Your message dated Mon, 18 Nov 2013 23:03:41 +0000
with message-id <e1vixr3-00086b...@franck.debian.org>
and subject line Bug#729480: fixed in lighttpd 1.4.33-1+nmu2
has caused the Debian Bug report #729480,
regarding SSL connections with client certificates no longer working
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
729480: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729480
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: lighttpd
Version: 1.4.31-4+deb7u1
Severity: important
I am running a webserver that only offers https and normally requires
client certificates. When I install the security upgrade
1.4.31-4+deb7u1 and restart lighttpd, with some delay (when I keep
hitting reload in a client, it works 5-10 times) no more connections
with client certificates succeed.
Firefox reports "connection was interrupted", chrome
ERR_SSL_PROTOCOL_ERROR, lighttpd's error log fills with messages saying:
(connections.c.305) SSL: 1 error:140D9115:SSL
routines:SSL_GET_PREV_SESSION:session id context uninitialized
"regualar" https-Connections (w/o client certificate) continue to
work. After restarting lighttpd, everything works again for a little
while, then trouble starts again.
With lighttpd 1.4.31-4 everything works fine; this problem definitely
has been introduced with the security patches for 1.4.31-4+deb7u1.
--- End Message ---
--- Begin Message ---
Source: lighttpd
Source-Version: 1.4.33-1+nmu2
We believe that the bug you reported is fixed in the latest version of
lighttpd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 729...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Gilbert <mgilb...@debian.org> (supplier of updated lighttpd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 16 Nov 2013 22:29:07 +0000
Source: lighttpd
Binary: lighttpd lighttpd-doc lighttpd-mod-mysql-vhost
lighttpd-mod-trigger-b4-dl lighttpd-mod-cml lighttpd-mod-magnet
lighttpd-mod-webdav
Architecture: source amd64 all
Version: 1.4.33-1+nmu2
Distribution: unstable
Urgency: high
Maintainer: Debian lighttpd maintainers
<pkg-lighttpd-maintain...@lists.alioth.debian.org>
Changed-By: Michael Gilbert <mgilb...@debian.org>
Description:
lighttpd - fast webserver with minimal memory footprint
lighttpd-doc - documentation for lighttpd
lighttpd-mod-cml - cache meta language module for lighttpd
lighttpd-mod-magnet - control the request handling module for lighttpd
lighttpd-mod-mysql-vhost - MySQL-based virtual host configuration for lighttpd
lighttpd-mod-trigger-b4-dl - anti-deep-linking module for lighttpd
lighttpd-mod-webdav - WebDAV module for lighttpd
Closes: 729480
Changes:
lighttpd (1.4.33-1+nmu2) unstable; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix regression caused by the fix for cve-2013-4508 (closes: #729480).
Checksums-Sha1:
6fef1302166aabaf6af87389dc5de774900db488 3413 lighttpd_1.4.33-1+nmu2.dsc
66e7cf4aedd49e85384aea470b0b92ee49fbe719 32326
lighttpd_1.4.33-1+nmu2.debian.tar.gz
90dcdb6d04ce4d8831aae4766f40c0bde85a58b4 234068
lighttpd_1.4.33-1+nmu2_amd64.deb
56546f2d3cbebd6f1229f586108b77d35c6f056e 60494
lighttpd-doc_1.4.33-1+nmu2_all.deb
97531f2e5492e3bac02892e7ddfe0188c8ca3baa 18970
lighttpd-mod-mysql-vhost_1.4.33-1+nmu2_amd64.deb
3b0386058cf1d2a41d77f19162287c4ada279643 20282
lighttpd-mod-trigger-b4-dl_1.4.33-1+nmu2_amd64.deb
508ef1c6a06156ef21a4aae9e57362816b4514fb 22804
lighttpd-mod-cml_1.4.33-1+nmu2_amd64.deb
7af51b5bfbe881d70a3f4738ee33b2a8d20bf393 23622
lighttpd-mod-magnet_1.4.33-1+nmu2_amd64.deb
c59085badefe771fa7b750dbba73ff7effb39cf1 29078
lighttpd-mod-webdav_1.4.33-1+nmu2_amd64.deb
Checksums-Sha256:
f44f02518bf9f225dbd5a0daa2c8ee4f7474c8b0d5702fa1504f9b982e8a1d72 3413
lighttpd_1.4.33-1+nmu2.dsc
1dcec0dd427c670f2be185fe529bdb0581fa05ac6cfb3795ce939b895793f833 32326
lighttpd_1.4.33-1+nmu2.debian.tar.gz
087a7c7e41afbf699b015d99beee60e8ed21c5ae4ff06409bbc2d2e3e520f2f1 234068
lighttpd_1.4.33-1+nmu2_amd64.deb
6155395b378f3ee5468829bff1196c87f8d6983573c28642e461a9931cd48a9e 60494
lighttpd-doc_1.4.33-1+nmu2_all.deb
bf2bf5d0da84d6cadd20722a7c8c9b1a56090ec09c3b5cf3e3ce5743177a3209 18970
lighttpd-mod-mysql-vhost_1.4.33-1+nmu2_amd64.deb
c3567d6647009de7fd0741a5b54559e8cab59f29d75a6c0a5f2095d18ec9ae30 20282
lighttpd-mod-trigger-b4-dl_1.4.33-1+nmu2_amd64.deb
aafe55d611a76de32d9101f7bc748b4f68ed8426f8ea92e4cfe19557bdc5b6d7 22804
lighttpd-mod-cml_1.4.33-1+nmu2_amd64.deb
901daee270f2e0236a7727662c09f0e3b5d3ffe5584af41268468ee4e69572aa 23622
lighttpd-mod-magnet_1.4.33-1+nmu2_amd64.deb
ab0a0009a1decf012406bf37a13083ebeb57d6cc760c388f5f68f3831fcae6c0 29078
lighttpd-mod-webdav_1.4.33-1+nmu2_amd64.deb
Files:
e8584daf0201e9d8cdf209920cc62b78 3413 httpd optional lighttpd_1.4.33-1+nmu2.dsc
a598531dbbe31786dd213fc4410b78e3 32326 httpd optional
lighttpd_1.4.33-1+nmu2.debian.tar.gz
93c804f76cd52cb7a158063c7b3af2d2 234068 httpd optional
lighttpd_1.4.33-1+nmu2_amd64.deb
5a2462d9a5418a3bbf18d1c2e20eeb64 60494 doc optional
lighttpd-doc_1.4.33-1+nmu2_all.deb
aa60a776416dcab8ed54e31c3789c09e 18970 httpd optional
lighttpd-mod-mysql-vhost_1.4.33-1+nmu2_amd64.deb
972f45116fb487bb1e3f4b2608b4bcd0 20282 httpd optional
lighttpd-mod-trigger-b4-dl_1.4.33-1+nmu2_amd64.deb
3a100dc11cd29e4c6e44ad2d336ec8e0 22804 httpd optional
lighttpd-mod-cml_1.4.33-1+nmu2_amd64.deb
974c1b069355c5684328206073d23e15 23622 httpd optional
lighttpd-mod-magnet_1.4.33-1+nmu2_amd64.deb
981893a285243ae85d48c9542ada75e3 29078 httpd optional
lighttpd-mod-webdav_1.4.33-1+nmu2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
iQQcBAEBCgAGBQJSh/WzAAoJELjWss0C1vRzhn0f/0KmEqE38/MEJpV2qYExrcba
KInqHiUFD7y/dRX6HT/giYUg6g/MZzz3/gHUPkP4Zd5GgDkq7NqFK+R33T3HcI2j
3rvNwKpUCK9W/mKm3jfWLzAxVnJyt3XulknFMAs7K4KAFeUWqVT3h+/YtSTqbJW5
MEUIgDovHLsFcBlKUBRPOc36S65Ux3yDYUIGtHii6gadDwqOWlNZVz81hmLYcqUv
UGQgz0BKvhRjGenxY/d08NwfjRKCDeeCNMmyru2V83PTpFuqk7GXGhEYEVPbdCv3
R80U+v0DFmU18c5Szc8/DvVMUIUrh7MLQHVLv68iCWLMelSj1mxagHAYWEeKKDjR
xTVTDJXdbochzXuBeHLqrIt40Gz+vGfwoSirls6KL+osfNHyqqD+gG8jBcjlOX/e
oQa2aql33XbAXDBbMCCCMMf5ZD4676kwR9EaSDsMuUhmvjbUNnV+gSDJK8bwcrr0
eJubGwkL+uxUk9cbrbFzKlZD2uRRSrSB+hnRtVxDabJtOZtxlX65d3hx6K2Rw+zg
9VLSwqUQdxN/9ANAaurbtQG7ikf+jezoHbmkDdSJdn+RmBgU45C6fkSmdHdTkSem
S+3d4NljHg8b1j9PI6xciwLt7vX9ppKmtynNatzbWGieN2kGkJe1igabYzxoo+uN
5DumB6VISj8hP9P6Mb6uWbS4+AhoUJrj6GxLJSdUnZueJt6bWyhEBda13IJKqlkU
iXXiZb75XvuhKL2ySPD1q/XPwr0TyueJtcxzCtBQvAeZhYLN56cFTBnQK5FbZIfj
Dp1i983BnOVbl/IOyui0RjK6o9OR/9xW5viGwALgxcmjvBUJNznq0xt52hHQLI5r
zc059yAVImwD4nFUOd9RkuPYEEVJAhIedb0J7vY2MO1At+vnMvcilHYZNJKC66mZ
sA47c4VKSPCcCqRk9rTRH7hz9IGVGlNsQ/rw7UmbD9GO+YOXoSbKs0piJDP1lWXl
v5Sk2z0D/Fh7CG85Ddc+4QdTmDKmMtH2Ma7XSa/WC4igIBi20SYj8+lg+45oWK+J
SYHXNlisEzjbutG46JsRo1BraVtOaIN7KvzIhGm1XT+ygaYVJtw/2HEyIAIqC7vF
kyPWwLcdbDBGxuzcASVLcNoohvlh+Lyz6b7RFyCxS9Lf3ro1WZ1/xDaioePWu5YX
0RBg0bvkzxbGFB6asXakoxWhdol2gNICNuNLEsZEUYlMqDv+WaDHJCZ7ksiCxukh
NdP3WgG5dfLnRTnk7J1IaE9YAOLlgvCCKWbIspkRX2WGmnytD5TGKFpmQ+KNDGWc
asWidvkyod9bmuDOVM9eWXLbA5vUPvtye59YZS8lCOAGIgylf4KRJrwS8fXaucc=
=0riL
-----END PGP SIGNATURE-----
--- End Message ---
