ubuntu/+source/lighttpd:debian/wheezy

Last commit made on 2016-04-02
Get this branch:
git clone -b debian/wheezy https://git.launchpad.net/ubuntu/+source/lighttpd
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
debian/wheezy
Repository:
lp:ubuntu/+source/lighttpd

Recent commits

a5211a7... by Markus Koschany <email address hidden> on 2016-02-10

Import patches-unapplied version 1.4.31-4+deb7u4 to debian/wheezy

Imported using git-ubuntu import.

Changelog parent: d95bb4a762d043e8c7a13428501577876d92a107

New changelog entries:
  * Non-maintainer upload.
  * Fix CVE-2014-3566. (Closes: #765702)
    Disable SSLv3 by default and prevent the "POODLE" issue. Administrators are
    advised to refrain from using SSLv3 in lighttpd.conf and related
    configuration files.

d95bb4a... by Michael Gilbert <email address hidden> on 2014-03-13

Import patches-unapplied version 1.4.31-4+deb7u3 to debian/wheezy

Imported using git-ubuntu import.

Changelog parent: 86bec9a3316d4596958f34343af5f6b38b57671e

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * Fix cve-2014-2323: mod_mysql_vhost SQL injection.
  * Fix cve-2014-2324: traversal through paths involving "[...]".

86bec9a... by Stefan Fritsch on 2013-11-14

Import patches-unapplied version 1.4.31-4+deb7u2 to debian/wheezy

Imported using git-ubuntu import.

Changelog parent: b28e5ecfc70d08df02e1da31a4f9cc425f5a67fe

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * Fix regression introduced by fix for cve-2013-4508, related to client
    certificates and SNI. Closes: #729555, #729480
  * Non-maintainer upload by the Security Team.
  * Fix cve-2013-4508: ssl cipher suites issue.
  * Fix cve-2013-4559: setuid privilege escalation issue.
  * Fix cve-2013-4560: use-after-free in fam.

b28e5ec... by Arno Töll <email address hidden> on 2013-03-14

Import patches-unapplied version 1.4.31-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 272ebda44fbd21c7f4a50c5d77195ab813da7332

New changelog entries:
  * CVE-2013-1427: Switch the socket path for PHP when using FastCGI. /tmp is
    world-writable which may cause security implications if an attacker
    manages to control /tmp/php.socket before the web server (re-)starts.
  * Switch VCS to git
  * Push standards version (no changes)

272ebda... by Arno Töll <email address hidden> on 2012-11-21

Import patches-unapplied version 1.4.31-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: e28e8bdb263e7793f410e9fc944ef8ab18a9c1ba

New changelog entries:
  * Fix "configuration files refer to wrong path for documentation"
    by merging a patch supplied by Denis Laxalde <email address hidden>
    (Closes: #676641)
  * CVE-2012-5533: Fix Denial Of Service attacks against Lighttpd by sending
    faulty Connection headers

e28e8bd... by Arno Töll <email address hidden> on 2012-06-01

Import patches-unapplied version 1.4.31-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 04c05c4ccce9f308582291bf1cf963ddd3a1e60a

New changelog entries:
  * New upstream release
  * Be more careful when removing dangling symlinks, as introduced in 1.4.30-1.
    Under some configurations the postrm script could fail previously.
  * Change the use-ipv6.pl script to read the default listening port as a
    command line argument, fall back to the old default behavior otherwise
    (Closes: #632723, #642604). Thanks to Sebastian Pipping to accidentally
    give a hint how to fix this old problem by driving by.
  * Push standards version to 3.9.3.1 - no further changes
  * Fix "[lighttpd] "ldap" lowercase in extended description" by fixing the
    typo (Closes: #670206)
  * Update my maintainer address

04c05c4... by Arno Töll <email address hidden> on 2011-12-20

Import patches-unapplied version 1.4.30-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b102ea980bce32f444c0bff3740d8e20fe851e9c

New changelog entries:
  * New upstream release
    + Fix integer overflow (CVE-2011-4362) (Closes: #652726)
    + Fix attack vector as disclosed by the SSL BEAST attack (related:
      CVE-2011-3389). Note: If you are upgrading from an older version you need
      to change your configuration to mitigate effects of the attack. See the
      corresponding NEWS file for details.
    + Count SSL renegotiations to prevent client renegotiations
  * Urgency set to medium due to security updates.
  * Adapt to dpkg 1.16.1 API changes regarding build flags. This enables
    hardening build flags. This means, lighttpd is now being built with
    -fstack-protector and other security related build flags.
  * Add dpkg-dev (>= 1.16.1~) to build-depends to make sure our buildflags are
    properly supported. That's guaranteed for Testing, but might be helpful to
    know for backporters.
  * Fix "Doesn't remove /etc/lighttpd on purge" by removing dangling symlinks
    /only/. This does not entirely fix the problem of the maintainer, but we can
    not simply remove all files in /etc/lighttpd as other packages or the user
    himself might have left configuration files back (Closes: #642494)
  * Fix "please include systemd service file" Support systemd as alternative to
    sysvinit, ship systemd and tempfiles.d configuration files. Thanks to
    Michael Stapelberg for providing the required files (Closes: #652442)

b102ea9... by Arno Töll <email address hidden> on 2011-07-04

Import patches-unapplied version 1.4.29-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 471cb655aac105f651d56b6b176ae41a31ceef98

New changelog entries:
  * New upstream release
  * Fix "lighty-enable-mod should return non-zero on fail" Update script to
    leave with appropriate exit status (Closes: #629638)
  * Remove the following patches:
    + silence-errors.diff - applied upstream
    + patches/ssl-fix.patch - applied upstream
  * Add `debian/source/options' to make dpkg-source ignore glitches done by
    upstream's Makefile in `src/mod_ssi_exprparser.c' and `src/configparser.c'
  * Run maintainer scripts with `set -e'

471cb65... by Krzysztof Krzyżaniak (eloy) on 2011-04-26

Import patches-unapplied version 1.4.28-5 to debian/sid

Imported using git-ubuntu import.

Changelog parent: a544f35b899fd19b9ab2465c706f4a8b7519f3de

New changelog entries:
  * Build with sbuilder to avoid linking to non-existed packages.

a544f35... by Arno Töll <email address hidden> on 2011-04-09

Import patches-unapplied version 1.4.28-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 92669d7dc0477d2376d443be0a302c86b4f10095

New changelog entries:
  [ Krzysztof Krzyżaniak (eloy) ]
  * Add Arno Töll to Uploaders

  [ Arno Töll ]
  * Fix "leaves dangling alternatives on upgrade" add preinst script which
    removes the dangling symlink (Closes: #614716)
  * Fix "/etc/lighttpd/conf-available/15-fastcgi-php.conf: fastcgi-php
    file missing a required directive" add a dependency based recursive module
    enable system in lighty-enable-mod (Closes: #600050)
  * Fix "binNMU for openssl 1.0.0 broke SSL support" backport fix from upstream
    to avoid name clashes between OpenSSL and Lighty's MD5 implementation
    (Closes: #622733)