kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
393274 commits 166 branches 0 tags 1.5 GiB
Commit graph

156 commits

Author SHA1 Message Date
wiz
3dbeee8487 *: recursive bump for icu 74.1 2023-11-08 13:18:02 +00:00
schmonz
a77fcce82c lighttpd: update to 1.4.73. 
From the changelog:

* [core] add .mkv to mimetype.assign builtin defaults
* [core] warn if out-of-range value for config short
* [mod_openssl] set default curves for ossl < 1.1.0
* [mod_h2] parse HEADERS flags sooner
* [mod_h2] check send window before defer frame rd
* [mod_h2] send GOAWAY to excessive request flood
* [mod_h2] h2_parse_headers_frame() adjust args
* [mod_h2] h2_recv_headers() parse trailers earlier
* [mod_h2] discard new streams after GOAWAY sent
* [mod_h2] h2_discard_headers() to HPACK-decode hdrs
* [core] parse entire server.http-parseopts list
* [mod_wstunnel] Sec-WebSocket-Protocol only if req hdr
* [mod_h2] disable h2proto if mod_h2 was not found
* [core] omit dlopen trace for mod_h2, mod_deflate
* [mod_h2] defer input parsing if large output queue
* [mod_h2] defer frame handling if stream pend close
* [mod_h2] detect and log HTTP/2 rapid reset attack
* [core] honor MBEDTLS_USE_PSA_CRYPTO for hash,rand
* [mod_mbedtls] honor MBEDTLS_USE_PSA_CRYPTO for rand
* [core] comment out li_rand_bytes() (unused)
* [mod_mbedtls] handle mbedtls 3.x partial write
* [mod_openssl] warn if openssl version < 3.0.0
* [mod_openssl] include openssl/hmac.h for boringssl
 2023-10-31 15:13:12 +00:00
wiz
90f4599de1 *: bump for openssl 3 2023-10-24 22:08:07 +00:00
schmonz
84e1cfaf68 lighttpd: update to 1.4.72. From the changelog: 
* [core] save config read from stdin across restart
* [core] warn if daemonize w/o absolute config path
* [mod_dirlisting] send Link w/ external css or js
* [mod_dirlisting] fix missing header/readme (fixes #3211)
* [core] ignore coverity warning
* [core] ignore coverity warning
* [core] reqpool.c:request_set_con()
* [core] request_init_data() minor optim
* [core] request.c:request_pool_{push,pop}
* Revert "[core] h2 http_request_parse_header() tweak"
* [core] enable config conditions on HTTP/2 PRI
* [mod_webdav] extend symlink support (non-standard)
* [mod_extforward] fix extforward.params config opt
* [mod_authn_ldap] fix config auth.require group=... (fixes #3216)
* [core] set CON_STATE_READ_POST for HTTP/2 reqbody
* [core] chunkqueue_read_squash() returns cq->first
* [core] get body from cq at offset in chunk
* [doc] update stbuehler address
* [tests] use sha crypt for fastcgi auth environment tests
* [tests] drop des-crypt and crypt-md5 auth tests - deprecated/not available on various platforms
* [core] code size: xxhash XXH_NO_STREAM
* [core] fdevent_sh_exec()
* [mod_dirlisting] http_dirlist_auto_layout_early_hints()
* [mod_dirlisting] send 103 w/ external css or js
* [mod_dirlisting] json output for /<path>/?json
* [mod_dirlisting] include ETag with cached result
* [core] import xxHash v0.8.2
* [tests] move %ENV modifications into forked child
* [mod_ssi] init hctx->wq to init alt cq tempdirs
* [tests] initialize request_st cqs in tests
* [core] chunkqueue_env_tmpdir()
* [core] config_set_defaults() reduce code size
* [tests] use current perl interpreter path for env.PERL in lighttpd.conf
* [mod_deflate] code reuse to create temp file
* [core] skip pwrite() to temp file if 0 len write
* [core] store cq->tempdirs in stack var
* [core] remove tempdirs ptr from struct chunkqueue
* [core] treat upload_temp_file_size=0 as default sz
* [core] hide unused var on _WIN32 compiler warning
* [mod_nss] nspr include prefix portability(attempt)
* [CI] scripts/ci-build.sh arg consistency;add meson
* [CI] remove wolfssl from autobuild; let rest build
* [CI] remove NSS from autobuild; let rest build
* [CI] remove mbedtls from autobuild; let rest build
* [mod_nss] nspr include prefix portability(attempt)
* [CI] ci-build.sh: adjust meson; add pam, maxminddb
* [CI] ci-build.sh: fix typo --with-pam
* [CI] remove maxminddb from autobuild,cmake; let rest build
* [CI] ci-build.sh re-enable additional dependencies
* [core] optimize for non-Range requests
* [core] allow larger number of Ranges if sorted
* [tests] test_http_range.c
* [core] attempt to quiet coverity warning
* [build] packdist.sh now produces .md for www.l.n
* [core] disable keep-alive if HTTP/1.1 CL and TE
* [core] reject empty Content-Length for HTTP/1.x
* [core] reject uppercase in unrecognized HTTP/2 hdr
* [core] warn dynamic mods listed before staticfile
* [core] dev-only internal request state debugging
* [core] short-circuit connection_state_machine_loop
* [core] reset connection-level state at con level
* [core] optim for non-throttle writes
* [core] remove connection_handle_write HTTP/1.x opt
* [core] yield writing large HTTP/1.x on slow device
* [core] tighten h2_process_streams()
* [core] h2_process_streams() simpler loop to retire
* [core] http_response_physical_pathinfo()
* [core] http_response_prepare() tweaks
* [meson] Fix 'getoption' meson typo
* [core] use different getxattr() prototype on MacOS
* [mod_deflate] do not compress any 1xx status
* [core] http_response_304(), http_response_412()
* [core] add config option to reject pathinfo
* [core] expand mimetype.assign builtin defaults
* [core] mark some cold routines noinline
* [core] add config opt to send GOAWAY for bad auth
* [core] show_features() show inotify or kqueue
* [core] stat_cache_refresh_entry()
* [core] splaytree: use all 32-bits of hash value
* [core] splaytree: compare keys directly
* [core] splaytree: splaytree_splay_nonnull()
* [core] stat_cache: stat_cache_sptree_ndx()
* [multiple] use splaytree_splay_nonnull()
* [h2] comment struct h2con h2_sid member is unused
* [mod_openssl] disable DH auto if DHParameters set
* [mod_openssl] replace deprecated openssl funcs
* [core] splaytree: splaytree_delete_splayed_node()
* [multiple] use splaytree_delete_splayed_node()
* [core] splaytree: splaytree_insert_splayed()
* [multiple] use splaytree_insert_splayed()
* [core] _WIN32 fs_win32_readlinkUTF8() (#3223)
* [mod_magnet] lighty.c.readlink() (fixes #3223)
* [core] add config option to reject pathinfo
* [mod_dirlisting] send 103 Early Hints only for h2+
* [mod_webdav] reject non-identity Content-Encoding
* [scons] include mod_h2 in static builds (fixes #3224)
* [core] http_request_validate_pseudohdrs comment
* [core] comment out redundant code
* [core] reset addtl state b4 dynamic error handler
* [core] reject Connection hdr in h2 as soon as seen
* [mod_h2] process headers for debug
* [mod_h2] comments and behavior for h2spec tests
* [multiple] mark func __attribute_returns_nonnull__
* [core] expand mimetype.assign builtin defaults
* [core] warn if IPv6 socket not supported
* [mod_simple_vhost,mod_evhost] check host strict
* [mod_simple_vhost,mod_evhost] minor code transform
* [mod_magnet] quiet 32-bit compiler warning
 2023-10-08 17:46:08 +00:00
schmonz
49da0231ee Update to 1.4.71. From the changelog: 
* [mod_h2] HTTP/2 separate module; no longer builtin
* [mod_magnet] fix static build using autoconf (fixes #3203)
* [core] fix new use of posix_spawn with some glibc (fixes #3201)
* [core] check getaddrinfo EAI_ADDRFAMILY w/ glibc
* [core] quiet lemon.c clang C2x warnings
* [core] compile w/o posix_spawn() on iOS
* [core] fix crash due to missing initialization (fixes #3207)
* [core] request_init() separate static func
* [multiple] remove some unused/redundant includes
* [core] server.modules s/mod_compress/mod_deflate/
* [core] preproc consistency #pragma GCC diagnostic
* [core] update ls-hpack
* [core] use empty value in srvconf.config_touched
* [core] provide mimetype.assign default if unset
* [mod_vhostdb_mysql] MySQL missing mysql_get_socket (fixes #3208)
* [core] clarify comment
 2023-05-27 20:31:40 +00:00
schmonz
cccf412c54 Update to 1.4.70. From the changelog: 
* [autotools] chmod u+w configparser.c for lemon
* [build] skip build separate modules for built-ins
* [core] cache format secs for high prec errlog
* [mod_maxminddb] check remote IP each request (fixes #3191)
* [multiple] store ptrs to remote addr in request_st (#3192)
* [mod_extforward] manage remote addr per request (fixes #3192)
* [core] use C23 memset_explicit() were available
* [mod_accesslog] %{mask}a to mask/anonymize IP
* [core] cast to fix compiler error in prior commit
* [scons] fix static build to include builtin_mods
* [core] h2_recv_headers() tweak to reduce code size
* [core] h2_get_stream_req() code reuse
* [core] h2: remove obsolete comment
* [core] h2 mark :status matching lsxpack enum value
* [core] h2 match w/ lsxpack pseudo-header key only
* [core] limit server.max-request-field-size <=65535
* [core] permit shell HERE docs to specify config
* [core] add members to http_header_parse_ctx
* [mod_extforward] typo in comment
* [mod_openssl] SSL_CTX_set_options() takes uint64_t
* [core] reorder enum handler_t
* [core] connection_handle_request_start_state()
* [core] check chunk file open early in mmap viewadj (fixes #3197)
* [core] h2 http_request_parse_header() tweak
* [mod_extforward] recognize unix domain sockets (fixes #3198)
* [mod_magnet] support ./configure --with-lua=luajit (#3199)
* [core] remove instance of devel debug code
* [core] quiet coverity warning
* [core] connection_check_upgrade() h2_upgrade_h2c()
* [core] CON_STATE_REQUEST_END transient state
* [core] expose request_set_state() for internal use
* [core] h2_send_goaway_graceful()
* [core] h2_check_timeout()
* [core] h2_process_streams()
* [core] h2_recv_reqbody()
* [core] HTTP_VERSION_3 enum value
* [core] r->x union w/ structs for r->x.{h1}
* [core] r->x union w/ structs for r->x.{h1,h2}
* [core] http_dispatch[] tables for HTTP proto vers
* [core] hxcon "base class" for h2con
* [mod_h2] HTTP/2 module: mod_h2
* [multiple] optimistic client read only if HTTP/1.x
* [core] use posix_spawn() where available
* [mod_cgi] comment about caching target dirname
* [meson] update comment with build flags
* [meson] check FORCE_{WOLFSSL,MBEDTLS}_CRYPTO
* [mod_auth] warn if auth.require path never matches
* [core] h1.[ch] collect some HTTP/1.x specific code
* [core] noinline connection shutdown, reset
* [TLS] $SERVER["socket"] inherit global ssl.engine
* [mod_proxy] match "map-host-response" "-" w/ Host
* [core] noinline stat_cache_sptree_find()
* [core] rename http_kv funcs, reorder http_versions
* [mod_cgi] move fd count to cgi_create_env()
* [mod_cgi] reduce code size
* [mod_cgi] do not issue trace if CGI closes input
* [mod_cgi] cgi_create_err() cold err handling func
* [core] always decr fd count upon socket close()
* [mod_mbedtls] check MBEDTLS_DEBUG_C for debug func
* [core] return pid_t from fdevent_waitpid()
* [meson] build fix for builtin_mods
* [core] move some shared funcs to call from modules
* [build] move some files to call from modules
* [mod_cgi] doubly-linked list of CGI pids
* [mod_cgi] reuse fd already opened to /dev/null
* [mod_cgi] reset upload_temp_file_size in CGI close
* [tests] copy confs for running tests in alt dir
* [scons] avoid dup mod_h2 module in static build
* [autoconf] include fs_win32.h in hdrs for dpkg
* [mod_openssl] SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE
* [core] quiet coverity warning
* [mod_openssl] FreeBSD: check "kern.ipc.tls.enable"
* [core] fix HTTP/2 use of http_response_loop()
* [mod_openssl] check kernel support for KTLS
* [core] posix_spawnattr_setcwd_np() on QNX
* [core] posix_spawn_file_actions_addclosefrom_np()
* [core] Mac OS POSIX_SPAWN_CLOEXEC_DEFAULT
* [core] modify use of posix_spawnattr_setsigdefault
* [core] fdevent_load_file() check if limit exceeded
* [tests] tests/prepare.sh comment w/ alt build root
* [core] treat mod_h2 as built-in module (for now)
 2023-05-10 13:32:48 +00:00
adam
b8410cfcaf revbump after textproc/icu update 2023-04-19 08:08:03 +00:00
schmonz
bb2da9ecfd Update to 1.4.69. From the changelog: 
* [meson] remove t/test_mod_evasive.c
* [doc] remove references to removed modules
* [cmake] add doc/CMakeLists.txt to dist tar ball (#3181)
* [meson] add meson.build to install man pages (fixes #3181)
* [meson] fix typo in sbindir
* [core] update ls-hpack
* [cmake] remove -I/usr/include/mysql for mysql.h (#3181)
* [cmake] add -DWITH_LUA_VERSION= to specify lua ver (#3181)
* [cmake] use mysql_config cflags and ldflags (#3181)
* [cmake] do not link with fam if inotify or kqueue
* [TLS] fix spurious warning trace (fixes #3182)
* [multiple] codespell: correct spelling in comments
* [multiple] spelling: github action check-spelling
* [lemon] upgrade LEMON parser to SQLite maint ver
* [build] modify arguments to updated LEMON parser
* [core] build configparser.y w/ -Werror workarounds
* [lemon] fix -Wpendantic warnings for bad casts
* [core] avoid accept4() on ARM unless detected
* [cmake] use CMAKE_CURRENT_SOURCE_DIR
* [cmake] SERVER_SRC variable
* [multiple] quiet some coverity false positives
* [cmake] use LIGHTTPD_MODULES_DIR as relative path (fixes #3185)
* [core] add missed h2 state transition (fixes #3186)
* [core] remove cygwin O_NOFOLLOW workaround
* [multiple] clang -Wstrict-prototypes for C2x
* [core] reset SIGUSR1 to SIG_DFL before execve()
* [mod_webdav] modify OPTIONS response if no db cfg
* [mod_webdav] MOD_WEBDAV_BUILD_MINIMAL preproc opt
* [core] pass fdn to fdevent_sched_close,_unregister
* [core] disable sendfile() on TARGET_OS_IPHONE
* [core] iOS does not provide netinet/tcp_fsm.h
* [core] move headers to help isolate fdevent layer
* [core] avoid select() FD_ISSET repeat on active fds
* [core] gw_backend more precise backend env alloc
* [core] fdevent_poll_poll avoid potential race
* [tests] quickly exit tests/request.t if GET / fail
* [tests] adjust outdated opt in tests/lighttpd.conf
* [autotools] add mod_evhost to static build list
* [autotools] skip modules build if LIGHTTPD_STATIC
* [mod_cgi] cygwin supports CGI file I/O redirection
* [mod_dirlisting] use fdevent_rename() wrapper
* [core] path-info in debug trace may be unset
* [core] reset path-info for cgi.local-redir
* [autotools] fix typo in -I used --with-pcre2=/path (fixes #3190)
* [mod_webdav] send 409 Conflict if PUT miss parent
* [core] fix HTTP/2 HEADERS frame parsing bug
* [core] remove extra HTTP/2 HEADERS frame len check
 2023-02-11 01:47:30 +00:00
wiz
7c36f7ea02 lighttpd: update to 1.4.68. 
Important changes:
* stronger TLS defaults (as previously announced)
* KTLS sendfile in mod_openssl and mod_gnutls, if available and enabled
* removal of deprecated modules
 2023-01-04 09:37:37 +00:00
adam
cc34ee3bc6 massive revision bump after textproc/icu update 2022-11-23 16:18:32 +00:00
wiz
dbe1a54e9d *: bump PKGREVISION for libunistring shlib major bump 2022-10-26 10:31:34 +00:00
schmonz
601365eca9 Update to 1.4.67. From the changelog: 
* Update comment about TCP_INFO on OpenBSD
* [mod_ajp13] fix crash with bad response headers (fixes #3170)
* [core] handle RDHUP when collecting chunked body
* [core] tweak streaming request body to backends
* [core] handle ENOSPC with pwritev() (#3171)
* [core] manually calculate off_t max (fixes #3171)
* [autoconf] force large file support (#3171)
* [multiple] quiet coverity warnings using casts
* [meson] add license keyword to project declaration
 2022-09-18 11:29:15 +00:00
wiz
71d35ce8b2 *: recursive PKGREVISION bump for mbedtls shlib major increases 2022-08-11 06:41:57 +00:00
schmonz
20eca54d54 Update to 1.4.66. From the changelog: 
* [core] h2: optim: send window update in 16k units
* [mod_magnet] reset for http-response-send-file
* [multiple] fix json encoding
* [core] buffer_append_bs_escaped_json()
* [autoconf] update ax_prog_cc_for_build.m4
* [doc] add libdeflate to INSTALL
* [mod_webdav] cold func if xml reqbody w/o db conf
* [mod_webdav] check reqbody Content-Type is XML
* [doc] more consistent use of vars in examples
* [core] do not load indexfile, dirlisting if unused
* [mod_dirlisting] send ETag, Cache-Control w/ cache
* [mod_openssl] compile compat w/ openssl < 1.1.0
* [mod_webdav] webdav_reqbody_type_xml() fixes
* [core] clarify server.username = "root" error msg
* [mod_wolfssl] compat with older wolfssl versions
* [core] fix li_base64_dec() on whitespace
* [core] perf tweak buffer_eq_icase_ssn()
* [mod_deflate] fix use of libdeflate for files>128k (fixes #3161)
* [core] fix buffer_substr_replace() extend (fixes #3160)
* [mod_webdav] build with Android NDK
* [core] check r->http_status before handling Range
* [core] preprocessor option to force crypto lib
* [core] fix SIGUSR1 graceful restart w/ TLS (fixes #3164)
* [mod_authn_gssapi] warn if no confidentiality flag (fixes #3163)
* [mod_wstunnel] fix crash with bad hybivers (fixes #3165)
* [core] perf: adjust max h2 stream send increment
* [core] fix HTTP/2 downloads >= 4GiB (fixes #3166)
 2022-08-09 14:19:22 +00:00
wiz
8292204475 *: recursive bump for perl 5.36 2022-06-28 11:30:51 +00:00
schmonz
9af875c7fe Update to 1.4.65. From the changelog: 
HIGHLIGHTS
* WebSockets over HTTP/2
  RFC 8441 Bootstrapping WebSockets with HTTP/2
* HTTP/2 PRIORITY_UPDATE
  RFC 9218 Extensible Prioritization Scheme for HTTP
* prefix/suffix conditions in lighttpd.conf
* mod_webdav safe partial-PUT
  webdav.opts += ("partial-put-copy-modify" => "enable")
* mod_accesslog option: accesslog.escaping = "json"
* mod_deflate libdeflate build option
* speed up request body uploads via HTTP/2

BEHAVIOR CHANGES:

* change default server.max-keep-alive-requests = 1000 to adjust
  to increasing HTTP/2 usage and to web2/web3 application usage
  (prior default was 100)
* mod_status HTML now includes HTTP/2 control stream id 0 in the output
  which contains aggregate counts for the HTTP/2 connection
  (These lines can be identified with URL '*', part of "PRI *" preface)
  alternative: https://wiki.lighttpd.net/ModMagnetExamples#lua-mod_status
* MIME type application/javascript is translated to text/javascript (RFC 9239)
 2022-06-13 15:34:54 +00:00
adam
f5e35d538b revbump for textproc/icu update 2022-04-18 19:09:40 +00:00
schmonz
d9893cb86a Update to 1.4.64. From the changelog: 
## Important changes

* remove deprecated modules, bugfixes, CVE-2022-22707 (rare configs)

## Behavior Changes

(previously announced and scheduled)

* graceful restart/shutdown timeout changed from 0 (disabled) to 8 seconds
  configure an alternative with:
  server.feature-flags += ("server.graceful-shutdown-timeout" => 8)

* build: lighttpd defaults to --with-pcre2 instead of --with-pcre
  pcre2 is current. pcre is no longer maintained.
  Explicitly specify --with-pcre in build to use pcre instead of pcre2.

* deprecated modules (previously announced) have been removed
  * mod_authn_mysql
  * mod_mysql_vhost
  * mod_cml
  * mod_flv_streaming
  * mod_geoip
  * mod_trigger_b4_dl

## Changes from 1.4.63

* [core] fix trace issued for loading mod_auth (fixes #3121)
* [meson] need -lrt with glibc < 2.17 (fixes #3120)
* [core] adjust time jump detection (fixes #3123)
* [core] make setrlimit() warn, not fatal
* [core] add remote IP to some error msgs (fixes #3122)
* [mod_webdav] If-None-Match on non-existent entity
* [build] check getxattr before attr_get and -lattr
* [doc] SELinux: setsebool -P httpd_setrlimit on
* [build] create sha512sum file with release
* [build] CI builds now use make -j 2
* [core] http_response_send_file() takes const path
* [core] use ETag response header to check cachable
* [core] add more const to stat_cache_update_entry()
* [multiple] remove r->physical.etag
* [mod_magnet] interface to http_response_send_file
* [build] add headers for sendfile() detect on MacOS
* [core] http_response_write_prepare optimization
* [core] define static_assert for uClibc (fixes #3127)
* [build] -Wno-implicit-fallthrough for ls-hpack
* [core] ignore pcre2 "bad JIT option" warning
* [build] pcre2: use pkg-config before pcre2-config
* [core] http_response_has_error_handler()
* [core] consolidate request restart loop check
* [core] defer retrieving Last-Modified until needed
* [mod_dirlisting] fix logic inversion in cache
* [core] mark expect cond in http_response_send_file
* [core] connection_handle_read_state() tweak
* [core] connection_state_machine_loop() tweaks
* [core] connection_state_machine_h2() tweaks
* [core] quiet coverity noise
* [core] use lower limit for max-fds if !setrlimit
* [build] do not check for prctl; HAVE_PRCTL unused
* [core] server.core-files support on FreeBSD (fixes #3128)
* [mod_extforward] support longer PROXY v2 TLV vec
* [mod_webdav] detect truncated copy_file_range()
* [mod_webdav] copy_file_range() new in FreeBSD 13
* [mod_webdav] copy_file_range() new in FreeBSD 13
* [build] feature consistency between build types
* [build] cmake build now defaults to C11
* [core] CCRandomGenerateBytes() for rand on macOS (fixes #3129)
* [multiple] remove long-deprecated modules
* [build] default --with-pcre2 unless --with-pcre
* [core] "server.graceful-shutdown-timeout" => 8
* [build] adjust trace for regex-conditionals
* [build] update tests/SConscript
* [core] errno_t detection on Illumos
* [build] cmake build now defaults to C11
* [build] meson: find pcre2 w/o pkg-config
* [core] define _EXTENSIONS_ on Illumos
* [build] cmake,meson socket libs for win32, Illumos (fixes #3130)
* [core] hide bsd_accept_filter code on OpenBSD (fixes #3131)
* [core] errno_t and rsize_t detection on Illumos
* [mod_webdav] copy acceleration
* [mod_webdav] define HAVE_RENAMEAT2 earlier
* [build] meson misdetects mempcpy on some platforms
* [build] cmake: skip "-Wl,-export-dynamic" Illumos
* [build] adjust .gitignore for macOS
* [build] meson crypt and dl detection on *BSD (fixes #3133)
* [core] /dev/null is a symlink on Illumos (fixes #3132)
* [core] server.core-files support for solaris (fixes #3135)
* [build] feature consistency between build types
* [build] Haiku build fix (fixes #3136)
* [lemon] silence coverity warnings
* [cmake] raise minimum version to 3.7
* [cmake] add address/undefined sanitize compile options
* [asan tests] fix memory leaks
* [array] use speaking names for array "fn" vtables for better debugging experience
* [ci] add cmake-asan build type
* [core] buffer_copy_string() use "" if s is NULL
* [mod_authn_gssapi] code reuse: fdevent_mkostemp()
* [mod_authn_gssapi] reduce KRB5CCNAME mem alloc
* [build] adjust help strings for pcre2 default
* [core] (const char *) for srvconf.modules_dir
* [multiple] remove buffer_init_string()
* [multiple] remove buffer_init_buffer()
* [mod_extforward] fix out-of-bounds (OOB) write (fixes #3134)
* [build] use -fstack-protector-strong w/ extra warn
* [build] collect Sun-specific headers and funcs
* [build] collect Sun-specific headers and funcs
* [build] rm redundant check for -lnetwork on Haiku
* [build] check headers before some funcs
* [core] allow LISTEN_PID to be ppid if TRACEME (fixes #3137)
* [core] allow tests/tmp/bind.conf override (#3137)
* [mod_webdav] no sys/ioctl.h on _WIN32
* [tests] _WIN32 adjustments in LightyTest.pm
* [tests] revert _WIN32 adjustments in LightyTest.pm
* [mod_gnutls] lift size check out of DN loop
* [mod_mbedtls] lift size check out of DN loop
* [mbedtls] save (mbedtls_ssl_config *) in hctx
* [multiple] permit UTF-8 in SSL_CLIENT_S_DN_*
* [mod_openssl] do not esc UTF-8 in cert subject
* [mod_mbedtls] reconstruct SSL_CLIENT_S_DN
* [mod_mbedtls] changes to build with mbedtls 3.0.0
* [mod_mbedtls] remove use of out_left in mbedtls 3
* [mod_mbedtls] mbedtls_ssl_conf_groups for 3.1.0

pkgsrc changes:

- Remove options 'gdbm' and 'memcached', no longer used
 2022-01-19 21:41:48 +00:00
adam
b6d9bd86bc revbump for icu and libffi 2021-12-08 16:01:42 +00:00
schmonz
54dda9f65d Reorder CONFIGURE_ARGS from previous. NFCI. 2021-12-05 18:17:24 +00:00
schmonz
af4e7e3e07 Update to 1.4.63. From the changelog: 
- [core] import xxHash v0.8.1
- [core] isolate use of sys/filio.h
- [core] fix reqpool mem corruption in 1.4.62 (fixes #3118)

pkgsrc changes:

- Link with pkgsrc xxhash instead of the vendored copy
 2021-12-05 18:15:19 +00:00
schmonz
516794c99f Update to 1.4.62. From the changelog: 
- support pcre2; HTTP Digest auth userhash; bugfixes

pkgsrc changes:

- switch to pcre2
 2021-12-03 15:55:54 +00:00
schmonz
5c47ce83e3 Apply upstream 584a69c4 to fix use-after-free. Bump PKGREVISION. 2021-11-03 15:06:51 +00:00
wiz
f194511ab4 lighttpd: update to 1.4.61. 
Add missing test dependency.

- 1.4.61 - 2021-10-28
  * [core] define __BEGIN_DECLS, __END_DECLS if needed
  * [core] Y2038: error log high-precision timestamps
  * [multiple] __attribute_nonnull__ now takes params
  * [core] bounds check while url-decoding
  * [mod_magnet] prefer lua_newuserdatauv() w/ lua 5.4
  * [core] earlier macOS need define for errno_t (fixes #3107)
  * [tests] force POSIX::WNOHANG() autovivification (fixes #3110)
  * [mod_dirlisting] sort "../" to top (fixes #3109)
  * [tests] force Fcntl::F_SETFD() autovivification (#3110)
  * [core] avoid repeated typedef for fdlog_st
  * [doc] update INSTALL
  * [mod_extforward] keep remote IP thru request reset
  * [core] fix HTTP/2 upload > 64k w/ max-request-size (fixes #3108)
  * [mod_auth] fix Basic auth passwd cache (fixes #3112)
  * [mod_ajp13,mod_fastcgi] comment: no response body
  * [mod_webdav] ignore PROPFIND Depth for files
  * [core] add comment to ck_memeq_const_time()
  * [core] accept up to 5 digit port num in host cond
  * [core] expose chunkqueue_remove_empty_chunks()
  * [core] short-circuit if response body recv w/ hdrs (fixes #3111)
  * [core] resched HTTP/2 streams w/ pending data (#3111)
  * [core] separate func for gw_authorizer_ok()
  * [core] make ck_memeq_const_time() more generic (#3112)
  * [mod_auth] revert adjustment to auth passwd cache (#3112)
  * [core] thwart h2c smuggling when Upgrade enabled
  * [core] separate funcs to check for valid chars
  * [core] thwart h2 request tunnelling
  * [core] clear shared log buffer after writes
  * [mod_nss] quiet trace for PR_END_OF_FILE_ERROR
  * [core] allow debug.log-state-handling in condition
  * [core] combine more dup header processing code
  * [mod_ajp13,mod_fastcgi] check resp w/ content len
  * [mod_proxy] Length Req if proxy forcing HTTP/1.0
  * [core] restart dead proc on connect error if local
  * [mod_ajp13,mod_fastcgi] recv_parse smaller funcs
  * [multiple] warn deprecated mods slated for removal
  * [core] remove redundant checks in same context
  * [core] tighten chunkqueue_steal* code; better asm
  * [build] check for preadv(), pwritev()
  * [core] pwritev w/ chunkqueue_steal_with_tempfiles
  * [core] tighten chunkqueue_mark_written; better asm
  * [doc] uncomment mod_auth load in conf.d/auth.conf
  * [core] tighten chunkqueue_small_resp_optim()
  * [core] chunkqueue_small_resp_optim if resp < 16k
  * [mod_auth] clear crypt() output if len >= 13
  * [multiple] add assert after malloc in two spots
  * [core] add HTTP/2 check resp finished w/ empty cq (#3111)
  * [core] chunkqueue_small_resp_optim() comment
 2021-10-29 07:11:36 +00:00
nia
0a4acf7fe3 www: Replace RMD160 checksums with BLAKE2s checksums 
All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Not committed (merge conflicts):
www/nghttp2/distinfo

Unfetchable distfiles (almost certainly fetched conditionally...):
./www/nginx-devel/distinfo array-var-nginx-module-0.05.tar.gz
./www/nginx-devel/distinfo echo-nginx-module-0.62.tar.gz
./www/nginx-devel/distinfo encrypted-session-nginx-module-0.08.tar.gz
./www/nginx-devel/distinfo form-input-nginx-module-0.12.tar.gz
./www/nginx-devel/distinfo headers-more-nginx-module-0.33.tar.gz
./www/nginx-devel/distinfo lua-nginx-module-0.10.19.tar.gz
./www/nginx-devel/distinfo naxsi-1.3.tar.gz
./www/nginx-devel/distinfo nginx-dav-ext-module-3.0.0.tar.gz
./www/nginx-devel/distinfo nginx-rtmp-module-1.2.2.tar.gz
./www/nginx-devel/distinfo nginx_http_push_module-1.2.10.tar.gz
./www/nginx-devel/distinfo ngx_cache_purge-2.5.1.tar.gz
./www/nginx-devel/distinfo ngx_devel_kit-0.3.1.tar.gz
./www/nginx-devel/distinfo ngx_http_geoip2_module-3.3.tar.gz
./www/nginx-devel/distinfo njs-0.5.0.tar.gz
./www/nginx-devel/distinfo set-misc-nginx-module-0.32.tar.gz
./www/nginx/distinfo array-var-nginx-module-0.05.tar.gz
./www/nginx/distinfo echo-nginx-module-0.62.tar.gz
./www/nginx/distinfo encrypted-session-nginx-module-0.08.tar.gz
./www/nginx/distinfo form-input-nginx-module-0.12.tar.gz
./www/nginx/distinfo headers-more-nginx-module-0.33.tar.gz
./www/nginx/distinfo lua-nginx-module-0.10.19.tar.gz
./www/nginx/distinfo naxsi-1.3.tar.gz
./www/nginx/distinfo nginx-dav-ext-module-3.0.0.tar.gz
./www/nginx/distinfo nginx-rtmp-module-1.2.2.tar.gz
./www/nginx/distinfo nginx_http_push_module-1.2.10.tar.gz
./www/nginx/distinfo ngx_cache_purge-2.5.1.tar.gz
./www/nginx/distinfo ngx_devel_kit-0.3.1.tar.gz
./www/nginx/distinfo ngx_http_geoip2_module-3.3.tar.gz
./www/nginx/distinfo njs-0.5.0.tar.gz
./www/nginx/distinfo set-misc-nginx-module-0.32.tar.gz
 2021-10-26 11:29:14 +00:00
wiz
b5d6d92ccd *: recursive bump for heimdal 7.7.0 
its buildlink3.mk now includes openssl's buildlink3.mk
 2021-10-21 07:46:31 +00:00
schmonz
e06e36d812 Fix macOS build ("error: unknown type name 'errno_t'") with upstream 
patch 2a3cca7.
 2021-10-10 21:09:55 +00:00
nia
973412e332 www: Remove SHA1 hashes for distfiles 2021-10-07 15:06:57 +00:00
wiz
a6c9354587 lighttpd: update to 1.4.60. 
Highlights

* improve performance, reduce memory use, bugfixes
* HTTP/2 smoother and lower memory use (in general)
* HTTP/2 tuning to better handle aggressive client initial requests
* reduce memory footprint; workaround poor glibc behavior; jemalloc is better
* mod_magnet lua performance improvements
* mod_dirlisting performance improvements and new caching option
* memory constraints for extreme edge cases in mod_dirlisting, mod_ssi, mod_webdav
* connect(), write(), read() time limits on backends (separate from client timeouts)
* lighttpd restarts if large discontinuity in time occurs (embedded systems)
* RFC7233 Range support for all non-streaming responses, not only static files
 2021-10-04 09:13:22 +00:00
adam
5e7c36d9d2 revbump for boost-libs 2021-09-29 19:00:02 +00:00
nia
55394cf036 Revbump for MySQL default change 2021-06-23 20:33:06 +00:00
nia
e9148fca8b lighttpd: improve options support 
as well as adding options for other SSL libraries, disabling options
explicitly should cause less problems when the OS contains libraries used
by the options.
 2021-05-14 11:11:00 +00:00
adam
9d0e79c401 revbump for textproc/icu 2021-04-21 11:40:12 +00:00
schmonz
ebb573aeb5 Update to 1.4.59. From the changelog: 
Summary:

HTTP/2 enabled by default, mod_deflate zstd support, mod_ajp13
(new), bugfixes.

Future Scheduled Behavior Changes:

* graceful restart/shutdown default timeout will change from 0
  (infinite/no timeout) to 5 seconds (or some similar non-zero period)
  configure an alternative with:
  server.feature-flags += ("server.graceful-shutdown-timeout" => 5)

* mod_compress is DEPRECATED; use mod_deflate
  mod_compress has been subsumed by mod_deflate
  Note: mod_compress config options may be removed in a future release

* mod_geoip is DEPRECATED; use mod_maxminddb
  Note: mod_geoip will be removed from a future lighttpd release

* mod_authn_mysql is DEPRECATED; use mod_authn_dbi
  Note: mod_authn_mysql will be removed from a future lighttpd release

* mod_mysql_vhost is DEPRECATED; use mod_vhostdb_dbi or mod_vhostdb_mysql
  Note: mod_mysql_vhost will be removed from a future lighttpd release

* mod_cml is DEPRECATED; use mod_magnet
  Note: mod_cml will be removed from a future lighttpd release

Changes from 1.4.58:

* [mod_webdav] hide unused funcs depending on build
* [mod_mbedtls] include mbedtls/platform_util.h
* [mod_mbedtls] use local strncmp_const()
* [mod_gnutls] use local strncmp_const()
* [mod_dirlisting] place vars closer to where used
* [autotools] autoupdate; subst deprecated/obsolete
* [autoconf] update ax_prog_cc_for_build.m4
* [core] fix crash at shutdown w/ certain config
* [tests] use ephemeral ports in tests
* [mod_wolfssl] minor updates for wolfSSL v4.6.0
* [doc] create-mime.conf.pl improve case handling
* [mod_openssl] extend ssl.openssl.ssl-conf-cmd
* [mod_extforward] config warning for module order
* [mod_extforward] fix extforward.headers defaults (fixes #3051)
* [multiple] use HTTP_HEADER_* enum before strcmp
* [multiple] replace buffer_is_equal_caseless_string
* [mod_dirlisting] quiet coverity false positive
* [doc] create-mime.conf.pl improve case handling
* [autoconf] fix LT_INIT syntax
* [doc] create-mime.conf.pl -v for warnings
* [core] fix crash in error trace if backend is down (fixes #3052)
* [doc] create-mime.conf.pl -v silent for mult vnd
* [mod_openssl] update LIBRESSL_VERSION_NUMBER check
* [multiple] fix: honor CipherString for alt TLS lib
* [mod_openssl] set Ciphersuites once API available
* [mod_dirlisting] use fdopendir(), fstatat()
* [mod_deflate] support Accept-Encoding: zstd
* [mod_deflate] use zstd streaming API
* [mod_dirlisting] hide unused variable on MacOS
* [doc] add --with-zstd to INSTALL
* [mod_access] mark mod_access_check attribute pure
* [core] add decls in connections.h
* [build] update scripts/ci-build.sh
* [core] check ifdef WOLFSSL_SHA512 for SHA512 avail
* [build] scripts/ci-build.sh --with-nettle
* [mod_openssl] update LIBRESSL_VERSION_NUMBER check
* [build] scripts/ci-build.sh w/o --with-wolfssl
* [build] scripts/ci-build.sh adjustments
* [build] fix typo in src/CMakeLists.txt
* [build] adjust mbedtls vars in src/CMakeLists.txt
* [build] scripts/ci-build.sh adjustments
* [build] adjust crypto vars in src/CMakeLists.txt
* [core] avoid multiple definition of SHA512_CTX
* [build] adjust crypto vars in src/CMakeLists.txt
* [mod_alias] modify r->physical.path in place
* [build] scripts/ci-build.sh add --with-maxminddb
* build] scripts/ci-build.sh remove --with-maxminddb
* [mod_deflate] use zstd typedefs (minor cleanup)
* [mod_deflate] compat with zstd < v1.4.0
* [multiple] fix coverity warnings
* [multiple] fix TLS config string parsing
* [mod_gnutls] fix ssl.ca_dn_file data access
* [mod_wolfssl] wipe ssl_pemfile_pkey before free()
* [mod_wolfssl] fix syntax errors
* [multiple] fix TLS config string parsing
* [mod_gnutls] fix alt code for coverity
* [core] check more carefully after SSL_WANT_WRITE
* [core] fix 100% CPU spin if traffic limit hit
* [core] skip interest in POLLRDHUP after POLLRDHUP (#3059)
* [TLS] detect expired stapling file at startup (fixes #3056)
* [multiple] avoid duplicate parsing in trigger func (#3056)
* [multiple] quiet some clang-analyzer warnings
* [core] enable HTTP/2 by default
* [mod_ajp13] AJPv13 Tomcat connector for lighttpd
* [core] const data_unset *array_get_element_klen()
* [core] tighten struct data_config and related code
* [core] fix merging large headers across mult reads (fixes #3059)
* [mod_gnutls,mod_mbedtls] recog common cipherstring
* [build] fix typo in SConstruct (fixes #3061)
* [mod_wolfssl] wolfSSL might repeat SNI_Callback()
* [TLS] fix invalid cfg warning
* [mod_openssl] fix acme-tls/1 challenge bootstrap
* [TLS] set r->uri.authority empty str upon accept()
* [mod_gnutls] fix acme-tls/1 challenge bootstrap
* [mod_nss] fix acme-tls/1 challenge bootstrap
* [mod_wolfssl] copy stapling buf for OCSP resp
* [mod_mbedtls] fix acme-tls/1 challenge bootstrap
* [mod_mbedtls] fix acme-tls/1 challenge bootstrap
* [mod_cgi] fix assert if empty X-Sendfile path (fixes #3062)
* [mod_mbedtls] restore ALPN chk after client hello
* [core] re-validate h2 CONTINUATION frame len in cq
* [mod_mbedtls] remove redundant condition check
* [core] quiet coverity warning
 2021-02-03 08:49:49 +00:00
schmonz
e262d9f1c6 Update to 1.4.58. From the changelog: 
- [tests] collect code for "die-at-end" tests
- [tests] remove FastCGI test dependency on libfcgi
- [core] prefer IPv6+IPv4 func vs IPv4-specific func
- [tests] remove FastCGI test dependency on PHP
- [core] reuse large mem chunks (fix mem usage) (fixes #3033)
- [core] add comment for FastCGI mem use in hctx→rb (#3033)
- [mod_proxy] fix sending of initial reqbody chunked
- [multiple] fdevent_waitpid() wrapper
- [core] sys-time.h – localtime_r,gmtime_r macros
- [core] http_date.[ch] encapsulate HTTP-date parse
- [core] specialized strptime() for HTTP date fmts
- [multiple] employ http_date.h, sys-time.h
- [core] http_date_timegm() (portable timegm())
- buffer_append_path_len() to join paths
- [core] inet_ntop_cache -> sock_addr_cache
- [tests] slight speed up checking for server ready
- [tests] load required modules in alt .conf tests
- [multiple] etag.[ch] -> http_etag.[ch]; better imp
- [core] fix crash after specific err in config file
- [core] fix bug in FastCGI uploads (#3033)
- [tests] OpenBSD crypt() support limited to bcrypt
- [core] http_response_match_if_range()
- [mod_webdav] typedef off_t loff_t for FreeBSD
- [multiple] chunkqueue_write_chunk()
- [build] add GNUMAKEFLAGS=—no-print-directory
- [tests] consolidate some tests/ content
- [core] fix bug in read retry found by coverity

Updating during the freeze for (also from the changelog) "important
changes: bugfixes, portability".
 2020-12-28 09:35:04 +00:00
schmonz
d9e64ef31e Update to 1.4.57. From the changelog: 
- [core] attempt to quiet some coverity warnings
- [mod_webdav] compile fix for Mac OSX/11
- [core] handle U+00A0 in config parser
- [core] fix lighttpd -1 one-shot with pipes
- [core] quiet start/shutdown trace in one-shot mode
- [core] allow keep-alives in one-shot mode (#3042)
- [mod_webdav] define _ATFILE_SOURCE if AT_FDCWD
- [core] setsockopt IPV6_V6ONLY if server.v4mapped
- [build] fix meson.build when building all TLS mods
- [core] prefer inet_aton() over inet_addr()
- [build] fix SCons build when building all TLS mods
- [core] add missing mod_wolfssl to ssl compat list
- [mod_openssl] remove ancient preprocessor logic
- [core] SHA512_Init, SHA512_Update, SHA512_Final
- [mod_wolfssl] add complex preproc logic for SNI
- [core] wrap a macro value with parens
- [core] fix handling chunked response from backend (fixes #3044)
- [core] always set file.fd = -1 on FILE_CHUNK reset (fixes #3044)
- [core] skip some trace if backend Upgrade (#3044)
- [TLS] cert-staple.sh POSIX sh compat (fixes #3043)
- [core] portability fix if st_mtime not defined
- [mod_nss] portability fix
- [core] warn if mod_authn_file needed in conf
- [core] fix chunked decoding from backend (fixes #3044)
- [core] reject excess data after chunked encoding (#3046)
- [core] track chunked encoding state from backend (fixes #3046)
- [core] li_restricted_strtoint64()
- [core] track Content-Length from backend (fixes #3046)
- [core] enhance config parsing debugging (#3047)
- [core] reorder srv->config_context to match ndx (fixes #3047)
- [mod_proxy] proxy.header = ("force-http10" => ...)
- [mod_authn_ldap] fix crash (fixes #3048)
- [mod_authn_ldap, mod_vhostdb_ldap] default cafile
- [core] fix array_copy_array() sorted[]
- [multiple] replace fall through comment with attr
- [core] fix crash printing trace if backend is down
- [core] fix decoding chunked from backend (fixes #3049)
- [core] attempt to quiet some coverity warnings
 2020-12-17 10:38:13 +00:00
schmonz
ee5ba7b957 Fix VARBASE subst in lighttpd.conf. 2020-12-07 15:12:15 +00:00
schmonz
90939b9464 Enable --with-nettle as recommended in the release announcement; we'll 
add options for other SSL libraries later. Add 'libdbi' option to enable
mod_vhostdb_dbi and the new mod_authn_dbi module, off by default. Bump
PKGREVISION.
 2020-12-01 09:44:12 +00:00
schmonz
005fface77 Update to 1.4.56. From the changelog: 
# Highlights

- HTTP/2 support
  - must be enabled in lighttpd.conf in lighttpd 1.4.56;
    may be enabled by default in a future release
  - `server.feature-flags += ("server.h2proto" => "enable", "server.h2c" => "enable")`
- TLS library options: OpenSSL, mbedTLS, wolfSSL, GnuTLS, NSS
  - mod_openssl (existing)
  - mod_mbedtls (experimental)
  - mod_wolfssl (experimental)
  - mod_gnutls (experimental)
  - mod_nss (experimental)
- TLS OCSP stapling
  (except mbedTLS; not currently supported by mbedTLS)
- TLS session ticket key rotation control
  (except NSS; API limitation in NSS)
- mod_deflate brotli support
- mod_proxy makes HTTP/1.1 requests to backends (change from HTTP/1.0)
- RFC 8297 support for 103 Early Hints produced by backends (scripts)
- graceful restart option to transfer listen fds (minimal pause)
  - `server.systemd-socket-activation = "enable"`
  - `server.feature-flags += ("server.graceful-restart-bg" => "enable", "server.graceful-shutdown-timeout" => "15")`

# Behavior Changes

- mod_openssl
  - default MinProtocol TLSv1.2
    TLSv1 and TLSv1.1 are deprecated and no longer supported by major browsers.
    <https://news.netcraft.com/archives/2020/03/03/browsers-on-track-to-block-850000-tls-1-0-sites.html>
    If prior behavior is required, configure:
    `ssl.openssl.ssl-conf-cmd = ("MinProtocol" => "TLSv1")`
    If using openssl <= 1.0.2 (end-of-life)
    `ssl.openssl.ssl-conf-cmd = ("Protocol" => "-ALL, TLSv1, TLSv1.1, TLSv1.2")`
  - (internal) TLS session cache is disabled by default,
    replaced by lighttpd robust TLSv1.2 session ticket support
    If backward compatibility is needed:
    `server.feature-flags += ("ssl.session-cache" => "enable")`
  - (internal) openssl creates a session ticket encryption key per SSL_CTX.
    lighttpd 1.4.56 and later assigns a single session ticket encryption key
    for the lighttpd server (across all SSL_CTX) for consistency.
  - behavior change with ssl.ca-dn-file (uncommon); applies to client
    certificate verification and ssl.ca-dn-file (uncommon)
    If client certificate verification is enabled
    (ssl.verifyclient.activate = "enable"),
    all CAs used for client certificate verification must be present in
    ssl.ca-file. This is the typical use case when client certificate
    verification is enabled. Certificates in (optional) ssl.ca-dn-file
    are used to send issuer names to client when the server sends a
    client certificate request. These names are use by the client
    during certificate selection, and the server requires that the
    certificate sent by the client be issued by one of the subjects
    in ssl.ca-dn-file.
    (Prior behavior merged ssl.ca-file and ssl.ca-dn-file for trusted CAs.
    New behavior requires all trusted CAs be listed in ssl.ca-file,
    and a subset be duplicated into ssl.ca-dn-file to specify allowed
    client cert issuer.)
- mod_deflate: support for bzip2 is now disabled by default in the build
  - (enable using `./configure --with-bzip2`)
    bzip2 Content-Encoding is not widely supported
    Prefer to build `--with-brotli`
    brotli Content-Encoding is more widely supported than bzip2

# Future Scheduled Behavior Changes

- HTTP/2 support will be enabled by default in a future release
- graceful restart/shutdown default timeout will change from
  0 (infinite/no timeout) to 5 seconds (or some similar non-zero period)
  configure an alternative with:
  `server.feature-flags += ("server.graceful-shutdown-timeout" => 5)`
- mod_compress is DEPRECATED; use mod_deflate
  mod_compress has been subsumed by mod_deflate
  Note: mod_compress config options may be removed in a future release
- mod_geoip is DEPRECATED; use mod_maxminddb
  Note: mod_geoip will be removed from a future lighttpd release
- mod_authn_mysql is DEPRECATED; use mod_authn_dbi
  Note: mod_authn_mysql will be removed from a future lighttpd release
- mod_mysql_vhost is DEPRECATED; use mod_vhostdb_dbi or mod_vhostdb_mysql
  Note: mod_mysql_vhost will be removed from a future lighttpd release
- mod_cml is DEPRECATED; use mod_magnet
  Note: mod_cml will be removed from a future lighttpd release
 2020-11-30 10:28:33 +00:00
ryoon
2831546220 *: Recursive revbump from textproc/icu-68.1 2020-11-05 09:07:25 +00:00
schmonz
57218306ce Add upstream patch to fix segfault in __readdir30 (from 
webdav_propfind_dir) on NetBSD. Bump PKGREVISION.
 2020-10-25 14:59:14 +00:00
nia
075547f20a lighttpd: Remove incorrect LUA_VERSIONS_INCOMPATIBLE 2020-06-30 14:45:48 +00:00
adam
6bd0c30da6 Revbump for icu 2020-06-02 08:22:31 +00:00
adam
24daafa112 Recursive revision bump after textproc/icu update 2020-04-12 08:27:48 +00:00
nia
94cc318165 lighttpd: use https 2020-03-20 11:45:01 +00:00
nros
61b3b482b3 Update lighttpd to version 1.4.55 
patch-src_fdevent__solaris__port.c was removed since what it solves is fixed
in this version.

Changes from 1.4.54

    [core] fix compile error on Solaris
    [core] attribute_pure
    [core] array-specialized buffer_caseless_compare()
    [core] specialized buffer_eq_*() for short strings
    [core] mark some more funcs w/ attribute_pure
    [core] use buffer_eq_icase* funcs
    [multiple] replace strcasecmp() on short strings
    [core] mark some more funcs w/ attribute_pure
    [mod_webdav] fix startup crash w/ multiple conds
    [core] cold func http_response_omit_header()
    [core] use buffer_eq_icase_ssn func
    [core] use buffer_eq_icase_ssn func
    [core] correct attribute_pure syntax
    [core] allocate unix socket paths with SUN_LEN()+1
    Use explicit_memset from NetBSD if available for safe_memclear
    Also use explicit_memset (NetBSD) with cmake, scons and meson
    [cmake]: enable CMAKE_POSITION_INDEPENDENT_CODE by default
    [core] improve http_headers[] data struct packing
    [core] fdevent_poll() is effective periodic timer
    [core] move con state handling to connections*.c
    [core] issue config error for invalid ‘:’
    [mod_deflate] fix choose encoding parse error
    [core] retry on some fdevent set/del temporary err
    [core] disable stat_cache FAM if FAM conn closed
    [mod_auth] http_auth_const_time_memeq improvement
    [build] prefer pkg-config for postgres
    [mod_authn_gssapi] 500 if fail to delegate creds
    [mod_authn_gssapi] option to store delegated creds
    [mod_webdav] fix file uploads > 128M
    [mod_auth] do not use quoted-string for algorithm
    [mod_auth] require digest uri= match original URI
    [mod_auth] Authentication-Info: nextnonce=…
    [mod_auth] http_auth_const_time_memeq_pad()
    [mod_auth] http_auth_const_time_memeq()
    [build] PGSQL_CFLAGS with pkg-config for postgres
    [core] avoid freeaddrinfo() on NULL ptr
    [core] reject WS following header field-name
    [core] reject Transfer-Encoding + Content-Length
    [mod_openssl] reject invalid ALPN
    [mod_accesslog] parse multiple cookies
    [core] Oracle Solaris does not have POLLRDHUP
    [multiple] address coverity warnings
    [core] preserve %2b and %2B in query string
    [core] fall back to accept() if accept4() EPERM
    [mod_auth] close connection after bad password
    [core] do not accept() > server.max-connections
    [core] save errno before logging if execve() fails
    [config] update /var/run → /run for systemd
    [core] Solaris has getloadavg in sys/loadavg.h
    [build] Fix build when using nested CMake
    [core] fix one-byte OOB read (underflow)
 2020-02-03 11:08:06 +00:00
jperkin
26c1bffc9f *: Recursive revision bump for openssl 1.1.1. 2020-01-18 21:48:19 +00:00
nros
58d28abdae Fix reload of lighttpd config files 
lighttpd uses the USR1 signal to reload config files as pointed out in
PR pkg/54295. Tested and it works.
Closes PR pkg/54295 .
 2019-11-13 11:53:29 +00:00
nros
e01b96077e Fix build break on illumos 
Fix build break on illumos, taken from upstream.
 2019-11-11 19:47:10 +00:00
rillig
b12904483c www: align variable assignments 
pkglint -Wall -F --only aligned --only indent -r

Manually excluded phraseanet since pkglint got the indentation wrong.
 2019-11-04 22:09:50 +00:00