ALT Linux repos
S: | 1.24.0-alt3 |
5.0: | 0.8.15-alt1 |
4.1: | 0.6.29-alt1.M41.2 |
4.0: | 0.5.38-alt0.M40.1 |
+backports: | 0.5.33-alt1.M40.1 |
3.0: | 0.1.45-alt1 |
Group :: System/Servers
RPM: nginx
Main Changelog Spec Patches Sources Download Gear Bugs and FR Repocop
14 september 2023 Anton Farygin <rider at altlinux.ru> 1.24.0-alt3
- added accept_language module (Closes: #47364)
- updated pam and geoip modules
- updated pam module to 1.5.5
- 1.24.0
- removed deprecated ipv6 configure flag
- removed unused patches and options from specfile
- built with libpcre2
- cache_purge: fix compatibility with newest nginx
- egrep was changed to grep -E in filetrigger to avoid warnings
- updated spnego module
- removed localhost listen from default config (fixed: #42313)
- NMU: Merge mime.types with upstream. (Closes: 38603)
- 1.22.1 (Fixes: CVE-2022-41741, CVE-2022-41742)
- 1.22.0 (Fixes: CVE-2021-3618)
- 1.20.2
- updated pam module to 1.5.3
- 1.20.1 (Fixes: CVE-2021-23017)
- updated rtmp module to 1.2.2
- updated spnego snapshot to a06f9efc
- 1.18.0
- 1.16.1
- 1.14.2
- restart service only from filetrigger
- 1.14.1 (fixes: CVE-2018-16845, CVE-2018-16843, CVE-2018-16844)
- rebuilt with openssl-1.1
- fixed build with glibc-2.3.2
- spenego module moved to tarball
- updated auth_pam module
- Updated to 1.14.0
- Updated nginx-rtmp-module
- rebuild with new perl 5.26.1
- Added ngx_http_auth_pam_module.
- Fixed dependencies of module packages.
- Updated to 1.12.1 (Fixes CVE-2017-7529).
- added spnego dynamic module
- update rtmp module
- 1.12
- add %
- 1.10.3
- 1.10.1
- CVE-2016-4450
- remove ctpp module (ALT #32041)
- fix dynamic modules configuration (use /etc/nginx/modules-enabled.d)
- move perl module to nginx-perl subpackege
- move GeoIP module to nginx-geoip subpackege
- move xslt module to nginx-xslt subpackege
- add image_filter module to nginx-image_filter subpackage
- add filetrigger for restart nginx when modules installed/removed
- update default config with dynamic modules loading sample
- 1.10.0
- build some modules as dynamic
- 1.8.1
- CVE-2016-0742
- CVE-2016-0746
- CVE-2016-0747
- rebuild with new perl 5.22.0
- 1.8.0
- update cache-purge patch
- 1.6.3
- update rtmp module to 1.1.7
- update rtmp module to 1.1.6
- rebuild with new perl 5.20.1
- 1.6.2
- CVE-2014-3616
- enable geopip module
- 1.6.1
- CVE-2014-3556
- 1.6.0
- fix logrotate script (ALT #30018)
- add stat.xsl (ALT #29917)
- 1.4.7
- CVE-2014-0133
- add nginx_rtmp module
- 1.4.5
- use config(noreplace) for sites-available.d/default.conf (closes: #29607)
- 1.4.4 (ALT #29604)
- CVE-2013-4547
- add ipv6 support
- fixed mime-types conflict (closes: #28550)
- new version
- built for perl 5.18
- 1.4.2
- 1.4.1
- CVE-2013-2028
- 1.4.0
- enable http_spdy_module
- new version
- new version
- add systemd service (ALT #28069)
- logrotate using 'nginx -s reopen' (systemd)
- new version
- add ngx_ctpp2 module
- rebuilt for perl-5.16
- new version
- new version
- new version
- new version (closes: #27215)
- new version
- decreased starting priority in initscript to 98 (closes: #26466)
- removed old Readme.ALT (closes: #26861)
- fixed duplicated ogg in mime-types (closes: #26863)
- new version
- new version
- rebuilt for perl-5.14
- new version
- new version
- enabled http_mp4_module
- new version
- new version
- new version
- new version
- new version
- add cache_purge module
- 1.0.0
- updated to 0.8.54
- add nginx user to _webserver group (closes: #24938)
- added patch from 0.9.0 with fix for memory violation in auth_basic
- fixed build with new perl
- rebuilt with perl 5.12
- add http_secure_link_module
- new version
- new version
- new version
- new version
- new version
- new version
- new version
- removed external uswgi module (included to mainstream)
- new uswgi and scgi modules
- new version
- add uswgi module
- new version
- added (disabled by default) syslogd patch
- new version
- new version
- new version
- remove unused patches
- Updated to 0.8.24.
- Updated to 0.8.19:
+ Bugfixes in limit_req;
+ SSL module enforcements (-SSLv2).
- Updated to 0.8.18.
- Move mime.types modification to separate patch.
- Updated to 0.8.16:
+ Bugfixes in resolver code, image module and gzip_vary handling.
- Updated to 0.8.15:
+ Security: a segmentation fault might occur in worker process while
specially crafted request handling (VU#180065);
+ Bugfix: in file AIO.
- Updated to 0.8.14.
- NMU:
+ updated to 0.8.13;
+ add new aio module (and enable file aio);
+ add new geoip module (disabled by default);
+ massive update of mime.types database (sync with Apache);
+ nginx.init: get rid of duplicated conftest calls.
- NMU:
+ updated to 0.7.61.
+ src/event/openssl: fix memory corruption in $ssl_client_cert
(thanks to Sergey Zhuravlev)
- NMU:
+ updated to 0.7.59.
+ fix optimization for x86.
+ add support of building new modules (disabled by default):
+ image_filter
+ xslt.
- rebuild
- NMU:
+ updated to 0.6.37.
+ disable all debug stuff (e.g. perftools support).
- fixed missing substitution of sites-available.d/default.conf
(Closes: #19560)
- Bugfix: in shared memory allocations if nginx was built without debugging.
- Bugfixes in an "Expect" request header line support.
- Bugfix: UTF-8 encoding usage in the ngx_http_autoindex_module.
- update README.ALT
- move default config to /etc/nginx/sites-available.d
- Change: now the EAGAIN error returned by connect() is not considered as
temporary error. - Change: now the "gzip_vary" directive turned on issues a "Vary:
Accept-Encoding" header line for uncompressed responses too. - Feature: the "expires" directive supports daily time.
- Feature: the "Expect" request header line support.
- Feature: now the "rewrite" directive does a redirect automatically if the
"https://" protocol is used. - Bugfix: the "listen" directive parameters such as "backlog", "rcvbuf", etc.
were not set, if a default server was not the first one. - Bugfix: the "log_not_found" directive did not work for index files tests.
- Bugfix: now if FastCGI server sends a "Location" header line without status
line, then nginx uses 302 status code. Thanks to Maxim Dounin. - Bugfix: the ngx_http_flv_module did not support several values in a query
string. - Bugfix: when a request to a directory was redirected with the slash added,
nginx dropped a query string from the original request. - Feature: now nginx returns the 405 status code for POST method requesting a
static file only if the file exists. - Bugfix: the resolver did not understand big DNS responses. Thanks to Zyb.
- Bugfix: in HTTPS mode requests might fail with the "bad write retry" error.
- Bugfix: the ngx_http_charset_module did not understand quoted charset name
received from backend. - Bugfix: if the "max_fails=0" parameter was used in upstream with several
servers, then a worker process exited on a SIGFPE signal. Thanks to Maxim
Dounin. - Bugfix: the $r->header_in() method did not return value of the "Host",
"User-Agent", and "Connection" request header lines; the bug had appeared
in 0.6.32. - Bugfix: a full response was returned for request method HEAD while
redirection via an "error_page" directive. - Bugfix: if a directory has search only rights and the first index file was
absent, then nginx returned the 500 status code. - Bugfix: of recursive error_page for 500 status code.
- Change: the "none" parameter in the "ssl_session_cache" directive; now this
is default parameter. Thanks to Rob Mueller. - Change: now the 0x00-0x1F, '"' and '\' characters are escaped as \xXX in an
access_log. Thanks to Maxim Dounin. - Change: now nginx allows several "Host" request header line.
- Feature: the "modified" flag in the "expires" directive.
- Feature: the $uid_got and $uid_set variables may be used at any request
processing stage. - Feature: the $hostname variable. Thanks to Andrei Nigmatulin.
- Feature: DESTDIR support. Thanks to Todd A. Fisher and Andras Voroskoi.
- Bugfix: if sub_filter and SSI were used together, then responses might were
transferred incorrectly. - Bugfix: large SSI inclusions might be truncated.
- Bugfix: the "proxy_pass" directive did not work with the HTTPS protocol; the
bug had appeared in 0.6.9. - Bugfix: worker processes might not catch reconfiguration and log rotation
signals. - Bugfix: a segmentation fault might occur in worker process on Linux, if
keepalive was enabled.
- Bugfix: nginx did not process FastCGI response if header was at the end of
FastCGI record; bug appeared in 0.6.2. Thanks to Sergey Serov. - Bugfix: a segmentation fault might occur in worker process if a file was
deleted and the "open_file_cache_errors" directive was off.
- Update to 0.6.30
- Change: now if an "include" directive pattern does not match any file, then
nginx does not issue an error. - Feature: now the time in directives may be
specified without spaces, for example, "1h50m". - Bugfix: memory leaks if the "ssl_verify_client" directive was on. Thanks to
Chavelle Vincent. - Bugfix: the "sub_filter" directive might set text to change into output.
- Bugfix: the "error_page" directive did not take into account arguments in
redirected URI.
- Update to 0.6.29
- rebuild
- re-added kludge from 0.5.34-alt1.1: the more insightful fix didn't
account for the case of i586 (which is our default x86 buildarch)
while my dirty hack doesnn't account at all, it just has a hammer :) - so "could not build the types_hash, you should increase types_hash_bucket_size: 32
error with our default configuration (considerably larger mime.types)
should go away again
- replaced ugly kludge introduced by me in 0.5.34-alt1.1
with an insightful one by Gena Makhomed (#13407)
- added Provides: webserver (#13546)
- Change: now the ngx_http_userid_module adds start time microseconds
to the cookie field contains a pid value. - Change: now the uname(2) is used on Linux instead of procfs.
Thanks to Ilya Novikov. - Feature: the "If-Range" request header line support.
Thanks to Alexander V. Inyukhin. - Bugfix: in HTTPS mode requests might fail with the "bad write retry"
error; bug appeared in 0.5.13. - Bugfix: the STARTTLS in SMTP mode did not work.
Thanks to Oleg Motienko. - Bugfix: large_client_header_buffers did not freed before going to
keep-alive state.
Thanks to Olexander Shtepa. - Bugfix: the "limit_rate" directive did not allow to use full
throughput, even if limit value was very high. - Bugfix: the $status variable was equal to 0 if a proxied server
returned response in HTTP/0.9 version. - Bugfix: if the "?" character was in a "error_page" directive, then
it was escaped in a proxied request; bug appeared in 0.5.32.
- got fed up with "could not build the types_hash, you should
increase types_hash_bucket_size: 32" and did increase the default
to empirically tested (Linux/i586) value of 64
- rebuild
- Change: now the full request line instead of URI only is written to
error_log. - Feature: the "merge_slashes" directive.
- Feature: the "gzip_vary" directive.
- Feature: the "server_tokens" directive.
- Feature: the "access_log" directive may be used inside the "limit_except" block.
- Bugfix: if the $server_protocol was used in FastCGI parameters and a
request line length was near to the "client_header_buffer_size" directive
value, then nginx issued an alert "fastcgi: the request record is too big". - Bugfix: if a plain text HTTP/0.9 version request was made to HTTPS server,
then nginx returned usual response. - Bugfix: URL double escaping in a redirect of the "msie_refresh"
directive; bug appeared in 0.5.28. - Bugfix: a segmentation fault might occur in worker process if
subrequests were used. - Bugfix: the big responses may be transferred truncated if SSL and gzip were
used. - Bugfix: compatibility with mget.
- Bugfix: nginx did not unescape URI in the "include" SSI command.
- Bugfix: the segmentation fault was occurred on start or while
reconfiguration if variable was used in the "charset" or
"source_charset" directives. - Bugfix: nginx returned the 400 response on requests like
"GET http://www.domain.com HTTP/1.0". Thanks to James Oakley. - Bugfix: a segmentation fault occurred in worker process if
$date_local and $date_gmt were used outside the
ngx_http_ssi_filter_module. - Bugfix: a segmentation fault might occur in worker process if debug
log was enabled. Thanks to Andrei Nigmatulin. - Bugfix: ngx_http_memcached_module did not set $upstream_response_time.
Thanks to Maxim Dounin. - Bugfix: a worker process may got caught in an endless loop, if the
memcached was used.
- Fix default nginx.conf:
+ first server_name with wildcards is a fatal error now
+ add two more somewhat unobvious tips on reverse proxying
+ link to http://nginx.net for info/docs
- Auto fix types_hash_bucket_size in config
- Change: now by default the "echo" SSI command uses entity encoding.
- Feature: the "encoding" parameter in the "echo" SSI command.
- Change: mail proxy was split on three modules: pop3, imap and smtp.
- Feature: the "smtp_greeting_delay" and "smtp_client_buffer" directives of the
ngx_mail_smtp_module. - Feature: the "server_name" and "valid_referers" directives support regular
expressions. - Feature: the "server_name", "map", and "valid_referers" directives support
the "www.example.*" wildcards. - Bugfix: sub_filter did not work with empty substitution.
- Bugfix: in sub_filter parsing.
- Bugfix: a worker process may got caught in an endless loop, if the memcached
was used. - Bugfix: nginx supported low case only "close" and "keep-alive" values in the
"Connection" request header line; bug appeared in 0.5.32. - build --with debug (for more verbose logging)
- Change: now nginx tries to set the "worker_priority", "worker_rlimit_nofile",
"worker_rlimit_core", and "worker_rlimit_sigpending" without super-user
privileges. - Change: now nginx escapes space and "%" in request to a mail proxy
authentication server. - Change: now nginx escapes "%" in $memcached_key variable.
- Feature: the "add_header Last-Modified ..." directive changes the
"Last-Modified" response header line. - Feature: the mail proxy supports AUTHENTICATE in IMAP mode. Thanks to Maxim
Dounin. - Feature: the mail proxy supports STARTTLS in SMTP mode. Thanks to Maxim
Dounin. - Bugfix: nginx did not close directory file on HEAD request if autoindex was
used. Thanks to Arkadiusz Patyk. - Bugfix: the "proxy_hide_header" and "fastcgi_hide_header" directives did not
hide response header lines whose name was longer than 32 characters. Thanks
to Manlio Perillo. - Bugfix: active connection counter always increased if mail proxy was used.
- Bugfix: if backend returned response header only using non-buffered proxy,
then nginx closed backend connection on timeout. - Bugfix: nginx did not support several "Connection" request header lines.
- Bugfix: a charset set by the "charset" directive was not appended to the
"Content-Type" header set by $r->send_http_header(). - Bugfix: a segmentation fault might occur in worker process if /dev/poll
method was used. - Bugfix: a segmentation fault occurred in worker process if invalid address
was set in the "auth_http" directive. - Bugfix: now nginx uses default listen backlog value 511 on all platforms
except FreeBSD. Thanks to Jiang Hong. - Bugfix: now Solaris sendfilev() is not used to transfer the client request
body to FastCGI-server via the unix domain socket. - Bugfix: if the same host without specified port was used as backend for HTTP
and HTTPS, then nginx used only one port - 80 or 443. - Bugfix: the "proxy_ignore_client_abort" and "fastcgi_ignore_client_abort"
directives did not work; bug appeared in 0.5.13.
- properly fixed #7441 (taking into accound ldv@'s objections)
- properly fixed #12655 (ditto)
- readability improvements to initscript
- added /etc/sysconfig/nginx (flexible ulimit setup)
- rebuild
- rebuild
- fix back my thinko regarding /var/run/nginx/ directory
- rework upgrade() initscript action (and run it only for package upgrades,
just do a restart for sysadmin's command) -- should fix #12655
- NMU: moved remnants of directory creation and permissions setup
from initscript to specfile (seems like was a band-aid which is
currently unneeded and non-elegant); see also #12647 - fixed #7441 (service nginx stop would leave children running)
- rebuild
- Feature: named locations.
- Feature: the "proxy_store" and "fastcgi_store" directives.
- Feature: the "proxy_store_access" and "fastcgi_store_access" directives.
- Feature: the $args variable can be set with the "set" directive.
- Feature: the $is_args variable.
- Bugfix: if a client has closed connection to mail proxy then nginx might not
close connection to backend. - Bugfix: now nginx escapes space in $memcached_key variable.
- Bugfix: a segmentation fault might occur in worker process when the HTTPS
protocol was used in the "proxy_pass" directive. - Bugfix: the perl $$ variable value in ngx_http_perl_module was equal to the
master process identification number. - Bugfix: fix building on Solaris/amd64 by Sun Studio 11 and early versions;
bug appeared in 0.5.29. - Feature: $nginx_version variable. Thanks to Nick S. Grechukh.
- Bugfix: if the FastCGI header was split in records, then nginx passed garbage
in the header to a client. - Bugfix: Sun Studio compatibility on Solaris/amd64 and Solaris/sparc64.
Thanks to Jiang Hong and Andrei Nigmatulin. - Bugfix: of minor potential bugs. Thanks to Coverity's Scan.
- Security: the "msie_refresh" directive allowed XSS. Thanks to Maxim Boguk.
- Bugfix: a segmentation fault might occur in worker process if the
"auth_http_header" directive was used. Thanks to Maxim Dounin. - Bugfix: a segmentation fault occurred in worker process if the CRAM-MD5
authentication method was used, but it was not enabled. - Bugfix: a segmentation fault might occur in worker process if the eventport
method was used. - Bugfix: if remote SSI subrequest was used, then posterior local file
subrequest might transferred to client in wrong order. - Bugfix: large SSI inclusions buffered in temporary files were truncated.
- More strict requires for perl-base version
- Remove nginx.perl.fix.patch (added to upstream)
- Drop nginx-0.5.14-gns-catchstderr.patch (added to upstream)
- Bugfix: in SSI parsing.
- Bugfix: nginx could not be built with the --without-http_rewrite_module
parameter; bug appeared in 0.5.24. - Security: the "ssl_verify_client" directive did not work if request was made
using HTTP/0.9. - Bugfix: a part of response body might be passed uncompressed if gzip was
used; bug appeared in 0.5.23.
- update version to 0.5.22
- fix perl module (#11911)
- update mime.types (get it from Apache)
- fix x86_64 building
- update version to 0.5.20
- remove connection_pool_size option from config file (fix crash on x86_64)
- build with perl support (at@)
- Feature: the "sendfile_max_chunk" directive.
- Feature: the "$http_...", "$sent_http_...", and "$upstream_http_..."
variables may be changed using the "set" directive. - Bugfix: a segmentation fault might occur in worker process if the SSI command
'if expr="$var = /"' was used. - Bugfix: trailing boundary of multipart range response was transferred
incorrectly. Thanks to Evan Miller.
- update version to 0.5.19
- build --with-http_stub_status_module (gns@)
- fix mail proxy building
- Add Symbian sis/sisx files to mime.types (#11459)
- Add hints to config file (#11368)
- Make default config file more useful
- Add README.ALT
- Start more workers in default config (more DoS proof)
- Change: now the $request_time variable has millisecond precision.
- Feature: the $upstream_addr variable.
- Feature: the "proxy_headers_hash_max_size" and
"proxy_headers_hash_bucket_size" directives. Thanks to Volodymyr Kostyrko. - Bugfix: the files more than 2G could not be transferred using sendfile on
64-bit Linux. - Feature: the ngx_http_sub_filter_module.
- Feature: the "$upstream_http_..." variables.
- Feature: now the $upstream_status and $upstream_response_time variables keep
data about all upstreams before X-Accel-Redirect.
- update version to 0.5.17
- update version to 0.5.14
- update version to 0.5.0
- version update
- rebuild with http_browser_module
- version update
- version update
- version update
- authorize by client certifications added
- version update
- version update
- with realip
- version update;
- NMU;
- version update;
- x86_64 fixes;
- default config updated;
- init script improvements;
- add logrotate script;
- update patches.
- version update
- version update
- create directories for temp files (client requests, fastcgi & proxy replies)
- version update
- added two patches (from lakostis@)
- build with optimization flags (from lakostis@)
- version update
- default_charset removed
- charset set reply codepage, source_charset -- source charset :)
- limit_rate supported with proxy and fastcgi
- X-Accel-Limit-Rate header from backend supported
- added: ssi_types
- added: autoindex_exact_size
- added: log_not_found
- added: break
- removed: post_accept_timeout
- build with imap
- many other fixes
- version update
- 0.1.34
- spec cleanup / macrification (mike@)
- changed "nginx" user/group to "_nginx" (mike@)
- version update
- some cleanups
- version update
- cleanup
- version update
- add ulimit -n 16384 to initscript
- version update
- cleanup
- tmp moved to /var/spool/nagios/tmp
- version update
- version update
- version update
- fastcgi support (upstream)
- version update
- OpenSSL-support builded
- rewrite and pcre support builded
- startup script
- useful default config-file
- version update
- first build