Browse Source

Merge pull request #14247 from gstrauss/lighttpd-1.4.57

lighttpd: update to lighttpd 1.4.57
lilik-openwrt-22.03
Rosen Penev 4 years ago
committed by GitHub
parent
commit
1af05c13a2
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 15 additions and 304 deletions
  1. +15
    -24
      net/lighttpd/Makefile
  2. +0
    -78
      net/lighttpd/patches/020-webdav-atfile.patch
  3. +0
    -26
      net/lighttpd/patches/030-one-shot-pipes.patch
  4. +0
    -89
      net/lighttpd/patches/040-meson-tls.patch
  5. +0
    -32
      net/lighttpd/patches/050-wolfssl-compat.patch
  6. +0
    -55
      net/lighttpd/patches/060-wolfssl-SNI.patch

+ 15
- 24
net/lighttpd/Makefile View File

@ -8,14 +8,14 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=lighttpd
PKG_VERSION:=1.4.56
PKG_RELEASE:=5
PKG_VERSION:=1.4.57
PKG_RELEASE:=1
# release candidate ~rcX testing; remove for release
#PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-1.4.56
#PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-1.4.57
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://download.lighttpd.net/lighttpd/releases-1.4.x
PKG_HASH:=e4ce84cd79e8ae8ba193c7a7cc79c4afba9a076b443ef9f8d4bcd13a3354df77
PKG_HASH:=52ca961b89c12f7ecbb2e4e0c5a9e79b2863c64e33c42832a165e7f894d6217f
PKG_MAINTAINER:=W. Michael Petullo <mike@flyn.org>
PKG_LICENSE:=BSD-3-Clause
@ -57,6 +57,17 @@ config LIGHTTPD_SSL
your lighttpd configuration file.
(mod_gnutls, mod_mbedtls, mod_nss, mod_openssl, mod_wolfssl)
config LIGHTTPD_SSL_DEPENDS
bool
depends on LIGHTTPD_SSL
default PACKAGE_lighttpd-mod-mbedtls || PACKAGE_lighttpd-mod-wolfssl || PACKAGE_lighttpd-mod-gnutls || PACKAGE_lighttpd-mod-nss
config LIGHTTPD_SSL_SELECT
tristate
depends on LIGHTTPD_SSL
default m if !LIGHTTPD_SSL_DEPENDS
select PACKAGE_lighttpd-mod-openssl
config LIGHTTPD_LOGROTATE
bool "Logrotate support"
depends on PACKAGE_lighttpd
@ -65,26 +76,6 @@ config LIGHTTPD_LOGROTATE
It adds support for logrotate functionality.
endef
ifneq ($(strip $(CONFIG_LIGHTTPD_SSL)),)
ifeq ($(CONFIG_PACKAGE_lighttpd-mod-openssl),)
ifeq ($(CONFIG_PACKAGE_lighttpd-mod-mbedtls),)
ifeq ($(CONFIG_PACKAGE_lighttpd-mod-wolfssl),)
ifeq ($(CONFIG_PACKAGE_lighttpd-mod-gnutls),)
ifeq ($(CONFIG_PACKAGE_lighttpd-mod-nss),)
CONFIG_PACKAGE_lighttpd-mod-openssl=m
endif
endif
endif
endif
endif
endif
ifneq ($(CONFIG_PACKAGE_lighttpd-mod-auth),)
ifeq ($(CONFIG_PACKAGE_lighttpd-mod-authn_file),)
CONFIG_PACKAGE_lighttpd-mod-authn_file=m
endif
endif
MESON_ARGS += \
-Dwith_brotli=false \
-Dwith_bzip=false \


+ 0
- 78
net/lighttpd/patches/020-webdav-atfile.patch View File

@ -1,78 +0,0 @@
From 2a1e55dc62c72893d128400334131a56a218ee1a Mon Sep 17 00:00:00 2001
From: Glenn Strauss <gstrauss@gluelogic.com>
Date: Tue, 1 Dec 2020 16:23:49 -0500
Subject: [PATCH] [mod_webdav] define _ATFILE_SOURCE if AT_FDCWD
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
---
src/mod_webdav.c | 15 ++++++++++++---
1 file changed, 20 insertions(+), 5 deletions(-)
diff --git a/src/mod_webdav.c b/src/mod_webdav.c
index c3fe79a2..9c27ad8f 100644
--- a/src/mod_webdav.c
+++ b/src/mod_webdav.c
@@ -182,9 +182,18 @@
#include <string.h>
#include <unistd.h> /* getpid() linkat() rmdir() unlinkat() */
-/* Note: filesystem access race conditions exist without _ATFILE_SOURCE */
+#ifdef AT_FDCWD
#ifndef _ATFILE_SOURCE
+#define _ATFILE_SOURCE
+#endif
+#endif
+
+#ifndef AT_SYMLINK_NOFOLLOW
#define AT_SYMLINK_NOFOLLOW 0
+#endif
+
+/* Note: filesystem access race conditions exist without _ATFILE_SOURCE */
+#ifndef _ATFILE_SOURCE
/*(trigger linkat() fail to fallback logic in mod_webdav.c)*/
#define linkat(odfd,opath,ndfd,npath,flags) -1
#endif
@@ -2371,7 +2380,10 @@ webdav_delete_dir (const plugin_config * const pconf,
buffer_append_string_len(&dst->rel_path, de->d_name, len);
#ifndef _ATFILE_SOURCE
- #ifndef _DIRENT_HAVE_D_TYPE
+ #ifdef _DIRENT_HAVE_D_TYPE
+ if (de->d_type == DT_UNKNOWN)
+ #endif
+ {
struct stat st;
if (0 != stat(dst->path.ptr, &st)) {
dst->path.ptr[ (dst->path.used = dst_path_used) -1]='\0';
@@ -2379,6 +2391,6 @@ webdav_delete_dir (const plugin_config * const pconf,
continue; /* file *just* disappeared? */
}
s_isdir = S_ISDIR(st.st_mode);
- #endif
+ }
#endif
@@ -2903,7 +2902,10 @@ webdav_copymove_dir (const plugin_config * const pconf,
buffer_append_string_len(&dst->rel_path, de->d_name, len);
#ifndef _ATFILE_SOURCE
- #ifndef _DIRENT_HAVE_D_TYPE
+ #ifdef _DIRENT_HAVE_D_TYPE
+ if (de->d_type == DT_UNKNOWN)
+ #endif
+ {
if (0 != stat(src->path.ptr, &st)) {
src->path.ptr[ (src->path.used = src_path_used) -1]='\0';
src->rel_path.ptr[(src->rel_path.used = src_rel_path_used)-1]='\0';
@@ -2912,7 +2914,7 @@ webdav_copymove_dir (const plugin_config * const pconf,
continue; /* file *just* disappeared? */
}
d_type = st.st_mode;
- #endif
+ }
#endif
if (S_ISDIR(d_type)) { /* recursive call; depth first */
--
2.28.0

+ 0
- 26
net/lighttpd/patches/030-one-shot-pipes.patch View File

@ -1,26 +0,0 @@
From 716e4d7a5d773607d87d5521f5943cff019bcd97 Mon Sep 17 00:00:00 2001
From: Glenn Strauss <gstrauss@gluelogic.com>
Date: Mon, 30 Nov 2020 19:31:05 -0500
Subject: [PATCH] [core] fix lighttpd -1 one-shot with pipes
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
---
src/server.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/server.c b/src/server.c
index 83c0241f..a781027e 100644
--- a/src/server.c
+++ b/src/server.c
@@ -356,7 +356,7 @@ static int server_oneshot_read_cq(connection *con, chunkqueue *cq, off_t max_byt
/* temporary set con->fd to oneshot_fd (fd input) rather than outshot_fdout
* (lighttpd generally assumes operation on sockets, so this is a kludge) */
int fd = con->fd;
- con->fd = oneshot_fd;
+ con->fd = oneshot_fdn->fd;
int rc = oneshot_read_cq(con, cq, max_bytes);
con->fd = fd;
--
2.28.0

+ 0
- 89
net/lighttpd/patches/040-meson-tls.patch View File

@ -1,89 +0,0 @@
From 233a218ab3cf449a0667438cf0b1830eeb33471b Mon Sep 17 00:00:00 2001
From: Glenn Strauss <gstrauss@gluelogic.com>
Date: Thu, 3 Dec 2020 17:16:52 -0500
Subject: [PATCH] [build] fix meson.build when building all TLS mods
x-ref:
"[lighttpd] -mod-openssl fails"
https://github.com/openwrt/packages/issues/14121
"[lighttpd] -mod-wolfssl fails"
https://github.com/openwrt/packages/issues/14122
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
---
src/meson.build | 20 +++++++++++++-------
1 file changed, 13 insertions(+), 7 deletions(-)
diff --git a/src/meson.build b/src/meson.build
index 71e4ec90..2d6ee2df 100644
--- a/src/meson.build
+++ b/src/meson.build
@@ -432,15 +432,20 @@ if get_option('with_mysql')
endif
libssl = []
-libx509 = []
libcrypto = []
+libsslcrypto = []
libgnutls = []
+libmbedtls = []
+libmbedcrypto = []
+libmbedx509 = []
+libwolfssl = []
if get_option('with_openssl')
# manual search:
# header: openssl/ssl.h
# function: SSL_new (-lssl)
# function: BIO_f_base64 (-lcrypto)
libssl = [ dependency('libssl') ]
+ libsslcrypto = [ dependency('libcrypto') ]
libcrypto = [ dependency('libcrypto') ]
conf_data.set('HAVE_OPENSSL_SSL_H', true)
conf_data.set('HAVE_LIBSSL', true)
@@ -449,7 +454,7 @@ if get_option('with_wolfssl')
# manual search:
# header: wolfssl/ssl.h
# function: wolfSSL_Init (-lwolfssl)
- libssl = [ dependency('wolfssl') ]
+ libwolfssl = [ dependency('wolfssl') ]
libcrypto = [ dependency('wolfssl') ]
conf_data.set('HAVE_WOLFSSL_SSL_H', true)
endif
@@ -459,8 +464,9 @@ if get_option('with_mbedtls')
# function: mbedtls_cipher_info_from_type (-lmbedtls)
# function: mbedtls_x509_get_name (-lmbedx509)
# function: mbedtls_base64_encode (-lmbedcrypto)
- libssl = [ compiler.find_library('mbedtls') ]
- libx509 = [ compiler.find_library('mbedx509') ]
+ libmbedtls = [ compiler.find_library('mbedtls') ]
+ libmbedx509 = [ compiler.find_library('mbedx509') ]
+ libmbedcrypto = [ compiler.find_library('mbedcrypto') ]
libcrypto = [ compiler.find_library('mbedcrypto') ]
conf_data.set('HAVE_LIBMBEDCRYPTO', true)
endif
@@ -1070,19 +1076,19 @@ endif
if get_option('with_openssl')
modules += [
- [ 'mod_openssl', [ 'mod_openssl.c' ], libssl + libcrypto ],
+ [ 'mod_openssl', [ 'mod_openssl.c' ], libssl + libsslcrypto ],
]
endif
if get_option('with_wolfssl')
modules += [
- [ 'mod_wolfssl', [ 'mod_wolfssl.c' ], libcrypto ],
+ [ 'mod_wolfssl', [ 'mod_wolfssl.c' ], libwolfssl ],
]
endif
if get_option('with_mbedtls')
modules += [
- [ 'mod_mbedtls', [ 'mod_mbedtls.c' ], libssl + libx509 + libcrypto ],
+ [ 'mod_mbedtls', [ 'mod_mbedtls.c' ], libmbedtls + libmbedx509 + libmbedcrypto ],
]
endif
--
2.28.0

+ 0
- 32
net/lighttpd/patches/050-wolfssl-compat.patch View File

@ -1,32 +0,0 @@
From a27e55b2dd0887f462c36ff788dde5c5de20a154 Mon Sep 17 00:00:00 2001
From: Glenn Strauss <gstrauss@gluelogic.com>
Date: Sat, 5 Dec 2020 11:19:03 -0500
Subject: [PATCH] [core] add missing mod_wolfssl to ssl compat list
add missing mod_wolfssl to ssl compat module list
x-ref:
"[lighttpd] -mod-wolfssl fails (requires dependency on -mod-openssl?)"
https://github.com/openwrt/packages/issues/14139
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
---
src/configfile.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/configfile.c b/src/configfile.c
index da444154..c7739c4f 100644
--- a/src/configfile.c
+++ b/src/configfile.c
@@ -345,6 +345,8 @@ static void config_compat_module_load (server *srv) {
append_mod_openssl = 0;
else if (buffer_eq_slen(m, CONST_STR_LEN("mod_openssl")))
append_mod_openssl = 0;
+ else if (buffer_eq_slen(m, CONST_STR_LEN("mod_wolfssl")))
+ append_mod_openssl = 0;
else if (buffer_eq_slen(m, CONST_STR_LEN("mod_authn_file")))
append_mod_authn_file = 0;
else if (buffer_eq_slen(m, CONST_STR_LEN("mod_authn_ldap")))
--
2.28.0

+ 0
- 55
net/lighttpd/patches/060-wolfssl-SNI.patch View File

@ -1,55 +0,0 @@
From a43420ba07645acb71f31e95b9c7b4e894794afd Mon Sep 17 00:00:00 2001
From: Glenn Strauss <gstrauss@gluelogic.com>
Date: Sun, 6 Dec 2020 22:50:49 -0500
Subject: [PATCH] [mod_wolfssl] add complex preproc logic for SNI
add complex preproc logic for SNI detection
- HAVE_SNI is not sufficient
- HAVE_LIGHTY is not sufficient (in wolfssl <= 4.5.0)
Instead, use more complex logic wrapping calls to SNI_Callback()
in wolfssl.
x-ref:
"[lighttpd] -mod-wolfssl inhibited by missing library functionality"
https://github.com/openwrt/packages/issues/14142
"put all SNI code behind simpler preprocessor directive HAVE_SNI"
https://github.com/wolfSSL/wolfssl/pull/3538
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
---
src/mod_wolfssl.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/src/mod_wolfssl.c b/src/mod_wolfssl.c
index a22b0ebe..70f7488b 100644
--- a/src/mod_wolfssl.c
+++ b/src/mod_wolfssl.c
@@ -2041,13 +2041,22 @@ network_init_ssl (server *srv, plugin_config_socket *s, plugin_data *p)
* && (HAVE_STUNNEL || WOLFSSL_NGINX || HAVE_LIGHTY)))
* and sniRecvCb sniRecvCbArg are hidden by *different* set of defines
* in wolfssl/internal.h)
- * Note: SNI callbacks disabled if wolfSSL is not built OPENSSL_ALL ! */
- #ifdef OPENSSL_ALL /* regretable */
+ * Note: wolfSSL SNI callbacks members not present unless wolfSSL is
+ * built OPENSSL_ALL or some additional combination of preprocessor
+ * defines. The following should work with more recent wolfSSL versions
+ * (and HAVE_LIGHTY is not sufficient in wolfssl <= 4.5.0) */
+ #if defined(OPENSSL_ALL) \
+ || (defined(OPENSSL_EXTRA) \
+ && (defined(HAVE_STUNNEL) \
+ || defined(WOLFSSL_NGINX) \
+ || defined(WOLFSSL_HAPROXY)))
+ #else
+ #undef HAVE_SNI
+ #endif
#ifdef HAVE_SNI
wolfSSL_CTX_set_servername_callback(
s->ssl_ctx, network_ssl_servername_callback);
wolfSSL_CTX_set_servername_arg(s->ssl_ctx, srv);
- #endif /* regretable */
#else
log_error(srv->errh, __FILE__, __LINE__,
"SSL: WARNING: SNI callbacks *crippled* in wolfSSL library build");
--
2.28.0

Loading…
Cancel
Save