From 05610e04b3087a024c7ac67132f3eb0940d62268 Mon Sep 17 00:00:00 2001 From: Adam Duskett Date: Wed, 30 Jun 2021 10:36:56 -0700 Subject: [PATCH] package/nginx: bump version to 1.20.1 Tested with ./utils/test-pkg -p nginx -a on Fedora 34 45 builds, 6 skipped, 0 build failed, 0 legal-info failed Other changes: - Rebase needed patches. - Update license hash due to year change. Signed-off-by: Adam Duskett Signed-off-by: Thomas Petazzoni --- ...ture_run_force_result-for-each-featu.patch | 40 ++++++++----------- ...ake-sys_nerr-guessing-cross-friendly.patch | 27 ++++++------- ...to-os-linux-fix-build-with-libxcrypt.patch | 2 +- ...ff-by-one-write-in-ngx_resolver_copy.patch | 40 ------------------- package/nginx/nginx.hash | 4 +- package/nginx/nginx.mk | 5 +-- 6 files changed, 33 insertions(+), 85 deletions(-) delete mode 100644 package/nginx/0010-Resolver-fixed-off-by-one-write-in-ngx_resolver_copy.patch diff --git a/package/nginx/0003-auto-set-ngx_feature_run_force_result-for-each-featu.patch b/package/nginx/0003-auto-set-ngx_feature_run_force_result-for-each-featu.patch index f186becdf8..ee7f3e9290 100644 --- a/package/nginx/0003-auto-set-ngx_feature_run_force_result-for-each-featu.patch +++ b/package/nginx/0003-auto-set-ngx_feature_run_force_result-for-each-featu.patch @@ -15,14 +15,16 @@ Signed-off-by: Samuel Martin Refresh for 1.8.0. Signed-off-by: Danomi Manchego +[rebased against v1.20.1] +Signed-off-by: Adam Duskett --- auto/cc/conf | 3 +++ auto/cc/name | 1 + auto/lib/libatomic/conf | 1 + auto/os/darwin | 3 +++ auto/os/linux | 4 ++++ - auto/unix | 8 ++++++++ - 6 files changed, 20 insertions(+) + auto/unix | 7 +++++++ + 6 files changed, 19 insertions(+) diff --git a/auto/cc/conf b/auto/cc/conf index afbca62b..ad42c800 100644 @@ -116,7 +118,7 @@ index 2c8a9bb8..eb4513ee 100644 ngx_feature_incs="#include " ngx_feature_path= ngx_feature_libs= -@@ -111,6 +112,7 @@ CC_AUX_FLAGS="$cc_aux_flags -D_GNU_SOURCE" +@@ -136,6 +137,7 @@ CC_AUX_FLAGS="$cc_aux_flags -D_GNU_SOURCE" ngx_feature="sendfile()" ngx_feature_name="NGX_HAVE_SENDFILE" ngx_feature_run=yes @@ -124,7 +126,7 @@ index 2c8a9bb8..eb4513ee 100644 ngx_feature_incs="#include #include " ngx_feature_path= -@@ -132,6 +134,7 @@ CC_AUX_FLAGS="$cc_aux_flags -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64" +@@ -157,6 +159,7 @@ CC_AUX_FLAGS="$cc_aux_flags -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64" ngx_feature="sendfile64()" ngx_feature_name="NGX_HAVE_SENDFILE64" ngx_feature_run=yes @@ -132,7 +134,7 @@ index 2c8a9bb8..eb4513ee 100644 ngx_feature_incs="#include #include " ngx_feature_path= -@@ -150,6 +153,7 @@ ngx_include="sys/prctl.h"; . auto/include +@@ -175,6 +178,7 @@ ngx_include="sys/prctl.h"; . auto/include ngx_feature="prctl(PR_SET_DUMPABLE)" ngx_feature_name="NGX_HAVE_PR_SET_DUMPABLE" ngx_feature_run=yes @@ -152,31 +154,23 @@ index 43d3b25a..3da00537 100644 ngx_feature_incs="#include #include " ngx_feature_path= -@@ -730,6 +731,7 @@ ngx_feature_test="char buf[1]; struct iovec vec[1]; ssize_t n; - ngx_feature="sys_nerr" - ngx_feature_name="NGX_SYS_NERR" - ngx_feature_run=value -+ngx_feature_run_force_result="$ngx_force_sys_nerr" - ngx_feature_incs='#include - #include ' - ngx_feature_path= -@@ -744,6 +746,7 @@ if [ $ngx_found = no ]; then - ngx_feature="_sys_nerr" +@@ -722,6 +723,7 @@ if [ $ngx_found = no ]; then + ngx_feature="sys_nerr" ngx_feature_name="NGX_SYS_NERR" ngx_feature_run=value + ngx_feature_run_force_result="$ngx_force_sys_nerr" ngx_feature_incs='#include #include ' ngx_feature_path= -@@ -759,6 +762,7 @@ if [ $ngx_found = no ]; then - ngx_feature='maximum errno' - ngx_feature_name=NGX_SYS_NERR +@@ -737,6 +739,7 @@ if [ $ngx_found = no ]; then + ngx_feature="_sys_nerr" + ngx_feature_name="NGX_SYS_NERR" ngx_feature_run=value + ngx_feature_run_force_result="$ngx_force_sys_nerr" ngx_feature_incs='#include - #include #include ' -@@ -841,6 +845,7 @@ ngx_feature_test="void *p; p = memalign(4096, 4096); + ngx_feature_path= +@@ -806,6 +809,7 @@ ngx_feature_test="void *p; p = memalign(4096, 4096); ngx_feature="mmap(MAP_ANON|MAP_SHARED)" ngx_feature_name="NGX_HAVE_MAP_ANON" ngx_feature_run=yes @@ -184,7 +178,7 @@ index 43d3b25a..3da00537 100644 ngx_feature_incs="#include " ngx_feature_path= ngx_feature_libs= -@@ -854,6 +859,7 @@ ngx_feature_test="void *p; +@@ -819,6 +823,7 @@ ngx_feature_test="void *p; ngx_feature='mmap("/dev/zero", MAP_SHARED)' ngx_feature_name="NGX_HAVE_MAP_DEVZERO" ngx_feature_run=yes @@ -192,7 +186,7 @@ index 43d3b25a..3da00537 100644 ngx_feature_incs="#include #include #include " -@@ -869,6 +875,7 @@ ngx_feature_test='void *p; int fd; +@@ -834,6 +839,7 @@ ngx_feature_test='void *p; int fd; ngx_feature="System V shared memory" ngx_feature_name="NGX_HAVE_SYSVSHM" ngx_feature_run=yes @@ -200,7 +194,7 @@ index 43d3b25a..3da00537 100644 ngx_feature_incs="#include #include " ngx_feature_path= -@@ -883,6 +890,7 @@ ngx_feature_test="int id; +@@ -848,6 +854,7 @@ ngx_feature_test="int id; ngx_feature="POSIX semaphores" ngx_feature_name="NGX_HAVE_POSIX_SEM" ngx_feature_run=yes diff --git a/package/nginx/0005-auto-unix-make-sys_nerr-guessing-cross-friendly.patch b/package/nginx/0005-auto-unix-make-sys_nerr-guessing-cross-friendly.patch index 747a034aee..79fa4970cb 100644 --- a/package/nginx/0005-auto-unix-make-sys_nerr-guessing-cross-friendly.patch +++ b/package/nginx/0005-auto-unix-make-sys_nerr-guessing-cross-friendly.patch @@ -15,10 +15,12 @@ Signed-off-by: Samuel Martin Refresh for 1.8.0. Signed-off-by: Danomi Manchego +[rebased against v1.20.1] +Signed-off-by: Adam Duskett --- - auto/os/sys_nerr | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - auto/unix | 10 ++++++++ - 2 files changed, 88 insertions(+) + auto/os/sys_nerr | 78 ++++++++++++++++++++++++++++++++++++++++++++++++ + auto/unix | 8 +++++ + 2 files changed, 86 insertions(+) create mode 100644 auto/os/sys_nerr diff --git a/auto/os/sys_nerr b/auto/os/sys_nerr @@ -109,18 +111,13 @@ diff --git a/auto/unix b/auto/unix index 7dbf9d1..00a7370 100755 --- a/auto/unix +++ b/auto/unix -@@ -736,6 +736,10 @@ ngx_feature_incs='#include - #include ' - ngx_feature_path= - ngx_feature_libs= -+ -+if false ; then -+# Disabled because only valid for native build. -+ - ngx_feature_test='printf("%d", sys_nerr);' - . auto/feature - -@@ -784,6 +788,12 @@ if [ $ngx_found = no ]; then +@@ -744,10 +744,18 @@ if [ $ngx_found = no ]; then + #include ' + ngx_feature_path= + ngx_feature_libs= ++ if false ; then ++ # Disabled because only valid for native build. + ngx_feature_test='printf("%d", _sys_nerr);' . auto/feature fi diff --git a/package/nginx/0009-auto-os-linux-fix-build-with-libxcrypt.patch b/package/nginx/0009-auto-os-linux-fix-build-with-libxcrypt.patch index 7e430ffc37..8b368d946f 100644 --- a/package/nginx/0009-auto-os-linux-fix-build-with-libxcrypt.patch +++ b/package/nginx/0009-auto-os-linux-fix-build-with-libxcrypt.patch @@ -23,7 +23,7 @@ diff --git a/auto/os/linux b/auto/os/linux index 5e280eca..04682812 100644 --- a/auto/os/linux +++ b/auto/os/linux -@@ -203,6 +203,9 @@ ngx_feature_test="struct crypt_data cd; +@@ -232,6 +232,9 @@ ngx_feature_test="struct crypt_data cd; crypt_r(\"key\", \"salt\", &cd);" . auto/feature diff --git a/package/nginx/0010-Resolver-fixed-off-by-one-write-in-ngx_resolver_copy.patch b/package/nginx/0010-Resolver-fixed-off-by-one-write-in-ngx_resolver_copy.patch deleted file mode 100644 index ba47768fe5..0000000000 --- a/package/nginx/0010-Resolver-fixed-off-by-one-write-in-ngx_resolver_copy.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 9f1dcb0c0473641730b871dee984016ff19d2c53 Mon Sep 17 00:00:00 2001 -From: Maxim Dounin -Date: Tue, 25 May 2021 15:17:36 +0300 -Subject: [PATCH] Resolver: fixed off-by-one write in ngx_resolver_copy(). - -Reported by Luis Merino, Markus Vervier, Eric Sesterhenn, X41 D-Sec GmbH. - -[peter@korsgaard.com: backport from upstream] -Signed-off-by: Peter Korsgaard ---- - src/core/ngx_resolver.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c -index 79390701..63b26193 100644 ---- a/src/core/ngx_resolver.c -+++ b/src/core/ngx_resolver.c -@@ -4008,15 +4008,15 @@ done: - n = *src++; - - } else { -+ if (dst != name->data) { -+ *dst++ = '.'; -+ } -+ - ngx_strlow(dst, src, n); - dst += n; - src += n; - - n = *src++; -- -- if (n != 0) { -- *dst++ = '.'; -- } - } - - if (n == 0) { --- -2.20.1 - diff --git a/package/nginx/nginx.hash b/package/nginx/nginx.hash index 8d17931a26..06d3392a2e 100644 --- a/package/nginx/nginx.hash +++ b/package/nginx/nginx.hash @@ -1,4 +1,4 @@ # Locally calculated after checking pgp signature -sha256 4c373e7ab5bf91d34a4f11a0c9496561061ba5eee6020db272a17a7228d35f99 nginx-1.18.0.tar.gz +sha256 e462e11533d5c30baa05df7652160ff5979591d291736cfa5edb9fd2edb48c49 nginx-1.20.1.tar.gz # License files, locally calculated -sha256 28ad30e2f64bd89ac1287b4606906bb99ed04d9f4e13fb6564a0be9c8a23f509 LICENSE +sha256 b57270c1f73eb6624b38b2d0a1affcec56b21fab39efbf8c837428f05cef1d73 LICENSE diff --git a/package/nginx/nginx.mk b/package/nginx/nginx.mk index e93e802fd3..36515e67cc 100644 --- a/package/nginx/nginx.mk +++ b/package/nginx/nginx.mk @@ -4,7 +4,7 @@ # ################################################################################ -NGINX_VERSION = 1.18.0 +NGINX_VERSION = 1.20.1 NGINX_SITE = http://nginx.org/download NGINX_LICENSE = BSD-2-Clause NGINX_LICENSE_FILES = LICENSE @@ -13,9 +13,6 @@ NGINX_DEPENDENCIES = \ host-pkgconf \ $(if $(BR2_PACKAGE_LIBXCRYPT),libxcrypt) -# 0010-Resolver-fixed-off-by-one-write-in-ngx_resolver_copy.patch -NGINX_IGNORE_CVES += CVE-2021-23017 - NGINX_CONF_OPTS = \ --crossbuild=Linux::$(BR2_ARCH) \ --with-cc="$(TARGET_CC)" \ -- 2.30.2