summaryrefslogtreecommitdiffstats
path: root/meta-webserver/recipes-httpd
Commit message (Collapse)AuthorAgeFilesLines
* apache2: upgrade 2.4.39 -> 2.4.41Yi Zhao2019-09-021-2/+2
| | | | | | | | | | | | | | | | | Security fixes: CVE-2019-10081 CVE-2019-9517 CVE-2019-10098 CVE-2019-10092 CVE-2019-10097 CVE-2019-10082 See: http://www.apache.org/dist/httpd/CHANGES_2.4.41 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* apache2: Correct appending to SYSROOT_PREPROCESS_FUNCSPeter Kjellerstedt2019-09-021-1/+1
| | | | | | | | | | A missing space lead to problems if something else was already added to SYSROOT_PREPROCESS_FUNCS. Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* apache2: upgrade 2.4.34 -> 2.4.39Yi Zhao2019-09-0213-713/+157
| | | | | | | | | | | | | | | | | | | | | | | | | | * Drop apache2-native recipe. Add native to BBCLASSEXTEND in apache2 recipe. * Refresh patches. Drop CVE-2018-11763.patch and apache-configure_perlbin.patch * Cleanup recipe file. Remove obsolete code. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> [Bug fix only update: Includes CVES: CVE-2018-17189 CVE-2018-17199 CVE-2019-0190 CVE-2019-0220 CVE-2019-0196 CVE-2019-0197 CVE-2019-0215 CVE-2019-0217 CVE-2019-0211 ] Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* apache2: set CVE_PRODUCTQi.Chen@windriver.com2019-09-021-0/+2
| | | | | | | Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* apache2: Fix CVE-2018-11763Mingli Yu2018-11-153-0/+514
| | | | | | | | | | | | | mod_http2: connection IO event handling reworked. Instead of reacting on incoming bytes, the state machine now acts on incoming frames that are affecting it. This reduces state transitions. Reference: https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11763.html Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nginx: add PACKAGECONFIG[ssl]Max Kellermann2018-09-241-2/+4
| | | | | Signed-off-by: Max Kellermann <max.kellermann@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: set files layout to debian styleYi Zhao2018-08-241-2/+4
| | | | | | | | | The default layout installs log files to /var/apache2/logs. But we assume the log directory is /var/log/apache2 in volatile.conf. Specify the layout to debian style to set the correct the log directory. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: Upgrade to 1.15.2Khem Raj2018-08-152-6/+6
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nostromo: Add dep on virtual/cryptKhem Raj2018-08-151-1/+1
| | | | | | glibc 2.28+ this library is not part of libc package Signed-off-by: Khem Raj <raj.khem@gmail.com>
* hiawatha: Add missing dep on virtual/cryptKhem Raj2018-08-151-1/+1
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* sthttpd: Add dependency on virtual/cryptKhem Raj2018-08-151-1/+1
| | | | | | | This is required with glibc 2.28+ where crypt is no longer part of glibc Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: upgrade 2.4.33 -> 2.4.34Yi Zhao2018-07-272-4/+4
| | | | | | | | | | | | | Security fixes: CVE-2018-8011 mod_md: DoS via Coredumps on specially crafted requests CVE-2018-1333 mod_http2: DoS for HTTP/2 connections by specially crafted requests Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* hiawatha: use the correct CMAKE flag to disable TLSDerek Straka2018-07-121-1/+1
| | | | | Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: remove the 1.13 recipe in favor of the new dev branch of 1.5.xDerek Straka2018-07-122-10/+10
| | | | | Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: enable thread pools by defaultDerek Straka2018-07-121-0/+1
| | | | | | | The thread pool feature can be enabled without significant extra binary size. Thread pools can increase performance by an order of magnitude on some configurations Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: upgrade 2.4.29 -> 2.4.33Yi Zhao2018-07-0512-141/+117
| | | | | | | | | | | | | | * License-Update: Correctly identify origin of util_pcre.c/ap_regex.h as pcreposix[.ch] and correct LICENSE/NOTICE to match. * Refresh patches with devtool * Drop useless patch apache-ssl-ltmain-rpath.patch * Move all patches to one directory Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: Add PACKAGECONFIG zlib option for mod_deflateHaiqing Bai2018-06-291-0/+1
| | | | | | | | | The configure options '--enable-deflate' or '--with-z' make the package depends on zlib. PACKAGECONFIG should be defined to clear the dependency. Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2/sthttpd: add alternatives for docHongxu Jia2018-05-172-2/+9
| | | | | | | | | | | | | | | There is a failure to install both of sthttpd-doc and apache2-doc to rootfs. ... |Error: Transaction check error: | file /usr/share/man/man1/htpasswd.1 conflicts between attempted installs of sthttpd-doc-2.27.1 -r0.0.armv7ahf_neon and apache2-doc-2.4.27 -r0.0.armv7ahf_neon ... Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nginx: update latest development version to 1.13.12Derek Straka2018-05-172-10/+10
| | | | | Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nginx: update stable version to 1.14.0Derek Straka2018-05-172-6/+6
| | | | | | | License-Update: Update license file for latest copyright date Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nginx: refresh patchesArmin Kuster2018-04-131-26/+30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | WARNING: nginx-1.12.2-r0 do_patch: Some of the context lines in patches were ignored. This can lead to incorrectly applied patches. The context lines in the patches can be updated with devtool: devtool modify <recipe> devtool finish --force-patch-refresh <recipe> <layer_path> Then the updated patches and the source tree (in devtool's workspace) should be reviewed to make sure the patches apply in the correct place and don't introduce duplicate lines (which can, and does happen when some of the context is ignored). Further information: http://lists.openembedded.org/pipermail/openembedded-core/2018-March/148675.html https://bugzilla.yoctoproject.org/show_bug.cgi?id=10450 Details: Applying patch nginx-cross.patch patching file auto/feature patching file auto/options Hunk #1 succeeded at 386 (offset 33 lines). Hunk #2 succeeded at 580 (offset 35 lines). Hunk #3 succeeded at 599 (offset 22 lines). patching file auto/types/sizeof patching file auto/unix Hunk #1 succeeded at 587 (offset 194 lines). Hunk #2 succeeded at 604 with fuzz 1 (offset 188 lines). Hunk #3 succeeded at 620 with fuzz 2 (offset 188 lines). Now at patch nginx-cross.patch Signed-off-by: Armin Kuster <akuster808@gmail.com>
* apache2: refresh patchesArmin Kuster2018-04-133-28/+24
| | | | | | | | | | | | | | | | | | | | | | WARNING: apache2-2.4.29-r0 do_patch: Some of the context lines in patches were ignored. This can lead to incorrectly applied patches. The context lines in the patches can be updated with devtool: devtool modify <recipe> devtool finish --force-patch-refresh <recipe> <layer_path> Then the updated patches and the source tree (in devtool's workspace) should be reviewed to make sure the patches apply in the correct place and don't introduce duplicate lines (which can, and does happen when some of the context is ignored). Further information: http://lists.openembedded.org/pipermail/openembedded-core/2018-March/148675.html https://bugzilla.yoctoproject.org/show_bug.cgi?id=10450 Details: Applying patch apache-configure_perlbin.patch patching file configure.in Hunk #1 succeeded at 855 with fuzz 2 (offset 217 lines). Signed-off-by: Armin Kuster <akuster808@gmail.com>
* monkey: add a valid upstream check uri and regexDerek Straka2018-03-161-0/+3
| | | | | Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* hthttpd: add a valid upstream check uri and regexDerek Straka2018-03-161-0/+3
| | | | | Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nginx: update development version to 1.13.9Derek Straka2018-03-162-10/+10
| | | | | | | Update license checksum for copyright changes Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* recipes: use oe.utils.conditional instead of deprecated base_conditionalMartin Jansa2018-02-011-1/+1
| | | | Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* nginx: update dev version to 1.13.8Derek Straka2018-01-161-2/+2
| | | | | Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nginx: update to version 1.13.7Derek Straka2017-12-271-2/+2
| | | | | Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nginx: correctly set the endianness of the targetDerek Straka2017-12-112-1/+82
| | | | | | | | Add an inherit for siteinfo to get access to SITEINFO_ENDIANNESS Add a patch to have nginx actually use the user provided --with-endian Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* hiawatha: update to version 10.7Derek Straka2017-11-151-2/+2
| | | | | Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nginx: update development version to 1.13.6Derek Straka2017-11-151-2/+2
| | | | | Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nginx: update stable version to 1.12.2Derek Straka2017-11-152-6/+6
| | | | | Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* apache2: update to version 2.4.29Derek Straka2017-11-152-6/+6
| | | | | | | Updated license checksum due to whitespace modifications Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nginx: update development version to 1.13.5Derek Straka2017-09-221-2/+2
| | | | | Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* apache2: change files layout to debian styledengke.du@windriver.com2017-09-181-1/+9
| | | | | | | | | | The default layout installs log files and pid files into /var/apache2/logs. This is odd and also will cause security issues because selinux does not know how to label the security contexts for the files. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com> Signed-off-by: Dengke Du <dengke.du@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* apache2: use volatiles for sysvinitdengke.du@windriver.com2017-09-182-0/+7
| | | | | Signed-off-by: Dengke Du <dengke.du@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* Nginx: use PACKAGECONFIG variables in configureSzombathelyi György2017-09-181-1/+1
| | | | | Signed-off-by: Gyorgy Szombathelyi <gyurco@freemail.hu> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* sthttpd: update to 2.27.1Yi Zhao2017-08-281-3/+3
| | | | | | | | | | * Fix CVE-2017-10671: Heap-based buffer overflow in the de_dotdot function in libhttpd.c * Update SRC_URI because the original site can not access. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* apache2: update to version 2.4.27Derek Straka2017-08-132-4/+4
| | | | | Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* nginx: update development version to 1.13.3Derek Straka2017-08-131-2/+2
| | | | | Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* nginx: update stable version to 1.12.1Derek Straka2017-08-132-6/+6
| | | | | Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* cherokee: Upgrade to 1.2.104+gitKhem Raj2017-08-133-7/+66
| | | | | | | | Use git fetcher to use tip of tree, the tree does not get frequent fixes. Its not disruptive to use git fetcher Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* monkey: Link in libexecinfo on muslKhem Raj2017-07-242-0/+38
| | | | | | | Needed for backtrace() APIs Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* nginx: update to version 1.13.1Derek Straka2017-06-191-2/+2
| | | | | Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* nginx: depend on zlib instead of gzipPascal Bach2017-06-121-1/+1
| | | | | | | nginx requires zlib not gzip for compression. Signed-off-by: Pascal Bach <pascal.bach@siemens.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* nginx: update stable version to 1.12.0Derek Straka2017-06-052-6/+6
| | | | | Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* nginx: update development version to 1.13.0Derek Straka2017-06-052-10/+10
| | | | | Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* nginx: use consistent pid file location accross recipe and init scriptsPascal Bach2017-05-231-1/+1
| | | | | | | | The recipe and the systemd service file use /run/nginx/nginx.pid, while the sys v init script used /var/run/nginx/nginx.pid Signed-off-by: Pascal Bach <pascal.bach@siemens.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* nginx: make sure the user is correctly set for the volatile directoriesPascal Bach2017-03-312-1/+2
| | | | | Signed-off-by: Pascal Bach <pascal.bach@siemens.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* nginx: set sane defaults for temp directoriesPascal Bach2017-03-311-0/+5
| | | | | | | | | | Currently the build directiories en up in /usr/*_temp which is not what most users will expect. This changes the default location to /tmp/nginx/*_tmp. The location can still be overridden in the nginx.conf file. Signed-off-by: Pascal Bach <pascal.bach@siemens.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>