Your message dated Sat, 26 Sep 2020 11:36:30 +0100 with message-id <d50ba4de424290cd2840a09ef19950156fcf51ab.camel@adam-barratt.org.uk> and subject line Closing bugs for fixes included in 10.6 point release has caused the Debian Bug report #961843, regarding buster-pu: package lighttpd/1.4.53-4 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 961843: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961843 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: buster-pu: package lighttpd/1.4.53-4
- From: Glenn Strauss <gs-debian.org@gluelogic.com>
- Date: Sat, 30 May 2020 04:44:34 -0400
- Message-id: <159082827432.14389.1554897736402054732.reportbug@buster-alpha.gluelogic.com>
Package: release.debian.org Severity: normal Tags: buster User: release.debian.org@packages.debian.org Usertags: pu Dear Maintainer, Greetings! I am an upstream maintainer of lighttpd. Please accept this backport of important patches from lighttpd 1.4.54 (released 2019.05.27) lighttpd 1.4.55 (released 2020.01.31) The patches to backport have been hand-selected from the release available in buster-backports lighttpd 1.4.55-1~bpo10+1 since 2020.03.06 These patches fix important bugs from upstream lighttpd issue tracker https://redmine.lighttpd.net/issues (direct links below) including a couple in the Debian Bug Tracker https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954759 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929203 >From the debian/changelog: * backport security, bug, portability fixes from lighttpd 1.4.54, 1.4.55 + mod_evhost, mod_flv_streaming: [regression] %0 pattern does not match hostnames without the domain part https://redmine.lighttpd.net/issues/2932 + mod_magnet: Lighttpd crashes on wrong return type in lua script https://redmine.lighttpd.net/issues/2938 + failed assertion on incoming bad request with server.error-handler https://redmine.lighttpd.net/issues/2941 + mod_wstunnel: fix wstunnel.ping-interval for big-endian architectures https://redmine.lighttpd.net/issues/2944 + fix abort in server.http-parseopts with url-path-2f-decode enabled https://redmine.lighttpd.net/issues/2945 + remove repeated slashes in server.http-parseopts with url-path-dotseg-remove, including leading "//" + [regression][Bisected] lighttpd uses way more memory with POST since 1.4.52 https://redmine.lighttpd.net/issues/2948 (closes: #954759) + OPTIONS should return 2xx status for non-existent resources if Allow is set https://redmine.lighttpd.net/issues/2939 + use high precision stat timestamp (on systems where available) in etag + mod_authn_ldap/mod_cgi race condition, "Can't contact LDAP server" https://redmine.lighttpd.net/issues/2940 + SUN_LEN in sock_addr.c (1.4.53, 1.4.54) https://redmine.lighttpd.net/issues/2962 + Embedded vim command line in conf file with no comment (#) hangs server https://redmine.lighttpd.net/issues/2980 + mod_authn_gssapi: 500 if fail to delegate creds https://redmine.lighttpd.net/issues/2967 + mod_authn_gssapi: option to store delegated creds https://redmine.lighttpd.net/issues/2967 + mod_auth: require digest uri= match original URI HTTP digest authentication not compatible with some clients https://redmine.lighttpd.net/issues/2974 + mod_auth: send Authentication-Info nextnonce when nonce is approaching expiration + mod_auth: http_auth_const_time_memeq improvement + mod_auth: http_auth_const_time_memeq_pad() + mod_auth: use constant time comparison when comparing digests + stricter request header parsing: reject WS following header field-name https://redmine.lighttpd.net/issues/2985 + stricter request header parsing: reject Transfer-Encoding + Content-Length https://redmine.lighttpd.net/issues/2985 + mod_openssl: reject invalid ALPN + mod_accesslog: parse multiple cookies https://redmine.lighttpd.net/issues/2986 + preserve %2b and %2B in query string https://redmine.lighttpd.net/issues/2999 + mod_auth: close connection after bad password mitigation slows down brute force password attacks https://redmine.lighttpd.net/boards/3/topics/8885 + do not accept() > server.max-connections + update /var/run -> /run for systemd (closes: #929203) debdiff attached. I think it may be easier to review the contents of the files in debian/patches to see that the patches are generally small. Please advise how best to proceed. Thank you! Glenn -- System Information: Debian Release: 10.4 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-9-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabledAttachment: lighttpd-1.4.53-4+deb10u1.diff.xz
Description: application/xz
--- End Message ---
--- Begin Message ---
- To: 947464-done@bugs.debian.org, 949826-done@bugs.debian.org, 953614-done@bugs.debian.org, 961843-done@bugs.debian.org, 965334-done@bugs.debian.org, 967995-done@bugs.debian.org, 967996-done@bugs.debian.org, 968037-done@bugs.debian.org, 968296-done@bugs.debian.org, 968502-done@bugs.debian.org, 968515-done@bugs.debian.org, 968548-done@bugs.debian.org, 968723-done@bugs.debian.org, 968846-done@bugs.debian.org, 969066-done@bugs.debian.org, 969163-done@bugs.debian.org, 969172-done@bugs.debian.org, 969190-done@bugs.debian.org, 969272-done@bugs.debian.org, 969348-done@bugs.debian.org, 969349-done@bugs.debian.org, 969366-done@bugs.debian.org, 969369-done@bugs.debian.org, 969706-done@bugs.debian.org, 969912-done@bugs.debian.org, 970096-done@bugs.debian.org, 970098-done@bugs.debian.org, 970132-done@bugs.debian.org, 970239-done@bugs.debian.org, 970241-done@bugs.debian.org, 970296-done@bugs.debian.org, 970307-done@bugs.debian.org, 970311-done@bugs.debian.org, 970349-done@bugs.debian.org, 970387-done@bugs.debian.org, 970424-done@bugs.debian.org, 970427-done@bugs.debian.org, 970549-done@bugs.debian.org, 970563-done@bugs.debian.org, 970564-done@bugs.debian.org, 970569-done@bugs.debian.org, 970583-done@bugs.debian.org, 970584-done@bugs.debian.org
- Subject: Closing bugs for fixes included in 10.6 point release
- From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Date: Sat, 26 Sep 2020 11:36:30 +0100
- Message-id: <d50ba4de424290cd2840a09ef19950156fcf51ab.camel@adam-barratt.org.uk>
Package: release.debian.org Version: 10.6 Hi, Each of these bugs relates to an update that was included in today's stable point release. Regards, Adam
--- End Message ---