<feed xmlns='http://www.w3.org/2005/Atom'>
<title>mtk-20170518/package/network/services/uhttpd/files, branch master</title>
<subtitle>MTK 20170518 : Mediatek SDK based on OpenWRT Barrier Breaker</subtitle>
<link rel='alternate' type='text/html' href='http://www.chd.sx/cgit/mtk-20170518/'/>
<entry>
<title>uhttpd: support multiple Lua prefixes</title>
<updated>2018-08-23T07:18:04+00:00</updated>
<author>
<name>Jo-Philipp Wich</name>
<email>jo@mein.io</email>
</author>
<published>2018-08-23T07:07:23+00:00</published>
<link rel='alternate' type='text/html' href='http://www.chd.sx/cgit/mtk-20170518/commit/?id=214146c6f298e593695c29b8c04a418dac914040'/>
<id>214146c6f298e593695c29b8c04a418dac914040</id>
<content type='text'>
Update to latest git HEAD in order to support configuring multiple
concurrent Lua prefixes in a single uhttpd instance:

  b741dec lua: support multiple Lua prefixes

Additionally rework the init script and update the default configuration
example to treat the lua_prefix option as key=value uci list, similar to
the interpreter extension mapping. Support for the old "option lua_prefix"
plus "option lua_handler" notation is still present.

Finally drop the sed postinstall hack in uhttpd-mod-lua to avoid mangling
files belonging to other packages. Since Lua prefixes have precedence
over CGI prefixes, simply register `/cgi-bin/luci` as Lua handler which
will only become active if both luci-base and uhttpd-mod-lua is installed.

Signed-off-by: Jo-Philipp Wich &lt;jo@mein.io&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Update to latest git HEAD in order to support configuring multiple
concurrent Lua prefixes in a single uhttpd instance:

  b741dec lua: support multiple Lua prefixes

Additionally rework the init script and update the default configuration
example to treat the lua_prefix option as key=value uci list, similar to
the interpreter extension mapping. Support for the old "option lua_prefix"
plus "option lua_handler" notation is still present.

Finally drop the sed postinstall hack in uhttpd-mod-lua to avoid mangling
files belonging to other packages. Since Lua prefixes have precedence
over CGI prefixes, simply register `/cgi-bin/luci` as Lua handler which
will only become active if both luci-base and uhttpd-mod-lua is installed.

Signed-off-by: Jo-Philipp Wich &lt;jo@mein.io&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>merge: uhttpd: update cert generation to match system defaults</title>
<updated>2017-12-08T18:41:18+00:00</updated>
<author>
<name>Zoltan HERPAI</name>
<email>wigyori@uid0.hu</email>
</author>
<published>2017-11-07T08:45:56+00:00</published>
<link rel='alternate' type='text/html' href='http://www.chd.sx/cgit/mtk-20170518/commit/?id=2ffff58c2b8c69a8c6af60702ef962ad497c53ad'/>
<id>2ffff58c2b8c69a8c6af60702ef962ad497c53ad</id>
<content type='text'>
Signed-off-by: Zoltan HERPAI &lt;wigyori@uid0.hu&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Signed-off-by: Zoltan HERPAI &lt;wigyori@uid0.hu&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>merge: packages: update branding in core packages</title>
<updated>2017-12-08T18:41:18+00:00</updated>
<author>
<name>Zoltan HERPAI</name>
<email>wigyori@uid0.hu</email>
</author>
<published>2017-11-07T08:45:54+00:00</published>
<link rel='alternate' type='text/html' href='http://www.chd.sx/cgit/mtk-20170518/commit/?id=23f774f727a1c1b00294ba0b727889f640b270b8'/>
<id>23f774f727a1c1b00294ba0b727889f640b270b8</id>
<content type='text'>
Signed-off-by: Zoltan HERPAI &lt;wigyori@uid0.hu&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Signed-off-by: Zoltan HERPAI &lt;wigyori@uid0.hu&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>uhttpd: Enable integrated Lua by default</title>
<updated>2017-05-16T14:57:01+00:00</updated>
<author>
<name>Ansuel Smith</name>
<email>ansuelsmth@gmail.com</email>
</author>
<published>2017-03-26T13:17:06+00:00</published>
<link rel='alternate' type='text/html' href='http://www.chd.sx/cgit/mtk-20170518/commit/?id=324ec18615c496049653a03fdd25e8c0507e65cc'/>
<id>324ec18615c496049653a03fdd25e8c0507e65cc</id>
<content type='text'>
We enabled lua interpreter by default as it doesn't make any problem in the uhttpd config file and we modify the index page to use it.

Signed-off-by: Ansuel Smith &lt;ansuelsmth@gmail.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
We enabled lua interpreter by default as it doesn't make any problem in the uhttpd config file and we modify the index page to use it.

Signed-off-by: Ansuel Smith &lt;ansuelsmth@gmail.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>uhttpd: use sha256 when generating certificates with openssl (FS#512)</title>
<updated>2017-02-17T13:42:13+00:00</updated>
<author>
<name>Felix Fietkau</name>
<email>nbd@nbd.name</email>
</author>
<published>2017-02-17T13:21:47+00:00</published>
<link rel='alternate' type='text/html' href='http://www.chd.sx/cgit/mtk-20170518/commit/?id=7df998bb6d0830e9cc9506036bebf4c73ecb032d'/>
<id>7df998bb6d0830e9cc9506036bebf4c73ecb032d</id>
<content type='text'>
Patch from attachment to FS#512

Signed-off-by: Felix Fietkau &lt;nbd@nbd.name&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Patch from attachment to FS#512

Signed-off-by: Felix Fietkau &lt;nbd@nbd.name&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>uhttpd: Add Basic Auth config</title>
<updated>2016-10-31T12:22:51+00:00</updated>
<author>
<name>Daniel Dickinson</name>
<email>lede@cshore.thecshore.com</email>
</author>
<published>2016-08-13T23:24:59+00:00</published>
<link rel='alternate' type='text/html' href='http://www.chd.sx/cgit/mtk-20170518/commit/?id=98c86e29705cb1e73e4f2e16044f1e73cff32e31'/>
<id>98c86e29705cb1e73e4f2e16044f1e73cff32e31</id>
<content type='text'>
We add an 'httpauth' section type that contains the options:

prefix: What virtual or real URL is being protected
username: The username for the Basic Auth dialogue
password: Hashed (crypt()) or plaintext password for the Basic Auth dialogue

httpauth section names are given included as list
items to the instances to which they are to be applied.

Further any existing httpd.conf file (really whatever
is configured in the instance, but default of
/etc/httpd.conf) is appended to the per-instance httpd.conf

Signed-off-by: Daniel Dickinson &lt;lede@cshore.thecshore.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
We add an 'httpauth' section type that contains the options:

prefix: What virtual or real URL is being protected
username: The username for the Basic Auth dialogue
password: Hashed (crypt()) or plaintext password for the Basic Auth dialogue

httpauth section names are given included as list
items to the instances to which they are to be applied.

Further any existing httpd.conf file (really whatever
is configured in the instance, but default of
/etc/httpd.conf) is appended to the per-instance httpd.conf

Signed-off-by: Daniel Dickinson &lt;lede@cshore.thecshore.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>uhttpd: create self-signed certificates with unique subjects</title>
<updated>2016-10-26T13:16:52+00:00</updated>
<author>
<name>Hannu Nyman</name>
<email>hannu.nyman@iki.fi</email>
</author>
<published>2016-10-06T17:37:59+00:00</published>
<link rel='alternate' type='text/html' href='http://www.chd.sx/cgit/mtk-20170518/commit/?id=9097dc5ad844c336020be11085e1c8c80390ac9c'/>
<id>9097dc5ad844c336020be11085e1c8c80390ac9c</id>
<content type='text'>
Add a partially random O= item to the certificate subject in order
to make the automatically generated certificates' subjects unique.

Firefox has problems when several self-signed certificates
with CA:true attribute and identical subjects have been
seen (and stored) by the browser. Reference to upstream bugs:
https://bugzilla.mozilla.org/show_bug.cgi?id=1147544
https://bugzilla.mozilla.org/show_bug.cgi?id=1056341
https://bugzilla.redhat.com/show_bug.cgi?id=1204670#c34

Certificates created by the OpenSSL one-liner fall into that category.

Avoid identical certificate subjects by including a new 'O=' item
with CommonName + a random part (8 chars). Example:
/CN=LEDE/O=LEDEb986be0b/L=Unknown/ST=Somewhere/C=ZZ

That ensures that the browser properly sees the accumulating
certificates as separate items and does not spend time
trying to form a trust chain from them.

Signed-off-by: Hannu Nyman &lt;hannu.nyman@iki.fi&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Add a partially random O= item to the certificate subject in order
to make the automatically generated certificates' subjects unique.

Firefox has problems when several self-signed certificates
with CA:true attribute and identical subjects have been
seen (and stored) by the browser. Reference to upstream bugs:
https://bugzilla.mozilla.org/show_bug.cgi?id=1147544
https://bugzilla.mozilla.org/show_bug.cgi?id=1056341
https://bugzilla.redhat.com/show_bug.cgi?id=1204670#c34

Certificates created by the OpenSSL one-liner fall into that category.

Avoid identical certificate subjects by including a new 'O=' item
with CommonName + a random part (8 chars). Example:
/CN=LEDE/O=LEDEb986be0b/L=Unknown/ST=Somewhere/C=ZZ

That ensures that the browser properly sees the accumulating
certificates as separate items and does not spend time
trying to form a trust chain from them.

Signed-off-by: Hannu Nyman &lt;hannu.nyman@iki.fi&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>uhttpd: prefer px5g for certificate creation</title>
<updated>2016-10-26T13:16:51+00:00</updated>
<author>
<name>Hannu Nyman</name>
<email>hannu.nyman@iki.fi</email>
</author>
<published>2016-10-05T08:11:15+00:00</published>
<link rel='alternate' type='text/html' href='http://www.chd.sx/cgit/mtk-20170518/commit/?id=82132540a3efbc98f8f4379b26d4b4541013e69d'/>
<id>82132540a3efbc98f8f4379b26d4b4541013e69d</id>
<content type='text'>
Prefer the old default 'px5g' for certificate creation
as Firefox seems to dislike OpenSSL-created certs.

Signed-off-by: Hannu Nyman &lt;hannu.nyman@iki.fi&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Prefer the old default 'px5g' for certificate creation
as Firefox seems to dislike OpenSSL-created certs.

Signed-off-by: Hannu Nyman &lt;hannu.nyman@iki.fi&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>uhttpd: rename certificate defaults section</title>
<updated>2016-10-06T09:29:24+00:00</updated>
<author>
<name>Jo-Philipp Wich</name>
<email>jo@mein.io</email>
</author>
<published>2016-10-06T09:27:09+00:00</published>
<link rel='alternate' type='text/html' href='http://www.chd.sx/cgit/mtk-20170518/commit/?id=eb75b6ac1f0a3318e9a5f147a6c6a46e1eda0caf'/>
<id>eb75b6ac1f0a3318e9a5f147a6c6a46e1eda0caf</id>
<content type='text'>
Now that the uhttpd init script can generate certificates using openssl as
well, update the section name and related comment to be more generic.

Signed-off-by: Jo-Philipp Wich &lt;jo@mein.io&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Now that the uhttpd init script can generate certificates using openssl as
well, update the section name and related comment to be more generic.

Signed-off-by: Jo-Philipp Wich &lt;jo@mein.io&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>uhttpd: support using OpenSSL for certificate generation</title>
<updated>2016-10-04T22:48:19+00:00</updated>
<author>
<name>Hannu Nyman</name>
<email>hannu.nyman@iki.fi</email>
</author>
<published>2016-10-04T14:38:31+00:00</published>
<link rel='alternate' type='text/html' href='http://www.chd.sx/cgit/mtk-20170518/commit/?id=3c4858eeb2bbb3107f87bb3be07d5c172c8e0ef9'/>
<id>3c4858eeb2bbb3107f87bb3be07d5c172c8e0ef9</id>
<content type='text'>
Support the usage of the OpenSSL command-line tool for generating
the SSL certificate for uhttpd. Traditionally 'px5g' based on
PolarSSL (or mbedTLS in LEDE), has been used for the creation.

uhttpd init script is enhanced by adding detection of an installed
openssl command-line binary (provided by 'openssl-util' package),
and if found, the tool is used for certificate generation.

Note: After this patch the script prefers to use the OpenSSL tool
if both it and px5g are installed.

This enables creating a truly OpenSSL-only version of LuCI
without dependency to PolarSSL/mbedTLS based px5g.

Signed-off-by: Hannu Nyman &lt;hannu.nyman@iki.fi&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Support the usage of the OpenSSL command-line tool for generating
the SSL certificate for uhttpd. Traditionally 'px5g' based on
PolarSSL (or mbedTLS in LEDE), has been used for the creation.

uhttpd init script is enhanced by adding detection of an installed
openssl command-line binary (provided by 'openssl-util' package),
and if found, the tool is used for certificate generation.

Note: After this patch the script prefers to use the OpenSSL tool
if both it and px5g are installed.

This enables creating a truly OpenSSL-only version of LuCI
without dependency to PolarSSL/mbedTLS based px5g.

Signed-off-by: Hannu Nyman &lt;hannu.nyman@iki.fi&gt;
</pre>
</div>
</content>
</entry>
</feed>
