Your message dated Sun, 16 Mar 2008 12:02:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#419176: fixed in lighttpd 1.4.19-1
has caused the Debian Bug report #419176,
regarding lighttpd: Module loading order is important, ensure auth is loaded
before fastcgi and status
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
419176: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=419176
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: lighttpd
Version: 1.4.13-10
Severity: normal
Hi,
Module loading order is important. If you load status before auth and use auth
for status, auth is ignored and users can access status without
authentication.
The same probably applies to fastcgi as well, so you should ensure modules are
loaded in the proper order. Maybe auth should be loaded in
lighttpd.conf at the top.
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (500, 'testing'), (1, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.18-4-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.ISO-8859-15, LC_CTYPE=en_US.ISO-8859-15 (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
Versions of packages lighttpd depends on:
ii libattr1 1:2.4.32-1.1 Extended attribute shared library
ii libbz2-1.0 1.0.3-6 high-quality block-sorting file co
ii libc6 2.3.6.ds1-13 GNU C Library: Shared libraries
ii libldap2 2.1.30-13.4 OpenLDAP libraries
ii libpcre3 6.7-1 Perl 5 Compatible Regular Expressi
ii libssl0.9.8 0.9.8c-4 SSL shared libraries
ii lsb-base 3.1-23.1 Linux Standard Base 3.1 init scrip
ii mime-support 3.39-1 MIME files 'mime.types' & 'mailcap
ii perl 5.8.8-7 Larry Wall's Practical Extraction
ii zlib1g 1:1.2.3-13 compression library - runtime
Versions of packages lighttpd recommends:
ii php5-cgi 5.2.0-10 server-side, HTML-embedded scripti
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: lighttpd
Source-Version: 1.4.19-1
We believe that the bug you reported is fixed in the latest version of
lighttpd, which is due to be installed in the Debian FTP archive:
lighttpd-doc_1.4.19-1_all.deb
to pool/main/l/lighttpd/lighttpd-doc_1.4.19-1_all.deb
lighttpd-mod-cml_1.4.19-1_amd64.deb
to pool/main/l/lighttpd/lighttpd-mod-cml_1.4.19-1_amd64.deb
lighttpd-mod-magnet_1.4.19-1_amd64.deb
to pool/main/l/lighttpd/lighttpd-mod-magnet_1.4.19-1_amd64.deb
lighttpd-mod-mysql-vhost_1.4.19-1_amd64.deb
to pool/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.19-1_amd64.deb
lighttpd-mod-trigger-b4-dl_1.4.19-1_amd64.deb
to pool/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.19-1_amd64.deb
lighttpd-mod-webdav_1.4.19-1_amd64.deb
to pool/main/l/lighttpd/lighttpd-mod-webdav_1.4.19-1_amd64.deb
lighttpd_1.4.19-1.diff.gz
to pool/main/l/lighttpd/lighttpd_1.4.19-1.diff.gz
lighttpd_1.4.19-1.dsc
to pool/main/l/lighttpd/lighttpd_1.4.19-1.dsc
lighttpd_1.4.19-1_amd64.deb
to pool/main/l/lighttpd/lighttpd_1.4.19-1_amd64.deb
lighttpd_1.4.19.orig.tar.gz
to pool/main/l/lighttpd/lighttpd_1.4.19.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Pierre Habouzit <[EMAIL PROTECTED]> (supplier of updated lighttpd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 16 Mar 2008 12:01:41 +0100
Source: lighttpd
Binary: lighttpd lighttpd-doc lighttpd-mod-mysql-vhost
lighttpd-mod-trigger-b4-dl lighttpd-mod-cml lighttpd-mod-magnet
lighttpd-mod-webdav
Architecture: source all amd64
Version: 1.4.19-1
Distribution: unstable
Urgency: low
Maintainer: Debian lighttpd maintainers <[EMAIL PROTECTED]>
Changed-By: Pierre Habouzit <[EMAIL PROTECTED]>
Description:
lighttpd - A fast webserver with minimal memory footprint
lighttpd-doc - Documentation for lighttpd
lighttpd-mod-cml - Cache meta language module for lighttpd
lighttpd-mod-magnet - Control the request handling module for lighttpd
lighttpd-mod-mysql-vhost - MySQL-based virtual host configuration for lighttpd
lighttpd-mod-trigger-b4-dl - Anti-deep-linking module for lighttpd
lighttpd-mod-webdav - WebDAV module for lighttpd
Closes: 419176 435131 445224 448054 448682 461180 462199 468297
Changes:
lighttpd (1.4.19-1) unstable; urgency=low
.
* New upstream release.
.
* debian/control:
+ add Build-Depends upon quilt, remove dpatch.
+ Bump Standards-Version to 3.7.3 (no changes required).
+ Move Homepage pseudo-headers as real headers.
.
* debian/patches:
+ migrate to quilt.
+ remove 05_fdevent_fix.patch (merged upstream).
+ remove 06_mod_cgi_vuln_fix.patch (merged upstream).
+ refresh the rest of the series.
.
* debian/lighty-enable-mod:
+ Reindent and remove trailing spaces.
+ don't fail to remove a module that is already removed.
Patch from Michal Čihař (Closes: 448682).
+ Allow full stops in module names (Closes: 462199).
.
* debian/lighttpd.conf:
+ enable ipv6 by default (Closes: 448054).
+ remove mod_status stanza, create conf-available/10-status.conf with it.
.
* debian/lighttpd.cron.daily: new file, cleanup compressed cache.
Thanks to Michal Čihař (Closes: 445224).
.
* be sure mod_auth is loaded first (Closes: 419176):
+ add debian/lighttpd.preinst to rename 10-auth.conf into 05-auth.conf
automagically (when it's a sane thing to do).
+ Document all that in NEWS.Debian.
+ debian/lighttpd.install: add 10-status.conf and 05-auth.conf.
.
* debian/lighttpd.postinst:
+ chmod'ing /var/cache/lighttpd recursively is useless and too long. Just
chmod the base directory, content is likely to be only created by
lighty anyways. (Closes: 468297).
.
* debian/init.d:
+ Add $remote_fs and $network (instead of networking) to
Required-{Start,Stop}.
+ Add fam to Should-{Start,Stop} (Closes: 461180).
.
* debian/lighttpd.links: add symlinks on lighty-* so that lighttpd-*
commands exists as well (Closes: 435131).
Files:
21aa210e71c3f04580745236a3a33cfa 1285 web optional lighttpd_1.4.19-1.dsc
cede410e7adee3ea14206749190a8b5d 815568 web optional
lighttpd_1.4.19.orig.tar.gz
8eac4d3b8c6eb3872a932efbe47b965b 21457 web optional lighttpd_1.4.19-1.diff.gz
e808b1214c62d2bfa8199637dc360878 104598 doc optional
lighttpd-doc_1.4.19-1_all.deb
2cd8b975e479082f017280139915995c 320634 web optional
lighttpd_1.4.19-1_amd64.deb
3af31fa3005dcac210485007ee399632 65754 web optional
lighttpd-mod-mysql-vhost_1.4.19-1_amd64.deb
fcb5b9a0f69eff85aeb80281c2a1b1d2 67402 web optional
lighttpd-mod-trigger-b4-dl_1.4.19-1_amd64.deb
9eeefc9723aac25be86ed34306c596ee 70918 web optional
lighttpd-mod-cml_1.4.19-1_amd64.deb
16f9dcf41b1cfc7291a6e4dfaeecf661 70574 web optional
lighttpd-mod-magnet_1.4.19-1_amd64.deb
467c7007e5a6c6572d71c65e9b8f6900 77624 web optional
lighttpd-mod-webdav_1.4.19-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFH3QkvvGr7W6HudhwRAnmtAJ9wffBimTmrybYm35+oZOKs+NQ/PQCdHns1
WGEXICHfeBhd49iVtVfnJzw=
=f3qc
-----END PGP SIGNATURE-----
--- End Message ---
