pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: [pkgsrc-2008Q2] pkgsrc/www/lighttpd
Module Name: pkgsrc
Committed By: tron
Date: Fri Oct 3 11:12:18 UTC 2008
Modified Files:
pkgsrc/www/lighttpd [pkgsrc-2008Q2]: Makefile distinfo
Removed Files:
pkgsrc/www/lighttpd/patches [pkgsrc-2008Q2]: patch-aa patch-ac
Log Message:
Pullup ticket #2538 - requested by taca
lighttpd: security update
Revisions pulled up:
- www/lighttpd/Makefile 1.22
- www/lighttpd/distinfo 1.15
- www/lighttpd/patches/patch-aa delete
- www/lighttpd/patches/patch-ac delete
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Oct 3 01:08:36 UTC 2008
Modified Files:
pkgsrc/www/lighttpd: Makefile distinfo
Removed Files:
pkgsrc/www/lighttpd/patches: patch-aa patch-ac
Log Message:
Update lighttpd to 1.4.20.
This contains security fix: http://trac.lighttpd.net/trac/ticket/1774
- 1.4.20 -
* Fix mod_compress to compile with old gcc version (#1592)
* Fix mod_extforward to compile with old gcc version (#1591)
* Update documentation for #1587
* Fix #285 again: read error after SSL_shutdown (thx
marton.illes%balabit.com@localhost) and clear the error queue before some other
calls (CVE-2008-1531)
* Fix mod_magnet: enable "request.method" and "request.protocol" in
lighty.env (#1308)
* Fix segfault for appending matched parts if there was no regex matching
(just give empty strings) (#1601)
* Use data_response_init in mod_fastcgi x-sendfile handling for
response.headers, fix a small "memleak" (#1628)
* Don't send empty Server headers (#1620)
* Fix conditional interpretation of core options
* Enable escaping of % and $ in redirect/rewrite; only two cases changed
their behaviour: "%%" => "%", "$$" => "$"
* Fix accesslog port (should be port from the connection, not the
"server.port") (#1618)
* Fix mod_fastcgi prefix matching: match the prefix always against url, not
the absolute filepath (regardless of check-local)
* Overwrite Content-Type header in mod_dirlisting instead of inserting
(#1614), patch by Henrik Holst
* Handle EINTR in mod_cgi during write() (#1640)
* Allow all http status codes by default; disable body only for 204,205 and
304; generate error pages for 4xx and 5xx (#1639)
* Fix mod_magnet to set con->mode = p->id if it generates content, so
returning 4xx/5xx doesn't append an error page
* Remove lighttpd.spec* from source, fixing all problems with it ;-)
* Do not rely on PATH_MAX (POSIX does not require it) (#580)
* Disable logging to access.log if filename is an empty string
* Implement a clean way to open /dev/null and use it to close stdin/out/err
in the needed places (#624)
* merge spawn-fcgi changes from trunk (from @2191)
* let spawn-fcgi propagate exit code from spawned fcgi application
* close connection after redirect in trigger_b4_dl (thx icy)
* close connection in mod_magnet if returned status code
* fix bug with IPv6 in mod_evasive (#1579)
* fix scgi HTTP/1.* status parsing (#1638), found by
met%uberstats.com@localhost
* [tests] fixed system, use foreground daemons and waitpid
* [tests] removed pidfile from test system
* [tests] fixed tests needing php running (if not running on port 1026,
search php in env[PHP] or /usr/bin/php-cgi)
* fixed typo in mod_accesslog (#1699)
* replaced buffer_{append,copy}_string with the _len variant where possible
(#1732) (thx crypt)
* case insensitive match for secdownload md5 token (#1710)
* Handle only HEAD, GET and POST in mod_dirlisting (same as in staticfile)
(#1687)
* fixed mod_secdownload problem with unsigned time_t (#1688)
* handle EAGAIN and EINTR for freebsd sendfile (#1675)
* Use filedescriptor 0 for mod_scgi spawn socket, redirect STDERR to
/dev/null (#1716)
* fixed round-robin balancing in mod_proxy (#1715)
* fixed EINTR handling for waitpid in mod_fastcgi
* mod_{fast,s}cgi: overwrite environment variables (#1722)
* inserted many con->mode checks; they should prevent two modules to handle
the same request if they shouldn't (#631)
* fixed url encoding to encode more characters (#266)
* allow digits in [s]cgi env vars (#1712)
* fixed dropping last character of evhost pattern (#161)
* print helpful error message on conditionals in global block (#1550)
* decode url before matching in mod_rewrite (#1720)
* fixed conditional patching of ldap filter (#1564)
* Match headers case insensitive in response (removing of
X-{Sendfile,LIGHTTPD-*}, catching Date/Server)
* fixed bug with case-insensitive filenames in mod_userdir (#1589), spotted
by "anders1"
* fixed format string bugs in mod_accesslog for SYSLOG
* replaced fprintf with log_error_write in fastcgi debug
* fixed mem leak in ssi expression parser (#1753), thx Take5k
* hide some ssl errors per default, enable them with debug.log-ssl-noise
(#397)
* do not send content-encoding for 304 (#1754), thx yzlai
* fix segfault for stat_cache(fam) calls with relative path (without '/', can
be triggered by x-sendfile) (#1750)
* fix splitting of auth-ldap filter
* workaround ldap connection leak if a ldap connection failed (restarting
ldap)
* fix auth.backend.ldap.bind-dn/pw problems (only read from global context
for temporary ldap reconnects, thx ruskie)
* fix memleak in request header parsing (#1774, thx qhy)
* fix mod_rewrite memleak/endless loop detection (#1775, thx phy - again!)
* use decoded url for matching in mod_redirect (#1720)
To generate a diff of this commit:
cvs rdiff -r1.21 -r1.21.4.1 pkgsrc/www/lighttpd/Makefile
cvs rdiff -r1.14 -r1.14.4.1 pkgsrc/www/lighttpd/distinfo
cvs rdiff -r1.9 -r0 pkgsrc/www/lighttpd/patches/patch-aa
cvs rdiff -r1.5 -r0 pkgsrc/www/lighttpd/patches/patch-ac
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Home |
Main Index |
Thread Index |
Old Index