lighttpd (1.4.59-1+deb11u2) bullseye-security; urgency=medium
* Fix CVE-2022-37797
* Fix CVE-2022-41556 remote resource exhaustion
-- Helmut Grohne <helmut.grohne@intenta.de> Fri, 23 Sep 2022 10:23:07 +0200
lighttpd (1.4.59-1+deb11u1) bullseye-security; urgency=medium
[ Glenn Strauss ]
* Fix CVE-2022-22707 32-bit lighttpd mod_extforward crash.
-- Helmut Grohne <helmut.grohne@intenta.de> Mon, 10 Jan 2022 08:38:09 +0100
lighttpd (1.4.59-1) unstable; urgency=medium
[ Glenn Strauss ]
* New upstream version 1.4.59
* [patch] fix 101 upgrade failure with Content-Length
* [patch] mod_auth: close HTTP/2 connection after bad password
* add mod_ajp13
-- Glenn Strauss <gstrauss@gluelogic.com> Thu, 11 Feb 2021 19:30:33 -0500
lighttpd (1.4.58-2) unstable; urgency=medium
[ Glenn Strauss ]
* [patch] create-mime.conf.pl -v for warnings (Addresses: #979232)
* [patch] fix crash in error trace if backend down
* [patch] create-mime.conf.pl -v quiet for mult vnd
[ Helmut Grohne ]
* annotate media-types build dependency with <!nocheck>
[ Glenn Strauss ]
* autopkgtest: create-mime.conf.pl -v on media-types
-- Helmut Grohne <helmut.grohne@intenta.de> Thu, 14 Jan 2021 16:28:42 +0100
lighttpd (1.4.58-1) unstable; urgency=medium
[ Glenn Strauss ]
* [patch] create-mime.conf.pl improve case handling (Closes: #979232)
* [patch] mod_extforward fix extforward.headers defaults
[ Helmut Grohne ]
* New upstream version 1.4.58
[ Glenn Strauss ]
* remove dependencies on libfcgi-dev, php-cgi
* adjust vers deps for TLS libs
[ Helmut Grohne ]
* drop php and libfcgi from autopkgtest deps
* autopkgtest: explicitly depend on media-types
-- Helmut Grohne <helmut.grohne@intenta.de> Fri, 08 Jan 2021 10:16:33 +0100
lighttpd (1.4.57-1) unstable; urgency=medium
* New upstream version 1.4.57
* Drop all patches. They're all upstream now.
* Require nss >= buster to include TLS_AES_128_GCM_SHA256.
* Declare compliance with debian policy 4.5.1: No changes needed.
-- Helmut Grohne <helmut.grohne@intenta.de> Fri, 18 Dec 2020 08:30:52 +0100
lighttpd (1.4.56-1) unstable; urgency=medium
[ Justin Aplin ]
* build: Set Build-Depends of libwolfssl-dev to >=4.2.0 due to missing TLS
version macros in previous versions
[ Glenn Strauss ]
* tests/serve-cgi-file,do-not-emit-http-proxy-to-cgi.
Thanks to Santiago Ruano Rincón <santiagorr@riseup.net> (Closes: #834625)
* remove lighttpd dependency on FAM or gamin
* remove --with-fam from build rules
* patch for lighttpd -1 with pipes
* patches for mod_wolfssl compatibility
[ Helmut Grohne ]
* New upstream version 1.4.56
* Update debhelper compatibility level to 12.
+ Declare compatibility level via Build-Depends.
+ Add ${misc:Pre-Depends} to lighttpd for dh_installinit.
+ Accommodate moving documentation to /usr/share/doc/lighttpd.
* consistently --link-doc all module packages
[ Glenn Strauss ]
* autopkgtests: upstream lighttpd integration tests
[ Helmut Grohne ]
* d/watch: Deal with %-escaped tilde
* Stop supporting direct upgrades from squeeze
-- Helmut Grohne <helmut.grohne@subdivi.de> Wed, 09 Dec 2020 06:22:03 +0100
lighttpd (1.4.56~rc7-1) unstable; urgency=medium
* Upload to unstable.
* drop mod_authn_dbi.so from debian/not-installed
-- Helmut Grohne <helmut.grohne@intenta.de> Sat, 07 Nov 2020 11:03:57 +0100
lighttpd (1.4.56~rc7-0+exp2) experimental; urgency=medium
[ Glenn Strauss ]
* build lighttpd base against Nettle
* split off package lighttpd-mod-openssl
* split off package lighttpd-mod-deflate
* merge lighttpd-mod-cml and lighttpd-mod-magnet into lighttpd-modules-lua
* replace mod_compress with mod_deflate
* build with brotli support; replace bzip2 support
* separate package for each TLS module
mod_openssl, mod_mbedtls, mod_nss, mod_wolfssl
* new package lighttpd-modules-dbi with mod_authn_dbi, mod_vhostdb_dbi
* document deprecated modules: mod_authn_mysql, mod_mysql_vhost
* remove libattr1-dev dependency
[ Helmut Grohne ]
* remove mod_deflate from the default configuration
[ Glenn Strauss ]
* lighttpd.conf enable HTTP/2 feature
[ Helmut Grohne ]
* use the system libxxhash instead of our vendor copy
-- Helmut Grohne <helmut.grohne@intenta.de> Thu, 05 Nov 2020 20:18:08 +0100
lighttpd (1.4.56~rc7-0+exp1) experimental; urgency=medium
* New upstream version 1.4.56~rc7
-- Helmut Grohne <helmut.grohne@intenta.de> Tue, 03 Nov 2020 05:51:40 +0100
lighttpd (1.4.56~rc2-0+exp1) experimental; urgency=medium
* fix php-fpm socket path.
Thanks to Joe Nahmias <joe@nahmias.net> (Closes: #973300)
* New upstream version 1.4.56~rc2
+ Update debian/copyright
+ Drop all patches - all applied upstream
+ mod_compress is merged into mod_deflate
+ Skip installing mod_authn_dbi for now
+ load-all-modules test skips deprecated mod_vhost_mysql
-- Helmut Grohne <helmut.grohne@intenta.de> Mon, 02 Nov 2020 19:54:18 +0100
lighttpd (1.4.55-2) unstable; urgency=medium
[ Glenn Strauss ]
* remove upstream source files from debian/clean
* use lua 5.3 going forwards (update from lua 5.1)
* 05-auth.conf comment available algorithm SHA-256
* 10-ssl.conf listens on IPv4, and IPv6 when avail (Closes: #952541)
* patch: mod_openssl inherit cfg from global scope (Closes: #952541)
* /var/run -> /run
* lighty-enable-mod fastcgi-php-fpm option (Closes: #916677)
* patch: dlsym for FAMNoExists (!18) (!22)
* document mod_geoip deprecated
[ Debian Janitor ]
* Wrap long lines in changelog entries: 1.4.16-1, 1.4.15-1, 1.4.13-10,
1.4.10-2.
[ bauen1 ]
* remove usage of 'su' in crontab (Closes: #958520)
-- Helmut Grohne <helmut.grohne@intenta.de> Mon, 26 Oct 2020 17:45:11 +0100
lighttpd (1.4.55-1) unstable; urgency=medium
[ Helmut Grohne ]
* add debian/upstream/metadata
* update expiration of Glenn's upstream signing key
* move lighttpd to team maintenance
* declare compliance with policy 4.5.0
[ Debian Janitor ]
* Bump debhelper from old 9 to 10.
* Drop unnecessary dependency on dh-autoreconf.
* Drop unnecessary dh arguments: --parallel
[ Helmut Grohne ]
* Drop --with systemd from dh as it is enabled by compat 10
* New upstream version 1.4.55
[ Glenn Strauss ]
* add debian/conf-available/05-setenv.conf
[ Helmut Grohne ]
* pidfile now lives in /run/lighttpd.pid (Closes: #929203)
-- Helmut Grohne <helmut.grohne@intenta.de> Mon, 24 Feb 2020 14:30:34 +0100
lighttpd (1.4.54-2) unstable; urgency=medium
* QA upload.
* debian/control:
+ Bump Standards-Version to 4.4.1.
* Rebuild with source-only upload to allow testing migration.
-- Boyuan Yang <byang@debian.org> Wed, 23 Oct 2019 12:34:59 -0400
lighttpd (1.4.54-1) unstable; urgency=medium
* QA upload.
* New upstream release.
+ Drop all patches. All applied upstream.
* Drop transitional dummy packages after the buster release.
* Stop recommending lighttpd-modules-*.
* Suggest all lighttpd modules instead.
* Install lighttpd.socket as an example.
* Declare compliance with policy version 4.4.0.
* Build new module package lighttpd-mod-maxminddb.
-- Helmut Grohne <helmut.grohne@intenta.de> Sat, 28 Sep 2019 21:38:40 +0200
lighttpd (1.4.53-4) unstable; urgency=high
* QA upload.
* fix mixed use of srv->split_vals array (regression)
* mod_magnet:fix invalid script return-type crash
* fix assertion with server.error-handler
* mod_wstunnel:fix wstunnel.ping-interval for big-endian architectures
* fix abort in server.http-parseopts with url-path-2f-decode enabled
CVE-2019-11072 (closes: #926885)
-- Glenn Strauss <gstrauss@gluelogic.com> Sat, 13 Apr 2019 00:00:00 -0400
lighttpd (1.4.53-3) unstable; urgency=medium
* QA upload.
[ Glenn Strauss ]
* rules: debian/lighttpd/var/cache/lighttpd perms
* stronger ciphers default: ssl.cipher-list = "HIGH"
* autopkgtest: /etc/init.d/lighttpd configtest
[ Helmut Grohne ]
* autopkgtest defconfig needs root.
Thanks to Antonio Terceiro for diagnosis and solution (Closes: #922447)
-- Helmut Grohne <helmut.grohne@intenta.de> Sat, 23 Feb 2019 08:51:11 +0100
lighttpd (1.4.53-2) unstable; urgency=medium
* QA Upload.
[ Glenn Strauss ]
* Fix spelling mistake "autn" in package relations.
[ Stefan Bühler ]
* use php-cgi instead of php; allow php5-cgi as alternative for jessie
[ Glenn Strauss ]
* add paths to lighttpd.tmpfile.conf (Closes: #679854)
* use persistent location for db in webdav conf
* remove dpkg-statoverride from lighttpd.init
-- Helmut Grohne <helmut.grohne@intenta.de> Wed, 13 Feb 2019 19:32:07 +0100
lighttpd (1.4.53-1) unstable; urgency=medium
* QA Upload.
* Disable libunwind support by default (unavailable on s390x).
Rebuild with DEB_BUILD_PROFILES=pkg.lighttpd.libunwind to use it.
* Checked compliance with policy version 4.3.0.
* New upstream release.
+ Drop all patches.
+ debian/tests/defconfig: Require no warnings.
* Add php to Build-Depends to increase test coverage.
* Support parallel building.
* As we now serve /usr/lib/cgi-bin, create the directory.
-- Helmut Grohne <helmut.grohne@intenta.de> Mon, 28 Jan 2019 13:20:22 +0100
lighttpd (1.4.52-5) unstable; urgency=medium
* QA Upload.
* Fix arch-indep build. (Closes: #920448)
-- Helmut Grohne <helmut.grohne@intenta.de> Fri, 25 Jan 2019 17:53:54 +0100
lighttpd (1.4.52-4) unstable; urgency=medium
* QA Upload.
[ Glenn Strauss ]
* replace and deprecate include-conf-enabled.pl with include glob
* provide conf-available/10-sockproxy.conf
* explicitly add default modules to lighttpd.conf
* load mod_compress after conf-enabled/*.conf (Closes: #822920)
[ Stefan Bühler ]
* remove reference to lighttpd 2.0 in the description for lighttpd-mod-cml
* run dh_missing --fail-missing as override in own target
* adapt build dependencies for xenial (and jessie) backports
* don't generate lighttpd:ModuleProvides substvar for current package name
* reexport upstream gpg keys with minimal options
[ Glenn Strauss ]
* strict parsing and normalization of URL (see NEWS)
* lighttpd.init add configtest action
[ Stefan Bühler ]
* build with libunwind to log backtraces on failed asserts
[ Helmut Grohne ]
* fail the build when chown does not work
[ Glenn Strauss ]
* define alias.url in 10-cgi.conf (Closes: #837696)
* remove obsolete index.lighttpd.html
* update paths in starter index.html
* NEWS: mod_cgi defines alias to /usr/lib/cgi-bin
* enable 99-unconfigured.conf if not configured
[ Helmut Grohne ]
* connection_close.patch: cherry-picked from upstream
* cross.patch: cherry-picked from upstream
-- Helmut Grohne <helmut.grohne@intenta.de> Thu, 24 Jan 2019 21:39:31 +0100
lighttpd (1.4.52-3) unstable; urgency=medium
* QA Upload to unstable.
* http_auth_backends_assertion.patch: Fix load-all-modules autopkgtest.
* Update lighttpd.tmpfile.conf to use /run. (Closes: #916676)
* Drop obsolete alternative libssl1.0-dev from Build-Depends. Thanks to
Moritz Muehlenhoff and Stefan Bühler for considering implications on
backports. (Closes: #917347)
-- Helmut Grohne <helmut.grohne@intenta.de> Mon, 07 Jan 2019 10:03:56 +0100
lighttpd (1.4.52-2+exp2) experimental; urgency=medium
* QA Upload.
* Don't ship /var/www/cgi-bin. Fixes dir-or-file-in-var-www autoreject. Is
never referenced from any config.
-- Helmut Grohne <helmut.grohne@intenta.de> Sat, 05 Jan 2019 14:34:37 +0100
lighttpd (1.4.52-2+exp1) experimental; urgency=medium
* QA Upload.
[ Helmut Grohne ]
* Add lighttpd-mod-* Provides.
* Move mysql modules to new binary package lighttpd-modules-mysql.
* Move ldap modules to new binary package lighttpd-modules-ldap.
[ Stefan Bühler and Glenn Strauss ]
* Add modules mod_authn_pam, mod_authn_sasl, mod_vhostdb_dbi and
mod_vhostdb_pgsql to new binary packages.
-- Helmut Grohne <helmut.grohne@intenta.de> Sat, 05 Jan 2019 10:57:35 +0100
lighttpd (1.4.52-2) unstable; urgency=medium
* QA Upload.
[ Helmut Grohne ]
* Bump debhelper dependency for using dh_missing.
* Add basic autopkgtests.
* Drop Files-Excluded from debian/copyright as we are not repacking.
* Extend debian/clean and override_dh_clean to cover more files including
the ones from Files-Excluded.
* Update Standards Version to 4.2.1.
+ Document that binary-targets need root for chowning to www-data.
* Use upstream's create-mime.conf.pl. (Closes: #904741)
* Fix FTCBFS: (Closes: #912358)
+ Drop unused Build-Depends: libcgi-pm-perl. (No longer used)
+ Annotate Build-Depends: perl with :native.
* Demote perl to Recommends and have lighty-enable-mod print a useful
message in case it is missing.
* Enable mod_openssl in 10-ssl.conf. (Closes: #907909)
[ Stefan Bühler ]
* use https link to download.lighttpd.net in debian/watch
* fix packaging docs for mod-authn-ldap
[ Glenn Strauss ]
* fix misspelling of GSSAPI
* lighttpd.init: full preflight test in check_syntax
-- Helmut Grohne <helmut.grohne@intenta.de> Sun, 16 Dec 2018 21:33:07 +0100
lighttpd (1.4.52-1) unstable; urgency=medium
* QA Upload.
* New upstream release. (Closes: #879496)
+ Fix CVE-2018-19052. (Closes: #913528)
+ Don't append port to unix sockets. (Closes: #877039)
+ Refactor buffer API. (Closes: #857255)
+ Don't use AC_PATH_PROG to find pkg-config. (Addresses: #912358)
+ Drop patch fix-openssl-1.1.1.patch applied upstream.
+ Add new mod_sockproxy.so to main package.
* Replace Build-Depends: dh-systemd with newer debhelper for lintian.
-- Helmut Grohne <helmut.grohne@intenta.de> Thu, 06 Dec 2018 13:44:42 +0100
lighttpd (1.4.49-2) unstable; urgency=medium
* Non-maintainer upload.
[ Ondřej Nový ]
* d/copyright: Change Format URL to correct one
[ Ximin Luo ]
* Add a patch to work against openssl 1.1.1. (Closes: #913251)
* Add Depends: perl. (Closes: #913249)
-- Ximin Luo <infinity0@debian.org> Sun, 02 Dec 2018 19:26:05 -0800
lighttpd (1.4.49-1.1) unstable; urgency=medium
* Non-maintainer upload.
* Install mod_openssl.so and other missing modules. (Closes: #894276)
-- Ximin Luo <infinity0@debian.org> Sat, 31 Mar 2018 13:43:49 +0200
lighttpd (1.4.49-1) unstable; urgency=medium
[ Michael Gilbert ]
* Suggest php-cgi since php5-cgi has been removed from the archive
(closes: #859927).
[ Clint Adams ]
* New upstream version.
* Update control file, including setting Maintainer to Debian QA Group.
-- Clint Adams <clint@debian.org> Wed, 21 Mar 2018 17:21:11 -0400
lighttpd (1.4.45-1) unstable; urgency=medium
* New upstream version 1.4.45.
- Drop kfreebsd-disable-test.patch (upstream says its fixed).
* Fix upstream spelling errors.
* Fix cgi-bin path on start page (closes: #763618)
* Remove automatically generated files from the upstream tarball again.
* Suggest the service command instead of /etc/init.d for restarting services
(closes: #762663).
-- Michael Gilbert <mgilbert@debian.org> Sat, 14 Jan 2017 21:07:19 +0000
lighttpd (1.4.44-1) unstable; urgency=medium
* New upstream version 1.4.44
* debian/copyright: make lintian happy
* debian/control: add libssl1.0-dev as alternative for libssl-dev
-- Krzysztof Krzyżaniak (eloy) <eloy@debian.org> Mon, 09 Jan 2017 17:43:47 +0100
lighttpd (1.4.43+git20161216-1) unstable; urgency=medium
* New upstream snapshot (closes: #846917).
* Remove unneeded perl dependencies.
* Update debian/copyright to format 1.0.
* Ship NEWS file as upstream's changelog.
* Remove systemd dependency (closes: #846299).
* Suggest php5-cgi instead of recommending it.
* Update watch file to look for upstream's xz tarball.
* Fix incorrect bug number in previous changelog entry.
* Make a mod_rewrite conf file available (closes: #751957).
* Point to /var/www/html from the placeholder page (closes: #808921).
* Add new packages for LDAP, GSSAPI, MySQL, and GeoIP modules.
- Thanks to Stefan Bühler.
* Fix build hardening flags.
- Thanks to Stefan Bühler.
-- Michael Gilbert <mgilbert@debian.org> Mon, 19 Dec 2016 00:04:25 +0000
lighttpd (1.4.43-1) unstable; urgency=medium
* New upstream release (closes: #841732).
- Fixes CVE-2016-1000212 (closes: #832571).
- Adds support for openssl 1.1.0 (closes: #828421).
* Update standards version.
* Fix lsb-base lintian error.
* Add Glenn Strauss signing key.
* Use upstream's systemd service file.
* Recommend php5-cgi (closes: #774644).
* Suggest lighttpd-doc (closes: #806523).
* Use default-libmysqlclient-dev build dependency.
-- Michael Gilbert <mgilbert@debian.org> Sat, 26 Nov 2016 05:09:35 +0000
lighttpd (1.4.39-1) unstable; urgency=medium
* New upstream release.
-- Michael Gilbert <mgilbert@debian.org> Sun, 03 Jan 2016 03:59:55 +0000
lighttpd (1.4.37-1) unstable; urgency=medium
* New upstream release.
- Log file injection issue CVE-2015-3200 fixed (closes: #787132).
* Add a debian/clean file.
* Drop upstreamed patches.
* Add upstream signing key.
* Update standards version.
* Apply the non-maintainer upload.
-- Michael Gilbert <mgilbert@debian.org> Sun, 06 Sep 2015 05:37:20 +0000
lighttpd (1.4.35-4.1) unstable; urgency=medium
* Non-maintainer upload.
* Fix "FTBFS with perl 5.22: test failures (CGI.pm)":
Add build dependency on libcgi-pm-perl.
CGI.pm was deprecated in Perl 5.19.x and removed in 5.21.x which makes the
explicit build dependency necessary.
(Closes: #789856)
-- gregor herrmann <gregoa@debian.org> Thu, 27 Aug 2015 18:29:21 +0200
lighttpd (1.4.35-4) unstable; urgency=medium
* Disable SSLv3 by default (closes: #765702).
-- Michael Gilbert <mgilbert@debian.org> Sun, 02 Nov 2014 02:49:09 +0000
lighttpd (1.4.35-3) unstable; urgency=medium
* Support building with dpkg-buildpackage -g.
* Drop libmemcache-dev build-dependency (closes: #748809).
-- Michael Gilbert <mgilbert@debian.org> Mon, 18 Aug 2014 03:42:29 +0000
lighttpd (1.4.35-2) unstable; urgency=medium
* Fix a spelling error.
* Add a lintian override.
* Make VCS field canonical.
* Add myself to the uploaders.
* Use dh-autoreconf (closes: #726394, #731104).
* Disable indeterminant test on kfreebsd (closes: #731074).
-- Michael Gilbert <mgilbert@debian.org> Sat, 05 Apr 2014 18:12:03 +0000
lighttpd (1.4.35-1) unstable; urgency=low
* New upstream version (fixes CVE-2014-2323, CVE-2014-2324)
+ Delete patches: cve-2013-4508.patch, cve-2013-4559.patch,
cve-2013-4560.patch. Those are all cumulative included since
lighttpd 1.4.34
* Acknowledge NMUs by the security team
* Make the init script wait until lighttpd really terminates.
* Change the default document root /var/www/html (Closes: #730379), add a
Lintian override for it
* Bump the debhelper dependency to >= 9.20130624 to ensure dh_installinit is
recent enough for systemd (Closes: #713860)
* Reorder LSB init dependencies, add $local_fs to it
* Add hardening flags to lighttpd. Thanks to Michael Gilbert
for providing a patch (Closes: #741497)
* Remove W3C logo from index.html to avoid inclusion of images hosted
elsewhere
* Push standards version to 3.9.5 (no changes needed).
-- Arno Töll <arno@debian.org> Sat, 22 Mar 2014 03:06:59 -1100
lighttpd (1.4.33-1+nmu2) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Fix regression caused by the fix for cve-2013-4508 (closes: #729480).
-- Michael Gilbert <mgilbert@debian.org> Sat, 16 Nov 2013 22:29:07 +0000
lighttpd (1.4.33-1+nmu1) unstable; urgency=high
* Non-maintainer upload by the Security Team (closes: #729453).
* Fix cve-2013-4508: ssl cipher suites issue.
* Fix cve-2013-4559: setuid privilege escalation issue.
* Fix cve-2013-4560: use-after-free in fam.
-- Michael Gilbert <mgilbert@debian.org> Wed, 13 Nov 2013 02:19:47 +0000
lighttpd (1.4.33-1) unstable; urgency=low
* Drop the connection-dos.patch - merged upstream.
* Fix "mod_extforward missing configuration file": ship requested
configuration file (Closes: #697304)
* Remove access.conf, an obsolete conffiles as we should have done since
2010 (Closes: #703215)
* Push debhelper's compat mode to 9, the use of maintscript helper requires
8.1 so we had to push the debhelper b-d anyway.
* Fix "config.guess/config.sub out of date for arm64" by adding the patch
provided by Colin Watson. Thanks (Closes: #726394).
* Fix "[PATCH] use dh-systemd for proper systemd-related maintscripts" to
add systemd support. Thanks to Michael Stapelberg (Closes: #713859)
-- Arno Töll <arno@debian.org> Tue, 15 Oct 2013 21:24:49 +0200
lighttpd (1.4.31-4) unstable; urgency=high
* CVE-2013-1427: Switch the socket path for PHP when using FastCGI. /tmp is
world-writable which may cause security implications if an attacker
manages to control /tmp/php.socket before the web server (re-)starts.
* Switch VCS to git
* Push standards version (no changes)
-- Arno Töll <arno@debian.org> Thu, 14 Mar 2013 02:20:07 +0100
lighttpd (1.4.31-3) unstable; urgency=high
* Fix "configuration files refer to wrong path for documentation"
by merging a patch supplied by Denis Laxalde <denis@laxalde.org>
(Closes: #676641)
* CVE-2012-5533: Fix Denial Of Service attacks against Lighttpd by sending
faulty Connection headers
-- Arno Töll <arno@debian.org> Wed, 21 Nov 2012 14:42:32 +0100
lighttpd (1.4.31-1) unstable; urgency=low
* New upstream release
* Be more careful when removing dangling symlinks, as introduced in 1.4.30-1.
Under some configurations the postrm script could fail previously.
* Change the use-ipv6.pl script to read the default listening port as a
command line argument, fall back to the old default behavior otherwise
(Closes: #632723, #642604). Thanks to Sebastian Pipping to accidentally
give a hint how to fix this old problem by driving by.
* Push standards version to 3.9.3.1 - no further changes
* Fix "[lighttpd] "ldap" lowercase in extended description" by fixing the
typo (Closes: #670206)
* Update my maintainer address
-- Arno Töll <arno@debian.org> Fri, 01 Jun 2012 23:46:05 +0200
lighttpd (1.4.30-1) unstable; urgency=medium
* New upstream release
+ Fix integer overflow (CVE-2011-4362) (Closes: #652726)
+ Fix attack vector as disclosed by the SSL BEAST attack (related:
CVE-2011-3389). Note: If you are upgrading from an older version you need
to change your configuration to mitigate effects of the attack. See the
corresponding NEWS file for details.
+ Count SSL renegotiations to prevent client renegotiations
* Urgency set to medium due to security updates.
* Adapt to dpkg 1.16.1 API changes regarding build flags. This enables
hardening build flags. This means, lighttpd is now being built with
-fstack-protector and other security related build flags.
* Add dpkg-dev (>= 1.16.1~) to build-depends to make sure our buildflags are
properly supported. That's guaranteed for Testing, but might be helpful to
know for backporters.
* Fix "Doesn't remove /etc/lighttpd on purge" by removing dangling symlinks
/only/. This does not entirely fix the problem of the maintainer, but we can
not simply remove all files in /etc/lighttpd as other packages or the user
himself might have left configuration files back (Closes: #642494)
* Fix "please include systemd service file" Support systemd as alternative to
sysvinit, ship systemd and tempfiles.d configuration files. Thanks to
Michael Stapelberg for providing the required files (Closes: #652442)
-- Arno Töll <debian@toell.net> Tue, 20 Dec 2011 11:36:09 +0100
lighttpd (1.4.29-1) unstable; urgency=low
* New upstream release
* Fix "lighty-enable-mod should return non-zero on fail" Update script to
leave with appropriate exit status (Closes: #629638)
* Remove the following patches:
+ silence-errors.diff - applied upstream
+ patches/ssl-fix.patch - applied upstream
* Add `debian/source/options' to make dpkg-source ignore glitches done by
upstream's Makefile in `src/mod_ssi_exprparser.c' and `src/configparser.c'
* Run maintainer scripts with `set -e'
-- Arno Töll <debian@toell.net> Mon, 04 Jul 2011 17:30:11 +0200
lighttpd (1.4.28-5) unstable; urgency=low
* Build with sbuilder to avoid linking to non-existed packages.
-- Krzysztof Krzyżaniak (eloy) <eloy@debian.org> Tue, 26 Apr 2011 15:05:06 +0200
lighttpd (1.4.28-4) unstable; urgency=low
[ Krzysztof Krzyżaniak (eloy) ]
* Add Arno Töll to Uploaders
[ Arno Töll ]
* Fix "leaves dangling alternatives on upgrade" add preinst script which
removes the dangling symlink (Closes: #614716)
* Fix "/etc/lighttpd/conf-available/15-fastcgi-php.conf: fastcgi-php
file missing a required directive" add a dependency based recursive module
enable system in lighty-enable-mod (Closes: #600050)
* Fix "binNMU for openssl 1.0.0 broke SSL support" backport fix from upstream
to avoid name clashes between OpenSSL and Lighty's MD5 implementation
(Closes: #622733)
-- Arno Töll <debian@toell.net> Sat, 09 Apr 2011 13:22:45 -0400
lighttpd (1.4.28-3) unstable; urgency=low
[ Krzysztof Krzyżaniak (eloy) ]
* Updated debian/control and debian/copyright files
* fix for debhelper-overrides-need-versioned-build-depends (>= 7.0.50~)
* debian/compat: increased to 8
[ Olaf van der Spek]
* Don't fail install if server fails to start (closes: #383425)
* Fix index-file.names typo (closes: #609890)
-- Olaf van der Spek <olafvdspek@gmail.com> Mon, 03 Jan 2011 22:56:38 +0100
lighttpd (1.4.28-2) unstable; urgency=medium
[ Olaf van der Spek ]
* Use relative instead of absolute links for conf-enabled (closes: #541645)
* Fix /doc/ for IPv6 (closes: #512583)
[ Krzysztof Krzyżaniak (eloy) ]
* Added patch patches/silence-errors.diff (closes: #601177)
-- Krzysztof Krzyżaniak (eloy) <eloy@debian.org> Fri, 12 Nov 2010 12:08:48 +0100
lighttpd (1.4.28-1) unstable; urgency=low
[ Olaf van der Spek ]
* New upstream release (closes: 521235, 572031, 564556)
* Add check_syntax() from Ubuntu (closes: 589200)
-- Thijs Kinkhorst <thijs@debian.org> Mon, 30 Aug 2010 20:53:18 +0200
lighttpd (1.4.26-3) unstable; urgency=low
* Ack for NMU, fix for SSL incompatibility (closes: #572031)
-- Krzysztof Krzyżaniak (eloy) <eloy@debian.org> Thu, 03 Jun 2010 21:22:24 +0200
lighttpd (1.4.26-2) unstable; urgency=low
[ Krzysztof Krzyżaniak (eloy) ]
* Switch to dpkg-source 3.0 (quilt) format
* debian/control:
+ removed Franz Pletz from Uploaders, he's MIA (closes: #579366)
+ change dependency from libmysqlclient15-dev to more general
libmysqlclient-dev
[ Olaf van der Spek ]
* take conf dir as an optional parameter (closes: 489854)
* don't try to make /var/run/lighttpd when invoked with status
(closes: 538662)
* split FastCGI PHP conf from FastCGI conf (closes: 515699)
* reduce max-procs from 2 to 1 (closes: 456200)
* move debian doc handling into it's own file
* set default vhost dir to /srv/<host>/htdocs (closes: 471054)
* use delaycompress instead of copytruncate for logrotate (closes: 563626)
* don't wait for old process to stop before starting new one for reload
(closes: 504315)
* use reopen-logs for logrotate (closes: 504319)
* add no-www.conf (for use with evhost and simple-vhost, closes: 471055)
* move evhost conf into it's own file
-- Krzysztof Krzyżaniak (eloy) <eloy@debian.org> Tue, 01 Jun 2010 17:08:42 +0200
lighttpd (1.4.26-1) unstable; urgency=low
* New upstream release (closes: #568735)
* Use provided patch from Andres Rodriguez <andreserl@ubuntu.com>
to implement status action in init.d script (closes: #539955)
-- Krzysztof Krzyżaniak (eloy) <eloy@debian.org> Tue, 09 Feb 2010 18:02:13 +0100
lighttpd (1.4.25-2) unstable; urgency=low
* Change behaviour of use-ipv6.pl script (closes: #560837)
-- Krzysztof Krzyżaniak (eloy) <eloy@debian.org> Mon, 30 Nov 2009 14:23:03 +0100
lighttpd (1.4.25-1) unstable; urgency=low
* New upstream release (closes: #558045)
* debian/watch: updated
* debian/control: Section field changed to web
-- Krzysztof Krzyżaniak (eloy) <eloy@debian.org> Mon, 30 Nov 2009 14:03:15 +0100
lighttpd (1.4.24-1) unstable; urgency=low
* New upstream release (closes: #530892) (closes: #538135) (closes: #482601)
(closes: #541428)
* debian/control:
+ Standards-Version: 3.8.3
* debian/init.d renamed to debian/lighttpd.init
* Added $syslog to LSB header in init script (closes: #545576)
(Jeremy Lal <kapouer@melix.org>)
* debian/init.d: force-reload moved to reload section (closes: #538661)
(Peter Eisentraut <petere@debian.org>)
-- Krzysztof Krzyżaniak (eloy) <eloy@debian.org> Fri, 30 Oct 2009 17:37:29 +0100
lighttpd (1.4.23-3) unstable; urgency=low
* debian/rules: make sure that scripts have proper rights
(closes: #536668), (closes: #536681), (closes: #536688) (closes: #536668)
-- Krzysztof Krzyżaniak (eloy) <eloy@debian.org> Mon, 13 Jul 2009 11:17:09 +0200
lighttpd (1.4.23-2) unstable; urgency=low
* Add lighttpd.docs with README & NEWS file
* New upstream closes wishlist bugs (closes: #535065) (closes: #515777)
-- Krzysztof Krzyżaniak (eloy) <eloy@debian.org> Fri, 10 Jul 2009 11:11:15 +0200
lighttpd (1.4.23-1) unstable; urgency=low
* New upstream release
* spawn-fcgi is now separate package, recommends it debian/control
* Update Standards-Version to 3.8.2 without changes
* Remove cdbs, patchutils from Build-Depends, debian/rules uses
debhelper 7 scripts
* lighttpd.logrotate apply patch (closes: #535523)
from Ubuntu (Daniel Hahler, https://launchpad.net/bugs/393792)
-- Krzysztof Krzyżaniak (eloy) <eloy@debian.org> Thu, 09 Jul 2009 11:24:16 +0200
lighttpd (1.4.22-1) unstable; urgency=low
* New upstream release (closes: #520124) (closes: #516897) (closes: #441173)
* debian/control: Update to Standards-Version 3.8.1 (no changes so far),
debhelper dependency updated to 7, utfize my name, satisfy lintian
* Remove all patches, all fixed upstream but rewrite_redirect_decode_url
Do NOT use rewrite/redirect to protect specific urls.
-- Krzysztof Krzyżaniak (eloy) <eloy@debian.org> Wed, 18 Mar 2009 11:19:55 +0100
lighttpd (1.4.19-5) unstable; urgency=high
* Remove the alias.url stanza from 10-cgi.conf (Closes: #499334).
* Add patches for lighttpd security 2008-05 to 2008-07 (no CVE yet):
+ patches/lighttpd-1.4.x_request_header_memleak.patch
+ patches/lighttpd-1.4.x_rewrite_redirect_decode_url.patch
+ patches/lighttpd-1.4.x_userdir_lowercase.patch
* Urgency set to high for security fix.
-- Pierre Habouzit <madcoder@debian.org> Sat, 27 Sep 2008 12:00:47 +0200
lighttpd (1.4.19-4) unstable; urgency=high
* Make debian/use-ipv6.pl executable in debian/rules, thanks to Marco d'Itri
for finding about this inexcusable mistake.
-- Pierre Habouzit <madcoder@debian.org> Mon, 12 May 2008 17:12:28 +0200
lighttpd (1.4.19-3) unstable; urgency=medium
* Fix /var/cache/lighttpd/uploads permissions in postinst (Closes: 476870).
* Update patches/ssl-connection-errors.patch using upstream r2144, thanks to
upstream for noticing.
* cherokee and lighttpd both provide spawn-fcgi, fix that using alternatives
(Closes: 479501):
+ add spawn-fcgi.lighttpd.1 shamelessly stolen from cherokee packaging
(thanks Gunnar).
+ install spawn-fcgi as spawn-fcgi.lighttpd.
+ install master alternatives on spawn-fcgi.lighttpd and
spawn-fcgi.lighttd.1.
+ add Conflict against cherokee <= 0.6.1-1.
* Quote "dangerous" bits of conf-available/10-cgi.conf (Closes: 479276).
-- Pierre Habouzit <madcoder@debian.org> Tue, 06 May 2008 20:01:37 +0200
lighttpd (1.4.19-2) unstable; urgency=low
* Add patches/ssl-connection-errors.patch for CVE-2008-1531
(Closes: 475438).
* Test for /var/cache/lighttpd/compress in lighttpd.cron.daily to avoid
spurious errors for uninstalled and not purged lighttpd's
(Closes: 472175).
* Add handling of /var/cache/lighttpd/uploads (Closes: 408521):
+ add it in lighttpd.dirs.
+ add it as a server.upload-dirs in lighttpd.conf.
+ purge it daily in lighttpd.cron.daily.
* Fix typo in lighttpd.preinst causing failure to update 05-auth symlink
properly (Closes: 472119).
* init.d: stopping an already stopped lighttpd, or starting an already
running one should not fail (Closes: 472122).
* Use $HTTP["remoteip"] =~ "127.0.0.1" in configuration snipplets so that it
works when ipv6 is enabled by default too (Closes: 473510).
* Use perl to detect if the host has ipv6, and generate the server.use-ipv6
snipplet on the fly instead of forcing it to true (Closes: 473053).
-- Pierre Habouzit <madcoder@debian.org> Sun, 13 Apr 2008 13:20:40 +0200
lighttpd (1.4.19-1~bpo40+1) etch-backports; urgency=low
* Rebuild for etch-backports.
-- Pierre Habouzit <madcoder@debian.org> Thu, 20 Mar 2008 00:41:49 +0100
lighttpd (1.4.19-1) unstable; urgency=low
* New upstream release.
* debian/control:
+ add Build-Depends upon quilt, remove dpatch.
+ Bump Standards-Version to 3.7.3 (no changes required).
+ Move Homepage pseudo-headers as real headers.
* debian/patches:
+ migrate to quilt.
+ remove 05_fdevent_fix.patch (merged upstream).
+ remove 06_mod_cgi_vuln_fix.patch (merged upstream).
+ refresh the rest of the series.
* debian/lighty-enable-mod:
+ Reindent and remove trailing spaces.
+ don't fail to remove a module that is already removed.
Patch from Michal Čihař (Closes: 448682).
+ Allow full stops in module names (Closes: 462199).
* debian/lighttpd.conf:
+ enable ipv6 by default (Closes: 448054).
+ remove mod_status stanza, create conf-available/10-status.conf with it.
* debian/lighttpd.cron.daily: new file, cleanup compressed cache.
Thanks to Michal Čihař (Closes: 445224).
* be sure mod_auth is loaded first (Closes: 419176):
+ add debian/lighttpd.preinst to rename 10-auth.conf into 05-auth.conf
automagically (when it's a sane thing to do).
+ Document all that in NEWS.Debian.
+ debian/lighttpd.install: add 10-status.conf and 05-auth.conf.
* debian/lighttpd.postinst:
+ chmod'ing /var/cache/lighttpd recursively is useless and too long. Just
chmod the base directory, content is likely to be only created by
lighty anyways. (Closes: 468297).
* debian/init.d:
+ Add $remote_fs and $network (instead of networking) to
Required-{Start,Stop}.
+ Add fam to Should-{Start,Stop} (Closes: 461180).
* debian/lighttpd.links: add symlinks on lighty-* so that lighttpd-*
commands exists as well (Closes: 435131).
-- Pierre Habouzit <madcoder@debian.org> Sun, 16 Mar 2008 12:01:41 +0100
lighttpd (1.4.18-4) unstable; urgency=high
* The “I HATE DPATCH”-release.
* Add patches for real as dpatch-edit-patch is stupid enough for not doing
it by itself (Closes: 463368, 469307).
-- Pierre Habouzit <madcoder@debian.org> Tue, 11 Mar 2008 10:07:35 +0100
lighttpd (1.4.18-3) unstable; urgency=high
* Force use of deprecated ldap interfaces (Closes: 463368),
thanks to Dann Frazier (patches/ldap-deprecated.dpatch).
* Add sample configuration for the mod_rrdtool (Closes: 462907).
* add patches/06_mod_cgi_vuln_fix.dpatch to fix CVE-2008-1111
(Closes: 469307).
* Remove spurious mkdir in debian/rules (Closes: 448160).
* Bump urgency for RC bug fixes.
-- Pierre Habouzit <madcoder@debian.org> Sat, 08 Mar 2008 17:30:03 +0100
lighttpd (1.4.18-2) unstable; urgency=high
* Move the aliases on /doc/ and /images/ mandated by policy at the end to
circumvent #445459.
* Add patches/05_fdevent_fix.dpatch to fix possible remote DoS
(Closes: 466663).
* bump urgency for security fix.
-- Pierre Habouzit <madcoder@debian.org> Wed, 27 Feb 2008 16:56:16 +0100
lighttpd (1.4.18-1) unstable; urgency=low
* New upstream release, fixes CVE-2007-4727 (closes: #441787)
* lighttpd-angel is installed but not used yet
-- Krzysztof Krzyzaniak (eloy) <eloy@debian.org> Tue, 11 Sep 2007 12:45:11 +0200
lighttpd (1.4.17-1) unstable; urgency=low
* New upstream release
* patches/05_mysql_autoreconnect.dpatch - dropped, fixed in upstream
-- Krzysztof Krzyzaniak (eloy) <eloy@debian.org> Tue, 04 Sep 2007 12:19:01 +0200
lighttpd (1.4.16-5~bpo40+2) etch-backports; urgency=low
* Rebuild in an etch chroot *doh*.
-- Pierre Habouzit <madcoder@debian.org> Tue, 28 Aug 2007 11:37:38 +0200
lighttpd (1.4.16-5~bpo40+1) etch-backports; urgency=low
* Rebuild for Etch backports.
-- Pierre Habouzit <madcoder@debian.org> Fri, 24 Aug 2007 10:12:10 +0200
lighttpd (1.4.16-5) unstable; urgency=low
* debian/control: Drop conflict with gamin as it appears it was not the
issue. (Closes: #438058). For real this time.
-- Pierre Habouzit <madcoder@debian.org> Sun, 19 Aug 2007 12:22:32 +0200
lighttpd (1.4.16-4) unstable; urgency=low
* debian/control: Drop conflict with gamin as it appears it was not the
issue. (Closes: #438058).
* src/mod_mysql_vhost.c: Enable mysql auto-connect mode, as it's not default
in mysql 5.x anymore. (Closes: #428677).
-- Pierre Habouzit <madcoder@debian.org> Sat, 18 Aug 2007 10:27:22 +0200
lighttpd (1.4.16-3) unstable; urgency=high
* Urgency set to high due to RC bug fix.
* debian/lighttpd.logrotate: fix stupid typo (closes: #437341).
* debian/control: add Conflict against gamin, to avoid #437307.
-- Pierre Habouzit <madcoder@debian.org> Wed, 15 Aug 2007 09:46:48 +0200
lighttpd (1.4.16-2) unstable; urgency=low
* patches/04_ldap_build_filter_fix.dpatch: add patch from Peter Colberg to
fix first LDAP search that fails because of the filter being
uninitialized. (closes: #419661)
* Enable fam support (closes: #407820):
+ debian/rules: add --enable-fam configure flag.
+ debian/control: add libfam-dev to Build-Depends, and also wrap
build-dependencies to make diff more understandable.
* Enable support for kerberos (with openssl):
+ debian/rules; add --enable-kerberos5 configure flag.
+ debian/control: add libkrb5-dev to the Build-Depends.
* lighttpd.logrotate: redirect stderr to /dev/null as well to prevent
defunct processes (presumably due to full unread pipes/buffers)
(closes: #419992).
* debian/control: replace lighttpd dependency on perl with
libterm-readline-perl-perl as Readline.pm is needed for lighty-enable-mod
(closes: #435077).
* debian/control:
+ Add myself to uploaders (closes: #401575).
+ Drop Recommands on php5-cgi, there is absolutely no reason to have it,
or we would have to recommend ruby, python, lua, perl, .... and every
$language on earth to be fair. (closes: #435587).
* debian/conf-available/10-webdav.conf: add default configuration for webdav.
(closes: #406641).
* debian/conf-enabled: remove directory, it is already installed through
lighttpd.dirs.
* lighttpd.postinst, lighttpd.postrm, init.d: be sure there is a
/var/run/lighttpd owned by www-data:www-data, helpful to store locks and
things like that.
-- Pierre Habouzit <madcoder@debian.org> Fri, 03 Aug 2007 10:06:15 +0200
lighttpd (1.4.16-1) unstable; urgency=low
* New upstream release (closes: #434546)
* Acknowledge NMU by Pierre Habouzit for CVE-2007-2841 (closes: #428368)
* Added static-file.exclude-extensions section to lighttpd.conf (closes:
#408374)
* Fixed description of conf-available/10-fastcgi.conf (closes: #430469)
* Added mod_extforward to debian/lighttpd.install (closes: #434717)
* config.guess taken from upstream (closes: #419664)
* turn on compression (closes: #397514)
* debian/control: XS-Vcs-Svn header added
-- Krzysztof Krzyzaniak (eloy) <eloy@debian.org> Fri, 27 Jul 2007 10:32:51 +0200
lighttpd (1.4.15-1.1) unstable; urgency=low
* Non-maintainer upload.
* add patches/04_wrapping_headers_bugfix.dpatch to fix crash with wrapping
headers (Closes: 428368).
-- Pierre Habouzit <madcoder@debian.org> Fri, 20 Jul 2007 11:04:07 +0200
lighttpd (1.4.15-1) unstable; urgency=low
* New upstream release (closes: #419131)
* 01_mod_fastcgi_missing_cleanup.dpatch is now in upstream so it's removed
from patches
* 04_pidfile_bugfix.dpatch is now in upstream so it's removed from patches
-- Krzysztof Krzyzaniak (eloy) <eloy@debian.org> Fri, 06 Apr 2007 11:24:54 +0200
lighttpd (1.4.13-10) unstable; urgency=medium
* 03_ldap_leak_bugfix.dpatch added from yann@pleiades.fr.eu.org (Yann
Rouillard) (closes: #413917)
* Lowered priority of index.lighttpd.html (closes: #397492)
* We don't need now check md5 sum of index.html since we provide our own
index.lighttpd.html (closes: #407794)
* 04_pidfile_bugfix.dpatch by Chris Webb <chris@arachsys.com> added - some
fixes with graceful restart
-- Krzysztof Krzyzaniak (eloy) <eloy@debian.org> Thu, 8 Mar 2007 22:18:42 +0100
lighttpd (1.4.13-9) unstable; urgency=low
* debian/lighttpd.default - removed, it is not ready yet. We'll back after
etch release (closes: #406021)
* debian/index.html.md5 - fixed path to file (full path to index.html)
-- Krzysztof Krzyzaniak (eloy) <eloy@debian.org> Tue, 2 Jan 2007 14:24:42 +0100
lighttpd (1.4.13-8) unstable; urgency=medium
* Typo fixed in debian/lighttpd.postinst (closes: #405123)
-- Krzysztof Krzyzaniak (eloy) <eloy@debian.org> Tue, 2 Jan 2007 13:23:25 +0100
lighttpd (1.4.13-7) unstable; urgency=low
[ Franz Pletz ]
* debian/conf-available/10-cgi.conf:
+ match /cgi-bin/ only at the beginning of a path
+ convert match for host == localhost to remoteip == 127.0.0.1 like in
lighttpd.conf; due to bugs in mod_alias, the cgi-bin, doc and images
aliases didn't work anymore
* debian/lighttpd.logrotate
+ use reload instead of force-reload for graceful restart
(closes: #398169, #380080)
* added debian/patches/01_mod_fastcgi_missing_cleanup.dpatch
+ source: http://trac.lighttpd.net/trac/ticket/910
+ fixes memleak in mod_fastcgi (closes: #400167)
* added debian/patches/02_fastcgi_detach.dpatch
+ disconnect stderr/stdout from the terminal (closes: #368670)
+ point them either to errorlog or /dev/null
* debian/control: added myself to Uploaders
* Don't touch /var/www/index.html, create /var/www/index.lighttpd.html
instead (closes: #397492)
+ debian/lighttpd.postinst: copy to /var/www/index.lighttpd.html
+ debian/lighttpd.conf: add index.lighttpd.html as first index-filename
[ Krzysztof Krzyzaniak (eloy) ]
* Typo fixed in index.html (closes: #403620)
-- Franz Pletz <fpletz@franz-pletz.org> Fri, 8 Dec 2006 16:15:27 +0100
lighttpd (1.4.13-6) unstable; urgency=low
* debian/lighttpd.postinst: change only permission for /var/log/lighttpd/
-- Krzysztof Krzyzaniak (eloy) <eloy@debian.org> Mon, 4 Dec 2006 16:34:11 +0100
lighttpd (1.4.13-5) unstable; urgency=low
* debian/control:
+ perl added to dependencies (closes: #396629)
* debian/conf-available/10-fastcgi.conf:
+ /usr/bin/php4-cgi changed to /usr/bin/php-cgi (closes: #397142)
* debian/lighttpd.postinst: fix permission of /var/log/lighttpd
(closes: #398834)
* debian/lighty-enable-mod - fixed bug with undefined values (closes: #397493)
-- Krzysztof Krzyzaniak (eloy) <eloy@debian.org> Thu, 9 Nov 2006 12:18:25 +0100
lighttpd (1.4.13-4) unstable; urgency=low
* fixed config file for logrotote (reload action changed to force-reload)
-- Krzysztof Krzyzaniak (eloy) <eloy@debian.org> Thu, 26 Oct 2006 11:36:13 +0200
lighttpd (1.4.13-3) unstable; urgency=low
* debian/control: libxml2-dev added to Build-Depends (closes: #394882)
-- Krzysztof Krzyzaniak (eloy) <eloy@debian.org> Tue, 24 Oct 2006 13:31:27 +0200
lighttpd (1.4.13-2) unstable; urgency=medium
* Patch from Pierre Habouzit <madcoder@debian.org> to init.d applied
(closes: #380080)
* Patch from Adrian Friendli <adi@koalatux.ch> to lighttpd.conf applied
(closes: #392890)
-- Krzysztof Krzyzaniak (eloy) <eloy@debian.org> Mon, 16 Oct 2006 11:14:28 +0200
lighttpd (1.4.13-1) unstable; urgency=low
* New upstream release
* mod_webdav as separate lighttpd-mod-webdav package
* Compiled with --with-webdav-locks, added uuid-dev to Build-Depends
-- Krzysztof Krzyzaniak (eloy) <eloy@debian.org> Tue, 10 Oct 2006 10:26:54 +0200
lighttpd (1.4.13~r1385-1) unstable; urgency=low
* New upstream release
-- Krzysztof Krzyzaniak (eloy) <eloy@debian.org> Mon, 9 Oct 2006 10:28:32 +0200
lighttpd (1.4.13~r1370-1) unstable; urgency=low
* New upstream release (closes: #390877) (closes: #389911)
* Compiled with --with-attr param (closes: #389712)
* dropped 01-lua5.1.dpatch, issue fixed by upstream
-- Krzysztof Krzyzaniak (eloy) <eloy@debian.org> Thu, 5 Oct 2006 10:08:19 +0200
lighttpd (1.4.12-1) unstable; urgency=low
* New upstream release
* fixes in debian/lighttpd.install (closes: #377802)
* mod_cml is deprecated from now on and it will be removed in 1.5.0
mod_magnet provides the same functionality and more with a
cleaner syntax and in a more generic form
* added separate module for mod_magnet (closes: #389578)
* changed dependency from lua-5.0 to lua-5.1
* added patch patches/01-lua5.1.dpatch
* added pkg-config to Build-Depends
-- Krzysztof Krzyzaniak (eloy) <eloy@debian.org> Tue, 12 Sep 2006 19:17:41 +0200
lighttpd (1.4.12~20060907-1) unstable; urgency=low
* New upstream release
* Removed debian/patches/01_use_bin_sh.dpatch - fixed in upstream
-- Krzysztof Krzyzaniak (eloy) <eloy@debian.org> Thu, 7 Sep 2006 14:50:47 +0200
lighttpd (1.4.12~20060901-1) unstable; urgency=low
* New upstream release
* Removed debian/patches/02_ssl_fix.dpatch - it's now fixed in upstream
-- Krzysztof Krzyzaniak (eloy) <eloy@debian.org> Mon, 4 Sep 2006 11:07:42 +0200
lighttpd (1.4.11-8) UNRELEASED; urgency=low
* debian/lighttpd.dirs:
+ usr/lib/cgi-bin added
* debian/conf-available/10-cgi.conf
+ proper configuration for localhost as well (again Bug#345554)
* debian/lighttpd.conf:
+ server.bind commented out as in default configuration (closes: #380267)
* debian/patches/02_ssl_fix.dpatch - added fix for ssl connection with POST
request (http://trac.lighttpd.net/trac/ticket/607), thanks to
RISKO Gergely <risko@debian.org> (closes: #381455)
* debian/lighttpd.logrotate - some values changes (now rotate weekly
and keep 12 logfiles)
-- Krzysztof Krzyzaniak (eloy) <eloy@debian.org> Mon, 28 Aug 2006 13:06:25 +0200
lighttpd (1.4.11-7) unstable; urgency=low
* debian/create-mime.assign.pl - catchup error when /etc/mime.types is not
readable (closes: #375347)
-- Krzysztof Krzyzaniak (eloy) <eloy@debian.org> Tue, 27 Jun 2006 20:19:57 +0200
lighttpd (1.4.11-6) unstable; urgency=low
* debian/control:
- Recommends: Changed to alternative: php4-cgi | php5-cgi (closes: #368215)
* include-conf-enabled.pl script changed according to patch from
Tobias Gruetzmacher <tobias@portfolio16.de> (closes: #368352)
* debian/lighttpd.conf: removed global for local aliases (/images/, /doc/)
(closes: #366801)
-- Krzysztof Krzyzaniak (eloy) <eloy@debian.org> Tue, 23 May 2006 16:48:36 +0200
lighttpd (1.4.11-5) unstable; urgency=low
* debian/init.d:
- --oknodo added to section "stop" to close finally #35979
- --retry 30 added to section "reload", to prevents problems with
logrotating (closes: #366366)
* debian/control:
Standards-Version: increased to 3.7.2 without additional changes
-- Krzysztof Krzyzaniak (eloy) <eloy@debian.org> Wed, 10 May 2006 14:26:04 +0200
lighttpd (1.4.11-4) unstable; urgency=low
[ Krzysztof Krzyzaniak (eloy) ]
* debian/init.d:
- "exit 1" after failed actions removed (closes: #359792)
* debian/conf-available/10-fastcgi.conf updated (closes: #362827)
thanks to Joerg Rieger <a.mailinglists#lumrix.net>
[ Torsten Marek ]
* Change my email address to shlomme@debian.org
* Remove --background from the start action, since it
breaks the error checking of start-stop-daemon.
The behaviour described in #355865 is not reproducable
any more.
* make reload action in initscript more well-behaved
-- Torsten Marek <shlomme@debian.org> Sun, 9 Apr 2006 15:51:51 +0200
lighttpd (1.4.11-3) unstable; urgency=low
* debian/lighttpd.conf - added dir-listing.encoding = "utf-8", suggested
by Silvestre Zabala <silvestre(at)zabala.name> (closes: #359100)
* debian/lighttpd.install - fix bug with installing *.conf files
-- Krzysztof Krzyzaniak (eloy) <eloy@debian.org> Mon, 27 Mar 2006 09:50:55 +0200
lighttpd (1.4.11-2) unstable; urgency=low
* Provide debian/conf-available/10-ssl.conf, (closes: #355868)
-- Krzysztof Krzyzaniak (eloy) <eloy@debian.org> Fri, 24 Mar 2006 13:53:54 +0100
lighttpd (1.4.11-1) unstable; urgency=low
* New upstream release (closes: #356496)
* init.d script - added --background to "start" (thanks goes to
Marcello Nuccio <marcenuc@cicaia160.unimo.it>) (closes: #355865)
-- Krzysztof Krzyzaniak (eloy) <eloy@debian.org> Fri, 10 Mar 2006 09:51:10 +0100
lighttpd (1.4.10-6) unstable; urgency=low
* Patch from <tobias@portfolio16.de> on lighty-enable-mod
(closes: #355773)
-- Krzysztof Krzyzaniak (eloy) <eloy@debian.org> Wed, 8 Mar 2006 11:17:07 +0100
lighttpd (1.4.10-5) unstable; urgency=low
[ Krzysztof Krzyzaniak (eloy) ]
* debian/control - libmysqlclient14-dev have to be removede because is not
available in debian/sid
[ Torsten Marek ]
* debian/rules - build with support for LUA, libmemcache and GDBM
* debian/lighttpd.install - install mod_evasive into lighttpd package
* debian/control - own packages for mod_trigger_b4_dl and mod_cml
* debian/control - small fixes
* debian/conf-available/10-ssi.conf - comment out link to web documentation
-- Torsten Marek <shlomme@gmx.net> Mon, 6 Mar 2006 12:07:29 +0100
lighttpd (1.4.10-4) unstable; urgency=low
* bugfix release
* Fixed bug with 10-fastcgi.conf, (closes: #353964)
-- Krzysztof Krzyzaniak (eloy) <eloy@debian.org> Thu, 23 Feb 2006 16:14:42 +0100
lighttpd (1.4.10-3) unstable; urgency=low
* lighttpd.conf - changed configuration for /images/ & /doc/ handling
-- Krzysztof Krzyzaniak (eloy) <eloy@debian.org> Tue, 14 Feb 2006 09:57:15 +0100
lighttpd (1.4.10-2) unstable; urgency=low
* debian/control - libmysqlclient14-dev added as alternative (will be easier
for backports.org)
* lighty-enable-mod script fixed - files with dash were skipped, thanks
to Silvester Zabala for patch (closes: #352577)
* install doc/lighttpd.conf as example (closes: #344961)
-- Krzysztof Krzyzaniak (eloy) <eloy@debian.org> Mon, 13 Feb 2006 12:58:54 +0100
lighttpd (1.4.10-1) unstable; urgency=low
* New upstream release
-- Krzysztof Krzyzaniak (eloy) <eloy@debian.org> Wed, 8 Feb 2006 16:02:16 +0100
lighttpd (1.4.9-5) unstable; urgency=low
* Properly fixed bug with overwritting index.html (closes: #349676)
-- Krzysztof Krzyzaniak (eloy) <eloy@debian.org> Mon, 30 Jan 2006 10:17:57 +0100
lighttpd (1.4.9-4) unstable; urgency=low
[ Krzysztof Krzyzaniak (eloy) ]
* Fixed bug with 10-userdir.conf, (closes: #349821)
* index.html is not replaced when md5 string desn't match (closes: #349676)
-- Krzysztof Krzyzaniak (eloy) <eloy@debian.org> Wed, 25 Jan 2006 16:33:34 +0100
lighttpd (1.4.9-3) unstable; urgency=low
[ Torsten Marek ]
* Added some configuration examples from upstream sample
configuration
* Implement "reload" init.d action with graceful restart,
taken from http://trac.lighttpd.net/trac/ticket/267 (Closes: #346038)
* ssi, auth, fastcgi, proxy and simple-vhost are now in separte
config files
* Put path to plugin documentation into every config snippet
* Build against libmysqlclient15
-- Torsten Marek <shlomme@gmx.net> Sat, 21 Jan 2006 15:16:01 +0100
lighttpd (1.4.9-2) unstable; urgency=low
[ Krzysztof Krzyzaniak (eloy) ]
* mod_alias enabled by default - removed conf-avaiable/00-alias.conf
* Added handling of http://localhost/doc/ & http://localhost/images/
(closes: #348823)
-- Krzysztof Krzyzaniak (eloy) <eloy@debian.org> Thu, 19 Jan 2006 12:39:04 +0100
lighttpd (1.4.9-1) unstable; urgency=low
* New upstream release
* Closing bug from not uploaded release 1.4.8-5, (closes: #347737)
-- Krzysztof Krzyzaniak (eloy) <eloy@debian.org> Mon, 16 Jan 2006 20:06:39 +0100
lighttpd (1.4.8-5) unstable; urgency=low
* create /var/www directory (closes: #347737), default /var/www/index.html
added (based on apache2 index.html file).
-- Krzysztof Krzyzaniak (eloy) <eloy@debian.org> Thu, 12 Jan 2006 16:54:32 +0100
lighttpd (1.4.8-4) unstable; urgency=low
* fixed permissions and directories (closes: #347565)
-- Krzysztof Krzyzaniak (eloy) <eloy@debian.org> Wed, 11 Jan 2006 17:15:12 +0100
lighttpd (1.4.8-3) unstable; urgency=low
* New configuration layout (closes: #345554) (closes: #344959),
read /etc/lighttpd/conf-available/README
- conf-available directory for all templates
- conf-enabled directory for enabled modules
-- Krzysztof Krzyzaniak (eloy) <eloy@debian.org> Mon, 9 Jan 2006 13:49:34 +0100
lighttpd (1.4.8-2) unstable; urgency=low
[ Krzysztof Krzyzaniak (eloy) ]
* debian/control: lsb-base dependency narrowed to (>= 3.0-3)
* create-mime.assign.pl set as executable (closes: #344938)
-- Krzysztof Krzyzaniak (eloy) <eloy@debian.org> Wed, 28 Dec 2005 12:40:55 +0100
lighttpd (1.4.8-1) unstable; urgency=low
* New upstream version (closes: #304271)
* Does not rely on $SHELL to execute external commands
-- Torsten Marek <shlomme@gmx.net> Sat, 26 Nov 2005 11:48:51 +0100
lighttpd (1.4.7-1) unstable; urgency=low
* New upstream version, Initial debian version
* Better debian/rules file
* Split mysql vhost module into separate package
* Create separate package for documentation
* Create a better init script
-- Torsten Marek <shlomme@gmx.net> Sat, 5 Nov 2005 18:56:53 +0100