./www/nginx, Lightweight HTTP server and mail proxy server

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.8.0, Package name: nginx-1.8.0, Maintainer: joerg

Nginx (pronounced engine-x) is a free, open-source, high-performance HTTP
server and reverse proxy, as well as an IMAP/POP3 proxy server. Igor Sysoev
started development of Nginx in 2002, with the first public release in 2004.
Nginx now hosts nearly 12.18% (22.2M) of active sites across all domains.
Nginx is known for its high performance, stability, rich feature set, simple
configuration, and low resource consumption.

Nginx is one of a handful of servers written to address the C10K problem.
Unlike traditional servers, Nginx doesn't rely on threads to handle requests.
Instead it uses a much more scalable event-driven (asynchronous) architecture.
This architecture uses small, but more importantly, predictable amounts of
memory under load.
Even if you don't expect to handle thousands of simultaneous requests, you can
still benefit from Nginx's high-performance and small memory footprint.
Nginx scales in all directions: from the smallest VPS all the way up to
clusters of servers.

Nginx powers several high-visibility sites, such as Netflix, Hulu, Pinterest,
CloudFlare, Airbnb, WordPress.com, GitHub, SoundCloud, Zynga, Eventbrite,
Zappos, Media Temple, Heroku, RightScale, Engine Yard and NetDNA.


Required to run:
[devel/pcre]


Package options: inet6, pcre, ssl

Master sites:

SHA1: 12bad312764feae50246685ab2e74512d1aa9b2f
RMD160: 9af62e81b42e572615f59fcedb222e9d6ad96b53
Filesize: 812.602 KB

Version history: (Expand)


CVS history: (Expand)


   2015-06-30 09:38:08 by Nils Ratusznik | Files touched by this commit (1)
Log message:
Added back missing checksums, PR pkg/50007
   2015-06-26 15:46:53 by Blue Rats | Files touched by this commit (2) | Package updated
Log message:
Update to latest stable. Resolves CVE-2014-3616. From CHANGELOG:

Changes with nginx 1.8.0                                         21 Apr 2015
    *) 1.8.x stable branch.

Changes with nginx 1.7.12                                        07 Apr 2015
    *) Feature: now the "tcp_nodelay" directive works with backend SSL
       connections.
    *) Feature: now thread pools can be used to read cache file headers.
    *) Bugfix: in the "proxy_request_buffering" directive.
    *) Bugfix: a segmentation fault might occur in a worker process when
       using thread pools on Linux.
    *) Bugfix: in error handling when using the "ssl_stapling" directive.
    *) Bugfix: in the ngx_http_spdy_module.

Changes with nginx 1.7.11                                        24 Mar 2015
    *) Change: the "sendfile" parameter of the "aio" directive is
       deprecated; now nginx automatically uses AIO to pre-load data for
       sendfile if both "aio" and "sendfile" directives are used.
    *) Feature: experimental thread pools support.
    *) Feature: the "proxy_request_buffering", \ 
"fastcgi_request_buffering",
       "scgi_request_buffering", and \ 
"uwsgi_request_buffering" directives.
    *) Feature: request body filters experimental API.
    *) Feature: client SSL certificates support in mail proxy.
    *) Feature: startup speedup when using the "hash ... consistent"
       directive in the upstream block.
    *) Feature: debug logging into a cyclic memory buffer.
    *) Bugfix: in hash table handling.
    *) Bugfix: in the "proxy_cache_revalidate" directive.
    *) Bugfix: SSL connections might hang if deferred accept or the
       "proxy_protocol" parameter of the "listen" directive \ 
were used.
    *) Bugfix: the $upstream_response_time variable might contain a wrong
       value if the "image_filter" directive was used.
    *) Bugfix: in integer overflow handling.
    *) Bugfix: it was not possible to enable SSLv3 with LibreSSL.
    *) Bugfix: the "ignoring stale global SSL error ... called a function
       you should not call" alerts appeared in logs when using LibreSSL.
    *) Bugfix: certificates specified by the "ssl_client_certificate" and
       "ssl_trusted_certificate" directives were inadvertently used to
       automatically construct certificate chains.

Changes with nginx 1.7.10                                        10 Feb 2015
    *) Feature: the "use_temp_path" parameter of the \ 
"proxy_cache_path",
       "fastcgi_cache_path", "scgi_cache_path", and \ 
"uwsgi_cache_path"
       directives.
    *) Feature: the $upstream_header_time variable.
    *) Workaround: now on disk overflow nginx tries to write error logs once
       a second only.
    *) Bugfix: the "try_files" directive did not ignore normal files while
       testing directories.
    *) Bugfix: alerts "sendfile() failed" if the "sendfile" \ 
directive was
       used on OS X; the bug had appeared in 1.7.8.
    *) Bugfix: alerts "sem_post() failed" might appear in logs.
    *) Bugfix: nginx could not be built with musl libc.
    *) Bugfix: nginx could not be built on Tru64 UNIX.

Changes with nginx 1.7.9                                         23 Dec 2014
    *) Feature: variables support in the "proxy_cache", \ 
"fastcgi_cache",
       "scgi_cache", and "uwsgi_cache" directives.
    *) Feature: variables support in the "expires" directive.
    *) Feature: loading of secret keys from hardware tokens with OpenSSL
       engines.
    *) Feature: the "autoindex_format" directive.
    *) Bugfix: cache revalidation is now only used for responses with 200
       and 206 status codes.
    *) Bugfix: the "TE" client request header line was passed to backends
       while proxying.
    *) Bugfix: the "proxy_pass", "fastcgi_pass", \ 
"scgi_pass", and
       "uwsgi_pass" directives might not work correctly inside the \ 
"if" and
       "limit_except" blocks.
    *) Bugfix: the "proxy_store" directive with the "on" \ 
parameter was
       ignored if the "proxy_store" directive with an explicitly specified
       file path was used on a previous level.
    *) Bugfix: nginx could not be built with BoringSSL.

Changes with nginx 1.7.8                                         02 Dec 2014
    *) Change: now the "If-Modified-Since", "If-Range", etc. \ 
client request
       header lines are passed to a backend while caching if nginx knows in
       advance that the response will not be cached (e.g., when using
       proxy_cache_min_uses).
    *) Change: now after proxy_cache_lock_timeout nginx sends a request to a
       backend with caching disabled; the new directives
       "proxy_cache_lock_age", "fastcgi_cache_lock_age",
       "scgi_cache_lock_age", and "uwsgi_cache_lock_age" \ 
specify a time
       after which the lock will be released and another attempt to cache a
       response will be made.
    *) Change: the "log_format" directive can now be used only at http
       level.
    *) Feature: the "proxy_ssl_certificate", \ 
"proxy_ssl_certificate_key",
       "proxy_ssl_password_file", "uwsgi_ssl_certificate",
       "uwsgi_ssl_certificate_key", and "uwsgi_ssl_password_file"
       directives.
    *) Feature: it is now possible to switch to a named location using
       "X-Accel-Redirect".
    *) Feature: now the "tcp_nodelay" directive works with SPDY \ 
connections.
    *) Feature: new directives in vim syntax highliting scripts.
    *) Bugfix: nginx ignored the "s-maxage" value in the \ 
"Cache-Control"
       backend response header line.
    *) Bugfix: in the ngx_http_spdy_module.
    *) Bugfix: in the "ssl_password_file" directive when using OpenSSL
       0.9.8zc, 1.0.0o, 1.0.1j.
    *) Bugfix: alerts "header already sent" appeared in logs if the
       "post_action" directive was used; the bug had appeared in 1.5.4.
    *) Bugfix: alerts "the http output chain is empty" might appear in logs
       if the "postpone_output 0" directive was used with SSI includes.
    *) Bugfix: in the "proxy_cache_lock" directive with SSI subrequests.

Changes with nginx 1.7.7                                         28 Oct 2014

    *) Change: now nginx takes into account the "Vary" header line in a
       backend response while caching.
    *) Feature: the "proxy_force_ranges", "fastcgi_force_ranges",
       "scgi_force_ranges", and "uwsgi_force_ranges" directives.
    *) Feature: the "proxy_limit_rate", "fastcgi_limit_rate",
       "scgi_limit_rate", and "uwsgi_limit_rate" directives.
    *) Feature: the "Vary" parameter of the \ 
"proxy_ignore_headers",
       "fastcgi_ignore_headers", "scgi_ignore_headers", and
       "uwsgi_ignore_headers" directives.
    *) Bugfix: the last part of a response received from a backend with
       unbufferred proxy might not be sent to a client if "gzip" or \ 
"gunzip"
       directives were used.
    *) Bugfix: in the "proxy_cache_revalidate" directive.
    *) Bugfix: in error handling.
    *) Bugfix: in the "proxy_next_upstream_tries" and
       "proxy_next_upstream_timeout" directives.
    *) Bugfix: nginx/Windows could not be built with MinGW-w64 gcc.

Changes with nginx 1.7.6                                         30 Sep 2014

    *) Change: the deprecated "limit_zone" directive is not supported
       anymore.
    *) Feature: the "limit_conn_zone" and "limit_req_zone" \ 
directives now
       can be used with combinations of multiple variables.
    *) Bugfix: request body might be transmitted incorrectly when retrying a
       FastCGI request to the next upstream server.
    *) Bugfix: in logging to syslog.
Changes with nginx 1.7.5                                         16 Sep 2014

    *) Security: it was possible to reuse SSL sessions in unrelated contexts
       if a shared SSL session cache or the same TLS session ticket key was
       used for multiple "server" blocks (CVE-2014-3616).
    *) Change: now the "stub_status" directive does not require a \ 
parameter.
    *) Feature: the "always" parameter of the "add_header" \ 
directive.
    *) Feature: the "proxy_next_upstream_tries",
       "proxy_next_upstream_timeout", \ 
"fastcgi_next_upstream_tries",
       "fastcgi_next_upstream_timeout", \ 
"memcached_next_upstream_tries",
       "memcached_next_upstream_timeout", \ 
"scgi_next_upstream_tries",
       "scgi_next_upstream_timeout", \ 
"uwsgi_next_upstream_tries", and
       "uwsgi_next_upstream_timeout" directives.
    *) Bugfix: in the "if" parameter of the "access_log" \ 
directive.
    *) Bugfix: in the ngx_http_perl_module.
    *) Bugfix: the "listen" directive of the mail proxy module did not \ 
allow
       to specify more than two parameters.
    *) Bugfix: the "sub_filter" directive did not work with a string to
       replace consisting of a single character.
    *) Bugfix: requests might hang if resolver was used and a timeout
       occurred during a DNS request.
    *) Bugfix: in the ngx_http_spdy_module when using with AIO.
    *) Bugfix: a segmentation fault might occur in a worker process if the
       "set" directive was used to change the "$http_...", \ 
"$sent_http_...",
       or "$upstream_http_..." variables.
    *) Bugfix: in memory allocation error handling.

Changes with nginx 1.7.4                                         05 Aug 2014

    *) Security: pipelined commands were not discarded after STARTTLS
       command in SMTP proxy (CVE-2014-3556); the bug had appeared in 1.5.6.
    *) Change: URI escaping now uses uppercase hexadecimal digits.
    *) Feature: now nginx can be build with BoringSSL and LibreSSL.
    *) Bugfix: requests might hang if resolver was used and a DNS server
       returned a malformed response; the bug had appeared in 1.5.8.
    *) Bugfix: in the ngx_http_spdy_module.
    *) Bugfix: the $uri variable might contain garbage when returning errors
       with code 400.
    *) Bugfix: in error handling in the "proxy_store" directive and the
       ngx_http_dav_module.
    *) Bugfix: a segmentation fault might occur if logging of errors to
       syslog was used; the bug had appeared in 1.7.1.
    *) Bugfix: the $geoip_latitude, $geoip_longitude, $geoip_dma_code, and
       $geoip_area_code variables might not work.
    *) Bugfix: in memory allocation error handling.

Changes with nginx 1.7.3                                         08 Jul 2014
    *) Feature: weak entity tags are now preserved on response
       modifications, and strong ones are changed to weak.
    *) Feature: cache revalidation now uses If-None-Match header if
       possible.
    *) Feature: the "ssl_password_file" directive.
    *) Bugfix: the If-None-Match request header line was ignored if there
       was no Last-Modified header in a response returned from cache.
    *) Bugfix: "peer closed connection in SSL handshake" messages were
       logged at "info" level instead of "error" while \ 
connecting to
       backends.
    *) Bugfix: in the ngx_http_dav_module module in nginx/Windows.
    *) Bugfix: SPDY connections might be closed prematurely if caching was
       used.

Changes with nginx 1.7.2                                         17 Jun 2014
    *) Feature: the "hash" directive inside the "upstream" block.
    *) Feature: defragmentation of free shared memory blocks.
    *) Bugfix: a segmentation fault might occur in a worker process if the
       default value of the "access_log" directive was used; the bug had
       appeared in 1.7.0.
    *) Bugfix: trailing slash was mistakenly removed from the last parameter
       of the "try_files" directive.
    *) Bugfix: nginx could not be built on OS X in some cases.
    *) Bugfix: in the ngx_http_spdy_module.

Changes with nginx 1.7.1                                         27 May 2014
    *) Feature: the "$upstream_cookie_..." variables.
    *) Feature: the $ssl_client_fingerprint variable.
    *) Feature: the "error_log" and "access_log" directives \ 
now support
       logging to syslog.
    *) Feature: the mail proxy now logs client port on connect.
    *) Bugfix: memory leak if the "ssl_stapling" directive was used.
    *) Bugfix: the "alias" directive used inside a location given by a
       regular expression worked incorrectly if the "if" or \ 
"limit_except"
       directives were used.
    *) Bugfix: the "charset" directive did not set a charset to encoded
       backend responses.
    *) Bugfix: a "proxy_pass" directive without URI part might use original
       request after the $args variable was set.
    *) Bugfix: in the "none" parameter in the "smtp_auth" \ 
directive; the bug
       had appeared in 1.5.6.
    *) Bugfix: if sub_filter and SSI were used together, then responses
       might be transferred incorrectly.
    *) Bugfix: nginx could not be built with the --with-file-aio option on
       Linux/aarch64.

Changes with nginx 1.7.0                                         24 Apr 2014
    *) Feature: backend SSL certificate verification.
    *) Feature: support for SNI while working with SSL backends.
    *) Feature: the $ssl_server_name variable.
    *) Feature: the "if" parameter of the "access_log" directive.
   2015-06-12 12:52:19 by Thomas Klausner | Files touched by this commit (3152)
Log message:
Recursive PKGREVISION bump for all packages mentioning 'perl',
having a PKGNAME of p5-*, or depending such a package,
for perl-5.22.0.
   2015-06-04 12:25:18 by Filip Hajny | Files touched by this commit (1)
Log message:
Add nginx option to build the ngx_http_gzip_static module.
   2014-09-24 07:42:48 by Kimmo Suominen | Files touched by this commit (2) | Package updated
Log message:
Upgrade to nginx-1.6.2 to fix security vulnerability CVE-2014-3616.
Restore module checksums that were lost in last update.

Changes with nginx 1.6.2                                         16 Sep 2014

    *) Security: it was possible to reuse SSL sessions in unrelated contexts
       if a shared SSL session cache or the same TLS session ticket key was
       used for multiple "server" blocks (CVE-2014-3616).
       Thanks to Antoine Delignat-Lavaud.

    *) Bugfix: requests might hang if resolver was used and a DNS server
       returned a malformed response; the bug had appeared in 1.5.8.

    *) Bugfix: requests might hang if resolver was used and a timeout
       occurred during a DNS request.
   2014-08-07 07:05:50 by Blue Rats | Files touched by this commit (2)
Log message:
Changes with nginx 1.6.1                                         05 Aug 2014
    *) Security: pipelined commands were not discarded after STARTTLS
       command in SMTP proxy (CVE-2014-3556); the bug had appeared in 1.5.6.
    *) Bugfix: the $uri variable might contain garbage when returning errors
       with code 400.
    *) Bugfix: in the "none" parameter in the "smtp_auth" \ 
directive; the bug
       had appeared in 1.5.6.
   2014-06-20 20:48:37 by Filip Hajny | Files touched by this commit (2)
Log message:
Fix build with the perl option. Bootstrap (.bs) files no longer generated
with Perl 5.20.
   2014-06-16 15:35:19 by Jonathan Perkin | Files touched by this commit (1) | Package updated
Log message:
Re-generate module checksums, lost in last update.