aboutsummaryrefslogtreecommitdiffstats
path: root/meta-webserver
AgeCommit message (Collapse)Author
2021-09-26README: updated Maintainers list for HonisterArmin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2021-09-24netdata: Fixed the recipe.jan
The netdata website was not accessable due to some (changed) permissions. The systemd service file will start netdata deamon with the netdata user. The netdata group as existing, but the netdata user was missing. I moved some directory creations from systemd to the bitbake recipe. The project website address changed too. Removed the creation of the pid file in the service of systemd. Netdata itself has an option to create the pid file. Because it's an options, it's probably also not needed in systemd. Tested with meta-raspberrypi on rpi4-32. Signed-off-by: Jan Vermaete <jan.vermaete@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-09-24apache2: upgrade 2.4.48 -> 2.4.49wangmy
Changes with Apache 2.4.49 *) SECURITY: CVE-2021-40438 (cve.mitre.org) mod_proxy: Server Side Request Forgery (SSRF) vulnerabilty [Yann Ylavic] *) SECURITY: CVE-2021-39275 (cve.mitre.org) core: ap_escape_quotes buffer overflow *) SECURITY: CVE-2021-36160 (cve.mitre.org) mod_proxy_uwsgi: Out of bound read vulnerability [Yann Ylavic] *) SECURITY: CVE-2021-34798 (cve.mitre.org) core: null pointer dereference on malformed request *) SECURITY: CVE-2021-33193 (cve.mitre.org) mod_http2: Request splitting vulnerability with mod_proxy [Stefan Eissing] *) core/mod_proxy/mod_ssl: Adding `outgoing` flag to conn_rec, indicating a connection is initiated by the server to somewhere, in contrast to incoming connections from clients. Adding 'ap_ssl_bind_outgoing()` function that marks a connection as outgoing and is used by mod_proxy instead of the previous optional function `ssl_engine_set`. This enables other SSL module to secure proxy connections. The optional functions `ssl_engine_set`, `ssl_engine_disable` and `ssl_proxy_enable` are now provided by the core to have backward compatibility with non-httpd modules that might use them. mod_ssl itself no longer registers these functions, but keeps them in its header for backward compatibility. The core provided optional function wrap any registered function like it was done for `ssl_is_ssl`. [Stefan Eissing] *) mod_ssl: Support logging private key material for use with wireshark via log file given by SSLKEYLOGFILE environment variable. Requires OpenSSL 1.1.1. PR 63391. [Joe Orton] *) mod_proxy: Do not canonicalize the proxied URL when both "nocanon" and "ProxyPassInterpolateEnv On" are configured. PR 65549. [Joel Self <joelself gmail.com>] *) mpm_event: Fix children processes possibly not stopped on graceful restart. PR 63169. [Joel Self <joelself gmail.com>] *) mod_proxy: Fix a potential infinite loop when tunneling Upgrade(d) protocols from mod_proxy_http, and a timeout triggering falsely when using mod_proxy_wstunnel, mod_proxy_connect or mod_proxy_http with upgrade= setting. PRs 65521 and 65519. [Yann Ylavic] *) mod_unique_id: Reduce the time window where duplicates may be generated PR 65159 [Christophe Jaillet] *) mpm_prefork: Block signals for child_init hooks to prevent potential threads created from there to catch MPM's signals. [Ruediger Pluem, Yann Ylavic] *) Revert "mod_unique_id: Fix potential duplicated ID generation under heavy load. PR 65159" added in 2.4.47. This causes issue on Windows. [Christophe Jaillet] *) mod_proxy_uwsgi: Fix PATH_INFO setting for generic worker. [Yann Ylavic] *) mod_md: Certificate/keys pairs are verified as matching before a renewal is accepted as successful or a staged renewal is replacing the existing certificates. This avoid potential mess ups in the md store file system to render the active certificates non-working. [@mkauf] *) mod_proxy: Faster unix socket path parsing in the "proxy:" URL. [Yann Ylavic] *) mod_ssl: tighten the handling of ALPN for outgoing (proxy) connections. If ALPN protocols are provided and sent to the remote server, the received protocol selected is inspected and checked for a match. Without match, the peer handshake fails. An exception is the proposal of "http/1.1" where it is accepted if the remote server did not answer ALPN with a selected protocol. This accomodates for hosts that do not observe/support ALPN and speak http/1.x be default. *) mod_proxy: Fix possible reuse/merging of Proxy(Pass)Match worker instances with others when their URLs contain a '$' substitution. PR 65419 + 65429. [Yann Ylavic] *) mod_dav: Add method_precondition hook. WebDAV extensions define conditions that must exist before a WebDAV method can be executed. This hook allows a WebDAV extension to verify these preconditions. [Graham Leggett] *) Add hooks deliver_report and gather_reports to mod_dav.h. Allows other modules apart from versioning implementations to handle the REPORT method. [Graham Leggett] *) Add dav_get_provider(), dav_open_lockdb(), dav_close_lockdb() and dav_get_resource() to mod_dav.h. [Graham Leggett] *) core: fix ap_escape_quotes substitution logic. [Eric Covener] *) Easy patches: synch 2.4.x and trunk - mod_auth_basic: Use ap_cstr_casecmp instead of strcasecmp. - mod_ldap: log and abort locking errors. - mod_ldap: style fix for r1831165 - mod_ldap: build break fix for r1831165 - mod_deflate: Avoid hard-coded "%ld" format strings in mod_deflate's logging statements - mod_deflate: Use apr_uint64_t instead of uint64_t (follow up to r1849590) - mod_forensic: Follow up to r1856490: missing one mod_log_forensic test_char_table case. - mod_rewrite: Save a few cycles. - mod_request: Fix a comment (missing '_' in 'keep_body') and some style issues - core: remove extra whitespace in HTTP_NOT_IMPLEMENTED [Christophe Jaillet] *) core/mpm: add hook 'child_stopping` that gets called when the MPM is stopping a child process. The additional `graceful` parameter allows registered hooks to free resources early during a graceful shutdown. [Yann Ylavic, Stefan Eissing] *) mod_proxy: Fix icomplete initialization of BalancerMember(s) from the balancer-manager, which can lead to a crash. [Yann Ylavic] *) mpm_event: Fix graceful stop/restart of children processes if connections are in lingering close for too long. [Yann Ylavic] *) mod_md: fixed a potential null pointer dereference if ACME/OCSP server returned 2xx responses without content type. Reported by chuangwen. [chuangwen, Stefan Eissing] *) mod_md: - Domain names in `<MDomain ...>` can now appear in quoted form. - Fixed a failure in ACME challenge selection that aborted further searches when the tls-alpn-01 method did not seem to be suitable. - Changed the tls-alpn-01 setup to only become unsuitable when none of the dns names showed support for a configured 'Protocols ... acme-tls/1'. This allows use of tls-alpn-01 for dns names that are not mapped to a VirtualHost. [Stefan Eissing] *) Add CPING to health check logic. [Jean-Frederic Clere] *) core: Split ap_create_request() from ap_read_request(). [Graham Leggett] *) core, h2: common ap_parse_request_line() and ap_check_request_header() code. [Yann Ylavic] *) core: Add StrictHostCheck to allow unconfigured hostnames to be rejected. [Eric Covener] *) htcacheclean: Improve help messages. [Christophe Jaillet] Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-08-31nginx: Fix off_t size passed in configureNathan Rossi
For linux, nginx will always compile with '-D_FILE_OFFSET_BITS=64'. This means that off_t will always be 8 bytes long, even on 32-bit targets. This configuration change resolves some issues with nginx and handling range headers. Signed-off-by: Nathan Rossi <nathan@nathanrossi.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-08-20nginx: fix CVE-2021-3618Joe Slater
Backport with no change a patch from version 1.21.0. This patch was not cherry-picked by nginx to version 1.20.1. Information about this CVE comes from https://ubuntu.com/security/CVE-2021-3618. Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-08-06emacs,libgpiod,cockpit: Fix override syntax in using FILES_${PN}Khem Raj
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-08-03layer.conf: Update to honisterMartin Jansa
This marks the layers as compatible with honister now they use the new override syntax. Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2021-08-03Convert to new override syntaxMartin Jansa
This is the result of automated script (0.9.1) conversion: oe-core/scripts/contrib/convert-overrides.py . converting the metadata to use ":" as the override character instead of "_". Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2021-08-03apache2: upgrade 2.4.46 -> 2.4.48Changqing Li
Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-07-30nginx: upgrade 1.19.6 -> 1.21.1Salman Ahmed
Signed-off-by: Salman Ahmed <salman.ahmed@weidmueller.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-07-30nginx: upgrade 1.18.0 -> 1.20.1Salman Ahmed
Signed-off-by: Salman Ahmed <salman.ahmed@weidmueller.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-07-27hiawatha: fix url.Armin Kuster
files moved under a new dir structure. Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-04-29packagegroup-meta-webserver: remove nostromo from pkg grpArmin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-04-29nostromo: remove recipeArmin Kuster
Hosting site seems to be dead so remove recipe. http://www.nazgul.ch Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-04-29apache2: Deal with -ffile-prefix-mapKhem Raj
Filter out -ffile-prefix-map as well along with other -f*-prefix-map options Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-04-27hiawatha: upgrade 10.11 -> 10.12zhengruoqin
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-03-19layers: Drop gatesgarth from LAYERSERIES_COMPATKhem Raj
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-03-08phpmyadmin: upgrade 5.0.4 -> 5.1.0zhengruoqin
The following changes have taken place in copyright: -Copyright 2013 jQuery Foundation and other contributors -http://jquery.com/ +Copyright JS Foundation and other contributors, https://js.foundation/ Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-01-05phpmyadmin: 5.0.2 -> 5.0.4Yi Zhao
Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-12-30nginx: upgrade 1.17.8 -> 1.19.6changqing.li@windriver.com
Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-12-30nginx: upgrade 1.16.1 -> 1.18.0changqing.li@windriver.com
Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-12-03fcgiwrap: add recipeSenthil Selvaganesan
fcgiwrap is a simple server for running CGI applications over FastCGI. It hopes to provide clean CGI support to Nginx and other web servers that may need it. Homepage: https://github.com/gnosek/fcgiwrap. Signed-off-by: Senthil Selvaganesan <SenthilKumaran.Selvaganesan@garmin.com> Signed-off-by: Joshua Watt <Joshua.Watt@garmin.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-11-04layer.conf: Add hardknott to LAYERSERIES_COMPATKhem Raj
Thats codename for 3.3 Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-10-15meta-openembedded: Add gatesgarth to LAYERSERIES_COMPATKhem Raj
Remove older releases from COMPAT Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-08-31monkey: Correct the install path in init servicesKhem Raj
Its not in bindir but in sbindir Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-08-31monkey: Remove /var/runKhem Raj
This is empty and its a runtime directory which is created by base-files already Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-08-31packagegroup-meta-webserver: Update to include new recipesKhem Raj
Re-organise to have one entry per line Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-08-26apache2: upgrade v2.4.43 -> v2.4.46Sakib Sajal
Minor upgrade inluding bug and CVE fixes, namely: - CVE-2020-9490 - CVE-2020-11984 - CVE-2020-11993 Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-08-13monkey: Upgrade to 1.6.9Khem Raj
Switch to using cmake Use CMake option to select musl support Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-07-28nostromo: upgrade 1.9.7 -> 1.9.9Zang Ruochen
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-07-28hiawatha: upgrade 10.10 -> 10.11Zang Ruochen
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-07-28apache-websocket: upgrade 0.1.1 -> 0.1.2Zang Ruochen
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-06-19netdata: upgrade 1.17.0 -> 1.22.1Andreas Müller
* 0001-Correct-timeout-issue.patch: timeout is build by coreutils * 0002-Makefiles-does-not-build-contrib-dir.patch: Upstream added identical Signed-off-by: Andreas Müller <schnitzeltony@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-05-31spawn-fcgi: fix typo in SUMMARYKonrad Weihmann
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-05-30cockpit: 219 -> 220Michael Haener
Signed-off-by: Michael Haener <michael.haener@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-05-21apache2: create log/run directory via pkg_postinstYi Zhao
The commit e789c3837ca8d65abb4bac29dc2e5c595c8ce05b tries to create log/run directory in initscript/systemd unit file. This is not a correct method. We should create them in pkg_postinst. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-05-21cockpit: rt-deps for storagedMichael Haener
No general depdependency on udisks2 (polkit) Signed-off-by: Michael Haener <michael.haener@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-05-14cockpit: upgrade 218 -> 219Michael Haener
Signed-off-by: Michael Haener <michael.haener@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-05-14apache2: fix service start failChangqing Li
reproduce steps: 1. boot up target 2. scp apache2-2.4.41-r0.1.aarch64.rpm on target 3. rpm -i apache2-2.4.41-r0.1.aarch64.rpm 4. systemctl status apache2 Error: httpd[7767]: (2)No such file or directory: AH02291: Cannot access directory '/var/log/apache2/' for main error log with the old way, /var/log/apache2/ is created by service systemd-tmpfiles-setup during boot, so only works when apache2 already installed before boot, in above scenario, /var/log/apache2/ will not created. fix by creating it in the service file. similar fix for sysV system Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-05-11Cockpit: Added missing dependency on udisks2 for package cockpit-storagedJorge Solla
Cockpit uses udisks2 in order to manage storage on the host, without it cockpit will just display an error when the storage tab is selected. Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-05-06nginx: remove /var/log/nginx when do_installYi Zhao
Remove directory /var/log/nginx when do_install because it is created by volatiles file. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-05-04cockpit: fix metainfo.xml file ownershipEmmanuel Roullit
The 'tar -cf - | tar -xf' combo applies an invalid ownership. This is corrected by patching the install target to use the --no-same-owner tar parameter. Signed-off-by: Emmanuel Roullit <emmanuel.roullit@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-05-04cockpit: Add recipe version 218Michael Haener
Cockpit is a server manager that makes it easy to administer your GNU/Linux servers via a web browser. Signed-off-by: Michael Haener <michael.haener@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-04-27xdebug: upgrade 2.7.2 -> 2.9.5Changqing Li
Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-04-17apache2: add patch ensuring destdir is empty stringTrevor Gamblin
apache2 added cross-compilation support after 2.4.41, but this conflicts with our own cross-compilation setup and causes related recipes like apache-websocket to fail to find config files (due to incorrect file paths) during build: | cannot open /ala-lpggp31/tgamblin/yocto/poky.git/build/tmp/work/core2-64-poky-linux/apache-websocket/0.1.1+gitAUTOINC+6968083264-r0/recipe-sysroot/ala-lpggp31/tgamblin/yocto/poky.git/build/tmp/work/core2-64-poky-linux/apache-websocket/0.1.1+gitAUTOINC+6968083264-r0/recipe-sysroot//usr/share/apache2/build/config_vars.mk: No such file or directory at /ala-lpggp31/tgamblin/yocto/poky.git/build/tmp/work/core2-64-poky-linux/apache-websocket/0.1.1+gitAUTOINC+6968083264-r0/recipe-sysroot/usr/bin/crossscripts/apxs line 213. Add this patch to ensure that the $destdir variable used in apache2's cross-compilation scheme is always the empty string so that apache-websocket can find the right files. Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-04-17apache2: upgrade 2.4.41 -> 2.4.43Trevor Gamblin
LICENSE file was updated due to a typo fix. Note that this upgrade fixes two CVES affecting versions 2.4.41 and earlier: CVE: CVE-2020-1927 CVE: CVE-2020-1934 See: https://nvd.nist.gov/vuln/detail/CVE-2020-1927 https://nvd.nist.gov/vuln/detail/CVE-2020-1934 Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-04-01phpmyadmin: upgrade 4.9.2 -> 5.0.2Wang Mingyu
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-04-01nostromo: upgrade 1.9.6 -> 1.9.7Wang Mingyu
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-03-20layers: update LAYERSERIES_COMPAT to dunfellKhem Raj
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-02-26nginx: fix error during service startupChangqing Li
fix below error: nginx.service: failed to parse pid from file /run/nginx/nginx.pid: invalid argument Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>