1
0
forked from pool/hiawatha

Accepting request 160006 from home:Fisiu:branches:server:http

- update to 8.8.1 (changes since 7.7):
  * Bugfix: Incorrect size of buffer for poll() can lead to a crash when using 
    Tomahawk.
  * Caching for Reverse Proxy. CacheRProxyExtensions option added.
  * Basic HTTP authentication now supports the glibc2 version of crypt().
  * Hostname in ImageReferer can now contain a wildcard.
  * DenyBody matching is now case insensitive.
  * PolarSSL updated to version 1.2.5.
  * Support for HTTP Strict Transport Security (RFC 6797). Integrated in 
    RequireSSL option.
  * DHsize option added.
  * PolarSSL updated to version 1.2.3.
  * CloudFlare headers placed in environment variables.
  * Removed php-fcgi.
  * Bugfix: slow page loading via Reverse Proxy.
  * PolarSSL updated to version 1.2. Added support for TLS 1.2 and secure 
    renegotiation.
  * Added support for Server Name Indication.
  * MinSSLversion option added.
  * ServerRoot option removed.
  * Improved MacOS X package building script.
  * Marked php-fcgi as deprecated. Use php-fpm instead.
  * Improved Reverse Proxy.
  * Changed error message style.
  * Renamed Command Channel to Tomahawk.
  * Return 403 instead of 401 upon correct password for HTTP authentication but 
    user not in right group.
  * Bugfix: replaced select() with poll() to prevent crashes in case of large 
    amount of simultaneous connections. Thanks to Peter Bex.
  * MaxServerLoad option added.

OBS-URL: https://build.opensuse.org/request/show/160006
OBS-URL: https://build.opensuse.org/package/show/server:http/hiawatha?expand=0&rev=42
This commit is contained in:
Ismail Dönmez 2013-03-19 17:42:20 +00:00 committed by Git OBS Bridge
parent 11680d9fcf
commit be401702e2
11 changed files with 176 additions and 178 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:9fdbf47e96155b5c0aee77c49c466593b6f2a80e5df4491f4104103fcdc82d0d
size 276997

3
hiawatha-8.8.1.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:2583d8e7f48ddc6cdedc27bb51d3e130679fc2f4411622bae9ddce3ef965d063
size 658778

View File

@ -1,47 +0,0 @@
#!/bin/sh
# hiawatha: Starts the hiawatha web server
#
# description: Hiawatha fastcgi wrapper
# processname: php-fcgi
### BEGIN INIT INFO
# Provides: hiawatha-fastcgi
# Required-Start: $network
# Required-Stop: $network
# Should-Start: $remote_fs
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
# Short-Description: Hiawatha fastcgi wrapper
# Description: Hiawatha fastcgi wrapper
### END INIT INFO
. /etc/rc.status
BIN=/usr/sbin/php-fcgi
case "$1" in
start)
startproc -f $BIN
rc_status -v
;;
stop)
if [ -e /var/run/php-fcgi.pid ]
then $BIN -k
fi
rc_status -v
;;
restart)
$0 stop
$0 start
;;
*)
echo "Usage: $0 (start|stop|restart)"
exit 1
;;
esac
rc_exit

View File

@ -1,54 +0,0 @@
#!/bin/sh
# hiawatha: Starts the hiawatha web server
#
# description: Hiawatha web server
# processname: hiawatha
### BEGIN INIT INFO
# Provides: hiawatha-httpd http-server
# Required-Start: $network
# Required-Stop: $network
# Should-Start: $remote_fs hiawatha-fastcgi
# Should-Stop: hiawatha-fastcgi
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
# Short-Description: Hiawatha web server
# Description: Hiawatha web server
### END INIT INFO
. /etc/rc.status
HIAWATHABIN=/usr/sbin/hiawatha
case "$1" in
start)
echo -n "Starting hiawatha daemon"
startproc -f $HIAWATHABIN
rc_status -v
;;
stop)
echo -n "Stopping hiawatha daemon"
killproc -TERM $HIAWATHABIN
rc_status -v
;;
status)
echo -n "Checking for hiawatha"
checkproc $HIAWATHABIN
rc_status -v
;;
restart)
$0 stop
$0 start
;;
*)
echo "Usage: $0 (start|stop|restart|status)"
exit 1
;;
esac
rc_exit

4
hiawatha-rpmlintrc Normal file
View File

@ -0,0 +1,4 @@
# If the package is intended for inclusion in any SUSE product please open a bug
# report to request review of the package by the security team
# /etc/permissions.d/hiawatha
setBadness("permissions-unauthorized-file", 0)

View File

@ -1,3 +1,67 @@
-------------------------------------------------------------------
Fri Mar 8 15:54:39 UTC 2013 - fisiu@opensuse.org
- update to 8.8.1 (changes since 7.7):
* Bugfix: Incorrect size of buffer for poll() can lead to a crash when using
Tomahawk.
* Caching for Reverse Proxy. CacheRProxyExtensions option added.
* Basic HTTP authentication now supports the glibc2 version of crypt().
* Hostname in ImageReferer can now contain a wildcard.
* DenyBody matching is now case insensitive.
* PolarSSL updated to version 1.2.5.
* Support for HTTP Strict Transport Security (RFC 6797). Integrated in
RequireSSL option.
* DHsize option added.
* PolarSSL updated to version 1.2.3.
* CloudFlare headers placed in environment variables.
* Removed php-fcgi.
* Bugfix: slow page loading via Reverse Proxy.
* PolarSSL updated to version 1.2. Added support for TLS 1.2 and secure
renegotiation.
* Added support for Server Name Indication.
* MinSSLversion option added.
* ServerRoot option removed.
* Improved MacOS X package building script.
* Marked php-fcgi as deprecated. Use php-fpm instead.
* Improved Reverse Proxy.
* Changed error message style.
* Renamed Command Channel to Tomahawk.
* Return 403 instead of 401 upon correct password for HTTP authentication but
user not in right group.
* Bugfix: replaced select() with poll() to prevent crashes in case of large
amount of simultaneous connections. Thanks to Peter Bex.
* MaxServerLoad option added.
* PolarSSL updated to version 1.1.4.
* Bugfix: invalid reverse proxy request when URL parameters are present.
* Bugfix: memory leak in SSL library.
* Improved security for reverse proxy (works with PreventSQLi, etc).
* ReverseProxy option added.
* PolarSSL updated to version 1.1.3.
* WebDAVapp option added. Enables support for WebDAV applications like
ownCloud (http://owncloud.org/).
* Removed support for the OPTIONS method.
* AllowDotFiles option added.
* Global forks setting in php-fcgi.conf moved to Server setting.
* BanOnInvalidURL option added.
* PolarSSL updated to version 1.1.1.
* Bugfix: paths missing in default values and examples in manual pages.
* Replaced Autoconf with CMake. Many thanks to Sander Niemeijer.
* Replaced OpenSSL with PolarSSL. Many thanks to Paul Bakker.
* AllowedCiphers and DHparameters options removed.
* Added IE7 to UrlToolkit's OldBrowser list, removed IE5.
* MaxUrlLength option added, can return 414 Request-URI Too Long.
* Changed default value of TriggerOnCGIstatus to 'no'.
* Equalized format of logfiles.
* Extra checks added to php-fcgi.
* Improved SQL injection detection.
* Bugfix: memory leak in PreventSQLi routine.
* Bugfix: potential server freeze with 100% CPU in CGI output caching.
* Bugfix: null byte in HTTP header of cached CGI content.
* Control CGI output cache via X-Hiawatha-Cache and X-Hiawatha-Cache-Remove
CGI headers. See the CGI OUTPUT CACHE section in the manual page.
* BanOnWrongPassword now also triggers on wrong username.
* Bugfix: timeout issue with large POST requests on SSL connections.
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Oct 10 00:00:00 CET 2011 - detlef@links2linux.de Mon Oct 10 00:00:00 CET 2011 - detlef@links2linux.de

View File

@ -6,9 +6,8 @@
size=+1024k size=+1024k
notifempty notifempty
missingok missingok
create 600 hiawatha hiawatha create 640 wwwrun www
sharedscripts
postrotate postrotate
killall -HUP hiawatha /etc/init.d/hiawatha force-reload
endscript endscript
} }

View File

@ -1,2 +1,2 @@
/usr/sbin/cgi-wrapper root:hiawatha 4750 /usr/sbin/cgi-wrapper root:root 4755

View File

@ -1,2 +0,0 @@
from Config import *
addFilter("permissions-unauthorized-file")

13
hiawatha.service Normal file
View File

@ -0,0 +1,13 @@
[Unit]
Description=Hiawatha Web Server
After=network.target
[Service]
Type=simple
PIDFile=/var/run/hiawatha.pid
SyslogIdentifier=hiawatha
ExecStartPre=/usr/sbin/wigwam ; /usr/sbin/hiawatha -k
ExecStart= /usr/sbin/hiawatha -d
[Install]
WantedBy=multi-user.target

View File

@ -1,29 +1,45 @@
# norootforbuild #
# spec file for package hiawatha
#
# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
# Copyright (c) 2013 Mariusz Fik <fisiu@opensuse.org>.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
%define webroot /srv/www #
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: hiawatha %define webroot /srv/www
Version: 7.7
Release: 1
Summary: A secure webserver for Unix
License: GPLv2
Url: http://www.hiawatha-webserver.org
Group: Productivity/Networking/Web/Servers
Source0: http://hiawatha.leisink.org/files/hiawatha-%{version}.tar.gz
Source1: %{name}.permissions
Source2: %{name}.logrotate
Source3: %{name}-httpd.init
Source4: %{name}-fastcgi.init
Source99: %{name}.rpmlintrc
PreReq: %insserv_prereq %fillup_prereq pwdutils
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: libxml2-devel libxslt-devel openssl-devel udev
Name: hiawatha
Version: 8.8.1
Release: 0
License: GPL-2.0
Summary: A secure webserver for Unix
Url: http://www.hiawatha-webserver.org
Group: Productivity/Networking/Web/Servers
Source0: http://hiawatha.leisink.org/files/hiawatha-%{version}.tar.gz
Source1: %{name}.logrotate
Source2: %{name}.service
Source3: %{name}.permissions
BuildRequires: libxslt-devel
BuildRequires: cmake >= 2.8.4
BuildRequires: pkg-config
BuildRequires: systemd
BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: %fillup_prereq
PreReq: %insserv_prereq
PreReq: permissions
Requires: logrotate
%{?systemd_requires}
%description %description
Hiawatha is a secure webserver for Unix. It has been written with 'being Hiawatha is a secure webserver for Unix. It has been written with 'being
@ -31,88 +47,93 @@ secure' as its main goal. Hiawatha has many security features that no other
webserver has. This and the fact that Hiawatha's source code is free of webserver has. This and the fact that Hiawatha's source code is free of
security-bugs, makes Hiawatha the most secure webserver available. security-bugs, makes Hiawatha the most secure webserver available.
%prep
%setup
%prep
%setup -q
%build %build
%__sed -i -e "s|#ServerId = www-data|ServerId = hiawatha|g" etc/%{name}/%{name}.conf.in mkdir build
export webrootdir=%{webroot}/%{name}/htdocs cd build
%configure \ cmake .. \
--enable-chroot \ -DCMAKE_C_FLAGS="%{optflags} -pie -fPIC" \
--enable-command -DCMAKE_INSTALL_PREFIX="%{_prefix}" \
-DCMAKE_INSTALL_BINDIR="%{_bindir}" \
-DCMAKE_INSTALL_SBINDIR="%{_sbindir}" \
-DCMAKE_INSTALL_LIBDIR=%{_libdir} \
-DCONFIG_DIR="%{_sysconfdir}/hiawatha" \
-DLOG_DIR="%{_localstatedir}/log/hiawatha" \
-DPID_DIR="%{_localstatedir}/run" \
-DWORK_DIR="%{_localstatedir}/lib/hiawatha" \
-DWEBROOT_DIR="%{webroot}/%{name}/htdocs" \
-DENABLE_CACHE=On \
-DENABLE_IPV6=On \
-DENABLE_MONITOR=On \
-DENABLE_RPROXY=On \
-DENABLE_SSL=On \
-DENABLE_TOMAHAWK=On \
-DENABLE_TOOLKIT=On \
-DENABLE_XSLT=On \
-DENABLE_ZLIB_SUPPORT=On
%__make %{?jobs:-j%{jobs}} make %{?_smp_mflags}
%install %install
cd build
%makeinstall %makeinstall
%__mkdir_p %{buildroot}/%{_localstatedir}/log/%{name} install -D -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
%__mkdir_p %{buildroot}/%{_localstatedir}/lib/%{name} install -D -m0644 %{SOURCE2} %{buildroot}%{_unitdir}/%{name}.service
%__install -D -m 0644 %{SOURCE1} %{buildroot}/%{_sysconfdir}/permissions.d/%{name} install -D -m0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/permissions.d/%{name}
%__install -D -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
%__install -D -m 0755 %{SOURCE3} %{buildroot}%{_sysconfdir}/init.d/%{name}-httpd
%__ln_s -f %{_sysconfdir}/init.d/%{name}-httpd %{buildroot}%{_sbindir}/rc%{name}-httpd
%__install -D -m 0755 %{SOURCE4} %{buildroot}%{_sysconfdir}/init.d/%{name}-fastcgi
%__ln_s -f %{_sysconfdir}/init.d/%{name}-fastcgi %{buildroot}%{_sbindir}/rc%{name}-fastcgi
# temp fix
rm -vf %{buildroot}%{_libdir}/%{name}/libpolarssl.so
%pre %pre
/usr/sbin/groupadd -r %{name} &>/dev/null || : %service_add_pre %{name}.service
/usr/sbin/useradd -o -g %{name} -s /bin/false -r -c "User to run hiawatha" -d /var/lib/%{name} %{name} &>/dev/null || :
%post %post
%fillup_and_insserv %{name}-httpd %service_add_post %{name}.service
%fillup_and_insserv %{name}-fastcgi echo
%run_permissions echo "To activate the service, run as root"
echo "# systemctl enable %{name}.service"
echo
%set_permissions %{_sbindir}/cgi-wrapper
%verifyscript %verifyscript
%verify_permissions -e %{_sbindir}/cgi-wrapper %verify_permissions -e %{_sbindir}/cgi-wrapper
%preun %preun
%stop_on_removal %{name}-httpd %service_del_preun %{name}.service
%stop_on_removal %{name}-fastcgi
%postun %postun
%restart_on_update %{name}-httpd %service_del_postun %{name}.service
%restart_on_update %{name}-fastcgi
%{insserv_cleanup}
%clean %clean
%__rm -rf %{buildroot} rm -rf %{buildroot}
%files %files
%defattr(-,root,root) %defattr(-,root,root)
%doc AUTHORS ChangeLog COPYING %doc AUTHORS ChangeLog LICENSE
%{_bindir}/ssi-cgi %{_bindir}/ssi-cgi
%verify(not mode) %attr(4750,root,%{name}) %{_sbindir}/cgi-wrapper
%{_sbindir}/%{name} %{_sbindir}/%{name}
%{_sbindir}/newroot
%{_sbindir}/php-fcgi
%{_sbindir}/wigwam %{_sbindir}/wigwam
%{_sbindir}/rc%{name}-httpd %{_sbindir}/cgi-wrapper
%{_sbindir}/rc%{name}-fastcgi %{_unitdir}/%{name}.service
%{_sysconfdir}/init.d/%{name}-httpd %dir %{_libdir}/%{name}
%{_sysconfdir}/init.d/%{name}-fastcgi %{_libdir}/%{name}/libpolarssl.so*
%dir %{_sysconfdir}/%{name} %dir %{_sysconfdir}/%{name}
%config(noreplace) %{_sysconfdir}/%{name}/cgi-wrapper.conf %config(noreplace) %{_sysconfdir}/%{name}/cgi-wrapper.conf
%config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf %config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
%config(noreplace) %{_sysconfdir}/%{name}/mimetype.conf %config(noreplace) %{_sysconfdir}/%{name}/mimetype.conf
%config(noreplace) %{_sysconfdir}/%{name}/php-fcgi.conf
%config(noreplace) %{_sysconfdir}/%{name}/index.xslt %config(noreplace) %{_sysconfdir}/%{name}/index.xslt
%config(noreplace) %{_sysconfdir}/permissions.d/%{name}
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name} %config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
%config(noreplace) %{_sysconfdir}/permissions.d/%{name}
%{_mandir}/man1/*.1.gz %{_mandir}/man1/*.1.gz
%dir %{webroot}/%{name} %dir %{webroot}/%{name}
%dir %{webroot}/%{name}/htdocs %dir %{webroot}/%{name}/htdocs
%{webroot}/%{name}/htdocs/index.html %{webroot}/%{name}/htdocs/index.html
%defattr(-,%{name},%{name}) %dir %attr(-,wwwrun,www) %{_localstatedir}/lib/%{name}/
%dir %{_localstatedir}/log/%{name} %dir %attr(-,wwwrun,www) %{_localstatedir}/log/%{name}/
%dir %{_localstatedir}/lib/%{name}
%changelog %changelog