tobias.jakobi.compleo added more details in
https://redmine.lighttpd.net/issues/3244
The issue appears to be lighttpd being built with 64-bit time_t, but the
underlying openssl library being built with 32-bit time_t *and* exposing
an API interface using time_t.
The result is that lighttpd might
> I have noticed something odd though. I created a directory which when
> served by lighttpd in Firefox looks like:
>
> Index of /test/
> ../ - Directory
> This is just a test.mkv/ 2024-Mar-03 13:22:24583.7M video/x-matroska
> This is just a test.txt/
Hi Erik. Please provide more details.
lighttpd config can be printed with
lighttpd -f /etc/lighttpd/lighttpd.conf -p
Including only the literal contents of lighttpd.conf in your bug report
is less useful than the full config.
For more details, please see "How to get support - please read"
On Tue, Feb 27, 2024 at 08:47:22AM +0100, Alexandre Detiste wrote:
> 9e6532694efb91a5da9d39acee0c9a6ce43eb180
>
> Hi,
>
> I uploaded 1.4.74-1 but I noticed just now
> that this would create a UsrMerge regression.
>
> If the .timer & .service are correctly named (too early in the morning
> for
On Sat, May 13, 2023 at 02:23:13PM +0200, Andrey Rakhmatullin wrote:
> Control: retitle -1 RFS: lighttpd/1.4.70-1 -- light, fast, functional web
> server
>
> On Sat, May 13, 2023 at 04:27:36AM -0400, Glenn Strauss wrote:
> > (This is not actually an NMU, but a non-DD
Package: sponsorship-requests
Severity: normal
X-Debbugs-Cc: gs-bugs.debian@gluelogic.com
Dear mentors,
I am looking for a DD sponsor for my package "lighttpd":
https://salsa.debian.org/debian/lighttpd/
I am an upstream lighttpd developer and have participated in
maintaining lighttpd on
Package: lintian
Version: 2.116.3
Severity: normal
X-Debbugs-Cc: gs-bugs.debian@gluelogic.com
Dear Maintainer,
Problem: lintian: [false positive] shared-library-lacks-prerequisites
lighttpd is a modular application which dynamically loads (dlopen)
optional modules (.so) depending on user
Control: tags -1 - moreinfo
On Fri, Feb 17, 2023 at 09:57:17AM +0100, Santiago Ruano Rincón wrote:
> > > Do you think NEWS could be updated?
> >
> > Updated to 1.4.69-1, as this will be the release that contains the
> > change.
>
> Great, thanks! However, just a is a minor typo:
>
> +++
On Tue, Feb 14, 2023 at 05:50:12PM +0100, Santiago Ruano Rincón wrote:
> Hello Glenn,
>
> El 12/02/23 a las 08:54, Glenn Strauss escribió:
> > > Since you are listed in Uploaders:, this shouldn't be a NMU. I don't
> > > understand why lintian doesn't complain about th
> Since you are listed in Uploaders:, this shouldn't be a NMU. I don't
> understand why lintian doesn't complain about this in this job:
> https://salsa.debian.org/debian/lighttpd/-/jobs/3931309
> but don't have the time to investigate that right now.
>
> Please, fix the changelog.
changelog
Package: sponsorship-requests
Severity: normal
X-Debbugs-Cc: gs-bugs.debian@gluelogic.com
Dear mentors,
I am looking for a DD sponsor for my package "lighttpd":
https://salsa.debian.org/debian/lighttpd/
I am an upstream lighttpd developer and have participated in
maintaining lighttpd on
Package: media-types
Version: 8.0.0
Severity: normal
X-Debbugs-Cc: gs-bugs.debian@gluelogic.com
Dear Maintainer,
media-types 9.0.0 duplicates .aml, breaking lighttpd autopkgtest
Regression is currently reported on https://tracker.debian.org/pkg/media-types
and blocking media-types 9.0.0 for
On Thu, Jun 09, 2022 at 08:01:58AM +, nico wrote:
> Dear Maintainer,
> we use an faster sd-card in our embedded system, nothing else.
> Now the start from the lighttpd server takes often over an minute.
> we use debian 10, for the bug submit i upgrade to bullseye, but the behaviour
> is the
> This also fails, the following works:
>
> systemctl reload lighttpd.service > /dev/null 2>&1;
That will start lighttpd if it is not running, which might not be
desirable. I think that a different solution is warranted.
/etc/logrotate.d/lighttpd is doing the correct thing, calling
"lighttpd.conf" is not the whole lighttpd configuration.
Print the config with: lighttpd -f /etc/lighttpd/lighttpd.conf -p
Your probable error is well-documented as user misconfiguration:
$SERVER["socket"] must not be nested in other lighttpd config conditions
I believe this bug was addressed in
https://salsa.debian.org/mariadb-team/mariadb-10.5/-/merge_requests/2
Cheers, Glenn
On Fri, Mar 05, 2021 at 05:12:17PM +0100, Pino Toscano wrote:
> Personally, I'd argue that switching the FAM implementation across the
> distribution _is_ a "transition", and as such it ought to have been
> requested (if not even started) two months ago.
In July 2020, #966273 was filed: RFA: fam
In #981513, courier changed to use libgamin-dev, so
kcoreaddons is now the *only* remaining package using FAM.
As such, there is considerably more risk to doing nothing
than there is to migrating to gamin.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510368
is over 12 years old. It's time
On Wed, Mar 03, 2021 at 02:54:58PM -0500, Nicholas D Steeves wrote:
> Hi,
>
> Glenn Strauss writes:
>
> > gamin provides libfam0.
> >
> > kcoreaddons should load just fine with libfam0 from gamin.
> >
> > I did the research in #510368 and #966273, revie
On Wed, Mar 03, 2021 at 11:23:41AM +0100, Markus Wanner wrote:
> On 03.03.21 09:21, Glenn Strauss wrote:
> > If there is any remaining concern about upgrade compatibility,
>
> ..none from my side. Courier would simply depend on gamin only. I don't
> see why that would c
On Thu, Mar 04, 2021 at 08:23:44AM +0100, Sune Stolborg Vuorela wrote:
>
> On 3/3/21 8:54 PM, Nicholas D Steeves wrote:
> >
> > thus FAM covers a use case that gamin does not, and this case is: users
> > who want to receive inotify style events for files that have been
> > remotely created or
On Wed, Mar 03, 2021 at 02:54:58PM -0500, Nicholas D Steeves wrote:
> I don't think the removal of FAM is as clear-cut as it has been
> presented to be.
>
> AFAIK the following is still current: Gamin provides "No NFS support
> based on specific RPC and server, instead gamin monitors only the
If there is any remaining concern about upgrade compatibility,
how about this:
In Bullseye, change the fam package to import the gamin source, and
then bump the fam package version number. The fam package would
actually be the same as gamin, and upgrades would avoid any packaging
system
gamin provides libfam0.
kcoreaddons should load just fine with libfam0 from gamin.
I did the research in #510368 and #966273, reviewing the actual code
and confidentally concluded that FAM can be removed from Bullseye.
The safest choice is to have a single library (gamin) used in the
distro,
On Wed, Mar 03, 2021 at 08:06:57AM +0100, Markus Wanner wrote:
> On 03.03.21 07:02, Glenn Strauss wrote:
> > Please replace "libfam-dev" with "libgamin-dev" in debian/control
> >
> > Also, please replace "gamin | fam" with simply "ga
Markus,
Please replace "libfam-dev" with "libgamin-dev" in debian/control
Also, please replace "gamin | fam" with simply "gamin" for Bullseye.
Cheers, Glenn
Please upgrade to 2.25.0 in Debian testing. Thank you.
mbedtls 2.25.0 was released almost 3 months ago.
mbedtls 2.24.0 was 6 months ago.
Since mbedtls 2.24.0, mbedtls supports TLSv1.3.
https://github.com/ARMmbed/mbedtls/releases
On Thu, Jan 07, 2021 at 02:53:17PM +0100, Alexandre Duret-Lutz wrote:
> FWIW more uppercase variants are now present in media-types 2.0.0
>
> audio/AMR amr AMR
> audio/AMR-WBawb AWB
> audio/EVRC-QCP
On Mon, Jan 04, 2021 at 11:23:48AM -0300, Antonio Terceiro wrote:
> Package: lighttpd
> Version: 1.4.57-1
> Severity: grave
> Justification: renders package unusable
>
> Dear Maintainer,
>
> After media-types has been upgraded to 1.1.0, lighttpd fails to start,
> complaining about duplicated
Source: nss
Severity: important
Tags: ftbfs patch
X-Debbugs-Cc: gs-debian@gluelogic.com, debian-m...@lists.debian.org
Dear Maintainer,
On m68k on the Debian build farm, nss fails to build.
Patch to fix issue is provided at:
https://salsa.debian.org/mozilla-team/nss/-/merge_requests/3
I
> Changing the value of 'server.username' in lighttpd.conf causes the
> server to fail to start. In my particular configuration, with webdav
> enabled, I get the following error:
>
> Starting Lighttpd Daemon...
> (mod_webdav.c.1153) sqlite3_open()
> '/var/cache/lighttpd/lighttpd.webdav.db':
mbedTLS 2.24.0 also addresses recent mbedTLS security advisories
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972806
Please upgrade to 2.24.0 in Debian testing. Thank you.
Earlier this year, an issue was filed for security advisories in April:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963159
Source: mbedtls
Version: 2.16.0-1
Severity: serious
Tags: security
Justification: security
Dear Maintainer,
Mbed TLS 2.16.8 released 1 Sep 2020 addresses 3 security advisories
==> Please update mbedtls in all active Debian releases. Thank you.
https://github.com/ARMmbed/mbedtls/releases
cross-posting to:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966273
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510368
stbuehler wrote:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966273
> Is there any reason to keep FAM around any longer in your opinion,
> given upstream
Did you have a prior version of lighttpd running successfully?
Which version?
Please share your current lighttpd config
$ lighttpd -f /etc/lighttpd/lighttpd.conf -p
$ lighttpd -f /etc/lighttpd/lighttpd.conf -tt
If you have strace installed:
$ strace -s 1024 lighttpd -f /etc/lighttpd/lighttpd.conf
Thanks for the report and suggestion.
As you know, a patch has been pending since May
https://salsa.debian.org/debian/lighttpd/-/commit/744b38fd5c4c4c11123733d1a5f1239a5a9b5a0d
tags 961843 - moreinfo
brute force password attacks
+https://redmine.lighttpd.net/boards/3/topics/8885
+ * do not accept() > server.max-connections
+ * update /var/run -> /run for systemd (closes: #929203)
+
+ -- Glenn Strauss Sat, 21 Mar 2020 18:30:00 -0500
+
lighttpd (1.4.53-4) unstable; urgency=high
> > I'm attaching the correct debdiff now.
>
> There doesn't appear to have actually been an attachment here.
I believe that the original debdiff attachment is correct.
Please advise if that is not the case.
Cheers, Glenn
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
Dear Maintainer,
Greetings! I am an upstream maintainer of lighttpd.
Please accept this backport of important patches from
lighttpd 1.4.54 (released 2019.05.27)
lighttpd
Source: lighttpd
Version: 1.4.53-4
Severity: normal
Tags: buster, patch
Dear Maintainer,
Greetings! I am an upstream maintainer of lighttpd.
Please accept this backport of important patches from
lighttpd 1.4.54 (released 2019.05.27)
lighttpd 1.4.55 (released 2020.01.31)
The patches to
> GET requests send invalid data for files above 30kB when connecting to the
> server over http. But GET requests send good data when connecing over https.
What do you mean by "invalid data"? Please be more specific.
What kind of requests? Please be more specific.
It would be hightly unlikely
Package: sponsorship-requests
Severity: important
Dear mentors,
Please release lighttpd 1.4.53-5 as a stable-update to Buster.
I am a lighttpd developer (upstream) and have prepared lighttpd 1.4.53-5
on the 'buster' branch at
https://salsa.debian.org/debian/lighttpd/-/tree/buster
The
Package: sponsorship-requests
Severity: important
Dear mentors,
Please release lighttpd 1.4.53-5 as a stable-update to Buster.
I am a lighttpd developer (upstream) and have prepared lighttpd 1.4.53-5
on the 'buster' branch at
https://salsa.debian.org/debian/lighttpd/-/tree/buster
The
Source: lighttpd
Version: 1.4.53
Severity: important
Tags: upstream
Dear Maintainer,
POST requests use way more memory than in lighttpd 1.4.51 when lighttpd
is configured with: server.stream-request-body = 2
Upstream bug report: https://redmine.lighttpd.net/issues/2948
The excessive memory use
lighttpd ssl.* directives can be inherited from the global scope
(without needing to be repeated in each condition) if the only ssl.*
directive in a socket condition is
$SERVER["socket"] == "..." { ssl.engine = "enable" }
conf-available/10-ssl.conf and use-ipv6.pl can be modifed to achieve
the
; I can't understand this behavior.
>
> Thank you for the detailed report. I don't fully understand this either
> and am thus Ccing Glenn Strauss (upstream).
https://en.wikipedia.org/wiki/UTF-8#Overlong_encodings
"
The standard specifies that the correct encoding of a
Yes, you are right that the doc is outdated. The debian package
installs docs from the lighttpd source tree path doc/outdated/*.txt
We are aware of this issue, but it is non-trivial to correct.
Updated lighttpd SSL doc can be found at:
> Problem #2:
>
> lighttpd presently produces 11 binary packages. That's quite many for an
> otherwise small package. Adding binary packages has a metadata cost to
> the Debian archive that affects everyone (not just lighttpd users). We
> should seek to reduce the package count.
IMHO, it appears
Source: lighttpd
Version: 1.4.52-1
> Problem #2:
>
> lighttpd presently produces 11 binary packages. That's quite many for an
> otherwise small package. Adding binary packages has a metadata cost to
> the Debian archive that affects everyone (not just lighttpd users). We
> should seek to reduce
lighttpd systemd service can be improved
(related bug #856001, bug #838473, and bug #877870)
Changes in recent versions of lighttpd allow graceful restart
and other features
Since lighttpd 1.4.46:
lighttpd 1.4.50 released
https://www.lighttpd.net/2018/8/13/1.4.50/
53 matches
Mail list logo