| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: lighttpd-mod_vhostdb_ldap | Distribution: openSUSE Tumbleweed |
| Version: 1.4.75 | Vendor: openSUSE |
| Release: 1.1 | Build date: Sat Mar 23 20:02:00 2024 |
| Group: Productivity/Networking/Web/Servers | Build host: reproducible |
| Size: 15215 | Source RPM: lighttpd-1.4.75-1.1.src.rpm |
| Packager: http://bugs.opensuse.org | |
| Url: https://www.lighttpd.net/ | |
| Summary: LDAP based virtual hosts module for Lighttpd | |
With LDAP based vhosting you can put the information where to look for the document-root of a given host into an LDAP database.
BSD-3-Clause
* Sat Mar 23 2024 Andreas Stieger <andreas.stieger@gmx.de>
- update to 1.4.75:
* incrementally stronger TLS cipher defaults
* fix a regression in mod_dirlisting in lighttpd 1.4.74
* add missing file src/compat/sys/queue.h to the release tarball
- packaging changes upon notes by the upstream developers:
* drop usage of lightytest.sh and PHP dependencies
* drop unneeeded build dependencies and build options
* drop non-default BZIP2 support
* update description of -mod_webdav
* Fri Mar 01 2024 Andreas Stieger <andreas.stieger@gmx.de>
- update to 1.4.74:
* Some messages sent to syslog() (if enabled in lighttpd config)
have been changed to use different priorities (e.g.
LOG_WARNING, LOG_DEBUG) instead of everything being sent with
LOG_ERROR priority. The change affects only lighttpd configs
which set server.errorlog-use-syslog = “enable” (not default)
* Other bug fixes
* Mon Feb 05 2024 Andreas Stieger <andreas.stieger@gmx.de>
- fix user/group with rpm 4.19 (boo#1219549)
* Tue Oct 31 2023 Andreas Stieger <andreas.stieger@gmx.de>
- update to 1.4.73:
* CVE-2023-44487: HTTP/2 detect and log rapid reset attack
(boo#1216123)
* Sat Oct 07 2023 Andreas Stieger <andreas.stieger@gmx.de>
- update to 1.4.72:
* a number of buf fixes and developer visible changes
* Sun May 28 2023 Andreas Stieger <andreas.stieger@gmx.de>
- update to 1.4.71:
* HTTP/2 support separated to mod_h2 module
* Fri May 12 2023 Andreas Stieger <andreas.stieger@gmx.de>
- update to 1.4.70:
* speed up CGI spawning
* support HTTP/2 downstream proxy serving multiple clients on
single connection (mod_extforward, mod_maxminddb)
* no longer building separate modules for built-in modules
lighttpd omits building separate (unused) modules for:
mod_access mod_alias mod_evhost mod_expire mod_fastcgi
mod_indexfile mod_redirect mod_rewrite mod_scgi mod_setenv
mod_simple_vhost mod_staticfile
* Sat Feb 11 2023 Andreas Stieger <andreas.stieger@gmx.de>
- update to 1.4.69:
* bug fixes and portability fixes
* Sat Jan 21 2023 Andreas Stieger <andreas.stieger@gmx.de>
- update to 1.4.68:
* TLS modules now default to using stronger, modern ciphers and
will default to allow client preference in selecting ciphers.
Allowing client preference in selecting ciphers is safe to do along
with restrictions to use modern ciphers supporting PFS, and is
better for mobile users without AES hardware acceleration.
Legacy ciphers can still be configured in lighttpd.conf using
`ssl.openssl.ssl-conf-cmd`, as long as the ciphers are supported by
the underlying TLS libraries. https://wiki.lighttpd.net/Docs_SSL
new defaults:
“CipherString” => “EECDH+AESGCM:AES256+EECDH:CHACHA20:SHA256:!SHA384”,
“Options” => “-ServerPreference”
old defaults:
“CipherString” => “HIGH”,
“Options” => “ServerPreference”
* Deprecated TLS options have been removed.
– ssl.honor-cipher-order
– ssl.dh-file
– ssl.ec-curve
– ssl.disable-client-renegotiation
– ssl.use-sslv2
– ssl.use-sslv3
See https://wiki.lighttpd.net/Docs_SSL for replacements with
`ssl.openssl.ssl-conf-cmd`, but prefer lighttpd defaults instead.
* Deprecated: mod_evasive has been removed
* Deprecated: mod_secdownload has been removed
* Deprecated: mod_uploadprogress has been removed
* Deprecated: mod_usertrack has been removed
These four modules can be replaced with a few lines of LUA.
* Wed Nov 16 2022 Andreas Stieger <andreas.stieger@gmx.de>
- package license file
* Tue Nov 15 2022 pgajdos@suse.com
- build with php8 on current releases
* Fri Sep 23 2022 Dirk Müller <dmueller@suse.com>
- update to 1.4.67:
* Update comment about TCP_INFO on OpenBSD
* [mod_ajp13] fix crash with bad response headers (fixes #3170)
* [core] handle RDHUP when collecting chunked body
CVE-2022-41556 boo#1203872
* [core] tweak streaming request body to backends
* [core] handle ENOSPC with pwritev() (#3171)
* [core] manually calculate off_t max (fixes #3171)
* [autoconf] force large file support (#3171)
* [multiple] quiet coverity warnings using casts
* [meson] add license keyword to project declaration
* Tue Sep 13 2022 Andreas Stieger <andreas.stieger@gmx.de>
- update to 1.4.66:
* a number of bug fixes
* Fix HTTP/2 downloads >= 4GiB
* Fix SIGUSR1 graceful restart with TLS
* futher bug fixes
* CVE-2022-37797: null pointer dereference in mod_wstunnel,
possibly a remotely triggerable crash (boo#1203358)
* In an upcoming release the TLS modules will default to using
stronger, modern chiphers and will default to allow client
preference in selecting ciphers.
“CipherString” => “EECDH+AESGCM:AES256+EECDH:CHACHA20:SHA256:!SHA384”,
“Options” => “-ServerPreference”
old defaults:
“CipherString” => “HIGH”,
“Options” => “ServerPreference”
* A number of TLS options are how deprecated and will be removed
in a future release:
– ssl.honor-cipher-order
– ssl.dh-file
– ssl.ec-curve
– ssl.disable-client-renegotiation
– ssl.use-sslv2
– ssl.use-sslv3
The replacement option is ssl.openssl.ssl-conf-cmd, but lighttpd
defaults should be prefered
* A number of modules are now deprecated and will be removed in a
future release: mod_evasive, mod_secdownload, mod_uploadprogress,
mod_usertrack can be replaced by mod_magnet and a few lines of lua.
* Tue Jun 21 2022 Dirk Müller <dmueller@suse.com>
- update to 1.4.65:
* WebSockets over HTTP/2
* RFC 8441 Bootstrapping WebSockets with HTTP/2
* HTTP/2 PRIORITY_UPDATE
* RFC 9218 Extensible Prioritization Scheme for HTTP
* prefix/suffix conditions in lighttpd.conf
* mod_webdav safe partial-PUT
* webdav.opts += (“partial-put-copy-modify” => “enable”)
* mod_accesslog option: accesslog.escaping = “json”
* mod_deflate libdeflate build option
* speed up request body uploads via HTTP/2
* Behavior Changes
* change default server.max-keep-alive-requests = 1000 to adjust
* to increasing HTTP/2 usage and to web2/web3 application usage
* (prior default was 100)
* mod_status HTML now includes HTTP/2 control stream id 0 in the output
* which contains aggregate counts for the HTTP/2 connection
* (These lines can be identified with URL ‘*’, part of “PRI *” preface)
* alternative: https://wiki.lighttpd.net/ModMagnetExamples#lua-mod_status
* MIME type application/javascript is translated to text/javascript (RFC 9239)
* Thu Feb 03 2022 Johannes Segitz <jsegitz@suse.com>
- Set ProtectHome to read-only, otherwise access to the users public_html can
break (bsc#1195465)
* Sat Jan 22 2022 Andreas Stieger <andreas.stieger@gmx.de>
- update to 1.4.64:
* CVE-2022-22707: off-by-one stack overflow in the mod_extforward
plugin (boo#1194376)
* graceful restart/shutdown timeout changed from 0 (disabled) to
8 seconds. configure an alternative with:
server.feature-flags += (“server.graceful-shutdown-timeout” => 8)
* deprecated modules (previously announced) have been removed:
mod_authn_mysql, mod_mysql_vhost, mod_cml, mod_flv_streaming,
mod_geoip, mod_trigger_b4_dl
* Sat Dec 04 2021 Andreas Stieger <andreas.stieger@gmx.de>
- update to 1.4.63:
* import xxHash v0.8.1
* fix reqpool mem corruption in 1.4.62
- includes changes in 1.4.62:
* [mod_alias] fix use-after-free bug
* many developer visible bug fixes
- build with pcre2 and without libev, as per upcoming deprecation
* Sun Nov 21 2021 Andreas Stieger <andreas.stieger@gmx.de>
- update to 1.4.61:
* mod_dirlisting: sort "../" to top
* fix HTTP/2 upload > 64k w/ max-request-size
* code level and developer visible bug fixes
* Sun Oct 24 2021 Andreas Stieger <andreas.stieger@gmx.de>
- update to 1.4.60:
* HTTP/2 smoother and lower memory use (in general)
* HTTP/2 tuning to better handle aggressive client initial
requests
* reduce memory footprint; workaround poor glibc behavior;
jemalloc is better
* mod_magnet lua performance improvements
* mod_dirlisting performance improvements and new caching option
* memory constraints for extreme edge cases in mod_dirlisting,
mod_ssi, mod_webdav
* connect(), write(), read() time limits on backends (separate
from client timeouts)
* lighttpd restarts if large discontinuity in time occurs
(embedded systems)
* RFC7233 Range support for all non-streaming responses, not
only static files
* connect() to backend now has default 8 second timeout
(configurable)
* Tue Oct 05 2021 Johannes Segitz <jsegitz@suse.com>
- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
* harden_lighttpd.service.patch
* Tue Sep 21 2021 Jan Engelhardt <jengelh@inai.de>
- Fix squatted descriptions.
* Sun Jul 18 2021 Andreas Stieger <andreas.stieger@gmx.de>
- update to 1.4.59:
* HTTP/2 enabled by default
* mod_deflate zstd suppport
* new mod_ajp13
/usr/lib/lighttpd/mod_vhostdb_ldap.so /usr/share/licenses/lighttpd-mod_vhostdb_ldap /usr/share/licenses/lighttpd-mod_vhostdb_ldap/COPYING
Generated by rpm2html 1.8.1
Fabrice Bellet, Fri Apr 12 23:39:01 2024