[scons] fix static build to include builtin_mods

[core] cast to fix compiler error in prior commit

[mod_accesslog] %{mask}a to mask/anonymize IP

(thx pmconrad)

IPv4: mask final octet (8 bits) of address
IPv6: mask final 10 octets (80 bits) of address

x-ref:
Enable partial masking of IP addres

[mod_accesslog] %{mask}a to mask/anonymize IP

(thx pmconrad)

IPv4: mask final octet (8 bits) of address
IPv6: mask final 10 octets (80 bits) of address

x-ref:
Enable partial masking of IP addresses in access logs
https://github.com/lighttpd/lighttpd1.4/pull/124
IP masking in Universal Analytics
https://support.google.com/analytics/answer/2763052

github: closes #124

show more ...

[core] use C23 memset_explicit() were available

[mod_extforward] manage remote addr per request (fixes #3192)

manage remote addr per request for HTTP/2 requests,
rather than remote addr per connection.

Modern load balancers often provide options

[mod_extforward] manage remote addr per request (fixes #3192)

manage remote addr per request for HTTP/2 requests,
rather than remote addr per connection.

Modern load balancers often provide options to reuse connections for
*different* clients, and therefore mod_extforward might change the
remote addr per request.

x-ref:
"RFE: mod_extforward and multiplexed requests via HTTP/2"
https://redmine.lighttpd.net/issues/3192
"Evaluation of remote_addr for mod_maxminddb for multiplexed connections"
https://redmine.lighttpd.net/issues/3191

show more ...

[multiple] store ptrs to remote addr in request_st (#3192)

adds two pointers to (request_st *) (cost: 16 bytes in 64-bit builds)

prepares for upcoming changes to mod_extforward to manage remote add

[multiple] store ptrs to remote addr in request_st (#3192)

adds two pointers to (request_st *) (cost: 16 bytes in 64-bit builds)

prepares for upcoming changes to mod_extforward to manage remote addr
per request for HTTP/2 requests, rather than remote addr per connection.

Modern load balancers often provide options to reuse connections for
*different* clients, and therefore mod_extforward might change the
remote addr per request.

x-ref:
"RFE: mod_extforward and multiplexed requests via HTTP/2"
https://redmine.lighttpd.net/issues/3192
"Evaluation of remote_addr for mod_maxminddb for multiplexed connections"
https://redmine.lighttpd.net/issues/3191

show more ...

[mod_maxminddb] check remote IP each request (fixes #3191)

Many load balancers have options to reuse the same connection for
multiple clients, so check remote IP each request to detect if remote IP

[mod_maxminddb] check remote IP each request (fixes #3191)

Many load balancers have options to reuse the same connection for
multiple clients, so check remote IP each request to detect if remote IP
has changed for a subsequent requests on the same connection, e.g. due
to mod_extforward.

x-ref:
"Evaluation of remote_addr for mod_maxminddb for multiplexed connections"
https://redmine.lighttpd.net/issues/3191

show more ...

[core] cache format secs for high prec errlog

cache formatted secs string for high precision errorlog timestamp

[build] skip build separate modules for built-ins

skip building separate modules for built-in modules

Small modules with minimal dependencies are now built-in to lighttpd.
All 12 of these modules h

[build] skip build separate modules for built-ins

skip building separate modules for built-in modules

Small modules with minimal dependencies are now built-in to lighttpd.
All 12 of these modules have a memory footprint that is approximately
the same as 1 single module built as a .dll due to mandatory minimum
binary sections and memory page sizes (4k each).

show more ...

[autotools] chmod u+w configparser.c for lemon

chmod u+w configparser.c for lemon

configparser.c might be created mode 444 and then a subsequent
repeat call to lemon will fail EACCES

This fixes th

[autotools] chmod u+w configparser.c for lemon

chmod u+w configparser.c for lemon

configparser.c might be created mode 444 and then a subsequent
repeat call to lemon will fail EACCES

This fixes that scenario in top level ./packdist.sh script.

show more ...

[core] remove extra HTTP/2 HEADERS frame len check

remove extra HTTP/2 HEADERS frame len check
(now that the check has been added to proper place in prior commit)

[core] fix HTTP/2 HEADERS frame parsing bug

(thx Sig Run for reproduction cases, ASAN logs, valgrind logs)

credit: sig.run https://hackerone.com/sigrun

2023.02.10 edit:
CVE ID assignment requested

[core] fix HTTP/2 HEADERS frame parsing bug

(thx Sig Run for reproduction cases, ASAN logs, valgrind logs)

credit: sig.run https://hackerone.com/sigrun

2023.02.10 edit:
CVE ID assignment requested a few days ago, but id not yet assigned

show more ...

[mod_webdav] send 409 Conflict if PUT miss parent

send 409 Conflict if PUT into parent collection which does not exist

[core] reset path-info for cgi.local-redir

cgi.local-redir occurs in the subrequest handler, by which point
path-info has been set. Since CGI local redir might restart the
request for an entirely d

[core] reset path-info for cgi.local-redir

cgi.local-redir occurs in the subrequest handler, by which point
path-info has been set. Since CGI local redir might restart the
request for an entirely different URL, reset the path info.

Note: mod_rewrite, mod_magnet, and others which may restart the request
do so prior to path-info being set.

path-info is always reset between different requests.

show more ...

[core] path-info in debug trace may be unset

path-info in debug trace (debug.log-request-handling) may be unset

[mod_dirlisting] use fdevent_rename() wrapper

[mod_cgi] cygwin supports CGI file I/O redirection

remove the special-case which disabled this for issue in older cygwin

[autotools] skip modules build if LIGHTTPD_STATIC

[autotools] add mod_evhost to static build list

[core] fdevent_poll_poll avoid potential race

fdevent_poll_poll avoid potential race with pollfds list being extended

[core] gw_backend more precise backend env alloc

remove excess +1 per env string

[core] avoid select() FD_ISSET repeat on active fds

[core] move headers to help isolate fdevent layer

move headers to help isolate fdevent layer from layers above

[core] iOS does not provide netinet/tcp_fsm.h

x-ref:
https://redmine.lighttpd.net/boards/3/topics/10842

[core] disable sendfile() on TARGET_OS_IPHONE

x-ref:
https://redmine.lighttpd.net/boards/3/topics/10842
https://github.com/ndfred/iperf-ios/issues/17
https://github.com/dotnet/runtime/pull/694

[core] disable sendfile() on TARGET_OS_IPHONE

x-ref:
https://redmine.lighttpd.net/boards/3/topics/10842
https://github.com/ndfred/iperf-ios/issues/17
https://github.com/dotnet/runtime/pull/69436

show more ...