lp:ubuntu/hardy/lighttpd

Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/hardy/lighttpd
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

36. By Emanuele Gentili

* SECURITY UPDATE: (LP: #209627)
 + debian/patches/92_CVE-2008-1531.dpatch
  - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial
    of service (active SSL connection loss) by triggering an SSL error,
    such as disconnecting before a download has finished, which causes
    all active SSL connections to be lost.
* References
 + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531
 + http://trac.lighttpd.net/trac/changeset/2136
 + http://trac.lighttpd.net/trac/changeset/2139

35. By Stephan Rügamer

* debian/rules: (LP: #174289)
  - set DEB_UPDATE_RCD_PARAMS to "defaults 91 09" to not start lighty before
    apache2 but in the same runlevel with the same priority

34. By Stephan Rügamer

* New upstream release (LP: #201439)
  For Changes please read the NEWS file
  All security patches we have in 1.4.18 of hardy are included now upstream
* debian/patches/*: All changes introduced by this patches are now applied
  upstream
  - Dropped 90_CVE-2008-1111.dpatch
  - Dropped 91_CVE-2008-1270.dpatch
  - Dropped 90_maxfds_crash_fix.dpatch
  - Dropped 03_ldap_leak_bugfix.dpatch
  - Dropped 04_ldap_build_filter_fix.dpatch
  - Dropped 90_accept_ranges_fix.dpatch
* debian/lighttpd.conf: (From Debian)
  - Move the aliases on /doc/ and /images/ mandated by policy at the end to
     circumvent #445459.
* debian/rules: (From Debian)
  - Remove spurious mkdir in debian/rules (Closes: dbts 448160).
* debian/conf-available/10-rrdtool: (From Debian)
  - Add sample configuration for the mod_rrdtool (Closes: dbts 462907).
* debian/lighttpd.install:
  - Install 10-rrdtool
* debian/patches/ldap-deprecated.dpatch:
  - Force use of deprecated ldap interfaces (Closes: dbts 463368),
    thanks to Dann Frazier (patches/ldap-deprecated.dpatch).
* Bumped Standards Version to 3.7.3, Bumbed Compat to 6, adjusted build-dep
  of debhelper accordingly

33. By Emanuele Gentili

* SECURITY UPDATE: (LP: #200987)
 + debian/patches/91_CVE-2008-1270.dpatch
  - mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set,
    uses a default of $HOME, which might allow remote attackers to read arbitrary
    files, as demonstrated by accessing the ~nobody directory.
* References
 + CVE-2008-1270
 + http://trac.lighttpd.net/trac/ticket/1587
 + http://trac.lighttpd.net/trac/changeset/2120

32. By Stephan Rügamer

* debian/patches/90-CVE-2008-1111.dpatch:
  - Fixes CVE-2008-1111
    "mod_cgi in lighttpd 1.4.18, when a fork failure occurs, sends the source
    code of CGI scripts instead of a 500 error, which might allow remote attackers
    to obtain sensitive information."
    Upstream Patch: http://trac.lighttpd.net/trac/changeset/2107

31. By Stephan Rügamer

* debian/patches/90_accept_ranges_fix.dpatch:
  - Fixes a problem serving PDF files or other files who are in need of no
    Accept-Ranges header (http://trac.lighttpd.net/trac/ticket/541)
    (Patch: http://trac.lighttpd.net/trac/changeset/2090)
* debian/index.html:
  - replaced all occurances of debian with ubuntu (LP: #115565)

30. By Stephan Rügamer

* debian/patches/90_maxfds_crash_fix.dpatch:
  - added patch from upstream to fix the maxfds issue
  - See: http://trac.lighttpd.net/trac/ticket/1562

29. By Emmet Hikory

Rebuild against libldap2.4-2

28. By Soren Hansen

* Merge from Debian unstable, remaining changes:
  - Update maintainer field in debian/control.
  - Build against libgamin-dev rather than libfam-dev (fixes a warning
    during startup)
  - Make sure that upgrades succeed, even if we can't restart lighttpd.
  - Clean environment in init.d script.

27. By Soren Hansen

* Merge from Debian unstable, remaining changes:
  - Update maintainer field in debian/control.
  - Build against libgamin-dev rather than libfam-dev (fixes a warning
    during startup)
  - Make sure that upgrades succeed, even if we can't restart lighttpd.
  - Clean environment in init.d script.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/lucid/lighttpd
This branch contains Public information 
Everyone can see this information.

Subscribers