* [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/files/, www-servers/nginx/, profiles/base/
@ 2017-04-04 18:25 Thomas Deutschmann
0 siblings, 0 replies; only message in thread
From: Thomas Deutschmann @ 2017-04-04 18:25 UTC (permalink / raw
To: gentoo-commits
commit: eb9262562ad6fc47db6f31d759a3d5b7608a1e2e
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Apr 4 18:17:50 2017 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Apr 4 18:24:51 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eb926256
www-servers/nginx: Rev bump mainline to re-enable mod_security support
Package-Manager: Portage-2.3.5, Repoman-2.3.2
profiles/base/package.use.mask | 6 ----
.../nginx/files/http_security-pr_1373.patch | 33 ++++++++++++++++++++++
...ginx-1.11.12.ebuild => nginx-1.11.12-r1.ebuild} | 1 +
3 files changed, 34 insertions(+), 6 deletions(-)
diff --git a/profiles/base/package.use.mask b/profiles/base/package.use.mask
index 96da6703d41..94179afe301 100644
--- a/profiles/base/package.use.mask
+++ b/profiles/base/package.use.mask
@@ -7,12 +7,6 @@
# This file is only for generic masks. For arch-specific masks (i.e.
# mask everywhere, unmask on arch/*) use arch/base.
-# Thomas Deutschmann <whissi@gentoo.org> (22 Mar 2017)
-# mod_security is currently incompatible with recent changes
-# in >=nginx-1.11.11.
-# https://github.com/SpiderLabs/ModSecurity/issues/1359
->=www-servers/nginx-1.11.11 nginx_modules_http_security
-
# Michał Górny <mgorny@gentoo.org> (18 Mar 2017)
# Requires removed old version of media-gfx/graphviz.
media-gfx/nip2 graphviz
diff --git a/www-servers/nginx/files/http_security-pr_1373.patch b/www-servers/nginx/files/http_security-pr_1373.patch
new file mode 100644
index 00000000000..e4069e16330
--- /dev/null
+++ b/www-servers/nginx/files/http_security-pr_1373.patch
@@ -0,0 +1,33 @@
+From d19df159043106a4d6dfd113696900b5b0dae24b Mon Sep 17 00:00:00 2001
+From: Andrei Belov <defanator@gmail.com>
+Date: Mon, 3 Apr 2017 12:52:01 +0300
+Subject: [PATCH] Fix building with nginx >= 1.11.11
+
+Closes SpiderLabs/ModSecurity#1359
+
+See also:
+http://hg.nginx.org/nginx/rev/e662cbf1b932
+---
+ nginx/modsecurity/ngx_http_modsecurity.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/nginx/modsecurity/ngx_http_modsecurity.c b/nginx/modsecurity/ngx_http_modsecurity.c
+index 7c13953..367b2b8 100644
+--- a/nginx/modsecurity/ngx_http_modsecurity.c
++++ b/nginx/modsecurity/ngx_http_modsecurity.c
+@@ -528,9 +528,15 @@ ngx_http_modsecurity_save_request_body(ngx_http_request_t *r)
+
+ hc = r->http_connection;
+
++#if defined(nginx_version) && nginx_version >= 1011011
++ if (hc->free && size == cscf->large_client_header_buffers.size) {
++
++ buf = hc->free->buf;
++#else
+ if (hc->nfree && size == cscf->large_client_header_buffers.size) {
+
+ buf = hc->free[--hc->nfree];
++#endif
+
+ ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+ "ModSecurity: use http free large header buffer: %p %uz",
diff --git a/www-servers/nginx/nginx-1.11.12.ebuild b/www-servers/nginx/nginx-1.11.12-r1.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.11.12.ebuild
rename to www-servers/nginx/nginx-1.11.12-r1.ebuild
index 2790e11c3f3..7870abf9766 100644
--- a/www-servers/nginx/nginx-1.11.12.ebuild
+++ b/www-servers/nginx/nginx-1.11.12-r1.ebuild
@@ -359,6 +359,7 @@ src_prepare() {
cd "${HTTP_SECURITY_MODULE_WD}" || die
eapply "${FILESDIR}"/http_security-pr_1158.patch
+ eapply "${FILESDIR}"/http_security-pr_1373.patch
eautoreconf
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2017-04-04 18:25 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-04-04 18:25 [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/files/, www-servers/nginx/, profiles/base/ Thomas Deutschmann
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox