git: 62274cac0617 - main - www/nginx-devel: security update from 1.27.5 to 1.28.0
Date: Wed, 23 Apr 2025 16:18:03 UTC
The branch main has been updated by osa:
URL: https://cgit.FreeBSD.org/ports/commit/?id=62274cac06171874d5413b5a1fa7cbf17046e9b1
commit 62274cac06171874d5413b5a1fa7cbf17046e9b1
Author: Sergey A. Osokin <osa@FreeBSD.org>
AuthorDate: 2025-04-23 16:17:36 +0000
Commit: Sergey A. Osokin <osa@FreeBSD.org>
CommitDate: 2025-04-23 16:17:58 +0000
www/nginx-devel: security update from 1.27.5 to 1.28.0
<ChangeLog>
*) 1.28.x stable branch.
*) Bugfix: nginx could not be built by gcc 15 if ngx_http_v2_module or
ngx_http_v3_module modules were used.
*) Bugfix: nginx might not be built by gcc 14 or newer with -O3 -flto
optimization if ngx_http_v3_module was used.
</ChangeLog>
---
www/nginx-devel/Makefile | 3 +--
www/nginx-devel/Makefile.extmod | 7 +-----
www/nginx-devel/Makefile.options.desc | 1 -
www/nginx-devel/distinfo | 8 +++---
.../files/extra-patch-nginx-ct-LibreSSL | 29 ----------------------
www/nginx-devel/pkg-plist | 4 ---
6 files changed, 5 insertions(+), 47 deletions(-)
diff --git a/www/nginx-devel/Makefile b/www/nginx-devel/Makefile
index e2dafd241f46..b6699a0a3229 100644
--- a/www/nginx-devel/Makefile
+++ b/www/nginx-devel/Makefile
@@ -1,10 +1,9 @@
PORTNAME?= nginx
-PORTVERSION= 1.27.5
+PORTVERSION= 1.28.0
CATEGORIES= www
MASTER_SITES= https://nginx.org/download/ \
LOCAL/osa
PKGNAMESUFFIX?= -devel
-PORTREVISION= 1
DISTFILES= ${DISTNAME}${EXTRACT_SUFX}
MAINTAINER?= osa@FreeBSD.org
diff --git a/www/nginx-devel/Makefile.extmod b/www/nginx-devel/Makefile.extmod
index d6476aee3dd6..d6f8dbd66b43 100644
--- a/www/nginx-devel/Makefile.extmod
+++ b/www/nginx-devel/Makefile.extmod
@@ -2,7 +2,7 @@
OPTIONS_GROUP+= THIRDPARTYGRP
# External modules (arrayvar MUST appear after devel_kit for build-dep)
-OPTIONS_GROUP_THIRDPARTYGRP= AJP AWS_AUTH BROTLI CACHE_PURGE CT \
+OPTIONS_GROUP_THIRDPARTYGRP= AJP AWS_AUTH BROTLI CACHE_PURGE \
DEVEL_KIT ARRAYVAR DRIZZLE DYNAMIC_UPSTREAM ECHO ENCRYPTSESSION \
FIPS_CHECK FORMINPUT GRIDFS HEADERS_MORE HTTP_ACCEPT_LANGUAGE HTTP_AUTH_DIGEST \
HTTP_AUTH_JWT HTTP_AUTH_KRB5 HTTP_AUTH_LDAP HTTP_AUTH_PAM HTTP_DAV_EXT \
@@ -33,11 +33,6 @@ BROTLI_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-ngx_brotli_filter_config
CACHE_PURGE_GH_TUPLE= nginx-modules:ngx_cache_purge:a84b0f3:cache_purge
CACHE_PURGE_VARS= DSO_EXTMODS+=cache_purge
-CT_IMPLIES= HTTP_SSL
-CT_GH_TUPLE= BenBE:nginx-ct:71bf4d2:ct
-CT_VARS= DSO_EXTMODS+=ct
-CT_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-nginx-ct-LibreSSL
-
ECHO_GH_TUPLE= openresty:echo-nginx-module:4eeda3c:echo
ECHO_VARS= DSO_EXTMODS+=echo
diff --git a/www/nginx-devel/Makefile.options.desc b/www/nginx-devel/Makefile.options.desc
index 0fcfacb8102c..6d26b8650d1d 100644
--- a/www/nginx-devel/Makefile.options.desc
+++ b/www/nginx-devel/Makefile.options.desc
@@ -3,7 +3,6 @@ ARRAYVAR_DESC= 3rd party array_var module
AWS_AUTH_DESC= 3rd party aws auth module
BROTLI_DESC= 3rd party brotli module
CACHE_PURGE_DESC= 3rd party cache_purge module
-CT_DESC= 3rd party cert_transparency module (SSL req.)
DEBUGLOG_DESC= Enable debug log (--with-debug)
DEVEL_KIT_DESC= 3rd party Nginx Development Kit module
DRIZZLE_DESC= 3rd party drizzle module
diff --git a/www/nginx-devel/distinfo b/www/nginx-devel/distinfo
index a52bcfa9ccfd..39bb0607b6a5 100644
--- a/www/nginx-devel/distinfo
+++ b/www/nginx-devel/distinfo
@@ -1,6 +1,6 @@
-TIMESTAMP = 1744884495
-SHA256 (nginx-1.27.5.tar.gz) = e96acebb9c2a6db8a000c3dd1b32ecba1b810f0cd586232d4d921e376674dd0e
-SIZE (nginx-1.27.5.tar.gz) = 1279891
+TIMESTAMP = 1745418876
+SHA256 (nginx-1.28.0.tar.gz) = c6b5c6b086c0df9d3ca3ff5e084c1d0ef909e6038279c71c1c3e985f576ff76a
+SIZE (nginx-1.28.0.tar.gz) = 1280111
SHA256 (nginx_mogilefs_module-1.0.4.tar.gz) = 7ac230d30907f013dff8d435a118619ea6168aa3714dba62c6962d350c6295ae
SIZE (nginx_mogilefs_module-1.0.4.tar.gz) = 11208
SHA256 (ngx_http_redis-0.3.9.tar.gz) = 21f87540f0a44b23ffa5df16fb3d788bc90803b255ef14f9c26e3847a6f26f46
@@ -17,8 +17,6 @@ SHA256 (google-ngx_brotli-a71f931_GH0.tar.gz) = b3312a045d5303a40d02beb34711b8ca
SIZE (google-ngx_brotli-a71f931_GH0.tar.gz) = 16376
SHA256 (nginx-modules-ngx_cache_purge-a84b0f3_GH0.tar.gz) = ddfd4fdd99075d906b7b75c49f56ec96b76df7951dfa54502e0f83890447031f
SIZE (nginx-modules-ngx_cache_purge-a84b0f3_GH0.tar.gz) = 17162
-SHA256 (BenBE-nginx-ct-71bf4d2_GH0.tar.gz) = 15441194cf9ffee84394ac75f0c3ded8712ae07b0ee8194aa5ca47ec8f670321
-SIZE (BenBE-nginx-ct-71bf4d2_GH0.tar.gz) = 8212
SHA256 (vision5-ngx_devel_kit-v0.3.3_GH0.tar.gz) = faa2fcd5168b10764d35081356511d5f84db5c526a1aa4b6add2db94b6853b2b
SIZE (vision5-ngx_devel_kit-v0.3.3_GH0.tar.gz) = 66561
SHA256 (openresty-drizzle-nginx-module-c631276_GH0.tar.gz) = 215ebeb3bad3a907f13fbdae66a25939b6820bdba2f339394cbb9c8b8557308a
diff --git a/www/nginx-devel/files/extra-patch-nginx-ct-LibreSSL b/www/nginx-devel/files/extra-patch-nginx-ct-LibreSSL
deleted file mode 100644
index a3b500629983..000000000000
--- a/www/nginx-devel/files/extra-patch-nginx-ct-LibreSSL
+++ /dev/null
@@ -1,29 +0,0 @@
---- ../nginx-ct-71bf4d2/ngx_ssl_ct_module.c.orig 2024-12-07 10:41:38.000000000 -0500
-+++ ../nginx-ct-71bf4d2/ngx_ssl_ct_module.c 2025-02-04 13:44:15.064346000 -0500
-@@ -135,7 +135,7 @@
- continue;
- }
-
--#ifndef OPENSSL_IS_BORINGSSL
-+#if !defined(OPENSSL_IS_BORINGSSL) && !defined(LIBRESSL_VERSION_NUMBER)
- /* associate the sct_list with the cert */
- X509_set_ex_data(cert, ngx_ssl_ct_sct_list_index, sct_list);
-
-@@ -165,7 +165,7 @@
- #endif
- }
-
--#ifndef OPENSSL_IS_BORINGSSL
-+#if !defined(OPENSSL_IS_BORINGSSL) && !defined(LIBRESSL_VERSION_NUMBER)
- /* add OpenSSL TLS extension */
- int context = SSL_EXT_CLIENT_HELLO
- | SSL_EXT_TLS1_2_SERVER_HELLO
-@@ -181,7 +181,7 @@
- return NGX_CONF_OK;
- }
-
--#ifndef OPENSSL_IS_BORINGSSL
-+#if !defined(OPENSSL_IS_BORINGSSL) && !defined(LIBRESSL_VERSION_NUMBER)
- static int ngx_ssl_ct_ext_cb(SSL *s, unsigned int ext_type, unsigned int context,
- const unsigned char **out, size_t *outlen, X509 *x, size_t chainidx,
- int *al, void *add_arg) {
diff --git a/www/nginx-devel/pkg-plist b/www/nginx-devel/pkg-plist
index 88cfe8859371..906d67d94d7c 100644
--- a/www/nginx-devel/pkg-plist
+++ b/www/nginx-devel/pkg-plist
@@ -14,8 +14,6 @@
%%DSO%%%%BROTLI%%libexec/nginx/ngx_http_brotli_filter_module.so
%%DSO%%%%BROTLI%%libexec/nginx/ngx_http_brotli_static_module.so
%%DSO%%%%CACHE_PURGE%%libexec/nginx/ngx_http_cache_purge_module.so
-%%DSO%%%%CT%%libexec/nginx/ngx_http_ssl_ct_module.so
-%%DSO%%%%CT%%libexec/nginx/ngx_ssl_ct_module.so
%%DSO%%%%DEVEL_KIT%%libexec/nginx/ndk_http_module.so
%%DSO%%%%DRIZZLE%%libexec/nginx/ngx_http_drizzle_module.so
%%DSO%%%%DYNAMIC_UPSTREAM%%libexec/nginx/ngx_http_dynamic_upstream_module.so
@@ -61,7 +59,6 @@
%%DSO%%%%LINK%%libexec/nginx/ngx_http_link_func_module.so
%%DSO%%%%LUA%%libexec/nginx/ngx_http_lua_module.so
%%DSO%%%%LUASTREAM%%libexec/nginx/ngx_stream_lua_module.so
-%%DSO%%%%MAIL%%%%CT%%libexec/nginx/ngx_mail_ssl_ct_module.so
%%DSO%%%%MAIL%%libexec/nginx/ngx_mail_module.so
%%DSO%%%%MEMC%%libexec/nginx/ngx_http_memc_module.so
%%DSO%%%%MODSECURITY3%%libexec/nginx/ngx_http_modsecurity_module.so
@@ -77,7 +74,6 @@
%%DSO%%%%SHIBBOLETH%%libexec/nginx/ngx_http_shibboleth_module.so
%%DSO%%%%SLOWFS_CACHE%%libexec/nginx/ngx_http_slowfs_module.so
%%DSO%%%%SRCACHE%%libexec/nginx/ngx_http_srcache_filter_module.so
-%%DSO%%%%STREAM%%%%CT%%libexec/nginx/ngx_stream_ssl_ct_module.so
%%DSO%%%%STREAM%%%%HTTP_GEOIP2%%libexec/nginx/ngx_stream_geoip2_module.so
%%DSO%%%%STREAM%%%%NJS%%libexec/nginx/ngx_stream_js_module.so
%%DSO%%%%STREAM%%libexec/nginx/ngx_stream_module.so