summaryrefslogtreecommitdiffstats
path: root/meta-webserver
Commit message (Collapse)AuthorAgeFilesLines
* apache2: ignore disputed CVE CVE-2007-0086Peter Marko2025-01-161-0/+1
| | | | | | | | | | | | | | | | | | This CVE is officially disputed by Redhat with official statement in https://nvd.nist.gov/vuln/detail/CVE-2007-0086 Red Hat does not consider this issue to be a security vulnerability. The pottential attacker has to send acknowledgement packets periodically to make server generate traffic. Exactly the same effect could be achieved by simply downloading the file. The statement that setting the TCP window size to arbitrarily high value would permit the attacker to disconnect and stop sending ACKs is false, because Red Hat Enterprise Linux limits the size of the TCP send buffer to 4MB by default. Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit da2b5e8b93c248363581b1bd4ff67ff1d8357c41) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* monkey: ignore CVE-2013-1771Peter Marko2025-01-161-0/+1
| | | | | | | | | | This is gentoo specific CVE. NVD tracks this as version-less CVE. Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 36a7e409d8dcee804f911174291a0c72b8037934) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* apache2: remove old version references from CVEsPeter Marko2025-01-161-7/+7
| | | | | | | | | | These were not updated on recipe upgrade. To make maintenance easier, remove exact versions. Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 0e7733f1b8f51949ec91d82267d5d864ac0be16a) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* apache2: ignore CVE-1999-0678 and CVE-1999-1412Peter Marko2025-01-161-0/+2
| | | | | | | | | These CVEs are specific to Debian and MAC OS X respectively. Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 1b86a60f6283b08acadc50914075d93dd362700b) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nginx: Upgrade mainline release version 1.27.1 -> 1.27.3Derek Straka2025-01-161-2/+2
| | | | | | | | | License-Update: License file negative and empty space changes Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 1f4b413ebe623810007d430a73cc6f8a26c8f578) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* apache2: do not depend on zlib header and libs from hostValeria Petrov2024-11-191-1/+1
| | | | | | | | | | | | | | | | | | | This commit modifies the PACKAGECONFIG entry for zlib to ensure that the mod_deflate module is enabled with the appropriate zlib configuration. By adding the --with-zlib=${STAGING_LIBDIR}/../ option, we direct the configure script to use the zlib library from the staging directory instead of relying on the host system's zlib installation. Without that configure will search the host for zlib headers and lib. This change resolves build failures related to zlib dependency when mod_deflate is enabled and ensures a consistent build environment across different host configurations. Signed-off-by: Valeria Petrov <valeria.petrov@spinetix.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit ac5855c74d1cb2252efdb347969c450637f95c58) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-openemnedded: Add myself as styhead maintainerArmin Kuster2024-09-291-4/+7
| | | | | Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: Upgrade mainline 1.25.3 -> 1.27.1Peter Marko2024-09-172-10/+10
| | | | | | | | | | | | | | | | Solves: * CVE-2024-7347 * CVE-2024-24989 * CVE-2024-24990 * CVE-2024-31079 * CVE-2024-32760 * CVE-2024-34161 * CVE-2024-35200 License-Update: copyright year refreshed Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: Upgrade stable 1.26.0 -> 1.26.2Peter Marko2024-09-171-1/+1
| | | | | | | | | | | | Solves: * CVE-2024-7347 * CVE-2024-31079 * CVE-2024-32760 * CVE-2024-34161 * CVE-2024-35200 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* netdata: Add checks for 64-bit atomic builtinsKhem Raj2024-09-172-0/+52
| | | | | | This helps in passing correct flags to h2o module compilation Signed-off-by: Khem Raj <raj.khem@gmail.com>
* netdata: version bump 1.47.0 -> 1.47.1Jan Vermaete2024-09-141-1/+1
| | | | | Signed-off-by: Jan Vermaete <jan.vermaete@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* netdata: Upgrade to 1.47.0Khem Raj2024-09-092-9/+25
| | | | | | | Disable go plugins as we need some work to enable them. Convert to cmake build system Signed-off-by: Khem Raj <raj.khem@gmail.com>
* webmin: upgrade 2.111 -> 2.202J. S.2024-08-212-2/+2
| | | | | | | | | | | | | | | | commit f6d27810b4f48562a06ce5006b1559378f30c99c Author: Jason Schonberg <schonm@gmail.com> Date: Mon Aug 19 00:26:48 2024 -0400 Changelog: https://webmin.com/changelog/webmin-2.202-released/ Modified net-generic.patch to update a hardcoded version number to avoid patch fuzz. webmin: upgrade 2.111 -> 2.202 Signed-off-by: Jason Schonberg <schonm@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: upgrade 2.4.61 -> 2.4.62Wang Mingyu2024-08-094-19/+11
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: add PACKAGECONFIG knobs for fastcgi, scgi and uwsgiMaxin John2024-07-231-5/+19
| | | | | | | | fastcgi, scgi and uwsgi are enabled by default in nginx. Provide an option to disable these features (that reduces binary size by 8%). Signed-off-by: Maxin John <maxin.john@gehealthcare.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: use update-alternatives for httpdTrevor Woerner2024-07-181-0/+4
| | | | | | | | | | | | | | | | | Busybox can optionally provide an httpd server, but by default The Yocto Project defconfig for busybox does not enable it. If it is enabled, busybox puts the resulting /usr/sbin/httpd object under the control of update-alternatives. apache2, on the other hand, does not put /usr/sbin/httpd under the control of update-alternatives. Therefore, in the off chance a user enables the busybox httpd server, it does not play well with apache2. Add update-alternatives information to apache2 so that it plays nicely with busybox which can optionally provide an httpd server at /usr/sbin/httpd. Signed-off-by: Trevor Woerner <twoerner@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: Upgrade 2.4.60 -> 2.4.61Archana Polampalli2024-07-161-1/+1
| | | | | | | | | | | | Security fixes: CVE-2024-39884 Apache HTTP Server: source code disclosure with handlers configured via AddType Changelog: https://github.com/apache/httpd/blob/2.4.61/CHANGES https://httpd.apache.org/security/vulnerabilities_24.html Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* webmin: Upgrade to 2.111 releaseKhem Raj2024-07-147-106/+51
| | | | | | | | Drop remove-python2.3.patch since corresponding script is gone License-Update: Formatting changes Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2:apache2-native: sort CVE statusalba@thehoodiefirm.com2024-07-041-2/+2
| | | | | Signed-off-by: Alba Herrerías <alba@thehoodiefirm.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: Update CVE statusNinette Adhikari2024-07-031-0/+3
| | | | | | | | | Update CVE status for: CVE-1999-0289, CVE-2007-0450, CVE-2010-0425 The current version (2.4.6) is not affected. It only applies for Windows. Signed-off-by: Ninette Adhikari <ninette@thehoodiefirm.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* monkey: Update status for CVE-2013-2183Ninette Adhikari2024-07-031-0/+1
| | | | | | | Current version (1.6.9) is not affected. Issue was addressed in version 1.3.0 Signed-off-by: Ninette Adhikari <ninette@thehoodiefirm.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: Upgrade 2.4.59 -> 2.4.60Siddharth Doshi2024-07-021-1/+1
| | | | | | | | | | | | | | | | | | | CVE's Fixed by upgrade: CVE-2024-36387 apache2/httpd: DoS by null pointer in websocket over HTTP/2 CVE-2024-38472 apache2/httpd: UNC SSRF on WIndows CVE-2024-38473 apache2/httpd: Encoding problem in mod_proxy CVE-2024-38474 apache2/httpd: Substitution encoding issue in mod_rewrite CVE-2024-38475 apache2/httpd: Improper escaping of output in mod_rewrite CVE-2024-38476 apache2/httpd: Apache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirect CVE-2024-38477 apache2/httpd: null pointer dereference in mod_proxy CVE-2024-39573 apache2/httpd: Potential SSRF in mod_rewrite Other Changes between 2.4.59 -> 2.4.60 ====================================== https://github.com/apache/httpd/blob/2.4.60/CHANGES Signed-off-by: Siddharth Doshi <sdoshi@mvista.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2:apache2-native: CVE status updateNinette Adhikari2024-06-281-0/+5
| | | | | | | | | | Update status for: CVE-2007-6421, CVE-2007-6422, CVE-2007-6423, CVE-2008-2168 CPE is incorrect, the current version (2.4.59) is not affected. Signed-off-by: Ninette Adhikari <ninette@thehoodiefirm.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* layers: stop declaring compatibility with scarthgapDmitry Baryshkov2024-05-281-1/+1
| | | | | | | | | With the UNPACKDIR changes in place the layers are no longer compatible with the scarthgap release. Drop it from LAYERSERIES_COMPAT and limit compatibility to styhead only. Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: fix multilib file conflictsKai Kang2024-05-231-14/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are file conflicts of apache2 when multilib enabled: Error: Transaction test error: file /usr/share/apache2/build/config.nice conflicts between attempted installs of apache2-dev-2.4.58-r0.cortexa57 and lib32-apache2-dev-2.4.58-r0.armv7vet2hf_vfp file /usr/share/apache2/build/config_vars.mk conflicts between attempted installs of apache2-dev-2.4.58-r0.cortexa57 and lib32-apache2-dev-2.4.58-r0.armv7vet2hf_vfp Install the 'build' directory to ${libexecdir} by setting 'installbuilddir' to fix the conflicts. ${libexecdir} is not populated to sysroot by default, but command apxs requires these files, then add the dir to SYSROOT_DIRS to populate them. And inherit bbclasses multilib_script and multilib_header to fix follow-up conflicts: file /usr/bin/apxs conflicts between attempted installs of apache2-dev-2.4.58-r0.cortexa57 and lib32-apache2-dev-2.4.58-r0.armv7vet2hf_vfp file /usr/include/apache2/ap_config_layout.h conflicts between attempted installs of apache2-dev-2.4.58-r0.cortexa57 and lib32-apache2-dev-2.4.58-r0.armv7vet2hf_vfp Since multilib_script inherits update-alternatives, remove it from inherit line for beautification. Fix buildpaths warning as well: WARNING: lib32-apache2-2.4.58-r0 do_package_qa: QA Issue: File /usr/share/apache2/build/config.nice in package lib32-apache2-dev contains reference to TMPDIR [buildpaths] Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* recipes: Start WORKDIR -> UNPACKDIR transitionKhem Raj2024-05-2310-26/+26
| | | | | | | Replace references of WORKDIR with UNPACKDIR where it makes sense to do so in preparation for changing the default value of UNPACKDIR. Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: Upgrade stable 1.24.0 -> 1.26.0Peter Marko2024-04-303-86/+6
| | | | | | | | | | | | | nginx-1.26.0 stable version has been released, incorporating new features and bug fixes from the 1.25.x mainline branch - including experimental HTTP/3 support, HTTP/2 on a per-server basis virtual servers in the stream module, passing stream connections to listen sockets, and more. License-Update: copyright years refreshed Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* sthttpd: Update status for CVE-2017-10671Ninette Adhikari2024-04-291-0/+2
| | | | | | | | Current version 2.27.1 is not affected by the issue. Affected versions: Up to (excl.) 2.27.1 Signed-off-by: Ninette Adhikari <ninette@thehoodiefirm.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* reproducibility: move repro excludes from AB config.json to meta-oeYoann Congal2024-04-291-0/+7
| | | | | | | | | | | | | | For now, the known non-reproducible packages list is stored inside the autobuilder config.json file. This is not ideal. Let's move this list into each layers of meta-openembedded. These lists can be used with, in local.conf: include conf/include/non-repro-meta-oe.inc OEQA_REPRODUCIBLE_EXCLUDED_PACKAGES = "${KNOWN_NON_REPRO_META_OE}" Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Acked-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* layers: Add styhead to compatible release seriesKhem Raj2024-04-281-1/+1
| | | | | | styhead is codename for upcoming 5.1 release Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: Upgrade v2.4.58 -> v2.4.59Soumya Sambu2024-04-193-14/+15
| | | | | | | | | | | | | | | This upgrade incorporates the fixes for CVE-2024-27316, CVE-2024-24795,CVE-2023-38709 and other bugfixes. Adjusted 0004-apache2-log-the-SELinux-context-at-startup.patch and 0007-apache2-allow-to-disable-selinux-support.patch to align with upgraded version. Changelog: https://downloads.apache.org/httpd/CHANGES_2.4.59 Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: Disable login for www userMaxim Perevozchikov2024-04-111-0/+1
| | | | | Signed-off-by: Maxim Perevozchikov <m.perevozchikov@yadro.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* gnome-user-share: add recipeMarkus Volk2024-03-281-0/+20
| | | | | | | | | | | | | | | | - add it as runtime dependency to gnome-control-center because without it, the file sharing options are hidden. - configure the paths to fit to openembedded env - add mod_dnssd runtime dependency for apache2 as this is a requirement To enable the feature, PACKAGECONFIG httpd needs to be added. This is not done by default to avoid apache2 runtime dependency just by including this recipe. NOTE: Apache2 httpd doesn't need to be running. It'll get started and stopped on demand by systemd. Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: preset mpm=prefork by defaultMarkus Volk2024-03-281-0/+1
| | | | | | | currently this is chosen depending on machine at do_configure Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* layer.conf: Prepare for release, drop nanbield LAYERSERIESKhem Raj2024-03-171-1/+1
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* layer.conf: Update for the scarthgap release seriesKhem Raj2024-03-161-1/+1
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* netdata: version bump 1.43.2 -> 1.44.3Jan Vermaete2024-02-211-8/+6
| | | | | | | | | | * fixed a few minor oelint-adv warnings in the recipe * placed all SRC_URI lines in one block Tested on Raspberry PI 4 Signed-off-by: Jan Vermaete <jan.vermaete@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* recipes: drop ${SRCPV} usageMartin Jansa2024-02-092-2/+2
| | | | | | | | | | * Drop SRCPV similarly like oe-core did in: https://git.openembedded.org/openembedded-core/commit/?h=nanbield&id=843f82a246a535c353e08072f252d1dc78217872 * SRCPV is deferred now from PV to PKGV since: https://git.openembedded.org/openembedded-core/commit/?h=nanbield&id=a8e7b0f932b9ea69b3a218fca18041676c65aba0 Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
* nginx: add http sub module featureMichael Haener2024-01-191-0/+1
| | | | | | | | | Providing the http sub module feature. The module works as a filter which replaces a specific character string in a response with another character string. Signed-off-by: Michael Haener <michael.haener@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: fix CVE-2023-44487alperak2024-01-112-0/+80
| | | | | | | | | | | Upstream-Status: Backport from [https://github.com/nginx/nginx/commit/6ceef192e7af1c507826ac38a2d43f08bf265fb9] WARNING: nginx-1.24.0-r0 do_cve_check: Found unpatched CVE (CVE-2023-44487) This vulnerability exists between the following versions -> From(including) 1.9.5 Up to(including) 1.25.2 Signed-off-by: alperak <alperyasinak1@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* cockpit: add setuptools dependency to bring in distutils copyAlexander Kanavin2023-12-311-1/+1
| | | | | Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* netdata: added Python as rdependsJan Vermaete2023-12-221-1/+1
| | | | | | | Netdata has plugins. Some of the written in Python. Signed-off-by: Jan Vermaete <jan.vermaete@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: update versions for both the stable branch and mainlineDerek Straka2023-12-143-10/+10
| | | | | | | | Stable: None -> 1.24.0 Legacy Mainline 1.21.1 -> Removed Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: upgrade 1.25.2 -> 1.25.3Meenali Gupta2023-12-141-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | Changelog: =========== https://nginx.org/en/CHANGES *) Change: improved detection of misbehaving clients when using HTTP/2. *) Feature: startup speedup when using a large number of locations. Thanks to Yusuke Nojima. *) Bugfix: a segmentation fault might occur in a worker process when using HTTP/2 without SSL; the bug had appeared in 1.25.1. *) Bugfix: the "Status" backend response header line with an empty reason phrase was handled incorrectly. *) Bugfix: memory leak during reconfiguration when using the PCRE2 library. Thanks to ZhenZhong Wu. *) Bugfixes and improvements in HTTP/3. Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: v2.4.57 to v2.4.58 to fix CVE-2023-43622Dylan Turner2023-11-272-33/+1
| | | | | | | | | | Note that patch 0011-modules... is no longer needed as it's included in the upgrade as well. CVE: CVE-2023-43622 Signed-off-by: Dylan Turner <dylan.turner@ni.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* README.md: was a Markdown paragraph and should be a listJan Vermaete2023-11-171-4/+4
| | | | | | | | The Markdown was, at least at github.com, displayed as a paragraph. And it reads beter as a list. Signed-off-by: Jan Vermaete <jan.vermaete@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* netdata: version bump 1.43.0 -> 1.43.2Jan Vermaete2023-11-171-2/+3
| | | | | | | | | And fixed the upstream check for new versions. Changelog: https://github.com/netdata/netdata/blob/master/CHANGELOG.md Signed-off-by: Jan Vermaete <jan.vermaete@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* netdata: chown in systemd service with ':' iso '.'Jan Vermaete2023-11-171-1/+1
| | | | | | | There was a warning in the systemd journaling about it. Signed-off-by: Jan Vermaete <jan.vermaete@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* static-id: add missing netdata groupYoann Congal2023-11-152-1/+2
| | | | | | | | The netdata recipe does want to create a netdata group. So add it to the static id for the reproducibility tests. Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* xdebug: upgrade 3.2.0 -> 3.2.2alperak2023-11-111-1/+1
| | | | | | | | | | | | | | | | | | Changelog: [2023-07-14] — Xdebug 3.2.2 -Fixed bug #2175: Crash with EXC_BAD_ACCESS in xdebug_str_create -Fixed bug #2180: Crash on extended SplFixedArray -Fixed bug #2182: Segfault with ArrayObject on stack -Fixed bug #2186: Segfault with trampoline functions and debugger activation [2023-03-21] — Xdebug 3.2.1 -Fixed bug #2144: Xdebug 3.2.0 ignores xdebug.mode and enables all features -Fixed bug #2145: Xdebug 3.2.0 crash PHP on Windows if xdebug.mode = off -Fixed bug #2146: apache2 segfaulting with version 3.2.0 on PHP 8.0 -Fixed bug #2148: Icon for link to docs in xdebug_info() HTML output does not always render correctly Signed-off-by: alperak <alperyasinak1@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-05-04 23:32:55 +0000