lp:debian/lighttpd

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

37. By Michael Gilbert <email address hidden> on 2015-09-06

* New upstream release.
  - Log file injection issue CVE-2015-3200 fixed (closes: #787132).
* Add a debian/clean file.
* Drop upstreamed patches.
* Add upstream signing key.
* Update standards version.
* Apply the non-maintainer upload.

36. By gregor herrmann on 2015-08-27

* Non-maintainer upload.
* Fix "FTBFS with perl 5.22: test failures (CGI.pm)":
  Add build dependency on libcgi-pm-perl.
  CGI.pm was deprecated in Perl 5.19.x and removed in 5.21.x which makes the
  explicit build dependency necessary.
  (Closes: #789856)

35. By Michael Gilbert <email address hidden> on 2014-11-02

Disable SSLv3 by default (closes: #765702).

34. By Michael Gilbert <email address hidden> on 2014-08-18

* Support building with dpkg-buildpackage -g.
* Drop libmemcache-dev build-dependency (closes: #748809).

33. By Michael Gilbert <email address hidden> on 2014-04-05

* Fix a spelling error.
* Add a lintian override.
* Make VCS field canonical.
* Add myself to the uploaders.
* Use dh-autoreconf (closes: #726394, #731104).
* Disable indeterminant test on kfreebsd (closes: #731074).

32. By Arno Töll <email address hidden> on 2014-03-22

* New upstream version (fixes CVE-2014-2323, CVE-2014-2324)
  + Delete patches: cve-2013-4508.patch, cve-2013-4559.patch,
    cve-2013-4560.patch. Those are all cumulative included since
    lighttpd 1.4.34
* Acknowledge NMUs by the security team
* Make the init script wait until lighttpd really terminates.
* Change the default document root /var/www/html (Closes: #730379), add a
  Lintian override for it
* Bump the debhelper dependency to >= 9.20130624 to ensure dh_installinit is
  recent enough for systemd (Closes: #713860)
* Reorder LSB init dependencies, add $local_fs to it
* Add hardening flags to lighttpd. Thanks to Michael Gilbert
  for providing a patch (Closes: #741497)
* Remove W3C logo from index.html to avoid inclusion of images hosted
  elsewhere
* Push standards version to 3.9.5 (no changes needed).

31. By Michael Gilbert <email address hidden> on 2014-03-13

* Non-maintainer upload by the Security Team (closes: #741493).
* Fix cve-2014-2323: mod_mysql_vhost SQL injection.
* Fix cve-2014-2334: traversal through paths involving "[...]".

30. By Michael Gilbert <email address hidden> on 2013-11-16

* Non-maintainer upload by the Security Team.
* Fix regression caused by the fix for cve-2013-4508 (closes: #729480).

29. By Michael Gilbert <email address hidden> on 2013-11-13

* Non-maintainer upload by the Security Team (closes: #729453).
* Fix cve-2013-4508: ssl cipher suites issue.
* Fix cve-2013-4559: setuid privilege escalation issue.
* Fix cve-2013-4560: use-after-free in fam.

28. By Arno Töll <email address hidden> on 2013-10-15

* Drop the connection-dos.patch - merged upstream.
* Fix "mod_extforward missing configuration file": ship requested
  configuration file (Closes: #697304)
* Remove access.conf, an obsolete conffiles as we should have done since
  2010 (Closes: #703215)
* Push debhelper's compat mode to 9, the use of maintscript helper requires
  8.1 so we had to push the debhelper b-d anyway.
* Fix "config.guess/config.sub out of date for arm64" by adding the patch
  provided by Colin Watson. Thanks (Closes: #726394).
* Fix "[PATCH] use dh-systemd for proper systemd-related maintscripts" to
  add systemd support. Thanks to Michael Stapelberg (Closes: #713859)