summaryrefslogtreecommitdiffstats
path: root/meta-webserver
Commit message (Collapse)AuthorAgeFilesLines
* monkey: Remove buildpaths from generated mk_env.hKhem Raj2023-05-281-0/+4
| | | | | | | | | | | It has paths to compiler and assembler which are technically cross compilers in OE. We do have these names symlinked on target too but paths needs to be removed. Fixes WARNING: monkey-1.6.9-r0 do_package_qa: QA Issue: File /usr/include/monkey/mk_env.h in package monkey-dev contains reference to TMPDIR [buildpaths] Signed-off-by: Khem Raj <raj.khem@gmail.com>
* monkey: remove unused patch fileMartin Jansa2023-05-241-30/+0
| | | | | | | * it was removed from SRC_URI in: https://git.openembedded.org/meta-openembedded/commit/?id=45b327ba1620febf3dd8a8b415d601c9c9e78bc5 Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: upgrade 2.4.56 -> 2.4.57Valeria Petrov2023-04-252-1/+33
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changelog: Changes with Apache 2.4.57 *) mod_proxy: Check before forwarding that a nocanon path has not been rewritten with spaces during processing. [Yann Ylavic] *) mod_proxy: In case that AllowEncodedSlashes is set to NoDecode do not double encode encoded slashes in the URL sent by the reverse proxy to the backend. [Ruediger Pluem] *) mod_http2: fixed a crash during connection termination. See PR 66539. [Stefan Eissing] *) mod_rewrite: Fix a 2.4.56 regression for substitutions ending in a question mark. PR66547. [Eric Covener] *) mod_rewrite: Add "BCTLS" and "BNE" RewriteRule flags. Re-allow encoded characters on redirections without the "NE" flag. [Yann Ylavic, Eric Covener] *) mod_proxy: Fix double encoding of the uri-path of the request forwarded to the origin server, when using mapping=encoded|servlet. [Yann Ylavic] *) mod_mime: Do not match the extention against possible query string parameters in case ProxyPass was used with the nocanon option. [Ruediger Pluem] New patch: 0011-modules-mappers-config9.m4-Add-server-directory-to-i.patch Accepted in upstream, expected to be removed at next apache2 2.4.58 update. Signed-off-by: Khem Raj <raj.khem@gmail.com>
* cockpit: upgrade 276 -> 289Petr Gotthard2023-04-144-118/+12
| | | | | | | | | | | | | | | | | | | | Changes are described for each release in the blog: https://cockpit-project.org/blog/cockpit-277.html https://cockpit-project.org/blog/cockpit-278.html https://cockpit-project.org/blog/cockpit-279.html https://cockpit-project.org/blog/cockpit-280.html https://cockpit-project.org/blog/cockpit-281.html https://cockpit-project.org/blog/cockpit-282.html https://cockpit-project.org/blog/cockpit-283.html https://cockpit-project.org/blog/cockpit-284.html https://cockpit-project.org/blog/cockpit-285.html https://cockpit-project.org/blog/cockpit-286.html https://cockpit-project.org/blog/cockpit-287.html https://cockpit-project.org/blog/cockpit-288.html https://cockpit-project.org/blog/cockpit-289.html Signed-off-by: Petr Gotthard <petr.gotthard@advantech.cz> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* monkey,webmin: Fix upstream patch statusKhem Raj2023-04-072-2/+2
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* meta-webserver: Fix missing upstream status on patchesKhem Raj2023-04-059-19/+30
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: upgrade 1.23.3 -> 1.23.4Wang Mingyu2023-04-041-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changelog: =========== *) Change: now TLSv1.3 protocol is enabled by default. *) Change: now nginx issues a warning if protocol parameters of a listening socket are redefined. *) Change: now nginx closes connections with lingering if pipelining was used by the client. *) Feature: byte ranges support in the ngx_http_gzip_static_module. *) Bugfix: port ranges in the "listen" directive did not work; the bug had appeared in 1.23.3. *) Bugfix: incorrect location might be chosen to process a request if a prefix location longer than 255 characters was used in the configuration. *) Bugfix: non-ASCII characters in file names on Windows were not supported by the ngx_http_autoindex_module, the ngx_http_dav_module, and the "include" directive. *) Change: the logging level of the "data length too long", "length too short", "bad legacy version", "no shared signature algorithms", "bad digest length", "missing sigalgs extension", "encrypted length too long", "bad length", "bad key update", "mixed handshake and non handshake data", "ccs received early", "data between ccs and finished", "packet length too long", "too many warn alerts", "record too small", and "got a fin before a ccs" SSL errors has been lowered from "crit" to "info". *) Bugfix: a socket leak might occur when using HTTP/2 and the "error_page" directive to redirect errors with code 400. *) Bugfix: messages about logging to syslog errors did not contain information that the errors happened while logging to syslog. *) Workaround: "gzip filter failed to use preallocated memory" alerts appeared in logs when using zlib-ng. *) Bugfix: in the mail proxy server. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* redirect unwanted error message in nginx installJohannes Kirchmair2023-04-041-1/+1
| | | | | | | | | | | | | | | | if we run opkg install nginx on our system (without systemd) we end up getting the following message in the install process $ opkg install nginx_1.20.1-r0_core2-64.ipk  ... //var/lib/opkg/info/nginx.postinst: line 3: type: systemd-tmpfiles: not found this confused some of my coworkers. as installation also finishes correctly without sytemd-tmpfiles and not having systemd-tempfiles is not really a problem, I think we should redirect the message also to /dev/NULL Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: added packagegroup for webdav modulePeter Johennecken2023-03-311-0/+1
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* xdebug: upgrade 3.1.1 -> 3.2.0Wang Mingyu2023-03-101-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* spawn-fcgi: upgrade 1.6.4 -> 1.6.5Wang Mingyu2023-03-092-39/+2
| | | | | | | | | | | | | fix_configure_ipv6_test.patch removed since it's included in 1.6.5 Changelog: ========== * Configure script cleanups (fixing detection of IPv6) * Update links and email addresses Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: upgrade 1.20.1 -> 1.23.3Wang Mingyu2023-03-093-116/+6
| | | | | | | | | | | | | | | | | | | | | | | | CVE-2021-3618.patch removed since it's included in 1.23.3 Changelog: ========== *) Bugfix: an error might occur when reading PROXY protocol version 2 header with large number of TLVs. *) Bugfix: a segmentation fault might occur in a worker process if SSI was used to process subrequests created by other modules. Thanks to Ciel Zhao. *) Workaround: when a hostname used in the "listen" directive resolves to multiple addresses, nginx now ignores duplicates within these addresses. *) Bugfix: nginx might hog CPU during unbuffered proxying if SSL connections to backends were used. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: upgrade 2.4.55 -> 2.4.56Wang Mingyu2023-03-081-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changelog: ========== - rotatelogs: Add -T flag to allow subsequent rotated logfiles to be truncated without the initial logfile being truncated. - mod_ldap: LDAPConnectionPoolTTL should accept negative values in order to allow connections of any age to be reused. Up to now, a negative value was handled as an error when parsing the configuration file. PR 66421. - mod_proxy_ajp: Report an error if the AJP backend sends an invalid number of headers. - mod_md: - Enabling ED25519 support and certificate transparency information when building with libressl v3.5.0 and newer. - MDChallengeDns01 can now be configured for individual domains. - Fixed a bug that caused the challenge teardown not being invoked as it should. - mod_http2: client resets of HTTP/2 streams led to unwanted 500 errors reported in access logs and error documents. The processing of the reset was correct, only unneccesary reporting was caused. - mod_proxy_uwsgi: Stricter backend HTTP response parsing/validation. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* phpmyadmin: upgrade 5.2.0 -> 5.2.1Yi Zhao2023-02-241-2/+2
| | | | | | | | | | Release Notes: https://www.phpmyadmin.net/files/5.2.1/ License-Update: Update copyright year to 2022 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: use /run instead of /var/run for systemd volatile configYi Zhao2023-02-241-1/+1
| | | | | | | | | | Fixes: systemd-tmpfiles[181]: /etc/tmpfiles.d/apache2-volatile.conf:1: Line references path below legacy directory /var/run/, updating /var/run/apache2 -> /run/apache2; please update the tmpfiles.d/ drop-in file accordingly. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: upgrade 2.4.54 -> 2.4.55Wang Mingyu2023-02-071-1/+1
| | | | | | | | Changelog: https://downloads.apache.org/httpd/CHANGES_2.4.55 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* .patch: fix Upstream-Status formatting issues reported by patchreview tool ↵Martin Jansa2023-01-276-6/+6
| | | | | | | from oe-core Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* layer.conf: update LAYERSERIES_COMPAT for mickledoreMartin Jansa2023-01-041-1/+1
| | | | | | | * oe-core switched to mickedore in: https://git.openembedded.org/openembedded-core/commit/?id=57239d66b933c4313cf331d35d13ec2d0661c38f Signed-off-by: Khem Raj <raj.khem@gmail.com>
* monkey: use git fetcherMartin Jansa2022-11-101-2/+3
| | | | | | | | * monkey-project.com doesn't resolve anymore * use v1.6.9 tag from github Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: Add ipv6 supportJoshua Watt2022-10-271-1/+2
| | | | | | | Adds a PACKAGECONFIG to enable ipv6 in nginx Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* cockpit: Update to 276Khem Raj2022-09-074-57/+66
| | | | | | Specify --with-admin-group and no error on xsltproc Signed-off-by: Khem Raj <raj.khem@gmail.com>
* sthttpd: Define _GNU_SOURCE if HAVE_SIGSET is setKhem Raj2022-09-072-0/+52
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* monkey: Fix build with muslKhem Raj2022-08-282-0/+31
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* netdata: upgrade 1.36.0 -> 1.36.1Wang Mingyu2022-08-231-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* netdata: upgrade 1.35.1 -> 1.36.0Wang Mingyu2022-08-151-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: Fix the buildpaths issueMingli Yu2022-08-062-0/+33
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes: WARNING: apache2-2.4.54-r0 do_package_qa: QA Issue: File /usr/src/debug/apache2/2.4.54-r0/build/server/exports.c in package apache2-src contains reference to TMPDIR [buildpaths] Before the patch: # cat ./build/server/exports.c [snip] #include "mpm_fdqueue.h" const void *ap_ugly_hack = NULL; /* * /buildarea/build/tmp-glibc/work/core2-32-wrs-linux/apache2/2.4.54-r0/httpd-2.4.54/include/ap_expr.h */ const void *ap_hack_ap_expr_exec = (const void *)ap_expr_exec; [snip] After the patch: # cat ./build/server/exports.c [snip] #include "mpm_fdqueue.h" const void *ap_ugly_hack = NULL; /* * ap_expr.h */ const void *ap_hack_ap_expr_exec = (const void *)ap_expr_exec; [snip] Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* netdata: upgrade 1.35.0 -> 1.35.1wangmy2022-07-071-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: split out a new package apache2-utilsChen Qi2022-06-301-2/+14
| | | | | | | | Split out apache2-utils so this small package could be used by other packages. For example, htpasswd could be used by docker-registry. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* netdata: version bump 1.34.1 -> 1.35.0Jan Vermaete2022-06-302-41/+1
| | | | | | | | | | | | Do note that some collectors (a.k.a. plugins) moved from Python to Go. And Go is not (yet) part of this recipe. More info at https://github.com/netdata/netdata/releases/tag/v1.35.0 under 'Deprecated in this release' The patch should be handled by recoding upstream. Signed-off-by: Jan Vermaete <jan.vermaete@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: upgrade 2.4.53 -> 2.4.54wangmy2022-06-302-8/+6
| | | | | | | | | | | 0004-apache2-log-the-SELinux-context-at-startup.patch refresh for new version. Changelog: https://downloads.apache.org/httpd/CHANGES_2.4.54 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* phpmyadmin: upgrade 5.1.3 -> 5.2.0wangmy2022-05-161-1/+1
| | | | | | | | | | | | | | | | | Changelog: ========= * Removed support for Microsoft Internet Explorer * Requires PHP 7.2 or newer * Requires the openssl PHP extension * Improved handling of system CA bundle and cacert.pem, falling back to Mozilla CA if needed * Replace "master/slave" terms with "primary/replica" * Add "NOT LIKE %...%" operator to Table search * Add support for the Mroonga engine * Add support for account locking * Several fixes and improvements to the SQL parser library Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* layer.conf: Post release codename changesArmin Kuster2022-05-071-1/+1
| | | | | | | Post release add langdale to match core Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* netdata: Fix build errors with clangKhem Raj2022-04-252-1/+42
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* netdata: version bump 1.33.1 -> 1.34.1Jan Vermaete2022-04-211-1/+1
| | | | | Signed-off-by: Jan Vermaete <jan.vermaete@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: add gunzip PACKAGECONFIGStefan Herbrechtsmeier2022-03-291-0/+1
| | | | | | | | | | The nginx gunzip module is a filter that decompresses responses with 'Content-Encoding: gzip' for clients that do not support 'gzip' encoding method. The module will be useful when it is desirable to store data compressed to save space and reduce I/O costs. Signed-off-by: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* netdata: Fix override separator syntaxKhem Raj2022-03-251-1/+1
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: upgrade 2.4.52 -> 2.4.53Yi Zhao2022-03-2411-65/+62
| | | | | | | | | | | | | | | | ChangeLog: https://downloads.apache.org/httpd/CHANGES_2.4.53 Security fixes: CVE-2022-23943 CVE-2022-22721 CVE-2022-22720 CVE-2022-22719 Refresh patches. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* cockpit: Package missing nonarch_libdirKhem Raj2022-03-211-0/+2
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* recipes: Update LICENSE variable to use SPDX license identifiersKhem Raj2022-03-045-5/+5
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* layer.conf: change layer priority to match oe-coreRoss Burton2022-02-281-1/+1
| | | | | | | | | | | | | | | | | | | | | Layer priority is the ultimate decider of what recipe is used: if layer A has recipe foo_1 and layer B has recipe foo_2, if layer A's priority is higher than B then foo_1 will be used, even though the version in B is higher, and even if PREFERRED_VERSION_foo is set to 2. This complicates recipes moving between layers, for example when a newer version of a recipe (say, python3-wheel) is taken from a layer with a higher priority (say, meta-python) and moved to a layer with a lower priority (say, oe-core) then it has to be removed before it is added: there is no way to have it in both layers and work correctly. Higher priorities are useful in distribution layers where you may want to override specific recipes without any other fuss. However as all of the layers in meta-oe simply add more recipes in defined areas, there's no need to have a higher layer priority. Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* netdata: added enable/disable cloud config.Kas User2022-02-281-1/+2
| | | | | | | | | | | The json-c dependancy is only needed when cloud is enabled. Almost no inpact on the size of the package. Default disabled. Signed-off-by: Jan Vermaete <jan.vermaete@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* phpmyadmin: upgrade 5.1.2 -> 5.1.3Zheng Ruoqin2022-02-231-2/+1
| | | | | | | | | | | | | | | | | | Changelog: ========= - Fix broken pagination links in the navigation sidebar - Fix MariaDB has no support for system variable "disabled_storage_engines" - Fix unsupported operand types in Results.php when running "SHOW PROCESSLIST" SQL query - Fixed importing browser settings question box after login when having no pmadb - Fix "First day of calendar" user override has no effect - Fixed repeating headers are not working - Fixed import of email-adresses or links from ODS results in empty contents - Fixed a type error on ODS import with non string values - Fixed header row show/hide columns buttons on each line after hover are shown on each row - [security] Fix for path disclosure under certain server configurations (if display_errors is on, for instance) Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* layers: Bump to use kirkstoneKhem Raj2022-02-211-1/+1
| | | | | | its not going to be backward ABI compatible with honister due to variable renaming. Signed-off-by: Khem Raj <raj.khem@gmail.com>
* netdata: version bump 1.33.0 -> 1.33.1Jan Vermaete2022-02-172-33/+5
| | | | | | | | | | | | https can now be enabled (default) or disabled. The lz4 patch is now in this release. Package size increase of 2% Tested on RaspberryPi4-64 Signed-off-by: Jan Vermaete <jan.vermaete@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* netdata: upgrade 1.32.1 -> 1.33.0Jan Vermaete2022-02-032-3/+35
| | | | | | | | | | Added the packageconfig to compress the data with lz4. But disabled it by default. Patch added to have it working without compression enabled. Signed-off-by: Jan Vermaete <jan.vermaete@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* phpmyadmin: upgrade 5.1.1 -> 5.1.2Yi Zhao2022-01-251-3/+3
| | | | | | | License-Update: Change JS Foundation to OpenJS Foundation Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: upgrade 2.4.51 -> 2.4.52wangmy2021-12-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changelog: ========== *) SECURITY: CVE-2021-44790: Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier (cve.mitre.org) A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. *) SECURITY: CVE-2021-44224: Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlier (cve.mitre.org) A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). *) http: Enforce that fully qualified uri-paths not to be forward-proxied have an http(s) scheme, and that the ones to be forward proxied have a hostname, per HTTP specifications. *) OpenSSL autoconf detection improvement: pick up openssl.pc in the specified openssl path. *) mod_proxy_connect, mod_proxy: Do not change the status code after we already sent it to the client. *) mod_http: Correctly sent a 100 Continue status code when sending an interim response as result of an Expect: 100-Continue in the request and not the current status code of the request. PR 65725 *) mod_dav: Some DAV extensions, like CalDAV, specify both document elements and property elements that need to be taken into account when generating a property. The document element and property element are made available in the dav_liveprop_elem structure by calling dav_get_liveprop_element(). *) mod_dav: Add utility functions dav_validate_root_ns(), dav_find_child_ns(), dav_find_next_ns(), dav_find_attr_ns() and dav_find_attr() so that other modules get to play too. *) mpm_event: Restart stopping of idle children after a load peak. PR 65626. *) mod_http2: fixes 2 regressions in server limit handling. 1. When reaching server limits, such as MaxRequestsPerChild, the HTTP/2 connection send a GOAWAY frame much too early on new connections, leading to invalid protocol state and a client failing the request. See PR65731. The module now initializes the HTTP/2 protocol correctly and allows the client to submit one request before the shutdown via a GOAWAY frame is being announced. 2. A regression in v1.15.24 was fixed that could lead to httpd child processes not being terminated on a graceful reload or when reaching MaxConnectionsPerChild. When unprocessed h2 requests were queued at the time, these could stall. See <https://github.com/icing/mod_h2/issues/212>. *) mod_ssl: Add build support for OpenSSL v3. *) mod_proxy_connect: Honor the smallest of the backend or client timeout while tunneling. *) mod_proxy: SetEnv proxy-nohalfclose (or alike) allows to disable TCP half-close forwarding when tunneling protocols. *) core: Be safe with ap_lingering_close() called with a socket NULL-ed by a third-party module. PR 65627. *) mod_md: Fix memory leak in case of failures to load the private key. PR 65620 *) mod_md: adding v2.4.8 with the following changes - Added support for ACME External Account Binding (EAB). Use the new directive `MDExternalAccountBinding` to provide the server with the value for key identifier and hmac as provided by your CA. While working on some servers, EAB handling is not uniform across CAs. First tests with a Sectigo Certificate Manager in demo mode are successful. But ZeroSSL, for example, seems to regard EAB values as a one-time-use-only thing, which makes them fail if you create a seconde account or retry the creation of the first account with the same EAB. - The directive 'MDCertificateAuthority' now checks if its parameter is a http/https url or one of a set of known names. Those are 'LetsEncrypt', 'LetsEncrypt-Test', 'Buypass' and 'Buypass-Test' for now and they are not case-sensitive. The default of LetsEncrypt is unchanged. - `MDContactEmail` can now be specified inside a `<MDomain dnsname>` section. - Treating 401 HTTP status codes for orders like 403, since some ACME servers seem to prefer that for accessing oders from other accounts. - When retrieving certificate chains, try to read the repsonse even if the HTTP Content-Type is unrecognized. - Fixed a bug that reset the error counter of a certificate renewal and prevented the increasing delays in further attempts. - Fixed the renewal process giving up every time on an already existing order with some invalid domains. Now, if such are seen in a previous order, a new order is created for a clean start over again. See <https://github.com/icing/mod_md/issues/268> - Fixed a mixup in md-status handler when static certificate files and renewal was configured at the same time. *) mod_md: values for External Account Binding (EAB) can now also be configured to be read from a separate JSON file. This allows to keep server configuration permissions world readable without exposing secrets. *) mod_proxy_uwsgi: Remove duplicate slashes at the beginning of PATH_INFO. PR 65616. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* netdata: fix for commit 8554624cc7f84e6b63b2ea4b94ee5fd2821021caJan Vermaete2021-12-231-5/+3
| | | | | | | | | | | | The previous commit was using a PACKAGECONFIG to enable or disable the sending of anonymous data to Google Analytics. This was giving QA issues. Now the variable 'NETDATA_ANONYMOUS' is used to enable or disable the opt-out. Signed-off-by: Jan Vermaete <jan.vermaete@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* netdata: do not send anonymous statistics by default.Jan Vermaete2021-12-231-0/+9
| | | | | | | | | | | | Netdata is sending anonymous statics data to Google by default. Disabling this by default in the recipe by adding the .opt-out-from-anonymous-statistics file in the netdata config directory. @see: https://learn.netdata.cloud/docs/agent/anonymous-statistics#opt-out Signed-off-by: Jan Vermaete <jan.vermaete@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* netdata: fixed some oelint-adv issues in the recipe.Jan Vermaete2021-12-231-4/+4
| | | | | Signed-off-by: Jan Vermaete <jan.vermaete@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-11-18 02:34:41 +0000