From nobody Tue Apr 18 13:20:28 2023 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Q14Kn0kcnz456BP; Tue, 18 Apr 2023 13:20:29 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Q14Km2m0Mz3lr5; Tue, 18 Apr 2023 13:20:28 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1681824028; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=3xbXgS3hNcOouAoD4r2eEoCsjZBef4qoZg/TegwzX+0=; b=E0xTE+8Nk3iSc/hQelTu9G5+h38JObxq3G/oGULrg5RI6j4QbYaD8pgjSb8vvIQnl5ANAv ETVoGsdJKCo+VWSxq3qLDepuBqQci2ZbcZiAabL74Z+NCiBSBOtvwg4AXHreCAbiTLghZb Vp3Mg5vSHhOz1q0lhths9f7Ye9canIUoxDcndja46Q+tt3+JTidg3YOmeNeoQVnDnxLNF3 bJq7KHLi7nu1K9SIIW36iVjTQ0+joE4iS5N3RmT1Fg084KW7Teiw9I3S36wd/dnCkzRtkA 6NBhWnqLDhx7VZ2UOeiLpG6kCUhgTjAA+Vb1EmVbvKLoNLG6FJruJ3S6GFOLXQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1681824028; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=3xbXgS3hNcOouAoD4r2eEoCsjZBef4qoZg/TegwzX+0=; b=vEwLuledOi8F9EqZoYCNUseRD9u7qO1eK+M8vnoPO4+IAQuP8TrSsXy4uiomuRYtWdcxlx WcHh+FwMfGddOasSwMSPnXQYuy+WA0IEDn7St59wEDm78LjjAwod0oIB6FMEj5syXQNoeH SZv0IHf6uxrEadWdEQR5rt2HC34IQ3DmBMgKpMXx6byarEvYpDYylJYsQi5K77qsBMnPNr jPqRuzyWWvkxHHOwyPbWRAARRSo/VaIvX8MQFIzm96klKVYZZZ7Rj3ECeVZJfBDYafRLWR DcpD4CMTMJG+WD5vHISVE0gQAEdkXXDqnzshDdbJyrqDytWRMPdpfIvM1qMmJA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1681824028; a=rsa-sha256; cv=none; b=SPA4IjN4qXvTzXjbCSex4sBlUA/9bJPWIZW0iISlespO7WqDF/Bkd0JkhZuUBEYxDBL8Bv QZldT9jFWuzSeEAvLjKrnYtEr6LaSnRDLE0QYwvtIrsr7Qd91N46aKvxjZnN9NF/2t1Miu sx1EoqoD1A64I4oLPiSIJ3HoB9WH4zslwcjjkE0/ZBTEMHSKcge7BIRv2EwjSWx0lGdyMe itrxtCrPY8WDebimnvjUz/W6qtvLUZuEb37VrRFTY8bAQTGWB1KeIWLxGT+DvcoLtlGxoU Q1hZ1ICWypkXJuWfy8ZGspmQyfhcOUS58UWNiiVSAd+UlSZOiL2F0LHIsG7mnQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Q14Km10C1z1Bsm; Tue, 18 Apr 2023 13:20:28 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 33IDKSF7006182; Tue, 18 Apr 2023 13:20:28 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 33IDKSmd006181; Tue, 18 Apr 2023 13:20:28 GMT (envelope-from git) Date: Tue, 18 Apr 2023 13:20:28 GMT Message-Id: <202304181320.33IDKSmd006181@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: "Sergey A. Osokin" Subject: git: 5bae4e5038d1 - main - www/nginx-devel: update third-party http_auth_krb5 (spnego) module (+) List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: osa X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 5bae4e5038d18b66a74dda03fa0dffad964d4e89 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by osa: URL: https://cgit.FreeBSD.org/ports/commit/?id=5bae4e5038d18b66a74dda03fa0dffad964d4e89 commit 5bae4e5038d18b66a74dda03fa0dffad964d4e89 Author: Sergey A. Osokin AuthorDate: 2023-04-18 13:19:07 +0000 Commit: Sergey A. Osokin CommitDate: 2023-04-18 13:20:22 +0000 www/nginx-devel: update third-party http_auth_krb5 (spnego) module (+) Resurrect GSSAPI radio button for http_auth_krb5 module, last one builds just fine with both implementations now. While I'm here: o) sort pkg-plist; o) update portscout. Bump PORTREVISION. --- www/nginx-devel/Makefile | 18 +++++++- www/nginx-devel/Makefile.extmod | 6 +-- www/nginx-devel/distinfo | 6 +-- .../extra-patch-ngx_http_auth_spnego_module.c | 52 ---------------------- ...xtra-patch-spnego-http-auth-nginx-module-config | 4 +- www/nginx-devel/pkg-plist | 4 +- 6 files changed, 25 insertions(+), 65 deletions(-) diff --git a/www/nginx-devel/Makefile b/www/nginx-devel/Makefile index 6a196b9efa06..878ddd819e7c 100644 --- a/www/nginx-devel/Makefile +++ b/www/nginx-devel/Makefile @@ -1,6 +1,6 @@ PORTNAME?= nginx PORTVERSION= 1.24.0 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= www MASTER_SITES= https://nginx.org/download/ \ LOCAL/osa @@ -16,7 +16,7 @@ LICENSE_FILE?= ${WRKSRC}/LICENSE CONFLICTS_INSTALL= nginx -PORTSCOUT= limit:^1\.24\.[0-9]* +PORTSCOUT= limit:^1\.2[4-5]\.[0-9]* USES= cpe @@ -87,6 +87,11 @@ OPTIONS_DEFAULT?= DSO FILE_AIO HTTP HTTP_ADDITION HTTP_AUTH_REQ HTTP_CACHE \ LIB_DEPENDS+= libpcre2-8.so:devel/pcre2 +OPTIONS_RADIO+= GSSAPI +OPTIONS_RADIO_GSSAPI= GSSAPI_HEIMDAL GSSAPI_MIT +GSSAPI_HEIMDAL_USES= gssapi:heimdal,flags +GSSAPI_MIT_USES= gssapi:mit + OPTIONS_SUB= yes .include "Makefile.options.desc" @@ -103,6 +108,9 @@ ${opt}_IMPLIES= HTTP ${opt}_IMPLIES= STREAM .endfor +GSSAPI_HEIMDAL_IMPLIES= HTTP_AUTH_KRB5 +GSSAPI_MIT_IMPLIES= HTTP_AUTH_KRB5 + # If the target is makesum, make sure that every distfile is fetched. .if ${.TARGETS:Mmakesum} OPTIONS_DEFAULT= ${OPTIONS_DEFINE} ${OPTIONS_GROUP_HTTPGRP} \ @@ -220,6 +228,12 @@ IGNORE= requires at least HTTP or MAIL to \ be defined. Please do 'make config' again .endif +.if ${PORT_OPTIONS:MHTTP_AUTH_KRB5} && (empty(PORT_OPTIONS:MGSSAPI_HEIMDAL) && empty(PORT_OPTIONS:MGSSAPI_MIT)) +IGNORE= required at least GSSAPI_HEIMDAL or \ + GSSAPI_MIT to be defined. Please do \ + 'make config' again +.endif + .if ${PORT_OPTIONS:MPASSENGER} && empty(PORT_OPTIONS:MDEBUG) CONFIGURE_ENV+= OPTIMIZE="yes" CFLAGS+= -DNDEBUG diff --git a/www/nginx-devel/Makefile.extmod b/www/nginx-devel/Makefile.extmod index da16d3e86f39..110443098f42 100644 --- a/www/nginx-devel/Makefile.extmod +++ b/www/nginx-devel/Makefile.extmod @@ -90,11 +90,9 @@ HTTP_ACCEPT_LANGUAGE_VARS= DSO_EXTMODS+=accept_language HTTP_AUTH_DIGEST_GH_TUPLE= atomx:nginx-http-auth-digest:274490c:auth_digest HTTP_AUTH_DIGEST_VARS= DSO_EXTMODS+=auth_digest -HTTP_AUTH_KRB5_GH_TUPLE= stnoonan:spnego-http-auth-nginx-module:c626163:auth_krb5 +HTTP_AUTH_KRB5_GH_TUPLE= stnoonan:spnego-http-auth-nginx-module:3575542:auth_krb5 HTTP_AUTH_KRB5_VARS= DSO_EXTMODS+=auth_krb5 -HTTP_AUTH_KRB5_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-spnego-http-auth-nginx-module-config \ - ${PATCHDIR}/extra-patch-ngx_http_auth_spnego_module.c -HTTP_AUTH_KRB5_USES= gssapi:mit +HTTP_AUTH_KRB5_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-spnego-http-auth-nginx-module-config HTTP_AUTH_LDAP_GH_TUPLE= kvspb:nginx-auth-ldap:83c059b:http_auth_ldap HTTP_AUTH_LDAP_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-ngx_http_auth_ldap_module.c diff --git a/www/nginx-devel/distinfo b/www/nginx-devel/distinfo index 6dd09eb91908..b2a091fa25aa 100644 --- a/www/nginx-devel/distinfo +++ b/www/nginx-devel/distinfo @@ -1,4 +1,4 @@ -TIMESTAMP = 1681229804 +TIMESTAMP = 1681772643 SHA256 (nginx-1.24.0.tar.gz) = 77a2541637b92a621e3ee76776c8b7b40cf6d707e69ba53a940283e30ff2f55d SIZE (nginx-1.24.0.tar.gz) = 1112471 SHA256 (nginx_mogilefs_module-1.0.4.tar.gz) = 7ac230d30907f013dff8d435a118619ea6168aa3714dba62c6962d350c6295ae @@ -47,8 +47,8 @@ SHA256 (dvershinin-nginx_accept_language_module-5683967_GH0.tar.gz) = a58feb576f SIZE (dvershinin-nginx_accept_language_module-5683967_GH0.tar.gz) = 3425 SHA256 (atomx-nginx-http-auth-digest-274490c_GH0.tar.gz) = 0839c33c2f8d519f92daae274f62cf87eb68415d562c6500ee3e3721ce80557c SIZE (atomx-nginx-http-auth-digest-274490c_GH0.tar.gz) = 17815 -SHA256 (stnoonan-spnego-http-auth-nginx-module-c626163_GH0.tar.gz) = dac75d65453744ffe0f7af248f10f98fc89efca07303aa45a610805e57c588fc -SIZE (stnoonan-spnego-http-auth-nginx-module-c626163_GH0.tar.gz) = 24404 +SHA256 (stnoonan-spnego-http-auth-nginx-module-3575542_GH0.tar.gz) = 6d710f97bef58b2d5dc54445c0e48103786425f6d4ab18cf30a2168904d0ba62 +SIZE (stnoonan-spnego-http-auth-nginx-module-3575542_GH0.tar.gz) = 24680 SHA256 (kvspb-nginx-auth-ldap-83c059b_GH0.tar.gz) = e76e9e117ad51af578a68fa7a30c256178796bb271fa77f01c93281a92b09921 SIZE (kvspb-nginx-auth-ldap-83c059b_GH0.tar.gz) = 18547 SHA256 (sto-ngx_http_auth_pam_module-v1.5.3_GH0.tar.gz) = 882018fea8d6955ab3fe294aafa8ebb1fdff4eac313c29583fef02c6de76fae7 diff --git a/www/nginx-devel/files/extra-patch-ngx_http_auth_spnego_module.c b/www/nginx-devel/files/extra-patch-ngx_http_auth_spnego_module.c deleted file mode 100644 index 40aea7e6e875..000000000000 --- a/www/nginx-devel/files/extra-patch-ngx_http_auth_spnego_module.c +++ /dev/null @@ -1,52 +0,0 @@ ---- ../spnego-http-auth-nginx-module-c626163/ngx_http_auth_spnego_module.c.orig -+++ ../spnego-http-auth-nginx-module-c626163/ngx_http_auth_spnego_module.c -@@ -502,6 +502,7 @@ ngx_http_auth_spnego_headers_basic_only(ngx_http_request_t *r, - } - - r->headers_out.www_authenticate->hash = 1; -+ r->headers_out.www_authenticate->next = NULL; - r->headers_out.www_authenticate->key.len = sizeof("WWW-Authenticate") - 1; - r->headers_out.www_authenticate->key.data = (u_char *)"WWW-Authenticate"; - r->headers_out.www_authenticate->value.len = value.len; -@@ -538,6 +539,7 @@ ngx_http_auth_spnego_headers(ngx_http_request_t *r, - } - - r->headers_out.www_authenticate->hash = 1; -+ r->headers_out.www_authenticate->next = NULL; - r->headers_out.www_authenticate->key.len = sizeof("WWW-Authenticate") - 1; - r->headers_out.www_authenticate->key.data = (u_char *)"WWW-Authenticate"; - r->headers_out.www_authenticate->value.len = value.len; -@@ -559,6 +561,7 @@ ngx_http_auth_spnego_headers(ngx_http_request_t *r, - } - - r->headers_out.www_authenticate->hash = 2; -+ r->headers_out.www_authenticate->next = NULL; - r->headers_out.www_authenticate->key.len = - sizeof("WWW-Authenticate") - 1; - r->headers_out.www_authenticate->key.data = -@@ -758,6 +761,12 @@ ngx_http_auth_spnego_store_delegated_creds(ngx_http_request_t *r, - char *ccname = NULL; - char *escaped = NULL; - -+ if ((kerr = krb5_init_context(&kcontext))) { -+ spnego_log_error("Kerberos error: Cannot initialize kerberos context"); -+ spnego_log_krb5_error(kcontext, kerr); -+ goto done; -+ } -+ - if (!delegated_creds.data) { - spnego_log_error( - "ngx_http_auth_spnego_store_delegated_creds() NULL credentials"); -@@ -766,12 +775,6 @@ ngx_http_auth_spnego_store_delegated_creds(ngx_http_request_t *r, - goto done; - } - -- if ((kerr = krb5_init_context(&kcontext))) { -- spnego_log_error("Kerberos error: Cannot initialize kerberos context"); -- spnego_log_krb5_error(kcontext, kerr); -- goto done; -- } -- - if ((kerr = krb5_parse_name(kcontext, (char *)principal_name->data, - &principal))) { - spnego_log_error("Kerberos error: Cannot parse principal %s", diff --git a/www/nginx-devel/files/extra-patch-spnego-http-auth-nginx-module-config b/www/nginx-devel/files/extra-patch-spnego-http-auth-nginx-module-config index 7ea16b2ff99e..a54e89e58a23 100644 --- a/www/nginx-devel/files/extra-patch-spnego-http-auth-nginx-module-config +++ b/www/nginx-devel/files/extra-patch-spnego-http-auth-nginx-module-config @@ -1,5 +1,5 @@ ---- ../spnego-http-auth-nginx-module-c626163/config.orig 2020-08-27 07:59:28.423636000 -0400 -+++ ../spnego-http-auth-nginx-module-c626163/config 2020-08-27 08:01:42.152121000 -0400 +--- ../spnego-http-auth-nginx-module-3575542/config.orig 2020-08-27 07:59:28.423636000 -0400 ++++ ../spnego-http-auth-nginx-module-3575542/config 2020-08-27 08:01:42.152121000 -0400 @@ -1,8 +1,9 @@ ngx_addon_name=ngx_http_auth_spnego_module -ngx_feature_libs="-lgssapi_krb5 -lkrb5 -lcom_err" diff --git a/www/nginx-devel/pkg-plist b/www/nginx-devel/pkg-plist index 0f8bc3e54f0a..a3f21a268022 100644 --- a/www/nginx-devel/pkg-plist +++ b/www/nginx-devel/pkg-plist @@ -44,8 +44,8 @@ %%DSO%%%%HTTP_MP4_H264%%libexec/nginx/ngx_http_h264_streaming_module.so %%DSO%%%%HTTP_NOTICE%%libexec/nginx/ngx_http_notice_module.so %%DSO%%%%HTTP_PERL%%libexec/nginx/ngx_http_perl_module.so -%%DSO%%%%HTTP_PUSH%%libexec/nginx/ngx_nchan_module.so %%DSO%%%%HTTP_PUSH_STREAM%%libexec/nginx/ngx_http_push_stream_module.so +%%DSO%%%%HTTP_PUSH%%libexec/nginx/ngx_nchan_module.so %%DSO%%%%HTTP_REDIS%%libexec/nginx/ngx_http_redis_module.so %%DSO%%%%HTTP_SUBS_FILTER%%libexec/nginx/ngx_http_subs_filter_module.so %%DSO%%%%HTTP_TARANTOOL%%libexec/nginx/ngx_http_tnt_module.so @@ -62,8 +62,8 @@ %%DSO%%%%LET%%libexec/nginx/ngx_http_let_module.so %%DSO%%%%LINK%%libexec/nginx/ngx_http_link_func_module.so %%DSO%%%%LUA%%libexec/nginx/ngx_http_lua_module.so -%%DSO%%%%MAIL%%libexec/nginx/ngx_mail_module.so %%DSO%%%%MAIL%%%%CT%%libexec/nginx/ngx_mail_ssl_ct_module.so +%%DSO%%%%MAIL%%libexec/nginx/ngx_mail_module.so %%DSO%%%%MEMC%%libexec/nginx/ngx_http_memc_module.so %%DSO%%%%MODSECURITY3%%libexec/nginx/ngx_http_modsecurity_module.so %%DSO%%%%NAXSI%%libexec/nginx/ngx_http_naxsi_module.so