./www/lighttpd, Fast, light-footprint HTTP server

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: pkgsrc-2007Q2, Version: 1.4.18, Package name: lighttpd-1.4.18, Maintainer: joerg

Lighttpd is a secure, speedy, compliant, and very flexible web-server
which is designed and optimized for for high-performance environments.
With a small memory footprint compared to other web-servers, effective
management of the CPU-load, and advanced feature set (FastCGI, SCGI,
Auth, Output-Compression, URL-Rewriting and many more) lighttpd is the
perfect solution for every server that is suffering load problems.


Required to run:
[devel/pcre]

Required to build:
[devel/libtool-base]

Package options: inet6, ssl

Master sites:

SHA1: 30eb24cdfcfeadf10fa16f187330bdc5deb25ed2
RMD160: dfca15e4b02a405cc89dcdfb9a0f8137971cfb24
Filesize: 784.532 KB

Version history: (Expand)


CVS history: (Expand)


   2007-09-10 22:13:32 by Geert Hendrickx | Files touched by this commit (7) | Package updated
Log message:
Pullup ticket 2187 - requested by jlam
security update for lighttpd

- pkgsrc/www/lighttpd/DESCR				1.2
- pkgsrc/www/lighttpd/Makefile				1.16
- pkgsrc/www/lighttpd/PLIST				1.7
- pkgsrc/www/lighttpd/distinfo				1.11
- pkgsrc/www/lighttpd/patches/patch-aa			1.7
- pkgsrc/www/lighttpd/patches/patch-ab			1.4
- pkgsrc/www/lighttpd/patches/patch-ac			1.3

   Module Name:	pkgsrc
   Committed By:	jlam
   Date:		Mon Sep 10 13:59:51 UTC 2007

   Modified Files:
	   pkgsrc/www/lighttpd: DESCR Makefile PLIST distinfo
   Added Files:
	   pkgsrc/www/lighttpd/patches: patch-aa patch-ab patch-ac

   Log message:
   Update www/lighttpd to 1.4.18.  Changes from 1.4.16 include:

     * fixed forwarding a SIGINT and SIGHUP when using max-workers (#902)
   --> fixed FastCGI header overrun in mod_fastcgi
     * fixed hanging redirects with keep-alive due to missing
       "Content-Length: 0" headers
     * fixed crashing when using undefined environment variables in the config
     * added dir-listing.set-footer in mod_dirlisting (#1277)
     * added sending UID and PID for SIGTERM and SIGINT to the logs
     * fixed compression of files < 128 bytes by disabling compression (#1241)
     * fixed mysql server reconnects (#518)
     * fixed disabled keep-alive for dynamic content with HTTP/1.0 (#1166)
     * fixed crash on mixed EOL sequences in mod_cgi
     * fixed key compare (#1287)
     * fixed invalid char in header values (#1286)
     * fixed invalid "304 Not Modified" on broken timestamps
   --> fixed endless loop on shrinked files with sendfile() on BSD (#1289)
   --> fixed counter overrun in ?auto in mod_status (#909)
     * fixed too aggresive caching of nested conditionals (#41)
   --> fixed possible overflow in unix-socket path checks on BSD (#713)
     * fixed extra Content-Length header on 1xx, 204 and 304 (#1002)
     * fixed handling of duplicate If-Modified-Since to return 304
     * fixed extracting status code from NPH scripts (#1125)
     * removed config-check if passwd files exist (#1188)
     * fixed crash when etags are disabled but the client sends one (#1322)
     * fixed crash when freeing the config in mod_alias
     * fixed server.error-handler-404 breakage from 1.4.16 (#1270)
     * fixed entering 404-handler from dynamic content (#948)
     * added more debug infos for FAM based stat-cache

   The highlighted changes are security vulnerabilities that are fixed in
   this release.
   2007-07-28 00:47:15 by Geert Hendrickx | Files touched by this commit (2) | Package updated
Log message:
Pullup ticket 2151 - requested by joerg
security update for lighttpd

- pkgsrc/www/lighttpd/Makefile				1.15
- pkgsrc/www/lighttpd/distinfo				1.10

   Module Name:	pkgsrc
   Committed By:	joerg
   Date:		Wed Jul 25 10:26:05 UTC 2007

   Modified Files:
	   pkgsrc/www/lighttpd: Makefile distinfo

   Log message:
   Update to lighttpd 1.4.16. This fixes a number of security issues:
   - various possible NULL pointer references
   - two cases were uninitialised memory is used or memory could be
   corrupted. This might be exploitable to execute arbitrary code.
   - possible mod_access by-pass by appending /
   - a local DOS by broken FastCGI handlers