X-Recipient: archive-cygwin AT delorie DOT com
X-Original-To: cygwin AT cygwin DOT com
Delivered-To: cygwin AT cygwin DOT com
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 966C4385B834
Authentication-Results: sourceware.org;
 dmarc=none (p=none dis=none) header.from=gluelogic.com
Authentication-Results: sourceware.org;
 spf=pass smtp.mailfrom=gs-cygwin DOT com AT gluelogic DOT com
X-Spam-Status: No, score=-1.4 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS,
 KAM_NUMSUBJECT, SPF_HELO_NONE,
 SPF_PASS autolearn=no autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
Date: Tue, 24 Mar 2020 09:09:04 -0400
From: gs-cygwin DOT com AT gluelogic DOT com
To: Marco Atzeri <marco DOT atzeri AT gmail DOT com>
Subject: Re: please update cygwin lighttpd pkg to version 1.4.55
Message-ID: <20200324130904.GA806541@xps13>
References: <20200324055001 DOT GA1988 AT xps13>
 <cb37a7ea-311e-37be-efb2-60301b7e95bb AT gmail DOT com>
Mime-Version: 1.0
Content-Disposition: inline
In-Reply-To: <cb37a7ea-311e-37be-efb2-60301b7e95bb@gmail.com>
X-BeenThere: cygwin AT cygwin DOT com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe: <http://cygwin.com/mailman/options/cygwin>,
 <mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive: <http://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe: <http://cygwin.com/mailman/listinfo/cygwin>,
 <mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
Cc: cygwin AT cygwin DOT com
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cygwin-bounces AT cygwin DOT com
Sender: "Cygwin" <cygwin-bounces AT cygwin DOT com>

On Tue, Mar 24, 2020 at 11:51:40AM +0100, Marco Atzeri via Cygwin wrote:
> Am 24.03.2020 um 06:50 schrieb gs-cygwin DOT com AT gluelogic DOT com:
> > Please update cygwin lighttpd pkg to version 1.4.55
> > 
> > lighttpd 1.4.55 was released 31 Jan 2020 (upstream).
> > 
> > Thank you.  Glenn
> > --
> 
> In this moment the package is without a maintainer.
> Any specific reason why you need absolutely the last version ?

There are numerous bugs in lighttpd 1.4.54 (and fixed in lighttpd
1.4.55) which prevent usage of lighttpd if using one of the modules
with bugs, e.g. mod_webdav and mod_deflate.

bug: mod_deflate fix error choosing encoding parser (1.4.54 regression)
bug: mod_webdav startup crash in config conditional (1.4.54 regression)
bug: mod_webdav fix file upload limit
bug: mod_accesslog fails to parse multiple cookies
bug: preserve %2b and %2B in query string normalization

There are numerous security enhancements (hardenings) in lighttpd 1.4.55

security: HTTP Basic/Digest Auth security (attack mitigations)
security: HTTP request header parsing restrictions (attack mitigations)

Cheers, Glenn
--
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple