On Fri, Sep 22, 2023 at 08:25:26AM -0400, Boyuan Yang wrote: > Hi, > > 在 2023-09-21星期四的 21:00 +0300,Petri Riihikallio写道: > > Hello, I’ll go for this again. > > > > I have a project with several thousand users upgrading to Bullseye (because > > of Java 11). They would benefit greatly from Lighttpd 1.64 or later because > > that is the first > > version to log remote IP addresses to its error log for Fail2Ban. Version > > 1.69 is already available for Bookworm and testing. I don’t need any > > Lighttpd add-on packages. > > > > Any help is greatly appreciated. > > Forwarding your request to the current Debian lighttpd maintainers to see > whether they are interested in such task. If anyone prepares a backported > version for bullseye-backports (or bullseye-backports-sloppy), I will be > happy to review and sponsor the upload.
I'll be happy to put together a backport in a week or so (the first week of October) as I am currently in the midst of preparing to release lighttpd 1.4.72. Boyuan: thank you for the offer to sponsor. I'll take you up on it in early Oct. If you're willing to sponsor bullseye-backports-sloppy, then I'll backport 1.4.72 about a month after the 1.4.72 release, and may do the same for buster-backports-sloppy. Petri: the lighttpd codebase is very, very portable and if you want to test in the meantime, you should just be able to take the source from https://salsa.debian.org/debian/lighttpd/ and dpkg-buildpackage on Bullseye. While some older, lesser used modules have been deprecated and removed, I doubt too many people are affected, so the lighttpd package should "just work" for most people on older Debian releases. I recommend reviewing the upstream release notes for each lighttpd version back to the ancient one you are running, and paying attention to the Behavior Changes section (if present) in each of the release notes: https://redmine.lighttpd.net/projects/lighttpd/news (See "Previous version:" link near top of each release notes to get to older release notes.) Behavior Changes are very often low impact, such as increasing the security of the default cipher list used by the lighttpd TLS modules. Cheers, Glenn lighttpd developer
