The tests were enabled in #53488 and succeeded on Darwin; on Linux they
still failed because of empty hostname inside the sandbox (we have no
UTS-namespace hostname and I think no /etc/hosts). Nix on Darwin lacks
powerful enough sandboxing, so there were no problems on Darwin.
Patching the tests to fallback to "127.0.0.1" if hostname of the
localhost cannot be retrieved matches the behaviour of lighttpd itself
and allows the tests to pass.
Not sure if having no hostname in the test environment is a bit too
weird for the upstream to care.
* treewide: http -> https sources
This updates the source urls of all top-level packages from http to
https where possible.
* buildtorrent: fix url and tab -> spaces
Semi-automatic update generated by https://github.com/ryantm/nix-update tools. These checks were done:
- built on NixOS
- ran `/nix/store/zqq4z003jl443djfygasflfqk091wphx-lighttpd-1.4.49/bin/lighttpd -h` got 0 exit code
- ran `/nix/store/zqq4z003jl443djfygasflfqk091wphx-lighttpd-1.4.49/bin/lighttpd -V` and found version 1.4.49
- ran `/nix/store/zqq4z003jl443djfygasflfqk091wphx-lighttpd-1.4.49/bin/lighttpd -v` and found version 1.4.49
- ran `/nix/store/zqq4z003jl443djfygasflfqk091wphx-lighttpd-1.4.49/bin/lighttpd -h` and found version 1.4.49
- ran `/nix/store/zqq4z003jl443djfygasflfqk091wphx-lighttpd-1.4.49/bin/lighttpd-angel -h` got 0 exit code
- ran `/nix/store/zqq4z003jl443djfygasflfqk091wphx-lighttpd-1.4.49/bin/lighttpd-angel --help` got 0 exit code
- ran `/nix/store/zqq4z003jl443djfygasflfqk091wphx-lighttpd-1.4.49/bin/lighttpd-angel help` got 0 exit code
- ran `/nix/store/zqq4z003jl443djfygasflfqk091wphx-lighttpd-1.4.49/bin/lighttpd-angel -V` and found version 1.4.49
- ran `/nix/store/zqq4z003jl443djfygasflfqk091wphx-lighttpd-1.4.49/bin/lighttpd-angel -v` and found version 1.4.49
- ran `/nix/store/zqq4z003jl443djfygasflfqk091wphx-lighttpd-1.4.49/bin/lighttpd-angel --version` and found version 1.4.49
- ran `/nix/store/zqq4z003jl443djfygasflfqk091wphx-lighttpd-1.4.49/bin/lighttpd-angel -h` and found version 1.4.49
- ran `/nix/store/zqq4z003jl443djfygasflfqk091wphx-lighttpd-1.4.49/bin/lighttpd-angel --help` and found version 1.4.49
- found 1.4.49 with grep in /nix/store/zqq4z003jl443djfygasflfqk091wphx-lighttpd-1.4.49
- directory tree listing: https://gist.github.com/3f87cc8cd06f4c87b583c225172f1c2e
Place them in $out/share/lighttpd/doc/config/.
Most importantly, this includes a complete set of mime types in the
$out/share/lighttpd/doc/config/conf.d/mime.conf file. The plan is to use
that file in the NixOS lighttpd module.
From http://www.lighttpd.net/:
Important changes
-----------------
This release contains a lot of bug fixes, many detected by scan.coverity.com
(and more to come). The main reason for the release is a fix for an SQL
injection (and path traversal) bug triggered by specially crafted (and
invalid) Host: headers.
Security fixes
--------------
http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt (no CVE yet)
NOTE: We (nixpkgs) currently don't build the mod_mysql_vhost module mentioned
above.
This also adds pkgconfig to the dependency list so we don't need to
specify the path to OpenSSL anymore, because we need pkgconfig in order
to correctly find Lua anyway.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
With this patch support for SSL is compiled into lighttpd.
IMO encryption is in most use cases important, therefore SSL support should be build in. This would simplify the setup of a standard web application a lot.
SSL support of lighttpd is documented at
http://redmine.lighttpd.net/projects/1/wiki/Docs_SSL
The build complains about missing "file" and "which" commands, so add them as
build inputs.
"file" is used by the autotools configure script to tweak what -m flag
(if any) to pass to the linker when it asks it for shared library
support.
Here is an example of -m values for GNU ld:
Supported emulations:
elf_x86_64
elf32_x86_64
elf_i386
i386linux
elf_l1om
elf_k1om
"which" is used in the build phase to look for svnversion and git, to build a
version stamp. Since we build from a release tarball (and don't pass svn or git
as inputs either), this check fails and falls back to the version number in the
tarball.
There is one build warning left, but I think this is normal on NixOS:
/tmp/nix-build-lighttpd-1.4.32.drv-0/lighttpd-1.4.32/libtool: line 1085: ldconfig: command not found
One important denial of service (in 1.4.31) fix: CVE-2012-5533[1].
NOTE: There are some errors about missing commands during the build, but
I'm pretty sure they were there before. And the result seems to be
working anyway...
* /usr/bin/file: No such file or directory
* /bin/sh: line 2: which: command not found
* /tmp/nix-build-lighttpd-1.4.32.drv-0/lighttpd-1.4.32/libtool: line 1085: ldconfig: command not found
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5533
