Diff below updates nginx to 1.24.0, which is the latest stable release.
Overview on changes can be found at http://nginx.org/en/CHANGES-1.24.
Switched pcre to pcre2 now to naxsi HEAD supports this. Updated
headers-more-nginx-module to a newer version because nginx >1.23.0
changed handling of multiple headers. Added 2 patches for
lua-nginx-module because of the header change.
Lightly run test, with a simple config, on am64.
Comments/OK?
diff --git Makefile Makefile
index cc6eed8f6ff..fb79699f981 100644
--- Makefile
+++ Makefile
@@ -15,7 +15,7 @@ COMMENT-passenger= nginx passenger (ruby/python/nodejs)
integration module
COMMENT-rtmp= nginx module for RTMP streaming
COMMENT-securelink= nginx HMAC secure link module
-VERSION= 1.22.0
+VERSION= 1.24.0
DISTNAME= nginx-${VERSION}
CATEGORIES= www
@@ -36,8 +36,6 @@ PKGNAME-passenger= nginx-passenger-${VERSION}
PKGNAME-rtmp= nginx-rtmp-${VERSION}
PKGNAME-securelink= nginx-securelink-${VERSION}
-REVISION-main= 0
-
ONLY_FOR_ARCHS-passenger= aarch64 amd64 arm i386
MASTER_SITES= https://nginx.org/download/
@@ -48,9 +46,9 @@ MASTER_SITES1=
https://raw.githubusercontent.com/rnagy/nginx_chroot_patch/master
DISTFILES= ${DISTNAME}${EXTRACT_SUFX}
_GH_MODS= \
- openresty headers-more-nginx-module v0.33 \
+ openresty headers-more-nginx-module v0.34 \
openresty lua-nginx-module v0.10.11 \
- nbs-system naxsi 1.3 \
+ nbs-system naxsi
d714f1636ea49a9a9f4f06dba14aee003e970834 \
kvspb nginx-auth-ldap
83c059b73566c2ee9cbda920d91b66657cf120b7 \
arut nginx-rtmp-module v${VERSION-rtmp} \
simpl ngx_devel_kit v0.3.0 \
@@ -81,7 +79,7 @@ COMPILER = base-clang ports-gcc base-gcc
.include <bsd.port.arch.mk>
-WANTLIB-main= c z pcre ssl crypto
+WANTLIB-main= c crypto pcre2-8 ssl z
WANTLIB-mailproxy=
WANTLIB-stream=
WANTLIB-image_filter= gd
@@ -96,7 +94,7 @@ WANTLIB-perl= c m perl
WANTLIB-passenger= m pthread ${COMPILER_LIBCXX}
WANTLIB-securelink= crypto
-LIB_DEPENDS-main= devel/pcre
+LIB_DEPENDS-main= devel/pcre2
LIB_DEPENDS-xslt= textproc/libxml \
textproc/libxslt
LIB_DEPENDS-image_filter=graphics/gd
@@ -182,7 +180,6 @@ CONFIGURE_ARGS+= --prefix=${NGINX_DIR} \
--with-stream=dynamic \
--with-stream_ssl_module \
--with-stream_ssl_preread_module \
- --without-pcre2 \
--add-dynamic-module=${WRKSRC}/naxsi/naxsi_src/ \
--add-dynamic-module=${WRKSRC}/ngx_devel_kit \
--add-dynamic-module=${WRKSRC}/headers-more-nginx-module \
diff --git distinfo distinfo
index 92e4cc852ed..f508a39a69d 100644
--- distinfo
+++ distinfo
@@ -1,18 +1,18 @@
-SHA256 (headers-more-nginx-module-v0.33.tar.gz) =
o9y6sRepwQO8HqUgD8AKe30q+X/3/VJfFvisJjLjD78=
+SHA256 (headers-more-nginx-module-v0.34.tar.gz) =
DA0s7SzolbP0XrKyMM2QUIqyp3MpnxU94UpD5EwSCbM=
SHA256 (lua-nginx-module-v0.10.11.tar.gz) =
wPuR/P0cbn3sNMpkgm74H/66/e9hdNJURnY284BWZiY=
-SHA256 (naxsi-1.3.tar.gz) = Q5yGdzctJZe0Ngu8wQvIZJDeH8dWlbGTrV3xVKIU1ig=
+SHA256 (naxsi-d714f1636ea49a9a9f4f06dba14aee003e970834.tar.gz) =
2+IXdBFFfxy6mO5Gc84xh2mUrQa9zl7MDuZjhO8OQg4=
SHA256 (nginx-1.20.1-chroot.patch) =
SS1TB0j8N4/dn5pUTGT6WvkN3aAUuKz5+R0Nt+MG0gk=
-SHA256 (nginx-1.22.0.tar.gz) = sz1Wmm8RoBQzpXzhfoOTXpU61Nx3zdTUD4lsiKwm61M=
+SHA256 (nginx-1.24.0.tar.gz) = d6JUFje5KmIePudndsi3tAz21wfmm6U6lAKD4w/y9V0=
SHA256 (nginx-auth-ldap-83c059b73566c2ee9cbda920d91b66657cf120b7.tar.gz) =
aQxOW9sq4ZsP7nXNNW0YATRo20cmFrYJeloLvjRshGQ=
SHA256 (nginx-rtmp-module-v1.2.1.tar.gz) =
h6pZdACwtaBSdO4tI9jLgiThJoYiegq+MdeDs6ZF6jc=
SHA256 (ngx_devel_kit-v0.3.0.tar.gz) =
iOBamainQZBm9a51lm+x78QJutRSLRSYbaB0VUrmFhk=
SHA256 (ngx_http_geoip2_module-3.3.tar.gz) =
QTeEOMgz4xOhiGnQxKcnBLSDXDCsr3/WgBOrZzL/eKc=
SHA256
(ngx_http_hmac_secure_link_module-48c4625fbbf51ed5a95bfec23fa444f6c3702e50.tar.gz)
= ZXpA2rODS1enIREzlD1OqWwpWcv3NOUXH4eUOgOAmqg=
-SIZE (headers-more-nginx-module-v0.33.tar.gz) = 28130
+SIZE (headers-more-nginx-module-v0.34.tar.gz) = 28827
SIZE (lua-nginx-module-v0.10.11.tar.gz) = 616653
-SIZE (naxsi-1.3.tar.gz) = 235626
+SIZE (naxsi-d714f1636ea49a9a9f4f06dba14aee003e970834.tar.gz) = 237272
SIZE (nginx-1.20.1-chroot.patch) = 8783
-SIZE (nginx-1.22.0.tar.gz) = 1073322
+SIZE (nginx-1.24.0.tar.gz) = 1112471
SIZE (nginx-auth-ldap-83c059b73566c2ee9cbda920d91b66657cf120b7.tar.gz) = 18542
SIZE (nginx-rtmp-module-v1.2.1.tar.gz) = 519919
SIZE (ngx_devel_kit-v0.3.0.tar.gz) = 66455
diff --git patches/patch-lua-nginx-module_src_ngx_http_lua_headers_in_c
patches/patch-lua-nginx-module_src_ngx_http_lua_headers_in_c
new file mode 100644
index 00000000000..57ab107de45
--- /dev/null
+++ patches/patch-lua-nginx-module_src_ngx_http_lua_headers_in_c
@@ -0,0 +1,76 @@
+Handling of multiple headers changed in nginx 1.23.0. Taken from
+https://github.com/openresty/lua-nginx-module/pull/2063
+
+Index: lua-nginx-module/src/ngx_http_lua_headers_in.c
+--- lua-nginx-module/src/ngx_http_lua_headers_in.c.orig
++++ lua-nginx-module/src/ngx_http_lua_headers_in.c
+@@ -158,9 +158,15 @@ static ngx_http_lua_set_header_t ngx_http_lua_set_han
+ ngx_http_set_builtin_header },
+ #endif
+
++#if defined(nginx_version) && nginx_version >= 1023000
+ { ngx_string("Cookie"),
++ offsetof(ngx_http_headers_in_t, cookie),
++ ngx_http_set_builtin_multi_header },
++#else
++ { ngx_string("Cookie"),
+ offsetof(ngx_http_headers_in_t, cookies),
+ ngx_http_set_builtin_multi_header },
++#endif
+
+ { ngx_null_string, 0, ngx_http_set_header }
+ };
+@@ -577,6 +583,45 @@ static ngx_int_t
+ ngx_http_set_builtin_multi_header(ngx_http_request_t *r,
+ ngx_http_lua_header_val_t *hv, ngx_str_t *value)
+ {
++#if defined(nginx_version) && nginx_version >= 1023000
++ ngx_table_elt_t **headers, **ph, *h;
++ int nelts;
++
++ headers = (ngx_table_elt_t **) ((char *) &r->headers_in + hv->offset);
++
++ if (!hv->no_override && *headers != NULL) {
++ nelts = 0;
++ for (h = *headers; h; h = h->next) {
++ nelts++;
++ }
++
++ *headers = NULL;
++
++ dd("clear multi-value headers: %d", nelts);
++ }
++
++ if (ngx_http_set_header_helper(r, hv, value, &h) == NGX_ERROR) {
++ return NGX_ERROR;
++ }
++
++ if (value->len == 0) {
++ return NGX_OK;
++ }
++
++ dd("new multi-value header: %p", h);
++
++ if (*headers) {
++ for (ph = headers; *ph; ph = &(*ph)->next) { /* void */ }
++ *ph = h;
++
++ } else {
++ *headers = h;
++ }
++
++ h->next = NULL;
++
++ return NGX_OK;
++#else
+ ngx_array_t *headers;
+ ngx_table_elt_t **v, *h;
+
+@@ -623,6 +668,7 @@ ngx_http_set_builtin_multi_header(ngx_http_request_t *
+
+ *v = h;
+ return NGX_OK;
++#endif
+ }
+
+
diff --git patches/patch-lua-nginx-module_src_ngx_http_lua_headers_out_c
patches/patch-lua-nginx-module_src_ngx_http_lua_headers_out_c
new file mode 100644
index 00000000000..9add4d29bc8
--- /dev/null
+++ patches/patch-lua-nginx-module_src_ngx_http_lua_headers_out_c
@@ -0,0 +1,84 @@
+Handling of multiple headers changed in nginx 1.23.0. Taken from
+https://github.com/openresty/lua-nginx-module/pull/2063
+
+Index: lua-nginx-module/src/ngx_http_lua_headers_out.c
+--- lua-nginx-module/src/ngx_http_lua_headers_out.c.orig
++++ lua-nginx-module/src/ngx_http_lua_headers_out.c
+@@ -305,6 +305,69 @@ static ngx_int_t
+ ngx_http_set_builtin_multi_header(ngx_http_request_t *r,
+ ngx_http_lua_header_val_t *hv, ngx_str_t *value)
+ {
++#if defined(nginx_version) && nginx_version >= 1023000
++ ngx_table_elt_t **headers, *h, *ho, **ph;
++
++ headers = (ngx_table_elt_t **) ((char *) &r->headers_out + hv->offset);
++
++ if (hv->no_override) {
++ for (h = *headers; h; h = h->next) {
++ if (!h->hash) {
++ h->value = *value;
++ h->hash = hv->hash;
++ return NGX_OK;
++ }
++ }
++
++ goto create;
++ }
++
++ /* override old values (if any) */
++
++ if (*headers) {
++ for (h = (*headers)->next; h; h = h->next) {
++ h->hash = 0;
++ h->value.len = 0;
++ }
++
++ h = *headers;
++
++ h->value = *value;
++
++ if (value->len == 0) {
++ h->hash = 0;
++
++ } else {
++ h->hash = hv->hash;
++ }
++
++ return NGX_OK;
++ }
++
++create:
++
++ for (ph = headers; *ph; ph = &(*ph)->next) { /* void */ }
++
++ ho = ngx_list_push(&r->headers_out.headers);
++ if (ho == NULL) {
++ return NGX_ERROR;
++ }
++
++ ho->value = *value;
++
++ if (value->len == 0) {
++ ho->hash = 0;
++
++ } else {
++ ho->hash = hv->hash;
++ }
++
++ ho->key = hv->key;
++ ho->next = NULL;
++ *ph = ho;
++
++ return NGX_OK;
++#else
+ ngx_array_t *pa;
+ ngx_table_elt_t *ho, **ph;
+ ngx_uint_t i;
+@@ -378,6 +441,7 @@ create:
+ *ph = ho;
+
+ return NGX_OK;
++#endif
+ }
+
+
diff --git patches/patch-naxsi_naxsi_src_naxsi_net_h
patches/patch-naxsi_naxsi_src_naxsi_net_h
deleted file mode 100644
index 4debf4b57a3..00000000000
--- patches/patch-naxsi_naxsi_src_naxsi_net_h
+++ /dev/null
@@ -1,15 +0,0 @@
-already committed upstream
-https://github.com/nbs-system/naxsi/commit/0395b102b7e9b5165e89e99bb62e9ddaa0a74910
-
-Index: naxsi/naxsi_src/naxsi_net.h
---- naxsi/naxsi_src/naxsi_net.h.orig
-+++ naxsi/naxsi_src/naxsi_net.h
-@@ -7,7 +7,7 @@
- #ifndef __NAXSI_NET_H__
- #define __NAXSI_NET_H__
-
--#if defined(__FreeBSD__)
-+#if defined(__FreeBSD__) || defined(__OpenBSD__)
- #include <netinet/in.h>
- #include <sys/socket.h>
- #include <sys/types.h>
