solution;
Sending SIGQUIT to nginx will do a graceful shutdown, which can take up
to several minutes until all the connections are closed and nginx will
not accept any connections during this time.
The other problem is that doing a service restart will end up in a timeout
and the actual restart of the service will never happen because stopping
the service has "failed"
Add patches to a few ports to build with ruby 3.0, mostly -fdeclspec to
CFLAGS or CXXFLAGS.
Bump ports where the default version change causes a package change.
OK kmos@
This module allows extracting of information from the ClientHello
message without terminating SSL/TLS.
Thanks sthen@ and tb@ for the cluestick.
"...diff looks fine" robert@ (maintainer)
Many people really want to use TLSv1.3 right now, some do not.
So in addition to enabling it, also allow disabling it. This
works around the fact that LibreSSL cannot expose these defines
right now since that would break an unknown number of ports.
Issue reported by Andreas Bartelt
Discussed with robert and sthen who both prefer this over a revert
the libmaxminddb-based geoip2 module), reorganise MULTI_PACKAGES a bit to avoid some
duplication in the Makefile. looks good robert@ (maintainer), ok fcambus@
configure (another place where it can't find required libraries in
/usr/X11R6/lib)
- remove bogus LIB_DEPENDS-rtmp, there are no WANTLIB, check-lib-depends
is happy
ok robert@
(can be used instead of the geoip module which uses databases which aren't
supported any more)
- use a simpler construct to fetch the additional github distfiles,
use https homepage while there
ok robert@
see http://nginx.org/en/security_advisories.html: When using HTTP/2 a
client might cause excessive memory consumption and CPU usage
(CVE-2019-9511, CVE-2019-9513,CVE-2019-9516).
Update chroot patch & fix WANTLIB while here.
ok sthen@ danj@ robert@ (maintainer)
While here install nginx.so in the dir perl's DynaLoader will look for.
ok robert@ (maintainer) phessler@, hints from our resident perl expert afresh1@
some existing COMPILER lines with arch restrictions etc. In the usual
case this is now using "COMPILER = base-clang ports-gcc base-gcc" on
ports with c++ libraries in WANTLIB.
This is basically intended to be a noop on architectures using clang
as the system compiler, but help with other architectures where we
currently have many ports knocked out due to building with an unsuitable
compiler -
- some ports require c++11/newer so the GCC version in base that is used
on these archirtectures is too old.
- some ports have conflicts where an executable is built with one compiler
(e.g. gcc from base) but a library dependency is built with a different
one (e.g. gcc from ports), resulted in mixing incompatible libraries in the
same address space.
devel/gmp is intentionally skipped as it's on the path to building gcc -
the c++ library there is unused in ports (and not built by default upstream)
so intending to disable building gmpcxx in a future commit.
- add nginx-auth-ldap module (https://github.com/kvspb/nginx-auth-ldap/)
- reduce duplication in DISTFILES with foo{bar}ext syntax
- simplify RUN_DEPENDS*
- use perl MODULES to get ${P5ARCH} defined, use in PLIST-perl
I had an initial diff removing the no_lua PSEUDO_FLAVOR for the sake of
simplicity, but sthen@ preferred to keep it :)
The libressl breakage was fixed upstream in
cc0a793a27
Basic testing (content_from_lua_block, access_from_lua_block) okay
ok robert@ (MAINTAINER) sthen@
This allows you to set and clear headers in addition to just adding
them, and is necessary for proxying to work correctly for some
applications.
OK sthen@, william@, robert@
a specially crafted request might result in an integer
overflow and incorrect processing of ranges in the range filter,
potentially resulting in sensitive information leak (CVE-2017-7529).
