!2 update to 1.4.63

Merge pull request !2 from lyn/openEuler-22.03-LTS-Next

492773a20f8a1deb1c94e25d40023970dd9608a1.patch

@@ -0,0 +1,60 @@
+From 492773a20f8a1deb1c94e25d40023970dd9608a1 Mon Sep 17 00:00:00 2001
+From: Glenn Strauss <gstrauss@gluelogic.com>
+Date: Sun, 5 Dec 2021 07:50:17 -0500
+Subject: [PATCH] [core] fix trace issued for loading mod_auth (fixes #3121)
+
+fix trace issued for loading mod_auth after dynamic modules
+
+x-ref:
+  "Curious message on startup with version 1.4.63"
+  https://redmine.lighttpd.net/boards/2/topics/10182
+  "mod_auth warning on startup"
+  https://redmine.lighttpd.net/issues/3121
+---
+ src/configfile.c | 19 ++++++++++++-------
+ 1 file changed, 12 insertions(+), 7 deletions(-)
+
+diff --git a/src/configfile.c b/src/configfile.c
+index 5760bb43..033f2c46 100644
+--- a/src/configfile.c
++++ b/src/configfile.c
+@@ -369,6 +369,7 @@ static void config_compat_module_load (server *srv) {
+     int contains_mod_auth      = 0;
+     int prepend_mod_auth       = 0;
+     int prepend_mod_vhostdb    = 0;
++    const char *dyn_name = NULL;
+ 
+     for (uint32_t i = 0; i < srv->srvconf.modules->used; ++i) {
+         buffer *m = &((data_string *)srv->srvconf.modules->data[i])->value;
+@@ -390,8 +391,15 @@ static void config_compat_module_load (server *srv) {
+         else if (buffer_eq_slen(m, CONST_STR_LEN("mod_wolfssl")))
+             append_mod_openssl = 0;
+         else if (0 == strncmp(m->ptr, "mod_auth", sizeof("mod_auth")-1)) {
+-            if (buffer_eq_slen(m, CONST_STR_LEN("mod_auth")))
+-                contains_mod_auth = 1;
++            if (buffer_eq_slen(m, CONST_STR_LEN("mod_auth"))) {
++                if (!contains_mod_auth) {
++                    contains_mod_auth = 1;
++                    if (dyn_name)
++                        log_error(srv->errh, __FILE__, __LINE__,
++                          "Warning: mod_auth should be listed in server.modules"
++                          " before dynamic backends such as %s", dyn_name);
++                }
++            }
+             else if (!contains_mod_auth)
+                 prepend_mod_auth = 1;
+ 
+@@ -422,11 +430,8 @@ static void config_compat_module_load (server *srv) {
+                                          sizeof("mod_sockproxy")-1)
+                  || 0 == strncmp(m->ptr, "mod_wstunnel",
+                                          sizeof("mod_wstunnel")-1)) {
+-            if (!contains_mod_auth) {
+-                log_error(srv->errh, __FILE__, __LINE__,
+-                  "Warning: mod_auth should be listed in server.modules before "
+-                  "dynamic backends such as %s", m->ptr);
+-            }
++            if (NULL == dyn_name)
++                dyn_name = m->ptr;
+         }
+     }
+ 

5a257fab511225bbfa56b4f1a8b2bb7085f96478.patch

@@ -0,0 +1,27 @@
+From 5a257fab511225bbfa56b4f1a8b2bb7085f96478 Mon Sep 17 00:00:00 2001
+From: Glenn Strauss <gstrauss@gluelogic.com>
+Date: Wed, 8 Dec 2021 18:42:31 -0500
+Subject: [PATCH] [core] make setrlimit() warn, not fatal
+
+(thx limb)
+
+make setrlimit() issue warning on error, not fatal,
+and add suggesting to configure SELinux permissions
+---
+ src/server.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/server.c b/src/server.c
+index f2ff7b73..beca364a 100644
+--- a/src/server.c
++++ b/src/server.c
+@@ -1357,7 +1357,8 @@ static int server_main_setup (server * const srv, int argc, char **argv) {
+ 
+ 			if (0 != setrlimit(RLIMIT_NOFILE, &rlim)) {
+ 				log_perror(srv->errh, __FILE__, __LINE__, "setrlimit()");
+-				return -1;
++				log_error(srv->errh, __FILE__, __LINE__, "setrlimit() may need root to run once: setsebool -P httpd_setrlimit on");
++				use_rlimit = 0;
+ 			}
+ 		}
+ 

lighttpd-1.4.45-defaultconf.patch

@@ -1,57 +0,0 @@
---- doc/config/lighttpd.conf~	2014-03-12 11:40:36.000000000 -0500
-+++ doc/config/lighttpd.conf	2014-07-07 08:22:46.934838985 -0500
-@@ -417,7 +417,7 @@
- ##     # Check your cipher list with: openssl ciphers -v '...' (use single quotes as your shell won't like ! in double quotes)
- ##     #
- ##     # If you know you have RSA keys (standard), you can use:
--##     ssl.cipher-list             = "aRSA+HIGH !3DES +kEDH +kRSA !kSRP !kPSK"
-+##     ssl.cipher-list             = "PROFILE=SYSTEM"
- ##     # The more generic version (without the restriction to RSA keys) is
- ##     # ssl.cipher-list           = "HIGH !aNULL !3DES +kEDH +kRSA !kSRP !kPSK"
- ##     #
---- doc/config/lighttpd.conf~	2016-03-01 10:14:50.000000000 -0500
-+++ doc/config/lighttpd.conf	2016-03-01 10:17:59.194568947 -0500
-@@ -14,7 +14,7 @@
- ## chroot example aswell.
- ##
- var.log_root    = "/var/log/lighttpd"
--var.server_root = "/srv/www"
-+var.server_root = "/var/www"
- var.state_dir   = "/var/run"
- var.home_dir    = "/var/lib/lighttpd"
- var.conf_dir    = "/etc/lighttpd"
---- doc/config/lighttpd.conf.orig	2016-07-19 09:09:39.000000000 -0500
-+++ doc/config/lighttpd.conf	2016-07-19 09:25:40.282577966 -0500
-@@ -204,7 +204,9 @@
- ## By default lighttpd would not change the operation system default.
- ## But setting it to 2048 is a better default for busy servers.
- ##
--server.max-fds = 2048
-+## With SELinux enabled, this is denied by default and needs to be allowed
-+## by running the following once : setsebool -P httpd_setrlimit on  
-+#server.max-fds = 2048
- 
- ##
- ## listen-backlog is the size of the listen() backlog queue requested when
---- doc/config/lighttpd.conf~	2016-08-05 08:24:07.000000000 -0500
-+++ doc/config/lighttpd.conf	2016-08-05 08:26:43.914683962 -0500
-@@ -112,7 +112,7 @@
- ##
- ## Document root
- ##
--server.document-root = server_root + "/htdocs"
-+server.document-root = server_root + "/lighttpd"
- 
- ##
- ## The value for the "Server:" response field.
---- doc/config/lighttpd.conf~	2016-06-28 12:32:10.000000000 -0500
-+++ doc/config/lighttpd.conf	2016-06-28 12:41:50.478761160 -0500
-@@ -67,7 +67,7 @@
- ## conf.d/fastcgi.conf
- ## conf.d/scgi.conf
- ##
--var.socket_dir  = home_dir + "/sockets"
-+var.socket_dir  = state_dir + "/sockets"
- 
- ##
- #######################################################################

lighttpd-1.4.62-defaultconf.patch

@@ -0,0 +1,22 @@
+--- doc/config/lighttpd.conf~	2021-12-02 09:34:06.450352761 -0600
++++ doc/config/lighttpd.conf	2021-12-02 09:36:04.345770602 -0600
+@@ -14,8 +14,8 @@
+ ## chroot example as well.
+ ##
+ var.log_root    = "/var/log/lighttpd"
+-var.server_root = "/srv/www"
+-var.state_dir   = "/run"
++var.server_root = "/var/www"
++var.state_dir   = "/run/lighttpd"
+ var.home_dir    = "/var/lib/lighttpd"
+ var.conf_dir    = "/etc/lighttpd"
+ 
+@@ -436,7 +436,7 @@
+ ##   # Check your cipher list with: openssl ciphers -v '...'
+ ##   # (use single quotes with: openssl ciphers -v '...'
+ ##   #  as your shell won't like ! in double quotes)
+-##   #ssl.cipher-list            = "HIGH"   # default
++##   #ssl.cipher-list            = "PROFILE=SYSTEM"
+ ##
+ ##   # (recommended to accept only TLSv1.2 and TLSv1.3)
+ ##   #ssl.openssl.ssl-conf-cmd = ("MinProtocol" => "TLSv1.2")  # default

lighttpd.init

@@ -61,7 +61,7 @@ restart() {
 
 reload() {
     echo -n $"Reloading $prog: "
-    killproc $prog -HUP
+    killproc $prog -USR1
     retval=$?
     echo
     return $retval

lighttpd.logrotate

@@ -1,3 +1,10 @@
+
+# Warning: Using logrotate together with `max-workers` Lighty option is
+# a pretty complicated thing:
+# https://redmine.lighttpd.net/projects/1/wiki/Docs_ModAccesslog
+# If you use max-workers, you probably want cronolog, which in turn means
+# you shouldn't be using logrotate at all.
+
 /var/log/lighttpd/*log {
     missingok
     notifempty

lighttpd.service

@@ -3,9 +3,10 @@ Description=Lightning Fast Webserver With Light System Requirements
 After=syslog.target network.target
 
 [Service]
-PIDFile=/var/run/lighttpd.pid
+PIDFile=/run/lighttpd.pid
 EnvironmentFile=-/etc/sysconfig/lighttpd
 ExecStart=/usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf
+ExecReload=/bin/kill -USR1 $MAINPID
 
 [Install]
 WantedBy=multi-user.target

lighttpd.spec

@@ -19,16 +19,18 @@
 %bcond_without systemd
 Summary:             Lightning fast webserver with light system requirements
 Name:                lighttpd
-Version:             1.4.53
+Version:             1.4.63
 Release:             1
 License:             BSD-3-Clause and OML and GPLv3 and GPLv2
 URL:                 https://github.com/lighttpd/lighttpd1.4
-Source0:             https://github.com/lighttpd/lighttpd1.4/archive/lighttpd-1.4.53.tar.gz
+Source0:             https://github.com/lighttpd/lighttpd1.4/archive/lighttpd-1.4.63.tar.gz
 Source1:             lighttpd.logrotate
 Source2:             php.d-lighttpd.ini
 Source3:             lighttpd.init
 Source4:             lighttpd.service
-Patch0:              lighttpd-1.4.45-defaultconf.patch
+Patch0:              lighttpd-1.4.62-defaultconf.patch
+Patch1:              5a257fab511225bbfa56b4f1a8b2bb7085f96478.patch
+Patch2:              492773a20f8a1deb1c94e25d40023970dd9608a1.patch
 Requires:            %{name}-filesystem
 %if %{with systemd}
 Requires(post):      systemd
@@ -104,8 +106,10 @@ for the lighttpd server including the correct permissions
 for the directories.
 
 %prep
-%setup -q -n lighttpd1.4-%{name}-%{version}
+%setup -q
 %patch0 -p0 -b .defaultconf
+%patch1 -p1 -b .setrlimit
+%patch2 -p1 -b .fixtrace
 
 %build
 autoreconf -if
@@ -252,5 +256,8 @@ fi
 %attr(0700, lighttpd, lighttpd) %dir %{webroot}/
 
 %changelog
+* Thu Jan 13 2022 liyanan <liyanan32@huawei.com> - 1.4.63-1
+- update to 1.4.63
+
 * Fri Jan 8 2021 chengzihan <chengzihan2@huawei.com> - 1.4.53-1
 - Package init