* Merge from Debian unstable (LP: #1246886). Remaining changes:
- debian/index.html: corrected BTS Ubuntu link for lighttpd.
- debian/index.html: s/Debian/Ubuntu/g branding on the default page.
- debian/lighttpd.conf: Comment 'use-ipv6.pl' by default, which causes
failure to bind port in ipv4.
- Add lighttpd-dev package:
+ debian/control: Added lighttpd-dev package; Build-depends on
automake (>=1.14), libtool.
+ debian/lighttpd-dev.install: Added.
- debian/control: libgamin-dev rather than libfam-dev to fix startup warning.
- debian/rules: Add override_dh_installinit to set "defaults 91 09" to not
start before apache2 but in the same runlevel with the same priority.
- Added a UFW profile set:
+ debian/lighttpd.dirs: added etc/ufw/applications.d
+ debian/rules: install the ufw profile.
+ debian/control: Suggests on ufw.
- debian/patches/build-dev-package.patch: Updated to reflect 1.4.33 changes.
lighttpd (1.4.33-1) unstable; urgency=low
* Drop the connection-dos.patch - merged upstream.
* Fix "mod_extforward missing configuration file": ship requested
configuration file (Closes: #697304)
* Remove access.conf, an obsolete conffiles as we should have done since
2010 (Closes: #703215)
* Push debhelper's compat mode to 9, the use of maintscript helper requires
8.1 so we had to push the debhelper b-d anyway.
* Fix "config.guess/config.sub out of date for arm64" by adding the patch
provided by Colin Watson. Thanks (Closes: #726394).
* Fix "[PATCH] use dh-systemd for proper systemd-related maintscripts" to
add systemd support. Thanks to Michael Stapelberg (Closes: #713859)
lighttpd (1.4.31-4) unstable; urgency=high
* CVE-2013-1427: Switch the socket path for PHP when using FastCGI. /tmp is
world-writable which may cause security implications if an attacker
manages to control /tmp/php.socket before the web server (re-)starts.
* Switch VCS to git
* Push standards version (no changes)
-- Mattia Rizzolo <email address hidden> Wed, 30 Oct 2013 15:52:50 +0100
This bug was fixed in the package lighttpd - 1.4.33-1ubuntu1
---------------
lighttpd (1.4.33-1ubuntu1) trusty; urgency=low
* Merge from Debian unstable (LP: #1246886). Remaining changes: lighttpd. conf: Comment 'use-ipv6.pl' by default, which causes lighttpd- dev.install: Added. dh_installinit to set "defaults 91 09" to not lighttpd. dirs: added etc/ufw/ applications. d patches/ build-dev- package. patch: Updated to reflect 1.4.33 changes.
- debian/index.html: corrected BTS Ubuntu link for lighttpd.
- debian/index.html: s/Debian/Ubuntu/g branding on the default page.
- debian/
failure to bind port in ipv4.
- Add lighttpd-dev package:
+ debian/control: Added lighttpd-dev package; Build-depends on
automake (>=1.14), libtool.
+ debian/
- debian/control: libgamin-dev rather than libfam-dev to fix startup warning.
- debian/rules: Add override_
start before apache2 but in the same runlevel with the same priority.
- Added a UFW profile set:
+ debian/
+ debian/rules: install the ufw profile.
+ debian/control: Suggests on ufw.
- debian/
lighttpd (1.4.33-1) unstable; urgency=low
* Drop the connection- dos.patch - merged upstream. guess/config. sub out of date for arm64" by adding the patch
* Fix "mod_extforward missing configuration file": ship requested
configuration file (Closes: #697304)
* Remove access.conf, an obsolete conffiles as we should have done since
2010 (Closes: #703215)
* Push debhelper's compat mode to 9, the use of maintscript helper requires
8.1 so we had to push the debhelper b-d anyway.
* Fix "config.
provided by Colin Watson. Thanks (Closes: #726394).
* Fix "[PATCH] use dh-systemd for proper systemd-related maintscripts" to
add systemd support. Thanks to Michael Stapelberg (Closes: #713859)
lighttpd (1.4.31-4) unstable; urgency=high
* CVE-2013-1427: Switch the socket path for PHP when using FastCGI. /tmp is
world-writable which may cause security implications if an attacker
manages to control /tmp/php.socket before the web server (re-)starts.
* Switch VCS to git
* Push standards version (no changes)
-- Mattia Rizzolo <email address hidden> Wed, 30 Oct 2013 15:52:50 +0100