Subject: CVS commit: [pkgsrc-2007Q2] pkgsrc/www/lighttpd
From: Geert Hendrickx
Date: 2007-09-10 22:13:32
Message id: 20070910201332.7B3EE21507@cvs.netbsd.org
Log Message:
Pullup ticket 2187 - requested by jlam
security update for lighttpd

- pkgsrc/www/lighttpd/DESCR				1.2
- pkgsrc/www/lighttpd/Makefile				1.16
- pkgsrc/www/lighttpd/PLIST				1.7
- pkgsrc/www/lighttpd/distinfo				1.11
- pkgsrc/www/lighttpd/patches/patch-aa			1.7
- pkgsrc/www/lighttpd/patches/patch-ab			1.4
- pkgsrc/www/lighttpd/patches/patch-ac			1.3

   Module Name:	pkgsrc
   Committed By:	jlam
   Date:		Mon Sep 10 13:59:51 UTC 2007

   Modified Files:
	   pkgsrc/www/lighttpd: DESCR Makefile PLIST distinfo
   Added Files:
	   pkgsrc/www/lighttpd/patches: patch-aa patch-ab patch-ac

   Log Message:
   Update www/lighttpd to 1.4.18.  Changes from 1.4.16 include:

     * fixed forwarding a SIGINT and SIGHUP when using max-workers (#902)
   --> fixed FastCGI header overrun in mod_fastcgi
     * fixed hanging redirects with keep-alive due to missing
       "Content-Length: 0" headers
     * fixed crashing when using undefined environment variables in the config
     * added dir-listing.set-footer in mod_dirlisting (#1277)
     * added sending UID and PID for SIGTERM and SIGINT to the logs
     * fixed compression of files < 128 bytes by disabling compression (#1241)
     * fixed mysql server reconnects (#518)
     * fixed disabled keep-alive for dynamic content with HTTP/1.0 (#1166)
     * fixed crash on mixed EOL sequences in mod_cgi
     * fixed key compare (#1287)
     * fixed invalid char in header values (#1286)
     * fixed invalid "304 Not Modified" on broken timestamps
   --> fixed endless loop on shrinked files with sendfile() on BSD (#1289)
   --> fixed counter overrun in ?auto in mod_status (#909)
     * fixed too aggresive caching of nested conditionals (#41)
   --> fixed possible overflow in unix-socket path checks on BSD (#713)
     * fixed extra Content-Length header on 1xx, 204 and 304 (#1002)
     * fixed handling of duplicate If-Modified-Since to return 304
     * fixed extracting status code from NPH scripts (#1125)
     * removed config-check if passwd files exist (#1188)
     * fixed crash when etags are disabled but the client sends one (#1322)
     * fixed crash when freeing the config in mod_alias
     * fixed server.error-handler-404 breakage from 1.4.16 (#1270)
     * fixed entering 404-handler from dynamic content (#948)
     * added more debug infos for FAM based stat-cache

   The highlighted changes are security vulnerabilities that are fixed in
   this release.
Files:
RevisionActionfile
1.1.1.1.16.1modifypkgsrc/www/lighttpd/DESCR
1.14.2.2modifypkgsrc/www/lighttpd/Makefile
1.6.2.1modifypkgsrc/www/lighttpd/PLIST
1.9.2.2modifypkgsrc/www/lighttpd/distinfo
1.6.2.1addpkgsrc/www/lighttpd/patches/patch-aa
1.3.2.1addpkgsrc/www/lighttpd/patches/patch-ab
1.2.2.1addpkgsrc/www/lighttpd/patches/patch-ac