PRE-RELEASE: lighttpd-1.5.0-r1992 12

Posted by jan Thu, 06 Sep 2007 20:21:00 GMT

Some time passed since the last pre-release, time for an update.

Everyone who runs 1.5.0 already has to upgrade to get fixes several vulnerabilities that got fixed in the 1.4.x branch already.

If this release passes your requirements it will be the last 1.5.0 pre-release. Afterwards we will start the the normal 1.5.x series and will add the missing features in 1.5.1 and later.

Download: http://www.lighttpd.net/download/lighttpd-1.5.0-r1992.tar.gz

md5sum: b62e2442ee0f3395844b54385b14397a

Changes

  • added native support for mingw32
  • added experimental option to compile without glib
  • fixed mod_uploadprogress
  • fixed endless loop on freebsd-sendfile (#1289)
  • fixed compile in IRIX and HP/UX
  • fixed hardcoded font-sizes in mod_dirlisting (#1267)
  • fixed different ETag length on 32/64 platforms (#1279)
  • fixed conditional dir-listing.exclude (#930)
  • fixed CONTENT_LENGTH = -1 in mod_cgi (#1276)
  • fixed typecast of NULL on execl() (#1235)
  • fixed extra Content-Length header on 1xx, 204 and 304 (#1002)
  • fixed mysql server reconnects (#518)
  • fixed prctl() usage (#1310, #1333)
  • fixed FastCGI header overrun in mod_proxy_backend_fastcgi (reported by mattias@secweb.se)
  • fixed mem-leak in mod_auth (reported by Stefan Esser)
  • fixed crash with md5-sess and cnonce not set in mod_auth (reported by Stefan Esser)
  • fixed missing check for base64 encoded string in mod_auth and Basic auth (reported by Stefan Esser)
  • fixed possible crash in Auth-Digest header parser on trailing WS in mod_auth (reported by Stefan Esser)
Trackbacks

Use the following link to trackback from your own site:
http://blog.lighttpd.net/articles/trackback/4760

Comments

Leave a response

  1. Amr Hamdy Thu, 06 Sep 2007 23:34:45 GMT
    Excellent work ! :) .. by the way "--disable-ipv6" configure option doesn't work .. the lighttpd get ipv6 support even when gibing that option at compile time .. This didn't happen in the previous pre-release :)
  2. mike Fri, 07 Sep 2007 10:52:11 GMT
    Great job! Cant wait to compile and check uploadprogress!!!
  3. Amr Hamdy Fri, 07 Sep 2007 16:30:11 GMT
    I've compiled this release on CentOS 5, 2.6.18-8.1.8.el5 SMP x86_64 , on a DELL PowerEdge 2900 server .. and it really cause frequent kernel panics .. The kernel stopped to panic when I went pack to version 1.4.17 ..
  4. Kevin Worthington Sat, 08 Sep 2007 05:16:44 GMT
    I built binary and source RPMs for this pre-release on CentOS 4, CentOS 5, and Fedora 7. The CentOS RPMs will also work on RedHat Enterprise Linux 4 & 5. Read my announcement here: https://www.kevinworthington.com/index.php/2007/09/08/pre-release-lighttpd-150-r1992-redhatcentos-4-5-fedora-7-rpms/
  5. Alex Gao Sun, 09 Sep 2007 08:52:47 GMT
    Greate work! I'll upgrade my server this week. BTW, the mod_secdownload is such good thing which let kick off those bandwidth thief from china who using download client called "thunder"(Google China even invests this f*ck company).
  6. Doug Sun, 09 Sep 2007 14:53:20 GMT
    How does LighTTPD compare to NGINX? Compare as in memory usage, speed, configuration, features.
  7. Pete Sun, 09 Sep 2007 19:14:06 GMT
    I'm really excited about this release, but it doesn't want to build on my MacBook Pro (running Tiger).

    It fails trying to build mod_status, with this error:

    /usr/bin/ld: Undefined symbols:
    _network_get_backend_info_by_type
    _network_get_backends Googling for this hasn't turned up any results. Any ideas?
  8. Gary Mon, 10 Sep 2007 02:34:51 GMT
    Will the final 1.5 have support for ssl.verify.peer etc? Thanks.
  9. ServerTweak.com Tue, 11 Sep 2007 02:16:24 GMT
    Excellent work Jan and the rest of the developers committing. I look forward to trying out this test release :D
  10. robin Fri, 14 Sep 2007 16:26:01 GMT
    I had the same undefined symbol problem as Pete. should network.c be included in "common_src" instead of "src" in Makefile.am?
  11. Bisente Thu, 20 Sep 2007 17:44:42 GMT
    I've built packages for Debian Sarge (should work in Etch also, I guess). They're available here: http://www.bisente.com/blog/2007/09/20/lighttpd-150-svn-r1992-debian-sarge/?lan=english
  12. kk Sat, 22 Sep 2007 13:11:18 GMT
    In lighttpd-1.5.0-r1992, is it thread-safe to joblist_append() in the joblist_queue_thread while the main thread switching srv-joblist and srv-joblist_prev?
Comments