Update to latest stable release, 1.6.0. This folds many (but not all)

features from the previous development branch (1.5.x) - including various SSL improvements, SPDY 3.1 support, cache revalidation with conditional requests, auth request module and more. Resolves CVE-2013-4547. files/nginx.sh now has a configtest command for lazy admins (me) who don't want to remember command line options. CHANGELOG: Changes with nginx 1.5.13 08 Apr 2014 *) Change: improved hash table handling; the default values of the "variables_hash_max_size" and "types_hash_bucket_size" were changed to 1024 and 64 respectively. *) Feature: the ngx_http_mp4_module now supports the "end" argument. *) Feature: byte ranges support in the ngx_http_mp4_module and while saving responses to cache. *) Bugfix: alerts "ngx_slab_alloc() failed: no memory" no longer logged when using shared memory in the "ssl_session_cache" directive and in the ngx_http_limit_req_module. *) Bugfix: the "underscores_in_headers" directive did not allow underscore as a first character of a header. *) Bugfix: cache manager might hog CPU on exit in nginx/Windows. *) Bugfix: nginx/Windows terminated abnormally if the "ssl_session_cache" directive was used with the "shared" parameter. *) Bugfix: in the ngx_http_spdy_module. Changes with nginx 1.5.12 18 Mar 2014 *) Security: a heap memory buffer overflow might occur in a worker process while handling a specially crafted request by ngx_http_spdy_module, potentially resulting in arbitrary code execution (CVE-2014-0133). *) Feature: the "proxy_protocol" parameters of the "listen" and "real_ip_header" directives, the $proxy_protocol_addr variable. *) Bugfix: in the "fastcgi_next_upstream" directive. Changes with nginx 1.5.11 04 Mar 2014 *) Security: memory corruption might occur in a worker process on 32-bit platforms while handling a specially crafted request by ngx_http_spdy_module, potentially resulting in arbitrary code execution (CVE-2014-0088); the bug had appeared in 1.5.10. *) Feature: the $ssl_session_reused variable. *) Bugfix: the "client_max_body_size" directive might not work when reading a request body using chunked transfer encoding; the bug had appeared in 1.3.9. *) Bugfix: a segmentation fault might occur in a worker process when proxying WebSocket connections. *) Bugfix: a segmentation fault might occur in a worker process if the ngx_http_spdy_module was used on 32-bit platforms; the bug had appeared in 1.5.10. *) Bugfix: the $upstream_status variable might contain wrong data if the "proxy_cache_use_stale" or "proxy_cache_revalidate" directives were used. *) Bugfix: a segmentation fault might occur in a worker process if errors with code 400 were redirected to a named location using the "error_page" directive. *) Bugfix: nginx/Windows could not be built with Visual Studio 2013. Changes with nginx 1.5.10 04 Feb 2014 *) Feature: the ngx_http_spdy_module now uses SPDY 3.1 protocol. *) Feature: the ngx_http_mp4_module now skips tracks too short for a seek requested. *) Bugfix: a segmentation fault might occur in a worker process if the $ssl_session_id variable was used in logs; the bug had appeared in 1.5.9. *) Bugfix: the $date_local and $date_gmt variables used wrong format outside of the ngx_http_ssi_filter_module. *) Bugfix: client connections might be immediately closed if deferred accept was used; the bug had appeared in 1.3.15. *) Bugfix: alerts "getsockopt(TCP_FASTOPEN) ... failed" appeared in logs during binary upgrade on Linux; the bug had appeared in 1.5.8. Changes with nginx 1.5.9 22 Jan 2014 *) Change: now nginx expects escaped URIs in "X-Accel-Redirect" headers. *) Feature: the "ssl_buffer_size" directive. *) Feature: the "limit_rate" directive can now be used to rate limit responses sent in SPDY connections. *) Feature: the "spdy_chunk_size" directive. *) Feature: the "ssl_session_tickets" directive. *) Bugfix: the $ssl_session_id variable contained full session serialized instead of just a session id. *) Bugfix: nginx incorrectly handled escaped "?" character in the "include" SSI command. *) Bugfix: the ngx_http_dav_module did not unescape destination URI of the COPY and MOVE methods. *) Bugfix: resolver did not understand domain names with a trailing dot. *) Bugfix: alerts "zero size buf in output" might appear in logs while proxying; the bug had appeared in 1.3.9. *) Bugfix: a segmentation fault might occur in a worker process if the ngx_http_spdy_module was used. *) Bugfix: proxied WebSocket connections might hang right after handshake if the select, poll, or /dev/poll methods were used. *) Bugfix: the "xclient" directive of the mail proxy module incorrectly handled IPv6 client addresses. Changes with nginx 1.5.8 17 Dec 2013 *) Feature: IPv6 support in resolver. *) Feature: the "listen" directive supports the "fastopen" parameter. *) Feature: SSL support in the ngx_http_uwsgi_module. *) Feature: vim syntax highlighting scripts were added to contrib. *) Bugfix: a timeout might occur while reading client request body in an SSL connection using chunked transfer encoding. *) Bugfix: the "master_process" directive did not work correctly in nginx/Windows. *) Bugfix: the "setfib" parameter of the "listen" directive might not work. *) Bugfix: in the ngx_http_spdy_module. Changes with nginx 1.5.7 19 Nov 2013 *) Security: a character following an unescaped space in a request line was handled incorrectly (CVE-2013-4547); the bug had appeared in 0.8.41. *) Change: a logging level of auth_basic errors about no user/password provided has been lowered from "error" to "info". *) Feature: the "proxy_cache_revalidate", "fastcgi_cache_revalidate", "scgi_cache_revalidate", and "uwsgi_cache_revalidate" directives. *) Feature: the "ssl_session_ticket_key" directive. *) Bugfix: the directive "add_header Cache-Control ''" added a "Cache-Control" response header line with an empty value. *) Bugfix: the "satisfy any" directive might return 403 error instead of 401 if auth_request and auth_basic directives were used. *) Bugfix: the "accept_filter" and "deferred" parameters of the "listen" directive were ignored for listen sockets created during binary upgrade. *) Bugfix: some data received from a backend with unbufferred proxy might not be sent to a client immediately if "gzip" or "gunzip" directives were used. *) Bugfix: in error handling in ngx_http_gunzip_filter_module. *) Bugfix: responses might hang if the ngx_http_spdy_module was used with the "auth_request" directive. *) Bugfix: memory leak in nginx/Windows. Changes with nginx 1.5.6 01 Oct 2013 *) Feature: the "fastcgi_buffering" directive. *) Feature: the "proxy_ssl_protocols" and "proxy_ssl_ciphers" directives. *) Feature: optimization of SSL handshakes when using long certificate chains. *) Feature: the mail proxy supports SMTP pipelining. *) Bugfix: in the ngx_http_auth_basic_module when using "$apr1$" password encryption method. *) Bugfix: in MacOSX, Cygwin, and nginx/Windows incorrect location might be used to process a request if locations were given using characters in different cases. *) Bugfix: automatic redirect with appended trailing slash for proxied locations might not work. *) Bugfix: in the mail proxy server. *) Bugfix: in the ngx_http_spdy_module. Changes with nginx 1.5.5 17 Sep 2013 *) Change: now nginx assumes HTTP/1.0 by default if it is not able to detect protocol reliably. *) Feature: the "disable_symlinks" directive now uses O_PATH on Linux. *) Feature: now nginx uses EPOLLRDHUP events to detect premature connection close by clients if the "epoll" method is used. *) Bugfix: in the "valid_referers" directive if the "server_names" parameter was used. *) Bugfix: the $request_time variable did not work in nginx/Windows. *) Bugfix: in the "image_filter" directive. *) Bugfix: OpenSSL 1.0.1f compatibility. Changes with nginx 1.5.4 27 Aug 2013 *) Change: the "js" extension MIME type has been changed to "application/javascript"; default value of the "charset_types" directive was changed accordingly. *) Change: now the "image_filter" directive with the "size" parameter returns responses with the "application/json" MIME type. *) Feature: the ngx_http_auth_request_module. *) Bugfix: a segmentation fault might occur on start or during reconfiguration if the "try_files" directive was used with an empty parameter. *) Bugfix: memory leak if relative paths were specified using variables in the "root" or "auth_basic_user_file" directives. *) Bugfix: the "valid_referers" directive incorrectly executed regular expressions if a "Referer" header started with "https://". *) Bugfix: responses might hang if subrequests were used and an SSL handshake error happened during subrequest processing. *) Bugfix: in the ngx_http_autoindex_module. *) Bugfix: in the ngx_http_spdy_module. Changes with nginx 1.5.3 30 Jul 2013 *) Change in internal API: now u->length defaults to -1 if working with backends in unbuffered mode. *) Change: now after receiving an incomplete response from a backend server nginx tries to send an available part of the response to a client, and then closes client connection. *) Bugfix: a segmentation fault might occur in a worker process if the ngx_http_spdy_module was used with the "client_body_in_file_only" directive. *) Bugfix: the "so_keepalive" parameter of the "listen" directive might be handled incorrectly on DragonFlyBSD. *) Bugfix: in the ngx_http_xslt_filter_module. *) Bugfix: in the ngx_http_sub_filter_module. Changes with nginx 1.5.2 02 Jul 2013 *) Feature: now several "error_log" directives can be used. *) Bugfix: the $r->header_in() embedded perl method did not return value of the "Cookie" and "X-Forwarded-For" request header lines; the bug had appeared in 1.3.14. *) Bugfix: in the ngx_http_spdy_module. *) Bugfix: nginx could not be built on Linux with x32 ABI. Changes with nginx 1.5.1 04 Jun 2013 *) Feature: the "ssi_last_modified", "sub_filter_last_modified", and "xslt_last_modified" directives. *) Feature: the "http_403" parameter of the "proxy_next_upstream", "fastcgi_next_upstream", "scgi_next_upstream", and "uwsgi_next_upstream" directives. *) Feature: the "allow" and "deny" directives now support unix domain sockets. *) Bugfix: nginx could not be built with the ngx_mail_ssl_module, but without ngx_http_ssl_module; the bug had appeared in 1.3.14. *) Bugfix: in the "proxy_set_body" directive. *) Bugfix: in the "lingering_time" directive. *) Bugfix: the "fail_timeout" parameter of the "server" directive in the "upstream" context might not work if "max_fails" parameter was used; the bug had appeared in 1.3.0. *) Bugfix: a segmentation fault might occur in a worker process if the "ssl_stapling" directive was used. *) Bugfix: in the mail proxy server. *) Bugfix: nginx/Windows might stop accepting connections if several worker processes were used. Changes with nginx 1.5.0 07 May 2013 *) Security: a stack-based buffer overflow might occur in a worker process while handling a specially crafted request, potentially resulting in arbitrary code execution (CVE-2013-2028); the bug had appeared in 1.3.9.
author: rodent <rodent@pkgsrc.org> 2014-04-27 11:05:45 +0000
committer: rodent <rodent@pkgsrc.org> 2014-04-27 11:05:45 +0000
commit: 4bd57db8ba3bd16b4c836f2ee8f7d2e0811006dc (patch)
tree: 2678c20707153ebfb3f1da3e64b02a53a9af5c62 /www/nginx
parent: 917036696b45bb12ad1b6f9f9e7277d71584649a (diff)
download: pkgsrc-4bd57db8ba3bd16b4c836f2ee8f7d2e0811006dc.tar.gz
5 files changed, 27 insertions, 51 deletions
diff --git a/www/nginx/Makefile b/www/nginx/Makefile
index 51ae74b4972..98fbb3e0854 100644
--- a/www/nginx/Makefile
+++ b/www/nginx/Makefile
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.54 2014/03/26 13:31:22 imil Exp $
+# $NetBSD: Makefile,v 1.55 2014/04/27 11:05:45 rodent Exp $
 
-DISTNAME=		nginx-1.4.7
-PKGREVISION=		5
+DISTNAME=		nginx-1.6.0
 MAINTAINER=		joerg@NetBSD.org
 
 .include "../../www/nginx/Makefile.common"
diff --git a/www/nginx/distinfo b/www/nginx/distinfo
index 7dbd119fb5b..e68d4ec9e63 100644
--- a/www/nginx/distinfo
+++ b/www/nginx/distinfo
@@ -1,40 +1,7 @@
-$NetBSD: distinfo,v 1.40 2014/03/21 21:41:19 imil Exp $
+$NetBSD: distinfo,v 1.41 2014/04/27 11:05:45 rodent Exp $
 
-SHA1 (array-var-nginx-module-0.03.tar.gz) = b2666aa3c092060fcd3931a6d45798a5745c1ad6
-RMD160 (array-var-nginx-module-0.03.tar.gz) = 171c2d9bd02d7a7ede9f87ab348ef035cea14aec
-Size (array-var-nginx-module-0.03.tar.gz) = 9520 bytes
-SHA1 (echo-nginx-module-0.51.tar.gz) = 127d011f146a7e611f328cd4f2f29cdde1227f07
-RMD160 (echo-nginx-module-0.51.tar.gz) = 79bb11c34735381a5a90176eb4d07dec8b469ab4
-Size (echo-nginx-module-0.51.tar.gz) = 63460 bytes
-SHA1 (encrypted-session-nginx-module-0.03.tar.gz) = b33a74b83a200299fe80a2441b4cc014fab02a6a
-RMD160 (encrypted-session-nginx-module-0.03.tar.gz) = 89cab2054f95e1017c109238d399afe23ce499e6
-Size (encrypted-session-nginx-module-0.03.tar.gz) = 8949 bytes
-SHA1 (form-input-nginx-module-0.07.tar.gz) = 4f68ad4b6b19f313582523585aee4e4473666ea3
-RMD160 (form-input-nginx-module-0.07.tar.gz) = 1d543c15c1ced82497987b7fd71d79d7c818b9bf
-Size (form-input-nginx-module-0.07.tar.gz) = 10563 bytes
-SHA1 (headers-more-nginx-module-0.25.tar.gz) = 514bc3df30b24eb0a06533f1ebaa579b898990f5
-RMD160 (headers-more-nginx-module-0.25.tar.gz) = 8270edae05b2cf24f1d46fb1b217d4943bf56372
-Size (headers-more-nginx-module-0.25.tar.gz) = 27973 bytes
-SHA1 (lua-nginx-module-0.9.5.tar.gz) = c9c752461f407ccae40870d4cabfbf2bd8c81bac
-RMD160 (lua-nginx-module-0.9.5.tar.gz) = 180331a69680278bac26f0a9ccd0de52fd88a7ea
-Size (lua-nginx-module-0.9.5.tar.gz) = 476124 bytes
-SHA1 (naxsi-0.53-2.tar.gz) = e29101b3193f434e4ec503671c41d0bacc64ff39
-RMD160 (naxsi-0.53-2.tar.gz) = 198ff9d2faf55ce3ed72332615f9e555e3afc155
-Size (naxsi-0.53-2.tar.gz) = 165690 bytes
-SHA1 (nginx-1.4.7.tar.gz) = e13b5b23f9be908b69652b0c394a95e9029687e3
-RMD160 (nginx-1.4.7.tar.gz) = 0ae9dfece4a26a8101f67508dcb3e692c86c72e1
-Size (nginx-1.4.7.tar.gz) = 769153 bytes
-SHA1 (nginx_http_push_module-0.692.tar.gz) = 72103084cad8f4d3d9a49a6b04cf780e4541605d
-RMD160 (nginx_http_push_module-0.692.tar.gz) = 9d2be16074cf28115af0f1d8f3646937cda649ad
-Size (nginx_http_push_module-0.692.tar.gz) = 29119 bytes
-SHA1 (nginx_upload_module-2.2.0.tar.gz) = 93d6e83e613a0ce2ed057a434b344fa1b6609b47
-RMD160 (nginx_upload_module-2.2.0.tar.gz) = 5734af837be3fe8ec444a7e5e7f6707118594098
-Size (nginx_upload_module-2.2.0.tar.gz) = 25796 bytes
-SHA1 (ngx_devel_kit-0.2.19.tar.gz) = 888635e80a8a0e6242b8e9b684ff60ffa70845a2
-RMD160 (ngx_devel_kit-0.2.19.tar.gz) = 64d3737bc4cc948c1363cce80d70e5260878811e
-Size (ngx_devel_kit-0.2.19.tar.gz) = 65029 bytes
-SHA1 (set-misc-nginx-module-0.24.tar.gz) = da404a7dac5fa4a0a86f42b4ec7648b607f4cd66
-RMD160 (set-misc-nginx-module-0.24.tar.gz) = 07d0bb8f2a0840534a82a2d18394163342393cef
-Size (set-misc-nginx-module-0.24.tar.gz) = 40397 bytes
-SHA1 (patch-aa) = adf433d1b56a88c6c2ed09c4bd54fdb1a336582f
-SHA1 (patch-ab) = 6f20ef8ac9a042faf7e22770de7c16b351cb1191
+SHA1 (nginx-1.6.0.tar.gz) = 00eed38652d2cee36cc91a395f6703584658bb23
+RMD160 (nginx-1.6.0.tar.gz) = a19cd6d7bdb642049901a4e184a69e434753c021
+Size (nginx-1.6.0.tar.gz) = 802956 bytes
+SHA1 (patch-aa) = 47f0c19b47b115f00ea6e9432d5bb12058c3bc1c
+SHA1 (patch-ab) = 0925a163db1ec36142fc3c32545f0abc1c5545c8
diff --git a/www/nginx/files/nginx.sh b/www/nginx/files/nginx.sh
index b24c40214a0..b74922d738b 100644
--- a/www/nginx/files/nginx.sh
+++ b/www/nginx/files/nginx.sh
@@ -1,6 +1,6 @@
 #!@RCD_SCRIPTS_SHELL@
 #
-# $NetBSD: nginx.sh,v 1.2 2010/01/23 16:32:11 joerg Exp $
+# $NetBSD: nginx.sh,v 1.3 2014/04/27 11:05:45 rodent Exp $
 #
 # PROVIDE: nginx
 # REQUIRE: DAEMON
@@ -13,7 +13,17 @@ command="@PREFIX@/sbin/${name}"
 required_files="@PKG_SYSCONFDIR@/${name}.conf"
 pidfile="@VARBASE@/run/${name}.pid"
 start_precmd="ulimit -n 2048"
-extra_commands="reload"
+extra_commands="configtest reload"
+configtest_cmd="nginx_configtest"
+
+nginx_configtest()
+{
+	if [ ! -f ${required_files} ]; then
+		warn "${required_files} does not exist."
+		return 1;
+	fi
+	${command} -t -c ${required_files}
+}
 
 load_rc_config $name
 run_rc_command "$1"
diff --git a/www/nginx/patches/patch-aa b/www/nginx/patches/patch-aa
index 04a273677a0..d8ced5744f6 100644
--- a/www/nginx/patches/patch-aa
+++ b/www/nginx/patches/patch-aa
@@ -1,8 +1,8 @@
-$NetBSD: patch-aa,v 1.3 2011/12/04 14:41:01 shattered Exp $
+$NetBSD: patch-aa,v 1.4 2014/04/27 11:05:45 rodent Exp $
 
 This patch provides config file adapted to pkgsrc settings.
 
---- conf/nginx.conf.orig	2011-06-27 15:47:51.000000000 +0000
+--- conf/nginx.conf.orig	2014-04-24 12:52:24.000000000 +0000
 +++ conf/nginx.conf
 @@ -1,28 +1,29 @@
  
@@ -82,8 +82,8 @@ This patch provides config file adapted to pkgsrc settings.
      #        index  index.html index.htm;
      #    }
      #}
-@@ -110,7 +111,7 @@ http {
-     #    ssl_prefer_server_ciphers   on;
+@@ -109,7 +110,7 @@ http {
+     #    ssl_prefer_server_ciphers  on;
  
      #    location / {
 -    #        root   html;
diff --git a/www/nginx/patches/patch-ab b/www/nginx/patches/patch-ab
index fd2862b07ef..5fcb8329597 100644
--- a/www/nginx/patches/patch-ab
+++ b/www/nginx/patches/patch-ab
@@ -1,10 +1,10 @@
-$NetBSD: patch-ab,v 1.1 2010/06/15 20:05:48 joerg Exp $
+$NetBSD: patch-ab,v 1.2 2014/04/27 11:05:45 rodent Exp $
 
 Workaround for /bin/sh bug on NetBSD
 
---- auto/install.orig	2010-06-15 19:50:33.000000000 +0000
+--- auto/install.orig	2014-04-24 12:52:24.000000000 +0000
 +++ auto/install
-@@ -114,9 +114,6 @@ install:	$NGX_OBJS${ngx_dirsep}nginx${ng
+@@ -141,9 +141,6 @@ install:	$NGX_OBJS${ngx_dirsep}nginx${ng
  		|| cp conf/nginx.conf '\$(DESTDIR)$NGX_CONF_PATH'
  	cp conf/nginx.conf '\$(DESTDIR)$NGX_CONF_PREFIX/nginx.conf.default'
author	rodent <rodent@pkgsrc.org>	2014-04-27 11:05:45 +0000
committer	rodent <rodent@pkgsrc.org>	2014-04-27 11:05:45 +0000
commit	4bd57db8ba3bd16b4c836f2ee8f7d2e0811006dc (patch)
tree	2678c20707153ebfb3f1da3e64b02a53a9af5c62 /www/nginx
parent	917036696b45bb12ad1b6f9f9e7277d71584649a (diff)
download	pkgsrc-4bd57db8ba3bd16b4c836f2ee8f7d2e0811006dc.tar.gz