lp:ubuntu/hardy/lighttpd
- Get this branch:
- bzr branch lp:ubuntu/hardy/lighttpd
Branch merges
Branch information
Recent revisions
- 36. By Emanuele Gentili
-
* SECURITY UPDATE: (LP: #209627)
+ debian/patches/ 92_CVE- 2008-1531. dpatch
- lighttpd 1.4.19 and earlier allows remote attackers to cause a denial
of service (active SSL connection loss) by triggering an SSL error,
such as disconnecting before a download has finished, which causes
all active SSL connections to be lost.
* References
+ http://nvd.nist. gov/nvd. cfm?cvename= CVE-2008- 1531
+ http://trac.lighttpd. net/trac/ changeset/ 2136
+ http://trac.lighttpd. net/trac/ changeset/ 2139 - 35. By Stephan Rügamer
-
* debian/rules: (LP: #174289)
- set DEB_UPDATE_RCD_PARAMS to "defaults 91 09" to not start lighty before
apache2 but in the same runlevel with the same priority - 34. By Stephan Rügamer
-
* New upstream release (LP: #201439)
For Changes please read the NEWS file
All security patches we have in 1.4.18 of hardy are included now upstream
* debian/patches/*: All changes introduced by this patches are now applied
upstream
- Dropped 90_CVE-2008-1111. dpatch
- Dropped 91_CVE-2008-1270. dpatch
- Dropped 90_maxfds_crash_fix. dpatch
- Dropped 03_ldap_leak_bugfix. dpatch
- Dropped 04_ldap_build_filter_ fix.dpatch
- Dropped 90_accept_ranges_ fix.dpatch
* debian/lighttpd. conf: (From Debian)
- Move the aliases on /doc/ and /images/ mandated by policy at the end to
circumvent #445459.
* debian/rules: (From Debian)
- Remove spurious mkdir in debian/rules (Closes: dbts 448160).
* debian/conf-available/ 10-rrdtool: (From Debian)
- Add sample configuration for the mod_rrdtool (Closes: dbts 462907).
* debian/lighttpd. install:
- Install 10-rrdtool
* debian/patches/ ldap-deprecated .dpatch:
- Force use of deprecated ldap interfaces (Closes: dbts 463368),
thanks to Dann Frazier (patches/ldap-deprecated .dpatch) .
* Bumped Standards Version to 3.7.3, Bumbed Compat to 6, adjusted build-dep
of debhelper accordingly - 33. By Emanuele Gentili
-
* SECURITY UPDATE: (LP: #200987)
+ debian/patches/ 91_CVE- 2008-1270. dpatch
- mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set,
uses a default of $HOME, which might allow remote attackers to read arbitrary
files, as demonstrated by accessing the ~nobody directory.
* References
+ CVE-2008-1270
+ http://trac.lighttpd. net/trac/ ticket/ 1587
+ http://trac.lighttpd. net/trac/ changeset/ 2120 - 32. By Stephan Rügamer
-
* debian/
patches/ 90-CVE- 2008-1111. dpatch:
- Fixes CVE-2008-1111
"mod_cgi in lighttpd 1.4.18, when a fork failure occurs, sends the source
code of CGI scripts instead of a 500 error, which might allow remote attackers
to obtain sensitive information."
Upstream Patch: http://trac.lighttpd. net/trac/ changeset/ 2107 - 31. By Stephan Rügamer
-
* debian/
patches/ 90_accept_ ranges_ fix.dpatch:
- Fixes a problem serving PDF files or other files who are in need of no
Accept-Ranges header (http://trac.lighttpd. net/trac/ ticket/ 541)
(Patch: http://trac.lighttpd. net/trac/ changeset/ 2090)
* debian/index.html:
- replaced all occurances of debian with ubuntu (LP: #115565) - 30. By Stephan Rügamer
-
* debian/
patches/ 90_maxfds_ crash_fix. dpatch:
- added patch from upstream to fix the maxfds issue
- See: http://trac.lighttpd. net/trac/ ticket/ 1562 - 28. By Soren Hansen
-
* Merge from Debian unstable, remaining changes:
- Update maintainer field in debian/control.
- Build against libgamin-dev rather than libfam-dev (fixes a warning
during startup)
- Make sure that upgrades succeed, even if we can't restart lighttpd.
- Clean environment in init.d script. - 27. By Soren Hansen
-
* Merge from Debian unstable, remaining changes:
- Update maintainer field in debian/control.
- Build against libgamin-dev rather than libfam-dev (fixes a warning
during startup)
- Make sure that upgrades succeed, even if we can't restart lighttpd.
- Clean environment in init.d script.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/lucid/lighttpd