move
http-client-body-temp-path
http-proxy-temp-path
http-fastcgi-temp-path
http-scgi-temp-path
http-uwsgi-temp-path
from /var/tmp/nginx to /var/cache/nginx
this allows the use of systemd constructs
LogsDirectory=nginx
CacheDirectory=nginx
to replace
ExecStartPre=/usr/bin/mkdir -p /var/log/nginx /var/tmp/nginx
as there isn't a similar construct for /var/tmp.
Signed-off-by: Pascal de Bruijn <p.debruijn@unilogic.nl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This is a follow-up to 4027ba29f4 ("package/nginx: use /run for
PIDFile"), in which we missed that nginx is still built with /var/run
paths.
This commit changes the compile options to use /run instead of
/var/run for pid and lock file to make it consistent.
Further dropping the passing of the pid option in the service file as
this isn't neccessary. Neither debian nor nginx default .service does
it.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
stream ssl preread is available since version 1.11.5 and
5a7afb1b0d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
http_upstream and stream_upstream random modules are available since
version 1.15.1 and
0c4ccbea23
and are enabled by default, add two options to be able to disable them
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
stream realip is available since version 1.11.4 and
fe2774a9d6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Drop gdlib-config and use pkg-config to find gd.
Indeed, gdlib.pc is available since version 2.1.0 and
071a2a94ee
and gdlib-config has been dropped from version 2.3.0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 3e6b35900f forgot to add a 's' to
ngx_stream_split_client_module
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
stream split clients module has been added in version 1.11.3 with
6c2b086d0e
and is enabled by default, add an option to be able to disable it
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
stream geoip module has been added in version 1.11.3 with
4cf0e28483
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
stream geo module has been added in version 1.11.3 with
bb790f5d30
and is enabled by default, add an option to be able to disable it
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
stream return module has been added in version 1.11.2 with
a7c6f8c1d7
and is enabled by default, add an option to be able to disable it
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
stream map module has been added in version 1.11.3 with
05db6ddfa1
and is enabled by default, add an option to be able to disable it
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
slice module is available since version 1.9.8 and
8ba626ccd7
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
http geoip module is available since version 0.8.6 and
bc10147b9f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Remove --with-ipv6 as this option does nothing since version 1.11.5 and
2c84f7af2c
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The name of the package diverges slightly from upstream to maintain
consistency with other nginx modules already present.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
All the packages in this list have the following properties
* units are provided by buildroot in the package directory
* the SYSTEMD_INSTALL_INIT_HOOK is exactly equivalent to what the
[Install] section of the unit does
The fix removes the soflinking in the .mk file
Signed-off-by: Jérémy Rosen <jeremy.rosen@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issues:
Security: when using HTTP/2 a client might cause excessive memory
consumption and CPU usage (CVE-2019-9511, CVE-2019-9513,
CVE-2019-9516).
For details, see the advisory:
https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Globally change Adam Duskett's email address to aduskett@gmail.com.
Note that one or two of the patches may have been applied upstream with
the old email address, but in that case those patches will anyway be
removed when bumping.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The license file hash has been modified due to copyright year updates:
- * Copyright (C) 2002-2018 Igor Sysoev
- * Copyright (C) 2011-2018 Nginx, Inc.
+ * Copyright (C) 2002-2019 Igor Sysoev
+ * Copyright (C) 2011-2019 Nginx, Inc.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
1.15.7 contains a number of bugfixes. From the changes file:
*) Bugfix: memory leak on errors during reconfiguration.
*) Bugfix: in the $upstream_response_time, $upstream_connect_time, and
$upstream_header_time variables.
*) Bugfix: a segmentation fault might occur in a worker process if the
ngx_http_mp4_module was used on 32-bit platforms.
https://nginx.org/en/CHANGES
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issues:
CVE-2018-16843: Excessive memory usage in HTTP/2
CVE-2018-16844: Excessive CPU usage in HTTP/2
CVE-2018-16845: Memory disclosure in the ngx_http_mp4_module
Refreshed patch 0004 + 0007 as they no longer applied cleanly.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The following patches have been updated to apply on 1.15.0:
0003-auto-set-ngx_feature_run_force_result-for-each-featu.patch
0006-auto-lib-openssl-conf-use-pkg-config.patch
The follow patch has been removed, because it was applied upstream:
0009-auto-lib-conf-fix-PCRE-condition-WRT-the-http-and-ht.patch
The license file hash has changed because the copyright years were
updated in the LICENSE file:
- * Copyright (C) 2002-2017 Igor Sysoev
- * Copyright (C) 2011-2017 Nginx, Inc.
+ * Copyright (C) 2002-2018 Igor Sysoev
+ * Copyright (C) 2011-2018 Nginx, Inc.
Signed-off-by: Ignacy Gawędzki <ignacy.gawedzki@green-communications.fr>
[Thomas: drop unneeded patch updates, improve commit log.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The regular expression that drops the -I flag from the output of
pkg-config --cflags-only-I doesn't work properly as it is too naive:
it breaks a path if it contains -I:
$ echo "-I/usr/Some-Install-Location/include" | sed 's/-I//g'
/usr/Somenstall-Location/include
$ echo "-I/usr/Some-Install-Location/include" | sed -re 's/(^|\s)-I\s*(\S+)/\1\2/g'
/usr/Some-Install-Location/include
Signed-off-by: Ignacy Gawędzki <ignacy.gawedzki@green-communications.fr>
[Thomas: improved commit log.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This commit fixes the warnings reported by check-package on the help
text of all package Config.in files, related to the formatting of the
help text: should start with a tab, then 2 spaces, then at most 62
characters.
The vast majority of warnings fixed were caused by too long lines. A
few warnings were related to spaces being used instead of a tab to
indent the help text.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
start-stop-daemon fails on -R when not compiled with
CONFIG_FEATURE_START_STOP_DAEMON_FANCY. Thus, do not rely on -R
during stop to avoid a race condition during restart.
Use a sleep 1 during restart instead, as suggested by Peter Korsgaard
in <87bmluk4bm.fsf@dell.be.48ers.dk>.
Signed-off-by: Thomas Claveirole <thomas.claveirole@green-communications.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix package/nginx/S50nginx:
* On stop, use start-stop-daemon -R 1 to wait for the nginx processes
to actually stop. This fixes a race condition with restart, where
nginx fails to restart because start is called too early
w.r.t. stop. (This only works with Debian's start-stop-daemon,
however BusyBox's start-stop-daemon does not fail when given -R; it
just ignores the argument silently).
* Implement reload with an actual reload instead of a restart.
* Add force-reload.
Signed-off-by: Thomas Claveirole <thomas.claveirole@green-communications.fr>
Reviewed-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes CVE-2017-7529 - Nginx versions since 0.5.6 up to and including 1.13.2
are vulnerable to integer overflow vulnerability in nginx range filter
module resulting into leak of potentially sensitive information triggered by
specially crafted request.
For more details, see:
http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Also update the patch line numbers to work with 1.12.0
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The check-package script when ran gives warnings on ordering issues
on all of these Config files. This patch cleans up all warnings
related to the ordering in the Config files for packages starting with
the letter n in the package directory.
The appropriate ordering is: type, default, depends on, select, help
See http://nightly.buildroot.org/#_config_files for more information.
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
We want to use SPDX identifier for license string as much as possible.
SPDX short identifier for BSD-2c is BSD-2-Clause.
This change is done using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/BSD-2c/BSD-2-Clause/g'
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This commit moves the logic that allows to enable the naxsi external
module below the "external modules" comment, which was already used for
the upload and dav-ext modules.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Nginx built-in support for webdav is missing support for two commands:
PROPFIND and OPTIONS. This commit adds a new package that provides an
external nginx module with improved webdav support.
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
[Thomas:
- Remove the BR2_PACKAGE_NGINX_HTTP_DAV_EXT_MODULE sub-option of the
nginx package. The BR2_PACKAGE_NGINX_DAV_EXT option is sufficient.
- Move the nginx.mk code together with another external module being
enabled, nginx-upload.
- Add LICENSE and LICENSE_FILES variables.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Naxsi is a third party nginx module reads a small subset of simple rules
containing a list of known patterns involved in website vulnerabilities.
This module behaves like a DROP-by-default firewall for nginx.
Signed-off-by: Adam Duskett <aduskett@codeblue.com>
[Thomas:
- include Config.in file directly from package/Config.in and not from
package/nginx/Config.
- improve Config.in help text with more details
- rename the package prompt from ngx_http_naxsi_module to nginx-naxsi
- remove NGINX_NAXSI_SOURCE, and fix the definition of
NGINX_NAXSI_SITE
- change license from GPLv3 to GPLv2+ with OpenSSL exception
- cange license file from LICENSE to naxsi_src/naxsi_json.c. The
LICENSE file exists in the latest Git master of the project, but
not in the 0.54 tag that we're packaging.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
A module for nginx web server for handling file uploads using
multipart/form-data encoding (RFC 1867).
Signed-off-by: Bimal Jacob <bimal.jacob@rockwellcollins.com>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
[Thomas:
- rename from nginx-upload-module to nginx-upload. Indeed, we don't
want all nginx modules to be suffixed with "-module"
- include the module Config.in file directly from package/Config.in,
like we do for Python, Perl, Lua or TCL modules.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Changed [PATCH x/y] to [PATCH] at the beginning of the subject line
since the numbering is meaningless.
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
