Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Conrad Kostecki <conikost@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
Date: Mon, 31 Oct 2022 13:24:04
Message-Id: 1667222611.967aee1fe04551ee6af528a931631c8365f74ec8.conikost@gentoo
1 commit: 967aee1fe04551ee6af528a931631c8365f74ec8
2 Author: Tomáš Mózes <hydrapolic <AT> gmail <DOT> com>
3 AuthorDate: Mon Oct 31 07:46:26 2022 +0000
4 Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
5 CommitDate: Mon Oct 31 13:23:31 2022 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=967aee1f
7
8 www-servers/nginx: drop vulnerable
9
10 Signed-off-by: Tomáš Mózes <hydrapolic <AT> gmail.com>
11 Closes: https://github.com/gentoo/gentoo/pull/28049
12 Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
13
14 www-servers/nginx/nginx-1.23.2-r1.ebuild | 1066 ------------------------------
15 1 file changed, 1066 deletions(-)
16
17 diff --git a/www-servers/nginx/nginx-1.23.2-r1.ebuild b/www-servers/nginx/nginx-1.23.2-r1.ebuild
18 deleted file mode 100644
19 index 5fb4b79bbe86..000000000000
20 --- a/www-servers/nginx/nginx-1.23.2-r1.ebuild
21 +++ /dev/null
22 @@ -1,1066 +0,0 @@
23 -# Copyright 1999-2022 Gentoo Authors
24 -# Distributed under the terms of the GNU General Public License v2
25 -
26 -EAPI=8
27 -
28 -# Maintainer notes:
29 -# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
30 -# - any http-module activates the main http-functionality and overrides USE=-http
31 -# - keep the following requirements in mind before adding external modules:
32 -# * alive upstream
33 -# * sane packaging
34 -# * builds cleanly
35 -# * does not need a patch for nginx core
36 -# - TODO: test the google-perftools module (included in vanilla tarball)
37 -
38 -# prevent perl-module from adding automagic perl DEPENDs
39 -GENTOO_DEPEND_ON_PERL="no"
40 -
41 -# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
42 -DEVEL_KIT_MODULE_PV="0.3.1"
43 -DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
44 -DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
45 -DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
46 -
47 -# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
48 -HTTP_BROTLI_MODULE_PV="1.0.0rc"
49 -HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
50 -HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
51 -HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
52 -
53 -# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
54 -HTTP_UPLOAD_PROGRESS_MODULE_PV="68b3ab3b64a0cee7f785d161401c8be357bbed12"
55 -HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
56 -HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
57 -HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
58 -
59 -# http_headers_more (https://github.com/openresty/headers-more-nginx-module, BSD license)
60 -HTTP_HEADERS_MORE_MODULE_PV="0.34"
61 -HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
62 -HTTP_HEADERS_MORE_MODULE_URI="https://github.com/openresty/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
63 -HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
64 -
65 -# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
66 -HTTP_CACHE_PURGE_MODULE_PV="2.3"
67 -HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
68 -HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
69 -HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
70 -
71 -# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
72 -HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
73 -HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
74 -HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
75 -HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
76 -
77 -# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
78 -HTTP_FANCYINDEX_MODULE_PV="0.4.4"
79 -HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
80 -HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
81 -HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
82 -
83 -# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
84 -HTTP_LUA_MODULE_PV="b6d167cf1a93c0c885c28db5a439f2404874cb26"
85 -HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
86 -HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/${HTTP_LUA_MODULE_PV}.tar.gz"
87 -HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
88 -LUA_COMPAT=( luajit )
89 -
90 -# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
91 -HTTP_AUTH_PAM_MODULE_PV="1.5.2"
92 -HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
93 -HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
94 -HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
95 -
96 -# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
97 -HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
98 -HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
99 -HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
100 -HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
101 -
102 -# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
103 -HTTP_METRICS_MODULE_PV="0.1.1"
104 -HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
105 -HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
106 -HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
107 -
108 -# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
109 -HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.2.1"
110 -HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
111 -HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
112 -HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
113 -
114 -# naxsi-core (https://github.com/wargio/naxsi, GPL-3)
115 -HTTP_NAXSI_MODULE_PV="4140b2ded624eb36f04c783c460379b9403012d0"
116 -HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
117 -HTTP_NAXSI_MODULE_URI="https://github.com/wargio/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
118 -HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
119 -HTTP_NAXSI_LIBINJECTION_MODULE_PV="49904c42a6e68dc8f16c022c693e897e4010a06c"
120 -HTTP_NAXSI_LIBINJECTION_MODULE_P="ngx_http_naxsi_libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV}"
121 -HTTP_NAXSI_LIBINJECTION_MODULE_URI="https://github.com/libinjection/libinjection/archive/${HTTP_NAXSI_LIBINJECTION_MODULE_PV}.tar.gz"
122 -
123 -# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
124 -RTMP_MODULE_PV="1.2.2"
125 -RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
126 -RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
127 -RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
128 -
129 -# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
130 -HTTP_DAV_EXT_MODULE_PV="3.0.0"
131 -HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
132 -HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
133 -HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
134 -
135 -# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
136 -HTTP_ECHO_MODULE_PV="0.63"
137 -HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
138 -HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
139 -HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
140 -
141 -# modsecurity for nginx (https://github.com/SpiderLabs/ModSecurity-nginx, https://github.com/SpiderLabs/ModSecurity, Apache-2.0)
142 -HTTP_SECURITY_MODULE_PV="1.0.3"
143 -HTTP_SECURITY_MODULE_P="modsecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
144 -HTTP_SECURITY_MODULE_URI="https://github.com/SpiderLabs/ModSecurity-nginx/archive/refs/tags/v${HTTP_SECURITY_MODULE_PV}.tar.gz"
145 -HTTP_SECURITY_MODULE_WD="${WORKDIR}/ModSecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
146 -
147 -# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
148 -HTTP_PUSH_STREAM_MODULE_PV="8c02220d484d7848bc8e3a6d9b1c616987e86f66"
149 -HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
150 -HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
151 -HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
152 -
153 -# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
154 -HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
155 -HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
156 -HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
157 -HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
158 -
159 -# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
160 -HTTP_MOGILEFS_MODULE_PV="1.0.4"
161 -HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
162 -HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
163 -HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
164 -
165 -# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
166 -HTTP_MEMC_MODULE_PV="0.19"
167 -HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
168 -HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
169 -HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
170 -
171 -# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
172 -HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
173 -HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
174 -HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
175 -HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
176 -
177 -# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
178 -GEOIP2_MODULE_PV="3.4"
179 -GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
180 -GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
181 -GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
182 -
183 -# njs-module (https://github.com/nginx/njs, as-is)
184 -NJS_MODULE_PV="0.7.7"
185 -NJS_MODULE_P="njs-${NJS_MODULE_PV}"
186 -NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
187 -NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
188 -
189 -# We handle deps below ourselves
190 -SSL_DEPS_SKIP=1
191 -AUTOTOOLS_AUTO_DEPEND="no"
192 -
193 -inherit autotools lua-single ssl-cert toolchain-funcs perl-module systemd pax-utils
194 -
195 -DESCRIPTION="Robust, small and high performance http and reverse proxy server"
196 -HOMEPAGE="https://nginx.org"
197 -SRC_URI="https://nginx.org/download/${P}.tar.gz
198 - ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
199 - nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
200 - nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
201 - nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
202 - nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
203 - nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
204 - nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
205 - nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
206 - nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
207 - nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
208 - nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
209 - nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
210 - nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
211 - nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
212 - nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
213 - nginx_modules_http_naxsi? (
214 - ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz
215 - ${HTTP_NAXSI_LIBINJECTION_MODULE_URI} -> ${HTTP_NAXSI_LIBINJECTION_MODULE_P}.tar.gz
216 - )
217 - nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
218 - nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
219 - nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
220 - nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
221 - nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
222 - nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
223 - nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
224 - nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
225 - nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
226 - rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
227 -
228 -LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
229 - nginx_modules_http_security? ( Apache-2.0 )
230 - nginx_modules_http_push_stream? ( GPL-3 )"
231 -
232 -SLOT="mainline"
233 -KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
234 -
235 -# Package doesn't provide a real test suite
236 -RESTRICT="test"
237 -
238 -NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
239 - fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
240 - proxy referer rewrite scgi ssi split_clients upstream_hash
241 - upstream_ip_hash upstream_keepalive upstream_least_conn
242 - upstream_zone userid uwsgi"
243 -NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
244 - gzip_static image_filter mp4 perl random_index realip secure_link
245 - slice stub_status sub xslt"
246 -NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
247 - upstream_hash upstream_least_conn upstream_zone"
248 -NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
249 -NGINX_MODULES_MAIL="imap pop3 smtp"
250 -NGINX_MODULES_3RD="
251 - http_auth_ldap
252 - http_auth_pam
253 - http_brotli
254 - http_cache_purge
255 - http_dav_ext
256 - http_echo
257 - http_fancyindex
258 - http_geoip2
259 - http_headers_more
260 - http_javascript
261 - http_lua
262 - http_memc
263 - http_metrics
264 - http_mogilefs
265 - http_naxsi
266 - http_push_stream
267 - http_security
268 - http_slowfs_cache
269 - http_sticky
270 - http_upload_progress
271 - http_upstream_check
272 - http_vhost_traffic_status
273 - stream_geoip2
274 - stream_javascript
275 -"
276 -
277 -IUSE="aio debug +http +http2 +http-cache libatomic pcre +pcre2 pcre-jit rtmp selinux ssl threads vim-syntax"
278 -
279 -for mod in $NGINX_MODULES_STD; do
280 - IUSE="${IUSE} +nginx_modules_http_${mod}"
281 -done
282 -
283 -for mod in $NGINX_MODULES_OPT; do
284 - IUSE="${IUSE} nginx_modules_http_${mod}"
285 -done
286 -
287 -for mod in $NGINX_MODULES_STREAM_STD; do
288 - IUSE="${IUSE} nginx_modules_stream_${mod}"
289 -done
290 -
291 -for mod in $NGINX_MODULES_STREAM_OPT; do
292 - IUSE="${IUSE} nginx_modules_stream_${mod}"
293 -done
294 -
295 -for mod in $NGINX_MODULES_MAIL; do
296 - IUSE="${IUSE} nginx_modules_mail_${mod}"
297 -done
298 -
299 -for mod in $NGINX_MODULES_3RD; do
300 - IUSE="${IUSE} nginx_modules_${mod}"
301 -done
302 -
303 -# Add so we can warn users updating about config changes
304 -# @TODO: jbergstroem: remove on next release series
305 -IUSE="${IUSE} nginx_modules_http_spdy"
306 -
307 -CDEPEND="
308 - acct-group/nginx
309 - acct-user/nginx
310 - virtual/libcrypt:=
311 - pcre? ( dev-libs/libpcre:= )
312 - pcre2? ( dev-libs/libpcre2:= )
313 - pcre-jit? ( dev-libs/libpcre:=[jit] )
314 - ssl? (
315 - dev-libs/openssl:0=
316 - )
317 - http2? (
318 - >=dev-libs/openssl-1.0.1c:0=
319 - )
320 - http-cache? (
321 - dev-libs/openssl:0=
322 - )
323 - nginx_modules_http_brotli? ( app-arch/brotli:= )
324 - nginx_modules_http_geoip? ( dev-libs/geoip )
325 - nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
326 - nginx_modules_http_gunzip? ( sys-libs/zlib )
327 - nginx_modules_http_gzip? ( sys-libs/zlib )
328 - nginx_modules_http_gzip_static? ( sys-libs/zlib )
329 - nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
330 - nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
331 - nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
332 - nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
333 - nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
334 - nginx_modules_http_lua? ( ${LUA_DEPS} )
335 - nginx_modules_http_auth_pam? ( sys-libs/pam )
336 - nginx_modules_http_metrics? ( dev-libs/yajl:= )
337 - nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
338 - nginx_modules_http_security? ( dev-libs/modsecurity )
339 - nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
340 - nginx_modules_stream_geoip? ( dev-libs/geoip )
341 - nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
342 -RDEPEND="${CDEPEND}
343 - app-misc/mime-types[nginx]
344 - selinux? ( sec-policy/selinux-nginx )
345 - !www-servers/nginx:0"
346 -DEPEND="${CDEPEND}
347 - arm? ( dev-libs/libatomic_ops )
348 - libatomic? ( dev-libs/libatomic_ops )"
349 -BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )"
350 -PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
351 -
352 -REQUIRED_USE="pcre-jit? ( pcre )
353 - nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
354 - nginx_modules_http_grpc? ( http2 )
355 - nginx_modules_http_lua? (
356 - ${LUA_REQUIRED_USE}
357 - nginx_modules_http_rewrite
358 - pcre
359 - !pcre2
360 - )
361 - nginx_modules_http_naxsi? ( nginx_modules_http_rewrite pcre )
362 - nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
363 - nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
364 - nginx_modules_http_security? ( pcre )
365 - nginx_modules_http_push_stream? ( ssl )"
366 -
367 -pkg_setup() {
368 - NGINX_HOME="/var/lib/nginx"
369 - NGINX_HOME_TMP="${NGINX_HOME}/tmp"
370 -
371 - if use libatomic; then
372 - ewarn "GCC 4.1+ features built-in atomic operations."
373 - ewarn "Using libatomic_ops is only needed if using"
374 - ewarn "a different compiler or a GCC prior to 4.1"
375 - fi
376 -
377 - if [[ -n $NGINX_ADD_MODULES ]]; then
378 - ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
379 - ewarn "This nginx installation is not supported!"
380 - ewarn "Make sure you can reproduce the bug without those modules"
381 - ewarn "_before_ reporting bugs."
382 - fi
383 -
384 - if use !http; then
385 - ewarn "To actually disable all http-functionality you also have to disable"
386 - ewarn "all nginx http modules."
387 - fi
388 -
389 - if use nginx_modules_http_mogilefs && use threads; then
390 - eerror "mogilefs won't compile with threads support."
391 - eerror "Please disable either flag and try again."
392 - die "Can't compile mogilefs with threads support"
393 - fi
394 -
395 - use nginx_modules_http_lua && lua-single_pkg_setup
396 -}
397 -
398 -src_prepare() {
399 - eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
400 - eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
401 -
402 - if use nginx_modules_http_sticky; then
403 - cd "${HTTP_STICKY_MODULE_WD}" || die
404 - eapply "${FILESDIR}"/http_sticky-nginx-1.23.0.patch
405 - cd "${S}" || die
406 - fi
407 -
408 - if use nginx_modules_http_naxsi; then
409 - cd "${HTTP_NAXSI_MODULE_WD}" || die
410 - rm -r libinjection || die
411 - mv ../../libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV} libinjection || die
412 - cd "${S}" || die
413 - fi
414 -
415 - if use nginx_modules_http_brotli; then
416 - cd "${HTTP_BROTLI_MODULE_WD}" || die
417 - eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
418 - cd "${S}" || die
419 - fi
420 -
421 - if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
422 - cd "${NJS_MODULE_WD}" || die
423 - eapply "${FILESDIR}"/http_javascript_cve_2022-38890.patch
424 - cd "${S}" || die
425 - fi
426 -
427 - if use nginx_modules_http_upstream_check; then
428 - eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
429 - fi
430 -
431 - if use nginx_modules_http_cache_purge; then
432 - cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
433 - eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
434 - cd "${S}" || die
435 - fi
436 -
437 - if use nginx_modules_http_upload_progress; then
438 - cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
439 - eapply "${FILESDIR}"/http_uploadprogress-nginx-1.23.0.patch
440 - cd "${S}" || die
441 - fi
442 -
443 - find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
444 - # We have config protection, don't rename etc files
445 - sed -i 's:.default::' auto/install || die
446 - # remove useless files
447 - sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
448 -
449 - # don't install to /etc/nginx/ if not in use
450 - local module
451 - for module in fastcgi scgi uwsgi ; do
452 - if ! use nginx_modules_http_${module}; then
453 - sed -i -e "/${module}/d" auto/install || die
454 - fi
455 - done
456 -
457 - eapply_user
458 -}
459 -
460 -src_configure() {
461 - local myconf=() http_enabled= mail_enabled= stream_enabled=
462 -
463 - use aio && myconf+=( --with-file-aio )
464 - use debug && myconf+=( --with-debug )
465 - use http2 && myconf+=( --with-http_v2_module )
466 - use libatomic && myconf+=( --with-libatomic )
467 - use pcre && myconf+=( --with-pcre --without-pcre2 )
468 - use pcre-jit && myconf+=( --with-pcre-jit )
469 - use threads && myconf+=( --with-threads )
470 -
471 - # HTTP modules
472 - for mod in $NGINX_MODULES_STD; do
473 - if use nginx_modules_http_${mod}; then
474 - http_enabled=1
475 - else
476 - myconf+=( --without-http_${mod}_module )
477 - fi
478 - done
479 -
480 - for mod in $NGINX_MODULES_OPT; do
481 - if use nginx_modules_http_${mod}; then
482 - http_enabled=1
483 - myconf+=( --with-http_${mod}_module )
484 - fi
485 - done
486 -
487 - if use nginx_modules_http_fastcgi; then
488 - myconf+=( --with-http_realip_module )
489 - fi
490 -
491 - # third-party modules
492 - if use nginx_modules_http_upload_progress; then
493 - http_enabled=1
494 - myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
495 - fi
496 -
497 - if use nginx_modules_http_headers_more; then
498 - http_enabled=1
499 - myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
500 - fi
501 -
502 - if use nginx_modules_http_cache_purge; then
503 - http_enabled=1
504 - myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
505 - fi
506 -
507 - if use nginx_modules_http_slowfs_cache; then
508 - http_enabled=1
509 - myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
510 - fi
511 -
512 - if use nginx_modules_http_fancyindex; then
513 - http_enabled=1
514 - myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
515 - fi
516 -
517 - if use nginx_modules_http_lua; then
518 - http_enabled=1
519 - export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
520 - export LUAJIT_INC=$(lua_get_include_dir)
521 - myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
522 - myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
523 - fi
524 -
525 - if use nginx_modules_http_auth_pam; then
526 - http_enabled=1
527 - myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
528 - fi
529 -
530 - if use nginx_modules_http_upstream_check; then
531 - http_enabled=1
532 - myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
533 - fi
534 -
535 - if use nginx_modules_http_metrics; then
536 - http_enabled=1
537 - myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
538 - fi
539 -
540 - if use nginx_modules_http_naxsi ; then
541 - http_enabled=1
542 - myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
543 - fi
544 -
545 - if use rtmp ; then
546 - http_enabled=1
547 - myconf+=( --add-module=${RTMP_MODULE_WD} )
548 - fi
549 -
550 - if use nginx_modules_http_dav_ext ; then
551 - http_enabled=1
552 - myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
553 - fi
554 -
555 - if use nginx_modules_http_echo ; then
556 - http_enabled=1
557 - myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
558 - fi
559 -
560 - if use nginx_modules_http_security ; then
561 - http_enabled=1
562 - myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD} )
563 - fi
564 -
565 - if use nginx_modules_http_push_stream ; then
566 - http_enabled=1
567 - myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
568 - fi
569 -
570 - if use nginx_modules_http_sticky ; then
571 - http_enabled=1
572 - myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
573 - fi
574 -
575 - if use nginx_modules_http_mogilefs ; then
576 - http_enabled=1
577 - myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
578 - fi
579 -
580 - if use nginx_modules_http_memc ; then
581 - http_enabled=1
582 - myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
583 - fi
584 -
585 - if use nginx_modules_http_auth_ldap; then
586 - http_enabled=1
587 - myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
588 - fi
589 -
590 - if use nginx_modules_http_vhost_traffic_status; then
591 - http_enabled=1
592 - myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
593 - fi
594 -
595 - if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
596 - myconf+=( --add-module=${GEOIP2_MODULE_WD} )
597 - fi
598 -
599 - if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
600 - myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
601 - fi
602 -
603 - if use nginx_modules_http_brotli; then
604 - http_enabled=1
605 - myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
606 - fi
607 -
608 - if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
609 - http_enabled=1
610 - fi
611 -
612 - if [ $http_enabled ]; then
613 - use http-cache || myconf+=( --without-http-cache )
614 - use ssl && myconf+=( --with-http_ssl_module )
615 - else
616 - myconf+=( --without-http --without-http-cache )
617 - fi
618 -
619 - # Stream modules
620 - for mod in $NGINX_MODULES_STREAM_STD; do
621 - if use nginx_modules_stream_${mod}; then
622 - stream_enabled=1
623 - else
624 - myconf+=( --without-stream_${mod}_module )
625 - fi
626 - done
627 -
628 - for mod in $NGINX_MODULES_STREAM_OPT; do
629 - if use nginx_modules_stream_${mod}; then
630 - stream_enabled=1
631 - myconf+=( --with-stream_${mod}_module )
632 - fi
633 - done
634 -
635 - if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
636 - stream_enabled=1
637 - fi
638 -
639 - if [ $stream_enabled ]; then
640 - myconf+=( --with-stream )
641 - use ssl && myconf+=( --with-stream_ssl_module )
642 - fi
643 -
644 - # MAIL modules
645 - for mod in $NGINX_MODULES_MAIL; do
646 - if use nginx_modules_mail_${mod}; then
647 - mail_enabled=1
648 - else
649 - myconf+=( --without-mail_${mod}_module )
650 - fi
651 - done
652 -
653 - if [ $mail_enabled ]; then
654 - myconf+=( --with-mail )
655 - use ssl && myconf+=( --with-mail_ssl_module )
656 - fi
657 -
658 - # custom modules
659 - for mod in $NGINX_ADD_MODULES; do
660 - myconf+=( --add-module=${mod} )
661 - done
662 -
663 - # https://bugs.gentoo.org/286772
664 - export LANG=C LC_ALL=C
665 - tc-export AR CC
666 -
667 - if ! use prefix; then
668 - myconf+=( --user=${PN} )
669 - myconf+=( --group=${PN} )
670 - fi
671 -
672 - if [[ -n "${EXTRA_ECONF}" ]]; then
673 - myconf+=( ${EXTRA_ECONF} )
674 - ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
675 - fi
676 -
677 - ./configure \
678 - --prefix="${EPREFIX}"/usr \
679 - --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
680 - --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
681 - --pid-path="${EPREFIX}"/run/${PN}.pid \
682 - --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
683 - --with-cc-opt="-I${ESYSROOT}/usr/include" \
684 - --with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
685 - --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
686 - --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
687 - --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
688 - --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
689 - --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
690 - --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
691 - --with-compat \
692 - "${myconf[@]}" || die "configure failed"
693 -
694 - # A purely cosmetic change that makes nginx -V more readable. This can be
695 - # good if people outside the gentoo community would troubleshoot and
696 - # question the users setup.
697 - sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
698 -}
699 -
700 -src_compile() {
701 - # https://bugs.gentoo.org/286772
702 - export LANG=C LC_ALL=C
703 - emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
704 -}
705 -
706 -src_install() {
707 - emake DESTDIR="${D}" install
708 -
709 - cp "${FILESDIR}"/nginx.conf-r3 "${ED}"/etc/nginx/nginx.conf || die
710 -
711 - newinitd "${FILESDIR}"/nginx.initd-r4 nginx
712 - newconfd "${FILESDIR}"/nginx.confd nginx
713 -
714 - systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
715 -
716 - doman man/nginx.8
717 - dodoc CHANGES* README
718 -
719 - # just keepdir. do not copy the default htdocs files (bug #449136)
720 - keepdir /var/www/localhost
721 - rm -rf "${ED}"/usr/html || die
722 -
723 - # set up a list of directories to keep
724 - local keepdir_list="${NGINX_HOME_TMP}"/client
725 - local module
726 - for module in proxy fastcgi scgi uwsgi; do
727 - use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
728 - done
729 -
730 - keepdir /var/log/nginx ${keepdir_list}
731 -
732 - # this solves a problem with SELinux where nginx doesn't see the directories
733 - # as root and tries to create them as nginx
734 - fperms 0750 "${NGINX_HOME_TMP}"
735 - fowners ${PN}:0 "${NGINX_HOME_TMP}"
736 -
737 - fperms 0700 ${keepdir_list}
738 - fowners ${PN}:${PN} ${keepdir_list}
739 -
740 - fperms 0710 /var/log/nginx
741 - fowners 0:${PN} /var/log/nginx
742 -
743 - # logrotate
744 - insinto /etc/logrotate.d
745 - newins "${FILESDIR}"/nginx.logrotate-r1 nginx
746 -
747 - # Don't create /run
748 - rm -rf "${ED}"/run || die
749 -
750 - if use lua_single_target_luajit; then
751 - pax-mark m "${ED}/usr/sbin/nginx"
752 - fi
753 -
754 - if use nginx_modules_http_perl; then
755 - cd "${S}"/objs/src/http/modules/perl/ || die
756 - emake DESTDIR="${D}" INSTALLDIRS=vendor
757 - perl_delete_localpod
758 - cd "${S}" || die
759 - fi
760 -
761 - if use nginx_modules_http_cache_purge; then
762 - docinto ${HTTP_CACHE_PURGE_MODULE_P}
763 - dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
764 - fi
765 -
766 - if use nginx_modules_http_slowfs_cache; then
767 - docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
768 - dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
769 - fi
770 -
771 - if use nginx_modules_http_fancyindex; then
772 - docinto ${HTTP_FANCYINDEX_MODULE_P}
773 - dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
774 - fi
775 -
776 - if use nginx_modules_http_lua; then
777 - docinto ${HTTP_LUA_MODULE_P}
778 - dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
779 - fi
780 -
781 - if use nginx_modules_http_auth_pam; then
782 - docinto ${HTTP_AUTH_PAM_MODULE_P}
783 - dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
784 - fi
785 -
786 - if use nginx_modules_http_upstream_check; then
787 - docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
788 - dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
789 - fi
790 -
791 - if use nginx_modules_http_naxsi; then
792 - insinto /etc/nginx/naxsi
793 - doins "${HTTP_NAXSI_MODULE_WD}"/../distros/nginx/*
794 - doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/naxsi_core.rules
795 - doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/blocking
796 - doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/whitelists
797 - fi
798 -
799 - if use rtmp; then
800 - docinto ${RTMP_MODULE_P}
801 - dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
802 - fi
803 -
804 - if use nginx_modules_http_dav_ext; then
805 - docinto ${HTTP_DAV_EXT_MODULE_P}
806 - dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
807 - fi
808 -
809 - if use nginx_modules_http_echo; then
810 - docinto ${HTTP_ECHO_MODULE_P}
811 - dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
812 - fi
813 -
814 - if use nginx_modules_http_security; then
815 - docinto ${HTTP_SECURITY_MODULE_P}
816 - dodoc "${HTTP_SECURITY_MODULE_WD}"/{AUTHORS,CHANGES,README.md}
817 - fi
818 -
819 - if use nginx_modules_http_push_stream; then
820 - docinto ${HTTP_PUSH_STREAM_MODULE_P}
821 - dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
822 - fi
823 -
824 - if use nginx_modules_http_sticky; then
825 - docinto ${HTTP_STICKY_MODULE_P}
826 - dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
827 - fi
828 -
829 - if use nginx_modules_http_memc; then
830 - docinto ${HTTP_MEMC_MODULE_P}
831 - dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
832 - fi
833 -
834 - if use nginx_modules_http_auth_ldap; then
835 - docinto ${HTTP_LDAP_MODULE_P}
836 - dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
837 - fi
838 -}
839 -
840 -pkg_postinst() {
841 - if use ssl; then
842 - if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
843 - install_cert /etc/ssl/${PN}/${PN}
844 - use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
845 - fi
846 - fi
847 -
848 - if use nginx_modules_http_spdy; then
849 - ewarn ""
850 - ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
851 - ewarn "Update your configs and package.use accordingly."
852 - fi
853 -
854 - if use nginx_modules_http_lua; then
855 - ewarn ""
856 - ewarn "While you can build lua 3rd party module against ${P}"
857 - ewarn "the author warns that >=${PN}-1.11.11 is still not an"
858 - ewarn "officially supported target yet. You are on your own."
859 - ewarn "Expect runtime failures, memory leaks and other problems!"
860 - fi
861 -
862 - if use nginx_modules_http_lua && use http2; then
863 - ewarn ""
864 - ewarn "Lua 3rd party module author warns against using ${P} with"
865 - ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
866 - fi
867 -
868 - local _n_permission_layout_checks=0
869 - local _has_to_adjust_permissions=0
870 - local _has_to_show_permission_warning=0
871 -
872 - # Defaults to 1 to inform people doing a fresh installation
873 - # that we ship modified {scgi,uwsgi,fastcgi}_params files
874 - local _has_to_show_httpoxy_mitigation_notice=1
875 -
876 - local _replacing_version=
877 - for _replacing_version in ${REPLACING_VERSIONS}; do
878 - _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
879 -
880 - if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
881 - # Should never happen:
882 - # Package is abusing slots but doesn't allow multiple parallel installations.
883 - # If we run into this situation it is unsafe to automatically adjust any
884 - # permission...
885 - _has_to_show_permission_warning=1
886 -
887 - ewarn "Replacing multiple ${PN}' versions is unsupported! " \
888 - "You will have to adjust permissions on your own."
889 -
890 - break
891 - fi
892 -
893 - local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
894 - debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
895 -
896 - # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
897 - # This was before we introduced multiple nginx versions so we
898 - # do not need to distinguish between stable and mainline
899 - local _need_to_fix_CVE2013_0337=1
900 -
901 - if ver_test ${_replacing_version} -ge 1.4.1-r2; then
902 - # We are updating an installation which should already be fixed
903 - _need_to_fix_CVE2013_0337=0
904 - debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
905 - else
906 - _has_to_adjust_permissions=1
907 - debug-print "Need to adjust permissions to fix CVE-2013-0337!"
908 - fi
909 -
910 - # Do we need to inform about HTTPoxy mitigation?
911 - # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
912 - if ver_test ${_replacing_version_branch} -lt 1.10; then
913 - # Updating from <1.10
914 - _has_to_show_httpoxy_mitigation_notice=1
915 - debug-print "Need to inform about HTTPoxy mitigation!"
916 - else
917 - # Updating from >=1.10
918 - local _fixed_in_pvr=
919 - case "${_replacing_version_branch}" in
920 - "1.10")
921 - _fixed_in_pvr="1.10.1-r2"
922 - ;;
923 - "1.11")
924 - _fixed_in_pvr="1.11.3-r1"
925 - ;;
926 - *)
927 - # This should be any future branch.
928 - # If we run this code it is safe to assume that the user has
929 - # already seen the HTTPoxy mitigation notice because he/she is doing
930 - # an update from previous version where we have already shown
931 - # the warning. Otherwise, we wouldn't hit this code path ...
932 - _fixed_in_pvr=
933 - esac
934 -
935 - if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
936 - # We are updating an installation where we already informed
937 - # that we are mitigating HTTPoxy per default
938 - _has_to_show_httpoxy_mitigation_notice=0
939 - debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
940 - else
941 - _has_to_show_httpoxy_mitigation_notice=1
942 - debug-print "Need to inform about HTTPoxy mitigation!"
943 - fi
944 - fi
945 -
946 - # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
947 - # All branches up to 1.11 are affected
948 - local _need_to_fix_CVE2016_1247=1
949 -
950 - if ver_test ${_replacing_version_branch} -lt 1.10; then
951 - # Updating from <1.10
952 - _has_to_adjust_permissions=1
953 - debug-print "Need to adjust permissions to fix CVE-2016-1247!"
954 - else
955 - # Updating from >=1.10
956 - local _fixed_in_pvr=
957 - case "${_replacing_version_branch}" in
958 - "1.10")
959 - _fixed_in_pvr="1.10.2-r3"
960 - ;;
961 - "1.11")
962 - _fixed_in_pvr="1.11.6-r1"
963 - ;;
964 - *)
965 - # This should be any future branch.
966 - # If we run this code it is safe to assume that we have already
967 - # adjusted permissions or were never affected because user is
968 - # doing an update from previous version which was safe or did
969 - # the adjustments. Otherwise, we wouldn't hit this code path ...
970 - _fixed_in_pvr=
971 - esac
972 -
973 - if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
974 - # We are updating an installation which should already be adjusted
975 - # or which was never affected
976 - _need_to_fix_CVE2016_1247=0
977 - debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
978 - else
979 - _has_to_adjust_permissions=1
980 - debug-print "Need to adjust permissions to fix CVE-2016-1247!"
981 - fi
982 - fi
983 - done
984 -
985 - if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
986 - # We do not DIE when chmod/chown commands are failing because
987 - # package is already merged on user's system at this stage
988 - # and we cannot retry without losing the information that
989 - # the existing installation needs to adjust permissions.
990 - # Instead we are going to a show a big warning ...
991 -
992 - if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
993 - ewarn ""
994 - ewarn "The world-readable bit (if set) has been removed from the"
995 - ewarn "following directories to mitigate a security bug"
996 - ewarn "(CVE-2013-0337, bug #458726):"
997 - ewarn ""
998 - ewarn " ${EPREFIX}/var/log/nginx"
999 - ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
1000 - ewarn ""
1001 - ewarn "Check if this is correct for your setup before restarting nginx!"
1002 - ewarn "This is a one-time change and will not happen on subsequent updates."
1003 - ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
1004 - chmod o-rwx \
1005 - "${EPREFIX}"/var/log/nginx \
1006 - "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
1007 - _has_to_show_permission_warning=1
1008 - fi
1009 -
1010 - if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
1011 - ewarn ""
1012 - ewarn "The permissions on the following directory have been reset in"
1013 - ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
1014 - ewarn ""
1015 - ewarn " ${EPREFIX}/var/log/nginx"
1016 - ewarn ""
1017 - ewarn "Check if this is correct for your setup before restarting nginx!"
1018 - ewarn "Also ensure that no other log directory used by any of your"
1019 - ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
1020 - ewarn "used by nginx can be abused to escalate privileges!"
1021 - ewarn "This is a one-time change and will not happen on subsequent updates."
1022 - chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
1023 - chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
1024 - fi
1025 -
1026 - if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
1027 - # Should never happen ...
1028 - ewarn ""
1029 - ewarn "*************************************************************"
1030 - ewarn "*************** W A R N I N G ***************"
1031 - ewarn "*************************************************************"
1032 - ewarn "The one-time only attempt to adjust permissions of the"
1033 - ewarn "existing nginx installation failed. Be aware that we will not"
1034 - ewarn "try to adjust the same permissions again because now you are"
1035 - ewarn "using a nginx version where we expect that the permissions"
1036 - ewarn "are already adjusted or that you know what you are doing and"
1037 - ewarn "want to keep custom permissions."
1038 - ewarn ""
1039 - fi
1040 - fi
1041 -
1042 - # Sanity check for CVE-2016-1247
1043 - # Required to warn users who received the warning above and thought
1044 - # they could fix it by unmerging and re-merging the package or have
1045 - # unmerged a affected installation on purpose in the past leaving
1046 - # /var/log/nginx on their system due to keepdir/non-empty folder
1047 - # and are now installing the package again.
1048 - local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
1049 - su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
1050 - if [ $? -eq 0 ] ; then
1051 - # Cleanup -- no reason to die here!
1052 - rm -f "${_sanity_check_testfile}"
1053 -
1054 - ewarn ""
1055 - ewarn "*************************************************************"
1056 - ewarn "*************** W A R N I N G ***************"
1057 - ewarn "*************************************************************"
1058 - ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
1059 - ewarn "(bug #605008) because nginx user is able to create files in"
1060 - ewarn ""
1061 - ewarn " ${EPREFIX}/var/log/nginx"
1062 - ewarn ""
1063 - ewarn "Also ensure that no other log directory used by any of your"
1064 - ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
1065 - ewarn "used by nginx can be abused to escalate privileges!"
1066 - fi
1067 -
1068 - if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
1069 - # HTTPoxy mitigation
1070 - ewarn ""
1071 - ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
1072 - ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
1073 - ewarn "the HTTP_PROXY parameter to an empty string per default when you"
1074 - ewarn "are sourcing one of the default"
1075 - ewarn ""
1076 - ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
1077 - ewarn " - 'scgi_params'"
1078 - ewarn " - 'uwsgi_params'"
1079 - ewarn ""
1080 - ewarn "files in your server block(s)."
1081 - ewarn ""
1082 - ewarn "If this is causing any problems for you make sure that you are sourcing the"
1083 - ewarn "default parameters _before_ you set your own values."
1084 - ewarn "If you are relying on user-supplied proxy values you have to remove the"
1085 - ewarn "correlating lines from the file(s) mentioned above."
1086 - ewarn ""
1087 - fi
1088 -}
Report Message
Find on MARC Find on Google Groups