ubuntu/+source/lighttpd:debian/squeeze

Last commit made on 2014-07-19
Get this branch:
git clone -b debian/squeeze https://git.launchpad.net/ubuntu/+source/lighttpd
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
debian/squeeze
Repository:
lp:ubuntu/+source/lighttpd

Recent commits

89eab2a... by Michael Gilbert <email address hidden> on 2014-03-13

Import patches-unapplied version 1.4.28-2+squeeze1.6 to debian/squeeze

Imported using git-ubuntu import.

Changelog parent: 8da1a81de7f65eb31c540cb7a828b8915bff48a5

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * Fix cve-2014-2323: mod_mysql_vhost SQL injection.
  * Fix cve-2014-2324: traversal through paths involving "[...]".

8da1a81... by Stefan Fritsch on 2013-11-14

Import patches-unapplied version 1.4.28-2+squeeze1.5 to debian/squeeze

Imported using git-ubuntu import.

Changelog parent: cb2d6472cac1b627c3c3aa48baf3610a8659945a

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * Fix regression introduced by fix for cve-2013-4508, related to client
    certificates and SNI. Closes: #729555, #729480
  * Non-maintainer upload by the Security Team.
  * Fix cve-2013-4508: ssl cipher suites issue.
  * Fix cve-2013-4559: setuid privilege escalation issue.
  * Fix cve-2013-4560: use-after-free in fam.

cb2d647... by Arno Töll <email address hidden> on 2013-03-15

Import patches-unapplied version 1.4.28-2+squeeze1.3 to debian/squeeze

Imported using git-ubuntu import.

Changelog parent: 51941ecea929cd93e98bd780a3344363dc501e43

New changelog entries:
  * CVE-2013-1427: Switch the socket path for PHP when using FastCGI. /tmp is
    world-writable which may cause security implications if an attacker
    manages to control /tmp/php.socket before the web server (re-)starts.

51941ec... by Thijs Kinkhorst on 2013-02-16

Import patches-unapplied version 1.4.28-2+squeeze1.2 to debian/squeeze

Imported using git-ubuntu import.

Changelog parent: c120988c575adeeff2fb47aba84389edb28907e5

New changelog entries:
  * Fix numbering issue with the newly added configuration option.
    Thanks Wessel Dankers.
  * Non-maintainer upload by the security team.
  * Backport upstream fixes for SSL attacks:
    + Disable client triggered renegotiation by default (CVE-2009-3555).
      Can be re-enabled with ssl.disable-client-renegotiation = "disable".
    + Disable SSL compression at build time (CVE-2012-4929, 'CRIME').
    (closes: #700399)

c120988... by Arno Töll <email address hidden> on 2011-12-18

Import patches-unapplied version 1.4.28-2+squeeze1 to debian/squeeze

Imported using git-ubuntu import.

Changelog parent: cdb1fd883f006c03e5821eef8df27983aa058eea

New changelog entries:
  * Backport security issues from 1.4.30:
    + Fix integer overflow (CVE-2011-4362)
    + Fix attack vector as disclosed by the SSL BEAST attack (related:
      CVE-2011-3389). Note: If you are upgrading from an older version you need
      to change your configuration to mitigate effects of the attack. See the
      corresponding NEWS file for details.

cdb1fd8... by Krzysztof Krzyżaniak (eloy) on 2010-11-12

Import patches-unapplied version 1.4.28-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: c3f70f157ecfffde1f4f52d521d140eb0e946217

New changelog entries:
  [ Olaf van der Spek ]
  * Use relative instead of absolute links for conf-enabled (closes: #541645)
  * Fix /doc/ for IPv6 (closes: #512583)

  [ Krzysztof Krzyżaniak (eloy) ]
  * Added patch patches/silence-errors.diff (closes: #601177)

c3f70f1... by Thijs Kinkhorst on 2010-08-30

Import patches-unapplied version 1.4.28-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: de3588bbff37f761fa0f233489bf05cb7cec5458

New changelog entries:
  [ Olaf van der Spek ]
  * New upstream release (closes: 521235, 572031, 564556)
  * Add check_syntax() from Ubuntu (closes: 589200)

de3588b... by Krzysztof Krzyżaniak (eloy) on 2010-06-03

Import patches-unapplied version 1.4.26-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 773e08f19c1051768874a5ef8dd464ed3c1d838d

New changelog entries:
  * Ack for NMU, fix for SSL incompatibility (closes: #572031)

773e08f... by Krzysztof Krzyżaniak (eloy) on 2010-06-01

Import patches-unapplied version 1.4.26-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: e339bdf7b1db23830236d68a9e282088d2a336b4

New changelog entries:
  [ Krzysztof Krzyżaniak (eloy) ]
  * Switch to dpkg-source 3.0 (quilt) format
  * debian/control:
   + removed Franz Pletz from Uploaders, he's MIA (closes: #579366)
   + change dependency from libmysqlclient15-dev to more general
     libmysqlclient-dev
  [ Olaf van der Spek ]
  * take conf dir as an optional parameter (closes: 489854)
  * don't try to make /var/run/lighttpd when invoked with status
    (closes: 538662)
  * split FastCGI PHP conf from FastCGI conf (closes: 515699)
  * reduce max-procs from 2 to 1 (closes: 456200)
  * move debian doc handling into it's own file
  * set default vhost dir to /srv/<host>/htdocs (closes: 471054)
  * use delaycompress instead of copytruncate for logrotate (closes: 563626)
  * don't wait for old process to stop before starting new one for reload
    (closes: 504315)
  * use reopen-logs for logrotate (closes: 504319)
  * add no-www.conf (for use with evhost and simple-vhost, closes: 471055)
  * move evhost conf into it's own file

e339bdf... by Krzysztof Krzyżaniak (eloy) on 2010-02-09

Import patches-unapplied version 1.4.26-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: ae6de8092354d779d3b472ed1e63cb05a907bffc

New changelog entries:
  * New upstream release (closes: #568735)
  * Use provided patch from Andres Rodriguez <email address hidden>
    to implement status action in init.d script (closes: #539955)