From b2c795919f346b9e0a9f397aefb0dc37912f341a Mon Sep 17 00:00:00 2001 From: schnoebe Date: Thu, 5 Dec 2013 17:45:04 +0000 Subject: pullup to pkgsrc-2013Q3, resolves ticket #4263 Updated to nginx 1.5.7 Changes with nginx 1.5.7 19 Nov 2013 *) Security: a character following an unescaped space in a request line was handled incorrectly (CVE-2013-4547); the bug had appeared in 0.8.41. Thanks to Ivan Fratric of the Google Security Team. *) Change: a logging level of auth_basic errors about no user/password provided has been lowered from "error" to "info". *) Feature: the "proxy_cache_revalidate", "fastcgi_cache_revalidate", "scgi_cache_revalidate", and "uwsgi_cache_revalidate" directives. *) Feature: the "ssl_session_ticket_key" directive. Thanks to Piotr Sikora. *) Bugfix: the directive "add_header Cache-Control ''" added a "Cache-Control" response header line with an empty value. *) Bugfix: the "satisfy any" directive might return 403 error instead of 401 if auth_request and auth_basic directives were used. Thanks to Jan Marc Hoffmann. *) Bugfix: the "accept_filter" and "deferred" parameters of the "listen" directive were ignored for listen sockets created during binary upgrade. Thanks to Piotr Sikora. *) Bugfix: some data received from a backend with unbufferred proxy might not be sent to a client immediately if "gzip" or "gunzip" directives were used. Thanks to Yichun Zhang. *) Bugfix: in error handling in ngx_http_gunzip_filter_module. *) Bugfix: responses might hang if the ngx_http_spdy_module was used with the "auth_request" directive. *) Bugfix: memory leak in nginx/Windows. Changes with nginx 1.5.6 01 Oct 2013 *) Feature: the "fastcgi_buffering" directive. *) Feature: the "proxy_ssl_protocols" and "proxy_ssl_ciphers" directives. Thanks to Piotr Sikora. *) Feature: optimization of SSL handshakes when using long certificate chains. *) Feature: the mail proxy supports SMTP pipelining. *) Bugfix: in the ngx_http_auth_basic_module when using "$apr1$" password encryption method. Thanks to Markus Linnala. *) Bugfix: in MacOSX, Cygwin, and nginx/Windows incorrect location might be used to process a request if locations were given using characters in different cases. *) Bugfix: automatic redirect with appended trailing slash for proxied locations might not work. *) Bugfix: in the mail proxy server. *) Bugfix: in the ngx_http_spdy_module. Changes with nginx 1.5.5 17 Sep 2013 *) Change: now nginx assumes HTTP/1.0 by default if it is not able to detect protocol reliably. *) Feature: the "disable_symlinks" directive now uses O_PATH on Linux. *) Feature: now nginx uses EPOLLRDHUP events to detect premature connection close by clients if the "epoll" method is used. *) Bugfix: in the "valid_referers" directive if the "server_names" parameter was used. *) Bugfix: the $request_time variable did not work in nginx/Windows. *) Bugfix: in the "image_filter" directive. Thanks to Lanshun Zhou. *) Bugfix: OpenSSL 1.0.1f compatibility. Thanks to Piotr Sikora. Changes with nginx 1.5.4 27 Aug 2013 *) Change: the "js" extension MIME type has been changed to "application/javascript"; default value of the "charset_types" directive was changed accordingly. *) Change: now the "image_filter" directive with the "size" parameter returns responses with the "application/json" MIME type. *) Feature: the ngx_http_auth_request_module. *) Bugfix: a segmentation fault might occur on start or during reconfiguration if the "try_files" directive was used with an empty parameter. *) Bugfix: memory leak if relative paths were specified using variables in the "root" or "auth_basic_user_file" directives. *) Bugfix: the "valid_referers" directive incorrectly executed regular expressions if a "Referer" header started with "https://". Thanks to Liangbin Li. *) Bugfix: responses might hang if subrequests were used and an SSL handshake error happened during subrequest processing. Thanks to Aviram Cohen. *) Bugfix: in the ngx_http_autoindex_module. *) Bugfix: in the ngx_http_spdy_module. --- www/nginx-devel/Makefile | 4 +- www/nginx-devel/distinfo | 12 ++-- www/nginx-devel/patches/patch-aa | 93 --------------------------- www/nginx-devel/patches/patch-ab | 16 ----- www/nginx-devel/patches/patch-auto_install | 16 +++++ www/nginx-devel/patches/patch-conf_nginx.conf | 89 +++++++++++++++++++++++++ 6 files changed, 113 insertions(+), 117 deletions(-) create mode 100644 www/nginx-devel/patches/patch-auto_install create mode 100644 www/nginx-devel/patches/patch-conf_nginx.conf diff --git a/www/nginx-devel/Makefile b/www/nginx-devel/Makefile index 0afd2499323..d43a3c9ba21 100644 --- a/www/nginx-devel/Makefile +++ b/www/nginx-devel/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.7 2013/08/18 08:11:04 imil Exp $ +# $NetBSD: Makefile,v 1.7.2.1 2013/12/05 17:45:04 schnoebe Exp $ -DISTNAME= nginx-1.5.3 +DISTNAME= nginx-1.5.7 MAINTAINER= imil@NetBSD.org .include "../../www/nginx/Makefile.common" diff --git a/www/nginx-devel/distinfo b/www/nginx-devel/distinfo index bd9dd07412c..c51f620524b 100644 --- a/www/nginx-devel/distinfo +++ b/www/nginx-devel/distinfo @@ -1,16 +1,16 @@ -$NetBSD: distinfo,v 1.5 2013/08/18 08:11:04 imil Exp $ +$NetBSD: distinfo,v 1.5.2.1 2013/12/05 17:45:04 schnoebe Exp $ SHA1 (naxsi-core-0.51-1.tgz) = e6b97c599955d1b7dc3559c5e391a551174abe91 RMD160 (naxsi-core-0.51-1.tgz) = ce29bf13805fb512f2099c2599fe705f17bf3c2d Size (naxsi-core-0.51-1.tgz) = 53908 bytes -SHA1 (nginx-1.5.3.tar.gz) = 88f4548e46c25d32f08681c0aba39b86b84ec3a3 -RMD160 (nginx-1.5.3.tar.gz) = fb57b7609d8e1de06e6dc1376bf4d239c06daa37 -Size (nginx-1.5.3.tar.gz) = 769755 bytes +SHA1 (nginx-1.5.7.tar.gz) = 4dd04c73c3081277fe9c98c4a386c8baf956f5ca +RMD160 (nginx-1.5.7.tar.gz) = a74277133f5028b4c63acc53de84c1439b14df0a +Size (nginx-1.5.7.tar.gz) = 779985 bytes SHA1 (nginx_http_push_module-0.692.tar.gz) = 72103084cad8f4d3d9a49a6b04cf780e4541605d RMD160 (nginx_http_push_module-0.692.tar.gz) = 9d2be16074cf28115af0f1d8f3646937cda649ad Size (nginx_http_push_module-0.692.tar.gz) = 29119 bytes SHA1 (nginx_upload_module-2.2.0.tar.gz) = 93d6e83e613a0ce2ed057a434b344fa1b6609b47 RMD160 (nginx_upload_module-2.2.0.tar.gz) = 5734af837be3fe8ec444a7e5e7f6707118594098 Size (nginx_upload_module-2.2.0.tar.gz) = 25796 bytes -SHA1 (patch-aa) = adf433d1b56a88c6c2ed09c4bd54fdb1a336582f -SHA1 (patch-ab) = 6f20ef8ac9a042faf7e22770de7c16b351cb1191 +SHA1 (patch-auto_install) = 723e2ae222146775ae66aed7815bf3f911dd1cd7 +SHA1 (patch-conf_nginx.conf) = ee9fbc3838cc006f6e1cddddadf6603f4941d171 diff --git a/www/nginx-devel/patches/patch-aa b/www/nginx-devel/patches/patch-aa index b19839affcc..e69de29bb2d 100644 --- a/www/nginx-devel/patches/patch-aa +++ b/www/nginx-devel/patches/patch-aa @@ -1,93 +0,0 @@ -$NetBSD: patch-aa,v 1.1 2013/02/22 17:06:54 imil Exp $ - -This patch provides config file adapted to pkgsrc settings. - ---- conf/nginx.conf.orig 2011-06-27 15:47:51.000000000 +0000 -+++ conf/nginx.conf -@@ -1,28 +1,29 @@ - --#user nobody; -+user %%NGINX_USER%% %%NGINX_GROUP%%; - worker_processes 1; - --#error_log logs/error.log; --#error_log logs/error.log notice; --#error_log logs/error.log info; -- --#pid logs/nginx.pid; -+#error_log %%NGINX_LOGDIR%%/error.log; -+#error_log %%NGINX_LOGDIR%%/error.log notice; -+#error_log %%NGINX_LOGDIR%%/error.log info; - -+#pid %%NGINX_PIDDIR%%/nginx.pid; - - events { -+ # After increasing this value You probably should increase limit -+ # of file descriptors (for example in start_precmd in startup script) - worker_connections 1024; - } - - - http { -- include mime.types; -+ include %%PKG_SYSCONFDIR%%/mime.types; - default_type application/octet-stream; - - #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - # '$status $body_bytes_sent "$http_referer" ' - # '"$http_user_agent" "$http_x_forwarded_for"'; - -- #access_log logs/access.log main; -+ #access_log %%NGINX_LOGDIR%%/access.log main; - - sendfile on; - #tcp_nopush on; -@@ -38,10 +39,10 @@ http { - - #charset koi8-r; - -- #access_log logs/host.access.log main; -+ #access_log %%NGINX_LOGDIR%%/host.access.log main; - - location / { -- root html; -+ root share/examples/nginx/html; - index index.html index.htm; - } - -@@ -51,7 +52,7 @@ http { - # - error_page 500 502 503 504 /50x.html; - location = /50x.html { -- root html; -+ root share/examples/nginx/html; - } - - # proxy the PHP scripts to Apache listening on 127.0.0.1:80 -@@ -67,7 +68,7 @@ http { - # fastcgi_pass 127.0.0.1:9000; - # fastcgi_index index.php; - # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; -- # include fastcgi_params; -+ # include %%PKG_SYSCONFDIR%%/fastcgi_params; - #} - - # deny access to .htaccess files, if Apache's document root -@@ -87,7 +88,7 @@ http { - # server_name somename alias another.alias; - - # location / { -- # root html; -+ # root share/examples/nginx/html; - # index index.html index.htm; - # } - #} -@@ -110,7 +111,7 @@ http { - # ssl_prefer_server_ciphers on; - - # location / { -- # root html; -+ # root share/examples/nginx/html; - # index index.html index.htm; - # } - #} diff --git a/www/nginx-devel/patches/patch-ab b/www/nginx-devel/patches/patch-ab index 0c37fdfc799..e69de29bb2d 100644 --- a/www/nginx-devel/patches/patch-ab +++ b/www/nginx-devel/patches/patch-ab @@ -1,16 +0,0 @@ -$NetBSD: patch-ab,v 1.1 2013/02/22 17:06:54 imil Exp $ - -Workaround for /bin/sh bug on NetBSD - ---- auto/install.orig 2010-06-15 19:50:33.000000000 +0000 -+++ auto/install -@@ -114,9 +114,6 @@ install: $NGX_OBJS${ngx_dirsep}nginx${ng - || cp conf/nginx.conf '\$(DESTDIR)$NGX_CONF_PATH' - cp conf/nginx.conf '\$(DESTDIR)$NGX_CONF_PREFIX/nginx.conf.default' - -- test -d '\$(DESTDIR)`dirname "$NGX_PID_PATH"`' \ -- || mkdir -p '\$(DESTDIR)`dirname "$NGX_PID_PATH"`' -- - test -d '\$(DESTDIR)`dirname "$NGX_HTTP_LOG_PATH"`' || \ - mkdir -p '\$(DESTDIR)`dirname "$NGX_HTTP_LOG_PATH"`' - diff --git a/www/nginx-devel/patches/patch-auto_install b/www/nginx-devel/patches/patch-auto_install new file mode 100644 index 00000000000..672a658fad3 --- /dev/null +++ b/www/nginx-devel/patches/patch-auto_install @@ -0,0 +1,16 @@ +$NetBSD: patch-auto_install,v 1.1.2.2 2013/12/05 17:45:04 schnoebe Exp $ + +Do not create PID directory. + +--- auto/install.orig 2013-11-19 10:03:47.000000000 +0000 ++++ auto/install +@@ -141,9 +141,6 @@ install: $NGX_OBJS${ngx_dirsep}nginx${ng + || cp conf/nginx.conf '\$(DESTDIR)$NGX_CONF_PATH' + cp conf/nginx.conf '\$(DESTDIR)$NGX_CONF_PREFIX/nginx.conf.default' + +- test -d '\$(DESTDIR)`dirname "$NGX_PID_PATH"`' \ +- || mkdir -p '\$(DESTDIR)`dirname "$NGX_PID_PATH"`' +- + test -d '\$(DESTDIR)`dirname "$NGX_HTTP_LOG_PATH"`' || \ + mkdir -p '\$(DESTDIR)`dirname "$NGX_HTTP_LOG_PATH"`' + diff --git a/www/nginx-devel/patches/patch-conf_nginx.conf b/www/nginx-devel/patches/patch-conf_nginx.conf new file mode 100644 index 00000000000..3595fa7275a --- /dev/null +++ b/www/nginx-devel/patches/patch-conf_nginx.conf @@ -0,0 +1,89 @@ +$NetBSD: patch-conf_nginx.conf,v 1.1.2.2 2013/12/05 17:45:04 schnoebe Exp $ + +This patch provides config file adapted to pkgsrc settings. + +--- conf/nginx.conf.orig 2013-11-19 10:03:47.000000000 +0000 ++++ conf/nginx.conf +@@ -1,28 +1,23 @@ + +-#user nobody; ++user %%NGINX_USER%% %%NGINX_GROUP%%; + worker_processes 1; + +-#error_log logs/error.log; +-#error_log logs/error.log notice; +-#error_log logs/error.log info; +- +-#pid logs/nginx.pid; +- +- + events { ++ # After increasing this value You probably should increase limit ++ # of file descriptors (for example in start_precmd in startup script) + worker_connections 1024; + } + + + http { +- include mime.types; ++ include %%PKG_SYSCONFDIR%%/mime.types; + default_type application/octet-stream; + + #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + # '$status $body_bytes_sent "$http_referer" ' + # '"$http_user_agent" "$http_x_forwarded_for"'; + +- #access_log logs/access.log main; ++ #access_log %%NGINX_LOGDIR%%/access.log main; + + sendfile on; + #tcp_nopush on; +@@ -38,10 +33,10 @@ http { + + #charset koi8-r; + +- #access_log logs/host.access.log main; ++ #access_log %%NGINX_LOGDIR%%/host.access.log main; + + location / { +- root html; ++ root share/examples/nginx/html; + index index.html index.htm; + } + +@@ -51,7 +46,7 @@ http { + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { +- root html; ++ root share/examples/nginx/html; + } + + # proxy the PHP scripts to Apache listening on 127.0.0.1:80 +@@ -67,7 +62,7 @@ http { + # fastcgi_pass 127.0.0.1:9000; + # fastcgi_index index.php; + # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; +- # include fastcgi_params; ++ # include %%PKG_SYSCONFDIR%%/fastcgi_params; + #} + + # deny access to .htaccess files, if Apache's document root +@@ -87,7 +82,7 @@ http { + # server_name somename alias another.alias; + + # location / { +- # root html; ++ # root share/examples/nginx/html; + # index index.html index.htm; + # } + #} +@@ -109,7 +104,7 @@ http { + # ssl_prefer_server_ciphers on; + + # location / { +- # root html; ++ # root share/examples/nginx/html; + # index index.html index.htm; + # } + #} -- cgit v1.2.3