| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
The extra-patch-httpv3 contains the README file now, previously a
diff for that file was omitted. To avoid a rejection for the README
file the original file from nginx distribution is going to be preserved.
Bump PORTREVISION.
|
| |
|
|
|
|
|
|
|
| |
HTTP_DAV_EXT module requires libraries, so let's define them
with a more canonical way.
While I'm here use the same way to define dependences for the
HTTP_XSLT module as well.
PR: 261134
|
| |
|
|
|
|
|
|
|
|
| |
While I'm here fix a typo in a start-up template, introduced in
c42df2fcbbeccbfb2d57f4d6d7558493d512d732.
Bump PORTREVISION.
Differential Revision: https://reviews.freebsd.org/D33773
Reviewed by: pluknet
|
| |
|
|
| |
Bump PORTREVISION.
|
| |
|
|
|
|
| |
Bump PORTREVISION.
PR: 254962
|
| |
|
|
|
|
| |
Bump PORTREVISION.
Based on ideas from: ashish
|
| |
|
|
|
| |
Update third-party opentracing module to its recent commit.
Bump PORTREVISION.
|
| |
|
|
|
|
|
|
|
|
| |
Update the third-party module to its recent version to support
both PCRE1 and PCRE2 libraries.
Bump PORTREVISION.
Idea from: http://hg.nginx.org/pkg-oss/rev/45cb552c6860
Thanks to: Mikhail Isachenkov <mikhail.isachenkov@nginx.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
NGINX 1.21.5 adds support for PCRE2 library, in addition to
support PCRE1. It's possible to choose regular expression
library for the port now.
Please note: several modules are required patching to support
PCRE2 library, so let's keep PCRE1 as default version for now.
Bump PORTREVISION.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Please note: it's possible to build the recent version of nginx
with PCRE2 library, but several third-party modules have some
build issues, so let's keep www/nginx-devel depends on PCRE1
library for now, but keep in mind it needs to switched to the
modern, i.e. second, version of PCRE.
<Changelog>
Changes with nginx 1.21.5
*) Change: now nginx is built with the PCRE2 library by default.
*) Change: now nginx always uses sendfile(SF_NODISKIO) on FreeBSD.
*) Feature: support for sendfile(SF_NOCACHE) on FreeBSD.
*) Feature: the $ssl_curve variable.
*) Bugfix: connections might hang when using HTTP/2 without SSL with the
"sendfile" and "aio" directives.
Changes with njs 0.7.1
nginx modules:
*) Change: the "js_include" directive deprecated since 0.4.0 was
removed.
*) Change: PCRE/PCRE2-specific code was moved to the modules.
This ensures that njs uses the same RegExp library as nginx.
Core:
*) Feature: extended "fs" module. Added stat(), fstat()
and friends.
*) Change: default RegExp engine for CLI is switched
to PCRE2.
*) Bugfix: fixed decodeURI() and decodeURIComponent() with
invalid byte strings. The bug was introduced in 0.4.3.
*) Bugfix: fixed heap-use-after-free in await frame.
The bug was introduced in 0.7.0.
*) Bugfix: fixed WebCrypto sign() and verify() methods
with OpenSSL 3.0.
*) Bugfix: fixed exception throwing when RegExp match fails.
The bug was introduced in 0.1.15.
*) Bugfix: fixed catching of exception thrown in try block
of async function. The bug was introduced in 0.7.0.
*) Bugfix: fixed execution of async function in synchronous
context. The bug was introduced in 0.7.0.
*) Bugfix: fixed function redeclaration in CLI when interactive
mode is on. The bug was introduced in 0.6.2.
*) Bugfix: fixed typeof operator with DataView object.
*) Bugfix: eliminated information leak in Buffer.from().
</Changelog>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A new USES has been added to depend on ImageMagick.
USES=magick
adds a LIB_DEPENDS on graphics/ImageMagick${IMAGEMAGICK_DEFAULT}.
If a specific version is required, use for example
USES=magick:6 resp. USES=magick:7
If only a build, run or test is required, use for example
USES=magick:build resp. USES=magick:6,build,test
If a dependency on the nox11 flavor is required, use for example
USES=magick:nox11 resp. USES=magick:7,nox11,run,test
See magick.mk for more details on the available flags.
The tree has been completely converted to make use of this.
Approved by: bapt
Differential Revision: https://reviews.freebsd.org/D32754
|
| |
|
|
| |
Bump PORTREVISION.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
New kernel TLS feature is available starting with FreeBSD 13.0,
and it requires OpenSSL 3.0, compiled with "enable-ktls" option.
Further, KTLS needs to be enabled in kernel, and in OpenSSL,
either via OpenSSL configuration file or with
ssl_conf_command Options KTLS;
in nginx configuration.
To enable kernel TLS on FreeBSD 13 and above:
# kldload ktls_ocf
# sysctl kern.ipc.tls.enable=1
to load a software backend, see man ktls(4) for details.
Also, please visit the following link to get more details
https://hg.nginx.org/nginx/rev/65946a191197
<Changelog>
*) Change: support for NPN instead of ALPN to establish HTTP/2
connections has been removed.
*) Change: now nginx rejects SSL connections if ALPN is used by the
client, but no supported protocols can be negotiated.
*) Change: the default value of the "sendfile_max_chunk" directive was
changed to 2 megabytes.
*) Feature: the "proxy_half_close" directive in the stream module.
*) Feature: the "ssl_alpn" directive in the stream module.
*) Feature: the $ssl_alpn_protocol variable.
*) Feature: support for SSL_sendfile() when using OpenSSL 3.0.
*) Feature: the "mp4_start_key_frame" directive in the
ngx_http_mp4_module.
Thanks to Tracey Jaquith.
*) Bugfix: in the $content_length variable when using chunked transfer
encoding.
*) Bugfix: after receiving a response with incorrect length from a
proxied backend nginx might nevertheless cache the connection.
Thanks to Awdhesh Mathpal.
*) Bugfix: invalid headers from backends were logged at the "info" level
instead of "error"; the bug had appeared in 1.21.1.
*) Bugfix: requests might hang when using HTTP/2 and the "aio_write"
directive.
</Changelog>
|
| |
|
|
| |
Approved by: portmgr (blanket)
|
| |
|
|
|
|
| |
No functional changes, so do not bump PORTREVISION.
Introduced: adc7097c90ee5e8db0d063200faa689034ac91f0 (*)
|
| |
|
|
|
|
| |
Notify that one of the implementation of Kerberos5 needs to be chosen.
Bump PORTREVISION.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bump PORTREVISION.
<ChangeLog>
nginx modules:
*) Feature: added HTTPS support for Fetch API.
*) Feature: added setReturnValue() method.
Core:
*) Feature: introduced Async/Await implementation.
*) Feature: added WebCrypto API implementation.
*) Bugfix: fixed copying of closures for declared
functions. The bug was introduced in 0.6.0.
*) Bugfix: fixed unhandled promise rejection in handle
events.
*) Bugfix: fixed Response.headers getter in Fetch API.
</ChangeLog>
|
| | |
|
| |
|
|
| |
Bump PORTREVISION.
|
| | |
|
| |
|
|
|
|
|
|
| |
o) http_push (aka nchan)
o) rtmp
Remove needless patches.
Bump PORTREVISION.
|
| |
|
|
| |
No functional changes.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
<Changelog>
*) Change: optimization of client request body reading when using
HTTP/2.
*) Bugfix: in request body filters internal API when using HTTP/2 and
buffering of the data being processed.
</Changelog>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While I'm here, fix build of the third-party ajp module by changing
a distribution point.
<Changelog>
*) Change: now nginx rejects HTTP/1.0 requests with the
"Transfer-Encoding" header line.
*) Change: export ciphers are no longer supported.
*) Feature: OpenSSL 3.0 compatibility.
*) Feature: the "Auth-SSL-Protocol" and "Auth-SSL-Cipher" header lines
are now passed to the mail proxy authentication server.
Thanks to Rob Mueller.
*) Feature: request body filters API now permits buffering of the data
being processed.
*) Bugfix: backend SSL connections in the stream module might hang after
an SSL handshake.
*) Bugfix: the security level, which is available in OpenSSL 1.1.0 or
newer, did not affect loading of the server certificates when set
with "@SECLEVEL=N" in the "ssl_ciphers" directive.
*) Bugfix: SSL connections with gRPC backends might hang if select,
poll, or /dev/poll methods were used.
*) Bugfix: when using HTTP/2 client request body was always written to
disk if the "Content-Length" header line was not present in the
request.
</Changelog>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
<ChangeLog>
nginx modules:
*) Bugfix: fixed CPU hog when js_filter is registered
in both directions.
Core:
*) Feature: introduced AggregateError implementation.
*) Feature: added remaining Promise constructor methods.
The following methods were added: Promise.all(),
Promise.allSettled(), Promise.any(), Promise.race().
*) Improvement: removed recursion from code generator.
*) Bugfix: fixed rest parameter parsing without binding
identifier.
*) Bugfix: fixed resolve/reject callback for
Promise.prototype.finally().
*) Bugfix: fixed %TypedArray%.prototype.join() with
detached buffer.
*) Bugfix: fixed memory leak in interactive shell.
</ChangeLog>
|
| |
|
|
| |
Bump PORTREVISION.
|
| |
|
|
|
|
|
| |
o) lua: from 0.10.19 to 0.10.20;
o) modsecurity3: from 1.0.1 to 1.0.2.
Bump PORTREVISION.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
<Changelog>
*) Change: now nginx always returns an error for the CONNECT method.
*) Change: now nginx always returns an error if both "Content-Length"
and "Transfer-Encoding" header lines are present in the request.
*) Change: now nginx always returns an error if spaces or control
characters are used in the request line.
*) Change: now nginx always returns an error if spaces or control
characters are used in a header name.
*) Change: now nginx always returns an error if spaces or control
characters are used in the "Host" request header line.
*) Change: optimization of configuration testing when using many
listening sockets.
*) Bugfix: nginx did not escape """, "<", ">", "\", "^", "`", "{", "|",
and "}" characters when proxying with changed URI.
*) Bugfix: SSL variables might be empty when used in logs; the bug had
appeared in 1.19.5.
*) Bugfix: keepalive connections with gRPC backends might not be closed
after receiving a GOAWAY frame.
*) Bugfix: reduced memory consumption for long-lived requests when
proxying with more than 64 buffers.
</Changelog>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
<ChangeLog>
*) Bugfix: fixed RegExpBuiltinExec() with UTF-8 only regexps.
The bug was introduced in 0.4.2.
*) Bugfix: fixed parsing of export default declaration with
non-assignment expressions.
Thanks to Artem S. Povalyukhin.
</ChangeLog>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bump PORTREVISION.
<ChangeLog for njs 0.5.3>
Core:
*) Feature: added let and const declaration support.
*) Feature: added RegExp.prototype[Symbol.split].
*) Feature: added sticky flag support for RegExp.
*) Bugfix: fixed heap-buffer-overflow in
String.prototype.lastIndexOf().
*) Bugfix: fixed RegExp.prototype.test() according to the
specification.
*) Bugfix: fixed String.prototype.split() according to the
specification.
*) Bugfix: fixed use-of-uninitialized-value while tracking
rejected promises.
*) Bugfix: fixed njs.dump() for objects with circular
references.
</ChangeLog>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Security: 0882f019-bd60-11eb-9bdd-8c164567ca3c
Security: CVE-2021-23017
<Changelog>
*) Security: 1-byte memory overwrite might occur during DNS server
response processing if the "resolver" directive was used, allowing an
attacker who is able to forge UDP packets from the DNS server to
cause worker process crash or, potentially, arbitrary code execution
(CVE-2021-23017).
*) Feature: variables support in the "proxy_ssl_certificate",
"proxy_ssl_certificate_key" "grpc_ssl_certificate",
"grpc_ssl_certificate_key", "uwsgi_ssl_certificate", and
"uwsgi_ssl_certificate_key" directives.
*) Feature: the "max_errors" directive in the mail proxy module.
*) Feature: the mail proxy module supports POP3 and IMAP pipelining.
*) Feature: the "fastopen" parameter of the "listen" directive in the
stream module.
Thanks to Anbang Wen.
*) Bugfix: special characters were not escaped during automatic redirect
with appended trailing slash.
*) Bugfix: connections with clients in the mail proxy module might be
closed unexpectedly when using SMTP pipelining.
</Changelog>
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
<Changelog>
*) Change: the default value of the "keepalive_requests" directive was
changed to 1000.
*) Feature: the "keepalive_time" directive.
*) Feature: the $connection_time variable.
*) Workaround: "gzip filter failed to use preallocated memory" alerts
appeared in logs when using zlib-ng.
</Changelog>
|
| |
|
|
|
| |
The issue was introduced by: 2e741e74b8db691f3cae0abf8482ade801fb74f4
PR: 254824
|
| | |
|
| | |
|
| |
|
|
| |
Bump PORTREVISION for www/nginx-devel.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update NGINX JavaScript module from 0.5.2 to 0.5.3.
Remove needless patches.
<ChangeLog for nginx 1.19.9>
*) Bugfix: nginx could not be built with the mail proxy module, but
without the ngx_mail_ssl_module; the bug had appeared in 1.19.8.
*) Bugfix: "upstream sent response body larger than indicated content
length" errors might occur when working with gRPC backends; the bug
had appeared in 1.19.1.
*) Bugfix: nginx might not close a connection till keepalive timeout
expiration if the connection was closed by the client while
discarding the request body.
*) Bugfix: nginx might not detect that a connection was already closed
by the client when waiting for auth_delay or limit_req delay, or when
working with backends.
*) Bugfix: in the eventport method.
</ChangeLog>
<ChangeLog for njs 0.5.3>
nginx modules:
*) Feature: added the "js_var" directive.
</ChangeLog>
|
| |
|
|
|
|
|
|
|
| |
While I'm here update the NJS module description.
Bump PORTREVISION.
Notes:
svn path=/head/; revision=568105
|
| |
|
|
|
|
|
| |
without SSL support.
Notes:
svn path=/head/; revision=568099
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add the vendor's patch to build mail module without SSL support.
<Changelog>
*) Feature: flags in the "proxy_cookie_flags" directive can now contain
variables.
*) Feature: the "proxy_protocol" parameter of the "listen" directive,
the "proxy_protocol" and "set_real_ip_from" directives in mail proxy.
*) Bugfix: HTTP/2 connections were immediately closed when using
"keepalive_timeout 0"; the bug had appeared in 1.19.7.
*) Bugfix: some errors were logged as unknown if nginx was built with
glibc 2.32.
*) Bugfix: in the eventport method.
</Changelog>
Notes:
svn path=/head/; revision=567947
|
| |
|
|
|
|
|
| |
Bump PORTREVISION.
Notes:
svn path=/head/; revision=567928
|
| |
|
|
|
|
|
|
|
| |
(ignoring case)
Reported by: danfe (for net/mosquitto), portscan
Notes:
svn path=/head/; revision=567577
|
| |
|
|
|
|
|
|
|
|
| |
distribution on GH.
Bump PORTREVISION.
PR: 253700
Notes:
svn path=/head/; revision=566494
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This functionality is available with the following prerequisites:
o) security/openssl built from ports with the kTLS options defined;
o) FreeBSD 13.
Bump PORTREVISION.
Submitted by: jhb
Obtained from: https://github.com/nginx/nginx/compare/master...bsdjhb:ktls.patch
Notes:
svn path=/head/; revision=566096
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update njs module from 0.5.0 to 0.5.1.
Update third-party auth_ldap module to its recent commit.
<Changelog>
Changes with nginx 1.19.7 16 Feb 2021
*) Change: connections handling in HTTP/2 has been changed to better
match HTTP/1.x; the "http2_recv_timeout", "http2_idle_timeout", and
"http2_max_requests" directives have been removed, the
"keepalive_timeout" and "keepalive_requests" directives should be
used instead.
*) Change: the "http2_max_field_size" and "http2_max_header_size"
directives have been removed, the "large_client_header_buffers"
directive should be used instead.
*) Feature: now, if free worker connections are exhausted, nginx starts
closing not only keepalive connections, but also connections in
lingering close.
*) Bugfix: "zero size buf in output" alerts might appear in logs if an
upstream server returned an incorrect response during unbuffered
proxying; the bug had appeared in 1.19.1.
*) Bugfix: HEAD requests were handled incorrectly if the "return"
directive was used with the "image_filter" or "xslt_stylesheet"
directives.
*) Bugfix: in the "add_trailer" directive.
Changes with njs 0.5.1 16 Feb 2021
nginx modules:
*) Feature: introduced ngx.fetch() method implementing Fetch API.
The following init options are supported:
body, headers, buffer_size (nginx specific),
max_response_body_size (nginx specific), method.
The following properties and methods of Response object are
implemented: arrayBuffer(), bodyUsed, json(), headers, ok,
redirect, status, statusText, text(), type, url.
The following properties and methods of Header object are
implemented: get(), getAll(), has().
Notable limitations: only the http:// scheme is supported,
redirects are not handled.
In collaboration with 洪志道 (Hong Zhi Dao).
*) Feature: added the "js_header_filter" directive.
*) Bugfix: fixed processing buffered data in body filter
in stream module.
Core:
*) Bugfix: fixed safe mode bypass in Function constructor.
*) Bugfix: fixed Date.prototype.toISOString() with invalid date
values.
</Changelog>
Notes:
svn path=/head/; revision=565418
|
