nginx-1.13.9-12.1

- update rmtp module to 1.2.1
  - just commenting all places where we fallthrough conditionals

- update headers more to 0.33
  - feature: add wildcard match support for
    more_clear_input_headers.

- update fancyindex module to 0.4.2
  This release contains an important fix which can cause Nginx to
  crash when a directory contains zero-sized (empty) files. This
  bug has been present in all previous releases, and all users are
  strongly encouraged to update to version 0.4.2.
  https://github.com/aperezdc/ngx-fancyindex/releases/tag/v0.4.2

- changes from 1.13.9
  - Feature: HTTP/2 server push support; the "http2_push" and
    "http2_push_preload" directives.
  - Bugfix: "header already sent" alerts might appear in logs when
    using cache; the bug had appeared in 1.9.13.
  - Bugfix: a segmentation fault might occur in a worker process if
    the "ssl_verify_client" directive was used and no SSL
    certificate was specified in a virtual server.
  - Bugfix: in the ngx_http_v2_module.
  - Bugfix: in the ngx_http_dav_module.
- updates from 1.13.8
  - Feature: now nginx automatically preserves the CAP_NET_RAW
    capability in worker processes when using the "transparent"
    parameter of the "proxy_bind", "fastcgi_bind",
    "memcached_bind", "scgi_bind", and "uwsgi_bind" directives.
  - Feature: improved CPU cache line size detection. Thanks to
    Debayan Ghosh.
  - Feature: new directives in vim syntax highlighting scripts.
    Thanks to Gena Makhomed.
  - Bugfix: binary upgrade refused to work if nginx was re-parented
    to a process with PID different from 1 after its parent process
    has finished.
  - Bugfix: the ngx_http_autoindex_module incorrectly handled
    requests with bodies.
  - Bugfix: in the "proxy_limit_rate" directive when used with the
    "keepalive" directive.
  - Bugfix: some parts of a response might be buffered when using
    "proxy_buffering off" if the client connection used SSL.
    Thanks to Patryk Lesiewicz.
  - Bugfix: in the "proxy_cache_background_update" directive.
  - Bugfix: it was not possible to start a parameter with a
    variable in the "${name}" form with the name in curly brackets
    without enclosing the parameter into single or double quotes.

- Install /etc/nginx/conf.d directory for custom user configuration
  files

- Install /etc/nginx/vhosts.d directory for default installation
  to house custom virtual hosts configuration files

- update to version 1.13.7
  - Bugfix: in the $upstream_status variable.
  - Bugfix: a segmentation fault might occur in a worker process
    if a backend returned a "101 Switching Protocols" response to
    a subrequest.
  - Bugfix: a segmentation fault occurred in a master process if a
    shared memory zone size was changed during a reconfiguration
    and the reconfiguration failed.
  - Bugfix: in the ngx_http_fastcgi_module.
  - Bugfix: nginx returned the 500 error if parameters without
    variables were specified in the "xslt_stylesheet" directive.
  - Workaround: "gzip filter failed to use preallocated memory"
    alerts appeared in logs when using a zlib library variant
    from Intel.
  - Bugfix: the "worker_shutdown_timeout" directive did not work
    when using mail proxy and when proxying WebSocket connections.
- partial cleanup with spec-cleaner

- update to 1.13.6
  - Bugfix: switching to the next upstream server in the stream
    module did not work when using the "ssl_preread" directive.
  - Bugfix: in the ngx_http_v2_module.  Thanks to Piotr Sikora.
  - Bugfix: nginx did not support dates after the year 2038 on
    32-bit platforms with 64-bit time_t.
  - Bugfix: in handling of dates prior to the year 1970 and after
    the year 10000.
  - Bugfix: in the stream module timeouts waiting for UDP datagrams
    from upstream servers were not logged or logged at the "info"
    level instead of "error".
  - Bugfix: when using HTTP/2 nginx might return the 400 response
    without logging the reason.
  - Bugfix: in processing of corrupted cache files.
  - Bugfix: cache control headers were ignored when caching errors
    intercepted by error_page.
  - Bugfix: when using HTTP/2 client request body might be
    corrupted.
  - Bugfix: in handling of client addresses when using unix domain
    sockets.
  - Bugfix: nginx hogged CPU when using the "hash ... consistent"
    directive in the upstream block if large weights were used and
    all or most of the servers were unavailable.

- extra modules were enabled on sles due to a typo

- Submit nginx to SLES to become a http server for RMT(Repository
  mirroring tool) [fate#323994, bsc#1059685, boo#1057831]

- disable extra modules on sle

- update to 1.13.5
  - Feature: the $ssl_client_escaped_cert variable.
  - Bugfix: the "ssl_session_ticket_key" directive and the
    "include" parameter of the "geo" directive did not work on
    Windows.
  - Bugfix: incorrect response length was returned on 32-bit
    platforms when requesting more than 4 gigabytes with multiple
    ranges.
  - Bugfix: the "expires modified" directive and processing of the
    "If-Range" request header line did not use the response last
    modification time if proxying without caching was used.
- changes from 1.13.4
  - Feature: the ngx_http_mirror_module.
  - Bugfix: client connections might be dropped during
    configuration testing when using the "reuseport" parameter of
    the "listen" directive on Linux.
  - Bugfix: request body might not be available in subrequests if
    it was saved to a file and proxying was used.
  - Bugfix: cleaning cache based on the "max_size" parameter did
    not work on Windows.
  - Bugfix: any shared memory allocation required 4096 bytes on
    Windows.
  - Bugfix: nginx worker might be terminated abnormally when using
    the "zone" directive inside the "upstream" block on Windows.

- add upstream signing key and verify source tarball signature

- update to 1.13.3 (boo#1048265)
  - Security: a specially crafted request might result in an
    integer overflow and incorrect processing of ranges in the
    range filter, potentially resulting in sensitive information
    leak (CVE-2017-7529).
- changes from 1.13.2
  - Change: nginx now returns 200 instead of 416 when a range
    starting with 0 is requested from an empty file.
  - Feature: the "add_trailer" directive.  Thanks to Piotr Sikora.
  - Bugfix: nginx could not be built on Cygwin and NetBSD; the bug
    had appeared in 1.13.0.
  - Bugfix: nginx could not be built under MSYS2 / MinGW 64-bit.
    Thanks to Orgad Shaneh.
  - Bugfix: a segmentation fault might occur in a worker process
    when using SSI with many includes and proxy_pass with
    variables.
  - Bugfix: in the ngx_http_v2_module.  Thanks to Piotr Sikora.
- update nginx-rtmp-module to 1.2.0:
  - DASH improvements
  - OpenSSL 1.1 compatibility

- update to 1.13.1
  - Feature: now a hostname can be used as the "set_real_ip_from"
    directive parameter.
  - Feature: vim syntax highlighting scripts improvements.
  - Feature: the "worker_cpu_affinity" directive now works on
    DragonFly BSD.  Thanks to Sepherosa Ziehau.
  - Bugfix: SSL renegotiation on backend connections did not work
    when using OpenSSL before 1.1.0.
  - Workaround: nginx could not be built with Oracle Developer
    Studio 12.5.
  - Workaround: now cache manager ignores long locked cache entries
    when cleaning cache based on the "max_size" parameter.
  - Bugfix: client SSL connections were immediately closed if
    deferred accept and the "proxy_protocol" parameter of the
    "listen" directive were used.
  - Bugfix: in the "proxy_cache_background_update" directive.
  - Workaround: now the "tcp_nodelay" directive sets the
    TCP_NODELAY option before an SSL handshake.
- changes from 1.13.0
  - Change: SSL renegotiation is now allowed on backend
    connections.
  - Feature: the "rcvbuf" and "sndbuf" parameters of the "listen"
    directives of the mail proxy and stream modules.
  - Feature: the "return" and "error_page" directives can now be
    used to return 308 redirections.  Thanks to Simon Leblanc.
  - Feature: the "TLSv1.3" parameter of the "ssl_protocols"
    directive.
  - Feature: when logging signals nginx now logs PID of the process
    which sent the signal.
  - Bugfix: in memory allocation error handling.
  - Bugfix: if a server in the stream module listened on a wildcard
    address, the source address of a response UDP datagram could
    differ from the original datagram destination address.

- update to 1.12.0
  - Feature: the "http_429" parameter of the "proxy_next_upstream",
    "fastcgi_next_upstream", "scgi_next_upstream", and
    "uwsgi_next_upstream" directives.
    Thanks to Piotr Sikora.
  - Bugfix: in memory allocation error handling.
  - Bugfix: requests might hang when using the "sendfile" and
    "timer_resolution" directives on Linux.
  - Bugfix: requests might hang when using the "sendfile" and "aio_write"
    directives with subrequests.
  - Bugfix: in the ngx_http_v2_module.
    Thanks to Piotr Sikora.
  - Bugfix: a segmentation fault might occur in a worker process when
    using HTTP/2.
  - Bugfix: requests might hang when using the "limit_rate",
    "sendfile_max_chunk", "limit_req" directives, or the $r->sleep()
    embedded perl method with subrequests.
  - Bugfix: in the ngx_http_slice_module.

- update to 1.11.12
  - Bugfix: nginx might hog CPU; the bug had appeared in 1.11.11.
- update to 1.11.11
  - Feature: the "worker_shutdown_timeout" directive.
  - Feature: vim syntax highlighting scripts improvements.  Thanks
    to Wei-Ko Kao.
  - Bugfix: a segmentation fault might occur in a worker process if
    the $limit_rate variable was set to an empty string.
  - Bugfix: the "proxy_cache_background_update",
    "fastcgi_cache_background_update",
    "scgi_cache_background_update", and
    "uwsgi_cache_background_update" directives might work
    incorrectly if the "if" directive was used.
  - Bugfix: a segmentation fault might occur in a worker process if
    number of large_client_header_buffers in a virtual server was
    different from the one in the default server.
  - Bugfix: in the mail proxy server.

- update to 1.11.10
  - Change: cache header format has been changed, previously cached
    responses will be invalidated.
  - Feature: support of "stale-while-revalidate" and
    "stale-if-error" extensions in the "Cache-Control" backend
    response header line.
  - Feature: the "proxy_cache_background_update",
    "fastcgi_cache_background_update",
    "scgi_cache_background_update", and
    "uwsgi_cache_background_update" directives.
  - Feature: nginx is now able to cache responses with the "Vary"
    header line up to 128 characters long (instead of 42 characters
    in previous versions).
  - Feature: the "build" parameter of the "server_tokens"
    directive.  Thanks to Tom Thorogood.
  - Bugfix: "[crit] SSL_write() failed" messages might appear in
    logs when handling requests with the "Expect: 100-continue"
    request header line.
  - Bugfix: the ngx_http_slice_module did not work in named
    locations.
  - Bugfix: a segmentation fault might occur in a worker process
    when using AIO after an "X-Accel-Redirect" redirection.
  - Bugfix: reduced memory consumption for long-lived requests
    using gzipping.

- update to 1.11.9
  - Bugfix: nginx might hog CPU when using the stream module; the
    bug had appeared in 1.11.5.
  - Bugfix: EXTERNAL authentication mechanism in mail proxy was
    accepted even if it was not enabled in the configuration.
  - Bugfix: a segmentation fault might occur in a worker process if
    the "ssl_verify_client" directive of the stream module was
    used.
  - Bugfix: the "ssl_verify_client" directive of the stream module
    might not work.
  - Bugfix: closing keepalive connections due to no free worker
    connections might be too aggressive.  Thanks to Joel
    Cunningham.
  - Bugfix: an incorrect response might be returned when using the
    "sendfile" directive on FreeBSD and macOS; the bug had appeared
    in 1.7.8.
  - Bugfix: a truncated response might be stored in cache when
    using the "aio_write" directive.
  - Bugfix: a socket leak might occur when using the "aio_write"
    directive.

- update to 1.11.8
  - Feature: the "absolute_redirect" directive.
  - Feature: the "escape" parameter of the "log_format" directive.
  - Feature: client SSL certificates verification in the stream
    module.
  - Feature: the "ssl_session_ticket_key" directive supports AES256
    encryption of TLS session tickets when used with 80-byte keys.
  - Feature: vim-commentary support in vim scripts.  Thanks to
    Armin Grodon.
  - Bugfix: recursion when evaluating variables was not limited.
  - Bugfix: in the ngx_stream_ssl_preread_module.
  - Bugfix: if a server in an upstream in the stream module failed,
    it was considered alive only when a test connection sent to it
    after fail_timeout was closed; now a successfully established
    connection is enough.
  - Bugfix: nginx/Windows could not be built with 64-bit Visual
    Studio.
  - Bugfix: nginx/Windows could not be built with OpenSSL 1.1.0.
- changes in 1.11.7
  - Change: now in case of a client certificate verification error
    the $ssl_client_verify variable contains a string with the
    failure reason, for example, "FAILED:certificate has expired".
  - Feature: the $ssl_ciphers, $ssl_curves, $ssl_client_v_start,
    $ssl_client_v_end, and $ssl_client_v_remain variables.
  - Feature: the "volatile" parameter of the "map" directive.
  - Bugfix: dependencies specified for a module were ignored while
    building dynamic modules.
  - Bugfix: when using HTTP/2 and the "limit_req" or "auth_request"
    directives client request body might be corrupted; the bug had
    appeared in 1.11.0.
  - Bugfix: a segmentation fault might occur in a worker process
    when using HTTP/2; the bug had appeared in 1.11.3.
  - Bugfix: in the ngx_http_mp4_module.  Thanks to Congcong Hu.
  - Bugfix: in the ngx_http_perl_module.
- changes in 1.11.6
  - Change: format of the $ssl_client_s_dn and $ssl_client_i_dn
    variables has been changed to follow RFC 2253 (RFC 4514);
    values in the old format are available in the
    $ssl_client_s_dn_legacy and $ssl_client_i_dn_legacy variables.
  - Change: when storing temporary files in a cache directory they
    will be stored in the same subdirectories as corresponding
    cache files instead of a separate subdirectory for temporary
    files.
  - Feature: EXTERNAL authentication mechanism support in mail
    proxy.  Thanks to Robert Norris.
  - Feature: WebP support in the ngx_http_image_filter_module.
  - Feature: variables support in the "proxy_method" directive.
    Thanks to Dmitry Lazurkin.
  - Feature: the "http2_max_requests" directive in the
    ngx_http_v2_module.
  - Feature: the "proxy_cache_max_range_offset",
    "fastcgi_cache_max_range_offset",
    "scgi_cache_max_range_offset", and
    "uwsgi_cache_max_range_offset" directives.
  - Bugfix: graceful shutdown of old worker processes might require
    infinite time when using HTTP/2.
  - Bugfix: in the ngx_http_mp4_module.
  - Bugfix: "ignore long locked inactive cache entry" alerts might
    appear in logs when proxying WebSocket connections with caching
    enabled.
  - Bugfix: nginx did not write anything to log and returned a
    response with code 502 instead of 504 when a timeout occurred
    during an SSL handshake to a backend.
- changes in 1.11.5
  - Change: the --with-ipv6 configure option was removed, now IPv6
    support is configured automatically.
  - Change: now if there are no available servers in an upstream,
    nginx will not reset number of failures of all servers as it
    previously did, but will wait for fail_timeout to expire.
  - Feature: the ngx_stream_ssl_preread_module.
  - Feature: the "server" directive in the "upstream" context
    supports the "max_conns" parameter.
  - Feature: the --with-compat configure option.
  - Feature: "manager_files", "manager_threshold", and
    "manager_sleep" parameters of the "proxy_cache_path",
    "fastcgi_cache_path", "scgi_cache_path", and "uwsgi_cache_path"
    directives.
  - Bugfix: flags passed by the --with-ld-opt configure option were
    not used while building perl module.
  - Bugfix: in the "add_after_body" directive when used with the
    "sub_filter" directive.
  - Bugfix: in the $realip_remote_addr variable.
  - Bugfix: the "dav_access", "proxy_store_access",
    "fastcgi_store_access", "scgi_store_access", and
    "uwsgi_store_access" directives ignored permissions specified
    for user.
  - Bugfix: unix domain listen sockets might not be inherited
    during binary upgrade on Linux.
  - Bugfix: nginx returned the 400 response on requests with the
    "-" character in the HTTP method.
- update headers-more-nginx-module 0.32
  - tests: skipped the newly added test case that cannot run in
    check leak test mode.
  - bugfix: more_set_input_headers: skips setting multi-value
    headers for bad requests to avoid segfaults.
  - skipped check leak mode for two test cases using malformed
    requests.
  - doc: claims that we work with 1.10.x since it is essentially
    the same as 1.9.x.
  - bugfix: fixed a typo in an error message.
  - bugfix: when the nginx core does not properly initialize
    r->headers_in.headers (due to 400 bad requests and etc),
    more_set_input_headers might lead to crashes. thanks Marcin
    Teodorczyk for the report.
- update nginx-rtmp-module 1.1.10
  - support for nginx 1.11.5-style cache-manager
- update patches to apply cleanly again
  check_1.9.2+.patch
  nginx-1.6.1-default_config.patch