- Updated to 1.25.4
* Changed nginx.keyring to Sergey Kandaurov’s PGP public key.
* https://nginx.org/en/CHANGES
* Fixed segmentation fault might occur in a worker process while
processing a specially crafted QUIC session (CVE-2024-24989, CVE-2024-24990).
* Fixed connections with pending AIO operations might be closed
prematurely during graceful shutdown of old worker processes.
* Fixed socket leak alerts no longer logged when fast shutdown was
requested after graceful shutdown of old worker processes.
* Fixed socket descriptor error, a socket leak, or a segmentation fault
in a worker process might occur if AIO was used in a subrequest.
* Fixed segmentation fault might occur in a worker process if SSL
proxying was used along with the "image_filter" directive and errors
with code 415 were redirected with the "error_page" directive.
OBS-URL: https://build.opensuse.org/request/show/1147448
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=250
- Updated to 1.25.4
* Changed nginx.keyring to nginx public key.
* https://nginx.org/en/CHANGES
* Fixed segmentation fault might occur in a worker process while
processing a specially crafted QUIC session (CVE-2024-24989, CVE-2024-24990).
* Fixed connections with pending AIO operations might be closed
prematurely during graceful shutdown of old worker processes.
* Fixed socket leak alerts no longer logged when fast shutdown was
requested after graceful shutdown of old worker processes.
* Fixed socket descriptor error, a socket leak, or a segmentation fault
in a worker process might occur if AIO was used in a subrequest.
* Fixed segmentation fault might occur in a worker process if SSL
proxying was used along with the "image_filter" directive and errors
with code 415 were redirected with the "error_page" directive.
OBS-URL: https://build.opensuse.org/request/show/1147446
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=249
- Updated to 1.25.4
* https://nginx.org/en/CHANGES
* Fixed segmentation fault might occur in a worker process while
processing a specially crafted QUIC session (CVE-2024-24989, CVE-2024-24990).
* Fixed connections with pending AIO operations might be closed
prematurely during graceful shutdown of old worker processes.
* Fixed socket leak alerts no longer logged when fast shutdown was
requested after graceful shutdown of old worker processes.
* Fixed socket descriptor error, a socket leak, or a segmentation fault
in a worker process might occur if AIO was used in a subrequest.
* Fixed segmentation fault might occur in a worker process if SSL
proxying was used along with the "image_filter" directive and errors
with code 415 were redirected with the "error_page" directive.
OBS-URL: https://build.opensuse.org/request/show/1147439
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=248
- Updated to 1.25.3
* https://nginx.org/en/CHANGES
* Changed: improved detection of misbehaving clients when using HTTP/2.
* Added: startup speedup when using a large number of locations.
* Fixed: a segmentation fault might occur in a worker process when
using HTTP/2 without SSL; the bug had appeared in 1.25.1.
* Fixed: the "Status" backend response header line with an empty
reason phrase was handled incorrectly.
* Fixed: memory leak during reconfiguration when using the PCRE2 library.
OBS-URL: https://build.opensuse.org/request/show/1120595
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=246
- Changed nginx.keyring to Konstantin Pavlov’s PGP public key.
- Removed nginx.init.
- Updated to 1.23.0
* https://nginx.org/en/CHANGES
* Now header lines are represented as linked lists.
* Now nginx combines arbitrary header lines with identical
names when sending to FastCGI, SCGI, and uwsgi backends, in the
$r->header_in() method of the ngx_http_perl_module, and during lookup
of the "$http_...", "$sent_http_...", "$sent_trailer_...",
"$upstream_http_...", and "$upstream_trailer_..." variables.
* Fixed: if there were multiple "Vary" header lines in the backend
response, nginx only used the last of them when caching.
* Fixed: if there were multiple "WWW-Authenticate" header lines in the
backend response and errors with code 401 were intercepted or the
"auth_request" directive was used, nginx only sent the first of the
header lines to the client.
* The logging level of the "application data after close
notify" SSL errors has been lowered from "crit" to "info".
* Fixed: connections might hang if nginx was built on Linux 2.6.17 or
newer, but was used on systems without EPOLLRDHUP support, notably
with epoll emulation layers; the bug had appeared in 1.17.5.
* Fixed: nginx did not cache the response if the "Expires" response
header line disabled caching, but following "Cache-Control" header
line enabled caching.
OBS-URL: https://build.opensuse.org/request/show/984277
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=229
- Updated nginx.keyring.
- Removed nginx.init.
- Updated to 1.23.0
* https://nginx.org/en/CHANGES
* Now header lines are represented as linked lists.
* Now nginx combines arbitrary header lines with identical
names when sending to FastCGI, SCGI, and uwsgi backends, in the
$r->header_in() method of the ngx_http_perl_module, and during lookup
of the "$http_...", "$sent_http_...", "$sent_trailer_...",
"$upstream_http_...", and "$upstream_trailer_..." variables.
* Fixed: if there were multiple "Vary" header lines in the backend
response, nginx only used the last of them when caching.
* Fixed: if there were multiple "WWW-Authenticate" header lines in the
backend response and errors with code 401 were intercepted or the
"auth_request" directive was used, nginx only sent the first of the
header lines to the client.
* The logging level of the "application data after close
notify" SSL errors has been lowered from "crit" to "info".
* Fixed: connections might hang if nginx was built on Linux 2.6.17 or
newer, but was used on systems without EPOLLRDHUP support, notably
with epoll emulation layers; the bug had appeared in 1.17.5.
* Fixed: nginx did not cache the response if the "Expires" response
header line disabled caching, but following "Cache-Control" header
line enabled caching.
OBS-URL: https://build.opensuse.org/request/show/984271
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=227
- Updated nginx.keyring.
- Updated to 1.23.0
* https://nginx.org/en/CHANGES
* Now header lines are represented as linked lists.
* Now nginx combines arbitrary header lines with identical
names when sending to FastCGI, SCGI, and uwsgi backends, in the
$r->header_in() method of the ngx_http_perl_module, and during lookup
of the "$http_...", "$sent_http_...", "$sent_trailer_...",
"$upstream_http_...", and "$upstream_trailer_..." variables.
* Fixed: if there were multiple "Vary" header lines in the backend
response, nginx only used the last of them when caching.
* Fixed: if there were multiple "WWW-Authenticate" header lines in the
backend response and errors with code 401 were intercepted or the
"auth_request" directive was used, nginx only sent the first of the
header lines to the client.
* The logging level of the "application data after close
notify" SSL errors has been lowered from "crit" to "info".
* Fixed: connections might hang if nginx was built on Linux 2.6.17 or
newer, but was used on systems without EPOLLRDHUP support, notably
with epoll emulation layers; the bug had appeared in 1.17.5.
* Fixed: nginx did not cache the response if the "Expires" response
header line disabled caching, but following "Cache-Control" header
line enabled caching.
OBS-URL: https://build.opensuse.org/request/show/984266
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=226
- Updated to 1.21.4
* https://nginx.org/en/CHANGES
* Support for NPN instead of ALPN to establish HTTP/2
connections has been removed.
* Now nginx rejects SSL connections if ALPN is used by the
client, but no supported protocols can be negotiated.
* The default value of the "sendfile_max_chunk" directive was
changed to 2 megabytes.
* The "proxy_half_close" directive in the stream module.
* The "ssl_alpn" directive in the stream module.
* The $ssl_alpn_protocol variable.
* Support for SSL_sendfile() when using OpenSSL 3.0.
* The "mp4_start_key_frame" directive in the ngx_http_mp4_module.
* In the $content_length variable when using chunked transfer encoding.
* After receiving a response with incorrect length from a proxied
backend nginx might nevertheless cache the connection.
* Invalid headers from backends were logged at the "info" level
instead of "error"; the bug had appeared in 1.21.1.
* Requests might hang when using HTTP/2 and the "aio_write" directive.
OBS-URL: https://build.opensuse.org/request/show/929778
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=217
- Updated to 1.21.2
* https://nginx.org/en/CHANGES
* Now nginx rejects HTTP/1.0 requests with the "Transfer-Encoding" header line.
* Export ciphers are no longer supported.
* Added OpenSSL 3.0 compatibility.
* Added the "Auth-SSL-Protocol" and "Auth-SSL-Cipher" header lines
are now passed to the mail proxy authentication server.
* Added request body filters API now permits buffering of the data being processed.
* Fixed backend SSL connections in the stream module might hang after an SSL handshake.
* Fixed the security level, which is available in OpenSSL 1.1.0 or newer,
did not affect loading of the server certificates when set
with "@SECLEVEL=N" in the "ssl_ciphers" directive.
* Fixed SSL connections with gRPC backends might hang if select, poll,
or /dev/poll methods were used.
* Fixed when using HTTP/2 client request body was always written to
disk if the "Content-Length" header line was not present in the request.
OBS-URL: https://build.opensuse.org/request/show/915418
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=212
- Updated to 1.21.1
* https://nginx.org/en/CHANGES
* Now nginx always returns an error for the CONNECT method.
* Now nginx always returns an error if both "Content-Length"
and "Transfer-Encoding" header lines are present in the request.
* Now nginx always returns an error if spaces or control
characters are used in the request line.
* Now nginx always returns an error if spaces or control
characters are used in a header name.
* Now nginx always returns an error if spaces or control
characters are used in the "Host" request header line.
* Optimization of configuration testing when using many
listening sockets.
* Fixed: nginx did not escape """, "<", ">", "\", "^", "`", "{", "|",
and "}" characters when proxying with changed URI.
* Fixed: SSL variables might be empty when used in logs; the bug had
appeared in 1.19.5.
* Fixed: keepalive connections with gRPC backends might not be closed
after receiving a GOAWAY frame.
* Fixed: reduced memory consumption for long-lived requests when
proxying with more than 64 buffers.
OBS-URL: https://build.opensuse.org/request/show/904634
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=211
- update to 1.21.0:
* Feature: variables support in the "proxy_ssl_certificate",
"proxy_ssl_certificate_key" "grpc_ssl_certificate",
"grpc_ssl_certificate_key", "uwsgi_ssl_certificate", and
"uwsgi_ssl_certificate_key" directives.
* Feature: the "max_errors" directive in the mail proxy module.
* Feature: the mail proxy module supports POP3 and IMAP pipelining.
* Feature: the "fastopen" parameter of the "listen" directive in the
stream module.
* Bugfix: special characters were not escaped during automatic redirect
with appended trailing slash.
* Bugfix: connections with clients in the mail proxy module might be
closed unexpectedly when using SMTP pipelining.
OBS-URL: https://build.opensuse.org/request/show/895804
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=206
- Update to 1.19.9
* https://nginx.org/en/CHANGES
* Fixed nginx could not be built with the mail proxy module, but
without the ngx_mail_ssl_module; the bug had appeared in 1.19.8.
* Fixed "upstream sent response body larger than indicated content
length" errors might occur when working with gRPC backends;
the bug had appeared in 1.19.1.
* Fixed nginx might not close a connection till keepalive timeout
expiration if the connection was closed by the client while
discarding the request body.
* Fixed nginx might not detect that a connection was already closed
by the client when waiting for auth_delay or limit_req delay,
or when working with backends.
* Fixed in the eventport method.
OBS-URL: https://build.opensuse.org/request/show/882789
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=196
- update to 1.19.8:
* Feature: flags in the "proxy_cookie_flags" directive can now contain
variables.
* Feature: the "proxy_protocol" parameter of the "listen" directive,
the "proxy_protocol" and "set_real_ip_from" directives in mail proxy.
* Bugfix: HTTP/2 connections were immediately closed when using
"keepalive_timeout 0"; the bug had appeared in 1.19.7.
* Bugfix: some errors were logged as unknown if nginx was built with
glibc 2.32.
* Bugfix: in the eventport method.
OBS-URL: https://build.opensuse.org/request/show/878625
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=193
- Refreshed spec-file via spec-cleaner and manual optimizations.
* Droped obsolete conditional constructs.
* Removed pkg_name macro.
- Drop nginx_upstream_check module, there is no support for dynamic
loading upstream and the module seems kind of unmaintained.
- Removed patch check_1.9.2+.patch.
- Update to 1.19.7
* https://nginx.org/en/CHANGES
* Change: connections handling in HTTP/2 has been changed to
better match HTTP/1.x; the "http2_recv_timeout",
"http2_idle_timeout", and "http2_max_requests" directives have
been removed, the "keepalive_timeout" and "keepalive_requests"
directives should be used instead.
* Change: the "http2_max_field_size" and "http2_max_header_size"
directives have been removed, the "large_client_header_buffers"
directive should be used instead.
* Feature: now, if free worker connections are exhausted, nginx
starts closing not only keepalive connections, but also
connections in lingering close.
* Bugfix: "zero size buf in output" alerts might appear in logs
if an upstream server returned an incorrect response during
unbuffered proxying; the bug had appeared in 1.19.1.
* Bugfix: HEAD requests were handled incorrectly if the "return"
directive was used with the "image_filter" or "xslt_stylesheet"
directives.
* Bugfix: in the "add_trailer" directive.
- Since we only target sle 12 and above we can skip all
conditionals which apply to suse_version before 1315
With changes in nginx itself we will drop support for sysvinit.
http2, libatomic support and pcre_jit will always be on now.
and we build all binaries with PIE now.
- Moved the last 2 path macros from nginx.spec to the macros file.
(pid and lock path)
OBS-URL: https://build.opensuse.org/request/show/875608
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=191
- Refresh spec-file via spec-cleaner and manual optimizations.
- Use the ngx_* macros from the nginx-macros package to simplify
the spec file.
- Moved all the modules that support dynamic modules into their own
modules:
* nginx-module-geoip2
* nginx-module-fancyindex
* nginx-module-headers-more
- The rtmp module is replaced with nginx-module-http-flv
OBS-URL: https://build.opensuse.org/request/show/847130
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=183
- Update to 1.19.3
* https://nginx.org/en/CHANGES
* Add the ngx_stream_set_module.
* Add the "proxy_cookie_flags" directive.
* Add the "userid_flags" directive.
* Fix the "stale-if-error" cache control extension was erroneously
applied if backend returned a response with status code 500, 502,
503, 504, 403, 404, or 429.
* Fix "[crit] cache file ... has too long header" messages might
appear in logs if caching was used and the backend returned responses
with the "Vary" header line.
* Fix "[crit] SSL_write() failed" messages might appear in logs
when using OpenSSL 1.1.1.
* Fix "SSL_shutdown() failed (SSL: ... bad write retry)" messages
might appear in logs; the bug had appeared in 1.19.2.
* Fix a segmentation fault might occur in a worker process when
using HTTP/2 if errors with code 400 were redirected to a proxied
location using the "error_page" directive.
* Fix socket leak when using HTTP/2 and subrequests in the njs module.
OBS-URL: https://build.opensuse.org/request/show/838765
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=177
- Update to 1.19.2
* https://nginx.org/en/CHANGES
* Now nginx starts closing keepalive connections before all free
worker connections are exhausted, and logs a warning about this
to the error log.
* Optimization of client request body reading when using chunked
transfer encoding.
* Memory leak if the "ssl_ocsp" directive was used.
* "zero size buf in output" alerts might appear in logs if a
FastCGI server returned an incorrect response; the bug had
appeared in 1.19.1.
* A segmentation fault might occur in a worker process if
different large_client_header_buffers sizes were used in
different virtual servers.
* SSL shutdown might not work.
* "SSL_shutdown() failed (SSL: ... bad write retry)" messages
might appear in logs.
* In the ngx_http_slice_module.
* In the ngx_http_xslt_filter_module.
OBS-URL: https://build.opensuse.org/request/show/826073
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=175
- Update to 1.19.1
* https://nginx.org/en/CHANGES
* The "lingering_close", "lingering_time", and "lingering_timeout"
directives now work when using HTTP/2.
* Now extra data sent by a backend are always discarded.
* Now after receiving a too short response from a FastCGI server
nginx tries to send the available part of the response
to the client, and then closes the client connection.
* Now after receiving a response with incorrect length from a
gRPC backend nginx stops response processing with an error.
* The "min_free" parameter of the "proxy_cache_path",
"fastcgi_cache_path", "scgi_cache_path",
and "uwsgi_cache_path" directives.
* nginx did not delete unix domain listen sockets during
graceful shutdown on the SIGQUIT signal.
* Zero length UDP datagrams were not proxied.
* Proxying to uwsgi backends using SSL might not work.
* In error handling when using the "ssl_ocsp" directive.
* On XFS and NFS file systems disk cache size might be
calculated incorrectly.
* "negative size buf in writer" alerts might appear in logs if
a memcached server returned a malformed response.
OBS-URL: https://build.opensuse.org/request/show/819472
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=172
