File _patchinfo of Package patchinfo.255
<patchinfo>
<issue id="733607" tracker="bnc" />
<issue id="CVE-2011-4362" tracker="cve" />
<category>security</category>
<rating>moderate</rating>
<packager>darix</packager>
<description>- added lighttpd-1.4.30_head_fixes.patch:
cherry picked 4 fixes from HEAD:
- [ssl] include more headers explicitly
- list all network handlers in lighttpd -V (fixes lighttpd#2376)
- Move fdevent subsystem includes to implementation files to reduce
conflicts (fixes lighttpd#2373)
- [ssl] fix segfault in counting renegotiations for openssl
versions without TLSEXT/SNI
- update to 1.4.30: (bnc#733607)
- Always use our ‘own’ md5 implementation, fixes linking issues
on MacOS (fixes #2331)
- Limit amount of bytes we send in one go; fixes stalling in one
connection and timeouts on slow systems.
- [ssl] fix build errors when Elliptic-Curve Diffie-Hellman is
disabled
- Add static-file.disable-pathinfo option to prevent handling of
urls like …/secret.php/image.jpg as static file
- Don’t overwrite 401 (auth required) with 501 (unknown method)
(fixes #2341)
- Fix mod_status bug: always showed “0/0” in the “Read” column
for uploads (fixes #2351)
- [mod_auth] Fix signedness error in http_auth
(fixes #2370, CVE-2011-4362)
- [ssl] count renegotiations to prevent client renegotiations
- [ssl] add option to honor server cipher order
(fixes #2364, BEAST attack)
- [core] accept dots in ipv6 addresses in host header
(fixes #2359)
- [ssl] fix ssl connection aborts if files are larger than the
MAX_WRITE_LIMIT (256kb)
- [libev/cgi] fix waitpid ECHILD errors in cgi with libev
(fixes #2324)
- add automake as buildrequire to avoid implicit dependency
</description>
<summary>update for lighttpd</summary>
</patchinfo>
