git: 38d9ad236dec - main - www/nginx-devel: security update from 1.26.0 to 1.27.0

From: Sergey A. Osokin <osa_at_FreeBSD.org>
Date: Wed, 29 May 2024 17:19:25 UTC 
The branch main has been updated by osa:

URL: https://cgit.FreeBSD.org/ports/commit/?id=38d9ad236dec3559ddc003ef0f413efde7704764

commit 38d9ad236dec3559ddc003ef0f413efde7704764
Author:     Sergey A. Osokin <osa@FreeBSD.org>
AuthorDate: 2024-05-29 17:18:49 +0000
Commit:     Sergey A. Osokin <osa@FreeBSD.org>
CommitDate: 2024-05-29 17:18:49 +0000

    www/nginx-devel: security update from 1.26.0 to 1.27.0
    
    Update third-party passenger module to 6.0.22.
    
    <ChangeLog>
    
        *) Security: when using HTTP/3, processing of a specially crafted QUIC
           session might cause a worker process crash, worker process memory
           disclosure on systems with MTU larger than 4096 bytes, or might have
           potential other impact (CVE-2024-32760, CVE-2024-31079,
           CVE-2024-35200, CVE-2024-34161).
           Thanks to Nils Bars of CISPA.
    
        *) Feature: variables support in the "proxy_limit_rate",
           "fastcgi_limit_rate", "scgi_limit_rate", and "uwsgi_limit_rate"
           directives.
    
        *) Bugfix: reduced memory consumption for long-lived requests if "gzip",
           "gunzip", "ssi", "sub_filter", or "grpc_pass" directives are used.
    
        *) Bugfix: nginx could not be built by gcc 14 if the --with-atomic
           option was used.
           Thanks to Edgar Bonet.
    
        *) Bugfixes in HTTP/3.
    
    <ChangeLog>
---
 www/nginx-devel/Makefile                                   |  5 ++---
 www/nginx-devel/Makefile.extmod                            |  5 +++--
 www/nginx-devel/distinfo                                   | 14 +++++++-------
 www/nginx-devel/files/extra-patch-passenger-build-nginx.rb |  4 ++--
 .../files/extra-patch-passenger-disable-telemetry          |  4 ++--
 ...extra-patch-passenger_src_nginx__module_Configuration.c | 11 +++++++++++
 6 files changed, 27 insertions(+), 16 deletions(-)

diff --git a/www/nginx-devel/Makefile b/www/nginx-devel/Makefile
index 97589f3d6bdd..f7760d39528f 100644
--- a/www/nginx-devel/Makefile
+++ b/www/nginx-devel/Makefile
@@ -1,6 +1,5 @@
 PORTNAME?=	nginx
-PORTVERSION=	1.26.0
-PORTREVISION=	2
+PORTVERSION=	1.27.0
 CATEGORIES=	www
 MASTER_SITES=	https://nginx.org/download/ \
 		LOCAL/osa
@@ -16,7 +15,7 @@ LICENSE_FILE?=	${WRKSRC}/LICENSE
 
 CONFLICTS_INSTALL=	nginx
 
-PORTSCOUT=	limit:^1\.2[6-7]\.[0-9]*
+PORTSCOUT=	limit:^1\.2[7-8]\.[0-9]*
 
 USES=		cpe
 
diff --git a/www/nginx-devel/Makefile.extmod b/www/nginx-devel/Makefile.extmod
index 80fcbbdfdb8f..8845d0f3e174 100644
--- a/www/nginx-devel/Makefile.extmod
+++ b/www/nginx-devel/Makefile.extmod
@@ -250,7 +250,7 @@ OTEL_LIB_DEPENDS=	libabsl_base.so:devel/abseil \
 OTEL_BUILD_DEPENDS=	${LOCALBASE}/include/opentelemetry/proto/common/v1/common.proto:devel/opentelemetry-proto
 OTEL_CONFIGURE_ENV+=	NGX_OTEL_PROTO_DIR=${PREFIX}/include
 
-PASSENGER_NGINX_VER=	6.0.20
+PASSENGER_NGINX_VER=	6.0.22
 PASSENGER_CATEGORIES=	ruby
 PASSENGER_USES=		ruby
 PASSENGER_BUILD_DEPENDS=${LOCALBASE}/bin/rake:devel/rubygem-rake
@@ -260,7 +260,8 @@ PASSENGER_DISTFILES=	passenger-${PASSENGER_NGINX_VER}.tar.gz:passenger
 PASSENGER_VARS=		WRKSRC_passenger=${WRKDIR}/passenger-${PASSENGER_NGINX_VER} \
 			DSO_EXTDIRS+=passenger-${PASSENGER_NGINX_VER}/src/nginx_module
 PASSENGER_EXTRA_PATCHES=${PATCHDIR}/extra-patch-passenger-build-nginx.rb \
-			${PATCHDIR}/extra-patch-passenger-disable-telemetry
+			${PATCHDIR}/extra-patch-passenger-disable-telemetry \
+			${PATCHDIR}/extra-patch-passenger_src_nginx__module_Configuration.c
 
 POSTGRES_USES=		pgsql
 POSTGRES_GH_TUPLE=	konstruxi:ngx_postgres:8aa7359:postgres
diff --git a/www/nginx-devel/distinfo b/www/nginx-devel/distinfo
index ce61e4e583bb..dc380cd1a97e 100644
--- a/www/nginx-devel/distinfo
+++ b/www/nginx-devel/distinfo
@@ -1,12 +1,12 @@
-TIMESTAMP = 1714506394
-SHA256 (nginx-1.26.0.tar.gz) = d2e6c8439d6c6db5015d8eaab2470ab52aef85a7bf363182879977e084370497
-SIZE (nginx-1.26.0.tar.gz) = 1244118
+TIMESTAMP = 1716999888
+SHA256 (nginx-1.27.0.tar.gz) = b7230e3cf87eaa2d4b0bc56aadc920a960c7873b9991a1b66ffcc08fc650129c
+SIZE (nginx-1.27.0.tar.gz) = 1244887
 SHA256 (nginx_mogilefs_module-1.0.4.tar.gz) = 7ac230d30907f013dff8d435a118619ea6168aa3714dba62c6962d350c6295ae
 SIZE (nginx_mogilefs_module-1.0.4.tar.gz) = 11208
 SHA256 (ngx_http_redis-0.3.9.tar.gz) = 21f87540f0a44b23ffa5df16fb3d788bc90803b255ef14f9c26e3847a6f26f46
 SIZE (ngx_http_redis-0.3.9.tar.gz) = 13051
-SHA256 (passenger-6.0.20.tar.gz) = fa8d9a37edb92f4a8f064b3005b57bccf10392ce4eb067838883206060e27107
-SIZE (passenger-6.0.20.tar.gz) = 8476308
+SHA256 (passenger-6.0.22.tar.gz) = 1fc2a89196fc83469b10fea1ac7b57002fb9bf2552d70f03b780c92d7d9ed044
+SIZE (passenger-6.0.22.tar.gz) = 8296503
 SHA256 (msva-nginx_ajp_module-fcbb2cc_GH0.tar.gz) = 522e94c59f5783f281d868ede2adf325bf2f8ffb9e62cf8451d4b9ac0516916c
 SIZE (msva-nginx_ajp_module-fcbb2cc_GH0.tar.gz) = 110807
 SHA256 (openresty-array-var-nginx-module-v0.05_GH0.tar.gz) = c949d4be6f3442c8e2937046448dc8d8def25c0e0fa6f4e805144cea45eabe80
@@ -29,10 +29,10 @@ SHA256 (openresty-echo-nginx-module-5a402aa_GH0.tar.gz) = bb2a4b1a0e5ffa0203c1be
 SIZE (openresty-echo-nginx-module-5a402aa_GH0.tar.gz) = 53336
 SHA256 (openresty-encrypted-session-nginx-module-v0.09_GH0.tar.gz) = fe9b95acf9726aefd71bf0aca6c11bee007f1da67e64be9b21a7131f0ed75ba6
 SIZE (openresty-encrypted-session-nginx-module-v0.09_GH0.tar.gz) = 11847
-SHA256 (calio-form-input-nginx-module-v0.12_GH0.tar.gz) = 5c1869d55897075adb3fdf840b21060dc54669a1f840a36d1539acc7e59dd106
-SIZE (calio-form-input-nginx-module-v0.12_GH0.tar.gz) = 11090
 SHA256 (ogarrett-nginx-fips-check-module-6cb4270_GH0.tar.gz) = d52fbb0f2819cd91b710ad85e6c8b452fdca6a5d81b0694d6637adba3fc2382c
 SIZE (ogarrett-nginx-fips-check-module-6cb4270_GH0.tar.gz) = 6494
+SHA256 (calio-form-input-nginx-module-v0.12_GH0.tar.gz) = 5c1869d55897075adb3fdf840b21060dc54669a1f840a36d1539acc7e59dd106
+SIZE (calio-form-input-nginx-module-v0.12_GH0.tar.gz) = 11090
 SHA256 (nieoding-nginx-gridfs-059bdc3_GH0.tar.gz) = 9b059b5ae7b602d12d32d5ebe2700827ea625f22c0fb3b9956242e11de63845b
 SIZE (nieoding-nginx-gridfs-059bdc3_GH0.tar.gz) = 4674
 SHA256 (openresty-headers-more-nginx-module-06dc0be_GH0.tar.gz) = 883b1e31d59f3eb1e76b34259711ad65a3443102973dcf22df329397f3d5eaa4
diff --git a/www/nginx-devel/files/extra-patch-passenger-build-nginx.rb b/www/nginx-devel/files/extra-patch-passenger-build-nginx.rb
index 40db3ee74183..95bf79da0865 100644
--- a/www/nginx-devel/files/extra-patch-passenger-build-nginx.rb
+++ b/www/nginx-devel/files/extra-patch-passenger-build-nginx.rb
@@ -1,5 +1,5 @@
---- ../passenger-6.0.20/build/nginx.rb.orig	2013-10-26 18:00:00.000000000 -0400
-+++ ../passenger-6.0.20/build/nginx.rb	2016-05-09 18:21:22.426777000 -0400
+--- ../passenger-6.0.22/build/nginx.rb.orig	2013-10-26 18:00:00.000000000 -0400
++++ ../passenger-6.0.22/build/nginx.rb	2016-05-09 18:21:22.426777000 -0400
 @@ -33,13 +33,12 @@
  desc "Build Nginx support files"
  task :nginx => [
diff --git a/www/nginx-devel/files/extra-patch-passenger-disable-telemetry b/www/nginx-devel/files/extra-patch-passenger-disable-telemetry
index 5b01b146eb5d..ca2ed9f0700a 100644
--- a/www/nginx-devel/files/extra-patch-passenger-disable-telemetry
+++ b/www/nginx-devel/files/extra-patch-passenger-disable-telemetry
@@ -1,5 +1,5 @@
---- ../passenger-6.0.20/src/ruby_supportlib/phusion_passenger/nginx/config_options.rb.orig	2018-12-03 12:23:06.980728000 -0500
-+++ ../passenger-6.0.20/src/ruby_supportlib/phusion_passenger/nginx/config_options.rb	2018-12-03 12:23:32.978924000 -0500
+--- ../passenger-6.0.22/src/ruby_supportlib/phusion_passenger/nginx/config_options.rb.orig	2018-12-03 12:23:06.980728000 -0500
++++ ../passenger-6.0.22/src/ruby_supportlib/phusion_passenger/nginx/config_options.rb	2018-12-03 12:23:32.978924000 -0500
 @@ -204,7 +204,7 @@
      :name     => 'passenger_disable_anonymous_telemetry',
      :scope    => :global,
diff --git a/www/nginx-devel/files/extra-patch-passenger_src_nginx__module_Configuration.c b/www/nginx-devel/files/extra-patch-passenger_src_nginx__module_Configuration.c
new file mode 100644
index 000000000000..4958d721fd2b
--- /dev/null
+++ b/www/nginx-devel/files/extra-patch-passenger_src_nginx__module_Configuration.c
@@ -0,0 +1,11 @@
+--- ../passenger-6.0.22/src/nginx_module/Configuration.c.orig	2024-05-29 12:56:52.144194000 -0400
++++ ../passenger-6.0.22/src/nginx_module/Configuration.c	2024-05-29 12:58:07.308893000 -0400
+@@ -225,7 +225,7 @@
+     conf->upstream_config.send_lowat = NGX_CONF_UNSET_SIZE;
+     conf->upstream_config.buffer_size = NGX_CONF_UNSET_SIZE;
+     #if NGINX_VERSION_NUM >= 1007007
+-        conf->upstream_config.limit_rate = NGX_CONF_UNSET_SIZE;
++        conf->upstream_config.limit_rate = NGX_CONF_UNSET_PTR;
+     #endif
+ 
+     conf->upstream_config.busy_buffers_size_conf = NGX_CONF_UNSET_SIZE;