From 01f73eaf483ea5050a26098c3eb5949275118f3c Mon Sep 17 00:00:00 2001 From: Patrick Murphy Date: Wed, 10 Jun 2020 16:30:03 -0500 Subject: recovered 1.4.48 default init script --- .../file-magic-db-images_0.1.bb | 27 --- recipes-core/file-magic-db-images/files/COPYING | 29 --- .../file-magic-db-images/files/Magdir/images | 78 -------- .../file-magic-db-images/files/Magdir/jpeg | 119 ------------ .../file-magic-db-images/files/Magdir/msdos | 29 --- .../file-magic-db-images/files/Magdir/sgml | 8 - .../files/0001-lighttpd-pcre-use-pkg-config.patch | 41 ---- .../lighttpd/files/0002_extended_tls_conf.patch | 110 ----------- .../files/0004_fastcgi_env_with_unixsocket.patch | 57 ------ recipes-core/lighttpd/files/lighttpd.conf | 209 --------------------- .../lighttpd/files/lighttpd_custom_images_setup | 57 ------ recipes-core/lighttpd/files/lighttpd_nrs.conf | 66 ------- .../0001-lighttpd-pcre-use-pkg-config.patch | 41 ++++ .../lighttpd/lighttpd/0002_extended_tls_conf.patch | 110 +++++++++++ .../0004_fastcgi_env_with_unixsocket.patch | 57 ++++++ recipes-core/lighttpd/lighttpd/lighttpd.conf | 209 +++++++++++++++++++++ recipes-core/lighttpd/lighttpd/lighttpd.init | 34 ++++ .../lighttpd/lighttpd/lighttpd_custom_images_setup | 57 ++++++ recipes-core/lighttpd/lighttpd/lighttpd_nrs.conf | 66 +++++++ recipes-core/lighttpd/lighttpd_1.4.48.bb | 13 +- 20 files changed, 577 insertions(+), 840 deletions(-) delete mode 100644 recipes-core/file-magic-db-images/file-magic-db-images_0.1.bb delete mode 100644 recipes-core/file-magic-db-images/files/COPYING delete mode 100644 recipes-core/file-magic-db-images/files/Magdir/images delete mode 100644 recipes-core/file-magic-db-images/files/Magdir/jpeg delete mode 100644 recipes-core/file-magic-db-images/files/Magdir/msdos delete mode 100644 recipes-core/file-magic-db-images/files/Magdir/sgml delete mode 100644 recipes-core/lighttpd/files/0001-lighttpd-pcre-use-pkg-config.patch delete mode 100644 recipes-core/lighttpd/files/0002_extended_tls_conf.patch delete mode 100644 recipes-core/lighttpd/files/0004_fastcgi_env_with_unixsocket.patch delete mode 100644 recipes-core/lighttpd/files/lighttpd.conf delete mode 100644 recipes-core/lighttpd/files/lighttpd_custom_images_setup delete mode 100644 recipes-core/lighttpd/files/lighttpd_nrs.conf create mode 100644 recipes-core/lighttpd/lighttpd/0001-lighttpd-pcre-use-pkg-config.patch create mode 100644 recipes-core/lighttpd/lighttpd/0002_extended_tls_conf.patch create mode 100644 recipes-core/lighttpd/lighttpd/0004_fastcgi_env_with_unixsocket.patch create mode 100644 recipes-core/lighttpd/lighttpd/lighttpd.conf create mode 100644 recipes-core/lighttpd/lighttpd/lighttpd.init create mode 100644 recipes-core/lighttpd/lighttpd/lighttpd_custom_images_setup create mode 100644 recipes-core/lighttpd/lighttpd/lighttpd_nrs.conf diff --git a/recipes-core/file-magic-db-images/file-magic-db-images_0.1.bb b/recipes-core/file-magic-db-images/file-magic-db-images_0.1.bb deleted file mode 100644 index 43d3052..0000000 --- a/recipes-core/file-magic-db-images/file-magic-db-images_0.1.bb +++ /dev/null @@ -1,27 +0,0 @@ -DESCRIPTION = "Stripped MIME detection database for file(1) with definition of images" -HOMEPAGE = "http://www.darwinsys.com/file/" -LICENSE = "BSD" -LIC_FILES_CHKSUM = "file://COPYING;beginline=2;md5=6a7382872edb68d33e1a9398b6e03188" -DEPENDS = "file-native" -FILES_${PN} = "${datadir}/misc/magic-images.mgc" - -PV = "0.1" -PR = "r5" - -SRC_URI = "file://COPYING \ - file://Magdir/images \ - file://Magdir/jpeg \ - file://Magdir/msdos \ - file://Magdir/sgml" - -S = "${WORKDIR}" - -do_compile() { - ${STAGING_BINDIR_NATIVE}/file-native/file -v - ${STAGING_BINDIR_NATIVE}/file-native/file -C -m ${S}/Magdir -} - -do_install() { - install -d ${D}/${datadir}/misc/ - install -m 0644 ${WORKDIR}/Magdir.mgc ${D}/${datadir}/misc/magic-images.mgc -} diff --git a/recipes-core/file-magic-db-images/files/COPYING b/recipes-core/file-magic-db-images/files/COPYING deleted file mode 100644 index 68148e2..0000000 --- a/recipes-core/file-magic-db-images/files/COPYING +++ /dev/null @@ -1,29 +0,0 @@ -$File: LEGAL.NOTICE,v 1.15 2006/05/03 18:48:33 christos Exp $ -Copyright (c) Ian F. Darwin 1986, 1987, 1989, 1990, 1991, 1992, 1994, 1995. -Software written by Ian F. Darwin and others; -maintained 1994- Christos Zoulas. - -This software is not subject to any export provision of the United States -Department of Commerce, and may be exported to any country or planet. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice immediately at the beginning of the file, without modification, - this list of conditions, and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - -THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR -ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. diff --git a/recipes-core/file-magic-db-images/files/Magdir/images b/recipes-core/file-magic-db-images/files/Magdir/images deleted file mode 100644 index 493027f..0000000 --- a/recipes-core/file-magic-db-images/files/Magdir/images +++ /dev/null @@ -1,78 +0,0 @@ -# PNG [Portable Network Graphics, or "PNG's Not GIF"] images -# (Greg Roelofs, newt@uchicago.edu) -# (Albert Cahalan, acahalan@cs.uml.edu) -# -# 137 P N G \r \n ^Z \n [4-byte length] H E A D [HEAD data] [HEAD crc] ... -# -0 string \x89PNG\x0d\x0a\x1a\x0a PNG image data -!:mime image/png ->16 belong x \b, %d x ->20 belong x %d, ->24 byte x %d-bit ->25 byte 0 grayscale, ->25 byte 2 \b/color RGB, ->25 byte 3 colormap, ->25 byte 4 gray+alpha, ->25 byte 6 \b/color RGBA, -#>26 byte 0 deflate/32K, ->28 byte 0 non-interlaced ->28 byte 1 interlaced - -# GIF -0 string GIF8 GIF image data -!:mime image/gif -!:apple 8BIMGIFf ->4 string 7a \b, version 8%s, ->4 string 9a \b, version 8%s, ->6 leshort >0 %d x ->8 leshort >0 %d -#>10 byte &0x80 color mapped, -#>10 byte&0x07 =0x00 2 colors -#>10 byte&0x07 =0x01 4 colors -#>10 byte&0x07 =0x02 8 colors -#>10 byte&0x07 =0x03 16 colors -#>10 byte&0x07 =0x04 32 colors -#>10 byte&0x07 =0x05 64 colors -#>10 byte&0x07 =0x06 128 colors -#>10 byte&0x07 =0x07 256 colors - -# PC bitmaps (OS/2, Windows BMP files) (Greg Roelofs, newt@uchicago.edu) -# http://en.wikipedia.org/wiki/BMP_file_format#DIB_header_.\ -# 28bitmap_information_header.29 -0 string BM ->14 leshort 12 PC bitmap, OS/2 1.x format -!:mime image/x-ms-bmp ->>18 leshort x \b, %d x ->>20 leshort x %d ->14 leshort 64 PC bitmap, OS/2 2.x format -!:mime image/x-ms-bmp ->>18 leshort x \b, %d x ->>20 leshort x %d ->14 leshort 40 PC bitmap, Windows 3.x format -!:mime image/x-ms-bmp ->>18 lelong x \b, %d x ->>22 lelong x %d x ->>28 leshort x %d ->14 leshort 124 PC bitmap, Windows 98/2000 and newer format -!:mime image/x-ms-bmp ->>18 lelong x \b, %d x ->>22 lelong x %d x ->>28 leshort x %d ->14 leshort 108 PC bitmap, Windows 95/NT4 and newer format -!:mime image/x-ms-bmp ->>18 lelong x \b, %d x ->>22 lelong x %d x ->>28 leshort x %d ->14 leshort 128 PC bitmap, Windows NT/2000 format -!:mime image/x-ms-bmp ->>18 lelong x \b, %d x ->>22 lelong x %d x ->>28 leshort x %d -# Too simple - MPi -#0 string IC PC icon data -#0 string PI PC pointer image data -#0 string CI PC color icon data -#0 string CP PC color pointer image data -# Conflicts with other entries [BABYL] -#0 string BA PC bitmap array data - diff --git a/recipes-core/file-magic-db-images/files/Magdir/jpeg b/recipes-core/file-magic-db-images/files/Magdir/jpeg deleted file mode 100644 index e6a4ffa..0000000 --- a/recipes-core/file-magic-db-images/files/Magdir/jpeg +++ /dev/null @@ -1,119 +0,0 @@ - -#------------------------------------------------------------------------------ -# $File: jpeg,v 1.28 2015/04/09 20:01:40 christos Exp $ -# JPEG images -# SunOS 5.5.1 had -# -# 0 string \377\330\377\340 JPEG file -# 0 string \377\330\377\356 JPG file -# -# both of which turn into "JPEG image data" here. -# -0 beshort 0xffd8 JPEG image data -!:mime image/jpeg -!:apple 8BIMJPEG -!:strength *3 -!:ext jpeg/jpg/jpe/jfif ->6 string JFIF \b, JFIF standard -# The following added by Erik Rossen 1999-09-06 -# in a vain attempt to add image size reporting for JFIF. Note that these -# tests are not fool-proof since some perfectly valid JPEGs are currently -# impossible to specify in magic(4) format. -# First, a little JFIF version info: ->>11 byte x \b %d. ->>12 byte x \b%02d -# Next, the resolution or aspect ratio of the image: ->>13 byte 0 \b, aspect ratio ->>13 byte 1 \b, resolution (DPI) ->>13 byte 2 \b, resolution (DPCM) ->>14 beshort x \b, density %dx ->>16 beshort x \b%d ->>4 beshort x \b, segment length %d -# Next, show thumbnail info, if it exists: ->>18 byte !0 \b, thumbnail %dx ->>>19 byte x \b%d ->6 string Exif \b, Exif standard: [ ->>12 indirect/r x ->>12 string x \b] - -# Jump to the first segment ->(4.S+4) use jpeg_segment - -# This uses recursion... -0 name jpeg_segment ->0 beshort 0xFFFE -# Recursion handled by FFE0 -#>>(2.S+2) use jpeg_segment ->>2 pstring/HJ x \b, comment: "%s" - ->0 beshort 0xFFC0 ->>(2.S+2) use jpeg_segment ->>4 byte x \b, baseline, precision %d ->>7 beshort x \b, %dx ->>5 beshort x \b%d ->>9 byte x \b, frames %d - ->0 beshort 0xFFC1 ->>(2.S+2) use jpeg_segment ->>4 byte x \b, extended sequential, precision %d ->>7 beshort x \b, %dx ->>5 beshort x \b%d ->>9 byte x \b, frames %d - ->0 beshort 0xFFC2 ->>(2.S+2) use jpeg_segment ->>4 byte x \b, progressive, precision %d ->>7 beshort x \b, %dx ->>5 beshort x \b%d ->>9 byte x \b, frames %d - -# Define Huffman Tables ->0 beshort 0xFFC4 ->>(2.S+2) use jpeg_segment - ->0 beshort 0xFFE1 -# Recursion handled by FFE0 -#>>(2.S+2) use jpeg_segment ->>4 string Exif \b, Exif Standard: [ ->>>10 indirect/r x ->>>10 string x \b] - -# Application specific markers ->0 beshort&0xFFE0 =0xFFE0 ->>(2.S+2) use jpeg_segment - -# DB: Define Quantization tables -# DD: Define Restart interval [XXX: wrong here, it is 4 bytes] -# D8: Start of image -# D9: End of image -# Dn: Restart ->0 beshort&0xFFD0 =0xFFD0 ->>0 beshort&0xFFE0 !0xFFE0 ->>>(2.S+2) use jpeg_segment - -#>0 beshort x unknown 0x%x -#>>(2.S+2) use jpeg_segment - -# HSI is Handmade Software's proprietary JPEG encoding scheme -0 string hsi1 JPEG image data, HSI proprietary - -# From: David Santinoli -0 string \x00\x00\x00\x0C\x6A\x50\x20\x20\x0D\x0A\x87\x0A JPEG 2000 -# From: Johan van der Knijff -# Added sub-entries for JP2, JPX, JPM and MJ2 formats; added mimetypes -# https://github.com/bitsgalore/jp2kMagic -# -# Now read value of 'Brand' field, which yields a few possibilities: ->20 string \x6a\x70\x32\x20 Part 1 (JP2) -!:mime image/jp2 ->20 string \x6a\x70\x78\x20 Part 2 (JPX) -!:mime image/jpx ->20 string \x6a\x70\x6d\x20 Part 6 (JPM) -!:mime image/jpm ->20 string \x6d\x6a\x70\x32 Part 3 (MJ2) -!:mime video/mj2 - -# Type: JPEG 2000 codesream -# From: Mathieu Malaterre -0 belong 0xff4fff51 JPEG 2000 codestream -45 beshort 0xff52 diff --git a/recipes-core/file-magic-db-images/files/Magdir/msdos b/recipes-core/file-magic-db-images/files/Magdir/msdos deleted file mode 100644 index 7b1330e..0000000 --- a/recipes-core/file-magic-db-images/files/Magdir/msdos +++ /dev/null @@ -1,29 +0,0 @@ - -#------------------------------------------------------------------------------ -# $File: msdos,v 1.105 2016/03/03 18:58:14 christos Exp $ -# msdos: file(1) magic for MS-DOS files -# - -# Windows icons -# Update: Joerg Jenderek -# URL: https://en.wikipedia.org/wiki/CUR_(file_format) -# Note: similiar to Windows CURsor. container for BMP (only DIB part) or PNG -0 belong 0x00000100 ->9 byte 0 ->>0 byte x ->>0 use cur-ico-dir ->9 ubyte 0xff ->>0 byte x ->>0 use cur-ico-dir -# displays number of icons and information for icon or cursor -0 name cur-ico-dir -# skip some Lotus 1-2-3 worksheets, CYCLE.PIC and keep Windows cursors with -# 1st data offset = dir header size + n * dir entry size = 6 + n * 10h = ?6h ->18 ulelong &0x00000006 -# skip remaining worksheets, because valid only for DIB image (40) or PNG image (\x89PNG) ->>(18.l) ulelong x MS Windows ->>>0 ubelong 0x00000100 icon resource -#!:mime image/vnd.microsoft.icon -!:mime image/x-icon -!:ext ico - diff --git a/recipes-core/file-magic-db-images/files/Magdir/sgml b/recipes-core/file-magic-db-images/files/Magdir/sgml deleted file mode 100644 index 79abe8c..0000000 --- a/recipes-core/file-magic-db-images/files/Magdir/sgml +++ /dev/null @@ -1,8 +0,0 @@ -#------------------------------------------------------------------------------ # $File: sgml,v 1.32 2015/07/11 15:08:53 christos Exp $ -# Type: SVG Vectorial Graphics -# From: Noel Torres -0 string \15 string >\0 ->>19 search/4096 \ -Date: Fri, 26 Aug 2016 18:20:32 +0300 -Subject: [PATCH] Use pkg-config for pcre dependency instead of -config script. - -RP 2014/5/22 -Upstream-Status: Pending -Signed-off-by: Alexander Kanavin ---- - configure.ac | 16 ++++++++++++---- - 1 file changed, 12 insertions(+), 4 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 5383cec..c29a902 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -651,10 +651,18 @@ AC_ARG_WITH([pcre], - ) - AC_MSG_RESULT([$WITH_PCRE]) - --if test "$WITH_PCRE" != no; then -- if test "$WITH_PCRE" != yes; then -- PCRE_LIB="-L$WITH_PCRE/lib -lpcre" -- CPPFLAGS="$CPPFLAGS -I$WITH_PCRE/include" -+if test "$WITH_PCRE" != "no"; then -+ PKG_CHECK_MODULES(PCREPKG, [libpcre], [ -+ PCRE_LIB=${PCREPKG_LIBS} -+ CPPFLAGS="$CPPFLAGS ${PCREPKG_CFLAGS}" -+ ], [ -+ AC_MSG_ERROR([pcre pkgconfig not found, install the pcre-devel package or build with --without-pcre]) -+ ]) -+ -+ if test x"$PCRE_LIB" != x; then -+ AC_DEFINE([HAVE_LIBPCRE], [1], [libpcre]) -+ AC_DEFINE([HAVE_PCRE_H], [1], [pcre.h]) -+ AC_SUBST(PCRE_LIB) - else - AC_PATH_PROG([PCRECONFIG], [pcre-config]) - if test -n "$PCRECONFIG"; then --- -2.15.0 diff --git a/recipes-core/lighttpd/files/0002_extended_tls_conf.patch b/recipes-core/lighttpd/files/0002_extended_tls_conf.patch deleted file mode 100644 index 1a216dd..0000000 --- a/recipes-core/lighttpd/files/0002_extended_tls_conf.patch +++ /dev/null @@ -1,110 +0,0 @@ -diff --git a/src/base.h b/src/base.h -index 134fc41..f2d849e 100644 ---- a/src/base.h -+++ b/src/base.h -@@ -289,6 +289,9 @@ typedef struct { - unsigned short ssl_empty_fragments; /* whether to not set SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS */ - unsigned short ssl_use_sslv2; - unsigned short ssl_use_sslv3; -+ unsigned short ssl_use_tlsv1; -+ unsigned short ssl_use_tlsv1_1; -+ unsigned short ssl_use_tlsv1_2; - unsigned short ssl_verifyclient; - unsigned short ssl_verifyclient_enforce; - unsigned short ssl_verifyclient_depth; -diff --git a/src/configfile.c b/src/configfile.c -index bba6925..bbedd77 100644 ---- a/src/configfile.c -+++ b/src/configfile.c -@@ -146,6 +146,10 @@ static int config_insert(server *srv) { - { "server.max-request-field-size", NULL, T_CONFIG_INT, T_CONFIG_SCOPE_SERVER }, /* 78 */ - { "ssl.read-ahead", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 79 */ - -+ { "ssl.use-tlsv1", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 80 */ -+ { "ssl.use-tlsv1_1", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 81 */ -+ { "ssl.use-tlsv1_2", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 82 */ -+ - { NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET } - }; - -@@ -226,6 +230,9 @@ static int config_insert(server *srv) { - s->ssl_empty_fragments = 0; - s->ssl_use_sslv2 = 0; - s->ssl_use_sslv3 = 0; -+ s->ssl_use_tlsv1 = 0; -+ s->ssl_use_tlsv1_1 = 0; -+ s->ssl_use_tlsv1_2 = 1; - s->use_ipv6 = (i == 0) ? 0 : srv->config_storage[0]->use_ipv6; - s->set_v6only = (i == 0) ? 1 : srv->config_storage[0]->set_v6only; - s->defer_accept = (i == 0) ? 0 : srv->config_storage[0]->defer_accept; -@@ -318,6 +325,9 @@ static int config_insert(server *srv) { - cv[76].destination = &(s->stream_request_body); - cv[77].destination = &(s->stream_response_body); - cv[79].destination = &(s->ssl_read_ahead); -+ cv[80].destination = &(s->ssl_use_tlsv1); -+ cv[81].destination = &(s->ssl_use_tlsv1_1); -+ cv[82].destination = &(s->ssl_use_tlsv1_2); - - srv->config_storage[i] = s; - -@@ -536,6 +546,9 @@ int config_setup_connection(server *srv, connection *con) { - PATCH(ssl_empty_fragments); - PATCH(ssl_use_sslv2); - PATCH(ssl_use_sslv3); -+ PATCH(ssl_use_tlsv1); -+ PATCH(ssl_use_tlsv1_1); -+ PATCH(ssl_use_tlsv1_2); - PATCH(etag_use_inode); - PATCH(etag_use_mtime); - PATCH(etag_use_size); -@@ -615,6 +628,12 @@ int config_patch_connection(server *srv, connection *con) { - PATCH(ssl_use_sslv2); - } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.use-sslv3"))) { - PATCH(ssl_use_sslv3); -+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.use-tlsv1"))) { -+ PATCH(ssl_use_tlsv1); -+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.use-tlsv1_1"))) { -+ PATCH(ssl_use_tlsv1_1); -+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.use-tlsv1_2"))) { -+ PATCH(ssl_use_tlsv1_2); - } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.cipher-list"))) { - PATCH(ssl_cipher_list); - } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.engine"))) { -diff --git a/src/network.c b/src/network.c -index 4295fe9..a3f9ec3 100644 ---- a/src/network.c -+++ b/src/network.c -@@ -859,6 +859,33 @@ int network_init(server *srv) { - } - } - -+ if (!s->ssl_use_tlsv1) { -+ /* disable TLSv1 */ -+ if (!(SSL_OP_NO_TLSv1 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_TLSv1))) { -+ log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:", -+ ERR_error_string(ERR_get_error(), NULL)); -+ return -1; -+ } -+ } -+ -+ if (!s->ssl_use_tlsv1_1) { -+ /* disable TLSv1.1 */ -+ if (!(SSL_OP_NO_TLSv1_1 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_TLSv1_1))) { -+ log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:", -+ ERR_error_string(ERR_get_error(), NULL)); -+ return -1; -+ } -+ } -+ -+ if (!s->ssl_use_tlsv1_2) { -+ /* disable TLSv1.2 */ -+ if (!(SSL_OP_NO_TLSv1_2 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_TLSv1_2))) { -+ log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:", -+ ERR_error_string(ERR_get_error(), NULL)); -+ return -1; -+ } -+ } -+ - if (!buffer_string_is_empty(s->ssl_cipher_list)) { - /* Disable support for low encryption ciphers */ - if (SSL_CTX_set_cipher_list(s->ssl_ctx, s->ssl_cipher_list->ptr) != 1) { diff --git a/recipes-core/lighttpd/files/0004_fastcgi_env_with_unixsocket.patch b/recipes-core/lighttpd/files/0004_fastcgi_env_with_unixsocket.patch deleted file mode 100644 index c265066..0000000 --- a/recipes-core/lighttpd/files/0004_fastcgi_env_with_unixsocket.patch +++ /dev/null @@ -1,57 +0,0 @@ -From bdfb7f9c6ab29d2de3576f8bd845fa871bb44ead Mon Sep 17 00:00:00 2001 -From: Serhii Voloshynov -Date: Tue, 6 Nov 2018 13:50:04 +0200 -Subject: [PATCH] patch - ---- - src/http-header-glue.c | 11 +++++++++++ - 1 file changed, 11 insertions(+) - -diff --git a/src/http-header-glue.c b/src/http-header-glue.c -index 1916ca6..d4f42ad 100644 ---- a/src/http-header-glue.c -+++ b/src/http-header-glue.c -@@ -1457,6 +1457,8 @@ int http_cgi_headers (server *srv, connection *con, http_cgi_opts *opts, http_cg - rc |= cb(vdata, CONST_STR_LEN("HTTPS"), CONST_STR_LEN("on")); - } - -+ if (srv_sock->addr.plain.sa_family != AF_UNIX) { -+ - addr = &srv_sock->addr; - li_utostrn(buf, sizeof(buf), sock_addr_get_port(addr)); - rc |= cb(vdata, CONST_STR_LEN("SERVER_PORT"), buf, strlen(buf)); -@@ -1482,6 +1484,7 @@ int http_cgi_headers (server *srv, connection *con, http_cgi_opts *opts, http_cg - } - force_assert(s); - rc |= cb(vdata, CONST_STR_LEN("SERVER_ADDR"), s, strlen(s)); -+ } - - if (!buffer_string_is_empty(con->server_name)) { - size_t len = buffer_string_length(con->server_name); -@@ -1497,15 +1500,23 @@ int http_cgi_headers (server *srv, connection *con, http_cgi_opts *opts, http_cg - rc |= cb(vdata, CONST_STR_LEN("SERVER_NAME"), - con->server_name->ptr, len); - } else { -+ if (srv_sock->addr.plain.sa_family != AF_UNIX) { - /* set to be same as SERVER_ADDR (above) */ - rc |= cb(vdata, CONST_STR_LEN("SERVER_NAME"), s, strlen(s)); - } -+ } -+ if (srv_sock->addr.plain.sa_family == AF_UNIX) { -+ rc |= cb(vdata, CONST_STR_LEN("SERVER_IPC"), CONST_STR_LEN("yes")); -+ } -+ -+ if (srv_sock->addr.plain.sa_family != AF_UNIX) { - - rc |= cb(vdata, CONST_STR_LEN("REMOTE_ADDR"), - CONST_BUF_LEN(con->dst_addr_buf)); - - li_utostrn(buf, sizeof(buf), sock_addr_get_port(&con->dst_addr)); - rc |= cb(vdata, CONST_STR_LEN("REMOTE_PORT"), buf, strlen(buf)); -+ } - - for (n = 0; n < con->request.headers->used; n++) { - data_string *ds = (data_string *)con->request.headers->data[n]; --- -2.7.4 - diff --git a/recipes-core/lighttpd/files/lighttpd.conf b/recipes-core/lighttpd/files/lighttpd.conf deleted file mode 100644 index a3e02da..0000000 --- a/recipes-core/lighttpd/files/lighttpd.conf +++ /dev/null @@ -1,209 +0,0 @@ -# lighttpd configuration file for the rcell -# include config file (/var/run/config/lighttpd_port.conf) generated at start up -# -# $Id: lighttpd.conf,v 1.7 2004/11/03 22:26:05 weigon Exp $ - -#IMPORT PORT SETTINGS -include "/var/run/config/lighttpd_port.conf" - -## local access from startup scripts and apps -$SERVER["socket"] == "/var/run/api/http.sock" { } - -## modules -server.modules = ( - "mod_rewrite", - "mod_redirect", - "mod_proxy", - "mod_alias", - "mod_access", - "mod_fastcgi", - "mod_accesslog", - "mod_openssl", - "mod_setenv") - - -## static document-root -server.document-root = "/var/www/" -setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*", - "Content-Security-Policy" => "default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' https://fonts.googleapis.com 'self'; font-src https://fonts.gstatic.com 'self'; connect-src 'self'; img-src 'self' data:", - "X-Frame-Options" =>"SAMEORIGIN", - "X-XSS-Protection" => "1; mode=block", - "X-Content-Type-Options" => "nosniff", - "Referrer-Policy" => "strict-origin-when-cross-origin", - "Feature-Policy" => "accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; payment 'none'; usb 'none'", - "Strict-Transport-Security" => "max-age=31536000", - "Cache-Control" => "no-cache" -) -server.socket-perms = "0760" - -## where to send error-messages to -#server.errorlog = "/var/log/lighttpd.error.log" -server.errorlog-use-syslog = "enable" - -# disable stat cache -server.stat-cache-engine = "disable" - -## where to send access log -#accesslog.filename = "/var/log/lighttpd.access.log" -accesslog.use-syslog = "enable" - -## enable debugging -#debug.log-request-header = "enable" -#debug.log-response-header = "enable" -#debug.log-request-handling = "enable" -#debug.log-file-not-found = "enable" -#debug.log-condition-handling = "enable" - -## where to upload files -server.upload-dirs = ( "/var/volatile/tmp" ) - -# files to check for if .../ is requested -index-file.names = ( "index.php", "index.html", - "index.htm", "default.htm" ) - -# mimetype mapping -mimetype.assign = ( - ".pdf" => "application/pdf", - ".sig" => "application/pgp-signature", - ".spl" => "application/futuresplash", - ".class" => "application/octet-stream", - ".ps" => "application/postscript", - ".torrent" => "application/x-bittorrent", - ".dvi" => "application/x-dvi", - ".pac" => "application/x-ns-proxy-autoconfig", - ".swf" => "application/x-shockwave-flash", - ".tar.gz" => "application/x-tgz", - ".tgz" => "application/x-tgz", - ".tar" => "application/x-tar", - ".xhtml" => "application/xhtml+xml", - ".xht" => "application/xhtml+xml", - ".zip" => "application/zip", - ".mp3" => "audio/mpeg", - ".m3u" => "audio/x-mpegurl", - ".wma" => "audio/x-ms-wma", - ".wax" => "audio/x-ms-wax", - ".ogg" => "application/ogg", - ".wav" => "audio/x-wav", - ".gif" => "image/gif", - ".jpg" => "image/jpeg", - ".jpeg" => "image/jpeg", - ".png" => "image/png", - ".svg" => "image/svg+xml", - ".ico" => "image/x-icon", - ".xbm" => "image/x-xbitmap", - ".xpm" => "image/x-xpixmap", - ".xwd" => "image/x-xwindowdump", - ".css" => "text/css", - ".html" => "text/html", - ".htm" => "text/html", - ".asc" => "text/plain", - ".c" => "text/plain", - ".cpp" => "text/plain", - ".log" => "text/plain", - ".conf" => "text/plain", - ".text" => "text/plain", - ".txt" => "text/plain", - ".dtd" => "text/xml", - ".xml" => "text/xml", - ".mpeg" => "video/mpeg", - ".mpg" => "video/mpeg", - ".mov" => "video/quicktime", - ".qt" => "video/quicktime", - ".avi" => "video/x-msvideo", - ".asf" => "video/x-ms-asf", - ".asx" => "video/x-ms-asf", - ".wmv" => "video/x-ms-wmv", - ".bz2" => "application/x-bzip", - ".tbz" => "application/x-bzip-compressed-tar", - ".tar.bz2" => "application/x-bzip-compressed-tar", - ".mib" => "application/text", - ".js" => "application/javascript" - ) - -## deny access the file-extensions -url.access-deny = ( "~", ".inc" ) - -# send a different Server: header -server.tag = "" - -#server.error-handler-404 = "/index.html" - -#Range request are requests of one or more sub-ranges of a file. -#Range requests are very helpful for resuming interrupted downloads and fetching small portions of huge files. -#Note: Adobe Acrobat Reader can crash when it tries to open a PDF file if range requests are enabled. -$HTTP["url"] =~ "\.pdf$" { - server.range-requests = "disable" -} - -## -# which extensions should not be handle via static-file transfer -# -# .php, .pl, .fcgi are most often handled by mod_fastcgi or mod_cgi -static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) - -## to help the rc.scripts -server.pid-file = "/var/run/lighttpd.pid" - -# Restrict server process to non priveleged user -server.username = "www" -server.groupname = "www" - -# server limit POST size in kilobytes (60MB for firmware update) -server.max-request-size = 113246 - -# server limits -server.max-keep-alive-requests = 16 -server.max-keep-alive-idle = 15 -server.max-read-idle = 60 -server.max-write-idle = 360 - -## -## Format: .html -## -> ..../status-404.html for 'File not found' -server.errorfile-prefix = "/var/www/errors/status-" - -## virtual directory listings -#dir-listing.activate = "enable" - -#IMPORTED CONFIGS WILL HANDLE SETTING HTTP/HTTPS - -#### fastcgi module -fastcgi.server = ( "/" => - ( "authorizer" => - ( - "mode" => "authorizer", - "check-local" => "disable", - "socket" => "/var/run/api/rcell_api.sock", - "docroot" => "/var/www" - ) - ) -) - - -$HTTP["url"] =~ "/static/js" { - setenv.add-response-header = ( "Content-Encoding" => "gzip") - mimetype.assign = ("" => "text/javascript" ) - } else $HTTP["url"] =~ "/help/template/scripts" { - setenv.add-response-header = ( "Content-Encoding" => "gzip") - mimetype.assign = ("" => "text/javascript" ) - } else $HTTP["url"] =~ "/help/whxdata/" { - setenv.add-response-header = ( "Content-Encoding" => "gzip") - mimetype.assign = ("" => "text/javascript" ) - } else $HTTP["url"] =~ "/help/template/Azure_Blue_MTS_1/layout.css" { - setenv.add-response-header = ( "Content-Encoding" => "gzip") - mimetype.assign = ("" => "text/css" ) - } else $HTTP["url"] =~ "^/api" { - fastcgi.server = ( "/api" => - ( "api" => - ( - "mode" => "responder", - "check-local" => "disable", - "socket" => "/var/run/api/rcell_api.sock" - ) - ) - ) -} - -#INCLUDE DIPSERVICE SETTINGS -include "/var/run/config/lighttpd_dipservice.conf" -include "/var/run/config/lighttpd_custom_images.conf" diff --git a/recipes-core/lighttpd/files/lighttpd_custom_images_setup b/recipes-core/lighttpd/files/lighttpd_custom_images_setup deleted file mode 100644 index ecd5f46..0000000 --- a/recipes-core/lighttpd/files/lighttpd_custom_images_setup +++ /dev/null @@ -1,57 +0,0 @@ -#!/bin/bash -# Detects mime types for UI Customization images and generates according Lighttpd config fragment - -CONFIG_PATH="/var/run/config/lighttpd_custom_images.conf" -IMAGE_PATH="/var/www/static/images/" -MAGIC_DB_PATH="/usr/share/misc/magic-images.mgc" -shopt -s nullglob - -echoerr() { - echo "$@" 1>&2 -} - -generate_mime_assign() { - local IMAGE="$1" - local OUTPUT=$(file -ib "$IMAGE" --magic-file "$MAGIC_DB_PATH") - local CONTENT_TYPE - - if [ "$?" -ne "0" ] || [[ "$OUTPUT" == "" ]] || [[ "$OUTPUT" == *"cannot open"* ]]; then - echoerr "Failed to run file(1): ${?}; ${OUTPUT}" - return 1 - fi - - CONTENT_TYPE="$OUTPUT" - cat < "$CONTENT_TYPE") - } -END -} - -process_files() { - local INDENT=" " - local ELSE_STRING="" - local FRAGMENT - - for IMAGE in custom_*; do - INDENT=" " - - FRAGMENT=$(generate_mime_assign $IMAGE) - if [ "$?" -eq "0" ]; then - echo "${INDENT}${ELSE_STRING}${FRAGMENT}" >> "$CONFIG_PATH" - ELSE_STRING="else " - fi - done -} - -echo "Generating $CONFIG_PATH" - -# truncate and write head -cat > "$CONFIG_PATH" <> "$CONFIG_PATH" diff --git a/recipes-core/lighttpd/files/lighttpd_nrs.conf b/recipes-core/lighttpd/files/lighttpd_nrs.conf deleted file mode 100644 index 8c23747..0000000 --- a/recipes-core/lighttpd/files/lighttpd_nrs.conf +++ /dev/null @@ -1,66 +0,0 @@ -server.modules = ( "mod_expire" ) -server.bind = "127.0.0.1" -server.port = 1882 -server.document-root = "/var/www/node-red/node-red-stub" -server.max-keep-alive-requests = 0 -expire.url = ( "/" => "access 0 days" ) -server.errorlog-use-syslog = "enable" -server.upload-dirs = ( "/var/volatile/tmp" ) -index-file.names = ( "index.html" ) -server.pid-file = "/var/run/lighttpd_nrs.pid" -server.errorfile-prefix = "/var/www/node-red/node-red-errors/status-" -mimetype.assign = ( - ".pdf" => "application/pdf", - ".sig" => "application/pgp-signature", - ".spl" => "application/futuresplash", - ".class" => "application/octet-stream", - ".ps" => "application/postscript", - ".torrent" => "application/x-bittorrent", - ".dvi" => "application/x-dvi", - ".gz" => "application/x-gzip", - ".pac" => "application/x-ns-proxy-autoconfig", - ".swf" => "application/x-shockwave-flash", - ".tar.gz" => "application/x-tgz", - ".tgz" => "application/x-tgz", - ".tar" => "application/x-tar", - ".xhtml" => "application/xhtml+xml", - ".xht" => "application/xhtml+xml", - ".zip" => "application/zip", - ".mp3" => "audio/mpeg", - ".m3u" => "audio/x-mpegurl", - ".wma" => "audio/x-ms-wma", - ".wax" => "audio/x-ms-wax", - ".ogg" => "application/ogg", - ".wav" => "audio/x-wav", - ".gif" => "image/gif", - ".jpg" => "image/jpeg", - ".jpeg" => "image/jpeg", - ".png" => "image/png", - ".xbm" => "image/x-xbitmap", - ".xpm" => "image/x-xpixmap", - ".xwd" => "image/x-xwindowdump", - ".css" => "text/css", - ".html" => "text/html", - ".htm" => "text/html", - ".js" => "text/javascript", - ".asc" => "text/plain", - ".c" => "text/plain", - ".cpp" => "text/plain", - ".log" => "text/plain", - ".conf" => "text/plain", - ".text" => "text/plain", - ".txt" => "text/plain", - ".dtd" => "text/xml", - ".xml" => "text/xml", - ".mpeg" => "video/mpeg", - ".mpg" => "video/mpeg", - ".mov" => "video/quicktime", - ".qt" => "video/quicktime", - ".avi" => "video/x-msvideo", - ".asf" => "video/x-ms-asf", - ".asx" => "video/x-ms-asf", - ".wmv" => "video/x-ms-wmv", - ".bz2" => "application/x-bzip", - ".tbz" => "application/x-bzip-compressed-tar", - ".tar.bz2" => "application/x-bzip-compressed-tar" -) diff --git a/recipes-core/lighttpd/lighttpd/0001-lighttpd-pcre-use-pkg-config.patch b/recipes-core/lighttpd/lighttpd/0001-lighttpd-pcre-use-pkg-config.patch new file mode 100644 index 0000000..48be920 --- /dev/null +++ b/recipes-core/lighttpd/lighttpd/0001-lighttpd-pcre-use-pkg-config.patch @@ -0,0 +1,41 @@ +From 22afc5d9aaa215c3c87ba21c77d47da44ab3b113 Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin +Date: Fri, 26 Aug 2016 18:20:32 +0300 +Subject: [PATCH] Use pkg-config for pcre dependency instead of -config script. + +RP 2014/5/22 +Upstream-Status: Pending +Signed-off-by: Alexander Kanavin +--- + configure.ac | 16 ++++++++++++---- + 1 file changed, 12 insertions(+), 4 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 5383cec..c29a902 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -651,10 +651,18 @@ AC_ARG_WITH([pcre], + ) + AC_MSG_RESULT([$WITH_PCRE]) + +-if test "$WITH_PCRE" != no; then +- if test "$WITH_PCRE" != yes; then +- PCRE_LIB="-L$WITH_PCRE/lib -lpcre" +- CPPFLAGS="$CPPFLAGS -I$WITH_PCRE/include" ++if test "$WITH_PCRE" != "no"; then ++ PKG_CHECK_MODULES(PCREPKG, [libpcre], [ ++ PCRE_LIB=${PCREPKG_LIBS} ++ CPPFLAGS="$CPPFLAGS ${PCREPKG_CFLAGS}" ++ ], [ ++ AC_MSG_ERROR([pcre pkgconfig not found, install the pcre-devel package or build with --without-pcre]) ++ ]) ++ ++ if test x"$PCRE_LIB" != x; then ++ AC_DEFINE([HAVE_LIBPCRE], [1], [libpcre]) ++ AC_DEFINE([HAVE_PCRE_H], [1], [pcre.h]) ++ AC_SUBST(PCRE_LIB) + else + AC_PATH_PROG([PCRECONFIG], [pcre-config]) + if test -n "$PCRECONFIG"; then +-- +2.15.0 diff --git a/recipes-core/lighttpd/lighttpd/0002_extended_tls_conf.patch b/recipes-core/lighttpd/lighttpd/0002_extended_tls_conf.patch new file mode 100644 index 0000000..1a216dd --- /dev/null +++ b/recipes-core/lighttpd/lighttpd/0002_extended_tls_conf.patch @@ -0,0 +1,110 @@ +diff --git a/src/base.h b/src/base.h +index 134fc41..f2d849e 100644 +--- a/src/base.h ++++ b/src/base.h +@@ -289,6 +289,9 @@ typedef struct { + unsigned short ssl_empty_fragments; /* whether to not set SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS */ + unsigned short ssl_use_sslv2; + unsigned short ssl_use_sslv3; ++ unsigned short ssl_use_tlsv1; ++ unsigned short ssl_use_tlsv1_1; ++ unsigned short ssl_use_tlsv1_2; + unsigned short ssl_verifyclient; + unsigned short ssl_verifyclient_enforce; + unsigned short ssl_verifyclient_depth; +diff --git a/src/configfile.c b/src/configfile.c +index bba6925..bbedd77 100644 +--- a/src/configfile.c ++++ b/src/configfile.c +@@ -146,6 +146,10 @@ static int config_insert(server *srv) { + { "server.max-request-field-size", NULL, T_CONFIG_INT, T_CONFIG_SCOPE_SERVER }, /* 78 */ + { "ssl.read-ahead", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 79 */ + ++ { "ssl.use-tlsv1", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 80 */ ++ { "ssl.use-tlsv1_1", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 81 */ ++ { "ssl.use-tlsv1_2", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 82 */ ++ + { NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET } + }; + +@@ -226,6 +230,9 @@ static int config_insert(server *srv) { + s->ssl_empty_fragments = 0; + s->ssl_use_sslv2 = 0; + s->ssl_use_sslv3 = 0; ++ s->ssl_use_tlsv1 = 0; ++ s->ssl_use_tlsv1_1 = 0; ++ s->ssl_use_tlsv1_2 = 1; + s->use_ipv6 = (i == 0) ? 0 : srv->config_storage[0]->use_ipv6; + s->set_v6only = (i == 0) ? 1 : srv->config_storage[0]->set_v6only; + s->defer_accept = (i == 0) ? 0 : srv->config_storage[0]->defer_accept; +@@ -318,6 +325,9 @@ static int config_insert(server *srv) { + cv[76].destination = &(s->stream_request_body); + cv[77].destination = &(s->stream_response_body); + cv[79].destination = &(s->ssl_read_ahead); ++ cv[80].destination = &(s->ssl_use_tlsv1); ++ cv[81].destination = &(s->ssl_use_tlsv1_1); ++ cv[82].destination = &(s->ssl_use_tlsv1_2); + + srv->config_storage[i] = s; + +@@ -536,6 +546,9 @@ int config_setup_connection(server *srv, connection *con) { + PATCH(ssl_empty_fragments); + PATCH(ssl_use_sslv2); + PATCH(ssl_use_sslv3); ++ PATCH(ssl_use_tlsv1); ++ PATCH(ssl_use_tlsv1_1); ++ PATCH(ssl_use_tlsv1_2); + PATCH(etag_use_inode); + PATCH(etag_use_mtime); + PATCH(etag_use_size); +@@ -615,6 +628,12 @@ int config_patch_connection(server *srv, connection *con) { + PATCH(ssl_use_sslv2); + } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.use-sslv3"))) { + PATCH(ssl_use_sslv3); ++ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.use-tlsv1"))) { ++ PATCH(ssl_use_tlsv1); ++ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.use-tlsv1_1"))) { ++ PATCH(ssl_use_tlsv1_1); ++ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.use-tlsv1_2"))) { ++ PATCH(ssl_use_tlsv1_2); + } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.cipher-list"))) { + PATCH(ssl_cipher_list); + } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.engine"))) { +diff --git a/src/network.c b/src/network.c +index 4295fe9..a3f9ec3 100644 +--- a/src/network.c ++++ b/src/network.c +@@ -859,6 +859,33 @@ int network_init(server *srv) { + } + } + ++ if (!s->ssl_use_tlsv1) { ++ /* disable TLSv1 */ ++ if (!(SSL_OP_NO_TLSv1 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_TLSv1))) { ++ log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:", ++ ERR_error_string(ERR_get_error(), NULL)); ++ return -1; ++ } ++ } ++ ++ if (!s->ssl_use_tlsv1_1) { ++ /* disable TLSv1.1 */ ++ if (!(SSL_OP_NO_TLSv1_1 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_TLSv1_1))) { ++ log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:", ++ ERR_error_string(ERR_get_error(), NULL)); ++ return -1; ++ } ++ } ++ ++ if (!s->ssl_use_tlsv1_2) { ++ /* disable TLSv1.2 */ ++ if (!(SSL_OP_NO_TLSv1_2 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_TLSv1_2))) { ++ log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:", ++ ERR_error_string(ERR_get_error(), NULL)); ++ return -1; ++ } ++ } ++ + if (!buffer_string_is_empty(s->ssl_cipher_list)) { + /* Disable support for low encryption ciphers */ + if (SSL_CTX_set_cipher_list(s->ssl_ctx, s->ssl_cipher_list->ptr) != 1) { diff --git a/recipes-core/lighttpd/lighttpd/0004_fastcgi_env_with_unixsocket.patch b/recipes-core/lighttpd/lighttpd/0004_fastcgi_env_with_unixsocket.patch new file mode 100644 index 0000000..c265066 --- /dev/null +++ b/recipes-core/lighttpd/lighttpd/0004_fastcgi_env_with_unixsocket.patch @@ -0,0 +1,57 @@ +From bdfb7f9c6ab29d2de3576f8bd845fa871bb44ead Mon Sep 17 00:00:00 2001 +From: Serhii Voloshynov +Date: Tue, 6 Nov 2018 13:50:04 +0200 +Subject: [PATCH] patch + +--- + src/http-header-glue.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/src/http-header-glue.c b/src/http-header-glue.c +index 1916ca6..d4f42ad 100644 +--- a/src/http-header-glue.c ++++ b/src/http-header-glue.c +@@ -1457,6 +1457,8 @@ int http_cgi_headers (server *srv, connection *con, http_cgi_opts *opts, http_cg + rc |= cb(vdata, CONST_STR_LEN("HTTPS"), CONST_STR_LEN("on")); + } + ++ if (srv_sock->addr.plain.sa_family != AF_UNIX) { ++ + addr = &srv_sock->addr; + li_utostrn(buf, sizeof(buf), sock_addr_get_port(addr)); + rc |= cb(vdata, CONST_STR_LEN("SERVER_PORT"), buf, strlen(buf)); +@@ -1482,6 +1484,7 @@ int http_cgi_headers (server *srv, connection *con, http_cgi_opts *opts, http_cg + } + force_assert(s); + rc |= cb(vdata, CONST_STR_LEN("SERVER_ADDR"), s, strlen(s)); ++ } + + if (!buffer_string_is_empty(con->server_name)) { + size_t len = buffer_string_length(con->server_name); +@@ -1497,15 +1500,23 @@ int http_cgi_headers (server *srv, connection *con, http_cgi_opts *opts, http_cg + rc |= cb(vdata, CONST_STR_LEN("SERVER_NAME"), + con->server_name->ptr, len); + } else { ++ if (srv_sock->addr.plain.sa_family != AF_UNIX) { + /* set to be same as SERVER_ADDR (above) */ + rc |= cb(vdata, CONST_STR_LEN("SERVER_NAME"), s, strlen(s)); + } ++ } ++ if (srv_sock->addr.plain.sa_family == AF_UNIX) { ++ rc |= cb(vdata, CONST_STR_LEN("SERVER_IPC"), CONST_STR_LEN("yes")); ++ } ++ ++ if (srv_sock->addr.plain.sa_family != AF_UNIX) { + + rc |= cb(vdata, CONST_STR_LEN("REMOTE_ADDR"), + CONST_BUF_LEN(con->dst_addr_buf)); + + li_utostrn(buf, sizeof(buf), sock_addr_get_port(&con->dst_addr)); + rc |= cb(vdata, CONST_STR_LEN("REMOTE_PORT"), buf, strlen(buf)); ++ } + + for (n = 0; n < con->request.headers->used; n++) { + data_string *ds = (data_string *)con->request.headers->data[n]; +-- +2.7.4 + diff --git a/recipes-core/lighttpd/lighttpd/lighttpd.conf b/recipes-core/lighttpd/lighttpd/lighttpd.conf new file mode 100644 index 0000000..a3e02da --- /dev/null +++ b/recipes-core/lighttpd/lighttpd/lighttpd.conf @@ -0,0 +1,209 @@ +# lighttpd configuration file for the rcell +# include config file (/var/run/config/lighttpd_port.conf) generated at start up +# +# $Id: lighttpd.conf,v 1.7 2004/11/03 22:26:05 weigon Exp $ + +#IMPORT PORT SETTINGS +include "/var/run/config/lighttpd_port.conf" + +## local access from startup scripts and apps +$SERVER["socket"] == "/var/run/api/http.sock" { } + +## modules +server.modules = ( + "mod_rewrite", + "mod_redirect", + "mod_proxy", + "mod_alias", + "mod_access", + "mod_fastcgi", + "mod_accesslog", + "mod_openssl", + "mod_setenv") + + +## static document-root +server.document-root = "/var/www/" +setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*", + "Content-Security-Policy" => "default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' https://fonts.googleapis.com 'self'; font-src https://fonts.gstatic.com 'self'; connect-src 'self'; img-src 'self' data:", + "X-Frame-Options" =>"SAMEORIGIN", + "X-XSS-Protection" => "1; mode=block", + "X-Content-Type-Options" => "nosniff", + "Referrer-Policy" => "strict-origin-when-cross-origin", + "Feature-Policy" => "accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; payment 'none'; usb 'none'", + "Strict-Transport-Security" => "max-age=31536000", + "Cache-Control" => "no-cache" +) +server.socket-perms = "0760" + +## where to send error-messages to +#server.errorlog = "/var/log/lighttpd.error.log" +server.errorlog-use-syslog = "enable" + +# disable stat cache +server.stat-cache-engine = "disable" + +## where to send access log +#accesslog.filename = "/var/log/lighttpd.access.log" +accesslog.use-syslog = "enable" + +## enable debugging +#debug.log-request-header = "enable" +#debug.log-response-header = "enable" +#debug.log-request-handling = "enable" +#debug.log-file-not-found = "enable" +#debug.log-condition-handling = "enable" + +## where to upload files +server.upload-dirs = ( "/var/volatile/tmp" ) + +# files to check for if .../ is requested +index-file.names = ( "index.php", "index.html", + "index.htm", "default.htm" ) + +# mimetype mapping +mimetype.assign = ( + ".pdf" => "application/pdf", + ".sig" => "application/pgp-signature", + ".spl" => "application/futuresplash", + ".class" => "application/octet-stream", + ".ps" => "application/postscript", + ".torrent" => "application/x-bittorrent", + ".dvi" => "application/x-dvi", + ".pac" => "application/x-ns-proxy-autoconfig", + ".swf" => "application/x-shockwave-flash", + ".tar.gz" => "application/x-tgz", + ".tgz" => "application/x-tgz", + ".tar" => "application/x-tar", + ".xhtml" => "application/xhtml+xml", + ".xht" => "application/xhtml+xml", + ".zip" => "application/zip", + ".mp3" => "audio/mpeg", + ".m3u" => "audio/x-mpegurl", + ".wma" => "audio/x-ms-wma", + ".wax" => "audio/x-ms-wax", + ".ogg" => "application/ogg", + ".wav" => "audio/x-wav", + ".gif" => "image/gif", + ".jpg" => "image/jpeg", + ".jpeg" => "image/jpeg", + ".png" => "image/png", + ".svg" => "image/svg+xml", + ".ico" => "image/x-icon", + ".xbm" => "image/x-xbitmap", + ".xpm" => "image/x-xpixmap", + ".xwd" => "image/x-xwindowdump", + ".css" => "text/css", + ".html" => "text/html", + ".htm" => "text/html", + ".asc" => "text/plain", + ".c" => "text/plain", + ".cpp" => "text/plain", + ".log" => "text/plain", + ".conf" => "text/plain", + ".text" => "text/plain", + ".txt" => "text/plain", + ".dtd" => "text/xml", + ".xml" => "text/xml", + ".mpeg" => "video/mpeg", + ".mpg" => "video/mpeg", + ".mov" => "video/quicktime", + ".qt" => "video/quicktime", + ".avi" => "video/x-msvideo", + ".asf" => "video/x-ms-asf", + ".asx" => "video/x-ms-asf", + ".wmv" => "video/x-ms-wmv", + ".bz2" => "application/x-bzip", + ".tbz" => "application/x-bzip-compressed-tar", + ".tar.bz2" => "application/x-bzip-compressed-tar", + ".mib" => "application/text", + ".js" => "application/javascript" + ) + +## deny access the file-extensions +url.access-deny = ( "~", ".inc" ) + +# send a different Server: header +server.tag = "" + +#server.error-handler-404 = "/index.html" + +#Range request are requests of one or more sub-ranges of a file. +#Range requests are very helpful for resuming interrupted downloads and fetching small portions of huge files. +#Note: Adobe Acrobat Reader can crash when it tries to open a PDF file if range requests are enabled. +$HTTP["url"] =~ "\.pdf$" { + server.range-requests = "disable" +} + +## +# which extensions should not be handle via static-file transfer +# +# .php, .pl, .fcgi are most often handled by mod_fastcgi or mod_cgi +static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) + +## to help the rc.scripts +server.pid-file = "/var/run/lighttpd.pid" + +# Restrict server process to non priveleged user +server.username = "www" +server.groupname = "www" + +# server limit POST size in kilobytes (60MB for firmware update) +server.max-request-size = 113246 + +# server limits +server.max-keep-alive-requests = 16 +server.max-keep-alive-idle = 15 +server.max-read-idle = 60 +server.max-write-idle = 360 + +## +## Format: .html +## -> ..../status-404.html for 'File not found' +server.errorfile-prefix = "/var/www/errors/status-" + +## virtual directory listings +#dir-listing.activate = "enable" + +#IMPORTED CONFIGS WILL HANDLE SETTING HTTP/HTTPS + +#### fastcgi module +fastcgi.server = ( "/" => + ( "authorizer" => + ( + "mode" => "authorizer", + "check-local" => "disable", + "socket" => "/var/run/api/rcell_api.sock", + "docroot" => "/var/www" + ) + ) +) + + +$HTTP["url"] =~ "/static/js" { + setenv.add-response-header = ( "Content-Encoding" => "gzip") + mimetype.assign = ("" => "text/javascript" ) + } else $HTTP["url"] =~ "/help/template/scripts" { + setenv.add-response-header = ( "Content-Encoding" => "gzip") + mimetype.assign = ("" => "text/javascript" ) + } else $HTTP["url"] =~ "/help/whxdata/" { + setenv.add-response-header = ( "Content-Encoding" => "gzip") + mimetype.assign = ("" => "text/javascript" ) + } else $HTTP["url"] =~ "/help/template/Azure_Blue_MTS_1/layout.css" { + setenv.add-response-header = ( "Content-Encoding" => "gzip") + mimetype.assign = ("" => "text/css" ) + } else $HTTP["url"] =~ "^/api" { + fastcgi.server = ( "/api" => + ( "api" => + ( + "mode" => "responder", + "check-local" => "disable", + "socket" => "/var/run/api/rcell_api.sock" + ) + ) + ) +} + +#INCLUDE DIPSERVICE SETTINGS +include "/var/run/config/lighttpd_dipservice.conf" +include "/var/run/config/lighttpd_custom_images.conf" diff --git a/recipes-core/lighttpd/lighttpd/lighttpd.init b/recipes-core/lighttpd/lighttpd/lighttpd.init new file mode 100644 index 0000000..bf89a60 --- /dev/null +++ b/recipes-core/lighttpd/lighttpd/lighttpd.init @@ -0,0 +1,34 @@ +#!/bin/sh + +PATH=/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/sbin/lighttpd +NAME=lighttpd +DESC="Lighttpd Web Server" +OPTS="-f /etc/lighttpd.conf" + +case "$1" in + start) + echo -n "Starting $DESC: " + start-stop-daemon --start -x "$DAEMON" -- $OPTS + echo "$NAME." + ;; + stop) + echo -n "Stopping $DESC: " + start-stop-daemon --stop -x "$DAEMON" + echo "$NAME." + ;; + restart|force-reload) + echo -n "Restarting $DESC: " + start-stop-daemon --stop -x "$DAEMON" + sleep 1 + start-stop-daemon --start -x "$DAEMON" -- $OPTS + echo "$NAME." + ;; + *) + N=/etc/init.d/$NAME + echo "Usage: $N {start|stop|restart|force-reload}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/recipes-core/lighttpd/lighttpd/lighttpd_custom_images_setup b/recipes-core/lighttpd/lighttpd/lighttpd_custom_images_setup new file mode 100644 index 0000000..ecd5f46 --- /dev/null +++ b/recipes-core/lighttpd/lighttpd/lighttpd_custom_images_setup @@ -0,0 +1,57 @@ +#!/bin/bash +# Detects mime types for UI Customization images and generates according Lighttpd config fragment + +CONFIG_PATH="/var/run/config/lighttpd_custom_images.conf" +IMAGE_PATH="/var/www/static/images/" +MAGIC_DB_PATH="/usr/share/misc/magic-images.mgc" +shopt -s nullglob + +echoerr() { + echo "$@" 1>&2 +} + +generate_mime_assign() { + local IMAGE="$1" + local OUTPUT=$(file -ib "$IMAGE" --magic-file "$MAGIC_DB_PATH") + local CONTENT_TYPE + + if [ "$?" -ne "0" ] || [[ "$OUTPUT" == "" ]] || [[ "$OUTPUT" == *"cannot open"* ]]; then + echoerr "Failed to run file(1): ${?}; ${OUTPUT}" + return 1 + fi + + CONTENT_TYPE="$OUTPUT" + cat < "$CONTENT_TYPE") + } +END +} + +process_files() { + local INDENT=" " + local ELSE_STRING="" + local FRAGMENT + + for IMAGE in custom_*; do + INDENT=" " + + FRAGMENT=$(generate_mime_assign $IMAGE) + if [ "$?" -eq "0" ]; then + echo "${INDENT}${ELSE_STRING}${FRAGMENT}" >> "$CONFIG_PATH" + ELSE_STRING="else " + fi + done +} + +echo "Generating $CONFIG_PATH" + +# truncate and write head +cat > "$CONFIG_PATH" <> "$CONFIG_PATH" diff --git a/recipes-core/lighttpd/lighttpd/lighttpd_nrs.conf b/recipes-core/lighttpd/lighttpd/lighttpd_nrs.conf new file mode 100644 index 0000000..8c23747 --- /dev/null +++ b/recipes-core/lighttpd/lighttpd/lighttpd_nrs.conf @@ -0,0 +1,66 @@ +server.modules = ( "mod_expire" ) +server.bind = "127.0.0.1" +server.port = 1882 +server.document-root = "/var/www/node-red/node-red-stub" +server.max-keep-alive-requests = 0 +expire.url = ( "/" => "access 0 days" ) +server.errorlog-use-syslog = "enable" +server.upload-dirs = ( "/var/volatile/tmp" ) +index-file.names = ( "index.html" ) +server.pid-file = "/var/run/lighttpd_nrs.pid" +server.errorfile-prefix = "/var/www/node-red/node-red-errors/status-" +mimetype.assign = ( + ".pdf" => "application/pdf", + ".sig" => "application/pgp-signature", + ".spl" => "application/futuresplash", + ".class" => "application/octet-stream", + ".ps" => "application/postscript", + ".torrent" => "application/x-bittorrent", + ".dvi" => "application/x-dvi", + ".gz" => "application/x-gzip", + ".pac" => "application/x-ns-proxy-autoconfig", + ".swf" => "application/x-shockwave-flash", + ".tar.gz" => "application/x-tgz", + ".tgz" => "application/x-tgz", + ".tar" => "application/x-tar", + ".xhtml" => "application/xhtml+xml", + ".xht" => "application/xhtml+xml", + ".zip" => "application/zip", + ".mp3" => "audio/mpeg", + ".m3u" => "audio/x-mpegurl", + ".wma" => "audio/x-ms-wma", + ".wax" => "audio/x-ms-wax", + ".ogg" => "application/ogg", + ".wav" => "audio/x-wav", + ".gif" => "image/gif", + ".jpg" => "image/jpeg", + ".jpeg" => "image/jpeg", + ".png" => "image/png", + ".xbm" => "image/x-xbitmap", + ".xpm" => "image/x-xpixmap", + ".xwd" => "image/x-xwindowdump", + ".css" => "text/css", + ".html" => "text/html", + ".htm" => "text/html", + ".js" => "text/javascript", + ".asc" => "text/plain", + ".c" => "text/plain", + ".cpp" => "text/plain", + ".log" => "text/plain", + ".conf" => "text/plain", + ".text" => "text/plain", + ".txt" => "text/plain", + ".dtd" => "text/xml", + ".xml" => "text/xml", + ".mpeg" => "video/mpeg", + ".mpg" => "video/mpeg", + ".mov" => "video/quicktime", + ".qt" => "video/quicktime", + ".avi" => "video/x-msvideo", + ".asf" => "video/x-ms-asf", + ".asx" => "video/x-ms-asf", + ".wmv" => "video/x-ms-wmv", + ".bz2" => "application/x-bzip", + ".tbz" => "application/x-bzip-compressed-tar", + ".tar.bz2" => "application/x-bzip-compressed-tar" +) diff --git a/recipes-core/lighttpd/lighttpd_1.4.48.bb b/recipes-core/lighttpd/lighttpd_1.4.48.bb index 776acc9..19e6cf2 100644 --- a/recipes-core/lighttpd/lighttpd_1.4.48.bb +++ b/recipes-core/lighttpd/lighttpd_1.4.48.bb @@ -5,7 +5,6 @@ BUGTRACKER = "http://redmine.lighttpd.net/projects/lighttpd/issues" LICENSE = "BSD" LIC_FILES_CHKSUM = "file://COPYING;md5=e4dac5c6ab169aa212feb5028853a579" -PR .= ".mts21" SECTION = "net" DEPENDS = "zlib libpcre openssl" @@ -22,13 +21,11 @@ RDEPENDS_${PN} += " \ " RDEPENDS_${PN} += " openssl" # for lighttpd_custom_images_setup script -RDEPENDS_${PN} += "bash file file-magic-db-images" SRC_URI = "http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-${PV}.tar.gz \ file://lighttpd.conf \ - file://lighttpd_nrs.conf \ - file://lighttpd_custom_images_setup \ + file://lighttpd.init \ file://0001-lighttpd-pcre-use-pkg-config.patch;apply=true \ file://0004_fastcgi_env_with_unixsocket.patch;apply=true \ " @@ -64,16 +61,13 @@ do_install_append() { install -d ${D}${sysconfdir}/init.d ${D}${sysconfdir}/lighttpd.d ${D}/www/pages/dav install -d 0644 ${D}${sysconfdir}/ssl install -m 0755 --group www -d ${D}${localstatedir}/www +# install -m 0755 ${WORKDIR}/lighttpd.init ${D}${sysconfdir}/init.d/lighttpd install -m 0644 --group www ${WORKDIR}/lighttpd.conf ${D}${sysconfdir} - install -m 0644 --group www ${WORKDIR}/lighttpd_nrs.conf ${D}${sysconfdir} #For FHS compliance, create symbolic links to /var/log and /var/tmp for logs and temporary data ln -sf ${localstatedir}/log ${D}/www/logs ln -sf ${localstatedir}/tmp ${D}/www/var - ln -snf ../volatile/www/tmp ${D}${localstatedir}/www/tmp - - install -d ${D}/${base_sbindir} - install -m 755 ${WORKDIR}/lighttpd_custom_images_setup ${D}/${base_sbindir}/lighttpd_custom_images_setup + ln -snf ../volatile/www/tmp ${D}${localstatedir}/www/tmp} } do_install_append_mtr() { @@ -87,7 +81,6 @@ do_install_append_mtrv1() { FILES_${PN} += "${sysconfdir} /www" CONFFILES_${PN} = "${sysconfdir}/lighttpd.conf \ - ${sysconfdir}/lighttpd_nrs.conf \ " PACKAGES_DYNAMIC += "^lighttpd-module-.*" -- cgit v1.2.3