17600553 Upgrade lighttpd to version 1.4.33 s11-update
authorJiri Kukacka <jiri.kukacka@oracle.com>
Thu, 09 Jan 2014 03:35:51 -0800
branchs11-update
changeset 2925 d64f6e80d9b1
parent 2924 894dcec4ac14
child 2928 43b3da52b84a
17600553 Upgrade lighttpd to version 1.4.33 17487983 Parfait reports number of errors in lighttpd 1.4.23 17488086 problem in UTILITY/LIGHTTPD 17536689 problem in UTILITY/LIGHTTPD
components/lighttpd/Makefile
components/lighttpd/Solaris/http-lighttpd14
components/lighttpd/Solaris/http-lighttpd14.xml
components/lighttpd/lighttpd.p5m
components/lighttpd/patches/01-drop_privileges.patch
components/lighttpd/patches/02-automake-libtool-Solaris.patch
components/lighttpd/patches/03-lighttpd.conf.patch
components/lighttpd/patches/04-manpage.patch
components/lighttpd/patches/05-network-nodelay.patch
components/lighttpd/patches/07-parfait-errors.patch
components/lighttpd/patches/CVE-2011-4362.patch
components/lighttpd/patches/lighttpd-conf_file.patch
components/lighttpd/patches/lighttpd-manpage.patch
components/lighttpd/patches/lighttpd-nodelay.patch
components/lighttpd/patches/lighttpd-src.Makefile.am.patch
components/lighttpd/patches/lighttpd_fix_slow_request_dos.patch
--- a/components/lighttpd/Makefile	Thu Jan 30 15:02:39 2014 -0800
+++ b/components/lighttpd/Makefile	Thu Jan 09 03:35:51 2014 -0800
@@ -26,12 +26,12 @@
 include ../../make-rules/shared-macros.mk
 
 COMPONENT_NAME=		lighttpd
-COMPONENT_VERSION=	1.4.23
+COMPONENT_VERSION=	1.4.33
 COMPONENT_PROJECT_URL=	http://www.lighttpd.net/
 COMPONENT_SRC=		$(COMPONENT_NAME)-$(COMPONENT_VERSION)
 COMPONENT_ARCHIVE=	$(COMPONENT_SRC).tar.gz
 COMPONENT_ARCHIVE_HASH=	\
-    sha256:8555db22ed7d429160701555611d8cd5eff42fc7e6e3ad3b050279c9b2145469
+    sha256:91f574d8bea8d9f75535e86cb2abc389beb8be24f003b71e6304b8c8ba1d3753
 COMPONENT_ARCHIVE_URL=	$(COMPONENT_PROJECT_URL)download/$(COMPONENT_ARCHIVE)
 COMPONENT_BUGDB=	utility/lighttpd
 
@@ -43,7 +43,7 @@
 
 PATCH_LEVEL=0
 
-# libtool linking will fail unless we re-create configure.
+# We need to run autogen because we patch configure.ac file
 COMPONENT_PREP_ACTION = ( cd $(@D) ; $(CONFIG_SHELL) autogen.sh )
 
 # lighttpd is logging using __FILE__ macro. Cloning will make this happen
--- a/components/lighttpd/Solaris/http-lighttpd14	Thu Jan 30 15:02:39 2014 -0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,58 +0,0 @@
-#!/usr/bin/ksh93
-#
-# CDDL HEADER START
-#
-# The contents of this file are subject to the terms of the
-# Common Development and Distribution License (the "License").
-# You may not use this file except in compliance with the License.
-#
-# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
-# or http://www.opensolaris.org/os/licensing.
-# See the License for the specific language governing permissions
-# and limitations under the License.
-#
-# When distributing Covered Code, include this CDDL HEADER in each
-# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
-# If applicable, add the following below this CDDL HEADER, with the
-# fields enclosed by brackets "[]" replaced with your own identifying
-# information: Portions Copyright [yyyy] [name of copyright owner]
-#
-# CDDL HEADER END
-#
-#
-# Copyright (c) 2008, 2011, Oracle and/or its affiliates. All rights reserved.
-#
-
-source /lib/svc/share/smf_include.sh
-
-# constants
-typeset -r lighttpd_version="1.4"
-typeset -r lighttpd_home="/usr/lighttpd/${lighttpd_version}"
-typeset -r lighttpd_bin="${lighttpd_home}/sbin/lighttpd"
-typeset -r conf_file="/etc/lighttpd/${lighttpd_version}/lighttpd.conf"
-typeset -r pidfile=`sed -n -e 's/"//g' -e 's/server\.pid-file *= *//p' ${conf_file}`
-
-
-[[ ! -f "${conf_file}" ]] && exit $SMF_EXIT_ERR_CONFIG
-
-case "$1" in
-        start)
-                rm -f "${pidfile}"
-                exec ${lighttpd_bin} -f ${conf_file} 2>&1
-                ;;
-        refresh)
-                print "Going to refresh"
-                if [[ -f "${pidfile}" ]]; then
-                        kill -HUP "$( < "${pidfile}" )"
-                fi
-                ;;
-        stop)
-                if [[ -f ${pidfile} ]] ; then
-                        kill "$( < "${pidfile}" )"
-                fi
-                ;;
-        *)
-                printf "Usage: %s {start|stop|refresh}\n" "$0"
-                exit 1
-                ;;
-esac
--- a/components/lighttpd/Solaris/http-lighttpd14.xml	Thu Jan 30 15:02:39 2014 -0800
+++ b/components/lighttpd/Solaris/http-lighttpd14.xml	Thu Jan 09 03:35:51 2014 -0800
@@ -22,7 +22,7 @@
 
 <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
 <!--
-    Copyright (c) 2008, 2011, Oracle and/or its affiliates. All rights reserved.
+    Copyright (c) 2008, 2014, Oracle and/or its affiliates. All rights reserved.
 -->
 
 <service_bundle type='manifest' name='SUNWlighttpd14r:lighttpd'>
@@ -76,15 +76,19 @@
        <exec_method
            type='method'
            name='start'
-           exec='/lib/svc/method/http-lighttpd14 start'
+           exec='/usr/lighttpd/1.4/sbin/lighttpd -f /etc/lighttpd/1.4/lighttpd.conf'
            timeout_seconds='60'>
-           <method_context />
+           <method_context>
+               <method_credential
+                   user='webservd' group='webservd'
+                   privileges='basic,net_privaddr'/>
+           </method_context>
       </exec_method>
 
       <exec_method
            type='method'
            name='stop'
-           exec='/lib/svc/method/http-lighttpd14 stop'
+           exec=':kill'
            timeout_seconds='60'>
            <method_context />
       </exec_method>
@@ -92,9 +96,13 @@
        <exec_method
            type='method'
            name='refresh'
-           exec='/lib/svc/method/http-lighttpd14 refresh'
+           exec=':kill -HUP'
            timeout_seconds='60'>
-           <method_context />
+           <method_context>
+               <method_credential
+                   user='webservd' group='webservd'
+                   privileges='basic,net_privaddr'/>
+           </method_context>
       </exec_method>
 
       <property_group name='httpd' type='application'>
--- a/components/lighttpd/lighttpd.p5m	Thu Jan 30 15:02:39 2014 -0800
+++ b/components/lighttpd/lighttpd.p5m	Thu Jan 09 03:35:51 2014 -0800
@@ -18,7 +18,7 @@
 #
 # CDDL HEADER END
 #
-# Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
 #
 
 <transform file path=usr.*/man/.+ -> default mangler.man.stability uncommitted>
@@ -27,7 +27,7 @@
 set name=pkg.summary \
     value="The Lighttpd Web Server"
 set name=com.oracle.info.description value="the Lightppd web server"
-set name=com.oracle.info.tpno value=5585
+set name=com.oracle.info.tpno value=15577
 set name=info.classification \
     value="org.opensolaris.category.2008:Web Services/Application and Web Servers"
 set name=info.upstream-url value=$(COMPONENT_PROJECT_URL)
@@ -69,21 +69,70 @@
 dir path=var/lighttpd/1.4
 dir path=var/lighttpd/1.4/docroot
 dir path=var/lighttpd/1.4/errors
-dir path=var/lighttpd/1.4/logs group=webservd owner=webservd
+dir path=var/lighttpd/1.4/logs group=webservd owner=webservd mode=700
 dir path=var/lighttpd/1.4/vhosts
+dir path=var/lighttpd/1.4/sockets
+file doc/config/conf.d/access_log.conf path=etc/lighttpd/1.4/conf.d/access_log.conf \
+    mode=0644 preserve=renamenew
+file doc/config/conf.d/compress.conf path=etc/lighttpd/1.4/conf.d/compress.conf \
+    mode=0644 preserve=renamenew
+file doc/config/conf.d/trigger_b4_dl.conf path=etc/lighttpd/1.4/conf.d/trigger_b4_dl.conf \
+    mode=0644 preserve=renamenew
+file doc/config/conf.d/webdav.conf path=etc/lighttpd/1.4/conf.d/webdav.conf \
+    mode=0644 preserve=renamenew
+file doc/config/conf.d/ssi.conf path=etc/lighttpd/1.4/conf.d/ssi.conf \
+    mode=0644 preserve=renamenew
+file doc/config/conf.d/cml.conf path=etc/lighttpd/1.4/conf.d/cml.conf \
+    mode=0644 preserve=renamenew
+file doc/config/conf.d/mime.conf path=etc/lighttpd/1.4/conf.d/mime.conf \
+    mode=0644 preserve=renamenew
+file doc/config/conf.d/auth.conf path=etc/lighttpd/1.4/conf.d/auth.conf \
+    mode=0644 preserve=renamenew
+file doc/config/conf.d/status.conf path=etc/lighttpd/1.4/conf.d/status.conf \
+    mode=0644 preserve=renamenew
+file doc/config/conf.d/simple_vhost.conf path=etc/lighttpd/1.4/conf.d/simple_vhost.conf \
+    mode=0644 preserve=renamenew
+file doc/config/conf.d/proxy.conf path=etc/lighttpd/1.4/conf.d/proxy.conf \
+    mode=0644 preserve=renamenew
+file doc/config/conf.d/rrdtool.conf path=etc/lighttpd/1.4/conf.d/rrdtool.conf \
+    mode=0644 preserve=renamenew
+file doc/config/conf.d/evhost.conf path=etc/lighttpd/1.4/conf.d/evhost.conf \
+    mode=0644 preserve=renamenew
+file doc/config/conf.d/magnet.conf path=etc/lighttpd/1.4/conf.d/magnet.conf \
+    mode=0644 preserve=renamenew
+file doc/config/conf.d/expire.conf path=etc/lighttpd/1.4/conf.d/expire.conf \
+    mode=0644 preserve=renamenew
+file doc/config/conf.d/debug.conf path=etc/lighttpd/1.4/conf.d/debug.conf \
+    mode=0644 preserve=renamenew
+file doc/config/conf.d/scgi.conf path=etc/lighttpd/1.4/conf.d/scgi.conf \
+    mode=0644 preserve=renamenew
+file doc/config/conf.d/mysql_vhost.conf path=etc/lighttpd/1.4/conf.d/mysql_vhost.conf \
+    mode=0644 preserve=renamenew
+file doc/config/conf.d/fastcgi.conf path=etc/lighttpd/1.4/conf.d/fastcgi.conf \
+    mode=0644 preserve=renamenew
+file doc/config/conf.d/userdir.conf path=etc/lighttpd/1.4/conf.d/userdir.conf \
+    mode=0644 preserve=renamenew
+file doc/config/conf.d/secdownload.conf path=etc/lighttpd/1.4/conf.d/secdownload.conf \
+    mode=0644 preserve=renamenew
+file doc/config/conf.d/dirlisting.conf path=etc/lighttpd/1.4/conf.d/dirlisting.conf \
+    mode=0644 preserve=renamenew
+file doc/config/conf.d/cgi.conf path=etc/lighttpd/1.4/conf.d/cgi.conf \
+    mode=0644 preserve=renamenew
+
 file Solaris/fcgi-php.conf path=etc/lighttpd/1.4/conf.d/fcgi-php.conf \
     mode=0644 preserve=renamenew \
     original_name=SUNWlighttpd14:etc/lighttpd/1.4/conf.d/fcgi-php.conf
 file Solaris/ssl.conf path=etc/lighttpd/1.4/conf.d/ssl.conf  \
     mode=0644 preserve=renamenew \
     original_name=SUNWlighttpd14:etc/lighttpd/1.4/conf.d/ssl.conf
-file doc/lighttpd.conf path=etc/lighttpd/1.4/lighttpd.conf \
+file doc/config/lighttpd.conf path=etc/lighttpd/1.4/lighttpd.conf \
     mode=0644 preserve=renamenew \
     original_name=SUNWlighttpd14:etc/lighttpd/1.4/lighttpd.conf
+file doc/config/modules.conf path=etc/lighttpd/1.4/modules.conf \
+    mode=0644 preserve=renamenew
 file Solaris/auth_attr path=etc/security/auth_attr.d/lighttpd
 file Solaris/prof_attr path=etc/security/prof_attr.d/lighttpd
 file Solaris/http-lighttpd14.xml path=lib/svc/manifest/network/http-lighttpd14.xml
-file Solaris/http-lighttpd14 path=lib/svc/method/http-lighttpd14
 file path=usr/lighttpd/1.4/lib/mod_access.so
 file path=usr/lighttpd/1.4/lib/mod_accesslog.so
 file path=usr/lighttpd/1.4/lib/mod_alias.so
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/lighttpd/patches/01-drop_privileges.patch	Thu Jan 09 03:35:51 2014 -0800
@@ -0,0 +1,43 @@
+Developed in-house, fed back, awaiting accept.
+http://redmine.lighttpd.net/issues/2532
+Solaris-specific: in order to start Lighttpd as non-root
+user, initial user needs elevated privileges. Those
+privileges are unnecessary and should be dropped.
+
+--- src/network.c	2013-08-30 04:07:05.000000000 -0700
++++ src/network.c	2013-10-22 04:07:55.193853968 -0700
[email protected]@ -21,6 +21,8 @@
+ #include <stdlib.h>
+ #include <assert.h>
+ 
++#include <priv.h>
++
+ #ifdef USE_OPENSSL
+ # include <openssl/ssl.h>
+ # include <openssl/err.h>
[email protected]@ -497,6 +499,8 @@
+ 	size_t i;
+ 	network_backend_t backend;
+ 
++	priv_set_t *tset;
++
+ #if OPENSSL_VERSION_NUMBER >= 0x0090800fL
+ #ifndef OPENSSL_NO_ECDH
+ 	EC_KEY *ecdh;
[email protected]@ -877,6 +881,16 @@
+ 		}
+ 	}
+ 
++	/* here we drop privileges we won't need any more */
++	tset = priv_allocset();
++	priv_emptyset(tset);
++	priv_addset(tset, PRIV_NET_PRIVADDR);
++	if (setppriv(PRIV_OFF, PRIV_PERMITTED, tset) != 0) {
++		perror("Unable to set privileges: ");
++		return -1;
++	}
++	
++
+ 	return 0;
+ }
+ 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/lighttpd/patches/02-automake-libtool-Solaris.patch	Thu Jan 09 03:35:51 2014 -0800
@@ -0,0 +1,239 @@
+Developed in-house, fed back, accepted for ver 1.4.34
+http://redmine.lighttpd.net/issues/2533
+Due to differences between Linux and Solaris, we have to change
+behavior of libtool, which uses -z defs even for shared libraries,
+but this couldn't be used on Solaris.
+There is -z text that could be used instead, but that would
+require patching libtool files on build machine. So we skip
+ -z defs by omitting -no-undefined
+
+--- configure.ac	2013-11-04 03:03:07.543168957 -0800
++++ configure.ac	2013-11-04 03:02:30.584721483 -0800
[email protected]@ -45,6 +45,13 @@
+ AC_ISC_POSIX
+ AC_MINIX
+ 
++dnl Fix no-undefined if on solaris
++case $host_os in
++	*solaris* ) LIB_NO_UNDEFINED=no;;
++	* ) LIB_NO_UNDEFINED=yes;;
++esac
++AM_CONDITIONAL(LIB_NO_UNDEFINED, test x$LIB_NO_UNDEFINED = xyes)
++
+ dnl AC_CANONICAL_HOST
+ case $host_os in
+ 	*darwin*|*cygwin*|*aix*|*mingw* ) NO_RDYNAMIC=yes;;
+--- src/Makefile.am	2013-11-04 05:37:18.206746790 -0800
++++ src/Makefile.am	2013-11-04 05:37:09.639723519 -0800
[email protected]@ -96,173 +96,178 @@
+ common_libadd =
+ endif
+ 
++if LIB_NO_UNDEFINED
++LIB_NO_UNDEF="-no-undefined"
++else
++LIB_NO_UNDEF=""
++endif
+ lib_LTLIBRARIES += mod_flv_streaming.la
+ mod_flv_streaming_la_SOURCES = mod_flv_streaming.c
+-mod_flv_streaming_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
++mod_flv_streaming_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
+ mod_flv_streaming_la_LIBADD = $(common_libadd)
+ 
+ lib_LTLIBRARIES += mod_evasive.la
+ mod_evasive_la_SOURCES = mod_evasive.c
+-mod_evasive_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
++mod_evasive_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
+ mod_evasive_la_LIBADD = $(common_libadd)
+ 
+ lib_LTLIBRARIES += mod_webdav.la
+ mod_webdav_la_SOURCES = mod_webdav.c
+ mod_webdav_la_CFLAGS = $(AM_CFLAGS) $(XML_CFLAGS) $(SQLITE_CFLAGS) 
+-mod_webdav_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
++mod_webdav_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
+ mod_webdav_la_LIBADD = $(common_libadd) $(XML_LIBS) $(SQLITE_LIBS) $(UUID_LIBS)
+ 
+ lib_LTLIBRARIES += mod_magnet.la
+ mod_magnet_la_SOURCES = mod_magnet.c mod_magnet_cache.c
+ mod_magnet_la_CFLAGS = $(AM_CFLAGS) $(LUA_CFLAGS)
+-mod_magnet_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
++mod_magnet_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
+ mod_magnet_la_LIBADD = $(common_libadd) $(LUA_LIBS) -lm
+ 
+ lib_LTLIBRARIES += mod_cml.la
+ mod_cml_la_SOURCES = mod_cml.c mod_cml_lua.c mod_cml_funcs.c
+ mod_cml_la_CFLAGS = $(AM_CFLAGS) $(LUA_CFLAGS)
+-mod_cml_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
++mod_cml_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
+ mod_cml_la_LIBADD = $(MEMCACHE_LIB) $(common_libadd) $(LUA_LIBS) -lm
+ 
+ lib_LTLIBRARIES += mod_trigger_b4_dl.la
+ mod_trigger_b4_dl_la_SOURCES = mod_trigger_b4_dl.c
+-mod_trigger_b4_dl_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
++mod_trigger_b4_dl_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
+ mod_trigger_b4_dl_la_LIBADD = $(GDBM_LIB) $(MEMCACHE_LIB) $(PCRE_LIB) $(common_libadd)
+ 
+ lib_LTLIBRARIES += mod_mysql_vhost.la
+ mod_mysql_vhost_la_SOURCES = mod_mysql_vhost.c
+-mod_mysql_vhost_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
++mod_mysql_vhost_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
+ mod_mysql_vhost_la_LIBADD = $(MYSQL_LIBS) $(common_libadd)
+ mod_mysql_vhost_la_CPPFLAGS = $(MYSQL_INCLUDE)
+ 
+ lib_LTLIBRARIES += mod_cgi.la
+ mod_cgi_la_SOURCES = mod_cgi.c
+-mod_cgi_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
++mod_cgi_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
+ mod_cgi_la_LIBADD = $(common_libadd)
+ 
+ lib_LTLIBRARIES += mod_scgi.la
+ mod_scgi_la_SOURCES = mod_scgi.c
+-mod_scgi_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
++mod_scgi_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
+ mod_scgi_la_LIBADD = $(common_libadd)
+ 
+ lib_LTLIBRARIES += mod_staticfile.la
+ mod_staticfile_la_SOURCES = mod_staticfile.c
+-mod_staticfile_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
++mod_staticfile_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
+ mod_staticfile_la_LIBADD = $(common_libadd)
+ 
+ lib_LTLIBRARIES += mod_dirlisting.la
+ mod_dirlisting_la_SOURCES = mod_dirlisting.c
+-mod_dirlisting_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
++mod_dirlisting_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
+ mod_dirlisting_la_LIBADD = $(common_libadd) $(PCRE_LIB)
+ 
+ lib_LTLIBRARIES += mod_indexfile.la
+ mod_indexfile_la_SOURCES = mod_indexfile.c
+-mod_indexfile_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
++mod_indexfile_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
+ mod_indexfile_la_LIBADD = $(common_libadd)
+ 
+ lib_LTLIBRARIES += mod_setenv.la
+ mod_setenv_la_SOURCES = mod_setenv.c
+-mod_setenv_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
++mod_setenv_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
+ mod_setenv_la_LIBADD = $(common_libadd)
+ 
+ lib_LTLIBRARIES += mod_alias.la
+ mod_alias_la_SOURCES = mod_alias.c
+-mod_alias_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
++mod_alias_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
+ mod_alias_la_LIBADD = $(common_libadd)
+ 
+ lib_LTLIBRARIES += mod_userdir.la
+ mod_userdir_la_SOURCES = mod_userdir.c
+-mod_userdir_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
++mod_userdir_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
+ mod_userdir_la_LIBADD = $(common_libadd)
+ 
+ lib_LTLIBRARIES += mod_rrdtool.la
+ mod_rrdtool_la_SOURCES = mod_rrdtool.c
+-mod_rrdtool_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
++mod_rrdtool_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
+ mod_rrdtool_la_LIBADD = $(common_libadd)
+ 
+ lib_LTLIBRARIES += mod_usertrack.la
+ mod_usertrack_la_SOURCES = mod_usertrack.c
+-mod_usertrack_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
++mod_usertrack_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
+ mod_usertrack_la_LIBADD = $(common_libadd)
+ 
+ lib_LTLIBRARIES += mod_proxy.la
+ mod_proxy_la_SOURCES = mod_proxy.c
+-mod_proxy_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
++mod_proxy_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
+ mod_proxy_la_LIBADD = $(common_libadd)
+ 
+ lib_LTLIBRARIES += mod_ssi.la
+ mod_ssi_la_SOURCES = mod_ssi_exprparser.c mod_ssi_expr.c mod_ssi.c
+-mod_ssi_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
++mod_ssi_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
+ mod_ssi_la_LIBADD = $(common_libadd) $(PCRE_LIB)
+ 
+ lib_LTLIBRARIES += mod_secdownload.la
+ mod_secdownload_la_SOURCES = mod_secure_download.c
+-mod_secdownload_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
++mod_secdownload_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
+ mod_secdownload_la_LIBADD = $(common_libadd)
+ 
+ #lib_LTLIBRARIES += mod_httptls.la
+ #mod_httptls_la_SOURCES = mod_httptls.c
+-#mod_httptls_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
++#mod_httptls_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
+ #mod_httptls_la_LIBADD = $(common_libadd)
+ 
+ lib_LTLIBRARIES += mod_expire.la
+ mod_expire_la_SOURCES = mod_expire.c
+-mod_expire_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
++mod_expire_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
+ mod_expire_la_LIBADD = $(common_libadd)
+ 
+ lib_LTLIBRARIES += mod_evhost.la
+ mod_evhost_la_SOURCES = mod_evhost.c
+-mod_evhost_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
++mod_evhost_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
+ mod_evhost_la_LIBADD = $(common_libadd)
+ 
+ lib_LTLIBRARIES += mod_simple_vhost.la
+ mod_simple_vhost_la_SOURCES = mod_simple_vhost.c
+-mod_simple_vhost_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
++mod_simple_vhost_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
+ mod_simple_vhost_la_LIBADD = $(common_libadd)
+ 
+ lib_LTLIBRARIES += mod_fastcgi.la
+ mod_fastcgi_la_SOURCES = mod_fastcgi.c
+-mod_fastcgi_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
++mod_fastcgi_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
+ mod_fastcgi_la_LIBADD = $(common_libadd)
+ 
+ lib_LTLIBRARIES += mod_extforward.la
+ mod_extforward_la_SOURCES = mod_extforward.c
+-mod_extforward_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
++mod_extforward_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
+ mod_extforward_la_LIBADD = $(common_libadd)
+ 
+ lib_LTLIBRARIES += mod_access.la
+ mod_access_la_SOURCES = mod_access.c
+-mod_access_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
++mod_access_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
+ mod_access_la_LIBADD = $(common_libadd)
+ 
+ lib_LTLIBRARIES += mod_compress.la
+ mod_compress_la_SOURCES = mod_compress.c
+-mod_compress_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
++mod_compress_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
+ mod_compress_la_LIBADD = $(Z_LIB) $(BZ_LIB) $(common_libadd)
+ 
+ lib_LTLIBRARIES += mod_auth.la
+ mod_auth_la_SOURCES = mod_auth.c http_auth.c
+-mod_auth_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
++mod_auth_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
+ mod_auth_la_LIBADD = $(CRYPT_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd)
+ 
+ lib_LTLIBRARIES += mod_rewrite.la
+ mod_rewrite_la_SOURCES = mod_rewrite.c
+-mod_rewrite_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
++mod_rewrite_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
+ mod_rewrite_la_LIBADD = $(PCRE_LIB) $(common_libadd)
+ 
+ lib_LTLIBRARIES += mod_redirect.la
+ mod_redirect_la_SOURCES = mod_redirect.c
+-mod_redirect_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
++mod_redirect_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
+ mod_redirect_la_LIBADD = $(PCRE_LIB) $(common_libadd)
+ 
+ lib_LTLIBRARIES += mod_status.la
+ mod_status_la_SOURCES = mod_status.c
+-mod_status_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
++mod_status_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
+ mod_status_la_LIBADD = $(common_libadd)
+ 
+ lib_LTLIBRARIES += mod_accesslog.la
+ mod_accesslog_la_SOURCES = mod_accesslog.c
+-mod_accesslog_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
++mod_accesslog_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
+ mod_accesslog_la_LIBADD = $(common_libadd)
+ 
+ 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/lighttpd/patches/03-lighttpd.conf.patch	Thu Jan 09 03:35:51 2014 -0800
@@ -0,0 +1,109 @@
+Developed in-house, not fed back.
+Solaris-specific: configuration file customization.
+
+--- doc/config/lighttpd.conf	2013-11-04 10:28:44.024176425 -0800
++++ doc/config/lighttpd.conf	2013-11-04 10:28:16.072079454 -0800
[email protected]@ -13,11 +13,11 @@
+ ## if you add a variable here. Add the corresponding variable in the
+ ## chroot example aswell.
+ ##
+-var.log_root    = "/var/log/lighttpd"
+-var.server_root = "/srv/www"
+-var.state_dir   = "/var/run"
+-var.home_dir    = "/var/lib/lighttpd"
+-var.conf_dir    = "/etc/lighttpd"
++var.log_root    = "/var/lighttpd/1.4/logs"
++var.server_root = "/var/lighttpd/1.4"
++var.state_dir   = log_root
++var.home_dir    = server_root
++var.conf_dir    = "/etc/lighttpd/1.4"
+ 
+ ## 
+ ## run the server chrooted.
[email protected]@ -58,7 +58,7 @@
+ ## used in:
+ ## conf.d/compress.conf
+ ##
+-var.cache_dir   = "/var/cache/lighttpd"
++var.cache_dir   = server_root + "/cache"
+ 
+ ##
+ ## Base directory for sockets.
[email protected]@ -101,8 +101,8 @@
+ ## Run as a different username/groupname.
+ ## This requires root permissions during startup. 
+ ##
+-server.username  = "lighttpd"
+-server.groupname = "lighttpd"
++server.username  = "webservd"
++server.groupname = "webservd"
+ 
+ ## 
+ ## enable core files.
[email protected]@ -112,7 +112,7 @@
+ ##
+ ## Document root
+ ##
+-server.document-root = server_root + "/htdocs"
++server.document-root = server_root + "/docroot"
+ 
+ ##
+ ## The value for the "Server:" response field.
[email protected]@ -124,7 +124,7 @@
+ ##
+ ## store a pid file
+ ##
+-server.pid-file = state_dir + "/lighttpd.pid"
++server.pid-file = log_root + "/run.pid"
+ 
+ ##
+ #######################################################################
[email protected]@ -178,7 +178,7 @@
+ ##
+ ## linux-sysepoll is recommended on kernel 2.6.
+ ##
+-server.event-handler = "linux-sysepoll"
++server.event-handler = "solaris-devpoll"
+ 
+ ##
+ ## The basic network interface for all platforms at the syscalls read()
[email protected]@ -188,7 +188,7 @@
+ ## linux-sendfile - is recommended for small files.
+ ## writev         - is recommended for sending many large files
+ ##
+-server.network-backend = "linux-sendfile"
++server.network-backend = "solaris-sendfilev"
+ 
+ ##
+ ## As lighttpd is a single-threaded server, its main resource limit is
[email protected]@ -296,7 +296,7 @@
+ ##                                 "index.htm", "default.htm" )
+ ##
+ index-file.names += (
+-  "index.xhtml", "index.html", "index.htm", "default.htm", "index.php"
++  "index.php", "index.html", "index.htm", "default.htm", "index.xhtml"
+ )
+ 
+ ##
[email protected]@ -345,7 +345,7 @@
+ ## Format: <errorfile-prefix><status-code>.html
+ ## -> ..../status-404.html for 'File not found'
+ ##
+-#server.errorfile-prefix    = "/srv/www/htdocs/errors/status-"
++#server.errorfile-prefix    = "/var/lighttpd/1.4/errors/status-"
+ 
+ ##
+ ## mimetype mapping
+--- doc/config/conf.d/fastcgi.conf	2013-10-07 07:21:24.418114603 -0700
++++ doc/config/conf.d/fastcgi.conf	2013-10-07 07:24:01.824986033 -0700
[email protected]@ -22,8 +22,8 @@
+ #fastcgi.server = ( ".php" =>
+ #                   ( "php-local" =>
+ #                     (
+-#                       "socket" => socket_dir + "/php-fastcgi-1.socket",
+-#                       "bin-path" => server_root + "/cgi-bin/php5",
++#                       "socket" => socket_dir + "/php-fastcgi.socket",
++#                       "bin-path" => "/usr/php/bin/php-cgi",
+ #                       "max-procs" => 1,
+ #                       "broken-scriptfilename" => "enable",
+ #                     )
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/lighttpd/patches/04-manpage.patch	Thu Jan 09 03:35:51 2014 -0800
@@ -0,0 +1,19 @@
+Developed in-house, not fed back.
+Solaris specific: manpage update to reflect Solaris specific
+configuration.
+
+--- doc/lighttpd.8-orig	Mon Mar 30 15:16:59 2009
++++ doc/lighttpd.8	Mon Jun 20 08:03:16 2011
[email protected]@ -47,10 +47,10 @@
+ .
+ .SH FILES
+ .TP 8
+-/etc/lighttpd/lighttpd.conf
++/etc/lighttpd/1.4/lighttpd.conf
+ The standard location for the configuration file.
+ .TP 8
+-/var/run/lighttpd.pid
++/var/lighttpd/1.4/logs/run.pid
+ The standard location for the PID of the running \fBlighttpd\fP process.
+ .
+ .SH SEE ALSO
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/lighttpd/patches/05-network-nodelay.patch	Thu Jan 09 03:35:51 2014 -0800
@@ -0,0 +1,17 @@
+Developed in-house reflecting community issue.
+http://redmine.lighttpd.net/issues/1239
+Solaris-specific, currently ignored by community.
+
+--- src/network.c	2013-11-05 09:41:41.841723296 -0800
++++ src/network.c	2013-11-05 09:40:25.359053258 -0800
[email protected]@ -251,6 +251,10 @@
+ 		log_error_write(srv, __FILE__, __LINE__, "ss", "socketsockopt(SO_REUSEADDR) failed:", strerror(errno));
+ 		goto error_free_socket;
+ 	}
++        if (setsockopt(srv_socket->fd, IPPROTO_TCP, TCP_NODELAY, &val, sizeof(val)) < 0) {
++                log_error_write(srv, __FILE__, __LINE__, "ss", "socketsockopt(TCP_NODELAY) failed:", strerror(errno));
++                goto error_free_socket;
++        }
+ 
+ 	switch(srv_socket->addr.plain.sa_family) {
+ #ifdef HAVE_IPV6
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/lighttpd/patches/07-parfait-errors.patch	Thu Jan 09 03:35:51 2014 -0800
@@ -0,0 +1,185 @@
+Developed in-house, fed to community.
+http://redmine.lighttpd.net/issues/2530
+Partially accepted, others should be fixed by version or not
+at all, parfait annotations are ignored. Target version 1.4.34.
+
+--- src/mod_webdav.c	2013-10-11 07:42:39.116745543 -0700
++++ src/mod_webdav.c	2013-10-11 07:43:19.220464118 -0700
[email protected]@ -1717,7 +1717,7 @@
+ 					if (-1 == c->file.fd &&  /* open the file if not already open */
+ 					    -1 == (c->file.fd = open(c->file.name->ptr, O_RDONLY))) {
+ 						log_error_write(srv, __FILE__, __LINE__, "ss", "open failed: ", strerror(errno));
+-
++						close(fd);
+ 						return HANDLER_ERROR;
+ 					}
+ 
[email protected]@ -1726,7 +1726,7 @@
+ 								strerror(errno), c->file.name,  c->file.fd);
+ 						close(c->file.fd);
+ 						c->file.fd = -1;
+-
++						close(fd);
+ 						return HANDLER_ERROR;
+ 					}
+ 
+--- src/lempar.c	2012-08-31 07:11:20.000000000 -0700
++++ src/lempar.c	2013-10-14 02:10:29.201323553 -0700
[email protected]@ -486,6 +486,9 @@
+   }else if( yyact == YYNSTATE + YYNRULE + 1 ){
+     yy_accept(yypParser);
+   }
++  /* Parfait_ALLOW memory-leak - false positive for variable yygotominor - memory is properly freed in function yy_accept above */
++  /* parfait needs two comments here to stop complaining and accept Parfait_ALLOW directive, I don't know why */
++  return;
+ }
+ 
+ /*
+--- src/mod_mysql_vhost.c	2010-08-17 02:04:38.000000000 -0700
++++ src/mod_mysql_vhost.c	2013-10-14 03:48:47.184131818 -0700
[email protected]@ -217,7 +217,10 @@
+ 
+         	if (config_insert_values_global(srv,
+ 			((data_config *)srv->config_context->data[i])->value,
+-			cv)) return HANDLER_ERROR;
++			cv)) {
++			buffer_free(sel);
++			return HANDLER_ERROR;
++		}
+ 
+ 		s->mysql_pre = buffer_init();
+ 		s->mysql_post = buffer_init();
[email protected]@ -248,7 +251,7 @@
+ 
+ 			if (NULL == (s->mysql = mysql_init(NULL))) {
+ 				log_error_write(srv, __FILE__, __LINE__, "s", "mysql_init() failed, exiting...");
+-
++				buffer_free(sel);
+ 				return HANDLER_ERROR;
+ 			}
+ 
[email protected]@ -268,7 +271,7 @@
+ 						FOO(mydb), s->port, FOO(mysock), 0)) {
+ #endif
+ 				log_error_write(srv, __FILE__, __LINE__, "s", mysql_error(s->mysql));
+-
++				buffer_free(sel);
+ 				return HANDLER_ERROR;
+ 			}
+ #undef FOO
+--- src/lemon.c	2012-08-31 07:11:20.000000000 -0700
++++ src/lemon.c	2013-10-14 04:29:24.547185717 -0700
[email protected]@ -453,13 +453,11 @@
+ #define acttab_yylookahead(X,N)  ((X)->aAction[N].lookahead)
+ 
+ /* Free all memory associated with the given acttab */
+-/*
+ PRIVATE void acttab_free(acttab *p){
+   free( p->aAction );
+   free( p->aLookahead );
+   free( p );
+ }
+-*/
+ 
+ /* Allocate a new acttab structure */
+ PRIVATE acttab *acttab_alloc(void){
[email protected]@ -3582,6 +3580,7 @@
+ 
+   fclose(in);
+   fclose(out);
++  acttab_free(pActtab);
+   return;
+ }
+ 
+--- src/fdevent.c	2012-08-31 07:11:20.000000000 -0700
++++ src/fdevent.c	2013-10-14 03:55:48.707756259 -0700
[email protected]@ -77,6 +77,7 @@
+ 
+ 	log_error_write(ev->srv, __FILE__, __LINE__, "S",
+ 		"event-handler is unknown, try to set server.event-handler = \"poll\" or \"select\"");
++	free(ev);
+ 	return NULL;
+ }
+ 
+--- src/array.c	2010-08-17 02:04:38.000000000 -0700
++++ src/array.c	2013-10-14 07:05:54.354135229 -0700
[email protected]@ -168,6 +168,7 @@
+ data_unset *array_replace(array *a, data_unset *du) {
+ 	int ndx;
+ 
++	if (du == NULL) return NULL;
+ 	if (-1 == (ndx = array_get_index(a, du->key->ptr, du->key->used, NULL))) {
+ 		array_insert_unique(a, du);
+ 		return NULL;
+--- src/configfile.c	2012-11-07 06:50:29.000000000 -0800
++++ src/configfile.c	2013-10-15 06:45:37.918474628 -0700
[email protected]@ -1121,7 +1121,7 @@
+ 	if (NULL != getcwd(dcwd->value->ptr, dcwd->value->size - 1)) {
+ 		dcwd->value->used = strlen(dcwd->value->ptr) + 1;
+ 		buffer_copy_string_len(dcwd->key, CONST_STR_LEN("var.CWD"));
+-		array_insert_unique(srv->config, (data_unset *)dcwd);
++		if (array_insert_unique(srv->config, (data_unset *)dcwd) == -1) dcwd->free(dcwd);
+ 	}
+ 
+ 	ret = config_parse_file(srv, &context, fn);
[email protected]@ -1131,12 +1131,14 @@
+ 	context_free(&context);
+ 
+ 	if (0 != ret) {
++		/* Parfait_ALLOW memory-leak - false positive dcwd variable - memory is properly freed on server close */
+ 		return ret;
+ 	}
+ 
+ 	if (NULL != (dc = (data_config *)array_get_element(srv->config_context, "global"))) {
+ 		srv->config = dc->value;
+ 	} else {
++		/* Parfait_ALLOW memory-leak - false positive dcwd variable - memory is properly freed on server close */
+ 		return -1;
+ 	}
+ 
[email protected]@ -1146,6 +1148,7 @@
+ 
+ 		if (modules->type != TYPE_ARRAY) {
+ 			fprintf(stderr, "server.modules must be an array");
++			/* Parfait_ALLOW memory-leak - false positive dcwd variable - memory is properly freed on server close */
+ 			return -1;
+ 		}
+ 
[email protected]@ -1159,19 +1162,23 @@
+ 		}
+ 
+ 		prepends = (data_array *)configparser_merge_data((data_unset *)prepends, (data_unset *)modules);
++		if (prepends == NULL) {
++			/* Parfait_ALLOW memory-leak - false positive dcwd variable - memory is properly freed on server close */
++			return -1;
++		}
+ 		buffer_copy_string_buffer(prepends->key, modules->key);
+ 		array_replace(srv->config, (data_unset *)prepends);
+ 		modules->free((data_unset *)modules);
+ 		modules = prepends;
+ 
+ 		/* append default modules */
+-		if (NULL == array_get_element(modules->value, "mod_dirlisting")) {
++		if (modules != NULL && NULL == array_get_element(modules->value, "mod_dirlisting")) {
+ 			ds = data_string_init();
+ 			buffer_copy_string_len(ds->value, CONST_STR_LEN("mod_dirlisting"));
+ 			array_insert_unique(modules->value, (data_unset *)ds);
+ 		}
+ 
+-		if (NULL == array_get_element(modules->value, "mod_staticfile")) {
++		if (modules != NULL && NULL == array_get_element(modules->value, "mod_staticfile")) {
+ 			ds = data_string_init();
+ 			buffer_copy_string_len(ds->value, CONST_STR_LEN("mod_staticfile"));
+ 			array_insert_unique(modules->value, (data_unset *)ds);
[email protected]@ -1200,9 +1207,11 @@
+ 
+ 
+ 	if (0 != config_insert(srv)) {
++		/* Parfait_ALLOW memory-leak - false positive dcwd variable - memory is properly freed on server close */
+ 		return -1;
+ 	}
+ 
++	/* Parfait_ALLOW memory-leak - false positive dcwd variable - memory is properly freed on server close */
+ 	return 0;
+ }
+ 
--- a/components/lighttpd/patches/CVE-2011-4362.patch	Thu Jan 30 15:02:39 2014 -0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,13 +0,0 @@
-http://redmine.lighttpd.net/issues/2370
-
---- src/http_auth.c	Thu Jun 11 03:05:06 2009
-+++ src/http_auth.c	Mon Mar  5 08:26:05 2012
[email protected]@ -93,7 +93,7 @@
- 	ch = in[0];
- 	/* run through the whole string, converting as we go */
- 	for (i = 0; i < in_len; i++) {
--		ch = in[i];
-+		ch = (unsigned char) in[i];
- 
- 		if (ch == '\0') break;
- 
--- a/components/lighttpd/patches/lighttpd-conf_file.patch	Thu Jan 30 15:02:39 2014 -0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,114 +0,0 @@
---- doc/lighttpd.conf-orig	Thu Apr  9 13:02:00 2009
-+++ doc/lighttpd.conf	Wed Nov  4 03:16:09 2009
[email protected]@ -36,10 +36,10 @@
- 
- ## A static document-root. For virtual hosting take a look at the
- ## mod_simple_vhost module.
--server.document-root        = "/srv/www/htdocs/"
-+server.document-root = "/var/lighttpd/1.4/docroot"
- 
- ## where to send error-messages to
--server.errorlog             = "/var/log/lighttpd/error.log"
-+server.errorlog = "/var/lighttpd/1.4/logs/error.log"
- 
- # files to check for if .../ is requested
- index-file.names            = ( "index.php", "index.html",
[email protected]@ -46,8 +46,10 @@
-                                 "index.htm", "default.htm" )
- 
- ## set the event-handler (read the performance section in the manual)
--# server.event-handler = "freebsd-kqueue" # needed on OS X
-+server.event-handler = "solaris-devpoll"
-+server.network-backend = "writev"
- 
-+
- # mimetype mapping
- mimetype.assign             = (
-   ".pdf"          =>      "application/pdf",
[email protected]@ -115,7 +117,7 @@
- # server.tag                 = "lighttpd"
- 
- #### accesslog module
--accesslog.filename          = "/var/log/lighttpd/access.log"
-+accesslog.filename = "/var/lighttpd/1.4/logs/access.log"
- 
- ## deny access the file-extensions
- #
[email protected]@ -147,7 +149,7 @@
- #server.error-handler-404   = "/error-handler.php"
- 
- ## to help the rc.scripts
--#server.pid-file            = "/var/run/lighttpd.pid"
-+server.pid-file = "/var/run/lighttpd14.pid"
- 
- 
- ###### virtual hosts
[email protected]@ -160,7 +162,7 @@
- ## or
- ##   virtual-server-root + http-host + virtual-server-docroot
- ##
--#simple-vhost.server-root   = "/srv/www/vhosts/"
-+#simple-vhost.server-root   = "/var/lighttpd/1.4/vhosts/"
- #simple-vhost.default-host  = "www.example.org"
- #simple-vhost.document-root = "/htdocs/"
- 
[email protected]@ -168,8 +170,7 @@
- ##
- ## Format: <errorfile-prefix><status-code>.html
- ## -> ..../status-404.html for 'File not found'
--#server.errorfile-prefix    = "/usr/share/lighttpd/errors/status-"
--#server.errorfile-prefix    = "/srv/www/errors/status-"
-+#server.errorfile-prefix    = "/var/lighttpd/1.4/errors/status-"
- 
- ## virtual directory listings
- #dir-listing.activate       = "enable"
[email protected]@ -188,10 +189,10 @@
- #server.chroot              = "/"
- 
- ## change uid to <uid> (default: don't care)
--#server.username            = "wwwrun"
-+server.username = "webservd"
- 
- ## change uid to <uid> (default: don't care)
--#server.groupname           = "wwwrun"
-+server.groupname           = "webservd"
- 
- #### compress module
- #compress.cache-dir         = "/var/cache/lighttpd/compress/"
[email protected]@ -214,8 +215,8 @@
- #fastcgi.server             = ( ".php" =>
- #                               ( "localhost" =>
- #                                 (
--#                                   "socket" => "/var/run/lighttpd/php-fastcgi.socket",
--#                                   "bin-path" => "/usr/local/bin/php-cgi"
-+#                                   "socket" => "/tmp/lighttpd/php-fastcgi.socket",
-+#                                   "bin-path" => "/usr/php/bin/php-cgi"
- #                                 )
- #                               )
- #                            )
[email protected]@ -274,7 +275,7 @@
- # %3 => subdomain 1 name
- # %4 => subdomain 2 name
- #
--#evhost.path-pattern        = "/srv/www/vhosts/%3/htdocs/"
-+#evhost.path-pattern        = "/var/lighttpd/1.4/vhosts/%3/htdocs/"
- 
- #### expire module
- #expire.url                 = ( "/buggy/" => "access 2 hours", "/asdhas/" => "access plus 1 seconds 2 minutes")
[email protected]@ -312,8 +313,8 @@
- #index-file.names += (foo + ".php")
- 
- #### include
--#include /etc/lighttpd/lighttpd-inc.conf
--## same as above if you run: "lighttpd -f /etc/lighttpd/lighttpd.conf"
-+#include /etc/lighttpd/1.4/lighttpd-inc.conf
-+## same as above if you run: "lighttpd -f /etc/lighttpd/1.4/lighttpd.conf"
- #include "lighttpd-inc.conf"
- 
- #### include_shell
[email protected]@ -320,3 +321,5 @@
- #include_shell "echo var.a=1"
- ## the above is same as:
- #var.a=1
-+# Set the directory used for file uploads to /tmp
-+server.upload-dirs = ( "/tmp" )
--- a/components/lighttpd/patches/lighttpd-manpage.patch	Thu Jan 30 15:02:39 2014 -0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,15 +0,0 @@
---- doc/lighttpd.8-orig	Mon Mar 30 15:16:59 2009
-+++ doc/lighttpd.8	Mon Jun 20 08:03:16 2011
[email protected]@ -47,10 +47,10 @@
- .
- .SH FILES
- .TP 8
--/etc/lighttpd/lighttpd.conf
-+/etc/lighttpd/1.4/lighttpd.conf
- The standard location for the configuration file.
- .TP 8
--/var/run/lighttpd.pid
-+/var/run/lighttpd14.pid
- The standard location for the PID of the running \fBlighttpd\fP process.
- .
- .SH SEE ALSO
--- a/components/lighttpd/patches/lighttpd-nodelay.patch	Thu Jan 30 15:02:39 2014 -0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,13 +0,0 @@
---- src/network.c-orig	Mon Sep  7 05:46:50 2009
-+++ src/network.c	Mon Sep  7 05:59:17 2009
[email protected]@ -175,6 +175,10 @@
- 		log_error_write(srv, __FILE__, __LINE__, "ss", "socketsockopt failed:", strerror(errno));
- 		return -1;
- 	}
-+        if (setsockopt(srv_socket->fd, IPPROTO_TCP, TCP_NODELAY, &val, sizeof(val)) < 0) {
-+                log_error_write(srv, __FILE__, __LINE__, "ss", "socketsockopt failed:", strerror(errno));
-+                return -1;
-+        }
- 
- 	switch(srv_socket->addr.plain.sa_family) {
- #ifdef HAVE_IPV6
--- a/components/lighttpd/patches/lighttpd-src.Makefile.am.patch	Thu Jan 30 15:02:39 2014 -0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,216 +0,0 @@
---- src/Makefile.am.orig	2012-02-10 08:34:40.481201984 -0800
-+++ src/Makefile.am	2012-02-10 08:36:45.578998263 -0800
[email protected]@ -87,7 +87,7 @@
- lib_LTLIBRARIES += liblightcomp.la
- liblightcomp_la_SOURCES=$(common_src)
- liblightcomp_la_CFLAGS=$(AM_CFLAGS)
--liblightcomp_la_LDFLAGS = -avoid-version -no-undefined
-+liblightcomp_la_LDFLAGS = -avoid-version
- liblightcomp_la_LIBADD = $(PCRE_LIB) $(SSL_LIB) $(FAM_LIBS)
- common_libadd = liblightcomp.la
- else
[email protected]@ -97,171 +97,171 @@
- 
- lib_LTLIBRARIES += mod_flv_streaming.la
- mod_flv_streaming_la_SOURCES = mod_flv_streaming.c
--mod_flv_streaming_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_flv_streaming_la_LDFLAGS = -module -export-dynamic -avoid-version
- mod_flv_streaming_la_LIBADD = $(common_libadd)
- 
- lib_LTLIBRARIES += mod_evasive.la
- mod_evasive_la_SOURCES = mod_evasive.c
--mod_evasive_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_evasive_la_LDFLAGS = -module -export-dynamic -avoid-version
- mod_evasive_la_LIBADD = $(common_libadd)
- 
- lib_LTLIBRARIES += mod_webdav.la
- mod_webdav_la_SOURCES = mod_webdav.c
- mod_webdav_la_CFLAGS = $(AM_CFLAGS) $(XML_CFLAGS) $(SQLITE_CFLAGS) 
--mod_webdav_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_webdav_la_LDFLAGS = -module -export-dynamic -avoid-version
- mod_webdav_la_LIBADD = $(common_libadd) $(XML_LIBS) $(SQLITE_LIBS) $(UUID_LIBS)
- 
- lib_LTLIBRARIES += mod_magnet.la
- mod_magnet_la_SOURCES = mod_magnet.c mod_magnet_cache.c
- mod_magnet_la_CFLAGS = $(AM_CFLAGS) $(LUA_CFLAGS)
--mod_magnet_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_magnet_la_LDFLAGS = -module -export-dynamic -avoid-version
- mod_magnet_la_LIBADD = $(common_libadd) $(LUA_LIBS) -lm
- 
- lib_LTLIBRARIES += mod_cml.la
- mod_cml_la_SOURCES = mod_cml.c mod_cml_lua.c mod_cml_funcs.c
- mod_cml_la_CFLAGS = $(AM_CFLAGS) $(LUA_CFLAGS)
--mod_cml_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_cml_la_LDFLAGS = -module -export-dynamic -avoid-version
- mod_cml_la_LIBADD = $(MEMCACHE_LIB) $(common_libadd) $(LUA_LIBS) -lm
- 
- lib_LTLIBRARIES += mod_trigger_b4_dl.la
- mod_trigger_b4_dl_la_SOURCES = mod_trigger_b4_dl.c
--mod_trigger_b4_dl_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_trigger_b4_dl_la_LDFLAGS = -module -export-dynamic -avoid-version
- mod_trigger_b4_dl_la_LIBADD = $(GDBM_LIB) $(MEMCACHE_LIB) $(PCRE_LIB) $(common_libadd)
- 
- lib_LTLIBRARIES += mod_mysql_vhost.la
- mod_mysql_vhost_la_SOURCES = mod_mysql_vhost.c
--mod_mysql_vhost_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_mysql_vhost_la_LDFLAGS = -module -export-dynamic -avoid-version
- mod_mysql_vhost_la_LIBADD = $(MYSQL_LIBS) $(common_libadd)
- mod_mysql_vhost_la_CPPFLAGS = $(MYSQL_INCLUDE)
- 
- lib_LTLIBRARIES += mod_cgi.la
- mod_cgi_la_SOURCES = mod_cgi.c
--mod_cgi_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_cgi_la_LDFLAGS = -module -export-dynamic -avoid-version
- mod_cgi_la_LIBADD = $(common_libadd)
- 
- lib_LTLIBRARIES += mod_scgi.la
- mod_scgi_la_SOURCES = mod_scgi.c
--mod_scgi_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_scgi_la_LDFLAGS = -module -export-dynamic -avoid-version
- mod_scgi_la_LIBADD = $(common_libadd)
- 
- lib_LTLIBRARIES += mod_staticfile.la
- mod_staticfile_la_SOURCES = mod_staticfile.c
--mod_staticfile_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_staticfile_la_LDFLAGS = -module -export-dynamic -avoid-version
- mod_staticfile_la_LIBADD = $(common_libadd)
- 
- lib_LTLIBRARIES += mod_dirlisting.la
- mod_dirlisting_la_SOURCES = mod_dirlisting.c
--mod_dirlisting_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_dirlisting_la_LDFLAGS = -module -export-dynamic -avoid-version
- mod_dirlisting_la_LIBADD = $(common_libadd) $(PCRE_LIB)
- 
- lib_LTLIBRARIES += mod_indexfile.la
- mod_indexfile_la_SOURCES = mod_indexfile.c
--mod_indexfile_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_indexfile_la_LDFLAGS = -module -export-dynamic -avoid-version
- mod_indexfile_la_LIBADD = $(common_libadd)
- 
- lib_LTLIBRARIES += mod_setenv.la
- mod_setenv_la_SOURCES = mod_setenv.c
--mod_setenv_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_setenv_la_LDFLAGS = -module -export-dynamic -avoid-version
- mod_setenv_la_LIBADD = $(common_libadd)
- 
- lib_LTLIBRARIES += mod_alias.la
- mod_alias_la_SOURCES = mod_alias.c
--mod_alias_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_alias_la_LDFLAGS = -module -export-dynamic -avoid-version
- mod_alias_la_LIBADD = $(common_libadd)
- 
- lib_LTLIBRARIES += mod_userdir.la
- mod_userdir_la_SOURCES = mod_userdir.c
--mod_userdir_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_userdir_la_LDFLAGS = -module -export-dynamic -avoid-version
- mod_userdir_la_LIBADD = $(common_libadd)
- 
- lib_LTLIBRARIES += mod_rrdtool.la
- mod_rrdtool_la_SOURCES = mod_rrdtool.c
--mod_rrdtool_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_rrdtool_la_LDFLAGS = -module -export-dynamic -avoid-version
- mod_rrdtool_la_LIBADD = $(common_libadd)
- 
- lib_LTLIBRARIES += mod_usertrack.la
- mod_usertrack_la_SOURCES = mod_usertrack.c
--mod_usertrack_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_usertrack_la_LDFLAGS = -module -export-dynamic -avoid-version
- mod_usertrack_la_LIBADD = $(common_libadd)
- 
- lib_LTLIBRARIES += mod_proxy.la
- mod_proxy_la_SOURCES = mod_proxy.c
--mod_proxy_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_proxy_la_LDFLAGS = -module -export-dynamic -avoid-version
- mod_proxy_la_LIBADD = $(common_libadd)
- 
- lib_LTLIBRARIES += mod_ssi.la
- mod_ssi_la_SOURCES = mod_ssi_exprparser.c mod_ssi_expr.c mod_ssi.c
--mod_ssi_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_ssi_la_LDFLAGS = -module -export-dynamic -avoid-version
- mod_ssi_la_LIBADD = $(common_libadd) $(PCRE_LIB)
- 
- lib_LTLIBRARIES += mod_secdownload.la
- mod_secdownload_la_SOURCES = mod_secure_download.c
--mod_secdownload_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_secdownload_la_LDFLAGS = -module -export-dynamic -avoid-version
- mod_secdownload_la_LIBADD = $(common_libadd)
- 
- #lib_LTLIBRARIES += mod_httptls.la
- #mod_httptls_la_SOURCES = mod_httptls.c
--#mod_httptls_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+#mod_httptls_la_LDFLAGS = -module -export-dynamic -avoid-version
- #mod_httptls_la_LIBADD = $(common_libadd)
- 
- lib_LTLIBRARIES += mod_expire.la
- mod_expire_la_SOURCES = mod_expire.c
--mod_expire_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_expire_la_LDFLAGS = -module -export-dynamic -avoid-version
- mod_expire_la_LIBADD = $(common_libadd)
- 
- lib_LTLIBRARIES += mod_evhost.la
- mod_evhost_la_SOURCES = mod_evhost.c
--mod_evhost_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_evhost_la_LDFLAGS = -module -export-dynamic -avoid-version
- mod_evhost_la_LIBADD = $(common_libadd)
- 
- lib_LTLIBRARIES += mod_simple_vhost.la
- mod_simple_vhost_la_SOURCES = mod_simple_vhost.c
--mod_simple_vhost_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_simple_vhost_la_LDFLAGS = -module -export-dynamic -avoid-version
- mod_simple_vhost_la_LIBADD = $(common_libadd)
- 
- lib_LTLIBRARIES += mod_fastcgi.la
- mod_fastcgi_la_SOURCES = mod_fastcgi.c
--mod_fastcgi_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_fastcgi_la_LDFLAGS = -module -export-dynamic -avoid-version
- mod_fastcgi_la_LIBADD = $(common_libadd)
- 
- lib_LTLIBRARIES += mod_extforward.la
- mod_extforward_la_SOURCES = mod_extforward.c
--mod_extforward_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_extforward_la_LDFLAGS = -module -export-dynamic -avoid-version
- mod_extforward_la_LIBADD = $(common_libadd)
- 
- lib_LTLIBRARIES += mod_access.la
- mod_access_la_SOURCES = mod_access.c
--mod_access_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_access_la_LDFLAGS = -module -export-dynamic -avoid-version
- mod_access_la_LIBADD = $(common_libadd)
- 
- lib_LTLIBRARIES += mod_compress.la
- mod_compress_la_SOURCES = mod_compress.c
--mod_compress_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_compress_la_LDFLAGS = -module -export-dynamic -avoid-version
- mod_compress_la_LIBADD = $(Z_LIB) $(BZ_LIB) $(common_libadd)
- 
- lib_LTLIBRARIES += mod_auth.la
- mod_auth_la_SOURCES = mod_auth.c http_auth_digest.c http_auth.c
--mod_auth_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_auth_la_LDFLAGS = -module -export-dynamic -avoid-version
- mod_auth_la_LIBADD = $(CRYPT_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd)
- 
- lib_LTLIBRARIES += mod_rewrite.la
- mod_rewrite_la_SOURCES = mod_rewrite.c
--mod_rewrite_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_rewrite_la_LDFLAGS = -module -export-dynamic -avoid-version
- mod_rewrite_la_LIBADD = $(PCRE_LIB) $(common_libadd)
- 
- lib_LTLIBRARIES += mod_redirect.la
- mod_redirect_la_SOURCES = mod_redirect.c
--mod_redirect_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_redirect_la_LDFLAGS = -module -export-dynamic -avoid-version
- mod_redirect_la_LIBADD = $(PCRE_LIB) $(common_libadd)
- 
- lib_LTLIBRARIES += mod_status.la
- mod_status_la_SOURCES = mod_status.c
--mod_status_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_status_la_LDFLAGS = -module -export-dynamic -avoid-version
- mod_status_la_LIBADD = $(common_libadd)
- 
- lib_LTLIBRARIES += mod_accesslog.la
- mod_accesslog_la_SOURCES = mod_accesslog.c
--mod_accesslog_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_accesslog_la_LDFLAGS = -module -export-dynamic -avoid-version
- mod_accesslog_la_LIBADD = $(common_libadd)
- 
- 
--- a/components/lighttpd/patches/lighttpd_fix_slow_request_dos.patch	Thu Jan 30 15:02:39 2014 -0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,209 +0,0 @@
-diff -u -r lighttpd-1.4.23-orig/src/base.h lighttpd-1.4.23/src/base.h
---- src/base.h	Thu Jun 11 02:44:17 2009
-+++ src/base.h	Tue Aug 24 04:16:29 2010
[email protected]@ -421,7 +421,6 @@
- 
- #ifdef USE_OPENSSL
- 	SSL *ssl;
--	buffer *ssl_error_want_reuse_buffer;
- #endif
- 	/* etag handling */
- 	etag_flags_t etag_flags;
-Only in lighttpd-1.4.23/src: base.h.orig
-diff -u -r lighttpd-1.4.23-orig/src/chunk.c lighttpd-1.4.23/src/chunk.c
---- src/chunk.c	Mon Mar 30 15:16:59 2009
-+++ src/chunk.c	Tue Aug 24 04:12:50 2010
[email protected]@ -197,8 +197,6 @@
- int chunkqueue_append_buffer_weak(chunkqueue *cq, buffer *mem) {
- 	chunk *c;
- 
--	if (mem->used == 0) return 0;
--
- 	c = chunkqueue_get_unused_chunk(cq);
- 	c->type = MEM_CHUNK;
- 	c->offset = 0;
-diff -u -r lighttpd-1.4.23-orig/src/connections.c lighttpd-1.4.23/src/connections.c
---- src/connections.c	Thu Jun 11 06:54:30 2009
-+++ src/connections.c	Tue Aug 24 04:12:50 2010
[email protected]@ -192,40 +192,42 @@
- 
- static int connection_handle_read_ssl(server *srv, connection *con) {
- #ifdef USE_OPENSSL
--	int r, ssl_err, len, count = 0;
-+	int r, ssl_err, len, count = 0, read_offset, toread;
- 	buffer *b = NULL;
- 
- 	if (!con->conf.is_ssl) return -1;
- 
--	/* don't resize the buffer if we were in SSL_ERROR_WANT_* */
--
- 	ERR_clear_error();
- 	do {
--		if (!con->ssl_error_want_reuse_buffer) {
--			b = buffer_init();
--			buffer_prepare_copy(b, SSL_pending(con->ssl) + (16 * 1024)); /* the pending bytes + 16kb */
-+		if (NULL != con->read_queue->last) {
-+			b = con->read_queue->last->mem;
-+		}
- 
-+		if (NULL == b || b->size - b->used < 1024) {
-+			b = chunkqueue_get_append_buffer(con->read_queue);
-+			len = SSL_pending(con->ssl);
-+			if (len < 4*1024) len = 4*1024; /* always alloc >= 4k buffer */
-+			buffer_prepare_copy(b, len + 1);
-+
- 			/* overwrite everything with 0 */
- 			memset(b->ptr, 0, b->size);
--		} else {
--			b = con->ssl_error_want_reuse_buffer;
- 		}
- 
--		len = SSL_read(con->ssl, b->ptr, b->size - 1);
--		con->ssl_error_want_reuse_buffer = NULL; /* reuse it only once */
-+		read_offset = (b->used > 0) ? b->used - 1 : 0;
-+		toread = b->size - 1 - read_offset;
- 
-+		len = SSL_read(con->ssl, b->ptr + read_offset, toread);
-+
- 		if (len > 0) {
--			b->used = len;
-+			if (b->used > 0) b->used--;
-+			b->used += len;
- 			b->ptr[b->used++] = '\0';
- 
--		       	/* we move the buffer to the chunk-queue, no need to free it */
-+			con->bytes_read += len;
- 
--			chunkqueue_append_buffer_weak(con->read_queue, b);
- 			count += len;
--			con->bytes_read += len;
--			b = NULL;
- 		}
--	} while (len > 0 && count < MAX_READ_LIMIT);
-+	} while (len == toread && count < MAX_READ_LIMIT);
- 
- 
- 	if (len < 0) {
[email protected]@ -234,11 +236,11 @@
- 		case SSL_ERROR_WANT_READ:
- 		case SSL_ERROR_WANT_WRITE:
- 			con->is_readable = 0;
--			con->ssl_error_want_reuse_buffer = b;
- 
--			b = NULL;
-+			/* the manual says we have to call SSL_read with the same arguments next time.
-+			 * we ignore this restriction; no one has complained about it in 1.5 yet, so it probably works anyway.
-+			 */
- 
--			/* we have to steal the buffer from the queue-queue */
- 			return 0;
- 		case SSL_ERROR_SYSCALL:
- 			/**
[email protected]@ -297,16 +299,11 @@
- 
- 		connection_set_state(srv, con, CON_STATE_ERROR);
- 
--		buffer_free(b);
--
- 		return -1;
- 	} else if (len == 0) {
- 		con->is_readable = 0;
- 		/* the other end close the connection -> KEEP-ALIVE */
- 
--		/* pipelining */
--		buffer_free(b);
--
- 		return -2;
- 	}
- 
[email protected]@ -321,26 +318,41 @@
- static int connection_handle_read(server *srv, connection *con) {
- 	int len;
- 	buffer *b;
--	int toread;
-+	int toread, read_offset;
- 
- 	if (con->conf.is_ssl) {
- 		return connection_handle_read_ssl(srv, con);
- 	}
- 
-+	b = (NULL != con->read_queue->last) ? con->read_queue->last->mem : NULL;
-+
-+	/* default size for chunks is 4kb; only use bigger chunks if FIONREAD tells
-+	 *  us more than 4kb is available
-+	 * if FIONREAD doesn't signal a big chunk we fill the previous buffer
-+	 *  if it has >= 1kb free
-+	 */
- #if defined(__WIN32)
--	b = chunkqueue_get_append_buffer(con->read_queue);
--	buffer_prepare_copy(b, 4 * 1024);
--	len = recv(con->fd, b->ptr, b->size - 1, 0);
--#else
--	if (ioctl(con->fd, FIONREAD, &toread) || toread == 0) {
-+	if (NULL == b || b->size - b->used < 1024) {
- 		b = chunkqueue_get_append_buffer(con->read_queue);
- 		buffer_prepare_copy(b, 4 * 1024);
-+	}
-+
-+	read_offset = (b->used == 0) ? 0 : b->used - 1;
-+	len = recv(con->fd, b->ptr + read_offset, b->size - 1 - read_offset, 0);
-+#else
-+	if (ioctl(con->fd, FIONREAD, &toread) || toread == 0 || toread <= 4*1024) {
-+		if (NULL == b || b->size - b->used < 1024) {
-+			b = chunkqueue_get_append_buffer(con->read_queue);
-+			buffer_prepare_copy(b, 4 * 1024);
-+		}
- 	} else {
- 		if (toread > MAX_READ_LIMIT) toread = MAX_READ_LIMIT;
- 		b = chunkqueue_get_append_buffer(con->read_queue);
- 		buffer_prepare_copy(b, toread + 1);
- 	}
--	len = read(con->fd, b->ptr, b->size - 1);
-+
-+	read_offset = (b->used == 0) ? 0 : b->used - 1;
-+	len = read(con->fd, b->ptr + read_offset, b->size - 1 - read_offset);
- #endif
- 
- 	if (len < 0) {
[email protected]@ -374,7 +386,8 @@
- 		con->is_readable = 0;
- 	}
- 
--	b->used = len;
-+	if (b->used > 0) b->used--;
-+	b->used += len;
- 	b->ptr[b->used++] = '\0';
- 
- 	con->bytes_read += len;
[email protected]@ -841,13 +854,6 @@
- 	/* The cond_cache gets reset in response.c */
- 	/* config_cond_cache_reset(srv, con); */
- 
--#ifdef USE_OPENSSL
--	if (con->ssl_error_want_reuse_buffer) {
--		buffer_free(con->ssl_error_want_reuse_buffer);
--		con->ssl_error_want_reuse_buffer = NULL;
--	}
--#endif
--
- 	con->header_len = 0;
- 	con->in_error_handler = 0;
- 
[email protected]@ -1131,8 +1137,15 @@
- 			} else {
- 				buffer *b;
- 
--				b = chunkqueue_get_append_buffer(dst_cq);
--				buffer_copy_string_len(b, c->mem->ptr + c->offset, toRead);
-+				if (dst_cq->last &&
-+				    dst_cq->last->type == MEM_CHUNK) {
-+					b = dst_cq->last->mem;
-+				} else {
-+					b = chunkqueue_get_append_buffer(dst_cq);
-+					/* prepare buffer size for remaining POST data; is < 64kb */
-+					buffer_prepare_copy(b, con->request.content_length - dst_cq->bytes_in + 1);
-+				}
-+				buffer_append_string_len(b, c->mem->ptr + c->offset, toRead);
- 			}
- 
- 			c->offset += toRead;