Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 191180 - www-servers/lighttpd-1.4.17 Version Bump
Summary: www-servers/lighttpd-1.4.17 Version Bump
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: High enhancement (vote)
Assignee: www-servers Herd (OBSOLETE)
URL: http://www.lighttpd.net/2007/8/29/1-4...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-09-03 20:45 UTC by Greg Fitzgerald
Modified: 2007-09-10 05:53 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Greg Fitzgerald 2007-09-03 20:45:23 UTC 
Changelog from the website.

    * added dir-listing.set-footer in mod_dirlisting (#1277)
    * added sending UID and PID for SIGTERM and SIGINT to the logs
    * fixed hardcoded font-sizes in mod_dirlisting (#1267)
    * fixed different ETag length on 32/64 platforms (#1279)
    * fixed compression of files < 128 bytes by disabling compression (#1241)
    * fixed mysql server reconnects (#518)
    * fixed disabled keep-alive for dynamic content with HTTP/1.0 (#1166)
    * fixed crash on mixed EOL sequences in mod_cgi
    * fixed key compare (#1287)
    * fixed invalid char in header values (#1286)
    * fixed invalid "304 Not Modified" on broken timestamps
    * fixed endless loop on shrinked files with sendfile() on BSD (#1289)
    * fixed counter overrun in ?auto in mod_status (#909)
    * fixed too aggresive caching of nested conditionals (#41)
    * fixed possible overflow in unix-socket path checks on BSD (#713)
    * fixed extra Content-Length header on 1xx, 204 and 304 (#1002)
    * fixed handling of duplicate If-Modified-Since to return 304
    * fixed extracting status code from NPH scripts (#1125)
    * fixed prctl() usage (#1310)
    * removed config-check if passwd files exist (#1188)
    * fixed crash when etags are disabled but the client sends one (#1322)
    * fixed crash when freeing the config in mod_alias
    * fixed server.error-handler-404 breakage from 1.4.16 (#1270)
    * fixed entering 404-handler from dynamic content (#948)
    * added more debug infos for FAM based stat-cache
    * use more LSB like paths in the sample config (#1242)

Reproducible: Always
Comment 1 Carlo Marcelo Arenas Belon 2007-09-10 03:26:48 UTC 
1.4.18 released already including a security vulnerability with mod_fastcgi :

  http://www.lighttpd.net/assets/2007/9/9/lighttpd_sa_2007_12.txt

the Changes on this version include as well :

*  fixed compile error on IRIX 6.5.x on prctl() (#1333)
* fixed forwarding a SIGINT and SIGHUP when using max-workers (#902)
* fixed FastCGI header overrun in mod_fastcgi (reported by mattias@secweb.se)
* fixed hanging redirects with keep-alive due to missing "Content-Length: 0" headers
* fixed crashing when using undefined environment variables in the config
* fixed compilation of mod_mysql_vhost on irix (#1341)
Comment 2 Thilo Bangert (RETIRED) (RETIRED) gentoo-dev 2007-09-10 05:53:22 UTC 
1.4.18 is in the tree...