Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package lighttpd for openSUSE:Factory
checked in at 2022-09-27 20:14:34
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/lighttpd (Old)
and /work/SRC/openSUSE:Factory/.lighttpd.new.2275 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "lighttpd"
Tue Sep 27 20:14:34 2022 rev:54 rq:1006411 version:1.4.67
Changes:
--------
--- /work/SRC/openSUSE:Factory/lighttpd/lighttpd.changes 2022-09-14
13:44:56.505888156 +0200
+++ /work/SRC/openSUSE:Factory/.lighttpd.new.2275/lighttpd.changes
2022-09-27 20:14:48.481942290 +0200
@@ -1,0 +2,14 @@
+Fri Sep 23 16:23:13 UTC 2022 - Dirk M??ller <dmuel...@suse.com>
+
+- update to 1.4.67:
+ * Update comment about TCP_INFO on OpenBSD
+ * [mod_ajp13] fix crash with bad response headers (fixes #3170)
+ * [core] handle RDHUP when collecting chunked body
+ * [core] tweak streaming request body to backends
+ * [core] handle ENOSPC with pwritev() (#3171)
+ * [core] manually calculate off_t max (fixes #3171)
+ * [autoconf] force large file support (#3171)
+ * [multiple] quiet coverity warnings using casts
+ * [meson] add license keyword to project declaration
+
+-------------------------------------------------------------------
Old:
----
lighttpd-1.4.66.tar.xz
lighttpd-1.4.66.tar.xz.asc
New:
----
lighttpd-1.4.67.tar.xz
lighttpd-1.4.67.tar.xz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ lighttpd.spec ++++++
--- /var/tmp/diff_new_pack.SuDtP1/_old 2022-09-27 20:14:49.069943570 +0200
+++ /var/tmp/diff_new_pack.SuDtP1/_new 2022-09-27 20:14:49.073943579 +0200
@@ -26,9 +26,8 @@
%define _fillupdir %{_localstatedir}/adm/fillup-templates
%endif
Name: lighttpd
-Version: 1.4.66
+Version: 1.4.67
Release: 0
-#
Summary: A Secure, Fast, Compliant, and Very Flexible Web Server
License: BSD-3-Clause
Group: Productivity/Networking/Web/Servers
++++++ lighttpd-1.4.66.tar.xz -> lighttpd-1.4.67.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lighttpd-1.4.66/CMakeLists.txt
new/lighttpd-1.4.67/CMakeLists.txt
--- old/lighttpd-1.4.66/CMakeLists.txt 2022-08-07 21:03:57.000000000 +0200
+++ new/lighttpd-1.4.67/CMakeLists.txt 2022-09-18 05:06:07.000000000 +0200
@@ -13,7 +13,7 @@
set(CPACK_PACKAGE_VERSION_MAJOR 1)
set(CPACK_PACKAGE_VERSION_MINOR 4)
-set(CPACK_PACKAGE_VERSION_PATCH 66)
+set(CPACK_PACKAGE_VERSION_PATCH 67)
set(CPACK_PACKAGE_VERSION
"${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSION_MINOR}.${CPACK_PACKAGE_VERSION_PATCH}")
set(CPACK_RESOURCE_FILE_LICENSE "${CMAKE_SOURCE_DIR}/COPYING")
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lighttpd-1.4.66/NEWS new/lighttpd-1.4.67/NEWS
--- old/lighttpd-1.4.66/NEWS 2022-08-07 21:03:57.000000000 +0200
+++ new/lighttpd-1.4.67/NEWS 2022-09-18 05:06:07.000000000 +0200
@@ -3,6 +3,17 @@
NEWS
====
+- 1.4.67 - 2022-09-17
+ * Update comment about TCP_INFO on OpenBSD
+ * [mod_ajp13] fix crash with bad response headers (fixes #3170)
+ * [core] handle RDHUP when collecting chunked body
+ * [core] tweak streaming request body to backends
+ * [core] handle ENOSPC with pwritev() (#3171)
+ * [core] manually calculate off_t max (fixes #3171)
+ * [autoconf] force large file support (#3171)
+ * [multiple] quiet coverity warnings using casts
+ * [meson] add license keyword to project declaration
+
- 1.4.66 - 2022-08-07
* [core] h2: optim: send window update in 16k units
* [mod_magnet] reset for http-response-send-file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lighttpd-1.4.66/SConstruct
new/lighttpd-1.4.67/SConstruct
--- old/lighttpd-1.4.66/SConstruct 2022-08-07 21:03:57.000000000 +0200
+++ new/lighttpd-1.4.67/SConstruct 2022-09-18 05:06:07.000000000 +0200
@@ -12,7 +12,7 @@
string_types = str
package = 'lighttpd'
-version = '1.4.66'
+version = '1.4.67'
underscorify_reg = re.compile('[^A-Z0-9]')
def underscorify(id):
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lighttpd-1.4.66/configure
new/lighttpd-1.4.67/configure
--- old/lighttpd-1.4.66/configure 2022-08-07 21:04:07.000000000 +0200
+++ new/lighttpd-1.4.67/configure 2022-09-18 05:06:19.000000000 +0200
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.71 for lighttpd 1.4.66.
+# Generated by GNU Autoconf 2.71 for lighttpd 1.4.67.
#
# Report bugs to <https://redmine.lighttpd.net/projects/lighttpd/boards/2>.
#
@@ -622,8 +622,8 @@
# Identity of this package.
PACKAGE_NAME='lighttpd'
PACKAGE_TARNAME='lighttpd'
-PACKAGE_VERSION='1.4.66'
-PACKAGE_STRING='lighttpd 1.4.66'
+PACKAGE_VERSION='1.4.67'
+PACKAGE_STRING='lighttpd 1.4.67'
PACKAGE_BUGREPORT='https://redmine.lighttpd.net/projects/lighttpd/boards/2'
PACKAGE_URL='https://www.lighttpd.net/'
@@ -1530,7 +1530,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures lighttpd 1.4.66 to adapt to many kinds of systems.
+\`configure' configures lighttpd 1.4.67 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1601,7 +1601,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of lighttpd 1.4.66:";;
+ short | recursive ) echo "Configuration of lighttpd 1.4.67:";;
esac
cat <<\_ACEOF
@@ -1813,7 +1813,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-lighttpd configure 1.4.66
+lighttpd configure 1.4.67
generated by GNU Autoconf 2.71
Copyright (C) 2021 Free Software Foundation, Inc.
@@ -2229,7 +2229,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by lighttpd $as_me 1.4.66, which was
+It was created by lighttpd $as_me 1.4.67, which was
generated by GNU Autoconf 2.71. Invocation command line was
$ $0$ac_configure_args_raw
@@ -3581,7 +3581,7 @@
# Define the identity of the package.
PACKAGE='lighttpd'
- VERSION='1.4.66'
+ VERSION='1.4.67'
printf "%s\n" "#define PACKAGE \"$PACKAGE\"" >>confdefs.h
@@ -21463,7 +21463,9 @@
enableval=$enable_lfs;
case "${enableval}" in
yes) ENABLE_LFS=yes ;;
- no) ENABLE_LFS=no ;;
+ no) ENABLE_LFS=yes
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: large file support
forced; --disable-lfs ignored" >&5
+printf "%s\n" "$as_me: large file support forced; --disable-lfs ignored" >&6;}
;;
*) as_fn_error $? "bad value ${enableval} for --enable-lfs" "$LINENO" 5 ;;
esac
@@ -22023,7 +22025,7 @@
fi
fi
-LIGHTTPD_VERSION_ID=0x10442
+LIGHTTPD_VERSION_ID=0x10443
printf "%s\n" "#define LIGHTTPD_VERSION_ID $LIGHTTPD_VERSION_ID" >>confdefs.h
@@ -22621,7 +22623,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by lighttpd $as_me 1.4.66, which was
+This file was extended by lighttpd $as_me 1.4.67, which was
generated by GNU Autoconf 2.71. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -22690,7 +22692,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config='$ac_cs_config_escaped'
ac_cs_version="\\
-lighttpd config.status 1.4.66
+lighttpd config.status 1.4.67
configured by $0, generated by GNU Autoconf 2.71,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lighttpd-1.4.66/configure.ac
new/lighttpd-1.4.67/configure.ac
--- old/lighttpd-1.4.66/configure.ac 2022-08-07 21:03:57.000000000 +0200
+++ new/lighttpd-1.4.67/configure.ac 2022-09-18 05:06:07.000000000 +0200
@@ -14,7 +14,7 @@
dnl function call, the argument should be on different lines than the
dnl wrapping braces
AC_PREREQ([2.60])
-AC_INIT([lighttpd],[1.4.66],[https://redmine.lighttpd.net/projects/lighttpd/boards/2],[lighttpd],[https://www.lighttpd.net/])
+AC_INIT([lighttpd],[1.4.67],[https://redmine.lighttpd.net/projects/lighttpd/boards/2],[lighttpd],[https://www.lighttpd.net/])
AC_CONFIG_SRCDIR([src/server.c])
AC_CONFIG_HEADERS([config.h])
AC_CONFIG_MACRO_DIR([m4])
@@ -1527,7 +1527,8 @@
[
case "${enableval}" in
yes) ENABLE_LFS=yes ;;
- no) ENABLE_LFS=no ;;
+ no) ENABLE_LFS=yes
+ AC_MSG_NOTICE([large file support forced; --disable-lfs ignored]) ;;
*) AC_MSG_ERROR([bad value ${enableval} for --enable-lfs]) ;;
esac
],
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lighttpd-1.4.66/meson.build
new/lighttpd-1.4.67/meson.build
--- old/lighttpd-1.4.66/meson.build 2022-08-07 21:03:57.000000000 +0200
+++ new/lighttpd-1.4.67/meson.build 2022-09-18 05:06:07.000000000 +0200
@@ -1,4 +1,6 @@
-project('lighttpd', 'c', version: '1.4.66', default_options : ['c_std=c11'])
+project('lighttpd', 'c', version: '1.4.67', license: 'BSD-3-Clause',
+ default_options : ['c_std=c11']
+)
subdir('src')
subdir('tests')
@@ -10,10 +12,10 @@
# $ ninja
# full build:
-# $ meson configure -D build_extra_warnings=true -D with_bzip=true -D
with_dbi=true -D with_fam=true -D with_krb5=true -D with_ldap=true -D
with_libev=true -D with_libunwind=true -D with_lua=true -D with_mysql=true -D
with_openssl=true -D with_pcre2=true -D with_pgsql=true -D with_sasl=true -D
with_webdav_locks=true -D with_webdav_props=true -D with_xattr=true -D
with_zlib=true
+# $ meson configure -D build_extra_warnings=true -D buildtype=debugoptimized
-D with_bzip=true -D with_dbi=true -D with_fam=true -D with_krb5=true -D
with_ldap=true -D with_libev=true -D with_libunwind=true -D with_lua=true -D
with_mysql=true -D with_openssl=true -D with_pcre2=true -D with_pgsql=true -D
with_sasl=true -D with_webdav_locks=true -D with_webdav_props=true -D
with_xattr=true -D with_zlib=true
# optimized build:
# $ meson configure -D b_lto=true -D buildtype=debugoptimized
-# monolitic build (contains all plugins):
-# $ meson configure -D build_static=true
+# monolithic build (contains all plugins):
+# $ meson configure -D build_static=true -D buildtype=minsize
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lighttpd-1.4.66/src/chunk.c
new/lighttpd-1.4.67/src/chunk.c
--- old/lighttpd-1.4.66/src/chunk.c 2022-08-07 21:03:57.000000000 +0200
+++ new/lighttpd-1.4.67/src/chunk.c 2022-09-18 05:06:07.000000000 +0200
@@ -1011,6 +1011,8 @@
chunkqueue_mark_written(dest, dlen);
}
}
+ else if (chunkqueue_append_tempfile_err(dest, errh, c))
+ wr = 0; /*(to trigger continue/retry in caller rather than error)*/
return wr;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lighttpd-1.4.66/src/connections.c
new/lighttpd-1.4.67/src/connections.c
--- old/lighttpd-1.4.66/src/connections.c 2022-08-07 21:03:57.000000000
+0200
+++ new/lighttpd-1.4.67/src/connections.c 2022-09-18 05:06:07.000000000
+0200
@@ -1912,6 +1912,11 @@
/* don't buffer request bodies <= 64k on disk */
chunkqueue_steal(dst_cq, cq, len);
}
+ else if (chunkqueue_length(dst_cq) + len <= 64*1024
+ && (!dst_cq->first || dst_cq->first->type == MEM_CHUNK)) {
+ /* avoid tempfiles when streaming request body to fast backend */
+ chunkqueue_steal(dst_cq, cq, len);
+ }
else if (0 !=
chunkqueue_steal_with_tempfiles(dst_cq,cq,len,r->conf.errh)) {
/* writing to temp file failed */ /* Internal Server Error */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lighttpd-1.4.66/src/fdevent.c
new/lighttpd-1.4.67/src/fdevent.c
--- old/lighttpd-1.4.66/src/fdevent.c 2022-08-07 21:03:57.000000000 +0200
+++ new/lighttpd-1.4.67/src/fdevent.c 2022-09-18 05:06:07.000000000 +0200
@@ -544,7 +544,7 @@
return (0 == getsockopt(fd, IPPROTO_TCP, TCP_CONNECTION_INFO, &tcpi, &tlen)
&& tcpi.tcpi_state == TCPS_CLOSE_WAIT);
#elif defined(TCP_INFO) && defined(TCPS_CLOSE_WAIT)
- /* FreeBSD, NetBSD (not present in OpenBSD or DragonFlyBSD) */
+ /* FreeBSD, NetBSD, OpenBSD (not present in DragonFlyBSD) */
struct tcp_info tcpi;
socklen_t tlen = sizeof(tcpi);
return (0 == getsockopt(fd, IPPROTO_TCP, TCP_INFO, &tcpi, &tlen)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lighttpd-1.4.66/src/gw_backend.c
new/lighttpd-1.4.67/src/gw_backend.c
--- old/lighttpd-1.4.66/src/gw_backend.c 2022-08-07 21:03:57.000000000
+0200
+++ new/lighttpd-1.4.67/src/gw_backend.c 2022-09-18 05:06:07.000000000
+0200
@@ -1911,6 +1911,36 @@
fdevent_fdnode_event_clr(hctx->ev, hctx->fdn, FDEVENT_OUT);
}
+static handler_t gw_write_refill_wb(gw_handler_ctx * const hctx, request_st *
const r) {
+ if (chunkqueue_is_empty(&r->reqbody_queue))
+ return HANDLER_GO_ON;
+ if (hctx->stdin_append) {
+ if (chunkqueue_length(&hctx->wb) < 65536 - 16384)
+ return hctx->stdin_append(hctx);
+ }
+ else {
+ const chunk * const c = r->reqbody_queue.last;
+ const off_t qlen = chunkqueue_length(&r->reqbody_queue);
+ if (c->type == FILE_CHUNK) {
+ /*(move all but last chunk if reqbody_queue using tempfiles, unless
+ * hctx->wb is empty and only one chunk, then move last chunk)*/
+ if (c != r->reqbody_queue.first)
+ chunkqueue_steal(&hctx->wb, &r->reqbody_queue,
+ qlen - (c->file.length-c->offset));
+ else if (chunkqueue_is_empty(&hctx->wb))
+ chunkqueue_append_chunkqueue(&hctx->wb, &r->reqbody_queue);
+ }
+ else if (qlen + chunkqueue_length(&hctx->wb) > 65536) {
+ if (0 != chunkqueue_steal_with_tempfiles(&hctx->wb,
+ &r->reqbody_queue, qlen, r->conf.errh))
+ return HANDLER_ERROR;
+ }
+ else
+ chunkqueue_append_chunkqueue(&hctx->wb, &r->reqbody_queue);
+ }
+ return HANDLER_GO_ON;
+}
+
static handler_t gw_write_request(gw_handler_ctx * const hctx, request_st *
const r) {
switch(hctx->state) {
case GW_STATE_INIT:
@@ -2046,12 +2076,8 @@
}
else if (hctx->wb.bytes_out > bytes_out) {
hctx->write_ts = hctx->proc->last_used = log_monotonic_secs;
- if (hctx->stdin_append
- && chunkqueue_length(&hctx->wb) < 65536 - 16384
- && !chunkqueue_is_empty(&r->reqbody_queue)) {
- handler_t rc = hctx->stdin_append(hctx);
- if (HANDLER_GO_ON != rc) return rc;
- }
+ handler_t rc = gw_write_refill_wb(hctx, r);
+ if (HANDLER_GO_ON != rc) return rc;
}
}
@@ -2201,11 +2227,10 @@
* buffered to disk if too large and backend can not keep up */
/*(64k - 4k to attempt to avoid temporary files
* in conjunction with FDEVENT_STREAM_REQUEST_BUFMIN)*/
- if (chunkqueue_length(&hctx->wb) > 65536 - 4096) {
- if (r->conf.stream_request_body & FDEVENT_STREAM_REQUEST_BUFMIN) {
- r->conf.stream_request_body &= ~FDEVENT_STREAM_REQUEST_POLLIN;
- }
- if (0 != hctx->wb.bytes_in) return HANDLER_WAIT_FOR_EVENT;
+ if (chunkqueue_length(&hctx->wb) > 65536 - 4096
+ && (r->conf.stream_request_body & FDEVENT_STREAM_REQUEST_BUFMIN)) {
+ r->conf.stream_request_body &= ~FDEVENT_STREAM_REQUEST_POLLIN;
+ return HANDLER_WAIT_FOR_EVENT;
}
else {
handler_t rc = r->con->reqbody_read(r);
@@ -2228,7 +2253,7 @@
* and module is flagged to stream request body to backend) */
return (r->conf.stream_request_body & FDEVENT_STREAM_REQUEST)
? http_response_reqbody_read_error(r, 411)
- : HANDLER_WAIT_FOR_EVENT;
+ : (rc == HANDLER_GO_ON) ? HANDLER_WAIT_FOR_EVENT : rc;
}
if (hctx->wb_reqlen < -1 && r->reqbody_length >= 0) {
@@ -2238,18 +2263,13 @@
handler_t rca = hctx->stdin_append(hctx);
if (HANDLER_GO_ON != rca) return rca;
}
- }
-
- if ((0 != hctx->wb.bytes_in || -1 == hctx->wb_reqlen)
- && !chunkqueue_is_empty(&r->reqbody_queue)) {
- if (hctx->stdin_append) {
- if (chunkqueue_length(&hctx->wb) < 65536 - 16384) {
- handler_t rca = hctx->stdin_append(hctx);
- if (HANDLER_GO_ON != rca) return rca;
- }
- }
else
chunkqueue_append_chunkqueue(&hctx->wb, &r->reqbody_queue);
+ }
+
+ if (0 != hctx->wb.bytes_in || -1 == hctx->wb_reqlen) {
+ handler_t rca = gw_write_refill_wb(hctx, r);
+ if (HANDLER_GO_ON != rca) return rca;
if (fdevent_fdnode_interest(hctx->fdn) & FDEVENT_OUT) {
return (rc == HANDLER_GO_ON) ? HANDLER_WAIT_FOR_EVENT : rc;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lighttpd-1.4.66/src/mod_ajp13.c
new/lighttpd-1.4.67/src/mod_ajp13.c
--- old/lighttpd-1.4.66/src/mod_ajp13.c 2022-08-07 21:03:57.000000000 +0200
+++ new/lighttpd-1.4.67/src/mod_ajp13.c 2022-09-18 05:06:07.000000000 +0200
@@ -812,6 +812,12 @@
switch(ptr[4]) {
case AJP13_SEND_HEADERS:
if (0 == r->resp_body_started) {
+ if (plen < 3) {
+ log_error(errh, __FILE__, __LINE__,
+ "AJP13: headers packet received with invalid length");
+ return HANDLER_FINISHED;
+ }
+
buffer *hdrs = hctx->response;
if (NULL == hdrs) {
hdrs = r->tmp_buf;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lighttpd-1.4.66/src/mod_auth.c
new/lighttpd-1.4.67/src/mod_auth.c
--- old/lighttpd-1.4.66/src/mod_auth.c 2022-08-07 21:03:57.000000000 +0200
+++ new/lighttpd-1.4.67/src/mod_auth.c 2022-09-18 05:06:07.000000000 +0200
@@ -113,7 +113,8 @@
for (uint32_t i = 0, used = opts->used; i < used; ++i) {
data_unset *du = opts->data[i];
if (buffer_is_equal_string(&du->key, CONST_STR_LEN("max-age")))
- ac->max_age = (time_t)config_plugin_value_to_int32(du,
ac->max_age);
+ ac->max_age = (time_t)
+ config_plugin_value_to_int32(du, (int32_t)ac->max_age);
}
return ac;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lighttpd-1.4.66/src/mod_cgi.c
new/lighttpd-1.4.67/src/mod_cgi.c
--- old/lighttpd-1.4.66/src/mod_cgi.c 2022-08-07 21:03:57.000000000 +0200
+++ new/lighttpd-1.4.67/src/mod_cgi.c 2022-09-18 05:06:07.000000000 +0200
@@ -1028,7 +1028,8 @@
&& !(r->conf.stream_request_body /*(if not streaming request body)*/
& (FDEVENT_STREAM_REQUEST|FDEVENT_STREAM_REQUEST_BUFMIN))) {
/* store request body in single tempfile if not streaming
request body*/
- r->reqbody_queue.upload_temp_file_size = INTMAX_MAX;
+ r->reqbody_queue.upload_temp_file_size =
+ (off_t)((1uLL << (sizeof(off_t)*8-1))-1);
}
{
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lighttpd-1.4.66/src/mod_mbedtls.c
new/lighttpd-1.4.67/src/mod_mbedtls.c
--- old/lighttpd-1.4.66/src/mod_mbedtls.c 2022-08-07 21:03:57.000000000
+0200
+++ new/lighttpd-1.4.67/src/mod_mbedtls.c 2022-09-18 05:06:07.000000000
+0200
@@ -380,7 +380,7 @@
mbedtls_ssl_ticket_key *key = ctx->keys + ctx->active;
/* set generation_time to cur_ts instead of stek->active_ts
* since ctx->active was updated */
- key->generation_time = cur_ts;
+ key->generation_time = (uint32_t)cur_ts;
memcpy(key->name, stek->tick_key_name, sizeof(key->name));
/* With GCM and CCM, same context can encrypt & decrypt */
int rc = mbedtls_cipher_setkey(&key->ctx, stek->tick_aes_key,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lighttpd-1.4.66/src/mod_status.c
new/lighttpd-1.4.67/src/mod_status.c
--- old/lighttpd-1.4.66/src/mod_status.c 2022-08-07 21:03:57.000000000
+0200
+++ new/lighttpd-1.4.67/src/mod_status.c 2022-09-18 05:06:07.000000000
+0200
@@ -409,7 +409,7 @@
mins = ts / (60);
ts %= (60);
- seconds = ts;
+ seconds = (int)ts;
if (days) {
buffer_append_int(b, days);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lighttpd-1.4.66/src/mod_vhostdb.c
new/lighttpd-1.4.67/src/mod_vhostdb.c
--- old/lighttpd-1.4.66/src/mod_vhostdb.c 2022-08-07 21:03:57.000000000
+0200
+++ new/lighttpd-1.4.67/src/mod_vhostdb.c 2022-09-18 05:06:07.000000000
+0200
@@ -90,7 +90,8 @@
for (uint32_t i = 0, used = opts->used; i < used; ++i) {
data_unset *du = opts->data[i];
if (buffer_is_equal_string(&du->key, CONST_STR_LEN("max-age")))
- vc->max_age = (time_t)config_plugin_value_to_int32(du,
vc->max_age);
+ vc->max_age = (time_t)
+ config_plugin_value_to_int32(du, (int32_t)vc->max_age);
}
return vc;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lighttpd-1.4.66/src/mod_webdav.c
new/lighttpd-1.4.67/src/mod_webdav.c
--- old/lighttpd-1.4.66/src/mod_webdav.c 2022-08-07 21:03:57.000000000
+0200
+++ new/lighttpd-1.4.67/src/mod_webdav.c 2022-09-18 05:06:07.000000000
+0200
@@ -4680,7 +4680,7 @@
force_assert(cq->last);
#endif
buffer_clear(cq->last->mem); /* file already unlink()ed */
- cq->upload_temp_file_size = INTMAX_MAX;
+ cq->upload_temp_file_size = (off_t)((1uLL << (sizeof(off_t)*8-1))-1);
cq->last->file.is_temp = 1;
return HANDLER_GO_ON;
