CVS commit: pkgsrc/www/lighttpd

["Amitai Schleier" <schmonz%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   schmonz
Date:           Mon Jun 15 01:28:21 UTC 2026

Modified Files:
        pkgsrc/www/lighttpd: Makefile distinfo

Log Message:
lighttpd: update to 1.4.83. Changes:

Highlights

- add PQC hybrid KEM X25519MLKEM768 to default TLS groups
- mod_sockproxy can now route connections based on TLS SNI
- mod_proxy proxy.header enhanced config for url-path mapping of response headers
- HTTP Incremental header support
- portability/compatibility with library updates (lighttpd dependencies)

BEHAVIOR CHANGES

- add PQC hybrid KEM X25519MLKEM768 to default TLS groups
- HTTP/1.1 Upgrade: h2c has been deprecated; set default to disabled
  in lighttpd, but can still be enabled in config, and http2 prior
  knowledge is still enabled

* [systemd] add RestrictAddressFamilies AF_NETLINK
* [TLS] skip cert_is_active warnings for unset clock
* [multiple] rename plugin_data statics per module
* [mod_mbedtls] mbedtls 4.x removes mbedtls/ecp.h
* [mod_mbedtls] mbedtls 4.x removes ECDH ciph suites
* [core] clarify warning message
* [multiple] http_status.[ch]
* [core] single internal define for fs monitoring
* [core] X-Sendfile shared code
* [core] check for OTHER response headers earlier
* [core] support Incremental header
* [mod_magnet] resp_body_finished w/ r.resp_body:set()
* [core] minor code tighten
* [core] remove request_st member async_callback (unused)
* [tests] t/test_http_status.c stub
* [core] http_status_set_fin() handler_module = NULL
* [mod_magnet] http_response_reset() before HANDLER_COMEBACK
* [core] http_response_prepare() smaller funcs
* [core] add continuation framework for response prep
* [h2] add comment about zero-length payloads in padded frames
* [mod_magnet] revert recent HANDLER_COMEBACK change
* [core] remove small bit of commented out code
* [core] do not generate no-longer-used plugin funcs
* [core] minor code tighten
* [h2] fix HTTP/1.1 upgrade: h2c
* [h2] combine h2c code into h2_upgrade_h2c()
* [h2] disable HTTP/1.1 upgrade: h2c by default
* [core] clear trailer whitelist at startup
* [core] static_assert sanity check for 64-bit off_t
* [core] security: missing return on non-default path
* [mod_magnet] modify reqbody_length after file append
* [mod_openssl] check openssl func for NULL if mem err
* [mod_*_dbi] proceed if third reconnect retry succeeds
* [mod_ajp13] skip empty string (len == 65535)
* [mod_ajp13] error if backend include LF in headers
* [mod_deflate] translate '/' in etag to '~' for fn
* [mod_deflate] mod_deflate_finished() shared code
* [mod_authn_gssapi] warn if principal not in config
* [mod_authn_gssapi] mod_authn_gssapi_construct_sprinc()
* [core] support Range for QUERY
* [multiple] make most module config thread-safe
* [mod_mbedtls] EC certs require drbg init
* [multiple] quiet minor coverity warnings
* [mod_extforward] HAProxy PROXY protocol extensions
* [multiple] make most plugin objects instance-safe
* [multiple] C99 designated initializers
* [mod_auth] HTTP/2 response w/ multiple auth methods (fixes #3296)
* [doc] add comment to lighttpd.service
* [core] add .rst .xsl .xslt to builtin mimetype.assign (fixes #3295)
* [build] support lua 5.5
* [core] __attribute_packed__
* [mod_extforward] fix reading 'verify' from PROXY (fixes #3298)
* [mod_extforward] adjust reading 'verify' from PROXY (#3298)
* [core] fix Range requests with dynamic backends
* [core] adjust safety factor for max-connections (fixes #3299)
* [core] quiet coverity false positive
* [mod_boringssl] add more const
* [mod_openssl] add more const
* [mod_openssl] update openssl version EOL message
* [TLS] add PQC hybrid KEM to default TLS groups
* spelling suggestions from codespell (fixes #3303)
* [mod_maxminddb] sanity check snprintf of flt, dbl
* [multiple] add some 'const' for gcc 16 warnings
* [mod_sockproxy] configure after TLS SNI (fixes #3304)
* [core] add sanity check to li_hex2bin()
* [core] security: reject req header CGI conflicts
* [core] security: reject invalid Content-Length from backend (fixes #3309)
* [mod_gnutls] avoid double-free in error path (unlikely)
* [core] update for nettle 4.x digest func signatures
* [mod_deflate] more precisely match If-None-Match
* [core] attempt recovery on stat_cache EMFILE (fixes #3308)
* [core] option to close unused socket after restart
* [cmake] use find_package() with PCRE2
* [h2] update ls-hpack
* [mod_openssl] use OSSL_STORE_open for alt schemas
* [mod_dirlisting] faster client-side sort on huge listings
* [mod_dirlisting] additional minor javascript optim
* [mod_proxy] adjust proxy.header config parsing
* [mod_proxy] config opt for urlpath map resp hdrs (fixes #3300)
* [core] allow server.max-fds up to 1048576
* [tests] add tests for http_cgi.c varname encoding
* [mod_wstunnel] code size reduction
* [core] reduce struct gw_plugin_config size
* [mod_wstunnel] RFC 6455 p5 compliance
* [multiple] limit queue size to slow backends
* [core] use tempfiles for HTTP/1.1 upgraded backend
* [core] adjust trace for server.max-connections
* [doc] update doc/initscripts.txt
* [mod_wstunnel] disable hybi-00; obsolete
* [mod_wstunnel] adjust parsing extended frame lens
* [cmake] fix typos for mbedtls, tfpsacrypto libs
* [mod_wstunnel] reduce handler_ctx struct size
* [mod_wstunnel] stricter RFC 6455 compliance
* [mod_wstunnel] optimize unmasking client payload
* [core] propagate backend errs for h2 to RST_STREAM
* [core] propagate backend errs for HTTP/1.1 chunked
* [core] check another cond before calling cold func
* [core] update rand.c for nettle 4.x digest funcs
* [mod_wolfssl] workaround wolfssl code smells
* [mod_mbedtls] disable DHParameters w/ PSA crypto
* [TLS] debug.log-ssl-noise set TLS lib debug level
* [mod_mbedtls] workaround mbedtls 4.1.0 bug
* [mod_mbedtls] session tkts psa_alg w/ mbedtls 4.x
* [mod_gnutls] test for PQC hybrid group support


To generate a diff of this commit:
cvs rdiff -u -r1.145 -r1.146 pkgsrc/www/lighttpd/Makefile
cvs rdiff -u -r1.89 -r1.90 pkgsrc/www/lighttpd/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/www/lighttpd/Makefile
diff -u pkgsrc/www/lighttpd/Makefile:1.145 pkgsrc/www/lighttpd/Makefile:1.146
--- pkgsrc/www/lighttpd/Makefile:1.145  Thu May 14 16:42:21 2026
+++ pkgsrc/www/lighttpd/Makefile        Mon Jun 15 01:28:21 2026
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.145 2026/05/14 16:42:21 ryoon Exp $
+# $NetBSD: Makefile,v 1.146 2026/06/15 01:28:21 schmonz Exp $
 
-DISTNAME=      lighttpd-1.4.82
-PKGREVISION=   4
+DISTNAME=      lighttpd-1.4.83
 CATEGORIES=    www
 MASTER_SITES=  https://download.lighttpd.net/lighttpd/releases-1.4.x/
 EXTRACT_SUFX=  .tar.xz

Index: pkgsrc/www/lighttpd/distinfo
diff -u pkgsrc/www/lighttpd/distinfo:1.89 pkgsrc/www/lighttpd/distinfo:1.90
--- pkgsrc/www/lighttpd/distinfo:1.89   Fri Sep 12 19:23:02 2025
+++ pkgsrc/www/lighttpd/distinfo        Mon Jun 15 01:28:21 2026
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.89 2025/09/12 19:23:02 schmonz Exp $
+$NetBSD: distinfo,v 1.90 2026/06/15 01:28:21 schmonz Exp $
 
-BLAKE2s (lighttpd-1.4.82.tar.xz) = 65af4c4f53e93e704c1b83466b4253c355bc2a2ae87621fa978c005967c44b2f
-SHA512 (lighttpd-1.4.82.tar.xz) = a8ced6e61b6768d31fb643c1f75af906ee975000286a9a522415571878c7979fd9e5e39f36871e8f34f6ca5d3702fa4b20a0c1203b57ba446dae2dbb6efa71b4
-Size (lighttpd-1.4.82.tar.xz) = 883352 bytes
+BLAKE2s (lighttpd-1.4.83.tar.xz) = 974aba0a66057f758777cccf2cfb4301654d04e10bc72e11476bbf1f5d64653d
+SHA512 (lighttpd-1.4.83.tar.xz) = 13818e0a11eaadb6e07d4de4a70f159a3333d05e31aad282a9ae97043d19ccbb969d4400dc183dfd7234982c0b9d14de3597cbf9d2df72f1fde5eb41d0f52895
+Size (lighttpd-1.4.83.tar.xz) = 894908 bytes
 SHA1 (patch-doc_config_lighttpd.annotated.conf) = f987b208cac0d24f24e8aa03c268556029d6e184
 SHA1 (patch-doc_lighttpd.8) = 217166e0f0d0e64a2161e6db4d593c386b7c386a