<ChangeLog>
*) Change: improved detection of misbehaving clients when using HTTP/2.
*) Feature: startup speedup when using a large number of locations.
Thanks to Yusuke Nojima.
*) Bugfix: a segmentation fault might occur in a worker process when
using HTTP/2 without SSL; the bug had appeared in 1.25.1.
*) Bugfix: the "Status" backend response header line with an empty
reason phrase was handled incorrectly.
*) Bugfix: memory leak during reconfiguration when using the PCRE2
library.
Thanks to ZhenZhong Wu.
*) Bugfixes and improvements in HTTP/3.
</ChangeLog>
Bump PKGREVISION for www/nginx, www/nginx-devel, and www/unit.
<ChangeLog>
nginx modules:
*) Feature: introduced js_periodic directive.
The directive specifies a JS handler to run at regular intervals.
*) Feature: implemented items() method for a shared dictionary.
The method returns all the non-expired key-value pairs.
*) Bugfix: fixed size() and keys() methods of a shared dictionary.
*) Bugfix: fixed erroneous exception in r.internalRedirect()
introduced in 0.8.0.
Core:
*) Bugfix: fixed incorrect order of keys in
Object.getOwnPropertyNames().
</ChangeLog>
Also, update third-party lua module to v0.10.25.
<ChangeLog>
*) Feature: path MTU discovery when using HTTP/3.
*) Feature: TLS_AES_128_CCM_SHA256 cipher suite support when using
HTTP/3.
*) Change: now nginx uses appname "nginx" when loading OpenSSL
configuration.
*) Change: now nginx does not try to load OpenSSL configuration if the
--with-openssl option was used to built OpenSSL and the OPENSSL_CONF
environment variable is not set.
*) Bugfix: in the $body_bytes_sent variable when using HTTP/3.
*) Bugfix: in HTTP/3.
</ChangeLog>
Bump PKGREVISION for www/nginx, www/nginx-devel, and www/unit.
<ChangeLog>
nginx modules:
*) Change: removed special treatment of forbidden headers in Fetch API
introduced in 0.7.10.
*) Change: removed deprecated since 0.5.0 r.requestBody and
r.responseBody in HTTP module.
*) Change: throwing an exception in r.internalRedirect() while
filtering in HTTP module.
*) Feature: introduced global nginx properties.
ngx.build - an optional nginx build name, corresponds to
--build=name argument of configure script, by default is "".
ngx.conf_file_path - the file path to current nginx configuration
file.
ngx.error_log_path - the file path to current error log file.
ngx.prefix - the directory that keeps server files.
ngx.version - the nginx version as a string, for example: "1.25.0".
ngx.version_number - the nginx version as a number, for example:
1025000.
ngx.worker_id - corresponds to an nginx internal worker id.
The value is between 0 and worker_processes - 1.
*) Feature: introduced js_shared_dict_zone directive.
The directive allows to declare a dictionary that is shared among the
working processes.
*) Improvement: added compile-time options to disable njs modules.
For example to disable libxslt related code:
NJS_LIBXSLT=NO ./configure .. --add-module=/path/to/njs/module
*) Bugfix: fixed r.status setter when filtering in HTTP module.
*) Bugfix: fixed setting of Location header in HTTP module.
Core:
*) Change: native methods are provided with retval argument.
This change breaks compatibility with C extension for njs
requiring to modify the code.
*) Change: non-compliant deprecated String methods were removed.
The following methods were removed: String.bytesFrom(),
String.prototype.fromBytes(), String.prototype.fromUTF8(),
String.prototype.toBytes(), String.prototype.toUTF8(),
String.prototype.toString(encoding).
*) Change: removed support for building with GNU readline.
*) Feature: added Array.from(), Array.prototype.toSorted(),
Array.prototype.toSpliced(), Array.prototype.toReversed().
*) Feature: added %TypedArray%.prototype.toSorted(),
%TypedArray%.prototype.toSpliced(),
%TypedArray%.prototype.toReversed().
*) Feature: added CryptoKey properties in WebCrypto.
The following properties for CryptoKey were added:
algorithm, extractable, type, usages.
*) Bugfix: fixed retval of crypto.getRandomValues().
*) Bugfix: fixed evaluation of computed property names with function
expressions.
*) Bugfix: fixed implicit name for a function expression declared in
arrays.
*) Bugfix: fixed parsing of for-in loops.
*) Bugfix: fixed Date.parse() with ISO-8601 format and UTC time
offset.
</ChangeLog>
<ChangeLog>
*) Feature: the "http2" directive, which enables HTTP/2 on a per-server
basis; the "http2" parameter of the "listen" directive is now
deprecated.
*) Change: HTTP/2 server push support has been removed.
*) Change: the deprecated "ssl" directive is not supported anymore.
*) Bugfix: in HTTP/3 when using OpenSSL.
</ChangeLog>
Enable HTTPv3 protocol by default.
The OpenSSL compatibility layer, which emulates BoringSSL
QUIC API for OpenSSL, is enabled by default, and 0-RTT is
not supported in this mode.
<ChangeLog>
*) Feature: experimental HTTP/3 support.
</ChangeLog>
The new stable version incorporating new features and bug fixes from
the 1.23.x mainline branch, including improved handling of multiple
header lines with identical names, memory usage optimization in
configurations with SSL proxying, better sanity checking of the
listen directive protocol parameters, TLSv1.3 protocol enabled by
default, automatic rotation of TLS session tickets encryption keys
when using shared memory in the ssl_session_cache directive, and more.
Syncronize www/nginx and www/nginx-devel ports, including:
o) merge recent versions of third-party modules from
www/nginx-devel to www/nginx;
o) syncronize patches between www/nginx and www/nginx-devel;
o) syncronize MESSAGE;
o) remove needless patches;
o) move pcre2 support to the main Makefile, remove `pcre'
option and devel/pcre support for the both whole ports,
but keep it for the third-party `lua' module;
o) update naxsi third-party module to its recent commit.
Bump PKGREVISION for www/nginx and www/nginx-devel.
<ChangeLog>
Changes with njs 0.7.12 10 Apr 2023
nginx modules:
*) Bugfix: fixed Headers() constructor in Fetch API.
Core:
*) Feature: added Hash.copy() method in "crypto" module.
*) Feature: added "zlib" module.
*) Improvement: added support for export {name as default}
statement.
*) Bugfix: fixed Number constructor according to the spec.
Changes with njs 0.7.11 9 Mar 2023
nginx modules:
*) Bugfix: added missed linking with libxml2 for the dynamic module.
The bug was introduced in 0.7.10.
Core:
*) Feature: added XMLNode API to modify XML documents.
*) Change: removed XML_PARSE_DTDVALID during parsing of XML document
due to security implications. The issue was introduced
in 0.7.10. When XML_PARSE_DTDVALID is enabled, libxml2 parses and
executes external entities present inside an XML document.
*) Bugfix: fixed the detection of await in arguments.
*) Bugfix: fixed Error() instance dumping when "name" prop is not
primitive.
*) Bugfix: fixed array instance with a getter property dumping.
*) Bugfix: fixed njs_object_property() with NJS_WHITEOUT properties.
*) Bugfix: fixed func instance dumping with "name" as getter.
*) Bugfix: fixed attaching of a stack to an error object.
*) Bugfix: fixed String.prototype.replace() with replacement containing
"$'", "$`".
Changes with njs 0.7.10 7 Feb 2023
nginx modules:
*) Feature: added Request, Response and Headers ctors in Fetch API.
*) Bugfix: fixed nginx logger callback for calls in master process.
Core:
*) Feature: added signal support in CLI.
*) Feature: added "xml" module for working with XML documents.
*) Feature: extended support for symmetric and asymmetric keys
in WebCrypto. Most notably JWK format for importKey() was added.
*) Feature: extended support for symmetric and asymmetric keys
in WebCrypto. Most notably JWK format for importKey() was added.
generateKey() and exportKey() were also implemented.
*) Feature: added String.prototype.replaceAll().
*) Bugfix: fixed for(expr1; conditional syntax error handling.
*) Bugfix: fixed Object.values() and Object.entries() with external
objects.
*) Bugfix: fixed RegExp.prototype[@@replace]().
</ChangeLog>
Changes with nginx 1.23.4 28 Mar 2023
*) Change: now TLSv1.3 protocol is enabled by default.
*) Change: now nginx issues a warning if protocol parameters of a
listening socket are redefined.
*) Change: now nginx closes connections with lingering if pipelining was
used by the client.
*) Feature: byte ranges support in the ngx_http_gzip_static_module.
*) Bugfix: port ranges in the "listen" directive did not work; the bug
had appeared in 1.23.3.
Thanks to Valentin Bartenev.
*) Bugfix: incorrect location might be chosen to process a request if a
prefix location longer than 255 characters was used in the
configuration.
*) Bugfix: non-ASCII characters in file names on Windows were not
supported by the ngx_http_autoindex_module, the ngx_http_dav_module,
and the "include" directive.
*) Change: the logging level of the "data length too long", "length too
short", "bad legacy version", "no shared signature algorithms", "bad
digest length", "missing sigalgs extension", "encrypted length too
long", "bad length", "bad key update", "mixed handshake and non
handshake data", "ccs received early", "data between ccs and
finished", "packet length too long", "too many warn alerts", "record
too small", and "got a fin before a ccs" SSL errors has been lowered
from "crit" to "info".
*) Bugfix: a socket leak might occur when using HTTP/2 and the
"error_page" directive to redirect errors with code 400.
*) Bugfix: messages about logging to syslog errors did not contain
information that the errors happened while logging to syslog.
Thanks to Safar Safarly.
*) Workaround: "gzip filter failed to use preallocated memory" alerts
appeared in logs when using zlib-ng.
*) Bugfix: in the mail proxy server.
<ChangeLog>
*) Bugfix: an error might occur when reading PROXY protocol version 2
header with large number of TLVs.
*) Bugfix: a segmentation fault might occur in a worker process if SSI
was used to process subrequests created by other modules.
Thanks to Ciel Zhao.
*) Workaround: when a hostname used in the "listen" directive resolves
to multiple addresses, nginx now ignores duplicates within these
addresses.
*) Bugfix: nginx might hog CPU during unbuffered proxying if SSL
connections to backends were used.
</ChangeLog>
Bump PKGREVISION for www/nginx and www/nginx-devel.
<ChangeLog>
nginx modules:
*) Bugfix: fixed Fetch Response prototype reinitialization.
When at least one js_import directive was declared in both HTTP
and Stream, ngx.fetch() returned inapproriate response in Stream.
The bug was introduced in 0.7.7.
Core:
*) Bugfix: fixed String.prototype.replace(re) if re.exec() returns
non-flat array.
*) Bugfix: fixed Array.prototype.fill() when start object changes
"this".
*) Bugfix: fixed description for fs.mkdir() and fs.rmdir() methods.
*) Bugfix: fixed %TypedArray%.prototype.set(s) when s element changes
"this".
*) Bugfix: fixed Array.prototype.splice(s, d) when d resizes "this"
during evaluation.
*) Bugfix: fixed for-in loop with left and right hand side
expressions.
</ChangeLog>
Bump PKGREVISION for www/nginx and www/nginx-devel.
<ChangeLog>
nginx modules:
*) Feature: added js_preload_object directive.
*) Feature: added ngx.conf_prefix property.
*) Feature: added s.sendUpstream() and s.sendDownstream()
in stream module.
*) Feature: added support for HEAD method in Fetch API.
*) Improvement: improved async callback support for s.send()
in stream module.
Core:
*) Feature: added "name" instance property for a function
object.
*) Feature: added njs.memoryStats object.
*) Bugfix: fixed String.prototype.trimEnd() with unicode
string.
*) Bugfix: fixed Object.freeze() with fast arrays.
*) Bugfix: fixed Object.defineProperty() with fast arrays.
*) Bugfix: fixed async token as a property name of an object.
*) Bugfix: fixed property set instruction when key modifies
base binding.
*) Bugfix: fixed complex assignments.
*) Bugfix: fixed handling of unhandled promise rejection.
*) Bugfix: fixed process.env when duplicate environ variables
are present.
*) Bugfix: fixed double declaration detection in modules.
*) Bugfix: fixed bound function calls according to the spec.
*) Bugfix: fixed break label for if statement.
*) Bugfix: fixed labeled empty statements.
</ChangeLog>
<ChangeLog>
*) Security: processing of a specially crafted mp4 file by the
ngx_http_mp4_module might cause a worker process crash, worker
process memory disclosure, or might have potential other impact
(CVE-2022-41741, CVE-2022-41742).
*) Feature: the "$proxy_protocol_tlv_..." variables.
*) Feature: TLS session tickets encryption keys are now automatically
rotated when using shared memory in the "ssl_session_cache"
directive.
*) Change: the logging level of the "bad record type" SSL errors has
been lowered from "crit" to "info".
Thanks to Murilo Andrade.
*) Change: now when using shared memory in the "ssl_session_cache"
directive the "could not allocate new session" errors are logged at
the "warn" level instead of "alert" and not more often than once per
second.
*) Bugfix: nginx/Windows could not be built with OpenSSL 3.0.x.
*) Bugfix: in logging of the PROXY protocol errors.
Thanks to Sergey Brester.
*) Workaround: shared memory from the "ssl_session_cache" directive was
spent on sessions using TLS session tickets when using TLSv1.3 with
OpenSSL.
*) Workaround: timeout specified with the "ssl_session_timeout"
directive did not work when using TLSv1.3 with OpenSSL or BoringSSL.
</ChangeLog>
Bump PKGREVISION for www/nginx and www/nginx-devel.
<ChangeLog>
nginx modules:
*) Feature: the number of nginx configuration contexts where
js directives can be specified is extended.
HTTP: js_import, js_path, js_set and js_var are allowed
in server and location contexts. js_content, js_body_filter
and js_header_filter are allowed in 'if' context.
Stream: js_import, js_path, js_set and js_var are allowed
in server context.
*) Feature: added r.internal property.
*) Bugfix: fixed reading response body in fetch API.
*) Bugfix: fixed "js_fetch_timeout" in stream module.
*) Bugfix: fixed socket leak with 0 fetch timeout.
Core:
*) Feature: extended "fs" module. Added fs.openSync(),
fs.promises.open(), fs.fstatSync(), fs.readSync(),
fs.writeSync().
The following properties of FileHandle are implemented:
fd, read(), stat(), write(), close().
*) Bugfix: fixed parseInt(), parseFloat(), Symbol.for()
with no arguments.
</ChangeLog>
Also, update NGINX JavaScript module: 0.7.5 -> 0.7.6.
<Changelog for NGINX 1.23.1>
*) Feature: memory usage optimization in configurations with SSL
proxying.
*) Feature: looking up of IPv4 addresses while resolving now can be
disabled with the "ipv4=off" parameter of the "resolver" directive.
*) Change: the logging level of the "bad key share", "bad extension",
"bad cipher", and "bad ecpoint" SSL errors has been lowered from
"crit" to "info".
*) Bugfix: while returning byte ranges nginx did not remove the
"Content-Range" header line if it was present in the original backend
response.
*) Bugfix: a proxied response might be truncated during reconfiguration
on Linux; the bug had appeared in 1.17.5.
</Changelog>
<ChangeLog for NGINX JavaScript 0.7.6>
nginx modules:
*) Feature: improved r.args object. Added support for multiple
arguments with the same key. Added case sensitivity for
keys. Keys and values are percent-decoded now.
*) Bugfix: fixed r.headersOut setter for special headers.
Core:
*) Feature: added Symbol.for() and Symbol.keyfor().
*) Feature: added btoa() and atob() from WHATWG spec.
*) Bugfix: fixed large non-decimal literals.
*) Bugfix: fixed unicode argument trimming in parseInt().
*) Bugfix: fixed break instruction in a try-catch block.
*) Bugfix: fixed async function declaration in CLI.
</ChangeLog>
Switch to the https protocol for MASTER_SITES.
Update distinfo with the checksums of recently added patches.
Fix PLIST for the third-party http_upload module.
Bump PKGREVISION.
Also, update third-party modules:
o) headers_more: 0.33 -> d502e41
o) http_push: 1.2.15 -> 1.3.0
o) naxsi: 1.3 -> 29793dc
o) njs: 0.7.4 -> 0.7.5
Patches obtained from the corresponding port in FreeBSD ports tree.
<ChangeLog>
*) Change in internal API: now header lines are represented as linked
lists.
*) Change: now nginx combines arbitrary header lines with identical
names when sending to FastCGI, SCGI, and uwsgi backends, in the
$r->header_in() method of the ngx_http_perl_module, and during lookup
of the "$http_...", "$sent_http_...", "$sent_trailer_...",
"$upstream_http_...", and "$upstream_trailer_..." variables.
*) Bugfix: if there were multiple "Vary" header lines in the backend
response, nginx only used the last of them when caching.
*) Bugfix: if there were multiple "WWW-Authenticate" header lines in the
backend response and errors with code 401 were intercepted or the
"auth_request" directive was used, nginx only sent the first of the
header lines to the client.
*) Change: the logging level of the "application data after close
notify" SSL errors has been lowered from "crit" to "info".
*) Bugfix: connections might hang if nginx was built on Linux 2.6.17 or
newer, but was used on systems without EPOLLRDHUP support, notably
with epoll emulation layers; the bug had appeared in 1.17.5.
Thanks to Marcus Ball.
*) Bugfix: nginx did not cache the response if the "Expires" response
header line disabled caching, but following "Cache-Control" header
line enabled caching.
</ChangeLog>
The third-party upload module has been add to www/nginx-devel.
Merge pcre/pcre2 functional from www/nginx-devel to www/nginx.
I'm going to review patches for the both ports.
Bump PKGREVISIONs.
Bump PKGREVISION.
<ChangeLog>
Core:
*) Feature: added support of module resolution callback.
This feature allows a host environment to control
how imported modules are loaded.
*) Bugfix: fixed backtraces while traversing imported user
modules.
*) Bugfix: fixed Array.prototype.concat() when "this" is a slow
array.
*) Bugfix: fixed frame allocation from an awaited frame.
*) Bugfix: fixed allocation of large array literals.
*) Bugfix: fixed interpreter when "toString" conversion fails.
</ChangeLog>
nginx-devel has 'pcre' option for pcre support and 'pcre and pcre2'
option for pcre2 support. No need to use raw nginx option framework.
Convert pcre and pcre2 for optional option.
It's not a typical practice in pkgsrc to share options.mk. Also, it's
not easy to build both www/nginx and www/nginx-devel with a different
set of options. So, let's decouple www/nginx-devel from www/nginx.
From now the following option needs to be specified to build
www/nginx-devel with a specific options: PKG_OPTIONS.nginx-devel.
While I'm here add support to build package with devel/pcre2. Please
note: some third-party modules, such as naxsi and luajit, are not
compatible yet with devel/pcre2, so let's keep pcre option as a
suggested one.
Bump PKGREVISION.
It's possible now to build an additional module as a dynamic module.
Bump PKGREVISION.
While I'm here take over the maintainership for www/nginx (*).
Approved by: joerg (*)