initial commit for Enea Linux 5.0 arm

Signed-off-by: Tudor Florea <tudor.florea@enea.com>

77 files changed, 4484 insertions, 0 deletions

diff --git a/meta-webserver/COPYING.MIT b/meta-webserver/COPYING.MIT
new file mode 100644
index 000000000..fb950dc69
--- /dev/null
+++ b/meta-webserver/COPYING.MIT
@@ -0,0 +1,17 @@
+Permission is hereby granted, free of charge, to any person obtaining a copy 
+of this software and associated documentation files (the "Software"), to deal 
+in the Software without restriction, including without limitation the rights 
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 
+copies of the Software, and to permit persons to whom the Software is 
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in 
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 
+THE SOFTWARE.
diff --git a/meta-webserver/README b/meta-webserver/README
new file mode 100644
index 000000000..ead9e2a82
--- /dev/null
+++ b/meta-webserver/README
@@ -0,0 +1,59 @@
+meta-webserver
+==============
+
+This layer provides support for building web servers, web-based
+applications and related software.
+
+
+
+Dependencies
+------------
+
+This layer depends on:
+
+URI: git://github.com/openembedded/oe-core.git
+subdirectory: meta
+branch: dizzy
+revision: HEAD
+
+For some recipes, the meta-oe layer is required:
+
+URI: git://github.com/openembedded/meta-oe.git
+subdirectory: meta-oe
+branch: dizzy
+revision: HEAD
+
+
+
+Layout
+------
+
+recipes-httpd/      Web servers
+recipes-php/        PHP and PHP applications
+recipes-webadmin/   Standalone web administration interfaces
+
+
+
+Maintenance
+-----------
+
+Send patches / pull requests to openembedded-devel@lists.openembedded.org
+with '[meta-webserver][dizzy]' in the subject.
+
+Layer maintainer: Paul Eggleton <paul.eggleton@linux.intel.com>
+
+Dizzy branch maintainers:
+    Otavio Salvador <otavio@ossystems.com.br>
+    Armin Kuster <akuster808@gmail.com>
+
+Prefix email subject with: [dizzy]
+
+License
+-------
+
+All metadata is MIT licensed unless otherwise stated. Source code included
+in tree for individual recipes is under the LICENSE stated in each recipe
+(.bb file) unless otherwise stated.
+
+This README document is Copyright (C) 2012 Intel Corporation.
+
diff --git a/meta-webserver/conf/layer.conf b/meta-webserver/conf/layer.conf
new file mode 100644
index 000000000..a4d6a2723
--- /dev/null
+++ b/meta-webserver/conf/layer.conf
@@ -0,0 +1,20 @@
+# Layer configuration for meta-webserver layer
+# Copyright 2012 Intel Corporation
+
+# We have a conf and classes directory, add to BBPATH
+BBPATH .= ":${LAYERDIR}"
+
+# We have various recipe-* directories, add to BBFILES
+BBFILES += "${LAYERDIR}/recipes-*/*/*.bb ${LAYERDIR}/recipes-*/*/*.bbappend"
+
+BBFILE_COLLECTIONS += "webserver"
+BBFILE_PATTERN_webserver := "^${LAYERDIR}/"
+BBFILE_PRIORITY_webserver = "6"
+
+# This should only be incremented on significant changes that will
+# cause compatibility issues with other layers
+LAYERVERSION_webserver = "1"
+
+LAYERDEPENDS_webserver = "core"
+
+LICENSE_PATH += "${LAYERDIR}/licenses"
diff --git a/meta-webserver/licenses/Xdebug b/meta-webserver/licenses/Xdebug
new file mode 100644
index 000000000..3cdbf0598
--- /dev/null
+++ b/meta-webserver/licenses/Xdebug
@@ -0,0 +1,60 @@
+-------------------------------------------------------------------- 
+                 The Xdebug License, version 1.01
+             (Based on "The PHP License", version 3.0)
+   Copyright (c) 2003-2012 Derick Rethans. All rights reserved.
+-------------------------------------------------------------------- 
+
+Redistribution and use in source and binary forms, with or without
+modification, is permitted provided that the following conditions
+are met:
+
+  1. Redistributions of source code must retain the above copyright
+     notice, this list of conditions and the following disclaimer.
+ 
+  2. Redistributions in binary form must reproduce the above copyright
+     notice, this list of conditions and the following disclaimer in
+     the documentation and/or other materials provided with the
+     distribution.
+ 
+  3. The name "Xdebug" must not be used to endorse or promote products
+     derived from this software without prior written permission. For
+     written permission, please contact derick@xdebug.org.
+  
+  4. Products derived from this software may not be called "Xdebug", nor
+     may "Xdebug" appear in their name, without prior written permission
+     from derick@xdebug.org.
+ 
+  5. Derick Rethans may publish revised and/or new versions of the
+     license from time to time. Each version will be given a
+     distinguishing version number.  Once covered code has been
+     published under a particular version of the license, you may
+     always continue to use it under the terms of that version. You
+     may also choose to use such covered code under the terms of any
+     subsequent version of the license published by Derick Rethans. No
+     one other than Derick Rethans has the right to modify the terms
+     applicable to covered code created under this License.
+
+  6. Redistributions of any form whatsoever must retain the following
+     acknowledgment: "This product includes Xdebug, freely available
+     from <http://xdebug.org/>".
+
+THIS SOFTWARE IS PROVIDED BY DERICK RETHANS ``AS IS'' AND ANY
+EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE PHP DEVELOPMENT TEAM OR
+ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+--------------------------------------------------------------------
+
+This software consists of voluntary contributions made by some
+individuals on behalf of Derick Rethans.
+
+Derick Rethans can be contacted via e-mail at derick@xdebug.org.
+
+For more information Xdebug, please see <http://xdebug.org>.
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.10.bb b/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.10.bb
new file mode 100644
index 000000000..5963b7943
--- /dev/null
+++ b/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.10.bb
@@ -0,0 +1,45 @@
+DESCRIPTION = "The Apache HTTP Server is a powerful, efficient, and \
+extensible web server."
+SUMMARY = "Apache HTTP Server"
+HOMEPAGE = "http://httpd.apache.org/"
+DEPENDS = "expat-native pcre-native apr-native apr-util-native"
+SECTION = "net"
+LICENSE = "Apache-2.0"
+
+inherit autotools pkgconfig native
+
+SRC_URI = "http://www.apache.org/dist/httpd/httpd-${PV}.tar.bz2 \
+           file://0001-configure-use-pkg-config-for-PCRE-detection.patch \
+          "
+
+S = "${WORKDIR}/httpd-${PV}"
+
+LIC_FILES_CHKSUM = "file://LICENSE;md5=dbff5a2b542fa58854455bf1a0b94b83"
+SRC_URI[md5sum] = "44543dff14a4ebc1e9e2d86780507156"
+SRC_URI[sha256sum] = "176c4dac1a745f07b7b91e7f4fd48f9c48049fa6f088efe758d61d9738669c6a"
+
+EXTRA_OECONF = "--with-apr=${STAGING_BINDIR_CROSS}/apr-1-config \
+                --with-apr-util=${STAGING_BINDIR_CROSS}/apu-1-config \
+                --prefix=${prefix} --datadir=${datadir}/apache2 \
+               "
+
+do_install () {
+    install -d ${D}${bindir} ${D}${libdir}
+    cp server/gen_test_char ${D}${bindir}
+    install -m 755 support/apxs ${D}${bindir}/
+    install -m 755 httpd ${D}${bindir}/
+    install -d ${D}${datadir}/apache2/build
+    cp ${S}/build/*.mk ${D}${datadir}/apache2/build
+    cp build/*.mk ${D}${datadir}/apache2/build
+    cp ${S}/build/instdso.sh ${D}${datadir}/apache2/build
+
+    install -d ${D}${includedir}/apache2
+    cp ${S}/include/* ${D}${includedir}/apache2
+    cp include/* ${D}${includedir}/apache2
+    cp ${S}/os/unix/os.h ${D}${includedir}/apache2
+    cp ${S}/os/unix/unixd.h ${D}${includedir}/apache2
+
+    cp support/envvars-std ${D}${bindir}/envvars
+    chmod 755 ${D}${bindir}/envvars
+}
+
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/apache-CVE-2014-0117.patch b/meta-webserver/recipes-httpd/apache2/apache2/apache-CVE-2014-0117.patch
new file mode 100644
index 000000000..8585f0bb3
--- /dev/null
+++ b/meta-webserver/recipes-httpd/apache2/apache2/apache-CVE-2014-0117.patch
@@ -0,0 +1,289 @@
+apache: CVE-2014-0117
+
+The patch comes from upstream:
+http://svn.apache.org/viewvc?view=revision&revision=1610674
+
+SECURITY (CVE-2014-0117): Fix a crash in mod_proxy.  In a
+reverse proxy configuration, a remote attacker could send a carefully crafted
+request which could crash a server process, resulting in denial of service.
+
+Thanks to Marek Kroemeke working with HP's Zero Day Initiative for
+reporting this issue.
+
+Upstream-Status: Backport
+
+Submitted by: Edward Lu, breser, covener
+Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>
+---
+ modules/proxy/mod_proxy_http.c | 8  +++-
+ include/httpd.h                | 17 ++++++++
+ modules/proxy/proxy_util.c     | 67 ++++++++++++++----------------
+ server/util.c                  | 89 ++++++++++++++++++++++++++++++++++++++++++
+ 4 files changed, 143 insertions(+), 38 deletions(-)
+
+diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c
+index cffad2e..f11c16f 100644
+--- a/modules/proxy/mod_proxy_http.c
++++ b/modules/proxy/mod_proxy_http.c
+@@ -1362,6 +1362,7 @@ apr_status_t ap_proxy_http_process_response(apr_pool_t * p, request_rec *r,
+          */
+         if (apr_date_checkmask(buffer, "HTTP/#.# ###*")) {
+             int major, minor;
++            int toclose;
+ 
+             major = buffer[5] - '0';
+             minor = buffer[7] - '0';
+@@ -1470,7 +1471,12 @@ apr_status_t ap_proxy_http_process_response(apr_pool_t * p, request_rec *r,
+             te = apr_table_get(r->headers_out, "Transfer-Encoding");
+ 
+             /* strip connection listed hop-by-hop headers from response */
+-            backend->close = ap_proxy_clear_connection_fn(r, r->headers_out);
++            toclose = ap_proxy_clear_connection_fn(r, r->headers_out);
++            backend->close = (toclose != 0);
++            if (toclose < 0) {
++                return ap_proxyerror(r, HTTP_BAD_REQUEST,
++                                     "Malformed connection header");
++            }
+ 
+             if ((buf = apr_table_get(r->headers_out, "Content-Type"))) {
+                 ap_set_content_type(r, apr_pstrdup(p, buf));
+diff --git a/include/httpd.h b/include/httpd.h
+index 36cd58d..9a2cf5c 100644
+--- a/include/httpd.h
++++ b/include/httpd.h
+@@ -1528,6 +1528,23 @@ AP_DECLARE(int) ap_find_etag_weak(apr_pool_t *p, const char *line, const char *t
+ AP_DECLARE(int) ap_find_etag_strong(apr_pool_t *p, const char *line, const char *tok);
+ 
+ /**
++ * Retrieve an array of tokens in the format "1#token" defined in RFC2616. Only
++ * accepts ',' as a delimiter, does not accept quoted strings, and errors on
++ * any separator.
++ * @param p The pool to allocate from
++ * @param tok The line to read tokens from
++ * @param tokens Pointer to an array of tokens. If not NULL, must be an array
++ *    of char*, otherwise it will be allocated on @a p when a token is found
++ * @param skip_invalid If true, when an invalid separator is encountered, it
++ *    will be ignored.
++ * @return NULL on success, an error string otherwise.
++ * @remark *tokens may be NULL on output if NULL in input and no token is found
++ */
++AP_DECLARE(const char *) ap_parse_token_list_strict(apr_pool_t *p, const char *tok,
++                                                    apr_array_header_t **tokens,
++                                                    int skip_invalid);
++
++/**
+  * Retrieve a token, spacing over it and adjusting the pointer to
+  * the first non-white byte afterwards.  Note that these tokens
+  * are delimited by semis and commas and can also be delimited
+diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c
+index 67dc939..58daa21 100644
+--- a/modules/proxy/proxy_util.c
++++ b/modules/proxy/proxy_util.c
+@@ -2847,68 +2847,59 @@ PROXY_DECLARE(proxy_balancer_shared *) ap_proxy_find_balancershm(ap_slotmem_prov
+ typedef struct header_connection {
+     apr_pool_t *pool;
+     apr_array_header_t *array;
+-    const char *first;
+-    unsigned int closed:1;
++    const char *error;
++    int is_req;
+ } header_connection;
+ 
+ static int find_conn_headers(void *data, const char *key, const char *val)
+ {
+     header_connection *x = data;
+-    const char *name;
+-
+-    do {
+-        while (*val == ',' || *val == ';') {
+-            val++;
+-        }
+-        name = ap_get_token(x->pool, &val, 0);
+-        if (!strcasecmp(name, "close")) {
+-            x->closed = 1;
+-        }
+-        if (!x->first) {
+-            x->first = name;
+-        }
+-        else {
+-            const char **elt;
+-            if (!x->array) {
+-                x->array = apr_array_make(x->pool, 4, sizeof(char *));
+-            }
+-            elt = apr_array_push(x->array);
+-            *elt = name;
+-        }
+-    } while (*val);
+ 
+-    return 1;
++    x->error = ap_parse_token_list_strict(x->pool, val, &x->array, !x->is_req);
++    return !x->error;
+ }
+ 
+ /**
+  * Remove all headers referred to by the Connection header.
++ * Returns -1 on error. Otherwise, returns 1 if 'Close' was seen in
++ * the Connection header tokens, and 0 if not.
+  */
+ static int ap_proxy_clear_connection(request_rec *r, apr_table_t *headers)
+ {
+-    const char **name;
++    int closed = 0;
+     header_connection x;
+ 
+     x.pool = r->pool;
+     x.array = NULL;
+-    x.first = NULL;
+-    x.closed = 0;
++    x.error = NULL;
++    x.is_req = (headers == r->headers_in);
+ 
+     apr_table_unset(headers, "Proxy-Connection");
+ 
+     apr_table_do(find_conn_headers, &x, headers, "Connection", NULL);
+-    if (x.first) {
+-        /* fast path - no memory allocated for one header */
+-        apr_table_unset(headers, "Connection");
+-        apr_table_unset(headers, x.first);
++    apr_table_unset(headers, "Connection");
++
++    if (x.error) {
++        ap_log_rerror(APLOG_MARK, APLOG_NOTICE, 0, r, APLOGNO()
++                "Error parsing Connection header: %s", x.error);
++        return -1;
+     }
++
+     if (x.array) {
+-        /* two or more headers */
+-        while ((name = apr_array_pop(x.array))) {
+-            apr_table_unset(headers, *name);
++        int i;
++        for (i = 0; i < x.array->nelts; i++) {
++            const char *name = APR_ARRAY_IDX(x.array, i, const char *);
++            ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO()
++                          "Removing header '%s' listed in Connection header",
++                          name);
++            if (!strcasecmp(name, "close")) {
++                closed = 1;
++            }
++            apr_table_unset(headers, name);
+         }
+     }
+ 
+-    return x.closed;
++    return closed;
+ }
+ 
+ PROXY_DECLARE(int) ap_proxy_create_hdrbrgd(apr_pool_t *p,
+@@ -3095,7 +3086,9 @@ PROXY_DECLARE(int) ap_proxy_create_hdrbrgd(apr_pool_t *p,
+      * apr is compiled with APR_POOL_DEBUG.
+      */
+     headers_in_copy = apr_table_copy(r->pool, r->headers_in);
+-    ap_proxy_clear_connection(r, headers_in_copy);
++    if (ap_proxy_clear_connection(r, headers_in_copy) < 0) {
++        return HTTP_BAD_REQUEST;
++    }
+     /* send request headers */
+     headers_in_array = apr_table_elts(headers_in_copy);
+     headers_in = (const apr_table_entry_t *) headers_in_array->elts;
+diff --git a/server/util.c b/server/util.c
+index e0ba5c2..541c9f0 100644
+--- a/server/util.c
++++ b/server/util.c
+@@ -1449,6 +1449,95 @@ AP_DECLARE(int) ap_find_etag_weak(apr_pool_t *p, const char *line,
+     return find_list_item(p, line, tok, AP_ETAG_WEAK);
+ }
+ 
++/* Grab a list of tokens of the format 1#token (from RFC7230) */
++AP_DECLARE(const char *) ap_parse_token_list_strict(apr_pool_t *p,
++                                                const char *str_in,
++                                                apr_array_header_t **tokens,
++                                                int skip_invalid)
++{
++    int in_leading_space = 1;
++    int in_trailing_space = 0;
++    int string_end = 0;
++    const char *tok_begin;
++    const char *cur;
++
++    if (!str_in) {
++        return NULL;
++    }
++
++    tok_begin = cur = str_in;
++
++    while (!string_end) {
++        const unsigned char c = (unsigned char)*cur;
++
++        if (!TEST_CHAR(c, T_HTTP_TOKEN_STOP) && c != '\0') {
++            /* Non-separator character; we are finished with leading
++             * whitespace. We must never have encountered any trailing
++             * whitespace before the delimiter (comma) */
++            in_leading_space = 0;
++            if (in_trailing_space) {
++                return "Encountered illegal whitespace in token";
++            }
++        }
++        else if (c == ' ' || c == '\t') {
++            /* "Linear whitespace" only includes ASCII CRLF, space, and tab;
++             * we can't get a CRLF since headers are split on them already,
++             * so only look for a space or a tab */
++            if (in_leading_space) {
++                /* We're still in leading whitespace */
++                ++tok_begin;
++            }
++            else {
++                /* We must be in trailing whitespace */
++                ++in_trailing_space;
++            }
++        }
++        else if (c == ',' || c == '\0') {
++            if (!in_leading_space) {
++                /* If we're out of the leading space, we know we've read some
++                 * characters of a token */
++                if (*tokens == NULL) {
++                    *tokens = apr_array_make(p, 4, sizeof(char *));
++                }
++                APR_ARRAY_PUSH(*tokens, char *) =
++                    apr_pstrmemdup((*tokens)->pool, tok_begin,
++                                   (cur - tok_begin) - in_trailing_space);
++            }
++            /* We're allowed to have null elements, just don't add them to the
++             * array */
++
++            tok_begin = cur + 1;
++            in_leading_space = 1;
++            in_trailing_space = 0;
++            string_end = (c == '\0');
++        }
++        else {
++            /* Encountered illegal separator char */
++            if (skip_invalid) {
++                /* Skip to the next separator */
++                const char *temp;
++                temp = ap_strchr_c(cur, ',');
++                if(!temp) {
++                    temp = ap_strchr_c(cur, '\0');
++                }
++
++                /* Act like we haven't seen a token so we reset */
++                cur = temp - 1;
++                in_leading_space = 1;
++                in_trailing_space = 0;
++            }
++            else {
++                return apr_psprintf(p, "Encountered illegal separator "
++                                    "'\\x%.2x'", (unsigned int)c);
++            }
++        }
++
++        ++cur;
++    }
++
++    return NULL;
++}
++
+ /* Retrieve a token, spacing over it and returning a pointer to
+  * the first non-white byte afterwards.  Note that these tokens
+  * are delimited by semis and commas; and can also be delimited
+-- 
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/apache-configure_perlbin.patch b/meta-webserver/recipes-httpd/apache2/apache2/apache-configure_perlbin.patch
new file mode 100644
index 000000000..c90279d44
--- /dev/null
+++ b/meta-webserver/recipes-httpd/apache2/apache2/apache-configure_perlbin.patch
@@ -0,0 +1,20 @@
+# Author: echo <fei.geng@windriver.com>
+# Date: April 28 2009
+# Summary:Fix perl install directory to /usr/bin
+#
+# Upstream-Status: Inappropriate [configuration]
+
+--- a/configure.in
++++ b/configure.in
+@@ -638,10 +638,7 @@
+ AC_DEFINE_UNQUOTED(APACHE_MPM_DIR, "$MPM_DIR",
+        [Location of the source for the current MPM])
+ 
+-perlbin=`$ac_aux_dir/PrintPath perl`
+-if test "x$perlbin" = "x"; then
+-    perlbin="/replace/with/path/to/perl/interpreter"
+-fi
++perlbin='/usr/bin/perl'
+ AC_SUBST(perlbin)
+ 
+ dnl If we are running on BSD/OS, we need to use the BSD .include syntax.
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/apache-ssl-ltmain-rpath.patch b/meta-webserver/recipes-httpd/apache2/apache2/apache-ssl-ltmain-rpath.patch
new file mode 100644
index 000000000..3a59fb079
--- /dev/null
+++ b/meta-webserver/recipes-httpd/apache2/apache2/apache-ssl-ltmain-rpath.patch
@@ -0,0 +1,76 @@
+--- httpd-2.2.8.orig/build/ltmain.sh
++++ httpd-2.2.8/build/ltmain.sh
+@@ -1515,7 +1515,7 @@ EOF
+        dir=`$echo "X$arg" | $Xsed -e 's/^-L//'`
+        # We need an absolute path.
+        case $dir in
+-       [\\/]* | [A-Za-z]:[\\/]*) ;;
++       =* | [\\/]* | [A-Za-z]:[\\/]*) ;;
+        *)
+          absdir=`cd "$dir" && pwd`
+          if test -z "$absdir"; then
+@@ -2558,7 +2558,7 @@ EOF
+            $echo "*** $linklib is not portable!"
+          fi
+          if test "$linkmode" = lib &&
+-            test "$hardcode_into_libs" = yes; then
++             test "x$wrs_use_rpaths" = "xyes" && test "$hardcode_into_libs" = yes; then
+            # Hardcode the library path.
+            # Skip directories that are in the system default run-time
+            # search path.
+@@ -2832,7 +2832,7 @@ EOF
+ 
+        if test "$linkmode" = lib; then
+          if test -n "$dependency_libs" &&
+-            { test "$hardcode_into_libs" != yes ||
++             { test "$hardcode_into_libs" != yes || test "x$wrs_use_rpaths" != "xyes" ||
+               test "$build_old_libs" = yes ||
+               test "$link_static" = yes; }; then
+            # Extract -R from dependency_libs
+@@ -3426,7 +3426,8 @@ EOF
+          *) finalize_rpath="$finalize_rpath $libdir" ;;
+          esac
+        done
+-       if test "$hardcode_into_libs" != yes || test "$build_old_libs" = yes; then
++        if test "$hardcode_into_libs" != yes || test "x$wrs_use_rpaths" != "xyes" ||
++           test "$build_old_libs" = yes; then
+          dependency_libs="$temp_xrpath $dependency_libs"
+        fi
+       fi
+@@ -3843,7 +3844,7 @@ EOF
+         case $archive_cmds in
+           *\$LD\ *) wl= ;;
+         esac
+-       if test "$hardcode_into_libs" = yes; then
++        if test "$hardcode_into_libs" = yes && test "x$wrs_use_rpaths" = "xyes" ; then
+          # Hardcode the library paths
+          hardcode_libdirs=
+          dep_rpath=
+@@ -4397,6 +4398,27 @@ EOF
+       # Now hardcode the library paths
+       rpath=
+       hardcode_libdirs=
++
++      # short circuit putting rpaths in executables
++      #
++      if test "x$wrs_use_rpaths" != "xyes" ; then
++        flag=
++        for libdir in $compile_rpath; do
++          case $(echo $libdir | ${SED} 's,/[/]*,/,g') in
++            /usr/lib/* | /usr/lib32/* | /usr/lib64/* ) flag="$flag $libdir" ;;
++          esac
++        done
++        compile_rpath="$flag"
++
++        flag=
++        for libdir in $finalize_rpath; do
++          case $(echo $libdir | ${SED} 's,/[/]*,/,g') in
++            /usr/lib/* | /usr/lib32/* | /usr/lib64/* ) flag="$flag $libdir" ;;
++          esac
++        done
++        finalize_rpath="$flag"
++      fi
++
+       for libdir in $compile_rpath $finalize_rpath; do
+        if test -n "$hardcode_libdir_flag_spec"; then
+          if test -n "$hardcode_libdir_separator"; then
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/fix-libtool-name.patch b/meta-webserver/recipes-httpd/apache2/apache2/fix-libtool-name.patch
new file mode 100644
index 000000000..027af04c3
--- /dev/null
+++ b/meta-webserver/recipes-httpd/apache2/apache2/fix-libtool-name.patch
@@ -0,0 +1,55 @@
+Fix build scripts to use correct libtool filename
+
+Upstream-Status: Inappropriate [configuration]
+
+---
+ httpd-2.4.2/build/config_vars.sh.in |    2 +-
+ httpd-2.4.2/configure               |    2 +-
+ httpd-2.4.2/configure.in            |    2 +-
+ httpd-2.4.2/support/apxs.in         |    2 +-
+ 4 files changed, 4 insertions(+), 4 deletions(-)
+
+--- a/build/config_vars.sh.in
++++ b/build/config_vars.sh.in
+@@ -35,7 +35,7 @@ else
+    APU_CONFIG=@APU_CONFIG@
+ fi
+ 
+-APR_LIBTOOL="`${APR_CONFIG} --apr-libtool`"
++APR_LIBTOOL="`${APR_CONFIG} --apr-libtool | sed -e s,libtool,${host_alias}-libtool,`"
+ APR_INCLUDEDIR="`${APR_CONFIG} --includedir`"
+ test -n "@APU_CONFIG@" && APU_INCLUDEDIR="`${APU_CONFIG} --includedir`"
+ 
+--- a/configure
++++ b/configure
+@@ -6205,7 +6205,7 @@ case $host in
+       if test "x$LTFLAGS" = "x"; then
+           LTFLAGS='--silent'
+       fi
+-      my_libtool=`$apr_config --apr-libtool`
++      my_libtool=`$apr_config --apr-libtool | sed -e s,libtool,${host_alias}-libtool,`
+       LIBTOOL="$my_libtool \$(LTFLAGS)"
+       libtoolversion=`$my_libtool --version`
+       case $libtoolversion in
+--- a/configure.in
++++ b/configure.in
+@@ -264,7 +264,7 @@ case $host in
+       if test "x$LTFLAGS" = "x"; then
+           LTFLAGS='--silent'
+       fi
+-      my_libtool=`$apr_config --apr-libtool`
++      my_libtool=`$apr_config --apr-libtool | sed -e s,libtool,${host_alias}-libtool,`
+       LIBTOOL="$my_libtool \$(LTFLAGS)"
+       libtoolversion=`$my_libtool --version`
+       case $libtoolversion in
+--- a/support/apxs.in
++++ b/support/apxs.in
+@@ -352,7 +352,7 @@ if ($apr_major_version < 2) {
+     }
+ }
+ 
+-my $libtool = `$apr_config --apr-libtool`;
++my $libtool = `$apr_config --apr-libtool| sed -e s,libtool,${host_alias}-libtool,`;
+ chomp($libtool);
+ 
+ my $apr_includedir = `$apr_config --includes`;
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.1-corelimit.patch b/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.1-corelimit.patch
new file mode 100644
index 000000000..18e4107ec
--- /dev/null
+++ b/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.1-corelimit.patch
@@ -0,0 +1,37 @@
+
+Bump up the core size limit if CoreDumpDirectory is
+configured.
+
+Upstream-Status: Pending 
+
+Note: upstreaming was discussed but there are competing desires;
+        there are portability oddities here too.
+
+--- httpd-2.4.1/server/core.c.corelimit
++++ httpd-2.4.1/server/core.c
+@@ -4433,6 +4433,25 @@ static int core_post_config(apr_pool_t *
+     }
+     apr_pool_cleanup_register(pconf, NULL, ap_mpm_end_gen_helper,
+                               apr_pool_cleanup_null);
++
++#ifdef RLIMIT_CORE
++    if (ap_coredumpdir_configured) {
++        struct rlimit lim;
++
++        if (getrlimit(RLIMIT_CORE, &lim) == 0 && lim.rlim_cur == 0) {
++            lim.rlim_cur = lim.rlim_max;
++            if (setrlimit(RLIMIT_CORE, &lim) == 0) {
++                ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
++                             "core dump file size limit raised to %lu bytes",
++                             lim.rlim_cur);
++            } else {
++                ap_log_error(APLOG_MARK, APLOG_NOTICE, errno, NULL,
++                             "core dump file size is zero, setrlimit failed");
++            }
++        }
++    }
++#endif
++
+     return OK;
+ }
+ 
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.1-selinux.patch b/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.1-selinux.patch
new file mode 100644
index 000000000..873328d9b
--- /dev/null
+++ b/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.1-selinux.patch
@@ -0,0 +1,63 @@
+
+Log the SELinux context at startup.
+
+Upstream-Status: Inappropriate [other]
+
+Note: unlikely to be any interest in this upstream
+
+--- httpd-2.4.1/configure.in.selinux
++++ httpd-2.4.1/configure.in
+@@ -458,6 +458,11 @@ fopen64
+ dnl confirm that a void pointer is large enough to store a long integer
+ APACHE_CHECK_VOID_PTR_LEN
+ 
++AC_CHECK_LIB(selinux, is_selinux_enabled, [
++   AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported])
++   APR_ADDTO(AP_LIBS, [-lselinux])
++])
++
+ AC_CACHE_CHECK([for gettid()], ac_cv_gettid,
+ [AC_TRY_RUN(#define _GNU_SOURCE
+ #include <unistd.h>
+--- httpd-2.4.1/server/core.c.selinux
++++ httpd-2.4.1/server/core.c
+@@ -58,6 +58,10 @@
+ #include <unistd.h>
+ #endif
+ 
++#ifdef HAVE_SELINUX
++#include <selinux/selinux.h>
++#endif
++
+ /* LimitRequestBody handling */
+ #define AP_LIMIT_REQ_BODY_UNSET         ((apr_off_t) -1)
+ #define AP_DEFAULT_LIMIT_REQ_BODY       ((apr_off_t) 0)
+@@ -4452,6 +4456,28 @@ static int core_post_config(apr_pool_t *
+     }
+ #endif
+ 
++#ifdef HAVE_SELINUX
++    {
++        static int already_warned = 0;
++        int is_enabled = is_selinux_enabled() > 0;
++        
++        if (is_enabled && !already_warned) {
++            security_context_t con;
++            
++            if (getcon(&con) == 0) {
++                
++                ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
++                             "SELinux policy enabled; "
++                             "httpd running as context %s", con);
++                
++                already_warned = 1;
++                
++                freecon(con);
++            }
++        }
++    }
++#endif
++
+     return OK;
+ }
+ 
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.4-export.patch b/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.4-export.patch
new file mode 100644
index 000000000..afbed8e55
--- /dev/null
+++ b/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.4-export.patch
@@ -0,0 +1,22 @@
+
+There is no need to "suck in" the apr/apr-util symbols when using
+a shared libapr{,util}, it just bloats the symbol table; so don't.
+
+Upstream-HEAD: needed
+Upstream-2.0: omit
+Upstream-Status: Pending
+
+Note: EXPORT_DIRS change is conditional on using shared apr
+
+--- httpd-2.4.4/server/Makefile.in.export
++++ httpd-2.4.4/server/Makefile.in
+@@ -57,9 +57,6 @@ export_files:
+        ( for dir in $(EXPORT_DIRS); do \
+              ls $$dir/*.h ; \
+          done; \
+-         for dir in $(EXPORT_DIRS_APR); do \
+-             ls $$dir/ap[ru].h $$dir/ap[ru]_*.h 2>/dev/null; \
+-         done; \
+        ) | sed -e s,//,/,g | sort -u > $@
+ 
+ exports.c: export_files
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/npn-patch-2.4.7.patch b/meta-webserver/recipes-httpd/apache2/apache2/npn-patch-2.4.7.patch
new file mode 100644
index 000000000..a4f185501
--- /dev/null
+++ b/meta-webserver/recipes-httpd/apache2/apache2/npn-patch-2.4.7.patch
@@ -0,0 +1,289 @@
+Add support for TLS Next Protocol Negotiation:
+
+* modules/ssl/mod_ssl.c, modules/ssl/mod_ssl.h: Add and implement new
+  hooks for next protocol advertisement/discovery.
+
+* modules/ssl/ssl_engine_init.c (ssl_init_ctx_callbacks): Enable
+  NPN advertisement callback in handshake.
+
+* modules/ssl/ssl_engine_io.c (ssl_io_filter_input): Invoke
+  next-protocol discovery hook.
+
+* modules/ssl/ssl_engine_kernel.c (ssl_callback_AdvertiseNextProtos):
+  New callback.
+
+* modules/ssl/ssl_private.h: Add prototype.
+
+Submitted by: Matthew Steele <mdsteele google.com>
+  with slight tweaks by jorton
+
+http://svn.apache.org/viewvc?view=revision&revision=1332643
+https://bugzilla.redhat.com//show_bug.cgi?id=809599
+Upstream-Status: Backport
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ CHANGES                         |  2 +
+ modules/ssl/mod_ssl.c           | 12 ++++++
+ modules/ssl/mod_ssl.h           | 21 +++++++++++
+ modules/ssl/ssl_engine_init.c   |  5 +++
+ modules/ssl/ssl_engine_io.c     | 24 ++++++++++++
+ modules/ssl/ssl_engine_kernel.c | 82 +++++++++++++++++++++++++++++++++++++++++
+ modules/ssl/ssl_private.h       |  6 +++
+ 7 files changed, 152 insertions(+)
+
+diff --git a/CHANGES b/CHANGES
+--- a/CHANGES
++++ b/CHANGES
+@@ -1,6 +1,8 @@
+                                                          -*- coding: utf-8 -*-
+ 
+ Changes with Apache 2.4.7
++  *) mod_ssl: Add support for TLS Next Protocol Negotiation.  PR 52210.
++     [Matthew Steele <mdsteele google.com>]
+ 
+   *) APR 1.5.0 or later is now required for the event MPM.
+   
+diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c
+--- a/modules/ssl/mod_ssl.c
++++ b/modules/ssl/mod_ssl.c
+@@ -275,6 +275,18 @@ static const command_rec ssl_config_cmds[] = {
+     AP_END_CMD
+ };
+ 
++/* Implement 'modssl_run_npn_advertise_protos_hook'. */
++APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(
++    modssl, AP, int, npn_advertise_protos_hook,
++    (conn_rec *connection, apr_array_header_t *protos),
++    (connection, protos), OK, DECLINED);
++
++/* Implement 'modssl_run_npn_proto_negotiated_hook'. */
++APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(
++    modssl, AP, int, npn_proto_negotiated_hook,
++    (conn_rec *connection, const char *proto_name, apr_size_t proto_name_len),
++    (connection, proto_name, proto_name_len), OK, DECLINED);
++
+ /*
+  *  the various processing hooks
+  */
+diff --git a/modules/ssl/mod_ssl.h b/modules/ssl/mod_ssl.h
+--- a/modules/ssl/mod_ssl.h
++++ b/modules/ssl/mod_ssl.h
+@@ -63,5 +63,26 @@ APR_DECLARE_OPTIONAL_FN(int, ssl_proxy_enable, (conn_rec *));
+ 
+ APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *));
+ 
++/** The npn_advertise_protos optional hook allows other modules to add entries
++ * to the list of protocol names advertised by the server during the Next
++ * Protocol Negotiation (NPN) portion of the SSL handshake.  The hook callee is
++ * given the connection and an APR array; it should push one or more char*'s
++ * pointing to null-terminated strings (such as "http/1.1" or "spdy/2") onto
++ * the array and return OK, or do nothing and return DECLINED. */
++APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_advertise_protos_hook,
++                          (conn_rec *connection, apr_array_header_t *protos));
++
++/** The npn_proto_negotiated optional hook allows other modules to discover the
++ * name of the protocol that was chosen during the Next Protocol Negotiation
++ * (NPN) portion of the SSL handshake.  Note that this may be the empty string
++ * (in which case modules should probably assume HTTP), or it may be a protocol
++ * that was never even advertised by the server.  The hook callee is given the
++ * connection, a non-null-terminated string containing the protocol name, and
++ * the length of the string; it should do something appropriate (i.e. insert or
++ * remove filters) and return OK, or do nothing and return DECLINED. */
++APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_proto_negotiated_hook,
++                          (conn_rec *connection, const char *proto_name,
++                           apr_size_t proto_name_len));
++
+ #endif /* __MOD_SSL_H__ */
+ /** @} */
+diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
+--- a/modules/ssl/ssl_engine_init.c
++++ b/modules/ssl/ssl_engine_init.c
+@@ -546,6 +546,11 @@ static void ssl_init_ctx_callbacks(server_rec *s,
+     SSL_CTX_set_tmp_dh_callback(ctx,  ssl_callback_TmpDH);
+ 
+     SSL_CTX_set_info_callback(ctx, ssl_callback_Info);
++
++#ifdef HAVE_TLS_NPN
++    SSL_CTX_set_next_protos_advertised_cb(
++        ctx, ssl_callback_AdvertiseNextProtos, NULL);
++#endif
+ }
+ 
+ static void ssl_init_ctx_verify(server_rec *s,
+diff --git a/modules/ssl/ssl_engine_io.c b/modules/ssl/ssl_engine_io.c
+--- a/modules/ssl/ssl_engine_io.c
++++ b/modules/ssl/ssl_engine_io.c
+@@ -28,6 +28,7 @@
+                                   core keeps dumping.''
+                                             -- Unknown    */
+ #include "ssl_private.h"
++#include "mod_ssl.h"
+ #include "apr_date.h"
+ 
+ /*  _________________________________________________________________
+@@ -297,6 +298,7 @@ typedef struct {
+     apr_pool_t *pool;
+     char buffer[AP_IOBUFSIZE];
+     ssl_filter_ctx_t *filter_ctx;
++    int npn_finished;  /* 1 if NPN has finished, 0 otherwise */
+ } bio_filter_in_ctx_t;
+ 
+ /*
+@@ -1412,6 +1414,27 @@ static apr_status_t ssl_io_filter_input(ap_filter_t *f,
+         APR_BRIGADE_INSERT_TAIL(bb, bucket);
+     }
+ 
++#ifdef HAVE_TLS_NPN
++    /* By this point, Next Protocol Negotiation (NPN) should be completed (if
++     * our version of OpenSSL supports it).  If we haven't already, find out
++     * which protocol was decided upon and inform other modules by calling
++     * npn_proto_negotiated_hook. */
++    if (!inctx->npn_finished) {
++        const unsigned char *next_proto = NULL;
++        unsigned next_proto_len = 0;
++
++        SSL_get0_next_proto_negotiated(
++            inctx->ssl, &next_proto, &next_proto_len);
++        ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, f->c,
++                      "SSL NPN negotiated protocol: '%s'",
++                      apr_pstrmemdup(f->c->pool, (const char*)next_proto,
++                                     next_proto_len));
++        modssl_run_npn_proto_negotiated_hook(
++            f->c, (const char*)next_proto, next_proto_len);
++        inctx->npn_finished = 1;
++    }
++#endif
++
+     return APR_SUCCESS;
+ }
+ 
+@@ -1893,6 +1916,7 @@ static void ssl_io_input_add_filter(ssl_filter_ctx_t *filter_ctx, conn_rec *c,
+     inctx->block = APR_BLOCK_READ;
+     inctx->pool = c->pool;
+     inctx->filter_ctx = filter_ctx;
++    inctx->npn_finished = 0;
+ }
+ 
+ /* The request_rec pointer is passed in here only to ensure that the
+diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
+--- a/modules/ssl/ssl_engine_kernel.c
++++ b/modules/ssl/ssl_engine_kernel.c
+@@ -29,6 +29,7 @@
+                                   time I was too famous.''
+                                             -- Unknown                */
+ #include "ssl_private.h"
++#include "mod_ssl.h"
+ #include "util_md5.h"
+ 
+ static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn);
+@@ -2139,3 +2140,84 @@ int ssl_callback_SRPServerParams(SSL *ssl, int *ad, void *arg)
+ }
+ 
+ #endif /* HAVE_SRP */
++
++#ifdef HAVE_TLS_NPN
++/*
++ * This callback function is executed when SSL needs to decide what protocols
++ * to advertise during Next Protocol Negotiation (NPN).  It must produce a
++ * string in wire format -- a sequence of length-prefixed strings -- indicating
++ * the advertised protocols.  Refer to SSL_CTX_set_next_protos_advertised_cb
++ * in OpenSSL for reference.
++ */
++int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data_out,
++                                     unsigned int *size_out, void *arg)
++{
++    conn_rec *c = (conn_rec*)SSL_get_app_data(ssl);
++    apr_array_header_t *protos;
++    int num_protos;
++    unsigned int size;
++    int i;
++    unsigned char *data;
++    unsigned char *start;
++
++    *data_out = NULL;
++    *size_out = 0;
++
++    /* If the connection object is not available, then there's nothing for us
++     * to do. */
++    if (c == NULL) {
++        return SSL_TLSEXT_ERR_OK;
++    }
++
++    /* Invoke our npn_advertise_protos hook, giving other modules a chance to
++     * add alternate protocol names to advertise. */
++    protos = apr_array_make(c->pool, 0, sizeof(char*));
++    modssl_run_npn_advertise_protos_hook(c, protos);
++    num_protos = protos->nelts;
++
++    /* We now have a list of null-terminated strings; we need to concatenate
++     * them together into a single string, where each protocol name is prefixed
++     * by its length.  First, calculate how long that string will be. */
++    size = 0;
++    for (i = 0; i < num_protos; ++i) {
++        const char *string = APR_ARRAY_IDX(protos, i, const char*);
++        unsigned int length = strlen(string);
++        /* If the protocol name is too long (the length must fit in one byte),
++         * then log an error and skip it. */
++        if (length > 255) {
++            ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c,
++                          "SSL NPN protocol name too long (length=%u): %s",
++                          length, string);
++            continue;
++        }
++        /* Leave room for the length prefix (one byte) plus the protocol name
++         * itself. */
++        size += 1 + length;
++    }
++
++    /* If there is nothing to advertise (either because no modules added
++     * anything to the protos array, or because all strings added to the array
++     * were skipped), then we're done. */
++    if (size == 0) {
++        return SSL_TLSEXT_ERR_OK;
++    }
++
++    /* Now we can build the string.  Copy each protocol name string into the
++     * larger string, prefixed by its length. */
++    data = apr_palloc(c->pool, size * sizeof(unsigned char));
++    start = data;
++    for (i = 0; i < num_protos; ++i) {
++        const char *string = APR_ARRAY_IDX(protos, i, const char*);
++        apr_size_t length = strlen(string);
++        *start = (unsigned char)length;
++        ++start;
++        memcpy(start, string, length * sizeof(unsigned char));
++        start += length;
++    }
++
++    /* Success. */
++    *data_out = data;
++    *size_out = size;
++    return SSL_TLSEXT_ERR_OK;
++}
++#endif /* HAVE_TLS_NPN */
+diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h
+--- a/modules/ssl/ssl_private.h
++++ b/modules/ssl/ssl_private.h
+@@ -123,6 +123,11 @@
+ #define MODSSL_SSL_METHOD_CONST
+ #endif
+ 
++#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_NEXTPROTONEG) \
++    && !defined(OPENSSL_NO_TLSEXT)
++#define HAVE_TLS_NPN
++#endif
++
+ #if defined(OPENSSL_FIPS)
+ #define HAVE_FIPS
+ #endif
+@@ -800,6 +805,7 @@ int          ssl_callback_ServerNameIndication(SSL *, int *, modssl_ctx_t *);
+ int         ssl_callback_SessionTicket(SSL *, unsigned char *, unsigned char *,
+                                        EVP_CIPHER_CTX *, HMAC_CTX *, int);
+ #endif
++int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data, unsigned int *len, void *arg);
+ 
+ /**  Session Cache Support  */
+ void         ssl_scache_init(server_rec *, apr_pool_t *);
+-- 
+1.8.1.2
+
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/replace-lynx-to-curl-in-apachectl-script.patch b/meta-webserver/recipes-httpd/apache2/apache2/replace-lynx-to-curl-in-apachectl-script.patch
new file mode 100644
index 000000000..584ddc8d9
--- /dev/null
+++ b/meta-webserver/recipes-httpd/apache2/apache2/replace-lynx-to-curl-in-apachectl-script.patch
@@ -0,0 +1,52 @@
+From 760ccbb2fb046621a2aeaecabb2b1ef9aa280cf1 Mon Sep 17 00:00:00 2001
+From: Yulong Pei <Yulong.pei@windriver.com>
+Date: Thu, 1 Sep 2011 01:03:14 +0800
+Subject: [PATCH] replace lynx to curl in apachectl script
+
+Upstream-Status: Inappropriate [configuration]
+
+Signed-off-by: Yulong Pei <Yulong.pei@windriver.com>
+---
+ support/apachectl.in |   14 ++++++++++----
+ 1 files changed, 10 insertions(+), 4 deletions(-)
+
+diff --git a/support/apachectl.in b/support/apachectl.in
+index d4dff38..109ea13 100644
+--- a/support/apachectl.in
++++ b/support/apachectl.in
+@@ -51,11 +51,11 @@ fi
+ # a command that outputs a formatted text version of the HTML at the
+ # url given on the command line.  Designed for lynx, however other
+ # programs may work.  
+-LYNX="@LYNX_PATH@ -dump"
++CURL="/usr/bin/curl"
+ #
+ # the URL to your server's mod_status status page.  If you do not
+ # have one, then status and fullstatus will not work.
+-STATUSURL="http://localhost:@PORT@/server-status"
++STATUSURL="http://localhost:@PORT@/"
+ #
+ # Set this variable to a command that increases the maximum
+ # number of file descriptors allowed per child process. This is
+@@ -91,10 +91,16 @@ configtest)
+     ERROR=$?
+     ;;
+ status)
+-    $LYNX $STATUSURL | awk ' /process$/ { print; exit } { print } '
++    $CURL -s $STATUSURL | grep -o "It works!"
++    if [ $? != 0 ] ; then
++        echo The httpd server does not work!
++    fi
+     ;;
+ fullstatus)
+-    $LYNX $STATUSURL
++    $CURL -s $STATUSURL | grep -o "It works!"
++    if [ $? != 0 ] ; then
++        echo The httpd server does not work!
++    fi
+     ;;
+ *)
+     $HTTPD $ARGV
+-- 
+1.6.4
+
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/server-makefile.patch b/meta-webserver/recipes-httpd/apache2/apache2/server-makefile.patch
new file mode 100644
index 000000000..f1349cb6a
--- /dev/null
+++ b/meta-webserver/recipes-httpd/apache2/apache2/server-makefile.patch
@@ -0,0 +1,11 @@
+--- http-2.0.54/server/Makefile.in-old  2005-12-20 13:26:56.000000000 -0500
++++ http-2.0.54/server/Makefile.in      2005-12-20 13:27:22.000000000 -0500
+@@ -27,7 +27,7 @@
+        $(LINK) $(EXTRA_LDFLAGS) $(gen_test_char_OBJECTS) $(EXTRA_LIBS)
+ 
+ test_char.h: gen_test_char
+-       ./gen_test_char > test_char.h
++       gen_test_char > test_char.h
+ 
+ util.lo: test_char.h
+ 
diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.10.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.10.bb
new file mode 100644
index 000000000..d79d40bd2
--- /dev/null
+++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.10.bb
@@ -0,0 +1,160 @@
+DESCRIPTION = "The Apache HTTP Server is a powerful, efficient, and \
+extensible web server."
+SUMMARY = "Apache HTTP Server"
+HOMEPAGE = "http://httpd.apache.org/"
+DEPENDS = "libtool-native apache2-native openssl expat pcre apr apr-util"
+SECTION = "net"
+LICENSE = "Apache-2.0"
+
+SRC_URI = "http://www.apache.org/dist/httpd/httpd-${PV}.tar.bz2 \
+           file://server-makefile.patch \
+           file://httpd-2.4.1-corelimit.patch \
+           file://httpd-2.4.4-export.patch \
+           file://httpd-2.4.1-selinux.patch \
+           file://apache-configure_perlbin.patch \
+           file://replace-lynx-to-curl-in-apachectl-script.patch \
+           file://apache-ssl-ltmain-rpath.patch \
+           file://httpd-2.4.3-fix-race-issue-of-dir-install.patch \
+           file://npn-patch-2.4.7.patch \
+           file://0001-configure-use-pkg-config-for-PCRE-detection.patch \
+           file://init \
+           file://apache2-volatile.conf \
+           file://apache2.service \
+           file://apache-CVE-2014-0117.patch \
+          "
+
+LIC_FILES_CHKSUM = "file://LICENSE;md5=dbff5a2b542fa58854455bf1a0b94b83"
+SRC_URI[md5sum] = "44543dff14a4ebc1e9e2d86780507156"
+SRC_URI[sha256sum] = "176c4dac1a745f07b7b91e7f4fd48f9c48049fa6f088efe758d61d9738669c6a"
+
+S = "${WORKDIR}/httpd-${PV}"
+
+inherit autotools update-rc.d pkgconfig systemd
+
+SYSTEMD_SERVICE_${PN} = "apache2.service"
+SYSTEMD_AUTO_ENABLE_${PN} = "disable"
+
+SSTATE_SCAN_FILES += "apxs config_vars.mk config.nice"
+
+CFLAGS_append = " -DPATH_MAX=4096"
+CFLAGS_prepend = "-I${STAGING_INCDIR}/openssl "
+EXTRA_OECONF = "--enable-ssl \
+    --with-ssl=${STAGING_LIBDIR}/.. \
+    --with-expat=${STAGING_LIBDIR}/.. \
+    --with-apr=${STAGING_BINDIR_CROSS}/apr-1-config \
+    --with-apr-util=${STAGING_BINDIR_CROSS}/apu-1-config \
+    --enable-info \
+    --enable-rewrite \
+    --with-dbm=sdbm \
+    --with-berkeley-db=no \
+    --localstatedir=/var/${BPN} \
+    --with-gdbm=no \
+    --with-ndbm=no \
+    --includedir=${includedir}/${BPN} \
+    --datadir=${datadir}/${BPN} \
+    --sysconfdir=${sysconfdir}/${BPN} \
+    --libexecdir=${libdir}/${BPN}/modules \
+    ap_cv_void_ptr_lt_long=no \
+    --enable-mpms-shared \
+    ac_cv_have_threadsafe_pollset=no"
+
+do_install_append() {
+    install -d ${D}/${sysconfdir}/init.d
+    cat ${WORKDIR}/init | \
+        sed -e 's,/usr/sbin/,${sbindir}/,g' \
+            -e 's,/usr/bin/,${bindir}/,g' \
+            -e 's,/usr/lib,${libdir}/,g' \
+            -e 's,/etc/,${sysconfdir}/,g' \
+            -e 's,/usr/,${prefix}/,g' > ${D}/${sysconfdir}/init.d/${BPN}
+    chmod 755 ${D}/${sysconfdir}/init.d/${BPN}
+    # remove the goofy original files...
+    rm -rf ${D}/${sysconfdir}/${BPN}/original
+    # Expat should be found in the staging area via DEPENDS...
+    rm -f ${D}/${libdir}/libexpat.*
+
+    install -d ${D}${sysconfdir}/${BPN}/conf.d
+    install -d ${D}${sysconfdir}/${BPN}/modules.d
+
+    # Ensure configuration file pulls in conf.d and modules.d
+    printf "\nIncludeOptional ${sysconfdir}/${BPN}/conf.d/*.conf" >> ${D}/${sysconfdir}/${BPN}/httpd.conf
+    printf "\nIncludeOptional ${sysconfdir}/${BPN}/modules.d/*.conf\n\n" >> ${D}/${sysconfdir}/${BPN}/httpd.conf
+    # match with that is in init script
+    printf "\nPidFile /run/httpd.pid" >> ${D}/${sysconfdir}/${BPN}/httpd.conf
+    # Set 'ServerName' to fix error messages when restart apache service
+    sed -i 's/^#ServerName www.example.com/ServerName localhost/' ${D}/${sysconfdir}/${BPN}/httpd.conf
+
+    if ${@base_contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then 
+        install -d ${D}${sysconfdir}/tmpfiles.d/
+        install -m 0644 ${WORKDIR}/apache2-volatile.conf ${D}${sysconfdir}/tmpfiles.d/
+    fi
+
+    install -d ${D}${systemd_unitdir}/system
+    install -m 0644 ${WORKDIR}/apache2.service ${D}${systemd_unitdir}/system
+    sed -i -e 's,@SBINDIR@,${sbindir},g' ${D}${systemd_unitdir}/system/apache2.service
+    sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' ${D}${systemd_unitdir}/system/apache2.service
+}
+
+SYSROOT_PREPROCESS_FUNCS += "apache_sysroot_preprocess"
+
+apache_sysroot_preprocess () {
+    install -d ${SYSROOT_DESTDIR}${bindir_crossscripts}/
+    install -m 755 ${D}${bindir}/apxs ${SYSROOT_DESTDIR}${bindir_crossscripts}/
+    sed -i 's!my $installbuilddir = .*!my $installbuilddir = "${STAGING_DIR_HOST}/${datadir}/${BPN}/build";!' ${SYSROOT_DESTDIR}${bindir_crossscripts}/apxs
+    sed -i 's!my $libtool = .*!my $libtool = "${STAGING_BINDIR_CROSS}/${TARGET_PREFIX}libtool";!' ${SYSROOT_DESTDIR}${bindir_crossscripts}/apxs
+
+    sed -i 's!^APR_CONFIG = .*!APR_CONFIG = ${STAGING_BINDIR_CROSS}/apr-1-config!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk
+    sed -i 's!^APU_CONFIG = .*!APU_CONFIG = ${STAGING_BINDIR_CROSS}/apu-1-config!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk
+    sed -i 's!^includedir = .*!includedir = ${STAGING_INCDIR}/apache2!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk
+}
+
+#
+# implications - used by update-rc.d scripts
+#
+INITSCRIPT_NAME = "apache2"
+INITSCRIPT_PARAMS = "defaults 91 20"
+LEAD_SONAME = "libapr-1.so.0"
+
+PACKAGES = "${PN}-scripts ${PN}-doc ${PN}-dev ${PN}-dbg ${PN}"
+
+CONFFILES_${PN} = "${sysconfdir}/${BPN}/httpd.conf \
+                   ${sysconfdir}/${BPN}/magic \
+                   ${sysconfdir}/${BPN}/mime.types \
+                   ${sysconfdir}/init.d/${BPN} "
+
+# we override here rather than append so that .so links are
+# included in the runtime package rather than here (-dev)
+# and to get build, icons, error into the -dev package
+FILES_${PN}-dev = "${datadir}/${BPN}/build \
+                   ${datadir}/${BPN}/icons \
+                   ${datadir}/${BPN}/error \
+                   ${bindir}/apr-config ${bindir}/apu-config \
+                   ${libdir}/apr*.exp \
+                   ${includedir}/${BPN} \
+                   ${libdir}/*.la \
+                   ${libdir}/*.a \
+                   ${bindir}/apxs \
+                "
+
+
+# manual to manual
+FILES_${PN}-doc += " ${datadir}/${BPN}/manual"
+
+FILES_${PN}-scripts += "${bindir}/dbmmanage"
+
+#
+# override this too - here is the default, less datadir
+#
+FILES_${PN} =  "${bindir} ${sbindir} ${libexecdir} ${libdir}/lib*.so.* ${sysconfdir} \
+                ${sharedstatedir} ${localstatedir} /bin /sbin /lib/*.so* \
+                ${libdir}/${BPN}"
+
+# we want htdocs and cgi-bin to go with the binary
+FILES_${PN} += "${datadir}/${BPN}/htdocs ${datadir}/${BPN}/cgi-bin"
+
+#make sure the lone .so links also get wrapped in the base package
+FILES_${PN} += "${libdir}/lib*.so ${libdir}/pkgconfig/*"
+
+FILES_${PN}-dbg += "${libdir}/${BPN}/modules/.debug"
+
+RDEPENDS_${PN} += "openssl libgcc"
+RDEPENDS_${PN}-scripts += "perl ${PN}"
diff --git a/meta-webserver/recipes-httpd/apache2/files/0001-configure-use-pkg-config-for-PCRE-detection.patch b/meta-webserver/recipes-httpd/apache2/files/0001-configure-use-pkg-config-for-PCRE-detection.patch
new file mode 100644
index 000000000..63096db0a
--- /dev/null
+++ b/meta-webserver/recipes-httpd/apache2/files/0001-configure-use-pkg-config-for-PCRE-detection.patch
@@ -0,0 +1,52 @@
+From d8837756f2a48adcfe5d645c39cf163d96eac76c Mon Sep 17 00:00:00 2001
+From: Koen Kooi <koen.kooi@linaro.org>
+Date: Tue, 17 Jun 2014 09:10:57 +0200
+Subject: [PATCH] configure: use pkg-config for PCRE detection
+
+Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
+Upstream-Status: pending
+---
+ configure.in | 27 +++++----------------------
+ 1 file changed, 5 insertions(+), 22 deletions(-)
+
+diff --git a/configure.in b/configure.in
+index 864d7c7..da4138e 100644
+--- a/configure.in
++++ b/configure.in
+@@ -215,28 +215,11 @@ fi
+ AC_ARG_WITH(pcre,
+ APACHE_HELP_STRING(--with-pcre=PATH,Use external PCRE library))
+ 
+-AC_PATH_PROG(PCRE_CONFIG, pcre-config, false)
+-if test -d "$with_pcre" && test -x "$with_pcre/bin/pcre-config"; then
+-   PCRE_CONFIG=$with_pcre/bin/pcre-config
+-elif test -x "$with_pcre"; then
+-   PCRE_CONFIG=$with_pcre
+-fi
+-
+-if test "$PCRE_CONFIG" != "false"; then
+-  if $PCRE_CONFIG --version >/dev/null 2>&1; then :; else
+-    AC_MSG_ERROR([Did not find pcre-config script at $PCRE_CONFIG])
+-  fi
+-  case `$PCRE_CONFIG --version` in
+-  [[1-5].*])
+-    AC_MSG_ERROR([Need at least pcre version 6.0])
+-    ;;
+-  esac
+-  AC_MSG_NOTICE([Using external PCRE library from $PCRE_CONFIG])
+-  APR_ADDTO(PCRE_INCLUDES, [`$PCRE_CONFIG --cflags`])
+-  APR_ADDTO(PCRE_LIBS, [`$PCRE_CONFIG --libs`])
+-else
+-  AC_MSG_ERROR([pcre-config for libpcre not found. PCRE is required and available from http://pcre.org/])
+-fi
++PKG_CHECK_MODULES([PCRE], [libpcre], [
++  AC_DEFINE([HAVE_PCRE], [1], [Define if you have PCRE library])
++], [
++  AC_MSG_ERROR([$PCRE_PKG_ERRORS])
++])
+ APACHE_SUBST(PCRE_LIBS)
+ 
+ AC_MSG_NOTICE([])
+-- 
+1.9.3
+
diff --git a/meta-webserver/recipes-httpd/apache2/files/apache2-volatile.conf b/meta-webserver/recipes-httpd/apache2/files/apache2-volatile.conf
new file mode 100644
index 000000000..ff2c58704
--- /dev/null
+++ b/meta-webserver/recipes-httpd/apache2/files/apache2-volatile.conf
@@ -0,0 +1,2 @@
+d  /var/run/apache2 0755 root root -
+d  /var/log/apache2 0755 root root -
diff --git a/meta-webserver/recipes-httpd/apache2/files/apache2.service b/meta-webserver/recipes-httpd/apache2/files/apache2.service
new file mode 100644
index 000000000..f4bcf9efa
--- /dev/null
+++ b/meta-webserver/recipes-httpd/apache2/files/apache2.service
@@ -0,0 +1,14 @@
+[Unit]
+Decription=The Apache HTTP Server
+After=network.target remote-fs.target nss-lookup.target
+
+[Service]
+Type=simple
+Environment=LANG=C
+ExecStart=@SBINDIR@/httpd -DFOREGROUND -D SSL -D PHP5 -k start
+ExecStop=@BASE_BINDIR@/kill -WINCH ${MAINPID}
+KillSignal=SIGCONT
+PrivateTmp=true
+
+[Install]
+WantedBy=multi-user.target
diff --git a/meta-webserver/recipes-httpd/apache2/files/httpd-2.4.3-fix-race-issue-of-dir-install.patch b/meta-webserver/recipes-httpd/apache2/files/httpd-2.4.3-fix-race-issue-of-dir-install.patch
new file mode 100644
index 000000000..b948753b4
--- /dev/null
+++ b/meta-webserver/recipes-httpd/apache2/files/httpd-2.4.3-fix-race-issue-of-dir-install.patch
@@ -0,0 +1,21 @@
+Upstream-Status: Pending
+
+fix following race issue when do parallel install
+| mkdir: cannot create directory `/home/mypc/workspace/poky/build_p4080ds_release/tmp/work/ppce500mc-fsl_networking-linux/apache2/2.4.3-r1/image/usr/share/apache2': File exists
+...
+| mkdir: cannot create directory `/home/mypc/workspace/poky/build_p4080ds_release/tmp/work/ppce500mc-fsl_networking-linux/apache2/2.4.3-r1/image/usr/share/apache2': File exists
+| make[1]: *** [install-man] Error 1
+| make[1]: *** Waiting for unfinished jobs....
+
+-Signed-off-by: Zhenhua Luo <zhenhua.luo@freescale.com>
+--- httpd-2.4.3/build/mkdir.sh.orig     2013-01-25 03:47:21.565255420 -0600
++++ httpd-2.4.3/build/mkdir.sh  2013-01-25 03:46:17.833051230 -0600
+@@ -39,7 +39,7 @@
+         esac
+         if test ! -d "$pathcomp"; then
+             echo "mkdir $pathcomp" 1>&2
+-            mkdir "$pathcomp" || errstatus=$?
++            mkdir -p "$pathcomp" || errstatus=$?
+         fi
+         pathcomp="$pathcomp/"
+     done
diff --git a/meta-webserver/recipes-httpd/apache2/files/init b/meta-webserver/recipes-httpd/apache2/files/init
new file mode 100755
index 000000000..a1adbd74f
--- /dev/null
+++ b/meta-webserver/recipes-httpd/apache2/files/init
@@ -0,0 +1,73 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides: httpd
+# Required-Start: $local_fs $remote_fs $network $named
+# Required-Stop: $local_fs $remote_fs $network
+# Should-Start: distcache
+# Short-Description: start and stop Apache HTTP Server
+# Description: The Apache HTTP Server is an extensible server
+#  implementing the current HTTP standards.
+### END INIT INFO
+
+ARGS="-D SSL -D PHP5 -k start"
+NAME=apache2
+PATH=/bin:/usr/bin:/sbin:/usr/sbin
+DAEMON=/usr/sbin/httpd
+SUEXEC=/usr/lib/apache/suexec
+PIDFILE=/run/httpd.pid
+CONF=/etc/apache2/httpd.conf
+APACHECTL=/usr/sbin/apachectl 
+
+trap "" 1
+export LANG=C
+export PATH
+
+test -f $DAEMON || exit 0
+test -f $APACHECTL || exit 0
+
+# ensure we don't leak environment vars into apachectl
+APACHECTL="env -i LANG=${LANG} PATH=${PATH} $APACHECTL"
+
+case "$1" in
+  start)
+    echo -n "Starting web server: $NAME"
+    $APACHECTL $ARGS
+    ;;
+
+  stop)
+    $APACHECTL stop
+    ;;
+
+  reload)
+    echo -n "Reloading $NAME configuration"
+    kill -HUP `cat $PIDFILE`
+    ;;
+
+  reload-modules)
+    echo -n "Reloading $NAME modules"
+    $APACHECTL restart
+    ;;
+
+  restart)
+    $APACHECTL restart
+    exit $?
+    ;;
+
+  force-reload)
+    $0 reload-modules
+    exit $?
+    ;;
+
+  *)
+    echo "Usage: /etc/init.d/$NAME {start|stop|reload|reload-modules|force-reload|restart}"
+    exit 1
+    ;;
+esac
+
+if [ $? = 0 ]; then
+        echo .
+        exit 0
+else
+        echo failed
+        exit 1
+fi
diff --git a/meta-webserver/recipes-httpd/cherokee/cherokee/cherokee-install-configured.py-once.patch b/meta-webserver/recipes-httpd/cherokee/cherokee/cherokee-install-configured.py-once.patch
new file mode 100644
index 000000000..3336f7df7
--- /dev/null
+++ b/meta-webserver/recipes-httpd/cherokee/cherokee/cherokee-install-configured.py-once.patch
@@ -0,0 +1,40 @@
+From 98a0f19df0a31d5649ad89d395fd1b8de5591827 Mon Sep 17 00:00:00 2001
+From: Robert Yang <liezhi.yang@windriver.com>
+Date: Thu, 3 Apr 2014 21:33:25 +0800
+Subject: [PATCH] admin/Makefile.am: only install configured.py once
+
+Both the two rules install-adminpyDATA and install-generatedDATA will
+install the configured.py to the same location, they can run parallel,
+and they use "install -m", which would might build failures:
+
+/usr/bin/install: setting permissions for `/path/to/configured.py': No such file or directory
+
+This is because the first install is setting the permission while the
+second install is removing the file an re-install.
+
+Only install the configured.py once will fix the problem, I think that
+there is no side effect since it installed the same file to the same
+location twice in the past.
+
+Upstream-Status: Pending
+
+Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
+---
+ admin/Makefile.am | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/admin/Makefile.am b/admin/Makefile.am
+index ce5937b..6f96934 100644
+--- a/admin/Makefile.am
++++ b/admin/Makefile.am
+@@ -73,7 +73,6 @@ SystemStatsWidgets.py \
+ Wizard.py \
+ XMLServerDigest.py \
+ config_version.py \
+-configured.py \
+ consts.py \
+ util.py \
+ popen.py \
+-- 
+1.8.2.1
+
diff --git a/meta-webserver/recipes-httpd/cherokee/cherokee/cherokee.init b/meta-webserver/recipes-httpd/cherokee/cherokee/cherokee.init
new file mode 100644
index 000000000..93603b84d
--- /dev/null
+++ b/meta-webserver/recipes-httpd/cherokee/cherokee/cherokee.init
@@ -0,0 +1,32 @@
+#!/bin/sh
+DAEMON=/usr/sbin/cherokee
+CONFIG=/etc/cherokee/cherokee.conf
+PIDFILE=/var/run/cherokee.pid
+NAME="cherokee"
+DESC="Cherokee http server"
+
+test -r /etc/default/cherokee && . /etc/default/cherokee
+test -x "$DAEMON" || exit 0
+test ! -r "$CONFIG" && exit 0
+        
+case "$1" in
+  start)
+    echo "Starting $DESC: "
+    start-stop-daemon --oknodo -S -x $DAEMON -- -d -C $CONFIG
+    ;;
+
+  stop)
+    echo "Stopping $DESC:"
+    start-stop-daemon -K -p $PIDFILE
+    ;;
+
+  restart)
+    $0 stop >/dev/null 2>&1
+    $0 start
+    ;;
+
+  *)
+    echo "Usage: $0 {start|stop|restart}"
+    exit 0
+    ;;
+esac
diff --git a/meta-webserver/recipes-httpd/cherokee/cherokee/cherokee.service b/meta-webserver/recipes-httpd/cherokee/cherokee/cherokee.service
new file mode 100644
index 000000000..a2d703185
--- /dev/null
+++ b/meta-webserver/recipes-httpd/cherokee/cherokee/cherokee.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=Cherokee web server
+After=syslog.target
+
+[Service]
+Type=forking
+ExecStart=/usr/sbin/cherokee -d -C /etc/cherokee/cherokee.conf
+
+[Install]
+WantedBy=multi-user.target
diff --git a/meta-webserver/recipes-httpd/cherokee/cherokee_1.2.98.bb b/meta-webserver/recipes-httpd/cherokee/cherokee_1.2.98.bb
new file mode 100644
index 000000000..054858ed3
--- /dev/null
+++ b/meta-webserver/recipes-httpd/cherokee/cherokee_1.2.98.bb
@@ -0,0 +1,67 @@
+SUMMARY = "Cherokee Web Server fast and secure"
+SUMMARY_cget = "Small downloader based in the Cherokee client library"
+HOMEPAGE = "http://www.cherokee-project.com/"
+SECTION = "network"
+LICENSE = "GPLv2"
+LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
+
+PR = "r9"
+
+DEPENDS = "libpcre openssl mysql5 ${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
+
+SRC_URI = "http://www.cherokee-project.de/mirrors/cherokee/1.2/${PV}/cherokee-${PV}.tar.gz \
+           file://cherokee.init \
+           file://cherokee.service \
+           file://cherokee-install-configured.py-once.patch \
+"
+SRC_URI[md5sum] = "21b01e7d45c0e82ecc0c4257a9c27feb"
+SRC_URI[sha256sum] = "042b5687b1a3db3ca818167548ce5d32c35e227c6640732dcb622a6f4a078b7d"
+
+inherit autotools pkgconfig binconfig update-rc.d systemd
+
+PACKAGECONFIG ??= ""
+PACKAGECONFIG[ffmpeg] = "--with-ffmpeg,--without-ffmpeg,libav"
+PACKAGECONFIG[ldap] = "--with-ldap,--without-ldap,openldap"
+
+EXTRA_OECONF = "--disable-static \
+                --disable-nls \
+               ${@base_contains('DISTRO_FEATURES', 'pam', '--enable-pam', '--disable-pam', d)} \
+               --with-wwwroot=${localstatedir}/www/cherokee \
+"
+
+do_install_append () {
+    install -m 0755 -d ${D}${sysconfdir}/init.d
+    install -m 755 ${WORKDIR}/cherokee.init ${D}${sysconfdir}/init.d/cherokee
+
+    # clean up .la files for plugins
+    rm -f ${D}${libdir}/cherokee/*.la
+
+    install -d ${D}${systemd_unitdir}/system
+    install -m 0644 ${WORKDIR}/cherokee.service ${D}${systemd_unitdir}/system
+    rmdir "${D}${localstatedir}/run"
+    rmdir --ignore-fail-on-non-empty "${D}${localstatedir}"
+}
+
+# Put -dev near the front so we can move the .la files into it with a wildcard
+PACKAGES =+ "libcherokee-server libcherokee-client libcherokee-base cget"
+
+FILES_cget = "${bindir}/cget"
+FILES_libcherokee-server = "${libdir}/libcherokee-server${SOLIBS}"
+FILES_libcherokee-client = "${libdir}/libcherokee-client${SOLIBS}"
+FILES_libcherokee-base = "${libdir}/libcherokee-base${SOLIBS}"
+
+# Pack the htdocs
+FILES_${PN} += "${localstatedir}/www/cherokee"
+
+CONFFILES_${PN} = " \
+                   ${sysconfdir}/cherokee/cherokee.conf \
+                   ${sysconfdir}/init.d/cherokee \
+"
+
+INITSCRIPT_NAME = "cherokee"
+INITSCRIPT_PARAMS = "defaults 91 91"
+
+RPROVIDES_${PN} += "${PN}-systemd"
+RREPLACES_${PN} += "${PN}-systemd"
+RCONFLICTS_${PN} += "${PN}-systemd"
+SYSTEMD_SERVICE_${PN} = "cherokee.service"
diff --git a/meta-webserver/recipes-httpd/hiawatha/files/hiawatha-init b/meta-webserver/recipes-httpd/hiawatha/files/hiawatha-init
new file mode 100644
index 000000000..47fc0877a
--- /dev/null
+++ b/meta-webserver/recipes-httpd/hiawatha/files/hiawatha-init
@@ -0,0 +1,44 @@
+#!/bin/sh
+
+### BEGIN INIT INFO
+# Provides:          hiawatha httpd httpd-cgi
+# Required-Start:    $syslog $network $remote_fs
+# Required-Stop:     $syslog $network $remote_fs
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Hiawatha webserver
+# Description:       Hiawatha, a secure and advanced webserver.
+### END INIT INFO
+
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+DAEMON=sed_sbin_path/hiawatha
+NAME=hiawatha
+DESC="Hiawatha Web Server"
+OPTS=""
+
+case "$1" in
+  start)
+        echo -n "Starting $DESC: "
+        start-stop-daemon --start -x "$DAEMON" -- $OPTS
+        echo "$NAME."
+        ;;
+  stop)
+        echo -n "Stopping $DESC: "
+        start-stop-daemon --stop -x "$DAEMON"
+        echo "$NAME."
+        ;;
+  restart|force-reload)
+        echo -n "Restarting $DESC: "
+        start-stop-daemon --stop -x "$DAEMON"
+        sleep 1
+        start-stop-daemon --start -x "$DAEMON" -- $OPTS
+        echo "$NAME."
+        ;;
+  *)
+        N=/etc/init.d/$NAME
+        echo "Usage: $N {start|stop|restart|force-reload}" >&2
+        exit 1
+        ;;
+esac
+
+exit 0
diff --git a/meta-webserver/recipes-httpd/hiawatha/files/hiawatha.service b/meta-webserver/recipes-httpd/hiawatha/files/hiawatha.service
new file mode 100644
index 000000000..26cb8d03d
--- /dev/null
+++ b/meta-webserver/recipes-httpd/hiawatha/files/hiawatha.service
@@ -0,0 +1,16 @@
+[Unit]
+Description=Hiawatha Web Server
+After=network.target remote-fs.target nss-lookup.target
+
+[Service]
+Type=simple
+SyslogIdentifier=hiawatha
+ExecStartPre=/usr/sbin/hiawatha -k ; /usr/sbin/wigwam
+ExecStart= /usr/sbin/hiawatha -d
+TimeoutSec=10
+#(doesn't like this setting. Can't find files) PrivateTmp=true
+LimitNOFILE=infinity
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER CAP_FSETID CAP_SETGID CAP_SETUID 
+
+[Install]
+WantedBy=multi-user.target
diff --git a/meta-webserver/recipes-httpd/hiawatha/hiawatha_9.2.bb b/meta-webserver/recipes-httpd/hiawatha/hiawatha_9.2.bb
new file mode 100644
index 000000000..b9fa5cde8
--- /dev/null
+++ b/meta-webserver/recipes-httpd/hiawatha/hiawatha_9.2.bb
@@ -0,0 +1,66 @@
+SUMMARY = "Lightweight secure web server"
+HOMEPAGE = "http://www.hiawatha-webserver.org"
+LICENSE = "GPLv2"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=751419260aa954499f7abaabaa882bbe"
+DEPENDS = "libxml2 libxslt"
+
+SECTION = "net"
+
+SRC_URI = "http://hiawatha-webserver.org/files/${BP}.tar.gz \
+           file://hiawatha-init \
+           file://hiawatha.service "
+
+SRC_URI[md5sum] = "a77f044634884c4cc5d21dab44e822a3"
+SRC_URI[sha256sum] = "5d9cdec51c618bb3efab747030e593d9bd49dfaf3236254c8e0cb60715716dbf"
+
+INITSCRIPT_NAME = "hiawatha"
+INITSCRIPT_PARAMS = "defaults 70"
+
+SYSTEMD_SERVICE_${PN} = "hiawatha.service"
+
+inherit cmake update-rc.d systemd
+
+EXTRA_OECMAKE = " -DENABLE_IPV6=OFF \
+                  -DENABLE_CACHE=OFF \
+                  -DENABLE_DEBUG=OFF \
+                  -DENABLE_SSL=OFF \
+                  -DENABLE_TOOLKIT=OFF \
+                  -DENABLE_CHROOT=OFF \
+                  -DENABLE_XSLT=ON \
+                  -DENABLE_TOMAHAWK=OFF \
+                  -DCMAKE_INSTALL_MANDIR=${mandir} \
+                  -DCMAKE_INSTALL_BINDIR=${bindir} \
+                  -DCMAKE_INSTALL_SBINDIR=${sbindir} \
+                  -DCMAKE_INSTALL_SYSCONFDIR=${sysconfdir} \
+                  -DCMAKE_INSTALL_LIBDIR=${libdir} \
+                  -DLOG_DIR=/var/log/hiawatha \
+                  -DPID_DIR=/var/run \
+                  -DWEBROOT_DIR=/var/www/hiawatha \
+                  -DWORK_DIR=/var/lib/hiawatha "
+
+do_install_append() {
+    # Copy over init script and sed in the correct sbin path
+    sed -i 's,sed_sbin_path,${sbindir},' ${WORKDIR}/hiawatha-init
+    mkdir -p ${D}${sysconfdir}/init.d
+    install -m 0755 ${WORKDIR}/hiawatha-init ${D}${sysconfdir}/init.d/hiawatha
+
+    # configure php-fcgi to have a working configuration
+    # by default if php is installed
+    echo "Server = ${bindir}/php-cgi ; 2 ; 127.0.0.1:2005 ; nobody:nobody ; ${sysconfdir}/php/hiawatha-php5/php.ini" >> ${D}${sysconfdir}/hiawatha/php-fcgi.conf
+
+    if ${@base_contains('DISTRO_FEATURES','systemd','true','false',d)}; then
+        install -d ${D}/${systemd_unitdir}/system
+        install -m 644 ${WORKDIR}/hiawatha.service ${D}/${systemd_unitdir}/system
+    fi
+
+    rmdir "${D}${localstatedir}/run"
+    rmdir --ignore-fail-on-non-empty "${D}${localstatedir}"
+}
+
+CONFFILES_${PN} = " \
+    ${sysconfdir}/hiawatha/cgi-wrapper.conf \
+    ${sysconfdir}/hiawatha/hiawatha.conf \
+    ${sysconfdir}/hiawatha/index.xslt \
+    ${sysconfdir}/hiawatha/mimetype.conf \
+    ${sysconfdir}/hiawatha/php-fcgi.conf \
+"
diff --git a/meta-webserver/recipes-httpd/monkey/files/monkey.init b/meta-webserver/recipes-httpd/monkey/files/monkey.init
new file mode 100644
index 000000000..40b21182e
--- /dev/null
+++ b/meta-webserver/recipes-httpd/monkey/files/monkey.init
@@ -0,0 +1,34 @@
+#!/bin/sh
+
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+DAEMON=/usr/bin/monkey
+NAME=monkey
+DESC="Monkey HTTP Server"
+OPTS="--daemon"
+
+case "$1" in
+  start)
+        echo -n "Starting $DESC: "
+        start-stop-daemon --start -x "$DAEMON" -- $OPTS
+        echo "$NAME."
+        ;;
+  stop)
+        echo -n "Stopping $DESC: "
+        start-stop-daemon --stop -x "$DAEMON"
+        echo "$NAME."
+        ;;
+  restart|force-reload)
+        echo -n "Restarting $DESC: "
+        start-stop-daemon --stop -x "$DAEMON"
+        sleep 1
+        start-stop-daemon --start -x "$DAEMON" -- $OPTS
+        echo "$NAME."
+        ;;
+  *)
+        N=/etc/init.d/$NAME
+        echo "Usage: $N {start|stop|restart|force-reload}" >&2
+        exit 1
+        ;;
+esac
+
+exit 0
diff --git a/meta-webserver/recipes-httpd/monkey/files/monkey.service b/meta-webserver/recipes-httpd/monkey/files/monkey.service
new file mode 100644
index 000000000..f9aa57f91
--- /dev/null
+++ b/meta-webserver/recipes-httpd/monkey/files/monkey.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=Monkey HTTP Server
+After=network.target remote-fs.target
+
+[Service]
+Type=forking
+ExecStart=/usr/bin/monkey --daemon
+PIDFile=/var/run/monkey.pid.2001
+TimeoutSec=10
+
+[Install]
+WantedBy=multi-user.target
diff --git a/meta-webserver/recipes-httpd/monkey/monkey_1.5.4.bb b/meta-webserver/recipes-httpd/monkey/monkey_1.5.4.bb
new file mode 100644
index 000000000..a4963afcd
--- /dev/null
+++ b/meta-webserver/recipes-httpd/monkey/monkey_1.5.4.bb
@@ -0,0 +1,64 @@
+SUMMARY = "Fast and Lightweight HTTP Server for Linux"
+HOMEPAGE = "http://monkey-project.com"
+BUGTRACKER = "https://github.com/monkey/monkey/issues"
+
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=2ee41112a44fe7014dce33e26468ba93"
+
+SECTION = "net"
+
+SRC_URI = "http://monkey-project.com/releases/1.5/monkey-${PV}.tar.gz \
+           file://monkey.service \
+           file://monkey.init"
+
+SRC_URI[md5sum] = "b794724ac38cfedee2a5d27c175bc87e"
+SRC_URI[sha256sum] = "662bbafc614d32f645059e6e00258fed640665594f5b7f11cf4c4763cf09ddcf"
+
+EXTRA_OECONF = "--plugdir=${libdir}/monkey/ \
+                --logdir=${localstatedir}/log/monkey/ \
+                --pidfile=${localstatedir}/run/monkey.pid \
+                --default-user=www-data \
+                --datadir=${localstatedir}/www/monkey/ \
+                --sysconfdir=${sysconfdir}/monkey/ \
+                --enable-plugins=* \
+                --disable-plugins=polarssl \
+                --debug \
+                --malloc-libc"
+
+inherit autotools-brokensep pkgconfig update-rc.d systemd
+
+INITSCRIPT_NAME = "monkey"
+INITSCRIPT_PARAMS = "defaults 70"
+
+SYSTEMD_SERVICE_${PN} = "monkey.service"
+
+FILES_${PN} += "${localstatedir}/www/monkey/"
+
+CONFFILES_${PN} = "${sysconfdir}/monkey/monkey.conf \
+                   ${sysconfdir}/monkey/sites/default \
+                   ${sysconfdir}/monkey/monkey.mime \
+                   ${sysconfdir}/monkey/plugins.load \
+                   ${sysconfdir}/monkey/plugins/proxy_reverse/proxy_reverse.conf \
+                   ${sysconfdir}/monkey/plugins/mandril/mandril.conf \
+                   ${sysconfdir}/monkey/plugins/fastcgi/fastcgi.conf \
+                   ${sysconfdir}/monkey/plugins/logger/logger.conf \
+                   ${sysconfdir}/monkey/plugins/cgi/cgi.conf \
+                   ${sysconfdir}/monkey/plugins/cheetah/cheetah.conf \
+                   ${sysconfdir}/monkey/plugins/dirlisting/dirhtml.conf \
+                   ${sysconfdir}/monkey/plugins/dirlisting/themes/guineo/header.theme \
+                   ${sysconfdir}/monkey/plugins/dirlisting/themes/guineo/footer.theme \
+                   ${sysconfdir}/monkey/plugins/dirlisting/themes/guineo/entry.theme \
+                   ${sysconfdir}/monkey/plugins/auth/README \
+                   ${sysconfdir}/monkey/plugins/auth/monkey.users \
+                   "
+
+do_install_append() {
+
+    mkdir -p ${D}${sysconfdir}/init.d
+    install -m 0755 ${WORKDIR}/monkey.init ${D}${sysconfdir}/init.d/monkey
+
+    if ${@base_contains('DISTRO_FEATURES','systemd','true','false',d)}; then
+        install -d ${D}${systemd_unitdir}/system
+        install -m 644 ${WORKDIR}/monkey.service ${D}/${systemd_unitdir}/system
+    fi
+}
diff --git a/meta-webserver/recipes-httpd/nginx/files/nginx-cross.patch b/meta-webserver/recipes-httpd/nginx/files/nginx-cross.patch
new file mode 100644
index 000000000..5f899a1d8
--- /dev/null
+++ b/meta-webserver/recipes-httpd/nginx/files/nginx-cross.patch
@@ -0,0 +1,217 @@
+We do not have capability to run binaries when cross compiling
+
+Upstream-Status: Pending
+
+
+diff -uraN nginx-1.0.11.orig/auto/feature nginx-1.0.11/auto/feature
+--- nginx-1.0.11.orig/auto/feature      2011-05-11 06:50:19.000000000 -0500
++++ nginx-1.0.11/auto/feature   2011-12-27 13:56:42.323370040 -0600
+@@ -48,12 +48,20 @@
+ 
+ if [ -x $NGX_AUTOTEST ]; then
+ 
++    if [ ".$NGX_CROSS_COMPILE" = ".yes" ]; then
++        NGX_AUTOTEST_EXEC="true"
++       NGX_FOUND_MSG=" (not tested, cross compiling)"
++    else
++        NGX_AUTOTEST_EXEC="$NGX_AUTOTEST"
++       NGX_FOUND_MSG=""
++    fi
++
+     case "$ngx_feature_run" in
+ 
+         yes)
+             # /bin/sh is used to intercept "Killed" or "Abort trap" messages
+-            if /bin/sh -c $NGX_AUTOTEST >> $NGX_AUTOCONF_ERR 2>&1; then
+-                echo " found"
++            if /bin/sh -c $NGX_AUTOTEST_EXEC >> $NGX_AUTOCONF_ERR 2>&1; then
++                echo " found$NGX_FOUND_MSG"
+                 ngx_found=yes
+ 
+                 if test -n "$ngx_feature_name"; then
+@@ -67,17 +75,27 @@
+ 
+         value)
+             # /bin/sh is used to intercept "Killed" or "Abort trap" messages
+-            if /bin/sh -c $NGX_AUTOTEST >> $NGX_AUTOCONF_ERR 2>&1; then
+-                echo " found"
++            if /bin/sh -c $NGX_AUTOTEST_EXEC >> $NGX_AUTOCONF_ERR 2>&1; then
++                echo " found$NGX_FOUND_MSG"
+                 ngx_found=yes
+ 
+-                cat << END >> $NGX_AUTO_CONFIG_H
++                if [ ".$NGX_CROSS_COMPILE" = ".yes" ]; then
++                    cat << END >> $NGX_AUTO_CONFIG_H
+ 
+ #ifndef $ngx_feature_name
+-#define $ngx_feature_name  `$NGX_AUTOTEST`
++#define $ngx_feature_name  $(eval "echo \$NGX_WITH_${ngx_feature_name}")
+ #endif
+ 
+ END
++               else
++                    cat << END >> $NGX_AUTO_CONFIG_H
++
++#ifndef $ngx_feature_name
++#define $ngx_feature_name  `$NGX_AUTOTEST_EXEC`
++#endif
++
++END
++                fi
+             else
+                 echo " found but is not working"
+             fi
+@@ -85,7 +103,7 @@
+ 
+         bug)
+             # /bin/sh is used to intercept "Killed" or "Abort trap" messages
+-            if /bin/sh -c $NGX_AUTOTEST >> $NGX_AUTOCONF_ERR 2>&1; then
++            if /bin/sh -c $NGX_AUTOTEST_EXEC >> $NGX_AUTOCONF_ERR 2>&1; then
+                 echo " not found"
+ 
+             else
+diff -uraN nginx-1.0.11.orig/auto/options nginx-1.0.11/auto/options
+--- nginx-1.0.11.orig/auto/options      2011-12-14 07:34:16.000000000 -0600
++++ nginx-1.0.11/auto/options   2011-12-27 13:56:42.323370040 -0600
+@@ -289,6 +289,18 @@
+         --test-build-rtsig)              NGX_TEST_BUILD_RTSIG=YES   ;;
+         --test-build-solaris-sendfilev)  NGX_TEST_BUILD_SOLARIS_SENDFILEV=YES ;;
+ 
++        # cross compile support
++        --with-int=*)                    NGX_WITH_INT="$value"          ;;
++        --with-long=*)                   NGX_WITH_LONG="$value"         ;;
++        --with-long-long=*)              NGX_WITH_LONG_LONG="$value"    ;;
++        --with-ptr-size=*)               NGX_WITH_PTR_SIZE="$value"     ;;
++        --with-sig-atomic-t=*)           NGX_WITH_SIG_ATOMIC_T="$value" ;;
++        --with-size-t=*)                 NGX_WITH_SIZE_T="$value"       ;;
++        --with-off-t=*)                  NGX_WITH_OFF_T="$value"        ;;
++        --with-time-t=*)                 NGX_WITH_TIME_T="$value"       ;;
++        --with-sys-nerr=*)               NGX_WITH_NGX_SYS_NERR="$value" ;;
++        --with-endian=*)                 NGX_WITH_ENDIAN="$value"       ;;
++
+         *)
+             echo "$0: error: invalid option \"$option\""
+             exit 1
+@@ -434,6 +446,17 @@
+ 
+   --with-debug                       enable debug logging
+ 
++  --with-int=VALUE                   force int size
++  --with-long=VALUE                  force long size
++  --with-long-long=VALUE             force long long size
++  --with-ptr-size=VALUE              force pointer size
++  --with-sig-atomic-t=VALUE          force sig_atomic_t size
++  --with-size-t=VALUE                force size_t size
++  --with-off-t=VALUE                 force off_t size
++  --with-time-t=VALUE                force time_t size
++  --with-sys-nerr=VALUE              force sys_nerr value
++  --with-endian=VALUE                force system endianess
++
+ END
+ 
+     exit 1
+@@ -455,6 +478,8 @@
+ 
+ if [ ".$NGX_PLATFORM" = ".win32" ]; then
+     NGX_WINE=$WINE
++elif [ ! -z "$NGX_PLATFORM" ]; then
++    NGX_CROSS_COMPILE="yes"
+ fi
+ 
+ 
+diff -uraN nginx-1.0.11.orig/auto/types/sizeof nginx-1.0.11/auto/types/sizeof
+--- nginx-1.0.11.orig/auto/types/sizeof 2006-06-28 11:00:26.000000000 -0500
++++ nginx-1.0.11/auto/types/sizeof      2011-12-27 13:56:42.323370040 -0600
+@@ -11,9 +11,12 @@
+ 
+ END
+ 
+-ngx_size=
++ngx_size=$(eval "echo \$NGX_WITH_${ngx_param}")
+ 
+-cat << END > $NGX_AUTOTEST.c
++if [ ".$ngx_size" != "." ]; then
++    echo " $ngx_size bytes"
++else
++    cat << END > $NGX_AUTOTEST.c
+ 
+ #include <sys/types.h>
+ #include <sys/time.h>
+@@ -31,19 +34,20 @@
+ END
+ 
+ 
+-ngx_test="$CC $CC_TEST_FLAGS $CC_AUX_FLAGS \
+-          -o $NGX_AUTOTEST $NGX_AUTOTEST.c $NGX_LD_OPT $ngx_feature_libs"
++    ngx_test="$CC $CC_TEST_FLAGS $CC_AUX_FLAGS \
++              -o $NGX_AUTOTEST $NGX_AUTOTEST.c $NGX_LD_OPT $ngx_feature_libs"
+ 
+-eval "$ngx_test >> $NGX_AUTOCONF_ERR 2>&1"
++    eval "$ngx_test >> $NGX_AUTOCONF_ERR 2>&1"
+ 
+ 
+-if [ -x $NGX_AUTOTEST ]; then
+-    ngx_size=`$NGX_AUTOTEST`
+-    echo " $ngx_size bytes"
+-fi
++    if [ -x $NGX_AUTOTEST ]; then
++        ngx_size=`$NGX_AUTOTEST`
++        echo " $ngx_size bytes"
++    fi
+ 
+ 
+-rm -f $NGX_AUTOTEST
++    rm -f $NGX_AUTOTEST
++fi
+ 
+ 
+ case $ngx_size in
+diff -uraN nginx-1.0.11.orig/auto/unix nginx-1.0.11/auto/unix
+--- nginx-1.0.11.orig/auto/unix 2011-12-14 07:34:16.000000000 -0600
++++ nginx-1.0.11/auto/unix      2011-12-27 13:56:42.327370060 -0600
+@@ -393,13 +393,13 @@
+ 
+ # C types
+ 
+-ngx_type="int"; . auto/types/sizeof
++ngx_type="int"; ngx_param="INT"; . auto/types/sizeof
+ 
+-ngx_type="long"; . auto/types/sizeof
++ngx_type="long"; ngx_param="LONG"; . auto/types/sizeof
+ 
+-ngx_type="long long"; . auto/types/sizeof
++ngx_type="long long"; ngx_param="LONG_LONG"; . auto/types/sizeof
+ 
+-ngx_type="void *"; . auto/types/sizeof; ngx_ptr_size=$ngx_size
++ngx_type="void *"; ngx_param="PTR_SIZE"; . auto/types/sizeof; ngx_ptr_size=$ngx_size
+ ngx_param=NGX_PTR_SIZE; ngx_value=$ngx_size; . auto/types/value
+ 
+ 
+@@ -416,7 +416,7 @@
+ 
+ ngx_type="uint64_t"; ngx_types="u_int64_t"; . auto/types/typedef
+ 
+-ngx_type="sig_atomic_t"; ngx_types="int"; . auto/types/typedef
++ngx_type="sig_atomic_t"; ngx_param="SIG_ATOMIC_T"; ngx_types="int"; . auto/types/typedef
+ . auto/types/sizeof
+ ngx_param=NGX_SIG_ATOMIC_T_SIZE; ngx_value=$ngx_size; . auto/types/value
+ 
+@@ -432,15 +432,15 @@
+ 
+ . auto/endianess
+ 
+-ngx_type="size_t"; . auto/types/sizeof
++ngx_type="size_t"; ngx_param="SIZE_T"; . auto/types/sizeof
+ ngx_param=NGX_MAX_SIZE_T_VALUE; ngx_value=$ngx_max_value; . auto/types/value
+ ngx_param=NGX_SIZE_T_LEN; ngx_value=$ngx_max_len; . auto/types/value
+ 
+-ngx_type="off_t"; . auto/types/sizeof
++ngx_type="off_t"; ngx_param="OFF_T"; . auto/types/sizeof
+ ngx_param=NGX_MAX_OFF_T_VALUE; ngx_value=$ngx_max_value; . auto/types/value
+ ngx_param=NGX_OFF_T_LEN; ngx_value=$ngx_max_len; . auto/types/value
+ 
+-ngx_type="time_t"; . auto/types/sizeof
++ngx_type="time_t"; ngx_param="TIME_T"; . auto/types/sizeof
+ ngx_param=NGX_TIME_T_SIZE; ngx_value=$ngx_size; . auto/types/value
+ ngx_param=NGX_TIME_T_LEN; ngx_value=$ngx_max_len; . auto/types/value
+ 
diff --git a/meta-webserver/recipes-httpd/nginx/files/nginx-volatile.conf b/meta-webserver/recipes-httpd/nginx/files/nginx-volatile.conf
new file mode 100644
index 000000000..93f3c6634
--- /dev/null
+++ b/meta-webserver/recipes-httpd/nginx/files/nginx-volatile.conf
@@ -0,0 +1,2 @@
+d www www-data 0755 /run/nginx none
+d root root 0755 /var/log/nginx none
diff --git a/meta-webserver/recipes-httpd/nginx/files/nginx.conf b/meta-webserver/recipes-httpd/nginx/files/nginx.conf
new file mode 100644
index 000000000..fb7e4b65d
--- /dev/null
+++ b/meta-webserver/recipes-httpd/nginx/files/nginx.conf
@@ -0,0 +1,118 @@
+
+user  www-data;
+worker_processes  1;
+
+error_log  /var/log/nginx/error.log;
+#error_log  logs/error.log  notice;
+#error_log  logs/error.log  info;
+
+pid        /run/nginx/nginx.pid;
+
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    #keepalive_timeout  0;
+    keepalive_timeout  65;
+
+    #gzip  on;
+
+    server {
+        listen       80;
+        server_name  localhost;
+
+        #charset koi8-r;
+
+        #access_log  logs/host.access.log  main;
+
+        location / {
+            root   /var/www/localhost/html;
+            index  index.html index.htm;
+        }
+
+        #error_page  404              /404.html;
+
+        # redirect server error pages to the static page /50x.html
+        #
+        error_page   500 502 503 504  /50x.html;
+        location = /50x.html {
+            root   /var/www/localhost/html;
+        }
+
+        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
+        #
+        #location ~ \.php$ {
+        #    proxy_pass   http://127.0.0.1;
+        #}
+
+        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+        #
+        #location ~ \.php$ {
+        #    root           html;
+        #    fastcgi_pass   127.0.0.1:9000;
+        #    fastcgi_index  index.php;
+        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
+        #    include        fastcgi_params;
+        #}
+
+        # deny access to .htaccess files, if Apache's document root
+        # concurs with nginx's one
+        #
+        #location ~ /\.ht {
+        #    deny  all;
+        #}
+    }
+
+
+    # another virtual host using mix of IP-, name-, and port-based configuration
+    #
+    #server {
+    #    listen       8000;
+    #    listen       somename:8080;
+    #    server_name  somename  alias  another.alias;
+
+    #    location / {
+    #        root   html;
+    #        index  index.html index.htm;
+    #    }
+    #}
+
+
+    # HTTPS server
+    #
+    #server {
+    #    listen       443;
+    #    server_name  localhost;
+
+    #    ssl                  on;
+    #    ssl_certificate      cert.pem;
+    #    ssl_certificate_key  cert.key;
+
+    #    ssl_session_timeout  5m;
+
+    #    ssl_protocols  SSLv2 SSLv3 TLSv1;
+    #    ssl_ciphers  HIGH:!aNULL:!MD5;
+    #    ssl_prefer_server_ciphers   on;
+
+    #    location / {
+    #        root   html;
+    #        index  index.html index.htm;
+    #    }
+    #}
+
+}
diff --git a/meta-webserver/recipes-httpd/nginx/files/nginx.init b/meta-webserver/recipes-httpd/nginx/files/nginx.init
new file mode 100755
index 000000000..0f38b9cdb
--- /dev/null
+++ b/meta-webserver/recipes-httpd/nginx/files/nginx.init
@@ -0,0 +1,52 @@
+#! /bin/sh
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+DAEMON=/usr/sbin/nginx
+NAME=nginx
+DESC=nginx
+PID=/var/run/nginx/nginx.pid
+
+test -x $DAEMON || exit 0
+
+# Include nginx defaults if available
+if [ -f /etc/default/nginx ] ; then
+        . /etc/default/nginx
+fi
+
+set -e
+
+case "$1" in
+  start)
+        echo -n "Starting $DESC: "
+        start-stop-daemon --start --quiet --pidfile $PID \
+                --name $NAME --exec $DAEMON -- $DAEMON_OPTS
+        echo "$NAME."
+        ;;
+  stop)
+        echo -n "Stopping $DESC: "
+        start-stop-daemon -K --quiet --pidfile $PID \
+                --name $NAME
+        echo "$NAME."
+        ;;
+  restart|force-reload)
+        echo -n "Restarting $DESC: "
+        start-stop-daemon -K --quiet --pidfile $PID \
+                --name $NAME
+        sleep 1
+        start-stop-daemon --start --quiet --pidfile $PID \
+                --name $NAME --exec $DAEMON -- $DAEMON_OPTS
+        echo "$NAME."
+        ;;
+  reload)
+      echo -n "Reloading $DESC configuration: "
+      start-stop-daemon --stop --signal HUP --quiet --pidfile $PID \
+          --exec $DAEMON
+      echo "$NAME."
+      ;;
+  *)
+        N=/etc/init.d/$NAME
+        echo "Usage: $N {start|stop|restart|force-reload}" >&2
+        exit 1
+        ;;
+esac
+
+exit 0
diff --git a/meta-webserver/recipes-httpd/nginx/nginx_1.4.4.bb b/meta-webserver/recipes-httpd/nginx/nginx_1.4.4.bb
new file mode 100644
index 000000000..e78ed34dd
--- /dev/null
+++ b/meta-webserver/recipes-httpd/nginx/nginx_1.4.4.bb
@@ -0,0 +1,117 @@
+SUMMARY = "HTTP and reverse proxy server"
+
+DESCRIPTION = "Nginx is a web server and a reverse proxy server for \
+HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high  \
+concurrency, performance and low memory usage."
+
+HOMEPAGE = "http://nginx.org/"
+LICENSE = "BSD-2-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=917bfdf005ffb6fd025550414ff05a9f"
+SECTION = "net"
+
+DEPENDS = "libpcre gzip openssl"
+
+SRC_URI = " \
+        http://nginx.org/download/nginx-${PV}.tar.gz \
+        file://nginx-cross.patch \
+        file://nginx.conf \
+        file://nginx.init \
+        file://nginx-volatile.conf \
+"
+SRC_URI[md5sum] = "5dfaba1cbeae9087f3949860a02caa9f"
+SRC_URI[sha256sum] = "7c989a58e5408c9593da0bebcd0e4ffc3d892d1316ba5042ddb0be5b0b4102b9"
+
+inherit update-rc.d useradd
+
+do_configure () {
+        if [ "${SITEINFO_BITS}" = "64" ]; then
+                PTRSIZE=8
+        else
+                PTRSIZE=4
+        fi
+
+        echo $CFLAGS
+        echo $LDFLAGS
+
+        ./configure \
+        --crossbuild=Linux:${TUNE_ARCH} \
+        --with-endian=${@base_conditional('SITEINFO_ENDIANNESS', 'le', 'little', 'big', d)} \
+        --with-int=4 \
+        --with-long=${PTRSIZE} \
+        --with-long-long=8 \
+        --with-ptr-size=${PTRSIZE} \
+        --with-sig-atomic-t=${PTRSIZE} \
+        --with-size-t=${PTRSIZE} \
+        --with-off-t=${PTRSIZE} \
+        --with-time-t=${PTRSIZE} \
+        --with-sys-nerr=132 \
+        --conf-path=${sysconfdir}/nginx/nginx.conf \
+        --http-log-path=${localstatedir}/log/nginx/access.log \
+        --error-log-path=${localstatedir}/log/nginx/error.log \
+        --pid-path=/run/nginx/nginx.pid \
+        --prefix=${prefix} \
+        --with-http_ssl_module \
+        --with-http_gzip_static_module
+}
+
+do_install () {
+        oe_runmake 'DESTDIR=${D}' install
+        rm -fr ${D}${localstatedir}/run ${D}/run
+        if ${@base_contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+                install -d ${D}${sysconfdir}/tmpfiles.d
+                echo "d /run/${BPN} - - - -" \
+                     > ${D}${sysconfdir}/tmpfiles.d/${BPN}.conf
+        fi
+        install -d ${D}${sysconfdir}/${BPN}
+        ln -snf ${localstatedir}/run/${BPN} ${D}${sysconfdir}/${BPN}/run
+        install -d ${D}${localstatedir}/www/localhost
+        mv ${D}/usr/html ${D}${localstatedir}/www/localhost/
+        chown www:www-data -R ${D}${localstatedir}
+
+        install -d ${D}${sysconfdir}/init.d
+        install -m 0755 ${WORKDIR}/nginx.init ${D}${sysconfdir}/init.d/nginx
+        sed -i 's,/usr/sbin/,${sbindir}/,g' ${D}${sysconfdir}/init.d/nginx
+        sed -i 's,/etc/,${sysconfdir}/,g'  ${D}${sysconfdir}/init.d/nginx
+
+        install -d ${D}${sysconfdir}/nginx
+        install -m 0644 ${WORKDIR}/nginx.conf ${D}${sysconfdir}/nginx/nginx.conf
+        sed -i 's,/var/,${localstatedir}/,g' ${D}${sysconfdir}/nginx/nginx.conf
+        install -d ${D}${sysconfdir}/nginx/sites-enabled
+
+        install -d ${D}${sysconfdir}/default/volatiles
+        install -m 0644 ${WORKDIR}/nginx-volatile.conf ${D}${sysconfdir}/default/volatiles/99_nginx
+        sed -i 's,/var/,${localstatedir}/,g' ${D}${sysconfdir}/default/volatiles/99_nginx
+}
+
+pkg_postinst_${PN} () {
+        if [ -z "$D" ]; then
+                if type systemd-tmpfiles >/dev/null; then
+                        systemd-tmpfiles --create
+                elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then
+                        ${sysconfdir}/init.d/populate-volatile.sh update
+                fi
+        fi
+}
+
+FILES_${PN} += "${localstatedir}/"
+
+CONFFILES_${PN} = "${sysconfdir}/nginx/nginx.conf \
+                ${sysconfdir}/nginx/fastcgi.conf\
+                ${sysconfdir}/nginx/fastcgi_params \
+                ${sysconfdir}/nginx/koi-utf \
+                ${sysconfdir}/nginx/koi-win \
+                ${sysconfdir}/nginx/mime.types \
+                ${sysconfdir}/nginx/scgi_params \
+                ${sysconfdir}/nginx/uwsgi_params \
+                ${sysconfdir}/nginx/win-utf \
+"
+
+INITSCRIPT_NAME = "nginx"
+INITSCRIPT_PARAMS = "defaults 92 20"
+
+USERADD_PACKAGES = "${PN}"
+USERADD_PARAM_${PN} = " \
+    --system --no-create-home \
+    --home ${localstatedir}/www/localhost \
+    --groups www-data \
+    --user-group www"
diff --git a/meta-webserver/recipes-httpd/nostromo/files/0001-GNUmakefile-add-possibility-to-override-variables.patch b/meta-webserver/recipes-httpd/nostromo/files/0001-GNUmakefile-add-possibility-to-override-variables.patch
new file mode 100644
index 000000000..7cf011b1c
--- /dev/null
+++ b/meta-webserver/recipes-httpd/nostromo/files/0001-GNUmakefile-add-possibility-to-override-variables.patch
@@ -0,0 +1,141 @@
+From 7fa0d31ec5c0be9dca84a03851b2d44f61527ec8 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eric=20B=C3=A9nard?= <eric@eukrea.com>
+Date: Sun, 4 Dec 2011 16:01:04 +0100
+Subject: [PATCH] GNUmakefile: add possibility to override variables
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+this is useful for cross compilation
+
+Signed-off-by: Eric Bénard <eric@eukrea.com>
+---
+Upstream-Status: Inappropriate [embedded specific]
+ src/libbsd/GNUmakefile |   10 +++++-----
+ src/libmy/GNUmakefile  |   26 +++++++++++++-------------
+ src/nhttpd/GNUmakefile |   12 ++++++------
+ src/tools/GNUmakefile  |    8 ++++----
+ 4 files changed, 28 insertions(+), 28 deletions(-)
+
+diff --git a/src/libbsd/GNUmakefile b/src/libbsd/GNUmakefile
+index e2d01a3..b034bc6 100644
+--- a/src/libbsd/GNUmakefile
++++ b/src/libbsd/GNUmakefile
+@@ -1,12 +1,12 @@
+-CCFLAGS = -O2 -pipe -Wall -Werror -Wstrict-prototypes -c
++CFLAGS := -O2 -pipe -Wall -Werror -Wstrict-prototypes -c
+ 
+ libbsd.a:      strlcpy.o strlcat.o
+-               ar -r libbsd.a strlcpy.o strlcat.o
+-               ranlib libbsd.a
++               $(AR) -r libbsd.a strlcpy.o strlcat.o
++               $(RANLIB) libbsd.a
+ 
+ strlcpy.o:     strlcpy.c
+-               cc ${CCFLAGS} strlcpy.c
++               $(CC) $(CFLAGS) strlcpy.c
+ strlcat.o:     strlcat.c
+-               cc ${CCFLAGS} strlcat.c
++               $(CC) $(CFLAGS) strlcat.c
+ clean:
+                rm -f libbsd.a *.o
+diff --git a/src/libmy/GNUmakefile b/src/libmy/GNUmakefile
+index ce90dd9..891ffea 100644
+--- a/src/libmy/GNUmakefile
++++ b/src/libmy/GNUmakefile
+@@ -1,30 +1,30 @@
+-CCFLAGS = -O2 -Wall -Werror -Wstrict-prototypes -c
++CFLAGS := -O2 -Wall -Werror -Wstrict-prototypes -c
+ 
+ libmy.a:       strcutl.o strcutw.o strcuts.o strcuti.o strcutf.o flog.o flogd.o fparse.o strlower.o strb64d.o
+-               ar -r libmy.a strcutl.o strcutw.o strcuts.o strcuti.o strcutf.o flog.o flogd.o fparse.o strlower.o strb64d.o
+-               ranlib libmy.a
++               $(AR) -r libmy.a strcutl.o strcutw.o strcuts.o strcuti.o strcutf.o flog.o flogd.o fparse.o strlower.o strb64d.o
++               $(RANLIB) libmy.a
+ 
+ strcutl.o:     strcutl.c
+-               cc ${CCFLAGS} strcutl.c
++               $(CC) $(CFLAGS) strcutl.c
+ strcutw.o:     strcutw.c
+-               cc ${CCFLAGS} strcutw.c
++               $(CC) $(CFLAGS) strcutw.c
+ strcuts.o:     strcuts.c
+-               cc ${CCFLAGS} strcuts.c
++               $(CC) $(CFLAGS) strcuts.c
+ strcuti.o:     strcuti.c
+-               cc ${CCFLAGS} strcuti.c
++               $(CC) $(CFLAGS) strcuti.c
+ strcutf.o:     strcutf.c
+-               cc ${CCFLAGS} strcutf.c
++               $(CC) $(CFLAGS) strcutf.c
+ strlower.o:    strlower.c
+-               cc ${CCFLAGS} strlower.c
++               $(CC) $(CFLAGS) strlower.c
+ strb64d.o:     strb64d.c
+-               cc ${CCFLAGS} strb64d.c
++               $(CC) $(CFLAGS) strb64d.c
+ 
+ flog.o:                flog.c
+-               cc ${CCFLAGS} flog.c
++               $(CC) $(CFLAGS) flog.c
+ flogd.o:       flogd.c
+-               cc ${CCFLAGS} flogd.c
++               $(CC) $(CFLAGS) flogd.c
+ fparse.o:      fparse.c
+-               cc ${CCFLAGS} fparse.c
++               $(CC) $(CFLAGS) fparse.c
+ 
+ clean:
+                rm -f libmy.a *.o
+diff --git a/src/nhttpd/GNUmakefile b/src/nhttpd/GNUmakefile
+index f6d12de..9524911 100644
+--- a/src/nhttpd/GNUmakefile
++++ b/src/nhttpd/GNUmakefile
+@@ -1,18 +1,18 @@
+-CCFLAGS = -O2 -pipe -Wall -Wstrict-prototypes -c
++CFLAGS := -O2 -pipe -Wall -Wstrict-prototypes -c
+ 
+ nhttpd:        main.o http.o sys.o
+-       cc -L../libmy -L../libbsd -o nhttpd main.o http.o sys.o -lmy -lbsd -lssl -lcrypt
+-       strip nhttpd
++       $(CC) -L../libmy -L../libbsd -o nhttpd main.o http.o sys.o -lmy -lbsd -lssl -lcrypt
++#      $(STRIP) nhttpd
+        nroff -Tascii -c -mandoc nhttpd.8 > nhttpd.cat8
+ 
+ main.o:        main.c
+-       cc ${CCFLAGS} main.c
++       $(CC) $(CFLAGS) main.c
+ 
+ http.o:        http.c
+-       cc ${CCFLAGS} http.c
++       $(CC) $(CFLAGS) http.c
+ 
+ sys.o: sys.c
+-       cc ${CCFLAGS} sys.c
++       $(CC) $(CFLAGS) sys.c
+ 
+ clean:
+        rm -f nhttpd nhttpd.cat8 *.o
+diff --git a/src/tools/GNUmakefile b/src/tools/GNUmakefile
+index 15bea61..663ddb5 100644
+--- a/src/tools/GNUmakefile
++++ b/src/tools/GNUmakefile
+@@ -1,11 +1,11 @@
+-CCFLAGS = -O2 -pipe -Wall -Werror -Wstrict-prototypes -c
++CCFLAGS := -O2 -pipe -Wall -Werror -Wstrict-prototypes
+ 
+ crypt:         crypt.o
+-               cc -o crypt crypt.o -lcrypt
+-               strip crypt
++               $(CC) $(CFLAGS) -o crypt crypt.o -lcrypt
++#              $(STRIP) crypt
+ 
+ crypt.o:       crypt.c
+-               cc ${CCFLAGS} crypt.c
++               $(CC) $(CFLAGS) -c crypt.c
+ 
+ clean:
+                rm -f crypt *.o
+-- 
+1.7.6.4
+
diff --git a/meta-webserver/recipes-httpd/nostromo/files/nhttpd.conf b/meta-webserver/recipes-httpd/nostromo/files/nhttpd.conf
new file mode 100644
index 000000000..6674bb696
--- /dev/null
+++ b/meta-webserver/recipes-httpd/nostromo/files/nhttpd.conf
@@ -0,0 +1,55 @@
+# MAIN [MANDATORY]
+
+servername              localhost
+#servername             www.nazgul.ch:8080
+serverlisten            *
+#serverlisten           81.221.21.250 127.0.0.1 ::1
+serveradmin             webmaster@localhost
+serverroot              /var/nostromo
+servermimes             /var/nostromo/conf/mimes
+docroot                 /var/nostromo/htdocs
+docindex                index.html
+
+# LOGS [OPTIONAL]
+
+logpid                  /var/run/nostromo/nhttpd.pid
+#logaccess              /var/log/nostromo/access_log
+
+# SETUID [RECOMMENDED]
+
+user                    www-data
+
+# BASIC AUTHENTICATION [OPTIONAL]
+
+#htaccess               .htaccess
+#htpasswd               /var/nostromo/conf/.htpasswd
+#htpasswd               +bsdauth
+#htpasswd               +bsdauthnossl
+
+# SSL [OPTIONAL]
+
+#sslport                443
+#sslcert                /etc/ssl/server.crt
+#sslcertkey             /etc/ssl/server.key
+
+# CUSTOM RESPONSES [OPTIONAL]
+#
+# The custom responses are searched in the corresponding document root.
+
+#custom_401             custom_401.html
+#custom_403             custom_403.html
+#custom_404             custom_404.html
+
+# ALIASES [OPTIONAL]
+
+/icons                  /var/nostromo/icons
+
+# VIRTUAL HOSTS [OPTIONAL]
+
+#www.rahel.ch           /var/nostromo/htdocs/www.rahel.ch
+#www.rahel.ch:8080      /var/nostromo/htdocs/www.rahel.ch
+
+# HOMEDIRS [OPTIONAL]
+
+#homedirs               /home
+#homedirs_public        public_www
diff --git a/meta-webserver/recipes-httpd/nostromo/files/nostromo b/meta-webserver/recipes-httpd/nostromo/files/nostromo
new file mode 100644
index 000000000..8a2886882
--- /dev/null
+++ b/meta-webserver/recipes-httpd/nostromo/files/nostromo
@@ -0,0 +1,34 @@
+#!/bin/sh
+
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+DAEMON=nhttpd
+NAME=nhttpd
+DESC="Nostromo Web Server"
+OPTS="-c /etc/nhttpd.conf"
+
+case "$1" in
+  start)
+        echo -n "Starting $DESC: "
+        start-stop-daemon --start -x "$DAEMON" -- $OPTS
+        echo "$NAME."
+        ;;
+  stop)
+        echo -n "Stopping $DESC: "
+        start-stop-daemon --stop -x "$DAEMON"
+        echo "$NAME."
+        ;;
+  restart|force-reload)
+        echo -n "Restarting $DESC: "
+        start-stop-daemon --stop -x "$DAEMON"
+        sleep 1
+        start-stop-daemon --start -x "$DAEMON" -- $OPTS
+        echo "$NAME."
+        ;;
+  *)
+        N=/etc/init.d/$NAME
+        echo "Usage: $N {start|stop|restart|force-reload}" >&2
+        exit 1
+        ;;
+esac
+
+exit 0
diff --git a/meta-webserver/recipes-httpd/nostromo/files/tmpfiles.conf b/meta-webserver/recipes-httpd/nostromo/files/tmpfiles.conf
new file mode 100644
index 000000000..b7a9f4886
--- /dev/null
+++ b/meta-webserver/recipes-httpd/nostromo/files/tmpfiles.conf
@@ -0,0 +1 @@
+d /run/nostromo - www-data www-data -
diff --git a/meta-webserver/recipes-httpd/nostromo/files/volatiles b/meta-webserver/recipes-httpd/nostromo/files/volatiles
new file mode 100644
index 000000000..40924960c
--- /dev/null
+++ b/meta-webserver/recipes-httpd/nostromo/files/volatiles
@@ -0,0 +1,2 @@
+d www-data www-data 0775 /var/run/nostromo none
+d www-data www-data 0775 /var/log/nostromo none
diff --git a/meta-webserver/recipes-httpd/nostromo/nostromo_1.9.5.bb b/meta-webserver/recipes-httpd/nostromo/nostromo_1.9.5.bb
new file mode 100644
index 000000000..fe860ec9a
--- /dev/null
+++ b/meta-webserver/recipes-httpd/nostromo/nostromo_1.9.5.bb
@@ -0,0 +1,69 @@
+SUMMARY = "A simple, fast and secure HTTP server"
+HOMEPAGE = "http://www.nazgul.ch/dev_nostromo.html"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://src/nhttpd/main.c;beginline=2;endline=14;md5=e5ec3fa723b29b7d59d205afd8d36938"
+
+SRC_URI = "http://www.nazgul.ch/dev/${BPN}-${PV}.tar.gz \
+           file://0001-GNUmakefile-add-possibility-to-override-variables.patch \
+           file://nhttpd.conf \
+           file://volatiles \
+           file://tmpfiles.conf \
+           file://nostromo \
+"
+
+SRC_URI[md5sum] = "dc6cfd6b5aae04c370c7f818fa7bde55"
+SRC_URI[sha256sum] = "5f62578285e02449406b46cf06a7888fe3dc4a90bedf58cc18523bad62f6b914"
+
+TARGET_CC_ARCH += "${LDFLAGS}"
+
+DEPENDS = "openssl"
+
+inherit update-rc.d useradd
+
+INITSCRIPT_NAME = "nostromo"
+INITSCRIPT_PARAMS = "defaults 70"
+
+do_compile() {
+    oe_runmake
+}
+
+# we need user/group www-data to exist when we install
+#
+USERADD_PACKAGES = "${PN}"
+USERADD_PARAM_${PN} = "--system -g www-data www-data"
+
+do_install() {
+    install -d ${D}/${sbindir}
+    install -m 0755 src/nhttpd/nhttpd ${D}/${sbindir}/nhttpd
+    install -m 0755 src/tools/crypt ${D}/${sbindir}/crypt
+    install -d ${D}/${mandir}/man8
+    install -m 0444 src/nhttpd/nhttpd.8 ${D}/${mandir}/man8/nhttpd.8
+    install -d ${D}${localstatedir}/nostromo/conf
+    install -d ${D}${localstatedir}/nostromo/htdocs/cgi-bin
+    install -d ${D}${localstatedir}/nostromo/icons
+    install -d ${D}${sysconfdir}/init.d
+    install -m 0644 conf/mimes ${D}${localstatedir}/nostromo/conf/mimes
+    install -m 0644 ${WORKDIR}/nhttpd.conf ${D}${sysconfdir}
+    install -m 0755 ${WORKDIR}/nostromo ${D}${sysconfdir}/init.d
+    install -D -m 0644 ${WORKDIR}/volatiles ${D}${sysconfdir}/default/volatiles/nostromo
+    if ${@base_contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+        install -D -m 0644 ${WORKDIR}/tmpfiles.conf ${D}${sysconfdir}/tmpfiles.d/nostromo.conf
+    fi
+    install -m 0644 htdocs/index.html ${D}${localstatedir}/nostromo/htdocs/index.html
+    install -m 0644 htdocs/nostromo.gif ${D}${localstatedir}/nostromo/htdocs/nostromo.gif
+    install -m 0644 icons/dir.gif ${D}${localstatedir}/nostromo/icons/dir.gif
+    install -m 0644 icons/file.gif ${D}${localstatedir}/nostromo/icons/file.gif
+    chown -R www-data:www-data ${D}/${localstatedir}/nostromo
+}
+
+CONFFILES_${PN} += "/var/nostromo/conf/mimes ${sysconfdir}/nhttpd.conf"
+
+pkg_postinst_${PN} () {
+    if [ -z "$D" ]; then
+        if [ -e /sys/fs/cgroup/systemd ]; then
+            systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/nostromo.conf
+        elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then
+            ${sysconfdir}/init.d/populate-volatile.sh update
+        fi
+    fi
+}
diff --git a/meta-webserver/recipes-httpd/sthttpd/sthttpd/init b/meta-webserver/recipes-httpd/sthttpd/sthttpd/init
new file mode 100644
index 000000000..f5f7b0124
--- /dev/null
+++ b/meta-webserver/recipes-httpd/sthttpd/sthttpd/init
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+### BEGIN INIT INFO
+# Provides:          thttpd
+# Required-Start:    $remote_fs $syslog
+# Required-Stop:     $remote_fs $syslog
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Small http server
+# Description:       thttpd is a simple, small, portable, fast, and secure HTTP server.
+### END INIT INFO
+
+
+thttpd=/usr/sbin/thttpd
+test -x "$thttpd" || exit 0
+
+
+case "$1" in
+  start)
+    echo -n "Starting thttpd"
+    start-stop-daemon --start --quiet --exec $thttpd -- -C @@CONFFILE
+    echo "."
+    ;;
+  stop)
+    echo -n "Stopping thttpd"
+    start-stop-daemon --stop --quiet --exec $thttpd
+    echo "."
+    ;;
+  reload|force-reload)
+    start-stop-daemon --stop --quiet --signal 1 --exec $thttpd
+    ;;
+  restart)
+    echo -n "Stopping thttpd"
+    start-stop-daemon --stop --quiet --exec $thttpd -- -C @@CONFFILE
+    echo "."
+    echo -n "Waiting for thttpd to die off"
+    for i in 1 2 3 ;
+    do
+        sleep 1
+        echo -n "."
+    done
+    echo ""
+    echo -n "Starting thttpd"
+    start-stop-daemon --start --quiet --exec $thttpd -- -C @@CONFFILE
+    echo "."
+    ;;
+  *)
+    echo "Usage: /etc/init.d/thttpd {start|stop|reload|restart|force-reload}"
+    exit 1
+esac
+
+exit 0
diff --git a/meta-webserver/recipes-httpd/sthttpd/sthttpd/thttpd.conf b/meta-webserver/recipes-httpd/sthttpd/sthttpd/thttpd.conf
new file mode 100644
index 000000000..397984f36
--- /dev/null
+++ b/meta-webserver/recipes-httpd/sthttpd/sthttpd/thttpd.conf
@@ -0,0 +1 @@
+dir=@@SRVDIR
diff --git a/meta-webserver/recipes-httpd/sthttpd/sthttpd/thttpd.service b/meta-webserver/recipes-httpd/sthttpd/sthttpd/thttpd.service
new file mode 100644
index 000000000..f1095007c
--- /dev/null
+++ b/meta-webserver/recipes-httpd/sthttpd/sthttpd/thttpd.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=Tiny/Turbo/Throttling Web Server
+
+[Service]
+Type=forking
+ExecStart=/usr/sbin/thttpd -C @@CONFFILE -c cgi-bin/* -i /var/run/thttpd.pid
+PIDFile=/var/run/thttpd.pid
+
+[Install]
+WantedBy=multi-user.target
diff --git a/meta-webserver/recipes-httpd/sthttpd/sthttpd_2.26.4.bb b/meta-webserver/recipes-httpd/sthttpd/sthttpd_2.26.4.bb
new file mode 100644
index 000000000..703492167
--- /dev/null
+++ b/meta-webserver/recipes-httpd/sthttpd/sthttpd_2.26.4.bb
@@ -0,0 +1,45 @@
+SUMMARY = "A simple, small, portable, fast, and secure HTTP server"
+DESCRIPTION = "A simple, small, portable, fast, and secure HTTP server (supported fork of thttpd)."
+HOMEPAGE = "http://opensource.dyc.edu/sthttpd"
+LICENSE = "BSD-2-Clause"
+LIC_FILES_CHKSUM = "file://src/thttpd.c;beginline=1;endline=26;md5=0c5762c2c34dcbe9eb18815516502872"
+
+SRC_URI = "http://opensource.dyc.edu/pub/sthttpd/sthttpd-${PV}.tar.gz \
+           file://thttpd.service \
+           file://thttpd.conf \
+           file://init"
+
+SRC_URI[md5sum] = "e645a85a97d3cb883011a35bc2211815"
+SRC_URI[sha256sum] = "78e87979140cbda123c81b4051552242dbbffb5dec1a17e5f95ec4826b1eaddb"
+
+S = "${WORKDIR}/sthttpd-${PV}"
+
+inherit autotools update-rc.d systemd
+
+SRV_DIR ?= "${servicedir}/www"
+
+EXTRA_OEMAKE += "'WEBDIR=${SRV_DIR}'"
+
+do_install_append () {
+    install -d ${D}${sysconfdir}/init.d
+    install -c -m 755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/thttpd
+    install -c -m 755 ${WORKDIR}/thttpd.conf ${D}${sysconfdir}
+    sed -i -e 's,@@CONFFILE,${sysconfdir}/thttpd.conf,g' ${D}${sysconfdir}/init.d/thttpd
+    sed -i -e 's,@@SRVDIR,${SRV_DIR},g' ${D}${sysconfdir}/thttpd.conf
+    sed -i 's!/usr/sbin/!${sbindir}/!g' ${D}${sysconfdir}/init.d/thttpd
+
+    install -d ${D}${systemd_unitdir}/system
+    install -m 0644 ${WORKDIR}/thttpd.service ${D}${systemd_unitdir}/system
+    sed -i 's!/usr/sbin/!${sbindir}/!g' ${D}${systemd_unitdir}/system/thttpd.service
+    sed -i 's!/var/!${localstatedir}/!g' ${D}${systemd_unitdir}/system/thttpd.service
+    sed -i -e 's,@@CONFFILE,${sysconfdir}/thttpd.conf,g' ${D}${systemd_unitdir}/system/thttpd.service
+}
+
+INITSCRIPT_NAME = "thttpd"
+INITSCRIPT_PARAMS = "defaults"
+
+SYSTEMD_SERVICE_${PN} = "thttpd.service"
+
+FILES_${PN} += "${SRV_DIR}"
+FILES_${PN}-dbg += "${SRV_DIR}/cgi-bin/.debug"
+
diff --git a/meta-webserver/recipes-php/modphp/files/0001-using-pkgconfig-to-check-libxml.patch b/meta-webserver/recipes-php/modphp/files/0001-using-pkgconfig-to-check-libxml.patch
new file mode 100644
index 000000000..bab5ff2dc
--- /dev/null
+++ b/meta-webserver/recipes-php/modphp/files/0001-using-pkgconfig-to-check-libxml.patch
@@ -0,0 +1,74 @@
+[PATCH] using pkgconfig to check libxml
+
+Upstream-Status: Pending
+
+Use pkg-config for the libxml2 dependency, not the -config script.
+
+Signed-off-by: Roy.Li <rongqing.li@windriver.com>
+---
+ acinclude.m4 | 48 ++++++------------------------------------------
+ 1 file changed, 6 insertions(+), 42 deletions(-)
+
+diff --git a/acinclude.m4 b/acinclude.m4
+index d348f57..9f691a5 100644
+--- a/acinclude.m4
++++ b/acinclude.m4
+@@ -2530,49 +2530,13 @@ dnl
+ dnl Common setup macro for libxml
+ dnl
+ AC_DEFUN([PHP_SETUP_LIBXML], [
+-AC_CACHE_CHECK([for xml2-config path], ac_cv_php_xml2_config_path,
+-[
+-  for i in $PHP_LIBXML_DIR /usr/local /usr; do
+-    if test -x "$i/bin/xml2-config"; then
+-      ac_cv_php_xml2_config_path="$i/bin/xml2-config"
+-      break
+-    fi
+-  done
+-])
++  PKG_CHECK_MODULES(PKG_XML2, [libxml-2.0],,)
++  if test "x$PKG_XML2_CFLAGS" != "x"; then
++    PHP_EVAL_INCLINE($PKG_XML2_CFLAGS, $1)
++    PHP_EVAL_LIBLINE($PKG_XML2_LIBS)
++    AC_DEFINE(HAVE_LIBXML, 1, [ ])
++    $2
+ 
+-  if test -x "$ac_cv_php_xml2_config_path"; then
+-    XML2_CONFIG="$ac_cv_php_xml2_config_path"
+-    libxml_full_version=`$XML2_CONFIG --version`
+-    ac_IFS=$IFS
+-    IFS="."
+-    set $libxml_full_version
+-    IFS=$ac_IFS
+-    LIBXML_VERSION=`expr [$]1 \* 1000000 + [$]2 \* 1000 + [$]3`
+-    if test "$LIBXML_VERSION" -ge "2006011"; then
+-      LIBXML_LIBS=`$XML2_CONFIG --libs`
+-      LIBXML_INCS=`$XML2_CONFIG --cflags`
+-      PHP_EVAL_LIBLINE($LIBXML_LIBS, $1)
+-      PHP_EVAL_INCLINE($LIBXML_INCS)
+-
+-      dnl Check that build works with given libs
+-      AC_CACHE_CHECK(whether libxml build works, php_cv_libxml_build_works, [
+-        PHP_TEST_BUILD(xmlInitParser,
+-        [
+-          php_cv_libxml_build_works=yes
+-        ], [
+-          AC_MSG_RESULT(no)
+-          AC_MSG_ERROR([build test failed.  Please check the config.log for details.])
+-        ], [
+-          [$]$1
+-        ])
+-      ])
+-      if test "$php_cv_libxml_build_works" = "yes"; then
+-        AC_DEFINE(HAVE_LIBXML, 1, [ ])
+-      fi
+-      $2
+-    else
+-      AC_MSG_ERROR([libxml2 version 2.6.11 or greater required.])
+-    fi
+ ifelse([$3],[],,[else $3])
+   fi
+ ])
+-- 
+1.9.1
+
diff --git a/meta-webserver/recipes-php/modphp/files/70_mod_php5.conf b/meta-webserver/recipes-php/modphp/files/70_mod_php5.conf
new file mode 100644
index 000000000..1de6fb11a
--- /dev/null
+++ b/meta-webserver/recipes-php/modphp/files/70_mod_php5.conf
@@ -0,0 +1,12 @@
+# vim: ft=apache sw=4 ts=4
+<IfDefine PHP5>
+        # Load the module first
+        <IfModule !sapi_apache2.c>
+                LoadModule php5_module    lib/apache2/modules/libphp5.so
+        </IfModule>
+
+        # Set it to handle the files
+        AddHandler php5-script .php .phtml .php3 .php4 .php5
+        AddType application/x-httpd-php-source .phps
+        DirectoryIndex index.html index.html.var index.php index.phtml
+</IfDefine>
diff --git a/meta-webserver/recipes-php/modphp/files/configure.patch b/meta-webserver/recipes-php/modphp/files/configure.patch
new file mode 100644
index 000000000..c5334c706
--- /dev/null
+++ b/meta-webserver/recipes-php/modphp/files/configure.patch
@@ -0,0 +1,11 @@
+--- php-5.1.6/configure.old     2006-09-12 07:54:14.000000000 -0700
++++ php-5.1.6/configure 2006-09-12 07:54:37.000000000 -0700
+@@ -14715,8 +14715,6 @@
+ 
+ 
+ 
+-  unset ac_cv_func_dlopen
+-  unset ac_cv_func___dlopen
+   unset found
+   
+   echo $ac_n "checking for dlopen""... $ac_c" 1>&6
diff --git a/meta-webserver/recipes-php/modphp/files/php-CVE-2014-3587.patch b/meta-webserver/recipes-php/modphp/files/php-CVE-2014-3587.patch
new file mode 100644
index 000000000..e1c40f244
--- /dev/null
+++ b/meta-webserver/recipes-php/modphp/files/php-CVE-2014-3587.patch
@@ -0,0 +1,31 @@
+modphp: Security Advisory - php - CVE-2014-3587
+
+Upstream-Status: Backport
+
+Signed-off-by: Yue Tao <yue.tao@windriver.com>
+
+From 7ba1409a1aee5925180de546057ddd84ff267947 Mon Sep 17 00:00:00 2001
+From: Remi Collet <rcollet@redhat.com>
+Date: Thu, 14 Aug 2014 17:19:03 -0700
+Subject: [PATCH] Fix bug #67716 - Segfault in cdf.c
+
+---
+ ext/fileinfo/libmagic/cdf.c |    2 +-
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/ext/fileinfo/libmagic/cdf.c b/ext/fileinfo/libmagic/cdf.c
+index 429f3b9..2c0a2d9 100644
+--- a/ext/fileinfo/libmagic/cdf.c
++++ b/ext/fileinfo/libmagic/cdf.c
+@@ -820,7 +820,7 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
+                q = (const uint8_t *)(const void *)
+                    ((const char *)(const void *)p + ofs
+                    - 2 * sizeof(uint32_t));
+-               if (q > e) {
++               if (q < p || q > e) {
+                        DPRINTF(("Ran of the end %p > %p\n", q, e));
+                        goto out;
+                }
+-- 
+1.7.9.5
+
diff --git a/meta-webserver/recipes-php/modphp/files/php-CVE-2014-3597.patch b/meta-webserver/recipes-php/modphp/files/php-CVE-2014-3597.patch
new file mode 100644
index 000000000..73f4e32c6
--- /dev/null
+++ b/meta-webserver/recipes-php/modphp/files/php-CVE-2014-3597.patch
@@ -0,0 +1,282 @@
+modphp: Security Advisory - php - CVE-2014-3597
+
+Upstream-Status: Backport
+
+Signed-off-by: Yue Tao <yue.tao@windriver.com>
+
+From 2fefae47716d501aec41c1102f3fd4531f070b05 Mon Sep 17 00:00:00 2001
+From: Remi Collet <remi@php.net>
+Date: Tue, 19 Aug 2014 08:33:49 +0200
+Subject: [PATCH] Fixed Sec Bug #67717 segfault in dns_get_record
+ CVE-2014-3597
+
+Incomplete fix for CVE-2014-4049
+
+Check possible buffer overflow
+- pass real buffer end to dn_expand calls
+- check buffer len before each read
+---
+ ext/standard/dns.c |   84 +++++++++++++++++++++++++++++++++++++---------------
+ 1 file changed, 60 insertions(+), 24 deletions(-)
+
+diff --git a/ext/standard/dns.c b/ext/standard/dns.c
+index 214a7dc..0b5e69c 100644
+--- a/ext/standard/dns.c
++++ b/ext/standard/dns.c
+@@ -412,8 +412,14 @@ PHP_FUNCTION(dns_check_record)
+ 
+ #if HAVE_FULL_DNS_FUNCS
+ 
++#define CHECKCP(n) do { \
++       if (cp + n > end) { \
++               return NULL; \
++       } \
++} while (0)
++
+ /* {{{ php_parserr */
+-static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int store, int raw, zval **subarray)
++static u_char *php_parserr(u_char *cp, u_char *end, querybuf *answer, int type_to_fetch, int store, int raw, zval **subarray)
+ {
+        u_short type, class, dlen;
+        u_long ttl;
+@@ -425,16 +431,18 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int
+ 
+        *subarray = NULL;
+ 
+-       n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, sizeof(name) - 2);
++       n = dn_expand(answer->qb2, end, cp, name, sizeof(name) - 2);
+        if (n < 0) {
+                return NULL;
+        }
+        cp += n;
+ 
++       CHECKCP(10);
+        GETSHORT(type, cp);
+        GETSHORT(class, cp);
+        GETLONG(ttl, cp);
+        GETSHORT(dlen, cp);
++       CHECKCP(dlen);
+        if (type_to_fetch != T_ANY && type != type_to_fetch) {
+                cp += dlen;
+                return cp;
+@@ -461,12 +469,14 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int
+ 
+        switch (type) {
+                case DNS_T_A:
++                       CHECKCP(4);
+                        add_assoc_string(*subarray, "type", "A", 1);
+                        snprintf(name, sizeof(name), "%d.%d.%d.%d", cp[0], cp[1], cp[2], cp[3]);
+                        add_assoc_string(*subarray, "ip", name, 1);
+                        cp += dlen;
+                        break;
+                case DNS_T_MX:
++                       CHECKCP(2);
+                        add_assoc_string(*subarray, "type", "MX", 1);
+                        GETSHORT(n, cp);
+                        add_assoc_long(*subarray, "pri", n);
+@@ -485,7 +495,7 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int
+                        if (type == DNS_T_PTR) {
+                                add_assoc_string(*subarray, "type", "PTR", 1);
+                        }
+-                       n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, (sizeof name) - 2);
++                       n = dn_expand(answer->qb2, end, cp, name, (sizeof name) - 2);
+                        if (n < 0) {
+                                return NULL;
+                        }
+@@ -495,18 +505,22 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int
+                case DNS_T_HINFO:
+                        /* See RFC 1010 for values */
+                        add_assoc_string(*subarray, "type", "HINFO", 1);
++                       CHECKCP(1);
+                        n = *cp & 0xFF;
+                        cp++;
++                       CHECKCP(n);
+                        add_assoc_stringl(*subarray, "cpu", (char*)cp, n, 1);
+                        cp += n;
++                       CHECKCP(1);
+                        n = *cp & 0xFF;
+                        cp++;
++                       CHECKCP(n);
+                        add_assoc_stringl(*subarray, "os", (char*)cp, n, 1);
+                        cp += n;
+                        break;
+                case DNS_T_TXT:
+                        {
+-                               int ll = 0;
++                               int l1 = 0, l2 = 0;
+                                zval *entries = NULL;
+ 
+                                add_assoc_string(*subarray, "type", "TXT", 1);
+@@ -515,37 +529,41 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int
+                                MAKE_STD_ZVAL(entries);
+                                array_init(entries);
+                                
+-                               while (ll < dlen) {
+-                                       n = cp[ll];
+-                                       if ((ll + n) >= dlen) {
++                               while (l1 < dlen) {
++                                       n = cp[l1];
++                                       if ((l1 + n) >= dlen) {
+                                                // Invalid chunk length, truncate
+-                                               n = dlen - (ll + 1);
++                                               n = dlen - (l1 + 1);
++                                       }
++                                       if (n) {
++                                               memcpy(tp + l2 , cp + l1 + 1, n);
++                                               add_next_index_stringl(entries, cp + l1 + 1, n, 1);
+                                        }
+-                                       memcpy(tp + ll , cp + ll + 1, n);
+-                                       add_next_index_stringl(entries, cp + ll + 1, n, 1);
+-                                       ll = ll + n + 1;
++                                       l1 = l1 + n + 1;
++                                       l2 = l2 + n;
+                                }
+-                               tp[dlen] = '\0';
++                               tp[l2] = '\0';
+                                cp += dlen;
+ 
+-                               add_assoc_stringl(*subarray, "txt", tp, (dlen>0)?dlen - 1:0, 0);
++                               add_assoc_stringl(*subarray, "txt", tp, l2, 0);
+                                add_assoc_zval(*subarray, "entries", entries);
+                        }
+                        break;
+                case DNS_T_SOA:
+                        add_assoc_string(*subarray, "type", "SOA", 1);
+-                       n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, (sizeof name) -2);
++                       n = dn_expand(answer->qb2, end, cp, name, (sizeof name) -2);
+                        if (n < 0) {
+                                return NULL;
+                        }
+                        cp += n;
+                        add_assoc_string(*subarray, "mname", name, 1);
+-                       n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, (sizeof name) -2);
++                       n = dn_expand(answer->qb2, end, cp, name, (sizeof name) -2);
+                        if (n < 0) {
+                                return NULL;
+                        }
+                        cp += n;
+                        add_assoc_string(*subarray, "rname", name, 1);
++                       CHECKCP(5*4);
+                        GETLONG(n, cp);
+                        add_assoc_long(*subarray, "serial", n);
+                        GETLONG(n, cp);
+@@ -559,6 +577,7 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int
+                        break;
+                case DNS_T_AAAA:
+                        tp = (u_char*)name;
++                       CHECKCP(8*2);
+                        for(i=0; i < 8; i++) {
+                                GETSHORT(s, cp);
+                                if (s != 0) {
+@@ -593,6 +612,7 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int
+                case DNS_T_A6:
+                        p = cp;
+                        add_assoc_string(*subarray, "type", "A6", 1);
++                       CHECKCP(1);
+                        n = ((int)cp[0]) & 0xFF;
+                        cp++;
+                        add_assoc_long(*subarray, "masklen", n);
+@@ -628,6 +648,7 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int
+                                cp++;
+                        }
+                        for (i = (n + 8) / 16; i < 8; i++) {
++                               CHECKCP(2);
+                                GETSHORT(s, cp);
+                                if (s != 0) {
+                                        if (tp > (u_char *)name) {
+@@ -657,7 +678,7 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int
+                        tp[0] = '\0';
+                        add_assoc_string(*subarray, "ipv6", name, 1);
+                        if (cp < p + dlen) {
+-                               n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, (sizeof name) - 2);
++                               n = dn_expand(answer->qb2, end, cp, name, (sizeof name) - 2);
+                                if (n < 0) {
+                                        return NULL;
+                                }
+@@ -666,6 +687,7 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int
+                        }
+                        break;
+                case DNS_T_SRV:
++                       CHECKCP(3*2);
+                        add_assoc_string(*subarray, "type", "SRV", 1);
+                        GETSHORT(n, cp);
+                        add_assoc_long(*subarray, "pri", n);
+@@ -673,7 +695,7 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int
+                        add_assoc_long(*subarray, "weight", n);
+                        GETSHORT(n, cp);
+                        add_assoc_long(*subarray, "port", n);
+-                       n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, (sizeof name) - 2);
++                       n = dn_expand(answer->qb2, end, cp, name, (sizeof name) - 2);
+                        if (n < 0) {
+                                return NULL;
+                        }
+@@ -681,21 +703,35 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int
+                        add_assoc_string(*subarray, "target", name, 1);
+                        break;
+                case DNS_T_NAPTR:
++                       CHECKCP(2*2);
+                        add_assoc_string(*subarray, "type", "NAPTR", 1);
+                        GETSHORT(n, cp);
+                        add_assoc_long(*subarray, "order", n);
+                        GETSHORT(n, cp);
+                        add_assoc_long(*subarray, "pref", n);
++
++                       CHECKCP(1);
+                        n = (cp[0] & 0xFF);
+-                       add_assoc_stringl(*subarray, "flags", (char*)++cp, n, 1);
++                       cp++;
++                       CHECKCP(n);
++                       add_assoc_stringl(*subarray, "flags", (char*)cp, n, 1);
+                        cp += n;
++
++                       CHECKCP(1);
+                        n = (cp[0] & 0xFF);
+-                       add_assoc_stringl(*subarray, "services", (char*)++cp, n, 1);
++                       cp++;
++                       CHECKCP(n);
++                       add_assoc_stringl(*subarray, "services", (char*)cp, n, 1);
+                        cp += n;
++
++                       CHECKCP(1);
+                        n = (cp[0] & 0xFF);
+-                       add_assoc_stringl(*subarray, "regex", (char*)++cp, n, 1);
++                       cp++;
++                       CHECKCP(n);
++                       add_assoc_stringl(*subarray, "regex", (char*)cp, n, 1);
+                        cp += n;
+-                       n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, (sizeof name) - 2);
++
++                       n = dn_expand(answer->qb2, end, cp, name, (sizeof name) - 2);
+                        if (n < 0) {
+                                return NULL;
+                        }
+@@ -888,7 +924,7 @@ PHP_FUNCTION(dns_get_record)
+                        while (an-- && cp && cp < end) {
+                                zval *retval;
+ 
+-                               cp = php_parserr(cp, &answer, type_to_fetch, store_results, raw, &retval);
++                               cp = php_parserr(cp, end, &answer, type_to_fetch, store_results, raw, &retval);
+                                if (retval != NULL && store_results) {
+                                        add_next_index_zval(return_value, retval);
+                                }
+@@ -901,7 +937,7 @@ PHP_FUNCTION(dns_get_record)
+                                while (ns-- > 0 && cp && cp < end) {
+                                        zval *retval = NULL;
+ 
+-                                       cp = php_parserr(cp, &answer, DNS_T_ANY, authns != NULL, raw, &retval);
++                                       cp = php_parserr(cp, end, &answer, DNS_T_ANY, authns != NULL, raw, &retval);
+                                        if (retval != NULL) {
+                                                add_next_index_zval(authns, retval);
+                                        }
+@@ -913,7 +949,7 @@ PHP_FUNCTION(dns_get_record)
+                                while (ar-- > 0 && cp && cp < end) {
+                                        zval *retval = NULL;
+ 
+-                                       cp = php_parserr(cp, &answer, DNS_T_ANY, 1, raw, &retval);
++                                       cp = php_parserr(cp, end, &answer, DNS_T_ANY, 1, raw, &retval);
+                                        if (retval != NULL) {
+                                                add_next_index_zval(addtl, retval);
+                                        }
+-- 
+1.7.9.5
+
diff --git a/meta-webserver/recipes-php/modphp/files/php-CVE-2014-5120.patch b/meta-webserver/recipes-php/modphp/files/php-CVE-2014-5120.patch
new file mode 100644
index 000000000..f2e23b3f0
--- /dev/null
+++ b/meta-webserver/recipes-php/modphp/files/php-CVE-2014-5120.patch
@@ -0,0 +1,35 @@
+modphp: Security Advisory - php - CVE-2014-5120
+
+Upstream-Status: Backport
+
+Signed-off-by Yue Tao <yue.tao@windriver.com>
+
+From 706aefb78112a44d4932d4c9430c6a898696f51f Mon Sep 17 00:00:00 2001
+From: Stanislav Malyshev <stas@php.net>
+Date: Mon, 18 Aug 2014 22:49:10 -0700
+Subject: [PATCH] Fix bug #67730 - Null byte injection possible with imagexxx
+ functions
+
+---
+ ext/gd/gd_ctx.c |    5 +++++
+ 2 files changed, 7 insertions(+)
+
+diff --git a/ext/gd/gd_ctx.c b/ext/gd/gd_ctx.c
+index bff691f..eafbab5 100644
+--- a/ext/gd/gd_ctx.c
++++ b/ext/gd/gd_ctx.c
+@@ -124,6 +124,11 @@ static void _php_image_output_ctx(INTERNAL_FUNCTION_PARAMETERS, int image_type,
+                                RETURN_FALSE;
+                        }
+                } else if (Z_TYPE_P(to_zval) == IS_STRING) {
++                       if (CHECK_ZVAL_NULL_PATH(to_zval)) {
++                               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid 2nd parameter, filename must not contain null bytes");
++                               RETURN_FALSE;
++                       }
++
+                        stream = php_stream_open_wrapper(Z_STRVAL_P(to_zval), "wb", REPORT_ERRORS|IGNORE_PATH|IGNORE_URL_WIN, NULL);
+                        if (stream == NULL) {
+                                RETURN_FALSE;
+-- 
+1.7.9.5
+
diff --git a/meta-webserver/recipes-php/modphp/files/pthread-check-threads-m4.patch b/meta-webserver/recipes-php/modphp/files/pthread-check-threads-m4.patch
new file mode 100644
index 000000000..0c564cd88
--- /dev/null
+++ b/meta-webserver/recipes-php/modphp/files/pthread-check-threads-m4.patch
@@ -0,0 +1,30 @@
+From d8067ceacbf54e79c9c6b68675332c09eaa0b55d Mon Sep 17 00:00:00 2001
+From: Jackie Huang <jackie.huang@windriver.com>
+Date: Mon, 8 Apr 2013 14:29:51 +0800
+Subject: [PATCH] pthread-check
+
+Enable pthreads support when cross-compiling
+
+Upstream-Status: Inapproprate [config]
+
+Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
+---
+ TSRM/threads.m4 |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/TSRM/threads.m4 b/TSRM/threads.m4
+index 38494ce..15d9454 100644
+--- a/TSRM/threads.m4
++++ b/TSRM/threads.m4
+@@ -86,7 +86,7 @@ int main() {
+   pthreads_working=no
+   ], [
+   dnl For cross compiling running this test is of no use. NetWare supports pthreads
+-  pthreads_working=no
++  pthreads_working=yes
+   case $host_alias in
+   *netware*)
+     pthreads_working=yes
+-- 
+1.7.4.1
+
diff --git a/meta-webserver/recipes-php/modphp/modphp5.inc b/meta-webserver/recipes-php/modphp/modphp5.inc
new file mode 100644
index 000000000..f60c7bbfc
--- /dev/null
+++ b/meta-webserver/recipes-php/modphp/modphp5.inc
@@ -0,0 +1,112 @@
+SECTION = "console/network"
+DESCRIPTION = "A server-side, HTML-embedded scripting language. This package provides the apache php module."
+LICENSE = "PHP-3.0"
+INC_PR = "r1"
+DEPENDS = "apache2-native apache2 zlib bzip2 libmcrypt"
+
+SRC_URI = "http://www.php.net/distributions/php-${PV}.tar.bz2 \
+           file://configure.patch \
+           file://pthread-check-threads-m4.patch \
+           file://70_mod_php5.conf \
+           file://0001-using-pkgconfig-to-check-libxml.patch \
+           file://php-CVE-2014-5120.patch \
+           file://php-CVE-2014-3587.patch \
+           file://php-CVE-2014-3597.patch \
+"
+
+S = "${WORKDIR}/php-${PV}"
+
+LIC_FILES_CHKSUM = "file://LICENSE;md5=52dd90569008fee5bcdbb22d945b1108"
+
+inherit autotools pkgconfig
+
+PNBLACKLIST[modphp] ?= "CONFLICT: 466 header files conflict with php"
+# e.g. sysroots/qemux86-64/usr/include/php/main/win95nt.h
+
+CFLAGS += " -g -DPTYS_ARE_GETPT -DPTYS_ARE_SEARCHED -I${STAGING_INCDIR}/apache2"
+
+EXTRA_OECONF = "--with-apxs2=${STAGING_BINDIR_CROSS}/apxs \
+                --with-pic \
+                --enable-maintainer-zts \
+                --without-mysql \
+                --disable-cgi \
+                --disable-cli \
+                --disable-pdo \
+                --without-pear \
+                --without-iconv \
+                --disable-ipv6 \
+                --disable-xml \
+                --disable-xmlreader \
+                --disable-xmlwriter \
+                --disable-simplexml \
+                --disable-dom \
+                --disable-rpath \
+                --libdir=${libdir}/php5 \
+                --with-zlib --with-zlib-dir=${STAGING_DIR_TARGET}${exec_prefix} \
+                --with-bz2=${STAGING_DIR_TARGET}${exec_prefix} \
+                --with-mcrypt=${STAGING_DIR_TARGET}${exec_prefix} \
+                --enable-zip \
+                --enable-mbstring \
+                --with-config-file-path=${sysconfdir}/php/apache2-php5 \
+                ${@base_conditional('SITEINFO_ENDIANNESS', 'le', 'ac_cv_c_bigendian_php=no', 'ac_cv_c_bigendian_php=yes', d)}"
+
+PACKAGECONFIG ??= "mysql"
+PACKAGECONFIG[mysql] = "--with-mysqli=${STAGING_BINDIR_CROSS}/mysql_config,--without-mysqli,mysql5"
+PACKAGECONFIG[pgsql] = "--with-pgsql=${STAGING_DIR_TARGET}${exec_prefix},--without-pgsql,mysql5"
+PACKAGECONFIG[libxml] = "--enable-libxml,--disable-libxml,libxml2"
+PACKAGECONFIG[soap] = "--enable-libxml --enable-soap, --disable-soap, libxml2"
+
+acpaths = ""
+
+do_configure_prepend () {
+    rm -f ${S}/build/libtool.m4 ${S}/ltmain.sh ${S}/aclocal.m4
+    find ${S} -name config.m4 | xargs -n1 sed -i 's!APXS_HTTPD=.*!APXS_HTTPD=${STAGING_BINDIR_NATIVE}/httpd!'
+}
+
+do_configure_append() {
+    # No libtool, we really don't want rpath set...
+    sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' ${HOST_SYS}-libtool
+    sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' ${HOST_SYS}-libtool
+}
+
+do_install  () {
+    install -d ${D}${libdir}/apache2/modules
+    install -d ${D}${sysconfdir}/apache2/modules.d
+    install -d ${D}${sysconfdir}/php/apache2-php5
+    install -m 755  libs/libphp5.so ${D}${libdir}/apache2/modules
+    install -m 644  ${WORKDIR}/70_mod_php5.conf ${D}${sysconfdir}/apache2/modules.d
+    sed -i s,lib/,${libdir}/, ${D}${sysconfdir}/apache2/modules.d/70_mod_php5.conf
+    cat ${S}/php.ini-production | \
+        sed -e 's,extension_dir = \"\./\",extension_dir = \"/usr/lib/extensions\",' \
+        > ${D}${sysconfdir}/php/apache2-php5/php.ini
+
+    install -d ${D}${bindir}
+    install -m 755 scripts/phpize ${D}${bindir}
+    install -m 755 scripts/php-config ${D}${bindir}
+    cat aclocal-copy/libtool.m4 aclocal-copy/lt~obsolete.m4 aclocal-copy/ltoptions.m4 \
+        aclocal-copy/ltsugar.m4 aclocal-copy/ltversion.m4 > ${S}/build/libtool.m4
+
+    oe_runmake install-build install-headers INSTALL_ROOT=${D}
+}
+
+SYSROOT_PREPROCESS_FUNCS += "php_sysroot_preprocess"
+
+php_sysroot_preprocess () {
+    install -d ${SYSROOT_DESTDIR}${bindir_crossscripts}/
+    install -m 755 ${D}${bindir}/phpize ${SYSROOT_DESTDIR}${bindir_crossscripts}/
+    install -m 755 ${D}${bindir}/php-config ${SYSROOT_DESTDIR}${bindir_crossscripts}/
+
+    sed -i 's!eval echo /!eval echo ${STAGING_DIR_HOST}/!' ${SYSROOT_DESTDIR}${bindir_crossscripts}/phpize
+    sed -i 's!^include_dir=.*!include_dir=${STAGING_INCDIR}/php!' ${SYSROOT_DESTDIR}${bindir_crossscripts}/php-config
+}
+
+# phpize is not scanned for absolute paths by default (but php-config is).
+#
+SSTATE_SCAN_FILES += "phpize"
+
+RDEPENDS_${PN} = "apache2"
+
+FILES_${PN} = "${libdir}/apache2 ${sysconfdir}"
+FILES_${PN}-dev += "${bindir}/phpize ${bindir}/php-config ${libdir}/php5"
+FILES_${PN}-dbg += "${libdir}/apache2/modules/.debug"
+
diff --git a/meta-webserver/recipes-php/modphp/modphp_5.5.15.bb b/meta-webserver/recipes-php/modphp/modphp_5.5.15.bb
new file mode 100644
index 000000000..aed620f5b
--- /dev/null
+++ b/meta-webserver/recipes-php/modphp/modphp_5.5.15.bb
@@ -0,0 +1,7 @@
+include modphp5.inc
+
+EXTRA_OECONF += "--disable-opcache"
+
+SRC_URI[md5sum] = "5cb5f2ed9099299f8a4c952d59d93812"
+SRC_URI[sha256sum] = "00f24226b12fee27e332383b6304f1b9ed3f4d9173dd728a68c5c3f5a59b8ba7"
+
diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/0001-bug-4504-security-Self-XSS-in-query-charts.patch b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/0001-bug-4504-security-Self-XSS-in-query-charts.patch
new file mode 100644
index 000000000..27eac7762
--- /dev/null
+++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/0001-bug-4504-security-Self-XSS-in-query-charts.patch
@@ -0,0 +1,29 @@
+From 90ddeecf60fc029608b972e490b735f3a65ed0cb Mon Sep 17 00:00:00 2001
+From: Madhura Jayaratne <madhura.cj@gmail.com>
+Date: Sun, 17 Aug 2014 08:52:05 -0400
+Subject: [PATCH] bug #4504 [security] Self-XSS in query charts
+
+Upstream-status: Backport
+
+Signed-off-by: Marc Delisle <marc@infomarc.info>
+---
+ js/tbl_chart.js |    2 +-
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+ 4.2.7.0 (2014-07-31)
+diff --git a/js/tbl_chart.js b/js/tbl_chart.js
+index 943d4ae..04c9c40 100644
+--- a/js/tbl_chart.js
++++ b/js/tbl_chart.js
+@@ -47,7 +47,7 @@ function PMA_queryChart(data, columnNames, settings) {
+         },
+         axes : {
+             xaxis : {
+-                label : settings.xaxisLabel
++                label : escapeHtml(settings.xaxisLabel)
+             },
+             yaxis : {
+                 label : settings.yaxisLabel
+-- 
+1.7.10.4
+
diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/0001-bug-4505-security-XSS-in-view-operations-page.patch b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/0001-bug-4505-security-XSS-in-view-operations-page.patch
new file mode 100644
index 000000000..164a072ef
--- /dev/null
+++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/0001-bug-4505-security-XSS-in-view-operations-page.patch
@@ -0,0 +1,43 @@
+From 0cd293f5e13aa245e4a57b8d373597cc0e421b6f Mon Sep 17 00:00:00 2001
+From: Madhura Jayaratne <madhura.cj@gmail.com>
+Date: Sun, 17 Aug 2014 08:41:57 -0400
+Subject: [PATCH] bug #4505 [security] XSS in view operations page
+
+Upstream-Status: Backport
+
+Signed-off-by: Marc Delisle <marc@infomarc.info>
+---
+ ChangeLog       |    3 +++
+ js/functions.js |    2 +-
+ 2 files changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/ChangeLog b/ChangeLog
+index 7afac1a..cec9d77 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,6 +1,9 @@
+ phpMyAdmin - ChangeLog
+ ======================
+ 
++4.2.7.1 (2014-08-17)
++- bug #4505 [security] XSS in view operations page
++
+ 4.2.7.0 (2014-07-31)
+ - bug       Broken links on home page
+ - bug #4494 Overlap in navigation panel
+diff --git a/js/functions.js b/js/functions.js
+index 09bfeda..a970a81 100644
+--- a/js/functions.js
++++ b/js/functions.js
+@@ -3585,7 +3585,7 @@ AJAX.registerOnload('functions.js', function () {
+         var question = PMA_messages.strDropTableStrongWarning + ' ';
+         question += $.sprintf(
+             PMA_messages.strDoYouReally,
+-            'DROP VIEW ' + PMA_commonParams.get('table')
++            'DROP VIEW ' + escapeHtml(PMA_commonParams.get('table'))
+         );
+ 
+         $(this).PMA_confirm(question, $(this).attr('href'), function (url) {
+-- 
+1.7.10.4
+
diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/apache.conf b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/apache.conf
new file mode 100644
index 000000000..94cbd865c
--- /dev/null
+++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/apache.conf
@@ -0,0 +1,42 @@
+# phpMyAdmin default Apache configuration
+
+Alias /phpmyadmin /usr/share/phpmyadmin
+
+<Directory /usr/share/phpmyadmin>
+        Options FollowSymLinks
+        DirectoryIndex index.php
+        Require all granted
+
+        <IfModule mod_php5.c>
+                AddType application/x-httpd-php .php
+
+                php_flag magic_quotes_gpc Off
+                php_flag track_vars On
+                php_flag register_globals Off
+                php_admin_flag allow_url_fopen Off
+                php_value include_path .
+                php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
+                php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/
+        </IfModule>
+</Directory>
+
+# Authorize for setup
+<Directory /usr/share/phpmyadmin/setup>
+    <IfModule mod_authn_file.c>
+    AuthType Basic
+    AuthName "phpMyAdmin Setup"
+    AuthUserFile /etc/phpmyadmin/htpasswd.setup
+    </IfModule>
+    Require valid-user
+</Directory>
+
+# Disallow web access to directories that don't need it
+<Directory /usr/share/phpmyadmin/libraries>
+    Order Deny,Allow
+    Deny from All
+</Directory>
+<Directory /usr/share/phpmyadmin/setup/lib>
+    Order Deny,Allow
+    Deny from All
+</Directory>
+
diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.2.7.bb b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.2.7.bb
new file mode 100644
index 000000000..447b77884
--- /dev/null
+++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.2.7.bb
@@ -0,0 +1,34 @@
+SUMMARY = "Web-based MySQL administration interface"
+HOMEPAGE = "http://www.phpmyadmin.net"
+# Main code is GPLv2, libraries/tcpdf is under LGPLv3, js/jquery is under MIT
+LICENSE = "GPLv2 & LGPLv3 & MIT"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=eb723b61539feef013de476e68b5c50a \
+                    file://libraries/tcpdf/LICENSE.TXT;md5=5c87b66a5358ebcc495b03e0afcd342c"
+
+SRC_URI = "${SOURCEFORGE_MIRROR}/phpmyadmin/phpMyAdmin/${PV}/phpMyAdmin-${PV}-all-languages.tar.xz \
+           file://0001-bug-4504-security-Self-XSS-in-query-charts.patch \
+           file://0001-bug-4505-security-XSS-in-view-operations-page.patch \
+           file://apache.conf"
+
+SRC_URI[md5sum] = "0dcd755450dac819f33502590c88ad29"
+SRC_URI[sha256sum] = "5d101dd88a99a869bc0c684a7f687cf290abc4bf306daac73337cbde2d7743e4"
+
+S = "${WORKDIR}/phpMyAdmin-${PV}-all-languages"
+
+inherit allarch
+
+do_install() {
+    install -d ${D}${datadir}/${BPN}
+    cp -a * ${D}${datadir}/${BPN}
+
+    install -d ${D}${sysconfdir}/apache2/conf.d
+    install -m 0644 ${WORKDIR}/apache.conf ${D}${sysconfdir}/apache2/conf.d/phpmyadmin.conf
+
+    # Remove a few scripts that explicitly require bash (!)
+    rm -f ${D}${datadir}/phpmyadmin/libraries/transformations/*.sh
+}
+
+FILES_${PN} = "${datadir}/${BPN} \
+               ${sysconfdir}/apache2/conf.d"
+
+RDEPENDS_${PN} += "bash"
diff --git a/meta-webserver/recipes-php/xdebug/xdebug_2.2.5.bb b/meta-webserver/recipes-php/xdebug/xdebug_2.2.5.bb
new file mode 100644
index 000000000..66aff5e33
--- /dev/null
+++ b/meta-webserver/recipes-php/xdebug/xdebug_2.2.5.bb
@@ -0,0 +1,36 @@
+SUMMARY = "Debugging and profiling extension for PHP"
+LICENSE = "Xdebug"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=34df3a274aa12b795417c65634c07f16"
+
+DEPENDS = "modphp"
+
+PNBLACKLIST[xdebug] ?= "CONFLICT: depends on blocked modphp"
+
+SRC_URI = "http://xdebug.org/files/xdebug-${PV}.tgz"
+
+SRC_URI[md5sum] = "7e571ce8eb6fa969fd8263969019849d"
+SRC_URI[sha256sum] = "adc6fe92dcff2368be94d20a5997aadb4d46d74551e2dd6602a704a35a195a6f"
+
+inherit autotools
+
+EXTRA_OECONF += "--enable-xdebug -with-php-config=${STAGING_BINDIR_CROSS}/php-config"
+
+do_configure() {
+    cd ${S}
+    ${STAGING_BINDIR_CROSS}/phpize
+    cd ${B}
+
+    # Running autoreconf as autotools_do_configure would do here
+    # breaks the libtool configuration resulting in a failure later
+    # in do_compile. It's possible this may be fixable, however the
+    # easiest course of action for the moment is to avoid doing that.
+    oe_runconf
+}
+
+do_install() {
+    oe_runmake install INSTALL_ROOT=${D}
+}
+
+FILES_${PN} += "${libdir}/php5/extensions/*/*.so"
+FILES_${PN}-dbg += "${libdir}/php5/extensions/*/.debug"
+
diff --git a/meta-webserver/recipes-support/fcgi/fcgi/Fix_EOF_not_declared_issue.patch b/meta-webserver/recipes-support/fcgi/fcgi/Fix_EOF_not_declared_issue.patch
new file mode 100644
index 000000000..51ddeaac2
--- /dev/null
+++ b/meta-webserver/recipes-support/fcgi/fcgi/Fix_EOF_not_declared_issue.patch
@@ -0,0 +1,17 @@
+Upstream-Status: Pending
+
+Fix EOF not declared issue, following is the error log.
+fcgio.cpp:70:72: error: 'EOF' was not declared in this scope
+              if (FCGX_PutStr(pbase(), plen, this->fcgx) != plen) return EOF;
+
+Signed-off-by: Yang Haibo <b40869@freescale.com>
+--- fcgi-ori/libfcgi/fcgio.cpp 2014-07-28 18:01:00.000000000 +0800
++++ fcgi-2.4.0/libfcgi/fcgio.cpp       2014-07-28 18:01:22.000000000 +0800
+@@ -22,6 +22,7 @@
+ #define DLLAPI  __declspec(dllexport)
+ #endif
+
++#include <stdio.h>
+ #include <limits.h>
+ #include "fcgio.h"
+
diff --git a/meta-webserver/recipes-support/fcgi/fcgi/add_foreign_to_AM_INIT_AUTOMAKE.patch b/meta-webserver/recipes-support/fcgi/fcgi/add_foreign_to_AM_INIT_AUTOMAKE.patch
new file mode 100644
index 000000000..eca694adc
--- /dev/null
+++ b/meta-webserver/recipes-support/fcgi/fcgi/add_foreign_to_AM_INIT_AUTOMAKE.patch
@@ -0,0 +1,18 @@
+Upstream-Status: Pending
+
+use automake options "foreign" to set the strictness as appropriate
+
+Signed-off-by: Yang Haibo <b40869@freescale.com>
+--- fcgi-ori/configure.in       2014-08-05 14:58:35.000000000 +0800
++++ fcgi-2.4.0/configure.in     2014-08-05 14:59:08.000000000 +0800
+@@ -4,8 +4,8 @@
+ dnl     generate the file "configure", which is run during the build
+ dnl     to configure the system for the local environment.
+ 
+-AC_INIT
+-AM_INIT_AUTOMAKE(fcgi, 2.4.0)
++AC_INIT([fcgi], [2.4.0])
++AM_INIT_AUTOMAKE([foreign])
+ 
+ AM_CONFIG_HEADER(fcgi_config.h)
+ 
diff --git a/meta-webserver/recipes-support/fcgi/fcgi_2.4.0.bb b/meta-webserver/recipes-support/fcgi/fcgi_2.4.0.bb
new file mode 100644
index 000000000..ed718aefd
--- /dev/null
+++ b/meta-webserver/recipes-support/fcgi/fcgi_2.4.0.bb
@@ -0,0 +1,15 @@
+DESCRIPTION = "FastCGI is a protocol for interfacing interactive programs with a web server."
+HOMEPAGE = "http://www.fastcgi.com"
+LICENSE = "OML"
+LIC_FILES_CHKSUM = "file://LICENSE.TERMS;md5=e3aacac3a647af6e7e31f181cda0a06a"
+
+SRC_URI = "http://fossies.org/linux/www/${BP}.tar.gz \
+           file://Fix_EOF_not_declared_issue.patch \
+           file://add_foreign_to_AM_INIT_AUTOMAKE.patch \
+"
+SRC_URI[md5sum] = "d15060a813b91383a9f3c66faf84867e"
+SRC_URI[sha256sum] = "66fc45c6b36a21bf2fbbb68e90f780cc21a9da1fffbae75e76d2b4402d3f05b9"
+
+inherit autotools
+
+PARALLEL_MAKE = ""
diff --git a/meta-webserver/recipes-webadmin/webmin/files/disable-version-check.patch b/meta-webserver/recipes-webadmin/webmin/files/disable-version-check.patch
new file mode 100644
index 000000000..a9ee40507
--- /dev/null
+++ b/meta-webserver/recipes-webadmin/webmin/files/disable-version-check.patch
@@ -0,0 +1,45 @@
+Disable OS version check in status screen
+
+The code is not able to accurately detect the correct distro/version at
+the moment.
+
+Upstream-status: Inappropriate
+
+Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+
+diff --git a/webmin/webmin-lib.pl b/webmin/webmin-lib.pl
+index 57a37f7..838b944 100755
+--- a/webmin/webmin-lib.pl
++++ b/webmin/webmin-lib.pl
+@@ -1059,18 +1059,19 @@ my %miniserv;
+ &load_theme_library(); # So that UI functions work
+ 
+ # Need OS upgrade
+-my %realos = &detect_operating_system(undef, 1);
+-if (($realos{'os_version'} ne $gconfig{'os_version'} ||
+-     $realos{'os_type'} ne $gconfig{'os_type'}) &&
+-    $realos{'os_version'} && $realos{'os_type'} &&
+-    &foreign_available("webmin")) {
+-       push(@notifs, 
+-               &ui_form_start("$gconfig{'webprefix'}/webmin/fix_os.cgi").
+-               &text('os_incorrect', $realos{'real_os_type'},
+-                                   $realos{'real_os_version'})."<p>\n".
+-               &ui_form_end([ [ undef, $text{'os_fix'} ] ])
+-               );
+-       }
++# Disabled for now as os-chooser.pl does not work on our system
++#my %realos = &detect_operating_system(undef, 1);
++#if (($realos{'os_version'} ne $gconfig{'os_version'} ||
++#     $realos{'os_type'} ne $gconfig{'os_type'}) &&
++#    $realos{'os_version'} && $realos{'os_type'} &&
++#    &foreign_available("webmin")) {
++#      push(@notifs, 
++#              &ui_form_start("$gconfig{'webprefix'}/webmin/fix_os.cgi").
++#              &text('os_incorrect', $realos{'real_os_type'},
++#                                  $realos{'real_os_version'})."<p>\n".
++#              &ui_form_end([ [ undef, $text{'os_fix'} ] ])
++#              );
++#      }
+ 
+ # Password close to expiry
+ my $warn_days = $config{'warn_days'};
diff --git a/meta-webserver/recipes-webadmin/webmin/files/exports-lib.pl.patch b/meta-webserver/recipes-webadmin/webmin/files/exports-lib.pl.patch
new file mode 100644
index 000000000..177d8a372
--- /dev/null
+++ b/meta-webserver/recipes-webadmin/webmin/files/exports-lib.pl.patch
@@ -0,0 +1,32 @@
+From 7eba4c98c6953fa6ea76c1620d19524bcfa3a576 Mon Sep 17 00:00:00 2001
+From: Kevin Strasser <kevin.strasser@linux.intel.com>
+Date: Wed, 1 Aug 2012 11:51:26 -0700
+Subject: [PATCH] nfs export: remove nfsd check
+
+nfsd runs as a kernel process and does not have a pid. This means
+that the command assigned to apply_cmd will never be executed when
+the user tries to apply changes to nfs exports.
+
+Upstream-Status: Inappropriate [config]
+
+Signed-off-by: Kevin Strasser <kevin.strasser@linux.intel.com>
+---
+ exports/exports-lib.pl |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/exports/exports-lib.pl b/exports/exports-lib.pl
+index 22891c0..1c67494 100755
+--- a/exports/exports-lib.pl
++++ b/exports/exports-lib.pl
+@@ -273,7 +273,7 @@ return !&has_command("rpc.nfsd") && !&has_command("nfsd") &&
+ sub restart_mountd
+ {
+ # Try exportfs -r first
+-if ($config{'apply_cmd'} && &find_byname("nfsd") && &find_byname("mountd")) {
++if ($config{'apply_cmd'} && &find_byname("mountd")) {
+        my $out = &backquote_logged("$config{'apply_cmd'} 2>&1 </dev/null");
+        if (!$? && $out !~ /invalid|error|failed/i) {
+                # Looks like it worked!
+-- 
+1.7.9.5
+
diff --git a/meta-webserver/recipes-webadmin/webmin/files/init-exclude.patch b/meta-webserver/recipes-webadmin/webmin/files/init-exclude.patch
new file mode 100644
index 000000000..5563227d5
--- /dev/null
+++ b/meta-webserver/recipes-webadmin/webmin/files/init-exclude.patch
@@ -0,0 +1,78 @@
+# Hack in support for an "exclude" config option for the init module, so
+# we can hide certain system services that shouldn't really be configurable
+# via the web interface
+#
+# Upstream-status: Pending
+#
+# Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+# Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
+---
+ init/index.cgi   | 27 ++++++++++++++-------------
+ init/init-lib.pl |  5 +++--
+ 2 files changed, 17 insertions(+), 15 deletions(-)
+
+diff --git a/init/index.cgi b/init/index.cgi
+index d48b793..30dafd4 100755
+--- a/init/index.cgi
++++ b/init/index.cgi
+@@ -45,19 +45,20 @@ elsif ($init_mode eq "init" && $access{'bootup'}) {
+                                             : "$config{'init_dir'}/$ac[0]");
+                }
+        @runlevels = &list_runlevels();
+-       foreach $r (@runlevels) {
+-               foreach $w ("S", "K") {
+-                       foreach $a (&runlevel_actions($r, $w)) {
+-                               @ac = split(/\s+/, $a);
+-                               if (!$nodemap{$ac[2]}) {
+-                                       push(@acts, $ac[1]);
+-                                       push(@actsl,
+-                                            "1+$r+$ac[0]+$ac[1]+$ac[2]+$w");
+-                                       push(@actsf, "$config{'init_base'}/rc$r.d/$w$ac[0]$ac[1]");
+-                                       }
+-                               }
+-                       }
+-               }
++       # Assume there won't be any of these broken actions
++       #foreach $r (@runlevels) {
++       #       foreach $w ("S", "K") {
++       #               foreach $a (&runlevel_actions($r, $w)) {
++       #                       @ac = split(/\s+/, $a);
++       #                       if (!$nodemap{$ac[2]}) {
++       #                               push(@acts, $ac[1]);
++       #                               push(@actsl,
++       #                                    "1+$r+$ac[0]+$ac[1]+$ac[2]+$w");
++       #                               push(@actsf, "$config{'init_base'}/rc$r.d/$w$ac[0]$ac[1]");
++       #                               }
++       #                       }
++       #               }
++       #       }
+ 
+        # For each action, look at /etc/rc*.d/* files to see if it is 
+        # started at boot
+diff --git a/init/init-lib.pl b/init/init-lib.pl
+index ead21ed..b41794b 100755
+--- a/init/init-lib.pl
++++ b/init/init-lib.pl
+@@ -119,8 +119,9 @@ List boot time action names from init.d, such as httpd and cron.
+ =cut
+ sub list_actions
+ {
+-local($dir, $f, @stbuf, @rv);
++local($dir, $f, @stbuf, @rv, @exclude);
+ $dir = $config{init_dir};
++@exclude = split(/,/, $config{exclude});
+ opendir(DIR, $dir);
+ foreach $f (sort { lc($a) cmp lc($b) } readdir(DIR)) {
+        if ($f eq "." || $f eq ".." || $f =~ /\.bak$/ || $f eq "functions" ||
+@@ -128,7 +129,7 @@ foreach $f (sort { lc($a) cmp lc($b) } readdir(DIR)) {
+            -d "$dir/$f" || $f =~ /\.swp$/ || $f eq "skeleton" ||
+            $f =~ /\.lock$/ || $f =~ /\.dpkg-(old|dist)$/ ||
+            $f =~ /^\.depend\./ || $f eq '.legacy-bootordering' ||
+-           $f =~ /^mandrake/) { next; }
++           $f =~ /^mandrake/ || grep {$_ eq $f} @exclude ) { next; }
+        if (@stbuf = stat("$dir/$f")) {
+                push(@rv, "$f $stbuf[1]");
+                }
+--
+2.0.0
+
diff --git a/meta-webserver/recipes-webadmin/webmin/files/media-tomb.patch b/meta-webserver/recipes-webadmin/webmin/files/media-tomb.patch
new file mode 100644
index 000000000..46f310979
--- /dev/null
+++ b/meta-webserver/recipes-webadmin/webmin/files/media-tomb.patch
@@ -0,0 +1,65 @@
+diff -Nru webmin-1.570.bak/mediatomb/index.cgi webmin-1.570/mediatomb/index.cgi
+--- webmin-1.570.bak/mediatomb/index.cgi        1969-12-31 16:00:00.000000000 -0800
++++ webmin-1.570/mediatomb/index.cgi    2011-10-26 10:00:05.992522036 -0700
+@@ -0,0 +1,13 @@
++#!/usr/bin/perl
++# index.cgi
++# Display MediaTomb option categories
++
++require './mediatomb-lib.pl';
++
++ui_print_header(undef, $text{'index_title'}, "", undef, 1, 1);
++
++
++$ipaddress = &get_my_address();
++print &text('index_desc', $ipaddress),"<p>\n";
++
++ui_print_footer("/", $text{'index'});
+diff -Nru webmin-1.570.bak/mediatomb/lang/en webmin-1.570/mediatomb/lang/en
+--- webmin-1.570.bak/mediatomb/lang/en  1969-12-31 16:00:00.000000000 -0800
++++ webmin-1.570/mediatomb/lang/en      2011-10-26 10:01:13.340522186 -0700
+@@ -0,0 +1,2 @@
++index_title=MediaTomb
++index_desc=MediaTomb is an open source (GPL) UPnP MediaServer with a nice web user interface. You can access it via <a href='http://$1:49153'>here</a>.
+diff -Nru webmin-1.570.bak/mediatomb/mediatomb-lib.pl webmin-1.570/mediatomb/mediatomb-lib.pl
+--- webmin-1.570.bak/mediatomb/mediatomb-lib.pl 1969-12-31 16:00:00.000000000 -0800
++++ webmin-1.570/mediatomb/mediatomb-lib.pl     2011-10-26 10:01:34.692522079 -0700
+@@ -0,0 +1,31 @@
++#!/usr/bin/perl
++# mediatomb-lib.pl
++# Common functions for the MediaTomb module
++
++BEGIN { push(@INC, ".."); };
++use WebminCore;
++&init_config();
++
++sub get_my_address
++{
++my $myip;
++if (&foreign_check("net")) {
++        # Try to get ethernet interface
++        &foreign_require("net", "net-lib.pl");
++        my @act = &net::active_interfaces();
++        my @ifaces = grep { &net::iface_type($_->{'fullname'}) =~ /ether/i }
++                          @act;
++        @ifaces = ( $act[0] ) if (!@ifaces && @act);
++        if (@ifaces) {
++                return wantarray ? ( map { $_->{'address'} } @ifaces )
++                                 : $ifaces[0]->{'address'};
++                }
++        }
++$myip = &to_ipaddress(&get_system_hostname());
++if ($myip) {
++        # Can resolve hostname .. use that
++        return wantarray ? ( $myip ) : $myip;
++        }
++return wantarray ? ( ) : undef;
++}
++
+diff -Nru webmin-1.570.bak/mediatomb/module.info webmin-1.570/mediatomb/module.info
+--- webmin-1.570.bak/mediatomb/module.info      1969-12-31 16:00:00.000000000 -0800
++++ webmin-1.570/mediatomb/module.info  2011-10-26 09:59:50.428528369 -0700
+@@ -0,0 +1,3 @@
++desc=MediaTomb
++category=others
++longdesc=MediaTomb access module
diff --git a/meta-webserver/recipes-webadmin/webmin/files/mount-excludefs.patch b/meta-webserver/recipes-webadmin/webmin/files/mount-excludefs.patch
new file mode 100644
index 000000000..8cb74c4b1
--- /dev/null
+++ b/meta-webserver/recipes-webadmin/webmin/files/mount-excludefs.patch
@@ -0,0 +1,25 @@
+Add excludefs config option to mount module
+
+Adds a configuration option (currently hidden) to allow the distro to
+hide certain filesystems from the mount module within Webmin (e.g. /dev)
+since these shouldn't be modified from the web interface.
+
+Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+
+Upstream-status: Pending
+
+--- webmin-1.570.orig/mount/index.cgi
++++ webmin-1.570/mount/index.cgi
+@@ -33,10 +33,12 @@ elsif ($config{'sort_mode'} == 1) {
+        }
+ 
+ # Build visible filesystems list
++@excludefs = split(/,/, $config{excludefs});
+ foreach $m (@all) {
+        @minfo = @$m;
+        $p = &simplify_mount_path($minfo[0], $minfo[2]);
+        next if ($ignore{$minfo[2]});
++       next if (grep {$_ eq $minfo[2]} @excludefs);
+        @mmodes = &mount_modes($minfo[2], $minfo[0], $minfo[1]);
+        $canedit = $can_edit{$minfo[2]} && !$mmodes[4] &&
+                   &can_edit_fs(@minfo);
diff --git a/meta-webserver/recipes-webadmin/webmin/files/net-generic.patch b/meta-webserver/recipes-webadmin/webmin/files/net-generic.patch
new file mode 100644
index 000000000..7d20affb2
--- /dev/null
+++ b/meta-webserver/recipes-webadmin/webmin/files/net-generic.patch
@@ -0,0 +1,21 @@
+# Add support for configuring network interfaces on a generic linux system
+#
+# Upstream-status: Not appropriate [config]
+#
+# Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+--- webmin-1.570.orig/net/module.info
++++ webmin-1.570/net/module.info
+@@ -11,7 +11,7 @@ desc_ko_KR.UTF-8=네트워� 구성
+ name=Networking
+ desc_tr=Að Yapýlandýrmasý
+ desc_de=Netzwerkkonfiguration
+-os_support=solaris coherent-linux redhat-linux/5.0-* mandrake-linux united-linux suse-linux/6.0-* open-linux unixware turbo-linux/4.0 freebsd/3.2-* openbsd debian-linux/2.2-* cobalt-linux/2.2-* msc-linux gentoo-linux macos/1.5-* trustix-linux slackware-linux/8.0-* openmamba-linux cygwin windows pardus-linux
++os_support=generic-linux solaris coherent-linux redhat-linux/5.0-* mandrake-linux united-linux suse-linux/6.0-* open-linux unixware turbo-linux/4.0 freebsd/3.2-* openbsd debian-linux/2.2-* cobalt-linux/2.2-* msc-linux gentoo-linux macos/1.5-* trustix-linux slackware-linux/8.0-* openmamba-linux cygwin windows pardus-linux
+ desc_sk=Konfigurácia siete
+ desc_zh_CN=ÍøÂçÅäÖÃ
+ risk=low medium high
+--- /dev/null
++++ webmin-1.570/net/generic-linux-lib.pl
+@@ -0,0 +1,2 @@
++do 'linux-lib.pl';
++
diff --git a/meta-webserver/recipes-webadmin/webmin/files/net-lib.pl.patch b/meta-webserver/recipes-webadmin/webmin/files/net-lib.pl.patch
new file mode 100644
index 000000000..bdba5e73f
--- /dev/null
+++ b/meta-webserver/recipes-webadmin/webmin/files/net-lib.pl.patch
@@ -0,0 +1,19 @@
+Upstream-Status: Inappropriate [config]
+
+XXX: need to work out a better fix.
+
+Signed-off-by: Dexuan Cui <dexuan.cui@intel.com>
+
+diff -Nru webmin-1.570.orig//net/net-lib.pl webmin-1.570/net/net-lib.pl
+--- webmin-1.570.orig//net/net-lib.pl   2011-10-03 09:01:48.000000000 +0800
++++ webmin-1.570/net/net-lib.pl 2011-10-28 13:52:56.138873664 +0800
+@@ -21,7 +21,8 @@
+        do "$gconfig{'os_type'}-9.1-ALL-lib.pl";
+        }
+ else {
+-       do "$gconfig{'os_type'}-lib.pl";
++       #do "$gconfig{'os_type'}-lib.pl";
++       do "debian-linux-lib.pl";
+        }
+ 
+ # list_hosts()
diff --git a/meta-webserver/recipes-webadmin/webmin/files/nfs-export.patch b/meta-webserver/recipes-webadmin/webmin/files/nfs-export.patch
new file mode 100644
index 000000000..c17e3b216
--- /dev/null
+++ b/meta-webserver/recipes-webadmin/webmin/files/nfs-export.patch
@@ -0,0 +1,39 @@
+commit e48f61d2f6df32a518bcb84db8c6eacfe5435c32
+Author: Yu Ke <ke.yu@intel.com>
+Date:   Fri Oct 28 14:40:51 2011 +0800
+
+NFS export: fix syntax issue
+
+fix two syntax issue in /etc/exports:
+1. if it is exported to everyone, should use "*", e.g. "/export  *(xxx)"
+2. explicitly specify subtree_check or no_subtree_check, required by latest nfs-utils
+
+Upstream-Status: Pending
+
+Signed-off-by: Yu Ke <ke.yu@intel.com>
+
+diff --git a/exports/save_export.cgi b/exports/save_export.cgi
+index 3bc2f97..3e60298 100755
+--- a/exports/save_export.cgi
++++ b/exports/save_export.cgi
+@@ -40,7 +40,7 @@ else {
+                        &error(&text('save_enetmask', $in{'netmask'}));
+                $exp{'host'} = $in{'network'}."/".$in{'netmask'};
+                }
+-       elsif ($in{'mode'} == 3) { $exp{'host'} = ""; }
++       elsif ($in{'mode'} == 3) { $exp{'host'} = "*"; }
+        else {
+                $in{'host'} =~ /\*/ || &to_ipaddress($in{'host'}) ||
+                        &error(&text('save_ehost', $in{'host'}));
+@@ -70,6 +70,11 @@ else {
+ 
+        delete($opts{'no_subtree_check'}); delete($opts{'subtree_check'});
+        $opts{'no_subtree_check'} = "" if ($in{'no_subtree_check'});
++       if ($in{'no_subtree_check'}) {
++               $opts{'no_subtree_check'} = "";
++       } else {
++               $opts{'subtree_check'} = "";
++       }
+ 
+        delete($opts{'nohide'}); delete($opts{'hide'});
+        $opts{'nohide'} = "" if ($in{'nohide'});
diff --git a/meta-webserver/recipes-webadmin/webmin/files/proftpd-config-fix.patch b/meta-webserver/recipes-webadmin/webmin/files/proftpd-config-fix.patch
new file mode 100644
index 000000000..492a652d4
--- /dev/null
+++ b/meta-webserver/recipes-webadmin/webmin/files/proftpd-config-fix.patch
@@ -0,0 +1,18 @@
+Upstream-status: Inappropriate [configuration]
+
+Signed-off-by: Zhai Edwin <edwin.zhai@intel.com>
+
+Index: webmin-1.570/proftpd/config
+===================================================================
+--- webmin-1.570.orig/proftpd/config    2011-10-25 20:18:37.000000000 +0800
++++ webmin-1.570/proftpd/config 2011-10-25 20:21:13.000000000 +0800
+@@ -1,6 +1,6 @@
+-proftpd_path=/usr/local/sbin/proftpd
+-proftpd_conf=/usr/local/etc/proftpd.conf
+-pid_file=/usr/local/var/proftpd.pid
++proftpd_path=/usr/sbin/proftpd
++proftpd_conf=/etc/proftpd.conf
++pid_file=/var/proftpd.pid
+ ftpusers=/etc/ftpusers
+ test_config=1
+ test_always=0
diff --git a/meta-webserver/recipes-webadmin/webmin/files/remove-python2.3.patch b/meta-webserver/recipes-webadmin/webmin/files/remove-python2.3.patch
new file mode 100644
index 000000000..75e5bd1ea
--- /dev/null
+++ b/meta-webserver/recipes-webadmin/webmin/files/remove-python2.3.patch
@@ -0,0 +1,25 @@
+From 6f04699d5d417122b67e8118fd1955c769f17e76 Mon Sep 17 00:00:00 2001
+From: Robert Yang <liezhi.yang@windriver.com>
+Date: Tue, 2 Sep 2014 00:11:05 -0700
+Subject: [PATCH] ajaxterm/ajaxterm/qweb.py: fix hardcode of python2.3
+
+Upstream-Status: Pending
+
+Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
+---
+ ajaxterm/ajaxterm/qweb.py |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ajaxterm/ajaxterm/qweb.py b/ajaxterm/ajaxterm/qweb.py
+index 20c5092..c658a6b 100644
+--- a/ajaxterm/ajaxterm/qweb.py
++++ b/ajaxterm/ajaxterm/qweb.py
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python2.3
++#!/usr/bin/env python
+ #
+ # vim:set et ts=4 fdc=0 fdn=2 fdl=0:
+ #
+-- 
+1.7.9.5
+
diff --git a/meta-webserver/recipes-webadmin/webmin/files/remove-startup-option.patch b/meta-webserver/recipes-webadmin/webmin/files/remove-startup-option.patch
new file mode 100644
index 000000000..8493af852
--- /dev/null
+++ b/meta-webserver/recipes-webadmin/webmin/files/remove-startup-option.patch
@@ -0,0 +1,29 @@
+# Remove "start on boot" option from webmin configuration, as
+# end-users should not need to configure this from the web interface
+#
+# Upstream-status: Inappropriate
+#
+# Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+--- webmin-1.570.orig/webmin/index.cgi
++++ webmin-1.570/webmin/index.cgi
+@@ -79,20 +79,6 @@ print &ui_buttons_start();
+ my %miniserv;
+ &get_miniserv_config(\%miniserv);
+ 
+-if (&foreign_check("init")) {
+-       &foreign_require("init", "init-lib.pl");
+-       my $starting = &init::action_status("webmin");
+-       print &ui_buttons_row("bootup.cgi",
+-             $text{'index_boot'},
+-             $text{'index_bootmsg'}.
+-             ($miniserv{'inetd'} ? "<b>$text{'index_inetd'}</b>" :
+-              !$ENV{'MINISERV_CONFIG'} ? "<b>$text{'index_apache'}</b>" : ""),
+-             &ui_hidden("starting", $starting),
+-             &ui_radio("boot", $starting == 2 ? 1 : 0,
+-                       [ [ 1, $text{'yes'} ],
+-                         [ 0, $text{'no'} ] ]));
+-       }
+-
+ # Restart Webmin
+ if (!$miniserv{'inetd'} && $ENV{'MINISERV_CONFIG'}) {
+        print &ui_buttons_row("restart.cgi",
diff --git a/meta-webserver/recipes-webadmin/webmin/files/samba-config-fix.patch b/meta-webserver/recipes-webadmin/webmin/files/samba-config-fix.patch
new file mode 100644
index 000000000..46645ac30
--- /dev/null
+++ b/meta-webserver/recipes-webadmin/webmin/files/samba-config-fix.patch
@@ -0,0 +1,32 @@
+Upstream-status: Inappropriate [configuration]
+
+Signed-off-by: Zhai Edwin <edwin.zhai@intel.com>
+
+Index: webmin-1.570/samba/config-generic-linux
+===================================================================
+--- webmin-1.570.orig/samba/config-generic-linux        2011-10-25 20:11:35.000000000 +0800
++++ webmin-1.570/samba/config-generic-linux     2011-10-25 20:15:41.000000000 +0800
+@@ -1,15 +1,15 @@
+ list_printers_command=lpc status | grep "[A-z0-9]:" | sed -e 's/://g'
+-smb_passwd=/usr/local/samba/private/smbpasswd
++smb_passwd=/usr/bin/smbpasswd
+ text_lists=0
+ dont_convert=-499
+-name_server=/usr/local/samba/bin/nmbd
+-smb_conf=/usr/local/samba/lib/smb.conf
+-samba_server=/usr/local/samba/bin/smbd
++name_server=/usr/sbin/nmbd
++smb_conf=/etc/samba/smb.conf
++samba_server=/usr/sbin/smbd
+ run_from_inetd=0
+-samba_password_program=/usr/local/samba/bin/smbpasswd
+-samba_status_program=/usr/local/samba/bin/smbstatus
++samba_password_program=/usr/bin/smbpasswd
++samba_status_program=/usr/bin/smbstatus
+ swat_path=/usr/local/samba/bin/swat
+ sort_mode=0
+ smbgroupedit=/usr/local/samba/bin/smbgroupedit
+-pdbedit=/usr/local/samba/bin/pdbedit
+-net=/usr/local/samba/bin/net
++pdbedit=/usr/bin/pdbedit
++net=/usr/bin/net
diff --git a/meta-webserver/recipes-webadmin/webmin/files/setup.sh b/meta-webserver/recipes-webadmin/webmin/files/setup.sh
new file mode 100755
index 000000000..8d24f928f
--- /dev/null
+++ b/meta-webserver/recipes-webadmin/webmin/files/setup.sh
@@ -0,0 +1,340 @@
+#!/bin/sh
+# Modified version of setup.sh distributed with webmin
+
+if [ "$wadir" = "" ]; then
+        echo "ERROR: wadir not specified"
+        echo ""
+        exit 1
+fi
+
+config_dir_runtime=$config_dir
+config_dir=$prefix$config_dir
+
+wadir_runtime=$wadir
+wadir=$prefix$wadir
+
+ver=`cat "$wadir/version"`
+
+cd "$wadir"
+
+# Work out perl library path
+PERLLIB=$wadir
+
+# Validate source directory
+allmods=`cd "$wadir"; echo */module.info | sed -e 's/\/module.info//g'`
+if [ "$allmods" = "" ]; then
+        echo "ERROR: Failed to get module list"
+        echo ""
+        exit 1
+fi
+echo ""
+
+if [ "$login" = "webmin" ]; then
+        echo "ERROR: Username 'webmin' is reserved for internal use"
+        echo ""
+        exit 14
+fi
+
+# Create webserver config file
+echo $perl > $config_dir/perl-path
+echo $var_dir > $config_dir/var-path
+echo "Creating web server config files.."
+cfile=$config_dir/miniserv.conf
+echo "port=$port" >> $cfile
+echo "root=$wadir_runtime" >> $cfile
+echo "mimetypes=$wadir_runtime/mime.types" >> $cfile
+echo "addtype_cgi=internal/cgi" >> $cfile
+echo "realm=Webmin Server" >> $cfile
+echo "logfile=$var_dir/miniserv.log" >> $cfile
+echo "errorlog=$var_dir/miniserv.error" >> $cfile
+echo "pidfile=$var_dir/miniserv.pid" >> $cfile
+echo "logtime=168" >> $cfile
+echo "ppath=$ppath" >> $cfile
+echo "ssl=$ssl" >> $cfile
+echo "env_WEBMIN_CONFIG=$config_dir_runtime" >> $cfile
+echo "env_WEBMIN_VAR=$var_dir" >> $cfile
+echo "atboot=$atboot" >> $cfile
+echo "logout=$config_dir_runtime/logout-flag" >> $cfile
+if [ "$listen" != "" ]; then
+        echo "listen=$listen" >> $cfile
+else
+        echo "listen=10000" >> $cfile
+fi
+echo "denyfile=\\.pl\$" >> $cfile
+echo "log=1" >> $cfile
+echo "blockhost_failures=5" >> $cfile
+echo "blockhost_time=60" >> $cfile
+echo "syslog=1" >> $cfile
+if [ "$allow" != "" ]; then
+        echo "allow=$allow" >> $cfile
+fi
+if [ "$session" != "" ]; then
+        echo "session=$session" >> $cfile
+else
+        echo "session=1" >> $cfile
+fi
+if [ "$pam" != "" ]; then
+        echo "pam=$pam" >> $cfile
+fi
+if [ "$no_pam" != "" ]; then
+    echo "no_pam=$no_pam" >> $cfile
+fi
+echo premodules=WebminCore >> $cfile
+echo "server=MiniServ/$ver" >> $cfile
+
+md5pass=`$perl -e 'print crypt("test", "\\$1\\$A9wB3O18\\$zaZgqrEmb9VNltWTL454R/") eq "\\$1\\$A9wB3O18\\$zaZgqrEmb9VNltWTL454R/" ? "1\n" : "0\n"'`
+
+ufile=$config_dir/miniserv.users
+if [ "$crypt" != "" ]; then
+        echo "$login:$crypt:0" > $ufile
+else
+        if [ "$md5pass" = "1" ]; then
+                $perl -e 'print "$ARGV[0]:",crypt($ARGV[1], "\$1\$XXXXXXXX"),":0\n"' "$login" "$password" > $ufile
+        else
+                $perl -e 'print "$ARGV[0]:",crypt($ARGV[1], "XX"),":0\n"' "$login" "$password" > $ufile
+        fi
+fi
+chmod 600 $ufile
+echo "userfile=$config_dir_runtime/miniserv.users" >> $cfile
+
+kfile=$config_dir/miniserv.pem
+openssl version >/dev/null 2>&1
+if [ "$?" = "0" ]; then
+        # We can generate a new SSL key for this host
+        host=`hostname`
+        openssl req -newkey rsa:512 -x509 -nodes -out $tempdir/cert -keyout $tempdir/key -days 1825 >/dev/null 2>&1 <<EOF
+.
+.
+.
+Webmin Webserver on $host
+.
+*
+root@$host
+EOF
+        if [ "$?" = "0" ]; then
+                cat $tempdir/cert $tempdir/key >$kfile
+        fi
+        rm -f $tempdir/cert $tempdir/key
+fi
+if [ ! -r $kfile ]; then
+        # Fall back to the built-in key
+        cp "$wadir/miniserv.pem" $kfile
+fi
+chmod 600 $kfile
+echo "keyfile=$config_dir_runtime/miniserv.pem" >> $cfile
+
+chmod 600 $cfile
+echo "..done"
+echo ""
+
+echo "Creating access control file.."
+afile=$config_dir/webmin.acl
+rm -f $afile
+if [ "$defaultmods" = "" ]; then
+        echo "$login: $allmods" >> $afile
+else
+        echo "$login: $defaultmods" >> $afile
+fi
+chmod 600 $afile
+echo "..done"
+echo ""
+
+if [ "$login" != "root" -a "$login" != "admin" ]; then
+        # Allow use of RPC by this user
+        echo rpc=1 >>$config_dir/$login.acl
+fi
+
+if [ "$noperlpath" = "" ]; then
+        echo "Inserting path to perl into scripts.."
+        (find "$wadir" -name '*.cgi' -print ; find "$wadir" -name '*.pl' -print) | $perl "$wadir/perlpath.pl" $perl_runtime -
+        echo "..done"
+        echo ""
+fi
+
+echo "Creating start and stop scripts.."
+rm -f $config_dir/stop $config_dir/start $config_dir/restart $config_dir/reload
+echo "#!/bin/sh" >>$config_dir/start
+echo "echo Starting Webmin server in $wadir_runtime" >>$config_dir/start
+echo "trap '' 1" >>$config_dir/start
+echo "LANG=" >>$config_dir/start
+echo "export LANG" >>$config_dir/start
+echo "#PERLIO=:raw" >>$config_dir/start
+echo "unset PERLIO" >>$config_dir/start
+echo "export PERLIO" >>$config_dir/start
+echo "PERLLIB=$PERLLIB" >>$config_dir/start
+echo "export PERLLIB" >>$config_dir/start
+uname -a | grep -i 'HP/*UX' >/dev/null
+if [ $? = "0" ]; then
+        echo "exec '$wadir_runtime/miniserv.pl' $config_dir_runtime/miniserv.conf &" >>$config_dir/start
+else
+        echo "exec '$wadir_runtime/miniserv.pl' $config_dir_runtime/miniserv.conf" >>$config_dir/start
+fi
+
+echo "#!/bin/sh" >>$config_dir/stop
+echo "echo Stopping Webmin server in $wadir_runtime" >>$config_dir/stop
+echo "pidfile=\`grep \"^pidfile=\" $config_dir_runtime/miniserv.conf | sed -e 's/pidfile=//g'\`" >>$config_dir/stop
+echo "kill \`cat \$pidfile\`" >>$config_dir/stop
+
+echo "#!/bin/sh" >>$config_dir/restart
+echo "$config_dir_runtime/stop && $config_dir_runtime/start" >>$config_dir/restart
+
+echo "#!/bin/sh" >>$config_dir/reload
+echo "echo Reloading Webmin server in $wadir_runtime" >>$config_dir/reload
+echo "pidfile=\`grep \"^pidfile=\" $config_dir_runtime/miniserv.conf | sed -e 's/pidfile=//g'\`" >>$config_dir/reload
+echo "kill -USR1 \`cat \$pidfile\`" >>$config_dir/reload
+
+chmod 755 $config_dir/start $config_dir/stop $config_dir/restart $config_dir/reload
+echo "..done"
+echo ""
+
+if [ "$upgrading" = 1 ]; then
+        echo "Updating config files.."
+else
+        echo "Copying config files.."
+fi
+newmods=`$perl "$wadir/copyconfig.pl" "$os_type/$real_os_type" "$os_version/$real_os_version" "$wadir" $config_dir "" $allmods`
+# Store the OS and version
+echo "os_type=$os_type" >> $config_dir/config
+echo "os_version=$os_version" >> $config_dir/config
+echo "real_os_type=$real_os_type" >> $config_dir/config
+echo "real_os_version=$real_os_version" >> $config_dir/config
+if [ -r /etc/system.cnf ]; then
+        # Found a caldera system config file .. get the language
+        source /etc/system.cnf
+        if [ "$CONF_LST_LANG" = "us" ]; then
+                CONF_LST_LANG=en
+        elif [ "$CONF_LST_LANG" = "uk" ]; then
+                CONF_LST_LANG=en
+        fi
+        grep "lang=$CONF_LST_LANG," "$wadir/lang_list.txt" >/dev/null 2>&1
+        if [ "$?" = 0 ]; then
+                echo "lang=$CONF_LST_LANG" >> $config_dir/config
+        fi
+fi
+
+# Turn on logging by default
+echo "log=1" >> $config_dir/config
+
+# Use licence module specified by environment variable
+if [ "$licence_module" != "" ]; then
+        echo licence_module=$licence_module >>$config_dir/config
+fi
+
+# Disallow unknown referers by default
+echo "referers_none=1" >>$config_dir/config
+echo $ver > $config_dir/version
+echo "..done"
+echo ""
+
+# Set passwd_ fields in miniserv.conf from global config
+for field in passwd_file passwd_uindex passwd_pindex passwd_cindex passwd_mindex; do
+        grep $field= $config_dir/miniserv.conf >/dev/null
+        if [ "$?" != "0" ]; then
+                grep $field= $config_dir/config >> $config_dir/miniserv.conf
+        fi
+done
+grep passwd_mode= $config_dir/miniserv.conf >/dev/null
+if [ "$?" != "0" ]; then
+        echo passwd_mode=0 >> $config_dir/miniserv.conf
+fi
+
+# If Perl crypt supports MD5, then make it the default
+if [ "$md5pass" = "1" ]; then
+        echo md5pass=1 >> $config_dir/config
+fi
+
+# Set a special theme if none was set before
+if [ "$theme" = "" ]; then
+        theme=`cat "$wadir/defaulttheme" 2>/dev/null`
+fi
+oldthemeline=`grep "^theme=" $config_dir/config`
+oldtheme=`echo $oldthemeline | sed -e 's/theme=//g'`
+if [ "$theme" != "" ] && [ "$oldthemeline" = "" ] && [ -d "$wadir/$theme" ]; then
+        themelist=$theme
+fi
+
+# Set a special overlay if none was set before
+if [ "$overlay" = "" ]; then
+        overlay=`cat "$wadir/defaultoverlay" 2>/dev/null`
+fi
+if [ "$overlay" != "" ] && [ "$theme" != "" ] && [ -d "$wadir/$overlay" ]; then
+        themelist="$themelist $overlay"
+fi
+
+# Apply the theme and maybe overlay
+if [ "$themelist" != "" ]; then
+        echo "theme=$themelist" >> $config_dir/config
+        echo "preroot=$themelist" >> $config_dir/miniserv.conf
+fi
+
+# Set the product field in the global config
+grep product= $config_dir/config >/dev/null
+if [ "$?" != "0" ]; then
+        echo product=webmin >> $config_dir/config
+fi
+
+if [ "$makeboot" = "1" ]; then
+        echo "Configuring Webmin to start at boot time.."
+        (cd "$wadir/init" ; WEBMIN_CONFIG=$config_dir WEBMIN_VAR=$var_dir "$wadir/init/atboot.pl" $bootscript)
+        echo "..done"
+        echo ""
+fi
+
+# If password delays are not specifically disabled, enable them
+grep passdelay= $config_dir/miniserv.conf >/dev/null
+if [ "$?" != "0" ]; then
+        echo passdelay=1 >> $config_dir/miniserv.conf
+fi
+
+echo "Changing ownership and permissions .."
+# Make all config dirs non-world-readable
+for m in $newmods; do
+        chown -R root $config_dir/$m
+        chgrp -R bin $config_dir/$m
+        chmod -R og-rw $config_dir/$m
+done
+# Make miniserv config files non-world-readable
+for f in miniserv.conf miniserv.pem miniserv.users; do
+        chown -R root $config_dir/$f
+        chgrp -R bin $config_dir/$f
+        chmod -R og-rw $config_dir/$f
+done
+chmod +r $config_dir/version
+if [ "$nochown" = "" ]; then
+        # Make program directory non-world-writable, but executable
+        chown -R root "$wadir"
+        chgrp -R bin "$wadir"
+        chmod -R og-w "$wadir"
+        chmod -R a+rx "$wadir"
+fi
+if [ $var_dir != "/var" ]; then
+        # Make log directory non-world-readable or writable
+        chown -R root $prefix$var_dir
+        chgrp -R bin $prefix$var_dir
+        chmod -R og-rwx $prefix$var_dir
+fi
+# Fix up bad permissions from some older installs
+for m in ldap-client ldap-server ldap-useradmin mailboxes mysql postgresql servers virtual-server; do
+        if [ -d "$config_dir/$m" ]; then
+                chown root $config_dir/$m
+                chgrp bin $config_dir/$m
+                chmod og-rw $config_dir/$m
+                chmod og-rw $config_dir/$m/config 2>/dev/null
+        fi
+done
+
+if [ "$nopostinstall" = "" ]; then
+        echo "Running postinstall scripts .."
+        (cd "$wadir" ; WEBMIN_CONFIG=$config_dir WEBMIN_VAR=$var_dir "$wadir/run-postinstalls.pl")
+        echo "..done"
+        echo ""
+fi
+
+# Enable background collection
+if [ "$upgrading" != 1 -a -r $config_dir/system-status/enable-collection.pl ]; then
+        echo "Enabling background status collection .."
+        $config_dir/system-status/enable-collection.pl 5
+        echo "..done"
+        echo ""
+fi
+
diff --git a/meta-webserver/recipes-webadmin/webmin/webmin_1.700.bb b/meta-webserver/recipes-webadmin/webmin/webmin_1.700.bb
new file mode 100644
index 000000000..2a363cbcf
--- /dev/null
+++ b/meta-webserver/recipes-webadmin/webmin/webmin_1.700.bb
@@ -0,0 +1,150 @@
+SUMMARY = "Web-based administration interface"
+HOMEPAGE = "http://www.webmin.com"
+LICENSE = "BSD"
+LIC_FILES_CHKSUM = "file://LICENCE;md5=0373ac9f611e542ddebe1ec6394afc3c"
+
+SRC_URI = "${SOURCEFORGE_MIRROR}/webadmin/webmin-${PV}.tar.gz \
+           file://setup.sh \
+           file://init-exclude.patch \
+           file://net-generic.patch \
+           file://remove-startup-option.patch \
+           file://disable-version-check.patch \
+           file://nfs-export.patch \
+           file://exports-lib.pl.patch \
+           file://mount-excludefs.patch \
+           file://samba-config-fix.patch \
+           file://proftpd-config-fix.patch \
+           file://net-lib.pl.patch \
+           file://media-tomb.patch \
+           file://remove-python2.3.patch \
+            "
+
+SRC_URI[md5sum] = "e5261114a6a6ed10caf570d3239ed5b7"
+SRC_URI[sha256sum] = "1a6a8aa62c32c04932b902d17fc1864ee8f3fba03012bd25f709aa65e7e9b0f2"
+
+inherit perlnative update-rc.d
+
+do_configure() {
+    # Remove binaries and plugins for other platforms
+    rm -rf acl/Authen-SolarisRBAC-0.1*
+    rm -rf format bsdexports hpuxexports sgiexports
+    rm -rf zones rbac smf ipfw ipfilter dfsadmin
+    rm -f mount/freebsd-mounts* mount/netbsd-mounts*
+    rm -f mount/openbsd-mounts* mount/macos-mounts*
+
+    # Remove some plugins for the moment
+    rm -rf lilo frox wuftpd telnet pserver cpan shorewall webalizer cfengine fsdump pap
+    rm -rf majordomo fetchmail sendmail mailboxes procmail filter mailcap dovecot exim spam qmailadmin postfix
+    rm -rf stunnel squid sarg pptp-client pptp-server jabber openslp sentry cluster-* vgetty burner heartbeat
+
+    # Adjust configs
+    [ -f init/config-debian-linux ] && mv init/config-debian-linux init/config-generic-linux
+    sed -i "s/shutdown_command=.*/shutdown_command=poweroff/" init/config-generic-linux
+    echo "exclude=bootmisc.sh,single,halt,reboot,hostname.sh,modutils.sh,mountall.sh,mountnfs.sh,networking,populate-volatile.sh,rmnologin.sh,save-rtc.sh,umountfs,umountnfs.sh,hwclock.sh,checkroot.sh,banner.sh,udev,udev-cache,devpts.sh,psplash.sh,sendsigs,fbsetup,bootlogd,stop-bootlogd,sysfs.sh,syslog,syslog.busybox,urandom,webmin,functions.initscripts,read-only-rootfs-hook.sh" >> init/config-generic-linux
+    echo "excludefs=devpts,devtmpfs,usbdevfs,proc,tmpfs,sysfs,debugfs" >> mount/config-generic-linux
+
+    [ -f exports/config-debian-linux ] && mv exports/config-debian-linux exports/config-generic-linux
+    sed -i "s/killall -HUP rpc.nfsd && //" exports/config-generic-linux
+    sed -i "s/netstd_nfs/nfsserver/g" exports/config-generic-linux
+
+    # Fix insane naming that causes problems at packaging time (must be done before deleting below)
+    find . -name "*\**" | while read from
+    do
+        to=`echo "$from" | sed "s/*/ALL/"`
+        mv "$from" "$to"
+    done
+
+    # Remove some other files we don't need
+    find . -name "config-*" -a \! -name "config-generic-linux" -a \! -name "config-ALL-linux" -a \! -name "*.pl" -delete
+    find . -regextype posix-extended -regex ".*/(openserver|aix|osf1|osf|openbsd|netbsd|freebsd|unixware|solaris|macos|irix|hpux|cygwin|windows)-lib\.pl" -delete
+    rm -f webmin-gentoo-init webmin-caldera-init webmin-debian-pam webmin-pam
+
+    # Don't need these at runtime (and we have our own setup script)
+    rm -f setup.sh
+    rm -f setup.pl
+
+    # Use pidof for finding PIDs
+    sed -i "s/find_pid_command=.*/find_pid_command=pidof NAME/" config-generic-linux
+}
+
+WEBMIN_LOGIN ?= "admin"
+WEBMIN_PASSWORD ?= "password"
+
+do_install() {
+    install -d ${D}${sysconfdir}
+    install -d ${D}${sysconfdir}/webmin
+    install -d ${D}${sysconfdir}/init.d
+    install -m 0755 webmin-init ${D}${sysconfdir}/init.d/webmin
+
+    install -d ${D}${localstatedir}
+    install -d ${D}${localstatedir}/webmin
+
+    install -d ${D}${libexecdir}/webmin
+    cp -pPR ${S}/* ${D}${libexecdir}/webmin
+    rm -f ${D}${libexecdir}/webmin/webmin-init
+    rm -rf ${D}${libexecdir}/webmin/patches
+
+    # Run setup script
+    export perl=perl
+    export perl_runtime=${bindir}/perl
+    export prefix=${D}
+    export tempdir=${S}/install_tmp
+    export wadir=${libexecdir}/webmin
+    export config_dir=${sysconfdir}/webmin
+    export var_dir=${localstatedir}/webmin
+    export os_type=generic-linux
+    export os_version=0
+    export real_os_type="${DISTRO_NAME}"
+    export real_os_version="${DISTRO_VERSION}"
+    export port=10000
+    export login=${WEBMIN_LOGIN}
+    export password=${WEBMIN_PASSWORD}
+    export ssl=0
+    export atboot=1
+    export no_pam=1
+    mkdir -p $tempdir
+    ${S}/../setup.sh
+}
+
+INITSCRIPT_NAME = "webmin"
+INITSCRIPT_PARAMS = "start 99 5 3 2 . stop 10 0 1 6 ."
+
+# FIXME: some of this should be figured out automatically
+RDEPENDS_${PN} += "perl perl-module-socket perl-module-exporter perl-module-exporter-heavy perl-module-carp perl-module-strict"
+RDEPENDS_${PN} += "perl-module-warnings perl-module-xsloader perl-module-posix perl-module-autoloader"
+RDEPENDS_${PN} += "perl-module-fcntl perl-module-tie-hash perl-module-vars perl-module-time-local perl-module-config perl-module-constant"
+RDEPENDS_${PN} += "perl-module-file-glob perl-module-file-copy perl-module-sdbm perl-module-sdbm-file perl-module-feature"
+
+PACKAGES_DYNAMIC += "webmin-module-* webmin-theme-*"
+RRECOMMENDS_${PN} += "webmin-module-system-status"
+
+PACKAGES += "${PN}-module-proc ${PN}-module-raid ${PN}-module-exports ${PN}-module-fdisk ${PN}-module-lvm"
+RDEPENDS_${PN}-module-proc = "procps"
+RDEPENDS_${PN}-module-raid = "mdadm"
+RDEPENDS_${PN}-module-exports = "perl-module-file-basename perl-module-file-path perl-module-cwd perl-module-file-spec perl-module-file-spec-unix"
+RRECOMMENDS_${PN}-module-fdisk = "parted"
+RRECOMMENDS_${PN}-module-lvm = "lvm2"
+
+python populate_packages_prepend() {
+    import os, os.path
+
+    wadir = bb.data.expand('${libexecdir}/webmin', d)
+    wadir_image = bb.data.expand('${D}', d) + wadir
+    modules = []
+    themes = []
+    for mod in os.listdir(wadir_image):
+        modinfo = os.path.join(wadir_image, mod, "module.info")
+        themeinfo = os.path.join(wadir_image, mod, "theme.info")
+        if os.path.exists(modinfo):
+            modules.append(mod)
+        elif os.path.exists(themeinfo):
+            themes.append(mod)
+
+    do_split_packages(d, wadir, '^(%s)$' % "|".join(modules), 'webmin-module-%s', 'Webmin module for %s', allow_dirs=True, prepend=True)
+    do_split_packages(d, wadir, '^(%s)$' % "|".join(themes), 'webmin-theme-%s', 'Webmin theme for %s', allow_dirs=True, prepend=True)
+}
+
+# Time-savers
+package_do_pkgconfig() {
+    :
+}