diff options
| author | Patrick Murphy <Patrick.Murphy@multitech.com> | 2020-04-30 13:04:00 -0500 |
|---|---|---|
| committer | John Klug <john.klug@multitech.com> | 2020-06-18 20:22:08 -0500 |
| commit | 5724d72ffb2d6f4e44b65a92d5b69bcdf8551118 (patch) | |
| tree | ff5b1f6243f931eccda3f378887681c086c0021e | |
| parent | a3020c1257ad6bd653b5c619f1552b5e22fe7e0c (diff) | |
| download | meta-mlinux-5724d72ffb2d6f4e44b65a92d5b69bcdf8551118.tar.gz meta-mlinux-5724d72ffb2d6f4e44b65a92d5b69bcdf8551118.tar.bz2 meta-mlinux-5724d72ffb2d6f4e44b65a92d5b69bcdf8551118.zip | |
moved 5.2.1 changes to master
19 files changed, 1362 insertions, 4 deletions
diff --git a/recipes-core/file-magic-db-images/file-magic-db-images_0.1.bb b/recipes-core/file-magic-db-images/file-magic-db-images_0.1.bb new file mode 100644 index 0000000..43d3052 --- /dev/null +++ b/recipes-core/file-magic-db-images/file-magic-db-images_0.1.bb @@ -0,0 +1,27 @@ +DESCRIPTION = "Stripped MIME detection database for file(1) with definition of images" +HOMEPAGE = "http://www.darwinsys.com/file/" +LICENSE = "BSD" +LIC_FILES_CHKSUM = "file://COPYING;beginline=2;md5=6a7382872edb68d33e1a9398b6e03188" +DEPENDS = "file-native" +FILES_${PN} = "${datadir}/misc/magic-images.mgc" + +PV = "0.1" +PR = "r5" + +SRC_URI = "file://COPYING \ + file://Magdir/images \ + file://Magdir/jpeg \ + file://Magdir/msdos \ + file://Magdir/sgml" + +S = "${WORKDIR}" + +do_compile() { + ${STAGING_BINDIR_NATIVE}/file-native/file -v + ${STAGING_BINDIR_NATIVE}/file-native/file -C -m ${S}/Magdir +} + +do_install() { + install -d ${D}/${datadir}/misc/ + install -m 0644 ${WORKDIR}/Magdir.mgc ${D}/${datadir}/misc/magic-images.mgc +} diff --git a/recipes-core/file-magic-db-images/files/COPYING b/recipes-core/file-magic-db-images/files/COPYING new file mode 100644 index 0000000..68148e2 --- /dev/null +++ b/recipes-core/file-magic-db-images/files/COPYING @@ -0,0 +1,29 @@ +$File: LEGAL.NOTICE,v 1.15 2006/05/03 18:48:33 christos Exp $ +Copyright (c) Ian F. Darwin 1986, 1987, 1989, 1990, 1991, 1992, 1994, 1995. +Software written by Ian F. Darwin and others; +maintained 1994- Christos Zoulas. + +This software is not subject to any export provision of the United States +Department of Commerce, and may be exported to any country or planet. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice immediately at the beginning of the file, without modification, + this list of conditions, and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR +ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. diff --git a/recipes-core/file-magic-db-images/files/Magdir/images b/recipes-core/file-magic-db-images/files/Magdir/images new file mode 100644 index 0000000..493027f --- /dev/null +++ b/recipes-core/file-magic-db-images/files/Magdir/images @@ -0,0 +1,78 @@ +# PNG [Portable Network Graphics, or "PNG's Not GIF"] images +# (Greg Roelofs, newt@uchicago.edu) +# (Albert Cahalan, acahalan@cs.uml.edu) +# +# 137 P N G \r \n ^Z \n [4-byte length] H E A D [HEAD data] [HEAD crc] ... +# +0 string \x89PNG\x0d\x0a\x1a\x0a PNG image data +!:mime image/png +>16 belong x \b, %d x +>20 belong x %d, +>24 byte x %d-bit +>25 byte 0 grayscale, +>25 byte 2 \b/color RGB, +>25 byte 3 colormap, +>25 byte 4 gray+alpha, +>25 byte 6 \b/color RGBA, +#>26 byte 0 deflate/32K, +>28 byte 0 non-interlaced +>28 byte 1 interlaced + +# GIF +0 string GIF8 GIF image data +!:mime image/gif +!:apple 8BIMGIFf +>4 string 7a \b, version 8%s, +>4 string 9a \b, version 8%s, +>6 leshort >0 %d x +>8 leshort >0 %d +#>10 byte &0x80 color mapped, +#>10 byte&0x07 =0x00 2 colors +#>10 byte&0x07 =0x01 4 colors +#>10 byte&0x07 =0x02 8 colors +#>10 byte&0x07 =0x03 16 colors +#>10 byte&0x07 =0x04 32 colors +#>10 byte&0x07 =0x05 64 colors +#>10 byte&0x07 =0x06 128 colors +#>10 byte&0x07 =0x07 256 colors + +# PC bitmaps (OS/2, Windows BMP files) (Greg Roelofs, newt@uchicago.edu) +# http://en.wikipedia.org/wiki/BMP_file_format#DIB_header_.\ +# 28bitmap_information_header.29 +0 string BM +>14 leshort 12 PC bitmap, OS/2 1.x format +!:mime image/x-ms-bmp +>>18 leshort x \b, %d x +>>20 leshort x %d +>14 leshort 64 PC bitmap, OS/2 2.x format +!:mime image/x-ms-bmp +>>18 leshort x \b, %d x +>>20 leshort x %d +>14 leshort 40 PC bitmap, Windows 3.x format +!:mime image/x-ms-bmp +>>18 lelong x \b, %d x +>>22 lelong x %d x +>>28 leshort x %d +>14 leshort 124 PC bitmap, Windows 98/2000 and newer format +!:mime image/x-ms-bmp +>>18 lelong x \b, %d x +>>22 lelong x %d x +>>28 leshort x %d +>14 leshort 108 PC bitmap, Windows 95/NT4 and newer format +!:mime image/x-ms-bmp +>>18 lelong x \b, %d x +>>22 lelong x %d x +>>28 leshort x %d +>14 leshort 128 PC bitmap, Windows NT/2000 format +!:mime image/x-ms-bmp +>>18 lelong x \b, %d x +>>22 lelong x %d x +>>28 leshort x %d +# Too simple - MPi +#0 string IC PC icon data +#0 string PI PC pointer image data +#0 string CI PC color icon data +#0 string CP PC color pointer image data +# Conflicts with other entries [BABYL] +#0 string BA PC bitmap array data + diff --git a/recipes-core/file-magic-db-images/files/Magdir/jpeg b/recipes-core/file-magic-db-images/files/Magdir/jpeg new file mode 100644 index 0000000..e6a4ffa --- /dev/null +++ b/recipes-core/file-magic-db-images/files/Magdir/jpeg @@ -0,0 +1,119 @@ + +#------------------------------------------------------------------------------ +# $File: jpeg,v 1.28 2015/04/09 20:01:40 christos Exp $ +# JPEG images +# SunOS 5.5.1 had +# +# 0 string \377\330\377\340 JPEG file +# 0 string \377\330\377\356 JPG file +# +# both of which turn into "JPEG image data" here. +# +0 beshort 0xffd8 JPEG image data +!:mime image/jpeg +!:apple 8BIMJPEG +!:strength *3 +!:ext jpeg/jpg/jpe/jfif +>6 string JFIF \b, JFIF standard +# The following added by Erik Rossen <rossen@freesurf.ch> 1999-09-06 +# in a vain attempt to add image size reporting for JFIF. Note that these +# tests are not fool-proof since some perfectly valid JPEGs are currently +# impossible to specify in magic(4) format. +# First, a little JFIF version info: +>>11 byte x \b %d. +>>12 byte x \b%02d +# Next, the resolution or aspect ratio of the image: +>>13 byte 0 \b, aspect ratio +>>13 byte 1 \b, resolution (DPI) +>>13 byte 2 \b, resolution (DPCM) +>>14 beshort x \b, density %dx +>>16 beshort x \b%d +>>4 beshort x \b, segment length %d +# Next, show thumbnail info, if it exists: +>>18 byte !0 \b, thumbnail %dx +>>>19 byte x \b%d +>6 string Exif \b, Exif standard: [ +>>12 indirect/r x +>>12 string x \b] + +# Jump to the first segment +>(4.S+4) use jpeg_segment + +# This uses recursion... +0 name jpeg_segment +>0 beshort 0xFFFE +# Recursion handled by FFE0 +#>>(2.S+2) use jpeg_segment +>>2 pstring/HJ x \b, comment: "%s" + +>0 beshort 0xFFC0 +>>(2.S+2) use jpeg_segment +>>4 byte x \b, baseline, precision %d +>>7 beshort x \b, %dx +>>5 beshort x \b%d +>>9 byte x \b, frames %d + +>0 beshort 0xFFC1 +>>(2.S+2) use jpeg_segment +>>4 byte x \b, extended sequential, precision %d +>>7 beshort x \b, %dx +>>5 beshort x \b%d +>>9 byte x \b, frames %d + +>0 beshort 0xFFC2 +>>(2.S+2) use jpeg_segment +>>4 byte x \b, progressive, precision %d +>>7 beshort x \b, %dx +>>5 beshort x \b%d +>>9 byte x \b, frames %d + +# Define Huffman Tables +>0 beshort 0xFFC4 +>>(2.S+2) use jpeg_segment + +>0 beshort 0xFFE1 +# Recursion handled by FFE0 +#>>(2.S+2) use jpeg_segment +>>4 string Exif \b, Exif Standard: [ +>>>10 indirect/r x +>>>10 string x \b] + +# Application specific markers +>0 beshort&0xFFE0 =0xFFE0 +>>(2.S+2) use jpeg_segment + +# DB: Define Quantization tables +# DD: Define Restart interval [XXX: wrong here, it is 4 bytes] +# D8: Start of image +# D9: End of image +# Dn: Restart +>0 beshort&0xFFD0 =0xFFD0 +>>0 beshort&0xFFE0 !0xFFE0 +>>>(2.S+2) use jpeg_segment + +#>0 beshort x unknown 0x%x +#>>(2.S+2) use jpeg_segment + +# HSI is Handmade Software's proprietary JPEG encoding scheme +0 string hsi1 JPEG image data, HSI proprietary + +# From: David Santinoli <david@santinoli.com> +0 string \x00\x00\x00\x0C\x6A\x50\x20\x20\x0D\x0A\x87\x0A JPEG 2000 +# From: Johan van der Knijff <johan.vanderknijff@kb.nl> +# Added sub-entries for JP2, JPX, JPM and MJ2 formats; added mimetypes +# https://github.com/bitsgalore/jp2kMagic +# +# Now read value of 'Brand' field, which yields a few possibilities: +>20 string \x6a\x70\x32\x20 Part 1 (JP2) +!:mime image/jp2 +>20 string \x6a\x70\x78\x20 Part 2 (JPX) +!:mime image/jpx +>20 string \x6a\x70\x6d\x20 Part 6 (JPM) +!:mime image/jpm +>20 string \x6d\x6a\x70\x32 Part 3 (MJ2) +!:mime video/mj2 + +# Type: JPEG 2000 codesream +# From: Mathieu Malaterre <mathieu.malaterre@gmail.com> +0 belong 0xff4fff51 JPEG 2000 codestream +45 beshort 0xff52 diff --git a/recipes-core/file-magic-db-images/files/Magdir/msdos b/recipes-core/file-magic-db-images/files/Magdir/msdos new file mode 100644 index 0000000..7b1330e --- /dev/null +++ b/recipes-core/file-magic-db-images/files/Magdir/msdos @@ -0,0 +1,29 @@ + +#------------------------------------------------------------------------------ +# $File: msdos,v 1.105 2016/03/03 18:58:14 christos Exp $ +# msdos: file(1) magic for MS-DOS files +# + +# Windows icons +# Update: Joerg Jenderek +# URL: https://en.wikipedia.org/wiki/CUR_(file_format) +# Note: similiar to Windows CURsor. container for BMP (only DIB part) or PNG +0 belong 0x00000100 +>9 byte 0 +>>0 byte x +>>0 use cur-ico-dir +>9 ubyte 0xff +>>0 byte x +>>0 use cur-ico-dir +# displays number of icons and information for icon or cursor +0 name cur-ico-dir +# skip some Lotus 1-2-3 worksheets, CYCLE.PIC and keep Windows cursors with +# 1st data offset = dir header size + n * dir entry size = 6 + n * 10h = ?6h +>18 ulelong &0x00000006 +# skip remaining worksheets, because valid only for DIB image (40) or PNG image (\x89PNG) +>>(18.l) ulelong x MS Windows +>>>0 ubelong 0x00000100 icon resource +#!:mime image/vnd.microsoft.icon +!:mime image/x-icon +!:ext ico + diff --git a/recipes-core/file-magic-db-images/files/Magdir/sgml b/recipes-core/file-magic-db-images/files/Magdir/sgml new file mode 100644 index 0000000..79abe8c --- /dev/null +++ b/recipes-core/file-magic-db-images/files/Magdir/sgml @@ -0,0 +1,8 @@ +#------------------------------------------------------------------------------ # $File: sgml,v 1.32 2015/07/11 15:08:53 christos Exp $ +# Type: SVG Vectorial Graphics +# From: Noel Torres <tecnico@ejerciciosresueltos.com> +0 string \<?xml\ version=" +>15 string >\0 +>>19 search/4096 \<svg SVG Scalable Vector Graphics image +!:mime image/svg+xml + diff --git a/recipes-core/images/mlinux-commissioning-image.bb b/recipes-core/images/mlinux-commissioning-image.bb new file mode 100644 index 0000000..5ba16a6 --- /dev/null +++ b/recipes-core/images/mlinux-commissioning-image.bb @@ -0,0 +1,7 @@ +require mlinux-rs9113-factory-image.bb +DESCRIPTION = "mLinux factory image with commissioning support" + +# Extra stuff to install +IMAGE_INSTALL_append = " dnsmasq bluez5-noinst-tools python-dbus commissioning commissioning-php-fpm rs9113-rm" +IMAGE_INSTALL_remove = "useradd" +ROOTFS_POSTPROCESS_COMMAND_remove = "mlinux_set_root_password;" diff --git a/recipes-core/images/mlinux-factory-test-image.bb b/recipes-core/images/mlinux-factory-test-image.bb new file mode 100644 index 0000000..82ed75d --- /dev/null +++ b/recipes-core/images/mlinux-factory-test-image.bb @@ -0,0 +1,8 @@ +DESCRIPTION = "mLinux factory test image" +LICENSE = "MIT" + +require mlinux-factory-image.bb + +IMAGE_INSTALL_append = " i2c-tools spitools " +#Open console for testing +CONSOLE = "sysvinit-inittab-start-open" diff --git a/recipes-core/images/mlinux-mtcap-commissioning-image.bb b/recipes-core/images/mlinux-mtcap-commissioning-image.bb new file mode 100644 index 0000000..9e933b1 --- /dev/null +++ b/recipes-core/images/mlinux-mtcap-commissioning-image.bb @@ -0,0 +1,7 @@ +require mlinux-mtcap-image.bb +DESCRIPTION = "mtcap image with commissioning support" + +#install +IMAGE_INSTALL_append = " commissioning commissioning-php-fpm" +IMAGE_INSTALL_remove = "useradd" +ROOTFS_POSTPROCESS_COMMAND_remove = "mlinux_set_root_password;" diff --git a/recipes-core/images/mlinux-mtcap-test-image.bb b/recipes-core/images/mlinux-mtcap-test-image.bb new file mode 100644 index 0000000..58e2448 --- /dev/null +++ b/recipes-core/images/mlinux-mtcap-test-image.bb @@ -0,0 +1,87 @@ +DESCRIPTION = "mLinux Conduit Access Point image" + +require mlinux-minimal-image.bb +require mtcap-modules.inc + +# For now we don't put this in MTR or AEP +# Password restrictions library from Redhat +IMAGE_INSTALL += "libpwquality" + + +# Test image features +IMAGE_INSTALL += "i2c-tools \ + spitools \ + " + +FILESYSTEM_FEATURES = "dosfstools \ + cifs-utils \ + lsof \ + " + +NETWORKING_FEATURES += "bridge-utils \ + inetutils-ftp \ + openssl \ + rsync \ + iperf \ + mii-diag \ + tcpdump \ + netcat \ + wget \ + strongswan \ + busybox-ifplugd \ + " + +# No accessory cards for MTAC +MULTITECH_MTAC = "" + +TIME_FEATURES = "tzdata tzdata-africa tzdata-americas tzdata-antarctica tzdata-arctic \ + tzdata-asia tzdata-atlantic tzdata-australia tzdata-europe tzdata-pacific \ + tzdata-misc \ + cronie \ + ntpdate \ + " + +WIFI_FEATURES = "libnl \ + wpa-supplicant \ + wireless-tools \ + iw \ + hostap-daemon hostap-utils \ + wilc1000 \ + " + +MULTITECH_FEATURES += " \ + u-boot-linux-utils \ + mlinux-scripts \ + reset-handler \ + radio-cmd radio-query \ + cell-radio-carrierswitch \ + jsparser \ + protobuf \ + annex-client \ + " + +IMAGE_INSTALL += "lora-gateway-utils \ + lora-query \ + lora-packet-forwarder \ + lora-network-server \ + logrotate \ + mosquitto mosquitto-clients \ + " + +MISC_FEATURES = "minicom lrzsz nano lxfp" + +# Extra stuff to install +# Someday add wifi features +# ${WIFI_FEATURES} +# +IMAGE_INSTALL += " \ + ${FILESYSTEM_FEATURES} \ + ${TIME_FEATURES} \ + ${MISC_FEATURES} \ + " + +# Open console for testing +CONSOLE = "sysvinit-inittab-start-open" + +# Multi-Tech SMS Utility (see http://git.multitech.net) +IMAGE_INSTALL += "sms-utils" diff --git a/recipes-core/lighttpd/files/0001-lighttpd-pcre-use-pkg-config.patch b/recipes-core/lighttpd/files/0001-lighttpd-pcre-use-pkg-config.patch new file mode 100644 index 0000000..48be920 --- /dev/null +++ b/recipes-core/lighttpd/files/0001-lighttpd-pcre-use-pkg-config.patch @@ -0,0 +1,41 @@ +From 22afc5d9aaa215c3c87ba21c77d47da44ab3b113 Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex.kanavin@gmail.com> +Date: Fri, 26 Aug 2016 18:20:32 +0300 +Subject: [PATCH] Use pkg-config for pcre dependency instead of -config script. + +RP 2014/5/22 +Upstream-Status: Pending +Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> +--- + configure.ac | 16 ++++++++++++---- + 1 file changed, 12 insertions(+), 4 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 5383cec..c29a902 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -651,10 +651,18 @@ AC_ARG_WITH([pcre], + ) + AC_MSG_RESULT([$WITH_PCRE]) + +-if test "$WITH_PCRE" != no; then +- if test "$WITH_PCRE" != yes; then +- PCRE_LIB="-L$WITH_PCRE/lib -lpcre" +- CPPFLAGS="$CPPFLAGS -I$WITH_PCRE/include" ++if test "$WITH_PCRE" != "no"; then ++ PKG_CHECK_MODULES(PCREPKG, [libpcre], [ ++ PCRE_LIB=${PCREPKG_LIBS} ++ CPPFLAGS="$CPPFLAGS ${PCREPKG_CFLAGS}" ++ ], [ ++ AC_MSG_ERROR([pcre pkgconfig not found, install the pcre-devel package or build with --without-pcre]) ++ ]) ++ ++ if test x"$PCRE_LIB" != x; then ++ AC_DEFINE([HAVE_LIBPCRE], [1], [libpcre]) ++ AC_DEFINE([HAVE_PCRE_H], [1], [pcre.h]) ++ AC_SUBST(PCRE_LIB) + else + AC_PATH_PROG([PCRECONFIG], [pcre-config]) + if test -n "$PCRECONFIG"; then +-- +2.15.0 diff --git a/recipes-core/lighttpd/files/0002_extended_tls_conf.patch b/recipes-core/lighttpd/files/0002_extended_tls_conf.patch new file mode 100644 index 0000000..1a216dd --- /dev/null +++ b/recipes-core/lighttpd/files/0002_extended_tls_conf.patch @@ -0,0 +1,110 @@ +diff --git a/src/base.h b/src/base.h +index 134fc41..f2d849e 100644 +--- a/src/base.h ++++ b/src/base.h +@@ -289,6 +289,9 @@ typedef struct { + unsigned short ssl_empty_fragments; /* whether to not set SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS */ + unsigned short ssl_use_sslv2; + unsigned short ssl_use_sslv3; ++ unsigned short ssl_use_tlsv1; ++ unsigned short ssl_use_tlsv1_1; ++ unsigned short ssl_use_tlsv1_2; + unsigned short ssl_verifyclient; + unsigned short ssl_verifyclient_enforce; + unsigned short ssl_verifyclient_depth; +diff --git a/src/configfile.c b/src/configfile.c +index bba6925..bbedd77 100644 +--- a/src/configfile.c ++++ b/src/configfile.c +@@ -146,6 +146,10 @@ static int config_insert(server *srv) { + { "server.max-request-field-size", NULL, T_CONFIG_INT, T_CONFIG_SCOPE_SERVER }, /* 78 */ + { "ssl.read-ahead", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 79 */ + ++ { "ssl.use-tlsv1", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 80 */ ++ { "ssl.use-tlsv1_1", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 81 */ ++ { "ssl.use-tlsv1_2", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 82 */ ++ + { NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET } + }; + +@@ -226,6 +230,9 @@ static int config_insert(server *srv) { + s->ssl_empty_fragments = 0; + s->ssl_use_sslv2 = 0; + s->ssl_use_sslv3 = 0; ++ s->ssl_use_tlsv1 = 0; ++ s->ssl_use_tlsv1_1 = 0; ++ s->ssl_use_tlsv1_2 = 1; + s->use_ipv6 = (i == 0) ? 0 : srv->config_storage[0]->use_ipv6; + s->set_v6only = (i == 0) ? 1 : srv->config_storage[0]->set_v6only; + s->defer_accept = (i == 0) ? 0 : srv->config_storage[0]->defer_accept; +@@ -318,6 +325,9 @@ static int config_insert(server *srv) { + cv[76].destination = &(s->stream_request_body); + cv[77].destination = &(s->stream_response_body); + cv[79].destination = &(s->ssl_read_ahead); ++ cv[80].destination = &(s->ssl_use_tlsv1); ++ cv[81].destination = &(s->ssl_use_tlsv1_1); ++ cv[82].destination = &(s->ssl_use_tlsv1_2); + + srv->config_storage[i] = s; + +@@ -536,6 +546,9 @@ int config_setup_connection(server *srv, connection *con) { + PATCH(ssl_empty_fragments); + PATCH(ssl_use_sslv2); + PATCH(ssl_use_sslv3); ++ PATCH(ssl_use_tlsv1); ++ PATCH(ssl_use_tlsv1_1); ++ PATCH(ssl_use_tlsv1_2); + PATCH(etag_use_inode); + PATCH(etag_use_mtime); + PATCH(etag_use_size); +@@ -615,6 +628,12 @@ int config_patch_connection(server *srv, connection *con) { + PATCH(ssl_use_sslv2); + } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.use-sslv3"))) { + PATCH(ssl_use_sslv3); ++ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.use-tlsv1"))) { ++ PATCH(ssl_use_tlsv1); ++ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.use-tlsv1_1"))) { ++ PATCH(ssl_use_tlsv1_1); ++ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.use-tlsv1_2"))) { ++ PATCH(ssl_use_tlsv1_2); + } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.cipher-list"))) { + PATCH(ssl_cipher_list); + } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.engine"))) { +diff --git a/src/network.c b/src/network.c +index 4295fe9..a3f9ec3 100644 +--- a/src/network.c ++++ b/src/network.c +@@ -859,6 +859,33 @@ int network_init(server *srv) { + } + } + ++ if (!s->ssl_use_tlsv1) { ++ /* disable TLSv1 */ ++ if (!(SSL_OP_NO_TLSv1 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_TLSv1))) { ++ log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:", ++ ERR_error_string(ERR_get_error(), NULL)); ++ return -1; ++ } ++ } ++ ++ if (!s->ssl_use_tlsv1_1) { ++ /* disable TLSv1.1 */ ++ if (!(SSL_OP_NO_TLSv1_1 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_TLSv1_1))) { ++ log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:", ++ ERR_error_string(ERR_get_error(), NULL)); ++ return -1; ++ } ++ } ++ ++ if (!s->ssl_use_tlsv1_2) { ++ /* disable TLSv1.2 */ ++ if (!(SSL_OP_NO_TLSv1_2 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_TLSv1_2))) { ++ log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:", ++ ERR_error_string(ERR_get_error(), NULL)); ++ return -1; ++ } ++ } ++ + if (!buffer_string_is_empty(s->ssl_cipher_list)) { + /* Disable support for low encryption ciphers */ + if (SSL_CTX_set_cipher_list(s->ssl_ctx, s->ssl_cipher_list->ptr) != 1) { diff --git a/recipes-core/lighttpd/files/0004_fastcgi_env_with_unixsocket.patch b/recipes-core/lighttpd/files/0004_fastcgi_env_with_unixsocket.patch new file mode 100644 index 0000000..c265066 --- /dev/null +++ b/recipes-core/lighttpd/files/0004_fastcgi_env_with_unixsocket.patch @@ -0,0 +1,57 @@ +From bdfb7f9c6ab29d2de3576f8bd845fa871bb44ead Mon Sep 17 00:00:00 2001 +From: Serhii Voloshynov <serhii.voloshynov@globallogic.com> +Date: Tue, 6 Nov 2018 13:50:04 +0200 +Subject: [PATCH] patch + +--- + src/http-header-glue.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/src/http-header-glue.c b/src/http-header-glue.c +index 1916ca6..d4f42ad 100644 +--- a/src/http-header-glue.c ++++ b/src/http-header-glue.c +@@ -1457,6 +1457,8 @@ int http_cgi_headers (server *srv, connection *con, http_cgi_opts *opts, http_cg + rc |= cb(vdata, CONST_STR_LEN("HTTPS"), CONST_STR_LEN("on")); + } + ++ if (srv_sock->addr.plain.sa_family != AF_UNIX) { ++ + addr = &srv_sock->addr; + li_utostrn(buf, sizeof(buf), sock_addr_get_port(addr)); + rc |= cb(vdata, CONST_STR_LEN("SERVER_PORT"), buf, strlen(buf)); +@@ -1482,6 +1484,7 @@ int http_cgi_headers (server *srv, connection *con, http_cgi_opts *opts, http_cg + } + force_assert(s); + rc |= cb(vdata, CONST_STR_LEN("SERVER_ADDR"), s, strlen(s)); ++ } + + if (!buffer_string_is_empty(con->server_name)) { + size_t len = buffer_string_length(con->server_name); +@@ -1497,15 +1500,23 @@ int http_cgi_headers (server *srv, connection *con, http_cgi_opts *opts, http_cg + rc |= cb(vdata, CONST_STR_LEN("SERVER_NAME"), + con->server_name->ptr, len); + } else { ++ if (srv_sock->addr.plain.sa_family != AF_UNIX) { + /* set to be same as SERVER_ADDR (above) */ + rc |= cb(vdata, CONST_STR_LEN("SERVER_NAME"), s, strlen(s)); + } ++ } ++ if (srv_sock->addr.plain.sa_family == AF_UNIX) { ++ rc |= cb(vdata, CONST_STR_LEN("SERVER_IPC"), CONST_STR_LEN("yes")); ++ } ++ ++ if (srv_sock->addr.plain.sa_family != AF_UNIX) { + + rc |= cb(vdata, CONST_STR_LEN("REMOTE_ADDR"), + CONST_BUF_LEN(con->dst_addr_buf)); + + li_utostrn(buf, sizeof(buf), sock_addr_get_port(&con->dst_addr)); + rc |= cb(vdata, CONST_STR_LEN("REMOTE_PORT"), buf, strlen(buf)); ++ } + + for (n = 0; n < con->request.headers->used; n++) { + data_string *ds = (data_string *)con->request.headers->data[n]; +-- +2.7.4 + diff --git a/recipes-core/lighttpd/files/lighttpd.conf b/recipes-core/lighttpd/files/lighttpd.conf new file mode 100644 index 0000000..a3e02da --- /dev/null +++ b/recipes-core/lighttpd/files/lighttpd.conf @@ -0,0 +1,209 @@ +# lighttpd configuration file for the rcell +# include config file (/var/run/config/lighttpd_port.conf) generated at start up +# +# $Id: lighttpd.conf,v 1.7 2004/11/03 22:26:05 weigon Exp $ + +#IMPORT PORT SETTINGS +include "/var/run/config/lighttpd_port.conf" + +## local access from startup scripts and apps +$SERVER["socket"] == "/var/run/api/http.sock" { } + +## modules +server.modules = ( + "mod_rewrite", + "mod_redirect", + "mod_proxy", + "mod_alias", + "mod_access", + "mod_fastcgi", + "mod_accesslog", + "mod_openssl", + "mod_setenv") + + +## static document-root +server.document-root = "/var/www/" +setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*", + "Content-Security-Policy" => "default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' https://fonts.googleapis.com 'self'; font-src https://fonts.gstatic.com 'self'; connect-src 'self'; img-src 'self' data:", + "X-Frame-Options" =>"SAMEORIGIN", + "X-XSS-Protection" => "1; mode=block", + "X-Content-Type-Options" => "nosniff", + "Referrer-Policy" => "strict-origin-when-cross-origin", + "Feature-Policy" => "accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; payment 'none'; usb 'none'", + "Strict-Transport-Security" => "max-age=31536000", + "Cache-Control" => "no-cache" +) +server.socket-perms = "0760" + +## where to send error-messages to +#server.errorlog = "/var/log/lighttpd.error.log" +server.errorlog-use-syslog = "enable" + +# disable stat cache +server.stat-cache-engine = "disable" + +## where to send access log +#accesslog.filename = "/var/log/lighttpd.access.log" +accesslog.use-syslog = "enable" + +## enable debugging +#debug.log-request-header = "enable" +#debug.log-response-header = "enable" +#debug.log-request-handling = "enable" +#debug.log-file-not-found = "enable" +#debug.log-condition-handling = "enable" + +## where to upload files +server.upload-dirs = ( "/var/volatile/tmp" ) + +# files to check for if .../ is requested +index-file.names = ( "index.php", "index.html", + "index.htm", "default.htm" ) + +# mimetype mapping +mimetype.assign = ( + ".pdf" => "application/pdf", + ".sig" => "application/pgp-signature", + ".spl" => "application/futuresplash", + ".class" => "application/octet-stream", + ".ps" => "application/postscript", + ".torrent" => "application/x-bittorrent", + ".dvi" => "application/x-dvi", + ".pac" => "application/x-ns-proxy-autoconfig", + ".swf" => "application/x-shockwave-flash", + ".tar.gz" => "application/x-tgz", + ".tgz" => "application/x-tgz", + ".tar" => "application/x-tar", + ".xhtml" => "application/xhtml+xml", + ".xht" => "application/xhtml+xml", + ".zip" => "application/zip", + ".mp3" => "audio/mpeg", + ".m3u" => "audio/x-mpegurl", + ".wma" => "audio/x-ms-wma", + ".wax" => "audio/x-ms-wax", + ".ogg" => "application/ogg", + ".wav" => "audio/x-wav", + ".gif" => "image/gif", + ".jpg" => "image/jpeg", + ".jpeg" => "image/jpeg", + ".png" => "image/png", + ".svg" => "image/svg+xml", + ".ico" => "image/x-icon", + ".xbm" => "image/x-xbitmap", + ".xpm" => "image/x-xpixmap", + ".xwd" => "image/x-xwindowdump", + ".css" => "text/css", + ".html" => "text/html", + ".htm" => "text/html", + ".asc" => "text/plain", + ".c" => "text/plain", + ".cpp" => "text/plain", + ".log" => "text/plain", + ".conf" => "text/plain", + ".text" => "text/plain", + ".txt" => "text/plain", + ".dtd" => "text/xml", + ".xml" => "text/xml", + ".mpeg" => "video/mpeg", + ".mpg" => "video/mpeg", + ".mov" => "video/quicktime", + ".qt" => "video/quicktime", + ".avi" => "video/x-msvideo", + ".asf" => "video/x-ms-asf", + ".asx" => "video/x-ms-asf", + ".wmv" => "video/x-ms-wmv", + ".bz2" => "application/x-bzip", + ".tbz" => "application/x-bzip-compressed-tar", + ".tar.bz2" => "application/x-bzip-compressed-tar", + ".mib" => "application/text", + ".js" => "application/javascript" + ) + +## deny access the file-extensions +url.access-deny = ( "~", ".inc" ) + +# send a different Server: |