head 1.4; access; symbols pkgsrc-2026Q1:1.4.0.2 pkgsrc-2026Q1-base:1.4 pkgsrc-2025Q4:1.3.0.8 pkgsrc-2025Q4-base:1.3 pkgsrc-2025Q3:1.3.0.6 pkgsrc-2025Q3-base:1.3 pkgsrc-2025Q2:1.3.0.4 pkgsrc-2025Q2-base:1.3 pkgsrc-2025Q1:1.3.0.2 pkgsrc-2025Q1-base:1.3 pkgsrc-2024Q4:1.2.0.14 pkgsrc-2024Q4-base:1.2 pkgsrc-2024Q3:1.2.0.12 pkgsrc-2024Q3-base:1.2 pkgsrc-2024Q2:1.2.0.10 pkgsrc-2024Q2-base:1.2 pkgsrc-2024Q1:1.2.0.8 pkgsrc-2024Q1-base:1.2 pkgsrc-2023Q4:1.2.0.6 pkgsrc-2023Q4-base:1.2 pkgsrc-2023Q3:1.2.0.4 pkgsrc-2023Q3-base:1.2 pkgsrc-2023Q2:1.2.0.2 pkgsrc-2023Q2-base:1.2 pkgsrc-2023Q1:1.1.0.78 pkgsrc-2023Q1-base:1.1 pkgsrc-2022Q4:1.1.0.76 pkgsrc-2022Q4-base:1.1 pkgsrc-2022Q3:1.1.0.74 pkgsrc-2022Q3-base:1.1 pkgsrc-2022Q2:1.1.0.72 pkgsrc-2022Q2-base:1.1 pkgsrc-2022Q1:1.1.0.70 pkgsrc-2022Q1-base:1.1 pkgsrc-2021Q4:1.1.0.68 pkgsrc-2021Q4-base:1.1 pkgsrc-2021Q3:1.1.0.66 pkgsrc-2021Q3-base:1.1 pkgsrc-2021Q2:1.1.0.64 pkgsrc-2021Q2-base:1.1 pkgsrc-2021Q1:1.1.0.62 pkgsrc-2021Q1-base:1.1 pkgsrc-2020Q4:1.1.0.60 pkgsrc-2020Q4-base:1.1 pkgsrc-2020Q3:1.1.0.58 pkgsrc-2020Q3-base:1.1 pkgsrc-2020Q2:1.1.0.54 pkgsrc-2020Q2-base:1.1 pkgsrc-2020Q1:1.1.0.34 pkgsrc-2020Q1-base:1.1 pkgsrc-2019Q4:1.1.0.56 pkgsrc-2019Q4-base:1.1 pkgsrc-2019Q3:1.1.0.52 pkgsrc-2019Q3-base:1.1 pkgsrc-2019Q2:1.1.0.50 pkgsrc-2019Q2-base:1.1 pkgsrc-2019Q1:1.1.0.48 pkgsrc-2019Q1-base:1.1 pkgsrc-2018Q4:1.1.0.46 pkgsrc-2018Q4-base:1.1 pkgsrc-2018Q3:1.1.0.44 pkgsrc-2018Q3-base:1.1 pkgsrc-2018Q2:1.1.0.42 pkgsrc-2018Q2-base:1.1 pkgsrc-2018Q1:1.1.0.40 pkgsrc-2018Q1-base:1.1 pkgsrc-2017Q4:1.1.0.38 pkgsrc-2017Q4-base:1.1 pkgsrc-2017Q3:1.1.0.36 pkgsrc-2017Q3-base:1.1 pkgsrc-2017Q2:1.1.0.32 pkgsrc-2017Q2-base:1.1 pkgsrc-2017Q1:1.1.0.30 pkgsrc-2017Q1-base:1.1 pkgsrc-2016Q4:1.1.0.28 pkgsrc-2016Q4-base:1.1 pkgsrc-2016Q3:1.1.0.26 pkgsrc-2016Q3-base:1.1 pkgsrc-2016Q2:1.1.0.24 pkgsrc-2016Q2-base:1.1 pkgsrc-2016Q1:1.1.0.22 pkgsrc-2016Q1-base:1.1 pkgsrc-2015Q4:1.1.0.20 pkgsrc-2015Q4-base:1.1 pkgsrc-2015Q3:1.1.0.18 pkgsrc-2015Q3-base:1.1 pkgsrc-2015Q2:1.1.0.16 pkgsrc-2015Q2-base:1.1 pkgsrc-2015Q1:1.1.0.14 pkgsrc-2015Q1-base:1.1 pkgsrc-2014Q4:1.1.0.12 pkgsrc-2014Q4-base:1.1 pkgsrc-2014Q3:1.1.0.10 pkgsrc-2014Q3-base:1.1 pkgsrc-2014Q2:1.1.0.8 pkgsrc-2014Q2-base:1.1 pkgsrc-2014Q1:1.1.0.6 pkgsrc-2014Q1-base:1.1 pkgsrc-2013Q4:1.1.0.4 pkgsrc-2013Q4-base:1.1 pkgsrc-2013Q3:1.1.0.2; locks; strict; comment @# @; 1.4 date 2026.03.04.05.56.31; author adam; state Exp; branches; next 1.3; commitid C1UgyszfOBLOvCwG; 1.3 date 2025.02.19.16.54.31; author wiz; state Exp; branches; next 1.2; commitid Ihn2TTrwIhSYi6KF; 1.2 date 2023.04.18.18.42.00; author osa; state Exp; branches; next 1.1; commitid dj52Emm3oit6wClE; 1.1 date 2013.12.05.15.04.06; author imil; state Exp; branches 1.1.2.1; next ; commitid A03dLDAAGx1WhXfx; 1.1.2.1 date 2013.12.05.15.04.06; author schnoebe; state dead; branches; next 1.1.2.2; commitid ktiMY53fRwigbYfx; 1.1.2.2 date 2013.12.05.17.45.04; author schnoebe; state Exp; branches; next ; commitid ktiMY53fRwigbYfx; desc @@ 1.4 log @nginx nginx-devel: updated to 1.28.2 and 1.29.5 nginx-1.28.2 stable and nginx-1.29.5 mainline versions have been released, with a fix for the SSL upstream injection vulnerability (CVE-2026-1642). @ text @$NetBSD: patch-conf_nginx.conf,v 1.3 2025/02/19 16:54:31 wiz Exp $ Adapt config file for pkgsrc. --- conf/nginx.conf.orig 2025-12-09 18:28:10.000000000 +0000 +++ conf/nginx.conf @@@@ -1,28 +1,29 @@@@ -#user nobody; +user %%NGINX_USER%% %%NGINX_GROUP%%; worker_processes 1; -#error_log logs/error.log; -#error_log logs/error.log notice; -#error_log logs/error.log info; - -#pid logs/nginx.pid; +#error_log %%NGINX_LOGDIR%%/error.log; +#error_log %%NGINX_LOGDIR%%/error.log notice; +#error_log %%NGINX_LOGDIR%%/error.log info; +#pid %%NGINX_PIDDIR%%/nginx.pid; events { + # After increasing this value You probably should increase limit + # of file descriptors (for example in start_precmd in startup script) worker_connections 1024; } http { - include mime.types; + include %%PKG_SYSCONFDIR%%/mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; - #access_log logs/access.log main; + #access_log %%NGINX_LOGDIR%%/access.log main; sendfile on; #tcp_nopush on; @@@@ -36,10 +37,10 @@@@ http { listen 80; server_name localhost; - #access_log logs/host.access.log main; + #access_log %%NGINX_LOGDIR%%/host.access.log main; location / { - root html; + root share/examples/nginx/html; index index.html index.htm; } @@@@ -49,7 +50,7 @@@@ http { # error_page 500 502 503 504 /50x.html; location = /50x.html { - root html; + root share/examples/nginx/html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 @@@@ -65,7 +66,7 @@@@ http { # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; - # include fastcgi_params; + # include %%PKG_SYSCONFDIR%%/fastcgi_params; #} # deny access to .htaccess files, if Apache's document root @@@@ -85,7 +86,7 @@@@ http { # server_name somename alias another.alias; # location / { - # root html; + # root share/examples/nginx/html; # index index.html index.htm; # } #} @@@@ -107,7 +108,7 @@@@ http { # ssl_prefer_server_ciphers on; # location / { - # root html; + # root share/examples/nginx/html; # index index.html index.htm; # } #} @ 1.3 log @nginx-devel: add comment and RCS Id to patch @ text @d1 1 a1 1 $NetBSD$ d5 1 a5 1 --- conf/nginx.conf.orig 2014-04-24 12:52:24.000000000 +0000 d18 2 a19 2 +#error_log %%NGINX_LOGDIR%%/error.log; +#error_log %%NGINX_LOGDIR%%/error.log notice; d45 3 a47 3 @@@@ -38,10 +39,10 @@@@ http { #charset koi8-r; d58 1 a58 1 @@@@ -51,7 +52,7 @@@@ http { d67 1 a67 1 @@@@ -67,7 +68,7 @@@@ http { d76 1 a76 1 @@@@ -87,7 +88,7 @@@@ http { d85 1 a85 1 @@@@ -109,7 +110,7 @@@@ http { @ 1.2 log @www/nginx*: update to the latest stable version - 1.24.0 The new stable version incorporating new features and bug fixes from the 1.23.x mainline branch, including improved handling of multiple header lines with identical names, memory usage optimization in configurations with SSL proxying, better sanity checking of the listen directive protocol parameters, TLSv1.3 protocol enabled by default, automatic rotation of TLS session tickets encryption keys when using shared memory in the ssl_session_cache directive, and more. Syncronize www/nginx and www/nginx-devel ports, including: o) merge recent versions of third-party modules from www/nginx-devel to www/nginx; o) syncronize patches between www/nginx and www/nginx-devel; o) syncronize MESSAGE; o) remove needless patches; o) move pcre2 support to the main Makefile, remove `pcre' option and devel/pcre support for the both whole ports, but keep it for the third-party `lua' module; o) update naxsi third-party module to its recent commit. @ text @d1 4 @ 1.1 log @Updated to nginx 1.5.7 Changes with nginx 1.5.7 19 Nov 2013 *) Security: a character following an unescaped space in a request line was handled incorrectly (CVE-2013-4547); the bug had appeared in 0.8.41. Thanks to Ivan Fratric of the Google Security Team. *) Change: a logging level of auth_basic errors about no user/password provided has been lowered from "error" to "info". *) Feature: the "proxy_cache_revalidate", "fastcgi_cache_revalidate", "scgi_cache_revalidate", and "uwsgi_cache_revalidate" directives. *) Feature: the "ssl_session_ticket_key" directive. Thanks to Piotr Sikora. *) Bugfix: the directive "add_header Cache-Control ''" added a "Cache-Control" response header line with an empty value. *) Bugfix: the "satisfy any" directive might return 403 error instead of 401 if auth_request and auth_basic directives were used. Thanks to Jan Marc Hoffmann. *) Bugfix: the "accept_filter" and "deferred" parameters of the "listen" directive were ignored for listen sockets created during binary upgrade. Thanks to Piotr Sikora. *) Bugfix: some data received from a backend with unbufferred proxy might not be sent to a client immediately if "gzip" or "gunzip" directives were used. Thanks to Yichun Zhang. *) Bugfix: in error handling in ngx_http_gunzip_filter_module. *) Bugfix: responses might hang if the ngx_http_spdy_module was used with the "auth_request" directive. *) Bugfix: memory leak in nginx/Windows. Changes with nginx 1.5.6 01 Oct 2013 *) Feature: the "fastcgi_buffering" directive. *) Feature: the "proxy_ssl_protocols" and "proxy_ssl_ciphers" directives. Thanks to Piotr Sikora. *) Feature: optimization of SSL handshakes when using long certificate chains. *) Feature: the mail proxy supports SMTP pipelining. *) Bugfix: in the ngx_http_auth_basic_module when using "$apr1$" password encryption method. Thanks to Markus Linnala. *) Bugfix: in MacOSX, Cygwin, and nginx/Windows incorrect location might be used to process a request if locations were given using characters in different cases. *) Bugfix: automatic redirect with appended trailing slash for proxied locations might not work. *) Bugfix: in the mail proxy server. *) Bugfix: in the ngx_http_spdy_module. Changes with nginx 1.5.5 17 Sep 2013 *) Change: now nginx assumes HTTP/1.0 by default if it is not able to detect protocol reliably. *) Feature: the "disable_symlinks" directive now uses O_PATH on Linux. *) Feature: now nginx uses EPOLLRDHUP events to detect premature connection close by clients if the "epoll" method is used. *) Bugfix: in the "valid_referers" directive if the "server_names" parameter was used. *) Bugfix: the $request_time variable did not work in nginx/Windows. *) Bugfix: in the "image_filter" directive. Thanks to Lanshun Zhou. *) Bugfix: OpenSSL 1.0.1f compatibility. Thanks to Piotr Sikora. Changes with nginx 1.5.4 27 Aug 2013 *) Change: the "js" extension MIME type has been changed to "application/javascript"; default value of the "charset_types" directive was changed accordingly. *) Change: now the "image_filter" directive with the "size" parameter returns responses with the "application/json" MIME type. *) Feature: the ngx_http_auth_request_module. *) Bugfix: a segmentation fault might occur on start or during reconfiguration if the "try_files" directive was used with an empty parameter. *) Bugfix: memory leak if relative paths were specified using variables in the "root" or "auth_basic_user_file" directives. *) Bugfix: the "valid_referers" directive incorrectly executed regular expressions if a "Referer" header started with "https://". Thanks to Liangbin Li. *) Bugfix: responses might hang if subrequests were used and an SSL handshake error happened during subrequest processing. Thanks to Aviram Cohen. *) Bugfix: in the ngx_http_autoindex_module. *) Bugfix: in the ngx_http_spdy_module. @ text @d1 1 a1 5 $NetBSD$ This patch provides config file adapted to pkgsrc settings. --- conf/nginx.conf.orig 2013-11-19 10:03:47.000000000 +0000 d3 1 a3 1 @@@@ -1,28 +1,23 @@@@ d14 6 a19 2 - - d41 1 a41 1 @@@@ -38,10 +33,10 @@@@ http { d54 1 a54 1 @@@@ -51,7 +46,7 @@@@ http { d63 1 a63 1 @@@@ -67,7 +62,7 @@@@ http { d72 1 a72 1 @@@@ -87,7 +82,7 @@@@ http { d81 1 a81 1 @@@@ -109,7 +104,7 @@@@ http { @ 1.1.2.1 log @file patch-conf_nginx.conf was added on branch pkgsrc-2013Q3 on 2013-12-05 17:45:04 +0000 @ text @d1 89 @ 1.1.2.2 log @pullup to pkgsrc-2013Q3, resolves ticket #4263 Updated to nginx 1.5.7 Changes with nginx 1.5.7 19 Nov 2013 *) Security: a character following an unescaped space in a request line was handled incorrectly (CVE-2013-4547); the bug had appeared in 0.8.41. Thanks to Ivan Fratric of the Google Security Team. *) Change: a logging level of auth_basic errors about no user/password provided has been lowered from "error" to "info". *) Feature: the "proxy_cache_revalidate", "fastcgi_cache_revalidate", "scgi_cache_revalidate", and "uwsgi_cache_revalidate" directives. *) Feature: the "ssl_session_ticket_key" directive. Thanks to Piotr Sikora. *) Bugfix: the directive "add_header Cache-Control ''" added a "Cache-Control" response header line with an empty value. *) Bugfix: the "satisfy any" directive might return 403 error instead of 401 if auth_request and auth_basic directives were used. Thanks to Jan Marc Hoffmann. *) Bugfix: the "accept_filter" and "deferred" parameters of the "listen" directive were ignored for listen sockets created during binary upgrade. Thanks to Piotr Sikora. *) Bugfix: some data received from a backend with unbufferred proxy might not be sent to a client immediately if "gzip" or "gunzip" directives were used. Thanks to Yichun Zhang. *) Bugfix: in error handling in ngx_http_gunzip_filter_module. *) Bugfix: responses might hang if the ngx_http_spdy_module was used with the "auth_request" directive. *) Bugfix: memory leak in nginx/Windows. Changes with nginx 1.5.6 01 Oct 2013 *) Feature: the "fastcgi_buffering" directive. *) Feature: the "proxy_ssl_protocols" and "proxy_ssl_ciphers" directives. Thanks to Piotr Sikora. *) Feature: optimization of SSL handshakes when using long certificate chains. *) Feature: the mail proxy supports SMTP pipelining. *) Bugfix: in the ngx_http_auth_basic_module when using "$apr1$" password encryption method. Thanks to Markus Linnala. *) Bugfix: in MacOSX, Cygwin, and nginx/Windows incorrect location might be used to process a request if locations were given using characters in different cases. *) Bugfix: automatic redirect with appended trailing slash for proxied locations might not work. *) Bugfix: in the mail proxy server. *) Bugfix: in the ngx_http_spdy_module. Changes with nginx 1.5.5 17 Sep 2013 *) Change: now nginx assumes HTTP/1.0 by default if it is not able to detect protocol reliably. *) Feature: the "disable_symlinks" directive now uses O_PATH on Linux. *) Feature: now nginx uses EPOLLRDHUP events to detect premature connection close by clients if the "epoll" method is used. *) Bugfix: in the "valid_referers" directive if the "server_names" parameter was used. *) Bugfix: the $request_time variable did not work in nginx/Windows. *) Bugfix: in the "image_filter" directive. Thanks to Lanshun Zhou. *) Bugfix: OpenSSL 1.0.1f compatibility. Thanks to Piotr Sikora. Changes with nginx 1.5.4 27 Aug 2013 *) Change: the "js" extension MIME type has been changed to "application/javascript"; default value of the "charset_types" directive was changed accordingly. *) Change: now the "image_filter" directive with the "size" parameter returns responses with the "application/json" MIME type. *) Feature: the ngx_http_auth_request_module. *) Bugfix: a segmentation fault might occur on start or during reconfiguration if the "try_files" directive was used with an empty parameter. *) Bugfix: memory leak if relative paths were specified using variables in the "root" or "auth_basic_user_file" directives. *) Bugfix: the "valid_referers" directive incorrectly executed regular expressions if a "Referer" header started with "https://". Thanks to Liangbin Li. *) Bugfix: responses might hang if subrequests were used and an SSL handshake error happened during subrequest processing. Thanks to Aviram Cohen. *) Bugfix: in the ngx_http_autoindex_module. *) Bugfix: in the ngx_http_spdy_module. @ text @a0 89 $NetBSD: patch-conf_nginx.conf,v 1.1 2013/12/05 15:04:06 imil Exp $ This patch provides config file adapted to pkgsrc settings. --- conf/nginx.conf.orig 2013-11-19 10:03:47.000000000 +0000 +++ conf/nginx.conf @@@@ -1,28 +1,23 @@@@ -#user nobody; +user %%NGINX_USER%% %%NGINX_GROUP%%; worker_processes 1; -#error_log logs/error.log; -#error_log logs/error.log notice; -#error_log logs/error.log info; - -#pid logs/nginx.pid; - - events { + # After increasing this value You probably should increase limit + # of file descriptors (for example in start_precmd in startup script) worker_connections 1024; } http { - include mime.types; + include %%PKG_SYSCONFDIR%%/mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; - #access_log logs/access.log main; + #access_log %%NGINX_LOGDIR%%/access.log main; sendfile on; #tcp_nopush on; @@@@ -38,10 +33,10 @@@@ http { #charset koi8-r; - #access_log logs/host.access.log main; + #access_log %%NGINX_LOGDIR%%/host.access.log main; location / { - root html; + root share/examples/nginx/html; index index.html index.htm; } @@@@ -51,7 +46,7 @@@@ http { # error_page 500 502 503 504 /50x.html; location = /50x.html { - root html; + root share/examples/nginx/html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 @@@@ -67,7 +62,7 @@@@ http { # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; - # include fastcgi_params; + # include %%PKG_SYSCONFDIR%%/fastcgi_params; #} # deny access to .htaccess files, if Apache's document root @@@@ -87,7 +82,7 @@@@ http { # server_name somename alias another.alias; # location / { - # root html; + # root share/examples/nginx/html; # index index.html index.htm; # } #} @@@@ -109,7 +104,7 @@@@ http { # ssl_prefer_server_ciphers on; # location / { - # root html; + # root share/examples/nginx/html; # index index.html index.htm; # } #} @