On 2023/04/16 20:28, Bjorn Ketelaars wrote:
> Diff below updates nginx to 1.24.0, which is the latest stable release.
> Overview on changes can be found at http://nginx.org/en/CHANGES-1.24.
>
> Switched pcre to pcre2 now to naxsi HEAD supports this. Updated
> headers-more-nginx-module to a newer version because nginx >1.23.0
> changed handling of multiple headers. Added 2 patches for
> lua-nginx-module because of the header change.
>
> Lightly run test, with a simple config, on am64.
>
> Comments/OK?
Works here with my usual config (not using the subpackaged modules,
but various proxies etc). ok for me, nice to see another devel/pcre
user get replaced with pcre2.
>
> diff --git Makefile Makefile
> index cc6eed8f6ff..fb79699f981 100644
> --- Makefile
> +++ Makefile
> @@ -15,7 +15,7 @@ COMMENT-passenger= nginx passenger (ruby/python/nodejs)
> integration module
> COMMENT-rtmp= nginx module for RTMP streaming
> COMMENT-securelink= nginx HMAC secure link module
>
> -VERSION= 1.22.0
> +VERSION= 1.24.0
> DISTNAME= nginx-${VERSION}
> CATEGORIES= www
>
> @@ -36,8 +36,6 @@ PKGNAME-passenger= nginx-passenger-${VERSION}
> PKGNAME-rtmp= nginx-rtmp-${VERSION}
> PKGNAME-securelink= nginx-securelink-${VERSION}
>
> -REVISION-main= 0
> -
> ONLY_FOR_ARCHS-passenger= aarch64 amd64 arm i386
>
> MASTER_SITES= https://nginx.org/download/
> @@ -48,9 +46,9 @@ MASTER_SITES1=
> https://raw.githubusercontent.com/rnagy/nginx_chroot_patch/master
> DISTFILES= ${DISTNAME}${EXTRACT_SUFX}
>
> _GH_MODS= \
> - openresty headers-more-nginx-module v0.33 \
> + openresty headers-more-nginx-module v0.34 \
> openresty lua-nginx-module v0.10.11 \
> - nbs-system naxsi 1.3 \
> + nbs-system naxsi
> d714f1636ea49a9a9f4f06dba14aee003e970834 \
> kvspb nginx-auth-ldap
> 83c059b73566c2ee9cbda920d91b66657cf120b7 \
> arut nginx-rtmp-module v${VERSION-rtmp} \
> simpl ngx_devel_kit v0.3.0 \
> @@ -81,7 +79,7 @@ COMPILER = base-clang ports-gcc base-gcc
>
> .include <bsd.port.arch.mk>
>
> -WANTLIB-main= c z pcre ssl crypto
> +WANTLIB-main= c crypto pcre2-8 ssl z
> WANTLIB-mailproxy=
> WANTLIB-stream=
> WANTLIB-image_filter= gd
> @@ -96,7 +94,7 @@ WANTLIB-perl= c m perl
> WANTLIB-passenger= m pthread ${COMPILER_LIBCXX}
> WANTLIB-securelink= crypto
>
> -LIB_DEPENDS-main= devel/pcre
> +LIB_DEPENDS-main= devel/pcre2
> LIB_DEPENDS-xslt= textproc/libxml \
> textproc/libxslt
> LIB_DEPENDS-image_filter=graphics/gd
> @@ -182,7 +180,6 @@ CONFIGURE_ARGS+= --prefix=${NGINX_DIR} \
> --with-stream=dynamic \
> --with-stream_ssl_module \
> --with-stream_ssl_preread_module \
> - --without-pcre2 \
> --add-dynamic-module=${WRKSRC}/naxsi/naxsi_src/ \
> --add-dynamic-module=${WRKSRC}/ngx_devel_kit \
>
> --add-dynamic-module=${WRKSRC}/headers-more-nginx-module \
> diff --git distinfo distinfo
> index 92e4cc852ed..f508a39a69d 100644
> --- distinfo
> +++ distinfo
> @@ -1,18 +1,18 @@
> -SHA256 (headers-more-nginx-module-v0.33.tar.gz) =
> o9y6sRepwQO8HqUgD8AKe30q+X/3/VJfFvisJjLjD78=
> +SHA256 (headers-more-nginx-module-v0.34.tar.gz) =
> DA0s7SzolbP0XrKyMM2QUIqyp3MpnxU94UpD5EwSCbM=
> SHA256 (lua-nginx-module-v0.10.11.tar.gz) =
> wPuR/P0cbn3sNMpkgm74H/66/e9hdNJURnY284BWZiY=
> -SHA256 (naxsi-1.3.tar.gz) = Q5yGdzctJZe0Ngu8wQvIZJDeH8dWlbGTrV3xVKIU1ig=
> +SHA256 (naxsi-d714f1636ea49a9a9f4f06dba14aee003e970834.tar.gz) =
> 2+IXdBFFfxy6mO5Gc84xh2mUrQa9zl7MDuZjhO8OQg4=
> SHA256 (nginx-1.20.1-chroot.patch) =
> SS1TB0j8N4/dn5pUTGT6WvkN3aAUuKz5+R0Nt+MG0gk=
> -SHA256 (nginx-1.22.0.tar.gz) = sz1Wmm8RoBQzpXzhfoOTXpU61Nx3zdTUD4lsiKwm61M=
> +SHA256 (nginx-1.24.0.tar.gz) = d6JUFje5KmIePudndsi3tAz21wfmm6U6lAKD4w/y9V0=
> SHA256 (nginx-auth-ldap-83c059b73566c2ee9cbda920d91b66657cf120b7.tar.gz) =
> aQxOW9sq4ZsP7nXNNW0YATRo20cmFrYJeloLvjRshGQ=
> SHA256 (nginx-rtmp-module-v1.2.1.tar.gz) =
> h6pZdACwtaBSdO4tI9jLgiThJoYiegq+MdeDs6ZF6jc=
> SHA256 (ngx_devel_kit-v0.3.0.tar.gz) =
> iOBamainQZBm9a51lm+x78QJutRSLRSYbaB0VUrmFhk=
> SHA256 (ngx_http_geoip2_module-3.3.tar.gz) =
> QTeEOMgz4xOhiGnQxKcnBLSDXDCsr3/WgBOrZzL/eKc=
> SHA256
> (ngx_http_hmac_secure_link_module-48c4625fbbf51ed5a95bfec23fa444f6c3702e50.tar.gz)
> = ZXpA2rODS1enIREzlD1OqWwpWcv3NOUXH4eUOgOAmqg=
> -SIZE (headers-more-nginx-module-v0.33.tar.gz) = 28130
> +SIZE (headers-more-nginx-module-v0.34.tar.gz) = 28827
> SIZE (lua-nginx-module-v0.10.11.tar.gz) = 616653
> -SIZE (naxsi-1.3.tar.gz) = 235626
> +SIZE (naxsi-d714f1636ea49a9a9f4f06dba14aee003e970834.tar.gz) = 237272
> SIZE (nginx-1.20.1-chroot.patch) = 8783
> -SIZE (nginx-1.22.0.tar.gz) = 1073322
> +SIZE (nginx-1.24.0.tar.gz) = 1112471
> SIZE (nginx-auth-ldap-83c059b73566c2ee9cbda920d91b66657cf120b7.tar.gz) =
> 18542
> SIZE (nginx-rtmp-module-v1.2.1.tar.gz) = 519919
> SIZE (ngx_devel_kit-v0.3.0.tar.gz) = 66455
> diff --git patches/patch-lua-nginx-module_src_ngx_http_lua_headers_in_c
> patches/patch-lua-nginx-module_src_ngx_http_lua_headers_in_c
> new file mode 100644
> index 00000000000..57ab107de45
> --- /dev/null
> +++ patches/patch-lua-nginx-module_src_ngx_http_lua_headers_in_c
> @@ -0,0 +1,76 @@
> +Handling of multiple headers changed in nginx 1.23.0. Taken from
> +https://github.com/openresty/lua-nginx-module/pull/2063
> +
> +Index: lua-nginx-module/src/ngx_http_lua_headers_in.c
> +--- lua-nginx-module/src/ngx_http_lua_headers_in.c.orig
> ++++ lua-nginx-module/src/ngx_http_lua_headers_in.c
> +@@ -158,9 +158,15 @@ static ngx_http_lua_set_header_t ngx_http_lua_set_han
> + ngx_http_set_builtin_header },
> + #endif
> +
> ++#if defined(nginx_version) && nginx_version >= 1023000
> + { ngx_string("Cookie"),
> ++ offsetof(ngx_http_headers_in_t, cookie),
> ++ ngx_http_set_builtin_multi_header },
> ++#else
> ++ { ngx_string("Cookie"),
> + offsetof(ngx_http_headers_in_t, cookies),
> + ngx_http_set_builtin_multi_header },
> ++#endif
> +
> + { ngx_null_string, 0, ngx_http_set_header }
> + };
> +@@ -577,6 +583,45 @@ static ngx_int_t
> + ngx_http_set_builtin_multi_header(ngx_http_request_t *r,
> + ngx_http_lua_header_val_t *hv, ngx_str_t *value)
> + {
> ++#if defined(nginx_version) && nginx_version >= 1023000
> ++ ngx_table_elt_t **headers, **ph, *h;
> ++ int nelts;
> ++
> ++ headers = (ngx_table_elt_t **) ((char *) &r->headers_in + hv->offset);
> ++
> ++ if (!hv->no_override && *headers != NULL) {
> ++ nelts = 0;
> ++ for (h = *headers; h; h = h->next) {
> ++ nelts++;
> ++ }
> ++
> ++ *headers = NULL;
> ++
> ++ dd("clear multi-value headers: %d", nelts);
> ++ }
> ++
> ++ if (ngx_http_set_header_helper(r, hv, value, &h) == NGX_ERROR) {
> ++ return NGX_ERROR;
> ++ }
> ++
> ++ if (value->len == 0) {
> ++ return NGX_OK;
> ++ }
> ++
> ++ dd("new multi-value header: %p", h);
> ++
> ++ if (*headers) {
> ++ for (ph = headers; *ph; ph = &(*ph)->next) { /* void */ }
> ++ *ph = h;
> ++
> ++ } else {
> ++ *headers = h;
> ++ }
> ++
> ++ h->next = NULL;
> ++
> ++ return NGX_OK;
> ++#else
> + ngx_array_t *headers;
> + ngx_table_elt_t **v, *h;
> +
> +@@ -623,6 +668,7 @@ ngx_http_set_builtin_multi_header(ngx_http_request_t *
> +
> + *v = h;
> + return NGX_OK;
> ++#endif
> + }
> +
> +
> diff --git patches/patch-lua-nginx-module_src_ngx_http_lua_headers_out_c
> patches/patch-lua-nginx-module_src_ngx_http_lua_headers_out_c
> new file mode 100644
> index 00000000000..9add4d29bc8
> --- /dev/null
> +++ patches/patch-lua-nginx-module_src_ngx_http_lua_headers_out_c
> @@ -0,0 +1,84 @@
> +Handling of multiple headers changed in nginx 1.23.0. Taken from
> +https://github.com/openresty/lua-nginx-module/pull/2063
> +
> +Index: lua-nginx-module/src/ngx_http_lua_headers_out.c
> +--- lua-nginx-module/src/ngx_http_lua_headers_out.c.orig
> ++++ lua-nginx-module/src/ngx_http_lua_headers_out.c
> +@@ -305,6 +305,69 @@ static ngx_int_t
> + ngx_http_set_builtin_multi_header(ngx_http_request_t *r,
> + ngx_http_lua_header_val_t *hv, ngx_str_t *value)
> + {
> ++#if defined(nginx_version) && nginx_version >= 1023000
> ++ ngx_table_elt_t **headers, *h, *ho, **ph;
> ++
> ++ headers = (ngx_table_elt_t **) ((char *) &r->headers_out + hv->offset);
> ++
> ++ if (hv->no_override) {
> ++ for (h = *headers; h; h = h->next) {
> ++ if (!h->hash) {
> ++ h->value = *value;
> ++ h->hash = hv->hash;
> ++ return NGX_OK;
> ++ }
> ++ }
> ++
> ++ goto create;
> ++ }
> ++
> ++ /* override old values (if any) */
> ++
> ++ if (*headers) {
> ++ for (h = (*headers)->next; h; h = h->next) {
> ++ h->hash = 0;
> ++ h->value.len = 0;
> ++ }
> ++
> ++ h = *headers;
> ++
> ++ h->value = *value;
> ++
> ++ if (value->len == 0) {
> ++ h->hash = 0;
> ++
> ++ } else {
> ++ h->hash = hv->hash;
> ++ }
> ++
> ++ return NGX_OK;
> ++ }
> ++
> ++create:
> ++
> ++ for (ph = headers; *ph; ph = &(*ph)->next) { /* void */ }
> ++
> ++ ho = ngx_list_push(&r->headers_out.headers);
> ++ if (ho == NULL) {
> ++ return NGX_ERROR;
> ++ }
> ++
> ++ ho->value = *value;
> ++
> ++ if (value->len == 0) {
> ++ ho->hash = 0;
> ++
> ++ } else {
> ++ ho->hash = hv->hash;
> ++ }
> ++
> ++ ho->key = hv->key;
> ++ ho->next = NULL;
> ++ *ph = ho;
> ++
> ++ return NGX_OK;
> ++#else
> + ngx_array_t *pa;
> + ngx_table_elt_t *ho, **ph;
> + ngx_uint_t i;
> +@@ -378,6 +441,7 @@ create:
> + *ph = ho;
> +
> + return NGX_OK;
> ++#endif
> + }
> +
> +
> diff --git patches/patch-naxsi_naxsi_src_naxsi_net_h
> patches/patch-naxsi_naxsi_src_naxsi_net_h
> deleted file mode 100644
> index 4debf4b57a3..00000000000
> --- patches/patch-naxsi_naxsi_src_naxsi_net_h
> +++ /dev/null
> @@ -1,15 +0,0 @@
> -already committed upstream
> -https://github.com/nbs-system/naxsi/commit/0395b102b7e9b5165e89e99bb62e9ddaa0a74910
> -
> -Index: naxsi/naxsi_src/naxsi_net.h
> ---- naxsi/naxsi_src/naxsi_net.h.orig
> -+++ naxsi/naxsi_src/naxsi_net.h
> -@@ -7,7 +7,7 @@
> - #ifndef __NAXSI_NET_H__
> - #define __NAXSI_NET_H__
> -
> --#if defined(__FreeBSD__)
> -+#if defined(__FreeBSD__) || defined(__OpenBSD__)
> - #include <netinet/in.h>
> - #include <sys/socket.h>
> - #include <sys/types.h>
>
