- Renamed nginx-1.6.1-default_config.patch to nginx-conf.patch.
- Renamed nginx-1.2.4-perl_vendor_install.patch to nginx-perl.patch.
- Used atosetup -p1 macro and replaced editor from perl to sed.
- Added %check section with gpg signature source verification.
- Updated to 1.27.1
* https://nginx.org/en/CHANGES
* Fixed crash in ngx_http_mp4_module via specially crafted mp4 file (CVE-2024-7347).
* Now the stream module handler is not mandatory.
* Fixed new HTTP/2 connections might ignore graceful shutdown of old worker processes.
OBS-URL: https://build.opensuse.org/request/show/1194200
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nginx?expand=0&rev=91
- Updated to 1.25.4
* Changed nginx.keyring to Sergey Kandaurov’s PGP public key.
* https://nginx.org/en/CHANGES
* Fixed segmentation fault might occur in a worker process while
processing a specially crafted QUIC session (CVE-2024-24989, CVE-2024-24990).
* Fixed connections with pending AIO operations might be closed
prematurely during graceful shutdown of old worker processes.
* Fixed socket leak alerts no longer logged when fast shutdown was
requested after graceful shutdown of old worker processes.
* Fixed socket descriptor error, a socket leak, or a segmentation fault
in a worker process might occur if AIO was used in a subrequest.
* Fixed segmentation fault might occur in a worker process if SSL
proxying was used along with the "image_filter" directive and errors
with code 415 were redirected with the "error_page" directive.
OBS-URL: https://build.opensuse.org/request/show/1147449
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nginx?expand=0&rev=84
- Updated to 1.25.4
* Changed nginx.keyring to Sergey Kandaurov’s PGP public key.
* https://nginx.org/en/CHANGES
* Fixed segmentation fault might occur in a worker process while
processing a specially crafted QUIC session (CVE-2024-24989, CVE-2024-24990).
* Fixed connections with pending AIO operations might be closed
prematurely during graceful shutdown of old worker processes.
* Fixed socket leak alerts no longer logged when fast shutdown was
requested after graceful shutdown of old worker processes.
* Fixed socket descriptor error, a socket leak, or a segmentation fault
in a worker process might occur if AIO was used in a subrequest.
* Fixed segmentation fault might occur in a worker process if SSL
proxying was used along with the "image_filter" directive and errors
with code 415 were redirected with the "error_page" directive.
OBS-URL: https://build.opensuse.org/request/show/1147448
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=250
- Updated to 1.25.4
* Changed nginx.keyring to nginx public key.
* https://nginx.org/en/CHANGES
* Fixed segmentation fault might occur in a worker process while
processing a specially crafted QUIC session (CVE-2024-24989, CVE-2024-24990).
* Fixed connections with pending AIO operations might be closed
prematurely during graceful shutdown of old worker processes.
* Fixed socket leak alerts no longer logged when fast shutdown was
requested after graceful shutdown of old worker processes.
* Fixed socket descriptor error, a socket leak, or a segmentation fault
in a worker process might occur if AIO was used in a subrequest.
* Fixed segmentation fault might occur in a worker process if SSL
proxying was used along with the "image_filter" directive and errors
with code 415 were redirected with the "error_page" directive.
OBS-URL: https://build.opensuse.org/request/show/1147446
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=249
- Updated to 1.25.4
* https://nginx.org/en/CHANGES
* Fixed segmentation fault might occur in a worker process while
processing a specially crafted QUIC session (CVE-2024-24989, CVE-2024-24990).
* Fixed connections with pending AIO operations might be closed
prematurely during graceful shutdown of old worker processes.
* Fixed socket leak alerts no longer logged when fast shutdown was
requested after graceful shutdown of old worker processes.
* Fixed socket descriptor error, a socket leak, or a segmentation fault
in a worker process might occur if AIO was used in a subrequest.
* Fixed segmentation fault might occur in a worker process if SSL
proxying was used along with the "image_filter" directive and errors
with code 415 were redirected with the "error_page" directive.
OBS-URL: https://build.opensuse.org/request/show/1147439
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=248
- Updated to 1.25.3
* https://nginx.org/en/CHANGES
* Changed: improved detection of misbehaving clients when using HTTP/2.
* Added: startup speedup when using a large number of locations.
* Fixed: a segmentation fault might occur in a worker process when
using HTTP/2 without SSL; the bug had appeared in 1.25.1.
* Fixed: the "Status" backend response header line with an empty
reason phrase was handled incorrectly.
* Fixed: memory leak during reconfiguration when using the PCRE2 library.
OBS-URL: https://build.opensuse.org/request/show/1120596
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nginx?expand=0&rev=83
- Updated to 1.25.3
* https://nginx.org/en/CHANGES
* Changed: improved detection of misbehaving clients when using HTTP/2.
* Added: startup speedup when using a large number of locations.
* Fixed: a segmentation fault might occur in a worker process when
using HTTP/2 without SSL; the bug had appeared in 1.25.1.
* Fixed: the "Status" backend response header line with an empty
reason phrase was handled incorrectly.
* Fixed: memory leak during reconfiguration when using the PCRE2 library.
OBS-URL: https://build.opensuse.org/request/show/1120595
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=246
- Updated to 1.23.3
* Bugfix: an error might occur when reading PROXY protocol version 2
header with large number of TLVs.
* Bugfix: a segmentation fault might occur in a worker process if SSI
was used to process subrequests created by other modules.
* Workaround: when a hostname used in the "listen" directive resolves
to multiple addresses, nginx now ignores duplicates within these
addresses.
* Bugfix: nginx might hog CPU during unbuffered proxying if SSL
connections to backends were used.
OBS-URL: https://build.opensuse.org/request/show/1043486
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nginx?expand=0&rev=78
- Updated to 1.23.2
* Security: processing of a specially crafted mp4 file by the
ngx_http_mp4_module might cause a worker process crash, worker
process memory disclosure, or might have potential other impact
(CVE-2022-41741, CVE-2022-41742).
* Feature: the "$proxy_protocol_tlv_..." variables.
* Feature: TLS session tickets encryption keys are now automatically
rotated when using shared memory in the "ssl_session_cache"
directive.
* Change: the logging level of the "bad record type" SSL errors has
been lowered from "crit" to "info".
* Change: now when using shared memory in the "ssl_session_cache"
directive the "could not allocate new session" errors are logged at
the "warn" level instead of "alert" and not more often than once per second.
* Bugfix: nginx/Windows could not be built with OpenSSL 3.0.x.
* Bugfix: in logging of the PROXY protocol errors.
* Workaround: shared memory from the "ssl_session_cache" directive was
spent on sessions using TLS session tickets when using TLSv1.3 with OpenSSL.
* Workaround: timeout specified with the "ssl_session_timeout"
directive did not work when using TLSv1.3 with OpenSSL or BoringSSL.
OBS-URL: https://build.opensuse.org/request/show/1030027
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nginx?expand=0&rev=77
- Updated to 1.23.1
* Feature: memory usage optimization in configurations with SSL proxying.
* Feature: looking up of IPv4 addresses while resolving now can be
disabled with the "ipv4=off" parameter of the "resolver" directive.
* Change: the logging level of the "bad key share", "bad extension",
"bad cipher", and "bad ecpoint" SSL errors has been lowered from "crit" to "info".
* Bugfix: while returning byte ranges nginx did not remove the
"Content-Range" header line if it was present in the original backend response.
* Bugfix: a proxied response might be truncated during reconfiguration
on Linux; the bug had appeared in 1.17.5.
OBS-URL: https://build.opensuse.org/request/show/990292
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nginx?expand=0&rev=76
- Changed nginx.keyring to Konstantin Pavlov’s PGP public key.
- Removed nginx.init.
- Updated to 1.23.0
* https://nginx.org/en/CHANGES
* Now header lines are represented as linked lists.
* Now nginx combines arbitrary header lines with identical
names when sending to FastCGI, SCGI, and uwsgi backends, in the
$r->header_in() method of the ngx_http_perl_module, and during lookup
of the "$http_...", "$sent_http_...", "$sent_trailer_...",
"$upstream_http_...", and "$upstream_trailer_..." variables.
* Fixed: if there were multiple "Vary" header lines in the backend
response, nginx only used the last of them when caching.
* Fixed: if there were multiple "WWW-Authenticate" header lines in the
backend response and errors with code 401 were intercepted or the
"auth_request" directive was used, nginx only sent the first of the
header lines to the client.
* The logging level of the "application data after close
notify" SSL errors has been lowered from "crit" to "info".
* Fixed: connections might hang if nginx was built on Linux 2.6.17 or
newer, but was used on systems without EPOLLRDHUP support, notably
with epoll emulation layers; the bug had appeared in 1.17.5.
* Fixed: nginx did not cache the response if the "Expires" response
header line disabled caching, but following "Cache-Control" header
line enabled caching.
OBS-URL: https://build.opensuse.org/request/show/984278
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nginx?expand=0&rev=75
- Changed nginx.keyring to Konstantin Pavlov’s PGP public key.
- Removed nginx.init.
- Updated to 1.23.0
* https://nginx.org/en/CHANGES
* Now header lines are represented as linked lists.
* Now nginx combines arbitrary header lines with identical
names when sending to FastCGI, SCGI, and uwsgi backends, in the
$r->header_in() method of the ngx_http_perl_module, and during lookup
of the "$http_...", "$sent_http_...", "$sent_trailer_...",
"$upstream_http_...", and "$upstream_trailer_..." variables.
* Fixed: if there were multiple "Vary" header lines in the backend
response, nginx only used the last of them when caching.
* Fixed: if there were multiple "WWW-Authenticate" header lines in the
backend response and errors with code 401 were intercepted or the
"auth_request" directive was used, nginx only sent the first of the
header lines to the client.
* The logging level of the "application data after close
notify" SSL errors has been lowered from "crit" to "info".
* Fixed: connections might hang if nginx was built on Linux 2.6.17 or
newer, but was used on systems without EPOLLRDHUP support, notably
with epoll emulation layers; the bug had appeared in 1.17.5.
* Fixed: nginx did not cache the response if the "Expires" response
header line disabled caching, but following "Cache-Control" header
line enabled caching.
OBS-URL: https://build.opensuse.org/request/show/984277
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=229
- Updated nginx.keyring.
- Removed nginx.init.
- Updated to 1.23.0
* https://nginx.org/en/CHANGES
* Now header lines are represented as linked lists.
* Now nginx combines arbitrary header lines with identical
names when sending to FastCGI, SCGI, and uwsgi backends, in the
$r->header_in() method of the ngx_http_perl_module, and during lookup
of the "$http_...", "$sent_http_...", "$sent_trailer_...",
"$upstream_http_...", and "$upstream_trailer_..." variables.
* Fixed: if there were multiple "Vary" header lines in the backend
response, nginx only used the last of them when caching.
* Fixed: if there were multiple "WWW-Authenticate" header lines in the
backend response and errors with code 401 were intercepted or the
"auth_request" directive was used, nginx only sent the first of the
header lines to the client.
* The logging level of the "application data after close
notify" SSL errors has been lowered from "crit" to "info".
* Fixed: connections might hang if nginx was built on Linux 2.6.17 or
newer, but was used on systems without EPOLLRDHUP support, notably
with epoll emulation layers; the bug had appeared in 1.17.5.
* Fixed: nginx did not cache the response if the "Expires" response
header line disabled caching, but following "Cache-Control" header
line enabled caching.
OBS-URL: https://build.opensuse.org/request/show/984271
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=227
- Updated nginx.keyring.
- Updated to 1.23.0
* https://nginx.org/en/CHANGES
* Now header lines are represented as linked lists.
* Now nginx combines arbitrary header lines with identical
names when sending to FastCGI, SCGI, and uwsgi backends, in the
$r->header_in() method of the ngx_http_perl_module, and during lookup
of the "$http_...", "$sent_http_...", "$sent_trailer_...",
"$upstream_http_...", and "$upstream_trailer_..." variables.
* Fixed: if there were multiple "Vary" header lines in the backend
response, nginx only used the last of them when caching.
* Fixed: if there were multiple "WWW-Authenticate" header lines in the
backend response and errors with code 401 were intercepted or the
"auth_request" directive was used, nginx only sent the first of the
header lines to the client.
* The logging level of the "application data after close
notify" SSL errors has been lowered from "crit" to "info".
* Fixed: connections might hang if nginx was built on Linux 2.6.17 or
newer, but was used on systems without EPOLLRDHUP support, notably
with epoll emulation layers; the bug had appeared in 1.17.5.
* Fixed: nginx did not cache the response if the "Expires" response
header line disabled caching, but following "Cache-Control" header
line enabled caching.
OBS-URL: https://build.opensuse.org/request/show/984266
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=226
- Updated to 1.21.4
* https://nginx.org/en/CHANGES
* Support for NPN instead of ALPN to establish HTTP/2
connections has been removed.
* Now nginx rejects SSL connections if ALPN is used by the
client, but no supported protocols can be negotiated.
* The default value of the "sendfile_max_chunk" directive was
changed to 2 megabytes.
* The "proxy_half_close" directive in the stream module.
* The "ssl_alpn" directive in the stream module.
* The $ssl_alpn_protocol variable.
* Support for SSL_sendfile() when using OpenSSL 3.0.
* The "mp4_start_key_frame" directive in the ngx_http_mp4_module.
* In the $content_length variable when using chunked transfer encoding.
* After receiving a response with incorrect length from a proxied
backend nginx might nevertheless cache the connection.
* Invalid headers from backends were logged at the "info" level
instead of "error"; the bug had appeared in 1.21.1.
* Requests might hang when using HTTP/2 and the "aio_write" directive.
- drop vim-plugin-nginx, now is provided directly by vim
OBS-URL: https://build.opensuse.org/request/show/930156
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nginx?expand=0&rev=72
- Updated to 1.21.4
* https://nginx.org/en/CHANGES
* Support for NPN instead of ALPN to establish HTTP/2
connections has been removed.
* Now nginx rejects SSL connections if ALPN is used by the
client, but no supported protocols can be negotiated.
* The default value of the "sendfile_max_chunk" directive was
changed to 2 megabytes.
* The "proxy_half_close" directive in the stream module.
* The "ssl_alpn" directive in the stream module.
* The $ssl_alpn_protocol variable.
* Support for SSL_sendfile() when using OpenSSL 3.0.
* The "mp4_start_key_frame" directive in the ngx_http_mp4_module.
* In the $content_length variable when using chunked transfer encoding.
* After receiving a response with incorrect length from a proxied
backend nginx might nevertheless cache the connection.
* Invalid headers from backends were logged at the "info" level
instead of "error"; the bug had appeared in 1.21.1.
* Requests might hang when using HTTP/2 and the "aio_write" directive.
OBS-URL: https://build.opensuse.org/request/show/929778
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=217
- Updated to 1.21.2
* https://nginx.org/en/CHANGES
* Now nginx rejects HTTP/1.0 requests with the "Transfer-Encoding" header line.
* Export ciphers are no longer supported.
* Added OpenSSL 3.0 compatibility.
* Added the "Auth-SSL-Protocol" and "Auth-SSL-Cipher" header lines
are now passed to the mail proxy authentication server.
* Added request body filters API now permits buffering of the data being processed.
* Fixed backend SSL connections in the stream module might hang after an SSL handshake.
* Fixed the security level, which is available in OpenSSL 1.1.0 or newer,
did not affect loading of the server certificates when set
with "@SECLEVEL=N" in the "ssl_ciphers" directive.
* Fixed SSL connections with gRPC backends might hang if select, poll,
or /dev/poll methods were used.
* Fixed when using HTTP/2 client request body was always written to
disk if the "Content-Length" header line was not present in the request.
OBS-URL: https://build.opensuse.org/request/show/915419
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nginx?expand=0&rev=69
- Updated to 1.21.2
* https://nginx.org/en/CHANGES
* Now nginx rejects HTTP/1.0 requests with the "Transfer-Encoding" header line.
* Export ciphers are no longer supported.
* Added OpenSSL 3.0 compatibility.
* Added the "Auth-SSL-Protocol" and "Auth-SSL-Cipher" header lines
are now passed to the mail proxy authentication server.
* Added request body filters API now permits buffering of the data being processed.
* Fixed backend SSL connections in the stream module might hang after an SSL handshake.
* Fixed the security level, which is available in OpenSSL 1.1.0 or newer,
did not affect loading of the server certificates when set
with "@SECLEVEL=N" in the "ssl_ciphers" directive.
* Fixed SSL connections with gRPC backends might hang if select, poll,
or /dev/poll methods were used.
* Fixed when using HTTP/2 client request body was always written to
disk if the "Content-Length" header line was not present in the request.
OBS-URL: https://build.opensuse.org/request/show/915418
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=212
- Updated to 1.21.1
* https://nginx.org/en/CHANGES
* Now nginx always returns an error for the CONNECT method.
* Now nginx always returns an error if both "Content-Length"
and "Transfer-Encoding" header lines are present in the request.
* Now nginx always returns an error if spaces or control
characters are used in the request line.
* Now nginx always returns an error if spaces or control
characters are used in a header name.
* Now nginx always returns an error if spaces or control
characters are used in the "Host" request header line.
* Optimization of configuration testing when using many
listening sockets.
* Fixed: nginx did not escape """, "<", ">", "\", "^", "`", "{", "|",
and "}" characters when proxying with changed URI.
* Fixed: SSL variables might be empty when used in logs; the bug had
appeared in 1.19.5.
* Fixed: keepalive connections with gRPC backends might not be closed
after receiving a GOAWAY frame.
* Fixed: reduced memory consumption for long-lived requests when
proxying with more than 64 buffers.
OBS-URL: https://build.opensuse.org/request/show/904634
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=211
- Updated to 1.21.0
* https://nginx.org/en/CHANGES
* Added variables support in the "proxy_ssl_certificate",
"proxy_ssl_certificate_key" "grpc_ssl_certificate",
"grpc_ssl_certificate_key", "uwsgi_ssl_certificate", and
"uwsgi_ssl_certificate_key" directives.
* Added the "max_errors" directive in the mail proxy module.
* Added the mail proxy module supports POP3 and IMAP pipelining.
* Added the "fastopen" parameter of the "listen" directive in the
stream module.
* Fixed special characters were not escaped during automatic redirect
with appended trailing slash.
* Fixed connections with clients in the mail proxy module might be
closed unexpectedly when using SMTP pipelining.
OBS-URL: https://build.opensuse.org/request/show/896986
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nginx?expand=0&rev=66
- Updated to 1.21.0
* https://nginx.org/en/CHANGES
* Added variables support in the "proxy_ssl_certificate",
"proxy_ssl_certificate_key" "grpc_ssl_certificate",
"grpc_ssl_certificate_key", "uwsgi_ssl_certificate", and
"uwsgi_ssl_certificate_key" directives.
* Added the "max_errors" directive in the mail proxy module.
* Added the mail proxy module supports POP3 and IMAP pipelining.
* Added the "fastopen" parameter of the "listen" directive in the
stream module.
* Fixed special characters were not escaped during automatic redirect
with appended trailing slash.
* Fixed connections with clients in the mail proxy module might be
closed unexpectedly when using SMTP pipelining.
OBS-URL: https://build.opensuse.org/request/show/896985
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=207
- update to 1.21.0:
* Feature: variables support in the "proxy_ssl_certificate",
"proxy_ssl_certificate_key" "grpc_ssl_certificate",
"grpc_ssl_certificate_key", "uwsgi_ssl_certificate", and
"uwsgi_ssl_certificate_key" directives.
* Feature: the "max_errors" directive in the mail proxy module.
* Feature: the mail proxy module supports POP3 and IMAP pipelining.
* Feature: the "fastopen" parameter of the "listen" directive in the
stream module.
* Bugfix: special characters were not escaped during automatic redirect
with appended trailing slash.
* Bugfix: connections with clients in the mail proxy module might be
closed unexpectedly when using SMTP pipelining.
OBS-URL: https://build.opensuse.org/request/show/895804
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=206
- Update to 1.19.9
* https://nginx.org/en/CHANGES
* Fixed nginx could not be built with the mail proxy module, but
without the ngx_mail_ssl_module; the bug had appeared in 1.19.8.
* Fixed "upstream sent response body larger than indicated content
length" errors might occur when working with gRPC backends;
the bug had appeared in 1.19.1.
* Fixed nginx might not close a connection till keepalive timeout
expiration if the connection was closed by the client while
discarding the request body.
* Fixed nginx might not detect that a connection was already closed
by the client when waiting for auth_delay or limit_req delay,
or when working with backends.
* Fixed in the eventport method.
OBS-URL: https://build.opensuse.org/request/show/882789
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=196
- update to 1.19.8:
* Feature: flags in the "proxy_cookie_flags" directive can now contain
variables.
* Feature: the "proxy_protocol" parameter of the "listen" directive,
the "proxy_protocol" and "set_real_ip_from" directives in mail proxy.
* Bugfix: HTTP/2 connections were immediately closed when using
"keepalive_timeout 0"; the bug had appeared in 1.19.7.
* Bugfix: some errors were logged as unknown if nginx was built with
glibc 2.32.
* Bugfix: in the eventport method.
OBS-URL: https://build.opensuse.org/request/show/879894
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nginx?expand=0&rev=61
- update to 1.19.8:
* Feature: flags in the "proxy_cookie_flags" directive can now contain
variables.
* Feature: the "proxy_protocol" parameter of the "listen" directive,
the "proxy_protocol" and "set_real_ip_from" directives in mail proxy.
* Bugfix: HTTP/2 connections were immediately closed when using
"keepalive_timeout 0"; the bug had appeared in 1.19.7.
* Bugfix: some errors were logged as unknown if nginx was built with
glibc 2.32.
* Bugfix: in the eventport method.
OBS-URL: https://build.opensuse.org/request/show/878625
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=193
- Refreshed spec-file via spec-cleaner and manual optimizations.
* Droped obsolete conditional constructs.
* Removed pkg_name macro.
- Drop nginx_upstream_check module, there is no support for dynamic
loading upstream and the module seems kind of unmaintained.
- Removed patch check_1.9.2+.patch.
- Update to 1.19.7
* https://nginx.org/en/CHANGES
* Change: connections handling in HTTP/2 has been changed to
better match HTTP/1.x; the "http2_recv_timeout",
"http2_idle_timeout", and "http2_max_requests" directives have
been removed, the "keepalive_timeout" and "keepalive_requests"
directives should be used instead.
* Change: the "http2_max_field_size" and "http2_max_header_size"
directives have been removed, the "large_client_header_buffers"
directive should be used instead.
* Feature: now, if free worker connections are exhausted, nginx
starts closing not only keepalive connections, but also
connections in lingering close.
* Bugfix: "zero size buf in output" alerts might appear in logs
if an upstream server returned an incorrect response during
unbuffered proxying; the bug had appeared in 1.19.1.
* Bugfix: HEAD requests were handled incorrectly if the "return"
directive was used with the "image_filter" or "xslt_stylesheet"
directives.
* Bugfix: in the "add_trailer" directive.
- Since we only target sle 12 and above we can skip all
conditionals which apply to suse_version before 1315
With changes in nginx itself we will drop support for sysvinit.
http2, libatomic support and pcre_jit will always be on now.
and we build all binaries with PIE now.
- Moved the last 2 path macros from nginx.spec to the macros file.
(pid and lock path)
OBS-URL: https://build.opensuse.org/request/show/875608
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=191
- Refresh spec-file via spec-cleaner and manual optimizations.
- Use the ngx_* macros from the nginx-macros package to simplify
the spec file.
- Moved all the modules that support dynamic modules into their own
modules:
* nginx-module-geoip2
* nginx-module-fancyindex
* nginx-module-headers-more
- The rtmp module is replaced with nginx-module-http-flv
OBS-URL: https://build.opensuse.org/request/show/847130
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=183
- Update to 1.19.3
* https://nginx.org/en/CHANGES
* Add the ngx_stream_set_module.
* Add the "proxy_cookie_flags" directive.
* Add the "userid_flags" directive.
* Fix the "stale-if-error" cache control extension was erroneously
applied if backend returned a response with status code 500, 502,
503, 504, 403, 404, or 429.
* Fix "[crit] cache file ... has too long header" messages might
appear in logs if caching was used and the backend returned responses
with the "Vary" header line.
* Fix "[crit] SSL_write() failed" messages might appear in logs
when using OpenSSL 1.1.1.
* Fix "SSL_shutdown() failed (SSL: ... bad write retry)" messages
might appear in logs; the bug had appeared in 1.19.2.
* Fix a segmentation fault might occur in a worker process when
using HTTP/2 if errors with code 400 were redirected to a proxied
location using the "error_page" directive.
* Fix socket leak when using HTTP/2 and subrequests in the njs module.
OBS-URL: https://build.opensuse.org/request/show/839168
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nginx?expand=0&rev=56
- Update to 1.19.3
* https://nginx.org/en/CHANGES
* Add the ngx_stream_set_module.
* Add the "proxy_cookie_flags" directive.
* Add the "userid_flags" directive.
* Fix the "stale-if-error" cache control extension was erroneously
applied if backend returned a response with status code 500, 502,
503, 504, 403, 404, or 429.
* Fix "[crit] cache file ... has too long header" messages might
appear in logs if caching was used and the backend returned responses
with the "Vary" header line.
* Fix "[crit] SSL_write() failed" messages might appear in logs
when using OpenSSL 1.1.1.
* Fix "SSL_shutdown() failed (SSL: ... bad write retry)" messages
might appear in logs; the bug had appeared in 1.19.2.
* Fix a segmentation fault might occur in a worker process when
using HTTP/2 if errors with code 400 were redirected to a proxied
location using the "error_page" directive.
* Fix socket leak when using HTTP/2 and subrequests in the njs module.
OBS-URL: https://build.opensuse.org/request/show/838765
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=177
- Update to 1.19.2
* https://nginx.org/en/CHANGES
* Now nginx starts closing keepalive connections before all free
worker connections are exhausted, and logs a warning about this
to the error log.
* Optimization of client request body reading when using chunked
transfer encoding.
* Memory leak if the "ssl_ocsp" directive was used.
* "zero size buf in output" alerts might appear in logs if a
FastCGI server returned an incorrect response; the bug had
appeared in 1.19.1.
* A segmentation fault might occur in a worker process if
different large_client_header_buffers sizes were used in
different virtual servers.
* SSL shutdown might not work.
* "SSL_shutdown() failed (SSL: ... bad write retry)" messages
might appear in logs.
* In the ngx_http_slice_module.
* In the ngx_http_xslt_filter_module.
OBS-URL: https://build.opensuse.org/request/show/826073
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=175
- Update to 1.19.1
* https://nginx.org/en/CHANGES
* The "lingering_close", "lingering_time", and "lingering_timeout"
directives now work when using HTTP/2.
* Now extra data sent by a backend are always discarded.
* Now after receiving a too short response from a FastCGI server
nginx tries to send the available part of the response
to the client, and then closes the client connection.
* Now after receiving a response with incorrect length from a
gRPC backend nginx stops response processing with an error.
* The "min_free" parameter of the "proxy_cache_path",
"fastcgi_cache_path", "scgi_cache_path",
and "uwsgi_cache_path" directives.
* nginx did not delete unix domain listen sockets during
graceful shutdown on the SIGQUIT signal.
* Zero length UDP datagrams were not proxied.
* Proxying to uwsgi backends using SSL might not work.
* In error handling when using the "ssl_ocsp" directive.
* On XFS and NFS file systems disk cache size might be
calculated incorrectly.
* "negative size buf in writer" alerts might appear in logs if
a memcached server returned a malformed response.
OBS-URL: https://build.opensuse.org/request/show/819472
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=172
- Update to 1.17.9
* https://nginx.org/en/CHANGES
* Now nginx does not allow several "Host" request header lines.
* nginx ignored additional "Transfer-Encoding" request header lines.
* Socket leak when using HTTP/2.
* A segmentation fault might occur in a worker process if OCSP
stapling was used.
* In the ngx_http_mp4_module.
* nginx used status code 494 instead of 400 if errors with code
494 were redirected with the "error_page" directive.
* Socket leak when using subrequests in the njs module and the
"aio" directive.
OBS-URL: https://build.opensuse.org/request/show/781491
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=158
* Feature: variables support in the "grpc_pass" directive.
* Bugfix: a timeout might occur while handling pipelined requests
in an SSL connection; the bug had appeared in 1.17.5.
* Bugfix: in the "debug_points" directive when using HTTP/2.
Thanks to Daniil Bondarev.
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=156
- Refresh spec-file via spec-cleaner.
- Add in service-file Wants=network-online.target (boo#1155690)
- Update to 1.17.7
* https://nginx.org/en/CHANGES
* A segmentation fault might occur on start or during
reconfiguration if the "rewrite" directive with an empty
replacement string was used in the configuration.
* A segmentation fault might occur in a worker process if the
"break" directive was used with the "alias" directive or with
the "proxy_pass" directive with a URI.
* The "Location" response header line might contain garbage if
the request URI was rewritten to the one containing a null character.
* Requests with bodies were handled incorrectly when returning redirections
with the "error_page" directive; the bug had appeared in 0.7.12.
* Socket leak when using HTTP/2.
* A timeout might occur while handling pipelined requests in an
SSL connection; the bug had appeared in 1.17.5.
* Bugfix in the ngx_http_dav_module.
OBS-URL: https://build.opensuse.org/request/show/759769
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=152
- Update to 1.17.4
* https://nginx.org/en/CHANGES
* Better detection of incorrect client behavior in HTTP/2.
* In handling of not fully read client request body when
returning errors in HTTP/2.
* The "worker_shutdown_timeout" directive might not work when
using HTTP/2.
* A segmentation fault might occur in a worker process when
using HTTP/2 and the "proxy_request_buffering" directive.
* The ECONNABORTED error log level was "crit" instead of
"error" on Windows when using SSL.
* nginx ignored extra data when using chunked transfer
encoding.
* nginx always returned the 500 error if the "return" directive
was used and an error occurred during reading client request body.
* In memory allocation error handling.
OBS-URL: https://build.opensuse.org/request/show/741628
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=144
- update to 1.17.3
- Security: when using HTTP/2 a client might cause excessive
memory consumption and CPU usage (CVE-2019-9511, CVE-2019-9513,
CVE-2019-9516).
- Bugfix: "zero size buf" alerts might appear in logs when using
gzipping; the bug had appeared in 1.17.2.
- Bugfix: a segmentation fault might occur in a worker process if
the "resolver" directive was used in SMTP proxy. (forwarded request 723395 from darix)
OBS-URL: https://build.opensuse.org/request/show/723397
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nginx?expand=0&rev=39
- update to 1.17.3
- Security: when using HTTP/2 a client might cause excessive
memory consumption and CPU usage (CVE-2019-9511, CVE-2019-9513,
CVE-2019-9516).
- Bugfix: "zero size buf" alerts might appear in logs when using
gzipping; the bug had appeared in 1.17.2.
- Bugfix: a segmentation fault might occur in a worker process if
the "resolver" directive was used in SMTP proxy.
OBS-URL: https://build.opensuse.org/request/show/723395
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=142
- Feature: the "limit_req_dry_run" directive.
- Feature: when using the "hash" directive inside the "upstream"
block an empty hash key now triggers round-robin balancing.
Thanks to Niklas Keller.
- Bugfix: a segmentation fault might occur in a worker process if
caching was used along with the "image_filter" directive, and
errors with code 415 were redirected with the "error_page"
directive; the bug had appeared in 1.11.10.
- Bugfix: a segmentation fault might occur in a worker process if
embedded perl was used; the bug had appeared in 1.7.3.
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=138
- update to 1.15.6
- Security: when using HTTP/2 a client might cause excessive memory
consumption (CVE-2018-16843) and CPU usage (CVE-2018-16844).
- Security: processing of a specially crafted mp4 file with the
ngx_http_mp4_module might result in worker process memory disclosure
(CVE-2018-16845).
- Feature: the "proxy_socket_keepalive", "fastcgi_socket_keepalive",
"grpc_socket_keepalive", "memcached_socket_keepalive",
"scgi_socket_keepalive", and "uwsgi_socket_keepalive" directives.
- Bugfix: if nginx was built with OpenSSL 1.1.0 and used with OpenSSL
1.1.1, the TLS 1.3 protocol was always enabled.
- Bugfix: working with gRPC backends might result in excessive memory
consumption.
- Fix vim-plugin-nginx rpm group.
- update to 1.15.4
- Feature: now the "ssl_early_data" directive can be used with OpenSSL.
- Bugfix: in the ngx_http_uwsgi_module.
- Bugfix: connections with some gRPC backends might not be cached when
using the "keepalive" directive.
- Bugfix: a socket leak might occur when using the "error_page"
directive to redirect early request processing errors, notably errors
with code 400.
- Bugfix: the "return" directive did not change the response code when
returning errors if the request was redirected by the "error_page"
directive.
- Bugfix: standard error pages and responses of the
ngx_http_autoindex_module module used the "bgcolor" attribute, and
might be displayed incorrectly when using custom color settings in
browsers.
OBS-URL: https://build.opensuse.org/request/show/647300
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=125
- Feature: now TLSv1.3 can be used with BoringSSL.
- Feature: the "ssl_early_data" directive, currently available
with BoringSSL.
- Feature: the "keepalive_timeout" and "keepalive_requests"
directives in the "upstream" block.
- Bugfix: the ngx_http_dav_module did not truncate destination
file when copying a file over an existing one with the COPY
method.
- Bugfix: the ngx_http_dav_module used zero access rights on the
destination file and did not preserve file modification time
when moving a file between different file systems with the MOVE
method.
- Bugfix: the ngx_http_dav_module used default access rights when
copying a file with the COPY method.
- Workaround: some clients might not work when using HTTP/2; the
bug had appeared in 1.13.5.
- Bugfix: nginx could not be built with LibreSSL 2.8.0.
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=119
- update to 1.15.2
- Feature: the $ssl_preread_protocol variable in the
ngx_stream_ssl_preread_module.
- Feature: now when using the "reset_timedout_connection"
directive nginx will reset connections being closed with the
444 code.
- Change: a logging level of the "http request", "https proxy
request", "unsupported protocol", and "version too low" SSL
errors has been lowered from "crit" to "info".
- Bugfix: DNS requests were not resent if initial sending of a
request failed.
- Bugfix: the "reuseport" parameter of the "listen" directive was
ignored if the number of worker processes was specified after
the "listen" directive.
- Bugfix: when using OpenSSL 1.1.0 or newer it was not possible
to switch off "ssl_prefer_server_ciphers" in a virtual server
if it was switched on in the default server.
- Bugfix: SSL session reuse with upstream servers did not work
with the TLS 1.3 protocol.
- update to 1.15.1
OBS-URL: https://build.opensuse.org/request/show/626476
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=117
- update rmtp module to 1.2.1
- just commenting all places where we fallthrough conditionals
- update headers more to 0.33
- feature: add wildcard match support for
more_clear_input_headers.
- update fancyindex module to 0.4.2
This release contains an important fix which can cause Nginx to
crash when a directory contains zero-sized (empty) files. This
bug has been present in all previous releases, and all users are
strongly encouraged to update to version 0.4.2.
https://github.com/aperezdc/ngx-fancyindex/releases/tag/v0.4.2
- changes from 1.13.9
- Feature: HTTP/2 server push support; the "http2_push" and
"http2_push_preload" directives.
- Bugfix: "header already sent" alerts might appear in logs when
using cache; the bug had appeared in 1.9.13.
- Bugfix: a segmentation fault might occur in a worker process if
the "ssl_verify_client" directive was used and no SSL
certificate was specified in a virtual server.
- Bugfix: in the ngx_http_v2_module.
- Bugfix: in the ngx_http_dav_module.
- updates from 1.13.8
- Feature: now nginx automatically preserves the CAP_NET_RAW
capability in worker processes when using the "transparent"
parameter of the "proxy_bind", "fastcgi_bind",
"memcached_bind", "scgi_bind", and "uwsgi_bind" directives.
- Feature: improved CPU cache line size detection. Thanks to
Debayan Ghosh.
- Feature: new directives in vim syntax highlighting scripts.
Thanks to Gena Makhomed.
- Bugfix: binary upgrade refused to work if nginx was re-parented
to a process with PID different from 1 after its parent process
has finished.
- Bugfix: the ngx_http_autoindex_module incorrectly handled
requests with bodies.
- Bugfix: in the "proxy_limit_rate" directive when used with the
"keepalive" directive.
- Bugfix: some parts of a response might be buffered when using
"proxy_buffering off" if the client connection used SSL.
Thanks to Patryk Lesiewicz.
- Bugfix: in the "proxy_cache_background_update" directive.
- Bugfix: it was not possible to start a parameter with a
variable in the "${name}" form with the name in curly brackets
without enclosing the parameter into single or double quotes.
OBS-URL: https://build.opensuse.org/request/show/578706
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nginx?expand=0&rev=20
- just commenting all places where we fallthrough conditionals
- update headers more to 0.33
- feature: add wildcard match support for
more_clear_input_headers.
- update fancyindex module to 0.4.2
This release contains an important fix which can cause Nginx to
crash when a directory contains zero-sized (empty) files. This
bug has been present in all previous releases, and all users are
strongly encouraged to update to version 0.4.2.
https://github.com/aperezdc/ngx-fancyindex/releases/tag/v0.4.2
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=103
- Feature: HTTP/2 server push support; the "http2_push" and
"http2_push_preload" directives.
- Bugfix: "header already sent" alerts might appear in logs when
using cache; the bug had appeared in 1.9.13.
- Bugfix: a segmentation fault might occur in a worker process if
the "ssl_verify_client" directive was used and no SSL
certificate was specified in a virtual server.
- Bugfix: in the ngx_http_v2_module.
- Bugfix: in the ngx_http_dav_module.
- updates from 1.13.8
- Feature: now nginx automatically preserves the CAP_NET_RAW
capability in worker processes when using the "transparent"
parameter of the "proxy_bind", "fastcgi_bind",
"memcached_bind", "scgi_bind", and "uwsgi_bind" directives.
- Feature: improved CPU cache line size detection. Thanks to
Debayan Ghosh.
- Feature: new directives in vim syntax highlighting scripts.
Thanks to Gena Makhomed.
- Bugfix: binary upgrade refused to work if nginx was re-parented
to a process with PID different from 1 after its parent process
has finished.
- Bugfix: the ngx_http_autoindex_module incorrectly handled
requests with bodies.
- Bugfix: in the "proxy_limit_rate" directive when used with the
"keepalive" directive.
- Bugfix: some parts of a response might be buffered when using
"proxy_buffering off" if the client connection used SSL.
Thanks to Patryk Lesiewicz.
- Bugfix: in the "proxy_cache_background_update" directive.
- Bugfix: it was not possible to start a parameter with a
variable in the "${name}" form with the name in curly brackets
without enclosing the parameter into single or double quotes.
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=102
- update to version 1.13.7
- Bugfix: in the $upstream_status variable.
- Bugfix: a segmentation fault might occur in a worker process
if a backend returned a "101 Switching Protocols" response to
a subrequest.
- Bugfix: a segmentation fault occurred in a master process if a
shared memory zone size was changed during a reconfiguration
and the reconfiguration failed.
- Bugfix: in the ngx_http_fastcgi_module.
- Bugfix: nginx returned the 500 error if parameters without
variables were specified in the "xslt_stylesheet" directive.
- Workaround: "gzip filter failed to use preallocated memory"
alerts appeared in logs when using a zlib library variant
from Intel.
- Bugfix: the "worker_shutdown_timeout" directive did not work
when using mail proxy and when proxying WebSocket connections.
- partial cleanup with spec-cleaner
OBS-URL: https://build.opensuse.org/request/show/557896
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=97
- Bugfix: switching to the next upstream server in the stream
module did not work when using the "ssl_preread" directive.
- Bugfix: in the ngx_http_v2_module. Thanks to Piotr Sikora.
- Bugfix: nginx did not support dates after the year 2038 on
32-bit platforms with 64-bit time_t.
- Bugfix: in handling of dates prior to the year 1970 and after
the year 10000.
- Bugfix: in the stream module timeouts waiting for UDP datagrams
from upstream servers were not logged or logged at the "info"
level instead of "error".
- Bugfix: when using HTTP/2 nginx might return the 400 response
without logging the reason.
- Bugfix: in processing of corrupted cache files.
- Bugfix: cache control headers were ignored when caching errors
intercepted by error_page.
- Bugfix: when using HTTP/2 client request body might be
corrupted.
- Bugfix: in handling of client addresses when using unix domain
sockets.
- Bugfix: nginx hogged CPU when using the "hash ... consistent"
directive in the upstream block if large weights were used and
all or most of the servers were unavailable.
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=95
- Submit nginx to SLES to become a http server for RMT(Repository
mirroring tool) [fate#323994, bsc#1059685, boo#1057831]
- disable extra modules on sle
- update to 1.13.5
- Feature: the $ssl_client_escaped_cert variable.
- Bugfix: the "ssl_session_ticket_key" directive and the
"include" parameter of the "geo" directive did not work on
Windows.
- Bugfix: incorrect response length was returned on 32-bit
platforms when requesting more than 4 gigabytes with multiple
ranges.
- Bugfix: the "expires modified" directive and processing of the
"If-Range" request header line did not use the response last
modification time if proxying without caching was used.
- changes from 1.13.4
- Feature: the ngx_http_mirror_module.
- Bugfix: client connections might be dropped during
configuration testing when using the "reuseport" parameter of
the "listen" directive on Linux.
- Bugfix: request body might not be available in subrequests if
it was saved to a file and proxying was used.
- Bugfix: cleaning cache based on the "max_size" parameter did
not work on Windows.
- Bugfix: any shared memory allocation required 4096 bytes on
Windows.
- Bugfix: nginx worker might be terminated abnormally when using
the "zone" directive inside the "upstream" block on Windows.
OBS-URL: https://build.opensuse.org/request/show/531723
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nginx?expand=0&rev=15
- Feature: the $ssl_client_escaped_cert variable.
- Bugfix: the "ssl_session_ticket_key" directive and the
"include" parameter of the "geo" directive did not work on
Windows.
- Bugfix: incorrect response length was returned on 32-bit
platforms when requesting more than 4 gigabytes with multiple
ranges.
- Bugfix: the "expires modified" directive and processing of the
"If-Range" request header line did not use the response last
modification time if proxying without caching was used.
- changes from 1.13.4
- Feature: the ngx_http_mirror_module.
- Bugfix: client connections might be dropped during
configuration testing when using the "reuseport" parameter of
the "listen" directive on Linux.
- Bugfix: request body might not be available in subrequests if
it was saved to a file and proxying was used.
- Bugfix: cleaning cache based on the "max_size" parameter did
not work on Windows.
- Bugfix: any shared memory allocation required 4096 bytes on
Windows.
- Bugfix: nginx worker might be terminated abnormally when using
the "zone" directive inside the "upstream" block on Windows.
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=89
- Security: a specially crafted request might result in an
integer overflow and incorrect processing of ranges in the
range filter, potentially resulting in sensitive information
leak (CVE-2017-7529).
- changes from 1.13.2
- Change: nginx now returns 200 instead of 416 when a range
starting with 0 is requested from an empty file.
- Feature: the "add_trailer" directive. Thanks to Piotr Sikora.
- Bugfix: nginx could not be built on Cygwin and NetBSD; the bug
had appeared in 1.13.0.
- Bugfix: nginx could not be built under MSYS2 / MinGW 64-bit.
Thanks to Orgad Shaneh.
- Bugfix: a segmentation fault might occur in a worker process
when using SSI with many includes and proxy_pass with
variables.
- Bugfix: in the ngx_http_v2_module. Thanks to Piotr Sikora.
- update nginx-rtmp-module to 1.2.0:
- DASH improvements
- OpenSSL 1.1 compatibility
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=86
- update to 1.13.1
- Feature: now a hostname can be used as the "set_real_ip_from"
directive parameter.
- Feature: vim syntax highlighting scripts improvements.
- Feature: the "worker_cpu_affinity" directive now works on
DragonFly BSD. Thanks to Sepherosa Ziehau.
- Bugfix: SSL renegotiation on backend connections did not work
when using OpenSSL before 1.1.0.
- Workaround: nginx could not be built with Oracle Developer
Studio 12.5.
- Workaround: now cache manager ignores long locked cache entries
when cleaning cache based on the "max_size" parameter.
- Bugfix: client SSL connections were immediately closed if
deferred accept and the "proxy_protocol" parameter of the
"listen" directive were used.
- Bugfix: in the "proxy_cache_background_update" directive.
- Workaround: now the "tcp_nodelay" directive sets the
TCP_NODELAY option before an SSL handshake.
- changes from 1.13.0
- Change: SSL renegotiation is now allowed on backend
connections.
- Feature: the "rcvbuf" and "sndbuf" parameters of the "listen"
directives of the mail proxy and stream modules.
- Feature: the "return" and "error_page" directives can now be
used to return 308 redirections. Thanks to Simon Leblanc.
- Feature: the "TLSv1.3" parameter of the "ssl_protocols"
directive.
- Feature: when logging signals nginx now logs PID of the process
which sent the signal.
- Bugfix: in memory allocation error handling.
- Bugfix: if a server in the stream module listened on a wildcard
address, the source address of a response UDP datagram could
differ from the original datagram destination address.
OBS-URL: https://build.opensuse.org/request/show/500354
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nginx?expand=0&rev=13
- Feature: now a hostname can be used as the "set_real_ip_from"
directive parameter.
- Feature: vim syntax highlighting scripts improvements.
- Feature: the "worker_cpu_affinity" directive now works on
DragonFly BSD. Thanks to Sepherosa Ziehau.
- Bugfix: SSL renegotiation on backend connections did not work
when using OpenSSL before 1.1.0.
- Workaround: nginx could not be built with Oracle Developer
Studio 12.5.
- Workaround: now cache manager ignores long locked cache entries
when cleaning cache based on the "max_size" parameter.
- Bugfix: client SSL connections were immediately closed if
deferred accept and the "proxy_protocol" parameter of the
"listen" directive were used.
- Bugfix: in the "proxy_cache_background_update" directive.
- Workaround: now the "tcp_nodelay" directive sets the
TCP_NODELAY option before an SSL handshake.
- changes from 1.13.0
- Change: SSL renegotiation is now allowed on backend
connections.
- Feature: the "rcvbuf" and "sndbuf" parameters of the "listen"
directives of the mail proxy and stream modules.
- Feature: the "return" and "error_page" directives can now be
used to return 308 redirections. Thanks to Simon Leblanc.
- Feature: the "TLSv1.3" parameter of the "ssl_protocols"
directive.
- Feature: when logging signals nginx now logs PID of the process
which sent the signal.
- Bugfix: in memory allocation error handling.
- Bugfix: if a server in the stream module listened on a wildcard
address, the source address of a response UDP datagram could
differ from the original datagram destination address.
D nginx-1.12.0.tar.gz
A nginx-1.13.1.tar.gz
M nginx.changes
M nginx.spec
Diff for working copy: .
Index: nginx.changes
===================================================================
--- nginx.changes (revision 5e264311bbc34e3b63efb8fa4753db55)
+++ nginx.changes (working copy)
@@ -1,3 +1,40 @@
+-------------------------------------------------------------------
+Thu Jun 1 10:05:49 UTC 2017 - mrueckert@suse.de
+
+- update to 1.13.1
+ - Feature: now a hostname can be used as the "set_real_ip_from"
+ directive parameter.
+ - Feature: vim syntax highlighting scripts improvements.
+ - Feature: the "worker_cpu_affinity" directive now works on
+ DragonFly BSD. Thanks to Sepherosa Ziehau.
+ - Bugfix: SSL renegotiation on backend connections did not work
+ when using OpenSSL before 1.1.0.
+ - Workaround: nginx could not be built with Oracle Developer
+ Studio 12.5.
+ - Workaround: now cache manager ignores long locked cache entries
+ when cleaning cache based on the "max_size" parameter.
+ - Bugfix: client SSL connections were immediately closed if
+ deferred accept and the "proxy_protocol" parameter of the
+ "listen" directive were used.
+ - Bugfix: in the "proxy_cache_background_update" directive.
+ - Workaround: now the "tcp_nodelay" directive sets the
+ TCP_NODELAY option before an SSL handshake.
+- changes from 1.13.0
+ - Change: SSL renegotiation is now allowed on backend
+ connections.
+ - Feature: the "rcvbuf" and "sndbuf" parameters of the "listen"
+ directives of the mail proxy and stream modules.
+ - Feature: the "return" and "error_page" directives can now be
+ used to return 308 redirections. Thanks to Simon Leblanc.
+ - Feature: the "TLSv1.3" parameter of the "ssl_protocols"
+ directive.
+ - Feature: when logging signals nginx now logs PID of the process
+ which sent the signal.
+ - Bugfix: in memory allocation error handling.
+ - Bugfix: if a server in the stream module listened on a wildcard
+ address, the source address of a response UDP datagram could
+ differ from the original datagram destination address.
+
-------------------------------------------------------------------
Sun Apr 9 13:15:49 UTC 2017 - michael@stroeder.com
Index: nginx.spec
===================================================================
--- nginx.spec (revision 5e264311bbc34e3b63efb8fa4753db55)
+++ nginx.spec (working copy)
@@ -64,7 +64,7 @@
%define ngx_doc_dir %{_datadir}/doc/packages/%{name}
#
Name: nginx
-Version: 1.12.0
+Version: 1.13.1
Release: 0
%define ngx_fancyindex_version 0.4.1
%define ngx_fancyindex_module_path ngx-fancyindex-%{ngx_fancyindex_version}
Index: nginx-1.13.1.tar.gz
===================================================================
Binary file 'nginx-1.13.1.tar.gz' added.
Index: nginx-1.12.0.tar.gz
===================================================================
Binary file 'nginx-1.12.0.tar.gz' deleted.
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=84
- update to 1.11.12
- Bugfix: nginx might hog CPU; the bug had appeared in 1.11.11.
- update to 1.11.11
- Feature: the "worker_shutdown_timeout" directive.
- Feature: vim syntax highlighting scripts improvements. Thanks
to Wei-Ko Kao.
- Bugfix: a segmentation fault might occur in a worker process if
the $limit_rate variable was set to an empty string.
- Bugfix: the "proxy_cache_background_update",
"fastcgi_cache_background_update",
"scgi_cache_background_update", and
"uwsgi_cache_background_update" directives might work
incorrectly if the "if" directive was used.
- Bugfix: a segmentation fault might occur in a worker process if
number of large_client_header_buffers in a virtual server was
different from the one in the default server.
- Bugfix: in the mail proxy server.
OBS-URL: https://build.opensuse.org/request/show/483335
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=80
- update to 1.11.10
- Change: cache header format has been changed, previously cached
responses will be invalidated.
- Feature: support of "stale-while-revalidate" and
"stale-if-error" extensions in the "Cache-Control" backend
response header line.
- Feature: the "proxy_cache_background_update",
"fastcgi_cache_background_update",
"scgi_cache_background_update", and
"uwsgi_cache_background_update" directives.
- Feature: nginx is now able to cache responses with the "Vary"
header line up to 128 characters long (instead of 42 characters
in previous versions).
- Feature: the "build" parameter of the "server_tokens"
directive. Thanks to Tom Thorogood.
- Bugfix: "[crit] SSL_write() failed" messages might appear in
logs when handling requests with the "Expect: 100-continue"
request header line.
- Bugfix: the ngx_http_slice_module did not work in named
locations.
- Bugfix: a segmentation fault might occur in a worker process
when using AIO after an "X-Accel-Redirect" redirection.
- Bugfix: reduced memory consumption for long-lived requests
using gzipping.
OBS-URL: https://build.opensuse.org/request/show/461005
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=78
- update to 1.11.9
- Bugfix: nginx might hog CPU when using the stream module; the
bug had appeared in 1.11.5.
- Bugfix: EXTERNAL authentication mechanism in mail proxy was
accepted even if it was not enabled in the configuration.
- Bugfix: a segmentation fault might occur in a worker process if
the "ssl_verify_client" directive of the stream module was
used.
- Bugfix: the "ssl_verify_client" directive of the stream module
might not work.
- Bugfix: closing keepalive connections due to no free worker
connections might be too aggressive. Thanks to Joel
Cunningham.
- Bugfix: an incorrect response might be returned when using the
"sendfile" directive on FreeBSD and macOS; the bug had appeared
in 1.7.8.
- Bugfix: a truncated response might be stored in cache when
using the "aio_write" directive.
- Bugfix: a socket leak might occur when using the "aio_write"
directive.
OBS-URL: https://build.opensuse.org/request/show/453452
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nginx?expand=0&rev=9
- Bugfix: nginx might hog CPU when using the stream module; the
bug had appeared in 1.11.5.
- Bugfix: EXTERNAL authentication mechanism in mail proxy was
accepted even if it was not enabled in the configuration.
- Bugfix: a segmentation fault might occur in a worker process if
the "ssl_verify_client" directive of the stream module was
used.
- Bugfix: the "ssl_verify_client" directive of the stream module
might not work.
- Bugfix: closing keepalive connections due to no free worker
connections might be too aggressive. Thanks to Joel
Cunningham.
- Bugfix: an incorrect response might be returned when using the
"sendfile" directive on FreeBSD and macOS; the bug had appeared
in 1.7.8.
- Bugfix: a truncated response might be stored in cache when
using the "aio_write" directive.
- Bugfix: a socket leak might occur when using the "aio_write"
directive.
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=76
- Feature: the $upstream_bytes_received variable.
- Feature: the $bytes_received, $session_time, $protocol,
$status, $upstream_addr, $upstream_bytes_sent,
$upstream_bytes_received, $upstream_connect_time,
$upstream_first_byte_time, and $upstream_session_time variables
in the stream module.
- Feature: the ngx_stream_log_module.
- Feature: the "proxy_protocol" parameter of the "listen"
directive, the $proxy_protocol_addr and $proxy_protocol_port
variables in the stream module.
- Feature: the ngx_stream_realip_module.
- Bugfix: nginx could not be built with the stream module and the
ngx_http_ssl_module, but without ngx_stream_ssl_module; the bug
had appeared in 1.11.3.
- Feature: the IP_BIND_ADDRESS_NO_PORT socket option was not
used; the bug had appeared in 1.11.2.
- Bugfix: in the "ranges" parameter of the "geo" directive.
- Bugfix: an incorrect response might be returned when using the
"aio threads" and "sendfile" directives; the bug had appeared
in 1.9.13.
- drop nginx-1.11.3_ssl_stream.patch again
- refreshed the following patches to apply cleanly again
check_1.9.2+.patch
nginx-1.11.2-html.patch
nginx-1.11.2-no_Werror.patch
nginx-aio.patch
- update to 1.11.3
- Change: now the "accept_mutex" directive is turned off by
default.
- Feature: now nginx uses EPOLLEXCLUSIVE on Linux.
- Feature: the ngx_stream_geo_module.
- Feature: the ngx_stream_geoip_module.
- Feature: the ngx_stream_split_clients_module.
- Feature: variables support in the "proxy_pass" and
"proxy_ssl_name" directives in the stream module.
- Bugfix: socket leak when using HTTP/2.
- Bugfix: in configure tests. Thanks to Piotr Sikora.
- backport nginx-1.11.3_ssl_stream.patch from hg
- refresh patches to apply cleanly again:
- check_1.9.2+.patch
- nginx-1.11.2-html.patch
- nginx-1.11.2-no_Werror.patch
- nginx-aio.patch
- enable a few new upstream modules and move some from 1.11.x to
dynamic:
- stream_geoip_module
- mail_ssl_module
- stream_ssl_module
- build fancyindex unconditionally and update it to 0.4.1
- New `fancyindex_directories_first` configuration directive
(enabled by default), which allows setting whether directories
are sorted before other files.
(Patch by Luke Zapart <<luke@zapart.org>>.)
- Fix index files not working when the fancyindex module is in
use (#46).
- The module can now be built as a [dynamic
module](https://www.nginx.com/resources/wiki/extending/converting/).
(Patch by Róbert Nagy <<vrnagy@gmail.com>>.)
- New configuration directive `fancyindex_show_path`, which
allows hiding the `<h1>` header which contains the current
path. (Patch by Thomas P. <<tpxp@live.fr>>.)
- Directory and file links in listings now have a title="..."
attribute. (Patch by `@janglapuk` <<trusdi.agus@gmail.com>>.)
- Fix for hung requests when the module is used along with
`ngx_pagespeed`.
(Patch by Otto van der Schaaf <<oschaaf@we-amp.com>>.)
- New feature: Allow filtering out symbolic links using the
`fancyindex_hide_symlinks` configuration directive. (Idea and
prototype patch by Thomas Wemm.)
- New feature: Allow specifying the format of timestamps using
the `fancyindex_time_format` configuration directive. (Idea
suggested by Xiao Meng <<novoreorx@gmail.com>>).
- Listings in top-level directories will not generate a "Parent
Directory" link as first element of the listing.
(Patch by Thomas P.)
- Fix propagation and overriding of the `fancyindex_css_href`
setting inside nested locations.
- Minor changes in the code to allow building cleanly under
Windows with Visual Studio 2013.
(Patch by Y. Yuan <<yzwduck@gmail.com>>).
- added nginx-rtmp-module
- make all modules dynamic that support it:
- ngx-fancyindex
- headers_more_nginx-module
- nginx-rtmp-module
- manually install the docs instead of using %doc
- unify how we install documentation for the modules
- restructure contrib file handling
- moved vim files into the normal vim paths so we can use them
directly
- new BR/R: vim
- split out vim files into a subpackage vim-plugin-nginx so we
dont have the vim requires on the main package
- perl scripts are moved to /usr/share/nginx/
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=70
- in the sysvinit script use the pid file in /var/run
- update to 1.10.1 (bsc# 982505)
Security: a segmentation fault might occur in a worker process
while writing a specially crafted request body to a temporary
file (CVE-2016-4450); the bug had appeared in 1.3.9.
- improve conditionals
- merge the 12.2 and 12.1 based conditionals into 1 as both of
them are out of support now.
- enable pcre JIT
- make use if libatomic_ops on Leap
- enable dynamic modules for intree modules. The following modules
are built as loadable modules now:
ngx_http_geoip_module.so
ngx_http_image_filter_module.so
ngx_http_perl_module.so
ngx_http_xslt_filter_module.so
ngx_mail_module.so
ngx_stream_module.so
You will have to load those modules with load_module.
http://nginx.org/en/docs/ngx_core_module.html#load_module
The correct syntax for this package is:
# For 64bit machines:
load_module lib64/nginx/modules/ngx_http_geoip_module.so;
# For 32bit machines:
load_module lib/nginx/modules/ngx_http_geoip_module.so;
Examples for all the intree modules have been added to the
default nginx.conf
OBS-URL: https://build.opensuse.org/request/show/399657
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nginx?expand=0&rev=4
- update to 1.10.1 (bsc# 982505)
Security: a segmentation fault might occur in a worker process
while writing a specially crafted request body to a temporary
file (CVE-2016-4450); the bug had appeared in 1.3.9.
- improve conditionals
- merge the 12.2 and 12.1 based conditionals into 1 as both of
them are out of support now.
- enable pcre JIT
- make use if libatomic_ops on Leap
- enable dynamic modules for intree modules. The following modules
are built as loadable modules now:
ngx_http_geoip_module.so
ngx_http_image_filter_module.so
ngx_http_perl_module.so
ngx_http_xslt_filter_module.so
ngx_mail_module.so
ngx_stream_module.so
You will have to load those modules with load_module.
http://nginx.org/en/docs/ngx_core_module.html#load_module
The correct syntax for this package is:
# For 64bit machines:
load_module lib64/nginx/modules/ngx_http_geoip_module.so;
# For 32bit machines:
load_module lib/nginx/modules/ngx_http_geoip_module.so;
Examples for all the intree modules have been added to the
default nginx.conf
- patches updated:
nginx-1.6.1-default_config.patch - added load_module example
OBS-URL: https://build.opensuse.org/request/show/399481
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=64
- update to version 1.10.0 stable
* Bugfix: "recv() failed" errors might occur when using HHVM as a
FastCGI server.
* Bugfix: when using HTTP/2 and the "limit_req" or "auth_request"
directives a timeout or a "client violated flow control" error might
occur while reading client request body; the bug had appeared in
1.9.14.
* Workaround: a response might not be shown by some browsers if HTTP/2
was used and client request body was not fully read; the bug had
appeared in 1.9.14.
* Bugfix: connections might hang when using the "aio threads"
directive.
Thanks to Mindaugas Rasiukevicius.
* Feature: OpenSSL 1.1.0 compatibility.
* Feature: the "proxy_request_buffering", "fastcgi_request_buffering",
"scgi_request_buffering", and "uwsgi_request_buffering" directives
now work with HTTP/2.
* Bugfix: "zero size buf in output" alerts might appear in logs when
using HTTP/2.
* Bugfix: the "client_max_body_size" directive might work incorrectly
when using HTTP/2.
* Bugfix: of minor bugs in logging.
* Change: non-idempotent requests (POST, LOCK, PATCH) are no longer
passed to the next server by default if a request has been sent to a
backend; the "non_idempotent" parameter of the "proxy_next_upstream"
directive explicitly allows retrying such requests.
* Feature: the ngx_http_perl_module can be built dynamically.
* Feature: UDP support in the stream module.
* Feature: the "aio_write" directive.
* Feature: now cache manager monitors number of elements in caches and
OBS-URL: https://build.opensuse.org/request/show/393996
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=61
- Feature: now the "tcp_nodelay" directive works with SPDY
connections.
- Bugfix: in error handling. Thanks to Yichun Zhang and Daniil
Bondarev.
- Bugfix: alerts "header already sent" appeared in logs if the
"post_action" directive was used; the bug had appeared in
1.5.4.
- Bugfix: alerts "sem_post() failed" might appear in logs.
- Bugfix: in hash table handling. Thanks to Chris West.
- Bugfix: in integer overflow handling. Thanks to Régis Leroy.
- no longer install the init script when using systemd service file
- create rcnginx for systemd case
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=49
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
