diff options
| author | René 'Necoro' Neumann <necoro@necoro.net> | 2010-03-26 23:49:20 +0100 |
|---|---|---|
| committer | René 'Necoro' Neumann <necoro@necoro.net> | 2010-03-26 23:49:20 +0100 |
| commit | bba9240061dc3f8bd15bce304f0abc421024b453 (patch) | |
| tree | 8dd96b420853934f26b1e90877892d10058af739 /www-servers | |
| parent | 33a162ec97deacfba497638836f91478fb0e9406 (diff) | |
| download | overlay-bba9240061dc3f8bd15bce304f0abc421024b453.tar.gz overlay-bba9240061dc3f8bd15bce304f0abc421024b453.tar.bz2 overlay-bba9240061dc3f8bd15bce304f0abc421024b453.zip | |
add patched lighttpd
Diffstat (limited to 'www-servers')
17 files changed, 1208 insertions, 0 deletions
diff --git a/www-servers/lighttpd/Manifest b/www-servers/lighttpd/Manifest new file mode 100644 index 0000000..25b7577 --- /dev/null +++ b/www-servers/lighttpd/Manifest @@ -0,0 +1,17 @@ +AUX 1.4.25-fix-CVE-2010-0295.patch 6237 RMD160 cd9ce4410ed805d28899b0207bbc670e04491315 SHA1 2ba33d94f5628d97cb606ad97ef9630eef5191c4 SHA256 d4d269d993396cfd9146de621e0a3d5e9203ac7f6b2b6f351f9013dbbe956a4e +AUX 1.4.25-fix-multiple-ssl.patch 418 RMD160 9b0b7410fa4ccb8ad874483f8bec8b69d72f80af SHA1 6e46b14b97a68b59260731b1577e531fb412f518 SHA256 0b91569695c7d6b89ce13a8deb069ee83fdcba414853401e480c1ec04760b74b +AUX 1.4.25-fix-unknown-AM_SILENT_RULES.patch 744 RMD160 5da8bdca1728f2de730e90de4fb7e93a274406e8 SHA1 8ae6849a88aaaca76c1b8c13a62cc266dbebc2a7 SHA256 a1cf7c77b7ee1cbe9bf3efbb7704b8582c480ae69fd70934597d24ff3fddf663 +AUX 1.4.26-fix-ssl-return-check-r2716.patch 562 RMD160 81b5fc8f13e3fbca8a48fd1f954ae7e165b261b1 SHA1 60c3665d0a4f46df1da80338970c7ce6efab64fe SHA256 28391235c48d4dc686d060bbafd711e028a07b68065f40346dc40ca242f4285c +AUX conf/lighttpd.conf 8243 RMD160 0b99dbb49be34521ddda14abd9b06cef141bbfc9 SHA1 8fd27dd9b5aea94ca0d1611c8fb1d9e3cb720d0b SHA256 3c016c663d14bf1cb8bf1c7d87dc0ecc1fb4f189ebd4fb05e90ed23f20439ed5 +AUX conf/mime-types.conf 3436 RMD160 e4b6024ac6cd48253d4be0abb171ad54e7fbc121 SHA1 2d060ec0d464d73896fdaaedbeb259c2fecac99d SHA256 75a6fce072250ebccde2320996fdace0ebfeb525b03322f0b454f8f4e0e29a85 +AUX conf/mod_cgi.conf 869 RMD160 1d447bad36822657d014990128891cbdb6169468 SHA1 30066f52e469339cc8a5df8864b4cc2d9c558c3d SHA256 322656b4cfd22ca9f1f8ab160e0b932f1646622422fd49c6fc82ab416223eecf +AUX conf/mod_fastcgi.conf 677 RMD160 4403ca232cfcfc51d1d71529be9903bf4123451e SHA1 2b4a3d35215ba8824b5eca943156b373479f1a45 SHA256 954bf2a030e268e7cd880d4cd7d6c13317c09e0ec4e87a8d7d887fb4e7dc83bd +AUX conf/mod_fastcgi.conf-1.4.13-r2 687 RMD160 f165f27a08f35c4792bd332be3a04370b69152e3 SHA1 ebb469944098a91772424a825fdd5a0464cef158 SHA256 d1adc1358b5d9e85353caa2e706bfa231d145dd59c075cdcb3f818b3cb5d722e +AUX lighttpd.confd 315 RMD160 c2d9c166a1209b853b400b5d21627f5d3f2d5216 SHA1 a09597a0d38d0b4d36a8f16f5d6fd5c4b7462b26 SHA256 94f69a173dc26610a43532474230537b9bc31ec846fb9f94cb72765f125edf87 +AUX lighttpd.initd 1445 RMD160 0ebf75a57644912748a1c4173aa64c15981e5abc SHA1 0597c93d246639141ca8522f44f24b2431949e2e SHA256 72b08e97eae7de6a33160085bc46c0edd36f6924d6132239cd8191399998ec5a +AUX lighttpd.initd-1.4.13-r3 1454 RMD160 287b7b5626559f61b17e113ca00ef0cee6c63962 SHA1 e9a0f6880e03db27082177634d9974bb7f4b3406 SHA256 9dfda47a18f3e7beada18cfec37b39c66d3029b6bde42c538d82cd1292c7616a +AUX lighttpd.logrotate 487 RMD160 2edb8b4abf75031af0a3b4182efb5b589dfa0d3c SHA1 24e1b048d7be5520ca5ef8ce31b55df13cc8d72b SHA256 503ee1cd454e2c0f9a212ef60dc8321893eda06ccf721ecbe94d189a09e0bc6c +AUX spawn-fcgi.confd 1076 RMD160 9468249fdedc39fa762a569622bae93f8b3481f9 SHA1 81bad945fc016275873e01e5f69838f73b275a3a SHA256 bfa452a849165f921a2febf0b06879db18c4c921f156b1452d06bb821063f768 +AUX spawn-fcgi.initd 1398 RMD160 3fd0fa41d100629e85960034237abc0866ec3d38 SHA1 9c07c9fd59ec73d5f37df109b188b8a7d691f949 SHA256 ae10c764e2bde9bfc483c57ca94a63d87c24cba00b4c06917885c533d2d245b1 +DIST lighttpd-1.4.25.tar.bz2 628267 RMD160 f0f7dd0ff3c92a6185be2e6017fd5ea74734c769 SHA1 bc4592930292ae8d0990a94a584f49fe8f52445b SHA256 7e803089f18b179097cb33b64b37d8a3b537ce9c196c88e3fb09881b471c88ce +EBUILD lighttpd-1.4.25-r1.ebuild 5928 RMD160 772da13605f2cb7050c0b7fb4a43207253bec46c SHA1 70324cca6496179ba50f5f7798b508210110c082 SHA256 c1d9a5d949c7b9ea72eee7735ce0140bc699461358ce4297a2301b1c7174ad69 diff --git a/www-servers/lighttpd/files/1.4.25-fix-CVE-2010-0295.patch b/www-servers/lighttpd/files/1.4.25-fix-CVE-2010-0295.patch new file mode 100644 index 0000000..fcac318 --- /dev/null +++ b/www-servers/lighttpd/files/1.4.25-fix-CVE-2010-0295.patch @@ -0,0 +1,211 @@ +Index: branches/lighttpd-1.4.x/src/base.h +=================================================================== +--- branches/lighttpd-1.4.x/src/base.h (revision 2709) ++++ branches/lighttpd-1.4.x/src/base.h (revision 2710) +@@ -431,7 +431,6 @@ + + #ifdef USE_OPENSSL + SSL *ssl; +- buffer *ssl_error_want_reuse_buffer; + # ifndef OPENSSL_NO_TLSEXT + buffer *tlsext_server_name; + # endif +Index: branches/lighttpd-1.4.x/src/connections.c +=================================================================== +--- branches/lighttpd-1.4.x/src/connections.c (revision 2709) ++++ branches/lighttpd-1.4.x/src/connections.c (revision 2710) +@@ -192,40 +192,42 @@ + + static int connection_handle_read_ssl(server *srv, connection *con) { + #ifdef USE_OPENSSL +- int r, ssl_err, len, count = 0; ++ int r, ssl_err, len, count = 0, read_offset, toread; + buffer *b = NULL; + + if (!con->conf.is_ssl) return -1; + +- /* don't resize the buffer if we were in SSL_ERROR_WANT_* */ +- + ERR_clear_error(); + do { +- if (!con->ssl_error_want_reuse_buffer) { +- b = buffer_init(); +- buffer_prepare_copy(b, SSL_pending(con->ssl) + (16 * 1024)); /* the pending bytes + 16kb */ ++ if (NULL != con->read_queue->last) { ++ b = con->read_queue->last->mem; ++ } + ++ if (NULL == b || b->size - b->used < 1024) { ++ b = chunkqueue_get_append_buffer(con->read_queue); ++ len = SSL_pending(con->ssl); ++ if (len < 4*1024) len = 4*1024; /* always alloc >= 4k buffer */ ++ buffer_prepare_copy(b, len + 1); ++ + /* overwrite everything with 0 */ + memset(b->ptr, 0, b->size); +- } else { +- b = con->ssl_error_want_reuse_buffer; + } + +- len = SSL_read(con->ssl, b->ptr, b->size - 1); +- con->ssl_error_want_reuse_buffer = NULL; /* reuse it only once */ ++ read_offset = (b->used > 0) ? b->used - 1 : 0; ++ toread = b->size - 1 - read_offset; + ++ len = SSL_read(con->ssl, b->ptr + read_offset, toread); ++ + if (len > 0) { +- b->used = len; ++ if (b->used > 0) b->used--; ++ b->used += len; + b->ptr[b->used++] = '\0'; + +- /* we move the buffer to the chunk-queue, no need to free it */ ++ con->bytes_read += len; + +- chunkqueue_append_buffer_weak(con->read_queue, b); + count += len; +- con->bytes_read += len; +- b = NULL; + } +- } while (len > 0 && count < MAX_READ_LIMIT); ++ } while (len == toread && count < MAX_READ_LIMIT); + + + if (len < 0) { +@@ -234,11 +236,11 @@ + case SSL_ERROR_WANT_READ: + case SSL_ERROR_WANT_WRITE: + con->is_readable = 0; +- con->ssl_error_want_reuse_buffer = b; + +- b = NULL; ++ /* the manual says we have to call SSL_read with the same arguments next time. ++ * we ignore this restriction; no one has complained about it in 1.5 yet, so it probably works anyway. ++ */ + +- /* we have to steal the buffer from the queue-queue */ + return 0; + case SSL_ERROR_SYSCALL: + /** +@@ -297,16 +299,11 @@ + + connection_set_state(srv, con, CON_STATE_ERROR); + +- buffer_free(b); +- + return -1; + } else if (len == 0) { + con->is_readable = 0; + /* the other end close the connection -> KEEP-ALIVE */ + +- /* pipelining */ +- buffer_free(b); +- + return -2; + } + +@@ -321,26 +318,41 @@ + static int connection_handle_read(server *srv, connection *con) { + int len; + buffer *b; +- int toread; ++ int toread, read_offset; + + if (con->conf.is_ssl) { + return connection_handle_read_ssl(srv, con); + } + ++ b = (NULL != con->read_queue->last) ? con->read_queue->last->mem : NULL; ++ ++ /* default size for chunks is 4kb; only use bigger chunks if FIONREAD tells ++ * us more than 4kb is available ++ * if FIONREAD doesn't signal a big chunk we fill the previous buffer ++ * if it has >= 1kb free ++ */ + #if defined(__WIN32) +- b = chunkqueue_get_append_buffer(con->read_queue); +- buffer_prepare_copy(b, 4 * 1024); +- len = recv(con->fd, b->ptr, b->size - 1, 0); +-#else +- if (ioctl(con->fd, FIONREAD, &toread) || toread == 0) { ++ if (NULL == b || b->size - b->used < 1024) { + b = chunkqueue_get_append_buffer(con->read_queue); + buffer_prepare_copy(b, 4 * 1024); ++ } ++ ++ read_offset = (b->used == 0) ? 0 : b->used - 1; ++ len = recv(con->fd, b->ptr + read_offset, b->size - 1 - read_offset, 0); ++#else ++ if (ioctl(con->fd, FIONREAD, &toread) || toread == 0 || toread <= 4*1024) { ++ if (NULL == b || b->size - b->used < 1024) { ++ b = chunkqueue_get_append_buffer(con->read_queue); ++ buffer_prepare_copy(b, 4 * 1024); ++ } + } else { + if (toread > MAX_READ_LIMIT) toread = MAX_READ_LIMIT; + b = chunkqueue_get_append_buffer(con->read_queue); + buffer_prepare_copy(b, toread + 1); + } +- len = read(con->fd, b->ptr, b->size - 1); ++ ++ read_offset = (b->used == 0) ? 0 : b->used - 1; ++ len = read(con->fd, b->ptr + read_offset, b->size - 1 - read_offset); + #endif + + if (len < 0) { +@@ -374,7 +386,8 @@ + con->is_readable = 0; + } + +- b->used = len; ++ if (b->used > 0) b->used--; ++ b->used += len; + b->ptr[b->used++] = '\0'; + + con->bytes_read += len; +@@ -850,13 +863,6 @@ + /* The cond_cache gets reset in response.c */ + /* config_cond_cache_reset(srv, con); */ + +-#ifdef USE_OPENSSL +- if (con->ssl_error_want_reuse_buffer) { +- buffer_free(con->ssl_error_want_reuse_buffer); +- con->ssl_error_want_reuse_buffer = NULL; +- } +-#endif +- + con->header_len = 0; + con->in_error_handler = 0; + +@@ -1128,8 +1134,15 @@ + } else { + buffer *b; + +- b = chunkqueue_get_append_buffer(dst_cq); +- buffer_copy_string_len(b, c->mem->ptr + c->offset, toRead); ++ if (dst_cq->last && ++ dst_cq->last->type == MEM_CHUNK) { ++ b = dst_cq->last->mem; ++ } else { ++ b = chunkqueue_get_append_buffer(dst_cq); ++ /* prepare buffer size for remaining POST data; is < 64kb */ ++ buffer_prepare_copy(b, con->request.content_length - dst_cq->bytes_in + 1); ++ } ++ buffer_append_string_len(b, c->mem->ptr + c->offset, toRead); + } + + c->offset += toRead; +Index: branches/lighttpd-1.4.x/src/chunk.c +=================================================================== +--- branches/lighttpd-1.4.x/src/chunk.c (revision 2709) ++++ branches/lighttpd-1.4.x/src/chunk.c (revision 2710) +@@ -197,8 +197,6 @@ + int chunkqueue_append_buffer_weak(chunkqueue *cq, buffer *mem) { + chunk *c; + +- if (mem->used == 0) return 0; +- + c = chunkqueue_get_unused_chunk(cq); + c->type = MEM_CHUNK; + c->offset = 0; diff --git a/www-servers/lighttpd/files/1.4.25-fix-multiple-ssl.patch b/www-servers/lighttpd/files/1.4.25-fix-multiple-ssl.patch new file mode 100644 index 0000000..e9388a3 --- /dev/null +++ b/www-servers/lighttpd/files/1.4.25-fix-multiple-ssl.patch @@ -0,0 +1,12 @@ +--- src/network.c.orig 2009-10-17 00:03:44.000000000 +0200 ++++ src/network.c 2010-03-25 23:09:56.000000000 +0100 +@@ -82,6 +82,9 @@ + buffer_copy_string(con->tlsext_server_name, servername); + buffer_to_lower(con->tlsext_server_name); + ++ /* Sometimes this is still set, confusing COMP_HTTP_HOST */ ++ buffer_reset(con->uri.authority); ++ + config_cond_cache_reset(srv, con); + config_setup_connection(srv, con); + diff --git a/www-servers/lighttpd/files/1.4.25-fix-unknown-AM_SILENT_RULES.patch b/www-servers/lighttpd/files/1.4.25-fix-unknown-AM_SILENT_RULES.patch new file mode 100644 index 0000000..2c72c6a --- /dev/null +++ b/www-servers/lighttpd/files/1.4.25-fix-unknown-AM_SILENT_RULES.patch @@ -0,0 +1,18 @@ +Allow to build on older automakes. this disables color output on tests, +but leaves the AM_SILENT_RULES intact for automakes which support this. + +Signed-off-by: Thilo Bangert <bangert@gentoo.org> + +diff -Naur lighttpd-1.4.25.orig/configure.ac lighttpd-1.4.25/configure.ac +--- lighttpd-1.4.25.orig/configure.ac 2009-11-25 10:27:12.000000000 +0100 ++++ lighttpd-1.4.25/configure.ac 2009-11-25 10:43:20.000000000 +0100 +@@ -8,7 +8,8 @@ + + AC_CANONICAL_TARGET + +-AM_INIT_AUTOMAKE([-Wall -Wportability -Wno-override -Werror foreign dist-bzip2 tar-ustar silent-rules color-tests]) ++m4_pattern_allow([AM_SILENT_RULES]) ++AM_INIT_AUTOMAKE([-Wall -Wportability -Wno-override -Werror foreign dist-bzip2 tar-ustar]) + AM_SILENT_RULES + + # Checks for programs. diff --git a/www-servers/lighttpd/files/1.4.26-fix-ssl-return-check-r2716.patch b/www-servers/lighttpd/files/1.4.26-fix-ssl-return-check-r2716.patch new file mode 100644 index 0000000..1ef8a1c --- /dev/null +++ b/www-servers/lighttpd/files/1.4.26-fix-ssl-return-check-r2716.patch @@ -0,0 +1,16 @@ +fix check of return value +from upstream svn repo + +Index: network.c +=================================================================== +--- src/network.c (revision 2715) ++++ src/network.c (revision 2716) +@@ -525,7 +525,7 @@ + + if (!s->ssl_use_sslv2) { + /* disable SSLv2 */ +- if (SSL_OP_NO_SSLv2 != SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv2)) { ++ if (!(SSL_OP_NO_SSLv2 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv2))) { + log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:", + ERR_error_string(ERR_get_error(), NULL)); + return -1; diff --git a/www-servers/lighttpd/files/conf/lighttpd.conf b/www-servers/lighttpd/files/conf/lighttpd.conf new file mode 100644 index 0000000..b56fa4d --- /dev/null +++ b/www-servers/lighttpd/files/conf/lighttpd.conf @@ -0,0 +1,325 @@ +############################################################################### +# Default lighttpd.conf for Gentoo. +# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/conf/lighttpd.conf,v 1.4 2009/05/12 09:54:12 bangert Exp $ +############################################################################### + +# {{{ variables +var.basedir = "/var/www/localhost" +var.logdir = "/var/log/lighttpd" +var.statedir = "/var/lib/lighttpd" +# }}} + +# {{{ modules +# At the very least, mod_access and mod_accesslog should be enabled. +# All other modules should only be loaded if necessary. +# NOTE: the order of modules is important. +server.modules = ( +# "mod_rewrite", +# "mod_redirect", +# "mod_alias", + "mod_access", +# "mod_cml", +# "mod_trigger_b4_dl", +# "mod_auth", +# "mod_status", +# "mod_setenv", +# "mod_proxy", +# "mod_simple_vhost", +# "mod_evhost", +# "mod_userdir", +# "mod_compress", +# "mod_ssi", +# "mod_usertrack", +# "mod_expire", +# "mod_secdownload", +# "mod_rrdtool", +# "mod_webdav", + "mod_accesslog" +) +# }}} + +# {{{ includes +include "mime-types.conf" +# fcgi and cgi are included below +# }}} + +# {{{ server settings +server.username = "lighttpd" +server.groupname = "lighttpd" + +server.document-root = var.basedir + "/htdocs" +server.pid-file = "/var/run/lighttpd.pid" + +server.errorlog = var.logdir + "/error.log" +# log errors to syslog instead +# server.errorlog-use-syslog = "enable" + +server.indexfiles = ("index.php", "index.html", + "index.htm", "default.htm") + +# server.tag = "lighttpd" + +server.follow-symlink = "enable" + +# event handler (defaults to "poll") +# see performance.txt +# +# for >= linux-2.4 +# server.event-handler = "linux-rtsig" +# for >= linux-2.6 +# server.event-handler = "linux-sysepoll" +# for FreeBSD +# server.event-handler = "freebsd-kqueue" + +# chroot to directory (defaults to no chroot) +# server.chroot = "/" + +# bind to port (defaults to 80) +# server.port = 81 + +# bind to name (defaults to all interfaces) +# server.bind = "grisu.home.kneschke.de" + +# error-handler for status 404 +# server.error-handler-404 = "/error-handler.html" +# server.error-handler-404 = "/error-handler.php" + +# Format: <errorfile-prefix><status-code>.html +# -> ..../status-404.html for 'File not found' +# server.errorfile-prefix = var.basedir + "/error/status-" + +# FAM support for caching stat() calls +# requires that lighttpd be built with USE=fam +# server.stat-cache-engine = "fam" +# }}} + +# {{{ mod_staticfile + +# which extensions should not be handled via static-file transfer +# (extensions that are usually handled by mod_cgi, mod_fastcgi, etc). +static-file.exclude-extensions = (".php", ".pl", ".cgi", ".fcgi") +# }}} + +# {{{ mod_accesslog +accesslog.filename = var.logdir + "/access.log" +# }}} + +# {{{ mod_dirlisting +# enable directory listings +# dir-listing.activate = "enable" +# +# don't list hidden files/directories +# dir-listing.hide-dotfiles = "enable" +# +# use a different css for directory listings +# dir-listing.external-css = "/path/to/dir-listing.css" +# +# list of regular expressions. files that match any of the +# specified regular expressions will be excluded from directory +# listings. +# dir-listing.exclude = ("^\.", "~$") +# }}} + +# {{{ mod_access +# see access.txt + +url.access-deny = ("~", ".inc") +# }}} + +# {{{ mod_userdir +# see userdir.txt +# +# userdir.path = "public_html" +# userdir.exclude-user = ("root") +# }}} + +# {{{ mod_ssi +# see ssi.txt +# +# ssi.extension = (".shtml") +# }}} + +# {{{ mod_ssl +# see ssl.txt +# +# ssl.engine = "enable" +# ssl.pemfile = "server.pem" +# }}} + +# {{{ mod_status +# see status.txt +# +# status.status-url = "/server-status" +# status.config-url = "/server-config" +# }}} + +# {{{ mod_simple_vhost +# see simple-vhost.txt +# +# If you want name-based virtual hosting add the next three settings and load +# mod_simple_vhost +# +# document-root = +# virtual-server-root + virtual-server-default-host + virtual-server-docroot +# or +# virtual-server-root + http-host + virtual-server-docroot +# +# simple-vhost.server-root = "/home/weigon/wwwroot/servers/" +# simple-vhost.default-host = "grisu.home.kneschke.de" +# simple-vhost.document-root = "/pages/" +# }}} + +# {{{ mod_compress +# see compress.txt +# +# compress.cache-dir = var.statedir + "/cache/compress" +# compress.filetype = ("text/plain", "text/html") +# }}} + +# {{{ mod_proxy +# see proxy.txt +# +# proxy.server = ( ".php" => +# ( "localhost" => +# ( +# "host" => "192.168.0.101", +# "port" => 80 +# ) +# ) +# ) +# }}} + +# {{{ mod_auth +# see authentication.txt +# +# auth.backend = "plain" +# auth.backend.plain.userfile = "lighttpd.user" +# auth.backend.plain.groupfile = "lighttpd.group" + +# auth.backend.ldap.hostname = "localhost" +# auth.backend.ldap.base-dn = "dc=my-domain,dc=com" +# auth.backend.ldap.filter = "(uid=$)" + +# auth.require = ( "/server-status" => +# ( +# "method" => "digest", +# "realm" => "download archiv", +# "require" => "user=jan" +# ), +# "/server-info" => +# ( +# "method" => "digest", +# "realm" => "download archiv", +# "require" => "valid-user" +# ) +# ) +# }}} + +# {{{ mod_rewrite +# see rewrite.txt +# +# url.rewrite = ( +# "^/$" => "/server-status" +# ) +# }}} + +# {{{ mod_redirect +# see redirect.txt +# +# url.redirect = ( +# "^/wishlist/(.+)" => "http://www.123.org/$1" +# ) +# }}} + +# {{{ mod_evhost +# define a pattern for the host url finding +# %% => % sign +# %0 => domain name + tld +# %1 => tld +# %2 => domain name without tld +# %3 => subdomain 1 name +# %4 => subdomain 2 name +# +# evhost.path-pattern = "/home/storage/dev/www/%3/htdocs/" +# }}} + +# {{{ mod_expire +# expire.url = ( +# "/buggy/" => "access 2 hours", +# "/asdhas/" => "access plus 1 seconds 2 minutes" +# ) +# }}} + +# {{{ mod_rrdtool +# see rrdtool.txt +# +# rrdtool.binary = "/usr/bin/rrdtool" +# rrdtool.db-name = var.statedir + "/lighttpd.rrd" +# }}} + +# {{{ mod_setenv +# see setenv.txt +# +# setenv.add-request-header = ( "TRAV_ENV" => "mysql://user@host/db" ) +# setenv.add-response-header = ( "X-Secret-Message" => "42" ) +# }}} + +# {{{ mod_trigger_b4_dl +# see trigger_b4_dl.txt +# +# trigger-before-download.gdbm-filename = "/home/weigon/testbase/trigger.db" +# trigger-before-download.memcache-hosts = ( "127.0.0.1:11211" ) +# trigger-before-download.trigger-url = "^/trigger/" +# trigger-before-download.download-url = "^/download/" +# trigger-before-download.deny-url = "http://127.0.0.1/index.html" +# trigger-before-download.trigger-timeout = 10 +# }}} + +# {{{ mod_cml +# see cml.txt +# +# don't forget to add index.cml to server.indexfiles +# cml.extension = ".cml" +# cml.memcache-hosts = ( "127.0.0.1:11211" ) +# }}} + +# {{{ mod_webdav +# see webdav.txt +# +# $HTTP["url"] =~ "^/dav($|/)" { +# webdav.activate = "enable" +# webdav.is-readonly = "enable" +# } +# }}} + +# {{{ extra rules +# +# set Content-Encoding and reset Content-Type for browsers that +# support decompressing on-thy-fly (requires mod_setenv) +# $HTTP["url"] =~ "\.gz$" { +# setenv.add-response-header = ("Content-Encoding" => "x-gzip") +# mimetype.assign = (".gz" => "text/plain") +# } + +# $HTTP["url"] =~ "\.bz2$" { +# setenv.add-response-header = ("Content-Encoding" => "x-bzip2") +# mimetype.assign = (".bz2" => "text/plain") +# } +# +# }}} + +# {{{ debug +# debug.log-request-header = "enable" +# debug.log-response-header = "enable" +# debug.log-request-handling = "enable" +# debug.log-file-not-found = "enable" +# }}} + +# {{{ cgi includes +# uncomment for cgi support +# include "mod_cgi.conf" +# uncomment for php/fastcgi support +# include "mod_fastcgi.conf" +# }}} + +# vim: set ft=conf foldmethod=marker et : diff --git a/www-servers/lighttpd/files/conf/mime-types.conf b/www-servers/lighttpd/files/conf/mime-types.conf new file mode 100644 index 0000000..f24d4d8 --- /dev/null +++ b/www-servers/lighttpd/files/conf/mime-types.conf @@ -0,0 +1,79 @@ +############################################################################### +# Default mime-types.conf for Gentoo. +# include'd from lighttpd.conf. +# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/conf/mime-types.conf,v 1.4 2010/03/14 21:45:18 bangert Exp $ +############################################################################### + +# {{{ mime types +mimetype.assign = ( + ".svg" => "image/svg+xml", + ".svgz" => "image/svg+xml", + ".pdf" => "application/pdf", + ".sig" => "application/pgp-signature", + ".spl" => "application/futuresplash", + ".class" => "application/octet-stream", + ".ps" => "application/postscript", + ".torrent" => "application/x-bittorrent", + ".dvi" => "application/x-dvi", + ".gz" => "application/x-gzip", + ".pac" => "application/x-ns-proxy-autoconfig", + ".swf" => "application/x-shockwave-flash", + ".tar.gz" => "application/x-tgz", + ".tgz" => "application/x-tgz", + ".tar" => "application/x-tar", + ".zip" => "application/zip", + ".dmg" => "application/x-apple-diskimage", + ".mp3" => "audio/mpeg", + ".m3u" => "audio/x-mpegurl", + ".wma" => "audio/x-ms-wma", + ".wax" => "audio/x-ms-wax", + ".ogg" => "application/ogg", + ".wav" => "audio/x-wav", + ".gif" => "image/gif", + ".jpg" => "image/jpeg", + ".jpeg" => "image/jpeg", + ".png" => "image/png", + ".xbm" => "image/x-xbitmap", + ".xpm" => "image/x-xpixmap", + ".xwd" => "image/x-xwindowdump", + ".css" => "text/css", + ".html" => "text/html", + ".htm" => "text/html", + ".js" => "text/javascript", + ".asc" => "text/plain", + ".c" => "text/plain", + ".h" => "text/plain", + ".cc" => "text/plain", + ".cpp" => "text/plain", + ".hh" => "text/plain", + ".hpp" => "text/plain", + ".conf" => "text/plain", + ".log" => "text/plain", + ".text" => "text/plain", + ".txt" => "text/plain", + ".diff" => "text/plain", + ".patch" => "text/plain", + ".ebuild" => "text/plain", + ".eclass" => "text/plain", + ".rtf" => "application/rtf", + ".bmp" => "image/bmp", + ".tif" => "image/tiff", + ".tiff" => "image/tiff", + ".ico" => "image/x-icon", + ".dtd" => "text/xml", + ".xml" => "text/xml", + ".mpeg" => "video/mpeg", + ".mpg" => "video/mpeg", + ".mov" => "video/quicktime", + ".qt" => "video/quicktime", + ".avi" => "video/x-msvideo", + ".asf" => "video/x-ms-asf", + ".asx" => "video/x-ms-asf", + ".wmv" => "video/x-ms-wmv", + ".bz2" => "application/x-bzip", + ".tbz" => "application/x-bzip-compressed-tar", + ".tar.bz2" => "application/x-bzip-compressed-tar" + ) +# }}} + +# vim: set ft=conf foldmethod=marker et : diff --git a/www-servers/lighttpd/files/conf/mod_cgi.conf b/www-servers/lighttpd/files/conf/mod_cgi.conf new file mode 100644 index 0000000..1cb3770 --- /dev/null +++ b/www-servers/lighttpd/files/conf/mod_cgi.conf @@ -0,0 +1,33 @@ +############################################################################### +# mod_cgi.conf +# include'd by lighttpd.conf. +# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/conf/mod_cgi.conf,v 1.1 2005/08/27 12:36:13 ka0ttic Exp $ +############################################################################### + +# +# see cgi.txt for more information on using mod_cgi +# + +server.modules += ("mod_cgi") + +# NOTE: this requires mod_alias +alias.url = ( + "/cgi-bin/" => var.basedir + "/cgi-bin/" +) + +# +# Note that you'll also want to enable the +# cgi-bin alias via mod_alias (above). +# + +$HTTP["url"] =~ "^/cgi-bin/" { + # disable directory listings + dir-listing.activate = "disable" + # only allow cgi's in this directory + cgi.assign = ( + ".pl" => "/usr/bin/perl", + ".cgi" => "/usr/bin/perl" + ) +} + +# vim: set ft=conf foldmethod=marker et : diff --git a/www-servers/lighttpd/files/conf/mod_fastcgi.conf b/www-servers/lighttpd/files/conf/mod_fastcgi.conf new file mode 100644 index 0000000..b70aff1 --- /dev/null +++ b/www-servers/lighttpd/files/conf/mod_fastcgi.conf @@ -0,0 +1,17 @@ +############################################################################### +# mod_fastcgi.conf +# include'd by lighttpd.conf. +# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/conf/mod_fastcgi.conf,v 1.3 2009/04/03 20:59:34 bangert Exp $ +############################################################################### + +server.modules += ("mod_fastcgi") +fastcgi.server = ( ".php" => + ( "localhost" => + ( + "socket" => "/var/run/lighttpd/lighttpd-fastcgi-php-" + PID + ".socket", + "bin-path" => "/usr/bin/php-cgi" + ) + ) + ) + +# vim: set ft=conf foldmethod=marker et : diff --git a/www-servers/lighttpd/files/conf/mod_fastcgi.conf-1.4.13-r2 b/www-servers/lighttpd/files/conf/mod_fastcgi.conf-1.4.13-r2 new file mode 100644 index 0000000..ca1369a --- /dev/null +++ b/www-servers/lighttpd/files/conf/mod_fastcgi.conf-1.4.13-r2 @@ -0,0 +1,17 @@ +############################################################################### +# mod_fastcgi.conf +# include'd by lighttpd.conf. +# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/conf/mod_fastcgi.conf-1.4.13-r2,v 1.1 2007/04/01 23:22:00 robbat2 Exp $ +############################################################################### + +server.modules += ("mod_fastcgi") +fastcgi.server = ( ".php" => + ( "localhost" => + ( + "socket" => "/var/run/lighttpd/lighttpd-fastcgi-php-" + PID + ".socket", + "bin-path" => "/usr/bin/php-cgi" + ) + ) + ) + +# vim: set ft=conf foldmethod=marker et : diff --git a/www-servers/lighttpd/files/lighttpd.confd b/www-servers/lighttpd/files/lighttpd.confd new file mode 100644 index 0000000..70d4170 --- /dev/null +++ b/www-servers/lighttpd/files/lighttpd.confd @@ -0,0 +1,12 @@ +# /etc/conf.d/lighttpd + +# Location of a shell used by the 'include_shell' directive +# in the lighttpd's configuration file +#export SHELL="/bin/bash" + +# Location of the lighttpd configuration file +LIGHTTPD_CONF="/etc/lighttpd/lighttpd.conf" + +# Location of the lighttpd pid file +LIGHTTPD_PID="/var/run/lighttpd.pid" + diff --git a/www-servers/lighttpd/files/lighttpd.initd b/www-servers/lighttpd/files/lighttpd.initd new file mode 100644 index 0000000..71c72ba --- /dev/null +++ b/www-servers/lighttpd/files/lighttpd.initd @@ -0,0 +1,67 @@ +#!/sbin/runscript +# Copyright 1999-2009 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/lighttpd.initd,v 1.13 2009/04/03 20:59:34 bangert Exp $ + +opts="reload graceful" + +depend() { + need net + use mysql logger spawn-fcgi ldap slapd netmount dns + after famd + after sshd +} + +checkconfig() { + if [ ! -f "${LIGHTTPD_CONF}" ] ; then + ewarn "${LIGHTTPD_CONF} does not exist." + return 1 + fi + + /usr/sbin/lighttpd -t -f ${LIGHTTPD_CONF} >/dev/null +} + +start() { + checkconfig || return 1 + + ebegin "Starting lighttpd" + start-stop-daemon --start --quiet --exec /usr/sbin/lighttpd \ + --pidfile "${LIGHTTPD_PID}" -- -f "${LIGHTTPD_CONF}" + eend $? +} + +stop() { + local rv=0 + ebegin "Stopping lighttpd" + start-stop-daemon --stop --quiet --pidfile "${LIGHTTPD_PID}" + eend $? +} + +reload() { + if ! service_started "${SVCNAME}" ; then + eerror "${SVCNAME} isn't running" + return 1 + fi + checkconfig || return 1 + + ebegin "Re-opening lighttpd log files" + start-stop-daemon --stop --oknodo --quiet --pidfile "${LIGHTTPD_PID}" \ |