-
216289a...
by
Artur Rona
on 2015-01-26
-
Import patches-unapplied version 1.4.35-4ubuntu1 to ubuntu/vivid-proposed
Imported using git-ubuntu import.
Changelog parent: 736ace1bcd7378bf6cf5c0e9cbdc14d07387023d
New changelog entries:
* Merge from Debian unstable. Remaining changes:
- debian/patches/add-lighttpd.pc-configure.patch:
+ Add lighttpd.pc to ac_config_files to fix FTBFS: make[3]:
*** No rule to make target `lighttpd.pc', needed by `all-am'.
- debian/patches/build-dev-package.patch,
debian/control, debian/lighttpd-dev.install:
+ Add lighttpd-dev package.
- debian/index.html:
+ Corrected BTS Ubuntu link and branding on the default page.
- debian/lighttpd.conf:
+ Comment 'use-ipv6.pl' by default, which causes failure
to bind port in ipv4.
- debian/control:
+ Build-Depends on libgamin-dev rather than libfam-dev
to fix startup warning.
- debian/rules:
+ Add override_dh_installinit to set "defaults 91 09" to not
start before apache2 but in the same runlevel with
the same priority.
- debian/lighttpd.dirs, debian/control, debian/rules,
debian/lighttpd.ufw.profile:
+ Add the UFW profile.
-
736ace1...
by
Michael Gilbert <email address hidden>
on 2014-11-02
-
Import patches-unapplied version 1.4.35-4 to debian/sid
Imported using git-ubuntu import.
Changelog parent: 82c9d0c5245cfdb3a732464224c505c8bbf1391c
New changelog entries:
* Disable SSLv3 by default (closes: #765702).
-
82c9d0c...
by
Michael Gilbert <email address hidden>
on 2014-08-18
-
Import patches-unapplied version 1.4.35-3 to debian/sid
Imported using git-ubuntu import.
Changelog parent: 94f3613af4c163d521ffee1253a2654e8a885ac8
New changelog entries:
* Support building with dpkg-buildpackage -g.
* Drop libmemcache-dev build-dependency (closes: #748809).
-
94f3613...
by
Michael Gilbert <email address hidden>
on 2014-04-05
-
Import patches-unapplied version 1.4.35-2 to debian/sid
Imported using git-ubuntu import.
Changelog parent: 505f827b1cddb886bb5feb564051f8c638853d48
New changelog entries:
* Fix a spelling error.
* Add a lintian override.
* Make VCS field canonical.
* Add myself to the uploaders.
* Use dh-autoreconf (closes: #726394, #731104).
* Disable indeterminant test on kfreebsd (closes: #731074).
-
505f827...
by
Arno Töll <email address hidden>
on 2014-03-22
-
Import patches-unapplied version 1.4.35-1 to debian/sid
Imported using git-ubuntu import.
Changelog parent: 864f08cae30215420da6273d6192f8615585cb47
New changelog entries:
* New upstream version (fixes CVE-2014-2323, CVE-2014-2324)
+ Delete patches: cve-2013-4508.patch, cve-2013-4559.patch,
cve-2013-4560.patch. Those are all cumulative included since
lighttpd 1.4.34
* Acknowledge NMUs by the security team
* Make the init script wait until lighttpd really terminates.
* Change the default document root /var/www/html (Closes: #730379), add a
Lintian override for it
* Bump the debhelper dependency to >= 9.20130624 to ensure dh_installinit is
recent enough for systemd (Closes: #713860)
* Reorder LSB init dependencies, add $local_fs to it
* Add hardening flags to lighttpd. Thanks to Michael Gilbert
for providing a patch (Closes: #741497)
* Remove W3C logo from index.html to avoid inclusion of images hosted
elsewhere
* Push standards version to 3.9.5 (no changes needed).
-
864f08c...
by
Michael Gilbert <email address hidden>
on 2013-11-16
-
Import patches-unapplied version 1.4.33-1+nmu2 to debian/sid
Imported using git-ubuntu import.
Changelog parent: cd65b33cb837e90019595e33326c2aa44f29a8ed
New changelog entries:
* Non-maintainer upload by the Security Team.
* Fix regression caused by the fix for cve-2013-4508 (closes: #729480).
-
cd65b33...
by
Michael Gilbert <email address hidden>
on 2013-11-13
-
Import patches-unapplied version 1.4.33-1+nmu1 to debian/sid
Imported using git-ubuntu import.
Changelog parent: 6d8f369bf9ee483872dbd71924441e3d7396535c
New changelog entries:
* Non-maintainer upload by the Security Team (closes: #729453).
* Fix cve-2013-4508: ssl cipher suites issue.
* Fix cve-2013-4559: setuid privilege escalation issue.
* Fix cve-2013-4560: use-after-free in fam.
-
6d8f369...
by
Arno Töll <email address hidden>
on 2013-10-15
-
Import patches-unapplied version 1.4.33-1 to debian/sid
Imported using git-ubuntu import.
Changelog parent: b28e5ecfc70d08df02e1da31a4f9cc425f5a67fe
New changelog entries:
* Drop the connection-dos.patch - merged upstream.
* Fix "mod_extforward missing configuration file": ship requested
configuration file (Closes: #697304)
* Remove access.conf, an obsolete conffiles as we should have done since
2010 (Closes: #703215)
* Push debhelper's compat mode to 9, the use of maintscript helper requires
8.1 so we had to push the debhelper b-d anyway.
* Fix "config.guess/config.sub out of date for arm64" by adding the patch
provided by Colin Watson. Thanks (Closes: #726394).
* Fix "[PATCH] use dh-systemd for proper systemd-related maintscripts" to
add systemd support. Thanks to Michael Stapelberg (Closes: #713859)
-
b28e5ec...
by
Arno Töll <email address hidden>
on 2013-03-14
-
Import patches-unapplied version 1.4.31-4 to debian/sid
Imported using git-ubuntu import.
Changelog parent: 272ebda44fbd21c7f4a50c5d77195ab813da7332
New changelog entries:
* CVE-2013-1427: Switch the socket path for PHP when using FastCGI. /tmp is
world-writable which may cause security implications if an attacker
manages to control /tmp/php.socket before the web server (re-)starts.
* Switch VCS to git
* Push standards version (no changes)
-
272ebda...
by
Arno Töll <email address hidden>
on 2012-11-21
-
Import patches-unapplied version 1.4.31-3 to debian/sid
Imported using git-ubuntu import.
Changelog parent: e28e8bdb263e7793f410e9fc944ef8ab18a9c1ba
New changelog entries:
* Fix "configuration files refer to wrong path for documentation"
by merging a patch supplied by Denis Laxalde <email address hidden>
(Closes: #676641)
* CVE-2012-5533: Fix Denial Of Service attacks against Lighttpd by sending
faulty Connection headers