Re: git: 62274cac0617 - main - www/nginx-devel: security update from 1.27.5 to 1.28.0
- In reply to: Sergey A. Osokin: "git: 62274cac0617 - main - www/nginx-devel: security update from 1.27.5 to 1.28.0"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 23 Apr 2025 16:20:04 UTC
Hi,
I missed an update for the commit message, please read that like this:
www/nginx-devel: update from 1.27.5 to 1.28.0
Apologies for any inconvenience.
Thank you.
--
Sergey A. Osokin
On Wed, Apr 23, 2025 at 04:18:03PM +0000, Sergey A. Osokin wrote:
> The branch main has been updated by osa:
>
> URL: https://cgit.FreeBSD.org/ports/commit/?id=62274cac06171874d5413b5a1fa7cbf17046e9b1
>
> commit 62274cac06171874d5413b5a1fa7cbf17046e9b1
> Author: Sergey A. Osokin <osa@FreeBSD.org>
> AuthorDate: 2025-04-23 16:17:36 +0000
> Commit: Sergey A. Osokin <osa@FreeBSD.org>
> CommitDate: 2025-04-23 16:17:58 +0000
>
> www/nginx-devel: security update from 1.27.5 to 1.28.0
>
> <ChangeLog>
>
> *) 1.28.x stable branch.
>
> *) Bugfix: nginx could not be built by gcc 15 if ngx_http_v2_module or
> ngx_http_v3_module modules were used.
>
> *) Bugfix: nginx might not be built by gcc 14 or newer with -O3 -flto
> optimization if ngx_http_v3_module was used.
>
> </ChangeLog>
> ---
> www/nginx-devel/Makefile | 3 +--
> www/nginx-devel/Makefile.extmod | 7 +-----
> www/nginx-devel/Makefile.options.desc | 1 -
> www/nginx-devel/distinfo | 8 +++---
> .../files/extra-patch-nginx-ct-LibreSSL | 29 ----------------------
> www/nginx-devel/pkg-plist | 4 ---
> 6 files changed, 5 insertions(+), 47 deletions(-)
>
> diff --git a/www/nginx-devel/Makefile b/www/nginx-devel/Makefile
> index e2dafd241f46..b6699a0a3229 100644
> --- a/www/nginx-devel/Makefile
> +++ b/www/nginx-devel/Makefile
> @@ -1,10 +1,9 @@
> PORTNAME?= nginx
> -PORTVERSION= 1.27.5
> +PORTVERSION= 1.28.0
> CATEGORIES= www
> MASTER_SITES= https://nginx.org/download/ \
> LOCAL/osa
> PKGNAMESUFFIX?= -devel
> -PORTREVISION= 1
> DISTFILES= ${DISTNAME}${EXTRACT_SUFX}
>
> MAINTAINER?= osa@FreeBSD.org
> diff --git a/www/nginx-devel/Makefile.extmod b/www/nginx-devel/Makefile.extmod
> index d6476aee3dd6..d6f8dbd66b43 100644
> --- a/www/nginx-devel/Makefile.extmod
> +++ b/www/nginx-devel/Makefile.extmod
> @@ -2,7 +2,7 @@
>
> OPTIONS_GROUP+= THIRDPARTYGRP
> # External modules (arrayvar MUST appear after devel_kit for build-dep)
> -OPTIONS_GROUP_THIRDPARTYGRP= AJP AWS_AUTH BROTLI CACHE_PURGE CT \
> +OPTIONS_GROUP_THIRDPARTYGRP= AJP AWS_AUTH BROTLI CACHE_PURGE \
> DEVEL_KIT ARRAYVAR DRIZZLE DYNAMIC_UPSTREAM ECHO ENCRYPTSESSION \
> FIPS_CHECK FORMINPUT GRIDFS HEADERS_MORE HTTP_ACCEPT_LANGUAGE HTTP_AUTH_DIGEST \
> HTTP_AUTH_JWT HTTP_AUTH_KRB5 HTTP_AUTH_LDAP HTTP_AUTH_PAM HTTP_DAV_EXT \
> @@ -33,11 +33,6 @@ BROTLI_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-ngx_brotli_filter_config
> CACHE_PURGE_GH_TUPLE= nginx-modules:ngx_cache_purge:a84b0f3:cache_purge
> CACHE_PURGE_VARS= DSO_EXTMODS+=cache_purge
>
> -CT_IMPLIES= HTTP_SSL
> -CT_GH_TUPLE= BenBE:nginx-ct:71bf4d2:ct
> -CT_VARS= DSO_EXTMODS+=ct
> -CT_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-nginx-ct-LibreSSL
> -
> ECHO_GH_TUPLE= openresty:echo-nginx-module:4eeda3c:echo
> ECHO_VARS= DSO_EXTMODS+=echo
>
> diff --git a/www/nginx-devel/Makefile.options.desc b/www/nginx-devel/Makefile.options.desc
> index 0fcfacb8102c..6d26b8650d1d 100644
> --- a/www/nginx-devel/Makefile.options.desc
> +++ b/www/nginx-devel/Makefile.options.desc
> @@ -3,7 +3,6 @@ ARRAYVAR_DESC= 3rd party array_var module
> AWS_AUTH_DESC= 3rd party aws auth module
> BROTLI_DESC= 3rd party brotli module
> CACHE_PURGE_DESC= 3rd party cache_purge module
> -CT_DESC= 3rd party cert_transparency module (SSL req.)
> DEBUGLOG_DESC= Enable debug log (--with-debug)
> DEVEL_KIT_DESC= 3rd party Nginx Development Kit module
> DRIZZLE_DESC= 3rd party drizzle module
> diff --git a/www/nginx-devel/distinfo b/www/nginx-devel/distinfo
> index a52bcfa9ccfd..39bb0607b6a5 100644
> --- a/www/nginx-devel/distinfo
> +++ b/www/nginx-devel/distinfo
> @@ -1,6 +1,6 @@
> -TIMESTAMP = 1744884495
> -SHA256 (nginx-1.27.5.tar.gz) = e96acebb9c2a6db8a000c3dd1b32ecba1b810f0cd586232d4d921e376674dd0e
> -SIZE (nginx-1.27.5.tar.gz) = 1279891
> +TIMESTAMP = 1745418876
> +SHA256 (nginx-1.28.0.tar.gz) = c6b5c6b086c0df9d3ca3ff5e084c1d0ef909e6038279c71c1c3e985f576ff76a
> +SIZE (nginx-1.28.0.tar.gz) = 1280111
> SHA256 (nginx_mogilefs_module-1.0.4.tar.gz) = 7ac230d30907f013dff8d435a118619ea6168aa3714dba62c6962d350c6295ae
> SIZE (nginx_mogilefs_module-1.0.4.tar.gz) = 11208
> SHA256 (ngx_http_redis-0.3.9.tar.gz) = 21f87540f0a44b23ffa5df16fb3d788bc90803b255ef14f9c26e3847a6f26f46
> @@ -17,8 +17,6 @@ SHA256 (google-ngx_brotli-a71f931_GH0.tar.gz) = b3312a045d5303a40d02beb34711b8ca
> SIZE (google-ngx_brotli-a71f931_GH0.tar.gz) = 16376
> SHA256 (nginx-modules-ngx_cache_purge-a84b0f3_GH0.tar.gz) = ddfd4fdd99075d906b7b75c49f56ec96b76df7951dfa54502e0f83890447031f
> SIZE (nginx-modules-ngx_cache_purge-a84b0f3_GH0.tar.gz) = 17162
> -SHA256 (BenBE-nginx-ct-71bf4d2_GH0.tar.gz) = 15441194cf9ffee84394ac75f0c3ded8712ae07b0ee8194aa5ca47ec8f670321
> -SIZE (BenBE-nginx-ct-71bf4d2_GH0.tar.gz) = 8212
> SHA256 (vision5-ngx_devel_kit-v0.3.3_GH0.tar.gz) = faa2fcd5168b10764d35081356511d5f84db5c526a1aa4b6add2db94b6853b2b
> SIZE (vision5-ngx_devel_kit-v0.3.3_GH0.tar.gz) = 66561
> SHA256 (openresty-drizzle-nginx-module-c631276_GH0.tar.gz) = 215ebeb3bad3a907f13fbdae66a25939b6820bdba2f339394cbb9c8b8557308a
> diff --git a/www/nginx-devel/files/extra-patch-nginx-ct-LibreSSL b/www/nginx-devel/files/extra-patch-nginx-ct-LibreSSL
> deleted file mode 100644
> index a3b500629983..000000000000
> --- a/www/nginx-devel/files/extra-patch-nginx-ct-LibreSSL
> +++ /dev/null
> @@ -1,29 +0,0 @@
> ---- ../nginx-ct-71bf4d2/ngx_ssl_ct_module.c.orig 2024-12-07 10:41:38.000000000 -0500
> -+++ ../nginx-ct-71bf4d2/ngx_ssl_ct_module.c 2025-02-04 13:44:15.064346000 -0500
> -@@ -135,7 +135,7 @@
> - continue;
> - }
> -
> --#ifndef OPENSSL_IS_BORINGSSL
> -+#if !defined(OPENSSL_IS_BORINGSSL) && !defined(LIBRESSL_VERSION_NUMBER)
> - /* associate the sct_list with the cert */
> - X509_set_ex_data(cert, ngx_ssl_ct_sct_list_index, sct_list);
> -
> -@@ -165,7 +165,7 @@
> - #endif
> - }
> -
> --#ifndef OPENSSL_IS_BORINGSSL
> -+#if !defined(OPENSSL_IS_BORINGSSL) && !defined(LIBRESSL_VERSION_NUMBER)
> - /* add OpenSSL TLS extension */
> - int context = SSL_EXT_CLIENT_HELLO
> - | SSL_EXT_TLS1_2_SERVER_HELLO
> -@@ -181,7 +181,7 @@
> - return NGX_CONF_OK;
> - }
> -
> --#ifndef OPENSSL_IS_BORINGSSL
> -+#if !defined(OPENSSL_IS_BORINGSSL) && !defined(LIBRESSL_VERSION_NUMBER)
> - static int ngx_ssl_ct_ext_cb(SSL *s, unsigned int ext_type, unsigned int context,
> - const unsigned char **out, size_t *outlen, X509 *x, size_t chainidx,
> - int *al, void *add_arg) {
> diff --git a/www/nginx-devel/pkg-plist b/www/nginx-devel/pkg-plist
> index 88cfe8859371..906d67d94d7c 100644
> --- a/www/nginx-devel/pkg-plist
> +++ b/www/nginx-devel/pkg-plist
> @@ -14,8 +14,6 @@
> %%DSO%%%%BROTLI%%libexec/nginx/ngx_http_brotli_filter_module.so
> %%DSO%%%%BROTLI%%libexec/nginx/ngx_http_brotli_static_module.so
> %%DSO%%%%CACHE_PURGE%%libexec/nginx/ngx_http_cache_purge_module.so
> -%%DSO%%%%CT%%libexec/nginx/ngx_http_ssl_ct_module.so
> -%%DSO%%%%CT%%libexec/nginx/ngx_ssl_ct_module.so
> %%DSO%%%%DEVEL_KIT%%libexec/nginx/ndk_http_module.so
> %%DSO%%%%DRIZZLE%%libexec/nginx/ngx_http_drizzle_module.so
> %%DSO%%%%DYNAMIC_UPSTREAM%%libexec/nginx/ngx_http_dynamic_upstream_module.so
> @@ -61,7 +59,6 @@
> %%DSO%%%%LINK%%libexec/nginx/ngx_http_link_func_module.so
> %%DSO%%%%LUA%%libexec/nginx/ngx_http_lua_module.so
> %%DSO%%%%LUASTREAM%%libexec/nginx/ngx_stream_lua_module.so
> -%%DSO%%%%MAIL%%%%CT%%libexec/nginx/ngx_mail_ssl_ct_module.so
> %%DSO%%%%MAIL%%libexec/nginx/ngx_mail_module.so
> %%DSO%%%%MEMC%%libexec/nginx/ngx_http_memc_module.so
> %%DSO%%%%MODSECURITY3%%libexec/nginx/ngx_http_modsecurity_module.so
> @@ -77,7 +74,6 @@
> %%DSO%%%%SHIBBOLETH%%libexec/nginx/ngx_http_shibboleth_module.so
> %%DSO%%%%SLOWFS_CACHE%%libexec/nginx/ngx_http_slowfs_module.so
> %%DSO%%%%SRCACHE%%libexec/nginx/ngx_http_srcache_filter_module.so
> -%%DSO%%%%STREAM%%%%CT%%libexec/nginx/ngx_stream_ssl_ct_module.so
> %%DSO%%%%STREAM%%%%HTTP_GEOIP2%%libexec/nginx/ngx_stream_geoip2_module.so
> %%DSO%%%%STREAM%%%%NJS%%libexec/nginx/ngx_stream_js_module.so
> %%DSO%%%%STREAM%%libexec/nginx/ngx_stream_module.so