CVS commit: pkgsrc/www/nginx-devel

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/www/nginx-devel
From: "Emile iMil Heitor" <imil%netbsd.org@localhost>
Date: Fri, 14 Mar 2014 11:36:58 +0000

Module Name:    pkgsrc
Committed By:   imil
Date:           Fri Mar 14 11:36:58 UTC 2014

Modified Files:
        pkgsrc/www/nginx-devel: Makefile distinfo

Log Message:
Changes with nginx 1.5.11                                        04 Mar 2014

    *) Security: memory corruption might occur in a worker process on 32-bit
       platforms while handling a specially crafted request by
       ngx_http_spdy_module, potentially resulting in arbitrary code
       execution (CVE-2014-0088); the bug had appeared in 1.5.10.
       Thanks to Lucas Molas, researcher at Programa STIC, Fundaci�n Dr.
       Manuel Sadosky, Buenos Aires, Argentina.

    *) Feature: the $ssl_session_reused variable.

    *) Bugfix: the "client_max_body_size" directive might not work when
       reading a request body using chunked transfer encoding; the bug had
       appeared in 1.3.9.
       Thanks to Lucas Molas.

    *) Bugfix: a segmentation fault might occur in a worker process when
       proxying WebSocket connections.

    *) Bugfix: a segmentation fault might occur in a worker process if the
       ngx_http_spdy_module was used on 32-bit platforms; the bug had
       appeared in 1.5.10.

    *) Bugfix: the $upstream_status variable might contain wrong data if the
       "proxy_cache_use_stale" or "proxy_cache_revalidate" directives were
       used.
       Thanks to Piotr Sikora.

    *) Bugfix: a segmentation fault might occur in a worker process if
       errors with code 400 were redirected to a named location using the
       "error_page" directive.

    *) Bugfix: nginx/Windows could not be built with Visual Studio 2013.

Changes with nginx 1.5.10                                        04 Feb 2014

    *) Feature: the ngx_http_spdy_module now uses SPDY 3.1 protocol.
       Thanks to Automattic and MaxCDN for sponsoring this work.

    *) Feature: the ngx_http_mp4_module now skips tracks too short for a
       seek requested.

    *) Bugfix: a segmentation fault might occur in a worker process if the
       $ssl_session_id variable was used in logs; the bug had appeared in
       1.5.9.

    *) Bugfix: the $date_local and $date_gmt variables used wrong format
       outside of the ngx_http_ssi_filter_module.

    *) Bugfix: client connections might be immediately closed if deferred
       accept was used; the bug had appeared in 1.3.15.

    *) Bugfix: alerts "getsockopt(TCP_FASTOPEN) ... failed" appeared in logs
       during binary upgrade on Linux; the bug had appeared in 1.5.8.
       Thanks to Piotr Sikora.

Changes with nginx 1.5.9                                         22 Jan 2014

    *) Change: now nginx expects escaped URIs in "X-Accel-Redirect" headers.

    *) Feature: the "ssl_buffer_size" directive.

    *) Feature: the "limit_rate" directive can now be used to rate limit
       responses sent in SPDY connections.

    *) Feature: the "spdy_chunk_size" directive.

    *) Feature: the "ssl_session_tickets" directive.
       Thanks to Dirkjan Bussink.

    *) Bugfix: the $ssl_session_id variable contained full session
       serialized instead of just a session id.
       Thanks to Ivan Risti?.

    *) Bugfix: nginx incorrectly handled escaped "?" character in the
       "include" SSI command.

    *) Bugfix: the ngx_http_dav_module did not unescape destination URI of
       the COPY and MOVE methods.

    *) Bugfix: resolver did not understand domain names with a trailing dot.
       Thanks to Yichun Zhang.

    *) Bugfix: alerts "zero size buf in output" might appear in logs while
       proxying; the bug had appeared in 1.3.9.

    *) Bugfix: a segmentation fault might occur in a worker process if the
       ngx_http_spdy_module was used.

    *) Bugfix: proxied WebSocket connections might hang right after
       handshake if the select, poll, or /dev/poll methods were used.

    *) Bugfix: the "xclient" directive of the mail proxy module incorrectly
       handled IPv6 client addresses.

Changes with nginx 1.5.8                                         17 Dec 2013

    *) Feature: IPv6 support in resolver.

    *) Feature: the "listen" directive supports the "fastopen" parameter.
       Thanks to Mathew Rodley.

    *) Feature: SSL support in the ngx_http_uwsgi_module.
       Thanks to Roberto De Ioris.

    *) Feature: vim syntax highlighting scripts were added to contrib.
       Thanks to Evan Miller.

    *) Bugfix: a timeout might occur while reading client request body in an
       SSL connection using chunked transfer encoding.

    *) Bugfix: the "master_process" directive did not work correctly in
       nginx/Windows.

    *) Bugfix: the "setfib" parameter of the "listen" directive might not
       work.

    *) Bugfix: in the ngx_http_spdy_module.


To generate a diff of this commit:
cvs rdiff -u -r1.8 -r1.9 pkgsrc/www/nginx-devel/Makefile
cvs rdiff -u -r1.6 -r1.7 pkgsrc/www/nginx-devel/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index