File nginx.changes of Package nginx
-------------------------------------------------------------------
Mon Oct 7 10:20:49 UTC 2013 - lslezak@suse.cz
- updated passenger patch to apply (Utils/MD5.h patch is not needed
anymore, fixed upstream)
-------------------------------------------------------------------
Wed Aug 14 08:09:51 UTC 2013 - lslezak@suse.cz
- enable back passenger support (needed by WebYast)
-------------------------------------------------------------------
Mon Jul 22 20:27:56 UTC 2013 - crrodriguez@opensuse.org
- Fix PIE build and linkage, must use --with-ld-opt
-------------------------------------------------------------------
Mon Jul 22 19:56:44 UTC 2013 - crrodriguez@opensuse.org
- Update to version 1.4.2 stable
* The list of changes is massive and it wont fit here see
http://nginx.org/en/CHANGES-1.4. packaging changes follow.
- Enable the SPDY module on distributions that ship openssl >= 1.0.1
- Build with full RELRO and PIE.
- systemd unit:
* remove syslog.target that no longer exists
* set PrivateTmp to true
* Make it a non-forking service.
-------------------------------------------------------------------
Mon Jul 1 13:46:16 UTC 2013 - schwab@suse.de
- nginx-aio.patch: fix AIO support for asm-generic platforms
- Fix quilt setup
-------------------------------------------------------------------
Wed Jun 26 12:37:22 UTC 2013 - coolo@suse.com
- since passenger 4.0 the nginx extensions does not build, so disable
it
-------------------------------------------------------------------
Fri May 24 12:24:35 UTC 2013 - suse@ammler.ch
- update to 1.2.9
*) Security: contents of worker process memory might be sent to a client
if HTTP backend returned specially crafted response (CVE-2013-2070);
the bug had appeared in 1.1.4. (bnc#821184)
-------------------------------------------------------------------
Tue Apr 16 12:04:35 UTC 2013 - suse@ammler.ch
- update to 1.2.8
*) Bugfix: new sessions were not always stored if the "ssl_session_cache
shared" directive was used and there was no free space in shared
memory.
*) Bugfix: responses might hang if subrequests were used and a DNS error
happened during subrequest processing.
*) Bugfix: in the ngx_http_mp4_module.
*) Bugfix: in backend usage accounting.
-------------------------------------------------------------------
Tue Apr 9 08:45:55 UTC 2013 - coolo@suse.com
- remove workaround breaking things
-------------------------------------------------------------------
Thu Mar 21 06:50:21 UTC 2013 - e.istomin@edss.ee
- updated to 1.2.7
*) Bugfix: a segmentation fault might occur in a worker process if the
"if" directive was used.
Thanks to Piotr Sikora.
*) Bugfix: a "100 Continue" response was issued with "413 Request Entity
Too Large" responses.
*) Bugfix: the "[crit] SSL_write() failed (SSL:)" error.
- added mp4 module (--with-http_mp4_module)
-------------------------------------------------------------------
Mon Jan 7 20:24:52 UTC 2013 - jengelh@inai.de
- Parallel building with %_smp_mflags; remove redundant %clean section
-------------------------------------------------------------------
Mon Dec 17 10:32:12 UTC 2012 - suse@ammler.ch
- update to 1.2.6
*) Feature: the $request_time and $msec variables can now be used not
only in the "log_format" directive.
*) Bugfix: cache manager and cache loader processes might not be able to
start if more than 512 listen sockets were used.
*) Bugfix: in the ngx_http_dav_module.
-------------------------------------------------------------------
Wed Dec 5 12:09:58 UTC 2012 - opensuse@dschung.de
- add Provides: httpd and http_daemon, so a "Requires: httpd"
or "Suggests: httpd" doesn't only resolve to apache2
-------------------------------------------------------------------
Wed Nov 21 18:07:33 UTC 2012 - suse@ammler.ch
- revert permission for /var/log/nginx so reopen is possible (bnc#790726)
-------------------------------------------------------------------
Wed Nov 14 14:47:52 UTC 2012 - suse@ammler.ch
- update to 1.2.5
*) Feature: the "optional_no_ca" parameter of the "ssl_verify_client"
directive.
*) Feature: the $bytes_sent, $connection, and $connection_requests
variables can now be used not only in the "log_format" directive.
*) Feature: resolver now randomly rotates addresses returned from cache.
*) Feature: the "auto" parameter of the "worker_processes" directive.
*) Bugfix: "cache file ... has md5 collision" alert.
*) Bugfix: OpenSSL 0.9.7 compatibility.
-------------------------------------------------------------------
Wed Oct 24 08:14:06 UTC 2012 - suse@ammler.ch
- reenable passenger (required by webyast, was silently disabled)
- /var/log/nginx/ should belong to root (rpmlint issue)
- Recommends: logrotate (rpmlint issue)
- no need to keep default configs
- change FSF from postal to url address (rpmlint issue)
-------------------------------------------------------------------
Thu Oct 11 14:53:37 UTC 2012 - suse@ammler.ch
- remove version from package name
- update to 1.2.4
*) Bugfix: in the "limit_req" directive; the bug had appeared in 1.1.14.
Thanks to Charles Chen.
*) Bugfix: nginx could not be built by gcc 4.7 with -O2 optimization if
the --with-ipv6 option was used.
*) Bugfix: a segmentation fault might occur in a worker process if the
"map" directive was used with variables as values.
*) Bugfix: a segmentation fault might occur in a worker process if the
"geo" directive was used with the "ranges" parameter but without the
"default" parameter; the bug had appeared in 0.8.43.
Thanks to Zhen Chen and Weibin Yao.
*) Bugfix: in the -p command-line parameter handling.
*) Bugfix: in the mail proxy server.
*) Bugfix: of minor potential bugs.
Thanks to Coverity.
- Changes with nginx 1.2.3
*) Feature: the Clang compiler support.
*) Bugfix: extra listening sockets might be created.
Thanks to Roman Odaisky.
*) Bugfix: the "proxy_pass_header", "fastcgi_pass_header",
"scgi_pass_header", "uwsgi_pass_header", "proxy_hide_header",
"fastcgi_hide_header", "scgi_hide_header", and "uwsgi_hide_header"
directives might be inherited incorrectly.
*) Bugfix: trailing dot in a source value was not ignored if the "map"
directive was used with the "hostnames" parameter.
*) Bugfix: incorrect location might be used to process a request if a
URI was changed via a "rewrite" directive before an internal redirect
to a named location.
- update patch perl_vendor_install
-------------------------------------------------------------------
Sat Jul 21 02:41:34 UTC 2012 - crrodriguez@opensuse.org
- Update to version 1,2,2
- Enable only the epoll event model.
-------------------------------------------------------------------
Fri Jun 8 17:57:35 UTC 2012 - crrodriguez@opensuse.org
- Update to version 1.2.1; list too long to mention here
see http://nginx.org/en/CHANGES-1.2.
- Add systemd support.
-------------------------------------------------------------------
Tue Jun 5 07:33:42 UTC 2012 - lslezak@suse.cz
- added "BuildRequires: ruby" (needed for %rb_ver macro expansion),
fixes build at Factory
-------------------------------------------------------------------
Mon Apr 16 08:42:51 UTC 2012 - schubi@suse.com
- Update to version 1.0.15
Changes with nginx 1.0.15 12 Apr 2012
*) Security: specially crafted mp4 file might allow to overwrite memory
locations in a worker process if the ngx_http_mp4_module was used,
potentially resulting in arbitrary code execution (CVE-2012-2089).
Thanks to Matthew Daley.
*) Bugfix: in the ngx_http_mp4_module.
-------------------------------------------------------------------
Fri Mar 16 14:16:44 UTC 2012 - schubi@suse.com
- Update to Version 1.0.14
Changes with nginx 1.0.14 15 Mar 2012
*) Security: content of previously freed memory might be sent to a
client if backend returned specially crafted response.
Thanks to Matthew Daley.
-------------------------------------------------------------------
Tue Mar 13 09:49:05 UTC 2012 - schubi@suse.com
- Update to Version 1.0.13
Changes with nginx 1.0.13 05 Mar 2012
*) Feature: the "return" and "error_page" directives can now be used to
return 307 redirections.
*) Bugfix: a segmentation fault might occur in a worker process if the
"resolver" directive was used and there was no "error_log" directive
specified at global level.
Thanks to Roman Arutyunyan.
*) Bugfix: memory leaks.
Thanks to Lanshun Zhou.
*) Bugfix: nginx might log incorrect error "upstream prematurely closed
connection" instead of correct "upstream sent too big header" one.
Thanks to Feibo Li.
*) Bugfix: on ZFS filesystem disk cache size might be calculated
incorrectly; the bug had appeared in 1.0.1.
*) Bugfix: the number of internal redirects to named locations was not
limited.
*) Bugfix: temporary files might be not removed if the "proxy_store"
directive was used with SSI includes.
*) Bugfix: in some cases non-cacheable variables (such as the $args
variable) returned old empty cached value.
*) Bugfix: the "proxy_redirect" directives might be inherited
incorrectly.
*) Bugfix: nginx could not be built with the ngx_http_perl_module if the
--with-openssl option was used.
*) Bugfix: nginx could not be built by the icc 12.1 compiler.
Changes with nginx 1.0.12 06 Feb 2012
*) Feature: the "TLSv1.1" and "TLSv1.2" parameters of the
"ssl_protocols" directive.
*) Feature: the "if" SSI command supports captures in regular
expressions.
*) Bugfix: the "if" SSI command did not work inside the "block" command.
*) Bugfix: in AIO error handling on FreeBSD.
*) Bugfix: in the OpenSSL library initialization.
*) Bugfix: the "worker_cpu_affinity" directive might not work.
*) Bugfix: the "limit_conn_log_level" and "limit_req_log_level"
directives might not work.
*) Bugfix: the "read_ahead" directive might not work combined with
"try_files" and "open_file_cache".
*) Bugfix: the "proxy_cache_use_stale" directive with "error" parameter
did not return answer from cache if there were no live upstreams.
*) Bugfix: a segmentation fault might occur in a worker process if small
time was used in the "inactive" parameter of the "proxy_cache_path"
directive.
*) Bugfix: responses from cache might hang.
*) Bugfix: in error handling while connecting to a backend.
Thanks to Piotr Sikora.
*) Bugfix: in the "epoll" event method.
Thanks to Yichun Zhang.
*) Bugfix: the $sent_http_cache_control variable might contain a wrong
value if the "expires" directive was used.
Thanks to Yichun Zhang.
*) Bugfix: the "limit_rate" directive did not allow to use full
throughput, even if limit value was very high.
*) Bugfix: the "sendfile_max_chunk" directive did not work, if the
"limit_rate" directive was used.
*) Bugfix: nginx could not be built on Solaris; the bug had appeared in
1.0.11.
*) Bugfix: in the ngx_http_scgi_module.
*) Bugfix: in the ngx_http_mp4_module.
Changes with nginx 1.0.11 15 Dec 2011
*) Change: now double quotes are encoded in an "echo" SSI-command
output.
Thanks to Zaur Abasmirzoev.
*) Feature: the "image_filter_sharpen" directive.
*) Bugfix: a segmentation fault might occur in a worker process if SNI
was used; the bug had appeared in 1.0.9.
*) Bugfix: SIGWINCH signal did not work after first binary upgrade; the
bug had appeared in 1.0.9.
*) Bugfix: the "If-Modified-Since", "If-Range", etc. client request
header lines might be passed to backend while caching; or not passed
without caching if caching was enabled in another part of the
configuration.
*) Bugfix: in the "scgi_param" directive, if complex parameters were
used.
*) Bugfix: "add_header" and "expires" directives did not work if a
request was proxied and response status code was 206.
*) Bugfix: in the "expires @time" directive.
*) Bugfix: in the ngx_http_flv_module.
Thanks to Piotr Sikora.
*) Bugfix: in the ngx_http_mp4_module.
*) Bugfix: nginx could not be built on FreeBSD 10.
*) Bugfix: nginx could not be built on AIX.
-------------------------------------------------------------------
Fri Dec 2 14:48:35 UTC 2011 - schubi@suse.com
- 1.0.10 includes a fix for:
Fixed VUL-0: CVE-2011-4315: nginx: heap overflow (bnc #731084)
-------------------------------------------------------------------
Fri Nov 18 12:56:55 UTC 2011 - schubi@suse.com
- Uppstream update to 1.0.10
Changes with nginx 1.0.10
*) Bugfix: a segmentation fault might occur in a worker process if
resolver got a big DNS response.
Thanks to Ben Hawkes.
*) Bugfix: in cache key calculation if internal MD5 implementation was
used; the bug had appeared in 1.0.4.
*) Bugfix: the module ngx_http_mp4_module sent incorrect
"Content-Length" response header line if the "start" argument was
used.
Thanks to Piotr Sikora.
Changes with nginx 1.0.9
*) Change: now the 0x7F-0x1F characters are escaped as \xXX in an
access_log.
*) Change: now SIGWINCH signal works only in daemon mode.
*) Feature: "proxy/fastcgi/scgi/uwsgi_ignore_headers" directives support
the following additional values: X-Accel-Limit-Rate,
X-Accel-Buffering, X-Accel-Charset.
*) Feature: decrease of memory consumption if SSL is used.
*) Feature: accept filters are now supported on NetBSD.
*) Feature: the "uwsgi_buffering" and "scgi_buffering" directives.
Thanks to Peter Smit.
*) Bugfix: a segmentation fault occurred on start or while
reconfiguration if the "ssl" directive was used at http level and
there was no "ssl_certificate" defined.
*) Bugfix: some UTF-8 characters were processed incorrectly.
Thanks to Alexey Kuts.
*) Bugfix: the ngx_http_rewrite_module directives specified at "server"
level were executed twice if no matching locations were defined.
*) Bugfix: a socket leak might occurred if "aio sendfile" was used.
*) Bugfix: connections with fast clients might be closed after
send_timeout if file AIO was used.
*) Bugfix: in the ngx_http_autoindex_module.
*) Bugfix: the module ngx_http_mp4_module did not support seeking on
32-bit platforms.
*) Bugfix: non-cacheable responses might be cached if
"proxy_cache_bypass" directive was used.
Thanks to John Ferlito.
*) Bugfix: cached responses with an empty body were returned
incorrectly; the bug had appeared in 0.8.31.
*) Bugfix: 201 responses of the ngx_http_dav_module were incorrect; the
bug had appeared in 0.8.32.
*) Bugfix: in the "return" directive.
*) Bugfix: the "ssl_verify_client", "ssl_verify_depth", and
"ssl_prefer_server_ciphers" directives might work incorrectly if SNI
was used.
Changes with nginx 1.0.8
*) Bugfix: nginx could not be built --with-http_mp4_module and without
--with-debug option.
Changes with nginx 1.0.7
*) Change: now if total size of all ranges is greater than source
response size, then nginx disables ranges and returns just the source
response.
*) Feature: the "max_ranges" directive.
*) Feature: the module ngx_http_mp4_module.
*) Feature: the "worker_aio_requests" directive.
*) Bugfix: if nginx was built --with-file-aio it could not be run on
Linux kernel which did not support AIO.
*) Bugfix: in Linux AIO error processing.
Thanks to Hagai Avrahami.
*) Bugfix: in Linux AIO combined with open_file_cache.
*) Bugfix: open_file_cache did not update file info on retest if file
was not atomically changed.
*) Bugfix: reduced memory consumption for long-lived requests.
*) Bugfix: in the "proxy/fastcgi/scgi/uwsgi_ignore_client_abort"
directives.
*) Bugfix: nginx could not be built on MacOSX 10.7.
*) Bugfix: request body might be processed incorrectly if client used
pipelining.
*) Bugfix: in the "request_body_in_single_buf" directive.
*) Bugfix: in "proxy_set_body" and "proxy_pass_request_body" directives
if SSL connection to backend was used.
*) Bugfix: nginx hogged CPU if all servers in an upstream were marked as
"down".
*) Bugfix: a segmentation fault might occur during reconfiguration if
ssl_session_cache was defined but not used in previous configuration.
*) Bugfix: a segmentation fault might occur in a worker process if many
backup servers were used in an upstream.
Changes with nginx 1.0.6
*) Feature: cache loader run time decrease.
*) Feature: loading time decrease of configuration with large number of
HTTPS sites.
*) Feature: now nginx supports ECDHE key exchange ciphers.
Thanks to Adrian Kotelba.
*) Feature: the "lingering_close" directive.
*) Feature: now shared zones and caches use POSIX semaphores on Solaris.
Thanks to Den Ivanov.
*) Bugfix: nginx could not be built on Linux 3.0.
*) Bugfix: a segmentation fault might occur in a worker process if
"fastcgi/scgi/uwsgi_param" directives were used with values starting
with "HTTP_"; the bug had appeared in 0.8.40.
*) Bugfix: in closing connection for pipelined requests.
*) Bugfix: nginx did not disable gzipping if client sent "gzip;q=0" in
"Accept-Encoding" request header line.
*) Bugfix: in timeout in unbuffered proxied mode.
*) Bugfix: memory leaks when a "proxy_pass" directive contains variables
and proxies to an HTTPS backend.
*) Bugfix: in parameter validaiton of a "proxy_pass" directive with
variables.
Thanks to Lanshun Zhou.
*) Bugfix: SSL did not work on QNX.
*) Bugfix: SSL modules could not be built by gcc 4.6 without
--with-debug option.
-------------------------------------------------------------------
Mon Oct 24 11:59:37 UTC 2011 - schubi@suse.com
- Reduce requirement of rubygem-rack to 1_1 cause 1_3 produces
errors.
-------------------------------------------------------------------
Tue Aug 16 15:23:23 UTC 2011 - ammler@openttdcoop.org
- upstream update 1.0.5
* Change: now default SSL ciphers are "HIGH:!aNULL:!MD5".
* Feature: the "referer_hash_max_size" and "referer_hash_bucket_size"
directives.
* Feature: $uid_reset variable.
* Bugfix: a segmentation fault might occur in a worker process, if a
caching was used.
* Bugfix: worker processes may got caught in an endless loop during
reconfiguration, if a caching was used; the bug had appeared in
0.8.48.
* Bugfix: "stalled cache updating" alert.
- add logrotate
* add reopen killsiganl -USR1 to init script
* logrotate conf
- Backport r4003: Configure: catch up with new Linux version numbering
-------------------------------------------------------------------
Fri Jun 24 10:40:30 UTC 2011 - jreidinger@novell.com
- fix init script to write use its pid file to allow separate nginx
server run independent (bnc#702005)
-------------------------------------------------------------------
Thu Jun 9 12:02:59 UTC 2011 - ammler@openttdcoop.org
- upstream update 1.0.4
* Change: now regular expressions case sensitivity in the "map"
directive is given by prefixes "~" or "~*".
* Feature: now shared zones and caches use POSIX semaphores on
Linux. Thanks to Denis F. Latypoff.
* Bugfix: "stalled" cache updating" alert.
* Bugfix: nginx could not be built
--without-http_auth_basic_module; the bug had appeared in
1.0.3.
- additional changes from 1.0.3
- Feature: the "auth_basic_user_file" directive supports "$apr1",
"{PLAIN}", and "{SSHA}" password encryption methods. Thanks to
Maxim Dounin.
- Feature: the "geoip_org" directive and $geoip_org variable.
Thanks to Alexander Uskov, Arnaud Granal, and Denis F.
Latypoff.
- Feature: ngx_http_geo_module and ngx_http_geoip_module support
IPv4 addresses mapped to IPv6 addresses.
- Bugfix: a segmentation fault occurred in a worker process
during testing IPv4 address mapped to IPv6 address, if access
or deny rules were defined only for IPv6; the bug had appeared
in 0.8.22.
- Bugfix: a cached response may be broken if proxy/fastcgi/scgi/
uwsgi_cache_bypass and proxy/fastcgi/scgi/uwsgi_no_cache
directive values were different; the bug had appeared in
0.8.46.
- additional changes from 1.0.2
- Feature: now shared zones and caches use POSIX semaphores.
- Bugfix: in the "rotate" parameter of the "image_filter"
directive. Thanks to Adam Bocim.
- Bugfix: nginx could not be built on Solaris; the bug had
appeared in 1.0.1.
- additional changes from 1.0.1
- Change: now the "split_clients" directive uses MurmurHash2
algorithm because of better distribution. Thanks to Oleg
Mamontov.
- Change: now long strings starting with zero are not considered
as false values. Thanks to Maxim Dounin.
- Change: now nginx uses a default listen backlog value 511 on
Linux.
- Feature: the $upstream_... variables may be used in the SSI and
perl modules.
- Bugfix: now nginx limits better disk cache size. Thanks to
Oleg Mamontov.
- Bugfix: a segmentation fault might occur while parsing
incorrect IPv4 address; the bug had appeared in 0.9.3. Thanks
to Maxim Dounin.
- Bugfix: nginx could not be built by gcc 4.6 without
--with-debug option.
- Bugfix: nginx could not be built on Solaris 9 and earlier; the
bug had appeared in 0.9.3. Thanks to Dagobert Michelsen.
- Bugfix: $request_time variable had invalid values if
subrequests were used; the bug had appeared in 0.8.47. Thanks
to Igor A. Valcov.
- new config directories included in context http:
conf.d/*.conf on top before first server
vhosts.d/*.conf on bottom (for servers)
-------------------------------------------------------------------
Thu May 26 10:20:30 UTC 2011 - mrueckert@suse.de
- more accurate license header: BSD-2-Clause
-------------------------------------------------------------------
Thu Apr 14 12:17:01 UTC 2011 - mrueckert@suse.de
- move the libatomic usage to sle11/11.1 or newer
-------------------------------------------------------------------
Thu Apr 14 10:59:36 UTC 2011 - mrueckert@suse.de
- remove /srv/www/htdocs/index.html (bnc#670031).
-------------------------------------------------------------------
Thu Apr 14 10:34:52 UTC 2011 - mrueckert@suse.de
- build with libatomic_ops
-------------------------------------------------------------------
Thu Apr 14 10:28:37 UTC 2011 - mrueckert@suse.de
- minor spec file cleanup
- use perl instead of dos2unix
- remove commented out patches from the preamble
- fix ordering in preamble
-------------------------------------------------------------------
Wed Apr 13 23:50:04 UTC 2011 - alexandre@exatati.com.br
- Add epoll in default events config as recommended in
http://www.kegel.com/c10k.html#nb.epoll.
-------------------------------------------------------------------
Tue Apr 12 18:42:32 UTC 2011 - mrueckert@suse.de
- enable building of the passenger extension
-------------------------------------------------------------------
Tue Apr 12 16:10:00 UTC 2011 - mrueckert@suse.de
- added more directives to the configure line
- specify tmp path for scgi/uwsgi
- enabled more modules
- geoip lookup
- http_degradation
- mail ssl support
- added build time options to build the profiling/testing stuff
- see with_google_perftools and with_cpp_test
-------------------------------------------------------------------
Tue Apr 12 15:16:54 UTC 2011 - mrueckert@suse.de
- start 1.0 branch package
