lighty developer blog¶

September 9, 2007
in lighttpd-release
1 min read

ANNOUNCE: lighttpd 1.4.18

darix released 1.4.18 which contains a fix for a buffer-overrun in the fastcgi protocol.

Please head over there for more information and comments.

September 6, 2007
in lighttpd-prerelease
1 min read

PRE-RELEASE: lighttpd-1.5.0-r1992

Some time passed since the last pre-release, time for an update.

Everyone who runs 1.5.0 already has to upgrade to get fixes several vulnerabilities that got fixed in the 1.4.x branch already.

If this release passes your requirements it will be the last 1.5.0 pre-release. Afterwards we will start the the normal 1.5.x series and will add the missing features in 1.5.1 and later.

Changes

added native support for mingw32
added experimental option to compile without glib
fixed mod_uploadprogress
fixed endless loop on freebsd-sendfile (#1289)
fixed compile in IRIX and HP/UX
fixed hardcoded font-sizes in mod_dirlisting (#1267)
fixed different ETag length on 32/64 platforms (#1279)
fixed conditional dir-listing.exclude (#930)
fixed CONTENT_LENGTH = –1 in mod_cgi (#1276)
fixed typecast of NULL on execl() (#1235)
fixed extra Content-Length header on 1xx, 204 and 304 (#1002)
fixed mysql server reconnects (#518)
fixed prctl() usage (#1310, #1333)
fixed FastCGI header overrun in mod_proxy_backend_fastcgi (reported by mattias@secweb.se)
fixed mem-leak in mod_auth (reported by Stefan Esser)
fixed crash with md5-sess and cnonce not set in mod_auth (reported by Stefan Esser)
fixed missing check for base64 encoded string in mod_auth and Basic auth (reported by Stefan Esser)
fixed possible crash in Auth-Digest header parser on trailing WS in mod_auth (reported by Stefan Esser)

September 2, 2007
in development
1 min read

There is an Angel for lighty

In changeset r1981 I added a angel process to the lighttpd build. It solves several problems when we have everything running as expected:

SIGHUP leads to a graceful restart (config reloads)
SIGINT is graceful shutdown as now
all unhandled signals lead to a restart of the lighttpd process

August 28, 2007
in development
1 min read

lighttpd at the Kieler LinuxTage

I’ll give a presentation on lighttpd at the Kieler Linuxtage on September 8th, 2007. I’ll talk about lighttpd, its past and future, the special modules and performance.

I will also try to give some content to the un-conference going on at the same time. Perhaps some MySQL Proxy stuff?

August 18, 2007
in development
1 min read

Bug fixing marathon

Looking at the bug-system a few days ago we had something like 460 bugs open.

Quite a bunch of them were duplicates of the same issue and others were already fixed in the code and just not closed in the bug-system.

Scanning through the bugs I wrote some more test-cases to verify that the reports were valid and along the way at least these bugs got fixed:

added dir-listing.set-footer in mod_dirlisting (#1277)
fixed hardcoded font-sizes in mod_dirlisting (#1267)
fixed different ETag length on 32/64 platforms (#1279)
fixed compression of files < 128 bytes by disabling compression (#1241)
fixed mysql server reconnects (#518)
fixed disabled keep-alive for dynamic content with HTTP/1.0 (#1166)
fixed crash on mixed EOL sequences in mod_cgi
fixed key compare (#1287)
fixed invalid char in header values (#1286)
fixed invalid “304 Not Modified” on broken timestamps
fixed endless loop on shrinked files with sendfile() on BSD (#1289)
fixed counter overrun in ?auto in mod_status (#909)
fixed too aggresive caching of nested conditionals (#41)
fixed possible overflow in unix-socket path checks on BSD (#713)
fixed extra Content-Length header on 1xx, 204 and 304 (#1002)
fixed handling of duplicate If-Modified-Since to return 304
fixed extracting status code from NPH scripts (#1125)
removed config-check if passwd files exist (#1188)

Now the bug-count is at 413, a start.

August 8, 2007
in hosting
1 min read

spamfilter on the right track now

We had enabled spamfilter in trac.lighttpd.net long ago and it was doing fine blocking lots of spam messages, but I didn’t notice that it blocked some ham messages too by rasing “your ip is blacklisted by sc.surbl.org” error.

I appreciate your help when you try hard clicking the submit button for wiki/tickets and am sorry for blocking you.

I spent some time tweaking karma settings in trac spamfilter recently. It was a bit hard to get what karma is even by asking the ppl in #trac, until i read the source. Anyway, it looks better now, and we’ll keep watching the monitor and see if there’s something mis-blocked, and tweak the settings accordingly. You may also register and login to get pass the spam checking.

You provided feedback. We listened.

Thanks.

August 1, 2007
in lighttpd-release
1 min read

ANNOUNCE: lighttpd 1.4.16

darix released a bug-fix release for 1.4.x

https://www.lighttpd.net/2007/7/24/1-4-16-let-s-ship-it/

It contains fixes for crashing bugs discovered by over the last weeks and we encourage to upgrade from earlier releases to 1.4.16. Especially lighttpd-SA2007-03 should convince you to upgrade. It can crash all lighttpd 1.4.x releases. In 1.5.0 this is fixed as we replace the parser by a generated one and replacing the hand-crafted one in 1.4.x.

Please head over there for more information and comments.

May 21, 2007
in lighttpd-prerelease
1 min read

PRE-RELEASE: lighttpd-1.5.0-r1857.tar.gz

Baby-steps, …

As we are running this release on lighttpd.net it is time to push it out to more testers.

Changes:

mod-proxy-core
added support to rewrite PATHINFO and SCRIPTNAME
fixed setenv.environment support
fixed random crashes
fixed keep-alive announcement if keep-alive is disabled
fixed handling of status 304 from the backends
fixed handling of trailing CRLF after a KeepAlive POST
fixed the output of lighttpd -p to result in a real configfile
fixed loading of default modules if they are explicitly specified

May 10, 2007
in development
1 min read

lighttpd at the PHP Unconference 2007

Last weekend I was at the PHP Unconference and gave a talk about lighttpd. Perhaps we will see a mod_auth_backend_openid in the near future …

A nice small unconference with some nice non-talks about Tagging and University meets Business. While the quantity of attendance was a bit low, the quality was high.

Anyway, my talk covers lighttpd, 1.5.0 and the cool modules around flv, secdownload, … and is available as PDF and SWF

May 9, 2007
in hosting
1 min read

lighttpd.net runs on 1.5.0

All the lighttpd.net domains (blog, trac, www, xcache, upload, …) are now running lighttpd 1.5.0-trunk. It took some debugging to sort out problems with the way trac wants to handle PATH_INFO r1841 and how ruby handles fastcgi-keepalive requests via Unix-Sockets r1850 + r1849.

In case you see that one of the sites is down, ping me (weigon) on IRC. The server is running in valgrind and should provide enough information to fix the problem.