Package Release Info

nginx-1.14.2-16.1

Update Info: openSUSE-2019-195
Available in Package Hub : 12 GA-SP5

platforms

AArch64
ppc64le
s390x
x86-64

subpackages

nginx
vim-plugin-nginx

Change Logs

* Tue Feb 05 2019 achernikov@suse.com
- Changes with nginx 1.14.2
  - Bugfix: nginx could not be built by gcc 8.1.
  - Bugfix: nginx could not be built on Fedora 28 Linux.
  - Bugfix: in handling of client addresses when using unix domain
    listen sockets to work with datagrams on Linux.
  - Change: the logging level of the "http request", "https proxy
    request", "unsupported protocol", "version too low",
    "no suitable key share", and "no suitable signature algorithm"
    SSL errors has been lowered from "crit" to "info".
  - Bugfix: when using OpenSSL 1.1.0 or newer it was not possible
    to switch off "ssl_prefer_server_ciphers" in a virtual server
    if it was switched on in the default server.
  - Bugfix: nginx could not be built with LibreSSL 2.8.0.
  - Bugfix: if nginx was built with OpenSSL 1.1.0 and used with
    OpenSSL 1.1.1, the TLS 1.3 protocol was always enabled.
  - Bugfix: sending a disk-buffered request body to a gRPC backend
    might fail.
  - Bugfix: connections with some gRPC backends might not be cached when
    using the "keepalive" directive.
  - Bugfix: a segmentation fault might occur in a worker process if the
    ngx_http_mp4_module was used on 32-bit platforms.
- Changes with nginx 1.14.1
  - Security: when using HTTP/2 a client might cause excessive memory
    consumption (CVE-2018-16843 bsc#1115022) and CPU usage (CVE-2018-16844 bsc#1115025).
  - Security: processing of a specially crafted mp4 file with the
    ngx_http_mp4_module might result in worker process memory disclosure
    (CVE-2018-16845 bsc#1115015).
  - Bugfix: working with gRPC backends might result in excessive memory
    consumption.
- Changes with nginx 1.14.0
  - 1.14.x stable branch.
- Changes with nginx 1.13.12
  - Bugfix: connections with gRPC backends might be closed unexpectedly
    when returning a large response.
- Changes with nginx 1.13.10
  - Feature: the "set" parameter of the "include" SSI
    directive now allows writing arbitrary responses to a
    variable; the "subrequest_output_buffer_size" directive
    defines maximum response size.
  - Feature: now nginx uses clock_gettime(CLOCK_MONOTONIC) if available,
    to avoid timeouts being incorrectly triggered on system time changes.
  - Feature: the "escape=none" parameter of the "log_format" directive.
    Thanks to Johannes Baiter and Calin Don.
  - Feature: the $ssl_preread_alpn_protocols variable in the
    ngx_stream_ssl_preread_module.
  - Feature: the ngx_http_grpc_module.
  - Bugfix: in memory allocation error handling in the "geo" directive.
  - Bugfix: when using variables in the "auth_basic_user_file" directive
    a null character might appear in logs.
    Thanks to Vadim Filimonov.
Version: 1.13.9-12.1
* Wed Feb 21 2018 mrueckert@suse.de
- update rmtp module to 1.2.1
  - just commenting all places where we fallthrough conditionals
* Wed Feb 21 2018 mrueckert@suse.de
- update headers more to 0.33
  - feature: add wildcard match support for
    more_clear_input_headers.
* Wed Feb 21 2018 mrueckert@suse.de
- update fancyindex module to 0.4.2
  This release contains an important fix which can cause Nginx to
  crash when a directory contains zero-sized (empty) files. This
  bug has been present in all previous releases, and all users are
  strongly encouraged to update to version 0.4.2.
  https://github.com/aperezdc/ngx-fancyindex/releases/tag/v0.4.2
* Wed Feb 21 2018 mrueckert@suse.de
- changes from 1.13.9
  - Feature: HTTP/2 server push support; the "http2_push" and
    "http2_push_preload" directives.
  - Bugfix: "header already sent" alerts might appear in logs when
    using cache; the bug had appeared in 1.9.13.
  - Bugfix: a segmentation fault might occur in a worker process if
    the "ssl_verify_client" directive was used and no SSL
    certificate was specified in a virtual server.
  - Bugfix: in the ngx_http_v2_module.
  - Bugfix: in the ngx_http_dav_module.
- updates from 1.13.8
  - Feature: now nginx automatically preserves the CAP_NET_RAW
    capability in worker processes when using the "transparent"
    parameter of the "proxy_bind", "fastcgi_bind",
    "memcached_bind", "scgi_bind", and "uwsgi_bind" directives.
  - Feature: improved CPU cache line size detection. Thanks to
    Debayan Ghosh.
  - Feature: new directives in vim syntax highlighting scripts.
    Thanks to Gena Makhomed.
  - Bugfix: binary upgrade refused to work if nginx was re-parented
    to a process with PID different from 1 after its parent process
    has finished.
  - Bugfix: the ngx_http_autoindex_module incorrectly handled
    requests with bodies.
  - Bugfix: in the "proxy_limit_rate" directive when used with the
    "keepalive" directive.
  - Bugfix: some parts of a response might be buffered when using
    "proxy_buffering off" if the client connection used SSL.
    Thanks to Patryk Lesiewicz.
  - Bugfix: in the "proxy_cache_background_update" directive.
  - Bugfix: it was not possible to start a parameter with a
    variable in the "${name}" form with the name in curly brackets
    without enclosing the parameter into single or double quotes.
* Wed Feb 07 2018 achernikov@suse.com
- Install /etc/nginx/conf.d directory for custom user configuration
  files
* Wed Feb 07 2018 achernikov@suse.com
- Install /etc/nginx/vhosts.d directory for default installation
  to house custom virtual hosts configuration files
* Mon Dec 18 2017 avindra@opensuse.org
- update to version 1.13.7
  - Bugfix: in the $upstream_status variable.
  - Bugfix: a segmentation fault might occur in a worker process
    if a backend returned a "101 Switching Protocols" response to
    a subrequest.
  - Bugfix: a segmentation fault occurred in a master process if a
    shared memory zone size was changed during a reconfiguration
    and the reconfiguration failed.
  - Bugfix: in the ngx_http_fastcgi_module.
  - Bugfix: nginx returned the 500 error if parameters without
    variables were specified in the "xslt_stylesheet" directive.
  - Workaround: "gzip filter failed to use preallocated memory"
    alerts appeared in logs when using a zlib library variant
    from Intel.
  - Bugfix: the "worker_shutdown_timeout" directive did not work
    when using mail proxy and when proxying WebSocket connections.
- partial cleanup with spec-cleaner
* Thu Oct 12 2017 mrueckert@suse.de
- update to 1.13.6
  - Bugfix: switching to the next upstream server in the stream
    module did not work when using the "ssl_preread" directive.
  - Bugfix: in the ngx_http_v2_module.  Thanks to Piotr Sikora.
  - Bugfix: nginx did not support dates after the year 2038 on
    32-bit platforms with 64-bit time_t.
  - Bugfix: in handling of dates prior to the year 1970 and after
    the year 10000.
  - Bugfix: in the stream module timeouts waiting for UDP datagrams
    from upstream servers were not logged or logged at the "info"
    level instead of "error".
  - Bugfix: when using HTTP/2 nginx might return the 400 response
    without logging the reason.
  - Bugfix: in processing of corrupted cache files.
  - Bugfix: cache control headers were ignored when caching errors
    intercepted by error_page.
  - Bugfix: when using HTTP/2 client request body might be
    corrupted.
  - Bugfix: in handling of client addresses when using unix domain
    sockets.
  - Bugfix: nginx hogged CPU when using the "hash ... consistent"
    directive in the upstream block if large weights were used and
    all or most of the servers were unavailable.
* Fri Oct 06 2017 mrueckert@suse.de
- extra modules were enabled on sles due to a typo
* Thu Oct 05 2017 achernikov@suse.com
- Submit nginx to SLES to become a http server for RMT(Repository
  mirroring tool) [fate#323994, bsc#1059685, boo#1057831]
* Fri Sep 22 2017 mrueckert@suse.de
- disable extra modules on sle
* Sat Sep 16 2017 mrueckert@suse.de
- update to 1.13.5
  - Feature: the $ssl_client_escaped_cert variable.
  - Bugfix: the "ssl_session_ticket_key" directive and the
    "include" parameter of the "geo" directive did not work on
    Windows.
  - Bugfix: incorrect response length was returned on 32-bit
    platforms when requesting more than 4 gigabytes with multiple
    ranges.
  - Bugfix: the "expires modified" directive and processing of the
    "If-Range" request header line did not use the response last
    modification time if proxying without caching was used.
- changes from 1.13.4
  - Feature: the ngx_http_mirror_module.
  - Bugfix: client connections might be dropped during
    configuration testing when using the "reuseport" parameter of
    the "listen" directive on Linux.
  - Bugfix: request body might not be available in subrequests if
    it was saved to a file and proxying was used.
  - Bugfix: cleaning cache based on the "max_size" parameter did
    not work on Windows.
  - Bugfix: any shared memory allocation required 4096 bytes on
    Windows.
  - Bugfix: nginx worker might be terminated abnormally when using
    the "zone" directive inside the "upstream" block on Windows.
* Fri Sep 08 2017 astieger@suse.com
- add upstream signing key and verify source tarball signature
* Mon Jul 17 2017 mrueckert@suse.de
- update to 1.13.3 (boo#1048265)
  - Security: a specially crafted request might result in an
    integer overflow and incorrect processing of ranges in the
    range filter, potentially resulting in sensitive information
    leak (CVE-2017-7529).
- changes from 1.13.2
  - Change: nginx now returns 200 instead of 416 when a range
    starting with 0 is requested from an empty file.
  - Feature: the "add_trailer" directive.  Thanks to Piotr Sikora.
  - Bugfix: nginx could not be built on Cygwin and NetBSD; the bug
    had appeared in 1.13.0.
  - Bugfix: nginx could not be built under MSYS2 / MinGW 64-bit.
    Thanks to Orgad Shaneh.
  - Bugfix: a segmentation fault might occur in a worker process
    when using SSI with many includes and proxy_pass with
    variables.
  - Bugfix: in the ngx_http_v2_module.  Thanks to Piotr Sikora.
- update nginx-rtmp-module to 1.2.0:
  - DASH improvements
  - OpenSSL 1.1 compatibility
* Thu Jun 01 2017 mrueckert@suse.de
- update to 1.13.1
  - Feature: now a hostname can be used as the "set_real_ip_from"
    directive parameter.
  - Feature: vim syntax highlighting scripts improvements.
  - Feature: the "worker_cpu_affinity" directive now works on
    DragonFly BSD.  Thanks to Sepherosa Ziehau.
  - Bugfix: SSL renegotiation on backend connections did not work
    when using OpenSSL before 1.1.0.
  - Workaround: nginx could not be built with Oracle Developer
    Studio 12.5.
  - Workaround: now cache manager ignores long locked cache entries
    when cleaning cache based on the "max_size" parameter.
  - Bugfix: client SSL connections were immediately closed if
    deferred accept and the "proxy_protocol" parameter of the
    "listen" directive were used.
  - Bugfix: in the "proxy_cache_background_update" directive.
  - Workaround: now the "tcp_nodelay" directive sets the
    TCP_NODELAY option before an SSL handshake.
- changes from 1.13.0
  - Change: SSL renegotiation is now allowed on backend
    connections.
  - Feature: the "rcvbuf" and "sndbuf" parameters of the "listen"
    directives of the mail proxy and stream modules.
  - Feature: the "return" and "error_page" directives can now be
    used to return 308 redirections.  Thanks to Simon Leblanc.
  - Feature: the "TLSv1.3" parameter of the "ssl_protocols"
    directive.
  - Feature: when logging signals nginx now logs PID of the process
    which sent the signal.
  - Bugfix: in memory allocation error handling.
  - Bugfix: if a server in the stream module listened on a wildcard
    address, the source address of a response UDP datagram could
    differ from the original datagram destination address.
* Sun Apr 09 2017 michael@stroeder.com
- update to 1.12.0
  - Feature: the "http_429" parameter of the "proxy_next_upstream",
    "fastcgi_next_upstream", "scgi_next_upstream", and
    "uwsgi_next_upstream" directives.
    Thanks to Piotr Sikora.
  - Bugfix: in memory allocation error handling.
  - Bugfix: requests might hang when using the "sendfile" and
    "timer_resolution" directives on Linux.
  - Bugfix: requests might hang when using the "sendfile" and "aio_write"
    directives with subrequests.
  - Bugfix: in the ngx_http_v2_module.
    Thanks to Piotr Sikora.
  - Bugfix: a segmentation fault might occur in a worker process when
    using HTTP/2.
  - Bugfix: requests might hang when using the "limit_rate",
    "sendfile_max_chunk", "limit_req" directives, or the $r->sleep()
    embedded perl method with subrequests.
  - Bugfix: in the ngx_http_slice_module.
* Wed Mar 29 2017 mrueckert@suse.de
- update to 1.11.12
  - Bugfix: nginx might hog CPU; the bug had appeared in 1.11.11.
- update to 1.11.11
  - Feature: the "worker_shutdown_timeout" directive.
  - Feature: vim syntax highlighting scripts improvements.  Thanks
    to Wei-Ko Kao.
  - Bugfix: a segmentation fault might occur in a worker process if
    the $limit_rate variable was set to an empty string.
  - Bugfix: the "proxy_cache_background_update",
    "fastcgi_cache_background_update",
    "scgi_cache_background_update", and
    "uwsgi_cache_background_update" directives might work
    incorrectly if the "if" directive was used.
  - Bugfix: a segmentation fault might occur in a worker process if
    number of large_client_header_buffers in a virtual server was
    different from the one in the default server.
  - Bugfix: in the mail proxy server.
* Tue Feb 28 2017 mrueckert@suse.de
- update to 1.11.10
  - Change: cache header format has been changed, previously cached
    responses will be invalidated.
  - Feature: support of "stale-while-revalidate" and
    "stale-if-error" extensions in the "Cache-Control" backend
    response header line.
  - Feature: the "proxy_cache_background_update",
    "fastcgi_cache_background_update",
    "scgi_cache_background_update", and
    "uwsgi_cache_background_update" directives.
  - Feature: nginx is now able to cache responses with the "Vary"
    header line up to 128 characters long (instead of 42 characters
    in previous versions).
  - Feature: the "build" parameter of the "server_tokens"
    directive.  Thanks to Tom Thorogood.
  - Bugfix: "[crit] SSL_write() failed" messages might appear in
    logs when handling requests with the "Expect: 100-continue"
    request header line.
  - Bugfix: the ngx_http_slice_module did not work in named
    locations.
  - Bugfix: a segmentation fault might occur in a worker process
    when using AIO after an "X-Accel-Redirect" redirection.
  - Bugfix: reduced memory consumption for long-lived requests
    using gzipping.
* Mon Jan 30 2017 mrueckert@suse.de
- update to 1.11.9
  - Bugfix: nginx might hog CPU when using the stream module; the
    bug had appeared in 1.11.5.
  - Bugfix: EXTERNAL authentication mechanism in mail proxy was
    accepted even if it was not enabled in the configuration.
  - Bugfix: a segmentation fault might occur in a worker process if
    the "ssl_verify_client" directive of the stream module was
    used.
  - Bugfix: the "ssl_verify_client" directive of the stream module
    might not work.
  - Bugfix: closing keepalive connections due to no free worker
    connections might be too aggressive.  Thanks to Joel
    Cunningham.
  - Bugfix: an incorrect response might be returned when using the
    "sendfile" directive on FreeBSD and macOS; the bug had appeared
    in 1.7.8.
  - Bugfix: a truncated response might be stored in cache when
    using the "aio_write" directive.
  - Bugfix: a socket leak might occur when using the "aio_write"
    directive.
* Sat Jan 07 2017 mrueckert@suse.de
- update to 1.11.8
  - Feature: the "absolute_redirect" directive.
  - Feature: the "escape" parameter of the "log_format" directive.
  - Feature: client SSL certificates verification in the stream
    module.
  - Feature: the "ssl_session_ticket_key" directive supports AES256
    encryption of TLS session tickets when used with 80-byte keys.
  - Feature: vim-commentary support in vim scripts.  Thanks to
    Armin Grodon.
  - Bugfix: recursion when evaluating variables was not limited.
  - Bugfix: in the ngx_stream_ssl_preread_module.
  - Bugfix: if a server in an upstream in the stream module failed,
    it was considered alive only when a test connection sent to it
    after fail_timeout was closed; now a successfully established
    connection is enough.
  - Bugfix: nginx/Windows could not be built with 64-bit Visual
    Studio.
  - Bugfix: nginx/Windows could not be built with OpenSSL 1.1.0.
- changes in 1.11.7
  - Change: now in case of a client certificate verification error
    the $ssl_client_verify variable contains a string with the
    failure reason, for example, "FAILED:certificate has expired".
  - Feature: the $ssl_ciphers, $ssl_curves, $ssl_client_v_start,
    $ssl_client_v_end, and $ssl_client_v_remain variables.
  - Feature: the "volatile" parameter of the "map" directive.
  - Bugfix: dependencies specified for a module were ignored while
    building dynamic modules.
  - Bugfix: when using HTTP/2 and the "limit_req" or "auth_request"
    directives client request body might be corrupted; the bug had
    appeared in 1.11.0.
  - Bugfix: a segmentation fault might occur in a worker process
    when using HTTP/2; the bug had appeared in 1.11.3.
  - Bugfix: in the ngx_http_mp4_module.  Thanks to Congcong Hu.
  - Bugfix: in the ngx_http_perl_module.
- changes in 1.11.6
  - Change: format of the $ssl_client_s_dn and $ssl_client_i_dn
    variables has been changed to follow RFC 2253 (RFC 4514);
    values in the old format are available in the
    $ssl_client_s_dn_legacy and $ssl_client_i_dn_legacy variables.
  - Change: when storing temporary files in a cache directory they
    will be stored in the same subdirectories as corresponding
    cache files instead of a separate subdirectory for temporary
    files.
  - Feature: EXTERNAL authentication mechanism support in mail
    proxy.  Thanks to Robert Norris.
  - Feature: WebP support in the ngx_http_image_filter_module.
  - Feature: variables support in the "proxy_method" directive.
    Thanks to Dmitry Lazurkin.
  - Feature: the "http2_max_requests" directive in the
    ngx_http_v2_module.
  - Feature: the "proxy_cache_max_range_offset",
    "fastcgi_cache_max_range_offset",
    "scgi_cache_max_range_offset", and
    "uwsgi_cache_max_range_offset" directives.
  - Bugfix: graceful shutdown of old worker processes might require
    infinite time when using HTTP/2.
  - Bugfix: in the ngx_http_mp4_module.
  - Bugfix: "ignore long locked inactive cache entry" alerts might
    appear in logs when proxying WebSocket connections with caching
    enabled.
  - Bugfix: nginx did not write anything to log and returned a
    response with code 502 instead of 504 when a timeout occurred
    during an SSL handshake to a backend.
- changes in 1.11.5
  - Change: the --with-ipv6 configure option was removed, now IPv6
    support is configured automatically.
  - Change: now if there are no available servers in an upstream,
    nginx will not reset number of failures of all servers as it
    previously did, but will wait for fail_timeout to expire.
  - Feature: the ngx_stream_ssl_preread_module.
  - Feature: the "server" directive in the "upstream" context
    supports the "max_conns" parameter.
  - Feature: the --with-compat configure option.
  - Feature: "manager_files", "manager_threshold", and
    "manager_sleep" parameters of the "proxy_cache_path",
    "fastcgi_cache_path", "scgi_cache_path", and "uwsgi_cache_path"
    directives.
  - Bugfix: flags passed by the --with-ld-opt configure option were
    not used while building perl module.
  - Bugfix: in the "add_after_body" directive when used with the
    "sub_filter" directive.
  - Bugfix: in the $realip_remote_addr variable.
  - Bugfix: the "dav_access", "proxy_store_access",
    "fastcgi_store_access", "scgi_store_access", and
    "uwsgi_store_access" directives ignored permissions specified
    for user.
  - Bugfix: unix domain listen sockets might not be inherited
    during binary upgrade on Linux.
  - Bugfix: nginx returned the 400 response on requests with the
    "-" character in the HTTP method.
- update headers-more-nginx-module 0.32
  - tests: skipped the newly added test case that cannot run in
    check leak test mode.
  - bugfix: more_set_input_headers: skips setting multi-value
    headers for bad requests to avoid segfaults.
  - skipped check leak mode for two test cases using malformed
    requests.
  - doc: claims that we work with 1.10.x since it is essentially
    the same as 1.9.x.
  - bugfix: fixed a typo in an error message.
  - bugfix: when the nginx core does not properly initialize
    r->headers_in.headers (due to 400 bad requests and etc),
    more_set_input_headers might lead to crashes. thanks Marcin
    Teodorczyk for the report.
- update nginx-rtmp-module 1.1.10
  - support for nginx 1.11.5-style cache-manager
- update patches to apply cleanly again
  check_1.9.2+.patch
  nginx-1.6.1-default_config.patch