- remove obsolete modules
- replace mod_compress directives with mod_deflate
- do not enable debug.log-request-handling by default
(should not be enabled *by default* on any production system,
especially not an embedded system)
- update TLS syntax for modern recommended use
(separate files for certificate+chain, and private key)
- remove incorrect comment about server.event-handler
lighttpd defaults correctly to use kqueue on *BSD systems
- remove ancient config which disables range requests for PDF
(cargo-culted config from ~15 years ago to address problem
in then-popular PDF client)
- use recommend config file include syntax
(more efficient and more deterministic include file ordering)
(From OE-Core rev: b52a12e66d2f9ed0751b63cea01e96890da15998)
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
lighttpd 1.4.70 omits building separate (unused) modules for:
mod_access mod_alias mod_evhost mod_expire mod_fastcgi mod_indexfile
mod_redirect mod_rewrite mod_scgi mod_setenv mod_simple_vhost mod_staticfile
https://www.lighttpd.net/2023/5/10/1.4.70/
Therefore, the lighttpd-module-indexfile, lighttpd-module-staticfile and
lighttpd-module-access no longer exist and must be removed from
RDEPENDS and RRECOMMENDS.
lighttpd 1.4.71 split out the http/2 support into optional separate
module (mod_h2). By default the mod_h2 is not enabled.
https://www.lighttpd.net/2023/5/27/1.4.71/
(From OE-Core rev: ae40fb21a0f85ce02fc137c6e3cce2a90778d75f)
Signed-off-by: Petr Gotthard <petr.gotthard@advantech.cz>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Backport the fix from upstream to fix this CVE.
(From OE-Core rev: 59f69125fb00dc8fd335f32fe6898e7a480141e4)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
0001-mod_extforward-fix-out-of-bounds-OOB-write-fixes-313.patch
removed since it's included in 1.4.64.
with_gdbm, with_memcached
removed since they're not applicable in 1.4.64.
Changelog:
=========
Important changes
remove deprecated modules, bugfixes, CVE-2022-22707 (rare configs)
Behavior Changes
(previously announced and scheduled)
-graceful restart/shutdown timeout changed from 0 (disabled) to 8 seconds
configure an alternative with:
server.feature-flags += ("server.graceful-shutdown-timeout" => 8)
build: lighttpd defaults to -with-pcre2 instead of -with-pcre
pcre2 is current. pcre is no longer maintained.
Explicitly specify -with-pcre in build to use pcre instead of pcre2.
-deprecated modules (previously announced) have been removed
mod_authn_mysql
mod_mysql_vhost
mod_cml
mod_flv_streaming
mod_geoip
mod_trigger_b4_dl
https://wiki.lighttpd.net/Docs_ConfigurationOptions#Deprecated
suggests migration steps for replacements, if needed
Changes from 1.4.63
[core] fix trace issued for loading mod_auth (fixes#3121)
[meson] need -lrt with glibc < 2.17 (fixes#3120)
[core] adjust time jump detection (fixes#3123)
[core] make setrlimit() warn, not fatal
[core] add remote IP to some error msgs (fixes#3122)
[mod_webdav] If-None-Match on non-existent entity
[build] check getxattr before attr_get and -lattr
[doc] SELinux: setsebool -P httpd_setrlimit on
[build] create sha512sum file with release
[build] CI builds now use make -j 2
[core] http_response_send_file() takes const path
[core] use ETag response header to check cachable
[core] add more const to stat_cache_update_entry()
[multiple] remove r->physical.etag
[mod_magnet] interface to http_response_send_file
[build] add headers for sendfile() detect on MacOS
[core] http_response_write_prepare optimization
[core] define static_assert for uClibc (fixes#3127)
[build] -Wno-implicit-fallthrough for ls-hpack
[core] ignore pcre2 "bad JIT option" warning
[build] pcre2: use pkg-config before pcre2-config
[core] http_response_has_error_handler()
[core] consolidate request restart loop check
[core] defer retrieving Last-Modified until needed
[mod_dirlisting] fix logic inversion in cache
[core] mark expect cond in http_response_send_file
[core] connection_handle_read_state() tweak
[core] connection_state_machine_loop() tweaks
[core] connection_state_machine_h2() tweaks
[core] quiet coverity noise
[core] use lower limit for max-fds if !setrlimit
[build] do not check for prctl; HAVE_PRCTL unused
[core] server.core-files support on FreeBSD (fixes#3128)
[mod_extforward] support longer PROXY v2 TLV vec
[mod_webdav] detect truncated copy_file_range()
[mod_webdav] copy_file_range() new in FreeBSD 13
[mod_webdav] copy_file_range() new in FreeBSD 13
[build] feature consistency between build types
[build] cmake build now defaults to C11
[core] CCRandomGenerateBytes() for rand on macOS (fixes#3129)
[multiple] remove long-deprecated modules
[build] default -with-pcre2 unless -with-pcre
[core] "server.graceful-shutdown-timeout" => 8
[build] adjust trace for regex-conditionals
[build] update tests/SConscript
[core] errno_t detection on Illumos
[build] cmake build now defaults to C11
[build] meson: find pcre2 w/o pkg-config
[core] define EXTENSIONS on Illumos
[build] cmake,meson socket libs for win32, Illumos (fixes#3130)
[core] hide bsd_accept_filter code on OpenBSD (fixes#3131)
[core] errno_t and rsize_t detection on Illumos
[mod_webdav] copy acceleration
[mod_webdav] define HAVE_RENAMEAT2 earlier
[build] meson misdetects mempcpy on some platforms
[build] cmake: skip "-Wl,-export-dynamic" Illumos
[build] adjust .gitignore for macOS
[build] meson crypt and dl detection on *BSD (fixes#3133)
[core] /dev/null is a symlink on Illumos (fixes#3132)
[core] server.core-files support for solaris (fixes#3135)
[build] feature consistency between build types
[build] Haiku build fix (fixes#3136)
[lemon] silence coverity warnings
[cmake] raise minimum version to 3.7
[cmake] add address/undefined sanitize compile options
[asan tests] fix memory leaks
[array] use speaking names for array "fn" vtables for better debugging experience
[ci] add cmake-asan build type
[core] buffer_copy_string() use "" if s is NULL
[mod_authn_gssapi] code reuse: fdevent_mkostemp()
[mod_authn_gssapi] reduce KRB5CCNAME mem alloc
[build] adjust help strings for pcre2 default
[core] (const char *) for srvconf.modules_dir
[multiple] remove buffer_init_string()
[multiple] remove buffer_init_buffer()
[mod_extforward] fix out-of-bounds (OOB) write (fixes#3134)
[build] use -fstack-protector-strong w/ extra warn
[build] collect Sun-specific headers and funcs
[build] collect Sun-specific headers and funcs
[build] rm redundant check for -lnetwork on Haiku
[build] check headers before some funcs
[core] allow LISTEN_PID to be ppid if TRACEME (fixes#3137)
[core] allow tests/tmp/bind.conf override (#3137)
[mod_webdav] no sys/ioctl.h on _WIN32
[tests] _WIN32 adjustments in LightyTest.pm
[tests] revert _WIN32 adjustments in LightyTest.pm
[mod_gnutls] lift size check out of DN loop
[mod_mbedtls] lift size check out of DN loop
[mbedtls] save (mbedtls_ssl_config *) in hctx
[multiple] permit UTF-8 in SSL_CLIENT_S_DN_*
[mod_openssl] do not esc UTF-8 in cert subject
[mod_mbedtls] reconstruct SSL_CLIENT_S_DN
[mod_mbedtls] changes to build with mbedtls 3.0.0
[mod_mbedtls] remove use of out_left in mbedtls 3
[mod_mbedtls] mbedtls_ssl_conf_groups for 3.1.0
(From OE-Core rev: 478f5f30bf783fae513dbe6e8be9af9f6ec8a6a8)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Backport the fix for CVE-2022-22707, a buffer overflow in mod_extforward.
(From OE-Core rev: 7758596613cc442f647fd4625b36532f30e6129f)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Repo-wide replacement to use newer variable to represent systemd
system unitdir directory.
(From OE-Core rev: 5ace3ada5c54500c71becc8e0c6eddeb8bc053e3)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
virtual/crypt is a hard dependency in meson builds.
ipv6 support is determined automatically.
The rest of the options are converted where available;
not every autoconf option exists in meson.
Modules are now packaged in /usr/lib/lighttpd, so adjust packaging accordingly.
(From OE-Core rev: a0a34524016050a78cb49d6657fcca5a2261d7fe)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is the result of automated script conversion:
scripts/contrib/convert-overrides.py <oe-core directory>
converting the metadata to use ":" as the override character instead of "_".
(From OE-Core rev: 42344347be29f0997cc2f7636d9603b1fe1875ae)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Added HOMEPAGE and DESCRIPTION for recipes with missing decriptions or homepage
[YOCTO #13471]
(From OE-Core rev: cc6c7af900ae0196a62b7fa1375c55bbcd8e68b4)
Signed-off-by: Dorinda Bassey <dorindabassey@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
lighttpd builds fail if "fam" (and therefore gamin) is enabled.
In conf/local.conf:
CORE_IMAGE_EXTRA_INSTALL += "lighttpd"
PACKAGECONFIG_append_pn-lighttpd = " fam"
bitbake error:
ERROR: Nothing PROVIDES 'gamin' (but /yow-lpggp31/tgamblin/oe-core.git/meta/recipes-extended/lighttpd/lighttpd_1.4.54.bb DEPENDS on or otherwise requires it)
NOTE: Runtime target 'lighttpd' is unbuildable, removing...
Missing or unbuildable dependency chain was: ['lighttpd', 'gamin']
ERROR: Required build target 'core-image-minimal' has no buildable providers.
Missing or unbuildable dependency chain was: ['core-image-minimal', 'lighttpd', 'gamin']
Since gamin hasn't been maintained for several years, this should
be removed from the list of lighttpd PACKAGECONFIG options.
--without-fam is hard-coded in EXTRA_OECONF for good measure.
(From OE-Core rev: ea714fff3869ef19cf1dc94bdffbca2c69658954)
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When building lighttpd with PACKAGECONFIG_append_pn-lighttpd = "lua" in local.conf,
bitbake gives the following error:
ERROR: Nothing PROVIDES 'lua5.1' (but /home/tgamblin/build/oe-core/meta/recipes-extended/lighttpd/lighttpd_1.4.54.bb DEPENDS on or otherwise requires it)
NOTE: Runtime target 'lighttpd' is unbuildable, removing...
Missing or unbuildable dependency chain was: ['lighttpd', 'lua5.1']
Removing the "5.1" from the PACKAGECONFIG line in lighttpd_1.4.54.bb fixes the issue.
(From OE-Core rev: 5ee9be17407ae0c23dc056c98b4a6818d2a845d6)
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We shipped an old version that was missing several fixes.
A minor incompatibility is that this moves
/etc/lighttpd.conf -> /etc/lighttpd/lighttpd.conf
(From OE-Core rev: bd46eeee09e99ae4646a92f5bf5bc3c619e63cde)
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fix handling of escape characters in regexs and hence fix python
Deprecation warnings which will be problematic in python 3.8.
Note that some show up as:
"""
meta/classes/package.bbclass:1293: DeprecationWarning: invalid escape sequence \.
"""
where the problem isn't on 1293 in package.bbclass but in some _prepend to a
package.bbclass function in a different file like mesa.inc, often from
do_package_split() calls.
(From OE-Core rev: 4b1c0c7d5525fc4cea9e0f02ec54e92a6fbc6199)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The largefile distro feature has been enabled by default in oe-core
for a long time and, more recently, also in poky-tiny. Building
without the largefile distro feature receives little or no testing.
Many packages now enable LFS without exposing a configure option, so
there should be very little expectation that disabling the distro
feature will result in a distro which globally disables LFS.
Respecting the distro feature adds a maintenance over-head and may be
the source of configurations oddities (e.g. dbus-native currently
builds with LFS disabled for no clear reason - fixed by this commit).
Ignore the largefile distro feature more widely, as a first step
towards deprecating and eventually removing it.
(From OE-Core rev: a75ccaea77c8aad8d46e87e8ed4af2e2e0ad5327)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
lighttpd no longer builds modules for which dependencies are not present,
so some previously available modules are no more.
(From OE-Core rev: 1008d711b57d82313e53f767fd6fae93e10418ea)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add PACKAGECONFIG for ipv6 and control it based
on DISTRO_FEATURES.
(From OE-Core rev: d7b2afd41d650e30a4a1fc453cae3ab060a7da57)
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
lighttpd fails to load when mod_cgi is enabled at run time, with the
message "dlopen() failed for: /usr/lib/mod_cgi.so /usr/lib/mod_cgi.so:
undefined symbol: chunkqueue_written".
This is caused by a patch intended to prevent memory exhaustion by
naively streaming CGIs, aimed at upstream issue
http://redmine.lighttpd.net/issues/1264 . The patch uses internal API
functions from older versions of lighttpd which don't exist in this
version. Remove the patch, pending a better fix.
[ YOCTO #9289 ]
(From OE-Core rev: 880a346bf1bc4aa6c8569c6319c141433e13e1dd)
Signed-off-by: Nick Leverton <nick@leverton.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
