diff options
Diffstat (limited to '')
| -rw-r--r-- | www-servers/lighttpd/files/1.4.25-fix-CVE-2010-0295.patch | 211 | ||||
| -rw-r--r-- | www-servers/lighttpd/files/1.4.25-fix-multiple-ssl.patch | 12 | ||||
| -rw-r--r-- | www-servers/lighttpd/files/1.4.25-fix-unknown-AM_SILENT_RULES.patch | 18 | ||||
| -rw-r--r-- | www-servers/lighttpd/files/1.4.26-fix-ssl-return-check-r2716.patch | 16 | ||||
| -rw-r--r-- | www-servers/lighttpd/files/conf/lighttpd.conf | 325 | ||||
| -rw-r--r-- | www-servers/lighttpd/files/conf/mime-types.conf | 79 | ||||
| -rw-r--r-- | www-servers/lighttpd/files/conf/mod_cgi.conf | 33 | ||||
| -rw-r--r-- | www-servers/lighttpd/files/conf/mod_fastcgi.conf | 17 | ||||
| -rw-r--r-- | www-servers/lighttpd/files/conf/mod_fastcgi.conf-1.4.13-r2 | 17 | ||||
| -rw-r--r-- | www-servers/lighttpd/files/lighttpd.confd | 12 | ||||
| -rw-r--r-- | www-servers/lighttpd/files/lighttpd.initd | 67 | ||||
| -rw-r--r-- | www-servers/lighttpd/files/lighttpd.initd-1.4.13-r3 | 67 | ||||
| -rw-r--r-- | www-servers/lighttpd/files/lighttpd.logrotate | 17 | ||||
| -rw-r--r-- | www-servers/lighttpd/files/spawn-fcgi.confd | 35 | ||||
| -rw-r--r-- | www-servers/lighttpd/files/spawn-fcgi.initd | 51 |
15 files changed, 977 insertions, 0 deletions
diff --git a/www-servers/lighttpd/files/1.4.25-fix-CVE-2010-0295.patch b/www-servers/lighttpd/files/1.4.25-fix-CVE-2010-0295.patch new file mode 100644 index 0000000..fcac318 --- /dev/null +++ b/www-servers/lighttpd/files/1.4.25-fix-CVE-2010-0295.patch @@ -0,0 +1,211 @@ +Index: branches/lighttpd-1.4.x/src/base.h +=================================================================== +--- branches/lighttpd-1.4.x/src/base.h (revision 2709) ++++ branches/lighttpd-1.4.x/src/base.h (revision 2710) +@@ -431,7 +431,6 @@ + + #ifdef USE_OPENSSL + SSL *ssl; +- buffer *ssl_error_want_reuse_buffer; + # ifndef OPENSSL_NO_TLSEXT + buffer *tlsext_server_name; + # endif +Index: branches/lighttpd-1.4.x/src/connections.c +=================================================================== +--- branches/lighttpd-1.4.x/src/connections.c (revision 2709) ++++ branches/lighttpd-1.4.x/src/connections.c (revision 2710) +@@ -192,40 +192,42 @@ + + static int connection_handle_read_ssl(server *srv, connection *con) { + #ifdef USE_OPENSSL +- int r, ssl_err, len, count = 0; ++ int r, ssl_err, len, count = 0, read_offset, toread; + buffer *b = NULL; + + if (!con->conf.is_ssl) return -1; + +- /* don't resize the buffer if we were in SSL_ERROR_WANT_* */ +- + ERR_clear_error(); + do { +- if (!con->ssl_error_want_reuse_buffer) { +- b = buffer_init(); +- buffer_prepare_copy(b, SSL_pending(con->ssl) + (16 * 1024)); /* the pending bytes + 16kb */ ++ if (NULL != con->read_queue->last) { ++ b = con->read_queue->last->mem; ++ } + ++ if (NULL == b || b->size - b->used < 1024) { ++ b = chunkqueue_get_append_buffer(con->read_queue); ++ len = SSL_pending(con->ssl); ++ if (len < 4*1024) len = 4*1024; /* always alloc >= 4k buffer */ ++ buffer_prepare_copy(b, len + 1); ++ + /* overwrite everything with 0 */ + memset(b->ptr, 0, b->size); +- } else { +- b = con->ssl_error_want_reuse_buffer; + } + +- len = SSL_read(con->ssl, b->ptr, b->size - 1); +- con->ssl_error_want_reuse_buffer = NULL; /* reuse it only once */ ++ read_offset = (b->used > 0) ? b->used - 1 : 0; ++ toread = b->size - 1 - read_offset; + ++ len = SSL_read(con->ssl, b->ptr + read_offset, toread); ++ + if (len > 0) { +- b->used = len; ++ if (b->used > 0) b->used--; ++ b->used += len; + b->ptr[b->used++] = '\0'; + +- /* we move the buffer to the chunk-queue, no need to free it */ ++ con->bytes_read += len; + +- chunkqueue_append_buffer_weak(con->read_queue, b); + count += len; +- con->bytes_read += len; +- b = NULL; + } +- } while (len > 0 && count < MAX_READ_LIMIT); ++ } while (len == toread && count < MAX_READ_LIMIT); + + + if (len < 0) { +@@ -234,11 +236,11 @@ + case SSL_ERROR_WANT_READ: + case SSL_ERROR_WANT_WRITE: + con->is_readable = 0; +- con->ssl_error_want_reuse_buffer = b; + +- b = NULL; ++ /* the manual says we have to call SSL_read with the same arguments next time. ++ * we ignore this restriction; no one has complained about it in 1.5 yet, so it probably works anyway. ++ */ + +- /* we have to steal the buffer from the queue-queue */ + return 0; + case SSL_ERROR_SYSCALL: + /** +@@ -297,16 +299,11 @@ + + connection_set_state(srv, con, CON_STATE_ERROR); + +- buffer_free(b); +- + return -1; + } else if (len == 0) { + con->is_readable = 0; + /* the other end close the connection -> KEEP-ALIVE */ + +- /* pipelining */ +- buffer_free(b); +- + return -2; + } + +@@ -321,26 +318,41 @@ + static int connection_handle_read(server *srv, connection *con) { + int len; + buffer *b; +- int toread; ++ int toread, read_offset; + + if (con->conf.is_ssl) { + return connection_handle_read_ssl(srv, con); + } + ++ b = (NULL != con->read_queue->last) ? con->read_queue->last->mem : NULL; ++ ++ /* default size for chunks is 4kb; only use bigger chunks if FIONREAD tells ++ * us more than 4kb is available ++ * if FIONREAD doesn't signal a big chunk we fill the previous buffer ++ * if it has >= 1kb free ++ */ + #if defined(__WIN32) +- b = chunkqueue_get_append_buffer(con->read_queue); +- buffer_prepare_copy(b, 4 * 1024); +- len = recv(con->fd, b->ptr, b->size - 1, 0); +-#else +- if (ioctl(con->fd, FIONREAD, &toread) || toread == 0) { ++ if (NULL == b || b->size - b->used < 1024) { + b = chunkqueue_get_append_buffer(con->read_queue); + buffer_prepare_copy(b, 4 * 1024); ++ } ++ ++ read_offset = (b->used == 0) ? 0 : b->used - 1; ++ len = recv(con->fd, b->ptr + read_offset, b->size - 1 - read_offset, 0); ++#else ++ if (ioctl(con->fd, FIONREAD, &toread) || toread == 0 || toread <= 4*1024) { ++ if (NULL == b || b->size - b->used < 1024) { ++ b = chunkqueue_get_append_buffer(con->read_queue); ++ buffer_prepare_copy(b, 4 * 1024); ++ } + } else { + if (toread > MAX_READ_LIMIT) toread = MAX_READ_LIMIT; + b = chunkqueue_get_append_buffer(con->read_queue); + buffer_prepare_copy(b, toread + 1); + } +- len = read(con->fd, b->ptr, b->size - 1); ++ ++ read_offset = (b->used == 0) ? 0 : b->used - 1; ++ len = read(con->fd, b->ptr + read_offset, b->size - 1 - read_offset); + #endif + + if (len < 0) { +@@ -374,7 +386,8 @@ + con->is_readable = 0; + } + +- b->used = len; ++ if (b->used > 0) b->used--; ++ b->used += len; + b->ptr[b->used++] = '\0'; + + con->bytes_read += len; +@@ -850,13 +863,6 @@ + /* The cond_cache gets reset in response.c */ + /* config_cond_cache_reset(srv, con); */ + +-#ifdef USE_OPENSSL +- if (con->ssl_error_want_reuse_buffer) { +- buffer_free(con->ssl_error_want_reuse_buffer); +- con->ssl_error_want_reuse_buffer = NULL; +- } +-#endif +- + con->header_len = 0; + con->in_error_handler = 0; + +@@ -1128,8 +1134,15 @@ + } else { + buffer *b; + +- b = chunkqueue_get_append_buffer(dst_cq); +- buffer_copy_string_len(b, c->mem->ptr + c->offset, toRead); ++ if (dst_cq->last && ++ dst_cq->last->type == MEM_CHUNK) { ++ b = dst_cq->last->mem; ++ } else { ++ b = chunkqueue_get_append_buffer(dst_cq); ++ /* prepare buffer size for remaining POST data; is < 64kb */ ++ buffer_prepare_copy(b, con->request.content_length - dst_cq->bytes_in + 1); ++ } ++ buffer_append_string_len(b, c->mem->ptr + c->offset, toRead); + } + + c->offset += toRead; +Index: branches/lighttpd-1.4.x/src/chunk.c +=================================================================== +--- branches/lighttpd-1.4.x/src/chunk.c (revision 2709) ++++ branches/lighttpd-1.4.x/src/chunk.c (revision 2710) +@@ -197,8 +197,6 @@ + int chunkqueue_append_buffer_weak(chunkqueue *cq, buffer *mem) { + chunk *c; + +- if (mem->used == 0) return 0; +- + c = chunkqueue_get_unused_chunk(cq); + c->type = MEM_CHUNK; + c->offset = 0; diff --git a/www-servers/lighttpd/files/1.4.25-fix-multiple-ssl.patch b/www-servers/lighttpd/files/1.4.25-fix-multiple-ssl.patch new file mode 100644 index 0000000..e9388a3 --- /dev/null +++ b/www-servers/lighttpd/files/1.4.25-fix-multiple-ssl.patch @@ -0,0 +1,12 @@ +--- src/network.c.orig 2009-10-17 00:03:44.000000000 +0200 ++++ src/network.c 2010-03-25 23:09:56.000000000 +0100 +@@ -82,6 +82,9 @@ + buffer_copy_string(con->tlsext_server_name, servername); + buffer_to_lower(con->tlsext_server_name); + ++ /* Sometimes this is still set, confusing COMP_HTTP_HOST */ ++ buffer_reset(con->uri.authority); ++ + config_cond_cache_reset(srv, con); + config_setup_connection(srv, con); + diff --git a/www-servers/lighttpd/files/1.4.25-fix-unknown-AM_SILENT_RULES.patch b/www-servers/lighttpd/files/1.4.25-fix-unknown-AM_SILENT_RULES.patch new file mode 100644 index 0000000..2c72c6a --- /dev/null +++ b/www-servers/lighttpd/files/1.4.25-fix-unknown-AM_SILENT_RULES.patch @@ -0,0 +1,18 @@ +Allow to build on older automakes. this disables color output on tests, +but leaves the AM_SILENT_RULES intact for automakes which support this. + +Signed-off-by: Thilo Bangert <bangert@gentoo.org> + +diff -Naur lighttpd-1.4.25.orig/configure.ac lighttpd-1.4.25/configure.ac +--- lighttpd-1.4.25.orig/configure.ac 2009-11-25 10:27:12.000000000 +0100 ++++ lighttpd-1.4.25/configure.ac 2009-11-25 10:43:20.000000000 +0100 +@@ -8,7 +8,8 @@ + + AC_CANONICAL_TARGET + +-AM_INIT_AUTOMAKE([-Wall -Wportability -Wno-override -Werror foreign dist-bzip2 tar-ustar silent-rules color-tests]) ++m4_pattern_allow([AM_SILENT_RULES]) ++AM_INIT_AUTOMAKE([-Wall -Wportability -Wno-override -Werror foreign dist-bzip2 tar-ustar]) + AM_SILENT_RULES + + # Checks for programs. diff --git a/www-servers/lighttpd/files/1.4.26-fix-ssl-return-check-r2716.patch b/www-servers/lighttpd/files/1.4.26-fix-ssl-return-check-r2716.patch new file mode 100644 index 0000000..1ef8a1c --- /dev/null +++ b/www-servers/lighttpd/files/1.4.26-fix-ssl-return-check-r2716.patch @@ -0,0 +1,16 @@ +fix check of return value +from upstream svn repo + +Index: network.c +=================================================================== +--- src/network.c (revision 2715) ++++ src/network.c (revision 2716) +@@ -525,7 +525,7 @@ + + if (!s->ssl_use_sslv2) { + /* disable SSLv2 */ +- if (SSL_OP_NO_SSLv2 != SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv2)) { ++ if (!(SSL_OP_NO_SSLv2 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv2))) { + log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:", + ERR_error_string(ERR_get_error(), NULL)); + return -1; diff --git a/www-servers/lighttpd/files/conf/lighttpd.conf b/www-servers/lighttpd/files/conf/lighttpd.conf new file mode 100644 index 0000000..b56fa4d --- /dev/null +++ b/www-servers/lighttpd/files/conf/lighttpd.conf @@ -0,0 +1,325 @@ +############################################################################### +# Default lighttpd.conf for Gentoo. +# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/conf/lighttpd.conf,v 1.4 2009/05/12 09:54:12 bangert Exp $ +############################################################################### + +# {{{ variables +var.basedir = "/var/www/localhost" +var.logdir = "/var/log/lighttpd" +var.statedir = "/var/lib/lighttpd" +# }}} + +# {{{ modules +# At the very least, mod_access and mod_accesslog should be enabled. +# All other modules should only be loaded if necessary. +# NOTE: the order of modules is important. +server.modules = ( +# "mod_rewrite", +# "mod_redirect", +# "mod_alias", + "mod_access", +# "mod_cml", +# "mod_trigger_b4_dl", +# "mod_auth", +# "mod_status", +# "mod_setenv", +# "mod_proxy", +# "mod_simple_vhost", +# "mod_evhost", +# "mod_userdir", +# "mod_compress", +# "mod_ssi", +# "mod_usertrack", +# "mod_expire", +# "mod_secdownload", +# "mod_rrdtool", +# "mod_webdav", + "mod_accesslog" +) +# }}} + +# {{{ includes +include "mime-types.conf" +# fcgi and cgi are included below +# }}} + +# {{{ server settings +server.username = "lighttpd" +server.groupname = "lighttpd" + +server.document-root = var.basedir + "/htdocs" +server.pid-file = "/var/run/lighttpd.pid" + +server.errorlog = var.logdir + "/error.log" +# log errors to syslog instead +# server.errorlog-use-syslog = "enable" + +server.indexfiles = ("index.php", "index.html", + "index.htm", "default.htm") + +# server.tag = "lighttpd" + +server.follow-symlink = "enable" + +# event handler (defaults to "poll") +# see performance.txt +# +# for >= linux-2.4 +# server.event-handler = "linux-rtsig" +# for >= linux-2.6 +# server.event-handler = "linux-sysepoll" +# for FreeBSD +# server.event-handler = "freebsd-kqueue" + +# chroot to directory (defaults to no chroot) +# server.chroot = "/" + +# bind to port (defaults to 80) +# server.port = 81 + +# bind to name (defaults to all interfaces) +# server.bind = "grisu.home.kneschke.de" + +# error-handler for status 404 +# server.error-handler-404 = "/error-handler.html" +# server.error-handler-404 = "/error-handler.php" + +# Format: <errorfile-prefix><status-code>.html +# -> ..../status-404.html for 'File not found' +# server.errorfile-prefix = var.basedir + "/error/status-" + +# FAM support for caching stat() calls +# requires that lighttpd be built with USE=fam +# server.stat-cache-engine = "fam" +# }}} + +# {{{ mod_staticfile + +# which extensions should not be handled via static-file transfer +# (extensions that are usually handled by mod_cgi, mod_fastcgi, etc). +static-file.exclude-extensions = (".php", ".pl", ".cgi", ".fcgi") +# }}} + +# {{{ mod_accesslog +accesslog.filename = var.logdir + "/access.log" +# }}} + +# {{{ mod_dirlisting +# enable directory listings +# dir-listing.activate = "enable" +# +# don't list hidden files/directories +# dir-listing.hide-dotfiles = "enable" +# +# use a different css for directory listings +# dir-listing.external-css = "/path/to/dir-listing.css" +# +# list of regular expressions. files that match any of the +# specified regular expressions will be excluded from directory +# listings. +# dir-listing.exclude = ("^\.", "~$") +# }}} + +# {{{ mod_access +# see access.txt + +url.access-deny = ("~", ".inc") +# }}} + +# {{{ mod_userdir +# see userdir.txt +# +# userdir.path = "public_html" +# userdir.exclude-user = ("root") +# }}} + +# {{{ mod_ssi +# see ssi.txt +# +# ssi.extension = (".shtml") +# }}} + +# {{{ mod_ssl +# see ssl.txt +# +# ssl.engine = "enable" +# ssl.pemfile = "server.pem" +# }}} + +# {{{ mod_status +# see status.txt +# +# status.status-url = "/server-status" +# status.config-url = "/server-config" +# }}} + +# {{{ mod_simple_vhost +# see simple-vhost.txt +# +# If you want name-based virtual hosting add the next three settings and load +# mod_simple_vhost +# +# document-root = +# virtual-server-root + virtual-server-default-host + virtual-server-docroot +# or +# virtual-server-root + http-host + virtual-server-docroot +# +# simple-vhost.server-root = "/home/weigon/wwwroot/servers/" +# simple-vhost.default-host = "grisu.home.kneschke.de" +# simple-vhost.document-root = "/pages/" +# }}} + +# {{{ mod_compress +# see compress.txt +# +# compress.cache-dir = var.statedir + "/cache/compress" +# compress.filetype = ("text/plain", "text/html") +# }}} + +# {{{ mod_proxy +# see proxy.txt +# +# proxy.server = ( ".php" => +# ( "localhost" => +# ( +# "host" => "192.168.0.101", +# "port" => 80 +# ) +# ) +# ) +# }}} + +# {{{ mod_auth +# see authentication.txt +# +# auth.backend = "plain" +# auth.backend.plain.userfile = "lighttpd.user" +# auth.backend.plain.groupfile = "lighttpd.group" + +# auth.backend.ldap.hostname = "localhost" +# auth.backend.ldap.base-dn = "dc=my-domain,dc=com" +# auth.backend.ldap.filter = "(uid=$)" + +# auth.require = ( "/server-status" => +# ( +# "method" => "digest", +# "realm" => "download archiv", +# "require" => "user=jan" +# ), +# "/server-info" => +# ( +# "method" => "digest", +# "realm" => "download archiv", +# "require" => "valid-user" +# ) +# ) +# }}} + +# {{{ mod_rewrite +# see rewrite.txt +# +# url.rewrite = ( +# "^/$" => "/server-status" +# ) +# }}} + +# {{{ mod_redirect +# see redirect.txt +# +# url.redirect = ( +# "^/wishlist/(.+)" => "http://www.123.org/$1" +# ) +# }}} + +# {{{ mod_evhost +# define a pattern for the host url finding +# %% => % sign +# %0 => domain name + tld +# %1 => tld +# %2 => domain name without tld +# %3 => subdomain 1 name +# %4 => subdomain 2 name +# +# evhost.path-pattern = "/home/storage/dev/www/%3/htdocs/" +# }}} + +# {{{ mod_expire +# expire.url = ( +# "/buggy/" => "access 2 hours", +# "/asdhas/" => "access plus 1 seconds 2 minutes" +# ) +# }}} + +# {{{ mod_rrdtool +# see rrdtool.txt +# +# rrdtool.binary = "/usr/bin/rrdtool" +# rrdtool.db-name = var.statedir + "/lighttpd.rrd" +# }}} + +# {{{ mod_setenv +# see setenv.txt +# +# setenv.add-request-header = ( "TRAV_ENV" => "mysql://user@host/db" ) +# setenv.add-response-header = ( "X-Secret-Message" => "42" ) +# }}} + +# {{{ mod_trigger_b4_dl +# see trigger_b4_dl.txt +# +# trigger-before-download.gdbm-filename = "/home/weigon/testbase/trigger.db" +# trigger-before-download.memcache-hosts = ( "127.0.0.1:11211" ) +# trigger-before-download.trigger-url = "^/trigger/" +# trigger-before-download.download-url = "^/download/" +# trigger-before-download.deny-url = "http://127.0.0.1/index.html" +# trigger-before-download.trigger-timeout = 10 +# }}} + +# {{{ mod_cml +# see cml.txt +# +# don't forget to add index.cml to server.indexfiles +# cml.extension = ".cml" +# cml.memcache-hosts = ( "127.0.0.1:11211" ) +# }}} + +# {{{ mod_webdav +# see webdav.txt +# +# $HTTP["url"] =~ "^/dav($|/)" { +# webdav.activate = "enable" +# webdav.is-readonly = "enable" +# } +# }}} + +# {{{ extra rules +# +# set Content-Encoding and reset Content-Type for browsers that +# support decompressing on-thy-fly (requires mod_setenv) +# $HTTP["url"] =~ "\.gz$" { +# setenv.add-response-header = ("Content-Encoding" => "x-gzip") +# mimetype.assign = (".gz" => "text/plain") +# } + +# $HTTP["url"] =~ "\.bz2$" { +# setenv.add-response-header = ("Content-Encoding" => "x-bzip2") +# mimetype.assign = (".bz2" => "text/plain") +# } +# +# }}} + +# {{{ debug +# debug.log-request-header = "enable" +# debug.log-response-header = "enable" +# debug.log-request-handling = "enable" +# debug.log-file-not-found = "enable" +# }}} + +# {{{ cgi includes +# uncomment for cgi support +# include "mod_cgi.conf" +# uncomment for php/fastcgi support +# include "mod_fastcgi.conf" +# }}} + +# vim: set ft=conf foldmethod=marker et : diff --git a/www-servers/lighttpd/files/conf/mime-types.conf b/www-servers/lighttpd/files/conf/mime-types.conf new file mode 100644 index 0000000..f24d4d8 --- /dev/null +++ b/www-servers/lighttpd/files/conf/mime-types.conf @@ -0,0 +1,79 @@ +############################################################################### +# Default mime-types.conf for Gentoo. +# include'd from lighttpd.conf. +# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/conf/mime-types.conf,v 1.4 2010/03/14 21:45:18 bangert Exp $ +############################################################################### + +# {{{ mime types +mimetype.assign = ( + ".svg" => "image/svg+xml", + ".svgz" => "image/svg+xml", + ".pdf" => "application/pdf", + ".sig" => "application/pgp-signature", + ".spl" => "application/futuresplash", + ".class" => "application/octet-stream", + ".ps" => "application/postscript", + ".torrent" => "application/x-bittorrent", + ".dvi" => "application/x-dvi", + ".gz" => "application/x-gzip", + ".pac" => "application/x-ns-proxy-autoconfig", + ".swf" => "application/x-shockwave-flash", + ".tar.gz" => "application/x-tgz", + ".tgz" => "application/x-tgz", + ".tar" => "application/x-tar", + ".zip" => "application/zip", + ".dmg" => "application/x-apple-diskimage", + ".mp3" => "audio/mpeg", + ".m3u" => "audio/x-mpegurl", + ".wma" => "audio/x-ms-wma", + ".wax" => "audio/x-ms-wax", + ".ogg" => "application/ogg", + ".wav" => "audio/x-wav", + ".gif" => "image/gif", + ".jpg" => "image/jpeg", + ".jpeg" => "image/jpeg", + ".png" => "image/png", + ".xbm" => "image/x-xbitmap", + ".xpm" => "image/x-xpixmap", + ".xwd" => "image/x-xwindowdump", + ".css" => "text/css", + ".html" => "text/html", + ".htm" => "text/html", + ".js" => "text/javascript", + ".asc" => "text/plain", + ".c" => "text/plain", + ".h" => "text/plain", + ".cc" => "text/plain", + ".cpp" => "text/plain", + ".hh" => "text/plain", + ".hpp" => "text/plain", + ".conf" => "text/plain", + ".log" => "text/plain", + ".text" => "text/plain", + ".txt" => "text/plain", + ".diff" => "text/plain", + ".patch" => "text/plain", + ".ebuild" => "text/plain", + ".eclass" => "text/plain", + ".rtf" => "application/rtf", + ".bmp" => "image/bmp", + ".tif" => "image/tiff", + ".tiff" => "image/tiff", + ".ico" => "image/x-icon", + ".dtd" => "text/xml", + ".xml" => "text/xml", + ".mpeg" => "video/mpeg", + ".mpg" => "video/mpeg", + ".mov" => "video/quicktime", + ".qt" => "video/quicktime", + ".avi" => "video/x-msvideo", + ".asf" => "video/x-ms-asf", + ".asx" => "video/x-ms-asf", + ".wmv" => "video/x-ms-wmv", + ".bz2" => "application/x-bzip", + ".tbz" => "application/x-bzip-compressed-tar", + ".tar.bz2" => "application/x-bzip-compressed-tar" + ) +# }}} + +# vim: set ft=conf foldmethod=marker et : diff --git a/www-servers/lighttpd/files/conf/mod_cgi.conf b/www-servers/lighttpd/files/conf/mod_cgi.conf new file mode 100644 index 0000000..1cb3770 --- /dev/null +++ b/www-servers/lighttpd/files/conf/mod_cgi.conf @@ -0,0 +1,33 @@ +############################################################################### +# mod_cgi.conf +# include'd by lighttpd.conf. +# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/conf/mod_cgi.conf,v 1.1 2005/08/27 12:36:13 ka0ttic Exp $ +############################################################################### + +# +# see cgi.txt for more information on using mod_cgi +# + +server.modules += ("mod_cgi") + +# NOTE: this requires mod_alias +alias.url = ( + "/cgi-bin/" => var.basedir + "/cgi-bin/" +) + +# +# Note that you'll also want to enable the +# cgi-bin alias via mod_alias (above). +# + +$HTTP["url"] =~ "^/cgi-bin/" { + # disable directory listings + dir-listing.activate = "disable" + # only allow cgi's in this directory + cgi.assign = ( + ".pl" => "/usr/bin/perl", + ".cgi" => "/usr/bin/perl" + ) +} + +# vim: set ft=conf foldmethod=marker et : diff --git a/www-servers/lighttpd/files/conf/mod_fastcgi.conf b/www-servers/lighttpd/files/conf/mod_fastcgi.conf new file mode 100644 index 0000000..b70aff1 --- /dev/null +++ b/www-servers/lighttpd/files/conf/mod_fastcgi.conf @@ -0,0 +1,17 @@ +############################################################################### +# mod_fastcgi.conf +# include'd by lighttpd.conf. +# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/conf/mod_fastcgi.conf,v 1.3 2009/04/03 20:59:34 bangert Exp $ +############################################################################### + +server.modules += ("mod_fastcgi") +fastcgi.server = ( ".php" => + ( "localhost" => + ( + "socket" => "/var/run/lighttpd/lighttpd-fastcgi-php-" + PID + ".socket", + "bin-path" => "/usr/bin/php-cgi" + ) + ) + ) + +# vim: set ft=conf foldmethod=marker et : diff --git a/www-servers/lighttpd/files/conf/mod_fastcgi.conf-1.4.13-r2 b/www-servers/lighttpd/files/conf/mod_fastcgi.conf-1.4.13-r2 new file mode 100644 index 0000000..ca1369a --- /dev/null +++ b/www-servers/lighttpd/files/conf/mod_fastcgi.conf-1.4.13-r2 @@ -0,0 +1,17 @@ +############################################################################### +# mod_fastcgi.conf +# include'd by lighttpd.conf. +# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/conf/mod_fastcgi.conf-1.4.13-r2,v 1.1 2007/04/01 23:22:00 robbat2 Exp $ +############################################################################### + +server.modules += ("mod_fastcgi") +fastcgi.server = ( ".php" => + ( "localhost" => + ( + "socket" => "/var/run/lighttpd/lighttpd-fastcgi-php-" + PID + ".socket", + "bin-path" => "/usr/bin/php-cgi" + ) + ) + ) + +# vim: set ft=conf foldmethod=marker et : diff --git a/www-servers/lighttpd/files/lighttpd.confd b/www-servers/lighttpd/files/lighttpd.confd new file mode 100644 index 0000000..70d4170 --- /dev/null +++ b/www-servers/lighttpd/files/lighttpd.confd @@ -0,0 +1,12 @@ +# /etc/conf.d/lighttpd + +# Location of a shell used by the 'include_shell' directive +# in the lighttpd's configuration file +#export SHELL="/bin/bash" + +# Location of the lighttpd configuration file +LIGHTTPD_CONF="/etc/lighttpd/lighttpd.conf" + +# Location of the lighttpd pid file +LIGHTTPD_PID="/var/run/lighttpd.pid" + diff --git a/www-servers/lighttpd/files/lighttpd.initd b/www-servers/lighttpd/files/lighttpd.initd new file mode 100644 index 0000000..71c72ba --- /dev/null +++ b/www-servers/lighttpd/files/lighttpd.initd @@ -0,0 +1,67 @@ +#!/sbin/runscript +# Copyright 1999-2009 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/lighttpd.initd,v 1.13 2009/04/03 20:59:34 bangert Exp $ + +opts="reload graceful" + +depend() { + need net + use mysql logger spawn-fcgi ldap slapd netmount dns + after famd + after sshd +} + +checkconfig() { + if [ ! -f "${LIGHTTPD_CONF}" ] ; then + ewarn "${LIGHTTPD_CONF} does not exist." + return 1 + fi + + /usr/sbin/lighttpd -t -f ${LIGHTTPD_CONF} >/dev/null +} + +start() { + checkconfig || return 1 + + ebegin "Starting lighttpd" + start-stop-daemon --start --quiet --exec /usr/sbin/lighttpd \ + --pidfile "${LIGHTTPD_PID}" -- -f "${LIGHTTPD_CONF}" + eend $? +} + +stop() { + local rv=0 + ebegin "Stopping lighttpd" + start-stop-daemon --stop --quiet --pidfile "${LIGHTTPD_PID}" + eend $? +} + +reload() { + if ! service_started "${SVCNAME}" ; then + eerror "${SVCNAME} isn't running" + return 1 + fi + checkconfig || return 1 + + ebegin "Re-opening lighttpd log files" + start-stop-daemon --stop --oknodo --quiet --pidfile "${LIGHTTPD_PID}" \ + --signal HUP + eend $? +} + +graceful() { + if ! service_started "${SVCNAME}" ; then + eerror "${SVCNAME} isn't running" + return 1 + fi + checkconfig || return 1 + + ebegin "Gracefully stopping lighttpd" + start-stop-daemon --stop --oknodo --quiet --pidfile "${LIGHTTPD_PID}" \ + --signal INT + if eend $? ; then + rm -f "${LIGHTTPD_PID}" + start + fi +} diff --git a/www-servers/lighttpd/files/lighttpd.initd-1.4.13-r3 b/www-servers/lighttpd/files/lighttpd.initd-1.4.13-r3 new file mode 100644 index 0000000..56c25d8 --- /dev/null +++ b/www-servers/lighttpd/files/lighttpd.initd-1.4.13-r3 @@ -0,0 +1,67 @@ +#!/sbin/runscript +# Copyright 1999-2009 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/lighttpd.initd-1.4.13-r3,v 1.3 2009/04/01 19:03:46 bangert Exp $ + +opts="reload graceful" + +depend() { + need net + use mysql logger spawn-fcgi ldap slapd netmount dns + after famd + after sshd +} + +checkconfig() { + if [ ! -f "${LIGHTTPD_CONF}" ] ; then + ewarn "${LIGHTTPD_CONF} does not exist." + return 1 + fi + + /usr/sbin/lighttpd -t -f ${LIGHTTPD_CONF} >/dev/null +} + +start() { + checkconfig || return 1 + + ebegin "Starting lighttpd" + start-stop-daemon --start --quiet --exec /usr/sbin/lighttpd \ + --pidfile "${LIGHTTPD_PID}" -- -f "${LIGHTTPD_CONF}" + eend $? +} + +stop() { + local rv=0 + ebegin "Stopping lighttpd" + start-stop-daemon --stop --quiet --pidfile "${LIGHTTPD_PID}" + eend $? +} + +reload() { + if ! service_started "${SVCNAME}" ; then + eerror "${SVCNAME} isn't running" + return 1 + fi + checkconfig || return 1 + + ebegin "Re-opening lighttpd log files" + start-stop-daemon --stop --oknodo --quiet --pidfile "${LIGHTTPD_PID}" \ + --signal HUP + eend $? +} + +graceful() { + if ! service_started "${SVCNAME}" ; then + eerror "${SVCNAME} isn't running" + return 1 + fi + checkconfig || return 1 + + ebegin "Gracefully stopping lighttpd" + start-stop-daemon --stop --oknodo --quiet --pidfile "${LIGHTTPD_PID}" \ + --signal INT + if eend $? ; then + rm -f "${LIGHTTPD_PID}" + start + fi +} diff --git a/www-servers/lighttpd/files/lighttpd.logrotate b/www-servers/lighttpd/files/lighttpd.logrotate new file mode 100644 index 0000000..76f0ef3 --- /dev/null +++ b/www-servers/lighttpd/files/lighttpd.logrotate @@ -0,0 +1,17 @@ +# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/lighttpd.logrotate,v 1.2 2006/05/30 19:49:29 bangert Exp $ +# lighttpd logrotate script for Gentoo + +/var/log/lighttpd/*.log { + daily + missingok + copytruncate + rotate 7 + compress + notifempty + sharedscripts + postrotate + if [ -f /var/run/lighttpd.pid ]; then \ + /etc/init.d/lighttpd reload > /dev/null 2>&1 || true ; \ + fi; + endscript +} diff --git a/www-servers/lighttpd/files/spawn-fcgi.confd b/www-servers/lighttpd/files/spawn-fcgi.confd new file mode 100644 index 0000000..2a88806 --- /dev/null +++ b/www-servers/lighttpd/files/spawn-fcgi.confd @@ -0,0 +1,35 @@ +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/spawn-fcgi.confd,v 1.1 2005/02/14 11:39:01 ka0ttic Exp $ + +# Configuration file for the FCGI-Part of /etc/init.d/lighttpd + +## Set this to "yes" to enable SPAWNFCGI +ENABLE_SPAWNFCGI="yes" + +## ABSOLUTE path to the spawn-fcgi binary +SPAWNFCGI="/usr/bin/spawn-fcgi" + +## ABSOLUTE path to the PHP binary +FCGIPROGRAM="/usr/bin/php-cgi" + +## bind to tcp-port on localhost +FCGIPORT="1026" + +## number of PHP childs to spawn +PHP_FCGI_CHILDREN=5 + +## number of request server by a single php-process until is will be restarted +PHP_FCGI_MAX_REQUESTS=1000 + +## IP adresses where PHP should access server connections from +FCGI_WEB_SERVER_ADDRS="127.0.0.1" + +# allowed environment variables sperated by spaces +ALLOWED_ENV="PATH USER" +# do NOT change line below +ALLOWED_ENV="$ALLOWED_ENV PHP_FCGI_MAX_REQUESTS FCGI_WEB_SERVER_ADDRS" + +## if this script is run as root switch to the following user +USERID=lighttpd +GROUPID=lighttpd diff --git a/www-servers/lighttpd/files/spawn-fcgi.initd b/www-servers/lighttpd/files/spawn-fcgi.initd new file mode 100644 index 0000000..63daa75 --- /dev/null +++ b/www-servers/lighttpd/files/spawn-fcgi.initd @@ -0,0 +1,51 @@ +#!/sbin/runscript +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/spawn-fcgi.initd,v 1.2 2007/04/02 12:46:08 uberlord Exp $ + +SPAWNFCGI_PID="/var/run/spawn-fcgi.pid" + +depend() { + need net +} + +start() { + local my_end + + ebegin "Starting spawn-fcgi" + export PHP_FCGI_MAX_REQUESTS FCGI_WEB_SERVER_ADDRS + + EX="${SPAWNFCGI} -p ${FCGIPORT} -f ${FCGIPROGRAM} -u ${USERID} \ + -g ${GROUPID} -C ${PHP_FCGI_CHILDREN}" + + # copy the allowed environment variables + unset E + for i in ${ALLOWED_ENV}; do + E="${E} ${i}=${!i}" + done + + # clean environment and set up a new one + env - ${E} ${EX} 2>${SPAWNFCGI_PID} + my_end=$? + if [ "$my_end" != "0" ]; then + [ -f ${SPAWNFCGI_PID} ] && rm -f ${SPAWNFCGI_PID} + eend $my_end + fi + + #extract parent-process-id and write it back to the file + FCGI_PPID=`cat ${SPAWNFCGI_PID} | cut -d':' -f4` + echo ${FCGI_PPID} > ${SPAWNFCGI_PID} + eend 0 +} + +stop() { + ebegin "Stopping spawn-fcgi" + if ! kill `cat ${SPAWNFCGI_PID}` ; then + eend $? + return 1 + fi + if [ -w ${SPAWNFCGI_PID} ]; then + rm ${SPAWNFCGI_PID} + fi + eend 0 +} |