author | Jiri Kukacka <jiri.kukacka@oracle.com> |
Thu, 09 Jan 2014 03:35:51 -0800 | |
branch | s11-update |
changeset 2925 | d64f6e80d9b1 |
parent 2924 | 894dcec4ac14 |
child 2928 | 43b3da52b84a |
--- a/components/lighttpd/Makefile Thu Jan 30 15:02:39 2014 -0800 +++ b/components/lighttpd/Makefile Thu Jan 09 03:35:51 2014 -0800 @@ -26,12 +26,12 @@ include ../../make-rules/shared-macros.mk COMPONENT_NAME= lighttpd -COMPONENT_VERSION= 1.4.23 +COMPONENT_VERSION= 1.4.33 COMPONENT_PROJECT_URL= http://www.lighttpd.net/ COMPONENT_SRC= $(COMPONENT_NAME)-$(COMPONENT_VERSION) COMPONENT_ARCHIVE= $(COMPONENT_SRC).tar.gz COMPONENT_ARCHIVE_HASH= \ - sha256:8555db22ed7d429160701555611d8cd5eff42fc7e6e3ad3b050279c9b2145469 + sha256:91f574d8bea8d9f75535e86cb2abc389beb8be24f003b71e6304b8c8ba1d3753 COMPONENT_ARCHIVE_URL= $(COMPONENT_PROJECT_URL)download/$(COMPONENT_ARCHIVE) COMPONENT_BUGDB= utility/lighttpd @@ -43,7 +43,7 @@ PATCH_LEVEL=0 -# libtool linking will fail unless we re-create configure. +# We need to run autogen because we patch configure.ac file COMPONENT_PREP_ACTION = ( cd $(@D) ; $(CONFIG_SHELL) autogen.sh ) # lighttpd is logging using __FILE__ macro. Cloning will make this happen
--- a/components/lighttpd/Solaris/http-lighttpd14 Thu Jan 30 15:02:39 2014 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,58 +0,0 @@ -#!/usr/bin/ksh93 -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License (the "License"). -# You may not use this file except in compliance with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# -# Copyright (c) 2008, 2011, Oracle and/or its affiliates. All rights reserved. -# - -source /lib/svc/share/smf_include.sh - -# constants -typeset -r lighttpd_version="1.4" -typeset -r lighttpd_home="/usr/lighttpd/${lighttpd_version}" -typeset -r lighttpd_bin="${lighttpd_home}/sbin/lighttpd" -typeset -r conf_file="/etc/lighttpd/${lighttpd_version}/lighttpd.conf" -typeset -r pidfile=`sed -n -e 's/"//g' -e 's/server\.pid-file *= *//p' ${conf_file}` - - -[[ ! -f "${conf_file}" ]] && exit $SMF_EXIT_ERR_CONFIG - -case "$1" in - start) - rm -f "${pidfile}" - exec ${lighttpd_bin} -f ${conf_file} 2>&1 - ;; - refresh) - print "Going to refresh" - if [[ -f "${pidfile}" ]]; then - kill -HUP "$( < "${pidfile}" )" - fi - ;; - stop) - if [[ -f ${pidfile} ]] ; then - kill "$( < "${pidfile}" )" - fi - ;; - *) - printf "Usage: %s {start|stop|refresh}\n" "$0" - exit 1 - ;; -esac
--- a/components/lighttpd/Solaris/http-lighttpd14.xml Thu Jan 30 15:02:39 2014 -0800 +++ b/components/lighttpd/Solaris/http-lighttpd14.xml Thu Jan 09 03:35:51 2014 -0800 @@ -22,7 +22,7 @@ <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1"> <!-- - Copyright (c) 2008, 2011, Oracle and/or its affiliates. All rights reserved. + Copyright (c) 2008, 2014, Oracle and/or its affiliates. All rights reserved. --> <service_bundle type='manifest' name='SUNWlighttpd14r:lighttpd'> @@ -76,15 +76,19 @@ <exec_method type='method' name='start' - exec='/lib/svc/method/http-lighttpd14 start' + exec='/usr/lighttpd/1.4/sbin/lighttpd -f /etc/lighttpd/1.4/lighttpd.conf' timeout_seconds='60'> - <method_context /> + <method_context> + <method_credential + user='webservd' group='webservd' + privileges='basic,net_privaddr'/> + </method_context> </exec_method> <exec_method type='method' name='stop' - exec='/lib/svc/method/http-lighttpd14 stop' + exec=':kill' timeout_seconds='60'> <method_context /> </exec_method> @@ -92,9 +96,13 @@ <exec_method type='method' name='refresh' - exec='/lib/svc/method/http-lighttpd14 refresh' + exec=':kill -HUP' timeout_seconds='60'> - <method_context /> + <method_context> + <method_credential + user='webservd' group='webservd' + privileges='basic,net_privaddr'/> + </method_context> </exec_method> <property_group name='httpd' type='application'>
--- a/components/lighttpd/lighttpd.p5m Thu Jan 30 15:02:39 2014 -0800 +++ b/components/lighttpd/lighttpd.p5m Thu Jan 09 03:35:51 2014 -0800 @@ -18,7 +18,7 @@ # # CDDL HEADER END # -# Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved. # <transform file path=usr.*/man/.+ -> default mangler.man.stability uncommitted> @@ -27,7 +27,7 @@ set name=pkg.summary \ value="The Lighttpd Web Server" set name=com.oracle.info.description value="the Lightppd web server" -set name=com.oracle.info.tpno value=5585 +set name=com.oracle.info.tpno value=15577 set name=info.classification \ value="org.opensolaris.category.2008:Web Services/Application and Web Servers" set name=info.upstream-url value=$(COMPONENT_PROJECT_URL) @@ -69,21 +69,70 @@ dir path=var/lighttpd/1.4 dir path=var/lighttpd/1.4/docroot dir path=var/lighttpd/1.4/errors -dir path=var/lighttpd/1.4/logs group=webservd owner=webservd +dir path=var/lighttpd/1.4/logs group=webservd owner=webservd mode=700 dir path=var/lighttpd/1.4/vhosts +dir path=var/lighttpd/1.4/sockets +file doc/config/conf.d/access_log.conf path=etc/lighttpd/1.4/conf.d/access_log.conf \ + mode=0644 preserve=renamenew +file doc/config/conf.d/compress.conf path=etc/lighttpd/1.4/conf.d/compress.conf \ + mode=0644 preserve=renamenew +file doc/config/conf.d/trigger_b4_dl.conf path=etc/lighttpd/1.4/conf.d/trigger_b4_dl.conf \ + mode=0644 preserve=renamenew +file doc/config/conf.d/webdav.conf path=etc/lighttpd/1.4/conf.d/webdav.conf \ + mode=0644 preserve=renamenew +file doc/config/conf.d/ssi.conf path=etc/lighttpd/1.4/conf.d/ssi.conf \ + mode=0644 preserve=renamenew +file doc/config/conf.d/cml.conf path=etc/lighttpd/1.4/conf.d/cml.conf \ + mode=0644 preserve=renamenew +file doc/config/conf.d/mime.conf path=etc/lighttpd/1.4/conf.d/mime.conf \ + mode=0644 preserve=renamenew +file doc/config/conf.d/auth.conf path=etc/lighttpd/1.4/conf.d/auth.conf \ + mode=0644 preserve=renamenew +file doc/config/conf.d/status.conf path=etc/lighttpd/1.4/conf.d/status.conf \ + mode=0644 preserve=renamenew +file doc/config/conf.d/simple_vhost.conf path=etc/lighttpd/1.4/conf.d/simple_vhost.conf \ + mode=0644 preserve=renamenew +file doc/config/conf.d/proxy.conf path=etc/lighttpd/1.4/conf.d/proxy.conf \ + mode=0644 preserve=renamenew +file doc/config/conf.d/rrdtool.conf path=etc/lighttpd/1.4/conf.d/rrdtool.conf \ + mode=0644 preserve=renamenew +file doc/config/conf.d/evhost.conf path=etc/lighttpd/1.4/conf.d/evhost.conf \ + mode=0644 preserve=renamenew +file doc/config/conf.d/magnet.conf path=etc/lighttpd/1.4/conf.d/magnet.conf \ + mode=0644 preserve=renamenew +file doc/config/conf.d/expire.conf path=etc/lighttpd/1.4/conf.d/expire.conf \ + mode=0644 preserve=renamenew +file doc/config/conf.d/debug.conf path=etc/lighttpd/1.4/conf.d/debug.conf \ + mode=0644 preserve=renamenew +file doc/config/conf.d/scgi.conf path=etc/lighttpd/1.4/conf.d/scgi.conf \ + mode=0644 preserve=renamenew +file doc/config/conf.d/mysql_vhost.conf path=etc/lighttpd/1.4/conf.d/mysql_vhost.conf \ + mode=0644 preserve=renamenew +file doc/config/conf.d/fastcgi.conf path=etc/lighttpd/1.4/conf.d/fastcgi.conf \ + mode=0644 preserve=renamenew +file doc/config/conf.d/userdir.conf path=etc/lighttpd/1.4/conf.d/userdir.conf \ + mode=0644 preserve=renamenew +file doc/config/conf.d/secdownload.conf path=etc/lighttpd/1.4/conf.d/secdownload.conf \ + mode=0644 preserve=renamenew +file doc/config/conf.d/dirlisting.conf path=etc/lighttpd/1.4/conf.d/dirlisting.conf \ + mode=0644 preserve=renamenew +file doc/config/conf.d/cgi.conf path=etc/lighttpd/1.4/conf.d/cgi.conf \ + mode=0644 preserve=renamenew + file Solaris/fcgi-php.conf path=etc/lighttpd/1.4/conf.d/fcgi-php.conf \ mode=0644 preserve=renamenew \ original_name=SUNWlighttpd14:etc/lighttpd/1.4/conf.d/fcgi-php.conf file Solaris/ssl.conf path=etc/lighttpd/1.4/conf.d/ssl.conf \ mode=0644 preserve=renamenew \ original_name=SUNWlighttpd14:etc/lighttpd/1.4/conf.d/ssl.conf -file doc/lighttpd.conf path=etc/lighttpd/1.4/lighttpd.conf \ +file doc/config/lighttpd.conf path=etc/lighttpd/1.4/lighttpd.conf \ mode=0644 preserve=renamenew \ original_name=SUNWlighttpd14:etc/lighttpd/1.4/lighttpd.conf +file doc/config/modules.conf path=etc/lighttpd/1.4/modules.conf \ + mode=0644 preserve=renamenew file Solaris/auth_attr path=etc/security/auth_attr.d/lighttpd file Solaris/prof_attr path=etc/security/prof_attr.d/lighttpd file Solaris/http-lighttpd14.xml path=lib/svc/manifest/network/http-lighttpd14.xml -file Solaris/http-lighttpd14 path=lib/svc/method/http-lighttpd14 file path=usr/lighttpd/1.4/lib/mod_access.so file path=usr/lighttpd/1.4/lib/mod_accesslog.so file path=usr/lighttpd/1.4/lib/mod_alias.so
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/lighttpd/patches/01-drop_privileges.patch Thu Jan 09 03:35:51 2014 -0800 @@ -0,0 +1,43 @@ +Developed in-house, fed back, awaiting accept. +http://redmine.lighttpd.net/issues/2532 +Solaris-specific: in order to start Lighttpd as non-root +user, initial user needs elevated privileges. Those +privileges are unnecessary and should be dropped. + +--- src/network.c 2013-08-30 04:07:05.000000000 -0700 ++++ src/network.c 2013-10-22 04:07:55.193853968 -0700 +@@ -21,6 +21,8 @@ + #include <stdlib.h> + #include <assert.h> + ++#include <priv.h> ++ + #ifdef USE_OPENSSL + # include <openssl/ssl.h> + # include <openssl/err.h> +@@ -497,6 +499,8 @@ + size_t i; + network_backend_t backend; + ++ priv_set_t *tset; ++ + #if OPENSSL_VERSION_NUMBER >= 0x0090800fL + #ifndef OPENSSL_NO_ECDH + EC_KEY *ecdh; +@@ -877,6 +881,16 @@ + } + } + ++ /* here we drop privileges we won't need any more */ ++ tset = priv_allocset(); ++ priv_emptyset(tset); ++ priv_addset(tset, PRIV_NET_PRIVADDR); ++ if (setppriv(PRIV_OFF, PRIV_PERMITTED, tset) != 0) { ++ perror("Unable to set privileges: "); ++ return -1; ++ } ++ ++ + return 0; + } +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/lighttpd/patches/02-automake-libtool-Solaris.patch Thu Jan 09 03:35:51 2014 -0800 @@ -0,0 +1,239 @@ +Developed in-house, fed back, accepted for ver 1.4.34 +http://redmine.lighttpd.net/issues/2533 +Due to differences between Linux and Solaris, we have to change +behavior of libtool, which uses -z defs even for shared libraries, +but this couldn't be used on Solaris. +There is -z text that could be used instead, but that would +require patching libtool files on build machine. So we skip + -z defs by omitting -no-undefined + +--- configure.ac 2013-11-04 03:03:07.543168957 -0800 ++++ configure.ac 2013-11-04 03:02:30.584721483 -0800 +@@ -45,6 +45,13 @@ + AC_ISC_POSIX + AC_MINIX + ++dnl Fix no-undefined if on solaris ++case $host_os in ++ *solaris* ) LIB_NO_UNDEFINED=no;; ++ * ) LIB_NO_UNDEFINED=yes;; ++esac ++AM_CONDITIONAL(LIB_NO_UNDEFINED, test x$LIB_NO_UNDEFINED = xyes) ++ + dnl AC_CANONICAL_HOST + case $host_os in + *darwin*|*cygwin*|*aix*|*mingw* ) NO_RDYNAMIC=yes;; +--- src/Makefile.am 2013-11-04 05:37:18.206746790 -0800 ++++ src/Makefile.am 2013-11-04 05:37:09.639723519 -0800 +@@ -96,173 +96,178 @@ + common_libadd = + endif + ++if LIB_NO_UNDEFINED ++LIB_NO_UNDEF="-no-undefined" ++else ++LIB_NO_UNDEF="" ++endif + lib_LTLIBRARIES += mod_flv_streaming.la + mod_flv_streaming_la_SOURCES = mod_flv_streaming.c +-mod_flv_streaming_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined ++mod_flv_streaming_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF) + mod_flv_streaming_la_LIBADD = $(common_libadd) + + lib_LTLIBRARIES += mod_evasive.la + mod_evasive_la_SOURCES = mod_evasive.c +-mod_evasive_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined ++mod_evasive_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF) + mod_evasive_la_LIBADD = $(common_libadd) + + lib_LTLIBRARIES += mod_webdav.la + mod_webdav_la_SOURCES = mod_webdav.c + mod_webdav_la_CFLAGS = $(AM_CFLAGS) $(XML_CFLAGS) $(SQLITE_CFLAGS) +-mod_webdav_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined ++mod_webdav_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF) + mod_webdav_la_LIBADD = $(common_libadd) $(XML_LIBS) $(SQLITE_LIBS) $(UUID_LIBS) + + lib_LTLIBRARIES += mod_magnet.la + mod_magnet_la_SOURCES = mod_magnet.c mod_magnet_cache.c + mod_magnet_la_CFLAGS = $(AM_CFLAGS) $(LUA_CFLAGS) +-mod_magnet_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined ++mod_magnet_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF) + mod_magnet_la_LIBADD = $(common_libadd) $(LUA_LIBS) -lm + + lib_LTLIBRARIES += mod_cml.la + mod_cml_la_SOURCES = mod_cml.c mod_cml_lua.c mod_cml_funcs.c + mod_cml_la_CFLAGS = $(AM_CFLAGS) $(LUA_CFLAGS) +-mod_cml_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined ++mod_cml_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF) + mod_cml_la_LIBADD = $(MEMCACHE_LIB) $(common_libadd) $(LUA_LIBS) -lm + + lib_LTLIBRARIES += mod_trigger_b4_dl.la + mod_trigger_b4_dl_la_SOURCES = mod_trigger_b4_dl.c +-mod_trigger_b4_dl_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined ++mod_trigger_b4_dl_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF) + mod_trigger_b4_dl_la_LIBADD = $(GDBM_LIB) $(MEMCACHE_LIB) $(PCRE_LIB) $(common_libadd) + + lib_LTLIBRARIES += mod_mysql_vhost.la + mod_mysql_vhost_la_SOURCES = mod_mysql_vhost.c +-mod_mysql_vhost_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined ++mod_mysql_vhost_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF) + mod_mysql_vhost_la_LIBADD = $(MYSQL_LIBS) $(common_libadd) + mod_mysql_vhost_la_CPPFLAGS = $(MYSQL_INCLUDE) + + lib_LTLIBRARIES += mod_cgi.la + mod_cgi_la_SOURCES = mod_cgi.c +-mod_cgi_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined ++mod_cgi_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF) + mod_cgi_la_LIBADD = $(common_libadd) + + lib_LTLIBRARIES += mod_scgi.la + mod_scgi_la_SOURCES = mod_scgi.c +-mod_scgi_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined ++mod_scgi_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF) + mod_scgi_la_LIBADD = $(common_libadd) + + lib_LTLIBRARIES += mod_staticfile.la + mod_staticfile_la_SOURCES = mod_staticfile.c +-mod_staticfile_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined ++mod_staticfile_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF) + mod_staticfile_la_LIBADD = $(common_libadd) + + lib_LTLIBRARIES += mod_dirlisting.la + mod_dirlisting_la_SOURCES = mod_dirlisting.c +-mod_dirlisting_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined ++mod_dirlisting_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF) + mod_dirlisting_la_LIBADD = $(common_libadd) $(PCRE_LIB) + + lib_LTLIBRARIES += mod_indexfile.la + mod_indexfile_la_SOURCES = mod_indexfile.c +-mod_indexfile_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined ++mod_indexfile_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF) + mod_indexfile_la_LIBADD = $(common_libadd) + + lib_LTLIBRARIES += mod_setenv.la + mod_setenv_la_SOURCES = mod_setenv.c +-mod_setenv_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined ++mod_setenv_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF) + mod_setenv_la_LIBADD = $(common_libadd) + + lib_LTLIBRARIES += mod_alias.la + mod_alias_la_SOURCES = mod_alias.c +-mod_alias_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined ++mod_alias_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF) + mod_alias_la_LIBADD = $(common_libadd) + + lib_LTLIBRARIES += mod_userdir.la + mod_userdir_la_SOURCES = mod_userdir.c +-mod_userdir_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined ++mod_userdir_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF) + mod_userdir_la_LIBADD = $(common_libadd) + + lib_LTLIBRARIES += mod_rrdtool.la + mod_rrdtool_la_SOURCES = mod_rrdtool.c +-mod_rrdtool_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined ++mod_rrdtool_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF) + mod_rrdtool_la_LIBADD = $(common_libadd) + + lib_LTLIBRARIES += mod_usertrack.la + mod_usertrack_la_SOURCES = mod_usertrack.c +-mod_usertrack_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined ++mod_usertrack_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF) + mod_usertrack_la_LIBADD = $(common_libadd) + + lib_LTLIBRARIES += mod_proxy.la + mod_proxy_la_SOURCES = mod_proxy.c +-mod_proxy_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined ++mod_proxy_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF) + mod_proxy_la_LIBADD = $(common_libadd) + + lib_LTLIBRARIES += mod_ssi.la + mod_ssi_la_SOURCES = mod_ssi_exprparser.c mod_ssi_expr.c mod_ssi.c +-mod_ssi_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined ++mod_ssi_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF) + mod_ssi_la_LIBADD = $(common_libadd) $(PCRE_LIB) + + lib_LTLIBRARIES += mod_secdownload.la + mod_secdownload_la_SOURCES = mod_secure_download.c +-mod_secdownload_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined ++mod_secdownload_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF) + mod_secdownload_la_LIBADD = $(common_libadd) + + #lib_LTLIBRARIES += mod_httptls.la + #mod_httptls_la_SOURCES = mod_httptls.c +-#mod_httptls_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined ++#mod_httptls_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF) + #mod_httptls_la_LIBADD = $(common_libadd) + + lib_LTLIBRARIES += mod_expire.la + mod_expire_la_SOURCES = mod_expire.c +-mod_expire_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined ++mod_expire_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF) + mod_expire_la_LIBADD = $(common_libadd) + + lib_LTLIBRARIES += mod_evhost.la + mod_evhost_la_SOURCES = mod_evhost.c +-mod_evhost_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined ++mod_evhost_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF) + mod_evhost_la_LIBADD = $(common_libadd) + + lib_LTLIBRARIES += mod_simple_vhost.la + mod_simple_vhost_la_SOURCES = mod_simple_vhost.c +-mod_simple_vhost_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined ++mod_simple_vhost_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF) + mod_simple_vhost_la_LIBADD = $(common_libadd) + + lib_LTLIBRARIES += mod_fastcgi.la + mod_fastcgi_la_SOURCES = mod_fastcgi.c +-mod_fastcgi_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined ++mod_fastcgi_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF) + mod_fastcgi_la_LIBADD = $(common_libadd) + + lib_LTLIBRARIES += mod_extforward.la + mod_extforward_la_SOURCES = mod_extforward.c +-mod_extforward_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined ++mod_extforward_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF) + mod_extforward_la_LIBADD = $(common_libadd) + + lib_LTLIBRARIES += mod_access.la + mod_access_la_SOURCES = mod_access.c +-mod_access_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined ++mod_access_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF) + mod_access_la_LIBADD = $(common_libadd) + + lib_LTLIBRARIES += mod_compress.la + mod_compress_la_SOURCES = mod_compress.c +-mod_compress_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined ++mod_compress_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF) + mod_compress_la_LIBADD = $(Z_LIB) $(BZ_LIB) $(common_libadd) + + lib_LTLIBRARIES += mod_auth.la + mod_auth_la_SOURCES = mod_auth.c http_auth.c +-mod_auth_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined ++mod_auth_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF) + mod_auth_la_LIBADD = $(CRYPT_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd) + + lib_LTLIBRARIES += mod_rewrite.la + mod_rewrite_la_SOURCES = mod_rewrite.c +-mod_rewrite_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined ++mod_rewrite_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF) + mod_rewrite_la_LIBADD = $(PCRE_LIB) $(common_libadd) + + lib_LTLIBRARIES += mod_redirect.la + mod_redirect_la_SOURCES = mod_redirect.c +-mod_redirect_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined ++mod_redirect_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF) + mod_redirect_la_LIBADD = $(PCRE_LIB) $(common_libadd) + + lib_LTLIBRARIES += mod_status.la + mod_status_la_SOURCES = mod_status.c +-mod_status_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined ++mod_status_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF) + mod_status_la_LIBADD = $(common_libadd) + + lib_LTLIBRARIES += mod_accesslog.la + mod_accesslog_la_SOURCES = mod_accesslog.c +-mod_accesslog_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined ++mod_accesslog_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF) + mod_accesslog_la_LIBADD = $(common_libadd) + +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/lighttpd/patches/03-lighttpd.conf.patch Thu Jan 09 03:35:51 2014 -0800 @@ -0,0 +1,109 @@ +Developed in-house, not fed back. +Solaris-specific: configuration file customization. + +--- doc/config/lighttpd.conf 2013-11-04 10:28:44.024176425 -0800 ++++ doc/config/lighttpd.conf 2013-11-04 10:28:16.072079454 -0800 +@@ -13,11 +13,11 @@ + ## if you add a variable here. Add the corresponding variable in the + ## chroot example aswell. + ## +-var.log_root = "/var/log/lighttpd" +-var.server_root = "/srv/www" +-var.state_dir = "/var/run" +-var.home_dir = "/var/lib/lighttpd" +-var.conf_dir = "/etc/lighttpd" ++var.log_root = "/var/lighttpd/1.4/logs" ++var.server_root = "/var/lighttpd/1.4" ++var.state_dir = log_root ++var.home_dir = server_root ++var.conf_dir = "/etc/lighttpd/1.4" + + ## + ## run the server chrooted. +@@ -58,7 +58,7 @@ + ## used in: + ## conf.d/compress.conf + ## +-var.cache_dir = "/var/cache/lighttpd" ++var.cache_dir = server_root + "/cache" + + ## + ## Base directory for sockets. +@@ -101,8 +101,8 @@ + ## Run as a different username/groupname. + ## This requires root permissions during startup. + ## +-server.username = "lighttpd" +-server.groupname = "lighttpd" ++server.username = "webservd" ++server.groupname = "webservd" + + ## + ## enable core files. +@@ -112,7 +112,7 @@ + ## + ## Document root + ## +-server.document-root = server_root + "/htdocs" ++server.document-root = server_root + "/docroot" + + ## + ## The value for the "Server:" response field. +@@ -124,7 +124,7 @@ + ## + ## store a pid file + ## +-server.pid-file = state_dir + "/lighttpd.pid" ++server.pid-file = log_root + "/run.pid" + + ## + ####################################################################### +@@ -178,7 +178,7 @@ + ## + ## linux-sysepoll is recommended on kernel 2.6. + ## +-server.event-handler = "linux-sysepoll" ++server.event-handler = "solaris-devpoll" + + ## + ## The basic network interface for all platforms at the syscalls read() +@@ -188,7 +188,7 @@ + ## linux-sendfile - is recommended for small files. + ## writev - is recommended for sending many large files + ## +-server.network-backend = "linux-sendfile" ++server.network-backend = "solaris-sendfilev" + + ## + ## As lighttpd is a single-threaded server, its main resource limit is +@@ -296,7 +296,7 @@ + ## "index.htm", "default.htm" ) + ## + index-file.names += ( +- "index.xhtml", "index.html", "index.htm", "default.htm", "index.php" ++ "index.php", "index.html", "index.htm", "default.htm", "index.xhtml" + ) + + ## +@@ -345,7 +345,7 @@ + ## Format: <errorfile-prefix><status-code>.html + ## -> ..../status-404.html for 'File not found' + ## +-#server.errorfile-prefix = "/srv/www/htdocs/errors/status-" ++#server.errorfile-prefix = "/var/lighttpd/1.4/errors/status-" + + ## + ## mimetype mapping +--- doc/config/conf.d/fastcgi.conf 2013-10-07 07:21:24.418114603 -0700 ++++ doc/config/conf.d/fastcgi.conf 2013-10-07 07:24:01.824986033 -0700 +@@ -22,8 +22,8 @@ + #fastcgi.server = ( ".php" => + # ( "php-local" => + # ( +-# "socket" => socket_dir + "/php-fastcgi-1.socket", +-# "bin-path" => server_root + "/cgi-bin/php5", ++# "socket" => socket_dir + "/php-fastcgi.socket", ++# "bin-path" => "/usr/php/bin/php-cgi", + # "max-procs" => 1, + # "broken-scriptfilename" => "enable", + # )
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/lighttpd/patches/04-manpage.patch Thu Jan 09 03:35:51 2014 -0800 @@ -0,0 +1,19 @@ +Developed in-house, not fed back. +Solaris specific: manpage update to reflect Solaris specific +configuration. + +--- doc/lighttpd.8-orig Mon Mar 30 15:16:59 2009 ++++ doc/lighttpd.8 Mon Jun 20 08:03:16 2011 +@@ -47,10 +47,10 @@ + . + .SH FILES + .TP 8 +-/etc/lighttpd/lighttpd.conf ++/etc/lighttpd/1.4/lighttpd.conf + The standard location for the configuration file. + .TP 8 +-/var/run/lighttpd.pid ++/var/lighttpd/1.4/logs/run.pid + The standard location for the PID of the running \fBlighttpd\fP process. + . + .SH SEE ALSO
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/lighttpd/patches/05-network-nodelay.patch Thu Jan 09 03:35:51 2014 -0800 @@ -0,0 +1,17 @@ +Developed in-house reflecting community issue. +http://redmine.lighttpd.net/issues/1239 +Solaris-specific, currently ignored by community. + +--- src/network.c 2013-11-05 09:41:41.841723296 -0800 ++++ src/network.c 2013-11-05 09:40:25.359053258 -0800 +@@ -251,6 +251,10 @@ + log_error_write(srv, __FILE__, __LINE__, "ss", "socketsockopt(SO_REUSEADDR) failed:", strerror(errno)); + goto error_free_socket; + } ++ if (setsockopt(srv_socket->fd, IPPROTO_TCP, TCP_NODELAY, &val, sizeof(val)) < 0) { ++ log_error_write(srv, __FILE__, __LINE__, "ss", "socketsockopt(TCP_NODELAY) failed:", strerror(errno)); ++ goto error_free_socket; ++ } + + switch(srv_socket->addr.plain.sa_family) { + #ifdef HAVE_IPV6
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/lighttpd/patches/07-parfait-errors.patch Thu Jan 09 03:35:51 2014 -0800 @@ -0,0 +1,185 @@ +Developed in-house, fed to community. +http://redmine.lighttpd.net/issues/2530 +Partially accepted, others should be fixed by version or not +at all, parfait annotations are ignored. Target version 1.4.34. + +--- src/mod_webdav.c 2013-10-11 07:42:39.116745543 -0700 ++++ src/mod_webdav.c 2013-10-11 07:43:19.220464118 -0700 +@@ -1717,7 +1717,7 @@ + if (-1 == c->file.fd && /* open the file if not already open */ + -1 == (c->file.fd = open(c->file.name->ptr, O_RDONLY))) { + log_error_write(srv, __FILE__, __LINE__, "ss", "open failed: ", strerror(errno)); +- ++ close(fd); + return HANDLER_ERROR; + } + +@@ -1726,7 +1726,7 @@ + strerror(errno), c->file.name, c->file.fd); + close(c->file.fd); + c->file.fd = -1; +- ++ close(fd); + return HANDLER_ERROR; + } + +--- src/lempar.c 2012-08-31 07:11:20.000000000 -0700 ++++ src/lempar.c 2013-10-14 02:10:29.201323553 -0700 +@@ -486,6 +486,9 @@ + }else if( yyact == YYNSTATE + YYNRULE + 1 ){ + yy_accept(yypParser); + } ++ /* Parfait_ALLOW memory-leak - false positive for variable yygotominor - memory is properly freed in function yy_accept above */ ++ /* parfait needs two comments here to stop complaining and accept Parfait_ALLOW directive, I don't know why */ ++ return; + } + + /* +--- src/mod_mysql_vhost.c 2010-08-17 02:04:38.000000000 -0700 ++++ src/mod_mysql_vhost.c 2013-10-14 03:48:47.184131818 -0700 +@@ -217,7 +217,10 @@ + + if (config_insert_values_global(srv, + ((data_config *)srv->config_context->data[i])->value, +- cv)) return HANDLER_ERROR; ++ cv)) { ++ buffer_free(sel); ++ return HANDLER_ERROR; ++ } + + s->mysql_pre = buffer_init(); + s->mysql_post = buffer_init(); +@@ -248,7 +251,7 @@ + + if (NULL == (s->mysql = mysql_init(NULL))) { + log_error_write(srv, __FILE__, __LINE__, "s", "mysql_init() failed, exiting..."); +- ++ buffer_free(sel); + return HANDLER_ERROR; + } + +@@ -268,7 +271,7 @@ + FOO(mydb), s->port, FOO(mysock), 0)) { + #endif + log_error_write(srv, __FILE__, __LINE__, "s", mysql_error(s->mysql)); +- ++ buffer_free(sel); + return HANDLER_ERROR; + } + #undef FOO +--- src/lemon.c 2012-08-31 07:11:20.000000000 -0700 ++++ src/lemon.c 2013-10-14 04:29:24.547185717 -0700 +@@ -453,13 +453,11 @@ + #define acttab_yylookahead(X,N) ((X)->aAction[N].lookahead) + + /* Free all memory associated with the given acttab */ +-/* + PRIVATE void acttab_free(acttab *p){ + free( p->aAction ); + free( p->aLookahead ); + free( p ); + } +-*/ + + /* Allocate a new acttab structure */ + PRIVATE acttab *acttab_alloc(void){ +@@ -3582,6 +3580,7 @@ + + fclose(in); + fclose(out); ++ acttab_free(pActtab); + return; + } + +--- src/fdevent.c 2012-08-31 07:11:20.000000000 -0700 ++++ src/fdevent.c 2013-10-14 03:55:48.707756259 -0700 +@@ -77,6 +77,7 @@ + + log_error_write(ev->srv, __FILE__, __LINE__, "S", + "event-handler is unknown, try to set server.event-handler = \"poll\" or \"select\""); ++ free(ev); + return NULL; + } + +--- src/array.c 2010-08-17 02:04:38.000000000 -0700 ++++ src/array.c 2013-10-14 07:05:54.354135229 -0700 +@@ -168,6 +168,7 @@ + data_unset *array_replace(array *a, data_unset *du) { + int ndx; + ++ if (du == NULL) return NULL; + if (-1 == (ndx = array_get_index(a, du->key->ptr, du->key->used, NULL))) { + array_insert_unique(a, du); + return NULL; +--- src/configfile.c 2012-11-07 06:50:29.000000000 -0800 ++++ src/configfile.c 2013-10-15 06:45:37.918474628 -0700 +@@ -1121,7 +1121,7 @@ + if (NULL != getcwd(dcwd->value->ptr, dcwd->value->size - 1)) { + dcwd->value->used = strlen(dcwd->value->ptr) + 1; + buffer_copy_string_len(dcwd->key, CONST_STR_LEN("var.CWD")); +- array_insert_unique(srv->config, (data_unset *)dcwd); ++ if (array_insert_unique(srv->config, (data_unset *)dcwd) == -1) dcwd->free(dcwd); + } + + ret = config_parse_file(srv, &context, fn); +@@ -1131,12 +1131,14 @@ + context_free(&context); + + if (0 != ret) { ++ /* Parfait_ALLOW memory-leak - false positive dcwd variable - memory is properly freed on server close */ + return ret; + } + + if (NULL != (dc = (data_config *)array_get_element(srv->config_context, "global"))) { + srv->config = dc->value; + } else { ++ /* Parfait_ALLOW memory-leak - false positive dcwd variable - memory is properly freed on server close */ + return -1; + } + +@@ -1146,6 +1148,7 @@ + + if (modules->type != TYPE_ARRAY) { + fprintf(stderr, "server.modules must be an array"); ++ /* Parfait_ALLOW memory-leak - false positive dcwd variable - memory is properly freed on server close */ + return -1; + } + +@@ -1159,19 +1162,23 @@ + } + + prepends = (data_array *)configparser_merge_data((data_unset *)prepends, (data_unset *)modules); ++ if (prepends == NULL) { ++ /* Parfait_ALLOW memory-leak - false positive dcwd variable - memory is properly freed on server close */ ++ return -1; ++ } + buffer_copy_string_buffer(prepends->key, modules->key); + array_replace(srv->config, (data_unset *)prepends); + modules->free((data_unset *)modules); + modules = prepends; + + /* append default modules */ +- if (NULL == array_get_element(modules->value, "mod_dirlisting")) { ++ if (modules != NULL && NULL == array_get_element(modules->value, "mod_dirlisting")) { + ds = data_string_init(); + buffer_copy_string_len(ds->value, CONST_STR_LEN("mod_dirlisting")); + array_insert_unique(modules->value, (data_unset *)ds); + } + +- if (NULL == array_get_element(modules->value, "mod_staticfile")) { ++ if (modules != NULL && NULL == array_get_element(modules->value, "mod_staticfile")) { + ds = data_string_init(); + buffer_copy_string_len(ds->value, CONST_STR_LEN("mod_staticfile")); + array_insert_unique(modules->value, (data_unset *)ds); +@@ -1200,9 +1207,11 @@ + + + if (0 != config_insert(srv)) { ++ /* Parfait_ALLOW memory-leak - false positive dcwd variable - memory is properly freed on server close */ + return -1; + } + ++ /* Parfait_ALLOW memory-leak - false positive dcwd variable - memory is properly freed on server close */ + return 0; + } +
--- a/components/lighttpd/patches/CVE-2011-4362.patch Thu Jan 30 15:02:39 2014 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,13 +0,0 @@ -http://redmine.lighttpd.net/issues/2370 - ---- src/http_auth.c Thu Jun 11 03:05:06 2009 -+++ src/http_auth.c Mon Mar 5 08:26:05 2012 -@@ -93,7 +93,7 @@ - ch = in[0]; - /* run through the whole string, converting as we go */ - for (i = 0; i < in_len; i++) { -- ch = in[i]; -+ ch = (unsigned char) in[i]; - - if (ch == '\0') break; -
--- a/components/lighttpd/patches/lighttpd-conf_file.patch Thu Jan 30 15:02:39 2014 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,114 +0,0 @@ ---- doc/lighttpd.conf-orig Thu Apr 9 13:02:00 2009 -+++ doc/lighttpd.conf Wed Nov 4 03:16:09 2009 -@@ -36,10 +36,10 @@ - - ## A static document-root. For virtual hosting take a look at the - ## mod_simple_vhost module. --server.document-root = "/srv/www/htdocs/" -+server.document-root = "/var/lighttpd/1.4/docroot" - - ## where to send error-messages to --server.errorlog = "/var/log/lighttpd/error.log" -+server.errorlog = "/var/lighttpd/1.4/logs/error.log" - - # files to check for if .../ is requested - index-file.names = ( "index.php", "index.html", -@@ -46,8 +46,10 @@ - "index.htm", "default.htm" ) - - ## set the event-handler (read the performance section in the manual) --# server.event-handler = "freebsd-kqueue" # needed on OS X -+server.event-handler = "solaris-devpoll" -+server.network-backend = "writev" - -+ - # mimetype mapping - mimetype.assign = ( - ".pdf" => "application/pdf", -@@ -115,7 +117,7 @@ - # server.tag = "lighttpd" - - #### accesslog module --accesslog.filename = "/var/log/lighttpd/access.log" -+accesslog.filename = "/var/lighttpd/1.4/logs/access.log" - - ## deny access the file-extensions - # -@@ -147,7 +149,7 @@ - #server.error-handler-404 = "/error-handler.php" - - ## to help the rc.scripts --#server.pid-file = "/var/run/lighttpd.pid" -+server.pid-file = "/var/run/lighttpd14.pid" - - - ###### virtual hosts -@@ -160,7 +162,7 @@ - ## or - ## virtual-server-root + http-host + virtual-server-docroot - ## --#simple-vhost.server-root = "/srv/www/vhosts/" -+#simple-vhost.server-root = "/var/lighttpd/1.4/vhosts/" - #simple-vhost.default-host = "www.example.org" - #simple-vhost.document-root = "/htdocs/" - -@@ -168,8 +170,7 @@ - ## - ## Format: <errorfile-prefix><status-code>.html - ## -> ..../status-404.html for 'File not found' --#server.errorfile-prefix = "/usr/share/lighttpd/errors/status-" --#server.errorfile-prefix = "/srv/www/errors/status-" -+#server.errorfile-prefix = "/var/lighttpd/1.4/errors/status-" - - ## virtual directory listings - #dir-listing.activate = "enable" -@@ -188,10 +189,10 @@ - #server.chroot = "/" - - ## change uid to <uid> (default: don't care) --#server.username = "wwwrun" -+server.username = "webservd" - - ## change uid to <uid> (default: don't care) --#server.groupname = "wwwrun" -+server.groupname = "webservd" - - #### compress module - #compress.cache-dir = "/var/cache/lighttpd/compress/" -@@ -214,8 +215,8 @@ - #fastcgi.server = ( ".php" => - # ( "localhost" => - # ( --# "socket" => "/var/run/lighttpd/php-fastcgi.socket", --# "bin-path" => "/usr/local/bin/php-cgi" -+# "socket" => "/tmp/lighttpd/php-fastcgi.socket", -+# "bin-path" => "/usr/php/bin/php-cgi" - # ) - # ) - # ) -@@ -274,7 +275,7 @@ - # %3 => subdomain 1 name - # %4 => subdomain 2 name - # --#evhost.path-pattern = "/srv/www/vhosts/%3/htdocs/" -+#evhost.path-pattern = "/var/lighttpd/1.4/vhosts/%3/htdocs/" - - #### expire module - #expire.url = ( "/buggy/" => "access 2 hours", "/asdhas/" => "access plus 1 seconds 2 minutes") -@@ -312,8 +313,8 @@ - #index-file.names += (foo + ".php") - - #### include --#include /etc/lighttpd/lighttpd-inc.conf --## same as above if you run: "lighttpd -f /etc/lighttpd/lighttpd.conf" -+#include /etc/lighttpd/1.4/lighttpd-inc.conf -+## same as above if you run: "lighttpd -f /etc/lighttpd/1.4/lighttpd.conf" - #include "lighttpd-inc.conf" - - #### include_shell -@@ -320,3 +321,5 @@ - #include_shell "echo var.a=1" - ## the above is same as: - #var.a=1 -+# Set the directory used for file uploads to /tmp -+server.upload-dirs = ( "/tmp" )
--- a/components/lighttpd/patches/lighttpd-manpage.patch Thu Jan 30 15:02:39 2014 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,15 +0,0 @@ ---- doc/lighttpd.8-orig Mon Mar 30 15:16:59 2009 -+++ doc/lighttpd.8 Mon Jun 20 08:03:16 2011 -@@ -47,10 +47,10 @@ - . - .SH FILES - .TP 8 --/etc/lighttpd/lighttpd.conf -+/etc/lighttpd/1.4/lighttpd.conf - The standard location for the configuration file. - .TP 8 --/var/run/lighttpd.pid -+/var/run/lighttpd14.pid - The standard location for the PID of the running \fBlighttpd\fP process. - . - .SH SEE ALSO
--- a/components/lighttpd/patches/lighttpd-nodelay.patch Thu Jan 30 15:02:39 2014 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,13 +0,0 @@ ---- src/network.c-orig Mon Sep 7 05:46:50 2009 -+++ src/network.c Mon Sep 7 05:59:17 2009 -@@ -175,6 +175,10 @@ - log_error_write(srv, __FILE__, __LINE__, "ss", "socketsockopt failed:", strerror(errno)); - return -1; - } -+ if (setsockopt(srv_socket->fd, IPPROTO_TCP, TCP_NODELAY, &val, sizeof(val)) < 0) { -+ log_error_write(srv, __FILE__, __LINE__, "ss", "socketsockopt failed:", strerror(errno)); -+ return -1; -+ } - - switch(srv_socket->addr.plain.sa_family) { - #ifdef HAVE_IPV6
--- a/components/lighttpd/patches/lighttpd-src.Makefile.am.patch Thu Jan 30 15:02:39 2014 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,216 +0,0 @@ ---- src/Makefile.am.orig 2012-02-10 08:34:40.481201984 -0800 -+++ src/Makefile.am 2012-02-10 08:36:45.578998263 -0800 -@@ -87,7 +87,7 @@ - lib_LTLIBRARIES += liblightcomp.la - liblightcomp_la_SOURCES=$(common_src) - liblightcomp_la_CFLAGS=$(AM_CFLAGS) --liblightcomp_la_LDFLAGS = -avoid-version -no-undefined -+liblightcomp_la_LDFLAGS = -avoid-version - liblightcomp_la_LIBADD = $(PCRE_LIB) $(SSL_LIB) $(FAM_LIBS) - common_libadd = liblightcomp.la - else -@@ -97,171 +97,171 @@ - - lib_LTLIBRARIES += mod_flv_streaming.la - mod_flv_streaming_la_SOURCES = mod_flv_streaming.c --mod_flv_streaming_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined -+mod_flv_streaming_la_LDFLAGS = -module -export-dynamic -avoid-version - mod_flv_streaming_la_LIBADD = $(common_libadd) - - lib_LTLIBRARIES += mod_evasive.la - mod_evasive_la_SOURCES = mod_evasive.c --mod_evasive_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined -+mod_evasive_la_LDFLAGS = -module -export-dynamic -avoid-version - mod_evasive_la_LIBADD = $(common_libadd) - - lib_LTLIBRARIES += mod_webdav.la - mod_webdav_la_SOURCES = mod_webdav.c - mod_webdav_la_CFLAGS = $(AM_CFLAGS) $(XML_CFLAGS) $(SQLITE_CFLAGS) --mod_webdav_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined -+mod_webdav_la_LDFLAGS = -module -export-dynamic -avoid-version - mod_webdav_la_LIBADD = $(common_libadd) $(XML_LIBS) $(SQLITE_LIBS) $(UUID_LIBS) - - lib_LTLIBRARIES += mod_magnet.la - mod_magnet_la_SOURCES = mod_magnet.c mod_magnet_cache.c - mod_magnet_la_CFLAGS = $(AM_CFLAGS) $(LUA_CFLAGS) --mod_magnet_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined -+mod_magnet_la_LDFLAGS = -module -export-dynamic -avoid-version - mod_magnet_la_LIBADD = $(common_libadd) $(LUA_LIBS) -lm - - lib_LTLIBRARIES += mod_cml.la - mod_cml_la_SOURCES = mod_cml.c mod_cml_lua.c mod_cml_funcs.c - mod_cml_la_CFLAGS = $(AM_CFLAGS) $(LUA_CFLAGS) --mod_cml_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined -+mod_cml_la_LDFLAGS = -module -export-dynamic -avoid-version - mod_cml_la_LIBADD = $(MEMCACHE_LIB) $(common_libadd) $(LUA_LIBS) -lm - - lib_LTLIBRARIES += mod_trigger_b4_dl.la - mod_trigger_b4_dl_la_SOURCES = mod_trigger_b4_dl.c --mod_trigger_b4_dl_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined -+mod_trigger_b4_dl_la_LDFLAGS = -module -export-dynamic -avoid-version - mod_trigger_b4_dl_la_LIBADD = $(GDBM_LIB) $(MEMCACHE_LIB) $(PCRE_LIB) $(common_libadd) - - lib_LTLIBRARIES += mod_mysql_vhost.la - mod_mysql_vhost_la_SOURCES = mod_mysql_vhost.c --mod_mysql_vhost_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined -+mod_mysql_vhost_la_LDFLAGS = -module -export-dynamic -avoid-version - mod_mysql_vhost_la_LIBADD = $(MYSQL_LIBS) $(common_libadd) - mod_mysql_vhost_la_CPPFLAGS = $(MYSQL_INCLUDE) - - lib_LTLIBRARIES += mod_cgi.la - mod_cgi_la_SOURCES = mod_cgi.c --mod_cgi_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined -+mod_cgi_la_LDFLAGS = -module -export-dynamic -avoid-version - mod_cgi_la_LIBADD = $(common_libadd) - - lib_LTLIBRARIES += mod_scgi.la - mod_scgi_la_SOURCES = mod_scgi.c --mod_scgi_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined -+mod_scgi_la_LDFLAGS = -module -export-dynamic -avoid-version - mod_scgi_la_LIBADD = $(common_libadd) - - lib_LTLIBRARIES += mod_staticfile.la - mod_staticfile_la_SOURCES = mod_staticfile.c --mod_staticfile_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined -+mod_staticfile_la_LDFLAGS = -module -export-dynamic -avoid-version - mod_staticfile_la_LIBADD = $(common_libadd) - - lib_LTLIBRARIES += mod_dirlisting.la - mod_dirlisting_la_SOURCES = mod_dirlisting.c --mod_dirlisting_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined -+mod_dirlisting_la_LDFLAGS = -module -export-dynamic -avoid-version - mod_dirlisting_la_LIBADD = $(common_libadd) $(PCRE_LIB) - - lib_LTLIBRARIES += mod_indexfile.la - mod_indexfile_la_SOURCES = mod_indexfile.c --mod_indexfile_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined -+mod_indexfile_la_LDFLAGS = -module -export-dynamic -avoid-version - mod_indexfile_la_LIBADD = $(common_libadd) - - lib_LTLIBRARIES += mod_setenv.la - mod_setenv_la_SOURCES = mod_setenv.c --mod_setenv_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined -+mod_setenv_la_LDFLAGS = -module -export-dynamic -avoid-version - mod_setenv_la_LIBADD = $(common_libadd) - - lib_LTLIBRARIES += mod_alias.la - mod_alias_la_SOURCES = mod_alias.c --mod_alias_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined -+mod_alias_la_LDFLAGS = -module -export-dynamic -avoid-version - mod_alias_la_LIBADD = $(common_libadd) - - lib_LTLIBRARIES += mod_userdir.la - mod_userdir_la_SOURCES = mod_userdir.c --mod_userdir_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined -+mod_userdir_la_LDFLAGS = -module -export-dynamic -avoid-version - mod_userdir_la_LIBADD = $(common_libadd) - - lib_LTLIBRARIES += mod_rrdtool.la - mod_rrdtool_la_SOURCES = mod_rrdtool.c --mod_rrdtool_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined -+mod_rrdtool_la_LDFLAGS = -module -export-dynamic -avoid-version - mod_rrdtool_la_LIBADD = $(common_libadd) - - lib_LTLIBRARIES += mod_usertrack.la - mod_usertrack_la_SOURCES = mod_usertrack.c --mod_usertrack_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined -+mod_usertrack_la_LDFLAGS = -module -export-dynamic -avoid-version - mod_usertrack_la_LIBADD = $(common_libadd) - - lib_LTLIBRARIES += mod_proxy.la - mod_proxy_la_SOURCES = mod_proxy.c --mod_proxy_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined -+mod_proxy_la_LDFLAGS = -module -export-dynamic -avoid-version - mod_proxy_la_LIBADD = $(common_libadd) - - lib_LTLIBRARIES += mod_ssi.la - mod_ssi_la_SOURCES = mod_ssi_exprparser.c mod_ssi_expr.c mod_ssi.c --mod_ssi_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined -+mod_ssi_la_LDFLAGS = -module -export-dynamic -avoid-version - mod_ssi_la_LIBADD = $(common_libadd) $(PCRE_LIB) - - lib_LTLIBRARIES += mod_secdownload.la - mod_secdownload_la_SOURCES = mod_secure_download.c --mod_secdownload_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined -+mod_secdownload_la_LDFLAGS = -module -export-dynamic -avoid-version - mod_secdownload_la_LIBADD = $(common_libadd) - - #lib_LTLIBRARIES += mod_httptls.la - #mod_httptls_la_SOURCES = mod_httptls.c --#mod_httptls_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined -+#mod_httptls_la_LDFLAGS = -module -export-dynamic -avoid-version - #mod_httptls_la_LIBADD = $(common_libadd) - - lib_LTLIBRARIES += mod_expire.la - mod_expire_la_SOURCES = mod_expire.c --mod_expire_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined -+mod_expire_la_LDFLAGS = -module -export-dynamic -avoid-version - mod_expire_la_LIBADD = $(common_libadd) - - lib_LTLIBRARIES += mod_evhost.la - mod_evhost_la_SOURCES = mod_evhost.c --mod_evhost_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined -+mod_evhost_la_LDFLAGS = -module -export-dynamic -avoid-version - mod_evhost_la_LIBADD = $(common_libadd) - - lib_LTLIBRARIES += mod_simple_vhost.la - mod_simple_vhost_la_SOURCES = mod_simple_vhost.c --mod_simple_vhost_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined -+mod_simple_vhost_la_LDFLAGS = -module -export-dynamic -avoid-version - mod_simple_vhost_la_LIBADD = $(common_libadd) - - lib_LTLIBRARIES += mod_fastcgi.la - mod_fastcgi_la_SOURCES = mod_fastcgi.c --mod_fastcgi_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined -+mod_fastcgi_la_LDFLAGS = -module -export-dynamic -avoid-version - mod_fastcgi_la_LIBADD = $(common_libadd) - - lib_LTLIBRARIES += mod_extforward.la - mod_extforward_la_SOURCES = mod_extforward.c --mod_extforward_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined -+mod_extforward_la_LDFLAGS = -module -export-dynamic -avoid-version - mod_extforward_la_LIBADD = $(common_libadd) - - lib_LTLIBRARIES += mod_access.la - mod_access_la_SOURCES = mod_access.c --mod_access_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined -+mod_access_la_LDFLAGS = -module -export-dynamic -avoid-version - mod_access_la_LIBADD = $(common_libadd) - - lib_LTLIBRARIES += mod_compress.la - mod_compress_la_SOURCES = mod_compress.c --mod_compress_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined -+mod_compress_la_LDFLAGS = -module -export-dynamic -avoid-version - mod_compress_la_LIBADD = $(Z_LIB) $(BZ_LIB) $(common_libadd) - - lib_LTLIBRARIES += mod_auth.la - mod_auth_la_SOURCES = mod_auth.c http_auth_digest.c http_auth.c --mod_auth_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined -+mod_auth_la_LDFLAGS = -module -export-dynamic -avoid-version - mod_auth_la_LIBADD = $(CRYPT_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd) - - lib_LTLIBRARIES += mod_rewrite.la - mod_rewrite_la_SOURCES = mod_rewrite.c --mod_rewrite_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined -+mod_rewrite_la_LDFLAGS = -module -export-dynamic -avoid-version - mod_rewrite_la_LIBADD = $(PCRE_LIB) $(common_libadd) - - lib_LTLIBRARIES += mod_redirect.la - mod_redirect_la_SOURCES = mod_redirect.c --mod_redirect_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined -+mod_redirect_la_LDFLAGS = -module -export-dynamic -avoid-version - mod_redirect_la_LIBADD = $(PCRE_LIB) $(common_libadd) - - lib_LTLIBRARIES += mod_status.la - mod_status_la_SOURCES = mod_status.c --mod_status_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined -+mod_status_la_LDFLAGS = -module -export-dynamic -avoid-version - mod_status_la_LIBADD = $(common_libadd) - - lib_LTLIBRARIES += mod_accesslog.la - mod_accesslog_la_SOURCES = mod_accesslog.c --mod_accesslog_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined -+mod_accesslog_la_LDFLAGS = -module -export-dynamic -avoid-version - mod_accesslog_la_LIBADD = $(common_libadd) - -
--- a/components/lighttpd/patches/lighttpd_fix_slow_request_dos.patch Thu Jan 30 15:02:39 2014 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,209 +0,0 @@ -diff -u -r lighttpd-1.4.23-orig/src/base.h lighttpd-1.4.23/src/base.h ---- src/base.h Thu Jun 11 02:44:17 2009 -+++ src/base.h Tue Aug 24 04:16:29 2010 -@@ -421,7 +421,6 @@ - - #ifdef USE_OPENSSL - SSL *ssl; -- buffer *ssl_error_want_reuse_buffer; - #endif - /* etag handling */ - etag_flags_t etag_flags; -Only in lighttpd-1.4.23/src: base.h.orig -diff -u -r lighttpd-1.4.23-orig/src/chunk.c lighttpd-1.4.23/src/chunk.c ---- src/chunk.c Mon Mar 30 15:16:59 2009 -+++ src/chunk.c Tue Aug 24 04:12:50 2010 -@@ -197,8 +197,6 @@ - int chunkqueue_append_buffer_weak(chunkqueue *cq, buffer *mem) { - chunk *c; - -- if (mem->used == 0) return 0; -- - c = chunkqueue_get_unused_chunk(cq); - c->type = MEM_CHUNK; - c->offset = 0; -diff -u -r lighttpd-1.4.23-orig/src/connections.c lighttpd-1.4.23/src/connections.c ---- src/connections.c Thu Jun 11 06:54:30 2009 -+++ src/connections.c Tue Aug 24 04:12:50 2010 -@@ -192,40 +192,42 @@ - - static int connection_handle_read_ssl(server *srv, connection *con) { - #ifdef USE_OPENSSL -- int r, ssl_err, len, count = 0; -+ int r, ssl_err, len, count = 0, read_offset, toread; - buffer *b = NULL; - - if (!con->conf.is_ssl) return -1; - -- /* don't resize the buffer if we were in SSL_ERROR_WANT_* */ -- - ERR_clear_error(); - do { -- if (!con->ssl_error_want_reuse_buffer) { -- b = buffer_init(); -- buffer_prepare_copy(b, SSL_pending(con->ssl) + (16 * 1024)); /* the pending bytes + 16kb */ -+ if (NULL != con->read_queue->last) { -+ b = con->read_queue->last->mem; -+ } - -+ if (NULL == b || b->size - b->used < 1024) { -+ b = chunkqueue_get_append_buffer(con->read_queue); -+ len = SSL_pending(con->ssl); -+ if (len < 4*1024) len = 4*1024; /* always alloc >= 4k buffer */ -+ buffer_prepare_copy(b, len + 1); -+ - /* overwrite everything with 0 */ - memset(b->ptr, 0, b->size); -- } else { -- b = con->ssl_error_want_reuse_buffer; - } - -- len = SSL_read(con->ssl, b->ptr, b->size - 1); -- con->ssl_error_want_reuse_buffer = NULL; /* reuse it only once */ -+ read_offset = (b->used > 0) ? b->used - 1 : 0; -+ toread = b->size - 1 - read_offset; - -+ len = SSL_read(con->ssl, b->ptr + read_offset, toread); -+ - if (len > 0) { -- b->used = len; -+ if (b->used > 0) b->used--; -+ b->used += len; - b->ptr[b->used++] = '\0'; - -- /* we move the buffer to the chunk-queue, no need to free it */ -+ con->bytes_read += len; - -- chunkqueue_append_buffer_weak(con->read_queue, b); - count += len; -- con->bytes_read += len; -- b = NULL; - } -- } while (len > 0 && count < MAX_READ_LIMIT); -+ } while (len == toread && count < MAX_READ_LIMIT); - - - if (len < 0) { -@@ -234,11 +236,11 @@ - case SSL_ERROR_WANT_READ: - case SSL_ERROR_WANT_WRITE: - con->is_readable = 0; -- con->ssl_error_want_reuse_buffer = b; - -- b = NULL; -+ /* the manual says we have to call SSL_read with the same arguments next time. -+ * we ignore this restriction; no one has complained about it in 1.5 yet, so it probably works anyway. -+ */ - -- /* we have to steal the buffer from the queue-queue */ - return 0; - case SSL_ERROR_SYSCALL: - /** -@@ -297,16 +299,11 @@ - - connection_set_state(srv, con, CON_STATE_ERROR); - -- buffer_free(b); -- - return -1; - } else if (len == 0) { - con->is_readable = 0; - /* the other end close the connection -> KEEP-ALIVE */ - -- /* pipelining */ -- buffer_free(b); -- - return -2; - } - -@@ -321,26 +318,41 @@ - static int connection_handle_read(server *srv, connection *con) { - int len; - buffer *b; -- int toread; -+ int toread, read_offset; - - if (con->conf.is_ssl) { - return connection_handle_read_ssl(srv, con); - } - -+ b = (NULL != con->read_queue->last) ? con->read_queue->last->mem : NULL; -+ -+ /* default size for chunks is 4kb; only use bigger chunks if FIONREAD tells -+ * us more than 4kb is available -+ * if FIONREAD doesn't signal a big chunk we fill the previous buffer -+ * if it has >= 1kb free -+ */ - #if defined(__WIN32) -- b = chunkqueue_get_append_buffer(con->read_queue); -- buffer_prepare_copy(b, 4 * 1024); -- len = recv(con->fd, b->ptr, b->size - 1, 0); --#else -- if (ioctl(con->fd, FIONREAD, &toread) || toread == 0) { -+ if (NULL == b || b->size - b->used < 1024) { - b = chunkqueue_get_append_buffer(con->read_queue); - buffer_prepare_copy(b, 4 * 1024); -+ } -+ -+ read_offset = (b->used == 0) ? 0 : b->used - 1; -+ len = recv(con->fd, b->ptr + read_offset, b->size - 1 - read_offset, 0); -+#else -+ if (ioctl(con->fd, FIONREAD, &toread) || toread == 0 || toread <= 4*1024) { -+ if (NULL == b || b->size - b->used < 1024) { -+ b = chunkqueue_get_append_buffer(con->read_queue); -+ buffer_prepare_copy(b, 4 * 1024); -+ } - } else { - if (toread > MAX_READ_LIMIT) toread = MAX_READ_LIMIT; - b = chunkqueue_get_append_buffer(con->read_queue); - buffer_prepare_copy(b, toread + 1); - } -- len = read(con->fd, b->ptr, b->size - 1); -+ -+ read_offset = (b->used == 0) ? 0 : b->used - 1; -+ len = read(con->fd, b->ptr + read_offset, b->size - 1 - read_offset); - #endif - - if (len < 0) { -@@ -374,7 +386,8 @@ - con->is_readable = 0; - } - -- b->used = len; -+ if (b->used > 0) b->used--; -+ b->used += len; - b->ptr[b->used++] = '\0'; - - con->bytes_read += len; -@@ -841,13 +854,6 @@ - /* The cond_cache gets reset in response.c */ - /* config_cond_cache_reset(srv, con); */ - --#ifdef USE_OPENSSL -- if (con->ssl_error_want_reuse_buffer) { -- buffer_free(con->ssl_error_want_reuse_buffer); -- con->ssl_error_want_reuse_buffer = NULL; -- } --#endif -- - con->header_len = 0; - con->in_error_handler = 0; - -@@ -1131,8 +1137,15 @@ - } else { - buffer *b; - -- b = chunkqueue_get_append_buffer(dst_cq); -- buffer_copy_string_len(b, c->mem->ptr + c->offset, toRead); -+ if (dst_cq->last && -+ dst_cq->last->type == MEM_CHUNK) { -+ b = dst_cq->last->mem; -+ } else { -+ b = chunkqueue_get_append_buffer(dst_cq); -+ /* prepare buffer size for remaining POST data; is < 64kb */ -+ buffer_prepare_copy(b, con->request.content_length - dst_cq->bytes_in + 1); -+ } -+ buffer_append_string_len(b, c->mem->ptr + c->offset, toRead); - } - - c->offset += toRead;