--- lighttpd-1.4.19.orig/debian/lighttpd.ufw.profile +++ lighttpd-1.4.19/debian/lighttpd.ufw.profile @@ -0,0 +1,14 @@ +[Lighttpd HTTP] +title=Web Server (lighttpd, HTTP) +description=A fast webserver with minimal memory footprint +ports=80/tcp + +[Lighttpd HTTPS] +title=Web Server (lighttpd, HTTPS) +description=A fast webserver with minimal memory footprint +ports=443/tcp + +[Lighttpd Full] +title=Web Server (lighttpd, HTTP + HTTPS) +description=A fast webserver with minimal memory footprint +ports=80,443/tcp --- lighttpd-1.4.19.orig/debian/lighttpd.dirs +++ lighttpd-1.4.19/debian/lighttpd.dirs @@ -0,0 +1,9 @@ +var/www +var/log/lighttpd +var/cache/lighttpd/compress +var/cache/lighttpd/uploads +etc/lighttpd/conf-available +etc/lighttpd/conf-enabled +etc/ufw/applications.d +usr/sbin +usr/lib/cgi-bin --- lighttpd-1.4.19.orig/debian/rules +++ lighttpd-1.4.19/debian/rules @@ -0,0 +1,28 @@ +#!/usr/bin/make -f + +include /usr/share/cdbs/1/rules/debhelper.mk +include /usr/share/cdbs/1/class/autotools.mk +include /usr/share/cdbs/1/rules/patchsys-quilt.mk + +DEB_DH_INSTALLINIT_ARGS += --error-handler=true +DEB_UPDATE_RCD_PARAMS += defaults 91 09 + +DEB_CONFIGURE_EXTRA_FLAGS += --libdir=/usr/lib/lighttpd --with-openssl \ + --with-kerberos5 --with-pcre --with-bz2 \ + --with-ldap --with-mysql --with-memcache \ + --with-lua=lua5.1 --with-gdbm --with-attr \ + --with-webdav-locks --with-webdav-props \ + --with-fam + +configure/lighttpd:: + chmod a+x debian/create-mime.assign.pl + chmod a+x debian/include-conf-enabled.pl + chmod a+x debian/lighty-enable-mod + chmod a+x debian/use-ipv6.pl + +binary-post-install/lighttpd:: + rm -f debian/lighttpd/usr/share/man/man1/spawn-fcgi.1* + mv debian/lighttpd/usr/bin/spawn-fcgi \ + debian/lighttpd/usr/bin/spawn-fcgi.lighttpd + + install -m644 debian/lighttpd.ufw.profile debian/lighttpd/etc/ufw/applications.d/lighttpd --- lighttpd-1.4.19.orig/debian/changelog +++ lighttpd-1.4.19/debian/changelog @@ -0,0 +1,960 @@ +lighttpd (1.4.19-5ubuntu2) jaunty; urgency=low + + * Added a UFW profile set. (LP: #317994) + - debian/lighttpd.dirs: added etc/ufw/applications.d + - debian/rules: install the ufw profile + - debian/control: lighttpd: suggest ufw + + -- Jacob Peddicord Fri, 23 Jan 2009 19:43:51 -0500 + +lighttpd (1.4.19-5ubuntu1) jaunty; urgency=low + + * Merge from debian unstable, remaining changes: + - debian/control: Depend on lsb >= 3.2-14, which has the + status_of_proc() function; libgamin-dev rather than libfam-dev + to fix startup warning + - debian/init.d: Add the 'status' action, clean environment + - debian/rules: set DEB_UPDATE_RCD_PARAMS to "defaults 91 09" to not + start lighty before apache2 but in the same runlevel with the same + priority + - debian/index.html: s/Debian/Ubuntu/g branding on the default page + - debian/compat: standards version 3.7.3, bump compat to 6, adjusted + build-dep of debhelper accordingly + * Dropped changes + - debian/lighttpd.install: all changes upstream now, order adjusted + accordingly + + -- Dustin Kirkland Sat, 22 Nov 2008 21:12:01 -0600 + +lighttpd (1.4.19-5) unstable; urgency=high + + * Remove the alias.url stanza from 10-cgi.conf (Closes: #499334). + * Add patches for lighttpd security 2008-05 to 2008-07 (no CVE yet): + + patches/lighttpd-1.4.x_request_header_memleak.patch + + patches/lighttpd-1.4.x_rewrite_redirect_decode_url.patch + + patches/lighttpd-1.4.x_userdir_lowercase.patch + * Urgency set to high for security fix. + + -- Pierre Habouzit Sat, 27 Sep 2008 12:00:47 +0200 + +lighttpd (1.4.19-4ubuntu2) intrepid; urgency=low + + * debian/control: Depend on lsb >= 3.2-14, which has the + status_of_proc() function. + * debian/init.d: Add the 'status' action (LP: #251924). + + -- Andres Rodriguez Fri, 25 Jul 2008 11:47:48 -0500 + +lighttpd (1.4.19-4ubuntu1) intrepid; urgency=low + + * Merge from debian unstable (LP: #233966), remaining changes: + - debian/rules: (From Debian) + - Remove spurious mkdir in debian/rules (Closes: dbts 448160). + - debian/conf-available/10-rrdtool: (From Debian) + + Add sample configuration for the mod_rrdtool (Closes: dbts 462907). + - debian/lighttpd.install: + + Install 10-rrdtool + - debian/patches/ldap-deprecated.dpatch: + + Force use of deprecated ldap interfaces (Closes: dbts 463368), + thanks to Dann Frazier (patches/ldap-deprecated.dpatch). + - debian/rules: (LP: #174289) + + set DEB_UPDATE_RCD_PARAMS to "defaults 91 09" to not start lighty before + apache2 but in the same runlevel with the same priority + - Build against libgamin-dev rather than libfam-dev (fixes a warning + during startup) + - Make sure that upgrades succeed, even if we can't restart lighttpd. + - Clean environment in init.d script. + + -- Nicolas Valcárcel Thu, 22 May 2008 11:26:16 +0200 + +lighttpd (1.4.19-4) unstable; urgency=high + + * Make debian/use-ipv6.pl executable in debian/rules, thanks to Marco d'Itri + for finding about this inexcusable mistake. + + -- Pierre Habouzit Mon, 12 May 2008 17:12:28 +0200 + +lighttpd (1.4.19-3) unstable; urgency=medium + + * Fix /var/cache/lighttpd/uploads permissions in postinst (Closes: 476870). + * Update patches/ssl-connection-errors.patch using upstream r2144, thanks to + upstream for noticing. + * cherokee and lighttpd both provide spawn-fcgi, fix that using alternatives + (Closes: 479501): + + add spawn-fcgi.lighttpd.1 shamelessly stolen from cherokee packaging + (thanks Gunnar). + + install spawn-fcgi as spawn-fcgi.lighttpd. + + install master alternatives on spawn-fcgi.lighttpd and + spawn-fcgi.lighttd.1. + + add Conflict against cherokee <= 0.6.1-1. + * Quote "dangerous" bits of conf-available/10-cgi.conf (Closes: 479276). + + -- Pierre Habouzit Tue, 06 May 2008 20:01:37 +0200 + +lighttpd (1.4.19-2) unstable; urgency=low + + * Add patches/ssl-connection-errors.patch for CVE-2008-1531 + (Closes: 475438). + * Test for /var/cache/lighttpd/compress in lighttpd.cron.daily to avoid + spurious errors for uninstalled and not purged lighttpd's + (Closes: 472175). + + * Add handling of /var/cache/lighttpd/uploads (Closes: 408521): + + add it in lighttpd.dirs. + + add it as a server.upload-dirs in lighttpd.conf. + + purge it daily in lighttpd.cron.daily. + + * Fix typo in lighttpd.preinst causing failure to update 05-auth symlink + properly (Closes: 472119). + + * init.d: stopping an already stopped lighttpd, or starting an already + running one should not fail (Closes: 472122). + + * Use $HTTP["remoteip"] =~ "127.0.0.1" in configuration snipplets so that it + works when ipv6 is enabled by default too (Closes: 473510). + + * Use perl to detect if the host has ipv6, and generate the server.use-ipv6 + snipplet on the fly instead of forcing it to true (Closes: 473053). + + -- Pierre Habouzit Sun, 13 Apr 2008 13:20:40 +0200 + +lighttpd (1.4.19-1~bpo40+1) etch-backports; urgency=low + + * Rebuild for etch-backports. + + -- Pierre Habouzit Thu, 20 Mar 2008 00:41:49 +0100 + +lighttpd (1.4.19-1) unstable; urgency=low + + * New upstream release. + + * debian/control: + + add Build-Depends upon quilt, remove dpatch. + + Bump Standards-Version to 3.7.3 (no changes required). + + Move Homepage pseudo-headers as real headers. + + * debian/patches: + + migrate to quilt. + + remove 05_fdevent_fix.patch (merged upstream). + + remove 06_mod_cgi_vuln_fix.patch (merged upstream). + + refresh the rest of the series. + + * debian/lighty-enable-mod: + + Reindent and remove trailing spaces. + + don't fail to remove a module that is already removed. + Patch from Michal Čihař (Closes: 448682). + + Allow full stops in module names (Closes: 462199). + + * debian/lighttpd.conf: + + enable ipv6 by default (Closes: 448054). + + remove mod_status stanza, create conf-available/10-status.conf with it. + + * debian/lighttpd.cron.daily: new file, cleanup compressed cache. + Thanks to Michal Čihař (Closes: 445224). + + * be sure mod_auth is loaded first (Closes: 419176): + + add debian/lighttpd.preinst to rename 10-auth.conf into 05-auth.conf + automagically (when it's a sane thing to do). + + Document all that in NEWS.Debian. + + debian/lighttpd.install: add 10-status.conf and 05-auth.conf. + + * debian/lighttpd.postinst: + + chmod'ing /var/cache/lighttpd recursively is useless and too long. Just + chmod the base directory, content is likely to be only created by + lighty anyways. (Closes: 468297). + + * debian/init.d: + + Add $remote_fs and $network (instead of networking) to + Required-{Start,Stop}. + + Add fam to Should-{Start,Stop} (Closes: 461180). + + * debian/lighttpd.links: add symlinks on lighty-* so that lighttpd-* + commands exists as well (Closes: 435131). + + -- Pierre Habouzit Sun, 16 Mar 2008 12:01:41 +0100 + +lighttpd (1.4.19-0ubuntu3) hardy; urgency=low + + * SECURITY UPDATE: (LP: #209627) + + debian/patches/92_CVE-2008-1531.dpatch + - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial + of service (active SSL connection loss) by triggering an SSL error, + such as disconnecting before a download has finished, which causes + all active SSL connections to be lost. + * References + + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531 + + http://trac.lighttpd.net/trac/changeset/2136 + + http://trac.lighttpd.net/trac/changeset/2139 + + -- Emanuele Gentili Sun, 06 Apr 2008 00:09:12 +0200 + +lighttpd (1.4.19-0ubuntu2) hardy; urgency=low + + * debian/rules: (LP: #174289) + - set DEB_UPDATE_RCD_PARAMS to "defaults 91 09" to not start lighty before + apache2 but in the same runlevel with the same priority + + -- Stephan Hermann Mon, 17 Mar 2008 16:50:10 +0100 + +lighttpd (1.4.19-0ubuntu1) hardy; urgency=low + + * New upstream release (LP: #201439) + For Changes please read the NEWS file + All security patches we have in 1.4.18 of hardy are included now upstream + * debian/patches/*: All changes introduced by this patches are now applied + upstream + - Dropped 90_CVE-2008-1111.dpatch + - Dropped 91_CVE-2008-1270.dpatch + - Dropped 90_maxfds_crash_fix.dpatch + - Dropped 03_ldap_leak_bugfix.dpatch + - Dropped 04_ldap_build_filter_fix.dpatch + - Dropped 90_accept_ranges_fix.dpatch + * debian/lighttpd.conf: (From Debian) + - Move the aliases on /doc/ and /images/ mandated by policy at the end to + circumvent #445459. + * debian/rules: (From Debian) + - Remove spurious mkdir in debian/rules (Closes: dbts 448160). + * debian/conf-available/10-rrdtool: (From Debian) + - Add sample configuration for the mod_rrdtool (Closes: dbts 462907). + * debian/lighttpd.install: + - Install 10-rrdtool + * debian/patches/ldap-deprecated.dpatch: + - Force use of deprecated ldap interfaces (Closes: dbts 463368), + thanks to Dann Frazier (patches/ldap-deprecated.dpatch). + * Bumped Standards Version to 3.7.3, Bumbed Compat to 6, adjusted build-dep + of debhelper accordingly + + -- Stephan Hermann Wed, 12 Mar 2008 15:52:09 +0100 + +lighttpd (1.4.18-4) unstable; urgency=high + + * The “I HATE DPATCH”-release. + * Add patches for real as dpatch-edit-patch is stupid enough for not doing + it by itself (Closes: 463368, 469307). + + -- Pierre Habouzit Tue, 11 Mar 2008 10:07:35 +0100 + +lighttpd (1.4.18-3) unstable; urgency=high + + * Force use of deprecated ldap interfaces (Closes: 463368), + thanks to Dann Frazier (patches/ldap-deprecated.dpatch). + * Add sample configuration for the mod_rrdtool (Closes: 462907). + * add patches/06_mod_cgi_vuln_fix.dpatch to fix CVE-2008-1111 + (Closes: 469307). + * Remove spurious mkdir in debian/rules (Closes: 448160). + * Bump urgency for RC bug fixes. + + -- Pierre Habouzit Sat, 08 Mar 2008 17:30:03 +0100 + +lighttpd (1.4.18-2) unstable; urgency=high + + * Move the aliases on /doc/ and /images/ mandated by policy at the end to + circumvent #445459. + * Add patches/05_fdevent_fix.dpatch to fix possible remote DoS + (Closes: 466663). + * bump urgency for security fix. + + -- Pierre Habouzit Wed, 27 Feb 2008 16:56:16 +0100 + +lighttpd (1.4.18-1ubuntu6) hardy; urgency=low + + * SECURITY UPDATE: (LP: #200987) + + debian/patches/91_CVE-2008-1270.dpatch + - mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, + uses a default of $HOME, which might allow remote attackers to read arbitrary + files, as demonstrated by accessing the ~nobody directory. + * References + + CVE-2008-1270 + + http://trac.lighttpd.net/trac/ticket/1587 + + http://trac.lighttpd.net/trac/changeset/2120 + + -- Emanuele Gentili Tue, 11 Mar 2008 14:16:48 +0100 + +lighttpd (1.4.18-1ubuntu5) hardy; urgency=low + + * debian/patches/90-CVE-2008-1111.dpatch: + - Fixes CVE-2008-1111 + "mod_cgi in lighttpd 1.4.18, when a fork failure occurs, sends the source + code of CGI scripts instead of a 500 error, which might allow remote attackers + to obtain sensitive information." + Upstream Patch: http://trac.lighttpd.net/trac/changeset/2107 + + -- Stephan Hermann Wed, 05 Mar 2008 14:04:43 +0100 + +lighttpd (1.4.18-1ubuntu4) hardy; urgency=low + + * debian/patches/90_accept_ranges_fix.dpatch: + - Fixes a problem serving PDF files or other files who are in need of no + Accept-Ranges header (http://trac.lighttpd.net/trac/ticket/541) + (Patch: http://trac.lighttpd.net/trac/changeset/2090) + * debian/index.html: + - replaced all occurances of debian with ubuntu (LP: #115565) + + -- Stephan Hermann Mon, 03 Mar 2008 17:38:33 +0100 + +lighttpd (1.4.18-1ubuntu3) hardy; urgency=low + + * debian/patches/90_maxfds_crash_fix.dpatch: + - added patch from upstream to fix the maxfds issue + - See: http://trac.lighttpd.net/trac/ticket/1562 + + -- Stephan Hermann Mon, 25 Feb 2008 11:51:57 +0100 + +lighttpd (1.4.18-1ubuntu2) hardy; urgency=low + + * Rebuild against libldap2.4-2 + + -- Emmet Hikory Thu, 24 Jan 2008 22:02:20 +0900 + +lighttpd (1.4.18-1ubuntu1) gutsy; urgency=low + + * Merge from Debian unstable, remaining changes: + - Update maintainer field in debian/control. + - Build against libgamin-dev rather than libfam-dev (fixes a warning + during startup) + - Make sure that upgrades succeed, even if we can't restart lighttpd. + - Clean environment in init.d script. + + -- Soren Hansen Wed, 12 Sep 2007 14:02:31 +0200 + +lighttpd (1.4.18-1) unstable; urgency=low + + * New upstream release, fixes CVE-2007-4727 (closes: #441787) + * lighttpd-angel is installed but not used yet + + -- Krzysztof Krzyzaniak (eloy) Tue, 11 Sep 2007 12:45:11 +0200 + +lighttpd (1.4.17-1ubuntu1) gutsy; urgency=low + + * Merge from Debian unstable, remaining changes: + - Update maintainer field in debian/control. + - Build against libgamin-dev rather than libfam-dev (fixes a warning + during startup) + - Make sure that upgrades succeed, even if we can't restart lighttpd. + - Clean environment in init.d script. + + -- Soren Hansen Wed, 05 Sep 2007 09:30:15 +0200 + +lighttpd (1.4.17-1) unstable; urgency=low + + * New upstream release + * patches/05_mysql_autoreconnect.dpatch - dropped, fixed in upstream + + -- Krzysztof Krzyzaniak (eloy) Tue, 04 Sep 2007 12:19:01 +0200 + +lighttpd (1.4.16-5~bpo40+2) etch-backports; urgency=low + + * Rebuild in an etch chroot *doh*. + + -- Pierre Habouzit Tue, 28 Aug 2007 11:37:38 +0200 + +lighttpd (1.4.16-5~bpo40+1) etch-backports; urgency=low + + * Rebuild for Etch backports. + + -- Pierre Habouzit Fri, 24 Aug 2007 10:12:10 +0200 + +lighttpd (1.4.16-5) unstable; urgency=low + + * debian/control: Drop conflict with gamin as it appears it was not the + issue. (Closes: #438058). For real this time. + + -- Pierre Habouzit Sun, 19 Aug 2007 12:22:32 +0200 + +lighttpd (1.4.16-4) unstable; urgency=low + + * debian/control: Drop conflict with gamin as it appears it was not the + issue. (Closes: #438058). + * src/mod_mysql_vhost.c: Enable mysql auto-connect mode, as it's not default + in mysql 5.x anymore. (Closes: #428677). + + -- Pierre Habouzit Sat, 18 Aug 2007 10:27:22 +0200 + +lighttpd (1.4.16-3) unstable; urgency=high + + * Urgency set to high due to RC bug fix. + * debian/lighttpd.logrotate: fix stupid typo (closes: #437341). + * debian/control: add Conflict against gamin, to avoid #437307. + + -- Pierre Habouzit Wed, 15 Aug 2007 09:46:48 +0200 + +lighttpd (1.4.16-2) unstable; urgency=low + + * patches/04_ldap_build_filter_fix.dpatch: add patch from Peter Colberg to + fix first LDAP search that fails because of the filter being + uninitialized. (closes: #419661) + * Enable fam support (closes: #407820): + + debian/rules: add --enable-fam configure flag. + + debian/control: add libfam-dev to Build-Depends, and also wrap + build-dependencies to make diff more understandable. + * Enable support for kerberos (with openssl): + + debian/rules; add --enable-kerberos5 configure flag. + + debian/control: add libkrb5-dev to the Build-Depends. + * lighttpd.logrotate: redirect stderr to /dev/null as well to prevent + defunct processes (presumably due to full unread pipes/buffers) + (closes: #419992). + * debian/control: replace lighttpd dependency on perl with + libterm-readline-perl-perl as Readline.pm is needed for lighty-enable-mod + (closes: #435077). + * debian/control: + + Add myself to uploaders (closes: #401575). + + Drop Recommands on php5-cgi, there is absolutely no reason to have it, + or we would have to recommend ruby, python, lua, perl, .... and every + $language on earth to be fair. (closes: #435587). + * debian/conf-available/10-webdav.conf: add default configuration for webdav. + (closes: #406641). + * debian/conf-enabled: remove directory, it is already installed through + lighttpd.dirs. + * lighttpd.postinst, lighttpd.postrm, init.d: be sure there is a + /var/run/lighttpd owned by www-data:www-data, helpful to store locks and + things like that. + + -- Pierre Habouzit Fri, 03 Aug 2007 10:06:15 +0200 + +lighttpd (1.4.16-2ubuntu2) gutsy; urgency=low + + * Build against libgamin-dev rather than libfam-dev (fixes a warning during + startup about mismatched sizes of a data type). + + -- Soren Hansen Thu, 23 Aug 2007 19:51:08 +0200 + +lighttpd (1.4.16-1ubuntu1) gutsy; urgency=low + + * Merge from Debian unstable, remaining changes: + - Add fam/gamin stat cache engine support. + - Replace Depends: on perl with Depends: on libterm-readline-perl-perl. + - Make sure that upgrades succeed, even if we can't restart lighttpd. + - Clean environment in init.d script. + - Update maintainer field in debian/control. + + -- Michele Angrisano Sat, 28 Jul 2007 20:33:22 +0200 + +lighttpd (1.4.16-1) unstable; urgency=low + + * New upstream release (closes: #434546) + * Acknowledge NMU by Pierre Habouzit for CVE-2007-2841 (closes: #428368) + * Added static-file.exclude-extensions section to lighttpd.conf (closes: #408374) + * Fixed description of conf-available/10-fastcgi.conf (closes: #430469) + * Added mod_extforward to debian/lighttpd.install (closes: #434717) + * config.guess taken from upstream (closes: #419664) + * turn on compression (closes: #397514) + * debian/control: XS-Vcs-Svn header added + + -- Krzysztof Krzyzaniak (eloy) Fri, 27 Jul 2007 10:32:51 +0200 + +lighttpd (1.4.15-1.1ubuntu1) gutsy; urgency=low + + * Merge from Debian unstable, remaining changes: + - Add fam/gamin stat cache engine support. + - Replace Depends: on perl with Depends: on libterm-readline-perl-perl. + - Make sure that upgrades succeed, even if we can't restart lighttpd. + - Clean environment in init.d script. + - Update maintainer field in debian/control. + + -- Michele Angrisano Sat, 21 Jul 2007 01:40:36 +0200 + +lighttpd (1.4.15-1.1) unstable; urgency=low + + * Non-maintainer upload. + * add patches/04_wrapping_headers_bugfix.dpatch to fix crash with wrapping + headers (Closes: 428368). + + -- Pierre Habouzit Fri, 20 Jul 2007 11:04:07 +0200 + +lighttpd (1.4.15-1ubuntu1) gutsy; urgency=low + + * Merge from Debian unstable. Remaining Ubuntu changes: + - Add fam/gamin stat cache engine support + - Clean environment in init.d script + - Replace Depends: on perl with Depends: on libterm-readline-perl-perl + - Make sure that upgrades succeed, even if we can't restart lighttpd + - DebianMaintainerField update + + -- Soren Hansen Tue, 1 May 2007 13:15:59 +0200 + +lighttpd (1.4.15-1) unstable; urgency=low + + * New upstream release (closes: #419131) + * 01_mod_fastcgi_missing_cleanup.dpatch is now in upstream so it's removed from + patches + * 04_pidfile_bugfix.dpatch is now in upstream so it's removed from patches + + -- Krzysztof Krzyzaniak (eloy) Fri, 06 Apr 2007 11:24:54 +0200 + +lighttpd (1.4.13-10) unstable; urgency=medium + + * 03_ldap_leak_bugfix.dpatch added from yann@pleiades.fr.eu.org (Yann Rouillard) + (closes: #413917) + * Lowered priority of index.lighttpd.html (closes: #397492) + * We don't need now check md5 sum of index.html since we provide our own + index.lighttpd.html (closes: #407794) + * 04_pidfile_bugfix.dpatch by Chris Webb added - some fixes + with graceful restart + + -- Krzysztof Krzyzaniak (eloy) Thu, 8 Mar 2007 22:18:42 +0100 + +lighttpd (1.4.13-9ubuntu4) feisty; urgency=low + + * Added LDAP connection leak fix from Debian (Bug: #413917) + - debian/patches/03_ldap_leak_bugfix.dpatch + * Added security fixes from 1.4.14 (Closes LP: #106416) + - Remote DOS in CRLF parsing (CVE-2007-1869) + debian/patches/04_security_crlf_parsing_dos.dpatch + - DOS with files with mtime 0 (CVE-2007-1870) + debian/patches/05_security_zero_mtime_crash.dpatch + + -- Lukas Fittl Sat, 14 Apr 2007 05:26:10 +0200 + +lighttpd (1.4.13-9ubuntu3) feisty; urgency=low + + * Make sure that upgrades succeed, even if we can't restart lighttpd + (LP: #86882) + + -- Soren Hansen Thu, 29 Mar 2007 01:10:06 +0200 + +lighttpd (1.4.13-9ubuntu2) feisty; urgency=low + + * Add fam/gamin stat cache engine support (Closes: LP#80818) + + -- Soren Hansen Mon, 19 Feb 2007 13:09:19 +0100 + +lighttpd (1.4.13-9ubuntu1) feisty; urgency=low + + * Merge from Debian unstable. Remaining Ubuntu changes: + - Clean environment in init.d script + - Replace Depends: on perl with Depends: on libterm-readline-perl-perl + + -- Adrien Cunin Sat, 13 Jan 2007 21:38:05 +0100 + +lighttpd (1.4.13-9) unstable; urgency=low + + * debian/lighttpd.default - removed, it is not ready yet. We'll back after + etch release (closes: #406021) + * debian/index.html.md5 - fixed path to file (full path to index.html) + + -- Krzysztof Krzyzaniak (eloy) Tue, 2 Jan 2007 14:24:42 +0100 + +lighttpd (1.4.13-8) unstable; urgency=medium + + * Typo fixed in debian/lighttpd.postinst (closes: #405123) + + -- Krzysztof Krzyzaniak (eloy) Tue, 2 Jan 2007 13:23:25 +0100 + +lighttpd (1.4.13-7ubuntu1) feisty; urgency=low + + * Merge from debian unstable, remaining changes: + - Clean environment in init.d script + - Replace Depends: on perl with Depends: on libterm-readline-perl-perl + + -- Soren Hansen Sat, 30 Dec 2006 16:22:11 +0100 + +lighttpd (1.4.13-7) unstable; urgency=low + + [ Franz Pletz ] + * debian/conf-available/10-cgi.conf: + + match /cgi-bin/ only at the beginning of a path + + convert match for host == localhost to remoteip == 127.0.0.1 like in + lighttpd.conf; due to bugs in mod_alias, the cgi-bin, doc and images + aliases didn't work anymore + * debian/lighttpd.logrotate + + use reload instead of force-reload for graceful restart + (closes: #398169, #380080) + * added debian/patches/01_mod_fastcgi_missing_cleanup.dpatch + + source: http://trac.lighttpd.net/trac/ticket/910 + + fixes memleak in mod_fastcgi (closes: #400167) + * added debian/patches/02_fastcgi_detach.dpatch + + disconnect stderr/stdout from the terminal (closes: #368670) + + point them either to errorlog or /dev/null + * debian/control: added myself to Uploaders + * Don't touch /var/www/index.html, create /var/www/index.lighttpd.html + instead (closes: #397492) + + debian/lighttpd.postinst: copy to /var/www/index.lighttpd.html + + debian/lighttpd.conf: add index.lighttpd.html as first index-filename + + [ Krzysztof Krzyzaniak (eloy) ] + * Typo fixed in index.html (closes: #403620) + + -- Franz Pletz Fri, 8 Dec 2006 16:15:27 +0100 + +lighttpd (1.4.13-6ubuntu3) feisty; urgency=low + + * Fix typo in init-script + + -- Soren Hansen Wed, 13 Dec 2006 11:52:54 +0100 + +lighttpd (1.4.13-6ubuntu2) feisty; urgency=low + + * Clean the environment before starting. Fixes: LP#53840 + + -- Soren Hansen Sun, 10 Dec 2006 16:18:55 +0100 + +lighttpd (1.4.13-6ubuntu1) feisty; urgency=low + + * Merge from debian unstable, remaining changes: + - Replace Depends: on perl with Depends: on libterm-readline-perl-perl + + -- Soren Hansen Fri, 8 Dec 2006 14:40:42 +0100 + +lighttpd (1.4.13-6) unstable; urgency=low + + * debian/lighttpd.postinst: change only permission for /var/log/lighttpd/ + + -- Krzysztof Krzyzaniak (eloy) Mon, 4 Dec 2006 16:34:11 +0100 + +lighttpd (1.4.13-5) unstable; urgency=low + + * debian/control: + + perl added to dependencies (closes: #396629) + * debian/conf-available/10-fastcgi.conf: + + /usr/bin/php4-cgi changed to /usr/bin/php-cgi (closes: #397142) + * debian/lighttpd.postinst: fix permission of /var/log/lighttpd + (closes: #398834) + * debian/lighty-enable-mod - fixed bug with undefined values (closes: #397493) + + -- Krzysztof Krzyzaniak (eloy) Thu, 9 Nov 2006 12:18:25 +0100 + +lighttpd (1.4.13-4) unstable; urgency=low + + * fixed config file for logrotote (reload action changed to force-reload) + + -- Krzysztof Krzyzaniak (eloy) Thu, 26 Oct 2006 11:36:13 +0200 + +lighttpd (1.4.13-3) unstable; urgency=low + + * debian/control: libxml2-dev added to Build-Depends (closes: #394882) + + -- Krzysztof Krzyzaniak (eloy) Tue, 24 Oct 2006 13:31:27 +0200 + +lighttpd (1.4.13-2) unstable; urgency=medium + + * Patch from Pierre Habouzit to init.d applied + (closes: #380080) + * Patch from Adrian Friendli to lighttpd.conf applied + (closes: #392890) + + -- Krzysztof Krzyzaniak (eloy) Mon, 16 Oct 2006 11:14:28 +0200 + +lighttpd (1.4.13-1) unstable; urgency=low + + * New upstream release + * mod_webdav as separate lighttpd-mod-webdav package + * Compiled with --with-webdav-locks, added uuid-dev to Build-Depends + + -- Krzysztof Krzyzaniak (eloy) Tue, 10 Oct 2006 10:26:54 +0200 + +lighttpd (1.4.13~r1385-1) unstable; urgency=low + + * New upstream release + + -- Krzysztof Krzyzaniak (eloy) Mon, 9 Oct 2006 10:28:32 +0200 + +lighttpd (1.4.13~r1370-1ubuntu1) edgy; urgency=low + + * Merge from Debian unstable (Closes: Malone #64900). Remaining changes: + - Add an additional dependency on libterm-readline-perl-perl + (Malone #43895) + + -- Lukas Fittl Tue, 10 Oct 2006 13:57:38 +0200 + +lighttpd (1.4.13~r1370-1) unstable; urgency=low + + * New upstream release (closes: #390877) (closes: #389911) + * Compiled with --with-attr param (closes: #389712) + * dropped 01-lua5.1.dpatch, issue fixed by upstream + + -- Krzysztof Krzyzaniak (eloy) Thu, 5 Oct 2006 10:08:19 +0200 + +lighttpd (1.4.12-1) unstable; urgency=low + + * New upstream release + * fixes in debian/lighttpd.install (closes: #377802) + * mod_cml is deprecated from now on and it will be removed in 1.5.0 + mod_magnet provides the same functionality and more with a + cleaner syntax and in a more generic form + * added separate module for mod_magnet (closes: #389578) + * changed dependency from lua-5.0 to lua-5.1 + * added patch patches/01-lua5.1.dpatch + * added pkg-config to Build-Depends + + -- Krzysztof Krzyzaniak (eloy) Tue, 12 Sep 2006 19:17:41 +0200 + +lighttpd (1.4.12~20060907-1ubuntu1) edgy; urgency=low + + * Merge from debian unstable: + -> Keep the additional dependency on libterm-readline-perl-perl. + + -- Jeremie Corbier Fri, 22 Sep 2006 19:16:08 -0700 + +lighttpd (1.4.12~20060907-1) unstable; urgency=low + + * New upstream release + * Removed debian/patches/01_use_bin_sh.dpatch - fixed in upstream + + -- Krzysztof Krzyzaniak (eloy) Thu, 7 Sep 2006 14:50:47 +0200 + +lighttpd (1.4.12~20060901-1) unstable; urgency=low + + * New upstream release + * Removed debian/patches/02_ssl_fix.dpatch - it's now fixed in upstream + + -- Krzysztof Krzyzaniak (eloy) Mon, 4 Sep 2006 11:07:42 +0200 + +lighttpd (1.4.11-8) UNRELEASED; urgency=low + + * debian/lighttpd.dirs: + + usr/lib/cgi-bin added + * debian/conf-available/10-cgi.conf + + proper configuration for localhost as well (again Bug#345554) + * debian/lighttpd.conf: + + server.bind commented out as in default configuration (closes: #380267) + * debian/patches/02_ssl_fix.dpatch - added fix for ssl connection with POST + request (http://trac.lighttpd.net/trac/ticket/607), thanks to + RISKO Gergely (closes: #381455) + * debian/lighttpd.logrotate - some values changes (now rotate weekly + and keep 12 logfiles) + + -- Krzysztof Krzyzaniak (eloy) Mon, 28 Aug 2006 13:06:25 +0200 + +lighttpd (1.4.11-7ubuntu1) edgy; urgency=low + + * Merge from debian unstable: + -> Restore B-D on libmemcache-dev. + -> Keep the additional dependency on libterm-readline-perl-perl. + * debian/patches: + -> Add 02_mod_ssl_post_fix.dpatch: fix a stall with POST requests between + 8317 and 16381 bytes long when mod_ssl is enabled. + + -- Jeremie Corbier Thu, 17 Aug 2006 13:07:50 +0200 + +lighttpd (1.4.11-7) unstable; urgency=low + + * debian/create-mime.assign.pl - catchup error when /etc/mime.types is not + readable (closes: #375347) + + -- Krzysztof Krzyzaniak (eloy) Tue, 27 Jun 2006 20:19:57 +0200 + +lighttpd (1.4.11-6) unstable; urgency=low + + * debian/control: + - Recommends: Changed to alternative: php4-cgi | php5-cgi (closes: #368215) + * include-conf-enabled.pl script changed according to patch from + Tobias Gruetzmacher (closes: #368352) + * debian/lighttpd.conf: removed global for local aliases (/images/, /doc/) + (closes: #366801) + + -- Krzysztof Krzyzaniak (eloy) Tue, 23 May 2006 16:48:36 +0200 + +lighttpd (1.4.11-5) unstable; urgency=low + + * debian/init.d: + - --oknodo added to section "stop" to close finally #35979 + - --retry 30 added to section "reload", to prevents problems with + logrotating (closes: #366366) + * debian/control: + Standards-Version: increased to 3.7.2 without additional changes + + -- Krzysztof Krzyzaniak (eloy) Wed, 10 May 2006 14:26:04 +0200 + +lighttpd (1.4.11-4) unstable; urgency=low + + [ Krzysztof Krzyzaniak (eloy) ] + * debian/init.d: + - "exit 1" after failed actions removed (closes: #359792) + * debian/conf-available/10-fastcgi.conf updated (closes: #362827) + thanks to Joerg Rieger + + [ Torsten Marek ] + * Change my email address to shlomme@debian.org + * Remove --background from the start action, since it + breaks the error checking of start-stop-daemon. + The behaviour described in #355865 is not reproducable + any more. + * make reload action in initscript more well-behaved + + -- Torsten Marek Sun, 9 Apr 2006 15:51:51 +0200 + +lighttpd (1.4.11-3ubuntu3) dapper; urgency=low + + * debian/control + + Added depends on libterm-readline-perl-perl. (Closes: Malone #43895) + + -- Chuck Short Wed, 10 May 2006 18:11:24 -0400 + +lighttpd (1.4.11-3ubuntu2) dapper; urgency=low + + * Rebuild against the new libmysqlclient15off with correct symbols. + + -- Adam Conrad Thu, 6 Apr 2006 15:10:02 +1000 + +lighttpd (1.4.11-3ubuntu1) dapper; urgency=low + + * Sync with Debian: + + Removed B-D on libmemcache-dev as we don't have it in dapper, needs to be + re-enabled for dapper+1 + + -- Sebastian Dröge Mon, 27 Mar 2006 13:52:44 +0200 + +lighttpd (1.4.11-3) unstable; urgency=low + + * debian/lighttpd.conf - added dir-listing.encoding = "utf-8", suggested + by Silvestre Zabala (closes: #359100) + * debian/lighttpd.install - fix bug with installing *.conf files + + -- Krzysztof Krzyzaniak (eloy) Mon, 27 Mar 2006 09:50:55 +0200 + +lighttpd (1.4.11-2) unstable; urgency=low + + * Provide debian/conf-available/10-ssl.conf, (closes: #355868) + + -- Krzysztof Krzyzaniak (eloy) Fri, 24 Mar 2006 13:53:54 +0100 + +lighttpd (1.4.11-1) unstable; urgency=low + + * New upstream release (closes: #356496) + * init.d script - added --background to "start" (thanks goes to + Marcello Nuccio ) (closes: #355865) + + -- Krzysztof Krzyzaniak (eloy) Fri, 10 Mar 2006 09:51:10 +0100 + +lighttpd (1.4.10-6) unstable; urgency=low + + * Patch from on lighty-enable-mod + (closes: #355773) + + -- Krzysztof Krzyzaniak (eloy) Wed, 8 Mar 2006 11:17:07 +0100 + +lighttpd (1.4.10-5) unstable; urgency=low + + [ Krzysztof Krzyzaniak (eloy) ] + * debian/control - libmysqlclient14-dev have to be removede because is not + available in debian/sid + + [ Torsten Marek ] + * debian/rules - build with support for LUA, libmemcache and GDBM + * debian/lighttpd.install - install mod_evasive into lighttpd package + * debian/control - own packages for mod_trigger_b4_dl and mod_cml + * debian/control - small fixes + * debian/conf-available/10-ssi.conf - comment out link to web documentation + + -- Torsten Marek Mon, 6 Mar 2006 12:07:29 +0100 + +lighttpd (1.4.10-4) unstable; urgency=low + + * bugfix release + * Fixed bug with 10-fastcgi.conf, (closes: #353964) + + -- Krzysztof Krzyzaniak (eloy) Thu, 23 Feb 2006 16:14:42 +0100 + +lighttpd (1.4.10-3) unstable; urgency=low + + * lighttpd.conf - changed configuration for /images/ & /doc/ handling + + -- Krzysztof Krzyzaniak (eloy) Tue, 14 Feb 2006 09:57:15 +0100 + +lighttpd (1.4.10-2) unstable; urgency=low + + * debian/control - libmysqlclient14-dev added as alternative (will be easier for + backports.org) + * lighty-enable-mod script fixed - files with dash were skipped, thanks + to Silvester Zabala for patch (closes: #352577) + * install doc/lighttpd.conf as example (closes: #344961) + + -- Krzysztof Krzyzaniak (eloy) Mon, 13 Feb 2006 12:58:54 +0100 + +lighttpd (1.4.10-1) unstable; urgency=low + + * New upstream release + + -- Krzysztof Krzyzaniak (eloy) Wed, 8 Feb 2006 16:02:16 +0100 + +lighttpd (1.4.9-5) unstable; urgency=low + + * Properly fixed bug with overwritting index.html (closes: #349676) + + -- Krzysztof Krzyzaniak (eloy) Mon, 30 Jan 2006 10:17:57 +0100 + +lighttpd (1.4.9-4) unstable; urgency=low + + [ Krzysztof Krzyzaniak (eloy) ] + * Fixed bug with 10-userdir.conf, (closes: #349821) + * index.html is not replaced when md5 string desn't match (closes: #349676) + + -- Krzysztof Krzyzaniak (eloy) Wed, 25 Jan 2006 16:33:34 +0100 + +lighttpd (1.4.9-3) unstable; urgency=low + + [ Torsten Marek ] + * Added some configuration examples from upstream sample + configuration + * Implement "reload" init.d action with graceful restart, + taken from http://trac.lighttpd.net/trac/ticket/267 (Closes: #346038) + * ssi, auth, fastcgi, proxy and simple-vhost are now in separte + config files + * Put path to plugin documentation into every config snippet + * Build against libmysqlclient15 + + -- Torsten Marek Sat, 21 Jan 2006 15:16:01 +0100 + +lighttpd (1.4.9-2) unstable; urgency=low + + [ Krzysztof Krzyzaniak (eloy) ] + * mod_alias enabled by default - removed conf-avaiable/00-alias.conf + * Added handling of http://localhost/doc/ & http://localhost/images/ + (closes: #348823) + + -- Krzysztof Krzyzaniak (eloy) Thu, 19 Jan 2006 12:39:04 +0100 + +lighttpd (1.4.9-1) unstable; urgency=low + + * New upstream release + * Closing bug from not uploaded release 1.4.8-5, (closes: #347737) + + -- Krzysztof Krzyzaniak (eloy) Mon, 16 Jan 2006 20:06:39 +0100 + +lighttpd (1.4.8-5) unstable; urgency=low + + * create /var/www directory (closes: #347737), default /var/www/index.html + added (based on apache2 index.html file). + + -- Krzysztof Krzyzaniak (eloy) Thu, 12 Jan 2006 16:54:32 +0100 + +lighttpd (1.4.8-4) unstable; urgency=low + + * fixed permissions and directories (closes: #347565) + + -- Krzysztof Krzyzaniak (eloy) Wed, 11 Jan 2006 17:15:12 +0100 + +lighttpd (1.4.8-3) unstable; urgency=low + + * New configuration layout (closes: #345554) (closes: #344959), + read /etc/lighttpd/conf-available/README + - conf-available directory for all templates + - conf-enabled directory for enabled modules + + -- Krzysztof Krzyzaniak (eloy) Mon, 9 Jan 2006 13:49:34 +0100 + +lighttpd (1.4.8-2) unstable; urgency=low + + [ Krzysztof Krzyzaniak (eloy) ] + * debian/control: lsb-base dependency narrowed to (>= 3.0-3) + * create-mime.assign.pl set as executable (closes: #344938) + + -- Krzysztof Krzyzaniak (eloy) Wed, 28 Dec 2005 12:40:55 +0100 + +lighttpd (1.4.8-1) unstable; urgency=low + + * New upstream version (closes: #304271) + * Does not rely on $SHELL to execute external commands + + -- Torsten Marek Sat, 26 Nov 2005 11:48:51 +0100 + +lighttpd (1.4.7-1) unstable; urgency=low + + * New upstream version, Initial debian version + * Better debian/rules file + * Split mysql vhost module into separate package + * Create separate package for documentation + * Create a better init script + + -- Torsten Marek Sat, 5 Nov 2005 18:56:53 +0100 + --- lighttpd-1.4.19.orig/debian/control +++ lighttpd-1.4.19/debian/control @@ -0,0 +1,105 @@ +Source: lighttpd +Section: web +Priority: optional +Maintainer: Ubuntu MOTU Developers +XSBC-Original-Maintainer: Debian lighttpd maintainers +Uploaders: Krzysztof Krzyzaniak (eloy) , + Torsten Marek , Franz Pletz , + Pierre Habouzit +Homepage: http://www.lighttpd.net +Build-Depends: debhelper (>= 6.0.0), cdbs, mime-support, libssl-dev, + zlib1g-dev, libbz2-dev, libattr1-dev, libpcre3-dev, libmysqlclient15-dev, + libgamin-dev, libldap2-dev, libfcgi-dev, libgdbm-dev, libmemcache-dev, + liblua5.1-0-dev, quilt, patchutils, pkg-config, uuid-dev, libsqlite3-dev, + libxml2-dev, libkrb5-dev, perl +XS-Vcs-Svn: svn://svn.debian.org/pkg-lighttpd/lighttpd/trunk +Standards-Version: 3.7.3 + +Package: lighttpd +Homepage: http://www.lighttpd.net +Architecture: any +Depends: ${shlibs:Depends}, lsb-base (>= 3.2-14), mime-support, libterm-readline-perl-perl +Provides: httpd, httpd-cgi +Suggests: openssl, rrdtool, apache2-utils, ufw +Conflicts: cherokee (<= 0.6.1-1) +Description: A fast webserver with minimal memory footprint + lighttpd is a small webserver and fast webserver developed with + security in mind and a lot of features. + It has support for + * CGI, FastCGI and SSI + * virtual hosts + * URL rewriting + * authentication (plain files, htpasswd, ldap) + * transparent content compression + * conditional configuration + and configuration is straight-forward and easy. + +Package: lighttpd-doc +Homepage: http://www.lighttpd.net +Architecture: all +Section: doc +Suggests: lighttpd +Description: Documentation for lighttpd + This package contains all documentation files for lighttpd. + +Package: lighttpd-mod-mysql-vhost +Homepage: http://www.lighttpd.net +Architecture: any +Depends: lighttpd (= ${binary:Version}), ${shlibs:Depends} +Description: MySQL-based virtual host configuration for lighttpd + This package contains the myqsl_vhost module for lighttpd. With + this module, it is possible to write the configuration for virtual + hosts into a MySQL table instead of including it in the lighttpd + configuration file. + +Package: lighttpd-mod-trigger-b4-dl +Homepage: http://www.lighttpd.net +Architecture: any +Depends: lighttpd (= ${binary:Version}), ${shlibs:Depends} +Replaces: lighttpd (<< 1.4.10-5) +Recommends: memcached +Description: Anti-deep-linking module for lighttpd + The trigger-b4-dl module for lighttpd can prevent deep linking + from other sites by requiring users to visit a trigger URL to + be able to download certain files. + +Package: lighttpd-mod-cml +Homepage: http://www.lighttpd.net +Architecture: any +Depends: lighttpd (= ${binary:Version}), ${shlibs:Depends} +Recommends: memcached +Description: Cache meta language module for lighttpd + With the cache meta language, it is possible to describe to the + dependencies of a cached file to its source files/scripts. For the + cache files, the scripting language LUA is used. + . + THIS MODULE IS OBSOLETED AND WILL BE REMOVED IN LIGHTTPD 1.5. + USE mod_magnet INSTEAD. + +Package: lighttpd-mod-magnet +Homepage: http://www.lighttpd.net +Architecture: any +Depends: lighttpd (= ${binary:Version}), ${shlibs:Depends} +Description: Control the request handling module for lighttpd + mod_magnet can attract a request in several stages in the request-handling. + either at the same level as mod_rewrite, before any parsing of the URL is done + or at a later stage, when the doc-root is known and the physical-path is + already setup + +Package: lighttpd-mod-webdav +Homepage: http://www.lighttpd.net +Architecture: any +Depends: lighttpd (= ${binary:Version}), ${shlibs:Depends} +Description: WebDAV module for lighttpd + The WebDAV module is a very minimalistic implementation of RFC 2518. + Minimalistic means that not all operations are implemented yet. + . + Currently supports: + GET + POST + HEAD + PROPFIND + OPTIONS + MKCOL + DELETE + PUT --- lighttpd-1.4.19.orig/debian/lighttpd-mod-cml.install +++ lighttpd-1.4.19/debian/lighttpd-mod-cml.install @@ -0,0 +1,2 @@ +debian/tmp/usr/lib/lighttpd/mod_cml.so +debian/conf-available/10-cml.conf etc/lighttpd/conf-available --- lighttpd-1.4.19.orig/debian/lighttpd.links +++ lighttpd-1.4.19/debian/lighttpd.links @@ -0,0 +1,6 @@ +usr/sbin/lighty-enable-mod usr/sbin/lighty-disable-mod +usr/sbin/lighty-enable-mod usr/sbin/lighttpd-enable-mod +usr/sbin/lighty-enable-mod usr/sbin/lighttpd-disable-mod +usr/share/man/man1/lighty-enable-mod.1.gz usr/share/man/man1/lighty-disable-mod.1.gz +usr/share/man/man1/lighty-enable-mod.1.gz usr/share/man/man1/lighttpd-disable-mod.1.gz +usr/share/man/man1/lighty-enable-mod.1.gz usr/share/man/man1/lighttpd-enable-mod.1.gz --- lighttpd-1.4.19.orig/debian/lighttpd.preinst +++ lighttpd-1.4.19/debian/lighttpd.preinst @@ -0,0 +1,35 @@ +#! /bin/sh -e +# preinst script for lighttpd + +CA=/etc/lighttpd/conf-available +CE=/etc/lighttpd/conf-enabled + +if test -f "$CA/10-auth.conf"; then + if test -f "$CA/05-auth.conf"; then + echo 1>&2 "Not touching conf-available/10-auth.conf because conf-available/05-auth.conf exists !!!" + echo 1>&2 "Please read /usr/share/doc/lighttpd/NEWS.Debian" + else + echo "Renaming conf-available/10-auth.conf into conf-available/05-auth.conf" + mv "$CA/10-auth.conf" "$CA/05-auth.conf" + fi +fi + +if test -f "$CE/10-auth.conf"; then + if test -f "$CE/05-auth.conf"; then + echo 1>&2 "Not touching conf-enabled/10-auth.conf because conf-enabled/05-auth.conf exists !!!" + echo 1>&2 "Please read /usr/share/doc/lighttpd/NEWS.Debian" + else + if test -h "$CE/10-auth.conf" && test "$(readlink -m "$CE/10-auth.conf")" = "$CA/10-auth.conf"; then + echo "Updating conf-enabled symlink to 05-auth.conf accordingly" + ln -s -f "../conf-available/05-auth.conf" "$CE/05-auth.conf" + fi + if test -f "$CE/10-auth.conf"; then + echo "Renaming conf-enabled/10-auth.conf into conf-enabled/05-auth.conf" + mv "$CE/10-auth.conf" "$CE/05-auth.conf" + fi + fi +fi + +#DEBHELPER# + +exit 0 --- lighttpd-1.4.19.orig/debian/watch +++ lighttpd-1.4.19/debian/watch @@ -0,0 +1,2 @@ +version=3 +http://www.lighttpd.net/download/lighttpd-(.*)\.tar\.gz --- lighttpd-1.4.19.orig/debian/lighttpd.prerm +++ lighttpd-1.4.19/debian/lighttpd.prerm @@ -0,0 +1,9 @@ +#!/bin/sh -e + +if test "$1" != "upgrade"; then + update-alternatives --remove spawn-fcgi /usr/bin/spawn-fcgi.lighttpd +fi + +#DEBHELPER# + +exit 0 --- lighttpd-1.4.19.orig/debian/lighttpd.postinst +++ lighttpd-1.4.19/debian/lighttpd.postinst @@ -0,0 +1,24 @@ +#! /bin/sh -e +# postinst script for lighttpd + +if [ "$1" = "configure" ]; then + if [ ! -r /var/www/index.lighttpd.html ]; + then + cp /usr/share/lighttpd/index.html /var/www/index.lighttpd.html + fi + mkdir -p /var/run/lighttpd > /dev/null 2> /dev/null + chown www-data:www-data /var/log/lighttpd /var/run/lighttpd + chown www-data:www-data /var/cache/lighttpd /var/cache/lighttpd/compress /var/cache/lighttpd/uploads + chmod 0750 /var/log/lighttpd /var/run/lighttpd + +fi + +update-alternatives \ + --install /usr/bin/spawn-fcgi \ + spawn-fcgi /usr/bin/spawn-fcgi.lighttpd 20 \ + --slave /usr/share/man/man1/spawn-fcgi.1.gz \ + spawn-fcgi.1.gz /usr/share/man/man1/spawn-fcgi.lighttpd.1.gz + +#DEBHELPER# + +exit 0 --- lighttpd-1.4.19.orig/debian/create-mime.assign.pl +++ lighttpd-1.4.19/debian/create-mime.assign.pl @@ -0,0 +1,20 @@ +#!/usr/bin/perl -w +use strict; +open MIMETYPES, "/etc/mime.types" or exit; +print "mimetype.assign = (\n"; +my %extensions; +while() { + chomp; + s/\#.*//; + next if /^\w*$/; + if(/^([a-z0-9\/+-.]+)\s+((?:[a-z0-9.+-]+[ ]?)+)$/) { + foreach(split / /, $2) { + # mime.types can have same extension for different + # mime types + next if $extensions{$_}; + $extensions{$_} = 1; + print "\".$_\" => \"$1\",\n"; + } + } +} +print ")\n"; --- lighttpd-1.4.19.orig/debian/NEWS +++ lighttpd-1.4.19/debian/NEWS @@ -0,0 +1,20 @@ +lighttpd (1.4.19-1) unstable; urgency=low + + Lighttpd must load mod_auth first, else some other modules may not work + properly (See #419176). For this reason, mod_status configuration has been + moved out from lighttpd.conf and put in conf-available/10-status.conf. + + Also the files 10-auth.conf are automatically renamed by the lighttpd + package (provided that a sane environment is met) into 05-auth.conf, and + symlinks (if they exists) are also updated properly. + + This is done to ensure that auth.conf is loaded first. If during your + lighttpd upgrade you read: + + Not touching .../10-auth.conf because .../05-auth.conf exists !!! + Please read /usr/share/doc/lighttpd/NEWS.Debian + + then you probably have both 10-auth.conf and 05-auth.conf, which is a bad + situation that you should fix. + + -- Pierre Habouzit Sun, 16 Mar 2008 10:56:22 +0100 --- lighttpd-1.4.19.orig/debian/lighttpd-doc.install +++ lighttpd-1.4.19/debian/lighttpd-doc.install @@ -0,0 +1 @@ +doc/*.txt usr/share/doc/lighttpd-doc --- lighttpd-1.4.19.orig/debian/TODO.Debian +++ lighttpd-1.4.19/debian/TODO.Debian @@ -0,0 +1,7 @@ +urgent: +* better package descriptions +* tweak Recommends: and Suggests: + +not-so-urgent: +* create a dirlisting template that slightly advertises Debian + --- lighttpd-1.4.19.orig/debian/lighttpd-mod-webdav.install +++ lighttpd-1.4.19/debian/lighttpd-mod-webdav.install @@ -0,0 +1,2 @@ +debian/tmp/usr/lib/lighttpd/mod_webdav.so +debian/conf-available/10-webdav.conf /etc/lighttpd/conf-available --- lighttpd-1.4.19.orig/debian/index.html +++ lighttpd-1.4.19/debian/index.html @@ -0,0 +1,57 @@ + + + + +Welcome page + + + +
+ +
+

You should replace this page with your own web pages as soon as possible.

+ Unless you changed its configuration, your new server is configured as follows: +
    +
  • Configuration files can be found in /etc/lighttpd. Please read /etc/lighttpd/conf-available/README file.
    • +
  • The DocumentRoot, which is the directory under which all your HTML files should exist, is set to /var/www.
    • +
  • CGI scripts are looked for in /usr/lib/cgi-bin, which is where Ubuntu packages will place their scripts. You can enable cgi module by using command "lighty-enable-mod cgi".
    • +
  • Log files are placed in /var/log/lighttpd, and will be rotated weekly. The frequency of rotation can be easily changed by editing /etc/logrotate.d/lighttpd.
    • +
  • The default directory index is index.html, meaning that requests for a directory /foo/bar/ will give the contents of the file /var/www/foo/bar/index.html if it exists (assuming that /var/www is your DocumentRoot).
    • +
  • You can enable user directories by using command "lighty-enable-mod userdir"
    • +
+

About this page

+

+ This is a placeholder page installed by the Ubuntu release of the Lighttpd server package. +

+

+ This computer has installed the Ubuntu operating system, but it has nothing to do with the Ubuntu Project. Please do not contact the Ubuntu Project about it. +

+

+ If you find a bug in this Lighttpd package, or in Lighttpd itself, please file a bug report on it. Instructions on doing this, and the list of known bugs of this package, can be found in the + Ubuntu Bug Tracking System. +

+

+ Valid XHTML 1.0 Transitional +

+
+
+ + + --- lighttpd-1.4.19.orig/debian/spawn-fcgi.lighttpd.1 +++ lighttpd-1.4.19/debian/spawn-fcgi.lighttpd.1 @@ -0,0 +1,57 @@ +.TH spawn-fcgi 1 +.SH NAME +spawn-fcgi - Spawns FastCGI processes +.SH SYNOPSIS +.B spawn-fcgi +\-f \-a \-p port +. +.B spawn-fcgi +\-s +.SH DESCRIPTION +\fIspawn-fcgi\fP is used to spawn remote FastCGI processes. +.SH OPTIONS +\fIspawn-fcgi\fP accepts the following options: +.TP 8 +.B \-h +General usage instructions +.TP 8 +.B \-f +Filename of the FastCGI application to spawn +.TP 8 +.B \-a +IP address to bind to (for TCP/IP-based IPC) +.TP 8 +.B \-p +TCP port to bind to (for TCP/IP-based IPC) +.TP 8 +.B \-s +Path to the Unix-domain socket to bind to (for Unix sockets-based IPC) +.TP 8 +.B \-C +(PHP only) Number of children to spawn. Defaults to 5. +.TP 8 +.B \-F +Number of children to fork. Defaults to 1. +.TP 8 +.B \-P +Name of the PID file for spawned processes +.TP 8 +.B \-n +No forking should take place (for daemontools) +.TP 8 +.B \-v +Shows version information and exits +.TP 8 +.B \-c +Chroot to specified directory (can only be invoked by root) +.TP 8 +.B \-u +User ID to change to (can only be invoked by root) +.TP 8 +.B \-g +Group ID to change to (can only be invoked by root) +.PP +This program is a part of the Lighttpd web server, \&\fIlighttpd\fR\|(1) +.SH AUTHOR +This manual page was written by Gunnar Wolf , for +the Debian GNU/linux system (but may be used by others). --- lighttpd-1.4.19.orig/debian/lighttpd.postrm +++ lighttpd-1.4.19/debian/lighttpd.postrm @@ -0,0 +1,10 @@ +#!/bin/sh -e +# postrm script for lighttpd + +if [ "$1" = "purge" ]; then + rm -rf /var/log/lighttpd /var/run/lighttpd /var/cache/lighttpd +fi + +#DEBHELPER# + +exit 0 --- lighttpd-1.4.19.orig/debian/lighttpd-mod-magnet.install +++ lighttpd-1.4.19/debian/lighttpd-mod-magnet.install @@ -0,0 +1,2 @@ +debian/tmp/usr/lib/lighttpd/mod_magnet.so +debian/conf-available/10-magnet.conf etc/lighttpd/conf-available --- lighttpd-1.4.19.orig/debian/lighttpd.manpages +++ lighttpd-1.4.19/debian/lighttpd.manpages @@ -0,0 +1,2 @@ +debian/lighty-enable-mod.1 +debian/spawn-fcgi.lighttpd.1 --- lighttpd-1.4.19.orig/debian/include-conf-enabled.pl +++ lighttpd-1.4.19/debian/include-conf-enabled.pl @@ -0,0 +1,15 @@ +#!/usr/bin/perl -wl + +use strict; +use File::Glob ':glob'; + +my $confdir = "/etc/lighttpd/"; +my $enabled = "conf-enabled/*.conf"; + +chdir($confdir); +my @files = bsd_glob($enabled); + +for my $file (@files) +{ + print "include \"$file\""; +} --- lighttpd-1.4.19.orig/debian/lighttpd.logrotate +++ lighttpd-1.4.19/debian/lighttpd.logrotate @@ -0,0 +1,18 @@ +/var/log/lighttpd/*.log { + weekly + missingok + copytruncate + rotate 12 + compress + notifempty + sharedscripts + postrotate + if [ -f /var/run/lighttpd.pid ]; then \ + if [ -x /usr/sbin/invoke-rc.d ]; then \ + invoke-rc.d lighttpd reload > /dev/null 2>&1; \ + else \ + /etc/init.d/lighttpd reload > /dev/null 2>&1; \ + fi; \ + fi; + endscript +} --- lighttpd-1.4.19.orig/debian/lighttpd.examples +++ lighttpd-1.4.19/debian/lighttpd.examples @@ -0,0 +1 @@ +doc/lighttpd.conf --- lighttpd-1.4.19.orig/debian/lighty-enable-mod.1 +++ lighttpd-1.4.19/debian/lighty-enable-mod.1 @@ -0,0 +1,17 @@ +.TH LIGHTYENABLEMOD 1 2006-01-11 +.SH NAME +lighty-enable-mod, lighty-disable-mod \- enable or disable configuration in lighttpd server +.SH SYNOPSIS +lighty-enable-mod [module] +lighty-disable-mod [module] +.SH DESCRIPTION +This manual page documents briefly the lighty-enable-mod and +lighty-disable-mod commands. + +lighty-enable-mod and lighty-disable-mod are programs that enable +(and respectively disable) the specified configuration file within +lighttpd configuration. +.SH SEE ALSO +lighttpd(1) +.SH AUTHOR +eloy@debian.org --- lighttpd-1.4.19.orig/debian/lighttpd-mod-trigger-b4-dl.install +++ lighttpd-1.4.19/debian/lighttpd-mod-trigger-b4-dl.install @@ -0,0 +1,2 @@ +debian/tmp/usr/lib/lighttpd/mod_trigger_b4_dl.so +debian/conf-available/10-trigger-b4-dl.conf etc/lighttpd/conf-available --- lighttpd-1.4.19.orig/debian/lighty-enable-mod +++ lighttpd-1.4.19/debian/lighty-enable-mod @@ -0,0 +1,114 @@ +#!/usr/bin/perl -w +# +# Copyright (c) 2006 Krzysztof Krzyzaniak +# +# Contains changes from: +# - Tobias Gruetzmacher +# +# You may distribute under the terms of either the GNU General Public +# License[1] or the Artistic License[2]. +# +# [1] http://www.gnu.org/licenses/gpl.html +# [2] http://www.perl.com/pub/a/language/misc/Artistic.html +# + +use strict; +use Term::ReadLine; +use File::Basename; +use File::Glob ':glob'; +use File::stat; + +#--- some initializations +my $confdir = "/etc/lighttpd/"; +my %available = (); +my %enabled = (); +my @todo = (); + +my %moduledeps = (); + +my $enabling = 1; + + +#--- first check if we enabling or disabling +if ($0 =~ /disable-mod$/) { + #--- disabling mode + $enabling = 0; +} + +#--- list of available modules +my @files = bsd_glob($confdir.'conf-available/*.conf'); +print "Available modules: "; +foreach my $file (@files) { + if (basename($file) =~ /^\d+\-([\w\-\.]+)\.conf$/) { + $available{$1} = $file; + print qq{$1 }; + } +} +print "\n"; + +#--- list of already enabled modules +@files = bsd_glob($confdir.'conf-enabled/*.conf'); +print "Already enabled modules: "; +foreach my $file (@files) { + if (basename($file) =~ /^\d+\-([\w\-\.]+)\.conf$/) { + $enabled{$1} = $file; + print qq{$1 }; + } +} +print "\n"; + +unless (defined($ARGV[0])) { + my $prompt = $enabling ? 'Enable module: ' : 'Disable module: '; + my $term = new Term::ReadLine $prompt; + my $OUT = $term->OUT || \*STDOUT; + my $var = lc($term->readline($prompt)); + @todo = split(/ /, $var); +} +else { + @todo = @ARGV; +} + + +#--- activate (link) or deactivate (remove) module +foreach my $do (@todo) { + + + if ($enabling) { + next unless defined($available{$do}); + my $target = sprintf("%s/conf-enabled/%s", $confdir,basename($available{$do})); + print qq{Enabling $do: }; + + my $st = stat($target); + unless ( -f $target ) { + if (symlink($available{$do}, $target)) { + print "ok\n"; + } + else { + print "failure: $!\n"; + } + } + else { + print "already enabled\n"; + } + + #--- check dependencies + for my $module (@{$moduledeps{$do}}) + { + unless ( -f $target && -l $target ) + { + print qq{Module $do depends on module $module which is not activated.\n}; + } + } + } + else { + if (defined($enabled{$do})) { + print qq{Disabling $do\n}; + my $target = sprintf("%s/conf-enabled/%s", $confdir,basename($enabled{$do})); + unlink($target); + } else { + print qq{Already disabled $do\n}; + } + } +} + +print "Run /etc/init.d/lighttpd force-reload to enable changes\n"; --- lighttpd-1.4.19.orig/debian/use-ipv6.pl +++ lighttpd-1.4.19/debian/use-ipv6.pl @@ -0,0 +1,8 @@ +#! /usr/bin/perl -w + +use Socket; +my $sock; + +if (socket($sock, AF_INET6, SOCK_STREAM, 0)) { + print "server.use-ipv6 = \"enable\"\n"; +} --- lighttpd-1.4.19.orig/debian/copyright +++ lighttpd-1.4.19/debian/copyright @@ -0,0 +1,70 @@ +This package was debianized by Vincent Wagelaar on +Wed, 24 Mar 2004 08:20:58 +0100. + +It was downloaded from http://www.incremental.de/products/lighttpd/download/ + +Upstream Author: Jan Kneschke + +Copyright: + +Copyright (c) 2004, Jan Kneschke, incremental + All rights reserved. + +You are free to distribute this software under the terms of the BSD License. +On Debian systems, the complete text of the BSD License can be found in +/usr/share/common-licenses/BSD. + +src/fastcgi.h +Copyright (c) 1995-1996 Open Market, Inc + +This FastCGI application library source and object code (the +"Software") and its documentation (the "Documentation") are +copyrighted by Open Market, Inc ("Open Market"). The following terms +apply to all files associated with the Software and Documentation +unless explicitly disclaimed in individual files. + +Open Market permits you to use, copy, modify, distribute, and license +this Software and the Documentation for any purpose, provided that +existing copyright notices are retained in all copies and that this +notice is included verbatim in any distributions. No written +agreement, license, or royalty fee is required for any of the +authorized uses. Modifications to this Software and Documentation may +be copyrighted by their authors and need not follow the licensing +terms described here. If modifications to this Software and +Documentation have new licensing terms, the new terms must be clearly +indicated on the first page of each file where they apply. + +OPEN MARKET MAKES NO EXPRESS OR IMPLIED WARRANTY WITH RESPECT TO THE +SOFTWARE OR THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION ANY +WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. IN +NO EVENT SHALL OPEN MARKET BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY +DAMAGES ARISING FROM OR RELATING TO THIS SOFTWARE OR THE +DOCUMENTATION, INCLUDING, WITHOUT LIMITATION, ANY INDIRECT, SPECIAL OR +CONSEQUENTIAL DAMAGES OR SIMILAR DAMAGES, INCLUDING LOST PROFITS OR +LOST DATA, EVEN IF OPEN MARKET HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. THE SOFTWARE AND DOCUMENTATION ARE PROVIDED "AS IS". +OPEN MARKET HAS NO LIABILITY IN CONTRACT, TORT, NEGLIGENCE OR +OTHERWISE ARISING OUT OF THIS SOFTWARE OR THE DOCUMENTATION. + + +src/md5.h, src/md5.c +Copyright (c) 1991-2, RSA Data Security , Inc. + All rights reserved. + +License to copy and use this software is granted provided that it +is identified as the "RSA Data Security, Inc. MD5 Message-Digest +Algorithm" in all material mentioning or referencing this software +or this function. + +License is also granted to make and use derivative works provided +that such works are identified as "derived from the RSA Data +Security, Inc. MD5 Message-Digest Algorithm" in all material +mentioning or referencing the derived work. + +RSA Data Security, Inc. makes no representations concerning either +the merchantability of this software or the suitability of this +software for any particular purpose. It is provided "as is" +without express or implied warranty of any kind. + +These notices must be retained in any copies of any part of this +documentation and/or software. --- lighttpd-1.4.19.orig/debian/lighttpd.cron.daily +++ lighttpd-1.4.19/debian/lighttpd.cron.daily @@ -0,0 +1,10 @@ +#!/bin/sh +# Cleanup lighttpd compress cache + +cache=/var/cache/lighttpd +if test -d "$cache/compress"; then + su -s /bin/sh -c "find $cache/compress -type f -atime +30 -print0 | xargs -0 -r rm" www-data +fi +if test -d "$cache/uploads"; then + su -s /bin/sh -c "find $cache/uploads -type f -atime +1 -print0 | xargs -0 -r rm" www-data +fi --- lighttpd-1.4.19.orig/debian/lighttpd-mod-mysql-vhost.install +++ lighttpd-1.4.19/debian/lighttpd-mod-mysql-vhost.install @@ -0,0 +1 @@ +debian/tmp/usr/lib/lighttpd/mod_mysql_vhost.so --- lighttpd-1.4.19.orig/debian/init.d +++ lighttpd-1.4.19/debian/init.d @@ -0,0 +1,88 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: lighttpd +# Required-Start: $remote_fs $network +# Required-Stop: $remote_fs $network +# Should-Start: fam +# Should-Stop: fam +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Start the lighttpd web server. +### END INIT INFO + + +PATH=/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/sbin/lighttpd +NAME=lighttpd +DESC="web server" +PIDFILE=/var/run/$NAME.pid +SCRIPTNAME=/etc/init.d/$NAME +ENV="env -i LANG=C PATH=/usr/local/bin:/usr/bin:/bin" +SSD="/sbin/start-stop-daemon" + +DAEMON_OPTS="-f /etc/lighttpd/lighttpd.conf" + +test -x $DAEMON || exit 0 + +set -e + +# be sure there is a /var/run/lighttpd, even with tmpfs +mkdir -p /var/run/lighttpd > /dev/null 2> /dev/null +chown www-data:www-data /var/run/lighttpd +chmod 0750 /var/run/lighttpd + +. /lib/lsb/init-functions + +case "$1" in + start) + log_daemon_msg "Starting $DESC" $NAME + if ! start-stop-daemon --start --quiet --oknodo \ + --pidfile $PIDFILE --exec $DAEMON -- $DAEMON_OPTS + then + log_end_msg 1 + else + log_end_msg 0 + fi + ;; + stop) + log_daemon_msg "Stopping $DESC" $NAME + if start-stop-daemon --quiet --stop --oknodo --retry 30 --oknodo \ + --pidfile $PIDFILE --exec $DAEMON + then + rm -f $PIDFILE + log_end_msg 0 + else + log_end_msg 1 + fi + ;; + reload) + log_daemon_msg "Reloading $DESC configuration" $NAME + if start-stop-daemon --stop --signal 2 --oknodo --retry 30 --oknodo \ + --quiet --pidfile $PIDFILE --exec $DAEMON + then + if start-stop-daemon --start --quiet \ + --pidfile $PIDFILE --exec $DAEMON -- $DAEMON_OPTS ; then + log_end_msg 0 + else + log_end_msg 1 + fi + else + log_end_msg 1 + fi + ;; + restart|force-reload) + $0 stop + test -r $PIDFILE && while pidof lighttpd | \ + grep -q `cat $PIDFILE 2>/dev/null` 2>/dev/null ; do sleep 1; done + $0 start + ;; + status) + status_of_proc -p "$PIDFILE" "$DAEMON" lighttpd && exit 0 || exit $? + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload|status}" >&2 + exit 1 + ;; +esac + +exit 0 --- lighttpd-1.4.19.orig/debian/lighttpd.install +++ lighttpd-1.4.19/debian/lighttpd.install @@ -0,0 +1,47 @@ +debian/tmp/usr/bin/* +debian/tmp/usr/sbin/* +debian/tmp/usr/share/man/* +debian/tmp/usr/lib/lighttpd/mod_access.so +debian/tmp/usr/lib/lighttpd/mod_accesslog.so +debian/tmp/usr/lib/lighttpd/mod_alias.so +debian/tmp/usr/lib/lighttpd/mod_auth.so +debian/tmp/usr/lib/lighttpd/mod_cgi.so +debian/tmp/usr/lib/lighttpd/mod_compress.so +debian/tmp/usr/lib/lighttpd/mod_dirlisting.so +debian/tmp/usr/lib/lighttpd/mod_evasive.so +debian/tmp/usr/lib/lighttpd/mod_evhost.so +debian/tmp/usr/lib/lighttpd/mod_expire.so +debian/tmp/usr/lib/lighttpd/mod_extforward.so +debian/tmp/usr/lib/lighttpd/mod_fastcgi.so +debian/tmp/usr/lib/lighttpd/mod_flv_streaming.so +debian/tmp/usr/lib/lighttpd/mod_indexfile.so +debian/tmp/usr/lib/lighttpd/mod_proxy.so +debian/tmp/usr/lib/lighttpd/mod_redirect.so +debian/tmp/usr/lib/lighttpd/mod_rewrite.so +debian/tmp/usr/lib/lighttpd/mod_rrdtool.so +debian/tmp/usr/lib/lighttpd/mod_scgi.so +debian/tmp/usr/lib/lighttpd/mod_secdownload.so +debian/tmp/usr/lib/lighttpd/mod_setenv.so +debian/tmp/usr/lib/lighttpd/mod_simple_vhost.so +debian/tmp/usr/lib/lighttpd/mod_ssi.so +debian/tmp/usr/lib/lighttpd/mod_staticfile.so +debian/tmp/usr/lib/lighttpd/mod_status.so +debian/tmp/usr/lib/lighttpd/mod_userdir.so +debian/tmp/usr/lib/lighttpd/mod_usertrack.so +debian/lighttpd.conf /etc/lighttpd +debian/conf-available/05-auth.conf /etc/lighttpd/conf-available +debian/conf-available/10-status.conf /etc/lighttpd/conf-available +debian/conf-available/10-cgi.conf /etc/lighttpd/conf-available +debian/conf-available/10-fastcgi.conf /etc/lighttpd/conf-available +debian/conf-available/10-proxy.conf /etc/lighttpd/conf-available +debian/conf-available/10-rrdtool.conf /etc/lighttpd/conf-available +debian/conf-available/10-simple-vhost.conf /etc/lighttpd/conf-available +debian/conf-available/10-ssi.conf /etc/lighttpd/conf-available +debian/conf-available/10-ssl.conf /etc/lighttpd/conf-available +debian/conf-available/10-userdir.conf /etc/lighttpd/conf-available +debian/conf-available/README /etc/lighttpd/conf-available +debian/create-mime.assign.pl /usr/share/lighttpd/ +debian/include-conf-enabled.pl /usr/share/lighttpd/ +debian/use-ipv6.pl /usr/share/lighttpd/ +debian/lighty-enable-mod /usr/sbin/ +debian/index.html /usr/share/lighttpd/ --- lighttpd-1.4.19.orig/debian/lighttpd.conf +++ lighttpd-1.4.19/debian/lighttpd.conf @@ -0,0 +1,167 @@ +# Debian lighttpd configuration file +# + +############ Options you really have to take care of #################### + +## modules to load +# mod_access, mod_accesslog and mod_alias are loaded by default +# all other module should only be loaded if neccesary +# - saves some time +# - saves memory + +server.modules = ( + "mod_access", + "mod_alias", + "mod_accesslog", + "mod_compress", +# "mod_rewrite", +# "mod_redirect", +# "mod_evhost", +# "mod_usertrack", +# "mod_rrdtool", +# "mod_webdav", +# "mod_expire", +# "mod_flv_streaming", +# "mod_evasive" +) + +## a static document-root, for virtual-hosting take look at the +## server.virtual-* options +server.document-root = "/var/www/" + +## where to upload files to, purged daily. +server.upload-dirs = ( "/var/cache/lighttpd/uploads" ) + +## where to send error-messages to +server.errorlog = "/var/log/lighttpd/error.log" + +## files to check for if .../ is requested +index-file.names = ( "index.php", "index.html", + "index.htm", "default.htm", + "index.lighttpd.html" ) + + +## Use the "Content-Type" extended attribute to obtain mime type if possible +# mimetype.use-xattr = "enable" + +#### accesslog module +accesslog.filename = "/var/log/lighttpd/access.log" + +## deny access the file-extensions +# +# ~ is for backupfiles from vi, emacs, joe, ... +# .inc is often used for code includes which should in general not be part +# of the document-root +url.access-deny = ( "~", ".inc" ) + +## +# which extensions should not be handle via static-file transfer +# +# .php, .pl, .fcgi are most often handled by mod_fastcgi or mod_cgi +static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) + + +######### Options that are good to be but not neccesary to be changed ####### + +## Use ipv6 only if available. +include_shell "/usr/share/lighttpd/use-ipv6.pl" + +## bind to port (default: 80) +# server.port = 81 + +## bind to localhost only (default: all interfaces) +## server.bind = "localhost" + +## error-handler for status 404 +#server.error-handler-404 = "/error-handler.html" +#server.error-handler-404 = "/error-handler.php" + +## to help the rc.scripts +server.pid-file = "/var/run/lighttpd.pid" + +## +## Format: .html +## -> ..../status-404.html for 'File not found' +#server.errorfile-prefix = "/var/www/" + +## virtual directory listings +dir-listing.encoding = "utf-8" +server.dir-listing = "enable" + +## send unhandled HTTP-header headers to error-log +#debug.dump-unknown-headers = "enable" + +### only root can use these options +# +# chroot() to directory (default: no chroot() ) +#server.chroot = "/" + +## change uid to (default: don't care) +server.username = "www-data" + +## change uid to (default: don't care) +server.groupname = "www-data" + +#### compress module +compress.cache-dir = "/var/cache/lighttpd/compress/" +compress.filetype = ("text/plain", "text/html", "application/x-javascript", "text/css") + + +#### url handling modules (rewrite, redirect, access) +# url.rewrite = ( "^/$" => "/server-status" ) +# url.redirect = ( "^/wishlist/(.+)" => "http://www.123.org/$1" ) + +# +# define a pattern for the host url finding +# %% => % sign +# %0 => domain name + tld +# %1 => tld +# %2 => domain name without tld +# %3 => subdomain 1 name +# %4 => subdomain 2 name +# +# evhost.path-pattern = "/home/storage/dev/www/%3/htdocs/" + +#### expire module +# expire.url = ( "/buggy/" => "access 2 hours", "/asdhas/" => "access plus 1 seconds 2 minutes") + +#### rrdtool +# rrdtool.binary = "/usr/bin/rrdtool" +# rrdtool.db-name = "/var/www/lighttpd.rrd" + +#### variable usage: +## variable name without "." is auto prefixed by "var." and becomes "var.bar" +#bar = 1 +#var.mystring = "foo" + +## integer add +#bar += 1 +## string concat, with integer cast as string, result: "www.foo1.com" +#server.name = "www." + mystring + var.bar + ".com" +## array merge +#index-file.names = (foo + ".php") + index-file.names +#index-file.names += (foo + ".php") + + +#### external configuration files +## mimetype mapping +include_shell "/usr/share/lighttpd/create-mime.assign.pl" + +## load enabled configuration files, +## read /etc/lighttpd/conf-available/README first +include_shell "/usr/share/lighttpd/include-conf-enabled.pl" + +#### handle Debian Policy Manual, Section 11.5. urls +## by default allow them only from localhost +## (This must come last due to #445459) +## Note: =~ "127.0.0.1" works with ipv6 enabled, whereas == "127.0.0.1" doesn't +$HTTP["remoteip"] =~ "127.0.0.1" { + alias.url += ( + "/doc/" => "/usr/share/doc/", + "/images/" => "/usr/share/images/" + ) + $HTTP["url"] =~ "^/doc/|^/images/" { + dir-listing.activate = "enable" + } +} + --- lighttpd-1.4.19.orig/debian/compat +++ lighttpd-1.4.19/debian/compat @@ -0,0 +1 @@ +6 --- lighttpd-1.4.19.orig/debian/patches/lighttpd-1.4.x_userdir_lowercase.patch +++ lighttpd-1.4.19/debian/patches/lighttpd-1.4.x_userdir_lowercase.patch @@ -0,0 +1,38 @@ +--- src/mod_userdir.c.orig ++++ src/mod_userdir.c +@@ -262,6 +262,9 @@ + return HANDLER_GO_ON; + } + } ++ if (con->conf.force_lowercase_filenames) { ++ buffer_to_lower(p->username); ++ } + + buffer_copy_string_buffer(p->temp_path, p->conf.basepath); + BUFFER_APPEND_SLASH(p->temp_path); +@@ -284,8 +287,24 @@ + } + } + ++ /* the physical rel_path is basically the same as uri.path; ++ * but it is converted to lowercase in case of force_lowercase_filenames and some special handling ++ * for trailing '.', ' ' and '/' on windows ++ * we assume that no docroot/physical handler changed this ++ * (docroot should only set the docroot/server name, phyiscal should only change the phyiscal.path; ++ * the exception mod_secure_download doesn't work with userdir anyway) ++ */ + BUFFER_APPEND_SLASH(p->temp_path); +- buffer_append_string(p->temp_path, rel_url + 1); /* skip the / */ ++ /* if no second '/' is found, we assume that it was stripped from the uri.path for the special handling ++ * on windows. ++ * we do not care about the trailing slash here on windows, as we already ensured it is a directory ++ * ++ * TODO: what to do with trailing dots in usernames on windows? they may result in the same directory ++ * as a username without them. ++ */ ++ if (NULL != (rel_url = strchr(con->physical.rel_path->ptr + 2, '/'))) { ++ buffer_append_string(p->temp_path, rel_url + 1); /* skip the / */ ++ } + buffer_copy_string_buffer(con->physical.path, p->temp_path); + + buffer_reset(p->temp_path); --- lighttpd-1.4.19.orig/debian/patches/series +++ lighttpd-1.4.19/debian/patches/series @@ -0,0 +1,8 @@ +fastcgi_detach.patch +ldap_leak_bugfix.patch +ldap_build_filter_fix.patch +ldap-deprecated.patch +ssl-connection-errors.patch +lighttpd-1.4.x_request_header_memleak.patch -p0 +lighttpd-1.4.x_userdir_lowercase.patch -p0 +lighttpd-1.4.x_rewrite_redirect_decode_url.patch -p0 --- lighttpd-1.4.19.orig/debian/patches/ldap-deprecated.patch +++ lighttpd-1.4.19/debian/patches/ldap-deprecated.patch @@ -0,0 +1,12 @@ +Author: Pierre Habouzit + +--- pkg.orig/src/http_auth.h ++++ pkg/src/http_auth.h +@@ -6,6 +6,7 @@ + + #if defined(HAVE_LDAP_H) && defined(HAVE_LBER_H) && defined(HAVE_LIBLDAP) && defined(HAVE_LIBLBER) + # define USE_LDAP ++# define LDAP_DEPRECATED 1 + # include + #endif + --- lighttpd-1.4.19.orig/debian/patches/lighttpd-1.4.x_rewrite_redirect_decode_url.patch +++ lighttpd-1.4.19/debian/patches/lighttpd-1.4.x_rewrite_redirect_decode_url.patch @@ -0,0 +1,122 @@ +--- src/mod_rewrite.c.orig ++++ src/mod_rewrite.c +@@ -350,7 +350,11 @@ + + if (!p->conf.rewrite) return HANDLER_GO_ON; + +- buffer_copy_string_buffer(p->match_buf, con->request.uri); ++ buffer_copy_string_buffer(p->match_buf, con->uri.path); ++ if (con->uri.query->used > 0) { ++ buffer_append_string_len(p->match_buf, CONST_STR_LEN("?")); ++ buffer_append_string_buffer(p->match_buf, con->uri.query); ++ } + + for (i = 0; i < p->conf.rewrite->used; i++) { + pcre *match; +--- src/response.c.orig ++++ src/response.c +@@ -224,27 +224,6 @@ + } + + +- /** +- * +- * call plugins +- * +- * - based on the raw URL +- * +- */ +- +- switch(r = plugins_call_handle_uri_raw(srv, con)) { +- case HANDLER_GO_ON: +- break; +- case HANDLER_FINISHED: +- case HANDLER_COMEBACK: +- case HANDLER_WAIT_FOR_EVENT: +- case HANDLER_ERROR: +- return r; +- default: +- log_error_write(srv, __FILE__, __LINE__, "sd", "handle_uri_raw: unknown return value", r); +- break; +- } +- + /* build filename + * + * - decode url-encodings (e.g. %20 -> ' ') +@@ -252,7 +231,6 @@ + */ + + +- + if (con->request.http_method == HTTP_METHOD_OPTIONS && + con->uri.path_raw->ptr[0] == '*' && con->uri.path_raw->ptr[1] == '\0') { + /* OPTIONS * ... */ +@@ -268,6 +246,28 @@ + log_error_write(srv, __FILE__, __LINE__, "sb", "URI-path : ", con->uri.path); + } + ++ ++ /** ++ * ++ * call plugins ++ * ++ * - based on the raw URL ++ * ++ */ ++ ++ switch(r = plugins_call_handle_uri_raw(srv, con)) { ++ case HANDLER_GO_ON: ++ break; ++ case HANDLER_FINISHED: ++ case HANDLER_COMEBACK: ++ case HANDLER_WAIT_FOR_EVENT: ++ case HANDLER_ERROR: ++ return r; ++ default: ++ log_error_write(srv, __FILE__, __LINE__, "sd", "handle_uri_raw: unknown return value", r); ++ break; ++ } ++ + /** + * + * call plugins +--- tests/mod-rewrite.t.orig ++++ tests/mod-rewrite.t +@@ -8,7 +8,7 @@ + + use strict; + use IO::Socket; +-use Test::More tests => 5; ++use Test::More tests => 4; + use LightyTest; + + my $tf = LightyTest->new(); +@@ -44,5 +44,13 @@ + $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200, 'HTTP-Content' => 'bar&a=b' } ]; + ok($tf->handle_http($t) == 0, 'valid request'); + ++ $t->{REQUEST} = ( <{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200, 'HTTP-Content' => 'a=b' } ]; ++ ok($tf->handle_http($t) == 0, 'valid request with url encoded characters'); ++ + ok($tf->stop_proc == 0, "Stopping lighttpd"); + } +--- src/mod_redirect.c.orig ++++ src/mod_redirect.c +@@ -178,7 +178,11 @@ + + mod_redirect_patch_connection(srv, con, p); + +- buffer_copy_string_buffer(p->match_buf, con->request.uri); ++ buffer_copy_string_buffer(p->match_buf, con->uri.path); ++ if (con->uri.query->used > 0) { ++ buffer_append_string_len(p->match_buf, CONST_STR_LEN("?")); ++ buffer_append_string_buffer(p->match_buf, con->uri.query); ++ } + + for (i = 0; i < p->conf.redirect->used; i++) { + pcre *match; --- lighttpd-1.4.19.orig/debian/patches/ldap_build_filter_fix.patch +++ lighttpd-1.4.19/debian/patches/ldap_build_filter_fix.patch @@ -0,0 +1,17 @@ +Author: Peter Colberg + +--- pkg.orig/src/http_auth.c ++++ pkg/src/http_auth.c +@@ -748,6 +748,12 @@ + LDAP_SUCCESS != (ret = ldap_search_s(p->conf.ldap->ldap, p->conf.auth_ldap_basedn->ptr, LDAP_SCOPE_SUBTREE, p->ldap_filter->ptr, attrs, 0, &lm))) { + if (auth_ldap_init(srv, &p->conf) != HANDLER_GO_ON) + return -1; ++ ++ /* build filter */ ++ buffer_copy_string_buffer(p->ldap_filter, p->conf.ldap->ldap_filter_pre); ++ buffer_append_string_buffer(p->ldap_filter, username); ++ buffer_append_string_buffer(p->ldap_filter, p->conf.ldap->ldap_filter_post); ++ + if (LDAP_SUCCESS != (ret = ldap_search_s(p->conf.ldap->ldap, p->conf.auth_ldap_basedn->ptr, LDAP_SCOPE_SUBTREE, p->ldap_filter->ptr, attrs, 0, &lm))) { + + log_error_write(srv, __FILE__, __LINE__, "sssb", --- lighttpd-1.4.19.orig/debian/patches/fastcgi_detach.patch +++ lighttpd-1.4.19/debian/patches/fastcgi_detach.patch @@ -0,0 +1,29 @@ +Author: + +--- pkg.orig/src/mod_fastcgi.c ++++ pkg/src/mod_fastcgi.c +@@ -937,6 +937,24 @@ + close(fcgi_fd); + } + ++ close(STDERR_FILENO); ++ if(srv->errorlog_mode == ERRORLOG_FILE) ++ dup2(srv->errorlog_fd, STDERR_FILENO); ++ else { ++ int fd = open("/dev/null", O_RDWR); ++ dup2(fd, STDERR_FILENO); ++ close(fd); ++ } ++ ++ close(STDOUT_FILENO); ++ if(srv->errorlog_mode == ERRORLOG_FILE) ++ dup2(srv->errorlog_fd, STDOUT_FILENO); ++ else { ++ int fd = open("/dev/null", O_RDWR); ++ dup2(fd, STDOUT_FILENO); ++ close(fd); ++ } ++ + /* we don't need the client socket */ + for (i = 3; i < 256; i++) { + close(i); --- lighttpd-1.4.19.orig/debian/patches/ssl-connection-errors.patch +++ lighttpd-1.4.19/debian/patches/ssl-connection-errors.patch @@ -0,0 +1,100 @@ +diff -r ade3eead0e8d -r 82c24356bcd0 NEWS +--- a/NEWS Fri Mar 28 16:30:14 2008 +0100 ++++ b/NEWS Fri Mar 28 17:45:28 2008 +0100 +@@ -8,6 +8,7 @@ + * added support for If-Range: (#1346) + * added support for matching $HTTP["scheme"] in configs + * fixed initgroups() called after chroot (#1384) ++ * Fix #285 again: read error after SSL_shutdown (thx marton.illes@balabit.com) and clear the error queue before some other calls + * fixed case-sensitive check for Auth-Method (#1456) + * execute fcgi app without /bin/sh if used as argument to spawn-fcgi (#1428) + * fixed a bug that made /-prefixed extensions being handled also when +diff -r ade3eead0e8d -r 82c24356bcd0 src/connections.c +--- a/src/connections.c Fri Mar 28 16:30:14 2008 +0100 ++++ b/src/connections.c Fri Mar 28 17:45:28 2008 +0100 +@@ -199,6 +199,7 @@ + + /* don't resize the buffer if we were in SSL_ERROR_WANT_* */ + ++ ERR_clear_error(); + do { + if (!con->ssl_error_want_reuse_buffer) { + b = buffer_init(); +@@ -1668,21 +1669,51 @@ + } + #ifdef USE_OPENSSL + if (srv_sock->is_ssl) { +- int ret; ++ int ret, ssl_r; ++ unsigned long err; ++ ERR_clear_error(); + switch ((ret = SSL_shutdown(con->ssl))) { + case 1: + /* ok */ + break; + case 0: +- SSL_shutdown(con->ssl); +- break; ++ ERR_clear_error(); ++ if (-1 != (ret = SSL_shutdown(con->ssl))) break; ++ ++ /* fall through */ + default: +- log_error_write(srv, __FILE__, __LINE__, "sds", "SSL:", +- SSL_get_error(con->ssl, ret), +- ERR_error_string(ERR_get_error(), NULL)); +- return -1; ++ ++ switch ((ssl_r = SSL_get_error(con->ssl, ret))) { ++ case SSL_ERROR_WANT_WRITE: ++ case SSL_ERROR_WANT_READ: ++ break; ++ case SSL_ERROR_SYSCALL: ++ /* perhaps we have error waiting in our error-queue */ ++ if (0 != (err = ERR_get_error())) { ++ do { ++ log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:", ++ ssl_r, ret, ++ ERR_error_string(err, NULL)); ++ } while((err = ERR_get_error())); ++ } else { ++ log_error_write(srv, __FILE__, __LINE__, "sddds", "SSL (error):", ++ ssl_r, ret, errno, ++ strerror(errno)); ++ } ++ ++ break; ++ default: ++ while((err = ERR_get_error())) { ++ log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:", ++ ssl_r, ret, ++ ERR_error_string(err, NULL)); ++ } ++ ++ break; ++ } + } + } ++ ERR_clear_error(); + #endif + + switch(con->mode) { +diff -r ade3eead0e8d -r 82c24356bcd0 src/network_openssl.c +--- a/src/network_openssl.c Fri Mar 28 16:30:14 2008 +0100 ++++ b/src/network_openssl.c Fri Mar 28 17:45:28 2008 +0100 +@@ -85,6 +85,7 @@ + * + */ + ++ ERR_clear_error(); + if ((r = SSL_write(ssl, offset, toSend)) <= 0) { + unsigned long err; + +@@ -187,6 +188,7 @@ + + close(ifd); + ++ ERR_clear_error(); + if ((r = SSL_write(ssl, s, toSend)) <= 0) { + unsigned long err; + --- lighttpd-1.4.19.orig/debian/patches/ldap_leak_bugfix.patch +++ lighttpd-1.4.19/debian/patches/ldap_leak_bugfix.patch @@ -0,0 +1,178 @@ +Author: yann@pleiades.fr.eu.org + +--- pkg.orig/src/http_auth.c ++++ pkg/src/http_auth.c +@@ -738,17 +738,17 @@ + return -1; + + /* build filter */ +- buffer_copy_string_buffer(p->ldap_filter, p->conf.ldap_filter_pre); ++ buffer_copy_string_buffer(p->ldap_filter, p->conf.ldap->ldap_filter_pre); + buffer_append_string_buffer(p->ldap_filter, username); +- buffer_append_string_buffer(p->ldap_filter, p->conf.ldap_filter_post); ++ buffer_append_string_buffer(p->ldap_filter, p->conf.ldap->ldap_filter_post); + + + /* 2. */ +- if (p->conf.ldap == NULL || +- LDAP_SUCCESS != (ret = ldap_search_s(p->conf.ldap, p->conf.auth_ldap_basedn->ptr, LDAP_SCOPE_SUBTREE, p->ldap_filter->ptr, attrs, 0, &lm))) { ++ if (p->conf.ldap->ldap == NULL || ++ LDAP_SUCCESS != (ret = ldap_search_s(p->conf.ldap->ldap, p->conf.auth_ldap_basedn->ptr, LDAP_SCOPE_SUBTREE, p->ldap_filter->ptr, attrs, 0, &lm))) { + if (auth_ldap_init(srv, &p->conf) != HANDLER_GO_ON) + return -1; +- if (LDAP_SUCCESS != (ret = ldap_search_s(p->conf.ldap, p->conf.auth_ldap_basedn->ptr, LDAP_SCOPE_SUBTREE, p->ldap_filter->ptr, attrs, 0, &lm))) { ++ if (LDAP_SUCCESS != (ret = ldap_search_s(p->conf.ldap->ldap, p->conf.auth_ldap_basedn->ptr, LDAP_SCOPE_SUBTREE, p->ldap_filter->ptr, attrs, 0, &lm))) { + + log_error_write(srv, __FILE__, __LINE__, "sssb", + "ldap:", ldap_err2string(ret), "filter:", p->ldap_filter); +@@ -757,7 +757,7 @@ + } + } + +- if (NULL == (first = ldap_first_entry(p->conf.ldap, lm))) { ++ if (NULL == (first = ldap_first_entry(p->conf.ldap->ldap, lm))) { + log_error_write(srv, __FILE__, __LINE__, "s", "ldap ..."); + + ldap_msgfree(lm); +@@ -765,7 +765,7 @@ + return -1; + } + +- if (NULL == (dn = ldap_get_dn(p->conf.ldap, first))) { ++ if (NULL == (dn = ldap_get_dn(p->conf.ldap->ldap, first))) { + log_error_write(srv, __FILE__, __LINE__, "s", "ldap ..."); + + ldap_msgfree(lm); +--- pkg.orig/src/http_auth.h ++++ pkg/src/http_auth.h +@@ -17,6 +17,15 @@ + AUTH_BACKEND_HTDIGEST + } auth_backend_t; + ++#ifdef USE_LDAP ++typedef struct { ++ LDAP *ldap; ++ ++ buffer *ldap_filter_pre; ++ buffer *ldap_filter_post; ++} ldap_plugin_config; ++#endif ++ + typedef struct { + /* auth */ + array *auth_require; +@@ -44,13 +53,12 @@ + auth_backend_t auth_backend; + + #ifdef USE_LDAP +- LDAP *ldap; +- +- buffer *ldap_filter_pre; +- buffer *ldap_filter_post; ++ ldap_plugin_config *ldap; + #endif + } mod_auth_plugin_config; + ++ ++ + typedef struct { + PLUGIN_DATA; + buffer *tmp_buf; +--- pkg.orig/src/mod_auth.c ++++ pkg/src/mod_auth.c +@@ -77,10 +77,11 @@ + buffer_free(s->auth_ldap_cafile); + + #ifdef USE_LDAP +- buffer_free(s->ldap_filter_pre); +- buffer_free(s->ldap_filter_post); ++ buffer_free(s->ldap->ldap_filter_pre); ++ buffer_free(s->ldap->ldap_filter_post); + +- if (s->ldap) ldap_unbind_s(s->ldap); ++ if (s->ldap->ldap) ldap_unbind_s(s->ldap->ldap); ++ free (s->ldap); + #endif + + free(s); +@@ -116,8 +117,6 @@ + PATCH(auth_ldap_allow_empty_pw); + #ifdef USE_LDAP + PATCH(ldap); +- PATCH(ldap_filter_pre); +- PATCH(ldap_filter_post); + #endif + + /* skip the first, the global context */ +@@ -150,8 +149,6 @@ + PATCH(auth_ldap_hostname); + #ifdef USE_LDAP + PATCH(ldap); +- PATCH(ldap_filter_pre); +- PATCH(ldap_filter_post); + #endif + } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.ldap.base-dn"))) { + PATCH(auth_ldap_basedn); +@@ -349,9 +346,10 @@ + s->auth_require = array_init(); + + #ifdef USE_LDAP +- s->ldap_filter_pre = buffer_init(); +- s->ldap_filter_post = buffer_init(); +- s->ldap = NULL; ++ s->ldap = malloc (sizeof(ldap_plugin_config)); ++ s->ldap->ldap_filter_pre = buffer_init(); ++ s->ldap->ldap_filter_post = buffer_init(); ++ s->ldap->ldap = NULL; + #endif + + cv[0].destination = s->auth_backend_conf; +@@ -539,19 +537,19 @@ + return HANDLER_ERROR; + } + +- buffer_copy_string_len(s->ldap_filter_pre, s->auth_ldap_filter->ptr, dollar - s->auth_ldap_filter->ptr); +- buffer_copy_string(s->ldap_filter_post, dollar+1); ++ buffer_copy_string_len(s->ldap->ldap_filter_pre, s->auth_ldap_filter->ptr, dollar - s->auth_ldap_filter->ptr); ++ buffer_copy_string(s->ldap->ldap_filter_post, dollar+1); + } + + if (s->auth_ldap_hostname->used) { +- if (NULL == (s->ldap = ldap_init(s->auth_ldap_hostname->ptr, LDAP_PORT))) { ++ if (NULL == (s->ldap->ldap = ldap_init(s->auth_ldap_hostname->ptr, LDAP_PORT))) { + log_error_write(srv, __FILE__, __LINE__, "ss", "ldap ...", strerror(errno)); + + return HANDLER_ERROR; + } + + ret = LDAP_VERSION3; +- if (LDAP_OPT_SUCCESS != (ret = ldap_set_option(s->ldap, LDAP_OPT_PROTOCOL_VERSION, &ret))) { ++ if (LDAP_OPT_SUCCESS != (ret = ldap_set_option(s->ldap->ldap, LDAP_OPT_PROTOCOL_VERSION, &ret))) { + log_error_write(srv, __FILE__, __LINE__, "ss", "ldap:", ldap_err2string(ret)); + + return HANDLER_ERROR; +@@ -570,7 +568,7 @@ + } + } + +- if (LDAP_OPT_SUCCESS != (ret = ldap_start_tls_s(s->ldap, NULL, NULL))) { ++ if (LDAP_OPT_SUCCESS != (ret = ldap_start_tls_s(s->ldap->ldap, NULL, NULL))) { + log_error_write(srv, __FILE__, __LINE__, "ss", "ldap startTLS failed:", ldap_err2string(ret)); + + return HANDLER_ERROR; +@@ -580,13 +578,13 @@ + + /* 1. */ + if (s->auth_ldap_binddn->used) { +- if (LDAP_SUCCESS != (ret = ldap_simple_bind_s(s->ldap, s->auth_ldap_binddn->ptr, s->auth_ldap_bindpw->ptr))) { ++ if (LDAP_SUCCESS != (ret = ldap_simple_bind_s(s->ldap->ldap, s->auth_ldap_binddn->ptr, s->auth_ldap_bindpw->ptr))) { + log_error_write(srv, __FILE__, __LINE__, "ss", "ldap:", ldap_err2string(ret)); + + return HANDLER_ERROR; + } + } else { +- if (LDAP_SUCCESS != (ret = ldap_simple_bind_s(s->ldap, NULL, NULL))) { ++ if (LDAP_SUCCESS != (ret = ldap_simple_bind_s(s->ldap->ldap, NULL, NULL))) { + log_error_write(srv, __FILE__, __LINE__, "ss", "ldap:", ldap_err2string(ret)); + + return HANDLER_ERROR; --- lighttpd-1.4.19.orig/debian/patches/lighttpd-1.4.x_request_header_memleak.patch +++ lighttpd-1.4.19/debian/patches/lighttpd-1.4.x_request_header_memleak.patch @@ -0,0 +1,50 @@ +--- src/request.c.orig ++++ src/request.c +@@ -825,6 +825,7 @@ + "request-header:\n", + con->request.request); + } ++ array_insert_unique(con->request.headers, (data_unset *)ds); + return 0; + } + +@@ -874,6 +875,7 @@ + "request-header:\n", + con->request.request); + } ++ array_insert_unique(con->request.headers, (data_unset *)ds); + return 0; + } + } else if (cmp > 0 && 0 == (cmp = buffer_caseless_compare(CONST_BUF_LEN(ds->key), CONST_STR_LEN("Expect")))) { +@@ -911,6 +913,7 @@ + "request-header:\n", + con->request.request); + } ++ array_insert_unique(con->request.headers, (data_unset *)ds); + return 0; + } + } else if (cmp > 0 && 0 == (cmp = buffer_caseless_compare(CONST_BUF_LEN(ds->key), CONST_STR_LEN("If-Modified-Since")))) { +@@ -936,6 +939,7 @@ + "request-header:\n", + con->request.request); + } ++ array_insert_unique(con->request.headers, (data_unset *)ds); + return 0; + } + } else if (cmp > 0 && 0 == (cmp = buffer_caseless_compare(CONST_BUF_LEN(ds->key), CONST_STR_LEN("If-None-Match")))) { +@@ -953,6 +957,7 @@ + "request-header:\n", + con->request.request); + } ++ array_insert_unique(con->request.headers, (data_unset *)ds); + return 0; + } + } else if (cmp > 0 && 0 == (cmp = buffer_caseless_compare(CONST_BUF_LEN(ds->key), CONST_STR_LEN("Range")))) { +@@ -976,6 +981,7 @@ + "request-header:\n", + con->request.request); + } ++ array_insert_unique(con->request.headers, (data_unset *)ds); + return 0; + } + } --- lighttpd-1.4.19.orig/debian/conf-available/10-ssi.conf +++ lighttpd-1.4.19/debian/conf-available/10-ssi.conf @@ -0,0 +1,10 @@ +## Server-Side Include implements simple preprocessing of +## HTML files compatible to Apache SSI. +## +## Documentation: /usr/share/doc/lighttpd-doc/ssi.txt +## http://www.lighttpd.net/documentation/ssi.html + +server.modules += ( "mod_ssi" ) + +## The extension of the files which should be preprocessed (mostly .shtml) +ssi.extension = ( ".shtml" ) --- lighttpd-1.4.19.orig/debian/conf-available/10-fastcgi.conf +++ lighttpd-1.4.19/debian/conf-available/10-fastcgi.conf @@ -0,0 +1,26 @@ +## FastCGI programs have the same functionality as CGI programs, +## but are considerably faster through lower interpreter startup +## time and socketed communication +## +## Documentation: /usr/share/doc/lighttpd-doc/fastcgi.txt.gz +## http://www.lighttpd.net/documentation/fastcgi.html + +server.modules += ( "mod_fastcgi" ) + +## Start an FastCGI server for php (needs the php5-cgi package) +fastcgi.server = ( ".php" => + (( + "bin-path" => "/usr/bin/php-cgi", + "socket" => "/tmp/php.socket", + "max-procs" => 2, + "idle-timeout" => 20, + "bin-environment" => ( + "PHP_FCGI_CHILDREN" => "4", + "PHP_FCGI_MAX_REQUESTS" => "10000" + ), + "bin-copy-environment" => ( + "PATH", "SHELL", "USER" + ), + "broken-scriptfilename" => "enable" + )) +) --- lighttpd-1.4.19.orig/debian/conf-available/10-trigger-b4-dl.conf +++ lighttpd-1.4.19/debian/conf-available/10-trigger-b4-dl.conf @@ -0,0 +1,23 @@ +## A module to prevent deep-linking from other sites. +## +## Documentation: /usr/share/doc/lighttpd-doc/trigger-b4-dl.html +## http://www.lighttpd.net/documentation/trigger-b4-dl.txt + +server.modules += ( "mod_trigger_b4_dl" ) + +## guarded download URL, direct access is denied +#trigger-before-download.download-url = "^/download/" + +## trigger URL to allow downloads from +#trigger-before-download.trigger-url = "^/trigger/" + +## if access to a file is denied, the user is redirected to this URL +#trigger-before-download.deny-url = "/var/www/deny.html" + +## access to granted for seconds after the trigger +#trigger-before-download.trigger-timeout = 10 + +## storage of trigger information. If both destinations are provided, +## the GDBM file takes precedence. +#trigger-before-download.gdbm-filename = "/var/www/data/trigger.db" +#trigger-before-download.memcache-hosts = ( "127.0.0.1:11211" ) --- lighttpd-1.4.19.orig/debian/conf-available/10-status.conf +++ lighttpd-1.4.19/debian/conf-available/10-status.conf @@ -0,0 +1,19 @@ +## mod_status generates the status overview of the webserver. +## +## Documentation: /usr/share/doc/lighttpd-doc/status.txt +## http://trac.lighttpd.net/trac/wiki/Docs%3AModStatus + +server.modules += ( "mod_status" ) + +## relative URL which is used to retrieve the status-page +status.status-url = "/server-status" + +## relative URL for the config page which displays the loaded modules +# status.config-url = "/server-config" + +## relative URL for a plain-text page containing the internal statistics +# status.statistics-url = "/server-statistics" + +## add JavaScript which allows client-side sorting for the connection overview +## default: enable +# status.enable-sort = "disable" --- lighttpd-1.4.19.orig/debian/conf-available/10-webdav.conf +++ lighttpd-1.4.19/debian/conf-available/10-webdav.conf @@ -0,0 +1,13 @@ +## WebDAV stands for Web-based Distributed Authoring and Versioning. +## The term also refers to the set of extensions to the HTTP protocol that +## the group defined which allows users to collaboratively edit and manage +## files on remote web servers. +## +## Documentation: /usr/share/doc/lighttpd-doc/webdav.txt +## http://trac.lighttpd.net/trac/wiki/Docs%3AModWebDAV + +server.modules += ( "mod_webdav" ) + +## The full path to the file you would like to use as your db file. This +## is required for webdav props and locks. +webdav.sqlite-db-name = "/var/run/lighttpd/lighttpd.webdav_lock.db" --- lighttpd-1.4.19.orig/debian/conf-available/README +++ lighttpd-1.4.19/debian/conf-available/README @@ -0,0 +1,22 @@ +ligghttpd Configuration under Debian GNU/Linux +============================================== + +Files and Directories in /etc/lighttpd: +--------------------------------------- + +lighttpd.conf: + main configuration file + +conf-available/ + This directory contains a series of .conf files. These files contain + configuration directives necessary to load and run webserver modules. + If you want to create your own files they names should be + build as nn-name.conf where "nn" is two digit number (number + is used to find order for loading files) + +conf-enabled/ + To actually enable a module for lighttpd, it is necessary to create a + symlink in this directory to the .conf file in conf-available/. + +Enabling and disabling modules could be done by provided +/usr/sbin/lighty-enable-mod and /usr/sbin/lighty-disable-mod scripts. --- lighttpd-1.4.19.orig/debian/conf-available/10-rrdtool.conf +++ lighttpd-1.4.19/debian/conf-available/10-rrdtool.conf @@ -0,0 +1,13 @@ +## RRDtool monitors the traffic and load on Lighttpd +## +## Documentation: /usr/share/doc/lighttpd-doc/rrdtool.txt +## http://www.lighttpd.net/documentation/rrdtool.html + +server.modules += ( "mod_rrdtool" ) + +## path to the rrdtool binary +rrdtool.binary = "/usr/bin/rrdtool" + +## file to store the rrd database, will be created by lighttpd +rrdtool.db-name = "/var/www/lighttpd.rrd" + --- lighttpd-1.4.19.orig/debian/conf-available/10-cml.conf +++ lighttpd-1.4.19/debian/conf-available/10-cml.conf @@ -0,0 +1,22 @@ +## CML is a Meta language to describe the dependencies of a page +## at one side and building a page from its fragments on the +## other side using LUA. +## +## Documentation: /usr/share/doc/lighttpd-doc/cml.txt +## http://www.lighttpd.net/documentation/cml.html + +server.modules += ( "mod_cml" ) + +## the extension for file with cache information. With .cml, +## the cache info file for index.html is index.cml +cml.extension = ".cml" + +index-file.names += ( "index" + cml.extension ) + +## the memcached used by mod_cml +# cml.memcache-hosts = ( "127.0.0.1:11211" ) + +## a cml file that is executed for each request +# cml.power-magnet = "/var/www/power-magnet.cml" + + --- lighttpd-1.4.19.orig/debian/conf-available/10-proxy.conf +++ lighttpd-1.4.19/debian/conf-available/10-proxy.conf @@ -0,0 +1,28 @@ +## Let lighttpd act as a proxy server for special file types, hosts etc +## +## Documentation: /usr/share/doc/lighttpd-doc/proxy.txt +## http://www.lighttpd.net/documentation/proxy.html + +server.modules += ( "mod_proxy" ) + +## Balance algorithm, possible values are: "hash", "round-robin" or "fair" (default) +# proxy.balance = "hash" + + +## Redirect all queries to files ending with ".php" to 192.168.0.101:80 +#proxy.server = ( ".php" => +# ( +# ( "host" => "192.168.0.101", +# "port" => 80 +# ) +# ) +# ) + +## Redirect all connections on www.example.com to 10.0.0.1{0,1,2,3} +#$HTTP["host"] == "www.example.com" { +# proxy.balance = "hash" +# proxy.server = ( "" => ( ( "host" => "10.0.0.10" ), +# ( "host" => "10.0.0.11" ), +# ( "host" => "10.0.0.12" ), +# ( "host" => "10.0.0.13" ) ) ) +#} --- lighttpd-1.4.19.orig/debian/conf-available/10-ssl.conf +++ lighttpd-1.4.19/debian/conf-available/10-ssl.conf @@ -0,0 +1,10 @@ +## lighttpd support for SSLv2 and SSLv3 +## +## Documentation: /usr/share/doc/lighttpd-doc/ssl.txt +## http://www.lighttpd.net/documentation/ssl.html + +#### SSL engine +$SERVER["socket"] == "0.0.0.0:443" { + ssl.engine = "enable" + ssl.pemfile = "/etc/lighttpd/server.pem" +} --- lighttpd-1.4.19.orig/debian/conf-available/10-magnet.conf +++ lighttpd-1.4.19/debian/conf-available/10-magnet.conf @@ -0,0 +1,8 @@ +## CML is a Meta language to describe the dependencies of a page +## at one side and building a page from its fragments on the +## other side using LUA. +## +## Documentation: /usr/share/doc/lighttpd-doc/magnet.txt.gz +## http://trac.lighttpd.net/trac/wiki/Docs%3AModMagnet + +server.modules += ( "mod_magnet" ) --- lighttpd-1.4.19.orig/debian/conf-available/10-userdir.conf +++ lighttpd-1.4.19/debian/conf-available/10-userdir.conf @@ -0,0 +1,14 @@ +## The userdir module provides a simple way to link user-based directories into +## the global namespace of the webserver. +## +## Documentation: /usr/share/doc/lighttpd-doc/userdir.txt +## http://www.lighttpd.net/documentation/userdir.html + +server.modules += ( "mod_userdir" ) + +## the subdirectory of a user's home dir which should be accessible +## under http://$host/~$user +userdir.path = "public_html" + +## The users whose home directories should not be accessible +userdir.exclude-user = ( "root", "postmaster" ) --- lighttpd-1.4.19.orig/debian/conf-available/10-cgi.conf +++ lighttpd-1.4.19/debian/conf-available/10-cgi.conf @@ -0,0 +1,27 @@ +## CGI programs allow you to enhance the functionality of the server in a very +## straight and simple way.. +## +## Documentation: /usr/share/doc/lighttpd-doc/cgi.txt +## http://www.lighttpd.net/documentation/cgi.html + +server.modules += ( "mod_cgi" ) + +$HTTP["remoteip"] =~ "127.0.0.1" { + alias.url += ( "/cgi-bin/" => "/usr/lib/cgi-bin/" ) + $HTTP["url"] =~ "^/cgi-bin/" { + cgi.assign = ( "" => "" ) + } +} + +$HTTP["url"] =~ "^/cgi-bin/" { + cgi.assign = ( "" => "" ) +} + +## Warning this represents a security risk, as it allow to execute any file +## with a .pl/.php/.py even outside of /usr/lib/cgi-bin. +# +#cgi.assign = ( +# ".pl" => "/usr/bin/perl", +# ".php" => "/usr/bin/php-cgi", +# ".py" => "/usr/bin/python", +#) --- lighttpd-1.4.19.orig/debian/conf-available/05-auth.conf +++ lighttpd-1.4.19/debian/conf-available/05-auth.conf @@ -0,0 +1,28 @@ +## Authentication for lighttpd +## +## Documentation: /usr/share/doc/lighttpd-doc/authentication.txt.gz +## http://www.lighttpd.net/documentation/authentication.html + +server.modules += ( "mod_auth" ) + +# auth.backend = "plain" +# auth.backend.plain.userfile = "lighttpd.user" +# auth.backend.plain.groupfile = "lighttpd.group" + +# auth.backend.ldap.hostname = "localhost" +# auth.backend.ldap.base-dn = "dc=my-domain,dc=com" +# auth.backend.ldap.filter = "(uid=$)" + +# auth.require = ( "/server-status" => +# ( +# "method" => "digest", +# "realm" => "download archiv", +# "require" => "group=www|user=jan|host=192.168.2.10" +# ), +# "/server-info" => +# ( +# "method" => "digest", +# "realm" => "download archiv", +# "require" => "group=www|user=jan|host=192.168.2.10" +# ) +# ) --- lighttpd-1.4.19.orig/debian/conf-available/10-simple-vhost.conf +++ lighttpd-1.4.19/debian/conf-available/10-simple-vhost.conf @@ -0,0 +1,14 @@ +## Simple name-based virtual hosting +## +## Documentation: /usr/share/doc/lighttpd-doc/simple-vhost.txt +## http://www.lighttpd.net/documentation/simple-vhost.html + +server.modules += ( "mod_simple_vhost" ) + +## The document root of a virtual host isdocument-root = +## simple-vhost.server-root + $HTTP["host"] + simple-vhost.document-root +simple-vhost.server-root = "/var/www" +simple-vhost.document-root = "/html/" + +## the default host if no host is sent +simple-vhost.default-host = "www.example.com"