Package: lighttpd / 1.4.28-2+squeeze1.7

Metadata

Package Version Patches format
lighttpd 1.4.28-2+squeeze1.7 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
silence errors.diff | (download)

src/connections.c | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 
 silence annoying "connection closed: poll() -> err" error.log message (fixes #2257)
Upstream bug report: http://redmine.lighttpd.net/issues/2257
fix CVE 2011 4362.patch | (download)

src/http_auth.c | 2 1 + 1 - 0 !
tests/mod-auth.t | 10 9 + 1 - 0 !
2 files changed, 10 insertions(+), 2 deletions(-)

 
---
ssl mitigate beast.patch | (download)

src/base.h | 1 1 + 0 - 0 !
src/configfile.c | 6 6 + 0 - 0 !
src/network.c | 5 5 + 0 - 0 !
3 files changed, 12 insertions(+)

 
---
debian changes 1.4.28 2 | (download)

src/configparser.c | 80 40 + 40 - 0 !
src/mod_ssi_exprparser.c | 38 19 + 19 - 0 !
2 files changed, 59 insertions(+), 59 deletions(-)

 
 upstream changes introduced in version 1.4.28-2
 This patch has been created by dpkg-source during the package build.
 Here's the last changelog entry, hopefully it gives details on why
 those changes were made:
 .
 lighttpd (1.4.28-2) unstable; urgency=medium
 .
   [ Olaf van der Spek ]
   * Use relative instead of absolute links for conf-enabled (closes: #541645)
   * Fix /doc/ for IPv6 (closes: #512583)
 .
   [ Krzysztof Krzyaniak (eloy) ]
ssl reneg.patch | (download)

src/base.h | 2 2 + 0 - 0 !
src/configfile.c | 6 6 + 0 - 0 !
src/connections.c | 7 7 + 0 - 0 !
src/network.c | 21 21 + 0 - 0 !
src/network_openssl.c | 18 16 + 2 - 0 !
5 files changed, 52 insertions(+), 2 deletions(-)

 
 disable ssl renegotiation.
 Mitigates the SSL renegotiation (CVE-2009-3555) attacks.
 Introduces a new configuration option: ssl.disable-client-renegotiation,
 default true. Upstream also included code to disable SSL compression
 in the same commit. This does not work on the openssl in squeeze but
 doesn't hurt.
ssl crime.patch | (download)

src/network.c | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 
 disable ssl compression.
 Mitigates the SSL CRIME (CVE-2012-4929) attacks.
 Upstream patch uses option only present in wheezy openssl, so
 this code is needed to actually disable compression in squeeze.
cve 2013 4508.patch | (download)

src/base.h | 6 5 + 1 - 0 !
src/configfile.c | 12 10 + 2 - 0 !
src/network.c | 219 172 + 47 - 0 !
src/server.c | 3 3 + 0 - 0 !
4 files changed, 190 insertions(+), 50 deletions(-)

 
---
cve 2013 4559.patch | (download)

src/server.c | 15 12 + 3 - 0 !
1 file changed, 12 insertions(+), 3 deletions(-)

 
---
cve 2013 4560.patch | (download)

src/stat_cache.c | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 
---
cve 2013 4508 regression bug729480.patch | (download)

src/network.c | 8 8 + 0 - 0 !
1 file changed, 8 insertions(+)

 
---
cve 2014 2323.patch | (download)

src/mod_mysql_vhost.c | 14 12 + 2 - 0 !
1 file changed, 12 insertions(+), 2 deletions(-)

 
 fix cve-2014-2323
cve 2014 2324.patch | (download)

src/request.c | 6 5 + 1 - 0 !
1 file changed, 5 insertions(+), 1 deletion(-)

 
 fix cve-2014-2324
CVE 2014 3566 Allow to disable SSLv3.patch | (download)

src/base.h | 2 2 + 0 - 0 !
src/configfile.c | 7 7 + 0 - 0 !
src/network.c | 9 9 + 0 - 0 !
3 files changed, 18 insertions(+)

 
 cve-2014-3566: allow to disable sslv3

Based on upstream patch

    http://git.lighttpd.net/lighttpd/lighttpd-1.x.git/commit/?id=f610f894a35b5ef0e082b9f3bd24fa338bb10147