| 1 |
commit: eb9262562ad6fc47db6f31d759a3d5b7608a1e2e |
| 2 |
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Tue Apr 4 18:17:50 2017 +0000 |
| 4 |
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Tue Apr 4 18:24:51 2017 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eb926256 |
| 7 |
|
| 8 |
www-servers/nginx: Rev bump mainline to re-enable mod_security support |
| 9 |
|
| 10 |
Package-Manager: Portage-2.3.5, Repoman-2.3.2 |
| 11 |
|
| 12 |
profiles/base/package.use.mask | 6 ---- |
| 13 |
.../nginx/files/http_security-pr_1373.patch | 33 ++++++++++++++++++++++ |
| 14 |
...ginx-1.11.12.ebuild => nginx-1.11.12-r1.ebuild} | 1 + |
| 15 |
3 files changed, 34 insertions(+), 6 deletions(-) |
| 16 |
|
| 17 |
diff --git a/profiles/base/package.use.mask b/profiles/base/package.use.mask |
| 18 |
index 96da6703d41..94179afe301 100644 |
| 19 |
--- a/profiles/base/package.use.mask |
| 20 |
+++ b/profiles/base/package.use.mask |
| 21 |
@@ -7,12 +7,6 @@ |
| 22 |
# This file is only for generic masks. For arch-specific masks (i.e. |
| 23 |
# mask everywhere, unmask on arch/*) use arch/base. |
| 24 |
|
| 25 |
-# Thomas Deutschmann <whissi@g.o> (22 Mar 2017) |
| 26 |
-# mod_security is currently incompatible with recent changes |
| 27 |
-# in >=nginx-1.11.11. |
| 28 |
-# https://github.com/SpiderLabs/ModSecurity/issues/1359 |
| 29 |
->=www-servers/nginx-1.11.11 nginx_modules_http_security |
| 30 |
- |
| 31 |
# Michał Górny <mgorny@g.o> (18 Mar 2017) |
| 32 |
# Requires removed old version of media-gfx/graphviz. |
| 33 |
media-gfx/nip2 graphviz |
| 34 |
|
| 35 |
diff --git a/www-servers/nginx/files/http_security-pr_1373.patch b/www-servers/nginx/files/http_security-pr_1373.patch |
| 36 |
new file mode 100644 |
| 37 |
index 00000000000..e4069e16330 |
| 38 |
--- /dev/null |
| 39 |
+++ b/www-servers/nginx/files/http_security-pr_1373.patch |
| 40 |
@@ -0,0 +1,33 @@ |
| 41 |
+From d19df159043106a4d6dfd113696900b5b0dae24b Mon Sep 17 00:00:00 2001 |
| 42 |
+From: Andrei Belov <defanator@×××××.com> |
| 43 |
+Date: Mon, 3 Apr 2017 12:52:01 +0300 |
| 44 |
+Subject: [PATCH] Fix building with nginx >= 1.11.11 |
| 45 |
+ |
| 46 |
+Closes SpiderLabs/ModSecurity#1359 |
| 47 |
+ |
| 48 |
+See also: |
| 49 |
+http://hg.nginx.org/nginx/rev/e662cbf1b932 |
| 50 |
+--- |
| 51 |
+ nginx/modsecurity/ngx_http_modsecurity.c | 6 ++++++ |
| 52 |
+ 1 file changed, 6 insertions(+) |
| 53 |
+ |
| 54 |
+diff --git a/nginx/modsecurity/ngx_http_modsecurity.c b/nginx/modsecurity/ngx_http_modsecurity.c |
| 55 |
+index 7c13953..367b2b8 100644 |
| 56 |
+--- a/nginx/modsecurity/ngx_http_modsecurity.c |
| 57 |
++++ b/nginx/modsecurity/ngx_http_modsecurity.c |
| 58 |
+@@ -528,9 +528,15 @@ ngx_http_modsecurity_save_request_body(ngx_http_request_t *r) |
| 59 |
+ |
| 60 |
+ hc = r->http_connection; |
| 61 |
+ |
| 62 |
++#if defined(nginx_version) && nginx_version >= 1011011 |
| 63 |
++ if (hc->free && size == cscf->large_client_header_buffers.size) { |
| 64 |
++ |
| 65 |
++ buf = hc->free->buf; |
| 66 |
++#else |
| 67 |
+ if (hc->nfree && size == cscf->large_client_header_buffers.size) { |
| 68 |
+ |
| 69 |
+ buf = hc->free[--hc->nfree]; |
| 70 |
++#endif |
| 71 |
+ |
| 72 |
+ ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, |
| 73 |
+ "ModSecurity: use http free large header buffer: %p %uz", |
| 74 |
|
| 75 |
diff --git a/www-servers/nginx/nginx-1.11.12.ebuild b/www-servers/nginx/nginx-1.11.12-r1.ebuild |
| 76 |
similarity index 99% |
| 77 |
rename from www-servers/nginx/nginx-1.11.12.ebuild |
| 78 |
rename to www-servers/nginx/nginx-1.11.12-r1.ebuild |
| 79 |
index 2790e11c3f3..7870abf9766 100644 |
| 80 |
--- a/www-servers/nginx/nginx-1.11.12.ebuild |
| 81 |
+++ b/www-servers/nginx/nginx-1.11.12-r1.ebuild |
| 82 |
@@ -359,6 +359,7 @@ src_prepare() { |
| 83 |
cd "${HTTP_SECURITY_MODULE_WD}" || die |
| 84 |
|
| 85 |
eapply "${FILESDIR}"/http_security-pr_1158.patch |
| 86 |
+ eapply "${FILESDIR}"/http_security-pr_1373.patch |
| 87 |
|
| 88 |
eautoreconf |
Archives