Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package lighttpd for openSUSE:Factory
checked in at 2021-10-25 15:17:26
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/lighttpd (Old)
and /work/SRC/openSUSE:Factory/.lighttpd.new.1890 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "lighttpd"
Mon Oct 25 15:17:26 2021 rev:47 rq:927197 version:1.4.60
Changes:
--------
--- /work/SRC/openSUSE:Factory/lighttpd/lighttpd.changes 2021-09-28
19:17:48.684274247 +0200
+++ /work/SRC/openSUSE:Factory/.lighttpd.new.1890/lighttpd.changes
2021-10-25 15:18:30.121715721 +0200
@@ -1,0 +2,28 @@
+Sun Oct 24 15:02:25 UTC 2021 - Andreas Stieger <andreas.stie...@gmx.de>
+
+- update to 1.4.60:
+ * HTTP/2 smoother and lower memory use (in general)
+ * HTTP/2 tuning to better handle aggressive client initial
+ requests
+ * reduce memory footprint; workaround poor glibc behavior;
+ jemalloc is better
+ * mod_magnet lua performance improvements
+ * mod_dirlisting performance improvements and new caching option
+ * memory constraints for extreme edge cases in mod_dirlisting,
+ mod_ssi, mod_webdav
+ * connect(), write(), read() time limits on backends (separate
+ from client timeouts)
+ * lighttpd restarts if large discontinuity in time occurs
+ (embedded systems)
+ * RFC7233 Range support for all non-streaming responses, not
+ only static files
+ * connect() to backend now has default 8 second timeout
+ (configurable)
+
+-------------------------------------------------------------------
+Tue Oct 5 09:16:55 UTC 2021 - Johannes Segitz <jseg...@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
+ * harden_lighttpd.service.patch
+
+-------------------------------------------------------------------
Old:
----
lighttpd-1.4.59.tar.xz
lighttpd-1.4.59.tar.xz.asc
New:
----
harden_lighttpd.service.patch
lighttpd-1.4.60.tar.xz
lighttpd-1.4.60.tar.xz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ lighttpd.spec ++++++
--- /var/tmp/diff_new_pack.YROetK/_old 2021-10-25 15:18:30.669716064 +0200
+++ /var/tmp/diff_new_pack.YROetK/_new 2021-10-25 15:18:30.673716066 +0200
@@ -26,7 +26,7 @@
%define _fillupdir %{_localstatedir}/adm/fillup-templates
%endif
Name: lighttpd
-Version: 1.4.59
+Version: 1.4.60
Release: 0
#
Summary: A Secure, Fast, Compliant, and Very Flexible Web Server
@@ -39,6 +39,7 @@
Source3: %{name}.keyring
Source4: lightytest.sh
Source7: lighttpd.logrotate
+Patch0: harden_lighttpd.service.patch
BuildRequires: FastCGI-devel
BuildRequires: cyrus-sasl-devel
BuildRequires: e2fsprogs-devel
@@ -275,6 +276,7 @@
%prep
%setup -q -n %{pkg_name}-%{pkg_version}
+%patch0 -p1
%build
export CFLAGS="%{optflags} -DLDAP_DEPRECATED -W -Wmissing-prototypes
-Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2
-Wbad-function-cast -std=gnu99 -fstack-protector"
++++++ harden_lighttpd.service.patch ++++++
Index: lighttpd-1.4.59/doc/systemd/lighttpd.service
===================================================================
--- lighttpd-1.4.59.orig/doc/systemd/lighttpd.service
+++ lighttpd-1.4.59/doc/systemd/lighttpd.service
@@ -3,6 +3,19 @@ Description=Lighttpd Daemon
After=network-online.target
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
Type=simple
PIDFile=/run/lighttpd.pid
ExecStartPre=/usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf
++++++ lighttpd-1.4.59.tar.xz -> lighttpd-1.4.60.tar.xz ++++++
++++ 60849 lines of diff (skipped)
