]> TLD Linux GIT Repositories - packages/lighttpd.git/commitdiff
- PLD merge
authorMarcin Krol <hawk@tld-linux.org>
Wed, 13 Apr 2016 08:11:04 +0000 (08:11 +0000)
committerMarcin Krol <hawk@tld-linux.org>
Wed, 13 Apr 2016 08:11:04 +0000 (08:11 +0000)
env-documentroot.patch
lighttpd-branch.diff [deleted file]
lighttpd-branding.patch
lighttpd.init
lighttpd.spec

index eea738e248916ea92c21df69e2cf8a0b35d3eebd..e225dc3e26e9f18548cc64f060151c43434d2279 100644 (file)
@@ -2,16 +2,14 @@ revert:
 
 -  * [*cgi] Use physical base dir (alias, userdir) as DOCUMENT_ROOT in cgi environments (fixes #2216)
  
-Index: src/mod_fastcgi.c
-===================================================================
---- src/mod_fastcgi.c  (revision 2794)
-+++ src/mod_fastcgi.c  (revision 2793)
-@@ -1968,7 +1968,7 @@
-                       if (!buffer_is_empty(host->docroot)) {
-                               buffer_copy_string_buffer(p->path, host->docroot);
+--- lighttpd-1.4.36/src/mod_fastcgi.c~ 2015-07-26 18:30:29.000000000 +0300
++++ lighttpd-1.4.36/src/mod_fastcgi.c  2015-07-26 18:31:50.285226477 +0300
+@@ -1918,7 +1918,7 @@
+                       if (!buffer_string_is_empty(host->docroot)) {
+                               buffer_copy_buffer(p->path, host->docroot);
                        } else {
--                              buffer_copy_string_buffer(p->path, con->physical.basedir);
-+                              buffer_copy_string_buffer(p->path, con->physical.doc_root);
+-                              buffer_copy_buffer(p->path, con->physical.basedir);
++                              buffer_copy_buffer(p->path, con->physical.doc_root);
                        }
                        buffer_append_string_buffer(p->path, con->request.pathinfo);
                        FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("PATH_TRANSLATED"), CONST_BUF_LEN(p->path)),con)
@@ -24,24 +22,22 @@ Index: src/mod_fastcgi.c
        }
  
        if (host->strip_request_uri->used > 1) {
-@@ -3273,7 +3273,6 @@
+@@ -3108,7 +3108,6 @@
                                 */
  
-                               buffer_copy_string_buffer(con->physical.doc_root, host->docroot);
--                              buffer_copy_string_buffer(con->physical.basedir, host->docroot);
+                               buffer_copy_buffer(con->physical.doc_root, host->docroot);
+-                              buffer_copy_buffer(con->physical.basedir, host->docroot);
  
-                               buffer_copy_string_buffer(con->physical.path, host->docroot);
+                               buffer_copy_buffer(con->physical.path, host->docroot);
                                buffer_append_string_buffer(con->physical.path, con->uri.path);
-Index: src/mod_scgi.c
-===================================================================
---- src/mod_scgi.c     (revision 2794)
-+++ src/mod_scgi.c     (revision 2793)
-@@ -1558,7 +1558,7 @@
-               if (!buffer_is_empty(host->docroot)) {
-                       buffer_copy_string_buffer(p->path, host->docroot);
+--- lighttpd-1.4.36/src/mod_scgi.c~    2015-07-26 18:30:29.000000000 +0300
++++ lighttpd-1.4.36/src/mod_scgi.c     2015-07-26 18:33:12.406160926 +0300
+@@ -1547,7 +1547,7 @@
+               if (!buffer_string_is_empty(host->docroot)) {
+                       buffer_copy_buffer(p->path, host->docroot);
                } else {
--                      buffer_copy_string_buffer(p->path, con->physical.basedir);
-+                      buffer_copy_string_buffer(p->path, con->physical.doc_root);
+-                      buffer_copy_buffer(p->path, con->physical.basedir);
++                      buffer_copy_buffer(p->path, con->physical.doc_root);
                }
                buffer_append_string_buffer(p->path, con->request.pathinfo);
                scgi_env_add(p->scgi_env, CONST_STR_LEN("PATH_TRANSLATED"), CONST_BUF_LEN(p->path));
@@ -56,8 +52,8 @@ Index: src/mod_scgi.c
        if (!buffer_is_equal(con->request.uri, con->request.orig_uri)) {
 Index: src/mod_cgi.c
 ===================================================================
---- src/mod_cgi.c      (revision 2794)
-+++ src/mod_cgi.c      (revision 2793)
+--- ./src/mod_cgi.c    (revision 2794)
++++ ./src/mod_cgi.c    (revision 2793)
 @@ -928,7 +928,7 @@
                cgi_env_add(&env, CONST_STR_LEN("CONTENT_LENGTH"), buf, strlen(buf));
                cgi_env_add(&env, CONST_STR_LEN("SCRIPT_FILENAME"), CONST_BUF_LEN(con->physical.path));
diff --git a/lighttpd-branch.diff b/lighttpd-branch.diff
deleted file mode 100644 (file)
index 76f06ce..0000000
+++ /dev/null
@@ -1,1957 +0,0 @@
-# Revision 2815
-Index: src/http_auth_digest.c
-===================================================================
---- src/http_auth_digest.c     (.../tags/lighttpd-1.4.29)
-+++ src/http_auth_digest.c     (.../branches/lighttpd-1.4.x)
-@@ -1,26 +0,0 @@
--#include "buffer.h"
--
--#include "http_auth_digest.h"
--
--#include <string.h>
--
--#ifndef USE_OPENSSL
--# include "md5.h"
--
--typedef li_MD5_CTX MD5_CTX;
--#define MD5_Init li_MD5_Init
--#define MD5_Update li_MD5_Update
--#define MD5_Final li_MD5_Final
--
--#endif
--
--void CvtHex(IN HASH Bin, OUT HASHHEX Hex) {
--      unsigned short i;
--
--      for (i = 0; i < HASHLEN; i++) {
--              Hex[i*2] = int2hex((Bin[i] >> 4) & 0xf);
--              Hex[i*2+1] = int2hex(Bin[i] & 0xf);
--      }
--      Hex[HASHHEXLEN] = '\0';
--}
--
-Index: src/http_auth_digest.h
-===================================================================
---- src/http_auth_digest.h     (.../tags/lighttpd-1.4.29)
-+++ src/http_auth_digest.h     (.../branches/lighttpd-1.4.x)
-@@ -1,24 +0,0 @@
--#ifndef _DIGCALC_H_
--#define _DIGCALC_H_
--
--#ifdef HAVE_CONFIG_H
--# include "config.h"
--#endif
--
--#define HASHLEN 16
--typedef unsigned char HASH[HASHLEN];
--#define HASHHEXLEN 32
--typedef char HASHHEX[HASHHEXLEN+1];
--#ifdef USE_OPENSSL
--#define IN const
--#else
--#define IN
--#endif
--#define OUT
--
--void CvtHex(
--    IN HASH Bin,
--    OUT HASHHEX Hex
--    );
--
--#endif
-Index: src/network_write.c
-===================================================================
---- src/network_write.c        (.../tags/lighttpd-1.4.29)
-+++ src/network_write.c        (.../branches/lighttpd-1.4.x)
-@@ -24,17 +24,16 @@
- # include <sys/resource.h>
- #endif
--int network_write_chunkqueue_write(server *srv, connection *con, int fd, chunkqueue *cq) {
-+int network_write_chunkqueue_write(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes) {
-       chunk *c;
--      size_t chunks_written = 0;
--      for(c = cq->first; c; c = c->next) {
-+      for(c = cq->first; (max_bytes > 0) && (NULL != c); c = c->next) {
-               int chunk_finished = 0;
-               switch(c->type) {
-               case MEM_CHUNK: {
-                       char * offset;
--                      size_t toSend;
-+                      off_t toSend;
-                       ssize_t r;
-                       if (c->mem->used == 0) {
-@@ -44,6 +43,8 @@
-                       offset = c->mem->ptr + c->offset;
-                       toSend = c->mem->used - 1 - c->offset;
-+                      if (toSend > max_bytes) toSend = max_bytes;
-+
- #ifdef __WIN32
-                       if ((r = send(fd, offset, toSend, 0)) < 0) {
-                               /* no error handling for windows... */
-@@ -72,6 +73,7 @@
-                       c->offset += r;
-                       cq->bytes_out += r;
-+                      max_bytes -= r;
-                       if (c->offset == (off_t)c->mem->used - 1) {
-                               chunk_finished = 1;
-@@ -85,7 +87,7 @@
- #endif
-                       ssize_t r;
-                       off_t offset;
--                      size_t toSend;
-+                      off_t toSend;
-                       stat_cache_entry *sce = NULL;
-                       int ifd;
-@@ -98,6 +100,8 @@
-                       offset = c->file.start + c->offset;
-                       toSend = c->file.length - c->offset;
-+                      if (toSend > max_bytes) toSend = max_bytes;
-+
-                       if (offset > sce->st.st_size) {
-                               log_error_write(srv, __FILE__, __LINE__, "sb", "file was shrinked:", c->file.name);
-@@ -181,6 +185,7 @@
-                       c->offset += r;
-                       cq->bytes_out += r;
-+                      max_bytes -= r;
-                       if (c->offset == c->file.length) {
-                               chunk_finished = 1;
-@@ -200,11 +205,9 @@
-                       break;
-               }
--
--              chunks_written++;
-       }
--      return chunks_written;
-+      return 0;
- }
- #if 0
-Index: src/mod_secure_download.c
-===================================================================
---- src/mod_secure_download.c  (.../tags/lighttpd-1.4.29)
-+++ src/mod_secure_download.c  (.../branches/lighttpd-1.4.x)
-@@ -8,18 +8,8 @@
- #include <stdlib.h>
- #include <string.h>
--#ifdef USE_OPENSSL
--# include <openssl/md5.h>
--#else
--# include "md5.h"
-+#include "md5.h"
--typedef li_MD5_CTX MD5_CTX;
--#define MD5_Init li_MD5_Init
--#define MD5_Update li_MD5_Update
--#define MD5_Final li_MD5_Final
--
--#endif
--
- #define HASHLEN 16
- typedef unsigned char HASH[HASHLEN];
- #define HASHHEXLEN 32
-@@ -200,7 +190,7 @@
- URIHANDLER_FUNC(mod_secdownload_uri_handler) {
-       plugin_data *p = p_d;
--      MD5_CTX Md5Ctx;
-+      li_MD5_CTX Md5Ctx;
-       HASH HA1;
-       const char *rel_uri, *ts_str, *md5_str;
-       time_t ts = 0;
-@@ -266,9 +256,9 @@
-       buffer_append_string(p->md5, rel_uri);
-       buffer_append_string_len(p->md5, ts_str, 8);
--      MD5_Init(&Md5Ctx);
--      MD5_Update(&Md5Ctx, (unsigned char *)p->md5->ptr, p->md5->used - 1);
--      MD5_Final(HA1, &Md5Ctx);
-+      li_MD5_Init(&Md5Ctx);
-+      li_MD5_Update(&Md5Ctx, (unsigned char *)p->md5->ptr, p->md5->used - 1);
-+      li_MD5_Final(HA1, &Md5Ctx);
-       buffer_copy_string_hex(p->md5, (char *)HA1, 16);
-Index: src/base.h
-===================================================================
---- src/base.h (.../tags/lighttpd-1.4.29)
-+++ src/base.h (.../branches/lighttpd-1.4.x)
-@@ -277,6 +277,7 @@
-       buffer *ssl_cipher_list;
-       buffer *ssl_dh_file;
-       buffer *ssl_ec_curve;
-+      unsigned short ssl_honor_cipher_order; /* determine SSL cipher in server-preferred order, not client-order */
-       unsigned short ssl_use_sslv2;
-       unsigned short ssl_use_sslv3;
-       unsigned short ssl_verifyclient;
-@@ -284,6 +285,7 @@
-       unsigned short ssl_verifyclient_depth;
-       buffer *ssl_verifyclient_username;
-       unsigned short ssl_verifyclient_export_cert;
-+      unsigned short ssl_disable_client_renegotiation;
-       unsigned short use_ipv6, set_v6only; /* set_v6only is only a temporary option */
-       unsigned short defer_accept;
-@@ -437,6 +439,7 @@
- # ifndef OPENSSL_NO_TLSEXT
-       buffer *tlsext_server_name;
- # endif
-+      unsigned int renegotiations; /* count of SSL_CB_HANDSHAKE_START */
- #endif
-       /* etag handling */
-       etag_flags_t etag_flags;
-@@ -647,11 +650,9 @@
-       fdevent_handler_t event_handler;
--      int (* network_backend_write)(struct server *srv, connection *con, int fd, chunkqueue *cq);
--      int (* network_backend_read)(struct server *srv, connection *con, int fd, chunkqueue *cq);
-+      int (* network_backend_write)(struct server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes);
- #ifdef USE_OPENSSL
--      int (* network_ssl_backend_write)(struct server *srv, connection *con, SSL *ssl, chunkqueue *cq);
--      int (* network_ssl_backend_read)(struct server *srv, connection *con, SSL *ssl, chunkqueue *cq);
-+      int (* network_ssl_backend_write)(struct server *srv, connection *con, SSL *ssl, chunkqueue *cq, off_t max_bytes);
- #endif
-       uid_t uid;
-Index: src/connections.c
-===================================================================
---- src/connections.c  (.../tags/lighttpd-1.4.29)
-+++ src/connections.c  (.../branches/lighttpd-1.4.x)
-@@ -223,6 +223,12 @@
-               len = SSL_read(con->ssl, b->ptr + read_offset, toread);
-+              if (con->renegotiations > 1 && con->conf.ssl_disable_client_renegotiation) {
-+                      connection_set_state(srv, con, CON_STATE_ERROR);
-+                      log_error_write(srv, __FILE__, __LINE__, "s", "SSL: renegotiation initiated by client");
-+                      return -1;
-+              }
-+
-               if (len > 0) {
-                       if (b->used > 0) b->used--;
-                       b->used += len;
-@@ -445,6 +451,7 @@
-               default:
-                       switch(con->http_status) {
-                       case 400: /* bad request */
-+                      case 401: /* authorization required */
-                       case 414: /* overload request header */
-                       case 505: /* unknown protocol */
-                       case 207: /* this was webdav */
-@@ -617,8 +624,9 @@
- }
- static int connection_handle_write(server *srv, connection *con) {
--      switch(network_write_chunkqueue(srv, con, con->write_queue)) {
-+      switch(network_write_chunkqueue(srv, con, con->write_queue, MAX_WRITE_LIMIT)) {
-       case 0:
-+              con->write_request_ts = srv->cur_ts;
-               if (con->file_finished) {
-                       connection_set_state(srv, con, CON_STATE_RESPONSE_END);
-                       joblist_append(srv, con);
-@@ -635,6 +643,7 @@
-               joblist_append(srv, con);
-               break;
-       case 1:
-+              con->write_request_ts = srv->cur_ts;
-               con->is_writable = 0;
-               /* not finished yet -> WRITE */
-@@ -1251,8 +1260,6 @@
-                       log_error_write(srv, __FILE__, __LINE__, "ds",
-                                       con->fd,
-                                       "handle write failed.");
--              } else if (con->state == CON_STATE_WRITE) {
--                      con->write_request_ts = srv->cur_ts;
-               }
-       }
-@@ -1352,6 +1359,7 @@
-                               return NULL;
-                       }
-+                      con->renegotiations = 0;
- #ifndef OPENSSL_NO_TLSEXT
-                       SSL_set_app_data(con->ssl, con);
- #endif
-@@ -1667,8 +1675,6 @@
-                                                       con->fd,
-                                                       "handle write failed.");
-                                       connection_set_state(srv, con, CON_STATE_ERROR);
--                              } else if (con->state == CON_STATE_WRITE) {
--                                      con->write_request_ts = srv->cur_ts;
-                               }
-                       }
-Index: src/mod_staticfile.c
-===================================================================
---- src/mod_staticfile.c       (.../tags/lighttpd-1.4.29)
-+++ src/mod_staticfile.c       (.../branches/lighttpd-1.4.x)
-@@ -26,6 +26,7 @@
- typedef struct {
-       array *exclude_ext;
-       unsigned short etags_used;
-+      unsigned short disable_pathinfo;
- } plugin_config;
- typedef struct {
-@@ -84,6 +85,7 @@
-       config_values_t cv[] = {
-               { "static-file.exclude-extensions", NULL, T_CONFIG_ARRAY, T_CONFIG_SCOPE_CONNECTION },       /* 0 */
-               { "static-file.etags",    NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 1 */
-+              { "static-file.disable-pathinfo", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 2 */
-               { NULL,                         NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
-       };
-@@ -97,9 +99,11 @@
-               s = calloc(1, sizeof(plugin_config));
-               s->exclude_ext    = array_init();
-               s->etags_used     = 1;
-+              s->disable_pathinfo = 0;
-               cv[0].destination = s->exclude_ext;
-               cv[1].destination = &(s->etags_used);
-+              cv[2].destination = &(s->disable_pathinfo);
-               p->config_storage[i] = s;
-@@ -119,6 +123,7 @@
-       PATCH(exclude_ext);
-       PATCH(etags_used);
-+      PATCH(disable_pathinfo);
-       /* skip the first, the global context */
-       for (i = 1; i < srv->config_context->used; i++) {
-@@ -136,7 +141,9 @@
-                               PATCH(exclude_ext);
-                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("static-file.etags"))) {
-                               PATCH(etags_used);
--                      } 
-+                      } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("static-file.disable-pathinfo"))) {
-+                              PATCH(disable_pathinfo);
-+                      }
-               }
-       }
-@@ -350,7 +357,6 @@
- URIHANDLER_FUNC(mod_staticfile_subrequest) {
-       plugin_data *p = p_d;
-       size_t k;
--      int s_len;
-       stat_cache_entry *sce = NULL;
-       buffer *mtime = NULL;
-       data_string *ds;
-@@ -376,7 +382,12 @@
-       mod_staticfile_patch_connection(srv, con, p);
--      s_len = con->uri.path->used - 1;
-+      if (p->conf.disable_pathinfo && 0 != con->request.pathinfo->used) {
-+              if (con->conf.log_request_handling) {
-+                      log_error_write(srv, __FILE__, __LINE__,  "s",  "-- NOT handling file as static file, pathinfo forbidden");
-+              }
-+              return HANDLER_GO_ON;
-+      }
-       /* ignore certain extensions */
-       for (k = 0; k < p->conf.exclude_ext->used; k++) {
-Index: src/network.c
-===================================================================
---- src/network.c      (.../tags/lighttpd-1.4.29)
-+++ src/network.c      (.../branches/lighttpd-1.4.x)
-@@ -27,6 +27,19 @@
- # include <openssl/rand.h>
- #endif
-+#ifdef USE_OPENSSL
-+static void ssl_info_callback(const SSL *ssl, int where, int ret) {
-+      UNUSED(ret);
-+
-+      if (0 != (where & SSL_CB_HANDSHAKE_START)) {
-+              connection *con = SSL_get_app_data(ssl);
-+              ++con->renegotiations;
-+      } else if (0 != (where & SSL_CB_HANDSHAKE_DONE)) {
-+              ssl->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
-+      }
-+}
-+#endif
-+
- static handler_t network_server_handle_fdevent(server *srv, void *context, int revents) {
-       server_socket *srv_socket = (server_socket *)context;
-       connection *con;
-@@ -480,9 +493,11 @@
-       network_backend_t backend;
- #if OPENSSL_VERSION_NUMBER >= 0x0090800fL
-+#ifndef OPENSSL_NO_ECDH
-       EC_KEY *ecdh;
-       int nid;
- #endif
-+#endif
- #ifdef USE_OPENSSL
-       DH *dh;
-@@ -553,6 +568,11 @@
-       /* load SSL certificates */
-       for (i = 0; i < srv->config_context->used; i++) {
-               specific_config *s = srv->config_storage[i];
-+#ifndef SSL_OP_NO_COMPRESSION
-+# define SSL_OP_NO_COMPRESSION 0
-+#endif
-+              long ssloptions =
-+                      SSL_OP_ALL | SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION | SSL_OP_NO_COMPRESSION;
-               if (buffer_is_empty(s->ssl_pemfile)) continue;
-@@ -586,6 +606,9 @@
-                       return -1;
-               }
-+              SSL_CTX_set_options(s->ssl_ctx, ssloptions);
-+              SSL_CTX_set_info_callback(s->ssl_ctx, ssl_info_callback);
-+
-               if (!s->ssl_use_sslv2) {
-                       /* disable SSLv2 */
-                       if (!(SSL_OP_NO_SSLv2 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv2))) {
-@@ -611,6 +634,10 @@
-                                               ERR_error_string(ERR_get_error(), NULL));
-                               return -1;
-                       }
-+
-+                      if (s->ssl_honor_cipher_order) {
-+                              SSL_CTX_set_options(s->ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
-+                      }
-               }
-               /* Support for Diffie-Hellman key exchange */
-@@ -847,7 +874,7 @@
-       return 0;
- }
--int network_write_chunkqueue(server *srv, connection *con, chunkqueue *cq) {
-+int network_write_chunkqueue(server *srv, connection *con, chunkqueue *cq, off_t max_bytes) {
-       int ret = -1;
-       off_t written = 0;
- #ifdef TCP_CORK
-@@ -855,16 +882,34 @@
- #endif
-       server_socket *srv_socket = con->srv_socket;
--      if (con->conf.global_kbytes_per_second &&
--          *(con->conf.global_bytes_per_second_cnt_ptr) > con->conf.global_kbytes_per_second * 1024) {
--              /* we reached the global traffic limit */
-+      if (con->conf.global_kbytes_per_second) {
-+              off_t limit = con->conf.global_kbytes_per_second * 1024 - *(con->conf.global_bytes_per_second_cnt_ptr);
-+              if (limit <= 0) {
-+                      /* we reached the global traffic limit */
--              con->traffic_limit_reached = 1;
--              joblist_append(srv, con);
-+                      con->traffic_limit_reached = 1;
-+                      joblist_append(srv, con);
--              return 1;
-+                      return 1;
-+              } else {
-+                      if (max_bytes > limit) max_bytes = limit;
-+              }
-       }
-+      if (con->conf.kbytes_per_second) {
-+              off_t limit = con->conf.kbytes_per_second * 1024 - con->bytes_written_cur_second;
-+              if (limit <= 0) {
-+                      /* we reached the traffic limit */
-+
-+                      con->traffic_limit_reached = 1;
-+                      joblist_append(srv, con);
-+
-+                      return 1;
-+              } else {
-+                      if (max_bytes > limit) max_bytes = limit;
-+              }
-+      }
-+
-       written = cq->bytes_out;
- #ifdef TCP_CORK
-@@ -879,10 +924,10 @@
-       if (srv_socket->is_ssl) {
- #ifdef USE_OPENSSL
--              ret = srv->network_ssl_backend_write(srv, con, con->ssl, cq);
-+              ret = srv->network_ssl_backend_write(srv, con, con->ssl, cq, max_bytes);
- #endif
-       } else {
--              ret = srv->network_backend_write(srv, con, con->fd, cq);
-+              ret = srv->network_backend_write(srv, con, con->fd, cq, max_bytes);
-       }
-       if (ret >= 0) {
-@@ -903,12 +948,5 @@
-       *(con->conf.global_bytes_per_second_cnt_ptr) += written;
--      if (con->conf.kbytes_per_second &&
--          (con->bytes_written_cur_second > con->conf.kbytes_per_second * 1024)) {
--              /* we reached the traffic limit */
--
--              con->traffic_limit_reached = 1;
--              joblist_append(srv, con);
--      }
-       return ret;
- }
-Index: src/network.h
-===================================================================
---- src/network.h      (.../tags/lighttpd-1.4.29)
-+++ src/network.h      (.../branches/lighttpd-1.4.x)
-@@ -3,7 +3,7 @@
- #include "server.h"
--int network_write_chunkqueue(server *srv, connection *con, chunkqueue *c);
-+int network_write_chunkqueue(server *srv, connection *con, chunkqueue *c, off_t max_bytes);
- int network_init(server *srv);
- int network_close(server *srv);
-Index: src/configfile.c
-===================================================================
---- src/configfile.c   (.../tags/lighttpd-1.4.29)
-+++ src/configfile.c   (.../branches/lighttpd-1.4.x)
-@@ -105,6 +105,8 @@
-               { "ssl.use-sslv3",               NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER },     /* 62 */
-               { "ssl.dh-file",                 NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER },      /* 63 */
-               { "ssl.ec-curve",                NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER },      /* 64 */
-+              { "ssl.disable-client-renegotiation", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER },/* 65 */
-+              { "ssl.honor-cipher-order",      NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER },     /* 66 */
-               { "server.host",                 "use server.bind instead", T_CONFIG_DEPRECATED, T_CONFIG_SCOPE_UNSET },
-               { "server.docroot",              "use server.document-root instead", T_CONFIG_DEPRECATED, T_CONFIG_SCOPE_UNSET },
-@@ -176,6 +178,7 @@
-               s->max_write_idle = 360;
-               s->use_xattr     = 0;
-               s->is_ssl        = 0;
-+              s->ssl_honor_cipher_order = 1;
-               s->ssl_use_sslv2 = 0;
-               s->ssl_use_sslv3 = 1;
-               s->use_ipv6      = 0;
-@@ -199,6 +202,7 @@
-               s->ssl_verifyclient_username = buffer_init();
-               s->ssl_verifyclient_depth = 9;
-               s->ssl_verifyclient_export_cert = 0;
-+              s->ssl_disable_client_renegotiation = 1;
-               cv[2].destination = s->errorfile_prefix;
-@@ -245,6 +249,8 @@
-               cv[62].destination = &(s->ssl_use_sslv3);
-               cv[63].destination = s->ssl_dh_file;
-               cv[64].destination = s->ssl_ec_curve;
-+              cv[66].destination = &(s->ssl_honor_cipher_order);
-+
-               cv[49].destination = &(s->etag_use_inode);
-               cv[50].destination = &(s->etag_use_mtime);
-               cv[51].destination = &(s->etag_use_size);
-@@ -255,6 +261,7 @@
-               cv[58].destination = &(s->ssl_verifyclient_depth);
-               cv[59].destination = s->ssl_verifyclient_username;
-               cv[60].destination = &(s->ssl_verifyclient_export_cert);
-+              cv[65].destination = &(s->ssl_disable_client_renegotiation);
-               srv->config_storage[i] = s;
-@@ -335,6 +342,7 @@
-       PATCH(ssl_cipher_list);
-       PATCH(ssl_dh_file);
-       PATCH(ssl_ec_curve);
-+      PATCH(ssl_honor_cipher_order);
-       PATCH(ssl_use_sslv2);
-       PATCH(ssl_use_sslv3);
-       PATCH(etag_use_inode);
-@@ -346,6 +354,7 @@
-       PATCH(ssl_verifyclient_depth);
-       PATCH(ssl_verifyclient_username);
-       PATCH(ssl_verifyclient_export_cert);
-+      PATCH(ssl_disable_client_renegotiation);
-       return 0;
- }
-@@ -400,6 +409,8 @@
- #endif
-                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.ca-file"))) {
-                               PATCH(ssl_ca_file);
-+                      } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.honor-cipher-order"))) {
-+                              PATCH(ssl_honor_cipher_order);
-                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.use-sslv2"))) {
-                               PATCH(ssl_use_sslv2);
-                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.use-sslv3"))) {
-@@ -454,6 +465,8 @@
-                               PATCH(ssl_verifyclient_username);
-                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.verifyclient.exportcert"))) {
-                               PATCH(ssl_verifyclient_export_cert);
-+                      } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.disable-client-renegotiation"))) {
-+                              PATCH(ssl_disable_client_renegotiation);
-                       }
-               }
-       }
-Index: src/mod_scgi.c
-===================================================================
---- src/mod_scgi.c     (.../tags/lighttpd-1.4.29)
-+++ src/mod_scgi.c     (.../branches/lighttpd-1.4.x)
-@@ -2296,7 +2296,7 @@
-               /* fall through */
-       case FCGI_STATE_WRITE:
--              ret = srv->network_backend_write(srv, con, hctx->fd, hctx->wb);
-+              ret = srv->network_backend_write(srv, con, hctx->fd, hctx->wb, MAX_WRITE_LIMIT);
-               chunkqueue_remove_finished_chunks(hctx->wb);
-Index: src/request.c
-===================================================================
---- src/request.c      (.../tags/lighttpd-1.4.29)
-+++ src/request.c      (.../branches/lighttpd-1.4.x)
-@@ -49,7 +49,7 @@
-                               if (++colon_cnt > 7) {
-                                       return -1;
-                               }
--                      } else if (!light_isxdigit(*c)) {
-+                      } else if (!light_isxdigit(*c) && '.' != *c) {
-                               return -1;
-                       }
-               }
-Index: src/network_backends.h
-===================================================================
---- src/network_backends.h     (.../tags/lighttpd-1.4.29)
-+++ src/network_backends.h     (.../branches/lighttpd-1.4.x)
-@@ -47,18 +47,18 @@
- #include "base.h"
- /* return values:
-- * >= 0 : chunks completed
-+ * >= 0 : no error
-  *   -1 : error (on our side)
-  *   -2 : remote close
-  */
--int network_write_chunkqueue_write(server *srv, connection *con, int fd, chunkqueue *cq);
--int network_write_chunkqueue_writev(server *srv, connection *con, int fd, chunkqueue *cq);
--int network_write_chunkqueue_linuxsendfile(server *srv, connection *con, int fd, chunkqueue *cq);
--int network_write_chunkqueue_freebsdsendfile(server *srv, connection *con, int fd, chunkqueue *cq);
--int network_write_chunkqueue_solarissendfilev(server *srv, connection *con, int fd, chunkqueue *cq);
-+int network_write_chunkqueue_write(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes);
-+int network_write_chunkqueue_writev(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes);
-+int network_write_chunkqueue_linuxsendfile(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes);
-+int network_write_chunkqueue_freebsdsendfile(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes);
-+int network_write_chunkqueue_solarissendfilev(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes);
- #ifdef USE_OPENSSL
--int network_write_chunkqueue_openssl(server *srv, connection *con, SSL *ssl, chunkqueue *cq);
-+int network_write_chunkqueue_openssl(server *srv, connection *con, SSL *ssl, chunkqueue *cq, off_t max_bytes);
- #endif
- #endif
-Index: src/SConscript
-===================================================================
---- src/SConscript     (.../tags/lighttpd-1.4.29)
-+++ src/SConscript     (.../branches/lighttpd-1.4.x)
-@@ -12,7 +12,8 @@
-       data_integer.c md5.c data_fastcgi.c \
-       fdevent_select.c fdevent_libev.c \
-       fdevent_poll.c fdevent_linux_sysepoll.c \
--      fdevent_solaris_devpoll.c fdevent_freebsd_kqueue.c \
-+      fdevent_solaris_devpoll.c fdevent_solaris_port.c \
-+      fdevent_freebsd_kqueue.c \
-       data_config.c bitset.c \
-       inet_ntop_cache.c crc32.c \
-       connections-glue.c \
-@@ -62,7 +63,7 @@
-       'mod_redirect' : { 'src' : [ 'mod_redirect.c' ], 'lib' : [ env['LIBPCRE'] ] },
-       'mod_rewrite' : { 'src' : [ 'mod_rewrite.c' ], 'lib' : [ env['LIBPCRE'] ] },
-       'mod_auth' : {
--              'src' : [ 'mod_auth.c', 'http_auth_digest.c', 'http_auth.c' ],
-+              'src' : [ 'mod_auth.c', 'http_auth.c' ],
-               'lib' : [ env['LIBCRYPT'], env['LIBLDAP'], env['LIBLBER'] ] },
-       'mod_webdav' : { 'src' : [ 'mod_webdav.c' ], 'lib' : [ env['LIBXML2'], env['LIBSQLITE3'], env['LIBUUID'] ] },
-       'mod_mysql_vhost' : { 'src' : [ 'mod_mysql_vhost.c' ], 'lib' : [ env['LIBMYSQL'] ] },
-Index: src/mod_cml_funcs.c
-===================================================================
---- src/mod_cml_funcs.c        (.../tags/lighttpd-1.4.29)
-+++ src/mod_cml_funcs.c        (.../branches/lighttpd-1.4.x)
-@@ -17,18 +17,8 @@
- #include <dirent.h>
- #include <stdio.h>
--#ifdef USE_OPENSSL
--# include <openssl/md5.h>
--#else
--# include "md5.h"
-+#include "md5.h"
--typedef li_MD5_CTX MD5_CTX;
--#define MD5_Init li_MD5_Init
--#define MD5_Update li_MD5_Update
--#define MD5_Final li_MD5_Final
--
--#endif
--
- #define HASHLEN 16
- typedef unsigned char HASH[HASHLEN];
- #define HASHHEXLEN 32
-@@ -43,7 +33,7 @@
- #ifdef HAVE_LUA_H
- int f_crypto_md5(lua_State *L) {
--      MD5_CTX Md5Ctx;
-+      li_MD5_CTX Md5Ctx;
-       HASH HA1;
-       buffer b;
-       char hex[33];
-@@ -63,9 +53,9 @@
-               lua_error(L);
-       }
--      MD5_Init(&Md5Ctx);
--      MD5_Update(&Md5Ctx, (unsigned char *)lua_tostring(L, 1), lua_strlen(L, 1));
--      MD5_Final(HA1, &Md5Ctx);
-+      li_MD5_Init(&Md5Ctx);
-+      li_MD5_Update(&Md5Ctx, (unsigned char *)lua_tostring(L, 1), lua_strlen(L, 1));
-+      li_MD5_Final(HA1, &Md5Ctx);
-       buffer_copy_string_hex(&b, (char *)HA1, 16);
-Index: src/mod_userdir.c
-===================================================================
---- src/mod_userdir.c  (.../tags/lighttpd-1.4.29)
-+++ src/mod_userdir.c  (.../branches/lighttpd-1.4.x)
-@@ -166,7 +166,6 @@
- URIHANDLER_FUNC(mod_userdir_docroot_handler) {
-       plugin_data *p = p_d;
--      int uri_len;
-       size_t k;
-       char *rel_url;
- #ifdef HAVE_PWD_H
-@@ -182,8 +181,6 @@
-        */
-       if (p->conf.path->used == 0) return HANDLER_GO_ON;
--      uri_len = con->uri.path->used - 1;
--
-       /* /~user/foo.html -> /home/user/public_html/foo.html */
-       if (con->uri.path->ptr[0] != '/' ||
-Index: src/mod_proxy.c
-===================================================================
---- src/mod_proxy.c    (.../tags/lighttpd-1.4.29)
-+++ src/mod_proxy.c    (.../branches/lighttpd-1.4.x)
-@@ -825,7 +825,7 @@
-               /* fall through */
-       case PROXY_STATE_WRITE:;
--              ret = srv->network_backend_write(srv, con, hctx->fd, hctx->wb);
-+              ret = srv->network_backend_write(srv, con, hctx->fd, hctx->wb, MAX_WRITE_LIMIT);
-               chunkqueue_remove_finished_chunks(hctx->wb);
-Index: src/Makefile.am
-===================================================================
---- src/Makefile.am    (.../tags/lighttpd-1.4.29)
-+++ src/Makefile.am    (.../branches/lighttpd-1.4.x)
-@@ -241,7 +241,7 @@
- mod_compress_la_LIBADD = $(Z_LIB) $(BZ_LIB) $(common_libadd)
- lib_LTLIBRARIES += mod_auth.la
--mod_auth_la_SOURCES = mod_auth.c http_auth_digest.c http_auth.c
-+mod_auth_la_SOURCES = mod_auth.c http_auth.c
- mod_auth_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
- mod_auth_la_LIBADD = $(CRYPT_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd)
-@@ -268,7 +268,7 @@
- hdr = server.h buffer.h network.h log.h keyvalue.h \
-       response.h request.h fastcgi.h chunk.h \
--      settings.h http_chunk.h http_auth_digest.h \
-+      settings.h http_chunk.h \
-       md5.h http_auth.h stream.h \
-       fdevent.h connections.h base.h stat_cache.h \
-       plugin.h mod_auth.h \
-Index: src/network_writev.c
-===================================================================
---- src/network_writev.c       (.../tags/lighttpd-1.4.29)
-+++ src/network_writev.c       (.../branches/lighttpd-1.4.x)
-@@ -30,17 +30,16 @@
- #define LOCAL_BUFFERING 1
- #endif
--int network_write_chunkqueue_writev(server *srv, connection *con, int fd, chunkqueue *cq) {
-+int network_write_chunkqueue_writev(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes) {
-       chunk *c;
--      size_t chunks_written = 0;
--      for(c = cq->first; c; c = c->next) {
-+      for(c = cq->first; (max_bytes > 0) && (NULL != c); c = c->next) {
-               int chunk_finished = 0;
-               switch(c->type) {
-               case MEM_CHUNK: {
-                       char * offset;
--                      size_t toSend;
-+                      off_t toSend;
-                       ssize_t r;
-                       size_t num_chunks, i;
-@@ -65,12 +64,10 @@
- #error "sysconf() doesnt return _SC_IOV_MAX ..., check the output of 'man writev' for the EINVAL error and send the output to jan@kneschke.de"
- #endif
--                      /* we can't send more then SSIZE_MAX bytes in one chunk */
--
-                       /* build writev list
-                        *
-                        * 1. limit: num_chunks < max_chunks
--                       * 2. limit: num_bytes < SSIZE_MAX
-+                       * 2. limit: num_bytes < max_bytes
-                        */
-                       for (num_chunks = 0, tc = c; tc && tc->type == MEM_CHUNK && num_chunks < max_chunks; num_chunks++, tc = tc->next);
-@@ -87,9 +84,9 @@
-                                       chunks[i].iov_base = offset;
-                                       /* protect the return value of writev() */
--                                      if (toSend > SSIZE_MAX ||
--                                          num_bytes + toSend > SSIZE_MAX) {
--                                              chunks[i].iov_len = SSIZE_MAX - num_bytes;
-+                                      if (toSend > max_bytes ||
-+                                          (off_t) num_bytes + toSend > max_bytes) {
-+                                              chunks[i].iov_len = max_bytes - num_bytes;
-                                               num_chunks = i + 1;
-                                               break;
-@@ -121,6 +118,7 @@
-                       }
-                       cq->bytes_out += r;
-+                      max_bytes -= r;
-                       /* check which chunks have been written */
-@@ -132,11 +130,10 @@
-                                       if (chunk_finished) {
-                                               /* skip the chunks from further touches */
--                                              chunks_written++;
-                                               c = c->next;
-                                       } else {
-                                               /* chunks_written + c = c->next is done in the for()*/
--                                              chunk_finished++;
-+                                              chunk_finished = 1;
-                                       }
-                               } else {
-                                       /* partially written */
-@@ -284,6 +281,8 @@
-                               assert(toSend < 0);
-                       }
-+                      if (toSend > max_bytes) toSend = max_bytes;
-+
- #ifdef LOCAL_BUFFERING
-                       start = c->mem->ptr;
- #else
-@@ -309,6 +308,7 @@
-                       c->offset += r;
-                       cq->bytes_out += r;
-+                      max_bytes -= r;
-                       if (c->offset == c->file.length) {
-                               chunk_finished = 1;
-@@ -334,11 +334,9 @@
-                       break;
-               }
--
--              chunks_written++;
-       }
--      return chunks_written;
-+      return 0;
- }
- #endif
-Index: src/network_freebsd_sendfile.c
-===================================================================
---- src/network_freebsd_sendfile.c     (.../tags/lighttpd-1.4.29)
-+++ src/network_freebsd_sendfile.c     (.../branches/lighttpd-1.4.x)
-@@ -31,17 +31,16 @@
- # endif
- #endif
--int network_write_chunkqueue_freebsdsendfile(server *srv, connection *con, int fd, chunkqueue *cq) {
-+int network_write_chunkqueue_freebsdsendfile(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes) {
-       chunk *c;
--      size_t chunks_written = 0;
--      for(c = cq->first; c; c = c->next, chunks_written++) {
-+      for(c = cq->first; (max_bytes > 0) && (NULL != c); c = c->next) {
-               int chunk_finished = 0;
-               switch(c->type) {
-               case MEM_CHUNK: {
-                       char * offset;
--                      size_t toSend;
-+                      off_t toSend;
-                       ssize_t r;
-                       size_t num_chunks, i;
-@@ -49,12 +48,10 @@
-                       chunk *tc;
-                       size_t num_bytes = 0;
--                      /* we can't send more then SSIZE_MAX bytes in one chunk */
--
-                       /* build writev list
-                        *
-                        * 1. limit: num_chunks < UIO_MAXIOV
--                       * 2. limit: num_bytes < SSIZE_MAX
-+                       * 2. limit: num_bytes < max_bytes
-                        */
-                       for(num_chunks = 0, tc = c; tc && tc->type == MEM_CHUNK && num_chunks < UIO_MAXIOV; num_chunks++, tc = tc->next);
-@@ -69,9 +66,9 @@
-                                       chunks[i].iov_base = offset;
-                                       /* protect the return value of writev() */
--                                      if (toSend > SSIZE_MAX ||
--                                          num_bytes + toSend > SSIZE_MAX) {
--                                              chunks[i].iov_len = SSIZE_MAX - num_bytes;
-+                                      if (toSend > max_bytes ||
-+                                          (off_t) num_bytes + toSend > max_bytes) {
-+                                              chunks[i].iov_len = max_bytes - num_bytes;
-                                               num_chunks = i + 1;
-                                               break;
-@@ -105,6 +102,7 @@
-                       /* check which chunks have been written */
-                       cq->bytes_out += r;
-+                      max_bytes -= r;
-                       for(i = 0, tc = c; i < num_chunks; i++, tc = tc->next) {
-                               if (r >= (ssize_t)chunks[i].iov_len) {
-@@ -114,11 +112,10 @@
-                                       if (chunk_finished) {
-                                               /* skip the chunks from further touches */
--                                              chunks_written++;
-                                               c = c->next;
-                                       } else {
-                                               /* chunks_written + c = c->next is done in the for()*/
--                                              chunk_finished++;
-+                                              chunk_finished = 1;
-                                       }
-                               } else {
-                                       /* partially written */
-@@ -134,7 +131,7 @@
-               }
-               case FILE_CHUNK: {
-                       off_t offset, r;
--                      size_t toSend;
-+                      off_t toSend;
-                       stat_cache_entry *sce = NULL;
-                       if (HANDLER_ERROR == stat_cache_get_entry(srv, con, c->file.name, &sce)) {
-@@ -144,9 +141,8 @@
-                       }
-                       offset = c->file.start + c->offset;
--                      /* limit the toSend to 2^31-1 bytes in a chunk */
--                      toSend = c->file.length - c->offset > ((1 << 30) - 1) ?
--                              ((1 << 30) - 1) : c->file.length - c->offset;
-+                      toSend = c->file.length - c->offset;
-+                      if (toSend > max_bytes) toSend = max_bytes;
-                       if (-1 == c->file.fd) {
-                               if (-1 == (c->file.fd = open(c->file.name->ptr, O_RDONLY))) {
-@@ -197,6 +193,7 @@
-                       c->offset += r;
-                       cq->bytes_out += r;
-+                      max_bytes -= r;
-                       if (c->offset == c->file.length) {
-                               chunk_finished = 1;
-@@ -218,7 +215,7 @@
-               }
-       }
--      return chunks_written;
-+      return 0;
- }
- #endif
-Index: src/network_openssl.c
-===================================================================
---- src/network_openssl.c      (.../tags/lighttpd-1.4.29)
-+++ src/network_openssl.c      (.../branches/lighttpd-1.4.x)
-@@ -27,10 +27,9 @@
- # include <openssl/ssl.h>
- # include <openssl/err.h>
--int network_write_chunkqueue_openssl(server *srv, connection *con, SSL *ssl, chunkqueue *cq) {
-+int network_write_chunkqueue_openssl(server *srv, connection *con, SSL *ssl, chunkqueue *cq, off_t max_bytes) {
-       int ssl_r;
-       chunk *c;
--      size_t chunks_written = 0;
-       /* this is a 64k sendbuffer
-        *
-@@ -59,13 +58,13 @@
-               SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN);
-       }
--      for(c = cq->first; c; c = c->next) {
-+      for(c = cq->first; (max_bytes > 0) && (NULL != c); c = c->next) {
-               int chunk_finished = 0;
-               switch(c->type) {
-               case MEM_CHUNK: {
-                       char * offset;
--                      size_t toSend;
-+                      off_t toSend;
-                       ssize_t r;
-                       if (c->mem->used == 0 || c->mem->used == 1) {
-@@ -75,6 +74,7 @@
-                       offset = c->mem->ptr + c->offset;
-                       toSend = c->mem->used - 1 - c->offset;
-+                      if (toSend > max_bytes) toSend = max_bytes;
-                       /**
-                        * SSL_write man-page
-@@ -87,7 +87,14 @@
-                        */
-                       ERR_clear_error();
--                      if ((r = SSL_write(ssl, offset, toSend)) <= 0) {
-+                      r = SSL_write(ssl, offset, toSend);
-+
-+                      if (con->renegotiations > 1 && con->conf.ssl_disable_client_renegotiation) {
-+                              log_error_write(srv, __FILE__, __LINE__, "s", "SSL: renegotiation initiated by client");
-+                              return -1;
-+                      }
-+
-+                      if (r <= 0) {
-                               unsigned long err;
-                               switch ((ssl_r = SSL_get_error(ssl, r))) {
-@@ -139,6 +146,7 @@
-                       } else {
-                               c->offset += r;
-                               cq->bytes_out += r;
-+                              max_bytes -= r;
-                       }
-                       if (c->offset == (off_t)c->mem->used - 1) {
-@@ -168,6 +176,7 @@
-                       do {
-                               off_t offset = c->file.start + c->offset;
-                               off_t toSend = c->file.length - c->offset;
-+                              if (toSend > max_bytes) toSend = max_bytes;
-                               if (toSend > LOCAL_SEND_BUFSIZE) toSend = LOCAL_SEND_BUFSIZE;
-@@ -190,7 +199,14 @@
-                               close(ifd);
-                               ERR_clear_error();
--                              if ((r = SSL_write(ssl, s, toSend)) <= 0) {
-+                              r = SSL_write(ssl, s, toSend);
-+
-+                              if (con->renegotiations > 1 && con->conf.ssl_disable_client_renegotiation) {
-+                                      log_error_write(srv, __FILE__, __LINE__, "s", "SSL: renegotiation initiated by client");
-+                                      return -1;
-+                              }
-+
-+                              if (r <= 0) {
-                                       unsigned long err;
-                                       switch ((ssl_r = SSL_get_error(ssl, r))) {
-@@ -243,12 +259,13 @@
-                               } else {
-                                       c->offset += r;
-                                       cq->bytes_out += r;
-+                                      max_bytes -= r;
-                               }
-                               if (c->offset == c->file.length) {
-                                       chunk_finished = 1;
-                               }
--                      } while(!chunk_finished && !write_wait);
-+                      } while (!chunk_finished && !write_wait && max_bytes > 0);
-                       break;
-               }
-@@ -263,11 +280,9 @@
-                       break;
-               }
--
--              chunks_written++;
-       }
--      return chunks_written;
-+      return 0;
- }
- #endif
-Index: src/http_auth.c
-===================================================================
---- src/http_auth.c    (.../tags/lighttpd-1.4.29)
-+++ src/http_auth.c    (.../branches/lighttpd-1.4.x)
-@@ -1,7 +1,6 @@
- #include "server.h"
- #include "log.h"
- #include "http_auth.h"
--#include "http_auth_digest.h"
- #include "inet_ntop_cache.h"
- #include "stream.h"
-@@ -28,18 +27,23 @@
- #include <unistd.h>
- #include <ctype.h>
--#ifdef USE_OPENSSL
--# include <openssl/md5.h>
--#else
--# include "md5.h"
-+#include "md5.h"
--typedef li_MD5_CTX MD5_CTX;
--#define MD5_Init li_MD5_Init
--#define MD5_Update li_MD5_Update
--#define MD5_Final li_MD5_Final
-+#define HASHLEN 16
-+#define HASHHEXLEN 32
-+typedef unsigned char HASH[HASHLEN];
-+typedef char HASHHEX[HASHHEXLEN+1];
--#endif
-+static void CvtHex(const HASH Bin, char Hex[33]) {
-+      unsigned short i;
-+      for (i = 0; i < 16; i++) {
-+              Hex[i*2] = int2hex((Bin[i] >> 4) & 0xf);
-+              Hex[i*2+1] = int2hex(Bin[i] & 0xf);
-+      }
-+      Hex[32] = '\0';
-+}
-+
- /**
-  * the $apr1$ handling is taken from apache 1.3.x
-  */
-@@ -95,7 +99,7 @@
-       ch = in[0];
-       /* run through the whole string, converting as we go */
-       for (i = 0; i < in_len; i++) {
--              ch = in[i];
-+              ch = (unsigned char) in[i];
-               if (ch == '\0') break;
-@@ -435,7 +439,7 @@
- static void to64(char *s, unsigned long v, int n)
- {
--    static unsigned char itoa64[] =         /* 0 ... 63 => ASCII - 64 */
-+    static const unsigned char itoa64[] =         /* 0 ... 63 => ASCII - 64 */
-         "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
-     while (--n >= 0) {
-@@ -455,7 +459,7 @@
-     const char *sp, *ep;
-     unsigned char final[APR_MD5_DIGESTSIZE];
-     ssize_t sl, pl, i;
--    MD5_CTX ctx, ctx1;
-+    li_MD5_CTX ctx, ctx1;
-     unsigned long l;
-     /*
-@@ -487,33 +491,33 @@
-     /*
-      * 'Time to make the doughnuts..'
-      */
--    MD5_Init(&ctx);
-+    li_MD5_Init(&ctx);
-     /*
-      * The password first, since that is what is most unknown
-      */
--    MD5_Update(&ctx, pw, strlen(pw));
-+    li_MD5_Update(&ctx, pw, strlen(pw));
-     /*
-      * Then our magic string
-      */
--    MD5_Update(&ctx, APR1_ID, strlen(APR1_ID));
-+    li_MD5_Update(&ctx, APR1_ID, strlen(APR1_ID));
-     /*
-      * Then the raw salt
-      */
--    MD5_Update(&ctx, sp, sl);
-+    li_MD5_Update(&ctx, sp, sl);
-     /*
-      * Then just as many characters of the MD5(pw, salt, pw)
-      */
--    MD5_Init(&ctx1);
--    MD5_Update(&ctx1, pw, strlen(pw));
--    MD5_Update(&ctx1, sp, sl);
--    MD5_Update(&ctx1, pw, strlen(pw));
--    MD5_Final(final, &ctx1);
-+    li_MD5_Init(&ctx1);
-+    li_MD5_Update(&ctx1, pw, strlen(pw));
-+    li_MD5_Update(&ctx1, sp, sl);
-+    li_MD5_Update(&ctx1, pw, strlen(pw));
-+    li_MD5_Final(final, &ctx1);
-     for (pl = strlen(pw); pl > 0; pl -= APR_MD5_DIGESTSIZE) {
--        MD5_Update(&ctx, final,
-+        li_MD5_Update(&ctx, final,
-                       (pl > APR_MD5_DIGESTSIZE) ? APR_MD5_DIGESTSIZE : pl);
-     }
-@@ -527,10 +531,10 @@
-      */
-     for (i = strlen(pw); i != 0; i >>= 1) {
-         if (i & 1) {
--            MD5_Update(&ctx, final, 1);
-+            li_MD5_Update(&ctx, final, 1);
-         }
-         else {
--            MD5_Update(&ctx, pw, 1);
-+            li_MD5_Update(&ctx, pw, 1);
-         }
-     }
-@@ -542,7 +546,7 @@
-     strncat(passwd, sp, sl);
-     strcat(passwd, "$");
--    MD5_Final(final, &ctx);
-+    li_MD5_Final(final, &ctx);
-     /*
-      * And now, just to make sure things don't run too fast..
-@@ -550,28 +554,28 @@
-      * need 30 seconds to build a 1000 entry dictionary...
-      */
-     for (i = 0; i < 1000; i++) {
--        MD5_Init(&ctx1);
-+        li_MD5_Init(&ctx1);
-         if (i & 1) {
--            MD5_Update(&ctx1, pw, strlen(pw));
-+            li_MD5_Update(&ctx1, pw, strlen(pw));
-         }
-         else {
--            MD5_Update(&ctx1, final, APR_MD5_DIGESTSIZE);
-+            li_MD5_Update(&ctx1, final, APR_MD5_DIGESTSIZE);
-         }
-         if (i % 3) {
--            MD5_Update(&ctx1, sp, sl);
-+            li_MD5_Update(&ctx1, sp, sl);
-         }
-         if (i % 7) {
--            MD5_Update(&ctx1, pw, strlen(pw));
-+            li_MD5_Update(&ctx1, pw, strlen(pw));
-         }
-         if (i & 1) {
--            MD5_Update(&ctx1, final, APR_MD5_DIGESTSIZE);
-+            li_MD5_Update(&ctx1, final, APR_MD5_DIGESTSIZE);
-         }
-         else {
--            MD5_Update(&ctx1, pw, strlen(pw));
-+            li_MD5_Update(&ctx1, pw, strlen(pw));
-         }
--        MD5_Final(final,&ctx1);
-+        li_MD5_Final(final,&ctx1);
-     }
-     p = passwd + strlen(passwd);
-@@ -614,17 +618,17 @@
-                * user:realm:md5(user:realm:password)
-                */
--              MD5_CTX Md5Ctx;
-+              li_MD5_CTX Md5Ctx;
-               HASH HA1;
-               char a1[256];
--              MD5_Init(&Md5Ctx);
--              MD5_Update(&Md5Ctx, (unsigned char *)username->ptr, username->used - 1);
--              MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
--              MD5_Update(&Md5Ctx, (unsigned char *)realm->ptr, realm->used - 1);
--              MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
--              MD5_Update(&Md5Ctx, (unsigned char *)pw, strlen(pw));
--              MD5_Final(HA1, &Md5Ctx);
-+              li_MD5_Init(&Md5Ctx);
-+              li_MD5_Update(&Md5Ctx, (unsigned char *)username->ptr, username->used - 1);
-+              li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
-+              li_MD5_Update(&Md5Ctx, (unsigned char *)realm->ptr, realm->used - 1);
-+              li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
-+              li_MD5_Update(&Md5Ctx, (unsigned char *)pw, strlen(pw));
-+              li_MD5_Final(HA1, &Md5Ctx);
-               CvtHex(HA1, a1);
-@@ -930,7 +934,7 @@
-       int i;
-       buffer *password, *b, *username_buf, *realm_buf;
--      MD5_CTX Md5Ctx;
-+      li_MD5_CTX Md5Ctx;
-       HASH HA1;
-       HASH HA2;
-       HASH RespHash;
-@@ -1067,13 +1071,13 @@
-       if (p->conf.auth_backend == AUTH_BACKEND_PLAIN) {
-               /* generate password from plain-text */
--              MD5_Init(&Md5Ctx);
--              MD5_Update(&Md5Ctx, (unsigned char *)username, strlen(username));
--              MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
--              MD5_Update(&Md5Ctx, (unsigned char *)realm, strlen(realm));
--              MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
--              MD5_Update(&Md5Ctx, (unsigned char *)password->ptr, password->used - 1);
--              MD5_Final(HA1, &Md5Ctx);
-+              li_MD5_Init(&Md5Ctx);
-+              li_MD5_Update(&Md5Ctx, (unsigned char *)username, strlen(username));
-+              li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
-+              li_MD5_Update(&Md5Ctx, (unsigned char *)realm, strlen(realm));
-+              li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
-+              li_MD5_Update(&Md5Ctx, (unsigned char *)password->ptr, password->used - 1);
-+              li_MD5_Final(HA1, &Md5Ctx);
-       } else if (p->conf.auth_backend == AUTH_BACKEND_HTDIGEST) {
-               /* HA1 */
-               /* transform the 32-byte-hex-md5 to a 16-byte-md5 */
-@@ -1090,45 +1094,45 @@
-       if (algorithm &&
-           strcasecmp(algorithm, "md5-sess") == 0) {
--              MD5_Init(&Md5Ctx);
--              MD5_Update(&Md5Ctx, (unsigned char *)HA1, 16);
--              MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
--              MD5_Update(&Md5Ctx, (unsigned char *)nonce, strlen(nonce));
--              MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
--              MD5_Update(&Md5Ctx, (unsigned char *)cnonce, strlen(cnonce));
--              MD5_Final(HA1, &Md5Ctx);
-+              li_MD5_Init(&Md5Ctx);
-+              li_MD5_Update(&Md5Ctx, (unsigned char *)HA1, 16);
-+              li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
-+              li_MD5_Update(&Md5Ctx, (unsigned char *)nonce, strlen(nonce));
-+              li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
-+              li_MD5_Update(&Md5Ctx, (unsigned char *)cnonce, strlen(cnonce));
-+              li_MD5_Final(HA1, &Md5Ctx);
-       }
-       CvtHex(HA1, a1);
-       /* calculate H(A2) */
--      MD5_Init(&Md5Ctx);
--      MD5_Update(&Md5Ctx, (unsigned char *)m, strlen(m));
--      MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
--      MD5_Update(&Md5Ctx, (unsigned char *)uri, strlen(uri));
-+      li_MD5_Init(&Md5Ctx);
-+      li_MD5_Update(&Md5Ctx, (unsigned char *)m, strlen(m));
-+      li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
-+      li_MD5_Update(&Md5Ctx, (unsigned char *)uri, strlen(uri));
-       if (qop && strcasecmp(qop, "auth-int") == 0) {
--              MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
--              MD5_Update(&Md5Ctx, (unsigned char *)"", HASHHEXLEN);
-+              li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
-+              li_MD5_Update(&Md5Ctx, (unsigned char *)"", HASHHEXLEN);
-       }
--      MD5_Final(HA2, &Md5Ctx);
-+      li_MD5_Final(HA2, &Md5Ctx);
-       CvtHex(HA2, HA2Hex);
-       /* calculate response */
--      MD5_Init(&Md5Ctx);
--      MD5_Update(&Md5Ctx, (unsigned char *)a1, HASHHEXLEN);
--      MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
--      MD5_Update(&Md5Ctx, (unsigned char *)nonce, strlen(nonce));
--      MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
-+      li_MD5_Init(&Md5Ctx);
-+      li_MD5_Update(&Md5Ctx, (unsigned char *)a1, HASHHEXLEN);
-+      li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
-+      li_MD5_Update(&Md5Ctx, (unsigned char *)nonce, strlen(nonce));
-+      li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
-       if (qop && *qop) {
--              MD5_Update(&Md5Ctx, (unsigned char *)nc, strlen(nc));
--              MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
--              MD5_Update(&Md5Ctx, (unsigned char *)cnonce, strlen(cnonce));
--              MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
--              MD5_Update(&Md5Ctx, (unsigned char *)qop, strlen(qop));
--              MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
-+              li_MD5_Update(&Md5Ctx, (unsigned char *)nc, strlen(nc));
-+              li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
-+              li_MD5_Update(&Md5Ctx, (unsigned char *)cnonce, strlen(cnonce));
-+              li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
-+              li_MD5_Update(&Md5Ctx, (unsigned char *)qop, strlen(qop));
-+              li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
-       };
--      MD5_Update(&Md5Ctx, (unsigned char *)HA2Hex, HASHHEXLEN);
--      MD5_Final(RespHash, &Md5Ctx);
-+      li_MD5_Update(&Md5Ctx, (unsigned char *)HA2Hex, HASHHEXLEN);
-+      li_MD5_Final(RespHash, &Md5Ctx);
-       CvtHex(RespHash, a2);
-       if (0 != strcmp(a2, respons)) {
-@@ -1171,24 +1175,24 @@
- int http_auth_digest_generate_nonce(server *srv, mod_auth_plugin_data *p, buffer *fn, char out[33]) {
-       HASH h;
--      MD5_CTX Md5Ctx;
-+      li_MD5_CTX Md5Ctx;
-       char hh[32];
-       UNUSED(p);
-       /* generate shared-secret */
--      MD5_Init(&Md5Ctx);
--      MD5_Update(&Md5Ctx, (unsigned char *)fn->ptr, fn->used - 1);
--      MD5_Update(&Md5Ctx, (unsigned char *)"+", 1);
-+      li_MD5_Init(&Md5Ctx);
-+      li_MD5_Update(&Md5Ctx, (unsigned char *)fn->ptr, fn->used - 1);
-+      li_MD5_Update(&Md5Ctx, (unsigned char *)"+", 1);
-       /* we assume sizeof(time_t) == 4 here, but if not it ain't a problem at all */
-       LI_ltostr(hh, srv->cur_ts);
--      MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
--      MD5_Update(&Md5Ctx, (unsigned char *)srv->entropy, sizeof(srv->entropy));
-+      li_MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
-+      li_MD5_Update(&Md5Ctx, (unsigned char *)srv->entropy, sizeof(srv->entropy));
-       LI_ltostr(hh, rand());
--      MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
-+      li_MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
--      MD5_Final(h, &Md5Ctx);
-+      li_MD5_Final(h, &Md5Ctx);
-       CvtHex(h, out);
-Index: src/mod_usertrack.c
-===================================================================
---- src/mod_usertrack.c        (.../tags/lighttpd-1.4.29)
-+++ src/mod_usertrack.c        (.../branches/lighttpd-1.4.x)
-@@ -8,18 +8,8 @@
- #include <stdlib.h>
- #include <string.h>
--#ifdef USE_OPENSSL
--# include <openssl/md5.h>
--#else
--# include "md5.h"
-+#include "md5.h"
--typedef li_MD5_CTX MD5_CTX;
--#define MD5_Init li_MD5_Init
--#define MD5_Update li_MD5_Update
--#define MD5_Final li_MD5_Final
--
--#endif
--
- /* plugin config for all request/connections */
- typedef struct {
-@@ -182,7 +172,7 @@
-       plugin_data *p = p_d;
-       data_string *ds;
-       unsigned char h[16];
--      MD5_CTX Md5Ctx;
-+      li_MD5_CTX Md5Ctx;
-       char hh[32];
-       if (con->uri.path->used == 0) return HANDLER_GO_ON;
-@@ -228,18 +218,18 @@
-       /* taken from mod_auth.c */
-       /* generate shared-secret */
--      MD5_Init(&Md5Ctx);
--      MD5_Update(&Md5Ctx, (unsigned char *)con->uri.path->ptr, con->uri.path->used - 1);
--      MD5_Update(&Md5Ctx, (unsigned char *)"+", 1);
-+      li_MD5_Init(&Md5Ctx);
-+      li_MD5_Update(&Md5Ctx, (unsigned char *)con->uri.path->ptr, con->uri.path->used - 1);
-+      li_MD5_Update(&Md5Ctx, (unsigned char *)"+", 1);
-       /* we assume sizeof(time_t) == 4 here, but if not it ain't a problem at all */
-       LI_ltostr(hh, srv->cur_ts);
--      MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
--      MD5_Update(&Md5Ctx, (unsigned char *)srv->entropy, sizeof(srv->entropy));
-+      li_MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
-+      li_MD5_Update(&Md5Ctx, (unsigned char *)srv->entropy, sizeof(srv->entropy));
-       LI_ltostr(hh, rand());
--      MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
-+      li_MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
--      MD5_Final(h, &Md5Ctx);
-+      li_MD5_Final(h, &Md5Ctx);
-       buffer_append_string_encoded(ds->value, (char *)h, 16, ENCODING_HEX);
-       buffer_append_string_len(ds->value, CONST_STR_LEN("; Path=/"));
-Index: src/mod_status.c
-===================================================================
---- src/mod_status.c   (.../tags/lighttpd-1.4.29)
-+++ src/mod_status.c   (.../branches/lighttpd-1.4.x)
-@@ -487,7 +487,7 @@
-               buffer_append_string_len(b, CONST_STR_LEN("</td><td class=\"int\">"));
--              if (con->request.content_length) {
-+              if (c->request.content_length) {
-                       buffer_append_long(b, c->request_content_queue->bytes_in);
-                       buffer_append_string_len(b, CONST_STR_LEN("/"));
-                       buffer_append_long(b, c->request.content_length);
-Index: src/settings.h
-===================================================================
---- src/settings.h     (.../tags/lighttpd-1.4.29)
-+++ src/settings.h     (.../branches/lighttpd-1.4.x)
-@@ -21,8 +21,11 @@
-  * 64kB (no real reason, just a guess)
-  */
- #define BUFFER_MAX_REUSE_SIZE  (4 * 1024)
--#define MAX_READ_LIMIT (4*1024*1024)
-+/* both should be way smaller than SSIZE_MAX :) */
-+#define MAX_READ_LIMIT (256*1024)
-+#define MAX_WRITE_LIMIT (256*1024)
-+
- /**
-  * max size of the HTTP request header
-  *
-Index: src/mod_cml_lua.c
-===================================================================
---- src/mod_cml_lua.c  (.../tags/lighttpd-1.4.29)
-+++ src/mod_cml_lua.c  (.../branches/lighttpd-1.4.x)
-@@ -11,18 +11,6 @@
- #include <time.h>
- #include <string.h>
--#ifdef USE_OPENSSL
--# include <openssl/md5.h>
--#else
--# include "md5.h"
--
--typedef li_MD5_CTX MD5_CTX;
--#define MD5_Init li_MD5_Init
--#define MD5_Update li_MD5_Update
--#define MD5_Final li_MD5_Final
--
--#endif
--
- #define HASHLEN 16
- typedef unsigned char HASH[HASHLEN];
- #define HASHHEXLEN 32
-Index: src/mod_fastcgi.c
-===================================================================
---- src/mod_fastcgi.c  (.../tags/lighttpd-1.4.29)
-+++ src/mod_fastcgi.c  (.../branches/lighttpd-1.4.x)
-@@ -3075,7 +3075,7 @@
-               fcgi_set_state(srv, hctx, FCGI_STATE_WRITE);
-               /* fall through */
-       case FCGI_STATE_WRITE:
--              ret = srv->network_backend_write(srv, con, hctx->fd, hctx->wb);
-+              ret = srv->network_backend_write(srv, con, hctx->fd, hctx->wb, MAX_WRITE_LIMIT);
-               chunkqueue_remove_finished_chunks(hctx->wb);
-@@ -3132,7 +3132,6 @@
-       plugin_data *p = p_d;
-       handler_ctx *hctx = con->plugin_ctx[p->id];
--      fcgi_proc *proc;
-       fcgi_extension_host *host;
-       if (NULL == hctx) return HANDLER_GO_ON;
-@@ -3201,7 +3200,6 @@
-       /* ok, create the request */
-       switch(fcgi_write_request(srv, hctx)) {
-       case HANDLER_ERROR:
--              proc = hctx->proc;
-               host = hctx->host;
-               if (hctx->state == FCGI_STATE_INIT ||
-Index: src/network_solaris_sendfilev.c
-===================================================================
---- src/network_solaris_sendfilev.c    (.../tags/lighttpd-1.4.29)
-+++ src/network_solaris_sendfilev.c    (.../branches/lighttpd-1.4.x)
-@@ -38,17 +38,16 @@
-  */
--int network_write_chunkqueue_solarissendfilev(server *srv, connection *con, int fd, chunkqueue *cq) {
-+int network_write_chunkqueue_solarissendfilev(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes) {
-       chunk *c;
--      size_t chunks_written = 0;
--      for(c = cq->first; c; c = c->next, chunks_written++) {
-+      for(c = cq->first; (max_bytes > 0) && (NULL != c); c = c->next) {
-               int chunk_finished = 0;
-               switch(c->type) {
-               case MEM_CHUNK: {
-                       char * offset;
--                      size_t toSend;
-+                      off_t toSend;
-                       ssize_t r;
-                       size_t num_chunks, i;
-@@ -77,9 +76,9 @@
-                                       chunks[i].iov_base = offset;
-                                       /* protect the return value of writev() */
--                                      if (toSend > SSIZE_MAX ||
--                                          num_bytes + toSend > SSIZE_MAX) {
--                                              chunks[i].iov_len = SSIZE_MAX - num_bytes;
-+                                      if (toSend > max_bytes ||
-+                                          (off_t) num_bytes + toSend > max_bytes) {
-+                                              chunks[i].iov_len = max_bytes - num_bytes;
-                                               num_chunks = i + 1;
-                                               break;
-@@ -119,11 +118,10 @@
-                                       if (chunk_finished) {
-                                               /* skip the chunks from further touches */
--                                              chunks_written++;
-                                               c = c->next;
-                                       } else {
-                                               /* chunks_written + c = c->next is done in the for()*/
--                                              chunk_finished++;
-+                                              chunk_finished = 1;
-                                       }
-                               } else {
-                                       /* partially written */
-@@ -139,8 +137,8 @@
-               }
-               case FILE_CHUNK: {
-                       ssize_t r;
--                      off_t offset;
--                      size_t toSend, written;
-+                      off_t offset, toSend;
-+                      size_t written;
-                       sendfilevec_t fvec;
-                       stat_cache_entry *sce = NULL;
-                       int ifd;
-@@ -153,6 +151,7 @@
-                       offset = c->file.start + c->offset;
-                       toSend = c->file.length - c->offset;
-+                      if (toSend > max_bytes) toSend = max_bytes;
-                       if (offset > sce->st.st_size) {
-                               log_error_write(srv, __FILE__, __LINE__, "sb", "file was shrinked:", c->file.name);
-@@ -186,6 +185,7 @@
-                       close(ifd);
-                       c->offset += written;
-                       cq->bytes_out += written;
-+                      max_bytes -= written;
-                       if (c->offset == c->file.length) {
-                               chunk_finished = 1;
-@@ -207,7 +207,7 @@
-               }
-       }
--      return chunks_written;
-+      return 0;
- }
- #endif
-Index: src/CMakeLists.txt
-===================================================================
-Index: src/mod_dirlisting.c
-===================================================================
---- src/mod_dirlisting.c       (.../tags/lighttpd-1.4.29)
-+++ src/mod_dirlisting.c       (.../branches/lighttpd-1.4.x)
-@@ -657,7 +657,8 @@
-       i = dir->used - 1;
- #ifdef HAVE_PATHCONF
--      if (-1 == (name_max = pathconf(dir->ptr, _PC_NAME_MAX))) {
-+      if (0 >= (name_max = pathconf(dir->ptr, _PC_NAME_MAX))) {
-+              /* some broken fs (fuse) return 0 instead of -1 */
- #ifdef NAME_MAX
-               name_max = NAME_MAX;
- #else
-Index: src/network_linux_sendfile.c
-===================================================================
---- src/network_linux_sendfile.c       (.../tags/lighttpd-1.4.29)
-+++ src/network_linux_sendfile.c       (.../branches/lighttpd-1.4.x)
-@@ -27,17 +27,16 @@
- /* on linux 2.4.29 + debian/ubuntu we have crashes if this is enabled */
- #undef HAVE_POSIX_FADVISE
--int network_write_chunkqueue_linuxsendfile(server *srv, connection *con, int fd, chunkqueue *cq) {
-+int network_write_chunkqueue_linuxsendfile(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes) {
-       chunk *c;
--      size_t chunks_written = 0;
--      for(c = cq->first; c; c = c->next, chunks_written++) {
-+      for(c = cq->first; (max_bytes > 0) && (NULL != c); c = c->next) {
-               int chunk_finished = 0;
-               switch(c->type) {
-               case MEM_CHUNK: {
-                       char * offset;
--                      size_t toSend;
-+                      off_t toSend;
-                       ssize_t r;
-                       size_t num_chunks, i;
-@@ -45,12 +44,10 @@
-                       chunk *tc;
-                       size_t num_bytes = 0;
--                      /* we can't send more then SSIZE_MAX bytes in one chunk */
--
-                       /* build writev list
-                        *
-                        * 1. limit: num_chunks < UIO_MAXIOV
--                       * 2. limit: num_bytes < SSIZE_MAX
-+                       * 2. limit: num_bytes < max_bytes
-                        */
-                       for (num_chunks = 0, tc = c;
-                            tc && tc->type == MEM_CHUNK && num_chunks < UIO_MAXIOV;
-@@ -67,9 +64,9 @@
-                                       chunks[i].iov_base = offset;
-                                       /* protect the return value of writev() */
--                                      if (toSend > SSIZE_MAX ||
--                                          num_bytes + toSend > SSIZE_MAX) {
--                                              chunks[i].iov_len = SSIZE_MAX - num_bytes;
-+                                      if (toSend > max_bytes ||
-+                                          (off_t) num_bytes + toSend > max_bytes) {
-+                                              chunks[i].iov_len = max_bytes - num_bytes;
-                                               num_chunks = i + 1;
-                                               break;
-@@ -100,6 +97,7 @@
-                       /* check which chunks have been written */
-                       cq->bytes_out += r;
-+                      max_bytes -= r;
-                       for(i = 0, tc = c; i < num_chunks; i++, tc = tc->next) {
-                               if (r >= (ssize_t)chunks[i].iov_len) {
-@@ -109,11 +107,10 @@
-                                       if (chunk_finished) {
-                                               /* skip the chunks from further touches */
--                                              chunks_written++;
-                                               c = c->next;
-                                       } else {
-                                               /* chunks_written + c = c->next is done in the for()*/
--                                              chunk_finished++;
-+                                              chunk_finished = 1;
-                                       }
-                               } else {
-                                       /* partially written */
-@@ -130,13 +127,12 @@
-               case FILE_CHUNK: {
-                       ssize_t r;
-                       off_t offset;
--                      size_t toSend;
-+                      off_t toSend;
-                       stat_cache_entry *sce = NULL;
-                       offset = c->file.start + c->offset;
--                      /* limit the toSend to 2^31-1 bytes in a chunk */
--                      toSend = c->file.length - c->offset > ((1 << 30) - 1) ?
--                              ((1 << 30) - 1) : c->file.length - c->offset;
-+                      toSend = c->file.length - c->offset;
-+                      if (toSend > max_bytes) toSend = max_bytes;
-                       /* open file if not already opened */
-                       if (-1 == c->file.fd) {
-@@ -215,6 +211,7 @@
-                       c->offset += r;
-                       cq->bytes_out += r;
-+                      max_bytes -= r;
-                       if (c->offset == c->file.length) {
-                               chunk_finished = 1;
-@@ -243,7 +240,7 @@
-               }
-       }
--      return chunks_written;
-+      return 0;
- }
- #endif
-Index: tests/mod-auth.t
-===================================================================
---- tests/mod-auth.t   (.../tags/lighttpd-1.4.29)
-+++ tests/mod-auth.t   (.../branches/lighttpd-1.4.x)
-@@ -8,7 +8,7 @@
- use strict;
- use IO::Socket;
--use Test::More tests => 14;
-+use Test::More tests => 15;
- use LightyTest;
- my $tf = LightyTest->new();
-@@ -25,6 +25,14 @@
- $t->{REQUEST}  = ( <<EOF
- GET /server-status HTTP/1.0
-+Authorization: Basic \x80mFuOmphb
-+EOF
-+ );
-+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ];
-+ok($tf->handle_http($t) == 0, 'Basic-Auth: Invalid base64 Auth-token');
-+
-+$t->{REQUEST}  = ( <<EOF
-+GET /server-status HTTP/1.0
- Authorization: Basic amFuOmphb
- EOF
-  );
-Index: tests/request.t
-===================================================================
---- tests/request.t    (.../tags/lighttpd-1.4.29)
-+++ tests/request.t    (.../branches/lighttpd-1.4.x)
-@@ -8,7 +8,7 @@
- use strict;
- use IO::Socket;
--use Test::More tests => 44;
-+use Test::More tests => 46;
- use LightyTest;
- my $tf = LightyTest->new();
-@@ -413,5 +413,21 @@
- $t->{SLOWREQUEST} = 1;
- ok($tf->handle_http($t) == 0, 'GET, slow \\r\\n\\r\\n (#2105)');
-+print "\nPathinfo for static files\n";
-+$t->{REQUEST}  = ( <<EOF
-+GET /image.jpg/index.php HTTP/1.0
-+EOF
-+ );
-+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200, 'Content-Type' => 'image/jpeg' } ];
-+ok($tf->handle_http($t) == 0, 'static file accepting pathinfo by default');
-+
-+$t->{REQUEST}  = ( <<EOF
-+GET /image.jpg/index.php HTTP/1.0
-+Host: zzz.example.org
-+EOF
-+ );
-+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 403 } ];
-+ok($tf->handle_http($t) == 0, 'static file with forbidden pathinfo');
-+
- ok($tf->stop_proc == 0, "Stopping lighttpd");
-Index: tests/wrapper.sh
-===================================================================
---- tests/wrapper.sh   (.../tags/lighttpd-1.4.29)
-+++ tests/wrapper.sh   (.../branches/lighttpd-1.4.x)
-@@ -6,4 +6,4 @@
- top_builddir=$2
- export SHELL srcdir top_builddir
--$3
-+exec $3
-Index: tests/lighttpd.conf
-===================================================================
---- tests/lighttpd.conf        (.../tags/lighttpd-1.4.29)
-+++ tests/lighttpd.conf        (.../branches/lighttpd-1.4.x)
-@@ -149,6 +149,7 @@
- $HTTP["host"] == "zzz.example.org" {
-   server.document-root = env.SRCDIR + "/tmp/lighttpd/servers/www.example.org/pages/"
-   server.name = "zzz.example.org"
-+  static-file.disable-pathinfo = "enable"
- }
- $HTTP["host"] == "symlink.example.org" {
-Index: configure.ac
-===================================================================
-Index: doc/config/lighttpd.conf
-===================================================================
---- doc/config/lighttpd.conf   (.../tags/lighttpd-1.4.29)
-+++ doc/config/lighttpd.conf   (.../branches/lighttpd-1.4.x)
-@@ -394,6 +394,25 @@
- ##   $SERVER["socket"] == "10.0.0.1:443" {
- ##     ssl.engine                  = "enable"
- ##     ssl.pemfile                 = "/etc/ssl/private/www.example.com.pem"
-+##     #
-+##     # Mitigate BEAST attack:
-+##     #
-+##     # A stricter base cipher suite. For details see:
-+##     # http://blog.ivanristic.com/2011/10/mitigating-the-beast-attack-on-tls.html
-+##     #
-+##     ssl.ciphers                 = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
-+##     #
-+##     # Make the server prefer the order of the server side cipher suite instead of the client suite.
-+##     # This is necessary to mitigate the BEAST attack (unless you disable all non RC4 algorithms).
-+##     # This option is enabled by default, but only used if ssl.ciphers is set.
-+##     #
-+##     # ssl.honor-cipher-order = "enable"
-+##     #
-+##     # Mitigate CVE-2009-3555 by disabling client triggered renegotation
-+##     # This is enabled by default.
-+##     #
-+##     # ssl.disable-client-renegotiation = "enable"
-+##     #
- ##     server.name                 = "www.example.com"
- ##
- ##     server.document-root        = "/srv/www/vhosts/example.com/www/"
-Index: SConstruct
-===================================================================
-Index: NEWS
-===================================================================
---- NEWS       (.../tags/lighttpd-1.4.29)
-+++ NEWS       (.../branches/lighttpd-1.4.x)
-@@ -3,7 +3,20 @@
- NEWS
- ====
--- 1.4.29 -
-+- 1.4.30 -
-+  * Always use our 'own' md5 implementation, fixes linking issues on MacOS (fixes #2331)
-+  * Limit amount of bytes we send in one go; fixes stalling in one connection and timeouts on slow systems.
-+  * [ssl] fix build errors when Elliptic-Curve Diffie-Hellman is disabled
-+  * Add static-file.disable-pathinfo option to prevent handling of urls like .../secret.php/image.jpg as static file
-+  * Don't overwrite 401 (auth required) with 501 (unknown method) (fixes #2341)
-+  * Fix mod_status bug: always showed "0/0" in the "Read" column for uploads (fixes #2351)
-+  * [mod_auth] Fix signedness error in http_auth (fixes #2370, CVE-2011-4362)
-+  * [ssl] count renegotiations to prevent client renegotiations
-+  * [ssl] add option to honor server cipher order (fixes #2364, BEAST attack)
-+  * [core] accept dots in ipv6 addresses in host header (fixes #2359)
-+  * [ssl] fix ssl connection aborts if files are larger than the MAX_WRITE_LIMIT (256kb)
-+
-+- 1.4.29 - 2011-07-03
-   * Fix mod_proxy waiting for response even if content-length is 0 (fixes #2259)
-   * Silence annoying "connection closed: poll() -> ERR" error.log message (fixes #2257)
-   * mod_cgi: make read buffer as big as incoming data block
-Index: CMakeLists.txt
-===================================================================
index c0e00629782e825a700f13339a0035c67931a2e2..a3f634ce7c3cb6fb9eeb8b6dc8001978b4045e1c 100644 (file)
@@ -1,11 +1,11 @@
---- lighttpd-1.4.22/src/response.c~    2009-04-17 00:50:21.000000000 +0300
-+++ lighttpd-1.4.22/src/response.c     2009-04-17 00:51:22.174367972 +0300
-@@ -105,7 +105,7 @@
+--- lighttpd-1.4.36/src/response.c~    2015-07-26 13:36:36.000000000 +0300
++++ lighttpd-1.4.36/src/response.c     2015-07-26 18:29:48.302220417 +0300
+@@ -109,7 +109,7 @@
  
        if (!have_server) {
                if (buffer_is_empty(con->conf.server_tag)) {
 -                      buffer_append_string_len(b, CONST_STR_LEN("\r\nServer: " PACKAGE_DESC));
 +                      buffer_append_string_len(b, CONST_STR_LEN("\r\nServer: " PACKAGE_DESC " (TLD Linux)"));
-               } else if (con->conf.server_tag->used > 1) {
+               } else if (!buffer_string_is_empty(con->conf.server_tag)) {
                        buffer_append_string_len(b, CONST_STR_LEN("\r\nServer: "));
                        buffer_append_string_encoded(b, CONST_BUF_LEN(con->conf.server_tag), ENCODING_HTTP_HEADER);
index 69d169b3ec553deadc750cac631c47809e7a8511..aaf4d5fae66946360f8b500221b0320f8a21e928 100755 (executable)
@@ -10,6 +10,8 @@
 # Source function library
 . /etc/rc.d/init.d/functions
 
+upstart_controlled
+
 # Get network config
 . /etc/sysconfig/network
 
index a4cb532055698cfeba30f6e2acb23cc1d0da282f..708bc3a71a142dddda919abe9560aad193422cb2 100644 (file)
@@ -20,6 +20,7 @@
 %bcond_with    webdav_locks    # webdav locks with extra efsprogs deps
 %bcond_with    valgrind        # compile code with valgrind support.
 %bcond_with    deflate         # build deflate module (needs patch update with current svn)
+%bcond_with    h264_streaming          # build h264_streaming module
 
 %if %{with webdav_locks}
 %define                webdav_progs    1
 Summary:       Fast and light HTTP server
 Summary(pl.UTF-8):     Szybki i lekki serwer HTTP
 Name:          lighttpd
-Version:       1.4.35
-Release:       7
+Version:       1.4.39
+Release:       1
 License:       BSD
 Group:         Networking/Daemons/HTTP
-Source0:       http://download.lighttpd.net/lighttpd/releases-1.4.x/%{name}-%{version}.tar.bz2
-# Source0-md5: f7a88130ee9984b421ad8aa80629750a
+Source0:       http://download.lighttpd.net/lighttpd/releases-1.4.x/%{name}-%{version}.tar.xz
+# Source0-md5: 63c7563be1c7a7a9819a51f07f1af8b2
 Source1:       %{name}.init
 Source2:       %{name}.conf
 Source3:       %{name}.user
@@ -89,7 +90,9 @@ Source135:    %{name}-mod_extforward.conf
 Source136:     %{name}-mod_h264_streaming.conf
 Source137:     %{name}-mod_cgi_php.conf
 Source138:     %{name}-mod_compress.tmpwatch
+# use branch.sh script to create branch.diff
 #Patch100:     %{name}-branch.diff
+## Patch100-md5:       cdcde8cb4632a42c5ae21d73aae9d34b
 Patch0:                %{name}-use_bin_sh.patch
 Patch1:                %{name}-mod_evasive-status_code.patch
 Patch2:                %{name}-mod_h264_streaming.patch
@@ -125,8 +128,10 @@ BuildRequires:     pkgconfig
 BuildRequires: rpm >= 4.4.9-56
 BuildRequires: rpmbuild(macros) >= 1.647
 %{?with_webdav_props:BuildRequires:    sqlite3-devel}
+BuildRequires: tar >= 1:1.22
 %{?with_valgrind:BuildRequires:        valgrind}
 BuildRequires: which
+BuildRequires: xz
 BuildRequires: zlib-devel
 Requires(post,preun):  /sbin/chkconfig
 Requires(postun):      /usr/sbin/groupdel
@@ -826,14 +831,13 @@ Plik monitrc do monitorowania serwera www lighttpd.
 %prep
 %setup -q
 #%patch100 -p0
-#%patch4 -p0
 %patch0 -p1
 %patch1 -p1
-%patch2 -p1
+%{?with_h264_streaming:%patch2 -p1}
 %patch3 -p1
 %{?with_deflate:%patch5 -p1}
 %patch6 -p1
-%patch7 -p0
+%patch7 -p1
 
 rm -f src/mod_ssi_exprparser.h # bad patching: should be removed by is emptied instead
 
@@ -843,6 +847,7 @@ cp -p %{SOURCE14} PLD-TODO
 
 %if "%{pld_release}" == "ac"
 %{__sed} -i -e 's/ serial_tests//' configure.ac
+%{__sed} -i -e 's/dist-xz/dist-bzip2/' configure.ac
 %endif
 
 %build
@@ -926,7 +931,9 @@ cp -p %{SOURCE109} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_evasive.conf
 cp -p %{SOURCE110} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_evhost.conf
 cp -p %{SOURCE112} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_fastcgi.conf
 cp -p %{SOURCE113} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_flv_streaming.conf
+%if %{with h264_streaming}
 cp -p %{SOURCE136} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_h264_streaming.conf
+%endif
 cp -p %{SOURCE114} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_indexfile.conf
 cp -p %{SOURCE115} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_proxy.conf
 cp -p %{SOURCE118} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_rrdtool.conf
@@ -1213,10 +1220,12 @@ fi
 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_flv_streaming.conf
 %attr(755,root,root) %{_libdir}/mod_flv_streaming.so
 
+%if %{with h264_streaming}
 %files mod_h264_streaming
 %defattr(644,root,root,755)
 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_h264_streaming.conf
 %attr(755,root,root) %{_libdir}/mod_h264_streaming.so
+%endif
 
 %files mod_indexfile
 %defattr(644,root,root,755)