Update nginx to v1.25.3

Removed the hpack enc patch since push support has been dropped
mangadventure · Nov 25, 2023 · 0d8d7f0 · 0d8d7f0
1 parent 185b32d
commit 0d8d7f0
Show file tree

Hide file tree

Showing 7 changed files with 30 additions and 1,050 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,6 +1,6 @@
 FROM alpine:3.18
 
-ARG NGINX_VERSION=1.25.0
+ARG NGINX_VERSION=1.25.3
 
 COPY patches /tmp/patches
 
@@ -18,17 +18,17 @@ RUN addgroup -S nginx \
         cmake \
         curl \
         git \
-        perl \
-        pcre2-dev \
         liburing-dev \
         linux-headers \
         make \
         mimalloc2-dev \
+        pcre2-dev \
+        perl \
         tar \
         zlib-dev \
         zstd-dev \
     && mkdir -p /usr/src/nginx /etc/ssl /etc/letsencrypt /etc/nginx/sites-enabled \
-    && git clone --depth=1 --branch=openssl-3.0.10+quic \
+    && git clone --depth=1 --branch=openssl-3.1.4+quic \
         https://github.com/quictls/openssl /usr/src/openssl \
     && git clone --depth=1 --shallow-submodules --recursive \
         https://github.com/google/ngx_brotli /usr/src/ngx_brotli \
@@ -71,7 +71,6 @@ RUN addgroup -S nginx \
         --with-http_slice_module \
         --with-http_ssl_module \
         --with-http_v2_module \
-        --with-http_v2_hpack_enc \
         --with-http_v3_module \
         --without-http_browser_module \
         --without-http_empty_gif_module \

diff --git a/README.adoc b/README.adoc
@@ -8,4 +8,12 @@ An Arch Linux PKGBUILD is provided as well.
 * https://github.com/hakasenyang/openssl-patch/blob/master/nginx_io_uring.patch[io_uring support]
 * https://github.com/hakasenyang/openssl-patch/blob/master/remove_nginx_server_header.patch[no server header]
 * https://github.com/cloudflare/sslconfig/blob/master/patches/nginx__dynamic_tls_records.patch[dynamic TLS records]
-* https://github.com/centminmod/centminmod/blob/130.00beta01/patches/cloudflare/nginx-1.25.0_http2-hpack.patch[HTTP/2 HPACK]
+
+=== Dynamic modules
+
+* https://github.com/google/ngx_brotli[brotli]
+* https://github.com/tokers/zstd-nginx-module[zstd]
+* https://github.com/grahamedgecombe/nginx-ct[ct]
+* https://github.com/vozlt/nginx-module-vts[vts]
+* https://github.com/openresty/memc-nginx-module[memc]
+* https://github.com/openresty/redis2-nginx-module[redis2]
diff --git a/arch/.gitignore b/arch/.gitignore
@@ -1,5 +1,6 @@
 *.tar.gz
 *.pkg.*
+*.log
 dhparam.pem
 openssl/
 ngx_*/

diff --git a/arch/004-hpack-enc.patch b/arch/004-hpack-enc.patch
diff --git a/arch/PKGBUILD b/arch/PKGBUILD
@@ -1,23 +1,28 @@
 # Maintainer: ObserverOfTime <[email protected]>
 
 pkgname=nginx-custom
-pkgver=1.25.0
+pkgver=1.25.3
 pkgrel=1
 pkgdesc='Lightweight HTTP server and IMAP/POP3 proxy server (custom build)'
 arch=(x86_64)
 url='https://nginx.org'
 license=(custom)
 conflicts=(nginx)
 provides=("nginx=${pkgver%+*}")
-depends=(pcre2 zlib libxcrypt liburing mimalloc)
+depends=(libxcrypt liburing mimalloc pcre2 zlib)
 makedepends=(git zstd)
+optdependes=(
+  'brotli: brotli module'
+  'memcached: memc module'
+  'redis: redis2 module'
+)
 backup=(etc/nginx/nginx.conf
         etc/nginx/uwsgi_params
         etc/nginx/mime.types
         etc/nginx/default.vhost
         etc/logrotate.d/nginx)
 source=(nginx-${pkgver}.tar.gz::https://hg.nginx.org/nginx/archive/release-${pkgver}.tar.gz
-        git+https://github.com/quictls/openssl#branch=openssl-3.0.10+quic
+        git+https://github.com/quictls/openssl#branch=openssl-3.1.4+quic
         ngx_brotli::git+https://github.com/google/ngx_brotli
         ngx_zstd::git+https://github.com/tokers/zstd-nginx-module
         ngx_ct::git+https://github.com/grahamedgecombe/nginx-ct
@@ -32,9 +37,8 @@ source=(nginx-${pkgver}.tar.gz::https://hg.nginx.org/nginx/archive/release-${pkg
         default.vhost
         001-io-uring.patch
         002-no-server-header.patch
-        003-dynamic-tls.patch
-        004-hpack-enc.patch)
-b2sums=('d72941977e4061487b43a206bc7e3b2d9d84ac60c42f792d3adef9ca38139278f68fc2cce6feaf3334f137ff59ed0ea030d2081065ee043cda5edf1cc93cd6b9'
+        003-dynamic-tls.patch)
+b2sums=('613d5ac8acdc7eed02c22b5db66bfd03d76cf0fb8fcfbb80ba904a6b91d1a1f7a2f59cfad0dd3005ec6ba730ea8b7bdb9fc3f0ac9971ab6188118822947b3034'
         'SKIP' 'SKIP' 'SKIP' 'SKIP' 'SKIP' 'SKIP' 'SKIP'
         'e5b3af3eba36bac8c281d773cd90efb8de977a1241e246060661d5c1d436d537ff74b03d137a2bb4a7752339e98e9073ab803bc214a84906498f2383ecad07ff'
         '5aa8dab4d6517fc09a96f2ced5c85a67a44878da4c5cde1031a089609d3d32505d0cb45e6842a1502cc6f09e03eef08ee0ce6826b73bcfdd8087b0b695f0801c'
@@ -44,8 +48,7 @@ b2sums=('d72941977e4061487b43a206bc7e3b2d9d84ac60c42f792d3adef9ca38139278f68fc2c
         'f1d39725a26859bd5a72256e301ce585fee7e6aeba75dcf52328697cb2dac4d7daaabda7f4f148a9401c10208412d4b6b350d73a89bde1e7c24802509e02d87a'
         'fd58f913dd397ce7c5bc8af92d8946a48dc0686c7f4879d87b68ccf78950867c7c067060dcfc4f30daadeb81e494cc2bea6e3447637bf198de453daa97a7a533'
         'ffe84842a3f5e9db9fef52d5437feb6c278cbb3d20c2d4b4a836feb0475335a0946a2418c53b38f31d428bba7755dbb5c8a5080d5ffdbe8ff1b388e97878c95e'
-        '7f6364c416676af03f245b3ed978e51e0f62198941d1ee287ffec5a4607e53359172a2bfea29671b5e6ad490ea1ed9129900d6b205251e6a1cdad2887a4bb475'
-        '20c22df12ad3983424d16668b0cd4d99364be3c1ae9894c3750917cd26ed99659cbbf1fc0d325397f8f88bef56192108b84f64a876c768ff02b595e19a7e3ab1')
+        '0a3ce87ad3cb3e4d9e569438d0febeb6457abd4f9032191b08f38c84ba5a628a4182541f8573c92187b895ab127ee8ff35e94020455556a320d1f7e270d6e8b1')
 
 prepare() {
   msg2 'Updating brotli submodule'
@@ -61,9 +64,6 @@ prepare() {
 
   msg2 'Applying dynamic TLS records patch'
   patch --no-backup-if-mismatch -Np1 -i ../003-dynamic-tls.patch
-
-  msg2 'Applying HPACK encoding patch'
-  patch --no-backup-if-mismatch -Np1 -i ../004-hpack-enc.patch
 }
 
 build() {
@@ -98,7 +98,6 @@ build() {
     --with-http_slice_module \
     --with-http_ssl_module \
     --with-http_v2_module \
-    --with-http_v2_hpack_enc \
     --with-http_v3_module \
     --without-http_browser_module \
     --without-http_empty_gif_module \
@@ -155,7 +154,7 @@ package() {
   install -Dm644 docs/text/LICENSE "$pkgdir"/usr/share/licenses/${pkgname}/LICENSE
 
   for f in objs/ngx_*_module.so; do
-    install -Dm644 $f "$pkgdir"/var/lib/nginx/modules
+    install -Dm644 "$f" "$pkgdir"/var/lib/nginx/modules
   done
 
   for d in ftdetect ftplugin indent syntax; do

diff --git a/patches/003-dynamic-tls.patch b/patches/003-dynamic-tls.patch
@@ -218,10 +218,10 @@ diff --git a/src/http/modules/ngx_http_ssl_module.h b/src/http/modules/ngx_http_
 index 26fdccf..b14b52a 100644
 --- a/src/http/modules/ngx_http_ssl_module.h
 +++ b/src/http/modules/ngx_http_ssl_module.h
-@@ -67,6 +67,12 @@ typedef struct {
-
-     u_char                         *file;
-     ngx_uint_t                      line;
+@@ -62,6 +62,12 @@ typedef struct {
+     ngx_flag_t                      stapling_verify;
+     ngx_str_t                       stapling_file;
+     ngx_str_t                       stapling_responder;
 +
 +    ngx_flag_t                      dyn_rec_enable;
 +    ngx_msec_t                      dyn_rec_timeout;