* [Buildroot] [PATCH 0/5] nginx updates
@ 2021-06-28 16:16 Adam Duskett
2021-06-28 16:16 ` [Buildroot] [PATCH 1/5] package/nginx: bump version to 1.20.1 Adam Duskett
` (6 more replies)
0 siblings, 7 replies; 12+ messages in thread
From: Adam Duskett @ 2021-06-28 16:16 UTC (permalink / raw)
To: buildroot
Just some nginx maintnence.
Changes include:
- Update nginx to the latest LTS release.
- Update nginx naxsi, dav-ext, and modsecurity.
The nginx-upload package also has updates, however, the current nginx-upload url
points to a fork of nginx-upload-module. The official project URL is fdintino
not vkholodkov. Should this be changed to fdintino and the version changed to
4423994c7d8fb491d95867f6af968585d949e7a9?
Adam
Adam Duskett (5):
package/nginx: bump version to 1.20.1
package/nginx: add stream_set_module support
package/nginx-naxsi: bump version to 1.3
package/nginx-dav-ext: bump version to 3.0.0
package/nginx-modsecurity: bump to version 1.0.2
package/nginx-dav-ext/nginx-dav-ext.hash | 4 +-
package/nginx-dav-ext/nginx-dav-ext.mk | 2 +-
.../nginx-modsecurity/nginx-modsecurity.hash | 6 +--
.../nginx-modsecurity/nginx-modsecurity.mk | 2 +-
package/nginx-naxsi/nginx-naxsi.hash | 4 +-
package/nginx-naxsi/nginx-naxsi.mk | 6 +--
...ture_run_force_result-for-each-featu.patch | 40 ++++++++-----------
...ake-sys_nerr-guessing-cross-friendly.patch | 27 ++++++-------
...to-os-linux-fix-build-with-libxcrypt.patch | 2 +-
...ff-by-one-write-in-ngx_resolver_copy.patch | 40 -------------------
package/nginx/Config.in | 6 +++
package/nginx/nginx.hash | 4 +-
package/nginx/nginx.mk | 6 ++-
13 files changed, 55 insertions(+), 94 deletions(-)
delete mode 100644 package/nginx/0010-Resolver-fixed-off-by-one-write-in-ngx_resolver_copy.patch
--
2.31.1
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Buildroot] [PATCH 1/5] package/nginx: bump version to 1.20.1
2021-06-28 16:16 [Buildroot] [PATCH 0/5] nginx updates Adam Duskett
@ 2021-06-28 16:16 ` Adam Duskett
2021-06-28 17:16 ` Baruch Siach
2021-06-28 16:16 ` [Buildroot] [PATCH 2/5] package/nginx: add stream_set_module support Adam Duskett
` (5 subsequent siblings)
6 siblings, 1 reply; 12+ messages in thread
From: Adam Duskett @ 2021-06-28 16:16 UTC (permalink / raw)
To: buildroot
Tested with ./utils/test-pkg -p nginx -a on Fedora 34
45 builds, 6 skipped, 0 build failed, 0 legal-info failed
Other changes:
- Rebase needed patches.
- Update license hash due to year change.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
---
...ture_run_force_result-for-each-featu.patch | 40 ++++++++-----------
...ake-sys_nerr-guessing-cross-friendly.patch | 27 ++++++-------
...to-os-linux-fix-build-with-libxcrypt.patch | 2 +-
...ff-by-one-write-in-ngx_resolver_copy.patch | 40 -------------------
package/nginx/nginx.hash | 4 +-
package/nginx/nginx.mk | 2 +-
6 files changed, 33 insertions(+), 82 deletions(-)
delete mode 100644 package/nginx/0010-Resolver-fixed-off-by-one-write-in-ngx_resolver_copy.patch
diff --git a/package/nginx/0003-auto-set-ngx_feature_run_force_result-for-each-featu.patch b/package/nginx/0003-auto-set-ngx_feature_run_force_result-for-each-featu.patch
index f186becdf8..ee7f3e9290 100644
--- a/package/nginx/0003-auto-set-ngx_feature_run_force_result-for-each-featu.patch
+++ b/package/nginx/0003-auto-set-ngx_feature_run_force_result-for-each-featu.patch
@@ -15,14 +15,16 @@ Signed-off-by: Samuel Martin <s.martin49@gmail.com>
Refresh for 1.8.0.
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
+[rebased against v1.20.1]
+Signed-off-by: Adam Duskett <Aduskett@gmail.com>
---
auto/cc/conf | 3 +++
auto/cc/name | 1 +
auto/lib/libatomic/conf | 1 +
auto/os/darwin | 3 +++
auto/os/linux | 4 ++++
- auto/unix | 8 ++++++++
- 6 files changed, 20 insertions(+)
+ auto/unix | 7 +++++++
+ 6 files changed, 19 insertions(+)
diff --git a/auto/cc/conf b/auto/cc/conf
index afbca62b..ad42c800 100644
@@ -116,7 +118,7 @@ index 2c8a9bb8..eb4513ee 100644
ngx_feature_incs="#include <sys/epoll.h>"
ngx_feature_path=
ngx_feature_libs=
-@@ -111,6 +112,7 @@ CC_AUX_FLAGS="$cc_aux_flags -D_GNU_SOURCE"
+@@ -136,6 +137,7 @@ CC_AUX_FLAGS="$cc_aux_flags -D_GNU_SOURCE"
ngx_feature="sendfile()"
ngx_feature_name="NGX_HAVE_SENDFILE"
ngx_feature_run=yes
@@ -124,7 +126,7 @@ index 2c8a9bb8..eb4513ee 100644
ngx_feature_incs="#include <sys/sendfile.h>
#include <errno.h>"
ngx_feature_path=
-@@ -132,6 +134,7 @@ CC_AUX_FLAGS="$cc_aux_flags -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64"
+@@ -157,6 +159,7 @@ CC_AUX_FLAGS="$cc_aux_flags -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64"
ngx_feature="sendfile64()"
ngx_feature_name="NGX_HAVE_SENDFILE64"
ngx_feature_run=yes
@@ -132,7 +134,7 @@ index 2c8a9bb8..eb4513ee 100644
ngx_feature_incs="#include <sys/sendfile.h>
#include <errno.h>"
ngx_feature_path=
-@@ -150,6 +153,7 @@ ngx_include="sys/prctl.h"; . auto/include
+@@ -175,6 +178,7 @@ ngx_include="sys/prctl.h"; . auto/include
ngx_feature="prctl(PR_SET_DUMPABLE)"
ngx_feature_name="NGX_HAVE_PR_SET_DUMPABLE"
ngx_feature_run=yes
@@ -152,31 +154,23 @@ index 43d3b25a..3da00537 100644
ngx_feature_incs="#include <sys/event.h>
#include <sys/time.h>"
ngx_feature_path=
-@@ -730,6 +731,7 @@ ngx_feature_test="char buf[1]; struct iovec vec[1]; ssize_t n;
- ngx_feature="sys_nerr"
- ngx_feature_name="NGX_SYS_NERR"
- ngx_feature_run=value
-+ngx_feature_run_force_result="$ngx_force_sys_nerr"
- ngx_feature_incs='#include <errno.h>
- #include <stdio.h>'
- ngx_feature_path=
-@@ -744,6 +746,7 @@ if [ $ngx_found = no ]; then
- ngx_feature="_sys_nerr"
+@@ -722,6 +723,7 @@ if [ $ngx_found = no ]; then
+ ngx_feature="sys_nerr"
ngx_feature_name="NGX_SYS_NERR"
ngx_feature_run=value
+ ngx_feature_run_force_result="$ngx_force_sys_nerr"
ngx_feature_incs='#include <errno.h>
#include <stdio.h>'
ngx_feature_path=
-@@ -759,6 +762,7 @@ if [ $ngx_found = no ]; then
- ngx_feature='maximum errno'
- ngx_feature_name=NGX_SYS_NERR
+@@ -737,6 +739,7 @@ if [ $ngx_found = no ]; then
+ ngx_feature="_sys_nerr"
+ ngx_feature_name="NGX_SYS_NERR"
ngx_feature_run=value
+ ngx_feature_run_force_result="$ngx_force_sys_nerr"
ngx_feature_incs='#include <errno.h>
- #include <string.h>
#include <stdio.h>'
-@@ -841,6 +845,7 @@ ngx_feature_test="void *p; p = memalign(4096, 4096);
+ ngx_feature_path=
+@@ -806,6 +809,7 @@ ngx_feature_test="void *p; p = memalign(4096, 4096);
ngx_feature="mmap(MAP_ANON|MAP_SHARED)"
ngx_feature_name="NGX_HAVE_MAP_ANON"
ngx_feature_run=yes
@@ -184,7 +178,7 @@ index 43d3b25a..3da00537 100644
ngx_feature_incs="#include <sys/mman.h>"
ngx_feature_path=
ngx_feature_libs=
-@@ -854,6 +859,7 @@ ngx_feature_test="void *p;
+@@ -819,6 +823,7 @@ ngx_feature_test="void *p;
ngx_feature='mmap("/dev/zero", MAP_SHARED)'
ngx_feature_name="NGX_HAVE_MAP_DEVZERO"
ngx_feature_run=yes
@@ -192,7 +186,7 @@ index 43d3b25a..3da00537 100644
ngx_feature_incs="#include <sys/mman.h>
#include <sys/stat.h>
#include <fcntl.h>"
-@@ -869,6 +875,7 @@ ngx_feature_test='void *p; int fd;
+@@ -834,6 +839,7 @@ ngx_feature_test='void *p; int fd;
ngx_feature="System V shared memory"
ngx_feature_name="NGX_HAVE_SYSVSHM"
ngx_feature_run=yes
@@ -200,7 +194,7 @@ index 43d3b25a..3da00537 100644
ngx_feature_incs="#include <sys/ipc.h>
#include <sys/shm.h>"
ngx_feature_path=
-@@ -883,6 +890,7 @@ ngx_feature_test="int id;
+@@ -848,6 +854,7 @@ ngx_feature_test="int id;
ngx_feature="POSIX semaphores"
ngx_feature_name="NGX_HAVE_POSIX_SEM"
ngx_feature_run=yes
diff --git a/package/nginx/0005-auto-unix-make-sys_nerr-guessing-cross-friendly.patch b/package/nginx/0005-auto-unix-make-sys_nerr-guessing-cross-friendly.patch
index 747a034aee..79fa4970cb 100644
--- a/package/nginx/0005-auto-unix-make-sys_nerr-guessing-cross-friendly.patch
+++ b/package/nginx/0005-auto-unix-make-sys_nerr-guessing-cross-friendly.patch
@@ -15,10 +15,12 @@ Signed-off-by: Samuel Martin <s.martin49@gmail.com>
Refresh for 1.8.0.
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
+[rebased against v1.20.1]
+Signed-off-by: Adam Duskett <Aduskett@gmail.com>
---
- auto/os/sys_nerr | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- auto/unix | 10 ++++++++
- 2 files changed, 88 insertions(+)
+ auto/os/sys_nerr | 78 ++++++++++++++++++++++++++++++++++++++++++++++++
+ auto/unix | 8 +++++
+ 2 files changed, 86 insertions(+)
create mode 100644 auto/os/sys_nerr
diff --git a/auto/os/sys_nerr b/auto/os/sys_nerr
@@ -109,18 +111,13 @@ diff --git a/auto/unix b/auto/unix
index 7dbf9d1..00a7370 100755
--- a/auto/unix
+++ b/auto/unix
-@@ -736,6 +736,10 @@ ngx_feature_incs='#include <errno.h>
- #include <stdio.h>'
- ngx_feature_path=
- ngx_feature_libs=
-+
-+if false ; then
-+# Disabled because only valid for native build.
-+
- ngx_feature_test='printf("%d", sys_nerr);'
- . auto/feature
-
-@@ -784,6 +788,12 @@ if [ $ngx_found = no ]; then
+@@ -744,10 +744,18 @@ if [ $ngx_found = no ]; then
+ #include <stdio.h>'
+ ngx_feature_path=
+ ngx_feature_libs=
++ if false ; then
++ # Disabled because only valid for native build.
+ ngx_feature_test='printf("%d", _sys_nerr);'
. auto/feature
fi
diff --git a/package/nginx/0009-auto-os-linux-fix-build-with-libxcrypt.patch b/package/nginx/0009-auto-os-linux-fix-build-with-libxcrypt.patch
index 7e430ffc37..8b368d946f 100644
--- a/package/nginx/0009-auto-os-linux-fix-build-with-libxcrypt.patch
+++ b/package/nginx/0009-auto-os-linux-fix-build-with-libxcrypt.patch
@@ -23,7 +23,7 @@ diff --git a/auto/os/linux b/auto/os/linux
index 5e280eca..04682812 100644
--- a/auto/os/linux
+++ b/auto/os/linux
-@@ -203,6 +203,9 @@ ngx_feature_test="struct crypt_data cd;
+@@ -232,6 +232,9 @@ ngx_feature_test="struct crypt_data cd;
crypt_r(\"key\", \"salt\", &cd);"
. auto/feature
diff --git a/package/nginx/0010-Resolver-fixed-off-by-one-write-in-ngx_resolver_copy.patch b/package/nginx/0010-Resolver-fixed-off-by-one-write-in-ngx_resolver_copy.patch
deleted file mode 100644
index ba47768fe5..0000000000
--- a/package/nginx/0010-Resolver-fixed-off-by-one-write-in-ngx_resolver_copy.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 9f1dcb0c0473641730b871dee984016ff19d2c53 Mon Sep 17 00:00:00 2001
-From: Maxim Dounin <mdounin@mdounin.ru>
-Date: Tue, 25 May 2021 15:17:36 +0300
-Subject: [PATCH] Resolver: fixed off-by-one write in ngx_resolver_copy().
-
-Reported by Luis Merino, Markus Vervier, Eric Sesterhenn, X41 D-Sec GmbH.
-
-[peter at korsgaard.com: backport from upstream]
-Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
----
- src/core/ngx_resolver.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c
-index 79390701..63b26193 100644
---- a/src/core/ngx_resolver.c
-+++ b/src/core/ngx_resolver.c
-@@ -4008,15 +4008,15 @@ done:
- n = *src++;
-
- } else {
-+ if (dst != name->data) {
-+ *dst++ = '.';
-+ }
-+
- ngx_strlow(dst, src, n);
- dst += n;
- src += n;
-
- n = *src++;
--
-- if (n != 0) {
-- *dst++ = '.';
-- }
- }
-
- if (n == 0) {
---
-2.20.1
-
diff --git a/package/nginx/nginx.hash b/package/nginx/nginx.hash
index 8d17931a26..06d3392a2e 100644
--- a/package/nginx/nginx.hash
+++ b/package/nginx/nginx.hash
@@ -1,4 +1,4 @@
# Locally calculated after checking pgp signature
-sha256 4c373e7ab5bf91d34a4f11a0c9496561061ba5eee6020db272a17a7228d35f99 nginx-1.18.0.tar.gz
+sha256 e462e11533d5c30baa05df7652160ff5979591d291736cfa5edb9fd2edb48c49 nginx-1.20.1.tar.gz
# License files, locally calculated
-sha256 28ad30e2f64bd89ac1287b4606906bb99ed04d9f4e13fb6564a0be9c8a23f509 LICENSE
+sha256 b57270c1f73eb6624b38b2d0a1affcec56b21fab39efbf8c837428f05cef1d73 LICENSE
diff --git a/package/nginx/nginx.mk b/package/nginx/nginx.mk
index e93e802fd3..c68811e276 100644
--- a/package/nginx/nginx.mk
+++ b/package/nginx/nginx.mk
@@ -4,7 +4,7 @@
#
################################################################################
-NGINX_VERSION = 1.18.0
+NGINX_VERSION = 1.20.1
NGINX_SITE = http://nginx.org/download
NGINX_LICENSE = BSD-2-Clause
NGINX_LICENSE_FILES = LICENSE
--
2.31.1
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [Buildroot] [PATCH 2/5] package/nginx: add stream_set_module support
2021-06-28 16:16 [Buildroot] [PATCH 0/5] nginx updates Adam Duskett
2021-06-28 16:16 ` [Buildroot] [PATCH 1/5] package/nginx: bump version to 1.20.1 Adam Duskett
@ 2021-06-28 16:16 ` Adam Duskett
2021-06-28 16:16 ` [Buildroot] [PATCH 3/5] package/nginx-naxsi: bump version to 1.3 Adam Duskett
` (4 subsequent siblings)
6 siblings, 0 replies; 12+ messages in thread
From: Adam Duskett @ 2021-06-28 16:16 UTC (permalink / raw)
To: buildroot
This is a new module in 1.20
Signed-off-by: Adam Duskett <aduskett@gmail.com>
---
package/nginx/Config.in | 6 ++++++
package/nginx/nginx.mk | 4 ++++
2 files changed, 10 insertions(+)
diff --git a/package/nginx/Config.in b/package/nginx/Config.in
index 6ae790a949..1200b2bf4c 100644
--- a/package/nginx/Config.in
+++ b/package/nginx/Config.in
@@ -339,6 +339,12 @@ config BR2_PACKAGE_NGINX_STREAM_REALIP_MODULE
help
Enable ngx_stream_realip_module
+config BR2_PACKAGE_NGINX_STREAM_SET_MODULE
+ bool "ngx_stream_set_module"
+ default y
+ help
+ Enable ngx_stream_set_module
+
config BR2_PACKAGE_NGINX_STREAM_SSL_MODULE
bool "ngx_stream_ssl_module"
select BR2_PACKAGE_OPENSSL
diff --git a/package/nginx/nginx.mk b/package/nginx/nginx.mk
index c68811e276..616ada9000 100644
--- a/package/nginx/nginx.mk
+++ b/package/nginx/nginx.mk
@@ -235,6 +235,10 @@ ifeq ($(BR2_PACKAGE_NGINX_STREAM_REALIP_MODULE),y)
NGINX_CONF_OPTS += --with-stream_realip_module
endif
+ifeq ($(BR2_PACKAGE_NGINX_STREAM_SET_MODULE),)
+NGINX_CONF_OPTS += --without-stream_set_module
+endif
+
ifeq ($(BR2_PACKAGE_NGINX_STREAM_SSL_MODULE),y)
NGINX_DEPENDENCIES += openssl
NGINX_CONF_OPTS += --with-stream_ssl_module
--
2.31.1
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [Buildroot] [PATCH 3/5] package/nginx-naxsi: bump version to 1.3
2021-06-28 16:16 [Buildroot] [PATCH 0/5] nginx updates Adam Duskett
2021-06-28 16:16 ` [Buildroot] [PATCH 1/5] package/nginx: bump version to 1.20.1 Adam Duskett
2021-06-28 16:16 ` [Buildroot] [PATCH 2/5] package/nginx: add stream_set_module support Adam Duskett
@ 2021-06-28 16:16 ` Adam Duskett
2021-06-29 20:17 ` Yann E. MORIN
2021-06-28 16:16 ` [Buildroot] [PATCH 4/5] package/nginx-dav-ext: bump version to 3.0.0 Adam Duskett
` (3 subsequent siblings)
6 siblings, 1 reply; 12+ messages in thread
From: Adam Duskett @ 2021-06-28 16:16 UTC (permalink / raw)
To: buildroot
Other changes:
- Change license to GPL-3.0
- Change license file to LICENSE
- Update license hash in nginx-naxsi.hash
Signed-off-by: Adam Duskett <aduskett@gmail.com>
---
package/nginx-naxsi/nginx-naxsi.hash | 4 ++--
package/nginx-naxsi/nginx-naxsi.mk | 6 +++---
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/package/nginx-naxsi/nginx-naxsi.hash b/package/nginx-naxsi/nginx-naxsi.hash
index 1f289c56cd..bd3fcd1ae9 100644
--- a/package/nginx-naxsi/nginx-naxsi.hash
+++ b/package/nginx-naxsi/nginx-naxsi.hash
@@ -1,3 +1,3 @@
# Locally calculated
-sha256 0a66dcadd32432460fab180be9f2efe24e911e3798917b2787ee710e02901eb4 nginx-naxsi-0.56.tar.gz
-sha256 046812ddc8f250f85b5d6e04218c185849c618b309271ef9d8b01e92c6f7a6ac naxsi_src/naxsi_json.c
+sha256 439c8677372d2597b4360bbcc10bc86490de1fc75695b193ad5df154a214d628 nginx-naxsi-1.3.tar.gz
+sha256 589ed823e9a84c56feb95ac58e7cf384626b9cbf4fda2a907bc36e103de1bad2 LICENSE
diff --git a/package/nginx-naxsi/nginx-naxsi.mk b/package/nginx-naxsi/nginx-naxsi.mk
index 7cfa94a5d4..3de1f684f9 100644
--- a/package/nginx-naxsi/nginx-naxsi.mk
+++ b/package/nginx-naxsi/nginx-naxsi.mk
@@ -4,9 +4,9 @@
#
################################################################################
-NGINX_NAXSI_VERSION = 0.56
+NGINX_NAXSI_VERSION = 1.3
NGINX_NAXSI_SITE = $(call github,nbs-system,naxsi,$(NGINX_NAXSI_VERSION))
-NGINX_NAXSI_LICENSE = GPL-2.0+ with OpenSSL exception
-NGINX_NAXSI_LICENSE_FILES = naxsi_src/naxsi_json.c
+NGINX_NAXSI_LICENSE = GPL-3.0 with OpenSSL exception
+NGINX_NAXSI_LICENSE_FILES = LICENSE
$(eval $(generic-package))
--
2.31.1
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [Buildroot] [PATCH 4/5] package/nginx-dav-ext: bump version to 3.0.0
2021-06-28 16:16 [Buildroot] [PATCH 0/5] nginx updates Adam Duskett
` (2 preceding siblings ...)
2021-06-28 16:16 ` [Buildroot] [PATCH 3/5] package/nginx-naxsi: bump version to 1.3 Adam Duskett
@ 2021-06-28 16:16 ` Adam Duskett
2021-06-28 16:16 ` [Buildroot] [PATCH 5/5] package/nginx-modsecurity: bump to version 1.0.2 Adam Duskett
` (2 subsequent siblings)
6 siblings, 0 replies; 12+ messages in thread
From: Adam Duskett @ 2021-06-28 16:16 UTC (permalink / raw)
To: buildroot
Other changes:
- Update license hash due to year changes
Signed-off-by: Adam Duskett <aduskett@gmail.com>
---
package/nginx-dav-ext/nginx-dav-ext.hash | 4 ++--
package/nginx-dav-ext/nginx-dav-ext.mk | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/package/nginx-dav-ext/nginx-dav-ext.hash b/package/nginx-dav-ext/nginx-dav-ext.hash
index fbed87f0c0..07deab08db 100644
--- a/package/nginx-dav-ext/nginx-dav-ext.hash
+++ b/package/nginx-dav-ext/nginx-dav-ext.hash
@@ -1,3 +1,3 @@
# Locally computed
-sha256 6b004eed8ea16ad8de4d304027bf0413cc323a95914e58625a7dc066481aae3a nginx-dav-ext-0.1.0.tar.gz
-sha256 40581cf424621965adaf1461e97129520ff4fcfb62ed9965ec6fd50b7f4ddfca LICENSE
+sha256 d2499d94d82d4e4eac8425d799e52883131ae86a956524040ff2fd230ef9f859 nginx-dav-ext-3.0.0.tar.gz
+sha256 e377bb81e5024682a66438306e8ff9541d843d3831e480aec2f58eb8d83e48de LICENSE
diff --git a/package/nginx-dav-ext/nginx-dav-ext.mk b/package/nginx-dav-ext/nginx-dav-ext.mk
index 695287ee2c..1b3071851a 100644
--- a/package/nginx-dav-ext/nginx-dav-ext.mk
+++ b/package/nginx-dav-ext/nginx-dav-ext.mk
@@ -4,7 +4,7 @@
#
################################################################################
-NGINX_DAV_EXT_VERSION = 0.1.0
+NGINX_DAV_EXT_VERSION = 3.0.0
NGINX_DAV_EXT_SITE = $(call github,arut,nginx-dav-ext-module,v$(NGINX_DAV_EXT_VERSION))
NGINX_DAV_EXT_LICENSE = BSD-2-Clause
NGINX_DAV_EXT_LICENSE_FILES = LICENSE
--
2.31.1
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [Buildroot] [PATCH 5/5] package/nginx-modsecurity: bump to version 1.0.2
2021-06-28 16:16 [Buildroot] [PATCH 0/5] nginx updates Adam Duskett
` (3 preceding siblings ...)
2021-06-28 16:16 ` [Buildroot] [PATCH 4/5] package/nginx-dav-ext: bump version to 3.0.0 Adam Duskett
@ 2021-06-28 16:16 ` Adam Duskett
2021-06-28 18:02 ` [Buildroot] [PATCH 0/5] nginx updates Robert Hancock
2021-06-29 20:20 ` Yann E. MORIN
6 siblings, 0 replies; 12+ messages in thread
From: Adam Duskett @ 2021-06-28 16:16 UTC (permalink / raw)
To: buildroot
Signed-off-by: Adam Duskett <aduskett@gmail.com>
---
package/nginx-modsecurity/nginx-modsecurity.hash | 6 +++---
package/nginx-modsecurity/nginx-modsecurity.mk | 2 +-
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/package/nginx-modsecurity/nginx-modsecurity.hash b/package/nginx-modsecurity/nginx-modsecurity.hash
index d2dd266ac1..fbaf1ca239 100644
--- a/package/nginx-modsecurity/nginx-modsecurity.hash
+++ b/package/nginx-modsecurity/nginx-modsecurity.hash
@@ -1,4 +1,4 @@
-# From https://github.com/SpiderLabs/ModSecurity-nginx/releases/download/v1.0.1/modsecurity-nginx-v1.0.1.tar.gz.sha256
-sha256 def45a8db5bc9da14765eda75363457209a86c89538ccf5bfbd3aa02fa10833c modsecurity-nginx-v1.0.1.tar.gz
+# From https://github.com/SpiderLabs/ModSecurity-nginx/releases/download/v1.0.2/modsecurity-nginx-v1.0.2.tar.gz.sha256
+sha256 41a6660c50508c60df59f8f09c444d18ef8112a4c118cdc791a3992390b78c32 modsecurity-nginx-v1.0.2.tar.gz
# Localy calculated
-sha256 c71d239df91726fc519c6eb72d318ec65820627232b2f796219e87dcf35d0ab4 LICENSE
+sha256 c71d239df91726fc519c6eb72d318ec65820627232b2f796219e87dcf35d0ab4 LICENSE
diff --git a/package/nginx-modsecurity/nginx-modsecurity.mk b/package/nginx-modsecurity/nginx-modsecurity.mk
index 6d33403d66..90ef8ecd51 100644
--- a/package/nginx-modsecurity/nginx-modsecurity.mk
+++ b/package/nginx-modsecurity/nginx-modsecurity.mk
@@ -4,7 +4,7 @@
#
################################################################################
-NGINX_MODSECURITY_VERSION = 1.0.1
+NGINX_MODSECURITY_VERSION = 1.0.2
NGINX_MODSECURITY_SOURCE = modsecurity-nginx-v$(NGINX_MODSECURITY_VERSION).tar.gz
NGINX_MODSECURITY_SITE = https://github.com/SpiderLabs/ModSecurity-nginx/releases/download/v$(NGINX_MODSECURITY_VERSION)
NGINX_MODSECURITY_LICENSE = Apache-2.0
--
2.31.1
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [Buildroot] [PATCH 1/5] package/nginx: bump version to 1.20.1
2021-06-28 16:16 ` [Buildroot] [PATCH 1/5] package/nginx: bump version to 1.20.1 Adam Duskett
@ 2021-06-28 17:16 ` Baruch Siach
0 siblings, 0 replies; 12+ messages in thread
From: Baruch Siach @ 2021-06-28 17:16 UTC (permalink / raw)
To: buildroot
On Mon, Jun 28 2021, Adam Duskett wrote:
> diff --git a/package/nginx/0010-Resolver-fixed-off-by-one-write-in-ngx_resolver_copy.patch b/package/nginx/0010-Resolver-fixed-off-by-one-write-in-ngx_resolver_copy.patch
> deleted file mode 100644
> index ba47768fe5..0000000000
> --- a/package/nginx/0010-Resolver-fixed-off-by-one-write-in-ngx_resolver_copy.patch
> +++ /dev/null
> @@ -1,40 +0,0 @@
> -From 9f1dcb0c0473641730b871dee984016ff19d2c53 Mon Sep 17 00:00:00 2001
> -From: Maxim Dounin <mdounin@mdounin.ru>
> -Date: Tue, 25 May 2021 15:17:36 +0300
> -Subject: [PATCH] Resolver: fixed off-by-one write in ngx_resolver_copy().
> -
> -Reported by Luis Merino, Markus Vervier, Eric Sesterhenn, X41 D-Sec GmbH.
> -
> -[peter at korsgaard.com: backport from upstream]
> -Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
I think you can also drop NGINX_IGNORE_CVES.
baruch
--
~. .~ Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
- baruch at tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Buildroot] [PATCH 0/5] nginx updates
2021-06-28 16:16 [Buildroot] [PATCH 0/5] nginx updates Adam Duskett
` (4 preceding siblings ...)
2021-06-28 16:16 ` [Buildroot] [PATCH 5/5] package/nginx-modsecurity: bump to version 1.0.2 Adam Duskett
@ 2021-06-28 18:02 ` Robert Hancock
2021-06-30 21:16 ` Yann E. MORIN
2021-06-29 20:20 ` Yann E. MORIN
6 siblings, 1 reply; 12+ messages in thread
From: Robert Hancock @ 2021-06-28 18:02 UTC (permalink / raw)
To: buildroot
On Mon, 2021-06-28 at 09:16 -0700, Adam Duskett wrote:
> Just some nginx maintnence.
>
> Changes include:
> - Update nginx to the latest LTS release.
> - Update nginx naxsi, dav-ext, and modsecurity.
>
> The nginx-upload package also has updates, however, the current nginx-upload
> url
> points to a fork of nginx-upload-module. The official project URL is fdintino
> not vkholodkov. Should this be changed to fdintino and the version changed to
> 4423994c7d8fb491d95867f6af968585d949e7a9?
>
I believe at one point the fdintino repository was quite behind and was missing
a bunch of features like HTTP/2 support that were in the vkholodkov fork. It
looks like the vkholodkov version is only 1 commit ahead of fdintino right now
however, so we might be able to switch to the "official" version.
> Adam
>
> Adam Duskett (5):
> package/nginx: bump version to 1.20.1
> package/nginx: add stream_set_module support
> package/nginx-naxsi: bump version to 1.3
> package/nginx-dav-ext: bump version to 3.0.0
> package/nginx-modsecurity: bump to version 1.0.2
>
> package/nginx-dav-ext/nginx-dav-ext.hash | 4 +-
> package/nginx-dav-ext/nginx-dav-ext.mk | 2 +-
> .../nginx-modsecurity/nginx-modsecurity.hash | 6 +--
> .../nginx-modsecurity/nginx-modsecurity.mk | 2 +-
> package/nginx-naxsi/nginx-naxsi.hash | 4 +-
> package/nginx-naxsi/nginx-naxsi.mk | 6 +--
> ...ture_run_force_result-for-each-featu.patch | 40 ++++++++-----------
> ...ake-sys_nerr-guessing-cross-friendly.patch | 27 ++++++-------
> ...to-os-linux-fix-build-with-libxcrypt.patch | 2 +-
> ...ff-by-one-write-in-ngx_resolver_copy.patch | 40 -------------------
> package/nginx/Config.in | 6 +++
> package/nginx/nginx.hash | 4 +-
> package/nginx/nginx.mk | 6 ++-
> 13 files changed, 55 insertions(+), 94 deletions(-)
> delete mode 100644 package/nginx/0010-Resolver-fixed-off-by-one-write-in-
> ngx_resolver_copy.patch
>
--
Robert Hancock
Senior Hardware Designer, Calian Advanced Technologies
www.calian.com
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Buildroot] [PATCH 3/5] package/nginx-naxsi: bump version to 1.3
2021-06-28 16:16 ` [Buildroot] [PATCH 3/5] package/nginx-naxsi: bump version to 1.3 Adam Duskett
@ 2021-06-29 20:17 ` Yann E. MORIN
0 siblings, 0 replies; 12+ messages in thread
From: Yann E. MORIN @ 2021-06-29 20:17 UTC (permalink / raw)
To: buildroot
Adam, All,
On 2021-06-28 09:16 -0700, Adam Duskett spake thusly:
> Other changes:
> - Change license to GPL-3.0
> - Change license file to LICENSE
> - Update license hash in nginx-naxsi.hash
>
> Signed-off-by: Adam Duskett <aduskett@gmail.com>
> ---
> package/nginx-naxsi/nginx-naxsi.hash | 4 ++--
> package/nginx-naxsi/nginx-naxsi.mk | 6 +++---
> 2 files changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/package/nginx-naxsi/nginx-naxsi.hash b/package/nginx-naxsi/nginx-naxsi.hash
> index 1f289c56cd..bd3fcd1ae9 100644
> --- a/package/nginx-naxsi/nginx-naxsi.hash
> +++ b/package/nginx-naxsi/nginx-naxsi.hash
> @@ -1,3 +1,3 @@
> # Locally calculated
> -sha256 0a66dcadd32432460fab180be9f2efe24e911e3798917b2787ee710e02901eb4 nginx-naxsi-0.56.tar.gz
> -sha256 046812ddc8f250f85b5d6e04218c185849c618b309271ef9d8b01e92c6f7a6ac naxsi_src/naxsi_json.c
> +sha256 439c8677372d2597b4360bbcc10bc86490de1fc75695b193ad5df154a214d628 nginx-naxsi-1.3.tar.gz
> +sha256 589ed823e9a84c56feb95ac58e7cf384626b9cbf4fda2a907bc36e103de1bad2 LICENSE
> diff --git a/package/nginx-naxsi/nginx-naxsi.mk b/package/nginx-naxsi/nginx-naxsi.mk
> index 7cfa94a5d4..3de1f684f9 100644
> --- a/package/nginx-naxsi/nginx-naxsi.mk
> +++ b/package/nginx-naxsi/nginx-naxsi.mk
> @@ -4,9 +4,9 @@
> #
> ################################################################################
>
> -NGINX_NAXSI_VERSION = 0.56
> +NGINX_NAXSI_VERSION = 1.3
> NGINX_NAXSI_SITE = $(call github,nbs-system,naxsi,$(NGINX_NAXSI_VERSION))
> -NGINX_NAXSI_LICENSE = GPL-2.0+ with OpenSSL exception
> -NGINX_NAXSI_LICENSE_FILES = naxsi_src/naxsi_json.c
> +NGINX_NAXSI_LICENSE = GPL-3.0 with OpenSSL exception
Where did you see the OpennSSL exception?
There is also part of bundled code that is BSD-3c, in
naxsi_src/ext/libinjection
> +NGINX_NAXSI_LICENSE_FILES = LICENSE
... and so we'd need naxsi_src/ext/libinjection/COPYING axs well.
Also, from README:
[Naxsi] depends on libpcre for its regexp support
So maybe a dependency on libpcre (or libpcre2?) is missing?
Regards,
Yann E. MORIN.
> $(eval $(generic-package))
> --
> 2.31.1
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Buildroot] [PATCH 0/5] nginx updates
2021-06-28 16:16 [Buildroot] [PATCH 0/5] nginx updates Adam Duskett
` (5 preceding siblings ...)
2021-06-28 18:02 ` [Buildroot] [PATCH 0/5] nginx updates Robert Hancock
@ 2021-06-29 20:20 ` Yann E. MORIN
6 siblings, 0 replies; 12+ messages in thread
From: Yann E. MORIN @ 2021-06-29 20:20 UTC (permalink / raw)
To: buildroot
Adam, All,
On 2021-06-28 09:16 -0700, Adam Duskett spake thusly:
> Just some nginx maintnence.
Yeah, welcome to the world of typoes. You'll see, we live very well
with them! ;-)
> Changes include:
> - Update nginx to the latest LTS release.
> - Update nginx naxsi, dav-ext, and modsecurity.
>
> The nginx-upload package also has updates, however, the current nginx-upload url
> points to a fork of nginx-upload-module. The official project URL is fdintino
> not vkholodkov. Should this be changed to fdintino and the version changed to
> 4423994c7d8fb491d95867f6af968585d949e7a9?
Given the explanations by Roberts, I think it would be a good idea to
switch back to the official repo, yes.
Also, given Baruch review and mine, I've marked the series as changes
requested.
Thanks!
Regards,
Yann E. MORIN.
> Adam
>
> Adam Duskett (5):
> package/nginx: bump version to 1.20.1
> package/nginx: add stream_set_module support
> package/nginx-naxsi: bump version to 1.3
> package/nginx-dav-ext: bump version to 3.0.0
> package/nginx-modsecurity: bump to version 1.0.2
>
> package/nginx-dav-ext/nginx-dav-ext.hash | 4 +-
> package/nginx-dav-ext/nginx-dav-ext.mk | 2 +-
> .../nginx-modsecurity/nginx-modsecurity.hash | 6 +--
> .../nginx-modsecurity/nginx-modsecurity.mk | 2 +-
> package/nginx-naxsi/nginx-naxsi.hash | 4 +-
> package/nginx-naxsi/nginx-naxsi.mk | 6 +--
> ...ture_run_force_result-for-each-featu.patch | 40 ++++++++-----------
> ...ake-sys_nerr-guessing-cross-friendly.patch | 27 ++++++-------
> ...to-os-linux-fix-build-with-libxcrypt.patch | 2 +-
> ...ff-by-one-write-in-ngx_resolver_copy.patch | 40 -------------------
> package/nginx/Config.in | 6 +++
> package/nginx/nginx.hash | 4 +-
> package/nginx/nginx.mk | 6 ++-
> 13 files changed, 55 insertions(+), 94 deletions(-)
> delete mode 100644 package/nginx/0010-Resolver-fixed-off-by-one-write-in-ngx_resolver_copy.patch
>
> --
> 2.31.1
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Buildroot] [PATCH 0/5] nginx updates
2021-06-28 18:02 ` [Buildroot] [PATCH 0/5] nginx updates Robert Hancock
@ 2021-06-30 21:16 ` Yann E. MORIN
2021-07-02 15:25 ` Adam Duskett
0 siblings, 1 reply; 12+ messages in thread
From: Yann E. MORIN @ 2021-06-30 21:16 UTC (permalink / raw)
To: buildroot
Robert, All,
On 2021-06-28 18:02 +0000, Robert Hancock via buildroot spake thusly:
> On Mon, 2021-06-28 at 09:16 -0700, Adam Duskett wrote:
> > Just some nginx maintnence.
[--SNIP--]
> > The nginx-upload package also has updates, however, the current nginx-upload
> > url
> > points to a fork of nginx-upload-module. The official project URL is fdintino
> > not vkholodkov. Should this be changed to fdintino and the version changed to
> > 4423994c7d8fb491d95867f6af968585d949e7a9?
>
> I believe at one point the fdintino repository was quite behind and was missing
> a bunch of features like HTTP/2 support that were in the vkholodkov fork. It
> looks like the vkholodkov version is only 1 commit ahead of fdintino right now
> however, so we might be able to switch to the "official" version.
Thanks for the explanations. :-)
Would you be willing to send a patch doing the switch, then?
Regards,
Yann E. MORIN.
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Buildroot] [PATCH 0/5] nginx updates
2021-06-30 21:16 ` Yann E. MORIN
@ 2021-07-02 15:25 ` Adam Duskett
0 siblings, 0 replies; 12+ messages in thread
From: Adam Duskett @ 2021-07-02 15:25 UTC (permalink / raw)
To: buildroot
After the v2 patch series is approved (or marked as Changed requested)
I can also update nginx-upload.
Adam
On Wed, Jun 30, 2021 at 2:16 PM Yann E. MORIN <yann.morin.1998@free.fr> wrote:
>
> Robert, All,
>
> On 2021-06-28 18:02 +0000, Robert Hancock via buildroot spake thusly:
> > On Mon, 2021-06-28 at 09:16 -0700, Adam Duskett wrote:
> > > Just some nginx maintnence.
> [--SNIP--]
> > > The nginx-upload package also has updates, however, the current nginx-upload
> > > url
> > > points to a fork of nginx-upload-module. The official project URL is fdintino
> > > not vkholodkov. Should this be changed to fdintino and the version changed to
> > > 4423994c7d8fb491d95867f6af968585d949e7a9?
> >
> > I believe at one point the fdintino repository was quite behind and was missing
> > a bunch of features like HTTP/2 support that were in the vkholodkov fork. It
> > looks like the vkholodkov version is only 1 commit ahead of fdintino right now
> > however, so we might be able to switch to the "official" version.
>
> Thanks for the explanations. :-)
>
> Would you be willing to send a patch doing the switch, then?
>
> Regards,
> Yann E. MORIN.
>
> --
> .-----------------.--------------------.------------------.--------------------.
> | Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
> | +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
> | +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
> | http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
> '------------------------------^-------^------------------^--------------------'
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2021-07-02 15:25 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-28 16:16 [Buildroot] [PATCH 0/5] nginx updates Adam Duskett
2021-06-28 16:16 ` [Buildroot] [PATCH 1/5] package/nginx: bump version to 1.20.1 Adam Duskett
2021-06-28 17:16 ` Baruch Siach
2021-06-28 16:16 ` [Buildroot] [PATCH 2/5] package/nginx: add stream_set_module support Adam Duskett
2021-06-28 16:16 ` [Buildroot] [PATCH 3/5] package/nginx-naxsi: bump version to 1.3 Adam Duskett
2021-06-29 20:17 ` Yann E. MORIN
2021-06-28 16:16 ` [Buildroot] [PATCH 4/5] package/nginx-dav-ext: bump version to 3.0.0 Adam Duskett
2021-06-28 16:16 ` [Buildroot] [PATCH 5/5] package/nginx-modsecurity: bump to version 1.0.2 Adam Duskett
2021-06-28 18:02 ` [Buildroot] [PATCH 0/5] nginx updates Robert Hancock
2021-06-30 21:16 ` Yann E. MORIN
2021-07-02 15:25 ` Adam Duskett
2021-06-29 20:20 ` Yann E. MORIN
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.