Commit f685ff46 authored by hadret's avatar hadret

Update upstream source from tag 'upstream/1.16.0'

Update to upstream version '1.16.0'
with Debian dir 48fb08ea04731d856ffce9b7e3d7bc1a170b65ba
parents a6fcf2e9 0edd7523
Changes with nginx 1.14.0 17 Apr 2018
Changes with nginx 1.16.0 23 Apr 2019
*) 1.14.x stable branch.
*) 1.16.x stable branch.
Changes with nginx 1.15.12 16 Apr 2019
*) Bugfix: a segmentation fault might occur in a worker process if
variables were used in the "ssl_certificate" or "ssl_certificate_key"
directives and OCSP stapling was enabled.
Changes with nginx 1.15.11 09 Apr 2019
*) Bugfix: in the "ssl_stapling_file" directive on Windows.
Changes with nginx 1.15.10 26 Mar 2019
*) Change: when using a hostname in the "listen" directive nginx now
creates listening sockets for all addresses the hostname resolves to
(previously, only the first address was used).
*) Feature: port ranges in the "listen" directive.
*) Feature: loading of SSL certificates and secret keys from variables.
*) Workaround: the $ssl_server_name variable might be empty when using
OpenSSL 1.1.1.
*) Bugfix: nginx/Windows could not be built with Visual Studio 2015 or
newer; the bug had appeared in 1.15.9.
Changes with nginx 1.15.9 26 Feb 2019
*) Feature: variables support in the "ssl_certificate" and
"ssl_certificate_key" directives.
*) Feature: the "poll" method is now available on Windows when using
Windows Vista or newer.
*) Bugfix: if the "select" method was used on Windows and an error
occurred while establishing a backend connection, nginx waited for
the connection establishment timeout to expire.
*) Bugfix: the "proxy_upload_rate" and "proxy_download_rate" directives
in the stream module worked incorrectly when proxying UDP datagrams.
Changes with nginx 1.15.8 25 Dec 2018
*) Feature: the $upstream_bytes_sent variable.
Thanks to Piotr Sikora.
*) Feature: new directives in vim syntax highlighting scripts.
Thanks to Gena Makhomed.
*) Bugfix: in the "proxy_cache_background_update" directive.
*) Bugfix: in the "geo" directive when using unix domain listen sockets.
*) Workaround: the "ignoring stale global SSL error ... bad length"
alerts might appear in logs when using the "ssl_early_data" directive
with OpenSSL.
*) Bugfix: in nginx/Windows.
*) Bugfix: in the ngx_http_autoindex_module on 32-bit platforms.
Changes with nginx 1.15.7 27 Nov 2018
*) Feature: the "proxy_requests" directive in the stream module.
*) Feature: the "delay" parameter of the "limit_req" directive.
Thanks to Vladislav Shabanov and Peter Shchuchkin.
*) Bugfix: memory leak on errors during reconfiguration.
*) Bugfix: in the $upstream_response_time, $upstream_connect_time, and
$upstream_header_time variables.
*) Bugfix: a segmentation fault might occur in a worker process if the
ngx_http_mp4_module was used on 32-bit platforms.
Changes with nginx 1.15.6 06 Nov 2018
*) Security: when using HTTP/2 a client might cause excessive memory
consumption (CVE-2018-16843) and CPU usage (CVE-2018-16844).
*) Security: processing of a specially crafted mp4 file with the
ngx_http_mp4_module might result in worker process memory disclosure
(CVE-2018-16845).
*) Feature: the "proxy_socket_keepalive", "fastcgi_socket_keepalive",
"grpc_socket_keepalive", "memcached_socket_keepalive",
"scgi_socket_keepalive", and "uwsgi_socket_keepalive" directives.
*) Bugfix: if nginx was built with OpenSSL 1.1.0 and used with OpenSSL
1.1.1, the TLS 1.3 protocol was always enabled.
*) Bugfix: working with gRPC backends might result in excessive memory
consumption.
Changes with nginx 1.15.5 02 Oct 2018
*) Bugfix: a segmentation fault might occur in a worker process when
using OpenSSL 1.1.0h or newer; the bug had appeared in 1.15.4.
*) Bugfix: of minor potential bugs.
Changes with nginx 1.15.4 25 Sep 2018
*) Feature: now the "ssl_early_data" directive can be used with OpenSSL.
*) Bugfix: in the ngx_http_uwsgi_module.
Thanks to Chris Caputo.
*) Bugfix: connections with some gRPC backends might not be cached when
using the "keepalive" directive.
*) Bugfix: a socket leak might occur when using the "error_page"
directive to redirect early request processing errors, notably errors
with code 400.
*) Bugfix: the "return" directive did not change the response code when
returning errors if the request was redirected by the "error_page"
directive.
*) Bugfix: standard error pages and responses of the
ngx_http_autoindex_module module used the "bgcolor" attribute, and
might be displayed incorrectly when using custom color settings in
browsers.
Thanks to Nova DasSarma.
*) Change: the logging level of the "no suitable key share" and "no
suitable signature algorithm" SSL errors has been lowered from "crit"
to "info".
Changes with nginx 1.15.3 28 Aug 2018
*) Feature: now TLSv1.3 can be used with BoringSSL.
*) Feature: the "ssl_early_data" directive, currently available with
BoringSSL.
*) Feature: the "keepalive_timeout" and "keepalive_requests" directives
in the "upstream" block.
*) Bugfix: the ngx_http_dav_module did not truncate destination file
when copying a file over an existing one with the COPY method.
*) Bugfix: the ngx_http_dav_module used zero access rights on the
destination file and did not preserve file modification time when
moving a file between different file systems with the MOVE method.
*) Bugfix: the ngx_http_dav_module used default access rights when
copying a file with the COPY method.
*) Workaround: some clients might not work when using HTTP/2; the bug
had appeared in 1.13.5.
*) Bugfix: nginx could not be built with LibreSSL 2.8.0.
Changes with nginx 1.15.2 24 Jul 2018
*) Feature: the $ssl_preread_protocol variable in the
ngx_stream_ssl_preread_module.
*) Feature: now when using the "reset_timedout_connection" directive
nginx will reset connections being closed with the 444 code.
*) Change: a logging level of the "http request", "https proxy request",
"unsupported protocol", and "version too low" SSL errors has been
lowered from "crit" to "info".
*) Bugfix: DNS requests were not resent if initial sending of a request
failed.
*) Bugfix: the "reuseport" parameter of the "listen" directive was
ignored if the number of worker processes was specified after the
"listen" directive.
*) Bugfix: when using OpenSSL 1.1.0 or newer it was not possible to
switch off "ssl_prefer_server_ciphers" in a virtual server if it was
switched on in the default server.
*) Bugfix: SSL session reuse with upstream servers did not work with the
TLS 1.3 protocol.
Changes with nginx 1.15.1 03 Jul 2018
*) Feature: the "random" directive inside the "upstream" block.
*) Feature: improved performance when using the "hash" and "ip_hash"
directives with the "zone" directive.
*) Feature: the "reuseport" parameter of the "listen" directive now uses
SO_REUSEPORT_LB on FreeBSD 12.
*) Bugfix: HTTP/2 server push did not work if SSL was terminated by a
proxy server in front of nginx.
*) Bugfix: the "tcp_nopush" directive was always used on backend
connections.
*) Bugfix: sending a disk-buffered request body to a gRPC backend might
fail.
Changes with nginx 1.15.0 05 Jun 2018
*) Change: the "ssl" directive is deprecated; the "ssl" parameter of the
"listen" directive should be used instead.
*) Change: now nginx detects missing SSL certificates during
configuration testing when using the "ssl" parameter of the "listen"
directive.
*) Feature: now the stream module can handle multiple incoming UDP
datagrams from a client within a single session.
*) Bugfix: it was possible to specify an incorrect response code in the
"proxy_cache_valid" directive.
*) Bugfix: nginx could not be built by gcc 8.1.
*) Bugfix: logging to syslog stopped on local IP address changes.
*) Bugfix: nginx could not be built by clang with CUDA SDK installed;
the bug had appeared in 1.13.8.
*) Bugfix: "getsockopt(TCP_FASTOPEN) ... failed" messages might appear
in logs during binary upgrade when using unix domain listen sockets
on FreeBSD.
*) Bugfix: nginx could not be built on Fedora 28 Linux.
*) Bugfix: request processing rate might exceed configured rate when
using the "limit_req" directive.
*) Bugfix: in handling of client addresses when using unix domain listen
sockets to work with datagrams on Linux.
*) Bugfix: in memory allocation error handling.
Changes with nginx 1.13.12 10 Apr 2018
......
This diff is collapsed.
/*
* Copyright (C) 2002-2018 Igor Sysoev
* Copyright (C) 2011-2018 Nginx, Inc.
* Copyright (C) 2002-2019 Igor Sysoev
* Copyright (C) 2011-2019 Nginx, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
......
......@@ -6,7 +6,8 @@
NGX_CLANG_VER=`$CC -v 2>&1 | grep 'version' 2>&1 \
| sed -e 's/^.* version \(.*\)/\1/'`
| sed -n -e 's/^.*clang version \(.*\)/\1/p' \
-e 's/^.*LLVM version \(.*\)/\1/p'`
echo " + clang version: $NGX_CLANG_VER"
......
......@@ -108,7 +108,7 @@ CORE_LIBS="$CORE_LIBS kernel32.lib user32.lib"
# msvc under Wine issues
# C1902: Program database manager mismatch; please check your installation
if [ -z "$NGX_WINE" ]; then
CFLAGS="$CFLAGS -Zi"
CFLAGS="$CFLAGS -Zi -Fd$NGX_OBJS/nginx.pdb"
CORE_LINK="$CORE_LINK -debug"
fi
......
......@@ -9,7 +9,8 @@
ngx_feature_incs=
ngx_feature_path=
ngx_feature_libs="-lprofiler"
ngx_feature_test="ProfilerStop()"
ngx_feature_test="void ProfilerStop(void);
ProfilerStop()"
. auto/feature
......
......@@ -9,7 +9,8 @@
ngx_feature_incs="#include <gd.h>"
ngx_feature_path=
ngx_feature_libs="-lgd"
ngx_feature_test="gdImagePtr img = gdImageCreateFromGifPtr(1, NULL);"
ngx_feature_test="gdImagePtr img = gdImageCreateFromGifPtr(1, NULL);
(void) img"
. auto/feature
......@@ -76,7 +77,8 @@ if [ $ngx_found = yes ]; then
ngx_feature="GD WebP support"
ngx_feature_name="NGX_HAVE_GD_WEBP"
ngx_feature_test="gdImagePtr img = gdImageCreateFromWebpPtr(1, NULL);"
ngx_feature_test="gdImagePtr img = gdImageCreateFromWebpPtr(1, NULL);
(void) img"
. auto/feature
else
......
......@@ -16,8 +16,8 @@
ngx_feature_libs="-lxml2 -lxslt"
ngx_feature_test="xmlParserCtxtPtr ctxt = NULL;
xsltStylesheetPtr sheet = NULL;
xmlDocPtr doc;
doc = xmlParseChunk(ctxt, NULL, 0, 0);
xmlDocPtr doc = NULL;
xmlParseChunk(ctxt, NULL, 0, 0);
xsltApplyStylesheet(sheet, doc, NULL);"
. auto/feature
......
......@@ -229,7 +229,7 @@ build: binary modules manpage
binary: $NGX_OBJS${ngx_dirsep}nginx$ngx_binext
$NGX_OBJS${ngx_dirsep}nginx$ngx_binext: $ngx_deps$ngx_spacer
\$(LINK) $ngx_long_start$ngx_binout$NGX_OBJS${ngx_dirsep}nginx$ngx_long_cont$ngx_objs$ngx_libs$ngx_link$ngx_main_link
\$(LINK) $ngx_long_start$ngx_binout$NGX_OBJS${ngx_dirsep}nginx$ngx_binext$ngx_long_cont$ngx_objs$ngx_libs$ngx_link$ngx_main_link
$ngx_rcc
$ngx_long_end
......
......@@ -878,6 +878,17 @@ if [ $HTTP = YES ]; then
. auto/module
fi
if [ $HTTP_UPSTREAM_RANDOM = YES ]; then
ngx_module_name=ngx_http_upstream_random_module
ngx_module_incs=
ngx_module_deps=
ngx_module_srcs=src/http/modules/ngx_http_upstream_random_module.c
ngx_module_libs=
ngx_module_link=$HTTP_UPSTREAM_RANDOM
. auto/module
fi
if [ $HTTP_UPSTREAM_KEEPALIVE = YES ]; then
ngx_module_name=ngx_http_upstream_keepalive_module
ngx_module_incs=
......@@ -1143,6 +1154,16 @@ if [ $STREAM != NO ]; then
. auto/module
fi
if [ $STREAM_UPSTREAM_RANDOM = YES ]; then
ngx_module_name=ngx_stream_upstream_random_module
ngx_module_deps=
ngx_module_srcs=src/stream/ngx_stream_upstream_random_module.c
ngx_module_libs=
ngx_module_link=$STREAM_UPSTREAM_RANDOM
. auto/module
fi
if [ $STREAM_UPSTREAM_ZONE = YES ]; then
have=NGX_STREAM_UPSTREAM_ZONE . auto/have
......
......@@ -102,6 +102,7 @@ HTTP_GZIP_STATIC=NO
HTTP_UPSTREAM_HASH=YES
HTTP_UPSTREAM_IP_HASH=YES
HTTP_UPSTREAM_LEAST_CONN=YES
HTTP_UPSTREAM_RANDOM=YES
HTTP_UPSTREAM_KEEPALIVE=YES
HTTP_UPSTREAM_ZONE=YES
......@@ -126,6 +127,7 @@ STREAM_SPLIT_CLIENTS=YES
STREAM_RETURN=YES
STREAM_UPSTREAM_HASH=YES
STREAM_UPSTREAM_LEAST_CONN=YES
STREAM_UPSTREAM_RANDOM=YES
STREAM_UPSTREAM_ZONE=YES
STREAM_SSL_PREREAD=NO
......@@ -273,6 +275,8 @@ $0: warning: the \"--with-ipv6\" option is deprecated"
--without-http_upstream_ip_hash_module) HTTP_UPSTREAM_IP_HASH=NO ;;
--without-http_upstream_least_conn_module)
HTTP_UPSTREAM_LEAST_CONN=NO ;;
--without-http_upstream_random_module)
HTTP_UPSTREAM_RANDOM=NO ;;
--without-http_upstream_keepalive_module) HTTP_UPSTREAM_KEEPALIVE=NO ;;
--without-http_upstream_zone_module) HTTP_UPSTREAM_ZONE=NO ;;
......@@ -325,6 +329,8 @@ use the \"--with-mail_ssl_module\" option instead"
STREAM_UPSTREAM_HASH=NO ;;
--without-stream_upstream_least_conn_module)
STREAM_UPSTREAM_LEAST_CONN=NO ;;
--without-stream_upstream_random_module)
STREAM_UPSTREAM_RANDOM=NO ;;
--without-stream_upstream_zone_module)
STREAM_UPSTREAM_ZONE=NO ;;
......@@ -485,6 +491,8 @@ cat << END
disable ngx_http_upstream_ip_hash_module
--without-http_upstream_least_conn_module
disable ngx_http_upstream_least_conn_module
--without-http_upstream_random_module
disable ngx_http_upstream_random_module
--without-http_upstream_keepalive_module
disable ngx_http_upstream_keepalive_module
--without-http_upstream_zone_module
......@@ -535,6 +543,8 @@ cat << END
disable ngx_stream_upstream_hash_module
--without-stream_upstream_least_conn_module
disable ngx_stream_upstream_least_conn_module
--without-stream_upstream_random_module
disable ngx_stream_upstream_random_module
--without-stream_upstream_zone_module
disable ngx_stream_upstream_zone_module
......
......@@ -185,6 +185,8 @@ ngx_feature_test="struct __user_cap_data_struct data;
data.effective = CAP_TO_MASK(CAP_NET_RAW);
data.permitted = 0;
(void) header;
(void) data;
(void) SYS_capset"
. auto/feature
......
......@@ -11,6 +11,7 @@ CORE_SRCS="$WIN32_SRCS $IOCP_SRCS"
OS_CONFIG="$WIN32_CONFIG"
NGX_ICONS="$NGX_WIN32_ICONS"
SELECT_SRCS=$WIN32_SELECT_SRCS
POLL_SRCS=$WIN32_POLL_SRCS
ngx_pic_opt=
ngx_binext=".exe"
......@@ -31,12 +32,7 @@ case "$NGX_CC_NAME" in
esac
EVENT_MODULES="$EVENT_MODULES $IOCP_MODULE"
EVENT_FOUND=YES
if [ $EVENT_SELECT = NO ]; then
CORE_SRCS="$CORE_SRCS $SELECT_SRCS"
EVENT_MODULES="$EVENT_MODULES $SELECT_MODULE"
fi
#EVENT_FOUND=YES
have=NGX_HAVE_INET6 . auto/have
......
......@@ -95,6 +95,7 @@ EVENT_SRCS="src/event/ngx_event.c \
src/event/ngx_event_timer.c \
src/event/ngx_event_posted.c \
src/event/ngx_event_accept.c \
src/event/ngx_event_udp.c \
src/event/ngx_event_connect.c \
src/event/ngx_event_pipe.c"
......@@ -105,6 +106,7 @@ WIN32_SELECT_SRCS=src/event/modules/ngx_win32_select_module.c
POLL_MODULE=ngx_poll_module
POLL_SRCS=src/event/modules/ngx_poll_module.c
WIN32_POLL_SRCS=src/event/modules/ngx_win32_poll_module.c
KQUEUE_MODULE=ngx_kqueue_module
KQUEUE_SRCS=src/event/modules/ngx_kqueue_module.c
......
......@@ -24,7 +24,9 @@ types {
image/x-jng jng;
image/x-ms-bmp bmp;
application/font-woff woff;
font/woff woff;
font/woff2 woff2;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
......
This diff is collapsed.
nginx (1.16.0-0bionic0) bionic; urgency=medium
* Non-maintainer upload
* New upstream stable release (1.16.0)
-- Filip Chabik <hadret@gmail.com> Fri, 26 Apr 2019 13:11:48 +0000
nginx (1.14.0-0ubuntu1.2) bionic-security; urgency=medium
* SECURITY UPDATE: excessive memory consumption in HTTP/2 implementation
......
......@@ -18,7 +18,7 @@ Files-Excluded: .gitignore .gitattributes .travis.yml
Module: http-lua
Homepage: https://github.com/openresty/lua-nginx-module
Version: 0.10.11
Version: 0.10.14
Patch:
openssl-1.1.0.patch
discover-luajit-2.1.patch
......@@ -34,8 +34,8 @@ Patch:
Module: nchan
Homepage: https://github.com/slact/nchan
Version: 1.0.8
Files-Excluded: dev nchan_logo.png NchanSubscriber.js src/hiredis
Version: 1.2.5
Files-Excluded: dev nchan_logo.png NchanSubscriber.js
Module: http-uploadprogress
Homepage: https://github.com/masterzen/nginx-upload-progress-module
......@@ -51,11 +51,11 @@ Patch:
Module: http-dav-ext
Homepage: https://github.com/arut/nginx-dav-ext-module
Version: 0.1.0
Version: 3.0.0
Module: http-fancyindex
Homepage: https://github.com/aperezdc/ngx-fancyindex
Version: 0.4.2
Version: 0.4.3
Files-Excluded: .gitignore .travis.yml
Module: http-subs-filter
......
Copyright (c) 2012-2017, Roman Arutyunyan
Copyright (C) 2012-2018 Roman Arutyunyan
All rights reserved.
Redistribution and use in source and binary forms, with or without
......
......@@ -2,40 +2,187 @@
nginx-dav-ext-module
********************
NGINX WebDAV missing commands support (PROPFIND & OPTIONS)
nginx_ WebDAV_ PROPFIND,OPTIONS,LOCK,UNLOCK support.
Copyright |copy| 2012-2017 Arutyunyan Roman (arutyunyan.roman@gmail.com)
.. contents::
.. |copy| unicode:: U+000A9 .. COPYRIGHT SIGN
For full WebDAV support in NGINX you need to enable the standard NGINX
WebDAV module (providing partial WebDAV implementation) as well as
this module for missing methods:
About
=====
The standard ngx_http_dav_module_ provides partial WebDAV_ implementation and
only supports GET,HEAD,PUT,DELETE,MKCOL,COPY,MOVE methods.
For full WebDAV_ support in nginx_ you need to enable the standard