1.4.26 - Chinese dragon
February 07, 2010
There have been some important bug fixes (request parser handling for splitted header data, a fd leak in mod_cgi, a segfault with broken configs in mod_rewrite/mod_redirect, HUP detection and an OOM/DoS vulnerability)
Downloads
- https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.26.tar.gz
- SHA256: 08fc11864a0ad6d2871f32e6d0b0eaeb070f78698a72959f812526173145986e
- SHA1: c22642dc3616043293fb895b9f049b9270dbb2a0
- MD5: 3ce5be17a4dac3c384a8a452c664b840
- https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.26.tar.bz2
- SHA256: d7c25a5bb08c8dbc3e8d86f9e564c90ebf0c365d7fcf5ee801e912fb3c2357fd
- SHA1: f9710da0152792d83c223a1248345a2d145d6f32
- MD5: a682c8efce47a2f4263a247ba0813c9b
- SHA256 checksums: https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.26.sha256sum
- SHA1 checksums: https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.26.sha1sum
- MD5 checksums: https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.26.md5sum
Changes from 1.4.25
- Fix request parser to handle packets with splitted \r\n\r\n (fixes #2105)
- Remove dependency on automake >= 1.11 with m4_ifdef check
- mod_accesslog: support %e (fixes #2113, thx presbrey)
- Fix mod_cgi cgi.execute-x-only option in global block
- mod_fastcgi: x-sendfile2 parse error debugging
- Fix mod_proxy dead host detection if connect() fails
- Fix fd leaks in mod_cgi (fds not closed on pipe/fork failures, found by Rodrigo, fixes #2158, #2159)
- Fix segfault with broken rewrite/redirect patterns (fixes #2140, found by crypt)
- Append to previous buffer in con read, fix DoS/OOM vulnerability (fixes #2147, found by liming, CVE-2010-0295)
- Fix HUP detection in close-state if event-backend doesn’t support FDEVENT_HUP (like select or poll on FreeBSD)