git: 38d9ad236dec - main - www/nginx-devel: security update from 1.26.0 to 1.27.0
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 29 May 2024 17:19:25 UTC
The branch main has been updated by osa: URL: https://cgit.FreeBSD.org/ports/commit/?id=38d9ad236dec3559ddc003ef0f413efde7704764 commit 38d9ad236dec3559ddc003ef0f413efde7704764 Author: Sergey A. Osokin <osa@FreeBSD.org> AuthorDate: 2024-05-29 17:18:49 +0000 Commit: Sergey A. Osokin <osa@FreeBSD.org> CommitDate: 2024-05-29 17:18:49 +0000 www/nginx-devel: security update from 1.26.0 to 1.27.0 Update third-party passenger module to 6.0.22. <ChangeLog> *) Security: when using HTTP/3, processing of a specially crafted QUIC session might cause a worker process crash, worker process memory disclosure on systems with MTU larger than 4096 bytes, or might have potential other impact (CVE-2024-32760, CVE-2024-31079, CVE-2024-35200, CVE-2024-34161). Thanks to Nils Bars of CISPA. *) Feature: variables support in the "proxy_limit_rate", "fastcgi_limit_rate", "scgi_limit_rate", and "uwsgi_limit_rate" directives. *) Bugfix: reduced memory consumption for long-lived requests if "gzip", "gunzip", "ssi", "sub_filter", or "grpc_pass" directives are used. *) Bugfix: nginx could not be built by gcc 14 if the --with-atomic option was used. Thanks to Edgar Bonet. *) Bugfixes in HTTP/3. <ChangeLog> --- www/nginx-devel/Makefile | 5 ++--- www/nginx-devel/Makefile.extmod | 5 +++-- www/nginx-devel/distinfo | 14 +++++++------- www/nginx-devel/files/extra-patch-passenger-build-nginx.rb | 4 ++-- .../files/extra-patch-passenger-disable-telemetry | 4 ++-- ...extra-patch-passenger_src_nginx__module_Configuration.c | 11 +++++++++++ 6 files changed, 27 insertions(+), 16 deletions(-) diff --git a/www/nginx-devel/Makefile b/www/nginx-devel/Makefile index 97589f3d6bdd..f7760d39528f 100644 --- a/www/nginx-devel/Makefile +++ b/www/nginx-devel/Makefile @@ -1,6 +1,5 @@ PORTNAME?= nginx -PORTVERSION= 1.26.0 -PORTREVISION= 2 +PORTVERSION= 1.27.0 CATEGORIES= www MASTER_SITES= https://nginx.org/download/ \ LOCAL/osa @@ -16,7 +15,7 @@ LICENSE_FILE?= ${WRKSRC}/LICENSE CONFLICTS_INSTALL= nginx -PORTSCOUT= limit:^1\.2[6-7]\.[0-9]* +PORTSCOUT= limit:^1\.2[7-8]\.[0-9]* USES= cpe diff --git a/www/nginx-devel/Makefile.extmod b/www/nginx-devel/Makefile.extmod index 80fcbbdfdb8f..8845d0f3e174 100644 --- a/www/nginx-devel/Makefile.extmod +++ b/www/nginx-devel/Makefile.extmod @@ -250,7 +250,7 @@ OTEL_LIB_DEPENDS= libabsl_base.so:devel/abseil \ OTEL_BUILD_DEPENDS= ${LOCALBASE}/include/opentelemetry/proto/common/v1/common.proto:devel/opentelemetry-proto OTEL_CONFIGURE_ENV+= NGX_OTEL_PROTO_DIR=${PREFIX}/include -PASSENGER_NGINX_VER= 6.0.20 +PASSENGER_NGINX_VER= 6.0.22 PASSENGER_CATEGORIES= ruby PASSENGER_USES= ruby PASSENGER_BUILD_DEPENDS=${LOCALBASE}/bin/rake:devel/rubygem-rake @@ -260,7 +260,8 @@ PASSENGER_DISTFILES= passenger-${PASSENGER_NGINX_VER}.tar.gz:passenger PASSENGER_VARS= WRKSRC_passenger=${WRKDIR}/passenger-${PASSENGER_NGINX_VER} \ DSO_EXTDIRS+=passenger-${PASSENGER_NGINX_VER}/src/nginx_module PASSENGER_EXTRA_PATCHES=${PATCHDIR}/extra-patch-passenger-build-nginx.rb \ - ${PATCHDIR}/extra-patch-passenger-disable-telemetry + ${PATCHDIR}/extra-patch-passenger-disable-telemetry \ + ${PATCHDIR}/extra-patch-passenger_src_nginx__module_Configuration.c POSTGRES_USES= pgsql POSTGRES_GH_TUPLE= konstruxi:ngx_postgres:8aa7359:postgres diff --git a/www/nginx-devel/distinfo b/www/nginx-devel/distinfo index ce61e4e583bb..dc380cd1a97e 100644 --- a/www/nginx-devel/distinfo +++ b/www/nginx-devel/distinfo @@ -1,12 +1,12 @@ -TIMESTAMP = 1714506394 -SHA256 (nginx-1.26.0.tar.gz) = d2e6c8439d6c6db5015d8eaab2470ab52aef85a7bf363182879977e084370497 -SIZE (nginx-1.26.0.tar.gz) = 1244118 +TIMESTAMP = 1716999888 +SHA256 (nginx-1.27.0.tar.gz) = b7230e3cf87eaa2d4b0bc56aadc920a960c7873b9991a1b66ffcc08fc650129c +SIZE (nginx-1.27.0.tar.gz) = 1244887 SHA256 (nginx_mogilefs_module-1.0.4.tar.gz) = 7ac230d30907f013dff8d435a118619ea6168aa3714dba62c6962d350c6295ae SIZE (nginx_mogilefs_module-1.0.4.tar.gz) = 11208 SHA256 (ngx_http_redis-0.3.9.tar.gz) = 21f87540f0a44b23ffa5df16fb3d788bc90803b255ef14f9c26e3847a6f26f46 SIZE (ngx_http_redis-0.3.9.tar.gz) = 13051 -SHA256 (passenger-6.0.20.tar.gz) = fa8d9a37edb92f4a8f064b3005b57bccf10392ce4eb067838883206060e27107 -SIZE (passenger-6.0.20.tar.gz) = 8476308 +SHA256 (passenger-6.0.22.tar.gz) = 1fc2a89196fc83469b10fea1ac7b57002fb9bf2552d70f03b780c92d7d9ed044 +SIZE (passenger-6.0.22.tar.gz) = 8296503 SHA256 (msva-nginx_ajp_module-fcbb2cc_GH0.tar.gz) = 522e94c59f5783f281d868ede2adf325bf2f8ffb9e62cf8451d4b9ac0516916c SIZE (msva-nginx_ajp_module-fcbb2cc_GH0.tar.gz) = 110807 SHA256 (openresty-array-var-nginx-module-v0.05_GH0.tar.gz) = c949d4be6f3442c8e2937046448dc8d8def25c0e0fa6f4e805144cea45eabe80 @@ -29,10 +29,10 @@ SHA256 (openresty-echo-nginx-module-5a402aa_GH0.tar.gz) = bb2a4b1a0e5ffa0203c1be SIZE (openresty-echo-nginx-module-5a402aa_GH0.tar.gz) = 53336 SHA256 (openresty-encrypted-session-nginx-module-v0.09_GH0.tar.gz) = fe9b95acf9726aefd71bf0aca6c11bee007f1da67e64be9b21a7131f0ed75ba6 SIZE (openresty-encrypted-session-nginx-module-v0.09_GH0.tar.gz) = 11847 -SHA256 (calio-form-input-nginx-module-v0.12_GH0.tar.gz) = 5c1869d55897075adb3fdf840b21060dc54669a1f840a36d1539acc7e59dd106 -SIZE (calio-form-input-nginx-module-v0.12_GH0.tar.gz) = 11090 SHA256 (ogarrett-nginx-fips-check-module-6cb4270_GH0.tar.gz) = d52fbb0f2819cd91b710ad85e6c8b452fdca6a5d81b0694d6637adba3fc2382c SIZE (ogarrett-nginx-fips-check-module-6cb4270_GH0.tar.gz) = 6494 +SHA256 (calio-form-input-nginx-module-v0.12_GH0.tar.gz) = 5c1869d55897075adb3fdf840b21060dc54669a1f840a36d1539acc7e59dd106 +SIZE (calio-form-input-nginx-module-v0.12_GH0.tar.gz) = 11090 SHA256 (nieoding-nginx-gridfs-059bdc3_GH0.tar.gz) = 9b059b5ae7b602d12d32d5ebe2700827ea625f22c0fb3b9956242e11de63845b SIZE (nieoding-nginx-gridfs-059bdc3_GH0.tar.gz) = 4674 SHA256 (openresty-headers-more-nginx-module-06dc0be_GH0.tar.gz) = 883b1e31d59f3eb1e76b34259711ad65a3443102973dcf22df329397f3d5eaa4 diff --git a/www/nginx-devel/files/extra-patch-passenger-build-nginx.rb b/www/nginx-devel/files/extra-patch-passenger-build-nginx.rb index 40db3ee74183..95bf79da0865 100644 --- a/www/nginx-devel/files/extra-patch-passenger-build-nginx.rb +++ b/www/nginx-devel/files/extra-patch-passenger-build-nginx.rb @@ -1,5 +1,5 @@ ---- ../passenger-6.0.20/build/nginx.rb.orig 2013-10-26 18:00:00.000000000 -0400 -+++ ../passenger-6.0.20/build/nginx.rb 2016-05-09 18:21:22.426777000 -0400 +--- ../passenger-6.0.22/build/nginx.rb.orig 2013-10-26 18:00:00.000000000 -0400 ++++ ../passenger-6.0.22/build/nginx.rb 2016-05-09 18:21:22.426777000 -0400 @@ -33,13 +33,12 @@ desc "Build Nginx support files" task :nginx => [ diff --git a/www/nginx-devel/files/extra-patch-passenger-disable-telemetry b/www/nginx-devel/files/extra-patch-passenger-disable-telemetry index 5b01b146eb5d..ca2ed9f0700a 100644 --- a/www/nginx-devel/files/extra-patch-passenger-disable-telemetry +++ b/www/nginx-devel/files/extra-patch-passenger-disable-telemetry @@ -1,5 +1,5 @@ ---- ../passenger-6.0.20/src/ruby_supportlib/phusion_passenger/nginx/config_options.rb.orig 2018-12-03 12:23:06.980728000 -0500 -+++ ../passenger-6.0.20/src/ruby_supportlib/phusion_passenger/nginx/config_options.rb 2018-12-03 12:23:32.978924000 -0500 +--- ../passenger-6.0.22/src/ruby_supportlib/phusion_passenger/nginx/config_options.rb.orig 2018-12-03 12:23:06.980728000 -0500 ++++ ../passenger-6.0.22/src/ruby_supportlib/phusion_passenger/nginx/config_options.rb 2018-12-03 12:23:32.978924000 -0500 @@ -204,7 +204,7 @@ :name => 'passenger_disable_anonymous_telemetry', :scope => :global, diff --git a/www/nginx-devel/files/extra-patch-passenger_src_nginx__module_Configuration.c b/www/nginx-devel/files/extra-patch-passenger_src_nginx__module_Configuration.c new file mode 100644 index 000000000000..4958d721fd2b --- /dev/null +++ b/www/nginx-devel/files/extra-patch-passenger_src_nginx__module_Configuration.c @@ -0,0 +1,11 @@ +--- ../passenger-6.0.22/src/nginx_module/Configuration.c.orig 2024-05-29 12:56:52.144194000 -0400 ++++ ../passenger-6.0.22/src/nginx_module/Configuration.c 2024-05-29 12:58:07.308893000 -0400 +@@ -225,7 +225,7 @@ + conf->upstream_config.send_lowat = NGX_CONF_UNSET_SIZE; + conf->upstream_config.buffer_size = NGX_CONF_UNSET_SIZE; + #if NGINX_VERSION_NUM >= 1007007 +- conf->upstream_config.limit_rate = NGX_CONF_UNSET_SIZE; ++ conf->upstream_config.limit_rate = NGX_CONF_UNSET_PTR; + #endif + + conf->upstream_config.busy_buffers_size_conf = NGX_CONF_UNSET_SIZE;