Your message dated Sat, 22 Mar 2014 15:20:48 +0000
with message-id <[email protected]>
and subject line Bug#741497: fixed in lighttpd 1.4.35-1
has caused the Debian Bug report #741497,
regarding lighttpd: enable all build hardening flags
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
741497: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741497
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
package: src:lighttpd
severity: important
version: 1.4.33-1
tags: patch
The attached patch enables all of the build hardening flags for lighttpd.
Best wishes,
Mike
--- lighttpd-1.4.33/debian/rules 2013-10-15 19:42:23.000000000 +0000
+++ lighttpd-1.4.33/debian/rules 2014-03-13 01:51:45.000000000 +0000
@@ -3,6 +3,9 @@
# uncomment to enable verbose mode
#export DH_VERBOSE=1
+# enable all hardening build flags
+export DEB_BUILD_MAINT_OPTIONS=hardening=+all
+
%:
dh $@ --with autotools_dev,systemd
--- End Message ---
--- Begin Message ---
Source: lighttpd
Source-Version: 1.4.35-1
We believe that the bug you reported is fixed in the latest version of
lighttpd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Arno Töll <[email protected]> (supplier of updated lighttpd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 22 Mar 2014 03:06:59 -1100
Source: lighttpd
Binary: lighttpd lighttpd-doc lighttpd-mod-mysql-vhost
lighttpd-mod-trigger-b4-dl lighttpd-mod-cml lighttpd-mod-magnet
lighttpd-mod-webdav
Architecture: source amd64 all
Version: 1.4.35-1
Distribution: unstable
Urgency: low
Maintainer: Debian lighttpd maintainers
<[email protected]>
Changed-By: Arno Töll <[email protected]>
Description:
lighttpd - fast webserver with minimal memory footprint
lighttpd-doc - documentation for lighttpd
lighttpd-mod-cml - cache meta language module for lighttpd
lighttpd-mod-magnet - control the request handling module for lighttpd
lighttpd-mod-mysql-vhost - MySQL-based virtual host configuration for lighttpd
lighttpd-mod-trigger-b4-dl - anti-deep-linking module for lighttpd
lighttpd-mod-webdav - WebDAV module for lighttpd
Closes: 713860 730379 741497
Changes:
lighttpd (1.4.35-1) unstable; urgency=low
.
* New upstream version (fixes CVE-2014-2323, CVE-2014-2324)
+ Delete patches: cve-2013-4508.patch, cve-2013-4559.patch,
cve-2013-4560.patch. Those are all cumulative included since
lighttpd 1.4.34
* Acknowledge NMUs by the security team
* Make the init script wait until lighttpd really terminates.
* Change the default document root /var/www/html (Closes: #730379), add a
Lintian override for it
* Bump the debhelper dependency to >= 9.20130624 to ensure dh_installinit is
recent enough for systemd (Closes: #713860)
* Reorder LSB init dependencies, add $local_fs to it
* Add hardening flags to lighttpd. Thanks to Michael Gilbert
for providing a patch (Closes: #741497)
* Remove W3C logo from index.html to avoid inclusion of images hosted
elsewhere
* Push standards version to 3.9.5 (no changes needed).
Checksums-Sha1:
f9cab04d94abb919e8610d2db855b70705d62971 2704 lighttpd_1.4.35-1.dsc
90c22d55c9656494d772deb62e253aa35bb5221d 847321 lighttpd_1.4.35.orig.tar.gz
60cc018618fec77a8abd0ccf25bcaa998bef0bd4 25168 lighttpd_1.4.35-1.debian.tar.xz
a2c36592d0a1f47ceb892322227416171d7db5c5 240052 lighttpd_1.4.35-1_amd64.deb
f75c3e67c2817324dd21558a65bfa71e986dc5c1 60810 lighttpd-doc_1.4.35-1_all.deb
992a9a6534b9e7daf94fee5c102b45257b261ddd 19466
lighttpd-mod-mysql-vhost_1.4.35-1_amd64.deb
69ae50f9f763315b97211224cddf96d9b77cfe53 20698
lighttpd-mod-trigger-b4-dl_1.4.35-1_amd64.deb
0a630ad930e7b3b730687b3175ec29fec755624f 23192
lighttpd-mod-cml_1.4.35-1_amd64.deb
4325b2e1eaf1ea7893a8104cc7e5786487dc1857 24002
lighttpd-mod-magnet_1.4.35-1_amd64.deb
0f7e8c12fb25338a1582475139d19a315f5d0257 29448
lighttpd-mod-webdav_1.4.35-1_amd64.deb
Checksums-Sha256:
91c867d164d7b74df857d22edc3030ac8c9238d718c1a4530a2908c6152e052d 2704
lighttpd_1.4.35-1.dsc
62c23de053fd82e1bf64f204cb6c6e44ba3c16c01ff1e09da680d982802ef1cc 847321
lighttpd_1.4.35.orig.tar.gz
b73afa77e991390bbde5d8d2e07ef95ef182f4daf380f0879734d57102049824 25168
lighttpd_1.4.35-1.debian.tar.xz
4ad88d2d0c34009e2af19980d2fe5e6ac614e80a2d34dd73bbc62d1e3a4f87af 240052
lighttpd_1.4.35-1_amd64.deb
42a9d8b54221d2112262829a5df1f67d8985eb5fab755e91c08cf21689007cdb 60810
lighttpd-doc_1.4.35-1_all.deb
a7355180ed9fdd0f2aff4d638a3b0f59f2ce29966bb22e1a7d63021cdaa801b1 19466
lighttpd-mod-mysql-vhost_1.4.35-1_amd64.deb
07fa48072842d16a5156a9f363223b30f5995388e99ff2f892696fa0d81efe04 20698
lighttpd-mod-trigger-b4-dl_1.4.35-1_amd64.deb
b491cfe18fbe95abdd79bba991b5b1011fdbd0c72ac522f3cc0e8a142577f546 23192
lighttpd-mod-cml_1.4.35-1_amd64.deb
09e53f37346f074b97939950ba8384809739c3e1e5fd9dcbeea6b54a277d51c0 24002
lighttpd-mod-magnet_1.4.35-1_amd64.deb
f3de1cc963f583eeb95602c5e4ca018dd6b08c929e7a5a6ee68da6dbbfd901e6 29448
lighttpd-mod-webdav_1.4.35-1_amd64.deb
Files:
9b6b842181b056427e39cf2f89580d05 2704 httpd optional lighttpd_1.4.35-1.dsc
69057685df672218d45809539b874917 847321 httpd optional
lighttpd_1.4.35.orig.tar.gz
5396cec339fd68c40accff0a4f89185d 25168 httpd optional
lighttpd_1.4.35-1.debian.tar.xz
6f305689557b80623a95ae42222780fc 240052 httpd optional
lighttpd_1.4.35-1_amd64.deb
3046a358c8fc2d8589a9324ed70e850a 60810 doc optional
lighttpd-doc_1.4.35-1_all.deb
c2781b1be204149d1079f96cb55f7434 19466 httpd optional
lighttpd-mod-mysql-vhost_1.4.35-1_amd64.deb
bb57f628b630bf854cc8fa4c05c72526 20698 httpd optional
lighttpd-mod-trigger-b4-dl_1.4.35-1_amd64.deb
d4728adae68b039becf2b6ece6bb5cbd 23192 httpd optional
lighttpd-mod-cml_1.4.35-1_amd64.deb
28d81761cc533098d0e5a93e37fb7bbb 24002 httpd optional
lighttpd-mod-magnet_1.4.35-1_amd64.deb
97343536ac911296b19b9e779132a372 29448 httpd optional
lighttpd-mod-webdav_1.4.35-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBAgAGBQJTLaReAAoJEMcrUe6dgPNtRR4P/AvNVrxV9lNAGCwbwxH4DSol
nJz9Kri1iTjFY69QE+9E8xrKVJ6kP6sGBhRPX0fnrqAXlBDmhVoRLcC/bYt/qbA4
eZ1ESog6n3PMjK0JapXbjc3Y42PXyBdvjeE/hLjJ9LS4SDXbJt+WlYYB//Zo3xnq
G8LQTQhGArjaBosJitpqv7fhP0q0mWNUgYq/tGB38EZA7jphOiD3Ih066NpbHJMq
jOX79XE5GQRKKOEB/TQaFJNnF/j64++DmfTcOz49BO/OSpnJyfjXq8TaKxF2rDlP
YtnEPNgIfOSeDSkaMom4TKWKNyrv4NWTU08lH07lx4dI8b4TkIMyq3P3G9D8x0fw
lVYz4M9in74WoR81dqMO4+lXb1HvaBefD5AJmYVEjW8l22E2eoMBhoc+dQUjBGui
lkLlJW9zqQQ72Hsgac+HQ0IkNTmAA91091Ey6i5gV0Btt5vGDSoenA5DCSZoRfSb
v7npz0Ge2DoIW2pQCkdz/YA7cKM1+eQTZCO+3ZFNaOkl18rHG3LWiHRQ1dVK0GST
sew/mG1/QbO72lEbieFDR+JY9RsxvfZsAqLbSdKF77rauflO2Rq9CKwYCrQkqV86
PSFpSusbEdSJwvuT14FgbtDJjN5Lf4esUk1iGlvwM8s8TDVBDcbpQ7dUuvDDcDD9
lcTLPJPBxGY4lmh8Eo+2
=T2hL
-----END PGP SIGNATURE-----
--- End Message ---
