Enclosed a diff for bringing www/hiawatha to 10.8. Changelog can be found at https://www.hiawatha-webserver.org/changelog. USE_SYSTEM_MBEDTLS has been re-enabled as it now supports newer mbedtls.
Diff has been sent to juanfra@ (maintainer) who has found some nits, which have been addressed in the diff below. Additional comments/OKs? Index: Makefile =================================================================== RCS file: /cvs/ports/www/hiawatha/Makefile,v retrieving revision 1.54 diff -u -p -r1.54 Makefile --- Makefile 7 Feb 2018 14:18:23 -0000 1.54 +++ Makefile 4 Apr 2018 13:30:26 -0000 @@ -1,8 +1,7 @@ # $OpenBSD: Makefile,v 1.54 2018/02/07 14:18:23 juanfra Exp $ COMMENT = secure webserver -DISTNAME = hiawatha-10.7 -REVISION = 3 +DISTNAME = hiawatha-10.8 CATEGORIES = www net HOMEPAGE = https://www.hiawatha-webserver.org/ @@ -16,14 +15,10 @@ MASTER_SITES = ${HOMEPAGE}files/ MODULES = devel/cmake -# XXX mbedtls 2.7 breaks hiawatha -#WANTLIB += c mbedcrypto mbedtls mbedx509 pthread xml2 xslt z -WANTLIB += c pthread xml2 xslt z - -# XXX mbedtls 2.7 breaks hiawatha -#LIB_DEPENDS = security/polarssl>=2.2.1p0 \ -# textproc/libxslt -LIB_DEPENDS = textproc/libxslt +WANTLIB += c mbedcrypto mbedtls mbedx509 pthread xml2 xslt z + +LIB_DEPENDS = security/polarssl>=2.8.0 \ + textproc/libxslt CONFIGURE_ARGS = -DWEBROOT_DIR="/var/hiawatha" \ -DWORK_DIR="/var/db/hiawatha" \ @@ -31,9 +26,8 @@ CONFIGURE_ARGS = -DWEBROOT_DIR="/var/hia -DLOG_DIR="/var/log/hiawatha" \ -DCMAKE_INSTALL_MANDIR="${PREFIX}/man" \ -DENABLE_XSLT=ON \ - -DPID_DIR="/var/run" -# XXX mbedtls 2.7 breaks hiawatha -# -DUSE_SYSTEM_MBEDTLS=ON + -DPID_DIR="/var/run" \ + -DUSE_SYSTEM_MBEDTLS=ON CONFIGURE_ENV = CPPFLAGS="-I${LOCALBASE}/include" \ LDFLAGS="-L${WRKBUILD}/mbedtls/library -L${LOCALBASE}/lib" Index: distinfo =================================================================== RCS file: /cvs/ports/www/hiawatha/distinfo,v retrieving revision 1.42 diff -u -p -r1.42 distinfo --- distinfo 17 Oct 2017 19:58:15 -0000 1.42 +++ distinfo 4 Apr 2018 13:30:26 -0000 @@ -1,2 +1,2 @@ -SHA256 (hiawatha-10.7.tar.gz) = Nj6Z2EqF2vu3S8wws+MChgU+wqu8ev4IzYcZNhFzX3Q= -SIZE (hiawatha-10.7.tar.gz) = 951512 +SHA256 (hiawatha-10.8.tar.gz) = +1XWwXo5D3SszOb640wRivTgMXv8kRnX3R/32/aIbq8= +SIZE (hiawatha-10.8.tar.gz) = 999130 Index: patches/patch-man_hiawatha_1_in =================================================================== RCS file: /cvs/ports/www/hiawatha/patches/patch-man_hiawatha_1_in,v retrieving revision 1.10 diff -u -p -r1.10 patch-man_hiawatha_1_in --- patches/patch-man_hiawatha_1_in 17 Oct 2017 16:09:43 -0000 1.10 +++ patches/patch-man_hiawatha_1_in 4 Apr 2018 13:30:26 -0000 @@ -7,17 +7,17 @@ Index: man/hiawatha.1.in Specify the handler for a CGI extension. A handler is an executable which will run the CGI script. .br -Example: CGIhandler = /usr/bin/php5-cgi:php,php5 -+Example: CGIhandler = ${LOCALBASE}/bin/php-fastcgi:php,php5 ++Example: CGIhandler = ${LOCALBASE}/bin/php5-cgi:php,php5 .TP .B CGIwrapper = <CGI wrapper> Specify the wrapper for CGI processes. A secure CGI wrapper is included in the Hiawatha package (see cgi-wrapper(1) for more information). .br --Default = @CMAKE_INSTALL_FULL_SBINDIR@/cgi-wrapper, example: CGIwrapper = /bin/cgi-wrapper -+Default = @CMAKE_INSTALL_FULL_SBINDIR@/cgi-wrapper, example: CGIwrapper = ${PREFIX}/sbin/cgi-wrapper/cgi-wrapper +-Default = @CMAKE_INSTALL_FULL_SBINDIR@/cgi-wrapper Example: CGIwrapper = /bin/cgi-wrapper ++Default = @CMAKE_INSTALL_FULL_SBINDIR@/cgi-wrapper Example: CGIwrapper = ${PREFIX}/sbin/cgi-wrapper/cgi-wrapper .TP .B ChallengeClient = <threshold>, (httpheader|javascript), <ban-time>[, <secret>] Challenge the client to verify that it's a real web browser and not an HTTP bot. When the total amount of connections reaches <threshold>, Hiawatha sends a response to the first request in a connection which will make the client resend the request, but now with a cookie. The cookie can be set via an HTTP Set-Cookie header or a Javascript. Further requests are only accepted when the client sends this cookie. Otherwise, the client is banned for <ban-time> seconds. This feature can be used to reduce the effects of a DDoS attack. The <secret> can be a random string of up to 20 characters (the rest is ignored) and is used to generate the cookie. When not set, Hiawatha will generate a random secret. -@@ -210,7 +210,7 @@ Example: HideProxy = 192.168.10.20 +@@ -215,7 +215,7 @@ Example: HideProxy = 192.168.10.20 .B Include <filename>|<directory> Include another configuration file or configuration files in a directory. .br @@ -26,25 +26,25 @@ Index: man/hiawatha.1.in .TP .B KickOnBan = yes|no Close all other connections that originate from the same IP in case of a ban. -@@ -303,7 +303,7 @@ Example: RequestLimitMask = deny 192.168.0.1 +@@ -308,7 +308,7 @@ Example: RequestLimitMask = deny 192.168.0.1 .B ServerId = <userid>|<userid>:<groupid>[, <groupid>, ...] The userid and groupid(s) the server will change to. If only a userid is specified, the groupid(s) will be looked up in /etc/passwd and /etc/group. The userid en groupid of user root are not allowed here. The userid or groupid can also be a name. .br --Default = 65534:65534, example: ServerId = www-data -+Default = 579:579, example: ServerId = _hiawatha +-Default = 65534:65534 Example: ServerId = www-data ++Default = 579:579 Example: ServerId = _hiawatha .TP .B ServerString = <text> The text behind 'Server:' in the HTTP header of a response. Use 'none' to completely remove the Server string from the HTTP header. -@@ -665,7 +665,7 @@ Example: ScriptAlias = /script.cgi:/usr/lib/script.cgi +@@ -675,7 +675,7 @@ Example: ScriptAlias = /script.cgi:/usr/lib/script.cgi .B ShowIndex = yes|no|<XSLT file with full path>|xml Return a directory listing in HTML format for a directory request when the startfile does not exist. If you want to change the index layout completely, specify the path of a XSLT file. If the XSLT file is not found or 'xml' is used, Hiawatha will output the XML of the directory index. An example of the XML output can be found in extra/index.xml inside the source package. .br --Default = no, example: ShowIndex = /etc/hiawatha/index.xslt -+Default = no, example: ShowIndex = ${SYSCONFDIR}/hiawatha/index.xslt +-Default = no Example: ShowIndex = /etc/hiawatha/index.xslt ++Default = no Example: ShowIndex = ${SYSCONFDIR}/hiawatha/index.xslt .br (requires that Hiawatha was not compiled with -DENABLE_XSLT=off) -@@ -1056,7 +1056,7 @@ and +@@ -1066,7 +1066,7 @@ and (only valid in the root directory of a website) .SH MIMETYPES @@ -53,7 +53,7 @@ Index: man/hiawatha.1.in .TP .B <mimetype> <extension> [<extension> ...] Example: image/jpeg jpg jpeg jpe -@@ -1076,13 +1076,13 @@ Unban all IP addresses. +@@ -1086,13 +1086,13 @@ Unban all IP addresses. Clear the internal cache (requires that Hiawatha was not compiled with -DENABLE_CACHE=off). .SH FILES Index: patches/patch-src_serverconfig_c =================================================================== RCS file: /cvs/ports/www/hiawatha/patches/patch-src_serverconfig_c,v retrieving revision 1.10 diff -u -p -r1.10 patch-src_serverconfig_c --- patches/patch-src_serverconfig_c 17 Apr 2017 09:25:50 -0000 1.10 +++ patches/patch-src_serverconfig_c 4 Apr 2018 13:30:26 -0000 @@ -1,6 +1,7 @@ $OpenBSD: patch-src_serverconfig_c,v 1.10 2017/04/17 09:25:50 juanfra Exp $ ---- src/serverconfig.c.orig Sun Mar 12 21:11:43 2017 -+++ src/serverconfig.c Mon Apr 17 11:15:45 2017 +Index: src/serverconfig.c +--- src/serverconfig.c.orig ++++ src/serverconfig.c @@ -26,7 +26,7 @@ #include "libfs.h" #include "memdbg.h" @@ -10,7 +11,7 @@ $OpenBSD: patch-src_serverconfig_c,v 1.1 #define MAX_LENGTH_CONFIGLINE 1024 #define MAX_CACHE_SIZE 1024 #define MAX_UPLOAD_SIZE 2047 -@@ -296,8 +296,8 @@ t_config *default_config(void) { +@@ -297,8 +297,8 @@ t_config *default_config(void) { config->tomahawk_port = NULL; #endif Index: pkg/PLIST =================================================================== RCS file: /cvs/ports/www/hiawatha/pkg/PLIST,v retrieving revision 1.19 diff -u -p -r1.19 PLIST --- pkg/PLIST 7 Feb 2018 14:18:23 -0000 1.19 +++ pkg/PLIST 4 Apr 2018 13:30:26 -0000 @@ -2,10 +2,6 @@ @newgroup _hiawatha:579 @newuser _hiawatha:579:579:daemon:Hiawatha HTTP Server:/nonexistent:/sbin/nologin @bin bin/ssi-cgi -lib/hiawatha/ -@lib lib/hiawatha/libmbedcrypto.so.2.6 -@lib lib/hiawatha/libmbedtls.so.2.6 -@lib lib/hiawatha/libmbedx509.so.2.6 @man man/man1/cgi-wrapper.1 @man man/man1/hiawatha.1 @man man/man1/ssi-cgi.1