From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=zZz5=LS=gluelogic.com=gs-cygwin.com@sourceware.org>
Received: from smtp1.atof.net (smtp1.atof.net [52.86.233.228])
	by sourceware.org (Postfix) with ESMTPS id 356A33858D38
	for <cygwin-announce@cygwin.com>; Sat, 13 Apr 2024 01:55:33 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 356A33858D38
Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=gluelogic.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gluelogic.com
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 356A33858D38
Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=52.86.233.228
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712973334; cv=none;
	b=dMsqVZgFT6fKODPe8t0wY0WgUF+UFeO21ZVBuZTQwh5j4LGtJW/ub7HGD8RuU8IMikmQF04ff3aOlRp7h+avE2pJt9aXGRFdK7zVu4BZGF/S7bTCRszZJ69LEVeKB0nBAQaBIHhhxAqdMJuFb/AZaddyYKhyYqDfdD7gNfVctDw=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
	t=1712973334; c=relaxed/simple;
	bh=l3qTJLdWk6mFM19im9MOD58PP1TaQHrq+JRpC2q+Kl4=;
	h=Date:From:To:Subject:Message-ID:Mime-Version; b=XE06LQI332DfuK2RG7L1RCPDlVPoXwnUAEfU5sWOnl8b/v2ndwKQfJvxQnjkS0GayNzpuNhFsI6mxJh4nNuHBdoqYD4pUhruoJhw4HWKqYwW1wWA0nkBWLwlUmI9vaddMCMOsZpyxMNkCEL37wKEE3f2ztNxh3m1Rztu0nTWPaA=
ARC-Authentication-Results: i=1; server2.sourceware.org
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
X-Spam-Language: en
X-Spam-Relay-Country: 
X-Spam-DCC: B=www.nova53.net; R=smtp1.atof.net 1205; Body=1 Fuz1=1 Fuz2=1
X-Spam-RBL: 
X-Spam-PYZOR: Reported 0 times.
Date: Fri, 12 Apr 2024 21:55:24 -0400
From: Glenn Strauss <gs-cygwin.com@gluelogic.com>
To: cygwin-announce@cygwin.com
Subject: Updated: lighttpd-1.4.76
Message-ID: <ZhnmDFWmZjdfjjL3@xps13>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Spam-Status: No, score=0.2 required=5.0 tests=BAYES_40,KAM_DMARC_STATUS,KAM_NUMSUBJECT,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=no autolearn_force=no version=3.4.6
List-Id: <cygwin-announce.cygwin.com>

Version 1.4.76-1 of "lighttpd" has been uploaded.

lighttpd is a secure, fast, modular web server with low resource usage

lighttpd 1.4.76:

* detect VU#421644 HTTP/2 CONTINUATION Flood
  * issue trace and send GO_AWAY
  * (lighttpd not vulnerable to attack)

* avoid CVE-2024-3094 xz supply chain attack
  * use 'git archive' to replace 'make dist' to create release tarballs
    * remove excess complexity (m4 and autotools) from release process
    * now more easily verifiable that sources come from signed git release tag

Note:
  This cygwin lighttpd-1.4.76-1 release requires >= cygwin-3.5.0 to take
  advantage of new support for posix_spawn_file_actions_addfchdir_np().
  As this support is optional, please contact me if this is a hardship
  for those unable to upgrade to cygwin-3.5.0 and I can create a package
  of lighttpd without this feature, whose use merely provides a marginal
  performance improvement for starting CGI programs.

Source: https://git.lighttpd.net/lighttpd/lighttpd1.4.git/
News: https://www.lighttpd.net/
License: BSD 3-clause
  https://git.lighttpd.net/lighttpd/lighttpd1.4/src/branch/master/COPYING