summaryrefslogtreecommitdiff
path: root/www/lighttpd/patches
AgeCommit message (Collapse)AuthorFilesLines
2008-04-25Fix a potential DOS when using SSL. Bump revision.joerg2-0/+91
2008-03-15lighttpd-1.4.19:joerg4-61/+0
Fix a DOS under high load and some information leaks.
2008-03-04add temporary patch fromkefren2-0/+25
http://trac.lighttpd.net/trac/attachment/ticket/1562/Fix-372-and-1562.patch in order to fix CVE-2008-0983. Bump PKGREVISION
2007-09-10Update www/lighttpd to 1.4.18. Changes from 1.4.16 include:jlam3-0/+48
* fixed forwarding a SIGINT and SIGHUP when using max-workers (#902) --> fixed FastCGI header overrun in mod_fastcgi * fixed hanging redirects with keep-alive due to missing "Content-Length: 0" headers * fixed crashing when using undefined environment variables in the config * added dir-listing.set-footer in mod_dirlisting (#1277) * added sending UID and PID for SIGTERM and SIGINT to the logs * fixed compression of files < 128 bytes by disabling compression (#1241) * fixed mysql server reconnects (#518) * fixed disabled keep-alive for dynamic content with HTTP/1.0 (#1166) * fixed crash on mixed EOL sequences in mod_cgi * fixed key compare (#1287) * fixed invalid char in header values (#1286) * fixed invalid "304 Not Modified" on broken timestamps --> fixed endless loop on shrinked files with sendfile() on BSD (#1289) --> fixed counter overrun in ?auto in mod_status (#909) * fixed too aggresive caching of nested conditionals (#41) --> fixed possible overflow in unix-socket path checks on BSD (#713) * fixed extra Content-Length header on 1xx, 204 and 304 (#1002) * fixed handling of duplicate If-Modified-Since to return 304 * fixed extracting status code from NPH scripts (#1125) * removed config-check if passwd files exist (#1188) * fixed crash when etags are disabled but the client sends one (#1322) * fixed crash when freeing the config in mod_alias * fixed server.error-handler-404 breakage from 1.4.16 (#1270) * fixed entering 404-handler from dynamic content (#948) * added more debug infos for FAM based stat-cache The highlighted changes are security vulnerabilities that are fixed in this release.
2007-04-19Update to lighttpd 1.4.15:joerg8-134/+0
Most important changes are: - fix a crash for files with an mtime of 0 - fix cpu hog in certain requests - added mod_extforward module - reduced default PATH_MAX to 255
2007-02-19Update to lighttpd-1.4.13.joerg7-3/+111
Changes in 1.4.13: * added initgroups in spawn-fcgi (#871) * added apr1 support htpasswd in mod-auth (#870) * added lighty.stat() to mod_magnet * fixed segfault in splitted CRLF CRLF sequences (introduced in 1.4.12) (#876) * fixed compilation of LOCK support in mod-webdav * fixed fragments in request-URLs (#869) * fixed pkg-config check for lua5.1 on debian * fixed Content-Length = 0 on HEAD requests without a known Content-Length (#119) * fixed mkdir() forcing 0700 (#884) * fixed writev() on FreeBSD 4.x and older (#875) * removed warning about a 404-error-handler returned 404 * backported and fixed the buildsystem changes for webdav locks * fixed plugin loading so we can finally load lua extensions in mod_magnet scripts * fixed large uploads if xattr is enabled Changes in 1.4.12: * added experimental LOCK support for webdav * added Content-Range support for PUT in webdav * added support for += on empty arrays in config-files * added ssl.cipher-list and ssl.use-sslv2 * added $HTTP["querystring"] conditional * added mod_magnet as long-term replacement for mod_cml * added work-around for a Opera Bug with SSL + Chunked-Encoding * changed --print-config to print to stdout instead of stderr * changed no longer use 0600 for new files with webdav. umask is honored. Make sure you have set a proper umask. * fixed upload hangs with SSL * fixed connection drops with SSL (aka bad retry) * fixed path traversal with \ on cygwin * fixed mem-leak in mod_flv_streaming * fixed required trailing newline in configfiles (#142) * fixed quoting the autoconf files (#466) * fixed empty Host: + $HTTP["host"] handling (#458) * fixed handling of If-Modified-Since if ETag is not set * fixed default-shell if SHELL is not set (#441) * fixed appending and assigning of env.* vars * fixed empty FCGI_STDERR packets * fixed conditional server.allow-http-11 * fixed handling of follow-symlink + lstat() * fixed SIGHUP handling if max-workers is used * fixed "Software caused connection abort" messages on FreeBSD In addition fix a nasty problem in LDAP auth when using with buggy commercial servers. Some threat an empty password as anonymous bind and would only fail on the first query, if that requires privileges. Patch will be included with 1.4.14.
2006-12-22Allow sendfile on DragonFly to be compiled in. Bump revision.joerg2-0/+26
Noticed by Peter Avalos.
2006-04-10Update lighttpd to 1.4.11.joerg1-12/+0
* added ability to specify which ip address spawn-fci listens on (agkr@pobox.com) * added mod_flv_streaming to streaming Flash Movies efficiently * fixed handling of error codes returned by mod_dav_svn behing a mod_proxy * fixed error-messages in mod_auth and mod_fastcgi * fixed re-enabling overloaded local fastcgi backends * fixed handling of deleted files in linux-sendfile * fixed compilation on BSD and MacOSX * fixed $SERVER["socket"] on a already bound socket * fixed local source retrieval on windows (secunia) * fixed hanging cgi if remote side is dieing while reading from the pipe (sandy@meebo.com)
2006-02-15Update lighttpd to 1.4.10.joerg1-0/+12
From NEWS: 1.4.10 - 2005-02-08 * added docs for mod_dirlisting * added fastcgi.map-extensions to mod_fastcgi * fixed load balancing for mod_fastcgi * fixed extra newline for syslog() in mod_accesslog * fixed user-track cookie for IE in mod_usertrack * fixed crash in digest handling in mod_auth * fixed handling of 301 response-bodies from a mod_proxy backend * fixed loading of base modules if server.modules is not set * fixed broken cgi if mod_scgi is loaded 1.4.9 - 2006-01-14 * added server.core-files option (sandy <sandy@meebo.com>) * added docs for mod_status * added mod_evasive to limit the number of connections by IP (<w1zzard@techpowerup.com>) * added the power-magnet to mod_cml * added internal statistics to mod_fastcgi * added server.statistics-url to get internal statistics from mod_status * added support for conditional range-requests through If-Range * added static building via scons * fixed 100% cpu loops in mod_cgi ("sandy" <sjen@cs.stanford.edu>) * fixed handling for secure-download.timeout (jamis@37signals.com) * fixed IE bug in content-charset in the output of mod_dirlisting (sniper@php.net) * fixed typos and language in the docs (ryan-2005@ryandesign.com) * fixed assertion in mod_cgi on HEAD request is Content-Length (<sandy@meebo.com>) * fixed handling if equal but duplicate If-Modified-Since request headers * fixed endless loops in mod_fastcgi if backend is dead * fixed Depth: 1 handling in PROPFIND requests on empty dirs * fixed encoding of UTF8 encoded dirlistings (Jani Taskinen <sniper@iki.fi>) * fixed initial bind to a unix-domain socket through server.bind * fixed handling of lowercase filesystems * fixed duplicate request headers cause by mod_setenv
2005-10-11Update lighttpd to 1.4.6. Take maintainership.joerg1-13/+0
Activate memcache option, now that devel/libmemcache is imported. From NEWS: - 1.4.6 - 2005-10-09 * fixed compilation on MacOS X and cygwin * fixed compressed output if caching was disabled (seen in IE and Opera) * fixed range-request option * fixed mysql-vhost module (was broken in 1.4.5) * fixed false positive in the detection of case-insensitive FS - 1.4.5 - 2005-10-02 * added all DeltaV methods as known methods * added buffer-to-disk of request content * added warning for unused variables in conditionals * added global index-generators to mod_indexfile * fixed caching for remote-ip conditionals with keep-alive * fixed redirects with content * fixed infinite loop in exec-cmd in mod_ssi * fixed segfault in config handling for mod_mysql_vhost * fixed segfault on FIFOs/Sockets * fixed possible crash on uninit memory if If-Modified-Since was too long * fixed accounting of mem-chunks * fixed starving of connections on high load * fixed crc errors in mod_compress on 64bit platforms * fixed handling of overlapping fastcgi packets (bug added in 1.4.4) * fixed logic of conditionals if a header was not set * fixed a segfault in mod_rewrite if %1 references were used * fixed handling of empty request URIs in HTTP requests - 1.4.4 - 2005-09-16 * added support for %V in mod_accesslog * added a option for a FastCGI responser to send static files * added md5 and blowfish hashes to htpasswd * fixed METHOD in mod_accesslog of WebDAV methods * fixed check for permission before files in sent * fixed mod-proxy and content for non-POST requests * fixed compilation of mod_cml on MacOS X * fixed SSL errmsg after accept() * fixed memleak in stat-cache * fixed aborted connections if file was moved while in transfer * fixed mem-usage for large FastCGI transfers
2005-09-04Initial import of lighttpd-1.4.3 as www/lighttpd.jlam1-0/+13
LightTPD is a secure, fast, compliant, and very flexible web-server which designed and optimized for for high-performance environments. With a small memory footprint compared to other webservers, effective management of the CPU load, and advanced feature set (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more), LightTPD is the perfect solution for every server that is suffering load problems. This is loosely based on the lighttpd package from pkgsrc-wip by Piotr Stolc <socrtp@soclab.eu.org>.
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-16 14:07:39 +0000