From 600b1eb950c9c6f311419e70b1dc0d35fe39ea99 Mon Sep 17 00:00:00 2001 From: "Sergey A. Osokin" Date: Tue, 21 Oct 2025 20:03:22 -0400 Subject: www/freenginx-devel: update from 1.27.2 to 1.29.2 Due to changes in freenginx core several third-party modules are required additional patching. Changes with freenginx 1.29.2 23 Sep 2025 *) Feature: support for the Encrypted Client Hello (ECH) extension of the TLS 1.3 protocol. Changes with freenginx 1.29.1 26 Aug 2025 *) Change: now responses from proxied servers over HTTP/0.9 are rejected as invalid by default; the "proxy_allow_http09" directive allows processing of such responses. *) Change: stricter syntax checks are now applied to the "Host" request header line. *) Feature: now interim 1xx responses of proxied servers are ignored. *) Feature: certificates for IP addresses are now supported when verifying backend SSL certificates. *) Feature: the "proxy_allow_duplicate_chunked" directive. Thanks to Gennady Bekasov. *) Bugfix: when using a host name in the request line, the "_" and some other characters were not allowed, as well as zone identifiers in IPv6 addresses. *) Workaround: "shutdown() failed (22: Invalid argument)" alerts might appear in logs on NetBSD. *) Bugfix: in the mail proxy module. Changes with freenginx 1.29.0 08 Jul 2025 *) Change: the "directio" directive now works when returning responses from cache. *) Change: the "limit_rate" directive now uses the leaky bucket algorithm, allowing more accurate enforcement of the specified rate; the "limit_rate_after" directive specifies the allowed size of traffic bursts. *) Change: the $request_time variable now remains correct on system time changes. *) Feature: the "send_min_rate" and "client_body_min_rate" directives. *) Feature: the "limit_rate" and "limit_rate_after" directives in the mail proxy module. *) Feature: the "lingering_close", "lingering_time", and "lingering_timeout" directives in the mail proxy module. *) Feature: connection limiting in the mail proxy module. *) Workaround: the "send_timeout" directive might not work when the kernel TCP memory limit was reached on Linux. *) Workaround: gcc 15.1 compatibility. *) Bugfix: a segmentation fault might occur in a worker process if the "proxy_ssl_password_file" directive was used in the stream module; the bug had appeared in 1.23.1. *) Bugfix: a segmentation fault might occur in a worker process on shutdown; the bug had appeared in 1.27.2. *) Bugfix: in the "open_file_cache" directive. Changes with freenginx 1.27.6 15 Apr 2025 *) Workaround: the X25519MLKEM768 group name was not shown in the $ssl_curve and $ssl_curves variables when using OpenSSL 3.5. *) Bugfix: a segmentation fault might occur in a worker process if the "proxy_ssl_password_file" directive was used along with variables in the "proxy_ssl_certificate" or "proxy_ssl_certificate_key" directives; the bug had appeared in 1.23.1. Changes with freenginx 1.27.5 08 Apr 2025 *) Feature: the "multipath" parameter of the "listen" directive. Thanks to Maxime Dourov and Anthony Doeraene. *) Change: SSL session reuse is no longer allowed between servers with different certificates set by the "ssl_trusted_certificate" directive if client SSL certificate verification is enabled. *) Workaround: when using TLSv1.3 with OpenSSL 1.1.1e or newer, it was possible to reuse an SSL session in a different virtual server context, notably with different certificates set by the "ssl_client_certificate" directive. *) Workaround: "gzip filter failed to use preallocated memory" alerts appeared in logs when using zlib-ng. Changes with freenginx 1.27.4 03 Sep 2024 *) Feature: the $ssl_client_fingerprint_sha256 variable. *) Feature: the "Auth-SSL-Fingerprint-SHA256 header line is now passed to the mail proxy authentication server. *) Change: MIME type for the "js" extension has been changed to "text/javascript", the "mjs" extension now uses the "text/javascript" MIME type, and the "md" and "markdown" extensions now use the "text/markdown" MIME type; the default value of the "charset_types" directive now includes "text/javascript" and "text/markdown". *) Bugfix: a segmentation fault might occur in a worker process if the ngx_http_mp4_module was used; the bug had appeared in 1.5.13. *) Bugfix: a segmentation fault might occur in a worker process when handling requests with the "Expect: 100-continue" request header line; the bug had appeared in 1.27.0. Changes with freenginx 1.27.3 13 Aug 2024 *) Change: now the "Age" backend response header line is taken into account when caching. Thanks to Hiroaki Nakamura. *) Feature: the $upstream_cache_age variable. *) Change: during graceful shutdown of old worker processes keepalive connections are now closed only after timeout specified with the "lingering_timeout" directive expires. *) Feature: improvements in building on Windows. --- .../extra-patch-ngx_http_uploadprogress_module.c | 73 ---------------------- 1 file changed, 73 deletions(-) delete mode 100644 www/freenginx-devel/files/extra-patch-ngx_http_uploadprogress_module.c (limited to 'www/freenginx-devel/files/extra-patch-ngx_http_uploadprogress_module.c') diff --git a/www/freenginx-devel/files/extra-patch-ngx_http_uploadprogress_module.c b/www/freenginx-devel/files/extra-patch-ngx_http_uploadprogress_module.c deleted file mode 100644 index 5dfbdbfea794..000000000000 --- a/www/freenginx-devel/files/extra-patch-ngx_http_uploadprogress_module.c +++ /dev/null @@ -1,73 +0,0 @@ ---- ../nginx-upload-progress-module-68b3ab3/ngx_http_uploadprogress_module.c.orig 2021-12-24 10:53:38.000000000 -0500 -+++ ../nginx-upload-progress-module-68b3ab3/ngx_http_uploadprogress_module.c 2022-07-10 22:24:32.435330000 -0400 -@@ -559,12 +559,12 @@ - ngx_chain_t out; - ngx_int_t rc, found=0, done=0, err_status=0; - off_t rest=0, length=0; -- ngx_uint_t len, i; -+ ngx_uint_t len; - ngx_slab_pool_t *shpool; - ngx_http_uploadprogress_conf_t *upcf; - ngx_http_uploadprogress_ctx_t *ctx; - ngx_http_uploadprogress_node_t *up; -- ngx_table_elt_t *expires, *cc, **ccp; -+ ngx_table_elt_t *expires, *cc; - ngx_http_uploadprogress_state_t state; - ngx_http_uploadprogress_template_t *t; - -@@ -637,6 +637,7 @@ - } - - r->headers_out.expires = expires; -+ expires->next = NULL; - - expires->hash = 1; - expires->key.len = sizeof("Expires") - 1; -@@ -646,37 +647,30 @@ - len = sizeof("Mon, 28 Sep 1970 06:00:00 GMT"); - expires->value.len = len - 1; - -- ccp = r->headers_out.cache_control.elts; -- if (ccp == NULL) { -+ cc = r->headers_out.cache_control; - -- if (ngx_array_init(&r->headers_out.cache_control, r->pool, -- 1, sizeof(ngx_table_elt_t *)) -- != NGX_OK) { -- return NGX_HTTP_INTERNAL_SERVER_ERROR; -- } -+ if (cc == NULL) { - -- ccp = ngx_array_push(&r->headers_out.cache_control); -- if (ccp == NULL) { -- return NGX_HTTP_INTERNAL_SERVER_ERROR; -- } -- - cc = ngx_list_push(&r->headers_out.headers); - if (cc == NULL) { -+ expires->hash = 0; - return NGX_HTTP_INTERNAL_SERVER_ERROR; - } - -+ r->headers_out.cache_control = cc; -+ cc->next = NULL; -+ - cc->hash = 1; - cc->key.len = sizeof("Cache-Control") - 1; - cc->key.data = (u_char *) "Cache-Control"; - -- *ccp = cc; -- - } else { -- for (i = 1; i < r->headers_out.cache_control.nelts; i++) { -- ccp[i]->hash = 0; -+ for (cc = cc->next; cc; cc = cc->next) { -+ cc->hash = 0; - } - -- cc = ccp[0]; -+ cc = r->headers_out.cache_control; -+ cc->next = NULL; - } - - expires->value.data = (u_char *) "Thu, 01 Jan 1970 00:00:01 GMT"; -- cgit v1.2.3