Log message:
Update to 1.4.57. From the changelog:

- [core] attempt to quiet some coverity warnings
- [mod_webdav] compile fix for Mac OSX/11
- [core] handle U+00A0 in config parser
- [core] fix lighttpd -1 one-shot with pipes
- [core] quiet start/shutdown trace in one-shot mode
- [core] allow keep-alives in one-shot mode (#3042)
- [mod_webdav] define _ATFILE_SOURCE if AT_FDCWD
- [core] setsockopt IPV6_V6ONLY if server.v4mapped
- [build] fix meson.build when building all TLS mods
- [core] prefer inet_aton() over inet_addr()
- [build] fix SCons build when building all TLS mods
- [core] add missing mod_wolfssl to ssl compat list
- [mod_openssl] remove ancient preprocessor logic
- [core] SHA512_Init, SHA512_Update, SHA512_Final
- [mod_wolfssl] add complex preproc logic for SNI
- [core] wrap a macro value with parens
- [core] fix handling chunked response from backend (fixes #3044)
- [core] always set file.fd = -1 on FILE_CHUNK reset (fixes #3044)
- [core] skip some trace if backend Upgrade (#3044)
- [TLS] cert-staple.sh POSIX sh compat (fixes #3043)
- [core] portability fix if st_mtime not defined
- [mod_nss] portability fix
- [core] warn if mod_authn_file needed in conf
- [core] fix chunked decoding from backend (fixes #3044)
- [core] reject excess data after chunked encoding (#3046)
- [core] track chunked encoding state from backend (fixes #3046)
- [core] li_restricted_strtoint64()
- [core] track Content-Length from backend (fixes #3046)
- [core] enhance config parsing debugging (#3047)
- [core] reorder srv->config_context to match ndx (fixes #3047)
- [mod_proxy] proxy.header = ("force-http10" => ...)
- [mod_authn_ldap] fix crash (fixes #3048)
- [mod_authn_ldap, mod_vhostdb_ldap] default cafile
- [core] fix array_copy_array() sorted[]
- [multiple] replace fall through comment with attr
- [core] fix crash printing trace if backend is down
- [core] fix decoding chunked from backend (fixes #3049)
- [core] attempt to quiet some coverity warnings

Log message:
Fix VARBASE subst in lighttpd.conf.

Log message:
Enable --with-nettle as recommended in the release announcement; we'll
add options for other SSL libraries later. Add 'libdbi' option to enable
mod_vhostdb_dbi and the new mod_authn_dbi module, off by default. Bump
PKGREVISION.

Log message:
Update to 1.4.56. From the changelog:

# Highlights

- HTTP/2 support
  - must be enabled in lighttpd.conf in lighttpd 1.4.56;
    may be enabled by default in a future release
  - `server.feature-flags += ("server.h2proto" => \ 
"enable", "server.h2c" => "enable")`
- TLS library options: OpenSSL, mbedTLS, wolfSSL, GnuTLS, NSS
  - mod_openssl (existing)
  - mod_mbedtls (experimental)
  - mod_wolfssl (experimental)
  - mod_gnutls (experimental)
  - mod_nss (experimental)
- TLS OCSP stapling
  (except mbedTLS; not currently supported by mbedTLS)
- TLS session ticket key rotation control
  (except NSS; API limitation in NSS)
- mod_deflate brotli support
- mod_proxy makes HTTP/1.1 requests to backends (change from HTTP/1.0)
- RFC 8297 support for 103 Early Hints produced by backends (scripts)
- graceful restart option to transfer listen fds (minimal pause)
  - `server.systemd-socket-activation = "enable"`
  - `server.feature-flags += ("server.graceful-restart-bg" => \ 
"enable", "server.graceful-shutdown-timeout" => \ 
"15")`

# Behavior Changes

- mod_openssl
  - default MinProtocol TLSv1.2
    TLSv1 and TLSv1.1 are deprecated and no longer supported by major browsers.
    \ 
<https://news.netcraft.com/archives/2020/03/03/browsers-on-track-to-block-850000-tls-1-0-sites.html>
    If prior behavior is required, configure:
    `ssl.openssl.ssl-conf-cmd = ("MinProtocol" => "TLSv1")`
    If using openssl <= 1.0.2 (end-of-life)
    `ssl.openssl.ssl-conf-cmd = ("Protocol" => "-ALL, TLSv1, \ 
TLSv1.1, TLSv1.2")`
  - (internal) TLS session cache is disabled by default,
    replaced by lighttpd robust TLSv1.2 session ticket support
    If backward compatibility is needed:
    `server.feature-flags += ("ssl.session-cache" => \ 
"enable")`
  - (internal) openssl creates a session ticket encryption key per SSL_CTX.
    lighttpd 1.4.56 and later assigns a single session ticket encryption key
    for the lighttpd server (across all SSL_CTX) for consistency.
  - behavior change with ssl.ca-dn-file (uncommon); applies to client
    certificate verification and ssl.ca-dn-file (uncommon)
    If client certificate verification is enabled
    (ssl.verifyclient.activate = "enable"),
    all CAs used for client certificate verification must be present in
    ssl.ca-file. This is the typical use case when client certificate
    verification is enabled. Certificates in (optional) ssl.ca-dn-file
    are used to send issuer names to client when the server sends a
    client certificate request. These names are use by the client
    during certificate selection, and the server requires that the
    certificate sent by the client be issued by one of the subjects
    in ssl.ca-dn-file.
    (Prior behavior merged ssl.ca-file and ssl.ca-dn-file for trusted CAs.
    New behavior requires all trusted CAs be listed in ssl.ca-file,
    and a subset be duplicated into ssl.ca-dn-file to specify allowed
    client cert issuer.)
- mod_deflate: support for bzip2 is now disabled by default in the build
  - (enable using `./configure --with-bzip2`)
    bzip2 Content-Encoding is not widely supported
    Prefer to build `--with-brotli`
    brotli Content-Encoding is more widely supported than bzip2

# Future Scheduled Behavior Changes

- HTTP/2 support will be enabled by default in a future release
- graceful restart/shutdown default timeout will change from
  0 (infinite/no timeout) to 5 seconds (or some similar non-zero period)
  configure an alternative with:
  `server.feature-flags += ("server.graceful-shutdown-timeout" => 5)`
- mod_compress is DEPRECATED; use mod_deflate
  mod_compress has been subsumed by mod_deflate
  Note: mod_compress config options may be removed in a future release
- mod_geoip is DEPRECATED; use mod_maxminddb
  Note: mod_geoip will be removed from a future lighttpd release
- mod_authn_mysql is DEPRECATED; use mod_authn_dbi
  Note: mod_authn_mysql will be removed from a future lighttpd release
- mod_mysql_vhost is DEPRECATED; use mod_vhostdb_dbi or mod_vhostdb_mysql
  Note: mod_mysql_vhost will be removed from a future lighttpd release
- mod_cml is DEPRECATED; use mod_magnet
  Note: mod_cml will be removed from a future lighttpd release

Log message:
*: Recursive revbump from textproc/icu-68.1

Log message:
Add upstream patch to fix segfault in __readdir30 (from
webdav_propfind_dir) on NetBSD. Bump PKGREVISION.

Log message:
lighttpd: Remove incorrect LUA_VERSIONS_INCOMPATIBLE

Log message:
Revbump for icu

Log message:
Recursive revision bump after textproc/icu update

Log message:
lighttpd: use https