diff options
Diffstat (limited to 'meta-webserver')
49 files changed, 423 insertions, 440 deletions
diff --git a/meta-webserver/README b/meta-webserver/README.md index d23f6cc65c..d1b743887c 100644 --- a/meta-webserver/README +++ b/meta-webserver/README.md @@ -26,10 +26,10 @@ branch: master Layout ------ -recipes-httpd/ Web servers -recipes-php/ PHP applications -recipes-support/ Miscellaneous support recipes -recipes-webadmin/ Standalone web administration interfaces +* recipes-httpd/ Web servers +* recipes-php/ PHP applications +* recipes-support/ Miscellaneous support recipes +* recipes-webadmin/ Standalone web administration interfaces Notes diff --git a/meta-webserver/conf/layer.conf b/meta-webserver/conf/layer.conf index bfcd9681c0..c0896f1a2d 100644 --- a/meta-webserver/conf/layer.conf +++ b/meta-webserver/conf/layer.conf @@ -17,7 +17,7 @@ LAYERVERSION_webserver = "1" LAYERDEPENDS_webserver = "core openembedded-layer" -LAYERSERIES_COMPAT_webserver = "kirkstone langdale" +LAYERSERIES_COMPAT_webserver = "scarthgap" LICENSE_PATH += "${LAYERDIR}/licenses" diff --git a/meta-webserver/files/static-group-meta-webserver b/meta-webserver/files/static-group-meta-webserver new file mode 100644 index 0000000000..811980c05d --- /dev/null +++ b/meta-webserver/files/static-group-meta-webserver @@ -0,0 +1 @@ +netdata:x:691 diff --git a/meta-webserver/files/static-passwd-meta-webserver b/meta-webserver/files/static-passwd-meta-webserver new file mode 100644 index 0000000000..231d458ab5 --- /dev/null +++ b/meta-webserver/files/static-passwd-meta-webserver @@ -0,0 +1,2 @@ +www:x:690:nogroup::/:/bin/nologin +netdata:x:691:691::/:/bin/nologin diff --git a/meta-webserver/recipes-core/images/meta-webserver-image.bb b/meta-webserver/recipes-core/images/meta-webserver-image-all.bb index ce4f8a0387..9d2badc236 100644 --- a/meta-webserver/recipes-core/images/meta-webserver-image.bb +++ b/meta-webserver/recipes-core/images/meta-webserver-image-all.bb @@ -1,3 +1,3 @@ -require meta-webserver-image-base.bb +require recipes-core/images/core-image-base.bb IMAGE_INSTALL += "packagegroup-meta-webserver" diff --git a/meta-webserver/recipes-core/images/meta-webserver-image-base.bb b/meta-webserver/recipes-core/images/meta-webserver-image-base.bb deleted file mode 100644 index a4ce10f674..0000000000 --- a/meta-webserver/recipes-core/images/meta-webserver-image-base.bb +++ /dev/null @@ -1,7 +0,0 @@ -SUMMARY = "meta-webserver build test image" - -IMAGE_INSTALL = "packagegroup-core-boot" - -LICENSE = "MIT" - -inherit core-image diff --git a/meta-webserver/recipes-httpd/apache-mod/apache-websocket_git.bb b/meta-webserver/recipes-httpd/apache-mod/apache-websocket_git.bb index 040788609e..4dbf595c19 100644 --- a/meta-webserver/recipes-httpd/apache-mod/apache-websocket_git.bb +++ b/meta-webserver/recipes-httpd/apache-mod/apache-websocket_git.bb @@ -15,7 +15,7 @@ SRC_URI = "git://github.com/jchampio/apache-websocket.git;branch=master;protocol SRCREV = "0ee34c77fc78ff08fd548706300b80a7bc7874e4" -PV = "0.1.2+git${SRCPV}" +PV = "0.1.2+git" S = "${WORKDIR}/git" diff --git a/meta-webserver/recipes-httpd/apache-mod/mod-dnssd_0.6.bb b/meta-webserver/recipes-httpd/apache-mod/mod-dnssd_0.6.bb new file mode 100644 index 0000000000..5fac0a6ed4 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache-mod/mod-dnssd_0.6.bb @@ -0,0 +1,20 @@ +DESCRIPTION = "Avahi Module for Apache2." +HOMEPAGE = "https://0pointer.de/lennart/projects/mod_dnssd/" +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + +DEPENDS = "apache2 avahi" + +SRC_URI = "git://git.0pointer.de/mod_dnssd;protocol=git;branch=master" +SRCREV = "be2fb9f6158f800685de7a1bc01c39b6cf1fa12c" + +S = "${WORKDIR}/git" + +EXTRA_OECONF = "--disable-lynx" + +inherit autotools pkgconfig + +do_install() { + install -Dm755 ${S}/src/.libs/mod_dnssd.so ${D}${libexecdir}/apache2/modules/mod_dnssd.so +} + diff --git a/meta-webserver/recipes-httpd/apache2/apache2/0001-make_exports.awk-not-expose-the-path.patch b/meta-webserver/recipes-httpd/apache2/apache2/0001-make_exports.awk-not-expose-the-path.patch new file mode 100644 index 0000000000..78f23f0f2d --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2/0001-make_exports.awk-not-expose-the-path.patch @@ -0,0 +1,32 @@ +From 5b5eae9cdf3bae91756c717349f2f33a31888f24 Mon Sep 17 00:00:00 2001 +From: Mingli Yu <mingli.yu@windriver.com> +Date: Wed, 3 Aug 2022 12:35:16 +0800 +Subject: [PATCH] make_exports.awk: not expose the path + +Don't print the full path in the comment line. + +Upstream-Status: Inappropriate [oe specific] + +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + build/make_exports.awk | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/build/make_exports.awk b/build/make_exports.awk +index 1cf0568..44d93c5 100644 +--- a/build/make_exports.awk ++++ b/build/make_exports.awk +@@ -47,7 +47,9 @@ function push(line) { + + function do_output() { + printf("/*\n") +- printf(" * %s\n", FILENAME) ++ file = FILENAME ++ sub("([^/]*[/])*", "", file) ++ printf(" * %s\n", file) + printf(" */\n") + + for (i = 0; i < stackptr; i++) { +-- +2.25.1 + diff --git a/meta-webserver/recipes-httpd/apache2/apache2/0004-apache2-log-the-SELinux-context-at-startup.patch b/meta-webserver/recipes-httpd/apache2/apache2/0004-apache2-log-the-SELinux-context-at-startup.patch index 5d82919685..3b080f54f6 100644 --- a/meta-webserver/recipes-httpd/apache2/apache2/0004-apache2-log-the-SELinux-context-at-startup.patch +++ b/meta-webserver/recipes-httpd/apache2/apache2/0004-apache2-log-the-SELinux-context-at-startup.patch @@ -1,4 +1,4 @@ -From 37699e9be04d83c5923644e298f400e077f76e85 Mon Sep 17 00:00:00 2001 +From e47cc405eadcbe37a579c375e824e20a5c53bfad Mon Sep 17 00:00:00 2001 From: Paul Eggleton <paul.eggleton@linux.intel.com> Date: Tue, 17 Jul 2012 11:27:39 +0100 Subject: [PATCH] Log the SELinux context at startup. @@ -8,13 +8,14 @@ Log the SELinux context at startup. Upstream-Status: Inappropriate [other] Note: unlikely to be any interest in this upstream + --- configure.in | 5 +++++ server/core.c | 26 ++++++++++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/configure.in b/configure.in -index c799aec..76811e7 100644 +index ea6cec3..92b74b7 100644 --- a/configure.in +++ b/configure.in @@ -491,6 +491,11 @@ getloadavg @@ -30,7 +31,7 @@ index c799aec..76811e7 100644 [AC_TRY_RUN(#define _GNU_SOURCE #include <unistd.h> diff --git a/server/core.c b/server/core.c -index 3020090..8fef5fd 100644 +index 4da7209..d3ca25b 100644 --- a/server/core.c +++ b/server/core.c @@ -65,6 +65,10 @@ @@ -43,7 +44,7 @@ index 3020090..8fef5fd 100644 + /* LimitRequestBody handling */ #define AP_LIMIT_REQ_BODY_UNSET ((apr_off_t) -1) - #define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 0) + #define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 1<<30) /* 1GB */ @@ -5126,6 +5130,28 @@ static int core_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *pte } #endif @@ -73,6 +74,3 @@ index 3020090..8fef5fd 100644 return OK; } --- -2.25.1 - diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.53.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.58.bb index 8413f53790..a6cdfd1659 100644 --- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.53.bb +++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.58.bb @@ -15,6 +15,7 @@ SRC_URI = "${APACHE_MIRROR}/httpd/httpd-${PV}.tar.bz2 \ file://0007-apache2-allow-to-disable-selinux-support.patch \ file://0008-Fix-perl-install-directory-to-usr-bin.patch \ file://0009-support-apxs.in-force-destdir-to-be-empty-string.patch \ + file://0001-make_exports.awk-not-expose-the-path.patch \ " SRC_URI:append:class-target = " \ @@ -26,7 +27,7 @@ SRC_URI:append:class-target = " \ " LIC_FILES_CHKSUM = "file://LICENSE;md5=bddeddfac80b2c9a882241d008bb41c3" -SRC_URI[sha256sum] = "d0bbd1121a57b5f2a6ff92d7b96f8050c5a45d3f14db118f64979d525858db63" +SRC_URI[sha256sum] = "fa16d72a078210a54c47dd5bef2f8b9b8a01d94909a51453956b3ec6442ea4c5" S = "${WORKDIR}/httpd-${PV}" @@ -34,7 +35,7 @@ inherit autotools update-rc.d pkgconfig systemd update-alternatives DEPENDS = "openssl expat pcre apr apr-util apache2-native " -CVE_PRODUCT = "http_server" +CVE_PRODUCT = "apache:http_server" SSTATE_SCAN_FILES += "apxs config_vars.mk config.nice" @@ -62,6 +63,7 @@ EXTRA_OECONF:class-target = "\ --with-berkeley-db=no \ --enable-info \ --enable-rewrite \ + --with-mpm=prefork \ --enable-mpms-shared \ ap_cv_void_ptr_lt_long=no \ ac_cv_have_threadsafe_pollset=no \ @@ -176,13 +178,25 @@ SYSTEMD_AUTO_ENABLE:${PN} = "enable" ALTERNATIVE:${PN}-doc = "htpasswd.1" ALTERNATIVE_LINK_NAME[htpasswd.1] = "${mandir}/man1/htpasswd.1" -PACKAGES = "${PN}-scripts ${PN}-doc ${PN}-dev ${PN}-dbg ${PN}" +PACKAGES = "${PN}-utils ${PN}-scripts ${PN}-doc ${PN}-dev ${PN}-dbg ${PN}" CONFFILES:${PN} = "${sysconfdir}/${BPN}/httpd.conf \ ${sysconfdir}/${BPN}/magic \ ${sysconfdir}/${BPN}/mime.types \ ${sysconfdir}/${BPN}/extra/*" +FILES:${PN}-utils = "${bindir}/ab \ + ${bindir}/htdbm \ + ${bindir}/htdigest \ + ${bindir}/htpasswd \ + ${bindir}/logresolve \ + ${bindir}/httxt2dbm \ + ${sbindir}/htcacheclean \ + ${sbindir}/fcgistarter \ + ${sbindir}/checkgid \ + ${sbindir}/rotatelogs \ + " + # We override here rather than append so that .so links are # included in the runtime package rather than here (-dev) # and to get build, icons, error into the -dev package @@ -207,7 +221,7 @@ FILES:${PN} += "${datadir}/${BPN}/ ${libdir}/cgi-bin" FILES:${PN}-dbg += "${libdir}/${BPN}/modules/.debug" -RDEPENDS:${PN} += "openssl libgcc" +RDEPENDS:${PN} += "openssl libgcc ${PN}-utils" RDEPENDS:${PN}-scripts += "perl ${PN}" RDEPENDS:${PN}-dev = "perl" diff --git a/meta-webserver/recipes-httpd/apache2/files/apache2-volatile.conf b/meta-webserver/recipes-httpd/apache2/files/apache2-volatile.conf index ff2c587046..0852a8859a 100644 --- a/meta-webserver/recipes-httpd/apache2/files/apache2-volatile.conf +++ b/meta-webserver/recipes-httpd/apache2/files/apache2-volatile.conf @@ -1,2 +1,2 @@ -d /var/run/apache2 0755 root root - +d /run/apache2 0755 root root - d /var/log/apache2 0755 root root - diff --git a/meta-webserver/recipes-httpd/cherokee/cherokee/0001-configure.ac-Add-foreign-to-AM_INIT_AUTOMAKE.patch b/meta-webserver/recipes-httpd/cherokee/cherokee/0001-configure.ac-Add-foreign-to-AM_INIT_AUTOMAKE.patch index f3be7c6e52..b16060f2a1 100644 --- a/meta-webserver/recipes-httpd/cherokee/cherokee/0001-configure.ac-Add-foreign-to-AM_INIT_AUTOMAKE.patch +++ b/meta-webserver/recipes-httpd/cherokee/cherokee/0001-configure.ac-Add-foreign-to-AM_INIT_AUTOMAKE.patch @@ -7,6 +7,7 @@ Fixes errors like | Makefile.am: error: required file './README' not found | Makefile.am: error: required file './ChangeLog' not found +Upstream-Status: Pending Signed-off-by: Khem Raj <raj.khem@gmail.com> --- configure.ac | 2 +- diff --git a/meta-webserver/recipes-httpd/cherokee/cherokee/0001-make-Do-not-build-po-files.patch b/meta-webserver/recipes-httpd/cherokee/cherokee/0001-make-Do-not-build-po-files.patch index d4c0b6e8c6..1d6a2182bd 100644 --- a/meta-webserver/recipes-httpd/cherokee/cherokee/0001-make-Do-not-build-po-files.patch +++ b/meta-webserver/recipes-httpd/cherokee/cherokee/0001-make-Do-not-build-po-files.patch @@ -5,6 +5,7 @@ Subject: [PATCH] make: Do not build po files Target fails to build +Upstream-Status: Inappropriate [Cross-compile specific] Signed-off-by: Khem Raj <raj.khem@gmail.com> --- Makefile.am | 2 +- diff --git a/meta-webserver/recipes-httpd/cherokee/cherokee_git.bb b/meta-webserver/recipes-httpd/cherokee/cherokee_git.bb index 7100ef4341..7763a31881 100644 --- a/meta-webserver/recipes-httpd/cherokee/cherokee_git.bb +++ b/meta-webserver/recipes-httpd/cherokee/cherokee_git.bb @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f" DEPENDS = "unzip-native libpcre openssl mysql5 ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" SRCREV = "9a75e65b876bcc376cb6b379dca1f7ce4a055c59" -PV = "1.2.104+git${SRCPV}" +PV = "1.2.104+git" SRC_URI = "git://github.com/cherokee/webserver;branch=master;protocol=https \ file://cherokee.init \ file://cherokee.service \ @@ -75,3 +75,5 @@ python() { if 'meta-python2' not in d.getVar('BBFILE_COLLECTIONS').split(): raise bb.parse.SkipRecipe('Requires meta-python2 to be present.') } + +CVE_PRODUCT += "cherokee_web_server" diff --git a/meta-webserver/recipes-httpd/monkey/files/0001-configure-Respect-LIBS-variable-from-env.patch b/meta-webserver/recipes-httpd/monkey/files/0001-configure-Respect-LIBS-variable-from-env.patch deleted file mode 100644 index 7a229513b6..0000000000 --- a/meta-webserver/recipes-httpd/monkey/files/0001-configure-Respect-LIBS-variable-from-env.patch +++ /dev/null @@ -1,29 +0,0 @@ -From b0526a9b5325bd4758dad8d14efd85c98ef2ebff Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Fri, 14 Jul 2017 18:25:23 -0700 -Subject: [PATCH] configure: Respect LIBS variable from env - -For musl we need to pass -lexecinfo from env -this change accomodates that - -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - configure | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/configure b/configure -index 4286c34..f1c65db 100755 ---- a/configure -+++ b/configure -@@ -620,7 +620,7 @@ LIBDEFS = -DSHAREDLIB -fPIC \$(DEFS) - INCDIR = ./include - LDFLAGS = $LDFLAGS - DESTDIR = ../bin/monkey --LIBS = -ldl $libs -+LIBS = -ldl $libs ${LIBS} - OBJ = monkey.o mk_method.o mk_mimetype.o mk_vhost.o mk_request.o \\ - mk_header.o mk_config.o mk_signals.o \\ - mk_user.o mk_utils.o mk_epoll.o mk_scheduler.o \\ --- -2.13.3 - diff --git a/meta-webserver/recipes-httpd/monkey/files/0001-fastcgi-Use-value-instead-of-address-of-sin6_port.patch b/meta-webserver/recipes-httpd/monkey/files/0001-fastcgi-Use-value-instead-of-address-of-sin6_port.patch new file mode 100644 index 0000000000..f4bab49aa7 --- /dev/null +++ b/meta-webserver/recipes-httpd/monkey/files/0001-fastcgi-Use-value-instead-of-address-of-sin6_port.patch @@ -0,0 +1,30 @@ +From 7f724bbafbb1e170401dd5de201273ab8c8bc75f Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Sun, 28 Aug 2022 14:24:02 -0700 +Subject: [PATCH] fastcgi: Use value instead of address of sin6_port + +This seems to be wrongly assigned where ipv4 sin_port is +equated to address of sin6_port and not value of sin6_port + +Upstream-Status: Submitted [https://github.com/monkey/monkey/pull/375] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + plugins/fastcgi/fcgi_handler.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/plugins/fastcgi/fcgi_handler.c b/plugins/fastcgi/fcgi_handler.c +index 9e095e3c..e8e1eec1 100644 +--- a/plugins/fastcgi/fcgi_handler.c ++++ b/plugins/fastcgi/fcgi_handler.c +@@ -245,7 +245,7 @@ static inline int fcgi_add_param_net(struct fcgi_handler *handler) + struct sockaddr_in *s4 = (struct sockaddr_in *)&addr4; + memset(&addr4, 0, sizeof(addr4)); + addr4.sin_family = AF_INET; +- addr4.sin_port = &s->sin6_port; ++ addr4.sin_port = s->sin6_port; + memcpy(&addr4.sin_addr.s_addr, + s->sin6_addr.s6_addr + 12, + sizeof(addr4.sin_addr.s_addr)); +-- +2.37.2 + diff --git a/meta-webserver/recipes-httpd/monkey/monkey_1.6.9.bb b/meta-webserver/recipes-httpd/monkey/monkey_1.6.9.bb index fff406a3f2..ee5dc16198 100644 --- a/meta-webserver/recipes-httpd/monkey/monkey_1.6.9.bb +++ b/meta-webserver/recipes-httpd/monkey/monkey_1.6.9.bb @@ -7,11 +7,13 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=2ee41112a44fe7014dce33e26468ba93" SECTION = "net" -SRC_URI = "http://monkey-project.com/releases/1.6/monkey-${PV}.tar.gz \ +SRC_URI = "git://github.com/monkey/monkey;branch=1.6;protocol=https \ + file://0001-fastcgi-Use-value-instead-of-address-of-sin6_port.patch \ file://monkey.service \ file://monkey.init" -SRC_URI[sha256sum] = "f1122e89cda627123286542b0a18fcaa131cbe9d4f5dd897d9455157289148fb" +SRCREV = "7999b487fded645381d387ec0e057e92407b0d2c" +S = "${WORKDIR}/git" UPSTREAM_CHECK_URI = "https://github.com/monkey/monkey/releases" UPSTREAM_CHECK_REGEX = "v(?P<pver>\d+(\.\d+)+).tar.gz" @@ -37,6 +39,10 @@ inherit cmake pkgconfig update-rc.d systemd OECMAKE_GENERATOR = "Unix Makefiles" +do_configure:append() { + sed -i -e 's|${STAGING_BINDIR_TOOLCHAIN}/||g' ${S}/include/monkey/mk_env.h +} + do_install:append() { rmdir ${D}${localstatedir}/log/${BPN} ${D}${localstatedir}/run ${D}${localstatedir}/log rmdir --ignore-fail-on-non-empty ${D}${localstatedir} diff --git a/meta-webserver/recipes-httpd/nginx/files/0001-configure-libxslt-conf.patch b/meta-webserver/recipes-httpd/nginx/files/0001-configure-libxslt-conf.patch new file mode 100644 index 0000000000..7ba2a1fb85 --- /dev/null +++ b/meta-webserver/recipes-httpd/nginx/files/0001-configure-libxslt-conf.patch @@ -0,0 +1,39 @@ +From 0c3c669464a514cf8d0cac08282ecb2b486f440f Mon Sep 17 00:00:00 2001 +From: Joe Slater <joe.slater@windriver.com> +Date: Tue, 3 Oct 2023 19:21:17 +0000 +Subject: [PATCH] configure: libxslt conf + +Modify to find libxslt related include files under sysroot. + +Upstream-Status: Pending + +Signed-off-by: Joe Slater <joe.slater@windriver.com> +--- + auto/lib/libxslt/conf | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/auto/lib/libxslt/conf b/auto/lib/libxslt/conf +index 3063ac7..eb77886 100644 +--- a/auto/lib/libxslt/conf ++++ b/auto/lib/libxslt/conf +@@ -12,7 +12,7 @@ + #include <libxslt/xsltInternals.h> + #include <libxslt/transform.h> + #include <libxslt/xsltutils.h>" +- ngx_feature_path="/usr/include/libxml2" ++ ngx_feature_path="=/usr/include/libxml2" + ngx_feature_libs="-lxml2 -lxslt" + ngx_feature_test="xmlParserCtxtPtr ctxt = NULL; + xsltStylesheetPtr sheet = NULL; +@@ -100,7 +100,7 @@ fi + ngx_feature_name=NGX_HAVE_EXSLT + ngx_feature_run=no + ngx_feature_incs="#include <libexslt/exslt.h>" +- ngx_feature_path="/usr/include/libxml2" ++ ngx_feature_path="=/usr/include/libxml2" + ngx_feature_libs="-lexslt" + ngx_feature_test="exsltRegisterAll();" + . auto/feature +-- +2.35.5 + diff --git a/meta-webserver/recipes-httpd/nginx/files/CVE-2021-3618.patch b/meta-webserver/recipes-httpd/nginx/files/CVE-2021-3618.patch deleted file mode 100644 index be42a1ed5e..0000000000 --- a/meta-webserver/recipes-httpd/nginx/files/CVE-2021-3618.patch +++ /dev/null @@ -1,107 +0,0 @@ -From 6dafcdebde58577f4fcb190be46a0eb910cf1b96 Mon Sep 17 00:00:00 2001 -From: Maxim Dounin <mdounin@mdounin.ru> -Date: Wed, 19 May 2021 03:13:31 +0300 -Subject: [PATCH 1/1] Mail: max_errors directive. - -Similarly to smtpd_hard_error_limit in Postfix and smtp_max_unknown_commands -in Exim, specifies the number of errors after which the connection is closed. ---- end of original header --- - -CVE: CVE-2021-3618 - -Upstream-Status: Backport - https://github.com/nginx/nginx.git - commit 173f16f736c10eae46cd15dd861b04b82d91a37a - -Signed-off-by: Joe Slater <joe.slater@windriver.com> ---- - src/mail/ngx_mail.h | 3 +++ - src/mail/ngx_mail_core_module.c | 10 ++++++++++ - src/mail/ngx_mail_handler.c | 15 ++++++++++++++- - 3 files changed, 27 insertions(+), 1 deletion(-) - -diff --git a/src/mail/ngx_mail.h b/src/mail/ngx_mail.h -index b865a3b9..76cae37a 100644 ---- a/src/mail/ngx_mail.h -+++ b/src/mail/ngx_mail.h -@@ -115,6 +115,8 @@ typedef struct { - ngx_msec_t timeout; - ngx_msec_t resolver_timeout; - -+ ngx_uint_t max_errors; -+ - ngx_str_t server_name; - - u_char *file_name; -@@ -231,6 +233,7 @@ typedef struct { - ngx_uint_t command; - ngx_array_t args; - -+ ngx_uint_t errors; - ngx_uint_t login_attempt; - - /* used to parse POP3/IMAP/SMTP command */ -diff --git a/src/mail/ngx_mail_core_module.c b/src/mail/ngx_mail_core_module.c -index 40831242..115671ca 100644 ---- a/src/mail/ngx_mail_core_module.c -+++ b/src/mail/ngx_mail_core_module.c -@@ -85,6 +85,13 @@ static ngx_command_t ngx_mail_core_commands[] = { - offsetof(ngx_mail_core_srv_conf_t, resolver_timeout), - NULL }, - -+ { ngx_string("max_errors"), -+ NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1, -+ ngx_conf_set_num_slot, -+ NGX_MAIL_SRV_CONF_OFFSET, -+ offsetof(ngx_mail_core_srv_conf_t, max_errors), -+ NULL }, -+ - ngx_null_command - }; - -@@ -163,6 +170,8 @@ ngx_mail_core_create_srv_conf(ngx_conf_t *cf) - cscf->timeout = NGX_CONF_UNSET_MSEC; - cscf->resolver_timeout = NGX_CONF_UNSET_MSEC; - -+ cscf->max_errors = NGX_CONF_UNSET_UINT; -+ - cscf->resolver = NGX_CONF_UNSET_PTR; - - cscf->file_name = cf->conf_file->file.name.data; -@@ -182,6 +191,7 @@ ngx_mail_core_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) - ngx_conf_merge_msec_value(conf->resolver_timeout, prev->resolver_timeout, - 30000); - -+ ngx_conf_merge_uint_value(conf->max_errors, prev->max_errors, 5); - - ngx_conf_merge_str_value(conf->server_name, prev->server_name, ""); - -diff --git a/src/mail/ngx_mail_handler.c b/src/mail/ngx_mail_handler.c -index 0aaa0e78..71b81512 100644 ---- a/src/mail/ngx_mail_handler.c -+++ b/src/mail/ngx_mail_handler.c -@@ -871,7 +871,20 @@ ngx_mail_read_command(ngx_mail_session_t *s, ngx_connection_t *c) - return NGX_MAIL_PARSE_INVALID_COMMAND; - } - -- if (rc == NGX_IMAP_NEXT || rc == NGX_MAIL_PARSE_INVALID_COMMAND) { -+ if (rc == NGX_MAIL_PARSE_INVALID_COMMAND) { -+ -+ s->errors++; -+ -+ if (s->errors >= cscf->max_errors) { -+ ngx_log_error(NGX_LOG_INFO, c->log, 0, -+ "client sent too many invalid commands"); -+ s->quit = 1; -+ } -+ -+ return rc; -+ } -+ -+ if (rc == NGX_IMAP_NEXT) { - return rc; - } - --- -2.25.1 - diff --git a/meta-webserver/recipes-httpd/nginx/files/CVE-2023-44487.patch b/meta-webserver/recipes-httpd/nginx/files/CVE-2023-44487.patch new file mode 100644 index 0000000000..2fc6a60f6f --- /dev/null +++ b/meta-webserver/recipes-httpd/nginx/files/CVE-2023-44487.patch @@ -0,0 +1,78 @@ +From 6ceef192e7af1c507826ac38a2d43f08bf265fb9 Mon Sep 17 00:00:00 2001 +From: Maxim Dounin <mdounin@mdounin.ru> +Date: Wed, 10 Jan 2024 18:52:11 +0000 +Subject: [PATCH] HTTP/2: per-iteration stream handling limit. + +To ensure that attempts to flood servers with many streams are detected +early, a limit of no more than 2 * max_concurrent_streams new streams per one +event loop iteration was introduced. This limit is applied even if +max_concurrent_streams is not yet reached - for example, if corresponding +streams are handled synchronously or reset. + +Further, refused streams are now limited to maximum of max_concurrent_streams +and 100, similarly to priority_limit initial value, providing some tolerance +to clients trying to open several streams at the connection start, yet +low tolerance to flooding attempts. + +Upstream-Status: Backport [https://github.com/nginx/nginx/commit/6ceef192e7af1c507826ac38a2d43f08bf265fb9] +CVE: CVE-2023-44487 + +Signed-off-by: alperak <alperyasinak1@gmail.com> +--- + src/http/v2/ngx_http_v2.c | 15 +++++++++++++++ + src/http/v2/ngx_http_v2.h | 2 ++ + 2 files changed, 17 insertions(+) + +diff --git a/src/http/v2/ngx_http_v2.c b/src/http/v2/ngx_http_v2.c +index ea3f27c..1116e56 100644 +--- a/src/http/v2/ngx_http_v2.c ++++ b/src/http/v2/ngx_http_v2.c +@@ -361,6 +361,7 @@ ngx_http_v2_read_handler(ngx_event_t *rev) + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0, "http2 read handler"); + + h2c->blocked = 1; ++ h2c->new_streams = 0; + + if (c->close) { + c->close = 0; +@@ -1321,6 +1322,14 @@ ngx_http_v2_state_headers(ngx_http_v2_connection_t *h2c, u_char *pos, + goto rst_stream; + } + ++ if (h2c->new_streams++ >= 2 * h2scf->concurrent_streams) { ++ ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, ++ "client sent too many streams at once"); ++ ++ status = NGX_HTTP_V2_REFUSED_STREAM; ++ goto rst_stream; ++ } ++ + if (!h2c->settings_ack + && !(h2c->state.flags & NGX_HTTP_V2_END_STREAM_FLAG) + && h2scf->preread_size < NGX_HTTP_V2_DEFAULT_WINDOW) +@@ -1386,6 +1395,12 @@ ngx_http_v2_state_headers(ngx_http_v2_connection_t *h2c, u_char *pos, + + rst_stream: + ++ if (h2c->refused_streams++ > ngx_max(h2scf->concurrent_streams, 100)) { ++ ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, ++ "client sent too many refused streams"); ++ return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_NO_ERROR); ++ } ++ + if (ngx_http_v2_send_rst_stream(h2c, h2c->state.sid, status) != NGX_OK) { + return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_INTERNAL_ERROR); + } +diff --git a/src/http/v2/ngx_http_v2.h b/src/http/v2/ngx_http_v2.h +index 4e25293..b9daf92 100644 +--- a/src/http/v2/ngx_http_v2.h ++++ b/src/http/v2/ngx_http_v2.h +@@ -124,6 +124,8 @@ struct ngx_http_v2_connection_s { + ngx_uint_t processing; + ngx_uint_t frames; + ngx_uint_t idle; ++ ngx_uint_t new_streams; ++ ngx_uint_t refused_streams; + ngx_uint_t priority_limit; + + ngx_uint_t pushing; diff --git a/meta-webserver/recipes-httpd/nginx/nginx.inc b/meta-webserver/recipes-httpd/nginx/nginx.inc index dfced33300..83ae90c40c 100644 --- a/meta-webserver/recipes-httpd/nginx/nginx.inc +++ b/meta-webserver/recipes-httpd/nginx/nginx.inc @@ -22,6 +22,7 @@ SRC_URI = " \ file://nginx-volatile.conf \ file://nginx.service \ file://nginx-fix-pidfile.patch \ + file://0001-configure-libxslt-conf.patch \ " inherit siteinfo update-rc.d useradd systemd @@ -37,12 +38,18 @@ NGINX_USER ?= "www" EXTRA_OECONF = "" DISABLE_STATIC = "" -PACKAGECONFIG ??= "ssl" +PACKAGECONFIG ??= "ssl ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}" PACKAGECONFIG[gunzip] = "--with-http_gunzip_module,," PACKAGECONFIG[http2] = "--with-http_v2_module,," PACKAGECONFIG[ssl] = "--with-http_ssl_module,,openssl" PACKAGECONFIG[http-auth-request] = "--with-http_auth_request_module,," +PACKAGECONFIG[ipv6] = "--with-ipv6,," +PACKAGECONFIG[webdav] = "--with-http_dav_module,," +PACKAGECONFIG[stream] = "--with-stream,," +PACKAGECONFIG[http-sub-module] = "--with-http_sub_module,," + +PACKAGECONFIG[xslt] = "--with-http_xslt_module,,libxslt" do_configure () { if [ "${SITEINFO_BITS}" = "64" ]; then @@ -146,7 +153,7 @@ do_install () { pkg_postinst:${PN} () { if [ -z "$D" ]; then - if type systemd-tmpfiles >/dev/null; then + if type systemd-tmpfiles >/dev/null 2>&1; then systemd-tmpfiles --create elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then ${sysconfdir}/init.d/populate-volatile.sh update @@ -179,4 +186,5 @@ USERADD_PARAM:${PN} = " \ --system --no-create-home \ --home ${NGINX_WWWDIR} \ --groups www-data \ + --shell ${base_sbindir}/nologin \ --user-group ${NGINX_USER}" diff --git a/meta-webserver/recipes-httpd/nginx/nginx_1.20.1.bb b/meta-webserver/recipes-httpd/nginx/nginx_1.20.1.bb deleted file mode 100644 index d686c627f2..0000000000 --- a/meta-webserver/recipes-httpd/nginx/nginx_1.20.1.bb +++ /dev/null @@ -1,9 +0,0 @@ -require nginx.inc - -SRC_URI += "file://CVE-2021-3618.patch" - -LIC_FILES_CHKSUM = "file://LICENSE;md5=206629dc7c7b3e87acb31162363ae505" - -SRC_URI[md5sum] = "8ca6edd5076bdfad30a69c9c9b41cc68" -SRC_URI[sha256sum] = "e462e11533d5c30baa05df7652160ff5979591d291736cfa5edb9fd2edb48c49" - diff --git a/meta-webserver/recipes-httpd/nginx/nginx_1.21.1.bb b/meta-webserver/recipes-httpd/nginx/nginx_1.21.1.bb deleted file mode 100644 index b69fd7dab0..0000000000 --- a/meta-webserver/recipes-httpd/nginx/nginx_1.21.1.bb +++ /dev/null @@ -1,10 +0,0 @@ -require nginx.inc - -# 1.20.x branch is the current stable branch, the recommended default -# 1.21.x is the current mainline branches containing all new features -DEFAULT_PREFERENCE = "-1" - -LIC_FILES_CHKSUM = "file://LICENSE;md5=206629dc7c7b3e87acb31162363ae505" - -SRC_URI[md5sum] = "7dce9e2136ec32dfd823736e871815b1" -SRC_URI[sha256sum] = "68ba0311342115163a0354cad34f90c05a7e8bf689dc498abf07899eda155560" diff --git a/meta-webserver/recipes-httpd/nginx/nginx_1.24.0.bb b/meta-webserver/recipes-httpd/nginx/nginx_1.24.0.bb new file mode 100644 index 0000000000..e5666f6fe6 --- /dev/null +++ b/meta-webserver/recipes-httpd/nginx/nginx_1.24.0.bb @@ -0,0 +1,8 @@ +require nginx.inc + +LIC_FILES_CHKSUM = "file://LICENSE;md5=175abb631c799f54573dc481454c8632" + +SRC_URI:append = " file://CVE-2023-44487.patch" + +SRC_URI[sha256sum] = "77a2541637b92a621e3ee76776c8b7b40cf6d707e69ba53a940283e30ff2f55d" + diff --git a/meta-webserver/recipes-httpd/nginx/nginx_1.25.3.bb b/meta-webserver/recipes-httpd/nginx/nginx_1.25.3.bb new file mode 100644 index 0000000000..d0371dd3cc --- /dev/null +++ b/meta-webserver/recipes-httpd/nginx/nginx_1.25.3.bb @@ -0,0 +1,10 @@ +require nginx.inc + +# 1.24.x branch is the current stable branch, the recommended default +# 1.25.x is the current mainline branches containing all new features +DEFAULT_PREFERENCE = "-1" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=79ad2eb837299421c4435dedc8897b3d" + +SRC_URI[sha256sum] = "64c5b975ca287939e828303fa857d22f142b251f17808dfe41733512d9cded86" + diff --git a/meta-webserver/recipes-httpd/sthttpd/sthttpd/0001-Define-_GNU_SOURCE-if-HAVE_SIGSET-is-set.patch b/meta-webserver/recipes-httpd/sthttpd/sthttpd/0001-Define-_GNU_SOURCE-if-HAVE_SIGSET-is-set.patch new file mode 100644 index 0000000000..a1783a7adb --- /dev/null +++ b/meta-webserver/recipes-httpd/sthttpd/sthttpd/0001-Define-_GNU_SOURCE-if-HAVE_SIGSET-is-set.patch @@ -0,0 +1,51 @@ +From f3889e5870e9761ee6113fac7f38aa44cc43e46c Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Wed, 7 Sep 2022 00:30:52 -0700 +Subject: [PATCH] Define _GNU_SOURCE if HAVE_SIGSET is set + +This enforces using sigset() API which needs _GNU_SOURCE macro to be +defined + +Upstream-Status: Submitted [https://github.com/blueness/sthttpd/pull/16] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + src/libhttpd.c | 5 ++++- + src/thttpd.c | 4 ++++ + 2 files changed, 8 insertions(+), 1 deletion(-) + +diff --git a/src/libhttpd.c b/src/libhttpd.c +index fa42c10..669be11 100644 +--- a/src/libhttpd.c ++++ b/src/libhttpd.c +@@ -25,9 +25,12 @@ + ** SUCH DAMAGE. + */ + +- + #include <config.h> + ++#ifdef HAVE_SIGSET ++#define _GNU_SOURCE ++#endif ++ + //system headers + #include <sys/types.h> + #include <sys/param.h> +diff --git a/src/thttpd.c b/src/thttpd.c +index ad97188..3c7a449 100644 +--- a/src/thttpd.c ++++ b/src/thttpd.c +@@ -28,6 +28,10 @@ + + #include <config.h> + ++#ifdef HAVE_SIGSET ++#define _GNU_SOURCE ++#endif ++ + //system headers + #include <sys/param.h> + #include <sys/types.h> +-- +2.37.3 + diff --git a/meta-webserver/recipes-httpd/sthttpd/sthttpd_2.27.1.bb b/meta-webserver/recipes-httpd/sthttpd/sthttpd_2.27.1.bb index 4134a0e524..b40b148512 100644 --- a/meta-webserver/recipes-httpd/sthttpd/sthttpd_2.27.1.bb +++ b/meta-webserver/recipes-httpd/sthttpd/sthttpd_2.27.1.bb @@ -8,6 +8,7 @@ DEPENDS += "base-passwd virtual/crypt" SRCREV = "2845bf5bff2b820d2336c8c8061cbfc5f271e720" SRC_URI = "git://github.com/blueness/${BPN};branch=master;protocol=https \ + file://0001-Define-_GNU_SOURCE-if-HAVE_SIGSET-is-set.patch \ file://thttpd.service \ file://thttpd.conf \ file://init" diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_5.2.0.bb b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_5.2.1.bb index 45de455643..34b710e885 100644 --- a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_5.2.0.bb +++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_5.2.1.bb @@ -3,7 +3,7 @@ HOMEPAGE = "http://www.phpmyadmin.net" # Main code is GPLv2, vendor/tecnickcom/tcpdf is under LGPLv3, js/jquery is under MIT LICENSE = "GPL-2.0-only & LGPL-3.0-only & MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ - file://vendor/tecnickcom/tcpdf/LICENSE.TXT;md5=dd6470bbcd3436ca317f82d34abaf688 \ + file://vendor/tecnickcom/tcpdf/LICENSE.TXT;md5=d0ff7e060074497f34481cf574e8a581 \ file://js/vendor/jquery/MIT-LICENSE.txt;md5=de877aa6d744cc160ff41c26a8e4811f \ " @@ -11,7 +11,7 @@ SRC_URI = "https://files.phpmyadmin.net/phpMyAdmin/${PV}/phpMyAdmin-${PV}-all-la file://apache.conf \ " -SRC_URI[sha256sum] = "66da31ca295f06182ac3f2e6e96057dc824c459baedf4b29de6ed0d3be039230" +SRC_URI[sha256sum] = "373f9599dfbd96d6fe75316d5dad189e68c305f297edf42377db9dd6b41b2557" UPSTREAM_CHECK_URI = "https://www.phpmyadmin.net/downloads/" UPSTREAM_CHECK_REGEX = "phpMyAdmin-(?P<pver>\d+(\.\d+)+)-all-languages.tar.xz" diff --git a/meta-webserver/recipes-php/xdebug/xdebug_3.1.1.bb b/meta-webserver/recipes-php/xdebug/xdebug_3.2.2.bb index 580ae7e89a..8ad588d291 100644 --- a/meta-webserver/recipes-php/xdebug/xdebug_3.1.1.bb +++ b/meta-webserver/recipes-php/xdebug/xdebug_3.2.2.bb @@ -6,7 +6,7 @@ DEPENDS = "php re2c-native" SRC_URI = "http://xdebug.org/files/xdebug-${PV}.tgz" -SRC_URI[sha256sum] = "9be3ae0fdb4dc4a4c68084626cddc56f12396487e309a8c8dd318f0f900d1a68" +SRC_URI[sha256sum] = "f48777371f90cbb315ea4ea082a1ede6765bcfb35d7d6356ab8f71fd6dfcc157" UPSTREAM_CHECK_REGEX = "xdebug-(?P<pver>\d+(\.\d+)+)\.tgz" diff --git a/meta-webserver/recipes-support/fcgiwrap/fcgiwrap/0001-Fix-implicit-fallthrough-warning.patch b/meta-webserver/recipes-support/fcgiwrap/fcgiwrap/0001-Fix-implicit-fallthrough-warning.patch index d05abd25ca..e160b8644a 100644 --- a/meta-webserver/recipes-support/fcgiwrap/fcgiwrap/0001-Fix-implicit-fallthrough-warning.patch +++ b/meta-webserver/recipes-support/fcgiwrap/fcgiwrap/0001-Fix-implicit-fallthrough-warning.patch @@ -6,7 +6,7 @@ Subject: [PATCH] Fix implicit fallthrough warning Fixes a warning about an implicit fall through in a case statement (-Werror=implicit-fallthrough) with newer versions of GCC -Upstream-status: Submitted [https://github.com/gnosek/fcgiwrap/pull/54] +Upstream-Status: Submitted [https://github.com/gnosek/fcgiwrap/pull/54] Signed-off-by: Joshua Watt <Joshua.Watt@garmin.com> --- configure.ac | 3 + diff --git a/meta-webserver/recipes-support/spawn-fcgi/spawn-fcgi-1.6.4/fix_configure_ipv6_test.patch b/meta-webserver/recipes-support/spawn-fcgi/spawn-fcgi-1.6.4/fix_configure_ipv6_test.patch deleted file mode 100644 index 9409dd2b15..0000000000 --- a/meta-webserver/recipes-support/spawn-fcgi/spawn-fcgi-1.6.4/fix_configure_ipv6_test.patch +++ /dev/null @@ -1,35 +0,0 @@ -Testing for IPv6 support got broken by configure.ac changes in 1.6.4 -As a temp workaround, revert back to the 1.6.3 version. - -Upstream-Status: Pending - ---- spawn-fcgi-1.6.4/configure.ac -+++ spawn-fcgi-1.6.3/configure.ac -@@ -66,8 +47,8 @@ - # Check for IPv6 support - - AC_ARG_ENABLE(ipv6, -- AC_HELP_STRING([--disable-ipv6],[disable IPv6 support]), -- [case "${enableval}" in -+ AC_HELP_STRING([--disable-ipv6],[disable IPv6 support]), -+ [case "${enableval}" in - yes) ipv6=true ;; - no) ipv6=false ;; - *) AC_MSG_ERROR(bad value ${enableval} for --enable-ipv6) ;; -@@ -75,13 +56,10 @@ - - if test x$ipv6 = xtrue; then - AC_CACHE_CHECK([for IPv6 support], ac_cv_ipv6_support, -- [AC_TRY_LINK([[ --#include <sys/types.h> -+ [AC_TRY_LINK([ #include <sys/types.h> - #include <sys/socket.h> --#include <netinet/in.h> -- ]], [[ --struct sockaddr_in6 s; struct in6_addr t=in6addr_any; int i=AF_INET6; s; t.s6_addr[0] = 0; -- ]], [ac_cv_ipv6_support=yes], [ac_cv_ipv6_support=no])]) -+#include <netinet/in.h>], [struct sockaddr_in6 s; struct in6_addr t=in6addr_any; int i=AF_INET6; s; t.s6_addr[0] = 0; ], -+ [ac_cv_ipv6_support=yes], [ac_cv_ipv6_support=no])]) - - if test "$ac_cv_ipv6_support" = yes; then - AC_DEFINE(HAVE_IPV6,1,[Whether to enable IPv6 support]) diff --git a/meta-webserver/recipes-support/spawn-fcgi/spawn-fcgi_1.6.4.bb b/meta-webserver/recipes-support/spawn-fcgi/spawn-fcgi_1.6.5.bb index 808d4528c1..307919f775 100644 --- a/meta-webserver/recipes-support/spawn-fcgi/spawn-fcgi_1.6.4.bb +++ b/meta-webserver/recipes-support/spawn-fcgi/spawn-fcgi_1.6.5.bb @@ -4,11 +4,9 @@ HOMEPAGE = "http://redmine.lighttpd.net/projects/spawn-fcgi" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://COPYING;md5=e4dac5c6ab169aa212feb5028853a579" -SRC_URI = "http://download.lighttpd.net/spawn-fcgi/releases-1.6.x/spawn-fcgi-${PV}.tar.gz \ - file://fix_configure_ipv6_test.patch" +SRC_URI = "http://download.lighttpd.net/spawn-fcgi/releases-1.6.x/spawn-fcgi-${PV}.tar.gz" -SRC_URI[md5sum] = "e970de4efe8045c01dd76280f39901aa" -SRC_URI[sha256sum] = "ab327462cb99894a3699f874425a421d934f957cb24221f00bb888108d9dd09e" +SRC_URI[sha256sum] = "a72d7bf7fb6d1a0acda89c93d4f060bf77a2dba97ddcfecd00f11e708f592c40" inherit autotools diff --git a/meta-webserver/recipes-webadmin/cockpit/cockpit_220.bb b/meta-webserver/recipes-webadmin/cockpit/cockpit_304.bb index c08de89316..df7f47a118 100644 --- a/meta-webserver/recipes-webadmin/cockpit/cockpit_220.bb +++ b/meta-webserver/recipes-webadmin/cockpit/cockpit_304.bb @@ -6,16 +6,16 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" SRC_URI += " \ https://github.com/cockpit-project/cockpit/releases/download/${PV}/cockpit-${PV}.tar.xz \ - file://0001-remove-tests-dep-on-gobject-intro.patch \ - file://0002-fix-makefile-use-copy-rule-for-unmodified-files.patch \ + file://0001-Warn-not-error-if-xsltproc-is-not-found.patch \ file://cockpit.pam \ " -SRC_URI[md5sum] = "beb88d8e70ee1da6ebd917c956217803" -SRC_URI[sha256sum] = "afc82acc8ef9d51e0f34265a07a2f059f5b71a1df721b299e657a40a098cbb7f" +SRC_URI[sha256sum] = "a87d090c930e2058bb3e970ca7f2bafe678687966b5c0b8b42a802977e391ce9" inherit gettext pkgconfig autotools systemd features_check +inherit ${@bb.utils.contains('PACKAGECONFIG', 'old-bridge', '', 'python3targetconfig', d)} -DEPENDS += "glib-2.0-native intltool-native gnutls virtual/gettext json-glib krb5 libpam systemd" +DEPENDS += "glib-2.0-native intltool-native gnutls virtual/gettext json-glib krb5 libpam systemd python3-setuptools-native" +DEPENDS += "${@bb.utils.contains('PACKAGECONFIG', 'old-bridge', '', 'python3-pip-native', d)}" COMPATIBLE_HOST:libc-musl = "null" @@ -30,6 +30,7 @@ EXTRA_AUTORECONF = "-I tools" EXTRA_OECONF = " \ --with-cockpit-user=${COCKPIT_USER_GROUP} \ --with-cockpit-group=${COCKPIT_USER_GROUP} \ + --with-admin-group=${COCKPIT_USER_GROUP} \ --with-cockpit-ws-instance-user=${COCKPIT_WS_USER_GROUP} \ --with-cockpit-ws-instance-group=${COCKPIT_WS_USER_GROUP} \ --disable-doc \ @@ -38,12 +39,14 @@ EXTRA_OECONF = " \ PACKAGECONFIG ??= " \ ${@bb.utils.filter('DISTRO_FEATURES', 'polkit', d)} \ + old-bridge \ " PACKAGECONFIG[pcp] = "--enable-pcp,--disable-pcp,pcp" PACKAGECONFIG[dashboard] = "--enable-ssh,--disable-ssh,libssh" PACKAGECONFIG[storaged] = ",,,udisks2" PACKAGECONFIG[polkit] = "--enable-polkit,--disable-polkit,polkit" +PACKAGECONFIG[old-bridge] = "--enable-old-bridge" PACKAGES =+ " \ ${PN}-pcp \ @@ -61,6 +64,8 @@ PACKAGES =+ " \ ${PN}-playground \ ${PN}-docker \ ${PN}-dashboard \ + ${PN}-packagekit \ + ${PN}-apps \ ${PN}-bridge \ ${PN}-ws \ ${PN}-desktop \ @@ -91,7 +96,10 @@ FILES:${PN}-storaged = " \ ${datadir}/metainfo/org.cockpit-project.cockpit-storaged.metainfo.xml \ " -FILES:${PN}-networkmanager = "${datadir}/cockpit/networkmanager" +FILES:${PN}-networkmanager = " \ + ${datadir}/cockpit/networkmanager \ + ${datadir}/metainfo/org.cockpit-project.cockpit-networkmanager.metainfo.xml \ +" RDEPENDS:${PN}-networkmanager = "networkmanager" FILES:${PN}-machines = " \ @@ -110,11 +118,15 @@ FILES:${PN}-docker = " \ FILES:${PN}-dashboard = "${datadir}/cockpit/dashboard" ALLOW_EMPTY:${PN}-dashboard = "1" +FILES:${PN}-packagekit = "${datadir}/cockpit/packagekit" +FILES:${PN}-apps = "${datadir}/cockpit/apps" + FILES:${PN}-bridge = " \ ${bindir}/cockpit-bridge \ - ${libexec}/cockpit-askpass \ + ${libexecdir}/cockpit-askpass \ + ${PYTHON_SITEPACKAGES_DIR} \ " -RDEPENDS:${PN}-bridge = "" +RDEPENDS:${PN}-bridge = "${@bb.utils.contains('PACKAGECONFIG', 'old-bridge', '', 'python3', d)}" FILES:${PN}-desktop = "${libexecdir}/cockpit-desktop" RDEPENDS:${PN}-desktop += "bash" @@ -129,6 +141,8 @@ FILES:${PN}-ws = " \ ${systemd_system_unitdir}/cockpit.service \ ${systemd_system_unitdir}/cockpit-motd.service \ ${systemd_system_unitdir}/cockpit.socket \ + ${systemd_system_unitdir}/cockpit-session.socket \ + ${systemd_system_unitdir}/cockpit-session@.service \ ${systemd_system_unitdir}/cockpit-wsinstance-http.socket \ ${systemd_system_unitdir}/cockpit-wsinstance-http.service \ ${systemd_system_unitdir}/cockpit-wsinstance-http-redirect.socket \ @@ -170,6 +184,8 @@ FILES:${PN} += " \ ${nonarch_libdir}/firewalld \ " RDEPENDS:${PN} += "${PN}-bridge" +# Needs bash for /usr/libexec/cockpit-certificate-helper +RDEPENDS:${PN} += "bash" do_install:append() { pkgdatadir=${datadir}/cockpit diff --git a/meta-webserver/recipes-webadmin/cockpit/files/0001-Warn-not-error-if-xsltproc-is-not-found.patch b/meta-webserver/recipes-webadmin/cockpit/files/0001-Warn-not-error-if-xsltproc-is-not-found.patch new file mode 100644 index 0000000000..db583cfd29 --- /dev/null +++ b/meta-webserver/recipes-webadmin/cockpit/files/0001-Warn-not-error-if-xsltproc-is-not-found.patch @@ -0,0 +1,25 @@ +From 7c1f95995ce9180221bac03b7b1e1696b8a79de7 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Wed, 7 Sep 2022 11:12:28 -0700 +Subject: [PATCH] Warn not error if xsltproc is not found + +Upstream-Status: Inappropriate [oe-core specific] +Signed-off-by: Khem Raj <raj.khem@gmail.com> + +--- + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index 6896c19..2a1fb52 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -182,7 +182,7 @@ AC_SUBST([systemdunitdir], [$systemdunitdir]) + # package as xgettext, and we find them by PATH, so just check for the one. + AC_PATH_PROG([XGETTEXT], [xgettext], [no]) + if test "$XGETTEXT" = "no"; then +- AC_MSG_ERROR([Please install gettext tools]) ++ AC_MSG_WARN([Please install gettext tools]) + fi + + # ssh-add diff --git a/meta-webserver/recipes-webadmin/cockpit/files/0001-remove-tests-dep-on-gobject-intro.patch b/meta-webserver/recipes-webadmin/cockpit/files/0001-remove-tests-dep-on-gobject-intro.patch deleted file mode 100644 index 2242190a38..0000000000 --- a/meta-webserver/recipes-webadmin/cockpit/files/0001-remove-tests-dep-on-gobject-intro.patch +++ /dev/null @@ -1,77 +0,0 @@ -From 788aace494f79e8201b18ebcdf1592b5030c5295 Mon Sep 17 00:00:00 2001 -From: Adrian Freihofer <adrian.freihofer@siemens.com> -Date: Wed, 4 Dec 2019 17:23:46 +0100 -Subject: [PATCH] remove tests dep on gobject-intro - ---- - src/ws/Makefile-ws.am | 54 --------------------------------------------------- - 1 file changed, 54 deletions(-) - -diff --git a/src/ws/Makefile-ws.am b/src/ws/Makefile-ws.am -index 009130941..34e13d7fe 100644 ---- a/src/ws/Makefile-ws.am -+++ b/src/ws/Makefile-ws.am -@@ -246,60 +246,6 @@ EXTRA_DIST += \ - - # ---------------------------------------------------------------------------------------------------- - --noinst_PROGRAMS += test-server --check_PROGRAMS += test-server -- --GDBUS_CODEGEN_XML = $(srcdir)/src/ws/com.redhat.Cockpit.DBusTests.xml -- --GDBUS_CODEGEN_GENERATED = \ -- src/ws/mock-dbus-tests.h \ -- src/ws/mock-dbus-tests.c \ -- $(NULL) -- --# FIXME: --header/--body and --output are only available from GLib 2.56. --# just use --generate-c-code and a bit of dependency ugliness for now --GDBUS_CODEGEN_INVOCATION = \ -- $(AM_V_GEN) gdbus-codegen \ -- --interface-prefix com.redhat.Cockpit.DBusTests \ -- --c-namespace Test \ -- --c-generate-object-manager \ -- --generate-c-code src/ws/mock-dbus-tests \ -- $(GDBUS_CODEGEN_XML) -- --BUILT_SOURCES += $(GDBUS_CODEGEN_GENERATED) --CLEANFILES += $(GDBUS_CODEGEN_GENERATED) --EXTRA_DIST += $(GDBUS_CODEGEN_XML) -- --src/ws/mock-dbus-tests.h: $(GDBUS_CODEGEN_XML) -- $(GDBUS_CODEGEN_INVOCATION) -- --src/ws/mock-dbus-tests.c: $(GDBUS_CODEGEN_XML) src/ws/mock-dbus-tests.h -- $(GDBUS_CODEGEN_INVOCATION) -- --test_server_SOURCES = \ -- src/ws/mock-service.c \ -- src/ws/mock-service.h \ -- src/ws/test-server.c \ -- $(NULL) -- --nodist_test_server_SOURCES = \ -- $(GDBUS_CODEGEN_GENERATED) \ -- $(NULL) -- --test_server_CFLAGS = \ -- -I$(builddir)/src/ws \ -- -I$(top_srcdir)/src/ws \ -- -DG_LOG_DOMAIN=\"test-server\" \ -- $(GIO_CFLAGS) \ -- $(COCKPIT_WS_CFLAGS) \ -- $(NULL) -- --test_server_LDADD = \ -- $(libcockpit_ws_LIBS) \ -- $(GIO_LIBS) \ -- -lpam \ -- $(NULL) -- - WS_CHECKS = \ - test-base64 \ - test-creds \ --- -2.11.0 - diff --git a/meta-webserver/recipes-webadmin/cockpit/files/0002-fix-makefile-use-copy-rule-for-unmodified-files.patch b/meta-webserver/recipes-webadmin/cockpit/files/0002-fix-makefile-use-copy-rule-for-unmodified-files.patch deleted file mode 100644 index a1ea9bcfdc..0000000000 --- a/meta-webserver/recipes-webadmin/cockpit/files/0002-fix-makefile-use-copy-rule-for-unmodified-files.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 1edf0756bf4fd002f5b60cf2b86d4b97a00aff20 Mon Sep 17 00:00:00 2001 -From: Michael Haener <michael.haener@siemens.com> -Date: Wed, 25 Mar 2020 08:32:07 +0100 -Subject: [PATCH] fix(makefile): use copy rule for unmodified files - ---- - pkg/Makefile.am | 27 +++++++++++++++++++++++++++ - 1 file changed, 27 insertions(+) - -diff --git a/pkg/Makefile.am b/pkg/Makefile.am -index 192b785..03b9787 100644 ---- a/pkg/Makefile.am -+++ b/pkg/Makefile.am -@@ -13,6 +13,33 @@ playground_DATA = \ - dist/playground/extra.de.po: pkg/playground/extra.de.po - $(COPY_RULE) - -+dist/playground/hammer.gif: pkg/playground/hammer.gif -+ $(COPY_RULE) -+ -+dist/sosreport/sosreport.png: pkg/sosreport/sosreport.png -+ $(COPY_RULE) -+ -+dist/apps/default.png: pkg/apps/default.png -+ $(COPY_RULE) -+ -+dist/storaged/images/storage-array.png: pkg/storaged/images/storage-array.png -+ $(COPY_RULE) -+ -+dist/storaged/images/storage-disk.png: pkg/storaged/images/storage-disk.png -+ $(COPY_RULE) -+ -+dist/shell/images/server-error.png: pkg/shell/images/server-error.png -+ $(COPY_RULE) -+ -+dist/shell/images/server-large.png: pkg/shell/images/server-large.png -+ $(COPY_RULE) -+ -+dist/shell/images/server-small.png: pkg/shell/images/server-small.png -+ $(COPY_RULE) -+ -+dist/shell/index.html: pkg/shell/index.html -+ $(COPY_RULE) -+ - metainfodir = ${datarootdir}/metainfo - metainfo_DATA = pkg/sosreport/org.cockpit-project.cockpit-sosreport.metainfo.xml \ - pkg/kdump/org.cockpit-project.cockpit-kdump.metainfo.xml \ diff --git a/meta-webserver/recipes-webadmin/netdata/netdata/0001-Use-explicit-typecast-to-enum-rrdset_flags.patch b/meta-webserver/recipes-webadmin/netdata/netdata/0001-Use-explicit-typecast-to-enum-rrdset_flags.patch deleted file mode 100644 index e3c7a7cd2b..0000000000 --- a/meta-webserver/recipes-webadmin/netdata/netdata/0001-Use-explicit-typecast-to-enum-rrdset_flags.patch +++ /dev/null @@ -1,39 +0,0 @@ -From e8ec0a0f3a353a8167687a8fdb26773e45927aac Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Sun, 24 Apr 2022 09:49:12 -0700 -Subject: [PATCH] Use explicit typecast to enum rrdset_flags - -specifications say -An enumerator can be promoted to an integer value. However, -converting an integer to an enumerator requires an explicit -cast, and the results are not defined. - -Therefore The bitwise OR operation you are performing results -in an int, which you then attempt to assign to a variable of -type rrdset_flags without a cast. - -Fixes -| ml/Host.cc:167:9: error: assigning to 'RRDSET_FLAGS' (aka 'rrdset_flags') from incompatible type 'int' -| rrdset_flag_set(RS, RRDSET_FLAG_ANOMALY_DETECTION); -| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Upstream-Status: Submitted [https://github.com/netdata/netdata/pull/12750] - -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - database/rrd.h | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - ---- a/database/rrd.h -+++ b/database/rrd.h -@@ -489,8 +489,8 @@ typedef enum rrdset_flags { - #define rrdset_flag_clear(st, flag) __atomic_and_fetch(&((st)->flags), ~flag, __ATOMIC_SEQ_CST) - #else - #define rrdset_flag_check(st, flag) ((st)->flags & (flag)) --#define rrdset_flag_set(st, flag) (st)->flags |= (flag) --#define rrdset_flag_clear(st, flag) (st)->flags &= ~(flag) -+#define rrdset_flag_set(st, flag) (st)->flags = (RRDSET_FLAGS)((st)->flags | flag) -+#define rrdset_flag_clear(st, flag) (st)->flags = (RRDSET_FLAGS)((st)->flags & ~(flag)) - #endif - #define rrdset_flag_check_noatomic(st, flag) ((st)->flags & (flag)) - diff --git a/meta-webserver/recipes-webadmin/netdata/netdata/netdata.service b/meta-webserver/recipes-webadmin/netdata/netdata/netdata.service index ca13f72871..f4911f3b6e 100644 --- a/meta-webserver/recipes-webadmin/netdata/netdata/netdata.service +++ b/meta-webserver/recipes-webadmin/netdata/netdata/netdata.service @@ -7,7 +7,7 @@ After=network.target [Service] Type=simple ExecStartPre=/bin/mkdir -p /var/log/netdata -ExecStartPre=/bin/chown -R netdata.netdata /var/log/netdata +ExecStartPre=/bin/chown -R netdata:netdata /var/log/netdata ExecStart=/usr/sbin/netdata -D -u netdata diff --git a/meta-webserver/recipes-webadmin/netdata/netdata_1.34.1.bb b/meta-webserver/recipes-webadmin/netdata/netdata_1.44.3.bb index b777d20897..700c6b2346 100644 --- a/meta-webserver/recipes-webadmin/netdata/netdata_1.34.1.bb +++ b/meta-webserver/recipes-webadmin/netdata/netdata_1.44.3.bb @@ -5,20 +5,18 @@ HOMEPAGE = "https://github.com/netdata/netdata/" LICENSE = "GPL-3.0-only" LIC_FILES_CHKSUM = "file://LICENSE;md5=fc9b848046ef54b5eaee6071947abd24" -DEPENDS += "libuv util-linux zlib" +DEPENDS += "json-c libuv libyaml util-linux zlib " -SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/v${PV}/${BPN}-v${PV}.tar.gz \ - file://0001-Use-explicit-typecast-to-enum-rrdset_flags.patch \ +SRC_URI = "\ + https://github.com/${BPN}/${BPN}/releases/download/v${PV}/${BPN}-v${PV}.tar.gz \ + file://netdata.conf \ + file://netdata.service \ " -SRC_URI[sha256sum] = "8ea0786df0e952209c14efeb02e25339a0769aa3edc029e12816b8ead24a82d7" -# default netdata.conf for netdata configuration -SRC_URI += "file://netdata.conf" +SRC_URI[sha256sum] = "50df30a9aaf60d550eb8e607230d982827e04194f7df3eba0e83ff7919270ad2" -# file for providing systemd service support -SRC_URI += "file://netdata.service" - -UPSTREAM_CHECK_URI = "https://github.com/netdata/netdata/releases" +UPSTREAM_CHECK_URI = "https://github.com/${BPN}/${BPN}/tags" +UPSTREAM_CHECK_REGEX = "${BPN}/releases/tag/v(?P<pver>\d+(?:\.\d+)*)" S = "${WORKDIR}/${BPN}-v${PV}" @@ -42,10 +40,10 @@ SYSTEMD_AUTO_ENABLE:${PN} = "enable" USERADD_PACKAGES = "${PN}" USERADD_PARAM:${PN} = "--system --no-create-home --home-dir ${localstatedir}/run/netdata --user-group netdata" -PACKAGECONFIG ??= "https" -PACKAGECONFIG[cloud] = "--enable-cloud, --disable-cloud, json-c" -PACKAGECONFIG[compression] = "--enable-compression, --disable-compression, lz4" -PACKAGECONFIG[https] = "--enable-https, --disable-https, openssl" +PACKAGECONFIG ??= "openssl" +PACKAGECONFIG[cloud] = "--enable-cloud, --disable-cloud," +PACKAGECONFIG[lz4] = "--enable-lz4, --disable-lz4, lz4" +PACKAGECONFIG[openssl] = "--enable-openssl, --disable-openssl, openssl" # ebpf doesn't compile (or detect) the cross compilation well EXTRA_OECONF += "--disable-ebpf" @@ -80,4 +78,4 @@ do_install:append() { FILES:${PN} += "${localstatedir}/cache/netdata/ ${localstatedir}/lib/netdata/" -RDEPENDS:${PN} = "bash zlib" +RDEPENDS:${PN} = "bash python3-core zlib" diff --git a/meta-webserver/recipes-webadmin/webmin/files/disable-version-check.patch b/meta-webserver/recipes-webadmin/webmin/files/disable-version-check.patch index 9aad894e0c..1ca26ca0dd 100644 --- a/meta-webserver/recipes-webadmin/webmin/files/disable-version-check.patch +++ b/meta-webserver/recipes-webadmin/webmin/files/disable-version-check.patch @@ -3,7 +3,7 @@ Disable OS version check in status screen The code is not able to accurately detect the correct distro/version at the moment. -Upstream-status: Inappropriate +Upstream-Status: Inappropriate Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> diff --git a/meta-webserver/recipes-webadmin/webmin/files/init-exclude.patch b/meta-webserver/recipes-webadmin/webmin/files/init-exclude.patch index 4212917f6e..489318b4bd 100644 --- a/meta-webserver/recipes-webadmin/webmin/files/init-exclude.patch +++ b/meta-webserver/recipes-webadmin/webmin/files/init-exclude.patch @@ -1,11 +1,11 @@ -# Hack in support for an "exclude" config option for the init module, so -# we can hide certain system services that shouldn't really be configurable -# via the web interface -# -# Upstream-status: Pending -# -# Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> -# Signed-off-by: Jackie Huang <jackie.huang@windriver.com> +Hack in support for an "exclude" config option for the init module, so +we can hide certain system services that shouldn't really be configurable +via the web interface + +Upstream-Status: Pending + +Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> +Signed-off-by: Jackie Huang <jackie.huang@windriver.com> --- init/index.cgi | 27 ++++++++++++++------------- init/init-lib.pl | 5 +++-- diff --git a/meta-webserver/recipes-webadmin/webmin/files/media-tomb.patch b/meta-webserver/recipes-webadmin/webmin/files/media-tomb.patch index 46f3109796..dfc962bfb7 100644 --- a/meta-webserver/recipes-webadmin/webmin/files/media-tomb.patch +++ b/meta-webserver/recipes-webadmin/webmin/files/media-tomb.patch @@ -1,3 +1,7 @@ +add mediatomb support + +Upstream-Status: Pending +Signed-off-by: Khem Raj <raj.khem@gmail.com> diff -Nru webmin-1.570.bak/mediatomb/index.cgi webmin-1.570/mediatomb/index.cgi --- webmin-1.570.bak/mediatomb/index.cgi 1969-12-31 16:00:00.000000000 -0800 +++ webmin-1.570/mediatomb/index.cgi 2011-10-26 10:00:05.992522036 -0700 diff --git a/meta-webserver/recipes-webadmin/webmin/files/mount-excludefs.patch b/meta-webserver/recipes-webadmin/webmin/files/mount-excludefs.patch index 8cb74c4b13..787bd8c69b 100644 --- a/meta-webserver/recipes-webadmin/webmin/files/mount-excludefs.patch +++ b/meta-webserver/recipes-webadmin/webmin/files/mount-excludefs.patch @@ -6,7 +6,7 @@ since these shouldn't be modified from the web interface. Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> -Upstream-status: Pending +Upstream-Status: Pending --- webmin-1.570.orig/mount/index.cgi +++ webmin-1.570/mount/index.cgi diff --git a/meta-webserver/recipes-webadmin/webmin/files/mysql-config-fix.patch b/meta-webserver/recipes-webadmin/webmin/files/mysql-config-fix.patch index 2cbc627076..c6c1f0df79 100644 --- a/meta-webserver/recipes-webadmin/webmin/files/mysql-config-fix.patch +++ b/meta-webserver/recipes-webadmin/webmin/files/mysql-config-fix.patch @@ -3,7 +3,7 @@ From: Diego Rondini <diego.ml@zoho.com> Date: Thu, 18 Feb 2016 15:44:06 +0100 Subject: [PATCH] Adjust Mysql config defaults -Upstream-status: Inappropriate [configuration] +Upstream-Status: Inappropriate [configuration] Signed-off-by: Diego Rondini <diego.ml@zoho.com> --- diff --git a/meta-webserver/recipes-webadmin/webmin/files/net-generic.patch b/meta-webserver/recipes-webadmin/webmin/files/net-generic.patch index 5549392851..6ae3dced72 100644 --- a/meta-webserver/recipes-webadmin/webmin/files/net-generic.patch +++ b/meta-webserver/recipes-webadmin/webmin/files/net-generic.patch @@ -1,8 +1,8 @@ -# Add support for configuring network interfaces on a generic linux system -# -# Upstream-status: Not appropriate [config] -# -# Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> +Add support for configuring network interfaces on a generic linux system + +Upstream-Status: Inappropriate [config] + +Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Index: webmin-1.850/net/module.info =================================================================== --- webmin-1.850.orig/net/module.info diff --git a/meta-webserver/recipes-webadmin/webmin/files/proftpd-config-fix.patch b/meta-webserver/recipes-webadmin/webmin/files/proftpd-config-fix.patch index 492a652d48..4e78ff4c22 100644 --- a/meta-webserver/recipes-webadmin/webmin/files/proftpd-config-fix.patch +++ b/meta-webserver/recipes-webadmin/webmin/files/proftpd-config-fix.patch @@ -1,4 +1,4 @@ -Upstream-status: Inappropriate [configuration] +Upstream-Status: Inappropriate [configuration] Signed-off-by: Zhai Edwin <edwin.zhai@intel.com> diff --git a/meta-webserver/recipes-webadmin/webmin/files/remove-startup-option.patch b/meta-webserver/recipes-webadmin/webmin/files/remove-startup-option.patch index d957f4a3bc..358e53ab8c 100644 --- a/meta-webserver/recipes-webadmin/webmin/files/remove-startup-option.patch +++ b/meta-webserver/recipes-webadmin/webmin/files/remove-startup-option.patch @@ -1,9 +1,9 @@ -# Remove "start on boot" option from webmin configuration, as -# end-users should not need to configure this from the web interface -# -# Upstream-status: Inappropriate -# -# Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> +Remove "start on boot" option from webmin configuration, as +end-users should not need to configure this from the web interface + +Upstream-Status: Inappropriate [OE-specific] + +Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> --- webmin-1.570.orig/webmin/index.cgi +++ webmin-1.570/webmin/index.cgi @@ -79,20 +79,6 @@ print &ui_buttons_start(); diff --git a/meta-webserver/recipes-webadmin/webmin/files/samba-config-fix.patch b/meta-webserver/recipes-webadmin/webmin/files/samba-config-fix.patch index 46645ac30e..d9ea2d145e 100644 --- a/meta-webserver/recipes-webadmin/webmin/files/samba-config-fix.patch +++ b/meta-webserver/recipes-webadmin/webmin/files/samba-config-fix.patch @@ -1,4 +1,4 @@ -Upstream-status: Inappropriate [configuration] +Upstream-Status: Inappropriate [configuration] Signed-off-by: Zhai Edwin <edwin.zhai@intel.com> |