From: Glenn Strauss Date: Mon, 15 Jun 2026 02:30:43 +0000 (-0400) Subject: lighttpd: update to lighttpd 1.4.83 release hash X-Git-Url: http://git.99rst.org/?a=commitdiff_plain;h=8783231a03aad5e7b116da78726174dc6aa4487a;p=openwrt-packages.git lighttpd: update to lighttpd 1.4.83 release hash Ref: https://www.lighttpd.net/2026/6/14/1.4.83/ Signed-off-by: Glenn Strauss --- diff --git a/net/lighttpd/Makefile b/net/lighttpd/Makefile index 0085820f9..e5965ae7c 100644 --- a/net/lighttpd/Makefile +++ b/net/lighttpd/Makefile @@ -8,14 +8,14 @@ include $(TOPDIR)/rules.mk PKG_NAME:=lighttpd -PKG_VERSION:=1.4.82 -PKG_RELEASE:=2 +PKG_VERSION:=1.4.83 +PKG_RELEASE:=1 # release candidate ~rcX testing; remove for release #PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION) PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://download.lighttpd.net/lighttpd/releases-1.4.x -PKG_HASH:=abfe74391f9cbd66ab154ea07e64f194dbe7e906ef4ed47eb3b0f3b46246c962 +PKG_HASH:=b3f878156480079f8a93903bd24d456074a0fbedb9b4d99fcd65df33b1f566f0 PKG_MAINTAINER:=Glenn Strauss PKG_LICENSE:=BSD-3-Clause diff --git a/net/lighttpd/patches/020-meson-mod_webdav_min.patch b/net/lighttpd/patches/020-meson-mod_webdav_min.patch index 8a371e4b4..bdf4944b2 100644 --- a/net/lighttpd/patches/020-meson-mod_webdav_min.patch +++ b/net/lighttpd/patches/020-meson-mod_webdav_min.patch @@ -9,7 +9,7 @@ Subject: [PATCH] [meson] mod_webdav_min w/o deps: xml2 sqlite3 uuid --- a/src/meson.build +++ b/src/meson.build -@@ -926,6 +926,16 @@ if (host_machine.system() == 'darwin') +@@ -929,6 +929,16 @@ if (host_machine.system() == 'darwin') plugin_suffix = 'so' # use "so" instead of "dylib" endif diff --git a/net/lighttpd/patches/030-mod-mbedtls-build.patch b/net/lighttpd/patches/030-mod-mbedtls-build.patch new file mode 100644 index 000000000..6d13cd4db --- /dev/null +++ b/net/lighttpd/patches/030-mod-mbedtls-build.patch @@ -0,0 +1,183 @@ +--- a/src/mod_mbedtls.c ++++ b/src/mod_mbedtls.c +@@ -3431,6 +3431,9 @@ static const int suite_ECJPAKE[] = { + #endif + + #if MBEDTLS_VERSION_NUMBER < 0x04000000 /* mbedtls 4.0.0 */ ++#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) \ ++ || defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) \ ++ || defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) + static const int suite_AES_256[] = { + /* All AES-256 suites */ + #ifdef MBEDTLS_KEY_EXCHANGE_RSA_ENABLED +@@ -3454,8 +3457,12 @@ static const int suite_AES_256[] = { + #endif + }; + #endif ++#endif + + #if MBEDTLS_VERSION_NUMBER < 0x04000000 /* mbedtls 4.0.0 */ ++#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) \ ++ || defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) \ ++ || defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) + static const int suite_CAMELLIA_256[] = { + /* All CAMELLIA-256 suites */ + #ifdef MBEDTLS_KEY_EXCHANGE_RSA_ENABLED +@@ -3473,8 +3480,12 @@ static const int suite_CAMELLIA_256[] = + #endif + }; + #endif ++#endif + + #if MBEDTLS_VERSION_NUMBER < 0x04000000 /* mbedtls 4.0.0 */ ++#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) \ ++ || defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) \ ++ || defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) + static const int suite_ARIA_256[] = { + /* All ARIA-256 suites */ + #ifdef MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED +@@ -3497,8 +3508,12 @@ static const int suite_ARIA_256[] = { + #endif + }; + #endif ++#endif + + #if MBEDTLS_VERSION_NUMBER < 0x04000000 /* mbedtls 4.0.0 */ ++#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) \ ++ || defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) \ ++ || defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) + static const int suite_AES_128[] = { + /* All AES-128 suites */ + #ifdef MBEDTLS_KEY_EXCHANGE_RSA_ENABLED +@@ -3522,8 +3537,12 @@ static const int suite_AES_128[] = { + #endif + }; + #endif ++#endif + + #if MBEDTLS_VERSION_NUMBER < 0x04000000 /* mbedtls 4.0.0 */ ++#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) \ ++ || defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) \ ++ || defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) + static const int suite_CAMELLIA_128[] = { + /* All CAMELLIA-128 suites */ + #ifdef MBEDTLS_KEY_EXCHANGE_RSA_ENABLED +@@ -3541,8 +3560,12 @@ static const int suite_CAMELLIA_128[] = + #endif + }; + #endif ++#endif + + #if MBEDTLS_VERSION_NUMBER < 0x04000000 /* mbedtls 4.0.0 */ ++#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) \ ++ || defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) \ ++ || defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) + static const int suite_ARIA_128[] = { + /* All ARIA-128 suites */ + #ifdef MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED +@@ -3565,6 +3588,7 @@ static const int suite_ARIA_128[] = { + #endif + }; + #endif ++#endif + + #ifdef MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED + static const int suite_RSA_PSK[] = { +@@ -4593,11 +4617,15 @@ mod_mbedtls_ssl_conf_ciphersuites (serve + /sizeof(*suite_AES_256_ephemeral))); + if (-1 == nids) return 0; + #if MBEDTLS_VERSION_NUMBER < 0x04000000 /* mbedtls 4.0.0 */ ++ #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) \ ++ || defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) \ ++ || defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) + nids = mod_mbedtls_ssl_append_ciphersuite(srv, ids, nids, idsz, + suite_AES_256, + (int)(sizeof(suite_AES_256)/sizeof(*suite_AES_256))); + if (-1 == nids) return 0; + #endif ++ #endif + /* XXX: not done: AES256 PSK suites */ + if (nlen == sizeof("AES256")-1) continue; + } +@@ -4610,11 +4638,15 @@ mod_mbedtls_ssl_conf_ciphersuites (serve + /sizeof(*suite_AES_128_ephemeral))); + if (-1 == nids) return 0; + #if MBEDTLS_VERSION_NUMBER < 0x04000000 /* mbedtls 4.0.0 */ ++ #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) \ ++ || defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) \ ++ || defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) + nids = mod_mbedtls_ssl_append_ciphersuite(srv, ids, nids, idsz, + suite_AES_128, + (int)(sizeof(suite_AES_128)/sizeof(*suite_AES_128))); + if (-1 == nids) return 0; + #endif ++ #endif + /* XXX: not done: AES128 PSK suites */ + continue; + } +@@ -4627,12 +4659,16 @@ mod_mbedtls_ssl_conf_ciphersuites (serve + /sizeof(*suite_CAMELLIA_256_ephemeral))); + if (-1 == nids) return 0; + #if MBEDTLS_VERSION_NUMBER < 0x04000000 /* mbedtls 4.0.0 */ ++ #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) \ ++ || defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) \ ++ || defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) + nids = mod_mbedtls_ssl_append_ciphersuite(srv, ids, nids, idsz, + suite_CAMELLIA_256, + (int)(sizeof(suite_CAMELLIA_256) + /sizeof(*suite_CAMELLIA_256))); + if (-1 == nids) return 0; + #endif ++ #endif + /* XXX: not done: CAMELLIA256 PSK suites */ + if (nlen == sizeof("CAMELLIA256")-1) continue; + } +@@ -4645,12 +4681,16 @@ mod_mbedtls_ssl_conf_ciphersuites (serve + /sizeof(*suite_CAMELLIA_128_ephemeral))); + if (-1 == nids) return 0; + #if MBEDTLS_VERSION_NUMBER < 0x04000000 /* mbedtls 4.0.0 */ ++ #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) \ ++ || defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) \ ++ || defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) + nids = mod_mbedtls_ssl_append_ciphersuite(srv, ids, nids, idsz, + suite_CAMELLIA_128, + (int)(sizeof(suite_CAMELLIA_128) + /sizeof(*suite_CAMELLIA_128))); + if (-1 == nids) return 0; + #endif ++ #endif + /* XXX: not done: CAMELLIA128 PSK suites */ + continue; + } +@@ -4663,11 +4703,15 @@ mod_mbedtls_ssl_conf_ciphersuites (serve + /sizeof(*suite_ARIA_256_ephemeral))); + if (-1 == nids) return 0; + #if MBEDTLS_VERSION_NUMBER < 0x04000000 /* mbedtls 4.0.0 */ ++ #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) \ ++ || defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) \ ++ || defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) + nids = mod_mbedtls_ssl_append_ciphersuite(srv, ids, nids, idsz, + suite_ARIA_256, + (int)(sizeof(suite_ARIA_256)/sizeof(*suite_ARIA_256))); + if (-1 == nids) return 0; + #endif ++ #endif + /* XXX: not done: ARIA256 PSK suites */ + if (nlen == sizeof("ARIA256")-1) continue; + } +@@ -4680,11 +4724,15 @@ mod_mbedtls_ssl_conf_ciphersuites (serve + /sizeof(*suite_ARIA_128_ephemeral))); + if (-1 == nids) return 0; + #if MBEDTLS_VERSION_NUMBER < 0x04000000 /* mbedtls 4.0.0 */ ++ #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) \ ++ || defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) \ ++ || defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) + nids = mod_mbedtls_ssl_append_ciphersuite(srv, ids, nids, idsz, + suite_ARIA_128, + (int)(sizeof(suite_ARIA_128)/sizeof(*suite_ARIA_128))); + if (-1 == nids) return 0; + #endif ++ #endif + /* XXX: not done: ARIA128 PSK suites */ + continue; + } diff --git a/net/lighttpd/patches/030-mod_mbedtls-EC-certs-require-drbg-init.patch b/net/lighttpd/patches/030-mod_mbedtls-EC-certs-require-drbg-init.patch deleted file mode 100644 index 656d9d81c..000000000 --- a/net/lighttpd/patches/030-mod_mbedtls-EC-certs-require-drbg-init.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 37fe7397bc24c710437bef5f58cda87bd49f3d0b Mon Sep 17 00:00:00 2001 -From: Glenn Strauss -Date: Sat, 29 Nov 2025 00:41:28 -0500 -Subject: [PATCH] [mod_mbedtls] EC certs require drbg init - -EC certs require drbg init with mbedtls >= 3.0.0 -in addition to MBEDTLS_USE_PSA_CRYPTO requiring drbg init - -x-ref: - "mbedtls error with ec certificates" - https://redmine.lighttpd.net/boards/2/topics/12097 - "mod_mbedtls: ECDSA OpenSSL certificates do not work with lighttpd + mbedTLS/PSA (MBEDTLS_USE_PSA_CRYPTO)" - https://redmine.lighttpd.net/issues/3288 ---- - src/mod_mbedtls.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - ---- a/src/mod_mbedtls.c -+++ b/src/mod_mbedtls.c -@@ -1229,7 +1229,7 @@ __attribute_noinline__ - static void * - network_mbedtls_load_pemfile (server *srv, const buffer *pemfile, const buffer *privkey) - { -- #if defined(MBEDTLS_USE_PSA_CRYPTO) -+ #if MBEDTLS_VERSION_NUMBER >= 0x03000000 /* mbedtls 3.0.0 */ - if (!mod_mbedtls_init_once_mbedtls(srv)) - return NULL; - #endif -@@ -2120,7 +2120,7 @@ SETDEFAULTS_FUNC(mod_mbedtls_set_default - __attribute_fallthrough__ - case 2: /* ssl.ca-file */ - case 3: /* ssl.ca-dn-file */ -- #if defined(MBEDTLS_USE_PSA_CRYPTO) -+ #if MBEDTLS_VERSION_NUMBER >= 0x03000000 /* mbedtls 3.0.0 */ - if (!mod_mbedtls_init_once_mbedtls(srv)) return HANDLER_ERROR; - #endif /* else defer; not necessary for pemfile parsing */ - if (!buffer_is_blank(cpv->v.b)) {