSL_VERSION_NUMBER check * [build] scripts/ci-build.sh w/o --with-wolfssl * [build] scripts/ci-build.sh adjustments * [build] fix typo in src/CMakeLists.txt * [build] adjust mbedtls vars in src/CMakeLists.txt * [build] scripts/ci-build.sh adjustments * [build] adjust crypto vars in src/CMakeLists.txt * [core] avoid multiple definition of SHA512_CTX * [build] adjust crypto vars in src/CMakeLists.txt * [mod_alias] modify r->physical.path in place * [build] scripts/ci-build.sh add --with-maxminddb * build] scripts/ci-build.sh remove --with-maxminddb * [mod_deflate] use zstd typedefs (minor cleanup) * [mod_deflate] compat with zstd < v1.4.0 * [multiple] fix coverity warnings * [multiple] fix TLS config string parsing * [mod_gnutls] fix ssl.ca_dn_file data access * [mod_wolfssl] wipe ssl_pemfile_pkey before free() * [mod_wolfssl] fix syntax errors * [multiple] fix TLS config string parsing * [mod_gnutls] fix alt code for coverity * [core] check more carefully after SSL_WANT_WRITE * [core] fix 100% CPU spin if traffic limit hit * [core] skip interest in POLLRDHUP after POLLRDHUP (#3059) * [TLS] detect expired stapling file at startup (fixes #3056) * [multiple] avoid duplicate parsing in trigger func (#3056) * [multiple] quiet some clang-analyzer warnings * [core] enable HTTP/2 by default * [mod_ajp13] AJPv13 Tomcat connector for lighttpd * [core] const data_unset array_get_element_klen() [core] tighten struct data_config and related code * [core] fix merging large headers across mult reads (fixes #3059) * [mod_gnutls,mod_mbedtls] recog common cipherstring * [build] fix typo in SConstruct (fixes #3061) * [mod_wolfssl] wolfSSL might repeat SNI_Callback() * [TLS] fix invalid cfg warning * [mod_openssl] fix acme-tls/1 challenge bootstrap * [TLS] set r->uri.authority empty str upon accept() * [mod_gnutls] fix acme-tls/1 challenge bootstrap * [mod_nss] fix acme-tls/1 challenge bootstrap * [mod_wolfssl] copy stapling buf for OCSP resp * [mod_mbedtls] fix acme-tls/1 challenge bootstrap * [mod_mbedtls] fix acme-tls/1 challenge bootstrap * [mod_cgi] fix assert if empty X-Sendfile path (fixes #3062) * [mod_mbedtls] restore ALPN chk after client hello * [core] re-validate h2 CONTINUATION frame len in cq * [mod_mbedtls] remove redundant condition check * [core] quiet coverity warning 2021-02-03 09:49:49 +01:00			$NetBSD: distinfo,v 1.61 2021/02/03 08:49:49 schmonz Exp $
Initial import of lighttpd-1.4.3 as www/lighttpd. LightTPD is a secure, fast, compliant, and very flexible web-server which designed and optimized for for high-performance environments. With a small memory footprint compared to other webservers, effective management of the CPU load, and advanced feature set (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more), LightTPD is the perfect solution for every server that is suffering load problems. This is loosely based on the lighttpd package from pkgsrc-wip by Piotr Stolc <socrtp@soclab.eu.org>. 2005-09-04 08:37:05 +02:00
Update to 1.4.59. From the changelog: Summary: HTTP/2 enabled by default, mod_deflate zstd support, mod_ajp13 (new), bugfixes. Future Scheduled Behavior Changes: * graceful restart/shutdown default timeout will change from 0 (infinite/no timeout) to 5 seconds (or some similar non-zero period) configure an alternative with: server.feature-flags += ("server.graceful-shutdown-timeout" => 5) * mod_compress is DEPRECATED; use mod_deflate mod_compress has been subsumed by mod_deflate Note: mod_compress config options may be removed in a future release * mod_geoip is DEPRECATED; use mod_maxminddb Note: mod_geoip will be removed from a future lighttpd release * mod_authn_mysql is DEPRECATED; use mod_authn_dbi Note: mod_authn_mysql will be removed from a future lighttpd release * mod_mysql_vhost is DEPRECATED; use mod_vhostdb_dbi or mod_vhostdb_mysql Note: mod_mysql_vhost will be removed from a future lighttpd release * mod_cml is DEPRECATED; use mod_magnet Note: mod_cml will be removed from a future lighttpd release Changes from 1.4.58: * [mod_webdav] hide unused funcs depending on build * [mod_mbedtls] include mbedtls/platform_util.h * [mod_mbedtls] use local strncmp_const() * [mod_gnutls] use local strncmp_const() * [mod_dirlisting] place vars closer to where used * [autotools] autoupdate; subst deprecated/obsolete * [autoconf] update ax_prog_cc_for_build.m4 * [core] fix crash at shutdown w/ certain config * [tests] use ephemeral ports in tests * [mod_wolfssl] minor updates for wolfSSL v4.6.0 * [doc] create-mime.conf.pl improve case handling * [mod_openssl] extend ssl.openssl.ssl-conf-cmd * [mod_extforward] config warning for module order * [mod_extforward] fix extforward.headers defaults (fixes #3051) * [multiple] use HTTP_HEADER_* enum before strcmp * [multiple] replace buffer_is_equal_caseless_string * [mod_dirlisting] quiet coverity false positive * [doc] create-mime.conf.pl improve case handling * [autoconf] fix LT_INIT syntax * [doc] create-mime.conf.pl -v for warnings * [core] fix crash in error trace if backend is down (fixes #3052) * [doc] create-mime.conf.pl -v silent for mult vnd * [mod_openssl] update LIBRESSL_VERSION_NUMBER check * [multiple] fix: honor CipherString for alt TLS lib * [mod_openssl] set Ciphersuites once API available * [mod_dirlisting] use fdopendir(), fstatat() * [mod_deflate] support Accept-Encoding: zstd * [mod_deflate] use zstd streaming API * [mod_dirlisting] hide unused variable on MacOS * [doc] add --with-zstd to INSTALL * [mod_access] mark mod_access_check attribute pure * [core] add decls in connections.h * [build] update scripts/ci-build.sh * [core] check ifdef WOLFSSL_SHA512 for SHA512 avail * [build] scripts/ci-build.sh --with-nettle * [mod_openssl] update LIBRESSL_VERSION_NUMBER check * [build] scripts/ci-build.sh w/o --with-wolfssl * [build] scripts/ci-build.sh adjustments * [build] fix typo in src/CMakeLists.txt * [build] adjust mbedtls vars in src/CMakeLists.txt * [build] scripts/ci-build.sh adjustments * [build] adjust crypto vars in src/CMakeLists.txt * [core] avoid multiple definition of SHA512_CTX * [build] adjust crypto vars in src/CMakeLists.txt * [mod_alias] modify r->physical.path in place * [build] scripts/ci-build.sh add --with-maxminddb * build] scripts/ci-build.sh remove --with-maxminddb * [mod_deflate] use zstd typedefs (minor cleanup) * [mod_deflate] compat with zstd < v1.4.0 * [multiple] fix coverity warnings * [multiple] fix TLS config string parsing * [mod_gnutls] fix ssl.ca_dn_file data access * [mod_wolfssl] wipe ssl_pemfile_pkey before free() * [mod_wolfssl] fix syntax errors * [multiple] fix TLS config string parsing * [mod_gnutls] fix alt code for coverity * [core] check more carefully after SSL_WANT_WRITE * [core] fix 100% CPU spin if traffic limit hit * [core] skip interest in POLLRDHUP after POLLRDHUP (#3059) * [TLS] detect expired stapling file at startup (fixes #3056) * [multiple] avoid duplicate parsing in trigger func (#3056) * [multiple] quiet some clang-analyzer warnings * [core] enable HTTP/2 by default * [mod_ajp13] AJPv13 Tomcat connector for lighttpd * [core] const data_unset array_get_element_klen() [core] tighten struct data_config and related code * [core] fix merging large headers across mult reads (fixes #3059) * [mod_gnutls,mod_mbedtls] recog common cipherstring * [build] fix typo in SConstruct (fixes #3061) * [mod_wolfssl] wolfSSL might repeat SNI_Callback() * [TLS] fix invalid cfg warning * [mod_openssl] fix acme-tls/1 challenge bootstrap * [TLS] set r->uri.authority empty str upon accept() * [mod_gnutls] fix acme-tls/1 challenge bootstrap * [mod_nss] fix acme-tls/1 challenge bootstrap * [mod_wolfssl] copy stapling buf for OCSP resp * [mod_mbedtls] fix acme-tls/1 challenge bootstrap * [mod_mbedtls] fix acme-tls/1 challenge bootstrap * [mod_cgi] fix assert if empty X-Sendfile path (fixes #3062) * [mod_mbedtls] restore ALPN chk after client hello * [core] re-validate h2 CONTINUATION frame len in cq * [mod_mbedtls] remove redundant condition check * [core] quiet coverity warning 2021-02-03 09:49:49 +01:00			`SHA1 (lighttpd-1.4.59.tar.xz) = f954a4a2513c97e55e4f39a7648f23c7b28a15d9`
			`RMD160 (lighttpd-1.4.59.tar.xz) = e7191e39e555549e2e932998fed9396acc18accb`
			`SHA512 (lighttpd-1.4.59.tar.xz) = 94d312f6ac65c32057018b749c4865220b43b3e4b7fe9396848aa403ea7fdc2ccbf3f4f91daf281b754cf272a52a8bcdc689502773ea33cae36eead2785daa0f`
			`Size (lighttpd-1.4.59.tar.xz) = 968352 bytes`
Fix VARBASE subst in lighttpd.conf. 2020-12-07 16:12:15 +01:00			`SHA1 (patch-doc_config_lighttpd.conf) = 32a4b6bd32f88d05dd75f65de6ec57b203c37d8b`
Update to 1.4.56. From the changelog: # Highlights - HTTP/2 support - must be enabled in lighttpd.conf in lighttpd 1.4.56; may be enabled by default in a future release - `server.feature-flags += ("server.h2proto" => "enable", "server.h2c" => "enable")` - TLS library options: OpenSSL, mbedTLS, wolfSSL, GnuTLS, NSS - mod_openssl (existing) - mod_mbedtls (experimental) - mod_wolfssl (experimental) - mod_gnutls (experimental) - mod_nss (experimental) - TLS OCSP stapling (except mbedTLS; not currently supported by mbedTLS) - TLS session ticket key rotation control (except NSS; API limitation in NSS) - mod_deflate brotli support - mod_proxy makes HTTP/1.1 requests to backends (change from HTTP/1.0) - RFC 8297 support for 103 Early Hints produced by backends (scripts) - graceful restart option to transfer listen fds (minimal pause) - `server.systemd-socket-activation = "enable"` - `server.feature-flags += ("server.graceful-restart-bg" => "enable", "server.graceful-shutdown-timeout" => "15")` # Behavior Changes - mod_openssl - default MinProtocol TLSv1.2 TLSv1 and TLSv1.1 are deprecated and no longer supported by major browsers. <https://news.netcraft.com/archives/2020/03/03/browsers-on-track-to-block-850000-tls-1-0-sites.html> If prior behavior is required, configure: `ssl.openssl.ssl-conf-cmd = ("MinProtocol" => "TLSv1")` If using openssl <= 1.0.2 (end-of-life) `ssl.openssl.ssl-conf-cmd = ("Protocol" => "-ALL, TLSv1, TLSv1.1, TLSv1.2")` - (internal) TLS session cache is disabled by default, replaced by lighttpd robust TLSv1.2 session ticket support If backward compatibility is needed: `server.feature-flags += ("ssl.session-cache" => "enable")` - (internal) openssl creates a session ticket encryption key per SSL_CTX. lighttpd 1.4.56 and later assigns a single session ticket encryption key for the lighttpd server (across all SSL_CTX) for consistency. - behavior change with ssl.ca-dn-file (uncommon); applies to client certificate verification and ssl.ca-dn-file (uncommon) If client certificate verification is enabled (ssl.verifyclient.activate = "enable"), all CAs used for client certificate verification must be present in ssl.ca-file. This is the typical use case when client certificate verification is enabled. Certificates in (optional) ssl.ca-dn-file are used to send issuer names to client when the server sends a client certificate request. These names are use by the client during certificate selection, and the server requires that the certificate sent by the client be issued by one of the subjects in ssl.ca-dn-file. (Prior behavior merged ssl.ca-file and ssl.ca-dn-file for trusted CAs. New behavior requires all trusted CAs be listed in ssl.ca-file, and a subset be duplicated into ssl.ca-dn-file to specify allowed client cert issuer.) - mod_deflate: support for bzip2 is now disabled by default in the build - (enable using `./configure --with-bzip2`) bzip2 Content-Encoding is not widely supported Prefer to build `--with-brotli` brotli Content-Encoding is more widely supported than bzip2 # Future Scheduled Behavior Changes - HTTP/2 support will be enabled by default in a future release - graceful restart/shutdown default timeout will change from 0 (infinite/no timeout) to 5 seconds (or some similar non-zero period) configure an alternative with: `server.feature-flags += ("server.graceful-shutdown-timeout" => 5)` - mod_compress is DEPRECATED; use mod_deflate mod_compress has been subsumed by mod_deflate Note: mod_compress config options may be removed in a future release - mod_geoip is DEPRECATED; use mod_maxminddb Note: mod_geoip will be removed from a future lighttpd release - mod_authn_mysql is DEPRECATED; use mod_authn_dbi Note: mod_authn_mysql will be removed from a future lighttpd release - mod_mysql_vhost is DEPRECATED; use mod_vhostdb_dbi or mod_vhostdb_mysql Note: mod_mysql_vhost will be removed from a future lighttpd release - mod_cml is DEPRECATED; use mod_magnet Note: mod_cml will be removed from a future lighttpd release 2020-11-30 11:28:33 +01:00			`SHA1 (patch-doc_lighttpd.8) = e08ac362784aebaca566d0f65380b70a829d6b4e`