Bug#520124: lighttpd: please release ...
Don't wait for this bug. As long as no one has a good idea how to handle this, there will be no patch. Here the commit message for the revert: Revert url decoding+simplifying before matching of mod_rewrite/mod_redirect - Lot of regressions (we forgot to reencode the result) - Generic problem: after decode and rewrite a?b?c: which '?' was the path?query seperator? - Possible solution: only decode printable characters (without '?'), and encode the result; do not encode the '%' of a not decoded character. - Still a problem with path simplifying, it seems many people use urls like this: http://server1/http%3a//server2/xxx and rewrite the path into the querystring. - Probably only usable with an extra config option = Do NOT use rewrite/redirect to protect specific urls. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#520124: [pkg-lighttpd] Bug#520124: lighttpd: please release ...
ok and if I read the last activity report on this bug, they will not fix this bug tomorow : Updated by stbuehler 101 days ago * Status changed from Fixed to Reopened * Target version changed from 1.4.20 to 1.4.21 * Patch available set to No Patch(es) reverted in 1.4.x (r2362) - too many regressions came up. See commit message for more details. We are not sure yet what to do, maybe we won't fix this at all. Updated by icy 41 days ago * Target version changed from 1.4.21 to 1.4.22 Updated by stbuehler 18 days ago * Target version changed from 1.4.22 to 1.4.23 So it's may be easiest to wait 1.4.23 before release it in unstable ... Krzysztof Krzyżaniak a écrit : there is lighttpd 1.4.22 in our svn repo. Last thing which left before release is to check lighttpd-1.4.x_rewrite_redirect_decode_url.patch. Upstream bug for that is http://redmine.lighttpd.net/issues/1720 with such info: Patch(es) reverted in 1.4.x (r2362) - too many regressions came up. See commit message for more details. petitchevalroux wrote: Package: lighttpd Version: 1.4.19-5 Severity: wishlist Lighttp is now in 1.4.22 in the stable release lot of security fix ... http://www.lighttpd.net/2008/9/30/1-4-20-Otherwise-the-terrorists-win http://www.lighttpd.net/2009/2/16/1-4-21-yes-we-can-do-another-release http://www.lighttpd.net/2009/3/7/1-4-22-echoes I am using unstable and ready to test lighttpd on my dev server ... So I am just waiting ;) -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-openvz-686 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages lighttpd depends on: ii libattr1 1:2.4.43-2Extended attribute shared library ii libbz2-1.0 1.0.5-1 high-quality block-sorting file co ii libc6 2.9-4 GNU C Library: Shared libraries ii libfam02.7.0-13.3Client library to control the FAM ii libldap-2.4-2 2.4.15-1 OpenLDAP libraries ii libpcre3 7.8-2 Perl 5 Compatible Regular Expressi ii libssl0.9.80.9.8g-15 SSL shared libraries ii libterm-readline-perl- 1.0302-1 Perl implementation of Readline li ii lsb-base 3.2-20Linux Standard Base 3.2 init scrip ii mime-support 3.44-1MIME files 'mime.types' 'mailcap ii zlib1g 1:1.2.3.3.dfsg-13 compression library - runtime lighttpd recommends no packages. Versions of packages lighttpd suggests: ii apache2-utils 2.2.11-2 utility programs for webservers ii openssl 0.9.8g-15 Secure Socket Layer (SSL) binary a pn rrdtool none (no description available) -- no debconf information ___ pkg-lighttpd-maintainers mailing list pkg-lighttpd-maintain...@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-lighttpd-maintainers -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#520124: [pkg-lighttpd] Bug#520124: lighttpd: please release ...
there is lighttpd 1.4.22 in our svn repo. Last thing which left before release is to check lighttpd-1.4.x_rewrite_redirect_decode_url.patch. Upstream bug for that is http://redmine.lighttpd.net/issues/1720 with such info: Patch(es) reverted in 1.4.x (r2362) - too many regressions came up. See commit message for more details. petitchevalroux wrote: Package: lighttpd Version: 1.4.19-5 Severity: wishlist Lighttp is now in 1.4.22 in the stable release lot of security fix ... http://www.lighttpd.net/2008/9/30/1-4-20-Otherwise-the-terrorists-win http://www.lighttpd.net/2009/2/16/1-4-21-yes-we-can-do-another-release http://www.lighttpd.net/2009/3/7/1-4-22-echoes I am using unstable and ready to test lighttpd on my dev server ... So I am just waiting ;) -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-openvz-686 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages lighttpd depends on: ii libattr1 1:2.4.43-2Extended attribute shared library ii libbz2-1.0 1.0.5-1 high-quality block-sorting file co ii libc6 2.9-4 GNU C Library: Shared libraries ii libfam02.7.0-13.3Client library to control the FAM ii libldap-2.4-2 2.4.15-1 OpenLDAP libraries ii libpcre3 7.8-2 Perl 5 Compatible Regular Expressi ii libssl0.9.80.9.8g-15 SSL shared libraries ii libterm-readline-perl- 1.0302-1 Perl implementation of Readline li ii lsb-base 3.2-20Linux Standard Base 3.2 init scrip ii mime-support 3.44-1MIME files 'mime.types' 'mailcap ii zlib1g 1:1.2.3.3.dfsg-13 compression library - runtime lighttpd recommends no packages. Versions of packages lighttpd suggests: ii apache2-utils 2.2.11-2 utility programs for webservers ii openssl 0.9.8g-15 Secure Socket Layer (SSL) binary a pn rrdtool none (no description available) -- no debconf information ___ pkg-lighttpd-maintainers mailing list pkg-lighttpd-maintain...@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-lighttpd-maintainers -- ---e-l-o-ye-l-o...@-k-o-f-e-i-n-a-.-n-e-t-- jak to dobrze, że są oceany - bez nich byłoby jeszcze smutniej -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#520124: lighttpd: please release ...
Package: lighttpd Version: 1.4.19-5 Severity: wishlist Lighttp is now in 1.4.22 in the stable release lot of security fix ... http://www.lighttpd.net/2008/9/30/1-4-20-Otherwise-the-terrorists-win http://www.lighttpd.net/2009/2/16/1-4-21-yes-we-can-do-another-release http://www.lighttpd.net/2009/3/7/1-4-22-echoes I am using unstable and ready to test lighttpd on my dev server ... So I am just waiting ;) -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-openvz-686 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages lighttpd depends on: ii libattr1 1:2.4.43-2Extended attribute shared library ii libbz2-1.0 1.0.5-1 high-quality block-sorting file co ii libc6 2.9-4 GNU C Library: Shared libraries ii libfam02.7.0-13.3Client library to control the FAM ii libldap-2.4-2 2.4.15-1 OpenLDAP libraries ii libpcre3 7.8-2 Perl 5 Compatible Regular Expressi ii libssl0.9.80.9.8g-15 SSL shared libraries ii libterm-readline-perl- 1.0302-1 Perl implementation of Readline li ii lsb-base 3.2-20Linux Standard Base 3.2 init scrip ii mime-support 3.44-1MIME files 'mime.types' 'mailcap ii zlib1g 1:1.2.3.3.dfsg-13 compression library - runtime lighttpd recommends no packages. Versions of packages lighttpd suggests: ii apache2-utils 2.2.11-2 utility programs for webservers ii openssl 0.9.8g-15 Secure Socket Layer (SSL) binary a pn rrdtool none (no description available) -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org