ubuntu/+source/lighttpd:ubuntu/trusty-devel

Last commit made on 2014-01-28
Get this branch:
git clone -b ubuntu/trusty-devel https://git.launchpad.net/ubuntu/+source/lighttpd
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/trusty-devel
Repository:
lp:ubuntu/+source/lighttpd

Recent commits

e79002c... by Andreas Moog on 2014-01-28

Import patches-unapplied version 1.4.33-1+nmu2ubuntu2 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: e8040ac38aa34b57f6043ef4a9131c40eef86f22

New changelog entries:
  * Use dh-autoreconf to regenerate autotools files, fixes FTBFS with
    automake 1.14.1 (Closes: #726934)
  * Add lighttpd.pc to ac_config_files to fix FTBFS:
    make[3]: *** No rule to make target `lighttpd.pc', needed by `all-am'.

e8040ac... by Mahyuddin Susanto on 2013-12-18

Import patches-unapplied version 1.4.33-1+nmu2ubuntu1 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 864f08cae30215420da6273d6192f8615585cb47

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - debian/index.html: corrected BTS Ubuntu link for lighttpd.
    - debian/index.html: s/Debian/Ubuntu/g branding on the default page.
    - debian/lighttpd.conf: Comment 'use-ipv6.pl' by default, which causes
      failure to bind port in ipv4.
    - Add lighttpd-dev package:
      + debian/control: Added lighttpd-dev package; Build-depends on
        automake (>=1.14), libtool.
      + debian/lighttpd-dev.install: Added.
    - debian/control: libgamin-dev rather than libfam-dev to fix startup warning.
    - debian/rules: Add override_dh_installinit to set "defaults 91 09" to not
      start before apache2 but in the same runlevel with the same priority.
    - Added a UFW profile set:
      + debian/lighttpd.dirs: added etc/ufw/applications.d
      + debian/rules: install the ufw profile.
      + debian/control: Suggests on ufw.

864f08c... by Michael Gilbert <email address hidden> on 2013-11-16

Import patches-unapplied version 1.4.33-1+nmu2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: cd65b33cb837e90019595e33326c2aa44f29a8ed

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * Fix regression caused by the fix for cve-2013-4508 (closes: #729480).

cd65b33... by Michael Gilbert <email address hidden> on 2013-11-13

Import patches-unapplied version 1.4.33-1+nmu1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 6d8f369bf9ee483872dbd71924441e3d7396535c

New changelog entries:
  * Non-maintainer upload by the Security Team (closes: #729453).
  * Fix cve-2013-4508: ssl cipher suites issue.
  * Fix cve-2013-4559: setuid privilege escalation issue.
  * Fix cve-2013-4560: use-after-free in fam.

6d8f369... by Arno Töll <email address hidden> on 2013-10-15

Import patches-unapplied version 1.4.33-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b28e5ecfc70d08df02e1da31a4f9cc425f5a67fe

New changelog entries:
  * Drop the connection-dos.patch - merged upstream.
  * Fix "mod_extforward missing configuration file": ship requested
    configuration file (Closes: #697304)
  * Remove access.conf, an obsolete conffiles as we should have done since
    2010 (Closes: #703215)
  * Push debhelper's compat mode to 9, the use of maintscript helper requires
    8.1 so we had to push the debhelper b-d anyway.
  * Fix "config.guess/config.sub out of date for arm64" by adding the patch
    provided by Colin Watson. Thanks (Closes: #726394).
  * Fix "[PATCH] use dh-systemd for proper systemd-related maintscripts" to
    add systemd support. Thanks to Michael Stapelberg (Closes: #713859)

b28e5ec... by Arno Töll <email address hidden> on 2013-03-14

Import patches-unapplied version 1.4.31-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 272ebda44fbd21c7f4a50c5d77195ab813da7332

New changelog entries:
  * CVE-2013-1427: Switch the socket path for PHP when using FastCGI. /tmp is
    world-writable which may cause security implications if an attacker
    manages to control /tmp/php.socket before the web server (re-)starts.
  * Switch VCS to git
  * Push standards version (no changes)

272ebda... by Arno Töll <email address hidden> on 2012-11-21

Import patches-unapplied version 1.4.31-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: e28e8bdb263e7793f410e9fc944ef8ab18a9c1ba

New changelog entries:
  * Fix "configuration files refer to wrong path for documentation"
    by merging a patch supplied by Denis Laxalde <email address hidden>
    (Closes: #676641)
  * CVE-2012-5533: Fix Denial Of Service attacks against Lighttpd by sending
    faulty Connection headers

e28e8bd... by Arno Töll <email address hidden> on 2012-06-01

Import patches-unapplied version 1.4.31-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 04c05c4ccce9f308582291bf1cf963ddd3a1e60a

New changelog entries:
  * New upstream release
  * Be more careful when removing dangling symlinks, as introduced in 1.4.30-1.
    Under some configurations the postrm script could fail previously.
  * Change the use-ipv6.pl script to read the default listening port as a
    command line argument, fall back to the old default behavior otherwise
    (Closes: #632723, #642604). Thanks to Sebastian Pipping to accidentally
    give a hint how to fix this old problem by driving by.
  * Push standards version to 3.9.3.1 - no further changes
  * Fix "[lighttpd] "ldap" lowercase in extended description" by fixing the
    typo (Closes: #670206)
  * Update my maintainer address

04c05c4... by Arno Töll <email address hidden> on 2011-12-20

Import patches-unapplied version 1.4.30-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b102ea980bce32f444c0bff3740d8e20fe851e9c

New changelog entries:
  * New upstream release
    + Fix integer overflow (CVE-2011-4362) (Closes: #652726)
    + Fix attack vector as disclosed by the SSL BEAST attack (related:
      CVE-2011-3389). Note: If you are upgrading from an older version you need
      to change your configuration to mitigate effects of the attack. See the
      corresponding NEWS file for details.
    + Count SSL renegotiations to prevent client renegotiations
  * Urgency set to medium due to security updates.
  * Adapt to dpkg 1.16.1 API changes regarding build flags. This enables
    hardening build flags. This means, lighttpd is now being built with
    -fstack-protector and other security related build flags.
  * Add dpkg-dev (>= 1.16.1~) to build-depends to make sure our buildflags are
    properly supported. That's guaranteed for Testing, but might be helpful to
    know for backporters.
  * Fix "Doesn't remove /etc/lighttpd on purge" by removing dangling symlinks
    /only/. This does not entirely fix the problem of the maintainer, but we can
    not simply remove all files in /etc/lighttpd as other packages or the user
    himself might have left configuration files back (Closes: #642494)
  * Fix "please include systemd service file" Support systemd as alternative to
    sysvinit, ship systemd and tempfiles.d configuration files. Thanks to
    Michael Stapelberg for providing the required files (Closes: #652442)

b102ea9... by Arno Töll <email address hidden> on 2011-07-04

Import patches-unapplied version 1.4.29-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 471cb655aac105f651d56b6b176ae41a31ceef98

New changelog entries:
  * New upstream release
  * Fix "lighty-enable-mod should return non-zero on fail" Update script to
    leave with appropriate exit status (Closes: #629638)
  * Remove the following patches:
    + silence-errors.diff - applied upstream
    + patches/ssl-fix.patch - applied upstream
  * Add `debian/source/options' to make dpkg-source ignore glitches done by
    upstream's Makefile in `src/mod_ssi_exprparser.c' and `src/configparser.c'
  * Run maintainer scripts with `set -e'