openclaw/tqma6-yocto-mirror
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Complete Yocto mirror with license table for TQMa6UL (2038-compliance)

Browse Source 
- 264 license table entries with exact download URLs (224/264 resolved)
- Complete sources/ directory with all BitBake recipes
- Build configuration: tqma6ul-multi-mba6ulx, spaetzle (musl)
- Full traceability for Softwarefreigabeantrag
- GCC 13.4.0, Linux 6.6.102, U-Boot 2023.04, musl 1.2.4
- License distribution: GPL-2.0 (24), MIT (23), GPL-2.0+ (18), BSD-3 (16)
This commit is contained in:
Siggi (OpenClaw Agent)
2026-03-01 20:58:18 +00:00
commit 16accb6b24
15086 changed files with 1292356 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

80
sources/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/0001-Allow-the-overriding-of-the-endianness-via-the-confi.patch Normal file
View File

@@ -0,0 +1,80 @@
From be9970aa16c5142ef814531d74a07990a8e9eb14 Mon Sep 17 00:00:00 2001
From: Derek Straka <derek@asterius.io>
Date: Fri, 1 Dec 2017 10:32:29 -0500
Subject: [PATCH] Allow the overriding of the endianness via the configure flag
--with-endian
The existing configure options contain the --with-endian; however, the command
line flag does not actually function. It does not set the endianness and it
appears to do nothing.
Upstream-Status: Pending
Signed-off-by: Derek Straka <derek@asterius.io>
diff --git a/auto/endianness b/auto/endianness
index 1b552b6..be84487 100644
--- a/auto/endianness
+++ b/auto/endianness
@@ -13,7 +13,13 @@ checking for system byte ordering
END
-cat << END > $NGX_AUTOTEST.c
+if [ ".$NGX_WITH_ENDIAN" = ".little" ]; then
+ echo " little endian"
+ have=NGX_HAVE_LITTLE_ENDIAN . auto/have
+elif [ ".$NGX_WITH_ENDIAN" = ".big" ]; then
+ echo " big endian"
+else
+ cat << END > $NGX_AUTOTEST.c
int main(void) {
int i = 0x11223344;
@@ -26,25 +32,26 @@ int main(void) {
END
-ngx_test="$CC $CC_TEST_FLAGS $CC_AUX_FLAGS \
- -o $NGX_AUTOTEST $NGX_AUTOTEST.c $NGX_LD_OPT $ngx_feature_libs"
+ ngx_test="$CC $CC_TEST_FLAGS $CC_AUX_FLAGS \
+ -o $NGX_AUTOTEST $NGX_AUTOTEST.c $NGX_LD_OPT $ngx_feature_libs"
-eval "$ngx_test >> $NGX_AUTOCONF_ERR 2>&1"
+ eval "$ngx_test >> $NGX_AUTOCONF_ERR 2>&1"
-if [ -x $NGX_AUTOTEST ]; then
- if $NGX_AUTOTEST >/dev/null 2>&1; then
- echo " little endian"
- have=NGX_HAVE_LITTLE_ENDIAN . auto/have
- else
- echo " big endian"
- fi
+ if [ -x $NGX_AUTOTEST ]; then
+ if $NGX_AUTOTEST >/dev/null 2>&1; then
+ echo " little endian"
+ have=NGX_HAVE_LITTLE_ENDIAN . auto/have
+ else
+ echo " big endian"
+ fi
- rm -rf $NGX_AUTOTEST*
+ rm -rf $NGX_AUTOTEST*
-else
- rm -rf $NGX_AUTOTEST*
+ else
+ rm -rf $NGX_AUTOTEST*
- echo
- echo "$0: error: cannot detect system byte ordering"
- exit 1
+ echo
+ echo "$0: error: cannot detect system byte ordering"
+ exit 1
+ fi
fi
--
2.7.4

39
sources/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/0001-configure-libxslt-conf.patch Normal file
View File

@@ -0,0 +1,39 @@
From 0c3c669464a514cf8d0cac08282ecb2b486f440f Mon Sep 17 00:00:00 2001
From: Joe Slater <joe.slater@windriver.com>
Date: Tue, 3 Oct 2023 19:21:17 +0000
Subject: [PATCH] configure: libxslt conf
Modify to find libxslt related include files under sysroot.
Upstream-Status: Pending
Signed-off-by: Joe Slater <joe.slater@windriver.com>
---
auto/lib/libxslt/conf | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/auto/lib/libxslt/conf b/auto/lib/libxslt/conf
index 3063ac7..eb77886 100644
--- a/auto/lib/libxslt/conf
+++ b/auto/lib/libxslt/conf
@@ -12,7 +12,7 @@
#include <libxslt/xsltInternals.h>
#include <libxslt/transform.h>
#include <libxslt/xsltutils.h>"
- ngx_feature_path="/usr/include/libxml2"
+ ngx_feature_path="=/usr/include/libxml2"
ngx_feature_libs="-lxml2 -lxslt"
ngx_feature_test="xmlParserCtxtPtr ctxt = NULL;
xsltStylesheetPtr sheet = NULL;
@@ -100,7 +100,7 @@ fi
ngx_feature_name=NGX_HAVE_EXSLT
ngx_feature_run=no
ngx_feature_incs="#include <libexslt/exslt.h>"
- ngx_feature_path="/usr/include/libxml2"
+ ngx_feature_path="=/usr/include/libxml2"
ngx_feature_libs="-lexslt"
ngx_feature_test="exsltRegisterAll();"
. auto/feature
--
2.35.5

78
sources/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/CVE-2023-44487.patch Normal file
View File

@@ -0,0 +1,78 @@
From 6ceef192e7af1c507826ac38a2d43f08bf265fb9 Mon Sep 17 00:00:00 2001
From: Maxim Dounin <mdounin@mdounin.ru>
Date: Wed, 10 Jan 2024 18:52:11 +0000
Subject: [PATCH] HTTP/2: per-iteration stream handling limit.
To ensure that attempts to flood servers with many streams are detected
early, a limit of no more than 2 * max_concurrent_streams new streams per one
event loop iteration was introduced. This limit is applied even if
max_concurrent_streams is not yet reached - for example, if corresponding
streams are handled synchronously or reset.
Further, refused streams are now limited to maximum of max_concurrent_streams
and 100, similarly to priority_limit initial value, providing some tolerance
to clients trying to open several streams at the connection start, yet
low tolerance to flooding attempts.
Upstream-Status: Backport [https://github.com/nginx/nginx/commit/6ceef192e7af1c507826ac38a2d43f08bf265fb9]
CVE: CVE-2023-44487
Signed-off-by: alperak <alperyasinak1@gmail.com>
---
src/http/v2/ngx_http_v2.c | 15 +++++++++++++++
src/http/v2/ngx_http_v2.h | 2 ++
2 files changed, 17 insertions(+)
diff --git a/src/http/v2/ngx_http_v2.c b/src/http/v2/ngx_http_v2.c
index ea3f27c..1116e56 100644
--- a/src/http/v2/ngx_http_v2.c
+++ b/src/http/v2/ngx_http_v2.c
@@ -361,6 +361,7 @@ ngx_http_v2_read_handler(ngx_event_t *rev)
ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0, "http2 read handler");
h2c->blocked = 1;
+ h2c->new_streams = 0;
if (c->close) {
c->close = 0;
@@ -1321,6 +1322,14 @@ ngx_http_v2_state_headers(ngx_http_v2_connection_t *h2c, u_char *pos,
goto rst_stream;
}
+ if (h2c->new_streams++ >= 2 * h2scf->concurrent_streams) {
+ ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0,
+ "client sent too many streams at once");
+
+ status = NGX_HTTP_V2_REFUSED_STREAM;
+ goto rst_stream;
+ }
+
if (!h2c->settings_ack
&& !(h2c->state.flags & NGX_HTTP_V2_END_STREAM_FLAG)
&& h2scf->preread_size < NGX_HTTP_V2_DEFAULT_WINDOW)
@@ -1386,6 +1395,12 @@ ngx_http_v2_state_headers(ngx_http_v2_connection_t *h2c, u_char *pos,
rst_stream:
+ if (h2c->refused_streams++ > ngx_max(h2scf->concurrent_streams, 100)) {
+ ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0,
+ "client sent too many refused streams");
+ return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_NO_ERROR);
+ }
+
if (ngx_http_v2_send_rst_stream(h2c, h2c->state.sid, status) != NGX_OK) {
return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_INTERNAL_ERROR);
}
diff --git a/src/http/v2/ngx_http_v2.h b/src/http/v2/ngx_http_v2.h
index 4e25293..b9daf92 100644
--- a/src/http/v2/ngx_http_v2.h
+++ b/src/http/v2/ngx_http_v2.h
@@ -124,6 +124,8 @@ struct ngx_http_v2_connection_s {
ngx_uint_t processing;
ngx_uint_t frames;
ngx_uint_t idle;
+ ngx_uint_t new_streams;
+ ngx_uint_t refused_streams;
ngx_uint_t priority_limit;
ngx_uint_t pushing;

34
sources/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/CVE-2024-7347-1.patch Normal file
View File

@@ -0,0 +1,34 @@
From 88955b1044ef38315b77ad1a509d63631a790a0f Mon Sep 17 00:00:00 2001
From: Roman Arutyunyan <arut@nginx.com>
Date: Mon, 12 Aug 2024 18:20:45 +0400
Subject: [PATCH] Mp4: rejecting unordered chunks in stsc atom.
Unordered chunks could result in trak->end_chunk smaller than trak->start_chunk
in ngx_http_mp4_crop_stsc_data(). Later in ngx_http_mp4_update_stco_atom()
this caused buffer overread while trying to calculate trak->end_offset.
CVE: CVE-2024-7347
Upstream-Status: Backport [https://github.com/nginx/nginx/commit/88955b1044ef38315b77ad1a509d63631a790a0f]
Signed-off-by: Ashish Sharma <asharma@mvista.com>
src/http/modules/ngx_http_mp4_module.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/http/modules/ngx_http_mp4_module.c b/src/http/modules/ngx_http_mp4_module.c
index 1cd017c274..041ad263b5 100644
--- a/src/http/modules/ngx_http_mp4_module.c
+++ b/src/http/modules/ngx_http_mp4_module.c
@@ -3156,6 +3156,13 @@ ngx_http_mp4_crop_stsc_data(ngx_http_mp4_file_t *mp4,
next_chunk = ngx_mp4_get_32value(entry->chunk);
+ if (next_chunk < chunk) {
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "unordered mp4 stsc chunks in \"%s\"",
+ mp4->file.name.data);
+ return NGX_ERROR;
+ }
+
ngx_log_debug5(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0,
"sample:%uD, chunk:%uD, chunks:%uD, "
"samples:%uD, id:%uD",

52
sources/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/CVE-2024-7347-2.patch Normal file
View File

@@ -0,0 +1,52 @@
From 7362d01658b61184108c21278443910da68f93b4 Mon Sep 17 00:00:00 2001
From: Roman Arutyunyan <arut@nginx.com>
Date: Mon, 12 Aug 2024 18:20:43 +0400
Subject: [PATCH] Mp4: fixed buffer underread while updating stsz atom.
While cropping an stsc atom in ngx_http_mp4_crop_stsc_data(), a 32-bit integer
overflow could happen, which could result in incorrect seeking and a very large
value stored in "samples". This resulted in a large invalid value of
trak->end_chunk_samples. This value is further used to calculate the value of
trak->end_chunk_samples_size in ngx_http_mp4_update_stsz_atom(). While doing
this, a large invalid value of trak->end_chunk_samples could result in reading
memory before stsz atom start. This could potentially result in a segfault.
CVE: CVE-2024-7347
Upstream-Status: Backport [https://github.com/nginx/nginx/commit/7362d01658b61184108c21278443910da68f93b4]
Signed-off-by: Ashish Sharma <asharma@mvista.com>
src/http/modules/ngx_http_mp4_module.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/http/modules/ngx_http_mp4_module.c b/src/http/modules/ngx_http_mp4_module.c
index 03175dea21..1cd017c274 100644
--- a/src/http/modules/ngx_http_mp4_module.c
+++ b/src/http/modules/ngx_http_mp4_module.c
@@ -3099,7 +3099,8 @@ static ngx_int_t
ngx_http_mp4_crop_stsc_data(ngx_http_mp4_file_t *mp4,
ngx_http_mp4_trak_t *trak, ngx_uint_t start)
{
- uint32_t start_sample, chunk, samples, id, next_chunk, n,
+ uint64_t n;
+ uint32_t start_sample, chunk, samples, id, next_chunk,
prev_samples;
ngx_buf_t *data, *buf;
ngx_uint_t entries, target_chunk, chunk_samples;
@@ -3160,7 +3161,7 @@ ngx_http_mp4_crop_stsc_data(ngx_http_mp4_file_t *mp4,
"samples:%uD, id:%uD",
start_sample, chunk, next_chunk - chunk, samples, id);
- n = (next_chunk - chunk) * samples;
+ n = (uint64_t) (next_chunk - chunk) * samples;
if (start_sample < n) {
goto found;
@@ -3182,7 +3183,7 @@ ngx_http_mp4_crop_stsc_data(ngx_http_mp4_file_t *mp4,
"sample:%uD, chunk:%uD, chunks:%uD, samples:%uD",
start_sample, chunk, next_chunk - chunk, samples);
- n = (next_chunk - chunk) * samples;
+ n = (uint64_t) (next_chunk - chunk) * samples;
if (start_sample > n) {
ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,

87
sources/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/CVE-2025-23419.patch Normal file
View File

@@ -0,0 +1,87 @@
From bc23d3cdf98e855a5409d3584a241d4d773ab306 Mon Sep 17 00:00:00 2001
From: Sergey Kandaurov <pluknet@nginx.com>
Date: Wed, 22 Jan 2025 18:55:44 +0400
Subject: [PATCH] SNI: added restriction for TLSv1.3 cross-SNI session
resumption.
In OpenSSL, session resumption always happens in the default SSL context,
prior to invoking the SNI callback. Further, unlike in TLSv1.2 and older
protocols, SSL_get_servername() returns values received in the resumption
handshake, which may be different from the value in the initial handshake.
Notably, this makes the restriction added in b720f650b insufficient for
sessions resumed with different SNI server name.
Considering the example from b720f650b, previously, a client was able to
request example.org by presenting a certificate for example.org, then to
resume and request example.com.
The fix is to reject handshakes resumed with a different server name, if
verification of client certificates is enabled in a corresponding server
configuration.
CVE: CVE-2025-23419
Upstream-Status: Backport [https://github.com/nginx/nginx/commit/13935cf9fdc3c8d8278c70716417d3b71c36140e]
This patch is partially cherry picked from commit
13935cf9fdc3c8d8278c70716417d3b71c36140e, the original patch had 2
parts. One fixed problem in `http/ngx_http_request` module and the
second fixed problem in `stream/ngx_stream_ssl_module` module. The fix
for `stream/ngx_stream_ssl_module can't be aplied because, the 'stream
virtual servers' funcionality was added later in this commit:
https://github.com/nginx/nginx/commit/d21675228a0ba8d4331e05c60660228a5d3326de.
Therefore only `http/ngx_http_request` part was backported.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
---
src/http/ngx_http_request.c | 27 +++++++++++++++++++++++++--
1 file changed, 25 insertions(+), 2 deletions(-)
diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
index 5e0340b..514c021 100644
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -907,6 +907,31 @@ ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg)
goto done;
}
+ sscf = ngx_http_get_module_srv_conf(cscf->ctx, ngx_http_ssl_module);
+
+#if (defined TLS1_3_VERSION \
+ && !defined LIBRESSL_VERSION_NUMBER && !defined OPENSSL_IS_BORINGSSL)
+
+ /*
+ * SSL_SESSION_get0_hostname() is only available in OpenSSL 1.1.1+,
+ * but servername being negotiated in every TLSv1.3 handshake
+ * is only returned in OpenSSL 1.1.1+ as well
+ */
+
+ if (sscf->verify) {
+ const char *hostname;
+
+ hostname = SSL_SESSION_get0_hostname(SSL_get0_session(ssl_conn));
+
+ if (hostname != NULL && ngx_strcmp(hostname, servername) != 0) {
+ c->ssl->handshake_rejected = 1;
+ *ad = SSL_AD_ACCESS_DENIED;
+ return SSL_TLSEXT_ERR_ALERT_FATAL;
+ }
+ }
+
+#endif
+
hc->ssl_servername = ngx_palloc(c->pool, sizeof(ngx_str_t));
if (hc->ssl_servername == NULL) {
goto error;
@@ -920,8 +945,6 @@ ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg)
ngx_set_connection_log(c, clcf->error_log);
- sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_ssl_module);
-
c->ssl->buffer_size = sscf->buffer_size;
if (sscf->ssl.ctx) {
--
2.34.1

14
sources/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/default_server.site Normal file
View File

@@ -0,0 +1,14 @@
# Default server configuration
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/localhost/html;
index index.html index.htm;
server_name _;
# redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
}

215
sources/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/nginx-cross.patch Normal file
View File

@@ -0,0 +1,215 @@
We do not have capability to run binaries when cross compiling
Upstream-Status: Pending
Index: nginx-1.12.2/auto/feature
===================================================================
--- nginx-1.12.2.orig/auto/feature
+++ nginx-1.12.2/auto/feature
@@ -49,12 +49,20 @@ eval "/bin/sh -c \"$ngx_test\" >> $NGX_A
if [ -x $NGX_AUTOTEST ]; then
+ if [ ".$NGX_CROSS_COMPILE" = ".yes" ]; then
+ NGX_AUTOTEST_EXEC="true"
+ NGX_FOUND_MSG=" (not tested, cross compiling)"
+ else
+ NGX_AUTOTEST_EXEC="$NGX_AUTOTEST"
+ NGX_FOUND_MSG=""
+ fi
+
case "$ngx_feature_run" in
yes)
# /bin/sh is used to intercept "Killed" or "Abort trap" messages
- if /bin/sh -c $NGX_AUTOTEST >> $NGX_AUTOCONF_ERR 2>&1; then
- echo " found"
+ if /bin/sh -c $NGX_AUTOTEST_EXEC >> $NGX_AUTOCONF_ERR 2>&1; then
+ echo " found$NGX_FOUND_MSG"
ngx_found=yes
if test -n "$ngx_feature_name"; then
@@ -68,17 +76,27 @@ if [ -x $NGX_AUTOTEST ]; then
value)
# /bin/sh is used to intercept "Killed" or "Abort trap" messages
- if /bin/sh -c $NGX_AUTOTEST >> $NGX_AUTOCONF_ERR 2>&1; then
- echo " found"
+ if /bin/sh -c $NGX_AUTOTEST_EXEC >> $NGX_AUTOCONF_ERR 2>&1; then
+ echo " found$NGX_FOUND_MSG"
ngx_found=yes
- cat << END >> $NGX_AUTO_CONFIG_H
+ if [ ".$NGX_CROSS_COMPILE" = ".yes" ]; then
+ cat << END >> $NGX_AUTO_CONFIG_H
#ifndef $ngx_feature_name
-#define $ngx_feature_name `$NGX_AUTOTEST`
+#define $ngx_feature_name $(eval "echo \$NGX_WITH_${ngx_feature_name}")
#endif
END
+ else
+ cat << END >> $NGX_AUTO_CONFIG_H
+
+#ifndef $ngx_feature_name
+#define $ngx_feature_name `$NGX_AUTOTEST_EXEC`
+#endif
+
+END
+ fi
else
echo " found but is not working"
fi
@@ -86,7 +104,7 @@ END
bug)
# /bin/sh is used to intercept "Killed" or "Abort trap" messages
- if /bin/sh -c $NGX_AUTOTEST >> $NGX_AUTOCONF_ERR 2>&1; then
+ if /bin/sh -c $NGX_AUTOTEST_EXEC >> $NGX_AUTOCONF_ERR 2>&1; then
echo " not found"
else
Index: nginx-1.12.2/auto/options
===================================================================
--- nginx-1.12.2.orig/auto/options
+++ nginx-1.12.2/auto/options
@@ -386,6 +386,18 @@ $0: warning: the \"--with-sha1-asm\" opt
--test-build-epoll) NGX_TEST_BUILD_EPOLL=YES ;;
--test-build-solaris-sendfilev) NGX_TEST_BUILD_SOLARIS_SENDFILEV=YES ;;
+ # cross compile support
+ --with-int=*) NGX_WITH_INT="$value" ;;
+ --with-long=*) NGX_WITH_LONG="$value" ;;
+ --with-long-long=*) NGX_WITH_LONG_LONG="$value" ;;
+ --with-ptr-size=*) NGX_WITH_PTR_SIZE="$value" ;;
+ --with-sig-atomic-t=*) NGX_WITH_SIG_ATOMIC_T="$value" ;;
+ --with-size-t=*) NGX_WITH_SIZE_T="$value" ;;
+ --with-off-t=*) NGX_WITH_OFF_T="$value" ;;
+ --with-time-t=*) NGX_WITH_TIME_T="$value" ;;
+ --with-sys-nerr=*) NGX_WITH_NGX_SYS_NERR="$value" ;;
+ --with-endian=*) NGX_WITH_ENDIAN="$value" ;;
+
*)
echo "$0: error: invalid option \"$option\""
exit 1
@@ -568,6 +580,17 @@ cat << END
--with-debug enable debug logging
+ --with-int=VALUE force int size
+ --with-long=VALUE force long size
+ --with-long-long=VALUE force long long size
+ --with-ptr-size=VALUE force pointer size
+ --with-sig-atomic-t=VALUE force sig_atomic_t size
+ --with-size-t=VALUE force size_t size
+ --with-off-t=VALUE force off_t size
+ --with-time-t=VALUE force time_t size
+ --with-sys-nerr=VALUE force sys_nerr value
+ --with-endian=VALUE force system endianess
+
END
exit 1
@@ -576,6 +599,8 @@ fi
if [ ".$NGX_PLATFORM" = ".win32" ]; then
NGX_WINE=$WINE
+elif [ ! -z "$NGX_PLATFORM" ]; then
+ NGX_CROSS_COMPILE="yes"
fi
Index: nginx-1.12.2/auto/types/sizeof
===================================================================
--- nginx-1.12.2.orig/auto/types/sizeof
+++ nginx-1.12.2/auto/types/sizeof
@@ -12,9 +12,12 @@ checking for $ngx_type size
END
-ngx_size=
+ngx_size=$(eval "echo \$NGX_WITH_${ngx_param}")
-cat << END > $NGX_AUTOTEST.c
+if [ ".$ngx_size" != "." ]; then
+ echo " $ngx_size bytes"
+else
+ cat << END > $NGX_AUTOTEST.c
#include <sys/types.h>
#include <sys/time.h>
@@ -33,15 +36,16 @@ int main(void) {
END
-ngx_test="$CC $CC_TEST_FLAGS $CC_AUX_FLAGS \
- -o $NGX_AUTOTEST $NGX_AUTOTEST.c $NGX_LD_OPT $ngx_feature_libs"
+ ngx_test="$CC $CC_TEST_FLAGS $CC_AUX_FLAGS \
+ -o $NGX_AUTOTEST $NGX_AUTOTEST.c $NGX_LD_OPT $ngx_feature_libs"
-eval "$ngx_test >> $NGX_AUTOCONF_ERR 2>&1"
+ eval "$ngx_test >> $NGX_AUTOCONF_ERR 2>&1"
-if [ -x $NGX_AUTOTEST ]; then
- ngx_size=`$NGX_AUTOTEST`
- echo " $ngx_size bytes"
+ if [ -x $NGX_AUTOTEST ]; then
+ ngx_size=`$NGX_AUTOTEST`
+ echo " $ngx_size bytes"
+ fi
fi
Index: nginx-1.12.2/auto/unix
===================================================================
--- nginx-1.12.2.orig/auto/unix
+++ nginx-1.12.2/auto/unix
@@ -587,13 +587,13 @@ ngx_feature_libs=
# C types
-ngx_type="int"; . auto/types/sizeof
+ngx_type="int"; ngx_param="INT"; . auto/types/sizeof
-ngx_type="long"; . auto/types/sizeof
+ngx_type="long"; ngx_param="LONG"; . auto/types/sizeof
-ngx_type="long long"; . auto/types/sizeof
+ngx_type="long long"; ngx_param="LONG_LONG"; . auto/types/sizeof
-ngx_type="void *"; . auto/types/sizeof; ngx_ptr_size=$ngx_size
+ngx_type="void *"; ngx_param="PTR_SIZE"; . auto/types/sizeof; ngx_ptr_size=$ngx_size
ngx_param=NGX_PTR_SIZE; ngx_value=$ngx_size; . auto/types/value
@@ -604,7 +604,7 @@ NGX_INCLUDE_AUTO_CONFIG_H="#include \"ng
ngx_type="uint32_t"; ngx_types="u_int32_t"; . auto/types/typedef
ngx_type="uint64_t"; ngx_types="u_int64_t"; . auto/types/typedef
-ngx_type="sig_atomic_t"; ngx_types="int"; . auto/types/typedef
+ngx_type="sig_atomic_t"; ngx_param="SIG_ATOMIC_T"; ngx_types="int"; . auto/types/typedef
. auto/types/sizeof
ngx_param=NGX_SIG_ATOMIC_T_SIZE; ngx_value=$ngx_size; . auto/types/value
@@ -620,15 +620,15 @@ ngx_type="rlim_t"; ngx_types="int"; . au
. auto/endianness
-ngx_type="size_t"; . auto/types/sizeof
+ngx_type="size_t"; ngx_param="SIZE_T"; . auto/types/sizeof
ngx_param=NGX_MAX_SIZE_T_VALUE; ngx_value=$ngx_max_value; . auto/types/value
ngx_param=NGX_SIZE_T_LEN; ngx_value=$ngx_max_len; . auto/types/value
-ngx_type="off_t"; . auto/types/sizeof
+ngx_type="off_t"; ngx_param="OFF_T"; . auto/types/sizeof
ngx_param=NGX_MAX_OFF_T_VALUE; ngx_value=$ngx_max_value; . auto/types/value
ngx_param=NGX_OFF_T_LEN; ngx_value=$ngx_max_len; . auto/types/value
-ngx_type="time_t"; . auto/types/sizeof
+ngx_type="time_t"; ngx_param="TIME_T"; . auto/types/sizeof
ngx_param=NGX_TIME_T_SIZE; ngx_value=$ngx_size; . auto/types/value
ngx_param=NGX_TIME_T_LEN; ngx_value=$ngx_max_len; . auto/types/value
ngx_param=NGX_MAX_TIME_T_VALUE; ngx_value=$ngx_max_value; . auto/types/value

99
sources/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/nginx-fix-pidfile.patch Normal file
View File

@@ -0,0 +1,99 @@
Description: Fix NGINX pidfile handling
Author: Tj <ubuntu@iam.tj>
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1581864
Last-Update: 2019-06-04
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
Upstream-Status: Pending
This patch is from ubuntu, https://github.com/aroth-arsoft/pkg-nginx/blob
/master/debian/patches/nginx-fix-pidfile.patch, for fix below
error info:
nginx.service: failed to parse pid from file /run/nginx/nginx.pid:
invalid argument
Signed-off-by: Changqing Li <changqing.li@windriver.com>
diff --git a/src/core/nginx.c b/src/core/nginx.c
index 9fcb0eb2..083eba1d 100644
--- a/src/core/nginx.c
+++ b/src/core/nginx.c
@@ -338,14 +338,21 @@ main(int argc, char *const *argv)
ngx_process = NGX_PROCESS_MASTER;
}
+ /* tell-tale to detect if this is parent or child process */
+ ngx_int_t child_pid = NGX_BUSY;
+
#if !(NGX_WIN32)
if (ngx_init_signals(cycle->log) != NGX_OK) {
return 1;
}
+ /* tell-tale that this code has been executed */
+ child_pid--;
+
if (!ngx_inherited && ccf->daemon) {
- if (ngx_daemon(cycle->log) != NGX_OK) {
+ child_pid = ngx_daemon(cycle->log);
+ if (child_pid == NGX_ERROR) {
return 1;
}
@@ -358,8 +365,19 @@ main(int argc, char *const *argv)
#endif
- if (ngx_create_pidfile(&ccf->pid, cycle->log) != NGX_OK) {
- return 1;
+ /* If ngx_daemon() returned the child's PID in the parent process
+ * after the fork() set ngx_pid to the child_pid, which gets
+ * written to the PID file, then exit.
+ * For NGX_WIN32 always write the PID file
+ * For others, only write it from the parent process */
+ if (child_pid < NGX_OK || child_pid > NGX_OK) {
+ ngx_pid = child_pid > NGX_OK ? child_pid : ngx_pid;
+ if (ngx_create_pidfile(&ccf->pid, cycle->log) != NGX_OK) {
+ return 1;
+ }
+ }
+ if (child_pid > NGX_OK) {
+ exit(0);
}
if (ngx_log_redirect_stderr(cycle) != NGX_OK) {
diff --git a/src/os/unix/ngx_daemon.c b/src/os/unix/ngx_daemon.c
index 385c49b6..3719854c 100644
--- a/src/os/unix/ngx_daemon.c
+++ b/src/os/unix/ngx_daemon.c
@@ -7,14 +7,17 @@
#include <ngx_config.h>
#include <ngx_core.h>
+#include <unistd.h>
ngx_int_t
ngx_daemon(ngx_log_t *log)
{
int fd;
+ /* retain the return value for passing back to caller */
+ pid_t pid_child = fork();
- switch (fork()) {
+ switch (pid_child) {
case -1:
ngx_log_error(NGX_LOG_EMERG, log, ngx_errno, "fork() failed");
return NGX_ERROR;
@@ -23,7 +26,8 @@ ngx_daemon(ngx_log_t *log)
break;
default:
- exit(0);
+ /* let caller do the exit() */
+ return pid_child;
}
ngx_parent = ngx_pid;

2
sources/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/nginx-volatile.conf Normal file
View File

@@ -0,0 +1,2 @@
d @NGINX_USER@ www-data 0755 /run/nginx none
d root root 0755 /var/log/nginx none

47
sources/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/nginx.conf Normal file
View File

@@ -0,0 +1,47 @@
user www;
worker_processes 1;
pid /run/nginx/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
# Basic Settings
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# SSL Settings
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
## Logging
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
## Gzip settings
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
## Virtual Host Configs
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}

52
sources/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/nginx.init Normal file
View File

@@ -0,0 +1,52 @@
#! /bin/sh
PATH=/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/nginx
NAME=nginx
DESC=nginx
PID=/run/nginx/nginx.pid
test -x $DAEMON || exit 0
# Include nginx defaults if available
if [ -f /etc/default/nginx ] ; then
. /etc/default/nginx
fi
set -e
case "$1" in
start)
echo -n "Starting $DESC: "
start-stop-daemon --start --quiet --pidfile $PID \
--name $NAME --exec $DAEMON -- $DAEMON_OPTS
echo "$NAME."
;;
stop)
echo -n "Stopping $DESC: "
start-stop-daemon -K --quiet --pidfile $PID \
--name $NAME
echo "$NAME."
;;
restart|force-reload)
echo -n "Restarting $DESC: "
start-stop-daemon -K --quiet --pidfile $PID \
--name $NAME
sleep 1
start-stop-daemon --start --quiet --pidfile $PID \
--name $NAME --exec $DAEMON -- $DAEMON_OPTS
echo "$NAME."
;;
reload)
echo -n "Reloading $DESC configuration: "
start-stop-daemon --stop --signal HUP --quiet --pidfile $PID \
--exec $DAEMON
echo "$NAME."
;;
*)
N=/etc/init.d/$NAME
echo "Usage: $N {start|stop|restart|force-reload}" >&2
exit 1
;;
esac
exit 0

15
sources/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/nginx.service Normal file
View File

@@ -0,0 +1,15 @@
[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/run/nginx/nginx.pid
ExecStartPre=@SBINDIR@/nginx -t
ExecStart=@SBINDIR@/nginx
ExecReload=@SBINDIR@/nginx -s reload
ExecStop=@BASE_BINDIR@/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target

4
sources/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/proxy_params Normal file
View File

@@ -0,0 +1,4 @@
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;