git: dddd3616414a - main - www/angie: Update 1.8.1 => 1.9.1 (fixes CVE-2025-23419)

From: Vladimir Druzenko <vvd_at_FreeBSD.org>
Date: Thu, 19 Jun 2025 14:48:12 UTC
The branch main has been updated by vvd:

URL: https://cgit.FreeBSD.org/ports/commit/?id=dddd3616414ad476275e7e8a2893c70e68912f82

commit dddd3616414ad476275e7e8a2893c70e68912f82
Author:     Vladimir Druzenko <vvd@FreeBSD.org>
AuthorDate: 2025-06-19 14:11:42 +0000
Commit:     Vladimir Druzenko <vvd@FreeBSD.org>
CommitDate: 2025-06-19 14:39:35 +0000

    www/angie: Update 1.8.1 => 1.9.1 (fixes CVE-2025-23419)
    
    Changelogs:
    https://github.com/webserver-llc/angie/releases/tag/Angie-1.8.2
    https://github.com/webserver-llc/angie/releases/tag/Angie-1.8.3
    https://github.com/webserver-llc/angie/releases/tag/Angie-1.9.0
    https://github.com/webserver-llc/angie/releases/tag/Angie-1.9.1
    
    Improve port:
    - Create/delete logs directory using hooks (author oleg@mamontov.net)
    - Fix indentations: replace spaces with tabs, remove unnecessary tabs
    - Fix warnings from portclippy - sort options
    - Reduce the number of if statements to determine master/slave
    
    PR:             287316 275300
    Approved by:    oleg@mamontov.net (maintainer, timeout 2 weeks)
    Security:       CVE-2025-23419
    MFH:            2025Q2
---
 www/angie/Makefile  | 227 ++++++++++++++++++++++++++--------------------------
 www/angie/distinfo  |   6 +-
 www/angie/pkg-plist |   8 +-
 3 files changed, 122 insertions(+), 119 deletions(-)

diff --git a/www/angie/Makefile b/www/angie/Makefile
index 97361cc17f29..85409be0f36d 100644
--- a/www/angie/Makefile
+++ b/www/angie/Makefile
@@ -1,118 +1,115 @@
-PORTNAME?=		angie
-DISTVERSION=		1.8.1
-CATEGORIES+=		www
-MASTER_SITES+=		https://download.angie.software/files/:angie
-DISTNAME=		angie-${DISTVERSIONFULL}
-DISTFILES+=		${DISTNAME}${EXTRACT_SUFX}:angie
-
-MAINTAINER?=		oleg@mamontov.net
-COMMENT?=		Efficient, powerful and scalable reverse proxy and web server
-WWW?=			https://angie.software/en/
-
-LICENSE?=		BSD2CLAUSE
-.if ${PORTNAME} == angie
-LICENSE_FILE=		${WRKSRC}/LICENSE
-.else
-LICENSE_FILE?=		${WRKSRC_module}/LICENSE
-.endif
-
-.if ${PORTNAME} == angie
-LIB_DEPENDS=		libpcre2-8.so:devel/pcre2
-.else
-BUILD_DEPENDS+=		pcre2>=0:devel/pcre2
-RUN_DEPENDS+=		angie==${PKGVERSION}:www/angie
-.endif
+PORTNAME?=	angie
+DISTVERSION=	1.9.1
+CATEGORIES+=	www
+MASTER_SITES+=	https://download.angie.software/files/:angie
+DISTNAME=	angie-${DISTVERSIONFULL}
+DISTFILES+=	${DISTNAME}${EXTRACT_SUFX}:angie
 
-USES+=			localbase:ldflags ssl
-USE_GITHUB=		nodefault
+MAINTAINER?=	oleg@mamontov.net
+COMMENT?=	Efficient, powerful and scalable reverse proxy and web server
+WWW?=		https://angie.software/en/
 
-HAS_CONFIGURE?=		yes
+LICENSE?=	BSD2CLAUSE
 
 .if ${PORTNAME} == angie
-ALL_TARGET=		build
-SUB_FILES=		angie.conf.sample \
-			default.conf.sample \
-			example.conf.sample \
-			pkg-message
-USE_RC_SUBR=		angie
+LICENSE_FILE=	${WRKSRC}/LICENSE
+LIB_DEPENDS=	libpcre2-8.so:devel/pcre2
+USE_RC_SUBR=	angie
+ALL_TARGET=	build
+SUB_FILES=	angie.conf.sample \
+		default.conf.sample \
+		example.conf.sample \
+		pkg-message
 .else
-ALL_TARGET?=		modules
-CONFIGURE_ADD?=		--add-dynamic-module=${WRKSRC_module}
+LICENSE_FILE?=	${WRKSRC_module}/LICENSE
+BUILD_DEPENDS+=	pcre2>=0:devel/pcre2
+RUN_DEPENDS+=	angie==${PKGVERSION}:www/angie
+ALL_TARGET?=	modules
+CONFIGURE_ADD?=	--add-dynamic-module=${WRKSRC_module}
 .endif
 
-# modules always have their own assets
-PATCHDIR?=		${.CURDIR}/files
-FILESDIR?=		${.CURDIR}/files
-SCRIPTDIR?=		${.CURDIR}/scripts
-PKGDIR?=		${.CURDIR}
+USES+=		localbase:ldflags ssl
+USE_GITHUB=	nodefault
+
+HAS_CONFIGURE?=	yes
+CONFIGURE_ARGS=	--prefix=${PREFIX}/etc/angie \
+		--conf-path=${PREFIX}/etc/angie/angie.conf \
+		--error-log-path=${LOGDIR}/error.log \
+		--http-log-path=${LOGDIR}/access.log \
+		--lock-path=${RUNDIR}/angie.lock \
+		--modules-path=${MODDIR} \
+		--pid-path=${RUNDIR}/angie.pid \
+		--sbin-path=${PREFIX}/sbin/angie \
+		--http-client-body-temp-path=${CACHEDIR}/client_temp \
+		--http-fastcgi-temp-path=${CACHEDIR}/fastcgi_temp \
+		--http-proxy-temp-path=${CACHEDIR}/proxy_temp \
+		--http-scgi-temp-path=${CACHEDIR}/scgi_temp \
+		--http-uwsgi-temp-path=${CACHEDIR}/uwsgi_temp \
+		--user=${WWWOWN} \
+		--group=${WWWGRP} \
+		--with-file-aio \
+		--with-http_addition_module \
+		--with-http_auth_request_module \
+		--with-http_dav_module \
+		--with-http_flv_module \
+		--with-http_gunzip_module \
+		--with-http_gzip_static_module \
+		--with-http_mp4_module \
+		--with-http_random_index_module \
+		--with-http_realip_module \
+		--with-http_secure_link_module \
+		--with-http_slice_module \
+		--with-http_ssl_module \
+		--with-http_stub_status_module \
+		--with-http_sub_module \
+		--with-http_v2_module \
+		--with-http_v3_module \
+		--with-mail \
+		--with-mail_ssl_module \
+		--with-stream \
+		--with-stream_realip_module \
+		--with-stream_ssl_module \
+		--with-stream_ssl_preread_module \
+		--with-threads \
+		--with-cc-opt="${CFLAGS}" \
+		--with-ld-opt="${LDFLAGS}" \
+		${CONFIGURE_ADD}
 
 # angie-specific variables
-CACHEDIR=		/var/cache/angie
-LOGDIR=			/var/log/angie
-MODDIR=			${PREFIX}/libexec/angie
-RUNDIR=			/var/run
-WRKSRC_DEBUG=		${WRKSRC}-debug
-
-PLIST_SUB+=		CACHEDIR=${CACHEDIR} \
-			LOGDIR=${LOGDIR} \
-			MODDIR=${MODDIR} \
-			RUNDIR=${RUNDIR}
-
-SUB_LIST+=		CACHEDIR=${CACHEDIR} \
-			LOGDIR=${LOGDIR} \
-			MODDIR=${MODDIR} \
-			RUNDIR=${RUNDIR} \
-			WWWOWN=${WWWOWN}
-
-SUB_FILES?=		pkg-message
-
-OPTIONS_SUB=		yes
-
-CONFIGURE_ARGS=		--prefix=${PREFIX}/etc/angie \
-			--conf-path=${PREFIX}/etc/angie/angie.conf \
-			--error-log-path=${LOGDIR}/error.log \
-			--http-log-path=${LOGDIR}/access.log \
-			--lock-path=${RUNDIR}/angie.lock \
-			--modules-path=${MODDIR} \
-			--pid-path=${RUNDIR}/angie.pid \
-			--sbin-path=${PREFIX}/sbin/angie \
-			--http-client-body-temp-path=${CACHEDIR}/client_temp \
-			--http-fastcgi-temp-path=${CACHEDIR}/fastcgi_temp \
-			--http-proxy-temp-path=${CACHEDIR}/proxy_temp \
-			--http-scgi-temp-path=${CACHEDIR}/scgi_temp \
-			--http-uwsgi-temp-path=${CACHEDIR}/uwsgi_temp \
-			--user=${WWWOWN} \
-			--group=${WWWGRP} \
-			--with-file-aio \
-			--with-http_addition_module \
-			--with-http_auth_request_module \
-			--with-http_dav_module \
-			--with-http_flv_module \
-			--with-http_gunzip_module \
-			--with-http_gzip_static_module \
-			--with-http_mp4_module \
-			--with-http_random_index_module \
-			--with-http_realip_module \
-			--with-http_secure_link_module \
-			--with-http_slice_module \
-			--with-http_ssl_module \
-			--with-http_stub_status_module \
-			--with-http_sub_module \
-			--with-http_v2_module \
-			--with-http_v3_module \
-			--with-mail \
-			--with-mail_ssl_module \
-			--with-stream \
-			--with-stream_realip_module \
-			--with-stream_ssl_module \
-			--with-stream_ssl_preread_module \
-			--with-threads \
-			--with-cc-opt="${CFLAGS}" \
-			--with-ld-opt="${LDFLAGS}" \
-			${CONFIGURE_ADD}
+CACHEDIR=	/var/cache/angie
+DBDIR=		/var/db/angie
+ETCDIR=		${PREFIX}/etc/angie
+LOGDIR=		/var/log/angie
+MODDIR=		${PREFIX}/libexec/angie
+RUNDIR=		/var/run
+WRKSRC_DEBUG=	${WRKSRC}-debug
+# modules always have their own assets
+FILESDIR?=	${.CURDIR}/files
+PATCHDIR?=	${.CURDIR}/files
+PKGDIR?=	${.CURDIR}
+SCRIPTDIR?=	${.CURDIR}/scripts
+
+SUB_FILES?=	pkg-message
+SUB_LIST+=	CACHEDIR=${CACHEDIR} \
+		DBDIR=${DBDIR} \
+		ETCDIR=${ETCDIR} \
+		LOGDIR=${LOGDIR} \
+		MODDIR=${MODDIR} \
+		RUNDIR=${RUNDIR} \
+		WWWGRP=${WWWGRP} \
+		WWWOWN=${WWWOWN}
+
+PLIST_SUB+=	CACHEDIR=${CACHEDIR} \
+		DBDIR=${DBDIR} \
+		LOGDIR=${LOGDIR} \
+		MODDIR=${MODDIR} \
+		RUNDIR=${RUNDIR} \
+		WWWGRP=${WWWGRP} \
+		WWWOWN=${WWWOWN}
 
 OPTIONS_DEFINE?=	DEBUG
 OPTIONS_DEFAULT?=	DEBUG
+OPTIONS_SUB=		yes
 DEBUG_DESC?=		Include debug version
 
 .include <bsd.port.options.mk>
@@ -124,17 +121,17 @@ post-configure-DEBUG-on:
 	@(cd ${WRKSRC_DEBUG} && \
 	    ${SET_LATE_CONFIGURE_ARGS} \
 	    if ! ${SETENV} CC="${CC}" CPP="${CPP}" CXX="${CXX}" \
-	        CFLAGS="${CFLAGS} -g" CPPFLAGS="${CPPFLAGS}" CXXFLAGS="${CXXFLAGS}" \
-	        LDFLAGS="${LDFLAGS}" LIBS="${LIBS}" \
-	        INSTALL="/usr/bin/install -c" \
-	        INSTALL_DATA="${INSTALL_DATA}" \
-	        INSTALL_LIB="${INSTALL_LIB}" \
-	        INSTALL_PROGRAM="${INSTALL_PROGRAM}" \
-	        INSTALL_SCRIPT="${INSTALL_SCRIPT}" \
-	        ${CONFIGURE_ENV} ${CONFIGURE_CMD} ${CONFIGURE_ARGS} --with-debug; then \
-	        ${ECHO_MSG} "===>  Script \"${CONFIGURE_SCRIPT}\" failed unexpectedly."; \
-	        (${ECHO_CMD} ${CONFIGURE_FAIL_MESSAGE}) | ${FMT_80} ; \
-	        ${FALSE}; \
+		CFLAGS="${CFLAGS} -g" CPPFLAGS="${CPPFLAGS}" CXXFLAGS="${CXXFLAGS}" \
+		LDFLAGS="${LDFLAGS}" LIBS="${LIBS}" \
+		INSTALL="/usr/bin/install -c" \
+		INSTALL_DATA="${INSTALL_DATA}" \
+		INSTALL_LIB="${INSTALL_LIB}" \
+		INSTALL_PROGRAM="${INSTALL_PROGRAM}" \
+		INSTALL_SCRIPT="${INSTALL_SCRIPT}" \
+		${CONFIGURE_ENV} ${CONFIGURE_CMD} ${CONFIGURE_ARGS} --with-debug; then \
+		${ECHO_MSG} "===>  Script \"${CONFIGURE_SCRIPT}\" failed unexpectedly."; \
+		(${ECHO_CMD} ${CONFIGURE_FAIL_MESSAGE}) | ${FMT_80} ; \
+		${FALSE}; \
 	    fi \
 	)
 
@@ -144,10 +141,10 @@ post-build-DEBUG-on:
 .if ${PORTNAME} == angie
 do-install:
 	${MKDIR} ${STAGEDIR}${CACHEDIR}
+	${MKDIR} ${STAGEDIR}${DBDIR}
 	${MKDIR} ${STAGEDIR}${DOCSDIR}
 	${MKDIR} ${STAGEDIR}${ETCDIR}/http.d
 	${MKDIR} ${STAGEDIR}${ETCDIR}/stream.d
-	${MKDIR} ${STAGEDIR}${LOGDIR}
 	${MKDIR} ${STAGEDIR}${MODDIR}
 	${MKDIR} ${STAGEDIR}${WWWDIR}/html
 
diff --git a/www/angie/distinfo b/www/angie/distinfo
index 69f05d2e6e3b..44465aaf3daa 100644
--- a/www/angie/distinfo
+++ b/www/angie/distinfo
@@ -1,6 +1,6 @@
-TIMESTAMP = 1737668800
-SHA256 (angie-1.8.1.tar.gz) = db30b69045cf9a40f144911814414d9e1b4d4370f6693d008f4017dcb4370b4c
-SIZE (angie-1.8.1.tar.gz) = 1672621
+TIMESTAMP = 1749050000
+SHA256 (angie-1.9.1.tar.gz) = af11cc06dfebe7c17832375b348a8d786af052cefce5ffafaaa898484e18ce36
+SIZE (angie-1.9.1.tar.gz) = 1723240
 SHA256 (kjdev-nginx-auth-jwt-0.9.0_GH0.tar.gz) = d7c72634261a053afaacc2cb762eccf9ce4c462ca738ad0c4809eb964ddf3c0c
 SIZE (kjdev-nginx-auth-jwt-0.9.0_GH0.tar.gz) = 75474
 SHA256 (stnoonan-spnego-http-auth-nginx-module-v1.1.2_GH0.tar.gz) = 72b4dfe3e3cee4feaa698c5710ec1590f85bfbe4cd50e8e8d1700c210c82150a
diff --git a/www/angie/pkg-plist b/www/angie/pkg-plist
index 4f1d8cbb5921..d942c89a5322 100644
--- a/www/angie/pkg-plist
+++ b/www/angie/pkg-plist
@@ -1,7 +1,13 @@
+@preexec test -e %%LOGDIR%% || install -d -m 755 -o root -g wheel %%LOGDIR%%
+@preexec test -e %%DBDIR%%/state || install -d -m 755 -o %%WWWOWN%% -g %%WWWGRP%% %%DBDIR%%/state
+
+@postunexec test -d %%DBDIR%%/state && rmdir %%DBDIR%%/state 2>/dev/null || :
+@postunexec test -d %%LOGDIR%% && rmdir %%LOGDIR%% 2>/dev/null || :
+
 @dir %%ETCDIR%%/http.d
 @dir %%ETCDIR%%/stream.d
 @dir %%CACHEDIR%%
-@dir %%LOGDIR%%
+@dir %%DBDIR%%
 @dir %%MODDIR%%
 
 %%ETCDIR%%/modules