Commit graph

78 commits

Author SHA1 Message Date
wiedi
f19099128e fix SMF Manifest installation by not overwriting INSTALLATION_DIRS 2014-06-14 10:14:43 +00:00
fhajny
8a962e2185 Add support for the embedded Perl interpreter. 2014-05-30 08:14:07 +00:00
rodent
fd5eb9e71a Update to latest stable release, 1.6.0. This folds many (but not all)
features from the previous development branch (1.5.x) - including various
SSL improvements, SPDY 3.1 support, cache revalidation with conditional
requests, auth request module and more. Resolves CVE-2013-4547.
files/nginx.sh now has a configtest command for lazy admins (me) who don't
want to remember command line options. CHANGELOG:

Changes with nginx 1.5.13                                        08 Apr 2014

    *) Change: improved hash table handling; the default values of the
       "variables_hash_max_size" and "types_hash_bucket_size" were changed
       to 1024 and 64 respectively.
    *) Feature: the ngx_http_mp4_module now supports the "end" argument.
    *) Feature: byte ranges support in the ngx_http_mp4_module and while
       saving responses to cache.
    *) Bugfix: alerts "ngx_slab_alloc() failed: no memory" no longer logged
       when using shared memory in the "ssl_session_cache" directive and in
       the ngx_http_limit_req_module.
    *) Bugfix: the "underscores_in_headers" directive did not allow
       underscore as a first character of a header.
    *) Bugfix: cache manager might hog CPU on exit in nginx/Windows.
    *) Bugfix: nginx/Windows terminated abnormally if the
       "ssl_session_cache" directive was used with the "shared" parameter.
    *) Bugfix: in the ngx_http_spdy_module.

Changes with nginx 1.5.12                                        18 Mar 2014

    *) Security: a heap memory buffer overflow might occur in a worker
       process while handling a specially crafted request by
       ngx_http_spdy_module, potentially resulting in arbitrary code
       execution (CVE-2014-0133).
    *) Feature: the "proxy_protocol" parameters of the "listen" and
       "real_ip_header" directives, the $proxy_protocol_addr variable.
    *) Bugfix: in the "fastcgi_next_upstream" directive.

Changes with nginx 1.5.11                                        04 Mar 2014

    *) Security: memory corruption might occur in a worker process on 32-bit
       platforms while handling a specially crafted request by
       ngx_http_spdy_module, potentially resulting in arbitrary code
       execution (CVE-2014-0088); the bug had appeared in 1.5.10.
    *) Feature: the $ssl_session_reused variable.
    *) Bugfix: the "client_max_body_size" directive might not work when
       reading a request body using chunked transfer encoding; the bug had
       appeared in 1.3.9.
    *) Bugfix: a segmentation fault might occur in a worker process when
       proxying WebSocket connections.
    *) Bugfix: a segmentation fault might occur in a worker process if the
       ngx_http_spdy_module was used on 32-bit platforms; the bug had
       appeared in 1.5.10.
    *) Bugfix: the $upstream_status variable might contain wrong data if the
       "proxy_cache_use_stale" or "proxy_cache_revalidate" directives were
       used.
    *) Bugfix: a segmentation fault might occur in a worker process if
       errors with code 400 were redirected to a named location using the
       "error_page" directive.
    *) Bugfix: nginx/Windows could not be built with Visual Studio 2013.

Changes with nginx 1.5.10                                        04 Feb 2014

    *) Feature: the ngx_http_spdy_module now uses SPDY 3.1 protocol.
    *) Feature: the ngx_http_mp4_module now skips tracks too short for a
       seek requested.
    *) Bugfix: a segmentation fault might occur in a worker process if the
       $ssl_session_id variable was used in logs; the bug had appeared in
       1.5.9.
    *) Bugfix: the $date_local and $date_gmt variables used wrong format
       outside of the ngx_http_ssi_filter_module.
    *) Bugfix: client connections might be immediately closed if deferred
       accept was used; the bug had appeared in 1.3.15.
    *) Bugfix: alerts "getsockopt(TCP_FASTOPEN) ... failed" appeared in logs
       during binary upgrade on Linux; the bug had appeared in 1.5.8.

Changes with nginx 1.5.9                                         22 Jan 2014

    *) Change: now nginx expects escaped URIs in "X-Accel-Redirect" headers.
    *) Feature: the "ssl_buffer_size" directive.
    *) Feature: the "limit_rate" directive can now be used to rate limit
       responses sent in SPDY connections.
    *) Feature: the "spdy_chunk_size" directive.
    *) Feature: the "ssl_session_tickets" directive.
    *) Bugfix: the $ssl_session_id variable contained full session
       serialized instead of just a session id.
    *) Bugfix: nginx incorrectly handled escaped "?" character in the
       "include" SSI command.
    *) Bugfix: the ngx_http_dav_module did not unescape destination URI of
       the COPY and MOVE methods.
    *) Bugfix: resolver did not understand domain names with a trailing dot.
    *) Bugfix: alerts "zero size buf in output" might appear in logs while
       proxying; the bug had appeared in 1.3.9.
    *) Bugfix: a segmentation fault might occur in a worker process if the
       ngx_http_spdy_module was used.
    *) Bugfix: proxied WebSocket connections might hang right after
       handshake if the select, poll, or /dev/poll methods were used.
    *) Bugfix: the "xclient" directive of the mail proxy module incorrectly
       handled IPv6 client addresses.

Changes with nginx 1.5.8                                         17 Dec 2013

    *) Feature: IPv6 support in resolver.
    *) Feature: the "listen" directive supports the "fastopen" parameter.
    *) Feature: SSL support in the ngx_http_uwsgi_module.
    *) Feature: vim syntax highlighting scripts were added to contrib.
    *) Bugfix: a timeout might occur while reading client request body in an
       SSL connection using chunked transfer encoding.
    *) Bugfix: the "master_process" directive did not work correctly in
       nginx/Windows.
    *) Bugfix: the "setfib" parameter of the "listen" directive might not
       work.
    *) Bugfix: in the ngx_http_spdy_module.

Changes with nginx 1.5.7                                         19 Nov 2013

    *) Security: a character following an unescaped space in a request line
       was handled incorrectly (CVE-2013-4547); the bug had appeared in
       0.8.41.
    *) Change: a logging level of auth_basic errors about no user/password
       provided has been lowered from "error" to "info".
    *) Feature: the "proxy_cache_revalidate", "fastcgi_cache_revalidate",
       "scgi_cache_revalidate", and "uwsgi_cache_revalidate" directives.
    *) Feature: the "ssl_session_ticket_key" directive.
    *) Bugfix: the directive "add_header Cache-Control ''" added a
       "Cache-Control" response header line with an empty value.
    *) Bugfix: the "satisfy any" directive might return 403 error instead of
       401 if auth_request and auth_basic directives were used.
    *) Bugfix: the "accept_filter" and "deferred" parameters of the "listen"
       directive were ignored for listen sockets created during binary
       upgrade.
    *) Bugfix: some data received from a backend with unbufferred proxy
       might not be sent to a client immediately if "gzip" or "gunzip"
       directives were used.
    *) Bugfix: in error handling in ngx_http_gunzip_filter_module.
    *) Bugfix: responses might hang if the ngx_http_spdy_module was used
       with the "auth_request" directive.
    *) Bugfix: memory leak in nginx/Windows.

Changes with nginx 1.5.6                                         01 Oct 2013

    *) Feature: the "fastcgi_buffering" directive.
    *) Feature: the "proxy_ssl_protocols" and "proxy_ssl_ciphers"
       directives.
    *) Feature: optimization of SSL handshakes when using long certificate
       chains.
    *) Feature: the mail proxy supports SMTP pipelining.
    *) Bugfix: in the ngx_http_auth_basic_module when using "$apr1$"
       password encryption method.
    *) Bugfix: in MacOSX, Cygwin, and nginx/Windows incorrect location might
       be used to process a request if locations were given using characters
       in different cases.
    *) Bugfix: automatic redirect with appended trailing slash for proxied
       locations might not work.
    *) Bugfix: in the mail proxy server.
    *) Bugfix: in the ngx_http_spdy_module.

Changes with nginx 1.5.5                                         17 Sep 2013

    *) Change: now nginx assumes HTTP/1.0 by default if it is not able to
       detect protocol reliably.
    *) Feature: the "disable_symlinks" directive now uses O_PATH on Linux.
    *) Feature: now nginx uses EPOLLRDHUP events to detect premature
       connection close by clients if the "epoll" method is used.
    *) Bugfix: in the "valid_referers" directive if the "server_names"
       parameter was used.
    *) Bugfix: the $request_time variable did not work in nginx/Windows.
    *) Bugfix: in the "image_filter" directive.
    *) Bugfix: OpenSSL 1.0.1f compatibility.

Changes with nginx 1.5.4                                         27 Aug 2013

    *) Change: the "js" extension MIME type has been changed to
       "application/javascript"; default value of the "charset_types"
       directive was changed accordingly.
    *) Change: now the "image_filter" directive with the "size" parameter
       returns responses with the "application/json" MIME type.
    *) Feature: the ngx_http_auth_request_module.
    *) Bugfix: a segmentation fault might occur on start or during
       reconfiguration if the "try_files" directive was used with an empty
       parameter.
    *) Bugfix: memory leak if relative paths were specified using variables
       in the "root" or "auth_basic_user_file" directives.
    *) Bugfix: the "valid_referers" directive incorrectly executed regular
       expressions if a "Referer" header started with "https://".
    *) Bugfix: responses might hang if subrequests were used and an SSL
       handshake error happened during subrequest processing.
    *) Bugfix: in the ngx_http_autoindex_module.
    *) Bugfix: in the ngx_http_spdy_module.

Changes with nginx 1.5.3                                         30 Jul 2013

    *) Change in internal API: now u->length defaults to -1 if working with
       backends in unbuffered mode.
    *) Change: now after receiving an incomplete response from a backend
       server nginx tries to send an available part of the response to a
       client, and then closes client connection.
    *) Bugfix: a segmentation fault might occur in a worker process if the
       ngx_http_spdy_module was used with the "client_body_in_file_only"
       directive.
    *) Bugfix: the "so_keepalive" parameter of the "listen" directive might
       be handled incorrectly on DragonFlyBSD.
    *) Bugfix: in the ngx_http_xslt_filter_module.
    *) Bugfix: in the ngx_http_sub_filter_module.

Changes with nginx 1.5.2                                         02 Jul 2013

    *) Feature: now several "error_log" directives can be used.
    *) Bugfix: the $r->header_in() embedded perl method did not return value
       of the "Cookie" and "X-Forwarded-For" request header lines; the bug
       had appeared in 1.3.14.
    *) Bugfix: in the ngx_http_spdy_module.
    *) Bugfix: nginx could not be built on Linux with x32 ABI.

Changes with nginx 1.5.1                                         04 Jun 2013

    *) Feature: the "ssi_last_modified", "sub_filter_last_modified", and
       "xslt_last_modified" directives.
    *) Feature: the "http_403" parameter of the "proxy_next_upstream",
       "fastcgi_next_upstream", "scgi_next_upstream", and
       "uwsgi_next_upstream" directives.
    *) Feature: the "allow" and "deny" directives now support unix domain
       sockets.
    *) Bugfix: nginx could not be built with the ngx_mail_ssl_module, but
       without ngx_http_ssl_module; the bug had appeared in 1.3.14.
    *) Bugfix: in the "proxy_set_body" directive.
    *) Bugfix: in the "lingering_time" directive.
    *) Bugfix: the "fail_timeout" parameter of the "server" directive in the
       "upstream" context might not work if "max_fails" parameter was used;
       the bug had appeared in 1.3.0.
    *) Bugfix: a segmentation fault might occur in a worker process if the
       "ssl_stapling" directive was used.
    *) Bugfix: in the mail proxy server.
    *) Bugfix: nginx/Windows might stop accepting connections if several
       worker processes were used.

Changes with nginx 1.5.0                                         07 May 2013

    *) Security: a stack-based buffer overflow might occur in a worker
       process while handling a specially crafted request, potentially
       resulting in arbitrary code execution (CVE-2013-2028); the bug had
       appeared in 1.3.9.
2014-04-27 11:05:45 +00:00
imil
9600b1a039 Fixed LuaJIT2 linking for the Lua module. 2014-03-26 13:31:22 +00:00
imil
e7fb83a0be Added form-input https://github.com/calio/form-input-nginx-module and
encrypted-session https://github.com/agentzh/encrypted-session-nginx-module
2014-03-21 21:41:19 +00:00
imil
0a190bf366 Added array-var-nginx-module https://github.com/agentzh/array-var-nginx-module 2014-03-21 11:36:47 +00:00
imil
8a89a87d9d Added ngx_set_misc http://wiki.nginx.org/HttpSetMiscModule and ngx_headers_more
http://wiki.nginx.org/HttpHeadersMoreModule
2014-03-20 22:19:35 +00:00
imil
98208ab1bf Added the `echo' module: http://wiki.nginx.org/HttpEchoModule 2014-03-19 18:01:18 +00:00
imil
054a2fe3ae Changes with nginx 1.4.7 18 Mar 2014
*) Security: a heap memory buffer overflow might occur in a worker
       process while handling a specially crafted request by
       ngx_http_spdy_module, potentially resulting in arbitrary code
       execution (CVE-2014-0133).
       Thanks to Lucas Molas, researcher at Programa STIC, Fundación Dr.
       Manuel Sadosky, Buenos Aires, Argentina.

    *) Bugfix: in the "fastcgi_next_upstream" directive.
       Thanks to Lucas Molas.
2014-03-19 14:14:31 +00:00
imil
6c82a752a4 A new module was added, worth a revision. 2014-03-14 11:34:25 +00:00
imil
469b6d7fb9 * Updated the naxsi module to latest 0.53-2
* Added Lua support: https://github.com/chaoslawful/lua-nginx-module
2014-03-14 11:30:57 +00:00
jperkin
222f8dc36b Import initial SMF support for individual packages. 2014-03-11 14:34:36 +00:00
jperkin
45bc40abb4 Remove example rc.d scripts from PLISTs.
These are now handled dynamically if INIT_SYSTEM is set to "rc.d", or
ignored otherwise.
2014-03-11 14:04:57 +00:00
rodent
46a6901106 Changes with nginx 1.4.6 04 Mar 2014
*) Bugfix: the "client_max_body_size" directive might not work when
       reading a request body using chunked transfer encoding; the bug had
       appeared in 1.3.9.
       Thanks to Lucas Molas.

    *) Bugfix: a segmentation fault might occur in a worker process when
       proxying WebSocket connections.
2014-03-09 13:34:02 +00:00
rodent
6e52460744 Updated to latest release, 1.4.5, released on 2014-02-11. From CHANGES-1.4:
*) Bugfix: the $ssl_session_id variable contained full session
   serialized instead of just a session id.
   Thanks to Ivan Risti\u0107.

*) Bugfix: client connections might be immediately closed if deferred
   accept was used; the bug had appeared in 1.3.15.

*) Bugfix: alerts "zero size buf in output" might appear in logs while
   proxying; the bug had appeared in 1.3.9.

*) Bugfix: a segmentation fault might occur in a worker process if the
   ngx_http_spdy_module was used.

*) Bugfix: proxied WebSocket connections might hang right after
   handshake if the select, poll, or /dev/poll methods were used.

*) Bugfix: a timeout might occur while reading client request body in an
   SSL connection using chunked transfer encoding.

*) Bugfix: memory leak in nginx/Windows.
2014-03-01 20:14:44 +00:00
tron
c64e9eb269 Recursive PKGREVISION bump for OpenSSL API version bump. 2014-02-12 23:18:26 +00:00
rodent
b17b86139e CONFIGURE_ARGS+=--with-pcre-jit for the pcre option. If pcre isn't compiled
with --enable-jit, this option doesn't break the build. If it is, users can
still disable this feature by setting pcre_jit=off in nginx.conf.
2014-01-31 03:09:19 +00:00
imil
537fecae91 Updated to nginx 1.4.4
Changes with nginx 1.4.4                                         19 Nov 2013

    *) Security: a character following an unescaped space in a request line
       was handled incorrectly (CVE-2013-4547); the bug had appeared in
       0.8.41.
       Thanks to Ivan Fratric of the Google Security Team.


Changes with nginx 1.4.3                                         08 Oct 2013

    *) Bugfix: a segmentation fault might occur in a worker process if the
       ngx_http_spdy_module was used with the "client_body_in_file_only"
       directive.

    *) Bugfix: a segmentation fault might occur on start or during
       reconfiguration if the "try_files" directive was used with an empty
       parameter.

    *) Bugfix: the $request_time variable did not work in nginx/Windows.

    *) Bugfix: in the ngx_http_auth_basic_module when using "$apr1$"
       password encryption method.
       Thanks to Markus Linnala.

    *) Bugfix: in the ngx_http_autoindex_module.

    *) Bugfix: in the mail proxy server.
2013-12-05 15:09:58 +00:00
obache
4a646b438b recursive bump from graphics/gd shlib major bump. 2013-09-04 12:31:24 +00:00
imil
d4b395cd6c Updated naxsi to 0.51-1, fixing a mistake leading to possible build error
with 0.51
2013-08-18 08:06:38 +00:00
imil
2b65326bba Updated nginx to 1.4.2 and naxsi to 0.51
Changes with nginx 1.4.2

    *) Bugfix: the $r->header_in() embedded perl method did not return value
       of the "Cookie" and "X-Forwarded-For" request header lines; the bug
       had appeared in 1.3.14.

    *) Bugfix: nginx could not be built with the ngx_mail_ssl_module, but
       without ngx_http_ssl_module; the bug had appeared in 1.3.14.

    *) Bugfix: in the "proxy_set_body" directive.
       Thanks to Lanshun Zhou.

    *) Bugfix: the "fail_timeout" parameter of the "server" directive in the
       "upstream" context might not work if "max_fails" parameter was used;
       the bug had appeared in 1.3.0.

    *) Bugfix: a segmentation fault might occur in a worker process if the
       "ssl_stapling" directive was used.
       Thanks to Piotr Sikora.

    *) Bugfix: nginx/Windows might stop accepting connections if several
       worker processes were used.
2013-08-18 08:03:19 +00:00
jperkin
b091c2f172 Bump PKGREVISION of all packages which create users, to pick up change of
sysutils/user_* packages.
2013-07-12 10:44:52 +00:00
tron
a36fb86593 Try to fix the fallout caused by the fix for PR pkg/47882. Part 3:
Recursively bump package revisions again after the "freetype2" and
"fontconfig" handling was fixed.
2013-06-04 22:15:37 +00:00
wiz
53745b22ea Bump freetype2 and fontconfig dependencies to current pkgsrc versions,
to address issues with NetBSD-6(and earlier)'s fontconfig not being
new enough for pango.

While doing that, also bump freetype2 dependency to current pkgsrc
version.

Suggested by tron in PR 47882
2013-06-03 10:05:17 +00:00
shattered
7dabf7cd75 Delint. 2013-05-25 18:18:58 +00:00
imil
068f543108 Updated to 1.4.1 - fixes CVE-2013-2028 2013-05-07 14:04:46 +00:00
imil
8aadc04a47 Updated the naxsi WAF module to 0.50. Forms multipart parsing improved. 2013-04-25 11:27:19 +00:00
imil
2536ae1f94 Updated nginx stable to 1.4.0. Notable improvements regarding latest stable
version are:

. SPDY protocol support
. WebSocket connections
. OCSP Stapling
. gunzip module
. flood prevention through rejection codes

Full changelog:

Changes with nginx 1.4.0                                         24 Apr 2013

    *) Bugfix: nginx could not be built with the ngx_http_perl_module if the
       --with-openssl option was used; the bug had appeared in 1.3.16.

    *) Bugfix: in a request body handling in the ngx_http_perl_module; the
       bug had appeared in 1.3.9.


Changes with nginx 1.3.16                                        16 Apr 2013

    *) Bugfix: a segmentation fault might occur in a worker process if
       subrequests were used; the bug had appeared in 1.3.9.

    *) Bugfix: the "tcp_nodelay" directive caused an error if a WebSocket
       connection was proxied into a unix domain socket.

    *) Bugfix: the $upstream_response_length variable has an incorrect value
       "0" if buffering was not used.
       Thanks to Piotr Sikora.

    *) Bugfix: in the eventport and /dev/poll methods.


Changes with nginx 1.3.15                                        26 Mar 2013

    *) Change: opening and closing a connection without sending any data in
       it is no longer logged to access_log with error code 400.

    *) Feature: the ngx_http_spdy_module.
       Thanks to Automattic for sponsoring this work.

    *) Feature: the "limit_req_status" and "limit_conn_status" directives.
       Thanks to Nick Marden.

    *) Feature: the "image_filter_interlace" directive.
       Thanks to Ian Babrou.

    *) Feature: $connections_waiting variable in the
       ngx_http_stub_status_module.

    *) Feature: the mail proxy module now supports IPv6 backends.

    *) Bugfix: request body might be transmitted incorrectly when retrying a
       request to the next upstream server; the bug had appeared in 1.3.9.
       Thanks to Piotr Sikora.

    *) Bugfix: in the "client_body_in_file_only" directive; the bug had
       appeared in 1.3.9.

    *) Bugfix: responses might hang if subrequests were used and a DNS error
       happened during subrequest processing.
       Thanks to Lanshun Zhou.

    *) Bugfix: in backend usage accounting.


Changes with nginx 1.3.14                                        05 Mar 2013

    *) Feature: $connections_active, $connections_reading, and
       $connections_writing variables in the ngx_http_stub_status_module.

    *) Feature: support of WebSocket connections in the
       ngx_http_uwsgi_module and ngx_http_scgi_module.

    *) Bugfix: in virtual servers handling with SNI.

    *) Bugfix: new sessions were not always stored if the "ssl_session_cache
       shared" directive was used and there was no free space in shared
       memory.
       Thanks to Piotr Sikora.

    *) Bugfix: multiple X-Forwarded-For headers were handled incorrectly.
       Thanks to Neal Poole for sponsoring this work.

    *) Bugfix: in the ngx_http_mp4_module.
       Thanks to Gernot Vormayr.


Changes with nginx 1.3.13                                        19 Feb 2013

    *) Change: a compiler with name "cc" is now used by default.

    *) Feature: support for proxying of WebSocket connections.
       Thanks to Apcera and CloudBees for sponsoring this work.

    *) Feature: the "auth_basic_user_file" directive supports "{SHA}"
       password encryption method.
       Thanks to Louis Opter.


Changes with nginx 1.3.12                                        05 Feb 2013

    *) Feature: variables support in the "proxy_bind", "fastcgi_bind",
       "memcached_bind", "scgi_bind", and "uwsgi_bind" directives.

    *) Feature: the $pipe, $request_length, $time_iso8601, and $time_local
       variables can now be used not only in the "log_format" directive.
       Thanks to Kiril Kalchev.

    *) Feature: IPv6 support in the ngx_http_geoip_module.
       Thanks to Gregor Kali¨nik.

    *) Bugfix: in the "proxy_method" directive.

    *) Bugfix: a segmentation fault might occur in a worker process if
       resolver was used with the poll method.

    *) Bugfix: nginx might hog CPU during SSL handshake with a backend if
       the select, poll, or /dev/poll methods were used.

    *) Bugfix: the "[crit] SSL_write() failed (SSL:)" error.

    *) Bugfix: in the "client_body_in_file_only" directive; the bug had
       appeared in 1.3.9.

    *) Bugfix: in the "fastcgi_keep_conn" directive.


Changes with nginx 1.3.11                                        10 Jan 2013

    *) Bugfix: a segmentation fault might occur if logging was used; the bug
       had appeared in 1.3.10.

    *) Bugfix: the "proxy_pass" directive did not work with IP addresses
       without port specified; the bug had appeared in 1.3.10.

    *) Bugfix: a segmentation fault occurred on start or during
       reconfiguration if the "keepalive" directive was specified more than
       once in a single upstream block.

    *) Bugfix: parameter "default" of the "geo" directive did not set
       default value for IPv6 addresses.


Changes with nginx 1.3.10                                        25 Dec 2012

    *) Change: domain names specified in configuration file are now resolved
       to IPv6 addresses as well as IPv4 ones.

    *) Change: now if the "include" directive with mask is used on Unix
       systems, included files are sorted in alphabetical order.

    *) Change: the "add_header" directive adds headers to 201 responses.

    *) Feature: the "geo" directive now supports IPv6 addresses in CIDR
       notation.

    *) Feature: the "flush" and "gzip" parameters of the "access_log"
       directive.

    *) Feature: variables support in the "auth_basic" directive.

    *) Bugfix: nginx could not be built with the ngx_http_perl_module in
       some cases.

    *) Bugfix: a segmentation fault might occur in a worker process if the
       ngx_http_xslt_module was used.

    *) Bugfix: nginx could not be built on MacOSX in some cases.
       Thanks to Piotr Sikora.

    *) Bugfix: the "limit_rate" directive with high rates might result in
       truncated responses on 32-bit platforms.
       Thanks to Alexey Antropov.

    *) Bugfix: a segmentation fault might occur in a worker process if the
       "if" directive was used.
       Thanks to Piotr Sikora.

    *) Bugfix: a "100 Continue" response was issued with "413 Request Entity
       Too Large" responses.

    *) Bugfix: the "image_filter", "image_filter_jpeg_quality" and
       "image_filter_sharpen" directives might be inherited incorrectly.
       Thanks to Ian Babrou.

    *) Bugfix: "crypt_r() failed" errors might appear if the "auth_basic"
       directive was used on Linux.

    *) Bugfix: in backup servers handling.
       Thanks to Thomas Chen.

    *) Bugfix: proxied HEAD requests might return incorrect response if the
       "gzip" directive was used.


Changes with nginx 1.3.9                                         27 Nov 2012

    *) Feature: support for chunked transfer encoding while reading client
       request body.

    *) Feature: the $request_time and $msec variables can now be used not
       only in the "log_format" directive.

    *) Bugfix: cache manager and cache loader processes might not be able to
       start if more than 512 listen sockets were used.

    *) Bugfix: in the ngx_http_dav_module.


Changes with nginx 1.3.8                                         30 Oct 2012

    *) Feature: the "optional_no_ca" parameter of the "ssl_verify_client"
       directive.
       Thanks to Mike Kazantsev and Eric O'Connor.

    *) Feature: the $bytes_sent, $connection, and $connection_requests
       variables can now be used not only in the "log_format" directive.
       Thanks to Benjamin Grössing.

    *) Feature: the "auto" parameter of the "worker_processes" directive.

    *) Bugfix: "cache file ... has md5 collision" alert.

    *) Bugfix: in the ngx_http_gunzip_filter_module.

    *) Bugfix: in the "ssl_stapling" directive.


Changes with nginx 1.3.7                                         02 Oct 2012

    *) Feature: OCSP stapling support.
       Thanks to Comodo, DigiCert and GlobalSign for sponsoring this work.

    *) Feature: the "ssl_trusted_certificate" directive.

    *) Feature: resolver now randomly rotates addresses returned from cache.
       Thanks to Anton Jouline.

    *) Bugfix: OpenSSL 0.9.7 compatibility.


Changes with nginx 1.3.6                                         12 Sep 2012

    *) Feature: the ngx_http_gunzip_filter_module.

    *) Feature: the "memcached_gzip_flag" directive.

    *) Feature: the "always" parameter of the "gzip_static" directive.

    *) Bugfix: in the "limit_req" directive; the bug had appeared in 1.1.14.
       Thanks to Charles Chen.

    *) Bugfix: nginx could not be built by gcc 4.7 with -O2 optimization if
       the --with-ipv6 option was used.


Changes with nginx 1.3.5                                         21 Aug 2012

    *) Change: the ngx_http_mp4_module module no longer skips tracks in
       formats other than H.264 and AAC.

    *) Bugfix: a segmentation fault might occur in a worker process if the
       "map" directive was used with variables as values.

    *) Bugfix: a segmentation fault might occur in a worker process if the
       "geo" directive was used with the "ranges" parameter but without the
       "default" parameter; the bug had appeared in 0.8.43.
       Thanks to Zhen Chen and Weibin Yao.

    *) Bugfix: in the -p command-line parameter handling.

    *) Bugfix: in the mail proxy server.

    *) Bugfix: of minor potential bugs.
       Thanks to Coverity.

    *) Bugfix: nginx/Windows could not be built with Visual Studio 2005
       Express.
       Thanks to HAYASHI Kentaro.


Changes with nginx 1.3.4                                         31 Jul 2012

    *) Change: the "ipv6only" parameter is now turned on by default for
       listening IPv6 sockets.

    *) Feature: the Clang compiler support.

    *) Bugfix: extra listening sockets might be created.
       Thanks to Roman Odaisky.

    *) Bugfix: nginx/Windows might hog CPU if a worker process failed to
       start.
       Thanks to Ricardo Villalobos Guevara.

    *) Bugfix: the "proxy_pass_header", "fastcgi_pass_header",
       "scgi_pass_header", "uwsgi_pass_header", "proxy_hide_header",
       "fastcgi_hide_header", "scgi_hide_header", and "uwsgi_hide_header"
       directives might be inherited incorrectly.


Changes with nginx 1.3.3                                         10 Jul 2012

    *) Feature: entity tags support and the "etag" directive.

    *) Bugfix: trailing dot in a source value was not ignored if the "map"
       directive was used with the "hostnames" parameter.

    *) Bugfix: incorrect location might be used to process a request if a
       URI was changed via a "rewrite" directive before an internal redirect
       to a named location.


Changes with nginx 1.3.2                                         26 Jun 2012

    *) Change: the "single" parameter of the "keepalive" directive is now
       ignored.

    *) Change: SSL compression is now disabled when using all versions of
       OpenSSL, including ones prior to 1.0.0.

    *) Feature: it is now possible to use the "ip_hash" directive to balance
       IPv6 clients.

    *) Feature: the $status variable can now be used not only in the
       "log_format" directive.

    *) Bugfix: a segmentation fault might occur in a worker process on
       shutdown if the "resolver" directive was used.

    *) Bugfix: a segmentation fault might occur in a worker process if the
       ngx_http_mp4_module was used.

    *) Bugfix: in the ngx_http_mp4_module.

    *) Bugfix: a segmentation fault might occur in a worker process if
       conflicting wildcard server names were used.

    *) Bugfix: nginx might be terminated abnormally on a SIGBUS signal on
       ARM platform.

    *) Bugfix: an alert "sendmsg() failed (9: Bad file number)" on HP-UX
       while reconfiguration.


Changes with nginx 1.3.1                                         05 Jun 2012

    *) Security: now nginx/Windows ignores trailing dot in URI path
       component, and does not allow URIs with ":$" in it.
       Thanks to Vladimir Kochetkov, Positive Research Center.

    *) Feature: the "proxy_pass", "fastcgi_pass", "scgi_pass", "uwsgi_pass"
       directives, and the "server" directive inside the "upstream" block,
       now support IPv6 addresses.

    *) Feature: the "resolver" directive now supports IPv6 addresses and an
       optional port specification.

    *) Feature: the "least_conn" directive inside the "upstream" block.

    *) Feature: it is now possible to specify a weight for servers while
       using the "ip_hash" directive.

    *) Bugfix: a segmentation fault might occur in a worker process if the
       "image_filter" directive was used; the bug had appeared in 1.3.0.

    *) Bugfix: nginx could not be built with ngx_cpp_test_module; the bug
       had appeared in 1.1.12.

    *) Bugfix: access to variables from SSI and embedded perl module might
       not work after reconfiguration.
       Thanks to Yichun Zhang.

    *) Bugfix: in the ngx_http_xslt_filter_module.
       Thanks to Kuramoto Eiji.

    *) Bugfix: memory leak if $geoip_org variable was used.
       Thanks to Denis F. Latypoff.

    *) Bugfix: in the "proxy_cookie_domain" and "proxy_cookie_path"
       directives.


Changes with nginx 1.3.0                                         15 May 2012

    *) Feature: the "debug_connection" directive now supports IPv6 addresses
       and the "unix:" parameter.

    *) Feature: the "set_real_ip_from" directive and the "proxy" parameter
       of the "geo" directive now support IPv6 addresses.

    *) Feature: the "real_ip_recursive", "geoip_proxy", and
       "geoip_proxy_recursive" directives.

    *) Feature: the "proxy_recursive" parameter of the "geo" directive.

    *) Bugfix: a segmentation fault might occur in a worker process if the
       "resolver" directive was used.

    *) Bugfix: a segmentation fault might occur in a worker process if the
       "fastcgi_pass", "scgi_pass", or "uwsgi_pass" directives were used and
       backend returned incorrect response.

    *) Bugfix: a segmentation fault might occur in a worker process if the
       "rewrite" directive was used and new request arguments in a
       replacement used variables.

    *) Bugfix: nginx might hog CPU if the open file resource limit was
       reached.

    *) Bugfix: nginx might loop infinitely over backends if the
       "proxy_next_upstream" directive with the "http_404" parameter was
       used and there were backup servers specified in an upstream block.

    *) Bugfix: adding the "down" parameter of the "server" directive might
       cause unneeded client redistribution among backend servers if the
       "ip_hash" directive was used.

    *) Bugfix: socket leak.
       Thanks to Yichun Zhang.

    *) Bugfix: in the ngx_http_fastcgi_module.
2013-04-25 11:10:49 +00:00
imil
7039e6ead4 Added SPDY option to options.mk 2013-04-19 07:25:18 +00:00
imil
c8b159fe47 Changes with nginx 1.2.8
*) Bugfix: new sessions were not always stored if the "ssl_session_cache
       shared" directive was used and there was no free space in shared
       memory.
       Thanks to Piotr Sikora.

    *) Bugfix: responses might hang if subrequests were used and a DNS error
       happened during subrequest processing.
       Thanks to Lanshun Zhou.

    *) Bugfix: in the ngx_http_mp4_module.
       Thanks to Gernot Vormayr.

    *) Bugfix: in backend usage accounting.
2013-04-17 19:53:52 +00:00
imil
0942955693 Updated DESCR with more recent figures. 2013-02-24 09:43:42 +00:00
imil
887201d12f Preparing www/nginx-devel import by splitting up Makefile into
Makefile + Makefile.common. nginx is highly backward compatible
and 99% of stable series Makefile applies to devel.

Bumping PKGREVISION
2013-02-22 15:37:58 +00:00
imil
f242a1fbeb Changes with nginx 1.2.7
*) Change: now if the "include" directive with mask is used on Unix
       systems, included files are sorted in alphabetical order.

    *) Change: the "add_header" directive adds headers to 201 responses.

    *) Feature: the "geo" directive now supports IPv6 addresses in CIDR
       notation.

    *) Feature: the "flush" and "gzip" parameters of the "access_log"
       directive.

    *) Feature: variables support in the "auth_basic" directive.

    *) Feature: the $pipe, $request_length, $time_iso8601, and $time_local
       variables can now be used not only in the "log_format" directive.
       Thanks to Kiril Kalchev.

    *) Feature: IPv6 support in the ngx_http_geoip_module.
       Thanks to Gregor Kali¨nik.

    *) Bugfix: nginx could not be built with the ngx_http_perl_module in
       some cases.

    *) Bugfix: a segmentation fault might occur in a worker process if the
       ngx_http_xslt_module was used.

    *) Bugfix: nginx could not be built on MacOSX in some cases.
       Thanks to Piotr Sikora.

    *) Bugfix: the "limit_rate" directive with high rates might result in
       truncated responses on 32-bit platforms.
       Thanks to Alexey Antropov.

    *) Bugfix: a segmentation fault might occur in a worker process if the
       "if" directive was used.
       Thanks to Piotr Sikora.

    *) Bugfix: a "100 Continue" response was issued with "413 Request Entity
       Too Large" responses.

    *) Bugfix: the "image_filter", "image_filter_jpeg_quality" and
       "image_filter_sharpen" directives might be inherited incorrectly.
       Thanks to Ian Babrou.

    *) Bugfix: "crypt_r() failed" errors might appear if the "auth_basic"
       directive was used on Linux.

    *) Bugfix: in backup servers handling.
       Thanks to Thomas Chen.

    *) Bugfix: proxied HEAD requests might return incorrect response if the
       "gzip" directive was used.

    *) Bugfix: a segmentation fault occurred on start or during
       reconfiguration if the "keepalive" directive was specified more than
       once in a single upstream block.

    *) Bugfix: in the "proxy_method" directive.

    *) Bugfix: a segmentation fault might occur in a worker process if
       resolver was used with the poll method.

    *) Bugfix: nginx might hog CPU during SSL handshake with a backend if
       the select, poll, or /dev/poll methods were used.

    *) Bugfix: the "[crit] SSL_write() failed (SSL:)" error.

    *) Bugfix: in the "fastcgi_keep_conn" directive.

+ updated MESSAGES in order to show a working logrotate.
2013-02-18 20:32:09 +00:00
wiz
d1b820f37b Recursive bump for png-1.6. 2013-02-16 11:18:58 +00:00
jperkin
becd113253 PKGREVISION bumps for the security/openssl 1.0.1d update. 2013-02-06 23:20:50 +00:00
imil
3b3961c229 Changes with nginx 1.2.6
*) Feature: the $request_time and $msec variables can now be used not
       only in the "log_format" directive.

    *) Bugfix: cache manager and cache loader processes might not be able to
       start if more than 512 listen sockets were used.

    *) Bugfix: in the ngx_http_dav_module.

+ Under NetBSD 5.1_STABLE, a large number of included vhosts led to SEGV, this
does not occur with nginx 1.2.6.
2013-02-03 19:47:43 +00:00
imil
3457b9027b Updated naxsi, the Web Application Firewall module to version 0.49
* Added support for runtime modifiers
* Minor bugfixes
2013-01-29 12:36:40 +00:00
adam
f4c3b89da7 Revbump after graphics/jpeg and textproc/icu 2013-01-26 21:36:13 +00:00
fhajny
317c2cb81f Update www/nginx to 1.2.5.
Changes with nginx 1.2.5                                         13 Nov 2012

    *) Feature: the "optional_no_ca" parameter of the "ssl_verify_client"
       directive.
       Thanks to Mike Kazantsev and Eric O'Connor.

    *) Feature: the $bytes_sent, $connection, and $connection_requests
       variables can now be used not only in the "log_format" directive.
       Thanks to Benjamin Grossing.

    *) Feature: resolver now randomly rotates addresses returned from cache.
       Thanks to Anton Jouline.

    *) Feature: the "auto" parameter of the "worker_processes" directive.

    *) Bugfix: "cache file ... has md5 collision" alert.

    *) Bugfix: OpenSSL 0.9.7 compatibility.


Changes with nginx 1.2.4                                         25 Sep 2012

    *) Bugfix: in the "limit_req" directive; the bug had appeared in 1.1.14.
       Thanks to Charles Chen.

    *) Bugfix: nginx could not be built by gcc 4.7 with -O2 optimization if
       the --with-ipv6 option was used.

    *) Bugfix: a segmentation fault might occur in a worker process if the
       "map" directive was used with variables as values.

    *) Bugfix: a segmentation fault might occur in a worker process if the
       "geo" directive was used with the "ranges" parameter but without the
       "default" parameter; the bug had appeared in 0.8.43.
       Thanks to Zhen Chen and Weibin Yao.

    *) Bugfix: in the -p command-line parameter handling.

    *) Bugfix: in the mail proxy server.

    *) Bugfix: of minor potential bugs.
       Thanks to Coverity.

    *) Bugfix: nginx/Windows could not be built with Visual Studio 2005
       Express.
       Thanks to HAYASHI Kentaro.
2012-11-26 14:38:14 +00:00
asau
5eae6a18a3 Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-28 06:30:00 +00:00
shattered
66d2bfc90f Add option 'nginx-autodetect-cflags' (not set by default) -- fixes build
problem on Solaris with Sun compiler (nginx ticket 65).
2012-09-23 12:46:15 +00:00
imil
c8838b51bf Changes with nginx 1.2.3 07 Aug 2012
*) Feature: the Clang compiler support.

    *) Bugfix: extra listening sockets might be created.
       Thanks to Roman Odaisky.

    *) Bugfix: nginx/Windows might hog CPU if a worker process failed to
       start.
       Thanks to Ricardo Villalobos Guevara.

    *) Bugfix: the "proxy_pass_header", "fastcgi_pass_header",
       "scgi_pass_header", "uwsgi_pass_header", "proxy_hide_header",
       "fastcgi_hide_header", "scgi_hide_header", and "uwsgi_hide_header"
       directives might be inherited incorrectly.

    *) Bugfix: trailing dot in a source value was not ignored if the "map"
       directive was used with the "hostnames" parameter.

    *) Bugfix: incorrect location might be used to process a request if a
       URI was changed via a "rewrite" directive before an internal redirect
       to a named location.
2012-08-08 06:44:08 +00:00
imil
e0abe995c1 Changes with nginx 1.2.0 23 Apr 2012
*) Bugfix: a segmentation fault might occur in a worker process if the
       "try_files" directive was used; the bug had appeared in 1.1.19.

    *) Bugfix: response might be truncated if there were more than IOV_MAX
       buffers used.

    *) Bugfix: in the "crop" parameter of the "image_filter" directive.
       Thanks to Maxim Bublis.


Changes with nginx 1.1.19                                        12 Apr 2012

    *) Security: specially crafted mp4 file might allow to overwrite memory
       locations in a worker process if the ngx_http_mp4_module was used,
       potentially resulting in arbitrary code execution (CVE-2012-2089).
       Thanks to Matthew Daley.

    *) Bugfix: nginx/Windows might be terminated abnormally.
       Thanks to Vincent Lee.

    *) Bugfix: nginx hogged CPU if all servers in an upstream were marked as
       "backup".

    *) Bugfix: the "allow" and "deny" directives might be inherited
       incorrectly if they were used with IPv6 addresses.

    *) Bugfix: the "modern_browser" and "ancient_browser" directives might
       be inherited incorrectly.

    *) Bugfix: timeouts might be handled incorrectly on Solaris/SPARC.

    *) Bugfix: in the ngx_http_mp4_module.


Changes with nginx 1.1.18                                        28 Mar 2012

    *) Change: keepalive connections are no longer disabled for Safari by
       default.

    *) Feature: the $connection_requests variable.

    *) Feature: $tcpinfo_rtt, $tcpinfo_rttvar, $tcpinfo_snd_cwnd and
       $tcpinfo_rcv_space variables.

    *) Feature: the "worker_cpu_affinity" directive now works on FreeBSD.

    *) Feature: the "xslt_param" and "xslt_string_param" directives.
       Thanks to Samuel Behan.

    *) Bugfix: in configure tests.
       Thanks to Piotr Sikora.

    *) Bugfix: in the ngx_http_xslt_filter_module.

    *) Bugfix: nginx could not be built on Debian GNU/Hurd.


Changes with nginx 1.1.17                                        15 Mar 2012

    *) Security: content of previously freed memory might be sent to a
       client if backend returned specially crafted response.
       Thanks to Matthew Daley.

    *) Bugfix: in the embedded perl module if used from SSI.
       Thanks to Matthew Daley.

    *) Bugfix: in the ngx_http_uwsgi_module.


Changes with nginx 1.1.16                                        29 Feb 2012

    *) Change: the simultaneous subrequest limit has been raised to 200.

    *) Feature: the "from" parameter of the "disable_symlinks" directive.

    *) Feature: the "return" and "error_page" directives can now be used to
       return 307 redirections.

    *) Bugfix: a segmentation fault might occur in a worker process if the
       "resolver" directive was used and there was no "error_log" directive
       specified at global level.
       Thanks to Roman Arutyunyan.

    *) Bugfix: a segmentation fault might occur in a worker process if the
       "proxy_http_version 1.1" or "fastcgi_keep_conn on" directives were
       used.

    *) Bugfix: memory leaks.
       Thanks to Lanshun Zhou.

    *) Bugfix: in the "disable_symlinks" directive.

    *) Bugfix: on ZFS filesystem disk cache size might be calculated
       incorrectly; the bug had appeared in 1.0.1.

    *) Bugfix: nginx could not be built by the icc 12.1 compiler.

    *) Bugfix: nginx could not be built by gcc on Solaris; the bug had
       appeared in 1.1.15.


Changes with nginx 1.1.15                                        15 Feb 2012

    *) Feature: the "disable_symlinks" directive.

    *) Feature: the "proxy_cookie_domain" and "proxy_cookie_path"
       directives.

    *) Bugfix: nginx might log incorrect error "upstream prematurely closed
       connection" instead of correct "upstream sent too big header" one.
       Thanks to Feibo Li.

    *) Bugfix: nginx could not be built with the ngx_http_perl_module if the
       --with-openssl option was used.

    *) Bugfix: the number of internal redirects to named locations was not
       limited.

    *) Bugfix: calling $r->flush() multiple times might cause errors in the
       ngx_http_gzip_filter_module.

    *) Bugfix: temporary files might be not removed if the "proxy_store"
       directive was used with SSI includes.

    *) Bugfix: in some cases non-cacheable variables (such as the $args
       variable) returned old empty cached value.

    *) Bugfix: a segmentation fault might occur in a worker process if too
       many SSI subrequests were issued simultaneously; the bug had appeared
       in 0.7.25.


Changes with nginx 1.1.14                                        30 Jan 2012

    *) Feature: multiple "limit_req" limits may be used simultaneously.

    *) Bugfix: in error handling while connecting to a backend.
       Thanks to Piotr Sikora.

    *) Bugfix: in AIO error handling on FreeBSD.

    *) Bugfix: in the OpenSSL library initialization.

    *) Bugfix: the "proxy_redirect" directives might be inherited
       incorrectly.

    *) Bugfix: memory leak during reconfiguration if the "pcre_jit"
       directive was used.


Changes with nginx 1.1.13                                        16 Jan 2012

    *) Feature: the "TLSv1.1" and "TLSv1.2" parameters of the
       "ssl_protocols" directive.

    *) Bugfix: the "limit_req" directive parameters were not inherited
       correctly; the bug had appeared in 1.1.12.

    *) Bugfix: the "proxy_redirect" directive incorrectly processed
       "Refresh" header if regular expression were used.

    *) Bugfix: the "proxy_cache_use_stale" directive with "error" parameter
       did not return answer from cache if there were no live upstreams.

    *) Bugfix: the "worker_cpu_affinity" directive might not work.

    *) Bugfix: nginx could not be built on Solaris; the bug had appeared in
       1.1.12.

    *) Bugfix: in the ngx_http_mp4_module.


Changes with nginx 1.1.12                                        26 Dec 2011

    *) Change: a "proxy_pass" directive without URI part now uses changed
       URI after redirection with the "error_page" directive.
       Thanks to Lanshun Zhou.

    *) Feature: the "proxy/fastcgi/scgi/uwsgi_cache_lock",
       "proxy/fastcgi/scgi/uwsgi_cache_lock_timeout" directives.

    *) Feature: the "pcre_jit" directive.

    *) Feature: the "if" SSI command supports captures in regular
       expressions.

    *) Bugfix: the "if" SSI command did not work inside the "block" command.

    *) Bugfix: the "limit_conn_log_level" and "limit_req_log_level"
       directives might not work.

    *) Bugfix: the "limit_rate" directive did not allow to use full
       throughput, even if limit value was very high.

    *) Bugfix: the "sendfile_max_chunk" directive did not work, if the
       "limit_rate" directive was used.

    *) Bugfix: a "proxy_pass" directive without URI part always used
       original request URI if variables were used.

    *) Bugfix: a "proxy_pass" directive without URI part might use original
       request after redirection with the "try_files" directive.
       Thanks to Lanshun Zhou.

    *) Bugfix: in the ngx_http_scgi_module.

    *) Bugfix: in the ngx_http_mp4_module.

    *) Bugfix: nginx could not be built on Solaris; the bug had appeared in
       1.1.9.


Changes with nginx 1.1.11                                        12 Dec 2011

    *) Feature: the "so_keepalive" parameter of the "listen" directive.
       Thanks to Vsevolod Stakhov.

    *) Feature: the "if_not_empty" parameter of the
       "fastcgi/scgi/uwsgi_param" directives.

    *) Feature: the $https variable.

    *) Feature: the "proxy_redirect" directive supports variables in the
       first parameter.

    *) Feature: the "proxy_redirect" directive supports regular expressions.

    *) Bugfix: the $sent_http_cache_control variable might contain a wrong
       value if the "expires" directive was used.
       Thanks to Yichun Zhang.

    *) Bugfix: the "read_ahead" directive might not work combined with
       "try_files" and "open_file_cache".

    *) Bugfix: a segmentation fault might occur in a worker process if small
       time was used in the "inactive" parameter of the "proxy_cache_path"
       directive.

    *) Bugfix: responses from cache might hang.


Changes with nginx 1.1.10                                        30 Nov 2011

    *) Bugfix: a segmentation fault occured in a worker process if AIO was
       used on Linux; the bug had appeared in 1.1.9.


Changes with nginx 1.1.9                                         28 Nov 2011

    *) Change: now double quotes are encoded in an "echo" SSI-command
       output.
       Thanks to Zaur Abasmirzoev.

    *) Feature: the "valid" parameter of the "resolver" directive. By
       default TTL returned by a DNS server is used.
       Thanks to Kirill A. Korinskiy.

    *) Bugfix: nginx might hang after a worker process abnormal termination.

    *) Bugfix: a segmentation fault might occur in a worker process if SNI
       was used; the bug had appeared in 1.1.2.

    *) Bugfix: in the "keepalive_disable" directive; the bug had appeared in
       1.1.8.
       Thanks to Alexander Usov.

    *) Bugfix: SIGWINCH signal did not work after first binary upgrade; the
       bug had appeared in 1.1.1.

    *) Bugfix: backend responses with length not matching "Content-Length"
       header line are no longer cached.

    *) Bugfix: in the "scgi_param" directive, if complex parameters were
       used.

    *) Bugfix: in the "epoll" event method.
       Thanks to Yichun Zhang.

    *) Bugfix: in the ngx_http_flv_module.
       Thanks to Piotr Sikora.

    *) Bugfix: in the ngx_http_mp4_module.

    *) Bugfix: IPv6 addresses are now handled properly in a request line and
       in a "Host" request header line.

    *) Bugfix: "add_header" and "expires" directives did not work if a
       request was proxied and response status code was 206.

    *) Bugfix: nginx could not be built on FreeBSD 10.

    *) Bugfix: nginx could not be built on AIX.


Changes with nginx 1.1.8                                         14 Nov 2011

    *) Change: the ngx_http_limit_zone_module was renamed to the
       ngx_http_limit_conn_module.

    *) Change: the "limit_zone" directive was superseded by the
       "limit_conn_zone" directive with a new syntax.

    *) Feature: support for multiple "limit_conn" limits on the same level.

    *) Feature: the "image_filter_sharpen" directive.

    *) Bugfix: a segmentation fault might occur in a worker process if
       resolver got a big DNS response.
       Thanks to Ben Hawkes.

    *) Bugfix: in cache key calculation if internal MD5 implementation was
       used; the bug had appeared in 1.0.4.

    *) Bugfix: the "If-Modified-Since", "If-Range", etc. client request
       header lines might be passed to backend while caching; or not passed
       without caching if caching was enabled in another part of the
       configuration.

    *) Bugfix: the module ngx_http_mp4_module sent incorrect
       "Content-Length" response header line if the "start" argument was
       used.
       Thanks to Piotr Sikora.


Changes with nginx 1.1.7                                         31 Oct 2011

    *) Feature: support of several DNS servers in the "resolver" directive.
       Thanks to Kirill A. Korinskiy.

    *) Bugfix: a segmentation fault occurred on start or during
       reconfiguration if the "ssl" directive was used at http level and
       there was no "ssl_certificate" defined.

    *) Bugfix: reduced memory consumption while proxying big files if they
       were buffered to disk.

    *) Bugfix: a segmentation fault might occur in a worker process if
       "proxy_http_version 1.1" directive was used.

    *) Bugfix: in the "expires @time" directive.


Changes with nginx 1.1.6                                         17 Oct 2011

    *) Change in internal API: now module context data are cleared while
       internal redirect to named location.
       Requested by Yichun Zhang.

    *) Change: if a server in an upstream failed, only one request will be
       sent to it after fail_timeout; the server will be considered alive if
       it will successfully respond to the request.

    *) Change: now the 0x7F-0x1F characters are escaped as \xXX in an
       access_log.

    *) Feature: "proxy/fastcgi/scgi/uwsgi_ignore_headers" directives support
       the following additional values: X-Accel-Limit-Rate,
       X-Accel-Buffering, X-Accel-Charset.

    *) Feature: decrease of memory consumption if SSL is used.

    *) Bugfix: some UTF-8 characters were processed incorrectly.
       Thanks to Alexey Kuts.

    *) Bugfix: the ngx_http_rewrite_module directives specified at "server"
       level were executed twice if no matching locations were defined.

    *) Bugfix: a socket leak might occurred if "aio sendfile" was used.

    *) Bugfix: connections with fast clients might be closed after
       send_timeout if file AIO was used.

    *) Bugfix: in the ngx_http_autoindex_module.

    *) Bugfix: the module ngx_http_mp4_module did not support seeking on
       32-bit platforms.


Changes with nginx 1.1.5                                         05 Oct 2011

    *) Feature: the "uwsgi_buffering" and "scgi_buffering" directives.
       Thanks to Peter Smit.

    *) Bugfix: non-cacheable responses might be cached if
       "proxy_cache_bypass" directive was used.
       Thanks to John Ferlito.

    *) Bugfix: in HTTP/1.1 support in the ngx_http_proxy_module.

    *) Bugfix: cached responses with an empty body were returned
       incorrectly; the bug had appeared in 0.8.31.

    *) Bugfix: 201 responses of the ngx_http_dav_module were incorrect; the
       bug had appeared in 0.8.32.

    *) Bugfix: in the "return" directive.

    *) Bugfix: the "ssl_session_cache builtin" directive caused segmentation
       fault; the bug had appeared in 1.1.1.


Changes with nginx 1.1.4                                         20 Sep 2011

    *) Feature: the ngx_http_upstream_keepalive module.

    *) Feature: the "proxy_http_version" directive.

    *) Feature: the "fastcgi_keep_conn" directive.

    *) Feature: the "worker_aio_requests" directive.

    *) Bugfix: if nginx was built --with-file-aio it could not be run on
       Linux kernel which did not support AIO.

    *) Bugfix: in Linux AIO error processing.
       Thanks to Hagai Avrahami.

    *) Bugfix: reduced memory consumption for long-lived requests.

    *) Bugfix: the module ngx_http_mp4_module did not support 64-bit MP4
       "co64" atom.


Changes with nginx 1.1.3                                         14 Sep 2011

    *) Feature: the module ngx_http_mp4_module.

    *) Bugfix: in Linux AIO combined with open_file_cache.

    *) Bugfix: open_file_cache did not update file info on retest if file
       was not atomically changed.

    *) Bugfix: nginx could not be built on MacOSX 10.7.


Changes with nginx 1.1.2                                         05 Sep 2011

    *) Change: now if total size of all ranges is greater than source
       response size, then nginx disables ranges and returns just the source
       response.

    *) Feature: the "max_ranges" directive.

    *) Bugfix: the "ssl_verify_client", "ssl_verify_depth", and
       "ssl_prefer_server_ciphers" directives might work incorrectly if SNI
       was used.

    *) Bugfix: in the "proxy/fastcgi/scgi/uwsgi_ignore_client_abort"
       directives.


Changes with nginx 1.1.1                                         22 Aug 2011

    *) Change: now cache loader processes either as many files as specified
       by "loader_files" parameter or works no longer than time specified by
       the "loader_threshold" parameter during each iteration.

    *) Change: now SIGWINCH signal works only in daemon mode.

    *) Feature: now shared zones and caches use POSIX semaphores on Solaris.
       Thanks to Den Ivanov.

    *) Feature: accept filters are now supported on NetBSD.

    *) Bugfix: nginx could not be built on Linux 3.0.

    *) Bugfix: nginx did not use gzipping in some cases; the bug had
       appeared in 1.1.0.

    *) Bugfix: request body might be processed incorrectly if client used
       pipelining.

    *) Bugfix: in the "request_body_in_single_buf" directive.

    *) Bugfix: in "proxy_set_body" and "proxy_pass_request_body" directives
       if SSL connection to backend was used.

    *) Bugfix: nginx hogged CPU if all servers in an upstream were marked as
       "down".

    *) Bugfix: a segmentation fault might occur during reconfiguration if
       ssl_session_cache was defined but not used in previous configuration.

    *) Bugfix: a segmentation fault might occur in a worker process if many
       backup servers were used in an upstream.

    *) Bugfix: a segmentation fault might occur in a worker process if
       "fastcgi/scgi/uwsgi_param" directives were used with values starting
       with "HTTP_"; the bug had appeared in 0.8.40.


Changes with nginx 1.1.0                                         01 Aug 2011

    *) Feature: cache loader run time decrease.

    *) Feature: "loader_files", "loader_sleep", and "loader_threshold"
       options of the "proxy/fastcgi/scgi/uwsgi_cache_path" directives.

    *) Feature: loading time decrease of configuration with large number of
       HTTPS sites.

    *) Feature: now nginx supports ECDHE key exchange ciphers.
       Thanks to Adrian Kotelba.

    *) Feature: the "lingering_close" directive.
       Thanks to Maxim Dounin.

    *) Bugfix: in closing connection for pipelined requests.
       Thanks to Maxim Dounin.

    *) Bugfix: nginx did not disable gzipping if client sent "gzip;q=0" in
       "Accept-Encoding" request header line.

    *) Bugfix: in timeout in unbuffered proxied mode.
       Thanks to Maxim Dounin.

    *) Bugfix: memory leaks when a "proxy_pass" directive contains variables
       and proxies to an HTTPS backend.
       Thanks to Maxim Dounin.

    *) Bugfix: in parameter validaiton of a "proxy_pass" directive with
       variables.
       Thanks to Lanshun Zhou.

    *) Bugfix: SSL did not work on QNX.
       Thanks to Maxim Dounin.

    *) Bugfix: SSL modules could not be built by gcc 4.6 without
       --with-debug option.
2012-08-07 10:42:08 +00:00
imil
279e633173 While we are not supposed to revbump for a module that does not affect
standard package, that naxsi update is rather critical, people using that
option should upgrade.
2012-08-07 08:21:53 +00:00
imil
6db9c35b2b Updated naxsi to 0.48:
- Fixed support of LOG / ALLOW targets
- LOG target for rules and actions
- brings security improvements (HTTP Auth in nx_extract and file disclosure
  fixed in nx_extract)

No revbump as this does not affect nginx package itself.
2012-08-06 14:31:58 +00:00
wiz
f98e8b0585 Add inet6 to default suggested options. It's 2012. 2012-06-12 15:45:54 +00:00
imil
a745123d2e Added the naxsi (http://code.google.com/p/naxsi/) module, an applicative
firewall for nginx.
2012-04-21 10:32:47 +00:00
shattered
c5956677c4 Update to 1.0.15 and delint. Changes:
*) Security: specially crafted mp4 file might allow to overwrite memory
       locations in a worker process if the ngx_http_mp4_module was used,
       potentially resulting in arbitrary code execution (CVE-2012-2089).
2012-04-17 21:12:42 +00:00
fhajny
6df8e45b3d Update to nginx 1.0.14.
Changes with nginx 1.0.14

    *) Security: content of previously freed memory might be sent to a
       client if backend returned specially crafted response.
       Thanks to Matthew Daley.


Changes with nginx 1.0.13

    *) Feature: the "return" and "error_page" directives can now be used to
       return 307 redirections.

    *) Bugfix: a segmentation fault might occur in a worker process if the
       "resolver" directive was used and there was no "error_log" directive
       specified at global level.
       Thanks to Roman Arutyunyan.

    *) Bugfix: memory leaks.
       Thanks to Lanshun Zhou.

    *) Bugfix: nginx might log incorrect error "upstream prematurely closed
       connection" instead of correct "upstream sent too big header" one.
       Thanks to Feibo Li.

    *) Bugfix: on ZFS filesystem disk cache size might be calculated
       incorrectly; the bug had appeared in 1.0.1.

    *) Bugfix: the number of internal redirects to named locations was not
       limited.

    *) Bugfix: temporary files might be not removed if the "proxy_store"
       directive was used with SSI includes.

    *) Bugfix: in some cases non-cacheable variables (such as the $args
       variable) returned old empty cached value.

    *) Bugfix: the "proxy_redirect" directives might be inherited
       incorrectly.

    *) Bugfix: nginx could not be built with the ngx_http_perl_module if the
       --with-openssl option was used.

    *) Bugfix: nginx could not be built by the icc 12.1 compiler.


Changes with nginx 1.0.12

    *) Feature: the "TLSv1.1" and "TLSv1.2" parameters of the
       "ssl_protocols" directive.

    *) Feature: the "if" SSI command supports captures in regular
       expressions.

    *) Bugfix: the "if" SSI command did not work inside the "block" command.

    *) Bugfix: in AIO error handling on FreeBSD.

    *) Bugfix: in the OpenSSL library initialization.

    *) Bugfix: the "worker_cpu_affinity" directive might not work.

    *) Bugfix: the "limit_conn_log_level" and "limit_req_log_level"
       directives might not work.

    *) Bugfix: the "read_ahead" directive might not work combined with
       "try_files" and "open_file_cache".

    *) Bugfix: the "proxy_cache_use_stale" directive with "error" parameter
       did not return answer from cache if there were no live upstreams.

    *) Bugfix: a segmentation fault might occur in a worker process if small
       time was used in the "inactive" parameter of the "proxy_cache_path"
       directive.

    *) Bugfix: responses from cache might hang.

    *) Bugfix: in error handling while connecting to a backend.
       Thanks to Piotr Sikora.

    *) Bugfix: in the "epoll" event method.
       Thanks to Yichun Zhang.

    *) Bugfix: the $sent_http_cache_control variable might contain a wrong
       value if the "expires" directive was used.
       Thanks to Yichun Zhang.

    *) Bugfix: the "limit_rate" directive did not allow to use full
       throughput, even if limit value was very high.

    *) Bugfix: the "sendfile_max_chunk" directive did not work, if the
       "limit_rate" directive was used.

    *) Bugfix: nginx could not be built on Solaris; the bug had appeared in
       1.0.11.

    *) Bugfix: in the ngx_http_scgi_module.

    *) Bugfix: in the ngx_http_mp4_module.


Changes with nginx 1.0.11

    *) Change: now double quotes are encoded in an "echo" SSI-command
       output.
       Thanks to Zaur Abasmirzoev.

    *) Feature: the "image_filter_sharpen" directive.

    *) Bugfix: a segmentation fault might occur in a worker process if SNI
       was used; the bug had appeared in 1.0.9.

    *) Bugfix: SIGWINCH signal did not work after first binary upgrade; the
       bug had appeared in 1.0.9.

    *) Bugfix: the "If-Modified-Since", "If-Range", etc. client request
       header lines might be passed to backend while caching; or not passed
       without caching if caching was enabled in another part of the
       configuration.

    *) Bugfix: in the "scgi_param" directive, if complex parameters were
       used.

    *) Bugfix: "add_header" and "expires" directives did not work if a
       request was proxied and response status code was 206.

    *) Bugfix: in the "expires @time" directive.

    *) Bugfix: in the ngx_http_flv_module.
       Thanks to Piotr Sikora.

    *) Bugfix: in the ngx_http_mp4_module.

    *) Bugfix: nginx could not be built on FreeBSD 10.

    *) Bugfix: nginx could not be built on AIX.
2012-03-16 11:28:09 +00:00
fhajny
0eb4c40ce5 Add an option to generate stats via http_stub_status_module 2012-03-13 10:00:14 +00:00