17600553 Upgrade lighttpd to version 1.4.33
17488086 problem in UTILITY/LIGHTTPD
17536689 problem in UTILITY/LIGHTTPD
--- a/components/lighttpd/Makefile Fri Jan 17 17:43:13 2014 +0100
+++ b/components/lighttpd/Makefile Tue Jan 14 08:01:05 2014 -0800
@@ -20,18 +20,18 @@
#
#
-# Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
#
include ../../make-rules/shared-macros.mk
COMPONENT_NAME= lighttpd
-COMPONENT_VERSION= 1.4.23
+COMPONENT_VERSION= 1.4.33
COMPONENT_PROJECT_URL= http://www.lighttpd.net/
COMPONENT_SRC= $(COMPONENT_NAME)-$(COMPONENT_VERSION)
COMPONENT_ARCHIVE= $(COMPONENT_SRC).tar.gz
COMPONENT_ARCHIVE_HASH= \
- sha256:8555db22ed7d429160701555611d8cd5eff42fc7e6e3ad3b050279c9b2145469
+ sha256:91f574d8bea8d9f75535e86cb2abc389beb8be24f003b71e6304b8c8ba1d3753
COMPONENT_ARCHIVE_URL= $(COMPONENT_PROJECT_URL)download/$(COMPONENT_ARCHIVE)
LIGHTTPD_INSTALLDIR=/usr/lighttpd/1.4
@@ -42,7 +42,7 @@
PATCH_LEVEL=0
-# libtool linking will fail unless we re-create configure.
+# We need to run autogen because we patch configure.ac file
COMPONENT_PREP_ACTION = ( cd $(@D) ; $(CONFIG_SHELL) autogen.sh )
# lighttpd is logging using __FILE__ macro. Cloning will make this happen
--- a/components/lighttpd/lighttpd.license Fri Jan 17 17:43:13 2014 +0100
+++ b/components/lighttpd/lighttpd.license Tue Jan 14 08:01:05 2014 -0800
@@ -1,9 +1,3 @@
--------------------
-- lighttpd 1.4.23 -
--------------------
-
-Oracle Internal Tracking Number 5585
-
Copyright (c) 2004, Jan Kneschke, incremental
All rights reserved.
--- a/components/lighttpd/lighttpd.p5m Fri Jan 17 17:43:13 2014 +0100
+++ b/components/lighttpd/lighttpd.p5m Tue Jan 14 08:01:05 2014 -0800
@@ -18,7 +18,7 @@
#
# CDDL HEADER END
#
-# Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
#
<transform file path=usr.*/man/.+ -> default mangler.man.stability uncommitted>
@@ -26,6 +26,8 @@
value=pkg:/web/server/[email protected]$(IPS_COMPONENT_VERSION),$(BUILD_VERSION)
set name=pkg.summary \
value="The Lighttpd Web Server"
+set name=com.oracle.info.description value="the Lightppd web server"
+set name=com.oracle.info.tpno value=15577
set name=info.classification \
value="org.opensolaris.category.2008:Web Services/Application and Web Servers"
set name=info.upstream-url value=$(COMPONENT_PROJECT_URL)
@@ -67,17 +69,67 @@
dir path=var/lighttpd/1.4
dir path=var/lighttpd/1.4/docroot
dir path=var/lighttpd/1.4/errors
-dir path=var/lighttpd/1.4/logs group=webservd owner=webservd
+dir path=var/lighttpd/1.4/logs group=webservd owner=webservd mode=700
dir path=var/lighttpd/1.4/vhosts
+dir path=var/lighttpd/1.4/sockets
+file doc/config/conf.d/access_log.conf path=etc/lighttpd/1.4/conf.d/access_log.conf \
+ mode=0644 preserve=renamenew
+file doc/config/conf.d/compress.conf path=etc/lighttpd/1.4/conf.d/compress.conf \
+ mode=0644 preserve=renamenew
+file doc/config/conf.d/trigger_b4_dl.conf path=etc/lighttpd/1.4/conf.d/trigger_b4_dl.conf \
+ mode=0644 preserve=renamenew
+file doc/config/conf.d/webdav.conf path=etc/lighttpd/1.4/conf.d/webdav.conf \
+ mode=0644 preserve=renamenew
+file doc/config/conf.d/ssi.conf path=etc/lighttpd/1.4/conf.d/ssi.conf \
+ mode=0644 preserve=renamenew
+file doc/config/conf.d/cml.conf path=etc/lighttpd/1.4/conf.d/cml.conf \
+ mode=0644 preserve=renamenew
+file doc/config/conf.d/mime.conf path=etc/lighttpd/1.4/conf.d/mime.conf \
+ mode=0644 preserve=renamenew
+file doc/config/conf.d/auth.conf path=etc/lighttpd/1.4/conf.d/auth.conf \
+ mode=0644 preserve=renamenew
+file doc/config/conf.d/status.conf path=etc/lighttpd/1.4/conf.d/status.conf \
+ mode=0644 preserve=renamenew
+file doc/config/conf.d/simple_vhost.conf path=etc/lighttpd/1.4/conf.d/simple_vhost.conf \
+ mode=0644 preserve=renamenew
+file doc/config/conf.d/proxy.conf path=etc/lighttpd/1.4/conf.d/proxy.conf \
+ mode=0644 preserve=renamenew
+file doc/config/conf.d/rrdtool.conf path=etc/lighttpd/1.4/conf.d/rrdtool.conf \
+ mode=0644 preserve=renamenew
+file doc/config/conf.d/evhost.conf path=etc/lighttpd/1.4/conf.d/evhost.conf \
+ mode=0644 preserve=renamenew
+file doc/config/conf.d/magnet.conf path=etc/lighttpd/1.4/conf.d/magnet.conf \
+ mode=0644 preserve=renamenew
+file doc/config/conf.d/expire.conf path=etc/lighttpd/1.4/conf.d/expire.conf \
+ mode=0644 preserve=renamenew
+file doc/config/conf.d/debug.conf path=etc/lighttpd/1.4/conf.d/debug.conf \
+ mode=0644 preserve=renamenew
+file doc/config/conf.d/scgi.conf path=etc/lighttpd/1.4/conf.d/scgi.conf \
+ mode=0644 preserve=renamenew
+file doc/config/conf.d/mysql_vhost.conf path=etc/lighttpd/1.4/conf.d/mysql_vhost.conf \
+ mode=0644 preserve=renamenew
+file doc/config/conf.d/fastcgi.conf path=etc/lighttpd/1.4/conf.d/fastcgi.conf \
+ mode=0644 preserve=renamenew
+file doc/config/conf.d/userdir.conf path=etc/lighttpd/1.4/conf.d/userdir.conf \
+ mode=0644 preserve=renamenew
+file doc/config/conf.d/secdownload.conf path=etc/lighttpd/1.4/conf.d/secdownload.conf \
+ mode=0644 preserve=renamenew
+file doc/config/conf.d/dirlisting.conf path=etc/lighttpd/1.4/conf.d/dirlisting.conf \
+ mode=0644 preserve=renamenew
+file doc/config/conf.d/cgi.conf path=etc/lighttpd/1.4/conf.d/cgi.conf \
+ mode=0644 preserve=renamenew
+
file Solaris/fcgi-php.conf path=etc/lighttpd/1.4/conf.d/fcgi-php.conf \
mode=0644 preserve=renamenew \
original_name=SUNWlighttpd14:etc/lighttpd/1.4/conf.d/fcgi-php.conf
file Solaris/ssl.conf path=etc/lighttpd/1.4/conf.d/ssl.conf \
mode=0644 preserve=renamenew \
original_name=SUNWlighttpd14:etc/lighttpd/1.4/conf.d/ssl.conf
-file doc/lighttpd.conf path=etc/lighttpd/1.4/lighttpd.conf \
+file doc/config/lighttpd.conf path=etc/lighttpd/1.4/lighttpd.conf \
mode=0644 preserve=renamenew \
original_name=SUNWlighttpd14:etc/lighttpd/1.4/lighttpd.conf
+file doc/config/modules.conf path=etc/lighttpd/1.4/modules.conf \
+ mode=0644 preserve=renamenew
file Solaris/auth_attr path=etc/security/auth_attr.d/lighttpd
file Solaris/prof_attr path=etc/security/prof_attr.d/lighttpd
file Solaris/http-lighttpd14.xml path=lib/svc/manifest/network/http-lighttpd14.xml--- a/components/lighttpd/patches/CVE-2011-4362.patch Fri Jan 17 17:43:13 2014 +0100
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,13 +0,0 @@
-http://redmine.lighttpd.net/issues/2370
-
---- src/http_auth.c Thu Jun 11 03:05:06 2009
-+++ src/http_auth.c Mon Mar 5 08:26:05 2012
[email protected]@ -93,7 +93,7 @@
- ch = in[0];
- /* run through the whole string, converting as we go */
- for (i = 0; i < in_len; i++) {
-- ch = in[i];
-+ ch = (unsigned char) in[i];
-
- if (ch == '\0') break;
- --- a/components/lighttpd/patches/lighttpd-conf_file.patch Fri Jan 17 17:43:13 2014 +0100
+++ b/components/lighttpd/patches/lighttpd-conf_file.patch Tue Jan 14 08:01:05 2014 -0800
@@ -1,114 +1,108 @@
---- doc/lighttpd.conf-orig Thu Apr 9 13:02:00 2009
-+++ doc/lighttpd.conf Wed Nov 4 03:16:09 2009
[email protected]@ -36,10 +36,10 @@
-
- ## A static document-root. For virtual hosting take a look at the
- ## mod_simple_vhost module.
--server.document-root = "/srv/www/htdocs/"
-+server.document-root = "/var/lighttpd/1.4/docroot"
+--- doc/config/lighttpd.conf 2014-01-22 05:36:22.027115196 -0800
++++ doc/config/lighttpd.conf 2014-01-22 05:34:05.471641339 -0800
[email protected]@ -13,11 +13,11 @@
+ ## if you add a variable here. Add the corresponding variable in the
+ ## chroot example aswell.
+ ##
+-var.log_root = "/var/log/lighttpd"
+-var.server_root = "/srv/www"
+-var.state_dir = "/var/run"
+-var.home_dir = "/var/lib/lighttpd"
+-var.conf_dir = "/etc/lighttpd"
++var.log_root = "/var/lighttpd/1.4/logs"
++var.server_root = "/var/lighttpd/1.4"
++var.state_dir = log_root
++var.home_dir = server_root
++var.conf_dir = "/etc/lighttpd/1.4"
- ## where to send error-messages to
--server.errorlog = "/var/log/lighttpd/error.log"
-+server.errorlog = "/var/lighttpd/1.4/logs/error.log"
+ ##
+ ## run the server chrooted.
[email protected]@ -58,7 +58,7 @@
+ ## used in:
+ ## conf.d/compress.conf
+ ##
+-var.cache_dir = "/var/cache/lighttpd"
++var.cache_dir = server_root + "/cache"
- # files to check for if .../ is requested
- index-file.names = ( "index.php", "index.html",
[email protected]@ -46,8 +46,10 @@
- "index.htm", "default.htm" )
-
- ## set the event-handler (read the performance section in the manual)
--# server.event-handler = "freebsd-kqueue" # needed on OS X
-+server.event-handler = "solaris-devpoll"
-+server.network-backend = "writev"
+ ##
+ ## Base directory for sockets.
[email protected]@ -101,8 +101,8 @@
+ ## Run as a different username/groupname.
+ ## This requires root permissions during startup.
+ ##
+-server.username = "lighttpd"
+-server.groupname = "lighttpd"
++server.username = "webservd"
++server.groupname = "webservd"
-+
- # mimetype mapping
- mimetype.assign = (
- ".pdf" => "application/pdf",
[email protected]@ -115,7 +117,7 @@
- # server.tag = "lighttpd"
+ ##
+ ## enable core files.
[email protected]@ -112,7 +112,7 @@
+ ##
+ ## Document root
+ ##
+-server.document-root = server_root + "/htdocs"
++server.document-root = server_root + "/docroot"
- #### accesslog module
--accesslog.filename = "/var/log/lighttpd/access.log"
-+accesslog.filename = "/var/lighttpd/1.4/logs/access.log"
-
- ## deny access the file-extensions
- #
[email protected]@ -147,7 +149,7 @@
- #server.error-handler-404 = "/error-handler.php"
+ ##
+ ## The value for the "Server:" response field.
[email protected]@ -124,7 +124,8 @@
+ ##
+ ## store a pid file
+ ##
+-server.pid-file = state_dir + "/lighttpd.pid"
++# There must be full path in order to SMF methods work properly
++server.pid-file = "/var/lighttpd/1.4/logs/lighttpd14.pid"
- ## to help the rc.scripts
--#server.pid-file = "/var/run/lighttpd.pid"
-+server.pid-file = "/var/run/lighttpd14.pid"
-
+ ##
+ #######################################################################
[email protected]@ -178,7 +178,7 @@
+ ##
+ ## linux-sysepoll is recommended on kernel 2.6.
+ ##
+-server.event-handler = "linux-sysepoll"
++server.event-handler = "solaris-devpoll"
- ###### virtual hosts
[email protected]@ -160,7 +162,7 @@
- ## or
- ## virtual-server-root + http-host + virtual-server-docroot
+ ##
+ ## The basic network interface for all platforms at the syscalls read()
[email protected]@ -188,7 +188,7 @@
+ ## linux-sendfile - is recommended for small files.
+ ## writev - is recommended for sending many large files
+ ##
+-server.network-backend = "linux-sendfile"
++server.network-backend = "solaris-sendfilev"
+
##
--#simple-vhost.server-root = "/srv/www/vhosts/"
-+#simple-vhost.server-root = "/var/lighttpd/1.4/vhosts/"
- #simple-vhost.default-host = "www.example.org"
- #simple-vhost.document-root = "/htdocs/"
+ ## As lighttpd is a single-threaded server, its main resource limit is
[email protected]@ -296,7 +296,7 @@
+ ## "index.htm", "default.htm" )
+ ##
+ index-file.names += (
+- "index.xhtml", "index.html", "index.htm", "default.htm", "index.php"
++ "index.php", "index.html", "index.htm", "default.htm", "index.xhtml"
+ )
[email protected]@ -168,8 +170,7 @@
##
[email protected]@ -345,7 +345,7 @@
## Format: <errorfile-prefix><status-code>.html
## -> ..../status-404.html for 'File not found'
--#server.errorfile-prefix = "/usr/share/lighttpd/errors/status-"
--#server.errorfile-prefix = "/srv/www/errors/status-"
+ ##
+-#server.errorfile-prefix = "/srv/www/htdocs/errors/status-"
+#server.errorfile-prefix = "/var/lighttpd/1.4/errors/status-"
- ## virtual directory listings
- #dir-listing.activate = "enable"
[email protected]@ -188,10 +189,10 @@
- #server.chroot = "/"
-
- ## change uid to <uid> (default: don't care)
--#server.username = "wwwrun"
-+server.username = "webservd"
-
- ## change uid to <uid> (default: don't care)
--#server.groupname = "wwwrun"
-+server.groupname = "webservd"
-
- #### compress module
- #compress.cache-dir = "/var/cache/lighttpd/compress/"
[email protected]@ -214,8 +215,8 @@
- #fastcgi.server = ( ".php" =>
- # ( "localhost" =>
- # (
--# "socket" => "/var/run/lighttpd/php-fastcgi.socket",
--# "bin-path" => "/usr/local/bin/php-cgi"
-+# "socket" => "/tmp/lighttpd/php-fastcgi.socket",
-+# "bin-path" => "/usr/php/bin/php-cgi"
- # )
- # )
- # )
[email protected]@ -274,7 +275,7 @@
- # %3 => subdomain 1 name
- # %4 => subdomain 2 name
- #
--#evhost.path-pattern = "/srv/www/vhosts/%3/htdocs/"
-+#evhost.path-pattern = "/var/lighttpd/1.4/vhosts/%3/htdocs/"
-
- #### expire module
- #expire.url = ( "/buggy/" => "access 2 hours", "/asdhas/" => "access plus 1 seconds 2 minutes")
[email protected]@ -312,8 +313,8 @@
- #index-file.names += (foo + ".php")
-
- #### include
--#include /etc/lighttpd/lighttpd-inc.conf
--## same as above if you run: "lighttpd -f /etc/lighttpd/lighttpd.conf"
-+#include /etc/lighttpd/1.4/lighttpd-inc.conf
-+## same as above if you run: "lighttpd -f /etc/lighttpd/1.4/lighttpd.conf"
- #include "lighttpd-inc.conf"
-
- #### include_shell
[email protected]@ -320,3 +321,5 @@
- #include_shell "echo var.a=1"
- ## the above is same as:
- #var.a=1
-+# Set the directory used for file uploads to /tmp
-+server.upload-dirs = ( "/tmp" )
+ ##
+ ## mimetype mapping
+116,128d121
+--- doc/config/conf.d/fastcgi.conf 2013-10-07 07:21:24.418114603 -0700
++++ doc/config/conf.d/fastcgi.conf 2013-10-07 07:24:01.824986033 -0700
[email protected]@ -22,8 +22,8 @@
+ #fastcgi.server = ( ".php" =>
+ # ( "php-local" =>
+ # (
+-# "socket" => socket_dir + "/php-fastcgi-1.socket",
+-# "bin-path" => server_root + "/cgi-bin/php5",
++# "socket" => socket_dir + "/php-fastcgi.socket",
++# "bin-path" => "/usr/php/bin/php-cgi",
+ # "max-procs" => 1,
+ # "broken-scriptfilename" => "enable",
+ # )
--- a/components/lighttpd/patches/lighttpd-manpage.patch Fri Jan 17 17:43:13 2014 +0100
+++ b/components/lighttpd/patches/lighttpd-manpage.patch Tue Jan 14 08:01:05 2014 -0800
@@ -1,3 +1,7 @@
+Developed in-house, not fed back.
+Solaris specific: manpage update to reflect Solaris specific
+configuration.
+
--- doc/lighttpd.8-orig Mon Mar 30 15:16:59 2009
+++ doc/lighttpd.8 Mon Jun 20 08:03:16 2011
@@ -47,10 +47,10 @@
--- a/components/lighttpd/patches/lighttpd-nodelay.patch Fri Jan 17 17:43:13 2014 +0100
+++ b/components/lighttpd/patches/lighttpd-nodelay.patch Tue Jan 14 08:01:05 2014 -0800
@@ -1,12 +1,16 @@
---- src/network.c-orig Mon Sep 7 05:46:50 2009
-+++ src/network.c Mon Sep 7 05:59:17 2009
[email protected]@ -175,6 +175,10 @@
- log_error_write(srv, __FILE__, __LINE__, "ss", "socketsockopt failed:", strerror(errno));
- return -1;
+Developed in-house reflecting community issue.
+http://redmine.lighttpd.net/issues/1239
+Solaris-specific, currently ignored by community.
+
+--- src/network.c 2013-11-05 09:41:41.841723296 -0800
++++ src/network.c 2013-11-05 09:40:25.359053258 -0800
[email protected]@ -251,6 +251,10 @@
+ log_error_write(srv, __FILE__, __LINE__, "ss", "socketsockopt(SO_REUSEADDR) failed:", strerror(errno));
+ goto error_free_socket;
}
+ if (setsockopt(srv_socket->fd, IPPROTO_TCP, TCP_NODELAY, &val, sizeof(val)) < 0) {
-+ log_error_write(srv, __FILE__, __LINE__, "ss", "socketsockopt failed:", strerror(errno));
-+ return -1;
++ log_error_write(srv, __FILE__, __LINE__, "ss", "socketsockopt(TCP_NODELAY) failed:", strerror(errno));
++ goto error_free_socket;
+ }
switch(srv_socket->addr.plain.sa_family) {--- a/components/lighttpd/patches/lighttpd-src.Makefile.am.patch Fri Jan 17 17:43:13 2014 +0100
+++ b/components/lighttpd/patches/lighttpd-src.Makefile.am.patch Tue Jan 14 08:01:05 2014 -0800
@@ -1,216 +1,239 @@
---- src/Makefile.am.orig 2012-02-10 08:34:40.481201984 -0800
-+++ src/Makefile.am 2012-02-10 08:36:45.578998263 -0800
[email protected]@ -87,7 +87,7 @@
- lib_LTLIBRARIES += liblightcomp.la
- liblightcomp_la_SOURCES=$(common_src)
- liblightcomp_la_CFLAGS=$(AM_CFLAGS)
--liblightcomp_la_LDFLAGS = -avoid-version -no-undefined
-+liblightcomp_la_LDFLAGS = -avoid-version
- liblightcomp_la_LIBADD = $(PCRE_LIB) $(SSL_LIB) $(FAM_LIBS)
- common_libadd = liblightcomp.la
- else
[email protected]@ -97,171 +97,171 @@
+Developed in-house, fed back, accepted for ver 1.4.34
+http://redmine.lighttpd.net/issues/2533
+Due to differences between Linux and Solaris, we have to change
+behavior of libtool, which uses -z defs even for shared libraries,
+but this couldn't be used on Solaris.
+There is -z text that could be used instead, but that would
+require patching libtool files on build machine. So we skip
+ -z defs by omitting -no-undefined
+
+--- configure.ac 2013-11-04 03:03:07.543168957 -0800
++++ configure.ac 2013-11-04 03:02:30.584721483 -0800
[email protected]@ -45,6 +45,13 @@
+ AC_ISC_POSIX
+ AC_MINIX
++dnl Fix no-undefined if on solaris
++case $host_os in
++ *solaris* ) LIB_NO_UNDEFINED=no;;
++ * ) LIB_NO_UNDEFINED=yes;;
++esac
++AM_CONDITIONAL(LIB_NO_UNDEFINED, test x$LIB_NO_UNDEFINED = xyes)
++
+ dnl AC_CANONICAL_HOST
+ case $host_os in
+ *darwin*|*cygwin*|*aix*|*mingw* ) NO_RDYNAMIC=yes;;
+--- src/Makefile.am 2013-11-04 05:37:18.206746790 -0800
++++ src/Makefile.am 2013-11-04 05:37:09.639723519 -0800
[email protected]@ -96,173 +96,178 @@
+ common_libadd =
+ endif
+
++if LIB_NO_UNDEFINED
++LIB_NO_UNDEF="-no-undefined"
++else
++LIB_NO_UNDEF=""
++endif
lib_LTLIBRARIES += mod_flv_streaming.la
mod_flv_streaming_la_SOURCES = mod_flv_streaming.c
-mod_flv_streaming_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_flv_streaming_la_LDFLAGS = -module -export-dynamic -avoid-version
++mod_flv_streaming_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
mod_flv_streaming_la_LIBADD = $(common_libadd)
lib_LTLIBRARIES += mod_evasive.la
mod_evasive_la_SOURCES = mod_evasive.c
-mod_evasive_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_evasive_la_LDFLAGS = -module -export-dynamic -avoid-version
++mod_evasive_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
mod_evasive_la_LIBADD = $(common_libadd)
lib_LTLIBRARIES += mod_webdav.la
mod_webdav_la_SOURCES = mod_webdav.c
mod_webdav_la_CFLAGS = $(AM_CFLAGS) $(XML_CFLAGS) $(SQLITE_CFLAGS)
-mod_webdav_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_webdav_la_LDFLAGS = -module -export-dynamic -avoid-version
++mod_webdav_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
mod_webdav_la_LIBADD = $(common_libadd) $(XML_LIBS) $(SQLITE_LIBS) $(UUID_LIBS)
lib_LTLIBRARIES += mod_magnet.la
mod_magnet_la_SOURCES = mod_magnet.c mod_magnet_cache.c
mod_magnet_la_CFLAGS = $(AM_CFLAGS) $(LUA_CFLAGS)
-mod_magnet_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_magnet_la_LDFLAGS = -module -export-dynamic -avoid-version
++mod_magnet_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
mod_magnet_la_LIBADD = $(common_libadd) $(LUA_LIBS) -lm
lib_LTLIBRARIES += mod_cml.la
mod_cml_la_SOURCES = mod_cml.c mod_cml_lua.c mod_cml_funcs.c
mod_cml_la_CFLAGS = $(AM_CFLAGS) $(LUA_CFLAGS)
-mod_cml_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_cml_la_LDFLAGS = -module -export-dynamic -avoid-version
++mod_cml_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
mod_cml_la_LIBADD = $(MEMCACHE_LIB) $(common_libadd) $(LUA_LIBS) -lm
lib_LTLIBRARIES += mod_trigger_b4_dl.la
mod_trigger_b4_dl_la_SOURCES = mod_trigger_b4_dl.c
-mod_trigger_b4_dl_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_trigger_b4_dl_la_LDFLAGS = -module -export-dynamic -avoid-version
++mod_trigger_b4_dl_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
mod_trigger_b4_dl_la_LIBADD = $(GDBM_LIB) $(MEMCACHE_LIB) $(PCRE_LIB) $(common_libadd)
lib_LTLIBRARIES += mod_mysql_vhost.la
mod_mysql_vhost_la_SOURCES = mod_mysql_vhost.c
-mod_mysql_vhost_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_mysql_vhost_la_LDFLAGS = -module -export-dynamic -avoid-version
++mod_mysql_vhost_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
mod_mysql_vhost_la_LIBADD = $(MYSQL_LIBS) $(common_libadd)
mod_mysql_vhost_la_CPPFLAGS = $(MYSQL_INCLUDE)
lib_LTLIBRARIES += mod_cgi.la
mod_cgi_la_SOURCES = mod_cgi.c
-mod_cgi_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_cgi_la_LDFLAGS = -module -export-dynamic -avoid-version
++mod_cgi_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
mod_cgi_la_LIBADD = $(common_libadd)
lib_LTLIBRARIES += mod_scgi.la
mod_scgi_la_SOURCES = mod_scgi.c
-mod_scgi_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_scgi_la_LDFLAGS = -module -export-dynamic -avoid-version
++mod_scgi_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
mod_scgi_la_LIBADD = $(common_libadd)
lib_LTLIBRARIES += mod_staticfile.la
mod_staticfile_la_SOURCES = mod_staticfile.c
-mod_staticfile_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_staticfile_la_LDFLAGS = -module -export-dynamic -avoid-version
++mod_staticfile_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
mod_staticfile_la_LIBADD = $(common_libadd)
lib_LTLIBRARIES += mod_dirlisting.la
mod_dirlisting_la_SOURCES = mod_dirlisting.c
-mod_dirlisting_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_dirlisting_la_LDFLAGS = -module -export-dynamic -avoid-version
++mod_dirlisting_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
mod_dirlisting_la_LIBADD = $(common_libadd) $(PCRE_LIB)
lib_LTLIBRARIES += mod_indexfile.la
mod_indexfile_la_SOURCES = mod_indexfile.c
-mod_indexfile_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_indexfile_la_LDFLAGS = -module -export-dynamic -avoid-version
++mod_indexfile_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
mod_indexfile_la_LIBADD = $(common_libadd)
lib_LTLIBRARIES += mod_setenv.la
mod_setenv_la_SOURCES = mod_setenv.c
-mod_setenv_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_setenv_la_LDFLAGS = -module -export-dynamic -avoid-version
++mod_setenv_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
mod_setenv_la_LIBADD = $(common_libadd)
lib_LTLIBRARIES += mod_alias.la
mod_alias_la_SOURCES = mod_alias.c
-mod_alias_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_alias_la_LDFLAGS = -module -export-dynamic -avoid-version
++mod_alias_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
mod_alias_la_LIBADD = $(common_libadd)
lib_LTLIBRARIES += mod_userdir.la
mod_userdir_la_SOURCES = mod_userdir.c
-mod_userdir_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_userdir_la_LDFLAGS = -module -export-dynamic -avoid-version
++mod_userdir_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
mod_userdir_la_LIBADD = $(common_libadd)
lib_LTLIBRARIES += mod_rrdtool.la
mod_rrdtool_la_SOURCES = mod_rrdtool.c
-mod_rrdtool_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_rrdtool_la_LDFLAGS = -module -export-dynamic -avoid-version
++mod_rrdtool_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
mod_rrdtool_la_LIBADD = $(common_libadd)
lib_LTLIBRARIES += mod_usertrack.la
mod_usertrack_la_SOURCES = mod_usertrack.c
-mod_usertrack_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_usertrack_la_LDFLAGS = -module -export-dynamic -avoid-version
++mod_usertrack_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
mod_usertrack_la_LIBADD = $(common_libadd)
lib_LTLIBRARIES += mod_proxy.la
mod_proxy_la_SOURCES = mod_proxy.c
-mod_proxy_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_proxy_la_LDFLAGS = -module -export-dynamic -avoid-version
++mod_proxy_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
mod_proxy_la_LIBADD = $(common_libadd)
lib_LTLIBRARIES += mod_ssi.la
mod_ssi_la_SOURCES = mod_ssi_exprparser.c mod_ssi_expr.c mod_ssi.c
-mod_ssi_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_ssi_la_LDFLAGS = -module -export-dynamic -avoid-version
++mod_ssi_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
mod_ssi_la_LIBADD = $(common_libadd) $(PCRE_LIB)
lib_LTLIBRARIES += mod_secdownload.la
mod_secdownload_la_SOURCES = mod_secure_download.c
-mod_secdownload_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_secdownload_la_LDFLAGS = -module -export-dynamic -avoid-version
++mod_secdownload_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
mod_secdownload_la_LIBADD = $(common_libadd)
#lib_LTLIBRARIES += mod_httptls.la
#mod_httptls_la_SOURCES = mod_httptls.c
-#mod_httptls_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+#mod_httptls_la_LDFLAGS = -module -export-dynamic -avoid-version
++#mod_httptls_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
#mod_httptls_la_LIBADD = $(common_libadd)
lib_LTLIBRARIES += mod_expire.la
mod_expire_la_SOURCES = mod_expire.c
-mod_expire_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_expire_la_LDFLAGS = -module -export-dynamic -avoid-version
++mod_expire_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
mod_expire_la_LIBADD = $(common_libadd)
lib_LTLIBRARIES += mod_evhost.la
mod_evhost_la_SOURCES = mod_evhost.c
-mod_evhost_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_evhost_la_LDFLAGS = -module -export-dynamic -avoid-version
++mod_evhost_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
mod_evhost_la_LIBADD = $(common_libadd)
lib_LTLIBRARIES += mod_simple_vhost.la
mod_simple_vhost_la_SOURCES = mod_simple_vhost.c
-mod_simple_vhost_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_simple_vhost_la_LDFLAGS = -module -export-dynamic -avoid-version
++mod_simple_vhost_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
mod_simple_vhost_la_LIBADD = $(common_libadd)
lib_LTLIBRARIES += mod_fastcgi.la
mod_fastcgi_la_SOURCES = mod_fastcgi.c
-mod_fastcgi_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_fastcgi_la_LDFLAGS = -module -export-dynamic -avoid-version
++mod_fastcgi_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
mod_fastcgi_la_LIBADD = $(common_libadd)
lib_LTLIBRARIES += mod_extforward.la
mod_extforward_la_SOURCES = mod_extforward.c
-mod_extforward_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_extforward_la_LDFLAGS = -module -export-dynamic -avoid-version
++mod_extforward_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
mod_extforward_la_LIBADD = $(common_libadd)
lib_LTLIBRARIES += mod_access.la
mod_access_la_SOURCES = mod_access.c
-mod_access_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_access_la_LDFLAGS = -module -export-dynamic -avoid-version
++mod_access_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
mod_access_la_LIBADD = $(common_libadd)
lib_LTLIBRARIES += mod_compress.la
mod_compress_la_SOURCES = mod_compress.c
-mod_compress_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_compress_la_LDFLAGS = -module -export-dynamic -avoid-version
++mod_compress_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
mod_compress_la_LIBADD = $(Z_LIB) $(BZ_LIB) $(common_libadd)
lib_LTLIBRARIES += mod_auth.la
- mod_auth_la_SOURCES = mod_auth.c http_auth_digest.c http_auth.c
+ mod_auth_la_SOURCES = mod_auth.c http_auth.c
-mod_auth_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_auth_la_LDFLAGS = -module -export-dynamic -avoid-version
++mod_auth_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
mod_auth_la_LIBADD = $(CRYPT_LIB) $(LDAP_LIB) $(LBER_LIB) $(common_libadd)
lib_LTLIBRARIES += mod_rewrite.la
mod_rewrite_la_SOURCES = mod_rewrite.c
-mod_rewrite_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_rewrite_la_LDFLAGS = -module -export-dynamic -avoid-version
++mod_rewrite_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
mod_rewrite_la_LIBADD = $(PCRE_LIB) $(common_libadd)
lib_LTLIBRARIES += mod_redirect.la
mod_redirect_la_SOURCES = mod_redirect.c
-mod_redirect_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_redirect_la_LDFLAGS = -module -export-dynamic -avoid-version
++mod_redirect_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
mod_redirect_la_LIBADD = $(PCRE_LIB) $(common_libadd)
lib_LTLIBRARIES += mod_status.la
mod_status_la_SOURCES = mod_status.c
-mod_status_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_status_la_LDFLAGS = -module -export-dynamic -avoid-version
++mod_status_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
mod_status_la_LIBADD = $(common_libadd)
lib_LTLIBRARIES += mod_accesslog.la
mod_accesslog_la_SOURCES = mod_accesslog.c
-mod_accesslog_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
-+mod_accesslog_la_LDFLAGS = -module -export-dynamic -avoid-version
++mod_accesslog_la_LDFLAGS = -module -export-dynamic -avoid-version $(LIB_NO_UNDEF)
mod_accesslog_la_LIBADD = $(common_libadd)
--- a/components/lighttpd/patches/lighttpd_fix_slow_request_dos.patch Fri Jan 17 17:43:13 2014 +0100
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,209 +0,0 @@
-diff -u -r lighttpd-1.4.23-orig/src/base.h lighttpd-1.4.23/src/base.h
---- src/base.h Thu Jun 11 02:44:17 2009
-+++ src/base.h Tue Aug 24 04:16:29 2010
[email protected]@ -421,7 +421,6 @@
-
- #ifdef USE_OPENSSL
- SSL *ssl;
-- buffer *ssl_error_want_reuse_buffer;
- #endif
- /* etag handling */
- etag_flags_t etag_flags;
-Only in lighttpd-1.4.23/src: base.h.orig
-diff -u -r lighttpd-1.4.23-orig/src/chunk.c lighttpd-1.4.23/src/chunk.c
---- src/chunk.c Mon Mar 30 15:16:59 2009
-+++ src/chunk.c Tue Aug 24 04:12:50 2010
[email protected]@ -197,8 +197,6 @@
- int chunkqueue_append_buffer_weak(chunkqueue *cq, buffer *mem) {
- chunk *c;
-
-- if (mem->used == 0) return 0;
--
- c = chunkqueue_get_unused_chunk(cq);
- c->type = MEM_CHUNK;
- c->offset = 0;
-diff -u -r lighttpd-1.4.23-orig/src/connections.c lighttpd-1.4.23/src/connections.c
---- src/connections.c Thu Jun 11 06:54:30 2009
-+++ src/connections.c Tue Aug 24 04:12:50 2010
[email protected]@ -192,40 +192,42 @@
-
- static int connection_handle_read_ssl(server *srv, connection *con) {
- #ifdef USE_OPENSSL
-- int r, ssl_err, len, count = 0;
-+ int r, ssl_err, len, count = 0, read_offset, toread;
- buffer *b = NULL;
-
- if (!con->conf.is_ssl) return -1;
-
-- /* don't resize the buffer if we were in SSL_ERROR_WANT_* */
--
- ERR_clear_error();
- do {
-- if (!con->ssl_error_want_reuse_buffer) {
-- b = buffer_init();
-- buffer_prepare_copy(b, SSL_pending(con->ssl) + (16 * 1024)); /* the pending bytes + 16kb */
-+ if (NULL != con->read_queue->last) {
-+ b = con->read_queue->last->mem;
-+ }
-
-+ if (NULL == b || b->size - b->used < 1024) {
-+ b = chunkqueue_get_append_buffer(con->read_queue);
-+ len = SSL_pending(con->ssl);
-+ if (len < 4*1024) len = 4*1024; /* always alloc >= 4k buffer */
-+ buffer_prepare_copy(b, len + 1);
-+
- /* overwrite everything with 0 */
- memset(b->ptr, 0, b->size);
-- } else {
-- b = con->ssl_error_want_reuse_buffer;
- }
-
-- len = SSL_read(con->ssl, b->ptr, b->size - 1);
-- con->ssl_error_want_reuse_buffer = NULL; /* reuse it only once */
-+ read_offset = (b->used > 0) ? b->used - 1 : 0;
-+ toread = b->size - 1 - read_offset;
-
-+ len = SSL_read(con->ssl, b->ptr + read_offset, toread);
-+
- if (len > 0) {
-- b->used = len;
-+ if (b->used > 0) b->used--;
-+ b->used += len;
- b->ptr[b->used++] = '\0';
-
-- /* we move the buffer to the chunk-queue, no need to free it */
-+ con->bytes_read += len;
-
-- chunkqueue_append_buffer_weak(con->read_queue, b);
- count += len;
-- con->bytes_read += len;
-- b = NULL;
- }
-- } while (len > 0 && count < MAX_READ_LIMIT);
-+ } while (len == toread && count < MAX_READ_LIMIT);
-
-
- if (len < 0) {
[email protected]@ -234,11 +236,11 @@
- case SSL_ERROR_WANT_READ:
- case SSL_ERROR_WANT_WRITE:
- con->is_readable = 0;
-- con->ssl_error_want_reuse_buffer = b;
-
-- b = NULL;
-+ /* the manual says we have to call SSL_read with the same arguments next time.
-+ * we ignore this restriction; no one has complained about it in 1.5 yet, so it probably works anyway.
-+ */
-
-- /* we have to steal the buffer from the queue-queue */
- return 0;
- case SSL_ERROR_SYSCALL:
- /**
[email protected]@ -297,16 +299,11 @@
-
- connection_set_state(srv, con, CON_STATE_ERROR);
-
-- buffer_free(b);
--
- return -1;
- } else if (len == 0) {
- con->is_readable = 0;
- /* the other end close the connection -> KEEP-ALIVE */
-
-- /* pipelining */
-- buffer_free(b);
--
- return -2;
- }
-
[email protected]@ -321,26 +318,41 @@
- static int connection_handle_read(server *srv, connection *con) {
- int len;
- buffer *b;
-- int toread;
-+ int toread, read_offset;
-
- if (con->conf.is_ssl) {
- return connection_handle_read_ssl(srv, con);
- }
-
-+ b = (NULL != con->read_queue->last) ? con->read_queue->last->mem : NULL;
-+
-+ /* default size for chunks is 4kb; only use bigger chunks if FIONREAD tells
-+ * us more than 4kb is available
-+ * if FIONREAD doesn't signal a big chunk we fill the previous buffer
-+ * if it has >= 1kb free
-+ */
- #if defined(__WIN32)
-- b = chunkqueue_get_append_buffer(con->read_queue);
-- buffer_prepare_copy(b, 4 * 1024);
-- len = recv(con->fd, b->ptr, b->size - 1, 0);
--#else
-- if (ioctl(con->fd, FIONREAD, &toread) || toread == 0) {
-+ if (NULL == b || b->size - b->used < 1024) {
- b = chunkqueue_get_append_buffer(con->read_queue);
- buffer_prepare_copy(b, 4 * 1024);
-+ }
-+
-+ read_offset = (b->used == 0) ? 0 : b->used - 1;
-+ len = recv(con->fd, b->ptr + read_offset, b->size - 1 - read_offset, 0);
-+#else
-+ if (ioctl(con->fd, FIONREAD, &toread) || toread == 0 || toread <= 4*1024) {
-+ if (NULL == b || b->size - b->used < 1024) {
-+ b = chunkqueue_get_append_buffer(con->read_queue);
-+ buffer_prepare_copy(b, 4 * 1024);
-+ }
- } else {
- if (toread > MAX_READ_LIMIT) toread = MAX_READ_LIMIT;
- b = chunkqueue_get_append_buffer(con->read_queue);
- buffer_prepare_copy(b, toread + 1);
- }
-- len = read(con->fd, b->ptr, b->size - 1);
-+
-+ read_offset = (b->used == 0) ? 0 : b->used - 1;
-+ len = read(con->fd, b->ptr + read_offset, b->size - 1 - read_offset);
- #endif
-
- if (len < 0) {
[email protected]@ -374,7 +386,8 @@
- con->is_readable = 0;
- }
-
-- b->used = len;
-+ if (b->used > 0) b->used--;
-+ b->used += len;
- b->ptr[b->used++] = '\0';
-
- con->bytes_read += len;
[email protected]@ -841,13 +854,6 @@
- /* The cond_cache gets reset in response.c */
- /* config_cond_cache_reset(srv, con); */
-
--#ifdef USE_OPENSSL
-- if (con->ssl_error_want_reuse_buffer) {
-- buffer_free(con->ssl_error_want_reuse_buffer);
-- con->ssl_error_want_reuse_buffer = NULL;
-- }
--#endif
--
- con->header_len = 0;
- con->in_error_handler = 0;
-
[email protected]@ -1131,8 +1137,15 @@
- } else {
- buffer *b;
-
-- b = chunkqueue_get_append_buffer(dst_cq);
-- buffer_copy_string_len(b, c->mem->ptr + c->offset, toRead);
-+ if (dst_cq->last &&
-+ dst_cq->last->type == MEM_CHUNK) {
-+ b = dst_cq->last->mem;
-+ } else {
-+ b = chunkqueue_get_append_buffer(dst_cq);
-+ /* prepare buffer size for remaining POST data; is < 64kb */
-+ buffer_prepare_copy(b, con->request.content_length - dst_cq->bytes_in + 1);
-+ }
-+ buffer_append_string_len(b, c->mem->ptr + c->offset, toRead);
- }
-
- c->offset += toRead;