diff -u lighttpd-1.4.19/debian/init.d lighttpd-1.4.19/debian/init.d --- lighttpd-1.4.19/debian/init.d +++ lighttpd-1.4.19/debian/init.d @@ -17,6 +17,8 @@ DESC="web server" PIDFILE=/var/run/$NAME.pid SCRIPTNAME=/etc/init.d/$NAME +ENV="env -i LANG=C PATH=/usr/local/bin:/usr/bin:/bin" +SSD="/sbin/start-stop-daemon" DAEMON_OPTS="-f /etc/lighttpd/lighttpd.conf" diff -u lighttpd-1.4.19/debian/lighttpd.install lighttpd-1.4.19/debian/lighttpd.install --- lighttpd-1.4.19/debian/lighttpd.install +++ lighttpd-1.4.19/debian/lighttpd.install @@ -29,16 +29,16 @@ debian/tmp/usr/lib/lighttpd/mod_userdir.so debian/tmp/usr/lib/lighttpd/mod_usertrack.so debian/lighttpd.conf /etc/lighttpd +debian/conf-available/10-proxy.conf /etc/lighttpd/conf-available debian/conf-available/05-auth.conf /etc/lighttpd/conf-available debian/conf-available/10-status.conf /etc/lighttpd/conf-available debian/conf-available/10-cgi.conf /etc/lighttpd/conf-available -debian/conf-available/10-fastcgi.conf /etc/lighttpd/conf-available -debian/conf-available/10-proxy.conf /etc/lighttpd/conf-available -debian/conf-available/10-rrdtool.conf /etc/lighttpd/conf-available debian/conf-available/10-simple-vhost.conf /etc/lighttpd/conf-available +debian/conf-available/10-userdir.conf /etc/lighttpd/conf-available debian/conf-available/10-ssi.conf /etc/lighttpd/conf-available +debian/conf-available/10-fastcgi.conf /etc/lighttpd/conf-available +debian/conf-available/10-rrdtool.conf /etc/lighttpd/conf-available debian/conf-available/10-ssl.conf /etc/lighttpd/conf-available -debian/conf-available/10-userdir.conf /etc/lighttpd/conf-available debian/conf-available/README /etc/lighttpd/conf-available debian/create-mime.assign.pl /usr/share/lighttpd/ debian/include-conf-enabled.pl /usr/share/lighttpd/ diff -u lighttpd-1.4.19/debian/control lighttpd-1.4.19/debian/control --- lighttpd-1.4.19/debian/control +++ lighttpd-1.4.19/debian/control @@ -1,16 +1,17 @@ Source: lighttpd Section: web Priority: optional -Maintainer: Debian lighttpd maintainers +Maintainer: Ubuntu MOTU Developers +XSBC-Original-Maintainer: Debian lighttpd maintainers Uploaders: Krzysztof Krzyzaniak (eloy) , Torsten Marek , Franz Pletz , Pierre Habouzit -Homepage: http://www.lighttpd.net -Build-Depends: debhelper (>= 5.0.0), cdbs, mime-support, libssl-dev, +Build-Depends: debhelper (>= 6.0.0), cdbs, mime-support, libssl-dev, zlib1g-dev, libbz2-dev, libattr1-dev, libpcre3-dev, libmysqlclient15-dev, - libfam-dev, libldap2-dev, libfcgi-dev, libgdbm-dev, libmemcache-dev, + libgamin-dev, libldap2-dev, libfcgi-dev, libgdbm-dev, libmemcache-dev, liblua5.1-0-dev, quilt, patchutils, pkg-config, uuid-dev, libsqlite3-dev, libxml2-dev, libkrb5-dev, perl +Homepage: http://www.lighttpd.net XS-Vcs-Svn: svn://svn.debian.org/pkg-lighttpd/lighttpd/trunk Standards-Version: 3.7.3 diff -u lighttpd-1.4.19/debian/lighttpd.conf lighttpd-1.4.19/debian/lighttpd.conf --- lighttpd-1.4.19/debian/lighttpd.conf +++ lighttpd-1.4.19/debian/lighttpd.conf @@ -129,6 +129,7 @@ # rrdtool.binary = "/usr/bin/rrdtool" # rrdtool.db-name = "/var/www/lighttpd.rrd" + #### variable usage: ## variable name without "." is auto prefixed by "var." and becomes "var.bar" #bar = 1 diff -u lighttpd-1.4.19/debian/rules lighttpd-1.4.19/debian/rules --- lighttpd-1.4.19/debian/rules +++ lighttpd-1.4.19/debian/rules @@ -4,6 +4,9 @@ include /usr/share/cdbs/1/class/autotools.mk include /usr/share/cdbs/1/rules/patchsys-quilt.mk +DEB_DH_INSTALLINIT_ARGS += --error-handler=true +DEB_UPDATE_RCD_PARAMS += defaults 91 09 + DEB_CONFIGURE_EXTRA_FLAGS += --libdir=/usr/lib/lighttpd --with-openssl \ --with-kerberos5 --with-pcre --with-bz2 \ --with-ldap --with-mysql --with-memcache \ diff -u lighttpd-1.4.19/debian/index.html lighttpd-1.4.19/debian/index.html --- lighttpd-1.4.19/debian/index.html +++ lighttpd-1.4.19/debian/index.html @@ -29,21 +29,21 @@
  • Configuration files can be found in /etc/lighttpd. Please read /etc/lighttpd/conf-available/README file.
  • The DocumentRoot, which is the directory under which all your HTML files should exist, is set to /var/www.
    • -
  • CGI scripts are looked for in /usr/lib/cgi-bin, which is where Debian packages will place their scripts. You can enable cgi module by using command "lighty-enable-mod cgi".
    • +
  • CGI scripts are looked for in /usr/lib/cgi-bin, which is where Ubuntu packages will place their scripts. You can enable cgi module by using command "lighty-enable-mod cgi".
  • Log files are placed in /var/log/lighttpd, and will be rotated weekly. The frequency of rotation can be easily changed by editing /etc/logrotate.d/lighttpd.
  • The default directory index is index.html, meaning that requests for a directory /foo/bar/ will give the contents of the file /var/www/foo/bar/index.html if it exists (assuming that /var/www is your DocumentRoot).
  • You can enable user directories by using command "lighty-enable-mod userdir"

About this page

- This is a placeholder page installed by the Debian release of the Lighttpd server package. + This is a placeholder page installed by the Ubuntu release of the Lighttpd server package.

- This computer has installed the Debian GNU/Linux operating system, but it has nothing to do with the Debian Project. Please do not contact the Debian Project about it. + This computer has installed the Ubuntu operating system, but it has nothing to do with the Ubuntu Project. Please do not contact the Ubuntu Project about it.

If you find a bug in this Lighttpd package, or in Lighttpd itself, please file a bug report on it. Instructions on doing this, and the list of known bugs of this package, can be found in the - Debian Bug Tracking System. + Ubuntu Bug Tracking System.

Thu, 22 May 2008 11:26:16 +0200 + lighttpd (1.4.19-4) unstable; urgency=high * Make debian/use-ipv6.pl executable in debian/rules, thanks to Marco d'Itri @@ -104,6 +126,59 @@ -- Pierre Habouzit Sun, 16 Mar 2008 12:01:41 +0100 +lighttpd (1.4.19-0ubuntu3) hardy; urgency=low + + * SECURITY UPDATE: (LP: #209627) + + debian/patches/92_CVE-2008-1531.dpatch + - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial + of service (active SSL connection loss) by triggering an SSL error, + such as disconnecting before a download has finished, which causes + all active SSL connections to be lost. + * References + + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531 + + http://trac.lighttpd.net/trac/changeset/2136 + + http://trac.lighttpd.net/trac/changeset/2139 + + -- Emanuele Gentili Sun, 06 Apr 2008 00:09:12 +0200 + +lighttpd (1.4.19-0ubuntu2) hardy; urgency=low + + * debian/rules: (LP: #174289) + - set DEB_UPDATE_RCD_PARAMS to "defaults 91 09" to not start lighty before + apache2 but in the same runlevel with the same priority + + -- Stephan Hermann Mon, 17 Mar 2008 16:50:10 +0100 + +lighttpd (1.4.19-0ubuntu1) hardy; urgency=low + + * New upstream release (LP: #201439) + For Changes please read the NEWS file + All security patches we have in 1.4.18 of hardy are included now upstream + * debian/patches/*: All changes introduced by this patches are now applied + upstream + - Dropped 90_CVE-2008-1111.dpatch + - Dropped 91_CVE-2008-1270.dpatch + - Dropped 90_maxfds_crash_fix.dpatch + - Dropped 03_ldap_leak_bugfix.dpatch + - Dropped 04_ldap_build_filter_fix.dpatch + - Dropped 90_accept_ranges_fix.dpatch + * debian/lighttpd.conf: (From Debian) + - Move the aliases on /doc/ and /images/ mandated by policy at the end to + circumvent #445459. + * debian/rules: (From Debian) + - Remove spurious mkdir in debian/rules (Closes: dbts 448160). + * debian/conf-available/10-rrdtool: (From Debian) + - Add sample configuration for the mod_rrdtool (Closes: dbts 462907). + * debian/lighttpd.install: + - Install 10-rrdtool + * debian/patches/ldap-deprecated.dpatch: + - Force use of deprecated ldap interfaces (Closes: dbts 463368), + thanks to Dann Frazier (patches/ldap-deprecated.dpatch). + * Bumped Standards Version to 3.7.3, Bumbed Compat to 6, adjusted build-dep + of debhelper accordingly + + -- Stephan Hermann Wed, 12 Mar 2008 15:52:09 +0100 + lighttpd (1.4.18-4) unstable; urgency=high * The “I HATE DPATCH”-release. @@ -134,6 +209,67 @@ -- Pierre Habouzit Wed, 27 Feb 2008 16:56:16 +0100 +lighttpd (1.4.18-1ubuntu6) hardy; urgency=low + + * SECURITY UPDATE: (LP: #200987) + + debian/patches/91_CVE-2008-1270.dpatch + - mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, + uses a default of $HOME, which might allow remote attackers to read arbitrary + files, as demonstrated by accessing the ~nobody directory. + * References + + CVE-2008-1270 + + http://trac.lighttpd.net/trac/ticket/1587 + + http://trac.lighttpd.net/trac/changeset/2120 + + -- Emanuele Gentili Tue, 11 Mar 2008 14:16:48 +0100 + +lighttpd (1.4.18-1ubuntu5) hardy; urgency=low + + * debian/patches/90-CVE-2008-1111.dpatch: + - Fixes CVE-2008-1111 + "mod_cgi in lighttpd 1.4.18, when a fork failure occurs, sends the source + code of CGI scripts instead of a 500 error, which might allow remote attackers + to obtain sensitive information." + Upstream Patch: http://trac.lighttpd.net/trac/changeset/2107 + + -- Stephan Hermann Wed, 05 Mar 2008 14:04:43 +0100 + +lighttpd (1.4.18-1ubuntu4) hardy; urgency=low + + * debian/patches/90_accept_ranges_fix.dpatch: + - Fixes a problem serving PDF files or other files who are in need of no + Accept-Ranges header (http://trac.lighttpd.net/trac/ticket/541) + (Patch: http://trac.lighttpd.net/trac/changeset/2090) + * debian/index.html: + - replaced all occurances of debian with ubuntu (LP: #115565) + + -- Stephan Hermann Mon, 03 Mar 2008 17:38:33 +0100 + +lighttpd (1.4.18-1ubuntu3) hardy; urgency=low + + * debian/patches/90_maxfds_crash_fix.dpatch: + - added patch from upstream to fix the maxfds issue + - See: http://trac.lighttpd.net/trac/ticket/1562 + + -- Stephan Hermann Mon, 25 Feb 2008 11:51:57 +0100 + +lighttpd (1.4.18-1ubuntu2) hardy; urgency=low + + * Rebuild against libldap2.4-2 + + -- Emmet Hikory Thu, 24 Jan 2008 22:02:20 +0900 + +lighttpd (1.4.18-1ubuntu1) gutsy; urgency=low + + * Merge from Debian unstable, remaining changes: + - Update maintainer field in debian/control. + - Build against libgamin-dev rather than libfam-dev (fixes a warning + during startup) + - Make sure that upgrades succeed, even if we can't restart lighttpd. + - Clean environment in init.d script. + + -- Soren Hansen Wed, 12 Sep 2007 14:02:31 +0200 + lighttpd (1.4.18-1) unstable; urgency=low * New upstream release, fixes CVE-2007-4727 (closes: #441787) @@ -141,6 +277,17 @@ -- Krzysztof Krzyzaniak (eloy) Tue, 11 Sep 2007 12:45:11 +0200 +lighttpd (1.4.17-1ubuntu1) gutsy; urgency=low + + * Merge from Debian unstable, remaining changes: + - Update maintainer field in debian/control. + - Build against libgamin-dev rather than libfam-dev (fixes a warning + during startup) + - Make sure that upgrades succeed, even if we can't restart lighttpd. + - Clean environment in init.d script. + + -- Soren Hansen Wed, 05 Sep 2007 09:30:15 +0200 + lighttpd (1.4.17-1) unstable; urgency=low * New upstream release @@ -217,6 +364,24 @@ -- Pierre Habouzit Fri, 03 Aug 2007 10:06:15 +0200 +lighttpd (1.4.16-2ubuntu2) gutsy; urgency=low + + * Build against libgamin-dev rather than libfam-dev (fixes a warning during + startup about mismatched sizes of a data type). + + -- Soren Hansen Thu, 23 Aug 2007 19:51:08 +0200 + +lighttpd (1.4.16-1ubuntu1) gutsy; urgency=low + + * Merge from Debian unstable, remaining changes: + - Add fam/gamin stat cache engine support. + - Replace Depends: on perl with Depends: on libterm-readline-perl-perl. + - Make sure that upgrades succeed, even if we can't restart lighttpd. + - Clean environment in init.d script. + - Update maintainer field in debian/control. + + -- Michele Angrisano Sat, 28 Jul 2007 20:33:22 +0200 + lighttpd (1.4.16-1) unstable; urgency=low * New upstream release (closes: #434546) @@ -230,6 +395,17 @@ -- Krzysztof Krzyzaniak (eloy) Fri, 27 Jul 2007 10:32:51 +0200 +lighttpd (1.4.15-1.1ubuntu1) gutsy; urgency=low + + * Merge from Debian unstable, remaining changes: + - Add fam/gamin stat cache engine support. + - Replace Depends: on perl with Depends: on libterm-readline-perl-perl. + - Make sure that upgrades succeed, even if we can't restart lighttpd. + - Clean environment in init.d script. + - Update maintainer field in debian/control. + + -- Michele Angrisano Sat, 21 Jul 2007 01:40:36 +0200 + lighttpd (1.4.15-1.1) unstable; urgency=low * Non-maintainer upload. @@ -238,6 +414,17 @@ -- Pierre Habouzit Fri, 20 Jul 2007 11:04:07 +0200 +lighttpd (1.4.15-1ubuntu1) gutsy; urgency=low + + * Merge from Debian unstable. Remaining Ubuntu changes: + - Add fam/gamin stat cache engine support + - Clean environment in init.d script + - Replace Depends: on perl with Depends: on libterm-readline-perl-perl + - Make sure that upgrades succeed, even if we can't restart lighttpd + - DebianMaintainerField update + + -- Soren Hansen Tue, 1 May 2007 13:15:59 +0200 + lighttpd (1.4.15-1) unstable; urgency=low * New upstream release (closes: #419131) @@ -259,6 +446,39 @@ -- Krzysztof Krzyzaniak (eloy) Thu, 8 Mar 2007 22:18:42 +0100 +lighttpd (1.4.13-9ubuntu4) feisty; urgency=low + + * Added LDAP connection leak fix from Debian (Bug: #413917) + - debian/patches/03_ldap_leak_bugfix.dpatch + * Added security fixes from 1.4.14 (Closes LP: #106416) + - Remote DOS in CRLF parsing (CVE-2007-1869) + debian/patches/04_security_crlf_parsing_dos.dpatch + - DOS with files with mtime 0 (CVE-2007-1870) + debian/patches/05_security_zero_mtime_crash.dpatch + + -- Lukas Fittl Sat, 14 Apr 2007 05:26:10 +0200 + +lighttpd (1.4.13-9ubuntu3) feisty; urgency=low + + * Make sure that upgrades succeed, even if we can't restart lighttpd + (LP: #86882) + + -- Soren Hansen Thu, 29 Mar 2007 01:10:06 +0200 + +lighttpd (1.4.13-9ubuntu2) feisty; urgency=low + + * Add fam/gamin stat cache engine support (Closes: LP#80818) + + -- Soren Hansen Mon, 19 Feb 2007 13:09:19 +0100 + +lighttpd (1.4.13-9ubuntu1) feisty; urgency=low + + * Merge from Debian unstable. Remaining Ubuntu changes: + - Clean environment in init.d script + - Replace Depends: on perl with Depends: on libterm-readline-perl-perl + + -- Adrien Cunin Sat, 13 Jan 2007 21:38:05 +0100 + lighttpd (1.4.13-9) unstable; urgency=low * debian/lighttpd.default - removed, it is not ready yet. We'll back after @@ -273,6 +493,14 @@ -- Krzysztof Krzyzaniak (eloy) Tue, 2 Jan 2007 13:23:25 +0100 +lighttpd (1.4.13-7ubuntu1) feisty; urgency=low + + * Merge from debian unstable, remaining changes: + - Clean environment in init.d script + - Replace Depends: on perl with Depends: on libterm-readline-perl-perl + + -- Soren Hansen Sat, 30 Dec 2006 16:22:11 +0100 + lighttpd (1.4.13-7) unstable; urgency=low [ Franz Pletz ] @@ -301,6 +529,25 @@ -- Franz Pletz Fri, 8 Dec 2006 16:15:27 +0100 +lighttpd (1.4.13-6ubuntu3) feisty; urgency=low + + * Fix typo in init-script + + -- Soren Hansen Wed, 13 Dec 2006 11:52:54 +0100 + +lighttpd (1.4.13-6ubuntu2) feisty; urgency=low + + * Clean the environment before starting. Fixes: LP#53840 + + -- Soren Hansen Sun, 10 Dec 2006 16:18:55 +0100 + +lighttpd (1.4.13-6ubuntu1) feisty; urgency=low + + * Merge from debian unstable, remaining changes: + - Replace Depends: on perl with Depends: on libterm-readline-perl-perl + + -- Soren Hansen Fri, 8 Dec 2006 14:40:42 +0100 + lighttpd (1.4.13-6) unstable; urgency=low * debian/lighttpd.postinst: change only permission for /var/log/lighttpd/ @@ -354,6 +601,14 @@ -- Krzysztof Krzyzaniak (eloy) Mon, 9 Oct 2006 10:28:32 +0200 +lighttpd (1.4.13~r1370-1ubuntu1) edgy; urgency=low + + * Merge from Debian unstable (Closes: Malone #64900). Remaining changes: + - Add an additional dependency on libterm-readline-perl-perl + (Malone #43895) + + -- Lukas Fittl Tue, 10 Oct 2006 13:57:38 +0200 + lighttpd (1.4.13~r1370-1) unstable; urgency=low * New upstream release (closes: #390877) (closes: #389911) @@ -376,6 +631,13 @@ -- Krzysztof Krzyzaniak (eloy) Tue, 12 Sep 2006 19:17:41 +0200 +lighttpd (1.4.12~20060907-1ubuntu1) edgy; urgency=low + + * Merge from debian unstable: + -> Keep the additional dependency on libterm-readline-perl-perl. + + -- Jeremie Corbier Fri, 22 Sep 2006 19:16:08 -0700 + lighttpd (1.4.12~20060907-1) unstable; urgency=low * New upstream release @@ -406,6 +668,17 @@ -- Krzysztof Krzyzaniak (eloy) Mon, 28 Aug 2006 13:06:25 +0200 +lighttpd (1.4.11-7ubuntu1) edgy; urgency=low + + * Merge from debian unstable: + -> Restore B-D on libmemcache-dev. + -> Keep the additional dependency on libterm-readline-perl-perl. + * debian/patches: + -> Add 02_mod_ssl_post_fix.dpatch: fix a stall with POST requests between + 8317 and 16381 bytes long when mod_ssl is enabled. + + -- Jeremie Corbier Thu, 17 Aug 2006 13:07:50 +0200 + lighttpd (1.4.11-7) unstable; urgency=low * debian/create-mime.assign.pl - catchup error when /etc/mime.types is not @@ -453,6 +726,27 @@ -- Torsten Marek Sun, 9 Apr 2006 15:51:51 +0200 +lighttpd (1.4.11-3ubuntu3) dapper; urgency=low + + * debian/control + + Added depends on libterm-readline-perl-perl. (Closes: Malone #43895) + + -- Chuck Short Wed, 10 May 2006 18:11:24 -0400 + +lighttpd (1.4.11-3ubuntu2) dapper; urgency=low + + * Rebuild against the new libmysqlclient15off with correct symbols. + + -- Adam Conrad Thu, 6 Apr 2006 15:10:02 +1000 + +lighttpd (1.4.11-3ubuntu1) dapper; urgency=low + + * Sync with Debian: + + Removed B-D on libmemcache-dev as we don't have it in dapper, needs to be + re-enabled for dapper+1 + + -- Sebastian Dröge Mon, 27 Mar 2006 13:52:44 +0200 + lighttpd (1.4.11-3) unstable; urgency=low * debian/lighttpd.conf - added dir-listing.encoding = "utf-8", suggested @@ -618,0 +913 @@ + diff -u lighttpd-1.4.19/debian/compat lighttpd-1.4.19/debian/compat --- lighttpd-1.4.19/debian/compat +++ lighttpd-1.4.19/debian/compat @@ -1 +1 @@ -5 +6