Accepting request 160006 from home:Fisiu:branches:server:http

- update to 8.8.1 (changes since 7.7): * Bugfix: Incorrect size of buffer for poll() can lead to a crash when using Tomahawk. * Caching for Reverse Proxy. CacheRProxyExtensions option added. * Basic HTTP authentication now supports the glibc2 version of crypt(). * Hostname in ImageReferer can now contain a wildcard. * DenyBody matching is now case insensitive. * PolarSSL updated to version 1.2.5. * Support for HTTP Strict Transport Security (RFC 6797). Integrated in RequireSSL option. * DHsize option added. * PolarSSL updated to version 1.2.3. * CloudFlare headers placed in environment variables. * Removed php-fcgi. * Bugfix: slow page loading via Reverse Proxy. * PolarSSL updated to version 1.2. Added support for TLS 1.2 and secure renegotiation. * Added support for Server Name Indication. * MinSSLversion option added. * ServerRoot option removed. * Improved MacOS X package building script. * Marked php-fcgi as deprecated. Use php-fpm instead. * Improved Reverse Proxy. * Changed error message style. * Renamed Command Channel to Tomahawk. * Return 403 instead of 401 upon correct password for HTTP authentication but user not in right group. * Bugfix: replaced select() with poll() to prevent crashes in case of large amount of simultaneous connections. Thanks to Peter Bex. * MaxServerLoad option added. OBS-URL: https://build.opensuse.org/request/show/160006 OBS-URL: https://build.opensuse.org/package/show/server:http/hiawatha?expand=0&rev=42
2013-03-19 17:42:20 +00:00 · 2013-03-19 17:42:20 +00:00 · be401702e2
commit be401702e2
parent 11680d9fcf
11 changed files with 176 additions and 178 deletions
--- a/hiawatha-7.7.tar.gz
+++ b/hiawatha-7.7.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:9fdbf47e96155b5c0aee77c49c466593b6f2a80e5df4491f4104103fcdc82d0d
-size 276997
--- a/hiawatha-8.8.1.tar.gz
+++ b/hiawatha-8.8.1.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2583d8e7f48ddc6cdedc27bb51d3e130679fc2f4411622bae9ddce3ef965d063
+size 658778
--- a/hiawatha-fastcgi.init
+++ b/hiawatha-fastcgi.init
@ -1,47 +0,0 @@
-#!/bin/sh
-# hiawatha:       Starts the hiawatha web server
-#
-# description: Hiawatha fastcgi wrapper
-# processname: php-fcgi
-
-### BEGIN INIT INFO
-# Provides: hiawatha-fastcgi
-# Required-Start: $network
-# Required-Stop: $network
-# Should-Start: $remote_fs
-# Default-Start: 3 5
-# Default-Stop: 0 1 2 6
-# Short-Description: Hiawatha fastcgi wrapper
-# Description: Hiawatha fastcgi wrapper
-### END INIT INFO
-
-. /etc/rc.status
-
-BIN=/usr/sbin/php-fcgi
-
-case "$1" in
-
-    start)
-        startproc -f $BIN
-        rc_status -v
-    ;;
-
-    stop)
-        if [ -e /var/run/php-fcgi.pid ]
-            then $BIN -k
-        fi
-        rc_status -v
-    ;;
-
-    restart)
-        $0 stop
-        $0 start
-    ;;
-
-    *)
-        echo "Usage: $0 (start|stop|restart)"
-        exit 1
-    ;;
-
-esac
-rc_exit
--- a/hiawatha-httpd.init
+++ b/hiawatha-httpd.init
@ -1,54 +0,0 @@
-#!/bin/sh
-# hiawatha:       Starts the hiawatha web server
-#
-# description: Hiawatha web server
-# processname: hiawatha
-
-### BEGIN INIT INFO
-# Provides: hiawatha-httpd http-server
-# Required-Start: $network
-# Required-Stop: $network
-# Should-Start: $remote_fs hiawatha-fastcgi
-# Should-Stop: hiawatha-fastcgi
-# Default-Start: 3 5
-# Default-Stop: 0 1 2 6
-# Short-Description: Hiawatha web server
-# Description: Hiawatha web server
-### END INIT INFO
-
-. /etc/rc.status
-
-HIAWATHABIN=/usr/sbin/hiawatha
-
-case "$1" in
-
-    start)
-        echo -n "Starting hiawatha daemon"
-        startproc -f $HIAWATHABIN
-        rc_status -v
-    ;;
-
-    stop)
-        echo -n "Stopping hiawatha daemon"
-        killproc -TERM $HIAWATHABIN
-        rc_status -v
-    ;;
-
-    status)
-        echo -n "Checking for hiawatha"
-        checkproc $HIAWATHABIN
-        rc_status -v
-    ;;
-
-    restart)
-        $0 stop
-        $0 start
-    ;;
-
-    *)
-        echo "Usage: $0 (start|stop|restart|status)"
-        exit 1
-    ;;
-
-esac
-rc_exit
--- a/4
+++ b/4
@ -0,0 +1,4 @@
+# If the package is intended for inclusion in any SUSE product please open a bug 
+# report to request review of the package by the security team
+# /etc/permissions.d/hiawatha
+setBadness("permissions-unauthorized-file", 0)
--- a/hiawatha.changes
+++ b/hiawatha.changes
@ -1,3 +1,67 @@
+-------------------------------------------------------------------
+Fri Mar  8 15:54:39 UTC 2013 - fisiu@opensuse.org
+
+- update to 8.8.1 (changes since 7.7):
+  * Bugfix: Incorrect size of buffer for poll() can lead to a crash when using 
+    Tomahawk.
+  * Caching for Reverse Proxy. CacheRProxyExtensions option added.
+  * Basic HTTP authentication now supports the glibc2 version of crypt().
+  * Hostname in ImageReferer can now contain a wildcard.
+  * DenyBody matching is now case insensitive.
+  * PolarSSL updated to version 1.2.5.
+  * Support for HTTP Strict Transport Security (RFC 6797). Integrated in 
+    RequireSSL option.
+  * DHsize option added.
+  * PolarSSL updated to version 1.2.3.
+  * CloudFlare headers placed in environment variables.
+  * Removed php-fcgi.
+  * Bugfix: slow page loading via Reverse Proxy.
+  * PolarSSL updated to version 1.2. Added support for TLS 1.2 and secure 
+    renegotiation.
+  * Added support for Server Name Indication.
+  * MinSSLversion option added.
+  * ServerRoot option removed.
+  * Improved MacOS X package building script.
+  * Marked php-fcgi as deprecated. Use php-fpm instead.
+  * Improved Reverse Proxy.
+  * Changed error message style.
+  * Renamed Command Channel to Tomahawk.
+  * Return 403 instead of 401 upon correct password for HTTP authentication but 
+    user not in right group.
+  * Bugfix: replaced select() with poll() to prevent crashes in case of large 
+    amount of simultaneous connections. Thanks to Peter Bex.
+  * MaxServerLoad option added.
+  * PolarSSL updated to version 1.1.4.
+  * Bugfix: invalid reverse proxy request when URL parameters are present.
+  * Bugfix: memory leak in SSL library.
+  * Improved security for reverse proxy (works with PreventSQLi, etc).
+  * ReverseProxy option added.
+  * PolarSSL updated to version 1.1.3.
+  * WebDAVapp option added. Enables support for WebDAV applications like 
+    ownCloud (http://owncloud.org/).
+  * Removed support for the OPTIONS method.
+  * AllowDotFiles option added.
+  * Global forks setting in php-fcgi.conf moved to Server setting.
+  * BanOnInvalidURL option added.
+  * PolarSSL updated to version 1.1.1.
+  * Bugfix: paths missing in default values and examples in manual pages.
+  * Replaced Autoconf with CMake. Many thanks to Sander Niemeijer.
+  * Replaced OpenSSL with PolarSSL. Many thanks to Paul Bakker.
+  * AllowedCiphers and DHparameters options removed.
+  * Added IE7 to UrlToolkit's OldBrowser list, removed IE5.
+  * MaxUrlLength option added, can return 414 Request-URI Too Long.
+  * Changed default value of TriggerOnCGIstatus to 'no'.
+  * Equalized format of logfiles.
+  * Extra checks added to php-fcgi.
+  * Improved SQL injection detection.
+  * Bugfix: memory leak in PreventSQLi routine.
+  * Bugfix: potential server freeze with 100% CPU in CGI output caching.
+  * Bugfix: null byte in HTTP header of cached CGI content.
+  * Control CGI output cache via X-Hiawatha-Cache and X-Hiawatha-Cache-Remove 
+    CGI headers. See the CGI OUTPUT CACHE section in the manual page.
+  * BanOnWrongPassword now also triggers on wrong username.
+  * Bugfix: timeout issue with large POST requests on SSL connections.
+
 -------------------------------------------------------------------
 Mon Oct 10 00:00:00 CET 2011 - detlef@links2linux.de

--- a/hiawatha.logrotate
+++ b/hiawatha.logrotate
@ -6,9 +6,8 @@
 	size=+1024k
 	notifempty
 	missingok
-	create 600 hiawatha hiawatha
-	sharedscripts
+	create 640 wwwrun www
 	postrotate
-		killall -HUP hiawatha
+		/etc/init.d/hiawatha force-reload
 	endscript
 }
--- a/hiawatha.permissions
+++ b/hiawatha.permissions
@ -1,2 +1,2 @@
-/usr/sbin/cgi-wrapper                                   root:hiawatha     4750
+/usr/sbin/cgi-wrapper root:root 4755

--- a/hiawatha.rpmlintrc
+++ b/hiawatha.rpmlintrc
@ -1,2 +0,0 @@
-from Config import *
-addFilter("permissions-unauthorized-file")
--- a/hiawatha.service
+++ b/hiawatha.service
@ -0,0 +1,13 @@
+[Unit]
+Description=Hiawatha Web Server
+After=network.target
+
+[Service]
+Type=simple
+PIDFile=/var/run/hiawatha.pid
+SyslogIdentifier=hiawatha
+ExecStartPre=/usr/sbin/wigwam ; /usr/sbin/hiawatha -k
+ExecStart= /usr/sbin/hiawatha -d
+
+[Install]
+WantedBy=multi-user.target
--- a/hiawatha.spec
+++ b/hiawatha.spec
@ -1,29 +1,45 @@
-# norootforbuild
+#
+# spec file for package hiawatha
+#
+# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2013 Mariusz Fik <fisiu@opensuse.org>.
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.

-%define		webroot		/srv/www
+#
+# Please submit bugfixes or comments via http://bugs.opensuse.org/
+#

-Name:		hiawatha
-Version:	7.7
-Release:	1
-
-Summary:	A secure webserver for Unix
-License:	GPLv2
-Url:		http://www.hiawatha-webserver.org
-Group:		Productivity/Networking/Web/Servers
-
-Source0:	http://hiawatha.leisink.org/files/hiawatha-%{version}.tar.gz
-Source1:	%{name}.permissions
-Source2:	%{name}.logrotate
-Source3:	%{name}-httpd.init
-Source4:	%{name}-fastcgi.init
-Source99:	%{name}.rpmlintrc
-
-PreReq:		%insserv_prereq %fillup_prereq pwdutils
-
-BuildRoot:	%{_tmppath}/%{name}-%{version}-build
-
-BuildRequires:	libxml2-devel libxslt-devel openssl-devel udev
+%define webroot /srv/www

+Name:           hiawatha
+Version:        8.8.1
+Release:        0
+License:        GPL-2.0
+Summary:        A secure webserver for Unix
+Url:            http://www.hiawatha-webserver.org
+Group:          Productivity/Networking/Web/Servers
+Source0:        http://hiawatha.leisink.org/files/hiawatha-%{version}.tar.gz
+Source1:        %{name}.logrotate
+Source2:        %{name}.service
+Source3:        %{name}.permissions
+BuildRequires:  libxslt-devel
+BuildRequires:  cmake >= 2.8.4
+BuildRequires:  pkg-config
+BuildRequires:  systemd
+BuildRoot:      %{_tmppath}/%{name}-%{version}-build
+PreReq:         %fillup_prereq
+PreReq:         %insserv_prereq
+PreReq:         permissions
+Requires:       logrotate
+%{?systemd_requires}

 %description
 Hiawatha is a secure webserver for Unix. It has been written with 'being
@ -31,88 +47,93 @@ secure' as its main goal. Hiawatha has many security features that no other
 webserver has. This and the fact that Hiawatha's source code is free of
 security-bugs, makes Hiawatha the most secure webserver available.

-%prep
-%setup

+%prep
+%setup -q

 %build
-%__sed -i -e "s|#ServerId = www-data|ServerId = hiawatha|g" etc/%{name}/%{name}.conf.in
-export webrootdir=%{webroot}/%{name}/htdocs
-%configure \
-	--enable-chroot \
-	--enable-command
+mkdir build 
+cd build
+cmake .. \
+    -DCMAKE_C_FLAGS="%{optflags} -pie -fPIC" \
+    -DCMAKE_INSTALL_PREFIX="%{_prefix}" \
+    -DCMAKE_INSTALL_BINDIR="%{_bindir}" \
+    -DCMAKE_INSTALL_SBINDIR="%{_sbindir}" \
+    -DCMAKE_INSTALL_LIBDIR=%{_libdir} \
+    -DCONFIG_DIR="%{_sysconfdir}/hiawatha" \
+    -DLOG_DIR="%{_localstatedir}/log/hiawatha" \
+    -DPID_DIR="%{_localstatedir}/run" \
+    -DWORK_DIR="%{_localstatedir}/lib/hiawatha" \
+    -DWEBROOT_DIR="%{webroot}/%{name}/htdocs" \
+    -DENABLE_CACHE=On \
+    -DENABLE_IPV6=On \
+    -DENABLE_MONITOR=On \
+    -DENABLE_RPROXY=On \
+    -DENABLE_SSL=On \
+    -DENABLE_TOMAHAWK=On \
+    -DENABLE_TOOLKIT=On \
+    -DENABLE_XSLT=On \
+    -DENABLE_ZLIB_SUPPORT=On

-%__make %{?jobs:-j%{jobs}}
+make %{?_smp_mflags}


 %install
+cd build
 %makeinstall
-%__mkdir_p %{buildroot}/%{_localstatedir}/log/%{name}
-%__mkdir_p %{buildroot}/%{_localstatedir}/lib/%{name}
-%__install -D -m 0644 %{SOURCE1} %{buildroot}/%{_sysconfdir}/permissions.d/%{name}
-%__install -D -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
-%__install -D -m 0755 %{SOURCE3} %{buildroot}%{_sysconfdir}/init.d/%{name}-httpd
-%__ln_s -f %{_sysconfdir}/init.d/%{name}-httpd %{buildroot}%{_sbindir}/rc%{name}-httpd
-%__install -D -m 0755 %{SOURCE4} %{buildroot}%{_sysconfdir}/init.d/%{name}-fastcgi
-%__ln_s -f %{_sysconfdir}/init.d/%{name}-fastcgi %{buildroot}%{_sbindir}/rc%{name}-fastcgi
+install -D -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
+install -D -m0644 %{SOURCE2} %{buildroot}%{_unitdir}/%{name}.service
+install -D -m0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/permissions.d/%{name}

+# temp fix
+rm -vf %{buildroot}%{_libdir}/%{name}/libpolarssl.so

 %pre
-/usr/sbin/groupadd -r %{name} &>/dev/null || :
-/usr/sbin/useradd -o -g %{name} -s /bin/false -r -c "User to run hiawatha" -d /var/lib/%{name} %{name} &>/dev/null || :
-
+%service_add_pre %{name}.service

 %post
-%fillup_and_insserv %{name}-httpd
-%fillup_and_insserv %{name}-fastcgi
-%run_permissions
+%service_add_post %{name}.service
+echo
+echo "To activate the service, run as root"
+echo "# systemctl enable %{name}.service"
+echo
+%set_permissions %{_sbindir}/cgi-wrapper
+
 %verifyscript
 %verify_permissions -e %{_sbindir}/cgi-wrapper

-
 %preun
-%stop_on_removal %{name}-httpd
-%stop_on_removal %{name}-fastcgi
-
+%service_del_preun %{name}.service

 %postun
-%restart_on_update %{name}-httpd
-%restart_on_update %{name}-fastcgi
-%{insserv_cleanup}
-
+%service_del_postun %{name}.service

 %clean
-%__rm -rf %{buildroot}
+rm -rf %{buildroot}


 %files
 %defattr(-,root,root)
-%doc AUTHORS ChangeLog COPYING
+%doc AUTHORS ChangeLog LICENSE
 %{_bindir}/ssi-cgi
-%verify(not mode) %attr(4750,root,%{name}) %{_sbindir}/cgi-wrapper
 %{_sbindir}/%{name}
-%{_sbindir}/newroot
-%{_sbindir}/php-fcgi
 %{_sbindir}/wigwam
-%{_sbindir}/rc%{name}-httpd
-%{_sbindir}/rc%{name}-fastcgi
-%{_sysconfdir}/init.d/%{name}-httpd
-%{_sysconfdir}/init.d/%{name}-fastcgi
+%{_sbindir}/cgi-wrapper
+%{_unitdir}/%{name}.service
+%dir %{_libdir}/%{name}
+%{_libdir}/%{name}/libpolarssl.so*
 %dir %{_sysconfdir}/%{name}
 %config(noreplace) %{_sysconfdir}/%{name}/cgi-wrapper.conf
 %config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
 %config(noreplace) %{_sysconfdir}/%{name}/mimetype.conf
-%config(noreplace) %{_sysconfdir}/%{name}/php-fcgi.conf
 %config(noreplace) %{_sysconfdir}/%{name}/index.xslt
-%config(noreplace) %{_sysconfdir}/permissions.d/%{name}
 %config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
+%config(noreplace) %{_sysconfdir}/permissions.d/%{name}
 %{_mandir}/man1/*.1.gz
 %dir %{webroot}/%{name}
 %dir %{webroot}/%{name}/htdocs
 %{webroot}/%{name}/htdocs/index.html
-%defattr(-,%{name},%{name})
-%dir %{_localstatedir}/log/%{name}
-%dir %{_localstatedir}/lib/%{name}
-
+%dir %attr(-,wwwrun,www) %{_localstatedir}/lib/%{name}/
+%dir %attr(-,wwwrun,www) %{_localstatedir}/log/%{name}/

 %changelog