[ubuntu/raring-proposed] lighttpd 1.4.31-3ubuntu1 (Accepted)
Lorenzo De Liso
blackz at ubuntu.com
Thu Dec 6 17:10:15 UTC 2012
lighttpd (1.4.31-3ubuntu1) raring; urgency=low
* Merge from debian unstable, remaining changes:
- debian/control: libgamin-dev rather than libfam-dev to fix startup warning.
- debian/index.html: s/Debian/Ubuntu/g branding on the default page.
- Added a UFW profile set:
+ debian/lighttpd.dirs: added etc/ufw/applications.d
+ debian/rules: install the ufw profile.
+ debian/control: Suggests on ufw.
- Add lighttpd-dev package:
+ debian/control: Added lighttpd-dev package; Build-depends on
automake, libtool
+ debian/lighttpd-dev.install: Added.
- debian/rules: Add override_dh_installinit to set "defaults 91 09" to not
start before apache2 but in the same runlevel with the same priority.
- debian/patches/build-dev-package.patch: Updated
- debian/lighttpd.conf: Comment 'use-ipv6.pl' by default, which causes
failure to bind port in ipv4
* debian/index.html: corrected BTS Ubuntu link for lighttpd
lighttpd (1.4.31-3) unstable; urgency=high
* Fix "configuration files refer to wrong path for documentation"
by merging a patch supplied by Denis Laxalde <denis at laxalde.org>
(Closes: #676641)
* CVE-2012-5533: Fix Denial Of Service attacks against Lighttpd by sending
faulty Connection headers
lighttpd (1.4.31-1) unstable; urgency=low
* New upstream release
* Be more careful when removing dangling symlinks, as introduced in 1.4.30-1.
Under some configurations the postrm script could fail previously.
* Change the use-ipv6.pl script to read the default listening port as a
command line argument, fall back to the old default behavior otherwise
(Closes: #632723, #642604). Thanks to Sebastian Pipping to accidentally
give a hint how to fix this old problem by driving by.
* Push standards version to 3.9.3.1 - no further changes
* Fix "[lighttpd] "ldap" lowercase in extended description" by fixing the
typo (Closes: #670206)
* Update my maintainer address
lighttpd (1.4.30-1) unstable; urgency=medium
* New upstream release
+ Fix integer overflow (CVE-2011-4362) (Closes: #652726)
+ Fix attack vector as disclosed by the SSL BEAST attack (related:
CVE-2011-3389). Note: If you are upgrading from an older version you need
to change your configuration to mitigate effects of the attack. See the
corresponding NEWS file for details.
+ Count SSL renegotiations to prevent client renegotiations
* Urgency set to medium due to security updates.
* Adapt to dpkg 1.16.1 API changes regarding build flags. This enables
hardening build flags. This means, lighttpd is now being built with
-fstack-protector and other security related build flags.
* Add dpkg-dev (>= 1.16.1~) to build-depends to make sure our buildflags are
properly supported. That's guaranteed for Testing, but might be helpful to
know for backporters.
* Fix "Doesn't remove /etc/lighttpd on purge" by removing dangling symlinks
/only/. This does not entirely fix the problem of the maintainer, but we can
not simply remove all files in /etc/lighttpd as other packages or the user
himself might have left configuration files back (Closes: #642494)
* Fix "please include systemd service file" Support systemd as alternative to
sysvinit, ship systemd and tempfiles.d configuration files. Thanks to
Michael Stapelberg for providing the required files (Closes: #652442)
lighttpd (1.4.29-1) unstable; urgency=low
* New upstream release
* Fix "lighty-enable-mod should return non-zero on fail" Update script to
leave with appropriate exit status (Closes: #629638)
* Remove the following patches:
+ silence-errors.diff - applied upstream
+ patches/ssl-fix.patch - applied upstream
* Add `debian/source/options' to make dpkg-source ignore glitches done by
upstream's Makefile in `src/mod_ssi_exprparser.c' and `src/configparser.c'
* Run maintainer scripts with `set -e'
lighttpd (1.4.28-5) unstable; urgency=low
* Build with sbuilder to avoid linking to non-existed packages.
lighttpd (1.4.28-4) unstable; urgency=low
[ Krzysztof Krzyżaniak (eloy) ]
* Add Arno Töll to Uploaders
[ Arno Töll ]
* Fix "leaves dangling alternatives on upgrade" add preinst script which
removes the dangling symlink (Closes: #614716)
* Fix "/etc/lighttpd/conf-available/15-fastcgi-php.conf: fastcgi-php
file missing a required directive" add a dependency based recursive module
enable system in lighty-enable-mod (Closes: #600050)
* Fix "binNMU for openssl 1.0.0 broke SSL support" backport fix from upstream
to avoid name clashes between OpenSSL and Lighty's MD5 implementation
(Closes: #622733)
lighttpd (1.4.28-3) unstable; urgency=low
[ Krzysztof Krzyżaniak (eloy) ]
* Updated debian/control and debian/copyright files
* fix for debhelper-overrides-need-versioned-build-depends (>= 7.0.50~)
* debian/compat: increased to 8
[ Olaf van der Spek]
* Don't fail install if server fails to start (closes: #383425)
* Fix index-file.names typo (closes: #609890)
Date: Thu, 06 Dec 2012 17:54:59 +0100
Changed-By: Lorenzo De Liso <blackz at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/raring/+source/lighttpd/1.4.31-3ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 06 Dec 2012 17:54:59 +0100
Source: lighttpd
Binary: lighttpd lighttpd-doc lighttpd-mod-mysql-vhost lighttpd-mod-trigger-b4-dl lighttpd-mod-cml lighttpd-mod-magnet lighttpd-mod-webdav lighttpd-dev
Architecture: source
Version: 1.4.31-3ubuntu1
Distribution: raring
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Lorenzo De Liso <blackz at ubuntu.com>
Description:
lighttpd - fast webserver with minimal memory footprint
lighttpd-dev - Development files for lighttpd
lighttpd-doc - documentation for lighttpd
lighttpd-mod-cml - cache meta language module for lighttpd
lighttpd-mod-magnet - control the request handling module for lighttpd
lighttpd-mod-mysql-vhost - MySQL-based virtual host configuration for lighttpd
lighttpd-mod-trigger-b4-dl - anti-deep-linking module for lighttpd
lighttpd-mod-webdav - WebDAV module for lighttpd
Closes: 383425 600050 609890 614716 622733 629638 632723 642494 642604 652442 652726 670206 676641
Changes:
lighttpd (1.4.31-3ubuntu1) raring; urgency=low
.
* Merge from debian unstable, remaining changes:
- debian/control: libgamin-dev rather than libfam-dev to fix startup warning.
- debian/index.html: s/Debian/Ubuntu/g branding on the default page.
- Added a UFW profile set:
+ debian/lighttpd.dirs: added etc/ufw/applications.d
+ debian/rules: install the ufw profile.
+ debian/control: Suggests on ufw.
- Add lighttpd-dev package:
+ debian/control: Added lighttpd-dev package; Build-depends on
automake, libtool
+ debian/lighttpd-dev.install: Added.
- debian/rules: Add override_dh_installinit to set "defaults 91 09" to not
start before apache2 but in the same runlevel with the same priority.
- debian/patches/build-dev-package.patch: Updated
- debian/lighttpd.conf: Comment 'use-ipv6.pl' by default, which causes
failure to bind port in ipv4
* debian/index.html: corrected BTS Ubuntu link for lighttpd
.
lighttpd (1.4.31-3) unstable; urgency=high
.
* Fix "configuration files refer to wrong path for documentation"
by merging a patch supplied by Denis Laxalde <denis at laxalde.org>
(Closes: #676641)
* CVE-2012-5533: Fix Denial Of Service attacks against Lighttpd by sending
faulty Connection headers
.
lighttpd (1.4.31-1) unstable; urgency=low
.
* New upstream release
* Be more careful when removing dangling symlinks, as introduced in 1.4.30-1.
Under some configurations the postrm script could fail previously.
* Change the use-ipv6.pl script to read the default listening port as a
command line argument, fall back to the old default behavior otherwise
(Closes: #632723, #642604). Thanks to Sebastian Pipping to accidentally
give a hint how to fix this old problem by driving by.
* Push standards version to 3.9.3.1 - no further changes
* Fix "[lighttpd] "ldap" lowercase in extended description" by fixing the
typo (Closes: #670206)
* Update my maintainer address
.
lighttpd (1.4.30-1) unstable; urgency=medium
.
* New upstream release
+ Fix integer overflow (CVE-2011-4362) (Closes: #652726)
+ Fix attack vector as disclosed by the SSL BEAST attack (related:
CVE-2011-3389). Note: If you are upgrading from an older version you need
to change your configuration to mitigate effects of the attack. See the
corresponding NEWS file for details.
+ Count SSL renegotiations to prevent client renegotiations
* Urgency set to medium due to security updates.
* Adapt to dpkg 1.16.1 API changes regarding build flags. This enables
hardening build flags. This means, lighttpd is now being built with
-fstack-protector and other security related build flags.
* Add dpkg-dev (>= 1.16.1~) to build-depends to make sure our buildflags are
properly supported. That's guaranteed for Testing, but might be helpful to
know for backporters.
* Fix "Doesn't remove /etc/lighttpd on purge" by removing dangling symlinks
/only/. This does not entirely fix the problem of the maintainer, but we can
not simply remove all files in /etc/lighttpd as other packages or the user
himself might have left configuration files back (Closes: #642494)
* Fix "please include systemd service file" Support systemd as alternative to
sysvinit, ship systemd and tempfiles.d configuration files. Thanks to
Michael Stapelberg for providing the required files (Closes: #652442)
.
lighttpd (1.4.29-1) unstable; urgency=low
.
* New upstream release
* Fix "lighty-enable-mod should return non-zero on fail" Update script to
leave with appropriate exit status (Closes: #629638)
* Remove the following patches:
+ silence-errors.diff - applied upstream
+ patches/ssl-fix.patch - applied upstream
* Add `debian/source/options' to make dpkg-source ignore glitches done by
upstream's Makefile in `src/mod_ssi_exprparser.c' and `src/configparser.c'
* Run maintainer scripts with `set -e'
.
lighttpd (1.4.28-5) unstable; urgency=low
.
* Build with sbuilder to avoid linking to non-existed packages.
.
lighttpd (1.4.28-4) unstable; urgency=low
.
[ Krzysztof Krzyżaniak (eloy) ]
* Add Arno Töll to Uploaders
.
[ Arno Töll ]
* Fix "leaves dangling alternatives on upgrade" add preinst script which
removes the dangling symlink (Closes: #614716)
* Fix "/etc/lighttpd/conf-available/15-fastcgi-php.conf: fastcgi-php
file missing a required directive" add a dependency based recursive module
enable system in lighty-enable-mod (Closes: #600050)
* Fix "binNMU for openssl 1.0.0 broke SSL support" backport fix from upstream
to avoid name clashes between OpenSSL and Lighty's MD5 implementation
(Closes: #622733)
.
lighttpd (1.4.28-3) unstable; urgency=low
.
[ Krzysztof Krzyżaniak (eloy) ]
* Updated debian/control and debian/copyright files
* fix for debhelper-overrides-need-versioned-build-depends (>= 7.0.50~)
* debian/compat: increased to 8
.
[ Olaf van der Spek]
* Don't fail install if server fails to start (closes: #383425)
* Fix index-file.names typo (closes: #609890)
Checksums-Sha1:
4d74a1716eb5b7c44d3db616812d07f338614853 2487 lighttpd_1.4.31-3ubuntu1.dsc
6b3babc9df173cea5ae4756c2fd6b0e85e015f2a 840123 lighttpd_1.4.31.orig.tar.gz
e12914b707976ca279db91d069ee9711de01e173 34351 lighttpd_1.4.31-3ubuntu1.debian.tar.gz
Checksums-Sha256:
416f98bc8298b37b26b9a4585b0735fd1132957a9bf6b7de729fc2edb2fc9e10 2487 lighttpd_1.4.31-3ubuntu1.dsc
848a15604bf358d9355bd7a48c01f448c286734dbb5f4dc1cd16acb8b05a9b52 840123 lighttpd_1.4.31.orig.tar.gz
a2ba1610f9bc6ed8948f57634893a1d7ecfccbbd4f391cdd33aa32f38e35e9b5 34351 lighttpd_1.4.31-3ubuntu1.debian.tar.gz
Files:
196d426ea185202d69af94c36ac0ffc7 2487 httpd optional lighttpd_1.4.31-3ubuntu1.dsc
7907b7167d639b8a8daab97e223249d5 840123 httpd optional lighttpd_1.4.31.orig.tar.gz
3b37f46f04e44ab2fabb211fd3a764d5 34351 httpd optional lighttpd_1.4.31-3ubuntu1.debian.tar.gz
Original-Maintainer: Debian lighttpd maintainers <pkg-lighttpd-maintainers at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEcBAEBAgAGBQJQwM41AAoJECG2nyCsu/UV0qMIANUmJXtYRaN6vB6+Wi+sCIrA
5uzZRbLor9c8JSdmpv5Yk04I15gUNbB1k9R/Ln3iwsNvGqywUzk2ev/2i+HNeTDy
tD2izV9MQcgp8m/UukfYy2f6vPfQM0sGfY3weVw2vhFbIq6c+Hp0dN2U+lYceMZu
C713v5WCrqFmRNxfMxFrS8iZsbV0REdN8fwzc/uuSVbZUM8WsDxc9Mka6DRPjQsx
Ah5hQGvPbNyW0oHLb+WrDZ03DaG8q0JmrklzOulB/NY+xpt7mkyZ7tzdUF/3QRbK
2sEgXml6KKk9EGntxGuTlamOYm+LtY2wdHStfQ4s+crI0Y4xWM9/mY7fcEk7q5g=
=fuXF
-----END PGP SIGNATURE-----
More information about the Raring-changes
mailing list