Up to [cvs.NetBSD.org] / pkgsrc / www / nginx-devel
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.122 / (download) - annotate - [select for diffs], Fri Mar 15 18:35:22 2024 UTC (4 weeks, 4 days ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2024Q1-base,
pkgsrc-2024Q1,
HEAD
Changes since 1.121: +2 -2
lines
Diff to previous 1.121 (colored) to selected 1.16 (colored)
nginx: Do not hardcode COMPILER_RPATH_FLAG.
Revision 1.121 / (download) - annotate - [select for diffs], Fri Feb 16 18:07:30 2024 UTC (8 weeks, 4 days ago) by osa
Branch: MAIN
Changes since 1.120: +2 -1
lines
Diff to previous 1.120 (colored) to selected 1.16 (colored)
www/nginx-devel: third-party modules management (+) o) update ndk: 0.3.2 -> 0.3.3; o) update lua: 0.10.25 -> 0.10.26; o) update headers_more: 0.34 -> 0.37. Bump PKGREVISION.
Revision 1.120 / (download) - annotate - [select for diffs], Fri Feb 16 15:46:36 2024 UTC (8 weeks, 4 days ago) by osa
Branch: MAIN
Changes since 1.119: +2 -3
lines
Diff to previous 1.119 (colored) to selected 1.16 (colored)
www/nginx-devel: update 1.25.3 -> 1.25.4 <ChangeLog> *) Security: when using HTTP/3 a segmentation fault might occur in a worker process while processing a specially crafted QUIC session (CVE-2024-24989, CVE-2024-24990). *) Bugfix: connections with pending AIO operations might be closed prematurely during graceful shutdown of old worker processes. *) Bugfix: socket leak alerts no longer logged when fast shutdown was requested after graceful shutdown of old worker processes. *) Bugfix: a socket descriptor error, a socket leak, or a segmentation fault in a worker process (for SSL proxying) might occur if AIO was used in a subrequest. *) Bugfix: a segmentation fault might occur in a worker process if SSL proxying was used along with the "image_filter" directive and errors with code 415 were redirected with the "error_page" directive. *) Bugfixes and improvements in HTTP/3. </ChangeLog>
Revision 1.119 / (download) - annotate - [select for diffs], Sun Nov 12 13:23:57 2023 UTC (5 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2023Q4-base,
pkgsrc-2023Q4
Changes since 1.118: +2 -2
lines
Diff to previous 1.118 (colored) to selected 1.16 (colored)
*: revebump for new brotli option for freetype2 Addresses PR 57693
Revision 1.118 / (download) - annotate - [select for diffs], Wed Nov 8 13:21:21 2023 UTC (5 months, 1 week ago) by wiz
Branch: MAIN
Changes since 1.117: +2 -1
lines
Diff to previous 1.117 (colored) to selected 1.16 (colored)
*: recursive bump for icu 74.1
Revision 1.117 / (download) - annotate - [select for diffs], Wed Oct 25 16:14:38 2023 UTC (5 months, 3 weeks ago) by osa
Branch: MAIN
Changes since 1.116: +2 -3
lines
Diff to previous 1.116 (colored) to selected 1.16 (colored)
www/nginx-devel: update 1.25.2 -> 1.25.3 <ChangeLog> *) Change: improved detection of misbehaving clients when using HTTP/2. *) Feature: startup speedup when using a large number of locations. Thanks to Yusuke Nojima. *) Bugfix: a segmentation fault might occur in a worker process when using HTTP/2 without SSL; the bug had appeared in 1.25.1. *) Bugfix: the "Status" backend response header line with an empty reason phrase was handled incorrectly. *) Bugfix: memory leak during reconfiguration when using the PCRE2 library. Thanks to ZhenZhong Wu. *) Bugfixes and improvements in HTTP/3. </ChangeLog>
Revision 1.116 / (download) - annotate - [select for diffs], Wed Oct 25 16:04:47 2023 UTC (5 months, 3 weeks ago) by osa
Branch: MAIN
Changes since 1.115: +2 -2
lines
Diff to previous 1.115 (colored) to selected 1.16 (colored)
*/*: update NGINX JavaScript 0.8.1 -> 0.8.2 Bump PKGREVISION for www/nginx, www/nginx-devel, and www/unit. <ChangeLog> nginx modules: *) Feature: introduced console object. The following methods were introduced: error(), info(), log(), time(), timeEnd(), warn(). *) Bugfix: fixed HEAD response handling with large Content-Length in fetch API. *) Bugfix: fixed items() method for a shared dictionary. *) Bugfix: fixed delete() method for a shared dictionary. Core: *) Feature: extended "fs" module. Added existsSync(). *) Bugfix: fixed "xml" module. Fixed broken XML exception handling in parse() method. *) Bugfix: fixed RegExp.prototype.exec() with global regexp and unicode input. *) Bugfix: fixed return statement parsing with invalid expression. </ChangeLog>
Revision 1.115 / (download) - annotate - [select for diffs], Tue Oct 24 22:11:31 2023 UTC (5 months, 3 weeks ago) by wiz
Branch: MAIN
Changes since 1.114: +2 -2
lines
Diff to previous 1.114 (colored) to selected 1.16 (colored)
*: bump for openssl 3
Revision 1.114 / (download) - annotate - [select for diffs], Sat Oct 21 17:11:39 2023 UTC (5 months, 3 weeks ago) by gdt
Branch: MAIN
Changes since 1.113: +2 -2
lines
Diff to previous 1.113 (colored) to selected 1.16 (colored)
recursive revbump for tiff update
Revision 1.113 / (download) - annotate - [select for diffs], Mon Sep 18 17:49:32 2023 UTC (6 months, 4 weeks ago) by osa
Branch: MAIN
CVS Tags: pkgsrc-2023Q3-base,
pkgsrc-2023Q3
Changes since 1.112: +2 -1
lines
Diff to previous 1.112 (colored) to selected 1.16 (colored)
*/*: update NGINX JavaScript 0.8.0 -> 0.8.1 Bump PKGREVISION for www/nginx, www/nginx-devel, and www/unit. <ChangeLog> nginx modules: *) Feature: introduced js_periodic directive. The directive specifies a JS handler to run at regular intervals. *) Feature: implemented items() method for a shared dictionary. The method returns all the non-expired key-value pairs. *) Bugfix: fixed size() and keys() methods of a shared dictionary. *) Bugfix: fixed erroneous exception in r.internalRedirect() introduced in 0.8.0. Core: *) Bugfix: fixed incorrect order of keys in Object.getOwnPropertyNames(). </ChangeLog>
Revision 1.112 / (download) - annotate - [select for diffs], Sat Aug 19 23:24:16 2023 UTC (7 months, 4 weeks ago) by osa
Branch: MAIN
Changes since 1.111: +2 -3
lines
Diff to previous 1.111 (colored) to selected 1.16 (colored)
www/nginx-devel: update 1.25.1 -> 1.25.2 Also, update third-party lua module to v0.10.25. <ChangeLog> *) Feature: path MTU discovery when using HTTP/3. *) Feature: TLS_AES_128_CCM_SHA256 cipher suite support when using HTTP/3. *) Change: now nginx uses appname "nginx" when loading OpenSSL configuration. *) Change: now nginx does not try to load OpenSSL configuration if the --with-openssl option was used to built OpenSSL and the OPENSSL_CONF environment variable is not set. *) Bugfix: in the $body_bytes_sent variable when using HTTP/3. *) Bugfix: in HTTP/3. </ChangeLog>
Revision 1.111 / (download) - annotate - [select for diffs], Thu Jul 20 15:02:52 2023 UTC (8 months, 4 weeks ago) by osa
Branch: MAIN
Changes since 1.110: +2 -2
lines
Diff to previous 1.110 (colored) to selected 1.16 (colored)
*/*: update NGINX JavaScript 0.7.12 -> 0.8.0 Bump PKGREVISION for www/nginx, www/nginx-devel, and www/unit. <ChangeLog> nginx modules: *) Change: removed special treatment of forbidden headers in Fetch API introduced in 0.7.10. *) Change: removed deprecated since 0.5.0 r.requestBody and r.responseBody in HTTP module. *) Change: throwing an exception in r.internalRedirect() while filtering in HTTP module. *) Feature: introduced global nginx properties. ngx.build - an optional nginx build name, corresponds to --build=name argument of configure script, by default is "". ngx.conf_file_path - the file path to current nginx configuration file. ngx.error_log_path - the file path to current error log file. ngx.prefix - the directory that keeps server files. ngx.version - the nginx version as a string, for example: "1.25.0". ngx.version_number - the nginx version as a number, for example: 1025000. ngx.worker_id - corresponds to an nginx internal worker id. The value is between 0 and worker_processes - 1. *) Feature: introduced js_shared_dict_zone directive. The directive allows to declare a dictionary that is shared among the working processes. *) Improvement: added compile-time options to disable njs modules. For example to disable libxslt related code: NJS_LIBXSLT=NO ./configure .. --add-module=/path/to/njs/module *) Bugfix: fixed r.status setter when filtering in HTTP module. *) Bugfix: fixed setting of Location header in HTTP module. Core: *) Change: native methods are provided with retval argument. This change breaks compatibility with C extension for njs requiring to modify the code. *) Change: non-compliant deprecated String methods were removed. The following methods were removed: String.bytesFrom(), String.prototype.fromBytes(), String.prototype.fromUTF8(), String.prototype.toBytes(), String.prototype.toUTF8(), String.prototype.toString(encoding). *) Change: removed support for building with GNU readline. *) Feature: added Array.from(), Array.prototype.toSorted(), Array.prototype.toSpliced(), Array.prototype.toReversed(). *) Feature: added %TypedArray%.prototype.toSorted(), %TypedArray%.prototype.toSpliced(), %TypedArray%.prototype.toReversed(). *) Feature: added CryptoKey properties in WebCrypto. The following properties for CryptoKey were added: algorithm, extractable, type, usages. *) Bugfix: fixed retval of crypto.getRandomValues(). *) Bugfix: fixed evaluation of computed property names with function expressions. *) Bugfix: fixed implicit name for a function expression declared in arrays. *) Bugfix: fixed parsing of for-in loops. *) Bugfix: fixed Date.parse() with ISO-8601 format and UTC time offset. </ChangeLog>
Revision 1.110 / (download) - annotate - [select for diffs], Thu Jul 6 09:42:18 2023 UTC (9 months, 1 week ago) by wiz
Branch: MAIN
Changes since 1.109: +2 -1
lines
Diff to previous 1.109 (colored) to selected 1.16 (colored)
*: recursive bump for perl 5.38
Revision 1.109 / (download) - annotate - [select for diffs], Tue Jun 13 19:05:32 2023 UTC (10 months ago) by osa
Branch: MAIN
CVS Tags: pkgsrc-2023Q2-base,
pkgsrc-2023Q2
Changes since 1.108: +2 -2
lines
Diff to previous 1.108 (colored) to selected 1.16 (colored)
www/nginx-devel: update 1.25.0 -> 1.25.1 <ChangeLog> *) Feature: the "http2" directive, which enables HTTP/2 on a per-server basis; the "http2" parameter of the "listen" directive is now deprecated. *) Change: HTTP/2 server push support has been removed. *) Change: the deprecated "ssl" directive is not supported anymore. *) Bugfix: in HTTP/3 when using OpenSSL. </ChangeLog>
Revision 1.108 / (download) - annotate - [select for diffs], Tue May 23 20:26:22 2023 UTC (10 months, 3 weeks ago) by osa
Branch: MAIN
Changes since 1.107: +2 -3
lines
Diff to previous 1.107 (colored) to selected 1.16 (colored)
www/nginx-devel: update 1.24.0 -> 1.25.0 Enable HTTPv3 protocol by default. The OpenSSL compatibility layer, which emulates BoringSSL QUIC API for OpenSSL, is enabled by default, and 0-RTT is not supported in this mode. <ChangeLog> *) Feature: experimental HTTP/3 support. </ChangeLog>
Revision 1.107 / (download) - annotate - [select for diffs], Mon May 22 11:39:04 2023 UTC (10 months, 3 weeks ago) by wiz
Branch: MAIN
Changes since 1.106: +2 -2
lines
Diff to previous 1.106 (colored) to selected 1.16 (colored)
*: recursive bump for libimagequant 4.x
Revision 1.106 / (download) - annotate - [select for diffs], Mon May 15 22:02:57 2023 UTC (11 months ago) by osa
Branch: MAIN
Changes since 1.105: +2 -2
lines
Diff to previous 1.105 (colored) to selected 1.16 (colored)
www/nginx*: update third-party NDK module from 0.3.1 to 0.3.2 Bump PKGREVISIONs.
Revision 1.105 / (download) - annotate - [select for diffs], Mon Apr 24 16:34:39 2023 UTC (11 months, 3 weeks ago) by osa
Branch: MAIN
Changes since 1.104: +2 -2
lines
Diff to previous 1.104 (colored) to selected 1.16 (colored)
www/nginx*: add third-party redis module Bump PKGREVISIONs. PR pkg/45322
Revision 1.104 / (download) - annotate - [select for diffs], Mon Apr 24 15:25:28 2023 UTC (11 months, 3 weeks ago) by osa
Branch: MAIN
Changes since 1.103: +2 -2
lines
Diff to previous 1.103 (colored) to selected 1.16 (colored)
www/nginx*: remove needless patch Bump PKGREVISIONs.
Revision 1.103 / (download) - annotate - [select for diffs], Wed Apr 19 08:11:49 2023 UTC (11 months, 4 weeks ago) by adam
Branch: MAIN
Changes since 1.102: +2 -2
lines
Diff to previous 1.102 (colored) to selected 1.16 (colored)
revbump after textproc/icu update
Revision 1.102 / (download) - annotate - [select for diffs], Tue Apr 18 21:10:38 2023 UTC (11 months, 4 weeks ago) by osa
Branch: MAIN
Changes since 1.101: +2 -2
lines
Diff to previous 1.101 (colored) to selected 1.16 (colored)
www/nginx*: third-party modules management (+) o) add sts, stream server traffic status module, https://github.com/vozlt/nginx-module-sts o) add vts, virtual host traffic status module, https://github.com/vozlt/nginx-module-vts Bump PKGREVISIONs.
Revision 1.101 / (download) - annotate - [select for diffs], Tue Apr 18 20:50:06 2023 UTC (11 months, 4 weeks ago) by osa
Branch: MAIN
Changes since 1.100: +7 -1
lines
Diff to previous 1.100 (colored) to selected 1.16 (colored)
www/nginx*: third-party modules management (+) o) update nchan module 1.3.0 -> 1.3.6; o) add gssapi (aka spnego) module. (*) Bump PKGREVISIONs. PR pkg/57340 (*)
Revision 1.100 / (download) - annotate - [select for diffs], Tue Apr 18 18:42:00 2023 UTC (11 months, 4 weeks ago) by osa
Branch: MAIN
Changes since 1.99: +10 -8
lines
Diff to previous 1.99 (colored) to selected 1.16 (colored)
www/nginx*: update to the latest stable version - 1.24.0 The new stable version incorporating new features and bug fixes from the 1.23.x mainline branch, including improved handling of multiple header lines with identical names, memory usage optimization in configurations with SSL proxying, better sanity checking of the listen directive protocol parameters, TLSv1.3 protocol enabled by default, automatic rotation of TLS session tickets encryption keys when using shared memory in the ssl_session_cache directive, and more. Syncronize www/nginx and www/nginx-devel ports, including: o) merge recent versions of third-party modules from www/nginx-devel to www/nginx; o) syncronize patches between www/nginx and www/nginx-devel; o) syncronize MESSAGE; o) remove needless patches; o) move pcre2 support to the main Makefile, remove `pcre' option and devel/pcre support for the both whole ports, but keep it for the third-party `lua' module; o) update naxsi third-party module to its recent commit.
Revision 1.99 / (download) - annotate - [select for diffs], Thu Apr 13 16:45:47 2023 UTC (12 months ago) by osa
Branch: MAIN
Changes since 1.98: +2 -1
lines
Diff to previous 1.98 (colored) to selected 1.16 (colored)
*/*: update NGINX JavaScript 0.7.9 -> 0.7.12 Bump PKGREVISION for www/nginx and www/nginx-devel. <ChangeLog> Changes with njs 0.7.12 10 Apr 2023 nginx modules: *) Bugfix: fixed Headers() constructor in Fetch API. Core: *) Feature: added Hash.copy() method in "crypto" module. *) Feature: added "zlib" module. *) Improvement: added support for export {name as default} statement. *) Bugfix: fixed Number constructor according to the spec. Changes with njs 0.7.11 9 Mar 2023 nginx modules: *) Bugfix: added missed linking with libxml2 for the dynamic module. The bug was introduced in 0.7.10. Core: *) Feature: added XMLNode API to modify XML documents. *) Change: removed XML_PARSE_DTDVALID during parsing of XML document due to security implications. The issue was introduced in 0.7.10. When XML_PARSE_DTDVALID is enabled, libxml2 parses and executes external entities present inside an XML document. *) Bugfix: fixed the detection of await in arguments. *) Bugfix: fixed Error() instance dumping when "name" prop is not primitive. *) Bugfix: fixed array instance with a getter property dumping. *) Bugfix: fixed njs_object_property() with NJS_WHITEOUT properties. *) Bugfix: fixed func instance dumping with "name" as getter. *) Bugfix: fixed attaching of a stack to an error object. *) Bugfix: fixed String.prototype.replace() with replacement containing "$'", "$`". Changes with njs 0.7.10 7 Feb 2023 nginx modules: *) Feature: added Request, Response and Headers ctors in Fetch API. *) Bugfix: fixed nginx logger callback for calls in master process. Core: *) Feature: added signal support in CLI. *) Feature: added "xml" module for working with XML documents. *) Feature: extended support for symmetric and asymmetric keys in WebCrypto. Most notably JWK format for importKey() was added. *) Feature: extended support for symmetric and asymmetric keys in WebCrypto. Most notably JWK format for importKey() was added. generateKey() and exportKey() were also implemented. *) Feature: added String.prototype.replaceAll(). *) Bugfix: fixed for(expr1; conditional syntax error handling. *) Bugfix: fixed Object.values() and Object.entries() with external objects. *) Bugfix: fixed RegExp.prototype[@@replace](). </ChangeLog>
Revision 1.98 / (download) - annotate - [select for diffs], Wed Mar 29 08:32:52 2023 UTC (12 months, 2 weeks ago) by adam
Branch: MAIN
Changes since 1.97: +2 -6
lines
Diff to previous 1.97 (colored) to selected 1.16 (colored)
nginx-devel: updated to 1.23.4 Changes with nginx 1.23.4 28 Mar 2023 *) Change: now TLSv1.3 protocol is enabled by default. *) Change: now nginx issues a warning if protocol parameters of a listening socket are redefined. *) Change: now nginx closes connections with lingering if pipelining was used by the client. *) Feature: byte ranges support in the ngx_http_gzip_static_module. *) Bugfix: port ranges in the "listen" directive did not work; the bug had appeared in 1.23.3. Thanks to Valentin Bartenev. *) Bugfix: incorrect location might be chosen to process a request if a prefix location longer than 255 characters was used in the configuration. *) Bugfix: non-ASCII characters in file names on Windows were not supported by the ngx_http_autoindex_module, the ngx_http_dav_module, and the "include" directive. *) Change: the logging level of the "data length too long", "length too short", "bad legacy version", "no shared signature algorithms", "bad digest length", "missing sigalgs extension", "encrypted length too long", "bad length", "bad key update", "mixed handshake and non handshake data", "ccs received early", "data between ccs and finished", "packet length too long", "too many warn alerts", "record too small", and "got a fin before a ccs" SSL errors has been lowered from "crit" to "info". *) Bugfix: a socket leak might occur when using HTTP/2 and the "error_page" directive to redirect errors with code 400. *) Bugfix: messages about logging to syslog errors did not contain information that the errors happened while logging to syslog. Thanks to Safar Safarly. *) Workaround: "gzip filter failed to use preallocated memory" alerts appeared in logs when using zlib-ng. *) Bugfix: in the mail proxy server.
Revision 1.97 / (download) - annotate - [select for diffs], Sun Jan 29 21:18:05 2023 UTC (14 months, 2 weeks ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2023Q1-base,
pkgsrc-2023Q1
Changes since 1.96: +2 -2
lines
Diff to previous 1.96 (colored) to selected 1.16 (colored)
*: Recursive revbup from graphics/freetype2
Revision 1.96 / (download) - annotate - [select for diffs], Tue Jan 3 17:38:24 2023 UTC (15 months, 1 week ago) by wiz
Branch: MAIN
Changes since 1.95: +2 -1
lines
Diff to previous 1.95 (colored) to selected 1.16 (colored)
*: recursive bump for tiff shlib major bump
Revision 1.95 / (download) - annotate - [select for diffs], Tue Dec 13 17:53:02 2022 UTC (16 months ago) by osa
Branch: MAIN
CVS Tags: pkgsrc-2022Q4-base,
pkgsrc-2022Q4
Changes since 1.94: +2 -3
lines
Diff to previous 1.94 (colored) to selected 1.16 (colored)
www/nginx-devel: update 1.23.2 -> 1.23.3 <ChangeLog> *) Bugfix: an error might occur when reading PROXY protocol version 2 header with large number of TLVs. *) Bugfix: a segmentation fault might occur in a worker process if SSI was used to process subrequests created by other modules. Thanks to Ciel Zhao. *) Workaround: when a hostname used in the "listen" directive resolves to multiple addresses, nginx now ignores duplicates within these addresses. *) Bugfix: nginx might hog CPU during unbuffered proxying if SSL connections to backends were used. </ChangeLog>
Revision 1.94 / (download) - annotate - [select for diffs], Wed Nov 23 16:21:21 2022 UTC (16 months, 3 weeks ago) by adam
Branch: MAIN
Changes since 1.93: +2 -2
lines
Diff to previous 1.93 (colored) to selected 1.16 (colored)
massive revision bump after textproc/icu update
Revision 1.93 / (download) - annotate - [select for diffs], Thu Nov 17 16:04:27 2022 UTC (16 months, 4 weeks ago) by osa
Branch: MAIN
Changes since 1.92: +2 -2
lines
Diff to previous 1.92 (colored) to selected 1.16 (colored)
*/*: update NGINX JavaScript 0.7.8 -> 0.7.9 Bump PKGREVISION for www/nginx and www/nginx-devel. <ChangeLog> nginx modules: *) Bugfix: fixed Fetch Response prototype reinitialization. When at least one js_import directive was declared in both HTTP and Stream, ngx.fetch() returned inapproriate response in Stream. The bug was introduced in 0.7.7. Core: *) Bugfix: fixed String.prototype.replace(re) if re.exec() returns non-flat array. *) Bugfix: fixed Array.prototype.fill() when start object changes "this". *) Bugfix: fixed description for fs.mkdir() and fs.rmdir() methods. *) Bugfix: fixed %TypedArray%.prototype.set(s) when s element changes "this". *) Bugfix: fixed Array.prototype.splice(s, d) when d resizes "this" during evaluation. *) Bugfix: fixed for-in loop with left and right hand side expressions. </ChangeLog>
Revision 1.92 / (download) - annotate - [select for diffs], Tue Oct 25 16:35:46 2022 UTC (17 months, 3 weeks ago) by osa
Branch: MAIN
Changes since 1.91: +2 -1
lines
Diff to previous 1.91 (colored) to selected 1.16 (colored)
*/*: update NGINX JavaScript 0.7.7 -> 0.7.8 Bump PKGREVISION for www/nginx and www/nginx-devel. <ChangeLog> nginx modules: *) Feature: added js_preload_object directive. *) Feature: added ngx.conf_prefix property. *) Feature: added s.sendUpstream() and s.sendDownstream() in stream module. *) Feature: added support for HEAD method in Fetch API. *) Improvement: improved async callback support for s.send() in stream module. Core: *) Feature: added "name" instance property for a function object. *) Feature: added njs.memoryStats object. *) Bugfix: fixed String.prototype.trimEnd() with unicode string. *) Bugfix: fixed Object.freeze() with fast arrays. *) Bugfix: fixed Object.defineProperty() with fast arrays. *) Bugfix: fixed async token as a property name of an object. *) Bugfix: fixed property set instruction when key modifies base binding. *) Bugfix: fixed complex assignments. *) Bugfix: fixed handling of unhandled promise rejection. *) Bugfix: fixed process.env when duplicate environ variables are present. *) Bugfix: fixed double declaration detection in modules. *) Bugfix: fixed bound function calls according to the spec. *) Bugfix: fixed break label for if statement. *) Bugfix: fixed labeled empty statements. </ChangeLog>
Revision 1.91 / (download) - annotate - [select for diffs], Wed Oct 19 14:10:24 2022 UTC (17 months, 4 weeks ago) by osa
Branch: MAIN
Changes since 1.90: +2 -3
lines
Diff to previous 1.90 (colored) to selected 1.16 (colored)
www/nginx-devel: security update 1.23.1 -> 1.23.2 <ChangeLog> *) Security: processing of a specially crafted mp4 file by the ngx_http_mp4_module might cause a worker process crash, worker process memory disclosure, or might have potential other impact (CVE-2022-41741, CVE-2022-41742). *) Feature: the "$proxy_protocol_tlv_..." variables. *) Feature: TLS session tickets encryption keys are now automatically rotated when using shared memory in the "ssl_session_cache" directive. *) Change: the logging level of the "bad record type" SSL errors has been lowered from "crit" to "info". Thanks to Murilo Andrade. *) Change: now when using shared memory in the "ssl_session_cache" directive the "could not allocate new session" errors are logged at the "warn" level instead of "alert" and not more often than once per second. *) Bugfix: nginx/Windows could not be built with OpenSSL 3.0.x. *) Bugfix: in logging of the PROXY protocol errors. Thanks to Sergey Brester. *) Workaround: shared memory from the "ssl_session_cache" directive was spent on sessions using TLS session tickets when using TLSv1.3 with OpenSSL. *) Workaround: timeout specified with the "ssl_session_timeout" directive did not work when using TLSv1.3 with OpenSSL or BoringSSL. </ChangeLog>
Revision 1.90 / (download) - annotate - [select for diffs], Sun Sep 25 15:10:11 2022 UTC (18 months, 3 weeks ago) by osa
Branch: MAIN
CVS Tags: pkgsrc-2022Q3-base,
pkgsrc-2022Q3
Changes since 1.89: +2 -2
lines
Diff to previous 1.89 (colored) to selected 1.16 (colored)
www/nginx*: update third-party lua module 0.10.21 -> 0.10.22 ChangeLog: https://github.com/openresty/lua-nginx-module/compare/v0.10.21...v0.10.22 Bump PKGREVISIONs.
Revision 1.89 / (download) - annotate - [select for diffs], Tue Aug 30 18:00:49 2022 UTC (19 months, 2 weeks ago) by osa
Branch: MAIN
Changes since 1.88: +2 -1
lines
Diff to previous 1.88 (colored) to selected 1.16 (colored)
*/*: update NGINX JavaScript 0.7.6 -> 0.7.7 Bump PKGREVISION for www/nginx and www/nginx-devel. <ChangeLog> nginx modules: *) Feature: the number of nginx configuration contexts where js directives can be specified is extended. HTTP: js_import, js_path, js_set and js_var are allowed in server and location contexts. js_content, js_body_filter and js_header_filter are allowed in 'if' context. Stream: js_import, js_path, js_set and js_var are allowed in server context. *) Feature: added r.internal property. *) Bugfix: fixed reading response body in fetch API. *) Bugfix: fixed "js_fetch_timeout" in stream module. *) Bugfix: fixed socket leak with 0 fetch timeout. Core: *) Feature: extended "fs" module. Added fs.openSync(), fs.promises.open(), fs.fstatSync(), fs.readSync(), fs.writeSync(). The following properties of FileHandle are implemented: fd, read(), stat(), write(), close(). *) Bugfix: fixed parseInt(), parseFloat(), Symbol.for() with no arguments. </ChangeLog>
Revision 1.88 / (download) - annotate - [select for diffs], Tue Jul 19 18:08:29 2022 UTC (20 months, 4 weeks ago) by osa
Branch: MAIN
Changes since 1.87: +2 -3
lines
Diff to previous 1.87 (colored) to selected 1.16 (colored)
www/nginx-devel: update 1.23.0 -> 1.23.1 Also, update NGINX JavaScript module: 0.7.5 -> 0.7.6. <Changelog for NGINX 1.23.1> *) Feature: memory usage optimization in configurations with SSL proxying. *) Feature: looking up of IPv4 addresses while resolving now can be disabled with the "ipv4=off" parameter of the "resolver" directive. *) Change: the logging level of the "bad key share", "bad extension", "bad cipher", and "bad ecpoint" SSL errors has been lowered from "crit" to "info". *) Bugfix: while returning byte ranges nginx did not remove the "Content-Range" header line if it was present in the original backend response. *) Bugfix: a proxied response might be truncated during reconfiguration on Linux; the bug had appeared in 1.17.5. </Changelog> <ChangeLog for NGINX JavaScript 0.7.6> nginx modules: *) Feature: improved r.args object. Added support for multiple arguments with the same key. Added case sensitivity for keys. Keys and values are percent-decoded now. *) Bugfix: fixed r.headersOut setter for special headers. Core: *) Feature: added Symbol.for() and Symbol.keyfor(). *) Feature: added btoa() and atob() from WHATWG spec. *) Bugfix: fixed large non-decimal literals. *) Bugfix: fixed unicode argument trimming in parseInt(). *) Bugfix: fixed break instruction in a try-catch block. *) Bugfix: fixed async function declaration in CLI. </ChangeLog>
Revision 1.87 / (download) - annotate - [select for diffs], Fri Jul 15 00:41:45 2022 UTC (21 months ago) by gutteridge
Branch: MAIN
Changes since 1.86: +3 -1
lines
Diff to previous 1.86 (colored) to selected 1.16 (colored)
nginx & nginx-devel: mark these packages conflict
Revision 1.86 / (download) - annotate - [select for diffs], Thu Jul 14 15:13:22 2022 UTC (21 months ago) by osa
Branch: MAIN
Changes since 1.85: +2 -2
lines
Diff to previous 1.85 (colored) to selected 1.16 (colored)
www/nginx-devel: update third-party geoip2 module It's compatible with 1.23.0 now. Bump PORTREVISION.
Revision 1.85 / (download) - annotate - [select for diffs], Thu Jul 14 10:21:20 2022 UTC (21 months ago) by osa
Branch: MAIN
Changes since 1.84: +4 -2
lines
Diff to previous 1.84 (colored) to selected 1.16 (colored)
www/nginx-devel: change PKGNAME to nginx-devel Switch to the https protocol for MASTER_SITES. Update distinfo with the checksums of recently added patches. Fix PLIST for the third-party http_upload module. Bump PKGREVISION.
Revision 1.84 / (download) - annotate - [select for diffs], Wed Jul 13 20:31:47 2022 UTC (21 months ago) by osa
Branch: MAIN
Changes since 1.83: +10 -3
lines
Diff to previous 1.83 (colored) to selected 1.16 (colored)
www/nginx-devel: update 1.22.0 -> 1.23.0 Also, update third-party modules: o) headers_more: 0.33 -> d502e41 o) http_push: 1.2.15 -> 1.3.0 o) naxsi: 1.3 -> 29793dc o) njs: 0.7.4 -> 0.7.5 Patches obtained from the corresponding port in FreeBSD ports tree. <ChangeLog> *) Change in internal API: now header lines are represented as linked lists. *) Change: now nginx combines arbitrary header lines with identical names when sending to FastCGI, SCGI, and uwsgi backends, in the $r->header_in() method of the ngx_http_perl_module, and during lookup of the "$http_...", "$sent_http_...", "$sent_trailer_...", "$upstream_http_...", and "$upstream_trailer_..." variables. *) Bugfix: if there were multiple "Vary" header lines in the backend response, nginx only used the last of them when caching. *) Bugfix: if there were multiple "WWW-Authenticate" header lines in the backend response and errors with code 401 were intercepted or the "auth_request" directive was used, nginx only sent the first of the header lines to the client. *) Change: the logging level of the "application data after close notify" SSL errors has been lowered from "crit" to "info". *) Bugfix: connections might hang if nginx was built on Linux 2.6.17 or newer, but was used on systems without EPOLLRDHUP support, notably with epoll emulation layers; the bug had appeared in 1.17.5. Thanks to Marcus Ball. *) Bugfix: nginx did not cache the response if the "Expires" response header line disabled caching, but following "Cache-Control" header line enabled caching. </ChangeLog>
Revision 1.83 / (download) - annotate - [select for diffs], Tue Jun 28 11:37:07 2022 UTC (21 months, 2 weeks ago) by wiz
Branch: MAIN
Changes since 1.82: +2 -2
lines
Diff to previous 1.82 (colored) to selected 1.16 (colored)
*: recursive bump for perl 5.36
Revision 1.82 / (download) - annotate - [select for diffs], Wed May 25 13:57:02 2022 UTC (22 months, 3 weeks ago) by osa
Branch: MAIN
CVS Tags: pkgsrc-2022Q2-base,
pkgsrc-2022Q2
Changes since 1.81: +2 -1
lines
Diff to previous 1.81 (colored) to selected 1.16 (colored)
www/nginx*: cross merging The third-party upload module has been add to www/nginx-devel. Merge pcre/pcre2 functional from www/nginx-devel to www/nginx. I'm going to review patches for the both ports. Bump PKGREVISIONs.
Revision 1.81 / (download) - annotate - [select for diffs], Wed May 25 11:02:14 2022 UTC (22 months, 3 weeks ago) by osa
Branch: MAIN
Changes since 1.80: +2 -3
lines
Diff to previous 1.80 (colored) to selected 1.16 (colored)
www/nginx: update 1.21.6 -> 1.22.0 Also, update third-party modules: o) http_push from 1.2.12 to 1.2.15 o) lua from 0.10.20 to 0.10.21 o) njs from 0.7.3 to 0.7.4
Revision 1.80 / (download) - annotate - [select for diffs], Tue May 10 18:08:52 2022 UTC (23 months, 1 week ago) by nia
Branch: MAIN
Changes since 1.79: +2 -2
lines
Diff to previous 1.79 (colored) to selected 1.16 (colored)
nginx*: Enable more options from the Triton builds that don't add any more dependencies or distfiles.
Revision 1.79 / (download) - annotate - [select for diffs], Tue May 10 17:40:58 2022 UTC (23 months, 1 week ago) by nia
Branch: MAIN
Changes since 1.78: +2 -2
lines
Diff to previous 1.78 (colored) to selected 1.16 (colored)
nginx*: Enable http2 by default. Requested by various.
Revision 1.78 / (download) - annotate - [select for diffs], Mon Apr 18 19:12:18 2022 UTC (23 months, 4 weeks ago) by adam
Branch: MAIN
Changes since 1.77: +2 -2
lines
Diff to previous 1.77 (colored) to selected 1.16 (colored)
revbump for textproc/icu update
Revision 1.77 / (download) - annotate - [select for diffs], Tue Apr 12 13:15:28 2022 UTC (2 years ago) by osa
Branch: MAIN
Changes since 1.76: +2 -2
lines
Diff to previous 1.76 (colored) to selected 1.16 (colored)
www/nginx-devel: update NGINX JavaScript module to 0.7.3 Bump PKGREVISION. <ChangeLog> Core: *) Feature: added support of module resolution callback. This feature allows a host environment to control how imported modules are loaded. *) Bugfix: fixed backtraces while traversing imported user modules. *) Bugfix: fixed Array.prototype.concat() when "this" is a slow array. *) Bugfix: fixed frame allocation from an awaited frame. *) Bugfix: fixed allocation of large array literals. *) Bugfix: fixed interpreter when "toString" conversion fails. </ChangeLog>
Revision 1.76 / (download) - annotate - [select for diffs], Sat Mar 19 00:23:55 2022 UTC (2 years ago) by gutteridge
Branch: MAIN
CVS Tags: pkgsrc-2022Q1-base,
pkgsrc-2022Q1
Changes since 1.75: +115 -3
lines
Diff to previous 1.75 (colored) to selected 1.16 (colored)
nginx-devel: merge all into Makefile now this isn't shared
Revision 1.75 / (download) - annotate - [select for diffs], Thu Mar 17 03:03:14 2022 UTC (2 years, 1 month ago) by osa
Branch: MAIN
Changes since 1.74: +3 -3
lines
Diff to previous 1.74 (colored) to selected 1.16 (colored)
www/nginx-devel: decouple from www/nginx It's not a typical practice in pkgsrc to share options.mk. Also, it's not easy to build both www/nginx and www/nginx-devel with a different set of options. So, let's decouple www/nginx-devel from www/nginx. From now the following option needs to be specified to build www/nginx-devel with a specific options: PKG_OPTIONS.nginx-devel. While I'm here add support to build package with devel/pcre2. Please note: some third-party modules, such as naxsi and luajit, are not compatible yet with devel/pcre2, so let's keep pcre option as a suggested one. Bump PKGREVISION.
Revision 1.74 / (download) - annotate - [select for diffs], Mon Mar 14 02:49:09 2022 UTC (2 years, 1 month ago) by osa
Branch: MAIN
Changes since 1.73: +2 -2
lines
Diff to previous 1.73 (colored) to selected 1.16 (colored)
www/nginx*: remove build and install of njs command line utility The new and shiny lang/njs package will be added shortly. Bump PKGREVISIONs.
Revision 1.73 / (download) - annotate - [select for diffs], Thu Mar 10 18:40:44 2022 UTC (2 years, 1 month ago) by osa
Branch: MAIN
Changes since 1.72: +2 -2
lines
Diff to previous 1.72 (colored) to selected 1.16 (colored)
www/nginx*: build and install njs command line utility Also, move NGINX JavaScript (njs) configure phase out of the NGINX build phase. Bump PKGREVISIONs.
Revision 1.72 / (download) - annotate - [select for diffs], Thu Mar 10 03:40:30 2022 UTC (2 years, 1 month ago) by osa
Branch: MAIN
Changes since 1.71: +2 -2
lines
Diff to previous 1.71 (colored) to selected 1.16 (colored)
www/nginx*: implement dynamic modules build It's possible now to build an additional module as a dynamic module. Bump PKGREVISION. While I'm here take over the maintainership for www/nginx (*). Approved by: joerg (*)
Revision 1.71 / (download) - annotate - [select for diffs], Wed Mar 9 18:48:17 2022 UTC (2 years, 1 month ago) by osa
Branch: MAIN
Changes since 1.70: +2 -1
lines
Diff to previous 1.70 (colored) to selected 1.16 (colored)
www/nginx*: bump PKGREVISION after the third-party modules update Discussed with: gutteridge
Revision 1.70 / (download) - annotate - [select for diffs], Wed Mar 9 01:31:24 2022 UTC (2 years, 1 month ago) by osa
Branch: MAIN
Changes since 1.69: +2 -2
lines
Diff to previous 1.69 (colored) to selected 1.16 (colored)
www/nginx-devel: take maintainership
Revision 1.69 / (download) - annotate - [select for diffs], Fri Jan 28 12:02:43 2022 UTC (2 years, 2 months ago) by adam
Branch: MAIN
Changes since 1.68: +2 -2
lines
Diff to previous 1.68 (colored) to selected 1.16 (colored)
nginx-devel: updated to 1.21.6 Changes with nginx 1.21.6 25 Jan 2022 *) Bugfix: when using EPOLLEXCLUSIVE on Linux client connections were unevenly distributed among worker processes. *) Bugfix: nginx returned the "Connection: keep-alive" header line in responses during graceful shutdown of old worker processes. *) Bugfix: in the "ssl_session_ticket_key" when using TLSv1.3.
Revision 1.68 / (download) - annotate - [select for diffs], Wed Dec 29 16:32:21 2021 UTC (2 years, 3 months ago) by adam
Branch: MAIN
Changes since 1.67: +2 -2
lines
Diff to previous 1.67 (colored) to selected 1.16 (colored)
nginx-devel: updated to 1.21.5 Changes with nginx 1.21.5 28 Dec 2021 *) Change: now nginx is built with the PCRE2 library by default. *) Change: now nginx always uses sendfile(SF_NODISKIO) on FreeBSD. *) Feature: support for sendfile(SF_NOCACHE) on FreeBSD. *) Feature: the $ssl_curve variable. *) Bugfix: connections might hang when using HTTP/2 without SSL with the "sendfile" and "aio" directives.
Revision 1.67 / (download) - annotate - [select for diffs], Sun Nov 14 20:17:52 2021 UTC (2 years, 5 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2021Q4-base,
pkgsrc-2021Q4
Changes since 1.66: +2 -3
lines
Diff to previous 1.66 (colored) to selected 1.16 (colored)
nginx-devel: updated to 1.21.4 Changes with nginx 1.21.4 *) Change: support for NPN instead of ALPN to establish HTTP/2 connections has been removed. *) Change: now nginx rejects SSL connections if ALPN is used by the client, but no supported protocols can be negotiated. *) Change: the default value of the "sendfile_max_chunk" directive was changed to 2 megabytes. *) Feature: the "proxy_half_close" directive in the stream module. *) Feature: the "ssl_alpn" directive in the stream module. *) Feature: the $ssl_alpn_protocol variable. *) Feature: support for SSL_sendfile() when using OpenSSL 3.0. *) Feature: the "mp4_start_key_frame" directive in the ngx_http_mp4_module. Thanks to Tracey Jaquith. *) Bugfix: in the $content_length variable when using chunked transfer encoding. *) Bugfix: after receiving a response with incorrect length from a proxied backend nginx might nevertheless cache the connection. Thanks to Awdhesh Mathpal. *) Bugfix: invalid headers from backends were logged at the "info" level instead of "error"; the bug had appeared in 1.21.1. *) Bugfix: requests might hang when using HTTP/2 and the "aio_write" directive.
Revision 1.66 / (download) - annotate - [select for diffs], Mon Nov 8 01:07:37 2021 UTC (2 years, 5 months ago) by khorben
Branch: MAIN
Changes since 1.65: +2 -1
lines
Diff to previous 1.65 (colored) to selected 1.16 (colored)
nginx-devel: let the RC script work unprivileged This takes advantage of the introduction of the SYSCONFBASE variable. Tested on NetBSD/amd64. While there, add support for the "configtest" command in the RC script. Bumps PKGREVISION.
Revision 1.65 / (download) - annotate - [select for diffs], Wed Sep 15 12:37:33 2021 UTC (2 years, 7 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2021Q3-base,
pkgsrc-2021Q3
Changes since 1.64: +2 -2
lines
Diff to previous 1.64 (colored) to selected 1.16 (colored)
nginx-devel: updated to 1.21.3 Changes with nginx 1.21.3 07 Sep 2021 *) Change: optimization of client request body reading when using HTTP/2. *) Bugfix: in request body filters internal API when using HTTP/2 and buffering of the data being processed. Changes with nginx 1.21.2 31 Aug 2021 *) Change: now nginx rejects HTTP/1.0 requests with the "Transfer-Encoding" header line. *) Change: export ciphers are no longer supported. *) Feature: OpenSSL 3.0 compatibility. *) Feature: the "Auth-SSL-Protocol" and "Auth-SSL-Cipher" header lines are now passed to the mail proxy authentication server. Thanks to Rob Mueller. *) Feature: request body filters API now permits buffering of the data being processed. *) Bugfix: backend SSL connections in the stream module might hang after an SSL handshake. *) Bugfix: the security level, which is available in OpenSSL 1.1.0 or newer, did not affect loading of the server certificates when set with "@SECLEVEL=N" in the "ssl_ciphers" directive. *) Bugfix: SSL connections with gRPC backends might hang if select, poll, or /dev/poll methods were used. *) Bugfix: when using HTTP/2 client request body was always written to disk if the "Content-Length" header line was not present in the request.
Revision 1.64 / (download) - annotate - [select for diffs], Wed Jul 7 08:48:58 2021 UTC (2 years, 9 months ago) by adam
Branch: MAIN
Changes since 1.63: +2 -2
lines
Diff to previous 1.63 (colored) to selected 1.16 (colored)
nginx-devel: updated to 1.21.1 Changes with nginx 1.21.1 *) Change: now nginx always returns an error for the CONNECT method. *) Change: now nginx always returns an error if both "Content-Length" and "Transfer-Encoding" header lines are present in the request. *) Change: now nginx always returns an error if spaces or control characters are used in the request line. *) Change: now nginx always returns an error if spaces or control characters are used in a header name. *) Change: now nginx always returns an error if spaces or control characters are used in the "Host" request header line. *) Change: optimization of configuration testing when using many listening sockets. *) Bugfix: nginx did not escape """, "<", ">", "\", "^", "`", "{", "|", and "}" characters when proxying with changed URI. *) Bugfix: SSL variables might be empty when used in logs; the bug had appeared in 1.19.5. *) Bugfix: keepalive connections with gRPC backends might not be closed after receiving a GOAWAY frame. *) Bugfix: reduced memory consumption for long-lived requests when proxying with more than 64 buffers.
Revision 1.63 / (download) - annotate - [select for diffs], Tue Jun 1 10:54:44 2021 UTC (2 years, 10 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2021Q2-base,
pkgsrc-2021Q2
Changes since 1.62: +2 -2
lines
Diff to previous 1.62 (colored) to selected 1.16 (colored)
nginx-devel: updated to 1.21.0 Changes with nginx 1.21.0 *) Security: 1-byte memory overwrite might occur during DNS server response processing if the "resolver" directive was used, allowing an attacker who is able to forge UDP packets from the DNS server to cause worker process crash or, potentially, arbitrary code execution (CVE-2021-23017). *) Feature: variables support in the "proxy_ssl_certificate", "proxy_ssl_certificate_key" "grpc_ssl_certificate", "grpc_ssl_certificate_key", "uwsgi_ssl_certificate", and "uwsgi_ssl_certificate_key" directives. *) Feature: the "max_errors" directive in the mail proxy module. *) Feature: the mail proxy module supports POP3 and IMAP pipelining. *) Feature: the "fastopen" parameter of the "listen" directive in the stream module. Thanks to Anbang Wen. *) Bugfix: special characters were not escaped during automatic redirect with appended trailing slash. *) Bugfix: connections with clients in the mail proxy module might be closed unexpectedly when using SMTP pipelining.
Revision 1.62 / (download) - annotate - [select for diffs], Fri Apr 16 07:10:21 2021 UTC (3 years ago) by adam
Branch: MAIN
Changes since 1.61: +2 -2
lines
Diff to previous 1.61 (colored) to selected 1.16 (colored)
nginx-devel: updated to 1.19.10 Changes with nginx 1.19.10 *) Change: the default value of the "keepalive_requests" directive was changed to 1000. *) Feature: the "keepalive_time" directive. *) Feature: the $connection_time variable. *) Workaround: "gzip filter failed to use preallocated memory" alerts appeared in logs when using zlib-ng.
Revision 1.61 / (download) - annotate - [select for diffs], Thu Apr 1 07:00:36 2021 UTC (3 years ago) by adam
Branch: MAIN
Changes since 1.60: +2 -2
lines
Diff to previous 1.60 (colored) to selected 1.16 (colored)
nginx-devel: updated to 1.19.9 Changes with nginx 1.19.9 30 Mar 2021 *) Bugfix: nginx could not be built with the mail proxy module, but without the ngx_mail_ssl_module; the bug had appeared in 1.19.8. *) Bugfix: "upstream sent response body larger than indicated content length" errors might occur when working with gRPC backends; the bug had appeared in 1.19.1. *) Bugfix: nginx might not close a connection till keepalive timeout expiration if the connection was closed by the client while discarding the request body. *) Bugfix: nginx might not detect that a connection was already closed by the client when waiting for auth_delay or limit_req delay, or when working with backends. *) Bugfix: in the eventport method. Changes with nginx 1.19.8 09 Mar 2021 *) Feature: flags in the "proxy_cookie_flags" directive can now contain variables. *) Feature: the "proxy_protocol" parameter of the "listen" directive, the "proxy_protocol" and "set_real_ip_from" directives in mail proxy. *) Bugfix: HTTP/2 connections were immediately closed when using "keepalive_timeout 0"; the bug had appeared in 1.19.7. *) Bugfix: some errors were logged as unknown if nginx was built with glibc 2.32. *) Bugfix: in the eventport method. Changes with nginx 1.19.7 16 Feb 2021 *) Change: connections handling in HTTP/2 has been changed to better match HTTP/1.x; the "http2_recv_timeout", "http2_idle_timeout", and "http2_max_requests" directives have been removed, the "keepalive_timeout" and "keepalive_requests" directives should be used instead. *) Change: the "http2_max_field_size" and "http2_max_header_size" directives have been removed, the "large_client_header_buffers" directive should be used instead. *) Feature: now, if free worker connections are exhausted, nginx starts closing not only keepalive connections, but also connections in lingering close. *) Bugfix: "zero size buf in output" alerts might appear in logs if an upstream server returned an incorrect response during unbuffered proxying; the bug had appeared in 1.19.1. *) Bugfix: HEAD requests were handled incorrectly if the "return" directive was used with the "image_filter" or "xslt_stylesheet" directives. *) Bugfix: in the "add_trailer" directive.
Revision 1.60 / (download) - annotate - [select for diffs], Wed Dec 16 20:33:55 2020 UTC (3 years, 4 months ago) by otis
Branch: MAIN
CVS Tags: pkgsrc-2021Q1-base,
pkgsrc-2021Q1,
pkgsrc-2020Q4-base,
pkgsrc-2020Q4
Changes since 1.59: +2 -4
lines
Diff to previous 1.59 (colored) to selected 1.16 (colored)
www/nginx-devel: Update to 1.19.6 Changes with nginx 1.19.6 15 Dec 2020 *) Bugfix: "no live upstreams" errors if a "server" inside "upstream" block was marked as "down". *) Bugfix: a segmentation fault might occur in a worker process if HTTPS was used; the bug had appeared in 1.19.5. *) Bugfix: nginx returned the 400 response on requests like "GET http://example.com?args HTTP/1.0". *) Bugfix: in the ngx_http_flv_module and ngx_http_mp4_module. And while here, also update naxsi to 1.3. Changes for naxsi 1.3: *) Fixed regression on FILE_EXT confusion *) Documented id 19 and 20 to rules
Revision 1.59 / (download) - annotate - [select for diffs], Wed Dec 2 10:34:57 2020 UTC (3 years, 4 months ago) by otis
Branch: MAIN
Changes since 1.58: +3 -1
lines
Diff to previous 1.58 (colored) to selected 1.16 (colored)
nginx-devel: Bump PKGREVISION after njs module update
Revision 1.58 / (download) - annotate - [select for diffs], Wed Nov 25 11:40:06 2020 UTC (3 years, 4 months ago) by jperkin
Branch: MAIN
Changes since 1.57: +2 -1
lines
Diff to previous 1.57 (colored) to selected 1.16 (colored)
nginx*: Simplify and de-lint, no functional change.
Revision 1.57 / (download) - annotate - [select for diffs], Tue Nov 24 20:11:07 2020 UTC (3 years, 4 months ago) by otis
Branch: MAIN
Changes since 1.56: +2 -4
lines
Diff to previous 1.56 (colored) to selected 1.16 (colored)
nginx-devel: Update to 1.19.5 Changes with nginx 1.19.5 24 Nov 2020 *) Feature: the -e switch. *) Feature: the same source files can now be specified in different modules while building addon modules. *) Bugfix: SSL shutdown did not work when lingering close was used. *) Bugfix: "upstream sent frame for closed stream" errors might occur when working with gRPC backends. *) Bugfix: in request body filters internal API.
Revision 1.56 / (download) - annotate - [select for diffs], Fri Nov 6 22:55:56 2020 UTC (3 years, 5 months ago) by otis
Branch: MAIN
Changes since 1.55: +3 -1
lines
Diff to previous 1.55 (colored) to selected 1.16 (colored)
nginx-devel: Update LUA module to 0.10.19
Revision 1.55 / (download) - annotate - [select for diffs], Wed Oct 28 20:22:40 2020 UTC (3 years, 5 months ago) by otis
Branch: MAIN
Changes since 1.54: +2 -3
lines
Diff to previous 1.54 (colored) to selected 1.16 (colored)
www/nginx-devel: Update to 1.19.4 Changes with nginx 1.19.4 27 Oct 2020 *) Feature: the "ssl_conf_command", "proxy_ssl_conf_command", "grpc_ssl_conf_command", and "uwsgi_ssl_conf_command" directives. *) Feature: the "ssl_reject_handshake" directive. *) Feature: the "proxy_smtp_auth" directive in mail proxy.
Revision 1.54 / (download) - annotate - [select for diffs], Tue Oct 6 11:57:51 2020 UTC (3 years, 6 months ago) by nils
Branch: MAIN
Changes since 1.53: +2 -1
lines
Diff to previous 1.53 (colored) to selected 1.16 (colored)
Update naxsi module to 1.1a in www/nginx-devel
Revision 1.53 / (download) - annotate - [select for diffs], Wed Sep 30 13:53:51 2020 UTC (3 years, 6 months ago) by otis
Branch: MAIN
Changes since 1.52: +2 -2
lines
Diff to previous 1.52 (colored) to selected 1.16 (colored)
www/nginx-devel: Update to 1.19.3 Changes with nginx 1.19.3 29 Sep 2020 *) Feature: the ngx_stream_set_module. *) Feature: the "proxy_cookie_flags" directive. *) Feature: the "userid_flags" directive. *) Bugfix: the "stale-if-error" cache control extension was erroneously applied if backend returned a response with status code 500, 502, 503, 504, 403, 404, or 429. *) Bugfix: "[crit] cache file ... has too long header" messages might appear in logs if caching was used and the backend returned responses with the "Vary" header line. *) Workaround: "[crit] SSL_write() failed" messages might appear in logs when using OpenSSL 1.1.1. *) Bugfix: "SSL_shutdown() failed (SSL: ... bad write retry)" messages might appear in logs; the bug had appeared in 1.19.2. *) Bugfix: a segmentation fault might occur in a worker process when using HTTP/2 if errors with code 400 were redirected to a proxied location using the "error_page" directive. *) Bugfix: socket leak when using HTTP/2 and subrequests in the njs module.
Revision 1.52 / (download) - annotate - [select for diffs], Wed Aug 12 06:52:13 2020 UTC (3 years, 8 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2020Q3-base,
pkgsrc-2020Q3
Changes since 1.51: +2 -2
lines
Diff to previous 1.51 (colored) to selected 1.16 (colored)
nginx-devel: updated to 1.19.2 Changes with nginx 1.19.2 *) Change: now nginx starts closing keepalive connections before all free worker connections are exhausted, and logs a warning about this to the error log. *) Change: optimization of client request body reading when using chunked transfer encoding. *) Bugfix: memory leak if the "ssl_ocsp" directive was used. *) Bugfix: "zero size buf in output" alerts might appear in logs if a FastCGI server returned an incorrect response; the bug had appeared in 1.19.1. *) Bugfix: a segmentation fault might occur in a worker process if different large_client_header_buffers sizes were used in different virtual servers. *) Bugfix: SSL shutdown might not work. *) Bugfix: "SSL_shutdown() failed (SSL: ... bad write retry)" messages might appear in logs. *) Bugfix: in the ngx_http_slice_module. *) Bugfix: in the ngx_http_xslt_filter_module.
Revision 1.51 / (download) - annotate - [select for diffs], Fri Jul 10 10:56:44 2020 UTC (3 years, 9 months ago) by adam
Branch: MAIN
Changes since 1.50: +2 -2
lines
Diff to previous 1.50 (colored) to selected 1.16 (colored)
nginx-devel: updated to 1.19.1 Changes with nginx 1.19.1 *) Change: the "lingering_close", "lingering_time", and "lingering_timeout" directives now work when using HTTP/2. *) Change: now extra data sent by a backend are always discarded. *) Change: now after receiving a too short response from a FastCGI server nginx tries to send the available part of the response to the client, and then closes the client connection. *) Change: now after receiving a response with incorrect length from a gRPC backend nginx stops response processing with an error. *) Feature: the "min_free" parameter of the "proxy_cache_path", "fastcgi_cache_path", "scgi_cache_path", and "uwsgi_cache_path" directives. Thanks to Adam Bambuch. *) Bugfix: nginx did not delete unix domain listen sockets during graceful shutdown on the SIGQUIT signal. *) Bugfix: zero length UDP datagrams were not proxied. *) Bugfix: proxying to uwsgi backends using SSL might not work. Thanks to Guanzhong Chen. *) Bugfix: in error handling when using the "ssl_ocsp" directive. *) Bugfix: on XFS and NFS file systems disk cache size might be calculated incorrectly. *) Bugfix: "negative size buf in writer" alerts might appear in logs if a memcached server returned a malformed response.
Revision 1.50 / (download) - annotate - [select for diffs], Mon Jun 1 06:19:42 2020 UTC (3 years, 10 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2020Q2-base,
pkgsrc-2020Q2
Changes since 1.49: +2 -2
lines
Diff to previous 1.49 (colored) to selected 1.16 (colored)
nginx-devel: updated to 1.19.0 Changes with nginx 1.19.0 *) Feature: client certificate validation with OCSP. *) Bugfix: "upstream sent frame for closed stream" errors might occur when working with gRPC backends. *) Bugfix: OCSP stapling might not work if the "resolver" directive was not specified. *) Bugfix: connections with incorrect HTTP/2 preface were not logged.
Revision 1.49 / (download) - annotate - [select for diffs], Tue Mar 10 08:21:34 2020 UTC (4 years, 1 month ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2020Q1-base,
pkgsrc-2020Q1
Changes since 1.48: +2 -2
lines
Diff to previous 1.48 (colored) to selected 1.16 (colored)
nginx-devel: updated to 1.17.9 Changes with nginx 1.17.9 *) Change: now nginx does not allow several "Host" request header lines. *) Bugfix: nginx ignored additional "Transfer-Encoding" request header lines. *) Bugfix: socket leak when using HTTP/2. *) Bugfix: a segmentation fault might occur in a worker process if OCSP stapling was used. *) Bugfix: in the ngx_http_mp4_module. *) Bugfix: nginx used status code 494 instead of 400 if errors with code 494 were redirected with the "error_page" directive. *) Bugfix: socket leak when using subrequests in the njs module and the "aio" directive. Changes with nginx 1.17.8 *) Feature: variables support in the "grpc_pass" directive. *) Bugfix: a timeout might occur while handling pipelined requests in an SSL connection; the bug had appeared in 1.17.5. *) Bugfix: in the "debug_points" directive when using HTTP/2.
Revision 1.48 / (download) - annotate - [select for diffs], Sun Dec 29 16:48:00 2019 UTC (4 years, 3 months ago) by adam
Branch: MAIN
Changes since 1.47: +2 -2
lines
Diff to previous 1.47 (colored) to selected 1.16 (colored)
nginx-devel: updated to 1.17.7 Changes with nginx 1.17.7 *) Bugfix: a segmentation fault might occur on start or during reconfiguration if the "rewrite" directive with an empty replacement string was used in the configuration. *) Bugfix: a segmentation fault might occur in a worker process if the "break" directive was used with the "alias" directive or with the "proxy_pass" directive with a URI. *) Bugfix: the "Location" response header line might contain garbage if the request URI was rewritten to the one containing a null character. *) Bugfix: requests with bodies were handled incorrectly when returning redirections with the "error_page" directive; the bug had appeared in 0.7.12. *) Bugfix: socket leak when using HTTP/2. *) Bugfix: a timeout might occur while handling pipelined requests in an SSL connection; the bug had appeared in 1.17.5. *) Bugfix: in the ngx_http_dav_module.
Revision 1.47 / (download) - annotate - [select for diffs], Wed Nov 20 16:37:28 2019 UTC (4 years, 4 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2019Q4-base,
pkgsrc-2019Q4
Changes since 1.46: +2 -2
lines
Diff to previous 1.46 (colored) to selected 1.16 (colored)
nginx-devel: updated to 1.17.6 Changes with nginx 1.17.6: *) Feature: the $proxy_protocol_server_addr and $proxy_protocol_server_port variables. *) Feature: the "limit_conn_dry_run" directive. *) Feature: the $limit_req_status and $limit_conn_status variables.
Revision 1.46 / (download) - annotate - [select for diffs], Fri Oct 25 09:20:25 2019 UTC (4 years, 5 months ago) by adam
Branch: MAIN
Changes since 1.45: +2 -2
lines
Diff to previous 1.45 (colored) to selected 1.16 (colored)
nginx-devel: updated to 1.17.4 Changes with nginx 1.17.5: *) Feature: now nginx uses ioctl(FIONREAD), if available, to avoid reading from a fast connection for a long time. *) Bugfix: incomplete escaped characters at the end of the request URI were ignored. *) Bugfix: "/." and "/.." at the end of the request URI were not normalized. *) Bugfix: in the "merge_slashes" directive. *) Bugfix: in the "ignore_invalid_headers" directive. Thanks to Alan Kemp. *) Bugfix: nginx could not be built with MinGW-w64 gcc 8.1 or newer.
Revision 1.45 / (download) - annotate - [select for diffs], Wed Oct 16 06:29:08 2019 UTC (4 years, 6 months ago) by adam
Branch: MAIN
Changes since 1.44: +2 -2
lines
Diff to previous 1.44 (colored) to selected 1.16 (colored)
nginx-devel: updated to 1.17.4 Changes with nginx 1.17.4 *) Change: better detection of incorrect client behavior in HTTP/2. *) Change: in handling of not fully read client request body when returning errors in HTTP/2. *) Bugfix: the "worker_shutdown_timeout" directive might not work when using HTTP/2. *) Bugfix: a segmentation fault might occur in a worker process when using HTTP/2 and the "proxy_request_buffering" directive. *) Bugfix: the ECONNABORTED error log level was "crit" instead of "error" on Windows when using SSL. *) Bugfix: nginx ignored extra data when using chunked transfer encoding. *) Bugfix: nginx always returned the 500 error if the "return" directive was used and an error occurred during reading client request body. *) Bugfix: in memory allocation error handling.
Revision 1.44 / (download) - annotate - [select for diffs], Thu Aug 15 08:07:46 2019 UTC (4 years, 8 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2019Q3-base,
pkgsrc-2019Q3
Changes since 1.43: +2 -2
lines
Diff to previous 1.43 (colored) to selected 1.16 (colored)
nginx-devel: updated to 1.17.3 Changes with nginx 1.17.3 *) Security: when using HTTP/2 a client might cause excessive memory consumption and CPU usage (CVE-2019-9511, CVE-2019-9513, CVE-2019-9516). *) Bugfix: "zero size buf" alerts might appear in logs when using gzipping; the bug had appeared in 1.17.2. *) Bugfix: a segmentation fault might occur in a worker process if the "resolver" directive was used in SMTP proxy. Changes with nginx 1.17.2 *) Change: minimum supported zlib version is 1.2.0.4. Thanks to Ilya Leoshkevich. *) Change: the $r->internal_redirect() embedded perl method now expects escaped URIs. *) Feature: it is now possible to switch to a named location using the $r->internal_redirect() embedded perl method. *) Bugfix: in error handling in embedded perl. *) Bugfix: a segmentation fault might occur on start or during reconfiguration if hash bucket size larger than 64 kilobytes was used in the configuration. *) Bugfix: nginx might hog CPU during unbuffered proxying and when proxying WebSocket connections if the select, poll, or /dev/poll methods were used. *) Bugfix: in the ngx_http_xslt_filter_module. *) Bugfix: in the ngx_http_ssi_filter_module. Changes with nginx 1.17.1 *) Feature: the "limit_req_dry_run" directive. *) Feature: when using the "hash" directive inside the "upstream" block an empty hash key now triggers round-robin balancing. Thanks to Niklas Keller. *) Bugfix: a segmentation fault might occur in a worker process if caching was used along with the "image_filter" directive, and errors with code 415 were redirected with the "error_page" directive; the bug had appeared in 1.11.10. *) Bugfix: a segmentation fault might occur in a worker process if embedded perl was used; the bug had appeared in 1.7.3.
Revision 1.43 / (download) - annotate - [select for diffs], Thu Jun 6 16:33:19 2019 UTC (4 years, 10 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2019Q2-base,
pkgsrc-2019Q2
Changes since 1.42: +2 -2
lines
Diff to previous 1.42 (colored) to selected 1.16 (colored)
nginx-devel: updated to 1.17.0 Changes with nginx 1.17.0: *) Feature: variables support in the "limit_rate" and "limit_rate_after" directives. *) Feature: variables support in the "proxy_upload_rate" and "proxy_download_rate" directives in the stream module. *) Change: minimum supported OpenSSL version is 0.9.8. *) Change: now the postpone filter is always built. *) Bugfix: the "include" directive did not work inside the "if" and "limit_except" blocks. *) Bugfix: in byte ranges processing.
Revision 1.42 / (download) - annotate - [select for diffs], Thu Apr 18 07:22:08 2019 UTC (5 years ago) by adam
Branch: MAIN
Changes since 1.41: +2 -2
lines
Diff to previous 1.41 (colored) to selected 1.16 (colored)
nginx-devel: updated to 1.5.12 Changes with nginx 1.15.12: *) Bugfix: a segmentation fault might occur in a worker process if variables were used in the "ssl_certificate" or "ssl_certificate_key" directives and OCSP stapling was enabled. Changes with nginx 1.15.11: *) Bugfix: in the "ssl_stapling_file" directive on Windows.
Revision 1.41 / (download) - annotate - [select for diffs], Wed Mar 27 06:45:13 2019 UTC (5 years ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2019Q1-base,
pkgsrc-2019Q1
Changes since 1.40: +2 -2
lines
Diff to previous 1.40 (colored) to selected 1.16 (colored)
nginx-devel: updated to 1.5.10 Changes with nginx 1.15.10: *) Change: when using a hostname in the "listen" directive nginx now creates listening sockets for all addresses the hostname resolves to (previously, only the first address was used). *) Feature: port ranges in the "listen" directive. *) Feature: loading of SSL certificates and secret keys from variables. *) Workaround: the $ssl_server_name variable might be empty when using OpenSSL 1.1.1. *) Bugfix: nginx/Windows could not be built with Visual Studio 2015 or newer; the bug had appeared in 1.15.9. nginx-nchan: 1.2.5: fix: using multiplexed channels with Redis in backup mode may result in worker crash fix: nchan_publisher_channel_id could not be set exclusively in a publisher location fix: Google pagespeed module compatibility fix: nchan prevents nginx from starting if no http {} block is configured 1.2.4: fix: Redis cluster info with zero-length hostname may result in worker crash fix: build problems with included hiredis lib in FreeBSD feature: nchan_redis_namespace and nchan_redis_ping_interval now work in upstream blocks fix: websocket publisher did not publishing channel events fix: Redis namespace was limited to 8 bytes
Revision 1.40 / (download) - annotate - [select for diffs], Fri Mar 1 18:07:04 2019 UTC (5 years, 1 month ago) by ryoon
Branch: MAIN
Changes since 1.39: +2 -2
lines
Diff to previous 1.39 (colored) to selected 1.16 (colored)
Update to 1.15.9 Changelog: Changes with nginx 1.15.9 26 Feb 2019 *) Feature: variables support in the "ssl_certificate" and "ssl_certificate_key" directives. *) Feature: the "poll" method is now available on Windows when using Windows Vista or newer. *) Bugfix: if the "select" method was used on Windows and an error occurred while establishing a backend connection, nginx waited for the connection establishment timeout to expire. *) Bugfix: the "proxy_upload_rate" and "proxy_download_rate" directives in the stream module worked incorrectly when proxying UDP datagrams.
Revision 1.39 / (download) - annotate - [select for diffs], Fri Jan 4 10:42:05 2019 UTC (5 years, 3 months ago) by adam
Branch: MAIN
Changes since 1.38: +2 -2
lines
Diff to previous 1.38 (colored) to selected 1.16 (colored)
nginx-devel: updated to 1.15.8 Changes with nginx 1.15.8: *) Feature: the $upstream_bytes_sent variable. *) Feature: new directives in vim syntax highlighting scripts. *) Bugfix: in the "proxy_cache_background_update" directive. *) Bugfix: in the "geo" directive when using unix domain listen sockets. *) Workaround: the "ignoring stale global SSL error ... bad length" alerts might appear in logs when using the "ssl_early_data" directive with OpenSSL. *) Bugfix: in nginx/Windows. *) Bugfix: in the ngx_http_autoindex_module on 32-bit platforms.
Revision 1.38 / (download) - annotate - [select for diffs], Sat Dec 15 23:28:52 2018 UTC (5 years, 4 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2018Q4-base,
pkgsrc-2018Q4
Changes since 1.37: +2 -2
lines
Diff to previous 1.37 (colored) to selected 1.16 (colored)
nginx-devel: updated to 1.15.7 Changes with nginx 1.15.7: *) Feature: the "proxy_requests" directive in the stream module. *) Feature: the "delay" parameter of the "limit_req" directive. *) Bugfix: memory leak on errors during reconfiguration. *) Bugfix: in the $upstream_response_time, $upstream_connect_time, and $upstream_header_time variables. *) Bugfix: a segmentation fault might occur in a worker process if the ngx_http_mp4_module was used on 32-bit platforms.
Revision 1.37 / (download) - annotate - [select for diffs], Mon Nov 19 11:05:14 2018 UTC (5 years, 4 months ago) by adam
Branch: MAIN
Changes since 1.36: +2 -2
lines
Diff to previous 1.36 (colored) to selected 1.16 (colored)
nginx-devel: updated to 1.15.6 Changes with nginx 1.15.6: *) Security: when using HTTP/2 a client might cause excessive memory consumption (CVE-2018-16843) and CPU usage (CVE-2018-16844). *) Security: processing of a specially crafted mp4 file with the ngx_http_mp4_module might result in worker process memory disclosure (CVE-2018-16845). *) Feature: the "proxy_socket_keepalive", "fastcgi_socket_keepalive", "grpc_socket_keepalive", "memcached_socket_keepalive", "scgi_socket_keepalive", and "uwsgi_socket_keepalive" directives. *) Bugfix: if nginx was built with OpenSSL 1.1.0 and used with OpenSSL 1.1.1, the TLS 1.3 protocol was always enabled. *) Bugfix: working with gRPC backends might result in excessive memory consumption.
Revision 1.36 / (download) - annotate - [select for diffs], Wed Oct 3 10:19:02 2018 UTC (5 years, 6 months ago) by adam
Branch: MAIN
Changes since 1.35: +2 -2
lines
Diff to previous 1.35 (colored) to selected 1.16 (colored)
nginx-devel: updated to 1.15.5 Changes with nginx 1.15.5: *) Bugfix: a segmentation fault might occur in a worker process when using OpenSSL 1.1.0h or newer; the bug had appeared in 1.15.4. *) Bugfix: of minor potential bugs. Changes with nginx 1.15.4: *) Feature: now the "ssl_early_data" directive can be used with OpenSSL. *) Bugfix: in the ngx_http_uwsgi_module. Thanks to Chris Caputo. *) Bugfix: connections with some gRPC backends might not be cached when using the "keepalive" directive. *) Bugfix: a socket leak might occur when using the "error_page" directive to redirect early request processing errors, notably errors with code 400. *) Bugfix: the "return" directive did not change the response code when returning errors if the request was redirected by the "error_page" directive. *) Bugfix: standard error pages and responses of the ngx_http_autoindex_module module used the "bgcolor" attribute, and might be displayed incorrectly when using custom color settings in browsers. Thanks to Nova DasSarma. *) Change: the logging level of the "no suitable key share" and "no suitable signature algorithm" SSL errors has been lowered from "crit" to "info".
Revision 1.35 / (download) - annotate - [select for diffs], Wed Aug 29 07:35:53 2018 UTC (5 years, 7 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2018Q3-base,
pkgsrc-2018Q3
Changes since 1.34: +2 -2
lines
Diff to previous 1.34 (colored) to selected 1.16 (colored)
nginx-devel: updated to 1.15.3 Changes with nginx 1.15.3: *) Feature: now TLSv1.3 can be used with BoringSSL. *) Feature: the "ssl_early_data" directive, currently available with BoringSSL. *) Feature: the "keepalive_timeout" and "keepalive_requests" directives in the "upstream" block. *) Bugfix: the ngx_http_dav_module did not truncate destination file when copying a file over an existing one with the COPY method. *) Bugfix: the ngx_http_dav_module used zero access rights on the destination file and did not preserve file modification time when moving a file between different file systems with the MOVE method. *) Bugfix: the ngx_http_dav_module used default access rights when copying a file with the COPY method. *) Workaround: some clients might not work when using HTTP/2; the bug had appeared in 1.13.5. *) Bugfix: nginx could not be built with LibreSSL 2.8.0.
Revision 1.34 / (download) - annotate - [select for diffs], Fri Aug 24 18:27:08 2018 UTC (5 years, 7 months ago) by adam
Branch: MAIN
Changes since 1.33: +3 -3
lines
Diff to previous 1.33 (colored) to selected 1.16 (colored)
nginx-devel: updated to 1.15.2 Changes with nginx 1.15.2: *) Feature: the $ssl_preread_protocol variable in the ngx_stream_ssl_preread_module. *) Feature: now when using the "reset_timedout_connection" directive nginx will reset connections being closed with the 444 code. *) Change: a logging level of the "http request", "https proxy request", "unsupported protocol", and "version too low" SSL errors has been lowered from "crit" to "info". *) Bugfix: DNS requests were not resent if initial sending of a request failed. *) Bugfix: the "reuseport" parameter of the "listen" directive was ignored if the number of worker processes was specified after the "listen" directive. *) Bugfix: when using OpenSSL 1.1.0 or newer it was not possible to switch off "ssl_prefer_server_ciphers" in a virtual server if it was switched on in the default server. *) Bugfix: SSL session reuse with upstream servers did not work with the TLS 1.3 protocol. Changes with nginx 1.15.1: *) Feature: the "random" directive inside the "upstream" block. *) Feature: improved performance when using the "hash" and "ip_hash" directives with the "zone" directive. *) Feature: the "reuseport" parameter of the "listen" directive now uses SO_REUSEPORT_LB on FreeBSD 12. *) Bugfix: HTTP/2 server push did not work if SSL was terminated by a proxy server in front of nginx. *) Bugfix: the "tcp_nopush" directive was always used on backend connections. *) Bugfix: sending a disk-buffered request body to a gRPC backend might fail. Changes with nginx 1.15.0: *) Change: the "ssl" directive is deprecated; the "ssl" parameter of the "listen" directive should be used instead. *) Change: now nginx detects missing SSL certificates during configuration testing when using the "ssl" parameter of the "listen" directive. *) Feature: now the stream module can handle multiple incoming UDP datagrams from a client within a single session. *) Bugfix: it was possible to specify an incorrect response code in the "proxy_cache_valid" directive. *) Bugfix: nginx could not be built by gcc 8.1. *) Bugfix: logging to syslog stopped on local IP address changes. *) Bugfix: nginx could not be built by clang with CUDA SDK installed; the bug had appeared in 1.13.8. *) Bugfix: "getsockopt(TCP_FASTOPEN) ... failed" messages might appear in logs during binary upgrade when using unix domain listen sockets on FreeBSD. *) Bugfix: nginx could not be built on Fedora 28 Linux. *) Bugfix: request processing rate might exceed configured rate when using the "limit_req" directive. *) Bugfix: in handling of client addresses when using unix domain listen sockets to work with datagrams on Linux. *) Bugfix: in memory allocation error handling.
Revision 1.33 / (download) - annotate - [select for diffs], Wed May 16 07:46:43 2018 UTC (5 years, 11 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2018Q2-base,
pkgsrc-2018Q2
Changes since 1.32: +2 -1
lines
Diff to previous 1.32 (colored) to selected 1.16 (colored)
nginx-devel: sync modules with nginx/Makefile.common
Revision 1.32 / (download) - annotate - [select for diffs], Thu Apr 12 06:49:39 2018 UTC (6 years ago) by adam
Branch: MAIN
Changes since 1.31: +2 -2
lines
Diff to previous 1.31 (colored) to selected 1.16 (colored)
nginx-devel: updated to 1.13.12 Changes with nginx 1.13.12: *) Bugfix: connections with gRPC backends might be closed unexpectedly when returning a large response. Changes with nginx 1.13.11: *) Feature: the "proxy_protocol" parameter of the "listen" directive now supports the PROXY protocol version 2. *) Bugfix: nginx could not be built with OpenSSL 1.1.1 statically on Linux. *) Bugfix: in the "http_404", "http_500", etc. parameters of the "proxy_next_upstream" directive.
Revision 1.31 / (download) - annotate - [select for diffs], Wed Mar 21 07:52:58 2018 UTC (6 years ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2018Q1-base,
pkgsrc-2018Q1
Changes since 1.30: +2 -2
lines
Diff to previous 1.30 (colored) to selected 1.16 (colored)
nginx-devel: updated to 1.13.10 1.13.10: *) Feature: the "set" parameter of the "include" SSI directive now allows writing arbitrary responses to a variable; the "subrequest_output_buffer_size" directive defines maximum response size. *) Feature: now nginx uses clock_gettime(CLOCK_MONOTONIC) if available, to avoid timeouts being incorrectly triggered on system time changes. *) Feature: the "escape=none" parameter of the "log_format" directive. Thanks to Johannes Baiter and Calin Don. *) Feature: the $ssl_preread_alpn_protocols variable in the ngx_stream_ssl_preread_module. *) Feature: the ngx_http_grpc_module. *) Bugfix: in memory allocation error handling in the "geo" directive. *) Bugfix: when using variables in the "auth_basic_user_file" directive a null character might appear in logs.
Revision 1.30 / (download) - annotate - [select for diffs], Wed Feb 28 08:53:47 2018 UTC (6 years, 1 month ago) by adam
Branch: MAIN
Changes since 1.29: +2 -2
lines
Diff to previous 1.29 (colored) to selected 1.16 (colored)
nginx-devel: updated to 1.13.9 nginx 1.13.9: *) Feature: HTTP/2 server push support; the "http2_push" and "http2_push_preload" directives. *) Bugfix: "header already sent" alerts might appear in logs when using cache; the bug had appeared in 1.9.13. *) Bugfix: a segmentation fault might occur in a worker process if the "ssl_verify_client" directive was used and no SSL certificate was specified in a virtual server. *) Bugfix: in the ngx_http_v2_module. *) Bugfix: in the ngx_http_dav_module.
Revision 1.29 / (download) - annotate - [select for diffs], Tue Feb 13 09:26:01 2018 UTC (6 years, 2 months ago) by adam
Branch: MAIN
Changes since 1.28: +2 -2
lines
Diff to previous 1.28 (colored) to selected 1.16 (colored)
nginx-devel: updated to 1.13.8 Changes with nginx 1.13.8: *) Feature: now nginx automatically preserves the CAP_NET_RAW capability in worker processes when using the "transparent" parameter of the "proxy_bind", "fastcgi_bind", "memcached_bind", "scgi_bind", and "uwsgi_bind" directives. *) Feature: improved CPU cache line size detection. Thanks to Debayan Ghosh. *) Feature: new directives in vim syntax highlighting scripts. Thanks to Gena Makhomed. *) Bugfix: binary upgrade refused to work if nginx was re-parented to a process with PID different from 1 after its parent process has finished. *) Bugfix: the ngx_http_autoindex_module incorrectly handled requests with bodies. *) Bugfix: in the "proxy_limit_rate" directive when used with the "keepalive" directive. *) Bugfix: some parts of a response might be buffered when using "proxy_buffering off" if the client connection used SSL. Thanks to Patryk Lesiewicz. *) Bugfix: in the "proxy_cache_background_update" directive. *) Bugfix: it was not possible to start a parameter with a variable in the "${name}" form with the name in curly brackets without enclosing the parameter into single or double quotes.
Revision 1.28 / (download) - annotate - [select for diffs], Sun Nov 26 16:48:37 2017 UTC (6 years, 4 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2017Q4-base,
pkgsrc-2017Q4
Changes since 1.27: +2 -2
lines
Diff to previous 1.27 (colored) to selected 1.16 (colored)
nginx-devel: updated to 1.13.7 Changes with nginx 1.13.7: *) Bugfix: in the $upstream_status variable. *) Bugfix: a segmentation fault might occur in a worker process if a backend returned a "101 Switching Protocols" response to a subrequest. *) Bugfix: a segmentation fault occurred in a master process if a shared memory zone size was changed during a reconfiguration and the reconfiguration failed. *) Bugfix: in the ngx_http_fastcgi_module. *) Bugfix: nginx returned the 500 error if parameters without variables were specified in the "xslt_stylesheet" directive. *) Workaround: "gzip filter failed to use preallocated memory" alerts appeared in logs when using a zlib library variant from Intel. *) Bugfix: the "worker_shutdown_timeout" directive did not work when using mail proxy and when proxying WebSocket connections.
Revision 1.27 / (download) - annotate - [select for diffs], Sat Oct 28 10:57:50 2017 UTC (6 years, 5 months ago) by adam
Branch: MAIN
Changes since 1.26: +3 -3
lines
Diff to previous 1.26 (colored) to selected 1.16 (colored)
nginx-devel: updated to 1.13.6 Changes with nginx 1.13.6 10 Oct 2017 *) Bugfix: switching to the next upstream server in the stream module did not work when using the "ssl_preread" directive. *) Bugfix: in the ngx_http_v2_module. Thanks to Piotr Sikora. *) Bugfix: nginx did not support dates after the year 2038 on 32-bit platforms with 64-bit time_t. *) Bugfix: in handling of dates prior to the year 1970 and after the year 10000. *) Bugfix: in the stream module timeouts waiting for UDP datagrams from upstream servers were not logged or logged at the "info" level instead of "error". *) Bugfix: when using HTTP/2 nginx might return the 400 response without logging the reason. *) Bugfix: in processing of corrupted cache files. *) Bugfix: cache control headers were ignored when caching errors intercepted by error_page. *) Bugfix: when using HTTP/2 client request body might be corrupted. *) Bugfix: in handling of client addresses when using unix domain sockets. *) Bugfix: nginx hogged CPU when using the "hash ... consistent" directive in the upstream block if large weights were used and all or most of the servers were unavailable.
Revision 1.26 / (download) - annotate - [select for diffs], Sun Jul 23 21:31:09 2017 UTC (6 years, 8 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2017Q3-base,
pkgsrc-2017Q3
Changes since 1.25: +2 -3
lines
Diff to previous 1.25 (colored) to selected 1.16 (colored)
Changes with nginx 1.13.3: *) Security: a specially crafted request might result in an integer overflow and incorrect processing of ranges in the range filter, potentially resulting in sensitive information leak (CVE-2017-7529). Changes with nginx 1.13.2: *) Change: nginx now returns 200 instead of 416 when a range starting with 0 is requested from an empty file. *) Feature: the "add_trailer" directive. *) Bugfix: nginx could not be built on Cygwin and NetBSD; the bug had appeared in 1.13.0. *) Bugfix: nginx could not be built under MSYS2 / MinGW 64-bit. *) Bugfix: a segmentation fault might occur in a worker process when using SSI with many includes and proxy_pass with variables. *) Bugfix: in the ngx_http_v2_module. Changes with nginx 1.13.1: *) Feature: now a hostname can be used as the "set_real_ip_from" directive parameter. *) Feature: vim syntax highlighting scripts improvements. *) Feature: the "worker_cpu_affinity" directive now works on DragonFly BSD. *) Bugfix: SSL renegotiation on backend connections did not work when using OpenSSL before 1.1.0. *) Workaround: nginx could not be built with Oracle Developer Studio 12.5. *) Workaround: now cache manager ignores long locked cache entries when cleaning cache based on the "max_size" parameter. *) Bugfix: client SSL connections were immediately closed if deferred accept and the "proxy_protocol" parameter of the "listen" directive were used. *) Bugfix: in the "proxy_cache_background_update" directive. *) Workaround: now the "tcp_nodelay" directive sets the TCP_NODELAY option before an SSL handshake.
Revision 1.25 / (download) - annotate - [select for diffs], Thu Jun 29 12:20:06 2017 UTC (6 years, 9 months ago) by fhajny
Branch: MAIN
CVS Tags: pkgsrc-2017Q2-base,
pkgsrc-2017Q2
Changes since 1.24: +2 -1
lines
Diff to previous 1.24 (colored) to selected 1.16 (colored)
Install processed rather than template nginx man page. PKGREVISION++ Fixes joyent/pkgsrc/issues/515
Revision 1.24 / (download) - annotate - [select for diffs], Tue May 2 12:31:43 2017 UTC (6 years, 11 months ago) by fhajny
Branch: MAIN
Changes since 1.23: +2 -2
lines
Diff to previous 1.23 (colored) to selected 1.16 (colored)
* Update www/nginx-devel to 1.13.0. * Update naxsi to 0.55.3 Changes with nginx 1.13.0 25 Apr 2017 - Change: SSL renegotiation is now allowed on backend connections. - Feature: the "rcvbuf" and "sndbuf" parameters of the "listen" directives of the mail proxy and stream modules. - Feature: the "return" and "error_page" directives can now be used to return 308 redirections. Thanks to Simon Leblanc. - Feature: the "TLSv1.3" parameter of the "ssl_protocols" directive. - Feature: when logging signals nginx now logs PID of the process which sent the signal. - Bugfix: in memory allocation error handling. - Bugfix: if a server in the stream module listened on a wildcard address, the source address of a response UDP datagram could differ from the original datagram destination address. Changes with nginx 1.11.13 04 Apr 2017 - Feature: the "http_429" parameter of the "proxy_next_upstream", "fastcgi_next_upstream", "scgi_next_upstream", and "uwsgi_next_upstream" directives. Thanks to Piotr Sikora. - Bugfix: in memory allocation error handling. - Bugfix: requests might hang when using the "sendfile" and "timer_resolution" directives on Linux. - Bugfix: requests might hang when using the "sendfile" and "aio_write" directives with subrequests. - Bugfix: in the ngx_http_v2_module. Thanks to Piotr Sikora. - Bugfix: a segmentation fault might occur in a worker process when using HTTP/2. - Bugfix: requests might hang when using the "limit_rate", "sendfile_max_chunk", "limit_req" directives, or the $r->sleep() embedded perl method with subrequests. - Bugfix: in the ngx_http_slice_module. Changes with nginx 1.11.12 24 Mar 2017 - Bugfix: nginx might hog CPU; the bug had appeared in 1.11.11. Changes with nginx 1.11.11 21 Mar 2017 - Feature: the "worker_shutdown_timeout" directive. - Feature: vim syntax highlighting scripts improvements. Thanks to Wei-Ko Kao. - Bugfix: a segmentation fault might occur in a worker process if the $limit_rate variable was set to an empty string. - Bugfix: the "proxy_cache_background_update", "fastcgi_cache_background_update", "scgi_cache_background_update", and "uwsgi_cache_background_update" directives might work incorrectly if the "if" directive was used. - Bugfix: a segmentation fault might occur in a worker process if number of large_client_header_buffers in a virtual server was different from the one in the default server. - Bugfix: in the mail proxy server. Changes with nginx 1.11.10 14 Feb 2017 - Change: cache header format has been changed, previously cached responses will be invalidated. - Feature: support of "stale-while-revalidate" and "stale-if-error" extensions in the "Cache-Control" backend response header line. - Feature: the "proxy_cache_background_update", "fastcgi_cache_background_update", "scgi_cache_background_update", and "uwsgi_cache_background_update" directives. - Feature: nginx is now able to cache responses with the "Vary" header line up to 128 characters long (instead of 42 characters in previous versions). - Feature: the "build" parameter of the "server_tokens" directive. Thanks to Tom Thorogood. - Bugfix: "[crit] SSL_write() failed" messages might appear in logs when handling requests with the "Expect: 100-continue" request header line. - Bugfix: the ngx_http_slice_module did not work in named locations. - Bugfix: a segmentation fault might occur in a worker process when using AIO after an "X-Accel-Redirect" redirection. - Bugfix: reduced memory consumption for long-lived requests using gzipping.
Revision 1.23 / (download) - annotate - [select for diffs], Tue Feb 14 10:14:36 2017 UTC (7 years, 2 months ago) by fhajny
Branch: MAIN
CVS Tags: pkgsrc-2017Q1-base,
pkgsrc-2017Q1
Changes since 1.22: +2 -2
lines
Diff to previous 1.22 (colored) to selected 1.16 (colored)
Update www/nginx-devel to 1.11.9. Changes with nginx 1.11.9 24 Jan 2017 *) Bugfix: nginx might hog CPU when using the stream module; the bug had appeared in 1.11.5. *) Bugfix: EXTERNAL authentication mechanism in mail proxy was accepted even if it was not enabled in the configuration. *) Bugfix: a segmentation fault might occur in a worker process if the "ssl_verify_client" directive of the stream module was used. *) Bugfix: the "ssl_verify_client" directive of the stream module might not work. *) Bugfix: closing keepalive connections due to no free worker connections might be too aggressive. Thanks to Joel Cunningham. *) Bugfix: an incorrect response might be returned when using the "sendfile" directive on FreeBSD and macOS; the bug had appeared in 1.7.8. *) Bugfix: a truncated response might be stored in cache when using the "aio_write" directive. *) Bugfix: a socket leak might occur when using the "aio_write" directive. Changes with nginx 1.11.8 27 Dec 2016 *) Feature: the "absolute_redirect" directive. *) Feature: the "escape" parameter of the "log_format" directive. *) Feature: client SSL certificates verification in the stream module. *) Feature: the "ssl_session_ticket_key" directive supports AES256 encryption of TLS session tickets when used with 80-byte keys. *) Feature: vim-commentary support in vim scripts. Thanks to Armin Grodon. *) Bugfix: recursion when evaluating variables was not limited. *) Bugfix: in the ngx_stream_ssl_preread_module. *) Bugfix: if a server in an upstream in the stream module failed, it was considered alive only when a test connection sent to it after fail_timeout was closed; now a successfully established connection is enough. *) Bugfix: nginx/Windows could not be built with 64-bit Visual Studio. *) Bugfix: nginx/Windows could not be built with OpenSSL 1.1.0. Changes with nginx 1.11.7 13 Dec 2016 *) Change: now in case of a client certificate verification error the $ssl_client_verify variable contains a string with the failure reason, for example, "FAILED:certificate has expired". *) Feature: the $ssl_ciphers, $ssl_curves, $ssl_client_v_start, $ssl_client_v_end, and $ssl_client_v_remain variables. *) Feature: the "volatile" parameter of the "map" directive. *) Bugfix: dependencies specified for a module were ignored while building dynamic modules. *) Bugfix: when using HTTP/2 and the "limit_req" or "auth_request" directives client request body might be corrupted; the bug had appeared in 1.11.0. *) Bugfix: a segmentation fault might occur in a worker process when using HTTP/2; the bug had appeared in 1.11.3. *) Bugfix: in the ngx_http_mp4_module. Thanks to Congcong Hu. *) Bugfix: in the ngx_http_perl_module. Changes with nginx 1.11.6 15 Nov 2016 *) Change: format of the $ssl_client_s_dn and $ssl_client_i_dn variables has been changed to follow RFC 2253 (RFC 4514); values in the old format are available in the $ssl_client_s_dn_legacy and $ssl_client_i_dn_legacy variables. *) Change: when storing temporary files in a cache directory they will be stored in the same subdirectories as corresponding cache files instead of a separate subdirectory for temporary files. *) Feature: EXTERNAL authentication mechanism support in mail proxy. Thanks to Robert Norris. *) Feature: WebP support in the ngx_http_image_filter_module. *) Feature: variables support in the "proxy_method" directive. Thanks to Dmitry Lazurkin. *) Feature: the "http2_max_requests" directive in the ngx_http_v2_module. *) Feature: the "proxy_cache_max_range_offset", "fastcgi_cache_max_range_offset", "scgi_cache_max_range_offset", and "uwsgi_cache_max_range_offset" directives. *) Bugfix: graceful shutdown of old worker processes might require infinite time when using HTTP/2. *) Bugfix: in the ngx_http_mp4_module. *) Bugfix: "ignore long locked inactive cache entry" alerts might appear in logs when proxying WebSocket connections with caching enabled. *) Bugfix: nginx did not write anything to log and returned a response with code 502 instead of 504 when a timeout occurred during an SSL handshake to a backend. Changes with nginx 1.11.5 11 Oct 2016 *) Change: the --with-ipv6 configure option was removed, now IPv6 support is configured automatically. *) Change: now if there are no available servers in an upstream, nginx will not reset number of failures of all servers as it previously did, but will wait for fail_timeout to expire. *) Feature: the ngx_stream_ssl_preread_module. *) Feature: the "server" directive in the "upstream" context supports the "max_conns" parameter. *) Feature: the --with-compat configure option. *) Feature: "manager_files", "manager_threshold", and "manager_sleep" parameters of the "proxy_cache_path", "fastcgi_cache_path", "scgi_cache_path", and "uwsgi_cache_path" directives. *) Bugfix: flags passed by the --with-ld-opt configure option were not used while building perl module. *) Bugfix: in the "add_after_body" directive when used with the "sub_filter" directive. *) Bugfix: in the $realip_remote_addr variable. *) Bugfix: the "dav_access", "proxy_store_access", "fastcgi_store_access", "scgi_store_access", and "uwsgi_store_access" directives ignored permissions specified for user. *) Bugfix: unix domain listen sockets might not be inherited during binary upgrade on Linux. *) Bugfix: nginx returned the 400 response on requests with the "-" character in the HTTP method.
Revision 1.22 / (download) - annotate - [select for diffs], Tue Oct 4 10:12:42 2016 UTC (7 years, 6 months ago) by fhajny
Branch: MAIN
CVS Tags: pkgsrc-2016Q4-base,
pkgsrc-2016Q4
Changes since 1.21: +2 -2
lines
Diff to previous 1.21 (colored) to selected 1.16 (colored)
Update www/nginx-devel to 1.11.4. Changes with nginx 1.11.4 13 Sep 2016 - Feature: the $upstream_bytes_received variable. - Feature: the $bytes_received, $session_time, $protocol, $status, $upstream_addr, $upstream_bytes_sent, $upstream_bytes_received, $upstream_connect_time, $upstream_first_byte_time, and $upstream_session_time variables in the stream module. - Feature: the ngx_stream_log_module. - Feature: the "proxy_protocol" parameter of the "listen" directive, the $proxy_protocol_addr and $proxy_protocol_port variables in the stream module. - Feature: the ngx_stream_realip_module. - Bugfix: nginx could not be built with the stream module and the ngx_http_ssl_module, but without ngx_stream_ssl_module; the bug had appeared in 1.11.3. - Feature: the IP_BIND_ADDRESS_NO_PORT socket option was not used; the bug had appeared in 1.11.2. - Bugfix: in the "ranges" parameter of the "geo" directive. - Bugfix: an incorrect response might be returned when using the "aio threads" and "sendfile" directives; the bug had appeared in 1.9.13. Changes with nginx 1.11.3 26 Jul 2016 - Change: now the "accept_mutex" directive is turned off by default. - Feature: now nginx uses EPOLLEXCLUSIVE on Linux. - Feature: the ngx_stream_geo_module. - Feature: the ngx_stream_geoip_module. - Feature: the ngx_stream_split_clients_module. - Feature: variables support in the "proxy_pass" and "proxy_ssl_name" directives in the stream module. - Bugfix: socket leak when using HTTP/2. - Bugfix: in configure tests. Thanks to Piotr Sikora. Changes with nginx 1.11.2 05 Jul 2016 - Change: now nginx always uses internal MD5 and SHA1 implementations; the --with-md5 and --with-sha1 configure options were canceled. - Feature: variables support in the stream module. - Feature: the ngx_stream_map_module. - Feature: the ngx_stream_return_module. - Feature: a port can be specified in the "proxy_bind", "fastcgi_bind", "memcached_bind", "scgi_bind", and "uwsgi_bind" directives. - Feature: now nginx uses the IP_BIND_ADDRESS_NO_PORT socket option when available. - Bugfix: a segmentation fault might occur in a worker process when using HTTP/2 and the "proxy_request_buffering" directive. - Bugfix: the "Content-Length" request header line was always added to requests passed to backends, including requests without body, when using HTTP/2. - Bugfix: "http request count is zero" alerts might appear in logs when using HTTP/2. - Bugfix: unnecessary buffering might occur when using the "sub_filter" directive; the issue had appeared in 1.9.4.
Revision 1.21 / (download) - annotate - [select for diffs], Wed Jun 15 14:53:48 2016 UTC (7 years, 10 months ago) by fhajny
Branch: MAIN
CVS Tags: pkgsrc-2016Q3-base,
pkgsrc-2016Q3,
pkgsrc-2016Q2-base,
pkgsrc-2016Q2
Changes since 1.20: +2 -4
lines
Diff to previous 1.20 (colored) to selected 1.16 (colored)
Update www/nginx-devel to 1.11.1. Changes with nginx 1.11.1 - Security: a segmentation fault might occur in a worker process while writing a specially crafted request body to a temporary file (CVE-2016-4450); the bug had appeared in 1.3.9. Changes with nginx 1.11.0 - Feature: the "transparent" parameter of the "proxy_bind", "fastcgi_bind", "memcached_bind", "scgi_bind", and "uwsgi_bind" directives. - Feature: the $request_id variable. - Feature: the "map" directive supports combinations of multiple variables as resulting values. - Feature: now nginx checks if EPOLLRDHUP events are supported by kernel, and optimizes connection handling accordingly if the "epoll" method is used. - Feature: the "ssl_certificate" and "ssl_certificate_key" directives can be specified multiple times to load certificates of different types (for example, RSA and ECDSA). - Feature: the "ssl_ecdh_curve" directive now allows specifying a list of curves when using OpenSSL 1.0.2 or newer; by default a list built into OpenSSL is used. - Change: to use DHE ciphers it is now required to specify parameters using the "ssl_dhparam" directive. - Feature: the $proxy_protocol_port variable. - Feature: the $realip_remote_port variable in the ngx_http_realip_module. - Feature: the ngx_http_realip_module is now able to set the client port in addition to the address. - Change: the "421 Misdirected Request" response now used when rejecting requests to a virtual server different from one negotiated during an SSL handshake; this improves interoperability with some HTTP/2 clients when using client certificates. - Change: HTTP/2 clients can now start sending request body immediately; the "http2_body_preread_size" directive controls size of the buffer used before nginx will start reading client request body. - Bugfix: cached error responses were not updated when using the "proxy_cache_bypass" directive. Changes with nginx 1.9.15 - Bugfix: "recv() failed" errors might occur when using HHVM as a FastCGI server. - Bugfix: when using HTTP/2 and the "limit_req" or "auth_request" directives a timeout or a "client violated flow control" error might occur while reading client request body; the bug had appeared in 1.9.14. - Workaround: a response might not be shown by some browsers if HTTP/2 was used and client request body was not fully read; the bug had appeared in 1.9.14. - Bugfix: connections might hang when using the "aio threads" directive. Thanks to Mindaugas Rasiukevicius. Changes with nginx 1.9.14 - Feature: OpenSSL 1.1.0 compatibility. - Feature: the "proxy_request_buffering", "fastcgi_request_buffering", "scgi_request_buffering", and "uwsgi_request_buffering" directives now work with HTTP/2. - Bugfix: "zero size buf in output" alerts might appear in logs when using HTTP/2. - Bugfix: the "client_max_body_size" directive might work incorrectly when using HTTP/2. - Bugfix: of minor bugs in logging. Changes with nginx 1.9.13 - Change: non-idempotent requests (POST, LOCK, PATCH) are no longer passed to the next server by default if a request has been sent to a backend; the "non_idempotent" parameter of the "proxy_next_upstream" directive explicitly allows retrying such requests. - Feature: the ngx_http_perl_module can be built dynamically. - Feature: UDP support in the stream module. - Feature: the "aio_write" directive. - Feature: now cache manager monitors number of elements in caches and tries to avoid cache keys zone overflows. - Bugfix: "task already active" and "second aio post" alerts might appear in logs when using the "sendfile" and "aio" directives with subrequests. - Bugfix: "zero size buf in output" alerts might appear in logs if caching was used and a client closed a connection prematurely. - Bugfix: connections with clients might be closed needlessly if caching was used. Thanks to Justin Li. - Bugfix: nginx might hog CPU if the "sendfile" directive was used on Linux or Solaris and a file being sent was changed during sending. - Bugfix: connections might hang when using the "sendfile" and "aio threads" directives. - Bugfix: in the "proxy_pass", "fastcgi_pass", "scgi_pass", and "uwsgi_pass" directives when using variables. Thanks to Piotr Sikora. - Bugfix: in the ngx_http_sub_filter_module. - Bugfix: if an error occurred in a cached backend connection, the request was passed to the next server regardless of the proxy_next_upstream directive. - Bugfix: "CreateFile() failed" errors when creating temporary files on Windows. Changes with nginx 1.9.12 - Feature: Huffman encoding of response headers in HTTP/2. Thanks to Vlad Krasnov. - Feature: the "worker_cpu_affinity" directive now supports more than 64 CPUs. - Bugfix: compatibility with 3rd party C++ modules; the bug had appeared in 1.9.11. Thanks to Piotr Sikora. - Bugfix: nginx could not be built statically with OpenSSL on Linux; the bug had appeared in 1.9.11. - Bugfix: the "add_header ... always" directive with an empty value did not delete "Last-Modified" and "ETag" header lines from error responses. - Workaround: "called a function you should not call" and "shutdown while in init" messages might appear in logs when using OpenSSL 1.0.2f. - Bugfix: invalid headers might be logged incorrectly. - Bugfix: socket leak when using HTTP/2. - Bugfix: in the ngx_http_v2_module. Changes with nginx 1.9.11 - Feature: TCP support in resolver. - Feature: dynamic modules. - Bugfix: the $request_length variable did not include size of request headers when using HTTP/2. - Bugfix: in the ngx_http_v2_module.
Revision 1.19.2.1 / (download) - annotate - [select for diffs], Sat Jun 11 10:06:37 2016 UTC (7 years, 10 months ago) by spz
Branch: pkgsrc-2016Q1
Changes since 1.19: +2 -1
lines
Diff to previous 1.19 (colored) next main 1.20 (colored) to selected 1.16 (colored)
Pullup ticket #5038 - requested by joerg www/nginx: security patch www/nginx-devel: security patch Revisions pulled up: - www/nginx-devel/Makefile 1.20 - www/nginx-devel/distinfo 1.20 - www/nginx-devel/patches/patch-src_os_unix_ngx__files.c 1.1 - www/nginx/Makefile 1.64 - www/nginx/patches/patch-src_os_unix_ngx__files.c 1.1 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: joerg Date: Tue May 31 19:44:47 UTC 2016 Modified Files: pkgsrc/www/nginx: Makefile Added Files: pkgsrc/www/nginx/patches: patch-src_os_unix_ngx__files.c Log Message: Avoid CVE-2016-4450 (NULL dereference while saving client body to temporary file). Bump revision. To generate a diff of this commit: cvs rdiff -u -r1.63 -r1.64 pkgsrc/www/nginx/Makefile cvs rdiff -u -r0 -r1.1 \ pkgsrc/www/nginx/patches/patch-src_os_unix_ngx__files.c ------------------------------------------------------------------- Module Name: pkgsrc Committed By: joerg Date: Tue May 31 19:54:43 UTC 2016 Modified Files: pkgsrc/www/nginx-devel: Makefile distinfo Added Files: pkgsrc/www/nginx-devel/patches: patch-src_os_unix_ngx__files.c Log Message: Avoid CVE-2016-4450 (NULL dereference while saving client body to temporary file). Bump revision. To generate a diff of this commit: cvs rdiff -u -r1.19 -r1.20 pkgsrc/www/nginx-devel/Makefile \ pkgsrc/www/nginx-devel/distinfo cvs rdiff -u -r0 -r1.1 \ pkgsrc/www/nginx-devel/patches/patch-src_os_unix_ngx__files.c
Revision 1.20 / (download) - annotate - [select for diffs], Tue May 31 19:54:43 2016 UTC (7 years, 10 months ago) by joerg
Branch: MAIN
Changes since 1.19: +2 -1
lines
Diff to previous 1.19 (colored) to selected 1.16 (colored)
Avoid CVE-2016-4450 (NULL dereference while saving client body to temporary file). Bump revision.
Revision 1.19 / (download) - annotate - [select for diffs], Tue Jan 26 17:59:13 2016 UTC (8 years, 2 months ago) by joerg
Branch: MAIN
CVS Tags: pkgsrc-2016Q1-base
Branch point for: pkgsrc-2016Q1
Changes since 1.18: +2 -3
lines
Diff to previous 1.18 (colored) to selected 1.16 (colored)
Update to nginx 1.9.10: - security fixes when using "resolver" - various new features and bugfixes.
Revision 1.18 / (download) - annotate - [select for diffs], Wed Sep 30 13:36:47 2015 UTC (8 years, 6 months ago) by imil
Branch: MAIN
CVS Tags: pkgsrc-2015Q4-base,
pkgsrc-2015Q4
Changes since 1.17: +2 -1
lines
Diff to previous 1.17 (colored) to selected 1.16 (colored)
Updated Github third party modules and changed DISTFILES to point to github.com instead of ftp.NetBSD.org. * lua-nginx-module 0.9.5 updated to 0.9.16 * echo-nginx-module 0.51 updated to 0.58 * set-misc-nginx-module 0.24 updated to 0.29 * array-var-nginx-module 0.03 updated to 0.04 * encrypted-session-nginx-module 0.03 updated to 0.04 * form-input-nginx-module 0.07 updated to 0.11 * headers-more-nginx-module 0.25 updated to 0.26.1 Only minor revision changes, no features added. Modules don't have Changelog, git history shows only cosmetic changes and bugfixes.
Revision 1.17 / (download) - annotate - [select for diffs], Tue Sep 29 13:50:46 2015 UTC (8 years, 6 months ago) by imil
Branch: MAIN
Changes since 1.16: +3 -2
lines
Diff to previous 1.16 (colored)
Updated to nginx 1.9.5 Changes from 1.9.4 *) Feature: the ngx_http_v2_module (replaces ngx_http_spdy_module). Thanks to Dropbox and Automattic for sponsoring this work. *) Change: now the "output_buffers" directive uses two buffers by default. *) Change: now nginx limits subrequests recursion, not simultaneous subrequests. *) Change: now nginx checks the whole cache key when returning a response from cache. Thanks to Gena Makhomed and Sergey Brester. *) Bugfix: "header already sent" alerts might appear in logs when using cache; the bug had appeared in 1.7.5. *) Bugfix: "writev() failed (4: Interrupted system call)" errors might appear in logs when using CephFS and the "timer_resolution" directive on Linux. *) Bugfix: in invalid configurations handling. Thanks to Markus Linnala. *) Bugfix: a segmentation fault occurred in a worker process if the "sub_filter" directive was used at http level; the bug had appeared in 1.9.4. Updated naxsi to 0.54 From 0.53-2 "AppleJack": * increased PCRE output vector from 6 to 30 (from 2 match groups to 10) * removed negative rule on content-types (naxsi_core.rules) as naxsi supports json * Fixed broken EXLOG on |NAME match zones (issues/110) * Integrated libinjection (xss/sqli)
Revision 1.16 / (download) - annotate - [selected], Thu Sep 3 09:15:18 2015 UTC (8 years, 7 months ago) by fhajny
Branch: MAIN
CVS Tags: pkgsrc-2015Q3-base,
pkgsrc-2015Q3
Changes since 1.15: +2 -2
lines
Diff to previous 1.15 (colored)
Update www/nginx-devel to 1.9.4. Changes with nginx 1.9.4 18 Aug 2015 *) Change: the "proxy_downstream_buffer" and "proxy_upstream_buffer" directives of the stream module are replaced with the "proxy_buffer_size" directive. *) Feature: the "tcp_nodelay" directive in the stream module. *) Feature: multiple "sub_filter" directives can be used simultaneously. *) Feature: variables support in the search string of the "sub_filter" directive. *) Workaround: configuration testing might fail under Linux OpenVZ. Thanks to Gena Makhomed. *) Bugfix: old worker processes might hog CPU after reconfiguration with a large number of worker_connections. *) Bugfix: a segmentation fault might occur in a worker process if the "try_files" and "alias" directives were used inside a location given by a regular expression; the bug had appeared in 1.7.1. *) Bugfix: the "try_files" directive inside a nested location given by a regular expression worked incorrectly if the "alias" directive was used in the outer location. *) Bugfix: in hash table initialization error handling. *) Bugfix: nginx could not be built with Visual Studio 2015. Changes with nginx 1.9.3 14 Jul 2015 *) Change: duplicate "http", "mail", and "stream" blocks are now disallowed. *) Feature: connection limiting in the stream module. *) Feature: data rate limiting in the stream module. *) Bugfix: the "zone" directive inside the "upstream" block did not work on Windows. *) Bugfix: compatibility with LibreSSL in the stream module. Thanks to Piotr Sikora. *) Bugfix: in the "--builddir" configure parameter. Thanks to Piotr Sikora. *) Bugfix: the "ssl_stapling_file" directive did not work; the bug had appeared in 1.9.2. Thanks to Faidon Liambotis and Brandon Black. *) Bugfix: a segmentation fault might occur in a worker process if the "ssl_stapling" directive was used; the bug had appeared in 1.9.2. Thanks to Matthew Baldwin. Changes with nginx 1.9.2 16 Jun 2015 *) Feature: the "backlog" parameter of the "listen" directives of the mail proxy and stream modules. *) Feature: the "allow" and "deny" directives in the stream module. *) Feature: the "proxy_bind" directive in the stream module. *) Feature: the "proxy_protocol" directive in the stream module. *) Feature: the -T switch. *) Feature: the REQUEST_SCHEME parameter added to the fastcgi.conf, fastcgi_params, scgi_params, and uwsgi_params standard configuration files. *) Bugfix: the "reuseport" parameter of the "listen" directive of the stream module did not work. *) Bugfix: OCSP stapling might return an expired OCSP response in some cases. Changes with nginx 1.9.1 26 May 2015 *) Change: now SSLv3 protocol is disabled by default. *) Change: some long deprecated directives are not supported anymore. *) Feature: the "reuseport" parameter of the "listen" directive. Thanks to Yingqi Lu at Intel and Sepherosa Ziehau. *) Feature: the $upstream_connect_time variable. *) Bugfix: in the "hash" directive on big-endian platforms. *) Bugfix: nginx might fail to start on some old Linux variants; the bug had appeared in 1.7.11. *) Bugfix: in IP address parsing. Thanks to Sergey Polovko. Changes with nginx 1.9.0 28 Apr 2015 *) Change: obsolete aio and rtsig event methods have been removed. *) Feature: the "zone" directive inside the "upstream" block. *) Feature: the stream module. *) Feature: byte ranges support in the ngx_http_memcached_module. Thanks to Martin Mlynar. *) Feature: shared memory can now be used on Windows versions with address space layout randomization. Thanks to Sergey Brester. *) Feature: the "error_log" directive can now be used on mail and server levels in mail proxy. *) Bugfix: the "proxy_protocol" parameter of the "listen" directive did not work if not specified in the first "listen" directive for a listen socket. Changes with nginx 1.7.12 07 Apr 2015 *) Feature: now the "tcp_nodelay" directive works with backend SSL connections. *) Feature: now thread pools can be used to read cache file headers. *) Bugfix: in the "proxy_request_buffering" directive. *) Bugfix: a segmentation fault might occur in a worker process when using thread pools on Linux. *) Bugfix: in error handling when using the "ssl_stapling" directive. Thanks to Filipe da Silva. *) Bugfix: in the ngx_http_spdy_module. Changes with nginx 1.7.11 24 Mar 2015 *) Change: the "sendfile" parameter of the "aio" directive is deprecated; now nginx automatically uses AIO to pre-load data for sendfile if both "aio" and "sendfile" directives are used. *) Feature: experimental thread pools support. *) Feature: the "proxy_request_buffering", "fastcgi_request_buffering", "scgi_request_buffering", and "uwsgi_request_buffering" directives. *) Feature: request body filters experimental API. *) Feature: client SSL certificates support in mail proxy. Thanks to Sven Peter, Franck Levionnois, and Filipe Da Silva. *) Feature: startup speedup when using the "hash ... consistent" directive in the upstream block. Thanks to Wai Keen Woon. *) Feature: debug logging into a cyclic memory buffer. *) Bugfix: in hash table handling. Thanks to Chris West. *) Bugfix: in the "proxy_cache_revalidate" directive. *) Bugfix: SSL connections might hang if deferred accept or the "proxy_protocol" parameter of the "listen" directive were used. Thanks to James Hamlin. *) Bugfix: the $upstream_response_time variable might contain a wrong value if the "image_filter" directive was used. *) Bugfix: in integer overflow handling. Thanks to Régis Leroy. *) Bugfix: it was not possible to enable SSLv3 with LibreSSL. *) Bugfix: the "ignoring stale global SSL error ... called a function you should not call" alerts appeared in logs when using LibreSSL. *) Bugfix: certificates specified by the "ssl_client_certificate" and "ssl_trusted_certificate" directives were inadvertently used to automatically construct certificate chains.
Revision 1.15 / (download) - annotate - [select for diffs], Wed Mar 4 09:08:27 2015 UTC (9 years, 1 month ago) by imil
Branch: MAIN
CVS Tags: pkgsrc-2015Q2-base,
pkgsrc-2015Q2,
pkgsrc-2015Q1-base,
pkgsrc-2015Q1
Changes since 1.14: +2 -2
lines
Diff to previous 1.14 (colored) to selected 1.16 (colored)
Updated nginx to version 1.7.10 Changes with nginx 1.7.10 10 Feb 2015 *) Feature: the "use_temp_path" parameter of the "proxy_cache_path", "fastcgi_cache_path", "scgi_cache_path", and "uwsgi_cache_path" directives. *) Feature: the $upstream_header_time variable. *) Workaround: now on disk overflow nginx tries to write error logs once a second only. *) Bugfix: the "try_files" directive did not ignore normal files while testing directories. Thanks to Damien Tournoud. *) Bugfix: alerts "sendfile() failed" if the "sendfile" directive was used on OS X; the bug had appeared in 1.7.8. *) Bugfix: alerts "sem_post() failed" might appear in logs. *) Bugfix: nginx could not be built with musl libc. Thanks to James Taylor. *) Bugfix: nginx could not be built on Tru64 UNIX. Thanks to Goetz T. Fischer. Changes with nginx 1.7.9 23 Dec 2014 *) Feature: variables support in the "proxy_cache", "fastcgi_cache", "scgi_cache", and "uwsgi_cache" directives. *) Feature: variables support in the "expires" directive. *) Feature: loading of secret keys from hardware tokens with OpenSSL engines. Thanks to Dmitrii Pichulin. *) Feature: the "autoindex_format" directive. *) Bugfix: cache revalidation is now only used for responses with 200 and 206 status codes. Thanks to Piotr Sikora. *) Bugfix: the "TE" client request header line was passed to backends while proxying. *) Bugfix: the "proxy_pass", "fastcgi_pass", "scgi_pass", and "uwsgi_pass" directives might not work correctly inside the "if" and "limit_except" blocks. *) Bugfix: the "proxy_store" directive with the "on" parameter was ignored if the "proxy_store" directive with an explicitly specified file path was used on a previous level. *) Bugfix: nginx could not be built with BoringSSL. Thanks to Lukas Tribus. Changes with nginx 1.7.8 02 Dec 2014 *) Change: now the "If-Modified-Since", "If-Range", etc. client request header lines are passed to a backend while caching if nginx knows in advance that the response will not be cached (e.g., when using proxy_cache_min_uses). *) Change: now after proxy_cache_lock_timeout nginx sends a request to a backend with caching disabled; the new directives "proxy_cache_lock_age", "fastcgi_cache_lock_age", "scgi_cache_lock_age", and "uwsgi_cache_lock_age" specify a time after which the lock will be released and another attempt to cache a response will be made. *) Change: the "log_format" directive can now be used only at http level. *) Feature: the "proxy_ssl_certificate", "proxy_ssl_certificate_key", "proxy_ssl_password_file", "uwsgi_ssl_certificate", "uwsgi_ssl_certificate_key", and "uwsgi_ssl_password_file" directives. Thanks to Piotr Sikora. *) Feature: it is now possible to switch to a named location using "X-Accel-Redirect". Thanks to Toshikuni Fukaya. *) Feature: now the "tcp_nodelay" directive works with SPDY connections. *) Feature: new directives in vim syntax highliting scripts. Thanks to Peter Wu. *) Bugfix: nginx ignored the "s-maxage" value in the "Cache-Control" backend response header line. Thanks to Piotr Sikora. *) Bugfix: in the ngx_http_spdy_module. Thanks to Piotr Sikora. *) Bugfix: in the "ssl_password_file" directive when using OpenSSL 0.9.8zc, 1.0.0o, 1.0.1j. *) Bugfix: alerts "header already sent" appeared in logs if the "post_action" directive was used; the bug had appeared in 1.5.4. *) Bugfix: alerts "the http output chain is empty" might appear in logs if the "postpone_output 0" directive was used with SSI includes. *) Bugfix: in the "proxy_cache_lock" directive with SSI subrequests. Thanks to Yichun Zhang. Changes with nginx 1.7.7 28 Oct 2014 *) Change: now nginx takes into account the "Vary" header line in a backend response while caching. *) Feature: the "proxy_force_ranges", "fastcgi_force_ranges", "scgi_force_ranges", and "uwsgi_force_ranges" directives. *) Feature: the "proxy_limit_rate", "fastcgi_limit_rate", "scgi_limit_rate", and "uwsgi_limit_rate" directives. *) Feature: the "Vary" parameter of the "proxy_ignore_headers", "fastcgi_ignore_headers", "scgi_ignore_headers", and "uwsgi_ignore_headers" directives. *) Bugfix: the last part of a response received from a backend with unbufferred proxy might not be sent to a client if "gzip" or "gunzip" directives were used. *) Bugfix: in the "proxy_cache_revalidate" directive. Thanks to Piotr Sikora. *) Bugfix: in error handling. Thanks to Yichun Zhang and Daniil Bondarev. *) Bugfix: in the "proxy_next_upstream_tries" and "proxy_next_upstream_timeout" directives. Thanks to Feng Gu. *) Bugfix: nginx/Windows could not be built with MinGW-w64 gcc. Thanks to Kouhei Sutou. Changes with nginx 1.7.6 30 Sep 2014 *) Change: the deprecated "limit_zone" directive is not supported anymore. *) Feature: the "limit_conn_zone" and "limit_req_zone" directives now can be used with combinations of multiple variables. *) Bugfix: request body might be transmitted incorrectly when retrying a FastCGI request to the next upstream server. *) Bugfix: in logging to syslog. Changes with nginx 1.7.5 16 Sep 2014 *) Security: it was possible to reuse SSL sessions in unrelated contexts if a shared SSL session cache or the same TLS session ticket key was used for multiple "server" blocks (CVE-2014-3616). Thanks to Antoine Delignat-Lavaud. *) Change: now the "stub_status" directive does not require a parameter. *) Feature: the "always" parameter of the "add_header" directive. *) Feature: the "proxy_next_upstream_tries", "proxy_next_upstream_timeout", "fastcgi_next_upstream_tries", "fastcgi_next_upstream_timeout", "memcached_next_upstream_tries", "memcached_next_upstream_timeout", "scgi_next_upstream_tries", "scgi_next_upstream_timeout", "uwsgi_next_upstream_tries", and "uwsgi_next_upstream_timeout" directives. *) Bugfix: in the "if" parameter of the "access_log" directive. *) Bugfix: in the ngx_http_perl_module. Thanks to Piotr Sikora. *) Bugfix: the "listen" directive of the mail proxy module did not allow to specify more than two parameters. *) Bugfix: the "sub_filter" directive did not work with a string to replace consisting of a single character. *) Bugfix: requests might hang if resolver was used and a timeout occurred during a DNS request. *) Bugfix: in the ngx_http_spdy_module when using with AIO. *) Bugfix: a segmentation fault might occur in a worker process if the "set" directive was used to change the "$http_...", "$sent_http_...", or "$upstream_http_..." variables. *) Bugfix: in memory allocation error handling. Thanks to Markus Linnala and Feng Gu.
Revision 1.14 / (download) - annotate - [select for diffs], Thu Aug 14 16:30:47 2014 UTC (9 years, 8 months ago) by imil
Branch: MAIN
CVS Tags: pkgsrc-2014Q4-base,
pkgsrc-2014Q4,
pkgsrc-2014Q3-base,
pkgsrc-2014Q3
Changes since 1.13: +2 -3
lines
Diff to previous 1.13 (colored) to selected 1.16 (colored)
Updated nginx-devel to version 1.7.4 Changes with nginx 1.7.4 05 Aug 2014 *) Security: pipelined commands were not discarded after STARTTLS command in SMTP proxy (CVE-2014-3556); the bug had appeared in 1.5.6. Thanks to Chris Boulton. *) Change: URI escaping now uses uppercase hexadecimal digits. Thanks to Piotr Sikora. *) Feature: now nginx can be build with BoringSSL and LibreSSL. Thanks to Piotr Sikora. *) Bugfix: requests might hang if resolver was used and a DNS server returned a malformed response; the bug had appeared in 1.5.8. *) Bugfix: in the ngx_http_spdy_module. Thanks to Piotr Sikora. *) Bugfix: the $uri variable might contain garbage when returning errors with code 400. Thanks to Sergey Bobrov. *) Bugfix: in error handling in the "proxy_store" directive and the ngx_http_dav_module. Thanks to Feng Gu. *) Bugfix: a segmentation fault might occur if logging of errors to syslog was used; the bug had appeared in 1.7.1. *) Bugfix: the $geoip_latitude, $geoip_longitude, $geoip_dma_code, and $geoip_area_code variables might not work. Thanks to Yichun Zhang. *) Bugfix: in memory allocation error handling. Thanks to Tatsuhiko Kubo and Piotr Sikora. Changes with nginx 1.7.3 08 Jul 2014 *) Feature: weak entity tags are now preserved on response modifications, and strong ones are changed to weak. *) Feature: cache revalidation now uses If-None-Match header if possible. *) Feature: the "ssl_password_file" directive. *) Bugfix: the If-None-Match request header line was ignored if there was no Last-Modified header in a response returned from cache. *) Bugfix: "peer closed connection in SSL handshake" messages were logged at "info" level instead of "error" while connecting to backends. *) Bugfix: in the ngx_http_dav_module module in nginx/Windows. *) Bugfix: SPDY connections might be closed prematurely if caching was used. Changes with nginx 1.7.2 17 Jun 2014 *) Feature: the "hash" directive inside the "upstream" block. *) Feature: defragmentation of free shared memory blocks. Thanks to Wandenberg Peixoto and Yichun Zhang. *) Bugfix: a segmentation fault might occur in a worker process if the default value of the "access_log" directive was used; the bug had appeared in 1.7.0. Thanks to Piotr Sikora. *) Bugfix: trailing slash was mistakenly removed from the last parameter of the "try_files" directive. *) Bugfix: nginx could not be built on OS X in some cases. *) Bugfix: in the ngx_http_spdy_module. Changes with nginx 1.7.1 27 May 2014 *) Feature: the "$upstream_cookie_..." variables. *) Feature: the $ssl_client_fingerprint variable. *) Feature: the "error_log" and "access_log" directives now support logging to syslog. *) Feature: the mail proxy now logs client port on connect. *) Bugfix: memory leak if the "ssl_stapling" directive was used. Thanks to Filipe da Silva. *) Bugfix: the "alias" directive used inside a location given by a regular expression worked incorrectly if the "if" or "limit_except" directives were used. *) Bugfix: the "charset" directive did not set a charset to encoded backend responses. *) Bugfix: a "proxy_pass" directive without URI part might use original request after the $args variable was set. Thanks to Yichun Zhang. *) Bugfix: in the "none" parameter in the "smtp_auth" directive; the bug had appeared in 1.5.6. Thanks to Svyatoslav Nikolsky. *) Bugfix: if sub_filter and SSI were used together, then responses might be transferred incorrectly. *) Bugfix: nginx could not be built with the --with-file-aio option on Linux/aarch64. Changes with nginx 1.7.0 24 Apr 2014 *) Feature: backend SSL certificate verification. *) Feature: support for SNI while working with SSL backends. *) Feature: the $ssl_server_name variable. *) Feature: the "if" parameter of the "access_log" directive. Changes with nginx 1.5.13 08 Apr 2014 *) Change: improved hash table handling; the default values of the "variables_hash_max_size" and "types_hash_bucket_size" were changed to 1024 and 64 respectively. *) Feature: the ngx_http_mp4_module now supports the "end" argument. *) Feature: byte ranges support in the ngx_http_mp4_module and while saving responses to cache. *) Bugfix: alerts "ngx_slab_alloc() failed: no memory" no longer logged when using shared memory in the "ssl_session_cache" directive and in the ngx_http_limit_req_module. *) Bugfix: the "underscores_in_headers" directive did not allow underscore as a first character of a header. Thanks to Piotr Sikora. *) Bugfix: cache manager might hog CPU on exit in nginx/Windows. *) Bugfix: nginx/Windows terminated abnormally if the "ssl_session_cache" directive was used with the "shared" parameter. *) Bugfix: in the ngx_http_spdy_module.
Revision 1.13 / (download) - annotate - [select for diffs], Fri Mar 21 21:42:50 2014 UTC (10 years ago) by imil
Branch: MAIN
CVS Tags: pkgsrc-2014Q2-base,
pkgsrc-2014Q2,
pkgsrc-2014Q1-base,
pkgsrc-2014Q1
Changes since 1.12: +2 -2
lines
Diff to previous 1.12 (colored) to selected 1.16 (colored)
Added form-input https://github.com/calio/form-input-nginx-module and encrypted-session https://github.com/agentzh/encrypted-session-nginx-module
Revision 1.12 / (download) - annotate - [select for diffs], Fri Mar 21 11:37:45 2014 UTC (10 years ago) by imil
Branch: MAIN
Changes since 1.11: +2 -2
lines
Diff to previous 1.11 (colored) to selected 1.16 (colored)
Added array-var-nginx-module https://github.com/agentzh/array-var-nginx-module
Revision 1.11 / (download) - annotate - [select for diffs], Thu Mar 20 22:21:20 2014 UTC (10 years ago) by imil
Branch: MAIN
Changes since 1.10: +2 -1
lines
Diff to previous 1.10 (colored) to selected 1.16 (colored)
Added ngx_echo http://wiki.nginx.org/HttpEchoModule, ngx_set_misc http://wiki.nginx.org/HttpSetMiscModule and ngx_headers_more http://wiki.nginx.org/HttpHeadersMoreModule
Revision 1.10 / (download) - annotate - [select for diffs], Wed Mar 19 14:16:23 2014 UTC (10 years, 1 month ago) by imil
Branch: MAIN
Changes since 1.9: +2 -2
lines
Diff to previous 1.9 (colored) to selected 1.16 (colored)
Changes with nginx 1.5.12 18 Mar 2014 *) Security: a heap memory buffer overflow might occur in a worker process while handling a specially crafted request by ngx_http_spdy_module, potentially resulting in arbitrary code execution (CVE-2014-0133). Thanks to Lucas Molas, researcher at Programa STIC, Fundacióî Dr. Manuel Sadosky, Buenos Aires, Argentina. *) Feature: the "proxy_protocol" parameters of the "listen" and "real_ip_header" directives, the $proxy_protocol_addr variable. *) Bugfix: in the "fastcgi_next_upstream" directive. Thanks to Lucas Molas.
Revision 1.9 / (download) - annotate - [select for diffs], Fri Mar 14 11:36:58 2014 UTC (10 years, 1 month ago) by imil
Branch: MAIN
Changes since 1.8: +2 -2
lines
Diff to previous 1.8 (colored) to selected 1.16 (colored)
Changes with nginx 1.5.11 04 Mar 2014 *) Security: memory corruption might occur in a worker process on 32-bit platforms while handling a specially crafted request by ngx_http_spdy_module, potentially resulting in arbitrary code execution (CVE-2014-0088); the bug had appeared in 1.5.10. Thanks to Lucas Molas, researcher at Programa STIC, Fundacióî Dr. Manuel Sadosky, Buenos Aires, Argentina. *) Feature: the $ssl_session_reused variable. *) Bugfix: the "client_max_body_size" directive might not work when reading a request body using chunked transfer encoding; the bug had appeared in 1.3.9. Thanks to Lucas Molas. *) Bugfix: a segmentation fault might occur in a worker process when proxying WebSocket connections. *) Bugfix: a segmentation fault might occur in a worker process if the ngx_http_spdy_module was used on 32-bit platforms; the bug had appeared in 1.5.10. *) Bugfix: the $upstream_status variable might contain wrong data if the "proxy_cache_use_stale" or "proxy_cache_revalidate" directives were used. Thanks to Piotr Sikora. *) Bugfix: a segmentation fault might occur in a worker process if errors with code 400 were redirected to a named location using the "error_page" directive. *) Bugfix: nginx/Windows could not be built with Visual Studio 2013. Changes with nginx 1.5.10 04 Feb 2014 *) Feature: the ngx_http_spdy_module now uses SPDY 3.1 protocol. Thanks to Automattic and MaxCDN for sponsoring this work. *) Feature: the ngx_http_mp4_module now skips tracks too short for a seek requested. *) Bugfix: a segmentation fault might occur in a worker process if the $ssl_session_id variable was used in logs; the bug had appeared in 1.5.9. *) Bugfix: the $date_local and $date_gmt variables used wrong format outside of the ngx_http_ssi_filter_module. *) Bugfix: client connections might be immediately closed if deferred accept was used; the bug had appeared in 1.3.15. *) Bugfix: alerts "getsockopt(TCP_FASTOPEN) ... failed" appeared in logs during binary upgrade on Linux; the bug had appeared in 1.5.8. Thanks to Piotr Sikora. Changes with nginx 1.5.9 22 Jan 2014 *) Change: now nginx expects escaped URIs in "X-Accel-Redirect" headers. *) Feature: the "ssl_buffer_size" directive. *) Feature: the "limit_rate" directive can now be used to rate limit responses sent in SPDY connections. *) Feature: the "spdy_chunk_size" directive. *) Feature: the "ssl_session_tickets" directive. Thanks to Dirkjan Bussink. *) Bugfix: the $ssl_session_id variable contained full session serialized instead of just a session id. Thanks to Ivan Risti?. *) Bugfix: nginx incorrectly handled escaped "?" character in the "include" SSI command. *) Bugfix: the ngx_http_dav_module did not unescape destination URI of the COPY and MOVE methods. *) Bugfix: resolver did not understand domain names with a trailing dot. Thanks to Yichun Zhang. *) Bugfix: alerts "zero size buf in output" might appear in logs while proxying; the bug had appeared in 1.3.9. *) Bugfix: a segmentation fault might occur in a worker process if the ngx_http_spdy_module was used. *) Bugfix: proxied WebSocket connections might hang right after handshake if the select, poll, or /dev/poll methods were used. *) Bugfix: the "xclient" directive of the mail proxy module incorrectly handled IPv6 client addresses. Changes with nginx 1.5.8 17 Dec 2013 *) Feature: IPv6 support in resolver. *) Feature: the "listen" directive supports the "fastopen" parameter. Thanks to Mathew Rodley. *) Feature: SSL support in the ngx_http_uwsgi_module. Thanks to Roberto De Ioris. *) Feature: vim syntax highlighting scripts were added to contrib. Thanks to Evan Miller. *) Bugfix: a timeout might occur while reading client request body in an SSL connection using chunked transfer encoding. *) Bugfix: the "master_process" directive did not work correctly in nginx/Windows. *) Bugfix: the "setfib" parameter of the "listen" directive might not work. *) Bugfix: in the ngx_http_spdy_module.
Revision 1.7.2.1 / (download) - annotate - [select for diffs], Thu Dec 5 17:45:04 2013 UTC (10 years, 4 months ago) by schnoebe
Branch: pkgsrc-2013Q3
Changes since 1.7: +2 -2
lines
Diff to previous 1.7 (colored) next main 1.8 (colored) to selected 1.16 (colored)
pullup to pkgsrc-2013Q3, resolves ticket #4263 Updated to nginx 1.5.7 Changes with nginx 1.5.7 19 Nov 2013 *) Security: a character following an unescaped space in a request line was handled incorrectly (CVE-2013-4547); the bug had appeared in 0.8.41. Thanks to Ivan Fratric of the Google Security Team. *) Change: a logging level of auth_basic errors about no user/password provided has been lowered from "error" to "info". *) Feature: the "proxy_cache_revalidate", "fastcgi_cache_revalidate", "scgi_cache_revalidate", and "uwsgi_cache_revalidate" directives. *) Feature: the "ssl_session_ticket_key" directive. Thanks to Piotr Sikora. *) Bugfix: the directive "add_header Cache-Control ''" added a "Cache-Control" response header line with an empty value. *) Bugfix: the "satisfy any" directive might return 403 error instead of 401 if auth_request and auth_basic directives were used. Thanks to Jan Marc Hoffmann. *) Bugfix: the "accept_filter" and "deferred" parameters of the "listen" directive were ignored for listen sockets created during binary upgrade. Thanks to Piotr Sikora. *) Bugfix: some data received from a backend with unbufferred proxy might not be sent to a client immediately if "gzip" or "gunzip" directives were used. Thanks to Yichun Zhang. *) Bugfix: in error handling in ngx_http_gunzip_filter_module. *) Bugfix: responses might hang if the ngx_http_spdy_module was used with the "auth_request" directive. *) Bugfix: memory leak in nginx/Windows. Changes with nginx 1.5.6 01 Oct 2013 *) Feature: the "fastcgi_buffering" directive. *) Feature: the "proxy_ssl_protocols" and "proxy_ssl_ciphers" directives. Thanks to Piotr Sikora. *) Feature: optimization of SSL handshakes when using long certificate chains. *) Feature: the mail proxy supports SMTP pipelining. *) Bugfix: in the ngx_http_auth_basic_module when using "$apr1$" password encryption method. Thanks to Markus Linnala. *) Bugfix: in MacOSX, Cygwin, and nginx/Windows incorrect location might be used to process a request if locations were given using characters in different cases. *) Bugfix: automatic redirect with appended trailing slash for proxied locations might not work. *) Bugfix: in the mail proxy server. *) Bugfix: in the ngx_http_spdy_module. Changes with nginx 1.5.5 17 Sep 2013 *) Change: now nginx assumes HTTP/1.0 by default if it is not able to detect protocol reliably. *) Feature: the "disable_symlinks" directive now uses O_PATH on Linux. *) Feature: now nginx uses EPOLLRDHUP events to detect premature connection close by clients if the "epoll" method is used. *) Bugfix: in the "valid_referers" directive if the "server_names" parameter was used. *) Bugfix: the $request_time variable did not work in nginx/Windows. *) Bugfix: in the "image_filter" directive. Thanks to Lanshun Zhou. *) Bugfix: OpenSSL 1.0.1f compatibility. Thanks to Piotr Sikora. Changes with nginx 1.5.4 27 Aug 2013 *) Change: the "js" extension MIME type has been changed to "application/javascript"; default value of the "charset_types" directive was changed accordingly. *) Change: now the "image_filter" directive with the "size" parameter returns responses with the "application/json" MIME type. *) Feature: the ngx_http_auth_request_module. *) Bugfix: a segmentation fault might occur on start or during reconfiguration if the "try_files" directive was used with an empty parameter. *) Bugfix: memory leak if relative paths were specified using variables in the "root" or "auth_basic_user_file" directives. *) Bugfix: the "valid_referers" directive incorrectly executed regular expressions if a "Referer" header started with "https://". Thanks to Liangbin Li. *) Bugfix: responses might hang if subrequests were used and an SSL handshake error happened during subrequest processing. Thanks to Aviram Cohen. *) Bugfix: in the ngx_http_autoindex_module. *) Bugfix: in the ngx_http_spdy_module.
Revision 1.8 / (download) - annotate - [select for diffs], Thu Dec 5 15:04:05 2013 UTC (10 years, 4 months ago) by imil
Branch: MAIN
CVS Tags: pkgsrc-2013Q4-base,
pkgsrc-2013Q4
Changes since 1.7: +2 -2
lines
Diff to previous 1.7 (colored) to selected 1.16 (colored)
Updated to nginx 1.5.7 Changes with nginx 1.5.7 19 Nov 2013 *) Security: a character following an unescaped space in a request line was handled incorrectly (CVE-2013-4547); the bug had appeared in 0.8.41. Thanks to Ivan Fratric of the Google Security Team. *) Change: a logging level of auth_basic errors about no user/password provided has been lowered from "error" to "info". *) Feature: the "proxy_cache_revalidate", "fastcgi_cache_revalidate", "scgi_cache_revalidate", and "uwsgi_cache_revalidate" directives. *) Feature: the "ssl_session_ticket_key" directive. Thanks to Piotr Sikora. *) Bugfix: the directive "add_header Cache-Control ''" added a "Cache-Control" response header line with an empty value. *) Bugfix: the "satisfy any" directive might return 403 error instead of 401 if auth_request and auth_basic directives were used. Thanks to Jan Marc Hoffmann. *) Bugfix: the "accept_filter" and "deferred" parameters of the "listen" directive were ignored for listen sockets created during binary upgrade. Thanks to Piotr Sikora. *) Bugfix: some data received from a backend with unbufferred proxy might not be sent to a client immediately if "gzip" or "gunzip" directives were used. Thanks to Yichun Zhang. *) Bugfix: in error handling in ngx_http_gunzip_filter_module. *) Bugfix: responses might hang if the ngx_http_spdy_module was used with the "auth_request" directive. *) Bugfix: memory leak in nginx/Windows. Changes with nginx 1.5.6 01 Oct 2013 *) Feature: the "fastcgi_buffering" directive. *) Feature: the "proxy_ssl_protocols" and "proxy_ssl_ciphers" directives. Thanks to Piotr Sikora. *) Feature: optimization of SSL handshakes when using long certificate chains. *) Feature: the mail proxy supports SMTP pipelining. *) Bugfix: in the ngx_http_auth_basic_module when using "$apr1$" password encryption method. Thanks to Markus Linnala. *) Bugfix: in MacOSX, Cygwin, and nginx/Windows incorrect location might be used to process a request if locations were given using characters in different cases. *) Bugfix: automatic redirect with appended trailing slash for proxied locations might not work. *) Bugfix: in the mail proxy server. *) Bugfix: in the ngx_http_spdy_module. Changes with nginx 1.5.5 17 Sep 2013 *) Change: now nginx assumes HTTP/1.0 by default if it is not able to detect protocol reliably. *) Feature: the "disable_symlinks" directive now uses O_PATH on Linux. *) Feature: now nginx uses EPOLLRDHUP events to detect premature connection close by clients if the "epoll" method is used. *) Bugfix: in the "valid_referers" directive if the "server_names" parameter was used. *) Bugfix: the $request_time variable did not work in nginx/Windows. *) Bugfix: in the "image_filter" directive. Thanks to Lanshun Zhou. *) Bugfix: OpenSSL 1.0.1f compatibility. Thanks to Piotr Sikora. Changes with nginx 1.5.4 27 Aug 2013 *) Change: the "js" extension MIME type has been changed to "application/javascript"; default value of the "charset_types" directive was changed accordingly. *) Change: now the "image_filter" directive with the "size" parameter returns responses with the "application/json" MIME type. *) Feature: the ngx_http_auth_request_module. *) Bugfix: a segmentation fault might occur on start or during reconfiguration if the "try_files" directive was used with an empty parameter. *) Bugfix: memory leak if relative paths were specified using variables in the "root" or "auth_basic_user_file" directives. *) Bugfix: the "valid_referers" directive incorrectly executed regular expressions if a "Referer" header started with "https://". Thanks to Liangbin Li. *) Bugfix: responses might hang if subrequests were used and an SSL handshake error happened during subrequest processing. Thanks to Aviram Cohen. *) Bugfix: in the ngx_http_autoindex_module. *) Bugfix: in the ngx_http_spdy_module.
Revision 1.7 / (download) - annotate - [select for diffs], Sun Aug 18 08:11:04 2013 UTC (10 years, 8 months ago) by imil
Branch: MAIN
CVS Tags: pkgsrc-2013Q3-base
Branch point for: pkgsrc-2013Q3
Changes since 1.6: +2 -3
lines
Diff to previous 1.6 (colored) to selected 1.16 (colored)
Updated nginx-devel to 1.5.3 Changes with nginx 1.5.3 *) Change in internal API: now u->length defaults to -1 if working with backends in unbuffered mode. *) Change: now after receiving an incomplete response from a backend server nginx tries to send an available part of the response to a client, and then closes client connection. *) Bugfix: a segmentation fault might occur in a worker process if the ngx_http_spdy_module was used with the "client_body_in_file_only" directive. *) Bugfix: the "so_keepalive" parameter of the "listen" directive might be handled incorrectly on DragonFlyBSD. Thanks to Sepherosa Ziehau. *) Bugfix: in the ngx_http_xslt_filter_module. *) Bugfix: in the ngx_http_sub_filter_module. Changes with nginx 1.5.2 *) Feature: now several "error_log" directives can be used. *) Bugfix: the $r->header_in() embedded perl method did not return value of the "Cookie" and "X-Forwarded-For" request header lines; the bug had appeared in 1.3.14. *) Bugfix: in the ngx_http_spdy_module. Thanks to Jim Radford. *) Bugfix: nginx could not be built on Linux with x32 ABI. Thanks to Serguei Ivantsov. Changes with nginx 1.5.1 *) Feature: the "ssi_last_modified", "sub_filter_last_modified", and "xslt_last_modified" directives. Thanks to Alexey Kolpakov. *) Feature: the "http_403" parameter of the "proxy_next_upstream", "fastcgi_next_upstream", "scgi_next_upstream", and "uwsgi_next_upstream" directives. *) Feature: the "allow" and "deny" directives now support unix domain sockets. *) Bugfix: nginx could not be built with the ngx_mail_ssl_module, but without ngx_http_ssl_module; the bug had appeared in 1.3.14. *) Bugfix: in the "proxy_set_body" directive. Thanks to Lanshun Zhou. *) Bugfix: in the "lingering_time" directive. Thanks to Lanshun Zhou. *) Bugfix: the "fail_timeout" parameter of the "server" directive in the "upstream" context might not work if "max_fails" parameter was used; the bug had appeared in 1.3.0. *) Bugfix: a segmentation fault might occur in a worker process if the "ssl_stapling" directive was used. Thanks to Piotr Sikora. *) Bugfix: in the mail proxy server. Thanks to Filipe Da Silva. *) Bugfix: nginx/Windows might stop accepting connections if several worker processes were used.
Revision 1.6 / (download) - annotate - [select for diffs], Fri Jul 12 10:45:04 2013 UTC (10 years, 9 months ago) by jperkin
Branch: MAIN
Changes since 1.5: +2 -1
lines
Diff to previous 1.5 (colored) to selected 1.16 (colored)
Bump PKGREVISION of all packages which create users, to pick up change of sysutils/user_* packages.
Revision 1.5 / (download) - annotate - [select for diffs], Tue May 7 14:08:51 2013 UTC (10 years, 11 months ago) by imil
Branch: MAIN
CVS Tags: pkgsrc-2013Q2-base,
pkgsrc-2013Q2
Changes since 1.4: +2 -3
lines
Diff to previous 1.4 (colored) to selected 1.16 (colored)
Updated to version 1.5.0 - fixes CVE-2013-2028
Revision 1.4 / (download) - annotate - [select for diffs], Fri Apr 19 07:26:24 2013 UTC (11 years ago) by imil
Branch: MAIN
Changes since 1.3: +2 -1
lines
Diff to previous 1.3 (colored) to selected 1.16 (colored)
Added SPDY option, only affects nginx-devel
Revision 1.3 / (download) - annotate - [select for diffs], Wed Apr 17 19:57:38 2013 UTC (11 years ago) by imil
Branch: MAIN
Changes since 1.2: +2 -2
lines
Diff to previous 1.2 (colored) to selected 1.16 (colored)
Changes with nginx 1.3.16 *) Bugfix: a segmentation fault might occur in a worker process if subrequests were used; the bug had appeared in 1.3.9. *) Bugfix: the "tcp_nodelay" directive caused an error if a WebSocket connection was proxied into a unix domain socket. *) Bugfix: the $upstream_response_length variable has an incorrect value "0" if buffering was not used. Thanks to Piotr Sikora. *) Bugfix: in the eventport and /dev/poll methods.
Revision 1.2 / (download) - annotate - [select for diffs], Tue Mar 5 15:34:13 2013 UTC (11 years, 1 month ago) by imil
Branch: MAIN
CVS Tags: pkgsrc-2013Q1-base,
pkgsrc-2013Q1
Changes since 1.1: +2 -2
lines
Diff to previous 1.1 (colored) to selected 1.16 (colored)
Changes with nginx 1.3.14 05 Mar 2013 *) Feature: $connections_active, $connections_reading, and $connections_writing variables in the ngx_http_stub_status_module. *) Feature: support of WebSocket connections in the ngx_http_uwsgi_module and ngx_http_scgi_module. *) Bugfix: in virtual servers handling with SNI. *) Bugfix: new sessions were not always stored if the "ssl_session_cache shared" directive was used and there was no free space in shared memory. Thanks to Piotr Sikora. *) Bugfix: multiple X-Forwarded-For headers were handled incorrectly. Thanks to Neal Poole for sponsoring this work. *) Bugfix: in the ngx_http_mp4_module. Thanks to Gernot Vormayr.
Revision 1.1 / (download) - annotate - [select for diffs], Fri Feb 22 17:06:54 2013 UTC (11 years, 1 month ago) by imil
Branch: MAIN
Diff to selected 1.16 (colored)
Initial import of nginx-devel, version 1.3.13, into the NetBSD Packages Collection. nginx (pronounced "engine X") is a lightweight web (HTTP) server/reverse proxy and mail (IMAP/POP3) proxy written by Igor Sysoev. nginx has been running for more than three years on many heavily loaded Russian sites including Rambler (RamblerMedia.com). In March 2007 about 20% of all Russian virtual hosts were served or proxied by nginx. According to Google Online Security Blog nginx serves or proxies about 4% of all Internet virtual hosts, although Netcraft shows much less percent. The sources are licensed under a BSD-like license.