--- lighttpd-1.4.18/NEWS 2007-09-09 20:41:20.000000000 +0200 +++ lighttpd-1.4.19/NEWS 2008-03-10 22:28:30.000000000 +0100 @@ -3,6 +3,55 @@ NEWS ==== +- 1.4.19 - + + * added support for If-Range: (#1346) + * added support for matching $HTTP["scheme"] in configs + * fixed initgroups() called after chroot (#1384) + * fixed case-sensitive check for Auth-Method (#1456) + * execute fcgi app without /bin/sh if used as argument to spawn-fcgi (#1428) + * fixed a bug that made /-prefixed extensions being handled also when + matching the end of the uri in fcgi,scgi and proxy modules (#1489) + * print error if X-LIGHTTPD-send-file cannot be done; reset header + Content-Length for send-file. Patches by Stefan Buehler + * prevent crash in certain php-fcgi configurations (#841) + * add IdleServers and Scoreboard directives in ?auto mode for mod_status (#1507) + * open log immediately after daemonizing, fixes SIGPIPEs on startup (#165) + * HTTPS env var should be "on" when using mod_extforward and the X-Forwarded-Proto header is set. (#1499) + * generate ETag and Last-Modified headers for mod_ssi based on newest modified include (#1491) + * support letterhomes in mod_userdir (#1473) + * support chained proxies in mod_extforward (#1528) + * fixed bogus "cgi died ?" if we kill the CGI process on shutdown + * fixed ECONNRESET handling in network-openssl + * fixed handling of EAGAIN in network-linux-sendfile (#657) + * reset conditional cache (#1164) + * create directories in mod_compress (was broken with alias/userdir) (#1027) + * fixed out of range access in fd array (#1562, #372) (CVE-2008-0983) + * mod_compress should check if the request is already handled, e.g. by fastcgi (#1565) + * remove broken workaround for buggy Opera version with ssl/chunked encoding (#285) + * generate etag/last-modified header for on-the-fly-compressed files (#1171) + * req-method OPTIONS: do not insert default response if request was denied, do not deny OPTIONS by default (#1324) + * fixed memory leak on windows (#1347) + * fixed building outside of the src dir (#1349) + * fixed including of stdint.h/inttypes.h in etag.c (#1413) + * do not add Accept-Ranges header if range-request is disabled (#1449) + * log the ip of failed auth tries in error.log (enhancement #1544) + * fixed RoundRobin in mod_proxy (#516) + * check for symlinks after successful pathinfo matching (#1574) + * fixed mod-proxy.t to run with a builddir outside of the src dir + * do not suppress content on "307 Temporary Redirect" (#1412) + * fixed Content-Length header if response body gets removed in connections.c (#1412, part 2) + * do not generate a "Content-Length: 0" header for HEAD requests, added test too + * remove compress cache file if compression or write failed (#1150) + * fixed body handling of status 300 requests + * spawn-fcgi: only try to connect to unix socket (not tcp) before spawning (#1575) + * fix sending source of cgi script instead of 500 error if fork fails (CVE-2008-1111) + * fix min-procs handling in mod_scgi.c, just set to max-procs (patch from #623) + * fix sending "408 - Timeout" instead of "410 - Gone" for timedout urls in mod_secdownload (#1440) + * workaround #1587: require userdir.path to be set to enable mod_userdir (empty string allowed) (CVE-2008-1270) + * make configure checks for --with-pcre, --with-zlib and --with-bzip2 failing if the headers aren't found + * fixed handling of waitpid() == EINTR mod_ssi on solaris + - 1.4.18 - 2007-09-09 * fixed compile error on IRIX 6.5.x on prctl() (#1333)