ok On 16/04/23 20:28 +0200, Bjorn Ketelaars wrote: > Diff below updates nginx to 1.24.0, which is the latest stable release. > Overview on changes can be found at http://nginx.org/en/CHANGES-1.24. > > Switched pcre to pcre2 now to naxsi HEAD supports this. Updated > headers-more-nginx-module to a newer version because nginx >1.23.0 > changed handling of multiple headers. Added 2 patches for > lua-nginx-module because of the header change. > > Lightly run test, with a simple config, on am64. > > Comments/OK? > > > diff --git Makefile Makefile > index cc6eed8f6ff..fb79699f981 100644 > --- Makefile > +++ Makefile > @@ -15,7 +15,7 @@ COMMENT-passenger= nginx passenger (ruby/python/nodejs) > integration module > COMMENT-rtmp= nginx module for RTMP streaming > COMMENT-securelink= nginx HMAC secure link module > > -VERSION= 1.22.0 > +VERSION= 1.24.0 > DISTNAME= nginx-${VERSION} > CATEGORIES= www > > @@ -36,8 +36,6 @@ PKGNAME-passenger= nginx-passenger-${VERSION} > PKGNAME-rtmp= nginx-rtmp-${VERSION} > PKGNAME-securelink= nginx-securelink-${VERSION} > > -REVISION-main= 0 > - > ONLY_FOR_ARCHS-passenger= aarch64 amd64 arm i386 > > MASTER_SITES= https://nginx.org/download/ > @@ -48,9 +46,9 @@ MASTER_SITES1= > https://raw.githubusercontent.com/rnagy/nginx_chroot_patch/master > DISTFILES= ${DISTNAME}${EXTRACT_SUFX} > > _GH_MODS= \ > - openresty headers-more-nginx-module v0.33 \ > + openresty headers-more-nginx-module v0.34 \ > openresty lua-nginx-module v0.10.11 \ > - nbs-system naxsi 1.3 \ > + nbs-system naxsi > d714f1636ea49a9a9f4f06dba14aee003e970834 \ > kvspb nginx-auth-ldap > 83c059b73566c2ee9cbda920d91b66657cf120b7 \ > arut nginx-rtmp-module v${VERSION-rtmp} \ > simpl ngx_devel_kit v0.3.0 \ > @@ -81,7 +79,7 @@ COMPILER = base-clang ports-gcc base-gcc > > .include <bsd.port.arch.mk> > > -WANTLIB-main= c z pcre ssl crypto > +WANTLIB-main= c crypto pcre2-8 ssl z > WANTLIB-mailproxy= > WANTLIB-stream= > WANTLIB-image_filter= gd > @@ -96,7 +94,7 @@ WANTLIB-perl= c m perl > WANTLIB-passenger= m pthread ${COMPILER_LIBCXX} > WANTLIB-securelink= crypto > > -LIB_DEPENDS-main= devel/pcre > +LIB_DEPENDS-main= devel/pcre2 > LIB_DEPENDS-xslt= textproc/libxml \ > textproc/libxslt > LIB_DEPENDS-image_filter=graphics/gd > @@ -182,7 +180,6 @@ CONFIGURE_ARGS+= --prefix=${NGINX_DIR} \ > --with-stream=dynamic \ > --with-stream_ssl_module \ > --with-stream_ssl_preread_module \ > - --without-pcre2 \ > --add-dynamic-module=${WRKSRC}/naxsi/naxsi_src/ \ > --add-dynamic-module=${WRKSRC}/ngx_devel_kit \ > > --add-dynamic-module=${WRKSRC}/headers-more-nginx-module \ > diff --git distinfo distinfo > index 92e4cc852ed..f508a39a69d 100644 > --- distinfo > +++ distinfo > @@ -1,18 +1,18 @@ > -SHA256 (headers-more-nginx-module-v0.33.tar.gz) = > o9y6sRepwQO8HqUgD8AKe30q+X/3/VJfFvisJjLjD78= > +SHA256 (headers-more-nginx-module-v0.34.tar.gz) = > DA0s7SzolbP0XrKyMM2QUIqyp3MpnxU94UpD5EwSCbM= > SHA256 (lua-nginx-module-v0.10.11.tar.gz) = > wPuR/P0cbn3sNMpkgm74H/66/e9hdNJURnY284BWZiY= > -SHA256 (naxsi-1.3.tar.gz) = Q5yGdzctJZe0Ngu8wQvIZJDeH8dWlbGTrV3xVKIU1ig= > +SHA256 (naxsi-d714f1636ea49a9a9f4f06dba14aee003e970834.tar.gz) = > 2+IXdBFFfxy6mO5Gc84xh2mUrQa9zl7MDuZjhO8OQg4= > SHA256 (nginx-1.20.1-chroot.patch) = > SS1TB0j8N4/dn5pUTGT6WvkN3aAUuKz5+R0Nt+MG0gk= > -SHA256 (nginx-1.22.0.tar.gz) = sz1Wmm8RoBQzpXzhfoOTXpU61Nx3zdTUD4lsiKwm61M= > +SHA256 (nginx-1.24.0.tar.gz) = d6JUFje5KmIePudndsi3tAz21wfmm6U6lAKD4w/y9V0= > SHA256 (nginx-auth-ldap-83c059b73566c2ee9cbda920d91b66657cf120b7.tar.gz) = > aQxOW9sq4ZsP7nXNNW0YATRo20cmFrYJeloLvjRshGQ= > SHA256 (nginx-rtmp-module-v1.2.1.tar.gz) = > h6pZdACwtaBSdO4tI9jLgiThJoYiegq+MdeDs6ZF6jc= > SHA256 (ngx_devel_kit-v0.3.0.tar.gz) = > iOBamainQZBm9a51lm+x78QJutRSLRSYbaB0VUrmFhk= > SHA256 (ngx_http_geoip2_module-3.3.tar.gz) = > QTeEOMgz4xOhiGnQxKcnBLSDXDCsr3/WgBOrZzL/eKc= > SHA256 > (ngx_http_hmac_secure_link_module-48c4625fbbf51ed5a95bfec23fa444f6c3702e50.tar.gz) > = ZXpA2rODS1enIREzlD1OqWwpWcv3NOUXH4eUOgOAmqg= > -SIZE (headers-more-nginx-module-v0.33.tar.gz) = 28130 > +SIZE (headers-more-nginx-module-v0.34.tar.gz) = 28827 > SIZE (lua-nginx-module-v0.10.11.tar.gz) = 616653 > -SIZE (naxsi-1.3.tar.gz) = 235626 > +SIZE (naxsi-d714f1636ea49a9a9f4f06dba14aee003e970834.tar.gz) = 237272 > SIZE (nginx-1.20.1-chroot.patch) = 8783 > -SIZE (nginx-1.22.0.tar.gz) = 1073322 > +SIZE (nginx-1.24.0.tar.gz) = 1112471 > SIZE (nginx-auth-ldap-83c059b73566c2ee9cbda920d91b66657cf120b7.tar.gz) = > 18542 > SIZE (nginx-rtmp-module-v1.2.1.tar.gz) = 519919 > SIZE (ngx_devel_kit-v0.3.0.tar.gz) = 66455 > diff --git patches/patch-lua-nginx-module_src_ngx_http_lua_headers_in_c > patches/patch-lua-nginx-module_src_ngx_http_lua_headers_in_c > new file mode 100644 > index 00000000000..57ab107de45 > --- /dev/null > +++ patches/patch-lua-nginx-module_src_ngx_http_lua_headers_in_c > @@ -0,0 +1,76 @@ > +Handling of multiple headers changed in nginx 1.23.0. Taken from > +https://github.com/openresty/lua-nginx-module/pull/2063 > + > +Index: lua-nginx-module/src/ngx_http_lua_headers_in.c > +--- lua-nginx-module/src/ngx_http_lua_headers_in.c.orig > ++++ lua-nginx-module/src/ngx_http_lua_headers_in.c > +@@ -158,9 +158,15 @@ static ngx_http_lua_set_header_t ngx_http_lua_set_han > + ngx_http_set_builtin_header }, > + #endif > + > ++#if defined(nginx_version) && nginx_version >= 1023000 > + { ngx_string("Cookie"), > ++ offsetof(ngx_http_headers_in_t, cookie), > ++ ngx_http_set_builtin_multi_header }, > ++#else > ++ { ngx_string("Cookie"), > + offsetof(ngx_http_headers_in_t, cookies), > + ngx_http_set_builtin_multi_header }, > ++#endif > + > + { ngx_null_string, 0, ngx_http_set_header } > + }; > +@@ -577,6 +583,45 @@ static ngx_int_t > + ngx_http_set_builtin_multi_header(ngx_http_request_t *r, > + ngx_http_lua_header_val_t *hv, ngx_str_t *value) > + { > ++#if defined(nginx_version) && nginx_version >= 1023000 > ++ ngx_table_elt_t **headers, **ph, *h; > ++ int nelts; > ++ > ++ headers = (ngx_table_elt_t **) ((char *) &r->headers_in + hv->offset); > ++ > ++ if (!hv->no_override && *headers != NULL) { > ++ nelts = 0; > ++ for (h = *headers; h; h = h->next) { > ++ nelts++; > ++ } > ++ > ++ *headers = NULL; > ++ > ++ dd("clear multi-value headers: %d", nelts); > ++ } > ++ > ++ if (ngx_http_set_header_helper(r, hv, value, &h) == NGX_ERROR) { > ++ return NGX_ERROR; > ++ } > ++ > ++ if (value->len == 0) { > ++ return NGX_OK; > ++ } > ++ > ++ dd("new multi-value header: %p", h); > ++ > ++ if (*headers) { > ++ for (ph = headers; *ph; ph = &(*ph)->next) { /* void */ } > ++ *ph = h; > ++ > ++ } else { > ++ *headers = h; > ++ } > ++ > ++ h->next = NULL; > ++ > ++ return NGX_OK; > ++#else > + ngx_array_t *headers; > + ngx_table_elt_t **v, *h; > + > +@@ -623,6 +668,7 @@ ngx_http_set_builtin_multi_header(ngx_http_request_t * > + > + *v = h; > + return NGX_OK; > ++#endif > + } > + > + > diff --git patches/patch-lua-nginx-module_src_ngx_http_lua_headers_out_c > patches/patch-lua-nginx-module_src_ngx_http_lua_headers_out_c > new file mode 100644 > index 00000000000..9add4d29bc8 > --- /dev/null > +++ patches/patch-lua-nginx-module_src_ngx_http_lua_headers_out_c > @@ -0,0 +1,84 @@ > +Handling of multiple headers changed in nginx 1.23.0. Taken from > +https://github.com/openresty/lua-nginx-module/pull/2063 > + > +Index: lua-nginx-module/src/ngx_http_lua_headers_out.c > +--- lua-nginx-module/src/ngx_http_lua_headers_out.c.orig > ++++ lua-nginx-module/src/ngx_http_lua_headers_out.c > +@@ -305,6 +305,69 @@ static ngx_int_t > + ngx_http_set_builtin_multi_header(ngx_http_request_t *r, > + ngx_http_lua_header_val_t *hv, ngx_str_t *value) > + { > ++#if defined(nginx_version) && nginx_version >= 1023000 > ++ ngx_table_elt_t **headers, *h, *ho, **ph; > ++ > ++ headers = (ngx_table_elt_t **) ((char *) &r->headers_out + hv->offset); > ++ > ++ if (hv->no_override) { > ++ for (h = *headers; h; h = h->next) { > ++ if (!h->hash) { > ++ h->value = *value; > ++ h->hash = hv->hash; > ++ return NGX_OK; > ++ } > ++ } > ++ > ++ goto create; > ++ } > ++ > ++ /* override old values (if any) */ > ++ > ++ if (*headers) { > ++ for (h = (*headers)->next; h; h = h->next) { > ++ h->hash = 0; > ++ h->value.len = 0; > ++ } > ++ > ++ h = *headers; > ++ > ++ h->value = *value; > ++ > ++ if (value->len == 0) { > ++ h->hash = 0; > ++ > ++ } else { > ++ h->hash = hv->hash; > ++ } > ++ > ++ return NGX_OK; > ++ } > ++ > ++create: > ++ > ++ for (ph = headers; *ph; ph = &(*ph)->next) { /* void */ } > ++ > ++ ho = ngx_list_push(&r->headers_out.headers); > ++ if (ho == NULL) { > ++ return NGX_ERROR; > ++ } > ++ > ++ ho->value = *value; > ++ > ++ if (value->len == 0) { > ++ ho->hash = 0; > ++ > ++ } else { > ++ ho->hash = hv->hash; > ++ } > ++ > ++ ho->key = hv->key; > ++ ho->next = NULL; > ++ *ph = ho; > ++ > ++ return NGX_OK; > ++#else > + ngx_array_t *pa; > + ngx_table_elt_t *ho, **ph; > + ngx_uint_t i; > +@@ -378,6 +441,7 @@ create: > + *ph = ho; > + > + return NGX_OK; > ++#endif > + } > + > + > diff --git patches/patch-naxsi_naxsi_src_naxsi_net_h > patches/patch-naxsi_naxsi_src_naxsi_net_h > deleted file mode 100644 > index 4debf4b57a3..00000000000 > --- patches/patch-naxsi_naxsi_src_naxsi_net_h > +++ /dev/null > @@ -1,15 +0,0 @@ > -already committed upstream > -https://github.com/nbs-system/naxsi/commit/0395b102b7e9b5165e89e99bb62e9ddaa0a74910 > - > -Index: naxsi/naxsi_src/naxsi_net.h > ---- naxsi/naxsi_src/naxsi_net.h.orig > -+++ naxsi/naxsi_src/naxsi_net.h > -@@ -7,7 +7,7 @@ > - #ifndef __NAXSI_NET_H__ > - #define __NAXSI_NET_H__ > - > --#if defined(__FreeBSD__) > -+#if defined(__FreeBSD__) || defined(__OpenBSD__) > - #include <netinet/in.h> > - #include <sys/socket.h> > - #include <sys/types.h> >
-- Regards, Robert Nagy
