Change logs for lighttpd source package in Trusty

  • lighttpd (1.4.33-1+nmu2ubuntu2) trusty; urgency=medium
    
      * Use dh-autoreconf to regenerate autotools files, fixes FTBFS with
        automake 1.14.1 (Closes: #726934)
      * Add lighttpd.pc to ac_config_files to fix FTBFS:
        make[3]: *** No rule to make target `lighttpd.pc', needed by `all-am'.
     -- Andreas Moog <email address hidden>   Tue, 28 Jan 2014 18:08:02 +0100
  • lighttpd (1.4.33-1+nmu2ubuntu1) trusty; urgency=low
    
      * Merge from Debian unstable.  Remaining changes:
        - debian/index.html: corrected BTS Ubuntu link for lighttpd.
        - debian/index.html: s/Debian/Ubuntu/g branding on the default page.
        - debian/lighttpd.conf: Comment 'use-ipv6.pl' by default, which causes
          failure to bind port in ipv4.
        - Add lighttpd-dev package:
          + debian/control: Added lighttpd-dev package; Build-depends on
            automake (>=1.14), libtool.
          + debian/lighttpd-dev.install: Added.
        - debian/control: libgamin-dev rather than libfam-dev to fix startup warning.
        - debian/rules: Add override_dh_installinit to set "defaults 91 09" to not
          start before apache2 but in the same runlevel with the same priority.
        - Added a UFW profile set:
          + debian/lighttpd.dirs: added etc/ufw/applications.d
          + debian/rules: install the ufw profile.
          + debian/control: Suggests on ufw.
    
    lighttpd (1.4.33-1+nmu2) unstable; urgency=high
    
      * Non-maintainer upload by the Security Team.
      * Fix regression caused by the fix for cve-2013-4508 (closes: #729480).
    
    lighttpd (1.4.33-1+nmu1) unstable; urgency=high
    
      * Non-maintainer upload by the Security Team (closes: #729453).
      * Fix cve-2013-4508: ssl cipher suites issue.
      * Fix cve-2013-4559: setuid privilege escalation issue.
      * Fix cve-2013-4560: use-after-free in fam.
     -- Mahyuddin Susanto <email address hidden>   Wed, 18 Dec 2013 14:30:01 +0700
  • lighttpd (1.4.33-1ubuntu1) trusty; urgency=low
    
      * Merge from Debian unstable (LP: #1246886).  Remaining changes:
        - debian/index.html: corrected BTS Ubuntu link for lighttpd.
        - debian/index.html: s/Debian/Ubuntu/g branding on the default page.
        - debian/lighttpd.conf: Comment 'use-ipv6.pl' by default, which causes
          failure to bind port in ipv4.
        - Add lighttpd-dev package:
          + debian/control: Added lighttpd-dev package; Build-depends on
            automake (>=1.14), libtool.
          + debian/lighttpd-dev.install: Added.
        - debian/control: libgamin-dev rather than libfam-dev to fix startup warning.
        - debian/rules: Add override_dh_installinit to set "defaults 91 09" to not
          start before apache2 but in the same runlevel with the same priority.
        - Added a UFW profile set:
          + debian/lighttpd.dirs: added etc/ufw/applications.d
          + debian/rules: install the ufw profile.
          + debian/control: Suggests on ufw.
        - debian/patches/build-dev-package.patch: Updated to reflect 1.4.33 changes.
    
    lighttpd (1.4.33-1) unstable; urgency=low
    
      * Drop the connection-dos.patch - merged upstream.
      * Fix "mod_extforward missing configuration file": ship requested
        configuration file (Closes: #697304)
      * Remove access.conf, an obsolete conffiles as we should have done since
        2010 (Closes: #703215)
      * Push debhelper's compat mode to 9, the use of maintscript helper requires
        8.1 so we had to push the debhelper b-d anyway.
      * Fix "config.guess/config.sub out of date for arm64" by adding the patch
        provided by Colin Watson. Thanks (Closes: #726394).
      * Fix "[PATCH] use dh-systemd for proper systemd-related maintscripts" to
        add systemd support. Thanks to Michael Stapelberg (Closes: #713859)
    
    lighttpd (1.4.31-4) unstable; urgency=high
    
      * CVE-2013-1427: Switch the socket path for PHP when using FastCGI. /tmp is
        world-writable which may cause security implications if an attacker
        manages to control /tmp/php.socket before the web server (re-)starts.
      * Switch VCS to git
      * Push standards version (no changes)
     -- Mattia Rizzolo <email address hidden>   Wed, 30 Oct 2013 15:52:50 +0100
  • lighttpd (1.4.31-3ubuntu3) saucy; urgency=low
    
      * Use the autotools-dev dh addon to update config.guess/config.sub for
        arm64.
     -- Colin Watson <email address hidden>   Tue, 15 Oct 2013 11:01:00 +0100