see http://nginx.org/en/security_advisories.html: When using HTTP/2 a
client might cause excessive memory consumption and CPU usage
(CVE-2019-9511, CVE-2019-9513,CVE-2019-9516).
Update chroot patch & fix WANTLIB while here.
ok sthen@ danj@ robert@ (maintainer)
While here install nginx.so in the dir perl's DynaLoader will look for.
ok robert@ (maintainer) phessler@, hints from our resident perl expert afresh1@
some existing COMPILER lines with arch restrictions etc. In the usual
case this is now using "COMPILER = base-clang ports-gcc base-gcc" on
ports with c++ libraries in WANTLIB.
This is basically intended to be a noop on architectures using clang
as the system compiler, but help with other architectures where we
currently have many ports knocked out due to building with an unsuitable
compiler -
- some ports require c++11/newer so the GCC version in base that is used
on these archirtectures is too old.
- some ports have conflicts where an executable is built with one compiler
(e.g. gcc from base) but a library dependency is built with a different
one (e.g. gcc from ports), resulted in mixing incompatible libraries in the
same address space.
devel/gmp is intentionally skipped as it's on the path to building gcc -
the c++ library there is unused in ports (and not built by default upstream)
so intending to disable building gmpcxx in a future commit.
- add nginx-auth-ldap module (https://github.com/kvspb/nginx-auth-ldap/)
- reduce duplication in DISTFILES with foo{bar}ext syntax
- simplify RUN_DEPENDS*
- use perl MODULES to get ${P5ARCH} defined, use in PLIST-perl
I had an initial diff removing the no_lua PSEUDO_FLAVOR for the sake of
simplicity, but sthen@ preferred to keep it :)
The libressl breakage was fixed upstream in
cc0a793a27
Basic testing (content_from_lua_block, access_from_lua_block) okay
ok robert@ (MAINTAINER) sthen@
This allows you to set and clear headers in addition to just adding
them, and is necessary for proxying to work correctly for some
applications.
OK sthen@, william@, robert@
a specially crafted request might result in an integer
overflow and incorrect processing of ranges in the range filter,
potentially resulting in sensitive information leak (CVE-2017-7529).
builds it was unsuccessful in DPB (at least without changing ../Makefile to
add the pseudo-flavour).
While there, overwrite RUN_DEPENDS-main to avoid adding a run dependency on
lua to the main package (existing problem).
use it by default for now, ngx_http_lua_ssl_ocsp.c cannot be built following
libressl changes (it sets tlsext_status_expected which moved to the internal
struct). ok robert@
Switch all extrnal modules to be dynamic modules, and update them to use the
latest versions. Use separate subpackages for all dynamic modules, so you
can easily choose which nginx features you want without rebuilding nginx
with a specific combination of FLAVORs.
Switch all internal modules that can be built dynamically to use dynamic
modules.
Start building the image_filter, geoip, perl, and xlst modules as dynamic
modules.
This requires changes to your nginx configuration if you were previously
using a FLAVORed version of nginx, or using the mail or stream features.
OK robert@ (MAINTAINER)
positive feedback from william@ (MAINTAINER), landry@, sthen@
- fix pre-patch target to allow multiple FLAVORs (thanks ajacoutot@ and phessler@)
- add 'mailproxy' FLAVOR to enable mail_pop3_module, mail_imap_module,
and mail_smtp_module (requested by Lyndon Nerenberg)
- sort the FLAVORs alphabetically in the README
ok ajacoutot@ robert@
