From e96fd428c8ba7192999e10365a5b47e5c3a06571 Mon Sep 17 00:00:00 2001 From: rodent Date: Fri, 26 Jun 2015 13:46:53 +0000 Subject: Update to latest stable. Resolves CVE-2014-3616. From CHANGELOG: Changes with nginx 1.8.0 21 Apr 2015 *) 1.8.x stable branch. Changes with nginx 1.7.12 07 Apr 2015 *) Feature: now the "tcp_nodelay" directive works with backend SSL connections. *) Feature: now thread pools can be used to read cache file headers. *) Bugfix: in the "proxy_request_buffering" directive. *) Bugfix: a segmentation fault might occur in a worker process when using thread pools on Linux. *) Bugfix: in error handling when using the "ssl_stapling" directive. *) Bugfix: in the ngx_http_spdy_module. Changes with nginx 1.7.11 24 Mar 2015 *) Change: the "sendfile" parameter of the "aio" directive is deprecated; now nginx automatically uses AIO to pre-load data for sendfile if both "aio" and "sendfile" directives are used. *) Feature: experimental thread pools support. *) Feature: the "proxy_request_buffering", "fastcgi_request_buffering", "scgi_request_buffering", and "uwsgi_request_buffering" directives. *) Feature: request body filters experimental API. *) Feature: client SSL certificates support in mail proxy. *) Feature: startup speedup when using the "hash ... consistent" directive in the upstream block. *) Feature: debug logging into a cyclic memory buffer. *) Bugfix: in hash table handling. *) Bugfix: in the "proxy_cache_revalidate" directive. *) Bugfix: SSL connections might hang if deferred accept or the "proxy_protocol" parameter of the "listen" directive were used. *) Bugfix: the $upstream_response_time variable might contain a wrong value if the "image_filter" directive was used. *) Bugfix: in integer overflow handling. *) Bugfix: it was not possible to enable SSLv3 with LibreSSL. *) Bugfix: the "ignoring stale global SSL error ... called a function you should not call" alerts appeared in logs when using LibreSSL. *) Bugfix: certificates specified by the "ssl_client_certificate" and "ssl_trusted_certificate" directives were inadvertently used to automatically construct certificate chains. Changes with nginx 1.7.10 10 Feb 2015 *) Feature: the "use_temp_path" parameter of the "proxy_cache_path", "fastcgi_cache_path", "scgi_cache_path", and "uwsgi_cache_path" directives. *) Feature: the $upstream_header_time variable. *) Workaround: now on disk overflow nginx tries to write error logs once a second only. *) Bugfix: the "try_files" directive did not ignore normal files while testing directories. *) Bugfix: alerts "sendfile() failed" if the "sendfile" directive was used on OS X; the bug had appeared in 1.7.8. *) Bugfix: alerts "sem_post() failed" might appear in logs. *) Bugfix: nginx could not be built with musl libc. *) Bugfix: nginx could not be built on Tru64 UNIX. Changes with nginx 1.7.9 23 Dec 2014 *) Feature: variables support in the "proxy_cache", "fastcgi_cache", "scgi_cache", and "uwsgi_cache" directives. *) Feature: variables support in the "expires" directive. *) Feature: loading of secret keys from hardware tokens with OpenSSL engines. *) Feature: the "autoindex_format" directive. *) Bugfix: cache revalidation is now only used for responses with 200 and 206 status codes. *) Bugfix: the "TE" client request header line was passed to backends while proxying. *) Bugfix: the "proxy_pass", "fastcgi_pass", "scgi_pass", and "uwsgi_pass" directives might not work correctly inside the "if" and "limit_except" blocks. *) Bugfix: the "proxy_store" directive with the "on" parameter was ignored if the "proxy_store" directive with an explicitly specified file path was used on a previous level. *) Bugfix: nginx could not be built with BoringSSL. Changes with nginx 1.7.8 02 Dec 2014 *) Change: now the "If-Modified-Since", "If-Range", etc. client request header lines are passed to a backend while caching if nginx knows in advance that the response will not be cached (e.g., when using proxy_cache_min_uses). *) Change: now after proxy_cache_lock_timeout nginx sends a request to a backend with caching disabled; the new directives "proxy_cache_lock_age", "fastcgi_cache_lock_age", "scgi_cache_lock_age", and "uwsgi_cache_lock_age" specify a time after which the lock will be released and another attempt to cache a response will be made. *) Change: the "log_format" directive can now be used only at http level. *) Feature: the "proxy_ssl_certificate", "proxy_ssl_certificate_key", "proxy_ssl_password_file", "uwsgi_ssl_certificate", "uwsgi_ssl_certificate_key", and "uwsgi_ssl_password_file" directives. *) Feature: it is now possible to switch to a named location using "X-Accel-Redirect". *) Feature: now the "tcp_nodelay" directive works with SPDY connections. *) Feature: new directives in vim syntax highliting scripts. *) Bugfix: nginx ignored the "s-maxage" value in the "Cache-Control" backend response header line. *) Bugfix: in the ngx_http_spdy_module. *) Bugfix: in the "ssl_password_file" directive when using OpenSSL 0.9.8zc, 1.0.0o, 1.0.1j. *) Bugfix: alerts "header already sent" appeared in logs if the "post_action" directive was used; the bug had appeared in 1.5.4. *) Bugfix: alerts "the http output chain is empty" might appear in logs if the "postpone_output 0" directive was used with SSI includes. *) Bugfix: in the "proxy_cache_lock" directive with SSI subrequests. Changes with nginx 1.7.7 28 Oct 2014 *) Change: now nginx takes into account the "Vary" header line in a backend response while caching. *) Feature: the "proxy_force_ranges", "fastcgi_force_ranges", "scgi_force_ranges", and "uwsgi_force_ranges" directives. *) Feature: the "proxy_limit_rate", "fastcgi_limit_rate", "scgi_limit_rate", and "uwsgi_limit_rate" directives. *) Feature: the "Vary" parameter of the "proxy_ignore_headers", "fastcgi_ignore_headers", "scgi_ignore_headers", and "uwsgi_ignore_headers" directives. *) Bugfix: the last part of a response received from a backend with unbufferred proxy might not be sent to a client if "gzip" or "gunzip" directives were used. *) Bugfix: in the "proxy_cache_revalidate" directive. *) Bugfix: in error handling. *) Bugfix: in the "proxy_next_upstream_tries" and "proxy_next_upstream_timeout" directives. *) Bugfix: nginx/Windows could not be built with MinGW-w64 gcc. Changes with nginx 1.7.6 30 Sep 2014 *) Change: the deprecated "limit_zone" directive is not supported anymore. *) Feature: the "limit_conn_zone" and "limit_req_zone" directives now can be used with combinations of multiple variables. *) Bugfix: request body might be transmitted incorrectly when retrying a FastCGI request to the next upstream server. *) Bugfix: in logging to syslog. Changes with nginx 1.7.5 16 Sep 2014 *) Security: it was possible to reuse SSL sessions in unrelated contexts if a shared SSL session cache or the same TLS session ticket key was used for multiple "server" blocks (CVE-2014-3616). *) Change: now the "stub_status" directive does not require a parameter. *) Feature: the "always" parameter of the "add_header" directive. *) Feature: the "proxy_next_upstream_tries", "proxy_next_upstream_timeout", "fastcgi_next_upstream_tries", "fastcgi_next_upstream_timeout", "memcached_next_upstream_tries", "memcached_next_upstream_timeout", "scgi_next_upstream_tries", "scgi_next_upstream_timeout", "uwsgi_next_upstream_tries", and "uwsgi_next_upstream_timeout" directives. *) Bugfix: in the "if" parameter of the "access_log" directive. *) Bugfix: in the ngx_http_perl_module. *) Bugfix: the "listen" directive of the mail proxy module did not allow to specify more than two parameters. *) Bugfix: the "sub_filter" directive did not work with a string to replace consisting of a single character. *) Bugfix: requests might hang if resolver was used and a timeout occurred during a DNS request. *) Bugfix: in the ngx_http_spdy_module when using with AIO. *) Bugfix: a segmentation fault might occur in a worker process if the "set" directive was used to change the "$http_...", "$sent_http_...", or "$upstream_http_..." variables. *) Bugfix: in memory allocation error handling. Changes with nginx 1.7.4 05 Aug 2014 *) Security: pipelined commands were not discarded after STARTTLS command in SMTP proxy (CVE-2014-3556); the bug had appeared in 1.5.6. *) Change: URI escaping now uses uppercase hexadecimal digits. *) Feature: now nginx can be build with BoringSSL and LibreSSL. *) Bugfix: requests might hang if resolver was used and a DNS server returned a malformed response; the bug had appeared in 1.5.8. *) Bugfix: in the ngx_http_spdy_module. *) Bugfix: the $uri variable might contain garbage when returning errors with code 400. *) Bugfix: in error handling in the "proxy_store" directive and the ngx_http_dav_module. *) Bugfix: a segmentation fault might occur if logging of errors to syslog was used; the bug had appeared in 1.7.1. *) Bugfix: the $geoip_latitude, $geoip_longitude, $geoip_dma_code, and $geoip_area_code variables might not work. *) Bugfix: in memory allocation error handling. Changes with nginx 1.7.3 08 Jul 2014 *) Feature: weak entity tags are now preserved on response modifications, and strong ones are changed to weak. *) Feature: cache revalidation now uses If-None-Match header if possible. *) Feature: the "ssl_password_file" directive. *) Bugfix: the If-None-Match request header line was ignored if there was no Last-Modified header in a response returned from cache. *) Bugfix: "peer closed connection in SSL handshake" messages were logged at "info" level instead of "error" while connecting to backends. *) Bugfix: in the ngx_http_dav_module module in nginx/Windows. *) Bugfix: SPDY connections might be closed prematurely if caching was used. Changes with nginx 1.7.2 17 Jun 2014 *) Feature: the "hash" directive inside the "upstream" block. *) Feature: defragmentation of free shared memory blocks. *) Bugfix: a segmentation fault might occur in a worker process if the default value of the "access_log" directive was used; the bug had appeared in 1.7.0. *) Bugfix: trailing slash was mistakenly removed from the last parameter of the "try_files" directive. *) Bugfix: nginx could not be built on OS X in some cases. *) Bugfix: in the ngx_http_spdy_module. Changes with nginx 1.7.1 27 May 2014 *) Feature: the "$upstream_cookie_..." variables. *) Feature: the $ssl_client_fingerprint variable. *) Feature: the "error_log" and "access_log" directives now support logging to syslog. *) Feature: the mail proxy now logs client port on connect. *) Bugfix: memory leak if the "ssl_stapling" directive was used. *) Bugfix: the "alias" directive used inside a location given by a regular expression worked incorrectly if the "if" or "limit_except" directives were used. *) Bugfix: the "charset" directive did not set a charset to encoded backend responses. *) Bugfix: a "proxy_pass" directive without URI part might use original request after the $args variable was set. *) Bugfix: in the "none" parameter in the "smtp_auth" directive; the bug had appeared in 1.5.6. *) Bugfix: if sub_filter and SSI were used together, then responses might be transferred incorrectly. *) Bugfix: nginx could not be built with the --with-file-aio option on Linux/aarch64. Changes with nginx 1.7.0 24 Apr 2014 *) Feature: backend SSL certificate verification. *) Feature: support for SNI while working with SSL backends. *) Feature: the $ssl_server_name variable. *) Feature: the "if" parameter of the "access_log" directive. --- www/nginx/Makefile | 5 ++--- www/nginx/distinfo | 41 ++++------------------------------------- 2 files changed, 6 insertions(+), 40 deletions(-) (limited to 'www') diff --git a/www/nginx/Makefile b/www/nginx/Makefile index 0b57eb8c6d1..60f228e0bdc 100644 --- a/www/nginx/Makefile +++ b/www/nginx/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.58 2015/06/12 10:51:51 wiz Exp $ +# $NetBSD: Makefile,v 1.59 2015/06/26 13:46:53 rodent Exp $ -DISTNAME= nginx-1.6.2 +DISTNAME= nginx-1.8.0 MAINTAINER= joerg@NetBSD.org -PKGREVISION= 1 .include "../../www/nginx/Makefile.common" diff --git a/www/nginx/distinfo b/www/nginx/distinfo index 4bd2554dc61..5c30c116600 100644 --- a/www/nginx/distinfo +++ b/www/nginx/distinfo @@ -1,40 +1,7 @@ -$NetBSD: distinfo,v 1.44 2014/09/24 05:42:48 kim Exp $ +$NetBSD: distinfo,v 1.45 2015/06/26 13:46:53 rodent Exp $ -SHA1 (array-var-nginx-module-0.03.tar.gz) = b2666aa3c092060fcd3931a6d45798a5745c1ad6 -RMD160 (array-var-nginx-module-0.03.tar.gz) = 171c2d9bd02d7a7ede9f87ab348ef035cea14aec -Size (array-var-nginx-module-0.03.tar.gz) = 9520 bytes -SHA1 (echo-nginx-module-0.51.tar.gz) = 127d011f146a7e611f328cd4f2f29cdde1227f07 -RMD160 (echo-nginx-module-0.51.tar.gz) = 79bb11c34735381a5a90176eb4d07dec8b469ab4 -Size (echo-nginx-module-0.51.tar.gz) = 63460 bytes -SHA1 (encrypted-session-nginx-module-0.03.tar.gz) = b33a74b83a200299fe80a2441b4cc014fab02a6a -RMD160 (encrypted-session-nginx-module-0.03.tar.gz) = 89cab2054f95e1017c109238d399afe23ce499e6 -Size (encrypted-session-nginx-module-0.03.tar.gz) = 8949 bytes -SHA1 (form-input-nginx-module-0.07.tar.gz) = 4f68ad4b6b19f313582523585aee4e4473666ea3 -RMD160 (form-input-nginx-module-0.07.tar.gz) = 1d543c15c1ced82497987b7fd71d79d7c818b9bf -Size (form-input-nginx-module-0.07.tar.gz) = 10563 bytes -SHA1 (headers-more-nginx-module-0.25.tar.gz) = 514bc3df30b24eb0a06533f1ebaa579b898990f5 -RMD160 (headers-more-nginx-module-0.25.tar.gz) = 8270edae05b2cf24f1d46fb1b217d4943bf56372 -Size (headers-more-nginx-module-0.25.tar.gz) = 27973 bytes -SHA1 (lua-nginx-module-0.9.5.tar.gz) = c9c752461f407ccae40870d4cabfbf2bd8c81bac -RMD160 (lua-nginx-module-0.9.5.tar.gz) = 180331a69680278bac26f0a9ccd0de52fd88a7ea -Size (lua-nginx-module-0.9.5.tar.gz) = 476124 bytes -SHA1 (naxsi-0.53-2.tar.gz) = e29101b3193f434e4ec503671c41d0bacc64ff39 -RMD160 (naxsi-0.53-2.tar.gz) = 198ff9d2faf55ce3ed72332615f9e555e3afc155 -Size (naxsi-0.53-2.tar.gz) = 165690 bytes -SHA1 (nginx-1.6.2.tar.gz) = 1a5458bc15acf90eea16353a1dd17285cf97ec35 -RMD160 (nginx-1.6.2.tar.gz) = 58704be748781db2bcd67e5bad842f5ff8c55326 -Size (nginx-1.6.2.tar.gz) = 804164 bytes -SHA1 (nginx_http_push_module-0.692.tar.gz) = 72103084cad8f4d3d9a49a6b04cf780e4541605d -RMD160 (nginx_http_push_module-0.692.tar.gz) = 9d2be16074cf28115af0f1d8f3646937cda649ad -Size (nginx_http_push_module-0.692.tar.gz) = 29119 bytes -SHA1 (nginx_upload_module-2.2.0.tar.gz) = 93d6e83e613a0ce2ed057a434b344fa1b6609b47 -RMD160 (nginx_upload_module-2.2.0.tar.gz) = 5734af837be3fe8ec444a7e5e7f6707118594098 -Size (nginx_upload_module-2.2.0.tar.gz) = 25796 bytes -SHA1 (ngx_devel_kit-0.2.19.tar.gz) = 888635e80a8a0e6242b8e9b684ff60ffa70845a2 -RMD160 (ngx_devel_kit-0.2.19.tar.gz) = 64d3737bc4cc948c1363cce80d70e5260878811e -Size (ngx_devel_kit-0.2.19.tar.gz) = 65029 bytes -SHA1 (set-misc-nginx-module-0.24.tar.gz) = da404a7dac5fa4a0a86f42b4ec7648b607f4cd66 -RMD160 (set-misc-nginx-module-0.24.tar.gz) = 07d0bb8f2a0840534a82a2d18394163342393cef -Size (set-misc-nginx-module-0.24.tar.gz) = 40397 bytes +SHA1 (nginx-1.8.0.tar.gz) = 12bad312764feae50246685ab2e74512d1aa9b2f +RMD160 (nginx-1.8.0.tar.gz) = 9af62e81b42e572615f59fcedb222e9d6ad96b53 +Size (nginx-1.8.0.tar.gz) = 832104 bytes SHA1 (patch-aa) = 47f0c19b47b115f00ea6e9432d5bb12058c3bc1c SHA1 (patch-ab) = 0925a163db1ec36142fc3c32545f0abc1c5545c8 -- cgit v1.2.3