- merged 1.4.71 from PLD

diff --git a/TODO b/TODO
deleted file mode 100644 (file)
index ec6495d..0000000
--- a/TODO
+++ /dev/null
@@ -1,29 +0,0 @@
-# TODO:
-- test mysql (failed at this time)
-- mysql issue: http://www.freebsd.org/cgi/query-pr.cgi?pr=76866
-- fam over gamin is possible, just configure doesn't check other than gamin
-- feature stat-cache-fam (doesn't work)
-- lighttpd writes early startup messages to stderr, and if started from
-  rc-scripts the stderr is closed which causes lighttpd to abort():
-  2006-07-20 21:05:52: (server.c.1233) WARNING: unknown config-key: url.rewrite-final (ignored)
-
-# NOTES:
-- disable largefile, if you have 2.4 kernel to get sendfile() support, and don't need > 2GB file requests,
-  see http://article.gmane.org/gmane.comp.web.lighttpd:722
-
-
-01:08:45  stbuehler> glen: http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2505
-01:09:57  glen> stbuehler: ah sorry, i didn't notice as you didn't reply (hilite) me here..
-01:13:52  glen> stbuehler: btw, what you think of this patch:
-                http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/lighttpd/lighttpd-mod_evasive-status_code.patch
-01:17:52  stbuehler> the buffer_prepare_copy isn't really needed imho (and 255 seems to much for a long anyway)
-01:18:11  stbuehler> and wasn't there a srv->tmp_buf for such things?
-01:18:58  glen> ok i see it changes default 403 -> 503, that's probably bad too?
-01:19:26  stbuehler> apart from that it looks good to me, although it changes the default status code to 503; and perhaps retry-after should
-                     only be returned if it is not zero (i don't know what the rfc says)
-01:19:51 >> OpenURL 9
-01:19:51  Tobsn> http://government.zdnet.com/?p=4792
-01:20:25  stbuehler> i think 503 is a sane default and better than 403, so it should be ok to change the default
-01:21:54  stbuehler> gn8
-
-

diff --git a/lighttpd-branding.patch b/lighttpd-branding.patch
index ac58026b59617484a7a898871113a23f4d24bda7..ce2ac9ad22be00e6515fd7c9dcd5575fc9e23065 100644 (file)
--- a/lighttpd-branding.patch
+++ b/lighttpd-branding.patch
@@ -1,11 +1,12 @@
 --- lighttpd-1.4.56/src/server.c~      2020-11-30 00:32:01.000000000 +0200
 +++ lighttpd-1.4.56/src/server.c       2020-11-30 08:29:32.022380561 +0200
-@@ -25,7 +25,7 @@
+@@ -26,7 +26,7 @@
  # define REPO_VERSION ""
  #endif
  
 -#define PACKAGE_DESC PACKAGE_NAME "/" PACKAGE_VERSION REPO_VERSION
-+#define PACKAGE_DESC PACKAGE_NAME "/" PACKAGE_VERSION REPO_VERSION " (TLD Linux)"
- static const buffer default_server_tag = { CONST_STR_LEN(PACKAGE_DESC)+1, 0 };
++#define PACKAGE_DESC PACKAGE_NAME "/" PACKAGE_VERSION REPO_VERSION " (PLD Linux)"
+ static const buffer default_server_tag =
+   { PACKAGE_DESC "\0server", sizeof(PACKAGE_DESC), 0 };
  
- #include <sys/types.h>
+

diff --git a/lighttpd-mod_evasive-status_code.patch b/lighttpd-mod_evasive-status_code.patch
deleted file mode 100644 (file)
index 02cbd9e..0000000
--- a/lighttpd-mod_evasive-status_code.patch
+++ /dev/null
@@ -1,97 +0,0 @@
---- lighttpd-1.4.19/src/mod_evasive.c  2008-09-19 17:50:24.307245276 +0300
-+++ lighttpd-1.4.22/src/mod_evasive.c  2009-05-12 02:21:58.524447939 +0300
-@@ -28,11 +28,15 @@
- typedef struct {
-       unsigned short max_conns;
-       unsigned short silent;
-+      unsigned short http_status_code;
-+      unsigned int retry_after;
- } plugin_config;
- 
- typedef struct {
-       PLUGIN_DATA;
- 
-+      buffer *evasive_rftmp;
-+
-       plugin_config **config_storage;
- 
-       plugin_config conf;
-@@ -46,6 +50,10 @@
- 
-       p = calloc(1, sizeof(*p));
- 
-+      p->evasive_rftmp = buffer_init();
-+      
-+      buffer_prepare_copy(p->evasive_rftmp, 255);
-+
-       return p;
- }
- 
-@@ -56,6 +64,8 @@
- 
-       if (!p) return HANDLER_GO_ON;
- 
-+      buffer_free(p->evasive_rftmp);
-+
-       if (p->config_storage) {
-               size_t i;
-               for (i = 0; i < srv->config_context->used; i++) {
-@@ -85,6 +85,8 @@
-       config_values_t cv[] = {
-               { "evasive.max-conns-per-ip",    NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_CONNECTION },   /* 0 */
-               { "evasive.silent",              NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 1 */
-+              { "evasive.http-status-code",    NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_CONNECTION },   /* 2 */
-+              { "evasive.retry-after",         NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_CONNECTION },   /* 3 */
-               { NULL,                          NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
-       };
- 
-@@ -94,11 +96,15 @@
-               plugin_config *s;
- 
-               s = calloc(1, sizeof(plugin_config));
--              s->max_conns       = 0;
--              s->silent          = 0;
-+              s->max_conns        = 0;
-+              s->silent           = 0;
-+              s->http_status_code = 503;
-+              s->retry_after      = 0;
- 
-               cv[0].destination = &(s->max_conns);
-               cv[1].destination = &(s->silent);
-+              cv[2].destination = &(s->http_status_code);
-+              cv[3].destination = &(s->retry_after);
- 
-               p->config_storage[i] = s;
- 
-@@ -107,6 +123,8 @@
- 
-       PATCH(max_conns);
-       PATCH(silent);
-+      PATCH(http_status_code);
-+      PATCH(retry_after);
- 
-       /* skip the first, the global context */
-       for (i = 1; i < srv->config_context->used; i++) {
-@@ -124,6 +142,10 @@
-                               PATCH(max_conns);
-                       } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("evasive.silent"))) {
-                               PATCH(silent);
-+                      } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("evasive.http-status-code"))) {
-+                              PATCH(http_status_code);
-+                      } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("evasive.retry-after"))) {
-+                              PATCH(retry_after);
-                       }
-               }
-       }
-@@ -192,8 +214,10 @@
-                               inet_ntop_cache_get_ip(srv, &(con->dst_addr)),
-                               "turned away. Too many connections.");
- 
--                      con->http_status = 403;
-                       con->mode = DIRECT;
-+                      con->http_status = p->conf.http_status_code;
-+                      buffer_copy_long(p->evasive_rftmp, p->conf.retry_after);
-+                      response_header_overwrite(srv, con, CONST_STR_LEN("Retry-After"), CONST_BUF_LEN(p->evasive_rftmp));
-                       return HANDLER_FINISHED;
-               }
-       }

diff --git a/lighttpd.spec b/lighttpd.spec
index 1b2fe81ddfc120455ae2a0045ad9af5153674982..efd9f52f009c4132ae28ace2f9373eb1b2813144 100644 (file)
--- a/lighttpd.spec
+++ b/lighttpd.spec
@@ -1,4 +1,5 @@
 # TODO:
+# - cleanup empty subpackages
 # - don't use lighttpd-angel in systemd. systemd does the respawn/recovery logic itself
 # - provide or autogenerated self signed cert in post, so after installing
 #   lighttpd-ssl server will still work
@@ -19,44 +20,35 @@
 %bcond_without xattr           # support of extended attributes
 %bcond_without ipv6            # IPv4-only version (doesn't require IPv6 in kernel)
 %bcond_without largefile       # largefile support (see notes above)
-%bcond_without dbi             # libdbi, enables mod_vhostdb_dbi
+%bcond_without dbi             # libdbi, enables mod_vhostdb_dbi, mod_authn_dbi
 %bcond_without ssl             # ssl support
-%bcond_without mysql           # mysql support in mod_mysql_vhost, mod_vhostdb_mysql
+%bcond_without mysql           # mysql support in mod_vhostdb_mysql
 %bcond_without pgsql           # PgSQL, enables mod_vhostdb_pgsql
 %bcond_without bzip2           # Enable bzip2 support for mod_deflate
 %bcond_without brotli          # Enable brotli support for mod_deflate
-%bcond_without geoip           # GeoIP support
 %bcond_without maxminddb       # MaxMind GeoIP2 module
 %bcond_with    krb5            # krb5 support (does not work with heimdal)
 %bcond_without ldap            # ldap support in mod_auth, mod_vhostdb_ldap
-%bcond_without lua             # LUA support in mod_cml (needs LUA >= 5.1)
+%bcond_without lua             # LUA support (needs LUA >= 5.1)
 %bcond_with    gamin           # gamin for reducing number of stat() calls. must be enabled in config: server.stat-cache-engine = "fam"
-%bcond_without mod_trigger_b4_dl               # mod_trigger_b4_dl
 %bcond_with    webdav_props    # properties in mod_webdav (includes extra sqlite3/libxml deps)
 %bcond_with    webdav_locks    # webdav locks with extra efsprogs deps
 %bcond_with    valgrind        # compile code with valgrind support.
 %bcond_with    h264_streaming          # build h264_streaming module
-%bcond_without storage_memcached       # memcached storage for mod_trigger_b4_dl/mod_cml
-%bcond_without storage_gdbm            # gdbm storage for mod_trigger_b4_dl
 
 %if %{with webdav_locks}
 %define                webdav_progs    1
 %endif
 
-# if(WITH_PCRE AND (WITH_MEMCACHED OR WITH_GDBM))
-%if %{without storage_memcached} && %{without storage_gdbm}
-%undefine      with_mod_trigger_b4_dl
-%endif
-
 Summary:       Fast and light HTTP server
 Summary(pl.UTF-8):     Szybki i lekki serwer HTTP
 Name:          lighttpd
-Version:       1.4.58
+Version:       1.4.71
 Release:       1
 License:       BSD
 Group:         Networking/Daemons/HTTP
 Source0:       https://download.lighttpd.net/lighttpd/releases-1.4.x/%{name}-%{version}.tar.xz
-# Source0-md5: 8d12a31bd3fdd7eab85cf9a6d2cfa92e
+# Source0-md5: c8ac5fb9580b84ba6be7dd14ac7b0c2d
 Source1:       %{name}.init
 Source2:       %{name}.conf
 Source3:       %{name}.user
@@ -77,61 +69,58 @@ Source101:  mod_accesslog.conf
 Source102:     mod_alias.conf
 Source103:     mod_auth.conf
 Source104:     mod_cgi.conf
-Source105:     mod_cml.conf
+Source105:     mod_h2.conf
+
 Source107:     mod_deflate.conf
 Source108:     mod_dirlisting.conf
-Source109:     mod_evasive.conf
 Source110:     mod_evhost.conf
 Source111:     mod_expire.conf
 Source112:     mod_fastcgi.conf
-Source113:     mod_flv_streaming.conf
+
 Source114:     mod_indexfile.conf
 Source115:     mod_proxy.conf
 Source116:     mod_redirect.conf
 Source117:     mod_rewrite.conf
 Source118:     mod_rrdtool.conf
 Source119:     mod_scgi.conf
-Source120:     mod_secdownload.conf
 Source121:     mod_setenv.conf
 Source122:     mod_simple_vhost.conf
 Source123:     mod_ssi.conf
 Source124:     mod_staticfile.conf
 Source125:     mod_status.conf
-Source126:     mod_trigger_b4_dl.conf
+
 Source127:     mod_userdir.conf
-Source128:     mod_usertrack.conf
 Source129:     mod_webdav.conf
 Source130:     php-spawned.conf
 Source131:     php-external.conf
 Source132:     ssl.conf
-Source133:     mod_mysql_vhost.conf
+
 Source134:     mod_magnet.conf
 Source135:     mod_extforward.conf
 Source136:     mod_h264_streaming.conf
 Source137:     mod_cgi_php.conf
-Source138:     mod_authn_dbi.conf
-Source139:     mod_uploadprogress.conf
-Source140:     mod_geoip.conf
+
 Source141:     mod_authn_ldap.conf
 Source142:     mod_openssl.conf
 Source143:     mod_vhostdb.conf
 Source144:     mod_wstunnel.conf
-Source145:     mod_authn_mysql.conf
+
 Source146:     mod_sockproxy.conf
 Source147:     mod_maxminddb.conf
 # use branch.sh script to create branch.diff
 #Patch100:     %{name}-branch.diff
 ## Patch100-md5:       7bd09235304c8bcb16f34d49d480c0fb
-Patch1:                %{name}-mod_evasive-status_code.patch
 Patch2:                %{name}-mod_h264_streaming.patch
 Patch3:                %{name}-branding.patch
-Patch5:                test-port-setup.patch
 URL:           https://www.lighttpd.net/
-%{?with_geoip:BuildRequires:   GeoIP-devel}
 %{?with_xattr:BuildRequires:   attr-devel}
 BuildRequires: autoconf >= 2.57
 %{?with_maxminddb:BuildRequires:       libmaxminddb-devel}
+%if "%{pld_release}" != "ac"
 BuildRequires: automake >= 1:1.11.2
+%else
+BuildRequires: automake
+%endif
 %{?with_bzip2:BuildRequires:   bzip2-devel}
 BuildRequires: fcgi-devel
 %{?with_gamin:BuildRequires:   gamin-devel}
@@ -148,7 +137,7 @@ BuildRequires:      mailcap >= 2.1.14-4.4
 %{?with_mysql:BuildRequires:   mysql-devel}
 %{?with_ldap:BuildRequires:    openldap-devel}
 %{?with_ssl:BuildRequires:     openssl-devel}
-BuildRequires: pcre-devel
+BuildRequires: pcre2-8-devel
 BuildRequires: pkgconfig
 %{?with_pgsql:BuildRequires:   postgresql-devel}
 BuildRequires: rpm >= 4.4.9-56
@@ -169,6 +158,7 @@ Requires(pre):      /usr/sbin/groupadd
 Requires(pre): /usr/sbin/useradd
 Requires(pre): /usr/sbin/usermod
 Requires:      %{name}-mod_dirlisting = %{version}-%{release}
+Requires:      %{name}-mod_h2 = %{version}-%{release}
 Requires:      %{name}-mod_indexfile = %{version}-%{release}
 Requires:      %{name}-mod_staticfile = %{version}-%{release}
 Requires:      rc-scripts >= 0.4.3.0
@@ -253,6 +243,16 @@ given URL-subset.
 Modul alias służy do określania specjalnego drzewa (document-roota)
 dla podanego podzbioru URL-i.
 
+%package mod_ajp13
+Summary:       Apache JServ Protocol version 1.3 (AJP13) gateway
+Group:         Networking/Daemons/HTTP
+URL:           https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModAJP13
+Requires:      %{name} = %{version}-%{release}
+
+%description mod_ajp13
+lighttpd mod_ajp13 is a gateway implementing Apache JServ Protocol
+version 1.3 (AJP13).
+
 %package mod_auth
 Summary:       lighttpd module for authentication support
 Summary(pl.UTF-8):     Moduł lighttpd do obsługi uwierzytelniania
@@ -263,9 +263,6 @@ Requires:   %{name}-mod_authn_file = %{version}-%{release}
 %if %{with ldap}
 Suggests:      %{name}-mod_authn_ldap = %{version}-%{release}
 %endif
-%if %{with mysql}
-Suggests:      %{name}-mod_authn_mysql = %{version}-%{release}
-%endif
 Provides:      webserver(auth)
 
 %description mod_auth
@@ -279,7 +276,9 @@ basic i digest.
 %package mod_authn_dbi
 Summary:       lighttpd authn_dbi module
 Group:         Networking/Daemons/HTTP
+URL:           https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModAuth
 Requires:      %{name} = %{version}-%{release}
+Requires:      %{name}-mod_auth = %{version}-%{release}
 
 %description mod_authn_dbi
 lighttpd authn_dbi module.
@@ -288,6 +287,7 @@ lighttpd authn_dbi module.
 Summary:       lighttpd authn_file module
 Group:         Networking/Daemons/HTTP
 Requires:      %{name} = %{version}-%{release}
+Requires:      %{name}-mod_auth = %{version}-%{release}
 
 %description mod_authn_file
 lighttpd authn_file module.
@@ -296,6 +296,7 @@ lighttpd authn_file module.
 Summary:       lighttpd authn_gssapi module
 Group:         Networking/Daemons/HTTP
 Requires:      %{name} = %{version}-%{release}
+Requires:      %{name}-mod_auth = %{version}-%{release}
 
 %description mod_authn_gssapi
 lighttpd authn_gssapi module.
@@ -304,22 +305,11 @@ lighttpd authn_gssapi module.
 Summary:       lighttpd authn_ldap module
 Group:         Networking/Daemons/HTTP
 Requires:      %{name} = %{version}-%{release}
+Requires:      %{name}-mod_auth = %{version}-%{release}
 
 %description mod_authn_ldap
 lighttpd authn_ldap module.
 
-%package mod_authn_mysql
-Summary:       lighttpd authn_mysql module
-Group:         Networking/Daemons/HTTP
-Requires:      %{name} = %{version}-%{release}
-
-%description mod_authn_mysql
-lighttpd authn_mysql module.
-
-mod_authn_mysql is DEPRECATED; use mod_authn_dbi.
-
-Note: mod_authn_mysql will be removed from a future lighttpd release.
-
 %package mod_cgi
 Summary:       lighttpd module for CGI handling
 Summary(pl.UTF-8):     Moduł lighttpd do obsługi CGI
@@ -362,56 +352,6 @@ PHP.
 Programy CGI pozwalają rozszerzać funkcjonalność serwera w bardzo
 prosty i naturalny sposób.
 
-%package mod_cml
-Summary:       lighttpd module for Cache Meta Language
-Summary(pl.UTF-8):     Moduł Cache Meta Language
-Group:         Networking/Daemons/HTTP
-URL:           http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:ModCML
-Requires:      %{name} = %{version}-%{release}
-
-%description mod_cml
-CML is a Meta language to describe the dependencies of a page at one
-side and building a page from its fragments on the other side using
-LUA.
-
-mod_cml is DEPRECATED; use mod_magnet.
-
-Note: mod_cml will be removed from a future lighttpd release.
-
-%description mod_cml -l pl.UTF-8
-CML to metajęzyk służący z jednej strony do opisu zależności strony i
-z drugiej strony do budowania strony z fragmentów przy użyciu LUA.
-
-%package mod_compress
-Summary:       lighttpd module for output compression
-Summary(pl.UTF-8):     Moduł lighttpd do kompresji wyjścia
-Group:         Networking/Daemons/HTTP
-URL:           http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:ModCompress
-Requires:      %{name} = %{version}-%{release}
-
-%description mod_compress
-Output compression reduces the network load and can improve the
-overall throughput of the webserver.
-
-Only static content is supported up to now.
-
-The server negotiates automatically which compression method is used.
-Supported are gzip, deflate, bzip.
-
-mod_compress is DEPRECATED; use mod_deflate. mod_compress has been
-subsumed by mod_deflate.
-
-Note: mod_compress config options may be removed in a future release.
-
-%description mod_compress -l pl.UTF-8
-Kompresja wyjścia zmniejsza obciążenie sieci i może poprawić całkowitą
-przepustowość serwera WWW.
-
-Jak na razie obsługiwana jest tylko statyczna treść.
-
-Serwer automatycznie negocjuje, która metoda kompresji jest używana.
-Obsługiwane są gzip, deflate i bzip.
-
 %package mod_deflate
 Summary:       lighttpd module for output compression using deflate method
 Summary(pl.UTF-8):     Moduł lighttpd do kompresji wyjścia metodą deflate
@@ -463,19 +403,6 @@ control.
 mod_dirlisting tworzy listingi katalogów w formacie HTML z pełną
 kontrolą CSS.
 
-%package mod_evasive
-Summary:       lighttpd evasive module
-Summary(pl.UTF-8):     Moduł evasive dla lighttpd
-Group:         Networking/Daemons/HTTP
-URL:           http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:ModEvasive
-Requires:      %{name} = %{version}-%{release}
-
-%description mod_evasive
-lighttpd evasive module.
-
-%description mod_evasive -l pl.UTF-8
-Moduł evasive dla lighttpd.
-
 %package mod_evhost
 Summary:       lighttpd module for enhanced virtual-hosting
 Summary(pl.UTF-8):     Moduł lighttpd rozszerzający obsługę hostów wirtualnych
@@ -541,36 +468,13 @@ Interfejs FastCGI to najszybszy i najbezpieczniejszy sposób
 komunikacji z zewnętrznymi programami obsługującymi procesy, takimi
 jak Perl, PHP czy własne aplikacje.
 
-%package mod_flv_streaming
-Summary:       lighttpd module for flv streaming
-Summary(pl.UTF-8):     Moduł lighttpd do streamingu flv
-Group:         Networking/Daemons/HTTP
-URL:           http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:ModFLVStreaming
-Requires:      %{name} = %{version}-%{release}
-
-%description mod_flv_streaming
-lighttpd module for flv streaming.
-
-%description mod_flv_streaming -l pl.UTF-8
-Moduł lighttpd do streamingu flv.
-
-%package mod_geoip
-Summary:       lighttpd module for IP Based Geographic Lookups
+%package mod_h2
+Summary:       lighttpd h2 module
 Group:         Networking/Daemons/HTTP
-URL:           https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModGeoip
 Requires:      %{name} = %{version}-%{release}
 
-%description mod_geoip
-mod_geoip is a module for fast ip/location lookups. It uses MaxMind
-GeoIP / GeoCity databases.
-
-If the ip was found in the database the module sets the appropriate
-environment variables to the request, thus making other modules/fcgi
-be informed.
-
-mod_geoip is DEPRECATED; use mod_maxminddb.
-
-Note: mod_geoip will be removed from a future lighttpd release.
+%description mod_h2
+lighttpd http 2 module
 
 %package mod_h264_streaming
 Summary:       lighttpd module for h264 streaming
@@ -621,25 +525,6 @@ Requires:  %{name} = %{version}-%{release}
 
 %description mod_maxminddb
 
-%package mod_mysql_vhost
-Summary:       lighttpd module for MySQL based vhosting
-Summary(pl.UTF-8):     Moduł lighttpd obsługujący vhosty oparte na MySQL-u
-Group:         Networking/Daemons/HTTP
-URL:           http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:ModMySQLVhost
-Requires:      %{name} = %{version}-%{release}
-Conflicts:     %{name}-mod_simple_vhost
-
-%description mod_mysql_vhost
-This module provides virtual hosts (vhosts) based on a MySQL table.
-
-mod_mysql_vhost is DEPRECATED; use mod_vhostdb_dbi or
-mod_vhostdb_mysql.
-
-Note: mod_mysql_vhost will be removed from a future lighttpd release.
-
-%description mod_mysql_vhost -l pl.UTF-8
-Ten moduł udostępnia wirtualne hosty (vhosty) oparte na tabeli MySQL.
-
 %package mod_openssl
 Summary:       TLS/SSL for lighttpd
 Group:         Networking/Daemons/HTTP
@@ -751,21 +636,6 @@ Python + WSGI.
 SCGI to szybki i uproszczony interfejs CGI. Jest używany głównie przez
 Pythona z WSGI.
 
-%package mod_secdownload
-Summary:       lighttpd module for secure and fast downloading
-Summary(pl.UTF-8):     Moduł lighttpd do bezpiecznego i szybkiego ściągania danych
-Group:         Networking/Daemons/HTTP
-URL:           http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:ModSecDownload
-Requires:      %{name} = %{version}-%{release}
-
-%description mod_secdownload
-With this module you can easily achieve authenticated file requests
-and a countermeasure against deep-linking.
-
-%description mod_secdownload -l pl.UTF-8
-Przy użyciu tego modułu można łatwo umożliwić ściąganie plików z
-uwierzytelnieniem i zapobiec używaniu bezpośrednich odnośników.
-
 %package mod_setenv
 Summary:       lighttpd module for setting conditional request headers
 Summary(pl.UTF-8):     Moduł lighttpd do ustawiania warunkowych nagłówków żądań
@@ -845,28 +715,6 @@ mod_status displays the server's status and configuration.
 %description mod_status -l pl.UTF-8
 mod_status wyświetla stan i konfigurację serwera.
 
-%package mod_trigger_b4_dl
-Summary:       Trigger before Download
-Summary(pl.UTF-8):     Wyzwalacz przed ściąganiem
-Group:         Networking/Daemons/HTTP
-URL:           http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:ModTriggerBeforeDownload
-Requires:      %{name} = %{version}-%{release}
-
-%description mod_trigger_b4_dl
-Another anti hot-linking module.
-
-%description mod_trigger_b4_dl -l pl.UTF-8
-Jeszcze jeden moduł blokujący bezpośrednie linkowanie.
-
-%package mod_uploadprogress
-Summary:       lighttpd module for upload progress
-Group:         Networking/Daemons/HTTP
-URL:           https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModUploadProgress
-Requires:      %{name} = %{version}-%{release}
-
-%description mod_uploadprogress
-This module can be used to track the progress of a current upload.
-
 %package mod_userdir
 Summary:       lighttpd module for user homedirs
 Summary(pl.UTF-8):     Moduł lighttpd obsługujący katalogi domowe użytkowników
@@ -882,19 +730,6 @@ directories into the global namespace of the webserver.
 Moduł userdir udostępnia prosty sposób włączenia katalogów
 użytkowników do globalnej przestrzeni nazw serwera WWW.
 
-%package mod_usertrack
-Summary:       lighttpd usertrack module
-Summary(pl.UTF-8):     Moduł usertrack dla lighttpd
-Group:         Networking/Daemons/HTTP
-URL:           http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:ModUserTrack
-Requires:      %{name} = %{version}-%{release}
-
-%description mod_usertrack
-lighttpd usertrack module.
-
-%description mod_usertrack -l pl.UTF-8
-Moduł usertrack dla lighttpd.
-
 %package mod_vhostdb
 Summary:       Virtual host database to provide vhost docroot
 Group:         Networking/Daemons/HTTP
@@ -1019,18 +854,21 @@ Plik monitrc do monitorowania serwera www lighttpd.
 %prep
 %setup -q
 #%patch100 -p1
-#%patch1 -p1 UPDATE (and submit upstream!) if you need this
 %{?with_h264_streaming:%patch2 -p1}
 %patch3 -p1
-%patch5 -p1
 
 rm -f src/mod_ssi_exprparser.h # bad patching: should be removed by is emptied instead
 
 # build mime.types.conf
 sh %{SOURCE6} /etc/mime.types
 
+%if "%{pld_release}" == "ac"
+%{__sed} -i -e 's/ serial_tests//' configure.ac
+%{__sed} -i -e 's/dist-xz/dist-bzip2/' configure.ac
+%endif
+
 %build
-ver=$(awk '/AC_INIT/{a=$2;gsub(/[\[\],]/, "", a); print a}' configure.ac)
+ver=$(awk -F ',' '/AC_INIT/{a=$2;gsub(/[\[\],]/, "", a); print a}' configure.ac)
 if [ "$ver" != "%{version}" ]; then
        : configure.ac specifies wrong version
        exit 1
@@ -1049,7 +887,6 @@ fi
        %{?with_bzip2:--with-bzip2} \
        %{?with_dbi:--with-dbi} \
        %{?with_gamin:--with-gamin} \
-       %{?with_geoip:--with-geoip} \
        %{?with_krb5:--with-krb5} \
        %{?with_ldap:--with-ldap} \
        %{?with_lua:--with-lua=lua51} \
@@ -1057,8 +894,6 @@ fi
        %{?with_mysql:--with-mysql} \
        %{?with_pgsql:--with-pgsql} \
        %{?with_ssl:--with-openssl} \
-       %{?with_storage_gdbm:--with-gdbm} \
-       %{?with_storage_memcached:--with-memcached} \
        %{?with_valgrind:--with-valgrind} \
        %{?with_webdav_locks:--with-webdav-locks} \
        %{?with_webdav_props:--with-webdav-props} \
@@ -1079,7 +914,8 @@ install -d $RPM_BUILD_ROOT{%{_lighttpddir}/{cgi-bin,html},/etc/{logrotate.d,rc.d
        $RPM_BUILD_ROOT%{_sysconfdir}/{{conf,vhosts,webapps}.d,ssl} \
        $RPM_BUILD_ROOT{/var/log/{%{name},archive/%{name}},/var/run/%{name}} \
        $RPM_BUILD_ROOT%{_datadir}/lighttpd/errordocs \
-       $RPM_BUILD_ROOT/var/lib/lighttpd
+       $RPM_BUILD_ROOT/var/lib/lighttpd \
+       $RPM_BUILD_ROOT/var/cache/lighttpd/mod_deflate
 
 %{__make} install \
        DESTDIR=$RPM_BUILD_ROOT
@@ -1110,26 +946,19 @@ cp -p %{SOURCE100} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_access.conf
 cp -p %{SOURCE102} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_alias.conf
 cp -p %{SOURCE103} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_auth.conf
 cp -p %{SOURCE104} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_cgi.conf
+cp -p %{SOURCE105} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_h2.conf
 cp -p %{SOURCE137} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_cgi_php.conf
-cp -p %{SOURCE105} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_cml.conf
+
 cp -p %{SOURCE107} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_deflate.conf
 cp -p %{SOURCE108} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_dirlisting.conf
-cp -p %{SOURCE109} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_evasive.conf
 cp -p %{SOURCE110} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_evhost.conf
 cp -p %{SOURCE112} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_fastcgi.conf
-cp -p %{SOURCE113} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_flv_streaming.conf
-%if %{with geoip}
-cp -p %{SOURCE140} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_geoip.conf
-%endif
 %if %{with maxminddb}
 cp -p %{SOURCE147} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_maxminddb.conf
 %endif
 %if %{with ldap}
 cp -p %{SOURCE141} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_authn_ldap.conf
 %endif
-%if %{with mysql}
-cp -p %{SOURCE145} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_authn_mysql.conf
-%endif
 %if %{with h264_streaming}
 cp -p %{SOURCE136} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_h264_streaming.conf
 %endif
@@ -1138,25 +967,15 @@ cp -p %{SOURCE142} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_openssl.conf
 cp -p %{SOURCE115} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_proxy.conf
 cp -p %{SOURCE118} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_rrdtool.conf
 cp -p %{SOURCE119} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_scgi.conf
-cp -p %{SOURCE120} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_secdownload.conf
 cp -p %{SOURCE121} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_setenv.conf
 cp -p %{SOURCE122} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_simple_vhost.conf
 cp -p %{SOURCE123} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_ssi.conf
 cp -p %{SOURCE124} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_staticfile.conf
 cp -p %{SOURCE125} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_status.conf
-%if %{with mod_trigger_b4_dl}
-cp -p %{SOURCE126} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_trigger_b4_dl.conf
-%endif
-cp -p %{SOURCE138} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_authn_dbi.conf
-cp -p %{SOURCE139} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_uploadprogress.conf
 cp -p %{SOURCE127} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_userdir.conf
-cp -p %{SOURCE128} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_usertrack.conf
 cp -p %{SOURCE143} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_vhostdb.conf
 cp -p %{SOURCE129} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_webdav.conf
 cp -p %{SOURCE144} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_wstunnel.conf
-%if %{with mysql}
-cp -p %{SOURCE133} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_mysql_vhost.conf
-%endif
 cp -p %{SOURCE146} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_sockproxy.conf
 
 cp -p %{SOURCE134} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/55_mod_magnet.conf
@@ -1241,45 +1060,37 @@ fi
 
 %module_scripts mod_access
 %module_scripts mod_accesslog
+%module_scripts mod_ajp13
 %module_scripts mod_alias
 %module_scripts mod_auth
 %module_scripts mod_authn_dbi
 %module_scripts mod_authn_file
 %module_scripts mod_authn_gssapi
 %module_scripts mod_authn_ldap
-%module_scripts mod_authn_mysql
 %module_scripts mod_cgi
-%module_scripts mod_cml
 %module_scripts mod_deflate
 %module_scripts mod_dirlisting
-%module_scripts mod_evasive
 %module_scripts mod_evhost
 %module_scripts mod_expire
 %module_scripts mod_extforward
 %module_scripts mod_fastcgi
-%module_scripts mod_flv_streaming
-%module_scripts mod_geoip
+%module_scripts mod_h2
 %module_scripts mod_h264_streaming
 %module_scripts mod_indexfile
 %module_scripts mod_magnet
 %module_scripts mod_maxminddb
-%module_scripts mod_mysql_vhost
 %module_scripts mod_openssl
 %module_scripts mod_proxy
 %module_scripts mod_redirect
 %module_scripts mod_rewrite
 %module_scripts mod_scgi
-%module_scripts mod_secdownload
 %module_scripts mod_setenv
 %module_scripts mod_simple_vhost
 %module_scripts mod_sockproxy
 %module_scripts mod_ssi
 %module_scripts mod_staticfile
 %module_scripts mod_status
-%module_scripts mod_trigger_b4_dl
-%module_scripts mod_uploadprogress
 %module_scripts mod_userdir
-%module_scripts mod_usertrack
 %module_scripts mod_vhostdb
 %module_scripts mod_webdav
 %module_scripts mod_wstunnel
@@ -1344,10 +1155,12 @@ fi
 # rrdtool database is stored there
 %dir %attr(771,root,lighttpd) /var/lib/lighttpd
 
+# mod_deflate can put cached files there
+%dir /var/cache/lighttpd
+
 %files mod_access
 %defattr(644,root,root,755)
 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_access.conf
-%attr(755,root,root) %{pkglibdir}/mod_access.so
 
 %files mod_accesslog
 %defattr(644,root,root,755)
@@ -1357,13 +1170,22 @@ fi
 %files mod_alias
 %defattr(644,root,root,755)
 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_alias.conf
-%attr(755,root,root) %{pkglibdir}/mod_alias.so
+
+%files mod_ajp13
+%defattr(644,root,root,755)
+%attr(755,root,root) %{pkglibdir}/mod_ajp13.so
 
 %files mod_auth
 %defattr(644,root,root,755)
 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_auth.conf
 %attr(755,root,root) %{pkglibdir}/mod_auth.so
 
+%if %{with dbi}
+%files mod_authn_dbi
+%defattr(644,root,root,755)
+%attr(755,root,root) %{pkglibdir}/mod_authn_dbi.so
+%endif
+
 %files mod_authn_file
 %defattr(644,root,root,755)
 %attr(755,root,root) %{pkglibdir}/mod_authn_file.so
@@ -1374,13 +1196,6 @@ fi
 %attr(755,root,root) %{pkglibdir}/mod_authn_gssapi.so
 %endif
 
-%if %{with dbi}
-%files mod_authn_dbi
-%defattr(644,root,root,755)
-%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_authn_dbi.conf
-%attr(755,root,root) %{pkglibdir}/mod_authn_dbi.so
-%endif
-
 %if %{with ldap}
 %files mod_authn_ldap
 %defattr(644,root,root,755)
@@ -1388,13 +1203,6 @@ fi
 %attr(755,root,root) %{pkglibdir}/mod_authn_ldap.so
 %endif
 
-%if %{with mysql}
-%files mod_authn_mysql
-%defattr(644,root,root,755)
-%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_authn_mysql.conf
-%attr(755,root,root) %{pkglibdir}/mod_authn_mysql.so
-%endif
-
 %files mod_cgi
 %defattr(644,root,root,755)
 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_cgi.conf
@@ -1404,35 +1212,24 @@ fi
 %defattr(644,root,root,755)
 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_cgi_php.conf
 
-%files mod_cml
-%defattr(644,root,root,755)
-%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_cml.conf
-%attr(755,root,root) %{pkglibdir}/mod_cml.so
-
 %files mod_deflate
 %defattr(644,root,root,755)
 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_deflate.conf
 %attr(755,root,root) %{pkglibdir}/mod_deflate.so
+%dir %attr(775,root,lighttpd) /var/cache/lighttpd/mod_deflate
 
 %files mod_dirlisting
 %defattr(644,root,root,755)
 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_dirlisting.conf
 %attr(755,root,root) %{pkglibdir}/mod_dirlisting.so
 
-%files mod_evasive
-%defattr(644,root,root,755)
-%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_evasive.conf
-%attr(755,root,root) %{pkglibdir}/mod_evasive.so
-
 %files mod_evhost
 %defattr(644,root,root,755)
 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_evhost.conf
-%attr(755,root,root) %{pkglibdir}/mod_evhost.so
 
 %files mod_expire
 %defattr(644,root,root,755)
 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_expire.conf
-%attr(755,root,root) %{pkglibdir}/mod_expire.so
 
 %files mod_extforward
 %defattr(644,root,root,755)
@@ -1442,19 +1239,11 @@ fi
 %files mod_fastcgi
 %defattr(644,root,root,755)
 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_fastcgi.conf
-%attr(755,root,root) %{pkglibdir}/mod_fastcgi.so
 
-%files mod_flv_streaming
+%files mod_h2
 %defattr(644,root,root,755)
-%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_flv_streaming.conf
-%attr(755,root,root) %{pkglibdir}/mod_flv_streaming.so
-
-%if %{with geoip}
-%files mod_geoip
-%defattr(644,root,root,755)
-%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_geoip.conf
-%attr(755,root,root) %{pkglibdir}/mod_geoip.so
-%endif
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_h2.conf
+%attr(755,root,root) %{pkglibdir}/mod_h2.so
 
 %if %{with h264_streaming}
 %files mod_h264_streaming
@@ -1466,7 +1255,6 @@ fi
 %files mod_indexfile
 %defattr(644,root,root,755)
 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_indexfile.conf
-%attr(755,root,root) %{pkglibdir}/mod_indexfile.so
 
 %files mod_magnet
 %defattr(644,root,root,755)
@@ -1480,13 +1268,6 @@ fi
 %attr(755,root,root) %{pkglibdir}/mod_maxminddb.so
 %endif
 
-%if %{with mysql}
-%files mod_mysql_vhost
-%defattr(644,root,root,755)
-%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_mysql_vhost.conf
-%attr(755,root,root) %{pkglibdir}/mod_mysql_vhost.so
-%endif
-
 %files mod_proxy
 %defattr(644,root,root,755)
 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_proxy.conf
@@ -1500,12 +1281,10 @@ fi
 %files mod_redirect
 %defattr(644,root,root,755)
 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_redirect.conf
-%attr(755,root,root) %{pkglibdir}/mod_redirect.so
 
 %files mod_rewrite
 %defattr(644,root,root,755)
 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_rewrite.conf
-%attr(755,root,root) %{pkglibdir}/mod_rewrite.so
 
 %files mod_rrdtool
 %defattr(644,root,root,755)
@@ -1516,22 +1295,14 @@ fi
 %files mod_scgi
 %defattr(644,root,root,755)
 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_scgi.conf
-%attr(755,root,root) %{pkglibdir}/mod_scgi.so
-
-%files mod_secdownload
-%defattr(644,root,root,755)
-%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_secdownload.conf
-%attr(755,root,root) %{pkglibdir}/mod_secdownload.so
 
 %files mod_setenv
 %defattr(644,root,root,755)
 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_setenv.conf
-%attr(755,root,root) %{pkglibdir}/mod_setenv.so
 
 %files mod_simple_vhost
 %defattr(644,root,root,755)
 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_simple_vhost.conf
-%attr(755,root,root) %{pkglibdir}/mod_simple_vhost.so
 
 %files mod_sockproxy
 %defattr(644,root,root,755)
@@ -1546,35 +1317,17 @@ fi
 %files mod_staticfile
 %defattr(644,root,root,755)
 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_staticfile.conf
-%attr(755,root,root) %{pkglibdir}/mod_staticfile.so
 
 %files mod_status
 %defattr(644,root,root,755)
 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_status.conf
 %attr(755,root,root) %{pkglibdir}/mod_status.so
 
-%if %{with mod_trigger_b4_dl}
-%files mod_trigger_b4_dl
-%defattr(644,root,root,755)
-%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_trigger_b4_dl.conf
-%attr(755,root,root) %{pkglibdir}/mod_trigger_b4_dl.so
-%endif
-
-%files mod_uploadprogress
-%defattr(644,root,root,755)
-%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_uploadprogress.conf
-%attr(755,root,root) %{pkglibdir}/mod_uploadprogress.so
-
 %files mod_userdir
 %defattr(644,root,root,755)
 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_userdir.conf
 %attr(755,root,root) %{pkglibdir}/mod_userdir.so
 
-%files mod_usertrack
-%defattr(644,root,root,755)
-%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_usertrack.conf
-%attr(755,root,root) %{pkglibdir}/mod_usertrack.so
-
 %files mod_vhostdb
 %defattr(644,root,root,755)
 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_vhostdb.conf

diff --git a/mod_authn_dbi.conf b/mod_authn_dbi.conf
deleted file mode 100644 (file)
index 1f13ed2..0000000
--- a/mod_authn_dbi.conf
+++ /dev/null
@@ -1,10 +0,0 @@
-# dbi (mod_authn_dbi)
-#
-# The DBI backend authenticates the user against MySQL/MariaDB, Postgres, SQLite3,
-# and possible other databases with libdbi-drivers
-#
-# Documentation: https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModAuth#dbi-mod_authn_dbi-since-lighttpd-1456
-
-server.modules += (
-       "mod_authn_dbi"
-)

diff --git a/mod_authn_mysql.conf b/mod_authn_mysql.conf
deleted file mode 100644 (file)
index 0abfb1e..0000000
--- a/mod_authn_mysql.conf
+++ /dev/null
@@ -1,9 +0,0 @@
-# mysql (mod_authn_mysql)
-#
-# The mysql backend authenticates the user against MySQL/MariaDB infrastructure
-#
-# Documentation: https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModAuth#mysql-mod_authn_mysql
-
-server.modules += (
-       "mod_authn_mysql"
-)

diff --git a/mod_cml.conf b/mod_cml.conf
deleted file mode 100644 (file)
index 844a069..0000000
--- a/mod_cml.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-# CML is a Meta language to describe the dependencies of a page
-# at one side and building a page from its fragments on the
-# other side using LUA.
-#
-# Documentation: http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModCML
-
-server.modules += (
-       "mod_cml"
-)
-
-## the extension for file with cache information. With .cml,
-## the cache info file for index.html is index.cml
-cml.extension = ".cml"
-
-index-file.names += ( "index" + cml.extension )
-
-## the memcached used by mod_cml
-#cml.memcache-hosts = ( "127.0.0.1:11211" )
-
-## a cml file that is executed for each request
-#cml.power-magnet = "/home/services/lighttpd/html/power-magnet.cml"

diff --git a/mod_deflate.conf b/mod_deflate.conf
index f9523318da0e9367dcd02741b9347695160083b8..93b656279ede1085bd89c9d1d33be317a46c1f5f 100644 (file)
--- a/mod_deflate.conf
+++ b/mod_deflate.conf
@@ -12,7 +12,7 @@ server.modules += (
 #deflate.allowed-encodings = ( "brotli", "gzip", "deflate", "bzip2" )
 
 ### optional
-#deflate.cache-dir = "/path/to/compress/cache"
+deflate.cache-dir = "/var/cache/lighttpd/mod_deflate"
 # measured in kilobytes, so 131072 indicates 128 MB
 #deflate.max-compress-size = 131072
 # measured in bytes

diff --git a/mod_evasive.conf b/mod_evasive.conf
deleted file mode 100644 (file)
index 8ecb17f..0000000
--- a/mod_evasive.conf
+++ /dev/null
@@ -1,12 +0,0 @@
-# Evasive module.
-#
-# Documentation: http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModEvasive
-
-server.modules += (
-       "mod_evasive"
-)
-
-##
-## Limits number of connections per IP
-##
-#evasive.max-conns-per-ip = 5

diff --git a/mod_flv_streaming.conf b/mod_flv_streaming.conf
deleted file mode 100644 (file)
index 898654c..0000000
--- a/mod_flv_streaming.conf
+++ /dev/null
@@ -1,7 +0,0 @@
-# FLV streaming module.
-#
-# Documentation: http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModFLVStreaming
-
-server.modules += (
-       "mod_flv_streaming"
-)

diff --git a/mod_geoip.conf b/mod_geoip.conf
deleted file mode 100644 (file)
index 9a720b3..0000000
--- a/mod_geoip.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-# GeoIP module.
-#
-# Documentation: https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModGeoip
-#
-# mod_geoip is a module for fast ip/location lookups. It uses MaxMind
-# GeoIP / GeoCity databases. If the ip was found in the database the
-# module sets the appropriate environments variables to the request,
-# thus making other modules/fcgi be informed.
-
-server.modules += (
-       "mod_geoip"
-)
-
-#
-# mod_geoip will determine the database type automatically so if you
-# enter GeoCity database path it will load GeoCity Env.
-#
-#geoip.db-filename = "/usr/share/GeoIP/GeoIP.dat"
-
-#
-# If enabled, mod_geoip will load the database binary file to memory
-# for very fast lookups. The only penalty is memory usage.
-# default: disabled
-#
-#geoip.memory-cache = "enable"

diff --git a/mod_h2.conf b/mod_h2.conf
new file mode 100644 (file)
index 0000000..93f1c2b
--- /dev/null
+++ b/mod_h2.conf
@@ -0,0 +1,5 @@
+# HTTP 2 module.
+
+server.modules += (
+       "mod_h2"
+)

diff --git a/mod_mysql_vhost.conf b/mod_mysql_vhost.conf
deleted file mode 100644 (file)
index b54b090..0000000
--- a/mod_mysql_vhost.conf
+++ /dev/null
@@ -1,7 +0,0 @@
-# mysql_vhost module.
-#
-# Documentation: http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModMySQLVhost
-
-server.modules += (
-       "mod_mysql_vhost"
-)

diff --git a/mod_secdownload.conf b/mod_secdownload.conf
deleted file mode 100644 (file)
index c916f1d..0000000
--- a/mod_secdownload.conf
+++ /dev/null
@@ -1,7 +0,0 @@
-# secure and fast downloading module.
-#
-# Documentation: http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModSecDownload
-
-server.modules += (
-       "mod_secdownload"
-)

diff --git a/mod_trigger_b4_dl.conf b/mod_trigger_b4_dl.conf
deleted file mode 100644 (file)
index 1b63371..0000000
--- a/mod_trigger_b4_dl.conf
+++ /dev/null
@@ -1,24 +0,0 @@
-# A module to prevent deep-linking from other sites.
-#
-# Documentation: http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModTriggerBeforeDownload
-
-server.modules += (
-       "mod_trigger_b4_dl"
-)
-
-## guarded download URL, direct access is denied
-#trigger-before-download.download-url = "^/download/"
-
-## trigger URL to allow downloads from <download-url>
-#trigger-before-download.trigger-url = "^/trigger/"
-
-## if access to a file is denied, the user is redirected to this URL
-#trigger-before-download.deny-url = "/home/services/lighttpd/html/deny.html"
-
-## access to granted for <timeout> seconds after the trigger
-#trigger-before-download.trigger-timeout = 10
-
-## storage of trigger information. If both destinations are provided,
-## the GDBM file takes precedence.
-#trigger-before-download.gdbm-filename = "/home/services/lighttpd/data/trigger.db"
-#trigger-before-download.memcache-hosts = ( "127.0.0.1:11211" )

diff --git a/mod_uploadprogress.conf b/mod_uploadprogress.conf
deleted file mode 100644 (file)
index e8db906..0000000
--- a/mod_uploadprogress.conf
+++ /dev/null
@@ -1,16 +0,0 @@
-# Upload Progress module.
-#
-# Documentation: https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModUploadProgress
-
-server.modules += (
-       "mod_uploadprogress"
-)
-
-# string, empty by default; use "/progress" (or something else) to enable the module
-#upload-progress.progress-url = "/progress"
-
-# integer, default: 60 seconds
-#upload-progress.remove-timeout = 30
-
-# boolean, default: "disable"
-#upload-progress.debug = "enable"

diff --git a/mod_usertrack.conf b/mod_usertrack.conf
deleted file mode 100644 (file)
index eb1aba4..0000000
--- a/mod_usertrack.conf
+++ /dev/null
@@ -1,7 +0,0 @@
-# usertrack module.
-#
-# Documentation: http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModUserTrack
-
-server.modules += (
-       "mod_usertrack"
-)

diff --git a/ssl.conf b/ssl.conf
index 15bfb6aeec0daebc1109be5909cda6ee9a7b6ab5..6e454282d2e76c28e4fd8ac84afd665bbf5e4918 100644 (file)
--- a/ssl.conf
+++ b/ssl.conf
@@ -4,51 +4,50 @@
 # https://www.ssllabs.com/projects/best-practices/index.html
 # https://cipherli.st/
 # https://wiki.mozilla.org/Security/Server_Side_TLS
-# https://mozilla.github.io/server-side-tls/ssl-config-generator/
-
-$SERVER["socket"] == ":443" {
-       protocol = "https://"
-       ssl.engine = "enable"
-       ssl.disable-client-renegotiation = "enable"
-
-       # ssl.pemfile: path to the PEM file for SSL support
-       # (Should contain both the private key and the certificate)
-       ## If you have a .crt and a .key file, cat them together into a single PEM file:
-       ## $ cat lighttpd.key lighttpd.crt > lighttpd.pem
-       ssl.pemfile = "/etc/lighttpd/ssl/server.pem"
-       # ssl.ca-file: path to the CA file for support of chained certificates
+#
+# generated 2023-05-28, Mozilla Guideline v5.7, lighttpd 1.4.70, OpenSSL 3.1.0, intermediate configuration
+# https://ssl-config.mozilla.org/#server=lighttpd&version=1.4.70&config=intermediate&openssl=3.1.0&guideline=5.7
+
+$HTTP["scheme"] == "http" {
+       url.redirect = ("" => "https://${url.authority}${url.path}${qsa}")
+}
+
+# lighttpd 1.4.56 and later will inherit ssl.* from the global scope if
+# $SERVER["socket"] contains ssl.engine = "enable" and no other ssl.* options
+# (to avoid having to repeat ssl.* directives in both ":443" and "[::]:443")
+$SERVER["socket"] ==     ":443" { ssl.engine = "enable" }
+$SERVER["socket"] == "[::]:443" { ssl.engine = "enable" }
+
+$HTTP["scheme"] == "https" {
+       # HTTP Strict Transport Security (63072000 seconds is around 2 years)
+       setenv.add-response-header = (
+               "Strict-Transport-Security" => "max-age=63072000"
+       )
+}
+
+# ssl.pemfile: path to the PEM file for SSL support
+# (Should contain both the private key and the certificate)
+## If you have a .crt and a .key file, cat them together into a single PEM file:
+## $ cat lighttpd.key lighttpd.crt > lighttpd.pem
+ssl.pemfile = "/etc/lighttpd/ssl/server.pem"
+#      ssl.privkey = "/path/to/private_key"
+# ssl.ca-file: path to the CA file for support of chained certificates
 #      ssl.ca-file = "/etc/lighttpd/ssl/chain.pem"
 
-       # for DH/DHE ciphers, dhparam should be >= 2048-bit
-       # Generate with:
-       # openssl dhparam -out dh2048.pem -outform PEM -2 2048
-#      ssl.dh-file = "/etc/lighttpd/ssl/dhparam.pem"
-       # ECDH/ECDHE ciphers curve strength (see `openssl ecparam -list_curves`)
-#      ssl.ec-curve = "secp384r1"
-       # Compression is by default off at compile-time, but use if needed
+# OCSP stapling (input file must be maintained by external script)
+# https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_SSL#OCSP-Stapling
+#      ssl.stapling-file = "/path/to/cert-staple.der"
+
+# Compression is by default off at compile-time, but use if needed
 #      ssl.use-compression = "disable"
 
-       # Environment flag for HTTPS enabled
+# Environment flag for HTTPS enabled
 #      setenv.add-environment = (
 #              "HTTPS" => "on"
 #      )
 
-       # https://ssl-config.mozilla.org/#server=lighttpd&server-version=1.4.54&config=intermediate
-       # intermediate configuration, tweak to your needs
-       #
-       ssl.use-sslv2 = "disable"
-       ssl.use-sslv3 = "disable"
-       # intermediate configuration, tweak to your needs
-       ssl.openssl.ssl-conf-cmd = ("Protocol" => "ALL, -SSLv2, -SSLv3, -TLSv1, -TLSv1.1")
-       ssl.cipher-list           = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
-       ssl.honor-cipher-order    = "disable"
-
-       # HTTP Strict Transport Security (63072000 seconds
-       # setenv.add-response-header  = (
-       #       "Strict-Transport-Security" => "max-age=63072000"
-       # )
-
-       $HTTP["useragent"] =~ "MSIE" {
-               server.max-keep-alive-requests = 0
-       }
-}
+ssl.openssl.ssl-conf-cmd = ("MinProtocol" => "TLSv1.2")
+ssl.openssl.ssl-conf-cmd += ("Options" => "-ServerPreference")
+# TLS modules besides mod_openssl might name ciphers differently
+# See https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_SSL
+ssl.openssl.ssl-conf-cmd += ("CipherString" => "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305")

diff --git a/test-port-setup.patch b/test-port-setup.patch
deleted file mode 100644 (file)
index 3578e17..0000000
--- a/test-port-setup.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-
-TODO: upstream it:
-https://github.com/lighttpd/lighttpd1.4/pull/69
-
---- lighttpd-1.4.56/tests/LightyTest.pm~       2020-11-30 00:32:01.000000000 +0200
-+++ lighttpd-1.4.56/tests/LightyTest.pm        2020-11-30 08:31:44.175860280 +0200
-@@ -81,7 +81,7 @@
-       if (exists $ENV{LIGHTTPD_EXE_PATH}) {
-               $self->{LIGHTTPD_PATH} = $ENV{LIGHTTPD_EXE_PATH};
-       }
--      $self->{PORT} = 2048;
-+      $self->{PORT} = $ENV{LIGHTTPD_TEST_PORT} ? int($ENV{LIGHTTPD_TEST_PORT}) : 2048;
- 
-       my ($name, $aliases, $addrtype, $net) = gethostbyaddr(inet_aton("127.0.0.1"), AF_INET);
-