Back to lighttpd PTS page

Accepted lighttpd 1.4.53-4+deb10u1 (source) into proposed-updates->stable-new, proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted lighttpd 1.4.53-4+deb10u1 (source) into proposed-updates->stable-new, proposed-updates
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Sat, 19 Sep 2020 10:17:09 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1kJZvZ-000Dwo-0D@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 18 Sep 2020 13:13:47 +0200
Source: lighttpd
Architecture: source
Version: 1.4.53-4+deb10u1
Distribution: buster
Urgency: high
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Helmut Grohne <helmut.grohne@intenta.de>
Closes: 929203 954759
Changes:
 lighttpd (1.4.53-4+deb10u1) buster; urgency=high
 .
   [ Glenn Strauss ]
   * QA upload.
   * backport security, bug, portability fixes from lighttpd 1.4.54, 1.4.55
     + mod_evhost, mod_flv_streaming:
       [regression] %0 pattern does not match hostnames without the domain part
       https://redmine.lighttpd.net/issues/2932
     + mod_magnet: Lighttpd crashes on wrong return type in lua script
       https://redmine.lighttpd.net/issues/2938
     + failed assertion on incoming bad request with server.error-handler
       https://redmine.lighttpd.net/issues/2941
     + mod_wstunnel: fix wstunnel.ping-interval for big-endian architectures
       https://redmine.lighttpd.net/issues/2944
     + fix abort in server.http-parseopts with url-path-2f-decode enabled
       https://redmine.lighttpd.net/issues/2945
     + remove repeated slashes in server.http-parseopts with url-path-dotseg-remove, including leading "//"
     + [regression][Bisected] lighttpd uses way more memory with POST since 1.4.52
       https://redmine.lighttpd.net/issues/2948 (closes: #954759)
     + OPTIONS should return 2xx status for non-existent resources if Allow is set
       https://redmine.lighttpd.net/issues/2939
     + use high precision stat timestamp (on systems where available) in etag
     + mod_authn_ldap/mod_cgi race condition, "Can't contact LDAP server"
       https://redmine.lighttpd.net/issues/2940
     + SUN_LEN in sock_addr.c (1.4.53, 1.4.54)
       https://redmine.lighttpd.net/issues/2962
     + Embedded vim command line in conf file with no comment (#) hangs server
       https://redmine.lighttpd.net/issues/2980
     + mod_authn_gssapi: 500 if fail to delegate creds
       https://redmine.lighttpd.net/issues/2967
     + mod_authn_gssapi: option to store delegated creds
       https://redmine.lighttpd.net/issues/2967
     + mod_auth: require digest uri= match original URI
       HTTP digest authentication not compatible with some clients
       https://redmine.lighttpd.net/issues/2974
     + mod_auth: send Authentication-Info nextnonce when nonce is approaching expiration
     + mod_auth: http_auth_const_time_memeq improvement
     + mod_auth: http_auth_const_time_memeq_pad()
     + mod_auth: use constant time comparison when comparing digests
     + stricter request header parsing: reject WS following header field-name
       https://redmine.lighttpd.net/issues/2985
     + stricter request header parsing: reject Transfer-Encoding + Content-Length
       https://redmine.lighttpd.net/issues/2985
     + mod_openssl: reject invalid ALPN
     + mod_accesslog: parse multiple cookies
       https://redmine.lighttpd.net/issues/2986
     + preserve %2b and %2B in query string
       https://redmine.lighttpd.net/issues/2999
     + mod_auth: close connection after bad password
       mitigation slows down brute force password attacks
       https://redmine.lighttpd.net/boards/3/topics/8885
     + do not accept() > server.max-connections
     + update /var/run -> /run for systemd (closes: #929203)
Checksums-Sha1:
 89cb8b82bcba3913a189b7757546ce8d15c6c6cb 3911 lighttpd_1.4.53-4+deb10u1.dsc
 cfce65d51d787eca51d12f56207b51bd81090e04 56736 lighttpd_1.4.53-4+deb10u1.debian.tar.xz
 220b85ac28b5448cbd8dc0947bd1b1ce75ca2d04 17824 lighttpd_1.4.53-4+deb10u1_amd64.buildinfo
Checksums-Sha256:
 1ac7dc7900eaa35674c5f355d4c7ac43cab8c9eb6a6c4126031d48d9099347f4 3911 lighttpd_1.4.53-4+deb10u1.dsc
 f50e493a48741de16afd64e1d72a15a860c80f8123dcadb23575a5a2726f4210 56736 lighttpd_1.4.53-4+deb10u1.debian.tar.xz
 55143d05dd26f9566f72eb79dc94bf7ef26642aabd434eae814ed24814adcb19 17824 lighttpd_1.4.53-4+deb10u1_amd64.buildinfo
Files:
 3d42c1c72cc79ddc3d2bf002ad202c32 3911 httpd optional lighttpd_1.4.53-4+deb10u1.dsc
 5425c9e9c260b4deb4eb98b187752ef2 56736 httpd optional lighttpd_1.4.53-4+deb10u1.debian.tar.xz
 af9d9c89c9a1c148eb367c9bbc8f650d 17824 httpd optional lighttpd_1.4.53-4+deb10u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEETMLS2QqNFlTb+HOqLRqqzyREREIFAl9kmiwACgkQLRqqzyRE
REIgyQ//QkmrE3xOztHQdVZyVWH3pihB1VC8skK9wZ3e52B267RmL7vw4voMlaZS
rqjwqTGMP6lhUSwpIkmvzMW+dTXT7l3wXyyRiKAhO7fVcWe69txC5yE6zsMYy3Qe
FYwUSaWdy8U4F/LHAm4rmyrxLW6E9SEMfZFVpV/0L66uXhDtEMPnm0MJdbUxgX3j
BOgPUrPtr2qgFslThqaT75iivUmP0DUontSTdSx2R5JME5tcxw5Mg1uV6l42GW5q
DNxXMg2K/vxRlEDPSqZyVRc45LnAKQVR+pzURR3QDk37VjGvyH5HRq8XGFEIoJvP
gS/ntjWTyZru41q1o9kg+VsRn7GDcdmvpbcwk6Ahz/SCV3V1uxfm95zP1zo33g7Z
ZmxYR0pdT18I3FEtsjeo4efn4jHJFlexk5rlqKAjYcM7LJdnQCBHvmjxEwXBNMcX
BHkq6oFsJNbdqNAF1o32SpwGgso+TaKuYC4DHZPGc2TYs2IWtFtaYR5M2uXd4UBp
6pJEtDz/aLEhnp+kFBh5SrSBGIeKxglODCmzMdvEonILckljNUJZh0HKbqWKB8fu
ps4GbMRJLMRVHJjC4QWq6kKj53hk+g3LZpOcqo+XxBDQHNiQ4+z4iOJbf4nBk5Rm
b4gh0aHXHzUuncIDjQGlnTbGNSPtsJo54SWixx3dPOUNUMUuHxk=
=LzUb
-----END PGP SIGNATURE-----