Package: lighttpd Version: 1.4.43-1 Severity: serious Hi,
the debian package for 1.4.43 is in a very sad state (one could say similar to the upstream release itself...). See attached patch for what we're using to build packages for https://debian.lighttpd.net/ - debian stable doesn't know default-libmysqlclient-dev - add new dependencies - init script still present, no need for systemd: #846299 - don't recommend php5-cgi - should not get installed automatically imho - new packages for new modules Sadly ldap and mysql mod_authn_* modules are required as soon as you load mod_auth in 1.4.43; this is fixed in git head. Overall I'd recommend waiting for 1.4.44 or picking some fixes from git head; there are some quite severe bugs in 1.4.43. Also we're using the .tar.xz - maybe update the watch file; and https should work on download.lighttpd.net/ too. regards, Stefan
diff -urN lighttpd-1.4.43/debian/control new/debian/control --- lighttpd-1.4.43/debian/control 2016-11-26 06:09:35.000000000 +0100 +++ new/debian/control 2016-12-04 10:33:00.249171410 +0100 @@ -18,7 +18,8 @@ libbz2-dev, libattr1-dev, libpcre3-dev, - default-libmysqlclient-dev, + libmemcached-dev, + default-libmysqlclient-dev | libmysqlclient-dev, libfam-dev, libldap2-dev, libfcgi-dev, @@ -29,6 +30,7 @@ libsqlite3-dev, libxml2-dev, libkrb5-dev, + libgeoip-dev, perl, libcgi-pm-perl, Vcs-Git: git://anonscm.debian.org/pkg-lighttpd/lighttpd.git @@ -41,11 +43,11 @@ # That's a false positive these days Pre-Depends: ${misc:Pre-Depends} Depends: ${shlibs:Depends}, ${misc:Depends}, ${perl:Depends}, - lsb-base (>= 3.0-6), systemd (>= 29.1), mime-support, + lsb-base (>= 3.0-6) | systemd (>= 29.1), mime-support, libterm-readline-perl-perl Provides: httpd, httpd-cgi -Suggests: openssl, rrdtool, apache2-utils, lighttpd-doc -Recommends: spawn-fcgi, php5-cgi +Suggests: openssl, rrdtool, apache2-utils, lighttpd-doc, php5-cgi +Recommends: spawn-fcgi Description: fast webserver with minimal memory footprint lighttpd is a small webserver and fast webserver developed with security in mind and a lot of features. @@ -126,3 +128,34 @@ MKCOL DELETE PUT + +Package: lighttpd-mod-authn-gssapi +Architecture: any +Depends: lighttpd (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} +Description: GGSAPI authentication for lighttpd + This package contains the authn_gssapi module for lighttpd. With + this module, it is possible to perform GSSAPI authentication. + +Package: lighttpd-mod-authn-ldap +Architecture: any +Depends: lighttpd (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} +Description: LDAP authentication for lighttpd + This package contains the authn_ldap module for lighttpd. With + this module, it is possible to perform authentication against an LDAP + server. + +Package: lighttpd-mod-authn-mysql +Architecture: any +Depends: lighttpd (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} +Description: MySQL authentication for lighttpd + This package contains the authn_mysql module for lighttpd. With + this module, it is possible to perform authentication using a MySQL + table. + +Package: lighttpd-mod-geoip +Architecture: any +Depends: lighttpd (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} +Description: GeoIP restrictions for lighttpd + This package contains the geoip module for lighttpd. With + this module, it is possible to distinguish users based on the location + using a GeoIP database. diff -urN lighttpd-1.4.43/debian/lighttpd.install new/debian/lighttpd.install --- lighttpd-1.4.43/debian/lighttpd.install 2016-11-26 06:09:35.000000000 +0100 +++ new/debian/lighttpd.install 2016-12-04 10:31:51.431727218 +0100 @@ -4,8 +4,10 @@ debian/tmp/usr/lib/lighttpd/mod_accesslog.so debian/tmp/usr/lib/lighttpd/mod_alias.so debian/tmp/usr/lib/lighttpd/mod_auth.so +debian/tmp/usr/lib/lighttpd/mod_authn_file.so debian/tmp/usr/lib/lighttpd/mod_cgi.so debian/tmp/usr/lib/lighttpd/mod_compress.so +debian/tmp/usr/lib/lighttpd/mod_deflate.so debian/tmp/usr/lib/lighttpd/mod_dirlisting.so debian/tmp/usr/lib/lighttpd/mod_evasive.so debian/tmp/usr/lib/lighttpd/mod_evhost.so @@ -25,6 +27,7 @@ debian/tmp/usr/lib/lighttpd/mod_ssi.so debian/tmp/usr/lib/lighttpd/mod_staticfile.so debian/tmp/usr/lib/lighttpd/mod_status.so +debian/tmp/usr/lib/lighttpd/mod_uploadprogress.so debian/tmp/usr/lib/lighttpd/mod_userdir.so debian/tmp/usr/lib/lighttpd/mod_usertrack.so debian/lighttpd.conf /etc/lighttpd diff -urN lighttpd-1.4.43/debian/lighttpd-mod-authn-gssapi.install new/debian/lighttpd-mod-authn-gssapi.install --- lighttpd-1.4.43/debian/lighttpd-mod-authn-gssapi.install 1970-01-01 01:00:00.000000000 +0100 +++ new/debian/lighttpd-mod-authn-gssapi.install 2016-10-31 11:31:01.000000000 +0100 @@ -0,0 +1 @@ +debian/tmp/usr/lib/lighttpd/mod_authn_gssapi.so diff -urN lighttpd-1.4.43/debian/lighttpd-mod-authn-ldap.install new/debian/lighttpd-mod-authn-ldap.install --- lighttpd-1.4.43/debian/lighttpd-mod-authn-ldap.install 1970-01-01 01:00:00.000000000 +0100 +++ new/debian/lighttpd-mod-authn-ldap.install 2016-10-31 11:30:58.000000000 +0100 @@ -0,0 +1 @@ +debian/tmp/usr/lib/lighttpd/mod_authn_ldap.so diff -urN lighttpd-1.4.43/debian/lighttpd-mod-authn-mysql.install new/debian/lighttpd-mod-authn-mysql.install --- lighttpd-1.4.43/debian/lighttpd-mod-authn-mysql.install 1970-01-01 01:00:00.000000000 +0100 +++ new/debian/lighttpd-mod-authn-mysql.install 2016-10-31 11:30:52.000000000 +0100 @@ -0,0 +1 @@ +debian/tmp/usr/lib/lighttpd/mod_authn_mysql.so diff -urN lighttpd-1.4.43/debian/lighttpd-mod-geoip.install new/debian/lighttpd-mod-geoip.install --- lighttpd-1.4.43/debian/lighttpd-mod-geoip.install 1970-01-01 01:00:00.000000000 +0100 +++ new/debian/lighttpd-mod-geoip.install 2016-10-31 11:30:49.000000000 +0100 @@ -0,0 +1 @@ +debian/tmp/usr/lib/lighttpd/mod_geoip.so diff -urN lighttpd-1.4.43/debian/NEWS new/debian/NEWS --- lighttpd-1.4.43/debian/NEWS 2016-11-26 06:08:10.000000000 +0100 +++ new/debian/NEWS 2016-10-31 13:38:11.000000000 +0100 @@ -1,3 +1,10 @@ +lighttpd (1.4.42-0.2) unstable; urgency=high + The authentication modules have been split into submodules; LDAP and + the new GSSAPI and MySQL authentication modules are now in separate + packages. + + -- Stefan Bühler <stbueh...@web.de> Mon, 31 Oct 2016 11:38:33 +0100 + lighttpd (1.4.31-4) unstable; urgency=high The default Debian configuration file for PHP invoked from FastCGI was diff -urN lighttpd-1.4.43/debian/rules new/debian/rules --- lighttpd-1.4.43/debian/rules 2016-11-26 06:08:10.000000000 +0100 +++ new/debian/rules 2016-12-04 10:35:13.369059377 +0100 @@ -17,15 +17,16 @@ --with-attr \ --with-fam \ --with-gdbm \ - --with-kerberos5 \ + --with-krb5 \ --with-ldap \ --with-lua=lua5.1 \ - --with-memcache \ + --with-memcached \ --with-mysql \ --with-openssl \ --with-pcre \ --with-webdav-locks \ --with-webdav-props \ + --with-geoip \ $(shell dpkg-buildflags --export=configure) override_dh_fixperms: