From 1219bf8a90a7bf8cd3a5363551ef635d51e8fc8e Mon Sep 17 00:00:00 2001 From: Tudor Florea Date: Thu, 8 Oct 2015 22:51:41 +0200 Subject: initial commit for Enea Linux 5.0 arm Signed-off-by: Tudor Florea --- meta-webserver/COPYING.MIT | 17 ++ meta-webserver/README | 59 ++++ meta-webserver/conf/layer.conf | 20 ++ meta-webserver/licenses/Xdebug | 60 ++++ .../recipes-httpd/apache2/apache2-native_2.4.10.bb | 45 +++ .../apache2/apache2/apache-CVE-2014-0117.patch | 289 ++++++++++++++++++ .../apache2/apache2/apache-configure_perlbin.patch | 20 ++ .../apache2/apache2/apache-ssl-ltmain-rpath.patch | 76 +++++ .../apache2/apache2/fix-libtool-name.patch | 55 ++++ .../apache2/apache2/httpd-2.4.1-corelimit.patch | 37 +++ .../apache2/apache2/httpd-2.4.1-selinux.patch | 63 ++++ .../apache2/apache2/httpd-2.4.4-export.patch | 22 ++ .../apache2/apache2/npn-patch-2.4.7.patch | 289 ++++++++++++++++++ .../replace-lynx-to-curl-in-apachectl-script.patch | 52 ++++ .../apache2/apache2/server-makefile.patch | 11 + .../recipes-httpd/apache2/apache2_2.4.10.bb | 160 ++++++++++ ...nfigure-use-pkg-config-for-PCRE-detection.patch | 52 ++++ .../apache2/files/apache2-volatile.conf | 2 + .../recipes-httpd/apache2/files/apache2.service | 14 + ...httpd-2.4.3-fix-race-issue-of-dir-install.patch | 21 ++ meta-webserver/recipes-httpd/apache2/files/init | 73 +++++ .../cherokee-install-configured.py-once.patch | 40 +++ .../recipes-httpd/cherokee/cherokee/cherokee.init | 32 ++ .../cherokee/cherokee/cherokee.service | 10 + .../recipes-httpd/cherokee/cherokee_1.2.98.bb | 67 ++++ .../recipes-httpd/hiawatha/files/hiawatha-init | 44 +++ .../recipes-httpd/hiawatha/files/hiawatha.service | 16 + .../recipes-httpd/hiawatha/hiawatha_9.2.bb | 66 ++++ .../recipes-httpd/monkey/files/monkey.init | 34 +++ .../recipes-httpd/monkey/files/monkey.service | 12 + .../recipes-httpd/monkey/monkey_1.5.4.bb | 64 ++++ .../recipes-httpd/nginx/files/nginx-cross.patch | 217 +++++++++++++ .../recipes-httpd/nginx/files/nginx-volatile.conf | 2 + .../recipes-httpd/nginx/files/nginx.conf | 118 +++++++ .../recipes-httpd/nginx/files/nginx.init | 52 ++++ meta-webserver/recipes-httpd/nginx/nginx_1.4.4.bb | 117 +++++++ ...ile-add-possibility-to-override-variables.patch | 141 +++++++++ .../recipes-httpd/nostromo/files/nhttpd.conf | 55 ++++ .../recipes-httpd/nostromo/files/nostromo | 34 +++ .../recipes-httpd/nostromo/files/tmpfiles.conf | 1 + .../recipes-httpd/nostromo/files/volatiles | 2 + .../recipes-httpd/nostromo/nostromo_1.9.5.bb | 69 +++++ meta-webserver/recipes-httpd/sthttpd/sthttpd/init | 52 ++++ .../recipes-httpd/sthttpd/sthttpd/thttpd.conf | 1 + .../recipes-httpd/sthttpd/sthttpd/thttpd.service | 10 + .../recipes-httpd/sthttpd/sthttpd_2.26.4.bb | 45 +++ .../0001-using-pkgconfig-to-check-libxml.patch | 74 +++++ .../recipes-php/modphp/files/70_mod_php5.conf | 12 + .../recipes-php/modphp/files/configure.patch | 11 + .../modphp/files/php-CVE-2014-3587.patch | 31 ++ .../modphp/files/php-CVE-2014-3597.patch | 282 +++++++++++++++++ .../modphp/files/php-CVE-2014-5120.patch | 35 +++ .../modphp/files/pthread-check-threads-m4.patch | 30 ++ meta-webserver/recipes-php/modphp/modphp5.inc | 112 +++++++ meta-webserver/recipes-php/modphp/modphp_5.5.15.bb | 7 + ...ug-4504-security-Self-XSS-in-query-charts.patch | 29 ++ ...4505-security-XSS-in-view-operations-page.patch | 43 +++ .../recipes-php/phpmyadmin/phpmyadmin/apache.conf | 42 +++ .../recipes-php/phpmyadmin/phpmyadmin_4.2.7.bb | 34 +++ meta-webserver/recipes-php/xdebug/xdebug_2.2.5.bb | 36 +++ .../fcgi/fcgi/Fix_EOF_not_declared_issue.patch | 17 ++ .../fcgi/add_foreign_to_AM_INIT_AUTOMAKE.patch | 18 ++ meta-webserver/recipes-support/fcgi/fcgi_2.4.0.bb | 15 + .../webmin/files/disable-version-check.patch | 45 +++ .../webmin/files/exports-lib.pl.patch | 32 ++ .../webmin/files/init-exclude.patch | 78 +++++ .../recipes-webadmin/webmin/files/media-tomb.patch | 65 ++++ .../webmin/files/mount-excludefs.patch | 25 ++ .../webmin/files/net-generic.patch | 21 ++ .../recipes-webadmin/webmin/files/net-lib.pl.patch | 19 ++ .../recipes-webadmin/webmin/files/nfs-export.patch | 39 +++ .../webmin/files/proftpd-config-fix.patch | 18 ++ .../webmin/files/remove-python2.3.patch | 25 ++ .../webmin/files/remove-startup-option.patch | 29 ++ .../webmin/files/samba-config-fix.patch | 32 ++ .../recipes-webadmin/webmin/files/setup.sh | 340 +++++++++++++++++++++ .../recipes-webadmin/webmin/webmin_1.700.bb | 150 +++++++++ 77 files changed, 4484 insertions(+) create mode 100644 meta-webserver/COPYING.MIT create mode 100644 meta-webserver/README create mode 100644 meta-webserver/conf/layer.conf create mode 100644 meta-webserver/licenses/Xdebug create mode 100644 meta-webserver/recipes-httpd/apache2/apache2-native_2.4.10.bb create mode 100644 meta-webserver/recipes-httpd/apache2/apache2/apache-CVE-2014-0117.patch create mode 100644 meta-webserver/recipes-httpd/apache2/apache2/apache-configure_perlbin.patch create mode 100644 meta-webserver/recipes-httpd/apache2/apache2/apache-ssl-ltmain-rpath.patch create mode 100644 meta-webserver/recipes-httpd/apache2/apache2/fix-libtool-name.patch create mode 100644 meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.1-corelimit.patch create mode 100644 meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.1-selinux.patch create mode 100644 meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.4-export.patch create mode 100644 meta-webserver/recipes-httpd/apache2/apache2/npn-patch-2.4.7.patch create mode 100644 meta-webserver/recipes-httpd/apache2/apache2/replace-lynx-to-curl-in-apachectl-script.patch create mode 100644 meta-webserver/recipes-httpd/apache2/apache2/server-makefile.patch create mode 100644 meta-webserver/recipes-httpd/apache2/apache2_2.4.10.bb create mode 100644 meta-webserver/recipes-httpd/apache2/files/0001-configure-use-pkg-config-for-PCRE-detection.patch create mode 100644 meta-webserver/recipes-httpd/apache2/files/apache2-volatile.conf create mode 100644 meta-webserver/recipes-httpd/apache2/files/apache2.service create mode 100644 meta-webserver/recipes-httpd/apache2/files/httpd-2.4.3-fix-race-issue-of-dir-install.patch create mode 100755 meta-webserver/recipes-httpd/apache2/files/init create mode 100644 meta-webserver/recipes-httpd/cherokee/cherokee/cherokee-install-configured.py-once.patch create mode 100644 meta-webserver/recipes-httpd/cherokee/cherokee/cherokee.init create mode 100644 meta-webserver/recipes-httpd/cherokee/cherokee/cherokee.service create mode 100644 meta-webserver/recipes-httpd/cherokee/cherokee_1.2.98.bb create mode 100644 meta-webserver/recipes-httpd/hiawatha/files/hiawatha-init create mode 100644 meta-webserver/recipes-httpd/hiawatha/files/hiawatha.service create mode 100644 meta-webserver/recipes-httpd/hiawatha/hiawatha_9.2.bb create mode 100644 meta-webserver/recipes-httpd/monkey/files/monkey.init create mode 100644 meta-webserver/recipes-httpd/monkey/files/monkey.service create mode 100644 meta-webserver/recipes-httpd/monkey/monkey_1.5.4.bb create mode 100644 meta-webserver/recipes-httpd/nginx/files/nginx-cross.patch create mode 100644 meta-webserver/recipes-httpd/nginx/files/nginx-volatile.conf create mode 100644 meta-webserver/recipes-httpd/nginx/files/nginx.conf create mode 100755 meta-webserver/recipes-httpd/nginx/files/nginx.init create mode 100644 meta-webserver/recipes-httpd/nginx/nginx_1.4.4.bb create mode 100644 meta-webserver/recipes-httpd/nostromo/files/0001-GNUmakefile-add-possibility-to-override-variables.patch create mode 100644 meta-webserver/recipes-httpd/nostromo/files/nhttpd.conf create mode 100644 meta-webserver/recipes-httpd/nostromo/files/nostromo create mode 100644 meta-webserver/recipes-httpd/nostromo/files/tmpfiles.conf create mode 100644 meta-webserver/recipes-httpd/nostromo/files/volatiles create mode 100644 meta-webserver/recipes-httpd/nostromo/nostromo_1.9.5.bb create mode 100644 meta-webserver/recipes-httpd/sthttpd/sthttpd/init create mode 100644 meta-webserver/recipes-httpd/sthttpd/sthttpd/thttpd.conf create mode 100644 meta-webserver/recipes-httpd/sthttpd/sthttpd/thttpd.service create mode 100644 meta-webserver/recipes-httpd/sthttpd/sthttpd_2.26.4.bb create mode 100644 meta-webserver/recipes-php/modphp/files/0001-using-pkgconfig-to-check-libxml.patch create mode 100644 meta-webserver/recipes-php/modphp/files/70_mod_php5.conf create mode 100644 meta-webserver/recipes-php/modphp/files/configure.patch create mode 100644 meta-webserver/recipes-php/modphp/files/php-CVE-2014-3587.patch create mode 100644 meta-webserver/recipes-php/modphp/files/php-CVE-2014-3597.patch create mode 100644 meta-webserver/recipes-php/modphp/files/php-CVE-2014-5120.patch create mode 100644 meta-webserver/recipes-php/modphp/files/pthread-check-threads-m4.patch create mode 100644 meta-webserver/recipes-php/modphp/modphp5.inc create mode 100644 meta-webserver/recipes-php/modphp/modphp_5.5.15.bb create mode 100644 meta-webserver/recipes-php/phpmyadmin/phpmyadmin/0001-bug-4504-security-Self-XSS-in-query-charts.patch create mode 100644 meta-webserver/recipes-php/phpmyadmin/phpmyadmin/0001-bug-4505-security-XSS-in-view-operations-page.patch create mode 100644 meta-webserver/recipes-php/phpmyadmin/phpmyadmin/apache.conf create mode 100644 meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.2.7.bb create mode 100644 meta-webserver/recipes-php/xdebug/xdebug_2.2.5.bb create mode 100644 meta-webserver/recipes-support/fcgi/fcgi/Fix_EOF_not_declared_issue.patch create mode 100644 meta-webserver/recipes-support/fcgi/fcgi/add_foreign_to_AM_INIT_AUTOMAKE.patch create mode 100644 meta-webserver/recipes-support/fcgi/fcgi_2.4.0.bb create mode 100644 meta-webserver/recipes-webadmin/webmin/files/disable-version-check.patch create mode 100644 meta-webserver/recipes-webadmin/webmin/files/exports-lib.pl.patch create mode 100644 meta-webserver/recipes-webadmin/webmin/files/init-exclude.patch create mode 100644 meta-webserver/recipes-webadmin/webmin/files/media-tomb.patch create mode 100644 meta-webserver/recipes-webadmin/webmin/files/mount-excludefs.patch create mode 100644 meta-webserver/recipes-webadmin/webmin/files/net-generic.patch create mode 100644 meta-webserver/recipes-webadmin/webmin/files/net-lib.pl.patch create mode 100644 meta-webserver/recipes-webadmin/webmin/files/nfs-export.patch create mode 100644 meta-webserver/recipes-webadmin/webmin/files/proftpd-config-fix.patch create mode 100644 meta-webserver/recipes-webadmin/webmin/files/remove-python2.3.patch create mode 100644 meta-webserver/recipes-webadmin/webmin/files/remove-startup-option.patch create mode 100644 meta-webserver/recipes-webadmin/webmin/files/samba-config-fix.patch create mode 100755 meta-webserver/recipes-webadmin/webmin/files/setup.sh create mode 100644 meta-webserver/recipes-webadmin/webmin/webmin_1.700.bb (limited to 'meta-webserver') diff --git a/meta-webserver/COPYING.MIT b/meta-webserver/COPYING.MIT new file mode 100644 index 000000000..fb950dc69 --- /dev/null +++ b/meta-webserver/COPYING.MIT @@ -0,0 +1,17 @@ +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. diff --git a/meta-webserver/README b/meta-webserver/README new file mode 100644 index 000000000..ead9e2a82 --- /dev/null +++ b/meta-webserver/README @@ -0,0 +1,59 @@ +meta-webserver +============== + +This layer provides support for building web servers, web-based +applications and related software. + + + +Dependencies +------------ + +This layer depends on: + +URI: git://github.com/openembedded/oe-core.git +subdirectory: meta +branch: dizzy +revision: HEAD + +For some recipes, the meta-oe layer is required: + +URI: git://github.com/openembedded/meta-oe.git +subdirectory: meta-oe +branch: dizzy +revision: HEAD + + + +Layout +------ + +recipes-httpd/ Web servers +recipes-php/ PHP and PHP applications +recipes-webadmin/ Standalone web administration interfaces + + + +Maintenance +----------- + +Send patches / pull requests to openembedded-devel@lists.openembedded.org +with '[meta-webserver][dizzy]' in the subject. + +Layer maintainer: Paul Eggleton + +Dizzy branch maintainers: + Otavio Salvador + Armin Kuster + +Prefix email subject with: [dizzy] + +License +------- + +All metadata is MIT licensed unless otherwise stated. Source code included +in tree for individual recipes is under the LICENSE stated in each recipe +(.bb file) unless otherwise stated. + +This README document is Copyright (C) 2012 Intel Corporation. + diff --git a/meta-webserver/conf/layer.conf b/meta-webserver/conf/layer.conf new file mode 100644 index 000000000..a4d6a2723 --- /dev/null +++ b/meta-webserver/conf/layer.conf @@ -0,0 +1,20 @@ +# Layer configuration for meta-webserver layer +# Copyright 2012 Intel Corporation + +# We have a conf and classes directory, add to BBPATH +BBPATH .= ":${LAYERDIR}" + +# We have various recipe-* directories, add to BBFILES +BBFILES += "${LAYERDIR}/recipes-*/*/*.bb ${LAYERDIR}/recipes-*/*/*.bbappend" + +BBFILE_COLLECTIONS += "webserver" +BBFILE_PATTERN_webserver := "^${LAYERDIR}/" +BBFILE_PRIORITY_webserver = "6" + +# This should only be incremented on significant changes that will +# cause compatibility issues with other layers +LAYERVERSION_webserver = "1" + +LAYERDEPENDS_webserver = "core" + +LICENSE_PATH += "${LAYERDIR}/licenses" diff --git a/meta-webserver/licenses/Xdebug b/meta-webserver/licenses/Xdebug new file mode 100644 index 000000000..3cdbf0598 --- /dev/null +++ b/meta-webserver/licenses/Xdebug @@ -0,0 +1,60 @@ +-------------------------------------------------------------------- + The Xdebug License, version 1.01 + (Based on "The PHP License", version 3.0) + Copyright (c) 2003-2012 Derick Rethans. All rights reserved. +-------------------------------------------------------------------- + +Redistribution and use in source and binary forms, with or without +modification, is permitted provided that the following conditions +are met: + + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in + the documentation and/or other materials provided with the + distribution. + + 3. The name "Xdebug" must not be used to endorse or promote products + derived from this software without prior written permission. For + written permission, please contact derick@xdebug.org. + + 4. Products derived from this software may not be called "Xdebug", nor + may "Xdebug" appear in their name, without prior written permission + from derick@xdebug.org. + + 5. Derick Rethans may publish revised and/or new versions of the + license from time to time. Each version will be given a + distinguishing version number. Once covered code has been + published under a particular version of the license, you may + always continue to use it under the terms of that version. You + may also choose to use such covered code under the terms of any + subsequent version of the license published by Derick Rethans. No + one other than Derick Rethans has the right to modify the terms + applicable to covered code created under this License. + + 6. Redistributions of any form whatsoever must retain the following + acknowledgment: "This product includes Xdebug, freely available + from ". + +THIS SOFTWARE IS PROVIDED BY DERICK RETHANS ``AS IS'' AND ANY +EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE PHP DEVELOPMENT TEAM OR +ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +-------------------------------------------------------------------- + +This software consists of voluntary contributions made by some +individuals on behalf of Derick Rethans. + +Derick Rethans can be contacted via e-mail at derick@xdebug.org. + +For more information Xdebug, please see . diff --git a/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.10.bb b/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.10.bb new file mode 100644 index 000000000..5963b7943 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.10.bb @@ -0,0 +1,45 @@ +DESCRIPTION = "The Apache HTTP Server is a powerful, efficient, and \ +extensible web server." +SUMMARY = "Apache HTTP Server" +HOMEPAGE = "http://httpd.apache.org/" +DEPENDS = "expat-native pcre-native apr-native apr-util-native" +SECTION = "net" +LICENSE = "Apache-2.0" + +inherit autotools pkgconfig native + +SRC_URI = "http://www.apache.org/dist/httpd/httpd-${PV}.tar.bz2 \ + file://0001-configure-use-pkg-config-for-PCRE-detection.patch \ + " + +S = "${WORKDIR}/httpd-${PV}" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=dbff5a2b542fa58854455bf1a0b94b83" +SRC_URI[md5sum] = "44543dff14a4ebc1e9e2d86780507156" +SRC_URI[sha256sum] = "176c4dac1a745f07b7b91e7f4fd48f9c48049fa6f088efe758d61d9738669c6a" + +EXTRA_OECONF = "--with-apr=${STAGING_BINDIR_CROSS}/apr-1-config \ + --with-apr-util=${STAGING_BINDIR_CROSS}/apu-1-config \ + --prefix=${prefix} --datadir=${datadir}/apache2 \ + " + +do_install () { + install -d ${D}${bindir} ${D}${libdir} + cp server/gen_test_char ${D}${bindir} + install -m 755 support/apxs ${D}${bindir}/ + install -m 755 httpd ${D}${bindir}/ + install -d ${D}${datadir}/apache2/build + cp ${S}/build/*.mk ${D}${datadir}/apache2/build + cp build/*.mk ${D}${datadir}/apache2/build + cp ${S}/build/instdso.sh ${D}${datadir}/apache2/build + + install -d ${D}${includedir}/apache2 + cp ${S}/include/* ${D}${includedir}/apache2 + cp include/* ${D}${includedir}/apache2 + cp ${S}/os/unix/os.h ${D}${includedir}/apache2 + cp ${S}/os/unix/unixd.h ${D}${includedir}/apache2 + + cp support/envvars-std ${D}${bindir}/envvars + chmod 755 ${D}${bindir}/envvars +} + diff --git a/meta-webserver/recipes-httpd/apache2/apache2/apache-CVE-2014-0117.patch b/meta-webserver/recipes-httpd/apache2/apache2/apache-CVE-2014-0117.patch new file mode 100644 index 000000000..8585f0bb3 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2/apache-CVE-2014-0117.patch @@ -0,0 +1,289 @@ +apache: CVE-2014-0117 + +The patch comes from upstream: +http://svn.apache.org/viewvc?view=revision&revision=1610674 + +SECURITY (CVE-2014-0117): Fix a crash in mod_proxy. In a +reverse proxy configuration, a remote attacker could send a carefully crafted +request which could crash a server process, resulting in denial of service. + +Thanks to Marek Kroemeke working with HP's Zero Day Initiative for +reporting this issue. + +Upstream-Status: Backport + +Submitted by: Edward Lu, breser, covener +Signed-off-by: Zhang Xiao +--- + modules/proxy/mod_proxy_http.c | 8 +++- + include/httpd.h | 17 ++++++++ + modules/proxy/proxy_util.c | 67 ++++++++++++++---------------- + server/util.c | 89 ++++++++++++++++++++++++++++++++++++++++++ + 4 files changed, 143 insertions(+), 38 deletions(-) + +diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c +index cffad2e..f11c16f 100644 +--- a/modules/proxy/mod_proxy_http.c ++++ b/modules/proxy/mod_proxy_http.c +@@ -1362,6 +1362,7 @@ apr_status_t ap_proxy_http_process_response(apr_pool_t * p, request_rec *r, + */ + if (apr_date_checkmask(buffer, "HTTP/#.# ###*")) { + int major, minor; ++ int toclose; + + major = buffer[5] - '0'; + minor = buffer[7] - '0'; +@@ -1470,7 +1471,12 @@ apr_status_t ap_proxy_http_process_response(apr_pool_t * p, request_rec *r, + te = apr_table_get(r->headers_out, "Transfer-Encoding"); + + /* strip connection listed hop-by-hop headers from response */ +- backend->close = ap_proxy_clear_connection_fn(r, r->headers_out); ++ toclose = ap_proxy_clear_connection_fn(r, r->headers_out); ++ backend->close = (toclose != 0); ++ if (toclose < 0) { ++ return ap_proxyerror(r, HTTP_BAD_REQUEST, ++ "Malformed connection header"); ++ } + + if ((buf = apr_table_get(r->headers_out, "Content-Type"))) { + ap_set_content_type(r, apr_pstrdup(p, buf)); +diff --git a/include/httpd.h b/include/httpd.h +index 36cd58d..9a2cf5c 100644 +--- a/include/httpd.h ++++ b/include/httpd.h +@@ -1528,6 +1528,23 @@ AP_DECLARE(int) ap_find_etag_weak(apr_pool_t *p, const char *line, const char *t + AP_DECLARE(int) ap_find_etag_strong(apr_pool_t *p, const char *line, const char *tok); + + /** ++ * Retrieve an array of tokens in the format "1#token" defined in RFC2616. Only ++ * accepts ',' as a delimiter, does not accept quoted strings, and errors on ++ * any separator. ++ * @param p The pool to allocate from ++ * @param tok The line to read tokens from ++ * @param tokens Pointer to an array of tokens. If not NULL, must be an array ++ * of char*, otherwise it will be allocated on @a p when a token is found ++ * @param skip_invalid If true, when an invalid separator is encountered, it ++ * will be ignored. ++ * @return NULL on success, an error string otherwise. ++ * @remark *tokens may be NULL on output if NULL in input and no token is found ++ */ ++AP_DECLARE(const char *) ap_parse_token_list_strict(apr_pool_t *p, const char *tok, ++ apr_array_header_t **tokens, ++ int skip_invalid); ++ ++/** + * Retrieve a token, spacing over it and adjusting the pointer to + * the first non-white byte afterwards. Note that these tokens + * are delimited by semis and commas and can also be delimited +diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c +index 67dc939..58daa21 100644 +--- a/modules/proxy/proxy_util.c ++++ b/modules/proxy/proxy_util.c +@@ -2847,68 +2847,59 @@ PROXY_DECLARE(proxy_balancer_shared *) ap_proxy_find_balancershm(ap_slotmem_prov + typedef struct header_connection { + apr_pool_t *pool; + apr_array_header_t *array; +- const char *first; +- unsigned int closed:1; ++ const char *error; ++ int is_req; + } header_connection; + + static int find_conn_headers(void *data, const char *key, const char *val) + { + header_connection *x = data; +- const char *name; +- +- do { +- while (*val == ',' || *val == ';') { +- val++; +- } +- name = ap_get_token(x->pool, &val, 0); +- if (!strcasecmp(name, "close")) { +- x->closed = 1; +- } +- if (!x->first) { +- x->first = name; +- } +- else { +- const char **elt; +- if (!x->array) { +- x->array = apr_array_make(x->pool, 4, sizeof(char *)); +- } +- elt = apr_array_push(x->array); +- *elt = name; +- } +- } while (*val); + +- return 1; ++ x->error = ap_parse_token_list_strict(x->pool, val, &x->array, !x->is_req); ++ return !x->error; + } + + /** + * Remove all headers referred to by the Connection header. ++ * Returns -1 on error. Otherwise, returns 1 if 'Close' was seen in ++ * the Connection header tokens, and 0 if not. + */ + static int ap_proxy_clear_connection(request_rec *r, apr_table_t *headers) + { +- const char **name; ++ int closed = 0; + header_connection x; + + x.pool = r->pool; + x.array = NULL; +- x.first = NULL; +- x.closed = 0; ++ x.error = NULL; ++ x.is_req = (headers == r->headers_in); + + apr_table_unset(headers, "Proxy-Connection"); + + apr_table_do(find_conn_headers, &x, headers, "Connection", NULL); +- if (x.first) { +- /* fast path - no memory allocated for one header */ +- apr_table_unset(headers, "Connection"); +- apr_table_unset(headers, x.first); ++ apr_table_unset(headers, "Connection"); ++ ++ if (x.error) { ++ ap_log_rerror(APLOG_MARK, APLOG_NOTICE, 0, r, APLOGNO() ++ "Error parsing Connection header: %s", x.error); ++ return -1; + } ++ + if (x.array) { +- /* two or more headers */ +- while ((name = apr_array_pop(x.array))) { +- apr_table_unset(headers, *name); ++ int i; ++ for (i = 0; i < x.array->nelts; i++) { ++ const char *name = APR_ARRAY_IDX(x.array, i, const char *); ++ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO() ++ "Removing header '%s' listed in Connection header", ++ name); ++ if (!strcasecmp(name, "close")) { ++ closed = 1; ++ } ++ apr_table_unset(headers, name); + } + } + +- return x.closed; ++ return closed; + } + + PROXY_DECLARE(int) ap_proxy_create_hdrbrgd(apr_pool_t *p, +@@ -3095,7 +3086,9 @@ PROXY_DECLARE(int) ap_proxy_create_hdrbrgd(apr_pool_t *p, + * apr is compiled with APR_POOL_DEBUG. + */ + headers_in_copy = apr_table_copy(r->pool, r->headers_in); +- ap_proxy_clear_connection(r, headers_in_copy); ++ if (ap_proxy_clear_connection(r, headers_in_copy) < 0) { ++ return HTTP_BAD_REQUEST; ++ } + /* send request headers */ + headers_in_array = apr_table_elts(headers_in_copy); + headers_in = (const apr_table_entry_t *) headers_in_array->elts; +diff --git a/server/util.c b/server/util.c +index e0ba5c2..541c9f0 100644 +--- a/server/util.c ++++ b/server/util.c +@@ -1449,6 +1449,95 @@ AP_DECLARE(int) ap_find_etag_weak(apr_pool_t *p, const char *line, + return find_list_item(p, line, tok, AP_ETAG_WEAK); + } + ++/* Grab a list of tokens of the format 1#token (from RFC7230) */ ++AP_DECLARE(const char *) ap_parse_token_list_strict(apr_pool_t *p, ++ const char *str_in, ++ apr_array_header_t **tokens, ++ int skip_invalid) ++{ ++ int in_leading_space = 1; ++ int in_trailing_space = 0; ++ int string_end = 0; ++ const char *tok_begin; ++ const char *cur; ++ ++ if (!str_in) { ++ return NULL; ++ } ++ ++ tok_begin = cur = str_in; ++ ++ while (!string_end) { ++ const unsigned char c = (unsigned char)*cur; ++ ++ if (!TEST_CHAR(c, T_HTTP_TOKEN_STOP) && c != '\0') { ++ /* Non-separator character; we are finished with leading ++ * whitespace. We must never have encountered any trailing ++ * whitespace before the delimiter (comma) */ ++ in_leading_space = 0; ++ if (in_trailing_space) { ++ return "Encountered illegal whitespace in token"; ++ } ++ } ++ else if (c == ' ' || c == '\t') { ++ /* "Linear whitespace" only includes ASCII CRLF, space, and tab; ++ * we can't get a CRLF since headers are split on them already, ++ * so only look for a space or a tab */ ++ if (in_leading_space) { ++ /* We're still in leading whitespace */ ++ ++tok_begin; ++ } ++ else { ++ /* We must be in trailing whitespace */ ++ ++in_trailing_space; ++ } ++ } ++ else if (c == ',' || c == '\0') { ++ if (!in_leading_space) { ++ /* If we're out of the leading space, we know we've read some ++ * characters of a token */ ++ if (*tokens == NULL) { ++ *tokens = apr_array_make(p, 4, sizeof(char *)); ++ } ++ APR_ARRAY_PUSH(*tokens, char *) = ++ apr_pstrmemdup((*tokens)->pool, tok_begin, ++ (cur - tok_begin) - in_trailing_space); ++ } ++ /* We're allowed to have null elements, just don't add them to the ++ * array */ ++ ++ tok_begin = cur + 1; ++ in_leading_space = 1; ++ in_trailing_space = 0; ++ string_end = (c == '\0'); ++ } ++ else { ++ /* Encountered illegal separator char */ ++ if (skip_invalid) { ++ /* Skip to the next separator */ ++ const char *temp; ++ temp = ap_strchr_c(cur, ','); ++ if(!temp) { ++ temp = ap_strchr_c(cur, '\0'); ++ } ++ ++ /* Act like we haven't seen a token so we reset */ ++ cur = temp - 1; ++ in_leading_space = 1; ++ in_trailing_space = 0; ++ } ++ else { ++ return apr_psprintf(p, "Encountered illegal separator " ++ "'\\x%.2x'", (unsigned int)c); ++ } ++ } ++ ++ ++cur; ++ } ++ ++ return NULL; ++} ++ + /* Retrieve a token, spacing over it and returning a pointer to + * the first non-white byte afterwards. Note that these tokens + * are delimited by semis and commas; and can also be delimited +-- diff --git a/meta-webserver/recipes-httpd/apache2/apache2/apache-configure_perlbin.patch b/meta-webserver/recipes-httpd/apache2/apache2/apache-configure_perlbin.patch new file mode 100644 index 000000000..c90279d44 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2/apache-configure_perlbin.patch @@ -0,0 +1,20 @@ +# Author: echo +# Date: April 28 2009 +# Summary:Fix perl install directory to /usr/bin +# +# Upstream-Status: Inappropriate [configuration] + +--- a/configure.in ++++ b/configure.in +@@ -638,10 +638,7 @@ + AC_DEFINE_UNQUOTED(APACHE_MPM_DIR, "$MPM_DIR", + [Location of the source for the current MPM]) + +-perlbin=`$ac_aux_dir/PrintPath perl` +-if test "x$perlbin" = "x"; then +- perlbin="/replace/with/path/to/perl/interpreter" +-fi ++perlbin='/usr/bin/perl' + AC_SUBST(perlbin) + + dnl If we are running on BSD/OS, we need to use the BSD .include syntax. diff --git a/meta-webserver/recipes-httpd/apache2/apache2/apache-ssl-ltmain-rpath.patch b/meta-webserver/recipes-httpd/apache2/apache2/apache-ssl-ltmain-rpath.patch new file mode 100644 index 000000000..3a59fb079 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2/apache-ssl-ltmain-rpath.patch @@ -0,0 +1,76 @@ +--- httpd-2.2.8.orig/build/ltmain.sh ++++ httpd-2.2.8/build/ltmain.sh +@@ -1515,7 +1515,7 @@ EOF + dir=`$echo "X$arg" | $Xsed -e 's/^-L//'` + # We need an absolute path. + case $dir in +- [\\/]* | [A-Za-z]:[\\/]*) ;; ++ =* | [\\/]* | [A-Za-z]:[\\/]*) ;; + *) + absdir=`cd "$dir" && pwd` + if test -z "$absdir"; then +@@ -2558,7 +2558,7 @@ EOF + $echo "*** $linklib is not portable!" + fi + if test "$linkmode" = lib && +- test "$hardcode_into_libs" = yes; then ++ test "x$wrs_use_rpaths" = "xyes" && test "$hardcode_into_libs" = yes; then + # Hardcode the library path. + # Skip directories that are in the system default run-time + # search path. +@@ -2832,7 +2832,7 @@ EOF + + if test "$linkmode" = lib; then + if test -n "$dependency_libs" && +- { test "$hardcode_into_libs" != yes || ++ { test "$hardcode_into_libs" != yes || test "x$wrs_use_rpaths" != "xyes" || + test "$build_old_libs" = yes || + test "$link_static" = yes; }; then + # Extract -R from dependency_libs +@@ -3426,7 +3426,8 @@ EOF + *) finalize_rpath="$finalize_rpath $libdir" ;; + esac + done +- if test "$hardcode_into_libs" != yes || test "$build_old_libs" = yes; then ++ if test "$hardcode_into_libs" != yes || test "x$wrs_use_rpaths" != "xyes" || ++ test "$build_old_libs" = yes; then + dependency_libs="$temp_xrpath $dependency_libs" + fi + fi +@@ -3843,7 +3844,7 @@ EOF + case $archive_cmds in + *\$LD\ *) wl= ;; + esac +- if test "$hardcode_into_libs" = yes; then ++ if test "$hardcode_into_libs" = yes && test "x$wrs_use_rpaths" = "xyes" ; then + # Hardcode the library paths + hardcode_libdirs= + dep_rpath= +@@ -4397,6 +4398,27 @@ EOF + # Now hardcode the library paths + rpath= + hardcode_libdirs= ++ ++ # short circuit putting rpaths in executables ++ # ++ if test "x$wrs_use_rpaths" != "xyes" ; then ++ flag= ++ for libdir in $compile_rpath; do ++ case $(echo $libdir | ${SED} 's,/[/]*,/,g') in ++ /usr/lib/* | /usr/lib32/* | /usr/lib64/* ) flag="$flag $libdir" ;; ++ esac ++ done ++ compile_rpath="$flag" ++ ++ flag= ++ for libdir in $finalize_rpath; do ++ case $(echo $libdir | ${SED} 's,/[/]*,/,g') in ++ /usr/lib/* | /usr/lib32/* | /usr/lib64/* ) flag="$flag $libdir" ;; ++ esac ++ done ++ finalize_rpath="$flag" ++ fi ++ + for libdir in $compile_rpath $finalize_rpath; do + if test -n "$hardcode_libdir_flag_spec"; then + if test -n "$hardcode_libdir_separator"; then diff --git a/meta-webserver/recipes-httpd/apache2/apache2/fix-libtool-name.patch b/meta-webserver/recipes-httpd/apache2/apache2/fix-libtool-name.patch new file mode 100644 index 000000000..027af04c3 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2/fix-libtool-name.patch @@ -0,0 +1,55 @@ +Fix build scripts to use correct libtool filename + +Upstream-Status: Inappropriate [configuration] + +--- + httpd-2.4.2/build/config_vars.sh.in | 2 +- + httpd-2.4.2/configure | 2 +- + httpd-2.4.2/configure.in | 2 +- + httpd-2.4.2/support/apxs.in | 2 +- + 4 files changed, 4 insertions(+), 4 deletions(-) + +--- a/build/config_vars.sh.in ++++ b/build/config_vars.sh.in +@@ -35,7 +35,7 @@ else + APU_CONFIG=@APU_CONFIG@ + fi + +-APR_LIBTOOL="`${APR_CONFIG} --apr-libtool`" ++APR_LIBTOOL="`${APR_CONFIG} --apr-libtool | sed -e s,libtool,${host_alias}-libtool,`" + APR_INCLUDEDIR="`${APR_CONFIG} --includedir`" + test -n "@APU_CONFIG@" && APU_INCLUDEDIR="`${APU_CONFIG} --includedir`" + +--- a/configure ++++ b/configure +@@ -6205,7 +6205,7 @@ case $host in + if test "x$LTFLAGS" = "x"; then + LTFLAGS='--silent' + fi +- my_libtool=`$apr_config --apr-libtool` ++ my_libtool=`$apr_config --apr-libtool | sed -e s,libtool,${host_alias}-libtool,` + LIBTOOL="$my_libtool \$(LTFLAGS)" + libtoolversion=`$my_libtool --version` + case $libtoolversion in +--- a/configure.in ++++ b/configure.in +@@ -264,7 +264,7 @@ case $host in + if test "x$LTFLAGS" = "x"; then + LTFLAGS='--silent' + fi +- my_libtool=`$apr_config --apr-libtool` ++ my_libtool=`$apr_config --apr-libtool | sed -e s,libtool,${host_alias}-libtool,` + LIBTOOL="$my_libtool \$(LTFLAGS)" + libtoolversion=`$my_libtool --version` + case $libtoolversion in +--- a/support/apxs.in ++++ b/support/apxs.in +@@ -352,7 +352,7 @@ if ($apr_major_version < 2) { + } + } + +-my $libtool = `$apr_config --apr-libtool`; ++my $libtool = `$apr_config --apr-libtool| sed -e s,libtool,${host_alias}-libtool,`; + chomp($libtool); + + my $apr_includedir = `$apr_config --includes`; diff --git a/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.1-corelimit.patch b/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.1-corelimit.patch new file mode 100644 index 000000000..18e4107ec --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.1-corelimit.patch @@ -0,0 +1,37 @@ + +Bump up the core size limit if CoreDumpDirectory is +configured. + +Upstream-Status: Pending + +Note: upstreaming was discussed but there are competing desires; + there are portability oddities here too. + +--- httpd-2.4.1/server/core.c.corelimit ++++ httpd-2.4.1/server/core.c +@@ -4433,6 +4433,25 @@ static int core_post_config(apr_pool_t * + } + apr_pool_cleanup_register(pconf, NULL, ap_mpm_end_gen_helper, + apr_pool_cleanup_null); ++ ++#ifdef RLIMIT_CORE ++ if (ap_coredumpdir_configured) { ++ struct rlimit lim; ++ ++ if (getrlimit(RLIMIT_CORE, &lim) == 0 && lim.rlim_cur == 0) { ++ lim.rlim_cur = lim.rlim_max; ++ if (setrlimit(RLIMIT_CORE, &lim) == 0) { ++ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, ++ "core dump file size limit raised to %lu bytes", ++ lim.rlim_cur); ++ } else { ++ ap_log_error(APLOG_MARK, APLOG_NOTICE, errno, NULL, ++ "core dump file size is zero, setrlimit failed"); ++ } ++ } ++ } ++#endif ++ + return OK; + } + diff --git a/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.1-selinux.patch b/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.1-selinux.patch new file mode 100644 index 000000000..873328d9b --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.1-selinux.patch @@ -0,0 +1,63 @@ + +Log the SELinux context at startup. + +Upstream-Status: Inappropriate [other] + +Note: unlikely to be any interest in this upstream + +--- httpd-2.4.1/configure.in.selinux ++++ httpd-2.4.1/configure.in +@@ -458,6 +458,11 @@ fopen64 + dnl confirm that a void pointer is large enough to store a long integer + APACHE_CHECK_VOID_PTR_LEN + ++AC_CHECK_LIB(selinux, is_selinux_enabled, [ ++ AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported]) ++ APR_ADDTO(AP_LIBS, [-lselinux]) ++]) ++ + AC_CACHE_CHECK([for gettid()], ac_cv_gettid, + [AC_TRY_RUN(#define _GNU_SOURCE + #include +--- httpd-2.4.1/server/core.c.selinux ++++ httpd-2.4.1/server/core.c +@@ -58,6 +58,10 @@ + #include + #endif + ++#ifdef HAVE_SELINUX ++#include ++#endif ++ + /* LimitRequestBody handling */ + #define AP_LIMIT_REQ_BODY_UNSET ((apr_off_t) -1) + #define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 0) +@@ -4452,6 +4456,28 @@ static int core_post_config(apr_pool_t * + } + #endif + ++#ifdef HAVE_SELINUX ++ { ++ static int already_warned = 0; ++ int is_enabled = is_selinux_enabled() > 0; ++ ++ if (is_enabled && !already_warned) { ++ security_context_t con; ++ ++ if (getcon(&con) == 0) { ++ ++ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, ++ "SELinux policy enabled; " ++ "httpd running as context %s", con); ++ ++ already_warned = 1; ++ ++ freecon(con); ++ } ++ } ++ } ++#endif ++ + return OK; + } + diff --git a/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.4-export.patch b/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.4-export.patch new file mode 100644 index 000000000..afbed8e55 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.4-export.patch @@ -0,0 +1,22 @@ + +There is no need to "suck in" the apr/apr-util symbols when using +a shared libapr{,util}, it just bloats the symbol table; so don't. + +Upstream-HEAD: needed +Upstream-2.0: omit +Upstream-Status: Pending + +Note: EXPORT_DIRS change is conditional on using shared apr + +--- httpd-2.4.4/server/Makefile.in.export ++++ httpd-2.4.4/server/Makefile.in +@@ -57,9 +57,6 @@ export_files: + ( for dir in $(EXPORT_DIRS); do \ + ls $$dir/*.h ; \ + done; \ +- for dir in $(EXPORT_DIRS_APR); do \ +- ls $$dir/ap[ru].h $$dir/ap[ru]_*.h 2>/dev/null; \ +- done; \ + ) | sed -e s,//,/,g | sort -u > $@ + + exports.c: export_files diff --git a/meta-webserver/recipes-httpd/apache2/apache2/npn-patch-2.4.7.patch b/meta-webserver/recipes-httpd/apache2/apache2/npn-patch-2.4.7.patch new file mode 100644 index 000000000..a4f185501 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2/npn-patch-2.4.7.patch @@ -0,0 +1,289 @@ +Add support for TLS Next Protocol Negotiation: + +* modules/ssl/mod_ssl.c, modules/ssl/mod_ssl.h: Add and implement new + hooks for next protocol advertisement/discovery. + +* modules/ssl/ssl_engine_init.c (ssl_init_ctx_callbacks): Enable + NPN advertisement callback in handshake. + +* modules/ssl/ssl_engine_io.c (ssl_io_filter_input): Invoke + next-protocol discovery hook. + +* modules/ssl/ssl_engine_kernel.c (ssl_callback_AdvertiseNextProtos): + New callback. + +* modules/ssl/ssl_private.h: Add prototype. + +Submitted by: Matthew Steele + with slight tweaks by jorton + +http://svn.apache.org/viewvc?view=revision&revision=1332643 +https://bugzilla.redhat.com//show_bug.cgi?id=809599 +Upstream-Status: Backport +Signed-off-by: Hongxu Jia +--- + CHANGES | 2 + + modules/ssl/mod_ssl.c | 12 ++++++ + modules/ssl/mod_ssl.h | 21 +++++++++++ + modules/ssl/ssl_engine_init.c | 5 +++ + modules/ssl/ssl_engine_io.c | 24 ++++++++++++ + modules/ssl/ssl_engine_kernel.c | 82 +++++++++++++++++++++++++++++++++++++++++ + modules/ssl/ssl_private.h | 6 +++ + 7 files changed, 152 insertions(+) + +diff --git a/CHANGES b/CHANGES +--- a/CHANGES ++++ b/CHANGES +@@ -1,6 +1,8 @@ + -*- coding: utf-8 -*- + + Changes with Apache 2.4.7 ++ *) mod_ssl: Add support for TLS Next Protocol Negotiation. PR 52210. ++ [Matthew Steele ] + + *) APR 1.5.0 or later is now required for the event MPM. + +diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c +--- a/modules/ssl/mod_ssl.c ++++ b/modules/ssl/mod_ssl.c +@@ -275,6 +275,18 @@ static const command_rec ssl_config_cmds[] = { + AP_END_CMD + }; + ++/* Implement 'modssl_run_npn_advertise_protos_hook'. */ ++APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL( ++ modssl, AP, int, npn_advertise_protos_hook, ++ (conn_rec *connection, apr_array_header_t *protos), ++ (connection, protos), OK, DECLINED); ++ ++/* Implement 'modssl_run_npn_proto_negotiated_hook'. */ ++APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL( ++ modssl, AP, int, npn_proto_negotiated_hook, ++ (conn_rec *connection, const char *proto_name, apr_size_t proto_name_len), ++ (connection, proto_name, proto_name_len), OK, DECLINED); ++ + /* + * the various processing hooks + */ +diff --git a/modules/ssl/mod_ssl.h b/modules/ssl/mod_ssl.h +--- a/modules/ssl/mod_ssl.h ++++ b/modules/ssl/mod_ssl.h +@@ -63,5 +63,26 @@ APR_DECLARE_OPTIONAL_FN(int, ssl_proxy_enable, (conn_rec *)); + + APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *)); + ++/** The npn_advertise_protos optional hook allows other modules to add entries ++ * to the list of protocol names advertised by the server during the Next ++ * Protocol Negotiation (NPN) portion of the SSL handshake. The hook callee is ++ * given the connection and an APR array; it should push one or more char*'s ++ * pointing to null-terminated strings (such as "http/1.1" or "spdy/2") onto ++ * the array and return OK, or do nothing and return DECLINED. */ ++APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_advertise_protos_hook, ++ (conn_rec *connection, apr_array_header_t *protos)); ++ ++/** The npn_proto_negotiated optional hook allows other modules to discover the ++ * name of the protocol that was chosen during the Next Protocol Negotiation ++ * (NPN) portion of the SSL handshake. Note that this may be the empty string ++ * (in which case modules should probably assume HTTP), or it may be a protocol ++ * that was never even advertised by the server. The hook callee is given the ++ * connection, a non-null-terminated string containing the protocol name, and ++ * the length of the string; it should do something appropriate (i.e. insert or ++ * remove filters) and return OK, or do nothing and return DECLINED. */ ++APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_proto_negotiated_hook, ++ (conn_rec *connection, const char *proto_name, ++ apr_size_t proto_name_len)); ++ + #endif /* __MOD_SSL_H__ */ + /** @} */ +diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c +--- a/modules/ssl/ssl_engine_init.c ++++ b/modules/ssl/ssl_engine_init.c +@@ -546,6 +546,11 @@ static void ssl_init_ctx_callbacks(server_rec *s, + SSL_CTX_set_tmp_dh_callback(ctx, ssl_callback_TmpDH); + + SSL_CTX_set_info_callback(ctx, ssl_callback_Info); ++ ++#ifdef HAVE_TLS_NPN ++ SSL_CTX_set_next_protos_advertised_cb( ++ ctx, ssl_callback_AdvertiseNextProtos, NULL); ++#endif + } + + static void ssl_init_ctx_verify(server_rec *s, +diff --git a/modules/ssl/ssl_engine_io.c b/modules/ssl/ssl_engine_io.c +--- a/modules/ssl/ssl_engine_io.c ++++ b/modules/ssl/ssl_engine_io.c +@@ -28,6 +28,7 @@ + core keeps dumping.'' + -- Unknown */ + #include "ssl_private.h" ++#include "mod_ssl.h" + #include "apr_date.h" + + /* _________________________________________________________________ +@@ -297,6 +298,7 @@ typedef struct { + apr_pool_t *pool; + char buffer[AP_IOBUFSIZE]; + ssl_filter_ctx_t *filter_ctx; ++ int npn_finished; /* 1 if NPN has finished, 0 otherwise */ + } bio_filter_in_ctx_t; + + /* +@@ -1412,6 +1414,27 @@ static apr_status_t ssl_io_filter_input(ap_filter_t *f, + APR_BRIGADE_INSERT_TAIL(bb, bucket); + } + ++#ifdef HAVE_TLS_NPN ++ /* By this point, Next Protocol Negotiation (NPN) should be completed (if ++ * our version of OpenSSL supports it). If we haven't already, find out ++ * which protocol was decided upon and inform other modules by calling ++ * npn_proto_negotiated_hook. */ ++ if (!inctx->npn_finished) { ++ const unsigned char *next_proto = NULL; ++ unsigned next_proto_len = 0; ++ ++ SSL_get0_next_proto_negotiated( ++ inctx->ssl, &next_proto, &next_proto_len); ++ ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, f->c, ++ "SSL NPN negotiated protocol: '%s'", ++ apr_pstrmemdup(f->c->pool, (const char*)next_proto, ++ next_proto_len)); ++ modssl_run_npn_proto_negotiated_hook( ++ f->c, (const char*)next_proto, next_proto_len); ++ inctx->npn_finished = 1; ++ } ++#endif ++ + return APR_SUCCESS; + } + +@@ -1893,6 +1916,7 @@ static void ssl_io_input_add_filter(ssl_filter_ctx_t *filter_ctx, conn_rec *c, + inctx->block = APR_BLOCK_READ; + inctx->pool = c->pool; + inctx->filter_ctx = filter_ctx; ++ inctx->npn_finished = 0; + } + + /* The request_rec pointer is passed in here only to ensure that the +diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c +--- a/modules/ssl/ssl_engine_kernel.c ++++ b/modules/ssl/ssl_engine_kernel.c +@@ -29,6 +29,7 @@ + time I was too famous.'' + -- Unknown */ + #include "ssl_private.h" ++#include "mod_ssl.h" + #include "util_md5.h" + + static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn); +@@ -2139,3 +2140,84 @@ int ssl_callback_SRPServerParams(SSL *ssl, int *ad, void *arg) + } + + #endif /* HAVE_SRP */ ++ ++#ifdef HAVE_TLS_NPN ++/* ++ * This callback function is executed when SSL needs to decide what protocols ++ * to advertise during Next Protocol Negotiation (NPN). It must produce a ++ * string in wire format -- a sequence of length-prefixed strings -- indicating ++ * the advertised protocols. Refer to SSL_CTX_set_next_protos_advertised_cb ++ * in OpenSSL for reference. ++ */ ++int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data_out, ++ unsigned int *size_out, void *arg) ++{ ++ conn_rec *c = (conn_rec*)SSL_get_app_data(ssl); ++ apr_array_header_t *protos; ++ int num_protos; ++ unsigned int size; ++ int i; ++ unsigned char *data; ++ unsigned char *start; ++ ++ *data_out = NULL; ++ *size_out = 0; ++ ++ /* If the connection object is not available, then there's nothing for us ++ * to do. */ ++ if (c == NULL) { ++ return SSL_TLSEXT_ERR_OK; ++ } ++ ++ /* Invoke our npn_advertise_protos hook, giving other modules a chance to ++ * add alternate protocol names to advertise. */ ++ protos = apr_array_make(c->pool, 0, sizeof(char*)); ++ modssl_run_npn_advertise_protos_hook(c, protos); ++ num_protos = protos->nelts; ++ ++ /* We now have a list of null-terminated strings; we need to concatenate ++ * them together into a single string, where each protocol name is prefixed ++ * by its length. First, calculate how long that string will be. */ ++ size = 0; ++ for (i = 0; i < num_protos; ++i) { ++ const char *string = APR_ARRAY_IDX(protos, i, const char*); ++ unsigned int length = strlen(string); ++ /* If the protocol name is too long (the length must fit in one byte), ++ * then log an error and skip it. */ ++ if (length > 255) { ++ ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, ++ "SSL NPN protocol name too long (length=%u): %s", ++ length, string); ++ continue; ++ } ++ /* Leave room for the length prefix (one byte) plus the protocol name ++ * itself. */ ++ size += 1 + length; ++ } ++ ++ /* If there is nothing to advertise (either because no modules added ++ * anything to the protos array, or because all strings added to the array ++ * were skipped), then we're done. */ ++ if (size == 0) { ++ return SSL_TLSEXT_ERR_OK; ++ } ++ ++ /* Now we can build the string. Copy each protocol name string into the ++ * larger string, prefixed by its length. */ ++ data = apr_palloc(c->pool, size * sizeof(unsigned char)); ++ start = data; ++ for (i = 0; i < num_protos; ++i) { ++ const char *string = APR_ARRAY_IDX(protos, i, const char*); ++ apr_size_t length = strlen(string); ++ *start = (unsigned char)length; ++ ++start; ++ memcpy(start, string, length * sizeof(unsigned char)); ++ start += length; ++ } ++ ++ /* Success. */ ++ *data_out = data; ++ *size_out = size; ++ return SSL_TLSEXT_ERR_OK; ++} ++#endif /* HAVE_TLS_NPN */ +diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h +--- a/modules/ssl/ssl_private.h ++++ b/modules/ssl/ssl_private.h +@@ -123,6 +123,11 @@ + #define MODSSL_SSL_METHOD_CONST + #endif + ++#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_NEXTPROTONEG) \ ++ && !defined(OPENSSL_NO_TLSEXT) ++#define HAVE_TLS_NPN ++#endif ++ + #if defined(OPENSSL_FIPS) + #define HAVE_FIPS + #endif +@@ -800,6 +805,7 @@ int ssl_callback_ServerNameIndication(SSL *, int *, modssl_ctx_t *); + int ssl_callback_SessionTicket(SSL *, unsigned char *, unsigned char *, + EVP_CIPHER_CTX *, HMAC_CTX *, int); + #endif ++int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data, unsigned int *len, void *arg); + + /** Session Cache Support */ + void ssl_scache_init(server_rec *, apr_pool_t *); +-- +1.8.1.2 + diff --git a/meta-webserver/recipes-httpd/apache2/apache2/replace-lynx-to-curl-in-apachectl-script.patch b/meta-webserver/recipes-httpd/apache2/apache2/replace-lynx-to-curl-in-apachectl-script.patch new file mode 100644 index 000000000..584ddc8d9 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2/replace-lynx-to-curl-in-apachectl-script.patch @@ -0,0 +1,52 @@ +From 760ccbb2fb046621a2aeaecabb2b1ef9aa280cf1 Mon Sep 17 00:00:00 2001 +From: Yulong Pei +Date: Thu, 1 Sep 2011 01:03:14 +0800 +Subject: [PATCH] replace lynx to curl in apachectl script + +Upstream-Status: Inappropriate [configuration] + +Signed-off-by: Yulong Pei +--- + support/apachectl.in | 14 ++++++++++---- + 1 files changed, 10 insertions(+), 4 deletions(-) + +diff --git a/support/apachectl.in b/support/apachectl.in +index d4dff38..109ea13 100644 +--- a/support/apachectl.in ++++ b/support/apachectl.in +@@ -51,11 +51,11 @@ fi + # a command that outputs a formatted text version of the HTML at the + # url given on the command line. Designed for lynx, however other + # programs may work. +-LYNX="@LYNX_PATH@ -dump" ++CURL="/usr/bin/curl" + # + # the URL to your server's mod_status status page. If you do not + # have one, then status and fullstatus will not work. +-STATUSURL="http://localhost:@PORT@/server-status" ++STATUSURL="http://localhost:@PORT@/" + # + # Set this variable to a command that increases the maximum + # number of file descriptors allowed per child process. This is +@@ -91,10 +91,16 @@ configtest) + ERROR=$? + ;; + status) +- $LYNX $STATUSURL | awk ' /process$/ { print; exit } { print } ' ++ $CURL -s $STATUSURL | grep -o "It works!" ++ if [ $? != 0 ] ; then ++ echo The httpd server does not work! ++ fi + ;; + fullstatus) +- $LYNX $STATUSURL ++ $CURL -s $STATUSURL | grep -o "It works!" ++ if [ $? != 0 ] ; then ++ echo The httpd server does not work! ++ fi + ;; + *) + $HTTPD $ARGV +-- +1.6.4 + diff --git a/meta-webserver/recipes-httpd/apache2/apache2/server-makefile.patch b/meta-webserver/recipes-httpd/apache2/apache2/server-makefile.patch new file mode 100644 index 000000000..f1349cb6a --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2/server-makefile.patch @@ -0,0 +1,11 @@ +--- http-2.0.54/server/Makefile.in-old 2005-12-20 13:26:56.000000000 -0500 ++++ http-2.0.54/server/Makefile.in 2005-12-20 13:27:22.000000000 -0500 +@@ -27,7 +27,7 @@ + $(LINK) $(EXTRA_LDFLAGS) $(gen_test_char_OBJECTS) $(EXTRA_LIBS) + + test_char.h: gen_test_char +- ./gen_test_char > test_char.h ++ gen_test_char > test_char.h + + util.lo: test_char.h + diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.10.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.10.bb new file mode 100644 index 000000000..d79d40bd2 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.10.bb @@ -0,0 +1,160 @@ +DESCRIPTION = "The Apache HTTP Server is a powerful, efficient, and \ +extensible web server." +SUMMARY = "Apache HTTP Server" +HOMEPAGE = "http://httpd.apache.org/" +DEPENDS = "libtool-native apache2-native openssl expat pcre apr apr-util" +SECTION = "net" +LICENSE = "Apache-2.0" + +SRC_URI = "http://www.apache.org/dist/httpd/httpd-${PV}.tar.bz2 \ + file://server-makefile.patch \ + file://httpd-2.4.1-corelimit.patch \ + file://httpd-2.4.4-export.patch \ + file://httpd-2.4.1-selinux.patch \ + file://apache-configure_perlbin.patch \ + file://replace-lynx-to-curl-in-apachectl-script.patch \ + file://apache-ssl-ltmain-rpath.patch \ + file://httpd-2.4.3-fix-race-issue-of-dir-install.patch \ + file://npn-patch-2.4.7.patch \ + file://0001-configure-use-pkg-config-for-PCRE-detection.patch \ + file://init \ + file://apache2-volatile.conf \ + file://apache2.service \ + file://apache-CVE-2014-0117.patch \ + " + +LIC_FILES_CHKSUM = "file://LICENSE;md5=dbff5a2b542fa58854455bf1a0b94b83" +SRC_URI[md5sum] = "44543dff14a4ebc1e9e2d86780507156" +SRC_URI[sha256sum] = "176c4dac1a745f07b7b91e7f4fd48f9c48049fa6f088efe758d61d9738669c6a" + +S = "${WORKDIR}/httpd-${PV}" + +inherit autotools update-rc.d pkgconfig systemd + +SYSTEMD_SERVICE_${PN} = "apache2.service" +SYSTEMD_AUTO_ENABLE_${PN} = "disable" + +SSTATE_SCAN_FILES += "apxs config_vars.mk config.nice" + +CFLAGS_append = " -DPATH_MAX=4096" +CFLAGS_prepend = "-I${STAGING_INCDIR}/openssl " +EXTRA_OECONF = "--enable-ssl \ + --with-ssl=${STAGING_LIBDIR}/.. \ + --with-expat=${STAGING_LIBDIR}/.. \ + --with-apr=${STAGING_BINDIR_CROSS}/apr-1-config \ + --with-apr-util=${STAGING_BINDIR_CROSS}/apu-1-config \ + --enable-info \ + --enable-rewrite \ + --with-dbm=sdbm \ + --with-berkeley-db=no \ + --localstatedir=/var/${BPN} \ + --with-gdbm=no \ + --with-ndbm=no \ + --includedir=${includedir}/${BPN} \ + --datadir=${datadir}/${BPN} \ + --sysconfdir=${sysconfdir}/${BPN} \ + --libexecdir=${libdir}/${BPN}/modules \ + ap_cv_void_ptr_lt_long=no \ + --enable-mpms-shared \ + ac_cv_have_threadsafe_pollset=no" + +do_install_append() { + install -d ${D}/${sysconfdir}/init.d + cat ${WORKDIR}/init | \ + sed -e 's,/usr/sbin/,${sbindir}/,g' \ + -e 's,/usr/bin/,${bindir}/,g' \ + -e 's,/usr/lib,${libdir}/,g' \ + -e 's,/etc/,${sysconfdir}/,g' \ + -e 's,/usr/,${prefix}/,g' > ${D}/${sysconfdir}/init.d/${BPN} + chmod 755 ${D}/${sysconfdir}/init.d/${BPN} + # remove the goofy original files... + rm -rf ${D}/${sysconfdir}/${BPN}/original + # Expat should be found in the staging area via DEPENDS... + rm -f ${D}/${libdir}/libexpat.* + + install -d ${D}${sysconfdir}/${BPN}/conf.d + install -d ${D}${sysconfdir}/${BPN}/modules.d + + # Ensure configuration file pulls in conf.d and modules.d + printf "\nIncludeOptional ${sysconfdir}/${BPN}/conf.d/*.conf" >> ${D}/${sysconfdir}/${BPN}/httpd.conf + printf "\nIncludeOptional ${sysconfdir}/${BPN}/modules.d/*.conf\n\n" >> ${D}/${sysconfdir}/${BPN}/httpd.conf + # match with that is in init script + printf "\nPidFile /run/httpd.pid" >> ${D}/${sysconfdir}/${BPN}/httpd.conf + # Set 'ServerName' to fix error messages when restart apache service + sed -i 's/^#ServerName www.example.com/ServerName localhost/' ${D}/${sysconfdir}/${BPN}/httpd.conf + + if ${@base_contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + install -d ${D}${sysconfdir}/tmpfiles.d/ + install -m 0644 ${WORKDIR}/apache2-volatile.conf ${D}${sysconfdir}/tmpfiles.d/ + fi + + install -d ${D}${systemd_unitdir}/system + install -m 0644 ${WORKDIR}/apache2.service ${D}${systemd_unitdir}/system + sed -i -e 's,@SBINDIR@,${sbindir},g' ${D}${systemd_unitdir}/system/apache2.service + sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' ${D}${systemd_unitdir}/system/apache2.service +} + +SYSROOT_PREPROCESS_FUNCS += "apache_sysroot_preprocess" + +apache_sysroot_preprocess () { + install -d ${SYSROOT_DESTDIR}${bindir_crossscripts}/ + install -m 755 ${D}${bindir}/apxs ${SYSROOT_DESTDIR}${bindir_crossscripts}/ + sed -i 's!my $installbuilddir = .*!my $installbuilddir = "${STAGING_DIR_HOST}/${datadir}/${BPN}/build";!' ${SYSROOT_DESTDIR}${bindir_crossscripts}/apxs + sed -i 's!my $libtool = .*!my $libtool = "${STAGING_BINDIR_CROSS}/${TARGET_PREFIX}libtool";!' ${SYSROOT_DESTDIR}${bindir_crossscripts}/apxs + + sed -i 's!^APR_CONFIG = .*!APR_CONFIG = ${STAGING_BINDIR_CROSS}/apr-1-config!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk + sed -i 's!^APU_CONFIG = .*!APU_CONFIG = ${STAGING_BINDIR_CROSS}/apu-1-config!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk + sed -i 's!^includedir = .*!includedir = ${STAGING_INCDIR}/apache2!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk +} + +# +# implications - used by update-rc.d scripts +# +INITSCRIPT_NAME = "apache2" +INITSCRIPT_PARAMS = "defaults 91 20" +LEAD_SONAME = "libapr-1.so.0" + +PACKAGES = "${PN}-scripts ${PN}-doc ${PN}-dev ${PN}-dbg ${PN}" + +CONFFILES_${PN} = "${sysconfdir}/${BPN}/httpd.conf \ + ${sysconfdir}/${BPN}/magic \ + ${sysconfdir}/${BPN}/mime.types \ + ${sysconfdir}/init.d/${BPN} " + +# we override here rather than append so that .so links are +# included in the runtime package rather than here (-dev) +# and to get build, icons, error into the -dev package +FILES_${PN}-dev = "${datadir}/${BPN}/build \ + ${datadir}/${BPN}/icons \ + ${datadir}/${BPN}/error \ + ${bindir}/apr-config ${bindir}/apu-config \ + ${libdir}/apr*.exp \ + ${includedir}/${BPN} \ + ${libdir}/*.la \ + ${libdir}/*.a \ + ${bindir}/apxs \ + " + + +# manual to manual +FILES_${PN}-doc += " ${datadir}/${BPN}/manual" + +FILES_${PN}-scripts += "${bindir}/dbmmanage" + +# +# override this too - here is the default, less datadir +# +FILES_${PN} = "${bindir} ${sbindir} ${libexecdir} ${libdir}/lib*.so.* ${sysconfdir} \ + ${sharedstatedir} ${localstatedir} /bin /sbin /lib/*.so* \ + ${libdir}/${BPN}" + +# we want htdocs and cgi-bin to go with the binary +FILES_${PN} += "${datadir}/${BPN}/htdocs ${datadir}/${BPN}/cgi-bin" + +#make sure the lone .so links also get wrapped in the base package +FILES_${PN} += "${libdir}/lib*.so ${libdir}/pkgconfig/*" + +FILES_${PN}-dbg += "${libdir}/${BPN}/modules/.debug" + +RDEPENDS_${PN} += "openssl libgcc" +RDEPENDS_${PN}-scripts += "perl ${PN}" diff --git a/meta-webserver/recipes-httpd/apache2/files/0001-configure-use-pkg-config-for-PCRE-detection.patch b/meta-webserver/recipes-httpd/apache2/files/0001-configure-use-pkg-config-for-PCRE-detection.patch new file mode 100644 index 000000000..63096db0a --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/files/0001-configure-use-pkg-config-for-PCRE-detection.patch @@ -0,0 +1,52 @@ +From d8837756f2a48adcfe5d645c39cf163d96eac76c Mon Sep 17 00:00:00 2001 +From: Koen Kooi +Date: Tue, 17 Jun 2014 09:10:57 +0200 +Subject: [PATCH] configure: use pkg-config for PCRE detection + +Signed-off-by: Koen Kooi +Upstream-Status: pending +--- + configure.in | 27 +++++---------------------- + 1 file changed, 5 insertions(+), 22 deletions(-) + +diff --git a/configure.in b/configure.in +index 864d7c7..da4138e 100644 +--- a/configure.in ++++ b/configure.in +@@ -215,28 +215,11 @@ fi + AC_ARG_WITH(pcre, + APACHE_HELP_STRING(--with-pcre=PATH,Use external PCRE library)) + +-AC_PATH_PROG(PCRE_CONFIG, pcre-config, false) +-if test -d "$with_pcre" && test -x "$with_pcre/bin/pcre-config"; then +- PCRE_CONFIG=$with_pcre/bin/pcre-config +-elif test -x "$with_pcre"; then +- PCRE_CONFIG=$with_pcre +-fi +- +-if test "$PCRE_CONFIG" != "false"; then +- if $PCRE_CONFIG --version >/dev/null 2>&1; then :; else +- AC_MSG_ERROR([Did not find pcre-config script at $PCRE_CONFIG]) +- fi +- case `$PCRE_CONFIG --version` in +- [[1-5].*]) +- AC_MSG_ERROR([Need at least pcre version 6.0]) +- ;; +- esac +- AC_MSG_NOTICE([Using external PCRE library from $PCRE_CONFIG]) +- APR_ADDTO(PCRE_INCLUDES, [`$PCRE_CONFIG --cflags`]) +- APR_ADDTO(PCRE_LIBS, [`$PCRE_CONFIG --libs`]) +-else +- AC_MSG_ERROR([pcre-config for libpcre not found. PCRE is required and available from http://pcre.org/]) +-fi ++PKG_CHECK_MODULES([PCRE], [libpcre], [ ++ AC_DEFINE([HAVE_PCRE], [1], [Define if you have PCRE library]) ++], [ ++ AC_MSG_ERROR([$PCRE_PKG_ERRORS]) ++]) + APACHE_SUBST(PCRE_LIBS) + + AC_MSG_NOTICE([]) +-- +1.9.3 + diff --git a/meta-webserver/recipes-httpd/apache2/files/apache2-volatile.conf b/meta-webserver/recipes-httpd/apache2/files/apache2-volatile.conf new file mode 100644 index 000000000..ff2c58704 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/files/apache2-volatile.conf @@ -0,0 +1,2 @@ +d /var/run/apache2 0755 root root - +d /var/log/apache2 0755 root root - diff --git a/meta-webserver/recipes-httpd/apache2/files/apache2.service b/meta-webserver/recipes-httpd/apache2/files/apache2.service new file mode 100644 index 000000000..f4bcf9efa --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/files/apache2.service @@ -0,0 +1,14 @@ +[Unit] +Decription=The Apache HTTP Server +After=network.target remote-fs.target nss-lookup.target + +[Service] +Type=simple +Environment=LANG=C +ExecStart=@SBINDIR@/httpd -DFOREGROUND -D SSL -D PHP5 -k start +ExecStop=@BASE_BINDIR@/kill -WINCH ${MAINPID} +KillSignal=SIGCONT +PrivateTmp=true + +[Install] +WantedBy=multi-user.target diff --git a/meta-webserver/recipes-httpd/apache2/files/httpd-2.4.3-fix-race-issue-of-dir-install.patch b/meta-webserver/recipes-httpd/apache2/files/httpd-2.4.3-fix-race-issue-of-dir-install.patch new file mode 100644 index 000000000..b948753b4 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/files/httpd-2.4.3-fix-race-issue-of-dir-install.patch @@ -0,0 +1,21 @@ +Upstream-Status: Pending + +fix following race issue when do parallel install +| mkdir: cannot create directory `/home/mypc/workspace/poky/build_p4080ds_release/tmp/work/ppce500mc-fsl_networking-linux/apache2/2.4.3-r1/image/usr/share/apache2': File exists +... +| mkdir: cannot create directory `/home/mypc/workspace/poky/build_p4080ds_release/tmp/work/ppce500mc-fsl_networking-linux/apache2/2.4.3-r1/image/usr/share/apache2': File exists +| make[1]: *** [install-man] Error 1 +| make[1]: *** Waiting for unfinished jobs.... + +-Signed-off-by: Zhenhua Luo +--- httpd-2.4.3/build/mkdir.sh.orig 2013-01-25 03:47:21.565255420 -0600 ++++ httpd-2.4.3/build/mkdir.sh 2013-01-25 03:46:17.833051230 -0600 +@@ -39,7 +39,7 @@ + esac + if test ! -d "$pathcomp"; then + echo "mkdir $pathcomp" 1>&2 +- mkdir "$pathcomp" || errstatus=$? ++ mkdir -p "$pathcomp" || errstatus=$? + fi + pathcomp="$pathcomp/" + done diff --git a/meta-webserver/recipes-httpd/apache2/files/init b/meta-webserver/recipes-httpd/apache2/files/init new file mode 100755 index 000000000..a1adbd74f --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/files/init @@ -0,0 +1,73 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: httpd +# Required-Start: $local_fs $remote_fs $network $named +# Required-Stop: $local_fs $remote_fs $network +# Should-Start: distcache +# Short-Description: start and stop Apache HTTP Server +# Description: The Apache HTTP Server is an extensible server +# implementing the current HTTP standards. +### END INIT INFO + +ARGS="-D SSL -D PHP5 -k start" +NAME=apache2 +PATH=/bin:/usr/bin:/sbin:/usr/sbin +DAEMON=/usr/sbin/httpd +SUEXEC=/usr/lib/apache/suexec +PIDFILE=/run/httpd.pid +CONF=/etc/apache2/httpd.conf +APACHECTL=/usr/sbin/apachectl + +trap "" 1 +export LANG=C +export PATH + +test -f $DAEMON || exit 0 +test -f $APACHECTL || exit 0 + +# ensure we don't leak environment vars into apachectl +APACHECTL="env -i LANG=${LANG} PATH=${PATH} $APACHECTL" + +case "$1" in + start) + echo -n "Starting web server: $NAME" + $APACHECTL $ARGS + ;; + + stop) + $APACHECTL stop + ;; + + reload) + echo -n "Reloading $NAME configuration" + kill -HUP `cat $PIDFILE` + ;; + + reload-modules) + echo -n "Reloading $NAME modules" + $APACHECTL restart + ;; + + restart) + $APACHECTL restart + exit $? + ;; + + force-reload) + $0 reload-modules + exit $? + ;; + + *) + echo "Usage: /etc/init.d/$NAME {start|stop|reload|reload-modules|force-reload|restart}" + exit 1 + ;; +esac + +if [ $? = 0 ]; then + echo . + exit 0 +else + echo failed + exit 1 +fi diff --git a/meta-webserver/recipes-httpd/cherokee/cherokee/cherokee-install-configured.py-once.patch b/meta-webserver/recipes-httpd/cherokee/cherokee/cherokee-install-configured.py-once.patch new file mode 100644 index 000000000..3336f7df7 --- /dev/null +++ b/meta-webserver/recipes-httpd/cherokee/cherokee/cherokee-install-configured.py-once.patch @@ -0,0 +1,40 @@ +From 98a0f19df0a31d5649ad89d395fd1b8de5591827 Mon Sep 17 00:00:00 2001 +From: Robert Yang +Date: Thu, 3 Apr 2014 21:33:25 +0800 +Subject: [PATCH] admin/Makefile.am: only install configured.py once + +Both the two rules install-adminpyDATA and install-generatedDATA will +install the configured.py to the same location, they can run parallel, +and they use "install -m", which would might build failures: + +/usr/bin/install: setting permissions for `/path/to/configured.py': No such file or directory + +This is because the first install is setting the permission while the +second install is removing the file an re-install. + +Only install the configured.py once will fix the problem, I think that +there is no side effect since it installed the same file to the same +location twice in the past. + +Upstream-Status: Pending + +Signed-off-by: Robert Yang +--- + admin/Makefile.am | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/admin/Makefile.am b/admin/Makefile.am +index ce5937b..6f96934 100644 +--- a/admin/Makefile.am ++++ b/admin/Makefile.am +@@ -73,7 +73,6 @@ SystemStatsWidgets.py \ + Wizard.py \ + XMLServerDigest.py \ + config_version.py \ +-configured.py \ + consts.py \ + util.py \ + popen.py \ +-- +1.8.2.1 + diff --git a/meta-webserver/recipes-httpd/cherokee/cherokee/cherokee.init b/meta-webserver/recipes-httpd/cherokee/cherokee/cherokee.init new file mode 100644 index 000000000..93603b84d --- /dev/null +++ b/meta-webserver/recipes-httpd/cherokee/cherokee/cherokee.init @@ -0,0 +1,32 @@ +#!/bin/sh +DAEMON=/usr/sbin/cherokee +CONFIG=/etc/cherokee/cherokee.conf +PIDFILE=/var/run/cherokee.pid +NAME="cherokee" +DESC="Cherokee http server" + +test -r /etc/default/cherokee && . /etc/default/cherokee +test -x "$DAEMON" || exit 0 +test ! -r "$CONFIG" && exit 0 + +case "$1" in + start) + echo "Starting $DESC: " + start-stop-daemon --oknodo -S -x $DAEMON -- -d -C $CONFIG + ;; + + stop) + echo "Stopping $DESC:" + start-stop-daemon -K -p $PIDFILE + ;; + + restart) + $0 stop >/dev/null 2>&1 + $0 start + ;; + + *) + echo "Usage: $0 {start|stop|restart}" + exit 0 + ;; +esac diff --git a/meta-webserver/recipes-httpd/cherokee/cherokee/cherokee.service b/meta-webserver/recipes-httpd/cherokee/cherokee/cherokee.service new file mode 100644 index 000000000..a2d703185 --- /dev/null +++ b/meta-webserver/recipes-httpd/cherokee/cherokee/cherokee.service @@ -0,0 +1,10 @@ +[Unit] +Description=Cherokee web server +After=syslog.target + +[Service] +Type=forking +ExecStart=/usr/sbin/cherokee -d -C /etc/cherokee/cherokee.conf + +[Install] +WantedBy=multi-user.target diff --git a/meta-webserver/recipes-httpd/cherokee/cherokee_1.2.98.bb b/meta-webserver/recipes-httpd/cherokee/cherokee_1.2.98.bb new file mode 100644 index 000000000..054858ed3 --- /dev/null +++ b/meta-webserver/recipes-httpd/cherokee/cherokee_1.2.98.bb @@ -0,0 +1,67 @@ +SUMMARY = "Cherokee Web Server fast and secure" +SUMMARY_cget = "Small downloader based in the Cherokee client library" +HOMEPAGE = "http://www.cherokee-project.com/" +SECTION = "network" +LICENSE = "GPLv2" +LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f" + +PR = "r9" + +DEPENDS = "libpcre openssl mysql5 ${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" + +SRC_URI = "http://www.cherokee-project.de/mirrors/cherokee/1.2/${PV}/cherokee-${PV}.tar.gz \ + file://cherokee.init \ + file://cherokee.service \ + file://cherokee-install-configured.py-once.patch \ +" +SRC_URI[md5sum] = "21b01e7d45c0e82ecc0c4257a9c27feb" +SRC_URI[sha256sum] = "042b5687b1a3db3ca818167548ce5d32c35e227c6640732dcb622a6f4a078b7d" + +inherit autotools pkgconfig binconfig update-rc.d systemd + +PACKAGECONFIG ??= "" +PACKAGECONFIG[ffmpeg] = "--with-ffmpeg,--without-ffmpeg,libav" +PACKAGECONFIG[ldap] = "--with-ldap,--without-ldap,openldap" + +EXTRA_OECONF = "--disable-static \ + --disable-nls \ + ${@base_contains('DISTRO_FEATURES', 'pam', '--enable-pam', '--disable-pam', d)} \ + --with-wwwroot=${localstatedir}/www/cherokee \ +" + +do_install_append () { + install -m 0755 -d ${D}${sysconfdir}/init.d + install -m 755 ${WORKDIR}/cherokee.init ${D}${sysconfdir}/init.d/cherokee + + # clean up .la files for plugins + rm -f ${D}${libdir}/cherokee/*.la + + install -d ${D}${systemd_unitdir}/system + install -m 0644 ${WORKDIR}/cherokee.service ${D}${systemd_unitdir}/system + rmdir "${D}${localstatedir}/run" + rmdir --ignore-fail-on-non-empty "${D}${localstatedir}" +} + +# Put -dev near the front so we can move the .la files into it with a wildcard +PACKAGES =+ "libcherokee-server libcherokee-client libcherokee-base cget" + +FILES_cget = "${bindir}/cget" +FILES_libcherokee-server = "${libdir}/libcherokee-server${SOLIBS}" +FILES_libcherokee-client = "${libdir}/libcherokee-client${SOLIBS}" +FILES_libcherokee-base = "${libdir}/libcherokee-base${SOLIBS}" + +# Pack the htdocs +FILES_${PN} += "${localstatedir}/www/cherokee" + +CONFFILES_${PN} = " \ + ${sysconfdir}/cherokee/cherokee.conf \ + ${sysconfdir}/init.d/cherokee \ +" + +INITSCRIPT_NAME = "cherokee" +INITSCRIPT_PARAMS = "defaults 91 91" + +RPROVIDES_${PN} += "${PN}-systemd" +RREPLACES_${PN} += "${PN}-systemd" +RCONFLICTS_${PN} += "${PN}-systemd" +SYSTEMD_SERVICE_${PN} = "cherokee.service" diff --git a/meta-webserver/recipes-httpd/hiawatha/files/hiawatha-init b/meta-webserver/recipes-httpd/hiawatha/files/hiawatha-init new file mode 100644 index 000000000..47fc0877a --- /dev/null +++ b/meta-webserver/recipes-httpd/hiawatha/files/hiawatha-init @@ -0,0 +1,44 @@ +#!/bin/sh + +### BEGIN INIT INFO +# Provides: hiawatha httpd httpd-cgi +# Required-Start: $syslog $network $remote_fs +# Required-Stop: $syslog $network $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Hiawatha webserver +# Description: Hiawatha, a secure and advanced webserver. +### END INIT INFO + +PATH=/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=sed_sbin_path/hiawatha +NAME=hiawatha +DESC="Hiawatha Web Server" +OPTS="" + +case "$1" in + start) + echo -n "Starting $DESC: " + start-stop-daemon --start -x "$DAEMON" -- $OPTS + echo "$NAME." + ;; + stop) + echo -n "Stopping $DESC: " + start-stop-daemon --stop -x "$DAEMON" + echo "$NAME." + ;; + restart|force-reload) + echo -n "Restarting $DESC: " + start-stop-daemon --stop -x "$DAEMON" + sleep 1 + start-stop-daemon --start -x "$DAEMON" -- $OPTS + echo "$NAME." + ;; + *) + N=/etc/init.d/$NAME + echo "Usage: $N {start|stop|restart|force-reload}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/meta-webserver/recipes-httpd/hiawatha/files/hiawatha.service b/meta-webserver/recipes-httpd/hiawatha/files/hiawatha.service new file mode 100644 index 000000000..26cb8d03d --- /dev/null +++ b/meta-webserver/recipes-httpd/hiawatha/files/hiawatha.service @@ -0,0 +1,16 @@ +[Unit] +Description=Hiawatha Web Server +After=network.target remote-fs.target nss-lookup.target + +[Service] +Type=simple +SyslogIdentifier=hiawatha +ExecStartPre=/usr/sbin/hiawatha -k ; /usr/sbin/wigwam +ExecStart= /usr/sbin/hiawatha -d +TimeoutSec=10 +#(doesn't like this setting. Can't find files) PrivateTmp=true +LimitNOFILE=infinity +CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER CAP_FSETID CAP_SETGID CAP_SETUID + +[Install] +WantedBy=multi-user.target diff --git a/meta-webserver/recipes-httpd/hiawatha/hiawatha_9.2.bb b/meta-webserver/recipes-httpd/hiawatha/hiawatha_9.2.bb new file mode 100644 index 000000000..b9fa5cde8 --- /dev/null +++ b/meta-webserver/recipes-httpd/hiawatha/hiawatha_9.2.bb @@ -0,0 +1,66 @@ +SUMMARY = "Lightweight secure web server" +HOMEPAGE = "http://www.hiawatha-webserver.org" +LICENSE = "GPLv2" +LIC_FILES_CHKSUM = "file://LICENSE;md5=751419260aa954499f7abaabaa882bbe" +DEPENDS = "libxml2 libxslt" + +SECTION = "net" + +SRC_URI = "http://hiawatha-webserver.org/files/${BP}.tar.gz \ + file://hiawatha-init \ + file://hiawatha.service " + +SRC_URI[md5sum] = "a77f044634884c4cc5d21dab44e822a3" +SRC_URI[sha256sum] = "5d9cdec51c618bb3efab747030e593d9bd49dfaf3236254c8e0cb60715716dbf" + +INITSCRIPT_NAME = "hiawatha" +INITSCRIPT_PARAMS = "defaults 70" + +SYSTEMD_SERVICE_${PN} = "hiawatha.service" + +inherit cmake update-rc.d systemd + +EXTRA_OECMAKE = " -DENABLE_IPV6=OFF \ + -DENABLE_CACHE=OFF \ + -DENABLE_DEBUG=OFF \ + -DENABLE_SSL=OFF \ + -DENABLE_TOOLKIT=OFF \ + -DENABLE_CHROOT=OFF \ + -DENABLE_XSLT=ON \ + -DENABLE_TOMAHAWK=OFF \ + -DCMAKE_INSTALL_MANDIR=${mandir} \ + -DCMAKE_INSTALL_BINDIR=${bindir} \ + -DCMAKE_INSTALL_SBINDIR=${sbindir} \ + -DCMAKE_INSTALL_SYSCONFDIR=${sysconfdir} \ + -DCMAKE_INSTALL_LIBDIR=${libdir} \ + -DLOG_DIR=/var/log/hiawatha \ + -DPID_DIR=/var/run \ + -DWEBROOT_DIR=/var/www/hiawatha \ + -DWORK_DIR=/var/lib/hiawatha " + +do_install_append() { + # Copy over init script and sed in the correct sbin path + sed -i 's,sed_sbin_path,${sbindir},' ${WORKDIR}/hiawatha-init + mkdir -p ${D}${sysconfdir}/init.d + install -m 0755 ${WORKDIR}/hiawatha-init ${D}${sysconfdir}/init.d/hiawatha + + # configure php-fcgi to have a working configuration + # by default if php is installed + echo "Server = ${bindir}/php-cgi ; 2 ; 127.0.0.1:2005 ; nobody:nobody ; ${sysconfdir}/php/hiawatha-php5/php.ini" >> ${D}${sysconfdir}/hiawatha/php-fcgi.conf + + if ${@base_contains('DISTRO_FEATURES','systemd','true','false',d)}; then + install -d ${D}/${systemd_unitdir}/system + install -m 644 ${WORKDIR}/hiawatha.service ${D}/${systemd_unitdir}/system + fi + + rmdir "${D}${localstatedir}/run" + rmdir --ignore-fail-on-non-empty "${D}${localstatedir}" +} + +CONFFILES_${PN} = " \ + ${sysconfdir}/hiawatha/cgi-wrapper.conf \ + ${sysconfdir}/hiawatha/hiawatha.conf \ + ${sysconfdir}/hiawatha/index.xslt \ + ${sysconfdir}/hiawatha/mimetype.conf \ + ${sysconfdir}/hiawatha/php-fcgi.conf \ +" diff --git a/meta-webserver/recipes-httpd/monkey/files/monkey.init b/meta-webserver/recipes-httpd/monkey/files/monkey.init new file mode 100644 index 000000000..40b21182e --- /dev/null +++ b/meta-webserver/recipes-httpd/monkey/files/monkey.init @@ -0,0 +1,34 @@ +#!/bin/sh + +PATH=/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/bin/monkey +NAME=monkey +DESC="Monkey HTTP Server" +OPTS="--daemon" + +case "$1" in + start) + echo -n "Starting $DESC: " + start-stop-daemon --start -x "$DAEMON" -- $OPTS + echo "$NAME." + ;; + stop) + echo -n "Stopping $DESC: " + start-stop-daemon --stop -x "$DAEMON" + echo "$NAME." + ;; + restart|force-reload) + echo -n "Restarting $DESC: " + start-stop-daemon --stop -x "$DAEMON" + sleep 1 + start-stop-daemon --start -x "$DAEMON" -- $OPTS + echo "$NAME." + ;; + *) + N=/etc/init.d/$NAME + echo "Usage: $N {start|stop|restart|force-reload}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/meta-webserver/recipes-httpd/monkey/files/monkey.service b/meta-webserver/recipes-httpd/monkey/files/monkey.service new file mode 100644 index 000000000..f9aa57f91 --- /dev/null +++ b/meta-webserver/recipes-httpd/monkey/files/monkey.service @@ -0,0 +1,12 @@ +[Unit] +Description=Monkey HTTP Server +After=network.target remote-fs.target + +[Service] +Type=forking +ExecStart=/usr/bin/monkey --daemon +PIDFile=/var/run/monkey.pid.2001 +TimeoutSec=10 + +[Install] +WantedBy=multi-user.target diff --git a/meta-webserver/recipes-httpd/monkey/monkey_1.5.4.bb b/meta-webserver/recipes-httpd/monkey/monkey_1.5.4.bb new file mode 100644 index 000000000..a4963afcd --- /dev/null +++ b/meta-webserver/recipes-httpd/monkey/monkey_1.5.4.bb @@ -0,0 +1,64 @@ +SUMMARY = "Fast and Lightweight HTTP Server for Linux" +HOMEPAGE = "http://monkey-project.com" +BUGTRACKER = "https://github.com/monkey/monkey/issues" + +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://LICENSE;md5=2ee41112a44fe7014dce33e26468ba93" + +SECTION = "net" + +SRC_URI = "http://monkey-project.com/releases/1.5/monkey-${PV}.tar.gz \ + file://monkey.service \ + file://monkey.init" + +SRC_URI[md5sum] = "b794724ac38cfedee2a5d27c175bc87e" +SRC_URI[sha256sum] = "662bbafc614d32f645059e6e00258fed640665594f5b7f11cf4c4763cf09ddcf" + +EXTRA_OECONF = "--plugdir=${libdir}/monkey/ \ + --logdir=${localstatedir}/log/monkey/ \ + --pidfile=${localstatedir}/run/monkey.pid \ + --default-user=www-data \ + --datadir=${localstatedir}/www/monkey/ \ + --sysconfdir=${sysconfdir}/monkey/ \ + --enable-plugins=* \ + --disable-plugins=polarssl \ + --debug \ + --malloc-libc" + +inherit autotools-brokensep pkgconfig update-rc.d systemd + +INITSCRIPT_NAME = "monkey" +INITSCRIPT_PARAMS = "defaults 70" + +SYSTEMD_SERVICE_${PN} = "monkey.service" + +FILES_${PN} += "${localstatedir}/www/monkey/" + +CONFFILES_${PN} = "${sysconfdir}/monkey/monkey.conf \ + ${sysconfdir}/monkey/sites/default \ + ${sysconfdir}/monkey/monkey.mime \ + ${sysconfdir}/monkey/plugins.load \ + ${sysconfdir}/monkey/plugins/proxy_reverse/proxy_reverse.conf \ + ${sysconfdir}/monkey/plugins/mandril/mandril.conf \ + ${sysconfdir}/monkey/plugins/fastcgi/fastcgi.conf \ + ${sysconfdir}/monkey/plugins/logger/logger.conf \ + ${sysconfdir}/monkey/plugins/cgi/cgi.conf \ + ${sysconfdir}/monkey/plugins/cheetah/cheetah.conf \ + ${sysconfdir}/monkey/plugins/dirlisting/dirhtml.conf \ + ${sysconfdir}/monkey/plugins/dirlisting/themes/guineo/header.theme \ + ${sysconfdir}/monkey/plugins/dirlisting/themes/guineo/footer.theme \ + ${sysconfdir}/monkey/plugins/dirlisting/themes/guineo/entry.theme \ + ${sysconfdir}/monkey/plugins/auth/README \ + ${sysconfdir}/monkey/plugins/auth/monkey.users \ + " + +do_install_append() { + + mkdir -p ${D}${sysconfdir}/init.d + install -m 0755 ${WORKDIR}/monkey.init ${D}${sysconfdir}/init.d/monkey + + if ${@base_contains('DISTRO_FEATURES','systemd','true','false',d)}; then + install -d ${D}${systemd_unitdir}/system + install -m 644 ${WORKDIR}/monkey.service ${D}/${systemd_unitdir}/system + fi +} diff --git a/meta-webserver/recipes-httpd/nginx/files/nginx-cross.patch b/meta-webserver/recipes-httpd/nginx/files/nginx-cross.patch new file mode 100644 index 000000000..5f899a1d8 --- /dev/null +++ b/meta-webserver/recipes-httpd/nginx/files/nginx-cross.patch @@ -0,0 +1,217 @@ +We do not have capability to run binaries when cross compiling + +Upstream-Status: Pending + + +diff -uraN nginx-1.0.11.orig/auto/feature nginx-1.0.11/auto/feature +--- nginx-1.0.11.orig/auto/feature 2011-05-11 06:50:19.000000000 -0500 ++++ nginx-1.0.11/auto/feature 2011-12-27 13:56:42.323370040 -0600 +@@ -48,12 +48,20 @@ + + if [ -x $NGX_AUTOTEST ]; then + ++ if [ ".$NGX_CROSS_COMPILE" = ".yes" ]; then ++ NGX_AUTOTEST_EXEC="true" ++ NGX_FOUND_MSG=" (not tested, cross compiling)" ++ else ++ NGX_AUTOTEST_EXEC="$NGX_AUTOTEST" ++ NGX_FOUND_MSG="" ++ fi ++ + case "$ngx_feature_run" in + + yes) + # /bin/sh is used to intercept "Killed" or "Abort trap" messages +- if /bin/sh -c $NGX_AUTOTEST >> $NGX_AUTOCONF_ERR 2>&1; then +- echo " found" ++ if /bin/sh -c $NGX_AUTOTEST_EXEC >> $NGX_AUTOCONF_ERR 2>&1; then ++ echo " found$NGX_FOUND_MSG" + ngx_found=yes + + if test -n "$ngx_feature_name"; then +@@ -67,17 +75,27 @@ + + value) + # /bin/sh is used to intercept "Killed" or "Abort trap" messages +- if /bin/sh -c $NGX_AUTOTEST >> $NGX_AUTOCONF_ERR 2>&1; then +- echo " found" ++ if /bin/sh -c $NGX_AUTOTEST_EXEC >> $NGX_AUTOCONF_ERR 2>&1; then ++ echo " found$NGX_FOUND_MSG" + ngx_found=yes + +- cat << END >> $NGX_AUTO_CONFIG_H ++ if [ ".$NGX_CROSS_COMPILE" = ".yes" ]; then ++ cat << END >> $NGX_AUTO_CONFIG_H + + #ifndef $ngx_feature_name +-#define $ngx_feature_name `$NGX_AUTOTEST` ++#define $ngx_feature_name $(eval "echo \$NGX_WITH_${ngx_feature_name}") + #endif + + END ++ else ++ cat << END >> $NGX_AUTO_CONFIG_H ++ ++#ifndef $ngx_feature_name ++#define $ngx_feature_name `$NGX_AUTOTEST_EXEC` ++#endif ++ ++END ++ fi + else + echo " found but is not working" + fi +@@ -85,7 +103,7 @@ + + bug) + # /bin/sh is used to intercept "Killed" or "Abort trap" messages +- if /bin/sh -c $NGX_AUTOTEST >> $NGX_AUTOCONF_ERR 2>&1; then ++ if /bin/sh -c $NGX_AUTOTEST_EXEC >> $NGX_AUTOCONF_ERR 2>&1; then + echo " not found" + + else +diff -uraN nginx-1.0.11.orig/auto/options nginx-1.0.11/auto/options +--- nginx-1.0.11.orig/auto/options 2011-12-14 07:34:16.000000000 -0600 ++++ nginx-1.0.11/auto/options 2011-12-27 13:56:42.323370040 -0600 +@@ -289,6 +289,18 @@ + --test-build-rtsig) NGX_TEST_BUILD_RTSIG=YES ;; + --test-build-solaris-sendfilev) NGX_TEST_BUILD_SOLARIS_SENDFILEV=YES ;; + ++ # cross compile support ++ --with-int=*) NGX_WITH_INT="$value" ;; ++ --with-long=*) NGX_WITH_LONG="$value" ;; ++ --with-long-long=*) NGX_WITH_LONG_LONG="$value" ;; ++ --with-ptr-size=*) NGX_WITH_PTR_SIZE="$value" ;; ++ --with-sig-atomic-t=*) NGX_WITH_SIG_ATOMIC_T="$value" ;; ++ --with-size-t=*) NGX_WITH_SIZE_T="$value" ;; ++ --with-off-t=*) NGX_WITH_OFF_T="$value" ;; ++ --with-time-t=*) NGX_WITH_TIME_T="$value" ;; ++ --with-sys-nerr=*) NGX_WITH_NGX_SYS_NERR="$value" ;; ++ --with-endian=*) NGX_WITH_ENDIAN="$value" ;; ++ + *) + echo "$0: error: invalid option \"$option\"" + exit 1 +@@ -434,6 +446,17 @@ + + --with-debug enable debug logging + ++ --with-int=VALUE force int size ++ --with-long=VALUE force long size ++ --with-long-long=VALUE force long long size ++ --with-ptr-size=VALUE force pointer size ++ --with-sig-atomic-t=VALUE force sig_atomic_t size ++ --with-size-t=VALUE force size_t size ++ --with-off-t=VALUE force off_t size ++ --with-time-t=VALUE force time_t size ++ --with-sys-nerr=VALUE force sys_nerr value ++ --with-endian=VALUE force system endianess ++ + END + + exit 1 +@@ -455,6 +478,8 @@ + + if [ ".$NGX_PLATFORM" = ".win32" ]; then + NGX_WINE=$WINE ++elif [ ! -z "$NGX_PLATFORM" ]; then ++ NGX_CROSS_COMPILE="yes" + fi + + +diff -uraN nginx-1.0.11.orig/auto/types/sizeof nginx-1.0.11/auto/types/sizeof +--- nginx-1.0.11.orig/auto/types/sizeof 2006-06-28 11:00:26.000000000 -0500 ++++ nginx-1.0.11/auto/types/sizeof 2011-12-27 13:56:42.323370040 -0600 +@@ -11,9 +11,12 @@ + + END + +-ngx_size= ++ngx_size=$(eval "echo \$NGX_WITH_${ngx_param}") + +-cat << END > $NGX_AUTOTEST.c ++if [ ".$ngx_size" != "." ]; then ++ echo " $ngx_size bytes" ++else ++ cat << END > $NGX_AUTOTEST.c + + #include + #include +@@ -31,19 +34,20 @@ + END + + +-ngx_test="$CC $CC_TEST_FLAGS $CC_AUX_FLAGS \ +- -o $NGX_AUTOTEST $NGX_AUTOTEST.c $NGX_LD_OPT $ngx_feature_libs" ++ ngx_test="$CC $CC_TEST_FLAGS $CC_AUX_FLAGS \ ++ -o $NGX_AUTOTEST $NGX_AUTOTEST.c $NGX_LD_OPT $ngx_feature_libs" + +-eval "$ngx_test >> $NGX_AUTOCONF_ERR 2>&1" ++ eval "$ngx_test >> $NGX_AUTOCONF_ERR 2>&1" + + +-if [ -x $NGX_AUTOTEST ]; then +- ngx_size=`$NGX_AUTOTEST` +- echo " $ngx_size bytes" +-fi ++ if [ -x $NGX_AUTOTEST ]; then ++ ngx_size=`$NGX_AUTOTEST` ++ echo " $ngx_size bytes" ++ fi + + +-rm -f $NGX_AUTOTEST ++ rm -f $NGX_AUTOTEST ++fi + + + case $ngx_size in +diff -uraN nginx-1.0.11.orig/auto/unix nginx-1.0.11/auto/unix +--- nginx-1.0.11.orig/auto/unix 2011-12-14 07:34:16.000000000 -0600 ++++ nginx-1.0.11/auto/unix 2011-12-27 13:56:42.327370060 -0600 +@@ -393,13 +393,13 @@ + + # C types + +-ngx_type="int"; . auto/types/sizeof ++ngx_type="int"; ngx_param="INT"; . auto/types/sizeof + +-ngx_type="long"; . auto/types/sizeof ++ngx_type="long"; ngx_param="LONG"; . auto/types/sizeof + +-ngx_type="long long"; . auto/types/sizeof ++ngx_type="long long"; ngx_param="LONG_LONG"; . auto/types/sizeof + +-ngx_type="void *"; . auto/types/sizeof; ngx_ptr_size=$ngx_size ++ngx_type="void *"; ngx_param="PTR_SIZE"; . auto/types/sizeof; ngx_ptr_size=$ngx_size + ngx_param=NGX_PTR_SIZE; ngx_value=$ngx_size; . auto/types/value + + +@@ -416,7 +416,7 @@ + + ngx_type="uint64_t"; ngx_types="u_int64_t"; . auto/types/typedef + +-ngx_type="sig_atomic_t"; ngx_types="int"; . auto/types/typedef ++ngx_type="sig_atomic_t"; ngx_param="SIG_ATOMIC_T"; ngx_types="int"; . auto/types/typedef + . auto/types/sizeof + ngx_param=NGX_SIG_ATOMIC_T_SIZE; ngx_value=$ngx_size; . auto/types/value + +@@ -432,15 +432,15 @@ + + . auto/endianess + +-ngx_type="size_t"; . auto/types/sizeof ++ngx_type="size_t"; ngx_param="SIZE_T"; . auto/types/sizeof + ngx_param=NGX_MAX_SIZE_T_VALUE; ngx_value=$ngx_max_value; . auto/types/value + ngx_param=NGX_SIZE_T_LEN; ngx_value=$ngx_max_len; . auto/types/value + +-ngx_type="off_t"; . auto/types/sizeof ++ngx_type="off_t"; ngx_param="OFF_T"; . auto/types/sizeof + ngx_param=NGX_MAX_OFF_T_VALUE; ngx_value=$ngx_max_value; . auto/types/value + ngx_param=NGX_OFF_T_LEN; ngx_value=$ngx_max_len; . auto/types/value + +-ngx_type="time_t"; . auto/types/sizeof ++ngx_type="time_t"; ngx_param="TIME_T"; . auto/types/sizeof + ngx_param=NGX_TIME_T_SIZE; ngx_value=$ngx_size; . auto/types/value + ngx_param=NGX_TIME_T_LEN; ngx_value=$ngx_max_len; . auto/types/value + diff --git a/meta-webserver/recipes-httpd/nginx/files/nginx-volatile.conf b/meta-webserver/recipes-httpd/nginx/files/nginx-volatile.conf new file mode 100644 index 000000000..93f3c6634 --- /dev/null +++ b/meta-webserver/recipes-httpd/nginx/files/nginx-volatile.conf @@ -0,0 +1,2 @@ +d www www-data 0755 /run/nginx none +d root root 0755 /var/log/nginx none diff --git a/meta-webserver/recipes-httpd/nginx/files/nginx.conf b/meta-webserver/recipes-httpd/nginx/files/nginx.conf new file mode 100644 index 000000000..fb7e4b65d --- /dev/null +++ b/meta-webserver/recipes-httpd/nginx/files/nginx.conf @@ -0,0 +1,118 @@ + +user www-data; +worker_processes 1; + +error_log /var/log/nginx/error.log; +#error_log logs/error.log notice; +#error_log logs/error.log info; + +pid /run/nginx/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + #keepalive_timeout 0; + keepalive_timeout 65; + + #gzip on; + + server { + listen 80; + server_name localhost; + + #charset koi8-r; + + #access_log logs/host.access.log main; + + location / { + root /var/www/localhost/html; + index index.html index.htm; + } + + #error_page 404 /404.html; + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /var/www/localhost/html; + } + + # proxy the PHP scripts to Apache listening on 127.0.0.1:80 + # + #location ~ \.php$ { + # proxy_pass http://127.0.0.1; + #} + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + # + #location ~ \.php$ { + # root html; + # fastcgi_pass 127.0.0.1:9000; + # fastcgi_index index.php; + # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; + # include fastcgi_params; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} + } + + + # another virtual host using mix of IP-, name-, and port-based configuration + # + #server { + # listen 8000; + # listen somename:8080; + # server_name somename alias another.alias; + + # location / { + # root html; + # index index.html index.htm; + # } + #} + + + # HTTPS server + # + #server { + # listen 443; + # server_name localhost; + + # ssl on; + # ssl_certificate cert.pem; + # ssl_certificate_key cert.key; + + # ssl_session_timeout 5m; + + # ssl_protocols SSLv2 SSLv3 TLSv1; + # ssl_ciphers HIGH:!aNULL:!MD5; + # ssl_prefer_server_ciphers on; + + # location / { + # root html; + # index index.html index.htm; + # } + #} + +} diff --git a/meta-webserver/recipes-httpd/nginx/files/nginx.init b/meta-webserver/recipes-httpd/nginx/files/nginx.init new file mode 100755 index 000000000..0f38b9cdb --- /dev/null +++ b/meta-webserver/recipes-httpd/nginx/files/nginx.init @@ -0,0 +1,52 @@ +#! /bin/sh +PATH=/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/sbin/nginx +NAME=nginx +DESC=nginx +PID=/var/run/nginx/nginx.pid + +test -x $DAEMON || exit 0 + +# Include nginx defaults if available +if [ -f /etc/default/nginx ] ; then + . /etc/default/nginx +fi + +set -e + +case "$1" in + start) + echo -n "Starting $DESC: " + start-stop-daemon --start --quiet --pidfile $PID \ + --name $NAME --exec $DAEMON -- $DAEMON_OPTS + echo "$NAME." + ;; + stop) + echo -n "Stopping $DESC: " + start-stop-daemon -K --quiet --pidfile $PID \ + --name $NAME + echo "$NAME." + ;; + restart|force-reload) + echo -n "Restarting $DESC: " + start-stop-daemon -K --quiet --pidfile $PID \ + --name $NAME + sleep 1 + start-stop-daemon --start --quiet --pidfile $PID \ + --name $NAME --exec $DAEMON -- $DAEMON_OPTS + echo "$NAME." + ;; + reload) + echo -n "Reloading $DESC configuration: " + start-stop-daemon --stop --signal HUP --quiet --pidfile $PID \ + --exec $DAEMON + echo "$NAME." + ;; + *) + N=/etc/init.d/$NAME + echo "Usage: $N {start|stop|restart|force-reload}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/meta-webserver/recipes-httpd/nginx/nginx_1.4.4.bb b/meta-webserver/recipes-httpd/nginx/nginx_1.4.4.bb new file mode 100644 index 000000000..e78ed34dd --- /dev/null +++ b/meta-webserver/recipes-httpd/nginx/nginx_1.4.4.bb @@ -0,0 +1,117 @@ +SUMMARY = "HTTP and reverse proxy server" + +DESCRIPTION = "Nginx is a web server and a reverse proxy server for \ +HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high \ +concurrency, performance and low memory usage." + +HOMEPAGE = "http://nginx.org/" +LICENSE = "BSD-2-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=917bfdf005ffb6fd025550414ff05a9f" +SECTION = "net" + +DEPENDS = "libpcre gzip openssl" + +SRC_URI = " \ + http://nginx.org/download/nginx-${PV}.tar.gz \ + file://nginx-cross.patch \ + file://nginx.conf \ + file://nginx.init \ + file://nginx-volatile.conf \ +" +SRC_URI[md5sum] = "5dfaba1cbeae9087f3949860a02caa9f" +SRC_URI[sha256sum] = "7c989a58e5408c9593da0bebcd0e4ffc3d892d1316ba5042ddb0be5b0b4102b9" + +inherit update-rc.d useradd + +do_configure () { + if [ "${SITEINFO_BITS}" = "64" ]; then + PTRSIZE=8 + else + PTRSIZE=4 + fi + + echo $CFLAGS + echo $LDFLAGS + + ./configure \ + --crossbuild=Linux:${TUNE_ARCH} \ + --with-endian=${@base_conditional('SITEINFO_ENDIANNESS', 'le', 'little', 'big', d)} \ + --with-int=4 \ + --with-long=${PTRSIZE} \ + --with-long-long=8 \ + --with-ptr-size=${PTRSIZE} \ + --with-sig-atomic-t=${PTRSIZE} \ + --with-size-t=${PTRSIZE} \ + --with-off-t=${PTRSIZE} \ + --with-time-t=${PTRSIZE} \ + --with-sys-nerr=132 \ + --conf-path=${sysconfdir}/nginx/nginx.conf \ + --http-log-path=${localstatedir}/log/nginx/access.log \ + --error-log-path=${localstatedir}/log/nginx/error.log \ + --pid-path=/run/nginx/nginx.pid \ + --prefix=${prefix} \ + --with-http_ssl_module \ + --with-http_gzip_static_module +} + +do_install () { + oe_runmake 'DESTDIR=${D}' install + rm -fr ${D}${localstatedir}/run ${D}/run + if ${@base_contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + install -d ${D}${sysconfdir}/tmpfiles.d + echo "d /run/${BPN} - - - -" \ + > ${D}${sysconfdir}/tmpfiles.d/${BPN}.conf + fi + install -d ${D}${sysconfdir}/${BPN} + ln -snf ${localstatedir}/run/${BPN} ${D}${sysconfdir}/${BPN}/run + install -d ${D}${localstatedir}/www/localhost + mv ${D}/usr/html ${D}${localstatedir}/www/localhost/ + chown www:www-data -R ${D}${localstatedir} + + install -d ${D}${sysconfdir}/init.d + install -m 0755 ${WORKDIR}/nginx.init ${D}${sysconfdir}/init.d/nginx + sed -i 's,/usr/sbin/,${sbindir}/,g' ${D}${sysconfdir}/init.d/nginx + sed -i 's,/etc/,${sysconfdir}/,g' ${D}${sysconfdir}/init.d/nginx + + install -d ${D}${sysconfdir}/nginx + install -m 0644 ${WORKDIR}/nginx.conf ${D}${sysconfdir}/nginx/nginx.conf + sed -i 's,/var/,${localstatedir}/,g' ${D}${sysconfdir}/nginx/nginx.conf + install -d ${D}${sysconfdir}/nginx/sites-enabled + + install -d ${D}${sysconfdir}/default/volatiles + install -m 0644 ${WORKDIR}/nginx-volatile.conf ${D}${sysconfdir}/default/volatiles/99_nginx + sed -i 's,/var/,${localstatedir}/,g' ${D}${sysconfdir}/default/volatiles/99_nginx +} + +pkg_postinst_${PN} () { + if [ -z "$D" ]; then + if type systemd-tmpfiles >/dev/null; then + systemd-tmpfiles --create + elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then + ${sysconfdir}/init.d/populate-volatile.sh update + fi + fi +} + +FILES_${PN} += "${localstatedir}/" + +CONFFILES_${PN} = "${sysconfdir}/nginx/nginx.conf \ + ${sysconfdir}/nginx/fastcgi.conf\ + ${sysconfdir}/nginx/fastcgi_params \ + ${sysconfdir}/nginx/koi-utf \ + ${sysconfdir}/nginx/koi-win \ + ${sysconfdir}/nginx/mime.types \ + ${sysconfdir}/nginx/scgi_params \ + ${sysconfdir}/nginx/uwsgi_params \ + ${sysconfdir}/nginx/win-utf \ +" + +INITSCRIPT_NAME = "nginx" +INITSCRIPT_PARAMS = "defaults 92 20" + +USERADD_PACKAGES = "${PN}" +USERADD_PARAM_${PN} = " \ + --system --no-create-home \ + --home ${localstatedir}/www/localhost \ + --groups www-data \ + --user-group www" diff --git a/meta-webserver/recipes-httpd/nostromo/files/0001-GNUmakefile-add-possibility-to-override-variables.patch b/meta-webserver/recipes-httpd/nostromo/files/0001-GNUmakefile-add-possibility-to-override-variables.patch new file mode 100644 index 000000000..7cf011b1c --- /dev/null +++ b/meta-webserver/recipes-httpd/nostromo/files/0001-GNUmakefile-add-possibility-to-override-variables.patch @@ -0,0 +1,141 @@ +From 7fa0d31ec5c0be9dca84a03851b2d44f61527ec8 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Eric=20B=C3=A9nard?= +Date: Sun, 4 Dec 2011 16:01:04 +0100 +Subject: [PATCH] GNUmakefile: add possibility to override variables +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +this is useful for cross compilation + +Signed-off-by: Eric Bénard +--- +Upstream-Status: Inappropriate [embedded specific] + src/libbsd/GNUmakefile | 10 +++++----- + src/libmy/GNUmakefile | 26 +++++++++++++------------- + src/nhttpd/GNUmakefile | 12 ++++++------ + src/tools/GNUmakefile | 8 ++++---- + 4 files changed, 28 insertions(+), 28 deletions(-) + +diff --git a/src/libbsd/GNUmakefile b/src/libbsd/GNUmakefile +index e2d01a3..b034bc6 100644 +--- a/src/libbsd/GNUmakefile ++++ b/src/libbsd/GNUmakefile +@@ -1,12 +1,12 @@ +-CCFLAGS = -O2 -pipe -Wall -Werror -Wstrict-prototypes -c ++CFLAGS := -O2 -pipe -Wall -Werror -Wstrict-prototypes -c + + libbsd.a: strlcpy.o strlcat.o +- ar -r libbsd.a strlcpy.o strlcat.o +- ranlib libbsd.a ++ $(AR) -r libbsd.a strlcpy.o strlcat.o ++ $(RANLIB) libbsd.a + + strlcpy.o: strlcpy.c +- cc ${CCFLAGS} strlcpy.c ++ $(CC) $(CFLAGS) strlcpy.c + strlcat.o: strlcat.c +- cc ${CCFLAGS} strlcat.c ++ $(CC) $(CFLAGS) strlcat.c + clean: + rm -f libbsd.a *.o +diff --git a/src/libmy/GNUmakefile b/src/libmy/GNUmakefile +index ce90dd9..891ffea 100644 +--- a/src/libmy/GNUmakefile ++++ b/src/libmy/GNUmakefile +@@ -1,30 +1,30 @@ +-CCFLAGS = -O2 -Wall -Werror -Wstrict-prototypes -c ++CFLAGS := -O2 -Wall -Werror -Wstrict-prototypes -c + + libmy.a: strcutl.o strcutw.o strcuts.o strcuti.o strcutf.o flog.o flogd.o fparse.o strlower.o strb64d.o +- ar -r libmy.a strcutl.o strcutw.o strcuts.o strcuti.o strcutf.o flog.o flogd.o fparse.o strlower.o strb64d.o +- ranlib libmy.a ++ $(AR) -r libmy.a strcutl.o strcutw.o strcuts.o strcuti.o strcutf.o flog.o flogd.o fparse.o strlower.o strb64d.o ++ $(RANLIB) libmy.a + + strcutl.o: strcutl.c +- cc ${CCFLAGS} strcutl.c ++ $(CC) $(CFLAGS) strcutl.c + strcutw.o: strcutw.c +- cc ${CCFLAGS} strcutw.c ++ $(CC) $(CFLAGS) strcutw.c + strcuts.o: strcuts.c +- cc ${CCFLAGS} strcuts.c ++ $(CC) $(CFLAGS) strcuts.c + strcuti.o: strcuti.c +- cc ${CCFLAGS} strcuti.c ++ $(CC) $(CFLAGS) strcuti.c + strcutf.o: strcutf.c +- cc ${CCFLAGS} strcutf.c ++ $(CC) $(CFLAGS) strcutf.c + strlower.o: strlower.c +- cc ${CCFLAGS} strlower.c ++ $(CC) $(CFLAGS) strlower.c + strb64d.o: strb64d.c +- cc ${CCFLAGS} strb64d.c ++ $(CC) $(CFLAGS) strb64d.c + + flog.o: flog.c +- cc ${CCFLAGS} flog.c ++ $(CC) $(CFLAGS) flog.c + flogd.o: flogd.c +- cc ${CCFLAGS} flogd.c ++ $(CC) $(CFLAGS) flogd.c + fparse.o: fparse.c +- cc ${CCFLAGS} fparse.c ++ $(CC) $(CFLAGS) fparse.c + + clean: + rm -f libmy.a *.o +diff --git a/src/nhttpd/GNUmakefile b/src/nhttpd/GNUmakefile +index f6d12de..9524911 100644 +--- a/src/nhttpd/GNUmakefile ++++ b/src/nhttpd/GNUmakefile +@@ -1,18 +1,18 @@ +-CCFLAGS = -O2 -pipe -Wall -Wstrict-prototypes -c ++CFLAGS := -O2 -pipe -Wall -Wstrict-prototypes -c + + nhttpd: main.o http.o sys.o +- cc -L../libmy -L../libbsd -o nhttpd main.o http.o sys.o -lmy -lbsd -lssl -lcrypt +- strip nhttpd ++ $(CC) -L../libmy -L../libbsd -o nhttpd main.o http.o sys.o -lmy -lbsd -lssl -lcrypt ++# $(STRIP) nhttpd + nroff -Tascii -c -mandoc nhttpd.8 > nhttpd.cat8 + + main.o: main.c +- cc ${CCFLAGS} main.c ++ $(CC) $(CFLAGS) main.c + + http.o: http.c +- cc ${CCFLAGS} http.c ++ $(CC) $(CFLAGS) http.c + + sys.o: sys.c +- cc ${CCFLAGS} sys.c ++ $(CC) $(CFLAGS) sys.c + + clean: + rm -f nhttpd nhttpd.cat8 *.o +diff --git a/src/tools/GNUmakefile b/src/tools/GNUmakefile +index 15bea61..663ddb5 100644 +--- a/src/tools/GNUmakefile ++++ b/src/tools/GNUmakefile +@@ -1,11 +1,11 @@ +-CCFLAGS = -O2 -pipe -Wall -Werror -Wstrict-prototypes -c ++CCFLAGS := -O2 -pipe -Wall -Werror -Wstrict-prototypes + + crypt: crypt.o +- cc -o crypt crypt.o -lcrypt +- strip crypt ++ $(CC) $(CFLAGS) -o crypt crypt.o -lcrypt ++# $(STRIP) crypt + + crypt.o: crypt.c +- cc ${CCFLAGS} crypt.c ++ $(CC) $(CFLAGS) -c crypt.c + + clean: + rm -f crypt *.o +-- +1.7.6.4 + diff --git a/meta-webserver/recipes-httpd/nostromo/files/nhttpd.conf b/meta-webserver/recipes-httpd/nostromo/files/nhttpd.conf new file mode 100644 index 000000000..6674bb696 --- /dev/null +++ b/meta-webserver/recipes-httpd/nostromo/files/nhttpd.conf @@ -0,0 +1,55 @@ +# MAIN [MANDATORY] + +servername localhost +#servername www.nazgul.ch:8080 +serverlisten * +#serverlisten 81.221.21.250 127.0.0.1 ::1 +serveradmin webmaster@localhost +serverroot /var/nostromo +servermimes /var/nostromo/conf/mimes +docroot /var/nostromo/htdocs +docindex index.html + +# LOGS [OPTIONAL] + +logpid /var/run/nostromo/nhttpd.pid +#logaccess /var/log/nostromo/access_log + +# SETUID [RECOMMENDED] + +user www-data + +# BASIC AUTHENTICATION [OPTIONAL] + +#htaccess .htaccess +#htpasswd /var/nostromo/conf/.htpasswd +#htpasswd +bsdauth +#htpasswd +bsdauthnossl + +# SSL [OPTIONAL] + +#sslport 443 +#sslcert /etc/ssl/server.crt +#sslcertkey /etc/ssl/server.key + +# CUSTOM RESPONSES [OPTIONAL] +# +# The custom responses are searched in the corresponding document root. + +#custom_401 custom_401.html +#custom_403 custom_403.html +#custom_404 custom_404.html + +# ALIASES [OPTIONAL] + +/icons /var/nostromo/icons + +# VIRTUAL HOSTS [OPTIONAL] + +#www.rahel.ch /var/nostromo/htdocs/www.rahel.ch +#www.rahel.ch:8080 /var/nostromo/htdocs/www.rahel.ch + +# HOMEDIRS [OPTIONAL] + +#homedirs /home +#homedirs_public public_www diff --git a/meta-webserver/recipes-httpd/nostromo/files/nostromo b/meta-webserver/recipes-httpd/nostromo/files/nostromo new file mode 100644 index 000000000..8a2886882 --- /dev/null +++ b/meta-webserver/recipes-httpd/nostromo/files/nostromo @@ -0,0 +1,34 @@ +#!/bin/sh + +PATH=/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=nhttpd +NAME=nhttpd +DESC="Nostromo Web Server" +OPTS="-c /etc/nhttpd.conf" + +case "$1" in + start) + echo -n "Starting $DESC: " + start-stop-daemon --start -x "$DAEMON" -- $OPTS + echo "$NAME." + ;; + stop) + echo -n "Stopping $DESC: " + start-stop-daemon --stop -x "$DAEMON" + echo "$NAME." + ;; + restart|force-reload) + echo -n "Restarting $DESC: " + start-stop-daemon --stop -x "$DAEMON" + sleep 1 + start-stop-daemon --start -x "$DAEMON" -- $OPTS + echo "$NAME." + ;; + *) + N=/etc/init.d/$NAME + echo "Usage: $N {start|stop|restart|force-reload}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/meta-webserver/recipes-httpd/nostromo/files/tmpfiles.conf b/meta-webserver/recipes-httpd/nostromo/files/tmpfiles.conf new file mode 100644 index 000000000..b7a9f4886 --- /dev/null +++ b/meta-webserver/recipes-httpd/nostromo/files/tmpfiles.conf @@ -0,0 +1 @@ +d /run/nostromo - www-data www-data - diff --git a/meta-webserver/recipes-httpd/nostromo/files/volatiles b/meta-webserver/recipes-httpd/nostromo/files/volatiles new file mode 100644 index 000000000..40924960c --- /dev/null +++ b/meta-webserver/recipes-httpd/nostromo/files/volatiles @@ -0,0 +1,2 @@ +d www-data www-data 0775 /var/run/nostromo none +d www-data www-data 0775 /var/log/nostromo none diff --git a/meta-webserver/recipes-httpd/nostromo/nostromo_1.9.5.bb b/meta-webserver/recipes-httpd/nostromo/nostromo_1.9.5.bb new file mode 100644 index 000000000..fe860ec9a --- /dev/null +++ b/meta-webserver/recipes-httpd/nostromo/nostromo_1.9.5.bb @@ -0,0 +1,69 @@ +SUMMARY = "A simple, fast and secure HTTP server" +HOMEPAGE = "http://www.nazgul.ch/dev_nostromo.html" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://src/nhttpd/main.c;beginline=2;endline=14;md5=e5ec3fa723b29b7d59d205afd8d36938" + +SRC_URI = "http://www.nazgul.ch/dev/${BPN}-${PV}.tar.gz \ + file://0001-GNUmakefile-add-possibility-to-override-variables.patch \ + file://nhttpd.conf \ + file://volatiles \ + file://tmpfiles.conf \ + file://nostromo \ +" + +SRC_URI[md5sum] = "dc6cfd6b5aae04c370c7f818fa7bde55" +SRC_URI[sha256sum] = "5f62578285e02449406b46cf06a7888fe3dc4a90bedf58cc18523bad62f6b914" + +TARGET_CC_ARCH += "${LDFLAGS}" + +DEPENDS = "openssl" + +inherit update-rc.d useradd + +INITSCRIPT_NAME = "nostromo" +INITSCRIPT_PARAMS = "defaults 70" + +do_compile() { + oe_runmake +} + +# we need user/group www-data to exist when we install +# +USERADD_PACKAGES = "${PN}" +USERADD_PARAM_${PN} = "--system -g www-data www-data" + +do_install() { + install -d ${D}/${sbindir} + install -m 0755 src/nhttpd/nhttpd ${D}/${sbindir}/nhttpd + install -m 0755 src/tools/crypt ${D}/${sbindir}/crypt + install -d ${D}/${mandir}/man8 + install -m 0444 src/nhttpd/nhttpd.8 ${D}/${mandir}/man8/nhttpd.8 + install -d ${D}${localstatedir}/nostromo/conf + install -d ${D}${localstatedir}/nostromo/htdocs/cgi-bin + install -d ${D}${localstatedir}/nostromo/icons + install -d ${D}${sysconfdir}/init.d + install -m 0644 conf/mimes ${D}${localstatedir}/nostromo/conf/mimes + install -m 0644 ${WORKDIR}/nhttpd.conf ${D}${sysconfdir} + install -m 0755 ${WORKDIR}/nostromo ${D}${sysconfdir}/init.d + install -D -m 0644 ${WORKDIR}/volatiles ${D}${sysconfdir}/default/volatiles/nostromo + if ${@base_contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + install -D -m 0644 ${WORKDIR}/tmpfiles.conf ${D}${sysconfdir}/tmpfiles.d/nostromo.conf + fi + install -m 0644 htdocs/index.html ${D}${localstatedir}/nostromo/htdocs/index.html + install -m 0644 htdocs/nostromo.gif ${D}${localstatedir}/nostromo/htdocs/nostromo.gif + install -m 0644 icons/dir.gif ${D}${localstatedir}/nostromo/icons/dir.gif + install -m 0644 icons/file.gif ${D}${localstatedir}/nostromo/icons/file.gif + chown -R www-data:www-data ${D}/${localstatedir}/nostromo +} + +CONFFILES_${PN} += "/var/nostromo/conf/mimes ${sysconfdir}/nhttpd.conf" + +pkg_postinst_${PN} () { + if [ -z "$D" ]; then + if [ -e /sys/fs/cgroup/systemd ]; then + systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/nostromo.conf + elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then + ${sysconfdir}/init.d/populate-volatile.sh update + fi + fi +} diff --git a/meta-webserver/recipes-httpd/sthttpd/sthttpd/init b/meta-webserver/recipes-httpd/sthttpd/sthttpd/init new file mode 100644 index 000000000..f5f7b0124 --- /dev/null +++ b/meta-webserver/recipes-httpd/sthttpd/sthttpd/init @@ -0,0 +1,52 @@ +#!/bin/sh + +### BEGIN INIT INFO +# Provides: thttpd +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Small http server +# Description: thttpd is a simple, small, portable, fast, and secure HTTP server. +### END INIT INFO + + +thttpd=/usr/sbin/thttpd +test -x "$thttpd" || exit 0 + + +case "$1" in + start) + echo -n "Starting thttpd" + start-stop-daemon --start --quiet --exec $thttpd -- -C @@CONFFILE + echo "." + ;; + stop) + echo -n "Stopping thttpd" + start-stop-daemon --stop --quiet --exec $thttpd + echo "." + ;; + reload|force-reload) + start-stop-daemon --stop --quiet --signal 1 --exec $thttpd + ;; + restart) + echo -n "Stopping thttpd" + start-stop-daemon --stop --quiet --exec $thttpd -- -C @@CONFFILE + echo "." + echo -n "Waiting for thttpd to die off" + for i in 1 2 3 ; + do + sleep 1 + echo -n "." + done + echo "" + echo -n "Starting thttpd" + start-stop-daemon --start --quiet --exec $thttpd -- -C @@CONFFILE + echo "." + ;; + *) + echo "Usage: /etc/init.d/thttpd {start|stop|reload|restart|force-reload}" + exit 1 +esac + +exit 0 diff --git a/meta-webserver/recipes-httpd/sthttpd/sthttpd/thttpd.conf b/meta-webserver/recipes-httpd/sthttpd/sthttpd/thttpd.conf new file mode 100644 index 000000000..397984f36 --- /dev/null +++ b/meta-webserver/recipes-httpd/sthttpd/sthttpd/thttpd.conf @@ -0,0 +1 @@ +dir=@@SRVDIR diff --git a/meta-webserver/recipes-httpd/sthttpd/sthttpd/thttpd.service b/meta-webserver/recipes-httpd/sthttpd/sthttpd/thttpd.service new file mode 100644 index 000000000..f1095007c --- /dev/null +++ b/meta-webserver/recipes-httpd/sthttpd/sthttpd/thttpd.service @@ -0,0 +1,10 @@ +[Unit] +Description=Tiny/Turbo/Throttling Web Server + +[Service] +Type=forking +ExecStart=/usr/sbin/thttpd -C @@CONFFILE -c cgi-bin/* -i /var/run/thttpd.pid +PIDFile=/var/run/thttpd.pid + +[Install] +WantedBy=multi-user.target diff --git a/meta-webserver/recipes-httpd/sthttpd/sthttpd_2.26.4.bb b/meta-webserver/recipes-httpd/sthttpd/sthttpd_2.26.4.bb new file mode 100644 index 000000000..703492167 --- /dev/null +++ b/meta-webserver/recipes-httpd/sthttpd/sthttpd_2.26.4.bb @@ -0,0 +1,45 @@ +SUMMARY = "A simple, small, portable, fast, and secure HTTP server" +DESCRIPTION = "A simple, small, portable, fast, and secure HTTP server (supported fork of thttpd)." +HOMEPAGE = "http://opensource.dyc.edu/sthttpd" +LICENSE = "BSD-2-Clause" +LIC_FILES_CHKSUM = "file://src/thttpd.c;beginline=1;endline=26;md5=0c5762c2c34dcbe9eb18815516502872" + +SRC_URI = "http://opensource.dyc.edu/pub/sthttpd/sthttpd-${PV}.tar.gz \ + file://thttpd.service \ + file://thttpd.conf \ + file://init" + +SRC_URI[md5sum] = "e645a85a97d3cb883011a35bc2211815" +SRC_URI[sha256sum] = "78e87979140cbda123c81b4051552242dbbffb5dec1a17e5f95ec4826b1eaddb" + +S = "${WORKDIR}/sthttpd-${PV}" + +inherit autotools update-rc.d systemd + +SRV_DIR ?= "${servicedir}/www" + +EXTRA_OEMAKE += "'WEBDIR=${SRV_DIR}'" + +do_install_append () { + install -d ${D}${sysconfdir}/init.d + install -c -m 755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/thttpd + install -c -m 755 ${WORKDIR}/thttpd.conf ${D}${sysconfdir} + sed -i -e 's,@@CONFFILE,${sysconfdir}/thttpd.conf,g' ${D}${sysconfdir}/init.d/thttpd + sed -i -e 's,@@SRVDIR,${SRV_DIR},g' ${D}${sysconfdir}/thttpd.conf + sed -i 's!/usr/sbin/!${sbindir}/!g' ${D}${sysconfdir}/init.d/thttpd + + install -d ${D}${systemd_unitdir}/system + install -m 0644 ${WORKDIR}/thttpd.service ${D}${systemd_unitdir}/system + sed -i 's!/usr/sbin/!${sbindir}/!g' ${D}${systemd_unitdir}/system/thttpd.service + sed -i 's!/var/!${localstatedir}/!g' ${D}${systemd_unitdir}/system/thttpd.service + sed -i -e 's,@@CONFFILE,${sysconfdir}/thttpd.conf,g' ${D}${systemd_unitdir}/system/thttpd.service +} + +INITSCRIPT_NAME = "thttpd" +INITSCRIPT_PARAMS = "defaults" + +SYSTEMD_SERVICE_${PN} = "thttpd.service" + +FILES_${PN} += "${SRV_DIR}" +FILES_${PN}-dbg += "${SRV_DIR}/cgi-bin/.debug" + diff --git a/meta-webserver/recipes-php/modphp/files/0001-using-pkgconfig-to-check-libxml.patch b/meta-webserver/recipes-php/modphp/files/0001-using-pkgconfig-to-check-libxml.patch new file mode 100644 index 000000000..bab5ff2dc --- /dev/null +++ b/meta-webserver/recipes-php/modphp/files/0001-using-pkgconfig-to-check-libxml.patch @@ -0,0 +1,74 @@ +[PATCH] using pkgconfig to check libxml + +Upstream-Status: Pending + +Use pkg-config for the libxml2 dependency, not the -config script. + +Signed-off-by: Roy.Li +--- + acinclude.m4 | 48 ++++++------------------------------------------ + 1 file changed, 6 insertions(+), 42 deletions(-) + +diff --git a/acinclude.m4 b/acinclude.m4 +index d348f57..9f691a5 100644 +--- a/acinclude.m4 ++++ b/acinclude.m4 +@@ -2530,49 +2530,13 @@ dnl + dnl Common setup macro for libxml + dnl + AC_DEFUN([PHP_SETUP_LIBXML], [ +-AC_CACHE_CHECK([for xml2-config path], ac_cv_php_xml2_config_path, +-[ +- for i in $PHP_LIBXML_DIR /usr/local /usr; do +- if test -x "$i/bin/xml2-config"; then +- ac_cv_php_xml2_config_path="$i/bin/xml2-config" +- break +- fi +- done +-]) ++ PKG_CHECK_MODULES(PKG_XML2, [libxml-2.0],,) ++ if test "x$PKG_XML2_CFLAGS" != "x"; then ++ PHP_EVAL_INCLINE($PKG_XML2_CFLAGS, $1) ++ PHP_EVAL_LIBLINE($PKG_XML2_LIBS) ++ AC_DEFINE(HAVE_LIBXML, 1, [ ]) ++ $2 + +- if test -x "$ac_cv_php_xml2_config_path"; then +- XML2_CONFIG="$ac_cv_php_xml2_config_path" +- libxml_full_version=`$XML2_CONFIG --version` +- ac_IFS=$IFS +- IFS="." +- set $libxml_full_version +- IFS=$ac_IFS +- LIBXML_VERSION=`expr [$]1 \* 1000000 + [$]2 \* 1000 + [$]3` +- if test "$LIBXML_VERSION" -ge "2006011"; then +- LIBXML_LIBS=`$XML2_CONFIG --libs` +- LIBXML_INCS=`$XML2_CONFIG --cflags` +- PHP_EVAL_LIBLINE($LIBXML_LIBS, $1) +- PHP_EVAL_INCLINE($LIBXML_INCS) +- +- dnl Check that build works with given libs +- AC_CACHE_CHECK(whether libxml build works, php_cv_libxml_build_works, [ +- PHP_TEST_BUILD(xmlInitParser, +- [ +- php_cv_libxml_build_works=yes +- ], [ +- AC_MSG_RESULT(no) +- AC_MSG_ERROR([build test failed. Please check the config.log for details.]) +- ], [ +- [$]$1 +- ]) +- ]) +- if test "$php_cv_libxml_build_works" = "yes"; then +- AC_DEFINE(HAVE_LIBXML, 1, [ ]) +- fi +- $2 +- else +- AC_MSG_ERROR([libxml2 version 2.6.11 or greater required.]) +- fi + ifelse([$3],[],,[else $3]) + fi + ]) +-- +1.9.1 + diff --git a/meta-webserver/recipes-php/modphp/files/70_mod_php5.conf b/meta-webserver/recipes-php/modphp/files/70_mod_php5.conf new file mode 100644 index 000000000..1de6fb11a --- /dev/null +++ b/meta-webserver/recipes-php/modphp/files/70_mod_php5.conf @@ -0,0 +1,12 @@ +# vim: ft=apache sw=4 ts=4 + + # Load the module first + + LoadModule php5_module lib/apache2/modules/libphp5.so + + + # Set it to handle the files + AddHandler php5-script .php .phtml .php3 .php4 .php5 + AddType application/x-httpd-php-source .phps + DirectoryIndex index.html index.html.var index.php index.phtml + diff --git a/meta-webserver/recipes-php/modphp/files/configure.patch b/meta-webserver/recipes-php/modphp/files/configure.patch new file mode 100644 index 000000000..c5334c706 --- /dev/null +++ b/meta-webserver/recipes-php/modphp/files/configure.patch @@ -0,0 +1,11 @@ +--- php-5.1.6/configure.old 2006-09-12 07:54:14.000000000 -0700 ++++ php-5.1.6/configure 2006-09-12 07:54:37.000000000 -0700 +@@ -14715,8 +14715,6 @@ + + + +- unset ac_cv_func_dlopen +- unset ac_cv_func___dlopen + unset found + + echo $ac_n "checking for dlopen""... $ac_c" 1>&6 diff --git a/meta-webserver/recipes-php/modphp/files/php-CVE-2014-3587.patch b/meta-webserver/recipes-php/modphp/files/php-CVE-2014-3587.patch new file mode 100644 index 000000000..e1c40f244 --- /dev/null +++ b/meta-webserver/recipes-php/modphp/files/php-CVE-2014-3587.patch @@ -0,0 +1,31 @@ +modphp: Security Advisory - php - CVE-2014-3587 + +Upstream-Status: Backport + +Signed-off-by: Yue Tao + +From 7ba1409a1aee5925180de546057ddd84ff267947 Mon Sep 17 00:00:00 2001 +From: Remi Collet +Date: Thu, 14 Aug 2014 17:19:03 -0700 +Subject: [PATCH] Fix bug #67716 - Segfault in cdf.c + +--- + ext/fileinfo/libmagic/cdf.c | 2 +- + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/ext/fileinfo/libmagic/cdf.c b/ext/fileinfo/libmagic/cdf.c +index 429f3b9..2c0a2d9 100644 +--- a/ext/fileinfo/libmagic/cdf.c ++++ b/ext/fileinfo/libmagic/cdf.c +@@ -820,7 +820,7 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h, + q = (const uint8_t *)(const void *) + ((const char *)(const void *)p + ofs + - 2 * sizeof(uint32_t)); +- if (q > e) { ++ if (q < p || q > e) { + DPRINTF(("Ran of the end %p > %p\n", q, e)); + goto out; + } +-- +1.7.9.5 + diff --git a/meta-webserver/recipes-php/modphp/files/php-CVE-2014-3597.patch b/meta-webserver/recipes-php/modphp/files/php-CVE-2014-3597.patch new file mode 100644 index 000000000..73f4e32c6 --- /dev/null +++ b/meta-webserver/recipes-php/modphp/files/php-CVE-2014-3597.patch @@ -0,0 +1,282 @@ +modphp: Security Advisory - php - CVE-2014-3597 + +Upstream-Status: Backport + +Signed-off-by: Yue Tao + +From 2fefae47716d501aec41c1102f3fd4531f070b05 Mon Sep 17 00:00:00 2001 +From: Remi Collet +Date: Tue, 19 Aug 2014 08:33:49 +0200 +Subject: [PATCH] Fixed Sec Bug #67717 segfault in dns_get_record + CVE-2014-3597 + +Incomplete fix for CVE-2014-4049 + +Check possible buffer overflow +- pass real buffer end to dn_expand calls +- check buffer len before each read +--- + ext/standard/dns.c | 84 +++++++++++++++++++++++++++++++++++++--------------- + 1 file changed, 60 insertions(+), 24 deletions(-) + +diff --git a/ext/standard/dns.c b/ext/standard/dns.c +index 214a7dc..0b5e69c 100644 +--- a/ext/standard/dns.c ++++ b/ext/standard/dns.c +@@ -412,8 +412,14 @@ PHP_FUNCTION(dns_check_record) + + #if HAVE_FULL_DNS_FUNCS + ++#define CHECKCP(n) do { \ ++ if (cp + n > end) { \ ++ return NULL; \ ++ } \ ++} while (0) ++ + /* {{{ php_parserr */ +-static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int store, int raw, zval **subarray) ++static u_char *php_parserr(u_char *cp, u_char *end, querybuf *answer, int type_to_fetch, int store, int raw, zval **subarray) + { + u_short type, class, dlen; + u_long ttl; +@@ -425,16 +431,18 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int + + *subarray = NULL; + +- n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, sizeof(name) - 2); ++ n = dn_expand(answer->qb2, end, cp, name, sizeof(name) - 2); + if (n < 0) { + return NULL; + } + cp += n; + ++ CHECKCP(10); + GETSHORT(type, cp); + GETSHORT(class, cp); + GETLONG(ttl, cp); + GETSHORT(dlen, cp); ++ CHECKCP(dlen); + if (type_to_fetch != T_ANY && type != type_to_fetch) { + cp += dlen; + return cp; +@@ -461,12 +469,14 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int + + switch (type) { + case DNS_T_A: ++ CHECKCP(4); + add_assoc_string(*subarray, "type", "A", 1); + snprintf(name, sizeof(name), "%d.%d.%d.%d", cp[0], cp[1], cp[2], cp[3]); + add_assoc_string(*subarray, "ip", name, 1); + cp += dlen; + break; + case DNS_T_MX: ++ CHECKCP(2); + add_assoc_string(*subarray, "type", "MX", 1); + GETSHORT(n, cp); + add_assoc_long(*subarray, "pri", n); +@@ -485,7 +495,7 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int + if (type == DNS_T_PTR) { + add_assoc_string(*subarray, "type", "PTR", 1); + } +- n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, (sizeof name) - 2); ++ n = dn_expand(answer->qb2, end, cp, name, (sizeof name) - 2); + if (n < 0) { + return NULL; + } +@@ -495,18 +505,22 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int + case DNS_T_HINFO: + /* See RFC 1010 for values */ + add_assoc_string(*subarray, "type", "HINFO", 1); ++ CHECKCP(1); + n = *cp & 0xFF; + cp++; ++ CHECKCP(n); + add_assoc_stringl(*subarray, "cpu", (char*)cp, n, 1); + cp += n; ++ CHECKCP(1); + n = *cp & 0xFF; + cp++; ++ CHECKCP(n); + add_assoc_stringl(*subarray, "os", (char*)cp, n, 1); + cp += n; + break; + case DNS_T_TXT: + { +- int ll = 0; ++ int l1 = 0, l2 = 0; + zval *entries = NULL; + + add_assoc_string(*subarray, "type", "TXT", 1); +@@ -515,37 +529,41 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int + MAKE_STD_ZVAL(entries); + array_init(entries); + +- while (ll < dlen) { +- n = cp[ll]; +- if ((ll + n) >= dlen) { ++ while (l1 < dlen) { ++ n = cp[l1]; ++ if ((l1 + n) >= dlen) { + // Invalid chunk length, truncate +- n = dlen - (ll + 1); ++ n = dlen - (l1 + 1); ++ } ++ if (n) { ++ memcpy(tp + l2 , cp + l1 + 1, n); ++ add_next_index_stringl(entries, cp + l1 + 1, n, 1); + } +- memcpy(tp + ll , cp + ll + 1, n); +- add_next_index_stringl(entries, cp + ll + 1, n, 1); +- ll = ll + n + 1; ++ l1 = l1 + n + 1; ++ l2 = l2 + n; + } +- tp[dlen] = '\0'; ++ tp[l2] = '\0'; + cp += dlen; + +- add_assoc_stringl(*subarray, "txt", tp, (dlen>0)?dlen - 1:0, 0); ++ add_assoc_stringl(*subarray, "txt", tp, l2, 0); + add_assoc_zval(*subarray, "entries", entries); + } + break; + case DNS_T_SOA: + add_assoc_string(*subarray, "type", "SOA", 1); +- n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, (sizeof name) -2); ++ n = dn_expand(answer->qb2, end, cp, name, (sizeof name) -2); + if (n < 0) { + return NULL; + } + cp += n; + add_assoc_string(*subarray, "mname", name, 1); +- n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, (sizeof name) -2); ++ n = dn_expand(answer->qb2, end, cp, name, (sizeof name) -2); + if (n < 0) { + return NULL; + } + cp += n; + add_assoc_string(*subarray, "rname", name, 1); ++ CHECKCP(5*4); + GETLONG(n, cp); + add_assoc_long(*subarray, "serial", n); + GETLONG(n, cp); +@@ -559,6 +577,7 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int + break; + case DNS_T_AAAA: + tp = (u_char*)name; ++ CHECKCP(8*2); + for(i=0; i < 8; i++) { + GETSHORT(s, cp); + if (s != 0) { +@@ -593,6 +612,7 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int + case DNS_T_A6: + p = cp; + add_assoc_string(*subarray, "type", "A6", 1); ++ CHECKCP(1); + n = ((int)cp[0]) & 0xFF; + cp++; + add_assoc_long(*subarray, "masklen", n); +@@ -628,6 +648,7 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int + cp++; + } + for (i = (n + 8) / 16; i < 8; i++) { ++ CHECKCP(2); + GETSHORT(s, cp); + if (s != 0) { + if (tp > (u_char *)name) { +@@ -657,7 +678,7 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int + tp[0] = '\0'; + add_assoc_string(*subarray, "ipv6", name, 1); + if (cp < p + dlen) { +- n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, (sizeof name) - 2); ++ n = dn_expand(answer->qb2, end, cp, name, (sizeof name) - 2); + if (n < 0) { + return NULL; + } +@@ -666,6 +687,7 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int + } + break; + case DNS_T_SRV: ++ CHECKCP(3*2); + add_assoc_string(*subarray, "type", "SRV", 1); + GETSHORT(n, cp); + add_assoc_long(*subarray, "pri", n); +@@ -673,7 +695,7 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int + add_assoc_long(*subarray, "weight", n); + GETSHORT(n, cp); + add_assoc_long(*subarray, "port", n); +- n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, (sizeof name) - 2); ++ n = dn_expand(answer->qb2, end, cp, name, (sizeof name) - 2); + if (n < 0) { + return NULL; + } +@@ -681,21 +703,35 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int + add_assoc_string(*subarray, "target", name, 1); + break; + case DNS_T_NAPTR: ++ CHECKCP(2*2); + add_assoc_string(*subarray, "type", "NAPTR", 1); + GETSHORT(n, cp); + add_assoc_long(*subarray, "order", n); + GETSHORT(n, cp); + add_assoc_long(*subarray, "pref", n); ++ ++ CHECKCP(1); + n = (cp[0] & 0xFF); +- add_assoc_stringl(*subarray, "flags", (char*)++cp, n, 1); ++ cp++; ++ CHECKCP(n); ++ add_assoc_stringl(*subarray, "flags", (char*)cp, n, 1); + cp += n; ++ ++ CHECKCP(1); + n = (cp[0] & 0xFF); +- add_assoc_stringl(*subarray, "services", (char*)++cp, n, 1); ++ cp++; ++ CHECKCP(n); ++ add_assoc_stringl(*subarray, "services", (char*)cp, n, 1); + cp += n; ++ ++ CHECKCP(1); + n = (cp[0] & 0xFF); +- add_assoc_stringl(*subarray, "regex", (char*)++cp, n, 1); ++ cp++; ++ CHECKCP(n); ++ add_assoc_stringl(*subarray, "regex", (char*)cp, n, 1); + cp += n; +- n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, (sizeof name) - 2); ++ ++ n = dn_expand(answer->qb2, end, cp, name, (sizeof name) - 2); + if (n < 0) { + return NULL; + } +@@ -888,7 +924,7 @@ PHP_FUNCTION(dns_get_record) + while (an-- && cp && cp < end) { + zval *retval; + +- cp = php_parserr(cp, &answer, type_to_fetch, store_results, raw, &retval); ++ cp = php_parserr(cp, end, &answer, type_to_fetch, store_results, raw, &retval); + if (retval != NULL && store_results) { + add_next_index_zval(return_value, retval); + } +@@ -901,7 +937,7 @@ PHP_FUNCTION(dns_get_record) + while (ns-- > 0 && cp && cp < end) { + zval *retval = NULL; + +- cp = php_parserr(cp, &answer, DNS_T_ANY, authns != NULL, raw, &retval); ++ cp = php_parserr(cp, end, &answer, DNS_T_ANY, authns != NULL, raw, &retval); + if (retval != NULL) { + add_next_index_zval(authns, retval); + } +@@ -913,7 +949,7 @@ PHP_FUNCTION(dns_get_record) + while (ar-- > 0 && cp && cp < end) { + zval *retval = NULL; + +- cp = php_parserr(cp, &answer, DNS_T_ANY, 1, raw, &retval); ++ cp = php_parserr(cp, end, &answer, DNS_T_ANY, 1, raw, &retval); + if (retval != NULL) { + add_next_index_zval(addtl, retval); + } +-- +1.7.9.5 + diff --git a/meta-webserver/recipes-php/modphp/files/php-CVE-2014-5120.patch b/meta-webserver/recipes-php/modphp/files/php-CVE-2014-5120.patch new file mode 100644 index 000000000..f2e23b3f0 --- /dev/null +++ b/meta-webserver/recipes-php/modphp/files/php-CVE-2014-5120.patch @@ -0,0 +1,35 @@ +modphp: Security Advisory - php - CVE-2014-5120 + +Upstream-Status: Backport + +Signed-off-by Yue Tao + +From 706aefb78112a44d4932d4c9430c6a898696f51f Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Mon, 18 Aug 2014 22:49:10 -0700 +Subject: [PATCH] Fix bug #67730 - Null byte injection possible with imagexxx + functions + +--- + ext/gd/gd_ctx.c | 5 +++++ + 2 files changed, 7 insertions(+) + +diff --git a/ext/gd/gd_ctx.c b/ext/gd/gd_ctx.c +index bff691f..eafbab5 100644 +--- a/ext/gd/gd_ctx.c ++++ b/ext/gd/gd_ctx.c +@@ -124,6 +124,11 @@ static void _php_image_output_ctx(INTERNAL_FUNCTION_PARAMETERS, int image_type, + RETURN_FALSE; + } + } else if (Z_TYPE_P(to_zval) == IS_STRING) { ++ if (CHECK_ZVAL_NULL_PATH(to_zval)) { ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid 2nd parameter, filename must not contain null bytes"); ++ RETURN_FALSE; ++ } ++ + stream = php_stream_open_wrapper(Z_STRVAL_P(to_zval), "wb", REPORT_ERRORS|IGNORE_PATH|IGNORE_URL_WIN, NULL); + if (stream == NULL) { + RETURN_FALSE; +-- +1.7.9.5 + diff --git a/meta-webserver/recipes-php/modphp/files/pthread-check-threads-m4.patch b/meta-webserver/recipes-php/modphp/files/pthread-check-threads-m4.patch new file mode 100644 index 000000000..0c564cd88 --- /dev/null +++ b/meta-webserver/recipes-php/modphp/files/pthread-check-threads-m4.patch @@ -0,0 +1,30 @@ +From d8067ceacbf54e79c9c6b68675332c09eaa0b55d Mon Sep 17 00:00:00 2001 +From: Jackie Huang +Date: Mon, 8 Apr 2013 14:29:51 +0800 +Subject: [PATCH] pthread-check + +Enable pthreads support when cross-compiling + +Upstream-Status: Inapproprate [config] + +Signed-off-by: Jackie Huang +--- + TSRM/threads.m4 | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +diff --git a/TSRM/threads.m4 b/TSRM/threads.m4 +index 38494ce..15d9454 100644 +--- a/TSRM/threads.m4 ++++ b/TSRM/threads.m4 +@@ -86,7 +86,7 @@ int main() { + pthreads_working=no + ], [ + dnl For cross compiling running this test is of no use. NetWare supports pthreads +- pthreads_working=no ++ pthreads_working=yes + case $host_alias in + *netware*) + pthreads_working=yes +-- +1.7.4.1 + diff --git a/meta-webserver/recipes-php/modphp/modphp5.inc b/meta-webserver/recipes-php/modphp/modphp5.inc new file mode 100644 index 000000000..f60c7bbfc --- /dev/null +++ b/meta-webserver/recipes-php/modphp/modphp5.inc @@ -0,0 +1,112 @@ +SECTION = "console/network" +DESCRIPTION = "A server-side, HTML-embedded scripting language. This package provides the apache php module." +LICENSE = "PHP-3.0" +INC_PR = "r1" +DEPENDS = "apache2-native apache2 zlib bzip2 libmcrypt" + +SRC_URI = "http://www.php.net/distributions/php-${PV}.tar.bz2 \ + file://configure.patch \ + file://pthread-check-threads-m4.patch \ + file://70_mod_php5.conf \ + file://0001-using-pkgconfig-to-check-libxml.patch \ + file://php-CVE-2014-5120.patch \ + file://php-CVE-2014-3587.patch \ + file://php-CVE-2014-3597.patch \ +" + +S = "${WORKDIR}/php-${PV}" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=52dd90569008fee5bcdbb22d945b1108" + +inherit autotools pkgconfig + +PNBLACKLIST[modphp] ?= "CONFLICT: 466 header files conflict with php" +# e.g. sysroots/qemux86-64/usr/include/php/main/win95nt.h + +CFLAGS += " -g -DPTYS_ARE_GETPT -DPTYS_ARE_SEARCHED -I${STAGING_INCDIR}/apache2" + +EXTRA_OECONF = "--with-apxs2=${STAGING_BINDIR_CROSS}/apxs \ + --with-pic \ + --enable-maintainer-zts \ + --without-mysql \ + --disable-cgi \ + --disable-cli \ + --disable-pdo \ + --without-pear \ + --without-iconv \ + --disable-ipv6 \ + --disable-xml \ + --disable-xmlreader \ + --disable-xmlwriter \ + --disable-simplexml \ + --disable-dom \ + --disable-rpath \ + --libdir=${libdir}/php5 \ + --with-zlib --with-zlib-dir=${STAGING_DIR_TARGET}${exec_prefix} \ + --with-bz2=${STAGING_DIR_TARGET}${exec_prefix} \ + --with-mcrypt=${STAGING_DIR_TARGET}${exec_prefix} \ + --enable-zip \ + --enable-mbstring \ + --with-config-file-path=${sysconfdir}/php/apache2-php5 \ + ${@base_conditional('SITEINFO_ENDIANNESS', 'le', 'ac_cv_c_bigendian_php=no', 'ac_cv_c_bigendian_php=yes', d)}" + +PACKAGECONFIG ??= "mysql" +PACKAGECONFIG[mysql] = "--with-mysqli=${STAGING_BINDIR_CROSS}/mysql_config,--without-mysqli,mysql5" +PACKAGECONFIG[pgsql] = "--with-pgsql=${STAGING_DIR_TARGET}${exec_prefix},--without-pgsql,mysql5" +PACKAGECONFIG[libxml] = "--enable-libxml,--disable-libxml,libxml2" +PACKAGECONFIG[soap] = "--enable-libxml --enable-soap, --disable-soap, libxml2" + +acpaths = "" + +do_configure_prepend () { + rm -f ${S}/build/libtool.m4 ${S}/ltmain.sh ${S}/aclocal.m4 + find ${S} -name config.m4 | xargs -n1 sed -i 's!APXS_HTTPD=.*!APXS_HTTPD=${STAGING_BINDIR_NATIVE}/httpd!' +} + +do_configure_append() { + # No libtool, we really don't want rpath set... + sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' ${HOST_SYS}-libtool + sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' ${HOST_SYS}-libtool +} + +do_install () { + install -d ${D}${libdir}/apache2/modules + install -d ${D}${sysconfdir}/apache2/modules.d + install -d ${D}${sysconfdir}/php/apache2-php5 + install -m 755 libs/libphp5.so ${D}${libdir}/apache2/modules + install -m 644 ${WORKDIR}/70_mod_php5.conf ${D}${sysconfdir}/apache2/modules.d + sed -i s,lib/,${libdir}/, ${D}${sysconfdir}/apache2/modules.d/70_mod_php5.conf + cat ${S}/php.ini-production | \ + sed -e 's,extension_dir = \"\./\",extension_dir = \"/usr/lib/extensions\",' \ + > ${D}${sysconfdir}/php/apache2-php5/php.ini + + install -d ${D}${bindir} + install -m 755 scripts/phpize ${D}${bindir} + install -m 755 scripts/php-config ${D}${bindir} + cat aclocal-copy/libtool.m4 aclocal-copy/lt~obsolete.m4 aclocal-copy/ltoptions.m4 \ + aclocal-copy/ltsugar.m4 aclocal-copy/ltversion.m4 > ${S}/build/libtool.m4 + + oe_runmake install-build install-headers INSTALL_ROOT=${D} +} + +SYSROOT_PREPROCESS_FUNCS += "php_sysroot_preprocess" + +php_sysroot_preprocess () { + install -d ${SYSROOT_DESTDIR}${bindir_crossscripts}/ + install -m 755 ${D}${bindir}/phpize ${SYSROOT_DESTDIR}${bindir_crossscripts}/ + install -m 755 ${D}${bindir}/php-config ${SYSROOT_DESTDIR}${bindir_crossscripts}/ + + sed -i 's!eval echo /!eval echo ${STAGING_DIR_HOST}/!' ${SYSROOT_DESTDIR}${bindir_crossscripts}/phpize + sed -i 's!^include_dir=.*!include_dir=${STAGING_INCDIR}/php!' ${SYSROOT_DESTDIR}${bindir_crossscripts}/php-config +} + +# phpize is not scanned for absolute paths by default (but php-config is). +# +SSTATE_SCAN_FILES += "phpize" + +RDEPENDS_${PN} = "apache2" + +FILES_${PN} = "${libdir}/apache2 ${sysconfdir}" +FILES_${PN}-dev += "${bindir}/phpize ${bindir}/php-config ${libdir}/php5" +FILES_${PN}-dbg += "${libdir}/apache2/modules/.debug" + diff --git a/meta-webserver/recipes-php/modphp/modphp_5.5.15.bb b/meta-webserver/recipes-php/modphp/modphp_5.5.15.bb new file mode 100644 index 000000000..aed620f5b --- /dev/null +++ b/meta-webserver/recipes-php/modphp/modphp_5.5.15.bb @@ -0,0 +1,7 @@ +include modphp5.inc + +EXTRA_OECONF += "--disable-opcache" + +SRC_URI[md5sum] = "5cb5f2ed9099299f8a4c952d59d93812" +SRC_URI[sha256sum] = "00f24226b12fee27e332383b6304f1b9ed3f4d9173dd728a68c5c3f5a59b8ba7" + diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/0001-bug-4504-security-Self-XSS-in-query-charts.patch b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/0001-bug-4504-security-Self-XSS-in-query-charts.patch new file mode 100644 index 000000000..27eac7762 --- /dev/null +++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/0001-bug-4504-security-Self-XSS-in-query-charts.patch @@ -0,0 +1,29 @@ +From 90ddeecf60fc029608b972e490b735f3a65ed0cb Mon Sep 17 00:00:00 2001 +From: Madhura Jayaratne +Date: Sun, 17 Aug 2014 08:52:05 -0400 +Subject: [PATCH] bug #4504 [security] Self-XSS in query charts + +Upstream-status: Backport + +Signed-off-by: Marc Delisle +--- + js/tbl_chart.js | 2 +- + 2 files changed, 2 insertions(+), 1 deletion(-) + + 4.2.7.0 (2014-07-31) +diff --git a/js/tbl_chart.js b/js/tbl_chart.js +index 943d4ae..04c9c40 100644 +--- a/js/tbl_chart.js ++++ b/js/tbl_chart.js +@@ -47,7 +47,7 @@ function PMA_queryChart(data, columnNames, settings) { + }, + axes : { + xaxis : { +- label : settings.xaxisLabel ++ label : escapeHtml(settings.xaxisLabel) + }, + yaxis : { + label : settings.yaxisLabel +-- +1.7.10.4 + diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/0001-bug-4505-security-XSS-in-view-operations-page.patch b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/0001-bug-4505-security-XSS-in-view-operations-page.patch new file mode 100644 index 000000000..164a072ef --- /dev/null +++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/0001-bug-4505-security-XSS-in-view-operations-page.patch @@ -0,0 +1,43 @@ +From 0cd293f5e13aa245e4a57b8d373597cc0e421b6f Mon Sep 17 00:00:00 2001 +From: Madhura Jayaratne +Date: Sun, 17 Aug 2014 08:41:57 -0400 +Subject: [PATCH] bug #4505 [security] XSS in view operations page + +Upstream-Status: Backport + +Signed-off-by: Marc Delisle +--- + ChangeLog | 3 +++ + js/functions.js | 2 +- + 2 files changed, 4 insertions(+), 1 deletion(-) + +diff --git a/ChangeLog b/ChangeLog +index 7afac1a..cec9d77 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,6 +1,9 @@ + phpMyAdmin - ChangeLog + ====================== + ++4.2.7.1 (2014-08-17) ++- bug #4505 [security] XSS in view operations page ++ + 4.2.7.0 (2014-07-31) + - bug Broken links on home page + - bug #4494 Overlap in navigation panel +diff --git a/js/functions.js b/js/functions.js +index 09bfeda..a970a81 100644 +--- a/js/functions.js ++++ b/js/functions.js +@@ -3585,7 +3585,7 @@ AJAX.registerOnload('functions.js', function () { + var question = PMA_messages.strDropTableStrongWarning + ' '; + question += $.sprintf( + PMA_messages.strDoYouReally, +- 'DROP VIEW ' + PMA_commonParams.get('table') ++ 'DROP VIEW ' + escapeHtml(PMA_commonParams.get('table')) + ); + + $(this).PMA_confirm(question, $(this).attr('href'), function (url) { +-- +1.7.10.4 + diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/apache.conf b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/apache.conf new file mode 100644 index 000000000..94cbd865c --- /dev/null +++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/apache.conf @@ -0,0 +1,42 @@ +# phpMyAdmin default Apache configuration + +Alias /phpmyadmin /usr/share/phpmyadmin + + + Options FollowSymLinks + DirectoryIndex index.php + Require all granted + + + AddType application/x-httpd-php .php + + php_flag magic_quotes_gpc Off + php_flag track_vars On + php_flag register_globals Off + php_admin_flag allow_url_fopen Off + php_value include_path . + php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp + php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/ + + + +# Authorize for setup + + + AuthType Basic + AuthName "phpMyAdmin Setup" + AuthUserFile /etc/phpmyadmin/htpasswd.setup + + Require valid-user + + +# Disallow web access to directories that don't need it + + Order Deny,Allow + Deny from All + + + Order Deny,Allow + Deny from All + + diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.2.7.bb b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.2.7.bb new file mode 100644 index 000000000..447b77884 --- /dev/null +++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.2.7.bb @@ -0,0 +1,34 @@ +SUMMARY = "Web-based MySQL administration interface" +HOMEPAGE = "http://www.phpmyadmin.net" +# Main code is GPLv2, libraries/tcpdf is under LGPLv3, js/jquery is under MIT +LICENSE = "GPLv2 & LGPLv3 & MIT" +LIC_FILES_CHKSUM = "file://LICENSE;md5=eb723b61539feef013de476e68b5c50a \ + file://libraries/tcpdf/LICENSE.TXT;md5=5c87b66a5358ebcc495b03e0afcd342c" + +SRC_URI = "${SOURCEFORGE_MIRROR}/phpmyadmin/phpMyAdmin/${PV}/phpMyAdmin-${PV}-all-languages.tar.xz \ + file://0001-bug-4504-security-Self-XSS-in-query-charts.patch \ + file://0001-bug-4505-security-XSS-in-view-operations-page.patch \ + file://apache.conf" + +SRC_URI[md5sum] = "0dcd755450dac819f33502590c88ad29" +SRC_URI[sha256sum] = "5d101dd88a99a869bc0c684a7f687cf290abc4bf306daac73337cbde2d7743e4" + +S = "${WORKDIR}/phpMyAdmin-${PV}-all-languages" + +inherit allarch + +do_install() { + install -d ${D}${datadir}/${BPN} + cp -a * ${D}${datadir}/${BPN} + + install -d ${D}${sysconfdir}/apache2/conf.d + install -m 0644 ${WORKDIR}/apache.conf ${D}${sysconfdir}/apache2/conf.d/phpmyadmin.conf + + # Remove a few scripts that explicitly require bash (!) + rm -f ${D}${datadir}/phpmyadmin/libraries/transformations/*.sh +} + +FILES_${PN} = "${datadir}/${BPN} \ + ${sysconfdir}/apache2/conf.d" + +RDEPENDS_${PN} += "bash" diff --git a/meta-webserver/recipes-php/xdebug/xdebug_2.2.5.bb b/meta-webserver/recipes-php/xdebug/xdebug_2.2.5.bb new file mode 100644 index 000000000..66aff5e33 --- /dev/null +++ b/meta-webserver/recipes-php/xdebug/xdebug_2.2.5.bb @@ -0,0 +1,36 @@ +SUMMARY = "Debugging and profiling extension for PHP" +LICENSE = "Xdebug" +LIC_FILES_CHKSUM = "file://LICENSE;md5=34df3a274aa12b795417c65634c07f16" + +DEPENDS = "modphp" + +PNBLACKLIST[xdebug] ?= "CONFLICT: depends on blocked modphp" + +SRC_URI = "http://xdebug.org/files/xdebug-${PV}.tgz" + +SRC_URI[md5sum] = "7e571ce8eb6fa969fd8263969019849d" +SRC_URI[sha256sum] = "adc6fe92dcff2368be94d20a5997aadb4d46d74551e2dd6602a704a35a195a6f" + +inherit autotools + +EXTRA_OECONF += "--enable-xdebug -with-php-config=${STAGING_BINDIR_CROSS}/php-config" + +do_configure() { + cd ${S} + ${STAGING_BINDIR_CROSS}/phpize + cd ${B} + + # Running autoreconf as autotools_do_configure would do here + # breaks the libtool configuration resulting in a failure later + # in do_compile. It's possible this may be fixable, however the + # easiest course of action for the moment is to avoid doing that. + oe_runconf +} + +do_install() { + oe_runmake install INSTALL_ROOT=${D} +} + +FILES_${PN} += "${libdir}/php5/extensions/*/*.so" +FILES_${PN}-dbg += "${libdir}/php5/extensions/*/.debug" + diff --git a/meta-webserver/recipes-support/fcgi/fcgi/Fix_EOF_not_declared_issue.patch b/meta-webserver/recipes-support/fcgi/fcgi/Fix_EOF_not_declared_issue.patch new file mode 100644 index 000000000..51ddeaac2 --- /dev/null +++ b/meta-webserver/recipes-support/fcgi/fcgi/Fix_EOF_not_declared_issue.patch @@ -0,0 +1,17 @@ +Upstream-Status: Pending + +Fix EOF not declared issue, following is the error log. +fcgio.cpp:70:72: error: 'EOF' was not declared in this scope + if (FCGX_PutStr(pbase(), plen, this->fcgx) != plen) return EOF; + +Signed-off-by: Yang Haibo +--- fcgi-ori/libfcgi/fcgio.cpp 2014-07-28 18:01:00.000000000 +0800 ++++ fcgi-2.4.0/libfcgi/fcgio.cpp 2014-07-28 18:01:22.000000000 +0800 +@@ -22,6 +22,7 @@ + #define DLLAPI __declspec(dllexport) + #endif + ++#include + #include + #include "fcgio.h" + diff --git a/meta-webserver/recipes-support/fcgi/fcgi/add_foreign_to_AM_INIT_AUTOMAKE.patch b/meta-webserver/recipes-support/fcgi/fcgi/add_foreign_to_AM_INIT_AUTOMAKE.patch new file mode 100644 index 000000000..eca694adc --- /dev/null +++ b/meta-webserver/recipes-support/fcgi/fcgi/add_foreign_to_AM_INIT_AUTOMAKE.patch @@ -0,0 +1,18 @@ +Upstream-Status: Pending + +use automake options "foreign" to set the strictness as appropriate + +Signed-off-by: Yang Haibo +--- fcgi-ori/configure.in 2014-08-05 14:58:35.000000000 +0800 ++++ fcgi-2.4.0/configure.in 2014-08-05 14:59:08.000000000 +0800 +@@ -4,8 +4,8 @@ + dnl generate the file "configure", which is run during the build + dnl to configure the system for the local environment. + +-AC_INIT +-AM_INIT_AUTOMAKE(fcgi, 2.4.0) ++AC_INIT([fcgi], [2.4.0]) ++AM_INIT_AUTOMAKE([foreign]) + + AM_CONFIG_HEADER(fcgi_config.h) + diff --git a/meta-webserver/recipes-support/fcgi/fcgi_2.4.0.bb b/meta-webserver/recipes-support/fcgi/fcgi_2.4.0.bb new file mode 100644 index 000000000..ed718aefd --- /dev/null +++ b/meta-webserver/recipes-support/fcgi/fcgi_2.4.0.bb @@ -0,0 +1,15 @@ +DESCRIPTION = "FastCGI is a protocol for interfacing interactive programs with a web server." +HOMEPAGE = "http://www.fastcgi.com" +LICENSE = "OML" +LIC_FILES_CHKSUM = "file://LICENSE.TERMS;md5=e3aacac3a647af6e7e31f181cda0a06a" + +SRC_URI = "http://fossies.org/linux/www/${BP}.tar.gz \ + file://Fix_EOF_not_declared_issue.patch \ + file://add_foreign_to_AM_INIT_AUTOMAKE.patch \ +" +SRC_URI[md5sum] = "d15060a813b91383a9f3c66faf84867e" +SRC_URI[sha256sum] = "66fc45c6b36a21bf2fbbb68e90f780cc21a9da1fffbae75e76d2b4402d3f05b9" + +inherit autotools + +PARALLEL_MAKE = "" diff --git a/meta-webserver/recipes-webadmin/webmin/files/disable-version-check.patch b/meta-webserver/recipes-webadmin/webmin/files/disable-version-check.patch new file mode 100644 index 000000000..a9ee40507 --- /dev/null +++ b/meta-webserver/recipes-webadmin/webmin/files/disable-version-check.patch @@ -0,0 +1,45 @@ +Disable OS version check in status screen + +The code is not able to accurately detect the correct distro/version at +the moment. + +Upstream-status: Inappropriate + +Signed-off-by: Paul Eggleton + +diff --git a/webmin/webmin-lib.pl b/webmin/webmin-lib.pl +index 57a37f7..838b944 100755 +--- a/webmin/webmin-lib.pl ++++ b/webmin/webmin-lib.pl +@@ -1059,18 +1059,19 @@ my %miniserv; + &load_theme_library(); # So that UI functions work + + # Need OS upgrade +-my %realos = &detect_operating_system(undef, 1); +-if (($realos{'os_version'} ne $gconfig{'os_version'} || +- $realos{'os_type'} ne $gconfig{'os_type'}) && +- $realos{'os_version'} && $realos{'os_type'} && +- &foreign_available("webmin")) { +- push(@notifs, +- &ui_form_start("$gconfig{'webprefix'}/webmin/fix_os.cgi"). +- &text('os_incorrect', $realos{'real_os_type'}, +- $realos{'real_os_version'})."

\n". +- &ui_form_end([ [ undef, $text{'os_fix'} ] ]) +- ); +- } ++# Disabled for now as os-chooser.pl does not work on our system ++#my %realos = &detect_operating_system(undef, 1); ++#if (($realos{'os_version'} ne $gconfig{'os_version'} || ++# $realos{'os_type'} ne $gconfig{'os_type'}) && ++# $realos{'os_version'} && $realos{'os_type'} && ++# &foreign_available("webmin")) { ++# push(@notifs, ++# &ui_form_start("$gconfig{'webprefix'}/webmin/fix_os.cgi"). ++# &text('os_incorrect', $realos{'real_os_type'}, ++# $realos{'real_os_version'})."

\n". ++# &ui_form_end([ [ undef, $text{'os_fix'} ] ]) ++# ); ++# } + + # Password close to expiry + my $warn_days = $config{'warn_days'}; diff --git a/meta-webserver/recipes-webadmin/webmin/files/exports-lib.pl.patch b/meta-webserver/recipes-webadmin/webmin/files/exports-lib.pl.patch new file mode 100644 index 000000000..177d8a372 --- /dev/null +++ b/meta-webserver/recipes-webadmin/webmin/files/exports-lib.pl.patch @@ -0,0 +1,32 @@ +From 7eba4c98c6953fa6ea76c1620d19524bcfa3a576 Mon Sep 17 00:00:00 2001 +From: Kevin Strasser +Date: Wed, 1 Aug 2012 11:51:26 -0700 +Subject: [PATCH] nfs export: remove nfsd check + +nfsd runs as a kernel process and does not have a pid. This means +that the command assigned to apply_cmd will never be executed when +the user tries to apply changes to nfs exports. + +Upstream-Status: Inappropriate [config] + +Signed-off-by: Kevin Strasser +--- + exports/exports-lib.pl | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/exports/exports-lib.pl b/exports/exports-lib.pl +index 22891c0..1c67494 100755 +--- a/exports/exports-lib.pl ++++ b/exports/exports-lib.pl +@@ -273,7 +273,7 @@ return !&has_command("rpc.nfsd") && !&has_command("nfsd") && + sub restart_mountd + { + # Try exportfs -r first +-if ($config{'apply_cmd'} && &find_byname("nfsd") && &find_byname("mountd")) { ++if ($config{'apply_cmd'} && &find_byname("mountd")) { + my $out = &backquote_logged("$config{'apply_cmd'} 2>&1 +# Signed-off-by: Jackie Huang +--- + init/index.cgi | 27 ++++++++++++++------------- + init/init-lib.pl | 5 +++-- + 2 files changed, 17 insertions(+), 15 deletions(-) + +diff --git a/init/index.cgi b/init/index.cgi +index d48b793..30dafd4 100755 +--- a/init/index.cgi ++++ b/init/index.cgi +@@ -45,19 +45,20 @@ elsif ($init_mode eq "init" && $access{'bootup'}) { + : "$config{'init_dir'}/$ac[0]"); + } + @runlevels = &list_runlevels(); +- foreach $r (@runlevels) { +- foreach $w ("S", "K") { +- foreach $a (&runlevel_actions($r, $w)) { +- @ac = split(/\s+/, $a); +- if (!$nodemap{$ac[2]}) { +- push(@acts, $ac[1]); +- push(@actsl, +- "1+$r+$ac[0]+$ac[1]+$ac[2]+$w"); +- push(@actsf, "$config{'init_base'}/rc$r.d/$w$ac[0]$ac[1]"); +- } +- } +- } +- } ++ # Assume there won't be any of these broken actions ++ #foreach $r (@runlevels) { ++ # foreach $w ("S", "K") { ++ # foreach $a (&runlevel_actions($r, $w)) { ++ # @ac = split(/\s+/, $a); ++ # if (!$nodemap{$ac[2]}) { ++ # push(@acts, $ac[1]); ++ # push(@actsl, ++ # "1+$r+$ac[0]+$ac[1]+$ac[2]+$w"); ++ # push(@actsf, "$config{'init_base'}/rc$r.d/$w$ac[0]$ac[1]"); ++ # } ++ # } ++ # } ++ # } + + # For each action, look at /etc/rc*.d/* files to see if it is + # started at boot +diff --git a/init/init-lib.pl b/init/init-lib.pl +index ead21ed..b41794b 100755 +--- a/init/init-lib.pl ++++ b/init/init-lib.pl +@@ -119,8 +119,9 @@ List boot time action names from init.d, such as httpd and cron. + =cut + sub list_actions + { +-local($dir, $f, @stbuf, @rv); ++local($dir, $f, @stbuf, @rv, @exclude); + $dir = $config{init_dir}; ++@exclude = split(/,/, $config{exclude}); + opendir(DIR, $dir); + foreach $f (sort { lc($a) cmp lc($b) } readdir(DIR)) { + if ($f eq "." || $f eq ".." || $f =~ /\.bak$/ || $f eq "functions" || +@@ -128,7 +129,7 @@ foreach $f (sort { lc($a) cmp lc($b) } readdir(DIR)) { + -d "$dir/$f" || $f =~ /\.swp$/ || $f eq "skeleton" || + $f =~ /\.lock$/ || $f =~ /\.dpkg-(old|dist)$/ || + $f =~ /^\.depend\./ || $f eq '.legacy-bootordering' || +- $f =~ /^mandrake/) { next; } ++ $f =~ /^mandrake/ || grep {$_ eq $f} @exclude ) { next; } + if (@stbuf = stat("$dir/$f")) { + push(@rv, "$f $stbuf[1]"); + } +-- +2.0.0 + diff --git a/meta-webserver/recipes-webadmin/webmin/files/media-tomb.patch b/meta-webserver/recipes-webadmin/webmin/files/media-tomb.patch new file mode 100644 index 000000000..46f310979 --- /dev/null +++ b/meta-webserver/recipes-webadmin/webmin/files/media-tomb.patch @@ -0,0 +1,65 @@ +diff -Nru webmin-1.570.bak/mediatomb/index.cgi webmin-1.570/mediatomb/index.cgi +--- webmin-1.570.bak/mediatomb/index.cgi 1969-12-31 16:00:00.000000000 -0800 ++++ webmin-1.570/mediatomb/index.cgi 2011-10-26 10:00:05.992522036 -0700 +@@ -0,0 +1,13 @@ ++#!/usr/bin/perl ++# index.cgi ++# Display MediaTomb option categories ++ ++require './mediatomb-lib.pl'; ++ ++ui_print_header(undef, $text{'index_title'}, "", undef, 1, 1); ++ ++ ++$ipaddress = &get_my_address(); ++print &text('index_desc', $ipaddress),"

\n"; ++ ++ui_print_footer("/", $text{'index'}); +diff -Nru webmin-1.570.bak/mediatomb/lang/en webmin-1.570/mediatomb/lang/en +--- webmin-1.570.bak/mediatomb/lang/en 1969-12-31 16:00:00.000000000 -0800 ++++ webmin-1.570/mediatomb/lang/en 2011-10-26 10:01:13.340522186 -0700 +@@ -0,0 +1,2 @@ ++index_title=MediaTomb ++index_desc=MediaTomb is an open source (GPL) UPnP MediaServer with a nice web user interface. You can access it via here. +diff -Nru webmin-1.570.bak/mediatomb/mediatomb-lib.pl webmin-1.570/mediatomb/mediatomb-lib.pl +--- webmin-1.570.bak/mediatomb/mediatomb-lib.pl 1969-12-31 16:00:00.000000000 -0800 ++++ webmin-1.570/mediatomb/mediatomb-lib.pl 2011-10-26 10:01:34.692522079 -0700 +@@ -0,0 +1,31 @@ ++#!/usr/bin/perl ++# mediatomb-lib.pl ++# Common functions for the MediaTomb module ++ ++BEGIN { push(@INC, ".."); }; ++use WebminCore; ++&init_config(); ++ ++sub get_my_address ++{ ++my $myip; ++if (&foreign_check("net")) { ++ # Try to get ethernet interface ++ &foreign_require("net", "net-lib.pl"); ++ my @act = &net::active_interfaces(); ++ my @ifaces = grep { &net::iface_type($_->{'fullname'}) =~ /ether/i } ++ @act; ++ @ifaces = ( $act[0] ) if (!@ifaces && @act); ++ if (@ifaces) { ++ return wantarray ? ( map { $_->{'address'} } @ifaces ) ++ : $ifaces[0]->{'address'}; ++ } ++ } ++$myip = &to_ipaddress(&get_system_hostname()); ++if ($myip) { ++ # Can resolve hostname .. use that ++ return wantarray ? ( $myip ) : $myip; ++ } ++return wantarray ? ( ) : undef; ++} ++ +diff -Nru webmin-1.570.bak/mediatomb/module.info webmin-1.570/mediatomb/module.info +--- webmin-1.570.bak/mediatomb/module.info 1969-12-31 16:00:00.000000000 -0800 ++++ webmin-1.570/mediatomb/module.info 2011-10-26 09:59:50.428528369 -0700 +@@ -0,0 +1,3 @@ ++desc=MediaTomb ++category=others ++longdesc=MediaTomb access module diff --git a/meta-webserver/recipes-webadmin/webmin/files/mount-excludefs.patch b/meta-webserver/recipes-webadmin/webmin/files/mount-excludefs.patch new file mode 100644 index 000000000..8cb74c4b1 --- /dev/null +++ b/meta-webserver/recipes-webadmin/webmin/files/mount-excludefs.patch @@ -0,0 +1,25 @@ +Add excludefs config option to mount module + +Adds a configuration option (currently hidden) to allow the distro to +hide certain filesystems from the mount module within Webmin (e.g. /dev) +since these shouldn't be modified from the web interface. + +Signed-off-by: Paul Eggleton + +Upstream-status: Pending + +--- webmin-1.570.orig/mount/index.cgi ++++ webmin-1.570/mount/index.cgi +@@ -33,10 +33,12 @@ elsif ($config{'sort_mode'} == 1) { + } + + # Build visible filesystems list ++@excludefs = split(/,/, $config{excludefs}); + foreach $m (@all) { + @minfo = @$m; + $p = &simplify_mount_path($minfo[0], $minfo[2]); + next if ($ignore{$minfo[2]}); ++ next if (grep {$_ eq $minfo[2]} @excludefs); + @mmodes = &mount_modes($minfo[2], $minfo[0], $minfo[1]); + $canedit = $can_edit{$minfo[2]} && !$mmodes[4] && + &can_edit_fs(@minfo); diff --git a/meta-webserver/recipes-webadmin/webmin/files/net-generic.patch b/meta-webserver/recipes-webadmin/webmin/files/net-generic.patch new file mode 100644 index 000000000..7d20affb2 --- /dev/null +++ b/meta-webserver/recipes-webadmin/webmin/files/net-generic.patch @@ -0,0 +1,21 @@ +# Add support for configuring network interfaces on a generic linux system +# +# Upstream-status: Not appropriate [config] +# +# Signed-off-by: Paul Eggleton +--- webmin-1.570.orig/net/module.info ++++ webmin-1.570/net/module.info +@@ -11,7 +11,7 @@ desc_ko_KR.UTF-8=네트워크 구성 + name=Networking + desc_tr=A Yaplandrmas + desc_de=Netzwerkkonfiguration +-os_support=solaris coherent-linux redhat-linux/5.0-* mandrake-linux united-linux suse-linux/6.0-* open-linux unixware turbo-linux/4.0 freebsd/3.2-* openbsd debian-linux/2.2-* cobalt-linux/2.2-* msc-linux gentoo-linux macos/1.5-* trustix-linux slackware-linux/8.0-* openmamba-linux cygwin windows pardus-linux ++os_support=generic-linux solaris coherent-linux redhat-linux/5.0-* mandrake-linux united-linux suse-linux/6.0-* open-linux unixware turbo-linux/4.0 freebsd/3.2-* openbsd debian-linux/2.2-* cobalt-linux/2.2-* msc-linux gentoo-linux macos/1.5-* trustix-linux slackware-linux/8.0-* openmamba-linux cygwin windows pardus-linux + desc_sk=Konfigurcia siete + desc_zh_CN= + risk=low medium high +--- /dev/null ++++ webmin-1.570/net/generic-linux-lib.pl +@@ -0,0 +1,2 @@ ++do 'linux-lib.pl'; ++ diff --git a/meta-webserver/recipes-webadmin/webmin/files/net-lib.pl.patch b/meta-webserver/recipes-webadmin/webmin/files/net-lib.pl.patch new file mode 100644 index 000000000..bdba5e73f --- /dev/null +++ b/meta-webserver/recipes-webadmin/webmin/files/net-lib.pl.patch @@ -0,0 +1,19 @@ +Upstream-Status: Inappropriate [config] + +XXX: need to work out a better fix. + +Signed-off-by: Dexuan Cui + +diff -Nru webmin-1.570.orig//net/net-lib.pl webmin-1.570/net/net-lib.pl +--- webmin-1.570.orig//net/net-lib.pl 2011-10-03 09:01:48.000000000 +0800 ++++ webmin-1.570/net/net-lib.pl 2011-10-28 13:52:56.138873664 +0800 +@@ -21,7 +21,8 @@ + do "$gconfig{'os_type'}-9.1-ALL-lib.pl"; + } + else { +- do "$gconfig{'os_type'}-lib.pl"; ++ #do "$gconfig{'os_type'}-lib.pl"; ++ do "debian-linux-lib.pl"; + } + + # list_hosts() diff --git a/meta-webserver/recipes-webadmin/webmin/files/nfs-export.patch b/meta-webserver/recipes-webadmin/webmin/files/nfs-export.patch new file mode 100644 index 000000000..c17e3b216 --- /dev/null +++ b/meta-webserver/recipes-webadmin/webmin/files/nfs-export.patch @@ -0,0 +1,39 @@ +commit e48f61d2f6df32a518bcb84db8c6eacfe5435c32 +Author: Yu Ke +Date: Fri Oct 28 14:40:51 2011 +0800 + +NFS export: fix syntax issue + +fix two syntax issue in /etc/exports: +1. if it is exported to everyone, should use "*", e.g. "/export *(xxx)" +2. explicitly specify subtree_check or no_subtree_check, required by latest nfs-utils + +Upstream-Status: Pending + +Signed-off-by: Yu Ke + +diff --git a/exports/save_export.cgi b/exports/save_export.cgi +index 3bc2f97..3e60298 100755 +--- a/exports/save_export.cgi ++++ b/exports/save_export.cgi +@@ -40,7 +40,7 @@ else { + &error(&text('save_enetmask', $in{'netmask'})); + $exp{'host'} = $in{'network'}."/".$in{'netmask'}; + } +- elsif ($in{'mode'} == 3) { $exp{'host'} = ""; } ++ elsif ($in{'mode'} == 3) { $exp{'host'} = "*"; } + else { + $in{'host'} =~ /\*/ || &to_ipaddress($in{'host'}) || + &error(&text('save_ehost', $in{'host'})); +@@ -70,6 +70,11 @@ else { + + delete($opts{'no_subtree_check'}); delete($opts{'subtree_check'}); + $opts{'no_subtree_check'} = "" if ($in{'no_subtree_check'}); ++ if ($in{'no_subtree_check'}) { ++ $opts{'no_subtree_check'} = ""; ++ } else { ++ $opts{'subtree_check'} = ""; ++ } + + delete($opts{'nohide'}); delete($opts{'hide'}); + $opts{'nohide'} = "" if ($in{'nohide'}); diff --git a/meta-webserver/recipes-webadmin/webmin/files/proftpd-config-fix.patch b/meta-webserver/recipes-webadmin/webmin/files/proftpd-config-fix.patch new file mode 100644 index 000000000..492a652d4 --- /dev/null +++ b/meta-webserver/recipes-webadmin/webmin/files/proftpd-config-fix.patch @@ -0,0 +1,18 @@ +Upstream-status: Inappropriate [configuration] + +Signed-off-by: Zhai Edwin + +Index: webmin-1.570/proftpd/config +=================================================================== +--- webmin-1.570.orig/proftpd/config 2011-10-25 20:18:37.000000000 +0800 ++++ webmin-1.570/proftpd/config 2011-10-25 20:21:13.000000000 +0800 +@@ -1,6 +1,6 @@ +-proftpd_path=/usr/local/sbin/proftpd +-proftpd_conf=/usr/local/etc/proftpd.conf +-pid_file=/usr/local/var/proftpd.pid ++proftpd_path=/usr/sbin/proftpd ++proftpd_conf=/etc/proftpd.conf ++pid_file=/var/proftpd.pid + ftpusers=/etc/ftpusers + test_config=1 + test_always=0 diff --git a/meta-webserver/recipes-webadmin/webmin/files/remove-python2.3.patch b/meta-webserver/recipes-webadmin/webmin/files/remove-python2.3.patch new file mode 100644 index 000000000..75e5bd1ea --- /dev/null +++ b/meta-webserver/recipes-webadmin/webmin/files/remove-python2.3.patch @@ -0,0 +1,25 @@ +From 6f04699d5d417122b67e8118fd1955c769f17e76 Mon Sep 17 00:00:00 2001 +From: Robert Yang +Date: Tue, 2 Sep 2014 00:11:05 -0700 +Subject: [PATCH] ajaxterm/ajaxterm/qweb.py: fix hardcode of python2.3 + +Upstream-Status: Pending + +Signed-off-by: Robert Yang +--- + ajaxterm/ajaxterm/qweb.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ajaxterm/ajaxterm/qweb.py b/ajaxterm/ajaxterm/qweb.py +index 20c5092..c658a6b 100644 +--- a/ajaxterm/ajaxterm/qweb.py ++++ b/ajaxterm/ajaxterm/qweb.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/python2.3 ++#!/usr/bin/env python + # + # vim:set et ts=4 fdc=0 fdn=2 fdl=0: + # +-- +1.7.9.5 + diff --git a/meta-webserver/recipes-webadmin/webmin/files/remove-startup-option.patch b/meta-webserver/recipes-webadmin/webmin/files/remove-startup-option.patch new file mode 100644 index 000000000..8493af852 --- /dev/null +++ b/meta-webserver/recipes-webadmin/webmin/files/remove-startup-option.patch @@ -0,0 +1,29 @@ +# Remove "start on boot" option from webmin configuration, as +# end-users should not need to configure this from the web interface +# +# Upstream-status: Inappropriate +# +# Signed-off-by: Paul Eggleton +--- webmin-1.570.orig/webmin/index.cgi ++++ webmin-1.570/webmin/index.cgi +@@ -79,20 +79,6 @@ print &ui_buttons_start(); + my %miniserv; + &get_miniserv_config(\%miniserv); + +-if (&foreign_check("init")) { +- &foreign_require("init", "init-lib.pl"); +- my $starting = &init::action_status("webmin"); +- print &ui_buttons_row("bootup.cgi", +- $text{'index_boot'}, +- $text{'index_bootmsg'}. +- ($miniserv{'inetd'} ? "$text{'index_inetd'}" : +- !$ENV{'MINISERV_CONFIG'} ? "$text{'index_apache'}" : ""), +- &ui_hidden("starting", $starting), +- &ui_radio("boot", $starting == 2 ? 1 : 0, +- [ [ 1, $text{'yes'} ], +- [ 0, $text{'no'} ] ])); +- } +- + # Restart Webmin + if (!$miniserv{'inetd'} && $ENV{'MINISERV_CONFIG'}) { + print &ui_buttons_row("restart.cgi", diff --git a/meta-webserver/recipes-webadmin/webmin/files/samba-config-fix.patch b/meta-webserver/recipes-webadmin/webmin/files/samba-config-fix.patch new file mode 100644 index 000000000..46645ac30 --- /dev/null +++ b/meta-webserver/recipes-webadmin/webmin/files/samba-config-fix.patch @@ -0,0 +1,32 @@ +Upstream-status: Inappropriate [configuration] + +Signed-off-by: Zhai Edwin + +Index: webmin-1.570/samba/config-generic-linux +=================================================================== +--- webmin-1.570.orig/samba/config-generic-linux 2011-10-25 20:11:35.000000000 +0800 ++++ webmin-1.570/samba/config-generic-linux 2011-10-25 20:15:41.000000000 +0800 +@@ -1,15 +1,15 @@ + list_printers_command=lpc status | grep "[A-z0-9]:" | sed -e 's/://g' +-smb_passwd=/usr/local/samba/private/smbpasswd ++smb_passwd=/usr/bin/smbpasswd + text_lists=0 + dont_convert=-499 +-name_server=/usr/local/samba/bin/nmbd +-smb_conf=/usr/local/samba/lib/smb.conf +-samba_server=/usr/local/samba/bin/smbd ++name_server=/usr/sbin/nmbd ++smb_conf=/etc/samba/smb.conf ++samba_server=/usr/sbin/smbd + run_from_inetd=0 +-samba_password_program=/usr/local/samba/bin/smbpasswd +-samba_status_program=/usr/local/samba/bin/smbstatus ++samba_password_program=/usr/bin/smbpasswd ++samba_status_program=/usr/bin/smbstatus + swat_path=/usr/local/samba/bin/swat + sort_mode=0 + smbgroupedit=/usr/local/samba/bin/smbgroupedit +-pdbedit=/usr/local/samba/bin/pdbedit +-net=/usr/local/samba/bin/net ++pdbedit=/usr/bin/pdbedit ++net=/usr/bin/net diff --git a/meta-webserver/recipes-webadmin/webmin/files/setup.sh b/meta-webserver/recipes-webadmin/webmin/files/setup.sh new file mode 100755 index 000000000..8d24f928f --- /dev/null +++ b/meta-webserver/recipes-webadmin/webmin/files/setup.sh @@ -0,0 +1,340 @@ +#!/bin/sh +# Modified version of setup.sh distributed with webmin + +if [ "$wadir" = "" ]; then + echo "ERROR: wadir not specified" + echo "" + exit 1 +fi + +config_dir_runtime=$config_dir +config_dir=$prefix$config_dir + +wadir_runtime=$wadir +wadir=$prefix$wadir + +ver=`cat "$wadir/version"` + +cd "$wadir" + +# Work out perl library path +PERLLIB=$wadir + +# Validate source directory +allmods=`cd "$wadir"; echo */module.info | sed -e 's/\/module.info//g'` +if [ "$allmods" = "" ]; then + echo "ERROR: Failed to get module list" + echo "" + exit 1 +fi +echo "" + +if [ "$login" = "webmin" ]; then + echo "ERROR: Username 'webmin' is reserved for internal use" + echo "" + exit 14 +fi + +# Create webserver config file +echo $perl > $config_dir/perl-path +echo $var_dir > $config_dir/var-path +echo "Creating web server config files.." +cfile=$config_dir/miniserv.conf +echo "port=$port" >> $cfile +echo "root=$wadir_runtime" >> $cfile +echo "mimetypes=$wadir_runtime/mime.types" >> $cfile +echo "addtype_cgi=internal/cgi" >> $cfile +echo "realm=Webmin Server" >> $cfile +echo "logfile=$var_dir/miniserv.log" >> $cfile +echo "errorlog=$var_dir/miniserv.error" >> $cfile +echo "pidfile=$var_dir/miniserv.pid" >> $cfile +echo "logtime=168" >> $cfile +echo "ppath=$ppath" >> $cfile +echo "ssl=$ssl" >> $cfile +echo "env_WEBMIN_CONFIG=$config_dir_runtime" >> $cfile +echo "env_WEBMIN_VAR=$var_dir" >> $cfile +echo "atboot=$atboot" >> $cfile +echo "logout=$config_dir_runtime/logout-flag" >> $cfile +if [ "$listen" != "" ]; then + echo "listen=$listen" >> $cfile +else + echo "listen=10000" >> $cfile +fi +echo "denyfile=\\.pl\$" >> $cfile +echo "log=1" >> $cfile +echo "blockhost_failures=5" >> $cfile +echo "blockhost_time=60" >> $cfile +echo "syslog=1" >> $cfile +if [ "$allow" != "" ]; then + echo "allow=$allow" >> $cfile +fi +if [ "$session" != "" ]; then + echo "session=$session" >> $cfile +else + echo "session=1" >> $cfile +fi +if [ "$pam" != "" ]; then + echo "pam=$pam" >> $cfile +fi +if [ "$no_pam" != "" ]; then + echo "no_pam=$no_pam" >> $cfile +fi +echo premodules=WebminCore >> $cfile +echo "server=MiniServ/$ver" >> $cfile + +md5pass=`$perl -e 'print crypt("test", "\\$1\\$A9wB3O18\\$zaZgqrEmb9VNltWTL454R/") eq "\\$1\\$A9wB3O18\\$zaZgqrEmb9VNltWTL454R/" ? "1\n" : "0\n"'` + +ufile=$config_dir/miniserv.users +if [ "$crypt" != "" ]; then + echo "$login:$crypt:0" > $ufile +else + if [ "$md5pass" = "1" ]; then + $perl -e 'print "$ARGV[0]:",crypt($ARGV[1], "\$1\$XXXXXXXX"),":0\n"' "$login" "$password" > $ufile + else + $perl -e 'print "$ARGV[0]:",crypt($ARGV[1], "XX"),":0\n"' "$login" "$password" > $ufile + fi +fi +chmod 600 $ufile +echo "userfile=$config_dir_runtime/miniserv.users" >> $cfile + +kfile=$config_dir/miniserv.pem +openssl version >/dev/null 2>&1 +if [ "$?" = "0" ]; then + # We can generate a new SSL key for this host + host=`hostname` + openssl req -newkey rsa:512 -x509 -nodes -out $tempdir/cert -keyout $tempdir/key -days 1825 >/dev/null 2>&1 <$kfile + fi + rm -f $tempdir/cert $tempdir/key +fi +if [ ! -r $kfile ]; then + # Fall back to the built-in key + cp "$wadir/miniserv.pem" $kfile +fi +chmod 600 $kfile +echo "keyfile=$config_dir_runtime/miniserv.pem" >> $cfile + +chmod 600 $cfile +echo "..done" +echo "" + +echo "Creating access control file.." +afile=$config_dir/webmin.acl +rm -f $afile +if [ "$defaultmods" = "" ]; then + echo "$login: $allmods" >> $afile +else + echo "$login: $defaultmods" >> $afile +fi +chmod 600 $afile +echo "..done" +echo "" + +if [ "$login" != "root" -a "$login" != "admin" ]; then + # Allow use of RPC by this user + echo rpc=1 >>$config_dir/$login.acl +fi + +if [ "$noperlpath" = "" ]; then + echo "Inserting path to perl into scripts.." + (find "$wadir" -name '*.cgi' -print ; find "$wadir" -name '*.pl' -print) | $perl "$wadir/perlpath.pl" $perl_runtime - + echo "..done" + echo "" +fi + +echo "Creating start and stop scripts.." +rm -f $config_dir/stop $config_dir/start $config_dir/restart $config_dir/reload +echo "#!/bin/sh" >>$config_dir/start +echo "echo Starting Webmin server in $wadir_runtime" >>$config_dir/start +echo "trap '' 1" >>$config_dir/start +echo "LANG=" >>$config_dir/start +echo "export LANG" >>$config_dir/start +echo "#PERLIO=:raw" >>$config_dir/start +echo "unset PERLIO" >>$config_dir/start +echo "export PERLIO" >>$config_dir/start +echo "PERLLIB=$PERLLIB" >>$config_dir/start +echo "export PERLLIB" >>$config_dir/start +uname -a | grep -i 'HP/*UX' >/dev/null +if [ $? = "0" ]; then + echo "exec '$wadir_runtime/miniserv.pl' $config_dir_runtime/miniserv.conf &" >>$config_dir/start +else + echo "exec '$wadir_runtime/miniserv.pl' $config_dir_runtime/miniserv.conf" >>$config_dir/start +fi + +echo "#!/bin/sh" >>$config_dir/stop +echo "echo Stopping Webmin server in $wadir_runtime" >>$config_dir/stop +echo "pidfile=\`grep \"^pidfile=\" $config_dir_runtime/miniserv.conf | sed -e 's/pidfile=//g'\`" >>$config_dir/stop +echo "kill \`cat \$pidfile\`" >>$config_dir/stop + +echo "#!/bin/sh" >>$config_dir/restart +echo "$config_dir_runtime/stop && $config_dir_runtime/start" >>$config_dir/restart + +echo "#!/bin/sh" >>$config_dir/reload +echo "echo Reloading Webmin server in $wadir_runtime" >>$config_dir/reload +echo "pidfile=\`grep \"^pidfile=\" $config_dir_runtime/miniserv.conf | sed -e 's/pidfile=//g'\`" >>$config_dir/reload +echo "kill -USR1 \`cat \$pidfile\`" >>$config_dir/reload + +chmod 755 $config_dir/start $config_dir/stop $config_dir/restart $config_dir/reload +echo "..done" +echo "" + +if [ "$upgrading" = 1 ]; then + echo "Updating config files.." +else + echo "Copying config files.." +fi +newmods=`$perl "$wadir/copyconfig.pl" "$os_type/$real_os_type" "$os_version/$real_os_version" "$wadir" $config_dir "" $allmods` +# Store the OS and version +echo "os_type=$os_type" >> $config_dir/config +echo "os_version=$os_version" >> $config_dir/config +echo "real_os_type=$real_os_type" >> $config_dir/config +echo "real_os_version=$real_os_version" >> $config_dir/config +if [ -r /etc/system.cnf ]; then + # Found a caldera system config file .. get the language + source /etc/system.cnf + if [ "$CONF_LST_LANG" = "us" ]; then + CONF_LST_LANG=en + elif [ "$CONF_LST_LANG" = "uk" ]; then + CONF_LST_LANG=en + fi + grep "lang=$CONF_LST_LANG," "$wadir/lang_list.txt" >/dev/null 2>&1 + if [ "$?" = 0 ]; then + echo "lang=$CONF_LST_LANG" >> $config_dir/config + fi +fi + +# Turn on logging by default +echo "log=1" >> $config_dir/config + +# Use licence module specified by environment variable +if [ "$licence_module" != "" ]; then + echo licence_module=$licence_module >>$config_dir/config +fi + +# Disallow unknown referers by default +echo "referers_none=1" >>$config_dir/config +echo $ver > $config_dir/version +echo "..done" +echo "" + +# Set passwd_ fields in miniserv.conf from global config +for field in passwd_file passwd_uindex passwd_pindex passwd_cindex passwd_mindex; do + grep $field= $config_dir/miniserv.conf >/dev/null + if [ "$?" != "0" ]; then + grep $field= $config_dir/config >> $config_dir/miniserv.conf + fi +done +grep passwd_mode= $config_dir/miniserv.conf >/dev/null +if [ "$?" != "0" ]; then + echo passwd_mode=0 >> $config_dir/miniserv.conf +fi + +# If Perl crypt supports MD5, then make it the default +if [ "$md5pass" = "1" ]; then + echo md5pass=1 >> $config_dir/config +fi + +# Set a special theme if none was set before +if [ "$theme" = "" ]; then + theme=`cat "$wadir/defaulttheme" 2>/dev/null` +fi +oldthemeline=`grep "^theme=" $config_dir/config` +oldtheme=`echo $oldthemeline | sed -e 's/theme=//g'` +if [ "$theme" != "" ] && [ "$oldthemeline" = "" ] && [ -d "$wadir/$theme" ]; then + themelist=$theme +fi + +# Set a special overlay if none was set before +if [ "$overlay" = "" ]; then + overlay=`cat "$wadir/defaultoverlay" 2>/dev/null` +fi +if [ "$overlay" != "" ] && [ "$theme" != "" ] && [ -d "$wadir/$overlay" ]; then + themelist="$themelist $overlay" +fi + +# Apply the theme and maybe overlay +if [ "$themelist" != "" ]; then + echo "theme=$themelist" >> $config_dir/config + echo "preroot=$themelist" >> $config_dir/miniserv.conf +fi + +# Set the product field in the global config +grep product= $config_dir/config >/dev/null +if [ "$?" != "0" ]; then + echo product=webmin >> $config_dir/config +fi + +if [ "$makeboot" = "1" ]; then + echo "Configuring Webmin to start at boot time.." + (cd "$wadir/init" ; WEBMIN_CONFIG=$config_dir WEBMIN_VAR=$var_dir "$wadir/init/atboot.pl" $bootscript) + echo "..done" + echo "" +fi + +# If password delays are not specifically disabled, enable them +grep passdelay= $config_dir/miniserv.conf >/dev/null +if [ "$?" != "0" ]; then + echo passdelay=1 >> $config_dir/miniserv.conf +fi + +echo "Changing ownership and permissions .." +# Make all config dirs non-world-readable +for m in $newmods; do + chown -R root $config_dir/$m + chgrp -R bin $config_dir/$m + chmod -R og-rw $config_dir/$m +done +# Make miniserv config files non-world-readable +for f in miniserv.conf miniserv.pem miniserv.users; do + chown -R root $config_dir/$f + chgrp -R bin $config_dir/$f + chmod -R og-rw $config_dir/$f +done +chmod +r $config_dir/version +if [ "$nochown" = "" ]; then + # Make program directory non-world-writable, but executable + chown -R root "$wadir" + chgrp -R bin "$wadir" + chmod -R og-w "$wadir" + chmod -R a+rx "$wadir" +fi +if [ $var_dir != "/var" ]; then + # Make log directory non-world-readable or writable + chown -R root $prefix$var_dir + chgrp -R bin $prefix$var_dir + chmod -R og-rwx $prefix$var_dir +fi +# Fix up bad permissions from some older installs +for m in ldap-client ldap-server ldap-useradmin mailboxes mysql postgresql servers virtual-server; do + if [ -d "$config_dir/$m" ]; then + chown root $config_dir/$m + chgrp bin $config_dir/$m + chmod og-rw $config_dir/$m + chmod og-rw $config_dir/$m/config 2>/dev/null + fi +done + +if [ "$nopostinstall" = "" ]; then + echo "Running postinstall scripts .." + (cd "$wadir" ; WEBMIN_CONFIG=$config_dir WEBMIN_VAR=$var_dir "$wadir/run-postinstalls.pl") + echo "..done" + echo "" +fi + +# Enable background collection +if [ "$upgrading" != 1 -a -r $config_dir/system-status/enable-collection.pl ]; then + echo "Enabling background status collection .." + $config_dir/system-status/enable-collection.pl 5 + echo "..done" + echo "" +fi + diff --git a/meta-webserver/recipes-webadmin/webmin/webmin_1.700.bb b/meta-webserver/recipes-webadmin/webmin/webmin_1.700.bb new file mode 100644 index 000000000..2a363cbcf --- /dev/null +++ b/meta-webserver/recipes-webadmin/webmin/webmin_1.700.bb @@ -0,0 +1,150 @@ +SUMMARY = "Web-based administration interface" +HOMEPAGE = "http://www.webmin.com" +LICENSE = "BSD" +LIC_FILES_CHKSUM = "file://LICENCE;md5=0373ac9f611e542ddebe1ec6394afc3c" + +SRC_URI = "${SOURCEFORGE_MIRROR}/webadmin/webmin-${PV}.tar.gz \ + file://setup.sh \ + file://init-exclude.patch \ + file://net-generic.patch \ + file://remove-startup-option.patch \ + file://disable-version-check.patch \ + file://nfs-export.patch \ + file://exports-lib.pl.patch \ + file://mount-excludefs.patch \ + file://samba-config-fix.patch \ + file://proftpd-config-fix.patch \ + file://net-lib.pl.patch \ + file://media-tomb.patch \ + file://remove-python2.3.patch \ + " + +SRC_URI[md5sum] = "e5261114a6a6ed10caf570d3239ed5b7" +SRC_URI[sha256sum] = "1a6a8aa62c32c04932b902d17fc1864ee8f3fba03012bd25f709aa65e7e9b0f2" + +inherit perlnative update-rc.d + +do_configure() { + # Remove binaries and plugins for other platforms + rm -rf acl/Authen-SolarisRBAC-0.1* + rm -rf format bsdexports hpuxexports sgiexports + rm -rf zones rbac smf ipfw ipfilter dfsadmin + rm -f mount/freebsd-mounts* mount/netbsd-mounts* + rm -f mount/openbsd-mounts* mount/macos-mounts* + + # Remove some plugins for the moment + rm -rf lilo frox wuftpd telnet pserver cpan shorewall webalizer cfengine fsdump pap + rm -rf majordomo fetchmail sendmail mailboxes procmail filter mailcap dovecot exim spam qmailadmin postfix + rm -rf stunnel squid sarg pptp-client pptp-server jabber openslp sentry cluster-* vgetty burner heartbeat + + # Adjust configs + [ -f init/config-debian-linux ] && mv init/config-debian-linux init/config-generic-linux + sed -i "s/shutdown_command=.*/shutdown_command=poweroff/" init/config-generic-linux + echo "exclude=bootmisc.sh,single,halt,reboot,hostname.sh,modutils.sh,mountall.sh,mountnfs.sh,networking,populate-volatile.sh,rmnologin.sh,save-rtc.sh,umountfs,umountnfs.sh,hwclock.sh,checkroot.sh,banner.sh,udev,udev-cache,devpts.sh,psplash.sh,sendsigs,fbsetup,bootlogd,stop-bootlogd,sysfs.sh,syslog,syslog.busybox,urandom,webmin,functions.initscripts,read-only-rootfs-hook.sh" >> init/config-generic-linux + echo "excludefs=devpts,devtmpfs,usbdevfs,proc,tmpfs,sysfs,debugfs" >> mount/config-generic-linux + + [ -f exports/config-debian-linux ] && mv exports/config-debian-linux exports/config-generic-linux + sed -i "s/killall -HUP rpc.nfsd && //" exports/config-generic-linux + sed -i "s/netstd_nfs/nfsserver/g" exports/config-generic-linux + + # Fix insane naming that causes problems at packaging time (must be done before deleting below) + find . -name "*\**" | while read from + do + to=`echo "$from" | sed "s/*/ALL/"` + mv "$from" "$to" + done + + # Remove some other files we don't need + find . -name "config-*" -a \! -name "config-generic-linux" -a \! -name "config-ALL-linux" -a \! -name "*.pl" -delete + find . -regextype posix-extended -regex ".*/(openserver|aix|osf1|osf|openbsd|netbsd|freebsd|unixware|solaris|macos|irix|hpux|cygwin|windows)-lib\.pl" -delete + rm -f webmin-gentoo-init webmin-caldera-init webmin-debian-pam webmin-pam + + # Don't need these at runtime (and we have our own setup script) + rm -f setup.sh + rm -f setup.pl + + # Use pidof for finding PIDs + sed -i "s/find_pid_command=.*/find_pid_command=pidof NAME/" config-generic-linux +} + +WEBMIN_LOGIN ?= "admin" +WEBMIN_PASSWORD ?= "password" + +do_install() { + install -d ${D}${sysconfdir} + install -d ${D}${sysconfdir}/webmin + install -d ${D}${sysconfdir}/init.d + install -m 0755 webmin-init ${D}${sysconfdir}/init.d/webmin + + install -d ${D}${localstatedir} + install -d ${D}${localstatedir}/webmin + + install -d ${D}${libexecdir}/webmin + cp -pPR ${S}/* ${D}${libexecdir}/webmin + rm -f ${D}${libexecdir}/webmin/webmin-init + rm -rf ${D}${libexecdir}/webmin/patches + + # Run setup script + export perl=perl + export perl_runtime=${bindir}/perl + export prefix=${D} + export tempdir=${S}/install_tmp + export wadir=${libexecdir}/webmin + export config_dir=${sysconfdir}/webmin + export var_dir=${localstatedir}/webmin + export os_type=generic-linux + export os_version=0 + export real_os_type="${DISTRO_NAME}" + export real_os_version="${DISTRO_VERSION}" + export port=10000 + export login=${WEBMIN_LOGIN} + export password=${WEBMIN_PASSWORD} + export ssl=0 + export atboot=1 + export no_pam=1 + mkdir -p $tempdir + ${S}/../setup.sh +} + +INITSCRIPT_NAME = "webmin" +INITSCRIPT_PARAMS = "start 99 5 3 2 . stop 10 0 1 6 ." + +# FIXME: some of this should be figured out automatically +RDEPENDS_${PN} += "perl perl-module-socket perl-module-exporter perl-module-exporter-heavy perl-module-carp perl-module-strict" +RDEPENDS_${PN} += "perl-module-warnings perl-module-xsloader perl-module-posix perl-module-autoloader" +RDEPENDS_${PN} += "perl-module-fcntl perl-module-tie-hash perl-module-vars perl-module-time-local perl-module-config perl-module-constant" +RDEPENDS_${PN} += "perl-module-file-glob perl-module-file-copy perl-module-sdbm perl-module-sdbm-file perl-module-feature" + +PACKAGES_DYNAMIC += "webmin-module-* webmin-theme-*" +RRECOMMENDS_${PN} += "webmin-module-system-status" + +PACKAGES += "${PN}-module-proc ${PN}-module-raid ${PN}-module-exports ${PN}-module-fdisk ${PN}-module-lvm" +RDEPENDS_${PN}-module-proc = "procps" +RDEPENDS_${PN}-module-raid = "mdadm" +RDEPENDS_${PN}-module-exports = "perl-module-file-basename perl-module-file-path perl-module-cwd perl-module-file-spec perl-module-file-spec-unix" +RRECOMMENDS_${PN}-module-fdisk = "parted" +RRECOMMENDS_${PN}-module-lvm = "lvm2" + +python populate_packages_prepend() { + import os, os.path + + wadir = bb.data.expand('${libexecdir}/webmin', d) + wadir_image = bb.data.expand('${D}', d) + wadir + modules = [] + themes = [] + for mod in os.listdir(wadir_image): + modinfo = os.path.join(wadir_image, mod, "module.info") + themeinfo = os.path.join(wadir_image, mod, "theme.info") + if os.path.exists(modinfo): + modules.append(mod) + elif os.path.exists(themeinfo): + themes.append(mod) + + do_split_packages(d, wadir, '^(%s)$' % "|".join(modules), 'webmin-module-%s', 'Webmin module for %s', allow_dirs=True, prepend=True) + do_split_packages(d, wadir, '^(%s)$' % "|".join(themes), 'webmin-theme-%s', 'Webmin theme for %s', allow_dirs=True, prepend=True) +} + +# Time-savers +package_do_pkgconfig() { + : +} -- cgit v1.2.3-54-g00ecf