- Updated to 1.21.5
  * https://nginx.org/en/CHANGES
  * Build with the PCRE2.
  * Supported the $ssl_curve variable.
  * Fixed connections might hang when using HTTP/2 without SSL
    with the "sendfile" and "aio" directives.

• Files Changed
• Browse Source

- Updated to 1.21.4
  * https://nginx.org/en/CHANGES
  * Support for NPN instead of ALPN to establish HTTP/2
    connections has been removed.
  * Now nginx rejects SSL connections if ALPN is used by the
    client, but no supported protocols can be negotiated.
  * The default value of the "sendfile_max_chunk" directive was
    changed to 2 megabytes.
  * The "proxy_half_close" directive in the stream module.
  * The "ssl_alpn" directive in the stream module.
  * The $ssl_alpn_protocol variable.
  * Support for SSL_sendfile() when using OpenSSL 3.0.
  * The "mp4_start_key_frame" directive in the ngx_http_mp4_module.
  * In the $content_length variable when using chunked transfer encoding.
  * After receiving a response with incorrect length from a proxied
    backend nginx might nevertheless cache the connection.
  * Invalid headers from backends were logged at the "info" level
    instead of "error"; the bug had appeared in 1.21.1.
  * Requests might hang when using HTTP/2 and the "aio_write" directive.
- drop vim-plugin-nginx, now is provided directly by vim 

• Files Changed
• Browse Source

- Add CONFIG parameter to %sysusers_generate_pre
- Added hardening to systemd service(s) (bsc#1181400). Modified:
  * nginx.service

• Files Changed
• Browse Source

- Updated to 1.21.3
  * https://nginx.org/en/CHANGES
  * Optimization of client request body reading when using HTTP/2.
  * Fixed request body filters internal API when using HTTP/2 and
    buffering of the data being processed.

• Files Changed
• Browse Source

- Updated to 1.21.2
  * https://nginx.org/en/CHANGES
  * Now nginx rejects HTTP/1.0 requests with the "Transfer-Encoding" header line.
  * Export ciphers are no longer supported.
  * Added OpenSSL 3.0 compatibility.
  * Added the "Auth-SSL-Protocol" and "Auth-SSL-Cipher" header lines
    are now passed to the mail proxy authentication server.
  * Added request body filters API now permits buffering of the data being processed.
  * Fixed backend SSL connections in the stream module might hang after an SSL handshake.
  * Fixed the security level, which is available in OpenSSL 1.1.0 or newer,
    did not affect loading of the server certificates when set
    with "@SECLEVEL=N" in the "ssl_ciphers" directive.
  * Fixed SSL connections with gRPC backends might hang if select, poll,
    or /dev/poll methods were used.
  * Fixed when using HTTP/2 client request body was always written to
    disk if the "Content-Length" header line was not present in the request.

• Files Changed
• Browse Source

• Files Changed
• Browse Source

• Files Changed
• Browse Source

- Updated to 1.21.0
  * https://nginx.org/en/CHANGES
  * Added variables support in the "proxy_ssl_certificate",
    "proxy_ssl_certificate_key" "grpc_ssl_certificate",
    "grpc_ssl_certificate_key", "uwsgi_ssl_certificate", and
    "uwsgi_ssl_certificate_key" directives.
  * Added the "max_errors" directive in the mail proxy module.
  * Added the mail proxy module supports POP3 and IMAP pipelining.
  * Added the "fastopen" parameter of the "listen" directive in the
    stream module.
  * Fixed special characters were not escaped during automatic redirect
    with appended trailing slash.
  * Fixed connections with clients in the mail proxy module might be
    closed unexpectedly when using SMTP pipelining.

• Files Changed
• Browse Source

- Update to 1.20.1
  * https://nginx.org/en/CHANGES
  * 1-byte memory overwrite might occur during DNS server response processing
    if the "resolver" directive was used, allowing an attacker who is able to
    forge UDP packets from the DNS server to cause worker process crash or,
    potentially, arbitrary code execution (CVE-2021-23017, boo#1186126).

• Files Changed
• Browse Source

Automatic submission by obs-autosubmit

• Files Changed
• Browse Source

• Files Changed
• Browse Source

• Files Changed
• Browse Source

- update to 1.19.8:
  * Feature: flags in the "proxy_cookie_flags" directive can now contain
    variables.
  * Feature: the "proxy_protocol" parameter of the "listen" directive,
    the "proxy_protocol" and "set_real_ip_from" directives in mail proxy.
  * Bugfix: HTTP/2 connections were immediately closed when using
    "keepalive_timeout 0"; the bug had appeared in 1.19.7.
  * Bugfix: some errors were logged as unknown if nginx was built with
    glibc 2.32.
  * Bugfix: in the eventport method.

• Files Changed
• Browse Source

• Files Changed
• Browse Source

- Update to 1.19.6
  * https://nginx.org/en/CHANGES
  * Fix "no live upstreams" errors if a "server" inside "upstream"
    block was marked as "down".
  * Fix a segmentation fault might occur in a worker process if HTTPS
    was used; the bug had appeared in 1.19.5.
  * Fix nginx returned the 400 response on requests like
    "GET http://example.com?args HTTP/1.0".
  * Fix in the ngx_http_flv_module and ngx_http_mp4_module.

• Files Changed
• Browse Source

• Files Changed
• Browse Source

• Files Changed
• Browse Source

- Update to 1.19.3
  * https://nginx.org/en/CHANGES
  * Add the ngx_stream_set_module.
  * Add the "proxy_cookie_flags" directive.
  * Add the "userid_flags" directive.
  * Fix the "stale-if-error" cache control extension was erroneously
    applied if backend returned a response with status code 500, 502,
    503, 504, 403, 404, or 429.
  * Fix "[crit] cache file ... has too long header" messages might
    appear in logs if caching was used and the backend returned responses
    with the "Vary" header line.
  * Fix "[crit] SSL_write() failed" messages might appear in logs
    when using OpenSSL 1.1.1.
  * Fix "SSL_shutdown() failed (SSL: ... bad write retry)" messages
    might appear in logs; the bug had appeared in 1.19.2.
  * Fix a segmentation fault might occur in a worker process when
    using HTTP/2 if errors with code 400 were redirected to a proxied
    location using the "error_page" directive.
  * Fix socket leak when using HTTP/2 and subrequests in the njs module.

• Files Changed
• Browse Source

• Files Changed
• Browse Source

Automatic submission by obs-autosubmit

• Files Changed
• Browse Source