From 8cf8f7aca33cf15c6a75d77a438b2b748ac1ca06 Mon Sep 17 00:00:00 2001
From: Yue Tao <yue.tao@windriver.com>
Date: Wed, 13 Oct 2021 11:18:28 +0800
Subject: [PATCH] Add debian package for lighttpd

Using the 1.4.55-1~bpo10+1 not the default version 1.4.59-1 of bullseye
in order to port the patch check-content-length.patch due to the big
gap of codes.

Ingore the patch lighttpd-tpm-support.patch since the TPM is deprecated.

Porting the spec patch spec-include-TiS-changes.patch from CentOS and
disable 3 sub-packages since some configure options are disabled by
spec-include-TiS-changes.patch.

Story: 2009221
Task: 43608
Signed-off-by: Yue Tao <yue.tao@windriver.com>
Change-Id: Iae9aa9276999a5bfa34d1980821c0d88dd3b75c6
---
 ...t-spec-include-TiS-changes.patch-fro.patch | 192 ++++++++++++++++++
 base/lighttpd/debian/deb_patches/series       |   1 +
 base/lighttpd/debian/meta_data.yaml           |   9 +
 .../debian/patches/check-content-length.patch |  80 ++++++++
 base/lighttpd/debian/patches/series           |   1 +
 5 files changed, 283 insertions(+)
 create mode 100644 base/lighttpd/debian/deb_patches/0001-lighttpd-backport-spec-include-TiS-changes.patch-fro.patch
 create mode 100644 base/lighttpd/debian/deb_patches/series
 create mode 100644 base/lighttpd/debian/meta_data.yaml
 create mode 100644 base/lighttpd/debian/patches/check-content-length.patch
 create mode 100644 base/lighttpd/debian/patches/series

diff --git a/base/lighttpd/debian/deb_patches/0001-lighttpd-backport-spec-include-TiS-changes.patch-fro.patch b/base/lighttpd/debian/deb_patches/0001-lighttpd-backport-spec-include-TiS-changes.patch-fro.patch
new file mode 100644
index 000000000..17a7165cf
--- /dev/null
+++ b/base/lighttpd/debian/deb_patches/0001-lighttpd-backport-spec-include-TiS-changes.patch-fro.patch
@@ -0,0 +1,192 @@
+From 91f1bd05e5acc70789d17de47de7813bb615027c Mon Sep 17 00:00:00 2001
+From: Yue Tao <Yue.Tao@windriver.com>
+Date: Tue, 9 Mar 2021 18:26:53 -0800
+Subject: [PATCH] lighttpd: backport spec-include-TiS-changes.patch from
+ StarlingX f/centos8 branch
+
+Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
+---
+ debian/control | 99 ++++++++++++++++++++++++--------------------------
+ debian/rules   | 12 +++---
+ 2 files changed, 55 insertions(+), 56 deletions(-)
+
+diff --git a/debian/control b/debian/control
+index 7807525..682477b 100644
+--- a/debian/control
++++ b/debian/control
+@@ -62,15 +62,12 @@ Suggests:
+  lighttpd-mod-authn-gssapi,
+  lighttpd-mod-authn-pam,
+  lighttpd-mod-authn-sasl,
+- lighttpd-mod-cml,
+  lighttpd-mod-geoip,
+- lighttpd-mod-magnet,
+  lighttpd-mod-maxminddb,
+  lighttpd-mod-trigger-b4-dl,
+  lighttpd-mod-vhostdb-dbi,
+  lighttpd-mod-vhostdb-pgsql,
+  lighttpd-mod-webdav,
+- lighttpd-modules-ldap,
+  lighttpd-modules-mysql,
+ Description: fast webserver with minimal memory footprint
+  lighttpd is a small webserver and fast webserver developed with
+@@ -99,29 +96,29 @@ Description: documentation for lighttpd
+  .
+  This package contains documentation for lighttpd.
+ 
+-Package: lighttpd-modules-ldap
+-Architecture: any
+-Depends:
+- ${misc:Depends},
+- ${shlibs:Depends},
+- lighttpd (= ${binary:Version}),
+-Breaks:
+- lighttpd (<< 1.4.52-2+exp1),
+- lighttpd-mod-authn-ldap (<< 1.4.52-2+exp1),
+-Replaces:
+- lighttpd (<< 1.4.52-2+exp1),
+- lighttpd-mod-authn-ldap (<< 1.4.52-2+exp1),
+-Provides:
+- ${lighttpd:ModuleProvides},
+-Description: LDAP-based modules for lighttpd
+- This package contains the following modules:
+-  * mod_authn_ldap: With this module, it is possible to perform
+-    authentication against an LDAP server.
+-  * mod_vhostdb_ldap: Database backend module for using LDAP as
+-    a source for virtual host configuration using mod_vhostdb.
+- .
+- Do not depend on this package. Depend on the provided lighttpd-mod-*
+- packages instead.
++#Package: lighttpd-modules-ldap
++#Architecture: any
++#Depends:
++# ${misc:Depends},
++# ${shlibs:Depends},
++# lighttpd (= ${binary:Version}),
++#Breaks:
++# lighttpd (<< 1.4.52-2+exp1),
++# lighttpd-mod-authn-ldap (<< 1.4.52-2+exp1),
++#Replaces:
++# lighttpd (<< 1.4.52-2+exp1),
++# lighttpd-mod-authn-ldap (<< 1.4.52-2+exp1),
++#Provides:
++# ${lighttpd:ModuleProvides},
++#Description: LDAP-based modules for lighttpd
++# This package contains the following modules:
++#  * mod_authn_ldap: With this module, it is possible to perform
++#    authentication against an LDAP server.
++#  * mod_vhostdb_ldap: Database backend module for using LDAP as
++#    a source for virtual host configuration using mod_vhostdb.
++# .
++# Do not depend on this package. Depend on the provided lighttpd-mod-*
++# packages instead.
+ 
+ Package: lighttpd-modules-mysql
+ Architecture: any
+@@ -165,32 +162,32 @@ Description: anti-deep-linking module for lighttpd
+  from other sites by requiring users to visit a trigger URL to
+  be able to download certain files.
+ 
+-Package: lighttpd-mod-cml
+-Architecture: any
+-Depends:
+- ${misc:Depends},
+- ${shlibs:Depends},
+- lighttpd (= ${binary:Version}),
+-Recommends:
+- memcached,
+-Description: cache meta language module for lighttpd
+- With the cache meta language, it is possible to describe to the
+- dependencies of a cached file to its source files/scripts. For the
+- cache files, the scripting language Lua is used.
+- .
+- THIS MODULE IS OBSOLETED, USE mod_magnet INSTEAD.
++#Package: lighttpd-mod-cml
++#Architecture: any
++#Depends:
++# ${misc:Depends},
++# ${shlibs:Depends},
++# lighttpd (= ${binary:Version}),
++#Recommends:
++# memcached,
++#Description: cache meta language module for lighttpd
++# With the cache meta language, it is possible to describe to the
++# dependencies of a cached file to its source files/scripts. For the
++# cache files, the scripting language Lua is used.
++# .
++# THIS MODULE IS OBSOLETED, USE mod_magnet INSTEAD.
+ 
+-Package: lighttpd-mod-magnet
+-Architecture: any
+-Depends:
+- ${misc:Depends},
+- ${shlibs:Depends},
+- lighttpd (= ${binary:Version}),
+-Description: control the request handling module for lighttpd
+- mod_magnet can attract a request in several stages in the request-handling.
+- either at the same level as mod_rewrite, before any parsing of the URL is done
+- or at a later stage, when the doc-root is known and the physical-path is
+- already setup
++#Package: lighttpd-mod-magnet
++#Architecture: any
++#Depends:
++# ${misc:Depends},
++# ${shlibs:Depends},
++# lighttpd (= ${binary:Version}),
++#Description: control the request handling module for lighttpd
++# mod_magnet can attract a request in several stages in the request-handling.
++# either at the same level as mod_rewrite, before any parsing of the URL is done
++# or at a later stage, when the doc-root is known and the physical-path is
++# already setup
+ 
+ Package: lighttpd-mod-webdav
+ Architecture: any
+diff --git a/debian/rules b/debian/rules
+index 7c0440b..e456781 100755
+--- a/debian/rules
++++ b/debian/rules
+@@ -16,6 +16,7 @@ override_dh_clean:
+ override_dh_auto_configure:
+ 	dh_auto_configure -- \
+ 		--disable-dependency-tracking \
++		--disable-static \
+ 		--libdir=/usr/lib/lighttpd \
+ 		--libexecdir="/usr/lib/lighttpd" \
+ 		--with-attr \
+@@ -23,10 +24,12 @@ override_dh_auto_configure:
+ 		--with-fam \
+ 		--with-gdbm \
+ 		--with-krb5 \
+-		--with-ldap \
++		--without-ldap \
+ 		--with-geoip \
+ 		--with-memcached \
+-		--with-lua=lua5.1 \
++		--without-lua \
++		--without-bzip2 \
++		--without-memcache \
+ 		--with-maxminddb \
+ 		--with-mysql \
+ 		--with-openssl \
+@@ -34,8 +37,8 @@ override_dh_auto_configure:
+ 		--with-pcre \
+ 		--with-pgsql \
+ 		--with-sasl \
+-		--with-webdav-locks \
+-		--with-webdav-props \
++		--without-webdav-locks \
++		--without-webdav-props \
+ 		$(if $(filter pkg.lighttpd.libunwind,$(DEB_BUILD_PROFILES)),--with-libunwind) \
+ 		CFLAGS_FOR_BUILD="$(shell dpkg-buildflags --get CFLAGS)" \
+ 		LDFLAGS_FOR_BUILD="$(shell dpkg-buildflags --get LDFLAGS)" \
+@@ -49,7 +52,6 @@ override_dh_missing:
+ 	dh_missing --fail-missing
+ 
+ DOCLESS_PACKAGES=\
+-	lighttpd-modules-ldap \
+ 	lighttpd-modules-mysql \
+ 	lighttpd-mod-authn-pam \
+ 	lighttpd-mod-authn-sasl \
+-- 
+2.31.1
+
diff --git a/base/lighttpd/debian/deb_patches/series b/base/lighttpd/debian/deb_patches/series
new file mode 100644
index 000000000..769a17a27
--- /dev/null
+++ b/base/lighttpd/debian/deb_patches/series
@@ -0,0 +1 @@
+0001-lighttpd-backport-spec-include-TiS-changes.patch-fro.patch
diff --git a/base/lighttpd/debian/meta_data.yaml b/base/lighttpd/debian/meta_data.yaml
new file mode 100644
index 000000000..b79f1e806
--- /dev/null
+++ b/base/lighttpd/debian/meta_data.yaml
@@ -0,0 +1,9 @@
+debver: 1.4.55-1~bpo10+1
+debname: lighttpd
+dl_path:
+  name: lighttpd-debian-1.4.55-1_bpo10+1.tar.gz
+  url: https://salsa.debian.org/debian/lighttpd/-/archive/debian/1.4.55-1_bpo10+1/lighttpd-debian-1.4.55-1_bpo10+1.tar.gz
+  md5sum: 453d7710982ee44fb5ce41673c6bd0df
+revision:
+  dist: $STX_DIST
+  PKG_GITREVCOUNT:
diff --git a/base/lighttpd/debian/patches/check-content-length.patch b/base/lighttpd/debian/patches/check-content-length.patch
new file mode 100644
index 000000000..d2fbcb025
--- /dev/null
+++ b/base/lighttpd/debian/patches/check-content-length.patch
@@ -0,0 +1,80 @@
+From 65107586a55c594c44b0a97a2d6756f6a0f0a5ca Mon Sep 17 00:00:00 2001
+From: Giao Le <giao.le@windriver.com>
+Date: Mon, 27 Aug 2018 19:41:36 +0800
+Subject: [PATCH] check-length
+
+Signed-off-by: zhipengl <zhipengs.liu@intel.com>
+---
+ src/request.c | 45 +++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 45 insertions(+)
+
+diff --git a/src/request.c b/src/request.c
+index d25e1e7..fe541a5 100644
+--- a/src/request.c
++++ b/src/request.c
+@@ -8,10 +8,39 @@
+ #include "log.h"
+ #include "sock_addr.h"
+ 
++#include <errno.h>
+ #include <limits.h>
+ #include <stdlib.h>
+ #include <string.h>
++#include <sys/statvfs.h>
+ 
++static size_t get_tempdirs_free_space(server *srv)
++{
++	int i;
++	int valid = 0;
++	size_t total = 0;
++	array *dirs = srv->srvconf.upload_tempdirs;
++
++	for (i = 0; i < (int)dirs->used; ++i) {
++		struct statvfs stat;
++		const char *name = ((data_string *)dirs->data[i])->value->ptr;
++		int ret = statvfs(name, &stat);
++
++		if (ret >= 0) {
++			size_t df = (size_t)(stat.f_bsize * stat.f_bfree);
++			total += df;
++			valid = 1;
++		}
++		else {
++			log_error_write(srv, __FILE__, __LINE__, "ssss",
++						"dir:", name,
++						"error:", strerror(errno));
++		}
++	}
++
++	return (valid) ? total : SSIZE_MAX;
++}
++ 
+ static int request_check_hostname(buffer *host) {
+ 	enum { DOMAINLABEL, TOPLABEL } stage = TOPLABEL;
+ 	size_t i;
+@@ -928,6 +957,22 @@ int http_request_parse(server *srv, conn
+ 		if (!state.con_length_set) {
+ 			return http_request_header_line_invalid(srv, 411, "POST-request, but content-length missing -> 411");
+ 		}
++		/* content-length is larger than 64k */
++		if (con->request.content_length > 64*1024) {
++			size_t disk_free = get_tempdirs_free_space(srv);
++			if (con->request.content_length > disk_free) {
++				con->http_status = 413;
++				con->keep_alive = 0;
++
++				log_error_write(srv, __FILE__, __LINE__, "ssosos",
++						"not enough free space in tempdirs:",
++						"length =", (off_t) con->request.content_length,
++						"free =", (off_t) disk_free,
++						"-> 413");
++				return 0;
++			}
++		}
++
+ 		break;
+ 	default:
+ 		break;
+-- 
+2.21.0
+
diff --git a/base/lighttpd/debian/patches/series b/base/lighttpd/debian/patches/series
new file mode 100644
index 000000000..0781feede
--- /dev/null
+++ b/base/lighttpd/debian/patches/series
@@ -0,0 +1 @@
+check-content-length.patch