- Tue Sep 30 2008 Vladimir V. Kamarzin <vvk@altlinux.org> 1.4.20-alt0.M41.1
- Rebuild for 4.1
- Tue Sep 30 2008 Vladimir V. Kamarzin <vvk@altlinux.org> 1.4.20-alt1
- 1.4.20 release
- Security fix: duplicate Request Headers Memory Leak Vulnerability
http://secunia.com/advisories/32069/ - Tue Sep 9 2008 Vladimir V. Kamarzin <vvk@altlinux.org> 1.4.19-alt6.svn.2299
- Updated to 2299 revision of 1.4.x branch
- Move spawn-fcgi to separate subpackage (thresh, vvk) - Wed Aug 27 2008 Vladimir V Kamarzin <vvk@altlinux.ru> 1.4.19-alt5.svn.2296
- Updated to 2296 revision of 1.4.x branch
- initscript: add restart() (Closes: #16417)
- logrotate-script: redirect output to /dev/null - Fri Apr 4 2008 Vladimir V Kamarzin <vvk@altlinux.ru> 1.4.19-alt4.svn.2142
- Updated to 2142 revision of 1.4.x branch
- Security fixes:
+ CVE-2008-1531 lighttpd OpenSSL Error Queue Denial of Service Vulnerability
- Enable memcache support - Fri Mar 14 2008 Vladimir V Kamarzin <vvk@altlinux.ru> 1.4.19-alt3
- Add logrotate script
- Initscript changes:
+ Check docdir existance and create it if it doesn't exist (Closes: #12725)
+ Introduce log_reopen() function for sending SIGHUP to daemon - needed for
log rotation - Tue Mar 11 2008 Vladimir V Kamarzin <vvk@altlinux.ru> 1.4.19-alt2
- There is an error in previous package version: real version was 1.4.18, not
1.4.19!
- This is real 1.4.19 release. Security fixes:
+ CVE-2008-0983: remote DoS
+ CVE-2008-1111: exposure of sensitive information (Fix sending source of cgi
script instead of 500 error if fork fails) - Tue Sep 11 2007 Vladimir V Kamarzin <vvk@altlinux.ru> 1.4.19-alt1
- Real version is 1.4.18 - there is error in package version!!!
- Security fix: CVE-2007-4727: FastCGI header overrun in mod_fastcgi - Tue Sep 4 2007 Vladimir V Kamarzin <vvk@altlinux.ru> 1.4.18-alt1.svn.1981
- Updated to 1981 revision of 1.4.x branch:
+ many bugs fixed (see HISTORY)
- Fixed ALT Security Policy violation (spooldir permissions) - Mon Jul 16 2007 Vladimir V Kamarzin <vvk@altlinux.ru> 1.4.15-alt2.svn.1881
- Updated to 1881 revision of 1.4.x branch
- Security fixes:
+ Remote crash on duplicate header keys with line-wrapping (fixes #1230)
+ Missing check for base64 encoded string in mod_auth and Basic
auth (reported by Stefan Esser)
+ Crash with md5-sess and cnonce not set in mod_auth (reported
by Stefan Esser)
+ Possible crash in Auth-Digest header parser on trailing WS in
mod_auth (reported by Stefan Esser)
+ mem-leak in mod_auth (reported by Stefan Esser)
+ URL Access restrictions bypass in mod_access
+ Local DOS with broken FastCGI applications - Mon Apr 16 2007 Vladimir V Kamarzin <vvk@altlinux.ru> 1.4.15-alt1
- Updated to 1.4.15 release
- Thu Apr 12 2007 Vladimir V Kamarzin <vvk@altlinux.ru> 1.4.13-alt3.1745
- Updated to 1745 revision of 1.4.x branch
- Added sis/sisx mime types (Closes: #11462) - Thu Apr 5 2007 Vladimir V Kamarzin <vvk@altlinux.ru> 1.4.13-alt2.1719
- Updated to 1719 revision of 1.4.x branch
+ Fix crash if gethostbyaddr() fails on redirect - Sat Mar 24 2007 Vladimir V Kamarzin <vvk@altlinux.ru> 1.4.13-alt2.1716
- Build without memcache
- Tue Mar 20 2007 Vladimir V Kamarzin <vvk@altlinux.ru> 1.4.13-alt1.1716
- Updated to 1716 revision of 1.4.x branch
- Thu Feb 8 2007 Vladimir V Kamarzin <vvk@altlinux.ru> 1.4.13-alt1.1607
- Updated to 1.4.x branch svn revision 1607
- Security fix:
+ Fix remote DOS in CRLF parsing (CVE-2007-1869)
+ Fix a crash for files with an mtime of 0 reported by cubiq on irc
(CVE-2007-1870)
- Integrate lighttpd-1.4.3-config.patch - Mon Jan 30 2006 LAKostis <lakostis at altlinux.org> 1.4.9-alt1
- 1.4.9;
- change fam support to gamin;
- pack ChangeLog and move it to -doc subpackage. - Sat Jan 7 2006 LAKostis <lakostis at altlinux.org> 1.4.8-alt1
- 1.4.8;
- fix #8431. - Sat Oct 29 2005 LAKostis <lakostis at altlinux.org> 1.4.6-alt1
- 1.4.6.
- fix config dir permissions.
- fix requires.
- add libfcgi-devel to BuildRequires.
- add lua,memcache,fam,ldap support.
- split out to many packages. - Sun Sep 11 2005 LAKostis <lakostis at altlinux.org> 1.4.3-alt1
- first build for ALTLinux Sisyphus.
- Thu Sep 30 2004 12:41 <jan@kneschke.de> 1.3.1
- upgraded to 1.3.1
- Tue Jun 29 2004 17:26 <jan@kneschke.de> 1.2.3
- rpmlint'ed the package
- added URL
- added (noreplace) to start-script
- change group to Networking/Daemon (like apache) - Sun Feb 23 2003 15:04 <jan@kneschke.de>
- initial version