This update for lighttpd fixes the following issues:
lighttpd was updated to 1.4.66:
* a number of bug fixes * Fix HTTP/2 downloads >= 4GiB * Fix SIGUSR1 graceful restart with TLS * futher bug fixes * CVE-2022-37797: null pointer dereference in mod_wstunnel, possibly a remotely triggerable crash (boo#1203358) * In an upcoming release the TLS modules will default to using stronger, modern chiphers and will default to allow client preference in selecting ciphers. “CipherString” => “EECDH+AESGCM:AES256+EECDH:CHACHA20:SHA256:!SHA384”, “Options” => “-ServerPreference” old defaults: “CipherString” => “HIGH”, “Options” => “ServerPreference” * A number of TLS options are how deprecated and will be removed in a future release: – ssl.honor-cipher-order – ssl.dh-file – ssl.ec-curve – ssl.disable-client-renegotiation – ssl.use-sslv2 – ssl.use-sslv3 The replacement option is ssl.openssl.ssl-conf-cmd, but lighttpd defaults should be prefered * A number of modules are now deprecated and will be removed in a future release: mod_evasive, mod_secdownload, mod_uploadprogress, mod_usertrack can be replaced by mod_magnet and a few lines of lua.
update to 1.4.65:
* WebSockets over HTTP/2 * RFC 8441 Bootstrapping WebSockets with HTTP/2 * HTTP/2 PRIORITY_UPDATE * RFC 9218 Extensible Prioritization Scheme for HTTP * prefix/suffix conditions in lighttpd.conf * mod_webdav safe partial-PUT * webdav.opts += (“partial-put-copy-modify” => “enable”) * mod_accesslog option: accesslog.escaping = “json” * mod_deflate libdeflate build option * speed up request body uploads via HTTP/2 * Behavior Changes * change default server.max-keep-alive-requests = 1000 to adjust * to increasing HTTP/2 usage and to web2/web3 application usage * (prior default was 100) * mod_status HTML now includes HTTP/2 control stream id 0 in the output * which contains aggregate counts for the HTTP/2 connection * (These lines can be identified with URL ‘*’, part of “PRI *” preface) * alternative: https://wiki.lighttpd.net/ModMagnetExamples#lua-mod_status * MIME type application/javascript is translated to text/javascript (RFC 9239)
openSUSE 12.3 Update openSUSE 13.1 openSUSE Leap 15.4 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 15 SP1 SUSE Linux Enterprise for SAP 12 SUSE Linux Enterprise High Availability 12 SUSE Linux Enterprise High Performance Computing 15 SP1 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Module for CAP 15 SUSE Linux Enterprise Module for CAP 15 SP1 SUSE Linux Enterprise Module for Containers 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Legacy Software 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Server 15 SP1 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Storage 6 SUSE Manager Proxy 4.0 SUSE Manager Server 4.0