|
List Info
Thread: 1.4.18 - speeding up a bit
|
|
| 1.4.18 - speeding up a bit |
 
Germany |
2007-09-09 16:24:55 |
hi,
"Release early, release often."
So here we are again. The previous release is already 12
days old! It already
got grey hair.
And again we have a small security bug! It seems, if you get
the more
popular, more people are looking at your code. This time
Mattias Bengtsson
and Philip Olausson from secweb.se took a look at the code.
They found a
small bug that could lead to remote code execution in
fastcgi applications.
(We wont mention names here.)
Lighttpd SA 2007:12 (http://www.lighttpd.net/assets/2007/9/9/lighttpd_
sa_2007_12.txt)
(patch: http://www.lighttpd.net/download/lightt
pd-1.4.x_mod_fastcgi_overrun.patch)
Download
* http://www.lighttpd.net/download/lighttpd-1.4.18.tar.gz
(sha1sum: 30eb24cdfcfeadf10fa16f187330bdc5deb25ed2
md5sum: 5db3204d57436a032f899ff9dbce793f )
* http://www.lighttpd.net/download/lighttpd-1.4.18.tar.bz2
(sha1sum: a53a8f8ae8d42d036f0b5129764b822e943cc778
md5sum: 26f98dddf9d8c0775221b800986003ee)
Changes
* fixed compile error on IRIX 6.5.x on prctl() (#1333)
* fixed forwarding a SIGINT and SIGHUP when using
max-workers (#902)
* fixed FastCGI header overrun in mod_fastcgi
(reported by mattias secweb.se)
* fixed hanging redirects with keep-alive due to missing
"Content-Length: 0"
headers
* fixed crashing when using undefined environment variables
in the config
* fixed compilation of mod_mysql_vhost on irix (#1341)
For all the packagers: if you wonder what happened to
lighttpd 2007-SA:11 and
lighttpd 2007-SA:10, they will be released in the next
days.
darix
--
openSUSE - SUSE Linux is my linux
openSUSE is good for you
www.opensuse.org
|
|
| Re: 1.4.18 - speeding up a bit |
Germany |
2007-09-09 19:16:15 |
I built 1.4.18 RPMs and SRPMs for RedHat Enterprise Linux /
CentOS 4 &
5 and Fedora 7, if anyone is interested:
https://www.kevinworthington.com/index.php/2007/09/09/ligh
ttpd-1418-rpms-and-srpms-for-rhelcentos-45-and-fedora-7/
On 9/9/07, Marcus Rueckert <darixweb.de> wrote:
> hi,
>
> "Release early, release often."
>
> So here we are again. The previous release is already
12 days old! It already
> got grey hair.
>
> And again we have a small security bug! It seems, if
you get the more
> popular, more people are looking at your code. This
time Mattias Bengtsson
> and Philip Olausson from secweb.se took a look at the
code. They found a
> small bug that could lead to remote code execution in
fastcgi applications.
> (We wont mention names here.)
>
> Lighttpd SA 2007:12 (http://www.lighttpd.net/assets/2007/9/9/lighttpd_
sa_2007_12.txt)
> (patch: http://www.lighttpd.net/download/lightt
pd-1.4.x_mod_fastcgi_overrun.patch)
>
> Download
> * http://www.lighttpd.net/download/lighttpd-1.4.18.tar.gz
> (sha1sum: 30eb24cdfcfeadf10fa16f187330bdc5deb25ed2
> md5sum: 5db3204d57436a032f899ff9dbce793f )
> * http://www.lighttpd.net/download/lighttpd-1.4.18.tar.bz2
> (sha1sum: a53a8f8ae8d42d036f0b5129764b822e943cc778
> md5sum: 26f98dddf9d8c0775221b800986003ee)
>
> Changes
> * fixed compile error on IRIX 6.5.x on prctl()
(#1333)
> * fixed forwarding a SIGINT and SIGHUP when using
max-workers (#902)
> * fixed FastCGI header overrun in mod_fastcgi
> (reported by mattiassecweb.se)
> * fixed hanging redirects with keep-alive due to
missing "Content-Length: 0"
> headers
> * fixed crashing when using undefined environment
variables in the config
> * fixed compilation of mod_mysql_vhost on irix
(#1341)
>
> For all the packagers: if you wonder what happened to
lighttpd 2007-SA:11 and
> lighttpd 2007-SA:10, they will be released in the next
days.
>
> darix
>
> --
> openSUSE - SUSE Linux is my linux
> openSUSE is good for you
> www.opensuse.org
>
>
--
Kevin Worthington
|
|
| Re: 1.4.18 - speeding up a bit |
Germany |
2007-09-10 10:16:54 |
Marcus Rueckert wrote :
> Changes
> * fixed compile error on IRIX 6.5.x on prctl()
(#1333)
> * fixed forwarding a SIGINT and SIGHUP when using
max-workers (#902)
> * fixed FastCGI header overrun in mod_fastcgi
> (reported by mattiassecweb.se)
> * fixed hanging redirects with keep-alive due to
missing "Content-Length: 0"
> headers
> * fixed crashing when using undefined environment
variables in the config
> * fixed compilation of mod_mysql_vhost on irix
(#1341)
No word of the lighttpd-angel, which is now installed by
default in
1.4.18 :
http://blog.lighttpd.net/articles/2007/
09/02/there-is-an-angel-for-lighty
I can't seem to figure how it is supposed to work, though :
[rootpython3 ~]# lighttpd-angel -f
/etc/lighttpd/lighttpd.conf
lighttpd-angel.c.137: child (pid=16256) exited normally with
exitcode: 0
Then lighttpd is running, but not lighttpd-angel. It also
seems that it
doesn't have its own command-line options, all including
--help are
passed straight to lighttpd...
Maybe it's not yet entirely ready and got included "by
mistake"?
Matthias
--
Clean custom Red Hat Linux rpm packages : http://freshrpms.net/
Fedora release 7 (Moonshine) - Linux kernel 2.6.22.5-71.fc7
Load : 0.45 1.89 3.00
|
|
| Re: 1.4.18 - speeding up a bit |
Germany |
2007-09-10 10:24:48 |
Matthias Saou wrote:
> Marcus Rueckert wrote :
>
>> Changes
>> * fixed compile error on IRIX 6.5.x on prctl()
(#1333)
>> * fixed forwarding a SIGINT and SIGHUP when using
max-workers (#902)
>> * fixed FastCGI header overrun in mod_fastcgi
>> (reported by mattiassecweb.se)
>> * fixed hanging redirects with keep-alive due to
missing "Content-Length: 0"
>> headers
>> * fixed crashing when using undefined environment
variables in the config
>> * fixed compilation of mod_mysql_vhost on irix
(#1341)
>
> No word of the lighttpd-angel, which is now installed
by default in
> 1.4.18 :
>
> http://blog.lighttpd.net/articles/2007/
09/02/there-is-an-angel-for-lighty
>
> I can't seem to figure how it is supposed to work,
though :
>
> [rootpython3 ~]# lighttpd-angel -f
/etc/lighttpd/lighttpd.conf
> lighttpd-angel.c.137: child (pid=16256) exited normally
with exitcode: 0
Add a -D 
> Then lighttpd is running, but not lighttpd-angel. It
also seems that it
> doesn't have its own command-line options, all
including --help are
> passed straight to lighttpd...
Right. That's expected.
> Maybe it's not yet entirely ready and got included
"by mistake"?
It wanted to get it out to testers to try it out if it does
what we expect.
> Matthias
cheers,
Jan
--
jan: "Gee, Brain^WEric, what'd you wanna do
tonight?"
eric: Same thing we do everynight: Take over the
HelloWorld!
|
|
| Re: 1.4.18 - speeding up a bit |
Germany |
2007-09-10 10:33:05 |
|
Matthias Saou schrieb:
python3.es.egwn.lan"
type="cite">
Marcus Rueckert wrote :
Changes
* fixed compile error on IRIX 6.5.x on prctl() (#1333)
* fixed forwarding a SIGINT and SIGHUP when using max-workers (#902)
* fixed FastCGI header overrun in mod_fastcgi
(reported by secweb.se">mattiassecweb.se)
* fixed hanging redirects with keep-alive due to missing "Content-Length: 0"
headers
* fixed crashing when using undefined environment variables in the config
* fixed compilation of mod_mysql_vhost on irix (#1341)
No word of the lighttpd-angel, which is now installed by default in
1.4.18 :
http://blog.lighttpd.net/articles/2007/09/02/there-is-an-angel-for-lighty
[...]
Wow, that sounds cool - I would have missed it.
Seems to lead to a way to finally have *graceful* config reloads .
Thanks Jan!
Regards,
Thomas
|
| Re: 1.4.18 - speeding up a bit |
Germany |
2007-09-10 11:00:47 |
Thomas Seifert wrote:
> Matthias Saou schrieb:
>> No word of the lighttpd-angel, which is now
installed by default in
>> 1.4.18 :
>>
>> http://blog.lighttpd.net/articles/2007/
09/02/there-is-an-angel-for-lighty
>>
>> [...]
>
> Wow, that sounds cool - I would have missed it.
> Seems to lead to a way to finally have *graceful*
config reloads .
> Thanks Jan!
Yes, please try it out and send it a SIGHUP as often as you
want.
It should reload the config gracefully (killing the old
process with
SIGINT and starting a new process right away).
> Regards,
>
> Thomas
cheers,
Jan
--
jan: "Gee, Brain^WEric, what'd you wanna do
tonight?"
eric: Same thing we do everynight: Take over the
HelloWorld!
|
|
| Re: 1.4.18 - speeding up a bit |
Germany |
2007-09-25 17:45:32 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/09/07 11:33 AM, Thomas Seifert wrote:
> Matthias Saou schrieb:
>> No word of the lighttpd-angel, which is now
installed by default in
>> 1.4.18 :
>>
>> http://blog.lighttpd.net/articles/2007/
09/02/there-is-an-angel-for-lighty
>>
>> [...]
>
> Wow, that sounds cool - I would have missed it.
> Seems to lead to a way to finally have *graceful*
config reloads .
> Thanks Jan!
There's a trivial patch I sent a while ago that, when used
in
conjunction with Daniel J Bernstein's daemontools, can do
just that*.
The 1.5 version made it to the trunk but the 1.4 didn't. I
can resend it
if you like.
Basically all it does is add a handler to close the socket
and fork on a
SIGHUP. With daemontools, Lighty runs as a foreground
process and the
"supervise" program restarts it as soon as the
process dies, so by
closing the socket and forking, the forked lighty continues
serving open
connection while a new lighty process is immediately started
by
supervise and can start listening on the same port.
Daemontools can be found here:
http://cr.yp.to/daem
ontools.html
* You can also have a script that HUP the process and start
Lighty right
away; ex. as the reload function of an init script.
Thomas
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFG+Y+M6dZ+Kt5BchYRAqjBAKC4c7yxIqMstVx6t82u4U+VYb5RGACg
hT/M
/CPw6vCZPihY1ArIWExYcUU=
=7DZx
-----END PGP SIGNATURE-----
|
|
[1-7]
|
|
|
about | contact Other archives ( Real Estate discussion Medical topics )
|