- update to 1.19.8:
* Feature: flags in the "proxy_cookie_flags" directive can now contain
variables.
* Feature: the "proxy_protocol" parameter of the "listen" directive,
the "proxy_protocol" and "set_real_ip_from" directives in mail proxy.
* Bugfix: HTTP/2 connections were immediately closed when using
"keepalive_timeout 0"; the bug had appeared in 1.19.7.
* Bugfix: some errors were logged as unknown if nginx was built with
glibc 2.32.
* Bugfix: in the eventport method.
OBS-URL: https://build.opensuse.org/request/show/878625
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=193
- Refreshed spec-file via spec-cleaner and manual optimizations.
* Droped obsolete conditional constructs.
* Removed pkg_name macro.
- Drop nginx_upstream_check module, there is no support for dynamic
loading upstream and the module seems kind of unmaintained.
- Removed patch check_1.9.2+.patch.
- Update to 1.19.7
* https://nginx.org/en/CHANGES
* Change: connections handling in HTTP/2 has been changed to
better match HTTP/1.x; the "http2_recv_timeout",
"http2_idle_timeout", and "http2_max_requests" directives have
been removed, the "keepalive_timeout" and "keepalive_requests"
directives should be used instead.
* Change: the "http2_max_field_size" and "http2_max_header_size"
directives have been removed, the "large_client_header_buffers"
directive should be used instead.
* Feature: now, if free worker connections are exhausted, nginx
starts closing not only keepalive connections, but also
connections in lingering close.
* Bugfix: "zero size buf in output" alerts might appear in logs
if an upstream server returned an incorrect response during
unbuffered proxying; the bug had appeared in 1.19.1.
* Bugfix: HEAD requests were handled incorrectly if the "return"
directive was used with the "image_filter" or "xslt_stylesheet"
directives.
* Bugfix: in the "add_trailer" directive.
- Since we only target sle 12 and above we can skip all
conditionals which apply to suse_version before 1315
With changes in nginx itself we will drop support for sysvinit.
http2, libatomic support and pcre_jit will always be on now.
and we build all binaries with PIE now.
- Moved the last 2 path macros from nginx.spec to the macros file.
(pid and lock path)
OBS-URL: https://build.opensuse.org/request/show/875608
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=191
- Refresh spec-file via spec-cleaner and manual optimizations.
- Use the ngx_* macros from the nginx-macros package to simplify
the spec file.
- Moved all the modules that support dynamic modules into their own
modules:
* nginx-module-geoip2
* nginx-module-fancyindex
* nginx-module-headers-more
- The rtmp module is replaced with nginx-module-http-flv
OBS-URL: https://build.opensuse.org/request/show/847130
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=183
- Update to 1.19.3
* https://nginx.org/en/CHANGES
* Add the ngx_stream_set_module.
* Add the "proxy_cookie_flags" directive.
* Add the "userid_flags" directive.
* Fix the "stale-if-error" cache control extension was erroneously
applied if backend returned a response with status code 500, 502,
503, 504, 403, 404, or 429.
* Fix "[crit] cache file ... has too long header" messages might
appear in logs if caching was used and the backend returned responses
with the "Vary" header line.
* Fix "[crit] SSL_write() failed" messages might appear in logs
when using OpenSSL 1.1.1.
* Fix "SSL_shutdown() failed (SSL: ... bad write retry)" messages
might appear in logs; the bug had appeared in 1.19.2.
* Fix a segmentation fault might occur in a worker process when
using HTTP/2 if errors with code 400 were redirected to a proxied
location using the "error_page" directive.
* Fix socket leak when using HTTP/2 and subrequests in the njs module.
OBS-URL: https://build.opensuse.org/request/show/838765
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=177
- Update to 1.19.2
* https://nginx.org/en/CHANGES
* Now nginx starts closing keepalive connections before all free
worker connections are exhausted, and logs a warning about this
to the error log.
* Optimization of client request body reading when using chunked
transfer encoding.
* Memory leak if the "ssl_ocsp" directive was used.
* "zero size buf in output" alerts might appear in logs if a
FastCGI server returned an incorrect response; the bug had
appeared in 1.19.1.
* A segmentation fault might occur in a worker process if
different large_client_header_buffers sizes were used in
different virtual servers.
* SSL shutdown might not work.
* "SSL_shutdown() failed (SSL: ... bad write retry)" messages
might appear in logs.
* In the ngx_http_slice_module.
* In the ngx_http_xslt_filter_module.
OBS-URL: https://build.opensuse.org/request/show/826073
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=175
- Update to 1.19.1
* https://nginx.org/en/CHANGES
* The "lingering_close", "lingering_time", and "lingering_timeout"
directives now work when using HTTP/2.
* Now extra data sent by a backend are always discarded.
* Now after receiving a too short response from a FastCGI server
nginx tries to send the available part of the response
to the client, and then closes the client connection.
* Now after receiving a response with incorrect length from a
gRPC backend nginx stops response processing with an error.
* The "min_free" parameter of the "proxy_cache_path",
"fastcgi_cache_path", "scgi_cache_path",
and "uwsgi_cache_path" directives.
* nginx did not delete unix domain listen sockets during
graceful shutdown on the SIGQUIT signal.
* Zero length UDP datagrams were not proxied.
* Proxying to uwsgi backends using SSL might not work.
* In error handling when using the "ssl_ocsp" directive.
* On XFS and NFS file systems disk cache size might be
calculated incorrectly.
* "negative size buf in writer" alerts might appear in logs if
a memcached server returned a malformed response.
OBS-URL: https://build.opensuse.org/request/show/819472
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=172
- Update to 1.17.9
* https://nginx.org/en/CHANGES
* Now nginx does not allow several "Host" request header lines.
* nginx ignored additional "Transfer-Encoding" request header lines.
* Socket leak when using HTTP/2.
* A segmentation fault might occur in a worker process if OCSP
stapling was used.
* In the ngx_http_mp4_module.
* nginx used status code 494 instead of 400 if errors with code
494 were redirected with the "error_page" directive.
* Socket leak when using subrequests in the njs module and the
"aio" directive.
OBS-URL: https://build.opensuse.org/request/show/781491
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=158
* Feature: variables support in the "grpc_pass" directive.
* Bugfix: a timeout might occur while handling pipelined requests
in an SSL connection; the bug had appeared in 1.17.5.
* Bugfix: in the "debug_points" directive when using HTTP/2.
Thanks to Daniil Bondarev.
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=156
- Refresh spec-file via spec-cleaner.
- Add in service-file Wants=network-online.target (boo#1155690)
- Update to 1.17.7
* https://nginx.org/en/CHANGES
* A segmentation fault might occur on start or during
reconfiguration if the "rewrite" directive with an empty
replacement string was used in the configuration.
* A segmentation fault might occur in a worker process if the
"break" directive was used with the "alias" directive or with
the "proxy_pass" directive with a URI.
* The "Location" response header line might contain garbage if
the request URI was rewritten to the one containing a null character.
* Requests with bodies were handled incorrectly when returning redirections
with the "error_page" directive; the bug had appeared in 0.7.12.
* Socket leak when using HTTP/2.
* A timeout might occur while handling pipelined requests in an
SSL connection; the bug had appeared in 1.17.5.
* Bugfix in the ngx_http_dav_module.
OBS-URL: https://build.opensuse.org/request/show/759769
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=152
- Update to 1.17.4
* https://nginx.org/en/CHANGES
* Better detection of incorrect client behavior in HTTP/2.
* In handling of not fully read client request body when
returning errors in HTTP/2.
* The "worker_shutdown_timeout" directive might not work when
using HTTP/2.
* A segmentation fault might occur in a worker process when
using HTTP/2 and the "proxy_request_buffering" directive.
* The ECONNABORTED error log level was "crit" instead of
"error" on Windows when using SSL.
* nginx ignored extra data when using chunked transfer
encoding.
* nginx always returned the 500 error if the "return" directive
was used and an error occurred during reading client request body.
* In memory allocation error handling.
OBS-URL: https://build.opensuse.org/request/show/741628
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=144
- update to 1.17.3
- Security: when using HTTP/2 a client might cause excessive
memory consumption and CPU usage (CVE-2019-9511, CVE-2019-9513,
CVE-2019-9516).
- Bugfix: "zero size buf" alerts might appear in logs when using
gzipping; the bug had appeared in 1.17.2.
- Bugfix: a segmentation fault might occur in a worker process if
the "resolver" directive was used in SMTP proxy.
OBS-URL: https://build.opensuse.org/request/show/723395
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=142
- Feature: the "limit_req_dry_run" directive.
- Feature: when using the "hash" directive inside the "upstream"
block an empty hash key now triggers round-robin balancing.
Thanks to Niklas Keller.
- Bugfix: a segmentation fault might occur in a worker process if
caching was used along with the "image_filter" directive, and
errors with code 415 were redirected with the "error_page"
directive; the bug had appeared in 1.11.10.
- Bugfix: a segmentation fault might occur in a worker process if
embedded perl was used; the bug had appeared in 1.7.3.
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=138
- update to 1.15.6
- Security: when using HTTP/2 a client might cause excessive memory
consumption (CVE-2018-16843) and CPU usage (CVE-2018-16844).
- Security: processing of a specially crafted mp4 file with the
ngx_http_mp4_module might result in worker process memory disclosure
(CVE-2018-16845).
- Feature: the "proxy_socket_keepalive", "fastcgi_socket_keepalive",
"grpc_socket_keepalive", "memcached_socket_keepalive",
"scgi_socket_keepalive", and "uwsgi_socket_keepalive" directives.
- Bugfix: if nginx was built with OpenSSL 1.1.0 and used with OpenSSL
1.1.1, the TLS 1.3 protocol was always enabled.
- Bugfix: working with gRPC backends might result in excessive memory
consumption.
- Fix vim-plugin-nginx rpm group.
- update to 1.15.4
- Feature: now the "ssl_early_data" directive can be used with OpenSSL.
- Bugfix: in the ngx_http_uwsgi_module.
- Bugfix: connections with some gRPC backends might not be cached when
using the "keepalive" directive.
- Bugfix: a socket leak might occur when using the "error_page"
directive to redirect early request processing errors, notably errors
with code 400.
- Bugfix: the "return" directive did not change the response code when
returning errors if the request was redirected by the "error_page"
directive.
- Bugfix: standard error pages and responses of the
ngx_http_autoindex_module module used the "bgcolor" attribute, and
might be displayed incorrectly when using custom color settings in
browsers.
OBS-URL: https://build.opensuse.org/request/show/647300
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=125
- Feature: now TLSv1.3 can be used with BoringSSL.
- Feature: the "ssl_early_data" directive, currently available
with BoringSSL.
- Feature: the "keepalive_timeout" and "keepalive_requests"
directives in the "upstream" block.
- Bugfix: the ngx_http_dav_module did not truncate destination
file when copying a file over an existing one with the COPY
method.
- Bugfix: the ngx_http_dav_module used zero access rights on the
destination file and did not preserve file modification time
when moving a file between different file systems with the MOVE
method.
- Bugfix: the ngx_http_dav_module used default access rights when
copying a file with the COPY method.
- Workaround: some clients might not work when using HTTP/2; the
bug had appeared in 1.13.5.
- Bugfix: nginx could not be built with LibreSSL 2.8.0.
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=119
- update to 1.15.2
- Feature: the $ssl_preread_protocol variable in the
ngx_stream_ssl_preread_module.
- Feature: now when using the "reset_timedout_connection"
directive nginx will reset connections being closed with the
444 code.
- Change: a logging level of the "http request", "https proxy
request", "unsupported protocol", and "version too low" SSL
errors has been lowered from "crit" to "info".
- Bugfix: DNS requests were not resent if initial sending of a
request failed.
- Bugfix: the "reuseport" parameter of the "listen" directive was
ignored if the number of worker processes was specified after
the "listen" directive.
- Bugfix: when using OpenSSL 1.1.0 or newer it was not possible
to switch off "ssl_prefer_server_ciphers" in a virtual server
if it was switched on in the default server.
- Bugfix: SSL session reuse with upstream servers did not work
with the TLS 1.3 protocol.
- update to 1.15.1
OBS-URL: https://build.opensuse.org/request/show/626476
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=117
- just commenting all places where we fallthrough conditionals
- update headers more to 0.33
- feature: add wildcard match support for
more_clear_input_headers.
- update fancyindex module to 0.4.2
This release contains an important fix which can cause Nginx to
crash when a directory contains zero-sized (empty) files. This
bug has been present in all previous releases, and all users are
strongly encouraged to update to version 0.4.2.
https://github.com/aperezdc/ngx-fancyindex/releases/tag/v0.4.2
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=103