Next | Query returned 240 messages, browsing 151 to 160 | Previous

History of commit frequency

CVS Commit History:


   2015-10-12 16:53:17 by Jonathan Perkin | Files touched by this commit (3)
Log message:
Fix install on Darwin, perl module extension suffix is ".bundle" not \ 
".so".
   2015-09-30 15:36:00 by Emile iMil Heitor | Files touched by this commit (4) | Package updated
Log message:
Updated Github third party modules and changed DISTFILES to point to github.com
instead of ftp.NetBSD.org.

* lua-nginx-module 0.9.5 updated to 0.9.16
* echo-nginx-module 0.51 updated to 0.58
* set-misc-nginx-module 0.24 updated to 0.29
* array-var-nginx-module 0.03 updated to 0.04
* encrypted-session-nginx-module 0.03 updated to 0.04
* form-input-nginx-module 0.07 updated to 0.11
* headers-more-nginx-module 0.25 updated to 0.26.1

Only minor revision changes, no features added. Modules don't have Changelog,
git history shows only cosmetic changes and bugfixes.
   2015-09-29 15:48:33 by Emile iMil Heitor | Files touched by this commit (2)
Log message:
Updated naxsi to 0.54

From 0.53-2 "AppleJack":

* increased PCRE output vector from 6 to 30 (from 2 match groups to 10)
* removed negative rule on content-types (naxsi_core.rules) as naxsi supports
  json
* Fixed broken EXLOG on |NAME match zones (issues/110)
* Integrated libinjection (xss/sqli)

Modified `options.mk' to allow www/nginx-devel to use ngx_http_v2_module instead
of ngx_http_spdy_module.
   2015-09-24 08:13:50 by Thomas Klausner | Files touched by this commit (3)
Log message:
nginx*: Remove upload option.

Not supported since 1.3.8 (we have 1.8.x and 1.9.x in pkgsrc).
Reported by Timshel Knoll-Miller in PR 50272.
   2015-06-30 09:38:08 by Nils Ratusznik | Files touched by this commit (1)
Log message:
Added back missing checksums, PR pkg/50007
   2015-06-26 15:46:53 by Blue Rats | Files touched by this commit (2)
Log message:
Update to latest stable. Resolves CVE-2014-3616. From CHANGELOG:

Changes with nginx 1.8.0                                         21 Apr 2015
    *) 1.8.x stable branch.

Changes with nginx 1.7.12                                        07 Apr 2015
    *) Feature: now the "tcp_nodelay" directive works with backend SSL
       connections.
    *) Feature: now thread pools can be used to read cache file headers.
    *) Bugfix: in the "proxy_request_buffering" directive.
    *) Bugfix: a segmentation fault might occur in a worker process when
       using thread pools on Linux.
    *) Bugfix: in error handling when using the "ssl_stapling" directive.
    *) Bugfix: in the ngx_http_spdy_module.

Changes with nginx 1.7.11                                        24 Mar 2015
    *) Change: the "sendfile" parameter of the "aio" directive is
       deprecated; now nginx automatically uses AIO to pre-load data for
       sendfile if both "aio" and "sendfile" directives are used.
    *) Feature: experimental thread pools support.
    *) Feature: the "proxy_request_buffering", \ 
"fastcgi_request_buffering",
       "scgi_request_buffering", and \ 
"uwsgi_request_buffering" directives.
    *) Feature: request body filters experimental API.
    *) Feature: client SSL certificates support in mail proxy.
    *) Feature: startup speedup when using the "hash ... consistent"
       directive in the upstream block.
    *) Feature: debug logging into a cyclic memory buffer.
    *) Bugfix: in hash table handling.
    *) Bugfix: in the "proxy_cache_revalidate" directive.
    *) Bugfix: SSL connections might hang if deferred accept or the
       "proxy_protocol" parameter of the "listen" directive \ 
were used.
    *) Bugfix: the $upstream_response_time variable might contain a wrong
       value if the "image_filter" directive was used.
    *) Bugfix: in integer overflow handling.
    *) Bugfix: it was not possible to enable SSLv3 with LibreSSL.
    *) Bugfix: the "ignoring stale global SSL error ... called a function
       you should not call" alerts appeared in logs when using LibreSSL.
    *) Bugfix: certificates specified by the "ssl_client_certificate" and
       "ssl_trusted_certificate" directives were inadvertently used to
       automatically construct certificate chains.

Changes with nginx 1.7.10                                        10 Feb 2015
    *) Feature: the "use_temp_path" parameter of the \ 
"proxy_cache_path",
       "fastcgi_cache_path", "scgi_cache_path", and \ 
"uwsgi_cache_path"
       directives.
    *) Feature: the $upstream_header_time variable.
    *) Workaround: now on disk overflow nginx tries to write error logs once
       a second only.
    *) Bugfix: the "try_files" directive did not ignore normal files while
       testing directories.
    *) Bugfix: alerts "sendfile() failed" if the "sendfile" \ 
directive was
       used on OS X; the bug had appeared in 1.7.8.
    *) Bugfix: alerts "sem_post() failed" might appear in logs.
    *) Bugfix: nginx could not be built with musl libc.
    *) Bugfix: nginx could not be built on Tru64 UNIX.

Changes with nginx 1.7.9                                         23 Dec 2014
    *) Feature: variables support in the "proxy_cache", \ 
"fastcgi_cache",
       "scgi_cache", and "uwsgi_cache" directives.
    *) Feature: variables support in the "expires" directive.
    *) Feature: loading of secret keys from hardware tokens with OpenSSL
       engines.
    *) Feature: the "autoindex_format" directive.
    *) Bugfix: cache revalidation is now only used for responses with 200
       and 206 status codes.
    *) Bugfix: the "TE" client request header line was passed to backends
       while proxying.
    *) Bugfix: the "proxy_pass", "fastcgi_pass", \ 
"scgi_pass", and
       "uwsgi_pass" directives might not work correctly inside the \ 
"if" and
       "limit_except" blocks.
    *) Bugfix: the "proxy_store" directive with the "on" \ 
parameter was
       ignored if the "proxy_store" directive with an explicitly specified
       file path was used on a previous level.
    *) Bugfix: nginx could not be built with BoringSSL.

Changes with nginx 1.7.8                                         02 Dec 2014
    *) Change: now the "If-Modified-Since", "If-Range", etc. \ 
client request
       header lines are passed to a backend while caching if nginx knows in
       advance that the response will not be cached (e.g., when using
       proxy_cache_min_uses).
    *) Change: now after proxy_cache_lock_timeout nginx sends a request to a
       backend with caching disabled; the new directives
       "proxy_cache_lock_age", "fastcgi_cache_lock_age",
       "scgi_cache_lock_age", and "uwsgi_cache_lock_age" \ 
specify a time
       after which the lock will be released and another attempt to cache a
       response will be made.
    *) Change: the "log_format" directive can now be used only at http
       level.
    *) Feature: the "proxy_ssl_certificate", \ 
"proxy_ssl_certificate_key",
       "proxy_ssl_password_file", "uwsgi_ssl_certificate",
       "uwsgi_ssl_certificate_key", and "uwsgi_ssl_password_file"
       directives.
    *) Feature: it is now possible to switch to a named location using
       "X-Accel-Redirect".
    *) Feature: now the "tcp_nodelay" directive works with SPDY \ 
connections.
    *) Feature: new directives in vim syntax highliting scripts.
    *) Bugfix: nginx ignored the "s-maxage" value in the \ 
"Cache-Control"
       backend response header line.
    *) Bugfix: in the ngx_http_spdy_module.
    *) Bugfix: in the "ssl_password_file" directive when using OpenSSL
       0.9.8zc, 1.0.0o, 1.0.1j.
    *) Bugfix: alerts "header already sent" appeared in logs if the
       "post_action" directive was used; the bug had appeared in 1.5.4.
    *) Bugfix: alerts "the http output chain is empty" might appear in logs
       if the "postpone_output 0" directive was used with SSI includes.
    *) Bugfix: in the "proxy_cache_lock" directive with SSI subrequests.

Changes with nginx 1.7.7                                         28 Oct 2014

    *) Change: now nginx takes into account the "Vary" header line in a
       backend response while caching.
    *) Feature: the "proxy_force_ranges", "fastcgi_force_ranges",
       "scgi_force_ranges", and "uwsgi_force_ranges" directives.
    *) Feature: the "proxy_limit_rate", "fastcgi_limit_rate",
       "scgi_limit_rate", and "uwsgi_limit_rate" directives.
    *) Feature: the "Vary" parameter of the \ 
"proxy_ignore_headers",
       "fastcgi_ignore_headers", "scgi_ignore_headers", and
       "uwsgi_ignore_headers" directives.
    *) Bugfix: the last part of a response received from a backend with
       unbufferred proxy might not be sent to a client if "gzip" or \ 
"gunzip"
       directives were used.
    *) Bugfix: in the "proxy_cache_revalidate" directive.
    *) Bugfix: in error handling.
    *) Bugfix: in the "proxy_next_upstream_tries" and
       "proxy_next_upstream_timeout" directives.
    *) Bugfix: nginx/Windows could not be built with MinGW-w64 gcc.

Changes with nginx 1.7.6                                         30 Sep 2014

    *) Change: the deprecated "limit_zone" directive is not supported
       anymore.
    *) Feature: the "limit_conn_zone" and "limit_req_zone" \ 
directives now
       can be used with combinations of multiple variables.
    *) Bugfix: request body might be transmitted incorrectly when retrying a
       FastCGI request to the next upstream server.
    *) Bugfix: in logging to syslog.
Changes with nginx 1.7.5                                         16 Sep 2014

    *) Security: it was possible to reuse SSL sessions in unrelated contexts
       if a shared SSL session cache or the same TLS session ticket key was
       used for multiple "server" blocks (CVE-2014-3616).
    *) Change: now the "stub_status" directive does not require a \ 
parameter.
    *) Feature: the "always" parameter of the "add_header" \ 
directive.
    *) Feature: the "proxy_next_upstream_tries",
       "proxy_next_upstream_timeout", \ 
"fastcgi_next_upstream_tries",
       "fastcgi_next_upstream_timeout", \ 
"memcached_next_upstream_tries",
       "memcached_next_upstream_timeout", \ 
"scgi_next_upstream_tries",
       "scgi_next_upstream_timeout", \ 
"uwsgi_next_upstream_tries", and
       "uwsgi_next_upstream_timeout" directives.
    *) Bugfix: in the "if" parameter of the "access_log" \ 
directive.
    *) Bugfix: in the ngx_http_perl_module.
    *) Bugfix: the "listen" directive of the mail proxy module did not \ 
allow
       to specify more than two parameters.
    *) Bugfix: the "sub_filter" directive did not work with a string to
       replace consisting of a single character.
    *) Bugfix: requests might hang if resolver was used and a timeout
       occurred during a DNS request.
    *) Bugfix: in the ngx_http_spdy_module when using with AIO.
    *) Bugfix: a segmentation fault might occur in a worker process if the
       "set" directive was used to change the "$http_...", \ 
"$sent_http_...",
       or "$upstream_http_..." variables.
    *) Bugfix: in memory allocation error handling.

Changes with nginx 1.7.4                                         05 Aug 2014

    *) Security: pipelined commands were not discarded after STARTTLS
       command in SMTP proxy (CVE-2014-3556); the bug had appeared in 1.5.6.
    *) Change: URI escaping now uses uppercase hexadecimal digits.
    *) Feature: now nginx can be build with BoringSSL and LibreSSL.
    *) Bugfix: requests might hang if resolver was used and a DNS server
       returned a malformed response; the bug had appeared in 1.5.8.
    *) Bugfix: in the ngx_http_spdy_module.
    *) Bugfix: the $uri variable might contain garbage when returning errors
       with code 400.
    *) Bugfix: in error handling in the "proxy_store" directive and the
       ngx_http_dav_module.
    *) Bugfix: a segmentation fault might occur if logging of errors to
       syslog was used; the bug had appeared in 1.7.1.
    *) Bugfix: the $geoip_latitude, $geoip_longitude, $geoip_dma_code, and
       $geoip_area_code variables might not work.
    *) Bugfix: in memory allocation error handling.

Changes with nginx 1.7.3                                         08 Jul 2014
    *) Feature: weak entity tags are now preserved on response
       modifications, and strong ones are changed to weak.
    *) Feature: cache revalidation now uses If-None-Match header if
       possible.
    *) Feature: the "ssl_password_file" directive.
    *) Bugfix: the If-None-Match request header line was ignored if there
       was no Last-Modified header in a response returned from cache.
    *) Bugfix: "peer closed connection in SSL handshake" messages were
       logged at "info" level instead of "error" while \ 
connecting to
       backends.
    *) Bugfix: in the ngx_http_dav_module module in nginx/Windows.
    *) Bugfix: SPDY connections might be closed prematurely if caching was
       used.

Changes with nginx 1.7.2                                         17 Jun 2014
    *) Feature: the "hash" directive inside the "upstream" block.
    *) Feature: defragmentation of free shared memory blocks.
    *) Bugfix: a segmentation fault might occur in a worker process if the
       default value of the "access_log" directive was used; the bug had
       appeared in 1.7.0.
    *) Bugfix: trailing slash was mistakenly removed from the last parameter
       of the "try_files" directive.
    *) Bugfix: nginx could not be built on OS X in some cases.
    *) Bugfix: in the ngx_http_spdy_module.

Changes with nginx 1.7.1                                         27 May 2014
    *) Feature: the "$upstream_cookie_..." variables.
    *) Feature: the $ssl_client_fingerprint variable.
    *) Feature: the "error_log" and "access_log" directives \ 
now support
       logging to syslog.
    *) Feature: the mail proxy now logs client port on connect.
    *) Bugfix: memory leak if the "ssl_stapling" directive was used.
    *) Bugfix: the "alias" directive used inside a location given by a
       regular expression worked incorrectly if the "if" or \ 
"limit_except"
       directives were used.
    *) Bugfix: the "charset" directive did not set a charset to encoded
       backend responses.
    *) Bugfix: a "proxy_pass" directive without URI part might use original
       request after the $args variable was set.
    *) Bugfix: in the "none" parameter in the "smtp_auth" \ 
directive; the bug
       had appeared in 1.5.6.
    *) Bugfix: if sub_filter and SSI were used together, then responses
       might be transferred incorrectly.
    *) Bugfix: nginx could not be built with the --with-file-aio option on
       Linux/aarch64.

Changes with nginx 1.7.0                                         24 Apr 2014
    *) Feature: backend SSL certificate verification.
    *) Feature: support for SNI while working with SSL backends.
    *) Feature: the $ssl_server_name variable.
    *) Feature: the "if" parameter of the "access_log" directive.
   2015-06-12 12:52:19 by Thomas Klausner | Files touched by this commit (3152)
Log message:
Recursive PKGREVISION bump for all packages mentioning 'perl',
having a PKGNAME of p5-*, or depending such a package,
for perl-5.22.0.
   2015-06-04 12:25:18 by Filip Hajny | Files touched by this commit (1)
Log message:
Add nginx option to build the ngx_http_gzip_static module.
   2014-09-24 07:42:48 by Kimmo Suominen | Files touched by this commit (2) | Package updated
Log message:
Upgrade to nginx-1.6.2 to fix security vulnerability CVE-2014-3616.
Restore module checksums that were lost in last update.

Changes with nginx 1.6.2                                         16 Sep 2014

    *) Security: it was possible to reuse SSL sessions in unrelated contexts
       if a shared SSL session cache or the same TLS session ticket key was
       used for multiple "server" blocks (CVE-2014-3616).
       Thanks to Antoine Delignat-Lavaud.

    *) Bugfix: requests might hang if resolver was used and a DNS server
       returned a malformed response; the bug had appeared in 1.5.8.

    *) Bugfix: requests might hang if resolver was used and a timeout
       occurred during a DNS request.
   2014-08-07 07:05:50 by Blue Rats | Files touched by this commit (2)
Log message:
Changes with nginx 1.6.1                                         05 Aug 2014
    *) Security: pipelined commands were not discarded after STARTTLS
       command in SMTP proxy (CVE-2014-3556); the bug had appeared in 1.5.6.
    *) Bugfix: the $uri variable might contain garbage when returning errors
       with code 400.
    *) Bugfix: in the "none" parameter in the "smtp_auth" \ 
directive; the bug
       had appeared in 1.5.6.

Next | Query returned 240 messages, browsing 151 to 160 | Previous