Navigation:
Browse pkgsrc
(this page)| 2024-11-13 11:50:21 by Jonathan Perkin | Files touched by this commit (1) |
Log message: nginx: Remove non-existent patch from distinfo. This package has so many pkglint errors and warnings that it's no real surprise that things like this are getting missed. |
| 2024-11-01 13:55:19 by Thomas Klausner | Files touched by this commit (2426) |
Log message: *: revbump for icu downgrade |
| 2024-11-01 01:54:33 by Thomas Klausner | Files touched by this commit (2427) |
Log message: *: recursive bump for icu 76.1 shlib bump |
2024-10-23 15:15:19 by Sergey A. Osokin | Files touched by this commit (11) |  |
Log message: */*: update NGINX JavaScript 0.8.5 -> 0.8.7 Bump PKGREVISIONs for www/nginx, www/nginx-devel, www/unit. <ChangeLog> Changes with njs 0.8.7 22 Oct 2024 nginx modules: *) Bugfix: eliminated unnecessary VM creation. Previously, njs consumed memory proportionally to the number of nginx locations. The issue was introduced in 9b674412 (0.8.6). *) Improvement: added strict syntax validation for js_body_filter. *) Improvement: improved error messages for module loading failures. Core: *) Feature: implemented fs.readlink() and friends. *) Improvement: implemented lazy stack symbolization. *) Bugfix: fixed heap-buffer-overflow in Buffer.prototype.indexOf(). The issue was introduced in 5d15a8d6 (0.8.6). *) Bugfix: fixed Buffer.prototype.lastIndexOf() when `from` is provided. Changes with njs 0.8.6 02 Oct 2024 nginx modules: *) Feature: introduced QuickJS engine. *) Feature: added optional nocache flag for js_set directive. Thanks to Thomas P. *) Feature: exposed capture group variables in HTTP module. Thanks to Thomas P. Core: *) Feature: added Buffer module for QuickJS engine. *) Bugfix: fixed handling of empty labelled statement in a function. *) Bugfix: fixed Function constructor handling when called without arguments. *) Bugfix: fixed Buffer.prototype.writeInt8() and friends. *) Bugfix: fixed Buffer.prototype.writeFloat() and friends. *) Bugfix: fixed Buffer.prototype.lastIndexOf(). *) Bugfix: fixed Buffer.prototype.write(). *) Bugfix: fixed maybe-uninitialized warnings in error creation. *) Bugfix: fixed 'ctx.codepoint' initialization in UTF-8 decoding. *) Bugfix: fixed 'length' initialization in Array.prototype.pop(). *) Bugfix: fixed handling of encode arg in fs.readdir() and fs.realpath(). </ChangeLog> |
| 2024-08-25 16:57:05 by Sergey A. Osokin | Files touched by this commit (2) | |
Log message: www/nginx: security update from 1.26.1 to 1.26.2 <ChangeLog> *) Security: processing of a specially crafted mp4 file by the ngx_http_mp4_module might cause a worker process crash (CVE-2024-7347). Thanks to Nils Bars. </ChangeLog> |
| 2024-08-17 17:20:21 by Benny Siegert | Files touched by this commit (17) | |
Log message: LuaJIT2: update to 2.1, rolling release The LuaJIT project has decided to switch to a rolling release model. There are only branches, no point releases. Also, no sensible changelog that I could find either. Patch from Malte Dehling in PR pkg/58293. |
| 2024-07-11 21:53:41 by Thomas Klausner | Files touched by this commit (70) |
Log message: *: bump for raqm option in gd & ImageMagick to be on the safe side |
| 2024-06-27 18:03:25 by Sergey A. Osokin | Files touched by this commit (15) | |
Log message: */*: update NGINX JavaScript 0.8.4 -> 0.8.5 Bump PKGREVISIONs for www/nginx, www/nginx-devel, www/unit. <ChangeLog> nginx modules: *) Change: r.variables.var, r.requestText, r.responseText, s.variables.var, and the "data" argument of the s.on() callback with "upload" or "download" event types will now convert bytes invalid in UTF-8 encoding into the replacement character. When working with binary data, use r.rawVariables.var, r.requestBuffer, r.responseBuffer, s.rawVariables.var, and the "upstream" or "downstream" event type for s.on() instead. *) Feature: added timeout argument for shared dictionary methods add(), set() and incr(). *) Bugfix: fixed checking for duplicate js_set variables. *) Bugfix: fixed request Host header when the port is non-standard. *) Bugfix: fixed handling of a zero-length request body in ngx.fetch() and r.subrequest(). *) Bugfix: fixed heap-buffer-overflow in Headers.get(). *) Bugfix: fixed r.subrequest() error handling. Core: *) Feature: added zlib module for QuickJS engine. *) Bugfix: fixed zlib.inflate(). *) Bugfix: fixed String.prototype.replaceAll() with zero-length argument. *) Bugfix: fixed retval handling after an exception in Array.prototype.toSpliced(), Array.prototype.toReversed(), Array.prototype.toSorted(). *) Bugfix: fixed RegExp.prototype[@@replace]() with replacements containing "$'", "$\`" and strings with Unicode characters. *) Bugfix: fixed a one-byte overread in decodeURI() and decodeURIComponent(). *) Bugfix: fixed tracking of argument scope. *) Bugfix: fixed integer overflow in Date.parse(). </ChangeLog> |
| 2024-05-29 22:00:24 by Sergey A. Osokin | Files touched by this commit (2) | |
Log message: www/nginx: security update from 1.26.0 to 1.26.1 <ChangeLog> *) Security: when using HTTP/3, processing of a specially crafted QUIC session might cause a worker process crash, worker process memory disclosure on systems with MTU larger than 4096 bytes, or might have potential other impact (CVE-2024-32760, CVE-2024-31079, CVE-2024-35200, CVE-2024-34161). Thanks to Nils Bars of CISPA. *) Bugfix: reduced memory consumption for long-lived requests if "gzip", "gunzip", "ssi", "sub_filter", or \ "grpc_pass" directives are used. *) Bugfix: nginx could not be built by gcc 14 if the --with-atomic option was used. Thanks to Edgar Bonet. *) Bugfix: in HTTP/3. </ChangeLog> |
| 2024-05-29 18:35:19 by Adam Ciarcinski | Files touched by this commit (1929) | |
Log message: revbump after icu and protobuf updates |
New packages: