Naxsi is a third party nginx module reads a small subset of simple rules
containing a list of known patterns involved in website vulnerabilities.
This module behaves like a DROP-by-default firewall for nginx.
Signed-off-by: Adam Duskett <aduskett@codeblue.com>
[Thomas:
- include Config.in file directly from package/Config.in and not from
package/nginx/Config.
- improve Config.in help text with more details
- rename the package prompt from ngx_http_naxsi_module to nginx-naxsi
- remove NGINX_NAXSI_SOURCE, and fix the definition of
NGINX_NAXSI_SITE
- change license from GPLv3 to GPLv2+ with OpenSSL exception
- cange license file from LICENSE to naxsi_src/naxsi_json.c. The
LICENSE file exists in the latest Git master of the project, but
not in the 0.54 tag that we're packaging.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
A module for nginx web server for handling file uploads using
multipart/form-data encoding (RFC 1867).
Signed-off-by: Bimal Jacob <bimal.jacob@rockwellcollins.com>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
[Thomas:
- rename from nginx-upload-module to nginx-upload. Indeed, we don't
want all nginx modules to be suffixed with "-module"
- include the module Config.in file directly from package/Config.in,
like we do for Python, Perl, Lua or TCL modules.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Changed [PATCH x/y] to [PATCH] at the beginning of the subject line
since the numbering is meaningless.
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The ngx_http_spdy_module has been superseded by the ngx_http_v2_module
so BR2_PACKAGE_NGINX_HTTP_SPDY_MODULE has changed to
BR2_PACKAGE_NGINX_HTTP_V2_MODULE
Signed-off-by: Martin Bark <martin@barkynet.com>
[Thomas: rewrap Config.in.legacy help text.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
When using systemd nginx fails to start with the error
/usr/bin/mkdir: invalid option -- 't'
This is due to a missing space before the semicolon in nginx.service.
For systemd to handle multiple commands in ExecStartPre it requires the
semicolon to be a separate word or the use of multiple ExecStartPre.
This commit splits the multiple commands into two ExecStartPre lines
which fixes the error and improves readability.
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add the missing --with-mail configure option
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
CVE-2016-0742 - invalid pointer dereference might occur during DNS
server response processing if the "resolver" directive was used,
allowing anattacker who is able to forge UDP packets from the DNS server
to cause segmentation fault in a worker process.
CVE-2016-0746 - use-after-free condition might occur during CNAME
response processing if the "resolver" directive was used, allowing an
attacker who is able to trigger name resolution to cause segmentation
fault in a worker process, or might have potential other impact.
CVE-2016-0747 - CNAME resolution was insufficiently limited if the
"resolver" directive was used, allowing an attacker who is able to
trigger arbitrary name resolution to cause excessive resource
consumption in worker processes.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
'echo -n' is not a POSIX construct (no flag support), we shoud use
'printf', especially in init script.
This patch was generated by the following command line:
git grep -l 'echo -n' -- `git ls-files | grep -v 'patch'` | xargs sed -i 's/echo -n/printf/'
Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Patches refreshed to apply with no shift or fuzz.
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The bin path for nginx is configured for /usr/sbin, so deleting
the nginx.old back-up from /usr/bin never works. Fix path, and
also use "$(RM)" instead of "-$(RM)", as "rm -f" never fails.
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Acked-by: Samuel Martin <s.martin49@gmail.com>
Tested-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Now that IPv6 is mandatory remove package dependencies and conditionals
for it.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Now that largefile is mandatory removes package dependencies and
conditionals.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The nginx AIO support cannot build on arc, because it hardcodes
the usage of SYS_eventfd(), while it should just use eventfd() from
the C library.
Fixes:
http://autobuild.buildroot.org/results/f3e/f3e2c7a937517a5444f8c6cc0b02692af897b3e0/
[Thomas: adjust comment as suggested by Yann.]
Signed-off-by: Samuel Martin <s.martin49@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Change LIBFOO_PERMISSIONS everywhere to be a space-separated list.
As nothing was specified in the manual but all our lists are space
separated, there is no reason that this one should be made an exception.
Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>