| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
uWSGI 2.0.7
===========
Changelog [20140905]
Bugfixes
********
- fixed counters in statsd plugin (Joshua C. Forest)
- fixed caching in php plugin (Andrew Bevitt)
- fixed management of system users starting with a number
- fixed request body readline using memmove instead of memcpy (Andrew Wason)
- ignore "user" namespace in setns (still a source of problems)
- fixed Python3 rpc bytes/string mess (result: we support both)
- do not destroy the Emperor on failed mount hooks
- fixed symbol lookup error in the Mono plugin on OS X (Ventero)
- fixed fastcgi and scgi protocols error when out of buffer happens
- fixed solaris/smartos I/O management
- fixed 2 memory leaks in the rpc subsystem (Riccardo Magliocchetti)
- fixed rados plugin PUT method (Martin Mlynář)
- fixed multiple python mountpoints with multiple threads in cow mode
- stats UNIX socket is now deleted by vacuum
- fixed off-by-one corruption in cache LRU mode
- force single-cpu build in cygwin (Guido Notari)
New Features and improvements
*****************************
allow calling the spooler from every cpython context
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
At Europython 2014, Ultrabug (a uWSGI contributor and packager) asked for the possibility to spool tasks directly from a greenlet.
Done.
store_delete cache2 option
^^^^^^^^^^^^^^^^^^^^^^^^^^
Author: goir
The store_delete flag of the --cache2 option, allows you to force the cache engine to automatically remove an invalid
backing store file.
file logger rotation
^^^^^^^^^^^^^^^^^^^^
Author: Riccardo Magliocchetti
The `file` logger has been extended to allow the use of rotation (the same system used by the non-pluggable --logto):
https://github.com/unbit/uwsgi/commit/0324e5965c360dccfb873ffe351dec88ddab59c5
vassals plugin hooks
^^^^^^^^^^^^^^^^^^^^
The plugin have has been extended with two new hooks: vassal and vassal_before_exec.
Both allows to customize a vassal soon after its process has been generated.
The first third-party plugin using it is the 'apparmor' one:
https://github.com/unbit/uwsgi-apparmor
allowing you to apply an apparmor profile to a vassal
Broodlord improvements
^^^^^^^^^^^^^^^^^^^^^^
The broodlord subsystem has been improved with a new option: --vassal-sos that automatically ask for reinforcement when all of the workers of an instance are busy.
In addition to this a sysadmin can now manually ask for reinforcement sending the 'B' commando to the master fifo of an instance.
|
|
*) SECURITY: CVE-2014-0117 (cve.mitre.org)
mod_proxy: Fix crash in Connection header handling which
allowed a denial of service attack against a reverse proxy
with a threaded MPM.
*) SECURITY: CVE-2014-3523 (cve.mitre.org)
Fix a memory consumption denial of service in the WinNT MPM (used in all Windows
installations). Workaround: AcceptFilter <protocol> {none|connect}
*) SECURITY: CVE-2014-0226 (cve.mitre.org)
Fix a race condition in scoreboard handling, which could lead to
a heap buffer overflow.
*) SECURITY: CVE-2014-0118 (cve.mitre.org)
mod_deflate: The DEFLATE input filter (inflates request bodies) now
limits the length and compression ratio of inflated request bodies to avoid
denial of sevice via highly compressed bodies. See directives
DeflateInflateLimitRequestBody, DeflateInflateRatioLimit,
and DeflateInflateRatioBurst.
*) SECURITY: CVE-2014-0231 (cve.mitre.org)
mod_cgid: Fix a denial of service against CGI scripts that do
not consume stdin that could lead to lingering HTTPD child processes
filling up the scoreboard and eventually hanging the server. By
default, the client I/O timeout (Timeout directive) now applies to
communication with scripts. The CGIDScriptTimeout directive can be
used to set a different timeout for communication with scripts.
*) mod_ssl: Extend the scope of SSLSessionCacheTimeout to sessions
resumed by TLS session resumption (RFC 5077).
*) mod_deflate: Don't fail when flushing inflated data to the user-agent
and that coincides with the end of stream ("Zlib error flushing inflate
buffer").
*) mod_proxy_ajp: Forward local IP address as a custom request attribute
like we already do for the remote port.
*) core: Include any error notes set by modules in the canned error
response for 403 errors.
*) mod_ssl: Set an error note for requests rejected due to
SSLStrictSNIVHostCheck.
*) mod_ssl: Fix issue with redirects to error documents when handling
SNI errors.
*) mod_ssl: Fix tmp DH parameter leak, adjust selection to prefer
larger keys and support up to 8192-bit keys.
*) mod_dav: Fix improper encoding in PROPFIND responses.
*) WinNT MPM: Improve error handling for termination events in child.
*) mod_proxy: When ping/pong is configured for a worker, don't send or
forward "100 Continue" (interim) response to the client if it does
not expect one.
*) mod_ldap: Be more conservative with the last-used time for
LDAPConnectionPoolTTL.
*) mod_ldap: LDAP connections used for authn were not respecting
LDAPConnectionPoolTTL.
*) mod_proxy_fcgi: Fix occasional high CPU when handling request bodies.
*) event MPM: Fix possible crashes (third-party modules accessing c->sbh)
or occasional missed mod_status updates under load.
*) mod_authnz_ldap: Support primitive LDAP servers do not accept
filters, such as "SDBM-backed LDAP" on z/OS, by allowing a special
filter "none" to be specified in AuthLDAPURL.
*) mod_deflate: Fix inflation of files larger than 4GB.
*) mod_deflate: Handle Zlib header and validation bytes received in multiple
chunks.
*) mod_proxy: Allow reverse-proxy to be set via explicit handler.
*) ab: support custom HTTP method with -m argument.
*) mod_proxy_balancer: Correctly encode user provided data in management
interface.
*) mod_proxy_fcgi: Support iobuffersize parameter.
*) mod_auth_form: Add a debug message when the fields on a form are not
recognised.
*) mod_cache: Preserve non-cacheable headers forwarded from an origin 304
response.
*) mod_proxy_wstunnel: Fix the use of SSL connections with the "wss:"
scheme.
*) mod_socache_shmcb: Correct counting of expirations for status display.
Expirations happening during retrieval were not counted.
*) mod_cache: Retry unconditional request with the full URL (including the
query-string) when the origin server's 304 response does not match the
conditions used to revalidate the stale entry.
*) mod_alias: Stop setting CONTEXT_PREFIX and CONTEXT_DOCUMENT environment
variables as a result of AliasMatch.
*) mod_cache: Don't add cached/revalidated entity headers to a 304 response.
*) mod_proxy_scgi: Support Unix sockets. ap_proxy_port_of_scheme():
Support default SCGI port (4000).
*) mod_cache: Fix AH00784 errors on Windows when the the CacheLock directive
is enabled.
*) mod_expires: don't add Expires header to error responses (4xx/5xx),
be they generated or forwarded.
*) mod_proxy_fcgi: Don't segfault when failing to connect to the backend.
(regression in 2.4.9 release)
*) mod_authn_socache: Fix crash at startup in certain configurations.
*) mod_ssl: restore argument structure for "exec"-type SSLPassPhraseDialog
programs to the form used in releases up to 2.4.7, and emulate
a backwards-compatible behavior for existing setups.
*) mod_ssl: Add SSLOCSPUseRequestNonce directive to control whether or not
OCSP requests should use a nonce to be checked against the responder's
one.
*) mod_ssl: "SSLEngine off" will now override a Listen-based default
and does disable mod_ssl for the vhost.
*) mod_lua: Enforce the max post size allowed via r:parsebody()
*) mod_lua: Use binary comparison to find boundaries for multipart
objects, as to not terminate our search prematurely when hitting
a NULL byte.
*) mod_ssl: add workaround for SSLCertificateFile when using OpenSSL
versions before 0.9.8h and not specifying an SSLCertificateChainFile
(regression introduced with 2.4.8).
*) mod_ssl: bring SNI behavior into better conformance with RFC 6066:
no longer send warning-level unrecognized_name(112) alerts,
and limit startup warnings to cases where an OpenSSL version
without TLS extension support is used.
*) mod_proxy_html: Avoid some possible memory access violation in case of
specially crafted files, when the ProxyHTMLMeta directive is turned on.
*) mod_auth_form: Make sure the optional functions are loaded even when
the AuthFormProvider isn't specified.
*) mod_ssl: avoid processing bogus SSLCertificateKeyFile values
(and logging garbled file names).
*) mod_ssl: fix merging of global and vhost-level settings with the
SSLCertificateFile, SSLCertificateKeyFile, and SSLOpenSSLConfCmd
directives.
*) mod_headers: Allow the "value" parameter of Header and RequestHeader to
contain an ap_expr expression if prefixed with "expr=".
*) rotatelogs: Avoid creation of zombie processes when -p is used on
Unix platforms.
*) mod_authnz_fcgi: New module to enable FastCGI authorizer
applications to authenticate and/or authorize clients.
*) mod_proxy: Do not try to parse the regular expressions passed by
ProxyPassMatch as URL as they do not follow their syntax.
*) mod_reqtimeout: Resolve unexpected timeouts on keepalive requests
under the Event MPM.
*) mod_proxy_fcgi: Fix sending of response without some HTTP headers
that might be set by filters.
*) mod_proxy_html: Do not delete the wrong data from HTML code when a
"http-equiv" meta tag specifies a Content-Type behind any other
"http-equiv" meta tag.
*) mod_proxy: Don't reuse a SSL backend connection whose requested SNI
differs.
*) Add suspend_connection and resume_connection hooks to notify modules
when the thread/connection relationship changes. (Should be implemented
for any third-party async MPMs.)
*) mod_proxy_wstunnel: Don't issue AH02447 and log a 500 on routine
hangups from websockets origin servers.
*) mod_proxy_wstunnel: Don't pool backend websockets connections,
because we need to handshake every time.
*) mod_lua: Redesign how request record table access behaves,
in order to utilize the request record from within these tables.
*) mod_lua: Add r:wspeek for peeking at WebSocket frames.
*) mod_lua: Log an error when the initial parsing of a Lua file fails.
*) mod_lua: Reformat and escape script error output.
*) mod_lua: URL-escape cookie keys/values to prevent tainted cookie data
from causing response splitting.
*) mod_lua: Disallow newlines in table values inside the request_rec,
to prevent HTTP Response Splitting via tainted headers.
*) mod_lua: Remove the non-working early/late arguments for
LuaHookCheckUserID.
*) mod_lua: Change IVM storage to use shm
*) mod_lua: More verbose error logging when a handler function cannot be
found.
|
|
Changes to GoAccess 0.8.4 - Monday, September 08, 2014
* Added ability to handle nginx non-standard status code 444 as 404.
`--444-as-404`
* Added and updated operating systems, and browsers.
* Added excluded IP hits count to the general statistics panel on all reports.
* Added HTTP nonstandard code '444' to the status code list.
* Added the ability to count client errors (4xx) to the unique visitors count.
Now by default it omits client errors (4xx) from being added to the unique
visitors count as they are probably not welcomed visitors. 4xx errors are
always counted in panels other than visitors, OS & browsers.
`--4xx-to-unique-count`
* Removed request status field restriction. This allows parsing logs that contain
only a valid date, IPv4/6 and host.
* Fixed issue when excluding IPv4/v6 ranges.
* Fixed compile error due to missing include <sys/types.h> for type off_t
(gcc 4.1).
Changes to GoAccess 0.8.3 - Monday, July 28, 2014
* Fixed SEGFAULT when parsing a CLF log format and using --ignore-crawlers.
* Fixed parsing conflict between some Opera browsers and Chrome.
* Fixed parsing of several feed readers that are Firefox/Safari-based.
* Fixed Steam detection.
* Added Huawei to the browser's list and removed it from the OS's list.
Changes to GoAccess 0.8.2 - Monday, July 20, 2014
* Added ability to parse dates containing whitespaces in between,
e.g., Jul 15 20:13:59 (syslog format).
* Added a variety of browsers, game systems, feed readers, and podcasts.
* Added a '-V --version' command line option.
* Added missing up/down arrows to the help section.
* Added the ability to ignore crawlers using the '--ignore-crawlers' option.
* Added the ability to ignore multiple IPv4/v6 and IP ranges.
* Added the PATCH method according to RFC 5789.
* Fixed GeoLocation percent issue for the JSON, CSV and HTML outputs.
* Fixed memory leak when excluding one or multiple IPs.
Changes to GoAccess 0.8.1 - Monday, June 16, 2014
* Added ability to add/remove static files by extension through the config
file.
* Added ability to print backtrace on segmentation fault.
* Escaped JSON strings correctly according to [RFC4627].
* Fixed encoding issue when extracting keyphrases for some HTTP referers.
* Fixed issue where HTML bar graphs were not shown due to numeric locale.
* Fixed issue with URIs containing "\r?\n" thus breaking the corresponding
output.
* Make sure request string is URL decoded on all outputs.
|
|
* v2.04
Minor documentation fixes and explanation of the proposed split into
legacy/trunk branches. No code changes from 2.03_02.
* v2.03_02
The uploads have had a minor change which may solve the windows size
difference failures. More diagnostics were added to the failures if it
does not.
* v2.03_01
The test multi-part upload data in the test suite has been fixed to have
the correct (CRLF) line terminators. These tests should now pass for
Microsoft users.
The documentation has been amended to reflect the change of maintainer.
* v2.03 - May 25, 2014
Maintainer change: Pete Houston has taken over maintenance from Smylers.
A test suite has been created.
BUG FIX: Cleared up some uninitialised value warnings emitted when query
strings are missing an entire key-value pair eg: "&foo=bar" (issue
38448).
BUG FIX: If the user calls parse_form_data as a class method without a
query string, the method now gives up early and silently
(issue 6180).
BUG FIX: In form-data uploads, the boundary string was not properly
escaped and therefore would not match when it contained
metacharacters (issue 29053).
BUG FIX: The content type for url-encoded forms now matches on the MIME
type only, so additional charset fields are allowed (issues 16236,
34827 and 41666).
BUG FIX: Leading/trailling whitespace is now stripped from cookie names
and values.
BUG FIX: Cookies now no longer need to be separated by whitespace.
Commas can now be used as separators too. (issue 32329).
BUG FIX: The semicolon is now a permitted delimiter in the query string
along with the ampersand (issue 8212).
|
|
Version 0.77 -- 2014-08-05
o re-release to remove build artifacts that should not have been shipped
Version 0.76 -- 2014-08-05
o On Android, set TMPDIR before calling configure (RT#97680, Brian Fraser)
Version 0.75 -- 2014-07-17
o deprecated APIs removed (chansen)
o broken PP implementation removed (chansen)
o retooled distribution so FCGI.pm and FCGI.xs exist as-is, rather than
being generated by FCGI.PL and FCGI.XL (chansen)
|
|
Upstream changes:
RELEASE 0.12
New SimpleTemplate parser implementation * Support for multi-line code blocks (<% ... %>). * The keywords include and rebase are functions now and can accept variable template names.
The new BaseRequest.route() property returns the Route that originally matched the request.
Removed the BaseRequest.MAX_PARAMS limit. The hash collision bug in CPythons dict() implementation was fixed over a year ago. If you are still using Python 2.5 in production, consider upgrading or at least make sure that you get security fixed from your distributor.
New ConfigDict API (see Configuration (DRAFT))
|
|
|
|
|
|
This module generates tokens to help protect against a website attack
known as Cross-Site Request Forgery (CSRF, also known as XSRF). CSRF
is an attack where an attacker fools a browser into make a request to
a web server for which that browser will automatically include some
form of credentials (cookies, cached HTTP Basic authentication, etc.),
thus abusing the web server's trust in the user for malicious use.
The most common CSRF mitigation is sending a special, hard-to-guess
token with every request, and then require that any request that is
not idempotent (i.e., has side effects) must be accompanied with such
a token. This mitigation depends critically on the fact that while an
attacker can easily make the victim's browser make a request, the
browser security model (same-origin policy, or SOP for short) prevents
third-party sites from reading the results of that request.
|
|
|
|
Upstream changes:
5.37 2014-09-03
- Improved Mojo::Template performance slightly.
- Fixed .ep template bug where the stash value "c" could no longer be used.
5.36 2014-09-02
- Improved Mojo::Template performance.
5.35 2014-08-30
- Improved monkey_patch to be able to name generated functions.
5.34 2014-08-29
- Added original_remote_address attribute to Mojo::Transaction.
- Fixed bug where Mojolicious::Commands would change @ARGV when loaded.
|
|
|
|
=================
WebKitGTK+ 2.4.5
=================
What's new in WebKitGTK+ 2.4.5?
- Do not freeze the UI process while scanning plugins if there's a
GTK+ 3 plugin installed.
- Fix a crash when drag and drop to a WebKitWebView.
- Fix a crash when navigating away from a web page containing an ogg
video.
- Fix slow motion rendering problem in GStreamer media backend due
to integer rounding.
- Make sure the plugins cache is always used even if the cache
directory doesn’t exist.
- Fix toggle buttons rendering with recent GTK+ versions.
- Do not use GtkWindow:resize-grip-visible with recent GTK+
versions.
- Add support for little-endian PowerPC64.
|
|
Upstream changelog is too long, please visit:
https://www.mediawiki.org/wiki/Release_notes/1.23
|
|
Version 3.3.5 (2014-08-27)
--------------------------
### Fixed
Do not output an empty `label` tag (see #7249).
### Fixed
Allow floating point numbers in "number" input fields (see #7257).
### Fixed
Do not adjust the start time of past events (see #7121).
### Fixed
Reset the image margins if it exceeds the maximum image size (see #7245).
### Fixed
Reset `$blnPreventSaving` when a model is cloned (see #7243).
### Fixed
Do not reload after storing `CURRENT_ID` in the session (see #7240).
### Fixed
Correctly validate the page number of the versions menu (see #7235).
### Fixed
Handle underscores in the Google+ vanity name (see #7241).
### Fixed
Correctly handle the `rem` unit when importing style sheets (see #7220).
### Fixed
Fix two issues with the extension repository theme.
|
|
Version 3.2.14 (2014-08-27)
---------------------------
### Fixed
Allow floating point numbers in "number" input fields (see #7257).
### Fixed
Do not adjust the start time of past events (see #7121).
### Fixed
Reset the image margins if it exceeds the maximum image size (see #7245).
### Fixed
Reset `$blnPreventSaving` when a model is cloned (see #7243).
### Fixed
Do not reload after storing `CURRENT_ID` in the session (see #7240).
### Fixed
Correctly validate the page number of the versions menu (see #7235).
### Fixed
Handle underscores in the Google+ vanity name (see #7241).
### Fixed
Correctly handle the `rem` unit when importing style sheets (see #7220).
### Fixed
Fix two issues with the extension repository theme.
|
|
discussed with wiz@.
|
|
under NetBSD (and other platforms using "/etc/rc.subr"?).
Bump package revision because of this fix.
|
|
kerberos_ldap_group: Fix 'error during setup of Kerberos credential cache'
Ignore Range headers with unidentifiable byte-range values
Use v3 for fake certificate if we add _any_ certificate extension.
Fix regression in rev.13156
Fix %USER_CA_CERT_* and %CA_CERT_ external_acl formating codes
Enable compile-time override for MAXTCPLISTENPORTS
ntlm_sspi_auth: fix various build errors
negotiate_wrapper: vfork is not portable
Windows: fix iphlpapi.h include case-sensitivity
Windows: correct libsspwin32 API for SSP_LogonUser()
negotiate_sspi_auth: Portability fixes for MinGW
ext_lm_group_acl: portability fixes for MinGW
SourceFormat Enforcement
Bug 4080: worker hangs when client identd is not responding
Bug 3966: Add KeyEncipherment when ssl-bump substitues RSA for EC.
Reduce cache_effective_user was leaking $HOME memory
|
|
arguments, these are now handled globally by mk/platform/SunOS.mk
|
|
Upstream changes:
5.33 2014-08-24
- Improved Mojo::Date to be able to handle higher precision times.
- Improved Mojo::ByteStream performance.
5.32 2014-08-21
- Added to_datetime method to Mojo::Date.
- Improved Mojo::Date to support RFC 3339.
5.31 2014-08-19
- Improved Mojolicious::Static to allow custom content types.
- Improved url_for performance.
5.30 2014-08-17
- Improved Mojolicious::Static to only handle GET and HEAD requests.
- Improved Mojo::URL performance.
- Improved url_for performance slightly.
- Fixed bug where DATA sections sometimes got corrupted after forking, which
caused applications to fail randomly.
- Fixed Mojo::IOLoop::Client to use a timeout for every connection.
5.29 2014-08-16
- Added helpers method to Mojolicious::Controller.
- Improved performance of .ep templates slightly.
- Fixed "0" value bug in Mojolicious::Plugin::EPRenderer.
|
|
|
|
|
|
We had 2 previously undetected regressions in 3.0.4. These are now fixed.
One small new feature also snuck into this release: apphooks and plugin registration now work as decorators.
If you are running 3.0.4 please upgrade.
|
|
- reversion.register() can now be used as a class decorator
- Danish translation
- Improvements to Travis CI integration
- Simplified Chinese translation
- Minor bugfixes and documentation improvement
|
|
Bump PKGREVISION.
|
|
Security fixes:
* Issue: reverse() can generate URLs pointing to other hosts (CVE-2014-0480)
* Issue: file upload denial of service (CVE-2014-0481)
* Issue: RemoteUserMiddleware session hijacking (CVE-2014-0482)
* Issue: data leakage via querystring manipulation in admin (CVE-2014-0483)
|
|
Security fixes:
* Issue: reverse() can generate URLs pointing to other hosts (CVE-2014-0480)
* Issue: file upload denial of service (CVE-2014-0481)
* Issue: RemoteUserMiddleware session hijacking (CVE-2014-0482)
* Issue: data leakage via querystring manipulation in admin (CVE-2014-0483)
|
|
|
|
Fixes bulk builds.
|
|
|
|
|
|
|
|
Serve static or templated content via WSGI or stand-alone from a
python module.
|
|
|
|
kamelderouiche.
WebOb provides wrappers around the WSGI request environment, and an
object to help create WSGI responses.
The objects map much of the specified behavior of HTTP, including
header parsing and accessors for other standard parts of the
environment
|
|
|
|
|
|
|
|
|
|
|
|
WebDriver is a tool for writing automated tests of websites. It aims to mimic
the behaviour of a real user, and as such interacts with the HTML of the
application.
|
|
* Add google back to openid selector. Apparently this has gotten a stay
of execution until April 2015. (It may continue to work until 2017.)
* highlight: Add compatibility with highlight 3.18, while still supporting
3.9+. Closes: #757679
Thanks, David Bremner
* highlight: Add support for multiple language definition directories
Closes: #757680
Thanks, David Bremner
pkgsrc changes:
* Add ikiwiki-highlight option that pulls in textproc/p5-highlight,
for syntax highlighting code blocks (or entire source files).
|
|
The build will now fall back to pure-python mode if the C
extension fails to build for any reason (previously it would
fall back for some errors but not others).
IOLoop.call_at and IOLoop.call_later now always return a timeout
handle for use with IOLoop.remove_timeout.
If any callback of a PeriodicCallback or IOStream returns a
Future, any error raised in that future will now be logged
(similar to the behavior of IOLoop.add_callback).
Fixed an exception in client-side websocket connections when
the connection is closed.
simple_httpclient once again correctly handles 204 status codes with no content-length header.
Fixed a regression in simple_httpclient that would result in
timeouts for certain kinds of errors.
|
|
Changes:
* Fixes a possible denial of service issue in PHP’s XML processing, reported by
Nir Goldshlager of the Salesforce.com Product Security Team. Fixed by Michael
Adams and Andrew Nacin of the WordPress security team and David Rothstein of
the Drupal security team.
* Fixes a possible but unlikely code execution when processing widgets
(WordPress is not affected by default), discovered by Alex Concha of the
WordPress security team.
* Prevents information disclosure via XML entity attacks in the external GetID3
library, reported by Ivan Novikov of ONSec.
* Adds protections against brute attacks against CSRF tokens, reported by David
Tomaschik of the Google Security Team.
* Contains some additional security hardening, like preventing cross-site
scripting that could be triggered only by administrators.
|
|
|
|
Serf 1.3.7 [2014-08-11, from /tags/1.3.7, r2411]
Handle NUL bytes in fields of an X.509 certificate. (r2393, r2399)
|
|
Changes with nginx 1.7.4 05 Aug 2014
*) Security: pipelined commands were not discarded after STARTTLS
command in SMTP proxy (CVE-2014-3556); the bug had appeared in 1.5.6.
Thanks to Chris Boulton.
*) Change: URI escaping now uses uppercase hexadecimal digits.
Thanks to Piotr Sikora.
*) Feature: now nginx can be build with BoringSSL and LibreSSL.
Thanks to Piotr Sikora.
*) Bugfix: requests might hang if resolver was used and a DNS server
returned a malformed response; the bug had appeared in 1.5.8.
*) Bugfix: in the ngx_http_spdy_module.
Thanks to Piotr Sikora.
*) Bugfix: the $uri variable might contain garbage when returning errors
with code 400.
Thanks to Sergey Bobrov.
*) Bugfix: in error handling in the "proxy_store" directive and the
ngx_http_dav_module.
Thanks to Feng Gu.
*) Bugfix: a segmentation fault might occur if logging of errors to
syslog was used; the bug had appeared in 1.7.1.
*) Bugfix: the $geoip_latitude, $geoip_longitude, $geoip_dma_code, and
$geoip_area_code variables might not work.
Thanks to Yichun Zhang.
*) Bugfix: in memory allocation error handling.
Thanks to Tatsuhiko Kubo and Piotr Sikora.
Changes with nginx 1.7.3 08 Jul 2014
*) Feature: weak entity tags are now preserved on response
modifications, and strong ones are changed to weak.
*) Feature: cache revalidation now uses If-None-Match header if
possible.
*) Feature: the "ssl_password_file" directive.
*) Bugfix: the If-None-Match request header line was ignored if there
was no Last-Modified header in a response returned from cache.
*) Bugfix: "peer closed connection in SSL handshake" messages were
logged at "info" level instead of "error" while connecting to
backends.
*) Bugfix: in the ngx_http_dav_module module in nginx/Windows.
*) Bugfix: SPDY connections might be closed prematurely if caching was
used.
Changes with nginx 1.7.2 17 Jun 2014
*) Feature: the "hash" directive inside the "upstream" block.
*) Feature: defragmentation of free shared memory blocks.
Thanks to Wandenberg Peixoto and Yichun Zhang.
*) Bugfix: a segmentation fault might occur in a worker process if the
default value of the "access_log" directive was used; the bug had
appeared in 1.7.0.
Thanks to Piotr Sikora.
*) Bugfix: trailing slash was mistakenly removed from the last parameter
of the "try_files" directive.
*) Bugfix: nginx could not be built on OS X in some cases.
*) Bugfix: in the ngx_http_spdy_module.
Changes with nginx 1.7.1 27 May 2014
*) Feature: the "$upstream_cookie_..." variables.
*) Feature: the $ssl_client_fingerprint variable.
*) Feature: the "error_log" and "access_log" directives now support
logging to syslog.
*) Feature: the mail proxy now logs client port on connect.
*) Bugfix: memory leak if the "ssl_stapling" directive was used.
Thanks to Filipe da Silva.
*) Bugfix: the "alias" directive used inside a location given by a
regular expression worked incorrectly if the "if" or "limit_except"
directives were used.
*) Bugfix: the "charset" directive did not set a charset to encoded
backend responses.
*) Bugfix: a "proxy_pass" directive without URI part might use original
request after the $args variable was set.
Thanks to Yichun Zhang.
*) Bugfix: in the "none" parameter in the "smtp_auth" directive; the bug
had appeared in 1.5.6.
Thanks to Svyatoslav Nikolsky.
*) Bugfix: if sub_filter and SSI were used together, then responses
might be transferred incorrectly.
*) Bugfix: nginx could not be built with the --with-file-aio option on
Linux/aarch64.
Changes with nginx 1.7.0 24 Apr 2014
*) Feature: backend SSL certificate verification.
*) Feature: support for SNI while working with SSL backends.
*) Feature: the $ssl_server_name variable.
*) Feature: the "if" parameter of the "access_log" directive.
Changes with nginx 1.5.13 08 Apr 2014
*) Change: improved hash table handling; the default values of the
"variables_hash_max_size" and "types_hash_bucket_size" were changed
to 1024 and 64 respectively.
*) Feature: the ngx_http_mp4_module now supports the "end" argument.
*) Feature: byte ranges support in the ngx_http_mp4_module and while
saving responses to cache.
*) Bugfix: alerts "ngx_slab_alloc() failed: no memory" no longer logged
when using shared memory in the "ssl_session_cache" directive and in
the ngx_http_limit_req_module.
*) Bugfix: the "underscores_in_headers" directive did not allow
underscore as a first character of a header.
Thanks to Piotr Sikora.
*) Bugfix: cache manager might hog CPU on exit in nginx/Windows.
*) Bugfix: nginx/Windows terminated abnormally if the
"ssl_session_cache" directive was used with the "shared" parameter.
*) Bugfix: in the ngx_http_spdy_module.
|
|
Update DEPENDS
Upstream changes:
2014-07-24 Release 6.08
Mike Schilli (1):
Requiring Net::HTTP 6.07 to fix IPv6 support
(RT#75618 and https://github.com/libwww-perl/net-http/pull/10)
Jason A Fesler (2):
When the hostname is an IPv6 literal, encapsulate it with [brackets]
before calling Net::HTTP [rt.cpan.org #29468]
Extra steps to make sure that the host address that has a ":" contains
only characters appropriate for an IPv6 address.
John Wittkoski (1):
Fix doc typo for cookie_jar
_______________________________________________________________________________
2014-07-01 Release 6.07
Mike Schilli (5):
Removed Data::Dump references in test suite and dependency in Makefile.PL
Added MANIFEST.SKIP to enable "make manifest".
release script now checks for MacOS to avoid incompatible tarballs
Bumped version number to 6.07
Fixed gnu-incompatible tarball problem ([rt.cpan.org #94844])
|
|
Upstream changes:
2014-07-23 Net-HTTP 6.07
Jason Fesler (1):
Opportunistically use IO::Socket::IP or IO::Socket::INET6.
Properly parse IPv6 literal addreses with optional port numbers. [RT#75618]
|
