openclaw/tqma6-yocto-mirror
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Complete Yocto mirror with license table for TQMa6UL (2038-compliance)

Browse Source 
- 264 license table entries with exact download URLs (224/264 resolved)
- Complete sources/ directory with all BitBake recipes
- Build configuration: tqma6ul-multi-mba6ulx, spaetzle (musl)
- Full traceability for Softwarefreigabeantrag
- GCC 13.4.0, Linux 6.6.102, U-Boot 2023.04, musl 1.2.4
- License distribution: GPL-2.0 (24), MIT (23), GPL-2.0+ (18), BSD-3 (16)
This commit is contained in:
Siggi (OpenClaw Agent)
2026-03-01 20:58:18 +00:00
commit 16accb6b24
15086 changed files with 1292356 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
sources/meta-openembedded/meta-webserver/recipes-httpd/apache-mod/apache-websocket_git.bb Normal file
View File

@@ -0,0 +1,32 @@
SUMMARY = "Websocket module for Apache web server"
DESCRIPTION = "Process requests using the WebSocket protocol (RFC 6455)"
HOMEPAGE = "https://github.com/jchampio/apache-websocket/"
SECTION = "net"
LICENSE = "Apache-2.0"
inherit autotools-brokensep pkgconfig
DEPENDS = "apache2 apache2-native pbzip2-native"
RDEPENDS:${PN} += "apache2"
# Original (github.com/disconnect/apache-websocket) is dead since 2012, the
# fork contains patches from the modules ML and fixes CVE compliance issues
SRC_URI = "git://github.com/jchampio/apache-websocket.git;branch=master;protocol=https"
SRCREV = "0ee34c77fc78ff08fd548706300b80a7bc7874e4"
PV = "0.1.2+git"
S = "${WORKDIR}/git"
LIC_FILES_CHKSUM = "file://LICENSE;md5=2ee41112a44fe7014dce33e26468ba93"
EXTRA_OECONF = "APACHECTL=${STAGING_DIR_TARGET}${sbindir}/apachectl"
do_install() {
install -d ${D}${libexecdir}/apache2/modules
install -m 755 ${B}/.libs/mod_websocket.so ${D}${libexecdir}/apache2/modules
}
FILES:${PN} += " ${libexecdir}/apache2/modules/* "
FILES:${PN}-dbg += " ${libexecdir}/apache2/modules/.debug/* "

20
sources/meta-openembedded/meta-webserver/recipes-httpd/apache-mod/mod-dnssd_0.6.bb Normal file
View File

@@ -0,0 +1,20 @@
DESCRIPTION = "Avahi Module for Apache2."
HOMEPAGE = "https://0pointer.de/lennart/projects/mod_dnssd/"
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
DEPENDS = "apache2 avahi"
SRC_URI = "git://git.0pointer.de/mod_dnssd;protocol=git;branch=master"
SRCREV = "be2fb9f6158f800685de7a1bc01c39b6cf1fa12c"
S = "${WORKDIR}/git"
EXTRA_OECONF = "--disable-lynx"
inherit autotools pkgconfig
do_install() {
install -Dm755 ${S}/src/.libs/mod_dnssd.so ${D}${libexecdir}/apache2/modules/mod_dnssd.so
}

52
sources/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0001-configure-use-pkg-config-for-PCRE-detection.patch Normal file
View File

@@ -0,0 +1,52 @@
From ba9015386cbc044e111d7c266f13e2be045e4bf1 Mon Sep 17 00:00:00 2001
From: Koen Kooi <koen.kooi@linaro.org>
Date: Tue, 17 Jun 2014 09:10:57 +0200
Subject: [PATCH] configure: use pkg-config for PCRE detection
Upstream-Status: Inappropriate [embedded specific]
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
---
configure.in | 26 +++++---------------------
1 file changed, 5 insertions(+), 21 deletions(-)
diff --git a/configure.in b/configure.in
index 38c1d0a..c799aec 100644
--- a/configure.in
+++ b/configure.in
@@ -221,27 +221,11 @@ else if which $with_pcre 2>/dev/null; then :; else
fi
fi
-AC_CHECK_TARGET_TOOLS(PCRE_CONFIG, [pcre2-config pcre-config],
- [`which $with_pcre 2>/dev/null`], $with_pcre)
-
-if test "x$PCRE_CONFIG" != "x"; then
- if $PCRE_CONFIG --version >/dev/null 2>&1; then :; else
- AC_MSG_ERROR([Did not find working script at $PCRE_CONFIG])
- fi
- case `$PCRE_CONFIG --version` in
- [1[0-9].*])
- AC_DEFINE(HAVE_PCRE2, 1, [Detected PCRE2])
- ;;
- [[1-5].*])
- AC_MSG_ERROR([Need at least pcre version 6.0])
- ;;
- esac
- AC_MSG_NOTICE([Using external PCRE library from $PCRE_CONFIG])
- APR_ADDTO(PCRE_INCLUDES, [`$PCRE_CONFIG --cflags`])
- APR_ADDTO(PCRE_LIBS, [`$PCRE_CONFIG --libs8 2>/dev/null || $PCRE_CONFIG --libs`])
-else
- AC_MSG_ERROR([pcre(2)-config for libpcre not found. PCRE is required and available from http://pcre.org/])
-fi
+PKG_CHECK_MODULES([PCRE], [libpcre], [
+ AC_DEFINE([HAVE_PCRE], [1], [Define if you have PCRE library])
+], [
+ AC_MSG_ERROR([$PCRE_PKG_ERRORS])
+])
APACHE_SUBST(PCRE_LIBS)
AC_MSG_NOTICE([])
--
2.25.1

32
sources/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0001-make_exports.awk-not-expose-the-path.patch Normal file
View File

@@ -0,0 +1,32 @@
From 5b5eae9cdf3bae91756c717349f2f33a31888f24 Mon Sep 17 00:00:00 2001
From: Mingli Yu <mingli.yu@windriver.com>
Date: Wed, 3 Aug 2022 12:35:16 +0800
Subject: [PATCH] make_exports.awk: not expose the path
Don't print the full path in the comment line.
Upstream-Status: Inappropriate [oe specific]
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
---
build/make_exports.awk | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/build/make_exports.awk b/build/make_exports.awk
index 1cf0568..44d93c5 100644
--- a/build/make_exports.awk
+++ b/build/make_exports.awk
@@ -47,7 +47,9 @@ function push(line) {
function do_output() {
printf("/*\n")
- printf(" * %s\n", FILENAME)
+ file = FILENAME
+ sub("([^/]*[/])*", "", file)
+ printf(" * %s\n", file)
printf(" */\n")
for (i = 0; i < stackptr; i++) {
--
2.25.1

50
sources/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0002-apache2-bump-up-the-core-size-limit-if-CoreDumpDirec.patch Normal file
View File

@@ -0,0 +1,50 @@
From 5074ab3425e5f1e01fd9cfa2d9b7300ea1b3f38f Mon Sep 17 00:00:00 2001
From: Paul Eggleton <paul.eggleton@linux.intel.com>
Date: Tue, 17 Jul 2012 11:27:39 +0100
Subject: [PATCH] apache2: bump up the core size limit if CoreDumpDirectory is
configured
Bump up the core size limit if CoreDumpDirectory is
configured.
Upstream-Status: Pending
Note: upstreaming was discussed but there are competing desires;
there are portability oddities here too.
---
server/core.c | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/server/core.c b/server/core.c
index 090e397..3020090 100644
--- a/server/core.c
+++ b/server/core.c
@@ -5107,6 +5107,25 @@ static int core_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *pte
}
apr_pool_cleanup_register(pconf, NULL, ap_mpm_end_gen_helper,
apr_pool_cleanup_null);
+
+#ifdef RLIMIT_CORE
+ if (ap_coredumpdir_configured) {
+ struct rlimit lim;
+
+ if (getrlimit(RLIMIT_CORE, &lim) == 0 && lim.rlim_cur == 0) {
+ lim.rlim_cur = lim.rlim_max;
+ if (setrlimit(RLIMIT_CORE, &lim) == 0) {
+ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
+ "core dump file size limit raised to %lu bytes",
+ lim.rlim_cur);
+ } else {
+ ap_log_error(APLOG_MARK, APLOG_NOTICE, errno, NULL,
+ "core dump file size is zero, setrlimit failed");
+ }
+ }
+ }
+#endif
+
return OK;
}
--
2.25.1

33
sources/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0003-apache2-do-not-export-apr-apr-util-symbols-when-usin.patch Normal file
View File

@@ -0,0 +1,33 @@
From 9c03ed909b8da0e1a288f53fda535a3f15bcf791 Mon Sep 17 00:00:00 2001
From: Paul Eggleton <paul.eggleton@linux.intel.com>
Date: Tue, 17 Jul 2012 11:27:39 +0100
Subject: [PATCH] apache2: do not export apr/apr-util symbols when using shared
libapr
There is no need to "suck in" the apr/apr-util symbols when using
a shared libapr{,util}, it just bloats the symbol table; so don't.
Upstream-Status: Pending
Note: EXPORT_DIRS change is conditional on using shared apr
---
server/Makefile.in | 3 ---
1 file changed, 3 deletions(-)
diff --git a/server/Makefile.in b/server/Makefile.in
index 8111877..8c0c396 100644
--- a/server/Makefile.in
+++ b/server/Makefile.in
@@ -60,9 +60,6 @@ export_files:
ls $$dir/*.h ; \
done; \
echo "$(top_srcdir)/server/mpm_fdqueue.h"; \
- for dir in $(EXPORT_DIRS_APR); do \
- ls $$dir/ap[ru].h $$dir/ap[ru]_*.h 2>/dev/null; \
- done; \
) | sed -e s,//,/,g | sort -u > $@
exports.c: export_files
--
2.25.1

77
sources/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0004-apache2-log-the-SELinux-context-at-startup.patch Normal file
View File

@@ -0,0 +1,77 @@
From e47cc405eadcbe37a579c375e824e20a5c53bfad Mon Sep 17 00:00:00 2001
From: Paul Eggleton <paul.eggleton@linux.intel.com>
Date: Tue, 17 Jul 2012 11:27:39 +0100
Subject: [PATCH] Log the SELinux context at startup.
Log the SELinux context at startup.
Upstream-Status: Inappropriate [other]
Note: unlikely to be any interest in this upstream
---
configure.in | 5 +++++
server/core.c | 26 ++++++++++++++++++++++++++
2 files changed, 31 insertions(+)
diff --git a/configure.in b/configure.in
index 352711a..f58620f 100644
--- a/configure.in
+++ b/configure.in
@@ -514,6 +514,11 @@ gettid
dnl confirm that a void pointer is large enough to store a long integer
APACHE_CHECK_VOID_PTR_LEN
+AC_CHECK_LIB(selinux, is_selinux_enabled, [
+ AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported])
+ APR_ADDTO(AP_LIBS, [-lselinux])
+])
+
if test $ac_cv_func_gettid = no; then
# On Linux before glibc 2.30, gettid() is only usable via syscall()
AC_CACHE_CHECK([for gettid() via syscall], ap_cv_gettid,
diff --git a/server/core.c b/server/core.c
index 30b317e..81f145f 100644
--- a/server/core.c
+++ b/server/core.c
@@ -65,6 +65,10 @@
#include <unistd.h>
#endif
+#ifdef HAVE_SELINUX
+#include <selinux/selinux.h>
+#endif
+
/* LimitRequestBody handling */
#define AP_LIMIT_REQ_BODY_UNSET ((apr_off_t) -1)
#define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 1<<30) /* 1GB */
@@ -5139,6 +5143,28 @@ static int core_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *pte
}
#endif
+#ifdef HAVE_SELINUX
+ {
+ static int already_warned = 0;
+ int is_enabled = is_selinux_enabled() > 0;
+
+ if (is_enabled && !already_warned) {
+ security_context_t con;
+
+ if (getcon(&con) == 0) {
+
+ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
+ "SELinux policy enabled; "
+ "httpd running as context %s", con);
+
+ already_warned = 1;
+
+ freecon(con);
+ }
+ }
+ }
+#endif
+
return OK;
}
--
2.40.0

52
sources/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0005-replace-lynx-to-curl-in-apachectl-script.patch Normal file
View File

@@ -0,0 +1,52 @@
From e59aab44a28c654e518080693d573ca472ca5a08 Mon Sep 17 00:00:00 2001
From: Yulong Pei <Yulong.pei@windriver.com>
Date: Thu, 1 Sep 2011 01:03:14 +0800
Subject: [PATCH] replace lynx to curl in apachectl script
Upstream-Status: Inappropriate [configuration]
Signed-off-by: Yulong Pei <Yulong.pei@windriver.com>
---
support/apachectl.in | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/support/apachectl.in b/support/apachectl.in
index 3281c2e..6ab4ba5 100644
--- a/support/apachectl.in
+++ b/support/apachectl.in
@@ -52,11 +52,11 @@ fi
# a command that outputs a formatted text version of the HTML at the
# url given on the command line. Designed for lynx, however other
# programs may work.
-LYNX="@LYNX_PATH@ -dump"
+CURL="/usr/bin/curl"
#
# the URL to your server's mod_status status page. If you do not
# have one, then status and fullstatus will not work.
-STATUSURL="http://localhost:@PORT@/server-status"
+STATUSURL="http://localhost:@PORT@/"
#
# Set this variable to a command that increases the maximum
# number of file descriptors allowed per child process. This is
@@ -92,10 +92,16 @@ configtest)
ERROR=$?
;;
status)
- $LYNX $STATUSURL | awk ' /process$/ { print; exit } { print } '
+ $CURL -s $STATUSURL | grep -o "It works!"
+ if [ $? != 0 ] ; then
+ echo The httpd server does not work!
+ fi
;;
fullstatus)
- $LYNX $STATUSURL
+ $CURL -s $STATUSURL | grep -o "It works!"
+ if [ $? != 0 ] ; then
+ echo The httpd server does not work!
+ fi
;;
*)
$HTTPD "$@"
--
2.25.1

35
sources/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0006-apache2-fix-the-race-issue-of-parallel-installation.patch Normal file
View File

@@ -0,0 +1,35 @@
From fb09f1fe4525058b16b3d4edb2e3ae693154026e Mon Sep 17 00:00:00 2001
From: Zhenhua Luo <zhenhua.luo@freescale.com>
Date: Fri, 25 Jan 2013 18:10:50 +0800
Subject: [PATCH] apache2: fix the race issue of parallel installation
Upstream-Status: Pending
fix following race issue when do parallel install
| mkdir: cannot create directory `/home/mypc/workspace/poky/build_p4080ds_release/tmp/work/ppce500mc-fsl_networking-linux/apache2/2.4.3-r1/image/usr/share/apache2': File exists
...
| mkdir: cannot create directory `/home/mypc/workspace/poky/build_p4080ds_release/tmp/work/ppce500mc-fsl_networking-linux/apache2/2.4.3-r1/image/usr/share/apache2': File exists
| make[1]: *** [install-man] Error 1
| make[1]: *** Waiting for unfinished jobs....
Signed-off-by: Zhenhua Luo <zhenhua.luo@freescale.com>
---
build/mkdir.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/build/mkdir.sh b/build/mkdir.sh
index e2d5bb6..dde5ae0 100755
--- a/build/mkdir.sh
+++ b/build/mkdir.sh
@@ -39,7 +39,7 @@ for file in ${1+"$@"} ; do
esac
if test ! -d "$pathcomp"; then
echo "mkdir $pathcomp" 1>&2
- mkdir "$pathcomp" || errstatus=$?
+ mkdir -p "$pathcomp" || errstatus=$?
fi
pathcomp="$pathcomp/"
done
--
2.25.1

40
sources/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0007-apache2-allow-to-disable-selinux-support.patch Normal file
View File

@@ -0,0 +1,40 @@
From 0686564f64130f230870db8b4846973e3edbd646 Mon Sep 17 00:00:00 2001
From: Wenzong Fan <wenzong.fan@windriver.com>
Date: Mon, 1 Dec 2014 02:08:27 -0500
Subject: [PATCH] apache2: allow to disable selinux support
Upstream-Status: Pending
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
configure.in | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/configure.in b/configure.in
index f58620f..b5971b7 100644
--- a/configure.in
+++ b/configure.in
@@ -514,10 +514,16 @@ gettid
dnl confirm that a void pointer is large enough to store a long integer
APACHE_CHECK_VOID_PTR_LEN
-AC_CHECK_LIB(selinux, is_selinux_enabled, [
- AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported])
- APR_ADDTO(AP_LIBS, [-lselinux])
-])
+# SELinux support
+AC_ARG_ENABLE(selinux,APACHE_HELP_STRING(--enable-selinux,Enable SELinux support [default=auto]),
+ [],[enable_selinux=auto])
+
+if test x$enable_selinux != xno; then
+ AC_CHECK_LIB(selinux, is_selinux_enabled, [
+ AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported])
+ APR_ADDTO(AP_LIBS, [-lselinux])
+ ])
+fi
if test $ac_cv_func_gettid = no; then
# On Linux before glibc 2.30, gettid() is only usable via syscall()
--
2.40.0

36
sources/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0008-Fix-perl-install-directory-to-usr-bin.patch Normal file
View File

@@ -0,0 +1,36 @@
From 443d15b91d4e4979d92405610303797663f31102 Mon Sep 17 00:00:00 2001
From: echo <fei.geng@windriver.com>
Date: Tue, 28 Apr 2009 03:11:06 +0000
Subject: [PATCH] Fix perl install directory to /usr/bin
Upstream-Status: Inappropriate [configuration]
Add back this patch. Without this patch, apxs's shebang will use
perl under hosttools, which can be too long for shebang, and cause
error:
bad interpreter: No such file or directory
Signed-off-by: Changqing Li <changqing.li@windriver.com>
---
configure.in | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/configure.in b/configure.in
index 4df3ff3..4eeb609 100644
--- a/configure.in
+++ b/configure.in
@@ -903,10 +903,7 @@ AC_DEFINE_UNQUOTED(SERVER_CONFIG_FILE, "${rel_sysconfdir}/${progname}.conf",
AC_DEFINE_UNQUOTED(AP_TYPES_CONFIG_FILE, "${rel_sysconfdir}/mime.types",
[Location of the MIME types config file, relative to the Apache root directory])
-perlbin=`$ac_aux_dir/PrintPath perl`
-if test "x$perlbin" = "x"; then
- perlbin="/replace/with/path/to/perl/interpreter"
-fi
+perlbin='/usr/bin/perl'
AC_SUBST(perlbin)
dnl If we are running on BSD/OS, we need to use the BSD .include syntax.
--
2.25.1

49
sources/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0009-support-apxs.in-force-destdir-to-be-empty-string.patch Normal file
View File

@@ -0,0 +1,49 @@
From 43a4ad04e0d8771267a73f98b5918bcd10b167ec Mon Sep 17 00:00:00 2001
From: Trevor Gamblin <trevor.gamblin@windriver.com>
Date: Fri, 17 Apr 2020 06:31:35 -0700
Subject: [PATCH] support/apxs.in: force destdir to be empty string
If destdir is assigned to anything other than the empty string, the
search path for apache2 config files is appended to itself, and
related packages like apache-websocket will be unable to locate them:
| cannot open
/ala-lpggp31/tgamblin/yocto/poky.git/build/tmp/work/core2-64-poky-linux/apache-websocket/0.1.1+gitAUTOINC+6968083264-r0/recipe-sysroot/ala-lpggp31/tgamblin/yocto/poky.git/build/tmp/work/core2-64-poky-linux/apache-websocket/0.1.1+gitAUTOINC+6968083264-r0/recipe-sysroot//usr/share/apache2/build/config_vars.mk:
No such file or directory at
/ala-lpggp31/tgamblin/yocto/poky.git/build/tmp/work/core2-64-poky-linux/apache-websocket/0.1.1+gitAUTOINC+6968083264-r0/recipe-sysroot/usr/bin/crossscripts/apxs
line 213.
Ensure that it is always the empty string so that apache-websocket
is able to find the required config files.
Upstream-Status: Inappropriate (embedded-specific)
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
---
support/apxs.in | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/support/apxs.in b/support/apxs.in
index b2705fa..781f2ab 100644
--- a/support/apxs.in
+++ b/support/apxs.in
@@ -28,10 +28,12 @@ package apxs;
# is the empty string.
my $destdir = "";
-my $ddi = rindex($0, "@exp_bindir@");
-if ($ddi >= 0) {
- $destdir = substr($0, 0, $ddi);
-}
+# Comment out assignment of destdir so that it doesn't affect bitbake
+# cross-compilation setup
+#my $ddi = rindex($0, "@exp_bindir@");
+#if ($ddi >= 0) {
+# $destdir = substr($0, 0, $ddi);
+#}
my %config_vars = ();
--
2.25.1

26
sources/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0010-apache2-do-not-use-relative-path-for-gen_test_char.patch Normal file
View File

@@ -0,0 +1,26 @@
From d9993cbc33565c0acd29b0127d651dafa2a16975 Mon Sep 17 00:00:00 2001
From: Paul Eggleton <paul.eggleton@linux.intel.com>
Date: Tue, 17 Jul 2012 11:27:39 +0100
Subject: [PATCH] apache2: do not use relative path for gen_test_char
Upstream-Status: Inappropriate [embedded specific]
---
server/Makefile.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/server/Makefile.in b/server/Makefile.in
index 8c0c396..3544f55 100644
--- a/server/Makefile.in
+++ b/server/Makefile.in
@@ -29,7 +29,7 @@ gen_test_char: $(gen_test_char_OBJECTS)
$(LINK) $(EXTRA_LDFLAGS) $(gen_test_char_OBJECTS) $(EXTRA_LIBS)
test_char.h: gen_test_char
- ./gen_test_char > test_char.h
+ gen_test_char > test_char.h
util.lo: test_char.h
--
2.25.1

241
sources/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.62.bb Normal file
View File

@@ -0,0 +1,241 @@
DESCRIPTION = "The Apache HTTP Server is a powerful, efficient, and \
extensible web server."
SUMMARY = "Apache HTTP Server"
HOMEPAGE = "http://httpd.apache.org/"
SECTION = "net"
LICENSE = "Apache-2.0"
SRC_URI = "${APACHE_MIRROR}/httpd/httpd-${PV}.tar.bz2 \
file://0001-configure-use-pkg-config-for-PCRE-detection.patch \
file://0002-apache2-bump-up-the-core-size-limit-if-CoreDumpDirec.patch \
file://0003-apache2-do-not-export-apr-apr-util-symbols-when-usin.patch \
file://0004-apache2-log-the-SELinux-context-at-startup.patch \
file://0005-replace-lynx-to-curl-in-apachectl-script.patch \
file://0006-apache2-fix-the-race-issue-of-parallel-installation.patch \
file://0007-apache2-allow-to-disable-selinux-support.patch \
file://0008-Fix-perl-install-directory-to-usr-bin.patch \
file://0009-support-apxs.in-force-destdir-to-be-empty-string.patch \
file://0001-make_exports.awk-not-expose-the-path.patch \
"
SRC_URI:append:class-target = " \
file://0010-apache2-do-not-use-relative-path-for-gen_test_char.patch \
file://init \
file://apache2-volatile.conf \
file://apache2.service \
file://volatiles.04_apache2 \
"
LIC_FILES_CHKSUM = "file://LICENSE;md5=bddeddfac80b2c9a882241d008bb41c3"
SRC_URI[sha256sum] = "674188e7bf44ced82da8db522da946849e22080d73d16c93f7f4df89e25729ec"
S = "${WORKDIR}/httpd-${PV}"
inherit autotools update-rc.d pkgconfig systemd update-alternatives
DEPENDS = "openssl expat pcre apr apr-util apache2-native "
CVE_PRODUCT = "apache:http_server"
SSTATE_SCAN_FILES += "apxs config_vars.mk config.nice"
PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)}"
PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux,libselinux"
PACKAGECONFIG[openldap] = "--enable-ldap --enable-authnz-ldap,--disable-ldap --disable-authnz-ldap,openldap"
PACKAGECONFIG[zlib] = "--enable-deflate,,zlib,zlib"
CFLAGS:append = " -DPATH_MAX=4096"
EXTRA_OECONF:class-target = "\
--enable-layout=Debian \
--prefix=${base_prefix} \
--exec_prefix=${exec_prefix} \
--includedir=${includedir}/${BPN} \
--sysconfdir=${sysconfdir}/${BPN} \
--datadir=${datadir}/${BPN} \
--libdir=${libdir} \
--libexecdir=${libexecdir}/${BPN}/modules \
--localstatedir=${localstatedir} \
--enable-ssl \
--with-dbm=sdbm \
--with-gdbm=no \
--with-ndbm=no \
--with-berkeley-db=no \
--enable-info \
--enable-rewrite \
--with-mpm=prefork \
--enable-mpms-shared \
ap_cv_void_ptr_lt_long=no \
ac_cv_have_threadsafe_pollset=no \
"
EXTRA_OECONF:class-native = "\
--prefix=${prefix} \
--includedir=${includedir}/${BPN} \
--sysconfdir=${sysconfdir}/${BPN} \
--datadir=${datadir}/${BPN} \
--libdir=${libdir} \
--libexecdir=${libdir}/${BPN}/modules \
--localstatedir=${localstatedir} \
"
do_configure:prepend() {
sed -i -e 's:$''{prefix}/usr/lib/cgi-bin:$''{libexecdir}/cgi-bin:g' ${S}/config.layout
}
do_install:append:class-target() {
install -d ${D}/${sysconfdir}/init.d
cat ${WORKDIR}/init | \
sed -e 's,/usr/sbin/,${sbindir}/,g' \
-e 's,/usr/bin/,${bindir}/,g' \
-e 's,/usr/lib/,${libdir}/,g' \
-e 's,/etc/,${sysconfdir}/,g' \
-e 's,/usr/,${prefix}/,g' > ${D}/${sysconfdir}/init.d/${BPN}
chmod 755 ${D}/${sysconfdir}/init.d/${BPN}
# Remove the goofy original files...
rm -rf ${D}/${sysconfdir}/${BPN}/original
install -d ${D}${sysconfdir}/${BPN}/conf.d
install -d ${D}${sysconfdir}/${BPN}/modules.d
# Ensure configuration file pulls in conf.d and modules.d
printf "\nIncludeOptional ${sysconfdir}/${BPN}/conf.d/*.conf" >> ${D}/${sysconfdir}/${BPN}/httpd.conf
printf "\nIncludeOptional ${sysconfdir}/${BPN}/modules.d/*.load" >> ${D}/${sysconfdir}/${BPN}/httpd.conf
printf "\nIncludeOptional ${sysconfdir}/${BPN}/modules.d/*.conf\n\n" >> ${D}/${sysconfdir}/${BPN}/httpd.conf
# Match with that is in init script
printf "\nPidFile /run/httpd.pid" >> ${D}/${sysconfdir}/${BPN}/httpd.conf
# Set 'ServerName' to fix error messages when restart apache service
sed -i 's/^#ServerName www.example.com/ServerName localhost/' ${D}/${sysconfdir}/${BPN}/httpd.conf
sed -i 's/^ServerRoot/#ServerRoot/' ${D}/${sysconfdir}/${BPN}/httpd.conf
sed -i -e 's,${STAGING_DIR_TARGET},,g' \
-e 's,${DEBUG_PREFIX_MAP},,g' \
-e 's,-fdebug-prefix-map[^ ]*,,g; s,-fmacro-prefix-map[^ ]*,,g; s,-ffile-prefix-map[^ ]*,,g' \
-e 's,${HOSTTOOLS_DIR}/,,g' \
-e 's,APU_INCLUDEDIR = .*,APU_INCLUDEDIR = ,g' \
-e 's,APU_CONFIG = .*,APU_CONFIG = ,g' ${D}${datadir}/apache2/build/config_vars.mk
sed -i -e 's,--sysroot=${STAGING_DIR_TARGET},,g' \
-e 's,${DEBUG_PREFIX_MAP},,g' \
-e 's,${RECIPE_SYSROOT},,g' \
-e 's,-fdebug-prefix-map[^ ]*,,g; s,-fmacro-prefix-map[^ ]*,,g; s,-fmacro-prefix-map[^ ]*,,g' \
-e 's,APU_INCLUDEDIR = .*,APU_INCLUDEDIR = ,g' \
-e 's,".*/configure","configure",g' ${D}${datadir}/apache2/build/config.nice
if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
install -d ${D}${sysconfdir}/tmpfiles.d/
install -m 0644 ${WORKDIR}/apache2-volatile.conf ${D}${sysconfdir}/tmpfiles.d/
install -d ${D}${systemd_unitdir}/system
install -m 0644 ${WORKDIR}/apache2.service ${D}${systemd_unitdir}/system
sed -i -e 's,@SBINDIR@,${sbindir},g' ${D}${systemd_unitdir}/system/apache2.service
sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' ${D}${systemd_unitdir}/system/apache2.service
elif ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then
install -d ${D}${sysconfdir}/default/volatiles
install -m 0644 ${WORKDIR}/volatiles.04_apache2 ${D}${sysconfdir}/default/volatiles/04_apache2
fi
rm -rf ${D}${localstatedir} ${D}${sbindir}/envvars*
chown -R root:root ${D}
}
do_install:append:class-native() {
install -d ${D}${bindir} ${D}${libdir}
install -m 755 server/gen_test_char ${D}${bindir}
}
SYSROOT_PREPROCESS_FUNCS:append:class-target = " apache_sysroot_preprocess"
apache_sysroot_preprocess() {
install -d ${SYSROOT_DESTDIR}${bindir_crossscripts}
install -m 755 ${D}${bindir}/apxs ${SYSROOT_DESTDIR}${bindir_crossscripts}
install -d ${SYSROOT_DESTDIR}${sbindir}
install -m 755 ${D}${sbindir}/apachectl ${SYSROOT_DESTDIR}${sbindir}
sed -i 's!my $installbuilddir = .*!my $installbuilddir = "${STAGING_DIR_HOST}/${datadir}/${BPN}/build";!' ${SYSROOT_DESTDIR}${bindir_crossscripts}/apxs
sed -i 's!^APR_CONFIG = .*!APR_CONFIG = ${STAGING_BINDIR_CROSS}/apr-1-config!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk
sed -i 's!^APU_CONFIG = .*!APU_CONFIG = ${STAGING_BINDIR_CROSS}/apu-1-config!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk
sed -i 's!^includedir = .*!includedir = ${STAGING_INCDIR}/apache2!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk
sed -i 's!^CFLAGS = -I[^ ]*!CFLAGS = -I${STAGING_INCDIR}/openssl!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk
sed -i 's!^EXTRA_LDFLAGS = .*!EXTRA_LDFLAGS = -L${STAGING_LIBDIR}!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk
sed -i 's!^EXTRA_INCLUDES = .*!EXTRA_INCLUDES = -I$(includedir) -I. -I${STAGING_INCDIR}!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk
sed -i 's!--sysroot=[^ ]*!--sysroot=${STAGING_DIR_HOST}!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk
}
# Implications - used by update-rc.d scripts
INITSCRIPT_NAME = "apache2"
INITSCRIPT_PARAMS = "defaults 91 20"
SYSTEMD_SERVICE:${PN} = "apache2.service"
SYSTEMD_AUTO_ENABLE:${PN} = "enable"
ALTERNATIVE:${PN} = "httpd"
ALTERNATIVE_LINK_NAME[httpd] = "${sbindir}/httpd"
ALTERNATIVE_PRIORITY[httpd] = "60"
ALTERNATIVE:${PN}-doc = "htpasswd.1"
ALTERNATIVE_LINK_NAME[htpasswd.1] = "${mandir}/man1/htpasswd.1"
PACKAGES = "${PN}-utils ${PN}-scripts ${PN}-doc ${PN}-dev ${PN}-dbg ${PN}"
CONFFILES:${PN} = "${sysconfdir}/${BPN}/httpd.conf \
${sysconfdir}/${BPN}/magic \
${sysconfdir}/${BPN}/mime.types \
${sysconfdir}/${BPN}/extra/*"
FILES:${PN}-utils = "${bindir}/ab \
${bindir}/htdbm \
${bindir}/htdigest \
${bindir}/htpasswd \
${bindir}/logresolve \
${bindir}/httxt2dbm \
${sbindir}/htcacheclean \
${sbindir}/fcgistarter \
${sbindir}/checkgid \
${sbindir}/rotatelogs \
"
# We override here rather than append so that .so links are
# included in the runtime package rather than here (-dev)
# and to get build, icons, error into the -dev package
FILES:${PN}-dev = "${datadir}/${BPN}/build \
${datadir}/${BPN}/icons \
${datadir}/${BPN}/error \
${includedir}/${BPN} \
${bindir}/apxs \
"
# Add the manual to -doc
FILES:${PN}-doc += " ${datadir}/${BPN}/manual"
FILES:${PN}-scripts += "${bindir}/dbmmanage"
# Override this too - here is the default, less datadir
FILES:${PN} = "${bindir} ${sbindir} ${libexecdir} ${libdir} \
${sysconfdir} ${libdir}/${BPN}"
# We want htdocs and cgi-bin to go with the binary
FILES:${PN} += "${datadir}/${BPN}/ ${libdir}/cgi-bin"
FILES:${PN}-dbg += "${libdir}/${BPN}/modules/.debug"
RDEPENDS:${PN} += "openssl libgcc ${PN}-utils"
RDEPENDS:${PN}-scripts += "perl ${PN}"
RDEPENDS:${PN}-dev = "perl"
BBCLASSEXTEND = "native"
pkg_postinst:${PN}() {
if [ -z "$D" ]; then
if type systemd-tmpfiles >/dev/null; then
systemd-tmpfiles --create
elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then
${sysconfdir}/init.d/populate-volatile.sh update
fi
fi
}

2
sources/meta-openembedded/meta-webserver/recipes-httpd/apache2/files/apache2-volatile.conf Normal file
View File

@@ -0,0 +1,2 @@
d /run/apache2 0755 root root -
d /var/log/apache2 0755 root root -

14
sources/meta-openembedded/meta-webserver/recipes-httpd/apache2/files/apache2.service Normal file
View File

@@ -0,0 +1,14 @@
[Unit]
Description=The Apache HTTP Server
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=simple
Environment=LANG=C
ExecStart=@SBINDIR@/httpd -DFOREGROUND -D SSL -D PHP5 -k start
ExecStop=@BASE_BINDIR@/kill -WINCH ${MAINPID}
KillSignal=SIGCONT
PrivateTmp=true
[Install]
WantedBy=multi-user.target

230
sources/meta-openembedded/meta-webserver/recipes-httpd/apache2/files/init Normal file
View File

@@ -0,0 +1,230 @@
#!/bin/sh
### BEGIN INIT INFO
# Provides: httpd
# Required-Start: $local_fs $remote_fs $network $named
# Required-Stop: $local_fs $remote_fs $network
# Should-Start: distcache
# Short-Description: start and stop Apache HTTP Server
# Description: The Apache HTTP Server is an extensible server
# implementing the current HTTP standards.
### END INIT INFO
ARGS="-D SSL -D PHP5 -k start"
NAME=apache2
PATH=/bin:/usr/bin:/sbin:/usr/sbin
DAEMON=/usr/sbin/httpd
SUEXEC=/usr/lib/apache/suexec
PIDFILE=/run/httpd.pid
CONF=/etc/apache2/httpd.conf
APACHECTL=/usr/sbin/apachectl
trap "" 1
export LANG=C
export PATH
test -f $DAEMON || exit 0
test -f $APACHECTL || exit 0
# ensure we don't leak environment vars into apachectl
APACHECTL="env -i LANG=${LANG} PATH=${PATH} $APACHECTL"
apache_conftest() {
if $($APACHECTL configtest > /dev/null 2>&1 ); then
return 0
else
return 1
fi
}
apache_wait_start() {
local STATUS=$1
if [ $STATUS != 0 ] ; then
return $STATUS
fi
local i=0
while : ; do
PIDTMP=$(pidof $DAEMON | tr ' ' '\n' | grep -w $(cat $PIDFILE))
if [ -n "${PIDTMP:-}" ] && kill -0 "${PIDTMP:-}" 2> /dev/null; then
return $STATUS
fi
if [ $i = "20" ] ; then
return 2
fi
sleep 1
i=$(($i+1))
done
}
apache_wait_stop() {
local STATUS=$1
if [ $STATUS != 0 ] ; then
return $STATUS
fi
PIDTMP=$(pidof $DAEMON | tr ' ' '\n' | grep -w $(cat $PIDFILE))
if [ -n "${PIDTMP:-}" ] && kill -0 "${PIDTMP:-}" 2> /dev/null; then
local i=0
while kill -0 "${PIDTMP:-}" 2> /dev/null; do
if [ $i = '60' ]; then
STATUS=2
break
fi
sleep 1
i=$(($i+1))
done
return $STATUS
else
return $STATUS
fi
}
#
# Function that starts the daemon/service
#
do_start()
{
# Return
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started
if [ -e $PIDFILE ] && pidof $DAEMON | tr ' ' '\n' | grep -w $(cat $PIDFILE) > /dev/null 2>&1 ; then
return 1
fi
if apache_conftest ; then
$APACHECTL start
apache_wait_start $?
return $?
else
return 2
fi
}
#
# Function that stops the daemon/service
#
do_stop()
{
# Return
# 0 if daemon has been stopped
# 1 if daemon was already stopped
# 2 if daemon could not be stopped
# other if a failure occurred
local AP_RET=0
if pidof $DAEMON > /dev/null 2>&1 ; then
if [ -e $PIDFILE ] && pidof $DAEMON | tr ' ' '\n' | grep -w $(cat $PIDFILE) > /dev/null 2>&1 ; then
AP_RET=2
else
AP_RET=1
fi
else
AP_RET=0
fi
# AP_RET is:
# 0 if Apache (whichever) is not running
# 1 if Apache (whichever) is running
# 2 if Apache from the PIDFILE is running
if [ $AP_RET = 0 ] ; then
return 1
fi
if [ $AP_RET = 2 ] && apache_conftest ; then
$APACHECTL stop
apache_wait_stop $?
return $?
else
if [ $AP_RET = 2 ]; then
kill $(pidof $DAEMON | tr ' ' '\n' | grep -w $(cat $PIDFILE))
apache_wait_stop $?
return $?
elif [ $AP_RET = 1 ] ; then
return 2
fi
fi
}
case "$1" in
start)
echo -n "Starting web server: $NAME"
do_start
case $? in
0|1)
echo .
exit 0
;;
2)
echo failed
exit 1
;;
esac
;;
stop)
echo -n "Stopping web server: $NAME"
do_stop
case $? in
0|1)
echo .
exit 0
;;
2)
echo failed
exit 1
;;
esac
;;
reload)
echo -n "Reloading $NAME configuration"
kill -HUP `cat $PIDFILE`
;;
reload-modules)
echo -n "Reloading $NAME modules"
$APACHECTL restart
;;
restart)
echo "Restarting web server: $NAME"
do_stop
case "$?" in
0|1)
do_start
exit $?
;;
*)
# Failed to stop
exit 1
;;
esac
;;
force-reload)
$0 reload-modules
exit $?
;;
*)
echo "Usage: /etc/init.d/$NAME {start|stop|reload|reload-modules|force-reload|restart}"
exit 1
;;
esac
if [ $? = 0 ]; then
echo .
exit 0
else
echo failed
exit 1
fi

3
sources/meta-openembedded/meta-webserver/recipes-httpd/apache2/files/volatiles.04_apache2 Normal file
View File

@@ -0,0 +1,3 @@
# <type> <owner> <group> <mode> <path> <linksource>
d root root 0755 /var/run/apache2 none
d root root 0755 /var/log/apache2 none

47
sources/meta-openembedded/meta-webserver/recipes-httpd/cherokee/cherokee/0001-common-internal.h-Define-LLONG_MAX-if-undefined.patch Normal file
View File

@@ -0,0 +1,47 @@
From c73415021f3f3b2b30062ab74b25fe49c51c2242 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Sun, 10 Nov 2019 15:59:44 -0800
Subject: [PATCH] common-internal.h: Define LLONG_MAX if undefined
time_t can also be long long type, therefore check for that as fallback
Fixes build on 32bit hosts where time_t is fixed for Y2K38
Upstream-Status: Pending
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
cherokee/common-internal.h | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/cherokee/common-internal.h b/cherokee/common-internal.h
index 5c28da97..5646ec0f 100644
--- a/cherokee/common-internal.h
+++ b/cherokee/common-internal.h
@@ -222,6 +222,16 @@ char *strcasestr(char *s, char *find);
# endif
#endif
+/* Long Long limit
+ */
+#ifndef LLONG_MAX
+# if (__SIZEOF_LONG_LONG__ == 8)
+# define LLONG_MAX 0x7fffffffffffffffLL
+# else
+# error "Can't define LLONG_MAX"
+# endif
+#endif
+
/* time_t limit
*/
#ifndef TIME_MAX
@@ -229,6 +239,8 @@ char *strcasestr(char *s, char *find);
# define TIME_MAX ((time_t)INT_MAX)
# elif (SIZEOF_TIME_T == SIZEOF_LONG)
# define TIME_MAX ((time_t)LONG_MAX)
+# elif (SIZEOF_TIME_T == __SIZEOF_LONG_LONG__)
+# define TIME_MAX ((time_t)LLONG_MAX)
# else
# error "Can't define TIME_MAX"
# endif
--
2.24.0

31
sources/meta-openembedded/meta-webserver/recipes-httpd/cherokee/cherokee/0001-configure.ac-Add-foreign-to-AM_INIT_AUTOMAKE.patch Normal file
View File

@@ -0,0 +1,31 @@
From 4591b5b40d66c19edc73b951ad091dac639454c9 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Tue, 25 Jul 2017 16:00:34 -0700
Subject: [PATCH] configure.ac: Add foreign to AM_INIT_AUTOMAKE
Fixes errors like
| Makefile.am: error: required file './README' not found
| Makefile.am: error: required file './ChangeLog' not found
Upstream-Status: Pending
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index d6298f27..98cab791 100644
--- a/configure.ac
+++ b/configure.ac
@@ -32,7 +32,7 @@ dnl Init autoconf and automake
AC_INIT([cherokee], [cherokee_version], [http://bugs.cherokee-project.com/], [cherokee])
AC_CONFIG_SRCDIR([cherokee/server.c])
AC_CONFIG_MACRO_DIR([m4])
-AM_INIT_AUTOMAKE([no-define])
+AM_INIT_AUTOMAKE([no-define foreign])
dnl Define version
AC_DEFINE(PACKAGE_MAJOR_VERSION, "cherokee_major_version", [Version string])
--
2.13.3

28
sources/meta-openembedded/meta-webserver/recipes-httpd/cherokee/cherokee/0001-make-Do-not-build-po-files.patch Normal file
View File

@@ -0,0 +1,28 @@
From e9ae3231ec188df801fe51aa95d6afec2e52db58 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Tue, 25 Jul 2017 16:14:19 -0700
Subject: [PATCH] make: Do not build po files
Target fails to build
Upstream-Status: Inappropriate [Cross-compile specific]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
Makefile.am | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Makefile.am b/Makefile.am
index f01278c3..eb864c36 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,6 +1,6 @@
## Cherokee: Makefile.am -*- makefile -*-
-SUBDIRS = po m4 www icons themes qa doc . admin contrib cherokee cget packages dbslayer
+SUBDIRS = m4 www icons themes qa doc . admin contrib cherokee cget packages dbslayer
SUFFIXES = .sample.pre .sample .h.pre .h .xml.pre .xml
ACLOCAL_AMFLAGS = -I m4
--
2.13.3

40
sources/meta-openembedded/meta-webserver/recipes-httpd/cherokee/cherokee/cherokee-install-configured.py-once.patch Normal file
View File

@@ -0,0 +1,40 @@
From 98a0f19df0a31d5649ad89d395fd1b8de5591827 Mon Sep 17 00:00:00 2001
From: Robert Yang <liezhi.yang@windriver.com>
Date: Thu, 3 Apr 2014 21:33:25 +0800
Subject: [PATCH] admin/Makefile.am: only install configured.py once
Both the two rules install-adminpyDATA and install-generatedDATA will
install the configured.py to the same location, they can run parallel,
and they use "install -m", which would might build failures:
/usr/bin/install: setting permissions for `/path/to/configured.py': No such file or directory
This is because the first install is setting the permission while the
second install is removing the file an re-install.
Only install the configured.py once will fix the problem, I think that
there is no side effect since it installed the same file to the same
location twice in the past.
Upstream-Status: Pending
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
admin/Makefile.am | 1 -
1 file changed, 1 deletion(-)
diff --git a/admin/Makefile.am b/admin/Makefile.am
index ce5937b..6f96934 100644
--- a/admin/Makefile.am
+++ b/admin/Makefile.am
@@ -73,7 +73,6 @@ SystemStatsWidgets.py \
Wizard.py \
XMLServerDigest.py \
config_version.py \
-configured.py \
consts.py \
util.py \
popen.py \
--
1.8.2.1

32
sources/meta-openembedded/meta-webserver/recipes-httpd/cherokee/cherokee/cherokee.init Normal file
View File

@@ -0,0 +1,32 @@
#!/bin/sh
DAEMON=/usr/sbin/cherokee
CONFIG=/etc/cherokee/cherokee.conf
PIDFILE=/var/run/cherokee.pid
NAME="cherokee"
DESC="Cherokee http server"
test -r /etc/default/cherokee && . /etc/default/cherokee
test -x "$DAEMON" || exit 0
test ! -r "$CONFIG" && exit 0
case "$1" in
start)
echo "Starting $DESC: "
start-stop-daemon --oknodo -S -x $DAEMON -- -d -C $CONFIG
;;
stop)
echo "Stopping $DESC:"
start-stop-daemon -K -p $PIDFILE
;;
restart)
$0 stop >/dev/null 2>&1
$0 start
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 0
;;
esac

10
sources/meta-openembedded/meta-webserver/recipes-httpd/cherokee/cherokee/cherokee.service Normal file
View File

@@ -0,0 +1,10 @@
[Unit]
Description=Cherokee web server
After=syslog.target
[Service]
Type=forking
ExecStart=/usr/sbin/cherokee -d -C /etc/cherokee/cherokee.conf
[Install]
WantedBy=multi-user.target

79
sources/meta-openembedded/meta-webserver/recipes-httpd/cherokee/cherokee_git.bb Normal file
View File

@@ -0,0 +1,79 @@
SUMMARY = "Cherokee Web Server fast and secure"
SUMMARY:cget = "Small downloader based in the Cherokee client library"
HOMEPAGE = "http://www.cherokee-project.com/"
SECTION = "network"
LICENSE = "GPL-2.0-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
DEPENDS = "unzip-native libpcre openssl mysql5 ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
SRCREV = "9a75e65b876bcc376cb6b379dca1f7ce4a055c59"
PV = "1.2.104+git"
SRC_URI = "git://github.com/cherokee/webserver;branch=master;protocol=https \
file://cherokee.init \
file://cherokee.service \
file://cherokee-install-configured.py-once.patch \
file://0001-configure.ac-Add-foreign-to-AM_INIT_AUTOMAKE.patch \
file://0001-make-Do-not-build-po-files.patch \
file://0001-common-internal.h-Define-LLONG_MAX-if-undefined.patch \
"
S = "${WORKDIR}/git"
inherit autotools-brokensep pkgconfig binconfig update-rc.d systemd ${@bb.utils.contains("BBFILE_COLLECTIONS", "meta-python2", "pythonnative", "", d)}
PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}"
PACKAGECONFIG[ffmpeg] = "--with-ffmpeg,--without-ffmpeg,libav"
PACKAGECONFIG[ldap] = "--with-ldap,--without-ldap,openldap"
PACKAGECONFIG[geoip] = "--with-geoip,--without-geoip,geoip"
PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
EXTRA_OECONF = "--disable-static \
--disable-nls \
${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--enable-pam', '--disable-pam', d)} \
--with-wwwroot=${localstatedir}/www/cherokee \
"
do_install:append () {
install -m 0755 -d ${D}${sysconfdir}/init.d
install -m 755 ${WORKDIR}/cherokee.init ${D}${sysconfdir}/init.d/cherokee
# clean up .la files for plugins
rm -f ${D}${libdir}/cherokee/*.la
install -d ${D}${systemd_unitdir}/system
install -m 0644 ${WORKDIR}/cherokee.service ${D}${systemd_unitdir}/system
rmdir "${D}${localstatedir}/run"
rmdir --ignore-fail-on-non-empty "${D}${localstatedir}"
}
# Put -dev near the front so we can move the .la files into it with a wildcard
PACKAGES =+ "libcherokee-server libcherokee-client libcherokee-base cget"
FILES:cget = "${bindir}/cget"
FILES:libcherokee-server = "${libdir}/libcherokee-server${SOLIBS}"
FILES:libcherokee-client = "${libdir}/libcherokee-client${SOLIBS}"
FILES:libcherokee-base = "${libdir}/libcherokee-base${SOLIBS}"
# Pack the htdocs
FILES:${PN} += "${localstatedir}/www/cherokee"
CONFFILES:${PN} = " \
${sysconfdir}/cherokee/cherokee.conf \
${sysconfdir}/init.d/cherokee \
"
INITSCRIPT_NAME = "cherokee"
INITSCRIPT_PARAMS = "defaults 91 91"
RPROVIDES:${PN} += "${PN}-systemd"
RREPLACES:${PN} += "${PN}-systemd"
RCONFLICTS:${PN} += "${PN}-systemd"
SYSTEMD_SERVICE:${PN} = "cherokee.service"
python() {
if 'meta-python2' not in d.getVar('BBFILE_COLLECTIONS').split():
raise bb.parse.SkipRecipe('Requires meta-python2 to be present.')
}
CVE_PRODUCT += "cherokee_web_server"

45
sources/meta-openembedded/meta-webserver/recipes-httpd/hiawatha/files/hiawatha-init Normal file
View File

@@ -0,0 +1,45 @@
#!/bin/sh
### BEGIN INIT INFO
# Provides: hiawatha httpd httpd-cgi
# Required-Start: $syslog $network $remote_fs
# Required-Stop: $syslog $network $remote_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Hiawatha webserver
# Description: Hiawatha, a secure and advanced webserver.
### END INIT INFO
PATH=/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=sed_sbin_path/hiawatha
NAME=hiawatha
DESC="Hiawatha Web Server"
OPTS=""
case "$1" in
start)
echo -n "Starting $DESC: "
mkdir -p /var/log/hiawatha &> /dev/null
start-stop-daemon --start -x "$DAEMON" -- $OPTS
echo "$NAME."
;;
stop)
echo -n "Stopping $DESC: "
start-stop-daemon --stop -x "$DAEMON"
echo "$NAME."
;;
restart|force-reload)
echo -n "Restarting $DESC: "
start-stop-daemon --stop -x "$DAEMON"
sleep 1
start-stop-daemon --start -x "$DAEMON" -- $OPTS
echo "$NAME."
;;
*)
N=/etc/init.d/$NAME
echo "Usage: $N {start|stop|restart|force-reload}" >&2
exit 1
;;
esac
exit 0

16
sources/meta-openembedded/meta-webserver/recipes-httpd/hiawatha/files/hiawatha.service Normal file
View File

@@ -0,0 +1,16 @@
[Unit]
Description=Hiawatha Web Server
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=simple
SyslogIdentifier=hiawatha
ExecStartPre=/usr/sbin/hiawatha -k ; /usr/sbin/wigwam
ExecStart= /usr/sbin/hiawatha -d
TimeoutSec=10
#(doesn't like this setting. Can't find files) PrivateTmp=true
LimitNOFILE=infinity
CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER CAP_FSETID CAP_SETGID CAP_SETUID
[Install]
WantedBy=multi-user.target

81
sources/meta-openembedded/meta-webserver/recipes-httpd/hiawatha/hiawatha_10.12.bb Normal file
View File

@@ -0,0 +1,81 @@
SUMMARY = "Lightweight secure web server"
HOMEPAGE = "http://www.hiawatha-webserver.org"
LICENSE = "GPL-2.0-only"
LIC_FILES_CHKSUM = "file://LICENSE;md5=751419260aa954499f7abaabaa882bbe"
DEPENDS = "libxml2 libxslt virtual/crypt"
SECTION = "net"
SRC_URI = "http://hiawatha-webserver.org/files/hiawatha-10/${BP}.tar.gz \
file://hiawatha-init \
file://hiawatha.service "
SRC_URI[md5sum] = "d9e282be06ed456207726b7ac0df9d48"
SRC_URI[sha256sum] = "61bf41146c51244769984135529fcffd0f6cb92be18dc12d460effc42f19f50d"
INITSCRIPT_NAME = "hiawatha"
INITSCRIPT_PARAMS = "defaults 70"
SYSTEMD_SERVICE:${PN} = "hiawatha.service"
inherit cmake update-rc.d systemd
EXTRA_OECMAKE = " -DENABLE_IPV6=OFF \
-DENABLE_CACHE=OFF \
-DENABLE_DEBUG=OFF \
-DENABLE_TLS=OFF \
-DENABLE_TOOLKIT=OFF \
-DENABLE_CHROOT=OFF \
-DENABLE_XSLT=ON \
-DENABLE_TOMAHAWK=OFF \
-DCMAKE_INSTALL_MANDIR=${mandir} \
-DCMAKE_INSTALL_BINDIR=${bindir} \
-DCMAKE_INSTALL_SBINDIR=${sbindir} \
-DCMAKE_INSTALL_SYSCONFDIR=${sysconfdir} \
-DCMAKE_INSTALL_LIBDIR=${libdir} \
-DCMAKE_INSTALL_FULL_LOCALSTATEDIR=${localstatedir}"
do_install:append() {
# Copy over init script and sed in the correct sbin path
sed -i 's,sed_sbin_path,${sbindir},' ${WORKDIR}/hiawatha-init
mkdir -p ${D}${sysconfdir}/init.d
install -m 0755 ${WORKDIR}/hiawatha-init ${D}${sysconfdir}/init.d/hiawatha
# configure php-fcgi to have a working configuration
# by default if php is installed
echo "Server = ${bindir}/php-cgi ; 2 ; 127.0.0.1:2005 ; nobody:nobody ; ${sysconfdir}/php/hiawatha-php5/php.ini" >> ${D}${sysconfdir}/hiawatha/php-fcgi.conf
if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
install -d ${D}/${systemd_unitdir}/system
install -m 644 ${WORKDIR}/hiawatha.service ${D}/${systemd_unitdir}/system
fi
# /var/log/hiawatha and /var/lib/hiawatha needs to be created in runtime.
# Use rmdir to catch if upstream stops creating these dirs, or adds
# something else in /var/log.
rmdir ${D}${localstatedir}/log/${BPN} ${D}${localstatedir}/log
rmdir ${D}${localstatedir}/run
rmdir --ignore-fail-on-non-empty ${D}${localstatedir}
# Create /var/log/hiawatha at runtime.
if [ "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" ]; then
install -d ${D}${nonarch_libdir}/tmpfiles.d
echo "d ${localstatedir}/log/${BPN} - - - -" > ${D}${nonarch_libdir}/tmpfiles.d/${BPN}.conf
fi
if [ "${@bb.utils.filter('DISTRO_FEATURES', 'sysvinit', d)}" ]; then
install -d ${D}${sysconfdir}/default/volatiles
echo "d root root 0755 ${localstatedir}/log/${BPN} none" > ${D}${sysconfdir}/default/volatiles/99_${BPN}
fi
}
CONFFILES:${PN} = " \
${sysconfdir}/hiawatha/cgi-wrapper.conf \
${sysconfdir}/hiawatha/hiawatha.conf \
${sysconfdir}/hiawatha/index.xslt \
${sysconfdir}/hiawatha/mimetype.conf \
${sysconfdir}/hiawatha/php-fcgi.conf \
"
FILES:${PN} += "${nonarch_libdir}/tmpfiles.d"
FILES:${PN}-dev = "${libdir}/hiawatha/*${SOLIBSDEV}"

30
sources/meta-openembedded/meta-webserver/recipes-httpd/monkey/files/0001-fastcgi-Use-value-instead-of-address-of-sin6_port.patch Normal file
View File

@@ -0,0 +1,30 @@
From 7f724bbafbb1e170401dd5de201273ab8c8bc75f Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Sun, 28 Aug 2022 14:24:02 -0700
Subject: [PATCH] fastcgi: Use value instead of address of sin6_port
This seems to be wrongly assigned where ipv4 sin_port is
equated to address of sin6_port and not value of sin6_port
Upstream-Status: Submitted [https://github.com/monkey/monkey/pull/375]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
plugins/fastcgi/fcgi_handler.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/plugins/fastcgi/fcgi_handler.c b/plugins/fastcgi/fcgi_handler.c
index 9e095e3c..e8e1eec1 100644
--- a/plugins/fastcgi/fcgi_handler.c
+++ b/plugins/fastcgi/fcgi_handler.c
@@ -245,7 +245,7 @@ static inline int fcgi_add_param_net(struct fcgi_handler *handler)
struct sockaddr_in *s4 = (struct sockaddr_in *)&addr4;
memset(&addr4, 0, sizeof(addr4));
addr4.sin_family = AF_INET;
- addr4.sin_port = &s->sin6_port;
+ addr4.sin_port = s->sin6_port;
memcpy(&addr4.sin_addr.s_addr,
s->sin6_addr.s6_addr + 12,
sizeof(addr4.sin_addr.s_addr));
--
2.37.2

34
sources/meta-openembedded/meta-webserver/recipes-httpd/monkey/files/monkey.init Normal file
View File

@@ -0,0 +1,34 @@
#!/bin/sh
PATH=/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/monkey
NAME=monkey
DESC="Monkey HTTP Server"
OPTS="--daemon"
case "$1" in
start)
echo -n "Starting $DESC: "
start-stop-daemon --start -x "$DAEMON" -- $OPTS
echo "$NAME."
;;
stop)
echo -n "Stopping $DESC: "
start-stop-daemon --stop -x "$DAEMON"
echo "$NAME."
;;
restart|force-reload)
echo -n "Restarting $DESC: "
start-stop-daemon --stop -x "$DAEMON"
sleep 1
start-stop-daemon --start -x "$DAEMON" -- $OPTS
echo "$NAME."
;;
*)
N=/etc/init.d/$NAME
echo "Usage: $N {start|stop|restart|force-reload}" >&2
exit 1
;;
esac
exit 0

12
sources/meta-openembedded/meta-webserver/recipes-httpd/monkey/files/monkey.service Normal file
View File

@@ -0,0 +1,12 @@
[Unit]
Description=Monkey HTTP Server
After=network.target remote-fs.target
[Service]
Type=forking
ExecStart=/usr/sbin/monkey --daemon
PIDFile=/var/run/monkey.pid.2001
TimeoutSec=10
[Install]
WantedBy=multi-user.target

92
sources/meta-openembedded/meta-webserver/recipes-httpd/monkey/monkey_1.6.9.bb Normal file
View File

@@ -0,0 +1,92 @@
SUMMARY = "Fast and Lightweight HTTP Server for Linux"
HOMEPAGE = "http://monkey-project.com"
BUGTRACKER = "https://github.com/monkey/monkey/issues"
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=2ee41112a44fe7014dce33e26468ba93"
SECTION = "net"
SRC_URI = "git://github.com/monkey/monkey;branch=1.6;protocol=https \
file://0001-fastcgi-Use-value-instead-of-address-of-sin6_port.patch \
file://monkey.service \
file://monkey.init"
SRCREV = "7999b487fded645381d387ec0e057e92407b0d2c"
S = "${WORKDIR}/git"
UPSTREAM_CHECK_URI = "https://github.com/monkey/monkey/releases"
UPSTREAM_CHECK_REGEX = "v(?P<pver>\d+(\.\d+)+).tar.gz"
EXTRA_OECMAKE = "-DINSTALL_LOGDIR=${localstatedir}/log/monkey/ \
-DPID_FILE=/run/monkey.pid \
-DINSTALL_SYSCONFDIR=${sysconfdir}/monkey/ \
-DWITH_PLUGINS=* \
-DWITHOUT_PLUGINS=mbedtls \
-DWITH_DEBUG=1 \
-DDEFAULT_USER='www-data' \
-DWITH_SYSTEM_MALLOC=1 \
"
EXTRA_OECMAKE:append:libc-musl = " -DWITH_MUSL=1 "
# GCC-10+ defaults to -fno-common
CFLAGS += "-fcommon"
DISABLE_STATIC = ""
inherit cmake pkgconfig update-rc.d systemd
OECMAKE_GENERATOR = "Unix Makefiles"
do_configure:append() {
sed -i -e 's|${STAGING_BINDIR_TOOLCHAIN}/||g' ${S}/include/monkey/mk_env.h
}
do_install:append() {
rmdir ${D}${localstatedir}/log/${BPN} ${D}${localstatedir}/run ${D}${localstatedir}/log
rmdir --ignore-fail-on-non-empty ${D}${localstatedir}
install -Dm 0755 ${WORKDIR}/monkey.init ${D}${sysconfdir}/init.d/monkey
# Create /var/log/monkey in runtime.
if [ "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" ]; then
install -d ${D}${nonarch_libdir}/tmpfiles.d
echo "d ${localstatedir}/log/${BPN} 0755 ${BPN} ${BPN} -" > ${D}${nonarch_libdir}/tmpfiles.d/${BPN}.conf
fi
if [ "${@bb.utils.filter('DISTRO_FEATURES', 'sysvinit', d)}" ]; then
install -d ${D}${sysconfdir}/default/volatiles
echo "d ${BPN} ${BPN} 0755 ${localstatedir}/log/${BPN} none" > ${D}${sysconfdir}/default/volatiles/99_${BPN}
fi
if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
install -Dm 644 ${WORKDIR}/monkey.service ${D}/${systemd_unitdir}/system/monkey.service
fi
}
INITSCRIPT_NAME = "monkey"
INITSCRIPT_PARAMS = "defaults 70"
SYSTEMD_SERVICE:${PN} = "monkey.service"
PACKAGES += "${PN}-plugins"
FILES:${PN}-plugins = "${libdir}/monkey-*.so"
FILES:${PN} += "${nonarch_libdir}/tmpfiles.d"
CONFFILES:${PN} = "${sysconfdir}/monkey/monkey.conf \
${sysconfdir}/monkey/sites/default \
${sysconfdir}/monkey/monkey.mime \
${sysconfdir}/monkey/plugins.load \
${sysconfdir}/monkey/plugins/proxy_reverse/proxy_reverse.conf \
${sysconfdir}/monkey/plugins/mandril/mandril.conf \
${sysconfdir}/monkey/plugins/fastcgi/fastcgi.conf \
${sysconfdir}/monkey/plugins/logger/logger.conf \
${sysconfdir}/monkey/plugins/cgi/cgi.conf \
${sysconfdir}/monkey/plugins/cheetah/cheetah.conf \
${sysconfdir}/monkey/plugins/dirlisting/dirhtml.conf \
${sysconfdir}/monkey/plugins/dirlisting/themes/guineo/header.theme \
${sysconfdir}/monkey/plugins/dirlisting/themes/guineo/footer.theme \
${sysconfdir}/monkey/plugins/dirlisting/themes/guineo/entry.theme \
${sysconfdir}/monkey/plugins/auth/README \
${sysconfdir}/monkey/plugins/auth/monkey.users \
"

80
sources/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/0001-Allow-the-overriding-of-the-endianness-via-the-confi.patch Normal file
View File

@@ -0,0 +1,80 @@
From be9970aa16c5142ef814531d74a07990a8e9eb14 Mon Sep 17 00:00:00 2001
From: Derek Straka <derek@asterius.io>
Date: Fri, 1 Dec 2017 10:32:29 -0500
Subject: [PATCH] Allow the overriding of the endianness via the configure flag
--with-endian
The existing configure options contain the --with-endian; however, the command
line flag does not actually function. It does not set the endianness and it
appears to do nothing.
Upstream-Status: Pending
Signed-off-by: Derek Straka <derek@asterius.io>
diff --git a/auto/endianness b/auto/endianness
index 1b552b6..be84487 100644
--- a/auto/endianness
+++ b/auto/endianness
@@ -13,7 +13,13 @@ checking for system byte ordering
END
-cat << END > $NGX_AUTOTEST.c
+if [ ".$NGX_WITH_ENDIAN" = ".little" ]; then
+ echo " little endian"
+ have=NGX_HAVE_LITTLE_ENDIAN . auto/have
+elif [ ".$NGX_WITH_ENDIAN" = ".big" ]; then
+ echo " big endian"
+else
+ cat << END > $NGX_AUTOTEST.c
int main(void) {
int i = 0x11223344;
@@ -26,25 +32,26 @@ int main(void) {
END
-ngx_test="$CC $CC_TEST_FLAGS $CC_AUX_FLAGS \
- -o $NGX_AUTOTEST $NGX_AUTOTEST.c $NGX_LD_OPT $ngx_feature_libs"
+ ngx_test="$CC $CC_TEST_FLAGS $CC_AUX_FLAGS \
+ -o $NGX_AUTOTEST $NGX_AUTOTEST.c $NGX_LD_OPT $ngx_feature_libs"
-eval "$ngx_test >> $NGX_AUTOCONF_ERR 2>&1"
+ eval "$ngx_test >> $NGX_AUTOCONF_ERR 2>&1"
-if [ -x $NGX_AUTOTEST ]; then
- if $NGX_AUTOTEST >/dev/null 2>&1; then
- echo " little endian"
- have=NGX_HAVE_LITTLE_ENDIAN . auto/have
- else
- echo " big endian"
- fi
+ if [ -x $NGX_AUTOTEST ]; then
+ if $NGX_AUTOTEST >/dev/null 2>&1; then
+ echo " little endian"
+ have=NGX_HAVE_LITTLE_ENDIAN . auto/have
+ else
+ echo " big endian"
+ fi
- rm -rf $NGX_AUTOTEST*
+ rm -rf $NGX_AUTOTEST*
-else
- rm -rf $NGX_AUTOTEST*
+ else
+ rm -rf $NGX_AUTOTEST*
- echo
- echo "$0: error: cannot detect system byte ordering"
- exit 1
+ echo
+ echo "$0: error: cannot detect system byte ordering"
+ exit 1
+ fi
fi
--
2.7.4

39
sources/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/0001-configure-libxslt-conf.patch Normal file
View File

@@ -0,0 +1,39 @@
From 0c3c669464a514cf8d0cac08282ecb2b486f440f Mon Sep 17 00:00:00 2001
From: Joe Slater <joe.slater@windriver.com>
Date: Tue, 3 Oct 2023 19:21:17 +0000
Subject: [PATCH] configure: libxslt conf
Modify to find libxslt related include files under sysroot.
Upstream-Status: Pending
Signed-off-by: Joe Slater <joe.slater@windriver.com>
---
auto/lib/libxslt/conf | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/auto/lib/libxslt/conf b/auto/lib/libxslt/conf
index 3063ac7..eb77886 100644
--- a/auto/lib/libxslt/conf
+++ b/auto/lib/libxslt/conf
@@ -12,7 +12,7 @@
#include <libxslt/xsltInternals.h>
#include <libxslt/transform.h>
#include <libxslt/xsltutils.h>"
- ngx_feature_path="/usr/include/libxml2"
+ ngx_feature_path="=/usr/include/libxml2"
ngx_feature_libs="-lxml2 -lxslt"
ngx_feature_test="xmlParserCtxtPtr ctxt = NULL;
xsltStylesheetPtr sheet = NULL;
@@ -100,7 +100,7 @@ fi
ngx_feature_name=NGX_HAVE_EXSLT
ngx_feature_run=no
ngx_feature_incs="#include <libexslt/exslt.h>"
- ngx_feature_path="/usr/include/libxml2"
+ ngx_feature_path="=/usr/include/libxml2"
ngx_feature_libs="-lexslt"
ngx_feature_test="exsltRegisterAll();"
. auto/feature
--
2.35.5

78
sources/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/CVE-2023-44487.patch Normal file
View File

@@ -0,0 +1,78 @@
From 6ceef192e7af1c507826ac38a2d43f08bf265fb9 Mon Sep 17 00:00:00 2001
From: Maxim Dounin <mdounin@mdounin.ru>
Date: Wed, 10 Jan 2024 18:52:11 +0000
Subject: [PATCH] HTTP/2: per-iteration stream handling limit.
To ensure that attempts to flood servers with many streams are detected
early, a limit of no more than 2 * max_concurrent_streams new streams per one
event loop iteration was introduced. This limit is applied even if
max_concurrent_streams is not yet reached - for example, if corresponding
streams are handled synchronously or reset.
Further, refused streams are now limited to maximum of max_concurrent_streams
and 100, similarly to priority_limit initial value, providing some tolerance
to clients trying to open several streams at the connection start, yet
low tolerance to flooding attempts.
Upstream-Status: Backport [https://github.com/nginx/nginx/commit/6ceef192e7af1c507826ac38a2d43f08bf265fb9]
CVE: CVE-2023-44487
Signed-off-by: alperak <alperyasinak1@gmail.com>
---
src/http/v2/ngx_http_v2.c | 15 +++++++++++++++
src/http/v2/ngx_http_v2.h | 2 ++
2 files changed, 17 insertions(+)
diff --git a/src/http/v2/ngx_http_v2.c b/src/http/v2/ngx_http_v2.c
index ea3f27c..1116e56 100644
--- a/src/http/v2/ngx_http_v2.c
+++ b/src/http/v2/ngx_http_v2.c
@@ -361,6 +361,7 @@ ngx_http_v2_read_handler(ngx_event_t *rev)
ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0, "http2 read handler");
h2c->blocked = 1;
+ h2c->new_streams = 0;
if (c->close) {
c->close = 0;
@@ -1321,6 +1322,14 @@ ngx_http_v2_state_headers(ngx_http_v2_connection_t *h2c, u_char *pos,
goto rst_stream;
}
+ if (h2c->new_streams++ >= 2 * h2scf->concurrent_streams) {
+ ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0,
+ "client sent too many streams at once");
+
+ status = NGX_HTTP_V2_REFUSED_STREAM;
+ goto rst_stream;
+ }
+
if (!h2c->settings_ack
&& !(h2c->state.flags & NGX_HTTP_V2_END_STREAM_FLAG)
&& h2scf->preread_size < NGX_HTTP_V2_DEFAULT_WINDOW)
@@ -1386,6 +1395,12 @@ ngx_http_v2_state_headers(ngx_http_v2_connection_t *h2c, u_char *pos,
rst_stream:
+ if (h2c->refused_streams++ > ngx_max(h2scf->concurrent_streams, 100)) {
+ ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0,
+ "client sent too many refused streams");
+ return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_NO_ERROR);
+ }
+
if (ngx_http_v2_send_rst_stream(h2c, h2c->state.sid, status) != NGX_OK) {
return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_INTERNAL_ERROR);
}
diff --git a/src/http/v2/ngx_http_v2.h b/src/http/v2/ngx_http_v2.h
index 4e25293..b9daf92 100644
--- a/src/http/v2/ngx_http_v2.h
+++ b/src/http/v2/ngx_http_v2.h
@@ -124,6 +124,8 @@ struct ngx_http_v2_connection_s {
ngx_uint_t processing;
ngx_uint_t frames;
ngx_uint_t idle;
+ ngx_uint_t new_streams;
+ ngx_uint_t refused_streams;
ngx_uint_t priority_limit;
ngx_uint_t pushing;

34
sources/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/CVE-2024-7347-1.patch Normal file
View File

@@ -0,0 +1,34 @@
From 88955b1044ef38315b77ad1a509d63631a790a0f Mon Sep 17 00:00:00 2001
From: Roman Arutyunyan <arut@nginx.com>
Date: Mon, 12 Aug 2024 18:20:45 +0400
Subject: [PATCH] Mp4: rejecting unordered chunks in stsc atom.
Unordered chunks could result in trak->end_chunk smaller than trak->start_chunk
in ngx_http_mp4_crop_stsc_data(). Later in ngx_http_mp4_update_stco_atom()
this caused buffer overread while trying to calculate trak->end_offset.
CVE: CVE-2024-7347
Upstream-Status: Backport [https://github.com/nginx/nginx/commit/88955b1044ef38315b77ad1a509d63631a790a0f]
Signed-off-by: Ashish Sharma <asharma@mvista.com>
src/http/modules/ngx_http_mp4_module.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/http/modules/ngx_http_mp4_module.c b/src/http/modules/ngx_http_mp4_module.c
index 1cd017c274..041ad263b5 100644
--- a/src/http/modules/ngx_http_mp4_module.c
+++ b/src/http/modules/ngx_http_mp4_module.c
@@ -3156,6 +3156,13 @@ ngx_http_mp4_crop_stsc_data(ngx_http_mp4_file_t *mp4,
next_chunk = ngx_mp4_get_32value(entry->chunk);
+ if (next_chunk < chunk) {
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "unordered mp4 stsc chunks in \"%s\"",
+ mp4->file.name.data);
+ return NGX_ERROR;
+ }
+
ngx_log_debug5(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0,
"sample:%uD, chunk:%uD, chunks:%uD, "
"samples:%uD, id:%uD",

52
sources/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/CVE-2024-7347-2.patch Normal file
View File

@@ -0,0 +1,52 @@
From 7362d01658b61184108c21278443910da68f93b4 Mon Sep 17 00:00:00 2001
From: Roman Arutyunyan <arut@nginx.com>
Date: Mon, 12 Aug 2024 18:20:43 +0400
Subject: [PATCH] Mp4: fixed buffer underread while updating stsz atom.
While cropping an stsc atom in ngx_http_mp4_crop_stsc_data(), a 32-bit integer
overflow could happen, which could result in incorrect seeking and a very large
value stored in "samples". This resulted in a large invalid value of
trak->end_chunk_samples. This value is further used to calculate the value of
trak->end_chunk_samples_size in ngx_http_mp4_update_stsz_atom(). While doing
this, a large invalid value of trak->end_chunk_samples could result in reading
memory before stsz atom start. This could potentially result in a segfault.
CVE: CVE-2024-7347
Upstream-Status: Backport [https://github.com/nginx/nginx/commit/7362d01658b61184108c21278443910da68f93b4]
Signed-off-by: Ashish Sharma <asharma@mvista.com>
src/http/modules/ngx_http_mp4_module.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/http/modules/ngx_http_mp4_module.c b/src/http/modules/ngx_http_mp4_module.c
index 03175dea21..1cd017c274 100644
--- a/src/http/modules/ngx_http_mp4_module.c
+++ b/src/http/modules/ngx_http_mp4_module.c
@@ -3099,7 +3099,8 @@ static ngx_int_t
ngx_http_mp4_crop_stsc_data(ngx_http_mp4_file_t *mp4,
ngx_http_mp4_trak_t *trak, ngx_uint_t start)
{
- uint32_t start_sample, chunk, samples, id, next_chunk, n,
+ uint64_t n;
+ uint32_t start_sample, chunk, samples, id, next_chunk,
prev_samples;
ngx_buf_t *data, *buf;
ngx_uint_t entries, target_chunk, chunk_samples;
@@ -3160,7 +3161,7 @@ ngx_http_mp4_crop_stsc_data(ngx_http_mp4_file_t *mp4,
"samples:%uD, id:%uD",
start_sample, chunk, next_chunk - chunk, samples, id);
- n = (next_chunk - chunk) * samples;
+ n = (uint64_t) (next_chunk - chunk) * samples;
if (start_sample < n) {
goto found;
@@ -3182,7 +3183,7 @@ ngx_http_mp4_crop_stsc_data(ngx_http_mp4_file_t *mp4,
"sample:%uD, chunk:%uD, chunks:%uD, samples:%uD",
start_sample, chunk, next_chunk - chunk, samples);
- n = (next_chunk - chunk) * samples;
+ n = (uint64_t) (next_chunk - chunk) * samples;
if (start_sample > n) {
ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,

87
sources/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/CVE-2025-23419.patch Normal file
View File

@@ -0,0 +1,87 @@
From bc23d3cdf98e855a5409d3584a241d4d773ab306 Mon Sep 17 00:00:00 2001
From: Sergey Kandaurov <pluknet@nginx.com>
Date: Wed, 22 Jan 2025 18:55:44 +0400
Subject: [PATCH] SNI: added restriction for TLSv1.3 cross-SNI session
resumption.
In OpenSSL, session resumption always happens in the default SSL context,
prior to invoking the SNI callback. Further, unlike in TLSv1.2 and older
protocols, SSL_get_servername() returns values received in the resumption
handshake, which may be different from the value in the initial handshake.
Notably, this makes the restriction added in b720f650b insufficient for
sessions resumed with different SNI server name.
Considering the example from b720f650b, previously, a client was able to
request example.org by presenting a certificate for example.org, then to
resume and request example.com.
The fix is to reject handshakes resumed with a different server name, if
verification of client certificates is enabled in a corresponding server
configuration.
CVE: CVE-2025-23419
Upstream-Status: Backport [https://github.com/nginx/nginx/commit/13935cf9fdc3c8d8278c70716417d3b71c36140e]
This patch is partially cherry picked from commit
13935cf9fdc3c8d8278c70716417d3b71c36140e, the original patch had 2
parts. One fixed problem in `http/ngx_http_request` module and the
second fixed problem in `stream/ngx_stream_ssl_module` module. The fix
for `stream/ngx_stream_ssl_module can't be aplied because, the 'stream
virtual servers' funcionality was added later in this commit:
https://github.com/nginx/nginx/commit/d21675228a0ba8d4331e05c60660228a5d3326de.
Therefore only `http/ngx_http_request` part was backported.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
---
src/http/ngx_http_request.c | 27 +++++++++++++++++++++++++--
1 file changed, 25 insertions(+), 2 deletions(-)
diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
index 5e0340b..514c021 100644
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -907,6 +907,31 @@ ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg)
goto done;
}
+ sscf = ngx_http_get_module_srv_conf(cscf->ctx, ngx_http_ssl_module);
+
+#if (defined TLS1_3_VERSION \
+ && !defined LIBRESSL_VERSION_NUMBER && !defined OPENSSL_IS_BORINGSSL)
+
+ /*
+ * SSL_SESSION_get0_hostname() is only available in OpenSSL 1.1.1+,
+ * but servername being negotiated in every TLSv1.3 handshake
+ * is only returned in OpenSSL 1.1.1+ as well
+ */
+
+ if (sscf->verify) {
+ const char *hostname;
+
+ hostname = SSL_SESSION_get0_hostname(SSL_get0_session(ssl_conn));
+
+ if (hostname != NULL && ngx_strcmp(hostname, servername) != 0) {
+ c->ssl->handshake_rejected = 1;
+ *ad = SSL_AD_ACCESS_DENIED;
+ return SSL_TLSEXT_ERR_ALERT_FATAL;
+ }
+ }
+
+#endif
+
hc->ssl_servername = ngx_palloc(c->pool, sizeof(ngx_str_t));
if (hc->ssl_servername == NULL) {
goto error;
@@ -920,8 +945,6 @@ ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg)
ngx_set_connection_log(c, clcf->error_log);
- sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_ssl_module);
-
c->ssl->buffer_size = sscf->buffer_size;
if (sscf->ssl.ctx) {
--
2.34.1

14
sources/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/default_server.site Normal file
View File

@@ -0,0 +1,14 @@
# Default server configuration
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/localhost/html;
index index.html index.htm;
server_name _;
# redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
}

215
sources/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/nginx-cross.patch Normal file
View File

@@ -0,0 +1,215 @@
We do not have capability to run binaries when cross compiling
Upstream-Status: Pending
Index: nginx-1.12.2/auto/feature
===================================================================
--- nginx-1.12.2.orig/auto/feature
+++ nginx-1.12.2/auto/feature
@@ -49,12 +49,20 @@ eval "/bin/sh -c \"$ngx_test\" >> $NGX_A
if [ -x $NGX_AUTOTEST ]; then
+ if [ ".$NGX_CROSS_COMPILE" = ".yes" ]; then
+ NGX_AUTOTEST_EXEC="true"
+ NGX_FOUND_MSG=" (not tested, cross compiling)"
+ else
+ NGX_AUTOTEST_EXEC="$NGX_AUTOTEST"
+ NGX_FOUND_MSG=""
+ fi
+
case "$ngx_feature_run" in
yes)
# /bin/sh is used to intercept "Killed" or "Abort trap" messages
- if /bin/sh -c $NGX_AUTOTEST >> $NGX_AUTOCONF_ERR 2>&1; then
- echo " found"
+ if /bin/sh -c $NGX_AUTOTEST_EXEC >> $NGX_AUTOCONF_ERR 2>&1; then
+ echo " found$NGX_FOUND_MSG"
ngx_found=yes
if test -n "$ngx_feature_name"; then
@@ -68,17 +76,27 @@ if [ -x $NGX_AUTOTEST ]; then
value)
# /bin/sh is used to intercept "Killed" or "Abort trap" messages
- if /bin/sh -c $NGX_AUTOTEST >> $NGX_AUTOCONF_ERR 2>&1; then
- echo " found"
+ if /bin/sh -c $NGX_AUTOTEST_EXEC >> $NGX_AUTOCONF_ERR 2>&1; then
+ echo " found$NGX_FOUND_MSG"
ngx_found=yes
- cat << END >> $NGX_AUTO_CONFIG_H
+ if [ ".$NGX_CROSS_COMPILE" = ".yes" ]; then
+ cat << END >> $NGX_AUTO_CONFIG_H
#ifndef $ngx_feature_name
-#define $ngx_feature_name `$NGX_AUTOTEST`
+#define $ngx_feature_name $(eval "echo \$NGX_WITH_${ngx_feature_name}")
#endif
END
+ else
+ cat << END >> $NGX_AUTO_CONFIG_H
+
+#ifndef $ngx_feature_name
+#define $ngx_feature_name `$NGX_AUTOTEST_EXEC`
+#endif
+
+END
+ fi
else
echo " found but is not working"
fi
@@ -86,7 +104,7 @@ END
bug)
# /bin/sh is used to intercept "Killed" or "Abort trap" messages
- if /bin/sh -c $NGX_AUTOTEST >> $NGX_AUTOCONF_ERR 2>&1; then
+ if /bin/sh -c $NGX_AUTOTEST_EXEC >> $NGX_AUTOCONF_ERR 2>&1; then
echo " not found"
else
Index: nginx-1.12.2/auto/options
===================================================================
--- nginx-1.12.2.orig/auto/options
+++ nginx-1.12.2/auto/options
@@ -386,6 +386,18 @@ $0: warning: the \"--with-sha1-asm\" opt
--test-build-epoll) NGX_TEST_BUILD_EPOLL=YES ;;
--test-build-solaris-sendfilev) NGX_TEST_BUILD_SOLARIS_SENDFILEV=YES ;;
+ # cross compile support
+ --with-int=*) NGX_WITH_INT="$value" ;;
+ --with-long=*) NGX_WITH_LONG="$value" ;;
+ --with-long-long=*) NGX_WITH_LONG_LONG="$value" ;;
+ --with-ptr-size=*) NGX_WITH_PTR_SIZE="$value" ;;
+ --with-sig-atomic-t=*) NGX_WITH_SIG_ATOMIC_T="$value" ;;
+ --with-size-t=*) NGX_WITH_SIZE_T="$value" ;;
+ --with-off-t=*) NGX_WITH_OFF_T="$value" ;;
+ --with-time-t=*) NGX_WITH_TIME_T="$value" ;;
+ --with-sys-nerr=*) NGX_WITH_NGX_SYS_NERR="$value" ;;
+ --with-endian=*) NGX_WITH_ENDIAN="$value" ;;
+
*)
echo "$0: error: invalid option \"$option\""
exit 1
@@ -568,6 +580,17 @@ cat << END
--with-debug enable debug logging
+ --with-int=VALUE force int size
+ --with-long=VALUE force long size
+ --with-long-long=VALUE force long long size
+ --with-ptr-size=VALUE force pointer size
+ --with-sig-atomic-t=VALUE force sig_atomic_t size
+ --with-size-t=VALUE force size_t size
+ --with-off-t=VALUE force off_t size
+ --with-time-t=VALUE force time_t size
+ --with-sys-nerr=VALUE force sys_nerr value
+ --with-endian=VALUE force system endianess
+
END
exit 1
@@ -576,6 +599,8 @@ fi
if [ ".$NGX_PLATFORM" = ".win32" ]; then
NGX_WINE=$WINE
+elif [ ! -z "$NGX_PLATFORM" ]; then
+ NGX_CROSS_COMPILE="yes"
fi
Index: nginx-1.12.2/auto/types/sizeof
===================================================================
--- nginx-1.12.2.orig/auto/types/sizeof
+++ nginx-1.12.2/auto/types/sizeof
@@ -12,9 +12,12 @@ checking for $ngx_type size
END
-ngx_size=
+ngx_size=$(eval "echo \$NGX_WITH_${ngx_param}")
-cat << END > $NGX_AUTOTEST.c
+if [ ".$ngx_size" != "." ]; then
+ echo " $ngx_size bytes"
+else
+ cat << END > $NGX_AUTOTEST.c
#include <sys/types.h>
#include <sys/time.h>
@@ -33,15 +36,16 @@ int main(void) {
END
-ngx_test="$CC $CC_TEST_FLAGS $CC_AUX_FLAGS \
- -o $NGX_AUTOTEST $NGX_AUTOTEST.c $NGX_LD_OPT $ngx_feature_libs"
+ ngx_test="$CC $CC_TEST_FLAGS $CC_AUX_FLAGS \
+ -o $NGX_AUTOTEST $NGX_AUTOTEST.c $NGX_LD_OPT $ngx_feature_libs"
-eval "$ngx_test >> $NGX_AUTOCONF_ERR 2>&1"
+ eval "$ngx_test >> $NGX_AUTOCONF_ERR 2>&1"
-if [ -x $NGX_AUTOTEST ]; then
- ngx_size=`$NGX_AUTOTEST`
- echo " $ngx_size bytes"
+ if [ -x $NGX_AUTOTEST ]; then
+ ngx_size=`$NGX_AUTOTEST`
+ echo " $ngx_size bytes"
+ fi
fi
Index: nginx-1.12.2/auto/unix
===================================================================
--- nginx-1.12.2.orig/auto/unix
+++ nginx-1.12.2/auto/unix
@@ -587,13 +587,13 @@ ngx_feature_libs=
# C types
-ngx_type="int"; . auto/types/sizeof
+ngx_type="int"; ngx_param="INT"; . auto/types/sizeof
-ngx_type="long"; . auto/types/sizeof
+ngx_type="long"; ngx_param="LONG"; . auto/types/sizeof
-ngx_type="long long"; . auto/types/sizeof
+ngx_type="long long"; ngx_param="LONG_LONG"; . auto/types/sizeof
-ngx_type="void *"; . auto/types/sizeof; ngx_ptr_size=$ngx_size
+ngx_type="void *"; ngx_param="PTR_SIZE"; . auto/types/sizeof; ngx_ptr_size=$ngx_size
ngx_param=NGX_PTR_SIZE; ngx_value=$ngx_size; . auto/types/value
@@ -604,7 +604,7 @@ NGX_INCLUDE_AUTO_CONFIG_H="#include \"ng
ngx_type="uint32_t"; ngx_types="u_int32_t"; . auto/types/typedef
ngx_type="uint64_t"; ngx_types="u_int64_t"; . auto/types/typedef
-ngx_type="sig_atomic_t"; ngx_types="int"; . auto/types/typedef
+ngx_type="sig_atomic_t"; ngx_param="SIG_ATOMIC_T"; ngx_types="int"; . auto/types/typedef
. auto/types/sizeof
ngx_param=NGX_SIG_ATOMIC_T_SIZE; ngx_value=$ngx_size; . auto/types/value
@@ -620,15 +620,15 @@ ngx_type="rlim_t"; ngx_types="int"; . au
. auto/endianness
-ngx_type="size_t"; . auto/types/sizeof
+ngx_type="size_t"; ngx_param="SIZE_T"; . auto/types/sizeof
ngx_param=NGX_MAX_SIZE_T_VALUE; ngx_value=$ngx_max_value; . auto/types/value
ngx_param=NGX_SIZE_T_LEN; ngx_value=$ngx_max_len; . auto/types/value
-ngx_type="off_t"; . auto/types/sizeof
+ngx_type="off_t"; ngx_param="OFF_T"; . auto/types/sizeof
ngx_param=NGX_MAX_OFF_T_VALUE; ngx_value=$ngx_max_value; . auto/types/value
ngx_param=NGX_OFF_T_LEN; ngx_value=$ngx_max_len; . auto/types/value
-ngx_type="time_t"; . auto/types/sizeof
+ngx_type="time_t"; ngx_param="TIME_T"; . auto/types/sizeof
ngx_param=NGX_TIME_T_SIZE; ngx_value=$ngx_size; . auto/types/value
ngx_param=NGX_TIME_T_LEN; ngx_value=$ngx_max_len; . auto/types/value
ngx_param=NGX_MAX_TIME_T_VALUE; ngx_value=$ngx_max_value; . auto/types/value

99
sources/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/nginx-fix-pidfile.patch Normal file
View File

@@ -0,0 +1,99 @@
Description: Fix NGINX pidfile handling
Author: Tj <ubuntu@iam.tj>
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1581864
Last-Update: 2019-06-04
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
Upstream-Status: Pending
This patch is from ubuntu, https://github.com/aroth-arsoft/pkg-nginx/blob
/master/debian/patches/nginx-fix-pidfile.patch, for fix below
error info:
nginx.service: failed to parse pid from file /run/nginx/nginx.pid:
invalid argument
Signed-off-by: Changqing Li <changqing.li@windriver.com>
diff --git a/src/core/nginx.c b/src/core/nginx.c
index 9fcb0eb2..083eba1d 100644
--- a/src/core/nginx.c
+++ b/src/core/nginx.c
@@ -338,14 +338,21 @@ main(int argc, char *const *argv)
ngx_process = NGX_PROCESS_MASTER;
}
+ /* tell-tale to detect if this is parent or child process */
+ ngx_int_t child_pid = NGX_BUSY;
+
#if !(NGX_WIN32)
if (ngx_init_signals(cycle->log) != NGX_OK) {
return 1;
}
+ /* tell-tale that this code has been executed */
+ child_pid--;
+
if (!ngx_inherited && ccf->daemon) {
- if (ngx_daemon(cycle->log) != NGX_OK) {
+ child_pid = ngx_daemon(cycle->log);
+ if (child_pid == NGX_ERROR) {
return 1;
}
@@ -358,8 +365,19 @@ main(int argc, char *const *argv)
#endif
- if (ngx_create_pidfile(&ccf->pid, cycle->log) != NGX_OK) {
- return 1;
+ /* If ngx_daemon() returned the child's PID in the parent process
+ * after the fork() set ngx_pid to the child_pid, which gets
+ * written to the PID file, then exit.
+ * For NGX_WIN32 always write the PID file
+ * For others, only write it from the parent process */
+ if (child_pid < NGX_OK || child_pid > NGX_OK) {
+ ngx_pid = child_pid > NGX_OK ? child_pid : ngx_pid;
+ if (ngx_create_pidfile(&ccf->pid, cycle->log) != NGX_OK) {
+ return 1;
+ }
+ }
+ if (child_pid > NGX_OK) {
+ exit(0);
}
if (ngx_log_redirect_stderr(cycle) != NGX_OK) {
diff --git a/src/os/unix/ngx_daemon.c b/src/os/unix/ngx_daemon.c
index 385c49b6..3719854c 100644
--- a/src/os/unix/ngx_daemon.c
+++ b/src/os/unix/ngx_daemon.c
@@ -7,14 +7,17 @@
#include <ngx_config.h>
#include <ngx_core.h>
+#include <unistd.h>
ngx_int_t
ngx_daemon(ngx_log_t *log)
{
int fd;
+ /* retain the return value for passing back to caller */
+ pid_t pid_child = fork();
- switch (fork()) {
+ switch (pid_child) {
case -1:
ngx_log_error(NGX_LOG_EMERG, log, ngx_errno, "fork() failed");
return NGX_ERROR;
@@ -23,7 +26,8 @@ ngx_daemon(ngx_log_t *log)
break;
default:
- exit(0);
+ /* let caller do the exit() */
+ return pid_child;
}
ngx_parent = ngx_pid;

2
sources/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/nginx-volatile.conf Normal file
View File

@@ -0,0 +1,2 @@
d @NGINX_USER@ www-data 0755 /run/nginx none
d root root 0755 /var/log/nginx none

47
sources/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/nginx.conf Normal file
View File

@@ -0,0 +1,47 @@
user www;
worker_processes 1;
pid /run/nginx/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
# Basic Settings
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# SSL Settings
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
## Logging
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
## Gzip settings
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
## Virtual Host Configs
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}

52
sources/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/nginx.init Normal file
View File

@@ -0,0 +1,52 @@
#! /bin/sh
PATH=/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/nginx
NAME=nginx
DESC=nginx
PID=/run/nginx/nginx.pid
test -x $DAEMON || exit 0
# Include nginx defaults if available
if [ -f /etc/default/nginx ] ; then
. /etc/default/nginx
fi
set -e
case "$1" in
start)
echo -n "Starting $DESC: "
start-stop-daemon --start --quiet --pidfile $PID \
--name $NAME --exec $DAEMON -- $DAEMON_OPTS
echo "$NAME."
;;
stop)
echo -n "Stopping $DESC: "
start-stop-daemon -K --quiet --pidfile $PID \
--name $NAME
echo "$NAME."
;;
restart|force-reload)
echo -n "Restarting $DESC: "
start-stop-daemon -K --quiet --pidfile $PID \
--name $NAME
sleep 1
start-stop-daemon --start --quiet --pidfile $PID \
--name $NAME --exec $DAEMON -- $DAEMON_OPTS
echo "$NAME."
;;
reload)
echo -n "Reloading $DESC configuration: "
start-stop-daemon --stop --signal HUP --quiet --pidfile $PID \
--exec $DAEMON
echo "$NAME."
;;
*)
N=/etc/init.d/$NAME
echo "Usage: $N {start|stop|restart|force-reload}" >&2
exit 1
;;
esac
exit 0

15
sources/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/nginx.service Normal file
View File

@@ -0,0 +1,15 @@
[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/run/nginx/nginx.pid
ExecStartPre=@SBINDIR@/nginx -t
ExecStart=@SBINDIR@/nginx
ExecReload=@SBINDIR@/nginx -s reload
ExecStop=@BASE_BINDIR@/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target

4
sources/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/proxy_params Normal file
View File

@@ -0,0 +1,4 @@
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

192
sources/meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx.inc Normal file
View File

@@ -0,0 +1,192 @@
SUMMARY = "HTTP and reverse proxy server"
DESCRIPTION = "Nginx is a web server and a reverse proxy server for \
HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high \
concurrency, performance and low memory usage."
HOMEPAGE = "http://nginx.org/"
LICENSE = "BSD-2-Clause"
SECTION = "net"
DEPENDS = "libpcre zlib"
SRC_URI = " \
http://nginx.org/download/nginx-${PV}.tar.gz \
file://nginx-cross.patch \
file://0001-Allow-the-overriding-of-the-endianness-via-the-confi.patch \
file://nginx.conf \
file://default_server.site \
file://proxy_params \
file://nginx.init \
file://nginx-volatile.conf \
file://nginx.service \
file://nginx-fix-pidfile.patch \
file://0001-configure-libxslt-conf.patch \
file://CVE-2024-7347-1.patch \
file://CVE-2024-7347-2.patch \
"
inherit siteinfo update-rc.d useradd systemd
SYSTEMD_SERVICE:${PN} = "nginx.service"
CFLAGS:append = " -fPIE -pie"
CXXFLAGS:append = " -fPIE -pie"
NGINX_WWWDIR ?= "${localstatedir}/www/localhost"
NGINX_USER ?= "www"
EXTRA_OECONF = ""
DISABLE_STATIC = ""
PACKAGECONFIG ??= "ssl ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}"
PACKAGECONFIG[gunzip] = "--with-http_gunzip_module,,"
PACKAGECONFIG[http2] = "--with-http_v2_module,,"
PACKAGECONFIG[ssl] = "--with-http_ssl_module,,openssl"
PACKAGECONFIG[http-auth-request] = "--with-http_auth_request_module,,"
PACKAGECONFIG[ipv6] = "--with-ipv6,,"
PACKAGECONFIG[webdav] = "--with-http_dav_module,,"
PACKAGECONFIG[stream] = "--with-stream,,"
PACKAGECONFIG[http-sub-module] = "--with-http_sub_module,,"
PACKAGECONFIG[xslt] = "--with-http_xslt_module,,libxslt"
do_configure () {
if [ "${SITEINFO_BITS}" = "64" ]; then
PTRSIZE=8
else
PTRSIZE=4
fi
echo $CFLAGS
echo $LDFLAGS
# Add the LDFLAGS to the main nginx link to avoid issues with missing GNU_HASH
echo "MAIN_LINK=\"\${MAIN_LINK} ${LDFLAGS}\"" >> auto/cc/conf
./configure \
--crossbuild=Linux:${TUNE_ARCH} \
--with-endian=${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', 'little', 'big', d)} \
--with-int=4 \
--with-long=${PTRSIZE} \
--with-long-long=8 \
--with-ptr-size=${PTRSIZE} \
--with-sig-atomic-t=${PTRSIZE} \
--with-size-t=${PTRSIZE} \
--with-off-t=8 \
--with-time-t=${PTRSIZE} \
--with-sys-nerr=132 \
--conf-path=${sysconfdir}/nginx/nginx.conf \
--http-log-path=${localstatedir}/log/nginx/access.log \
--error-log-path=${localstatedir}/log/nginx/error.log \
--http-client-body-temp-path=/run/nginx/client_body_temp \
--http-proxy-temp-path=/run/nginx/proxy_temp \
--http-fastcgi-temp-path=/run/nginx/fastcgi_temp \
--http-uwsgi-temp-path=/run/nginx/uwsgi_temp \
--http-scgi-temp-path=/run/nginx/scgi_temp \
--pid-path=/run/nginx/nginx.pid \
--prefix=${prefix} \
--with-threads \
--with-http_gzip_static_module \
${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS}
}
do_install () {
oe_runmake 'DESTDIR=${D}' install
rm -fr ${D}${localstatedir}/run ${D}/run
if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
install -d ${D}${sysconfdir}/tmpfiles.d
echo "d /run/${BPN} - - - -" \
> ${D}${sysconfdir}/tmpfiles.d/${BPN}.conf
echo "d ${localstatedir}/log/${BPN} 0755 root root -" \
>> ${D}${sysconfdir}/tmpfiles.d/${BPN}.conf
fi
install -d ${D}${sysconfdir}/${BPN}
ln -rs ${D}${localstatedir}/run/${BPN} ${D}${sysconfdir}/${BPN}/run
install -d ${D}${NGINX_WWWDIR}
mv ${D}${exec_prefix}/html ${D}${NGINX_WWWDIR}/
chown ${NGINX_USER}:www-data -R ${D}${NGINX_WWWDIR}
install -d ${D}${sysconfdir}/init.d
install -m 0755 ${WORKDIR}/nginx.init ${D}${sysconfdir}/init.d/nginx
sed -i 's,/usr/sbin/,${sbindir}/,g' ${D}${sysconfdir}/init.d/nginx
sed -i 's,/etc/,${sysconfdir}/,g' ${D}${sysconfdir}/init.d/nginx
install -d ${D}${sysconfdir}/nginx
install -m 0644 ${WORKDIR}/nginx.conf ${D}${sysconfdir}/nginx/nginx.conf
sed -i 's,/etc/,${sysconfdir}/,g' ${D}${sysconfdir}/nginx/nginx.conf
sed -i 's,/var/,${localstatedir}/,g' ${D}${sysconfdir}/nginx/nginx.conf
sed -i 's/^user.*/user ${NGINX_USER};/g' ${D}${sysconfdir}/nginx/nginx.conf
install -Dm 0644 ${WORKDIR}/default_server.site ${D}${sysconfdir}/nginx/sites-available/default_server
sed -i 's,/var/,${localstatedir}/,g' ${D}${sysconfdir}/nginx/sites-available/default_server
install -d ${D}${sysconfdir}/nginx/sites-enabled
ln -s ../sites-available/default_server ${D}${sysconfdir}/nginx/sites-enabled/
install -m 0644 ${WORKDIR}/proxy_params ${D}${sysconfdir}/nginx/proxy_params
install -d ${D}${sysconfdir}/default/volatiles
install -m 0644 ${WORKDIR}/nginx-volatile.conf ${D}${sysconfdir}/default/volatiles/99_nginx
sed -i 's,/var/,${localstatedir}/,g' ${D}${sysconfdir}/default/volatiles/99_nginx
sed -i 's,@NGINX_USER@,${NGINX_USER},g' ${D}${sysconfdir}/default/volatiles/99_nginx
# cleanup configuration folder
rm ${D}${sysconfdir}/nginx/*.default
# add additional configuration folders
install -d ${D}${sysconfdir}/nginx/modules-available
install -d ${D}${sysconfdir}/nginx/modules-enabled
install -d ${D}${sysconfdir}/nginx/server-conf.d
install -d ${D}${sysconfdir}/nginx/conf.d
if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)};then
install -d ${D}${systemd_unitdir}/system
install -m 0644 ${WORKDIR}/nginx.service ${D}${systemd_unitdir}/system/
sed -i -e 's,@SYSCONFDIR@,${sysconfdir},g' \
-e 's,@LOCALSTATEDIR@,${localstatedir},g' \
-e 's,@SBINDIR@,${sbindir},g' \
-e 's,@BASE_BINDIR@,${base_bindir},g' \
${D}${systemd_unitdir}/system/nginx.service
fi
rm -rf ${D}${localstatedir}/log/
}
pkg_postinst:${PN} () {
if [ -z "$D" ]; then
if type systemd-tmpfiles >/dev/null 2>&1; then
systemd-tmpfiles --create
elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then
${sysconfdir}/init.d/populate-volatile.sh update
fi
fi
}
FILES:${PN} += " \
${localstatedir}/ \
${systemd_unitdir}/system/nginx.service \
"
CONFFILES:${PN} = " \
${sysconfdir}/nginx/nginx.conf \
${sysconfdir}/nginx/fastcgi.conf \
${sysconfdir}/nginx/fastcgi_params \
${sysconfdir}/nginx/koi-utf \
${sysconfdir}/nginx/koi-win \
${sysconfdir}/nginx/mime.types \
${sysconfdir}/nginx/scgi_params \
${sysconfdir}/nginx/uwsgi_params \
${sysconfdir}/nginx/win-utf \
"
INITSCRIPT_NAME = "nginx"
INITSCRIPT_PARAMS = "defaults 92 20"
USERADD_PACKAGES = "${PN}"
USERADD_PARAM:${PN} = " \
--system --no-create-home \
--home ${NGINX_WWWDIR} \
--groups www-data \
--shell ${base_sbindir}/nologin \
--user-group ${NGINX_USER}"

9
sources/meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx_1.24.0.bb Normal file
View File

@@ -0,0 +1,9 @@
require nginx.inc
LIC_FILES_CHKSUM = "file://LICENSE;md5=175abb631c799f54573dc481454c8632"
SRC_URI:append = " file://CVE-2023-44487.patch \
file://CVE-2025-23419.patch"
SRC_URI[sha256sum] = "77a2541637b92a621e3ee76776c8b7b40cf6d707e69ba53a940283e30ff2f55d"

10
sources/meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx_1.25.4.bb Normal file
View File

@@ -0,0 +1,10 @@
require nginx.inc
# 1.24.x branch is the current stable branch, the recommended default
# 1.25.x is the current mainline branches containing all new features
DEFAULT_PREFERENCE = "-1"
LIC_FILES_CHKSUM = "file://LICENSE;md5=a6547d7e5628787ee2a9c5a3480eb628"
SRC_URI[sha256sum] = "760729901acbaa517996e681ee6ea259032985e37c2768beef80df3a877deed9"

51
sources/meta-openembedded/meta-webserver/recipes-httpd/sthttpd/sthttpd/0001-Define-_GNU_SOURCE-if-HAVE_SIGSET-is-set.patch Normal file
View File

@@ -0,0 +1,51 @@
From f3889e5870e9761ee6113fac7f38aa44cc43e46c Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Wed, 7 Sep 2022 00:30:52 -0700
Subject: [PATCH] Define _GNU_SOURCE if HAVE_SIGSET is set
This enforces using sigset() API which needs _GNU_SOURCE macro to be
defined
Upstream-Status: Submitted [https://github.com/blueness/sthttpd/pull/16]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
src/libhttpd.c | 5 ++++-
src/thttpd.c | 4 ++++
2 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/libhttpd.c b/src/libhttpd.c
index fa42c10..669be11 100644
--- a/src/libhttpd.c
+++ b/src/libhttpd.c
@@ -25,9 +25,12 @@
** SUCH DAMAGE.
*/
-
#include <config.h>
+#ifdef HAVE_SIGSET
+#define _GNU_SOURCE
+#endif
+
//system headers
#include <sys/types.h>
#include <sys/param.h>
diff --git a/src/thttpd.c b/src/thttpd.c
index ad97188..3c7a449 100644
--- a/src/thttpd.c
+++ b/src/thttpd.c
@@ -28,6 +28,10 @@
#include <config.h>
+#ifdef HAVE_SIGSET
+#define _GNU_SOURCE
+#endif
+
//system headers
#include <sys/param.h>
#include <sys/types.h>
--
2.37.3

52
sources/meta-openembedded/meta-webserver/recipes-httpd/sthttpd/sthttpd/init Normal file
View File

@@ -0,0 +1,52 @@
#!/bin/sh
### BEGIN INIT INFO
# Provides: thttpd
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Small http server
# Description: thttpd is a simple, small, portable, fast, and secure HTTP server.
### END INIT INFO
thttpd=/usr/sbin/thttpd
test -x "$thttpd" || exit 0
case "$1" in
start)
echo -n "Starting thttpd"
start-stop-daemon --start --quiet --exec $thttpd -- -C @@CONFFILE
echo "."
;;
stop)
echo -n "Stopping thttpd"
start-stop-daemon --stop --quiet --exec $thttpd
echo "."
;;
reload|force-reload)
start-stop-daemon --stop --quiet --signal 1 --exec $thttpd
;;
restart)
echo -n "Stopping thttpd"
start-stop-daemon --stop --quiet --exec $thttpd -- -C @@CONFFILE
echo "."
echo -n "Waiting for thttpd to die off"
for i in 1 2 3 ;
do
sleep 1
echo -n "."
done
echo ""
echo -n "Starting thttpd"
start-stop-daemon --start --quiet --exec $thttpd -- -C @@CONFFILE
echo "."
;;
*)
echo "Usage: /etc/init.d/thttpd {start|stop|reload|restart|force-reload}"
exit 1
esac
exit 0

1
sources/meta-openembedded/meta-webserver/recipes-httpd/sthttpd/sthttpd/thttpd.conf Normal file
View File

@@ -0,0 +1 @@
dir=@@SRVDIR

10
sources/meta-openembedded/meta-webserver/recipes-httpd/sthttpd/sthttpd/thttpd.service Normal file
View File

@@ -0,0 +1,10 @@
[Unit]
Description=Tiny/Turbo/Throttling Web Server
[Service]
Type=forking
ExecStart=/usr/sbin/thttpd -C @@CONFFILE -c cgi-bin/* -i /var/run/thttpd.pid
PIDFile=/var/run/thttpd.pid
[Install]
WantedBy=multi-user.target

61
sources/meta-openembedded/meta-webserver/recipes-httpd/sthttpd/sthttpd_2.27.1.bb Normal file
View File

@@ -0,0 +1,61 @@
SUMMARY = "A simple, small, portable, fast, and secure HTTP server"
DESCRIPTION = "A simple, small, portable, fast, and secure HTTP server (supported fork of thttpd)."
HOMEPAGE = "http://opensource.dyc.edu/sthttpd"
LICENSE = "BSD-2-Clause"
LIC_FILES_CHKSUM = "file://src/thttpd.c;beginline=1;endline=26;md5=0c5762c2c34dcbe9eb18815516502872"
DEPENDS += "base-passwd virtual/crypt"
SRCREV = "2845bf5bff2b820d2336c8c8061cbfc5f271e720"
SRC_URI = "git://github.com/blueness/${BPN};branch=master;protocol=https \
file://0001-Define-_GNU_SOURCE-if-HAVE_SIGSET-is-set.patch \
file://thttpd.service \
file://thttpd.conf \
file://init"
UPSTREAM_CHECK_URI = "https://github.com/blueness/sthttpd/releases/"
UPSTREAM_CHECK_REGEX = "v(?P<pver>\d+(\.\d+)+).tar.gz"
S = "${WORKDIR}/git"
inherit autotools update-rc.d systemd update-alternatives
ALTERNATIVE_PRIORITY = "100"
ALTERNATIVE:${PN}-doc = "htpasswd.1"
ALTERNATIVE_LINK_NAME[htpasswd.1] = "${mandir}/man1/htpasswd.1"
SRV_DIR ?= "${servicedir}/www"
# Note that `${sbindir}/makeweb' is installed setgid to this group,
# but ${SRV_DIR} is not installed chgrp'd to the group by default.
WEBGROUP ?= "www-data"
do_configure:prepend () {
export WEBDIR=${SRV_DIR}
export WEBGROUP=${WEBGROUP}
}
do_install:append () {
install -d ${D}${sysconfdir}/init.d
install -c -m 755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/thttpd
install -c -m 755 ${WORKDIR}/thttpd.conf ${D}${sysconfdir}
sed -i -e 's,@@CONFFILE,${sysconfdir}/thttpd.conf,g' ${D}${sysconfdir}/init.d/thttpd
sed -i -e 's,@@SRVDIR,${SRV_DIR},g' ${D}${sysconfdir}/thttpd.conf
sed -i 's!/usr/sbin/!${sbindir}/!g' ${D}${sysconfdir}/init.d/thttpd
install -d ${D}${systemd_unitdir}/system
install -m 0644 ${WORKDIR}/thttpd.service ${D}${systemd_unitdir}/system
sed -i 's!/usr/sbin/!${sbindir}/!g' ${D}${systemd_unitdir}/system/thttpd.service
sed -i 's!/var/!${localstatedir}/!g' ${D}${systemd_unitdir}/system/thttpd.service
sed -i -e 's,@@CONFFILE,${sysconfdir}/thttpd.conf,g' ${D}${systemd_unitdir}/system/thttpd.service
}
INITSCRIPT_NAME = "thttpd"
INITSCRIPT_PARAMS = "defaults"
SYSTEMD_SERVICE:${PN} = "thttpd.service"
FILES:${PN} += "${SRV_DIR}"
FILES:${PN}-dbg += "${SRV_DIR}/cgi-bin/.debug"
CVE_STATUS[CVE-2017-10671] = "fixed-version: No action required. The current version (2.27.1) is not affected by the CVE."