diff options
| author |   Thomas Deutschmann <whissi@gentoo.org> | 2017-04-04 20:17:50 +0200 |
|---|---|---|
| committer | Thomas Deutschmann <whissi@gentoo.org> | 2017-04-04 20:24:51 +0200 |
| commit | eb9262562ad6fc47db6f31d759a3d5b7608a1e2e (patch) | |
| tree | 9e18b5e55021d4da61af87456c63491535f0def8 | |
| parent | dev-util/boost-build: Remove old (diff) | |
| download | gentoo-eb926256.tar.gz gentoo-eb926256.tar.bz2 gentoo-eb926256.zip | |
www-servers/nginx: Rev bump mainline to re-enable mod_security support
Package-Manager: Portage-2.3.5, Repoman-2.3.2
| -rw-r--r-- | profiles/base/package.use.mask | 6 | ||||
| -rw-r--r-- | www-servers/nginx/files/http_security-pr_1373.patch | 33 | ||||
| -rw-r--r-- | www-servers/nginx/nginx-1.11.12-r1.ebuild (renamed from www-servers/nginx/nginx-1.11.12.ebuild) | 1 |
3 files changed, 34 insertions, 6 deletions
diff --git a/profiles/base/package.use.mask b/profiles/base/package.use.mask index 96da6703d411..94179afe3011 100644 --- a/profiles/base/package.use.mask +++ b/profiles/base/package.use.mask @@ -7,12 +7,6 @@ # This file is only for generic masks. For arch-specific masks (i.e. # mask everywhere, unmask on arch/*) use arch/base. -# Thomas Deutschmann <whissi@gentoo.org> (22 Mar 2017) -# mod_security is currently incompatible with recent changes -# in >=nginx-1.11.11. -# https://github.com/SpiderLabs/ModSecurity/issues/1359 ->=www-servers/nginx-1.11.11 nginx_modules_http_security - # Michał Górny <mgorny@gentoo.org> (18 Mar 2017) # Requires removed old version of media-gfx/graphviz. media-gfx/nip2 graphviz diff --git a/www-servers/nginx/files/http_security-pr_1373.patch b/www-servers/nginx/files/http_security-pr_1373.patch new file mode 100644 index 000000000000..e4069e16330d --- /dev/null +++ b/www-servers/nginx/files/http_security-pr_1373.patch @@ -0,0 +1,33 @@ +From d19df159043106a4d6dfd113696900b5b0dae24b Mon Sep 17 00:00:00 2001 +From: Andrei Belov <defanator@gmail.com> +Date: Mon, 3 Apr 2017 12:52:01 +0300 +Subject: [PATCH] Fix building with nginx >= 1.11.11 + +Closes SpiderLabs/ModSecurity#1359 + +See also: +http://hg.nginx.org/nginx/rev/e662cbf1b932 +--- + nginx/modsecurity/ngx_http_modsecurity.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/nginx/modsecurity/ngx_http_modsecurity.c b/nginx/modsecurity/ngx_http_modsecurity.c +index 7c13953..367b2b8 100644 +--- a/nginx/modsecurity/ngx_http_modsecurity.c ++++ b/nginx/modsecurity/ngx_http_modsecurity.c +@@ -528,9 +528,15 @@ ngx_http_modsecurity_save_request_body(ngx_http_request_t *r) + + hc = r->http_connection; + ++#if defined(nginx_version) && nginx_version >= 1011011 ++ if (hc->free && size == cscf->large_client_header_buffers.size) { ++ ++ buf = hc->free->buf; ++#else + if (hc->nfree && size == cscf->large_client_header_buffers.size) { + + buf = hc->free[--hc->nfree]; ++#endif + + ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "ModSecurity: use http free large header buffer: %p %uz", diff --git a/www-servers/nginx/nginx-1.11.12.ebuild b/www-servers/nginx/nginx-1.11.12-r1.ebuild index 2790e11c3f31..7870abf9766f 100644 --- a/www-servers/nginx/nginx-1.11.12.ebuild +++ b/www-servers/nginx/nginx-1.11.12-r1.ebuild @@ -359,6 +359,7 @@ src_prepare() { cd "${HTTP_SECURITY_MODULE_WD}" || die eapply "${FILESDIR}"/http_security-pr_1158.patch + eapply "${FILESDIR}"/http_security-pr_1373.patch eautoreconf |