Commit Graph

135 Commits

Author SHA1 Message Date
Felix Fietkau
c7c1cf5618 treewide: clean up and unify PKG_VERSION for git based downloads
Also use default defintions for PKG_SOURCE_SUBDIR, PKG_SOURCE

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-22 16:42:21 +01:00
Felix Fietkau
720b99215d treewide: clean up download hashes
Replace *MD5SUM with *HASH, replace MD5 hashes with SHA256

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-16 22:39:22 +01:00
Daniel Dickinson
98c86e2970 uhttpd: Add Basic Auth config
We add an 'httpauth' section type that contains the options:

prefix: What virtual or real URL is being protected
username: The username for the Basic Auth dialogue
password: Hashed (crypt()) or plaintext password for the Basic Auth dialogue

httpauth section names are given included as list
items to the instances to which they are to be applied.

Further any existing httpd.conf file (really whatever
is configured in the instance, but default of
/etc/httpd.conf) is appended to the per-instance httpd.conf

Signed-off-by: Daniel Dickinson <lede@cshore.thecshore.com>
2016-10-31 13:22:51 +01:00
Hannu Nyman
9097dc5ad8 uhttpd: create self-signed certificates with unique subjects
Add a partially random O= item to the certificate subject in order
to make the automatically generated certificates' subjects unique.

Firefox has problems when several self-signed certificates
with CA:true attribute and identical subjects have been
seen (and stored) by the browser. Reference to upstream bugs:
https://bugzilla.mozilla.org/show_bug.cgi?id=1147544
https://bugzilla.mozilla.org/show_bug.cgi?id=1056341
https://bugzilla.redhat.com/show_bug.cgi?id=1204670#c34

Certificates created by the OpenSSL one-liner fall into that category.

Avoid identical certificate subjects by including a new 'O=' item
with CommonName + a random part (8 chars). Example:
/CN=LEDE/O=LEDEb986be0b/L=Unknown/ST=Somewhere/C=ZZ

That ensures that the browser properly sees the accumulating
certificates as separate items and does not spend time
trying to form a trust chain from them.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2016-10-26 15:16:52 +02:00
Hannu Nyman
82132540a3 uhttpd: prefer px5g for certificate creation
Prefer the old default 'px5g' for certificate creation
as Firefox seems to dislike OpenSSL-created certs.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2016-10-26 15:16:51 +02:00
Jo-Philipp Wich
81b256ee00 uhttpd: fix handling of special "/" prefix when matching handlers
The special prefix of "/" should match any url by definition but the final
assertion which ensures that the matched prefix ends in '\0' or '/' is causing
matches against the "/" prefix to fail.

Update to current HEAD in order to fix this particular case.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-10-25 16:38:50 +02:00
Felix Fietkau
175b59c59b uhttpd: update to the latest version, adds a small json handler fix
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-10-08 13:50:54 +02:00
Daniel Engberg
9edfe7dd13 source: Switch to xz for packages and tools where possible
* Change git packages to xz
* Update mirror checksums in packages where they are used
* Change a few source tarballs to xz if available upstream
* Remove unused lines in packages we're touching, requested by jow- and blogic
* We're relying more on xz-utils so add official mirror as primary source, master site as secondary.
* Add SHA256 checksums to multiple git tarball packages

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2016-10-06 12:16:56 +02:00
Jo-Philipp Wich
eb75b6ac1f uhttpd: rename certificate defaults section
Now that the uhttpd init script can generate certificates using openssl as
well, update the section name and related comment to be more generic.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-10-06 11:29:24 +02:00
Hannu Nyman
3c4858eeb2 uhttpd: support using OpenSSL for certificate generation
Support the usage of the OpenSSL command-line tool for generating
the SSL certificate for uhttpd. Traditionally 'px5g' based on
PolarSSL (or mbedTLS in LEDE), has been used for the creation.

uhttpd init script is enhanced by adding detection of an installed
openssl command-line binary (provided by 'openssl-util' package),
and if found, the tool is used for certificate generation.

Note: After this patch the script prefers to use the OpenSSL tool
if both it and px5g are installed.

This enables creating a truly OpenSSL-only version of LuCI
without dependency to PolarSSL/mbedTLS based px5g.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2016-10-05 00:48:19 +02:00
Felix Fietkau
475e94b1d2 uhttpd: update to the latest version, adds some extensions to handler script support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-16 19:00:16 +02:00
John Crispin
62dc9831d3 package/*: update git urls for project repos
Signed-off-by: John Crispin <john@phrozen.org>
2016-06-13 22:51:41 +02:00
Jo-Philipp Wich
24a7ccb056 treewide: replace jow@openwrt.org with jo@mein.io
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-07 11:42:52 +02:00
Felix Fietkau
7eeb254cc4 treewide: replace nbd@openwrt.org with nbd@nbd.name
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-07 08:58:42 +02:00
Felix Fietkau
b570c0c88e uhttpd: use configured distribution name for SSL certificate CN
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-05-21 12:42:44 +02:00
John Crispin
fa69553900 branding: add LEDE branding
Signed-off-by: John Crispin <blogic@openwrt.org>
2016-03-24 22:40:13 +01:00
Felix Fietkau
565570cfd5 package/uhttpd: generate 2048 bit RSA key
RSA keys should be generated with sufficient length.
Using 1024 bits is considered unsafe.
In other packages the used key length is 2048 bits.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

SVN-Revision: 48494
2016-01-25 17:42:25 +00:00
Felix Fietkau
208b96cacd uhttpd: fix typo in default config for px5g
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48385
2016-01-19 23:27:14 +00:00
Felix Fietkau
808a605453 uhttpd: add option for mbedtls
Signed-off-by: Daniel Golle <daniel@makrotopia.org>

SVN-Revision: 48343
2016-01-19 10:06:18 +00:00
Felix Fietkau
a5dc438274 uhttpd: move to git.openwrt.org
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48122
2016-01-04 15:12:21 +00:00
Luka Perkov
b18c9d271e uhttpd: add support for configuration option ubus_cors
Signed-off-by: Luka Perkov <luka@openwrt.org>

SVN-Revision: 47448
2015-11-10 22:28:45 +00:00
Felix Fietkau
1d6a530fe6 uhttpd: update to the latest version, adds support for redirect helper scripts
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47419
2015-11-08 20:39:09 +00:00
John Crispin
27002c207e uhttpd: update to latest git HEAD
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 47240
2015-10-20 18:16:05 +00:00
John Crispin
00df239f60 uhttpd: update to latest git revision
adds URL alias support

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 47206
2015-10-19 10:08:01 +00:00
Jo-Philipp Wich
b345461070 uhttpd: fix keep-alive bug (#20607, #20661)
The two commits

  5162e3b0ee7bd1d0fd6e75e1ca7993a1834b5291
	"allow request handlers to disable chunked reponses"

and

  618493e378e2239f0d30902e47adfa134e649fdc
	"file: disable chunked encoding for file responses"

broke the chunked transfer encoding handling for proc responses in keep-alive
connections that followed a file response with http status 204 or 304.

The effect of this bug is that cgi responses following a 204 or 304 one where
sent neither in chunked encoding nor with a content-length header, causing
browsers to stall until the keep alive timeout was reached.

Fix the logic flaw by inverting the chunk prevention flag in the client state
and by testing the chunked encoding preconditions every time instead of
once upon client (re-)initialization.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 47161
2015-10-07 22:14:48 +00:00
Felix Fietkau
b850e1e59f uhttpd: update to the latest version, fixes deferred cgi script processing (#20458)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 46807
2015-09-07 19:18:58 +00:00
Imre Kaloz
996399ba08 uhttpd: we don't know where the device is located, so reflect that in the cert
Signed-off-by: Imre Kaloz <kaloz@openwrt.org>

SVN-Revision: 46688
2015-08-19 08:20:11 +00:00
Jo-Philipp Wich
241d151b9c uhttpd: pass X-HTTP-Method-Override header to cgi scripts
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 46677
2015-08-17 16:17:36 +00:00
Jo-Philipp Wich
531a7e469a uhttpd: use 307 for HTTPS redirections to retain request method
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 45853
2015-05-30 21:14:33 +00:00
Jo-Philipp Wich
4f58248a7d uhttpd: add support for enforcing https
Also set HTTPS environment variable for CGI programs on SSL connections.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 45852
2015-05-30 20:55:14 +00:00
Jo-Philipp Wich
be16b184e2 uhttpd: inhibit chunked transfer encoding for static file responses
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 45850
2015-05-30 14:05:40 +00:00
John Crispin
6aff392bff uhttpd: properly handle return codes
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 45153
2015-03-30 12:35:13 +00:00
Nicolas Thill
81ff0511df packages: more (e)glibc fixes after r44701
_GNU_SOURCE has been declared "deprecated" in favor of _DEFAULT_SOURCE in glibc

Signed-off-by: Nicolas Thill <nico@openwrt.org>

SVN-Revision: 44843
2015-03-16 12:32:22 +00:00
Felix Fietkau
83cdd1623c uhttpd: make generating SSL keys more reliable against interrupted boots
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44772
2015-03-15 10:32:10 +00:00
John Crispin
e69626901e uhttp: update to latest git HEAD
this add json-c 0.12, sorry forgot to push this earlier today

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 44682
2015-03-11 17:58:47 +00:00
Jo-Philipp Wich
b977134dc7 uhttpd: relay stderr to syslog
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 44548
2015-02-26 13:44:05 +00:00
Jo-Philipp Wich
a7c27877e2 uhttpd: fix another remaining relro issue in the Lua plugin
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 44143
2015-01-25 20:43:17 +00:00
Jo-Philipp Wich
634c8c215c uhttpd: fix time_t type mismatch on 32bit systems
The previous update introducing LFS support unconditionally changed the
sprintf() pattern used to print the file modification time to use PRIx64.

Explicitely convert the st_mtime member of the stat struct to uint64_t in
order to avoid type mismatch errors when building for non-64bit targets.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 44138
2015-01-25 17:59:08 +00:00
Jo-Philipp Wich
b82bd94b62 uhttpd: fix crash with enabled relro, memory leak in dirlists and lfs
* Fix the ubus plugin to not make its uhttpd_plugin entry symbol
   constant as uhttpd needs to modify its list_head member
 * Make sure that uhttpd supports large files by using 64bit ints
   where appropriate and by passing _FILE_OFFSET_BITS=64 to the build
 * Plug a possible memleak in the directory listing code

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 44135
2015-01-25 17:23:26 +00:00
Jo-Philipp Wich
8f5c0708ed uhttpd: fix exit code of mod-ubus postinstall script
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 44132
2015-01-25 15:54:43 +00:00
John Crispin
74a3a77bcd license info - revert r43155
turns out that r43155 adds duplicate info.

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 43167
2014-11-03 09:56:44 +00:00
John Crispin
c10d97484a Add more license tags with SPDX identifiers
Note, that licensing stuff is a nightmare: many packages does not clearly
state their licenses, and often multiple source files are simply copied
together - each with different licensing information in the file headers.

I tried hard to ensure, that the license information extracted into the OpenWRT's
makefiles fit the "spirit" of the packages, e.g. such small packages which
come without a dedicated source archive "inherites" the OpenWRT's own license
in my opinion.

However, I can not garantee that I always picked the correct information
and/or did not miss license information.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>

SVN-Revision: 43155
2014-11-03 08:01:08 +00:00
Steven Barth
bec9d38fa4 Add a few SPDX tags
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43151
2014-11-02 12:20:54 +00:00
Jo-Philipp Wich
ba48074622 uhttpd: fix HTTP incompatibilities in file handler
* Fixes sending an extraneous message body for 204 and 304 resoponses which
   breaks Chrome in keep-alive mode.

 * Adds mimetypes for JSON and JSONP.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 43078
2014-10-27 10:25:07 +00:00
Jo-Philipp Wich
730589281e uhttpd: do not configure TLS parameters if libustream-ssl is not present
A quite frequent problem after sysupgrading from an older, SSL enabled build
is that ustream-ssl is not installed so uhttpd fails to come up again due to
https listening directives in the preserved configuration.

Skip key/cert and ssl listen options when libustream-ssl.so is not present.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 42284
2014-08-25 12:39:34 +00:00
Steven Barth
e50f3b4fc7 uhttpd: also bind to IPv6 by default
SVN-Revision: 41114
2014-06-11 12:11:55 +00:00
Felix Fietkau
6de020d241 uhttpd: update to the latest version, fixes musl compile issues
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 41057
2014-06-09 13:47:40 +00:00
Felix Fietkau
bddbcdfc1a uhttpd: update to the latest version, fixes cgi path handling issues
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 40743
2014-05-09 11:17:42 +00:00
Jo-Philipp Wich
e0a3e3d1b6 uhttpd: do not attempt to configure Lua handler if referenced file does not exist
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 40457
2014-04-11 16:13:27 +00:00
Felix Fietkau
abd13cd85b uhttpd: update to latest version, improves cgi path handling
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 40005
2014-03-22 19:38:48 +00:00
Felix Fietkau
9138e8015e uhttpd: update to latest version, fixes HEAD requests to CGI scripts
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 40003
2014-03-21 20:49:56 +00:00
Jo-Philipp Wich
e444eb0bbd uhttpd: don't process ubus_* and lua_* options if corresponding plugin is not installed (#14618)
SVN-Revision: 39057
2013-12-15 15:32:37 +00:00
Felix Fietkau
5143157af8 uhttpd: update to the latest version, fixes crashes in the ubus plugin
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 38888
2013-11-21 21:52:24 +00:00
Jo-Philipp Wich
8a1d77efed uhttpd: return after processing -d switch, only set ubus prefix if not already defined
SVN-Revision: 38743
2013-11-11 19:14:01 +00:00
John Crispin
989783255e uhttp: add ubus.default
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 38741
2013-11-11 18:12:26 +00:00
John Crispin
3cc0f479dc uhttp: make the service auto respawn if it crashes
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 38724
2013-11-11 12:19:02 +00:00
John Crispin
9f3b161a57 uhttp: make sure that the ubus module is loaded when when installed
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 38723
2013-11-11 12:18:58 +00:00
Felix Fietkau
f8ee248701 uhttpd: add a config option for using ustream-polarssl, and use it by default
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 38250
2013-09-29 11:26:09 +00:00
Felix Fietkau
59c05778f0 uhttpd: fix appending https ports to cmdline
Otherwise it is started only on non-secure ports.

Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik@neratec.com>

SVN-Revision: 38171
2013-09-25 07:44:48 +00:00
John Crispin
f874094402 procd: convert various packages to procd style init.d scripts
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 38023
2013-09-17 21:45:30 +00:00
Jo-Philipp Wich
c3cc912ed9 uhttpd: udpat to git head
- fixes buffer corruption with JSON-RPC list calls
	- change JSON-RPC protocol to include the session ID into the call
	  attributes instead of passing it via the URL
	- forcibly pass effective session ID as "ubus_rpc_session" attribute
	  to called procedures
	- change ubus acl checking to conform with new ubus session namespace

SVN-Revision: 37962
2013-09-13 13:24:45 +00:00
Felix Fietkau
719adb6471 uhttpd: update to the latest version, fixes a crash on early cgi/lua process termination
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 37628
2013-07-31 22:07:09 +00:00
Felix Fietkau
8faa8a6420 uhttpd: update to latest version, fixes issues with POST and keep-alive (#13940)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 37556
2013-07-26 10:03:07 +00:00
Jo-Philipp Wich
1150e299bb uhttpd: expose missing options to uci
SVN-Revision: 36932
2013-06-13 11:55:12 +00:00
Felix Fietkau
8c69057980 uhttpd: update to latest version, fixes CGI related crashes
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 36817
2013-06-01 21:43:06 +00:00
Felix Fietkau
02fe12c00d uhttpd: update again to fix a ubus plugin crash bug
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 36770
2013-05-30 13:16:38 +00:00
Felix Fietkau
eeb7fdc13e uhttpd: update to latest version, fixes script timeout for ubus requests
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 36767
2013-05-30 10:44:20 +00:00
Felix Fietkau
75bb3138aa uhttpd: update to latest version, fixes #13564, #13560, improves error handling as pointed out in #13537
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 36696
2013-05-23 10:50:42 +00:00
Felix Fietkau
7365e647f6 uhttpd: update to latest version, fixes index page processing order
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 36644
2013-05-16 11:38:19 +00:00
Felix Fietkau
d090eea125 uhttpd: update to latest version, fixes a SSL connection memory leak
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 36636
2013-05-14 17:43:00 +00:00
Jo-Philipp Wich
e66a4af8c3 uhttpd: update to git head, fixes regression when parsing IPv6 listen arguments
SVN-Revision: 36348
2013-04-17 11:34:39 +00:00
Felix Fietkau
eb10581ce3 uhttpd: update to latest version, fixes compile error with latest libubox
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 36338
2013-04-15 14:49:52 +00:00
Felix Fietkau
84069f8534 uhttpd: update to latest version, fixes an occasional crash on CGI scripts
SVN-Revision: 36034
2013-03-15 13:43:55 +00:00
Felix Fietkau
a4c7a953e5 uhttpd: always turn on TLS support, include ustream-ssl as a build dependency
SVN-Revision: 35295
2013-01-22 15:05:04 +00:00
Felix Fietkau
bab482b93f uhttpd: fix another small hang issue with the same symptoms
SVN-Revision: 35291
2013-01-22 09:38:00 +00:00
Felix Fietkau
166ea3832b uhttpd: fix connection hangs
SVN-Revision: 35290
2013-01-22 09:28:55 +00:00
Felix Fietkau
c725669079 uhttpd: fix unencrypted passwords in httpd.conf
SVN-Revision: 35265
2013-01-21 12:46:41 +00:00
Felix Fietkau
4a86973285 uhttpd: fix selecting the right ustream implementation when openssl is to be used (#12857)
SVN-Revision: 35257
2013-01-20 21:15:43 +00:00
Felix Fietkau
e55ee0817f uhttpd: update to a newer version, fixes chunked transfer on some POST requests
SVN-Revision: 35249
2013-01-19 22:55:46 +00:00
Felix Fietkau
6f0ecf0541 uhttpd: switch to uhttpd2, it is now feature complete
SVN-Revision: 35247
2013-01-19 18:47:09 +00:00
Jo-Philipp Wich
73c75e0dd8 uhttpd: update to latest git head, improves handling of invalid requests
SVN-Revision: 34010
2012-10-30 13:13:21 +00:00
Jo-Philipp Wich
5fb6cf9a11 uhttpd: fix compilation with eglibc
SVN-Revision: 33860
2012-10-19 13:54:29 +00:00
Jo-Philipp Wich
160c2ef011 uhttpd: update to latest git head - introduces support for multiple index files - fixes build with only the TLS module selected
SVN-Revision: 33778
2012-10-15 18:19:57 +00:00
Jo-Philipp Wich
14e14faa0b uhttpd: switch to external git repo + cmake build system
SVN-Revision: 33775
2012-10-15 12:31:33 +00:00
Felix Fietkau
405e21d167 packages: sort network related packages into package/network/
SVN-Revision: 33688
2012-10-10 12:32:29 +00:00