| Message ID | 20220425124016.3436961-1-adolf.belka@ipfire.org |
|---|---|
| State | Accepted |
| Commit | 3661b4cb467232082bed7ceebe0cff1882c38d5d |
| Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4Kn4Nk0sHFz3x1v for <patchwork@web04.haj.ipfire.org>; Mon, 25 Apr 2022 12:40:22 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4Kn4Nh5hfFz3vH; Mon, 25 Apr 2022 12:40:20 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4Kn4Nh5RS4z2yDs; Mon, 25 Apr 2022 12:40:20 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4Kn4Ng5lf7z2yDs for <development@lists.ipfire.org>; Mon, 25 Apr 2022 12:40:19 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4Kn4Ng2TMKzW9; Mon, 25 Apr 2022 12:40:19 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1650890419; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=/WuFlXCd77qk5le/xcTFpDqjIGNqDUsvuvf4bbg/Y8I=; b=7bzpMMxTHDAl/wflSA6UaTe//6oQ+JtQe1lZH/bdz7mZE58P2YyUtZup+NIgtWOQoIbo3R 3GflPRwTO/hwsWBg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1650890419; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=/WuFlXCd77qk5le/xcTFpDqjIGNqDUsvuvf4bbg/Y8I=; b=HHVaY0vqGft2L91KXON6FS0XVdLDquGJartBhlaVb527VNJFcgAkCP4LhdkiIkTtP8ZZHa yOjf0h3w+DGJymNrEPJxq/bNxHewA9EtvmrA/uWGIKW4N4vMMWKvpOk00ydonC85GNX4yu SlBmu+ItaViA6dpec6wbMBNNjDrjsGV69A2yIFvYzE/MKCRuH6SftvsFDLWf7XnrTvcvmT MR5lz8pYY7zpQZupiFPO/bRhifvDstTIHLeCYZgFd/cbTqBB++htmRe7BLRNqJfOkzs/cW MkkXdDTCY4XAVirWxt0CUFlajRGOXJVJk58lqmOYCTU5NtrDcaF3fmt5swiKrg== From: Adolf Belka <adolf.belka@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH] nginx: Update to version 1.21.6 Date: Mon, 25 Apr 2022 14:40:16 +0200 Message-Id: <20220425124016.3436961-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <http://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
| Series |
nginx: Update to version 1.21.6
|
|
Commit Message
Adolf Belka
April 25, 2022, 12:40 p.m. UTC
- Update from version 1.19.2 to 1.21.6
- Update of rootfile not required
- Changelog
Changes with nginx 1.21.6 25 Jan 2022
*) Bugfix: when using EPOLLEXCLUSIVE on Linux client connections were
unevenly distributed among worker processes.
*) Bugfix: nginx returned the "Connection: keep-alive" header line in
responses during graceful shutdown of old worker processes.
*) Bugfix: in the "ssl_session_ticket_key" when using TLSv1.3.
Changes with nginx 1.21.5
*) Change: now nginx is built with the PCRE2 library by default.
*) Change: now nginx always uses sendfile(SF_NODISKIO) on FreeBSD.
*) Feature: support for sendfile(SF_NOCACHE) on FreeBSD.
*) Feature: the $ssl_curve variable.
*) Bugfix: connections might hang when using HTTP/2 without SSL with the
"sendfile" and "aio" directives.
Changes with nginx 1.21.4
*) Change: support for NPN instead of ALPN to establish HTTP/2
connections has been removed.
*) Change: now nginx rejects SSL connections if ALPN is used by the
client, but no supported protocols can be negotiated.
*) Change: the default value of the "sendfile_max_chunk" directive was
changed to 2 megabytes.
*) Feature: the "proxy_half_close" directive in the stream module.
*) Feature: the "ssl_alpn" directive in the stream module.
*) Feature: the $ssl_alpn_protocol variable.
*) Feature: support for SSL_sendfile() when using OpenSSL 3.0.
*) Feature: the "mp4_start_key_frame" directive in the
ngx_http_mp4_module.
Thanks to Tracey Jaquith.
*) Bugfix: in the $content_length variable when using chunked transfer
encoding.
*) Bugfix: after receiving a response with incorrect length from a
proxied backend nginx might nevertheless cache the connection.
Thanks to Awdhesh Mathpal.
*) Bugfix: invalid headers from backends were logged at the "info" level
instead of "error"; the bug had appeared in 1.21.1.
*) Bugfix: requests might hang when using HTTP/2 and the "aio_write"
directive.
Changes with nginx 1.21.3
*) Change: optimization of client request body reading when using
HTTP/2.
*) Bugfix: in request body filters internal API when using HTTP/2 and
buffering of the data being processed.
Changes with nginx 1.21.2
*) Change: now nginx rejects HTTP/1.0 requests with the
"Transfer-Encoding" header line.
*) Change: export ciphers are no longer supported.
*) Feature: OpenSSL 3.0 compatibility.
*) Feature: the "Auth-SSL-Protocol" and "Auth-SSL-Cipher" header lines
are now passed to the mail proxy authentication server.
Thanks to Rob Mueller.
*) Feature: request body filters API now permits buffering of the data
being processed.
*) Bugfix: backend SSL connections in the stream module might hang after
an SSL handshake.
*) Bugfix: the security level, which is available in OpenSSL 1.1.0 or
newer, did not affect loading of the server certificates when set
with "@SECLEVEL=N" in the "ssl_ciphers" directive.
*) Bugfix: SSL connections with gRPC backends might hang if select,
poll, or /dev/poll methods were used.
*) Bugfix: when using HTTP/2 client request body was always written to
disk if the "Content-Length" header line was not present in the
request.
Changes with nginx 1.21.1
*) Change: now nginx always returns an error for the CONNECT method.
*) Change: now nginx always returns an error if both "Content-Length"
and "Transfer-Encoding" header lines are present in the request.
*) Change: now nginx always returns an error if spaces or control
characters are used in the request line.
*) Change: now nginx always returns an error if spaces or control
characters are used in a header name.
*) Change: now nginx always returns an error if spaces or control
characters are used in the "Host" request header line.
*) Change: optimization of configuration testing when using many
listening sockets.
*) Bugfix: nginx did not escape """, "<", ">", "\", "^", "`", "{", "|",
and "}" characters when proxying with changed URI.
*) Bugfix: SSL variables might be empty when used in logs; the bug had
appeared in 1.19.5.
*) Bugfix: keepalive connections with gRPC backends might not be closed
after receiving a GOAWAY frame.
*) Bugfix: reduced memory consumption for long-lived requests when
proxying with more than 64 buffers.
Changes with nginx 1.21.0
*) Security: 1-byte memory overwrite might occur during DNS server
response processing if the "resolver" directive was used, allowing an
attacker who is able to forge UDP packets from the DNS server to
cause worker process crash or, potentially, arbitrary code execution
(CVE-2021-23017).
*) Feature: variables support in the "proxy_ssl_certificate",
"proxy_ssl_certificate_key" "grpc_ssl_certificate",
"grpc_ssl_certificate_key", "uwsgi_ssl_certificate", and
"uwsgi_ssl_certificate_key" directives.
*) Feature: the "max_errors" directive in the mail proxy module.
*) Feature: the mail proxy module supports POP3 and IMAP pipelining.
*) Feature: the "fastopen" parameter of the "listen" directive in the
stream module.
Thanks to Anbang Wen.
*) Bugfix: special characters were not escaped during automatic redirect
with appended trailing slash.
*) Bugfix: connections with clients in the mail proxy module might be
closed unexpectedly when using SMTP pipelining.
Changes with nginx 1.19.10
*) Change: the default value of the "keepalive_requests" directive was
changed to 1000.
*) Feature: the "keepalive_time" directive.
*) Feature: the $connection_time variable.
*) Workaround: "gzip filter failed to use preallocated memory" alerts
appeared in logs when using zlib-ng.
Changes with nginx 1.19.9
*) Bugfix: nginx could not be built with the mail proxy module, but
without the ngx_mail_ssl_module; the bug had appeared in 1.19.8.
*) Bugfix: "upstream sent response body larger than indicated content
length" errors might occur when working with gRPC backends; the bug
had appeared in 1.19.1.
*) Bugfix: nginx might not close a connection till keepalive timeout
expiration if the connection was closed by the client while
discarding the request body.
*) Bugfix: nginx might not detect that a connection was already closed
by the client when waiting for auth_delay or limit_req delay, or when
working with backends.
*) Bugfix: in the eventport method.
Changes with nginx 1.19.8
*) Feature: flags in the "proxy_cookie_flags" directive can now contain
variables.
*) Feature: the "proxy_protocol" parameter of the "listen" directive,
the "proxy_protocol" and "set_real_ip_from" directives in mail proxy.
*) Bugfix: HTTP/2 connections were immediately closed when using
"keepalive_timeout 0"; the bug had appeared in 1.19.7.
*) Bugfix: some errors were logged as unknown if nginx was built with
glibc 2.32.
*) Bugfix: in the eventport method.
Changes with nginx 1.19.7
*) Change: connections handling in HTTP/2 has been changed to better
match HTTP/1.x; the "http2_recv_timeout", "http2_idle_timeout", and
"http2_max_requests" directives have been removed, the
"keepalive_timeout" and "keepalive_requests" directives should be
used instead.
*) Change: the "http2_max_field_size" and "http2_max_header_size"
directives have been removed, the "large_client_header_buffers"
directive should be used instead.
*) Feature: now, if free worker connections are exhausted, nginx starts
closing not only keepalive connections, but also connections in
lingering close.
*) Bugfix: "zero size buf in output" alerts might appear in logs if an
upstream server returned an incorrect response during unbuffered
proxying; the bug had appeared in 1.19.1.
*) Bugfix: HEAD requests were handled incorrectly if the "return"
directive was used with the "image_filter" or "xslt_stylesheet"
directives.
*) Bugfix: in the "add_trailer" directive.
Changes with nginx 1.19.6
*) Bugfix: "no live upstreams" errors if a "server" inside "upstream"
block was marked as "down".
*) Bugfix: a segmentation fault might occur in a worker process if HTTPS
was used; the bug had appeared in 1.19.5.
*) Bugfix: nginx returned the 400 response on requests like
"GET http://example.com?args HTTP/1.0".
*) Bugfix: in the ngx_http_flv_module and ngx_http_mp4_module.
Thanks to Chris Newton.
Changes with nginx 1.19.5
*) Feature: the -e switch.
*) Feature: the same source files can now be specified in different
modules while building addon modules.
*) Bugfix: SSL shutdown did not work when lingering close was used.
*) Bugfix: "upstream sent frame for closed stream" errors might occur
when working with gRPC backends.
*) Bugfix: in request body filters internal API.
Changes with nginx 1.19.4
*) Feature: the "ssl_conf_command", "proxy_ssl_conf_command",
"grpc_ssl_conf_command", and "uwsgi_ssl_conf_command" directives.
*) Feature: the "ssl_reject_handshake" directive.
*) Feature: the "proxy_smtp_auth" directive in mail proxy.
Changes with nginx 1.19.3
*) Feature: the ngx_stream_set_module.
*) Feature: the "proxy_cookie_flags" directive.
*) Feature: the "userid_flags" directive.
*) Bugfix: the "stale-if-error" cache control extension was erroneously
applied if backend returned a response with status code 500, 502,
503, 504, 403, 404, or 429.
*) Bugfix: "[crit] cache file ... has too long header" messages might
appear in logs if caching was used and the backend returned responses
with the "Vary" header line.
*) Workaround: "[crit] SSL_write() failed" messages might appear in logs
when using OpenSSL 1.1.1.
*) Bugfix: "SSL_shutdown() failed (SSL: ... bad write retry)" messages
might appear in logs; the bug had appeared in 1.19.2.
*) Bugfix: a segmentation fault might occur in a worker process when
using HTTP/2 if errors with code 400 were redirected to a proxied
location using the "error_page" directive.
*) Bugfix: socket leak when using HTTP/2 and subrequests in the njs
module.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
lfs/nginx | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
Comments
Reviewed-by: Peter Müller <peter.mueller@ipfire.org> > - Update from version 1.19.2 to 1.21.6 > - Update of rootfile not required > - Changelog > Changes with nginx 1.21.6 25 Jan 2022 > *) Bugfix: when using EPOLLEXCLUSIVE on Linux client connections were > unevenly distributed among worker processes. > *) Bugfix: nginx returned the "Connection: keep-alive" header line in > responses during graceful shutdown of old worker processes. > *) Bugfix: in the "ssl_session_ticket_key" when using TLSv1.3. > Changes with nginx 1.21.5 > *) Change: now nginx is built with the PCRE2 library by default. > *) Change: now nginx always uses sendfile(SF_NODISKIO) on FreeBSD. > *) Feature: support for sendfile(SF_NOCACHE) on FreeBSD. > *) Feature: the $ssl_curve variable. > *) Bugfix: connections might hang when using HTTP/2 without SSL with the > "sendfile" and "aio" directives. > Changes with nginx 1.21.4 > *) Change: support for NPN instead of ALPN to establish HTTP/2 > connections has been removed. > *) Change: now nginx rejects SSL connections if ALPN is used by the > client, but no supported protocols can be negotiated. > *) Change: the default value of the "sendfile_max_chunk" directive was > changed to 2 megabytes. > *) Feature: the "proxy_half_close" directive in the stream module. > *) Feature: the "ssl_alpn" directive in the stream module. > *) Feature: the $ssl_alpn_protocol variable. > *) Feature: support for SSL_sendfile() when using OpenSSL 3.0. > *) Feature: the "mp4_start_key_frame" directive in the > ngx_http_mp4_module. > Thanks to Tracey Jaquith. > *) Bugfix: in the $content_length variable when using chunked transfer > encoding. > *) Bugfix: after receiving a response with incorrect length from a > proxied backend nginx might nevertheless cache the connection. > Thanks to Awdhesh Mathpal. > *) Bugfix: invalid headers from backends were logged at the "info" level > instead of "error"; the bug had appeared in 1.21.1. > *) Bugfix: requests might hang when using HTTP/2 and the "aio_write" > directive. > Changes with nginx 1.21.3 > *) Change: optimization of client request body reading when using > HTTP/2. > *) Bugfix: in request body filters internal API when using HTTP/2 and > buffering of the data being processed. > Changes with nginx 1.21.2 > *) Change: now nginx rejects HTTP/1.0 requests with the > "Transfer-Encoding" header line. > *) Change: export ciphers are no longer supported. > *) Feature: OpenSSL 3.0 compatibility. > *) Feature: the "Auth-SSL-Protocol" and "Auth-SSL-Cipher" header lines > are now passed to the mail proxy authentication server. > Thanks to Rob Mueller. > *) Feature: request body filters API now permits buffering of the data > being processed. > *) Bugfix: backend SSL connections in the stream module might hang after > an SSL handshake. > *) Bugfix: the security level, which is available in OpenSSL 1.1.0 or > newer, did not affect loading of the server certificates when set > with "@SECLEVEL=N" in the "ssl_ciphers" directive. > *) Bugfix: SSL connections with gRPC backends might hang if select, > poll, or /dev/poll methods were used. > *) Bugfix: when using HTTP/2 client request body was always written to > disk if the "Content-Length" header line was not present in the > request. > Changes with nginx 1.21.1 > *) Change: now nginx always returns an error for the CONNECT method. > *) Change: now nginx always returns an error if both "Content-Length" > and "Transfer-Encoding" header lines are present in the request. > *) Change: now nginx always returns an error if spaces or control > characters are used in the request line. > *) Change: now nginx always returns an error if spaces or control > characters are used in a header name. > *) Change: now nginx always returns an error if spaces or control > characters are used in the "Host" request header line. > *) Change: optimization of configuration testing when using many > listening sockets. > *) Bugfix: nginx did not escape """, "<", ">", "\", "^", "`", "{", "|", > and "}" characters when proxying with changed URI. > *) Bugfix: SSL variables might be empty when used in logs; the bug had > appeared in 1.19.5. > *) Bugfix: keepalive connections with gRPC backends might not be closed > after receiving a GOAWAY frame. > *) Bugfix: reduced memory consumption for long-lived requests when > proxying with more than 64 buffers. > Changes with nginx 1.21.0 > *) Security: 1-byte memory overwrite might occur during DNS server > response processing if the "resolver" directive was used, allowing an > attacker who is able to forge UDP packets from the DNS server to > cause worker process crash or, potentially, arbitrary code execution > (CVE-2021-23017). > *) Feature: variables support in the "proxy_ssl_certificate", > "proxy_ssl_certificate_key" "grpc_ssl_certificate", > "grpc_ssl_certificate_key", "uwsgi_ssl_certificate", and > "uwsgi_ssl_certificate_key" directives. > *) Feature: the "max_errors" directive in the mail proxy module. > *) Feature: the mail proxy module supports POP3 and IMAP pipelining. > *) Feature: the "fastopen" parameter of the "listen" directive in the > stream module. > Thanks to Anbang Wen. > *) Bugfix: special characters were not escaped during automatic redirect > with appended trailing slash. > *) Bugfix: connections with clients in the mail proxy module might be > closed unexpectedly when using SMTP pipelining. > Changes with nginx 1.19.10 > *) Change: the default value of the "keepalive_requests" directive was > changed to 1000. > *) Feature: the "keepalive_time" directive. > *) Feature: the $connection_time variable. > *) Workaround: "gzip filter failed to use preallocated memory" alerts > appeared in logs when using zlib-ng. > Changes with nginx 1.19.9 > *) Bugfix: nginx could not be built with the mail proxy module, but > without the ngx_mail_ssl_module; the bug had appeared in 1.19.8. > *) Bugfix: "upstream sent response body larger than indicated content > length" errors might occur when working with gRPC backends; the bug > had appeared in 1.19.1. > *) Bugfix: nginx might not close a connection till keepalive timeout > expiration if the connection was closed by the client while > discarding the request body. > *) Bugfix: nginx might not detect that a connection was already closed > by the client when waiting for auth_delay or limit_req delay, or when > working with backends. > *) Bugfix: in the eventport method. > Changes with nginx 1.19.8 > *) Feature: flags in the "proxy_cookie_flags" directive can now contain > variables. > *) Feature: the "proxy_protocol" parameter of the "listen" directive, > the "proxy_protocol" and "set_real_ip_from" directives in mail proxy. > *) Bugfix: HTTP/2 connections were immediately closed when using > "keepalive_timeout 0"; the bug had appeared in 1.19.7. > *) Bugfix: some errors were logged as unknown if nginx was built with > glibc 2.32. > *) Bugfix: in the eventport method. > Changes with nginx 1.19.7 > *) Change: connections handling in HTTP/2 has been changed to better > match HTTP/1.x; the "http2_recv_timeout", "http2_idle_timeout", and > "http2_max_requests" directives have been removed, the > "keepalive_timeout" and "keepalive_requests" directives should be > used instead. > *) Change: the "http2_max_field_size" and "http2_max_header_size" > directives have been removed, the "large_client_header_buffers" > directive should be used instead. > *) Feature: now, if free worker connections are exhausted, nginx starts > closing not only keepalive connections, but also connections in > lingering close. > *) Bugfix: "zero size buf in output" alerts might appear in logs if an > upstream server returned an incorrect response during unbuffered > proxying; the bug had appeared in 1.19.1. > *) Bugfix: HEAD requests were handled incorrectly if the "return" > directive was used with the "image_filter" or "xslt_stylesheet" > directives. > *) Bugfix: in the "add_trailer" directive. > Changes with nginx 1.19.6 > *) Bugfix: "no live upstreams" errors if a "server" inside "upstream" > block was marked as "down". > *) Bugfix: a segmentation fault might occur in a worker process if HTTPS > was used; the bug had appeared in 1.19.5. > *) Bugfix: nginx returned the 400 response on requests like > "GET http://example.com?args HTTP/1.0". > *) Bugfix: in the ngx_http_flv_module and ngx_http_mp4_module. > Thanks to Chris Newton. > Changes with nginx 1.19.5 > *) Feature: the -e switch. > *) Feature: the same source files can now be specified in different > modules while building addon modules. > *) Bugfix: SSL shutdown did not work when lingering close was used. > *) Bugfix: "upstream sent frame for closed stream" errors might occur > when working with gRPC backends. > *) Bugfix: in request body filters internal API. > Changes with nginx 1.19.4 > *) Feature: the "ssl_conf_command", "proxy_ssl_conf_command", > "grpc_ssl_conf_command", and "uwsgi_ssl_conf_command" directives. > *) Feature: the "ssl_reject_handshake" directive. > *) Feature: the "proxy_smtp_auth" directive in mail proxy. > Changes with nginx 1.19.3 > *) Feature: the ngx_stream_set_module. > *) Feature: the "proxy_cookie_flags" directive. > *) Feature: the "userid_flags" directive. > *) Bugfix: the "stale-if-error" cache control extension was erroneously > applied if backend returned a response with status code 500, 502, > 503, 504, 403, 404, or 429. > *) Bugfix: "[crit] cache file ... has too long header" messages might > appear in logs if caching was used and the backend returned responses > with the "Vary" header line. > *) Workaround: "[crit] SSL_write() failed" messages might appear in logs > when using OpenSSL 1.1.1. > *) Bugfix: "SSL_shutdown() failed (SSL: ... bad write retry)" messages > might appear in logs; the bug had appeared in 1.19.2. > *) Bugfix: a segmentation fault might occur in a worker process when > using HTTP/2 if errors with code 400 were redirected to a proxied > location using the "error_page" directive. > *) Bugfix: socket leak when using HTTP/2 and subrequests in the njs > module. > > Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> > --- > lfs/nginx | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/lfs/nginx b/lfs/nginx > index a624ca44e..994ede775 100644 > --- a/lfs/nginx > +++ b/lfs/nginx > @@ -1,7 +1,7 @@ > ############################################################################### > # # > # IPFire.org - A linux based firewall # > -# Copyright (C) 2007-2022 IPFire Team <info@ipfire.org> # > +# Copyright (C) 2007-2020 IPFire Team <info@ipfire.org> # > # # > # This program is free software: you can redistribute it and/or modify # > # it under the terms of the GNU General Public License as published by # > @@ -25,7 +25,7 @@ > include Config > > SUMMARY = A HTTP server and IMAP/POP3 proxy server > -VER = 1.20.2 > +VER = 1.21.6 > > THISAPP = nginx-$(VER) > DL_FILE = $(THISAPP).tar.gz > @@ -47,7 +47,7 @@ objects = $(DL_FILE) > > $(DL_FILE) = $(DL_FROM)/$(DL_FILE) > > -$(DL_FILE)_BLAKE2 = dc2fb9e7316ccac433c1f06c59d2738358c16194fe0ece80f54d145e2c4e3c3a8d6ebc4badb97580a000d721197a865bcc8c94a4d671af94be4bc3181974c586 > +$(DL_FILE)_BLAKE2 = 815d035df33bd947eec41a2f5c993d1f179aa0bd4d069280916aa089a2f96fd3bada7a7192b4a0ef7b8f43036f3a2def0e93d8c8f720dd7145a5d55ea058652f > > install : $(TARGET) >
diff --git a/lfs/nginx b/lfs/nginx index a624ca44e..994ede775 100644 --- a/lfs/nginx +++ b/lfs/nginx @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2022 IPFire Team <info@ipfire.org> # +# Copyright (C) 2007-2020 IPFire Team <info@ipfire.org> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -25,7 +25,7 @@ include Config SUMMARY = A HTTP server and IMAP/POP3 proxy server -VER = 1.20.2 +VER = 1.21.6 THISAPP = nginx-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -47,7 +47,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = dc2fb9e7316ccac433c1f06c59d2738358c16194fe0ece80f54d145e2c4e3c3a8d6ebc4badb97580a000d721197a865bcc8c94a4d671af94be4bc3181974c586 +$(DL_FILE)_BLAKE2 = 815d035df33bd947eec41a2f5c993d1f179aa0bd4d069280916aa089a2f96fd3bada7a7192b4a0ef7b8f43036f3a2def0e93d8c8f720dd7145a5d55ea058652f install : $(TARGET)