Bug 282394 - www/angie*: Update 1.3.2 → 1.8.1
Summary: www/angie*: Update 1.3.2 → 1.8.1
Status: In Progress
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Vladimir Druzenko
URL: https://github.com/webserver-llc/angi...
Keywords:
Depends on:
Blocks:
 
Reported: 2024-10-28 22:10 UTC by Jason Tubnor
Modified: 2025-01-24 00:56 UTC (History)
7 users (show)

See Also:
vvd: maintainer-feedback-
vvd: merge-quarterly?


Attachments
Update of core Angie port (6.49 KB, patch)
2024-10-30 04:06 UTC, Jason Tubnor
no flags Details | Diff
Update of modules that have changed since last update (12.81 KB, patch)
2024-10-30 04:07 UTC, Jason Tubnor
no flags Details | Diff
Combined patch for angie and module uplift (14.19 KB, patch)
2024-10-31 03:42 UTC, Jason Tubnor
no flags Details | Diff
patch to bring _only_ www/angie to the current version (867 bytes, patch)
2025-01-23 15:14 UTC, Sebastian
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Jason Tubnor 2024-10-28 22:10:16 UTC
Angie 1.7.0 was released on 20240920. Could the maintainer uplift the port when possible please?
Comment 1 Vladimir Druzenko freebsd_committer freebsd_triage 2024-10-29 16:01:56 UTC
You can speed this up if you prepare a patch.
Comment 2 Jason Tubnor 2024-10-30 04:06:02 UTC
Created attachment 254631 [details]
Update of core Angie port

This is the core www/angie port. Updated modules to follow.
Comment 3 Jason Tubnor 2024-10-30 04:07:15 UTC
Created attachment 254632 [details]
Update of modules that have changed since last update

Update of www/angie-modules-* and main www/angie distfile
Comment 4 Vladimir Druzenko freebsd_committer freebsd_triage 2024-10-30 11:10:04 UTC
I think better merge patches - look at www/angie/distinfo: in one patch you remove all modules and in another you add back all modules.

Waiting maintainer approval or timeout 2 weeks.

Can you please post link to changelog?
Comment 5 Jason Tubnor 2024-10-31 03:42:42 UTC
Created attachment 254785 [details]
Combined patch for angie and module uplift

This resolves the distinfo issue that was split between the previous two patches.
Comment 6 Jason Tubnor 2024-10-31 05:13:25 UTC
Full release history from the existing 1.3.2 version (23 Nov 2023) to 1.7.0 (20 Sep 2024) - 9 releases - can be found here:

https://github.com/webserver-llc/angie/releases

Besides new features it also includes numerous bug and CVE fixes.
Comment 7 Vladimir Druzenko freebsd_committer freebsd_triage 2024-10-31 10:46:15 UTC
(In reply to Jason Tubnor from comment #6)
ok.

There is older PR with update to 1.4.1: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277516
Comment 8 Jason Tubnor 2024-10-31 21:35:56 UTC
I didn't get that error in my build and package of 1.7.0 and associated modules.

I did update the www/angie-module-lua/Makefile RUN_DEPENDS to move from lua-resty-core==0.1.28 to >=0.1.29

RUN_DEPENDS=    angie-module-ndk==${PKGVERSION}:www/angie-module-ndk \
                lua-resty-core>=0.1.29:www/lua-resty-core

FWIW, the patch files did need updating in that module to ensure they applied correctly.
Comment 9 Jason Tubnor 2024-11-15 03:17:01 UTC
No input from maintainer after 2 week timeout. Could someone from ports action this now please? I'm happy to become maintainer if required. Thanks.
Comment 10 Vladimir Druzenko freebsd_committer freebsd_triage 2024-11-17 00:11:44 UTC
> No input from maintainer after 2 week timeout. Could someone from ports action this now please?
Yes, maintainer timeout.

> I'm happy to become maintainer if required. Thanks.
Look like maintainer Oleg A. Mamontov is active: https://cgit.freebsd.org/ports/log/www/angie
Maybe he is busy now or at vacations.

I'll commit, but without change maintainership now.
Comment 11 Vladimir Druzenko freebsd_committer freebsd_triage 2024-11-17 00:15:19 UTC
I see multiple CVEs was fixed (https://github.com/webserver-llc/angie/releases) - merge-quarterly?
Comment 12 Vladimir Druzenko freebsd_committer freebsd_triage 2024-11-17 00:43:08 UTC
=======================<phase: stage          >============================
===== env: DEVELOPER_MODE=yes STRICT_DEPENDS=yes USER=nobody UID=65534 GID=65534
===>  Staging for angie-module-njs-1.7.0
===>   angie-module-njs-1.7.0 depends on package: angie==1.7.0 - found
===>   Generating temporary packing list
/bin/mkdir -p /wrkdirs/usr/ports/www/angie-module-njs/work/stage/usr/local/share/doc/angie-module-njs
/bin/mkdir -p /wrkdirs/usr/ports/www/angie-module-njs/work/stage/usr/local/libexec/angie
install  -s -m 0644 /wrkdirs/usr/ports/www/angie-module-njs/work/angie-1.7.0/objs/ngx_http_js_module.so /wrkdirs/usr/ports/www/angie-module-njs/work/stage/usr/local/libexec/angie
install  -s -m 0644 /wrkdirs/usr/ports/www/angie-module-njs/work/angie-1.7.0/objs/ngx_stream_js_module.so /wrkdirs/usr/ports/www/angie-module-njs/work/stage/usr/local/libexec/angie
install  -m 444 /wrkdirs/usr/ports/www/angie-module-njs/work/njs-0.8.7/CHANGES /wrkdirs/usr/ports/www/angie-module-njs/work/stage/usr/local/share/doc/angie-module-njs
install  -m 444 /wrkdirs/usr/ports/www/angie-module-njs/work/njs-0.8.7/README /wrkdirs/usr/ports/www/angie-module-njs/work/stage/usr/local/share/doc/angie-module-njs
install: /wrkdirs/usr/ports/www/angie-module-njs/work/njs-0.8.7/README: No such file or directory
*** Error code 71

Stop.
make: stopped in /usr/ports/www/angie-module-njs
build of www/angie-module-njs | angie-module-njs-1.7.0 ended at Sun Nov 17 03:42:11 MSK 2024
build time: 00:00:27
!!! build failure encountered !!!
[00:00:34] Error: Build failed in phase: stage
[00:00:34] Logs: /vm3/poudriere/data/logs/bulk/141amd64-main/2024-11-17_03h41m38s
[00:00:34] Cleaning up
[00:00:34] Unmounting file systems
Comment 13 Vladimir Druzenko freebsd_committer freebsd_triage 2024-11-17 01:01:12 UTC
1. www/angie-module-njs/Makefile:
-.for i in CHANGES README
+.for i in CHANGES README.md SECURITY.md SUPPORT.md

www/angie-module-njs/pkg-plist:
-%%DOCSDIR%%/README
+%%DOCSDIR%%/README.md
+%%DOCSDIR%%/SECURITY.md
+%%DOCSDIR%%/SUPPORT.md

2. Warning: you need USE_GNOME+=libxml2
Warning: you might not need LIB_DEPENDS on libedit.so.0
www/angie-module-njs/Makefile:
-USES=           libedit
+USES=           gnome
+USE_GNOME=      libxml2

3. I tested build in poudriere 14.1 amd64 all angie* modules:
for P in angie-module-auth-jwt angie-module-auth-spnego angie-module-brotli angie-module-cache-purge angie-module-dav-ext angie-module-echo angie-module-enhanced-memcached angie-module-eval angie-module-geoip2 angie-module-headers-more angie-module-image-filter angie-module-jwt angie-module-keyval angie-module-lua angie-module-ndk angie-module-njs angie-module-perl angie-module-postgres angie-module-redis2 angie-module-rtmp angie-module-set-misc angie-module-subs angie-module-testcookie angie-module-upload angie-module-vod angie-module-xslt; do poudriere testport -j 141amd64 -p main -o www/$P; done

I found one build error and during fix it found several thing must be fixed too - check 1. and 2.
Please check every updated module for changes like I found in www/angie-module-njs: new/removed docs, new/removed required libs and etc.
Comment 14 Jason Tubnor 2024-11-17 05:22:00 UTC
I built against HEAD and didn't come across these issues. I also built each module and only came across one issue with angie-module-lua.

Note: I didn't use poudriere to do the build, I followed the standard documentation.

I'll revisit the concerns mentioned and also build against 14.1.

Yes, quarterly will need to be uplifted because of the security concerns.
Comment 15 Vladimir Druzenko freebsd_committer freebsd_triage 2024-12-20 09:08:54 UTC
ping

We can skip merge-quarterly - ~2 week left till 2025Q1.
Comment 16 Vedran Miletic 2024-12-20 09:40:18 UTC
FWIW, 1.8.0 is already out: https://github.com/webserver-llc/angie/releases/tag/Angie-1.8.0
Comment 17 Vladimir Druzenko freebsd_committer freebsd_triage 2025-01-07 10:59:42 UTC
ping
Comment 18 Sebastian 2025-01-23 15:14:30 UTC
Created attachment 256935 [details]
patch to bring _only_ www/angie to the current version

*bump*

Version 1.8.1 is out - it builds fine with poudriere on quarterly and latest for 13.4-RELEASE and 14.2-RELEASE.
All modules (as currently present in ports) build fine against that Version except for lua and that has been broken for ages anyways (the patch from Jason Tubnor might fix that?).

This port has been stuck for over a year and is hence missing several security fixes, so I'd propose/urge that we please bring angie to the latest version first and then deal with updating and unbreaking modules later in separate PRs.

I attached the patch for just that version bump of www/angie.
Comment 19 Vladimir Druzenko freebsd_committer freebsd_triage 2025-01-23 22:02:02 UTC
Committing www/angie and waiting patches for other www/angie*.
Comment 20 commit-hook freebsd_committer freebsd_triage 2025-01-23 22:21:31 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=8b183145b96b912496c831e8216db7abaee0b00b

commit 8b183145b96b912496c831e8216db7abaee0b00b
Author:     Sebastian <sko@rostwald.de>
AuthorDate: 2025-01-23 22:12:28 +0000
Commit:     Vladimir Druzenko <vvd@FreeBSD.org>
CommitDate: 2025-01-23 22:19:45 +0000

    www/angie: Update 1.3.2 → 1.8.1

    Security fixes:
    * Processing a specially crafted MP4 file with the ngx_http_mp4_module
      could cause a worker process crash (CVE-2024-7347); the fix was
      ported from nginx 1.27.1.
    * When using HTTP/3, processing of a specially crafted QUIC session
      could cause a worker process crash, worker process memory disclosure
      on systems with MTU larger than 4096 bytes, or have other impact
      (CVE-2024-32760, CVE-2024-31079, CVE-2024-35200, CVE-2024-34161);
      the fix has been ported from nginx 1.26.1.
    * When using HTTP/3, a segmentation error may have occured in a worker
      process while processing a specially crafted QUIC session
      (CVE-2024-24989); note that Angie as of 1.4.0 is already not
      vulnerable to CVE-2024-24990.

    Changelogs:
    https://github.com/webserver-llc/angie/releases/tag/Angie-1.4.0
    https://github.com/webserver-llc/angie/releases/tag/Angie-1.4.1
    https://github.com/webserver-llc/angie/releases/tag/Angie-1.5.0
    https://github.com/webserver-llc/angie/releases/tag/Angie-1.5.1
    https://github.com/webserver-llc/angie/releases/tag/Angie-1.5.2
    https://github.com/webserver-llc/angie/releases/tag/Angie-1.6.0
    https://github.com/webserver-llc/angie/releases/tag/Angie-1.6.1
    https://github.com/webserver-llc/angie/releases/tag/Angie-1.6.2
    https://github.com/webserver-llc/angie/releases/tag/Angie-1.7.0
    https://github.com/webserver-llc/angie/releases/tag/Angie-1.8.0
    https://github.com/webserver-llc/angie/releases/tag/Angie-1.8.1

    PR:             282394
    Approved by:    oleg@mamontov.net (maintainer, timeout 3 mounts)

 www/angie/Makefile  | 4 ++--
 www/angie/distinfo  | 6 +++---
 www/angie/pkg-plist | 1 -
 3 files changed, 5 insertions(+), 6 deletions(-)
Comment 21 Vladimir Druzenko freebsd_committer freebsd_triage 2025-01-23 22:29:26 UTC
nginx-auth-jwt have self versioning: https://github.com/kjdev/nginx-auth-jwt/tags, but port www/angie-module-auth-jwt use version from www/angie - it looks wrong to me.
Comment 22 commit-hook freebsd_committer freebsd_triage 2025-01-23 22:58:37 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=03e70d8bb7163e635a81c82ce346a05616d7fbda

commit 03e70d8bb7163e635a81c82ce346a05616d7fbda
Author:     Vladimir Druzenko <vvd@FreeBSD.org>
AuthorDate: 2025-01-23 22:56:02 +0000
Commit:     Vladimir Druzenko <vvd@FreeBSD.org>
CommitDate: 2025-01-23 22:56:02 +0000

    www/angie-module-auth-jwt: Update 1.3.2 → 1.8.1

    Changelogs:
    https://github.com/kjdev/nginx-auth-jwt/releases/tag/0.8.0
    https://github.com/kjdev/nginx-auth-jwt/releases/tag/0.9.0

    PR:             282394
    Approved by:    oleg@mamontov.net (maintainer, timeout 3 mounts)

 www/angie-module-auth-jwt/Makefile | 2 +-
 www/angie/distinfo                 | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)
Comment 23 commit-hook freebsd_committer freebsd_triage 2025-01-23 23:11:40 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=d034415316cbea94f9311c6fa3ba806858b0cd57

commit d034415316cbea94f9311c6fa3ba806858b0cd57
Author:     Jason Tubnor <jason@tubnor.net>
AuthorDate: 2025-01-23 23:09:01 +0000
Commit:     Vladimir Druzenko <vvd@FreeBSD.org>
CommitDate: 2025-01-23 23:09:01 +0000

    www/angie-module-headers-more: Update 1.3.2 → 1.8.1

    Changelogs:
    https://github.com/openresty/headers-more-nginx-module/releases/tag/v0.36
    https://github.com/openresty/headers-more-nginx-module/releases/tag/v0.37

    PR:             282394
    Approved by:    oleg@mamontov.net (maintainer, timeout 3 mounts)

 www/angie-module-headers-more/Makefile | 2 +-
 www/angie/distinfo                     | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)
Comment 24 commit-hook freebsd_committer freebsd_triage 2025-01-23 23:16:43 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=2928d6749d6a96cd17bacea519dfb56b0b500b38

commit 2928d6749d6a96cd17bacea519dfb56b0b500b38
Author:     Jason Tubnor <jason@tubnor.net>
AuthorDate: 2025-01-23 23:14:40 +0000
Commit:     Vladimir Druzenko <vvd@FreeBSD.org>
CommitDate: 2025-01-23 23:14:40 +0000

    www/angie-module-jwt: Update 1.3.2 → 1.8.1

    Changelogs:
    https://github.com/max-lt/nginx-jwt-module/releases/tag/v3.3.0
    https://github.com/max-lt/nginx-jwt-module/releases/tag/v3.4.0
    https://github.com/max-lt/nginx-jwt-module/releases/tag/v3.4.1
    https://github.com/max-lt/nginx-jwt-module/releases/tag/v3.4.2

    PR:             282394
    Approved by:    oleg@mamontov.net (maintainer, timeout 3 mounts)

 www/angie-module-jwt/Makefile | 2 +-
 www/angie/distinfo            | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)
Comment 25 commit-hook freebsd_committer freebsd_triage 2025-01-23 23:19:45 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=10ada51f9516feecf7d6a2bb4d5d00bd3ad9cc42

commit 10ada51f9516feecf7d6a2bb4d5d00bd3ad9cc42
Author:     Jason Tubnor <jason@tubnor.net>
AuthorDate: 2025-01-23 23:18:14 +0000
Commit:     Vladimir Druzenko <vvd@FreeBSD.org>
CommitDate: 2025-01-23 23:18:14 +0000

    www/angie-module-keyval: Update 1.3.2 → 1.8.1

    Changelog:
    https://github.com/kjdev/nginx-keyval/releases/tag/0.3.0

    PR:             282394
    Approved by:    oleg@mamontov.net (maintainer, timeout 3 mounts)

 www/angie-module-keyval/Makefile | 2 +-
 www/angie/distinfo               | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)
Comment 26 commit-hook freebsd_committer freebsd_triage 2025-01-23 23:32:47 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=b8a84bb0dc8e24569fed05b4792dad2b642c1340

commit b8a84bb0dc8e24569fed05b4792dad2b642c1340
Author:     Vladimir Druzenko <vvd@FreeBSD.org>
AuthorDate: 2025-01-23 23:30:35 +0000
Commit:     Vladimir Druzenko <vvd@FreeBSD.org>
CommitDate: 2025-01-23 23:30:35 +0000

    www/angie-module-lua: Update 1.3.2 → 1.8.1

    Changelogs:
    https://github.com/openresty/lua-nginx-module/releases/tag/v0.10.26
    https://github.com/openresty/lua-nginx-module/releases/tag/v0.10.27
    https://github.com/openresty/lua-nginx-module/releases/tag/v0.10.28
    https://github.com/openresty/stream-lua-nginx-module/releases/tag/v0.0.14
    https://github.com/openresty/stream-lua-nginx-module/releases/tag/v0.0.15
    https://github.com/openresty/stream-lua-nginx-module/releases/tag/v0.0.16
    https://github.com/vision5/ngx_devel_kit/releases/tag/v0.3.3

    PR:             282394
    Approved by:    oleg@mamontov.net (maintainer, timeout 3 mounts)

 www/angie-module-lua/Makefile                      |  8 +++----
 www/angie-module-lua/files/patch-lua-config        |  4 ++--
 www/angie-module-lua/files/patch-stream-lua-config | 25 +++++++---------------
 www/angie/distinfo                                 | 12 +++++------
 4 files changed, 20 insertions(+), 29 deletions(-)
Comment 27 commit-hook freebsd_committer freebsd_triage 2025-01-23 23:35:50 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=b56503bf3ab5b5690b7e29fb1b772e443d8b64e3

commit b56503bf3ab5b5690b7e29fb1b772e443d8b64e3
Author:     Jason Tubnor <jason@tubnor.net>
AuthorDate: 2025-01-23 23:34:17 +0000
Commit:     Vladimir Druzenko <vvd@FreeBSD.org>
CommitDate: 2025-01-23 23:34:17 +0000

    www/angie-module-ndk: Update 1.3.2 → 1.8.1

    Changelog:
    https://github.com/vision5/ngx_devel_kit/releases/tag/v0.3.3

    PR:             282394
    Approved by:    oleg@mamontov.net (maintainer, timeout 3 mounts)

 www/angie-module-ndk/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 28 commit-hook freebsd_committer freebsd_triage 2025-01-23 23:47:53 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=9852253aed897510362436add61bc5fe83009a13

commit 9852253aed897510362436add61bc5fe83009a13
Author:     Vladimir Druzenko <vvd@FreeBSD.org>
AuthorDate: 2025-01-23 23:43:52 +0000
Commit:     Vladimir Druzenko <vvd@FreeBSD.org>
CommitDate: 2025-01-23 23:46:34 +0000

    www/angie-module-njs: Update 1.3.2 → 1.8.1

    Changelogs:
    https://github.com/nginx/njs/blob/0.8.9/CHANGES

    PR:             282394
    Approved by:    oleg@mamontov.net (maintainer, timeout 3 mounts)

 www/angie-module-njs/Makefile  | 7 ++++---
 www/angie-module-njs/pkg-plist | 4 +++-
 www/angie/distinfo             | 4 ++--
 3 files changed, 9 insertions(+), 6 deletions(-)
Comment 29 commit-hook freebsd_committer freebsd_triage 2025-01-23 23:51:55 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=8052091196f84673bf1b7a8ed94c12bee7430269

commit 8052091196f84673bf1b7a8ed94c12bee7430269
Author:     Jason Tubnor <jason@tubnor.net>
AuthorDate: 2025-01-23 23:50:37 +0000
Commit:     Vladimir Druzenko <vvd@FreeBSD.org>
CommitDate: 2025-01-23 23:51:28 +0000

    www/angie-module-set-misc: Update 1.3.2 → 1.8.1

    Changelog:
    https://github.com/vision5/ngx_devel_kit/releases/tag/v0.3.3

    PR:             282394
    Approved by:    oleg@mamontov.net (maintainer, timeout 3 mounts)

 www/angie-module-set-misc/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 30 commit-hook freebsd_committer freebsd_triage 2025-01-24 00:48:01 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=a39c4342aff708eabd6a29d8065b37226e6d8dbe

commit a39c4342aff708eabd6a29d8065b37226e6d8dbe
Author:     Jason Tubnor <jason@tubnor.net>
AuthorDate: 2025-01-24 00:39:54 +0000
Commit:     Vladimir Druzenko <vvd@FreeBSD.org>
CommitDate: 2025-01-24 00:47:23 +0000

    www/angie-module-vod: Update 1.3.2 → 1.8.1

    Changelog:
    https://github.com/kaltura/nginx-vod-module/releases/tag/1.33

    PR:             282394
    Approved by:    oleg@mamontov.net (maintainer, timeout 3 mounts)

 www/angie-module-vod/Makefile | 2 +-
 www/angie/distinfo            | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)
Comment 31 Vladimir Druzenko freebsd_committer freebsd_triage 2025-01-24 00:56:06 UTC
We've made some progress!

Committed www/angie and modules updated by Jason Tubnor and Sebastian with my patches and several updates.

All updated and not updated modules (www/angie*) build fine in poudriere 14.2 amd64.

List of not updated modules:
angie-module-auth-spnego
angie-module-brotli
angie-module-cache-purge
angie-module-dav-ext
angie-module-echo
angie-module-enhanced-memcached
angie-module-eval
angie-module-geoip2
angie-module-image-filter
angie-module-perl
angie-module-postgres
angie-module-redis2
angie-module-rtmp
angie-module-subs
angie-module-testcookie
angie-module-upload
angie-module-xslt

Now we need someone to check the updates to these modules, update them and make patches.