Navigation:
Browse pkgsrc
(this page) 2007-09-10 22:13:32 by Geert Hendrickx | Files touched by this commit (7) |  |
Log message:
Pullup ticket 2187 - requested by jlam
security update for lighttpd
- pkgsrc/www/lighttpd/DESCR 1.2
- pkgsrc/www/lighttpd/Makefile 1.16
- pkgsrc/www/lighttpd/PLIST 1.7
- pkgsrc/www/lighttpd/distinfo 1.11
- pkgsrc/www/lighttpd/patches/patch-aa 1.7
- pkgsrc/www/lighttpd/patches/patch-ab 1.4
- pkgsrc/www/lighttpd/patches/patch-ac 1.3
Module Name: pkgsrc
Committed By: jlam
Date: Mon Sep 10 13:59:51 UTC 2007
Modified Files:
pkgsrc/www/lighttpd: DESCR Makefile PLIST distinfo
Added Files:
pkgsrc/www/lighttpd/patches: patch-aa patch-ab patch-ac
Log message:
Update www/lighttpd to 1.4.18. Changes from 1.4.16 include:
* fixed forwarding a SIGINT and SIGHUP when using max-workers (#902)
--> fixed FastCGI header overrun in mod_fastcgi
* fixed hanging redirects with keep-alive due to missing
"Content-Length: 0" headers
* fixed crashing when using undefined environment variables in the config
* added dir-listing.set-footer in mod_dirlisting (#1277)
* added sending UID and PID for SIGTERM and SIGINT to the logs
* fixed compression of files < 128 bytes by disabling compression (#1241)
* fixed mysql server reconnects (#518)
* fixed disabled keep-alive for dynamic content with HTTP/1.0 (#1166)
* fixed crash on mixed EOL sequences in mod_cgi
* fixed key compare (#1287)
* fixed invalid char in header values (#1286)
* fixed invalid "304 Not Modified" on broken timestamps
--> fixed endless loop on shrinked files with sendfile() on BSD (#1289)
--> fixed counter overrun in ?auto in mod_status (#909)
* fixed too aggresive caching of nested conditionals (#41)
--> fixed possible overflow in unix-socket path checks on BSD (#713)
* fixed extra Content-Length header on 1xx, 204 and 304 (#1002)
* fixed handling of duplicate If-Modified-Since to return 304
* fixed extracting status code from NPH scripts (#1125)
* removed config-check if passwd files exist (#1188)
* fixed crash when etags are disabled but the client sends one (#1322)
* fixed crash when freeing the config in mod_alias
* fixed server.error-handler-404 breakage from 1.4.16 (#1270)
* fixed entering 404-handler from dynamic content (#948)
* added more debug infos for FAM based stat-cache
The highlighted changes are security vulnerabilities that are fixed in
this release.
|
| 2007-07-28 00:47:15 by Geert Hendrickx | Files touched by this commit (2) | |
Log message: Pullup ticket 2151 - requested by joerg security update for lighttpd - pkgsrc/www/lighttpd/Makefile 1.15 - pkgsrc/www/lighttpd/distinfo 1.10 Module Name: pkgsrc Committed By: joerg Date: Wed Jul 25 10:26:05 UTC 2007 Modified Files: pkgsrc/www/lighttpd: Makefile distinfo Log message: Update to lighttpd 1.4.16. This fixes a number of security issues: - various possible NULL pointer references - two cases were uninitialised memory is used or memory could be corrupted. This might be exploitable to execute arbitrary code. - possible mod_access by-pass by appending / - a local DOS by broken FastCGI handlers |
New packages: