projects / buildroot.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 640c740)
Bump lighttpd to 1.4.26
authorGustavo Zacarias <gustavo@zacarias.com.ar>
Tue, 9 Feb 2010 14:30:06 +0000 (11:30 -0300)
committerPeter Korsgaard <jacmet@sunsite.dk>
Tue, 9 Feb 2010 15:23:52 +0000 (16:23 +0100)
Closes #1063.

lighttpd 1.4.26 fixes:

* Request parser handling for splitted header data
* FD leak in mod_cgi
* Segfault with broken configs in mod_rewrite/mod_redirect
* An OOM/DoS vulnerability (CVE-2010-0295)

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
CHANGES patch | blob | history
package/lighttpd/lighttpd.mk patch | blob | history

diff --git a/CHANGES b/CHANGES
index 6037b24e9028f2b495ebda3bf7e5aeb0cc2f8d1a..9f9aa015c6fa688d87fe503a47586c970b7e7222 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -50,6 +50,7 @@
        #1009: [SECURITY] Bump php to 5.2.12
        #1015: [SECURITY] Bump bind to 9.5.1-P2
        #1027: Busybox flash commands conflict with those from mtd-utils
+       #1063: [SECURITY] Update lighttpd to 1.4.26
 
 2009.11, Released December 1st, 2009:
 
diff --git a/package/lighttpd/lighttpd.mk b/package/lighttpd/lighttpd.mk
index 2326722e6040d8ea011b9310c424cfa67c289e57..b17f72c5f8723362d45f5c0c2b08dd519c443df5 100644 (file)
--- a/package/lighttpd/lighttpd.mk
+++ b/package/lighttpd/lighttpd.mk
@@ -4,10 +4,9 @@
 #
 #############################################################
 
-LIGHTTPD_VERSION = 1.4.25
+LIGHTTPD_VERSION = 1.4.26
 LIGHTTPD_SITE = http://download.lighttpd.net/lighttpd/releases-1.4.x
 LIGHTTPD_LIBTOOL_PATCH = NO
-LIGHTTPD_DEPENDENCIES =
 
 ifneq ($(BR2_LARGEFILE),y)
 LIGHTTPD_LFS:=$(DISABLE_LARGEFILE) --disable-lfs