kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/www/lighttpd/options.mk

219 lines
4.8 KiB
Makefile
Raw Normal View History

lighttpd: improve options support as well as adding options for other SSL libraries, disabling options explicitly should cause less problems when the OS contains libraries used by the options.
2021-05-14 13:11:00 +02:00
# $NetBSD: options.mk,v 1.26 2021/05/14 11:11:00 nia Exp $
Initial import of lighttpd-1.4.3 as www/lighttpd. LightTPD is a secure, fast, compliant, and very flexible web-server which designed and optimized for for high-performance environments. With a small memory footprint compared to other webservers, effective management of the CPU load, and advanced feature set (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more), LightTPD is the perfect solution for every server that is suffering load problems. This is loosely based on the lighttpd package from pkgsrc-wip by Piotr Stolc <socrtp@soclab.eu.org>.
2005-09-04 08:37:05 +02:00
www: align variable assignments pkglint -Wall -F --only aligned --only indent -r Manually excluded phraseanet since pkglint got the indentation wrong.
2019-11-04 23:09:50 +01:00
PKG_OPTIONS_VAR= PKG_OPTIONS.lighttpd
lighttpd: improve options support as well as adding options for other SSL libraries, disabling options explicitly should cause less problems when the OS contains libraries used by the options.
2021-05-14 13:11:00 +02:00
PKG_OPTIONS_OPTIONAL_GROUPS= ssl
PKG_OPTIONS_GROUP.ssl= gnutls mbedtls nss openssl wolfssl
PKG_SUPPORTED_OPTIONS+= brotli bzip2 fam gdbm inet6 ldap libdbi lua
PKG_SUPPORTED_OPTIONS+= mysql memcached geoip gssapi webdav
PKG_SUGGESTED_OPTIONS= inet6 openssl
Initial import of lighttpd-1.4.3 as www/lighttpd. LightTPD is a secure, fast, compliant, and very flexible web-server which designed and optimized for for high-performance environments. With a small memory footprint compared to other webservers, effective management of the CPU load, and advanced feature set (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more), LightTPD is the perfect solution for every server that is suffering load problems. This is loosely based on the lighttpd package from pkgsrc-wip by Piotr Stolc <socrtp@soclab.eu.org>.
2005-09-04 08:37:05 +02:00
.include "../../mk/bsd.options.mk"
###
Update to 1.4.56. From the changelog: # Highlights - HTTP/2 support - must be enabled in lighttpd.conf in lighttpd 1.4.56; may be enabled by default in a future release - `server.feature-flags += ("server.h2proto" => "enable", "server.h2c" => "enable")` - TLS library options: OpenSSL, mbedTLS, wolfSSL, GnuTLS, NSS - mod_openssl (existing) - mod_mbedtls (experimental) - mod_wolfssl (experimental) - mod_gnutls (experimental) - mod_nss (experimental) - TLS OCSP stapling (except mbedTLS; not currently supported by mbedTLS) - TLS session ticket key rotation control (except NSS; API limitation in NSS) - mod_deflate brotli support - mod_proxy makes HTTP/1.1 requests to backends (change from HTTP/1.0) - RFC 8297 support for 103 Early Hints produced by backends (scripts) - graceful restart option to transfer listen fds (minimal pause) - `server.systemd-socket-activation = "enable"` - `server.feature-flags += ("server.graceful-restart-bg" => "enable", "server.graceful-shutdown-timeout" => "15")` # Behavior Changes - mod_openssl - default MinProtocol TLSv1.2 TLSv1 and TLSv1.1 are deprecated and no longer supported by major browsers. <https://news.netcraft.com/archives/2020/03/03/browsers-on-track-to-block-850000-tls-1-0-sites.html> If prior behavior is required, configure: `ssl.openssl.ssl-conf-cmd = ("MinProtocol" => "TLSv1")` If using openssl <= 1.0.2 (end-of-life) `ssl.openssl.ssl-conf-cmd = ("Protocol" => "-ALL, TLSv1, TLSv1.1, TLSv1.2")` - (internal) TLS session cache is disabled by default, replaced by lighttpd robust TLSv1.2 session ticket support If backward compatibility is needed: `server.feature-flags += ("ssl.session-cache" => "enable")` - (internal) openssl creates a session ticket encryption key per SSL_CTX. lighttpd 1.4.56 and later assigns a single session ticket encryption key for the lighttpd server (across all SSL_CTX) for consistency. - behavior change with ssl.ca-dn-file (uncommon); applies to client certificate verification and ssl.ca-dn-file (uncommon) If client certificate verification is enabled (ssl.verifyclient.activate = "enable"), all CAs used for client certificate verification must be present in ssl.ca-file. This is the typical use case when client certificate verification is enabled. Certificates in (optional) ssl.ca-dn-file are used to send issuer names to client when the server sends a client certificate request. These names are use by the client during certificate selection, and the server requires that the certificate sent by the client be issued by one of the subjects in ssl.ca-dn-file. (Prior behavior merged ssl.ca-file and ssl.ca-dn-file for trusted CAs. New behavior requires all trusted CAs be listed in ssl.ca-file, and a subset be duplicated into ssl.ca-dn-file to specify allowed client cert issuer.) - mod_deflate: support for bzip2 is now disabled by default in the build - (enable using `./configure --with-bzip2`) bzip2 Content-Encoding is not widely supported Prefer to build `--with-brotli` brotli Content-Encoding is more widely supported than bzip2 # Future Scheduled Behavior Changes - HTTP/2 support will be enabled by default in a future release - graceful restart/shutdown default timeout will change from 0 (infinite/no timeout) to 5 seconds (or some similar non-zero period) configure an alternative with: `server.feature-flags += ("server.graceful-shutdown-timeout" => 5)` - mod_compress is DEPRECATED; use mod_deflate mod_compress has been subsumed by mod_deflate Note: mod_compress config options may be removed in a future release - mod_geoip is DEPRECATED; use mod_maxminddb Note: mod_geoip will be removed from a future lighttpd release - mod_authn_mysql is DEPRECATED; use mod_authn_dbi Note: mod_authn_mysql will be removed from a future lighttpd release - mod_mysql_vhost is DEPRECATED; use mod_vhostdb_dbi or mod_vhostdb_mysql Note: mod_mysql_vhost will be removed from a future lighttpd release - mod_cml is DEPRECATED; use mod_magnet Note: mod_cml will be removed from a future lighttpd release
2020-11-30 11:28:33 +01:00
### Allow using brotli as a compression method in the "deflate" module.
###
.if !empty(PKG_OPTIONS:Mbrotli)
. include "../../archivers/brotli/buildlink3.mk"
CONFIGURE_ARGS+= --with-brotli
.else
CONFIGURE_ARGS+= --without-brotli
.endif
###
### Allow using bzip2 as a compression method in the "deflate" module.
Initial import of lighttpd-1.4.3 as www/lighttpd. LightTPD is a secure, fast, compliant, and very flexible web-server which designed and optimized for for high-performance environments. With a small memory footprint compared to other webservers, effective management of the CPU load, and advanced feature set (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more), LightTPD is the perfect solution for every server that is suffering load problems. This is loosely based on the lighttpd package from pkgsrc-wip by Piotr Stolc <socrtp@soclab.eu.org>.
2005-09-04 08:37:05 +02:00
###
Updated lighttpd to 1.4.41. - 1.4.41 * remove long-deprecated, non-functional config opts * [config] inherit server.use-ipv6 and server.set-v6only (fixes #678) * [mod_auth] fix Digest auth to be better than Basic (fixes #1844) * [mod_ssi] fix #config sizefmt="bytes" * [autobuild] move inet_pton detection later * [core] #include <sys/filio.h> for FIONREAD (fixes #2726) * [autobuild] clock_gettime() -lrt with glibc < 2.17 * [security] do not emit HTTP_PROXY to CGI env * [build_cmake] clock_gettime() -lrt w/ glibc < 2.17 (fixes #2737) * [core] avoid spurious trace and error abort * [core] stay in CON_STATE_CLOSE until done with req * [core] $HTTP["remoteip"] must handle IPv6 w/o [] * [mod_status] show keep-alive status w/ text output (fixes #2740) * do not set REDIRECT_URI in mod_magnet, mod_rewrite (#2738) * revert 1.4.40 swap of REQUEST_URI, REDIRECT_URI (fixes #2738) * [core] permit IPv6 address scope identifier * [TLS] better handling of SSL_ERROR_WANT_READ/WRITE * [TLS] read all available records from SSL_read() * [core] try AF_INET after AF_INET6 if use-ipv6 * [core] set chunkqueue tempdirs at startup * [security] ensure gid != 0 if server.username set (fixes #2725) * [security] disable stat_cache if !follow-symlink (fixes #2724) * [core] fix buffer_copy_string_hex() assert (fixes #2742) * [security] encode quoting chars in HTML and XML * [cmake] always define _GNU_SOURCE * [cmake] enable warnings for GCC and Clang * [cmake] set cmake_minimum_required to 2.8.2
2016-08-01 11:25:20 +02:00
.if !empty(PKG_OPTIONS:Mbzip2)
Initial import of lighttpd-1.4.3 as www/lighttpd. LightTPD is a secure, fast, compliant, and very flexible web-server which designed and optimized for for high-performance environments. With a small memory footprint compared to other webservers, effective management of the CPU load, and advanced feature set (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more), LightTPD is the perfect solution for every server that is suffering load problems. This is loosely based on the lighttpd package from pkgsrc-wip by Piotr Stolc <socrtp@soclab.eu.org>.
2005-09-04 08:37:05 +02:00
. include "../../archivers/bzip2/buildlink3.mk"
CONFIGURE_ARGS+= --with-bzip2
Exactly disable bzip2 if bzip option is off. PR#43538 by Aleksey Cheusov.
2010-06-27 13:18:05 +02:00
.else
CONFIGURE_ARGS+= --without-bzip2
Initial import of lighttpd-1.4.3 as www/lighttpd. LightTPD is a secure, fast, compliant, and very flexible web-server which designed and optimized for for high-performance environments. With a small memory footprint compared to other webservers, effective management of the CPU load, and advanced feature set (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more), LightTPD is the perfect solution for every server that is suffering load problems. This is loosely based on the lighttpd package from pkgsrc-wip by Piotr Stolc <socrtp@soclab.eu.org>.
2005-09-04 08:37:05 +02:00
.endif
###
### Use FAM to optimize number of stat() syscalls used.
###
.if !empty(PKG_OPTIONS:Mfam)
. include "../../mk/fam.buildlink3.mk"
CONFIGURE_ARGS+= --with-fam
lighttpd: improve options support as well as adding options for other SSL libraries, disabling options explicitly should cause less problems when the OS contains libraries used by the options.
2021-05-14 13:11:00 +02:00
.else
CONFIGURE_ARGS+= --without-fam
Initial import of lighttpd-1.4.3 as www/lighttpd. LightTPD is a secure, fast, compliant, and very flexible web-server which designed and optimized for for high-performance environments. With a small memory footprint compared to other webservers, effective management of the CPU load, and advanced feature set (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more), LightTPD is the perfect solution for every server that is suffering load problems. This is loosely based on the lighttpd package from pkgsrc-wip by Piotr Stolc <socrtp@soclab.eu.org>.
2005-09-04 08:37:05 +02:00
.endif
###
### Support using GDBM for storage in the "trigger before download" module.
###
lighttpd: improve options support as well as adding options for other SSL libraries, disabling options explicitly should cause less problems when the OS contains libraries used by the options.
2021-05-14 13:11:00 +02:00
PLIST_VARS+= gdbm
Initial import of lighttpd-1.4.3 as www/lighttpd. LightTPD is a secure, fast, compliant, and very flexible web-server which designed and optimized for for high-performance environments. With a small memory footprint compared to other webservers, effective management of the CPU load, and advanced feature set (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more), LightTPD is the perfect solution for every server that is suffering load problems. This is loosely based on the lighttpd package from pkgsrc-wip by Piotr Stolc <socrtp@soclab.eu.org>.
2005-09-04 08:37:05 +02:00
.if !empty(PKG_OPTIONS:Mgdbm)
. include "../../databases/gdbm/buildlink3.mk"
CONFIGURE_ARGS+= --with-gdbm
- Correction to gdbm option, merge duplicated lines
2017-01-03 15:38:50 +01:00
PLIST.gdbm= yes
lighttpd: improve options support as well as adding options for other SSL libraries, disabling options explicitly should cause less problems when the OS contains libraries used by the options.
2021-05-14 13:11:00 +02:00
.else
CONFIGURE_ARGS+= --without-gdbm
Initial import of lighttpd-1.4.3 as www/lighttpd. LightTPD is a secure, fast, compliant, and very flexible web-server which designed and optimized for for high-performance environments. With a small memory footprint compared to other webservers, effective management of the CPU load, and advanced feature set (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more), LightTPD is the perfect solution for every server that is suffering load problems. This is loosely based on the lighttpd package from pkgsrc-wip by Piotr Stolc <socrtp@soclab.eu.org>.
2005-09-04 08:37:05 +02:00
.endif
###
### IPv6 support.
###
.if !empty(PKG_OPTIONS:Minet6)
CONFIGURE_ARGS+= --enable-ipv6
.else
CONFIGURE_ARGS+= --disable-ipv6
.endif
###
### Allow using LDAP for "basic" authentication.
###
lighttpd: improve options support as well as adding options for other SSL libraries, disabling options explicitly should cause less problems when the OS contains libraries used by the options.
2021-05-14 13:11:00 +02:00
PLIST_VARS+= ldap
Initial import of lighttpd-1.4.3 as www/lighttpd. LightTPD is a secure, fast, compliant, and very flexible web-server which designed and optimized for for high-performance environments. With a small memory footprint compared to other webservers, effective management of the CPU load, and advanced feature set (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more), LightTPD is the perfect solution for every server that is suffering load problems. This is loosely based on the lighttpd package from pkgsrc-wip by Piotr Stolc <socrtp@soclab.eu.org>.
2005-09-04 08:37:05 +02:00
.if !empty(PKG_OPTIONS:Mldap)
The databases/openldap package has been split in -client and -server component packages. Convert LDAP-based applications to depend on openldap-client, and bump PKGREVISION for those that depend on it by default.
2006-05-31 20:22:23 +02:00
. include "../../databases/openldap-client/buildlink3.mk"
Initial import of lighttpd-1.4.3 as www/lighttpd. LightTPD is a secure, fast, compliant, and very flexible web-server which designed and optimized for for high-performance environments. With a small memory footprint compared to other webservers, effective management of the CPU load, and advanced feature set (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more), LightTPD is the perfect solution for every server that is suffering load problems. This is loosely based on the lighttpd package from pkgsrc-wip by Piotr Stolc <socrtp@soclab.eu.org>.
2005-09-04 08:37:05 +02:00
CONFIGURE_ARGS+= --with-ldap
Updated www/lighttpd to 1.4.44 ------------------------------ - 1.4.44 * [mod_scgi] fix segfault (fixes #2762) * [mod_authn_gssapi] fix memory leak * [config] warn if mod_authn_ldap,mysql not listed * [mod_magnet] fix magnet_cgi_set() set of env vars (fixes #2763) * [mod_cgi] FreeBSD 9.3/MacOSX does not have pipe2() (fixes #2765) * [mod_extforward] fix crash on invalid IP (fixes #2766) * [mod_fastcgi] fix segfault if all backends down (fixes #2768) * [mod_cgi] fix out of sockets error for POST to CGI (fixes #2771) * [mod_auth] compile fix for Mac OS X XCode (fixes #2772) * [mod_authn_gssapi] better resource cleanup * [core] compile fix for Mac OS X 10.6 (old) (fixes #2773) * fix race in dynamic handler configs (reentrancy) (fixes #2774) * [mod_authn_mysql] close mysql_conn in cleanup * [mod_webdav] compile fix when locking not enabled * load mod_auth & mod_authn_file in sample/test.conf * comment out auth.backend.ldap.* in tests/*.conf * [mod_fastcgi,mod_scgi] warn if invalid "bin-path" * RAND_pseudo_bytes() is deprecated in openssl 1.1.0 * openssl 1.1.0 init and cleanup * [mod_cgi] remove direct calls to network_backend* * [build] build network_*.c into lighttpd executable * suggest inclusion of mod_geoip... before mod_ssi. * set systemd settings similar to lighttpd2 * [doc] remove reference to Linux rt-signals * [mod_authn_gssapi] fix missing error ret, coverity * [core] rename li_rand() to li_rand_pseudo_bytes() * remove #include "stream.h" where not used * [mod_cml] include lua headers before base.h * [core] combine duplicated connection reset code * [mod_ssi] produce content in subrequest hook * [core] remove srv->entropy[] * [core] defer li_rand_init() until first use * [core] permit connection-level state in modules * [mod_dirlisting] render dirlisting as HTML (fixes #2767) * [mod_proxy] replace HTTP Host sent to backend (fixes #2770) * [mod_ssi] basic recursive SSI include virtual (fixes #536) * [mod_ssi] implement, ignore <!--#comment ... --> * [core] consolidate duplicated read-to-close code * [core] fix segfault when parsing a bad config file * [core] support Transfer-Encoding: chunked req body (fixes #2156) * [autobuild] set NO_RDYNAMIC=yes for midipix * [mod_proxy] proxy.balance = "sticky" option (fixes #2117) * [mod_secdownload] warn if SHA used w/o SSL crypto * [build] compile fixes for AIX * [build] check for pipe2() at configure time * [mod_evhost] fix an incorrect error trace * [tests] mark tests/docroot/www/*.pl scripts a+x * [mod_cgi] fall back to pipe() if pipe2() fails * fix SCons fullstatic build with glibc pthreads * [TLS] openssl 1.1.0 makes SSL_OP_NO_SSLv2 no-op (pkgsrc changes) - Add Selection on PLIST depending on options
2017-01-03 15:31:13 +01:00
PLIST.ldap= yes
lighttpd: improve options support as well as adding options for other SSL libraries, disabling options explicitly should cause less problems when the OS contains libraries used by the options.
2021-05-14 13:11:00 +02:00
.else
CONFIGURE_ARGS+= --without-ldap
Initial import of lighttpd-1.4.3 as www/lighttpd. LightTPD is a secure, fast, compliant, and very flexible web-server which designed and optimized for for high-performance environments. With a small memory footprint compared to other webservers, effective management of the CPU load, and advanced feature set (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more), LightTPD is the perfect solution for every server that is suffering load problems. This is loosely based on the lighttpd package from pkgsrc-wip by Piotr Stolc <socrtp@soclab.eu.org>.
2005-09-04 08:37:05 +02:00
.endif
Enable --with-nettle as recommended in the release announcement; we'll add options for other SSL libraries later. Add 'libdbi' option to enable mod_vhostdb_dbi and the new mod_authn_dbi module, off by default. Bump PKGREVISION.
2020-12-01 10:44:12 +01:00
###
### libdbi
###
lighttpd: improve options support as well as adding options for other SSL libraries, disabling options explicitly should cause less problems when the OS contains libraries used by the options.
2021-05-14 13:11:00 +02:00
PLIST_VARS+= libdbi
Enable --with-nettle as recommended in the release announcement; we'll add options for other SSL libraries later. Add 'libdbi' option to enable mod_vhostdb_dbi and the new mod_authn_dbi module, off by default. Bump PKGREVISION.
2020-12-01 10:44:12 +01:00
.if !empty(PKG_OPTIONS:Mlibdbi)
. include "../../databases/libdbi/buildlink3.mk"
CONFIGURE_ARGS+= --with-dbi
PLIST.libdbi= yes
.else
CONFIGURE_ARGS+= --without-dbi
.endif
Initial import of lighttpd-1.4.3 as www/lighttpd. LightTPD is a secure, fast, compliant, and very flexible web-server which designed and optimized for for high-performance environments. With a small memory footprint compared to other webservers, effective management of the CPU load, and advanced feature set (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more), LightTPD is the perfect solution for every server that is suffering load problems. This is loosely based on the lighttpd package from pkgsrc-wip by Piotr Stolc <socrtp@soclab.eu.org>.
2005-09-04 08:37:05 +02:00
###
### Support enabling the Cache Meta Language module with the Lua engine.
###
lighttpd: improve options support as well as adding options for other SSL libraries, disabling options explicitly should cause less problems when the OS contains libraries used by the options.
2021-05-14 13:11:00 +02:00
PLIST_VARS+= lua
Initial import of lighttpd-1.4.3 as www/lighttpd. LightTPD is a secure, fast, compliant, and very flexible web-server which designed and optimized for for high-performance environments. With a small memory footprint compared to other webservers, effective management of the CPU load, and advanced feature set (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more), LightTPD is the perfect solution for every server that is suffering load problems. This is loosely based on the lighttpd package from pkgsrc-wip by Piotr Stolc <socrtp@soclab.eu.org>.
2005-09-04 08:37:05 +02:00
.if !empty(PKG_OPTIONS:Mlua)
. include "../../lang/lua/buildlink3.mk"
Add pkg-config to tools for build with (non-default) lua option.
2006-08-15 00:37:21 +02:00
USE_TOOLS+= pkg-config
Initial import of lighttpd-1.4.3 as www/lighttpd. LightTPD is a secure, fast, compliant, and very flexible web-server which designed and optimized for for high-performance environments. With a small memory footprint compared to other webservers, effective management of the CPU load, and advanced feature set (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more), LightTPD is the perfect solution for every server that is suffering load problems. This is loosely based on the lighttpd package from pkgsrc-wip by Piotr Stolc <socrtp@soclab.eu.org>.
2005-09-04 08:37:05 +02:00
CONFIGURE_ARGS+= --with-lua
lighttpd: improve options support as well as adding options for other SSL libraries, disabling options explicitly should cause less problems when the OS contains libraries used by the options.
2021-05-14 13:11:00 +02:00
PLIST.lua= yes
.else
CONFIGURE_ARGS+= --without-lua
Initial import of lighttpd-1.4.3 as www/lighttpd. LightTPD is a secure, fast, compliant, and very flexible web-server which designed and optimized for for high-performance environments. With a small memory footprint compared to other webservers, effective management of the CPU load, and advanced feature set (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more), LightTPD is the perfect solution for every server that is suffering load problems. This is loosely based on the lighttpd package from pkgsrc-wip by Piotr Stolc <socrtp@soclab.eu.org>.
2005-09-04 08:37:05 +02:00
.endif
###
### Support using memcached as an in-memory caching system for the
### "trigger before download" and CML modules.
###
lighttpd: improve options support as well as adding options for other SSL libraries, disabling options explicitly should cause less problems when the OS contains libraries used by the options.
2021-05-14 13:11:00 +02:00
PLIST_VARS+= memcached
Update to 1.4.45. From the changelog: * [mod_cgi] skip local-redir handling if to self (fixes #2779, #2108) * [mod_webdav] fix crash when plugin_ctx cleaned up (fixes #2780) * [mod_fastcgi] detect child exit, restart proactively * [mod_scgi] detect child exit, restart proactively * [TLS] ssl.read-ahead = "disable" for low mem (fixes #2778) pkgsrc changes: - Rename non-standard "memcache" option to "memcached" (retaining compatibility for the old option for a while)
2017-01-16 01:30:46 +01:00
.if !empty(PKG_OPTIONS:Mmemcached)
Change libmemcache dependency to libmemcached See https://www.lighttpd.net/2017/10/21/1.4.46/
2018-04-17 22:11:15 +02:00
. include "../../devel/libmemcached/buildlink3.mk"
CONFIGURE_ARGS+= --with-memcached
PLIST.memcached= yes
lighttpd: improve options support as well as adding options for other SSL libraries, disabling options explicitly should cause less problems when the OS contains libraries used by the options.
2021-05-14 13:11:00 +02:00
.else
CONFIGURE_ARGS+= --without-memcached
Update lighttpd to 1.4.6. Take maintainership. Activate memcache option, now that devel/libmemcache is imported. From NEWS: - 1.4.6 - 2005-10-09 * fixed compilation on MacOS X and cygwin * fixed compressed output if caching was disabled (seen in IE and Opera) * fixed range-request option * fixed mysql-vhost module (was broken in 1.4.5) * fixed false positive in the detection of case-insensitive FS - 1.4.5 - 2005-10-02 * added all DeltaV methods as known methods * added buffer-to-disk of request content * added warning for unused variables in conditionals * added global index-generators to mod_indexfile * fixed caching for remote-ip conditionals with keep-alive * fixed redirects with content * fixed infinite loop in exec-cmd in mod_ssi * fixed segfault in config handling for mod_mysql_vhost * fixed segfault on FIFOs/Sockets * fixed possible crash on uninit memory if If-Modified-Since was too long * fixed accounting of mem-chunks * fixed starving of connections on high load * fixed crc errors in mod_compress on 64bit platforms * fixed handling of overlapping fastcgi packets (bug added in 1.4.4) * fixed logic of conditionals if a header was not set * fixed a segfault in mod_rewrite if %1 references were used * fixed handling of empty request URIs in HTTP requests - 1.4.4 - 2005-09-16 * added support for %V in mod_accesslog * added a option for a FastCGI responser to send static files * added md5 and blowfish hashes to htpasswd * fixed METHOD in mod_accesslog of WebDAV methods * fixed check for permission before files in sent * fixed mod-proxy and content for non-POST requests * fixed compilation of mod_cml on MacOS X * fixed SSL errmsg after accept() * fixed memleak in stat-cache * fixed aborted connections if file was moved while in transfer * fixed mem-usage for large FastCGI transfers
2005-10-11 17:44:00 +02:00
.endif
Initial import of lighttpd-1.4.3 as www/lighttpd. LightTPD is a secure, fast, compliant, and very flexible web-server which designed and optimized for for high-performance environments. With a small memory footprint compared to other webservers, effective management of the CPU load, and advanced feature set (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more), LightTPD is the perfect solution for every server that is suffering load problems. This is loosely based on the lighttpd package from pkgsrc-wip by Piotr Stolc <socrtp@soclab.eu.org>.
2005-09-04 08:37:05 +02:00
###
### Allow using MySQL for virtual host configuration.
###
lighttpd: improve options support as well as adding options for other SSL libraries, disabling options explicitly should cause less problems when the OS contains libraries used by the options.
2021-05-14 13:11:00 +02:00
PLIST_VARS+= mysql
Initial import of lighttpd-1.4.3 as www/lighttpd. LightTPD is a secure, fast, compliant, and very flexible web-server which designed and optimized for for high-performance environments. With a small memory footprint compared to other webservers, effective management of the CPU load, and advanced feature set (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more), LightTPD is the perfect solution for every server that is suffering load problems. This is loosely based on the lighttpd package from pkgsrc-wip by Piotr Stolc <socrtp@soclab.eu.org>.
2005-09-04 08:37:05 +02:00
.if !empty(PKG_OPTIONS:Mmysql)
. include "../../mk/mysql.buildlink3.mk"
MYSQL_CONFIG?= ${BUILDLINK_PREFIX.mysql-client}/bin/mysql_config
Ran "pkglint --autofix", which corrected some of the quoting issues in CONFIGURE_ARGS.
2005-12-06 00:55:01 +01:00
CONFIGURE_ARGS+= --with-mysql=${MYSQL_CONFIG:Q}
Updated www/lighttpd to 1.4.44 ------------------------------ - 1.4.44 * [mod_scgi] fix segfault (fixes #2762) * [mod_authn_gssapi] fix memory leak * [config] warn if mod_authn_ldap,mysql not listed * [mod_magnet] fix magnet_cgi_set() set of env vars (fixes #2763) * [mod_cgi] FreeBSD 9.3/MacOSX does not have pipe2() (fixes #2765) * [mod_extforward] fix crash on invalid IP (fixes #2766) * [mod_fastcgi] fix segfault if all backends down (fixes #2768) * [mod_cgi] fix out of sockets error for POST to CGI (fixes #2771) * [mod_auth] compile fix for Mac OS X XCode (fixes #2772) * [mod_authn_gssapi] better resource cleanup * [core] compile fix for Mac OS X 10.6 (old) (fixes #2773) * fix race in dynamic handler configs (reentrancy) (fixes #2774) * [mod_authn_mysql] close mysql_conn in cleanup * [mod_webdav] compile fix when locking not enabled * load mod_auth & mod_authn_file in sample/test.conf * comment out auth.backend.ldap.* in tests/*.conf * [mod_fastcgi,mod_scgi] warn if invalid "bin-path" * RAND_pseudo_bytes() is deprecated in openssl 1.1.0 * openssl 1.1.0 init and cleanup * [mod_cgi] remove direct calls to network_backend* * [build] build network_*.c into lighttpd executable * suggest inclusion of mod_geoip... before mod_ssi. * set systemd settings similar to lighttpd2 * [doc] remove reference to Linux rt-signals * [mod_authn_gssapi] fix missing error ret, coverity * [core] rename li_rand() to li_rand_pseudo_bytes() * remove #include "stream.h" where not used * [mod_cml] include lua headers before base.h * [core] combine duplicated connection reset code * [mod_ssi] produce content in subrequest hook * [core] remove srv->entropy[] * [core] defer li_rand_init() until first use * [core] permit connection-level state in modules * [mod_dirlisting] render dirlisting as HTML (fixes #2767) * [mod_proxy] replace HTTP Host sent to backend (fixes #2770) * [mod_ssi] basic recursive SSI include virtual (fixes #536) * [mod_ssi] implement, ignore <!--#comment ... --> * [core] consolidate duplicated read-to-close code * [core] fix segfault when parsing a bad config file * [core] support Transfer-Encoding: chunked req body (fixes #2156) * [autobuild] set NO_RDYNAMIC=yes for midipix * [mod_proxy] proxy.balance = "sticky" option (fixes #2117) * [mod_secdownload] warn if SHA used w/o SSL crypto * [build] compile fixes for AIX * [build] check for pipe2() at configure time * [mod_evhost] fix an incorrect error trace * [tests] mark tests/docroot/www/*.pl scripts a+x * [mod_cgi] fall back to pipe() if pipe2() fails * fix SCons fullstatic build with glibc pthreads * [TLS] openssl 1.1.0 makes SSL_OP_NO_SSLv2 no-op (pkgsrc changes) - Add Selection on PLIST depending on options
2017-01-03 15:31:13 +01:00
PLIST.mysql= yes
lighttpd: improve options support as well as adding options for other SSL libraries, disabling options explicitly should cause less problems when the OS contains libraries used by the options.
2021-05-14 13:11:00 +02:00
.else
CONFIGURE_ARGS+= --without-mysql
.endif
###
### HTTPS support via GnuTLS
###
PLIST_VARS+= gnutls
.if !empty(PKG_OPTIONS:Mgnutls)
. include "../../security/gnutls/buildlink3.mk"
CONFIGURE_ARGS+= --with-gnutls=${BUILDLINK_PREFIX.gnutls}
PLIST.gnutls= yes
.else
CONFIGURE_ARGS+= --without-gnutls
.endif
###
### HTTPS support via mbedTLS
###
PLIST_VARS+= mbedtls
.if !empty(PKG_OPTIONS:Mmbedtls)
. include "../../security/mbedtls/buildlink3.mk"
CONFIGURE_ARGS+= --with-mbedtls=${BUILDLINK_PREFIX.mbedtls}
PLIST.mbedtls= yes
.else
CONFIGURE_ARGS+= --without-mbedtls
.endif
###
### HTTPS support via nss
###
PLIST_VARS+= nss
.if !empty(PKG_OPTIONS:Mnss)
. include "../../devel/nss/buildlink3.mk"
CONFIGURE_ARGS+= --with-nss=${BUILDLINK_PREFIX.nss}
PLIST.nss= yes
.else
CONFIGURE_ARGS+= --without-nss
Initial import of lighttpd-1.4.3 as www/lighttpd. LightTPD is a secure, fast, compliant, and very flexible web-server which designed and optimized for for high-performance environments. With a small memory footprint compared to other webservers, effective management of the CPU load, and advanced feature set (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more), LightTPD is the perfect solution for every server that is suffering load problems. This is loosely based on the lighttpd package from pkgsrc-wip by Piotr Stolc <socrtp@soclab.eu.org>.
2005-09-04 08:37:05 +02:00
.endif
###
lighttpd: improve options support as well as adding options for other SSL libraries, disabling options explicitly should cause less problems when the OS contains libraries used by the options.
2021-05-14 13:11:00 +02:00
### HTTPS support via OpenSSL
Initial import of lighttpd-1.4.3 as www/lighttpd. LightTPD is a secure, fast, compliant, and very flexible web-server which designed and optimized for for high-performance environments. With a small memory footprint compared to other webservers, effective management of the CPU load, and advanced feature set (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more), LightTPD is the perfect solution for every server that is suffering load problems. This is loosely based on the lighttpd package from pkgsrc-wip by Piotr Stolc <socrtp@soclab.eu.org>.
2005-09-04 08:37:05 +02:00
###
lighttpd: improve options support as well as adding options for other SSL libraries, disabling options explicitly should cause less problems when the OS contains libraries used by the options.
2021-05-14 13:11:00 +02:00
PLIST_VARS+= openssl
.if !empty(PKG_OPTIONS:Mopenssl)
Initial import of lighttpd-1.4.3 as www/lighttpd. LightTPD is a secure, fast, compliant, and very flexible web-server which designed and optimized for for high-performance environments. With a small memory footprint compared to other webservers, effective management of the CPU load, and advanced feature set (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more), LightTPD is the perfect solution for every server that is suffering load problems. This is loosely based on the lighttpd package from pkgsrc-wip by Piotr Stolc <socrtp@soclab.eu.org>.
2005-09-04 08:37:05 +02:00
. include "../../security/openssl/buildlink3.mk"
Ran "pkglint --autofix", which corrected some of the quoting issues in CONFIGURE_ARGS.
2005-12-06 00:55:01 +01:00
CONFIGURE_ARGS+= --with-openssl=${SSLBASE:Q}
lighttpd: improve options support as well as adding options for other SSL libraries, disabling options explicitly should cause less problems when the OS contains libraries used by the options.
2021-05-14 13:11:00 +02:00
PLIST.openssl= yes
.else
CONFIGURE_ARGS+= --without-openssl
.endif
###
### HTTPS support via WolfSSL
###
PLIST_VARS+= wolfssl
.if !empty(PKG_OPTIONS:Mwolfssl)
. include "../../security/wolfssl/buildlink3.mk"
CONFIGURE_ARGS+= --with-wolfssl=${BUILDLINK_PREFIX.wolfssl}
PLIST.wolfssl= yes
.else
CONFIGURE_ARGS+= --without-wolfssl
Initial import of lighttpd-1.4.3 as www/lighttpd. LightTPD is a secure, fast, compliant, and very flexible web-server which designed and optimized for for high-performance environments. With a small memory footprint compared to other webservers, effective management of the CPU load, and advanced feature set (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more), LightTPD is the perfect solution for every server that is suffering load problems. This is loosely based on the lighttpd package from pkgsrc-wip by Piotr Stolc <socrtp@soclab.eu.org>.
2005-09-04 08:37:05 +02:00
.endif
Updated lighttpd to version 1.4.42. Added geoip build option. Changelog: * [TLS] SSL_shutdown() only if handshake finished * [mod_proxy,mod_scgi] shutdown remote only if local (#2743) * [core] check if client half-closed TCP if POLLHUP (#2743) * [core] enforce wait for POLLWR after EINPROGRESS (fixes #2744) * [core] do not enter handler twice after read body * [core] proxy,scgi omit shutdown() to backend (fixes #2743) * [mod_dirlisting] dirlist does not handle POST * [mod_dirlisting] js column sort for dirlist table (fixes #613, fixes #2315) * [mod_auth] Digest auth fails after rewrite (fixes #2745) * [mod_auth] refactor out auth backend code * [mod_auth] extensible interface for auth backends * [core] better DragonFlyBSD support (fixes #2746) * [mod_auth] include base.h for USE_OPENSSL def * [mod_auth] support CRYPT-MD5-NTLM algorithm (fixes #1743) * [mod_auth] terminate salt for CRYPT-MD5-NTLM * [core] fix crash if ready events on abandoned fd (fixes #2748) * [mod_auth] http_auth_md5_hex2bin() * [mod_auth] remove empty mod_auth.h * [mod_auth] mod_authn_mysql.c MySQL auth backend (fixes #752, fixes #1845) * [mod_cgi] permit CGI exec of unreadable files (fixes #2374) * [mod_uploadprogress] add to default build * [mod_geoip] add to default build (fixes #2705, fixes #2101, fixes #2092, fixes #2025, fixes #1962, fixes #1938) * [mod_fastcgi] Authorizer support with Responder (fixes #321, fixes #322) * [tests] test coverage for issues (#321, #322) * dynamic handlers store debug flag in handler_ctx * [mod_fastcgi] allow authorizer, responder for same path/ext (#321) * backport mod_deflate to lighttpd 1.4 (fixes #1824, fixes #2753) * [autobuild] test_configfile might need vector.c (fixes #2752) * [mod_deflate] fix longjmp clobber compiler warning * remove unused array type TYPE_COUNT data_count * [mod_auth] structured data, register auth schemes * [mod_auth] mod_authn_gssapi Kerberos auth backend (fixes #1899) * [autobuild] skip two new tests if no fcgi-auth * [SCons] define with_krb5 for SCons build * [SCons] fix syntax error in SConstruct * [SCons] define with_geoip for SCons build * [CMake] fix clang -Wcast-align warnings in lemon.c * remove excess initializers (fix compiler warnings) * fix errors detected by Coverity Scan * performance: use Linux extended syscalls and flags * [mod_scgi] add uwsgi protocol support * [mod_auth] refactor LDAP code into smaller funcs * [mod_auth] HTTP Basic auth backends also do authz (#1817) * [mod_auth] ldap filter subst user for multiple '$' (fixes #1508) * [mod_auth] permit specifying ldap DN; skip search (fixes #1248) * [autobuild] update module/feature report * [cmake] build mod_authn_gssapi if WITH_KRB5 * [mod_auth] fix printing of IP in error trace * [mod_mysql_vhost] support multiple '?' replacement (fixes #2163) * [core] make server.max-request-size scopeable (#1901) * [core] server.max-request-field-size (fixes #2130) * [core] optional condition in config "else" clause (fixes #1268) * [core] restrict where config "else" clauses occur (#1268) * silence warnings from clang ccc-analyzer * consistent, shared code to create CGI env * [TLS] replace env entries in https_add_ssl_entries * [TLS] set SSL_CLIENT_M_SERIAL w/ client cert SN (fixes #2268) * [TLS] set SSL_CLIENT_VERIFY w/ client cert (#1288, #2693) * [TLS] set SSL_PROTOCOL, SSL_CIPHER* (fixes #2511) * [core] rand.[ch] to use better RNGs when available * [mod_cgi] fix pipe_cloexec() when no O_CLOEXEC * ignore return value from fcntl() FD_CLOEXEC * build w/o compiler warnings if no zlib or bz2lib
2016-10-18 00:00:22 +02:00
###
### GeoIP support
###
lighttpd: improve options support as well as adding options for other SSL libraries, disabling options explicitly should cause less problems when the OS contains libraries used by the options.
2021-05-14 13:11:00 +02:00
PLIST_VARS+= geoip
Updated lighttpd to version 1.4.42. Added geoip build option. Changelog: * [TLS] SSL_shutdown() only if handshake finished * [mod_proxy,mod_scgi] shutdown remote only if local (#2743) * [core] check if client half-closed TCP if POLLHUP (#2743) * [core] enforce wait for POLLWR after EINPROGRESS (fixes #2744) * [core] do not enter handler twice after read body * [core] proxy,scgi omit shutdown() to backend (fixes #2743) * [mod_dirlisting] dirlist does not handle POST * [mod_dirlisting] js column sort for dirlist table (fixes #613, fixes #2315) * [mod_auth] Digest auth fails after rewrite (fixes #2745) * [mod_auth] refactor out auth backend code * [mod_auth] extensible interface for auth backends * [core] better DragonFlyBSD support (fixes #2746) * [mod_auth] include base.h for USE_OPENSSL def * [mod_auth] support CRYPT-MD5-NTLM algorithm (fixes #1743) * [mod_auth] terminate salt for CRYPT-MD5-NTLM * [core] fix crash if ready events on abandoned fd (fixes #2748) * [mod_auth] http_auth_md5_hex2bin() * [mod_auth] remove empty mod_auth.h * [mod_auth] mod_authn_mysql.c MySQL auth backend (fixes #752, fixes #1845) * [mod_cgi] permit CGI exec of unreadable files (fixes #2374) * [mod_uploadprogress] add to default build * [mod_geoip] add to default build (fixes #2705, fixes #2101, fixes #2092, fixes #2025, fixes #1962, fixes #1938) * [mod_fastcgi] Authorizer support with Responder (fixes #321, fixes #322) * [tests] test coverage for issues (#321, #322) * dynamic handlers store debug flag in handler_ctx * [mod_fastcgi] allow authorizer, responder for same path/ext (#321) * backport mod_deflate to lighttpd 1.4 (fixes #1824, fixes #2753) * [autobuild] test_configfile might need vector.c (fixes #2752) * [mod_deflate] fix longjmp clobber compiler warning * remove unused array type TYPE_COUNT data_count * [mod_auth] structured data, register auth schemes * [mod_auth] mod_authn_gssapi Kerberos auth backend (fixes #1899) * [autobuild] skip two new tests if no fcgi-auth * [SCons] define with_krb5 for SCons build * [SCons] fix syntax error in SConstruct * [SCons] define with_geoip for SCons build * [CMake] fix clang -Wcast-align warnings in lemon.c * remove excess initializers (fix compiler warnings) * fix errors detected by Coverity Scan * performance: use Linux extended syscalls and flags * [mod_scgi] add uwsgi protocol support * [mod_auth] refactor LDAP code into smaller funcs * [mod_auth] HTTP Basic auth backends also do authz (#1817) * [mod_auth] ldap filter subst user for multiple '$' (fixes #1508) * [mod_auth] permit specifying ldap DN; skip search (fixes #1248) * [autobuild] update module/feature report * [cmake] build mod_authn_gssapi if WITH_KRB5 * [mod_auth] fix printing of IP in error trace * [mod_mysql_vhost] support multiple '?' replacement (fixes #2163) * [core] make server.max-request-size scopeable (#1901) * [core] server.max-request-field-size (fixes #2130) * [core] optional condition in config "else" clause (fixes #1268) * [core] restrict where config "else" clauses occur (#1268) * silence warnings from clang ccc-analyzer * consistent, shared code to create CGI env * [TLS] replace env entries in https_add_ssl_entries * [TLS] set SSL_CLIENT_M_SERIAL w/ client cert SN (fixes #2268) * [TLS] set SSL_CLIENT_VERIFY w/ client cert (#1288, #2693) * [TLS] set SSL_PROTOCOL, SSL_CIPHER* (fixes #2511) * [core] rand.[ch] to use better RNGs when available * [mod_cgi] fix pipe_cloexec() when no O_CLOEXEC * ignore return value from fcntl() FD_CLOEXEC * build w/o compiler warnings if no zlib or bz2lib
2016-10-18 00:00:22 +02:00
.if !empty(PKG_OPTIONS:Mgeoip)
lighttpd: Update to 1.4.54. pkgsrc changes: Replace use of legacy GeoIP library with libmaxminddb. Uses a different module. Changes: Highlights behavior change: strict URL parsing and normalization (configurable) behavior change: mod_webdav now rejects partial PUT (configurable) mod_auth: HTTP Auth Digest algorithm=SHA-256 mod_webdav: major rewrite: robustness, performance, RFC compliance mod_maxminddb: new; obsoletes discontinued mod_geoip Changes from 1.4.53 [mod_evhost] handle IPv6 literal addr; add tests [core] separate server_main_loop() func, mark hot [core] mark startup/shutdown funcs cold [core] some server_main_loop() cleanup [core] fdevent_process() [core] srv→max_fds_lowat and srv→max_fds_hiwat [core] remove server.h [mod_staticfile] search ext array if not empty [core] store joblist pointer on stack [core] quickly clear request buffer for reuse [core] helper funcs for connection_state_machine() [core] perf: optimize connection_read_header() [core] parse request in connection_read_header() [core] log_request_header_on_error in one place [core] copy request only if might need for logging [core] make parse_request,request.request same buf [core] prefer buffer_caseless_compare() [core] pass req hdrs buffer to http_request_parse [core] replace con→response.keep_alive [core] mark log_error_write*() funcs cold [core] http_request_parse() mark error paths cold [core] lift code out of request line parse loop [core] get_http_method_key() match by strlen first [core] RFC7230 HTTP-version parse [mod_accesslog] attempt to reconstruct req line [multiple] minor: remove duplicated conditions [mod_deflate] honor request for x-gzip, x-bzip2 [mod_auth] minor: adjust config validation [core] discard oversized trailers [core] no keep-alive if POLLRDHUP,empty read queue [core] fix gw_backend spelling of directive in err [multiple] reduce code dup in list resizing [core] con→is_ssl_sock [core] connection_handle_write() updates con state [core] skip plugins_call_cleanup if not init’ed [core] simpler loops to run plugin hooks [core] fix mixed use of srv→split_vals array (fixes #2932) [core] dispatch events from within event framework [core] don’t call fd event handlers more than once, they might already be gone (fixes segfault) [core] poll: fdarray uses fd as index, not fde_ndx [core] map FDEVENT_* to OS system event frameworks [core] prefer memchr() over strchr() [core] use openssl to read,discard request body [mod_openssl] inherit cipherlist from global scope [mod_openssl] default: ssl.cipher-list = “HIGH” [mod_proxy] pass Content-Length to backend if > 0 [core] config option to allow GET w/ request body [core] some fdevent code streamlining [core] remove fde_ndx member outside fdevents [core] remove redundant check for allow_http11 [mod_openssl] use 16k static buffer instead of 64k [core] pull server load checks out of main loop [core] isolate fdevent processing [core] release empty chunk buf when nothing read [core] perf: pass (fdnode *) to epoll and kqueue [core] modify config parser to handle multiple } [core] pass (fdnode *) for registered fdevent fd [mod_auth] http_auth_digest_hex2bin() [mod_auth] http_auth_info_t digest abstraction [mod_auth] pass http_auth_require_t for 401 Unauth [core] no SOCK_NONBLOCK on QNX 7.0 [mod_auth] HTTP Auth Digest algorithm=SHA-256 [core] silence coverity warning [mod_magnet] fix invalid script return-type crash (fixes #2938) [build] remove -Wdeclaration-after-statement [core] pass conf.follow_symlink in more places [core] fix assertion with server.error-handler (fixes #2941) [core] extend dir redirection to take HTTP status [doc] minor adjust create-mime.conf.pl regex match (#2942) [core] attribute((fallthrough)) for GCC 7.0 [core] fdevent_mkstemp_append() (shared) [core] off_t upload_temp_file_size [core] clear FDEVENT_RDHUP if no POLLRDHUP [mod_wstunnel] fix ping-interval for big-endian (fixes #2944) [core] fix abort in http-parseopts (fixes #2945) [core] remove repeated slashes in http-parseopts [core] fix 1.4.52 regression in mem use with POST (fixes #2948) [multiple] cleaner calloc use in SETDEFAULTS_FUNC [core] add const to some etag prototypes [core] attribute((format …)) [core] struct log_error_st for error logging [core] log_error, log_perror using printf-like fmt [core] new worker_init hook to follow parent fork [core] replace open() with fdevent_open_cloexec() [mod_webdav] major rewrite (fixes #1818) [core] 200 for OPTIONS /non-existent/path HTTP/1.1 (fixes #2939) [mod_webdav] surround Lock-Token with “<…>” [mod_webdav] fix uuid detection macro [mod_webdav] fix misbehavior on blank nodes in PROPPATCH [mod_webdav] clean up resources after do{}while(0) [mod_webdav] check If-Match, If-Unmodified-Since (#1818) [mod_webdav] deprecated unsafe partial PUT compat [mod_webdav] provide ETag in more responses [mod_webdav] platform portability fixes [mod_webdav] disable elftc_copyfile() on FreeBSD [mod_webdav] special-case If: () [mod_webdav] check If-None-Match (#1818) [stat_cache] separate func for symlink policy chk [stat_cache] separate symlink pol from data struct [stat_cache] store entries without trailing slash [stat_cache] pass age param for stat cache cleanup [stat_cache] remove splaytree ins/del debug code [stat_cache] FAM: reduce string copying [stat_cache] FAM: check FAMNextEvent() return code [stat_cache] FAM: use entry hash index as userdata [stat_cache] FAM: improve handling modified file [stat_cache] FAM: ignore follow-symlink config [stat_cache] FAM: check hash collision before add [stat_cache] FAM: ignore event with no valid match [stat_cache] FAM: funcs to invalidate entries [stat_cache] interfaces to invalidate entries [mod_webdav] update stat_cache after file mod [core] use high precision stat timestamp in etag [scons] adjustment for static build under CentOS [core] emit trace using path before clearing path [core] http_chunk_append_file_fd() [multiple] open target file earlier in some cases [stat_cache] no longer stat() and open() for stat [stat_cache] FAM: improve monitoring, cache 16 sec [stat_cache] FAM: separate routine for FDEVENT_IN [stat_cache] FAM: whitespace-only change [mod_webdav] quiet coverity warnings [doc] highlight relevance of module load order (fixes #2946) [core] behavior change: stricter URL normalization [stat_cache] fix compilation error for cmake [cmake] help cmake on FreeBSD find sys/event.h [scons] help scons on FreeBSD find sys/event.h [build] detect FreeBSD elftc_copyfile() [mod_openssl] use SSL_CTX_set_client_hello_cb() [core] support weak etags with If-None-Match [core] store log_state_handling flag on stack [core] check if splay_tree NULL before invalidate [mod_webdav] workaround Microsoft-WebDAV-MiniRedir [mod_webdav] doc Microsoft-WebDAV-MiniRedir bugs [mod_webdav] invalidate parent dir in stat_cache [doc] systemd socket activation config example [core] chunkqueue perf: code reuse [core] chunkqueue perf: specialized buffer.h funcs [core] chunkqueue perf: skip opening 0-length file [core] chunkqueue perf: read small files into mem [core] buffer_reset() should not be passed NULL [tests] has_feature() helper func [tests] skip mod-secdownload HMAC-SHA1,HMAC-SHA256 [core] use high precision stat timestamp on OS X [mod_magnet] expose server addr (local IP) to lua [core] adjust http_chunk read() retry loop [mod_maxminddb] MaxMind GeoIP2 support [mod_authn_ldap] ldap_set_option LDAP_OPT_RESTART (fixes #2940)
2019-05-29 12:01:28 +02:00
. include "../../geography/libmaxminddb/buildlink3.mk"
CONFIGURE_ARGS+= --with-maxminddb
Updated www/lighttpd to 1.4.44 ------------------------------ - 1.4.44 * [mod_scgi] fix segfault (fixes #2762) * [mod_authn_gssapi] fix memory leak * [config] warn if mod_authn_ldap,mysql not listed * [mod_magnet] fix magnet_cgi_set() set of env vars (fixes #2763) * [mod_cgi] FreeBSD 9.3/MacOSX does not have pipe2() (fixes #2765) * [mod_extforward] fix crash on invalid IP (fixes #2766) * [mod_fastcgi] fix segfault if all backends down (fixes #2768) * [mod_cgi] fix out of sockets error for POST to CGI (fixes #2771) * [mod_auth] compile fix for Mac OS X XCode (fixes #2772) * [mod_authn_gssapi] better resource cleanup * [core] compile fix for Mac OS X 10.6 (old) (fixes #2773) * fix race in dynamic handler configs (reentrancy) (fixes #2774) * [mod_authn_mysql] close mysql_conn in cleanup * [mod_webdav] compile fix when locking not enabled * load mod_auth & mod_authn_file in sample/test.conf * comment out auth.backend.ldap.* in tests/*.conf * [mod_fastcgi,mod_scgi] warn if invalid "bin-path" * RAND_pseudo_bytes() is deprecated in openssl 1.1.0 * openssl 1.1.0 init and cleanup * [mod_cgi] remove direct calls to network_backend* * [build] build network_*.c into lighttpd executable * suggest inclusion of mod_geoip... before mod_ssi. * set systemd settings similar to lighttpd2 * [doc] remove reference to Linux rt-signals * [mod_authn_gssapi] fix missing error ret, coverity * [core] rename li_rand() to li_rand_pseudo_bytes() * remove #include "stream.h" where not used * [mod_cml] include lua headers before base.h * [core] combine duplicated connection reset code * [mod_ssi] produce content in subrequest hook * [core] remove srv->entropy[] * [core] defer li_rand_init() until first use * [core] permit connection-level state in modules * [mod_dirlisting] render dirlisting as HTML (fixes #2767) * [mod_proxy] replace HTTP Host sent to backend (fixes #2770) * [mod_ssi] basic recursive SSI include virtual (fixes #536) * [mod_ssi] implement, ignore <!--#comment ... --> * [core] consolidate duplicated read-to-close code * [core] fix segfault when parsing a bad config file * [core] support Transfer-Encoding: chunked req body (fixes #2156) * [autobuild] set NO_RDYNAMIC=yes for midipix * [mod_proxy] proxy.balance = "sticky" option (fixes #2117) * [mod_secdownload] warn if SHA used w/o SSL crypto * [build] compile fixes for AIX * [build] check for pipe2() at configure time * [mod_evhost] fix an incorrect error trace * [tests] mark tests/docroot/www/*.pl scripts a+x * [mod_cgi] fall back to pipe() if pipe2() fails * fix SCons fullstatic build with glibc pthreads * [TLS] openssl 1.1.0 makes SSL_OP_NO_SSLv2 no-op (pkgsrc changes) - Add Selection on PLIST depending on options
2017-01-03 15:31:13 +01:00
PLIST.geoip= yes
lighttpd: improve options support as well as adding options for other SSL libraries, disabling options explicitly should cause less problems when the OS contains libraries used by the options.
2021-05-14 13:11:00 +02:00
.else
CONFIGURE_ARGS+= --without-maxminddb
Updated www/lighttpd to 1.4.44 ------------------------------ - 1.4.44 * [mod_scgi] fix segfault (fixes #2762) * [mod_authn_gssapi] fix memory leak * [config] warn if mod_authn_ldap,mysql not listed * [mod_magnet] fix magnet_cgi_set() set of env vars (fixes #2763) * [mod_cgi] FreeBSD 9.3/MacOSX does not have pipe2() (fixes #2765) * [mod_extforward] fix crash on invalid IP (fixes #2766) * [mod_fastcgi] fix segfault if all backends down (fixes #2768) * [mod_cgi] fix out of sockets error for POST to CGI (fixes #2771) * [mod_auth] compile fix for Mac OS X XCode (fixes #2772) * [mod_authn_gssapi] better resource cleanup * [core] compile fix for Mac OS X 10.6 (old) (fixes #2773) * fix race in dynamic handler configs (reentrancy) (fixes #2774) * [mod_authn_mysql] close mysql_conn in cleanup * [mod_webdav] compile fix when locking not enabled * load mod_auth & mod_authn_file in sample/test.conf * comment out auth.backend.ldap.* in tests/*.conf * [mod_fastcgi,mod_scgi] warn if invalid "bin-path" * RAND_pseudo_bytes() is deprecated in openssl 1.1.0 * openssl 1.1.0 init and cleanup * [mod_cgi] remove direct calls to network_backend* * [build] build network_*.c into lighttpd executable * suggest inclusion of mod_geoip... before mod_ssi. * set systemd settings similar to lighttpd2 * [doc] remove reference to Linux rt-signals * [mod_authn_gssapi] fix missing error ret, coverity * [core] rename li_rand() to li_rand_pseudo_bytes() * remove #include "stream.h" where not used * [mod_cml] include lua headers before base.h * [core] combine duplicated connection reset code * [mod_ssi] produce content in subrequest hook * [core] remove srv->entropy[] * [core] defer li_rand_init() until first use * [core] permit connection-level state in modules * [mod_dirlisting] render dirlisting as HTML (fixes #2767) * [mod_proxy] replace HTTP Host sent to backend (fixes #2770) * [mod_ssi] basic recursive SSI include virtual (fixes #536) * [mod_ssi] implement, ignore <!--#comment ... --> * [core] consolidate duplicated read-to-close code * [core] fix segfault when parsing a bad config file * [core] support Transfer-Encoding: chunked req body (fixes #2156) * [autobuild] set NO_RDYNAMIC=yes for midipix * [mod_proxy] proxy.balance = "sticky" option (fixes #2117) * [mod_secdownload] warn if SHA used w/o SSL crypto * [build] compile fixes for AIX * [build] check for pipe2() at configure time * [mod_evhost] fix an incorrect error trace * [tests] mark tests/docroot/www/*.pl scripts a+x * [mod_cgi] fall back to pipe() if pipe2() fails * fix SCons fullstatic build with glibc pthreads * [TLS] openssl 1.1.0 makes SSL_OP_NO_SSLv2 no-op (pkgsrc changes) - Add Selection on PLIST depending on options
2017-01-03 15:31:13 +01:00
.endif
###
### gssapi
###
lighttpd: improve options support as well as adding options for other SSL libraries, disabling options explicitly should cause less problems when the OS contains libraries used by the options.
2021-05-14 13:11:00 +02:00
PLIST_VARS+= gssapi
Updated www/lighttpd to 1.4.44 ------------------------------ - 1.4.44 * [mod_scgi] fix segfault (fixes #2762) * [mod_authn_gssapi] fix memory leak * [config] warn if mod_authn_ldap,mysql not listed * [mod_magnet] fix magnet_cgi_set() set of env vars (fixes #2763) * [mod_cgi] FreeBSD 9.3/MacOSX does not have pipe2() (fixes #2765) * [mod_extforward] fix crash on invalid IP (fixes #2766) * [mod_fastcgi] fix segfault if all backends down (fixes #2768) * [mod_cgi] fix out of sockets error for POST to CGI (fixes #2771) * [mod_auth] compile fix for Mac OS X XCode (fixes #2772) * [mod_authn_gssapi] better resource cleanup * [core] compile fix for Mac OS X 10.6 (old) (fixes #2773) * fix race in dynamic handler configs (reentrancy) (fixes #2774) * [mod_authn_mysql] close mysql_conn in cleanup * [mod_webdav] compile fix when locking not enabled * load mod_auth & mod_authn_file in sample/test.conf * comment out auth.backend.ldap.* in tests/*.conf * [mod_fastcgi,mod_scgi] warn if invalid "bin-path" * RAND_pseudo_bytes() is deprecated in openssl 1.1.0 * openssl 1.1.0 init and cleanup * [mod_cgi] remove direct calls to network_backend* * [build] build network_*.c into lighttpd executable * suggest inclusion of mod_geoip... before mod_ssi. * set systemd settings similar to lighttpd2 * [doc] remove reference to Linux rt-signals * [mod_authn_gssapi] fix missing error ret, coverity * [core] rename li_rand() to li_rand_pseudo_bytes() * remove #include "stream.h" where not used * [mod_cml] include lua headers before base.h * [core] combine duplicated connection reset code * [mod_ssi] produce content in subrequest hook * [core] remove srv->entropy[] * [core] defer li_rand_init() until first use * [core] permit connection-level state in modules * [mod_dirlisting] render dirlisting as HTML (fixes #2767) * [mod_proxy] replace HTTP Host sent to backend (fixes #2770) * [mod_ssi] basic recursive SSI include virtual (fixes #536) * [mod_ssi] implement, ignore <!--#comment ... --> * [core] consolidate duplicated read-to-close code * [core] fix segfault when parsing a bad config file * [core] support Transfer-Encoding: chunked req body (fixes #2156) * [autobuild] set NO_RDYNAMIC=yes for midipix * [mod_proxy] proxy.balance = "sticky" option (fixes #2117) * [mod_secdownload] warn if SHA used w/o SSL crypto * [build] compile fixes for AIX * [build] check for pipe2() at configure time * [mod_evhost] fix an incorrect error trace * [tests] mark tests/docroot/www/*.pl scripts a+x * [mod_cgi] fall back to pipe() if pipe2() fails * fix SCons fullstatic build with glibc pthreads * [TLS] openssl 1.1.0 makes SSL_OP_NO_SSLv2 no-op (pkgsrc changes) - Add Selection on PLIST depending on options
2017-01-03 15:31:13 +01:00
.if !empty(PKG_OPTIONS:Mgssapi)
.include "../../security/mit-krb5/buildlink3.mk"
CONFIGURE_ARGS+= --with-krb5
PLIST.gssapi= yes
lighttpd: improve options support as well as adding options for other SSL libraries, disabling options explicitly should cause less problems when the OS contains libraries used by the options.
2021-05-14 13:11:00 +02:00
.else
CONFIGURE_ARGS+= --without-krb5
Updated lighttpd to version 1.4.42. Added geoip build option. Changelog: * [TLS] SSL_shutdown() only if handshake finished * [mod_proxy,mod_scgi] shutdown remote only if local (#2743) * [core] check if client half-closed TCP if POLLHUP (#2743) * [core] enforce wait for POLLWR after EINPROGRESS (fixes #2744) * [core] do not enter handler twice after read body * [core] proxy,scgi omit shutdown() to backend (fixes #2743) * [mod_dirlisting] dirlist does not handle POST * [mod_dirlisting] js column sort for dirlist table (fixes #613, fixes #2315) * [mod_auth] Digest auth fails after rewrite (fixes #2745) * [mod_auth] refactor out auth backend code * [mod_auth] extensible interface for auth backends * [core] better DragonFlyBSD support (fixes #2746) * [mod_auth] include base.h for USE_OPENSSL def * [mod_auth] support CRYPT-MD5-NTLM algorithm (fixes #1743) * [mod_auth] terminate salt for CRYPT-MD5-NTLM * [core] fix crash if ready events on abandoned fd (fixes #2748) * [mod_auth] http_auth_md5_hex2bin() * [mod_auth] remove empty mod_auth.h * [mod_auth] mod_authn_mysql.c MySQL auth backend (fixes #752, fixes #1845) * [mod_cgi] permit CGI exec of unreadable files (fixes #2374) * [mod_uploadprogress] add to default build * [mod_geoip] add to default build (fixes #2705, fixes #2101, fixes #2092, fixes #2025, fixes #1962, fixes #1938) * [mod_fastcgi] Authorizer support with Responder (fixes #321, fixes #322) * [tests] test coverage for issues (#321, #322) * dynamic handlers store debug flag in handler_ctx * [mod_fastcgi] allow authorizer, responder for same path/ext (#321) * backport mod_deflate to lighttpd 1.4 (fixes #1824, fixes #2753) * [autobuild] test_configfile might need vector.c (fixes #2752) * [mod_deflate] fix longjmp clobber compiler warning * remove unused array type TYPE_COUNT data_count * [mod_auth] structured data, register auth schemes * [mod_auth] mod_authn_gssapi Kerberos auth backend (fixes #1899) * [autobuild] skip two new tests if no fcgi-auth * [SCons] define with_krb5 for SCons build * [SCons] fix syntax error in SConstruct * [SCons] define with_geoip for SCons build * [CMake] fix clang -Wcast-align warnings in lemon.c * remove excess initializers (fix compiler warnings) * fix errors detected by Coverity Scan * performance: use Linux extended syscalls and flags * [mod_scgi] add uwsgi protocol support * [mod_auth] refactor LDAP code into smaller funcs * [mod_auth] HTTP Basic auth backends also do authz (#1817) * [mod_auth] ldap filter subst user for multiple '$' (fixes #1508) * [mod_auth] permit specifying ldap DN; skip search (fixes #1248) * [autobuild] update module/feature report * [cmake] build mod_authn_gssapi if WITH_KRB5 * [mod_auth] fix printing of IP in error trace * [mod_mysql_vhost] support multiple '?' replacement (fixes #2163) * [core] make server.max-request-size scopeable (#1901) * [core] server.max-request-field-size (fixes #2130) * [core] optional condition in config "else" clause (fixes #1268) * [core] restrict where config "else" clauses occur (#1268) * silence warnings from clang ccc-analyzer * consistent, shared code to create CGI env * [TLS] replace env entries in https_add_ssl_entries * [TLS] set SSL_CLIENT_M_SERIAL w/ client cert SN (fixes #2268) * [TLS] set SSL_CLIENT_VERIFY w/ client cert (#1288, #2693) * [TLS] set SSL_PROTOCOL, SSL_CIPHER* (fixes #2511) * [core] rand.[ch] to use better RNGs when available * [mod_cgi] fix pipe_cloexec() when no O_CLOEXEC * ignore return value from fcntl() FD_CLOEXEC * build w/o compiler warnings if no zlib or bz2lib
2016-10-18 00:00:22 +02:00
.endif
Add "webdav" option for fuller-featured WebDAV server support.
2017-06-21 21:27:36 +02:00
###
### WebDAV with PROPFIND/PROPPATCH, LOCK/UNLOCK
###
.if !empty(PKG_OPTIONS:Mwebdav)
. include "../../databases/sqlite3/buildlink3.mk"
. include "../../devel/libuuid/buildlink3.mk"
. include "../../textproc/libxml2/buildlink3.mk"
CONFIGURE_ARGS+= --with-webdav-props --with-webdav-locks
.endif
Reference in a new issue Copy permalink