- Call the nginx binary directly, no need to wrap the SysV init file.
- Create /var/log/nginx with tmpfiles, like volatiles without systemd.
- Run nginx with ${NGINX_USER} (user ${NGINX_USER} in nginx.conf)
Signed-off-by: Gyorgy Szombathelyi <gyurco@freemail.hu>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* Update license checksum to include latest copyright information
* Update patch for the latest version
Signed-off-by: Derek Straka <derek@asterius.io>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* Compatible with PHP 5.5 to 7.0 and MySQL 5.5 and newer.
* Release notes: http://www.phpmyadmin.net/files/4.6.3/
* Drop two CVE patches which have been fixed:
CVE-2015-7873 and CVE-2015-8669
* Use PV in SRC_URI instead of hardcoded version number.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Update sthttpd to release 2.27.0.
The variable WEBGROUP is introduced to allow configuring the group used
for the special ${sbindir}/makeweb tool, which in 2.27.0 is installed
setgid to this group by default, whereas in 2.26.4 it was not.
sthttpd 2.27 uses `thttpd' as the default value; here, the more
standard `www-data' group is used by default.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
libtool-cross recipe install it as ${HOST_SYS}-libtool
Signed-off-by: Kirill Esipov <yesipov@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Remove a now redundant nginx-cross patch with stable moving to 1.10.X
Remove a duplicate DISABLE_STATIC
Signed-off-by: Derek Straka <derek@asterius.io>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
The 1.8 version is now considered legacy and the stable versions 1.10.X
Updated the license checksum to reflect copyright date update to 2016
Signed-off-by: Derek Straka <derek@asterius.io>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Netdata are a performance monitoring tools for Linux systems, applications.
Netdata interface are available via http on port 19999:
http://<ip address>:19999
Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
base_contains() is a compatibility wrapper and may warn in the future, so
replace all instances with bb.utils.contains().
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
update the nginx-cross path to work with the latest version of nginx
Signed-off-by: Derek Straka <derek@asterius.io>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
The apache-websocket module is an Apache 2.x server module that may be
used to process requests using the WebSocket protocol (RFC 6455) by an
Apache 2.x server. The module consists of a plugin architecture for
handling WebSocket messaging.
Signed-off-by: Haris Okanovic <haris.okanovic@ni.com>
Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Some apache module recipes like the newly introduced apache-websocket
also need apachectl at build in the sysroot besides apxs.
Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
The 1.8 branch is the current stable branch of nginx.
This means the branch doesn't get new features, but is still supported with bugfixes.
Depending on the use case it is more suitable to use on an embedded device
than the 1.9 branch which adds new features with every release.
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
nginx has two maintained branches.
- stable: is the long term maintained branch where only bugfixes occur
- mainline: is the branch where new features get added
This change is in preparation to support these two branches.
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Default config of the mysql Webmin module uses paths of a manually installed
MySQL. This commit adjusts paths to the ones used by MariaDB in OE.
Signed-off-by: Diego Rondini <diego.ml@zoho.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
This allows selecting a different user then "www" in a bbappend.
It also allows to change the default value of "/var/www/localhost" to something else.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12,
4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers
to obtain sensitive information via a crafted request, which reveals
the full path in an error message.
This patch is from c4d649325b
Signed-off-by: Jian Liu <jian.liu@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
The OML license is specific to fastcgi, which is in meta-webserver,
not meta-oe.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
1. Upgrade apache2 from 2.4.16 to 2.4.18
The changes in 2.4.18 is shown in following URL.
http://ftp.meisei-u.ac.jp/mirror/apache/dist//httpd/CHANGES_2.4.18
2. Delete patch file npn-patch-2.4.7.patch due to this patch file can not be applied to the apache2 2.4.18's source code.
The NPN support was removed with r1676004. NPN is now quite unlikely to find its way into a stable release.
https://bz.apache.org/bugzilla/show_bug.cgi?id=52210
Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1
and 4.5.x before 4.5.1 allows remote attackers to spoof content via the
url parameter.
Backport upstream commit to fix it:
cd09765675
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
It shows warnings when build apache2 such as:
| WARNING: QA Issue: apache2: /apache2-dev/usr/share/apache2/icons/small/movie.gif
| is owned by uid 1785, which is the same as the user running bitbake.
| This may be due to host contamination [host-user-contaminated]
Set the owner and group to root to fix it.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* see:
http://lists.openembedded.org/pipermail/openembedded-devel/2015-September/103271.html
* fixes:
ERROR: phpmyadmin different signature for task do_package_write_ipk.sigdata between qemux86copy and qemuarm
runtaskdeps changed from ['bashbash_4.3.30.bb.do_packagedata', 'opkg-utilsopkg-utils_git.bb.do_populate_sysroot:virtual:native', 'phpmyadminphpmyadmin_4.4.9.bb.do_package', 'phpmyadminphpmyadmin_4.4.9.bb.do_packagedata', 'pseudopseudo_1.7.4.bb.do_populate_sysroot:virtual:native'] to ['bashbash_4.3.30.bb.do_packagedata', 'opkg-utilsopkg-utils_git.bb.do_populate_sysroot:virtual:native', 'phpmyadminphpmyadmin_4.4.9.bb.do_package', 'phpmyadminphpmyadmin_4.4.9.bb.do_packagedata', 'pseudopseudo_1.7.4.bb.do_populate_sysroot:virtual:native']
openembedded-core/meta/recipes-extended/bash/bash_4.3.30.bb.do_packagedata with hash c08b791d0f860a835a911f5a4c9a32d9
changed to
openembedded-core/meta/recipes-extended/bash/bash_4.3.30.bb.do_packagedata with hash 91674ffdfc796e4ab503093d2c8379da
Hash for dependent task bashbash_4.3.30.bb.do_packagedata changed from c08b791d0f860a835a911f5a4c9a32d9 to 91674ffdfc796e4ab503093d2c8379da
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
systemd service file expects full path of the executatbles.
Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Passing EXTRA_OECONF to ./configure, this allows to alter build
configure
Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Replace contaminated paths with staging paths so apxs can be successfully used
in other recipes to build modules when host and target arch differ.
Signed-off-by: George McCollister <george.mccollister@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Remove 'perl-module-sdbm' from RDEPENDS as perl don't build out this module.
This also fixes the following warning.
WARNING: QA Issue: webmin rdepends on perl-module-sdbm, but it isn't a build dependency? [build-deps]
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Upgrade phpmyadmin from 4.4.9 to 4.5.0.2 and SRC_URI is updated.
Accoring to release note, there is NO API changes for 4.5.0.x serial. So
upgrade to 4.5.0.2 rather than 4.4.15 which will only support for
security fixes only.
And license file has some text update. See:
9d080a482f
Change files owner to fix [host-user-contaminated] warnings.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Due to the way most files were installed, using cp ..., during packaging we got spammed
with messages like:
WARNING: QA Issue: webmin: /webmin-module-fail2ban/usr/lib/webmin/webmin/fail2ban/lang/no is owned by gid 100, which is the same as the user running bitbake. This may be due to host contamination [host-user-contaminated]
WARNING: QA Issue: webmin: /webmin-module-system-status/usr/lib/webmin/webmin/system-status/lang/no is owned by gid 100, which is the same as the user running bitbake. This may be due to host contamination [host-user-contaminated]
Do the install in a similar way as is done in bin_package.bbclass.
By doing that, we're not getting any QA-errors from host-user-contaminated.
Signed-off-by: Anders Darander <anders@chargestorm.se>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Those buildpaths were generated from configure substitutions, they are
required for cross-compiling, but obviously they should be cleaned up
from target stuffs.
Cleanup buildpaths from config_vars.mk and config.nice:
* remove ${STAGING_DIR_HOST} from CC, CFLAGS ...
* set APU_INCLUDEDIR, APU_CONFIG as empty
* remove buildpath from configure line
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Change start, stop, and restart functions in apache2 init script to return only
after completion (i.e. the server has started/stopped, not just received a kill
signal). Starting and stopping the server in quick sucession results in an error
because the server will attempt to stop before it has had time to start and vice
versa.
Signed-off-by: Adam Chappell <adam.chappell@ni.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2.4.16 includes fixes for CVE-2015-3185, CVE-2015-0253 and CVE-2015-3183
remove a backport patch 0001-SECURITY-CVE-2015-0228-cve.mitre.org.patch
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
after cmake is upgrade to 3.2.2, the /var/run dir is not created, so
not need to remove it.
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
WARNING: QA Issue: /usr/bin/apxs_apache2-dev contained in package apache2-dev requires /usr/bin/perl, but no providers found in its RDEPENDS [file-rdeps]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
upgrade to include CVE fixes:
CVE-2015-3903
CVE-2015-3902
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Adds support for systemd, creates a service for nginx and installs it if required
Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Remove apache-CVE-2014-0117.patch which apache2 2.4.12 has it
Update the apache-ssl-ltmain-rpath.patch
Backport the patch to fix CVE-2015-0228
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
This patch add the new Monkey HTTP Server v1.5.6.
For more details about software changes please visit:
http://monkey-project.com/Announcements/v1.5.6
=== Build Tests ==
This version have been tested on Yocto/Dizzy based on RPM.
monkey-yocto/5aee7684cd66f78fb51f78138603a4dde4ef2484
Signed-off-by: Eduardo Silva <eduardo@monkey.io>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Fixed:
cherokee/rule_geoip.h:34:19: fatal error: GeoIP.h: No such file or directory
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
fix a typos to remove a warning:
systemd[1]: [/lib/systemd/system/apache2.service:2] Unknown lvalue
'Decription' in section 'Unit'
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Add PACKAGECONFIG for 'selinux', otherwise there would be warnings like
below:
WARN: apache2: apache2 rdepends on libselinux, but it isn't a build dependency?
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
The configure.initd.gentoo script is used for gentoo, it is invalid for oe. So
remove it to solve the following warning:
webmin-1.700: webmin-module-ajaxterm requires /sbin/runscript, but no providers
in its RDEPENDS [file-rdeps]
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before
4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote
authenticated users to inject arbitrary web script or HTML via a crafted ENUM
value that is improperly handled during rendering of the (1) table search or (2)
table structure page, related to
libraries/TableSearch.class.php and libraries/Util.class.php.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7217
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Cross-site scripting (XSS) vulnerability in the view operations page in
phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote
authenticated users to inject arbitrary web script or HTML via a crafted
view name, related to js/functions.js.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5274
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x
before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow
remote authenticated users to inject arbitrary web script or HTML via the
(1) browse table page, related to js/sql.js; (2) ENUM editor page, related
to js/functions.js; (3) monitor page, related to js/server_status_monitor.js;
(4) query charts page, related to js/tbl_chart.js; or (5) table relations
page, related to libraries/tbl_relation.lib.php.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5273
Signed-off-by: Roy Li <rongqing.li@windriver.com>
The patch comes from upstream:
http://svn.apache.org/viewvc?view=revision&revision=1610674
SECURITY (CVE-2014-0117): Fix a crash in mod_proxy. In a reverse proxy
configuration, a remote attacker could send a carefully crafted request which
could crash a server process, resulting in denial of service.
Thanks to Marek Kroemeke working with HP's Zero Day Initiative for reporting
this issue.
Submitted by: Edward Lu, breser, covener
Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Multiple buffer overflows in the php_parserr function in
ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow
remote DNS servers to cause a denial of service (application crash) or
possibly execute arbitrary code via a crafted DNS record, related to the
dns_get_record function and the dn_expand function. NOTE: this issue
exists because of an incomplete fix for CVE-2014-4049.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3597
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Integer overflow in the cdf_read_property_info function in cdf.c in file
through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and
5.5.x before 5.5.16, allows remote attackers to cause a denial of
service (application crash) via a crafted CDF file. NOTE: this
vulnerability exists because of an incomplete fix for CVE-2012-1571.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3587
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before
5.5.16 does not ensure that pathnames lack %00 sequences, which might
allow remote attackers to overwrite arbitrary files via crafted input to
an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif,
(4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5120
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
This patch add the new Monkey HTTP Server v1.5.4.
For more details about software changes please visit:
http://monkey-project.com/Announcements/v1.5.4
=== Build Tests ==
This version have been tested on Yocto/Daisy based on RPM.
monkey-yocto/a617991e40bd5c3779ad7b3689f78857d3e45248
Signed-off-by: Eduardo Silva <eduardo@monkey.io>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Split apache2-scripts subpkg to put the perl script dbmmanage, so that
apache2 doesn't have to RDEPEND on perl.
Add another perl script apxs to apache2-dev pkg as Olof Johansson
suggested.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Bashism:
possible bashism in plugins/transformations/generator_plugin.sh line 16 (echo -e):
echo -e "Usage: ./generator_plugin.sh MIMEType MIMESubtype TransformationName [Description]\n"
possible bashism in plugins/transformations/generator_plugin.sh line 28 (${parm,[,][pat]} or ${parm^[^][pat]}):
MT="${MT^}"
possible bashism in plugins/transformations/generator_plugin.sh line 29 (${parm,[,][pat]} or ${parm^[^][pat]}):
MS="${MS^}"
possible bashism in plugins/transformations/generator_plugin.sh line 30 (${parm,[,][pat]} or ${parm^[^][pat]}):
TN="${TN^}"
possible bashism in plugins/transformations/generator_plugin.sh line 51 (should be 'b = a'):
if [ "$4" == "--generate_only_main_class" ]; then
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
This patch add the new Monkey HTTP Server v1.5.3.
For more details about software changes please visit:
http://monkey-project.com/Announcements/v1.5.3
=== Build Tests ==
This version have been tested on Yocto/Daisy being packaged and
deployed on images based on RPM successfully.
monkey-yocto/672eadb254e754b91efe691a6594985ee6d9a22e
Signed-off-by: Eduardo Silva <eduardo@monkey.io>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Changed:
- Adjust or remake the following patches based on 1.700:
init-exclude.patch
exports-lib.pl.patch
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* perl-module-time-local is already in RDEPENDS (I guess it's the
same thing as perl-module-timelocal without the last dash)
* list some packages explicitly so that bitbake finds their
RDEPENDS correctly
* fixes following warnings:
webmin-1.620: webmin-module-raid rdepends on mdadm, but it isn't a build dependency? [build-deps]
webmin-1.620: webmin-module-proc rdepends on procps, but it isn't a build dependency? [build-deps]
webmin-1.620: webmin rdepends on perl-module-timelocal, but it isn't a build dependency? [build-deps]
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
