Subject: CVS commit: pkgsrc/www/nginx-devel
From: Filip Hajny
Date: 2017-02-14 11:14:36
Message id:

Log Message:
Update www/nginx-devel to 1.11.9.

Changes with nginx 1.11.9                                        24 Jan 2017

    *) Bugfix: nginx might hog CPU when using the stream module; the bug had
       appeared in 1.11.5.

    *) Bugfix: EXTERNAL authentication mechanism in mail proxy was accepted
       even if it was not enabled in the configuration.

    *) Bugfix: a segmentation fault might occur in a worker process if the
       "ssl_verify_client" directive of the stream module was used.

    *) Bugfix: the "ssl_verify_client" directive of the stream module might
       not work.

    *) Bugfix: closing keepalive connections due to no free worker
       connections might be too aggressive.
       Thanks to Joel Cunningham.

    *) Bugfix: an incorrect response might be returned when using the
       "sendfile" directive on FreeBSD and macOS; the bug had appeared in

    *) Bugfix: a truncated response might be stored in cache when using the
       "aio_write" directive.

    *) Bugfix: a socket leak might occur when using the "aio_write"

Changes with nginx 1.11.8                                        27 Dec 2016

    *) Feature: the "absolute_redirect" directive.

    *) Feature: the "escape" parameter of the "log_format" \ 

    *) Feature: client SSL certificates verification in the stream module.

    *) Feature: the "ssl_session_ticket_key" directive supports AES256
       encryption of TLS session tickets when used with 80-byte keys.

    *) Feature: vim-commentary support in vim scripts.
       Thanks to Armin Grodon.

    *) Bugfix: recursion when evaluating variables was not limited.

    *) Bugfix: in the ngx_stream_ssl_preread_module.

    *) Bugfix: if a server in an upstream in the stream module failed, it
       was considered alive only when a test connection sent to it after
       fail_timeout was closed; now a successfully established connection is

    *) Bugfix: nginx/Windows could not be built with 64-bit Visual Studio.

    *) Bugfix: nginx/Windows could not be built with OpenSSL 1.1.0.

Changes with nginx 1.11.7                                        13 Dec 2016

    *) Change: now in case of a client certificate verification error the
       $ssl_client_verify variable contains a string with the failure
       reason, for example, "FAILED:certificate has expired".

    *) Feature: the $ssl_ciphers, $ssl_curves, $ssl_client_v_start,
       $ssl_client_v_end, and $ssl_client_v_remain variables.

    *) Feature: the "volatile" parameter of the "map" directive.

    *) Bugfix: dependencies specified for a module were ignored while
       building dynamic modules.

    *) Bugfix: when using HTTP/2 and the "limit_req" or \ 
       directives client request body might be corrupted; the bug had
       appeared in 1.11.0.

    *) Bugfix: a segmentation fault might occur in a worker process when
       using HTTP/2; the bug had appeared in 1.11.3.

    *) Bugfix: in the ngx_http_mp4_module.
       Thanks to Congcong Hu.

    *) Bugfix: in the ngx_http_perl_module.

Changes with nginx 1.11.6                                        15 Nov 2016

    *) Change: format of the $ssl_client_s_dn and $ssl_client_i_dn variables
       has been changed to follow RFC 2253 (RFC 4514); values in the old
       format are available in the $ssl_client_s_dn_legacy and
       $ssl_client_i_dn_legacy variables.

    *) Change: when storing temporary files in a cache directory they will
       be stored in the same subdirectories as corresponding cache files
       instead of a separate subdirectory for temporary files.

    *) Feature: EXTERNAL authentication mechanism support in mail proxy.
       Thanks to Robert Norris.

    *) Feature: WebP support in the ngx_http_image_filter_module.

    *) Feature: variables support in the "proxy_method" directive.
       Thanks to Dmitry Lazurkin.

    *) Feature: the "http2_max_requests" directive in the

    *) Feature: the "proxy_cache_max_range_offset",
       "fastcgi_cache_max_range_offset", \ 
"scgi_cache_max_range_offset", and
       "uwsgi_cache_max_range_offset" directives.

    *) Bugfix: graceful shutdown of old worker processes might require
       infinite time when using HTTP/2.

    *) Bugfix: in the ngx_http_mp4_module.

    *) Bugfix: "ignore long locked inactive cache entry" alerts might \ 
       in logs when proxying WebSocket connections with caching enabled.

    *) Bugfix: nginx did not write anything to log and returned a response
       with code 502 instead of 504 when a timeout occurred during an SSL
       handshake to a backend.

Changes with nginx 1.11.5                                        11 Oct 2016

    *) Change: the --with-ipv6 configure option was removed, now IPv6
       support is configured automatically.

    *) Change: now if there are no available servers in an upstream, nginx
       will not reset number of failures of all servers as it previously
       did, but will wait for fail_timeout to expire.

    *) Feature: the ngx_stream_ssl_preread_module.

    *) Feature: the "server" directive in the "upstream" \ 
context supports
       the "max_conns" parameter.

    *) Feature: the --with-compat configure option.

    *) Feature: "manager_files", "manager_threshold", and \ 
       parameters of the "proxy_cache_path", \ 
       "scgi_cache_path", and "uwsgi_cache_path" directives.

    *) Bugfix: flags passed by the --with-ld-opt configure option were not
       used while building perl module.

    *) Bugfix: in the "add_after_body" directive when used with the
       "sub_filter" directive.

    *) Bugfix: in the $realip_remote_addr variable.

    *) Bugfix: the "dav_access", "proxy_store_access",
       "fastcgi_store_access", "scgi_store_access", and \ 
       directives ignored permissions specified for user.

    *) Bugfix: unix domain listen sockets might not be inherited during
       binary upgrade on Linux.

    *) Bugfix: nginx returned the 400 response on requests with the "-"
       character in the HTTP method.