diff options
author | Vlad Glagolev | 2019-09-08 02:18:59 +0000 |
---|---|---|
committer | Vlad Glagolev | 2019-09-08 02:19:16 +0000 |
commit | 07deafe0a64759030cbc698b2d3868d226e29d38 (patch) | |
tree | 0bf56bc3971f2af6917e26cab89f92b7f326c98c /http | |
parent | 2985e36642b1bd413adb6b2efbb9d62de27d6898 (diff) |
lighttpd: post-update fixes
Diffstat (limited to 'http')
-rwxr-xr-x | http/lighttpd/BUILD | 3 | ||||
-rwxr-xr-x | http/lighttpd/CONFIGURE | 4 | ||||
-rwxr-xr-x | http/lighttpd/DEPENDS | 19 | ||||
-rwxr-xr-x | http/lighttpd/DETAILS | 2 | ||||
-rw-r--r-- | http/lighttpd/HISTORY | 10 | ||||
-rwxr-xr-x | http/lighttpd/INSTALL | 3 | ||||
-rw-r--r-- | http/lighttpd/auth_ldap_port-option+ext.patch | 93 | ||||
-rw-r--r-- | http/lighttpd/auth_ldap_port-option.patch | 94 | ||||
-rw-r--r-- | http/lighttpd/external_auth_program-1.4.41.patch | 184 | ||||
-rw-r--r-- | http/lighttpd/lighttpd.gpg | bin | 3845 -> 7715 bytes |
10 files changed, 33 insertions, 379 deletions
diff --git a/http/lighttpd/BUILD b/http/lighttpd/BUILD index 1aeaf65c47..e528e5e82d 100755 --- a/http/lighttpd/BUILD +++ b/http/lighttpd/BUILD @@ -1,2 +1,5 @@ +create_account lighttpd && + OPTS="--libdir=$INSTALL_ROOT/usr/lib/lighttpd $LIGHTTPD_OPTS $OPTS" && + default_build diff --git a/http/lighttpd/CONFIGURE b/http/lighttpd/CONFIGURE index 906e478c6a..29d644b42c 100755 --- a/http/lighttpd/CONFIGURE +++ b/http/lighttpd/CONFIGURE @@ -1,5 +1,5 @@ -config_query LIGHTTPD_EXTAUTH "Do you want to patch in external authentication program support?" n && -config_query LIGHTTPD_LDAP_PORT "Do you want to patch in LDAP port configuration support?" n && +persistent_remove LIGHTTPD_EXTAUTH && +persistent_remove LIGHTTPD_LDAP_PORT && config_query_option LIGHTTPD_OPTS "Do you want WebDAV support?" n \ "--with-webdav-props" "--without-webdav-props" && diff --git a/http/lighttpd/DEPENDS b/http/lighttpd/DEPENDS index 7a57359c01..6c42277006 100755 --- a/http/lighttpd/DEPENDS +++ b/http/lighttpd/DEPENDS @@ -25,8 +25,8 @@ optional_depends SSL \ if is_depends_enabled $SPELL $(get_spell_provider $SPELL SSL); then optional_depends krb5 \ - "--with-kerberos5" \ - "--without-kerberos5" \ + "--with-krb5" \ + "--without-krb5" \ "to use Kerberos5 support with OpenSSL" fi && @@ -35,6 +35,21 @@ optional_depends MYSQL \ "--without-mysql" \ "for MySQL support" && +optional_depends postgresql \ + "--with-pgsql" \ + "--without-pgsql" \ + "for PostgreSQL support" && + +optional_depends libdbi \ + "--with-dbi" \ + "--without-dbi" \ + "for DBI support" && + +optional_depends LIBSASL \ + "--with-sasl" \ + "--without-sasl" \ + "for SASL support" && + optional_depends FAM \ "--with-fam" \ "--without-fam" \ diff --git a/http/lighttpd/DETAILS b/http/lighttpd/DETAILS index 7fdba4c3bf..86fef02dc9 100755 --- a/http/lighttpd/DETAILS +++ b/http/lighttpd/DETAILS @@ -4,7 +4,7 @@ BRANCH=`echo -n $VERSION | cut -d . -f 1,2` SOURCE=$SPELL-$VERSION.tar.gz SOURCE2=$SOURCE.asc - SOURCE_URL[0]=http://download.lighttpd.net/$SPELL/releases-$BRANCH.x/$SOURCE + SOURCE_URL[0]=https://download.lighttpd.net/$SPELL/releases-$BRANCH.x/$SOURCE SOURCE2_URL[0]=${SOURCE_URL[0]}.asc SOURCE_GPG=lighttpd.gpg:$SOURCE2:UPSTREAM_KEY SOURCE2_IGNORE=signature diff --git a/http/lighttpd/HISTORY b/http/lighttpd/HISTORY index 1c9fe2d7f0..2b425dd1a2 100644 --- a/http/lighttpd/HISTORY +++ b/http/lighttpd/HISTORY @@ -1,3 +1,13 @@ +2019-09-07 Vlad Glagolev <stealth@sourcemage.org> + * DETAILS: switched to https + * DEPENDS: updated krb5 flags + * BUILD: moved system account/group creation from INSTALL + * CONFIGURE: removed deprecated variables + * PRE_BUILD: removed, not needed + * lighttpd.gpg: added 6FE198C8 public key (Glenn Strauss (lighttpd) + <gstrauss@gluelogic.com>) + * *.patch: removed obsolete patches + 2019-05-29 Florian Franzmann <siflfran@hawo.stw.uni-erlangen.de> * DETAILS: version 1.4.54 diff --git a/http/lighttpd/INSTALL b/http/lighttpd/INSTALL index 6535833bdf..e93e6383c2 100755 --- a/http/lighttpd/INSTALL +++ b/http/lighttpd/INSTALL @@ -1,8 +1,5 @@ default_install && -create_group lighttpd && -create_account lighttpd && - # Install default config files install -m -o lighttpd -g lighttpd 0755 -d "${INSTALL_ROOT}"/etc/lighttpd/ && install -m -o lighttpd -g lighttpd 0755 -d "${INSTALL_ROOT}"/etc/lighttpd/conf.d/ && diff --git a/http/lighttpd/auth_ldap_port-option+ext.patch b/http/lighttpd/auth_ldap_port-option+ext.patch deleted file mode 100644 index 7f1d4ce42f..0000000000 --- a/http/lighttpd/auth_ldap_port-option+ext.patch +++ /dev/null @@ -1,93 +0,0 @@ -From 03f69f8fff3711c925b98f6e17aec4c8321f02b7 Mon Sep 17 00:00:00 2001 -From: Jay Soffian <jaysoffian@gmail.com> -Date: Fri, 13 Mar 2009 02:12:43 -0400 -Subject: [PATCH] Add auth.backend.ldap.port option -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - ---- - src/http_auth.c | 2 +- - src/http_auth.h | 1 + - src/mod_auth.c | 8 +++++++- - 3 files changed, 9 insertions(+), 2 deletions(-) - -diff --git a/src/http_auth.c b/src/http_auth.c -index ccd087e..ae1a8da 100644 ---- a/src/http_auth.c -+++ b/src/http_auth.c -@@ -786,7 +786,7 @@ static int http_auth_basic_password_compare(server *srv, mod_auth_plugin_data *p - - - /* 3. */ -- if (NULL == (ldap = ldap_init(p->conf.auth_ldap_hostname->ptr, LDAP_PORT))) { -+ if (NULL == (ldap = ldap_init(p->conf.auth_ldap_hostname->ptr, p->conf.auth_ldap_port))) { - log_error_write(srv, __FILE__, __LINE__, "ss", "ldap ...", strerror(errno)); - return -1; - } -diff --git a/src/http_auth.h b/src/http_auth.h -index 5828a7e..16719fc 100644 ---- a/src/http_auth.h -+++ b/src/http_auth.h -@@ -35,6 +35,7 @@ typedef struct { - buffer *auth_ldap_bindpw; - buffer *auth_ldap_filter; - buffer *auth_ldap_cafile; -+ unsigned short auth_ldap_port; - unsigned short auth_ldap_starttls; - unsigned short auth_ldap_allow_empty_pw; - -diff --git a/src/mod_auth.c b/src/mod_auth.c -index 77d30f2..6886779 100644 ---- a/src/mod_auth.c -+++ b/src/mod_auth.c -@@ -107,6 +107,7 @@ static int mod_auth_patch_connection(server *srv, connection *con, mod_auth_plug - PATCH(auth_require); - PATCH(auth_debug); - PATCH(auth_ldap_hostname); -+ PATCH(auth_ldap_port); - PATCH(auth_ldap_basedn); - PATCH(auth_ldap_binddn); - PATCH(auth_ldap_bindpw); -@@ -151,6 +152,8 @@ static int mod_auth_patch_connection(server *srv, connection *con, mod_auth_plug - #ifdef USE_LDAP - p->anon_conf = s; - #endif -+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.ldap.port"))) { -+ PATCH(auth_ldap_port); - } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.ldap.base-dn"))) { - PATCH(auth_ldap_basedn); - } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.ldap.filter"))) { -@@ -346,6 +346,7 @@ - { "auth.backend.htpasswd.userfile", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 13 */ - { "auth.backend.program.exec", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 14 */ - { "auth.debug", NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_CONNECTION }, /* 15 */ -+ { "auth.backend.ldap.port", NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_CONNECTION }, - { NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET } - }; - -@@ -346,6 +350,7 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults) { - s->auth_backend_conf = buffer_init(); - - s->auth_ldap_hostname = buffer_init(); -+ s->auth_ldap_port = LDAP_PORT; - s->auth_ldap_basedn = buffer_init(); - s->auth_ldap_binddn = buffer_init(); - s->auth_ldap_bindpw = buffer_init(); -@@ -398,6 +399,7 @@ - cv[13].destination = s->auth_htpasswd_userfile; - cv[14].destination = s->auth_program_exec; - cv[15].destination = &(s->auth_debug); -+ cv[16].destination = &(s->auth_ldap_port); - - p->config_storage[i] = s; - ca = ((data_config *)srv->config_context->data[i])->value; -@@ -557,7 +563,7 @@ handler_t auth_ldap_init(server *srv, mod_auth_plugin_config *s) { - /* free old context */ - if (NULL != s->ldap) ldap_unbind_s(s->ldap); - -- if (NULL == (s->ldap = ldap_init(s->auth_ldap_hostname->ptr, LDAP_PORT))) { -+ if (NULL == (s->ldap = ldap_init(s->auth_ldap_hostname->ptr, s->auth_ldap_port))) { - log_error_write(srv, __FILE__, __LINE__, "ss", "ldap ...", strerror(errno)); - - return HANDLER_ERROR; diff --git a/http/lighttpd/auth_ldap_port-option.patch b/http/lighttpd/auth_ldap_port-option.patch deleted file mode 100644 index 29878828ca..0000000000 --- a/http/lighttpd/auth_ldap_port-option.patch +++ /dev/null @@ -1,94 +0,0 @@ -From 03f69f8fff3711c925b98f6e17aec4c8321f02b7 Mon Sep 17 00:00:00 2001 -From: Jay Soffian <jaysoffian@gmail.com> -Date: Fri, 13 Mar 2009 02:12:43 -0400 -Subject: [PATCH] Add auth.backend.ldap.port option -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - ---- - src/http_auth.c | 2 +- - src/http_auth.h | 1 + - src/mod_auth.c | 8 +++++++- - 3 files changed, 9 insertions(+), 2 deletions(-) - -diff --git a/src/http_auth.c b/src/http_auth.c -index ccd087e..ae1a8da 100644 ---- a/src/http_auth.c -+++ b/src/http_auth.c -@@ -786,7 +786,7 @@ static int http_auth_basic_password_compare(server *srv, mod_auth_plugin_data *p - - - /* 3. */ -- if (NULL == (ldap = ldap_init(p->conf.auth_ldap_hostname->ptr, LDAP_PORT))) { -+ if (NULL == (ldap = ldap_init(p->conf.auth_ldap_hostname->ptr, p->conf.auth_ldap_port))) { - log_error_write(srv, __FILE__, __LINE__, "ss", "ldap ...", strerror(errno)); - return -1; - } -diff --git a/src/http_auth.h b/src/http_auth.h -index 5828a7e..16719fc 100644 ---- a/src/http_auth.h -+++ b/src/http_auth.h -@@ -35,6 +35,7 @@ typedef struct { - buffer *auth_ldap_bindpw; - buffer *auth_ldap_filter; - buffer *auth_ldap_cafile; -+ unsigned short auth_ldap_port; - unsigned short auth_ldap_starttls; - unsigned short auth_ldap_allow_empty_pw; - -diff --git a/src/mod_auth.c b/src/mod_auth.c -index 77d30f2..6886779 100644 ---- a/src/mod_auth.c -+++ b/src/mod_auth.c -@@ -107,6 +107,7 @@ static int mod_auth_patch_connection(server *srv, connection *con, mod_auth_plug - PATCH(auth_require); - PATCH(auth_debug); - PATCH(auth_ldap_hostname); -+ PATCH(auth_ldap_port); - PATCH(auth_ldap_basedn); - PATCH(auth_ldap_binddn); - PATCH(auth_ldap_bindpw); -@@ -151,6 +152,8 @@ static int mod_auth_patch_connection(server *srv, connection *con, mod_auth_plug - #ifdef USE_LDAP - p->anon_conf = s; - #endif -+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.ldap.port"))) { -+ PATCH(auth_ldap_port); - } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.ldap.base-dn"))) { - PATCH(auth_ldap_basedn); - } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.ldap.filter"))) { -@@ -341,6 +341,7 @@ - { "auth.backend.htdigest.userfile", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 12 */ - { "auth.backend.htpasswd.userfile", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 13 */ - { "auth.debug", NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_CONNECTION }, /* 14 */ -+ { "auth.backend.ldap.port", NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_CONNECTION }, - { NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET } - }; - -@@ -346,6 +350,7 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults) { - s->auth_backend_conf = buffer_init(); - - s->auth_ldap_hostname = buffer_init(); -+ s->auth_ldap_port = LDAP_PORT; - s->auth_ldap_basedn = buffer_init(); - s->auth_ldap_binddn = buffer_init(); - s->auth_ldap_bindpw = buffer_init(); -@@ -377,6 +382,7 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults) { - cv[12].destination = s->auth_htdigest_userfile; - cv[13].destination = s->auth_htpasswd_userfile; - cv[14].destination = &(s->auth_debug); -+ cv[15].destination = &(s->auth_ldap_port); - - p->config_storage[i] = s; - ca = ((data_config *)srv->config_context->data[i])->value; -@@ -557,7 +563,7 @@ handler_t auth_ldap_init(server *srv, mod_auth_plugin_config *s) { - /* free old context */ - if (NULL != s->ldap) ldap_unbind_s(s->ldap); - -- if (NULL == (s->ldap = ldap_init(s->auth_ldap_hostname->ptr, LDAP_PORT))) { -+ if (NULL == (s->ldap = ldap_init(s->auth_ldap_hostname->ptr, s->auth_ldap_port))) { - log_error_write(srv, __FILE__, __LINE__, "ss", "ldap ...", strerror(errno)); - - return HANDLER_ERROR; --- diff --git a/http/lighttpd/external_auth_program-1.4.41.patch b/http/lighttpd/external_auth_program-1.4.41.patch deleted file mode 100644 index 020e0456c2..0000000000 --- a/http/lighttpd/external_auth_program-1.4.41.patch +++ /dev/null @@ -1,184 +0,0 @@ ---- src/http_auth.h.orig 2010-01-02 17:58:11.000000000 +0100 -+++ src/http_auth.h 2010-01-02 17:59:17.000000000 +0100 -@@ -14,7 +14,8 @@ - AUTH_BACKEND_PLAIN, - AUTH_BACKEND_LDAP, - AUTH_BACKEND_HTPASSWD, -- AUTH_BACKEND_HTDIGEST -+ AUTH_BACKEND_HTDIGEST, -+ AUTH_BACKEND_PROGRAM - } auth_backend_t; - - typedef struct { -@@ -38,6 +39,8 @@ - unsigned short auth_ldap_starttls; - unsigned short auth_ldap_allow_empty_pw; - -+ buffer *auth_program_exec; -+ - unsigned short auth_debug; - - /* generated */ ---- src/http_auth.c.orig 2016-07-31 08:42:39.000000000 -0400 -+++ src/http_auth.c 2016-07-31 16:24:22.144575820 -0400 -@@ -192,7 +192,8 @@ - } - - fclose(fp); -- } else if (p->conf.auth_backend == AUTH_BACKEND_LDAP) { -+ } else if (p->conf.auth_backend == AUTH_BACKEND_LDAP || -+ p->conf.auth_backend == AUTH_BACKEND_PROGRAM) { - return 0; - } - -@@ -711,6 +712,57 @@ - - return 0; - #endif -+ } else if (p->conf.auth_backend == AUTH_BACKEND_PROGRAM) { -+ buffer *progbuf = p->conf.auth_program_exec; -+ const char *prog; -+ FILE *pipe; -+ int ret; -+ -+ /* -+ * This is tested when loading configuration, -+ * but better be paranoid. -+ */ -+ if(!progbuf || progbuf->used == 0) { -+ log_error_write(srv, __FILE__, __LINE__, "s", -+ "Missing 'auth.backend.program.exec' directive"); -+ return -1; -+ } -+ prog = progbuf->ptr; -+ /* -+ * Preliminary check, so we can have better error reporting. -+ * It was tested during configuration reading, but maybe -+ * something happened to the program since that time. -+ * -+ * If someone mess with the program after this test, it -+ * would simply fail in the popen()/pclose() which we check anyway. -+ */ -+ if(access(prog, F_OK | X_OK) < 0) { -+ log_error_write(srv, __FILE__, __LINE__, "ssss", -+ "auth.backend.program: Failed access(", -+ prog, -+ "): ", -+ strerror(errno)); -+ return -1; -+ } -+ if((pipe = popen(prog, "w")) == NULL) { -+ log_error_write(srv, __FILE__, __LINE__, "ssss", -+ "Failed popen(", -+ prog, -+ "): ", -+ strerror(errno)); -+ return -1; -+ } -+ fprintf(pipe, "%s:%s\n", username->ptr, pw); -+ if((ret = pclose(pipe)) != 0) { -+ log_error_write(srv, __FILE__, __LINE__, "sssds", -+ "Failed pclose(", prog, "):", ret, strerror(errno)); -+ return -1; -+ } -+ if (p->conf.auth_debug) { -+ log_error_write(srv, __FILE__, __LINE__, "ss", -+ "auth.backend.program success for: ", username->ptr); -+ } -+ return 0; - } - return -1; - } ---- src/mod_auth.c.orig 2010-01-02 17:58:11.000000000 +0100 -+++ src/mod_auth.c 2010-01-02 18:08:14.000000000 +0100 -@@ -82,6 +82,7 @@ - - if (s->ldap) ldap_unbind_s(s->ldap); - #endif -+ buffer_free(s->auth_program_exec); - - free(s); - } -@@ -119,6 +120,7 @@ - PATCH(ldap_filter_pre); - PATCH(ldap_filter_post); - #endif -+ PATCH(auth_program_exec); - - /* skip the first, the global context */ - for (i = 1; i < srv->config_context->used; i++) { -@@ -169,6 +171,8 @@ - PATCH(auth_ldap_bindpw); - } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.ldap.allow-empty-pw"))) { - PATCH(auth_ldap_allow_empty_pw); -+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.program.exec"))) { -+ PATCH(auth_program_exec); - } - } - } -@@ -326,7 +330,8 @@ - { "auth.backend.ldap.allow-empty-pw", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 11 */ - { "auth.backend.htdigest.userfile", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 12 */ - { "auth.backend.htpasswd.userfile", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 13 */ -- { "auth.debug", NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_CONNECTION }, /* 14 */ -+ { "auth.backend.program.exec", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 14 */ -+ { "auth.debug", NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_CONNECTION }, /* 15 */ - { NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET } - }; - -@@ -352,6 +357,7 @@ - s->auth_ldap_filter = buffer_init(); - s->auth_ldap_cafile = buffer_init(); - s->auth_ldap_starttls = 0; -+ s->auth_program_exec = buffer_init(); - s->auth_debug = 0; - - s->auth_require = array_init(); -@@ -376,7 +382,8 @@ - cv[11].destination = &(s->auth_ldap_allow_empty_pw); - cv[12].destination = s->auth_htdigest_userfile; - cv[13].destination = s->auth_htpasswd_userfile; -- cv[14].destination = &(s->auth_debug); -+ cv[14].destination = s->auth_program_exec; -+ cv[15].destination = &(s->auth_debug); - - p->config_storage[i] = s; - ca = ((data_config *)srv->config_context->data[i])->value; -@@ -394,6 +401,8 @@ - s->auth_backend = AUTH_BACKEND_PLAIN; - } else if (0 == strcmp(s->auth_backend_conf->ptr, "ldap")) { - s->auth_backend = AUTH_BACKEND_LDAP; -+ } else if (0 == strcmp(s->auth_backend_conf->ptr, "program")) { -+ s->auth_backend = AUTH_BACKEND_PROGRAM; - } else { - log_error_write(srv, __FILE__, __LINE__, "sb", "auth.backend not supported:", s->auth_backend_conf); - -@@ -534,6 +543,28 @@ - return (ret); - break; - } -+ case AUTH_BACKEND_PROGRAM: { -+ const char *prog; -+ /* -+ * Let's make some sanity checks so we detect them during -+ * startup and not only when trying to authenticate. -+ */ -+ if(!(s->auth_program_exec) || s->auth_program_exec->used == 0) { -+ log_error_write(srv, __FILE__, __LINE__, "s", -+ "Missing or empty auth.backend.program.exec"); -+ return HANDLER_ERROR; -+ } -+ prog = s->auth_program_exec->ptr; -+ if(access(prog, F_OK | X_OK) < 0) { -+ log_error_write(srv, __FILE__, __LINE__, "ssss", -+ "auth.backend.program: Failed access(", -+ prog, -+ "): ", -+ strerror(errno)); -+ return HANDLER_ERROR; -+ } -+ break; -+ } - default: - break; - } diff --git a/http/lighttpd/lighttpd.gpg b/http/lighttpd/lighttpd.gpg Binary files differindex ac5a7b71bb..9a2df0f3e7 100644 --- a/http/lighttpd/lighttpd.gpg +++ b/http/lighttpd/lighttpd.gpg |