lighttpd (1.4.69-1) unstable; urgency=medium * New upstream version 1.4.69 * Remove deprecated lighttpd modules. * Skip installing modules now built into lighttpd. * Add to not-installed mods now built into lighttpd. * Declare compliance with policy 4.6.2 - no changes needed. * lighttpd.init reopen-logs only if lighttpd is currently running. -- Glenn Strauss Fri, 10 Feb 2023 22:34:51 -0500 lighttpd (1.4.67-1) unstable; urgency=medium [ Glenn Strauss ] * prefer lighttpd TLS defaults [ Helmut Grohne ] * New upstream version 1.4.67 * Update copyright years * Drop upgrade code for o-o-o-stable from postinst * Drop NEWS relevant to o-o-stable * Remove myself from uploaders * Install NEWS.Debian in main lighttpd package only -- Helmut Grohne Fri, 23 Sep 2022 09:06:57 +0200 lighttpd (1.4.66-1) unstable; urgency=medium [ Helmut Grohne ] * New upstream version 1.4.66. [ Moritz Schlarb ] * Re-enable and fix reprotest job [ Helmut Grohne ] * update overrides to newer lintian syntax -- Helmut Grohne Tue, 23 Aug 2022 15:32:25 +0200 lighttpd (1.4.65-2) unstable; urgency=medium * Upload to unstable. -- Helmut Grohne Thu, 16 Jun 2022 11:30:57 +0200 lighttpd (1.4.65-1+exp1) experimental; urgency=medium [ Glenn Strauss ] * Enable building mod_gnutls -- Helmut Grohne Thu, 09 Jun 2022 13:17:59 +0200 lighttpd (1.4.65-1) unstable; urgency=medium [ Glenn Strauss ] * Use lua 5.4 going forwards (update from lua 5.3) * Remove obsolete configure flags for removed deps [ Helmut Grohne ] * New upstream version 1.4.65. * Declare compliance with policy 4.6.1 - no changes needed. * Enable libdeflate for mod_deflate -- Helmut Grohne Thu, 09 Jun 2022 12:36:09 +0200 lighttpd (1.4.64-1) unstable; urgency=medium [ Helmut Grohne ] * Fix bug number in previous changelog entry * New upstream version 1.4.64 + Fixes CVE-2022-22707 32-bit lighttpd mod_extforward crash. [ Glenn Strauss ] * Remove mod_geoip; replaced by mod_maxminddb * Remove mod_cml; replaced by mod_magnet * Remove mod_authn_mysql and mod_mysql_vhost * Remove mod_flv_streaming; replace using mod_magnet * Remove mod_trigger_b4_dl; replace using mod_magnet * Prune Suggests list [ Helmut Grohne ] * Upgrade unversioned breaks to conflicts -- Helmut Grohne Wed, 19 Jan 2022 21:58:43 +0100 lighttpd (1.4.63-1) unstable; urgency=medium * New upstream version 1.4.63 * Drop all patches, applied upstream * Fix load-all-modules autopkgtest: order mod_auth before mod_ajp13 * Switch to pcre2 (Closes: 1000063) * Skip fewer tests in integration-tests autopkgtest -- Helmut Grohne Tue, 14 Dec 2021 13:56:57 +0100 lighttpd (1.4.61-1) unstable; urgency=medium [ Helmut Grohne ] * New upstream version 1.4.61 * Suppress deprecations in load-all-modules autopkgtest [ Glenn Strauss ] * [patch] update patches post lighttpd 1.4.61 -- Helmut Grohne Thu, 04 Nov 2021 13:56:13 +0100 lighttpd (1.4.60-1) unstable; urgency=medium [ Helmut Grohne ] * Add missing epoch to php-fpm dependency * New upstream version 1.4.60 + Drop all patches + Enable libzstd in mod_deflate + Update debian/copyright [ Glenn Strauss ] * lighty-enable-mod conflicts feature [ Helmut Grohne ] * Demote lsb-base dependency -- Helmut Grohne Wed, 03 Nov 2021 13:13:56 +0100 lighttpd (1.4.59-2) unstable; urgency=medium [ Glenn Strauss ] * replace mime-support with media-types dependency (Closes: #980269) [ Helmut Grohne ] * Drop transitional dummy packages after bullseye * Declare compliance with policy 4.6.0 * Update d/copyright for moved fastcgi.h * Delete obsolete Breaks+Replaces (via janitor) * Delete obsolete lighttpd.maintscript (via janitor) -- Helmut Grohne Mon, 27 Sep 2021 12:08:34 +0200 lighttpd (1.4.59-1) unstable; urgency=medium [ Glenn Strauss ] * New upstream version 1.4.59 * [patch] fix 101 upgrade failure with Content-Length * [patch] mod_auth: close HTTP/2 connection after bad password * add mod_ajp13 -- Glenn Strauss Thu, 11 Feb 2021 19:30:33 -0500 lighttpd (1.4.58-2) unstable; urgency=medium [ Glenn Strauss ] * [patch] create-mime.conf.pl -v for warnings (Addresses: #979232) * [patch] fix crash in error trace if backend down * [patch] create-mime.conf.pl -v quiet for mult vnd [ Helmut Grohne ] * annotate media-types build dependency with [ Glenn Strauss ] * autopkgtest: create-mime.conf.pl -v on media-types -- Helmut Grohne Thu, 14 Jan 2021 16:28:42 +0100 lighttpd (1.4.58-1) unstable; urgency=medium [ Glenn Strauss ] * [patch] create-mime.conf.pl improve case handling (Closes: #979232) * [patch] mod_extforward fix extforward.headers defaults [ Helmut Grohne ] * New upstream version 1.4.58 [ Glenn Strauss ] * remove dependencies on libfcgi-dev, php-cgi * adjust vers deps for TLS libs [ Helmut Grohne ] * drop php and libfcgi from autopkgtest deps * autopkgtest: explicitly depend on media-types -- Helmut Grohne Fri, 08 Jan 2021 10:16:33 +0100 lighttpd (1.4.57-1) unstable; urgency=medium * New upstream version 1.4.57 * Drop all patches. They're all upstream now. * Require nss >= buster to include TLS_AES_128_GCM_SHA256. * Declare compliance with debian policy 4.5.1: No changes needed. -- Helmut Grohne Fri, 18 Dec 2020 08:30:52 +0100 lighttpd (1.4.56-1) unstable; urgency=medium [ Justin Aplin ] * build: Set Build-Depends of libwolfssl-dev to >=4.2.0 due to missing TLS version macros in previous versions [ Glenn Strauss ] * tests/serve-cgi-file,do-not-emit-http-proxy-to-cgi. Thanks to Santiago Ruano Rincón (Closes: #834625) * remove lighttpd dependency on FAM or gamin * remove --with-fam from build rules * patch for lighttpd -1 with pipes * patches for mod_wolfssl compatibility [ Helmut Grohne ] * New upstream version 1.4.56 * Update debhelper compatibility level to 12. + Declare compatibility level via Build-Depends. + Add ${misc:Pre-Depends} to lighttpd for dh_installinit. + Accommodate moving documentation to /usr/share/doc/lighttpd. * consistently --link-doc all module packages [ Glenn Strauss ] * autopkgtests: upstream lighttpd integration tests [ Helmut Grohne ] * d/watch: Deal with %-escaped tilde * Stop supporting direct upgrades from squeeze -- Helmut Grohne Wed, 09 Dec 2020 06:22:03 +0100 lighttpd (1.4.56~rc7-1) unstable; urgency=medium * Upload to unstable. * drop mod_authn_dbi.so from debian/not-installed -- Helmut Grohne Sat, 07 Nov 2020 11:03:57 +0100 lighttpd (1.4.56~rc7-0+exp2) experimental; urgency=medium [ Glenn Strauss ] * build lighttpd base against Nettle * split off package lighttpd-mod-openssl * split off package lighttpd-mod-deflate * merge lighttpd-mod-cml and lighttpd-mod-magnet into lighttpd-modules-lua * replace mod_compress with mod_deflate * build with brotli support; replace bzip2 support * separate package for each TLS module mod_openssl, mod_mbedtls, mod_nss, mod_wolfssl * new package lighttpd-modules-dbi with mod_authn_dbi, mod_vhostdb_dbi * document deprecated modules: mod_authn_mysql, mod_mysql_vhost * remove libattr1-dev dependency [ Helmut Grohne ] * remove mod_deflate from the default configuration [ Glenn Strauss ] * lighttpd.conf enable HTTP/2 feature [ Helmut Grohne ] * use the system libxxhash instead of our vendor copy -- Helmut Grohne Thu, 05 Nov 2020 20:18:08 +0100 lighttpd (1.4.56~rc7-0+exp1) experimental; urgency=medium * New upstream version 1.4.56~rc7 -- Helmut Grohne Tue, 03 Nov 2020 05:51:40 +0100 lighttpd (1.4.56~rc2-0+exp1) experimental; urgency=medium * fix php-fpm socket path. Thanks to Joe Nahmias (Closes: #973300) * New upstream version 1.4.56~rc2 + Update debian/copyright + Drop all patches - all applied upstream + mod_compress is merged into mod_deflate + Skip installing mod_authn_dbi for now + load-all-modules test skips deprecated mod_vhost_mysql -- Helmut Grohne Mon, 02 Nov 2020 19:54:18 +0100 lighttpd (1.4.55-2) unstable; urgency=medium [ Glenn Strauss ] * remove upstream source files from debian/clean * use lua 5.3 going forwards (update from lua 5.1) * 05-auth.conf comment available algorithm SHA-256 * 10-ssl.conf listens on IPv4, and IPv6 when avail (Closes: #952541) * patch: mod_openssl inherit cfg from global scope (Closes: #952541) * /var/run -> /run * lighty-enable-mod fastcgi-php-fpm option (Closes: #916677) * patch: dlsym for FAMNoExists (!18) (!22) * document mod_geoip deprecated [ Debian Janitor ] * Wrap long lines in changelog entries: 1.4.16-1, 1.4.15-1, 1.4.13-10, 1.4.10-2. [ bauen1 ] * remove usage of 'su' in crontab (Closes: #958520) -- Helmut Grohne Mon, 26 Oct 2020 17:45:11 +0100 lighttpd (1.4.55-1) unstable; urgency=medium [ Helmut Grohne ] * add debian/upstream/metadata * update expiration of Glenn's upstream signing key * move lighttpd to team maintenance * declare compliance with policy 4.5.0 [ Debian Janitor ] * Bump debhelper from old 9 to 10. * Drop unnecessary dependency on dh-autoreconf. * Drop unnecessary dh arguments: --parallel [ Helmut Grohne ] * Drop --with systemd from dh as it is enabled by compat 10 * New upstream version 1.4.55 [ Glenn Strauss ] * add debian/conf-available/05-setenv.conf [ Helmut Grohne ] * pidfile now lives in /run/lighttpd.pid (Closes: #929203) -- Helmut Grohne Mon, 24 Feb 2020 14:30:34 +0100 lighttpd (1.4.54-2) unstable; urgency=medium * QA upload. * debian/control: + Bump Standards-Version to 4.4.1. * Rebuild with source-only upload to allow testing migration. -- Boyuan Yang Wed, 23 Oct 2019 12:34:59 -0400 lighttpd (1.4.54-1) unstable; urgency=medium * QA upload. * New upstream release. + Drop all patches. All applied upstream. * Drop transitional dummy packages after the buster release. * Stop recommending lighttpd-modules-*. * Suggest all lighttpd modules instead. * Install lighttpd.socket as an example. * Declare compliance with policy version 4.4.0. * Build new module package lighttpd-mod-maxminddb. -- Helmut Grohne Sat, 28 Sep 2019 21:38:40 +0200 lighttpd (1.4.53-4) unstable; urgency=high * QA upload. * fix mixed use of srv->split_vals array (regression) * mod_magnet:fix invalid script return-type crash * fix assertion with server.error-handler * mod_wstunnel:fix wstunnel.ping-interval for big-endian architectures * fix abort in server.http-parseopts with url-path-2f-decode enabled CVE-2019-11072 (closes: #926885) -- Glenn Strauss Sat, 13 Apr 2019 00:00:00 -0400 lighttpd (1.4.53-3) unstable; urgency=medium * QA upload. [ Glenn Strauss ] * rules: debian/lighttpd/var/cache/lighttpd perms * stronger ciphers default: ssl.cipher-list = "HIGH" * autopkgtest: /etc/init.d/lighttpd configtest [ Helmut Grohne ] * autopkgtest defconfig needs root. Thanks to Antonio Terceiro for diagnosis and solution (Closes: #922447) -- Helmut Grohne Sat, 23 Feb 2019 08:51:11 +0100 lighttpd (1.4.53-2) unstable; urgency=medium * QA Upload. [ Glenn Strauss ] * Fix spelling mistake "autn" in package relations. [ Stefan Bühler ] * use php-cgi instead of php; allow php5-cgi as alternative for jessie [ Glenn Strauss ] * add paths to lighttpd.tmpfile.conf (Closes: #679854) * use persistent location for db in webdav conf * remove dpkg-statoverride from lighttpd.init -- Helmut Grohne Wed, 13 Feb 2019 19:32:07 +0100 lighttpd (1.4.53-1) unstable; urgency=medium * QA Upload. * Disable libunwind support by default (unavailable on s390x). Rebuild with DEB_BUILD_PROFILES=pkg.lighttpd.libunwind to use it. * Checked compliance with policy version 4.3.0. * New upstream release. + Drop all patches. + debian/tests/defconfig: Require no warnings. * Add php to Build-Depends to increase test coverage. * Support parallel building. * As we now serve /usr/lib/cgi-bin, create the directory. -- Helmut Grohne Mon, 28 Jan 2019 13:20:22 +0100 lighttpd (1.4.52-5) unstable; urgency=medium * QA Upload. * Fix arch-indep build. (Closes: #920448) -- Helmut Grohne Fri, 25 Jan 2019 17:53:54 +0100 lighttpd (1.4.52-4) unstable; urgency=medium * QA Upload. [ Glenn Strauss ] * replace and deprecate include-conf-enabled.pl with include glob * provide conf-available/10-sockproxy.conf * explicitly add default modules to lighttpd.conf * load mod_compress after conf-enabled/*.conf (Closes: #822920) [ Stefan Bühler ] * remove reference to lighttpd 2.0 in the description for lighttpd-mod-cml * run dh_missing --fail-missing as override in own target * adapt build dependencies for xenial (and jessie) backports * don't generate lighttpd:ModuleProvides substvar for current package name * reexport upstream gpg keys with minimal options [ Glenn Strauss ] * strict parsing and normalization of URL (see NEWS) * lighttpd.init add configtest action [ Stefan Bühler ] * build with libunwind to log backtraces on failed asserts [ Helmut Grohne ] * fail the build when chown does not work [ Glenn Strauss ] * define alias.url in 10-cgi.conf (Closes: #837696) * remove obsolete index.lighttpd.html * update paths in starter index.html * NEWS: mod_cgi defines alias to /usr/lib/cgi-bin * enable 99-unconfigured.conf if not configured [ Helmut Grohne ] * connection_close.patch: cherry-picked from upstream * cross.patch: cherry-picked from upstream -- Helmut Grohne Thu, 24 Jan 2019 21:39:31 +0100 lighttpd (1.4.52-3) unstable; urgency=medium * QA Upload to unstable. * http_auth_backends_assertion.patch: Fix load-all-modules autopkgtest. * Update lighttpd.tmpfile.conf to use /run. (Closes: #916676) * Drop obsolete alternative libssl1.0-dev from Build-Depends. Thanks to Moritz Muehlenhoff and Stefan Bühler for considering implications on backports. (Closes: #917347) -- Helmut Grohne Mon, 07 Jan 2019 10:03:56 +0100 lighttpd (1.4.52-2+exp2) experimental; urgency=medium * QA Upload. * Don't ship /var/www/cgi-bin. Fixes dir-or-file-in-var-www autoreject. Is never referenced from any config. -- Helmut Grohne Sat, 05 Jan 2019 14:34:37 +0100 lighttpd (1.4.52-2+exp1) experimental; urgency=medium * QA Upload. [ Helmut Grohne ] * Add lighttpd-mod-* Provides. * Move mysql modules to new binary package lighttpd-modules-mysql. * Move ldap modules to new binary package lighttpd-modules-ldap. [ Stefan Bühler and Glenn Strauss ] * Add modules mod_authn_pam, mod_authn_sasl, mod_vhostdb_dbi and mod_vhostdb_pgsql to new binary packages. -- Helmut Grohne Sat, 05 Jan 2019 10:57:35 +0100 lighttpd (1.4.52-2) unstable; urgency=medium * QA Upload. [ Helmut Grohne ] * Bump debhelper dependency for using dh_missing. * Add basic autopkgtests. * Drop Files-Excluded from debian/copyright as we are not repacking. * Extend debian/clean and override_dh_clean to cover more files including the ones from Files-Excluded. * Update Standards Version to 4.2.1. + Document that binary-targets need root for chowning to www-data. * Use upstream's create-mime.conf.pl. (Closes: #904741) * Fix FTCBFS: (Closes: #912358) + Drop unused Build-Depends: libcgi-pm-perl. (No longer used) + Annotate Build-Depends: perl with :native. * Demote perl to Recommends and have lighty-enable-mod print a useful message in case it is missing. * Enable mod_openssl in 10-ssl.conf. (Closes: #907909) [ Stefan Bühler ] * use https link to download.lighttpd.net in debian/watch * fix packaging docs for mod-authn-ldap [ Glenn Strauss ] * fix misspelling of GSSAPI * lighttpd.init: full preflight test in check_syntax -- Helmut Grohne Sun, 16 Dec 2018 21:33:07 +0100 lighttpd (1.4.52-1) unstable; urgency=medium * QA Upload. * New upstream release. (Closes: #879496) + Fix CVE-2018-19052. (Closes: #913528) + Don't append port to unix sockets. (Closes: #877039) + Refactor buffer API. (Closes: #857255) + Don't use AC_PATH_PROG to find pkg-config. (Addresses: #912358) + Drop patch fix-openssl-1.1.1.patch applied upstream. + Add new mod_sockproxy.so to main package. * Replace Build-Depends: dh-systemd with newer debhelper for lintian. -- Helmut Grohne Thu, 06 Dec 2018 13:44:42 +0100 lighttpd (1.4.49-2) unstable; urgency=medium * Non-maintainer upload. [ Ondřej Nový ] * d/copyright: Change Format URL to correct one [ Ximin Luo ] * Add a patch to work against openssl 1.1.1. (Closes: #913251) * Add Depends: perl. (Closes: #913249) -- Ximin Luo Sun, 02 Dec 2018 19:26:05 -0800 lighttpd (1.4.49-1.1) unstable; urgency=medium * Non-maintainer upload. * Install mod_openssl.so and other missing modules. (Closes: #894276) -- Ximin Luo Sat, 31 Mar 2018 13:43:49 +0200 lighttpd (1.4.49-1) unstable; urgency=medium [ Michael Gilbert ] * Suggest php-cgi since php5-cgi has been removed from the archive (closes: #859927). [ Clint Adams ] * New upstream version. * Update control file, including setting Maintainer to Debian QA Group. -- Clint Adams Wed, 21 Mar 2018 17:21:11 -0400 lighttpd (1.4.45-1) unstable; urgency=medium * New upstream version 1.4.45. - Drop kfreebsd-disable-test.patch (upstream says its fixed). * Fix upstream spelling errors. * Fix cgi-bin path on start page (closes: #763618) * Remove automatically generated files from the upstream tarball again. * Suggest the service command instead of /etc/init.d for restarting services (closes: #762663). -- Michael Gilbert Sat, 14 Jan 2017 21:07:19 +0000 lighttpd (1.4.44-1) unstable; urgency=medium * New upstream version 1.4.44 * debian/copyright: make lintian happy * debian/control: add libssl1.0-dev as alternative for libssl-dev -- Krzysztof Krzyżaniak (eloy) Mon, 09 Jan 2017 17:43:47 +0100 lighttpd (1.4.43+git20161216-1) unstable; urgency=medium * New upstream snapshot (closes: #846917). * Remove unneeded perl dependencies. * Update debian/copyright to format 1.0. * Ship NEWS file as upstream's changelog. * Remove systemd dependency (closes: #846299). * Suggest php5-cgi instead of recommending it. * Update watch file to look for upstream's xz tarball. * Fix incorrect bug number in previous changelog entry. * Make a mod_rewrite conf file available (closes: #751957). * Point to /var/www/html from the placeholder page (closes: #808921). * Add new packages for LDAP, GSSAPI, MySQL, and GeoIP modules. - Thanks to Stefan Bühler. * Fix build hardening flags. - Thanks to Stefan Bühler. -- Michael Gilbert Mon, 19 Dec 2016 00:04:25 +0000 lighttpd (1.4.43-1) unstable; urgency=medium * New upstream release (closes: #841732). - Fixes CVE-2016-1000212 (closes: #832571). - Adds support for openssl 1.1.0 (closes: #828421). * Update standards version. * Fix lsb-base lintian error. * Add Glenn Strauss signing key. * Use upstream's systemd service file. * Recommend php5-cgi (closes: #774644). * Suggest lighttpd-doc (closes: #806523). * Use default-libmysqlclient-dev build dependency. -- Michael Gilbert Sat, 26 Nov 2016 05:09:35 +0000 lighttpd (1.4.39-1) unstable; urgency=medium * New upstream release. -- Michael Gilbert Sun, 03 Jan 2016 03:59:55 +0000 lighttpd (1.4.37-1) unstable; urgency=medium * New upstream release. - Log file injection issue CVE-2015-3200 fixed (closes: #787132). * Add a debian/clean file. * Drop upstreamed patches. * Add upstream signing key. * Update standards version. * Apply the non-maintainer upload. -- Michael Gilbert Sun, 06 Sep 2015 05:37:20 +0000 lighttpd (1.4.35-4.1) unstable; urgency=medium * Non-maintainer upload. * Fix "FTBFS with perl 5.22: test failures (CGI.pm)": Add build dependency on libcgi-pm-perl. CGI.pm was deprecated in Perl 5.19.x and removed in 5.21.x which makes the explicit build dependency necessary. (Closes: #789856) -- gregor herrmann Thu, 27 Aug 2015 18:29:21 +0200 lighttpd (1.4.35-4) unstable; urgency=medium * Disable SSLv3 by default (closes: #765702). -- Michael Gilbert Sun, 02 Nov 2014 02:49:09 +0000 lighttpd (1.4.35-3) unstable; urgency=medium * Support building with dpkg-buildpackage -g. * Drop libmemcache-dev build-dependency (closes: #748809). -- Michael Gilbert Mon, 18 Aug 2014 03:42:29 +0000 lighttpd (1.4.35-2) unstable; urgency=medium * Fix a spelling error. * Add a lintian override. * Make VCS field canonical. * Add myself to the uploaders. * Use dh-autoreconf (closes: #726394, #731104). * Disable indeterminant test on kfreebsd (closes: #731074). -- Michael Gilbert Sat, 05 Apr 2014 18:12:03 +0000 lighttpd (1.4.35-1) unstable; urgency=low * New upstream version (fixes CVE-2014-2323, CVE-2014-2324) + Delete patches: cve-2013-4508.patch, cve-2013-4559.patch, cve-2013-4560.patch. Those are all cumulative included since lighttpd 1.4.34 * Acknowledge NMUs by the security team * Make the init script wait until lighttpd really terminates. * Change the default document root /var/www/html (Closes: #730379), add a Lintian override for it * Bump the debhelper dependency to >= 9.20130624 to ensure dh_installinit is recent enough for systemd (Closes: #713860) * Reorder LSB init dependencies, add $local_fs to it * Add hardening flags to lighttpd. Thanks to Michael Gilbert for providing a patch (Closes: #741497) * Remove W3C logo from index.html to avoid inclusion of images hosted elsewhere * Push standards version to 3.9.5 (no changes needed). -- Arno Töll Sat, 22 Mar 2014 03:06:59 -1100 lighttpd (1.4.33-1+nmu2) unstable; urgency=high * Non-maintainer upload by the Security Team. * Fix regression caused by the fix for cve-2013-4508 (closes: #729480). -- Michael Gilbert Sat, 16 Nov 2013 22:29:07 +0000 lighttpd (1.4.33-1+nmu1) unstable; urgency=high * Non-maintainer upload by the Security Team (closes: #729453). * Fix cve-2013-4508: ssl cipher suites issue. * Fix cve-2013-4559: setuid privilege escalation issue. * Fix cve-2013-4560: use-after-free in fam. -- Michael Gilbert Wed, 13 Nov 2013 02:19:47 +0000 lighttpd (1.4.33-1) unstable; urgency=low * Drop the connection-dos.patch - merged upstream. * Fix "mod_extforward missing configuration file": ship requested configuration file (Closes: #697304) * Remove access.conf, an obsolete conffiles as we should have done since 2010 (Closes: #703215) * Push debhelper's compat mode to 9, the use of maintscript helper requires 8.1 so we had to push the debhelper b-d anyway. * Fix "config.guess/config.sub out of date for arm64" by adding the patch provided by Colin Watson. Thanks (Closes: #726394). * Fix "[PATCH] use dh-systemd for proper systemd-related maintscripts" to add systemd support. Thanks to Michael Stapelberg (Closes: #713859) -- Arno Töll Tue, 15 Oct 2013 21:24:49 +0200 lighttpd (1.4.31-4) unstable; urgency=high * CVE-2013-1427: Switch the socket path for PHP when using FastCGI. /tmp is world-writable which may cause security implications if an attacker manages to control /tmp/php.socket before the web server (re-)starts. * Switch VCS to git * Push standards version (no changes) -- Arno Töll Thu, 14 Mar 2013 02:20:07 +0100 lighttpd (1.4.31-3) unstable; urgency=high * Fix "configuration files refer to wrong path for documentation" by merging a patch supplied by Denis Laxalde (Closes: #676641) * CVE-2012-5533: Fix Denial Of Service attacks against Lighttpd by sending faulty Connection headers -- Arno Töll Wed, 21 Nov 2012 14:42:32 +0100 lighttpd (1.4.31-1) unstable; urgency=low * New upstream release * Be more careful when removing dangling symlinks, as introduced in 1.4.30-1. Under some configurations the postrm script could fail previously. * Change the use-ipv6.pl script to read the default listening port as a command line argument, fall back to the old default behavior otherwise (Closes: #632723, #642604). Thanks to Sebastian Pipping to accidentally give a hint how to fix this old problem by driving by. * Push standards version to 3.9.3.1 - no further changes * Fix "[lighttpd] "ldap" lowercase in extended description" by fixing the typo (Closes: #670206) * Update my maintainer address -- Arno Töll Fri, 01 Jun 2012 23:46:05 +0200 lighttpd (1.4.30-1) unstable; urgency=medium * New upstream release + Fix integer overflow (CVE-2011-4362) (Closes: #652726) + Fix attack vector as disclosed by the SSL BEAST attack (related: CVE-2011-3389). Note: If you are upgrading from an older version you need to change your configuration to mitigate effects of the attack. See the corresponding NEWS file for details. + Count SSL renegotiations to prevent client renegotiations * Urgency set to medium due to security updates. * Adapt to dpkg 1.16.1 API changes regarding build flags. This enables hardening build flags. This means, lighttpd is now being built with -fstack-protector and other security related build flags. * Add dpkg-dev (>= 1.16.1~) to build-depends to make sure our buildflags are properly supported. That's guaranteed for Testing, but might be helpful to know for backporters. * Fix "Doesn't remove /etc/lighttpd on purge" by removing dangling symlinks /only/. This does not entirely fix the problem of the maintainer, but we can not simply remove all files in /etc/lighttpd as other packages or the user himself might have left configuration files back (Closes: #642494) * Fix "please include systemd service file" Support systemd as alternative to sysvinit, ship systemd and tempfiles.d configuration files. Thanks to Michael Stapelberg for providing the required files (Closes: #652442) -- Arno Töll Tue, 20 Dec 2011 11:36:09 +0100 lighttpd (1.4.29-1) unstable; urgency=low * New upstream release * Fix "lighty-enable-mod should return non-zero on fail" Update script to leave with appropriate exit status (Closes: #629638) * Remove the following patches: + silence-errors.diff - applied upstream + patches/ssl-fix.patch - applied upstream * Add `debian/source/options' to make dpkg-source ignore glitches done by upstream's Makefile in `src/mod_ssi_exprparser.c' and `src/configparser.c' * Run maintainer scripts with `set -e' -- Arno Töll Mon, 04 Jul 2011 17:30:11 +0200 lighttpd (1.4.28-5) unstable; urgency=low * Build with sbuilder to avoid linking to non-existed packages. -- Krzysztof Krzyżaniak (eloy) Tue, 26 Apr 2011 15:05:06 +0200 lighttpd (1.4.28-4) unstable; urgency=low [ Krzysztof Krzyżaniak (eloy) ] * Add Arno Töll to Uploaders [ Arno Töll ] * Fix "leaves dangling alternatives on upgrade" add preinst script which removes the dangling symlink (Closes: #614716) * Fix "/etc/lighttpd/conf-available/15-fastcgi-php.conf: fastcgi-php file missing a required directive" add a dependency based recursive module enable system in lighty-enable-mod (Closes: #600050) * Fix "binNMU for openssl 1.0.0 broke SSL support" backport fix from upstream to avoid name clashes between OpenSSL and Lighty's MD5 implementation (Closes: #622733) -- Arno Töll Sat, 09 Apr 2011 13:22:45 -0400 lighttpd (1.4.28-3) unstable; urgency=low [ Krzysztof Krzyżaniak (eloy) ] * Updated debian/control and debian/copyright files * fix for debhelper-overrides-need-versioned-build-depends (>= 7.0.50~) * debian/compat: increased to 8 [ Olaf van der Spek] * Don't fail install if server fails to start (closes: #383425) * Fix index-file.names typo (closes: #609890) -- Olaf van der Spek Mon, 03 Jan 2011 22:56:38 +0100 lighttpd (1.4.28-2) unstable; urgency=medium [ Olaf van der Spek ] * Use relative instead of absolute links for conf-enabled (closes: #541645) * Fix /doc/ for IPv6 (closes: #512583) [ Krzysztof Krzyżaniak (eloy) ] * Added patch patches/silence-errors.diff (closes: #601177) -- Krzysztof Krzyżaniak (eloy) Fri, 12 Nov 2010 12:08:48 +0100 lighttpd (1.4.28-1) unstable; urgency=low [ Olaf van der Spek ] * New upstream release (closes: 521235, 572031, 564556) * Add check_syntax() from Ubuntu (closes: 589200) -- Thijs Kinkhorst Mon, 30 Aug 2010 20:53:18 +0200 lighttpd (1.4.26-3) unstable; urgency=low * Ack for NMU, fix for SSL incompatibility (closes: #572031) -- Krzysztof Krzyżaniak (eloy) Thu, 03 Jun 2010 21:22:24 +0200 lighttpd (1.4.26-2) unstable; urgency=low [ Krzysztof Krzyżaniak (eloy) ] * Switch to dpkg-source 3.0 (quilt) format * debian/control: + removed Franz Pletz from Uploaders, he's MIA (closes: #579366) + change dependency from libmysqlclient15-dev to more general libmysqlclient-dev [ Olaf van der Spek ] * take conf dir as an optional parameter (closes: 489854) * don't try to make /var/run/lighttpd when invoked with status (closes: 538662) * split FastCGI PHP conf from FastCGI conf (closes: 515699) * reduce max-procs from 2 to 1 (closes: 456200) * move debian doc handling into it's own file * set default vhost dir to /srv//htdocs (closes: 471054) * use delaycompress instead of copytruncate for logrotate (closes: 563626) * don't wait for old process to stop before starting new one for reload (closes: 504315) * use reopen-logs for logrotate (closes: 504319) * add no-www.conf (for use with evhost and simple-vhost, closes: 471055) * move evhost conf into it's own file -- Krzysztof Krzyżaniak (eloy) Tue, 01 Jun 2010 17:08:42 +0200 lighttpd (1.4.26-1) unstable; urgency=low * New upstream release (closes: #568735) * Use provided patch from Andres Rodriguez to implement status action in init.d script (closes: #539955) -- Krzysztof Krzyżaniak (eloy) Tue, 09 Feb 2010 18:02:13 +0100 lighttpd (1.4.25-2) unstable; urgency=low * Change behaviour of use-ipv6.pl script (closes: #560837) -- Krzysztof Krzyżaniak (eloy) Mon, 30 Nov 2009 14:23:03 +0100 lighttpd (1.4.25-1) unstable; urgency=low * New upstream release (closes: #558045) * debian/watch: updated * debian/control: Section field changed to web -- Krzysztof Krzyżaniak (eloy) Mon, 30 Nov 2009 14:03:15 +0100 lighttpd (1.4.24-1) unstable; urgency=low * New upstream release (closes: #530892) (closes: #538135) (closes: #482601) (closes: #541428) * debian/control: + Standards-Version: 3.8.3 * debian/init.d renamed to debian/lighttpd.init * Added $syslog to LSB header in init script (closes: #545576) (Jeremy Lal ) * debian/init.d: force-reload moved to reload section (closes: #538661) (Peter Eisentraut ) -- Krzysztof Krzyżaniak (eloy) Fri, 30 Oct 2009 17:37:29 +0100 lighttpd (1.4.23-3) unstable; urgency=low * debian/rules: make sure that scripts have proper rights (closes: #536668), (closes: #536681), (closes: #536688) (closes: #536668) -- Krzysztof Krzyżaniak (eloy) Mon, 13 Jul 2009 11:17:09 +0200 lighttpd (1.4.23-2) unstable; urgency=low * Add lighttpd.docs with README & NEWS file * New upstream closes wishlist bugs (closes: #535065) (closes: #515777) -- Krzysztof Krzyżaniak (eloy) Fri, 10 Jul 2009 11:11:15 +0200 lighttpd (1.4.23-1) unstable; urgency=low * New upstream release * spawn-fcgi is now separate package, recommends it debian/control * Update Standards-Version to 3.8.2 without changes * Remove cdbs, patchutils from Build-Depends, debian/rules uses debhelper 7 scripts * lighttpd.logrotate apply patch (closes: #535523) from Ubuntu (Daniel Hahler, https://launchpad.net/bugs/393792) -- Krzysztof Krzyżaniak (eloy) Thu, 09 Jul 2009 11:24:16 +0200 lighttpd (1.4.22-1) unstable; urgency=low * New upstream release (closes: #520124) (closes: #516897) (closes: #441173) * debian/control: Update to Standards-Version 3.8.1 (no changes so far), debhelper dependency updated to 7, utfize my name, satisfy lintian * Remove all patches, all fixed upstream but rewrite_redirect_decode_url Do NOT use rewrite/redirect to protect specific urls. -- Krzysztof Krzyżaniak (eloy) Wed, 18 Mar 2009 11:19:55 +0100 lighttpd (1.4.19-5) unstable; urgency=high * Remove the alias.url stanza from 10-cgi.conf (Closes: #499334). * Add patches for lighttpd security 2008-05 to 2008-07 (no CVE yet): + patches/lighttpd-1.4.x_request_header_memleak.patch + patches/lighttpd-1.4.x_rewrite_redirect_decode_url.patch + patches/lighttpd-1.4.x_userdir_lowercase.patch * Urgency set to high for security fix. -- Pierre Habouzit Sat, 27 Sep 2008 12:00:47 +0200 lighttpd (1.4.19-4) unstable; urgency=high * Make debian/use-ipv6.pl executable in debian/rules, thanks to Marco d'Itri for finding about this inexcusable mistake. -- Pierre Habouzit Mon, 12 May 2008 17:12:28 +0200 lighttpd (1.4.19-3) unstable; urgency=medium * Fix /var/cache/lighttpd/uploads permissions in postinst (Closes: 476870). * Update patches/ssl-connection-errors.patch using upstream r2144, thanks to upstream for noticing. * cherokee and lighttpd both provide spawn-fcgi, fix that using alternatives (Closes: 479501): + add spawn-fcgi.lighttpd.1 shamelessly stolen from cherokee packaging (thanks Gunnar). + install spawn-fcgi as spawn-fcgi.lighttpd. + install master alternatives on spawn-fcgi.lighttpd and spawn-fcgi.lighttd.1. + add Conflict against cherokee <= 0.6.1-1. * Quote "dangerous" bits of conf-available/10-cgi.conf (Closes: 479276). -- Pierre Habouzit Tue, 06 May 2008 20:01:37 +0200 lighttpd (1.4.19-2) unstable; urgency=low * Add patches/ssl-connection-errors.patch for CVE-2008-1531 (Closes: 475438). * Test for /var/cache/lighttpd/compress in lighttpd.cron.daily to avoid spurious errors for uninstalled and not purged lighttpd's (Closes: 472175). * Add handling of /var/cache/lighttpd/uploads (Closes: 408521): + add it in lighttpd.dirs. + add it as a server.upload-dirs in lighttpd.conf. + purge it daily in lighttpd.cron.daily. * Fix typo in lighttpd.preinst causing failure to update 05-auth symlink properly (Closes: 472119). * init.d: stopping an already stopped lighttpd, or starting an already running one should not fail (Closes: 472122). * Use $HTTP["remoteip"] =~ "127.0.0.1" in configuration snipplets so that it works when ipv6 is enabled by default too (Closes: 473510). * Use perl to detect if the host has ipv6, and generate the server.use-ipv6 snipplet on the fly instead of forcing it to true (Closes: 473053). -- Pierre Habouzit Sun, 13 Apr 2008 13:20:40 +0200 lighttpd (1.4.19-1~bpo40+1) etch-backports; urgency=low * Rebuild for etch-backports. -- Pierre Habouzit Thu, 20 Mar 2008 00:41:49 +0100 lighttpd (1.4.19-1) unstable; urgency=low * New upstream release. * debian/control: + add Build-Depends upon quilt, remove dpatch. + Bump Standards-Version to 3.7.3 (no changes required). + Move Homepage pseudo-headers as real headers. * debian/patches: + migrate to quilt. + remove 05_fdevent_fix.patch (merged upstream). + remove 06_mod_cgi_vuln_fix.patch (merged upstream). + refresh the rest of the series. * debian/lighty-enable-mod: + Reindent and remove trailing spaces. + don't fail to remove a module that is already removed. Patch from Michal Čihař (Closes: 448682). + Allow full stops in module names (Closes: 462199). * debian/lighttpd.conf: + enable ipv6 by default (Closes: 448054). + remove mod_status stanza, create conf-available/10-status.conf with it. * debian/lighttpd.cron.daily: new file, cleanup compressed cache. Thanks to Michal Čihař (Closes: 445224). * be sure mod_auth is loaded first (Closes: 419176): + add debian/lighttpd.preinst to rename 10-auth.conf into 05-auth.conf automagically (when it's a sane thing to do). + Document all that in NEWS.Debian. + debian/lighttpd.install: add 10-status.conf and 05-auth.conf. * debian/lighttpd.postinst: + chmod'ing /var/cache/lighttpd recursively is useless and too long. Just chmod the base directory, content is likely to be only created by lighty anyways. (Closes: 468297). * debian/init.d: + Add $remote_fs and $network (instead of networking) to Required-{Start,Stop}. + Add fam to Should-{Start,Stop} (Closes: 461180). * debian/lighttpd.links: add symlinks on lighty-* so that lighttpd-* commands exists as well (Closes: 435131). -- Pierre Habouzit Sun, 16 Mar 2008 12:01:41 +0100 lighttpd (1.4.18-4) unstable; urgency=high * The “I HATE DPATCH”-release. * Add patches for real as dpatch-edit-patch is stupid enough for not doing it by itself (Closes: 463368, 469307). -- Pierre Habouzit Tue, 11 Mar 2008 10:07:35 +0100 lighttpd (1.4.18-3) unstable; urgency=high * Force use of deprecated ldap interfaces (Closes: 463368), thanks to Dann Frazier (patches/ldap-deprecated.dpatch). * Add sample configuration for the mod_rrdtool (Closes: 462907). * add patches/06_mod_cgi_vuln_fix.dpatch to fix CVE-2008-1111 (Closes: 469307). * Remove spurious mkdir in debian/rules (Closes: 448160). * Bump urgency for RC bug fixes. -- Pierre Habouzit Sat, 08 Mar 2008 17:30:03 +0100 lighttpd (1.4.18-2) unstable; urgency=high * Move the aliases on /doc/ and /images/ mandated by policy at the end to circumvent #445459. * Add patches/05_fdevent_fix.dpatch to fix possible remote DoS (Closes: 466663). * bump urgency for security fix. -- Pierre Habouzit Wed, 27 Feb 2008 16:56:16 +0100 lighttpd (1.4.18-1) unstable; urgency=low * New upstream release, fixes CVE-2007-4727 (closes: #441787) * lighttpd-angel is installed but not used yet -- Krzysztof Krzyzaniak (eloy) Tue, 11 Sep 2007 12:45:11 +0200 lighttpd (1.4.17-1) unstable; urgency=low * New upstream release * patches/05_mysql_autoreconnect.dpatch - dropped, fixed in upstream -- Krzysztof Krzyzaniak (eloy) Tue, 04 Sep 2007 12:19:01 +0200 lighttpd (1.4.16-5~bpo40+2) etch-backports; urgency=low * Rebuild in an etch chroot *doh*. -- Pierre Habouzit Tue, 28 Aug 2007 11:37:38 +0200 lighttpd (1.4.16-5~bpo40+1) etch-backports; urgency=low * Rebuild for Etch backports. -- Pierre Habouzit Fri, 24 Aug 2007 10:12:10 +0200 lighttpd (1.4.16-5) unstable; urgency=low * debian/control: Drop conflict with gamin as it appears it was not the issue. (Closes: #438058). For real this time. -- Pierre Habouzit Sun, 19 Aug 2007 12:22:32 +0200 lighttpd (1.4.16-4) unstable; urgency=low * debian/control: Drop conflict with gamin as it appears it was not the issue. (Closes: #438058). * src/mod_mysql_vhost.c: Enable mysql auto-connect mode, as it's not default in mysql 5.x anymore. (Closes: #428677). -- Pierre Habouzit Sat, 18 Aug 2007 10:27:22 +0200 lighttpd (1.4.16-3) unstable; urgency=high * Urgency set to high due to RC bug fix. * debian/lighttpd.logrotate: fix stupid typo (closes: #437341). * debian/control: add Conflict against gamin, to avoid #437307. -- Pierre Habouzit Wed, 15 Aug 2007 09:46:48 +0200 lighttpd (1.4.16-2) unstable; urgency=low * patches/04_ldap_build_filter_fix.dpatch: add patch from Peter Colberg to fix first LDAP search that fails because of the filter being uninitialized. (closes: #419661) * Enable fam support (closes: #407820): + debian/rules: add --enable-fam configure flag. + debian/control: add libfam-dev to Build-Depends, and also wrap build-dependencies to make diff more understandable. * Enable support for kerberos (with openssl): + debian/rules; add --enable-kerberos5 configure flag. + debian/control: add libkrb5-dev to the Build-Depends. * lighttpd.logrotate: redirect stderr to /dev/null as well to prevent defunct processes (presumably due to full unread pipes/buffers) (closes: #419992). * debian/control: replace lighttpd dependency on perl with libterm-readline-perl-perl as Readline.pm is needed for lighty-enable-mod (closes: #435077). * debian/control: + Add myself to uploaders (closes: #401575). + Drop Recommands on php5-cgi, there is absolutely no reason to have it, or we would have to recommend ruby, python, lua, perl, .... and every $language on earth to be fair. (closes: #435587). * debian/conf-available/10-webdav.conf: add default configuration for webdav. (closes: #406641). * debian/conf-enabled: remove directory, it is already installed through lighttpd.dirs. * lighttpd.postinst, lighttpd.postrm, init.d: be sure there is a /var/run/lighttpd owned by www-data:www-data, helpful to store locks and things like that. -- Pierre Habouzit Fri, 03 Aug 2007 10:06:15 +0200 lighttpd (1.4.16-1) unstable; urgency=low * New upstream release (closes: #434546) * Acknowledge NMU by Pierre Habouzit for CVE-2007-2841 (closes: #428368) * Added static-file.exclude-extensions section to lighttpd.conf (closes: #408374) * Fixed description of conf-available/10-fastcgi.conf (closes: #430469) * Added mod_extforward to debian/lighttpd.install (closes: #434717) * config.guess taken from upstream (closes: #419664) * turn on compression (closes: #397514) * debian/control: XS-Vcs-Svn header added -- Krzysztof Krzyzaniak (eloy) Fri, 27 Jul 2007 10:32:51 +0200 lighttpd (1.4.15-1.1) unstable; urgency=low * Non-maintainer upload. * add patches/04_wrapping_headers_bugfix.dpatch to fix crash with wrapping headers (Closes: 428368). -- Pierre Habouzit Fri, 20 Jul 2007 11:04:07 +0200 lighttpd (1.4.15-1) unstable; urgency=low * New upstream release (closes: #419131) * 01_mod_fastcgi_missing_cleanup.dpatch is now in upstream so it's removed from patches * 04_pidfile_bugfix.dpatch is now in upstream so it's removed from patches -- Krzysztof Krzyzaniak (eloy) Fri, 06 Apr 2007 11:24:54 +0200 lighttpd (1.4.13-10) unstable; urgency=medium * 03_ldap_leak_bugfix.dpatch added from yann@pleiades.fr.eu.org (Yann Rouillard) (closes: #413917) * Lowered priority of index.lighttpd.html (closes: #397492) * We don't need now check md5 sum of index.html since we provide our own index.lighttpd.html (closes: #407794) * 04_pidfile_bugfix.dpatch by Chris Webb added - some fixes with graceful restart -- Krzysztof Krzyzaniak (eloy) Thu, 8 Mar 2007 22:18:42 +0100 lighttpd (1.4.13-9) unstable; urgency=low * debian/lighttpd.default - removed, it is not ready yet. We'll back after etch release (closes: #406021) * debian/index.html.md5 - fixed path to file (full path to index.html) -- Krzysztof Krzyzaniak (eloy) Tue, 2 Jan 2007 14:24:42 +0100 lighttpd (1.4.13-8) unstable; urgency=medium * Typo fixed in debian/lighttpd.postinst (closes: #405123) -- Krzysztof Krzyzaniak (eloy) Tue, 2 Jan 2007 13:23:25 +0100 lighttpd (1.4.13-7) unstable; urgency=low [ Franz Pletz ] * debian/conf-available/10-cgi.conf: + match /cgi-bin/ only at the beginning of a path + convert match for host == localhost to remoteip == 127.0.0.1 like in lighttpd.conf; due to bugs in mod_alias, the cgi-bin, doc and images aliases didn't work anymore * debian/lighttpd.logrotate + use reload instead of force-reload for graceful restart (closes: #398169, #380080) * added debian/patches/01_mod_fastcgi_missing_cleanup.dpatch + source: http://trac.lighttpd.net/trac/ticket/910 + fixes memleak in mod_fastcgi (closes: #400167) * added debian/patches/02_fastcgi_detach.dpatch + disconnect stderr/stdout from the terminal (closes: #368670) + point them either to errorlog or /dev/null * debian/control: added myself to Uploaders * Don't touch /var/www/index.html, create /var/www/index.lighttpd.html instead (closes: #397492) + debian/lighttpd.postinst: copy to /var/www/index.lighttpd.html + debian/lighttpd.conf: add index.lighttpd.html as first index-filename [ Krzysztof Krzyzaniak (eloy) ] * Typo fixed in index.html (closes: #403620) -- Franz Pletz Fri, 8 Dec 2006 16:15:27 +0100 lighttpd (1.4.13-6) unstable; urgency=low * debian/lighttpd.postinst: change only permission for /var/log/lighttpd/ -- Krzysztof Krzyzaniak (eloy) Mon, 4 Dec 2006 16:34:11 +0100 lighttpd (1.4.13-5) unstable; urgency=low * debian/control: + perl added to dependencies (closes: #396629) * debian/conf-available/10-fastcgi.conf: + /usr/bin/php4-cgi changed to /usr/bin/php-cgi (closes: #397142) * debian/lighttpd.postinst: fix permission of /var/log/lighttpd (closes: #398834) * debian/lighty-enable-mod - fixed bug with undefined values (closes: #397493) -- Krzysztof Krzyzaniak (eloy) Thu, 9 Nov 2006 12:18:25 +0100 lighttpd (1.4.13-4) unstable; urgency=low * fixed config file for logrotote (reload action changed to force-reload) -- Krzysztof Krzyzaniak (eloy) Thu, 26 Oct 2006 11:36:13 +0200 lighttpd (1.4.13-3) unstable; urgency=low * debian/control: libxml2-dev added to Build-Depends (closes: #394882) -- Krzysztof Krzyzaniak (eloy) Tue, 24 Oct 2006 13:31:27 +0200 lighttpd (1.4.13-2) unstable; urgency=medium * Patch from Pierre Habouzit to init.d applied (closes: #380080) * Patch from Adrian Friendli to lighttpd.conf applied (closes: #392890) -- Krzysztof Krzyzaniak (eloy) Mon, 16 Oct 2006 11:14:28 +0200 lighttpd (1.4.13-1) unstable; urgency=low * New upstream release * mod_webdav as separate lighttpd-mod-webdav package * Compiled with --with-webdav-locks, added uuid-dev to Build-Depends -- Krzysztof Krzyzaniak (eloy) Tue, 10 Oct 2006 10:26:54 +0200 lighttpd (1.4.13~r1385-1) unstable; urgency=low * New upstream release -- Krzysztof Krzyzaniak (eloy) Mon, 9 Oct 2006 10:28:32 +0200 lighttpd (1.4.13~r1370-1) unstable; urgency=low * New upstream release (closes: #390877) (closes: #389911) * Compiled with --with-attr param (closes: #389712) * dropped 01-lua5.1.dpatch, issue fixed by upstream -- Krzysztof Krzyzaniak (eloy) Thu, 5 Oct 2006 10:08:19 +0200 lighttpd (1.4.12-1) unstable; urgency=low * New upstream release * fixes in debian/lighttpd.install (closes: #377802) * mod_cml is deprecated from now on and it will be removed in 1.5.0 mod_magnet provides the same functionality and more with a cleaner syntax and in a more generic form * added separate module for mod_magnet (closes: #389578) * changed dependency from lua-5.0 to lua-5.1 * added patch patches/01-lua5.1.dpatch * added pkg-config to Build-Depends -- Krzysztof Krzyzaniak (eloy) Tue, 12 Sep 2006 19:17:41 +0200 lighttpd (1.4.12~20060907-1) unstable; urgency=low * New upstream release * Removed debian/patches/01_use_bin_sh.dpatch - fixed in upstream -- Krzysztof Krzyzaniak (eloy) Thu, 7 Sep 2006 14:50:47 +0200 lighttpd (1.4.12~20060901-1) unstable; urgency=low * New upstream release * Removed debian/patches/02_ssl_fix.dpatch - it's now fixed in upstream -- Krzysztof Krzyzaniak (eloy) Mon, 4 Sep 2006 11:07:42 +0200 lighttpd (1.4.11-8) UNRELEASED; urgency=low * debian/lighttpd.dirs: + usr/lib/cgi-bin added * debian/conf-available/10-cgi.conf + proper configuration for localhost as well (again Bug#345554) * debian/lighttpd.conf: + server.bind commented out as in default configuration (closes: #380267) * debian/patches/02_ssl_fix.dpatch - added fix for ssl connection with POST request (http://trac.lighttpd.net/trac/ticket/607), thanks to RISKO Gergely (closes: #381455) * debian/lighttpd.logrotate - some values changes (now rotate weekly and keep 12 logfiles) -- Krzysztof Krzyzaniak (eloy) Mon, 28 Aug 2006 13:06:25 +0200 lighttpd (1.4.11-7) unstable; urgency=low * debian/create-mime.assign.pl - catchup error when /etc/mime.types is not readable (closes: #375347) -- Krzysztof Krzyzaniak (eloy) Tue, 27 Jun 2006 20:19:57 +0200 lighttpd (1.4.11-6) unstable; urgency=low * debian/control: - Recommends: Changed to alternative: php4-cgi | php5-cgi (closes: #368215) * include-conf-enabled.pl script changed according to patch from Tobias Gruetzmacher (closes: #368352) * debian/lighttpd.conf: removed global for local aliases (/images/, /doc/) (closes: #366801) -- Krzysztof Krzyzaniak (eloy) Tue, 23 May 2006 16:48:36 +0200 lighttpd (1.4.11-5) unstable; urgency=low * debian/init.d: - --oknodo added to section "stop" to close finally #35979 - --retry 30 added to section "reload", to prevents problems with logrotating (closes: #366366) * debian/control: Standards-Version: increased to 3.7.2 without additional changes -- Krzysztof Krzyzaniak (eloy) Wed, 10 May 2006 14:26:04 +0200 lighttpd (1.4.11-4) unstable; urgency=low [ Krzysztof Krzyzaniak (eloy) ] * debian/init.d: - "exit 1" after failed actions removed (closes: #359792) * debian/conf-available/10-fastcgi.conf updated (closes: #362827) thanks to Joerg Rieger [ Torsten Marek ] * Change my email address to shlomme@debian.org * Remove --background from the start action, since it breaks the error checking of start-stop-daemon. The behaviour described in #355865 is not reproducable any more. * make reload action in initscript more well-behaved -- Torsten Marek Sun, 9 Apr 2006 15:51:51 +0200 lighttpd (1.4.11-3) unstable; urgency=low * debian/lighttpd.conf - added dir-listing.encoding = "utf-8", suggested by Silvestre Zabala (closes: #359100) * debian/lighttpd.install - fix bug with installing *.conf files -- Krzysztof Krzyzaniak (eloy) Mon, 27 Mar 2006 09:50:55 +0200 lighttpd (1.4.11-2) unstable; urgency=low * Provide debian/conf-available/10-ssl.conf, (closes: #355868) -- Krzysztof Krzyzaniak (eloy) Fri, 24 Mar 2006 13:53:54 +0100 lighttpd (1.4.11-1) unstable; urgency=low * New upstream release (closes: #356496) * init.d script - added --background to "start" (thanks goes to Marcello Nuccio ) (closes: #355865) -- Krzysztof Krzyzaniak (eloy) Fri, 10 Mar 2006 09:51:10 +0100 lighttpd (1.4.10-6) unstable; urgency=low * Patch from on lighty-enable-mod (closes: #355773) -- Krzysztof Krzyzaniak (eloy) Wed, 8 Mar 2006 11:17:07 +0100 lighttpd (1.4.10-5) unstable; urgency=low [ Krzysztof Krzyzaniak (eloy) ] * debian/control - libmysqlclient14-dev have to be removede because is not available in debian/sid [ Torsten Marek ] * debian/rules - build with support for LUA, libmemcache and GDBM * debian/lighttpd.install - install mod_evasive into lighttpd package * debian/control - own packages for mod_trigger_b4_dl and mod_cml * debian/control - small fixes * debian/conf-available/10-ssi.conf - comment out link to web documentation -- Torsten Marek Mon, 6 Mar 2006 12:07:29 +0100 lighttpd (1.4.10-4) unstable; urgency=low * bugfix release * Fixed bug with 10-fastcgi.conf, (closes: #353964) -- Krzysztof Krzyzaniak (eloy) Thu, 23 Feb 2006 16:14:42 +0100 lighttpd (1.4.10-3) unstable; urgency=low * lighttpd.conf - changed configuration for /images/ & /doc/ handling -- Krzysztof Krzyzaniak (eloy) Tue, 14 Feb 2006 09:57:15 +0100 lighttpd (1.4.10-2) unstable; urgency=low * debian/control - libmysqlclient14-dev added as alternative (will be easier for backports.org) * lighty-enable-mod script fixed - files with dash were skipped, thanks to Silvester Zabala for patch (closes: #352577) * install doc/lighttpd.conf as example (closes: #344961) -- Krzysztof Krzyzaniak (eloy) Mon, 13 Feb 2006 12:58:54 +0100 lighttpd (1.4.10-1) unstable; urgency=low * New upstream release -- Krzysztof Krzyzaniak (eloy) Wed, 8 Feb 2006 16:02:16 +0100 lighttpd (1.4.9-5) unstable; urgency=low * Properly fixed bug with overwritting index.html (closes: #349676) -- Krzysztof Krzyzaniak (eloy) Mon, 30 Jan 2006 10:17:57 +0100 lighttpd (1.4.9-4) unstable; urgency=low [ Krzysztof Krzyzaniak (eloy) ] * Fixed bug with 10-userdir.conf, (closes: #349821) * index.html is not replaced when md5 string desn't match (closes: #349676) -- Krzysztof Krzyzaniak (eloy) Wed, 25 Jan 2006 16:33:34 +0100 lighttpd (1.4.9-3) unstable; urgency=low [ Torsten Marek ] * Added some configuration examples from upstream sample configuration * Implement "reload" init.d action with graceful restart, taken from http://trac.lighttpd.net/trac/ticket/267 (Closes: #346038) * ssi, auth, fastcgi, proxy and simple-vhost are now in separte config files * Put path to plugin documentation into every config snippet * Build against libmysqlclient15 -- Torsten Marek Sat, 21 Jan 2006 15:16:01 +0100 lighttpd (1.4.9-2) unstable; urgency=low [ Krzysztof Krzyzaniak (eloy) ] * mod_alias enabled by default - removed conf-avaiable/00-alias.conf * Added handling of http://localhost/doc/ & http://localhost/images/ (closes: #348823) -- Krzysztof Krzyzaniak (eloy) Thu, 19 Jan 2006 12:39:04 +0100 lighttpd (1.4.9-1) unstable; urgency=low * New upstream release * Closing bug from not uploaded release 1.4.8-5, (closes: #347737) -- Krzysztof Krzyzaniak (eloy) Mon, 16 Jan 2006 20:06:39 +0100 lighttpd (1.4.8-5) unstable; urgency=low * create /var/www directory (closes: #347737), default /var/www/index.html added (based on apache2 index.html file). -- Krzysztof Krzyzaniak (eloy) Thu, 12 Jan 2006 16:54:32 +0100 lighttpd (1.4.8-4) unstable; urgency=low * fixed permissions and directories (closes: #347565) -- Krzysztof Krzyzaniak (eloy) Wed, 11 Jan 2006 17:15:12 +0100 lighttpd (1.4.8-3) unstable; urgency=low * New configuration layout (closes: #345554) (closes: #344959), read /etc/lighttpd/conf-available/README - conf-available directory for all templates - conf-enabled directory for enabled modules -- Krzysztof Krzyzaniak (eloy) Mon, 9 Jan 2006 13:49:34 +0100 lighttpd (1.4.8-2) unstable; urgency=low [ Krzysztof Krzyzaniak (eloy) ] * debian/control: lsb-base dependency narrowed to (>= 3.0-3) * create-mime.assign.pl set as executable (closes: #344938) -- Krzysztof Krzyzaniak (eloy) Wed, 28 Dec 2005 12:40:55 +0100 lighttpd (1.4.8-1) unstable; urgency=low * New upstream version (closes: #304271) * Does not rely on $SHELL to execute external commands -- Torsten Marek Sat, 26 Nov 2005 11:48:51 +0100 lighttpd (1.4.7-1) unstable; urgency=low * New upstream version, Initial debian version * Better debian/rules file * Split mysql vhost module into separate package * Create separate package for documentation * Create a better init script -- Torsten Marek Sat, 5 Nov 2005 18:56:53 +0100