Comment 4 for bug 233966

This bug was fixed in the package lighttpd - 1.4.19-4ubuntu1

---------------
lighttpd (1.4.19-4ubuntu1) intrepid; urgency=low

  * Merge from debian unstable (LP: #233966), remaining changes:
    - debian/rules: (From Debian)
    - Remove spurious mkdir in debian/rules (Closes: dbts 448160).
    - debian/conf-available/10-rrdtool: (From Debian)
      + Add sample configuration for the mod_rrdtool (Closes: dbts 462907).
    - debian/lighttpd.install:
      + Install 10-rrdtool
    - debian/patches/ldap-deprecated.dpatch:
      + Force use of deprecated ldap interfaces (Closes: dbts 463368),
        thanks to Dann Frazier (patches/ldap-deprecated.dpatch).
    - debian/rules: (LP: #174289)
      + set DEB_UPDATE_RCD_PARAMS to "defaults 91 09" to not start lighty before
        apache2 but in the same runlevel with the same priority
    - Build against libgamin-dev rather than libfam-dev (fixes a warning
      during startup)
    - Make sure that upgrades succeed, even if we can't restart lighttpd.
    - Clean environment in init.d script.

lighttpd (1.4.19-4) unstable; urgency=high

  * Make debian/use-ipv6.pl executable in debian/rules, thanks to Marco d'Itri
    for finding about this inexcusable mistake.

lighttpd (1.4.19-3) unstable; urgency=medium

  * Fix /var/cache/lighttpd/uploads permissions in postinst (Closes: 476870).
  * Update patches/ssl-connection-errors.patch using upstream r2144, thanks to
    upstream for noticing.
  * cherokee and lighttpd both provide spawn-fcgi, fix that using alternatives
    (Closes: 479501):
    + add spawn-fcgi.lighttpd.1 shamelessly stolen from cherokee packaging
      (thanks Gunnar).
    + install spawn-fcgi as spawn-fcgi.lighttpd.
    + install master alternatives on spawn-fcgi.lighttpd and
      spawn-fcgi.lighttd.1.
    + add Conflict against cherokee <= 0.6.1-1.
  * Quote "dangerous" bits of conf-available/10-cgi.conf (Closes: 479276).

lighttpd (1.4.19-2) unstable; urgency=low

  * Add patches/ssl-connection-errors.patch for CVE-2008-1531
    (Closes: 475438).
  * Test for /var/cache/lighttpd/compress in lighttpd.cron.daily to avoid
    spurious errors for uninstalled and not purged lighttpd's
    (Closes: 472175).

  * Add handling of /var/cache/lighttpd/uploads (Closes: 408521):
     + add it in lighttpd.dirs.
     + add it as a server.upload-dirs in lighttpd.conf.
     + purge it daily in lighttpd.cron.daily.

  * Fix typo in lighttpd.preinst causing failure to update 05-auth symlink
    properly (Closes: 472119).

  * init.d: stopping an already stopped lighttpd, or starting an already
    running one should not fail (Closes: 472122).

  * Use $HTTP["remoteip"] =~ "127.0.0.1" in configuration snipplets so that it
    works when ipv6 is enabled by default too (Closes: 473510).

  * Use perl to detect if the host has ipv6, and generate the server.use-ipv6
    snipplet on the fly instead of forcing it to true (Closes: 473053).

lighttpd (1.4.19-1~bpo40+1) etch-backports; urgency=low

  * Rebuild for etch-backports.

lighttpd (1.4.19-1) unstable; urgency=low

  * New upstream release.

  * debian/control:
     + add Build-Depends upon quilt, remove dpatch.
     + Bump Standards-Version to 3.7.3 (no changes required).
     + Move Homepage pseudo-headers as real headers.

  * debian/patches:
     + migrate to quilt.
     + remove 05_fdevent_fix.patch (merged upstream).
     + remove 06_mod_cgi_vuln_fix.patch (merged upstream).
     + refresh the rest of the series.

  * debian/lighty-enable-mod:
     + Reindent and remove trailing spaces.
     + don't fail to remove a module that is already removed.
       Patch from Michal Čihař (Closes: 448682).
     + Allow full stops in module names (Closes: 462199).

  * debian/lighttpd.conf:
     + enable ipv6 by default (Closes: 448054).
     + remove mod_status stanza, create conf-available/10-status.conf with it.

  * debian/lighttpd.cron.daily: new file, cleanup compressed cache.
    Thanks to Michal Čihař (Closes: 445224).

  * be sure mod_auth is loaded first (Closes: 419176):
     + add debian/lighttpd.preinst to rename 10-auth.conf into 05-auth.conf
       automagically (when it's a sane thing to do).
     + Document all that in NEWS.Debian.
     + debian/lighttpd.install: add 10-status.conf and 05-auth.conf.

  * debian/lighttpd.postinst:
     + chmod'ing /var/cache/lighttpd recursively is useless and too long. Just
       chmod the base directory, content is likely to be only created by
       lighty anyways. (Closes: 468297).

  * debian/init.d:
     + Add $remote_fs and $network (instead of networking) to
       Required-{Start,Stop}.
     + Add fam to Should-{Start,Stop} (Closes: 461180).

  * debian/lighttpd.links: add symlinks on lighty-* so that lighttpd-*
    commands exists as well (Closes: 435131).

 -- Nicolas Valcarcel <email address hidden> Thu, 22 May 2008 11:26:16 +0200