diff --git a/check_1.9.2+.patch b/check_1.9.2+.patch index 0fe9125..5fe4e75 100644 --- a/check_1.9.2+.patch +++ b/check_1.9.2+.patch @@ -28,7 +28,7 @@ Index: src/http/modules/ngx_http_upstream_hash_module.c if (peer->max_fails && peer->fails >= peer->max_fails && now - peer->checked <= peer->fail_timeout) -@@ -535,6 +547,15 @@ ngx_http_upstream_get_chash_peer(ngx_pee +@@ -538,6 +550,15 @@ ngx_http_upstream_get_chash_peer(ngx_pee continue; } @@ -88,7 +88,7 @@ Index: src/http/modules/ngx_http_upstream_least_conn_module.c static ngx_int_t ngx_http_upstream_init_least_conn_peer(ngx_http_request_t *r, ngx_http_upstream_srv_conf_t *us); -@@ -148,6 +151,16 @@ ngx_http_upstream_get_least_conn_peer(ng +@@ -147,6 +150,16 @@ ngx_http_upstream_get_least_conn_peer(ng continue; } @@ -105,7 +105,7 @@ Index: src/http/modules/ngx_http_upstream_least_conn_module.c if (peer->max_fails && peer->fails >= peer->max_fails && now - peer->checked <= peer->fail_timeout) -@@ -199,6 +212,16 @@ ngx_http_upstream_get_least_conn_peer(ng +@@ -202,6 +215,16 @@ ngx_http_upstream_get_least_conn_peer(ng continue; } @@ -136,7 +136,7 @@ Index: src/http/ngx_http_upstream_round_robin.c #define ngx_http_upstream_tries(p) ((p)->number \ + ((p)->next ? (p)->next->number : 0)) -@@ -96,7 +99,14 @@ ngx_http_upstream_init_round_robin(ngx_c +@@ -97,7 +100,14 @@ ngx_http_upstream_init_round_robin(ngx_c peer[n].fail_timeout = server[i].fail_timeout; peer[n].down = server[i].down; peer[n].server = server[i].name; @@ -152,7 +152,7 @@ Index: src/http/ngx_http_upstream_round_robin.c *peerp = &peer[n]; peerp = &peer[n].next; n++; -@@ -159,7 +169,15 @@ ngx_http_upstream_init_round_robin(ngx_c +@@ -161,7 +171,15 @@ ngx_http_upstream_init_round_robin(ngx_c peer[n].fail_timeout = server[i].fail_timeout; peer[n].down = server[i].down; peer[n].server = server[i].name; @@ -169,8 +169,8 @@ Index: src/http/ngx_http_upstream_round_robin.c *peerp = &peer[n]; peerp = &peer[n].next; n++; -@@ -225,6 +243,9 @@ ngx_http_upstream_init_round_robin(ngx_c - peer[i].current_weight = 0; +@@ -228,6 +246,9 @@ ngx_http_upstream_init_round_robin(ngx_c + peer[i].max_conns = 0; peer[i].max_fails = 1; peer[i].fail_timeout = 10; +#if (NGX_HTTP_UPSTREAM_CHECK) @@ -179,8 +179,8 @@ Index: src/http/ngx_http_upstream_round_robin.c *peerp = &peer[i]; peerp = &peer[i].next; } -@@ -339,6 +360,9 @@ ngx_http_upstream_create_round_robin_pee - peer[0].current_weight = 0; +@@ -344,6 +365,9 @@ ngx_http_upstream_create_round_robin_pee + peer[0].max_conns = 0; peer[0].max_fails = 1; peer[0].fail_timeout = 10; +#if (NGX_HTTP_UPSTREAM_CHECK) @@ -189,8 +189,8 @@ Index: src/http/ngx_http_upstream_round_robin.c peers->peer = peer; } else { -@@ -372,6 +396,9 @@ ngx_http_upstream_create_round_robin_pee - peer[i].current_weight = 0; +@@ -378,6 +402,9 @@ ngx_http_upstream_create_round_robin_pee + peer[i].max_conns = 0; peer[i].max_fails = 1; peer[i].fail_timeout = 10; +#if (NGX_HTTP_UPSTREAM_CHECK) @@ -199,7 +199,7 @@ Index: src/http/ngx_http_upstream_round_robin.c *peerp = &peer[i]; peerp = &peer[i].next; } -@@ -432,6 +459,12 @@ ngx_http_upstream_get_round_robin_peer(n +@@ -443,6 +470,12 @@ ngx_http_upstream_get_round_robin_peer(n goto failed; } @@ -212,7 +212,7 @@ Index: src/http/ngx_http_upstream_round_robin.c rrp->current = peer; } else { -@@ -533,6 +566,12 @@ ngx_http_upstream_get_peer(ngx_http_upst +@@ -537,6 +570,12 @@ ngx_http_upstream_get_peer(ngx_http_upst continue; } @@ -229,14 +229,14 @@ Index: src/http/ngx_http_upstream_round_robin.h =================================================================== --- src/http/ngx_http_upstream_round_robin.h.orig +++ src/http/ngx_http_upstream_round_robin.h -@@ -35,6 +35,10 @@ struct ngx_http_upstream_rr_peer_s { - ngx_uint_t max_fails; - time_t fail_timeout; +@@ -38,6 +38,10 @@ struct ngx_http_upstream_rr_peer_s { + ngx_msec_t slow_start; + ngx_msec_t start_time; +#if (NGX_HTTP_UPSTREAM_CHECK) + ngx_uint_t check_index; +#endif + - ngx_uint_t down; /* unsigned down:1; */ + ngx_uint_t down; - #if (NGX_HTTP_SSL) + #if (NGX_HTTP_SSL || NGX_COMPAT) diff --git a/headers-more-nginx-module-0.30.tar.gz b/headers-more-nginx-module-0.30.tar.gz deleted file mode 100644 index 8fd1e16..0000000 --- a/headers-more-nginx-module-0.30.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:2aad309a9313c21c7c06ee4e71a39c99d4d829e31c8b3e7d76f8c964ea8047f5 -size 27793 diff --git a/headers-more-nginx-module-0.32.tar.gz b/headers-more-nginx-module-0.32.tar.gz new file mode 100644 index 0000000..93746c2 --- /dev/null +++ b/headers-more-nginx-module-0.32.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c6d9dab8ea1fc997031007e2e8f47cced01417e203cd88d53a9fe9f6ae138720 +size 28033 diff --git a/nginx-1.11.4.tar.gz b/nginx-1.11.4.tar.gz deleted file mode 100644 index 46cd498..0000000 --- a/nginx-1.11.4.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:06221c1f43f643bc6bfe5b2c26d19e09f2588d5cde6c65bdb77dfcce7c026b3b -size 949793 diff --git a/nginx-1.11.8.tar.gz b/nginx-1.11.8.tar.gz new file mode 100644 index 0000000..e86eca5 --- /dev/null +++ b/nginx-1.11.8.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:53aef3715d79015314c2dcb18f2b185a0c64368cc01b30bdf0737a215f666b34 +size 964918 diff --git a/nginx-1.6.1-default_config.patch b/nginx-1.6.1-default_config.patch index 3ce6586..4885b17 100644 --- a/nginx-1.6.1-default_config.patch +++ b/nginx-1.6.1-default_config.patch @@ -2,7 +2,7 @@ Index: conf/nginx.conf =================================================================== --- conf/nginx.conf.orig +++ conf/nginx.conf -@@ -1,16 +1,24 @@ +@@ -1,16 +1,28 @@ -#user nobody; +#user nginx; @@ -11,11 +11,15 @@ Index: conf/nginx.conf -#error_log logs/error.log; -#error_log logs/error.log notice; -#error_log logs/error.log info; ++# load_module #LIBDIR#/nginx/modules/ngx_http_fancyindex_module.so; +# load_module #LIBDIR#/nginx/modules/ngx_http_geoip_module.so; ++# load_module #LIBDIR#/nginx/modules/ngx_http_headers_more_filter_module.so; +# load_module #LIBDIR#/nginx/modules/ngx_http_image_filter_module.so; +# load_module #LIBDIR#/nginx/modules/ngx_http_perl_module.so; +# load_module #LIBDIR#/nginx/modules/ngx_http_xslt_filter_module.so; +# load_module #LIBDIR#/nginx/modules/ngx_mail_module.so; ++# load_module #LIBDIR#/nginx/modules/ngx_rtmp_module.so; ++# load_module #LIBDIR#/nginx/modules/ngx_stream_geoip_module.so; +# load_module #LIBDIR#/nginx/modules/ngx_stream_module.so; + +#error_log /var/log/nginx/error.log; @@ -32,7 +36,7 @@ Index: conf/nginx.conf } -@@ -22,7 +30,7 @@ http { +@@ -22,7 +34,7 @@ http { # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; @@ -41,7 +45,7 @@ Index: conf/nginx.conf sendfile on; #tcp_nopush on; -@@ -32,16 +40,18 @@ http { +@@ -32,16 +44,18 @@ http { #gzip on; @@ -62,7 +66,7 @@ Index: conf/nginx.conf index index.html index.htm; } -@@ -51,7 +61,7 @@ http { +@@ -51,7 +65,7 @@ http { # error_page 500 502 503 504 /50x.html; location = /50x.html { @@ -71,7 +75,7 @@ Index: conf/nginx.conf } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 -@@ -63,7 +73,7 @@ http { +@@ -63,7 +77,7 @@ http { # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { @@ -80,7 +84,7 @@ Index: conf/nginx.conf # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; -@@ -87,7 +97,7 @@ http { +@@ -87,7 +101,7 @@ http { # server_name somename alias another.alias; # location / { @@ -89,7 +93,7 @@ Index: conf/nginx.conf # index index.html index.htm; # } #} -@@ -109,9 +119,11 @@ http { +@@ -109,9 +123,11 @@ http { # ssl_prefer_server_ciphers on; # location / { diff --git a/nginx-rtmp-module-1.1.10.tar.gz b/nginx-rtmp-module-1.1.10.tar.gz new file mode 100644 index 0000000..34f3bbf --- /dev/null +++ b/nginx-rtmp-module-1.1.10.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f9491dd24390b0d5d70dfe3553edf3d14efeb7c7a81b4d4a20c5cfeaefc1141c +size 519877 diff --git a/nginx-rtmp-module-1.1.9.tar.gz b/nginx-rtmp-module-1.1.9.tar.gz deleted file mode 100644 index a492436..0000000 --- a/nginx-rtmp-module-1.1.9.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:46d914e3ba1f4c2353c1ef01a7423305255cb78226c84fac419586f849b7ea55 -size 519807 diff --git a/nginx.changes b/nginx.changes index 02183eb..cd5d378 100644 --- a/nginx.changes +++ b/nginx.changes @@ -1,3 +1,116 @@ +------------------------------------------------------------------- +Sat Jan 7 00:28:48 UTC 2017 - mrueckert@suse.de + +- update to 1.11.8 + - Feature: the "absolute_redirect" directive. + - Feature: the "escape" parameter of the "log_format" directive. + - Feature: client SSL certificates verification in the stream + module. + - Feature: the "ssl_session_ticket_key" directive supports AES256 + encryption of TLS session tickets when used with 80-byte keys. + - Feature: vim-commentary support in vim scripts. Thanks to + Armin Grodon. + - Bugfix: recursion when evaluating variables was not limited. + - Bugfix: in the ngx_stream_ssl_preread_module. + - Bugfix: if a server in an upstream in the stream module failed, + it was considered alive only when a test connection sent to it + after fail_timeout was closed; now a successfully established + connection is enough. + - Bugfix: nginx/Windows could not be built with 64-bit Visual + Studio. + - Bugfix: nginx/Windows could not be built with OpenSSL 1.1.0. +- changes in 1.11.7 + - Change: now in case of a client certificate verification error + the $ssl_client_verify variable contains a string with the + failure reason, for example, "FAILED:certificate has expired". + - Feature: the $ssl_ciphers, $ssl_curves, $ssl_client_v_start, + $ssl_client_v_end, and $ssl_client_v_remain variables. + - Feature: the "volatile" parameter of the "map" directive. + - Bugfix: dependencies specified for a module were ignored while + building dynamic modules. + - Bugfix: when using HTTP/2 and the "limit_req" or "auth_request" + directives client request body might be corrupted; the bug had + appeared in 1.11.0. + - Bugfix: a segmentation fault might occur in a worker process + when using HTTP/2; the bug had appeared in 1.11.3. + - Bugfix: in the ngx_http_mp4_module. Thanks to Congcong Hu. + - Bugfix: in the ngx_http_perl_module. +- changes in 1.11.6 + - Change: format of the $ssl_client_s_dn and $ssl_client_i_dn + variables has been changed to follow RFC 2253 (RFC 4514); + values in the old format are available in the + $ssl_client_s_dn_legacy and $ssl_client_i_dn_legacy variables. + - Change: when storing temporary files in a cache directory they + will be stored in the same subdirectories as corresponding + cache files instead of a separate subdirectory for temporary + files. + - Feature: EXTERNAL authentication mechanism support in mail + proxy. Thanks to Robert Norris. + - Feature: WebP support in the ngx_http_image_filter_module. + - Feature: variables support in the "proxy_method" directive. + Thanks to Dmitry Lazurkin. + - Feature: the "http2_max_requests" directive in the + ngx_http_v2_module. + - Feature: the "proxy_cache_max_range_offset", + "fastcgi_cache_max_range_offset", + "scgi_cache_max_range_offset", and + "uwsgi_cache_max_range_offset" directives. + - Bugfix: graceful shutdown of old worker processes might require + infinite time when using HTTP/2. + - Bugfix: in the ngx_http_mp4_module. + - Bugfix: "ignore long locked inactive cache entry" alerts might + appear in logs when proxying WebSocket connections with caching + enabled. + - Bugfix: nginx did not write anything to log and returned a + response with code 502 instead of 504 when a timeout occurred + during an SSL handshake to a backend. +- changes in 1.11.5 + - Change: the --with-ipv6 configure option was removed, now IPv6 + support is configured automatically. + - Change: now if there are no available servers in an upstream, + nginx will not reset number of failures of all servers as it + previously did, but will wait for fail_timeout to expire. + - Feature: the ngx_stream_ssl_preread_module. + - Feature: the "server" directive in the "upstream" context + supports the "max_conns" parameter. + - Feature: the --with-compat configure option. + - Feature: "manager_files", "manager_threshold", and + "manager_sleep" parameters of the "proxy_cache_path", + "fastcgi_cache_path", "scgi_cache_path", and "uwsgi_cache_path" + directives. + - Bugfix: flags passed by the --with-ld-opt configure option were + not used while building perl module. + - Bugfix: in the "add_after_body" directive when used with the + "sub_filter" directive. + - Bugfix: in the $realip_remote_addr variable. + - Bugfix: the "dav_access", "proxy_store_access", + "fastcgi_store_access", "scgi_store_access", and + "uwsgi_store_access" directives ignored permissions specified + for user. + - Bugfix: unix domain listen sockets might not be inherited + during binary upgrade on Linux. + - Bugfix: nginx returned the 400 response on requests with the + "-" character in the HTTP method. +- update headers-more-nginx-module 0.32 + - tests: skipped the newly added test case that cannot run in + check leak test mode. + - bugfix: more_set_input_headers: skips setting multi-value + headers for bad requests to avoid segfaults. + - skipped check leak mode for two test cases using malformed + requests. + - doc: claims that we work with 1.10.x since it is essentially + the same as 1.9.x. + - bugfix: fixed a typo in an error message. + - bugfix: when the nginx core does not properly initialize + r->headers_in.headers (due to 400 bad requests and etc), + more_set_input_headers might lead to crashes. thanks Marcin + Teodorczyk for the report. +- update nginx-rtmp-module 1.1.10 + - support for nginx 1.11.5-style cache-manager +- update patches to apply cleanly again + check_1.9.2+.patch + nginx-1.6.1-default_config.patch + ------------------------------------------------------------------- Mon Oct 10 10:23:47 UTC 2016 - mrueckert@suse.de @@ -10,7 +123,7 @@ Mon Oct 10 10:23:47 UTC 2016 - mrueckert@suse.de ------------------------------------------------------------------- Thu Sep 29 10:45:57 UTC 2016 - mrueckert@suse.de -- update to 11.4 +- update to 1.11.4 - Feature: the $upstream_bytes_received variable. - Feature: the $bytes_received, $session_time, $protocol, $status, $upstream_addr, $upstream_bytes_sent, diff --git a/nginx.spec b/nginx.spec index 85f3675..c634a77 100644 --- a/nginx.spec +++ b/nginx.spec @@ -1,7 +1,7 @@ # # spec file for package nginx # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -64,18 +64,18 @@ %define ngx_doc_dir %{_datadir}/doc/packages/%{name} # Name: nginx -Version: 1.11.4 +Version: 1.11.8 Release: 0 %define ngx_fancyindex_version 0.4.1 %define ngx_fancyindex_module_path ngx-fancyindex-%{ngx_fancyindex_version} -%define headers_more_nginx_version 0.30 +%define headers_more_nginx_version 0.32 %define headers_more_nginx_module_path headers-more-nginx-module-%{headers_more_nginx_version} %define nginx_upstream_check_version 0.3.0 %define nginx_upstream_check_module_path nginx_upstream_check_module-%{nginx_upstream_check_version} -%define nginx_rtmp_version 1.1.9 +%define nginx_rtmp_version 1.1.10 %define nginx_rtmp_module_path nginx-rtmp-module-%{nginx_rtmp_version} Summary: A HTTP server and IMAP/POP3 proxy server @@ -168,9 +168,10 @@ perl -pi -e 's|\r\n|\n|g' contrib/geo2nginx.pl perl -pi -e 's|#LIBDIR#|%{_lib}|g' conf/nginx.conf %if %{with systemd} -sed -i "s/\/var\/run/\/run/" %{_sourcedir}/nginx.init +sed -i "s/\/var\/run/\/run/" conf/nginx.conf %endif + %build ./configure \ --prefix=%{ngx_prefix}/ \ @@ -221,6 +222,7 @@ sed -i "s/\/var\/run/\/run/" %{_sourcedir}/nginx.init --with-stream_ssl_module \ --with-stream_realip_module \ --with-stream_geoip_module=dynamic \ + --with-stream_ssl_preread_module \ --with-pcre \ %if %{with pcre_jit} --with-pcre-jit \ @@ -234,6 +236,7 @@ sed -i "s/\/var\/run/\/run/" %{_sourcedir}/nginx.init %if %{with cpp_test} --with-cpp_test_module \ %endif + --with-compat \ --add-module=%{nginx_upstream_check_module_path} \ --add-dynamic-module=%{ngx_fancyindex_module_path} \ --add-dynamic-module=%{headers_more_nginx_module_path} \ @@ -388,6 +391,7 @@ copydocs %{nginx_rtmp_module_path} \ %defattr(-,root,root) %dir %{vim_data_dir}/ftdetect/ %{vim_data_dir}/ftdetect/nginx.vim +%{vim_data_dir}/ftplugin/nginx.vim %{vim_data_dir}/indent/nginx.vim %{vim_data_dir}/syntax/nginx.vim