--- a/components/lighttpd/Makefile Mon Oct 24 05:56:54 2016 -0700
+++ b/components/lighttpd/Makefile Wed Oct 12 06:26:22 2016 -0700
@@ -20,24 +20,24 @@
#
#
-# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2016, Oracle and/or its affiliates. All rights reserved.
#
include ../../make-rules/shared-macros.mk
COMPONENT_NAME= lighttpd
-COMPONENT_VERSION= 1.4.35
+COMPONENT_VERSION= 1.4.41
COMPONENT_PROJECT_URL= http://www.lighttpd.net/
COMPONENT_SRC= $(COMPONENT_NAME)-$(COMPONENT_VERSION)
COMPONENT_ARCHIVE= $(COMPONENT_SRC).tar.gz
COMPONENT_ARCHIVE_HASH= \
- sha256:62c23de053fd82e1bf64f204cb6c6e44ba3c16c01ff1e09da680d982802ef1cc
+ sha256:8a5749e218237fafc3119dd8a4fcf510ea728728b3fcf1193fcad7209be4b6d7
COMPONENT_ARCHIVE_URL= $(COMPONENT_PROJECT_URL)download/$(COMPONENT_ARCHIVE)
COMPONENT_BUGDB= utility/lighttpd
-TPNO= 17006
+TPNO= 31753
-LIGHTTPD_INSTALLDIR=/usr/lighttpd/1.4
+LIGHTTPD_INSTALLDIR=$(USRDIR)/lighttpd/1.4
include $(WS_MAKE_RULES)/prep.mk
include $(WS_MAKE_RULES)/configure.mk
@@ -45,14 +45,11 @@
PATCH_LEVEL=0
-# We need to run autogen because we patch configure.ac file
-COMPONENT_PREP_ACTION = ( cd $(@D) ; $(CONFIG_SHELL) autogen.sh )
-
# lighttpd is logging using __FILE__ macro. Cloning will make this happen
# using just source file names (without full absolute paths).
COMPONENT_PRE_CONFIGURE_ACTION = ($(CLONEY) $(SOURCE_DIR) $(@D))
-CONFIGURE_PREFIX= /usr/lighttpd/1.4
+CONFIGURE_PREFIX= $(LIGHTTPD_INSTALLDIR)
CONFIGURE_MANDIR= $(CONFIGURE_PREFIX)/man
CONFIGURE_OPTIONS += --with-pic
--- a/components/lighttpd/lighttpd.license Mon Oct 24 05:56:54 2016 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,29 +0,0 @@
-Copyright (c) 2004, Jan Kneschke, incremental
- All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
-
-- Redistributions of source code must retain the above copyright notice, this
- list of conditions and the following disclaimer.
-
-- Redistributions in binary form must reproduce the above copyright notice,
- this list of conditions and the following disclaimer in the documentation
- and/or other materials provided with the distribution.
-
-- Neither the name of the 'incremental' nor the names of its contributors may
- be used to endorse or promote products derived from this software without
- specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
-LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
-THE POSSIBILITY OF SUCH DAMAGE.
-
--- a/components/lighttpd/lighttpd.p5m Mon Oct 24 05:56:54 2016 -0700
+++ b/components/lighttpd/lighttpd.p5m Wed Oct 12 06:26:22 2016 -0700
@@ -18,7 +18,7 @@
#
# CDDL HEADER END
#
-# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2016, Oracle and/or its affiliates. All rights reserved.
#
<transform file path=usr.*/man/.+ -> default mangler.man.stability uncommitted>
@@ -33,10 +33,6 @@
set name=info.upstream-url value=$(COMPONENT_PROJECT_URL)
set name=org.opensolaris.arc-caseid value=LSARC/2008/191
set name=org.opensolaris.consolidation value=$(CONSOLIDATION)
-dir path=etc
-dir path=etc/lighttpd
-dir path=etc/lighttpd/1.4
-dir path=etc/lighttpd/1.4/conf.d
file doc/config/conf.d/access_log.conf \
path=etc/lighttpd/1.4/conf.d/access_log.conf mode=0644 preserve=renamenew
file doc/config/conf.d/auth.conf path=etc/lighttpd/1.4/conf.d/auth.conf \
@@ -96,24 +92,11 @@
preserve=renamenew
file doc/config/modules.conf path=etc/lighttpd/1.4/modules.conf mode=0644 \
preserve=renamenew
-dir path=etc/security
-dir path=etc/security/auth_attr.d
file Solaris/auth_attr path=etc/security/auth_attr.d/lighttpd
-dir path=etc/security/prof_attr.d
file Solaris/prof_attr path=etc/security/prof_attr.d/lighttpd
-dir path=lib
-dir path=lib/svc
-dir path=lib/svc/manifest
-dir path=lib/svc/manifest/network
file Solaris/http-lighttpd14.xml \
path=lib/svc/manifest/network/http-lighttpd14.xml
-dir path=lib/svc/method
-dir path=usr
-dir path=usr/lighttpd
-dir path=usr/lighttpd/1.4
-dir path=usr/lighttpd/1.4/bin
link path=usr/lighttpd/1.4/bin/spawn-fcgi target=../../../bin/spawn-fcgi
-dir path=usr/lighttpd/1.4/lib
file path=usr/lighttpd/1.4/lib/mod_access.so
file path=usr/lighttpd/1.4/lib/mod_accesslog.so
file path=usr/lighttpd/1.4/lib/mod_alias.so
@@ -146,28 +129,18 @@
file path=usr/lighttpd/1.4/lib/mod_userdir.so
file path=usr/lighttpd/1.4/lib/mod_usertrack.so
file path=usr/lighttpd/1.4/lib/mod_webdav.so
-dir path=usr/lighttpd/1.4/man
-dir path=usr/lighttpd/1.4/man/man1
link path=usr/lighttpd/1.4/man/man1/spawn-fcgi.1 \
target=../../../../share/man/man1/spawn-fcgi.1
-dir path=usr/lighttpd/1.4/man/man8
file path=usr/lighttpd/1.4/man/man8/lighttpd.8
-dir path=usr/lighttpd/1.4/sbin
file path=usr/lighttpd/1.4/sbin/lighttpd
file path=usr/lighttpd/1.4/sbin/lighttpd-angel
-dir path=usr/share
-dir path=usr/share/man
-dir path=usr/share/man/man1m
file Solaris/lighttpd.1m.sunman path=usr/share/man/man1m/lighttpd.1m
-dir path=var
-dir path=var/lighttpd
-dir path=var/lighttpd/1.4
dir path=var/lighttpd/1.4/docroot
dir path=var/lighttpd/1.4/errors
dir path=var/lighttpd/1.4/logs owner=webservd group=webservd mode=700
dir path=var/lighttpd/1.4/sockets
dir path=var/lighttpd/1.4/vhosts
-license lighttpd.license license="Lighttpd license"
+license COPYING license="Lighttpd license"
depend type=require fmri=__TBD pkg.debug.depend.file=usr/bin/spawn-fcgi
depend type=require fmri=__TBD \
pkg.debug.depend.file=usr/share/man/man1/spawn-fcgi.1
--- a/components/lighttpd/patches/01-drop_privileges.patch Mon Oct 24 05:56:54 2016 -0700
+++ b/components/lighttpd/patches/01-drop_privileges.patch Wed Oct 12 06:26:22 2016 -0700
@@ -4,9 +4,9 @@
user, initial user needs elevated privileges. Those
privileges are unnecessary and should be dropped.
---- src/network.c 2013-08-30 04:07:05.000000000 -0700
-+++ src/network.c 2013-10-22 04:07:55.193853968 -0700
-@@ -21,6 +21,8 @@
+--- src/network.c
++++ src/network.c
+@@ -23,6 +23,8 @@
#include <stdlib.h>
#include <assert.h>
@@ -15,8 +15,8 @@
#ifdef USE_OPENSSL
# include <openssl/ssl.h>
# include <openssl/err.h>
-@@ -497,6 +499,8 @@
- size_t i;
+@@ -677,6 +679,8 @@
+ size_t i, j;
network_backend_t backend;
+ priv_set_t *tset;
@@ -24,7 +24,7 @@
#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
#ifndef OPENSSL_NO_ECDH
EC_KEY *ecdh;
-@@ -877,6 +881,16 @@
+@@ -1082,6 +1086,16 @@
}
}
--- a/components/lighttpd/patches/02-sslv3-disable.patch Mon Oct 24 05:56:54 2016 -0700
+++ b/components/lighttpd/patches/02-sslv3-disable.patch Wed Oct 12 06:26:22 2016 -0700
@@ -1,16 +1,16 @@
Patch origin: in-house
-Patch status: submitted to upstream
+Patch status: Not suitable for upstream.
-http://redmine.lighttpd.net/issues/2647
+Always disable SSLv3 and don't allow to enable it ever again.
---- src/configfile.c
-+++ src/configfile.c
-@@ -182,7 +182,7 @@
- s->ssl_honor_cipher_order = 1;
- s->ssl_empty_fragments = 0;
- s->ssl_use_sslv2 = 0;
-- s->ssl_use_sslv3 = 1;
-+ s->ssl_use_sslv3 = 0;
- s->use_ipv6 = 0;
- s->set_v6only = 1;
- s->defer_accept = 0;
+--- src/network.c
++++ src/network.c
+@@ -845,7 +845,7 @@
+ }
+ }
+
+- if (!s->ssl_use_sslv3) {
++ if (1) {
+ /* disable SSLv3 */
+ if ((SSL_OP_NO_SSLv3 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv3)) != SSL_OP_NO_SSLv3) {
+ log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
--- a/components/lighttpd/patches/03-lighttpd.conf.patch Mon Oct 24 05:56:54 2016 -0700
+++ b/components/lighttpd/patches/03-lighttpd.conf.patch Wed Oct 12 06:26:22 2016 -0700
@@ -67,16 +67,7 @@
##
## The basic network interface for all platforms at the syscalls read()
-@@ -188,7 +188,7 @@
- ## linux-sendfile - is recommended for small files.
- ## writev - is recommended for sending many large files
- ##
--server.network-backend = "linux-sendfile"
-+server.network-backend = "solaris-sendfilev"
-
- ##
- ## As lighttpd is a single-threaded server, its main resource limit is
-@@ -296,7 +296,7 @@
+@@ -325,7 +325,7 @@
## "index.htm", "default.htm" )
##
index-file.names += (
@@ -85,7 +76,7 @@
)
##
-@@ -345,7 +345,7 @@
+@@ -380,7 +380,7 @@
## Format: <errorfile-prefix><status-code>.html
## -> ..../status-404.html for 'File not found'
##
--- a/components/lighttpd/patches/04-manpage.patch Mon Oct 24 05:56:54 2016 -0700
+++ b/components/lighttpd/patches/04-manpage.patch Wed Oct 12 06:26:22 2016 -0700
@@ -2,9 +2,9 @@
Solaris specific: manpage update to reflect Solaris specific
configuration.
---- doc/lighttpd.8-orig Mon Mar 30 15:16:59 2009
-+++ doc/lighttpd.8 Mon Jun 20 08:03:16 2011
-@@ -47,10 +47,10 @@
+--- doc/lighttpd.8
++++ doc/lighttpd.8
+@@ -56,10 +56,10 @@
.
.SH FILES
.TP 8
--- a/components/lighttpd/patches/05-network-nodelay.patch Mon Oct 24 05:56:54 2016 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,17 +0,0 @@
-Developed in-house reflecting community issue.
-http://redmine.lighttpd.net/issues/1239
-Solaris-specific, currently ignored by community.
-
---- src/network.c 2013-11-05 09:41:41.841723296 -0800
-+++ src/network.c 2013-11-05 09:40:25.359053258 -0800
-@@ -251,6 +251,10 @@
- log_error_write(srv, __FILE__, __LINE__, "ss", "socketsockopt(SO_REUSEADDR) failed:", strerror(errno));
- goto error_free_socket;
- }
-+ if (setsockopt(srv_socket->fd, IPPROTO_TCP, TCP_NODELAY, &val, sizeof(val)) < 0) {
-+ log_error_write(srv, __FILE__, __LINE__, "ss", "socketsockopt(TCP_NODELAY) failed:", strerror(errno));
-+ goto error_free_socket;
-+ }
-
- switch(srv_socket->addr.plain.sa_family) {
- #ifdef HAVE_IPV6
--- a/components/lighttpd/patches/07-parfait-errors.patch Mon Oct 24 05:56:54 2016 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,100 +0,0 @@
-Developed in-house, fed to community.
-http://redmine.lighttpd.net/issues/2530
-
---- src/lempar.c 2012-08-31 07:11:20.000000000 -0700
-+++ src/lempar.c 2013-10-14 02:10:29.201323553 -0700
-@@ -486,6 +486,9 @@
- }else if( yyact == YYNSTATE + YYNRULE + 1 ){
- yy_accept(yypParser);
- }
-+ /* Parfait_ALLOW memory-leak - false positive for variable yygotominor - memory is properly freed in function yy_accept above */
-+ /* parfait needs two comments here to stop complaining and accept Parfait_ALLOW directive, I don't know why */
-+ return;
- }
-
- /*
---- src/mod_mysql_vhost.c 2010-08-17 02:04:38.000000000 -0700
-+++ src/mod_mysql_vhost.c 2013-10-14 03:48:47.184131818 -0700
-@@ -217,7 +217,10 @@
-
- if (config_insert_values_global(srv,
- ((data_config *)srv->config_context->data[i])->value,
-- cv)) return HANDLER_ERROR;
-+ cv)) {
-+ buffer_free(sel);
-+ return HANDLER_ERROR;
-+ }
-
- s->mysql_pre = buffer_init();
- s->mysql_post = buffer_init();
---- src/lemon.c 2012-08-31 07:11:20.000000000 -0700
-+++ src/lemon.c 2013-10-14 04:29:24.547185717 -0700
-@@ -453,13 +453,11 @@
- #define acttab_yylookahead(X,N) ((X)->aAction[N].lookahead)
-
- /* Free all memory associated with the given acttab */
--/*
- PRIVATE void acttab_free(acttab *p){
- free( p->aAction );
- free( p->aLookahead );
- free( p );
- }
--*/
-
- /* Allocate a new acttab structure */
- PRIVATE acttab *acttab_alloc(void){
-@@ -3582,6 +3580,7 @@
-
- fclose(in);
- fclose(out);
-+ acttab_free(pActtab);
- return;
- }
-
---- src/fdevent.c 2012-08-31 07:11:20.000000000 -0700
-+++ src/fdevent.c 2013-10-14 03:55:48.707756259 -0700
-@@ -77,6 +77,7 @@
-
- log_error_write(ev->srv, __FILE__, __LINE__, "S",
- "event-handler is unknown, try to set server.event-handler = \"poll\" or \"select\"");
-+ free(ev);
- return NULL;
- }
-
---- src/configfile.c 2012-11-07 06:50:29.000000000 -0800
-+++ src/configfile.c 2013-10-15 06:45:37.918474628 -0700
-@@ -1131,12 +1131,14 @@
- context_free(&context);
-
- if (0 != ret) {
-+ /* Parfait_ALLOW memory-leak - false positive dcwd variable - memory is properly freed on server close */
- return ret;
- }
-
- if (NULL != (dc = (data_config *)array_get_element(srv->config_context, "global"))) {
- srv->config = dc->value;
- } else {
-+ /* Parfait_ALLOW memory-leak - false positive dcwd variable - memory is properly freed on server close */
- return -1;
- }
-
-@@ -1146,6 +1148,7 @@
-
- if (modules->type != TYPE_ARRAY) {
- fprintf(stderr, "server.modules must be an array");
-+ /* Parfait_ALLOW memory-leak - false positive dcwd variable - memory is properly freed on server close */
- return -1;
- }
-
-@@ -1200,9 +1207,11 @@
-
-
- if (0 != config_insert(srv)) {
-+ /* Parfait_ALLOW memory-leak - false positive dcwd variable - memory is properly freed on server close */
- return -1;
- }
-
-+ /* Parfait_ALLOW memory-leak - false positive dcwd variable - memory is properly freed on server close */
- return 0;
- }
-
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/lighttpd/patches/Bug2752.patch Wed Oct 12 06:26:22 2016 -0700
@@ -0,0 +1,16 @@
+Patch origin: in-house
+Patch status: submitted upstream
+
+https://redmine.lighttpd.net/issues/2752
+
+--- src/Makefile.in
++++ src/Makefile.in
+@@ -585,7 +585,7 @@
+ test_buffer_DEPENDENCIES = $(am__DEPENDENCIES_1)
+ am_test_configfile_OBJECTS = test_configfile.$(OBJEXT) \
+ buffer.$(OBJEXT) array.$(OBJEXT) data_string.$(OBJEXT) \
+- keyvalue.$(OBJEXT) log.$(OBJEXT)
++ keyvalue.$(OBJEXT) log.$(OBJEXT) vector.$(OBJEXT)
+ test_configfile_OBJECTS = $(am_test_configfile_OBJECTS)
+ test_configfile_DEPENDENCIES = $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
--- a/components/lighttpd/patches/CVE-2015-3200.patch Mon Oct 24 05:56:54 2016 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,16 +0,0 @@
-Patch origin: in-house
-Patch status: submitted to upstream
-
-http://redmine.lighttpd.net/issues/2646
-
---- src/http_auth.c
-+++ src/http_auth.c
-@@ -857,7 +857,7 @@
-
- /* r2 == user:password */
- if (NULL == (pw = strchr(username->ptr, ':'))) {
-- log_error_write(srv, __FILE__, __LINE__, "sb", ": is missing in", username);
-+ log_error_write(srv, __FILE__, __LINE__, "s", ": is missing in decoded base64-string");
-
- buffer_free(username);
- return 0;
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/lighttpd/patches/studio.patch Wed Oct 12 06:26:22 2016 -0700
@@ -0,0 +1,31 @@
+Patch origin: in-house
+Patch status: not suitable for upstream
+
+Solaris Studio will report: non-constant initializer: op "?"
+gcc seems to be fine with it.
+
+The change which triggered this issue was change from:
+"struct {" to "static const struct {" .
+
+Compiler bug: 24681821
+
+--- src/configparser.y
++++ src/configparser.y
+@@ -470,6 +470,8 @@
+ char *comp_key;
+ size_t len;
+ } comps[] = {
++#undef CONST_STR_LEN
++#define CONST_STR_LEN(x) x, sizeof(x) - 1
+ { COMP_SERVER_SOCKET, CONST_STR_LEN("SERVER[\"socket\"]" ) },
+ { COMP_HTTP_URL, CONST_STR_LEN("HTTP[\"url\"]" ) },
+ { COMP_HTTP_HOST, CONST_STR_LEN("HTTP[\"host\"]" ) },
+@@ -484,6 +486,8 @@
+ { COMP_HTTP_QUERY_STRING, CONST_STR_LEN("HTTP[\"query-string\"]") },
+ { COMP_HTTP_REQUEST_METHOD, CONST_STR_LEN("HTTP[\"request-method\"]") },
+ { COMP_HTTP_SCHEME, CONST_STR_LEN("HTTP[\"scheme\"]" ) },
++#undef CONST_STR_LEN
++#define CONST_STR_LEN(x) x, (x) ? sizeof(x) - 1 : 0
+ { COMP_UNSET, NULL, 0 },
+ };
+ size_t i;