gentoo auto-resync : 19:10:2022 - 19:58:53

author: V3n3RiX <venerix@koprulu.sector> 2022-10-19 19:58:53 +0100
committer: V3n3RiX <venerix@koprulu.sector> 2022-10-19 19:58:53 +0100
commit: adab5aeec61fe929e5a817ec8034d98caab9ddbe (patch)
tree: b1edc4f239d68ba31ab2e5ba8def5091023c2691 /www-servers/nginx
parent: 12652841746da7ae2f03b8b0c571a9bd5033e15c (diff)
3 files changed, 91 insertions, 76 deletions
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index e36e6177bcf2..3ee46dfedf96 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,5 +1,6 @@
 AUX http_brotli-detect-brotli-r3.patch 745 BLAKE2B 1442822f9b16362c04354f29f45ee4e7605e0f74ac09092161b9e69a1c3b42f024d12cb64cc5bb0e417200dc963a531110f82b003d54690138b7df35e019e9e3 SHA512 a287636c07335b48303585d906adb87cf9094133c16c238074826aebb19347428bb15ac4ebc77040142c509f8a87c9fbca9783e2f5c10399ef63341fbc22e881
 AUX http_cache_purge-1.11.6+.patch 615 BLAKE2B 520a437290dbed718f392bedecdb66c9eae3440c2e5977bede5829f8420905e60c74fac3dad7b22c12d2070ce47430795482d270222ba8d4640af415e4974210 SHA512 a3f45d8121d89a5c41783306577e146990404ff0e3691454e99cd6270ab02dfc7fd8718b3781666373ea6784ed2c06cec0b40315486a6a138185ca1548c04b60
+AUX http_javascript_cve_2022-38890.patch 1734 BLAKE2B ecc4cda7537f8d769389381bd13ce6d577469829f856b823f274e9d1c9c7086ae208fcdfa185208bd810066ed18563391503d0c2888e6fb0fd240f024e7177db SHA512 2b886272ef635666bc6fce15661cb695d69249ff9a2d5bd882a2b5a9b1c124e695b13dc1bf89e9ef04eb1850a36a2ec2c9b57b7b1942fb8599477488d6b13ded
 AUX http_sticky-nginx-1.23.0.patch 1101 BLAKE2B 0a5f0bc5fb7987e1da13f39b6c2c7fcbc21452ddea510fb7aeb4933bfe7c94cc10c8b714c8de135b14d212a0532e39beebbad0105e2d140e12ecc608b1996156 SHA512 3066e9aec3a3073acd8ef8e1d3bf9abc33b4f0d9232573bb83417b838a42f04195b82337b569f7f808c7c0b94a6fd53371882aa805576de5989d359b21872396
 AUX http_uploadprogress-issue_50-r1.patch 1098 BLAKE2B f8191fdfa85c7aa016555a636b5c291d6d0ed54fea0714b361ce500deb7431f16c77a2f5675c5dc2f6e8ed278f7c24efd45eba3ddab27a2fa7d4e6d1391cfe8d SHA512 bdc3a129059b1af9c317d1e8b74ec98a14bf1e55b59ae867b963304541457e1676acb775ac2cec730ee2036feedf75d636eeb36700b0913e417045a52a00eec9
 AUX http_uploadprogress-nginx-1.23.0.patch 2680 BLAKE2B 872a386964dd1fa3a8c09d69231b546ba497d85f1b270fbb015ec4835c0c7ca9e7b3018d0a7674b4bd8aa76b558327439cdffc1912c74a8c3d91b2334bb0a61d SHA512 2899636d730583c0eaa21e89d50ccb7a888e7f27fa194102909e42fb28cb8e239416978f55bed0a9115b65d0ac718cb7da8c1fa589eb79e9f66eea41dfc3458b
@@ -11,10 +12,9 @@ AUX nginx.confd 1131 BLAKE2B fd9c9e620a0b8c630a609c3f38f91f62babfed12d4d8035f8c5
 AUX nginx.initd-r4 2192 BLAKE2B b482b9cc473a1df06764d60c7ce5c99a3f680778028bf440a2612b86273936ac4dbb350b81ecbe646dfa67d375492259b1609f3953f1b456c7427a02dd282d37 SHA512 e641829466e54093ad01e9f6c57acd2f0505e489a32e67dfee9279d5da57b216052a92eb05eb0c9c122c12f8b7bf8274b520b6e02fda161cc03187ce7c0660f1
 AUX nginx.logrotate-r1 257 BLAKE2B d62c57377efd5259b6c776861d921b6e4ea026387157d618abd9e578f2e432ac0cf653a0f3842a0620d405759216bdc17afd50b33aaec3ad0c6757dfac3e34d8 SHA512 4892fc1700817c9a459a531df0320fe606a51be7f8b4e3ddf5852fe33def70dbff36fcefd2fce247c6846d6315ea92f3421eb21299a162d082b85fa27572cd95
 AUX nginx.service-r1 356 BLAKE2B 05d89efcc73b70a26655f306f1e074e61c81063cb4e949161efbe95dc375e63807233f38c9af6723801e8f653cfad08f62fbec225b061d1179b7d05fe761afc4 SHA512 e51f4e88abe10555afe79d4d029651a4de42a5dc1dddaf951f13c021453da00e0c56a3fa2129d08fcd090909a54564e76887c93fdf72952021f5a2b09f6097eb
-DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72ccc586d0d7e9d9b91f036a61baa70d1ac8b4ad8045a2bb7a13515912a15fba7d3cdb9670ae6730de43b1e44ee90ded6d SHA512 4e1ea5dd8edadf8f630e4fe92a200d3a8e78963fce3128b5975a1e1ecd0e8bf9ceecd9905c95f8c508932ccd837f1d8ae8bb2ba423307718c3c6a4ae9b783ddd
 DIST modsecurity-nginx-1.0.3.tar.gz 34063 BLAKE2B 859a29eb7f67d53a818578f1008f0d0debbe37c205bb7c6e79594d8b1a6a0d93988880d35f607ef05ef6d73c9aa887baebfd2c54aca894969beeed4bfe576f37 SHA512 20495884c6b3594edf879a19fd7445f2e74a1628789decd146b3c712764b0507e440a84a64aab619461b044f98b8d641913cfad57a6d0002e7061716bdfe84fc
-DIST nginx-1.21.6.tar.gz 1073364 BLAKE2B 815d035df33bd947eec41a2f5c993d1f179aa0bd4d069280916aa089a2f96fd3bada7a7192b4a0ef7b8f43036f3a2def0e93d8c8f720dd7145a5d55ea058652f SHA512 10b0cdd13b26687104bf11e6b850fd851e9d8881bdf67f72c062d956e661da4d70482e6ec3123405b324ad7ed821a8bcc67b742dce9f59e972407fa437ddcad4
 DIST nginx-1.23.1.tar.gz 1104352 BLAKE2B 2c90b792ad7d9d685dc417e4c4d24ad68fa490da737574d25d526c70839fb64f69581e9093cf1c38010b7c404650e48c0fe8f9c1ef71c75d30be0be7e9ebd4d8 SHA512 62d6b3d5282f4e4cc23adf23b3dc26e06fc4574cae3c18381c406d0cf0f8c68e7dfa86af0c3c1c1485214c548f3b45015eb219e62bfe04e0aaa5edaad82e6706
+DIST nginx-1.23.2.tar.gz 1108243 BLAKE2B 0a6a556afe93c4326247e879e3bb2ad377cd734a572f471b52c91b1b2901a243a848cd74fea587bda5afa0ee91dec9635b5d2a468cb95abc7f361c42a32c9598 SHA512 4a5413c0ec251c02fb73dfb4d351045f857a36d45ebb7ae2c29f4a4f320a6543d0a049b147b08318de0b7b0406773c329dbf43bf98bb088f76e506ea532cd8ef
 DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
 DIST ngx_brotli-1.0.0rc.tar.gz 16207 BLAKE2B 450d0ea693bd98d4a1b615f2cdcaad41ccd28266f6d80beec7fe77fe750ab8c5d1bb55aabe15161b9b6d819d2b4d99a7774f2706f2f6fd084b52a7c7dddbc00c SHA512 05a880d5e48ac83be84498ed41fb4750211b827a9d7541acfd6ef494e5205a6e853d5594bfec3ab4ae668ea3f803e4f4b0ba550c76811971c8e266e42663c56d
@@ -24,17 +24,12 @@ DIST ngx_http_cache_purge-2.3.tar.gz 12248 BLAKE2B f83b267f4c19a9d4af59645226958
 DIST ngx_http_dav_ext-3.0.0.tar.gz 14558 BLAKE2B 0d370bfe34600d43a540dd19a386aa52ce135b2eae14e4e108a359d5ff3405939130d1c802062c7523057ec35d38322d3fbed8c13deb58ce7a08ebf9e3f106d4 SHA512 d0193ba90f1ef46c4e470630c4394bdf99d94fd2e3bd8be6cb2ba1655ec59944b1269025f032b79dc2c6dad366e54389ef6a6da2ddeb91d535a4027f2162fbde
 DIST ngx_http_echo-0.62.tar.gz 53329 BLAKE2B 7d92184f7fb878cb5261be1c68de4432d472469028e20c2150925ab3d9a1c472ef557a11b84ee60d7ae6b48d08b35890c50161540668918492f2092dd0272962 SHA512 240896b1c559a71ca6ca87136d8535edd25b1d65ebb80d46080ad41c09ed1cec9737828f9efe260782294d660cea66cf402f4e75bba3fed26f3a94de0ae2f89b
 DIST ngx_http_fancyindex-0.4.4.tar.gz 26292 BLAKE2B a1ed76cb31cd4f7a349bcbe63d75f8e00331d0ba4ee9b7b1df41dac77fe64ebe6c72a6fd5f6ebc9de53e8d3a8a2ad5185fbaa533d8ff008fcf92f6956f267d80 SHA512 bf8ebb188c10fee5e6ebcb338fe20fdf859bb88d9b2b0e3da6f3e2f1847738d30760d2642d0dfe257092bdf2399b561631556a3a8e2fb33dc9cd0c59d371c173
-DIST ngx_http_geoip2_module-3.3.tar.gz 8509 BLAKE2B 4841e1bdd13b9b85f34732d1eb7447638f62bb09e1bd480da0fa8b0085d3b2d90a740732ef534c355feb71d7db613c73f68a4e6e3624b47a0937be046dfa1f8d SHA512 06963b598c54e22d75ce837fb222f5aa6c9494c29e558ff46f1205d7159fc305414bfac4ed3288c836dcbf7628d92f26458e1992d34fc2f4b73275a32847bdc0
 DIST ngx_http_geoip2_module-3.4.tar.gz 8877 BLAKE2B cd59ebbd2ca47f6af0b22b8b91768053d2c991f7adf19941625e3570d81dcb73989101795d641e4efce1eed37d454bca73d603b5d0e4511e3bd63100c7acf750 SHA512 18dea21e5ae2647bea1fc448058a1b773c936917245edef8d861d5e23ed92e9a3b1ec4ef43ffb2ece7b5899d787910adcf4fbd39f84d7e8d7c54759e2fee5b72
-DIST ngx_http_headers_more-0.33.tar.gz 28130 BLAKE2B fe3097a7700ce5da087058f7bb44c95164b75137031187400473f6833bf0e33e5c4920807225a6ff94174fe7dbd6186cca176a33a629ca0911faab6804bdd12a SHA512 13165b1b8d4be281b8bd2404fa48d456013d560bace094c81da08a35dc6a4f025a809a3ae3a42be6bbf67abbcbe41e0730aba06f905220f3baeb01e1192a7d37
 DIST ngx_http_headers_more-d502e41996d24a382bd9c632e3ae3efa0a5fca66.tar.gz 28810 BLAKE2B cb71e6b8a9da6c72bc542e837391e932c5803d52cbf01eab0b70f501b620d7de03009a25d10e9ba9de46a6c9ffca109b50dea47cded687412eb55210ba6e68c8 SHA512 80193f95f9754b1d6fb784cde6b4c4d6f72b5cff406c26329a93ad87a5833cd87ef7a8113d719bbe6913fd8e1fb29f438fa81e6dada8c0fc39bf0f2e47fe08ae
-DIST ngx_http_lua-0.10.15.tar.gz 655110 BLAKE2B 73bf8e2f157c93f3d4e54b5aa63deb266731a10e3e48b2257756efee8d752e86440ca9c27bd27bc1d90075a5ffb58772eecb7c445db44cd055d2b9e0b4bac082 SHA512 1feea538464275e6e571860592628ad639b2259c8aab7f38575b81c0b355f1ade32a91643267bc9ec16519e3bcf3d132511513dc8c949f74a3bff975c85d8ff7
 DIST ngx_http_lua-b6d167cf1a93c0c885c28db5a439f2404874cb26.tar.gz 718179 BLAKE2B ac4893892dd2836e46055d57feb492e3122ab2c3c91e56917e52cb8ccc683469ab77d26990b9ee4a4bb3bf639267cce7ded7b07463912cc5579a7a09730da8b2 SHA512 f547c4f0490a25600b4533050db3b5d2ea595ad72e0737fc0be8060eddf7b5712e3dcca59e4d29999415c9455798e232a7de53a9380cbd38f264b4ea371e86c1
 DIST ngx_http_naxsi-0.56.tar.gz 192120 BLAKE2B cdbfc278f346ccdc0d5407d70ddd4740816d9fe786d3d65189d47e6f3b030c02352a30ed86bf1650139a21a8408e74c1ec7d7aa3512df1428870279ab384dd15 SHA512 4660751849bce303af6010b7257532404710106a94817e78d4bc4b566f8019620f24f30207f1d4366b88132a5124e34b164dc67ed80b6710f4bad66115564cbd
-DIST ngx_http_push_stream-0.5.4.tar.gz 183493 BLAKE2B ccae3113071cee38fa6a7accd580922dc2fc9fa22af737f400c2c5f59352d93ca6cceb47f2aee70dfc111afdf98d27aeb64ddc5a4dbf617359ea4da09486ac7f SHA512 467ae49409adb675979ff591f98df8c96d71ab5ebc2ef9b3c9430e38e7e84d311b4a98c2b1cb1886d895735223dd2a43370aab61b57b34adb1427c184e6b8c86
 DIST ngx_http_push_stream-8c02220d484d7848bc8e3a6d9b1c616987e86f66.tar.gz 196994 BLAKE2B 90baeb4fb03aeb309bcf1a987420067ca81843ff9b85b8fc26ba703741571e631826e5928a439a3ae79f2f5e369a3acb2cd803789308642ae757d67722ac7f33 SHA512 ad5424d65909d1cf0c2b64d7a4bc3123f4d3e240f1c9d611f6b6fc41167d169f474c723b1c327d42bd295f973a6365ad32e3f095b8c7c7cddc7e54aea138ca31
 DIST ngx_http_slowfs_cache-1.10.tar.gz 11809 BLAKE2B 54ec1bd0d1cc43cdaafc93ebd46b33374c57351c7f022eae0351d6961680abb03d896e7f058e67c43c4fee300253354feccb92d00e62bf91250e251e1860ec03 SHA512 fbc9609a8d6913aeefe535f206b9e53477503f131934ead2ae5a6169e395af2f5fb54778704824d5eeb22a4ef40a11ebbcde580db62a631f70edcc2cfc06b15d
-DIST ngx_http_upload_progress-0.9.2-r1.tar.gz 17268 BLAKE2B 7bbbf52e326c64a008339d2f80f123630fd314f705224c8f1c7d0c90bb4d31a24aaa95df55c9022838179114a031731a894992960aecc727635e0e2a0761d2c4 SHA512 c31c46344d49704389722325a041b9cd170fa290acefe92cfc572c07f711cd3039de78f28df48ca7dcb79b2e4bbe442580aaaf4d92883fd3a14bf41d66dd9d8c
 DIST ngx_http_upload_progress-68b3ab3b64a0cee7f785d161401c8be357bbed12.tar.gz 17379 BLAKE2B 4790657b3f207eca460a26f5c4d1139dcd495e29fffedab8d716105e6dc3039cbeeecf5f6005d364470951e25b472860b46e3e08bc9573a5a7b4a23f53532f8a SHA512 6603e15aa33edca5e647fd04b4f008f1729c78c527be262ef481890f37a6d57e89609cebfb7459fad18b249024fbe3722e09473987401e8d8dfdd7cf50e4df4f
 DIST ngx_http_upstream_check-9aecf15ec379fe98f62355c57b60c0bc83296f04.tar.gz 130073 BLAKE2B 3c93cef79425a46e22ae39adf13d5ebb0e5d36f5d6be8555ec068dd0017918f5355d82fbbe90ba934e58c52e89c2096e24012f75390c7159d1ebacfaaa112308 SHA512 fad2a0d3ac332b6e67c52e3525f6df8a432df3e92bc173190b8107fba7f24476ab9dae4824630299af68c15e856409bd47a3a79fb5b65e03a5133eb90142b8fc
 DIST ngx_http_vhost_traffic_status-46d85558e344dfe2b078ce757fd36c69a1ec2dd3.tar.gz 380721 BLAKE2B 8a63d9663aa896869345b97e4bb2a9ac93585d6d7ee16891c98f6445b90002ab90989d195399bf90c5a8ad32c4c908794b7cc33fa45183f9069c51906abb1606 SHA512 46451b3c9b7a3c57145fc8e1de9d8ee984286acff2fc3f4e6c4a39589eb42dd686844410312701d167eb369ab5943184b4fde1ef319359e272dad6fcdb8cad25
@@ -43,6 +38,6 @@ DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc
 DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
 DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
 DIST njs-0.7.7.tar.gz 609779 BLAKE2B 878c1a106237d42f03074051d12a2de409a1ce3088ec3fd8a43032183608b68e0a11f438668aaca3135ac2280875f248467d6fa801539fcfc6d1436db1579199 SHA512 3fd9e9b84e416e95dbdffced78eabd76a519cccec7c386d8acaccd0d891dea5ceeb702408d4450107c7e3909586753e4eeb5e38c06657cd8f273180beb8fae74
-EBUILD nginx-1.21.6-r4.ebuild 40087 BLAKE2B 8cc6e4d5ef9a49f20ba9085f282f103574138166275acb5da4d853f8fd375905acb7dd8434221a4d045017c82b0371603eef58cf731ede327d58f38ddbb6c394 SHA512 80407695e03d1b93a172e2de8b8da55ac9731e4a864f846315e6fab0c8dd89020f902ac1220cc45c8390d89ab1e7d2c1571bd541758e6a2ec69a217d003c2d6a
 EBUILD nginx-1.23.1-r1.ebuild 39598 BLAKE2B 9b63db4a3d1bc982ebc7329235745555004bcf6774c804281e6736f871bd21b9007e05f071763c1400412090324eb4542a62ae3bbd7bfc66b4242b7e05634991 SHA512 368372ac3a9f62791f5b50e9ab4d36440ba64f66c39a4025a3ae84595077960e9414a27073998e75870962c64825f366ef78dfcdaddf689c21330beb5b55cc07
+EBUILD nginx-1.23.2.ebuild 39690 BLAKE2B bc9ea5141f66d21cb003b09c37e9a23da3405323364cb3f9fab3c5f161e6b4d2a261a720a3b31e204906b98a6ba9c4da7d614a1e5732038fb6af482ae1664823 SHA512 d2df73e079653c42258661511df7c1ba4ea558cbd28f48b862d721d95726906c3e4e293f4c3f71cb97050b313eba11110091bc04191ba264c99a073ed18ad06a
 MISC metadata.xml 1012 BLAKE2B 5fe75eb9105a998668cfebf02c6976784f4ef3332edd0b6c21a23a5ffb0838b4ae8bc9e52f5157b43c3c0d060825ac46bccabc94bcf8b59447311e0f9ac94f29 SHA512 0d243d1d5271d05d51a46b5825fe32ac5283211434672e99e7314c57f5d1f1f88f48c189fffcdb12747c8d33c9dafe0c8df12376cbbec2912732da0ed6de0642
diff --git a/www-servers/nginx/files/http_javascript_cve_2022-38890.patch b/www-servers/nginx/files/http_javascript_cve_2022-38890.patch
new file mode 100644
index 000000000000..43469b552968
--- /dev/null
+++ b/www-servers/nginx/files/http_javascript_cve_2022-38890.patch
@@ -0,0 +1,49 @@
+From b9aea5854bcf6f2de8f7a7f1550874e392b94be2 Mon Sep 17 00:00:00 2001
+From: Dmitry Volyntsev <xeioex@nginx.com>
+Date: Wed, 31 Aug 2022 18:35:58 -0700
+Subject: [PATCH] Fixed String.prototype.trimEnd() with unicode string.
+
+Previously, when the method was invoked with a string consisting of space
+characters and at least one of them was a Unicode space separator (code
+point above 127) it returned invalid string value with non-zero size
+but zero length.
+
+The fix is to update the size of the resulting string appropriately.
+
+This closes #569 issue on Github.
+---
+ src/njs_string.c         | 1 +
+ src/test/njs_unit_test.c | 8 ++++++++
+ 2 files changed, 9 insertions(+)
+
+diff --git a/src/njs_string.c b/src/njs_string.c
+index 83cede548..62bece0de 100644
+--- a/src/njs_string.c
++++ b/src/njs_string.c
+@@ -2849,6 +2849,7 @@ njs_string_trim(const njs_value_t *value, njs_string_prop_t *string,
+ 
+             for ( ;; ) {
+                 if (start == prev) {
++                    end = prev;
+                     break;
+                 }
+ 
+diff --git a/src/test/njs_unit_test.c b/src/test/njs_unit_test.c
+index 287ddda2d..a717f02a8 100644
+--- a/src/test/njs_unit_test.c
++++ b/src/test/njs_unit_test.c
+@@ -8450,6 +8450,14 @@ static njs_unit_test_t  njs_test[] =
+     { njs_str("'   абв  '.trimStart().trimEnd()"),
+       njs_str("абв") },
+ 
++    { njs_str("["
++              " String.fromCodePoint(0x2028),"
++              " String.fromCodePoint(0x20, 0x2028),"
++              " String.fromCodePoint(0x0009, 0x20, 0x2028),"
++              " String.fromCodePoint(0xFEFF),"
++              "].every(v => v.trimEnd() == '')"),
++      njs_str("true") },
++
+     { njs_str("'\\u2029abc\\uFEFF\\u2028'.trim()"),
+       njs_str("abc") },
+ 
diff --git a/www-servers/nginx/nginx-1.21.6-r4.ebuild b/www-servers/nginx/nginx-1.23.2.ebuild
index 916d61fd20c6..283d53ed7cd3 100644
--- a/www-servers/nginx/nginx-1.21.6-r4.ebuild
+++ b/www-servers/nginx/nginx-1.23.2.ebuild
@@ -1,7 +1,7 @@
 # Copyright 1999-2022 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
-EAPI=7
+EAPI=8
 
 # Maintainer notes:
 # - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
@@ -29,15 +29,15 @@ HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BRO
 HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
 
 # http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_PV="68b3ab3b64a0cee7f785d161401c8be357bbed12"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
 HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
 
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
+# http_headers_more (https://github.com/openresty/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="d502e41996d24a382bd9c632e3ae3efa0a5fca66"
 HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/openresty/headers-more-nginx-module/archive/${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
 HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
 
 # http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
@@ -59,9 +59,9 @@ HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v
 HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
 
 # http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.15"
+HTTP_LUA_MODULE_PV="b6d167cf1a93c0c885c28db5a439f2404874cb26"
 HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/${HTTP_LUA_MODULE_PV}.tar.gz"
 HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
 LUA_COMPAT=( luajit )
 
@@ -113,15 +113,14 @@ HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
 HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
 HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
 
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.3"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+# modsecurity for nginx (https://github.com/SpiderLabs/ModSecurity-nginx, https://github.com/SpiderLabs/ModSecurity, Apache-2.0)
+HTTP_SECURITY_MODULE_PV="1.0.3"
+HTTP_SECURITY_MODULE_P="modsecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://github.com/SpiderLabs/ModSecurity-nginx/archive/refs/tags/v${HTTP_SECURITY_MODULE_PV}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/ModSecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
 
 # push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_PV="8c02220d484d7848bc8e3a6d9b1c616987e86f66"
 HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
 HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
 HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
@@ -151,7 +150,7 @@ HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LD
 HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
 
 # geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="3.3"
+GEOIP2_MODULE_PV="3.4"
 GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
 GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
 GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
@@ -247,8 +246,7 @@ NGINX_MODULES_3RD="
 	stream_javascript
 "
 
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic +pcre
-	pcre-jit rtmp selinux ssl threads vim-syntax"
+IUSE="aio debug +http +http2 +http-cache libatomic pcre +pcre2 pcre-jit rtmp selinux ssl threads vim-syntax"
 
 for mod in $NGINX_MODULES_STD; do
 	IUSE="${IUSE} +nginx_modules_http_${mod}"
@@ -283,6 +281,7 @@ CDEPEND="
 	acct-user/nginx
 	virtual/libcrypt:=
 	pcre? ( dev-libs/libpcre:= )
+	pcre2? ( dev-libs/libpcre2:= )
 	pcre-jit? ( dev-libs/libpcre:=[jit] )
 	ssl? (
 		dev-libs/openssl:0=
@@ -308,13 +307,7 @@ CDEPEND="
 	nginx_modules_http_auth_pam? ( sys-libs/pam )
 	nginx_modules_http_metrics? ( dev-libs/yajl:= )
 	nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
-	nginx_modules_http_security? (
-		dev-libs/apr:=
-		dev-libs/apr-util:=
-		dev-libs/libxml2:=
-		net-misc/curl
-		www-servers/apache
-	)
+	nginx_modules_http_security? ( dev-libs/modsecurity )
 	nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
 	nginx_modules_stream_geoip? ( dev-libs/geoip )
 	nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
@@ -324,8 +317,7 @@ RDEPEND="${CDEPEND}
 DEPEND="${CDEPEND}
 	arm? ( dev-libs/libatomic_ops )
 	libatomic? ( dev-libs/libatomic_ops )"
-BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )
-	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )"
+BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )"
 PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
 
 REQUIRED_USE="pcre-jit? ( pcre )
@@ -334,6 +326,8 @@ REQUIRED_USE="pcre-jit? ( pcre )
 	nginx_modules_http_lua? (
 		${LUA_REQUIRED_USE}
 		nginx_modules_http_rewrite
+		pcre
+		!pcre2
 	)
 	nginx_modules_http_naxsi? ( pcre )
 	nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
@@ -376,12 +370,24 @@ src_prepare() {
 	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
 	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
 
+	if use nginx_modules_http_sticky; then
+		cd "${HTTP_STICKY_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_sticky-nginx-1.23.0.patch
+		cd "${S}" || die
+	fi
+
 	if use nginx_modules_http_brotli; then
 		cd "${HTTP_BROTLI_MODULE_WD}" || die
 		eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
 		cd "${S}" || die
 	fi
 
+	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+		cd "${NJS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_javascript_cve_2022-38890.patch
+		cd "${S}" || die
+	fi
+
 	if use nginx_modules_http_upstream_check; then
 		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
 	fi
@@ -392,23 +398,9 @@ src_prepare() {
 		cd "${S}" || die
 	fi
 
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		eautoreconf
-
-		if use nginx_modules_http_lua; then
-			sed -i \
-				-e "s|^\(LUA_PKGNAMES\)=.*|\1=\"${ELUA}\"|" \
-				configure || die
-		fi
-
-		cd "${S}" || die
-	fi
-
 	if use nginx_modules_http_upload_progress; then
 		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+		eapply "${FILESDIR}"/http_uploadprogress-nginx-1.23.0.patch
 		cd "${S}" || die
 	fi
 
@@ -430,27 +422,13 @@ src_prepare() {
 }
 
 src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		./configure \
-			--enable-standalone-module \
-			--disable-mlogc \
-			--with-ssdeep=no \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
-		cd "${S}" || die
-	fi
-
 	local myconf=() http_enabled= mail_enabled= stream_enabled=
 
 	use aio       && myconf+=( --with-file-aio )
 	use debug     && myconf+=( --with-debug )
 	use http2     && myconf+=( --with-http_v2_module )
 	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
+	use pcre      && myconf+=( --with-pcre --without-pcre2 )
 	use pcre-jit  && myconf+=( --with-pcre-jit )
 	use threads   && myconf+=( --with-threads )
 
@@ -545,7 +523,7 @@ src_configure() {
 
 	if use nginx_modules_http_security ; then
 		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD} )
 	fi
 
 	if use nginx_modules_http_push_stream ; then
@@ -655,11 +633,6 @@ src_configure() {
 		myconf+=( --group=${PN} )
 	fi
 
-	local WITHOUT_IPV6=
-	if ! use ipv6; then
-		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
-	fi
-
 	if [[ -n "${EXTRA_ECONF}" ]]; then
 		myconf+=( ${EXTRA_ECONF} )
 		ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
@@ -671,7 +644,7 @@ src_configure() {
 		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
 		--pid-path="${EPREFIX}"/run/${PN}.pid \
 		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${ESYSROOT}/usr/include${WITHOUT_IPV6}" \
+		--with-cc-opt="-I${ESYSROOT}/usr/include" \
 		--with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
 		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
 		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
@@ -689,8 +662,6 @@ src_configure() {
 }
 
 src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
 	# https://bugs.gentoo.org/286772
 	export LANG=C LC_ALL=C
 	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
@@ -803,7 +774,7 @@ src_install() {
 
 	if use nginx_modules_http_security; then
 		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{AUTHORS,CHANGES,README.md}
 	fi
 
 	if use nginx_modules_http_push_stream; then
author	V3n3RiX <venerix@koprulu.sector>	2022-10-19 19:58:53 +0100
committer	V3n3RiX <venerix@koprulu.sector>	2022-10-19 19:58:53 +0100
commit	adab5aeec61fe929e5a817ec8034d98caab9ddbe (patch)
tree	b1edc4f239d68ba31ab2e5ba8def5091023c2691 /www-servers/nginx
parent	12652841746da7ae2f03b8b0c571a9bd5033e15c (diff)