nginx/nginx.changes

-------------------------------------------------------------------
Thu Jan 28 01:36:01 UTC 2016 - i@marguerite.su

- update version 1.8.1 stable
  * Security: invalid pointer dereference might occur during DNS server
    response processing if the "resolver" directive was used, allowing an
    attacker who is able to forge UDP packets from the DNS server to
    cause segmentation fault in a worker process (CVE-2016-0742).
　* Security: use-after-free condition might occur during CNAME response
    processing if the "resolver" directive was used, allowing an attacker
    who is able to trigger name resolution to cause segmentation fault in
    a worker process, or might have potential other impact
    (CVE-2016-0746).
　* Security: CNAME resolution was insufficiently limited if the
    "resolver" directive was used, allowing an attacker who is able to
    trigger arbitrary name resolution to cause excessive resource
    consumption in worker processes (CVE-2016-0747).
　* Bugfix: the "proxy_protocol" parameter of the "listen" directive did
    not work if not specified in the first "listen" directive for a
    listen socket.
  * Bugfix: nginx might fail to start on some old Linux variants; the bug
    had appeared in 1.7.11.
  * Bugfix: a segmentation fault might occur in a worker process if the
    "try_files" and "alias" directives were used inside a location given
    by a regular expression; the bug had appeared in 1.7.1.
  * Bugfix: the "try_files" directive inside a nested location given by a
    regular expression worked incorrectly if the "alias" directive was
    used in the outer location.
  * Bugfix: "header already sent" alerts might appear in logs when using
    cache; the bug had appeared in 1.7.5.
  * Bugfix: a segmentation fault might occur in a worker process if
    different ssl_session_cache settings were used in different virtual
    servers.
  * Bugfix: the "expires" directive might not work when using variables.
  * Bugfix: if nginx was built with the ngx_http_spdy_module it was
    possible to use the SPDY protocol even if the "spdy" parameter of the
    "listen" directive was not specified.

-------------------------------------------------------------------
Fri Oct 16 15:17:30 UTC 2015 - mrueckert@suse.de

- use libGeoIP-devel everywhere

-------------------------------------------------------------------
Fri Oct 16 15:08:28 UTC 2015 - mrueckert@suse.de

- replace custom "kill -QUIT" with the kill signal setting in
  the service file

-------------------------------------------------------------------
Fri Oct 16 15:01:17 UTC 2015 - mrueckert@suse.de

- clean up conditionals and use bcond_with* everywhere
- drop passenger support for now
  * drop nginx-1.8.0-passenger-4.0.18.patch
  * drop nginx-1.4.2-passenger-4.0.18.patch

-------------------------------------------------------------------
Thu Jun 11 14:55:50 UTC 2015 - i@marguerite.su

- update version 1.8.0 stable
  * refer to http://nginx.org/en/CHANGES-1.8 for 1.7.x changes
- enable thread pools invented in nginx 1.7.11
- refactor nginx-1.4.2-passenger_fix.patch
  * rename to nginx-1.4.2-passenger-4.0.18.patch
  * remove zero_in_uri usage
- add patch: nginx-1.8.0-passenger-4.0.18.patch
  * fix "warning: comparison between pointer and integer"
    and "error: invalid type argument of ‘->’ (have ‘int’)"
- drop nginx-1.4.4-passenger-4.0.33_fix.patch
  * webyast is dead, we only enable passenger on 13.1 and below,
    for compatibility. this patch will never be applied now.
- drop nginx-1.4.4-passenger-3.0.12_fix.patch
  * this patch intended to be applied on < 13.1 machines, but
    13.1 is the oldest one we still have to build against.
- update fancyindex to version 0.3.5

-------------------------------------------------------------------
Sun Apr 12 04:37:00 UTC 2015 - mrueckert@suse.de

- disable libatomic-ops on SLE12 for now. the library seems not
  available there.

-------------------------------------------------------------------
Sun Apr 12 04:22:29 UTC 2015 - mrueckert@suse.de

- enable ngx_http_auth_request_module

-------------------------------------------------------------------
Sun Apr 12 04:06:26 UTC 2015 - mrueckert@suse.de

- update version 1.6.3 stable
  - Feature: now the "tcp_nodelay" directive works with SPDY
    connections.
  - Bugfix: in error handling.  Thanks to Yichun Zhang and Daniil
    Bondarev.
  - Bugfix: alerts "header already sent" appeared in logs if the
    "post_action" directive was used; the bug had appeared in
    1.5.4.
  - Bugfix: alerts "sem_post() failed" might appear in logs.
  - Bugfix: in hash table handling.  Thanks to Chris West.
  - Bugfix: in integer overflow handling.  Thanks to Régis Leroy.
- no longer install the init script when using systemd service file
- create rcnginx for systemd case

-------------------------------------------------------------------
Wed Mar 25 13:09:27 UTC 2015 - vpereirabr@opensuse.org

- On OpenSUSE 13.2, it requires libGeoIP-devel

-------------------------------------------------------------------
Wed Sep 17 06:39:25 UTC 2014 - i@marguerite.su

- update version 1.6.2 stable
  * Security: it was possible to reuse SSL sessions in unrelated
    contexts if a shared SSL session cache or the same TLS session
    ticket key was used for multiple "server" blocks (CVE-2014-3616).
    Thanks to Antoine Delignat-Lavaud.
  * Bugfix: requests might hang if resolver was used and a DNS server
    returned a malformed response; the bug had appeared in 1.5.8.
  * Bugfix: requests might hang if resolver was used and a timeout
    occurred during a DNS request.

-------------------------------------------------------------------
Fri Sep  5 18:43:37 UTC 2014 - i@marguerite.su

- use /run as pid/lock directory on openSUSE Factory (13.2=+)

-------------------------------------------------------------------
Mon Aug 18 15:46:49 UTC 2014 - i@marguerite.su

- disable passenger for 1320 as rubygem-passenger isn't in Factory

-------------------------------------------------------------------
Mon Aug 18 14:48:13 UTC 2014 - i@marguerite.su

- update version 1.6.1 stable
  * Security: pipelined commands were not discarded after STARTTLS
    command in SMTP proxy (CVE-2014-3556)
  * Bugfix: the $uri variable might contain garbage when returning 
    errors with code 400
  * Bugfix: in the "none" parameter in the "smtp_auth" directive
- drop nginx-1.0.4_default_config.patch
- add nginx-1.6.1-default_config.patch

-------------------------------------------------------------------
Mon Aug 18 14:43:55 UTC 2014 - i@marguerite.su

- clean specfile
- fix for x86_64 builds for 11.4-
  * can't build with -fPIE

-------------------------------------------------------------------
Fri Jun  6 13:54:27 UTC 2014 - lars@linux-schulserver.de

- use zip file downloaded from github directly, as requested by 
  Tomáš Chvátal

-------------------------------------------------------------------
Mon May  5 10:24:04 UTC 2014 - lars@linux-schulserver.de

- add and include FancyIndex module (with conditional)
- explicit enable http_ssl_module

-------------------------------------------------------------------
Wed Mar 19 10:04:14 UTC 2014 - aj@ajaissle.de

- Update to nginx 1.4.7
  - Changelog nginx 1.4.7
    *) Security: a heap memory buffer overflow might occur in a worker
       process while handling a specially crafted request by
       ngx_http_spdy_module, potentially resulting in arbitrary code
       execution (CVE-2014-0133).
       Thanks to Lucas Molas, researcher at Programa STIC, Fundación Dr.
       Manuel Sadosky, Buenos Aires, Argentina.
    *) Bugfix: in the "fastcgi_next_upstream" directive.
       Thanks to Lucas Molas.

  - Changelog nginx 1.4.6
    *) Bugfix: the "client_max_body_size" directive might not work when
       reading a request body using chunked transfer encoding; the bug had
       appeared in 1.3.9.
       Thanks to Lucas Molas.
    *) Bugfix: a segmentation fault might occur in a worker process when
       proxying WebSocket connections.

  - Changelog nginx 1.4.5
    *) Bugfix: the $ssl_session_id variable contained full session
       serialized instead of just a session id.
       Thanks to Ivan Ristić.
    *) Bugfix: client connections might be immediately closed if deferred
       accept was used; the bug had appeared in 1.3.15.
    *) Bugfix: alerts "zero size buf in output" might appear in logs while
       proxying; the bug had appeared in 1.3.9.
    *) Bugfix: a segmentation fault might occur in a worker process if the
       ngx_http_spdy_module was used.
    *) Bugfix: proxied WebSocket connections might hang right after
       handshake if the select, poll, or /dev/poll methods were used.
    *) Bugfix: a timeout might occur while reading client request body in an
       SSL connection using chunked transfer encoding.
    *) Bugfix: memory leak in nginx/Windows.

- Updated Url (nginx.org instead of www.nginx.net)
- Added nginx.rpmlintrc as Source100

-------------------------------------------------------------------
Fri Jan 17 11:03:29 UTC 2014 - aj@ajaissle.de

- Rebased passenger_fix.patch
  + nginx-1.4.4-passenger-3.0.12_fix.patch for openSUSE 12.2 and 12.3
  + nginx-1.4.2-passenger_fix.patch for openSUSE 13.1 and Tumbleweed
  + nginx-1.4.4-passenger-4.0.33_fix.patch for openSUSE Factory
- Always rebuild libpassenger_common on openSUSE < 1310 with -fPIC

-------------------------------------------------------------------
Fri Jan  3 10:36:06 UTC 2014 - dmueller@suse.com

- update to 1.4.4:
  *) Security: a character following an unescaped space in a request line
     was handled incorrectly (CVE-2013-4547); the bug had appeared in
     0.8.41.
  *) Bugfix: a segmentation fault might occur in a worker process if the
     ngx_http_spdy_module was used with the "client_body_in_file_only"
     directive.
  *) Bugfix: a segmentation fault might occur on start or during
     reconfiguration if the "try_files" directive was used with an empty
     parameter.
  *) Bugfix: the $request_time variable did not work in nginx/Windows.
  *) Bugfix: in the ngx_http_auth_basic_module when using "$apr1$"
  *) Bugfix: in the ngx_http_autoindex_module.
  *) Bugfix: in the mail proxy server.

-------------------------------------------------------------------
Tue Dec 17 17:45:54 UTC 2013 - alarrosa@suse.com

- Updated passenger patch to apply correctly, also added rubygem-passenger
  as BuildRequires

- modified patches:
  * nginx-1.4.2-passenger_fix.patch
-------------------------------------------------------------------
Mon Oct  7 10:20:49 UTC 2013 - lslezak@suse.cz

- updated passenger patch to apply (Utils/MD5.h patch is not needed
  anymore, fixed upstream)

-------------------------------------------------------------------
Wed Aug 14 08:09:51 UTC 2013 - lslezak@suse.cz

- enable back passenger support (needed by WebYast)

-------------------------------------------------------------------
Mon Jul 22 20:27:56 UTC 2013 - crrodriguez@opensuse.org

- Fix PIE build and linkage, must use --with-ld-opt 

-------------------------------------------------------------------
Mon Jul 22 19:56:44 UTC 2013 - crrodriguez@opensuse.org

- Update to version 1.4.2 stable

* The list of changes is massive and it wont fit here see
  http://nginx.org/en/CHANGES-1.4. packaging changes follow.

- Enable the SPDY module on distributions that ship openssl >= 1.0.1
- Build with full RELRO and PIE.
- systemd unit: 
* remove syslog.target that no longer exists
* set PrivateTmp to true
* Make it a non-forking service.

-------------------------------------------------------------------
Mon Jul  1 13:46:16 UTC 2013 - schwab@suse.de

- nginx-aio.patch: fix AIO support for asm-generic platforms
- Fix quilt setup

-------------------------------------------------------------------
Wed Jun 26 12:37:22 UTC 2013 - coolo@suse.com

- since passenger 4.0 the nginx extensions does not build, so disable 
  it

-------------------------------------------------------------------
Fri May 24 12:24:35 UTC 2013 - suse@ammler.ch

- update to 1.2.9
  *) Security: contents of worker process memory might be sent to a client
     if HTTP backend returned specially crafted response (CVE-2013-2070);
     the bug had appeared in 1.1.4. (bnc#821184)

-------------------------------------------------------------------
Tue Apr 16 12:04:35 UTC 2013 - suse@ammler.ch

- update to 1.2.8
  *) Bugfix: new sessions were not always stored if the "ssl_session_cache
     shared" directive was used and there was no free space in shared
     memory.
  *) Bugfix: responses might hang if subrequests were used and a DNS error
     happened during subrequest processing.
  *) Bugfix: in the ngx_http_mp4_module.
  *) Bugfix: in backend usage accounting.

-------------------------------------------------------------------
Tue Apr  9 08:45:55 UTC 2013 - coolo@suse.com

- remove workaround breaking things

-------------------------------------------------------------------
Thu Mar 21 06:50:21 UTC 2013 - e.istomin@edss.ee

- updated to 1.2.7
  *) Bugfix: a segmentation fault might occur in a worker process if the
       "if" directive was used.
       Thanks to Piotr Sikora.
  *) Bugfix: a "100 Continue" response was issued with "413 Request Entity
  Too Large" responses.
  *) Bugfix: the "[crit] SSL_write() failed (SSL:)" error.
  
- added mp4 module (--with-http_mp4_module)

-------------------------------------------------------------------
Mon Jan  7 20:24:52 UTC 2013 - jengelh@inai.de

- Parallel building with %_smp_mflags; remove redundant %clean section

-------------------------------------------------------------------
Mon Dec 17 10:32:12 UTC 2012 - suse@ammler.ch

- update to 1.2.6
  *) Feature: the $request_time and $msec variables can now be used not
     only in the "log_format" directive.
  *) Bugfix: cache manager and cache loader processes might not be able to
     start if more than 512 listen sockets were used.
  *) Bugfix: in the ngx_http_dav_module. 

-------------------------------------------------------------------
Wed Dec  5 12:09:58 UTC 2012 - opensuse@dschung.de

- add Provides: httpd and http_daemon, so a "Requires: httpd" 
  or "Suggests: httpd" doesn't only resolve to apache2 

-------------------------------------------------------------------
Wed Nov 21 18:07:33 UTC 2012 - suse@ammler.ch

- revert permission for /var/log/nginx so reopen is possible (bnc#790726)
  
-------------------------------------------------------------------
Wed Nov 14 14:47:52 UTC 2012 - suse@ammler.ch

- update to 1.2.5
  *) Feature: the "optional_no_ca" parameter of the "ssl_verify_client"
     directive.
  *) Feature: the $bytes_sent, $connection, and $connection_requests
     variables can now be used not only in the "log_format" directive.
  *) Feature: resolver now randomly rotates addresses returned from cache.
  *) Feature: the "auto" parameter of the "worker_processes" directive.
  *) Bugfix: "cache file ... has md5 collision" alert.
  *) Bugfix: OpenSSL 0.9.7 compatibility.  

-------------------------------------------------------------------
Wed Oct 24 08:14:06 UTC 2012 - suse@ammler.ch

- reenable passenger (required by webyast, was silently disabled)
- /var/log/nginx/ should belong to root (rpmlint issue)
- Recommends: logrotate (rpmlint issue)
- no need to keep default configs
- change FSF from postal to url address (rpmlint issue)

-------------------------------------------------------------------
Thu Oct 11 14:53:37 UTC 2012 - suse@ammler.ch

- remove version from package name
- update to 1.2.4
    *) Bugfix: in the "limit_req" directive; the bug had appeared in 1.1.14.
       Thanks to Charles Chen.

    *) Bugfix: nginx could not be built by gcc 4.7 with -O2 optimization if
       the --with-ipv6 option was used.

    *) Bugfix: a segmentation fault might occur in a worker process if the
       "map" directive was used with variables as values.

    *) Bugfix: a segmentation fault might occur in a worker process if the
       "geo" directive was used with the "ranges" parameter but without the
       "default" parameter; the bug had appeared in 0.8.43.
       Thanks to Zhen Chen and Weibin Yao.

    *) Bugfix: in the -p command-line parameter handling.

    *) Bugfix: in the mail proxy server.

    *) Bugfix: of minor potential bugs.
       Thanks to Coverity.

   - Changes with nginx 1.2.3                                     

    *) Feature: the Clang compiler support.

    *) Bugfix: extra listening sockets might be created.
       Thanks to Roman Odaisky.

    *) Bugfix: the "proxy_pass_header", "fastcgi_pass_header",
       "scgi_pass_header", "uwsgi_pass_header", "proxy_hide_header",
       "fastcgi_hide_header", "scgi_hide_header", and "uwsgi_hide_header"
       directives might be inherited incorrectly.

    *) Bugfix: trailing dot in a source value was not ignored if the "map"
       directive was used with the "hostnames" parameter.

    *) Bugfix: incorrect location might be used to process a request if a
       URI was changed via a "rewrite" directive before an internal redirect
       to a named location.
- update patch perl_vendor_install

-------------------------------------------------------------------
Sat Jul 21 02:41:34 UTC 2012 - crrodriguez@opensuse.org

- Update to version 1,2,2 
- Enable only the epoll event model.

-------------------------------------------------------------------
Fri Jun  8 17:57:35 UTC 2012 - crrodriguez@opensuse.org

- Update to version 1.2.1; list too long to mention here
  see http://nginx.org/en/CHANGES-1.2.
- Add systemd support.

-------------------------------------------------------------------
Tue Jun  5 07:33:42 UTC 2012 - lslezak@suse.cz

- added "BuildRequires: ruby" (needed for %rb_ver macro expansion),
  fixes build at Factory

-------------------------------------------------------------------
Mon Apr 16 08:42:51 UTC 2012 - schubi@suse.com

- Update to version 1.0.15
  Changes with nginx 1.0.15                                        12 Apr 2012

    *) Security: specially crafted mp4 file might allow to overwrite memory
       locations in a worker process if the ngx_http_mp4_module was used,
       potentially resulting in arbitrary code execution (CVE-2012-2089).
       Thanks to Matthew Daley.

    *) Bugfix: in the ngx_http_mp4_module. 

-------------------------------------------------------------------
Fri Mar 16 14:16:44 UTC 2012 - schubi@suse.com

- Update to Version 1.0.14

  Changes with nginx 1.0.14                                        15 Mar 2012

    *) Security: content of previously freed memory might be sent to a
       client if backend returned specially crafted response.
       Thanks to Matthew Daley.

-------------------------------------------------------------------
Tue Mar 13 09:49:05 UTC 2012 - schubi@suse.com

- Update to Version 1.0.13

  Changes with nginx 1.0.13                                        05 Mar 2012

    *) Feature: the "return" and "error_page" directives can now be used to
       return 307 redirections.

    *) Bugfix: a segmentation fault might occur in a worker process if the
       "resolver" directive was used and there was no "error_log" directive
       specified at global level.
       Thanks to Roman Arutyunyan.

    *) Bugfix: memory leaks.
       Thanks to Lanshun Zhou.

    *) Bugfix: nginx might log incorrect error "upstream prematurely closed
       connection" instead of correct "upstream sent too big header" one.
       Thanks to Feibo Li.

    *) Bugfix: on ZFS filesystem disk cache size might be calculated
       incorrectly; the bug had appeared in 1.0.1.

    *) Bugfix: the number of internal redirects to named locations was not
       limited.

    *) Bugfix: temporary files might be not removed if the "proxy_store"
       directive was used with SSI includes.

    *) Bugfix: in some cases non-cacheable variables (such as the $args
       variable) returned old empty cached value.

    *) Bugfix: the "proxy_redirect" directives might be inherited
       incorrectly.

    *) Bugfix: nginx could not be built with the ngx_http_perl_module if the
       --with-openssl option was used.

    *) Bugfix: nginx could not be built by the icc 12.1 compiler.


  Changes with nginx 1.0.12                                        06 Feb 2012

    *) Feature: the "TLSv1.1" and "TLSv1.2" parameters of the
       "ssl_protocols" directive.

    *) Feature: the "if" SSI command supports captures in regular
       expressions.

    *) Bugfix: the "if" SSI command did not work inside the "block" command.

    *) Bugfix: in AIO error handling on FreeBSD.

    *) Bugfix: in the OpenSSL library initialization.

    *) Bugfix: the "worker_cpu_affinity" directive might not work.

    *) Bugfix: the "limit_conn_log_level" and "limit_req_log_level"
       directives might not work.

    *) Bugfix: the "read_ahead" directive might not work combined with
       "try_files" and "open_file_cache".

    *) Bugfix: the "proxy_cache_use_stale" directive with "error" parameter
       did not return answer from cache if there were no live upstreams.

    *) Bugfix: a segmentation fault might occur in a worker process if small
       time was used in the "inactive" parameter of the "proxy_cache_path"
       directive.

    *) Bugfix: responses from cache might hang.

    *) Bugfix: in error handling while connecting to a backend.
       Thanks to Piotr Sikora.

    *) Bugfix: in the "epoll" event method.
       Thanks to Yichun Zhang.

    *) Bugfix: the $sent_http_cache_control variable might contain a wrong
       value if the "expires" directive was used.
       Thanks to Yichun Zhang.

    *) Bugfix: the "limit_rate" directive did not allow to use full
       throughput, even if limit value was very high.

    *) Bugfix: the "sendfile_max_chunk" directive did not work, if the
       "limit_rate" directive was used.

    *) Bugfix: nginx could not be built on Solaris; the bug had appeared in
       1.0.11.

    *) Bugfix: in the ngx_http_scgi_module.

    *) Bugfix: in the ngx_http_mp4_module.


  Changes with nginx 1.0.11                                        15 Dec 2011

    *) Change: now double quotes are encoded in an "echo" SSI-command
       output.
       Thanks to Zaur Abasmirzoev.

    *) Feature: the "image_filter_sharpen" directive.

    *) Bugfix: a segmentation fault might occur in a worker process if SNI
       was used; the bug had appeared in 1.0.9.

    *) Bugfix: SIGWINCH signal did not work after first binary upgrade; the
       bug had appeared in 1.0.9.

    *) Bugfix: the "If-Modified-Since", "If-Range", etc. client request
       header lines might be passed to backend while caching; or not passed
       without caching if caching was enabled in another part of the
       configuration.

    *) Bugfix: in the "scgi_param" directive, if complex parameters were
       used.

    *) Bugfix: "add_header" and "expires" directives did not work if a
       request was proxied and response status code was 206.

    *) Bugfix: in the "expires @time" directive.

    *) Bugfix: in the ngx_http_flv_module.
       Thanks to Piotr Sikora.

    *) Bugfix: in the ngx_http_mp4_module.

    *) Bugfix: nginx could not be built on FreeBSD 10.

    *) Bugfix: nginx could not be built on AIX.

 
-------------------------------------------------------------------
Fri Dec  2 14:48:35 UTC 2011 - schubi@suse.com

- 1.0.10 includes a fix for:
  Fixed VUL-0: CVE-2011-4315: nginx: heap overflow (bnc #731084) 

-------------------------------------------------------------------
Fri Nov 18 12:56:55 UTC 2011 - schubi@suse.com

- Uppstream update to 1.0.10 
    Changes with nginx 1.0.10

    *) Bugfix: a segmentation fault might occur in a worker process if
       resolver got a big DNS response.
       Thanks to Ben Hawkes.

    *) Bugfix: in cache key calculation if internal MD5 implementation was
       used; the bug had appeared in 1.0.4.

    *) Bugfix: the module ngx_http_mp4_module sent incorrect
       "Content-Length" response header line if the "start" argument was
       used.
       Thanks to Piotr Sikora.


    Changes with nginx 1.0.9

    *) Change: now the 0x7F-0x1F characters are escaped as \xXX in an
       access_log.

    *) Change: now SIGWINCH signal works only in daemon mode.

    *) Feature: "proxy/fastcgi/scgi/uwsgi_ignore_headers" directives support
       the following additional values: X-Accel-Limit-Rate,
       X-Accel-Buffering, X-Accel-Charset.

    *) Feature: decrease of memory consumption if SSL is used.

    *) Feature: accept filters are now supported on NetBSD.

    *) Feature: the "uwsgi_buffering" and "scgi_buffering" directives.
       Thanks to Peter Smit.

    *) Bugfix: a segmentation fault occurred on start or while
       reconfiguration if the "ssl" directive was used at http level and
       there was no "ssl_certificate" defined.

    *) Bugfix: some UTF-8 characters were processed incorrectly.
       Thanks to Alexey Kuts.

    *) Bugfix: the ngx_http_rewrite_module directives specified at "server"
       level were executed twice if no matching locations were defined.

    *) Bugfix: a socket leak might occurred if "aio sendfile" was used.

    *) Bugfix: connections with fast clients might be closed after
       send_timeout if file AIO was used.

    *) Bugfix: in the ngx_http_autoindex_module.

    *) Bugfix: the module ngx_http_mp4_module did not support seeking on
       32-bit platforms.

    *) Bugfix: non-cacheable responses might be cached if
       "proxy_cache_bypass" directive was used.
       Thanks to John Ferlito.

    *) Bugfix: cached responses with an empty body were returned
       incorrectly; the bug had appeared in 0.8.31.

    *) Bugfix: 201 responses of the ngx_http_dav_module were incorrect; the
       bug had appeared in 0.8.32.

    *) Bugfix: in the "return" directive.

    *) Bugfix: the "ssl_verify_client", "ssl_verify_depth", and
       "ssl_prefer_server_ciphers" directives might work incorrectly if SNI
       was used.


    Changes with nginx 1.0.8

    *) Bugfix: nginx could not be built --with-http_mp4_module and without
       --with-debug option.


    Changes with nginx 1.0.7 

    *) Change: now if total size of all ranges is greater than source
       response size, then nginx disables ranges and returns just the source
       response.

    *) Feature: the "max_ranges" directive.

    *) Feature: the module ngx_http_mp4_module.

    *) Feature: the "worker_aio_requests" directive.

    *) Bugfix: if nginx was built --with-file-aio it could not be run on
       Linux kernel which did not support AIO.

    *) Bugfix: in Linux AIO error processing.
       Thanks to Hagai Avrahami.

    *) Bugfix: in Linux AIO combined with open_file_cache.

    *) Bugfix: open_file_cache did not update file info on retest if file
       was not atomically changed.

    *) Bugfix: reduced memory consumption for long-lived requests.

    *) Bugfix: in the "proxy/fastcgi/scgi/uwsgi_ignore_client_abort"
       directives.

    *) Bugfix: nginx could not be built on MacOSX 10.7.

    *) Bugfix: request body might be processed incorrectly if client used
       pipelining.

    *) Bugfix: in the "request_body_in_single_buf" directive.

    *) Bugfix: in "proxy_set_body" and "proxy_pass_request_body" directives
       if SSL connection to backend was used.

    *) Bugfix: nginx hogged CPU if all servers in an upstream were marked as
       "down".

    *) Bugfix: a segmentation fault might occur during reconfiguration if
       ssl_session_cache was defined but not used in previous configuration.

    *) Bugfix: a segmentation fault might occur in a worker process if many
       backup servers were used in an upstream.


    Changes with nginx 1.0.6              

    *) Feature: cache loader run time decrease.

    *) Feature: loading time decrease of configuration with large number of
       HTTPS sites.

    *) Feature: now nginx supports ECDHE key exchange ciphers.
       Thanks to Adrian Kotelba.

    *) Feature: the "lingering_close" directive.

    *) Feature: now shared zones and caches use POSIX semaphores on Solaris.
       Thanks to Den Ivanov.

    *) Bugfix: nginx could not be built on Linux 3.0.

    *) Bugfix: a segmentation fault might occur in a worker process if
       "fastcgi/scgi/uwsgi_param" directives were used with values starting
       with "HTTP_"; the bug had appeared in 0.8.40.

    *) Bugfix: in closing connection for pipelined requests.

    *) Bugfix: nginx did not disable gzipping if client sent "gzip;q=0" in
       "Accept-Encoding" request header line.

    *) Bugfix: in timeout in unbuffered proxied mode.

    *) Bugfix: memory leaks when a "proxy_pass" directive contains variables
       and proxies to an HTTPS backend.

    *) Bugfix: in parameter validaiton of a "proxy_pass" directive with
       variables.
       Thanks to Lanshun Zhou.

    *) Bugfix: SSL did not work on QNX.

    *) Bugfix: SSL modules could not be built by gcc 4.6 without
       --with-debug option. 

-------------------------------------------------------------------
Mon Oct 24 11:59:37 UTC 2011 - schubi@suse.com

- Reduce requirement of rubygem-rack to 1_1 cause 1_3 produces
  errors. 

-------------------------------------------------------------------
Tue Aug 16 15:23:23 UTC 2011 - ammler@openttdcoop.org

- upstream update 1.0.5
  * Change: now default SSL ciphers are "HIGH:!aNULL:!MD5".
  * Feature: the "referer_hash_max_size" and "referer_hash_bucket_size" 
    directives.
  * Feature: $uid_reset variable.
  * Bugfix: a segmentation fault might occur in a worker process, if a 
    caching was used.
  * Bugfix: worker processes may got caught in an endless loop during 
    reconfiguration, if a caching was used; the bug had appeared in 
    0.8.48.
  * Bugfix: "stalled cache updating" alert.
- add logrotate
  * add reopen killsiganl -USR1 to init script
  * logrotate conf
- Backport r4003: Configure: catch up with new Linux version numbering 

-------------------------------------------------------------------
Fri Jun 24 10:40:30 UTC 2011 - jreidinger@novell.com

- fix init script to write use its pid file to allow separate nginx
  server run independent (bnc#702005)

-------------------------------------------------------------------
Thu Jun  9 12:02:59 UTC 2011 - ammler@openttdcoop.org

- upstream update 1.0.4
  * Change: now regular expressions case sensitivity in the "map"
    directive is given by prefixes "~" or "~*".
  * Feature: now shared zones and caches use POSIX semaphores on
    Linux.  Thanks to Denis F. Latypoff.
  * Bugfix: "stalled" cache updating" alert.
  * Bugfix: nginx could not be built
    --without-http_auth_basic_module; the bug had appeared in
    1.0.3.
- additional changes from 1.0.3
  - Feature: the "auth_basic_user_file" directive supports "$apr1",
    "{PLAIN}", and "{SSHA}" password encryption methods.  Thanks to
    Maxim Dounin.
  - Feature: the "geoip_org" directive and $geoip_org variable.
    Thanks to Alexander Uskov, Arnaud Granal, and Denis F.
    Latypoff.
  - Feature: ngx_http_geo_module and ngx_http_geoip_module support
    IPv4 addresses mapped to IPv6 addresses.
  - Bugfix: a segmentation fault occurred in a worker process
    during testing IPv4 address mapped to IPv6 address, if access
    or deny rules were defined only for IPv6; the bug had appeared
    in 0.8.22.
  - Bugfix: a cached response may be broken if proxy/fastcgi/scgi/
    uwsgi_cache_bypass and proxy/fastcgi/scgi/uwsgi_no_cache
    directive values were different; the bug had appeared in
    0.8.46.
- additional changes from 1.0.2
  - Feature: now shared zones and caches use POSIX semaphores.
  - Bugfix: in the "rotate" parameter of the "image_filter"
    directive.  Thanks to Adam Bocim.
  - Bugfix: nginx could not be built on Solaris; the bug had
    appeared in 1.0.1.
- additional changes from 1.0.1
  - Change: now the "split_clients" directive uses MurmurHash2
    algorithm because of better distribution.  Thanks to Oleg
    Mamontov.
  - Change: now long strings starting with zero are not considered
    as false values.  Thanks to Maxim Dounin.
  - Change: now nginx uses a default listen backlog value 511 on
    Linux.
  - Feature: the $upstream_... variables may be used in the SSI and
    perl modules.
  - Bugfix: now nginx limits better disk cache size.  Thanks to
    Oleg Mamontov.
  - Bugfix: a segmentation fault might occur while parsing
    incorrect IPv4 address; the bug had appeared in 0.9.3.  Thanks
    to Maxim Dounin.
  - Bugfix: nginx could not be built by gcc 4.6 without
    --with-debug option.
  - Bugfix: nginx could not be built on Solaris 9 and earlier; the
    bug had appeared in 0.9.3.  Thanks to Dagobert Michelsen.
  - Bugfix: $request_time variable had invalid values if
    subrequests were used; the bug had appeared in 0.8.47.  Thanks
    to Igor A. Valcov.
- new config directories included in context http:
  conf.d/*.conf on top before first server
  vhosts.d/*.conf on bottom (for servers)

-------------------------------------------------------------------
Thu May 26 10:20:30 UTC 2011 - mrueckert@suse.de

- more accurate license header: BSD-2-Clause

-------------------------------------------------------------------
Thu Apr 14 12:17:01 UTC 2011 - mrueckert@suse.de

- move the libatomic usage to sle11/11.1 or newer

-------------------------------------------------------------------
Thu Apr 14 10:59:36 UTC 2011 - mrueckert@suse.de

- remove /srv/www/htdocs/index.html (bnc#670031).     

-------------------------------------------------------------------
Thu Apr 14 10:34:52 UTC 2011 - mrueckert@suse.de

- build with libatomic_ops

-------------------------------------------------------------------
Thu Apr 14 10:28:37 UTC 2011 - mrueckert@suse.de

- minor spec file cleanup
  - use perl instead of dos2unix
  - remove commented out patches from the preamble
  - fix ordering in preamble

-------------------------------------------------------------------
Wed Apr 13 23:50:04 UTC 2011 - alexandre@exatati.com.br

- Add epoll in default events config as recommended in
  http://www.kegel.com/c10k.html#nb.epoll.

-------------------------------------------------------------------
Tue Apr 12 18:42:32 UTC 2011 - mrueckert@suse.de

- enable building of the passenger extension

-------------------------------------------------------------------
Tue Apr 12 16:10:00 UTC 2011 - mrueckert@suse.de

- added more directives to the configure line
  - specify tmp path for scgi/uwsgi
  - enabled more modules
    - geoip lookup
    - http_degradation
    - mail ssl support
  - added build time options to build the profiling/testing stuff
    - see with_google_perftools and with_cpp_test

-------------------------------------------------------------------
Tue Apr 12 15:16:54 UTC 2011 - mrueckert@suse.de

- start 1.0 branch package