On Sun, Apr 20, 2025 at 10:37:54PM +0100, Ximin Luo wrote:
> Package: lighttpd-mod-webdav
> Version: 1.4.79-1
> Severity: important
>
> Dear Maintainer,
>
> PUT on a webdav share gives HTTP 500 since 1.4.79-1.
>
> I have rebuilt 1.4.77-1 from source and verified the problem does not exist
> the
>> Changed Bug title to 'RFS: lighttpd/1.4.79-1 -- light, fast, functional web
>> server' from 'RFS: lighttpd/1.4.77-2 -- light, fast, functional web server'.
>> Request was from Glenn Strauss to
>> cont...@bugs.debian.org. (Wed, 09 Apr 2025 13:33:04
This bug was filed over 8 weeks ago and is still waiting for a sponsor,
despite having been marked "Confirmed" by Phil 8 weeks ago.
It is nice to see that Phil has *greatly* reduced the noise he posts in
subsequent bugs.
It would be even nicer if a sponsor could wade through this sponsorship
requ
On Wed, Feb 12, 2025 at 06:28:59PM +, Phil Wyett wrote:
> [Obsurd amount of noise omitted]
Phil, please remove lighttpd from the list of packages to which you
repeatedly regurgitate script garbage output.
There is little in your voluminous noise that has changed since you
last posted to light
I submitted RFS for lighttpd 1.4.77-2:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1095780
However, it is currently blocked by a bug in media-types package:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1095773
Cheers, Glenn
sing-upstream-signature
even though the tarball is signed.
I used `gbp import-orig --uscan -u $release` to import the tarball.
$ git show --stat pristine-tar
commit 6cce360c99d53a001d2734cb087ab0cd398f70d9 (HEAD -> pristine-tar,
origin/pristine-tar)
Author: Glenn Strauss
Date: Wed Jan
Package: media-types
Version: 11.0.0
https://tracker.debian.org/pkg/media-types clearly shows all
autopkgtests for lighttpd failing since the media-types 11.0.0 submission
five days ago on 6 Feb.
The error is:
FAIL stderr: Duplicate mimetype: '.geojson' => 'application/geopose+json'
(already hav
On Tue, Feb 04, 2025 at 06:48:39PM +0100, Marco Ricci wrote:
> Thus wrote Helmut Grohne:
> > I think we could reasonably remove the entire dependency instead.
> > Whilst lighttpd integrates with systemd, there are more ways to run it
> > (e.g. in an application container it may be started directly)
On Sun, Feb 02, 2025 at 04:36:37PM +0100, Marco Ricci wrote:
> Version 1.4.76-1+b1 of lighttpd depends on systemd-sysv | lsb-base, but
> version 1.4.77-1 of lighttpd depends only on systemd-sysv. This means
> that version 1.4.77-1 transitively installs systemd, which is
> incompatible with using a
On Thu, Jan 23, 2025 at 01:27:32PM -0500, Paul Tagliamonte wrote:
> On Thu, Jan 23, 2025 at 11:16:25AM -0700, Soren Stoutner wrote:
> >> This is not reported on https://tracker.debian.org/pkg/lighttpd
> >
> >I would not expect it to be. tracker.debian.org does not do any
> > automatic
>
On Thu, Jan 23, 2025 at 07:24:25AM +, Phil Wyett wrote:
> On Wed, 2025-01-22 at 20:52 -0500, Glenn Strauss wrote:
> >
> > PLEASE NOTE: **none** of the issues you raised are reported on
> > https://tracker.debian.org/pkg/lighttpd
> >
> > PLEASE NOTE: **a
Control: tags -1 -moreinfo
> I believe 'lighthttpd' is not yet ready for sponsorship at this time. Could
> the
> contributor rectify one of more of the raised issues.
FYI: the name of the software is 'lighttpd', which is a portmanteau of
'light' and 'httpd. The name has *never* been 'lighthttpd
Package: sponsorship-requests
Severity: normal
X-Debbugs-Cc: gs-bugs.debian@gluelogic.com
Dear mentors,
I am looking for a DD sponsor for my package "lighttpd":
https://salsa.debian.org/debian/lighttpd/
I am an upstream lighttpd developer and have participated in
maintaining lighttpd on Deb
> lighttpd's testsuite fails if zlib-ng is used because it compares
> against the exact size of the compressed content. The patch attached
> updates it to ensure the compressed content is at least half of the
> input.
Thank you for the patch. I'll consider incorporating it upstream.
In your patc
tobias.jakobi.compleo added more details in
https://redmine.lighttpd.net/issues/3244
The issue appears to be lighttpd being built with 64-bit time_t, but the
underlying openssl library being built with 32-bit time_t *and* exposing
an API interface using time_t.
The result is that lighttpd might i
> I have noticed something odd though. I created a directory which when
> served by lighttpd in Firefox looks like:
>
> Index of /test/
> ../ - Directory
> This is just a test.mkv/ 2024-Mar-03 13:22:24583.7M video/x-matroska
> This is just a test.txt/ 202
Hi Erik. Please provide more details.
lighttpd config can be printed with
lighttpd -f /etc/lighttpd/lighttpd.conf -p
Including only the literal contents of lighttpd.conf in your bug report
is less useful than the full config.
For more details, please see "How to get support - please read"
htt
On Tue, Feb 27, 2024 at 08:47:22AM +0100, Alexandre Detiste wrote:
> 9e6532694efb91a5da9d39acee0c9a6ce43eb180
>
> Hi,
>
> I uploaded 1.4.74-1 but I noticed just now
> that this would create a UsrMerge regression.
>
> If the .timer & .service are correctly named (too early in the morning
> for me
On Sat, May 13, 2023 at 02:23:13PM +0200, Andrey Rakhmatullin wrote:
> Control: retitle -1 RFS: lighttpd/1.4.70-1 -- light, fast, functional web
> server
>
> On Sat, May 13, 2023 at 04:27:36AM -0400, Glenn Strauss wrote:
> > (This is not actually an NMU, but a non-DD mainta
Package: sponsorship-requests
Severity: normal
X-Debbugs-Cc: gs-bugs.debian@gluelogic.com
Dear mentors,
I am looking for a DD sponsor for my package "lighttpd":
https://salsa.debian.org/debian/lighttpd/
I am an upstream lighttpd developer and have participated in
maintaining lighttpd on Deb
Package: lintian
Version: 2.116.3
Severity: normal
X-Debbugs-Cc: gs-bugs.debian@gluelogic.com
Dear Maintainer,
Problem: lintian: [false positive] shared-library-lacks-prerequisites
lighttpd is a modular application which dynamically loads (dlopen)
optional modules (.so) depending on user lig
Control: tags -1 - moreinfo
On Fri, Feb 17, 2023 at 09:57:17AM +0100, Santiago Ruano Rincón wrote:
> > > Do you think NEWS could be updated?
> >
> > Updated to 1.4.69-1, as this will be the release that contains the
> > change.
>
> Great, thanks! However, just a is a minor typo:
>
> +++ lighttp
On Tue, Feb 14, 2023 at 05:50:12PM +0100, Santiago Ruano Rincón wrote:
> Hello Glenn,
>
> El 12/02/23 a las 08:54, Glenn Strauss escribió:
> > > Since you are listed in Uploaders:, this shouldn't be a NMU. I don't
> > > understand why lintian doesn't co
> Since you are listed in Uploaders:, this shouldn't be a NMU. I don't
> understand why lintian doesn't complain about this in this job:
> https://salsa.debian.org/debian/lighttpd/-/jobs/3931309
> but don't have the time to investigate that right now.
>
> Please, fix the changelog.
changelog upda
Package: sponsorship-requests
Severity: normal
X-Debbugs-Cc: gs-bugs.debian@gluelogic.com
Dear mentors,
I am looking for a DD sponsor for my package "lighttpd":
https://salsa.debian.org/debian/lighttpd/
I am an upstream lighttpd developer and have participated in
maintaining lighttpd on Deb
Package: media-types
Version: 8.0.0
Severity: normal
X-Debbugs-Cc: gs-bugs.debian@gluelogic.com
Dear Maintainer,
media-types 9.0.0 duplicates .aml, breaking lighttpd autopkgtest
Regression is currently reported on https://tracker.debian.org/pkg/media-types
and blocking media-types 9.0.0 for
On Thu, Jun 09, 2022 at 08:01:58AM +, nico wrote:
> Dear Maintainer,
> we use an faster sd-card in our embedded system, nothing else.
> Now the start from the lighttpd server takes often over an minute.
> we use debian 10, for the bug submit i upgrade to bullseye, but the behaviour
> is the sa
> This also fails, the following works:
>
> systemctl reload lighttpd.service > /dev/null 2>&1;
That will start lighttpd if it is not running, which might not be
desirable. I think that a different solution is warranted.
/etc/logrotate.d/lighttpd is doing the correct thing, calling
/etc/init.
"lighttpd.conf" is not the whole lighttpd configuration.
Print the config with: lighttpd -f /etc/lighttpd/lighttpd.conf -p
Your probable error is well-documented as user misconfiguration:
$SERVER["socket"] must not be nested in other lighttpd config conditions
https://wiki.lighttpd.net/Docs_SSL#C
I believe this bug was addressed in
https://salsa.debian.org/mariadb-team/mariadb-10.5/-/merge_requests/2
Cheers, Glenn
On Fri, Mar 05, 2021 at 05:12:17PM +0100, Pino Toscano wrote:
> Personally, I'd argue that switching the FAM implementation across the
> distribution _is_ a "transition", and as such it ought to have been
> requested (if not even started) two months ago.
In July 2020, #966273 was filed: RFA: fam
In #981513, courier changed to use libgamin-dev, so
kcoreaddons is now the *only* remaining package using FAM.
As such, there is considerably more risk to doing nothing
than there is to migrating to gamin.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510368
is over 12 years old. It's time t
On Wed, Mar 03, 2021 at 02:54:58PM -0500, Nicholas D Steeves wrote:
> Hi,
>
> Glenn Strauss writes:
>
> > gamin provides libfam0.
> >
> > kcoreaddons should load just fine with libfam0 from gamin.
> >
> > I did the research in #510368 and #966273, revie
On Wed, Mar 03, 2021 at 11:23:41AM +0100, Markus Wanner wrote:
> On 03.03.21 09:21, Glenn Strauss wrote:
> > If there is any remaining concern about upgrade compatibility,
>
> ..none from my side. Courier would simply depend on gamin only. I don't
> see why that wo
On Thu, Mar 04, 2021 at 08:23:44AM +0100, Sune Stolborg Vuorela wrote:
>
> On 3/3/21 8:54 PM, Nicholas D Steeves wrote:
> >
> > thus FAM covers a use case that gamin does not, and this case is: users
> > who want to receive inotify style events for files that have been
> > remotely created or mod
On Wed, Mar 03, 2021 at 02:54:58PM -0500, Nicholas D Steeves wrote:
> I don't think the removal of FAM is as clear-cut as it has been
> presented to be.
>
> AFAIK the following is still current: Gamin provides "No NFS support
> based on specific RPC and server, instead gamin monitors only the stat
If there is any remaining concern about upgrade compatibility,
how about this:
In Bullseye, change the fam package to import the gamin source, and
then bump the fam package version number. The fam package would
actually be the same as gamin, and upgrades would avoid any packaging
system deficienc
gamin provides libfam0.
kcoreaddons should load just fine with libfam0 from gamin.
I did the research in #510368 and #966273, reviewing the actual code
and confidentally concluded that FAM can be removed from Bullseye.
The safest choice is to have a single library (gamin) used in the
distro, rat
On Wed, Mar 03, 2021 at 08:06:57AM +0100, Markus Wanner wrote:
> On 03.03.21 07:02, Glenn Strauss wrote:
> > Please replace "libfam-dev" with "libgamin-dev" in debian/control
> >
> > Also, please replace "gamin | fam" with simply "gamin&q
Markus,
Please replace "libfam-dev" with "libgamin-dev" in debian/control
Also, please replace "gamin | fam" with simply "gamin" for Bullseye.
Cheers, Glenn
Please upgrade to 2.25.0 in Debian testing. Thank you.
mbedtls 2.25.0 was released almost 3 months ago.
mbedtls 2.24.0 was 6 months ago.
Since mbedtls 2.24.0, mbedtls supports TLSv1.3.
https://github.com/ARMmbed/mbedtls/releases
On Thu, Jan 07, 2021 at 02:53:17PM +0100, Alexandre Duret-Lutz wrote:
> FWIW more uppercase variants are now present in media-types 2.0.0
>
> audio/AMR amr AMR
> audio/AMR-WBawb AWB
> audio/EVRC-QCP
On Mon, Jan 04, 2021 at 11:23:48AM -0300, Antonio Terceiro wrote:
> Package: lighttpd
> Version: 1.4.57-1
> Severity: grave
> Justification: renders package unusable
>
> Dear Maintainer,
>
> After media-types has been upgraded to 1.1.0, lighttpd fails to start,
> complaining about duplicated medi
Source: nss
Severity: important
Tags: ftbfs patch
X-Debbugs-Cc: gs-debian@gluelogic.com, debian-m...@lists.debian.org
Dear Maintainer,
On m68k on the Debian build farm, nss fails to build.
Patch to fix issue is provided at:
https://salsa.debian.org/mozilla-team/nss/-/merge_requests/3
I te
> Changing the value of 'server.username' in lighttpd.conf causes the
> server to fail to start. In my particular configuration, with webdav
> enabled, I get the following error:
>
> Starting Lighttpd Daemon...
> (mod_webdav.c.1153) sqlite3_open()
> '/var/cache/lighttpd/lighttpd.webdav.db': unable
mbedTLS 2.24.0 also addresses recent mbedTLS security advisories
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972806
Please upgrade to 2.24.0 in Debian testing. Thank you.
Earlier this year, an issue was filed for security advisories in April:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963159
Source: mbedtls
Version: 2.16.0-1
Severity: serious
Tags: security
Justification: security
Dear Maintainer,
Mbed TLS 2.16.8 released 1 Sep 2020 addresses 3 security advisories
==> Please update mbedtls in all active Debian releases. Thank you.
https://github.com/ARMmbed/mbedtls/releases
https:/
cross-posting to:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966273
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510368
stbuehler wrote:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966273
> Is there any reason to keep FAM around any longer in your opinion,
> given upstream is
Did you have a prior version of lighttpd running successfully?
Which version?
Please share your current lighttpd config
$ lighttpd -f /etc/lighttpd/lighttpd.conf -p
$ lighttpd -f /etc/lighttpd/lighttpd.conf -tt
If you have strace installed:
$ strace -s 1024 lighttpd -f /etc/lighttpd/lighttpd.conf
Thanks for the report and suggestion.
As you know, a patch has been pending since May
https://salsa.debian.org/debian/lighttpd/-/commit/744b38fd5c4c4c11123733d1a5f1239a5a9b5a0d
tags 961843 - moreinfo
down brute force password attacks
+https://redmine.lighttpd.net/boards/3/topics/8885
+ * do not accept() > server.max-connections
+ * update /var/run -> /run for systemd (closes: #929203)
+
+ -- Glenn Strauss Sat, 21 Mar 2020 18:30:00 -0500
+
lighttpd (1.4.53-4) unstable; urgency=
> > I'm attaching the correct debdiff now.
>
> There doesn't appear to have actually been an attachment here.
I believe that the original debdiff attachment is correct.
Please advise if that is not the case.
Cheers, Glenn
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
Dear Maintainer,
Greetings! I am an upstream maintainer of lighttpd.
Please accept this backport of important patches from
lighttpd 1.4.54 (released 2019.05.27)
lighttpd 1.4.5
Source: lighttpd
Version: 1.4.53-4
Severity: normal
Tags: buster, patch
Dear Maintainer,
Greetings! I am an upstream maintainer of lighttpd.
Please accept this backport of important patches from
lighttpd 1.4.54 (released 2019.05.27)
lighttpd 1.4.55 (released 2020.01.31)
The patches to back
> GET requests send invalid data for files above 30kB when connecting to the
> server over http. But GET requests send good data when connecing over https.
What do you mean by "invalid data"? Please be more specific.
What kind of requests? Please be more specific.
It would be hightly unlikely
Package: sponsorship-requests
Severity: important
Dear mentors,
Please release lighttpd 1.4.53-5 as a stable-update to Buster.
I am a lighttpd developer (upstream) and have prepared lighttpd 1.4.53-5
on the 'buster' branch at
https://salsa.debian.org/debian/lighttpd/-/tree/buster
The debian/ch
Package: sponsorship-requests
Severity: important
Dear mentors,
Please release lighttpd 1.4.53-5 as a stable-update to Buster.
I am a lighttpd developer (upstream) and have prepared lighttpd 1.4.53-5
on the 'buster' branch at
https://salsa.debian.org/debian/lighttpd/-/tree/buster
The debian/ch
Source: lighttpd
Version: 1.4.53
Severity: important
Tags: upstream
Dear Maintainer,
POST requests use way more memory than in lighttpd 1.4.51 when lighttpd
is configured with: server.stream-request-body = 2
Upstream bug report: https://redmine.lighttpd.net/issues/2948
The excessive memory use
lighttpd ssl.* directives can be inherited from the global scope
(without needing to be repeated in each condition) if the only ssl.*
directive in a socket condition is
$SERVER["socket"] == "..." { ssl.engine = "enable" }
conf-available/10-ssl.conf and use-ipv6.pl can be modifed to achieve
the b
; I can't understand this behavior.
>
> Thank you for the detailed report. I don't fully understand this either
> and am thus Ccing Glenn Strauss (upstream).
https://en.wikipedia.org/wiki/UTF-8#Overlong_encodings
"
The standard specifies that the correct encoding of a
Yes, you are right that the doc is outdated. The debian package
installs docs from the lighttpd source tree path doc/outdated/*.txt
We are aware of this issue, but it is non-trivial to correct.
Updated lighttpd SSL doc can be found at:
https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_SSL
> Problem #2:
>
> lighttpd presently produces 11 binary packages. That's quite many for an
> otherwise small package. Adding binary packages has a metadata cost to
> the Debian archive that affects everyone (not just lighttpd users). We
> should seek to reduce the package count.
IMHO, it appears t
Source: lighttpd
Version: 1.4.52-1
> Problem #2:
>
> lighttpd presently produces 11 binary packages. That's quite many for an
> otherwise small package. Adding binary packages has a metadata cost to
> the Debian archive that affects everyone (not just lighttpd users). We
> should seek to reduce th
lighttpd systemd service can be improved
(related bug #856001, bug #838473, and bug #877870)
Changes in recent versions of lighttpd allow graceful restart
and other features
Since lighttpd 1.4.46:
https://git.lighttpd.net/lighttpd/lighttpd1.4.git/commit/?h=0ae6bab4a97f12a0c93200df36ac174169
lighttpd 1.4.50 released
https://www.lighttpd.net/2018/8/13/1.4.50/
67 matches
Mail list logo
