summaryrefslogtreecommitdiffstats
path: root/meta-webserver
Commit message (Collapse)AuthorAgeFilesLines
* nginx: use ln -rsRoss Burton2021-11-111-1/+1
| | | | | | | lnr is deprecated, use ln -rs directly instead. Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* hiawatha: Create /var/log /var/run at runtimeKhem Raj2021-11-041-1/+18
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* monkey: Keep /var/volatile emptyKhem Raj2021-11-041-6/+13
| | | | | | | | /var/volatile is populated at runtime as it can be mounted from a different partition, therefore its better to keep it empty and only populate it during runtime. Signed-off-by: Khem Raj <raj.khem@gmail.com>
* recipes: Update SRC_URI branch and protocolsRichard Purdie2021-11-034-4/+4
| | | | | | | | | This patch updates SRC_URIs using git to include branch=master if no branch is set and also to use protocol=https for github urls as generated by the conversion script in OE-Core. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* netdata: Using the github.com release + upstream_check.Jan Vermaete2021-11-011-3/+5
| | | | | | | | | | | | * Moved to the release archives instead of git. * Added the UPSTREAM_CHECK_URI. Note that the latest version of netdata is 1.31.0. But this one doesn't compile on Linux in cross compilation. The next version should have the fix. Signed-off-by: Jan Vermaete <jan.vermaete@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Apache: Several CVE fixesArmin Kuster2021-10-221-1/+1
| | | | | | | | | | | | | | | | | | | | Source: Apache.org MR: 113457, 113453 Type: Security Fix Disposition: Backport from apache.org 2.4.51 ChangeID: 9d7b58f49487baff99bf8f101e53217425a2b81f Description: Bug fix only update. LTS version https://httpd.apache.org/security/vulnerabilities_24.html Fixes CVEs: CVE-2021-42013 CVE-2021-41524 CVE-2021-41773 Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* xdebug: upgrade 2.9.5 -> 3.1.1wangmy2021-10-191-2/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* phpmyadmin: upgrade 5.1.0 -> 5.1.1Yi Zhao2021-09-291-2/+2
| | | | | | | | Release note: https://www.phpmyadmin.net/files/5.1.1/ Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* README: update to main repoArmin Kuster2021-09-271-4/+2
| | | | | | | | | | | | The main repo is sourced from git://git.openembedded.org not github. Don't think oe-core.git exists. Lets be constent across all sub layers. Drop Revisions and Prioriiy from repo references as they are not used. Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* netdata: Move the version to the file name and correct the SRC_URIPeter Kjellerstedt2021-09-271-4/+3
| | | | | | | | The HOMEPAGE was updated in commit 371adeaa (netdata: Fixed the recipe), but not the SRC_URI. Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* netdata: Fixed the recipe.jan2021-09-242-10/+21
| | | | | | | | | | | | | | | | | | | The netdata website was not accessable due to some (changed) permissions. The systemd service file will start netdata deamon with the netdata user. The netdata group as existing, but the netdata user was missing. I moved some directory creations from systemd to the bitbake recipe. The project website address changed too. Removed the creation of the pid file in the service of systemd. Netdata itself has an option to create the pid file. Because it's an options, it's probably also not needed in systemd. Tested with meta-raspberrypi on rpi4-32. Signed-off-by: Jan Vermaete <jan.vermaete@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: upgrade 2.4.48 -> 2.4.49wangmy2021-09-241-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changes with Apache 2.4.49 *) SECURITY: CVE-2021-40438 (cve.mitre.org) mod_proxy: Server Side Request Forgery (SSRF) vulnerabilty [Yann Ylavic] *) SECURITY: CVE-2021-39275 (cve.mitre.org) core: ap_escape_quotes buffer overflow *) SECURITY: CVE-2021-36160 (cve.mitre.org) mod_proxy_uwsgi: Out of bound read vulnerability [Yann Ylavic] *) SECURITY: CVE-2021-34798 (cve.mitre.org) core: null pointer dereference on malformed request *) SECURITY: CVE-2021-33193 (cve.mitre.org) mod_http2: Request splitting vulnerability with mod_proxy [Stefan Eissing] *) core/mod_proxy/mod_ssl: Adding `outgoing` flag to conn_rec, indicating a connection is initiated by the server to somewhere, in contrast to incoming connections from clients. Adding 'ap_ssl_bind_outgoing()` function that marks a connection as outgoing and is used by mod_proxy instead of the previous optional function `ssl_engine_set`. This enables other SSL module to secure proxy connections. The optional functions `ssl_engine_set`, `ssl_engine_disable` and `ssl_proxy_enable` are now provided by the core to have backward compatibility with non-httpd modules that might use them. mod_ssl itself no longer registers these functions, but keeps them in its header for backward compatibility. The core provided optional function wrap any registered function like it was done for `ssl_is_ssl`. [Stefan Eissing] *) mod_ssl: Support logging private key material for use with wireshark via log file given by SSLKEYLOGFILE environment variable. Requires OpenSSL 1.1.1. PR 63391. [Joe Orton] *) mod_proxy: Do not canonicalize the proxied URL when both "nocanon" and "ProxyPassInterpolateEnv On" are configured. PR 65549. [Joel Self <joelself gmail.com>] *) mpm_event: Fix children processes possibly not stopped on graceful restart. PR 63169. [Joel Self <joelself gmail.com>] *) mod_proxy: Fix a potential infinite loop when tunneling Upgrade(d) protocols from mod_proxy_http, and a timeout triggering falsely when using mod_proxy_wstunnel, mod_proxy_connect or mod_proxy_http with upgrade= setting. PRs 65521 and 65519. [Yann Ylavic] *) mod_unique_id: Reduce the time window where duplicates may be generated PR 65159 [Christophe Jaillet] *) mpm_prefork: Block signals for child_init hooks to prevent potential threads created from there to catch MPM's signals. [Ruediger Pluem, Yann Ylavic] *) Revert "mod_unique_id: Fix potential duplicated ID generation under heavy load. PR 65159" added in 2.4.47. This causes issue on Windows. [Christophe Jaillet] *) mod_proxy_uwsgi: Fix PATH_INFO setting for generic worker. [Yann Ylavic] *) mod_md: Certificate/keys pairs are verified as matching before a renewal is accepted as successful or a staged renewal is replacing the existing certificates. This avoid potential mess ups in the md store file system to render the active certificates non-working. [@mkauf] *) mod_proxy: Faster unix socket path parsing in the "proxy:" URL. [Yann Ylavic] *) mod_ssl: tighten the handling of ALPN for outgoing (proxy) connections. If ALPN protocols are provided and sent to the remote server, the received protocol selected is inspected and checked for a match. Without match, the peer handshake fails. An exception is the proposal of "http/1.1" where it is accepted if the remote server did not answer ALPN with a selected protocol. This accomodates for hosts that do not observe/support ALPN and speak http/1.x be default. *) mod_proxy: Fix possible reuse/merging of Proxy(Pass)Match worker instances with others when their URLs contain a '$' substitution. PR 65419 + 65429. [Yann Ylavic] *) mod_dav: Add method_precondition hook. WebDAV extensions define conditions that must exist before a WebDAV method can be executed. This hook allows a WebDAV extension to verify these preconditions. [Graham Leggett] *) Add hooks deliver_report and gather_reports to mod_dav.h. Allows other modules apart from versioning implementations to handle the REPORT method. [Graham Leggett] *) Add dav_get_provider(), dav_open_lockdb(), dav_close_lockdb() and dav_get_resource() to mod_dav.h. [Graham Leggett] *) core: fix ap_escape_quotes substitution logic. [Eric Covener] *) Easy patches: synch 2.4.x and trunk - mod_auth_basic: Use ap_cstr_casecmp instead of strcasecmp. - mod_ldap: log and abort locking errors. - mod_ldap: style fix for r1831165 - mod_ldap: build break fix for r1831165 - mod_deflate: Avoid hard-coded "%ld" format strings in mod_deflate's logging statements - mod_deflate: Use apr_uint64_t instead of uint64_t (follow up to r1849590) - mod_forensic: Follow up to r1856490: missing one mod_log_forensic test_char_table case. - mod_rewrite: Save a few cycles. - mod_request: Fix a comment (missing '_' in 'keep_body') and some style issues - core: remove extra whitespace in HTTP_NOT_IMPLEMENTED [Christophe Jaillet] *) core/mpm: add hook 'child_stopping` that gets called when the MPM is stopping a child process. The additional `graceful` parameter allows registered hooks to free resources early during a graceful shutdown. [Yann Ylavic, Stefan Eissing] *) mod_proxy: Fix icomplete initialization of BalancerMember(s) from the balancer-manager, which can lead to a crash. [Yann Ylavic] *) mpm_event: Fix graceful stop/restart of children processes if connections are in lingering close for too long. [Yann Ylavic] *) mod_md: fixed a potential null pointer dereference if ACME/OCSP server returned 2xx responses without content type. Reported by chuangwen. [chuangwen, Stefan Eissing] *) mod_md: - Domain names in `<MDomain ...>` can now appear in quoted form. - Fixed a failure in ACME challenge selection that aborted further searches when the tls-alpn-01 method did not seem to be suitable. - Changed the tls-alpn-01 setup to only become unsuitable when none of the dns names showed support for a configured 'Protocols ... acme-tls/1'. This allows use of tls-alpn-01 for dns names that are not mapped to a VirtualHost. [Stefan Eissing] *) Add CPING to health check logic. [Jean-Frederic Clere] *) core: Split ap_create_request() from ap_read_request(). [Graham Leggett] *) core, h2: common ap_parse_request_line() and ap_check_request_header() code. [Yann Ylavic] *) core: Add StrictHostCheck to allow unconfigured hostnames to be rejected. [Eric Covener] *) htcacheclean: Improve help messages. [Christophe Jaillet] Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: Fix off_t size passed in configureNathan Rossi2021-08-311-1/+1
| | | | | | | | | | | For linux, nginx will always compile with '-D_FILE_OFFSET_BITS=64'. This means that off_t will always be 8 bytes long, even on 32-bit targets. This configuration change resolves some issues with nginx and handling range headers. Signed-off-by: Nathan Rossi <nathan@nathanrossi.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: fix CVE-2021-3618Joe Slater2021-08-202-0/+109
| | | | | | | | | | | Backport with no change a patch from version 1.21.0. This patch was not cherry-picked by nginx to version 1.20.1. Information about this CVE comes from https://ubuntu.com/security/CVE-2021-3618. Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* emacs,libgpiod,cockpit: Fix override syntax in using FILES_${PN}Khem Raj2021-08-061-1/+1
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* layer.conf: Update to honisterMartin Jansa2021-08-031-1/+1
| | | | | | | This marks the layers as compatible with honister now they use the new override syntax. Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* Convert to new override syntaxMartin Jansa2021-08-0313-120/+120
| | | | | | | | | | This is the result of automated script (0.9.1) conversion: oe-core/scripts/contrib/convert-overrides.py . converting the metadata to use ":" as the override character instead of "_". Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* apache2: upgrade 2.4.46 -> 2.4.48Changqing Li2021-08-031-2/+2
| | | | | Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: upgrade 1.19.6 -> 1.21.1Salman Ahmed2021-07-302-10/+10
| | | | | Signed-off-by: Salman Ahmed <salman.ahmed@weidmueller.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: upgrade 1.18.0 -> 1.20.1Salman Ahmed2021-07-302-6/+7
| | | | | Signed-off-by: Salman Ahmed <salman.ahmed@weidmueller.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* hiawatha: fix url.Armin Kuster2021-07-271-1/+1
| | | | | | | files moved under a new dir structure. Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* packagegroup-meta-webserver: remove nostromo from pkg grpArmin Kuster2021-04-291-1/+0
| | | | | Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nostromo: remove recipeArmin Kuster2021-04-296-301/+0
| | | | | | | | Hosting site seems to be dead so remove recipe. http://www.nazgul.ch Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: Deal with -ffile-prefix-mapKhem Raj2021-04-291-2/+2
| | | | | | | Filter out -ffile-prefix-map as well along with other -f*-prefix-map options Signed-off-by: Khem Raj <raj.khem@gmail.com>
* hiawatha: upgrade 10.11 -> 10.12zhengruoqin2021-04-271-2/+2
| | | | | Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* layers: Drop gatesgarth from LAYERSERIES_COMPATKhem Raj2021-03-191-1/+1
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* phpmyadmin: upgrade 5.0.4 -> 5.1.0zhengruoqin2021-03-081-3/+3
| | | | | | | | | | The following changes have taken place in copyright: -Copyright 2013 jQuery Foundation and other contributors -http://jquery.com/ +Copyright JS Foundation and other contributors, https://js.foundation/ Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* phpmyadmin: 5.0.2 -> 5.0.4Yi Zhao2021-01-051-2/+2
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: upgrade 1.17.8 -> 1.19.6changqing.li@windriver.com2020-12-302-10/+10
| | | | | Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: upgrade 1.16.1 -> 1.18.0changqing.li@windriver.com2020-12-302-6/+6
| | | | | Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* fcgiwrap: add recipeSenthil Selvaganesan2020-12-033-0/+338
| | | | | | | | | | fcgiwrap is a simple server for running CGI applications over FastCGI. It hopes to provide clean CGI support to Nginx and other web servers that may need it. Homepage: https://github.com/gnosek/fcgiwrap. Signed-off-by: Senthil Selvaganesan <SenthilKumaran.Selvaganesan@garmin.com> Signed-off-by: Joshua Watt <Joshua.Watt@garmin.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* layer.conf: Add hardknott to LAYERSERIES_COMPATKhem Raj2020-11-041-1/+1
| | | | | | Thats codename for 3.3 Signed-off-by: Khem Raj <raj.khem@gmail.com>
* meta-openembedded: Add gatesgarth to LAYERSERIES_COMPATKhem Raj2020-10-151-1/+1
| | | | | | Remove older releases from COMPAT Signed-off-by: Khem Raj <raj.khem@gmail.com>
* monkey: Correct the install path in init servicesKhem Raj2020-08-312-2/+2
| | | | | | Its not in bindir but in sbindir Signed-off-by: Khem Raj <raj.khem@gmail.com>
* monkey: Remove /var/runKhem Raj2020-08-311-0/+1
| | | | | | | This is empty and its a runtime directory which is created by base-files already Signed-off-by: Khem Raj <raj.khem@gmail.com>
* packagegroup-meta-webserver: Update to include new recipesKhem Raj2020-08-311-9/+20
| | | | | | Re-organise to have one entry per line Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: upgrade v2.4.43 -> v2.4.46Sakib Sajal2020-08-261-2/+2
| | | | | | | | | | Minor upgrade inluding bug and CVE fixes, namely: - CVE-2020-9490 - CVE-2020-11984 - CVE-2020-11993 Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* monkey: Upgrade to 1.6.9Khem Raj2020-08-131-33/+34
| | | | | | | Switch to using cmake Use CMake option to select musl support Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nostromo: upgrade 1.9.7 -> 1.9.9Zang Ruochen2020-07-281-2/+2
| | | | | Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* hiawatha: upgrade 10.10 -> 10.11Zang Ruochen2020-07-281-2/+2
| | | | | Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache-websocket: upgrade 0.1.1 -> 0.1.2Zang Ruochen2020-07-281-2/+2
| | | | | Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* netdata: upgrade 1.17.0 -> 1.22.1Andreas Müller2020-06-193-77/+4
| | | | | | | | * 0001-Correct-timeout-issue.patch: timeout is build by coreutils * 0002-Makefiles-does-not-build-contrib-dir.patch: Upstream added identical Signed-off-by: Andreas Müller <schnitzeltony@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* spawn-fcgi: fix typo in SUMMARYKonrad Weihmann2020-05-311-1/+1
| | | | | Signed-off-by: Konrad Weihmann <kweihmann@outlook.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* cockpit: 219 -> 220Michael Haener2020-05-301-2/+7
| | | | | Signed-off-by: Michael Haener <michael.haener@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: create log/run directory via pkg_postinstYi Zhao2020-05-215-9/+23
| | | | | | | | | The commit e789c3837ca8d65abb4bac29dc2e5c595c8ce05b tries to create log/run directory in initscript/systemd unit file. This is not a correct method. We should create them in pkg_postinst. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* cockpit: rt-deps for storagedMichael Haener2020-05-211-1/+8
| | | | | | | No general depdependency on udisks2 (polkit) Signed-off-by: Michael Haener <michael.haener@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* cockpit: upgrade 218 -> 219Michael Haener2020-05-142-33/+2
| | | | | Signed-off-by: Michael Haener <michael.haener@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: fix service start failChangqing Li2020-05-145-13/+9
| | | | | | | | | | | | | | | | | | | | reproduce steps: 1. boot up target 2. scp apache2-2.4.41-r0.1.aarch64.rpm on target 3. rpm -i apache2-2.4.41-r0.1.aarch64.rpm 4. systemctl status apache2 Error: httpd[7767]: (2)No such file or directory: AH02291: Cannot access directory '/var/log/apache2/' for main error log with the old way, /var/log/apache2/ is created by service systemd-tmpfiles-setup during boot, so only works when apache2 already installed before boot, in above scenario, /var/log/apache2/ will not created. fix by creating it in the service file. similar fix for sysV system Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Cockpit: Added missing dependency on udisks2 for package cockpit-storagedJorge Solla2020-05-111-0/+2
| | | | | | | Cockpit uses udisks2 in order to manage storage on the host, without it cockpit will just display an error when the storage tab is selected. Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: remove /var/log/nginx when do_installYi Zhao2020-05-061-1/+3
| | | | | | | | Remove directory /var/log/nginx when do_install because it is created by volatiles file. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-11-17 09:43:28 +0000