Commit dc063b30 authored by Kirill Smelkov's avatar Kirill Smelkov

nginx: v↑ (1.9.12)

1.9.4 -> 1.9.12 adds HTTP/2 support and removes SPDY support + other
bugfixes and improvements. We need HTTP/2 support for GitLab 8.5.

HTTP/2 details:

   http://hg.nginx.org/nginx/rev/257b51c37c5a

Full changelog:

---- 8< ---- http://nginx.org/en/CHANGES
Changes with nginx 1.9.12                                        24 Feb 2016

    *) Feature: Huffman encoding of response headers in HTTP/2.
       Thanks to Vlad Krasnov.

    *) Feature: the "worker_cpu_affinity" directive now supports more than
       64 CPUs.

    *) Bugfix: compatibility with 3rd party C++ modules; the bug had
       appeared in 1.9.11.
       Thanks to Piotr Sikora.

    *) Bugfix: nginx could not be built statically with OpenSSL on Linux;
       the bug had appeared in 1.9.11.

    *) Bugfix: the "add_header ... always" directive with an empty value did
       not delete "Last-Modified" and "ETag" header lines from error
       responses.

    *) Workaround: "called a function you should not call" and "shutdown
       while in init" messages might appear in logs when using OpenSSL
       1.0.2f.

    *) Bugfix: invalid headers might be logged incorrectly.

    *) Bugfix: socket leak when using HTTP/2.

    *) Bugfix: in the ngx_http_v2_module.

Changes with nginx 1.9.11                                        09 Feb 2016

    *) Feature: TCP support in resolver.

    *) Feature: dynamic modules.

    *) Bugfix: the $request_length variable did not include size of request
       headers when using HTTP/2.

    *) Bugfix: in the ngx_http_v2_module.

Changes with nginx 1.9.10                                        26 Jan 2016

    *) Security: invalid pointer dereference might occur during DNS server
       response processing if the "resolver" directive was used, allowing an
       attacker who is able to forge UDP packets from the DNS server to
       cause segmentation fault in a worker process (CVE-2016-0742).

    *) Security: use-after-free condition might occur during CNAME response
       processing if the "resolver" directive was used, allowing an attacker
       who is able to trigger name resolution to cause segmentation fault in
       a worker process, or might have potential other impact
       (CVE-2016-0746).

    *) Security: CNAME resolution was insufficiently limited if the
       "resolver" directive was used, allowing an attacker who is able to
       trigger arbitrary name resolution to cause excessive resource
       consumption in worker processes (CVE-2016-0747).

    *) Feature: the "auto" parameter of the "worker_cpu_affinity" directive.

    *) Bugfix: the "proxy_protocol" parameter of the "listen" directive did
       not work with IPv6 listen sockets.

    *) Bugfix: connections to upstream servers might be cached incorrectly
       when using the "keepalive" directive.

    *) Bugfix: proxying used the HTTP method of the original request after
       an "X-Accel-Redirect" redirection.

Changes with nginx 1.9.9                                         09 Dec 2015

    *) Bugfix: proxying to unix domain sockets did not work when using
       variables; the bug had appeared in 1.9.8.

Changes with nginx 1.9.8                                         08 Dec 2015

    *) Feature: pwritev() support.

    *) Feature: the "include" directive inside the "upstream" block.

    *) Feature: the ngx_http_slice_module.

    *) Bugfix: a segmentation fault might occur in a worker process when
       using LibreSSL; the bug had appeared in 1.9.6.

    *) Bugfix: nginx could not be built on OS X in some cases.

Changes with nginx 1.9.7                                         17 Nov 2015

    *) Feature: the "nohostname" parameter of logging to syslog.

    *) Feature: the "proxy_cache_convert_head" directive.

    *) Feature: the $realip_remote_addr variable in the
       ngx_http_realip_module.

    *) Bugfix: the "expires" directive might not work when using variables.

    *) Bugfix: a segmentation fault might occur in a worker process when
       using HTTP/2; the bug had appeared in 1.9.6.

    *) Bugfix: if nginx was built with the ngx_http_v2_module it was
       possible to use the HTTP/2 protocol even if the "http2" parameter of
       the "listen" directive was not specified.

    *) Bugfix: in the ngx_http_v2_module.

Changes with nginx 1.9.6                                         27 Oct 2015

    *) Bugfix: a segmentation fault might occur in a worker process when
       using HTTP/2.
       Thanks to Piotr Sikora and Denis Andzakovic.

    *) Bugfix: the $server_protocol variable was empty when using HTTP/2.

    *) Bugfix: backend SSL connections in the stream module might be timed
       out unexpectedly.

    *) Bugfix: a segmentation fault might occur in a worker process if
       different ssl_session_cache settings were used in different virtual
       servers.

    *) Bugfix: nginx/Windows could not be built with MinGW gcc; the bug had
       appeared in 1.9.4.
       Thanks to Kouhei Sutou.

    *) Bugfix: time was not updated when the timer_resolution directive was
       used on Windows.

    *) Miscellaneous minor fixes and improvements.
       Thanks to Markus Linnala, Kurtis Nusbaum and Piotr Sikora.

Changes with nginx 1.9.5                                         22 Sep 2015

    *) Feature: the ngx_http_v2_module (replaces ngx_http_spdy_module).
       Thanks to Dropbox and Automattic for sponsoring this work.

    *) Change: now the "output_buffers" directive uses two buffers by
       default.

    *) Change: now nginx limits subrequests recursion, not simultaneous
       subrequests.

    *) Change: now nginx checks the whole cache key when returning a
       response from cache.
       Thanks to Gena Makhomed and Sergey Brester.

    *) Bugfix: "header already sent" alerts might appear in logs when using
       cache; the bug had appeared in 1.7.5.

    *) Bugfix: "writev() failed (4: Interrupted system call)" errors might
       appear in logs when using CephFS and the "timer_resolution" directive
       on Linux.

    *) Bugfix: in invalid configurations handling.
       Thanks to Markus Linnala.

    *) Bugfix: a segmentation fault occurred in a worker process if the
       "sub_filter" directive was used at http level; the bug had appeared
       in 1.9.4.
---- 8< ----
parent ea9b396b
...@@ -11,15 +11,15 @@ parts = nginx-output ...@@ -11,15 +11,15 @@ parts = nginx-output
[nginx-common] [nginx-common]
recipe = slapos.recipe.cmmi recipe = slapos.recipe.cmmi
url = http://nginx.org/download/nginx-1.9.4.tar.gz url = http://nginx.org/download/nginx-1.9.12.tar.gz
md5sum = 27322fbb4b265c0e0cc548f5e6b7f201 md5sum = 0afe4a7e589a0de43b7b54aa055a4351
[nginx] [nginx]
<= nginx-common <= nginx-common
configure-options= configure-options=
--with-ipv6 --with-ipv6
--with-http_ssl_module --with-http_ssl_module
--with-http_spdy_module --with-http_v2_module
--with-http_gzip_static_module --with-http_gzip_static_module
--with-mail --with-mail
--with-mail_ssl_module --with-mail_ssl_module
...@@ -38,7 +38,7 @@ mode = 0644 ...@@ -38,7 +38,7 @@ mode = 0644
configure-options = configure-options =
--with-ipv6 --with-ipv6
--with-http_ssl_module --with-http_ssl_module
--with-http_spdy_module --with-http_v2_module
--with-http_gzip_static_module --with-http_gzip_static_module
--with-mail --with-mail
--with-mail_ssl_module --with-mail_ssl_module
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment