pkgsrc-changes: CVS commit: [pkgsrc-2007Q2] pkgsrc/www/lighttpd

Subject: CVS commit: [pkgsrc-2007Q2] pkgsrc/www/lighttpd
To: None <pkgsrc-changes@NetBSD.org>
From: Geert Hendrickx <ghen@netbsd.org>
List: pkgsrc-changes
Date: 09/10/2007 20:13:32
Module Name:	pkgsrc
Committed By:	ghen
Date:		Mon Sep 10 20:13:32 UTC 2007

Modified Files:
	pkgsrc/www/lighttpd [pkgsrc-2007Q2]: DESCR Makefile PLIST distinfo
Added Files:
	pkgsrc/www/lighttpd/patches [pkgsrc-2007Q2]: patch-aa patch-ab patch-ac

Log Message:
Pullup ticket 2187 - requested by jlam
security update for lighttpd

- pkgsrc/www/lighttpd/DESCR				1.2
- pkgsrc/www/lighttpd/Makefile				1.16
- pkgsrc/www/lighttpd/PLIST				1.7
- pkgsrc/www/lighttpd/distinfo				1.11
- pkgsrc/www/lighttpd/patches/patch-aa			1.7
- pkgsrc/www/lighttpd/patches/patch-ab			1.4
- pkgsrc/www/lighttpd/patches/patch-ac			1.3

   Module Name:	pkgsrc
   Committed By:	jlam
   Date:		Mon Sep 10 13:59:51 UTC 2007

   Modified Files:
	   pkgsrc/www/lighttpd: DESCR Makefile PLIST distinfo
   Added Files:
	   pkgsrc/www/lighttpd/patches: patch-aa patch-ab patch-ac

   Log Message:
   Update www/lighttpd to 1.4.18.  Changes from 1.4.16 include:

     * fixed forwarding a SIGINT and SIGHUP when using max-workers (#902)
   --> fixed FastCGI header overrun in mod_fastcgi
     * fixed hanging redirects with keep-alive due to missing
       "Content-Length: 0" headers
     * fixed crashing when using undefined environment variables in the config
     * added dir-listing.set-footer in mod_dirlisting (#1277)
     * added sending UID and PID for SIGTERM and SIGINT to the logs
     * fixed compression of files < 128 bytes by disabling compression (#1241)
     * fixed mysql server reconnects (#518)
     * fixed disabled keep-alive for dynamic content with HTTP/1.0 (#1166)
     * fixed crash on mixed EOL sequences in mod_cgi
     * fixed key compare (#1287)
     * fixed invalid char in header values (#1286)
     * fixed invalid "304 Not Modified" on broken timestamps
   --> fixed endless loop on shrinked files with sendfile() on BSD (#1289)
   --> fixed counter overrun in ?auto in mod_status (#909)
     * fixed too aggresive caching of nested conditionals (#41)
   --> fixed possible overflow in unix-socket path checks on BSD (#713)
     * fixed extra Content-Length header on 1xx, 204 and 304 (#1002)
     * fixed handling of duplicate If-Modified-Since to return 304
     * fixed extracting status code from NPH scripts (#1125)
     * removed config-check if passwd files exist (#1188)
     * fixed crash when etags are disabled but the client sends one (#1322)
     * fixed crash when freeing the config in mod_alias
     * fixed server.error-handler-404 breakage from 1.4.16 (#1270)
     * fixed entering 404-handler from dynamic content (#948)
     * added more debug infos for FAM based stat-cache

   The highlighted changes are security vulnerabilities that are fixed in
   this release.


To generate a diff of this commit:
cvs rdiff -r1.1.1.1 -r1.1.1.1.16.1 pkgsrc/www/lighttpd/DESCR
cvs rdiff -r1.14.2.1 -r1.14.2.2 pkgsrc/www/lighttpd/Makefile
cvs rdiff -r1.6 -r1.6.2.1 pkgsrc/www/lighttpd/PLIST
cvs rdiff -r1.9.2.1 -r1.9.2.2 pkgsrc/www/lighttpd/distinfo
cvs rdiff -r0 -r1.6.2.1 pkgsrc/www/lighttpd/patches/patch-aa
cvs rdiff -r0 -r1.3.2.1 pkgsrc/www/lighttpd/patches/patch-ab
cvs rdiff -r0 -r1.2.2.1 pkgsrc/www/lighttpd/patches/patch-ac

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.