Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package lighttpd for openSUSE:Factory checked in at 2021-10-25 15:17:26 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/lighttpd (Old) and /work/SRC/openSUSE:Factory/.lighttpd.new.1890 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "lighttpd" Mon Oct 25 15:17:26 2021 rev:47 rq:927197 version:1.4.60 Changes: -------- --- /work/SRC/openSUSE:Factory/lighttpd/lighttpd.changes 2021-09-28 19:17:48.684274247 +0200 +++ /work/SRC/openSUSE:Factory/.lighttpd.new.1890/lighttpd.changes 2021-10-25 15:18:30.121715721 +0200 @@ -1,0 +2,28 @@ +Sun Oct 24 15:02:25 UTC 2021 - Andreas Stieger <[email protected]> + +- update to 1.4.60: + * HTTP/2 smoother and lower memory use (in general) + * HTTP/2 tuning to better handle aggressive client initial + requests + * reduce memory footprint; workaround poor glibc behavior; + jemalloc is better + * mod_magnet lua performance improvements + * mod_dirlisting performance improvements and new caching option + * memory constraints for extreme edge cases in mod_dirlisting, + mod_ssi, mod_webdav + * connect(), write(), read() time limits on backends (separate + from client timeouts) + * lighttpd restarts if large discontinuity in time occurs + (embedded systems) + * RFC7233 Range support for all non-streaming responses, not + only static files + * connect() to backend now has default 8 second timeout + (configurable) + +------------------------------------------------------------------- +Tue Oct 5 09:16:55 UTC 2021 - Johannes Segitz <[email protected]> + +- Added hardening to systemd service(s) (bsc#1181400). Added patch(es): + * harden_lighttpd.service.patch + +------------------------------------------------------------------- Old: ---- lighttpd-1.4.59.tar.xz lighttpd-1.4.59.tar.xz.asc New: ---- harden_lighttpd.service.patch lighttpd-1.4.60.tar.xz lighttpd-1.4.60.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ lighttpd.spec ++++++ --- /var/tmp/diff_new_pack.YROetK/_old 2021-10-25 15:18:30.669716064 +0200 +++ /var/tmp/diff_new_pack.YROetK/_new 2021-10-25 15:18:30.673716066 +0200 @@ -26,7 +26,7 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: lighttpd -Version: 1.4.59 +Version: 1.4.60 Release: 0 # Summary: A Secure, Fast, Compliant, and Very Flexible Web Server @@ -39,6 +39,7 @@ Source3: %{name}.keyring Source4: lightytest.sh Source7: lighttpd.logrotate +Patch0: harden_lighttpd.service.patch BuildRequires: FastCGI-devel BuildRequires: cyrus-sasl-devel BuildRequires: e2fsprogs-devel @@ -275,6 +276,7 @@ %prep %setup -q -n %{pkg_name}-%{pkg_version} +%patch0 -p1 %build export CFLAGS="%{optflags} -DLDAP_DEPRECATED -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -std=gnu99 -fstack-protector" ++++++ harden_lighttpd.service.patch ++++++ Index: lighttpd-1.4.59/doc/systemd/lighttpd.service =================================================================== --- lighttpd-1.4.59.orig/doc/systemd/lighttpd.service +++ lighttpd-1.4.59/doc/systemd/lighttpd.service @@ -3,6 +3,19 @@ Description=Lighttpd Daemon After=network-online.target [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=simple PIDFile=/run/lighttpd.pid ExecStartPre=/usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf ++++++ lighttpd-1.4.59.tar.xz -> lighttpd-1.4.60.tar.xz ++++++ ++++ 60849 lines of diff (skipped)
