Hello community, here is the log from the commit of package lighttpd for openSUSE:Factory checked in at 2013-06-28 17:46:26 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/lighttpd (Old) and /work/SRC/openSUSE:Factory/.lighttpd.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "lighttpd" Changes: -------- --- /work/SRC/openSUSE:Factory/lighttpd/lighttpd.changes 2012-06-13 22:24:42.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.lighttpd.new/lighttpd.changes 2013-06-28 17:46:27.000000000 +0200 @@ -1,0 +2,32 @@ +Tue Jun 25 09:57:35 UTC 2013 - pgajdos@suse.com + +- with gcc 4.8 parallel tests seems to be broken + * lighttpd-serial-tests.patch + +------------------------------------------------------------------- +Wed Nov 21 12:10:56 UTC 2012 - mrueckert@suse.de + +- update to 1.4.32: bnc#790258 CVE-2012-5533 + - Code cleanup with clang/sparse (fixes #2437, thx kibi) + - Ignore EPIPE/ECONNRESET after SSL_shutdown + - Handle ENAMETOOLONG, return 404 Not Found (fixes #2396, thx + dererkazo) + - configure.ac: remove old stuff, add some new to fix warnings in + automake 1.12 (fixes #2419, thx blino) + - add PATCH method (fixes #2424) + - fix :port handling in $HTTP["host"] checks (fixes #2135. thx + liming) + - network_server_init: fix double free and memleak on error + (fixes #2440, thx kyprizel) + - detect "x-gzip"/"x-bzip2" as separate encodings, more strict + encoding matching (fixes #2443) + - tests: make sure mod_proxy doesn't leave running processes + (fixes #2435, thx kibi) + - mod_extforward: log address of untrusted proxy with + debug.log-request-handling + - fix DoS in Connection header value split (reported by Jesse + Sipprell, CVE-2012-5533) + - remove whitespace at end of header keys +- refreshed lighttpd-automake.patch + +------------------------------------------------------------------- Old: ---- lighttpd_1.4.31-1.dsc lighttpd_1.4.31.orig.tar.bz2 New: ---- lighttpd-serial-tests.patch lighttpd_1.4.32-0.1.debian.tar.gz lighttpd_1.4.32-0.1.dsc lighttpd_1.4.32.orig.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ lighttpd.spec ++++++ --- /var/tmp/diff_new_pack.TasO0J/_old 2013-06-28 17:46:28.000000000 +0200 +++ /var/tmp/diff_new_pack.TasO0J/_new 2013-06-28 17:46:28.000000000 +0200 @@ -17,7 +17,7 @@ Name: lighttpd -Version: 1.4.31 +Version: 1.4.32 Release: 0 # %define pkg_name lighttpd @@ -25,6 +25,7 @@ %define pkg_home /var/lib/%{pkg_name} # BuildRoot: %{_tmppath}/%{name}-%{version}-build +BuildRequires: iputils BuildRequires: FastCGI-devel BuildRequires: e2fsprogs-devel BuildRequires: fam-devel @@ -93,7 +94,7 @@ # Url: http://www.lighttpd.net/ # Source: http://www.lighttpd.net/download/%{pkg_name}-%{version}.tar.bz2 -Source: lighttpd_%{version}.orig.tar.bz2 +Source: lighttpd_%{version}.orig.tar.gz Source1: %{pkg_name}.init Source2: %{pkg_name}.sysconfig Source4: lightytest.sh @@ -101,13 +102,17 @@ Source6: lighttpd-ssl.SuSEfirewall Source7: lighttpd.logrotate # this is just dummy to pass the check for factory and still have one package for deb and rpm -Source99: lighttpd_1.4.31-1.debian.tar.gz +Source99: lighttpd_1.4.32-0.1.debian.tar.gz Patch: lighttpd-1.4.13_geoip.patch Patch1: lighttpd-automake.patch +# workaround -- disable parallel tests, broken with gcc 4.8 +Patch2: lighttpd-serial-tests.patch # Summary: A Secure, Fast, Compliant, and Very Flexible Web Server License: BSD-3-Clause Group: Productivity/Networking/Web/Servers +Provides: http_daemon +Provides: httpd %description Lighttpd is a secure, fast, compliant, and very flexible Web server @@ -290,14 +295,13 @@ %if 0%{?with_geoip} %patch %if 0%{?suse_version} > 1210 -%patch1 -p1 +%patch1 %endif %endif +%patch2 -p1 %build -%if 0%{?with_geoip} autoreconf -fi -%endif export CFLAGS="%{optflags} -DLDAP_DEPRECATED -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -std=gnu99" %if %suse_version > 1000 export CFLAGS="$CFLAGS -fstack-protector" ++++++ lighttpd-automake.patch ++++++ --- /var/tmp/diff_new_pack.TasO0J/_old 2013-06-28 17:46:28.000000000 +0200 +++ /var/tmp/diff_new_pack.TasO0J/_new 2013-06-28 17:46:28.000000000 +0200 @@ -1,21 +1,12 @@ -Index: lighttpd-1.4.31/configure.ac +Index: configure.ac =================================================================== ---- lighttpd-1.4.31.orig/configure.ac -+++ lighttpd-1.4.31/configure.ac +--- configure.ac.orig ++++ configure.ac @@ -23,6 +23,7 @@ AC_PROG_CPP dnl AC_PROG_CXX AC_PROG_LN_S AC_PROG_MAKE_SET +AM_PROG_AR - dnl check environment - AC_AIX -@@ -39,7 +40,7 @@ AM_CONDITIONAL(NO_RDYNAMIC, test x$NO_RD - AC_EXEEXT - - dnl more automake stuff --AM_C_PROTOTYPES -+dnl AM_C_PROTOTYPES - - dnl libtool - AC_DISABLE_STATIC + dnl AM_PROG_AR is needed for some linker stuff + dnl AC_USE_SYSTEM_EXTENSIONS requires autoconf 2.60 ++++++ lighttpd-serial-tests.patch ++++++ Index: lighttpd-1.4.32/tests/Makefile.am =================================================================== --- lighttpd-1.4.32.orig/tests/Makefile.am +++ lighttpd-1.4.32/tests/Makefile.am @@ -1,6 +1,8 @@ # lighttpd.conf and conformance.pl expect this directory testdir=$(srcdir)/tmp/lighttpd/ +AUTOMAKE_OPTIONS = serial-tests + if CHECK_WITH_FASTCGI check_PROGRAMS=fcgi-auth fcgi-responder ++++++ lighttpd_1.4.31-1.dsc -> lighttpd_1.4.32-0.1.dsc ++++++ --- /work/SRC/openSUSE:Factory/lighttpd/lighttpd_1.4.31-1.dsc 2012-06-12 07:09:20.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.lighttpd.new/lighttpd_1.4.32-0.1.dsc 2013-06-28 17:46:27.000000000 +0200 @@ -1,18 +1,18 @@ -----BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 +Hash: SHA256 Format: 3.0 (quilt) Source: lighttpd Binary: lighttpd, lighttpd-doc, lighttpd-mod-mysql-vhost, lighttpd-mod-trigger-b4-dl, lighttpd-mod-cml, lighttpd-mod-magnet, lighttpd-mod-webdav Architecture: any all -Version: 1.4.31-1 +Version: 1.4.32-0.1 Maintainer: Debian lighttpd maintainers <pkg-lighttpd-maintainers@lists.alioth.debian.org> Uploaders: Krzysztof Krzyżaniak (eloy) <eloy@debian.org>, Olaf van der Spek <olafvdspek@gmail.com>, Arno Töll <arno@debian.org> Homepage: http://lighttpd.net/ Standards-Version: 3.9.3.1 Vcs-Browser: http://anonscm.debian.org/viewvc/pkg-lighttpd/lighttpd/trunk/ Vcs-Svn: svn://svn.debian.org/pkg-lighttpd/lighttpd/trunk -Build-Depends: debhelper (>= 8), mime-support, libssl-dev, zlib1g-dev, libbz2-dev, libattr1-dev, libpcre3-dev, libmysqlclient-dev, libfam-dev, libldap2-dev, libfcgi-dev, libgdbm-dev, libmemcache-dev, liblua5.1-0-dev, pkg-config, uuid-dev, libsqlite3-dev, libxml2-dev, libkrb5-dev, perl, dpkg-dev (>= 1.16.1~) +Build-Depends: debhelper (>= 8), mime-support, libssl-dev, zlib1g-dev, libbz2-dev, libattr1-dev, libpcre3-dev, libmysqlclient-dev, libfam-dev, libldap2-dev, libfcgi-dev, libgdbm-dev, libmemcache-dev, liblua5.1-0-dev, pkg-config, uuid-dev, libsqlite3-dev, libxml2-dev, libkrb5-dev, perl Package-List: lighttpd deb httpd optional lighttpd-doc deb doc optional @@ -22,29 +22,29 @@ lighttpd-mod-trigger-b4-dl deb httpd optional lighttpd-mod-webdav deb httpd optional Checksums-Sha1: - 6b3babc9df173cea5ae4756c2fd6b0e85e015f2a 840123 lighttpd_1.4.31.orig.tar.gz - 80b3a0786bf069868d4b0dc0c5178ddce84ff1a8 26633 lighttpd_1.4.31-1.debian.tar.gz + 7177a9350f530f89c4538c75d08cfbc403844a5c 846615 lighttpd_1.4.32.orig.tar.gz + 8a7ecb534e425a72c6b7e6822798d442c00bf0b0 27113 lighttpd_1.4.32-0.1.debian.tar.gz Checksums-Sha256: - 848a15604bf358d9355bd7a48c01f448c286734dbb5f4dc1cd16acb8b05a9b52 840123 lighttpd_1.4.31.orig.tar.gz - 38a0911ab97b21ef531693760b4ce4c0641d8e560f403c3cebac36863689bcf6 26633 lighttpd_1.4.31-1.debian.tar.gz + 0765e07dac432393dea3950639d5ba646ded95a9408ad002e54b3353ab6b9645 846615 lighttpd_1.4.32.orig.tar.gz + 56f480e6d5f13a61ca1a671c39b7f2b53a7f96ab23c3e85715afd3b824d3e77d 27113 lighttpd_1.4.32-0.1.debian.tar.gz Files: - 7907b7167d639b8a8daab97e223249d5 840123 lighttpd_1.4.31.orig.tar.gz - 20d50979fc2704ff7ead982a1282c4a5 26633 lighttpd_1.4.31-1.debian.tar.gz + d2eaf2ed77670bd25597f61c3a28c074 846615 lighttpd_1.4.32.orig.tar.gz + 6528cfe27a137f107a834f4ca560f40b 27113 lighttpd_1.4.32-0.1.debian.tar.gz -----BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.11 (GNU/Linux) +Version: GnuPG v1.4.12 (GNU/Linux) -iQIcBAEBAgAGBQJPyUSFAAoJEMcrUe6dgPNt2fAQAMSEF/ty3BMpIO/BR1+BIg4S -itV89SLjEo8rHsXxrJ2C0rYNAQ8cM+vOgnSCqSovDf5lKuMhIW+BrMClIW+rbu1K -uuYJijRNOhZWq5RjAOU2PmTpxLdKsrZdZczFtY25RwgQyqFnF5zZax5oBHsKPPoc -SE9llwiyivC6X6A8xyHEfeeq+c3vRJ36bQu32pBbs36IsG0j1osRTuGJM/7ASFtL -ejnztef0Da5/PsWutTPQTA1qoUqgjGoQXvahdACZ1m0bWTwV8PS5w7JmtMkVI6lj -PSpuWCOvmjdUaUfB64gt3LpvJ+7b6C24UHbYbuYaaUEg9DceqRkPNCDjgrBkkDfd -6UIb79Gas1fpcuepjr26eOIApL45hfXB4aKWS1I6mHO5bNuJv0cKFpokwWxRkEoz -uRHLlWCUgn+23i16TrzKNkcouPz+LWWI1b/0RIKN80rwfU34cEp4fZTz/HYwdwNi -hTPl6XLVL6AdJDlouATksn3Af2Ubkt0ajQEKwAn0ymsTE0G9+BAwmkBUymebsTKp -Lw9OLGq+eWcChjHtWgF7OwD15CDYagrt65nPYcPbtkWkltPMEJ5qQ7TNrMvzlV5+ -Auzz7VGCr5x530518pN5Kf8qUqKBQuzMMudxSlR6HUecnhYy4QafD/YZinremb2h -wcvzxMRKxRmwfKgK/OCq -=lPv/ +iQIcBAEBCAAGBQJQrJvoAAoJEODn0BcelbrXsOkP/2kmQwYGmfaVtJVhsY+zUHrG +WrdwuZxIKuADj1CAUNPJzZdVU7rNs1nBn/qJCmyGYhciBrSq9M6DdqM727q7aSKd +O4sH1TsaPIpTknj6oUnX1bM+2o+3miH9uFxVAXrJvbfAlD5tQ0nOiG87LNlFw1rk +oVEyT6VD84cusyYF8QKyR9l7QL9D5EmnLhZ14XKHkN3iWf5G3YmwAA3JRBL3/Ig3 +IMQVUBogQSIuJ76QtmLtisSRpfyvocFjzsUZcT9Q2Qygxlg4PF6rH9fSDJZjLSX6 +dd/DmDb/oV3GQuscr+LLoYVcyR8YaFAm/u6nKFhPWAqrQPKSLiSjbWa6vUefAF9r +40xhtwU6nVM+QKSIWE5e4kHnkAlNmfrk+Oi3XLLI5raWYKgh0ZMWh0nYCRfmbceG +l0+xOkAciPahFPzujHCaYkXYYuXZFvFl8DbJY6aVZVxMzxG75I/Lo/Z9cglQMgdI +UHGNsjkR92VVEKqqCgx5TlDylKSOVJs4YeGZcnXEBX2A0dJOTr3BNzl+ceDcxUSn +6FFAZVnL3riK8SaCaMZpcneZQBEdg3uIprAndAOGEWAgg5d+ZZVEQfEMsbFh4+JP +rz0QlXFqhZ2g+9hc5Y/WldAfXU4gW7vW7NbXGSuRva9mkad89Ti3uldGRtjejBD/ +Uh0Jc7Ix1XN94yfcvNtp +=JkaD -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org