packages/lighttpd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update to 1.4.63

Browse Source 
(cherry picked from commit ed61801e69a7239cccafd53ca1d0f235c1fe5ae9)
This commit is contained in:
wk333 2022-07-30 15:43:34 +08:00 committed by openeuler-sync-bot
parent c448a0af3d
commit cb35eac102
11 changed files with 137 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CVE-2022-22707.patch
View File

@ -79,7 +79,7 @@ diff --git a/src/mod_extforward.c b/src/mod_extforward.c
index 733231fd2..1a04befa6 100644
--- a/src/mod_extforward.c
+++ b/src/mod_extforward.c
@@ -673,7 +673,7 @@ static handler_t mod_extforward_Forwarded (request_st * const r, plugin_data * c
@@ -715,7 +715,7 @@ static handler_t mod_extforward_Forwarded (request_st * const r, plugin_data * c
while (s[i] == ' ' || s[i] == '\t') ++i;
if (s[i] == ';') { ++i; continue; }
if (s[i] == ',') {

62
fix-loading-mod_auth-after-dynamic-modules.patch Normal file
View File

@ -0,0 +1,62 @@
From 492773a20f8a1deb1c94e25d40023970dd9608a1 Mon Sep 17 00:00:00 2001
From: Glenn Strauss <gstrauss@gluelogic.com>
Date: Sun, 5 Dec 2021 07:50:17 -0500
Subject: [PATCH] [core] fix trace issued for loading mod_auth (fixes #3121)
Origin:https://github.com/lighttpd/lighttpd1.4/commit/492773a20f8a1deb1c94e25d40023970dd9608a1
fix trace issued for loading mod_auth after dynamic modules
x-ref:
"Curious message on startup with version 1.4.63"
https://redmine.lighttpd.net/boards/2/topics/10182
"mod_auth warning on startup"
https://redmine.lighttpd.net/issues/3121
---
src/configfile.c | 19 ++++++++++++-------
1 file changed, 12 insertions(+), 7 deletions(-)
diff --git a/src/configfile.c b/src/configfile.c
index 5760bb43..033f2c46 100644
--- a/src/configfile.c
+++ b/src/configfile.c
@@ -369,6 +369,7 @@ static void config_compat_module_load (server *srv) {
int contains_mod_auth = 0;
int prepend_mod_auth = 0;
int prepend_mod_vhostdb = 0;
+ const char *dyn_name = NULL;
for (uint32_t i = 0; i < srv->srvconf.modules->used; ++i) {
buffer *m = &((data_string *)srv->srvconf.modules->data[i])->value;
@@ -390,8 +391,15 @@ static void config_compat_module_load (server *srv) {
else if (buffer_eq_slen(m, CONST_STR_LEN("mod_wolfssl")))
append_mod_openssl = 0;
else if (0 == strncmp(m->ptr, "mod_auth", sizeof("mod_auth")-1)) {
- if (buffer_eq_slen(m, CONST_STR_LEN("mod_auth")))
- contains_mod_auth = 1;
+ if (buffer_eq_slen(m, CONST_STR_LEN("mod_auth"))) {
+ if (!contains_mod_auth) {
+ contains_mod_auth = 1;
+ if (dyn_name)
+ log_error(srv->errh, __FILE__, __LINE__,
+ "Warning: mod_auth should be listed in server.modules"
+ " before dynamic backends such as %s", dyn_name);
+ }
+ }
else if (!contains_mod_auth)
prepend_mod_auth = 1;
@@ -422,11 +430,8 @@ static void config_compat_module_load (server *srv) {
sizeof("mod_sockproxy")-1)
|| 0 == strncmp(m->ptr, "mod_wstunnel",
sizeof("mod_wstunnel")-1)) {
- if (!contains_mod_auth) {
- log_error(srv->errh, __FILE__, __LINE__,
- "Warning: mod_auth should be listed in server.modules before "
- "dynamic backends such as %s", m->ptr);
- }
+ if (NULL == dyn_name)
+ dyn_name = m->ptr;
}
}

57
lighttpd-1.4.45-defaultconf.patch
View File

@ -1,57 +0,0 @@
--- doc/config/lighttpd.conf~ 2014-03-12 11:40:36.000000000 -0500
+++ doc/config/lighttpd.conf 2014-07-07 08:22:46.934838985 -0500
@@ -417,7 +417,7 @@
## # Check your cipher list with: openssl ciphers -v '...' (use single quotes as your shell won't like ! in double quotes)
## #
## # If you know you have RSA keys (standard), you can use:
-## ssl.cipher-list = "aRSA+HIGH !3DES +kEDH +kRSA !kSRP !kPSK"
+## ssl.cipher-list = "PROFILE=SYSTEM"
## # The more generic version (without the restriction to RSA keys) is
## # ssl.cipher-list = "HIGH !aNULL !3DES +kEDH +kRSA !kSRP !kPSK"
## #
--- doc/config/lighttpd.conf~ 2016-03-01 10:14:50.000000000 -0500
+++ doc/config/lighttpd.conf 2016-03-01 10:17:59.194568947 -0500
@@ -14,7 +14,7 @@
## chroot example aswell.
##
var.log_root = "/var/log/lighttpd"
-var.server_root = "/srv/www"
+var.server_root = "/var/www"
var.state_dir = "/var/run"
var.home_dir = "/var/lib/lighttpd"
var.conf_dir = "/etc/lighttpd"
--- doc/config/lighttpd.conf.orig 2016-07-19 09:09:39.000000000 -0500
+++ doc/config/lighttpd.conf 2016-07-19 09:25:40.282577966 -0500
@@ -204,7 +204,9 @@
## By default lighttpd would not change the operation system default.
## But setting it to 2048 is a better default for busy servers.
##
-server.max-fds = 2048
+## With SELinux enabled, this is denied by default and needs to be allowed
+## by running the following once : setsebool -P httpd_setrlimit on
+#server.max-fds = 2048
##
## listen-backlog is the size of the listen() backlog queue requested when
--- doc/config/lighttpd.conf~ 2016-08-05 08:24:07.000000000 -0500
+++ doc/config/lighttpd.conf 2016-08-05 08:26:43.914683962 -0500
@@ -112,7 +112,7 @@
##
## Document root
##
-server.document-root = server_root + "/htdocs"
+server.document-root = server_root + "/lighttpd"
##
## The value for the "Server:" response field.
--- doc/config/lighttpd.conf~ 2016-06-28 12:32:10.000000000 -0500
+++ doc/config/lighttpd.conf 2016-06-28 12:41:50.478761160 -0500
@@ -67,7 +67,7 @@
## conf.d/fastcgi.conf
## conf.d/scgi.conf
##
-var.socket_dir = home_dir + "/sockets"
+var.socket_dir = state_dir + "/sockets"
##
#######################################################################

BIN
lighttpd-1.4.53.tar.gz
View File

Binary file not shown.

22
lighttpd-1.4.62-defaultconf.patch Normal file
View File

@ -0,0 +1,22 @@
--- doc/config/lighttpd.conf~ 2021-12-02 09:34:06.450352761 -0600
+++ doc/config/lighttpd.conf 2021-12-02 09:36:04.345770602 -0600
@@ -14,8 +14,8 @@
## chroot example as well.
##
var.log_root = "/var/log/lighttpd"
-var.server_root = "/srv/www"
-var.state_dir = "/run"
+var.server_root = "/var/www"
+var.state_dir = "/var/run"
var.home_dir = "/var/lib/lighttpd"
var.conf_dir = "/etc/lighttpd"
@@ -436,7 +436,7 @@
## # Check your cipher list with: openssl ciphers -v '...'
## # (use single quotes with: openssl ciphers -v '...'
## # as your shell won't like ! in double quotes)
-## #ssl.cipher-list = "HIGH" # default
+## #ssl.cipher-list = "PROFILE=SYSTEM"
##
## # (recommended to accept only TLSv1.2 and TLSv1.3)
## #ssl.openssl.ssl-conf-cmd = ("MinProtocol" => "TLSv1.2") # default

BIN
lighttpd-1.4.63.tar.gz Normal file
View File

Binary file not shown.

2
lighttpd.init
View File

@ -61,7 +61,7 @@ restart() {
reload() {
echo -n $"Reloading $prog: "
killproc $prog -HUP
killproc $prog -USR1
retval=$?
echo
return $retval

7
lighttpd.logrotate
View File

@ -1,3 +1,10 @@
# Warning: Using logrotate together with `max-workers` Lighty option is
# a pretty complicated thing:
# https://redmine.lighttpd.net/projects/1/wiki/Docs_ModAccesslog
# If you use max-workers, you probably want cronolog, which in turn means
# you shouldn't be using logrotate at all.
/var/log/lighttpd/*log {
missingok
notifempty

1
lighttpd.service
View File

@ -6,6 +6,7 @@ After=syslog.target network.target
PIDFile=/var/run/lighttpd.pid
EnvironmentFile=-/etc/sysconfig/lighttpd
ExecStart=/usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf
ExecReload=/bin/kill -USR1 $MAINPID
[Install]
WantedBy=multi-user.target

21
lighttpd.spec
View File

@ -19,17 +19,19 @@
%bcond_without systemd
Summary: Lightning fast webserver with light system requirements
Name: lighttpd
Version: 1.4.53
Release: 3
Version: 1.4.63
Release: 1
License: BSD-3-Clause and OML and GPLv3 and GPLv2
URL: https://github.com/lighttpd/lighttpd1.4
Source0: https://github.com/lighttpd/lighttpd1.4/archive/lighttpd-1.4.53.tar.gz
Source0: http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-%{version}.tar.gz
Source1: lighttpd.logrotate
Source2: php.d-lighttpd.ini
Source3: lighttpd.init
Source4: lighttpd.service
Patch0: lighttpd-1.4.45-defaultconf.patch
Patch1: CVE-2022-22707.patch
Patch0: lighttpd-1.4.62-defaultconf.patch
Patch1: make-setrlimit-warn-not-fatal.patch
Patch2: fix-loading-mod_auth-after-dynamic-modules.patch
Patch3: CVE-2022-22707.patch
Requires: %{name}-filesystem
%if %{with systemd}
Requires(post): systemd
@ -105,9 +107,11 @@ for the lighttpd server including the correct permissions
for the directories.
%prep
%setup -q -n lighttpd1.4-%{name}-%{version}
%setup -q
%patch0 -p0 -b .defaultconf
%patch1 -p1
%patch1 -p1 -b .setrlimit
%patch2 -p1 -b .fixtrace
%patch3 -p1
%build
autoreconf -if
@ -254,6 +258,9 @@ fi
%attr(0700, lighttpd, lighttpd) %dir %{webroot}/
%changelog
* Sat Jul 30 2022 wangkai <wangkai385@h-partners.com> - 1.4.63-1
- Update to 1.4.63
* Fri May 27 2022 liyanan <liyanan@h-partners.com> - 1.4.53-3
- Disable fam support as gamin is deprecated

29
make-setrlimit-warn-not-fatal.patch Normal file
View File

@ -0,0 +1,29 @@
From 5a257fab511225bbfa56b4f1a8b2bb7085f96478 Mon Sep 17 00:00:00 2001
From: Glenn Strauss <gstrauss@gluelogic.com>
Date: Wed, 8 Dec 2021 18:42:31 -0500
Subject: [PATCH] [core] make setrlimit() warn, not fatal
Origin:https://github.com/lighttpd/lighttpd1.4/commit/5a257fab511225bbfa56b4f1a8b2bb7085f96478
(thx limb)
make setrlimit() issue warning on error, not fatal,
and add suggesting to configure SELinux permissions
---
src/server.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/server.c b/src/server.c
index f2ff7b73..beca364a 100644
--- a/src/server.c
+++ b/src/server.c
@@ -1357,7 +1357,8 @@ static int server_main_setup (server * const srv, int argc, char **argv) {
if (0 != setrlimit(RLIMIT_NOFILE, &rlim)) {
log_perror(srv->errh, __FILE__, __LINE__, "setrlimit()");
- return -1;
+ log_error(srv->errh, __FILE__, __LINE__, "setrlimit() may need root to run once: setsebool -P httpd_setrlimit on");
+ use_rlimit = 0;
}
}