Google is doing a the Summer of Code again and I was approached from different sides to participate this year. There is already a lot going on in SVN again working towards a new 1.4.19 release, but for the future we want to attract more developers for more new, great features.

Before I submit the application request I would like to collect some more ideas what we would like to see to be done. At GSoC2008/Ideas I added my short list of projects that I would like to mentor.

If you would like to be a mentor too, please add your own list.

• Documentation improvements
• Integration into web-panels
• maintaining the OpenWRT port

are just some small ideas where we could take help from non-developers.

Part of my ongoing, hidden effort to port lighttpd to glib I can now at least say: it compiles.

Well, mostly. The core does compile and mod_staticfile is also mostly done. Mostly, as I don’t have decided on how to handle the config-file handling yet.

With the first implementation of mod_cml and later mod_magnet smart users asked why we don’t use lua also as config language for lighttpd.

Up to now I was pushing back and saying that a huge change in the configfile would make upgraders very unhappy as they would have to rewrite the config files. Looking at what we have for 1.5.0 right now, we need tweaks anyway.

As part of a weekend project I’m ripping 1.5 apart a bit. I worked with glib for quite some time now and feel the need to replace the base-structures around “buffer” (strings) and “array” (hash) apart and replace it with the glib counter-parts.

To make this a nice experience and that I don’t harm anyone else I imported trunk into a local bzr tree:

to clone the SVN tree.

Let’s see how well that experiment goes.

darix released 1.4.18 which contains a fix for a buffer-overrun in the fastcgi protocol.

Some time passed since the last pre-release, time for an update.

Everyone who runs 1.5.0 already has to upgrade to get fixes several vulnerabilities that got fixed in the 1.4.x branch already.

If this release passes your requirements it will be the last 1.5.0 pre-release. Afterwards we will start the the normal 1.5.x series and will add the missing features in 1.5.1 and later.

Download:
www.lighttpd.net/download/lighttpd-1.5.0-r1992.tar.gz

md5sum: b62e2442ee0f3395844b54385b14397a

Changes

• added native support for mingw32
• added experimental option to compile without glib
• fixed mod_uploadprogress
• fixed endless loop on freebsd-sendfile (#1289)
• fixed compile in IRIX and HP/UX
• fixed hardcoded font-sizes in mod_dirlisting (#1267)
• fixed different ETag length on 32/64 platforms (#1279)
• fixed conditional dir-listing.exclude (#930)
• fixed CONTENT_LENGTH = -1 in mod_cgi (#1276)
• fixed typecast of NULL on execl() (#1235)
• fixed extra Content-Length header on 1xx, 204 and 304 (#1002)
• fixed mysql server reconnects (#518)
• fixed prctl() usage (#1310, #1333)
• fixed FastCGI header overrun in mod_proxy_backend_fastcgi (reported by mattias@secweb.se)
• fixed mem-leak in mod_auth (reported by Stefan Esser)
• fixed crash with md5-sess and cnonce not set in mod_auth (reported by Stefan Esser)
• fixed missing check for base64 encoded string in mod_auth and Basic auth
  (reported by Stefan Esser)
• fixed possible crash in Auth-Digest header parser on trailing WS in
  mod_auth (reported by Stefan Esser)

In changeset 1981 I added a angel process to the lighttpd build. It solves several problems when we have everything running as expected:

• SIGHUP leads to a graceful restart (config reloads)
• SIGINT is graceful shutdown as now
• all unhandled signals lead to a restart of the lighttpd process

Looking at the bug-system a few days ago we had something like 460 bugs open.

Quite a bunch of them were duplicates of the same issue and others were already fixed in the code and just not closed in the bug-system.

Scanning through the bugs I wrote some more test-cases to verify that the reports were valid and along the way at least these bugs got fixed:

  * added dir-listing.set-footer in mod_dirlisting (#1277)
  * fixed hardcoded font-sizes in mod_dirlisting (#1267)
  * fixed different ETag length on 32/64 platforms (#1279)
  * fixed compression of files < 128 bytes by disabling compression (#1241)
  * fixed mysql server reconnects (#518)
  * fixed disabled keep-alive for dynamic content with HTTP/1.0 (#1166)
  * fixed crash on mixed EOL sequences in mod_cgi
  * fixed key compare (#1287)
  * fixed invalid char in header values (#1286)
  * fixed invalid "304 Not Modified" on broken timestamps
  * fixed endless loop on shrinked files with sendfile() on BSD (#1289)
  * fixed counter overrun in ?auto in mod_status (#909)
  * fixed too aggresive caching of nested conditionals (#41)
  * fixed possible overflow in unix-socket path checks on BSD (#713)
  * fixed extra Content-Length header on 1xx, 204 and 304 (#1002)
  * fixed handling of duplicate If-Modified-Since to return 304
  * fixed extracting status code from NPH scripts (#1125)
  * removed config-check if passwd files exist (#1188)

Now the bug-count is at 413, a start.

We had enabled spamfilter in //trac.lighttpd.net/ long ago and it was doing fine blocking lots of spam messages, but I didn’t notice that it blocked some ham messages too by rasing “your ip is blacklisted by sc.surbl.org” error.

I appreciate your help when you try hard clicking the submit button for wiki/tickets and am sorry for blocking you.

I spent some time tweaking karma settings in trac spamfilter recently. It was a bit hard to get what karma is even by asking the ppl in #trac, until i read the source. Anyway, it looks better now, and we’ll keep watching the monitor and see if there’s something mis-blocked, and tweak the settings accordingly. You may also register and login to get pass the spam checking.

You provided feedback. We listened.

Thanks.