summaryrefslogtreecommitdiffstats
path: root/meta-webserver
Commit message (Collapse)AuthorAgeFilesLines
* apache2: upgrade 2.4.48 -> 2.4.49wangmy2021-09-261-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changes with Apache 2.4.49 *) SECURITY: CVE-2021-40438 (cve.mitre.org) mod_proxy: Server Side Request Forgery (SSRF) vulnerabilty [Yann Ylavic] *) SECURITY: CVE-2021-39275 (cve.mitre.org) core: ap_escape_quotes buffer overflow *) SECURITY: CVE-2021-36160 (cve.mitre.org) mod_proxy_uwsgi: Out of bound read vulnerability [Yann Ylavic] *) SECURITY: CVE-2021-34798 (cve.mitre.org) core: null pointer dereference on malformed request *) SECURITY: CVE-2021-33193 (cve.mitre.org) mod_http2: Request splitting vulnerability with mod_proxy [Stefan Eissing] *) core/mod_proxy/mod_ssl: Adding `outgoing` flag to conn_rec, indicating a connection is initiated by the server to somewhere, in contrast to incoming connections from clients. Adding 'ap_ssl_bind_outgoing()` function that marks a connection as outgoing and is used by mod_proxy instead of the previous optional function `ssl_engine_set`. This enables other SSL module to secure proxy connections. The optional functions `ssl_engine_set`, `ssl_engine_disable` and `ssl_proxy_enable` are now provided by the core to have backward compatibility with non-httpd modules that might use them. mod_ssl itself no longer registers these functions, but keeps them in its header for backward compatibility. The core provided optional function wrap any registered function like it was done for `ssl_is_ssl`. [Stefan Eissing] *) mod_ssl: Support logging private key material for use with wireshark via log file given by SSLKEYLOGFILE environment variable. Requires OpenSSL 1.1.1. PR 63391. [Joe Orton] *) mod_proxy: Do not canonicalize the proxied URL when both "nocanon" and "ProxyPassInterpolateEnv On" are configured. PR 65549. [Joel Self <joelself gmail.com>] *) mpm_event: Fix children processes possibly not stopped on graceful restart. PR 63169. [Joel Self <joelself gmail.com>] *) mod_proxy: Fix a potential infinite loop when tunneling Upgrade(d) protocols from mod_proxy_http, and a timeout triggering falsely when using mod_proxy_wstunnel, mod_proxy_connect or mod_proxy_http with upgrade= setting. PRs 65521 and 65519. [Yann Ylavic] *) mod_unique_id: Reduce the time window where duplicates may be generated PR 65159 [Christophe Jaillet] *) mpm_prefork: Block signals for child_init hooks to prevent potential threads created from there to catch MPM's signals. [Ruediger Pluem, Yann Ylavic] *) Revert "mod_unique_id: Fix potential duplicated ID generation under heavy load. PR 65159" added in 2.4.47. This causes issue on Windows. [Christophe Jaillet] *) mod_proxy_uwsgi: Fix PATH_INFO setting for generic worker. [Yann Ylavic] *) mod_md: Certificate/keys pairs are verified as matching before a renewal is accepted as successful or a staged renewal is replacing the existing certificates. This avoid potential mess ups in the md store file system to render the active certificates non-working. [@mkauf] *) mod_proxy: Faster unix socket path parsing in the "proxy:" URL. [Yann Ylavic] *) mod_ssl: tighten the handling of ALPN for outgoing (proxy) connections. If ALPN protocols are provided and sent to the remote server, the received protocol selected is inspected and checked for a match. Without match, the peer handshake fails. An exception is the proposal of "http/1.1" where it is accepted if the remote server did not answer ALPN with a selected protocol. This accomodates for hosts that do not observe/support ALPN and speak http/1.x be default. *) mod_proxy: Fix possible reuse/merging of Proxy(Pass)Match worker instances with others when their URLs contain a '$' substitution. PR 65419 + 65429. [Yann Ylavic] *) mod_dav: Add method_precondition hook. WebDAV extensions define conditions that must exist before a WebDAV method can be executed. This hook allows a WebDAV extension to verify these preconditions. [Graham Leggett] *) Add hooks deliver_report and gather_reports to mod_dav.h. Allows other modules apart from versioning implementations to handle the REPORT method. [Graham Leggett] *) Add dav_get_provider(), dav_open_lockdb(), dav_close_lockdb() and dav_get_resource() to mod_dav.h. [Graham Leggett] *) core: fix ap_escape_quotes substitution logic. [Eric Covener] *) Easy patches: synch 2.4.x and trunk - mod_auth_basic: Use ap_cstr_casecmp instead of strcasecmp. - mod_ldap: log and abort locking errors. - mod_ldap: style fix for r1831165 - mod_ldap: build break fix for r1831165 - mod_deflate: Avoid hard-coded "%ld" format strings in mod_deflate's logging statements - mod_deflate: Use apr_uint64_t instead of uint64_t (follow up to r1849590) - mod_forensic: Follow up to r1856490: missing one mod_log_forensic test_char_table case. - mod_rewrite: Save a few cycles. - mod_request: Fix a comment (missing '_' in 'keep_body') and some style issues - core: remove extra whitespace in HTTP_NOT_IMPLEMENTED [Christophe Jaillet] *) core/mpm: add hook 'child_stopping` that gets called when the MPM is stopping a child process. The additional `graceful` parameter allows registered hooks to free resources early during a graceful shutdown. [Yann Ylavic, Stefan Eissing] *) mod_proxy: Fix icomplete initialization of BalancerMember(s) from the balancer-manager, which can lead to a crash. [Yann Ylavic] *) mpm_event: Fix graceful stop/restart of children processes if connections are in lingering close for too long. [Yann Ylavic] *) mod_md: fixed a potential null pointer dereference if ACME/OCSP server returned 2xx responses without content type. Reported by chuangwen. [chuangwen, Stefan Eissing] *) mod_md: - Domain names in `<MDomain ...>` can now appear in quoted form. - Fixed a failure in ACME challenge selection that aborted further searches when the tls-alpn-01 method did not seem to be suitable. - Changed the tls-alpn-01 setup to only become unsuitable when none of the dns names showed support for a configured 'Protocols ... acme-tls/1'. This allows use of tls-alpn-01 for dns names that are not mapped to a VirtualHost. [Stefan Eissing] *) Add CPING to health check logic. [Jean-Frederic Clere] *) core: Split ap_create_request() from ap_read_request(). [Graham Leggett] *) core, h2: common ap_parse_request_line() and ap_check_request_header() code. [Yann Ylavic] *) core: Add StrictHostCheck to allow unconfigured hostnames to be rejected. [Eric Covener] *) htcacheclean: Improve help messages. [Christophe Jaillet] Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 54a96fa4feb1a7712f9f3d1190c0d95d89eb6c7c) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nginx: fix CVE-2021-3618Joe Slater2021-09-022-0/+109
| | | | | | | Apply patch made to version 1.20.1 to version 1.18.0. Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* apache2: upgrade 2.4.46 -> 2.4.48Changqing Li2021-09-026-241/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Source: https://git.openembedded.org/meta-openembedded https://git.openembedded.org/meta-openembedded MR: 112869, 112835, 105131, 112702, 112829 Type: Security Fix Disposition: Backport from https://git.openembedded.org/meta-openembedded/commit/meta-webserver/recipes-httpd/apache2?id=ba016d73b5233a43ec6e398b45445d13ddaad745 ChangeID: f3ac0bc1005c94a694573b823c8f3f7d4a15360c Description: Apache2 2.4.x is an LTS version with bug and CVE fixes. https://downloads.apache.org/httpd/CHANGES_2.4.48 Includes these CVE fixes: 2.4.48 CVE-2021-31618 2.4.47 CVE-2020-13938 CVE-2020-11985 CVE-2021-33193 CVE-2019-17567 Drop these patches included in update: CVE-2020-13950.patch CVE-2020-35452.patch CVE-2021-26690.patch CVE-2021-26691.patch CVE-2021-30641.patch Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit ba016d73b5233a43ec6e398b45445d13ddaad745) Signed-off-by: Armin Kuster <akuster@mvista.com>
* hiawatha: fix url.Armin Kuster2021-07-241-1/+1
| | | | | | files moved under a new dir structure. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* apache2: fix CVE-2020-13950 CVE-2020-35452 CVE-2021-26690 CVE-2021-26691 ↵Li Wang2021-07-106-0/+239
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CVE-2021-30641 CVE-2020-13950: Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service References: https://nvd.nist.gov/vuln/detail/CVE-2020-13950 Upstream patches: https://bugzilla.redhat.com/show_bug.cgi?id=1966738 https://github.com/apache/httpd/commit/8c162db8b65b2193e622b780e8c6516d4265f68b CVE-2020-35452: Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow References: https://nvd.nist.gov/vuln/detail/CVE-2020-35452 Upstream patches: https://security-tracker.debian.org/tracker/CVE-2020-35452 https://github.com/apache/httpd/commit/3b6431eb9c9dba603385f70a2131ab4a01bf0d3b CVE-2021-26690: Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service References: https://nvd.nist.gov/vuln/detail/CVE-2021-26690 Upstream patches: https://security-tracker.debian.org/tracker/CVE-2021-26690 https://github.com/apache/httpd/commit/67bd9bfe6c38831e14fe7122f1d84391472498f8 CVE-2021-26691: In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow References: https://nvd.nist.gov/vuln/detail/CVE-2021-26691 Upstream patches: https://bugzilla.redhat.com/show_bug.cgi?id=1966732 https://github.com/apache/httpd/commit/7e09dd714fc62c08c5b0319ed7b9702594faf49b CVE-2021-30641: Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF' References: https://nvd.nist.gov/vuln/detail/CVE-2021-30641 Upstream patches: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-30641 https://github.com/apache/httpd/commit/6141d5aa3f5cf8f1b89472e7fdb66578810d0ae3 Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nginx: fix CVE-2021-23017Changqing Li2021-07-102-0/+47
| | | | | Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-meta-webserver: remove nostromo from pkg grpArmin Kuster2021-04-291-1/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nostromo: Blacklist and exclude from world buildsArmin Kuster2021-04-291-0/+3
| | | | | | Host site is dead. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* README: updated Maintainers list for Hardknottakuster2021-03-311-4/+4
| | | | | Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* layers: Drop gatesgarth from LAYERSERIES_COMPATKhem Raj2021-03-191-1/+1
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* phpmyadmin: upgrade 5.0.4 -> 5.1.0zhengruoqin2021-03-081-3/+3
| | | | | | | | | | The following changes have taken place in copyright: -Copyright 2013 jQuery Foundation and other contributors -http://jquery.com/ +Copyright JS Foundation and other contributors, https://js.foundation/ Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* phpmyadmin: 5.0.2 -> 5.0.4Yi Zhao2021-01-051-2/+2
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: upgrade 1.17.8 -> 1.19.6changqing.li@windriver.com2020-12-302-10/+10
| | | | | Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: upgrade 1.16.1 -> 1.18.0changqing.li@windriver.com2020-12-302-6/+6
| | | | | Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* fcgiwrap: add recipeSenthil Selvaganesan2020-12-033-0/+338
| | | | | | | | | | fcgiwrap is a simple server for running CGI applications over FastCGI. It hopes to provide clean CGI support to Nginx and other web servers that may need it. Homepage: https://github.com/gnosek/fcgiwrap. Signed-off-by: Senthil Selvaganesan <SenthilKumaran.Selvaganesan@garmin.com> Signed-off-by: Joshua Watt <Joshua.Watt@garmin.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* layer.conf: Add hardknott to LAYERSERIES_COMPATKhem Raj2020-11-041-1/+1
| | | | | | Thats codename for 3.3 Signed-off-by: Khem Raj <raj.khem@gmail.com>
* meta-openembedded: Add gatesgarth to LAYERSERIES_COMPATKhem Raj2020-10-151-1/+1
| | | | | | Remove older releases from COMPAT Signed-off-by: Khem Raj <raj.khem@gmail.com>
* monkey: Correct the install path in init servicesKhem Raj2020-08-312-2/+2
| | | | | | Its not in bindir but in sbindir Signed-off-by: Khem Raj <raj.khem@gmail.com>
* monkey: Remove /var/runKhem Raj2020-08-311-0/+1
| | | | | | | This is empty and its a runtime directory which is created by base-files already Signed-off-by: Khem Raj <raj.khem@gmail.com>
* packagegroup-meta-webserver: Update to include new recipesKhem Raj2020-08-311-9/+20
| | | | | | Re-organise to have one entry per line Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: upgrade v2.4.43 -> v2.4.46Sakib Sajal2020-08-261-2/+2
| | | | | | | | | | Minor upgrade inluding bug and CVE fixes, namely: - CVE-2020-9490 - CVE-2020-11984 - CVE-2020-11993 Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* monkey: Upgrade to 1.6.9Khem Raj2020-08-131-33/+34
| | | | | | | Switch to using cmake Use CMake option to select musl support Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nostromo: upgrade 1.9.7 -> 1.9.9Zang Ruochen2020-07-281-2/+2
| | | | | Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* hiawatha: upgrade 10.10 -> 10.11Zang Ruochen2020-07-281-2/+2
| | | | | Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache-websocket: upgrade 0.1.1 -> 0.1.2Zang Ruochen2020-07-281-2/+2
| | | | | Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* netdata: upgrade 1.17.0 -> 1.22.1Andreas Müller2020-06-193-77/+4
| | | | | | | | * 0001-Correct-timeout-issue.patch: timeout is build by coreutils * 0002-Makefiles-does-not-build-contrib-dir.patch: Upstream added identical Signed-off-by: Andreas Müller <schnitzeltony@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* spawn-fcgi: fix typo in SUMMARYKonrad Weihmann2020-05-311-1/+1
| | | | | Signed-off-by: Konrad Weihmann <kweihmann@outlook.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* cockpit: 219 -> 220Michael Haener2020-05-301-2/+7
| | | | | Signed-off-by: Michael Haener <michael.haener@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: create log/run directory via pkg_postinstYi Zhao2020-05-215-9/+23
| | | | | | | | | The commit e789c3837ca8d65abb4bac29dc2e5c595c8ce05b tries to create log/run directory in initscript/systemd unit file. This is not a correct method. We should create them in pkg_postinst. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* cockpit: rt-deps for storagedMichael Haener2020-05-211-1/+8
| | | | | | | No general depdependency on udisks2 (polkit) Signed-off-by: Michael Haener <michael.haener@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* cockpit: upgrade 218 -> 219Michael Haener2020-05-142-33/+2
| | | | | Signed-off-by: Michael Haener <michael.haener@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: fix service start failChangqing Li2020-05-145-13/+9
| | | | | | | | | | | | | | | | | | | | reproduce steps: 1. boot up target 2. scp apache2-2.4.41-r0.1.aarch64.rpm on target 3. rpm -i apache2-2.4.41-r0.1.aarch64.rpm 4. systemctl status apache2 Error: httpd[7767]: (2)No such file or directory: AH02291: Cannot access directory '/var/log/apache2/' for main error log with the old way, /var/log/apache2/ is created by service systemd-tmpfiles-setup during boot, so only works when apache2 already installed before boot, in above scenario, /var/log/apache2/ will not created. fix by creating it in the service file. similar fix for sysV system Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Cockpit: Added missing dependency on udisks2 for package cockpit-storagedJorge Solla2020-05-111-0/+2
| | | | | | | Cockpit uses udisks2 in order to manage storage on the host, without it cockpit will just display an error when the storage tab is selected. Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: remove /var/log/nginx when do_installYi Zhao2020-05-061-1/+3
| | | | | | | | Remove directory /var/log/nginx when do_install because it is created by volatiles file. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* cockpit: fix metainfo.xml file ownershipEmmanuel Roullit2020-05-042-3/+31
| | | | | | | | | The 'tar -cf - | tar -xf' combo applies an invalid ownership. This is corrected by patching the install target to use the --no-same-owner tar parameter. Signed-off-by: Emmanuel Roullit <emmanuel.roullit@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* cockpit: Add recipe version 218Michael Haener2020-05-044-0/+310
| | | | | | | | Cockpit is a server manager that makes it easy to administer your GNU/Linux servers via a web browser. Signed-off-by: Michael Haener <michael.haener@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* xdebug: upgrade 2.7.2 -> 2.9.5Changqing Li2020-04-271-2/+2
| | | | | Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: add patch ensuring destdir is empty stringTrevor Gamblin2020-04-172-0/+50
| | | | | | | | | | | | | | | | | | | | | apache2 added cross-compilation support after 2.4.41, but this conflicts with our own cross-compilation setup and causes related recipes like apache-websocket to fail to find config files (due to incorrect file paths) during build: | cannot open /ala-lpggp31/tgamblin/yocto/poky.git/build/tmp/work/core2-64-poky-linux/apache-websocket/0.1.1+gitAUTOINC+6968083264-r0/recipe-sysroot/ala-lpggp31/tgamblin/yocto/poky.git/build/tmp/work/core2-64-poky-linux/apache-websocket/0.1.1+gitAUTOINC+6968083264-r0/recipe-sysroot//usr/share/apache2/build/config_vars.mk: No such file or directory at /ala-lpggp31/tgamblin/yocto/poky.git/build/tmp/work/core2-64-poky-linux/apache-websocket/0.1.1+gitAUTOINC+6968083264-r0/recipe-sysroot/usr/bin/crossscripts/apxs line 213. Add this patch to ensure that the $destdir variable used in apache2's cross-compilation scheme is always the empty string so that apache-websocket can find the right files. Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: upgrade 2.4.41 -> 2.4.43Trevor Gamblin2020-04-171-3/+3
| | | | | | | | | | | | | | | | | LICENSE file was updated due to a typo fix. Note that this upgrade fixes two CVES affecting versions 2.4.41 and earlier: CVE: CVE-2020-1927 CVE: CVE-2020-1934 See: https://nvd.nist.gov/vuln/detail/CVE-2020-1927 https://nvd.nist.gov/vuln/detail/CVE-2020-1934 Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* phpmyadmin: upgrade 4.9.2 -> 5.0.2Wang Mingyu2020-04-011-2/+2
| | | | | Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nostromo: upgrade 1.9.6 -> 1.9.7Wang Mingyu2020-04-011-2/+2
| | | | | Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* layers: update LAYERSERIES_COMPAT to dunfellKhem Raj2020-03-201-1/+1
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: fix error during service startupChangqing Li2020-02-262-0/+100
| | | | | | | | | fix below error: nginx.service: failed to parse pid from file /run/nginx/nginx.pid: invalid argument Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: update to the latest development version (1.17.8)Derek Straka2020-02-092-6/+10
| | | | | | | See Changelog: https://nginx.org/en/CHANGES Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: update to the latest stable version (1.16.1)Derek Straka2020-02-092-10/+6
| | | | | | | | See changlog here: https://nginx.org/en/CHANGES-1.16 * Fixes CVE-2019-9511, CVE-2019-9513, CVE-2019-9516 Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* hiawatha: upgrade 10.7 -> 10.10Pierre-Jean Texier2020-02-031-2/+2
| | | | | | | See full changelog https://www.hiawatha-webserver.org/changelog Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* netdata: Add libatomic to link stepKhem Raj2020-01-281-0/+2
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* cherokee: Replace using BBPATH with BBFILE_COLLECTIONS for meta-python2 checkKhem Raj2020-01-222-2/+2
| | | | | | BBPATH check actually does not work Signed-off-by: Khem Raj <raj.khem@gmail.com>
* recipes: Turn inherit classes from meta-py2 to conditional constructsKhem Raj2020-01-221-1/+1
| | | | | | helps parsing without meta-py2 in mix Signed-off-by: Khem Raj <raj.khem@gmail.com>
* cherokee: Only build with meta-py2 is in layermixKhem Raj2020-01-222-2/+8
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>