[ubuntu/trusty-proposed] lighttpd 1.4.33-1ubuntu1 (Accepted)

Mattia Rizzolo mapreri at ubuntu.com
Thu Nov 7 11:30:15 UTC 2013 

lighttpd (1.4.33-1ubuntu1) trusty; urgency=low

  * Merge from Debian unstable (LP: #1246886).  Remaining changes:
    - debian/index.html: corrected BTS Ubuntu link for lighttpd.
    - debian/index.html: s/Debian/Ubuntu/g branding on the default page.
    - debian/lighttpd.conf: Comment 'use-ipv6.pl' by default, which causes
      failure to bind port in ipv4.
    - Add lighttpd-dev package:
      + debian/control: Added lighttpd-dev package; Build-depends on
        automake (>=1.14), libtool.
      + debian/lighttpd-dev.install: Added.
    - debian/control: libgamin-dev rather than libfam-dev to fix startup warning.
    - debian/rules: Add override_dh_installinit to set "defaults 91 09" to not
      start before apache2 but in the same runlevel with the same priority.
    - Added a UFW profile set:
      + debian/lighttpd.dirs: added etc/ufw/applications.d
      + debian/rules: install the ufw profile.
      + debian/control: Suggests on ufw.
    - debian/patches/build-dev-package.patch: Updated to reflect 1.4.33 changes.

lighttpd (1.4.33-1) unstable; urgency=low

  * Drop the connection-dos.patch - merged upstream.
  * Fix "mod_extforward missing configuration file": ship requested
    configuration file (Closes: #697304)
  * Remove access.conf, an obsolete conffiles as we should have done since
    2010 (Closes: #703215)
  * Push debhelper's compat mode to 9, the use of maintscript helper requires
    8.1 so we had to push the debhelper b-d anyway.
  * Fix "config.guess/config.sub out of date for arm64" by adding the patch
    provided by Colin Watson. Thanks (Closes: #726394).
  * Fix "[PATCH] use dh-systemd for proper systemd-related maintscripts" to
    add systemd support. Thanks to Michael Stapelberg (Closes: #713859)

lighttpd (1.4.31-4) unstable; urgency=high

  * CVE-2013-1427: Switch the socket path for PHP when using FastCGI. /tmp is
    world-writable which may cause security implications if an attacker
    manages to control /tmp/php.socket before the web server (re-)starts.
  * Switch VCS to git
  * Push standards version (no changes)

Date: Wed, 30 Oct 2013 15:52:50 +0100
Changed-By: Mattia Rizzolo <mapreri at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Martin Pitt <martin.pitt at ubuntu.com>
https://launchpad.net/ubuntu/trusty/+source/lighttpd/1.4.33-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 30 Oct 2013 15:52:50 +0100
Source: lighttpd
Binary: lighttpd lighttpd-doc lighttpd-mod-mysql-vhost lighttpd-mod-trigger-b4-dl lighttpd-mod-cml lighttpd-mod-magnet lighttpd-mod-webdav lighttpd-dev
Architecture: source
Version: 1.4.33-1ubuntu1
Distribution: trusty
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Mattia Rizzolo <mapreri at ubuntu.com>
Description: 
 lighttpd   - fast webserver with minimal memory footprint
 lighttpd-dev - Development files for lighttpd
 lighttpd-doc - documentation for lighttpd
 lighttpd-mod-cml - cache meta language module for lighttpd
 lighttpd-mod-magnet - control the request handling module for lighttpd
 lighttpd-mod-mysql-vhost - MySQL-based virtual host configuration for lighttpd
 lighttpd-mod-trigger-b4-dl - anti-deep-linking module for lighttpd
 lighttpd-mod-webdav - WebDAV module for lighttpd
Closes: 697304 703215 713859 726394
Launchpad-Bugs-Fixed: 1246886
Changes: 
 lighttpd (1.4.33-1ubuntu1) trusty; urgency=low
 .
   * Merge from Debian unstable (LP: #1246886).  Remaining changes:
     - debian/index.html: corrected BTS Ubuntu link for lighttpd.
     - debian/index.html: s/Debian/Ubuntu/g branding on the default page.
     - debian/lighttpd.conf: Comment 'use-ipv6.pl' by default, which causes
       failure to bind port in ipv4.
     - Add lighttpd-dev package:
       + debian/control: Added lighttpd-dev package; Build-depends on
         automake (>=1.14), libtool.
       + debian/lighttpd-dev.install: Added.
     - debian/control: libgamin-dev rather than libfam-dev to fix startup warning.
     - debian/rules: Add override_dh_installinit to set "defaults 91 09" to not
       start before apache2 but in the same runlevel with the same priority.
     - Added a UFW profile set:
       + debian/lighttpd.dirs: added etc/ufw/applications.d
       + debian/rules: install the ufw profile.
       + debian/control: Suggests on ufw.
     - debian/patches/build-dev-package.patch: Updated to reflect 1.4.33 changes.
 .
 lighttpd (1.4.33-1) unstable; urgency=low
 .
   * Drop the connection-dos.patch - merged upstream.
   * Fix "mod_extforward missing configuration file": ship requested
     configuration file (Closes: #697304)
   * Remove access.conf, an obsolete conffiles as we should have done since
     2010 (Closes: #703215)
   * Push debhelper's compat mode to 9, the use of maintscript helper requires
     8.1 so we had to push the debhelper b-d anyway.
   * Fix "config.guess/config.sub out of date for arm64" by adding the patch
     provided by Colin Watson. Thanks (Closes: #726394).
   * Fix "[PATCH] use dh-systemd for proper systemd-related maintscripts" to
     add systemd support. Thanks to Michael Stapelberg (Closes: #713859)
 .
 lighttpd (1.4.31-4) unstable; urgency=high
 .
   * CVE-2013-1427: Switch the socket path for PHP when using FastCGI. /tmp is
     world-writable which may cause security implications if an attacker
     manages to control /tmp/php.socket before the web server (re-)starts.
   * Switch VCS to git
   * Push standards version (no changes)
Checksums-Sha1: 
 c2c5bc13c7228bdb0229998510778e856174010c 2884 lighttpd_1.4.33-1ubuntu1.dsc
 0f94a3bb1678c71e9973df8063a22374e8d5ddf4 664850 lighttpd_1.4.33.orig.tar.bz2
 796a572e89642fa724129e7fff886019bb593bcb 34660 lighttpd_1.4.33-1ubuntu1.debian.tar.gz
Checksums-Sha256: 
 07497e200dc9f777bfee93f505b80c0ee69846a3df374a9d6ab5b84b4e249607 2884 lighttpd_1.4.33-1ubuntu1.dsc
 2ff2324658c0f90e7d39afd40f08f11ca230903b9019c31a2bbecd8f087f235e 664850 lighttpd_1.4.33.orig.tar.bz2
 387f57f064093619d3a7b4354bdee09d836647ef3f01db8e9c5e0e800b0fc4c0 34660 lighttpd_1.4.33-1ubuntu1.debian.tar.gz
Files: 
 8c69a094e3968fe744ee8991cbf5af85 2884 httpd optional lighttpd_1.4.33-1ubuntu1.dsc
 e66b8164e5fc5a6beec0823b697fbe1d 664850 httpd optional lighttpd_1.4.33.orig.tar.bz2
 87900d59684f49e19bef44054162f0f1 34660 httpd optional lighttpd_1.4.33-1ubuntu1.debian.tar.gz
Original-Maintainer: Debian lighttpd maintainers <pkg-lighttpd-maintainers at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBCAAGBQJSe3lNAAoJENFO8V2v4RNHE/wP/3QxsZW9YzbaeswRCfQUMckQ
h9Mu3pJyjGqnDhXSFOaj9bnARqoSHBR3WGQPM7bO0YircYdtdRLN8F/LLEUzBqVc
mjW1OoYUeC3nCxdCs3I1bZvcP0WRsNACQ/bPwYXheCopwZOFmgt7NnuXeCHPrsDm
PwqURJOkOZyfuDp0ZSu1DGELK+SRfn/QP+NQ99v8OQ/Ghnli7Oh01/D6nKHNWVnO
pvuzpJXg6ngpyPAcNxVkUpIjGs52+O/eg2lZMEUywnBBT+Nan1pH8RGQvRL5BOCR
NUcTHGQC+kCxhYSRBZRssCrQtcNWdTHPSG7YY4ikEKs2lU1TJMDCZnZVdSWXWfE3
Kq128ZxitwdKQOKj/FKZWGD3dlFNNV9Kp+wUQABnSXyNE6/kGXcFUAKng2p1NaPL
+5nr/4Tdfr987+IvPIPPuvbvbQWYBpAPIV8Wiygcqz7+NYf5X/F1sMISvI4pXwJo
EgRc73g5zT1GbYZI2ALIsr3ieDN1jdIGDfSbgxlhkdR4A9gbo9krJwEzYr2tVgBV
ZdgKK1mdbfIerp44qEqh4ShSQfdUjCvB1kOmWq1XhtYkLoFDyYX6alfnt9nrqVhg
a2Y5kDPm0vWKQdXPsdUyyCgCvRKOS7ez9U5lUyR2Yyzx+DJbXqWWzm3ShPwUWY7X
Vh2EsYB/HZWMspz2+yKV
=5r/I
-----END PGP SIGNATURE-----

More information about the Trusty-changes mailing list