summaryrefslogtreecommitdiff
path: root/www/nginx/options.mk
diff options
context:
space:
mode:
authorfhajny <fhajny@pkgsrc.org>2016-06-15 14:49:11 +0000
committerfhajny <fhajny@pkgsrc.org>2016-06-15 14:49:11 +0000
commitb0254227ff4d0c830a67907dbfdaac6095f9db79 (patch)
tree7d442f1a9ff5a973c08892ed6b74f2af65f77627 /www/nginx/options.mk
parent83537a5c6d4885d93dbdea8fc5e755b07fadb478 (diff)
downloadpkgsrc-b0254227ff4d0c830a67907dbfdaac6095f9db79.tar.gz
Update www/nginx to 1.10.1.
Update 3rd party modules in options.mk. Changes with nginx 1.10.1 - Security: a segmentation fault might occur in a worker process while writing a specially crafted request body to a temporary file (CVE-2016-4450); the bug had appeared in 1.3.9. Changes with nginx 1.10.0 - 1.10.x stable branch. Changes with nginx 1.9.15 - Bugfix: "recv() failed" errors might occur when using HHVM as a FastCGI server. - Bugfix: when using HTTP/2 and the "limit_req" or "auth_request" directives a timeout or a "client violated flow control" error might occur while reading client request body; the bug had appeared in 1.9.14. - Workaround: a response might not be shown by some browsers if HTTP/2 was used and client request body was not fully read; the bug had appeared in 1.9.14. - Bugfix: connections might hang when using the "aio threads" directive. Thanks to Mindaugas Rasiukevicius. Changes with nginx 1.9.14 - Feature: OpenSSL 1.1.0 compatibility. - Feature: the "proxy_request_buffering", "fastcgi_request_buffering", "scgi_request_buffering", and "uwsgi_request_buffering" directives now work with HTTP/2. - Bugfix: "zero size buf in output" alerts might appear in logs when using HTTP/2. - Bugfix: the "client_max_body_size" directive might work incorrectly when using HTTP/2. - Bugfix: of minor bugs in logging. Changes with nginx 1.9.13 - Change: non-idempotent requests (POST, LOCK, PATCH) are no longer passed to the next server by default if a request has been sent to a backend; the "non_idempotent" parameter of the "proxy_next_upstream" directive explicitly allows retrying such requests. - Feature: the ngx_http_perl_module can be built dynamically. - Feature: UDP support in the stream module. - Feature: the "aio_write" directive. - Feature: now cache manager monitors number of elements in caches and tries to avoid cache keys zone overflows. - Bugfix: "task already active" and "second aio post" alerts might appear in logs when using the "sendfile" and "aio" directives with subrequests. - Bugfix: "zero size buf in output" alerts might appear in logs if caching was used and a client closed a connection prematurely. - Bugfix: connections with clients might be closed needlessly if caching was used. Thanks to Justin Li. - Bugfix: nginx might hog CPU if the "sendfile" directive was used on Linux or Solaris and a file being sent was changed during sending. - Bugfix: connections might hang when using the "sendfile" and "aio threads" directives. - Bugfix: in the "proxy_pass", "fastcgi_pass", "scgi_pass", and "uwsgi_pass" directives when using variables. Thanks to Piotr Sikora. - Bugfix: in the ngx_http_sub_filter_module. - Bugfix: if an error occurred in a cached backend connection, the request was passed to the next server regardless of the proxy_next_upstream directive. - Bugfix: "CreateFile() failed" errors when creating temporary files on Windows. Changes with nginx 1.9.12 - Feature: Huffman encoding of response headers in HTTP/2. Thanks to Vlad Krasnov. - Feature: the "worker_cpu_affinity" directive now supports more than 64 CPUs. - Bugfix: compatibility with 3rd party C++ modules; the bug had appeared in 1.9.11. Thanks to Piotr Sikora. - Bugfix: nginx could not be built statically with OpenSSL on Linux; the bug had appeared in 1.9.11. - Bugfix: the "add_header ... always" directive with an empty value did not delete "Last-Modified" and "ETag" header lines from error responses. - Workaround: "called a function you should not call" and "shutdown while in init" messages might appear in logs when using OpenSSL 1.0.2f. - Bugfix: invalid headers might be logged incorrectly. - Bugfix: socket leak when using HTTP/2. - Bugfix: in the ngx_http_v2_module. Changes with nginx 1.9.11 - Feature: TCP support in resolver. - Feature: dynamic modules. - Bugfix: the $request_length variable did not include size of request headers when using HTTP/2. - Bugfix: in the ngx_http_v2_module. Changes with nginx 1.9.10 - Security: invalid pointer dereference might occur during DNS server response processing if the "resolver" directive was used, allowing an attacker who is able to forge UDP packets from the DNS server to cause segmentation fault in a worker process (CVE-2016-0742). - Security: use-after-free condition might occur during CNAME response processing if the "resolver" directive was used, allowing an attacker who is able to trigger name resolution to cause segmentation fault in a worker process, or might have potential other impact (CVE-2016-0746). - Security: CNAME resolution was insufficiently limited if the "resolver" directive was used, allowing an attacker who is able to trigger arbitrary name resolution to cause excessive resource consumption in worker processes (CVE-2016-0747). - Feature: the "auto" parameter of the "worker_cpu_affinity" directive. - Bugfix: the "proxy_protocol" parameter of the "listen" directive did not work with IPv6 listen sockets. - Bugfix: connections to upstream servers might be cached incorrectly when using the "keepalive" directive. - Bugfix: proxying used the HTTP method of the original request after an "X-Accel-Redirect" redirection. Changes with nginx 1.9.9 - Bugfix: proxying to unix domain sockets did not work when using variables; the bug had appeared in 1.9.8. Changes with nginx 1.9.8 - Feature: pwritev() support. - Feature: the "include" directive inside the "upstream" block. - Feature: the ngx_http_slice_module. - Bugfix: a segmentation fault might occur in a worker process when using LibreSSL; the bug had appeared in 1.9.6. - Bugfix: nginx could not be built on OS X in some cases. Changes with nginx 1.9.7 - Feature: the "nohostname" parameter of logging to syslog. - Feature: the "proxy_cache_convert_head" directive. - Feature: the $realip_remote_addr variable in the ngx_http_realip_module. - Bugfix: the "expires" directive might not work when using variables. - Bugfix: a segmentation fault might occur in a worker process when using HTTP/2; the bug had appeared in 1.9.6. - Bugfix: if nginx was built with the ngx_http_v2_module it was possible to use the HTTP/2 protocol even if the "http2" parameter of the "listen" directive was not specified. - Bugfix: in the ngx_http_v2_module. Changes with nginx 1.9.6 - Bugfix: a segmentation fault might occur in a worker process when using HTTP/2. Thanks to Piotr Sikora and Denis Andzakovic. - Bugfix: the $server_protocol variable was empty when using HTTP/2. - Bugfix: backend SSL connections in the stream module might be timed out unexpectedly. - Bugfix: a segmentation fault might occur in a worker process if different ssl_session_cache settings were used in different virtual servers. - Bugfix: nginx/Windows could not be built with MinGW gcc; the bug had appeared in 1.9.4. Thanks to Kouhei Sutou. - Bugfix: time was not updated when the timer_resolution directive was used on Windows. - Miscellaneous minor fixes and improvements. Thanks to Markus Linnala, Kurtis Nusbaum and Piotr Sikora. Changes with nginx 1.9.5 - Feature: the ngx_http_v2_module (replaces ngx_http_spdy_module). Thanks to Dropbox and Automattic for sponsoring this work. - Change: now the "output_buffers" directive uses two buffers by default. - Change: now nginx limits subrequests recursion, not simultaneous subrequests. - Change: now nginx checks the whole cache key when returning a response from cache. Thanks to Gena Makhomed and Sergey Brester. - Bugfix: "header already sent" alerts might appear in logs when using cache; the bug had appeared in 1.7.5. - Bugfix: "writev() failed (4: Interrupted system call)" errors might appear in logs when using CephFS and the "timer_resolution" directive on Linux. - Bugfix: in invalid configurations handling. Thanks to Markus Linnala. - Bugfix: a segmentation fault occurred in a worker process if the "sub_filter" directive was used at http level; the bug had appeared in 1.9.4. Changes with nginx 1.9.4 - Change: the "proxy_downstream_buffer" and "proxy_upstream_buffer" directives of the stream module are replaced with the "proxy_buffer_size" directive. - Feature: the "tcp_nodelay" directive in the stream module. - Feature: multiple "sub_filter" directives can be used simultaneously. - Feature: variables support in the search string of the "sub_filter" directive. - Workaround: configuration testing might fail under Linux OpenVZ. Thanks to Gena Makhomed. - Bugfix: old worker processes might hog CPU after reconfiguration with a large number of worker_connections. - Bugfix: a segmentation fault might occur in a worker process if the "try_files" and "alias" directives were used inside a location given by a regular expression; the bug had appeared in 1.7.1. - Bugfix: the "try_files" directive inside a nested location given by a regular expression worked incorrectly if the "alias" directive was used in the outer location. - Bugfix: in hash table initialization error handling. - Bugfix: nginx could not be built with Visual Studio 2015. Changes with nginx 1.9.3 - Change: duplicate "http", "mail", and "stream" blocks are now disallowed. - Feature: connection limiting in the stream module. - Feature: data rate limiting in the stream module. - Bugfix: the "zone" directive inside the "upstream" block did not work on Windows. - Bugfix: compatibility with LibreSSL in the stream module. Thanks to Piotr Sikora. - Bugfix: in the "--builddir" configure parameter. Thanks to Piotr Sikora. - Bugfix: the "ssl_stapling_file" directive did not work; the bug had appeared in 1.9.2. Thanks to Faidon Liambotis and Brandon Black. - Bugfix: a segmentation fault might occur in a worker process if the "ssl_stapling" directive was used; the bug had appeared in 1.9.2. Thanks to Matthew Baldwin. Changes with nginx 1.9.2 - Feature: the "backlog" parameter of the "listen" directives of the mail proxy and stream modules. - Feature: the "allow" and "deny" directives in the stream module. - Feature: the "proxy_bind" directive in the stream module. - Feature: the "proxy_protocol" directive in the stream module. - Feature: the -T switch. - Feature: the REQUEST_SCHEME parameter added to the fastcgi.conf, fastcgi_params, scgi_params, and uwsgi_params standard configuration files. - Bugfix: the "reuseport" parameter of the "listen" directive of the stream module did not work. - Bugfix: OCSP stapling might return an expired OCSP response in some cases. Changes with nginx 1.9.1 - Change: now SSLv3 protocol is disabled by default. - Change: some long deprecated directives are not supported anymore. - Feature: the "reuseport" parameter of the "listen" directive. Thanks to Yingqi Lu at Intel and Sepherosa Ziehau. - Feature: the $upstream_connect_time variable. - Bugfix: in the "hash" directive on big-endian platforms. - Bugfix: nginx might fail to start on some old Linux variants; the bug had appeared in 1.7.11. - Bugfix: in IP address parsing. Thanks to Sergey Polovko. Changes with nginx 1.9.0 - Change: obsolete aio and rtsig event methods have been removed. - Feature: the "zone" directive inside the "upstream" block. - Feature: the stream module. - Feature: byte ranges support in the ngx_http_memcached_module. Thanks to Martin Mlynar. - Feature: shared memory can now be used on Windows versions with address space layout randomization. Thanks to Sergey Brester. - Feature: the "error_log" directive can now be used on mail and server levels in mail proxy. - Bugfix: the "proxy_protocol" parameter of the "listen" directive did not work if not specified in the first "listen" directive for a listen socket.
Diffstat (limited to 'www/nginx/options.mk')
-rw-r--r--www/nginx/options.mk40
1 files changed, 15 insertions, 25 deletions
diff --git a/www/nginx/options.mk b/www/nginx/options.mk
index 64c5c29ac0f..c7e3d37a47e 100644
--- a/www/nginx/options.mk
+++ b/www/nginx/options.mk
@@ -1,17 +1,11 @@
-# $NetBSD: options.mk,v 1.35 2015/12/10 19:33:41 shattered Exp $
+# $NetBSD: options.mk,v 1.36 2016/06/15 14:49:11 fhajny Exp $
PKG_OPTIONS_VAR= PKG_OPTIONS.nginx
PKG_SUPPORTED_OPTIONS= dav flv gtools inet6 luajit mail-proxy memcache naxsi \
pcre push realip ssl sub uwsgi image-filter \
debug status nginx-autodetect-cflags echo \
set-misc headers-more array-var encrypted-session \
- form-input perl gzip
-.if !empty(NGINX_HTTP_V2)
-# nginx 1.9.5+ renamed spdy to v2
-PKG_SUPPORTED_OPTIONS+= v2
-.else
-PKG_SUPPORTED_OPTIONS+= spdy
-.endif
+ form-input perl gzip v2
PKG_SUGGESTED_OPTIONS= inet6 pcre ssl
@@ -51,11 +45,7 @@ CONFIGURE_ARGS+= --with-http_dav_module
CONFIGURE_ARGS+= --with-http_flv_module
.endif
-.if !empty(PKG_OPTIONS:Mspdy) && empty(NGINX_HTTP_V2)
-CONFIGURE_ARGS+= --with-http_spdy_module
-.endif
-
-.if !empty(PKG_OPTIONS:Mv2) && !empty(NGINX_HTTP_V2)
+.if !empty(PKG_OPTIONS:Mv2)
CONFIGURE_ARGS+= --with-http_v2_module
.endif
@@ -100,7 +90,7 @@ NEED_NDK= yes
. endif
.endfor
.if defined(NEED_NDK) || make(makesum)
-NDK_VERSION= 0.2.19
+NDK_VERSION= 0.3.0
NDK_DISTNAME= ngx_devel_kit-${NDK_VERSION}
NDK_DISTFILE= ${NDK_DISTNAME}.tar.gz
SITES.${NDK_DISTFILE}= -https://github.com/simpl/ngx_devel_kit/archive/v${NDK_VERSION}.tar.gz
@@ -114,7 +104,7 @@ CONFIGURE_ENV+= LUAJIT_INC=${PREFIX}/include/luajit-2.0
CONFIGURE_ARGS+= --add-module=../${LUA_DISTNAME}
.endif
.if !empty(PKG_OPTIONS:Mluajit) || make(makesum)
-LUA_VERSION= 0.9.16
+LUA_VERSION= 0.10.5
LUA_DISTNAME= lua-nginx-module-${LUA_VERSION}
LUA_DISTFILE= ${LUA_DISTNAME}.tar.gz
SITES.${LUA_DISTFILE}= -https://github.com/openresty/lua-nginx-module/archive/v${LUA_VERSION}.tar.gz
@@ -125,7 +115,7 @@ DISTFILES+= ${LUA_DISTFILE}
CONFIGURE_ARGS+= --add-module=../${ECHOMOD_DISTNAME}
.endif
.if !empty(PKG_OPTIONS:Mecho) || make(makesum)
-ECHOMOD_VERSION= 0.58
+ECHOMOD_VERSION= 0.59
ECHOMOD_DISTNAME= echo-nginx-module-${ECHOMOD_VERSION}
ECHOMOD_DISTFILE= ${ECHOMOD_DISTNAME}.tar.gz
SITES.${ECHOMOD_DISTFILE}= -https://github.com/openresty/echo-nginx-module/archive/v${ECHOMOD_VERSION}.tar.gz
@@ -136,7 +126,7 @@ DISTFILES+= ${ECHOMOD_DISTFILE}
CONFIGURE_ARGS+= --add-module=../${SETMISC_DISTNAME}
.endif
.if !empty(PKG_OPTIONS:Mset-misc) || make(makesum)
-SETMISC_VERSION= 0.29
+SETMISC_VERSION= 0.30
SETMISC_DISTNAME= set-misc-nginx-module-${SETMISC_VERSION}
SETMISC_DISTFILE= ${SETMISC_DISTNAME}.tar.gz
SITES.${SETMISC_DISTFILE}= -https://github.com/openresty/set-misc-nginx-module/archive/v${SETMISC_VERSION}.tar.gz
@@ -158,7 +148,7 @@ DISTFILES+= ${ARRAYVAR_DISTFILE}
CONFIGURE_ARGS+= --add-module=../${ENCSESS_DISTNAME}
.endif
.if !empty(PKG_OPTIONS:Mencrypted-session) || make(makesum)
-ENCSESS_VERSION= 0.04
+ENCSESS_VERSION= 0.05
ENCSESS_DISTNAME= encrypted-session-nginx-module-${ENCSESS_VERSION}
ENCSESS_DISTFILE= ${ENCSESS_DISTNAME}.tar.gz
SITES.${ENCSESS_DISTFILE}= -https://github.com/openresty/encrypted-session-nginx-module/archive/v${ENCSESS_VERSION}.tar.gz
@@ -169,7 +159,7 @@ DISTFILES+= ${ENCSESS_DISTFILE}
CONFIGURE_ARGS+= --add-module=../${FORMINPUT_DISTNAME}
.endif
.if !empty(PKG_OPTIONS:Mform-input) || make(makesum)
-FORMINPUT_VERSION= 0.11
+FORMINPUT_VERSION= 0.12
FORMINPUT_DISTNAME= form-input-nginx-module-${FORMINPUT_VERSION}
FORMINPUT_DISTFILE= ${FORMINPUT_DISTNAME}.tar.gz
SITES.${FORMINPUT_DISTFILE}= -https://github.com/calio/form-input-nginx-module/archive/v${FORMINPUT_VERSION}.tar.gz
@@ -180,7 +170,7 @@ DISTFILES+= ${FORMINPUT_DISTFILE}
CONFIGURE_ARGS+= --add-module=../${HEADMORE_DISTNAME}
.endif
.if !empty(PKG_OPTIONS:Mheaders-more) || make(makesum)
-HEADMORE_VERSION= 0.261
+HEADMORE_VERSION= 0.30
HEADMORE_DISTNAME= headers-more-nginx-module-${HEADMORE_VERSION}
HEADMORE_DISTFILE= ${HEADMORE_DISTNAME}.tar.gz
SITES.${HEADMORE_DISTFILE}= -https://github.com/openresty/headers-more-nginx-module/archive/v${HEADMORE_VERSION}.tar.gz
@@ -195,13 +185,13 @@ CONFIGURE_ARGS+= --without-http_uwsgi_module
.endif
.if !empty(PKG_OPTIONS:Mpush)
-CONFIGURE_ARGS+= --add-module=../${PUSH}
+CONFIGURE_ARGS+= --add-module=../nchan-${PUSH_VERSION}
.endif
.if !empty(PKG_OPTIONS:Mpush) || make(makesum)
-PUSH= nginx_http_push_module-0.692
-PUSH_DISTFILE= ${PUSH}.tar.gz
-SITES.${PUSH_DISTFILE}= http://pushmodule.slact.net/downloads/
-
+PUSH_VERSION= 0.731
+PUSH_DISTNAME= nginx_http_push_module-${PUSH_VERSION}
+PUSH_DISTFILE= ${PUSH_DISTNAME}.tar.gz
+SITES.${PUSH_DISTFILE}= -https://github.com/slact/nginx_http_push_module/archive/v${PUSH_VERSION}.tar.gz
DISTFILES+= ${PUSH_DISTFILE}
.endif