Overview Repositories Revisions Requests Users Attributes Meta

Revisions of lighttpd

Marcus Rueckert's avatar Marcus Rueckert (darix) accepted request 204140 from Stefan Bühler's avatar Stefan Bühler (stbuehler) (revision 110) 
- remove patches
  - lighttpd-automake.patch: the m4_ifdef stuff should call AM_PROG_AR if available
  - lighttpd-serial-tests.patch: serial-tests only works with automake 1.12;
    upstream fixed configure.ac detecting automake version.
- update debian to 1.4.33-1 (official package)
  - back to .bz2 tar
- backport debian package (1.4.33-1~bpo70+0.1)
  - removing dh_systemd dependency and usage
Marcus Rueckert's avatar Marcus Rueckert (darix) accepted request 201220 from Stefan Bühler's avatar Stefan Bühler (stbuehler) (revision 109) 
- update to 1.4.33:
  - mod_fastcgi: fix mix up of "mode" => "authorizer" in other fastcgi configs (fixes #2465, thx peex)
  - fix handling of If-Modified-Since if If-None-Match is present (don't return 412 for date parsing errors);
    follow current draft for HTTP/1.1, which tells us to ignore If-Modified-Since if we have matching etags.
  - [mod_fastcgi,log] support multi line logging (fixes #2252)
  - call ERR_clear_error only for ssl connections in CON_STATE_ERROR
  - reject non ASCII characters in HTTP header names
  - [mod_auth] use crypt() on encrypted password instead of extracting salt first (fixes #2483)
  - [mod_auth] add htpasswd -s (SHA1) support if openssl is used (needs openssl for SHA1). This doesn't use any salt, md5 with salt is probably better.
  - [mod_auth] fix base64_decode (#2484)
  - fix some bugs found with canalyze (fixes #2484, thx Zhenbo Xu)
  - fix undefined stuff found with clang
  - [cmake] Use TARGET_LINK_LIBRARIES instead of LINK_FLAGS for library dependencies, also add -Wl,--as-needed to extra warnings (fixes #2448)
  - [mod_auth] fix invalid read in digest qop=auth-int handling (fixes #2478)
  - [auto* build] simplify autogen.sh, handle automake 1.13 test running (fixes #2490)
  - [mod_userdir] add userdir.active option, "enabled" by default
  - [core] return 501 Not Implemented in static file mode for all methods except GET/POST/HEAD/OPTIONS
  - [core] recognize more http methods to forward to backends (fixes #2346)
  - [ssl] use DH only if openssl supports it (fixes #2479)
  - [network] use constants available at compile time for maximum number of chunks for writev instead of calling sysconf (fixes #2470)
  - [ssl] Fix $HTTP["scheme"] conditional, could be "http" for ssl connections if the ssl $SERVER["socket"] conditional was nested (fixes #2501)
  - [ssl] accept ssl renegotiations if they are not disabled (fixes #2491)
  - [ssl] add option ssl.empty-fragments, defaulting to disabled (fixes #2492)
  - [auth] put REMOTE_USER into cgi environment, making it accessible to lua via lighty.req_env (fixes #2495)
  - [auth] new method "extern" to use already present REMOTE_USER (from magnet, ssl, ...) (fixes #2436)
  - [core] remove requirement that default doc-root has to exist, there are reasonable scenarios not requiring static files at all
  - [core] check whether server.chroot exists
  - [mod_simple_vhost] fix cache; skip module if simple-vhost.server-root is empty (thx rm for reporting)
  - [mod_accesslog] add accesslog.syslog-level option (fixes #2480)
  - [core] allow files to be used as document-root (fixes #2475)
  - [core] set signal handlers before forking child processes in modules/plugins_call_set_defaults (fixes #2502)
Marcus Rueckert's avatar Marcus Rueckert (darix) accepted request 196944 from Stefan Bühler's avatar Stefan Bühler (stbuehler) (revision 108) 
update debian package to include fixes made in official debian packaging; use xz tarball and buildrequire xz in spec file
Stephan Kulow's avatar Stephan Kulow (coolo) accepted request 181120 from Petr Gajdos's avatar Petr Gajdos (pgajdos) (revision 107) 
- with gcc 4.8 parallel tests seems to be broken
  * lighttpd-serial-tests.patch
Cristian Rodríguez's avatar Cristian Rodríguez (elvigia) accepted request 143102 from Gregor Dschung's avatar Gregor Dschung (chkpnt) (revision 106) 
So a "Requires: httpd" or "Suggests: httpd" doesn't only resolve to apache2.
Marcus Rueckert's avatar Marcus Rueckert (darix) committed (revision 105) 
- get rid of old dsc file
Marcus Rueckert's avatar Marcus Rueckert (darix) committed (revision 104) 
- update to 1.4.32: bnc#790258 CVE-2012-5533
  - Code cleanup with clang/sparse (fixes #2437, thx kibi)
  - Ignore EPIPE/ECONNRESET after SSL_shutdown
  - Handle ENAMETOOLONG, return 404 Not Found (fixes #2396, thx
    dererkazo)
  - configure.ac: remove old stuff, add some new to fix warnings in
    automake 1.12 (fixes #2419, thx blino)
  - add PATCH method (fixes #2424)
  - fix :port handling in $HTTP["host"] checks (fixes #2135. thx
    liming)
  - network_server_init: fix double free and memleak on error
    (fixes #2440, thx kyprizel)
  - detect "x-gzip"/"x-bzip2" as separate encodings, more strict
    encoding matching (fixes #2443)
  - tests: make sure mod_proxy doesn't leave running processes
    (fixes #2435, thx kibi)
  - mod_extforward: log address of untrusted proxy with
    debug.log-request-handling
  - fix DoS in Connection header value split (reported by Jesse
    Sipprell, CVE-2012-5533)
  - remove whitespace at end of header keys
- refreshed lighttpd-automake.patch
Marcus Rueckert's avatar Marcus Rueckert (darix) committed (revision 103) 
- added back the version conditional that i removed by accident
Marcus Rueckert's avatar Marcus Rueckert (darix) committed (revision 102) 
- dropped the perl line that mangled configure.ac
- moved automake patch into the geoip conditional
- move lua conditional out of the _repository block
Marcus Rueckert's avatar Marcus Rueckert (darix) committed (revision 101) 
- only build geoip support on newer distros
Marcus Rueckert's avatar Marcus Rueckert (darix) committed (revision 100) 
- automake patch only needed on factory
- updated debian files
Stephan Kulow's avatar Stephan Kulow (coolo) committed (revision 99) 
format spec
Stephan Kulow's avatar Stephan Kulow (coolo) committed (revision 98) 
remove old source
Stephan Kulow's avatar Stephan Kulow (coolo) accepted request 124095 from Petr Gajdos's avatar Petr Gajdos (pgajdos) (revision 97) 
- fixed build (automake)
  * automake.patch
Marcus Rueckert's avatar Marcus Rueckert (darix) committed (revision 96) 
- update to 1.4.31
  - [ssl] fix segfault in counting renegotiations for openssl
    versions without TLSEXT/SNI (thx carpii for reporting)
  - Move fdevent subsystem includes to implementation files to
    reduce conflicts (fixes #2373)
  - [mod_compress] fix handling if etags are disabled but cache-dir
    is set - may lead to double response
  - disable mmap by default (fixes #2391)
  - buffer_caseless_compare: always convert letters to lowercase to
    get transitive results, fixing array lookups (fixes #2405)
  - Fix handling of empty header list entries in
    http_request_split_value, fixing invalid read in valgrind
    (fixes #2413)
  - Fix access log escaping of " and \\ (fixes #1551)
  - [mod_auth] Fix digest "md5-sess" implementation (Errata ID
    1649, RFC 2617) (fixes #2410)
  - [auth] Add "AUTH_TYPE" environment (for *cgi), remove fastcgi
    specific workaround, add fastcgi test case (fixes #889)
  - [mod_*cgi,mod_accesslog] Fix splitting :port with ipv6 (fixes
    #2333, thx simoncpu)
  - Detect multiple -f options: show error message instead of
    assert (fixes #2416)
  - [mod_extforward] Support ipv6 addresses (fixes #1889)
  - [mod_redirect] Support url.redirect-code option (fixes #2247)
  - Fix --enable-mmap handling in configure.ac
Marcus Rueckert's avatar Marcus Rueckert (darix) committed (revision 95) 
- fix build on factory:
  do not use lua 5.2, use 5.1 instead
Factory Maintainer's avatar Factory Maintainer (factory-maintainer) accepted request 104403 from Stephan Kulow's avatar Stephan Kulow (coolo) (revision 94) 
patch license to follow spdx.org standard
Marcus Rueckert's avatar Marcus Rueckert (darix) committed (revision 93) 
- added the debian.tar.gz to the file list of the spec file to pass
  the check in factory
Marcus Rueckert's avatar Marcus Rueckert (darix) committed (revision 92) 
- update to 1.4.30
  - Always use our ‘own’ md5 implementation, fixes linking issues
    on MacOS (fixes #2331)
  - Limit amount of bytes we send in one go; fixes stalling in one
    connection and timeouts on slow systems.
  - [ssl] fix build errors when Elliptic-Curve Diffie-Hellman is
    disabled
  - Add static-file.disable-pathinfo option to prevent handling of
    urls like …/secret.php/image.jpg as static file
  - Don’t overwrite 401 (auth required) with 501 (unknown method)
    (fixes #2341)
  - Fix mod_status bug: always showed “0/0” in the “Read” column
    for uploads (fixes #2351)
  - [mod_auth] Fix signedness error in http_auth
    (fixes #2370, CVE-2011-4362)
  - [ssl] count renegotiations to prevent client renegotiations
  - [ssl] add option to honor server cipher order
    (fixes #2364, BEAST attack)
  - [core] accept dots in ipv6 addresses in host header
    (fixes #2359)
  - [ssl] fix ssl connection aborts if files are larger than the
    MAX_WRITE_LIMIT (256kb)
  - [libev/cgi] fix waitpid ECHILD errors in cgi with libev
    (fixes #2324)
Marcus Rueckert's avatar Marcus Rueckert (darix) accepted request 96958 from Stefan Bühler's avatar Stefan Bühler (stbuehler) (revision 91) 
update to 1.4.30
Displaying revisions 81 - 100 of 190
openSUSE Build Service is sponsored by
Places