- Feature: now TLSv1.3 can be used with BoringSSL.
- Feature: the "ssl_early_data" directive, currently available
with BoringSSL.
- Feature: the "keepalive_timeout" and "keepalive_requests"
directives in the "upstream" block.
- Bugfix: the ngx_http_dav_module did not truncate destination
file when copying a file over an existing one with the COPY
method.
- Bugfix: the ngx_http_dav_module used zero access rights on the
destination file and did not preserve file modification time
when moving a file between different file systems with the MOVE
method.
- Bugfix: the ngx_http_dav_module used default access rights when
copying a file with the COPY method.
- Workaround: some clients might not work when using HTTP/2; the
bug had appeared in 1.13.5.
- Bugfix: nginx could not be built with LibreSSL 2.8.0.
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=119
- update to 1.15.2
- Feature: the $ssl_preread_protocol variable in the
ngx_stream_ssl_preread_module.
- Feature: now when using the "reset_timedout_connection"
directive nginx will reset connections being closed with the
444 code.
- Change: a logging level of the "http request", "https proxy
request", "unsupported protocol", and "version too low" SSL
errors has been lowered from "crit" to "info".
- Bugfix: DNS requests were not resent if initial sending of a
request failed.
- Bugfix: the "reuseport" parameter of the "listen" directive was
ignored if the number of worker processes was specified after
the "listen" directive.
- Bugfix: when using OpenSSL 1.1.0 or newer it was not possible
to switch off "ssl_prefer_server_ciphers" in a virtual server
if it was switched on in the default server.
- Bugfix: SSL session reuse with upstream servers did not work
with the TLS 1.3 protocol.
- update to 1.15.1
OBS-URL: https://build.opensuse.org/request/show/626476
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=117
- update rmtp module to 1.2.1
- just commenting all places where we fallthrough conditionals
- update headers more to 0.33
- feature: add wildcard match support for
more_clear_input_headers.
- update fancyindex module to 0.4.2
This release contains an important fix which can cause Nginx to
crash when a directory contains zero-sized (empty) files. This
bug has been present in all previous releases, and all users are
strongly encouraged to update to version 0.4.2.
https://github.com/aperezdc/ngx-fancyindex/releases/tag/v0.4.2
- changes from 1.13.9
- Feature: HTTP/2 server push support; the "http2_push" and
"http2_push_preload" directives.
- Bugfix: "header already sent" alerts might appear in logs when
using cache; the bug had appeared in 1.9.13.
- Bugfix: a segmentation fault might occur in a worker process if
the "ssl_verify_client" directive was used and no SSL
certificate was specified in a virtual server.
- Bugfix: in the ngx_http_v2_module.
- Bugfix: in the ngx_http_dav_module.
- updates from 1.13.8
- Feature: now nginx automatically preserves the CAP_NET_RAW
capability in worker processes when using the "transparent"
parameter of the "proxy_bind", "fastcgi_bind",
"memcached_bind", "scgi_bind", and "uwsgi_bind" directives.
- Feature: improved CPU cache line size detection. Thanks to
Debayan Ghosh.
- Feature: new directives in vim syntax highlighting scripts.
Thanks to Gena Makhomed.
- Bugfix: binary upgrade refused to work if nginx was re-parented
to a process with PID different from 1 after its parent process
has finished.
- Bugfix: the ngx_http_autoindex_module incorrectly handled
requests with bodies.
- Bugfix: in the "proxy_limit_rate" directive when used with the
"keepalive" directive.
- Bugfix: some parts of a response might be buffered when using
"proxy_buffering off" if the client connection used SSL.
Thanks to Patryk Lesiewicz.
- Bugfix: in the "proxy_cache_background_update" directive.
- Bugfix: it was not possible to start a parameter with a
variable in the "${name}" form with the name in curly brackets
without enclosing the parameter into single or double quotes.
OBS-URL: https://build.opensuse.org/request/show/578706
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nginx?expand=0&rev=20
- just commenting all places where we fallthrough conditionals
- update headers more to 0.33
- feature: add wildcard match support for
more_clear_input_headers.
- update fancyindex module to 0.4.2
This release contains an important fix which can cause Nginx to
crash when a directory contains zero-sized (empty) files. This
bug has been present in all previous releases, and all users are
strongly encouraged to update to version 0.4.2.
https://github.com/aperezdc/ngx-fancyindex/releases/tag/v0.4.2
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=103
- Feature: HTTP/2 server push support; the "http2_push" and
"http2_push_preload" directives.
- Bugfix: "header already sent" alerts might appear in logs when
using cache; the bug had appeared in 1.9.13.
- Bugfix: a segmentation fault might occur in a worker process if
the "ssl_verify_client" directive was used and no SSL
certificate was specified in a virtual server.
- Bugfix: in the ngx_http_v2_module.
- Bugfix: in the ngx_http_dav_module.
- updates from 1.13.8
- Feature: now nginx automatically preserves the CAP_NET_RAW
capability in worker processes when using the "transparent"
parameter of the "proxy_bind", "fastcgi_bind",
"memcached_bind", "scgi_bind", and "uwsgi_bind" directives.
- Feature: improved CPU cache line size detection. Thanks to
Debayan Ghosh.
- Feature: new directives in vim syntax highlighting scripts.
Thanks to Gena Makhomed.
- Bugfix: binary upgrade refused to work if nginx was re-parented
to a process with PID different from 1 after its parent process
has finished.
- Bugfix: the ngx_http_autoindex_module incorrectly handled
requests with bodies.
- Bugfix: in the "proxy_limit_rate" directive when used with the
"keepalive" directive.
- Bugfix: some parts of a response might be buffered when using
"proxy_buffering off" if the client connection used SSL.
Thanks to Patryk Lesiewicz.
- Bugfix: in the "proxy_cache_background_update" directive.
- Bugfix: it was not possible to start a parameter with a
variable in the "${name}" form with the name in curly brackets
without enclosing the parameter into single or double quotes.
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=102
- update to version 1.13.7
- Bugfix: in the $upstream_status variable.
- Bugfix: a segmentation fault might occur in a worker process
if a backend returned a "101 Switching Protocols" response to
a subrequest.
- Bugfix: a segmentation fault occurred in a master process if a
shared memory zone size was changed during a reconfiguration
and the reconfiguration failed.
- Bugfix: in the ngx_http_fastcgi_module.
- Bugfix: nginx returned the 500 error if parameters without
variables were specified in the "xslt_stylesheet" directive.
- Workaround: "gzip filter failed to use preallocated memory"
alerts appeared in logs when using a zlib library variant
from Intel.
- Bugfix: the "worker_shutdown_timeout" directive did not work
when using mail proxy and when proxying WebSocket connections.
- partial cleanup with spec-cleaner
OBS-URL: https://build.opensuse.org/request/show/557896
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=97
- Bugfix: switching to the next upstream server in the stream
module did not work when using the "ssl_preread" directive.
- Bugfix: in the ngx_http_v2_module. Thanks to Piotr Sikora.
- Bugfix: nginx did not support dates after the year 2038 on
32-bit platforms with 64-bit time_t.
- Bugfix: in handling of dates prior to the year 1970 and after
the year 10000.
- Bugfix: in the stream module timeouts waiting for UDP datagrams
from upstream servers were not logged or logged at the "info"
level instead of "error".
- Bugfix: when using HTTP/2 nginx might return the 400 response
without logging the reason.
- Bugfix: in processing of corrupted cache files.
- Bugfix: cache control headers were ignored when caching errors
intercepted by error_page.
- Bugfix: when using HTTP/2 client request body might be
corrupted.
- Bugfix: in handling of client addresses when using unix domain
sockets.
- Bugfix: nginx hogged CPU when using the "hash ... consistent"
directive in the upstream block if large weights were used and
all or most of the servers were unavailable.
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=95
- Submit nginx to SLES to become a http server for RMT(Repository
mirroring tool) [fate#323994, bsc#1059685, boo#1057831]
- disable extra modules on sle
- update to 1.13.5
- Feature: the $ssl_client_escaped_cert variable.
- Bugfix: the "ssl_session_ticket_key" directive and the
"include" parameter of the "geo" directive did not work on
Windows.
- Bugfix: incorrect response length was returned on 32-bit
platforms when requesting more than 4 gigabytes with multiple
ranges.
- Bugfix: the "expires modified" directive and processing of the
"If-Range" request header line did not use the response last
modification time if proxying without caching was used.
- changes from 1.13.4
- Feature: the ngx_http_mirror_module.
- Bugfix: client connections might be dropped during
configuration testing when using the "reuseport" parameter of
the "listen" directive on Linux.
- Bugfix: request body might not be available in subrequests if
it was saved to a file and proxying was used.
- Bugfix: cleaning cache based on the "max_size" parameter did
not work on Windows.
- Bugfix: any shared memory allocation required 4096 bytes on
Windows.
- Bugfix: nginx worker might be terminated abnormally when using
the "zone" directive inside the "upstream" block on Windows.
OBS-URL: https://build.opensuse.org/request/show/531723
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nginx?expand=0&rev=15
- Feature: the $ssl_client_escaped_cert variable.
- Bugfix: the "ssl_session_ticket_key" directive and the
"include" parameter of the "geo" directive did not work on
Windows.
- Bugfix: incorrect response length was returned on 32-bit
platforms when requesting more than 4 gigabytes with multiple
ranges.
- Bugfix: the "expires modified" directive and processing of the
"If-Range" request header line did not use the response last
modification time if proxying without caching was used.
- changes from 1.13.4
- Feature: the ngx_http_mirror_module.
- Bugfix: client connections might be dropped during
configuration testing when using the "reuseport" parameter of
the "listen" directive on Linux.
- Bugfix: request body might not be available in subrequests if
it was saved to a file and proxying was used.
- Bugfix: cleaning cache based on the "max_size" parameter did
not work on Windows.
- Bugfix: any shared memory allocation required 4096 bytes on
Windows.
- Bugfix: nginx worker might be terminated abnormally when using
the "zone" directive inside the "upstream" block on Windows.
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=89
- Security: a specially crafted request might result in an
integer overflow and incorrect processing of ranges in the
range filter, potentially resulting in sensitive information
leak (CVE-2017-7529).
- changes from 1.13.2
- Change: nginx now returns 200 instead of 416 when a range
starting with 0 is requested from an empty file.
- Feature: the "add_trailer" directive. Thanks to Piotr Sikora.
- Bugfix: nginx could not be built on Cygwin and NetBSD; the bug
had appeared in 1.13.0.
- Bugfix: nginx could not be built under MSYS2 / MinGW 64-bit.
Thanks to Orgad Shaneh.
- Bugfix: a segmentation fault might occur in a worker process
when using SSI with many includes and proxy_pass with
variables.
- Bugfix: in the ngx_http_v2_module. Thanks to Piotr Sikora.
- update nginx-rtmp-module to 1.2.0:
- DASH improvements
- OpenSSL 1.1 compatibility
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=86
- update to 1.13.1
- Feature: now a hostname can be used as the "set_real_ip_from"
directive parameter.
- Feature: vim syntax highlighting scripts improvements.
- Feature: the "worker_cpu_affinity" directive now works on
DragonFly BSD. Thanks to Sepherosa Ziehau.
- Bugfix: SSL renegotiation on backend connections did not work
when using OpenSSL before 1.1.0.
- Workaround: nginx could not be built with Oracle Developer
Studio 12.5.
- Workaround: now cache manager ignores long locked cache entries
when cleaning cache based on the "max_size" parameter.
- Bugfix: client SSL connections were immediately closed if
deferred accept and the "proxy_protocol" parameter of the
"listen" directive were used.
- Bugfix: in the "proxy_cache_background_update" directive.
- Workaround: now the "tcp_nodelay" directive sets the
TCP_NODELAY option before an SSL handshake.
- changes from 1.13.0
- Change: SSL renegotiation is now allowed on backend
connections.
- Feature: the "rcvbuf" and "sndbuf" parameters of the "listen"
directives of the mail proxy and stream modules.
- Feature: the "return" and "error_page" directives can now be
used to return 308 redirections. Thanks to Simon Leblanc.
- Feature: the "TLSv1.3" parameter of the "ssl_protocols"
directive.
- Feature: when logging signals nginx now logs PID of the process
which sent the signal.
- Bugfix: in memory allocation error handling.
- Bugfix: if a server in the stream module listened on a wildcard
address, the source address of a response UDP datagram could
differ from the original datagram destination address.
OBS-URL: https://build.opensuse.org/request/show/500354
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nginx?expand=0&rev=13
- Feature: now a hostname can be used as the "set_real_ip_from"
directive parameter.
- Feature: vim syntax highlighting scripts improvements.
- Feature: the "worker_cpu_affinity" directive now works on
DragonFly BSD. Thanks to Sepherosa Ziehau.
- Bugfix: SSL renegotiation on backend connections did not work
when using OpenSSL before 1.1.0.
- Workaround: nginx could not be built with Oracle Developer
Studio 12.5.
- Workaround: now cache manager ignores long locked cache entries
when cleaning cache based on the "max_size" parameter.
- Bugfix: client SSL connections were immediately closed if
deferred accept and the "proxy_protocol" parameter of the
"listen" directive were used.
- Bugfix: in the "proxy_cache_background_update" directive.
- Workaround: now the "tcp_nodelay" directive sets the
TCP_NODELAY option before an SSL handshake.
- changes from 1.13.0
- Change: SSL renegotiation is now allowed on backend
connections.
- Feature: the "rcvbuf" and "sndbuf" parameters of the "listen"
directives of the mail proxy and stream modules.
- Feature: the "return" and "error_page" directives can now be
used to return 308 redirections. Thanks to Simon Leblanc.
- Feature: the "TLSv1.3" parameter of the "ssl_protocols"
directive.
- Feature: when logging signals nginx now logs PID of the process
which sent the signal.
- Bugfix: in memory allocation error handling.
- Bugfix: if a server in the stream module listened on a wildcard
address, the source address of a response UDP datagram could
differ from the original datagram destination address.
D nginx-1.12.0.tar.gz
A nginx-1.13.1.tar.gz
M nginx.changes
M nginx.spec
Diff for working copy: .
Index: nginx.changes
===================================================================
--- nginx.changes (revision 5e264311bbc34e3b63efb8fa4753db55)
+++ nginx.changes (working copy)
@@ -1,3 +1,40 @@
+-------------------------------------------------------------------
+Thu Jun 1 10:05:49 UTC 2017 - mrueckert@suse.de
+
+- update to 1.13.1
+ - Feature: now a hostname can be used as the "set_real_ip_from"
+ directive parameter.
+ - Feature: vim syntax highlighting scripts improvements.
+ - Feature: the "worker_cpu_affinity" directive now works on
+ DragonFly BSD. Thanks to Sepherosa Ziehau.
+ - Bugfix: SSL renegotiation on backend connections did not work
+ when using OpenSSL before 1.1.0.
+ - Workaround: nginx could not be built with Oracle Developer
+ Studio 12.5.
+ - Workaround: now cache manager ignores long locked cache entries
+ when cleaning cache based on the "max_size" parameter.
+ - Bugfix: client SSL connections were immediately closed if
+ deferred accept and the "proxy_protocol" parameter of the
+ "listen" directive were used.
+ - Bugfix: in the "proxy_cache_background_update" directive.
+ - Workaround: now the "tcp_nodelay" directive sets the
+ TCP_NODELAY option before an SSL handshake.
+- changes from 1.13.0
+ - Change: SSL renegotiation is now allowed on backend
+ connections.
+ - Feature: the "rcvbuf" and "sndbuf" parameters of the "listen"
+ directives of the mail proxy and stream modules.
+ - Feature: the "return" and "error_page" directives can now be
+ used to return 308 redirections. Thanks to Simon Leblanc.
+ - Feature: the "TLSv1.3" parameter of the "ssl_protocols"
+ directive.
+ - Feature: when logging signals nginx now logs PID of the process
+ which sent the signal.
+ - Bugfix: in memory allocation error handling.
+ - Bugfix: if a server in the stream module listened on a wildcard
+ address, the source address of a response UDP datagram could
+ differ from the original datagram destination address.
+
-------------------------------------------------------------------
Sun Apr 9 13:15:49 UTC 2017 - michael@stroeder.com
Index: nginx.spec
===================================================================
--- nginx.spec (revision 5e264311bbc34e3b63efb8fa4753db55)
+++ nginx.spec (working copy)
@@ -64,7 +64,7 @@
%define ngx_doc_dir %{_datadir}/doc/packages/%{name}
#
Name: nginx
-Version: 1.12.0
+Version: 1.13.1
Release: 0
%define ngx_fancyindex_version 0.4.1
%define ngx_fancyindex_module_path ngx-fancyindex-%{ngx_fancyindex_version}
Index: nginx-1.13.1.tar.gz
===================================================================
Binary file 'nginx-1.13.1.tar.gz' added.
Index: nginx-1.12.0.tar.gz
===================================================================
Binary file 'nginx-1.12.0.tar.gz' deleted.
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=84
- update to 1.11.12
- Bugfix: nginx might hog CPU; the bug had appeared in 1.11.11.
- update to 1.11.11
- Feature: the "worker_shutdown_timeout" directive.
- Feature: vim syntax highlighting scripts improvements. Thanks
to Wei-Ko Kao.
- Bugfix: a segmentation fault might occur in a worker process if
the $limit_rate variable was set to an empty string.
- Bugfix: the "proxy_cache_background_update",
"fastcgi_cache_background_update",
"scgi_cache_background_update", and
"uwsgi_cache_background_update" directives might work
incorrectly if the "if" directive was used.
- Bugfix: a segmentation fault might occur in a worker process if
number of large_client_header_buffers in a virtual server was
different from the one in the default server.
- Bugfix: in the mail proxy server.
OBS-URL: https://build.opensuse.org/request/show/483335
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=80
- update to 1.11.10
- Change: cache header format has been changed, previously cached
responses will be invalidated.
- Feature: support of "stale-while-revalidate" and
"stale-if-error" extensions in the "Cache-Control" backend
response header line.
- Feature: the "proxy_cache_background_update",
"fastcgi_cache_background_update",
"scgi_cache_background_update", and
"uwsgi_cache_background_update" directives.
- Feature: nginx is now able to cache responses with the "Vary"
header line up to 128 characters long (instead of 42 characters
in previous versions).
- Feature: the "build" parameter of the "server_tokens"
directive. Thanks to Tom Thorogood.
- Bugfix: "[crit] SSL_write() failed" messages might appear in
logs when handling requests with the "Expect: 100-continue"
request header line.
- Bugfix: the ngx_http_slice_module did not work in named
locations.
- Bugfix: a segmentation fault might occur in a worker process
when using AIO after an "X-Accel-Redirect" redirection.
- Bugfix: reduced memory consumption for long-lived requests
using gzipping.
OBS-URL: https://build.opensuse.org/request/show/461005
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=78
- update to 1.11.9
- Bugfix: nginx might hog CPU when using the stream module; the
bug had appeared in 1.11.5.
- Bugfix: EXTERNAL authentication mechanism in mail proxy was
accepted even if it was not enabled in the configuration.
- Bugfix: a segmentation fault might occur in a worker process if
the "ssl_verify_client" directive of the stream module was
used.
- Bugfix: the "ssl_verify_client" directive of the stream module
might not work.
- Bugfix: closing keepalive connections due to no free worker
connections might be too aggressive. Thanks to Joel
Cunningham.
- Bugfix: an incorrect response might be returned when using the
"sendfile" directive on FreeBSD and macOS; the bug had appeared
in 1.7.8.
- Bugfix: a truncated response might be stored in cache when
using the "aio_write" directive.
- Bugfix: a socket leak might occur when using the "aio_write"
directive.
OBS-URL: https://build.opensuse.org/request/show/453452
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nginx?expand=0&rev=9
- Bugfix: nginx might hog CPU when using the stream module; the
bug had appeared in 1.11.5.
- Bugfix: EXTERNAL authentication mechanism in mail proxy was
accepted even if it was not enabled in the configuration.
- Bugfix: a segmentation fault might occur in a worker process if
the "ssl_verify_client" directive of the stream module was
used.
- Bugfix: the "ssl_verify_client" directive of the stream module
might not work.
- Bugfix: closing keepalive connections due to no free worker
connections might be too aggressive. Thanks to Joel
Cunningham.
- Bugfix: an incorrect response might be returned when using the
"sendfile" directive on FreeBSD and macOS; the bug had appeared
in 1.7.8.
- Bugfix: a truncated response might be stored in cache when
using the "aio_write" directive.
- Bugfix: a socket leak might occur when using the "aio_write"
directive.
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=76
