Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

lighttpd-1.4.10-11.23 RPM for i586

From SuSE Linux 10.1 updates for i386 / rpm / i586

Name: lighttpd Distribution: SUSE LINUX 10.1 (i586)
Version: 1.4.10 Vendor: SUSE LINUX Products GmbH, Nuernberg, Germany
Release: 11.23 Build date: Sun Apr 27 11:16:58 2008
Group: Productivity/Networking/Web/Servers Build host: berlioz.suse.de
Size: 761950 Source RPM: lighttpd-1.4.10-11.23.src.rpm
Packager: http://bugs.opensuse.org
Url: http://www.lighttpd.net/
Summary: Lighttpd a secure, fast, compliant and very flexible web-server
 
Lighttpd a secure, fast, compliant and very flexible web-server which
has been optimized for high-performance environments. It has a very low
memory footprint compared to other webservers and takes care of
cpu-load.  Its advanced feature-set (FastCGI, CGI, Auth,
Output-Compression, URL-Rewriting and many more) make lighttpd the
perfect webserver-software for every server that is suffering load
problems.



Authors:
--------
    Jan Kneschke <jan@kneschke.de>

Provides

Requires

Copyright

BSD 3-Clause

Signatures

internal MD5: 26ff16ddab8384617b0290bdf9754606

GPG

Changelog

* Wed Apr 23 2008 - mrueckert@suse.de
  - added lighttpd-1.4.x_ssl_dos.patch: (bnc#374761)
    properly clear ssl errors before proceeding to the next connection
    (CVE-2008-1531)
* Wed Mar 19 2008 - mrueckert@suse.de
  - fix lighttpd-1.4.13_php5_sucks_and_breaks_testsuite.patch:
    instead of changing the expected outpost. disable the test
    as we have to handle multiple php versions and they differ
    in the behavior.
* Tue Mar 11 2008 - mrueckert@suse.de
  - added lighttpd-1.4.x_high_load_dos.patch: (bnc#364517)
    lighttpd crashed when handling a large number of connections
    (CVE-2008-0983)
  - added lighttpd-1.4.x_mod_cgi_disclosure.patch: (bnc#366526)
    do not send the source of the CGI script on fork failures
    (CVE-2008-1111)
  - added lighttpd-1.4.x_mod_userdir_disclosure.patch: (bnc#368962)
    require to set userdir.path to avoid accidental disclosure of
    informations. to get back the old behavior set userdir.path to
    "". Our default config has not been affected.  (CVE-2008-1270)
  - added lighttpd-1.4.13_php5_sucks_and_breaks_testsuite.patch:
    workaround the change in the php5-fastcgi API.
* Mon Sep 24 2007 - mrueckert@suse.de
  - bugs fixed for (#307749)
    - added lighttpd-1.4.x_etag_crash.patch:
    fixed remote DOS when client sents an etag while the server has
    etags disabled. (CVE-2007-5074)
    - lighttpd-1.4.x_mixed_eol_crash.patch
    fixed crash when cgi scripts send mixed lineendings.
    (CVE-2007-5073)
    - added lighttpd-1.4.x_mod_fastcgi_overrun.patch and
    lighttpd-1.4.x_header_parsing.patch: (CVE-2007-4727)
      - Lighttpd is prone to a header overflow when using the
    mod_fastcgi extension, this can lead to arbitrary code
    execution in the fastcgi application.
      - block chars < 0x20
      - properly compare keys in header fields
* Mon Jul 30 2007 - mrueckert@suse.de
  - added lighttpd-1.4.x_ouf_fd_crash.patch: (#292050)
    Do not crash if we run out of filehandles (CVE-2007-3948)
* Tue Jul 24 2007 - mrueckert@suse.de
  - added lighttpd-1.4.x_duplicated_headers_with_folding_crash.patch:
    fixes sa2007_03 (#292050) (CVE-2007-3947)
  - added lighttpd-1.4.x_mod_access_bypass.patch
    fixes sa2007_08 (#292050) (CVE-2007-3949)
  - added lighttpd-1.4.x_mod_auth_sec.patch
    fixes sa2007_04, sa2007_05, sa2007_06, sa2007_07 (#292050)
    (CVE-2007-3946)
* Wed Feb 21 2007 - mrueckert@suse.de
  - added lighttpd-1.4.x_zero_mtime_crash.patch: (#246945)
    Don't crash with files with a mtime of 0. (CVE-2007-1870)
  - fixed the default config: (#254820)
    it broke when module configs used variables
* Tue Mar 07 2006 - mrueckert@suse.de
  - added lightytest.sh
    wrapper script around the test suite. so we properly cleanup the
    php-fastcgi process.
* Mon Mar 06 2006 - mrueckert@suse.de
  - added new splitted config (config.tar.bz2)
  - added lighttpd-1.4.10_importantfixes.patch
    + typo in mod_cml documentation (doc/cml.txt)
    + added paragraph about using var. and env.
    (doc/configuration.txt)
    + explain fastcgi.map-extensions (doc/fastcgi.txt)
    + include FAM_CFLAGS/SQLITE3_CFLAGS when needed (src/Makefile.am)
    + dont crash if using %0 reference in a !~ conditional (tln #557)
    (src/configfile-glue.c)
    + handle additional request types/methods for webdav
    this allows proxying mod_dav_svn through lighttpd.
    (src/connections.c, src/keyvalue.c, src/keyvalue.h)
    + handle aliases correctly with force_lowercase_filenames
    (src/mod_alias.c)
    + improved error message for errors in the authentication config
    (src/mod_auth.c)
    + cgi module no longer resets physical path (mod_cgi.c)
    + close unused pipe-fds as soon as possible to generate a
    SIGPIPE if the remote end dies. (src/mod_cgi.c)
    + only send REQUEST_URI and QUERY_STRING if they are set
    (src/mod_cgi.c)
    + added host.load as status-variable (src/mod_fastcgi.c)
    + better handling for shrinking files
    (src/network_linux_sendfile.c)
    + don't init a SERVER["socket"] if it is initialized already
    (src/network.c)
    + fixed end of life memleaks (tln #524) (src/server.c)
    + removed umask(0);, let the old umask stay in place (tln #547)
    + test suite fixes (tests/mod-fastcgi.t, tests/request.t)
    + allow leading zeros in HTTP/01.01 (tln #542)
    (tests/core.t, src/request.c)
    + fixed handling of subdirs in ssi (tln #462) (src/mod_ssi.c)
  - start lighttpd with a minimal environment
  - added update for the server.tag in the config file
* Mon Feb 20 2006 - mrueckert@suse.de
  - split off mod_rrdtool
* Wed Feb 08 2006 - mrueckert@suse.de
  - update to version 1.4.10
    * added docs for mod_dirlisting
    * added fastcgi.map-extensions to mod_fastcgi
    * fixed load balancing for mod_fastcgi
    * fixed extra newline for syslog() in mod_accesslog
    * fixed user-track cookie for IE in mod_usertrack
    * fixed crash in digest handling in mod_auth
    * fixed handling of 301 response-bodies from a mod_proxy backend
    * fixed loading of base modules if server.modules is not set
    * fixed broken cgi if mod_scgi is loaded
  - enabled test suite
  - applied lighttpd-1.4.10_testsuite.patch
   - limits the max request size to 2GB. otherwise it would be 2^63-1
    on 64bit arches and one tests would fail.
* Wed Jan 25 2006 - mls@suse.de
  - converted neededforbuild to BuildRequires
* Tue Jan 24 2006 - mrueckert@suse.de
  - splitted up all modules that pull in extra dependencies
    lighttpd-mod_cml - lua, libmemcache
    lighttpd-mod_mysql_vhost - mysql-shared
    lighttpd-mod_trigger_b4_dl - libmemcache,gdbm
    lighttpd-mod_webdav - libxml2, sqlite3
* Mon Jan 23 2006 - mrueckert@suse.de
  - fix typo in the file section
* Sun Jan 15 2006 - mrueckert@suse.de
  - update to version 1.4.9
    * added server.core-files option (sandy)
    * added docs for mod_status
    * added mod_evasive to limit the number of connections by IP ()
    * added the power-magnet to mod_cml
    * added internal statistics to mod_fastcgi
    * added server.statistics-url to get internal statistics
    from mod_status
    * added support for conditional range-requests through If-Range
    * added static building via scons
    * fixed 100% cpu loops in mod_cgi ("sandy" )
    * fixed handling for secure-download.timeout
    (jamis@37signals.com)
    * fixed IE bug in content-charset in the output of
    mod_dirlisting (sniper@php.net)
    * fixed typos and language in the docs
    (ryan-2005@ryandesign.com)
    * fixed assertion in mod_cgi on HEAD request is Content-Length ()
    * fixed handling if equal but duplicate If-Modified-Since request
    headers
    * fixed endless loops in mod_fastcgi if backend is dead
    * fixed Depth: 1 handling in PROPFIND requests on empty dirs
    * fixed encoding of UTF8 encoded dirlistings (Jani Taskinen )
    * fixed initial bind to a unix-domain socket through server.bind
    * fixed handling of lowercase filesystems
    * fixed duplicate request headers cause by mod_setenv
  - added lighttpd-1.4.9_mod_fastcgi_crash.patch
    temporary fix a crash in the log message
* Wed Nov 23 2005 - mrueckert@suse.de
  - update to version 1.4.8
    * added auto-reconnect to ldap-server in mod_auth
    * changed auth.ldap-cafile to be optional
    * added strip_request_uri in mod_fastcgi
    * added more X-* headers to mod_proxy
    * added 'debug' to simple-vhost to suppress the messages by default
    * added support to let the server listen on UNIX-socket
    * changed default stat-cache-engine to 'simple'
    * removed debian/ dir from source package on request by packager
    * fixed max-age timestamps in mod_expire
    * fixed encoding the filenames in PROPFIND in mod_webdav
    * fixed range request handling in network_writev
    * fixed retry on connect error in mod_fastcgi
    * fixed possible crash in mod_webdav if sqlite3 support
    is available but not use
    * fixed fdvent-handler init if server.max-worker was used
    * fixed missing cleanup in mysql_vhost
    * fixed assert() in "connections.c:962:
    connection_handle_read_state: Assertion 'c->mem->used' failed."
    * fixed 64bit issue in md5
    * fixed crash in mod_status
    * fixed duplicate headers in mod_proxy
    * fixed Content-Length in HEAD request in mod_proxy
    * fixed unsigned/signed comparisions
    * fixed streaming in mod_cgi
    * fixed possible overflow in password-salt handling
    * fixed server-traffic-limit if connection limit is not set
  - reenabled FAM support. (using gamin)
* Tue Oct 11 2005 - mrueckert@suse.de
  - update to version 1.4.6
    * fixed compilation on MacOS X and cygwin
    * fixed compressed output if caching was disabled (seen in IE and Opera)
    * fixed range-request option
    * fixed mysql-vhost module (was broken in 1.4.5)
    * fixed false positive in the detection of case-insensitive FS
* Tue Oct 04 2005 - mrueckert@suse.de
  - update to version 1.4.5

Files

/etc/init.d/lighttpd
/etc/lighttpd
/etc/lighttpd/conf.d
/etc/lighttpd/conf.d/access_log.conf
/etc/lighttpd/conf.d/auth.conf
/etc/lighttpd/conf.d/cgi.conf
/etc/lighttpd/conf.d/compress.conf
/etc/lighttpd/conf.d/debug.conf
/etc/lighttpd/conf.d/dirlisting.conf
/etc/lighttpd/conf.d/evhost.conf
/etc/lighttpd/conf.d/expire.conf
/etc/lighttpd/conf.d/fastcgi.conf
/etc/lighttpd/conf.d/mime.conf
/etc/lighttpd/conf.d/mod.template
/etc/lighttpd/conf.d/proxy.conf
/etc/lighttpd/conf.d/scgi.conf
/etc/lighttpd/conf.d/secdownload.conf
/etc/lighttpd/conf.d/simple_vhost.conf
/etc/lighttpd/conf.d/ssi.conf
/etc/lighttpd/conf.d/status.conf
/etc/lighttpd/conf.d/userdir.conf
/etc/lighttpd/lighttpd.conf
/etc/lighttpd/modules.conf
/etc/lighttpd/vhosts.d
/etc/lighttpd/vhosts.d/vhosts.template
/usr/lib/lighttpd
/usr/lib/lighttpd/mod_access.so
/usr/lib/lighttpd/mod_accesslog.so
/usr/lib/lighttpd/mod_alias.so
/usr/lib/lighttpd/mod_auth.so
/usr/lib/lighttpd/mod_cgi.so
/usr/lib/lighttpd/mod_compress.so
/usr/lib/lighttpd/mod_dirlisting.so
/usr/lib/lighttpd/mod_evasive.so
/usr/lib/lighttpd/mod_evhost.so
/usr/lib/lighttpd/mod_expire.so
/usr/lib/lighttpd/mod_fastcgi.so
/usr/lib/lighttpd/mod_indexfile.so
/usr/lib/lighttpd/mod_proxy.so
/usr/lib/lighttpd/mod_redirect.so
/usr/lib/lighttpd/mod_rewrite.so
/usr/lib/lighttpd/mod_scgi.so
/usr/lib/lighttpd/mod_secdownload.so
/usr/lib/lighttpd/mod_setenv.so
/usr/lib/lighttpd/mod_simple_vhost.so
/usr/lib/lighttpd/mod_ssi.so
/usr/lib/lighttpd/mod_staticfile.so
/usr/lib/lighttpd/mod_status.so
/usr/lib/lighttpd/mod_userdir.so
/usr/lib/lighttpd/mod_usertrack.so
/usr/sbin/lighttpd
/usr/sbin/rclighttpd
/usr/sbin/spawn-fcgi
/usr/share/doc/packages/lighttpd
/usr/share/doc/packages/lighttpd/AUTHORS
/usr/share/doc/packages/lighttpd/ChangeLog
/usr/share/doc/packages/lighttpd/NEWS
/usr/share/doc/packages/lighttpd/README
/usr/share/doc/packages/lighttpd/access.txt
/usr/share/doc/packages/lighttpd/accesslog.txt
/usr/share/doc/packages/lighttpd/alias.txt
/usr/share/doc/packages/lighttpd/authentication.txt
/usr/share/doc/packages/lighttpd/cgi.txt
/usr/share/doc/packages/lighttpd/compress.txt
/usr/share/doc/packages/lighttpd/configuration.txt
/usr/share/doc/packages/lighttpd/expire.txt
/usr/share/doc/packages/lighttpd/fastcgi-state.dot
/usr/share/doc/packages/lighttpd/fastcgi-state.txt
/usr/share/doc/packages/lighttpd/fastcgi.txt
/usr/share/doc/packages/lighttpd/features.txt
/usr/share/doc/packages/lighttpd/performance.txt
/usr/share/doc/packages/lighttpd/plugins.txt
/usr/share/doc/packages/lighttpd/proxy.txt
/usr/share/doc/packages/lighttpd/redirect.txt
/usr/share/doc/packages/lighttpd/rewrite.txt
/usr/share/doc/packages/lighttpd/scgi.txt
/usr/share/doc/packages/lighttpd/secdownload.txt
/usr/share/doc/packages/lighttpd/security.txt
/usr/share/doc/packages/lighttpd/setenv.txt
/usr/share/doc/packages/lighttpd/simple-vhost.txt
/usr/share/doc/packages/lighttpd/skeleton.txt
/usr/share/doc/packages/lighttpd/spawn-php.sh
/usr/share/doc/packages/lighttpd/ssi.txt
/usr/share/doc/packages/lighttpd/ssl.txt
/usr/share/doc/packages/lighttpd/state.dot
/usr/share/doc/packages/lighttpd/state.txt
/usr/share/doc/packages/lighttpd/status.txt
/usr/share/doc/packages/lighttpd/traffic-shaping.txt
/usr/share/doc/packages/lighttpd/userdir.txt
/usr/share/man/man1/lighttpd.1.gz
/usr/share/man/man1/spawn-fcgi.1.gz
/var/adm/fillup-templates/sysconfig.lighttpd
/var/cache/lighttpd
/var/cache/lighttpd/compress
/var/lib/lighttpd
/var/log/lighttpd

Generated by rpm2html 1.8.1

Fabrice Bellet, Fri Jul 25 03:23:20 2008