ubuntu/+source/lighttpd:ubuntu/hardy-updates

Branch merges

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

914356e... by Marcin Gibula on 2009-03-04

Import patches-unapplied version 1.4.19-0ubuntu3.1 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: ae3e0066c2d49e8b04d4468d282ae91b4286430c

New changelog entries:
  * SECURITY UPDATE: (LP: #279490)
   + debian/patches/93_CVE-2008-4298.dpatch
    - Fix memory leak in request header handling
   + debian/patches/95_CVE-2008-4360.dpatch
    - Fix mod_userdir information disclosure
  * References
   + https://bugs.launchpad.net/bugs/cve/2008-4298
   + https://bugs.launchpad.net/bugs/cve/2008-4360

ae3e006... by Emanuele Gentili on 2008-04-05

Import patches-unapplied version 1.4.19-0ubuntu3 to ubuntu/hardy

Imported using git-ubuntu import.

Changelog parent: b3e7be4256a958c9f0ce6262bcc72297816ee1ec

New changelog entries:
  * SECURITY UPDATE: (LP: #209627)
   + debian/patches/92_CVE-2008-1531.dpatch
    - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial
      of service (active SSL connection loss) by triggering an SSL error,
      such as disconnecting before a download has finished, which causes
      all active SSL connections to be lost.
  * References
   + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531
   + http://trac.lighttpd.net/trac/changeset/2136
   + http://trac.lighttpd.net/trac/changeset/2139

b3e7be4... by Stephan Ruegamer on 2008-03-17

Import patches-unapplied version 1.4.19-0ubuntu2 to ubuntu/hardy

Imported using git-ubuntu import.

Changelog parent: 1bbb3fb11c7887c320585e90f9322c58435cda81

New changelog entries:
  * debian/rules: (LP: #174289)
    - set DEB_UPDATE_RCD_PARAMS to "defaults 91 09" to not start lighty before
      apache2 but in the same runlevel with the same priority

1bbb3fb... by Stephan Ruegamer on 2008-03-12

Import patches-unapplied version 1.4.19-0ubuntu1 to ubuntu/hardy

Imported using git-ubuntu import.

Changelog parent: 53200b85b81599ed7b676a89db9b547802b42201

New changelog entries:
  * New upstream release (LP: #201439)
    For Changes please read the NEWS file
    All security patches we have in 1.4.18 of hardy are included now upstream
  * debian/patches/*: All changes introduced by this patches are now applied
    upstream
    - Dropped 90_CVE-2008-1111.dpatch
    - Dropped 91_CVE-2008-1270.dpatch
    - Dropped 90_maxfds_crash_fix.dpatch
    - Dropped 03_ldap_leak_bugfix.dpatch
    - Dropped 04_ldap_build_filter_fix.dpatch
    - Dropped 90_accept_ranges_fix.dpatch
  * debian/lighttpd.conf: (From Debian)
    - Move the aliases on /doc/ and /images/ mandated by policy at the end to
       circumvent #445459.
  * debian/rules: (From Debian)
    - Remove spurious mkdir in debian/rules (Closes: dbts 448160).
  * debian/conf-available/10-rrdtool: (From Debian)
    - Add sample configuration for the mod_rrdtool (Closes: dbts 462907).
  * debian/lighttpd.install:
    - Install 10-rrdtool
  * debian/patches/ldap-deprecated.dpatch:
    - Force use of deprecated ldap interfaces (Closes: dbts 463368),
      thanks to Dann Frazier (patches/ldap-deprecated.dpatch).
  * Bumped Standards Version to 3.7.3, Bumbed Compat to 6, adjusted build-dep
    of debhelper accordingly
  * The “I HATE DPATCH”-release.
  * Add patches for real as dpatch-edit-patch is stupid enough for not doing
    it by itself (Closes: 463368, 469307).
  * Force use of deprecated ldap interfaces (Closes: 463368),
    thanks to Dann Frazier (patches/ldap-deprecated.dpatch).
  * Add sample configuration for the mod_rrdtool (Closes: 462907).
  * add patches/06_mod_cgi_vuln_fix.dpatch to fix CVE-2008-1111
    (Closes: 469307).
  * Remove spurious mkdir in debian/rules (Closes: 448160).
  * Bump urgency for RC bug fixes.
  * Move the aliases on /doc/ and /images/ mandated by policy at the end to
    circumvent #445459.
  * Add patches/05_fdevent_fix.dpatch to fix possible remote DoS
    (Closes: 466663).
  * bump urgency for security fix.

53200b8... by Emanuele Gentili on 2008-03-11

Import patches-unapplied version 1.4.18-1ubuntu6 to ubuntu/hardy

Imported using git-ubuntu import.

Changelog parent: 4e624aa827acb2dfa23ff077a02cadf09f17ce00

New changelog entries:
  * SECURITY UPDATE: (LP: #200987)
   + debian/patches/91_CVE-2008-1270.dpatch
    - mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set,
      uses a default of $HOME, which might allow remote attackers to read arbitrary
      files, as demonstrated by accessing the ~nobody directory.
  * References
   + CVE-2008-1270
   + http://trac.lighttpd.net/trac/ticket/1587
   + http://trac.lighttpd.net/trac/changeset/2120

4e624aa... by Stephan Ruegamer on 2008-03-05

Import patches-unapplied version 1.4.18-1ubuntu5 to ubuntu/hardy

Imported using git-ubuntu import.

Changelog parent: e6d0caefd7accbbecab851f14efd9e9cca297a93

New changelog entries:
  * debian/patches/90-CVE-2008-1111.dpatch:
    - Fixes CVE-2008-1111
      "mod_cgi in lighttpd 1.4.18, when a fork failure occurs, sends the source
      code of CGI scripts instead of a 500 error, which might allow remote attackers
      to obtain sensitive information."
      Upstream Patch: http://trac.lighttpd.net/trac/changeset/2107

e6d0cae... by Stephan Ruegamer on 2008-03-03

Import patches-unapplied version 1.4.18-1ubuntu4 to ubuntu/hardy

Imported using git-ubuntu import.

Changelog parent: 9f239a21b01be0b1edfcdbad1549ae1c55c7ec64

New changelog entries:
  * debian/patches/90_accept_ranges_fix.dpatch:
    - Fixes a problem serving PDF files or other files who are in need of no
      Accept-Ranges header (http://trac.lighttpd.net/trac/ticket/541)
      (Patch: http://trac.lighttpd.net/trac/changeset/2090)
  * debian/index.html:
    - replaced all occurances of debian with ubuntu (LP: #115565)

9f239a2... by Stephan Ruegamer on 2008-02-25

Import patches-unapplied version 1.4.18-1ubuntu3 to ubuntu/hardy

Imported using git-ubuntu import.

Changelog parent: 6682bd1a709ee451376f790e612162575e0e0f5c

New changelog entries:
  * debian/patches/90_maxfds_crash_fix.dpatch:
    - added patch from upstream to fix the maxfds issue
    - See: http://trac.lighttpd.net/trac/ticket/1562

6682bd1... by Emmet Hikory on 2008-01-24

Import patches-unapplied version 1.4.18-1ubuntu2 to ubuntu/hardy

Imported using git-ubuntu import.

Changelog parent: d2a1038457f99171d9c5d4ac2b9534d132381472

New changelog entries:
  * Rebuild against libldap2.4-2

d2a1038... by Soren Hansen on 2007-09-12

Import patches-unapplied version 1.4.18-1ubuntu1 to ubuntu/gutsy

Imported using git-ubuntu import.

Changelog parent: e616f845a857f51a643059fc4b58ecb1c691039b

New changelog entries:
  * Merge from Debian unstable, remaining changes:
    - Update maintainer field in debian/control.
    - Build against libgamin-dev rather than libfam-dev (fixes a warning
      during startup)
    - Make sure that upgrades succeed, even if we can't restart lighttpd.
    - Clean environment in init.d script.
  * New upstream release, fixes CVE-2007-4727 (closes: #441787)
  * lighttpd-angel is installed but not used yet