- Security: a specially crafted request might result in an
integer overflow and incorrect processing of ranges in the
range filter, potentially resulting in sensitive information
leak (CVE-2017-7529).
- changes from 1.13.2
- Change: nginx now returns 200 instead of 416 when a range
starting with 0 is requested from an empty file.
- Feature: the "add_trailer" directive. Thanks to Piotr Sikora.
- Bugfix: nginx could not be built on Cygwin and NetBSD; the bug
had appeared in 1.13.0.
- Bugfix: nginx could not be built under MSYS2 / MinGW 64-bit.
Thanks to Orgad Shaneh.
- Bugfix: a segmentation fault might occur in a worker process
when using SSI with many includes and proxy_pass with
variables.
- Bugfix: in the ngx_http_v2_module. Thanks to Piotr Sikora.
- update nginx-rtmp-module to 1.2.0:
- DASH improvements
- OpenSSL 1.1 compatibility
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=86
- Feature: now a hostname can be used as the "set_real_ip_from"
directive parameter.
- Feature: vim syntax highlighting scripts improvements.
- Feature: the "worker_cpu_affinity" directive now works on
DragonFly BSD. Thanks to Sepherosa Ziehau.
- Bugfix: SSL renegotiation on backend connections did not work
when using OpenSSL before 1.1.0.
- Workaround: nginx could not be built with Oracle Developer
Studio 12.5.
- Workaround: now cache manager ignores long locked cache entries
when cleaning cache based on the "max_size" parameter.
- Bugfix: client SSL connections were immediately closed if
deferred accept and the "proxy_protocol" parameter of the
"listen" directive were used.
- Bugfix: in the "proxy_cache_background_update" directive.
- Workaround: now the "tcp_nodelay" directive sets the
TCP_NODELAY option before an SSL handshake.
- changes from 1.13.0
- Change: SSL renegotiation is now allowed on backend
connections.
- Feature: the "rcvbuf" and "sndbuf" parameters of the "listen"
directives of the mail proxy and stream modules.
- Feature: the "return" and "error_page" directives can now be
used to return 308 redirections. Thanks to Simon Leblanc.
- Feature: the "TLSv1.3" parameter of the "ssl_protocols"
directive.
- Feature: when logging signals nginx now logs PID of the process
which sent the signal.
- Bugfix: in memory allocation error handling.
- Bugfix: if a server in the stream module listened on a wildcard
address, the source address of a response UDP datagram could
differ from the original datagram destination address.
D nginx-1.12.0.tar.gz
A nginx-1.13.1.tar.gz
M nginx.changes
M nginx.spec
Diff for working copy: .
Index: nginx.changes
===================================================================
--- nginx.changes (revision 5e264311bbc34e3b63efb8fa4753db55)
+++ nginx.changes (working copy)
@@ -1,3 +1,40 @@
+-------------------------------------------------------------------
+Thu Jun 1 10:05:49 UTC 2017 - mrueckert@suse.de
+
+- update to 1.13.1
+ - Feature: now a hostname can be used as the "set_real_ip_from"
+ directive parameter.
+ - Feature: vim syntax highlighting scripts improvements.
+ - Feature: the "worker_cpu_affinity" directive now works on
+ DragonFly BSD. Thanks to Sepherosa Ziehau.
+ - Bugfix: SSL renegotiation on backend connections did not work
+ when using OpenSSL before 1.1.0.
+ - Workaround: nginx could not be built with Oracle Developer
+ Studio 12.5.
+ - Workaround: now cache manager ignores long locked cache entries
+ when cleaning cache based on the "max_size" parameter.
+ - Bugfix: client SSL connections were immediately closed if
+ deferred accept and the "proxy_protocol" parameter of the
+ "listen" directive were used.
+ - Bugfix: in the "proxy_cache_background_update" directive.
+ - Workaround: now the "tcp_nodelay" directive sets the
+ TCP_NODELAY option before an SSL handshake.
+- changes from 1.13.0
+ - Change: SSL renegotiation is now allowed on backend
+ connections.
+ - Feature: the "rcvbuf" and "sndbuf" parameters of the "listen"
+ directives of the mail proxy and stream modules.
+ - Feature: the "return" and "error_page" directives can now be
+ used to return 308 redirections. Thanks to Simon Leblanc.
+ - Feature: the "TLSv1.3" parameter of the "ssl_protocols"
+ directive.
+ - Feature: when logging signals nginx now logs PID of the process
+ which sent the signal.
+ - Bugfix: in memory allocation error handling.
+ - Bugfix: if a server in the stream module listened on a wildcard
+ address, the source address of a response UDP datagram could
+ differ from the original datagram destination address.
+
-------------------------------------------------------------------
Sun Apr 9 13:15:49 UTC 2017 - michael@stroeder.com
Index: nginx.spec
===================================================================
--- nginx.spec (revision 5e264311bbc34e3b63efb8fa4753db55)
+++ nginx.spec (working copy)
@@ -64,7 +64,7 @@
%define ngx_doc_dir %{_datadir}/doc/packages/%{name}
#
Name: nginx
-Version: 1.12.0
+Version: 1.13.1
Release: 0
%define ngx_fancyindex_version 0.4.1
%define ngx_fancyindex_module_path ngx-fancyindex-%{ngx_fancyindex_version}
Index: nginx-1.13.1.tar.gz
===================================================================
Binary file 'nginx-1.13.1.tar.gz' added.
Index: nginx-1.12.0.tar.gz
===================================================================
Binary file 'nginx-1.12.0.tar.gz' deleted.
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=84
- update to 1.11.12
- Bugfix: nginx might hog CPU; the bug had appeared in 1.11.11.
- update to 1.11.11
- Feature: the "worker_shutdown_timeout" directive.
- Feature: vim syntax highlighting scripts improvements. Thanks
to Wei-Ko Kao.
- Bugfix: a segmentation fault might occur in a worker process if
the $limit_rate variable was set to an empty string.
- Bugfix: the "proxy_cache_background_update",
"fastcgi_cache_background_update",
"scgi_cache_background_update", and
"uwsgi_cache_background_update" directives might work
incorrectly if the "if" directive was used.
- Bugfix: a segmentation fault might occur in a worker process if
number of large_client_header_buffers in a virtual server was
different from the one in the default server.
- Bugfix: in the mail proxy server.
OBS-URL: https://build.opensuse.org/request/show/483335
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=80
- update to 1.11.10
- Change: cache header format has been changed, previously cached
responses will be invalidated.
- Feature: support of "stale-while-revalidate" and
"stale-if-error" extensions in the "Cache-Control" backend
response header line.
- Feature: the "proxy_cache_background_update",
"fastcgi_cache_background_update",
"scgi_cache_background_update", and
"uwsgi_cache_background_update" directives.
- Feature: nginx is now able to cache responses with the "Vary"
header line up to 128 characters long (instead of 42 characters
in previous versions).
- Feature: the "build" parameter of the "server_tokens"
directive. Thanks to Tom Thorogood.
- Bugfix: "[crit] SSL_write() failed" messages might appear in
logs when handling requests with the "Expect: 100-continue"
request header line.
- Bugfix: the ngx_http_slice_module did not work in named
locations.
- Bugfix: a segmentation fault might occur in a worker process
when using AIO after an "X-Accel-Redirect" redirection.
- Bugfix: reduced memory consumption for long-lived requests
using gzipping.
OBS-URL: https://build.opensuse.org/request/show/461005
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=78
- Bugfix: nginx might hog CPU when using the stream module; the
bug had appeared in 1.11.5.
- Bugfix: EXTERNAL authentication mechanism in mail proxy was
accepted even if it was not enabled in the configuration.
- Bugfix: a segmentation fault might occur in a worker process if
the "ssl_verify_client" directive of the stream module was
used.
- Bugfix: the "ssl_verify_client" directive of the stream module
might not work.
- Bugfix: closing keepalive connections due to no free worker
connections might be too aggressive. Thanks to Joel
Cunningham.
- Bugfix: an incorrect response might be returned when using the
"sendfile" directive on FreeBSD and macOS; the bug had appeared
in 1.7.8.
- Bugfix: a truncated response might be stored in cache when
using the "aio_write" directive.
- Bugfix: a socket leak might occur when using the "aio_write"
directive.
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=76
- Feature: the $upstream_bytes_received variable.
- Feature: the $bytes_received, $session_time, $protocol,
$status, $upstream_addr, $upstream_bytes_sent,
$upstream_bytes_received, $upstream_connect_time,
$upstream_first_byte_time, and $upstream_session_time variables
in the stream module.
- Feature: the ngx_stream_log_module.
- Feature: the "proxy_protocol" parameter of the "listen"
directive, the $proxy_protocol_addr and $proxy_protocol_port
variables in the stream module.
- Feature: the ngx_stream_realip_module.
- Bugfix: nginx could not be built with the stream module and the
ngx_http_ssl_module, but without ngx_stream_ssl_module; the bug
had appeared in 1.11.3.
- Feature: the IP_BIND_ADDRESS_NO_PORT socket option was not
used; the bug had appeared in 1.11.2.
- Bugfix: in the "ranges" parameter of the "geo" directive.
- Bugfix: an incorrect response might be returned when using the
"aio threads" and "sendfile" directives; the bug had appeared
in 1.9.13.
- drop nginx-1.11.3_ssl_stream.patch again
- refreshed the following patches to apply cleanly again
check_1.9.2+.patch
nginx-1.11.2-html.patch
nginx-1.11.2-no_Werror.patch
nginx-aio.patch
- update to 1.11.3
- Change: now the "accept_mutex" directive is turned off by
default.
- Feature: now nginx uses EPOLLEXCLUSIVE on Linux.
- Feature: the ngx_stream_geo_module.
- Feature: the ngx_stream_geoip_module.
- Feature: the ngx_stream_split_clients_module.
- Feature: variables support in the "proxy_pass" and
"proxy_ssl_name" directives in the stream module.
- Bugfix: socket leak when using HTTP/2.
- Bugfix: in configure tests. Thanks to Piotr Sikora.
- backport nginx-1.11.3_ssl_stream.patch from hg
- refresh patches to apply cleanly again:
- check_1.9.2+.patch
- nginx-1.11.2-html.patch
- nginx-1.11.2-no_Werror.patch
- nginx-aio.patch
- enable a few new upstream modules and move some from 1.11.x to
dynamic:
- stream_geoip_module
- mail_ssl_module
- stream_ssl_module
- build fancyindex unconditionally and update it to 0.4.1
- New `fancyindex_directories_first` configuration directive
(enabled by default), which allows setting whether directories
are sorted before other files.
(Patch by Luke Zapart <<luke@zapart.org>>.)
- Fix index files not working when the fancyindex module is in
use (#46).
- The module can now be built as a [dynamic
module](https://www.nginx.com/resources/wiki/extending/converting/).
(Patch by Róbert Nagy <<vrnagy@gmail.com>>.)
- New configuration directive `fancyindex_show_path`, which
allows hiding the `<h1>` header which contains the current
path. (Patch by Thomas P. <<tpxp@live.fr>>.)
- Directory and file links in listings now have a title="..."
attribute. (Patch by `@janglapuk` <<trusdi.agus@gmail.com>>.)
- Fix for hung requests when the module is used along with
`ngx_pagespeed`.
(Patch by Otto van der Schaaf <<oschaaf@we-amp.com>>.)
- New feature: Allow filtering out symbolic links using the
`fancyindex_hide_symlinks` configuration directive. (Idea and
prototype patch by Thomas Wemm.)
- New feature: Allow specifying the format of timestamps using
the `fancyindex_time_format` configuration directive. (Idea
suggested by Xiao Meng <<novoreorx@gmail.com>>).
- Listings in top-level directories will not generate a "Parent
Directory" link as first element of the listing.
(Patch by Thomas P.)
- Fix propagation and overriding of the `fancyindex_css_href`
setting inside nested locations.
- Minor changes in the code to allow building cleanly under
Windows with Visual Studio 2013.
(Patch by Y. Yuan <<yzwduck@gmail.com>>).
- added nginx-rtmp-module
- make all modules dynamic that support it:
- ngx-fancyindex
- headers_more_nginx-module
- nginx-rtmp-module
- manually install the docs instead of using %doc
- unify how we install documentation for the modules
- restructure contrib file handling
- moved vim files into the normal vim paths so we can use them
directly
- new BR/R: vim
- split out vim files into a subpackage vim-plugin-nginx so we
dont have the vim requires on the main package
- perl scripts are moved to /usr/share/nginx/
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=70
- update to 1.10.1 (bsc# 982505)
Security: a segmentation fault might occur in a worker process
while writing a specially crafted request body to a temporary
file (CVE-2016-4450); the bug had appeared in 1.3.9.
- improve conditionals
- merge the 12.2 and 12.1 based conditionals into 1 as both of
them are out of support now.
- enable pcre JIT
- make use if libatomic_ops on Leap
- enable dynamic modules for intree modules. The following modules
are built as loadable modules now:
ngx_http_geoip_module.so
ngx_http_image_filter_module.so
ngx_http_perl_module.so
ngx_http_xslt_filter_module.so
ngx_mail_module.so
ngx_stream_module.so
You will have to load those modules with load_module.
http://nginx.org/en/docs/ngx_core_module.html#load_module
The correct syntax for this package is:
# For 64bit machines:
load_module lib64/nginx/modules/ngx_http_geoip_module.so;
# For 32bit machines:
load_module lib/nginx/modules/ngx_http_geoip_module.so;
Examples for all the intree modules have been added to the
default nginx.conf
- patches updated:
nginx-1.6.1-default_config.patch - added load_module example
OBS-URL: https://build.opensuse.org/request/show/399481
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=64
- update to version 1.10.0 stable
* Bugfix: "recv() failed" errors might occur when using HHVM as a
FastCGI server.
* Bugfix: when using HTTP/2 and the "limit_req" or "auth_request"
directives a timeout or a "client violated flow control" error might
occur while reading client request body; the bug had appeared in
1.9.14.
* Workaround: a response might not be shown by some browsers if HTTP/2
was used and client request body was not fully read; the bug had
appeared in 1.9.14.
* Bugfix: connections might hang when using the "aio threads"
directive.
Thanks to Mindaugas Rasiukevicius.
* Feature: OpenSSL 1.1.0 compatibility.
* Feature: the "proxy_request_buffering", "fastcgi_request_buffering",
"scgi_request_buffering", and "uwsgi_request_buffering" directives
now work with HTTP/2.
* Bugfix: "zero size buf in output" alerts might appear in logs when
using HTTP/2.
* Bugfix: the "client_max_body_size" directive might work incorrectly
when using HTTP/2.
* Bugfix: of minor bugs in logging.
* Change: non-idempotent requests (POST, LOCK, PATCH) are no longer
passed to the next server by default if a request has been sent to a
backend; the "non_idempotent" parameter of the "proxy_next_upstream"
directive explicitly allows retrying such requests.
* Feature: the ngx_http_perl_module can be built dynamically.
* Feature: UDP support in the stream module.
* Feature: the "aio_write" directive.
* Feature: now cache manager monitors number of elements in caches and
OBS-URL: https://build.opensuse.org/request/show/393996
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=61
- Feature: now the "tcp_nodelay" directive works with SPDY
connections.
- Bugfix: in error handling. Thanks to Yichun Zhang and Daniil
Bondarev.
- Bugfix: alerts "header already sent" appeared in logs if the
"post_action" directive was used; the bug had appeared in
1.5.4.
- Bugfix: alerts "sem_post() failed" might appear in logs.
- Bugfix: in hash table handling. Thanks to Chris West.
- Bugfix: in integer overflow handling. Thanks to Régis Leroy.
- no longer install the init script when using systemd service file
- create rcnginx for systemd case
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=49