ALT Linux repositórios
S: | 1.4.71-alt1 |
5.0: | 1.4.20-alt2.svn.2364 |
4.1: | 1.4.20-alt0.M41.1 |
4.0: | 1.4.25-alt0.svn.2710.M40.1 |
+updates: | 1.4.19-alt1.M40.1 |
3.0: | |
+backports: | 1.4.9-alt0.M30.1 |
Group :: Sistema/Servidores
RPM: lighttpd
Main Changelog Spec Patches Sources Download Gear Bugs e FR Repocop
4 fevereiro 2010 Vladimir V. Kamarzin <vvk at altlinux.org> 1.4.25-alt1.svn.2710
- Update to 2710 revision of 1.4.x branch.
- Security fix: CVE-2010-0295 (lighttpd Slow Request Denial of Service
Vulnerability).
- Rebuild for 4.0.
- Properly create all docroots specified in config file, patch by
Nikolay A. Fetisov (Closes: #22652).
- Fix building with fresh liblua
- 1.4.23
- Move spawn-fcgi package to separate git repository because spawn-fcgi
was removed from lighttpd main tree, see
http://blog.lighttpd.net/articles/2009/04/03/spawn-fcgi-removed-from-lighttpd-1-4 - Rebuilt with libldap2.4
- 1.4.22
- Fix+add cond* actions in spawn-fcgi initscript
- Rebuild for 4.0
- Updated to 2364 revision of 1.4.x branch
- Add condrestart action for spawn-fcgi initscript
- 1.4.20 release
- Security fix: duplicate Request Headers Memory Leak Vulnerability
http://secunia.com/advisories/32069/
- Rebuild for 4.0
- Updated to 2299 revision of 1.4.x branch
- Move spawn-fcgi to separate subpackage (thresh, vvk)
- Updated to 2296 revision of 1.4.x branch
- initscript: add restart() (Closes: #16417)
- logrotate-script: redirect output to /dev/null
- Updated to 2142 revision of 1.4.x branch
- Security fixes:
+ CVE-2008-1531 lighttpd OpenSSL Error Queue Denial of Service Vulnerability - Enable memcache support
- Build for M40
- Add logrotate script
- Initscript changes:
+ Check docdir existance and create it if it doesn't exist (Closes: #12725)
+ Introduce log_reopen() function for sending SIGHUP to daemon - needed for
log rotation
- There is an error in previous package version: real version was 1.4.18, not
1.4.19! - This is real 1.4.19 release. Security fixes:
+ CVE-2008-0983: remote DoS
+ CVE-2008-1111: exposure of sensitive information (Fix sending source of cgi
script instead of 500 error if fork fails)
- Real version is 1.4.18 - there is error in package version!!!
- Security fix: CVE-2007-4727: FastCGI header overrun in mod_fastcgi
- Updated to 1981 revision of 1.4.x branch:
+ many bugs fixed (see HISTORY) - Fixed ALT Security Policy violation (spooldir permissions)
- Updated to 1881 revision of 1.4.x branch
- Security fixes:
+ Remote crash on duplicate header keys with line-wrapping (fixes #1230)
+ Missing check for base64 encoded string in mod_auth and Basic
auth (reported by Stefan Esser)
+ Crash with md5-sess and cnonce not set in mod_auth (reported
by Stefan Esser)
+ Possible crash in Auth-Digest header parser on trailing WS in
mod_auth (reported by Stefan Esser)
+ mem-leak in mod_auth (reported by Stefan Esser)
+ URL Access restrictions bypass in mod_access
+ Local DOS with broken FastCGI applications
- Updated to 1.4.15 release
- Updated to 1745 revision of 1.4.x branch
- Added sis/sisx mime types (Closes: #11462)
- Updated to 1719 revision of 1.4.x branch
+ Fix crash if gethostbyaddr() fails on redirect
- Build without memcache
- Updated to 1716 revision of 1.4.x branch
- Updated to 1.4.x branch svn revision 1607
- Security fix:
+ Fix remote DOS in CRLF parsing (CVE-2007-1869)
+ Fix a crash for files with an mtime of 0 reported by cubiq on irc
(CVE-2007-1870) - Integrate lighttpd-1.4.3-config.patch
- 1.4.9;
- change fam support to gamin;
- pack ChangeLog and move it to -doc subpackage.
- 1.4.8;
- fix #8431.
- 1.4.6.
- fix config dir permissions.
- fix requires.
- add libfcgi-devel to BuildRequires.
- add lua,memcache,fam,ldap support.
- split out to many packages.
- first build for ALTLinux Sisyphus.
- upgraded to 1.3.1
- rpmlint'ed the package
- added URL
- added (noreplace) to start-script
- change group to Networking/Daemon (like apache)
- initial version