phpmyadmin install some bin list below that depend on interpreter php,
without rdepend, will report "Not found the interpreter php"
/usr/share/phpmyadmin/vendor/phpmyadmin/sql-parser/bin/lint-query
/usr/share/phpmyadmin/vendor/phpmyadmin/sql-parser/bin/tokenize-query
/usr/share/phpmyadmin/vendor/phpmyadmin/sql-parser/bin/highlight-query
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Security fixes:
CVE-2018-8011
mod_md: DoS via Coredumps on specially crafted requests
CVE-2018-1333
mod_http2: DoS for HTTP/2 connections by specially crafted requests
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The thread pool feature can be enabled without significant extra binary size. Thread pools can increase performance by an order of magnitude on some configurations
Signed-off-by: Derek Straka <derek@asterius.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* License-Update: Correctly identify origin of util_pcre.c/ap_regex.h as
pcreposix[.ch] and correct LICENSE/NOTICE to match.
* Refresh patches with devtool
* Drop useless patch apache-ssl-ltmain-rpath.patch
* Move all patches to one directory
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The configure options '--enable-deflate' or '--with-z' make
the package depends on zlib. PACKAGECONFIG should be defined
to clear the dependency.
Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Update to latest from upstream. This adds pkg-config support.
Fix_EOF_not_declared_issue.patch is obsolete, fix is upstream.
Signed-off-by: Adrian Freihofer <adrian.freihofer@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There is a failure to install both of sthttpd-doc and
apache2-doc to rootfs.
...
|Error: Transaction check error:
| file /usr/share/man/man1/htpasswd.1 conflicts
between attempted installs of sthttpd-doc-2.27.1
-r0.0.armv7ahf_neon and apache2-doc-2.4.27
-r0.0.armv7ahf_neon
...
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
fixes:
checking Check for supported PHP versions... configure: error: not supported. Need a PHP version >= 5.5.0 and < 7.2.0 (found 7.2.4)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
WARNING: nginx-1.12.2-r0 do_patch:
Some of the context lines in patches were ignored. This can lead to incorrectly applied patches.
The context lines in the patches can be updated with devtool:
devtool modify <recipe>
devtool finish --force-patch-refresh <recipe> <layer_path>
Then the updated patches and the source tree (in devtool's workspace)
should be reviewed to make sure the patches apply in the correct place
and don't introduce duplicate lines (which can, and does happen
when some of the context is ignored). Further information:
http://lists.openembedded.org/pipermail/openembedded-core/2018-March/148675.htmlhttps://bugzilla.yoctoproject.org/show_bug.cgi?id=10450
Details:
Applying patch nginx-cross.patch
patching file auto/feature
patching file auto/options
Hunk #1 succeeded at 386 (offset 33 lines).
Hunk #2 succeeded at 580 (offset 35 lines).
Hunk #3 succeeded at 599 (offset 22 lines).
patching file auto/types/sizeof
patching file auto/unix
Hunk #1 succeeded at 587 (offset 194 lines).
Hunk #2 succeeded at 604 with fuzz 1 (offset 188 lines).
Hunk #3 succeeded at 620 with fuzz 2 (offset 188 lines).
Now at patch nginx-cross.patch
Signed-off-by: Armin Kuster <akuster808@gmail.com>
WARNING: webmin-1.850-r0 do_patch:
Some of the context lines in patches were ignored. This can lead to incorrectly applied patches.
The context lines in the patches can be updated with devtool:
devtool modify <recipe>
devtool finish --force-patch-refresh <recipe> <layer_path>
Then the updated patches and the source tree (in devtool's workspace)
should be reviewed to make sure the patches apply in the correct place
and don't introduce duplicate lines (which can, and does happen
when some of the context is ignored). Further information:
http://lists.openembedded.org/pipermail/openembedded-core/2018-March/148675.htmlhttps://bugzilla.yoctoproject.org/show_bug.cgi?id=10450
Details:
Applying patch nfs-export.patch
patching file exports/save_export.cgi
Hunk #1 succeeded at 50 (offset 10 lines).
Hunk #2 succeeded at 87 with fuzz 2 (offset 17 lines).
Now at patch nfs-export.patch
Signed-off-by: Armin Kuster <akuster808@gmail.com>
WARNING: apache2-2.4.29-r0 do_patch:
Some of the context lines in patches were ignored. This can lead to incorrectly applied patches.
The context lines in the patches can be updated with devtool:
devtool modify <recipe>
devtool finish --force-patch-refresh <recipe> <layer_path>
Then the updated patches and the source tree (in devtool's workspace)
should be reviewed to make sure the patches apply in the correct place
and don't introduce duplicate lines (which can, and does happen
when some of the context is ignored). Further information:
http://lists.openembedded.org/pipermail/openembedded-core/2018-March/148675.htmlhttps://bugzilla.yoctoproject.org/show_bug.cgi?id=10450
Details:
Applying patch apache-configure_perlbin.patch
patching file configure.in
Hunk #1 succeeded at 855 with fuzz 2 (offset 217 lines).
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Add an inherit for siteinfo to get access to SITEINFO_ENDIANNESS
Add a patch to have nginx actually use the user provided --with-endian
Signed-off-by: Derek Straka <derek@asterius.io>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Update license checksum for copyright updates
Rebase existing patch to remove contrib dir from the build
Signed-off-by: Derek Straka <derek@asterius.io>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The cherokee recipe requires mysql5 provided by the openembedded layer
Signed-off-by: Derek Straka <derek@asterius.io>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
The default layout installs log files and pid files into /var/apache2/logs.
This is odd and also will cause security issues because selinux does not know
how to label the security contexts for the files.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* Fix CVE-2017-10671: Heap-based buffer overflow in the de_dotdot
function in libhttpd.c
* Update SRC_URI because the original site can not access.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Use git fetcher to use tip of tree, the tree does not
get frequent fixes. Its not disruptive to use git fetcher
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
nginx requires zlib not gzip for compression.
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
The recipe and the systemd service file use /run/nginx/nginx.pid,
while the sys v init script used /var/run/nginx/nginx.pid
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Changed in V4:
Add the tag: meta-oe
1. Different version php have different libphp*.so, so we need to install its
corresponding libphp*.so, for example:
php-7.1.0 libphp7.so
php-5.6.26 libphp5.so
2. Fix php-5.6.26 compiling errors:
ld: TSRM/.libs/TSRM.o: undefined reference to symbol
'pthread_sigmask@@GLIBC_2.2.5'
error adding symbols: DSO missing from command line
3. Create a configure script like 70_mod_php5, we name it 70_mod_php7, this
file connect the php7 and the apache2, so they work together to let the
LAMP works correctly.
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
It has been fixed since:
commit b5bb611637
Author: dengke.du@windriver.com <dengke.du@windriver.com>
Date: Tue Mar 28 04:13:36 2017 -0400
php: fix install failure
Also remove it for xdebug since php works now.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* based on discussion in pndeprecated thread:
https://patchwork.openembedded.org/patch/137573/
update the messages to warn possible users that the
recipe will be removed before the end of the next development
cycle (before Yocto 2.4 is released).
* updated with:
sed -i 's/^\(PNBLACKLIST.*".*\)"/\1 - the recipe will be removed on 2017-09-01 unless the issue is fixed"/g' `git grep PNBLACKLIST | sed 's/:.*//g' | sort -u | xargs`
* then noticed couple recipes being blacklisted only based on
DISTRO_FEATURES, so removed those:
meta-networking/recipes-support/lksctp-tools/lksctp-tools_1.0.17.bb
meta-oe/recipes-connectivity/bluez/bluez-hcidump_2.5.bb
meta-oe/recipes-connectivity/bluez/bluez4_4.101.bb
meta-oe/recipes-connectivity/bluez/gst-plugin-bluetooth_4.101.bb
meta-oe/recipes-navigation/foxtrotgps/foxtrotgps_1.1.1.bb
meta-oe/recipes-navigation/gypsy/gypsy.inc
meta-oe/recipes-navigation/navit/navit.inc
meta-oe/recipes-support/opensync/libsyncml_0.5.4.bb
* if it isn't fixed by this date, it's fair game to be removed
whenever someone gets around to i
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Upgrade the xdebug to fix the build failure with php 7.1
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Currently the build directiories en up in /usr/*_temp which is not what most
users will expect. This changes the default location to /tmp/nginx/*_tmp.
The location can still be overridden in the nginx.conf file.
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
It gets replaces with the real NGINX_USER anyway, but it confuses people
that there is a different value by default. So just make it the same as the
default NGINX_USER
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Deleted bunch of patches which are not used anymore by any recipe.
Signed-off-by: Oleksandr Kravchuk <oleksandr.kravchuk@pelagicore.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
The mirror site of cherokee in SRC_URI is down. Use another mirror
instead. See http://cherokee-project.com/downloads.html
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
This fixes the build failure:
ERROR: apache-websocket-0.1.1-r0 do_install_source: Failed to
archive (...) /bin/sh: pbzip2: command not found
Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
The change to use ${APACHE_MIRROR} in the SRC_URI in dfbe6cf214 did
not take into account that ${APACHE_MIRROR} already contains "/dist".
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Inherit the systemd class so the service file is properly handled.
Note that by default, the service file will be installed but not enabled.
Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Currently, PV is "git" and contains no version information.
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
According to other Linux distributes like Ubuntu, the modules
are usually included by 'LoadModule' command in *.load files
in mods-enable directory, as *.conf files in this directory
are usually used for special configurations for each module.
Include *.load in apache2 top conf file to be compatible with
customer's normal usage habits.
Signed-off-by: Junxian.Xiao <Junxian.Xiao@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Add PACKAGECONFIG for ipv6 and control it based
on DISTRO_FEATURES.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
- Call the nginx binary directly, no need to wrap the SysV init file.
- Create /var/log/nginx with tmpfiles, like volatiles without systemd.
- Run nginx with ${NGINX_USER} (user ${NGINX_USER} in nginx.conf)
Signed-off-by: Gyorgy Szombathelyi <gyurco@freemail.hu>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* Update license checksum to include latest copyright information
* Update patch for the latest version
Signed-off-by: Derek Straka <derek@asterius.io>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* Compatible with PHP 5.5 to 7.0 and MySQL 5.5 and newer.
* Release notes: http://www.phpmyadmin.net/files/4.6.3/
* Drop two CVE patches which have been fixed:
CVE-2015-7873 and CVE-2015-8669
* Use PV in SRC_URI instead of hardcoded version number.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Update sthttpd to release 2.27.0.
The variable WEBGROUP is introduced to allow configuring the group used
for the special ${sbindir}/makeweb tool, which in 2.27.0 is installed
setgid to this group by default, whereas in 2.26.4 it was not.
sthttpd 2.27 uses `thttpd' as the default value; here, the more
standard `www-data' group is used by default.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
libtool-cross recipe install it as ${HOST_SYS}-libtool
Signed-off-by: Kirill Esipov <yesipov@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Remove a now redundant nginx-cross patch with stable moving to 1.10.X
Remove a duplicate DISABLE_STATIC
Signed-off-by: Derek Straka <derek@asterius.io>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
The 1.8 version is now considered legacy and the stable versions 1.10.X
Updated the license checksum to reflect copyright date update to 2016
Signed-off-by: Derek Straka <derek@asterius.io>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Netdata are a performance monitoring tools for Linux systems, applications.
Netdata interface are available via http on port 19999:
http://<ip address>:19999
Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
base_contains() is a compatibility wrapper and may warn in the future, so
replace all instances with bb.utils.contains().
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
update the nginx-cross path to work with the latest version of nginx
Signed-off-by: Derek Straka <derek@asterius.io>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
The apache-websocket module is an Apache 2.x server module that may be
used to process requests using the WebSocket protocol (RFC 6455) by an
Apache 2.x server. The module consists of a plugin architecture for
handling WebSocket messaging.
Signed-off-by: Haris Okanovic <haris.okanovic@ni.com>
Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Some apache module recipes like the newly introduced apache-websocket
also need apachectl at build in the sysroot besides apxs.
Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
The 1.8 branch is the current stable branch of nginx.
This means the branch doesn't get new features, but is still supported with bugfixes.
Depending on the use case it is more suitable to use on an embedded device
than the 1.9 branch which adds new features with every release.
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
nginx has two maintained branches.
- stable: is the long term maintained branch where only bugfixes occur
- mainline: is the branch where new features get added
This change is in preparation to support these two branches.
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Default config of the mysql Webmin module uses paths of a manually installed
MySQL. This commit adjusts paths to the ones used by MariaDB in OE.
Signed-off-by: Diego Rondini <diego.ml@zoho.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
This allows selecting a different user then "www" in a bbappend.
It also allows to change the default value of "/var/www/localhost" to something else.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12,
4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers
to obtain sensitive information via a crafted request, which reveals
the full path in an error message.
This patch is from c4d649325b
Signed-off-by: Jian Liu <jian.liu@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
The OML license is specific to fastcgi, which is in meta-webserver,
not meta-oe.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
1. Upgrade apache2 from 2.4.16 to 2.4.18
The changes in 2.4.18 is shown in following URL.
http://ftp.meisei-u.ac.jp/mirror/apache/dist//httpd/CHANGES_2.4.18
2. Delete patch file npn-patch-2.4.7.patch due to this patch file can not be applied to the apache2 2.4.18's source code.
The NPN support was removed with r1676004. NPN is now quite unlikely to find its way into a stable release.
https://bz.apache.org/bugzilla/show_bug.cgi?id=52210
Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1
and 4.5.x before 4.5.1 allows remote attackers to spoof content via the
url parameter.
Backport upstream commit to fix it:
cd09765675
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
It shows warnings when build apache2 such as:
| WARNING: QA Issue: apache2: /apache2-dev/usr/share/apache2/icons/small/movie.gif
| is owned by uid 1785, which is the same as the user running bitbake.
| This may be due to host contamination [host-user-contaminated]
Set the owner and group to root to fix it.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* see:
http://lists.openembedded.org/pipermail/openembedded-devel/2015-September/103271.html
* fixes:
ERROR: phpmyadmin different signature for task do_package_write_ipk.sigdata between qemux86copy and qemuarm
runtaskdeps changed from ['bashbash_4.3.30.bb.do_packagedata', 'opkg-utilsopkg-utils_git.bb.do_populate_sysroot:virtual:native', 'phpmyadminphpmyadmin_4.4.9.bb.do_package', 'phpmyadminphpmyadmin_4.4.9.bb.do_packagedata', 'pseudopseudo_1.7.4.bb.do_populate_sysroot:virtual:native'] to ['bashbash_4.3.30.bb.do_packagedata', 'opkg-utilsopkg-utils_git.bb.do_populate_sysroot:virtual:native', 'phpmyadminphpmyadmin_4.4.9.bb.do_package', 'phpmyadminphpmyadmin_4.4.9.bb.do_packagedata', 'pseudopseudo_1.7.4.bb.do_populate_sysroot:virtual:native']
openembedded-core/meta/recipes-extended/bash/bash_4.3.30.bb.do_packagedata with hash c08b791d0f860a835a911f5a4c9a32d9
changed to
openembedded-core/meta/recipes-extended/bash/bash_4.3.30.bb.do_packagedata with hash 91674ffdfc796e4ab503093d2c8379da
Hash for dependent task bashbash_4.3.30.bb.do_packagedata changed from c08b791d0f860a835a911f5a4c9a32d9 to 91674ffdfc796e4ab503093d2c8379da
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
systemd service file expects full path of the executatbles.
Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Passing EXTRA_OECONF to ./configure, this allows to alter build
configure
Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Replace contaminated paths with staging paths so apxs can be successfully used
in other recipes to build modules when host and target arch differ.
Signed-off-by: George McCollister <george.mccollister@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Remove 'perl-module-sdbm' from RDEPENDS as perl don't build out this module.
This also fixes the following warning.
WARNING: QA Issue: webmin rdepends on perl-module-sdbm, but it isn't a build dependency? [build-deps]
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Upgrade phpmyadmin from 4.4.9 to 4.5.0.2 and SRC_URI is updated.
Accoring to release note, there is NO API changes for 4.5.0.x serial. So
upgrade to 4.5.0.2 rather than 4.4.15 which will only support for
security fixes only.
And license file has some text update. See:
9d080a482f
Change files owner to fix [host-user-contaminated] warnings.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Due to the way most files were installed, using cp ..., during packaging we got spammed
with messages like:
WARNING: QA Issue: webmin: /webmin-module-fail2ban/usr/lib/webmin/webmin/fail2ban/lang/no is owned by gid 100, which is the same as the user running bitbake. This may be due to host contamination [host-user-contaminated]
WARNING: QA Issue: webmin: /webmin-module-system-status/usr/lib/webmin/webmin/system-status/lang/no is owned by gid 100, which is the same as the user running bitbake. This may be due to host contamination [host-user-contaminated]
Do the install in a similar way as is done in bin_package.bbclass.
By doing that, we're not getting any QA-errors from host-user-contaminated.
Signed-off-by: Anders Darander <anders@chargestorm.se>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Those buildpaths were generated from configure substitutions, they are
required for cross-compiling, but obviously they should be cleaned up
from target stuffs.
Cleanup buildpaths from config_vars.mk and config.nice:
* remove ${STAGING_DIR_HOST} from CC, CFLAGS ...
* set APU_INCLUDEDIR, APU_CONFIG as empty
* remove buildpath from configure line
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Change start, stop, and restart functions in apache2 init script to return only
after completion (i.e. the server has started/stopped, not just received a kill
signal). Starting and stopping the server in quick sucession results in an error
because the server will attempt to stop before it has had time to start and vice
versa.
Signed-off-by: Adam Chappell <adam.chappell@ni.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2.4.16 includes fixes for CVE-2015-3185, CVE-2015-0253 and CVE-2015-3183
remove a backport patch 0001-SECURITY-CVE-2015-0228-cve.mitre.org.patch
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
after cmake is upgrade to 3.2.2, the /var/run dir is not created, so
not need to remove it.
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
WARNING: QA Issue: /usr/bin/apxs_apache2-dev contained in package apache2-dev requires /usr/bin/perl, but no providers found in its RDEPENDS [file-rdeps]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
upgrade to include CVE fixes:
CVE-2015-3903
CVE-2015-3902
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Adds support for systemd, creates a service for nginx and installs it if required
Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Remove apache-CVE-2014-0117.patch which apache2 2.4.12 has it
Update the apache-ssl-ltmain-rpath.patch
Backport the patch to fix CVE-2015-0228
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
This patch add the new Monkey HTTP Server v1.5.6.
For more details about software changes please visit:
http://monkey-project.com/Announcements/v1.5.6
=== Build Tests ==
This version have been tested on Yocto/Dizzy based on RPM.
monkey-yocto/5aee7684cd66f78fb51f78138603a4dde4ef2484
Signed-off-by: Eduardo Silva <eduardo@monkey.io>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Fixed:
cherokee/rule_geoip.h:34:19: fatal error: GeoIP.h: No such file or directory
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
fix a typos to remove a warning:
systemd[1]: [/lib/systemd/system/apache2.service:2] Unknown lvalue
'Decription' in section 'Unit'
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Add PACKAGECONFIG for 'selinux', otherwise there would be warnings like
below:
WARN: apache2: apache2 rdepends on libselinux, but it isn't a build dependency?
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
The configure.initd.gentoo script is used for gentoo, it is invalid for oe. So
remove it to solve the following warning:
webmin-1.700: webmin-module-ajaxterm requires /sbin/runscript, but no providers
in its RDEPENDS [file-rdeps]
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before
4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote
authenticated users to inject arbitrary web script or HTML via a crafted ENUM
value that is improperly handled during rendering of the (1) table search or (2)
table structure page, related to
libraries/TableSearch.class.php and libraries/Util.class.php.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7217
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Cross-site scripting (XSS) vulnerability in the view operations page in
phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote
authenticated users to inject arbitrary web script or HTML via a crafted
view name, related to js/functions.js.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5274
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x
before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow
remote authenticated users to inject arbitrary web script or HTML via the
(1) browse table page, related to js/sql.js; (2) ENUM editor page, related
to js/functions.js; (3) monitor page, related to js/server_status_monitor.js;
(4) query charts page, related to js/tbl_chart.js; or (5) table relations
page, related to libraries/tbl_relation.lib.php.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5273
Signed-off-by: Roy Li <rongqing.li@windriver.com>
The patch comes from upstream:
http://svn.apache.org/viewvc?view=revision&revision=1610674
SECURITY (CVE-2014-0117): Fix a crash in mod_proxy. In a reverse proxy
configuration, a remote attacker could send a carefully crafted request which
could crash a server process, resulting in denial of service.
Thanks to Marek Kroemeke working with HP's Zero Day Initiative for reporting
this issue.
Submitted by: Edward Lu, breser, covener
Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Multiple buffer overflows in the php_parserr function in
ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow
remote DNS servers to cause a denial of service (application crash) or
possibly execute arbitrary code via a crafted DNS record, related to the
dns_get_record function and the dn_expand function. NOTE: this issue
exists because of an incomplete fix for CVE-2014-4049.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3597
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Integer overflow in the cdf_read_property_info function in cdf.c in file
through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and
5.5.x before 5.5.16, allows remote attackers to cause a denial of
service (application crash) via a crafted CDF file. NOTE: this
vulnerability exists because of an incomplete fix for CVE-2012-1571.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3587
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before
5.5.16 does not ensure that pathnames lack %00 sequences, which might
allow remote attackers to overwrite arbitrary files via crafted input to
an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif,
(4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5120
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
This patch add the new Monkey HTTP Server v1.5.4.
For more details about software changes please visit:
http://monkey-project.com/Announcements/v1.5.4
=== Build Tests ==
This version have been tested on Yocto/Daisy based on RPM.
monkey-yocto/a617991e40bd5c3779ad7b3689f78857d3e45248
Signed-off-by: Eduardo Silva <eduardo@monkey.io>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Split apache2-scripts subpkg to put the perl script dbmmanage, so that
apache2 doesn't have to RDEPEND on perl.
Add another perl script apxs to apache2-dev pkg as Olof Johansson
suggested.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Bashism:
possible bashism in plugins/transformations/generator_plugin.sh line 16 (echo -e):
echo -e "Usage: ./generator_plugin.sh MIMEType MIMESubtype TransformationName [Description]\n"
possible bashism in plugins/transformations/generator_plugin.sh line 28 (${parm,[,][pat]} or ${parm^[^][pat]}):
MT="${MT^}"
possible bashism in plugins/transformations/generator_plugin.sh line 29 (${parm,[,][pat]} or ${parm^[^][pat]}):
MS="${MS^}"
possible bashism in plugins/transformations/generator_plugin.sh line 30 (${parm,[,][pat]} or ${parm^[^][pat]}):
TN="${TN^}"
possible bashism in plugins/transformations/generator_plugin.sh line 51 (should be 'b = a'):
if [ "$4" == "--generate_only_main_class" ]; then
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
This patch add the new Monkey HTTP Server v1.5.3.
For more details about software changes please visit:
http://monkey-project.com/Announcements/v1.5.3
=== Build Tests ==
This version have been tested on Yocto/Daisy being packaged and
deployed on images based on RPM successfully.
monkey-yocto/672eadb254e754b91efe691a6594985ee6d9a22e
Signed-off-by: Eduardo Silva <eduardo@monkey.io>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Changed:
- Adjust or remake the following patches based on 1.700:
init-exclude.patch
exports-lib.pl.patch
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* perl-module-time-local is already in RDEPENDS (I guess it's the
same thing as perl-module-timelocal without the last dash)
* list some packages explicitly so that bitbake finds their
RDEPENDS correctly
* fixes following warnings:
webmin-1.620: webmin-module-raid rdepends on mdadm, but it isn't a build dependency? [build-deps]
webmin-1.620: webmin-module-proc rdepends on procps, but it isn't a build dependency? [build-deps]
webmin-1.620: webmin rdepends on perl-module-timelocal, but it isn't a build dependency? [build-deps]
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
We already patch configure.ac and we're not bypassing autoreconf,
so we don't need to patch configure as well.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
This patch add the new Monkey HTTP Server v1.5.2. The new Bitbake file
contains the modifications suggested over the patch set for v1.5.1. It
specify each configuration file for CONFFILES_${PN}.
For more details about software changes please visit:
http://monkey-project.com/Announcements/v1.5.2
=== Build Tests ==
This version and new Bitbake file have been tested on Yocto/Daisy being
packaged and deployed on images based on rpm and ipk successfully.
monkey-yocto/70d57bfd19c01ec055db57e35385ffc4185ae186
Signed-off-by: Eduardo Silva <eduardo@monkey.io>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
This patch add the minor release fix of Monkey HTTP Server v1.5.1. It fixes
some problems when switching user when started as root.
Signed-off-by: Eduardo Silva <eduardo@monkey.io>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
when move a file, test if this file exist or not
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* runtime dependencies are TUNE_PKGARCH causing do_package_write_*
task to have different signature for MACHINEs with different
TUNE_PKGARCH
Signed-off-by: Anders Darander <anders@chargestorm.se>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Fixed SRC_URI:
* ${PN} -> ${BPN}, use ${BP} if it was ${PN}-${PV}
* ${P} -> ${BP}
Otherwise we would meet do_fetch errors when we do the multilib, native
or nativesdk build.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
These recipes were all missing pkgconfig dependencies.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* These recipes all use pkg-config in some way but were missing
dependencies on the tool, this patch adds them.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Also fixup apache2-native recipe to use autotools and SEPB.
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Rather than put hardcoded values into the init scripts,
use a config file. The SRV_DIR is a special value as it
should be used in the conifg file and also passed to make
so it can put the html files in the correct directory.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
The default set of themes taks up ~13MB, with a couple of them weighting in
at ~5MB each.
Let's split the themes to separate packages, to allow a considerable size
reduction of the core webmin package (from +15MB to 2.1MB on my build host).
Signed-off-by: Anders Darander <anders@chargestorm.se>
Don't hardcode the webmin login and password in the install script.
Instead, extract them to variables, to allow us to override them in
a bbappend.
Signed-off-by: Anders Darander <anders@chargestorm.se>
This patch make use of autotools-brokensep on main
recipe to avoid a broken build when using a different
build directory.
monkey-yocto/f15c9e7cd9143ce8486ae5e78db9092238c3d0ec
Signed-off-by: Eduardo Silva <eduardo@monkey.io>
This patch adds the Monkey HTTP Server v1.5.0 recipes. The content
on this patch includes the modifications suggested by people in the
Maling List.
Signed-off-by: Eduardo Silva <eduardo@monkey.io>
Add the Xdebug license file to avoid a missing generic license file
warning during building.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Both the two rules install-adminpyDATA and install-generatedDATA will
install the configured.py to the same location, they can run parallel,
and they use "install -m", which would might build failures:
/usr/bin/install: setting permissions for `/path/to/configured.py': No such file or directory
This is because the first install is setting the permission while the
second install is removing the file an re-install.
Only install the configured.py once will fix the problem, I think that
there is no side effect since it installed the same file to the same
location twice in the past.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
sstate processing for items in sysroot scans certain
file name patterns for absolute paths to be adjusted
when items are installed into sysroot from sstate.
phpize is not one of these patterns (surprise!) so we
add it to the list.
Signed-off-by: Joe Slater <jslater@windriver.com>
* LIC_FILES_CHKSUM changed because of the introduction of an extra blank
line in the LICENSE file (!)
* Refreshed TLS Next Protocol Negotiation support patch for conflict
with 2.4.7. Thanks to Hongxu Jia for doing this work.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Changes:
- rename SUMMARY with length > 80 to DESCRIPTION
- rename DESCRIPTION with length < 80 to (non present tag) SUMMARY
- drop final point character at the end of SUMMARY string
- remove trailing whitespace of SUMMARY line
Note: don't bump PR
Signed-off-by: Matthieu Crapet <Matthieu.Crapet@ingenico.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
In recent versions, upstream has decided to place additional
restrictions on commercial use beyond a standard open source license
(LGPLv3) [1]. This makes it hard to set a LICENSE value that is easily
understood. Of course, as the authors, they have the right to decide
what licensing terms they wish to distribute their project under, and we
could always set LICENSE_FLAGS to denote the extra terms, but this is
somewhat messy and personally I feel less inclined to continue
maintaining this recipe in meta-webserver now, especially since I
originally put it together on my own time. At the moment due to a
branch/commit mismatch it is no longer fetching in any case.
(If someone wants to resurrect this recipe in another layer, they are
more than welcome to do so.)
[1] http://support.ajenti.org/topic/351265-clarify-licensing/
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Previously, modphp estimates endian on host rather than checks it on
target. If the host is little-endian and the target is big-endian,
modphp claims that endian is little. As a result, a memory location
that it is not allowed to access when calling libphp5.so module on
target. It will occur segmentation fault.
This patch enables endian check support for modphp.
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Initial recipe created by Steve Arnold. Original build patch and 1.0.10
recipe graciously contributed by bencoh (in #oe on irc.freenode.net).
New recipe and init script contributed by this author. Built and
tested on master branches using author's fork of meta-raspberrypi.
Signed-off-by: stephen.arnold42 <stephen.arnold42@gmail.com>
Signed-off-by: Sébastien Mennetrier <s.mennetrier@innotis.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add LAYERVERSION and LAYERDEPENDS to layer.conf
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
* Remove all PR = "r0" from all .bb files in meta-oe repo. This was done
with the command sed -e '/^PR.*=.*r0\"/d' meta*/recipes*/*/*.bb -i
* We've switching to the PR server, PR bumps are no longer needed and
this saves people either accidentally bumping them or forgetting to
remove the lines (r0 is the default anyway).
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Since both config_var.mk and config.nice will be packaged into sstate cache,
and be reused, add them into SSTATE_SCAN_FILES to replace the hardcoded paths
Signed-off-by: Roy Li <rongqing.li@windriver.com>
We will get the following ERROR/WARN if we enable the
installed-vs-shipped check in QA:
ERROR: QA Issue: cherokee: Files/directories were installed but not shipped
/srv
/srv/www
/srv/www/htdocs
/srv/www/htdocs/index.html
/srv/www/htdocs/images
/srv/www/htdocs/images/cherokee-logo.png
/srv/www/htdocs/images/default-bg.png
/srv/www/htdocs/images/favicon.ico
/srv/www/htdocs/images/powered_by_cherokee.png
I think that we can pack these files into cherokee just like what
apache2 does.
Fedora 17 also packs them
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
There are error messages when restart apache service:
Observed Behavior
======================
root@qemu0:/etc/php# apachectl restart
AH00557: httpd: apr_sockaddr_info_get() failed for qemu0
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
root@qemu0:/etc/php# /etc/init.d/apache2 restart
AH00557: httpd: apr_sockaddr_info_get() failed for qemu0
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
root@qemu0:/etc/php# /etc/init.d/apache2 stop
AH00557: httpd: apr_sockaddr_info_get() failed for qemu0
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
Add 'ServerName localhost:80' to httpd.conf could fix this issue.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
The package is no longer available in the official cherokee site,
so download it from a mirror.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
apxs is installed under /usr/bin/crossscripts of sysroot, its hardcode paths
should be handled when store or extracts the sstate archives.
Signed-off-by: Roy Li <rongqing.li@windriver.com>
when use systemd as a system and service manager, systemd-tmpfiles will replace
/etc/init.d/populate-volatile.sh to handle temporary files, so we need to create
the configuration file for apache2
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Running systemd-tmpfiles --update without specifying a configuration
file results in all tmpfiles.d configuration files being processed.
/usr/lib/tmpfiles.d/systemd.conf creates /run/nologin on boot to
prevent non-root users from logging in while the system is booting.
If systemd-tmpfiles --update is run after the system has started,
it will still create /run/nologin which would prevent non-root users
from logging in with the message "System is booting up.".
Signed-off-by: Jonathan Liu <net147@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* LIC_FILES_CHKSUM needed to change because the copyright year changed
* Enabled mcrypt since upstream recommend this for acceptable
performance (and we now have a libmcrypt recipe in meta-oe)
* Disabled the opcache; this is a new feature in 5.5 and the configure
check for it currently breaks when cross-compiling.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
pidile was stored in /var/apache2/log which is saved over boots.
This might prevent startup of apache2 on boots. Move it to /run
where pidfiles in general belong.
Changes:
- Remove unnecessary -c option from install
- Add tmpfiles.d config to create /run/nostromo when systemd is
enabled in DISTRO_FEATURES
- Add postinst script to create /run/nostromo using tmpfiles.d if
running systemd (detected by existence of /sys/fs/cgroup/systemd),
otherwise using populate-volatile.sh if it exists
- Remove /var/log/nostromo and /var/run/nostromo from package
Signed-off-by: Jonathan Liu <net147@gmail.com>
The /var/run directory is already created by base-files.
Signed-off-by: Jonathan Liu <net147@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
The /var/run directory is already created by base-files.
Signed-off-by: Jonathan Liu <net147@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Remove some mostly superfluous scripts for adding additional mimetype
support that add an explicit dependency on bash.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
