ubuntu/+source/lighttpd:ubuntu/gutsy-updates

Last commit made on 2008-04-17
Get this branch:
git clone -b ubuntu/gutsy-updates https://git.launchpad.net/ubuntu/+source/lighttpd
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/gutsy-updates
Repository:
lp:ubuntu/+source/lighttpd

Recent commits

1d9f0b5... by Emanuele Gentili on 2008-04-06

Import patches-unapplied version 1.4.18-1ubuntu1.4 to ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: 14e12ba17dde400534d6ea6cccaae4dd59268b30

New changelog entries:
  * SECURITY UPDATE: (LP: #209627)
   + debian/patches/91_CVE-2008-1531.dpatch
    - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial
      of service (active SSL connection loss) by triggering an SSL error,
      such as disconnecting before a download has finished, which causes
      all active SSL connections to be lost.
  * References
   + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531
   + http://trac.lighttpd.net/trac/changeset/2136
   + http://trac.lighttpd.net/trac/changeset/2139

14e12ba... by Emanuele Gentili on 2008-03-11

Import patches-unapplied version 1.4.18-1ubuntu1.3 to ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: 36e72dcc4ec8497927e19c4c795e3a58343b6b23

New changelog entries:
  * SECURITY UPDATE: (LP: #200987)
   + debian/patches/91_CVE-2008-1270.dpatch
    - mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set,
      uses a default of $HOME, which might allow remote attackers to read arbitrary
      files, as demonstrated by accessing the ~nobody directory.
  * References
   + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1270
   + http://trac.lighttpd.net/trac/ticket/1587
   + http://trac.lighttpd.net/trac/changeset/2120

36e72dc... by Emanuele Gentili on 2008-03-05

Import patches-unapplied version 1.4.18-1ubuntu1.2 to ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: fb2fd7545df327b7272fece820d89665283d8d0d

New changelog entries:
  * SECURITY UPDATE:
   + debian/patches/91_CVE-2008-1111.dpatch:
    - Fixes CVE-2008-1111
      "mod_cgi in lighttpd 1.4.18, when a fork failure occurs, sends the
      source code of CGI scripts instead of a 500 error, which might allow
      remote attackers to obtain sensitive information." (LP: #198731)
  * References
   + http://trac.lighttpd.net/trac/changeset/2107
   + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1111

fb2fd75... by Emanuele Gentili on 2008-02-25

Import patches-unapplied version 1.4.18-1ubuntu1.1 to ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: d2a1038457f99171d9c5d4ac2b9534d132381472

New changelog entries:
  * SECURITY UPDATE:
    + debian/patches/90_maxfds_crash_fix.dpatch:
      - added patch from upstream to fix the maxfds issue (LP: #195380)
  * References
    + http://trac.lighttpd.net/trac/ticket/1562

d2a1038... by Soren Hansen on 2007-09-12

Import patches-unapplied version 1.4.18-1ubuntu1 to ubuntu/gutsy

Imported using git-ubuntu import.

Changelog parent: e616f845a857f51a643059fc4b58ecb1c691039b

New changelog entries:
  * Merge from Debian unstable, remaining changes:
    - Update maintainer field in debian/control.
    - Build against libgamin-dev rather than libfam-dev (fixes a warning
      during startup)
    - Make sure that upgrades succeed, even if we can't restart lighttpd.
    - Clean environment in init.d script.
  * New upstream release, fixes CVE-2007-4727 (closes: #441787)
  * lighttpd-angel is installed but not used yet

e616f84... by Soren Hansen on 2007-09-05

Import patches-unapplied version 1.4.17-1ubuntu1 to ubuntu/gutsy

Imported using git-ubuntu import.

Changelog parent: 5e2fcb512f1f3913ca917e61b480e8a231a03128

New changelog entries:
  * Merge from Debian unstable, remaining changes:
    - Update maintainer field in debian/control.
    - Build against libgamin-dev rather than libfam-dev (fixes a warning
      during startup)
    - Make sure that upgrades succeed, even if we can't restart lighttpd.
    - Clean environment in init.d script.

5e2fcb5... by Soren Hansen on 2007-08-23

Import patches-unapplied version 1.4.16-2ubuntu2 to ubuntu/gutsy

Imported using git-ubuntu import.

Changelog parent: bfa966f944c169ec5f09b2488db8682f0a4bd9b0

New changelog entries:
  * Build against libgamin-dev rather than libfam-dev (fixes a warning during
    startup about mismatched sizes of a data type).

bfa966f... by Michele Angrisano <email address hidden> on 2007-08-08

Import patches-unapplied version 1.4.16-2ubuntu1 to ubuntu/gutsy

Imported using git-ubuntu import.

Changelog parent: 1c56e2850924afed902c38f6a8538c4fdc806132

New changelog entries:
  * Merge from Debian unstable, remaining changes: (LP: #131224)
    - Make sure that upgrades succeed, even if we can't restart lighttpd.
    - Clean environment in init.d script.
    - Update maintainer field in debian/control.
  * patches/04_ldap_build_filter_fix.dpatch: add patch from Peter Colberg to
    fix first LDAP search that fails because of the filter being
    uninitialized. (closes: #419661)
  * Enable fam support (closes: #407820):
     + debian/rules: add --enable-fam configure flag.
     + debian/control: add libfam-dev to Build-Depends, and also wrap
       build-dependencies to make diff more understandable.
  * Enable support for kerberos (with openssl):
     + debian/rules; add --enable-kerberos5 configure flag.
     + debian/control: add libkrb5-dev to the Build-Depends.
  * lighttpd.logrotate: redirect stderr to /dev/null as well to prevent
    defunct processes (presumably due to full unread pipes/buffers)
    (closes: #419992).
  * debian/control: replace lighttpd dependency on perl with
    libterm-readline-perl-perl as Readline.pm is needed for lighty-enable-mod
    (closes: #435077).
  * debian/control:
     + Add myself to uploaders (closes: #401575).
     + Drop Recommands on php5-cgi, there is absolutely no reason to have it,
       or we would have to recommend ruby, python, lua, perl, .... and every
       $language on earth to be fair. (closes: #435587).
  * debian/conf-available/10-webdav.conf: add default configuration for webdav.
    (closes: #406641).
  * debian/conf-enabled: remove directory, it is already installed through
    lighttpd.dirs.
  * lighttpd.postinst, lighttpd.postrm, init.d: be sure there is a
    /var/run/lighttpd owned by www-data:www-data, helpful to store locks and
    things like that.

1c56e28... by Michele Angrisano <email address hidden> on 2007-07-28

Import patches-unapplied version 1.4.16-1ubuntu1 to ubuntu/gutsy

Imported using git-ubuntu import.

Changelog parent: 027f9b5d92e9059097827650d8301b83576b36d1

New changelog entries:
  * Merge from Debian unstable, remaining changes:
    - Add fam/gamin stat cache engine support.
    - Replace Depends: on perl with Depends: on libterm-readline-perl-perl.
    - Make sure that upgrades succeed, even if we can't restart lighttpd.
    - Clean environment in init.d script.
    - Update maintainer field in debian/control.
  * New upstream release (closes: #434546)
  * Acknowledge NMU by Pierre Habouzit for CVE-2007-2841 (closes: #428368)
  * Added static-file.exclude-extensions section to lighttpd.conf (closes: #408374)
  * Fixed description of conf-available/10-fastcgi.conf (closes: #430469)
  * Added mod_extforward to debian/lighttpd.install (closes: #434717)
  * config.guess taken from upstream (closes: #419664)
  * turn on compression (closes: #397514)
  * debian/control: XS-Vcs-Svn header added

027f9b5... by Michele Angrisano <email address hidden> on 2007-07-20

Import patches-unapplied version 1.4.15-1.1ubuntu1 to ubuntu/gutsy

Imported using git-ubuntu import.

Changelog parent: 553819f55b0955049327729a1da74faf1edb7116

New changelog entries:
  * Merge from Debian unstable, remaining changes:
    - Add fam/gamin stat cache engine support.
    - Replace Depends: on perl with Depends: on libterm-readline-perl-perl.
    - Make sure that upgrades succeed, even if we can't restart lighttpd.
    - Clean environment in init.d script.
    - Update maintainer field in debian/control.
  * Non-maintainer upload.
  * add patches/04_wrapping_headers_bugfix.dpatch to fix crash with wrapping
    headers (Closes: 428368).