| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: lighttpd-mod_trigger_b4_dl | Distribution: SUSE LINUX 10.1 (i586) |
| Version: 1.4.10 | Vendor: SUSE LINUX Products GmbH, Nuernberg, Germany |
| Release: 11.23 | Build date: Sun Apr 27 11:16:58 2008 |
| Group: Productivity/Networking/Web/Servers | Build host: berlioz.suse.de |
| Size: 14621 | Source RPM: lighttpd-1.4.10-11.23.src.rpm |
| Packager: http://bugs.opensuse.org | |
| Url: http://www.lighttpd.net/ | |
| Summary: Another anti hot-linking module for Lighttpd | |
Anti Hotlinking:
* if user requests download-url directly the request is denied and
he is redirected to ''deny-url'
* if user visits trigger-url before requesting download-url access
is granted
* if user visits download-url again after trigger-timeout has run
down to the request is denied and he is redirected to deny-url
The storage for the trigger information is either stored locally in a
gdbm file or remotly in memcached.
Authors:
--------
Jan Kneschke <jan@kneschke.de>
BSD 3-Clause
internal MD5: 3307f461c1e58e5796751297112da99d
GPG
* Wed Apr 23 2008 - mrueckert@suse.de
- added lighttpd-1.4.x_ssl_dos.patch: (bnc#374761)
properly clear ssl errors before proceeding to the next connection
(CVE-2008-1531)
* Wed Mar 19 2008 - mrueckert@suse.de
- fix lighttpd-1.4.13_php5_sucks_and_breaks_testsuite.patch:
instead of changing the expected outpost. disable the test
as we have to handle multiple php versions and they differ
in the behavior.
* Tue Mar 11 2008 - mrueckert@suse.de
- added lighttpd-1.4.x_high_load_dos.patch: (bnc#364517)
lighttpd crashed when handling a large number of connections
(CVE-2008-0983)
- added lighttpd-1.4.x_mod_cgi_disclosure.patch: (bnc#366526)
do not send the source of the CGI script on fork failures
(CVE-2008-1111)
- added lighttpd-1.4.x_mod_userdir_disclosure.patch: (bnc#368962)
require to set userdir.path to avoid accidental disclosure of
informations. to get back the old behavior set userdir.path to
"". Our default config has not been affected. (CVE-2008-1270)
- added lighttpd-1.4.13_php5_sucks_and_breaks_testsuite.patch:
workaround the change in the php5-fastcgi API.
* Mon Sep 24 2007 - mrueckert@suse.de
- bugs fixed for (#307749)
- added lighttpd-1.4.x_etag_crash.patch:
fixed remote DOS when client sents an etag while the server has
etags disabled. (CVE-2007-5074)
- lighttpd-1.4.x_mixed_eol_crash.patch
fixed crash when cgi scripts send mixed lineendings.
(CVE-2007-5073)
- added lighttpd-1.4.x_mod_fastcgi_overrun.patch and
lighttpd-1.4.x_header_parsing.patch: (CVE-2007-4727)
- Lighttpd is prone to a header overflow when using the
mod_fastcgi extension, this can lead to arbitrary code
execution in the fastcgi application.
- block chars < 0x20
- properly compare keys in header fields
* Mon Jul 30 2007 - mrueckert@suse.de
- added lighttpd-1.4.x_ouf_fd_crash.patch: (#292050)
Do not crash if we run out of filehandles (CVE-2007-3948)
* Tue Jul 24 2007 - mrueckert@suse.de
- added lighttpd-1.4.x_duplicated_headers_with_folding_crash.patch:
fixes sa2007_03 (#292050) (CVE-2007-3947)
- added lighttpd-1.4.x_mod_access_bypass.patch
fixes sa2007_08 (#292050) (CVE-2007-3949)
- added lighttpd-1.4.x_mod_auth_sec.patch
fixes sa2007_04, sa2007_05, sa2007_06, sa2007_07 (#292050)
(CVE-2007-3946)
* Wed Feb 21 2007 - mrueckert@suse.de
- added lighttpd-1.4.x_zero_mtime_crash.patch: (#246945)
Don't crash with files with a mtime of 0. (CVE-2007-1870)
- fixed the default config: (#254820)
it broke when module configs used variables
* Tue Mar 07 2006 - mrueckert@suse.de
- added lightytest.sh
wrapper script around the test suite. so we properly cleanup the
php-fastcgi process.
* Mon Mar 06 2006 - mrueckert@suse.de
- added new splitted config (config.tar.bz2)
- added lighttpd-1.4.10_importantfixes.patch
+ typo in mod_cml documentation (doc/cml.txt)
+ added paragraph about using var. and env.
(doc/configuration.txt)
+ explain fastcgi.map-extensions (doc/fastcgi.txt)
+ include FAM_CFLAGS/SQLITE3_CFLAGS when needed (src/Makefile.am)
+ dont crash if using %0 reference in a !~ conditional (tln #557)
(src/configfile-glue.c)
+ handle additional request types/methods for webdav
this allows proxying mod_dav_svn through lighttpd.
(src/connections.c, src/keyvalue.c, src/keyvalue.h)
+ handle aliases correctly with force_lowercase_filenames
(src/mod_alias.c)
+ improved error message for errors in the authentication config
(src/mod_auth.c)
+ cgi module no longer resets physical path (mod_cgi.c)
+ close unused pipe-fds as soon as possible to generate a
SIGPIPE if the remote end dies. (src/mod_cgi.c)
+ only send REQUEST_URI and QUERY_STRING if they are set
(src/mod_cgi.c)
+ added host.load as status-variable (src/mod_fastcgi.c)
+ better handling for shrinking files
(src/network_linux_sendfile.c)
+ don't init a SERVER["socket"] if it is initialized already
(src/network.c)
+ fixed end of life memleaks (tln #524) (src/server.c)
+ removed umask(0);, let the old umask stay in place (tln #547)
+ test suite fixes (tests/mod-fastcgi.t, tests/request.t)
+ allow leading zeros in HTTP/01.01 (tln #542)
(tests/core.t, src/request.c)
+ fixed handling of subdirs in ssi (tln #462) (src/mod_ssi.c)
- start lighttpd with a minimal environment
- added update for the server.tag in the config file
* Mon Feb 20 2006 - mrueckert@suse.de
- split off mod_rrdtool
* Wed Feb 08 2006 - mrueckert@suse.de
- update to version 1.4.10
* added docs for mod_dirlisting
* added fastcgi.map-extensions to mod_fastcgi
* fixed load balancing for mod_fastcgi
* fixed extra newline for syslog() in mod_accesslog
* fixed user-track cookie for IE in mod_usertrack
* fixed crash in digest handling in mod_auth
* fixed handling of 301 response-bodies from a mod_proxy backend
* fixed loading of base modules if server.modules is not set
* fixed broken cgi if mod_scgi is loaded
- enabled test suite
- applied lighttpd-1.4.10_testsuite.patch
- limits the max request size to 2GB. otherwise it would be 2^63-1
on 64bit arches and one tests would fail.
* Wed Jan 25 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
* Tue Jan 24 2006 - mrueckert@suse.de
- splitted up all modules that pull in extra dependencies
lighttpd-mod_cml - lua, libmemcache
lighttpd-mod_mysql_vhost - mysql-shared
lighttpd-mod_trigger_b4_dl - libmemcache,gdbm
lighttpd-mod_webdav - libxml2, sqlite3
* Mon Jan 23 2006 - mrueckert@suse.de
- fix typo in the file section
* Sun Jan 15 2006 - mrueckert@suse.de
- update to version 1.4.9
* added server.core-files option (sandy)
* added docs for mod_status
* added mod_evasive to limit the number of connections by IP ()
* added the power-magnet to mod_cml
* added internal statistics to mod_fastcgi
* added server.statistics-url to get internal statistics
from mod_status
* added support for conditional range-requests through If-Range
* added static building via scons
* fixed 100% cpu loops in mod_cgi ("sandy" )
* fixed handling for secure-download.timeout
(jamis@37signals.com)
* fixed IE bug in content-charset in the output of
mod_dirlisting (sniper@php.net)
* fixed typos and language in the docs
(ryan-2005@ryandesign.com)
* fixed assertion in mod_cgi on HEAD request is Content-Length ()
* fixed handling if equal but duplicate If-Modified-Since request
headers
* fixed endless loops in mod_fastcgi if backend is dead
* fixed Depth: 1 handling in PROPFIND requests on empty dirs
* fixed encoding of UTF8 encoded dirlistings (Jani Taskinen )
* fixed initial bind to a unix-domain socket through server.bind
* fixed handling of lowercase filesystems
* fixed duplicate request headers cause by mod_setenv
- added lighttpd-1.4.9_mod_fastcgi_crash.patch
temporary fix a crash in the log message
* Wed Nov 23 2005 - mrueckert@suse.de
- update to version 1.4.8
* added auto-reconnect to ldap-server in mod_auth
* changed auth.ldap-cafile to be optional
* added strip_request_uri in mod_fastcgi
* added more X-* headers to mod_proxy
* added 'debug' to simple-vhost to suppress the messages by default
* added support to let the server listen on UNIX-socket
* changed default stat-cache-engine to 'simple'
* removed debian/ dir from source package on request by packager
* fixed max-age timestamps in mod_expire
* fixed encoding the filenames in PROPFIND in mod_webdav
* fixed range request handling in network_writev
* fixed retry on connect error in mod_fastcgi
* fixed possible crash in mod_webdav if sqlite3 support
is available but not use
* fixed fdvent-handler init if server.max-worker was used
* fixed missing cleanup in mysql_vhost
* fixed assert() in "connections.c:962:
connection_handle_read_state: Assertion 'c->mem->used' failed."
* fixed 64bit issue in md5
* fixed crash in mod_status
* fixed duplicate headers in mod_proxy
* fixed Content-Length in HEAD request in mod_proxy
* fixed unsigned/signed comparisions
* fixed streaming in mod_cgi
* fixed possible overflow in password-salt handling
* fixed server-traffic-limit if connection limit is not set
- reenabled FAM support. (using gamin)
* Tue Oct 11 2005 - mrueckert@suse.de
- update to version 1.4.6
* fixed compilation on MacOS X and cygwin
* fixed compressed output if caching was disabled (seen in IE and Opera)
* fixed range-request option
* fixed mysql-vhost module (was broken in 1.4.5)
* fixed false positive in the detection of case-insensitive FS
* Tue Oct 04 2005 - mrueckert@suse.de
- update to version 1.4.5
/etc/lighttpd/conf.d/trigger_b4_dl.conf /usr/lib/lighttpd/mod_trigger_b4_dl.so /usr/share/doc/packages/lighttpd-mod_trigger_b4_dl /usr/share/doc/packages/lighttpd-mod_trigger_b4_dl/trigger_b4_dl.txt
Generated by rpm2html 1.8.1
Fabrice Bellet, Fri Jul 25 03:23:20 2008