-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Tue, 20 Dec 2011 11:36:09 +0100 Source: lighttpd Binary: lighttpd lighttpd-doc lighttpd-mod-mysql-vhost lighttpd-mod-trigger-b4-dl lighttpd-mod-cml lighttpd-mod-magnet lighttpd-mod-webdav Architecture: source amd64 all Version: 1.4.30-1 Distribution: unstable Urgency: medium Maintainer: Debian lighttpd maintainers <pkg-lighttpd-maintainers@lists.alioth.debian.org> Changed-By: Arno Töll <debian@toell.net> Description: lighttpd - fast webserver with minimal memory footprint lighttpd-doc - documentation for lighttpd lighttpd-mod-cml - cache meta language module for lighttpd lighttpd-mod-magnet - control the request handling module for lighttpd lighttpd-mod-mysql-vhost - MySQL-based virtual host configuration for lighttpd lighttpd-mod-trigger-b4-dl - anti-deep-linking module for lighttpd lighttpd-mod-webdav - WebDAV module for lighttpd Closes: 642494 652442 652726 Changes: lighttpd (1.4.30-1) unstable; urgency=medium . * New upstream release + Fix integer overflow (CVE-2011-4362) (Closes: #652726) + Fix attack vector as disclosed by the SSL BEAST attack (related: CVE-2011-3389). Note: If you are upgrading from an older version you need to change your configuration to mitigate effects of the attack. See the corresponding NEWS file for details. + Count SSL renegotiations to prevent client renegotiations * Urgency set to medium due to security updates. * Adapt to dpkg 1.16.1 API changes regarding build flags. This enables hardening build flags. This means, lighttpd is now being built with -fstack-protector and other security related build flags. * Add dpkg-dev (>= 1.16.1~) to build-depends to make sure our buildflags are properly supported. That's guaranteed for Testing, but might be helpful to know for backporters. * Fix "Doesn't remove /etc/lighttpd on purge" by removing dangling symlinks /only/. This does not entirely fix the problem of the maintainer, but we can not simply remove all files in /etc/lighttpd as other packages or the user himself might have left configuration files back (Closes: #642494) * Fix "please include systemd service file" Support systemd as alternative to sysvinit, ship systemd and tempfiles.d configuration files. Thanks to Michael Stapelberg for providing the required files (Closes: #652442) Checksums-Sha1: 25e55ae7ab00195a6f5855f8b02a6bbc919b835a 2021 lighttpd_1.4.30-1.dsc 4a59c237fe62b06365aecb3ad4139b8593a21829 834241 lighttpd_1.4.30.orig.tar.gz 9c99522ac226e32eace526ed355ace702f929c12 26429 lighttpd_1.4.30-1.debian.tar.gz bcd077ec390a1845559a23b9b0447060ccd5067f 301500 lighttpd_1.4.30-1_amd64.deb e6eb2332ed524c052d807388cc903a6efcc3dd1d 63030 lighttpd-doc_1.4.30-1_all.deb 98c95277a9cd91dc669a07794b14035dc3a5d2d8 19014 lighttpd-mod-mysql-vhost_1.4.30-1_amd64.deb ea89364a5c1e4818a498b12613643ac104289af0 20686 lighttpd-mod-trigger-b4-dl_1.4.30-1_amd64.deb 48a946444101605cc5b6d6a123cfdf40407c162c 23872 lighttpd-mod-cml_1.4.30-1_amd64.deb 747c714113b658a34ffd1789d9b7494454d4aee2 25100 lighttpd-mod-magnet_1.4.30-1_amd64.deb ce0bb4d29bfed4a22b8259fa3cb77d05b46da6ee 31358 lighttpd-mod-webdav_1.4.30-1_amd64.deb Checksums-Sha256: d478233c041d95a065710addc72c9cec7f64280806fe9e374c31a2f32870df94 2021 lighttpd_1.4.30-1.dsc 59ae55b0ec427c328fa74d683e00eb1bc99bcc20cd184177875e9b6865de2b8b 834241 lighttpd_1.4.30.orig.tar.gz 099a6c3023a8b36e9fcf23b74c241a6a82c745e4fcc55342055f9afa04d2c0da 26429 lighttpd_1.4.30-1.debian.tar.gz cb28a965e8a1b05dd252d1f97944243207a8dde280889c7e9fd913673ae27ee9 301500 lighttpd_1.4.30-1_amd64.deb e48ebe6760b1ba9d3fc669da8f5f7ce6345a1737eb3e791de9964decfa7fcd69 63030 lighttpd-doc_1.4.30-1_all.deb d60dae9f7ebc0732cab30d058d49444e5c911539767979d07912483960066dd7 19014 lighttpd-mod-mysql-vhost_1.4.30-1_amd64.deb 7446458aa023c31dba3d1747de83a30984a39606998d06ee876bfa4d6bb47f00 20686 lighttpd-mod-trigger-b4-dl_1.4.30-1_amd64.deb 5599c32fc1f783f84fc68e4ba7451eee7787436ff6cedc8159fa784a23cbd334 23872 lighttpd-mod-cml_1.4.30-1_amd64.deb de04387a8b4810695e77bf337b92f71c913bc297b95260ae4c8e10370d176197 25100 lighttpd-mod-magnet_1.4.30-1_amd64.deb 88656c99fc37bd524c2053e2fbd7d6db0ce1e93f891fe4401e5683653a0788dd 31358 lighttpd-mod-webdav_1.4.30-1_amd64.deb Files: 025d6446ceb1f654f56fd33700482c8e 2021 httpd optional lighttpd_1.4.30-1.dsc 7f0bbb66a05099f634ea8f63af99cfed 834241 httpd optional lighttpd_1.4.30.orig.tar.gz cc484f3f504c6aaf3bf934e3553d6329 26429 httpd optional lighttpd_1.4.30-1.debian.tar.gz ce72c9d945b1876b7c84bb92c9f32ca7 301500 httpd optional lighttpd_1.4.30-1_amd64.deb 3dbd1826a4d630a2724c7794517a5df7 63030 doc optional lighttpd-doc_1.4.30-1_all.deb 6a21d70ad8343213f11f28228432e66c 19014 httpd optional lighttpd-mod-mysql-vhost_1.4.30-1_amd64.deb bf49a05a75e0568ad85179b74670d058 20686 httpd optional lighttpd-mod-trigger-b4-dl_1.4.30-1_amd64.deb f1d66686ab9c0f68c74e062ea09b9fe9 23872 httpd optional lighttpd-mod-cml_1.4.30-1_amd64.deb 96d31e3557a1b4bc23e129cb47f61957 25100 httpd optional lighttpd-mod-magnet_1.4.30-1_amd64.deb 0660ffdd2e1eb69fbb487b49c6ce8703 31358 httpd optional lighttpd-mod-webdav_1.4.30-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk7w7DAACgkQHYflSXNkfP8G2gCbBXoTM3KXS9puD/C+slFGPJi+ Q9EAoLSJ3fM/Q5fPr/NnFLpplX/s8f5J =W4o7 -----END PGP SIGNATURE----- Accepted: lighttpd-doc_1.4.30-1_all.deb to main/l/lighttpd/lighttpd-doc_1.4.30-1_all.deb lighttpd-mod-cml_1.4.30-1_amd64.deb to main/l/lighttpd/lighttpd-mod-cml_1.4.30-1_amd64.deb lighttpd-mod-magnet_1.4.30-1_amd64.deb to main/l/lighttpd/lighttpd-mod-magnet_1.4.30-1_amd64.deb lighttpd-mod-mysql-vhost_1.4.30-1_amd64.deb to main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.30-1_amd64.deb lighttpd-mod-trigger-b4-dl_1.4.30-1_amd64.deb to main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.30-1_amd64.deb lighttpd-mod-webdav_1.4.30-1_amd64.deb to main/l/lighttpd/lighttpd-mod-webdav_1.4.30-1_amd64.deb lighttpd_1.4.30-1.debian.tar.gz to main/l/lighttpd/lighttpd_1.4.30-1.debian.tar.gz lighttpd_1.4.30-1.dsc to main/l/lighttpd/lighttpd_1.4.30-1.dsc lighttpd_1.4.30-1_amd64.deb to main/l/lighttpd/lighttpd_1.4.30-1_amd64.deb lighttpd_1.4.30.orig.tar.gz to main/l/lighttpd/lighttpd_1.4.30.orig.tar.gz
