- Updated to 1.27.2
  * https://nginx.org/en/CHANGES
  * Added SSL certificates, secret keys, and CRLs are now cached on start
    or during reconfiguration.
  * Added client certificate validation with OCSP in the stream module.
  * Added OCSP stapling support in the stream module.
  * Added the "proxy_pass_trailers" directive in the ngx_http_proxy_module.
  * Added the "ssl_client_certificate" directive now supports certificates
    with auxiliary information.
  * Changed now the "ssl_client_certificate" directive is not required
    for client SSL certificates verification.

• Files Changed
• Browse Source

- Add /srv/www to filelist [bsc#1231027]

• Files Changed
• Browse Source

- Renamed nginx-1.6.1-default_config.patch to nginx-conf.patch.
- Renamed nginx-1.2.4-perl_vendor_install.patch to nginx-perl.patch.
- Used atosetup -p1 macro and replaced editor from perl to sed.
- Added %check section with gpg signature source verification.
- Updated to 1.27.1
  * https://nginx.org/en/CHANGES
  * Fixed crash in ngx_http_mp4_module via specially crafted mp4 file (CVE-2024-7347).
  * Now the stream module handler is not mandatory.
  * Fixed new HTTP/2 connections might ignore graceful shutdown of old worker processes.

• Files Changed
• Browse Source

- Updated to 1.27.0
  * Changed nginx.keyring to Sergey Kandaurov’s PGP public key.
  * https://nginx.org/en/CHANGES
  * Added variables support in the "proxy_limit_rate", "fastcgi_limit_rate",
    "scgi_limit_rate", and "uwsgi_limit_rate" directives.
  * Fixed reduced memory consumption for long-lived requests if "gzip",
    "gunzip", "ssi", "sub_filter", or "grpc_pass" directives are used.
  * Fixed building with gcc 14 with --with-atomic option.

• Files Changed
• Browse Source

- Updated list of recommended modules (deleted unavailable in TW).

• Files Changed
• Browse Source

- Updated to 1.25.5
  * Changed nginx.keyring to Roman Arutyunyan’s PGP public key.
  * https://nginx.org/en/CHANGES
  * Added virtual servers in the stream module.
  * Fixed the ngx_stream_pass_module.
  * Fixed the "deferred", "accept_filter", and "setfib" parameters
    of the "listen" directive in the stream module.
  * Added cache line size detection for some architectures.

• Files Changed
• Browse Source

- Set RuntimeDirectory to offer a location for Unix sockets at /run/nginx

• Files Changed
• Browse Source

- logrotate: don't fail if service not running

• Files Changed
• Browse Source

- Use %patch -P N instead of deprecated %patchN.

• Files Changed
• Browse Source

- Updated to 1.25.4
  * Changed nginx.keyring to Sergey Kandaurov’s PGP public key.
  * https://nginx.org/en/CHANGES
  * Fixed segmentation fault might occur in a worker process while
    processing a specially crafted QUIC session (CVE-2024-24989, CVE-2024-24990).
  * Fixed connections with pending AIO operations might be closed
    prematurely during graceful shutdown of old worker processes.
  * Fixed socket leak alerts no longer logged when fast shutdown was
    requested after graceful shutdown of old worker processes.
  * Fixed socket descriptor error, a socket leak, or a segmentation fault
    in a worker process might occur if AIO was used in a subrequest.
  * Fixed segmentation fault might occur in a worker process if SSL
    proxying was used along with the "image_filter" directive and errors
    with code 415 were redirected with the "error_page" directive.

• Files Changed
• Browse Source

- Updated to 1.25.3
  * https://nginx.org/en/CHANGES
  * Changed: improved detection of misbehaving clients when using HTTP/2.
  * Added: startup speedup when using a large number of locations.
  * Fixed: a segmentation fault might occur in a worker process when
    using HTTP/2 without SSL; the bug had appeared in 1.25.1.
  * Fixed: the "Status" backend response header line with an empty
    reason phrase was handled incorrectly.
  * Fixed: memory leak during reconfiguration when using the PCRE2 library.

• Files Changed
• Browse Source

- Updated to 1.25.2
  * https://nginx.org/en/CHANGES
  * Changed: uses appname "nginx" when loading OpenSSL configuration.
  * Changed: does not try to load OpenSSL configuration if the
    --with-openssl option was used to built OpenSSL and the OPENSSL_CONF
    environment variable is not set.

• Files Changed
• Browse Source

- Updated to 1.25.1
  * https://nginx.org/en/CHANGES
  * Added "http2" directive, which enables HTTP/2 on a per-server basis.
  * Deprecated "http2" parameter of the "listen" directive.
  * Removed HTTP/2 server push support.
  * Deprecated "ssl" directive is not supported anymore. 

• Files Changed
• Browse Source

- Updated to 1.25.0
  * https://nginx.org/en/CHANGES
  * Added experimental HTTP/3 support.

• Files Changed
• Browse Source

- Updated to 1.23.4
  * https://nginx.org/en/CHANGES
  * Enabled TLSv1.3 protocol by default.
  * Supported byte ranges support in the ngx_http_gzip_static_module.
  * Fixed port ranges in the "listen" directive did not work.
  * Fixed incorrect location might be chosen to process a request if a
    prefix location longer than 255 characters.
  * Fixed a socket leak might occur when using HTTP/2 and the
    "error_page" directive to redirect errors with code 400.

• Files Changed
• Browse Source

- Updated to 1.23.3
  * Bugfix: an error might occur when reading PROXY protocol version 2
    header with large number of TLVs.
  * Bugfix: a segmentation fault might occur in a worker process if SSI
    was used to process subrequests created by other modules.
  * Workaround: when a hostname used in the "listen" directive resolves
    to multiple addresses, nginx now ignores duplicates within these
    addresses.
  * Bugfix: nginx might hog CPU during unbuffered proxying if SSL
    connections to backends were used.

• Files Changed
• Browse Source

- Updated to 1.23.2
  * Security: processing of a specially crafted mp4 file by the
    ngx_http_mp4_module might cause a worker process crash, worker
    process memory disclosure, or might have potential other impact
    (CVE-2022-41741, CVE-2022-41742).
  * Feature: the "$proxy_protocol_tlv_..." variables.
  * Feature: TLS session tickets encryption keys are now automatically
    rotated when using shared memory in the "ssl_session_cache"
    directive.
  * Change: the logging level of the "bad record type" SSL errors has
    been lowered from "crit" to "info".
  * Change: now when using shared memory in the "ssl_session_cache"
    directive the "could not allocate new session" errors are logged at
    the "warn" level instead of "alert" and not more often than once per second.
  * Bugfix: nginx/Windows could not be built with OpenSSL 3.0.x.
  * Bugfix: in logging of the PROXY protocol errors.
  * Workaround: shared memory from the "ssl_session_cache" directive was
    spent on sessions using TLS session tickets when using TLSv1.3 with OpenSSL.
  * Workaround: timeout specified with the "ssl_session_timeout"
    directive did not work when using TLSv1.3 with OpenSSL or BoringSSL.

• Files Changed
• Browse Source

- Updated to 1.23.1
  * Feature: memory usage optimization in configurations with SSL proxying.
  * Feature: looking up of IPv4 addresses while resolving now can be
    disabled with the "ipv4=off" parameter of the "resolver" directive.
  * Change: the logging level of the "bad key share", "bad extension",
    "bad cipher", and "bad ecpoint" SSL errors has been lowered from "crit" to "info".
  * Bugfix: while returning byte ranges nginx did not remove the
    "Content-Range" header line if it was present in the original backend response.
  * Bugfix: a proxied response might be truncated during reconfiguration
    on Linux; the bug had appeared in 1.17.5.

• Files Changed
• Browse Source

- Changed nginx.keyring to Konstantin Pavlov’s PGP public key.
- Removed nginx.init.
- Updated to 1.23.0
  * https://nginx.org/en/CHANGES
  * Now header lines are represented as linked lists.
  * Now nginx combines arbitrary header lines with identical
    names when sending to FastCGI, SCGI, and uwsgi backends, in the
    $r->header_in() method of the ngx_http_perl_module, and during lookup
    of the "$http_...", "$sent_http_...", "$sent_trailer_...",
    "$upstream_http_...", and "$upstream_trailer_..." variables.
  * Fixed: if there were multiple "Vary" header lines in the backend
    response, nginx only used the last of them when caching.
  * Fixed: if there were multiple "WWW-Authenticate" header lines in the
    backend response and errors with code 401 were intercepted or the
    "auth_request" directive was used, nginx only sent the first of the
    header lines to the client.
  * The logging level of the "application data after close
    notify" SSL errors has been lowered from "crit" to "info".
  * Fixed: connections might hang if nginx was built on Linux 2.6.17 or
    newer, but was used on systems without EPOLLRDHUP support, notably
    with epoll emulation layers; the bug had appeared in 1.17.5.
  * Fixed: nginx did not cache the response if the "Expires" response
    header line disabled caching, but following "Cache-Control" header
    line enabled caching.

• Files Changed
• Browse Source

- Updated to 1.21.6
  * https://nginx.org/en/CHANGES
  * Fixed when using EPOLLEXCLUSIVE on Linux client connections were
    unevenly distributed among worker processes.
  * Fixed nginx returned the "Connection: keep-alive" header line in
    responses during graceful shutdown of old worker processes.
  * Fixed in the "ssl_session_ticket_key" when using TLSv1.3.

• Files Changed
• Browse Source