On Thu, Oct 20, 2022 at 08:47:13AM +0200, Robert Nagy wrote:
> On 19/10/22 18:23 +0100, Stuart Henderson wrote:
> > On 2022/10/19 16:30, Sergey A. Osokin wrote:
> > > Hi,
> > >
> > > could you please review the following changes for the security
> > > update www/nginx to the recent stable version, 1.22.1.
> >
> > adding maintainer to CC, it's usually helpful ..
>
> that release and cve only affects the ngx_http_mp4_module which
> we do not enable
Not a problem, here's another patch to add njs module I posted earlier
and to update other third-party modules.
Thanks you.
--
Sergey A. Osokin
Index: Makefile
===
RCS file: /cvs/ports/www/nginx/Makefile,v
retrieving revision 1.164
diff -u -p -r1.164 Makefile
--- Makefile 29 Aug 2022 19:15:18 - 1.164
+++ Makefile 20 Oct 2022 16:40:26 -
@@ -7,6 +7,7 @@ COMMENT-xslt= nginx XSLT filter module
COMMENT-mailproxy= nginx mail proxy module
COMMENT-stream= nginx TCP/UDP proxy module
COMMENT-naxsi= nginx web application firewall module
+COMMENT-njs= nginx JavaScript module
COMMENT-ldap_auth= nginx LDAP authentication module
COMMENT-lua= nginx lua scripting module
COMMENT-headers_more= nginx module for setting/adding/clearing headers
@@ -15,26 +16,28 @@ COMMENT-passenger= nginx passenger (ruby
COMMENT-rtmp= nginx module for RTMP streaming
COMMENT-securelink= nginx HMAC secure link module
-VERSION= 1.22.0
+VERSION= 1.22.1
DISTNAME= nginx-${VERSION}
CATEGORIES= www
-VERSION-rtmp= 1.2.1
+PORTREVISION= 0
+
+VERSION-rtmp= 1.2.2
PKGNAME-main= ${DISTNAME}
-PKGNAME-image_filter= nginx-image_filter-${VERSION}
PKGNAME-geoip2= nginx-geoip2-${VERSION}
-PKGNAME-xslt= nginx-xslt-${VERSION}
+PKGNAME-headers_more= nginx-headers-more-${VERSION}
+PKGNAME-image_filter= nginx-image_filter-${VERSION}
PKGNAME-mailproxy= nginx-mailproxy-${VERSION}
-PKGNAME-stream= nginx-stream-${VERSION}
-PKGNAME-naxsi= nginx-naxsi-${VERSION}
PKGNAME-ldap_auth= nginx-ldap_auth-${VERSION}
PKGNAME-lua= nginx-lua-${VERSION}
-PKGNAME-headers_more= nginx-headers-more-${VERSION}
-PKGNAME-perl= nginx-perl-${VERSION}
+PKGNAME-naxsi= nginx-naxsi-${VERSION}
PKGNAME-passenger= nginx-passenger-${VERSION}
+PKGNAME-perl= nginx-perl-${VERSION}
PKGNAME-rtmp= nginx-rtmp-${VERSION}
PKGNAME-securelink= nginx-securelink-${VERSION}
+PKGNAME-stream= nginx-stream-${VERSION}
+PKGNAME-xslt= nginx-xslt-${VERSION}
REVISION-main= 0
@@ -48,14 +51,15 @@ MASTER_SITES1= https://raw.githubusercon
DISTFILES= ${DISTNAME}${EXTRACT_SUFX}
_GH_MODS= \
- openresty headers-more-nginx-module v0.33 \
- openresty lua-nginx-module v0.10.11 \
- nbs-system naxsi1.3 \
- kvspb nginx-auth-ldap 83c059b73566c2ee9cbda920d91b66657cf120b7 \
arut nginx-rtmp-module v${VERSION-rtmp} \
- simpl ngx_devel_kit v0.3.0 \
+ kvspb nginx-auth-ldap 83c059b73566c2ee9cbda920d91b66657cf120b7 \
leev ngx_http_geoip2_module 3.3 \
- nginx-modules ngx_http_hmac_secure_link_module 48c4625fbbf51ed5a95bfec23fa444f6c3702e50
+ nbs-system naxsi1.3 \
+ nginx njs0.7.7 \
+ nginx-modules ngx_http_hmac_secure_link_module 8c5449202cd5afd8970f316bd6828d28281dc9bc \
+ openresty headers-more-nginx-module v0.33 \
+ openresty lua-nginx-module v0.10.11 \
+ vision5 ngx_devel_kit v0.3.1
.for _a _p _c in ${_GH_MODS}
DISTFILES+= ${_p}-{${_a}/${_p}/archive/}${_c}.tar.gz:0
@@ -70,9 +74,9 @@ PERMIT_PACKAGE= Yes
MULTI_PACKAGES = -main -naxsi -perl ${MODULE_PACKAGES}
-MODULE_PACKAGES = -image_filter -geoip2 -xslt -mailproxy -stream \
- -passenger -headers_more -ldap_auth -lua -rtmp \
- -securelink
+MODULE_PACKAGES = -headers_more -geoip2 -image_filter \
+ -ldap_auth -lua -mailproxy -passenger \
+ -rtmp -securelink -stream -xslt
FLAVOR ?=
PSEUDO_FLAVORS = no_lua no_passenger
@@ -82,29 +86,30 @@ COMPILER = base-clang ports-gcc base-gc
.include
WANTLIB-main= c z pcre ssl crypto
-WANTLIB-mailproxy=
-WANTLIB-stream=
-WANTLIB-image_filter= gd
+WANTLIB-headers_more=
WANTLIB-geoip2= maxminddb
-WANTLIB-rtmp=
-WANTLIB-xslt= exslt xml2 xslt
-WANTLIB-naxsi=
+WANTLIB-image_filter= gd
WANTLIB-ldap_auth= ldap
+WANTLIB-mailproxy=
+WANTLIB-naxsi=
+WANTLIB-njs=
WANTLIB-lua= ${MODLUA_WANTLIB} m
-WANTLIB-headers_more=
WANTLIB-perl= c m perl
WANTLIB-passenger= m pthread ${COMPILER_LIBCXX}
+WANTLIB-rtmp=
WANTLIB-securelink= crypto
+WANTLIB-stream=
+WANTLIB-xslt= exslt xml2 xslt
LIB_DEPENDS-main= devel/pcre
-LIB_DEPENDS-xslt= textproc/libxml \
- textproc/libxslt
-LIB_DEPENDS-image_filter=graphics/gd
LIB_DEPENDS-geoip2= net/libmaxminddb
+LIB_DEPENDS-image_filter=graphics/gd
LIB_DEPENDS-ldap_auth= databases/openldap
LIB_DEPENDS-lua= ${MODLUA_LIB_DEPENDS}
LIB_DEPENDS-rtmp=
LIB_DEPENDS-securelink=
+LIB_DEPENDS-xslt= textproc/libxml \
+ textproc/libxslt
MODLUA_RUNDEP= No
RUN_DEPENDS= www/nginx,-main=${VERSION}
@@ -196,7 +201,7 @@ NO_TEST= Yes
ALL_TARGET=
pre-patch:
-.for i in headers-more-nginx-module lua-nginx-module