- Updated to 1.23.3
* Bugfix: an error might occur when reading PROXY protocol version 2
header with large number of TLVs.
* Bugfix: a segmentation fault might occur in a worker process if SSI
was used to process subrequests created by other modules.
* Workaround: when a hostname used in the "listen" directive resolves
to multiple addresses, nginx now ignores duplicates within these
addresses.
* Bugfix: nginx might hog CPU during unbuffered proxying if SSL
connections to backends were used.
OBS-URL: https://build.opensuse.org/request/show/1043486
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nginx?expand=0&rev=78
- Updated to 1.23.2
* Security: processing of a specially crafted mp4 file by the
ngx_http_mp4_module might cause a worker process crash, worker
process memory disclosure, or might have potential other impact
(CVE-2022-41741, CVE-2022-41742).
* Feature: the "$proxy_protocol_tlv_..." variables.
* Feature: TLS session tickets encryption keys are now automatically
rotated when using shared memory in the "ssl_session_cache"
directive.
* Change: the logging level of the "bad record type" SSL errors has
been lowered from "crit" to "info".
* Change: now when using shared memory in the "ssl_session_cache"
directive the "could not allocate new session" errors are logged at
the "warn" level instead of "alert" and not more often than once per second.
* Bugfix: nginx/Windows could not be built with OpenSSL 3.0.x.
* Bugfix: in logging of the PROXY protocol errors.
* Workaround: shared memory from the "ssl_session_cache" directive was
spent on sessions using TLS session tickets when using TLSv1.3 with OpenSSL.
* Workaround: timeout specified with the "ssl_session_timeout"
directive did not work when using TLSv1.3 with OpenSSL or BoringSSL.
OBS-URL: https://build.opensuse.org/request/show/1030027
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nginx?expand=0&rev=77
- Updated to 1.23.1
* Feature: memory usage optimization in configurations with SSL proxying.
* Feature: looking up of IPv4 addresses while resolving now can be
disabled with the "ipv4=off" parameter of the "resolver" directive.
* Change: the logging level of the "bad key share", "bad extension",
"bad cipher", and "bad ecpoint" SSL errors has been lowered from "crit" to "info".
* Bugfix: while returning byte ranges nginx did not remove the
"Content-Range" header line if it was present in the original backend response.
* Bugfix: a proxied response might be truncated during reconfiguration
on Linux; the bug had appeared in 1.17.5.
OBS-URL: https://build.opensuse.org/request/show/990292
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nginx?expand=0&rev=76
- Changed nginx.keyring to Konstantin Pavlov’s PGP public key.
- Removed nginx.init.
- Updated to 1.23.0
* https://nginx.org/en/CHANGES
* Now header lines are represented as linked lists.
* Now nginx combines arbitrary header lines with identical
names when sending to FastCGI, SCGI, and uwsgi backends, in the
$r->header_in() method of the ngx_http_perl_module, and during lookup
of the "$http_...", "$sent_http_...", "$sent_trailer_...",
"$upstream_http_...", and "$upstream_trailer_..." variables.
* Fixed: if there were multiple "Vary" header lines in the backend
response, nginx only used the last of them when caching.
* Fixed: if there were multiple "WWW-Authenticate" header lines in the
backend response and errors with code 401 were intercepted or the
"auth_request" directive was used, nginx only sent the first of the
header lines to the client.
* The logging level of the "application data after close
notify" SSL errors has been lowered from "crit" to "info".
* Fixed: connections might hang if nginx was built on Linux 2.6.17 or
newer, but was used on systems without EPOLLRDHUP support, notably
with epoll emulation layers; the bug had appeared in 1.17.5.
* Fixed: nginx did not cache the response if the "Expires" response
header line disabled caching, but following "Cache-Control" header
line enabled caching.
OBS-URL: https://build.opensuse.org/request/show/984278
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nginx?expand=0&rev=75
- Changed nginx.keyring to Konstantin Pavlov’s PGP public key.
- Removed nginx.init.
- Updated to 1.23.0
* https://nginx.org/en/CHANGES
* Now header lines are represented as linked lists.
* Now nginx combines arbitrary header lines with identical
names when sending to FastCGI, SCGI, and uwsgi backends, in the
$r->header_in() method of the ngx_http_perl_module, and during lookup
of the "$http_...", "$sent_http_...", "$sent_trailer_...",
"$upstream_http_...", and "$upstream_trailer_..." variables.
* Fixed: if there were multiple "Vary" header lines in the backend
response, nginx only used the last of them when caching.
* Fixed: if there were multiple "WWW-Authenticate" header lines in the
backend response and errors with code 401 were intercepted or the
"auth_request" directive was used, nginx only sent the first of the
header lines to the client.
* The logging level of the "application data after close
notify" SSL errors has been lowered from "crit" to "info".
* Fixed: connections might hang if nginx was built on Linux 2.6.17 or
newer, but was used on systems without EPOLLRDHUP support, notably
with epoll emulation layers; the bug had appeared in 1.17.5.
* Fixed: nginx did not cache the response if the "Expires" response
header line disabled caching, but following "Cache-Control" header
line enabled caching.
OBS-URL: https://build.opensuse.org/request/show/984277
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=229
- Updated nginx.keyring.
- Removed nginx.init.
- Updated to 1.23.0
* https://nginx.org/en/CHANGES
* Now header lines are represented as linked lists.
* Now nginx combines arbitrary header lines with identical
names when sending to FastCGI, SCGI, and uwsgi backends, in the
$r->header_in() method of the ngx_http_perl_module, and during lookup
of the "$http_...", "$sent_http_...", "$sent_trailer_...",
"$upstream_http_...", and "$upstream_trailer_..." variables.
* Fixed: if there were multiple "Vary" header lines in the backend
response, nginx only used the last of them when caching.
* Fixed: if there were multiple "WWW-Authenticate" header lines in the
backend response and errors with code 401 were intercepted or the
"auth_request" directive was used, nginx only sent the first of the
header lines to the client.
* The logging level of the "application data after close
notify" SSL errors has been lowered from "crit" to "info".
* Fixed: connections might hang if nginx was built on Linux 2.6.17 or
newer, but was used on systems without EPOLLRDHUP support, notably
with epoll emulation layers; the bug had appeared in 1.17.5.
* Fixed: nginx did not cache the response if the "Expires" response
header line disabled caching, but following "Cache-Control" header
line enabled caching.
OBS-URL: https://build.opensuse.org/request/show/984271
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=227
- Updated nginx.keyring.
- Updated to 1.23.0
* https://nginx.org/en/CHANGES
* Now header lines are represented as linked lists.
* Now nginx combines arbitrary header lines with identical
names when sending to FastCGI, SCGI, and uwsgi backends, in the
$r->header_in() method of the ngx_http_perl_module, and during lookup
of the "$http_...", "$sent_http_...", "$sent_trailer_...",
"$upstream_http_...", and "$upstream_trailer_..." variables.
* Fixed: if there were multiple "Vary" header lines in the backend
response, nginx only used the last of them when caching.
* Fixed: if there were multiple "WWW-Authenticate" header lines in the
backend response and errors with code 401 were intercepted or the
"auth_request" directive was used, nginx only sent the first of the
header lines to the client.
* The logging level of the "application data after close
notify" SSL errors has been lowered from "crit" to "info".
* Fixed: connections might hang if nginx was built on Linux 2.6.17 or
newer, but was used on systems without EPOLLRDHUP support, notably
with epoll emulation layers; the bug had appeared in 1.17.5.
* Fixed: nginx did not cache the response if the "Expires" response
header line disabled caching, but following "Cache-Control" header
line enabled caching.
OBS-URL: https://build.opensuse.org/request/show/984266
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=226
- Updated to 1.21.4
* https://nginx.org/en/CHANGES
* Support for NPN instead of ALPN to establish HTTP/2
connections has been removed.
* Now nginx rejects SSL connections if ALPN is used by the
client, but no supported protocols can be negotiated.
* The default value of the "sendfile_max_chunk" directive was
changed to 2 megabytes.
* The "proxy_half_close" directive in the stream module.
* The "ssl_alpn" directive in the stream module.
* The $ssl_alpn_protocol variable.
* Support for SSL_sendfile() when using OpenSSL 3.0.
* The "mp4_start_key_frame" directive in the ngx_http_mp4_module.
* In the $content_length variable when using chunked transfer encoding.
* After receiving a response with incorrect length from a proxied
backend nginx might nevertheless cache the connection.
* Invalid headers from backends were logged at the "info" level
instead of "error"; the bug had appeared in 1.21.1.
* Requests might hang when using HTTP/2 and the "aio_write" directive.
- drop vim-plugin-nginx, now is provided directly by vim
OBS-URL: https://build.opensuse.org/request/show/930156
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nginx?expand=0&rev=72
- Updated to 1.21.4
* https://nginx.org/en/CHANGES
* Support for NPN instead of ALPN to establish HTTP/2
connections has been removed.
* Now nginx rejects SSL connections if ALPN is used by the
client, but no supported protocols can be negotiated.
* The default value of the "sendfile_max_chunk" directive was
changed to 2 megabytes.
* The "proxy_half_close" directive in the stream module.
* The "ssl_alpn" directive in the stream module.
* The $ssl_alpn_protocol variable.
* Support for SSL_sendfile() when using OpenSSL 3.0.
* The "mp4_start_key_frame" directive in the ngx_http_mp4_module.
* In the $content_length variable when using chunked transfer encoding.
* After receiving a response with incorrect length from a proxied
backend nginx might nevertheless cache the connection.
* Invalid headers from backends were logged at the "info" level
instead of "error"; the bug had appeared in 1.21.1.
* Requests might hang when using HTTP/2 and the "aio_write" directive.
OBS-URL: https://build.opensuse.org/request/show/929778
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=217
- Updated to 1.21.2
* https://nginx.org/en/CHANGES
* Now nginx rejects HTTP/1.0 requests with the "Transfer-Encoding" header line.
* Export ciphers are no longer supported.
* Added OpenSSL 3.0 compatibility.
* Added the "Auth-SSL-Protocol" and "Auth-SSL-Cipher" header lines
are now passed to the mail proxy authentication server.
* Added request body filters API now permits buffering of the data being processed.
* Fixed backend SSL connections in the stream module might hang after an SSL handshake.
* Fixed the security level, which is available in OpenSSL 1.1.0 or newer,
did not affect loading of the server certificates when set
with "@SECLEVEL=N" in the "ssl_ciphers" directive.
* Fixed SSL connections with gRPC backends might hang if select, poll,
or /dev/poll methods were used.
* Fixed when using HTTP/2 client request body was always written to
disk if the "Content-Length" header line was not present in the request.
OBS-URL: https://build.opensuse.org/request/show/915419
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nginx?expand=0&rev=69
- Updated to 1.21.2
* https://nginx.org/en/CHANGES
* Now nginx rejects HTTP/1.0 requests with the "Transfer-Encoding" header line.
* Export ciphers are no longer supported.
* Added OpenSSL 3.0 compatibility.
* Added the "Auth-SSL-Protocol" and "Auth-SSL-Cipher" header lines
are now passed to the mail proxy authentication server.
* Added request body filters API now permits buffering of the data being processed.
* Fixed backend SSL connections in the stream module might hang after an SSL handshake.
* Fixed the security level, which is available in OpenSSL 1.1.0 or newer,
did not affect loading of the server certificates when set
with "@SECLEVEL=N" in the "ssl_ciphers" directive.
* Fixed SSL connections with gRPC backends might hang if select, poll,
or /dev/poll methods were used.
* Fixed when using HTTP/2 client request body was always written to
disk if the "Content-Length" header line was not present in the request.
OBS-URL: https://build.opensuse.org/request/show/915418
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=212
- Updated to 1.21.1
* https://nginx.org/en/CHANGES
* Now nginx always returns an error for the CONNECT method.
* Now nginx always returns an error if both "Content-Length"
and "Transfer-Encoding" header lines are present in the request.
* Now nginx always returns an error if spaces or control
characters are used in the request line.
* Now nginx always returns an error if spaces or control
characters are used in a header name.
* Now nginx always returns an error if spaces or control
characters are used in the "Host" request header line.
* Optimization of configuration testing when using many
listening sockets.
* Fixed: nginx did not escape """, "<", ">", "\", "^", "`", "{", "|",
and "}" characters when proxying with changed URI.
* Fixed: SSL variables might be empty when used in logs; the bug had
appeared in 1.19.5.
* Fixed: keepalive connections with gRPC backends might not be closed
after receiving a GOAWAY frame.
* Fixed: reduced memory consumption for long-lived requests when
proxying with more than 64 buffers.
OBS-URL: https://build.opensuse.org/request/show/904634
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=211
- Updated to 1.21.0
* https://nginx.org/en/CHANGES
* Added variables support in the "proxy_ssl_certificate",
"proxy_ssl_certificate_key" "grpc_ssl_certificate",
"grpc_ssl_certificate_key", "uwsgi_ssl_certificate", and
"uwsgi_ssl_certificate_key" directives.
* Added the "max_errors" directive in the mail proxy module.
* Added the mail proxy module supports POP3 and IMAP pipelining.
* Added the "fastopen" parameter of the "listen" directive in the
stream module.
* Fixed special characters were not escaped during automatic redirect
with appended trailing slash.
* Fixed connections with clients in the mail proxy module might be
closed unexpectedly when using SMTP pipelining.
OBS-URL: https://build.opensuse.org/request/show/896986
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nginx?expand=0&rev=66
- Updated to 1.21.0
* https://nginx.org/en/CHANGES
* Added variables support in the "proxy_ssl_certificate",
"proxy_ssl_certificate_key" "grpc_ssl_certificate",
"grpc_ssl_certificate_key", "uwsgi_ssl_certificate", and
"uwsgi_ssl_certificate_key" directives.
* Added the "max_errors" directive in the mail proxy module.
* Added the mail proxy module supports POP3 and IMAP pipelining.
* Added the "fastopen" parameter of the "listen" directive in the
stream module.
* Fixed special characters were not escaped during automatic redirect
with appended trailing slash.
* Fixed connections with clients in the mail proxy module might be
closed unexpectedly when using SMTP pipelining.
OBS-URL: https://build.opensuse.org/request/show/896985
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=207
- update to 1.21.0:
* Feature: variables support in the "proxy_ssl_certificate",
"proxy_ssl_certificate_key" "grpc_ssl_certificate",
"grpc_ssl_certificate_key", "uwsgi_ssl_certificate", and
"uwsgi_ssl_certificate_key" directives.
* Feature: the "max_errors" directive in the mail proxy module.
* Feature: the mail proxy module supports POP3 and IMAP pipelining.
* Feature: the "fastopen" parameter of the "listen" directive in the
stream module.
* Bugfix: special characters were not escaped during automatic redirect
with appended trailing slash.
* Bugfix: connections with clients in the mail proxy module might be
closed unexpectedly when using SMTP pipelining.
OBS-URL: https://build.opensuse.org/request/show/895804
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=206
