Date: Tue, 18 Apr 2023 13:20:28 GMT From: "Sergey A. Osokin" <osa@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 5bae4e5038d1 - main - www/nginx-devel: update third-party http_auth_krb5 (spnego) module (+) Message-ID: <202304181320.33IDKSmd006181@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by osa: URL: https://cgit.FreeBSD.org/ports/commit/?id=5bae4e5038d18b66a74dda03fa0dffad964d4e89 commit 5bae4e5038d18b66a74dda03fa0dffad964d4e89 Author: Sergey A. Osokin <osa@FreeBSD.org> AuthorDate: 2023-04-18 13:19:07 +0000 Commit: Sergey A. Osokin <osa@FreeBSD.org> CommitDate: 2023-04-18 13:20:22 +0000 www/nginx-devel: update third-party http_auth_krb5 (spnego) module (+) Resurrect GSSAPI radio button for http_auth_krb5 module, last one builds just fine with both implementations now. While I'm here: o) sort pkg-plist; o) update portscout. Bump PORTREVISION. --- www/nginx-devel/Makefile | 18 +++++++- www/nginx-devel/Makefile.extmod | 6 +-- www/nginx-devel/distinfo | 6 +-- .../extra-patch-ngx_http_auth_spnego_module.c | 52 ---------------------- ...xtra-patch-spnego-http-auth-nginx-module-config | 4 +- www/nginx-devel/pkg-plist | 4 +- 6 files changed, 25 insertions(+), 65 deletions(-) diff --git a/www/nginx-devel/Makefile b/www/nginx-devel/Makefile index 6a196b9efa06..878ddd819e7c 100644 --- a/www/nginx-devel/Makefile +++ b/www/nginx-devel/Makefile @@ -1,6 +1,6 @@ PORTNAME?= nginx PORTVERSION= 1.24.0 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= www MASTER_SITES= https://nginx.org/download/ \ LOCAL/osa @@ -16,7 +16,7 @@ LICENSE_FILE?= ${WRKSRC}/LICENSE CONFLICTS_INSTALL= nginx -PORTSCOUT= limit:^1\.24\.[0-9]* +PORTSCOUT= limit:^1\.2[4-5]\.[0-9]* USES= cpe @@ -87,6 +87,11 @@ OPTIONS_DEFAULT?= DSO FILE_AIO HTTP HTTP_ADDITION HTTP_AUTH_REQ HTTP_CACHE \ LIB_DEPENDS+= libpcre2-8.so:devel/pcre2 +OPTIONS_RADIO+= GSSAPI +OPTIONS_RADIO_GSSAPI= GSSAPI_HEIMDAL GSSAPI_MIT +GSSAPI_HEIMDAL_USES= gssapi:heimdal,flags +GSSAPI_MIT_USES= gssapi:mit + OPTIONS_SUB= yes .include "Makefile.options.desc" @@ -103,6 +108,9 @@ ${opt}_IMPLIES= HTTP ${opt}_IMPLIES= STREAM .endfor +GSSAPI_HEIMDAL_IMPLIES= HTTP_AUTH_KRB5 +GSSAPI_MIT_IMPLIES= HTTP_AUTH_KRB5 + # If the target is makesum, make sure that every distfile is fetched. .if ${.TARGETS:Mmakesum} OPTIONS_DEFAULT= ${OPTIONS_DEFINE} ${OPTIONS_GROUP_HTTPGRP} \ @@ -220,6 +228,12 @@ IGNORE= requires at least HTTP or MAIL to \ be defined. Please do 'make config' again .endif +.if ${PORT_OPTIONS:MHTTP_AUTH_KRB5} && (empty(PORT_OPTIONS:MGSSAPI_HEIMDAL) && empty(PORT_OPTIONS:MGSSAPI_MIT)) +IGNORE= required at least GSSAPI_HEIMDAL or \ + GSSAPI_MIT to be defined. Please do \ + 'make config' again +.endif + .if ${PORT_OPTIONS:MPASSENGER} && empty(PORT_OPTIONS:MDEBUG) CONFIGURE_ENV+= OPTIMIZE="yes" CFLAGS+= -DNDEBUG diff --git a/www/nginx-devel/Makefile.extmod b/www/nginx-devel/Makefile.extmod index da16d3e86f39..110443098f42 100644 --- a/www/nginx-devel/Makefile.extmod +++ b/www/nginx-devel/Makefile.extmod @@ -90,11 +90,9 @@ HTTP_ACCEPT_LANGUAGE_VARS= DSO_EXTMODS+=accept_language HTTP_AUTH_DIGEST_GH_TUPLE= atomx:nginx-http-auth-digest:274490c:auth_digest HTTP_AUTH_DIGEST_VARS= DSO_EXTMODS+=auth_digest -HTTP_AUTH_KRB5_GH_TUPLE= stnoonan:spnego-http-auth-nginx-module:c626163:auth_krb5 +HTTP_AUTH_KRB5_GH_TUPLE= stnoonan:spnego-http-auth-nginx-module:3575542:auth_krb5 HTTP_AUTH_KRB5_VARS= DSO_EXTMODS+=auth_krb5 -HTTP_AUTH_KRB5_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-spnego-http-auth-nginx-module-config \ - ${PATCHDIR}/extra-patch-ngx_http_auth_spnego_module.c -HTTP_AUTH_KRB5_USES= gssapi:mit +HTTP_AUTH_KRB5_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-spnego-http-auth-nginx-module-config HTTP_AUTH_LDAP_GH_TUPLE= kvspb:nginx-auth-ldap:83c059b:http_auth_ldap HTTP_AUTH_LDAP_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-ngx_http_auth_ldap_module.c diff --git a/www/nginx-devel/distinfo b/www/nginx-devel/distinfo index 6dd09eb91908..b2a091fa25aa 100644 --- a/www/nginx-devel/distinfo +++ b/www/nginx-devel/distinfo @@ -1,4 +1,4 @@ -TIMESTAMP = 1681229804 +TIMESTAMP = 1681772643 SHA256 (nginx-1.24.0.tar.gz) = 77a2541637b92a621e3ee76776c8b7b40cf6d707e69ba53a940283e30ff2f55d SIZE (nginx-1.24.0.tar.gz) = 1112471 SHA256 (nginx_mogilefs_module-1.0.4.tar.gz) = 7ac230d30907f013dff8d435a118619ea6168aa3714dba62c6962d350c6295ae @@ -47,8 +47,8 @@ SHA256 (dvershinin-nginx_accept_language_module-5683967_GH0.tar.gz) = a58feb576f SIZE (dvershinin-nginx_accept_language_module-5683967_GH0.tar.gz) = 3425 SHA256 (atomx-nginx-http-auth-digest-274490c_GH0.tar.gz) = 0839c33c2f8d519f92daae274f62cf87eb68415d562c6500ee3e3721ce80557c SIZE (atomx-nginx-http-auth-digest-274490c_GH0.tar.gz) = 17815 -SHA256 (stnoonan-spnego-http-auth-nginx-module-c626163_GH0.tar.gz) = dac75d65453744ffe0f7af248f10f98fc89efca07303aa45a610805e57c588fc -SIZE (stnoonan-spnego-http-auth-nginx-module-c626163_GH0.tar.gz) = 24404 +SHA256 (stnoonan-spnego-http-auth-nginx-module-3575542_GH0.tar.gz) = 6d710f97bef58b2d5dc54445c0e48103786425f6d4ab18cf30a2168904d0ba62 +SIZE (stnoonan-spnego-http-auth-nginx-module-3575542_GH0.tar.gz) = 24680 SHA256 (kvspb-nginx-auth-ldap-83c059b_GH0.tar.gz) = e76e9e117ad51af578a68fa7a30c256178796bb271fa77f01c93281a92b09921 SIZE (kvspb-nginx-auth-ldap-83c059b_GH0.tar.gz) = 18547 SHA256 (sto-ngx_http_auth_pam_module-v1.5.3_GH0.tar.gz) = 882018fea8d6955ab3fe294aafa8ebb1fdff4eac313c29583fef02c6de76fae7 diff --git a/www/nginx-devel/files/extra-patch-ngx_http_auth_spnego_module.c b/www/nginx-devel/files/extra-patch-ngx_http_auth_spnego_module.c deleted file mode 100644 index 40aea7e6e875..000000000000 --- a/www/nginx-devel/files/extra-patch-ngx_http_auth_spnego_module.c +++ /dev/null @@ -1,52 +0,0 @@ ---- ../spnego-http-auth-nginx-module-c626163/ngx_http_auth_spnego_module.c.orig -+++ ../spnego-http-auth-nginx-module-c626163/ngx_http_auth_spnego_module.c -@@ -502,6 +502,7 @@ ngx_http_auth_spnego_headers_basic_only(ngx_http_request_t *r, - } - - r->headers_out.www_authenticate->hash = 1; -+ r->headers_out.www_authenticate->next = NULL; - r->headers_out.www_authenticate->key.len = sizeof("WWW-Authenticate") - 1; - r->headers_out.www_authenticate->key.data = (u_char *)"WWW-Authenticate"; - r->headers_out.www_authenticate->value.len = value.len; -@@ -538,6 +539,7 @@ ngx_http_auth_spnego_headers(ngx_http_request_t *r, - } - - r->headers_out.www_authenticate->hash = 1; -+ r->headers_out.www_authenticate->next = NULL; - r->headers_out.www_authenticate->key.len = sizeof("WWW-Authenticate") - 1; - r->headers_out.www_authenticate->key.data = (u_char *)"WWW-Authenticate"; - r->headers_out.www_authenticate->value.len = value.len; -@@ -559,6 +561,7 @@ ngx_http_auth_spnego_headers(ngx_http_request_t *r, - } - - r->headers_out.www_authenticate->hash = 2; -+ r->headers_out.www_authenticate->next = NULL; - r->headers_out.www_authenticate->key.len = - sizeof("WWW-Authenticate") - 1; - r->headers_out.www_authenticate->key.data = -@@ -758,6 +761,12 @@ ngx_http_auth_spnego_store_delegated_creds(ngx_http_request_t *r, - char *ccname = NULL; - char *escaped = NULL; - -+ if ((kerr = krb5_init_context(&kcontext))) { -+ spnego_log_error("Kerberos error: Cannot initialize kerberos context"); -+ spnego_log_krb5_error(kcontext, kerr); -+ goto done; -+ } -+ - if (!delegated_creds.data) { - spnego_log_error( - "ngx_http_auth_spnego_store_delegated_creds() NULL credentials"); -@@ -766,12 +775,6 @@ ngx_http_auth_spnego_store_delegated_creds(ngx_http_request_t *r, - goto done; - } - -- if ((kerr = krb5_init_context(&kcontext))) { -- spnego_log_error("Kerberos error: Cannot initialize kerberos context"); -- spnego_log_krb5_error(kcontext, kerr); -- goto done; -- } -- - if ((kerr = krb5_parse_name(kcontext, (char *)principal_name->data, - &principal))) { - spnego_log_error("Kerberos error: Cannot parse principal %s", diff --git a/www/nginx-devel/files/extra-patch-spnego-http-auth-nginx-module-config b/www/nginx-devel/files/extra-patch-spnego-http-auth-nginx-module-config index 7ea16b2ff99e..a54e89e58a23 100644 --- a/www/nginx-devel/files/extra-patch-spnego-http-auth-nginx-module-config +++ b/www/nginx-devel/files/extra-patch-spnego-http-auth-nginx-module-config @@ -1,5 +1,5 @@ ---- ../spnego-http-auth-nginx-module-c626163/config.orig 2020-08-27 07:59:28.423636000 -0400 -+++ ../spnego-http-auth-nginx-module-c626163/config 2020-08-27 08:01:42.152121000 -0400 +--- ../spnego-http-auth-nginx-module-3575542/config.orig 2020-08-27 07:59:28.423636000 -0400 ++++ ../spnego-http-auth-nginx-module-3575542/config 2020-08-27 08:01:42.152121000 -0400 @@ -1,8 +1,9 @@ ngx_addon_name=ngx_http_auth_spnego_module -ngx_feature_libs="-lgssapi_krb5 -lkrb5 -lcom_err" diff --git a/www/nginx-devel/pkg-plist b/www/nginx-devel/pkg-plist index 0f8bc3e54f0a..a3f21a268022 100644 --- a/www/nginx-devel/pkg-plist +++ b/www/nginx-devel/pkg-plist @@ -44,8 +44,8 @@ %%DSO%%%%HTTP_MP4_H264%%libexec/nginx/ngx_http_h264_streaming_module.so %%DSO%%%%HTTP_NOTICE%%libexec/nginx/ngx_http_notice_module.so %%DSO%%%%HTTP_PERL%%libexec/nginx/ngx_http_perl_module.so -%%DSO%%%%HTTP_PUSH%%libexec/nginx/ngx_nchan_module.so %%DSO%%%%HTTP_PUSH_STREAM%%libexec/nginx/ngx_http_push_stream_module.so +%%DSO%%%%HTTP_PUSH%%libexec/nginx/ngx_nchan_module.so %%DSO%%%%HTTP_REDIS%%libexec/nginx/ngx_http_redis_module.so %%DSO%%%%HTTP_SUBS_FILTER%%libexec/nginx/ngx_http_subs_filter_module.so %%DSO%%%%HTTP_TARANTOOL%%libexec/nginx/ngx_http_tnt_module.so @@ -62,8 +62,8 @@ %%DSO%%%%LET%%libexec/nginx/ngx_http_let_module.so %%DSO%%%%LINK%%libexec/nginx/ngx_http_link_func_module.so %%DSO%%%%LUA%%libexec/nginx/ngx_http_lua_module.so -%%DSO%%%%MAIL%%libexec/nginx/ngx_mail_module.so %%DSO%%%%MAIL%%%%CT%%libexec/nginx/ngx_mail_ssl_ct_module.so +%%DSO%%%%MAIL%%libexec/nginx/ngx_mail_module.so %%DSO%%%%MEMC%%libexec/nginx/ngx_http_memc_module.so %%DSO%%%%MODSECURITY3%%libexec/nginx/ngx_http_modsecurity_module.so %%DSO%%%%NAXSI%%libexec/nginx/ngx_http_naxsi_module.so
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202304181320.33IDKSmd006181>