Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: lighttpd-mod_vhostdb_pgsql | Distribution: openSUSE Tumbleweed |
Version: 1.4.82 | Vendor: openSUSE |
Release: 1.2 | Build date: Fri Sep 12 22:14:47 2025 |
Group: Productivity/Networking/Web/Servers | Build host: reproducible |
Size: 11119 | Source RPM: lighttpd-1.4.82-1.2.src.rpm |
Packager: http://bugs.opensuse.org | |
Url: https://www.lighttpd.net/ | |
Summary: PostgreSQL based virtual hosts module for Lighttpd |
With PostgreSQL based vhosting you can put the information where to look for the document-root of a given host into a PostgreSQL database.
BSD-3-Clause
* Fri Sep 12 2025 Andreas Stieger <andreas.stieger@gmx.de> - update to 1.4.82: * restrict request trailers to configured list: trailers in request headers will be ignored unless allowed field names are explicitly configured in a comma-separated list containing no spaces: server.feature-flags += (“request.trailer-whitelist” => “…”) This changes behavior from lighttpd 1.4.80, which added support for request trailers and header merging, but did not restrict request trailers. * bug fixes * Thu Aug 14 2025 Andreas Stieger <andreas.stieger@gmx.de> - update to 1.4.80: * detect and issue error trace for HTTP/2 MadeYouReset CVE-2025-8671 (boo#1243888) * stricter HTTP request/response header, trailer, and chunked validation/parsing * support HTTP response trailers * support HTTP request trailers merge to headers (if not streaming request body) * extend TLS error log messages to include client addr if error caused by client * extend TLS error log messages for HTTP/2 attack detection * reject path info on static files by default (static-file.disable-pathinfo) * Mon Jul 21 2025 Stefan Bühler <source@stbuehler.de> - update upstream keys (uids / expiry) - split some modules into separate packages, but require them in the main package for now: * mod_openssl * mod_deflate * mod_authn_dbi - add alternative tls modules: * mod_gnutls * mod_mbedtls * mod_nss - suggest DBI drivers with dbi modules - suggest some geoip packages for mod_maxminddb - kTLS offloading support (boo#1240669): * autoload tls kernel module with mod_openssl and mod_gnutls - use lua5.4 (upgrade from lua5.1) for mod_magnet - require libxcrypt-devel explicitly (for crypt_r) * Sun May 18 2025 Andreas Stieger <andreas.stieger@gmx.de> - update to 1.4.79: * bug fix for mod_openssl using both ECDSA and RSA certs * hardened systemd lighttpd.service - drop harden_lighttpd.service.patch * Wed Mar 26 2025 Andreas Stieger <andreas.stieger@gmx.de> - update to 1.4.78: * option to reload TLS certs and CRLs * bug fixes * Sun Mar 23 2025 Andreas Stieger <andreas.stieger@gmx.de> - update to 1.4.77: * stronger TLS defaults: TLSv1.3 * defaults t limit TLSv1.3 Groups to the IANA “Recommended” set: “X25519:P-256:P-384:X448” * server.error-handler-404 operates only on 404 * lighttpd.conf renamed lighttpd.annotated.conf, lighttpd.conf is now a simpler header which includes lighttpd.annotated.conf. * Sat Apr 13 2024 Andreas Stieger <andreas.stieger@gmx.de> - update to 1.4.76: * detect VU#421644 HTTP/2 CONTINUATION Flood * issue trace and send GO_AWAY * tarball is now more reproducible and verifiable * Sat Mar 23 2024 Andreas Stieger <andreas.stieger@gmx.de> - update to 1.4.75: * incrementally stronger TLS cipher defaults * fix a regression in mod_dirlisting in lighttpd 1.4.74 * add missing file src/compat/sys/queue.h to the release tarball - packaging changes upon notes by the upstream developers: * drop usage of lightytest.sh and PHP dependencies * drop unneeeded build dependencies and build options * drop non-default BZIP2 support * update description of -mod_webdav * Fri Mar 01 2024 Andreas Stieger <andreas.stieger@gmx.de> - update to 1.4.74: * Some messages sent to syslog() (if enabled in lighttpd config) have been changed to use different priorities (e.g. LOG_WARNING, LOG_DEBUG) instead of everything being sent with LOG_ERROR priority. The change affects only lighttpd configs which set server.errorlog-use-syslog = “enable” (not default) * Other bug fixes * Mon Feb 05 2024 Andreas Stieger <andreas.stieger@gmx.de> - fix user/group with rpm 4.19 (boo#1219549) * Tue Oct 31 2023 Andreas Stieger <andreas.stieger@gmx.de> - update to 1.4.73: * CVE-2023-44487: HTTP/2 detect and log rapid reset attack (boo#1216123) * Sat Oct 07 2023 Andreas Stieger <andreas.stieger@gmx.de> - update to 1.4.72: * a number of buf fixes and developer visible changes * Sun May 28 2023 Andreas Stieger <andreas.stieger@gmx.de> - update to 1.4.71: * HTTP/2 support separated to mod_h2 module * Fri May 12 2023 Andreas Stieger <andreas.stieger@gmx.de> - update to 1.4.70: * speed up CGI spawning * support HTTP/2 downstream proxy serving multiple clients on single connection (mod_extforward, mod_maxminddb) * no longer building separate modules for built-in modules lighttpd omits building separate (unused) modules for: mod_access mod_alias mod_evhost mod_expire mod_fastcgi mod_indexfile mod_redirect mod_rewrite mod_scgi mod_setenv mod_simple_vhost mod_staticfile * Sat Feb 11 2023 Andreas Stieger <andreas.stieger@gmx.de> - update to 1.4.69: * bug fixes and portability fixes * Sat Jan 21 2023 Andreas Stieger <andreas.stieger@gmx.de> - update to 1.4.68: * TLS modules now default to using stronger, modern ciphers and will default to allow client preference in selecting ciphers. Allowing client preference in selecting ciphers is safe to do along with restrictions to use modern ciphers supporting PFS, and is better for mobile users without AES hardware acceleration. Legacy ciphers can still be configured in lighttpd.conf using `ssl.openssl.ssl-conf-cmd`, as long as the ciphers are supported by the underlying TLS libraries. https://wiki.lighttpd.net/Docs_SSL new defaults: “CipherString” => “EECDH+AESGCM:AES256+EECDH:CHACHA20:SHA256:!SHA384”, “Options” => “-ServerPreference” old defaults: “CipherString” => “HIGH”, “Options” => “ServerPreference” * Deprecated TLS options have been removed. – ssl.honor-cipher-order – ssl.dh-file – ssl.ec-curve – ssl.disable-client-renegotiation – ssl.use-sslv2 – ssl.use-sslv3 See https://wiki.lighttpd.net/Docs_SSL for replacements with `ssl.openssl.ssl-conf-cmd`, but prefer lighttpd defaults instead. * Deprecated: mod_evasive has been removed * Deprecated: mod_secdownload has been removed * Deprecated: mod_uploadprogress has been removed * Deprecated: mod_usertrack has been removed These four modules can be replaced with a few lines of LUA. * Wed Nov 16 2022 Andreas Stieger <andreas.stieger@gmx.de> - package license file * Tue Nov 15 2022 pgajdos@suse.com - build with php8 on current releases * Fri Sep 23 2022 Dirk Müller <dmueller@suse.com> - update to 1.4.67: * Update comment about TCP_INFO on OpenBSD * [mod_ajp13] fix crash with bad response headers (fixes #3170) * [core] handle RDHUP when collecting chunked body CVE-2022-41556 boo#1203872 * [core] tweak streaming request body to backends * [core] handle ENOSPC with pwritev() (#3171) * [core] manually calculate off_t max (fixes #3171) * [autoconf] force large file support (#3171) * [multiple] quiet coverity warnings using casts * [meson] add license keyword to project declaration * Tue Sep 13 2022 Andreas Stieger <andreas.stieger@gmx.de> - update to 1.4.66: * a number of bug fixes * Fix HTTP/2 downloads >= 4GiB * Fix SIGUSR1 graceful restart with TLS * futher bug fixes * CVE-2022-37797: null pointer dereference in mod_wstunnel, possibly a remotely triggerable crash (boo#1203358) * In an upcoming release the TLS modules will default to using stronger, modern chiphers and will default to allow client preference in selecting ciphers. “CipherString” => “EECDH+AESGCM:AES256+EECDH:CHACHA20:SHA256:!SHA384”, “Options” => “-ServerPreference” old defaults: “CipherString” => “HIGH”, “Options” => “ServerPreference” * A number of TLS options are how deprecated and will be removed in a future release: – ssl.honor-cipher-order – ssl.dh-file – ssl.ec-curve – ssl.disable-client-renegotiation – ssl.use-sslv2 – ssl.use-sslv3 The replacement option is ssl.openssl.ssl-conf-cmd, but lighttpd defaults should be prefered * A number of modules are now deprecated and will be removed in a future release: mod_evasive, mod_secdownload, mod_uploadprogress, mod_usertrack can be replaced by mod_magnet and a few lines of lua. * Tue Jun 21 2022 Dirk Müller <dmueller@suse.com> - update to 1.4.65: * WebSockets over HTTP/2 * RFC 8441 Bootstrapping WebSockets with HTTP/2 * HTTP/2 PRIORITY_UPDATE * RFC 9218 Extensible Prioritization Scheme for HTTP * prefix/suffix conditions in lighttpd.conf * mod_webdav safe partial-PUT * webdav.opts += (“partial-put-copy-modify” => “enable”) * mod_accesslog option: accesslog.escaping = “json” * mod_deflate libdeflate build option * speed up request body uploads via HTTP/2 * Behavior Changes * change default server.max-keep-alive-requests = 1000 to adjust * to increasing HTTP/2 usage and to web2/web3 application usage * (prior default was 100) * mod_status HTML now includes HTTP/2 control stream id 0 in the output * which contains aggregate counts for the HTTP/2 connection * (These lines can be identified with URL ‘*’, part of “PRI *” preface) * alternative: https://wiki.lighttpd.net/ModMagnetExamples#lua-mod_status * MIME type application/javascript is translated to text/javascript (RFC 9239) * Thu Feb 03 2022 Johannes Segitz <jsegitz@suse.com> - Set ProtectHome to read-only, otherwise access to the users public_html can break (bsc#1195465) * Sat Jan 22 2022 Andreas Stieger <andreas.stieger@gmx.de> - update to 1.4.64: * CVE-2022-22707: off-by-one stack overflow in the mod_extforward plugin (boo#1194376) * graceful restart/shutdown timeout changed from 0 (disabled) to 8 seconds. configure an alternative with: server.feature-flags += (“server.graceful-shutdown-timeout” => 8) * deprecated modules (previously announced) have been removed: mod_authn_mysql, mod_mysql_vhost, mod_cml, mod_flv_streaming, mod_geoip, mod_trigger_b4_dl
/usr/lib/lighttpd/mod_vhostdb_pgsql.so /usr/share/licenses/lighttpd-mod_vhostdb_pgsql /usr/share/licenses/lighttpd-mod_vhostdb_pgsql/COPYING
Generated by rpm2html 1.8.1
Fabrice Bellet, Thu Oct 23 22:58:29 2025