nginx and nginx-devel download http-auth-digest from https://github.com/samizdatco/nginx-http-auth-digest but it's not maintained the last 4 years. Please use this fork instead: https://github.com/atomx/nginx-http-auth-digest For example it fixes an issue with nginx not shutdown because the cleanup timer always just recreates the timer every time the handler is called. After you change the download url you can remove patch from https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=199758
Please don't do something yet. I will contact nginx developers and ask to change it on their source to avoid an extra patch. If it goes to nginx-devel or/and nginx I will update this bug report and ask you to remove this patch: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=199758
I just read the port Makefile and found that the files are fetched from FreeBSD servers, right? So I guess that you can upload the files from https://github.com/atomx/nginx-http-auth-digest and remove the patch described here: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=199758
Created attachment 162369 [details] nginx http auth digest patch Ok I found what is going on and create a patch for Makefile. Also I see that nginx website already shows the new fork: https://www.nginx.com/resources/wiki/modules/
Created attachment 162402 [details] New patch for Makefile
Created attachment 162404 [details] Revert commit that breaks Awstats authentication More information here: https://github.com/atomx/nginx-http-auth-digest/issues/2
A commit references this bug: Author: osa Date: Mon Apr 4 23:01:34 UTC 2016 New revision: 412535 URL: https://svnweb.freebsd.org/changeset/ports/412535 Log: Change the third-party http_auth_digest module location and upgrade it. Previous location no longer supported by developers. PR: 203967 Changes: head/www/nginx/Makefile head/www/nginx/distinfo head/www/nginx-devel/Makefile head/www/nginx-devel/distinfo
Hello, I've just committed my version of the patch. Thanks for report!
A commit references this bug: Author: junovitch Date: Sun Jun 5 17:44:04 UTC 2016 New revision: 416407 URL: https://svnweb.freebsd.org/changeset/ports/416407 Log: MFH: r412446 r412447 r412449 r412450 r412534 r412535 r412555 r412588 r412645 r412858 r412862 r413165 r413379 r413380 r413662 Apply CVE-2016-4450 patches to www/nginx and www/nginx-devel following a sync with r413662 from head before the major release updates to 1.10.x and 1.11.x and configuration change requirement brought about by dynamic module support. - Enable several vendor's modules to be in sync with vendor's original packages for some linux distros, please see http://nginx.org/en/linux_packages.html for details. - Upgrade nginx-devel from 1.9.12 to 1.9.15; remove needless vendor patches. Add/upgrade third-party modules: o) Upgrade third-party brotli module from 86998c6 to 2fc6f12. o) Add AWS proxy third-party module. o) Change the third-party http_auth_digest module location and upgrade it. Previous location no longer supported by developers. o) Upgrade third-party nchan (formerly http_push) module from 0.99.8 to 0.99.11. o) Enable vendor's http_realip module by default. o) Upgrade third-party njs module from 50fbb3b to c4a5f2b. o) Upgrade third-party tarantool module from 966f2f5 to 3599ba0. o) Add third-party upstream check module. o) Upgrade push from 0.99.11 to 0.99.12; o) Upgrade lua from 7410339 to d44f8e0; o) Upgrade shibboleth from 20150121 to 4f1119b. PR: 208499 203967 208380 Security: CVE-2016-4450 Security: https://vuxml.FreeBSD.org/freebsd/36cf7670-2774-11e6-af29-f0def16c5c1b.html Approved by: ports-secteam (with hat) Changes: _U branches/2016Q2/ branches/2016Q2/www/nginx/Makefile branches/2016Q2/www/nginx/distinfo branches/2016Q2/www/nginx/files/extra-patch-ngx_http_tarantool-config branches/2016Q2/www/nginx/files/extra-patch-ngx_http_upstream_fair_module.c branches/2016Q2/www/nginx/files/extra-patch-src-http-modules-ngx_http_upstream_hash_module.c branches/2016Q2/www/nginx/files/extra-patch-src-http-modules-ngx_http_upstream_ip_hash_module.c branches/2016Q2/www/nginx/files/extra-patch-src-http-modules-ngx_http_upstream_least_conn_module.c branches/2016Q2/www/nginx/files/extra-patch-src-http-ngx_http_upstream_round_robin.c branches/2016Q2/www/nginx/files/extra-patch-src-http-ngx_http_upstream_round_robin.h branches/2016Q2/www/nginx/files/patch-CVE-2016-4450 branches/2016Q2/www/nginx-devel/Makefile branches/2016Q2/www/nginx-devel/distinfo branches/2016Q2/www/nginx-devel/files/extra-patch-ngx_http_tarantool-config branches/2016Q2/www/nginx-devel/files/extra-patch-ngx_http_upstream_fair_module.c branches/2016Q2/www/nginx-devel/files/extra-patch-src-http-modules-ngx_http_upstream_hash_module.c branches/2016Q2/www/nginx-devel/files/extra-patch-src-http-modules-ngx_http_upstream_ip_hash_module.c branches/2016Q2/www/nginx-devel/files/extra-patch-src-http-modules-ngx_http_upstream_least_conn_module.c branches/2016Q2/www/nginx-devel/files/extra-patch-src-http-ngx_http_upstream_round_robin.c branches/2016Q2/www/nginx-devel/files/extra-patch-src-http-ngx_http_upstream_round_robin.h branches/2016Q2/www/nginx-devel/files/patch-CVE-2016-4450 branches/2016Q2/www/nginx-devel/files/patch-auto-make branches/2016Q2/www/nginx-devel/files/patch-perl-as-dynamic-module