kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/www/nginx/options.mk
adam 5492ca5edf nginx: updated to 1.16.0 
Changes with nginx 1.16.0                                        23 Apr 2019

    *) 1.16.x stable branch.


Changes with nginx 1.15.12                                       16 Apr 2019

    *) Bugfix: a segmentation fault might occur in a worker process if
       variables were used in the "ssl_certificate" or "ssl_certificate_key"
       directives and OCSP stapling was enabled.


Changes with nginx 1.15.11                                       09 Apr 2019

    *) Bugfix: in the "ssl_stapling_file" directive on Windows.


Changes with nginx 1.15.10                                       26 Mar 2019

    *) Change: when using a hostname in the "listen" directive nginx now
       creates listening sockets for all addresses the hostname resolves to
       (previously, only the first address was used).

    *) Feature: port ranges in the "listen" directive.

    *) Feature: loading of SSL certificates and secret keys from variables.

    *) Workaround: the $ssl_server_name variable might be empty when using
       OpenSSL 1.1.1.

    *) Bugfix: nginx/Windows could not be built with Visual Studio 2015 or
       newer; the bug had appeared in 1.15.9.


Changes with nginx 1.15.9                                        26 Feb 2019

    *) Feature: variables support in the "ssl_certificate" and
       "ssl_certificate_key" directives.

    *) Feature: the "poll" method is now available on Windows when using
       Windows Vista or newer.

    *) Bugfix: if the "select" method was used on Windows and an error
       occurred while establishing a backend connection, nginx waited for
       the connection establishment timeout to expire.

    *) Bugfix: the "proxy_upload_rate" and "proxy_download_rate" directives
       in the stream module worked incorrectly when proxying UDP datagrams.


Changes with nginx 1.15.8                                        25 Dec 2018

    *) Feature: the $upstream_bytes_sent variable.
       Thanks to Piotr Sikora.

    *) Feature: new directives in vim syntax highlighting scripts.
       Thanks to Gena Makhomed.

    *) Bugfix: in the "proxy_cache_background_update" directive.

    *) Bugfix: in the "geo" directive when using unix domain listen sockets.

    *) Workaround: the "ignoring stale global SSL error ... bad length"
       alerts might appear in logs when using the "ssl_early_data" directive
       with OpenSSL.

    *) Bugfix: in nginx/Windows.

    *) Bugfix: in the ngx_http_autoindex_module on 32-bit platforms.


Changes with nginx 1.15.7                                        27 Nov 2018

    *) Feature: the "proxy_requests" directive in the stream module.

    *) Feature: the "delay" parameter of the "limit_req" directive.
       Thanks to Vladislav Shabanov and Peter Shchuchkin.

    *) Bugfix: memory leak on errors during reconfiguration.

    *) Bugfix: in the $upstream_response_time, $upstream_connect_time, and
       $upstream_header_time variables.

    *) Bugfix: a segmentation fault might occur in a worker process if the
       ngx_http_mp4_module was used on 32-bit platforms.


Changes with nginx 1.15.6                                        06 Nov 2018

    *) Security: when using HTTP/2 a client might cause excessive memory
       consumption (CVE-2018-16843) and CPU usage (CVE-2018-16844).

    *) Security: processing of a specially crafted mp4 file with the
       ngx_http_mp4_module might result in worker process memory disclosure
       (CVE-2018-16845).

    *) Feature: the "proxy_socket_keepalive", "fastcgi_socket_keepalive",
       "grpc_socket_keepalive", "memcached_socket_keepalive",
       "scgi_socket_keepalive", and "uwsgi_socket_keepalive" directives.

    *) Bugfix: if nginx was built with OpenSSL 1.1.0 and used with OpenSSL
       1.1.1, the TLS 1.3 protocol was always enabled.

    *) Bugfix: working with gRPC backends might result in excessive memory
       consumption.


Changes with nginx 1.15.5                                        02 Oct 2018

    *) Bugfix: a segmentation fault might occur in a worker process when
       using OpenSSL 1.1.0h or newer; the bug had appeared in 1.15.4.

    *) Bugfix: of minor potential bugs.


Changes with nginx 1.15.4                                        25 Sep 2018

    *) Feature: now the "ssl_early_data" directive can be used with OpenSSL.

    *) Bugfix: in the ngx_http_uwsgi_module.
       Thanks to Chris Caputo.

    *) Bugfix: connections with some gRPC backends might not be cached when
       using the "keepalive" directive.

    *) Bugfix: a socket leak might occur when using the "error_page"
       directive to redirect early request processing errors, notably errors
       with code 400.

    *) Bugfix: the "return" directive did not change the response code when
       returning errors if the request was redirected by the "error_page"
       directive.

    *) Bugfix: standard error pages and responses of the
       ngx_http_autoindex_module module used the "bgcolor" attribute, and
       might be displayed incorrectly when using custom color settings in
       browsers.
       Thanks to Nova DasSarma.

    *) Change: the logging level of the "no suitable key share" and "no
       suitable signature algorithm" SSL errors has been lowered from "crit"
       to "info".


Changes with nginx 1.15.3                                        28 Aug 2018

    *) Feature: now TLSv1.3 can be used with BoringSSL.

    *) Feature: the "ssl_early_data" directive, currently available with
       BoringSSL.

    *) Feature: the "keepalive_timeout" and "keepalive_requests" directives
       in the "upstream" block.

    *) Bugfix: the ngx_http_dav_module did not truncate destination file
       when copying a file over an existing one with the COPY method.

    *) Bugfix: the ngx_http_dav_module used zero access rights on the
       destination file and did not preserve file modification time when
       moving a file between different file systems with the MOVE method.

    *) Bugfix: the ngx_http_dav_module used default access rights when
       copying a file with the COPY method.

    *) Workaround: some clients might not work when using HTTP/2; the bug
       had appeared in 1.13.5.

    *) Bugfix: nginx could not be built with LibreSSL 2.8.0.


Changes with nginx 1.15.2                                        24 Jul 2018

    *) Feature: the $ssl_preread_protocol variable in the
       ngx_stream_ssl_preread_module.

    *) Feature: now when using the "reset_timedout_connection" directive
       nginx will reset connections being closed with the 444 code.

    *) Change: a logging level of the "http request", "https proxy request",
       "unsupported protocol", and "version too low" SSL errors has been
       lowered from "crit" to "info".

    *) Bugfix: DNS requests were not resent if initial sending of a request
       failed.

    *) Bugfix: the "reuseport" parameter of the "listen" directive was
       ignored if the number of worker processes was specified after the
       "listen" directive.

    *) Bugfix: when using OpenSSL 1.1.0 or newer it was not possible to
       switch off "ssl_prefer_server_ciphers" in a virtual server if it was
       switched on in the default server.

    *) Bugfix: SSL session reuse with upstream servers did not work with the
       TLS 1.3 protocol.


Changes with nginx 1.15.1                                        03 Jul 2018

    *) Feature: the "random" directive inside the "upstream" block.

    *) Feature: improved performance when using the "hash" and "ip_hash"
       directives with the "zone" directive.

    *) Feature: the "reuseport" parameter of the "listen" directive now uses
       SO_REUSEPORT_LB on FreeBSD 12.

    *) Bugfix: HTTP/2 server push did not work if SSL was terminated by a
       proxy server in front of nginx.

    *) Bugfix: the "tcp_nopush" directive was always used on backend
       connections.

    *) Bugfix: sending a disk-buffered request body to a gRPC backend might
       fail.


Changes with nginx 1.15.0                                        05 Jun 2018

    *) Change: the "ssl" directive is deprecated; the "ssl" parameter of the
       "listen" directive should be used instead.

    *) Change: now nginx detects missing SSL certificates during
       configuration testing when using the "ssl" parameter of the "listen"
       directive.

    *) Feature: now the stream module can handle multiple incoming UDP
       datagrams from a client within a single session.

    *) Bugfix: it was possible to specify an incorrect response code in the
       "proxy_cache_valid" directive.

    *) Bugfix: nginx could not be built by gcc 8.1.

    *) Bugfix: logging to syslog stopped on local IP address changes.

    *) Bugfix: nginx could not be built by clang with CUDA SDK installed;
       the bug had appeared in 1.13.8.

    *) Bugfix: "getsockopt(TCP_FASTOPEN) ... failed" messages might appear
       in logs during binary upgrade when using unix domain listen sockets
       on FreeBSD.

    *) Bugfix: nginx could not be built on Fedora 28 Linux.

    *) Bugfix: request processing rate might exceed configured rate when
       using the "limit_req" directive.

    *) Bugfix: in handling of client addresses when using unix domain listen
       sockets to work with datagrams on Linux.

    *) Bugfix: in memory allocation error handling.
2019-05-06 09:38:48 +00:00

234 lines
7.4 KiB
Makefile
Raw Blame History

# $NetBSD: options.mk,v 1.50 2019/05/06 09:38:48 adam Exp $
PKG_OPTIONS_VAR= PKG_OPTIONS.nginx
PKG_SUPPORTED_OPTIONS= dav flv gtools inet6 luajit mail-proxy memcache naxsi \
pcre push realip ssl sub uwsgi image-filter \
debug status nginx-autodetect-cflags echo \
set-misc headers-more array-var encrypted-session \
form-input perl gzip http2 auth-request secure-link rtmp
PKG_OPTIONS_LEGACY_OPTS+= v2:http2
PKG_SUGGESTED_OPTIONS= inet6 pcre ssl
PLIST_VARS+= naxsi perl uwsgi
.include "../../mk/bsd.options.mk"
# documentation says naxsi must be the first module
.if !empty(PKG_OPTIONS:Mnaxsi)
PLIST.naxsi= yes
CONFIGURE_ARGS+= --add-module=../${NAXSI_DISTNAME}/naxsi_src
.endif
.if !empty(PKG_OPTIONS:Mnaxsi) || make(makesum)
NAXSI_VERSION= 0.56
NAXSI_DISTNAME= naxsi-${NAXSI_VERSION}
NAXSI_DISTFILE= ${NAXSI_DISTNAME}.tar.gz
SITES.${NAXSI_DISTFILE}=-https://github.com/nbs-system/naxsi/archive/${NAXSI_VERSION}.tar.gz
DISTFILES+= ${NAXSI_DISTFILE}
.endif
.if !empty(PKG_OPTIONS:Mdebug)
CONFIGURE_ARGS+= --with-debug
.endif
.if !empty(PKG_OPTIONS:Mssl)
.include "../../security/openssl/buildlink3.mk"
CONFIGURE_ARGS+= --with-mail_ssl_module
CONFIGURE_ARGS+= --with-http_ssl_module
.endif
.if !empty(PKG_OPTIONS:Mpcre)
.include "../../devel/pcre/buildlink3.mk"
CONFIGURE_ARGS+= --with-pcre-jit
.else
CONFIGURE_ARGS+= --without-pcre
CONFIGURE_ARGS+= --without-http_rewrite_module
.endif
.if !empty(PKG_OPTIONS:Mdav)
CONFIGURE_ARGS+= --with-http_dav_module
.endif
.if !empty(PKG_OPTIONS:Mflv)
CONFIGURE_ARGS+= --with-http_flv_module
.endif
.if !empty(PKG_OPTIONS:Mhttp2)
CONFIGURE_ARGS+= --with-http_v2_module
.endif
.if !empty(PKG_OPTIONS:Msub)
CONFIGURE_ARGS+= --with-http_sub_module
.endif
.if !empty(PKG_OPTIONS:Mgtools)
CONFIGURE_ARGS+= --with-google_perftools_module
.include "../../devel/gperftools/buildlink3.mk"
.endif
.if !empty(PKG_OPTIONS:Mmail-proxy)
CONFIGURE_ARGS+= --with-mail
.endif
.if empty(PKG_OPTIONS:Mmemcache)
CONFIGURE_ARGS+= --without-http_memcached_module
.endif
.if !empty(PKG_OPTIONS:Mrealip)
CONFIGURE_ARGS+= --with-http_realip_module
.endif
# NDK must be added once and before 3rd party modules needing it
.for _ngx_mod in luajit set-misc array-var form-input encrypted-session
. if !defined(NEED_NDK) && !empty(PKG_OPTIONS:M${_ngx_mod}:O)
CONFIGURE_ARGS+= --add-module=../${NDK_DISTNAME}
NEED_NDK= yes
. endif
.endfor
.if defined(NEED_NDK) || make(makesum)
NDK_VERSION= 0.3.0
NDK_DISTNAME= ngx_devel_kit-${NDK_VERSION}
NDK_DISTFILE= ${NDK_DISTNAME}.tar.gz
SITES.${NDK_DISTFILE}= -https://github.com/simpl/ngx_devel_kit/archive/v${NDK_VERSION}.tar.gz
DISTFILES+= ${NDK_DISTFILE}
.endif
.if !empty(PKG_OPTIONS:Mluajit)
.include "../../lang/LuaJIT2/buildlink3.mk"
CONFIGURE_ENV+= LUAJIT_LIB=${PREFIX}/lib
CONFIGURE_ENV+= LUAJIT_INC=${PREFIX}/include/luajit-2.0
CONFIGURE_ARGS+= --add-module=../${LUA_DISTNAME}
.endif
.if !empty(PKG_OPTIONS:Mluajit) || make(makesum)
LUA_VERSION= 0.10.15
LUA_DISTNAME= lua-nginx-module-${LUA_VERSION}
LUA_DISTFILE= ${LUA_DISTNAME}.tar.gz
SITES.${LUA_DISTFILE}= -https://github.com/openresty/lua-nginx-module/archive/v${LUA_VERSION}.tar.gz
DISTFILES+= ${LUA_DISTFILE}
.endif
.if !empty(PKG_OPTIONS:Mecho)
CONFIGURE_ARGS+= --add-module=../${ECHOMOD_DISTNAME}
.endif
.if !empty(PKG_OPTIONS:Mecho) || make(makesum)
ECHOMOD_VERSION= 0.61
ECHOMOD_DISTNAME= echo-nginx-module-${ECHOMOD_VERSION}
ECHOMOD_DISTFILE= ${ECHOMOD_DISTNAME}.tar.gz
SITES.${ECHOMOD_DISTFILE}= -https://github.com/openresty/echo-nginx-module/archive/v${ECHOMOD_VERSION}.tar.gz
DISTFILES+= ${ECHOMOD_DISTFILE}
.endif
.if !empty(PKG_OPTIONS:Mset-misc)
CONFIGURE_ARGS+= --add-module=../${SETMISC_DISTNAME}
.endif
.if !empty(PKG_OPTIONS:Mset-misc) || make(makesum)
SETMISC_VERSION= 0.32
SETMISC_DISTNAME= set-misc-nginx-module-${SETMISC_VERSION}
SETMISC_DISTFILE= ${SETMISC_DISTNAME}.tar.gz
SITES.${SETMISC_DISTFILE}= -https://github.com/openresty/set-misc-nginx-module/archive/v${SETMISC_VERSION}.tar.gz
DISTFILES+= ${SETMISC_DISTFILE}
.endif
.if !empty(PKG_OPTIONS:Marray-var)
CONFIGURE_ARGS+= --add-module=../${ARRAYVAR_DISTNAME}
.endif
.if !empty(PKG_OPTIONS:Marray-var) || make(makesum)
ARRAYVAR_VERSION= 0.05
ARRAYVAR_DISTNAME= array-var-nginx-module-${ARRAYVAR_VERSION}
ARRAYVAR_DISTFILE= ${ARRAYVAR_DISTNAME}.tar.gz
SITES.${ARRAYVAR_DISTFILE}= -https://github.com/openresty/array-var-nginx-module/archive/v${ARRAYVAR_VERSION}.tar.gz
DISTFILES+= ${ARRAYVAR_DISTFILE}
.endif
.if !empty(PKG_OPTIONS:Mencrypted-session)
CONFIGURE_ARGS+= --add-module=../${ENCSESS_DISTNAME}
.endif
.if !empty(PKG_OPTIONS:Mencrypted-session) || make(makesum)
ENCSESS_VERSION= 0.08
ENCSESS_DISTNAME= encrypted-session-nginx-module-${ENCSESS_VERSION}
ENCSESS_DISTFILE= ${ENCSESS_DISTNAME}.tar.gz
SITES.${ENCSESS_DISTFILE}= -https://github.com/openresty/encrypted-session-nginx-module/archive/v${ENCSESS_VERSION}.tar.gz
DISTFILES+= ${ENCSESS_DISTFILE}
.endif
.if !empty(PKG_OPTIONS:Mform-input)
CONFIGURE_ARGS+= --add-module=../${FORMINPUT_DISTNAME}
.endif
.if !empty(PKG_OPTIONS:Mform-input) || make(makesum)
FORMINPUT_VERSION= 0.12
FORMINPUT_DISTNAME= form-input-nginx-module-${FORMINPUT_VERSION}
FORMINPUT_DISTFILE= ${FORMINPUT_DISTNAME}.tar.gz
SITES.${FORMINPUT_DISTFILE}= -https://github.com/calio/form-input-nginx-module/archive/v${FORMINPUT_VERSION}.tar.gz
DISTFILES+= ${FORMINPUT_DISTFILE}
.endif
.if !empty(PKG_OPTIONS:Mheaders-more)
CONFIGURE_ARGS+= --add-module=../${HEADMORE_DISTNAME}
.endif
.if !empty(PKG_OPTIONS:Mheaders-more) || make(makesum)
HEADMORE_VERSION= 0.33
HEADMORE_DISTNAME= headers-more-nginx-module-${HEADMORE_VERSION}
HEADMORE_DISTFILE= ${HEADMORE_DISTNAME}.tar.gz
SITES.${HEADMORE_DISTFILE}= -https://github.com/openresty/headers-more-nginx-module/archive/v${HEADMORE_VERSION}.tar.gz
DISTFILES+= ${HEADMORE_DISTFILE}
.endif
.if !empty(PKG_OPTIONS:Muwsgi)
EGFILES+= uwsgi_params
PLIST.uwsgi= yes
CONFIGURE_ARGS+= --http-uwsgi-temp-path=${NGINX_DATADIR}/uwsgi_temp
.else
CONFIGURE_ARGS+= --without-http_uwsgi_module
.endif
.if !empty(PKG_OPTIONS:Mpush)
CONFIGURE_ARGS+= --add-module=../nchan-${PUSH_VERSION}
.endif
.if !empty(PKG_OPTIONS:Mpush) || make(makesum)
PUSH_VERSION= 1.2.5
PUSH_DISTNAME= nginx_http_push_module-${PUSH_VERSION}
PUSH_DISTFILE= ${PUSH_DISTNAME}.tar.gz
SITES.${PUSH_DISTFILE}= -https://github.com/slact/nchan/archive/v${PUSH_VERSION}.tar.gz
DISTFILES+= ${PUSH_DISTFILE}
.endif
.if !empty(PKG_OPTIONS:Mimage-filter)
.include "../../graphics/gd/buildlink3.mk"
CONFIGURE_ARGS+= --with-http_image_filter_module
.endif
.if !empty(PKG_OPTIONS:Mstatus)
CONFIGURE_ARGS+= --with-http_stub_status_module
.endif
.if !empty(PKG_OPTIONS:Mperl)
CONFIGURE_ARGS+= --with-http_perl_module
CONFIGURE_ARGS+= --with-perl=${PERL5:Q}
INSTALLATION_DIRS+= ${PERL5_INSTALLVENDORARCH}/auto/nginx
PLIST.perl= yes
.include "../../lang/perl5/dirs.mk"
.include "../../lang/perl5/buildlink3.mk"
.endif
.if !empty(PKG_OPTIONS:Mgzip)
CONFIGURE_ARGS+= --with-http_gzip_static_module
.endif
.if !empty(PKG_OPTIONS:Mauth-request)
CONFIGURE_ARGS+= --with-http_auth_request_module
.endif
.if !empty(PKG_OPTIONS:Msecure-link)
CONFIGURE_ARGS+= --with-http_secure_link_module
.endif
.if !empty(PKG_OPTIONS:Mrtmp)
CONFIGURE_ARGS+= --add-module=../${RTMP_DISTNAME}
.endif
.if !empty(PKG_OPTIONS:Mrtmp) || make(makesum)
RTMP_VERSION= 1.2.1
RTMP_DISTNAME= nginx-rtmp-module-${RTMP_VERSION}
RTMP_DISTFILE= ${RTMP_DISTNAME}.tar.gz
SITES.${RTMP_DISTFILE}= -https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_VERSION}.tar.gz
DISTFILES+= ${RTMP_DISTFILE}
.endif
Reference in a new issue View git blame Copy permalink