[pkg-lighttpd] r557 - in lighttpd/branches/upstream/current: . doc/config m4 src tests
Arno Töll
atoell-guest at alioth.debian.org
Sun Dec 18 18:32:06 UTC 2011
Author: atoell-guest
Date: 2011-12-18 18:32:06 +0000 (Sun, 18 Dec 2011)
New Revision: 557
Removed:
lighttpd/branches/upstream/current/src/http_auth_digest.c
lighttpd/branches/upstream/current/src/http_auth_digest.h
Modified:
lighttpd/branches/upstream/current/NEWS
lighttpd/branches/upstream/current/SConstruct
lighttpd/branches/upstream/current/configure
lighttpd/branches/upstream/current/configure.ac
lighttpd/branches/upstream/current/doc/config/lighttpd.conf
lighttpd/branches/upstream/current/ltmain.sh
lighttpd/branches/upstream/current/m4/libtool.m4
lighttpd/branches/upstream/current/m4/ltoptions.m4
lighttpd/branches/upstream/current/m4/ltversion.m4
lighttpd/branches/upstream/current/src/Makefile.am
lighttpd/branches/upstream/current/src/Makefile.in
lighttpd/branches/upstream/current/src/SConscript
lighttpd/branches/upstream/current/src/base.h
lighttpd/branches/upstream/current/src/configfile.c
lighttpd/branches/upstream/current/src/connections.c
lighttpd/branches/upstream/current/src/http_auth.c
lighttpd/branches/upstream/current/src/mod_cgi.c
lighttpd/branches/upstream/current/src/mod_cml_funcs.c
lighttpd/branches/upstream/current/src/mod_cml_lua.c
lighttpd/branches/upstream/current/src/mod_dirlisting.c
lighttpd/branches/upstream/current/src/mod_fastcgi.c
lighttpd/branches/upstream/current/src/mod_proxy.c
lighttpd/branches/upstream/current/src/mod_scgi.c
lighttpd/branches/upstream/current/src/mod_secure_download.c
lighttpd/branches/upstream/current/src/mod_staticfile.c
lighttpd/branches/upstream/current/src/mod_status.c
lighttpd/branches/upstream/current/src/mod_userdir.c
lighttpd/branches/upstream/current/src/mod_usertrack.c
lighttpd/branches/upstream/current/src/network.c
lighttpd/branches/upstream/current/src/network.h
lighttpd/branches/upstream/current/src/network_backends.h
lighttpd/branches/upstream/current/src/network_freebsd_sendfile.c
lighttpd/branches/upstream/current/src/network_linux_sendfile.c
lighttpd/branches/upstream/current/src/network_openssl.c
lighttpd/branches/upstream/current/src/network_solaris_sendfilev.c
lighttpd/branches/upstream/current/src/network_write.c
lighttpd/branches/upstream/current/src/network_writev.c
lighttpd/branches/upstream/current/src/request.c
lighttpd/branches/upstream/current/src/server.c
lighttpd/branches/upstream/current/src/settings.h
lighttpd/branches/upstream/current/tests/lighttpd.conf
lighttpd/branches/upstream/current/tests/mod-auth.t
lighttpd/branches/upstream/current/tests/request.t
lighttpd/branches/upstream/current/tests/wrapper.sh
Log:
[svn-upgrade] new version lighttpd (1.4.30)
Modified: lighttpd/branches/upstream/current/NEWS
===================================================================
--- lighttpd/branches/upstream/current/NEWS 2011-11-30 17:41:50 UTC (rev 556)
+++ lighttpd/branches/upstream/current/NEWS 2011-12-18 18:32:06 UTC (rev 557)
@@ -3,7 +3,21 @@
NEWS
====
-- 1.4.29 -
+- 1.4.30 -
+ * Always use our 'own' md5 implementation, fixes linking issues on MacOS (fixes #2331)
+ * Limit amount of bytes we send in one go; fixes stalling in one connection and timeouts on slow systems.
+ * [ssl] fix build errors when Elliptic-Curve Diffie-Hellman is disabled
+ * Add static-file.disable-pathinfo option to prevent handling of urls like .../secret.php/image.jpg as static file
+ * Don't overwrite 401 (auth required) with 501 (unknown method) (fixes #2341)
+ * Fix mod_status bug: always showed "0/0" in the "Read" column for uploads (fixes #2351)
+ * [mod_auth] Fix signedness error in http_auth (fixes #2370, CVE-2011-4362)
+ * [ssl] count renegotiations to prevent client renegotiations
+ * [ssl] add option to honor server cipher order (fixes #2364, BEAST attack)
+ * [core] accept dots in ipv6 addresses in host header (fixes #2359)
+ * [ssl] fix ssl connection aborts if files are larger than the MAX_WRITE_LIMIT (256kb)
+ * [libev/cgi] fix waitpid ECHILD errors in cgi with libev (fixes #2324)
+
+- 1.4.29 - 2011-07-03
* Fix mod_proxy waiting for response even if content-length is 0 (fixes #2259)
* Silence annoying "connection closed: poll() -> ERR" error.log message (fixes #2257)
* mod_cgi: make read buffer as big as incoming data block
Modified: lighttpd/branches/upstream/current/SConstruct
===================================================================
--- lighttpd/branches/upstream/current/SConstruct 2011-11-30 17:41:50 UTC (rev 556)
+++ lighttpd/branches/upstream/current/SConstruct 2011-12-18 18:32:06 UTC (rev 557)
@@ -5,7 +5,7 @@
from stat import *
package = 'lighttpd'
-version = '1.4.29'
+version = '1.4.30'
def checkCHeaders(autoconf, hdrs):
p = re.compile('[^A-Z0-9]')
Modified: lighttpd/branches/upstream/current/configure
===================================================================
--- lighttpd/branches/upstream/current/configure 2011-11-30 17:41:50 UTC (rev 556)
+++ lighttpd/branches/upstream/current/configure 2011-12-18 18:32:06 UTC (rev 557)
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.68 for lighttpd 1.4.29.
+# Generated by GNU Autoconf 2.68 for lighttpd 1.4.30.
#
# Report bugs to <contact at lighttpd.net>.
#
@@ -570,8 +570,8 @@
# Identity of this package.
PACKAGE_NAME='lighttpd'
PACKAGE_TARNAME='lighttpd'
-PACKAGE_VERSION='1.4.29'
-PACKAGE_STRING='lighttpd 1.4.29'
+PACKAGE_VERSION='1.4.30'
+PACKAGE_STRING='lighttpd 1.4.30'
PACKAGE_BUGREPORT='contact at lighttpd.net'
PACKAGE_URL=''
@@ -1365,7 +1365,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures lighttpd 1.4.29 to adapt to many kinds of systems.
+\`configure' configures lighttpd 1.4.30 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1436,7 +1436,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of lighttpd 1.4.29:";;
+ short | recursive ) echo "Configuration of lighttpd 1.4.30:";;
esac
cat <<\_ACEOF
@@ -1461,7 +1461,7 @@
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
--without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
--with-gnu-ld assume the C compiler uses GNU ld [default=no]
- --with-pic try to use only PIC/non-PIC objects [default=use
+ --with-pic[=PKGS] try to use only PIC/non-PIC objects [default=use
both]
--with-sysroot=DIR Search for dependent libraries within DIR
(or the compiler's sysroot if not specified).
@@ -1580,7 +1580,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-lighttpd configure 1.4.29
+lighttpd configure 1.4.30
generated by GNU Autoconf 2.68
Copyright (C) 2010 Free Software Foundation, Inc.
@@ -2238,7 +2238,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by lighttpd $as_me 1.4.29, which was
+It was created by lighttpd $as_me 1.4.30, which was
generated by GNU Autoconf 2.68. Invocation command line was
$ $0 $@
@@ -3169,7 +3169,7 @@
# Define the identity of the package.
PACKAGE='lighttpd'
- VERSION='1.4.29'
+ VERSION='1.4.30'
cat >>confdefs.h <<_ACEOF
@@ -5473,8 +5473,8 @@
-macro_version='2.4'
-macro_revision='1.3293'
+macro_version='2.4.2'
+macro_revision='1.3337'
@@ -5775,6 +5775,11 @@
lt_cv_sys_max_cmd_len=196608
;;
+ os2*)
+ # The test takes a long time on OS/2.
+ lt_cv_sys_max_cmd_len=8192
+ ;;
+
osf*)
# Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure
# due to this test when exec_disable_arg_limit is 1 on Tru64. It is not
@@ -5814,7 +5819,7 @@
# If test is not a shell built-in, we'll probably end up computing a
# maximum length that is only half of the actual maximum length, but
# we can't tell.
- while { test "X"`func_fallback_echo "$teststring$teststring" 2>/dev/null` \
+ while { test "X"`env echo "$teststring$teststring" 2>/dev/null` \
= "X$teststring$teststring"; } >/dev/null 2>&1 &&
test $i != 17 # 1/2 MB should be enough
do
@@ -6243,7 +6248,7 @@
lt_cv_deplibs_check_method=pass_all
;;
-# This must be Linux ELF.
+# This must be glibc/ELF.
linux* | k*bsd*-gnu | kopensolaris*-gnu)
lt_cv_deplibs_check_method=pass_all
;;
@@ -6883,13 +6888,13 @@
if test -n "$RANLIB"; then
case $host_os in
openbsd*)
- old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$oldlib"
+ old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib"
;;
*)
- old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$oldlib"
+ old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib"
;;
esac
- old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib"
+ old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib"
fi
case $host_os in
@@ -7036,6 +7041,7 @@
# which start with @ or ?.
lt_cv_sys_global_symbol_pipe="$AWK '"\
" {last_section=section; section=\$ 3};"\
+" /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\
" /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\
" \$ 0!~/External *\|/{next};"\
" / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\
@@ -7424,7 +7430,7 @@
CFLAGS="$SAVE_CFLAGS"
fi
;;
-sparc*-*solaris*)
+*-*solaris*)
# Find out which ABI we are using.
echo 'int i;' > conftest.$ac_ext
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
@@ -7435,7 +7441,20 @@
case `/usr/bin/file conftest.o` in
*64-bit*)
case $lt_cv_prog_gnu_ld in
- yes*) LD="${LD-ld} -m elf64_sparc" ;;
+ yes*)
+ case $host in
+ i?86-*-solaris*)
+ LD="${LD-ld} -m elf_x86_64"
+ ;;
+ sparc*-*-solaris*)
+ LD="${LD-ld} -m elf64_sparc"
+ ;;
+ esac
+ # GNU ld 2.21 introduced _sol2 emulations. Use them if available.
+ if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then
+ LD="${LD-ld}_sol2"
+ fi
+ ;;
*)
if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then
LD="${LD-ld} -64"
@@ -8075,7 +8094,13 @@
$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
-dynamiclib -Wl,-single_module conftest.c 2>conftest.err
_lt_result=$?
- if test -f libconftest.dylib && test ! -s conftest.err && test $_lt_result = 0; then
+ # If there is a non-empty error log, and "single_module"
+ # appears in it, assume the flag caused a linker warning
+ if test -s conftest.err && $GREP single_module conftest.err; then
+ cat conftest.err >&5
+ # Otherwise, if the output was created with a 0 exit code from
+ # the compiler, it worked.
+ elif test -f libconftest.dylib && test $_lt_result -eq 0; then
lt_cv_apple_cc_single_mod=yes
else
cat conftest.err >&5
@@ -8086,6 +8111,7 @@
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_apple_cc_single_mod" >&5
$as_echo "$lt_cv_apple_cc_single_mod" >&6; }
+
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for -exported_symbols_list linker flag" >&5
$as_echo_n "checking for -exported_symbols_list linker flag... " >&6; }
if ${lt_cv_ld_exported_symbols_list+:} false; then :
@@ -8118,6 +8144,7 @@
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5
$as_echo "$lt_cv_ld_exported_symbols_list" >&6; }
+
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for -force_load linker flag" >&5
$as_echo_n "checking for -force_load linker flag... " >&6; }
if ${lt_cv_ld_force_load+:} false; then :
@@ -8139,7 +8166,9 @@
echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&5
$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err
_lt_result=$?
- if test -f conftest && test ! -s conftest.err && test $_lt_result = 0 && $GREP forced_load conftest 2>&1 >/dev/null; then
+ if test -s conftest.err && $GREP force_load conftest.err; then
+ cat conftest.err >&5
+ elif test -f conftest && test $_lt_result -eq 0 && $GREP forced_load conftest >/dev/null 2>&1 ; then
lt_cv_ld_force_load=yes
else
cat conftest.err >&5
@@ -8215,7 +8244,22 @@
# Check whether --with-pic was given.
if test "${with_pic+set}" = set; then :
- withval=$with_pic; pic_mode="$withval"
+ withval=$with_pic; lt_p=${PACKAGE-default}
+ case $withval in
+ yes|no) pic_mode=$withval ;;
+ *)
+ pic_mode=default
+ # Look at the argument we got. We use all the common list separators.
+ lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ for lt_pkg in $withval; do
+ IFS="$lt_save_ifs"
+ if test "X$lt_pkg" = "X$lt_p"; then
+ pic_mode=yes
+ fi
+ done
+ IFS="$lt_save_ifs"
+ ;;
+ esac
else
pic_mode=default
fi
@@ -8293,6 +8337,10 @@
+
+
+
+
test -z "$LN_S" && LN_S="ln -s"
@@ -8752,7 +8800,9 @@
case $cc_basename in
nvcc*) # Cuda Compiler Driver 2.2
lt_prog_compiler_wl='-Xlinker '
- lt_prog_compiler_pic='-Xcompiler -fPIC'
+ if test -n "$lt_prog_compiler_pic"; then
+ lt_prog_compiler_pic="-Xcompiler $lt_prog_compiler_pic"
+ fi
;;
esac
else
@@ -8843,18 +8893,33 @@
;;
*)
case `$CC -V 2>&1 | sed 5q` in
- *Sun\ F* | *Sun*Fortran*)
+ *Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [1-7].* | *Sun*Fortran*\ 8.[0-3]*)
# Sun Fortran 8.3 passes all unrecognized flags to the linker
lt_prog_compiler_pic='-KPIC'
lt_prog_compiler_static='-Bstatic'
lt_prog_compiler_wl=''
;;
+ *Sun\ F* | *Sun*Fortran*)
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-Bstatic'
+ lt_prog_compiler_wl='-Qoption ld '
+ ;;
*Sun\ C*)
# Sun C 5.9
lt_prog_compiler_pic='-KPIC'
lt_prog_compiler_static='-Bstatic'
lt_prog_compiler_wl='-Wl,'
;;
+ *Intel*\ [CF]*Compiler*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-fPIC'
+ lt_prog_compiler_static='-static'
+ ;;
+ *Portland\ Group*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-fpic'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
esac
;;
esac
@@ -9216,7 +9281,6 @@
hardcode_direct=no
hardcode_direct_absolute=no
hardcode_libdir_flag_spec=
- hardcode_libdir_flag_spec_ld=
hardcode_libdir_separator=
hardcode_minus_L=no
hardcode_shlibpath_var=unsupported
@@ -9469,8 +9533,7 @@
xlf* | bgf* | bgxlf* | mpixlf*)
# IBM XL Fortran 10.1 on PPC cannot create shared libs itself
whole_archive_flag_spec='--whole-archive$convenience --no-whole-archive'
- hardcode_libdir_flag_spec=
- hardcode_libdir_flag_spec_ld='-rpath $libdir'
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
archive_cmds='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib'
if test "x$supports_anon_versioning" = xyes; then
archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~
@@ -9850,6 +9913,7 @@
# The linker will not automatically build a static lib if we build a DLL.
# _LT_TAGVAR(old_archive_from_new_cmds, )='true'
enable_shared_with_static_runtimes=yes
+ exclude_expsyms='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*'
export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1,DATA/'\'' | $SED -e '\''/^[AITW][ ]/s/.*[ ]//'\'' | sort | uniq > $export_symbols'
# Don't use ranlib
old_postinstall_cmds='chmod 644 $oldlib'
@@ -9895,6 +9959,7 @@
hardcode_shlibpath_var=unsupported
if test "$lt_cv_ld_force_load" = "yes"; then
whole_archive_flag_spec='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience ${wl}-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`'
+
else
whole_archive_flag_spec=''
fi
@@ -9923,10 +9988,6 @@
hardcode_shlibpath_var=no
;;
- freebsd1*)
- ld_shlibs=no
- ;;
-
# FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
# support. Future versions do this automatically, but an explicit c++rt0.o
# does not break anything, and helps significantly (at the cost of a little
@@ -9939,7 +10000,7 @@
;;
# Unfortunately, older versions of FreeBSD 2 do not have this feature.
- freebsd2*)
+ freebsd2.*)
archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
hardcode_direct=yes
hardcode_minus_L=yes
@@ -9978,7 +10039,6 @@
fi
if test "$with_gnu_ld" = no; then
hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
- hardcode_libdir_flag_spec_ld='+b $libdir'
hardcode_libdir_separator=:
hardcode_direct=yes
hardcode_direct_absolute=yes
@@ -10602,11 +10662,6 @@
-
-
-
-
-
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5
$as_echo_n "checking dynamic linker characteristics... " >&6; }
@@ -10696,7 +10751,7 @@
case $host_os in
aix3*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a'
shlibpath_var=LIBPATH
@@ -10705,7 +10760,7 @@
;;
aix[4-9]*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
hardcode_into_libs=yes
@@ -10770,7 +10825,7 @@
;;
bsdi[45]*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
soname_spec='${libname}${release}${shared_ext}$major'
@@ -10909,7 +10964,7 @@
;;
dgux*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext'
@@ -10917,10 +10972,6 @@
shlibpath_var=LD_LIBRARY_PATH
;;
-freebsd1*)
- dynamic_linker=no
- ;;
-
freebsd* | dragonfly*)
# DragonFly does not have aout. When/if they implement a new
# versioning mechanism, adjust this.
@@ -10928,7 +10979,7 @@
objformat=`/usr/bin/objformat`
else
case $host_os in
- freebsd[123]*) objformat=aout ;;
+ freebsd[23].*) objformat=aout ;;
*) objformat=elf ;;
esac
fi
@@ -10946,7 +10997,7 @@
esac
shlibpath_var=LD_LIBRARY_PATH
case $host_os in
- freebsd2*)
+ freebsd2.*)
shlibpath_overrides_runpath=yes
;;
freebsd3.[01]* | freebsdelf3.[01]*)
@@ -10966,7 +11017,7 @@
;;
gnu*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}'
@@ -10977,7 +11028,7 @@
;;
haiku*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
dynamic_linker="$host_os runtime_loader"
@@ -11038,7 +11089,7 @@
;;
interix[3-9]*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
@@ -11054,7 +11105,7 @@
nonstopux*) version_type=nonstopux ;;
*)
if test "$lt_cv_prog_gnu_ld" = yes; then
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
else
version_type=irix
fi ;;
@@ -11091,9 +11142,9 @@
dynamic_linker=no
;;
-# This must be Linux ELF.
+# This must be glibc/ELF.
linux* | k*bsd*-gnu | kopensolaris*-gnu)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
@@ -11187,7 +11238,7 @@
;;
newsos6)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
shlibpath_var=LD_LIBRARY_PATH
shlibpath_overrides_runpath=yes
@@ -11256,7 +11307,7 @@
;;
solaris*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
@@ -11281,7 +11332,7 @@
;;
sysv4 | sysv4.3*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
soname_spec='${libname}${release}${shared_ext}$major'
shlibpath_var=LD_LIBRARY_PATH
@@ -11305,7 +11356,7 @@
sysv4*MP*)
if test -d /usr/nec ;then
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}'
soname_spec='$libname${shared_ext}.$major'
shlibpath_var=LD_LIBRARY_PATH
@@ -11336,7 +11387,7 @@
tpf*)
# TPF is a cross-target only. Preferred cross-host = GNU/Linux.
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
@@ -11346,7 +11397,7 @@
;;
uts4*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
soname_spec='${libname}${release}${shared_ext}$major'
shlibpath_var=LD_LIBRARY_PATH
@@ -12128,6 +12179,8 @@
+
+
ac_config_commands="$ac_config_commands libtool"
@@ -16647,7 +16700,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by lighttpd $as_me 1.4.29, which was
+This file was extended by lighttpd $as_me 1.4.30, which was
generated by GNU Autoconf 2.68. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -16713,7 +16766,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-lighttpd config.status 1.4.29
+lighttpd config.status 1.4.30
configured by $0, generated by GNU Autoconf 2.68,
with options \\"\$ac_cs_config\\"
@@ -16856,6 +16909,7 @@
macro_revision='`$ECHO "$macro_revision" | $SED "$delay_single_quote_subst"`'
pic_mode='`$ECHO "$pic_mode" | $SED "$delay_single_quote_subst"`'
enable_fast_install='`$ECHO "$enable_fast_install" | $SED "$delay_single_quote_subst"`'
+PATH_SEPARATOR='`$ECHO "$PATH_SEPARATOR" | $SED "$delay_single_quote_subst"`'
host_alias='`$ECHO "$host_alias" | $SED "$delay_single_quote_subst"`'
host='`$ECHO "$host" | $SED "$delay_single_quote_subst"`'
host_os='`$ECHO "$host_os" | $SED "$delay_single_quote_subst"`'
@@ -16932,7 +16986,6 @@
allow_undefined_flag='`$ECHO "$allow_undefined_flag" | $SED "$delay_single_quote_subst"`'
no_undefined_flag='`$ECHO "$no_undefined_flag" | $SED "$delay_single_quote_subst"`'
hardcode_libdir_flag_spec='`$ECHO "$hardcode_libdir_flag_spec" | $SED "$delay_single_quote_subst"`'
-hardcode_libdir_flag_spec_ld='`$ECHO "$hardcode_libdir_flag_spec_ld" | $SED "$delay_single_quote_subst"`'
hardcode_libdir_separator='`$ECHO "$hardcode_libdir_separator" | $SED "$delay_single_quote_subst"`'
hardcode_direct='`$ECHO "$hardcode_direct" | $SED "$delay_single_quote_subst"`'
hardcode_direct_absolute='`$ECHO "$hardcode_direct_absolute" | $SED "$delay_single_quote_subst"`'
@@ -16993,6 +17046,7 @@
SHELL \
ECHO \
LD \
+PATH_SEPARATOR \
NM \
LN_S \
lt_SP2NL \
@@ -17038,7 +17092,6 @@
allow_undefined_flag \
no_undefined_flag \
hardcode_libdir_flag_spec \
-hardcode_libdir_flag_spec_ld \
hardcode_libdir_separator \
exclude_expsyms \
include_expsyms \
@@ -17850,8 +17903,8 @@
# NOTE: Changes made to this file will be lost: look at ltmain.sh.
#
# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005,
-# 2006, 2007, 2008, 2009, 2010 Free Software Foundation,
-# Inc.
+# 2006, 2007, 2008, 2009, 2010, 2011 Free Software
+# Foundation, Inc.
# Written by Gordon Matzigkeit, 1996
#
# This file is part of GNU Libtool.
@@ -17920,6 +17973,9 @@
# Whether or not to optimize for fast installation.
fast_install=$enable_fast_install
+# The PATH separator for the build system.
+PATH_SEPARATOR=$lt_PATH_SEPARATOR
+
# The host system.
host_alias=$host_alias
host=$host
@@ -18206,10 +18262,6 @@
# This must work even if \$libdir does not exist
hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec
-# If ld is used when linking, flag to hardcode \$libdir into a binary
-# during linking. This must work even if \$libdir does not exist.
-hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld
-
# Whether we need a single "-rpath" flag with a separated argument.
hardcode_libdir_separator=$lt_hardcode_libdir_separator
Modified: lighttpd/branches/upstream/current/configure.ac
===================================================================
--- lighttpd/branches/upstream/current/configure.ac 2011-11-30 17:41:50 UTC (rev 556)
+++ lighttpd/branches/upstream/current/configure.ac 2011-12-18 18:32:06 UTC (rev 557)
@@ -1,7 +1,7 @@
dnl -*- Autoconf -*-
dnl Process this file with autoconf to produce a configure script.
AC_PREREQ(2.57)
-AC_INIT([lighttpd], [1.4.29], [contact at lighttpd.net])
+AC_INIT([lighttpd], [1.4.30], [contact at lighttpd.net])
AC_CONFIG_SRCDIR([src/server.c])
AC_CONFIG_HEADER([config.h])
AC_CONFIG_MACRO_DIR([m4])
Modified: lighttpd/branches/upstream/current/doc/config/lighttpd.conf
===================================================================
--- lighttpd/branches/upstream/current/doc/config/lighttpd.conf 2011-11-30 17:41:50 UTC (rev 556)
+++ lighttpd/branches/upstream/current/doc/config/lighttpd.conf 2011-12-18 18:32:06 UTC (rev 557)
@@ -394,6 +394,25 @@
## $SERVER["socket"] == "10.0.0.1:443" {
## ssl.engine = "enable"
## ssl.pemfile = "/etc/ssl/private/www.example.com.pem"
+## #
+## # Mitigate BEAST attack:
+## #
+## # A stricter base cipher suite. For details see:
+## # http://blog.ivanristic.com/2011/10/mitigating-the-beast-attack-on-tls.html
+## #
+## ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
+## #
+## # Make the server prefer the order of the server side cipher suite instead of the client suite.
+## # This is necessary to mitigate the BEAST attack (unless you disable all non RC4 algorithms).
+## # This option is enabled by default, but only used if ssl.cipher-list is set.
+## #
+## # ssl.honor-cipher-order = "enable"
+## #
+## # Mitigate CVE-2009-3555 by disabling client triggered renegotation
+## # This is enabled by default.
+## #
+## # ssl.disable-client-renegotiation = "enable"
+## #
## server.name = "www.example.com"
##
## server.document-root = "/srv/www/vhosts/example.com/www/"
Modified: lighttpd/branches/upstream/current/ltmain.sh
===================================================================
--- lighttpd/branches/upstream/current/ltmain.sh 2011-11-30 17:41:50 UTC (rev 556)
+++ lighttpd/branches/upstream/current/ltmain.sh 2011-12-18 18:32:06 UTC (rev 557)
@@ -1,9 +1,9 @@
-# libtool (GNU libtool) 2.4
+# libtool (GNU libtool) 2.4.2
# Written by Gordon Matzigkeit <gord at gnu.ai.mit.edu>, 1996
# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, 2006,
-# 2007, 2008, 2009, 2010 Free Software Foundation, Inc.
+# 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc.
# This is free software; see the source for copying conditions. There is NO
# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
@@ -41,6 +41,7 @@
# --quiet, --silent don't print informational messages
# --no-quiet, --no-silent
# print informational messages (default)
+# --no-warn don't display warning messages
# --tag=TAG use configuration variables from tag TAG
# -v, --verbose print more informational messages than default
# --no-verbose don't print the extra informational messages
@@ -69,7 +70,7 @@
# compiler: $LTCC
# compiler flags: $LTCFLAGS
# linker: $LD (gnu? $with_gnu_ld)
-# $progname: (GNU libtool) 2.4 Debian-2.4-2
+# $progname: (GNU libtool) 2.4.2 Debian-2.4.2-1
# automake: $automake_version
# autoconf: $autoconf_version
#
@@ -79,9 +80,9 @@
PROGRAM=libtool
PACKAGE=libtool
-VERSION="2.4 Debian-2.4-2"
+VERSION="2.4.2 Debian-2.4.2-1"
TIMESTAMP=""
-package_revision=1.3293
+package_revision=1.3337
# Be Bourne compatible
if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
@@ -136,15 +137,10 @@
: ${CP="cp -f"}
test "${ECHO+set}" = set || ECHO=${as_echo-'printf %s\n'}
-: ${EGREP="/bin/grep -E"}
-: ${FGREP="/bin/grep -F"}
-: ${GREP="/bin/grep"}
-: ${LN_S="ln -s"}
: ${MAKE="make"}
: ${MKDIR="mkdir"}
: ${MV="mv -f"}
: ${RM="rm -f"}
-: ${SED="/bin/sed"}
: ${SHELL="${CONFIG_SHELL-/bin/sh}"}
: ${Xsed="$SED -e 1s/^X//"}
@@ -387,7 +383,7 @@
;;
*)
save_IFS="$IFS"
- IFS=:
+ IFS=${PATH_SEPARATOR-:}
for progdir in $PATH; do
IFS="$save_IFS"
test -x "$progdir/$progname" && break
@@ -771,8 +767,8 @@
s*\$LTCFLAGS*'"$LTCFLAGS"'*
s*\$LD*'"$LD"'*
s/\$with_gnu_ld/'"$with_gnu_ld"'/
- s/\$automake_version/'"`(automake --version) 2>/dev/null |$SED 1q`"'/
- s/\$autoconf_version/'"`(autoconf --version) 2>/dev/null |$SED 1q`"'/
+ s/\$automake_version/'"`(${AUTOMAKE-automake} --version) 2>/dev/null |$SED 1q`"'/
+ s/\$autoconf_version/'"`(${AUTOCONF-autoconf} --version) 2>/dev/null |$SED 1q`"'/
p
d
}
@@ -1052,6 +1048,7 @@
opt_help=false
opt_help_all=false
opt_silent=:
+opt_warning=:
opt_verbose=:
opt_silent=false
opt_verbose=false
@@ -1120,6 +1117,10 @@
opt_silent=false
func_append preserve_args " $opt"
;;
+ --no-warning|--no-warn)
+ opt_warning=false
+func_append preserve_args " $opt"
+ ;;
--no-verbose)
opt_verbose=false
func_append preserve_args " $opt"
@@ -2059,7 +2060,7 @@
*.[cCFSifmso] | \
*.ada | *.adb | *.ads | *.asm | \
*.c++ | *.cc | *.ii | *.class | *.cpp | *.cxx | \
- *.[fF][09]? | *.for | *.java | *.obj | *.sx | *.cu | *.cup)
+ *.[fF][09]? | *.for | *.java | *.go | *.obj | *.sx | *.cu | *.cup)
func_xform "$libobj"
libobj=$func_xform_result
;;
@@ -3201,11 +3202,13 @@
# Set up the ranlib parameters.
oldlib="$destdir/$name"
+ func_to_tool_file "$oldlib" func_convert_file_msys_to_w32
+ tool_oldlib=$func_to_tool_file_result
func_show_eval "$install_prog \$file \$oldlib" 'exit $?'
if test -n "$stripme" && test -n "$old_striplib"; then
- func_show_eval "$old_striplib $oldlib" 'exit $?'
+ func_show_eval "$old_striplib $tool_oldlib" 'exit $?'
fi
# Do each command in the postinstall commands.
@@ -3470,7 +3473,7 @@
# linked before any other PIC object. But we must not use
# pic_flag when linking with -static. The problem exists in
# FreeBSD 2.2.6 and is fixed in FreeBSD 3.1.
- *-*-freebsd2*|*-*-freebsd3.0*|*-*-freebsdelf3.0*)
+ *-*-freebsd2.*|*-*-freebsd3.0*|*-*-freebsdelf3.0*)
pic_flag_for_symtable=" $pic_flag -DFREEBSD_WORKAROUND" ;;
*-*-hpux*)
pic_flag_for_symtable=" $pic_flag" ;;
@@ -3982,14 +3985,17 @@
# launches target application with the remaining arguments.
func_exec_program ()
{
- for lt_wr_arg
- do
- case \$lt_wr_arg in
- --lt-*) ;;
- *) set x \"\$@\" \"\$lt_wr_arg\"; shift;;
- esac
- shift
- done
+ case \" \$* \" in
+ *\\ --lt-*)
+ for lt_wr_arg
+ do
+ case \$lt_wr_arg in
+ --lt-*) ;;
+ *) set x \"\$@\" \"\$lt_wr_arg\"; shift;;
+ esac
+ shift
+ done ;;
+ esac
func_exec_program_core \${1+\"\$@\"}
}
@@ -5057,9 +5063,15 @@
{
EOF
func_emit_wrapper yes |
- $SED -e 's/\([\\"]\)/\\\1/g' \
- -e 's/^/ fputs ("/' -e 's/$/\\n", f);/'
-
+ $SED -n -e '
+s/^\(.\{79\}\)\(..*\)/\1\
+\2/
+h
+s/\([\\"]\)/\\\1/g
+s/$/\\n/
+s/\([^\n]*\).*/ fputs ("\1", f);/p
+g
+D'
cat <<"EOF"
}
EOF
@@ -5643,7 +5655,8 @@
continue
;;
- -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe|-threads)
+ -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \
+ |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*)
func_append compiler_flags " $arg"
func_append compile_command " $arg"
func_append finalize_command " $arg"
@@ -6150,7 +6163,8 @@
lib=
found=no
case $deplib in
- -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe|-threads)
+ -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \
+ |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*)
if test "$linkmode,$pass" = "prog,link"; then
compile_deplibs="$deplib $compile_deplibs"
finalize_deplibs="$deplib $finalize_deplibs"
@@ -6834,7 +6848,7 @@
test "$hardcode_direct_absolute" = no; then
add="$dir/$linklib"
elif test "$hardcode_minus_L" = yes; then
- add_dir="-L$dir"
+ add_dir="-L$absdir"
# Try looking first in the location we're being installed to.
if test -n "$inst_prefix_dir"; then
case $libdir in
@@ -7319,6 +7333,7 @@
# which has an extra 1 added just for fun
#
case $version_type in
+ # correct linux to gnu/linux during the next big refactor
darwin|linux|osf|windows|none)
func_arith $number_major + $number_minor
current=$func_arith_result
@@ -7438,7 +7453,7 @@
versuffix="$major.$revision"
;;
- linux)
+ linux) # correct to gnu/linux during the next big refactor
func_arith $current - $age
major=.$func_arith_result
versuffix="$major.$age.$revision"
@@ -8026,6 +8041,11 @@
# Test again, we may have decided not to build it any more
if test "$build_libtool_libs" = yes; then
+ # Remove ${wl} instances when linking with ld.
+ # FIXME: should test the right _cmds variable.
+ case $archive_cmds in
+ *\$LD\ *) wl= ;;
+ esac
if test "$hardcode_into_libs" = yes; then
# Hardcode the library paths
hardcode_libdirs=
@@ -8056,7 +8076,7 @@
elif test -n "$runpath_var"; then
case "$perm_rpath " in
*" $libdir "*) ;;
- *) func_apped perm_rpath " $libdir" ;;
+ *) func_append perm_rpath " $libdir" ;;
esac
fi
done
@@ -8064,11 +8084,7 @@
if test -n "$hardcode_libdir_separator" &&
test -n "$hardcode_libdirs"; then
libdir="$hardcode_libdirs"
- if test -n "$hardcode_libdir_flag_spec_ld"; then
- eval dep_rpath=\"$hardcode_libdir_flag_spec_ld\"
- else
- eval dep_rpath=\"$hardcode_libdir_flag_spec\"
- fi
+ eval "dep_rpath=\"$hardcode_libdir_flag_spec\""
fi
if test -n "$runpath_var" && test -n "$perm_rpath"; then
# We should set the runpath_var.
@@ -9158,6 +9174,8 @@
esac
done
fi
+ func_to_tool_file "$oldlib" func_convert_file_msys_to_w32
+ tool_oldlib=$func_to_tool_file_result
eval cmds=\"$old_archive_cmds\"
func_len " $cmds"
@@ -9267,7 +9285,8 @@
*.la)
func_basename "$deplib"
name="$func_basename_result"
- eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib`
+ func_resolve_sysroot "$deplib"
+ eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $func_resolve_sysroot_result`
test -z "$libdir" && \
func_fatal_error "\`$deplib' is not a valid libtool archive"
func_append newdependency_libs " ${lt_sysroot:+=}$libdir/$name"
Modified: lighttpd/branches/upstream/current/m4/libtool.m4
===================================================================
--- lighttpd/branches/upstream/current/m4/libtool.m4 2011-11-30 17:41:50 UTC (rev 556)
+++ lighttpd/branches/upstream/current/m4/libtool.m4 2011-12-18 18:32:06 UTC (rev 557)
@@ -1,8 +1,8 @@
# libtool.m4 - Configure libtool for the host system. -*-Autoconf-*-
#
# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005,
-# 2006, 2007, 2008, 2009, 2010 Free Software Foundation,
-# Inc.
+# 2006, 2007, 2008, 2009, 2010, 2011 Free Software
+# Foundation, Inc.
# Written by Gordon Matzigkeit, 1996
#
# This file is free software; the Free Software Foundation gives
@@ -11,8 +11,8 @@
m4_define([_LT_COPYING], [dnl
# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005,
-# 2006, 2007, 2008, 2009, 2010 Free Software Foundation,
-# Inc.
+# 2006, 2007, 2008, 2009, 2010, 2011 Free Software
+# Foundation, Inc.
# Written by Gordon Matzigkeit, 1996
#
# This file is part of GNU Libtool.
@@ -146,6 +146,8 @@
AC_REQUIRE([_LT_PREPARE_SED_QUOTE_VARS])dnl
AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])dnl
+_LT_DECL([], [PATH_SEPARATOR], [1], [The PATH separator for the build system])dnl
+dnl
_LT_DECL([], [host_alias], [0], [The host system])dnl
_LT_DECL([], [host], [0])dnl
_LT_DECL([], [host_os], [0])dnl
@@ -637,7 +639,7 @@
m4_ifset([AC_PACKAGE_VERSION], [ AC_PACKAGE_VERSION])
configured by $[0], generated by m4_PACKAGE_STRING.
-Copyright (C) 2010 Free Software Foundation, Inc.
+Copyright (C) 2011 Free Software Foundation, Inc.
This config.lt script is free software; the Free Software Foundation
gives unlimited permision to copy, distribute and modify it."
@@ -801,6 +803,7 @@
m4_case([$1],
[C], [_LT_LANG(C)],
[C++], [_LT_LANG(CXX)],
+ [Go], [_LT_LANG(GO)],
[Java], [_LT_LANG(GCJ)],
[Fortran 77], [_LT_LANG(F77)],
[Fortran], [_LT_LANG(FC)],
@@ -822,6 +825,31 @@
])# _LT_LANG
+m4_ifndef([AC_PROG_GO], [
+############################################################
+# NOTE: This macro has been submitted for inclusion into #
+# GNU Autoconf as AC_PROG_GO. When it is available in #
+# a released version of Autoconf we should remove this #
+# macro and use it instead. #
+############################################################
+m4_defun([AC_PROG_GO],
+[AC_LANG_PUSH(Go)dnl
+AC_ARG_VAR([GOC], [Go compiler command])dnl
+AC_ARG_VAR([GOFLAGS], [Go compiler flags])dnl
+_AC_ARG_VAR_LDFLAGS()dnl
+AC_CHECK_TOOL(GOC, gccgo)
+if test -z "$GOC"; then
+ if test -n "$ac_tool_prefix"; then
+ AC_CHECK_PROG(GOC, [${ac_tool_prefix}gccgo], [${ac_tool_prefix}gccgo])
+ fi
+fi
+if test -z "$GOC"; then
+ AC_CHECK_PROG(GOC, gccgo, gccgo, false)
+fi
+])#m4_defun
+])#m4_ifndef
+
+
# _LT_LANG_DEFAULT_CONFIG
# -----------------------
m4_defun([_LT_LANG_DEFAULT_CONFIG],
@@ -852,6 +880,10 @@
m4_ifdef([LT_PROG_GCJ],
[m4_define([LT_PROG_GCJ], defn([LT_PROG_GCJ])[LT_LANG(GCJ)])])])])])
+AC_PROVIDE_IFELSE([AC_PROG_GO],
+ [LT_LANG(GO)],
+ [m4_define([AC_PROG_GO], defn([AC_PROG_GO])[LT_LANG(GO)])])
+
AC_PROVIDE_IFELSE([LT_PROG_RC],
[LT_LANG(RC)],
[m4_define([LT_PROG_RC], defn([LT_PROG_RC])[LT_LANG(RC)])])
@@ -954,7 +986,13 @@
$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
-dynamiclib -Wl,-single_module conftest.c 2>conftest.err
_lt_result=$?
- if test -f libconftest.dylib && test ! -s conftest.err && test $_lt_result = 0; then
+ # If there is a non-empty error log, and "single_module"
+ # appears in it, assume the flag caused a linker warning
+ if test -s conftest.err && $GREP single_module conftest.err; then
+ cat conftest.err >&AS_MESSAGE_LOG_FD
+ # Otherwise, if the output was created with a 0 exit code from
+ # the compiler, it worked.
+ elif test -f libconftest.dylib && test $_lt_result -eq 0; then
lt_cv_apple_cc_single_mod=yes
else
cat conftest.err >&AS_MESSAGE_LOG_FD
@@ -962,6 +1000,7 @@
rm -rf libconftest.dylib*
rm -f conftest.*
fi])
+
AC_CACHE_CHECK([for -exported_symbols_list linker flag],
[lt_cv_ld_exported_symbols_list],
[lt_cv_ld_exported_symbols_list=no
@@ -973,6 +1012,7 @@
[lt_cv_ld_exported_symbols_list=no])
LDFLAGS="$save_LDFLAGS"
])
+
AC_CACHE_CHECK([for -force_load linker flag],[lt_cv_ld_force_load],
[lt_cv_ld_force_load=no
cat > conftest.c << _LT_EOF
@@ -990,7 +1030,9 @@
echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&AS_MESSAGE_LOG_FD
$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err
_lt_result=$?
- if test -f conftest && test ! -s conftest.err && test $_lt_result = 0 && $GREP forced_load conftest 2>&1 >/dev/null; then
+ if test -s conftest.err && $GREP force_load conftest.err; then
+ cat conftest.err >&AS_MESSAGE_LOG_FD
+ elif test -f conftest && test $_lt_result -eq 0 && $GREP forced_load conftest >/dev/null 2>&1 ; then
lt_cv_ld_force_load=yes
else
cat conftest.err >&AS_MESSAGE_LOG_FD
@@ -1035,8 +1077,8 @@
])
-# _LT_DARWIN_LINKER_FEATURES
-# --------------------------
+# _LT_DARWIN_LINKER_FEATURES([TAG])
+# ---------------------------------
# Checks for linker and compiler features on darwin
m4_defun([_LT_DARWIN_LINKER_FEATURES],
[
@@ -1047,6 +1089,8 @@
_LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
if test "$lt_cv_ld_force_load" = "yes"; then
_LT_TAGVAR(whole_archive_flag_spec, $1)='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience ${wl}-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`'
+ m4_case([$1], [F77], [_LT_TAGVAR(compiler_needs_object, $1)=yes],
+ [FC], [_LT_TAGVAR(compiler_needs_object, $1)=yes])
else
_LT_TAGVAR(whole_archive_flag_spec, $1)=''
fi
@@ -1330,14 +1374,27 @@
CFLAGS="$SAVE_CFLAGS"
fi
;;
-sparc*-*solaris*)
+*-*solaris*)
# Find out which ABI we are using.
echo 'int i;' > conftest.$ac_ext
if AC_TRY_EVAL(ac_compile); then
case `/usr/bin/file conftest.o` in
*64-bit*)
case $lt_cv_prog_gnu_ld in
- yes*) LD="${LD-ld} -m elf64_sparc" ;;
+ yes*)
+ case $host in
+ i?86-*-solaris*)
+ LD="${LD-ld} -m elf_x86_64"
+ ;;
+ sparc*-*-solaris*)
+ LD="${LD-ld} -m elf64_sparc"
+ ;;
+ esac
+ # GNU ld 2.21 introduced _sol2 emulations. Use them if available.
+ if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then
+ LD="${LD-ld}_sol2"
+ fi
+ ;;
*)
if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then
LD="${LD-ld} -64"
@@ -1414,13 +1471,13 @@
if test -n "$RANLIB"; then
case $host_os in
openbsd*)
- old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$oldlib"
+ old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib"
;;
*)
- old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$oldlib"
+ old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib"
;;
esac
- old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib"
+ old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib"
fi
case $host_os in
@@ -1600,6 +1657,11 @@
lt_cv_sys_max_cmd_len=196608
;;
+ os2*)
+ # The test takes a long time on OS/2.
+ lt_cv_sys_max_cmd_len=8192
+ ;;
+
osf*)
# Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure
# due to this test when exec_disable_arg_limit is 1 on Tru64. It is not
@@ -1639,7 +1701,7 @@
# If test is not a shell built-in, we'll probably end up computing a
# maximum length that is only half of the actual maximum length, but
# we can't tell.
- while { test "X"`func_fallback_echo "$teststring$teststring" 2>/dev/null` \
+ while { test "X"`env echo "$teststring$teststring" 2>/dev/null` \
= "X$teststring$teststring"; } >/dev/null 2>&1 &&
test $i != 17 # 1/2 MB should be enough
do
@@ -2185,7 +2247,7 @@
case $host_os in
aix3*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a'
shlibpath_var=LIBPATH
@@ -2194,7 +2256,7 @@
;;
aix[[4-9]]*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
hardcode_into_libs=yes
@@ -2259,7 +2321,7 @@
;;
bsdi[[45]]*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
soname_spec='${libname}${release}${shared_ext}$major'
@@ -2398,7 +2460,7 @@
;;
dgux*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext'
@@ -2406,10 +2468,6 @@
shlibpath_var=LD_LIBRARY_PATH
;;
-freebsd1*)
- dynamic_linker=no
- ;;
-
freebsd* | dragonfly*)
# DragonFly does not have aout. When/if they implement a new
# versioning mechanism, adjust this.
@@ -2417,7 +2475,7 @@
objformat=`/usr/bin/objformat`
else
case $host_os in
- freebsd[[123]]*) objformat=aout ;;
+ freebsd[[23]].*) objformat=aout ;;
*) objformat=elf ;;
esac
fi
@@ -2435,7 +2493,7 @@
esac
shlibpath_var=LD_LIBRARY_PATH
case $host_os in
- freebsd2*)
+ freebsd2.*)
shlibpath_overrides_runpath=yes
;;
freebsd3.[[01]]* | freebsdelf3.[[01]]*)
@@ -2455,7 +2513,7 @@
;;
gnu*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}'
@@ -2466,7 +2524,7 @@
;;
haiku*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
dynamic_linker="$host_os runtime_loader"
@@ -2527,7 +2585,7 @@
;;
interix[[3-9]]*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
@@ -2543,7 +2601,7 @@
nonstopux*) version_type=nonstopux ;;
*)
if test "$lt_cv_prog_gnu_ld" = yes; then
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
else
version_type=irix
fi ;;
@@ -2580,9 +2638,9 @@
dynamic_linker=no
;;
-# This must be Linux ELF.
+# This must be glibc/ELF.
linux* | k*bsd*-gnu | kopensolaris*-gnu)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
@@ -2657,7 +2715,7 @@
;;
newsos6)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
shlibpath_var=LD_LIBRARY_PATH
shlibpath_overrides_runpath=yes
@@ -2726,7 +2784,7 @@
;;
solaris*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
@@ -2751,7 +2809,7 @@
;;
sysv4 | sysv4.3*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
soname_spec='${libname}${release}${shared_ext}$major'
shlibpath_var=LD_LIBRARY_PATH
@@ -2775,7 +2833,7 @@
sysv4*MP*)
if test -d /usr/nec ;then
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}'
soname_spec='$libname${shared_ext}.$major'
shlibpath_var=LD_LIBRARY_PATH
@@ -2806,7 +2864,7 @@
tpf*)
# TPF is a cross-target only. Preferred cross-host = GNU/Linux.
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
@@ -2816,7 +2874,7 @@
;;
uts4*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
soname_spec='${libname}${release}${shared_ext}$major'
shlibpath_var=LD_LIBRARY_PATH
@@ -3238,7 +3296,7 @@
lt_cv_deplibs_check_method=pass_all
;;
-# This must be Linux ELF.
+# This must be glibc/ELF.
linux* | k*bsd*-gnu | kopensolaris*-gnu)
lt_cv_deplibs_check_method=pass_all
;;
@@ -3658,6 +3716,7 @@
# which start with @ or ?.
lt_cv_sys_global_symbol_pipe="$AWK ['"\
" {last_section=section; section=\$ 3};"\
+" /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\
" /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\
" \$ 0!~/External *\|/{next};"\
" / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\
@@ -4242,7 +4301,9 @@
case $cc_basename in
nvcc*) # Cuda Compiler Driver 2.2
_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Xlinker '
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-Xcompiler -fPIC'
+ if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)="-Xcompiler $_LT_TAGVAR(lt_prog_compiler_pic, $1)"
+ fi
;;
esac
else
@@ -4334,18 +4395,33 @@
;;
*)
case `$CC -V 2>&1 | sed 5q` in
- *Sun\ F* | *Sun*Fortran*)
+ *Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [[1-7]].* | *Sun*Fortran*\ 8.[[0-3]]*)
# Sun Fortran 8.3 passes all unrecognized flags to the linker
_LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
_LT_TAGVAR(lt_prog_compiler_wl, $1)=''
;;
+ *Sun\ F* | *Sun*Fortran*)
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
+ ;;
*Sun\ C*)
# Sun C 5.9
_LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
;;
+ *Intel*\ [[CF]]*Compiler*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
+ ;;
+ *Portland\ Group*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
esac
;;
esac
@@ -4505,7 +4581,9 @@
;;
cygwin* | mingw* | cegcc*)
case $cc_basename in
- cl*) ;;
+ cl*)
+ _LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*'
+ ;;
*)
_LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols'
_LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname']
@@ -4533,7 +4611,6 @@
_LT_TAGVAR(hardcode_direct, $1)=no
_LT_TAGVAR(hardcode_direct_absolute, $1)=no
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
- _LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)=
_LT_TAGVAR(hardcode_libdir_separator, $1)=
_LT_TAGVAR(hardcode_minus_L, $1)=no
_LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
@@ -4787,8 +4864,7 @@
xlf* | bgf* | bgxlf* | mpixlf*)
# IBM XL Fortran 10.1 on PPC cannot create shared libs itself
_LT_TAGVAR(whole_archive_flag_spec, $1)='--whole-archive$convenience --no-whole-archive'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
- _LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='-rpath $libdir'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
_LT_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib'
if test "x$supports_anon_versioning" = xyes; then
_LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
@@ -5084,6 +5160,7 @@
# The linker will not automatically build a static lib if we build a DLL.
# _LT_TAGVAR(old_archive_from_new_cmds, $1)='true'
_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
+ _LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*'
_LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1,DATA/'\'' | $SED -e '\''/^[[AITW]][[ ]]/s/.*[[ ]]//'\'' | sort | uniq > $export_symbols'
# Don't use ranlib
_LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib'
@@ -5130,10 +5207,6 @@
_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
;;
- freebsd1*)
- _LT_TAGVAR(ld_shlibs, $1)=no
- ;;
-
# FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
# support. Future versions do this automatically, but an explicit c++rt0.o
# does not break anything, and helps significantly (at the cost of a little
@@ -5146,7 +5219,7 @@
;;
# Unfortunately, older versions of FreeBSD 2 do not have this feature.
- freebsd2*)
+ freebsd2.*)
_LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
_LT_TAGVAR(hardcode_direct, $1)=yes
_LT_TAGVAR(hardcode_minus_L, $1)=yes
@@ -5185,7 +5258,6 @@
fi
if test "$with_gnu_ld" = no; then
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
- _LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='+b $libdir'
_LT_TAGVAR(hardcode_libdir_separator, $1)=:
_LT_TAGVAR(hardcode_direct, $1)=yes
_LT_TAGVAR(hardcode_direct_absolute, $1)=yes
@@ -5627,9 +5699,6 @@
_LT_TAGDECL([], [hardcode_libdir_flag_spec], [1],
[Flag to hardcode $libdir into a binary during linking.
This must work even if $libdir does not exist])
-_LT_TAGDECL([], [hardcode_libdir_flag_spec_ld], [1],
- [[If ld is used when linking, flag to hardcode $libdir into a binary
- during linking. This must work even if $libdir does not exist]])
_LT_TAGDECL([], [hardcode_libdir_separator], [1],
[Whether we need a single "-rpath" flag with a separated argument])
_LT_TAGDECL([], [hardcode_direct], [0],
@@ -5787,7 +5856,6 @@
_LT_TAGVAR(hardcode_direct, $1)=no
_LT_TAGVAR(hardcode_direct_absolute, $1)=no
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
-_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)=
_LT_TAGVAR(hardcode_libdir_separator, $1)=
_LT_TAGVAR(hardcode_minus_L, $1)=no
_LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
@@ -6157,7 +6225,7 @@
esac
;;
- freebsd[[12]]*)
+ freebsd2.*)
# C++ shared libraries reported to be fairly broken before
# switch to ELF
_LT_TAGVAR(ld_shlibs, $1)=no
@@ -6918,12 +6986,18 @@
}
};
_LT_EOF
+], [$1], [GO], [cat > conftest.$ac_ext <<_LT_EOF
+package foo
+func foo() {
+}
+_LT_EOF
])
_lt_libdeps_save_CFLAGS=$CFLAGS
case "$CC $CFLAGS " in #(
*\ -flto*\ *) CFLAGS="$CFLAGS -fno-lto" ;;
*\ -fwhopr*\ *) CFLAGS="$CFLAGS -fno-whopr" ;;
+*\ -fuse-linker-plugin*\ *) CFLAGS="$CFLAGS -fno-use-linker-plugin" ;;
esac
dnl Parse the compiler output and extract the necessary
@@ -7120,7 +7194,6 @@
_LT_TAGVAR(hardcode_direct, $1)=no
_LT_TAGVAR(hardcode_direct_absolute, $1)=no
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
-_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)=
_LT_TAGVAR(hardcode_libdir_separator, $1)=
_LT_TAGVAR(hardcode_minus_L, $1)=no
_LT_TAGVAR(hardcode_automatic, $1)=no
@@ -7253,7 +7326,6 @@
_LT_TAGVAR(hardcode_direct, $1)=no
_LT_TAGVAR(hardcode_direct_absolute, $1)=no
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
-_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)=
_LT_TAGVAR(hardcode_libdir_separator, $1)=
_LT_TAGVAR(hardcode_minus_L, $1)=no
_LT_TAGVAR(hardcode_automatic, $1)=no
@@ -7440,6 +7512,77 @@
])# _LT_LANG_GCJ_CONFIG
+# _LT_LANG_GO_CONFIG([TAG])
+# --------------------------
+# Ensure that the configuration variables for the GNU Go compiler
+# are suitably defined. These variables are subsequently used by _LT_CONFIG
+# to write the compiler configuration to `libtool'.
+m4_defun([_LT_LANG_GO_CONFIG],
+[AC_REQUIRE([LT_PROG_GO])dnl
+AC_LANG_SAVE
+
+# Source file extension for Go test sources.
+ac_ext=go
+
+# Object file extension for compiled Go test sources.
+objext=o
+_LT_TAGVAR(objext, $1)=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code="package main; func main() { }"
+
+# Code to be used in simple link tests
+lt_simple_link_test_code='package main; func main() { }'
+
+# ltmain only uses $CC for tagged configurations so make sure $CC is set.
+_LT_TAG_COMPILER
+
+# save warnings/boilerplate of simple test code
+_LT_COMPILER_BOILERPLATE
+_LT_LINKER_BOILERPLATE
+
+# Allow CC to be a program name with arguments.
+lt_save_CC=$CC
+lt_save_CFLAGS=$CFLAGS
+lt_save_GCC=$GCC
+GCC=yes
+CC=${GOC-"gccgo"}
+CFLAGS=$GOFLAGS
+compiler=$CC
+_LT_TAGVAR(compiler, $1)=$CC
+_LT_TAGVAR(LD, $1)="$LD"
+_LT_CC_BASENAME([$compiler])
+
+# Go did not exist at the time GCC didn't implicitly link libc in.
+_LT_TAGVAR(archive_cmds_need_lc, $1)=no
+
+_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
+_LT_TAGVAR(reload_flag, $1)=$reload_flag
+_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
+
+## CAVEAT EMPTOR:
+## There is no encapsulation within the following macros, do not change
+## the running order or otherwise move them around unless you know exactly
+## what you are doing...
+if test -n "$compiler"; then
+ _LT_COMPILER_NO_RTTI($1)
+ _LT_COMPILER_PIC($1)
+ _LT_COMPILER_C_O($1)
+ _LT_COMPILER_FILE_LOCKS($1)
+ _LT_LINKER_SHLIBS($1)
+ _LT_LINKER_HARDCODE_LIBPATH($1)
+
+ _LT_CONFIG($1)
+fi
+
+AC_LANG_RESTORE
+
+GCC=$lt_save_GCC
+CC=$lt_save_CC
+CFLAGS=$lt_save_CFLAGS
+])# _LT_LANG_GO_CONFIG
+
+
# _LT_LANG_RC_CONFIG([TAG])
# -------------------------
# Ensure that the configuration variables for the Windows resource compiler
@@ -7509,6 +7652,13 @@
dnl AC_DEFUN([LT_AC_PROG_GCJ], [])
+# LT_PROG_GO
+# ----------
+AC_DEFUN([LT_PROG_GO],
+[AC_CHECK_TOOL(GOC, gccgo,)
+])
+
+
# LT_PROG_RC
# ----------
AC_DEFUN([LT_PROG_RC],
Modified: lighttpd/branches/upstream/current/m4/ltoptions.m4
===================================================================
--- lighttpd/branches/upstream/current/m4/ltoptions.m4 2011-11-30 17:41:50 UTC (rev 556)
+++ lighttpd/branches/upstream/current/m4/ltoptions.m4 2011-12-18 18:32:06 UTC (rev 557)
@@ -326,9 +326,24 @@
# MODE is either `yes' or `no'. If omitted, it defaults to `both'.
m4_define([_LT_WITH_PIC],
[AC_ARG_WITH([pic],
- [AS_HELP_STRING([--with-pic],
+ [AS_HELP_STRING([--with-pic@<:@=PKGS@:>@],
[try to use only PIC/non-PIC objects @<:@default=use both@:>@])],
- [pic_mode="$withval"],
+ [lt_p=${PACKAGE-default}
+ case $withval in
+ yes|no) pic_mode=$withval ;;
+ *)
+ pic_mode=default
+ # Look at the argument we got. We use all the common list separators.
+ lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ for lt_pkg in $withval; do
+ IFS="$lt_save_ifs"
+ if test "X$lt_pkg" = "X$lt_p"; then
+ pic_mode=yes
+ fi
+ done
+ IFS="$lt_save_ifs"
+ ;;
+ esac],
[pic_mode=default])
test -z "$pic_mode" && pic_mode=m4_default([$1], [default])
Modified: lighttpd/branches/upstream/current/m4/ltversion.m4
===================================================================
--- lighttpd/branches/upstream/current/m4/ltversion.m4 2011-11-30 17:41:50 UTC (rev 556)
+++ lighttpd/branches/upstream/current/m4/ltversion.m4 2011-12-18 18:32:06 UTC (rev 557)
@@ -9,15 +9,15 @@
# @configure_input@
-# serial 3293 ltversion.m4
+# serial 3337 ltversion.m4
# This file is part of GNU Libtool
-m4_define([LT_PACKAGE_VERSION], [2.4])
-m4_define([LT_PACKAGE_REVISION], [1.3293])
+m4_define([LT_PACKAGE_VERSION], [2.4.2])
+m4_define([LT_PACKAGE_REVISION], [1.3337])
AC_DEFUN([LTVERSION_VERSION],
-[macro_version='2.4'
-macro_revision='1.3293'
+[macro_version='2.4.2'
+macro_revision='1.3337'
_LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?])
_LT_DECL(, macro_revision, 0)
])
Modified: lighttpd/branches/upstream/current/src/Makefile.am
===================================================================
--- lighttpd/branches/upstream/current/src/Makefile.am 2011-11-30 17:41:50 UTC (rev 556)
+++ lighttpd/branches/upstream/current/src/Makefile.am 2011-12-18 18:32:06 UTC (rev 557)
@@ -241,7 +241,7 @@
mod_compress_la_LIBADD = $(Z_LIB) $(BZ_LIB) $(common_libadd)
lib_LTLIBRARIES += mod_auth.la
-mod_auth_la_SOURCES = mod_auth.c http_auth_digest.c http_auth.c
+mod_auth_la_SOURCES = mod_auth.c http_auth.c
mod_auth_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
mod_auth_la_LIBADD = $(CRYPT_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd)
@@ -268,7 +268,7 @@
hdr = server.h buffer.h network.h log.h keyvalue.h \
response.h request.h fastcgi.h chunk.h \
- settings.h http_chunk.h http_auth_digest.h \
+ settings.h http_chunk.h \
md5.h http_auth.h stream.h \
fdevent.h connections.h base.h stat_cache.h \
plugin.h mod_auth.h \
Modified: lighttpd/branches/upstream/current/src/Makefile.in
===================================================================
--- lighttpd/branches/upstream/current/src/Makefile.in 2011-11-30 17:41:50 UTC (rev 556)
+++ lighttpd/branches/upstream/current/src/Makefile.in 2011-12-18 18:32:06 UTC (rev 557)
@@ -158,7 +158,7 @@
$(mod_alias_la_LDFLAGS) $(LDFLAGS) -o $@
mod_auth_la_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2)
-am_mod_auth_la_OBJECTS = mod_auth.lo http_auth_digest.lo http_auth.lo
+am_mod_auth_la_OBJECTS = mod_auth.lo http_auth.lo
mod_auth_la_OBJECTS = $(am_mod_auth_la_OBJECTS)
mod_auth_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
@@ -769,7 +769,7 @@
mod_compress_la_SOURCES = mod_compress.c
mod_compress_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
mod_compress_la_LIBADD = $(Z_LIB) $(BZ_LIB) $(common_libadd)
-mod_auth_la_SOURCES = mod_auth.c http_auth_digest.c http_auth.c
+mod_auth_la_SOURCES = mod_auth.c http_auth.c
mod_auth_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
mod_auth_la_LIBADD = $(CRYPT_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd)
mod_rewrite_la_SOURCES = mod_rewrite.c
@@ -786,7 +786,7 @@
mod_accesslog_la_LIBADD = $(common_libadd)
hdr = server.h buffer.h network.h log.h keyvalue.h \
response.h request.h fastcgi.h chunk.h \
- settings.h http_chunk.h http_auth_digest.h \
+ settings.h http_chunk.h \
md5.h http_auth.h stream.h \
fdevent.h connections.h base.h stat_cache.h \
plugin.h mod_auth.h \
@@ -1050,7 +1050,6 @@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/fdevent_solaris_port.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/http-header-glue.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/http_auth.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/http_auth_digest.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/http_chunk.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/inet_ntop_cache.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/joblist.Po at am__quote@
Modified: lighttpd/branches/upstream/current/src/SConscript
===================================================================
--- lighttpd/branches/upstream/current/src/SConscript 2011-11-30 17:41:50 UTC (rev 556)
+++ lighttpd/branches/upstream/current/src/SConscript 2011-12-18 18:32:06 UTC (rev 557)
@@ -12,7 +12,8 @@
data_integer.c md5.c data_fastcgi.c \
fdevent_select.c fdevent_libev.c \
fdevent_poll.c fdevent_linux_sysepoll.c \
- fdevent_solaris_devpoll.c fdevent_freebsd_kqueue.c \
+ fdevent_solaris_devpoll.c fdevent_solaris_port.c \
+ fdevent_freebsd_kqueue.c \
data_config.c bitset.c \
inet_ntop_cache.c crc32.c \
connections-glue.c \
@@ -62,7 +63,7 @@
'mod_redirect' : { 'src' : [ 'mod_redirect.c' ], 'lib' : [ env['LIBPCRE'] ] },
'mod_rewrite' : { 'src' : [ 'mod_rewrite.c' ], 'lib' : [ env['LIBPCRE'] ] },
'mod_auth' : {
- 'src' : [ 'mod_auth.c', 'http_auth_digest.c', 'http_auth.c' ],
+ 'src' : [ 'mod_auth.c', 'http_auth.c' ],
'lib' : [ env['LIBCRYPT'], env['LIBLDAP'], env['LIBLBER'] ] },
'mod_webdav' : { 'src' : [ 'mod_webdav.c' ], 'lib' : [ env['LIBXML2'], env['LIBSQLITE3'], env['LIBUUID'] ] },
'mod_mysql_vhost' : { 'src' : [ 'mod_mysql_vhost.c' ], 'lib' : [ env['LIBMYSQL'] ] },
Modified: lighttpd/branches/upstream/current/src/base.h
===================================================================
--- lighttpd/branches/upstream/current/src/base.h 2011-11-30 17:41:50 UTC (rev 556)
+++ lighttpd/branches/upstream/current/src/base.h 2011-12-18 18:32:06 UTC (rev 557)
@@ -277,6 +277,7 @@
buffer *ssl_cipher_list;
buffer *ssl_dh_file;
buffer *ssl_ec_curve;
+ unsigned short ssl_honor_cipher_order; /* determine SSL cipher in server-preferred order, not client-order */
unsigned short ssl_use_sslv2;
unsigned short ssl_use_sslv3;
unsigned short ssl_verifyclient;
@@ -284,6 +285,7 @@
unsigned short ssl_verifyclient_depth;
buffer *ssl_verifyclient_username;
unsigned short ssl_verifyclient_export_cert;
+ unsigned short ssl_disable_client_renegotiation;
unsigned short use_ipv6, set_v6only; /* set_v6only is only a temporary option */
unsigned short defer_accept;
@@ -437,6 +439,7 @@
# ifndef OPENSSL_NO_TLSEXT
buffer *tlsext_server_name;
# endif
+ unsigned int renegotiations; /* count of SSL_CB_HANDSHAKE_START */
#endif
/* etag handling */
etag_flags_t etag_flags;
@@ -647,11 +650,9 @@
fdevent_handler_t event_handler;
- int (* network_backend_write)(struct server *srv, connection *con, int fd, chunkqueue *cq);
- int (* network_backend_read)(struct server *srv, connection *con, int fd, chunkqueue *cq);
+ int (* network_backend_write)(struct server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes);
#ifdef USE_OPENSSL
- int (* network_ssl_backend_write)(struct server *srv, connection *con, SSL *ssl, chunkqueue *cq);
- int (* network_ssl_backend_read)(struct server *srv, connection *con, SSL *ssl, chunkqueue *cq);
+ int (* network_ssl_backend_write)(struct server *srv, connection *con, SSL *ssl, chunkqueue *cq, off_t max_bytes);
#endif
uid_t uid;
Modified: lighttpd/branches/upstream/current/src/configfile.c
===================================================================
--- lighttpd/branches/upstream/current/src/configfile.c 2011-11-30 17:41:50 UTC (rev 556)
+++ lighttpd/branches/upstream/current/src/configfile.c 2011-12-18 18:32:06 UTC (rev 557)
@@ -105,6 +105,8 @@
{ "ssl.use-sslv3", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 62 */
{ "ssl.dh-file", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER }, /* 63 */
{ "ssl.ec-curve", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER }, /* 64 */
+ { "ssl.disable-client-renegotiation", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER },/* 65 */
+ { "ssl.honor-cipher-order", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 66 */
{ "server.host", "use server.bind instead", T_CONFIG_DEPRECATED, T_CONFIG_SCOPE_UNSET },
{ "server.docroot", "use server.document-root instead", T_CONFIG_DEPRECATED, T_CONFIG_SCOPE_UNSET },
@@ -176,6 +178,7 @@
s->max_write_idle = 360;
s->use_xattr = 0;
s->is_ssl = 0;
+ s->ssl_honor_cipher_order = 1;
s->ssl_use_sslv2 = 0;
s->ssl_use_sslv3 = 1;
s->use_ipv6 = 0;
@@ -199,6 +202,7 @@
s->ssl_verifyclient_username = buffer_init();
s->ssl_verifyclient_depth = 9;
s->ssl_verifyclient_export_cert = 0;
+ s->ssl_disable_client_renegotiation = 1;
cv[2].destination = s->errorfile_prefix;
@@ -245,6 +249,8 @@
cv[62].destination = &(s->ssl_use_sslv3);
cv[63].destination = s->ssl_dh_file;
cv[64].destination = s->ssl_ec_curve;
+ cv[66].destination = &(s->ssl_honor_cipher_order);
+
cv[49].destination = &(s->etag_use_inode);
cv[50].destination = &(s->etag_use_mtime);
cv[51].destination = &(s->etag_use_size);
@@ -255,6 +261,7 @@
cv[58].destination = &(s->ssl_verifyclient_depth);
cv[59].destination = s->ssl_verifyclient_username;
cv[60].destination = &(s->ssl_verifyclient_export_cert);
+ cv[65].destination = &(s->ssl_disable_client_renegotiation);
srv->config_storage[i] = s;
@@ -335,6 +342,7 @@
PATCH(ssl_cipher_list);
PATCH(ssl_dh_file);
PATCH(ssl_ec_curve);
+ PATCH(ssl_honor_cipher_order);
PATCH(ssl_use_sslv2);
PATCH(ssl_use_sslv3);
PATCH(etag_use_inode);
@@ -346,6 +354,7 @@
PATCH(ssl_verifyclient_depth);
PATCH(ssl_verifyclient_username);
PATCH(ssl_verifyclient_export_cert);
+ PATCH(ssl_disable_client_renegotiation);
return 0;
}
@@ -400,6 +409,8 @@
#endif
} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.ca-file"))) {
PATCH(ssl_ca_file);
+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.honor-cipher-order"))) {
+ PATCH(ssl_honor_cipher_order);
} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.use-sslv2"))) {
PATCH(ssl_use_sslv2);
} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.use-sslv3"))) {
@@ -454,6 +465,8 @@
PATCH(ssl_verifyclient_username);
} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.verifyclient.exportcert"))) {
PATCH(ssl_verifyclient_export_cert);
+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.disable-client-renegotiation"))) {
+ PATCH(ssl_disable_client_renegotiation);
}
}
}
Modified: lighttpd/branches/upstream/current/src/connections.c
===================================================================
--- lighttpd/branches/upstream/current/src/connections.c 2011-11-30 17:41:50 UTC (rev 556)
+++ lighttpd/branches/upstream/current/src/connections.c 2011-12-18 18:32:06 UTC (rev 557)
@@ -223,6 +223,12 @@
len = SSL_read(con->ssl, b->ptr + read_offset, toread);
+ if (con->renegotiations > 1 && con->conf.ssl_disable_client_renegotiation) {
+ connection_set_state(srv, con, CON_STATE_ERROR);
+ log_error_write(srv, __FILE__, __LINE__, "s", "SSL: renegotiation initiated by client");
+ return -1;
+ }
+
if (len > 0) {
if (b->used > 0) b->used--;
b->used += len;
@@ -445,6 +451,7 @@
default:
switch(con->http_status) {
case 400: /* bad request */
+ case 401: /* authorization required */
case 414: /* overload request header */
case 505: /* unknown protocol */
case 207: /* this was webdav */
@@ -617,8 +624,9 @@
}
static int connection_handle_write(server *srv, connection *con) {
- switch(network_write_chunkqueue(srv, con, con->write_queue)) {
+ switch(network_write_chunkqueue(srv, con, con->write_queue, MAX_WRITE_LIMIT)) {
case 0:
+ con->write_request_ts = srv->cur_ts;
if (con->file_finished) {
connection_set_state(srv, con, CON_STATE_RESPONSE_END);
joblist_append(srv, con);
@@ -635,6 +643,7 @@
joblist_append(srv, con);
break;
case 1:
+ con->write_request_ts = srv->cur_ts;
con->is_writable = 0;
/* not finished yet -> WRITE */
@@ -1251,8 +1260,6 @@
log_error_write(srv, __FILE__, __LINE__, "ds",
con->fd,
"handle write failed.");
- } else if (con->state == CON_STATE_WRITE) {
- con->write_request_ts = srv->cur_ts;
}
}
@@ -1352,6 +1359,7 @@
return NULL;
}
+ con->renegotiations = 0;
#ifndef OPENSSL_NO_TLSEXT
SSL_set_app_data(con->ssl, con);
#endif
@@ -1667,8 +1675,6 @@
con->fd,
"handle write failed.");
connection_set_state(srv, con, CON_STATE_ERROR);
- } else if (con->state == CON_STATE_WRITE) {
- con->write_request_ts = srv->cur_ts;
}
}
Modified: lighttpd/branches/upstream/current/src/http_auth.c
===================================================================
--- lighttpd/branches/upstream/current/src/http_auth.c 2011-11-30 17:41:50 UTC (rev 556)
+++ lighttpd/branches/upstream/current/src/http_auth.c 2011-12-18 18:32:06 UTC (rev 557)
@@ -1,7 +1,6 @@
#include "server.h"
#include "log.h"
#include "http_auth.h"
-#include "http_auth_digest.h"
#include "inet_ntop_cache.h"
#include "stream.h"
@@ -28,18 +27,23 @@
#include <unistd.h>
#include <ctype.h>
-#ifdef USE_OPENSSL
-# include <openssl/md5.h>
-#else
-# include "md5.h"
+#include "md5.h"
-typedef li_MD5_CTX MD5_CTX;
-#define MD5_Init li_MD5_Init
-#define MD5_Update li_MD5_Update
-#define MD5_Final li_MD5_Final
+#define HASHLEN 16
+#define HASHHEXLEN 32
+typedef unsigned char HASH[HASHLEN];
+typedef char HASHHEX[HASHHEXLEN+1];
-#endif
+static void CvtHex(const HASH Bin, char Hex[33]) {
+ unsigned short i;
+ for (i = 0; i < 16; i++) {
+ Hex[i*2] = int2hex((Bin[i] >> 4) & 0xf);
+ Hex[i*2+1] = int2hex(Bin[i] & 0xf);
+ }
+ Hex[32] = '\0';
+}
+
/**
* the $apr1$ handling is taken from apache 1.3.x
*/
@@ -95,7 +99,7 @@
ch = in[0];
/* run through the whole string, converting as we go */
for (i = 0; i < in_len; i++) {
- ch = in[i];
+ ch = (unsigned char) in[i];
if (ch == '\0') break;
@@ -435,7 +439,7 @@
static void to64(char *s, unsigned long v, int n)
{
- static unsigned char itoa64[] = /* 0 ... 63 => ASCII - 64 */
+ static const unsigned char itoa64[] = /* 0 ... 63 => ASCII - 64 */
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
while (--n >= 0) {
@@ -455,7 +459,7 @@
const char *sp, *ep;
unsigned char final[APR_MD5_DIGESTSIZE];
ssize_t sl, pl, i;
- MD5_CTX ctx, ctx1;
+ li_MD5_CTX ctx, ctx1;
unsigned long l;
/*
@@ -487,33 +491,33 @@
/*
* 'Time to make the doughnuts..'
*/
- MD5_Init(&ctx);
+ li_MD5_Init(&ctx);
/*
* The password first, since that is what is most unknown
*/
- MD5_Update(&ctx, pw, strlen(pw));
+ li_MD5_Update(&ctx, pw, strlen(pw));
/*
* Then our magic string
*/
- MD5_Update(&ctx, APR1_ID, strlen(APR1_ID));
+ li_MD5_Update(&ctx, APR1_ID, strlen(APR1_ID));
/*
* Then the raw salt
*/
- MD5_Update(&ctx, sp, sl);
+ li_MD5_Update(&ctx, sp, sl);
/*
* Then just as many characters of the MD5(pw, salt, pw)
*/
- MD5_Init(&ctx1);
- MD5_Update(&ctx1, pw, strlen(pw));
- MD5_Update(&ctx1, sp, sl);
- MD5_Update(&ctx1, pw, strlen(pw));
- MD5_Final(final, &ctx1);
+ li_MD5_Init(&ctx1);
+ li_MD5_Update(&ctx1, pw, strlen(pw));
+ li_MD5_Update(&ctx1, sp, sl);
+ li_MD5_Update(&ctx1, pw, strlen(pw));
+ li_MD5_Final(final, &ctx1);
for (pl = strlen(pw); pl > 0; pl -= APR_MD5_DIGESTSIZE) {
- MD5_Update(&ctx, final,
+ li_MD5_Update(&ctx, final,
(pl > APR_MD5_DIGESTSIZE) ? APR_MD5_DIGESTSIZE : pl);
}
@@ -527,10 +531,10 @@
*/
for (i = strlen(pw); i != 0; i >>= 1) {
if (i & 1) {
- MD5_Update(&ctx, final, 1);
+ li_MD5_Update(&ctx, final, 1);
}
else {
- MD5_Update(&ctx, pw, 1);
+ li_MD5_Update(&ctx, pw, 1);
}
}
@@ -542,7 +546,7 @@
strncat(passwd, sp, sl);
strcat(passwd, "$");
- MD5_Final(final, &ctx);
+ li_MD5_Final(final, &ctx);
/*
* And now, just to make sure things don't run too fast..
@@ -550,28 +554,28 @@
* need 30 seconds to build a 1000 entry dictionary...
*/
for (i = 0; i < 1000; i++) {
- MD5_Init(&ctx1);
+ li_MD5_Init(&ctx1);
if (i & 1) {
- MD5_Update(&ctx1, pw, strlen(pw));
+ li_MD5_Update(&ctx1, pw, strlen(pw));
}
else {
- MD5_Update(&ctx1, final, APR_MD5_DIGESTSIZE);
+ li_MD5_Update(&ctx1, final, APR_MD5_DIGESTSIZE);
}
if (i % 3) {
- MD5_Update(&ctx1, sp, sl);
+ li_MD5_Update(&ctx1, sp, sl);
}
if (i % 7) {
- MD5_Update(&ctx1, pw, strlen(pw));
+ li_MD5_Update(&ctx1, pw, strlen(pw));
}
if (i & 1) {
- MD5_Update(&ctx1, final, APR_MD5_DIGESTSIZE);
+ li_MD5_Update(&ctx1, final, APR_MD5_DIGESTSIZE);
}
else {
- MD5_Update(&ctx1, pw, strlen(pw));
+ li_MD5_Update(&ctx1, pw, strlen(pw));
}
- MD5_Final(final,&ctx1);
+ li_MD5_Final(final,&ctx1);
}
p = passwd + strlen(passwd);
@@ -614,17 +618,17 @@
* user:realm:md5(user:realm:password)
*/
- MD5_CTX Md5Ctx;
+ li_MD5_CTX Md5Ctx;
HASH HA1;
char a1[256];
- MD5_Init(&Md5Ctx);
- MD5_Update(&Md5Ctx, (unsigned char *)username->ptr, username->used - 1);
- MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
- MD5_Update(&Md5Ctx, (unsigned char *)realm->ptr, realm->used - 1);
- MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
- MD5_Update(&Md5Ctx, (unsigned char *)pw, strlen(pw));
- MD5_Final(HA1, &Md5Ctx);
+ li_MD5_Init(&Md5Ctx);
+ li_MD5_Update(&Md5Ctx, (unsigned char *)username->ptr, username->used - 1);
+ li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+ li_MD5_Update(&Md5Ctx, (unsigned char *)realm->ptr, realm->used - 1);
+ li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+ li_MD5_Update(&Md5Ctx, (unsigned char *)pw, strlen(pw));
+ li_MD5_Final(HA1, &Md5Ctx);
CvtHex(HA1, a1);
@@ -930,7 +934,7 @@
int i;
buffer *password, *b, *username_buf, *realm_buf;
- MD5_CTX Md5Ctx;
+ li_MD5_CTX Md5Ctx;
HASH HA1;
HASH HA2;
HASH RespHash;
@@ -1067,13 +1071,13 @@
if (p->conf.auth_backend == AUTH_BACKEND_PLAIN) {
/* generate password from plain-text */
- MD5_Init(&Md5Ctx);
- MD5_Update(&Md5Ctx, (unsigned char *)username, strlen(username));
- MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
- MD5_Update(&Md5Ctx, (unsigned char *)realm, strlen(realm));
- MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
- MD5_Update(&Md5Ctx, (unsigned char *)password->ptr, password->used - 1);
- MD5_Final(HA1, &Md5Ctx);
+ li_MD5_Init(&Md5Ctx);
+ li_MD5_Update(&Md5Ctx, (unsigned char *)username, strlen(username));
+ li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+ li_MD5_Update(&Md5Ctx, (unsigned char *)realm, strlen(realm));
+ li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+ li_MD5_Update(&Md5Ctx, (unsigned char *)password->ptr, password->used - 1);
+ li_MD5_Final(HA1, &Md5Ctx);
} else if (p->conf.auth_backend == AUTH_BACKEND_HTDIGEST) {
/* HA1 */
/* transform the 32-byte-hex-md5 to a 16-byte-md5 */
@@ -1090,45 +1094,45 @@
if (algorithm &&
strcasecmp(algorithm, "md5-sess") == 0) {
- MD5_Init(&Md5Ctx);
- MD5_Update(&Md5Ctx, (unsigned char *)HA1, 16);
- MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
- MD5_Update(&Md5Ctx, (unsigned char *)nonce, strlen(nonce));
- MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
- MD5_Update(&Md5Ctx, (unsigned char *)cnonce, strlen(cnonce));
- MD5_Final(HA1, &Md5Ctx);
+ li_MD5_Init(&Md5Ctx);
+ li_MD5_Update(&Md5Ctx, (unsigned char *)HA1, 16);
+ li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+ li_MD5_Update(&Md5Ctx, (unsigned char *)nonce, strlen(nonce));
+ li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+ li_MD5_Update(&Md5Ctx, (unsigned char *)cnonce, strlen(cnonce));
+ li_MD5_Final(HA1, &Md5Ctx);
}
CvtHex(HA1, a1);
/* calculate H(A2) */
- MD5_Init(&Md5Ctx);
- MD5_Update(&Md5Ctx, (unsigned char *)m, strlen(m));
- MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
- MD5_Update(&Md5Ctx, (unsigned char *)uri, strlen(uri));
+ li_MD5_Init(&Md5Ctx);
+ li_MD5_Update(&Md5Ctx, (unsigned char *)m, strlen(m));
+ li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+ li_MD5_Update(&Md5Ctx, (unsigned char *)uri, strlen(uri));
if (qop && strcasecmp(qop, "auth-int") == 0) {
- MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
- MD5_Update(&Md5Ctx, (unsigned char *)"", HASHHEXLEN);
+ li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+ li_MD5_Update(&Md5Ctx, (unsigned char *)"", HASHHEXLEN);
}
- MD5_Final(HA2, &Md5Ctx);
+ li_MD5_Final(HA2, &Md5Ctx);
CvtHex(HA2, HA2Hex);
/* calculate response */
- MD5_Init(&Md5Ctx);
- MD5_Update(&Md5Ctx, (unsigned char *)a1, HASHHEXLEN);
- MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
- MD5_Update(&Md5Ctx, (unsigned char *)nonce, strlen(nonce));
- MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+ li_MD5_Init(&Md5Ctx);
+ li_MD5_Update(&Md5Ctx, (unsigned char *)a1, HASHHEXLEN);
+ li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+ li_MD5_Update(&Md5Ctx, (unsigned char *)nonce, strlen(nonce));
+ li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
if (qop && *qop) {
- MD5_Update(&Md5Ctx, (unsigned char *)nc, strlen(nc));
- MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
- MD5_Update(&Md5Ctx, (unsigned char *)cnonce, strlen(cnonce));
- MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
- MD5_Update(&Md5Ctx, (unsigned char *)qop, strlen(qop));
- MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+ li_MD5_Update(&Md5Ctx, (unsigned char *)nc, strlen(nc));
+ li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+ li_MD5_Update(&Md5Ctx, (unsigned char *)cnonce, strlen(cnonce));
+ li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
+ li_MD5_Update(&Md5Ctx, (unsigned char *)qop, strlen(qop));
+ li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
};
- MD5_Update(&Md5Ctx, (unsigned char *)HA2Hex, HASHHEXLEN);
- MD5_Final(RespHash, &Md5Ctx);
+ li_MD5_Update(&Md5Ctx, (unsigned char *)HA2Hex, HASHHEXLEN);
+ li_MD5_Final(RespHash, &Md5Ctx);
CvtHex(RespHash, a2);
if (0 != strcmp(a2, respons)) {
@@ -1171,24 +1175,24 @@
int http_auth_digest_generate_nonce(server *srv, mod_auth_plugin_data *p, buffer *fn, char out[33]) {
HASH h;
- MD5_CTX Md5Ctx;
+ li_MD5_CTX Md5Ctx;
char hh[32];
UNUSED(p);
/* generate shared-secret */
- MD5_Init(&Md5Ctx);
- MD5_Update(&Md5Ctx, (unsigned char *)fn->ptr, fn->used - 1);
- MD5_Update(&Md5Ctx, (unsigned char *)"+", 1);
+ li_MD5_Init(&Md5Ctx);
+ li_MD5_Update(&Md5Ctx, (unsigned char *)fn->ptr, fn->used - 1);
+ li_MD5_Update(&Md5Ctx, (unsigned char *)"+", 1);
/* we assume sizeof(time_t) == 4 here, but if not it ain't a problem at all */
LI_ltostr(hh, srv->cur_ts);
- MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
- MD5_Update(&Md5Ctx, (unsigned char *)srv->entropy, sizeof(srv->entropy));
+ li_MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
+ li_MD5_Update(&Md5Ctx, (unsigned char *)srv->entropy, sizeof(srv->entropy));
LI_ltostr(hh, rand());
- MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
+ li_MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
- MD5_Final(h, &Md5Ctx);
+ li_MD5_Final(h, &Md5Ctx);
CvtHex(h, out);
Deleted: lighttpd/branches/upstream/current/src/http_auth_digest.c
===================================================================
--- lighttpd/branches/upstream/current/src/http_auth_digest.c 2011-11-30 17:41:50 UTC (rev 556)
+++ lighttpd/branches/upstream/current/src/http_auth_digest.c 2011-12-18 18:32:06 UTC (rev 557)
@@ -1,26 +0,0 @@
-#include "buffer.h"
-
-#include "http_auth_digest.h"
-
-#include <string.h>
-
-#ifndef USE_OPENSSL
-# include "md5.h"
-
-typedef li_MD5_CTX MD5_CTX;
-#define MD5_Init li_MD5_Init
-#define MD5_Update li_MD5_Update
-#define MD5_Final li_MD5_Final
-
-#endif
-
-void CvtHex(IN HASH Bin, OUT HASHHEX Hex) {
- unsigned short i;
-
- for (i = 0; i < HASHLEN; i++) {
- Hex[i*2] = int2hex((Bin[i] >> 4) & 0xf);
- Hex[i*2+1] = int2hex(Bin[i] & 0xf);
- }
- Hex[HASHHEXLEN] = '\0';
-}
-
Deleted: lighttpd/branches/upstream/current/src/http_auth_digest.h
===================================================================
--- lighttpd/branches/upstream/current/src/http_auth_digest.h 2011-11-30 17:41:50 UTC (rev 556)
+++ lighttpd/branches/upstream/current/src/http_auth_digest.h 2011-12-18 18:32:06 UTC (rev 557)
@@ -1,24 +0,0 @@
-#ifndef _DIGCALC_H_
-#define _DIGCALC_H_
-
-#ifdef HAVE_CONFIG_H
-# include "config.h"
-#endif
-
-#define HASHLEN 16
-typedef unsigned char HASH[HASHLEN];
-#define HASHHEXLEN 32
-typedef char HASHHEX[HASHHEXLEN+1];
-#ifdef USE_OPENSSL
-#define IN const
-#else
-#define IN
-#endif
-#define OUT
-
-void CvtHex(
- IN HASH Bin,
- OUT HASHHEX Hex
- );
-
-#endif
Modified: lighttpd/branches/upstream/current/src/mod_cgi.c
===================================================================
--- lighttpd/branches/upstream/current/src/mod_cgi.c 2011-11-30 17:41:50 UTC (rev 556)
+++ lighttpd/branches/upstream/current/src/mod_cgi.c 2011-12-18 18:32:06 UTC (rev 557)
@@ -1288,6 +1288,15 @@
#endif
break;
case -1:
+ if (errno == ECHILD) {
+ /* someone else called waitpid... remove the pid to stop looping the error each time */
+ log_error_write(srv, __FILE__, __LINE__, "s", "cgi child vanished, probably someone else called waitpid");
+
+ cgi_pid_del(srv, p, p->cgi_pid.ptr[ndx]);
+ ndx--;
+ continue;
+ }
+
log_error_write(srv, __FILE__, __LINE__, "ss", "waitpid failed: ", strerror(errno));
return HANDLER_ERROR;
Modified: lighttpd/branches/upstream/current/src/mod_cml_funcs.c
===================================================================
--- lighttpd/branches/upstream/current/src/mod_cml_funcs.c 2011-11-30 17:41:50 UTC (rev 556)
+++ lighttpd/branches/upstream/current/src/mod_cml_funcs.c 2011-12-18 18:32:06 UTC (rev 557)
@@ -17,18 +17,8 @@
#include <dirent.h>
#include <stdio.h>
-#ifdef USE_OPENSSL
-# include <openssl/md5.h>
-#else
-# include "md5.h"
+#include "md5.h"
-typedef li_MD5_CTX MD5_CTX;
-#define MD5_Init li_MD5_Init
-#define MD5_Update li_MD5_Update
-#define MD5_Final li_MD5_Final
-
-#endif
-
#define HASHLEN 16
typedef unsigned char HASH[HASHLEN];
#define HASHHEXLEN 32
@@ -43,7 +33,7 @@
#ifdef HAVE_LUA_H
int f_crypto_md5(lua_State *L) {
- MD5_CTX Md5Ctx;
+ li_MD5_CTX Md5Ctx;
HASH HA1;
buffer b;
char hex[33];
@@ -63,9 +53,9 @@
lua_error(L);
}
- MD5_Init(&Md5Ctx);
- MD5_Update(&Md5Ctx, (unsigned char *)lua_tostring(L, 1), lua_strlen(L, 1));
- MD5_Final(HA1, &Md5Ctx);
+ li_MD5_Init(&Md5Ctx);
+ li_MD5_Update(&Md5Ctx, (unsigned char *)lua_tostring(L, 1), lua_strlen(L, 1));
+ li_MD5_Final(HA1, &Md5Ctx);
buffer_copy_string_hex(&b, (char *)HA1, 16);
Modified: lighttpd/branches/upstream/current/src/mod_cml_lua.c
===================================================================
--- lighttpd/branches/upstream/current/src/mod_cml_lua.c 2011-11-30 17:41:50 UTC (rev 556)
+++ lighttpd/branches/upstream/current/src/mod_cml_lua.c 2011-12-18 18:32:06 UTC (rev 557)
@@ -11,18 +11,6 @@
#include <time.h>
#include <string.h>
-#ifdef USE_OPENSSL
-# include <openssl/md5.h>
-#else
-# include "md5.h"
-
-typedef li_MD5_CTX MD5_CTX;
-#define MD5_Init li_MD5_Init
-#define MD5_Update li_MD5_Update
-#define MD5_Final li_MD5_Final
-
-#endif
-
#define HASHLEN 16
typedef unsigned char HASH[HASHLEN];
#define HASHHEXLEN 32
Modified: lighttpd/branches/upstream/current/src/mod_dirlisting.c
===================================================================
--- lighttpd/branches/upstream/current/src/mod_dirlisting.c 2011-11-30 17:41:50 UTC (rev 556)
+++ lighttpd/branches/upstream/current/src/mod_dirlisting.c 2011-12-18 18:32:06 UTC (rev 557)
@@ -657,7 +657,8 @@
i = dir->used - 1;
#ifdef HAVE_PATHCONF
- if (-1 == (name_max = pathconf(dir->ptr, _PC_NAME_MAX))) {
+ if (0 >= (name_max = pathconf(dir->ptr, _PC_NAME_MAX))) {
+ /* some broken fs (fuse) return 0 instead of -1 */
#ifdef NAME_MAX
name_max = NAME_MAX;
#else
Modified: lighttpd/branches/upstream/current/src/mod_fastcgi.c
===================================================================
--- lighttpd/branches/upstream/current/src/mod_fastcgi.c 2011-11-30 17:41:50 UTC (rev 556)
+++ lighttpd/branches/upstream/current/src/mod_fastcgi.c 2011-12-18 18:32:06 UTC (rev 557)
@@ -3075,7 +3075,7 @@
fcgi_set_state(srv, hctx, FCGI_STATE_WRITE);
/* fall through */
case FCGI_STATE_WRITE:
- ret = srv->network_backend_write(srv, con, hctx->fd, hctx->wb);
+ ret = srv->network_backend_write(srv, con, hctx->fd, hctx->wb, MAX_WRITE_LIMIT);
chunkqueue_remove_finished_chunks(hctx->wb);
@@ -3132,7 +3132,6 @@
plugin_data *p = p_d;
handler_ctx *hctx = con->plugin_ctx[p->id];
- fcgi_proc *proc;
fcgi_extension_host *host;
if (NULL == hctx) return HANDLER_GO_ON;
@@ -3201,7 +3200,6 @@
/* ok, create the request */
switch(fcgi_write_request(srv, hctx)) {
case HANDLER_ERROR:
- proc = hctx->proc;
host = hctx->host;
if (hctx->state == FCGI_STATE_INIT ||
Modified: lighttpd/branches/upstream/current/src/mod_proxy.c
===================================================================
--- lighttpd/branches/upstream/current/src/mod_proxy.c 2011-11-30 17:41:50 UTC (rev 556)
+++ lighttpd/branches/upstream/current/src/mod_proxy.c 2011-12-18 18:32:06 UTC (rev 557)
@@ -825,7 +825,7 @@
/* fall through */
case PROXY_STATE_WRITE:;
- ret = srv->network_backend_write(srv, con, hctx->fd, hctx->wb);
+ ret = srv->network_backend_write(srv, con, hctx->fd, hctx->wb, MAX_WRITE_LIMIT);
chunkqueue_remove_finished_chunks(hctx->wb);
Modified: lighttpd/branches/upstream/current/src/mod_scgi.c
===================================================================
--- lighttpd/branches/upstream/current/src/mod_scgi.c 2011-11-30 17:41:50 UTC (rev 556)
+++ lighttpd/branches/upstream/current/src/mod_scgi.c 2011-12-18 18:32:06 UTC (rev 557)
@@ -2296,7 +2296,7 @@
/* fall through */
case FCGI_STATE_WRITE:
- ret = srv->network_backend_write(srv, con, hctx->fd, hctx->wb);
+ ret = srv->network_backend_write(srv, con, hctx->fd, hctx->wb, MAX_WRITE_LIMIT);
chunkqueue_remove_finished_chunks(hctx->wb);
Modified: lighttpd/branches/upstream/current/src/mod_secure_download.c
===================================================================
--- lighttpd/branches/upstream/current/src/mod_secure_download.c 2011-11-30 17:41:50 UTC (rev 556)
+++ lighttpd/branches/upstream/current/src/mod_secure_download.c 2011-12-18 18:32:06 UTC (rev 557)
@@ -8,18 +8,8 @@
#include <stdlib.h>
#include <string.h>
-#ifdef USE_OPENSSL
-# include <openssl/md5.h>
-#else
-# include "md5.h"
+#include "md5.h"
-typedef li_MD5_CTX MD5_CTX;
-#define MD5_Init li_MD5_Init
-#define MD5_Update li_MD5_Update
-#define MD5_Final li_MD5_Final
-
-#endif
-
#define HASHLEN 16
typedef unsigned char HASH[HASHLEN];
#define HASHHEXLEN 32
@@ -200,7 +190,7 @@
URIHANDLER_FUNC(mod_secdownload_uri_handler) {
plugin_data *p = p_d;
- MD5_CTX Md5Ctx;
+ li_MD5_CTX Md5Ctx;
HASH HA1;
const char *rel_uri, *ts_str, *md5_str;
time_t ts = 0;
@@ -266,9 +256,9 @@
buffer_append_string(p->md5, rel_uri);
buffer_append_string_len(p->md5, ts_str, 8);
- MD5_Init(&Md5Ctx);
- MD5_Update(&Md5Ctx, (unsigned char *)p->md5->ptr, p->md5->used - 1);
- MD5_Final(HA1, &Md5Ctx);
+ li_MD5_Init(&Md5Ctx);
+ li_MD5_Update(&Md5Ctx, (unsigned char *)p->md5->ptr, p->md5->used - 1);
+ li_MD5_Final(HA1, &Md5Ctx);
buffer_copy_string_hex(p->md5, (char *)HA1, 16);
Modified: lighttpd/branches/upstream/current/src/mod_staticfile.c
===================================================================
--- lighttpd/branches/upstream/current/src/mod_staticfile.c 2011-11-30 17:41:50 UTC (rev 556)
+++ lighttpd/branches/upstream/current/src/mod_staticfile.c 2011-12-18 18:32:06 UTC (rev 557)
@@ -26,6 +26,7 @@
typedef struct {
array *exclude_ext;
unsigned short etags_used;
+ unsigned short disable_pathinfo;
} plugin_config;
typedef struct {
@@ -84,6 +85,7 @@
config_values_t cv[] = {
{ "static-file.exclude-extensions", NULL, T_CONFIG_ARRAY, T_CONFIG_SCOPE_CONNECTION }, /* 0 */
{ "static-file.etags", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 1 */
+ { "static-file.disable-pathinfo", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 2 */
{ NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
};
@@ -97,9 +99,11 @@
s = calloc(1, sizeof(plugin_config));
s->exclude_ext = array_init();
s->etags_used = 1;
+ s->disable_pathinfo = 0;
cv[0].destination = s->exclude_ext;
cv[1].destination = &(s->etags_used);
+ cv[2].destination = &(s->disable_pathinfo);
p->config_storage[i] = s;
@@ -119,6 +123,7 @@
PATCH(exclude_ext);
PATCH(etags_used);
+ PATCH(disable_pathinfo);
/* skip the first, the global context */
for (i = 1; i < srv->config_context->used; i++) {
@@ -136,7 +141,9 @@
PATCH(exclude_ext);
} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("static-file.etags"))) {
PATCH(etags_used);
- }
+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("static-file.disable-pathinfo"))) {
+ PATCH(disable_pathinfo);
+ }
}
}
@@ -350,7 +357,6 @@
URIHANDLER_FUNC(mod_staticfile_subrequest) {
plugin_data *p = p_d;
size_t k;
- int s_len;
stat_cache_entry *sce = NULL;
buffer *mtime = NULL;
data_string *ds;
@@ -376,7 +382,12 @@
mod_staticfile_patch_connection(srv, con, p);
- s_len = con->uri.path->used - 1;
+ if (p->conf.disable_pathinfo && 0 != con->request.pathinfo->used) {
+ if (con->conf.log_request_handling) {
+ log_error_write(srv, __FILE__, __LINE__, "s", "-- NOT handling file as static file, pathinfo forbidden");
+ }
+ return HANDLER_GO_ON;
+ }
/* ignore certain extensions */
for (k = 0; k < p->conf.exclude_ext->used; k++) {
Modified: lighttpd/branches/upstream/current/src/mod_status.c
===================================================================
--- lighttpd/branches/upstream/current/src/mod_status.c 2011-11-30 17:41:50 UTC (rev 556)
+++ lighttpd/branches/upstream/current/src/mod_status.c 2011-12-18 18:32:06 UTC (rev 557)
@@ -487,7 +487,7 @@
buffer_append_string_len(b, CONST_STR_LEN("</td><td class=\"int\">"));
- if (con->request.content_length) {
+ if (c->request.content_length) {
buffer_append_long(b, c->request_content_queue->bytes_in);
buffer_append_string_len(b, CONST_STR_LEN("/"));
buffer_append_long(b, c->request.content_length);
Modified: lighttpd/branches/upstream/current/src/mod_userdir.c
===================================================================
--- lighttpd/branches/upstream/current/src/mod_userdir.c 2011-11-30 17:41:50 UTC (rev 556)
+++ lighttpd/branches/upstream/current/src/mod_userdir.c 2011-12-18 18:32:06 UTC (rev 557)
@@ -166,7 +166,6 @@
URIHANDLER_FUNC(mod_userdir_docroot_handler) {
plugin_data *p = p_d;
- int uri_len;
size_t k;
char *rel_url;
#ifdef HAVE_PWD_H
@@ -182,8 +181,6 @@
*/
if (p->conf.path->used == 0) return HANDLER_GO_ON;
- uri_len = con->uri.path->used - 1;
-
/* /~user/foo.html -> /home/user/public_html/foo.html */
if (con->uri.path->ptr[0] != '/' ||
Modified: lighttpd/branches/upstream/current/src/mod_usertrack.c
===================================================================
--- lighttpd/branches/upstream/current/src/mod_usertrack.c 2011-11-30 17:41:50 UTC (rev 556)
+++ lighttpd/branches/upstream/current/src/mod_usertrack.c 2011-12-18 18:32:06 UTC (rev 557)
@@ -8,18 +8,8 @@
#include <stdlib.h>
#include <string.h>
-#ifdef USE_OPENSSL
-# include <openssl/md5.h>
-#else
-# include "md5.h"
+#include "md5.h"
-typedef li_MD5_CTX MD5_CTX;
-#define MD5_Init li_MD5_Init
-#define MD5_Update li_MD5_Update
-#define MD5_Final li_MD5_Final
-
-#endif
-
/* plugin config for all request/connections */
typedef struct {
@@ -182,7 +172,7 @@
plugin_data *p = p_d;
data_string *ds;
unsigned char h[16];
- MD5_CTX Md5Ctx;
+ li_MD5_CTX Md5Ctx;
char hh[32];
if (con->uri.path->used == 0) return HANDLER_GO_ON;
@@ -228,18 +218,18 @@
/* taken from mod_auth.c */
/* generate shared-secret */
- MD5_Init(&Md5Ctx);
- MD5_Update(&Md5Ctx, (unsigned char *)con->uri.path->ptr, con->uri.path->used - 1);
- MD5_Update(&Md5Ctx, (unsigned char *)"+", 1);
+ li_MD5_Init(&Md5Ctx);
+ li_MD5_Update(&Md5Ctx, (unsigned char *)con->uri.path->ptr, con->uri.path->used - 1);
+ li_MD5_Update(&Md5Ctx, (unsigned char *)"+", 1);
/* we assume sizeof(time_t) == 4 here, but if not it ain't a problem at all */
LI_ltostr(hh, srv->cur_ts);
- MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
- MD5_Update(&Md5Ctx, (unsigned char *)srv->entropy, sizeof(srv->entropy));
+ li_MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
+ li_MD5_Update(&Md5Ctx, (unsigned char *)srv->entropy, sizeof(srv->entropy));
LI_ltostr(hh, rand());
- MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
+ li_MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
- MD5_Final(h, &Md5Ctx);
+ li_MD5_Final(h, &Md5Ctx);
buffer_append_string_encoded(ds->value, (char *)h, 16, ENCODING_HEX);
buffer_append_string_len(ds->value, CONST_STR_LEN("; Path=/"));
Modified: lighttpd/branches/upstream/current/src/network.c
===================================================================
--- lighttpd/branches/upstream/current/src/network.c 2011-11-30 17:41:50 UTC (rev 556)
+++ lighttpd/branches/upstream/current/src/network.c 2011-12-18 18:32:06 UTC (rev 557)
@@ -27,6 +27,19 @@
# include <openssl/rand.h>
#endif
+#ifdef USE_OPENSSL
+static void ssl_info_callback(const SSL *ssl, int where, int ret) {
+ UNUSED(ret);
+
+ if (0 != (where & SSL_CB_HANDSHAKE_START)) {
+ connection *con = SSL_get_app_data(ssl);
+ ++con->renegotiations;
+ } else if (0 != (where & SSL_CB_HANDSHAKE_DONE)) {
+ ssl->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
+ }
+}
+#endif
+
static handler_t network_server_handle_fdevent(server *srv, void *context, int revents) {
server_socket *srv_socket = (server_socket *)context;
connection *con;
@@ -480,9 +493,11 @@
network_backend_t backend;
#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
+#ifndef OPENSSL_NO_ECDH
EC_KEY *ecdh;
int nid;
#endif
+#endif
#ifdef USE_OPENSSL
DH *dh;
@@ -553,6 +568,11 @@
/* load SSL certificates */
for (i = 0; i < srv->config_context->used; i++) {
specific_config *s = srv->config_storage[i];
+#ifndef SSL_OP_NO_COMPRESSION
+# define SSL_OP_NO_COMPRESSION 0
+#endif
+ long ssloptions =
+ SSL_OP_ALL | SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION | SSL_OP_NO_COMPRESSION;
if (buffer_is_empty(s->ssl_pemfile)) continue;
@@ -586,6 +606,9 @@
return -1;
}
+ SSL_CTX_set_options(s->ssl_ctx, ssloptions);
+ SSL_CTX_set_info_callback(s->ssl_ctx, ssl_info_callback);
+
if (!s->ssl_use_sslv2) {
/* disable SSLv2 */
if (!(SSL_OP_NO_SSLv2 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv2))) {
@@ -611,6 +634,10 @@
ERR_error_string(ERR_get_error(), NULL));
return -1;
}
+
+ if (s->ssl_honor_cipher_order) {
+ SSL_CTX_set_options(s->ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
+ }
}
/* Support for Diffie-Hellman key exchange */
@@ -847,7 +874,7 @@
return 0;
}
-int network_write_chunkqueue(server *srv, connection *con, chunkqueue *cq) {
+int network_write_chunkqueue(server *srv, connection *con, chunkqueue *cq, off_t max_bytes) {
int ret = -1;
off_t written = 0;
#ifdef TCP_CORK
@@ -855,16 +882,34 @@
#endif
server_socket *srv_socket = con->srv_socket;
- if (con->conf.global_kbytes_per_second &&
- *(con->conf.global_bytes_per_second_cnt_ptr) > con->conf.global_kbytes_per_second * 1024) {
- /* we reached the global traffic limit */
+ if (con->conf.global_kbytes_per_second) {
+ off_t limit = con->conf.global_kbytes_per_second * 1024 - *(con->conf.global_bytes_per_second_cnt_ptr);
+ if (limit <= 0) {
+ /* we reached the global traffic limit */
- con->traffic_limit_reached = 1;
- joblist_append(srv, con);
+ con->traffic_limit_reached = 1;
+ joblist_append(srv, con);
- return 1;
+ return 1;
+ } else {
+ if (max_bytes > limit) max_bytes = limit;
+ }
}
+ if (con->conf.kbytes_per_second) {
+ off_t limit = con->conf.kbytes_per_second * 1024 - con->bytes_written_cur_second;
+ if (limit <= 0) {
+ /* we reached the traffic limit */
+
+ con->traffic_limit_reached = 1;
+ joblist_append(srv, con);
+
+ return 1;
+ } else {
+ if (max_bytes > limit) max_bytes = limit;
+ }
+ }
+
written = cq->bytes_out;
#ifdef TCP_CORK
@@ -879,10 +924,10 @@
if (srv_socket->is_ssl) {
#ifdef USE_OPENSSL
- ret = srv->network_ssl_backend_write(srv, con, con->ssl, cq);
+ ret = srv->network_ssl_backend_write(srv, con, con->ssl, cq, max_bytes);
#endif
} else {
- ret = srv->network_backend_write(srv, con, con->fd, cq);
+ ret = srv->network_backend_write(srv, con, con->fd, cq, max_bytes);
}
if (ret >= 0) {
@@ -903,12 +948,5 @@
*(con->conf.global_bytes_per_second_cnt_ptr) += written;
- if (con->conf.kbytes_per_second &&
- (con->bytes_written_cur_second > con->conf.kbytes_per_second * 1024)) {
- /* we reached the traffic limit */
-
- con->traffic_limit_reached = 1;
- joblist_append(srv, con);
- }
return ret;
}
Modified: lighttpd/branches/upstream/current/src/network.h
===================================================================
--- lighttpd/branches/upstream/current/src/network.h 2011-11-30 17:41:50 UTC (rev 556)
+++ lighttpd/branches/upstream/current/src/network.h 2011-12-18 18:32:06 UTC (rev 557)
@@ -3,7 +3,7 @@
#include "server.h"
-int network_write_chunkqueue(server *srv, connection *con, chunkqueue *c);
+int network_write_chunkqueue(server *srv, connection *con, chunkqueue *c, off_t max_bytes);
int network_init(server *srv);
int network_close(server *srv);
Modified: lighttpd/branches/upstream/current/src/network_backends.h
===================================================================
--- lighttpd/branches/upstream/current/src/network_backends.h 2011-11-30 17:41:50 UTC (rev 556)
+++ lighttpd/branches/upstream/current/src/network_backends.h 2011-12-18 18:32:06 UTC (rev 557)
@@ -47,18 +47,18 @@
#include "base.h"
/* return values:
- * >= 0 : chunks completed
+ * >= 0 : no error
* -1 : error (on our side)
* -2 : remote close
*/
-int network_write_chunkqueue_write(server *srv, connection *con, int fd, chunkqueue *cq);
-int network_write_chunkqueue_writev(server *srv, connection *con, int fd, chunkqueue *cq);
-int network_write_chunkqueue_linuxsendfile(server *srv, connection *con, int fd, chunkqueue *cq);
-int network_write_chunkqueue_freebsdsendfile(server *srv, connection *con, int fd, chunkqueue *cq);
-int network_write_chunkqueue_solarissendfilev(server *srv, connection *con, int fd, chunkqueue *cq);
+int network_write_chunkqueue_write(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes);
+int network_write_chunkqueue_writev(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes);
+int network_write_chunkqueue_linuxsendfile(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes);
+int network_write_chunkqueue_freebsdsendfile(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes);
+int network_write_chunkqueue_solarissendfilev(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes);
#ifdef USE_OPENSSL
-int network_write_chunkqueue_openssl(server *srv, connection *con, SSL *ssl, chunkqueue *cq);
+int network_write_chunkqueue_openssl(server *srv, connection *con, SSL *ssl, chunkqueue *cq, off_t max_bytes);
#endif
#endif
Modified: lighttpd/branches/upstream/current/src/network_freebsd_sendfile.c
===================================================================
--- lighttpd/branches/upstream/current/src/network_freebsd_sendfile.c 2011-11-30 17:41:50 UTC (rev 556)
+++ lighttpd/branches/upstream/current/src/network_freebsd_sendfile.c 2011-12-18 18:32:06 UTC (rev 557)
@@ -31,17 +31,16 @@
# endif
#endif
-int network_write_chunkqueue_freebsdsendfile(server *srv, connection *con, int fd, chunkqueue *cq) {
+int network_write_chunkqueue_freebsdsendfile(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes) {
chunk *c;
- size_t chunks_written = 0;
- for(c = cq->first; c; c = c->next, chunks_written++) {
+ for(c = cq->first; (max_bytes > 0) && (NULL != c); c = c->next) {
int chunk_finished = 0;
switch(c->type) {
case MEM_CHUNK: {
char * offset;
- size_t toSend;
+ off_t toSend;
ssize_t r;
size_t num_chunks, i;
@@ -49,12 +48,10 @@
chunk *tc;
size_t num_bytes = 0;
- /* we can't send more then SSIZE_MAX bytes in one chunk */
-
/* build writev list
*
* 1. limit: num_chunks < UIO_MAXIOV
- * 2. limit: num_bytes < SSIZE_MAX
+ * 2. limit: num_bytes < max_bytes
*/
for(num_chunks = 0, tc = c; tc && tc->type == MEM_CHUNK && num_chunks < UIO_MAXIOV; num_chunks++, tc = tc->next);
@@ -69,9 +66,9 @@
chunks[i].iov_base = offset;
/* protect the return value of writev() */
- if (toSend > SSIZE_MAX ||
- num_bytes + toSend > SSIZE_MAX) {
- chunks[i].iov_len = SSIZE_MAX - num_bytes;
+ if (toSend > max_bytes ||
+ (off_t) num_bytes + toSend > max_bytes) {
+ chunks[i].iov_len = max_bytes - num_bytes;
num_chunks = i + 1;
break;
@@ -105,6 +102,7 @@
/* check which chunks have been written */
cq->bytes_out += r;
+ max_bytes -= r;
for(i = 0, tc = c; i < num_chunks; i++, tc = tc->next) {
if (r >= (ssize_t)chunks[i].iov_len) {
@@ -114,11 +112,10 @@
if (chunk_finished) {
/* skip the chunks from further touches */
- chunks_written++;
c = c->next;
} else {
/* chunks_written + c = c->next is done in the for()*/
- chunk_finished++;
+ chunk_finished = 1;
}
} else {
/* partially written */
@@ -134,7 +131,7 @@
}
case FILE_CHUNK: {
off_t offset, r;
- size_t toSend;
+ off_t toSend;
stat_cache_entry *sce = NULL;
if (HANDLER_ERROR == stat_cache_get_entry(srv, con, c->file.name, &sce)) {
@@ -144,9 +141,8 @@
}
offset = c->file.start + c->offset;
- /* limit the toSend to 2^31-1 bytes in a chunk */
- toSend = c->file.length - c->offset > ((1 << 30) - 1) ?
- ((1 << 30) - 1) : c->file.length - c->offset;
+ toSend = c->file.length - c->offset;
+ if (toSend > max_bytes) toSend = max_bytes;
if (-1 == c->file.fd) {
if (-1 == (c->file.fd = open(c->file.name->ptr, O_RDONLY))) {
@@ -197,6 +193,7 @@
c->offset += r;
cq->bytes_out += r;
+ max_bytes -= r;
if (c->offset == c->file.length) {
chunk_finished = 1;
@@ -218,7 +215,7 @@
}
}
- return chunks_written;
+ return 0;
}
#endif
Modified: lighttpd/branches/upstream/current/src/network_linux_sendfile.c
===================================================================
--- lighttpd/branches/upstream/current/src/network_linux_sendfile.c 2011-11-30 17:41:50 UTC (rev 556)
+++ lighttpd/branches/upstream/current/src/network_linux_sendfile.c 2011-12-18 18:32:06 UTC (rev 557)
@@ -27,17 +27,16 @@
/* on linux 2.4.29 + debian/ubuntu we have crashes if this is enabled */
#undef HAVE_POSIX_FADVISE
-int network_write_chunkqueue_linuxsendfile(server *srv, connection *con, int fd, chunkqueue *cq) {
+int network_write_chunkqueue_linuxsendfile(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes) {
chunk *c;
- size_t chunks_written = 0;
- for(c = cq->first; c; c = c->next, chunks_written++) {
+ for(c = cq->first; (max_bytes > 0) && (NULL != c); c = c->next) {
int chunk_finished = 0;
switch(c->type) {
case MEM_CHUNK: {
char * offset;
- size_t toSend;
+ off_t toSend;
ssize_t r;
size_t num_chunks, i;
@@ -45,12 +44,10 @@
chunk *tc;
size_t num_bytes = 0;
- /* we can't send more then SSIZE_MAX bytes in one chunk */
-
/* build writev list
*
* 1. limit: num_chunks < UIO_MAXIOV
- * 2. limit: num_bytes < SSIZE_MAX
+ * 2. limit: num_bytes < max_bytes
*/
for (num_chunks = 0, tc = c;
tc && tc->type == MEM_CHUNK && num_chunks < UIO_MAXIOV;
@@ -67,9 +64,9 @@
chunks[i].iov_base = offset;
/* protect the return value of writev() */
- if (toSend > SSIZE_MAX ||
- num_bytes + toSend > SSIZE_MAX) {
- chunks[i].iov_len = SSIZE_MAX - num_bytes;
+ if (toSend > max_bytes ||
+ (off_t) num_bytes + toSend > max_bytes) {
+ chunks[i].iov_len = max_bytes - num_bytes;
num_chunks = i + 1;
break;
@@ -100,6 +97,7 @@
/* check which chunks have been written */
cq->bytes_out += r;
+ max_bytes -= r;
for(i = 0, tc = c; i < num_chunks; i++, tc = tc->next) {
if (r >= (ssize_t)chunks[i].iov_len) {
@@ -109,11 +107,10 @@
if (chunk_finished) {
/* skip the chunks from further touches */
- chunks_written++;
c = c->next;
} else {
/* chunks_written + c = c->next is done in the for()*/
- chunk_finished++;
+ chunk_finished = 1;
}
} else {
/* partially written */
@@ -130,13 +127,12 @@
case FILE_CHUNK: {
ssize_t r;
off_t offset;
- size_t toSend;
+ off_t toSend;
stat_cache_entry *sce = NULL;
offset = c->file.start + c->offset;
- /* limit the toSend to 2^31-1 bytes in a chunk */
- toSend = c->file.length - c->offset > ((1 << 30) - 1) ?
- ((1 << 30) - 1) : c->file.length - c->offset;
+ toSend = c->file.length - c->offset;
+ if (toSend > max_bytes) toSend = max_bytes;
/* open file if not already opened */
if (-1 == c->file.fd) {
@@ -215,6 +211,7 @@
c->offset += r;
cq->bytes_out += r;
+ max_bytes -= r;
if (c->offset == c->file.length) {
chunk_finished = 1;
@@ -243,7 +240,7 @@
}
}
- return chunks_written;
+ return 0;
}
#endif
Modified: lighttpd/branches/upstream/current/src/network_openssl.c
===================================================================
--- lighttpd/branches/upstream/current/src/network_openssl.c 2011-11-30 17:41:50 UTC (rev 556)
+++ lighttpd/branches/upstream/current/src/network_openssl.c 2011-12-18 18:32:06 UTC (rev 557)
@@ -27,10 +27,9 @@
# include <openssl/ssl.h>
# include <openssl/err.h>
-int network_write_chunkqueue_openssl(server *srv, connection *con, SSL *ssl, chunkqueue *cq) {
+int network_write_chunkqueue_openssl(server *srv, connection *con, SSL *ssl, chunkqueue *cq, off_t max_bytes) {
int ssl_r;
chunk *c;
- size_t chunks_written = 0;
/* this is a 64k sendbuffer
*
@@ -59,13 +58,13 @@
SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN);
}
- for(c = cq->first; c; c = c->next) {
+ for(c = cq->first; (max_bytes > 0) && (NULL != c); c = c->next) {
int chunk_finished = 0;
switch(c->type) {
case MEM_CHUNK: {
char * offset;
- size_t toSend;
+ off_t toSend;
ssize_t r;
if (c->mem->used == 0 || c->mem->used == 1) {
@@ -75,6 +74,7 @@
offset = c->mem->ptr + c->offset;
toSend = c->mem->used - 1 - c->offset;
+ if (toSend > max_bytes) toSend = max_bytes;
/**
* SSL_write man-page
@@ -87,7 +87,14 @@
*/
ERR_clear_error();
- if ((r = SSL_write(ssl, offset, toSend)) <= 0) {
+ r = SSL_write(ssl, offset, toSend);
+
+ if (con->renegotiations > 1 && con->conf.ssl_disable_client_renegotiation) {
+ log_error_write(srv, __FILE__, __LINE__, "s", "SSL: renegotiation initiated by client");
+ return -1;
+ }
+
+ if (r <= 0) {
unsigned long err;
switch ((ssl_r = SSL_get_error(ssl, r))) {
@@ -139,6 +146,7 @@
} else {
c->offset += r;
cq->bytes_out += r;
+ max_bytes -= r;
}
if (c->offset == (off_t)c->mem->used - 1) {
@@ -168,6 +176,7 @@
do {
off_t offset = c->file.start + c->offset;
off_t toSend = c->file.length - c->offset;
+ if (toSend > max_bytes) toSend = max_bytes;
if (toSend > LOCAL_SEND_BUFSIZE) toSend = LOCAL_SEND_BUFSIZE;
@@ -190,7 +199,14 @@
close(ifd);
ERR_clear_error();
- if ((r = SSL_write(ssl, s, toSend)) <= 0) {
+ r = SSL_write(ssl, s, toSend);
+
+ if (con->renegotiations > 1 && con->conf.ssl_disable_client_renegotiation) {
+ log_error_write(srv, __FILE__, __LINE__, "s", "SSL: renegotiation initiated by client");
+ return -1;
+ }
+
+ if (r <= 0) {
unsigned long err;
switch ((ssl_r = SSL_get_error(ssl, r))) {
@@ -243,12 +259,13 @@
} else {
c->offset += r;
cq->bytes_out += r;
+ max_bytes -= r;
}
if (c->offset == c->file.length) {
chunk_finished = 1;
}
- } while(!chunk_finished && !write_wait);
+ } while (!chunk_finished && !write_wait && max_bytes > 0);
break;
}
@@ -263,11 +280,9 @@
break;
}
-
- chunks_written++;
}
- return chunks_written;
+ return 0;
}
#endif
Modified: lighttpd/branches/upstream/current/src/network_solaris_sendfilev.c
===================================================================
--- lighttpd/branches/upstream/current/src/network_solaris_sendfilev.c 2011-11-30 17:41:50 UTC (rev 556)
+++ lighttpd/branches/upstream/current/src/network_solaris_sendfilev.c 2011-12-18 18:32:06 UTC (rev 557)
@@ -38,17 +38,16 @@
*/
-int network_write_chunkqueue_solarissendfilev(server *srv, connection *con, int fd, chunkqueue *cq) {
+int network_write_chunkqueue_solarissendfilev(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes) {
chunk *c;
- size_t chunks_written = 0;
- for(c = cq->first; c; c = c->next, chunks_written++) {
+ for(c = cq->first; (max_bytes > 0) && (NULL != c); c = c->next) {
int chunk_finished = 0;
switch(c->type) {
case MEM_CHUNK: {
char * offset;
- size_t toSend;
+ off_t toSend;
ssize_t r;
size_t num_chunks, i;
@@ -77,9 +76,9 @@
chunks[i].iov_base = offset;
/* protect the return value of writev() */
- if (toSend > SSIZE_MAX ||
- num_bytes + toSend > SSIZE_MAX) {
- chunks[i].iov_len = SSIZE_MAX - num_bytes;
+ if (toSend > max_bytes ||
+ (off_t) num_bytes + toSend > max_bytes) {
+ chunks[i].iov_len = max_bytes - num_bytes;
num_chunks = i + 1;
break;
@@ -119,11 +118,10 @@
if (chunk_finished) {
/* skip the chunks from further touches */
- chunks_written++;
c = c->next;
} else {
/* chunks_written + c = c->next is done in the for()*/
- chunk_finished++;
+ chunk_finished = 1;
}
} else {
/* partially written */
@@ -139,8 +137,8 @@
}
case FILE_CHUNK: {
ssize_t r;
- off_t offset;
- size_t toSend, written;
+ off_t offset, toSend;
+ size_t written;
sendfilevec_t fvec;
stat_cache_entry *sce = NULL;
int ifd;
@@ -153,6 +151,7 @@
offset = c->file.start + c->offset;
toSend = c->file.length - c->offset;
+ if (toSend > max_bytes) toSend = max_bytes;
if (offset > sce->st.st_size) {
log_error_write(srv, __FILE__, __LINE__, "sb", "file was shrinked:", c->file.name);
@@ -186,6 +185,7 @@
close(ifd);
c->offset += written;
cq->bytes_out += written;
+ max_bytes -= written;
if (c->offset == c->file.length) {
chunk_finished = 1;
@@ -207,7 +207,7 @@
}
}
- return chunks_written;
+ return 0;
}
#endif
Modified: lighttpd/branches/upstream/current/src/network_write.c
===================================================================
--- lighttpd/branches/upstream/current/src/network_write.c 2011-11-30 17:41:50 UTC (rev 556)
+++ lighttpd/branches/upstream/current/src/network_write.c 2011-12-18 18:32:06 UTC (rev 557)
@@ -24,17 +24,16 @@
# include <sys/resource.h>
#endif
-int network_write_chunkqueue_write(server *srv, connection *con, int fd, chunkqueue *cq) {
+int network_write_chunkqueue_write(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes) {
chunk *c;
- size_t chunks_written = 0;
- for(c = cq->first; c; c = c->next) {
+ for(c = cq->first; (max_bytes > 0) && (NULL != c); c = c->next) {
int chunk_finished = 0;
switch(c->type) {
case MEM_CHUNK: {
char * offset;
- size_t toSend;
+ off_t toSend;
ssize_t r;
if (c->mem->used == 0) {
@@ -44,6 +43,8 @@
offset = c->mem->ptr + c->offset;
toSend = c->mem->used - 1 - c->offset;
+ if (toSend > max_bytes) toSend = max_bytes;
+
#ifdef __WIN32
if ((r = send(fd, offset, toSend, 0)) < 0) {
/* no error handling for windows... */
@@ -72,6 +73,7 @@
c->offset += r;
cq->bytes_out += r;
+ max_bytes -= r;
if (c->offset == (off_t)c->mem->used - 1) {
chunk_finished = 1;
@@ -85,7 +87,7 @@
#endif
ssize_t r;
off_t offset;
- size_t toSend;
+ off_t toSend;
stat_cache_entry *sce = NULL;
int ifd;
@@ -98,6 +100,8 @@
offset = c->file.start + c->offset;
toSend = c->file.length - c->offset;
+ if (toSend > max_bytes) toSend = max_bytes;
+
if (offset > sce->st.st_size) {
log_error_write(srv, __FILE__, __LINE__, "sb", "file was shrinked:", c->file.name);
@@ -181,6 +185,7 @@
c->offset += r;
cq->bytes_out += r;
+ max_bytes -= r;
if (c->offset == c->file.length) {
chunk_finished = 1;
@@ -200,11 +205,9 @@
break;
}
-
- chunks_written++;
}
- return chunks_written;
+ return 0;
}
#if 0
Modified: lighttpd/branches/upstream/current/src/network_writev.c
===================================================================
--- lighttpd/branches/upstream/current/src/network_writev.c 2011-11-30 17:41:50 UTC (rev 556)
+++ lighttpd/branches/upstream/current/src/network_writev.c 2011-12-18 18:32:06 UTC (rev 557)
@@ -30,17 +30,16 @@
#define LOCAL_BUFFERING 1
#endif
-int network_write_chunkqueue_writev(server *srv, connection *con, int fd, chunkqueue *cq) {
+int network_write_chunkqueue_writev(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes) {
chunk *c;
- size_t chunks_written = 0;
- for(c = cq->first; c; c = c->next) {
+ for(c = cq->first; (max_bytes > 0) && (NULL != c); c = c->next) {
int chunk_finished = 0;
switch(c->type) {
case MEM_CHUNK: {
char * offset;
- size_t toSend;
+ off_t toSend;
ssize_t r;
size_t num_chunks, i;
@@ -65,12 +64,10 @@
#error "sysconf() doesnt return _SC_IOV_MAX ..., check the output of 'man writev' for the EINVAL error and send the output to jan at kneschke.de"
#endif
- /* we can't send more then SSIZE_MAX bytes in one chunk */
-
/* build writev list
*
* 1. limit: num_chunks < max_chunks
- * 2. limit: num_bytes < SSIZE_MAX
+ * 2. limit: num_bytes < max_bytes
*/
for (num_chunks = 0, tc = c; tc && tc->type == MEM_CHUNK && num_chunks < max_chunks; num_chunks++, tc = tc->next);
@@ -87,9 +84,9 @@
chunks[i].iov_base = offset;
/* protect the return value of writev() */
- if (toSend > SSIZE_MAX ||
- num_bytes + toSend > SSIZE_MAX) {
- chunks[i].iov_len = SSIZE_MAX - num_bytes;
+ if (toSend > max_bytes ||
+ (off_t) num_bytes + toSend > max_bytes) {
+ chunks[i].iov_len = max_bytes - num_bytes;
num_chunks = i + 1;
break;
@@ -121,6 +118,7 @@
}
cq->bytes_out += r;
+ max_bytes -= r;
/* check which chunks have been written */
@@ -132,11 +130,10 @@
if (chunk_finished) {
/* skip the chunks from further touches */
- chunks_written++;
c = c->next;
} else {
/* chunks_written + c = c->next is done in the for()*/
- chunk_finished++;
+ chunk_finished = 1;
}
} else {
/* partially written */
@@ -284,6 +281,8 @@
assert(toSend < 0);
}
+ if (toSend > max_bytes) toSend = max_bytes;
+
#ifdef LOCAL_BUFFERING
start = c->mem->ptr;
#else
@@ -309,6 +308,7 @@
c->offset += r;
cq->bytes_out += r;
+ max_bytes -= r;
if (c->offset == c->file.length) {
chunk_finished = 1;
@@ -334,11 +334,9 @@
break;
}
-
- chunks_written++;
}
- return chunks_written;
+ return 0;
}
#endif
Modified: lighttpd/branches/upstream/current/src/request.c
===================================================================
--- lighttpd/branches/upstream/current/src/request.c 2011-11-30 17:41:50 UTC (rev 556)
+++ lighttpd/branches/upstream/current/src/request.c 2011-12-18 18:32:06 UTC (rev 557)
@@ -49,7 +49,7 @@
if (++colon_cnt > 7) {
return -1;
}
- } else if (!light_isxdigit(*c)) {
+ } else if (!light_isxdigit(*c) && '.' != *c) {
return -1;
}
}
Modified: lighttpd/branches/upstream/current/src/server.c
===================================================================
--- lighttpd/branches/upstream/current/src/server.c 2011-11-30 17:41:50 UTC (rev 556)
+++ lighttpd/branches/upstream/current/src/server.c 2011-12-18 18:32:06 UTC (rev 557)
@@ -1120,6 +1120,14 @@
"s", "fdevent_init failed");
return -1;
}
+
+ /* libev backend overwrites our SIGCHLD handler and calls waitpid on SIGCHLD; we want our own SIGCHLD handling. */
+#ifdef HAVE_SIGACTION
+ sigaction(SIGCHLD, &act, NULL);
+#elif defined(HAVE_SIGNAL)
+ signal(SIGCHLD, signal_handler);
+#endif
+
/*
* kqueue() is called here, select resets its internals,
* all server sockets get their handlers
Modified: lighttpd/branches/upstream/current/src/settings.h
===================================================================
--- lighttpd/branches/upstream/current/src/settings.h 2011-11-30 17:41:50 UTC (rev 556)
+++ lighttpd/branches/upstream/current/src/settings.h 2011-12-18 18:32:06 UTC (rev 557)
@@ -21,8 +21,11 @@
* 64kB (no real reason, just a guess)
*/
#define BUFFER_MAX_REUSE_SIZE (4 * 1024)
-#define MAX_READ_LIMIT (4*1024*1024)
+/* both should be way smaller than SSIZE_MAX :) */
+#define MAX_READ_LIMIT (256*1024)
+#define MAX_WRITE_LIMIT (256*1024)
+
/**
* max size of the HTTP request header
*
Modified: lighttpd/branches/upstream/current/tests/lighttpd.conf
===================================================================
--- lighttpd/branches/upstream/current/tests/lighttpd.conf 2011-11-30 17:41:50 UTC (rev 556)
+++ lighttpd/branches/upstream/current/tests/lighttpd.conf 2011-12-18 18:32:06 UTC (rev 557)
@@ -149,6 +149,7 @@
$HTTP["host"] == "zzz.example.org" {
server.document-root = env.SRCDIR + "/tmp/lighttpd/servers/www.example.org/pages/"
server.name = "zzz.example.org"
+ static-file.disable-pathinfo = "enable"
}
$HTTP["host"] == "symlink.example.org" {
Modified: lighttpd/branches/upstream/current/tests/mod-auth.t
===================================================================
--- lighttpd/branches/upstream/current/tests/mod-auth.t 2011-11-30 17:41:50 UTC (rev 556)
+++ lighttpd/branches/upstream/current/tests/mod-auth.t 2011-12-18 18:32:06 UTC (rev 557)
@@ -8,7 +8,7 @@
use strict;
use IO::Socket;
-use Test::More tests => 14;
+use Test::More tests => 15;
use LightyTest;
my $tf = LightyTest->new();
@@ -25,6 +25,14 @@
$t->{REQUEST} = ( <<EOF
GET /server-status HTTP/1.0
+Authorization: Basic \x80mFuOmphb
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ];
+ok($tf->handle_http($t) == 0, 'Basic-Auth: Invalid base64 Auth-token');
+
+$t->{REQUEST} = ( <<EOF
+GET /server-status HTTP/1.0
Authorization: Basic amFuOmphb
EOF
);
Modified: lighttpd/branches/upstream/current/tests/request.t
===================================================================
--- lighttpd/branches/upstream/current/tests/request.t 2011-11-30 17:41:50 UTC (rev 556)
+++ lighttpd/branches/upstream/current/tests/request.t 2011-12-18 18:32:06 UTC (rev 557)
@@ -8,7 +8,7 @@
use strict;
use IO::Socket;
-use Test::More tests => 44;
+use Test::More tests => 46;
use LightyTest;
my $tf = LightyTest->new();
@@ -413,5 +413,21 @@
$t->{SLOWREQUEST} = 1;
ok($tf->handle_http($t) == 0, 'GET, slow \\r\\n\\r\\n (#2105)');
+print "\nPathinfo for static files\n";
+$t->{REQUEST} = ( <<EOF
+GET /image.jpg/index.php HTTP/1.0
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200, 'Content-Type' => 'image/jpeg' } ];
+ok($tf->handle_http($t) == 0, 'static file accepting pathinfo by default');
+
+$t->{REQUEST} = ( <<EOF
+GET /image.jpg/index.php HTTP/1.0
+Host: zzz.example.org
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 403 } ];
+ok($tf->handle_http($t) == 0, 'static file with forbidden pathinfo');
+
ok($tf->stop_proc == 0, "Stopping lighttpd");
Modified: lighttpd/branches/upstream/current/tests/wrapper.sh
===================================================================
--- lighttpd/branches/upstream/current/tests/wrapper.sh 2011-11-30 17:41:50 UTC (rev 556)
+++ lighttpd/branches/upstream/current/tests/wrapper.sh 2011-12-18 18:32:06 UTC (rev 557)
@@ -6,4 +6,4 @@
top_builddir=$2
export SHELL srcdir top_builddir
-$3
+exec $3
More information about the pkg-lighttpd-maintainers
mailing list