www/nginx-devel: security update from 1.27.5 to 1.28.0

<ChangeLog>

*) 1.28.x stable branch.

*) Bugfix: nginx could not be built by gcc 15 if ngx_http_v2_module or
   ngx_http_v3_module modules were used.

*) Bugfix: nginx might not be built by gcc 14 or newer with -O3 -flto
   optimization if ngx_http_v3_module was used.

</ChangeLog>

www/nginx-devel/Makefile

@@ -1,10 +1,9 @@
 PORTNAME?=	nginx
-PORTVERSION=	1.27.5
+PORTVERSION=	1.28.0
 CATEGORIES=	www
 MASTER_SITES=	https://nginx.org/download/ \
 		LOCAL/osa
 PKGNAMESUFFIX?=	-devel
-PORTREVISION=	1
 DISTFILES=	${DISTNAME}${EXTRACT_SUFX}
 
 MAINTAINER?=	osa@FreeBSD.org

www/nginx-devel/Makefile.extmod

@@ -2,7 +2,7 @@
 
 OPTIONS_GROUP+=	THIRDPARTYGRP
 # External modules (arrayvar MUST appear after devel_kit for build-dep)
-OPTIONS_GROUP_THIRDPARTYGRP=	AJP AWS_AUTH BROTLI CACHE_PURGE CT \
+OPTIONS_GROUP_THIRDPARTYGRP=	AJP AWS_AUTH BROTLI CACHE_PURGE \
 	DEVEL_KIT ARRAYVAR DRIZZLE DYNAMIC_UPSTREAM ECHO ENCRYPTSESSION \
 	FIPS_CHECK FORMINPUT GRIDFS HEADERS_MORE HTTP_ACCEPT_LANGUAGE HTTP_AUTH_DIGEST \
 	HTTP_AUTH_JWT HTTP_AUTH_KRB5 HTTP_AUTH_LDAP HTTP_AUTH_PAM HTTP_DAV_EXT \
@@ -33,11 +33,6 @@ BROTLI_EXTRA_PATCHES=	${PATCHDIR}/extra-patch-ngx_brotli_filter_config
 CACHE_PURGE_GH_TUPLE=	nginx-modules:ngx_cache_purge:a84b0f3:cache_purge
 CACHE_PURGE_VARS=	DSO_EXTMODS+=cache_purge
 
-CT_IMPLIES=		HTTP_SSL
-CT_GH_TUPLE=		BenBE:nginx-ct:71bf4d2:ct
-CT_VARS=		DSO_EXTMODS+=ct
-CT_EXTRA_PATCHES=	${PATCHDIR}/extra-patch-nginx-ct-LibreSSL
-
 ECHO_GH_TUPLE=		openresty:echo-nginx-module:4eeda3c:echo
 ECHO_VARS=		DSO_EXTMODS+=echo
 

www/nginx-devel/Makefile.options.desc

@@ -3,7 +3,6 @@ ARRAYVAR_DESC=			3rd party array_var module
 AWS_AUTH_DESC=			3rd party aws auth module
 BROTLI_DESC=			3rd party brotli module
 CACHE_PURGE_DESC=		3rd party cache_purge module
-CT_DESC=			3rd party cert_transparency module (SSL req.)
 DEBUGLOG_DESC=			Enable debug log (--with-debug)
 DEVEL_KIT_DESC=			3rd party Nginx Development Kit module
 DRIZZLE_DESC=			3rd party drizzle module

www/nginx-devel/distinfo

@@ -1,6 +1,6 @@
-TIMESTAMP = 1744884495
-SHA256 (nginx-1.27.5.tar.gz) = e96acebb9c2a6db8a000c3dd1b32ecba1b810f0cd586232d4d921e376674dd0e
-SIZE (nginx-1.27.5.tar.gz) = 1279891
+TIMESTAMP = 1745418876
+SHA256 (nginx-1.28.0.tar.gz) = c6b5c6b086c0df9d3ca3ff5e084c1d0ef909e6038279c71c1c3e985f576ff76a
+SIZE (nginx-1.28.0.tar.gz) = 1280111
 SHA256 (nginx_mogilefs_module-1.0.4.tar.gz) = 7ac230d30907f013dff8d435a118619ea6168aa3714dba62c6962d350c6295ae
 SIZE (nginx_mogilefs_module-1.0.4.tar.gz) = 11208
 SHA256 (ngx_http_redis-0.3.9.tar.gz) = 21f87540f0a44b23ffa5df16fb3d788bc90803b255ef14f9c26e3847a6f26f46
@@ -17,8 +17,6 @@ SHA256 (google-ngx_brotli-a71f931_GH0.tar.gz) = b3312a045d5303a40d02beb34711b8ca
 SIZE (google-ngx_brotli-a71f931_GH0.tar.gz) = 16376
 SHA256 (nginx-modules-ngx_cache_purge-a84b0f3_GH0.tar.gz) = ddfd4fdd99075d906b7b75c49f56ec96b76df7951dfa54502e0f83890447031f
 SIZE (nginx-modules-ngx_cache_purge-a84b0f3_GH0.tar.gz) = 17162
-SHA256 (BenBE-nginx-ct-71bf4d2_GH0.tar.gz) = 15441194cf9ffee84394ac75f0c3ded8712ae07b0ee8194aa5ca47ec8f670321
-SIZE (BenBE-nginx-ct-71bf4d2_GH0.tar.gz) = 8212
 SHA256 (vision5-ngx_devel_kit-v0.3.3_GH0.tar.gz) = faa2fcd5168b10764d35081356511d5f84db5c526a1aa4b6add2db94b6853b2b
 SIZE (vision5-ngx_devel_kit-v0.3.3_GH0.tar.gz) = 66561
 SHA256 (openresty-drizzle-nginx-module-c631276_GH0.tar.gz) = 215ebeb3bad3a907f13fbdae66a25939b6820bdba2f339394cbb9c8b8557308a

www/nginx-devel/files/extra-patch-nginx-ct-LibreSSL

@@ -1,29 +0,0 @@
---- ../nginx-ct-71bf4d2/ngx_ssl_ct_module.c.orig	2024-12-07 10:41:38.000000000 -0500
-+++ ../nginx-ct-71bf4d2/ngx_ssl_ct_module.c	2025-02-04 13:44:15.064346000 -0500
-@@ -135,7 +135,7 @@
-             continue;
-         }
- 
--#ifndef OPENSSL_IS_BORINGSSL
-+#if !defined(OPENSSL_IS_BORINGSSL) && !defined(LIBRESSL_VERSION_NUMBER)
-         /* associate the sct_list with the cert */
-         X509_set_ex_data(cert, ngx_ssl_ct_sct_list_index, sct_list);
- 
-@@ -165,7 +165,7 @@
- #endif
-     }
- 
--#ifndef OPENSSL_IS_BORINGSSL
-+#if !defined(OPENSSL_IS_BORINGSSL) && !defined(LIBRESSL_VERSION_NUMBER)
-     /* add OpenSSL TLS extension */
-     int context = SSL_EXT_CLIENT_HELLO
-                 | SSL_EXT_TLS1_2_SERVER_HELLO
-@@ -181,7 +181,7 @@
-     return NGX_CONF_OK;
- }
- 
--#ifndef OPENSSL_IS_BORINGSSL
-+#if !defined(OPENSSL_IS_BORINGSSL) && !defined(LIBRESSL_VERSION_NUMBER)
- static int ngx_ssl_ct_ext_cb(SSL *s, unsigned int ext_type, unsigned int context,
-     const unsigned char **out, size_t *outlen, X509 *x, size_t chainidx,
-     int *al, void *add_arg) {

www/nginx-devel/pkg-plist

@@ -14,8 +14,6 @@
 %%DSO%%%%BROTLI%%libexec/nginx/ngx_http_brotli_filter_module.so
 %%DSO%%%%BROTLI%%libexec/nginx/ngx_http_brotli_static_module.so
 %%DSO%%%%CACHE_PURGE%%libexec/nginx/ngx_http_cache_purge_module.so
-%%DSO%%%%CT%%libexec/nginx/ngx_http_ssl_ct_module.so
-%%DSO%%%%CT%%libexec/nginx/ngx_ssl_ct_module.so
 %%DSO%%%%DEVEL_KIT%%libexec/nginx/ndk_http_module.so
 %%DSO%%%%DRIZZLE%%libexec/nginx/ngx_http_drizzle_module.so
 %%DSO%%%%DYNAMIC_UPSTREAM%%libexec/nginx/ngx_http_dynamic_upstream_module.so
@@ -61,7 +59,6 @@
 %%DSO%%%%LINK%%libexec/nginx/ngx_http_link_func_module.so
 %%DSO%%%%LUA%%libexec/nginx/ngx_http_lua_module.so
 %%DSO%%%%LUASTREAM%%libexec/nginx/ngx_stream_lua_module.so
-%%DSO%%%%MAIL%%%%CT%%libexec/nginx/ngx_mail_ssl_ct_module.so
 %%DSO%%%%MAIL%%libexec/nginx/ngx_mail_module.so
 %%DSO%%%%MEMC%%libexec/nginx/ngx_http_memc_module.so
 %%DSO%%%%MODSECURITY3%%libexec/nginx/ngx_http_modsecurity_module.so
@@ -77,7 +74,6 @@
 %%DSO%%%%SHIBBOLETH%%libexec/nginx/ngx_http_shibboleth_module.so
 %%DSO%%%%SLOWFS_CACHE%%libexec/nginx/ngx_http_slowfs_module.so
 %%DSO%%%%SRCACHE%%libexec/nginx/ngx_http_srcache_filter_module.so
-%%DSO%%%%STREAM%%%%CT%%libexec/nginx/ngx_stream_ssl_ct_module.so
 %%DSO%%%%STREAM%%%%HTTP_GEOIP2%%libexec/nginx/ngx_stream_geoip2_module.so
 %%DSO%%%%STREAM%%%%NJS%%libexec/nginx/ngx_stream_js_module.so
 %%DSO%%%%STREAM%%libexec/nginx/ngx_stream_module.so