File: NEWS

package info (click to toggle)
mini-httpd 1.30-13
  • links: PTS, VCS
  • area: main
  • in suites: trixie
  • size: 1,564 kB
  • sloc: ansic: 3,634; sh: 156; makefile: 109
file content (13 lines) | stat: -rw-r--r-- 943 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
 
mini-httpd (1.30-10) unstable; urgency=medium

    The updated systemd service file introduces hardening features which aim
    to increase security but might require minor tweaking to existing setups.
    For example, the ProtectSystem=full directive mounts the /usr/, /etc/ and
    the boot loader directories (/boot and /efi) read-only for processes invoked    by this unit. Thus, CGI scripts that rely on writing to those directories
    will fail to do so.
    Subprocesses will no longer be able to read kernel logs, change the system
    clock, change the hostname or load kernel modules. A HTTP server should not     perform these actions anyway, so we keep these hardening options enabled.
    For full documentation on systemd's hardening options please reference:
    https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html
  
 -- Alexandru Mihail <alexandru.mihail2897@gmail.com>  Sun, 14 Apr 2024 15:12:29 +0300