This bug was fixed in the package lighttpd - 1.4.19-4ubuntu1 --------------- lighttpd (1.4.19-4ubuntu1) intrepid; urgency=low * Merge from debian unstable (LP: #233966), remaining changes: - debian/rules: (From Debian) - Remove spurious mkdir in debian/rules (Closes: dbts 448160). - debian/conf-available/10-rrdtool: (From Debian) + Add sample configuration for the mod_rrdtool (Closes: dbts 462907). - debian/lighttpd.install: + Install 10-rrdtool - debian/patches/ldap-deprecated.dpatch: + Force use of deprecated ldap interfaces (Closes: dbts 463368), thanks to Dann Frazier (patches/ldap-deprecated.dpatch). - debian/rules: (LP: #174289) + set DEB_UPDATE_RCD_PARAMS to "defaults 91 09" to not start lighty before apache2 but in the same runlevel with the same priority - Build against libgamin-dev rather than libfam-dev (fixes a warning during startup) - Make sure that upgrades succeed, even if we can't restart lighttpd. - Clean environment in init.d script. lighttpd (1.4.19-4) unstable; urgency=high * Make debian/use-ipv6.pl executable in debian/rules, thanks to Marco d'Itri for finding about this inexcusable mistake. lighttpd (1.4.19-3) unstable; urgency=medium * Fix /var/cache/lighttpd/uploads permissions in postinst (Closes: 476870). * Update patches/ssl-connection-errors.patch using upstream r2144, thanks to upstream for noticing. * cherokee and lighttpd both provide spawn-fcgi, fix that using alternatives (Closes: 479501): + add spawn-fcgi.lighttpd.1 shamelessly stolen from cherokee packaging (thanks Gunnar). + install spawn-fcgi as spawn-fcgi.lighttpd. + install master alternatives on spawn-fcgi.lighttpd and spawn-fcgi.lighttd.1. + add Conflict against cherokee <= 0.6.1-1. * Quote "dangerous" bits of conf-available/10-cgi.conf (Closes: 479276). lighttpd (1.4.19-2) unstable; urgency=low * Add patches/ssl-connection-errors.patch for CVE-2008-1531 (Closes: 475438). * Test for /var/cache/lighttpd/compress in lighttpd.cron.daily to avoid spurious errors for uninstalled and not purged lighttpd's (Closes: 472175). * Add handling of /var/cache/lighttpd/uploads (Closes: 408521): + add it in lighttpd.dirs. + add it as a server.upload-dirs in lighttpd.conf. + purge it daily in lighttpd.cron.daily. * Fix typo in lighttpd.preinst causing failure to update 05-auth symlink properly (Closes: 472119). * init.d: stopping an already stopped lighttpd, or starting an already running one should not fail (Closes: 472122). * Use $HTTP["remoteip"] =~ "127.0.0.1" in configuration snipplets so that it works when ipv6 is enabled by default too (Closes: 473510). * Use perl to detect if the host has ipv6, and generate the server.use-ipv6 snipplet on the fly instead of forcing it to true (Closes: 473053). lighttpd (1.4.19-1~bpo40+1) etch-backports; urgency=low * Rebuild for etch-backports. lighttpd (1.4.19-1) unstable; urgency=low * New upstream release. * debian/control: + add Build-Depends upon quilt, remove dpatch. + Bump Standards-Version to 3.7.3 (no changes required). + Move Homepage pseudo-headers as real headers. * debian/patches: + migrate to quilt. + remove 05_fdevent_fix.patch (merged upstream). + remove 06_mod_cgi_vuln_fix.patch (merged upstream). + refresh the rest of the series. * debian/lighty-enable-mod: + Reindent and remove trailing spaces. + don't fail to remove a module that is already removed. Patch from Michal Čihař (Closes: 448682). + Allow full stops in module names (Closes: 462199). * debian/lighttpd.conf: + enable ipv6 by default (Closes: 448054). + remove mod_status stanza, create conf-available/10-status.conf with it. * debian/lighttpd.cron.daily: new file, cleanup compressed cache. Thanks to Michal Čihař (Closes: 445224). * be sure mod_auth is loaded first (Closes: 419176): + add debian/lighttpd.preinst to rename 10-auth.conf into 05-auth.conf automagically (when it's a sane thing to do). + Document all that in NEWS.Debian. + debian/lighttpd.install: add 10-status.conf and 05-auth.conf. * debian/lighttpd.postinst: + chmod'ing /var/cache/lighttpd recursively is useless and too long. Just chmod the base directory, content is likely to be only created by lighty anyways. (Closes: 468297). * debian/init.d: + Add $remote_fs and $network (instead of networking) to Required-{Start,Stop}. + Add fam to Should-{Start,Stop} (Closes: 461180). * debian/lighttpd.links: add symlinks on lighty-* so that lighttpd-* commands exists as well (Closes: 435131). -- Nicolas Valcarcel