git: 5bae4e5038d1 - main - www/nginx-devel: update third-party http_auth_krb5 (spnego) module (+)

From: Sergey A. Osokin <osa_at_FreeBSD.org>
Date: Tue, 18 Apr 2023 13:20:28 UTC
The branch main has been updated by osa:

URL: https://cgit.FreeBSD.org/ports/commit/?id=5bae4e5038d18b66a74dda03fa0dffad964d4e89

commit 5bae4e5038d18b66a74dda03fa0dffad964d4e89
Author:     Sergey A. Osokin <osa@FreeBSD.org>
AuthorDate: 2023-04-18 13:19:07 +0000
Commit:     Sergey A. Osokin <osa@FreeBSD.org>
CommitDate: 2023-04-18 13:20:22 +0000

    www/nginx-devel: update third-party http_auth_krb5 (spnego) module (+)
    
    Resurrect GSSAPI radio button for http_auth_krb5 module, last one
    builds just fine with both implementations now.
    
    While I'm here:
    o) sort pkg-plist;
    o) update portscout.
    
    Bump PORTREVISION.
---
 www/nginx-devel/Makefile                           | 18 +++++++-
 www/nginx-devel/Makefile.extmod                    |  6 +--
 www/nginx-devel/distinfo                           |  6 +--
 .../extra-patch-ngx_http_auth_spnego_module.c      | 52 ----------------------
 ...xtra-patch-spnego-http-auth-nginx-module-config |  4 +-
 www/nginx-devel/pkg-plist                          |  4 +-
 6 files changed, 25 insertions(+), 65 deletions(-)

diff --git a/www/nginx-devel/Makefile b/www/nginx-devel/Makefile
index 6a196b9efa06..878ddd819e7c 100644
--- a/www/nginx-devel/Makefile
+++ b/www/nginx-devel/Makefile
@@ -1,6 +1,6 @@
 PORTNAME?=	nginx
 PORTVERSION=	1.24.0
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	www
 MASTER_SITES=	https://nginx.org/download/ \
 		LOCAL/osa
@@ -16,7 +16,7 @@ LICENSE_FILE?=	${WRKSRC}/LICENSE
 
 CONFLICTS_INSTALL=	nginx
 
-PORTSCOUT=	limit:^1\.24\.[0-9]*
+PORTSCOUT=	limit:^1\.2[4-5]\.[0-9]*
 
 USES=		cpe
 
@@ -87,6 +87,11 @@ OPTIONS_DEFAULT?=	DSO FILE_AIO HTTP HTTP_ADDITION HTTP_AUTH_REQ HTTP_CACHE \
 
 LIB_DEPENDS+=	libpcre2-8.so:devel/pcre2
 
+OPTIONS_RADIO+=		GSSAPI
+OPTIONS_RADIO_GSSAPI=	GSSAPI_HEIMDAL GSSAPI_MIT
+GSSAPI_HEIMDAL_USES=	gssapi:heimdal,flags
+GSSAPI_MIT_USES=	gssapi:mit
+
 OPTIONS_SUB=	yes
 
 .include "Makefile.options.desc"
@@ -103,6 +108,9 @@ ${opt}_IMPLIES=	HTTP
 ${opt}_IMPLIES=	STREAM
 .endfor
 
+GSSAPI_HEIMDAL_IMPLIES=	HTTP_AUTH_KRB5
+GSSAPI_MIT_IMPLIES=	HTTP_AUTH_KRB5
+
 # If the target is makesum, make sure that every distfile is fetched.
 .if ${.TARGETS:Mmakesum}
 OPTIONS_DEFAULT=	${OPTIONS_DEFINE} ${OPTIONS_GROUP_HTTPGRP} \
@@ -220,6 +228,12 @@ IGNORE=		requires at least HTTP or MAIL to \
 		be defined.  Please do 'make config' again
 .endif
 
+.if ${PORT_OPTIONS:MHTTP_AUTH_KRB5} && (empty(PORT_OPTIONS:MGSSAPI_HEIMDAL) && empty(PORT_OPTIONS:MGSSAPI_MIT))
+IGNORE=		required at least GSSAPI_HEIMDAL or \
+		GSSAPI_MIT to be defined. Please do \
+		'make config' again
+.endif
+
 .if ${PORT_OPTIONS:MPASSENGER} && empty(PORT_OPTIONS:MDEBUG)
 CONFIGURE_ENV+=	OPTIMIZE="yes"
 CFLAGS+=	-DNDEBUG
diff --git a/www/nginx-devel/Makefile.extmod b/www/nginx-devel/Makefile.extmod
index da16d3e86f39..110443098f42 100644
--- a/www/nginx-devel/Makefile.extmod
+++ b/www/nginx-devel/Makefile.extmod
@@ -90,11 +90,9 @@ HTTP_ACCEPT_LANGUAGE_VARS=	DSO_EXTMODS+=accept_language
 HTTP_AUTH_DIGEST_GH_TUPLE=	atomx:nginx-http-auth-digest:274490c:auth_digest
 HTTP_AUTH_DIGEST_VARS=		DSO_EXTMODS+=auth_digest
 
-HTTP_AUTH_KRB5_GH_TUPLE=	stnoonan:spnego-http-auth-nginx-module:c626163:auth_krb5
+HTTP_AUTH_KRB5_GH_TUPLE=	stnoonan:spnego-http-auth-nginx-module:3575542:auth_krb5
 HTTP_AUTH_KRB5_VARS=		DSO_EXTMODS+=auth_krb5
-HTTP_AUTH_KRB5_EXTRA_PATCHES=	${PATCHDIR}/extra-patch-spnego-http-auth-nginx-module-config \
-				${PATCHDIR}/extra-patch-ngx_http_auth_spnego_module.c
-HTTP_AUTH_KRB5_USES=		gssapi:mit
+HTTP_AUTH_KRB5_EXTRA_PATCHES=	${PATCHDIR}/extra-patch-spnego-http-auth-nginx-module-config
 
 HTTP_AUTH_LDAP_GH_TUPLE=	kvspb:nginx-auth-ldap:83c059b:http_auth_ldap
 HTTP_AUTH_LDAP_EXTRA_PATCHES=	${PATCHDIR}/extra-patch-ngx_http_auth_ldap_module.c
diff --git a/www/nginx-devel/distinfo b/www/nginx-devel/distinfo
index 6dd09eb91908..b2a091fa25aa 100644
--- a/www/nginx-devel/distinfo
+++ b/www/nginx-devel/distinfo
@@ -1,4 +1,4 @@
-TIMESTAMP = 1681229804
+TIMESTAMP = 1681772643
 SHA256 (nginx-1.24.0.tar.gz) = 77a2541637b92a621e3ee76776c8b7b40cf6d707e69ba53a940283e30ff2f55d
 SIZE (nginx-1.24.0.tar.gz) = 1112471
 SHA256 (nginx_mogilefs_module-1.0.4.tar.gz) = 7ac230d30907f013dff8d435a118619ea6168aa3714dba62c6962d350c6295ae
@@ -47,8 +47,8 @@ SHA256 (dvershinin-nginx_accept_language_module-5683967_GH0.tar.gz) = a58feb576f
 SIZE (dvershinin-nginx_accept_language_module-5683967_GH0.tar.gz) = 3425
 SHA256 (atomx-nginx-http-auth-digest-274490c_GH0.tar.gz) = 0839c33c2f8d519f92daae274f62cf87eb68415d562c6500ee3e3721ce80557c
 SIZE (atomx-nginx-http-auth-digest-274490c_GH0.tar.gz) = 17815
-SHA256 (stnoonan-spnego-http-auth-nginx-module-c626163_GH0.tar.gz) = dac75d65453744ffe0f7af248f10f98fc89efca07303aa45a610805e57c588fc
-SIZE (stnoonan-spnego-http-auth-nginx-module-c626163_GH0.tar.gz) = 24404
+SHA256 (stnoonan-spnego-http-auth-nginx-module-3575542_GH0.tar.gz) = 6d710f97bef58b2d5dc54445c0e48103786425f6d4ab18cf30a2168904d0ba62
+SIZE (stnoonan-spnego-http-auth-nginx-module-3575542_GH0.tar.gz) = 24680
 SHA256 (kvspb-nginx-auth-ldap-83c059b_GH0.tar.gz) = e76e9e117ad51af578a68fa7a30c256178796bb271fa77f01c93281a92b09921
 SIZE (kvspb-nginx-auth-ldap-83c059b_GH0.tar.gz) = 18547
 SHA256 (sto-ngx_http_auth_pam_module-v1.5.3_GH0.tar.gz) = 882018fea8d6955ab3fe294aafa8ebb1fdff4eac313c29583fef02c6de76fae7
diff --git a/www/nginx-devel/files/extra-patch-ngx_http_auth_spnego_module.c b/www/nginx-devel/files/extra-patch-ngx_http_auth_spnego_module.c
deleted file mode 100644
index 40aea7e6e875..000000000000
--- a/www/nginx-devel/files/extra-patch-ngx_http_auth_spnego_module.c
+++ /dev/null
@@ -1,52 +0,0 @@
---- ../spnego-http-auth-nginx-module-c626163/ngx_http_auth_spnego_module.c.orig
-+++ ../spnego-http-auth-nginx-module-c626163/ngx_http_auth_spnego_module.c
-@@ -502,6 +502,7 @@ ngx_http_auth_spnego_headers_basic_only(ngx_http_request_t *r,
-     }
- 
-     r->headers_out.www_authenticate->hash = 1;
-+    r->headers_out.www_authenticate->next = NULL;
-     r->headers_out.www_authenticate->key.len = sizeof("WWW-Authenticate") - 1;
-     r->headers_out.www_authenticate->key.data = (u_char *)"WWW-Authenticate";
-     r->headers_out.www_authenticate->value.len = value.len;
-@@ -538,6 +539,7 @@ ngx_http_auth_spnego_headers(ngx_http_request_t *r,
-     }
- 
-     r->headers_out.www_authenticate->hash = 1;
-+    r->headers_out.www_authenticate->next = NULL;
-     r->headers_out.www_authenticate->key.len = sizeof("WWW-Authenticate") - 1;
-     r->headers_out.www_authenticate->key.data = (u_char *)"WWW-Authenticate";
-     r->headers_out.www_authenticate->value.len = value.len;
-@@ -559,6 +561,7 @@ ngx_http_auth_spnego_headers(ngx_http_request_t *r,
-         }
- 
-         r->headers_out.www_authenticate->hash = 2;
-+        r->headers_out.www_authenticate->next = NULL;
-         r->headers_out.www_authenticate->key.len =
-             sizeof("WWW-Authenticate") - 1;
-         r->headers_out.www_authenticate->key.data =
-@@ -758,6 +761,12 @@ ngx_http_auth_spnego_store_delegated_creds(ngx_http_request_t *r,
-     char *ccname = NULL;
-     char *escaped = NULL;
- 
-+    if ((kerr = krb5_init_context(&kcontext))) {
-+        spnego_log_error("Kerberos error: Cannot initialize kerberos context");
-+        spnego_log_krb5_error(kcontext, kerr);
-+        goto done;
-+    }
-+
-     if (!delegated_creds.data) {
-         spnego_log_error(
-             "ngx_http_auth_spnego_store_delegated_creds() NULL credentials");
-@@ -766,12 +775,6 @@ ngx_http_auth_spnego_store_delegated_creds(ngx_http_request_t *r,
-         goto done;
-     }
- 
--    if ((kerr = krb5_init_context(&kcontext))) {
--        spnego_log_error("Kerberos error: Cannot initialize kerberos context");
--        spnego_log_krb5_error(kcontext, kerr);
--        goto done;
--    }
--
-     if ((kerr = krb5_parse_name(kcontext, (char *)principal_name->data,
-                                 &principal))) {
-         spnego_log_error("Kerberos error: Cannot parse principal %s",
diff --git a/www/nginx-devel/files/extra-patch-spnego-http-auth-nginx-module-config b/www/nginx-devel/files/extra-patch-spnego-http-auth-nginx-module-config
index 7ea16b2ff99e..a54e89e58a23 100644
--- a/www/nginx-devel/files/extra-patch-spnego-http-auth-nginx-module-config
+++ b/www/nginx-devel/files/extra-patch-spnego-http-auth-nginx-module-config
@@ -1,5 +1,5 @@
---- ../spnego-http-auth-nginx-module-c626163/config.orig	2020-08-27 07:59:28.423636000 -0400
-+++ ../spnego-http-auth-nginx-module-c626163/config	2020-08-27 08:01:42.152121000 -0400
+--- ../spnego-http-auth-nginx-module-3575542/config.orig	2020-08-27 07:59:28.423636000 -0400
++++ ../spnego-http-auth-nginx-module-3575542/config	2020-08-27 08:01:42.152121000 -0400
 @@ -1,8 +1,9 @@
  ngx_addon_name=ngx_http_auth_spnego_module
 -ngx_feature_libs="-lgssapi_krb5 -lkrb5 -lcom_err"
diff --git a/www/nginx-devel/pkg-plist b/www/nginx-devel/pkg-plist
index 0f8bc3e54f0a..a3f21a268022 100644
--- a/www/nginx-devel/pkg-plist
+++ b/www/nginx-devel/pkg-plist
@@ -44,8 +44,8 @@
 %%DSO%%%%HTTP_MP4_H264%%libexec/nginx/ngx_http_h264_streaming_module.so
 %%DSO%%%%HTTP_NOTICE%%libexec/nginx/ngx_http_notice_module.so
 %%DSO%%%%HTTP_PERL%%libexec/nginx/ngx_http_perl_module.so
-%%DSO%%%%HTTP_PUSH%%libexec/nginx/ngx_nchan_module.so
 %%DSO%%%%HTTP_PUSH_STREAM%%libexec/nginx/ngx_http_push_stream_module.so
+%%DSO%%%%HTTP_PUSH%%libexec/nginx/ngx_nchan_module.so
 %%DSO%%%%HTTP_REDIS%%libexec/nginx/ngx_http_redis_module.so
 %%DSO%%%%HTTP_SUBS_FILTER%%libexec/nginx/ngx_http_subs_filter_module.so
 %%DSO%%%%HTTP_TARANTOOL%%libexec/nginx/ngx_http_tnt_module.so
@@ -62,8 +62,8 @@
 %%DSO%%%%LET%%libexec/nginx/ngx_http_let_module.so
 %%DSO%%%%LINK%%libexec/nginx/ngx_http_link_func_module.so
 %%DSO%%%%LUA%%libexec/nginx/ngx_http_lua_module.so
-%%DSO%%%%MAIL%%libexec/nginx/ngx_mail_module.so
 %%DSO%%%%MAIL%%%%CT%%libexec/nginx/ngx_mail_ssl_ct_module.so
+%%DSO%%%%MAIL%%libexec/nginx/ngx_mail_module.so
 %%DSO%%%%MEMC%%libexec/nginx/ngx_http_memc_module.so
 %%DSO%%%%MODSECURITY3%%libexec/nginx/ngx_http_modsecurity_module.so
 %%DSO%%%%NAXSI%%libexec/nginx/ngx_http_naxsi_module.so