mirror of https://github.com/openresty/openresty
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
397 lines
11 KiB
C
397 lines
11 KiB
C
#!/usr/bin/env bash
|
|
|
|
tarballs=(
|
|
"openresty/lua-nginx-module"
|
|
"openresty/stream-lua-nginx-module"
|
|
"openresty/lua-resty-core"
|
|
"openresty/luajit2"
|
|
"openresty/resty-cli"
|
|
"openresty/lua-cjson"
|
|
"openresty/lua-redis-parser"
|
|
"openresty/lua-rds-parser"
|
|
"openresty/lua-resty-dns"
|
|
"openresty/lua-resty-memcached"
|
|
"openresty/lua-resty-redis"
|
|
"openresty/lua-resty-mysql"
|
|
"openresty/lua-resty-limit-traffic"
|
|
"openresty/lua-resty-upload"
|
|
"openresty/lua-resty-string"
|
|
"openresty/lua-resty-websocket"
|
|
"openresty/lua-resty-lock"
|
|
"openresty/lua-resty-lrucache"
|
|
"openresty/lua-resty-upstream-healthcheck"
|
|
"openresty/lua-tablepool"
|
|
"openresty/lua-resty-signal"
|
|
"openresty/lua-resty-shell"
|
|
"openresty/opm"
|
|
"openresty/lua-upstream-nginx-module"
|
|
"openresty/array-var-nginx-module"
|
|
"openresty/memc-nginx-module"
|
|
"openresty/srcache-nginx-module"
|
|
"openresty/echo-nginx-module"
|
|
"openresty/xss-nginx-module"
|
|
"openresty/set-misc-nginx-module"
|
|
"openresty/rds-json-nginx-module"
|
|
"openresty/rds-csv-nginx-module"
|
|
"openresty/headers-more-nginx-module"
|
|
"openresty/drizzle-nginx-module"
|
|
"openresty/encrypted-session-nginx-module"
|
|
"openresty/ngx_postgres"
|
|
"openresty/redis2-nginx-module"
|
|
"calio/form-input-nginx-module"
|
|
"calio/iconv-nginx-module"
|
|
"simplresty/ngx_devel_kit"
|
|
"FRiCKLE/ngx_coolkit"
|
|
)
|
|
|
|
abs_path() {
|
|
if realpath -m -- $1 2>/dev/null >&2; then
|
|
realpath -m -- $1
|
|
|
|
else
|
|
readlink -f -- $1
|
|
fi
|
|
}
|
|
|
|
root_dir=$(dirname $(abs_path ${BASH_SOURCE[${#BASH_SOURCE[@]} - 1]}/..))
|
|
|
|
apply_nginx_patches() {
|
|
local nginx_dir=$(abs_path $1)
|
|
local nginx_ver=$2
|
|
local prod_patches=$3
|
|
|
|
pushd $nginx_dir
|
|
apply_patch -p1 "nginx-$nginx_ver-upstream_pipelining.patch"
|
|
apply_patch -p1 "nginx-$nginx_ver-no_error_pages.patch"
|
|
apply_patch -p1 "nginx-$nginx_ver-log_escape_non_ascii.patch"
|
|
apply_patch -p1 "nginx-$nginx_ver-dtrace.patch"
|
|
apply_patch -p1 "nginx-$nginx_ver-gcc-maybe-uninitialized-warning.patch"
|
|
apply_patch -p1 "nginx-$nginx_ver-proxy_host_port_vars.patch"
|
|
apply_patch -p1 "nginx-$nginx_ver-cache_manager_exit.patch"
|
|
apply_patch -p1 "nginx-$nginx_ver-larger_max_error_str.patch"
|
|
apply_patch -p1 "nginx-$nginx_ver-pcre_conf_opt.patch"
|
|
apply_patch -p1 "nginx-$nginx_ver-always_enable_cc_feature_tests.patch"
|
|
|
|
# < 1.7.1
|
|
|
|
if version_lt $nginx_ver 1.7.1; then
|
|
apply_patch -p1 "nginx-$nginx_ver-setting_args_invalidates_uri.patch"
|
|
fi
|
|
|
|
# < 1.7.2
|
|
|
|
if version_lt $nginx_ver 1.7.2; then
|
|
apply_patch -p1 "nginx-$nginx_ver-slab_defrag.patch"
|
|
fi
|
|
|
|
# < 1.7.4
|
|
|
|
if version_lt $nginx_ver 1.7.4; then
|
|
apply_patch -p1 "nginx-$nginx_ver-proxy_ssl_handshake_timer.patch"
|
|
apply_patch -p1 "nginx-$nginx_ver-geoip_init_var_fields.patch"
|
|
fi
|
|
|
|
# < 1.7.7
|
|
|
|
if version_lt $nginx_ver 1.7.7; then
|
|
apply_patch -p1 "nginx-$nginx_ver-hash_overflow.patch"
|
|
fi
|
|
|
|
# < 1.7.8
|
|
|
|
if version_lt $nginx_ver 1.7.8; then
|
|
apply_patch -p1 "nginx-$nginx_ver-cache_lock_hang_in_subreq.patch"
|
|
apply_patch -p1 "nginx-$nginx_ver-resolver_del_event_invalid_read.patch"
|
|
fi
|
|
|
|
# < 1.7.9
|
|
|
|
if version_lt $nginx_ver 1.7.9; then
|
|
apply_patch -p1 "nginx-$nginx_ver-location_if_inherits_proxy.patch"
|
|
fi
|
|
|
|
# < 1.9.2
|
|
|
|
if version_lt $nginx_ver 1.9.2; then
|
|
apply_patch -p1 "nginx-$nginx_ver-upstream_filter_finalize.patch"
|
|
fi
|
|
|
|
# > 1.9.5 && < 1.14.1
|
|
# > 1.15.0 && < 1.15.6
|
|
|
|
if version_gte $nginx_ver 1.9.5 && version_lt $nginx_ver 1.14.1 \
|
|
|| version_gte $nginx_ver 1.15.0 && version_lt $nginx_ver 1.15.6; then
|
|
apply_patch -p0 "patch.2018.h2.txt"
|
|
fi
|
|
|
|
# > 1.9.5 && < 1.16.1
|
|
# > 1.17.0 && < 1.17.3
|
|
|
|
if version_gte $nginx_ver 1.9.5 && version_lt $nginx_ver 1.16.1 \
|
|
|| version_gte $nginx_ver 1.17.0 && version_lt $nginx_ver 1.17.3; then
|
|
apply_patch -p0 "patch.2019.h2.txt"
|
|
fi
|
|
|
|
# == 1.9.7
|
|
|
|
if version_eq $nginx_ver 1.9.7; then
|
|
apply_patch -p1 "nginx-$nginx_ver-resolver_security_fixes.patch"
|
|
fi
|
|
|
|
# >= 1.9.7
|
|
|
|
if version_gte $nginx_ver 1.9.7; then
|
|
apply_patch -p1 "nginx-$nginx_ver-ssl_cert_cb_yield.patch"
|
|
fi
|
|
|
|
# < 1.9.12
|
|
|
|
if version_lt $nginx_ver 1.9.12; then
|
|
apply_patch -p0 "patch.2016.write2.txt" \
|
|
"nginx security advisory patches (CVE-2016-4450)"
|
|
|
|
elif version_lt $nginx_ver 1.10.1; then
|
|
# < 1.10.1
|
|
apply_patch -p0 "patch.2016.write.txt" \
|
|
"nginx security advisory patches (CVE-2016-4450)"
|
|
fi
|
|
|
|
# >= 1.9.15
|
|
|
|
if version_gte $nginx_ver 1.9.15; then
|
|
apply_patch -p1 "nginx-$nginx_ver-upstream_timeout_fields.patch"
|
|
fi
|
|
|
|
|
|
# >= 1.9.15 && < 1.17.1
|
|
|
|
if version_gte $nginx_ver 1.9.15 && version_lt $nginx_ver 1.17.1; then
|
|
# renamed in 1.17.1 and above
|
|
apply_patch -p1 "nginx-$nginx_ver-ssl_pending_session.patch"
|
|
fi
|
|
|
|
# >= 1.11.2
|
|
|
|
if version_gte $nginx_ver 1.11.2; then
|
|
apply_patch -p1 "nginx-$nginx_ver-balancer_status_code.patch"
|
|
apply_patch -p1 "nginx-$nginx_ver-builtin_error_page_footer.patch"
|
|
apply_patch -p1 "nginx-$nginx_ver-delayed_posted_events.patch"
|
|
apply_patch -p1 "nginx-$nginx_ver-privileged_agent_process.patch"
|
|
apply_patch -p1 "nginx-$nginx_ver-single_process_graceful_exit.patch"
|
|
apply_patch -p1 "nginx-$nginx_ver-intercept_error_log.patch"
|
|
apply_patch -p1 "nginx-$nginx_ver-safe_resolver_ipv6_option.patch"
|
|
fi
|
|
|
|
# < 1.13.3
|
|
|
|
if version_lt $nginx_ver 1.13.3; then
|
|
apply_patch -p0 "patch.2017.ranges.txt" \
|
|
"nginx security advisory patches (CVE-2017-7529)"
|
|
fi
|
|
|
|
# >= 1.13.3
|
|
|
|
if version_gte $nginx_ver 1.13.3; then
|
|
apply_patch -p1 "nginx-$nginx_ver-stream_balancer_export.patch"
|
|
apply_patch -p1 "nginx-$nginx_ver-stream_proxy_get_next_upstream_tries.patch"
|
|
apply_patch -p1 "nginx-$nginx_ver-stream_proxy_timeout_fields.patch"
|
|
fi
|
|
|
|
# >= 1.13.6
|
|
|
|
if version_gte $nginx_ver 1.13.6; then
|
|
apply_patch -p1 "nginx-$nginx_ver-stream_ssl_preread_no_skip.patch"
|
|
apply_patch -p1 "nginx-$nginx_ver-init_cycle_pool_release.patch"
|
|
apply_patch -p1 "nginx-$nginx_ver-resolver_conf_parsing.patch"
|
|
apply_patch -p1 "nginx-$nginx_ver-daemon_destroy_pool.patch"
|
|
apply_patch -p1 "nginx-$nginx_ver-socket_cloexec.patch"
|
|
fi
|
|
|
|
# < 1.14.1
|
|
# > 1.15.0 && < 1.15.6
|
|
|
|
if version_lt $nginx_ver 1.14.1 \
|
|
|| (version_gte $nginx_ver 1.15.0 && version_lt $nginx_ver 1.15.6); then
|
|
apply_patch -p0 "patch.2018.mp4.txt"
|
|
fi
|
|
|
|
# >= 1.17.1
|
|
|
|
if version_gte $nginx_ver 1.17.1; then
|
|
apply_patch -p1 "nginx-$nginx_ver-ssl_sess_cb_yield.patch"
|
|
apply_patch -p1 "nginx-$nginx_ver-reuseport_close_unused_fds.patch"
|
|
fi
|
|
|
|
# Production patches for release tarballs
|
|
|
|
if [ -n "$prod_patches" ]; then
|
|
sed $"s/NGINX_VERSION \"\.unknown\"/NGINX_VERSION \".$minor_ver\"/" \
|
|
$root_dir/patches/nginx-$nginx_ver-server_header.patch > server_header.patch.tmp
|
|
|
|
apply_patch -p1 $(abs_path server_header.patch.tmp)
|
|
|
|
rm -f server_header.patch.tmp
|
|
|
|
apply_patch -p1 "nginx-$nginx_ver-no_Werror.patch"
|
|
|
|
# >= 1.15.8
|
|
|
|
if version_gte $nginx_ver 1.15.8; then
|
|
apply_patch -p1 "nginx-$nginx_ver-win32_max_err_str.patch"
|
|
fi
|
|
fi
|
|
popd
|
|
}
|
|
|
|
apply_patch() {
|
|
local p=$1
|
|
local patch=$2
|
|
local patch_name
|
|
local patch_path
|
|
|
|
if [ ! -z "$3" ]; then
|
|
patch_name=$3
|
|
|
|
else
|
|
patch_name="$(basename $patch .patch) patch"
|
|
fi
|
|
|
|
if [[ "$patch" = /* ]]; then
|
|
patch_path=$patch
|
|
|
|
else
|
|
patch_path=$root_dir/patches/$patch
|
|
fi
|
|
|
|
info "applying the $patch_name"
|
|
patch $p < $patch_path
|
|
}
|
|
|
|
download() {
|
|
local url=$1
|
|
local out=$2
|
|
|
|
if [ -s $out ]; then
|
|
return 0
|
|
fi
|
|
|
|
if [ -s $work_dir/$out ]; then
|
|
cp $work_dir/$out $out
|
|
return 0
|
|
fi
|
|
|
|
if axel --version 2>/dev/null >&2; then
|
|
axel -o $out $url || rm -f $out
|
|
fi
|
|
|
|
if [ ! -s $out ]; then
|
|
wget -O $out $url || (rm -f $out; fatal "failed to download $url")
|
|
fi
|
|
|
|
if [ -s $out ]; then
|
|
cp $out $work_dir
|
|
fi
|
|
}
|
|
|
|
parse_version() {
|
|
[[ -z $1 ]] && fatal 'missing arg $1 when invoking parse_version()'
|
|
[[ -z $2 ]] && fatal 'missing arg $2 when invoking parse_version()'
|
|
|
|
local ver
|
|
local subj=$1
|
|
|
|
if [[ $subj =~ ^[^0-9]*(.*) ]]; then
|
|
subj=${BASH_REMATCH[1]}
|
|
|
|
local re='^(-rc[0-9]+$)?[.]?([0-9]+|[a-zA-Z]+)?(.*)$'
|
|
|
|
while [[ $subj =~ $re ]]; do
|
|
if [[ ${BASH_REMATCH[1]} != "" ]]; then
|
|
ver="$ver.${BASH_REMATCH[1]}"
|
|
fi
|
|
|
|
if [[ ${BASH_REMATCH[2]} != "" ]]; then
|
|
ver="$ver.${BASH_REMATCH[2]}"
|
|
fi
|
|
|
|
subj="${BASH_REMATCH[3]}"
|
|
if [[ $subj == "" ]]; then
|
|
break
|
|
fi
|
|
done
|
|
|
|
ver="${ver:1}"
|
|
|
|
IFS='.' read -r -a $2 <<< "$ver"
|
|
fi
|
|
}
|
|
|
|
version_eq() {
|
|
local version_a version_b
|
|
|
|
parse_version $1 version_a
|
|
parse_version $2 version_b
|
|
|
|
# Note that we are indexing on the b components, ie: 1.11.100 == 1.11
|
|
for index in "${!version_b[@]}"; do
|
|
[[ "${version_a[index]}" != "${version_b[index]}" ]] && return 1
|
|
done
|
|
|
|
return 0
|
|
}
|
|
|
|
version_lt() {
|
|
local version_a version_b
|
|
|
|
parse_version $1 version_a
|
|
parse_version $2 version_b
|
|
|
|
for index in "${!version_a[@]}"; do
|
|
if [[ ${version_a[index]} =~ ^[0-9]+$ ]]; then
|
|
[[ "${version_a[index]}" -lt "${version_b[index]}" ]] && return 0
|
|
[[ "${version_a[index]}" -gt "${version_b[index]}" ]] && return 1
|
|
|
|
else
|
|
[[ "${version_a[index]}" < "${version_b[index]}" ]] && return 0
|
|
[[ "${version_a[index]}" > "${version_b[index]}" ]] && return 1
|
|
fi
|
|
done
|
|
|
|
return 1
|
|
}
|
|
|
|
version_gt() {
|
|
(version_eq $1 $2 || version_lt $1 $2) && return 1
|
|
return 0
|
|
}
|
|
|
|
version_lte() {
|
|
(version_lt $1 $2 || version_eq $1 $2) && return 0
|
|
return 1
|
|
}
|
|
|
|
version_gte() {
|
|
(version_gt $1 $2 || version_eq $1 $2) && return 0
|
|
return 1
|
|
}
|
|
|
|
info() {
|
|
builtin echo -en "\033[33m"
|
|
builtin echo -en "[INFO] "
|
|
builtin echo -en "\033[0m"
|
|
builtin echo "$@"
|
|
}
|
|
|
|
fatal() {
|
|
builtin echo -en "\033[1;31m"
|
|
builtin echo -en "[FATAL] "
|
|
builtin echo -en "\033[0m"
|
|
builtin echo "$@"
|
|
exit 1
|
|
}
|
|
|
|
pushd() { builtin pushd $1 > /dev/null; }
|
|
popd() { builtin popd > /dev/null; }
|
|
|
|
# vim:set ft=sh ts=4 sts=4 sw=4 et:
|