-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I propose a fix that closes #609124. Since this regression justifies a new package I edited changelog as well, a maintainer may further edit though.
The attached patch hence changes debian/changelog and introduces a patch from upstream [1]. I did not use the patch Squeeze used to ship for some time, as it is not in use anymore in the current testing package (only on older, already archived packages). Besides that it patches the issue straightforward. [1] http://redmine.lighttpd.net/attachments/1095/08-ssl-retval-fix.patch - -- with kind regards, Arno Töll GnuPG Key-ID: 0x8408D4C4 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJNJ1ESAAoJELBdpXvEXpo9/NUP/AnX1Hrn3YKGpoqHve2UCJRR lyKrxQX0ZDhckHjagkd+MSSO1xx+M7tTFTJAAGjJch0r2lpYLqO+6MQ1FYZcD2o8 j94wrRsIWekzziEamYNJd4vJC+og2nm5k+TlkS4OKP3dlM3kEa+1EhrDEe8khBvB Woa4uiRgBSsT/Vjr5caqigRH22bBpB2i/4EwAQ9sQh3inR54kF+JZ+6r7Vfxa6VE wKeC3LxKuRy9vAPqO/0e+4nyzIWr4koI8SBUoDhF72NggH0iAb22E7/yC4/OP6UC Kf51yj0R9338q8jENM0ls5Oltm5IkUAPLsgkcO78ySx8CWwBgYj5xUtBxnT9tHsj lFehj/wMKRTa9YTEqcRzfp12iVHOLwaTfSQotqroNVijIEBod1Mv2RAygbkLhF5u Nymw2yYICk8mEGLTgxJMGjRhDtGUJzvgUgrAQJmXd24Y34W9tXPWp+5dytE75gVG O4ofntHFN2jmVGC4J5zl7R18xn86takqbhRCVguMTehxPooQ++CusZEU359RHyRI X3Fx6ik8g/N3Qktsn2v+Yq+bBOJuVF7yz08xARXAqyv/eHZXO7K3kC5JXE0b/1DW rtP8gOp0fFEe+IpgRVQTk5WNqd68TUZF5lqcePyM8omV69FBK86WBIb7XX+BG2zh gC7BW3sGFhq5U1DIrEUd =BcE0 -----END PGP SIGNATURE-----
diff -ruN lighttpd-1.4.19/debian/changelog lighttpd-1.4.19-patched/debian/changelog --- lighttpd-1.4.19/debian/changelog 2011-01-07 18:32:18.000000000 +0100 +++ lighttpd-1.4.19-patched/debian/changelog 2011-01-07 18:28:02.000000000 +0100 @@ -1,3 +1,11 @@ +lighttpd (1.4.19-5+lenny2) stable; urgency=low + + [ Arno Toell ] + * Fix bug: Recent openssl upgrade breaks lighttpd + (won't start) (Closes: #609124) + + -- XXXXXX <[email protected]> Fri, 07 Jan 2011 17:57:59 +0100 + lighttpd (1.4.19-5+lenny1) stable-security; urgency=high * Non-maintainer upload by the Security Team. diff -ruN lighttpd-1.4.19/debian/patches/series lighttpd-1.4.19-patched/debian/patches/series --- lighttpd-1.4.19/debian/patches/series 2011-01-07 18:32:18.000000000 +0100 +++ lighttpd-1.4.19-patched/debian/patches/series 2011-01-07 18:28:02.000000000 +0100 @@ -6,3 +6,4 @@ lighttpd-1.4.x_request_header_memleak.patch -p0 lighttpd-1.4.x_userdir_lowercase.patch -p0 lighttpd-1.4.x_rewrite_redirect_decode_url.patch -p0 +ssl-retval-fix.patch diff -ruN lighttpd-1.4.19/debian/patches/ssl-retval-fix.patch lighttpd-1.4.19-patched/debian/patches/ssl-retval-fix.patch --- lighttpd-1.4.19/debian/patches/ssl-retval-fix.patch 1970-01-01 01:00:00.000000000 +0100 +++ lighttpd-1.4.19-patched/debian/patches/ssl-retval-fix.patch 2011-01-07 18:28:02.000000000 +0100 @@ -0,0 +1,21 @@ +From: Arno Toell <[email protected]> +Subject: Allow multiple bits in option mask + +* src/network.c Fix bits + +Origin: upstream, http://redmine.lighttpd.net/attachments/1095/08-ssl-retval-fix.patch +Bug: http://redmine.lighttpd.net/issues/2157 +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609124 + + +--- a/src/network.c ++++ b/src/network.c +@@ -332,7 +332,7 @@ + + if (!s->ssl_use_sslv2) { + /* disable SSLv2 */ +- if (SSL_OP_NO_SSLv2 != SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv2)) { ++ if (!(SSL_OP_NO_SSLv2 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv2))) { + log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:", + ERR_error_string(ERR_get_error(), NULL)); + return -1;
