| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
<ChangeLog>
*) Bugfix: an error might occur when reading PROXY protocol version 2
header with large number of TLVs.
*) Bugfix: a segmentation fault might occur in a worker process if SSI
was used to process subrequests created by other modules.
Thanks to Ciel Zhao.
*) Workaround: when a hostname used in the "listen" directive resolves
to multiple addresses, nginx now ignores duplicates within these
addresses.
*) Bugfix: nginx might hog CPU during unbuffered proxying if SSL
connections to backends were used.
</ChangeLog>
|
|
|
|
Bump PKGREVISION for www/nginx and www/nginx-devel.
<ChangeLog>
nginx modules:
*) Bugfix: fixed Fetch Response prototype reinitialization.
When at least one js_import directive was declared in both HTTP
and Stream, ngx.fetch() returned inapproriate response in Stream.
The bug was introduced in 0.7.7.
Core:
*) Bugfix: fixed String.prototype.replace(re) if re.exec() returns
non-flat array.
*) Bugfix: fixed Array.prototype.fill() when start object changes
"this".
*) Bugfix: fixed description for fs.mkdir() and fs.rmdir() methods.
*) Bugfix: fixed %TypedArray%.prototype.set(s) when s element changes
"this".
*) Bugfix: fixed Array.prototype.splice(s, d) when d resizes "this"
during evaluation.
*) Bugfix: fixed for-in loop with left and right hand side
expressions.
</ChangeLog>
|
|
Bump PKGREVISION for www/nginx and www/nginx-devel.
<ChangeLog>
nginx modules:
*) Feature: added js_preload_object directive.
*) Feature: added ngx.conf_prefix property.
*) Feature: added s.sendUpstream() and s.sendDownstream()
in stream module.
*) Feature: added support for HEAD method in Fetch API.
*) Improvement: improved async callback support for s.send()
in stream module.
Core:
*) Feature: added "name" instance property for a function
object.
*) Feature: added njs.memoryStats object.
*) Bugfix: fixed String.prototype.trimEnd() with unicode
string.
*) Bugfix: fixed Object.freeze() with fast arrays.
*) Bugfix: fixed Object.defineProperty() with fast arrays.
*) Bugfix: fixed async token as a property name of an object.
*) Bugfix: fixed property set instruction when key modifies
base binding.
*) Bugfix: fixed complex assignments.
*) Bugfix: fixed handling of unhandled promise rejection.
*) Bugfix: fixed process.env when duplicate environ variables
are present.
*) Bugfix: fixed double declaration detection in modules.
*) Bugfix: fixed bound function calls according to the spec.
*) Bugfix: fixed break label for if statement.
*) Bugfix: fixed labeled empty statements.
</ChangeLog>
|
|
<ChangeLog>
*) Security: processing of a specially crafted mp4 file by the
ngx_http_mp4_module might cause a worker process crash, worker
process memory disclosure, or might have potential other impact
(CVE-2022-41741, CVE-2022-41742).
*) Feature: the "$proxy_protocol_tlv_..." variables.
*) Feature: TLS session tickets encryption keys are now automatically
rotated when using shared memory in the "ssl_session_cache"
directive.
*) Change: the logging level of the "bad record type" SSL errors has
been lowered from "crit" to "info".
Thanks to Murilo Andrade.
*) Change: now when using shared memory in the "ssl_session_cache"
directive the "could not allocate new session" errors are logged at
the "warn" level instead of "alert" and not more often than once per
second.
*) Bugfix: nginx/Windows could not be built with OpenSSL 3.0.x.
*) Bugfix: in logging of the PROXY protocol errors.
Thanks to Sergey Brester.
*) Workaround: shared memory from the "ssl_session_cache" directive was
spent on sessions using TLS session tickets when using TLSv1.3 with
OpenSSL.
*) Workaround: timeout specified with the "ssl_session_timeout"
directive did not work when using TLSv1.3 with OpenSSL or BoringSSL.
</ChangeLog>
|
|
ChangeLog: https://github.com/openresty/lua-nginx-module/compare/v0.10.21...v0.10.22
Bump PKGREVISIONs.
|
|
Bump PKGREVISION for www/nginx and www/nginx-devel.
<ChangeLog>
nginx modules:
*) Feature: the number of nginx configuration contexts where
js directives can be specified is extended.
HTTP: js_import, js_path, js_set and js_var are allowed
in server and location contexts. js_content, js_body_filter
and js_header_filter are allowed in 'if' context.
Stream: js_import, js_path, js_set and js_var are allowed
in server context.
*) Feature: added r.internal property.
*) Bugfix: fixed reading response body in fetch API.
*) Bugfix: fixed "js_fetch_timeout" in stream module.
*) Bugfix: fixed socket leak with 0 fetch timeout.
Core:
*) Feature: extended "fs" module. Added fs.openSync(),
fs.promises.open(), fs.fstatSync(), fs.readSync(),
fs.writeSync().
The following properties of FileHandle are implemented:
fd, read(), stat(), write(), close().
*) Bugfix: fixed parseInt(), parseFloat(), Symbol.for()
with no arguments.
</ChangeLog>
|
|
Also, update NGINX JavaScript module: 0.7.5 -> 0.7.6.
<Changelog for NGINX 1.23.1>
*) Feature: memory usage optimization in configurations with SSL
proxying.
*) Feature: looking up of IPv4 addresses while resolving now can be
disabled with the "ipv4=off" parameter of the "resolver" directive.
*) Change: the logging level of the "bad key share", "bad extension",
"bad cipher", and "bad ecpoint" SSL errors has been lowered from
"crit" to "info".
*) Bugfix: while returning byte ranges nginx did not remove the
"Content-Range" header line if it was present in the original backend
response.
*) Bugfix: a proxied response might be truncated during reconfiguration
on Linux; the bug had appeared in 1.17.5.
</Changelog>
<ChangeLog for NGINX JavaScript 0.7.6>
nginx modules:
*) Feature: improved r.args object. Added support for multiple
arguments with the same key. Added case sensitivity for
keys. Keys and values are percent-decoded now.
*) Bugfix: fixed r.headersOut setter for special headers.
Core:
*) Feature: added Symbol.for() and Symbol.keyfor().
*) Feature: added btoa() and atob() from WHATWG spec.
*) Bugfix: fixed large non-decimal literals.
*) Bugfix: fixed unicode argument trimming in parseInt().
*) Bugfix: fixed break instruction in a try-catch block.
*) Bugfix: fixed async function declaration in CLI.
</ChangeLog>
|
|
|
|
It's compatible with 1.23.0 now.
Bump PORTREVISION.
|
|
Switch to the https protocol for MASTER_SITES.
Update distinfo with the checksums of recently added patches.
Fix PLIST for the third-party http_upload module.
Bump PKGREVISION.
|
|
Also, update third-party modules:
o) headers_more: 0.33 -> d502e41
o) http_push: 1.2.15 -> 1.3.0
o) naxsi: 1.3 -> 29793dc
o) njs: 0.7.4 -> 0.7.5
Patches obtained from the corresponding port in FreeBSD ports tree.
<ChangeLog>
*) Change in internal API: now header lines are represented as linked
lists.
*) Change: now nginx combines arbitrary header lines with identical
names when sending to FastCGI, SCGI, and uwsgi backends, in the
$r->header_in() method of the ngx_http_perl_module, and during lookup
of the "$http_...", "$sent_http_...", "$sent_trailer_...",
"$upstream_http_...", and "$upstream_trailer_..." variables.
*) Bugfix: if there were multiple "Vary" header lines in the backend
response, nginx only used the last of them when caching.
*) Bugfix: if there were multiple "WWW-Authenticate" header lines in the
backend response and errors with code 401 were intercepted or the
"auth_request" directive was used, nginx only sent the first of the
header lines to the client.
*) Change: the logging level of the "application data after close
notify" SSL errors has been lowered from "crit" to "info".
*) Bugfix: connections might hang if nginx was built on Linux 2.6.17 or
newer, but was used on systems without EPOLLRDHUP support, notably
with epoll emulation layers; the bug had appeared in 1.17.5.
Thanks to Marcus Ball.
*) Bugfix: nginx did not cache the response if the "Expires" response
header line disabled caching, but following "Cache-Control" header
line enabled caching.
</ChangeLog>
|
|
|
|
The third-party upload module has been add to www/nginx-devel.
Merge pcre/pcre2 functional from www/nginx-devel to www/nginx.
I'm going to review patches for the both ports.
Bump PKGREVISIONs.
|
|
Also, update third-party modules:
o) http_push from 1.2.12 to 1.2.15
o) lua from 0.10.20 to 0.10.21
o) njs from 0.7.3 to 0.7.4
|
|
more dependencies or distfiles.
|
|
|
|
|
|
Bump PKGREVISION.
<ChangeLog>
Core:
*) Feature: added support of module resolution callback.
This feature allows a host environment to control
how imported modules are loaded.
*) Bugfix: fixed backtraces while traversing imported user
modules.
*) Bugfix: fixed Array.prototype.concat() when "this" is a slow
array.
*) Bugfix: fixed frame allocation from an awaited frame.
*) Bugfix: fixed allocation of large array literals.
*) Bugfix: fixed interpreter when "toString" conversion fails.
</ChangeLog>
|
|
nginx-devel has 'pcre' option for pcre support and 'pcre and pcre2'
option for pcre2 support. No need to use raw nginx option framework.
Convert pcre and pcre2 for optional option.
|
|
|
|
It's not a typical practice in pkgsrc to share options.mk. Also, it's
not easy to build both www/nginx and www/nginx-devel with a different
set of options. So, let's decouple www/nginx-devel from www/nginx.
From now the following option needs to be specified to build
www/nginx-devel with a specific options: PKG_OPTIONS.nginx-devel.
While I'm here add support to build package with devel/pcre2. Please
note: some third-party modules, such as naxsi and luajit, are not
compatible yet with devel/pcre2, so let's keep pcre option as a
suggested one.
Bump PKGREVISION.
|
|
The new and shiny lang/njs package will be added shortly.
Bump PKGREVISIONs.
|
|
Also, move NGINX JavaScript (njs) configure phase out of the NGINX build
phase.
Bump PKGREVISIONs.
|
|
It's possible now to build an additional module as a dynamic module.
Bump PKGREVISION.
While I'm here take over the maintainership for www/nginx (*).
Approved by: joerg (*)
|
|
Discussed with: gutteridge
|
|
o) encrypted-session-nginx from 0.08 to 0.09;
o) http_push from 1.2.10 to 1.2.12;
o) lua from 0.10.19 to 0.10.20;
o) njs from 0.5.0 to 0.7.2;
o) set-misc from 0.32 to 0.33.
|
|
|
|
Changes with nginx 1.21.6 25 Jan 2022
*) Bugfix: when using EPOLLEXCLUSIVE on Linux client connections were
unevenly distributed among worker processes.
*) Bugfix: nginx returned the "Connection: keep-alive" header line in
responses during graceful shutdown of old worker processes.
*) Bugfix: in the "ssl_session_ticket_key" when using TLSv1.3.
|
|
Changes with nginx 1.21.5 28 Dec 2021
*) Change: now nginx is built with the PCRE2 library by default.
*) Change: now nginx always uses sendfile(SF_NODISKIO) on FreeBSD.
*) Feature: support for sendfile(SF_NOCACHE) on FreeBSD.
*) Feature: the $ssl_curve variable.
*) Bugfix: connections might hang when using HTTP/2 without SSL with the
"sendfile" and "aio" directives.
|
|
Changes with nginx 1.21.4
*) Change: support for NPN instead of ALPN to establish HTTP/2
connections has been removed.
*) Change: now nginx rejects SSL connections if ALPN is used by the
client, but no supported protocols can be negotiated.
*) Change: the default value of the "sendfile_max_chunk" directive was
changed to 2 megabytes.
*) Feature: the "proxy_half_close" directive in the stream module.
*) Feature: the "ssl_alpn" directive in the stream module.
*) Feature: the $ssl_alpn_protocol variable.
*) Feature: support for SSL_sendfile() when using OpenSSL 3.0.
*) Feature: the "mp4_start_key_frame" directive in the
ngx_http_mp4_module.
Thanks to Tracey Jaquith.
*) Bugfix: in the $content_length variable when using chunked transfer
encoding.
*) Bugfix: after receiving a response with incorrect length from a
proxied backend nginx might nevertheless cache the connection.
Thanks to Awdhesh Mathpal.
*) Bugfix: invalid headers from backends were logged at the "info" level
instead of "error"; the bug had appeared in 1.21.1.
*) Bugfix: requests might hang when using HTTP/2 and the "aio_write"
directive.
|
|
This takes advantage of the introduction of the SYSCONFBASE variable.
Tested on NetBSD/amd64.
While there, add support for the "configtest" command in the RC script.
Bumps PKGREVISION.
|
|
|
|
Changes with nginx 1.21.3 07 Sep 2021
*) Change: optimization of client request body reading when using
HTTP/2.
*) Bugfix: in request body filters internal API when using HTTP/2 and
buffering of the data being processed.
Changes with nginx 1.21.2 31 Aug 2021
*) Change: now nginx rejects HTTP/1.0 requests with the
"Transfer-Encoding" header line.
*) Change: export ciphers are no longer supported.
*) Feature: OpenSSL 3.0 compatibility.
*) Feature: the "Auth-SSL-Protocol" and "Auth-SSL-Cipher" header lines
are now passed to the mail proxy authentication server.
Thanks to Rob Mueller.
*) Feature: request body filters API now permits buffering of the data
being processed.
*) Bugfix: backend SSL connections in the stream module might hang after
an SSL handshake.
*) Bugfix: the security level, which is available in OpenSSL 1.1.0 or
newer, did not affect loading of the server certificates when set
with "@SECLEVEL=N" in the "ssl_ciphers" directive.
*) Bugfix: SSL connections with gRPC backends might hang if select,
poll, or /dev/poll methods were used.
*) Bugfix: when using HTTP/2 client request body was always written to
disk if the "Content-Length" header line was not present in the
request.
|
|
Changes with nginx 1.21.1
*) Change: now nginx always returns an error for the CONNECT method.
*) Change: now nginx always returns an error if both "Content-Length"
and "Transfer-Encoding" header lines are present in the request.
*) Change: now nginx always returns an error if spaces or control
characters are used in the request line.
*) Change: now nginx always returns an error if spaces or control
characters are used in a header name.
*) Change: now nginx always returns an error if spaces or control
characters are used in the "Host" request header line.
*) Change: optimization of configuration testing when using many
listening sockets.
*) Bugfix: nginx did not escape """, "<", ">", "\", "^", "`", "{", "|",
and "}" characters when proxying with changed URI.
*) Bugfix: SSL variables might be empty when used in logs; the bug had
appeared in 1.19.5.
*) Bugfix: keepalive connections with gRPC backends might not be closed
after receiving a GOAWAY frame.
*) Bugfix: reduced memory consumption for long-lived requests when
proxying with more than 64 buffers.
|
|
Changes with nginx 1.21.0
*) Security: 1-byte memory overwrite might occur during DNS server
response processing if the "resolver" directive was used, allowing an
attacker who is able to forge UDP packets from the DNS server to
cause worker process crash or, potentially, arbitrary code execution
(CVE-2021-23017).
*) Feature: variables support in the "proxy_ssl_certificate",
"proxy_ssl_certificate_key" "grpc_ssl_certificate",
"grpc_ssl_certificate_key", "uwsgi_ssl_certificate", and
"uwsgi_ssl_certificate_key" directives.
*) Feature: the "max_errors" directive in the mail proxy module.
*) Feature: the mail proxy module supports POP3 and IMAP pipelining.
*) Feature: the "fastopen" parameter of the "listen" directive in the
stream module.
Thanks to Anbang Wen.
*) Bugfix: special characters were not escaped during automatic redirect
with appended trailing slash.
*) Bugfix: connections with clients in the mail proxy module might be
closed unexpectedly when using SMTP pipelining.
|
|
Changes with nginx 1.19.10
*) Change: the default value of the "keepalive_requests" directive was
changed to 1000.
*) Feature: the "keepalive_time" directive.
*) Feature: the $connection_time variable.
*) Workaround: "gzip filter failed to use preallocated memory" alerts
appeared in logs when using zlib-ng.
|
|
Changes with nginx 1.19.9 30 Mar 2021
*) Bugfix: nginx could not be built with the mail proxy module, but
without the ngx_mail_ssl_module; the bug had appeared in 1.19.8.
*) Bugfix: "upstream sent response body larger than indicated content
length" errors might occur when working with gRPC backends; the bug
had appeared in 1.19.1.
*) Bugfix: nginx might not close a connection till keepalive timeout
expiration if the connection was closed by the client while
discarding the request body.
*) Bugfix: nginx might not detect that a connection was already closed
by the client when waiting for auth_delay or limit_req delay, or when
working with backends.
*) Bugfix: in the eventport method.
Changes with nginx 1.19.8 09 Mar 2021
*) Feature: flags in the "proxy_cookie_flags" directive can now contain
variables.
*) Feature: the "proxy_protocol" parameter of the "listen" directive,
the "proxy_protocol" and "set_real_ip_from" directives in mail proxy.
*) Bugfix: HTTP/2 connections were immediately closed when using
"keepalive_timeout 0"; the bug had appeared in 1.19.7.
*) Bugfix: some errors were logged as unknown if nginx was built with
glibc 2.32.
*) Bugfix: in the eventport method.
Changes with nginx 1.19.7 16 Feb 2021
*) Change: connections handling in HTTP/2 has been changed to better
match HTTP/1.x; the "http2_recv_timeout", "http2_idle_timeout", and
"http2_max_requests" directives have been removed, the
"keepalive_timeout" and "keepalive_requests" directives should be
used instead.
*) Change: the "http2_max_field_size" and "http2_max_header_size"
directives have been removed, the "large_client_header_buffers"
directive should be used instead.
*) Feature: now, if free worker connections are exhausted, nginx starts
closing not only keepalive connections, but also connections in
lingering close.
*) Bugfix: "zero size buf in output" alerts might appear in logs if an
upstream server returned an incorrect response during unbuffered
proxying; the bug had appeared in 1.19.1.
*) Bugfix: HEAD requests were handled incorrectly if the "return"
directive was used with the "image_filter" or "xslt_stylesheet"
directives.
*) Bugfix: in the "add_trailer" directive.
|
|
Changes with nginx 1.19.6 15 Dec 2020
*) Bugfix: "no live upstreams" errors if a "server" inside "upstream"
block was marked as "down".
*) Bugfix: a segmentation fault might occur in a worker process if HTTPS
was used; the bug had appeared in 1.19.5.
*) Bugfix: nginx returned the 400 response on requests like
"GET http://example.com?args HTTP/1.0".
*) Bugfix: in the ngx_http_flv_module and ngx_http_mp4_module.
And while here, also update naxsi to 1.3.
Changes for naxsi 1.3:
*) Fixed regression on FILE_EXT confusion
*) Documented id 19 and 20 to rules
|
|
|
|
Submitted by Brian Ewell in joyent/pkgsrc#289, minor changes by myself.
|
|
|
|
Changes with nginx 1.19.5 24 Nov 2020
*) Feature: the -e switch.
*) Feature: the same source files can now be specified in different
modules while building addon modules.
*) Bugfix: SSL shutdown did not work when lingering close was used.
*) Bugfix: "upstream sent frame for closed stream" errors might occur
when working with gRPC backends.
*) Bugfix: in request body filters internal API.
|
|
|
|
Changes with nginx 1.19.4 27 Oct 2020
*) Feature: the "ssl_conf_command", "proxy_ssl_conf_command",
"grpc_ssl_conf_command", and "uwsgi_ssl_conf_command" directives.
*) Feature: the "ssl_reject_handshake" directive.
*) Feature: the "proxy_smtp_auth" directive in mail proxy.
|
|
|
|
Changes with nginx 1.19.3 29 Sep 2020
*) Feature: the ngx_stream_set_module.
*) Feature: the "proxy_cookie_flags" directive.
*) Feature: the "userid_flags" directive.
*) Bugfix: the "stale-if-error" cache control extension was erroneously
applied if backend returned a response with status code 500, 502,
503, 504, 403, 404, or 429.
*) Bugfix: "[crit] cache file ... has too long header" messages might
appear in logs if caching was used and the backend returned responses
with the "Vary" header line.
*) Workaround: "[crit] SSL_write() failed" messages might appear in logs
when using OpenSSL 1.1.1.
*) Bugfix: "SSL_shutdown() failed (SSL: ... bad write retry)" messages
might appear in logs; the bug had appeared in 1.19.2.
*) Bugfix: a segmentation fault might occur in a worker process when
using HTTP/2 if errors with code 400 were redirected to a proxied
location using the "error_page" directive.
*) Bugfix: socket leak when using HTTP/2 and subrequests in the njs
module.
|
|
match nginx)
|
|
|
|
Changes with nginx 1.19.2
*) Change: now nginx starts closing keepalive connections before all
free worker connections are exhausted, and logs a warning about this
to the error log.
*) Change: optimization of client request body reading when using
chunked transfer encoding.
*) Bugfix: memory leak if the "ssl_ocsp" directive was used.
*) Bugfix: "zero size buf in output" alerts might appear in logs if a
FastCGI server returned an incorrect response; the bug had appeared
in 1.19.1.
*) Bugfix: a segmentation fault might occur in a worker process if
different large_client_header_buffers sizes were used in different
virtual servers.
*) Bugfix: SSL shutdown might not work.
*) Bugfix: "SSL_shutdown() failed (SSL: ... bad write retry)" messages
might appear in logs.
*) Bugfix: in the ngx_http_slice_module.
*) Bugfix: in the ngx_http_xslt_filter_module.
|
