Add debian package for lighttpd
Using the 1.4.55-1~bpo10+1 not the default version 1.4.59-1 of bullseye in order to port the patch check-content-length.patch due to the big gap of codes. Ingore the patch lighttpd-tpm-support.patch since the TPM is deprecated. Porting the spec patch spec-include-TiS-changes.patch from CentOS and disable 3 sub-packages since some configure options are disabled by spec-include-TiS-changes.patch. Story: 2009221 Task: 43608 Signed-off-by: Yue Tao <yue.tao@windriver.com> Change-Id: Iae9aa9276999a5bfa34d1980821c0d88dd3b75c6
This commit is contained in:
parent
229a6b32af
commit
8cf8f7aca3
@ -0,0 +1,192 @@
|
|||||||
|
From 91f1bd05e5acc70789d17de47de7813bb615027c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Yue Tao <Yue.Tao@windriver.com>
|
||||||
|
Date: Tue, 9 Mar 2021 18:26:53 -0800
|
||||||
|
Subject: [PATCH] lighttpd: backport spec-include-TiS-changes.patch from
|
||||||
|
StarlingX f/centos8 branch
|
||||||
|
|
||||||
|
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
|
||||||
|
---
|
||||||
|
debian/control | 99 ++++++++++++++++++++++++--------------------------
|
||||||
|
debian/rules | 12 +++---
|
||||||
|
2 files changed, 55 insertions(+), 56 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/debian/control b/debian/control
|
||||||
|
index 7807525..682477b 100644
|
||||||
|
--- a/debian/control
|
||||||
|
+++ b/debian/control
|
||||||
|
@@ -62,15 +62,12 @@ Suggests:
|
||||||
|
lighttpd-mod-authn-gssapi,
|
||||||
|
lighttpd-mod-authn-pam,
|
||||||
|
lighttpd-mod-authn-sasl,
|
||||||
|
- lighttpd-mod-cml,
|
||||||
|
lighttpd-mod-geoip,
|
||||||
|
- lighttpd-mod-magnet,
|
||||||
|
lighttpd-mod-maxminddb,
|
||||||
|
lighttpd-mod-trigger-b4-dl,
|
||||||
|
lighttpd-mod-vhostdb-dbi,
|
||||||
|
lighttpd-mod-vhostdb-pgsql,
|
||||||
|
lighttpd-mod-webdav,
|
||||||
|
- lighttpd-modules-ldap,
|
||||||
|
lighttpd-modules-mysql,
|
||||||
|
Description: fast webserver with minimal memory footprint
|
||||||
|
lighttpd is a small webserver and fast webserver developed with
|
||||||
|
@@ -99,29 +96,29 @@ Description: documentation for lighttpd
|
||||||
|
.
|
||||||
|
This package contains documentation for lighttpd.
|
||||||
|
|
||||||
|
-Package: lighttpd-modules-ldap
|
||||||
|
-Architecture: any
|
||||||
|
-Depends:
|
||||||
|
- ${misc:Depends},
|
||||||
|
- ${shlibs:Depends},
|
||||||
|
- lighttpd (= ${binary:Version}),
|
||||||
|
-Breaks:
|
||||||
|
- lighttpd (<< 1.4.52-2+exp1),
|
||||||
|
- lighttpd-mod-authn-ldap (<< 1.4.52-2+exp1),
|
||||||
|
-Replaces:
|
||||||
|
- lighttpd (<< 1.4.52-2+exp1),
|
||||||
|
- lighttpd-mod-authn-ldap (<< 1.4.52-2+exp1),
|
||||||
|
-Provides:
|
||||||
|
- ${lighttpd:ModuleProvides},
|
||||||
|
-Description: LDAP-based modules for lighttpd
|
||||||
|
- This package contains the following modules:
|
||||||
|
- * mod_authn_ldap: With this module, it is possible to perform
|
||||||
|
- authentication against an LDAP server.
|
||||||
|
- * mod_vhostdb_ldap: Database backend module for using LDAP as
|
||||||
|
- a source for virtual host configuration using mod_vhostdb.
|
||||||
|
- .
|
||||||
|
- Do not depend on this package. Depend on the provided lighttpd-mod-*
|
||||||
|
- packages instead.
|
||||||
|
+#Package: lighttpd-modules-ldap
|
||||||
|
+#Architecture: any
|
||||||
|
+#Depends:
|
||||||
|
+# ${misc:Depends},
|
||||||
|
+# ${shlibs:Depends},
|
||||||
|
+# lighttpd (= ${binary:Version}),
|
||||||
|
+#Breaks:
|
||||||
|
+# lighttpd (<< 1.4.52-2+exp1),
|
||||||
|
+# lighttpd-mod-authn-ldap (<< 1.4.52-2+exp1),
|
||||||
|
+#Replaces:
|
||||||
|
+# lighttpd (<< 1.4.52-2+exp1),
|
||||||
|
+# lighttpd-mod-authn-ldap (<< 1.4.52-2+exp1),
|
||||||
|
+#Provides:
|
||||||
|
+# ${lighttpd:ModuleProvides},
|
||||||
|
+#Description: LDAP-based modules for lighttpd
|
||||||
|
+# This package contains the following modules:
|
||||||
|
+# * mod_authn_ldap: With this module, it is possible to perform
|
||||||
|
+# authentication against an LDAP server.
|
||||||
|
+# * mod_vhostdb_ldap: Database backend module for using LDAP as
|
||||||
|
+# a source for virtual host configuration using mod_vhostdb.
|
||||||
|
+# .
|
||||||
|
+# Do not depend on this package. Depend on the provided lighttpd-mod-*
|
||||||
|
+# packages instead.
|
||||||
|
|
||||||
|
Package: lighttpd-modules-mysql
|
||||||
|
Architecture: any
|
||||||
|
@@ -165,32 +162,32 @@ Description: anti-deep-linking module for lighttpd
|
||||||
|
from other sites by requiring users to visit a trigger URL to
|
||||||
|
be able to download certain files.
|
||||||
|
|
||||||
|
-Package: lighttpd-mod-cml
|
||||||
|
-Architecture: any
|
||||||
|
-Depends:
|
||||||
|
- ${misc:Depends},
|
||||||
|
- ${shlibs:Depends},
|
||||||
|
- lighttpd (= ${binary:Version}),
|
||||||
|
-Recommends:
|
||||||
|
- memcached,
|
||||||
|
-Description: cache meta language module for lighttpd
|
||||||
|
- With the cache meta language, it is possible to describe to the
|
||||||
|
- dependencies of a cached file to its source files/scripts. For the
|
||||||
|
- cache files, the scripting language Lua is used.
|
||||||
|
- .
|
||||||
|
- THIS MODULE IS OBSOLETED, USE mod_magnet INSTEAD.
|
||||||
|
+#Package: lighttpd-mod-cml
|
||||||
|
+#Architecture: any
|
||||||
|
+#Depends:
|
||||||
|
+# ${misc:Depends},
|
||||||
|
+# ${shlibs:Depends},
|
||||||
|
+# lighttpd (= ${binary:Version}),
|
||||||
|
+#Recommends:
|
||||||
|
+# memcached,
|
||||||
|
+#Description: cache meta language module for lighttpd
|
||||||
|
+# With the cache meta language, it is possible to describe to the
|
||||||
|
+# dependencies of a cached file to its source files/scripts. For the
|
||||||
|
+# cache files, the scripting language Lua is used.
|
||||||
|
+# .
|
||||||
|
+# THIS MODULE IS OBSOLETED, USE mod_magnet INSTEAD.
|
||||||
|
|
||||||
|
-Package: lighttpd-mod-magnet
|
||||||
|
-Architecture: any
|
||||||
|
-Depends:
|
||||||
|
- ${misc:Depends},
|
||||||
|
- ${shlibs:Depends},
|
||||||
|
- lighttpd (= ${binary:Version}),
|
||||||
|
-Description: control the request handling module for lighttpd
|
||||||
|
- mod_magnet can attract a request in several stages in the request-handling.
|
||||||
|
- either at the same level as mod_rewrite, before any parsing of the URL is done
|
||||||
|
- or at a later stage, when the doc-root is known and the physical-path is
|
||||||
|
- already setup
|
||||||
|
+#Package: lighttpd-mod-magnet
|
||||||
|
+#Architecture: any
|
||||||
|
+#Depends:
|
||||||
|
+# ${misc:Depends},
|
||||||
|
+# ${shlibs:Depends},
|
||||||
|
+# lighttpd (= ${binary:Version}),
|
||||||
|
+#Description: control the request handling module for lighttpd
|
||||||
|
+# mod_magnet can attract a request in several stages in the request-handling.
|
||||||
|
+# either at the same level as mod_rewrite, before any parsing of the URL is done
|
||||||
|
+# or at a later stage, when the doc-root is known and the physical-path is
|
||||||
|
+# already setup
|
||||||
|
|
||||||
|
Package: lighttpd-mod-webdav
|
||||||
|
Architecture: any
|
||||||
|
diff --git a/debian/rules b/debian/rules
|
||||||
|
index 7c0440b..e456781 100755
|
||||||
|
--- a/debian/rules
|
||||||
|
+++ b/debian/rules
|
||||||
|
@@ -16,6 +16,7 @@ override_dh_clean:
|
||||||
|
override_dh_auto_configure:
|
||||||
|
dh_auto_configure -- \
|
||||||
|
--disable-dependency-tracking \
|
||||||
|
+ --disable-static \
|
||||||
|
--libdir=/usr/lib/lighttpd \
|
||||||
|
--libexecdir="/usr/lib/lighttpd" \
|
||||||
|
--with-attr \
|
||||||
|
@@ -23,10 +24,12 @@ override_dh_auto_configure:
|
||||||
|
--with-fam \
|
||||||
|
--with-gdbm \
|
||||||
|
--with-krb5 \
|
||||||
|
- --with-ldap \
|
||||||
|
+ --without-ldap \
|
||||||
|
--with-geoip \
|
||||||
|
--with-memcached \
|
||||||
|
- --with-lua=lua5.1 \
|
||||||
|
+ --without-lua \
|
||||||
|
+ --without-bzip2 \
|
||||||
|
+ --without-memcache \
|
||||||
|
--with-maxminddb \
|
||||||
|
--with-mysql \
|
||||||
|
--with-openssl \
|
||||||
|
@@ -34,8 +37,8 @@ override_dh_auto_configure:
|
||||||
|
--with-pcre \
|
||||||
|
--with-pgsql \
|
||||||
|
--with-sasl \
|
||||||
|
- --with-webdav-locks \
|
||||||
|
- --with-webdav-props \
|
||||||
|
+ --without-webdav-locks \
|
||||||
|
+ --without-webdav-props \
|
||||||
|
$(if $(filter pkg.lighttpd.libunwind,$(DEB_BUILD_PROFILES)),--with-libunwind) \
|
||||||
|
CFLAGS_FOR_BUILD="$(shell dpkg-buildflags --get CFLAGS)" \
|
||||||
|
LDFLAGS_FOR_BUILD="$(shell dpkg-buildflags --get LDFLAGS)" \
|
||||||
|
@@ -49,7 +52,6 @@ override_dh_missing:
|
||||||
|
dh_missing --fail-missing
|
||||||
|
|
||||||
|
DOCLESS_PACKAGES=\
|
||||||
|
- lighttpd-modules-ldap \
|
||||||
|
lighttpd-modules-mysql \
|
||||||
|
lighttpd-mod-authn-pam \
|
||||||
|
lighttpd-mod-authn-sasl \
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
1
base/lighttpd/debian/deb_patches/series
Normal file
1
base/lighttpd/debian/deb_patches/series
Normal file
@ -0,0 +1 @@
|
|||||||
|
0001-lighttpd-backport-spec-include-TiS-changes.patch-fro.patch
|
9
base/lighttpd/debian/meta_data.yaml
Normal file
9
base/lighttpd/debian/meta_data.yaml
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
debver: 1.4.55-1~bpo10+1
|
||||||
|
debname: lighttpd
|
||||||
|
dl_path:
|
||||||
|
name: lighttpd-debian-1.4.55-1_bpo10+1.tar.gz
|
||||||
|
url: https://salsa.debian.org/debian/lighttpd/-/archive/debian/1.4.55-1_bpo10+1/lighttpd-debian-1.4.55-1_bpo10+1.tar.gz
|
||||||
|
md5sum: 453d7710982ee44fb5ce41673c6bd0df
|
||||||
|
revision:
|
||||||
|
dist: $STX_DIST
|
||||||
|
PKG_GITREVCOUNT:
|
80
base/lighttpd/debian/patches/check-content-length.patch
Normal file
80
base/lighttpd/debian/patches/check-content-length.patch
Normal file
@ -0,0 +1,80 @@
|
|||||||
|
From 65107586a55c594c44b0a97a2d6756f6a0f0a5ca Mon Sep 17 00:00:00 2001
|
||||||
|
From: Giao Le <giao.le@windriver.com>
|
||||||
|
Date: Mon, 27 Aug 2018 19:41:36 +0800
|
||||||
|
Subject: [PATCH] check-length
|
||||||
|
|
||||||
|
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
|
||||||
|
---
|
||||||
|
src/request.c | 45 +++++++++++++++++++++++++++++++++++++++++++++
|
||||||
|
1 file changed, 45 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/request.c b/src/request.c
|
||||||
|
index d25e1e7..fe541a5 100644
|
||||||
|
--- a/src/request.c
|
||||||
|
+++ b/src/request.c
|
||||||
|
@@ -8,10 +8,39 @@
|
||||||
|
#include "log.h"
|
||||||
|
#include "sock_addr.h"
|
||||||
|
|
||||||
|
+#include <errno.h>
|
||||||
|
#include <limits.h>
|
||||||
|
#include <stdlib.h>
|
||||||
|
#include <string.h>
|
||||||
|
+#include <sys/statvfs.h>
|
||||||
|
|
||||||
|
+static size_t get_tempdirs_free_space(server *srv)
|
||||||
|
+{
|
||||||
|
+ int i;
|
||||||
|
+ int valid = 0;
|
||||||
|
+ size_t total = 0;
|
||||||
|
+ array *dirs = srv->srvconf.upload_tempdirs;
|
||||||
|
+
|
||||||
|
+ for (i = 0; i < (int)dirs->used; ++i) {
|
||||||
|
+ struct statvfs stat;
|
||||||
|
+ const char *name = ((data_string *)dirs->data[i])->value->ptr;
|
||||||
|
+ int ret = statvfs(name, &stat);
|
||||||
|
+
|
||||||
|
+ if (ret >= 0) {
|
||||||
|
+ size_t df = (size_t)(stat.f_bsize * stat.f_bfree);
|
||||||
|
+ total += df;
|
||||||
|
+ valid = 1;
|
||||||
|
+ }
|
||||||
|
+ else {
|
||||||
|
+ log_error_write(srv, __FILE__, __LINE__, "ssss",
|
||||||
|
+ "dir:", name,
|
||||||
|
+ "error:", strerror(errno));
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return (valid) ? total : SSIZE_MAX;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static int request_check_hostname(buffer *host) {
|
||||||
|
enum { DOMAINLABEL, TOPLABEL } stage = TOPLABEL;
|
||||||
|
size_t i;
|
||||||
|
@@ -928,6 +957,22 @@ int http_request_parse(server *srv, conn
|
||||||
|
if (!state.con_length_set) {
|
||||||
|
return http_request_header_line_invalid(srv, 411, "POST-request, but content-length missing -> 411");
|
||||||
|
}
|
||||||
|
+ /* content-length is larger than 64k */
|
||||||
|
+ if (con->request.content_length > 64*1024) {
|
||||||
|
+ size_t disk_free = get_tempdirs_free_space(srv);
|
||||||
|
+ if (con->request.content_length > disk_free) {
|
||||||
|
+ con->http_status = 413;
|
||||||
|
+ con->keep_alive = 0;
|
||||||
|
+
|
||||||
|
+ log_error_write(srv, __FILE__, __LINE__, "ssosos",
|
||||||
|
+ "not enough free space in tempdirs:",
|
||||||
|
+ "length =", (off_t) con->request.content_length,
|
||||||
|
+ "free =", (off_t) disk_free,
|
||||||
|
+ "-> 413");
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
break;
|
||||||
|
--
|
||||||
|
2.21.0
|
||||||
|
|
1
base/lighttpd/debian/patches/series
Normal file
1
base/lighttpd/debian/patches/series
Normal file
@ -0,0 +1 @@
|
|||||||
|
check-content-length.patch
|
Loading…
Reference in New Issue
Block a user