[pkgsrc/trunk]: pkgsrc/www/lighttpd Update to 1.4.56. From the changelog:

[schmonz <schmonz%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/3836535efd62
branches:  trunk
changeset: 442761:3836535efd62
user:      schmonz <schmonz%pkgsrc.org@localhost>
date:      Mon Nov 30 10:28:33 2020 +0000

description:
Update to 1.4.56. From the changelog:

# Highlights

- HTTP/2 support
  - must be enabled in lighttpd.conf in lighttpd 1.4.56;
    may be enabled by default in a future release
  - `server.feature-flags += ("server.h2proto" => "enable", "server.h2c" => "enable")`
- TLS library options: OpenSSL, mbedTLS, wolfSSL, GnuTLS, NSS
  - mod_openssl (existing)
  - mod_mbedtls (experimental)
  - mod_wolfssl (experimental)
  - mod_gnutls (experimental)
  - mod_nss (experimental)
- TLS OCSP stapling
  (except mbedTLS; not currently supported by mbedTLS)
- TLS session ticket key rotation control
  (except NSS; API limitation in NSS)
- mod_deflate brotli support
- mod_proxy makes HTTP/1.1 requests to backends (change from HTTP/1.0)
- RFC 8297 support for 103 Early Hints produced by backends (scripts)
- graceful restart option to transfer listen fds (minimal pause)
  - `server.systemd-socket-activation = "enable"`
  - `server.feature-flags += ("server.graceful-restart-bg" => "enable", "server.graceful-shutdown-timeout" => "15")`

# Behavior Changes

- mod_openssl
  - default MinProtocol TLSv1.2
    TLSv1 and TLSv1.1 are deprecated and no longer supported by major browsers.
    <https://news.netcraft.com/archives/2020/03/03/browsers-on-track-to-block-850000-tls-1-0-sites.html>
    If prior behavior is required, configure:
    `ssl.openssl.ssl-conf-cmd = ("MinProtocol" => "TLSv1")`
    If using openssl <= 1.0.2 (end-of-life)
    `ssl.openssl.ssl-conf-cmd = ("Protocol" => "-ALL, TLSv1, TLSv1.1, TLSv1.2")`
  - (internal) TLS session cache is disabled by default,
    replaced by lighttpd robust TLSv1.2 session ticket support
    If backward compatibility is needed:
    `server.feature-flags += ("ssl.session-cache" => "enable")`
  - (internal) openssl creates a session ticket encryption key per SSL_CTX.
    lighttpd 1.4.56 and later assigns a single session ticket encryption key
    for the lighttpd server (across all SSL_CTX) for consistency.
  - behavior change with ssl.ca-dn-file (uncommon); applies to client
    certificate verification and ssl.ca-dn-file (uncommon)
    If client certificate verification is enabled
    (ssl.verifyclient.activate = "enable"),
    all CAs used for client certificate verification must be present in
    ssl.ca-file. This is the typical use case when client certificate
    verification is enabled. Certificates in (optional) ssl.ca-dn-file
    are used to send issuer names to client when the server sends a
    client certificate request. These names are use by the client
    during certificate selection, and the server requires that the
    certificate sent by the client be issued by one of the subjects
    in ssl.ca-dn-file.
    (Prior behavior merged ssl.ca-file and ssl.ca-dn-file for trusted CAs.
    New behavior requires all trusted CAs be listed in ssl.ca-file,
    and a subset be duplicated into ssl.ca-dn-file to specify allowed
    client cert issuer.)
- mod_deflate: support for bzip2 is now disabled by default in the build
  - (enable using `./configure --with-bzip2`)
    bzip2 Content-Encoding is not widely supported
    Prefer to build `--with-brotli`
    brotli Content-Encoding is more widely supported than bzip2

# Future Scheduled Behavior Changes

- HTTP/2 support will be enabled by default in a future release
- graceful restart/shutdown default timeout will change from
  0 (infinite/no timeout) to 5 seconds (or some similar non-zero period)
  configure an alternative with:
  `server.feature-flags += ("server.graceful-shutdown-timeout" => 5)`
- mod_compress is DEPRECATED; use mod_deflate
  mod_compress has been subsumed by mod_deflate
  Note: mod_compress config options may be removed in a future release
- mod_geoip is DEPRECATED; use mod_maxminddb
  Note: mod_geoip will be removed from a future lighttpd release
- mod_authn_mysql is DEPRECATED; use mod_authn_dbi
  Note: mod_authn_mysql will be removed from a future lighttpd release
- mod_mysql_vhost is DEPRECATED; use mod_vhostdb_dbi or mod_vhostdb_mysql
  Note: mod_mysql_vhost will be removed from a future lighttpd release
- mod_cml is DEPRECATED; use mod_magnet
  Note: mod_cml will be removed from a future lighttpd release

diffstat:

 www/lighttpd/Makefile                               |   5 +--
 www/lighttpd/PLIST                                  |   6 ++--
 www/lighttpd/distinfo                               |  15 +++++------
 www/lighttpd/options.mk                             |  17 ++++++++++---
 www/lighttpd/patches/patch-doc_config_lighttpd.conf |  27 +++++++--------------
 www/lighttpd/patches/patch-doc_lighttpd.8           |   6 ++--
 www/lighttpd/patches/patch-src_mod__webdav.c        |  21 ----------------
 7 files changed, 37 insertions(+), 60 deletions(-)

diffs (213 lines):

diff -r 83261ced9725 -r 3836535efd62 www/lighttpd/Makefile
--- a/www/lighttpd/Makefile     Mon Nov 30 09:25:06 2020 +0000
+++ b/www/lighttpd/Makefile     Mon Nov 30 10:28:33 2020 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.91 2020/11/05 09:09:21 ryoon Exp $
+# $NetBSD: Makefile,v 1.92 2020/11/30 10:28:33 schmonz Exp $
 
-DISTNAME=      lighttpd-1.4.55
-PKGREVISION=   4
+DISTNAME=      lighttpd-1.4.56
 CATEGORIES=    www
 MASTER_SITES=  https://download.lighttpd.net/lighttpd/releases-1.4.x/
 EXTRACT_SUFX=  .tar.xz
diff -r 83261ced9725 -r 3836535efd62 www/lighttpd/PLIST
--- a/www/lighttpd/PLIST        Mon Nov 30 09:25:06 2020 +0000
+++ b/www/lighttpd/PLIST        Mon Nov 30 10:28:33 2020 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.20 2019/05/29 11:02:22 nia Exp $
+@comment $NetBSD: PLIST,v 1.21 2020/11/30 10:28:33 schmonz Exp $
 lib/lighttpd/mod_access.la
 lib/lighttpd/mod_accesslog.la
 lib/lighttpd/mod_alias.la
@@ -9,7 +9,6 @@
 ${PLIST.mysql}lib/lighttpd/mod_authn_mysql.la
 lib/lighttpd/mod_cgi.la
 ${PLIST.lua}lib/lighttpd/mod_cml.la
-lib/lighttpd/mod_compress.la
 lib/lighttpd/mod_deflate.la
 lib/lighttpd/mod_dirlisting.la
 lib/lighttpd/mod_evasive.la
@@ -92,12 +91,13 @@
 share/doc/lighttpd/trigger_b4_dl.txt
 share/doc/lighttpd/userdir.txt
 share/doc/lighttpd/webdav.txt
+share/examples/lighttpd/cert-staple.sh
 share/examples/lighttpd/conf.d/access_log.conf
 share/examples/lighttpd/conf.d/auth.conf
 share/examples/lighttpd/conf.d/cgi.conf
 share/examples/lighttpd/conf.d/cml.conf
-share/examples/lighttpd/conf.d/compress.conf
 share/examples/lighttpd/conf.d/debug.conf
+share/examples/lighttpd/conf.d/deflate.conf
 share/examples/lighttpd/conf.d/dirlisting.conf
 share/examples/lighttpd/conf.d/evhost.conf
 share/examples/lighttpd/conf.d/expire.conf
diff -r 83261ced9725 -r 3836535efd62 www/lighttpd/distinfo
--- a/www/lighttpd/distinfo     Mon Nov 30 09:25:06 2020 +0000
+++ b/www/lighttpd/distinfo     Mon Nov 30 10:28:33 2020 +0000
@@ -1,9 +1,8 @@
-$NetBSD: distinfo,v 1.56 2020/10/25 14:59:14 schmonz Exp $
+$NetBSD: distinfo,v 1.57 2020/11/30 10:28:33 schmonz Exp $
 
-SHA1 (lighttpd-1.4.55.tar.xz) = 05747d89467789f8ce6f86f4f3aee6260579d91c
-RMD160 (lighttpd-1.4.55.tar.xz) = 3ec0c81a6ee286efc998150690c9e39f9606ef28
-SHA512 (lighttpd-1.4.55.tar.xz) = 023d5a54079e710a89a59e259c0b5798103ef6fce4544c36110dc4c5281ef429ef99369923d74123fcf8be37afe622d44cd7149078d21971ff26f3f4ee37c439
-Size (lighttpd-1.4.55.tar.xz) = 765660 bytes
-SHA1 (patch-doc_config_lighttpd.conf) = 9b249155aa29d7d068d48a601f314aa4b62491ef
-SHA1 (patch-doc_lighttpd.8) = 81b7606752312227b142975d4e781496442e9ed8
-SHA1 (patch-src_mod__webdav.c) = 70cc5b3c563fbabc1328476b4208b04bed50d427
+SHA1 (lighttpd-1.4.56.tar.xz) = a7fab18c02dd1216c623cdb2638f03fbf1603d18
+RMD160 (lighttpd-1.4.56.tar.xz) = 00156633a387692dce7b7853fb36bdab0cec92dd
+SHA512 (lighttpd-1.4.56.tar.xz) = de4a00108f007c924e9263ae9dea99a37b7f263246e0314945cdd8313205a268ef5c77f164bd62647b10baf0adea578caeb70fd713365243d4ba200ca8ccf81f
+Size (lighttpd-1.4.56.tar.xz) = 952200 bytes
+SHA1 (patch-doc_config_lighttpd.conf) = c60a17a17551ca8e17ebbabe07be841b5867372b
+SHA1 (patch-doc_lighttpd.8) = e08ac362784aebaca566d0f65380b70a829d6b4e
diff -r 83261ced9725 -r 3836535efd62 www/lighttpd/options.mk
--- a/www/lighttpd/options.mk   Mon Nov 30 09:25:06 2020 +0000
+++ b/www/lighttpd/options.mk   Mon Nov 30 10:28:33 2020 +0000
@@ -1,8 +1,7 @@
-# $NetBSD: options.mk,v 1.23 2020/06/30 14:45:48 nia Exp $
+# $NetBSD: options.mk,v 1.24 2020/11/30 10:28:33 schmonz Exp $
 
 PKG_OPTIONS_VAR=               PKG_OPTIONS.lighttpd
-PKG_SUPPORTED_OPTIONS=         bzip2 fam gdbm inet6 ldap lua mysql ssl memcached geoip gssapi webdav
-PKG_OPTIONS_LEGACY_OPTS+=      memcache:memcached
+PKG_SUPPORTED_OPTIONS=         brotli bzip2 fam gdbm inet6 ldap lua mysql ssl memcached geoip gssapi webdav
 PKG_SUGGESTED_OPTIONS=         inet6 ssl
 
 .include "../../mk/bsd.options.mk"
@@ -10,7 +9,17 @@
 PLIST_VARS+=           gdbm geoip gssapi ldap lua memcached mysql ssl
 
 ###
-### Allow using bzip2 as a compression method in the "compress" module.
+### Allow using brotli as a compression method in the "deflate" module.
+###
+.if !empty(PKG_OPTIONS:Mbrotli)
+.  include "../../archivers/brotli/buildlink3.mk"
+CONFIGURE_ARGS+=       --with-brotli
+.else
+CONFIGURE_ARGS+=       --without-brotli
+.endif
+
+###
+### Allow using bzip2 as a compression method in the "deflate" module.
 ###
 .if !empty(PKG_OPTIONS:Mbzip2)
 .  include "../../archivers/bzip2/buildlink3.mk"
diff -r 83261ced9725 -r 3836535efd62 www/lighttpd/patches/patch-doc_config_lighttpd.conf
--- a/www/lighttpd/patches/patch-doc_config_lighttpd.conf       Mon Nov 30 09:25:06 2020 +0000
+++ b/www/lighttpd/patches/patch-doc_config_lighttpd.conf       Mon Nov 30 10:28:33 2020 +0000
@@ -1,8 +1,8 @@
-$NetBSD: patch-doc_config_lighttpd.conf,v 1.5 2019/05/29 10:01:28 nia Exp $
+$NetBSD: patch-doc_config_lighttpd.conf,v 1.6 2020/11/30 10:28:33 schmonz Exp $
 
 Sane defaults.
 
---- doc/config/lighttpd.conf.orig      2019-05-27 21:03:50.000000000 +0000
+--- doc/config/lighttpd.conf.orig      2020-11-29 22:32:01.000000000 +0000
 +++ doc/config/lighttpd.conf
 @@ -13,11 +13,11 @@
  ## if you add a variable here. Add the corresponding variable in the
@@ -11,7 +11,7 @@
 -var.log_root    = "/var/log/lighttpd"
 +var.log_root    = "@LIGHTTPD_LOGDIR@"
  var.server_root = "/srv/www"
--var.state_dir   = "/var/run"
+-var.state_dir   = "/run"
 -var.home_dir    = "/var/lib/lighttpd"
 -var.conf_dir    = "/etc/lighttpd"
 +var.state_dir   = "@LIGHTTPD_STATEDIR@"
@@ -22,7 +22,7 @@
  ## run the server chrooted.
 @@ -58,7 +58,7 @@ var.vhosts_dir  = server_root + "/vhosts
  ## used in:
- ## conf.d/compress.conf
+ ## conf.d/deflate.conf
  ##
 -var.cache_dir   = "/var/cache/lighttpd"
 +var.cache_dir   = "@LIGHTTPD_CACHEDIR@"
@@ -40,16 +40,7 @@
  
  ##
  ## Enable lighttpd to serve requests on sockets received from systemd
-@@ -184,7 +184,7 @@ include "conf.d/debug.conf"
- ##
- ## linux-sysepoll is recommended on kernel 2.6.
- ##
--server.event-handler = "linux-sysepoll"
-+#server.event-handler = "linux-sysepoll"
- 
- ##
- ## The basic network interface for all platforms at the syscalls read()
-@@ -194,7 +194,7 @@ server.event-handler = "linux-sysepoll"
+@@ -195,7 +195,7 @@ include "conf.d/debug.conf"
  ## sendfile       - is recommended for small files.
  ## writev         - is recommended for sending many large files
  ##
@@ -58,12 +49,12 @@
  
  ##
  ## As lighttpd is a single-threaded server, its main resource limit is
-@@ -411,7 +411,7 @@ server.follow-symlink = "enable"
+@@ -413,7 +413,7 @@ include "conf.d/dirlisting.conf"
  ##
  ## defaults to /var/tmp as we assume it is a local harddisk
- ##
--server.upload-dirs = ( "/var/tmp" )
-+server.upload-dirs = ( "@VARBASE@/tmp" )
+ ## default: "/var/tmp"
+-#server.upload-dirs = ( "/var/tmp" )
++#server.upload-dirs = ( "@VARBASE/tmp" )
  
  ##
  #######################################################################
diff -r 83261ced9725 -r 3836535efd62 www/lighttpd/patches/patch-doc_lighttpd.8
--- a/www/lighttpd/patches/patch-doc_lighttpd.8 Mon Nov 30 09:25:06 2020 +0000
+++ b/www/lighttpd/patches/patch-doc_lighttpd.8 Mon Nov 30 10:28:33 2020 +0000
@@ -1,8 +1,8 @@
-$NetBSD: patch-doc_lighttpd.8,v 1.2 2018/04/17 20:11:15 triaxx Exp $
+$NetBSD: patch-doc_lighttpd.8,v 1.3 2020/11/30 10:28:33 schmonz Exp $
 
 Fix hardcoded paths.
 
---- doc/lighttpd.8.orig        2018-03-12 00:52:20.000000000 +0000
+--- doc/lighttpd.8.orig        2020-11-29 22:32:01.000000000 +0000
 +++ doc/lighttpd.8
 @@ -56,10 +56,10 @@ Show a brief help message and exit.
  .
@@ -12,7 +12,7 @@
 +@PKG_SYSCONFDIR@/lighttpd.conf
  The standard location for the configuration file.
  .TP 8
--/var/run/lighttpd.pid
+-/run/lighttpd.pid
 +@LIGHTTPD_STATEDIR@/lighttpd.pid
  The standard location for the PID of the running \fBlighttpd\fP process.
  .
diff -r 83261ced9725 -r 3836535efd62 www/lighttpd/patches/patch-src_mod__webdav.c
--- a/www/lighttpd/patches/patch-src_mod__webdav.c      Mon Nov 30 09:25:06 2020 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,21 +0,0 @@
-$NetBSD: patch-src_mod__webdav.c,v 1.1 2020/10/25 14:59:14 schmonz Exp $
-
-Add upstream commit ad62991 to define _NETBSD_SOURCE on NetBSD:
-
-NetBSD dirent.h improperly hides fdopendir() (POSIX.1-2008) declaration
-which should be visible w/ _XOPEN_SOURCE 700 or _POSIX_C_SOURCE 200809L
-
---- src/mod_webdav.c.orig      2020-02-01 02:49:09.000000000 +0000
-+++ src/mod_webdav.c
-@@ -155,6 +155,11 @@
- #if !defined(_XOPEN_SOURCE) || _XOPEN_SOURCE-0 < 700
- #undef  _XOPEN_SOURCE
- #define _XOPEN_SOURCE 700
-+/* NetBSD dirent.h improperly hides fdopendir() (POSIX.1-2008) declaration
-+ * which should be visible with _XOPEN_SOURCE 700 or _POSIX_C_SOURCE 200809L */
-+#ifdef __NetBSD__
-+#define _NETBSD_SOURCE
-+#endif
- #endif
- /* DT_UNKNOWN DTTOIF() */
- #ifndef _GNU_SOURCE