From http://www.lighttpd.net/:
Important changes
-----------------
This release contains a lot of bug fixes, many detected by scan.coverity.com
(and more to come). The main reason for the release is a fix for an SQL
injection (and path traversal) bug triggered by specially crafted (and
invalid) Host: headers.
Security fixes
--------------
http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt (no CVE yet)
NOTE: We (nixpkgs) currently don't build the mod_mysql_vhost module mentioned
above.
* Remove package name
* Start with upper case letter
* Remove trailing period
Also reword some descriptions and move some long descriptions to
longDescription.
I'm not touching generated packages.
This also adds pkgconfig to the dependency list so we don't need to
specify the path to OpenSSL anymore, because we need pkgconfig in order
to correctly find Lua anyway.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
We already have mini_httpd, but IMHO it is *too* minimal as in not very
flexible in configuration (for example, I haven't found any runtime
configuration for disabling logging), so that's why I decided to add
thttpd, which serves quite well as an ad-hoc HTTPd.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
With this patch support for SSL is compiled into lighttpd.
IMO encryption is in most use cases important, therefore SSL support should be build in. This would simplify the setup of a standard web application a lot.
SSL support of lighttpd is documented at
http://redmine.lighttpd.net/projects/1/wiki/Docs_SSL
The build complains about missing "file" and "which" commands, so add them as
build inputs.
"file" is used by the autotools configure script to tweak what -m flag
(if any) to pass to the linker when it asks it for shared library
support.
Here is an example of -m values for GNU ld:
Supported emulations:
elf_x86_64
elf32_x86_64
elf_i386
i386linux
elf_l1om
elf_k1om
"which" is used in the build phase to look for svnversion and git, to build a
version stamp. Since we build from a release tarball (and don't pass svn or git
as inputs either), this check fails and falls back to the version number in the
tarball.
There is one build warning left, but I think this is normal on NixOS:
/tmp/nix-build-lighttpd-1.4.32.drv-0/lighttpd-1.4.32/libtool: line 1085: ldconfig: command not found
One important denial of service (in 1.4.31) fix: CVE-2012-5533[1].
NOTE: There are some errors about missing commands during the build, but
I'm pretty sure they were there before. And the result seems to be
working anyway...
* /usr/bin/file: No such file or directory
* /bin/sh: line 2: which: command not found
* /tmp/nix-build-lighttpd-1.4.32.drv-0/lighttpd-1.4.32/libtool: line 1085: ldconfig: command not found
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5533
The NixOS service module loads those modules by default. So we need to build
them here as well.
I'm not really sure why these modules are included by default, because (except
from maybe CGI) they obviously are only usable in very rare cases. Am I wrong?
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
The reason because the configure script is unnable to find libxml2 is because it
is searching for a header file in `libxml/*.h`. Obviously this cases an error,
because it's actually in `${libxml2}/include/libxml2/libxml/*.h`, so let's add
the parent directory to --with-libxml2 and remove the comment from buildInputs.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
According to Hydra:
at `mod_fastcgi' [system = "i686-darwin"]:
assertion failed at `/nix/store/jjbzdiilypsb8z38647hav2fxlp0bwfd-nixpkgs-r27790/pkgs/servers/http/apache-httpd/default.nix:8:1'
at `mod_fastcgi' [system = "x86_64-darwin"]:
assertion failed at `/nix/store/jjbzdiilypsb8z38647hav2fxlp0bwfd-nixpkgs-r27790/pkgs/servers/http/apache-httpd/default.nix:8:1'
at `mod_wsgi' [system = "i686-darwin"]:
assertion failed at `/nix/store/jjbzdiilypsb8z38647hav2fxlp0bwfd-nixpkgs-r27790/pkgs/servers/http/apache-httpd/default.nix:8:1'
at `mod_wsgi' [system = "x86_64-darwin"]:
assertion failed at `/nix/store/jjbzdiilypsb8z38647hav2fxlp0bwfd-nixpkgs-r27790/pkgs/servers/http/apache-httpd/default.nix:8:1'
svn path=/nixpkgs/trunk/; revision=27793