%define webroot /var/www/lighttpd
%global _hardened_build 1
%define confswitch() %{expand:%%{?with_%{1}:--with-%{1}}%%{!?with_%{1}:--without-%{1}}}
%bcond_without mysql
%bcond_without ldap
%bcond_without attr
%bcond_without openssl
%bcond_without kerberos5
%bcond_without pcre
%bcond_with    fam
%bcond_without lua
%bcond_without krb5
%bcond_without pam
%bcond_with    webdavprops
%bcond_with    webdavlocks
%bcond_without gdbm
%bcond_with    memcache
%bcond_without tmpfiles
%bcond_without systemd
Summary:             Lightning fast webserver with light system requirements
Name:                lighttpd
Version:             1.4.63
Release:             5
License:             BSD-3-Clause and OML and GPLv3 and GPLv2
URL:                 https://github.com/lighttpd/lighttpd1.4
Source0:             https://github.com/lighttpd/lighttpd1.4/archive/lighttpd-1.4.63.tar.gz
Source1:             lighttpd.logrotate
Source2:             php.d-lighttpd.ini
Source3:             lighttpd.init
Source4:             lighttpd.service
Patch0:              lighttpd-1.4.62-defaultconf.patch
Patch1:              5a257fab511225bbfa56b4f1a8b2bb7085f96478.patch
Patch2:              492773a20f8a1deb1c94e25d40023970dd9608a1.patch
Patch3:              CVE-2022-22707.patch
Patch4:              CVE-2022-37797.patch
Requires:            %{name}-filesystem
%if %{with systemd}
Requires(post):      systemd
Requires(preun):     systemd
Requires(postun):    systemd
BuildRequires:       systemd
%else
Requires(post):      /sbin/chkconfig
Requires(preun):     /sbin/service, /sbin/chkconfig
Requires(postun):    /sbin/service
%endif
Provides:            webserver
BuildRequires:       openssl-devel, pcre-devel, bzip2-devel, zlib-devel, autoconf, automake, libtool
BuildRequires:       /usr/bin/awk, libattr-devel
%{?with_ldap:BuildRequires: openldap-devel}
%{?with_fam:BuildRequires: gamin-devel}
%{?with_webdavprops:BuildRequires: libxml2-devel}
%{?with_webdavlocks:BuildRequires: sqlite-devel}
%{?with_gdbm:BuildRequires: gdbm-devel}
%{?with_memcache:BuildRequires: memcached-devel}
%{?with_lua:BuildRequires: lua-devel}

%description
Secure, fast, compliant and very flexible web-server which has been optimized
for high-performance environments. It has a very low memory footprint compared
to other webservers and takes care of cpu-load. Its advanced feature-set
(FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more) make
it the perfect webserver-software for every server that is suffering load
problems.

%package fastcgi
Summary:             FastCGI module and spawning helper for lighttpd and PHP configuration
Requires:            %{name} = %{version}-%{release} spawn-fcgi
%description fastcgi
This package contains the spawn-fcgi helper for lighttpd's automatic spawning
of local FastCGI programs. Included is also a PHP .ini file to change a few
defaults needed for correct FastCGI behavior.

%package mod_mysql_vhost
Summary:             Virtual host module for lighttpd that uses a MySQL database
Requires:            %{name} = %{version}-%{release}
BuildRequires:       mariadb-connector-c-devel
%description mod_mysql_vhost
Virtual host module for lighttpd that uses a MySQL database.

%package mod_authn_mysql
Summary:             Authentication module for lighttpd that uses a MySQL database
Requires:            %{name} = %{version}-%{release}
BuildRequires:       mariadb-connector-c-devel
%description mod_authn_mysql
Authentication module for lighttpd that uses a MySQL database.

%package mod_authn_gssapi
Summary:             Authentication module for lighttpd that uses GSSAPI
Requires:            %{name} = %{version}-%{release}
%description mod_authn_gssapi
Authentication module for lighttpd that uses GSSAPI

%package mod_authn_pam
Summary:             Authentication module for lighttpd that uses PAM
Requires:            %{name} = %{version}-%{release}
BuildRequires:       pam-devel
%description mod_authn_pam
Authentication module for lighttpd that uses PAM.

%package filesystem
Summary:             The basic directory layout for lighttpd
BuildArch:           noarch
Requires(pre): /usr/sbin/useradd
%description filesystem
The lighttpd-filesystem package contains the basic directory layout
for the lighttpd server including the correct permissions
for the directories.

%prep
%setup -q
%patch0 -p0 -b .defaultconf
%patch1 -p1 -b .setrlimit
%patch2 -p1 -b .fixtrace
%patch3 -p1
%patch4 -p1

%build
autoreconf -if
%configure \
    --libdir='%{_libdir}/lighttpd' \
    %{confswitch mysql} \
    %{confswitch pam} \
    %{confswitch ldap} \
    %{confswitch attr} \
    %{confswitch openssl} \
    %{confswitch pcre} \
    %{confswitch fam} \
    %{?with_webdavprops:--with-webdav-props} \
    %{?with_webdavlocks:--with-webdav-locks} \
    %{confswitch gdbm} \
    %{confswitch memcached} \
    %{confswitch lua} \
    %{confswitch krb5}
make %{?_smp_mflags}

%install
make install DESTDIR=%{buildroot}
install -D -p -m 0644 %{SOURCE1} \
    %{buildroot}%{_sysconfdir}/logrotate.d/lighttpd
install -D -p -m 0644 %{SOURCE2} \
    %{buildroot}%{_sysconfdir}/php.d/lighttpd.ini
%if %{with systemd}
install -D -p -m 0644 %{SOURCE4} \
    %{buildroot}%{_unitdir}/lighttpd.service
%else
install -D -p -m 0755 %{SOURCE3} \
    %{buildroot}%{_sysconfdir}/rc.d/init.d/lighttpd
%endif
mkdir -p %{buildroot}%{webroot}
rm -rf config
cp -a doc/config config
find config -name 'Makefile*' | xargs rm -f
chmod -x doc/scripts/*.sh
mkdir -p %{buildroot}%{_sysconfdir}/lighttpd
cp -a config/*.conf config/*.d %{buildroot}%{_sysconfdir}/lighttpd/
mkdir -p %{buildroot}%{_var}/log/lighttpd
mkdir -p %{buildroot}%{_var}/run/lighttpd
%if %{with tmpfiles}
mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d
echo 'D /var/run/lighttpd 0750 lighttpd lighttpd -' > \
    %{buildroot}%{_sysconfdir}/tmpfiles.d/lighttpd.conf
%endif

%pre filesystem
/usr/sbin/useradd -s /sbin/nologin -M -r -d %{webroot} \
    -c 'lighttpd web server' lighttpd &>/dev/null || :

%post
%if %{with systemd}
%systemd_post lighttpd.service
%else
/sbin/chkconfig --add lighttpd
%endif

%preun
%if %{with systemd}
%systemd_preun lighttpd.service
%else
if [ $1 -eq 0 ]; then
    /sbin/service lighttpd stop &>/dev/null || :
    /sbin/chkconfig --del lighttpd
fi
%endif

%postun
%if %{with systemd}
%systemd_postun_with_restart lighttpd.service
%else
if [ $1 -ge 1 ]; then
    /sbin/service lighttpd condrestart &>/dev/null || :
fi
%endif

%files
%license COPYING
%doc AUTHORS README
%doc config/ doc/scripts/rrdtool-graph.sh
%config(noreplace) %{_sysconfdir}/lighttpd/*.conf
%config(noreplace) %{_sysconfdir}/lighttpd/conf.d/*.conf
%exclude %{_sysconfdir}/lighttpd/conf.d/fastcgi.conf
%exclude %{_sysconfdir}/lighttpd/conf.d/mysql_vhost.conf
%config %{_sysconfdir}/lighttpd/conf.d/mod.template
%config %{_sysconfdir}/lighttpd/vhosts.d/vhosts.template
%config(noreplace) %{_sysconfdir}/logrotate.d/lighttpd
%if %{with systemd}
%{_unitdir}/lighttpd.service
%else
%{_sysconfdir}/rc.d/init.d/lighttpd
%endif
%if %{with tmpfiles}
%config(noreplace) %{_sysconfdir}/tmpfiles.d/lighttpd.conf
%endif
%{_sbindir}/lighttpd
%{_sbindir}/lighttpd-angel
%{_libdir}/lighttpd/
%exclude %{_libdir}/lighttpd/*.la
%exclude %{_libdir}/lighttpd/mod_fastcgi.so
%exclude %{_libdir}/lighttpd/mod_mysql_vhost.so
%exclude %{_libdir}/lighttpd/mod_authn_mysql.so
%exclude %{_libdir}/lighttpd/mod_authn_gssapi.so
%{_mandir}/man8/lighttpd*8*

%files fastcgi
%doc doc/outdated/fastcgi*.txt doc/scripts/spawn-php.sh
%config(noreplace) %{_sysconfdir}/php.d/lighttpd.ini
%config(noreplace) %{_sysconfdir}/lighttpd/conf.d/fastcgi.conf
%dir %{_libdir}/lighttpd/
%{_libdir}/lighttpd/mod_fastcgi.so

%files mod_mysql_vhost
%doc doc/outdated/mysqlvhost.txt
%config(noreplace) %{_sysconfdir}/lighttpd/conf.d/mysql_vhost.conf
%dir %{_libdir}/lighttpd/
%{_libdir}/lighttpd/mod_mysql_vhost.so

%files mod_authn_mysql
%dir %{_libdir}/lighttpd/
%{_libdir}/lighttpd/mod_authn_mysql.so

%files mod_authn_gssapi
%dir %{_libdir}/lighttpd/
%{_libdir}/lighttpd/mod_authn_gssapi.so

%files mod_authn_pam
%dir %{_libdir}/lighttpd/
%{_libdir}/lighttpd/mod_authn_pam.so

%files filesystem
%dir %{_sysconfdir}/lighttpd/
%dir %{_sysconfdir}/lighttpd/conf.d/
%dir %{_sysconfdir}/lighttpd/vhosts.d/
%dir %{_var}/run/lighttpd/
%if %{with tmpfiles}
%ghost %attr(0750, lighttpd, lighttpd) %{_var}/run/lighttpd/
%else
%attr(0750, lighttpd, lighttpd) %{_var}/run/lighttpd/
%endif
%attr(0750, lighttpd, lighttpd) %{_var}/log/lighttpd/
%attr(0700, lighttpd, lighttpd) %dir %{webroot}/

%changelog
* Mon Sep 19 2022 mayp <mayanping@ncti-gba.cn> - 1.4.63-5
- Fix CVE-2022-37797 

* Thu Aug 18 2022 caodongxia <caodongxia@h-partners.com> - 1.4.63-4
- Disable fam support as gamin is deprecated

* Sat Feb 19 2022 baizhonggui <baizhonggui@huawei.com> - 1.4.63-3
- Fix excuting systemctl start lighttpd.service failed

* Fri Jan 14 2022 yaoxin <yaoxin30@huawei.com> - 1.4.63-2
- Fix CVE-2022-22707

* Thu Jan 13 2022 liyanan <liyanan32@huawei.com> - 1.4.63-1
- update to 1.4.63

* Fri Jan 8 2021 chengzihan <chengzihan2@huawei.com> - 1.4.53-1
- Package init