-
1d9f0b5...
by
Emanuele Gentili
on 2008-04-06
-
Import patches-unapplied version 1.4.18-1ubuntu1.4 to ubuntu/gutsy-security
Imported using git-ubuntu import.
Changelog parent: 14e12ba17dde400534d6ea6cccaae4dd59268b30
New changelog entries:
* SECURITY UPDATE: (LP: #209627)
+ debian/patches/91_CVE-2008-1531.dpatch
- lighttpd 1.4.19 and earlier allows remote attackers to cause a denial
of service (active SSL connection loss) by triggering an SSL error,
such as disconnecting before a download has finished, which causes
all active SSL connections to be lost.
* References
+ http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531
+ http://trac.lighttpd.net/trac/changeset/2136
+ http://trac.lighttpd.net/trac/changeset/2139
-
14e12ba...
by
Emanuele Gentili
on 2008-03-11
-
Import patches-unapplied version 1.4.18-1ubuntu1.3 to ubuntu/gutsy-security
Imported using git-ubuntu import.
Changelog parent: 36e72dcc4ec8497927e19c4c795e3a58343b6b23
New changelog entries:
* SECURITY UPDATE: (LP: #200987)
+ debian/patches/91_CVE-2008-1270.dpatch
- mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set,
uses a default of $HOME, which might allow remote attackers to read arbitrary
files, as demonstrated by accessing the ~nobody directory.
* References
+ http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1270
+ http://trac.lighttpd.net/trac/ticket/1587
+ http://trac.lighttpd.net/trac/changeset/2120
-
36e72dc...
by
Emanuele Gentili
on 2008-03-05
-
Import patches-unapplied version 1.4.18-1ubuntu1.2 to ubuntu/gutsy-security
Imported using git-ubuntu import.
Changelog parent: fb2fd7545df327b7272fece820d89665283d8d0d
New changelog entries:
* SECURITY UPDATE:
+ debian/patches/91_CVE-2008-1111.dpatch:
- Fixes CVE-2008-1111
"mod_cgi in lighttpd 1.4.18, when a fork failure occurs, sends the
source code of CGI scripts instead of a 500 error, which might allow
remote attackers to obtain sensitive information." (LP: #198731)
* References
+ http://trac.lighttpd.net/trac/changeset/2107
+ http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1111
-
fb2fd75...
by
Emanuele Gentili
on 2008-02-25
-
Import patches-unapplied version 1.4.18-1ubuntu1.1 to ubuntu/gutsy-security
Imported using git-ubuntu import.
Changelog parent: d2a1038457f99171d9c5d4ac2b9534d132381472
New changelog entries:
* SECURITY UPDATE:
+ debian/patches/90_maxfds_crash_fix.dpatch:
- added patch from upstream to fix the maxfds issue (LP: #195380)
* References
+ http://trac.lighttpd.net/trac/ticket/1562
-
d2a1038...
by
Soren Hansen
on 2007-09-12
-
Import patches-unapplied version 1.4.18-1ubuntu1 to ubuntu/gutsy
Imported using git-ubuntu import.
Changelog parent: e616f845a857f51a643059fc4b58ecb1c691039b
New changelog entries:
* Merge from Debian unstable, remaining changes:
- Update maintainer field in debian/control.
- Build against libgamin-dev rather than libfam-dev (fixes a warning
during startup)
- Make sure that upgrades succeed, even if we can't restart lighttpd.
- Clean environment in init.d script.
* New upstream release, fixes CVE-2007-4727 (closes: #441787)
* lighttpd-angel is installed but not used yet
-
e616f84...
by
Soren Hansen
on 2007-09-05
-
Import patches-unapplied version 1.4.17-1ubuntu1 to ubuntu/gutsy
Imported using git-ubuntu import.
Changelog parent: 5e2fcb512f1f3913ca917e61b480e8a231a03128
New changelog entries:
* Merge from Debian unstable, remaining changes:
- Update maintainer field in debian/control.
- Build against libgamin-dev rather than libfam-dev (fixes a warning
during startup)
- Make sure that upgrades succeed, even if we can't restart lighttpd.
- Clean environment in init.d script.
-
5e2fcb5...
by
Soren Hansen
on 2007-08-23
-
Import patches-unapplied version 1.4.16-2ubuntu2 to ubuntu/gutsy
Imported using git-ubuntu import.
Changelog parent: bfa966f944c169ec5f09b2488db8682f0a4bd9b0
New changelog entries:
* Build against libgamin-dev rather than libfam-dev (fixes a warning during
startup about mismatched sizes of a data type).
-
bfa966f...
by
Michele Angrisano <email address hidden>
on 2007-08-08
-
Import patches-unapplied version 1.4.16-2ubuntu1 to ubuntu/gutsy
Imported using git-ubuntu import.
Changelog parent: 1c56e2850924afed902c38f6a8538c4fdc806132
New changelog entries:
* Merge from Debian unstable, remaining changes: (LP: #131224)
- Make sure that upgrades succeed, even if we can't restart lighttpd.
- Clean environment in init.d script.
- Update maintainer field in debian/control.
* patches/04_ldap_build_filter_fix.dpatch: add patch from Peter Colberg to
fix first LDAP search that fails because of the filter being
uninitialized. (closes: #419661)
* Enable fam support (closes: #407820):
+ debian/rules: add --enable-fam configure flag.
+ debian/control: add libfam-dev to Build-Depends, and also wrap
build-dependencies to make diff more understandable.
* Enable support for kerberos (with openssl):
+ debian/rules; add --enable-kerberos5 configure flag.
+ debian/control: add libkrb5-dev to the Build-Depends.
* lighttpd.logrotate: redirect stderr to /dev/null as well to prevent
defunct processes (presumably due to full unread pipes/buffers)
(closes: #419992).
* debian/control: replace lighttpd dependency on perl with
libterm-readline-perl-perl as Readline.pm is needed for lighty-enable-mod
(closes: #435077).
* debian/control:
+ Add myself to uploaders (closes: #401575).
+ Drop Recommands on php5-cgi, there is absolutely no reason to have it,
or we would have to recommend ruby, python, lua, perl, .... and every
$language on earth to be fair. (closes: #435587).
* debian/conf-available/10-webdav.conf: add default configuration for webdav.
(closes: #406641).
* debian/conf-enabled: remove directory, it is already installed through
lighttpd.dirs.
* lighttpd.postinst, lighttpd.postrm, init.d: be sure there is a
/var/run/lighttpd owned by www-data:www-data, helpful to store locks and
things like that.
-
1c56e28...
by
Michele Angrisano <email address hidden>
on 2007-07-28
-
Import patches-unapplied version 1.4.16-1ubuntu1 to ubuntu/gutsy
Imported using git-ubuntu import.
Changelog parent: 027f9b5d92e9059097827650d8301b83576b36d1
New changelog entries:
* Merge from Debian unstable, remaining changes:
- Add fam/gamin stat cache engine support.
- Replace Depends: on perl with Depends: on libterm-readline-perl-perl.
- Make sure that upgrades succeed, even if we can't restart lighttpd.
- Clean environment in init.d script.
- Update maintainer field in debian/control.
* New upstream release (closes: #434546)
* Acknowledge NMU by Pierre Habouzit for CVE-2007-2841 (closes: #428368)
* Added static-file.exclude-extensions section to lighttpd.conf (closes: #408374)
* Fixed description of conf-available/10-fastcgi.conf (closes: #430469)
* Added mod_extforward to debian/lighttpd.install (closes: #434717)
* config.guess taken from upstream (closes: #419664)
* turn on compression (closes: #397514)
* debian/control: XS-Vcs-Svn header added
-
027f9b5...
by
Michele Angrisano <email address hidden>
on 2007-07-20
-
Import patches-unapplied version 1.4.15-1.1ubuntu1 to ubuntu/gutsy
Imported using git-ubuntu import.
Changelog parent: 553819f55b0955049327729a1da74faf1edb7116
New changelog entries:
* Merge from Debian unstable, remaining changes:
- Add fam/gamin stat cache engine support.
- Replace Depends: on perl with Depends: on libterm-readline-perl-perl.
- Make sure that upgrades succeed, even if we can't restart lighttpd.
- Clean environment in init.d script.
- Update maintainer field in debian/control.
* Non-maintainer upload.
* add patches/04_wrapping_headers_bugfix.dpatch to fix crash with wrapping
headers (Closes: 428368).