From nobody Wed May 29 17:19:25 2024
X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VqGMf1GBkz5MsRq;
	Wed, 29 May 2024 17:19:26 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4VqGMd6PHJz4nBS;
	Wed, 29 May 2024 17:19:25 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1717003165;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=hss07ekPudp3SVhQLT/bZ4D67rZDf7PZ3jGsnb4DudU=;
	b=UHuHD1lSbsW3jdbnHQeqXa5CWzYNTlt+QLNCh5gOZgsed5JFTRkmbRB7FdFmAixnJ4zm41
	K3NjUZsWJH7O7Z8zcb2VQv79RJU7QrE9qzgdA50ck047gnGiiZo+gm1ZaUqjduEgHJOb0+
	rHM/B6lJvSRSFPHCIwL2ynzp5M0L1nBrzO12uW2vqYx+yiSKTK0fiPKSpec58DJn5ETiy7
	QQrSGXAH0VbINNkSCOvPr8dthqDu6kLReIHovQfFE75RVX/CK/pkS6uputpCdhmJ9xzDaw
	yz1GSVR+b3FA3I9VqGl/Fuz2wRnmlIA+ZHuJShogov34HrBMH6E9k0dIyrnwsw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1717003165; a=rsa-sha256; cv=none;
	b=UAhQnG7LP3j1KRoitwqiyIqYsRp9IaOYNsv2PfYx4veXTc4S5zUt+Mf9SP8N5HIGU0MdyC
	9gR2V2bex4Fc844Oxsr1uCDSCMrSdOn5+k3Rw1grTvo0d6PE0aveSNafpEF1p3hhKEZ5ID
	CgQ3tglofJmKYd8AI648XG55L3z5Kau1wKaxM1hhXvvCrskNV98usWGoPM+dLrdGfV8oAm
	1wmPRevsVs7epWh7JR8G5t5E4+rLLXpKOJvc5kq16scw2TCcMV3FSK3MJxQ2XHI5JWyYWd
	JqJC7+IgYLYuIMaIZCUY218NuSmyKrV0uyV7+eAXm0gS+dc4QKNXMGW1cTEG3w==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1717003165;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=hss07ekPudp3SVhQLT/bZ4D67rZDf7PZ3jGsnb4DudU=;
	b=ZwTl+Nui/lYV1e9YbvbLbA4FnWRKyXr/c09Knj82QmuM6vQmtAPOM2GNMYp3sNdZ7Pvj7r
	yf2q/EzSpi71y0ZB3RCieO6kjVzKYsEd9GR5ZSow/6YFmOGkz3+UpAolZh+xDO1nO/ni49
	I6USqViktvcOgYNeiequ/jrieGRwb/aPi8BaWVjlEFLDwWX3rU3bnZR0moUAZeX8cQ6dKq
	35rs5I2HO9wHFe529moomFqE1G96udtT1rKfgFNqB6RA+AeiJNZgrQc7a1zrU/av/0bsUJ
	hoyjM7MTWjRVcFrSYvCKuV5CBfmkSC+d1GQ0fOB49zfk/hDKCg5z2J/qVAG4KQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4VqGMd60N8z14MX;
	Wed, 29 May 2024 17:19:25 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 44THJPxG069771;
	Wed, 29 May 2024 17:19:25 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 44THJP7C069768;
	Wed, 29 May 2024 17:19:25 GMT
	(envelope-from git)
Date: Wed, 29 May 2024 17:19:25 GMT
Message-Id: <202405291719.44THJP7C069768@gitrepo.freebsd.org>
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org,
        dev-commits-ports-main@FreeBSD.org
From: "Sergey A. Osokin" <osa@FreeBSD.org>
Subject: git: 38d9ad236dec - main - www/nginx-devel: security update
  from 1.26.0 to 1.27.0
List-Id: Commit messages for all branches of the ports repository <dev-commits-ports-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all
List-Help: <mailto:dev-commits-ports-all+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-ports-all@freebsd.org
Sender: owner-dev-commits-ports-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: osa
X-Git-Repository: ports
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 38d9ad236dec3559ddc003ef0f413efde7704764
Auto-Submitted: auto-generated

The branch main has been updated by osa:

URL: https://cgit.FreeBSD.org/ports/commit/?id=38d9ad236dec3559ddc003ef0f413efde7704764

commit 38d9ad236dec3559ddc003ef0f413efde7704764
Author:     Sergey A. Osokin <osa@FreeBSD.org>
AuthorDate: 2024-05-29 17:18:49 +0000
Commit:     Sergey A. Osokin <osa@FreeBSD.org>
CommitDate: 2024-05-29 17:18:49 +0000

    www/nginx-devel: security update from 1.26.0 to 1.27.0
    
    Update third-party passenger module to 6.0.22.
    
    <ChangeLog>
    
        *) Security: when using HTTP/3, processing of a specially crafted QUIC
           session might cause a worker process crash, worker process memory
           disclosure on systems with MTU larger than 4096 bytes, or might have
           potential other impact (CVE-2024-32760, CVE-2024-31079,
           CVE-2024-35200, CVE-2024-34161).
           Thanks to Nils Bars of CISPA.
    
        *) Feature: variables support in the "proxy_limit_rate",
           "fastcgi_limit_rate", "scgi_limit_rate", and "uwsgi_limit_rate"
           directives.
    
        *) Bugfix: reduced memory consumption for long-lived requests if "gzip",
           "gunzip", "ssi", "sub_filter", or "grpc_pass" directives are used.
    
        *) Bugfix: nginx could not be built by gcc 14 if the --with-atomic
           option was used.
           Thanks to Edgar Bonet.
    
        *) Bugfixes in HTTP/3.
    
    <ChangeLog>
---
 www/nginx-devel/Makefile                                   |  5 ++---
 www/nginx-devel/Makefile.extmod                            |  5 +++--
 www/nginx-devel/distinfo                                   | 14 +++++++-------
 www/nginx-devel/files/extra-patch-passenger-build-nginx.rb |  4 ++--
 .../files/extra-patch-passenger-disable-telemetry          |  4 ++--
 ...extra-patch-passenger_src_nginx__module_Configuration.c | 11 +++++++++++
 6 files changed, 27 insertions(+), 16 deletions(-)

diff --git a/www/nginx-devel/Makefile b/www/nginx-devel/Makefile
index 97589f3d6bdd..f7760d39528f 100644
--- a/www/nginx-devel/Makefile
+++ b/www/nginx-devel/Makefile
@@ -1,6 +1,5 @@
 PORTNAME?=	nginx
-PORTVERSION=	1.26.0
-PORTREVISION=	2
+PORTVERSION=	1.27.0
 CATEGORIES=	www
 MASTER_SITES=	https://nginx.org/download/ \
 		LOCAL/osa
@@ -16,7 +15,7 @@ LICENSE_FILE?=	${WRKSRC}/LICENSE
 
 CONFLICTS_INSTALL=	nginx
 
-PORTSCOUT=	limit:^1\.2[6-7]\.[0-9]*
+PORTSCOUT=	limit:^1\.2[7-8]\.[0-9]*
 
 USES=		cpe
 
diff --git a/www/nginx-devel/Makefile.extmod b/www/nginx-devel/Makefile.extmod
index 80fcbbdfdb8f..8845d0f3e174 100644
--- a/www/nginx-devel/Makefile.extmod
+++ b/www/nginx-devel/Makefile.extmod
@@ -250,7 +250,7 @@ OTEL_LIB_DEPENDS=	libabsl_base.so:devel/abseil \
 OTEL_BUILD_DEPENDS=	${LOCALBASE}/include/opentelemetry/proto/common/v1/common.proto:devel/opentelemetry-proto
 OTEL_CONFIGURE_ENV+=	NGX_OTEL_PROTO_DIR=${PREFIX}/include
 
-PASSENGER_NGINX_VER=	6.0.20
+PASSENGER_NGINX_VER=	6.0.22
 PASSENGER_CATEGORIES=	ruby
 PASSENGER_USES=		ruby
 PASSENGER_BUILD_DEPENDS=${LOCALBASE}/bin/rake:devel/rubygem-rake
@@ -260,7 +260,8 @@ PASSENGER_DISTFILES=	passenger-${PASSENGER_NGINX_VER}.tar.gz:passenger
 PASSENGER_VARS=		WRKSRC_passenger=${WRKDIR}/passenger-${PASSENGER_NGINX_VER} \
 			DSO_EXTDIRS+=passenger-${PASSENGER_NGINX_VER}/src/nginx_module
 PASSENGER_EXTRA_PATCHES=${PATCHDIR}/extra-patch-passenger-build-nginx.rb \
-			${PATCHDIR}/extra-patch-passenger-disable-telemetry
+			${PATCHDIR}/extra-patch-passenger-disable-telemetry \
+			${PATCHDIR}/extra-patch-passenger_src_nginx__module_Configuration.c
 
 POSTGRES_USES=		pgsql
 POSTGRES_GH_TUPLE=	konstruxi:ngx_postgres:8aa7359:postgres
diff --git a/www/nginx-devel/distinfo b/www/nginx-devel/distinfo
index ce61e4e583bb..dc380cd1a97e 100644
--- a/www/nginx-devel/distinfo
+++ b/www/nginx-devel/distinfo
@@ -1,12 +1,12 @@
-TIMESTAMP = 1714506394
-SHA256 (nginx-1.26.0.tar.gz) = d2e6c8439d6c6db5015d8eaab2470ab52aef85a7bf363182879977e084370497
-SIZE (nginx-1.26.0.tar.gz) = 1244118
+TIMESTAMP = 1716999888
+SHA256 (nginx-1.27.0.tar.gz) = b7230e3cf87eaa2d4b0bc56aadc920a960c7873b9991a1b66ffcc08fc650129c
+SIZE (nginx-1.27.0.tar.gz) = 1244887
 SHA256 (nginx_mogilefs_module-1.0.4.tar.gz) = 7ac230d30907f013dff8d435a118619ea6168aa3714dba62c6962d350c6295ae
 SIZE (nginx_mogilefs_module-1.0.4.tar.gz) = 11208
 SHA256 (ngx_http_redis-0.3.9.tar.gz) = 21f87540f0a44b23ffa5df16fb3d788bc90803b255ef14f9c26e3847a6f26f46
 SIZE (ngx_http_redis-0.3.9.tar.gz) = 13051
-SHA256 (passenger-6.0.20.tar.gz) = fa8d9a37edb92f4a8f064b3005b57bccf10392ce4eb067838883206060e27107
-SIZE (passenger-6.0.20.tar.gz) = 8476308
+SHA256 (passenger-6.0.22.tar.gz) = 1fc2a89196fc83469b10fea1ac7b57002fb9bf2552d70f03b780c92d7d9ed044
+SIZE (passenger-6.0.22.tar.gz) = 8296503
 SHA256 (msva-nginx_ajp_module-fcbb2cc_GH0.tar.gz) = 522e94c59f5783f281d868ede2adf325bf2f8ffb9e62cf8451d4b9ac0516916c
 SIZE (msva-nginx_ajp_module-fcbb2cc_GH0.tar.gz) = 110807
 SHA256 (openresty-array-var-nginx-module-v0.05_GH0.tar.gz) = c949d4be6f3442c8e2937046448dc8d8def25c0e0fa6f4e805144cea45eabe80
@@ -29,10 +29,10 @@ SHA256 (openresty-echo-nginx-module-5a402aa_GH0.tar.gz) = bb2a4b1a0e5ffa0203c1be
 SIZE (openresty-echo-nginx-module-5a402aa_GH0.tar.gz) = 53336
 SHA256 (openresty-encrypted-session-nginx-module-v0.09_GH0.tar.gz) = fe9b95acf9726aefd71bf0aca6c11bee007f1da67e64be9b21a7131f0ed75ba6
 SIZE (openresty-encrypted-session-nginx-module-v0.09_GH0.tar.gz) = 11847
-SHA256 (calio-form-input-nginx-module-v0.12_GH0.tar.gz) = 5c1869d55897075adb3fdf840b21060dc54669a1f840a36d1539acc7e59dd106
-SIZE (calio-form-input-nginx-module-v0.12_GH0.tar.gz) = 11090
 SHA256 (ogarrett-nginx-fips-check-module-6cb4270_GH0.tar.gz) = d52fbb0f2819cd91b710ad85e6c8b452fdca6a5d81b0694d6637adba3fc2382c
 SIZE (ogarrett-nginx-fips-check-module-6cb4270_GH0.tar.gz) = 6494
+SHA256 (calio-form-input-nginx-module-v0.12_GH0.tar.gz) = 5c1869d55897075adb3fdf840b21060dc54669a1f840a36d1539acc7e59dd106
+SIZE (calio-form-input-nginx-module-v0.12_GH0.tar.gz) = 11090
 SHA256 (nieoding-nginx-gridfs-059bdc3_GH0.tar.gz) = 9b059b5ae7b602d12d32d5ebe2700827ea625f22c0fb3b9956242e11de63845b
 SIZE (nieoding-nginx-gridfs-059bdc3_GH0.tar.gz) = 4674
 SHA256 (openresty-headers-more-nginx-module-06dc0be_GH0.tar.gz) = 883b1e31d59f3eb1e76b34259711ad65a3443102973dcf22df329397f3d5eaa4
diff --git a/www/nginx-devel/files/extra-patch-passenger-build-nginx.rb b/www/nginx-devel/files/extra-patch-passenger-build-nginx.rb
index 40db3ee74183..95bf79da0865 100644
--- a/www/nginx-devel/files/extra-patch-passenger-build-nginx.rb
+++ b/www/nginx-devel/files/extra-patch-passenger-build-nginx.rb
@@ -1,5 +1,5 @@
---- ../passenger-6.0.20/build/nginx.rb.orig	2013-10-26 18:00:00.000000000 -0400
-+++ ../passenger-6.0.20/build/nginx.rb	2016-05-09 18:21:22.426777000 -0400
+--- ../passenger-6.0.22/build/nginx.rb.orig	2013-10-26 18:00:00.000000000 -0400
++++ ../passenger-6.0.22/build/nginx.rb	2016-05-09 18:21:22.426777000 -0400
 @@ -33,13 +33,12 @@
  desc "Build Nginx support files"
  task :nginx => [
diff --git a/www/nginx-devel/files/extra-patch-passenger-disable-telemetry b/www/nginx-devel/files/extra-patch-passenger-disable-telemetry
index 5b01b146eb5d..ca2ed9f0700a 100644
--- a/www/nginx-devel/files/extra-patch-passenger-disable-telemetry
+++ b/www/nginx-devel/files/extra-patch-passenger-disable-telemetry
@@ -1,5 +1,5 @@
---- ../passenger-6.0.20/src/ruby_supportlib/phusion_passenger/nginx/config_options.rb.orig	2018-12-03 12:23:06.980728000 -0500
-+++ ../passenger-6.0.20/src/ruby_supportlib/phusion_passenger/nginx/config_options.rb	2018-12-03 12:23:32.978924000 -0500
+--- ../passenger-6.0.22/src/ruby_supportlib/phusion_passenger/nginx/config_options.rb.orig	2018-12-03 12:23:06.980728000 -0500
++++ ../passenger-6.0.22/src/ruby_supportlib/phusion_passenger/nginx/config_options.rb	2018-12-03 12:23:32.978924000 -0500
 @@ -204,7 +204,7 @@
      :name     => 'passenger_disable_anonymous_telemetry',
      :scope    => :global,
diff --git a/www/nginx-devel/files/extra-patch-passenger_src_nginx__module_Configuration.c b/www/nginx-devel/files/extra-patch-passenger_src_nginx__module_Configuration.c
new file mode 100644
index 000000000000..4958d721fd2b
--- /dev/null
+++ b/www/nginx-devel/files/extra-patch-passenger_src_nginx__module_Configuration.c
@@ -0,0 +1,11 @@
+--- ../passenger-6.0.22/src/nginx_module/Configuration.c.orig	2024-05-29 12:56:52.144194000 -0400
++++ ../passenger-6.0.22/src/nginx_module/Configuration.c	2024-05-29 12:58:07.308893000 -0400
+@@ -225,7 +225,7 @@
+     conf->upstream_config.send_lowat = NGX_CONF_UNSET_SIZE;
+     conf->upstream_config.buffer_size = NGX_CONF_UNSET_SIZE;
+     #if NGINX_VERSION_NUM >= 1007007
+-        conf->upstream_config.limit_rate = NGX_CONF_UNSET_SIZE;
++        conf->upstream_config.limit_rate = NGX_CONF_UNSET_PTR;
+     #endif
+ 
+     conf->upstream_config.busy_buffers_size_conf = NGX_CONF_UNSET_SIZE;