commit lighttpd for openSUSE:Factory

Wed, 14 Sep 2022 04:45:05 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package lighttpd for openSUSE:Factory 
checked in at 2022-09-14 13:44:49
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/lighttpd (Old)
 and      /work/SRC/openSUSE:Factory/.lighttpd.new.2083 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "lighttpd"

Wed Sep 14 13:44:49 2022 rev:53 rq:1003391 version:1.4.66

Changes:
--------
--- /work/SRC/openSUSE:Factory/lighttpd/lighttpd.changes        2022-06-23 
10:23:56.579718645 +0200
+++ /work/SRC/openSUSE:Factory/.lighttpd.new.2083/lighttpd.changes      
2022-09-14 13:44:56.505888156 +0200
@@ -1,0 +2,32 @@
+Tue Sep 13 20:30:34 UTC 2022 - Andreas Stieger <andreas.stie...@gmx.de>
+
+- update to 1.4.66:
+  * a number of bug fixes
+  * Fix HTTP/2 downloads >= 4GiB
+  * Fix SIGUSR1 graceful restart with TLS
+  * futher bug fixes
+  * CVE-2022-37797: null pointer dereference in mod_wstunnel,
+    possibly a remotely triggerable crash (boo#1203358)
+  * In an upcoming release the TLS modules will default to using
+    stronger, modern chiphers and will default to allow client
+    preference in selecting ciphers.
+    ???CipherString??? => 
???EECDH+AESGCM:AES256+EECDH:CHACHA20:SHA256:!SHA384???,
+    ???Options??? => ???-ServerPreference???
+    old defaults:
+    ???CipherString??? => ???HIGH???,
+    ???Options??? => ???ServerPreference???
+  * A number of TLS options are how deprecated and will be removed
+    in a future release:
+    ??? ssl.honor-cipher-order
+    ??? ssl.dh-file
+    ??? ssl.ec-curve
+    ??? ssl.disable-client-renegotiation
+    ??? ssl.use-sslv2
+    ??? ssl.use-sslv3
+    The replacement option is ssl.openssl.ssl-conf-cmd, but lighttpd
+    defaults should be prefered
+  * A number of modules are now deprecated and will be removed in a
+    future release: mod_evasive, mod_secdownload, mod_uploadprogress,
+    mod_usertrack can be replaced by mod_magnet and a few lines of lua.
+
+-------------------------------------------------------------------

Old:
----
  lighttpd-1.4.65.tar.xz
  lighttpd-1.4.65.tar.xz.asc

New:
----
  lighttpd-1.4.66.tar.xz
  lighttpd-1.4.66.tar.xz.asc

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ lighttpd.spec ++++++
--- /var/tmp/diff_new_pack.aP0Gt9/_old  2022-09-14 13:44:57.493890643 +0200
+++ /var/tmp/diff_new_pack.aP0Gt9/_new  2022-09-14 13:44:57.501890663 +0200
@@ -26,7 +26,7 @@
   %define _fillupdir %{_localstatedir}/adm/fillup-templates
 %endif
 Name:           lighttpd
-Version:        1.4.65
+Version:        1.4.66
 Release:        0
 #
 Summary:        A Secure, Fast, Compliant, and Very Flexible Web Server

++++++ lighttpd-1.4.65.tar.xz -> lighttpd-1.4.66.tar.xz ++++++
++++ 9891 lines of diff (skipped)

Reply via email to