summaryrefslogtreecommitdiffstats
path: root/meta-webserver
Commit message (Collapse)AuthorAgeFilesLines
* apache2: upgrade 2.4.48 -> 2.4.49wangmy2021-09-241-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changes with Apache 2.4.49 *) SECURITY: CVE-2021-40438 (cve.mitre.org) mod_proxy: Server Side Request Forgery (SSRF) vulnerabilty [Yann Ylavic] *) SECURITY: CVE-2021-39275 (cve.mitre.org) core: ap_escape_quotes buffer overflow *) SECURITY: CVE-2021-36160 (cve.mitre.org) mod_proxy_uwsgi: Out of bound read vulnerability [Yann Ylavic] *) SECURITY: CVE-2021-34798 (cve.mitre.org) core: null pointer dereference on malformed request *) SECURITY: CVE-2021-33193 (cve.mitre.org) mod_http2: Request splitting vulnerability with mod_proxy [Stefan Eissing] *) core/mod_proxy/mod_ssl: Adding `outgoing` flag to conn_rec, indicating a connection is initiated by the server to somewhere, in contrast to incoming connections from clients. Adding 'ap_ssl_bind_outgoing()` function that marks a connection as outgoing and is used by mod_proxy instead of the previous optional function `ssl_engine_set`. This enables other SSL module to secure proxy connections. The optional functions `ssl_engine_set`, `ssl_engine_disable` and `ssl_proxy_enable` are now provided by the core to have backward compatibility with non-httpd modules that might use them. mod_ssl itself no longer registers these functions, but keeps them in its header for backward compatibility. The core provided optional function wrap any registered function like it was done for `ssl_is_ssl`. [Stefan Eissing] *) mod_ssl: Support logging private key material for use with wireshark via log file given by SSLKEYLOGFILE environment variable. Requires OpenSSL 1.1.1. PR 63391. [Joe Orton] *) mod_proxy: Do not canonicalize the proxied URL when both "nocanon" and "ProxyPassInterpolateEnv On" are configured. PR 65549. [Joel Self <joelself gmail.com>] *) mpm_event: Fix children processes possibly not stopped on graceful restart. PR 63169. [Joel Self <joelself gmail.com>] *) mod_proxy: Fix a potential infinite loop when tunneling Upgrade(d) protocols from mod_proxy_http, and a timeout triggering falsely when using mod_proxy_wstunnel, mod_proxy_connect or mod_proxy_http with upgrade= setting. PRs 65521 and 65519. [Yann Ylavic] *) mod_unique_id: Reduce the time window where duplicates may be generated PR 65159 [Christophe Jaillet] *) mpm_prefork: Block signals for child_init hooks to prevent potential threads created from there to catch MPM's signals. [Ruediger Pluem, Yann Ylavic] *) Revert "mod_unique_id: Fix potential duplicated ID generation under heavy load. PR 65159" added in 2.4.47. This causes issue on Windows. [Christophe Jaillet] *) mod_proxy_uwsgi: Fix PATH_INFO setting for generic worker. [Yann Ylavic] *) mod_md: Certificate/keys pairs are verified as matching before a renewal is accepted as successful or a staged renewal is replacing the existing certificates. This avoid potential mess ups in the md store file system to render the active certificates non-working. [@mkauf] *) mod_proxy: Faster unix socket path parsing in the "proxy:" URL. [Yann Ylavic] *) mod_ssl: tighten the handling of ALPN for outgoing (proxy) connections. If ALPN protocols are provided and sent to the remote server, the received protocol selected is inspected and checked for a match. Without match, the peer handshake fails. An exception is the proposal of "http/1.1" where it is accepted if the remote server did not answer ALPN with a selected protocol. This accomodates for hosts that do not observe/support ALPN and speak http/1.x be default. *) mod_proxy: Fix possible reuse/merging of Proxy(Pass)Match worker instances with others when their URLs contain a '$' substitution. PR 65419 + 65429. [Yann Ylavic] *) mod_dav: Add method_precondition hook. WebDAV extensions define conditions that must exist before a WebDAV method can be executed. This hook allows a WebDAV extension to verify these preconditions. [Graham Leggett] *) Add hooks deliver_report and gather_reports to mod_dav.h. Allows other modules apart from versioning implementations to handle the REPORT method. [Graham Leggett] *) Add dav_get_provider(), dav_open_lockdb(), dav_close_lockdb() and dav_get_resource() to mod_dav.h. [Graham Leggett] *) core: fix ap_escape_quotes substitution logic. [Eric Covener] *) Easy patches: synch 2.4.x and trunk - mod_auth_basic: Use ap_cstr_casecmp instead of strcasecmp. - mod_ldap: log and abort locking errors. - mod_ldap: style fix for r1831165 - mod_ldap: build break fix for r1831165 - mod_deflate: Avoid hard-coded "%ld" format strings in mod_deflate's logging statements - mod_deflate: Use apr_uint64_t instead of uint64_t (follow up to r1849590) - mod_forensic: Follow up to r1856490: missing one mod_log_forensic test_char_table case. - mod_rewrite: Save a few cycles. - mod_request: Fix a comment (missing '_' in 'keep_body') and some style issues - core: remove extra whitespace in HTTP_NOT_IMPLEMENTED [Christophe Jaillet] *) core/mpm: add hook 'child_stopping` that gets called when the MPM is stopping a child process. The additional `graceful` parameter allows registered hooks to free resources early during a graceful shutdown. [Yann Ylavic, Stefan Eissing] *) mod_proxy: Fix icomplete initialization of BalancerMember(s) from the balancer-manager, which can lead to a crash. [Yann Ylavic] *) mpm_event: Fix graceful stop/restart of children processes if connections are in lingering close for too long. [Yann Ylavic] *) mod_md: fixed a potential null pointer dereference if ACME/OCSP server returned 2xx responses without content type. Reported by chuangwen. [chuangwen, Stefan Eissing] *) mod_md: - Domain names in `<MDomain ...>` can now appear in quoted form. - Fixed a failure in ACME challenge selection that aborted further searches when the tls-alpn-01 method did not seem to be suitable. - Changed the tls-alpn-01 setup to only become unsuitable when none of the dns names showed support for a configured 'Protocols ... acme-tls/1'. This allows use of tls-alpn-01 for dns names that are not mapped to a VirtualHost. [Stefan Eissing] *) Add CPING to health check logic. [Jean-Frederic Clere] *) core: Split ap_create_request() from ap_read_request(). [Graham Leggett] *) core, h2: common ap_parse_request_line() and ap_check_request_header() code. [Yann Ylavic] *) core: Add StrictHostCheck to allow unconfigured hostnames to be rejected. [Eric Covener] *) htcacheclean: Improve help messages. [Christophe Jaillet] Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: Fix off_t size passed in configureNathan Rossi2021-08-311-1/+1
| | | | | | | | | | | For linux, nginx will always compile with '-D_FILE_OFFSET_BITS=64'. This means that off_t will always be 8 bytes long, even on 32-bit targets. This configuration change resolves some issues with nginx and handling range headers. Signed-off-by: Nathan Rossi <nathan@nathanrossi.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: fix CVE-2021-3618Joe Slater2021-08-202-0/+109
| | | | | | | | | | | Backport with no change a patch from version 1.21.0. This patch was not cherry-picked by nginx to version 1.20.1. Information about this CVE comes from https://ubuntu.com/security/CVE-2021-3618. Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* emacs,libgpiod,cockpit: Fix override syntax in using FILES_${PN}Khem Raj2021-08-061-1/+1
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* layer.conf: Update to honisterMartin Jansa2021-08-031-1/+1
| | | | | | | This marks the layers as compatible with honister now they use the new override syntax. Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* Convert to new override syntaxMartin Jansa2021-08-0313-120/+120
| | | | | | | | | | This is the result of automated script (0.9.1) conversion: oe-core/scripts/contrib/convert-overrides.py . converting the metadata to use ":" as the override character instead of "_". Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* apache2: upgrade 2.4.46 -> 2.4.48Changqing Li2021-08-031-2/+2
| | | | | Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: upgrade 1.19.6 -> 1.21.1Salman Ahmed2021-07-302-10/+10
| | | | | Signed-off-by: Salman Ahmed <salman.ahmed@weidmueller.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: upgrade 1.18.0 -> 1.20.1Salman Ahmed2021-07-302-6/+7
| | | | | Signed-off-by: Salman Ahmed <salman.ahmed@weidmueller.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* hiawatha: fix url.Armin Kuster2021-07-271-1/+1
| | | | | | | files moved under a new dir structure. Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* packagegroup-meta-webserver: remove nostromo from pkg grpArmin Kuster2021-04-291-1/+0
| | | | | Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nostromo: remove recipeArmin Kuster2021-04-296-301/+0
| | | | | | | | Hosting site seems to be dead so remove recipe. http://www.nazgul.ch Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: Deal with -ffile-prefix-mapKhem Raj2021-04-291-2/+2
| | | | | | | Filter out -ffile-prefix-map as well along with other -f*-prefix-map options Signed-off-by: Khem Raj <raj.khem@gmail.com>
* hiawatha: upgrade 10.11 -> 10.12zhengruoqin2021-04-271-2/+2
| | | | | Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* layers: Drop gatesgarth from LAYERSERIES_COMPATKhem Raj2021-03-191-1/+1
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* phpmyadmin: upgrade 5.0.4 -> 5.1.0zhengruoqin2021-03-081-3/+3
| | | | | | | | | | The following changes have taken place in copyright: -Copyright 2013 jQuery Foundation and other contributors -http://jquery.com/ +Copyright JS Foundation and other contributors, https://js.foundation/ Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* phpmyadmin: 5.0.2 -> 5.0.4Yi Zhao2021-01-051-2/+2
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: upgrade 1.17.8 -> 1.19.6changqing.li@windriver.com2020-12-302-10/+10
| | | | | Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: upgrade 1.16.1 -> 1.18.0changqing.li@windriver.com2020-12-302-6/+6
| | | | | Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* fcgiwrap: add recipeSenthil Selvaganesan2020-12-033-0/+338
| | | | | | | | | | fcgiwrap is a simple server for running CGI applications over FastCGI. It hopes to provide clean CGI support to Nginx and other web servers that may need it. Homepage: https://github.com/gnosek/fcgiwrap. Signed-off-by: Senthil Selvaganesan <SenthilKumaran.Selvaganesan@garmin.com> Signed-off-by: Joshua Watt <Joshua.Watt@garmin.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* layer.conf: Add hardknott to LAYERSERIES_COMPATKhem Raj2020-11-041-1/+1
| | | | | | Thats codename for 3.3 Signed-off-by: Khem Raj <raj.khem@gmail.com>
* meta-openembedded: Add gatesgarth to LAYERSERIES_COMPATKhem Raj2020-10-151-1/+1
| | | | | | Remove older releases from COMPAT Signed-off-by: Khem Raj <raj.khem@gmail.com>
* monkey: Correct the install path in init servicesKhem Raj2020-08-312-2/+2
| | | | | | Its not in bindir but in sbindir Signed-off-by: Khem Raj <raj.khem@gmail.com>
* monkey: Remove /var/runKhem Raj2020-08-311-0/+1
| | | | | | | This is empty and its a runtime directory which is created by base-files already Signed-off-by: Khem Raj <raj.khem@gmail.com>
* packagegroup-meta-webserver: Update to include new recipesKhem Raj2020-08-311-9/+20
| | | | | | Re-organise to have one entry per line Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: upgrade v2.4.43 -> v2.4.46Sakib Sajal2020-08-261-2/+2
| | | | | | | | | | Minor upgrade inluding bug and CVE fixes, namely: - CVE-2020-9490 - CVE-2020-11984 - CVE-2020-11993 Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* monkey: Upgrade to 1.6.9Khem Raj2020-08-131-33/+34
| | | | | | | Switch to using cmake Use CMake option to select musl support Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nostromo: upgrade 1.9.7 -> 1.9.9Zang Ruochen2020-07-281-2/+2
| | | | | Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* hiawatha: upgrade 10.10 -> 10.11Zang Ruochen2020-07-281-2/+2
| | | | | Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache-websocket: upgrade 0.1.1 -> 0.1.2Zang Ruochen2020-07-281-2/+2
| | | | | Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* netdata: upgrade 1.17.0 -> 1.22.1Andreas Müller2020-06-193-77/+4
| | | | | | | | * 0001-Correct-timeout-issue.patch: timeout is build by coreutils * 0002-Makefiles-does-not-build-contrib-dir.patch: Upstream added identical Signed-off-by: Andreas Müller <schnitzeltony@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* spawn-fcgi: fix typo in SUMMARYKonrad Weihmann2020-05-311-1/+1
| | | | | Signed-off-by: Konrad Weihmann <kweihmann@outlook.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* cockpit: 219 -> 220Michael Haener2020-05-301-2/+7
| | | | | Signed-off-by: Michael Haener <michael.haener@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: create log/run directory via pkg_postinstYi Zhao2020-05-215-9/+23
| | | | | | | | | The commit e789c3837ca8d65abb4bac29dc2e5c595c8ce05b tries to create log/run directory in initscript/systemd unit file. This is not a correct method. We should create them in pkg_postinst. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* cockpit: rt-deps for storagedMichael Haener2020-05-211-1/+8
| | | | | | | No general depdependency on udisks2 (polkit) Signed-off-by: Michael Haener <michael.haener@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* cockpit: upgrade 218 -> 219Michael Haener2020-05-142-33/+2
| | | | | Signed-off-by: Michael Haener <michael.haener@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: fix service start failChangqing Li2020-05-145-13/+9
| | | | | | | | | | | | | | | | | | | | reproduce steps: 1. boot up target 2. scp apache2-2.4.41-r0.1.aarch64.rpm on target 3. rpm -i apache2-2.4.41-r0.1.aarch64.rpm 4. systemctl status apache2 Error: httpd[7767]: (2)No such file or directory: AH02291: Cannot access directory '/var/log/apache2/' for main error log with the old way, /var/log/apache2/ is created by service systemd-tmpfiles-setup during boot, so only works when apache2 already installed before boot, in above scenario, /var/log/apache2/ will not created. fix by creating it in the service file. similar fix for sysV system Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Cockpit: Added missing dependency on udisks2 for package cockpit-storagedJorge Solla2020-05-111-0/+2
| | | | | | | Cockpit uses udisks2 in order to manage storage on the host, without it cockpit will just display an error when the storage tab is selected. Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: remove /var/log/nginx when do_installYi Zhao2020-05-061-1/+3
| | | | | | | | Remove directory /var/log/nginx when do_install because it is created by volatiles file. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* cockpit: fix metainfo.xml file ownershipEmmanuel Roullit2020-05-042-3/+31
| | | | | | | | | The 'tar -cf - | tar -xf' combo applies an invalid ownership. This is corrected by patching the install target to use the --no-same-owner tar parameter. Signed-off-by: Emmanuel Roullit <emmanuel.roullit@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* cockpit: Add recipe version 218Michael Haener2020-05-044-0/+310
| | | | | | | | Cockpit is a server manager that makes it easy to administer your GNU/Linux servers via a web browser. Signed-off-by: Michael Haener <michael.haener@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* xdebug: upgrade 2.7.2 -> 2.9.5Changqing Li2020-04-271-2/+2
| | | | | Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: add patch ensuring destdir is empty stringTrevor Gamblin2020-04-172-0/+50
| | | | | | | | | | | | | | | | | | | | | apache2 added cross-compilation support after 2.4.41, but this conflicts with our own cross-compilation setup and causes related recipes like apache-websocket to fail to find config files (due to incorrect file paths) during build: | cannot open /ala-lpggp31/tgamblin/yocto/poky.git/build/tmp/work/core2-64-poky-linux/apache-websocket/0.1.1+gitAUTOINC+6968083264-r0/recipe-sysroot/ala-lpggp31/tgamblin/yocto/poky.git/build/tmp/work/core2-64-poky-linux/apache-websocket/0.1.1+gitAUTOINC+6968083264-r0/recipe-sysroot//usr/share/apache2/build/config_vars.mk: No such file or directory at /ala-lpggp31/tgamblin/yocto/poky.git/build/tmp/work/core2-64-poky-linux/apache-websocket/0.1.1+gitAUTOINC+6968083264-r0/recipe-sysroot/usr/bin/crossscripts/apxs line 213. Add this patch to ensure that the $destdir variable used in apache2's cross-compilation scheme is always the empty string so that apache-websocket can find the right files. Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: upgrade 2.4.41 -> 2.4.43Trevor Gamblin2020-04-171-3/+3
| | | | | | | | | | | | | | | | | LICENSE file was updated due to a typo fix. Note that this upgrade fixes two CVES affecting versions 2.4.41 and earlier: CVE: CVE-2020-1927 CVE: CVE-2020-1934 See: https://nvd.nist.gov/vuln/detail/CVE-2020-1927 https://nvd.nist.gov/vuln/detail/CVE-2020-1934 Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* phpmyadmin: upgrade 4.9.2 -> 5.0.2Wang Mingyu2020-04-011-2/+2
| | | | | Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nostromo: upgrade 1.9.6 -> 1.9.7Wang Mingyu2020-04-011-2/+2
| | | | | Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* layers: update LAYERSERIES_COMPAT to dunfellKhem Raj2020-03-201-1/+1
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: fix error during service startupChangqing Li2020-02-262-0/+100
| | | | | | | | | fix below error: nginx.service: failed to parse pid from file /run/nginx/nginx.pid: invalid argument Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: update to the latest development version (1.17.8)Derek Straka2020-02-092-6/+10
| | | | | | | See Changelog: https://nginx.org/en/CHANGES Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: update to the latest stable version (1.16.1)Derek Straka2020-02-092-10/+6
| | | | | | | | See changlog here: https://nginx.org/en/CHANGES-1.16 * Fixes CVE-2019-9511, CVE-2019-9513, CVE-2019-9516 Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Khem Raj <raj.khem@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-08-04 01:13:50 +0000