- Updated to 1.27.3
* https://github.com/nginx/nginx/releases/tag/release-1.27.3
* Added the "server" directive in the "upstream" block supports the "resolve" parameter.
* Added the "resolver" and "resolver_timeout" directives in the "upstream" block.
* Added SmarterMail specific mode support for IMAP LOGIN with
untagged CAPABILITY response in the mail proxy module.
* Changed TLSv1 and TLSv1.1 protocols are disabled by default.
* Changed IPv6 address in square brackets and no port can be specified in the
"proxy_bind", "fastcgi_bind", "grpc_bind", "memcached_bind", "scgi_bind",
and "uwsgi_bind" directives, and as client address in ngx_http_realip_module.
* Fixed ngx_http_mp4_module and "proxy_store" directive.
OBS-URL: https://build.opensuse.org/request/show/1226763
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nginx?expand=0&rev=94
* https://github.com/nginx/nginx/releases/tag/release-1.27.3
* Added the "server" directive in the "upstream" block supports the "resolve" parameter.
* Added the "resolver" and "resolver_timeout" directives in the "upstream" block.
* Added SmarterMail specific mode support for IMAP LOGIN with
untagged CAPABILITY response in the mail proxy module.
* Changed TLSv1 and TLSv1.1 protocols are disabled by default.
* Changed IPv6 address in square brackets and no port can be specified in the
"proxy_bind", "fastcgi_bind", "grpc_bind", "memcached_bind", "scgi_bind",
and "uwsgi_bind" directives, and as client address in ngx_http_realip_module.
* Fixed ngx_http_mp4_module and "proxy_store" directive.
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=276
- Updated to 1.27.2
* https://nginx.org/en/CHANGES
* Added SSL certificates, secret keys, and CRLs are now cached on start
or during reconfiguration.
* Added client certificate validation with OCSP in the stream module.
* Added OCSP stapling support in the stream module.
* Added the "proxy_pass_trailers" directive in the ngx_http_proxy_module.
* Added the "ssl_client_certificate" directive now supports certificates
with auxiliary information.
* Changed now the "ssl_client_certificate" directive is not required
for client SSL certificates verification.
OBS-URL: https://build.opensuse.org/request/show/1205364
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nginx?expand=0&rev=93
* https://nginx.org/en/CHANGES
* Added SSL certificates, secret keys, and CRLs are now cached on start
or during reconfiguration.
* Added client certificate validation with OCSP in the stream module.
* Added OCSP stapling support in the stream module.
* Added the "proxy_pass_trailers" directive in the ngx_http_proxy_module.
* Added the "ssl_client_certificate" directive now supports certificates
with auxiliary information.
* Changed now the "ssl_client_certificate" directive is not required
for client SSL certificates verification.
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=274
- Renamed nginx-1.6.1-default_config.patch to nginx-conf.patch.
- Renamed nginx-1.2.4-perl_vendor_install.patch to nginx-perl.patch.
- Used atosetup -p1 macro and replaced editor from perl to sed.
- Added %check section with gpg signature source verification.
- Updated to 1.27.1
* https://nginx.org/en/CHANGES
* Fixed crash in ngx_http_mp4_module via specially crafted mp4 file (CVE-2024-7347).
* Now the stream module handler is not mandatory.
* Fixed new HTTP/2 connections might ignore graceful shutdown of old worker processes.
OBS-URL: https://build.opensuse.org/request/show/1194200
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nginx?expand=0&rev=91
- Renamed nginx-1.2.4-perl_vendor_install.patch to nginx-perl.patch.
- Used atosetup -p1 macro and replaced editor from perl to sed.
- Added %check section with gpg signature source verification.
- Updated to 1.27.1
* https://nginx.org/en/CHANGES
* Fixed crash in ngx_http_mp4_module via specially crafted mp4 file (CVE-2024-7347).
* Now the stream module handler is not mandatory.
* Fixed new HTTP/2 connections might ignore graceful shutdown of old worker processes.
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=270
- Renamed nginx-1.2.4-perl_vendor_install.patch to nginx-perl.patch.
- Used atosetup -p1 macro and replaced editor from perl to sed.
- Added %check section with gpg signature source_verification.
- Updated to 1.27.1
* https://nginx.org/en/CHANGES
* Fixed crash in ngx_http_mp4_module via specially crafted mp4 file (CVE-2024-7347).
* Now the stream module handler is not mandatory.
* Fixed new HTTP/2 connections might ignore graceful shutdown of old worker processes.
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=269
- Renamed nginx-1.2.4-perl_vendor_install.patch to nginx-perl.patch.
- Used atosetup -p1 macro and replaced editor from perl to sed.
- Updated to 1.27.1
* https://nginx.org/en/CHANGES
* Fixed crash in ngx_http_mp4_module via specially crafted mp4 file (CVE-2024-7347).
* Now the stream module handler is not mandatory.
* Fixed new HTTP/2 connections might ignore graceful shutdown of old worker processes.
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=268
- Updated to 1.25.4
* Changed nginx.keyring to Sergey Kandaurov’s PGP public key.
* https://nginx.org/en/CHANGES
* Fixed segmentation fault might occur in a worker process while
processing a specially crafted QUIC session (CVE-2024-24989, CVE-2024-24990).
* Fixed connections with pending AIO operations might be closed
prematurely during graceful shutdown of old worker processes.
* Fixed socket leak alerts no longer logged when fast shutdown was
requested after graceful shutdown of old worker processes.
* Fixed socket descriptor error, a socket leak, or a segmentation fault
in a worker process might occur if AIO was used in a subrequest.
* Fixed segmentation fault might occur in a worker process if SSL
proxying was used along with the "image_filter" directive and errors
with code 415 were redirected with the "error_page" directive.
OBS-URL: https://build.opensuse.org/request/show/1147449
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nginx?expand=0&rev=84
- Updated to 1.25.4
* Changed nginx.keyring to Sergey Kandaurov’s PGP public key.
* https://nginx.org/en/CHANGES
* Fixed segmentation fault might occur in a worker process while
processing a specially crafted QUIC session (CVE-2024-24989, CVE-2024-24990).
* Fixed connections with pending AIO operations might be closed
prematurely during graceful shutdown of old worker processes.
* Fixed socket leak alerts no longer logged when fast shutdown was
requested after graceful shutdown of old worker processes.
* Fixed socket descriptor error, a socket leak, or a segmentation fault
in a worker process might occur if AIO was used in a subrequest.
* Fixed segmentation fault might occur in a worker process if SSL
proxying was used along with the "image_filter" directive and errors
with code 415 were redirected with the "error_page" directive.
OBS-URL: https://build.opensuse.org/request/show/1147448
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=250
- Updated to 1.25.4
* Changed nginx.keyring to nginx public key.
* https://nginx.org/en/CHANGES
* Fixed segmentation fault might occur in a worker process while
processing a specially crafted QUIC session (CVE-2024-24989, CVE-2024-24990).
* Fixed connections with pending AIO operations might be closed
prematurely during graceful shutdown of old worker processes.
* Fixed socket leak alerts no longer logged when fast shutdown was
requested after graceful shutdown of old worker processes.
* Fixed socket descriptor error, a socket leak, or a segmentation fault
in a worker process might occur if AIO was used in a subrequest.
* Fixed segmentation fault might occur in a worker process if SSL
proxying was used along with the "image_filter" directive and errors
with code 415 were redirected with the "error_page" directive.
OBS-URL: https://build.opensuse.org/request/show/1147446
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=249
- Updated to 1.25.4
* https://nginx.org/en/CHANGES
* Fixed segmentation fault might occur in a worker process while
processing a specially crafted QUIC session (CVE-2024-24989, CVE-2024-24990).
* Fixed connections with pending AIO operations might be closed
prematurely during graceful shutdown of old worker processes.
* Fixed socket leak alerts no longer logged when fast shutdown was
requested after graceful shutdown of old worker processes.
* Fixed socket descriptor error, a socket leak, or a segmentation fault
in a worker process might occur if AIO was used in a subrequest.
* Fixed segmentation fault might occur in a worker process if SSL
proxying was used along with the "image_filter" directive and errors
with code 415 were redirected with the "error_page" directive.
OBS-URL: https://build.opensuse.org/request/show/1147439
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=248
- Updated to 1.25.3
* https://nginx.org/en/CHANGES
* Changed: improved detection of misbehaving clients when using HTTP/2.
* Added: startup speedup when using a large number of locations.
* Fixed: a segmentation fault might occur in a worker process when
using HTTP/2 without SSL; the bug had appeared in 1.25.1.
* Fixed: the "Status" backend response header line with an empty
reason phrase was handled incorrectly.
* Fixed: memory leak during reconfiguration when using the PCRE2 library.
OBS-URL: https://build.opensuse.org/request/show/1120596
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nginx?expand=0&rev=83
- Updated to 1.25.3
* https://nginx.org/en/CHANGES
* Changed: improved detection of misbehaving clients when using HTTP/2.
* Added: startup speedup when using a large number of locations.
* Fixed: a segmentation fault might occur in a worker process when
using HTTP/2 without SSL; the bug had appeared in 1.25.1.
* Fixed: the "Status" backend response header line with an empty
reason phrase was handled incorrectly.
* Fixed: memory leak during reconfiguration when using the PCRE2 library.
OBS-URL: https://build.opensuse.org/request/show/1120595
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=246
- Updated to 1.23.3
* Bugfix: an error might occur when reading PROXY protocol version 2
header with large number of TLVs.
* Bugfix: a segmentation fault might occur in a worker process if SSI
was used to process subrequests created by other modules.
* Workaround: when a hostname used in the "listen" directive resolves
to multiple addresses, nginx now ignores duplicates within these
addresses.
* Bugfix: nginx might hog CPU during unbuffered proxying if SSL
connections to backends were used.
OBS-URL: https://build.opensuse.org/request/show/1043486
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nginx?expand=0&rev=78
- Updated to 1.23.2
* Security: processing of a specially crafted mp4 file by the
ngx_http_mp4_module might cause a worker process crash, worker
process memory disclosure, or might have potential other impact
(CVE-2022-41741, CVE-2022-41742).
* Feature: the "$proxy_protocol_tlv_..." variables.
* Feature: TLS session tickets encryption keys are now automatically
rotated when using shared memory in the "ssl_session_cache"
directive.
* Change: the logging level of the "bad record type" SSL errors has
been lowered from "crit" to "info".
* Change: now when using shared memory in the "ssl_session_cache"
directive the "could not allocate new session" errors are logged at
the "warn" level instead of "alert" and not more often than once per second.
* Bugfix: nginx/Windows could not be built with OpenSSL 3.0.x.
* Bugfix: in logging of the PROXY protocol errors.
* Workaround: shared memory from the "ssl_session_cache" directive was
spent on sessions using TLS session tickets when using TLSv1.3 with OpenSSL.
* Workaround: timeout specified with the "ssl_session_timeout"
directive did not work when using TLSv1.3 with OpenSSL or BoringSSL.
OBS-URL: https://build.opensuse.org/request/show/1030027
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nginx?expand=0&rev=77
- Updated to 1.23.1
* Feature: memory usage optimization in configurations with SSL proxying.
* Feature: looking up of IPv4 addresses while resolving now can be
disabled with the "ipv4=off" parameter of the "resolver" directive.
* Change: the logging level of the "bad key share", "bad extension",
"bad cipher", and "bad ecpoint" SSL errors has been lowered from "crit" to "info".
* Bugfix: while returning byte ranges nginx did not remove the
"Content-Range" header line if it was present in the original backend response.
* Bugfix: a proxied response might be truncated during reconfiguration
on Linux; the bug had appeared in 1.17.5.
OBS-URL: https://build.opensuse.org/request/show/990292
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nginx?expand=0&rev=76
- Changed nginx.keyring to Konstantin Pavlov’s PGP public key.
- Removed nginx.init.
- Updated to 1.23.0
* https://nginx.org/en/CHANGES
* Now header lines are represented as linked lists.
* Now nginx combines arbitrary header lines with identical
names when sending to FastCGI, SCGI, and uwsgi backends, in the
$r->header_in() method of the ngx_http_perl_module, and during lookup
of the "$http_...", "$sent_http_...", "$sent_trailer_...",
"$upstream_http_...", and "$upstream_trailer_..." variables.
* Fixed: if there were multiple "Vary" header lines in the backend
response, nginx only used the last of them when caching.
* Fixed: if there were multiple "WWW-Authenticate" header lines in the
backend response and errors with code 401 were intercepted or the
"auth_request" directive was used, nginx only sent the first of the
header lines to the client.
* The logging level of the "application data after close
notify" SSL errors has been lowered from "crit" to "info".
* Fixed: connections might hang if nginx was built on Linux 2.6.17 or
newer, but was used on systems without EPOLLRDHUP support, notably
with epoll emulation layers; the bug had appeared in 1.17.5.
* Fixed: nginx did not cache the response if the "Expires" response
header line disabled caching, but following "Cache-Control" header
line enabled caching.
OBS-URL: https://build.opensuse.org/request/show/984278
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nginx?expand=0&rev=75
- Changed nginx.keyring to Konstantin Pavlov’s PGP public key.
- Removed nginx.init.
- Updated to 1.23.0
* https://nginx.org/en/CHANGES
* Now header lines are represented as linked lists.
* Now nginx combines arbitrary header lines with identical
names when sending to FastCGI, SCGI, and uwsgi backends, in the
$r->header_in() method of the ngx_http_perl_module, and during lookup
of the "$http_...", "$sent_http_...", "$sent_trailer_...",
"$upstream_http_...", and "$upstream_trailer_..." variables.
* Fixed: if there were multiple "Vary" header lines in the backend
response, nginx only used the last of them when caching.
* Fixed: if there were multiple "WWW-Authenticate" header lines in the
backend response and errors with code 401 were intercepted or the
"auth_request" directive was used, nginx only sent the first of the
header lines to the client.
* The logging level of the "application data after close
notify" SSL errors has been lowered from "crit" to "info".
* Fixed: connections might hang if nginx was built on Linux 2.6.17 or
newer, but was used on systems without EPOLLRDHUP support, notably
with epoll emulation layers; the bug had appeared in 1.17.5.
* Fixed: nginx did not cache the response if the "Expires" response
header line disabled caching, but following "Cache-Control" header
line enabled caching.
OBS-URL: https://build.opensuse.org/request/show/984277
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=229
