| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: lighttpd | Distribution: openSUSE 10.2 (i586) |
| Version: 1.4.13 | Vendor: SUSE LINUX Products GmbH, Nuernberg, Germany |
| Release: 41.10 | Build date: Sun Apr 27 11:16:07 2008 |
| Group: Productivity/Networking/Web/Servers | Build host: stravinsky.suse.de |
| Size: 838715 | Source RPM: lighttpd-1.4.13-41.10.src.rpm |
| Packager: http://bugs.opensuse.org | |
| Url: http://www.lighttpd.net/ | |
| Summary: A Secure, Fast, Compliant, and Very Flexible Web Server | |
Lighttpd a secure, fast, compliant, and very flexible Web server that
has been optimized for high-performance environments. It has a very low
memory footprint compared to other Web servers and takes care of CPU
load. Its advanced feature set (FastCGI, CGI, Auth,
Output-Compression, URL-Rewriting, and more) makes lighttpd the perfect
Web server software for every server that is suffering load problems.
Authors:
--------
Jan Kneschke <jan@kneschke.de>
BSD 3-Clause
internal MD5: 94799a2391c4015aa3851209cfac8176
GPG
* Wed Apr 23 2008 - mrueckert@suse.de
- added lighttpd-1.4.x_ssl_dos.patch: (bnc#374761)
properly clear ssl errors before proceeding to the next connection
(CVE-2008-1531)
* Tue Mar 11 2008 - mrueckert@suse.de
- added lighttpd-1.4.x_high_load_dos.patch: (bnc#364517)
lighttpd crashed when handling a large number of connections
(CVE-2008-0983)
- added lighttpd-1.4.x_mod_cgi_disclosure.patch: (bnc#366526)
do not send the source of the CGI script on fork failures
(CVE-2008-1111)
- added lighttpd-1.4.x_mod_userdir_disclosure.patch: (bnc#368962)
require to set userdir.path to avoid accidental disclosure of
informations. to get back the old behavior set userdir.path to
"". Our default config has not been affected. (CVE-2008-1270)
- added lighttpd-1.4.13_php5_sucks_and_breaks_testsuite.patch:
workaround the change in the php5-fastcgi API.
* Mon Sep 24 2007 - mrueckert@suse.de
- bugs fixed for (#307749)
- added lighttpd-1.4.x_etag_crash.patch:
fixed remote DOS when client sents an etag while the server has
etags disabled. (CVE-2007-5074)
- lighttpd-1.4.x_mixed_eol_crash.patch
fixed crash when cgi scripts send mixed lineendings.
(CVE-2007-5073)
- added lighttpd-1.4.x_mod_fastcgi_overrun.patch and
lighttpd-1.4.x_header_parsing.patch: (CVE-2007-4727)
- Lighttpd is prone to a header overflow when using the
mod_fastcgi extension, this can lead to arbitrary code
execution in the fastcgi application.
- block chars < 0x20
- properly compare keys in header fields
* Mon Jul 30 2007 - mrueckert@suse.de
- added lighttpd-1.4.x_ouf_fd_crash.patch: (#292050)
Do not crash if we run out of filehandles (CVE-2007-3948)
* Tue Jul 24 2007 - mrueckert@suse.de
- added lighttpd-1.4.x_duplicated_headers_with_folding_crash.patch:
fixes sa2007_03 (#292050) (CVE-2007-3947)
- added lighttpd-1.4.x_mod_access_bypass.patch
fixes sa2007_08 (#292050) (CVE-2007-3949)
- added lighttpd-1.4.x_mod_auth_sec.patch
fixes sa2007_04, sa2007_05, sa2007_06, sa2007_07 (#292050)
(CVE-2007-3946)
* Wed Feb 21 2007 - mrueckert@suse.de
- added lighttpd-1.4.x_zero_mtime_crash.patch: (#246945)
Don't crash with files with a mtime of 0. (CVE-2007-1870)
- added lighttpd-1.4.x_crlf_parsing_dos.patch: (#246945)
Don't run into an endless loop when cthe client aborts the
connection. (CVE-2007-1869)
- fixed the default config: (#254820)
it broke when module configs used variables
* Fri Oct 20 2006 - mrueckert@suse.de
- Factory has 5.1.1. so allow building against plain lua-devel
* Tue Oct 10 2006 - mrueckert@suse.de
- update to 1.4.13:
- removed lighttpd-1.4.9.patch: fixed it upstream finally.
* added initgroups in spawn-fcgi (#871)
* added apr1 support htpasswd in mod-auth (#870)
* added lighty.stat() to mod_magnet
* fixed segfault in splitted CRLF CRLF sequences
(introduced in 1.4.12) (#876)
* fixed compilation of LOCK support in mod-webdav
* fixed fragments in request-URLs (#869)
* fixed pkg-config check for lua5.1 on debian
* fixed Content-Length = 0 on HEAD requests without
a known Content-Length (#119)
* fixed mkdir() forcing 0700 (#884)
* fixed writev() on FreeBSD 4.x and older (#875)
* removed warning about a 404-error-handler
returned 404
* backported and fixed the buildsystem changes for
webdav locks
* fixed plugin loading so we can finally load lua
extensions in mod_magnet scripts
* fixed large uploads if xattr is enabled
- buildrequire lua51
* Mon Sep 25 2006 - mrueckert@suse.de
- lighttpd.sysconfig/lighttpd.init:
added LIGHTTPD_UMASK with a default value of "077" to make sure
we have a sane umask. mod_webdav now honors the umask when
creating new files.
* Sat Sep 23 2006 - mrueckert@suse.de
- update to 1.4.12:
o added experimental LOCK support for webdav
o added Content-Range support for PUT in webdav
o added support for += on empty arrays in config-files
o added ssl.cipher-list and ssl.use-sslv2
o added $HTTP["querystring"] conditional
o added mod_magnet as long-term replacement for mod_cml
o added work-around for a Opera Bug with SSL + Chunked-Encoding
o changed --print-config to print to stdout instead of stderr
o changed no longer use 0600 for new files with webdav. umask is
honored. Make sure you have set a proper umask.
o fixed upload hangs with SSL
o fixed connection drops with SSL (aka bad retry)
o fixed path traversal with \ on cygwin
o fixed mem-leak in mod_flv_streaming
o fixed required trailing newline in configfiles (#142)
o fixed quoting the autoconf files (#466)
o fixed empty Host: + $HTTP["host"] handling (#458)
o fixed handling of If-Modified-Since if ETag is not set
o fixed default-shell if SHELL is not set (#441)
o fixed appending and assigning of env.* vars
o fixed empty FCGI_STDERR packets
o fixed conditional server.allow-http-11
o fixed handling of follow-symlink + lstat()
o fixed SIGHUP handling if max-workers is used
o fixed "Software caused connection abort" messages on FreeBSD
- additional changes from 1.4.11:
o added ability to specify which ip address spawn-fci listens on
(agkr@pobox.com)
o added mod_flv_streaming to streaming Flash Movies efficiently
o fixed handling of error codes returned by mod_dav_svn behing a
mod_proxy
o fixed error-messages in mod_auth and mod_fastcgi
o fixed re-enabling overloaded local fastcgi backends
o fixed handling of deleted files in linux-sendfile
o fixed compilation on BSD and MacOSX
o fixed $SERVER["socket"] on a already bound socket
o fixed local source retrieval on windows
(secunia)
o fixed hanging cgi if remote side is dieing while reading
from the pipe (sandy@meebo.com)
* Thu Jul 20 2006 - olh@suse.de
- remove unused neon from buildrequires
- remove unused neon from buildrequires
* Wed May 31 2006 - mrueckert@suse.de
- updated to 1.4.10
* added ability to specify which ip address spawn-fci listens on
(agkr@pobox.com)
* added mod_flv_streaming to streaming Flash Movies efficiently
* fixed handling of error codes returned by mod_dav_svn behing a
mod_proxy
* fixed error-messages in mod_auth and mod_fastcgi
* fixed re-enabling overloaded local fastcgi backends
* fixed handling of deleted files in linux-sendfile
* fixed compilation on BSD and MacOSX
* fixed $SERVER["socket"] on a already bound socket
* fixed local source retrieval on windows
(secunia)
* fixed hanging cgi if remote side is dieing while reading
from the pipe (sandy@meebo.com)
- removed lighttpd-1.4.10_importantfixes.patch:
all changes are upstream
- updated lighttpd-1.4.10_testsuite.patch:
o removed max-request size
o fixed count of the fastcgi tests.
* Tue Mar 07 2006 - mrueckert@suse.de
- added lightytest.sh
wrapper script around the test suite. so we properly cleanup the
php-fastcgi process.
* Mon Mar 06 2006 - mrueckert@suse.de
- added new splitted config (config.tar.bz2)
- added lighttpd-1.4.10_importantfixes.patch:
+ typo in mod_cml documentation (doc/cml.txt)
+ added paragraph about using var. and env.
(doc/configuration.txt)
+ explain fastcgi.map-extensions (doc/fastcgi.txt)
+ include FAM_CFLAGS/SQLITE3_CFLAGS when needed (src/Makefile.am)
+ dont crash if using %0 reference in a !~ conditional (tln #557)
(src/configfile-glue.c)
+ handle additional request types/methods for webdav
this allows proxying mod_dav_svn through lighttpd.
(src/connections.c, src/keyvalue.c, src/keyvalue.h)
+ handle aliases correctly with force_lowercase_filenames
(src/mod_alias.c)
+ improved error message for errors in the authentication config
(src/mod_auth.c)
+ cgi module no longer resets physical path (mod_cgi.c)
+ close unused pipe-fds as soon as possible to generate a
SIGPIPE if the remote end dies. (src/mod_cgi.c)
+ only send REQUEST_URI and QUERY_STRING if they are set
(src/mod_cgi.c)
+ added host.load as status-variable (src/mod_fastcgi.c)
+ better handling for shrinking files
(src/network_linux_sendfile.c)
+ don't init a SERVER["socket"] if it is initialized already
(src/network.c)
+ fixed end of life memleaks (tln #524) (src/server.c)
+ removed umask(0);, let the old umask stay in place (tln #547)
+ test suite fixes (tests/mod-fastcgi.t, tests/request.t)
+ allow leading zeros in HTTP/01.01 (tln #542)
(tests/core.t, src/request.c)
+ fixed handling of subdirs in ssi (tln #462) (src/mod_ssi.c)
- start lighttpd with a minimal environment
- added update for the server.tag in the config file
* Mon Feb 20 2006 - mrueckert@suse.de
- split off mod_rrdtool
* Wed Feb 08 2006 - mrueckert@suse.de
- update to version 1.4.10
* added docs for mod_dirlisting
* added fastcgi.map-extensions to mod_fastcgi
* fixed load balancing for mod_fastcgi
* fixed extra newline for syslog() in mod_accesslog
* fixed user-track cookie for IE in mod_usertrack
* fixed crash in digest handling in mod_auth
* fixed handling of 301 response-bodies from a mod_proxy backend
* fixed loading of base modules if server.modules is not set
* fixed broken cgi if mod_scgi is loaded
- enabled test suite
- applied lighttpd-1.4.10_testsuite.patch
- limits the max request size to 2GB. otherwise it would be 2^63-1
on 64bit arches and one tests would fail.
* Wed Jan 25 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
* Tue Jan 24 2006 - mrueckert@suse.de
- splitted up all modules that pull in extra dependencies
lighttpd-mod_cml - lua, libmemcache
lighttpd-mod_mysql_vhost - mysql-shared
lighttpd-mod_trigger_b4_dl - libmemcache,gdbm
lighttpd-mod_webdav - libxml2, sqlite3
* Mon Jan 23 2006 - mrueckert@suse.de
- fix typo in the file section
* Sun Jan 15 2006 - mrueckert@suse.de
- update to version 1.4.9
* added server.core-files option (sandy)
* added docs for mod_status
* added mod_evasive to limit the number of connections by IP ()
* added the power-magnet to mod_cml
* added internal statistics to mod_fastcgi
* added server.statistics-url to get internal statistics
from mod_status
* added support for conditional range-requests through If-Range
* added static building via scons
* fixed 100% cpu loops in mod_cgi ("sandy" )
* fixed handling for secure-download.timeout
(jamis@37signals.com)
* fixed IE bug in content-charset in the output of
mod_dirlisting (sniper@php.net)
* fixed typos and language in the docs
(ryan-2005@ryandesign.com)
* fixed assertion in mod_cgi on HEAD request is Content-Length ()
* fixed handling if equal but duplicate If-Modified-Since request
headers
* fixed endless loops in mod_fastcgi if backend is dead
* fixed Depth: 1 handling in PROPFIND requests on empty dirs
* fixed encoding of UTF8 encoded dirlistings (Jani Taskinen )
* fixed initial bind to a unix-domain socket through server.bind
* fixed handling of lowercase filesystems
* fixed duplicate request headers cause by mod_setenv
- added lighttpd-1.4.9_mod_fastcgi_crash.patch
temporary fix a crash in the log message
* Wed Nov 23 2005 - mrueckert@suse.de
- update to version 1.4.8
* added auto-reconnect to ldap-server in mod_auth
* changed auth.ldap-cafile to be optional
* added strip_request_uri in mod_fastcgi
* added more X-* headers to mod_proxy
* added 'debug' to simple-vhost to suppress the messages by default
* added support to let the server listen on UNIX-socket
* changed default stat-cache-engine to 'simple'
* removed debian/ dir from source package on request by packager
* fixed max-age timestamps in mod_expire
* fixed encoding the filenames in PROPFIND in mod_webdav
* fixed range request handling in network_writev
* fixed retry on connect error in mod_fastcgi
* fixed possible crash in mod_webdav if sqlite3 support
is available but not use
* fixed fdvent-handler init if server.max-worker was used
* fixed missing cleanup in mysql_vhost
* fixed assert() in "connections.c:962:
connection_handle_read_state: Assertion 'c->mem->used' failed."
* fixed 64bit issue in md5
* fixed crash in mod_status
* fixed duplicate headers in mod_proxy
* fixed Content-Length in HEAD request in mod_proxy
* fixed unsigned/signed comparisions
* fixed streaming in mod_cgi
* fixed possible overflow in password-salt handling
* fixed server-traffic-limit if connection limit is not set
- reenabled FAM support. (using gamin)
* Tue Oct 11 2005 - mrueckert@suse.de
- update to version 1.4.6
* fixed compilation on MacOS X and cygwin
* fixed compressed output if caching was disabled (seen in IE and Opera)
* fixed range-request option
* fixed mysql-vhost module (was broken in 1.4.5)
* fixed false positive in the detection of case-insensitive FS
* Tue Oct 04 2005 - mrueckert@suse.de
- update to version 1.4.5
Hâè &
Generated by rpm2html 1.8.1
Daniel Veillard, Fri Jul 25 03:34:51 2008