Re: nginx pgp key nginx_signing.key
Hi Ivan! On 07/07/2024 6:39 AM, Ivan Strelnikov via nginx wrote: Hello! Many years ago i started use `nginx_signing.key` from this url: `https://nginx.org/packages/keys/nginx_signing.key` but now i find out that it is expired and outdated. Fresh key is here: `https://nginx.org/keys/nginx_signing.key` and i think maybe there is a mistake that old key file is exist or outdated? Maybe we should update it or please explain me if i wrong. P.S. Sorry, if this is wrong place for this kind of questions, i can't find more proper one. Thanks for using our packages! This location was not updated when we moved to the new set of keys... I've fixed that now. In any case I'd suggest moving to the paths we have documented on https://nginx.org/en/linux_packages.html if it's possible. Have a good one, ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx
[PATCH 2 of 2] Removed Maxim Dounin's PGP key
# HG changeset patch # User Konstantin Pavlov # Date 1708551944 28800 # Wed Feb 21 13:45:44 2024 -0800 # Node ID 646ce0bcdac6817560f1c39bbcdf7439cc0be73d # Parent 98a4f772621c4f0751042ab0f7e1f2d4ba53556f Removed Maxim Dounin's PGP key. diff -r 98a4f772621c -r 646ce0bcdac6 text/keys/mdounin.key --- a/text/keys/mdounin.key Wed Feb 21 13:43:17 2024 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 + @@ -1,33 +0,0 @@ --BEGIN PGP PUBLIC KEY BLOCK- -Version: GnuPG v1.4.11 (FreeBSD) - -mQENBE7SKu8BCADQo6x4ZQfAcPlJMLmL8zBEBUS6GyKMMMDtrTh3Yaq481HB54oR -0cpKL05Ff9upjrIzLD5TJUCzYYM9GQOhguDUP8+ZU9JpSz3yO2TvH7WBbUZ8FADf -hblmmUBLNgOWgLo3W+FYhl3mz1GFS2Fvid6Tfn02L8CBAj7jxbjL1Qj/OA/WmLLc -m6BMTqI7IBlYW2vyIOIHasISGiAwZfp0ucMeXXvTtt14LGa8qXVcFnJTdwbf03AS -ljhYrQnKnpl3VpDAoQt8C68YCwjaNJW59hKqWB+XeIJ9CW98+EOAxLAFszSyGanp -rCqPd0numj9TIddjcRkTA/ZbmCWK+xjpVBGXABEBAAG0IU1heGltIERvdW5pbiA8 -bWRvdW5pbkBtZG91bmluLnJ1PokBOAQTAQIAIgUCTtIq7wIbAwYLCQgHAwIGFQgC -CQoLBBYCAwECHgECF4AACgkQUgqZk6HAUvj+iwf/b4FS6zVzJ5T0v1vcQGD4ZzXe -D5xMC4BJW414wVMU15rfX7aCdtoCYBNiApPxEd7SwiyxWRhRA9bikUq87JEgmnyV -0iYbHZvCvc1jOkx4WR7E45t1Mi29KBoPaFXA9X5adZkYcOQLDxa2Z8m6LGXnlF6N -tJkxQ8APrjZsdrbDvo3HxU9muPcq49ydzhgwfLwpUs11LYkwB0An9WRPuv3jporZ -/XgI6RfPMZ5NIx+FRRCjn6DnfHboY9rNF6NzrOReJRBhXCi6I+KkHHEnMoyg8XET -9lVkfHTOl81aIZqrAloX3/00TkYWyM2zO9oYpOg6eUFCX/Lw4MJZsTcT5EKVxIhG -BBARAgAGBQJO01Y/AAoJEOzw6QssFyCDVyQAn3qwTZlcZgyyzWu9Cs8gJ0CXREaS -AJ92QjGLT9DijTcbB+q9OS/nl16Z/IhGBBARAgAGBQJO02JDAAoJEKk3YTmlJMU+ -P64AnjCKEXFelSVMtgefJk3+vpyt3QX1AKCH9M3MbTWPeDUL+MpULlfdyfvjj7kB -DQRO0irvAQgA0LjCc8S6oZzjiap2MjRNhRFA5BYjXZRZBdKF2VP74avt2/RELq8G -W0n7JWmKn6vvrXabEGLyfkCngAhTq9tJ/K7LPx/bmlO5+jboO/1inH2BTtLiHjAX -vicXZk3oaZt2Sotx5mMI3yzpFQRVqZXsi0LpUTPJEh3oS8IdYRjslQh1A7P5hfCZ -wtzwb/hKm8upODe/ITUMuXeWfLuQj/uEU6wMzmfMHb+jlYMWtb+v98aJa2FODeKP -mWCXLa7bliXp1SSeBOEfIgEAmjM6QGlDx5sZhr2Ss2xSPRdZ8DqD7oiRVzmstX1Y -oxEzC0yXfaefC7SgM0nMnaTvYEOYJ9CH3wARAQABiQEfBBgBAgAJBQJO0irvAhsM -AAoJEFIKmZOhwFL4844H/jo8icCcS6eOWvnen7lg0FcCo1fIm4wW3tEmkQdchSHE -CJDq7pgTloN65pwB5tBoT47cyYNZA9eTfJVgRc74q5cexKOYrMC3KuAqWbwqXhkV -s0nkWxnOIidTHSXvBZfDFA4Idwte94Thrzf8Pn8UESudTiqrWoCBXk2UyVsl03gJ -blSJAeJGYPPeo+Yj6m63OWe2+/S2VTgmbPS/RObn0Aeg7yuff0n5+ytEt2KL51gO -QE2uIxTCawHr12PsllPkbqPk/PagIttfEJqn9b0CrqPC3HREePb2aMJ/Ctw/76CO -wn0mtXeIXLCTvBmznXfaMKllsqbsy2nCJ2P2uJjOntw= -=Tavt --END PGP PUBLIC KEY BLOCK- diff -r 98a4f772621c -r 646ce0bcdac6 xml/en/pgp_keys.xml --- a/xml/en/pgp_keys.xml Wed Feb 21 13:43:17 2024 -0800 +++ b/xml/en/pgp_keys.xml Wed Feb 21 13:45:44 2024 -0800 @@ -14,10 +14,6 @@ -Maxim Dounins -PGP public key - - Maxim Konovalovs PGP public key ___ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
[PATCH 1 of 2] Linux packages: removed Ubuntu 23.04 'lunar' due to EOL
# HG changeset patch # User Konstantin Pavlov # Date 1708551797 28800 # Wed Feb 21 13:43:17 2024 -0800 # Node ID 98a4f772621c4f0751042ab0f7e1f2d4ba53556f # Parent e10905e43fa1d5abfdbc0bb6e9bd6e188aad6421 Linux packages: removed Ubuntu 23.04 'lunar' due to EOL. diff -r e10905e43fa1 -r 98a4f772621c xml/en/linux_packages.xml --- a/xml/en/linux_packages.xml Mon Feb 19 14:34:47 2024 + +++ b/xml/en/linux_packages.xml Wed Feb 21 13:43:17 2024 -0800 @@ -7,7 +7,7 @@ + rev="94"> @@ -88,11 +88,6 @@ versions: -23.04 “lunar” -x86_64, aarch64/arm64 - - - 23.10 “mantic” x86_64, aarch64/arm64 diff -r e10905e43fa1 -r 98a4f772621c xml/ru/linux_packages.xml --- a/xml/ru/linux_packages.xml Mon Feb 19 14:34:47 2024 + +++ b/xml/ru/linux_packages.xml Wed Feb 21 13:43:17 2024 -0800 @@ -7,7 +7,7 @@ + rev="94"> @@ -88,11 +88,6 @@ -23.04 “lunar” -x86_64, aarch64/arm64 - - - 23.10 “mantic” x86_64, aarch64/arm64 ___ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
[PATCH] Linux packages: actualized supported Alpine Linux versions
# HG changeset patch # User Konstantin Pavlov # Date 1702345379 28800 # Mon Dec 11 17:42:59 2023 -0800 # Node ID 55f8ce8a8cb0acf9b360e47fd5d0023f16451a80 # Parent 08533e33d0744bd27bc42d87c47607399903eae5 Linux packages: actualized supported Alpine Linux versions. diff -r 08533e33d074 -r 55f8ce8a8cb0 xml/en/linux_packages.xml --- a/xml/en/linux_packages.xml Mon Nov 27 21:30:25 2023 + +++ b/xml/en/linux_packages.xml Mon Dec 11 17:42:59 2023 -0800 @@ -7,7 +7,7 @@ + rev="93"> @@ -134,11 +134,6 @@ versions: -3.15 -x86_64, aarch64/arm64 - - - 3.16 x86_64, aarch64/arm64 @@ -153,6 +148,11 @@ versions: x86_64, aarch64/arm64 + +3.19 +x86_64, aarch64/arm64 + + diff -r 08533e33d074 -r 55f8ce8a8cb0 xml/ru/linux_packages.xml --- a/xml/ru/linux_packages.xml Mon Nov 27 21:30:25 2023 + +++ b/xml/ru/linux_packages.xml Mon Dec 11 17:42:59 2023 -0800 @@ -7,7 +7,7 @@ + rev="93"> @@ -134,11 +134,6 @@ -3.15 -x86_64, aarch64/arm64 - - - 3.16 x86_64, aarch64/arm64 @@ -153,6 +148,11 @@ x86_64, aarch64/arm64 + +3.19 +x86_64, aarch64/arm64 + + ___ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: [PATCH] Linux packages: documented nginx-module-otel package
Hi, On 26/10/2023 10:26 AM, Maxim Dounin wrote: Note that "nginx-authored" here looks misleading, as no nginx core developers work on this module. Overall, I do support the clear distinction between nginx's own modules and 3rd-party modules provided in the packages repository. (But, as correctly noted by Konstantin, this should include njs as well.) Indeed, I'll send patches to clarify the differences. ___ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
[PATCH] Linux packages: added Ubuntu 23.04 "mantic"
# HG changeset patch # User Konstantin Pavlov # Date 1699587725 28800 # Thu Nov 09 19:42:05 2023 -0800 # Node ID d9dba9159ddf3adaf0263f17f3ed69228aa6c972 # Parent 5cfaf094e2a041d3fa6eaf58799f575295e451ab Linux packages: added Ubuntu 23.04 "mantic". diff -r 5cfaf094e2a0 -r d9dba9159ddf xml/en/linux_packages.xml --- a/xml/en/linux_packages.xml Tue Oct 24 15:16:17 2023 -0700 +++ b/xml/en/linux_packages.xml Thu Nov 09 19:42:05 2023 -0800 @@ -7,7 +7,7 @@ + rev="92"> @@ -92,6 +92,11 @@ versions: x86_64, aarch64/arm64 + +23.10 “mantic” +x86_64, aarch64/arm64 + + diff -r 5cfaf094e2a0 -r d9dba9159ddf xml/ru/linux_packages.xml --- a/xml/ru/linux_packages.xml Tue Oct 24 15:16:17 2023 -0700 +++ b/xml/ru/linux_packages.xml Thu Nov 09 19:42:05 2023 -0800 @@ -7,7 +7,7 @@ + rev="92"> @@ -92,6 +92,11 @@ x86_64, aarch64/arm64 + +23.10 “mantic” +x86_64, aarch64/arm64 + + ___ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: [PATCH] Linux packages: documented nginx-module-otel package
Hi Yaroslav, On 25/10/2023 2:52 AM, Yaroslav Zhuravlev wrote: On 24 Oct 2023, at 23:16, Konstantin Pavlov wrote: # HG changeset patch # User Konstantin Pavlov # Date 1698185777 25200 # Tue Oct 24 15:16:17 2023 -0700 # Node ID aa09c0e4358bfbc98b051e536c25b74f5568f393 # Parent 00c220310f537af2654cd3a04780f36ef5518014 Linux packages: documented nginx-module-otel package. diff -r 00c220310f53 -r aa09c0e4358b xml/en/linux_packages.xml --- a/xml/en/linux_packages.xml Tue Oct 24 17:13:13 2023 +0100 +++ b/xml/en/linux_packages.xml Tue Oct 24 15:16:17 2023 -0700 @@ -7,7 +7,7 @@ + rev="91"> @@ -654,6 +654,11 @@ nginx-module-njs nginx-module-perl nginx-module-xslt +Additionally, since version 1.25.3 comma needed after 1.25.3 (for consistency with similar places in the doc) the following module is shipped as a +separate package: + +nginx-module-otel + diff -r 00c220310f53 -r aa09c0e4358b xml/ru/linux_packages.xml --- a/xml/ru/linux_packages.xml Tue Oct 24 17:13:13 2023 +0100 +++ b/xml/ru/linux_packages.xml Tue Oct 24 15:16:17 2023 -0700 @@ -7,7 +7,7 @@ + rev="91"> @@ -651,6 +651,11 @@ nginx-module-njs nginx-module-perl nginx-module-xslt +В дополнение к этому, с версии 1.25.3 следующий модуль поставляется в виде начиная с +отдельного пакета: + +nginx-module-otel + Thanks! As an optional variant to consider, perhaps it might be good to reflect that it's a third party module authored by nginx devs, e.g: The same applies to njs as well if we want to go this route. ___ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
[PATCH] Linux packages: documented nginx-module-otel package
# HG changeset patch # User Konstantin Pavlov # Date 1698185777 25200 # Tue Oct 24 15:16:17 2023 -0700 # Node ID aa09c0e4358bfbc98b051e536c25b74f5568f393 # Parent 00c220310f537af2654cd3a04780f36ef5518014 Linux packages: documented nginx-module-otel package. diff -r 00c220310f53 -r aa09c0e4358b xml/en/linux_packages.xml --- a/xml/en/linux_packages.xml Tue Oct 24 17:13:13 2023 +0100 +++ b/xml/en/linux_packages.xml Tue Oct 24 15:16:17 2023 -0700 @@ -7,7 +7,7 @@ + rev="91"> @@ -654,6 +654,11 @@ nginx-module-njs nginx-module-perl nginx-module-xslt +Additionally, since version 1.25.3 the following module is shipped as a +separate package: + +nginx-module-otel + diff -r 00c220310f53 -r aa09c0e4358b xml/ru/linux_packages.xml --- a/xml/ru/linux_packages.xml Tue Oct 24 17:13:13 2023 +0100 +++ b/xml/ru/linux_packages.xml Tue Oct 24 15:16:17 2023 -0700 @@ -7,7 +7,7 @@ + rev="91"> @@ -651,6 +651,11 @@ nginx-module-njs nginx-module-perl nginx-module-xslt +В дополнение к этому, с версии 1.25.3 следующий модуль поставляется в виде +отдельного пакета: + +nginx-module-otel + ___ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] nginx-1.25.3-RELEASE
details: https://hg.nginx.org/nginx/rev/294a3d07234f branches: changeset: 9181:294a3d07234f user: Maxim Dounin date: Tue Oct 24 16:46:46 2023 +0300 description: nginx-1.25.3-RELEASE diffstat: docs/xml/nginx/changes.xml | 75 ++ 1 файлов изменено, 75 вставок(+), 0 удалений(-) различия (85 строк): diff -r 782535848b3e -r 294a3d07234f docs/xml/nginx/changes.xml --- a/docs/xml/nginx/changes.xmlMon Oct 23 21:50:26 2023 +0300 +++ b/docs/xml/nginx/changes.xmlTue Oct 24 16:46:46 2023 +0300 @@ -5,6 +5,81 @@ + + + + +улучшено детектирование некорректного поведения клиентов +при использовании HTTP/2. + + +improved detection of misbehaving clients +when using HTTP/2. + + + + + +уменьшение времени запуска +при использовании большого количества location'ов. +Спасибо Yusuke Nojima. + + +startup speedup +when using a large number of locations. +Thanks to Yusuke Nojima. + + + + + +при использовании HTTP/2 без SSL +в рабочем процессе мог произойти segmentation fault; +ошибка появилась в 1.25.1. + + +a segmentation fault might occur in a worker process +when using HTTP/2 without SSL; +the bug had appeared in 1.25.1. + + + + + +строка "Status" в заголовке ответа бэкенда с пустой поясняющей фразой +обрабатывалась некорректно. + + +the "Status" backend response header line with an empty reason phrase +was handled incorrectly. + + + + + +утечки памяти во время переконфигурации +при использовании библиотеки PCRE2. +Спасибо ZhenZhong Wu. + + +memory leak during reconfiguration +when using the PCRE2 library. +Thanks to ZhenZhong Wu. + + + + + +Исправления и улучшения в HTTP/3. + + +Bugfixes and improvements in HTTP/3. + + + + + + ___ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] release-1.25.3 tag
details: https://hg.nginx.org/nginx/rev/25a2efd97a3e branches: changeset: 9182:25a2efd97a3e user: Maxim Dounin date: Tue Oct 24 16:46:47 2023 +0300 description: release-1.25.3 tag diffstat: .hgtags | 1 + 1 файлов изменено, 1 вставок(+), 0 удалений(-) различия (8 строк): diff -r 294a3d07234f -r 25a2efd97a3e .hgtags --- a/.hgtags Tue Oct 24 16:46:46 2023 +0300 +++ b/.hgtags Tue Oct 24 16:46:47 2023 +0300 @@ -475,3 +475,4 @@ ac779115ed6ee4f3039e9aea414a54e560450ee2 12dcf92b0c2c68552398f19644ce3104459807d7 release-1.25.0 f8134640e8615448205785cf00b0bc810489b495 release-1.25.1 1d839f05409d1a50d0f15a2bf36547001f99ae40 release-1.25.2 +294a3d07234f8f65d7b0e0b0e2c5b05c12c5da0a release-1.25.3 ___ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] Updated OpenSSL and zlib used for win32 builds.
details: https://hg.nginx.org/nginx/rev/782535848b3e branches: changeset: 9180:782535848b3e user: Maxim Dounin date: Mon Oct 23 21:50:26 2023 +0300 description: Updated OpenSSL and zlib used for win32 builds. diffstat: misc/GNUmakefile | 4 ++-- 1 файлов изменено, 2 вставок(+), 2 удалений(-) различия (14 строк): diff -r ea1f29c2010c -r 782535848b3e misc/GNUmakefile --- a/misc/GNUmakefile Sat Oct 21 18:48:24 2023 +0400 +++ b/misc/GNUmakefile Mon Oct 23 21:50:26 2023 +0300 @@ -6,8 +6,8 @@ TEMP = tmp CC = cl OBJS = objs.msvc8 -OPENSSL = openssl-3.0.10 -ZLIB = zlib-1.2.13 +OPENSSL = openssl-3.0.11 +ZLIB = zlib-1.3 PCRE = pcre2-10.39 ___ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
[PATCH] Linux packages: removed Ubuntu 22.10 'kinetic' due to EOL
# HG changeset patch # User Konstantin Pavlov # Date 1695420683 25200 # Fri Sep 22 15:11:23 2023 -0700 # Node ID 1ad61bfc7630adf1d6460cf84cec484de4017326 # Parent ac4191d05fdf12dbc977a3a26dfde2799d301283 Linux packages: removed Ubuntu 22.10 'kinetic' due to EOL. diff -r ac4191d05fdf -r 1ad61bfc7630 xml/en/linux_packages.xml --- a/xml/en/linux_packages.xml Thu Sep 14 21:20:14 2023 +0100 +++ b/xml/en/linux_packages.xml Fri Sep 22 15:11:23 2023 -0700 @@ -7,7 +7,7 @@ + rev="90"> @@ -88,11 +88,6 @@ versions: -22.10 “kinetic” -x86_64, aarch64/arm64 - - - 23.04 “lunar” x86_64, aarch64/arm64 diff -r ac4191d05fdf -r 1ad61bfc7630 xml/ru/linux_packages.xml --- a/xml/ru/linux_packages.xml Thu Sep 14 21:20:14 2023 +0100 +++ b/xml/ru/linux_packages.xml Fri Sep 22 15:11:23 2023 -0700 @@ -7,7 +7,7 @@ + rev="90"> @@ -88,11 +88,6 @@ -22.10 “kinetic” -x86_64, aarch64/arm64 - - - 23.04 “lunar” x86_64, aarch64/arm64 ___ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] release-1.25.2 tag
details: https://hg.nginx.org/nginx/rev/44536076405c branches: changeset: 9150:44536076405c user: Maxim Dounin date: Tue Aug 15 20:03:04 2023 +0300 description: release-1.25.2 tag diffstat: .hgtags | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diffs (8 lines): diff -r 1d839f05409d -r 44536076405c .hgtags --- a/.hgtags Tue Aug 15 20:03:04 2023 +0300 +++ b/.hgtags Tue Aug 15 20:03:04 2023 +0300 @@ -474,3 +474,4 @@ ff3afd1ce6a6b65057741df442adfaa71a0e2588 ac779115ed6ee4f3039e9aea414a54e560450ee2 release-1.23.4 12dcf92b0c2c68552398f19644ce3104459807d7 release-1.25.0 f8134640e8615448205785cf00b0bc810489b495 release-1.25.1 +1d839f05409d1a50d0f15a2bf36547001f99ae40 release-1.25.2 ___ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] nginx-1.25.2-RELEASE
details: https://hg.nginx.org/nginx/rev/1d839f05409d branches: changeset: 9149:1d839f05409d user: Maxim Dounin date: Tue Aug 15 20:03:04 2023 +0300 description: nginx-1.25.2-RELEASE diffstat: docs/xml/nginx/changes.xml | 65 ++ 1 files changed, 65 insertions(+), 0 deletions(-) diffs (75 lines): diff -r f101bccb38e1 -r 1d839f05409d docs/xml/nginx/changes.xml --- a/docs/xml/nginx/changes.xmlTue Aug 15 18:10:50 2023 +0300 +++ b/docs/xml/nginx/changes.xmlTue Aug 15 20:03:04 2023 +0300 @@ -5,6 +5,71 @@ + + + + +path MTU discovery при использовании HTTP/3. + + +path MTU discovery when using HTTP/3. + + + + + +поддержка шифра TLS_AES_128_CCM_SHA256 при использовании HTTP/3. + + +TLS_AES_128_CCM_SHA256 cipher suite support when using HTTP/3. + + + + + +теперь при загрузке конфигурации OpenSSL +nginx использует appname "nginx". + + +now nginx uses appname "nginx" +when loading OpenSSL configuration. + + + + + +теперь nginx не пытается загружать конфигурацию OpenSSL, +если для сборки OpenSSL использовался параметр --with-openssl +и переменная окружения OPENSSL_CONF не установлена. + + +now nginx does not try to load OpenSSL configuration +if the --with-openssl option was used to built OpenSSL +and the OPENSSL_CONF environment variable is not set. + + + + + +в переменной $body_bytes_sent при использовании HTTP/3. + + +in the $body_bytes_sent variable when using HTTP/3. + + + + + +в HTTP/3. + + +in HTTP/3. + + + + + + ___ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] Updated OpenSSL used for win32 builds.
details: https://hg.nginx.org/nginx/rev/f101bccb38e1 branches: changeset: 9148:f101bccb38e1 user: Maxim Dounin date: Tue Aug 15 18:10:50 2023 +0300 description: Updated OpenSSL used for win32 builds. diffstat: misc/GNUmakefile | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diffs (21 lines): diff -r 58afcd72446f -r f101bccb38e1 misc/GNUmakefile --- a/misc/GNUmakefile Mon Aug 14 09:21:27 2023 +0400 +++ b/misc/GNUmakefile Tue Aug 15 18:10:50 2023 +0300 @@ -6,7 +6,7 @@ TEMP = tmp CC = cl OBJS = objs.msvc8 -OPENSSL = openssl-1.1.1t +OPENSSL = openssl-3.0.10 ZLIB = zlib-1.2.13 PCRE = pcre2-10.39 @@ -105,7 +105,7 @@ zip: export $(MAKE) -f docs/GNUmakefile changes mv $(TEMP)/$(NGINX)/CHANGES* $(TEMP)/$(NGINX)/docs/ - cp -p $(OBJS)/lib/$(OPENSSL)/LICENSE\ + cp -p $(OBJS)/lib/$(OPENSSL)/LICENSE.txt\ $(TEMP)/$(NGINX)/docs/OpenSSL.LICENSE cp -p $(OBJS)/lib/$(PCRE)/LICENCE \ ___ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: Ubuntu repo update warns about skipping i386 packages on amd64 machine.
Hi aslamK! On 13/07/2023 1:26 PM, aslamK wrote: In Ubuntu 22.04 (amd64), 'apt update' reports the following: N: Skipping acquire of configured file 'nginx/binary-i386/Packages' as repository 'http://nginx.org/packages/ubuntu jammy InRelease' doesn't support architecture 'i386' To add the repo, I followed the directions at http://nginx.org/en/linux_packages.html#Ubuntu. I realize it's only a warning and likely can be safely ignored, at least on amd64 machines. If so, perhaps it can be suppressed based on the architecture – unless this has to do with the local apt config, in which case what are the relevant groups/options/values? Looks like you have a foreign dpkg architecture enabled (i386) on an amd64 host. You may check it with `dpkg --print-foreign-architectures`. If that's true, you can add arch=amd64 to sources.d/nginx.list options, so it will look similar to: deb [arch=amd64 signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/ubuntu jammy nginx Have a good one, ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx
[PATCH] Linux packages: actualized supported Alpine Linux versions
# HG changeset patch # User Konstantin Pavlov # Date 1686966791 25200 # Fri Jun 16 18:53:11 2023 -0700 # Node ID c80a7cb452e83963d5f798a5c7787ac600978dd3 # Parent c1b9ab38ff090483026eabf934d4b06107aced55 Linux packages: actualized supported Alpine Linux versions. diff -r c1b9ab38ff09 -r c80a7cb452e8 xml/en/linux_packages.xml --- a/xml/en/linux_packages.xml Tue Jun 13 19:24:58 2023 +0100 +++ b/xml/en/linux_packages.xml Fri Jun 16 18:53:11 2023 -0700 @@ -7,7 +7,7 @@ + rev="89"> @@ -134,11 +134,6 @@ versions: -3.14 -x86_64, aarch64/arm64 - - - 3.15 x86_64, aarch64/arm64 @@ -153,6 +148,11 @@ versions: x86_64, aarch64/arm64 + +3.18 +x86_64, aarch64/arm64 + + diff -r c1b9ab38ff09 -r c80a7cb452e8 xml/ru/linux_packages.xml --- a/xml/ru/linux_packages.xml Tue Jun 13 19:24:58 2023 +0100 +++ b/xml/ru/linux_packages.xml Fri Jun 16 18:53:11 2023 -0700 @@ -7,7 +7,7 @@ + rev="89"> @@ -134,11 +134,6 @@ -3.14 -x86_64, aarch64/arm64 - - - 3.15 x86_64, aarch64/arm64 @@ -153,6 +148,11 @@ x86_64, aarch64/arm64 + +3.18 +x86_64, aarch64/arm64 + + ___ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] release-1.25.1 tag
details: https://hg.nginx.org/nginx/rev/5b8854a2f79c branches: changeset: 9124:5b8854a2f79c user: Maxim Dounin date: Tue Jun 13 18:08:10 2023 +0300 description: release-1.25.1 tag diffstat: .hgtags | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diffs (8 lines): diff -r f8134640e861 -r 5b8854a2f79c .hgtags --- a/.hgtags Tue Jun 13 18:08:09 2023 +0300 +++ b/.hgtags Tue Jun 13 18:08:10 2023 +0300 @@ -473,3 +473,4 @@ aa901551a7ebad1e8b0f8c11cb44e3424ba29707 ff3afd1ce6a6b65057741df442adfaa71a0e2588 release-1.23.3 ac779115ed6ee4f3039e9aea414a54e560450ee2 release-1.23.4 12dcf92b0c2c68552398f19644ce3104459807d7 release-1.25.0 +f8134640e8615448205785cf00b0bc810489b495 release-1.25.1 ___ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] nginx-1.25.1-RELEASE
details: https://hg.nginx.org/nginx/rev/f8134640e861 branches: changeset: 9123:f8134640e861 user: Maxim Dounin date: Tue Jun 13 18:08:09 2023 +0300 description: nginx-1.25.1-RELEASE diffstat: docs/xml/nginx/changes.xml | 43 +++ 1 files changed, 43 insertions(+), 0 deletions(-) diffs (53 lines): diff -r a32905d6fc10 -r f8134640e861 docs/xml/nginx/changes.xml --- a/docs/xml/nginx/changes.xmlMon Jun 12 23:38:56 2023 +0400 +++ b/docs/xml/nginx/changes.xmlTue Jun 13 18:08:09 2023 +0300 @@ -5,6 +5,49 @@ + + + + +директива http2, позволяющая включать HTTP/2 в отдельных блоках server; +параметр http2 директивы listen объявлен устаревшим. + + +the "http2" directive, which enables HTTP/2 on a per-server basis; +the "http2" parameter of the "listen" directive is now deprecated. + + + + + +поддержка HTTP/2 server push упразднена. + + +HTTP/2 server push support has been removed. + + + + + +устаревшая директива ssl больше не поддерживается. + + +the deprecated "ssl" directive is not supported anymore. + + + + + +в HTTP/3 при использовании OpenSSL. + + +in HTTP/3 when using OpenSSL. + + + + + + ___ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
[PATCH] Linux packages: added Debian 12 "bookworm"
# HG changeset patch # User Konstantin Pavlov # Date 1686346579 25200 # Fri Jun 09 14:36:19 2023 -0700 # Node ID 2fa6471cd138071038f055031a7a379a7e9ab108 # Parent b81a26d7aa2a0b0870c11ce13415a1a21fc12c5d Linux packages: added Debian 12 "bookworm". diff -r b81a26d7aa2a -r 2fa6471cd138 xml/en/linux_packages.xml --- a/xml/en/linux_packages.xml Wed Jun 07 14:21:31 2023 +0400 +++ b/xml/en/linux_packages.xml Fri Jun 09 14:36:19 2023 -0700 @@ -7,7 +7,7 @@ + rev="88"> @@ -59,6 +59,11 @@ versions: x86_64, aarch64/arm64 + +12.x “bookworm” +x86_64, aarch64/arm64 + + diff -r b81a26d7aa2a -r 2fa6471cd138 xml/ru/linux_packages.xml --- a/xml/ru/linux_packages.xml Wed Jun 07 14:21:31 2023 +0400 +++ b/xml/ru/linux_packages.xml Fri Jun 09 14:36:19 2023 -0700 @@ -7,7 +7,7 @@ + rev="88"> @@ -59,6 +59,11 @@ x86_64, aarch64/arm64 + +12.x “bookworm” +x86_64, aarch64/arm64 + + ___ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
[PATCH] Linux packages: removed Ubuntu 18.04 'bionic' due to EOL
# HG changeset patch # User Konstantin Pavlov # Date 1685569850 25200 # Wed May 31 14:50:50 2023 -0700 # Node ID 203f32f5373458548931a706e728fdf94daa6a77 # Parent 7e7cd9f0cc41481fa6c1b3bc578af2da1cfbd866 Linux packages: removed Ubuntu 18.04 'bionic' due to EOL. diff -r 7e7cd9f0cc41 -r 203f32f53734 xml/en/linux_packages.xml --- a/xml/en/linux_packages.xml Wed May 10 13:51:55 2023 +0100 +++ b/xml/en/linux_packages.xml Wed May 31 14:50:50 2023 -0700 @@ -7,7 +7,7 @@ + rev="87"> @@ -73,11 +73,6 @@ versions: -18.04 “bionic” -x86_64, aarch64/arm64 - - - 20.04 “focal” x86_64, aarch64/arm64, s390x diff -r 7e7cd9f0cc41 -r 203f32f53734 xml/ru/linux_packages.xml --- a/xml/ru/linux_packages.xml Wed May 10 13:51:55 2023 +0100 +++ b/xml/ru/linux_packages.xml Wed May 31 14:50:50 2023 -0700 @@ -7,7 +7,7 @@ + rev="87"> @@ -73,11 +73,6 @@ -18.04 “bionic” -x86_64, aarch64/arm64 - - - 20.04 “focal” x86_64, aarch64/arm64, s390x ___ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
[PATCH] Linux packages: documented lack of HTTP/3 support for older distros
# HG changeset patch # User Konstantin Pavlov # Date 1684878839 25200 # Tue May 23 14:53:59 2023 -0700 # Node ID 3ba229c95e50b7a422f8a61db7560d40bc6524db # Parent 46b1da35ceeb697431de877cf43681b186617335 Linux packages: documented lack of HTTP/3 support for older distros. diff -r 46b1da35ceeb -r 3ba229c95e50 xml/en/linux_packages.xml --- a/xml/en/linux_packages.xml Tue May 23 19:36:24 2023 +0300 +++ b/xml/en/linux_packages.xml Tue May 23 14:53:59 2023 -0700 @@ -7,7 +7,7 @@ + rev="86"> @@ -179,6 +179,12 @@ versions: + +Packages for RHEL 7 and SLES 12 are built without +HTTP/3 support +because OpenSSL used by those doesn't support TLSv1.3. + + diff -r 46b1da35ceeb -r 3ba229c95e50 xml/ru/linux_packages.xml --- a/xml/ru/linux_packages.xml Tue May 23 19:36:24 2023 +0300 +++ b/xml/ru/linux_packages.xml Tue May 23 14:53:59 2023 -0700 @@ -7,7 +7,7 @@ + rev="86"> @@ -179,6 +179,12 @@ + +Пакеты для RHEL 7 и SLES 12 собраны без +поддержки HTTP/3, +так как OpenSSL, используемая в этих дистрибутивах, не поддерживает TLSv1.3. + + ___ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] nginx-1.25.0-RELEASE
details: https://hg.nginx.org/nginx/rev/12dcf92b0c2c branches: changeset: 9115:12dcf92b0c2c user: Maxim Dounin date: Tue May 23 18:08:19 2023 +0300 description: nginx-1.25.0-RELEASE diffstat: docs/xml/nginx/changes.xml | 14 ++ 1 files changed, 14 insertions(+), 0 deletions(-) diffs (24 lines): diff -r bddd3f76e3e5 -r 12dcf92b0c2c docs/xml/nginx/changes.xml --- a/docs/xml/nginx/changes.xmlTue May 23 00:45:18 2023 +0400 +++ b/docs/xml/nginx/changes.xmlTue May 23 18:08:19 2023 +0300 @@ -5,6 +5,20 @@ + + + + +экспериментальная поддержка HTTP/3. + + +experimental HTTP/3 support. + + + + + + ___ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] release-1.25.0 tag
details: https://hg.nginx.org/nginx/rev/8eae1b4f1c55 branches: changeset: 9116:8eae1b4f1c55 user: Maxim Dounin date: Tue May 23 18:08:20 2023 +0300 description: release-1.25.0 tag diffstat: .hgtags | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diffs (8 lines): diff -r 12dcf92b0c2c -r 8eae1b4f1c55 .hgtags --- a/.hgtags Tue May 23 18:08:19 2023 +0300 +++ b/.hgtags Tue May 23 18:08:20 2023 +0300 @@ -472,3 +472,4 @@ a63d0a70afea96813ba6667997bc7d68b5863f0d aa901551a7ebad1e8b0f8c11cb44e3424ba29707 release-1.23.2 ff3afd1ce6a6b65057741df442adfaa71a0e2588 release-1.23.3 ac779115ed6ee4f3039e9aea414a54e560450ee2 release-1.23.4 +12dcf92b0c2c68552398f19644ce3104459807d7 release-1.25.0 ___ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
[PATCH] Linux packages: added Ubuntu 23.04 "lunar"
# HG changeset patch # User Konstantin Pavlov # Date 1683770379 25200 # Wed May 10 18:59:39 2023 -0700 # Node ID e53e7065223e4ede0fdcb4872ae3be39197d8c04 # Parent 2baa5da77e6933c9945834fdeabd71e0ed6c0ff2 Linux packages: added Ubuntu 23.04 "lunar". diff -r 2baa5da77e69 -r e53e7065223e xml/en/linux_packages.xml --- a/xml/en/linux_packages.xml Mon Mar 27 16:25:44 2023 -0700 +++ b/xml/en/linux_packages.xml Wed May 10 18:59:39 2023 -0700 @@ -7,7 +7,7 @@ + rev="85"> @@ -92,6 +92,11 @@ versions: x86_64, aarch64/arm64 + +23.04 “lunar” +x86_64, aarch64/arm64 + + diff -r 2baa5da77e69 -r e53e7065223e xml/ru/linux_packages.xml --- a/xml/ru/linux_packages.xml Mon Mar 27 16:25:44 2023 -0700 +++ b/xml/ru/linux_packages.xml Wed May 10 18:59:39 2023 -0700 @@ -7,7 +7,7 @@ + rev="85"> @@ -92,6 +92,11 @@ x86_64, aarch64/arm64 + +23.04 “lunar” +x86_64, aarch64/arm64 + + ___ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] nginx-1.24.0-RELEASE
details: https://hg.nginx.org/nginx/rev/420f96a6f7ac branches: stable-1.24 changeset: 8158:420f96a6f7ac user: Maxim Dounin date: Tue Apr 11 04:45:34 2023 +0300 description: nginx-1.24.0-RELEASE diffstat: docs/xml/nginx/changes.xml | 14 ++ 1 files changed, 14 insertions(+), 0 deletions(-) diffs (24 lines): diff -r 05cf7574d94b -r 420f96a6f7ac docs/xml/nginx/changes.xml --- a/docs/xml/nginx/changes.xmlTue Apr 11 04:41:40 2023 +0300 +++ b/docs/xml/nginx/changes.xmlTue Apr 11 04:45:34 2023 +0300 @@ -5,6 +5,20 @@ + + + + +Стабильная ветка 1.24.x. + + +1.24.x stable branch. + + + + + + ___ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] release-1.24.0 tag
details: https://hg.nginx.org/nginx/rev/a4bbb03659db branches: stable-1.24 changeset: 8159:a4bbb03659db user: Maxim Dounin date: Tue Apr 11 04:45:34 2023 +0300 description: release-1.24.0 tag diffstat: .hgtags | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diffs (8 lines): diff -r 420f96a6f7ac -r a4bbb03659db .hgtags --- a/.hgtags Tue Apr 11 04:45:34 2023 +0300 +++ b/.hgtags Tue Apr 11 04:45:34 2023 +0300 @@ -472,3 +472,4 @@ a63d0a70afea96813ba6667997bc7d68b5863f0d aa901551a7ebad1e8b0f8c11cb44e3424ba29707 release-1.23.2 ff3afd1ce6a6b65057741df442adfaa71a0e2588 release-1.23.3 ac779115ed6ee4f3039e9aea414a54e560450ee2 release-1.23.4 +420f96a6f7ac612b2b11750139cf8f4959803717 release-1.24.0 ___ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] Stable branch.
details: https://hg.nginx.org/nginx/rev/05cf7574d94b branches: stable-1.24 changeset: 8157:05cf7574d94b user: Maxim Dounin date: Tue Apr 11 04:41:40 2023 +0300 description: Stable branch. diffstat: src/core/nginx.h | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diffs (14 lines): diff -r 5f1d05a21287 -r 05cf7574d94b src/core/nginx.h --- a/src/core/nginx.h Tue Mar 28 18:01:54 2023 +0300 +++ b/src/core/nginx.h Tue Apr 11 04:41:40 2023 +0300 @@ -9,8 +9,8 @@ #define _NGINX_H_INCLUDED_ -#define nginx_version 1023004 -#define NGINX_VERSION "1.23.4" +#define nginx_version 1024000 +#define NGINX_VERSION "1.24.0" #define NGINX_VER "nginx/" NGINX_VERSION #ifdef NGX_BUILD ___ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] release-1.23.4 tag
details: https://hg.nginx.org/nginx/rev/5f1d05a21287 branches: changeset: 8156:5f1d05a21287 user: Maxim Dounin date: Tue Mar 28 18:01:54 2023 +0300 description: release-1.23.4 tag diffstat: .hgtags | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diffs (8 lines): diff -r ac779115ed6e -r 5f1d05a21287 .hgtags --- a/.hgtags Tue Mar 28 18:01:53 2023 +0300 +++ b/.hgtags Tue Mar 28 18:01:54 2023 +0300 @@ -471,3 +471,4 @@ 5da2c0902e8e2aa4534008a582a60c61c135960e a63d0a70afea96813ba6667997bc7d68b5863f0d release-1.23.1 aa901551a7ebad1e8b0f8c11cb44e3424ba29707 release-1.23.2 ff3afd1ce6a6b65057741df442adfaa71a0e2588 release-1.23.3 +ac779115ed6ee4f3039e9aea414a54e560450ee2 release-1.23.4 ___ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] nginx-1.23.4-RELEASE
details: https://hg.nginx.org/nginx/rev/ac779115ed6e branches: changeset: 8155:ac779115ed6e user: Maxim Dounin date: Tue Mar 28 18:01:53 2023 +0300 description: nginx-1.23.4-RELEASE diffstat: docs/xml/nginx/changes.xml | 157 + 1 files changed, 157 insertions(+), 0 deletions(-) diffs (167 lines): diff -r 09a4fd35 -r ac779115ed6e docs/xml/nginx/changes.xml --- a/docs/xml/nginx/changes.xmlTue Mar 28 02:25:55 2023 +0300 +++ b/docs/xml/nginx/changes.xmlTue Mar 28 18:01:53 2023 +0300 @@ -5,6 +5,163 @@ + + + + +теперь протокол TLSv1.3 разрешён по умолчанию. + + +now TLSv1.3 protocol is enabled by default. + + + + + +теперь nginx выдаёт предупреждение +при переопределении параметров listen-сокета, задающих используемые протоколы. + + +now nginx issues a warning +if protocol parameters of a listening socket are redefined. + + + + + +теперь, если клиент использует pipelining, +nginx закрывает соединения с ожиданием дополнительных данных (lingering close). + + +now nginx closes connections with lingering +if pipelining was used by the client. + + + + + +поддержка byte ranges для ответов модуля ngx_http_gzip_static_module. + + +byte ranges support in the ngx_http_gzip_static_module. + + + + + +диапазоны портов в директиве listen не работали; +ошибка появилась в 1.23.3. +Спасибо Валентину Бартеневу. + + +port ranges in the "listen" directive did not work; +the bug had appeared in 1.23.3. +Thanks to Valentin Bartenev. + + + + + +для обработки запроса мог быть выбран неверный location, +если в конфигурации использовался +префиксный location длиннее 255 символов. + + +incorrect location might be chosen to process a request +if a prefix location longer than 255 characters +was used in the configuration. + + + + + +не-ASCII символы в именах файлов на Windows +не поддерживались модулями ngx_http_autoindex_module и +ngx_http_dav_module, а также директивой include. + + +non-ASCII characters in file names on Windows were not supported +by the ngx_http_autoindex_module, the ngx_http_dav_module, +and the "include" directive. + + + + + +уровень логгирования ошибок SSL +"data length too long", "length too short", "bad legacy version", +"no shared signature algorithms", "bad digest length", +"missing sigalgs extension", "encrypted length too long", +"bad length", "bad key update", "mixed handshake and non handshake data", +"ccs received early", "data between ccs and finished", +"packet length too long", "too many warn alerts", "record too small", +и "got a fin before a ccs" +понижен с уровня crit до info. + + +the logging level of the +"data length too long", "length too short", "bad legacy version", +"no shared signature algorithms", "bad digest length", +"missing sigalgs extension", "encrypted length too long", +"bad length", "bad key update", "mixed handshake and non handshake data", +"ccs received early", "data between ccs and finished", +"packet length too long", "too many warn alerts", "record too small", +and "got a fin before a ccs" SSL errors +has been lowered from "crit" to "info". + + + + + +при использовании HTTP/2 и директивы error_page +для перенаправления ошибок с кодом 400 +могла происходить утечка сокетов. + + +a socket leak might occur +when using HTTP/2 and the "error_page" directive +to redirect errors with code 400. + + + + + +сообщения об ошибках записи в syslog +не содержали информации о том, что +ошибки происходили в процессе записи в syslog. +Спасибо Safar Safarly. + + +messages about logging to syslog errors +did not contain information +that the errors happened while logging to syslog. +Thanks to Safar Safarly. + + + + + +при использовании zlib-ng +в логах появлялись сообщения "gzip filter failed to use preallocated memory". + + +"gzip filter failed to use preallocated memory" alerts appeared in logs +when using zlib-ng. + + + + + +в почтовом прокси-сервере. + + +in the mail proxy server. + + + + + + ___ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] Updated OpenSSL used for win32 builds.
details: https://hg.nginx.org/nginx/rev/09a4fd35 branches: changeset: 8154:09a4fd35 user: Maxim Dounin date: Tue Mar 28 02:25:55 2023 +0300 description: Updated OpenSSL used for win32 builds. diffstat: misc/GNUmakefile | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diffs (12 lines): diff -r fcb2333c9982 -r 09a4fd35 misc/GNUmakefile --- a/misc/GNUmakefile Mon Mar 27 21:25:05 2023 +0300 +++ b/misc/GNUmakefile Tue Mar 28 02:25:55 2023 +0300 @@ -6,7 +6,7 @@ TEMP = tmp CC = cl OBJS = objs.msvc8 -OPENSSL = openssl-1.1.1s +OPENSSL = openssl-1.1.1t ZLIB = zlib-1.2.13 PCRE = pcre2-10.39 ___ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
[PATCH] Linux packages: specified priority for Amazon Linux
# HG changeset patch # User Konstantin Pavlov # Date 1679959544 25200 # Mon Mar 27 16:25:44 2023 -0700 # Node ID 9741a500247ec50eaf5a4043a270fc097e0345c1 # Parent 23d3cabaab95fb09ea40f113759f4eaed99ec9d7 Linux packages: specified priority for Amazon Linux. This makes nginx.org repositories preferred when installing nginx packages. Currently, both Amazon Linux 2 and 2023 repositories have a priority of 10, so any number lower than that makes our packages preferred. diff -r 23d3cabaab95 -r 9741a500247e xml/en/linux_packages.xml --- a/xml/en/linux_packages.xml Mon Mar 20 11:20:57 2023 -0700 +++ b/xml/en/linux_packages.xml Mon Mar 27 16:25:44 2023 -0700 @@ -7,7 +7,7 @@ + rev="84"> @@ -548,6 +548,7 @@ gpgcheck=1 enabled=1 gpgkey=https://nginx.org/keys/nginx_signing.key module_hotfixes=true +priority=9 [nginx-mainline] name=nginx mainline repo @@ -556,6 +557,7 @@ gpgcheck=1 enabled=0 gpgkey=https://nginx.org/keys/nginx_signing.key module_hotfixes=true +priority=9 To set up the yum repository for Amazon Linux 2023, create the file named @@ -570,6 +572,7 @@ gpgcheck=1 enabled=1 gpgkey=https://nginx.org/keys/nginx_signing.key module_hotfixes=true +priority=9 [nginx-mainline] name=nginx mainline repo @@ -578,6 +581,7 @@ gpgcheck=1 enabled=0 gpgkey=https://nginx.org/keys/nginx_signing.key module_hotfixes=true +priority=9 By default, the repository for stable nginx packages is used. diff -r 23d3cabaab95 -r 9741a500247e xml/ru/linux_packages.xml --- a/xml/ru/linux_packages.xml Mon Mar 20 11:20:57 2023 -0700 +++ b/xml/ru/linux_packages.xml Mon Mar 27 16:25:44 2023 -0700 @@ -7,7 +7,7 @@ + rev="84"> @@ -545,6 +545,7 @@ gpgcheck=1 enabled=1 gpgkey=https://nginx.org/keys/nginx_signing.key module_hotfixes=true +priority=9 [nginx-mainline] name=nginx mainline repo @@ -553,6 +554,7 @@ gpgcheck=1 enabled=0 gpgkey=https://nginx.org/keys/nginx_signing.key module_hotfixes=true +priority=9 Для подключения yum-репозитория для Amazon Linux 2023 создайте файл с именем @@ -567,6 +569,7 @@ gpgcheck=1 enabled=1 gpgkey=https://nginx.org/keys/nginx_signing.key module_hotfixes=true +priority=9 [nginx-mainline] name=nginx mainline repo @@ -575,6 +578,7 @@ gpgcheck=1 enabled=0 gpgkey=https://nginx.org/keys/nginx_signing.key module_hotfixes=true +priority=9 По умолчанию используется репозиторий для стабильной версии nginx. ___ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
[PATCH] Linux packages: added Amazon Linux 2023
# HG changeset patch # User Konstantin Pavlov # Date 1679336457 25200 # Mon Mar 20 11:20:57 2023 -0700 # Node ID 23d3cabaab95fb09ea40f113759f4eaed99ec9d7 # Parent 0f468b4e01d67cab96a44e0886dda3180104ae1a Linux packages: added Amazon Linux 2023. diff -r 0f468b4e01d6 -r 23d3cabaab95 xml/en/linux_packages.xml --- a/xml/en/linux_packages.xml Thu Mar 09 22:20:24 2023 + +++ b/xml/en/linux_packages.xml Mon Mar 20 11:20:57 2023 -0700 @@ -7,7 +7,7 @@ + rev="83"> @@ -166,6 +166,11 @@ versions: x86_64, aarch64/arm64 + +2023 +x86_64, aarch64/arm64 + + @@ -531,7 +536,7 @@ Install the prerequisites: sudo yum install yum-utils -To set up the yum repository, create the file named +To set up the yum repository for Amazon Linux 2, create the file named /etc/yum.repos.d/nginx.repo with the following contents: @@ -553,6 +558,28 @@ gpgkey=https://nginx.org/keys/nginx_sign module_hotfixes=true +To set up the yum repository for Amazon Linux 2023, create the file named +/etc/yum.repos.d/nginx.repo +with the following contents: + + +[nginx-stable] +name=nginx stable repo +baseurl=http://nginx.org/packages/amzn/2023/$basearch/ +gpgcheck=1 +enabled=1 +gpgkey=https://nginx.org/keys/nginx_signing.key +module_hotfixes=true + +[nginx-mainline] +name=nginx mainline repo +baseurl=http://nginx.org/packages/mainline/amzn/2023/$basearch/ +gpgcheck=1 +enabled=0 +gpgkey=https://nginx.org/keys/nginx_signing.key +module_hotfixes=true + + By default, the repository for stable nginx packages is used. If you would like to use mainline nginx packages, run the following command: diff -r 0f468b4e01d6 -r 23d3cabaab95 xml/ru/linux_packages.xml --- a/xml/ru/linux_packages.xml Thu Mar 09 22:20:24 2023 + +++ b/xml/ru/linux_packages.xml Mon Mar 20 11:20:57 2023 -0700 @@ -7,7 +7,7 @@ + rev="83"> @@ -166,6 +166,11 @@ x86_64, aarch64/arm64 + +2023 +x86_64, aarch64/arm64 + + @@ -528,7 +533,7 @@ sudo apk add nginx-module-image-filter@n sudo yum install yum-utils -Для подключения yum-репозитория создайте файл с именем +Для подключения yum-репозитория для Amazon Linux 2 создайте файл с именем /etc/yum.repos.d/nginx.repo со следующим содержимым: @@ -550,6 +555,28 @@ gpgkey=https://nginx.org/keys/nginx_sign module_hotfixes=true +Для подключения yum-репозитория для Amazon Linux 2023 создайте файл с именем +/etc/yum.repos.d/nginx.repo +со следующим содержимым: + + +[nginx-stable] +name=nginx stable repo +baseurl=http://nginx.org/packages/amzn/2023/$basearch/ +gpgcheck=1 +enabled=1 +gpgkey=https://nginx.org/keys/nginx_signing.key +module_hotfixes=true + +[nginx-mainline] +name=nginx mainline repo +baseurl=http://nginx.org/packages/mainline/amzn/2023/$basearch/ +gpgcheck=1 +enabled=0 +gpgkey=https://nginx.org/keys/nginx_signing.key +module_hotfixes=true + + По умолчанию используется репозиторий для стабильной версии nginx. Если предпочтительно использовать пакеты для основной версии nginx, выполните следующую команду: ___ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: [njs] Added pkg-config-based libxml2 detection.
Hi Alejandro, On 30/01/2023 5:52 PM, Alejandro Colomar wrote: Hi Konstantin! On 1/31/23 01:52, Konstantin Pavlov wrote: details: https://hg.nginx.org/njs/rev/c789bb7313d4 branches: changeset: 2030:c789bb7313d4 user: Konstantin Pavlov date: Fri Jan 27 15:10:57 2023 -0800 description: Added pkg-config-based libxml2 detection. diffstat: auto/libxml2 | 26 +- 1 files changed, 21 insertions(+), 5 deletions(-) diffs (45 lines): diff -r b0f3bc578f08 -r c789bb7313d4 auto/libxml2 --- a/auto/libxml2 Fri Jan 27 15:08:41 2023 -0800 +++ b/auto/libxml2 Fri Jan 27 15:10:57 2023 -0800 @@ -6,12 +6,8 @@ NJS_HAVE_LIBXML2=NO if [ $NJS_LIBXML2 = YES ]; then njs_found=no - - njs_feature="libxml2" njs_feature_name=NJS_HAVE_LIBXML2 njs_feature_run=no - njs_feature_incs="/usr/include/libxml2" - njs_feature_libs="-lxml2" njs_feature_test="#include #include @@ -22,7 +18,27 @@ if [ $NJS_LIBXML2 = YES ]; then xmlCleanupParser(); return 0; }" - . auto/feature + + + if /bin/sh -c "(pkg-config libxml-2.0 --exists)" >> $NJS_AUTOCONF_ERR 2>&1; then + + # pkg-config + + njs_feature="libxml2 via pkg-config" + njs_feature_incs=`pkg-config libxml-2.0 --cflags | sed -n -e 's/.*-I *\([^ ][^ ]*\).*/\1/p'` I think you want -‐cflags‐only‐I I'm not sure if it has any portability issues to old versions of pkg-config maybe? Do you mean so pkg-config only outputs -I/foo/bar but not any non-I parts of cflags like -Dfoo if any? Maybe. Not sure it's a big deal though? ___ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
[njs] Added pkg-config-based libxml2 detection.
details: https://hg.nginx.org/njs/rev/c789bb7313d4 branches: changeset: 2030:c789bb7313d4 user: Konstantin Pavlov date: Fri Jan 27 15:10:57 2023 -0800 description: Added pkg-config-based libxml2 detection. diffstat: auto/libxml2 | 26 +- 1 files changed, 21 insertions(+), 5 deletions(-) diffs (45 lines): diff -r b0f3bc578f08 -r c789bb7313d4 auto/libxml2 --- a/auto/libxml2 Fri Jan 27 15:08:41 2023 -0800 +++ b/auto/libxml2 Fri Jan 27 15:10:57 2023 -0800 @@ -6,12 +6,8 @@ NJS_HAVE_LIBXML2=NO if [ $NJS_LIBXML2 = YES ]; then njs_found=no - -njs_feature="libxml2" njs_feature_name=NJS_HAVE_LIBXML2 njs_feature_run=no -njs_feature_incs="/usr/include/libxml2" -njs_feature_libs="-lxml2" njs_feature_test="#include #include @@ -22,7 +18,27 @@ if [ $NJS_LIBXML2 = YES ]; then xmlCleanupParser(); return 0; }" -. auto/feature + + +if /bin/sh -c "(pkg-config libxml-2.0 --exists)" >> $NJS_AUTOCONF_ERR 2>&1; then + +# pkg-config + +njs_feature="libxml2 via pkg-config" +njs_feature_incs=`pkg-config libxml-2.0 --cflags | sed -n -e 's/.*-I *\([^ ][^ ]*\).*/\1/p'` +njs_feature_libs=`pkg-config libxml-2.0 --libs` + +. auto/feature +fi + +if [ $njs_found = no ]; then + +njs_feature="libxml2" +njs_feature_incs="/usr/include/libxml2" +njs_feature_libs="-lxml2" + +. auto/feature +fi if [ $njs_found = no ]; then ___ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
[njs] Report libxml2 used for build.
details: https://hg.nginx.org/njs/rev/cba6c332ef5a branches: changeset: 2031:cba6c332ef5a user: Konstantin Pavlov date: Fri Jan 27 15:19:38 2023 -0800 description: Report libxml2 used for build. diffstat: auto/libxml2 | 2 ++ auto/summary | 4 2 files changed, 6 insertions(+), 0 deletions(-) diffs (33 lines): diff -r c789bb7313d4 -r cba6c332ef5a auto/libxml2 --- a/auto/libxml2 Fri Jan 27 15:10:57 2023 -0800 +++ b/auto/libxml2 Fri Jan 27 15:19:38 2023 -0800 @@ -2,6 +2,7 @@ # Copyright (C) Dmitry Volyntsev # Copyright (C) NGINX, Inc. +NJS_LIBXML2_LIB= NJS_HAVE_LIBXML2=NO if [ $NJS_LIBXML2 = YES ]; then @@ -87,6 +88,7 @@ if [ $NJS_LIBXML2 = YES ]; then . auto/feature NJS_HAVE_LIBXML2=YES +NJS_LIBXML2_LIB="$njs_feature_libs" NJS_LIB_INCS="$NJS_LIB_INCS $njs_feature_incs" NJS_LIB_AUX_LIBS="$NJS_LIB_AUX_LIBS $njs_feature_libs" fi diff -r c789bb7313d4 -r cba6c332ef5a auto/summary --- a/auto/summary Fri Jan 27 15:10:57 2023 -0800 +++ b/auto/summary Fri Jan 27 15:19:38 2023 -0800 @@ -22,6 +22,10 @@ if [ $NJS_HAVE_OPENSSL = YES ]; then echo " + using OpenSSL library: $NJS_OPENSSL_LIB" fi +if [ $NJS_HAVE_LIBXML2 = YES ]; then + echo " + using libxml2 library: $NJS_LIBXML2_LIB" +fi + if [ $NJS_HAVE_COMPUTED_GOTO = YES ]; then echo " + using computed goto" fi ___ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
[njs] Added description for --no-libxml2 option.
details: https://hg.nginx.org/njs/rev/b0f3bc578f08 branches: changeset: 2029:b0f3bc578f08 user: Konstantin Pavlov date: Fri Jan 27 15:08:41 2023 -0800 description: Added description for --no-libxml2 option. diffstat: auto/help | 4 1 files changed, 4 insertions(+), 0 deletions(-) diffs (14 lines): diff -r 99b9f83e4d4d -r b0f3bc578f08 auto/help --- a/auto/help Wed Jan 25 21:54:47 2023 -0800 +++ b/auto/help Fri Jan 27 15:08:41 2023 -0800 @@ -35,6 +35,10 @@ default: "$NJS_LD_OPT" enabled OpenSSL dependant code is not built as a part of libnjs.a. + --no-libxml2 disabled libxml2 discovery. When this option is +enabled libxml2 dependant code is not built as a +part of libnjs.a. + --address-sanitizer=YES enables build with address sanitizer, \ default: "$NJS_ADDRESS_SANITIZER" --addr2line=YES enables native function symbolization, \ ___ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: pkg-oss - каков статус этого проекта?
Здравствуйте, Alex,
On 24/01/2023 12:31 PM, Alex Kubyshkin wrote:
Добрый день, Константин!
Спасибо за оперативный ответ!
Вопрос возник в связи с тем, что при попытке использовать его для многих docker
images, которые по идее должны поддерживаться, возникают различные ошибки при
работе скрипта build_module.sh.
Пробовал images:
almalinux:8
almalinux:9
centos:8
registry.access.redhat.com/ubi8/ubi:8.7
rockylinux:8
rockylinux:9
Воспроизвести можно так:
docker run --rm rockylinux:9 bash -c 'yum install -y wget && wget
https://hg.nginx.org/pkg-oss/raw-file/default/build_module.sh && bash build_module.sh
-y -r 20 https://github.com/arut/nginx-rtmp-module.git'
Работоспособность build_module.sh из tip проверяем на современных релизах, для
NGINX Plus R20 система сборки была немного иная. Рекомендую чекаутить версию из
бранча target-plus-r20 для настолько старого релиза - ну или обновиться на
современный, для R27-R28 build_module.sh из tip default'а работать будет.
Да, действительно, на r23 модуль собирается. Но r22 вышел 2.5 года назад всего, что по
меркам сурового энтерпрайза фактически "вчера". Хотелось бы конечно, обратной
совместимости, тем более в данном случае там совсем немного - путь в rpmbuild передается
неверный.
Вероятно, чуть больше - там как минимум changelog'и еще не создаются на
первый взгляд.
Патчи приветствуются.
А патчи как отсылать? Может у вас github/gitlab/bitbucket какой есть для
простоты процесса?
Можно аттачами в nginx-packag...@f5.com - это адрес рассылки со мной и
моими коллегами, которые занимаются пакетированием продуктов NGINX/NGINX
Plus в F5.
К сожалению, репозитория в git-формате для pkg-oss нет (как и другого
web ui вместо hgweb), и не хотелось бы делать зеркало без лишней надобности.
В целом правильный путь - не использовать build_module.sh, а написать Makefile
для нужного модуля и использовать его для своих сборок. Это позволит
кастомизировать свои сборки, например добавлять свои патчи поверх исходников
модуля. См. например
https://hg.nginx.org/pkg-oss/file/tip/rpm/SPECS/Makefile.module-rtmp, но
работать это будет только для современных релизов.
А поподробней где можно почитать про "Makefile для нужного модуля"? Я собираю
кастомный модуль для узкого потребления суровым энтерпрайзом, который как раз на Nginx
Plus сидит. Если есть какой-то не велосипедный путь, рад буду его использовать.
Документации в виде текстового описания, увы, нет.
В целом схема примерно такая: в pkg-oss/rpm/SPECS есть Makefile, который
умеет запускать сборку поддерживаемых пакетов - nginx или модулей. В
случае модулей используются темплейт spec-файла
(nginx-plus-module.spec.in) и наполнение его контентом через нехитрый
sed. В этом же Makefile через include добавляются Makefile'ы для
модулей (Makefile.module-rtmp например), в которых заданы основные
параметры вроде тарболла с исходниками, configure arguments, патчей,
тестов и т.п. сборочной информации.
Для сборки под NGINX Plus достаточно в pkg-oss/rpm/SPECS в бранче для
желаемого релиза (target-plus-rXX, где XX номер релиза) можно сказать
что-то вида:
$ BASE_TARGET=plus MODULE_TARGET=plus make module-rtmp
При этом версия модуля, чексумма, url откуда его качать и т.п. вещи
задаются в pkg-oss/contrib/src/$name/.
В вашем случае, полагаю, будет достаточно держать патчсет с добавлением
rpm/SPECS/Makefile.module-$foo,
contrib/src/$foo/{Makefile,version,SHA512SUMS} и время от времени его
rebase'ить на новые бранчи релизов target-plus-rXX. Если требуется еще
и писать осмысленные changelog'и для пакетов, то стоит добавить и
docs/nginx-module-$foo.xml по аналогии с уже существующими - на его
основне при сборке будет генерироваться changelog, нативный для пакета
(rpm и debian) и добавляться в пакет.
Хорошего дня,
___
nginx-ru mailing list
nginx-ru@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-ru
Re: pkg-oss - каков статус этого проекта?
Здравствуйте, Alex, On 24/01/2023 4:41 AM, Alex Kubyshkin wrote: Добрый день всем! Хотелось бы уточнить, насколько активно развивается pkg-oss для билда модулей? Вполне активно. С некоторых пор на основе pkg-oss (с небольшими изменениями, нерелевантными для самой сборки) мы собираем пакеты модулей для коммерческой версии, предварительно проверяя сборку на опенсорсном релизе. Вопрос возник в связи с тем, что при попытке использовать его для многих docker images, которые по идее должны поддерживаться, возникают различные ошибки при работе скрипта build_module.sh. Пробовал images: almalinux:8 almalinux:9 centos:8 registry.access.redhat.com/ubi8/ubi:8.7 rockylinux:8 rockylinux:9 Воспроизвести можно так: docker run --rm rockylinux:9 bash -c 'yum install -y wget && wget https://hg.nginx.org/pkg-oss/raw-file/default/build_module.sh && bash build_module.sh -y -r 20 https://github.com/arut/nginx-rtmp-module.git' Работоспособность build_module.sh из tip проверяем на современных релизах, для NGINX Plus R20 система сборки была немного иная. Рекомендую чекаутить версию из бранча target-plus-r20 для настолько старого релиза - ну или обновиться на современный, для R27-R28 build_module.sh из tip default'а работать будет. docker run --rm rockylinux:8 bash -c 'yum install -y wget sudo && wget https://hg.nginx.org/pkg-oss/raw-file/target-plus-r20/build_module.sh && bash build_module.sh -y -r 20 https://github.com/arut/nginx-rtmp-module.git' Ну и с девятой версией rockylinux, вероятно, команда должна быть несколько иная, без репозитория EPEL (и, возможно, CRB для некоторых случаев) не обойтись. Но это видимо, не так важно, ибо NGINX Plus для RHEL 9 и деривативов мы собираем начиная с R26. Так же есть вопросы к быстродействию всего процесса, который весьма нестабилен и некоторые его компоненты избыточны и можно оптимизировать его, сократив время сборки на радость всем девопсам. Патчи приветствуются. В целом правильный путь - не использовать build_module.sh, а написать Makefile для нужного модуля и использовать его для своих сборок. Это позволит кастомизировать свои сборки, например добавлять свои патчи поверх исходников модуля. См. например https://hg.nginx.org/pkg-oss/file/tip/rpm/SPECS/Makefile.module-rtmp, но работать это будет только для современных релизов. ___ nginx-ru mailing list nginx-ru@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-ru
[nginx] nginx-1.23.3-RELEASE
details: https://hg.nginx.org/nginx/rev/ff3afd1ce6a6 branches: changeset: 8113:ff3afd1ce6a6 user: Maxim Dounin date: Tue Dec 13 18:53:53 2022 +0300 description: nginx-1.23.3-RELEASE diffstat: docs/xml/nginx/changes.xml | 55 ++ 1 files changed, 55 insertions(+), 0 deletions(-) diffs (65 lines): diff -r 9ed5778f5d4a -r ff3afd1ce6a6 docs/xml/nginx/changes.xml --- a/docs/xml/nginx/changes.xmlTue Dec 13 03:32:57 2022 +0300 +++ b/docs/xml/nginx/changes.xmlTue Dec 13 18:53:53 2022 +0300 @@ -5,6 +5,61 @@ + + + + +при чтении заголовка протокола PROXY версии 2, содержащего +большое количество TLV, могла возникать ошибка. + + +an error might occur when reading PROXY protocol version 2 header +with large number of TLVs. + + + + + +при использовании SSI для обработки подзапросов, созданных другими модулями, +в рабочем процессе мог произойти segmentation fault. +Спасибо Ciel Zhao. + + +a segmentation fault might occur in a worker process +if SSI was used to process subrequests created by other modules. +Thanks to Ciel Zhao. + + + + + +теперь, если при преобразовании в адреса имени хоста, +указанного в директиве listen, возвращается несколько адресов, +nginx игнорирует дубликаты среди этих адресов. + + +when a hostname used in the "listen" directive +resolves to multiple addresses, +nginx now ignores duplicates within these addresses. + + + + + +nginx мог нагружать процессор +при небуферизированном проксировании, +если использовались SSL-соединения с бэкендами. + + +nginx might hog CPU +during unbuffered proxying +if SSL connections to backends were used. + + + + + + ___ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] release-1.23.3 tag
details: https://hg.nginx.org/nginx/rev/c38588d8376b branches: changeset: 8114:c38588d8376b user: Maxim Dounin date: Tue Dec 13 18:53:53 2022 +0300 description: release-1.23.3 tag diffstat: .hgtags | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diffs (8 lines): diff -r ff3afd1ce6a6 -r c38588d8376b .hgtags --- a/.hgtags Tue Dec 13 18:53:53 2022 +0300 +++ b/.hgtags Tue Dec 13 18:53:53 2022 +0300 @@ -470,3 +470,4 @@ 714eb4b2c09e712fb2572a2164ce2bf67638ccac 5da2c0902e8e2aa4534008a582a60c61c135960e release-1.23.0 a63d0a70afea96813ba6667997bc7d68b5863f0d release-1.23.1 aa901551a7ebad1e8b0f8c11cb44e3424ba29707 release-1.23.2 +ff3afd1ce6a6b65057741df442adfaa71a0e2588 release-1.23.3 ___ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] Updated OpenSSL and zlib used for win32 builds.
details: https://hg.nginx.org/nginx/rev/9ed5778f5d4a branches: changeset: 8112:9ed5778f5d4a user: Maxim Dounin date: Tue Dec 13 03:32:57 2022 +0300 description: Updated OpenSSL and zlib used for win32 builds. diffstat: misc/GNUmakefile | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diffs (14 lines): diff -r 56819a9491fe -r 9ed5778f5d4a misc/GNUmakefile --- a/misc/GNUmakefile Thu Dec 01 04:22:36 2022 +0300 +++ b/misc/GNUmakefile Tue Dec 13 03:32:57 2022 +0300 @@ -6,8 +6,8 @@ TEMP = tmp CC = cl OBJS = objs.msvc8 -OPENSSL = openssl-1.1.1q -ZLIB = zlib-1.2.12 +OPENSSL = openssl-1.1.1s +ZLIB = zlib-1.2.13 PCRE = pcre2-10.39 ___ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
[PATCH] Linux packages: actualized supported Alpine Linux versions
# HG changeset patch # User Konstantin Pavlov # Date 1669360436 -14400 # Fri Nov 25 11:13:56 2022 +0400 # Node ID a20b51e84c32af154412f0f11d0d890e7364d746 # Parent 7ebe15d6c68d6a7cad639a550fdf33d5bfdfbabb Linux packages: actualized supported Alpine Linux versions. diff -r 7ebe15d6c68d -r a20b51e84c32 xml/en/linux_packages.xml --- a/xml/en/linux_packages.xml Mon Nov 21 21:58:20 2022 + +++ b/xml/en/linux_packages.xml Fri Nov 25 11:13:56 2022 +0400 @@ -7,7 +7,7 @@ + rev="82"> @@ -129,11 +129,6 @@ versions: -3.13 -x86_64, aarch64/arm64 - - - 3.14 x86_64, aarch64/arm64 @@ -148,6 +143,11 @@ versions: x86_64, aarch64/arm64 + +3.17 +x86_64, aarch64/arm64 + + diff -r 7ebe15d6c68d -r a20b51e84c32 xml/ru/linux_packages.xml --- a/xml/ru/linux_packages.xml Mon Nov 21 21:58:20 2022 + +++ b/xml/ru/linux_packages.xml Fri Nov 25 11:13:56 2022 +0400 @@ -7,7 +7,7 @@ + rev="82"> @@ -129,11 +129,6 @@ -3.13 -x86_64, aarch64/arm64 - - - 3.14 x86_64, aarch64/arm64 @@ -148,6 +143,11 @@ x86_64, aarch64/arm64 + +3.17 +x86_64, aarch64/arm64 + + ___ nginx-devel mailing list -- nginx-devel@nginx.org To unsubscribe send an email to nginx-devel-le...@nginx.org
[PATCH] Linux packages: added Ubuntu 22.10 "kinetic"
# HG changeset patch # User Konstantin Pavlov # Date 197160 -14400 # Tue Oct 25 15:26:00 2022 +0400 # Node ID ba6c27b903c7cd1b7277e6fcebf2308e863e6c64 # Parent e4a87f3a05d851f874bcbe8750280929eb5f9894 Linux packages: added Ubuntu 22.10 "kinetic". diff -r e4a87f3a05d8 -r ba6c27b903c7 xml/en/linux_packages.xml --- a/xml/en/linux_packages.xml Fri Oct 21 16:33:37 2022 -0700 +++ b/xml/en/linux_packages.xml Tue Oct 25 15:26:00 2022 +0400 @@ -7,7 +7,7 @@ + rev="81"> @@ -87,6 +87,11 @@ versions: x86_64, aarch64/arm64, s390x + +22.10 “kinetic” +x86_64, aarch64/arm64 + + diff -r e4a87f3a05d8 -r ba6c27b903c7 xml/ru/linux_packages.xml --- a/xml/ru/linux_packages.xml Fri Oct 21 16:33:37 2022 -0700 +++ b/xml/ru/linux_packages.xml Tue Oct 25 15:26:00 2022 +0400 @@ -7,7 +7,7 @@ + rev="81"> @@ -87,6 +87,11 @@ x86_64, aarch64/arm64, s390x + +22.10 “kinetic” +x86_64, aarch64/arm64 + + ___ nginx-devel mailing list -- nginx-devel@nginx.org To unsubscribe send an email to nginx-devel-le...@nginx.org
[nginx] Mp4: disabled duplicate atoms.
details: https://hg.nginx.org/nginx/rev/4032c1bdfa14
branches:
changeset: 8089:4032c1bdfa14
user: Roman Arutyunyan
date: Wed Oct 19 10:53:17 2022 +0300
description:
Mp4: disabled duplicate atoms.
Most atoms should not appear more than once in a container. Previously,
this was not enforced by the module, which could result in worker process
crash, memory corruption and disclosure.
diffstat:
src/http/modules/ngx_http_mp4_module.c | 147 +
1 files changed, 147 insertions(+), 0 deletions(-)
diffs (297 lines):
diff -r e32b48848add -r 4032c1bdfa14 src/http/modules/ngx_http_mp4_module.c
--- a/src/http/modules/ngx_http_mp4_module.cMon Oct 17 16:24:53 2022 +0400
+++ b/src/http/modules/ngx_http_mp4_module.cWed Oct 19 10:53:17 2022 +0300
@@ -1121,6 +1121,12 @@ ngx_http_mp4_read_ftyp_atom(ngx_http_mp4
return NGX_ERROR;
}
+if (mp4->ftyp_atom.buf) {
+ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 ftyp atom in \"%s\"",
mp4->file.name.data);
+return NGX_ERROR;
+}
+
atom_size = sizeof(ngx_mp4_atom_header_t) + (size_t) atom_data_size;
ftyp_atom = ngx_palloc(mp4->request->pool, atom_size);
@@ -1179,6 +1185,12 @@ ngx_http_mp4_read_moov_atom(ngx_http_mp4
return NGX_DECLINED;
}
+if (mp4->moov_atom.buf) {
+ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 moov atom in \"%s\"",
mp4->file.name.data);
+return NGX_ERROR;
+}
+
conf = ngx_http_get_module_loc_conf(mp4->request, ngx_http_mp4_module);
if (atom_data_size > mp4->buffer_size) {
@@ -1246,6 +1258,12 @@ ngx_http_mp4_read_mdat_atom(ngx_http_mp4
ngx_log_debug0(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0, "mp4 mdat atom");
+if (mp4->mdat_atom.buf) {
+ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 mdat atom in \"%s\"",
mp4->file.name.data);
+return NGX_ERROR;
+}
+
data = >mdat_data_buf;
data->file = >file;
data->in_file = 1;
@@ -1372,6 +1390,12 @@ ngx_http_mp4_read_mvhd_atom(ngx_http_mp4
ngx_log_debug0(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0, "mp4 mvhd atom");
+if (mp4->mvhd_atom.buf) {
+ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 mvhd atom in \"%s\"",
mp4->file.name.data);
+return NGX_ERROR;
+}
+
atom_header = ngx_mp4_atom_header(mp4);
mvhd_atom = (ngx_mp4_mvhd_atom_t *) atom_header;
mvhd64_atom = (ngx_mp4_mvhd64_atom_t *) atom_header;
@@ -1637,6 +1661,13 @@ ngx_http_mp4_read_tkhd_atom(ngx_http_mp4
atom_size = sizeof(ngx_mp4_atom_header_t) + (size_t) atom_data_size;
trak = ngx_mp4_last_trak(mp4);
+
+if (trak->out[NGX_HTTP_MP4_TKHD_ATOM].buf) {
+ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 tkhd atom in \"%s\"",
mp4->file.name.data);
+return NGX_ERROR;
+}
+
trak->tkhd_size = atom_size;
trak->movie_duration = duration;
@@ -1676,6 +1707,12 @@ ngx_http_mp4_read_mdia_atom(ngx_http_mp4
trak = ngx_mp4_last_trak(mp4);
+if (trak->out[NGX_HTTP_MP4_MDIA_ATOM].buf) {
+ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 mdia atom in \"%s\"",
mp4->file.name.data);
+return NGX_ERROR;
+}
+
atom = >mdia_atom_buf;
atom->temporary = 1;
atom->pos = atom_header;
@@ -1799,6 +1836,13 @@ ngx_http_mp4_read_mdhd_atom(ngx_http_mp4
atom_size = sizeof(ngx_mp4_atom_header_t) + (size_t) atom_data_size;
trak = ngx_mp4_last_trak(mp4);
+
+if (trak->out[NGX_HTTP_MP4_MDHD_ATOM].buf) {
+ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 mdhd atom in \"%s\"",
mp4->file.name.data);
+return NGX_ERROR;
+}
+
trak->mdhd_size = atom_size;
trak->timescale = timescale;
trak->duration = duration;
@@ -1862,6 +1906,12 @@ ngx_http_mp4_read_hdlr_atom(ngx_http_mp4
trak = ngx_mp4_last_trak(mp4);
+if (trak->out[NGX_HTTP_MP4_HDLR_ATOM].buf) {
+ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 hdlr atom in \"%s\"",
mp4->file.name.data);
+return NGX_ERROR;
+}
+
atom = >hdlr_atom_buf;
atom->temporary = 1;
atom->pos = atom_header;
@@ -1890,6 +1940,12 @@ ngx_http_mp4_read_minf_atom(ngx_http_mp4
trak = ngx_mp4_last_trak(mp4);
+if (trak->out[NGX_HTTP_MP4_MINF_ATOM].buf) {
+ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 minf atom in \"%s\"",
mp4->file.name.data);
+return NGX_ERROR;
+}
+
atom = >minf_atom_buf;
atom->temporary = 1;
atom->pos = atom_header;
@@ -1933,6 +1989,15 @@ ngx_http_mp4_read_vmhd_atom(ngx_http_mp4
trak = ngx_mp4_last_trak(mp4);
+if (trak->out[NGX_HTTP_MP4_VMHD_ATOM].buf
+||
[nginx] nginx-1.23.2-RELEASE
details: https://hg.nginx.org/nginx/rev/aa901551a7eb branches: changeset: 8090:aa901551a7eb user: Maxim Dounin date: Wed Oct 19 10:56:20 2022 +0300 description: nginx-1.23.2-RELEASE diffstat: docs/xml/nginx/changes.xml | 114 + 1 files changed, 114 insertions(+), 0 deletions(-) diffs (124 lines): diff -r 4032c1bdfa14 -r aa901551a7eb docs/xml/nginx/changes.xml --- a/docs/xml/nginx/changes.xmlWed Oct 19 10:53:17 2022 +0300 +++ b/docs/xml/nginx/changes.xmlWed Oct 19 10:56:20 2022 +0300 @@ -5,6 +5,120 @@ + + + + +обработка специально созданного mp4-файла модулем ngx_http_mp4_module +могла приводить к падению рабочего процесса, +отправке клиенту части содержимого памяти рабочего процесса, +а также потенциально могла иметь другие последствия +(CVE-2022-41741, CVE-2022-41742). + + +processing of a specially crafted mp4 file by the ngx_http_mp4_module +might cause a worker process crash, +worker process memory disclosure, +or might have potential other impact +(CVE-2022-41741, CVE-2022-41742). + + + + + +переменные "$proxy_protocol_tlv_...". + + +the "$proxy_protocol_tlv_..." variables. + + + + + +ключи шифрования TLS session tickets теперь автоматически меняются +при использовании разделяемой памяти в ssl_session_cache. + + +TLS session tickets encryption keys are now automatically rotated +when using shared memory in the "ssl_session_cache" directive. + + + + + +уровень логгирования ошибок SSL "bad record type" +понижен с уровня crit до info. +Спасибо Murilo Andrade. + + +the logging level of the "bad record type" SSL errors +has been lowered from "crit" to "info". +Thanks to Murilo Andrade. + + + + + +теперь при использовании разделяемой памяти в ssl_session_cache +сообщения "could not allocate new session" +логгируются на уровне warn вместо alert +и не чаще одного раза в секунду. + + +now when using shared memory in the "ssl_session_cache" directive +the "could not allocate new session" errors +are logged at the "warn" level instead of "alert" +and not more often than once per second. + + + + + +nginx/Windows не собирался с OpenSSL 3.0.x. + + +nginx/Windows could not be built with OpenSSL 3.0.x. + + + + + +в логгировании ошибок протокола PROXY. +Спасибо Сергею Брестеру. + + +in logging of the PROXY protocol errors. +Thanks to Sergey Brester. + + + + + +при использовании TLSv1.3 с OpenSSL +разделяемая память из ssl_session_cache расходовалась +в том числе на сессии, использующие TLS session tickets. + + +shared memory from the "ssl_session_cache" directive +was spent on sessions using TLS session tickets +when using TLSv1.3 with OpenSSL. + + + + + +таймаут, заданный с помощью директивы ssl_session_timeout, +не работал при использовании TLSv1.3 с OpenSSL или BoringSSL. + + +timeout specified with the "ssl_session_timeout" directive +did not work when using TLSv1.3 with OpenSSL or BoringSSL. + + + + + + ___ nginx-devel mailing list -- nginx-devel@nginx.org To unsubscribe send an email to nginx-devel-le...@nginx.org
[nginx] Version bump.
details: https://hg.nginx.org/nginx/rev/2b08b48ecc23 branches: stable-1.22 changeset: 8092:2b08b48ecc23 user: Maxim Dounin date: Wed Oct 19 10:59:37 2022 +0300 description: Version bump. diffstat: src/core/nginx.h | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diffs (14 lines): diff -r 2d3ed138ce65 -r 2b08b48ecc23 src/core/nginx.h --- a/src/core/nginx.h Tue May 24 02:59:19 2022 +0300 +++ b/src/core/nginx.h Wed Oct 19 10:59:37 2022 +0300 @@ -9,8 +9,8 @@ #define _NGINX_H_INCLUDED_ -#define nginx_version 1022000 -#define NGINX_VERSION "1.22.0" +#define nginx_version 1022001 +#define NGINX_VERSION "1.22.1" #define NGINX_VER "nginx/" NGINX_VERSION #ifdef NGX_BUILD ___ nginx-devel mailing list -- nginx-devel@nginx.org To unsubscribe send an email to nginx-devel-le...@nginx.org
[nginx] release-1.23.2 tag
details: https://hg.nginx.org/nginx/rev/1ae25660c0c7 branches: changeset: 8091:1ae25660c0c7 user: Maxim Dounin date: Wed Oct 19 10:56:21 2022 +0300 description: release-1.23.2 tag diffstat: .hgtags | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diffs (8 lines): diff -r aa901551a7eb -r 1ae25660c0c7 .hgtags --- a/.hgtags Wed Oct 19 10:56:20 2022 +0300 +++ b/.hgtags Wed Oct 19 10:56:21 2022 +0300 @@ -469,3 +469,4 @@ d986378168fd4d70e0121cabac274c560cca9bdf 714eb4b2c09e712fb2572a2164ce2bf67638ccac release-1.21.6 5da2c0902e8e2aa4534008a582a60c61c135960e release-1.23.0 a63d0a70afea96813ba6667997bc7d68b5863f0d release-1.23.1 +aa901551a7ebad1e8b0f8c11cb44e3424ba29707 release-1.23.2 ___ nginx-devel mailing list -- nginx-devel@nginx.org To unsubscribe send an email to nginx-devel-le...@nginx.org
[nginx] Mp4: disabled duplicate atoms.
details: https://hg.nginx.org/nginx/rev/adae1da17749
branches: stable-1.22
changeset: 8095:adae1da17749
user: Roman Arutyunyan
date: Wed Oct 19 10:53:17 2022 +0300
description:
Mp4: disabled duplicate atoms.
Most atoms should not appear more than once in a container. Previously,
this was not enforced by the module, which could result in worker process
crash, memory corruption and disclosure.
diffstat:
src/http/modules/ngx_http_mp4_module.c | 147 +
1 files changed, 147 insertions(+), 0 deletions(-)
diffs (297 lines):
diff -r 89a716b4fe0c -r adae1da17749 src/http/modules/ngx_http_mp4_module.c
--- a/src/http/modules/ngx_http_mp4_module.cTue Jul 19 17:03:30 2022 +0300
+++ b/src/http/modules/ngx_http_mp4_module.cWed Oct 19 10:53:17 2022 +0300
@@ -1121,6 +1121,12 @@ ngx_http_mp4_read_ftyp_atom(ngx_http_mp4
return NGX_ERROR;
}
+if (mp4->ftyp_atom.buf) {
+ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 ftyp atom in \"%s\"",
mp4->file.name.data);
+return NGX_ERROR;
+}
+
atom_size = sizeof(ngx_mp4_atom_header_t) + (size_t) atom_data_size;
ftyp_atom = ngx_palloc(mp4->request->pool, atom_size);
@@ -1179,6 +1185,12 @@ ngx_http_mp4_read_moov_atom(ngx_http_mp4
return NGX_DECLINED;
}
+if (mp4->moov_atom.buf) {
+ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 moov atom in \"%s\"",
mp4->file.name.data);
+return NGX_ERROR;
+}
+
conf = ngx_http_get_module_loc_conf(mp4->request, ngx_http_mp4_module);
if (atom_data_size > mp4->buffer_size) {
@@ -1246,6 +1258,12 @@ ngx_http_mp4_read_mdat_atom(ngx_http_mp4
ngx_log_debug0(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0, "mp4 mdat atom");
+if (mp4->mdat_atom.buf) {
+ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 mdat atom in \"%s\"",
mp4->file.name.data);
+return NGX_ERROR;
+}
+
data = >mdat_data_buf;
data->file = >file;
data->in_file = 1;
@@ -1372,6 +1390,12 @@ ngx_http_mp4_read_mvhd_atom(ngx_http_mp4
ngx_log_debug0(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0, "mp4 mvhd atom");
+if (mp4->mvhd_atom.buf) {
+ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 mvhd atom in \"%s\"",
mp4->file.name.data);
+return NGX_ERROR;
+}
+
atom_header = ngx_mp4_atom_header(mp4);
mvhd_atom = (ngx_mp4_mvhd_atom_t *) atom_header;
mvhd64_atom = (ngx_mp4_mvhd64_atom_t *) atom_header;
@@ -1637,6 +1661,13 @@ ngx_http_mp4_read_tkhd_atom(ngx_http_mp4
atom_size = sizeof(ngx_mp4_atom_header_t) + (size_t) atom_data_size;
trak = ngx_mp4_last_trak(mp4);
+
+if (trak->out[NGX_HTTP_MP4_TKHD_ATOM].buf) {
+ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 tkhd atom in \"%s\"",
mp4->file.name.data);
+return NGX_ERROR;
+}
+
trak->tkhd_size = atom_size;
trak->movie_duration = duration;
@@ -1676,6 +1707,12 @@ ngx_http_mp4_read_mdia_atom(ngx_http_mp4
trak = ngx_mp4_last_trak(mp4);
+if (trak->out[NGX_HTTP_MP4_MDIA_ATOM].buf) {
+ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 mdia atom in \"%s\"",
mp4->file.name.data);
+return NGX_ERROR;
+}
+
atom = >mdia_atom_buf;
atom->temporary = 1;
atom->pos = atom_header;
@@ -1799,6 +1836,13 @@ ngx_http_mp4_read_mdhd_atom(ngx_http_mp4
atom_size = sizeof(ngx_mp4_atom_header_t) + (size_t) atom_data_size;
trak = ngx_mp4_last_trak(mp4);
+
+if (trak->out[NGX_HTTP_MP4_MDHD_ATOM].buf) {
+ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 mdhd atom in \"%s\"",
mp4->file.name.data);
+return NGX_ERROR;
+}
+
trak->mdhd_size = atom_size;
trak->timescale = timescale;
trak->duration = duration;
@@ -1862,6 +1906,12 @@ ngx_http_mp4_read_hdlr_atom(ngx_http_mp4
trak = ngx_mp4_last_trak(mp4);
+if (trak->out[NGX_HTTP_MP4_HDLR_ATOM].buf) {
+ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 hdlr atom in \"%s\"",
mp4->file.name.data);
+return NGX_ERROR;
+}
+
atom = >hdlr_atom_buf;
atom->temporary = 1;
atom->pos = atom_header;
@@ -1890,6 +1940,12 @@ ngx_http_mp4_read_minf_atom(ngx_http_mp4
trak = ngx_mp4_last_trak(mp4);
+if (trak->out[NGX_HTTP_MP4_MINF_ATOM].buf) {
+ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "duplicate mp4 minf atom in \"%s\"",
mp4->file.name.data);
+return NGX_ERROR;
+}
+
atom = >minf_atom_buf;
atom->temporary = 1;
atom->pos = atom_header;
@@ -1933,6 +1989,15 @@ ngx_http_mp4_read_vmhd_atom(ngx_http_mp4
trak = ngx_mp4_last_trak(mp4);
+if (trak->out[NGX_HTTP_MP4_VMHD_ATOM].buf
+||
[nginx] release-1.22.1 tag
details: https://hg.nginx.org/nginx/rev/6b81c065e2d3 branches: stable-1.22 changeset: 8097:6b81c065e2d3 user: Maxim Dounin date: Wed Oct 19 11:02:20 2022 +0300 description: release-1.22.1 tag diffstat: .hgtags | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diffs (8 lines): diff -r af7a3fb7558f -r 6b81c065e2d3 .hgtags --- a/.hgtags Wed Oct 19 11:02:20 2022 +0300 +++ b/.hgtags Wed Oct 19 11:02:20 2022 +0300 @@ -468,3 +468,4 @@ 39be8a682c58308d9399cddd57e37f9fdb7bdf3e d986378168fd4d70e0121cabac274c560cca9bdf release-1.21.5 714eb4b2c09e712fb2572a2164ce2bf67638ccac release-1.21.6 f669c9c2a617d80daf753e012265ab5290df0d9b release-1.22.0 +af7a3fb7558f28b3e74631f460995a09d529578a release-1.22.1 ___ nginx-devel mailing list -- nginx-devel@nginx.org To unsubscribe send an email to nginx-devel-le...@nginx.org
[nginx] Updated OpenSSL used for win32 builds.
details: https://hg.nginx.org/nginx/rev/fc08fa6757e6 branches: stable-1.22 changeset: 8093:fc08fa6757e6 user: Maxim Dounin date: Tue Jun 21 17:09:34 2022 +0300 description: Updated OpenSSL used for win32 builds. diffstat: misc/GNUmakefile | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diffs (12 lines): diff -r 2b08b48ecc23 -r fc08fa6757e6 misc/GNUmakefile --- a/misc/GNUmakefile Wed Oct 19 10:59:37 2022 +0300 +++ b/misc/GNUmakefile Tue Jun 21 17:09:34 2022 +0300 @@ -6,7 +6,7 @@ TEMP = tmp CC = cl OBJS = objs.msvc8 -OPENSSL = openssl-1.1.1o +OPENSSL = openssl-1.1.1p ZLIB = zlib-1.2.12 PCRE = pcre2-10.39 ___ nginx-devel mailing list -- nginx-devel@nginx.org To unsubscribe send an email to nginx-devel-le...@nginx.org
[nginx] nginx-1.22.1-RELEASE
details: https://hg.nginx.org/nginx/rev/af7a3fb7558f branches: stable-1.22 changeset: 8096:af7a3fb7558f user: Maxim Dounin date: Wed Oct 19 11:02:20 2022 +0300 description: nginx-1.22.1-RELEASE diffstat: docs/xml/nginx/changes.xml | 22 ++ 1 files changed, 22 insertions(+), 0 deletions(-) diffs (32 lines): diff -r adae1da17749 -r af7a3fb7558f docs/xml/nginx/changes.xml --- a/docs/xml/nginx/changes.xmlWed Oct 19 10:53:17 2022 +0300 +++ b/docs/xml/nginx/changes.xmlWed Oct 19 11:02:20 2022 +0300 @@ -5,6 +5,28 @@ + + + + +обработка специально созданного mp4-файла модулем ngx_http_mp4_module +могла приводить к падению рабочего процесса, +отправке клиенту части содержимого памяти рабочего процесса, +а также потенциально могла иметь другие последствия +(CVE-2022-41741, CVE-2022-41742). + + +processing of a specially crafted mp4 file by the ngx_http_mp4_module +might cause a worker process crash, +worker process memory disclosure, +or might have potential other impact +(CVE-2022-41741, CVE-2022-41742). + + + + + + ___ nginx-devel mailing list -- nginx-devel@nginx.org To unsubscribe send an email to nginx-devel-le...@nginx.org
[nginx] Updated OpenSSL used for win32 builds.
details: https://hg.nginx.org/nginx/rev/89a716b4fe0c branches: stable-1.22 changeset: 8094:89a716b4fe0c user: Maxim Dounin date: Tue Jul 19 17:03:30 2022 +0300 description: Updated OpenSSL used for win32 builds. diffstat: misc/GNUmakefile | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diffs (12 lines): diff -r fc08fa6757e6 -r 89a716b4fe0c misc/GNUmakefile --- a/misc/GNUmakefile Tue Jun 21 17:09:34 2022 +0300 +++ b/misc/GNUmakefile Tue Jul 19 17:03:30 2022 +0300 @@ -6,7 +6,7 @@ TEMP = tmp CC = cl OBJS = objs.msvc8 -OPENSSL = openssl-1.1.1p +OPENSSL = openssl-1.1.1q ZLIB = zlib-1.2.12 PCRE = pcre2-10.39 ___ nginx-devel mailing list -- nginx-devel@nginx.org To unsubscribe send an email to nginx-devel-le...@nginx.org
Re: [PATCH] Linux packages: key verification command adjusted
Hi, On 10/10/2022 8:33 PM, Andrei Belov wrote: # HG changeset patch # User Andrei Belov # Date 1665416594 -14400 # Mon Oct 10 19:43:14 2022 +0400 # Node ID 6bc630596c063fb7c85a35ff6173e75d3ca1982e # Parent 9708787aafc70744296baceb2aa0092401a4ef34 Linux packages: key verification command adjusted. diff --git a/xml/en/linux_packages.xml b/xml/en/linux_packages.xml --- a/xml/en/linux_packages.xml +++ b/xml/en/linux_packages.xml @@ -7,7 +7,7 @@ + rev="80"> @@ -250,7 +250,7 @@ curl https://nginx.org/keys/nginx_signin Verify that the downloaded file contains the proper key: -gpg --dry-run --quiet --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg +gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg The output should contain the full fingerprint @@ -322,7 +322,7 @@ curl https://nginx.org/keys/nginx_signin Verify that the downloaded file contains the proper key: -gpg --dry-run --quiet --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg +gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg The output should contain the full fingerprint diff --git a/xml/ru/linux_packages.xml b/xml/ru/linux_packages.xml --- a/xml/ru/linux_packages.xml +++ b/xml/ru/linux_packages.xml @@ -7,7 +7,7 @@ + rev="80"> @@ -250,7 +250,7 @@ curl https://nginx.org/keys/nginx_signin Проверьте, верный ли ключ был загружен: -gpg --dry-run --quiet --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg +gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg Вывод команды должен содержать полный отпечаток ключа @@ -321,7 +321,7 @@ curl https://nginx.org/keys/nginx_signin Проверьте, верный ли ключ был загружен: -gpg --dry-run --quiet --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg +gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg Вывод команды должен содержать полный отпечаток ключа The problem might be there for unsupported/EOL distros that ship gnupg1 that lacks this option, but given the fact that we explicitly ask user to install gnupg2, the change looks good to me. ___ nginx-devel mailing list -- nginx-devel@nginx.org To unsubscribe send an email to nginx-devel-le...@nginx.org
Re: [PATCH] Linux packages: reword to mention supported RHEL derivatives
Hi, On 28/09/2022 12:57 AM, Maxim Dounin wrote: Hello! On Tue, Sep 27, 2022 at 04:14:58PM +0400, Konstantin Pavlov wrote: # HG changeset patch # User Konstantin Pavlov # Date 1664280815 -14400 # Tue Sep 27 16:13:35 2022 +0400 # Node ID 9d1eec5b03a4ff9d863ad49b47721d713dcec76f # Parent 8878680962d05f778f187efcfb163a76c1dfacb7 Linux packages: reword to mention supported RHEL derivatives. diff -r 8878680962d0 -r 9d1eec5b03a4 xml/en/linux_packages.xml --- a/xml/en/linux_packages.xml Fri Sep 23 18:30:33 2022 -0700 +++ b/xml/en/linux_packages.xml Tue Sep 27 16:13:35 2022 +0400 @@ -7,7 +7,7 @@ + rev="79"> @@ -17,7 +17,7 @@ versions: -RHEL/CentOS +RHEL and derivatives @@ -175,7 +175,12 @@ set up the nginx packages repository. Afterward, you can install and update nginx from the repository. - + + + +This section applies to Red Hat Enterprise Linux and its derivatives such as +CentOS, Oracle Linux, Rocky Linux, AlmaLinux. + Install the prerequisites: @@ -578,7 +583,8 @@ mainline version, while stable- sources for stable releases. To build binary packages, run make in debian/ directory on Debian/Ubuntu, or in -rpm/SPECS/ on RHEL/CentOS/SLES/Amazon Linux, or in +rpm/SPECS/ on +RHEL/CentOS/Oracle Linux/Rocky Linux/AlmaLinux/SLES/Amazon Linux, or in Shouldn't it be "on RHEL and derivatives, SLES, and Amazon Linux"? Otherwise looks good. Indeed, I think that's the best option. Pushed. ___ nginx-devel mailing list -- nginx-devel@nginx.org To unsubscribe send an email to nginx-devel-le...@nginx.org
[PATCH] Linux packages: reword to mention supported RHEL derivatives
# HG changeset patch # User Konstantin Pavlov # Date 1664280815 -14400 # Tue Sep 27 16:13:35 2022 +0400 # Node ID 9d1eec5b03a4ff9d863ad49b47721d713dcec76f # Parent 8878680962d05f778f187efcfb163a76c1dfacb7 Linux packages: reword to mention supported RHEL derivatives. diff -r 8878680962d0 -r 9d1eec5b03a4 xml/en/linux_packages.xml --- a/xml/en/linux_packages.xml Fri Sep 23 18:30:33 2022 -0700 +++ b/xml/en/linux_packages.xml Tue Sep 27 16:13:35 2022 +0400 @@ -7,7 +7,7 @@ + rev="79"> @@ -17,7 +17,7 @@ versions: -RHEL/CentOS +RHEL and derivatives @@ -175,7 +175,12 @@ set up the nginx packages repository. Afterward, you can install and update nginx from the repository. - + + + +This section applies to Red Hat Enterprise Linux and its derivatives such as +CentOS, Oracle Linux, Rocky Linux, AlmaLinux. + Install the prerequisites: @@ -578,7 +583,8 @@ mainline version, while stable- sources for stable releases. To build binary packages, run make in debian/ directory on Debian/Ubuntu, or in -rpm/SPECS/ on RHEL/CentOS/SLES/Amazon Linux, or in +rpm/SPECS/ on +RHEL/CentOS/Oracle Linux/Rocky Linux/AlmaLinux/SLES/Amazon Linux, or in alpine/ on Alpine. diff -r 8878680962d0 -r 9d1eec5b03a4 xml/ru/linux_packages.xml --- a/xml/ru/linux_packages.xml Fri Sep 23 18:30:33 2022 -0700 +++ b/xml/ru/linux_packages.xml Tue Sep 27 16:13:35 2022 +0400 @@ -7,7 +7,7 @@ + rev="79"> @@ -17,7 +17,7 @@ -RHEL/CentOS +RHEL и производные @@ -175,7 +175,12 @@ После этого можно будет установить и обновлять nginx из этого репозитория. - + + + +Эта секция применима к Red Hat Enterprise Linux и его производным, таким как +CentOS, Oracle Linux, Rocky Linux, AlmaLinux. + Установите пакеты, необходимые для подключения yum-репозитория: @@ -575,7 +580,8 @@ mainline-версии, в то время как ветки stable-* содержат исходные коды пакетов для стабильных релизов. Для сборки бинарных пакетов запустите make в каталоге debian/ для Debian/Ubuntu, или в каталоге -rpm/SPECS/ для RHEL/CentOS/SLES/Amazon Linux, или в каталоге +rpm/SPECS/ для +RHEL/CentOS/Oracle Linux/Rocky Linux/AlmaLinux/SLES/Amazon Linux, или в каталоге alpine/ для Alpine. ___ nginx-devel mailing list -- nginx-devel@nginx.org To unsubscribe send an email to nginx-devel-le...@nginx.org
Re: [PATCH] Linux packages: removed Debian 10 'buster' due to EOL
Hi On 13/09/2022 4:52 PM, Sergey Kandaurov wrote: On 13 Sep 2022, at 16:18, Konstantin Pavlov wrote: # HG changeset patch # User Konstantin Pavlov # Date 1663071405 -14400 # Tue Sep 13 16:16:45 2022 +0400 # Node ID 3907d2d6e9e23b59549ce83829cee0d2affbd8de # Parent 05284b3a363fdac0b7ce7ec9428cf521e0101767 Linux packages: removed Debian 10 'buster' due to EOL. diff -r 05284b3a363f -r 3907d2d6e9e2 xml/en/linux_packages.xml --- a/xml/en/linux_packages.xml Tue Sep 13 13:14:33 2022 +0100 +++ b/xml/en/linux_packages.xml Tue Sep 13 16:16:45 2022 +0400 @@ -7,7 +7,7 @@ + rev="78"> @@ -55,11 +55,6 @@ versions: -10.x “buster” -x86_64, i386, aarch64/arm64 - - - 11.x “bullseye” x86_64, aarch64/arm64 diff -r 05284b3a363f -r 3907d2d6e9e2 xml/ru/linux_packages.xml --- a/xml/ru/linux_packages.xml Tue Sep 13 13:14:33 2022 +0100 +++ b/xml/ru/linux_packages.xml Tue Sep 13 16:16:45 2022 +0400 @@ -7,7 +7,7 @@ + rev="76"> Counter incremented backwards, otherwise looks good. Oh right - thanks! Pushed. ___ nginx-devel mailing list -- nginx-devel@nginx.org To unsubscribe send an email to nginx-devel-le...@nginx.org
[PATCH] Linux packages: removed Debian 10 'buster' due to EOL
# HG changeset patch # User Konstantin Pavlov # Date 1663071405 -14400 # Tue Sep 13 16:16:45 2022 +0400 # Node ID 3907d2d6e9e23b59549ce83829cee0d2affbd8de # Parent 05284b3a363fdac0b7ce7ec9428cf521e0101767 Linux packages: removed Debian 10 'buster' due to EOL. diff -r 05284b3a363f -r 3907d2d6e9e2 xml/en/linux_packages.xml --- a/xml/en/linux_packages.xml Tue Sep 13 13:14:33 2022 +0100 +++ b/xml/en/linux_packages.xml Tue Sep 13 16:16:45 2022 +0400 @@ -7,7 +7,7 @@ + rev="78"> @@ -55,11 +55,6 @@ versions: -10.x “buster” -x86_64, i386, aarch64/arm64 - - - 11.x “bullseye” x86_64, aarch64/arm64 diff -r 05284b3a363f -r 3907d2d6e9e2 xml/ru/linux_packages.xml --- a/xml/ru/linux_packages.xml Tue Sep 13 13:14:33 2022 +0100 +++ b/xml/ru/linux_packages.xml Tue Sep 13 16:16:45 2022 +0400 @@ -7,7 +7,7 @@ + rev="76"> @@ -55,11 +55,6 @@ -10.x “buster” -x86_64, i386, aarch64/arm64 - - - 11.x “bullseye” x86_64, aarch64/arm64 ___ nginx-devel mailing list -- nginx-devel@nginx.org To unsubscribe send an email to nginx-devel-le...@nginx.org
Re: nginx exits error code 0 with docker compose
Hi Brian, On 06/09/2022 3:14 AM, Brian Carey wrote: I'm trying to run nginx/mysql/php in docker. Everything seems to run fine. I have added tty: true and changed the Here is my Dockerfile, docker-compose.yaml and the nginx-related output. I did try adding tty: true but it made no difference. Any ideas? Thanks in advance. biscotty ''' FROM nginx:alpine CMD ["nginx", "-g", "daemon off;"] EXPOSE 80 443 Make sure to rebuild the cached image used by docker-compose. This should work fine. ___ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org
[PATCH] Linux packages: removed Ubuntu 21.10 'impish' due to EOL
# HG changeset patch # User Konstantin Pavlov # Date 1658244488 -14400 # Tue Jul 19 19:28:08 2022 +0400 # Node ID ca4adc1068f0ba18c477f9816ce2b798f675fbe0 # Parent e06cf66a9f630d376699be0fd78b9fc64ef6256e Linux packages: removed Ubuntu 21.10 'impish' due to EOL. diff -r e06cf66a9f63 -r ca4adc1068f0 xml/en/linux_packages.xml --- a/xml/en/linux_packages.xml Tue Jul 19 14:10:02 2022 +0100 +++ b/xml/en/linux_packages.xml Tue Jul 19 19:28:08 2022 +0400 @@ -7,7 +7,7 @@ + rev="77"> @@ -88,11 +88,6 @@ versions: -21.10 “impish” -x86_64, aarch64/arm64 - - - 22.04 “jammy” x86_64, aarch64/arm64, s390x diff -r e06cf66a9f63 -r ca4adc1068f0 xml/ru/linux_packages.xml --- a/xml/ru/linux_packages.xml Tue Jul 19 14:10:02 2022 +0100 +++ b/xml/ru/linux_packages.xml Tue Jul 19 19:28:08 2022 +0400 @@ -7,7 +7,7 @@ + rev="77"> @@ -88,11 +88,6 @@ -21.10 “impish” -x86_64, aarch64/arm64 - - - 22.04 “jammy” x86_64, aarch64/arm64, s390x ___ nginx-devel mailing list -- nginx-devel@nginx.org To unsubscribe send an email to nginx-devel-le...@nginx.org
[nginx] Updated OpenSSL used for win32 builds.
details: https://hg.nginx.org/nginx/rev/e8723b2cef75 branches: changeset: 8059:e8723b2cef75 user: Maxim Dounin date: Tue Jul 19 17:03:30 2022 +0300 description: Updated OpenSSL used for win32 builds. diffstat: misc/GNUmakefile | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diffs (12 lines): diff -r f3510cb959d1 -r e8723b2cef75 misc/GNUmakefile --- a/misc/GNUmakefile Fri Jul 15 15:19:32 2022 +0300 +++ b/misc/GNUmakefile Tue Jul 19 17:03:30 2022 +0300 @@ -6,7 +6,7 @@ TEMP = tmp CC = cl OBJS = objs.msvc8 -OPENSSL = openssl-1.1.1p +OPENSSL = openssl-1.1.1q ZLIB = zlib-1.2.12 PCRE = pcre2-10.39 ___ nginx-devel mailing list -- nginx-devel@nginx.org To unsubscribe send an email to nginx-devel-le...@nginx.org
[nginx] nginx-1.23.1-RELEASE
details: https://hg.nginx.org/nginx/rev/a63d0a70afea branches: changeset: 8060:a63d0a70afea user: Maxim Dounin date: Tue Jul 19 17:05:27 2022 +0300 description: nginx-1.23.1-RELEASE diffstat: docs/xml/nginx/changes.xml | 66 ++ 1 files changed, 66 insertions(+), 0 deletions(-) diffs (76 lines): diff -r e8723b2cef75 -r a63d0a70afea docs/xml/nginx/changes.xml --- a/docs/xml/nginx/changes.xmlTue Jul 19 17:03:30 2022 +0300 +++ b/docs/xml/nginx/changes.xmlTue Jul 19 17:05:27 2022 +0300 @@ -5,6 +5,72 @@ + + + + +оптимизация использования памяти +в конфигурациях с SSL-проксированием. + + +memory usage optimization +in configurations with SSL proxying. + + + + + +теперь с помощью параметра "ipv4=off" директивы "resolver" +можно запретить поиск IPv4-адресов при преобразовании имён в адреса. + + +looking up of IPv4 addresses while resolving now can be disabled +with the "ipv4=off" parameter of the "resolver" directive. + + + + + +уровень логгирования ошибок SSL "bad key share", "bad extension", +"bad cipher" и "bad ecpoint" +понижен с уровня crit до info. + + +the logging level of the "bad key share", "bad extension", +"bad cipher", and "bad ecpoint" SSL errors +has been lowered from "crit" to "info". + + + + + +при возврате диапазонов +nginx не удалял строку заголовка "Content-Range", +если она присутствовала в исходном ответе бэкенда. + + +while returning byte ranges +nginx did not remove the "Content-Range" header line +if it was present in the original backend response. + + + + + +проксированный ответ мог быть отправлен не полностью +при переконфигурации на Linux; +ошибка появилась в 1.17.5. + + +a proxied response might be truncated +during reconfiguration on Linux; +the bug had appeared in 1.17.5. + + + + + + ___ nginx-devel mailing list -- nginx-devel@nginx.org To unsubscribe send an email to nginx-devel-le...@nginx.org
[nginx] release-1.23.1 tag
details: https://hg.nginx.org/nginx/rev/069a4813e8d6 branches: changeset: 8061:069a4813e8d6 user: Maxim Dounin date: Tue Jul 19 17:05:27 2022 +0300 description: release-1.23.1 tag diffstat: .hgtags | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diffs (8 lines): diff -r a63d0a70afea -r 069a4813e8d6 .hgtags --- a/.hgtags Tue Jul 19 17:05:27 2022 +0300 +++ b/.hgtags Tue Jul 19 17:05:27 2022 +0300 @@ -468,3 +468,4 @@ 39be8a682c58308d9399cddd57e37f9fdb7bdf3e d986378168fd4d70e0121cabac274c560cca9bdf release-1.21.5 714eb4b2c09e712fb2572a2164ce2bf67638ccac release-1.21.6 5da2c0902e8e2aa4534008a582a60c61c135960e release-1.23.0 +a63d0a70afea96813ba6667997bc7d68b5863f0d release-1.23.1 ___ nginx-devel mailing list -- nginx-devel@nginx.org To unsubscribe send an email to nginx-devel-le...@nginx.org
[PATCH] Linux packages: updated the supported architectures for Ubuntu 22.04
# HG changeset patch # User Konstantin Pavlov # Date 1655894271 -14400 # Wed Jun 22 14:37:51 2022 +0400 # Node ID b2e6057d99afc0cd843928a6f20b20ab5b8b92e2 # Parent cf91f42cf7e7a952860ecfd65fdd48f7b3729da1 Linux packages: updated the supported architectures for Ubuntu 22.04. diff -r cf91f42cf7e7 -r b2e6057d99af xml/en/linux_packages.xml --- a/xml/en/linux_packages.xml Tue Jun 21 17:49:58 2022 +0100 +++ b/xml/en/linux_packages.xml Wed Jun 22 14:37:51 2022 +0400 @@ -7,7 +7,7 @@ + rev="76"> @@ -94,7 +94,7 @@ versions: 22.04 “jammy” -x86_64, aarch64/arm64 +x86_64, aarch64/arm64, s390x diff -r cf91f42cf7e7 -r b2e6057d99af xml/ru/linux_packages.xml --- a/xml/ru/linux_packages.xml Tue Jun 21 17:49:58 2022 +0100 +++ b/xml/ru/linux_packages.xml Wed Jun 22 14:37:51 2022 +0400 @@ -7,7 +7,7 @@ + rev="76"> @@ -94,7 +94,7 @@ 22.04 “jammy” -x86_64, aarch64/arm64 +x86_64, aarch64/arm64, s390x ___ nginx-devel mailing list -- nginx-devel@nginx.org To unsubscribe send an email to nginx-devel-le...@nginx.org
[nginx] release-1.23.0 tag
details: https://hg.nginx.org/nginx/rev/fecd73db563f branches: changeset: 8051:fecd73db563f user: Maxim Dounin date: Tue Jun 21 17:25:37 2022 +0300 description: release-1.23.0 tag diffstat: .hgtags | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diffs (8 lines): diff -r 5da2c0902e8e -r fecd73db563f .hgtags --- a/.hgtags Tue Jun 21 17:25:36 2022 +0300 +++ b/.hgtags Tue Jun 21 17:25:37 2022 +0300 @@ -467,3 +467,4 @@ 2217a9c1d0b86026f22700b3c089545db1964f55 39be8a682c58308d9399cddd57e37f9fdb7bdf3e release-1.21.4 d986378168fd4d70e0121cabac274c560cca9bdf release-1.21.5 714eb4b2c09e712fb2572a2164ce2bf67638ccac release-1.21.6 +5da2c0902e8e2aa4534008a582a60c61c135960e release-1.23.0 ___ nginx-devel mailing list -- nginx-devel@nginx.org To unsubscribe send an email to nginx-devel-le...@nginx.org
[nginx] nginx-1.23.0-RELEASE
details: https://hg.nginx.org/nginx/rev/5da2c0902e8e branches: changeset: 8050:5da2c0902e8e user: Maxim Dounin date: Tue Jun 21 17:25:36 2022 +0300 description: nginx-1.23.0-RELEASE diffstat: docs/xml/nginx/changes.xml | 101 + 1 files changed, 101 insertions(+), 0 deletions(-) diffs (111 lines): diff -r c4e1c97098e1 -r 5da2c0902e8e docs/xml/nginx/changes.xml --- a/docs/xml/nginx/changes.xmlTue Jun 21 17:09:34 2022 +0300 +++ b/docs/xml/nginx/changes.xmlTue Jun 21 17:25:36 2022 +0300 @@ -5,6 +5,107 @@ + + + + +Изменение во внутреннем API: +теперь строки заголовков представлены связными списками. + + +Change in internal API: +now header lines are represented as linked lists. + + + + + +теперь nginx объединяет произвольные строки заголовков с одинаковыми именами +при отправке на FastCGI-, SCGI- и uwsgi-бэкенды, +в методе $r->header_in() модуля ngx_http_perl_module, +и при доступе через переменные "$http_...", "$sent_http_...", +"$sent_trailer_...", "$upstream_http_..." и "$upstream_trailer_...". + + +now nginx combines arbitrary header lines with identical names +when sending to FastCGI, SCGI, and uwsgi backends, +in the $r->header_in() method of the ngx_http_perl_module, +and during lookup of the "$http_...", "$sent_http_...", +"$sent_trailer_...", "$upstream_http_...", and "$upstream_trailer_..." +variables. + + + + + +если в заголовке ответа бэкенда было несколько строк "Vary", +при кэшировании nginx учитывал только последнюю из них. + + +if there were multiple "Vary" header lines in the backend response, +nginx only used the last of them when caching. + + + + + +если в заголовке ответа бэкенда было несколько строк "WWW-Authenticate" +и использовался перехват ошибок с кодом 401 от бэкенда +или директива auth_request, +nginx пересылал клиенту только первую из этих строк. + + +if there were multiple "WWW-Authenticate" header lines in the backend response +and errors with code 401 were intercepted +or the "auth_request" directive was used, +nginx only sent the first of the header lines to the client. + + + + + +уровень логгирования ошибок SSL "application data after close notify" +понижен с уровня crit до info. + + +the logging level of the "application data after close notify" SSL errors +has been lowered from "crit" to "info". + + + + + +соединения могли зависать, если nginx был собран на Linux 2.6.17 и новее, +а использовался на системах без поддержки EPOLLRDHUP, в частности, на +системах с эмуляцией epoll; +ошибка появилась в 1.17.5. +Спасибо Marcus Ball. + + +connections might hang if nginx was built on Linux 2.6.17 or newer, +but was used on systems without EPOLLRDHUP support, notably with epoll +emulation layers; +the bug had appeared in 1.17.5. +Thanks to Marcus Ball. + + + + + +nginx не кэшировал ответ, +если строка заголовка ответа "Expires" запрещала кэширование, +а последующая строка заголовка "Cache-Control" разрешала кэширование. + + +nginx did not cache the response +if the "Expires" response header line disabled caching, +but following "Cache-Control" header line enabled caching. + + + + + + ___ nginx-devel mailing list -- nginx-devel@nginx.org To unsubscribe send an email to nginx-devel-le...@nginx.org
[nginx] Updated OpenSSL used for win32 builds.
details: https://hg.nginx.org/nginx/rev/c4e1c97098e1 branches: changeset: 8049:c4e1c97098e1 user: Maxim Dounin date: Tue Jun 21 17:09:34 2022 +0300 description: Updated OpenSSL used for win32 builds. diffstat: misc/GNUmakefile | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diffs (12 lines): diff -r 70365b6fe5f4 -r c4e1c97098e1 misc/GNUmakefile --- a/misc/GNUmakefile Mon Jun 20 19:30:50 2022 +0300 +++ b/misc/GNUmakefile Tue Jun 21 17:09:34 2022 +0300 @@ -6,7 +6,7 @@ TEMP = tmp CC = cl OBJS = objs.msvc8 -OPENSSL = openssl-1.1.1o +OPENSSL = openssl-1.1.1p ZLIB = zlib-1.2.12 PCRE = pcre2-10.39 ___ nginx-devel mailing list -- nginx-devel@nginx.org To unsubscribe send an email to nginx-devel-le...@nginx.org
Re: nginx-1.23.0 changes draft
Hello, On 21/06/2022 5:27 AM, Maxim Dounin wrote: *) Bugfix: connections might hang if nginx was build on Linux 2.6.17 or was built -- Konstantin Pavlov Principal Consultant https://www.nginx.com ___ nginx-devel mailing list -- nginx-devel@nginx.org To unsubscribe send an email to nginx-devel-le...@nginx.org
[PATCH] Linux packages: updated the supported architectures for RHEL
# HG changeset patch # User Konstantin Pavlov # Date 1655109191 -14400 # Mon Jun 13 12:33:11 2022 +0400 # Node ID 40d40af45ac85339025b171c53033665a3632ee0 # Parent 5eb32d26a584e0364950390fa570595f0a2f772d Linux packages: updated the supported architectures for RHEL. diff -r 5eb32d26a584 -r 40d40af45ac8 xml/en/linux_packages.xml --- a/xml/en/linux_packages.xml Fri Jun 03 20:16:00 2022 +0400 +++ b/xml/en/linux_packages.xml Mon Jun 13 12:33:11 2022 +0400 @@ -7,7 +7,7 @@ + rev="75"> @@ -28,7 +28,7 @@ versions: 7.4+ -x86_64, ppc64le, aarch64/arm64 +x86_64, aarch64/arm64 @@ -38,7 +38,7 @@ versions: 9.x -x86_64, aarch64/arm64 +x86_64, aarch64/arm64, s390x diff -r 5eb32d26a584 -r 40d40af45ac8 xml/ru/linux_packages.xml --- a/xml/ru/linux_packages.xml Fri Jun 03 20:16:00 2022 +0400 +++ b/xml/ru/linux_packages.xml Mon Jun 13 12:33:11 2022 +0400 @@ -7,7 +7,7 @@ + rev="75"> @@ -28,7 +28,7 @@ 7.4+ -x86_64, ppc64le, aarch64/arm64 +x86_64, aarch64/arm64 @@ -38,7 +38,7 @@ 9.x -x86_64, aarch64/arm64 +x86_64, aarch64/arm64, s390x ___ nginx-devel mailing list -- nginx-devel@nginx.org To unsubscribe send an email to nginx-devel-le...@nginx.org
Re: Alpine v3.16 package files not found
Hi John, everyone, On 24/05/2022 3:28 PM, John Pfuntner -X (jpfuntne - EASI LLC at Cisco) via nginx wrote: Oh, of course. I didn't even notice we had jumped to 3.16! We just start with alpine:latest as the base image and picked up the new release. Thank you for the quick response, Konstantin. Alpine 3.16 packages are now live on nginx.org repos: - stable https://nginx.org/packages/alpine/v3.16/main/ - mainline https://nginx.org/packages/mainline/alpine/v3.16/main/ The installation instructions are as usual on https://nginx.org/en/linux_packages.html Have a good one, -- Konstantin Pavlov Principal Consultant https://www.nginx.com ___ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org
[nginx] release-1.22.0 tag
details: https://hg.nginx.org/nginx/rev/2d3ed138ce65 branches: stable-1.22 changeset: 8016:2d3ed138ce65 user: Maxim Dounin date: Tue May 24 02:59:19 2022 +0300 description: release-1.22.0 tag diffstat: .hgtags | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diffs (8 lines): diff -r f669c9c2a617 -r 2d3ed138ce65 .hgtags --- a/.hgtags Tue May 24 02:59:18 2022 +0300 +++ b/.hgtags Tue May 24 02:59:19 2022 +0300 @@ -467,3 +467,4 @@ 2217a9c1d0b86026f22700b3c089545db1964f55 39be8a682c58308d9399cddd57e37f9fdb7bdf3e release-1.21.4 d986378168fd4d70e0121cabac274c560cca9bdf release-1.21.5 714eb4b2c09e712fb2572a2164ce2bf67638ccac release-1.21.6 +f669c9c2a617d80daf753e012265ab5290df0d9b release-1.22.0 ___ nginx-devel mailing list -- nginx-devel@nginx.org To unsubscribe send an email to nginx-devel-le...@nginx.org
[nginx] nginx-1.22.0-RELEASE
details: https://hg.nginx.org/nginx/rev/f669c9c2a617 branches: stable-1.22 changeset: 8015:f669c9c2a617 user: Maxim Dounin date: Tue May 24 02:59:18 2022 +0300 description: nginx-1.22.0-RELEASE diffstat: docs/xml/nginx/changes.xml | 14 ++ 1 files changed, 14 insertions(+), 0 deletions(-) diffs (24 lines): diff -r adbfc4fb948c -r f669c9c2a617 docs/xml/nginx/changes.xml --- a/docs/xml/nginx/changes.xmlTue May 24 02:51:49 2022 +0300 +++ b/docs/xml/nginx/changes.xmlTue May 24 02:59:18 2022 +0300 @@ -5,6 +5,20 @@ + + + + +Стабильная ветка 1.22.x. + + +1.22.x stable branch. + + + + + + ___ nginx-devel mailing list -- nginx-devel@nginx.org To unsubscribe send an email to nginx-devel-le...@nginx.org
[nginx] Updated OpenSSL and zlib used for win32 builds.
details: https://hg.nginx.org/nginx/rev/adbfc4fb948c branches: stable-1.22 changeset: 8014:adbfc4fb948c user: Maxim Dounin date: Tue May 24 02:51:49 2022 +0300 description: Updated OpenSSL and zlib used for win32 builds. diffstat: misc/GNUmakefile | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diffs (14 lines): diff -r dbf18f45a2b6 -r adbfc4fb948c misc/GNUmakefile --- a/misc/GNUmakefile Fri Feb 04 13:29:31 2022 +0300 +++ b/misc/GNUmakefile Tue May 24 02:51:49 2022 +0300 @@ -6,8 +6,8 @@ TEMP = tmp CC = cl OBJS = objs.msvc8 -OPENSSL = openssl-1.1.1m -ZLIB = zlib-1.2.11 +OPENSSL = openssl-1.1.1o +ZLIB = zlib-1.2.12 PCRE = pcre2-10.39 ___ nginx-devel mailing list -- nginx-devel@nginx.org To unsubscribe send an email to nginx-devel-le...@nginx.org
[nginx] Year 2022.
details: https://hg.nginx.org/nginx/rev/dbf18f45a2b6 branches: stable-1.22 changeset: 8013:dbf18f45a2b6 user: Sergey Kandaurov date: Fri Feb 04 13:29:31 2022 +0300 description: Year 2022. diffstat: docs/text/LICENSE | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diffs (11 lines): diff -r c32b775633d3 -r dbf18f45a2b6 docs/text/LICENSE --- a/docs/text/LICENSE Tue May 24 02:55:29 2022 +0300 +++ b/docs/text/LICENSE Fri Feb 04 13:29:31 2022 +0300 @@ -1,6 +1,6 @@ /* * Copyright (C) 2002-2021 Igor Sysoev - * Copyright (C) 2011-2021 Nginx, Inc. + * Copyright (C) 2011-2022 Nginx, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without ___ nginx-devel mailing list -- nginx-devel@nginx.org To unsubscribe send an email to nginx-devel-le...@nginx.org
[nginx] Stable branch.
details: https://hg.nginx.org/nginx/rev/c32b775633d3 branches: stable-1.22 changeset: 8012:c32b775633d3 user: Maxim Dounin date: Tue May 24 02:55:29 2022 +0300 description: Stable branch. diffstat: src/core/nginx.h | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diffs (14 lines): diff -r 56ead48cfe88 -r c32b775633d3 src/core/nginx.h --- a/src/core/nginx.h Tue Jan 25 18:03:52 2022 +0300 +++ b/src/core/nginx.h Tue May 24 02:55:29 2022 +0300 @@ -9,8 +9,8 @@ #define _NGINX_H_INCLUDED_ -#define nginx_version 1021006 -#define NGINX_VERSION "1.21.6" +#define nginx_version 1022000 +#define NGINX_VERSION "1.22.0" #define NGINX_VER "nginx/" NGINX_VERSION #ifdef NGX_BUILD ___ nginx-devel mailing list -- nginx-devel@nginx.org To unsubscribe send an email to nginx-devel-le...@nginx.org
[nginx] Updated OpenSSL and zlib used for win32 builds.
details: https://hg.nginx.org/nginx/rev/8a54733c9d12 branches: changeset: 8011:8a54733c9d12 user: Maxim Dounin date: Tue May 24 02:51:49 2022 +0300 description: Updated OpenSSL and zlib used for win32 builds. diffstat: misc/GNUmakefile | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diffs (14 lines): diff -r 35afae4b3dff -r 8a54733c9d12 misc/GNUmakefile --- a/misc/GNUmakefile Fri Apr 29 17:38:01 2022 +0400 +++ b/misc/GNUmakefile Tue May 24 02:51:49 2022 +0300 @@ -6,8 +6,8 @@ TEMP = tmp CC = cl OBJS = objs.msvc8 -OPENSSL = openssl-1.1.1m -ZLIB = zlib-1.2.11 +OPENSSL = openssl-1.1.1o +ZLIB = zlib-1.2.12 PCRE = pcre2-10.39 ___ nginx-devel mailing list -- nginx-devel@nginx.org To unsubscribe send an email to nginx-devel-le...@nginx.org
Re: Alpine v3.16 package files not found
Hi John, On 24/05/2022 3:07 PM, John Pfuntner -X (jpfuntne - EASI LLC at Cisco) via nginx wrote: My team builds an NGINX Docker image every morning on Alpine v3.16 and this today the package files could not be found at https://nginx.org/packages/mainline/alpine/ <https://nginx.org/packages/mainline/alpine/>. Previous builds were fine. Alpine 3.16 was released only yesterday so we naturally had no chance to build repos and packages for that distribution just yet. Will the Alpine v3.16 directory be available soon? Sure, I expect them to be published this or next week. Have a good one, -- Konstantin Pavlov Principal Consultant https://www.nginx.com ___ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org
Re: EL 9 RPMs and SRPMs
Hello! On 23/05/2022 7:14 AM, Thomas Stephen Lee wrote: Hi, Now that Red Hat has released EL 9, please provide SRPMs and RPMs for EL 9. The Red Hat clones like Rocky and Amla will also be released soon. We want to test the Nginx installation before putting it into production. RHEL 9 packages are now published for both mainline and stable versions, enjoy: stable: https://nginx.org/packages/rhel/9/ mainline: https://nginx.org/packages/mainline/rhel/9/ website docs on https://nginx.org/en/linux_packages.html will follow shortly. Thanks, -- Konstantin Pavlov https://www.nginx.com ___ nginx-devel mailing list -- nginx-devel@nginx.org To unsubscribe send an email to nginx-devel-le...@nginx.org
Re: EL 9 RPMs and SRPMs
Hello! On 19/05/2022 9:41 AM, Thomas Stephen Lee wrote: Hi, Now that Red Hat has released EL 9, please provide SRPMs and RPMs for EL 9 RHEL 9 packages are now published for both mainline and stable versions, enjoy: stable: https://nginx.org/packages/rhel/9/ mainline: https://nginx.org/packages/mainline/rhel/9/ website docs on https://nginx.org/en/linux_packages.html will follow shortly. Thanks, -- Konstantin Pavlov Principal Consultant https://www.nginx.com ___ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org
Re: NGINX RPMs for RHEL 8 arm64?
Hi John, Regarding the RHEL 8 aarch64 packages - they're now available at the expected place - thanks! For Debian 9, it's not possible since the distribution is officially EOL by the vendor (LTS is not an official security support), so we don't build nginx packages for that operating system anymore. Please use Debian 10 and Debian 11 instead. Have a great day, 20.09.2021 22:36, John Pfuntner -X (jpfuntne - EASI LLC at Cisco) wrote: > I noticed that Debian 9 doesn’t have arm64 packages at > https://nginx.org/packages/mainline/debian/dists/stretch/nginx/ > <https://nginx.org/packages/mainline/debian/dists/stretch/nginx/> > either. I was able to get nginx installed but it installed an old > version (1.10.3) which came from the regular Debian package sources but > I want a newer version. Debian 10 has arm64 packages at > https://nginx.org/packages/mainline/debian/dists/buster/nginx/ > <https://nginx.org/packages/mainline/debian/dists/buster/nginx/>. Can > the arm64 packages be made available for Debian 9? > > > > *From:* nginx *On Behalf Of *John Pfuntner -X > (jpfuntne - EASI LLC at Cisco) > *Sent:* Monday, September 20, 2021 9:18 AM > *To:* nginx@nginx.org > *Subject:* NGINX RPMs for RHEL 8 arm64? > > > > I am trying to install NGINX from package files (*.rpm, *.deb) on > various arm64 Linux distros and the RPMs are not available for RHEL 8 at > https://nginx.org/packages/mainline/rhel/8/ > <https://nginx.org/packages/mainline/rhel/8/>. RPMs are available for > RHEL 7 and CentOS 8 at their respective URLs so I was disappointed that > they are missing for RHEL 8. > > > > Are there plans for provide RPMs for RHEL 8 arm64? Are there issues > with providing the RPMs? > -- Konstantin Pavlov https://www.nginx.com/ ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: NGINX Docs - where to submit change suggestions ?
Hi Laura, 05.08.2021 13:41, Konstantin Pavlov wrote: > Hi Laura, > > 05.08.2021 13:01, Laura Smith wrote: >> Hi >> >> Any ideas where change suggestions for docs should be submitted ? >> Specifically this page: http://nginx.org/en/linux_packages.html#Debian > > Here is fine. > >> The instructions presented are not inline with Debian best-practices. The page has been updated to conform to best practices for Debian and Ubuntu. Thanks! -- Konstantin Pavlov https://www.nginx.com/ ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: NGINX Docs - where to submit change suggestions ?
Hi Laura, 05.08.2021 13:01, Laura Smith wrote: > Hi > > Any ideas where change suggestions for docs should be submitted ? > Specifically this page: http://nginx.org/en/linux_packages.html#Debian Here is fine. > The instructions presented are not inline with Debian best-practices. > > As per https://wiki.debian.org/DebianRepository/UseThirdParty: > "The key MUST be downloaded over a secure mechanism like HTTPS to a location > only writable by root, which SHOULD be /usr/share/keyrings. The key MUST NOT > be placed in /etc/apt/trusted.gpg.d or loaded by apt-key add. A sources.list > entry SHOULD have the signed-by option set. The signed-by entry MUST point to > a file, and not a fingerprint." Yeah, I think it makes sense to rework it. I'll prepare the patches - thanks for the notification! Relevant reading: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861695 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877012 Have a good day, -- Konstantin Pavlov https://www.nginx.com/ ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: SRPM for 1.20.1 for RHEL 7
Hi Tushar, 22.07.2021 08:44, Tushar Bankar wrote: > Hi > > > > I am looking for a SRPM of nginx ver: 1.20.1 for rhel7. > > Can anybody please share the link of the same, I was looking at > following link, however not found: > https://nginx.org/packages/rhel/7/SRPMS/ Thanks for your mail. Please update the page - source rpms should be there now. Have a great day, -- Konstantin Pavlov https://www.nginx.com/ ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: nginx-1.20.1-2 now requires openssl11-libs to run (centos7)?
Hi Saber, 06.07.2021 22:56, sa...@planethoster.info wrote: > Hi, > > We are using nginx from the official nginx.org <http://nginx.org> yum > repos for centos7. > > nginx-1.20.1-1.el7.ngx.x86_64 —> is running fine > nginx-1.20.1-2.el7.ngx.x86_64 —> complains about libssl.so.1.1 > > "nginx: /usr/sbin/nginx: error while loading shared libraries: > libssl.so.1.1: cannot open shared object file: No such file or directory” > > > Installed openssl11-libs from epel7 and it’s now ok. > > Since when openssl11 is required to run nginx on centos 7? Is it a > normal behaviour or a bug? nginx-1.20.1-2.el7.ngx.x86_64 is not something we ship from nginx.org. You probably mean nginx-1.20.1-2.el7.x86_64, which is available on EPEL, and it indeed has such a dependency. -- Konstantin Pavlov https://www.nginx.com/ ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Add s390x support for NGINX linux packages
Hi Siddesh, 04.06.2021 07:53, Siddesh Sangodkar wrote: > Hi All, > > As seen from downloads > package <http://nginx.org/en/linux_packages.html>here > <http://nginx.org/en/linux_packages.html>. the Apt repo/rpms are not yet > available for s390x architecture. > Wanted to know if there is any work going on/planned to provide nginx in > form of linux packages for s390x architecture? > Any pointers will be helpful. There are no plans for s390x to be a supported architecture for nginx.org packages. However the packaging sources are available as per http://nginx.org/en/linux_packages.html#sourcepackages and it should be possible to build those manually if you need to - e.g. it's known that Debian and Alpine packages require no modifications to build and work on that architecture. Have a good day, -- Konstantin Pavlov https://www.nginx.com/ ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: пакеты для ARM64
Добрый день, 31.12.2020 12:34, Konstantin Pavlov wrote: > Да, не было запросов конкретно на CentOS 7 aarch64 и мы их вообще не > собирали. > > К тому же, в CentOS 7 это не официально поддерживаемая архитектура - их > собирает AltArch SIG. > Для RHEL 7 похоже в AWS EC2 Red Hat тоже arm64 AMI не выкладывают (в > отличие от RHEL 8) -- так что перспективы добавления этой ОС/архитектуры > в наши сборки довольно туманны. Туман рассеялся и теперь пакеты mainline/stable для RHEL/CentOS 7 на aarch64 доступны в репозиториях на nginx.org. -- Konstantin Pavlov https://www.nginx.com/ ___ nginx-ru mailing list nginx-ru@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-ru
Re: пакеты для ARM64
Здравствуйте, 30.12.2020 19:30, Илья Шипицин wrote: > привет! > > > http://nginx.org/packages/mainline/centos/7/aarch64/repodata/repomd.xml > <http://nginx.org/packages/mainline/centos/7/aarch64/repodata/repomd.xml>: > [Errno 14] HTTP Error 404 - Not Found > Trying other mirror. > > (ну и файлов реально нет) > > не было спроса на arm64 ? Да, не было запросов конкретно на CentOS 7 aarch64 и мы их вообще не собирали. К тому же, в CentOS 7 это не официально поддерживаемая архитектура - их собирает AltArch SIG. Для RHEL 7 похоже в AWS EC2 Red Hat тоже arm64 AMI не выкладывают (в отличие от RHEL 8) -- так что перспективы добавления этой ОС/архитектуры в наши сборки довольно туманны. -- Konstantin Pavlov https://www.nginx.com/ ___ nginx-ru mailing list nginx-ru@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-ru
Re: Ubuntu repo disappeared
Hi Marcin, 08.12.2020 17:09, Marcin Gozdalik wrote: > Hello > > It seems that http://nginx.org/packages/ubuntu/ has disappeared. It > returns 404 although the URL is documented as official at > http://nginx.org/en/linux_packages.html#Ubuntu > > Any chance of bringing it back? Thanks for notification - indeed, we've been doing some maintenance work on mirrors and those got moved away. They're now restored, can you please check if they work fine on your side? -- Konstantin Pavlov https://www.nginx.com/ ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: [no subject]
Hello, I don't have a SLES12 SP3 machine easily available, but on the latest SLES12 SP5 this dependency is provided via libopenssl1_0_0 package: $ zypper info libopenssl1_0_0: Information for package libopenssl1_0_0: Repository : SLES12-SP5-Updates Name : libopenssl1_0_0 Version: 1.0.2p-3.27.1 Arch : x86_64 Vendor : SUSE LLC <https://www.suse.com/> Support Level : Level 3 Installed Size : 3.0 MiB Installed : Yes (automatically) Status : out-of-date (version 1.0.2p-3.14.1 installed) Source package : openssl-1_0_0-1.0.2p-3.27.1.src Summary: Secure Sockets and Transport Layer Security Description: OpenSSL is a software library to be used in applications that need to secure communications over computer networks against eavesdropping or need to ascertain the identity of the party at the other end. OpenSSL contains an implementation of the SSL and TLS protocols. You should look into whether it's possible to install it on SP3, or consider updating to SP5. Hope this helps, 08.12.2020 12:44, Rejaine Silveira Monteiro wrote: > > (sorry for the email without subject) > i am using sles12 sp3 > > > > Em ter., 8 de dez. de 2020 às 06:36, Konstantin Pavlov <mailto:thr...@nginx.com>> escreveu: > > Hello, > > 08.12.2020 12:26, Rejaine Silveira Monteiro wrote: > > Hi, > > > > I'm trying to update nginx by following the instructions on this link: > > > > https://nginx.org/en/linux_packages.html?_ga=2.188654056.174434793.1607418558-7036704.1590689345#SLES > > > > # zypper addrepo --gpgcheck --type yum --refresh --check \ > > 'http://nginx.org/packages/sles12' nginx-stable > > # curl -o /tmp/nginx_signing.key > https://nginx.org/keys/nginx_signing.key > > # gpg --with-fingerprint /tmp/nginx_signing.key > > # zypper install nginx > > > > all the steps described were performed, but there is an error with > > libcrypt.so (but libcrypto.so.1.0.0 it is installed on my server) > > > > Problem: nothing provides libcrypto.so.1.0.0(OPENSSL_1.0.0)(64bit) > > needed by nginx-1.18.0-2.sles12.ngx.x86_64 > > Solution 1: do not install nginx-1.18.0-2.sles12.ngx.x86_64 > > Solution 2: break nginx-1.18.0-2.sles12.ngx.x86_64 by ignoring some > > of its dependencies > > Choose from above solutions by number or cancel [1/2/c] (c): > > > > I tried to install the stable and mainline packages. And my server > > already has libcrypto installed > > (libopenssl1_0_0-1.0.2j-60.52.1.x86_64) > > > > # whereis libcrypto.so.1.0.0 > > libcrypto.so.1.0: /usr/lib64/libcrypto.so.1.0.0 > > /lib/libcrypto.so.1.0.0 /lib64/libcrypto.so.1.0.0 > > > > Any idea? > > > > What exact version of SLES 12 are you running? > > -- > Konstantin Pavlov > https://www.nginx.com/ > > > /Esta mensagem pode conter informações confidenciais ou privilegiadas, > sendo seu sigilo protegido por lei. Se você não for o destinatário ou a > pessoa autorizada a receber esta mensagem, não pode usar, copiar ou > divulgar as informações nela contidas ou tomar qualquer ação baseada > nessas informações. Se você recebeu esta mensagem por engano, por favor > avise imediatamente ao remetente, respondendo o e-mail e em seguida > apague-o. Agradecemos sua cooperação./ -- Konstantin Pavlov https://www.nginx.com/ ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: [no subject]
Hello, 08.12.2020 12:26, Rejaine Silveira Monteiro wrote: > Hi, > > I'm trying to update nginx by following the instructions on this link: > https://nginx.org/en/linux_packages.html?_ga=2.188654056.174434793.1607418558-7036704.1590689345#SLES > > # zypper addrepo --gpgcheck --type yum --refresh --check \ > 'http://nginx.org/packages/sles12' nginx-stable > # curl -o /tmp/nginx_signing.key https://nginx.org/keys/nginx_signing.key > # gpg --with-fingerprint /tmp/nginx_signing.key > # zypper install nginx > > all the steps described were performed, but there is an error with > libcrypt.so (but libcrypto.so.1.0.0 it is installed on my server) > > Problem: nothing provides libcrypto.so.1.0.0(OPENSSL_1.0.0)(64bit) > needed by nginx-1.18.0-2.sles12.ngx.x86_64 > Solution 1: do not install nginx-1.18.0-2.sles12.ngx.x86_64 > Solution 2: break nginx-1.18.0-2.sles12.ngx.x86_64 by ignoring some > of its dependencies > Choose from above solutions by number or cancel [1/2/c] (c): > > I tried to install the stable and mainline packages. And my server > already has libcrypto installed > (libopenssl1_0_0-1.0.2j-60.52.1.x86_64) > > # whereis libcrypto.so.1.0.0 > libcrypto.so.1.0: /usr/lib64/libcrypto.so.1.0.0 > /lib/libcrypto.so.1.0.0 /lib64/libcrypto.so.1.0.0 > > Any idea? > What exact version of SLES 12 are you running? -- Konstantin Pavlov https://www.nginx.com/ ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Not able to install nginx on AWS AMI
Hello, It seems you've launched Amazon Linux 2 instead of CentOS 8 AMI. We don't provide nginx packages for that operating system on nginx.org. 14.10.2020 12:22, electrotwelve wrote: > Hi, I spun up an AWS AMI and followed this guide to install nginx: > http://nginx.org/en/linux_packages.html#RHEL-CentOS > > However, when I try to install I get the following error: > > Loaded plugins: extras_suggestions, langpacks, priorities, update-motd > amzn2-core > >| 3.7 kB 00:00:00 > amzn2extra-docker > >| 3.0 kB 00:00:00 > http://nginx.org/packages/centos/2/x86_64/repodata/repomd.xml: [Errno 14] > HTTP Error 404 - Not Found > Trying other mirror. > -- Konstantin Pavlov https://www.nginx.com/ ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: nginx 1.18.0 ест всю память и swap на Ubuntu Server 20.04.1 LTS
Здравствуйте, 01.09.2020 21:59, Alexey Galygin wrote: > действительно > > Dockerfile обновился, но docker оказывается сам его не отслеживает и не > перекачивает > обновление с той же версией можно обновить — docker pull nginx:1.18.0 > > и тогда пришёл новый докерфайл/image — иначе всё из кэша бралось > ENV NJS_VERSION 0.4.2 > > бэст-практика для прода фиксировать версию, а не использовать latest тут не > сработала: > кто бы мог предположить, что возможны правки в том, чего вроде как и не > ожидаешь (в Dockerfile привязанном тегом к конкретной версии), что может тихо > измениться (то что вроде бы должно намертво фиксироваться) > и это ведь неочевидно, интуитивно отбрасывается и не учитывается при поиске > проблем… > Более того, версии зависимостей могут быть обновлены в новом image даже если изменений в Dockerfile не было - официальные образа мантейнеры официальной библиотеки docker hub (т.е. не мы) пересобирают периодически для закрытия различных CVE. Я могу только рекомендовать не брать ничего из docker hub, а пересобирать и держать все используемые образа в локальном registry. -- Konstantin Pavlov https://www.nginx.com/ ___ nginx-ru mailing list nginx-ru@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-ru
Re: aarch64 packages for other Linux flavors
Hello Emilio, 29.05.2020 10:23, Emilio Fernandes wrote: > Hi Konstantin, > > I guess you follow the GitHub issue but just in case: Mike Crute just > announced a beta AMI for > Alpine: > https://github.com/mcrute/alpine-ec2-ami/issues/28#issuecomment-635618625 > If there are no major issues he will release an official one next week. Indeed, we do follow this issue - rest assured we're going to use the release when it happens. That being said, it seems the needed kernel changes for the AMI to boot will only be there for 3.12, which means we're going to be limited to that Alpine version for ARM builds if not backported to previous releases. Thanks! -- Konstantin Pavlov https://www.nginx.com/ ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: aarch64 packages for other Linux flavors
Hi Emilio, 15.04.2020 14:21, Emilio Fernandes wrote: > Our policy is to provide packages for officially upstream-supported > distributions. > > > https://wiki.centos.org/FAQ/General#What_architectures_are_supported.3F > states that they only support x86_64, and aarch64 is unofficial. > > > Here is something you may find interesting. > https://github.com/varnishcache/varnish-cache/pull/3263 - a PR I've > created for Varnish Cache > project.<https://github.com/varnishcache/varnish-cache/pull/3263> > It is based on Docker + QEMU and builds packages for different > versions of Debian/Ubuntu/Centos/Alpine for both x64 and aarch64. > > > Nice work, Martin! > > @Konstantin: any idea when the new aarch64 packages will be available ? > May we help you somehow ? I've just published RHEL8/CentOS8 aarch64 packages for nginx stable on http://nginx.org/packages/rhel/8/aarch64/. The mainline will follow the suit soon, as well as proper documentation on http://nginx.org/en/linux_packages.html. With Alpine, it is proving to be more difficult than we thought, as there are problems runing those on AWS EC2 which we use on our build farm: https://github.com/mcrute/alpine-ec2-ami/issues/28 . -- Konstantin Pavlov https://www.nginx.com/ ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Hardening nginx.service with systemd
Hi, Thank you for your contribution! 26.03.2020 16:37, Dulmandakh Sukhbaatar wrote: > Hello, > > I would like to propose to harden nginx.service with systems configurations, > and this change uses PrivateDevices=yes, PrivateTmp=yes and > ProtectSystem=full configs. And here are excerpts from man systemd.exec man > page. > > PrivateDevices=yes > sets up a new /dev mount for the executed processes and only adds API pseudo > devices such as /dev/null, /dev/zero or /dev/random (as well as the pseudo > TTY subsystem) to it, but no physical devices such as /dev/sda, system memory > /dev/mem, system ports /dev/port and others On my Debian system: $ id nginx uid=112(nginx) gid=121(nginx) groups=121(nginx) $ /bin/ls -la /dev/mem /dev/sda /dev/port crw-r- 1 root kmem 1, 1 Mar 30 20:26 /dev/mem crw-r- 1 root kmem 1, 4 Mar 30 20:26 /dev/port brw-rw 1 root disk 8, 0 Mar 30 20:26 /dev/sda As nginx workers run as unprivileged user, that hardening is already applied as a part of a standard operating system privilege separation. By default nginx master process indeed starts as a root user, but does not do a lot of things which might have a potential security impact. > PrivateTmp=yes > sets up a new file system namespace for the executed processes and mounts > private /tmp and /var/tmp directories inside it that is not shared by > processes outside of the namespace We already had that enabled some time ago, and it caused non-obvious issues with configurations that use /tmp to store temporary files for different reasons. > ProtectSystem=full > mounts the /usr and /boot directories read-only for processes invoked by this > unit. If set to "full", the /etc directory is mounted read-only, too It's effectively read-only as nginx worker processes run under non-privileged users even without that systemd flag, same as for PrivateDevices. > I believe that these configs will harden nginx.service, thus protect OS from > security bugs in nginx. All in all, I believe that kind of configuration hardening might make sense in the specific scenarios, but not something we can enforce on all our users by default. -- Konstantin Pavlov https://www.nginx.com/ ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: aarch64 packages for other Linux flavors
Hello, 10.03.2020 15:50, Emilio Fernandes wrote: > Hi Konstantin, > Thanks for your interest in our packages! > > By CentOS, do you want/need packages built for 8? Asking because I > believe 7 is not officially released for Aarch64 - it's rather a > community build which doesnt fall into something we can support. > > > Yes, CentOS 8 is fine for us! > At http://isoredirect.centos.org/centos/7/isos/ there is "for CentOS 7 > AltArch AArch64" [1]. Is this the one you prefer not to support ? > > 1. https://wiki.centos.org/SpecialInterestGroup/AltArch Our policy is to provide packages for officially upstream-supported distributions. https://wiki.centos.org/FAQ/General#What_architectures_are_supported.3F states that they only support x86_64, and aarch64 is unofficial. -- Konstantin Pavlov https://www.nginx.com/ ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: aarch64 packages for other Linux flavors
Hi Emilio, Martin, 10.03.2020 12:23, Martin Grigorov wrote: > > > On Mon, Mar 9, 2020 at 10:15 AM Emilio Fernandes > mailto:emilio.fernande...@gmail.com>> wrote: > > Hello Nginx team! > > At https://nginx.org/en/linux_packages.html I see that only Ubuntu > LTS versions support and provide packages for aarch64/arm64 > architecture. Is there a chance to provide such for the other OSes > too ? I am particularly interested in the latest versions of CentOS > & Alpine. I know that I could use the packages provided by the OS > but they update the version much later than the official release. > > > +1 for this suggestion from me! Thanks for your interest in our packages! By CentOS, do you want/need packages built for 8? Asking because I believe 7 is not officially released for Aarch64 - it's rather a community build which doesnt fall into something we can support. Thanks again, -- Konstantin Pavlov https://www.nginx.com/ ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: nginx 1.17.9-1~bionic - 400 error
Hi Roland, 04.03.2020 22:54, roland-brie...@web.de wrote: > Hey Guys. > After todays update to nginx 1.17.9-1~bionic all my websites crashes > into 400 error. > Going back to nginx 1.17.8-1~bionic and all websites works ok. > What can i do? I would like to try and reproduce the issue you're having since I'm responsible for the nginx packages we build and ship. Would it be possible for you to have a dump of configuration (via nginx -T) sent here or privately? If it contains private information or cannot be stripped of sensitive things, can you provide something minimal that you can reproduce the problem with? Thank you, -- Konstantin Pavlov https://www.nginx.com/ ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Using Yubikey/PKCS11 for Upstream Client Certificates
Hi Erik,
I've been enable to use an yubikey neo to store a server key and utilize
them via pkcs11 engine in nginx some time ago. I didnt check the
upstream connection, since I only cared about front-end.
And as I only had a yubikey neo instead of a proper HSM, it turned out
to be a crypto deccelerator. :-)
I've took some notes on implementing it at http://thre.sh/yub.txt, hope
this helps.
04.02.2020 20:14, erik wrote:
> Specifically, I'd like to know if the proxy_ssl_certificate and
> proxy_ssl_certificate_key directives can support RFC-7512 PKCS#11 URIs, or
> whether they're hardwired to be just local file paths.
>
> With my private key in hardware, I'm looking for the ability to point nginx
> to something like:
>
> location /upstream {
> proxy_passhttps://backend.example.com;
> proxy_ssl_certificate /etc/nginx/client.pem;
> proxy_ssl_certificate_key
> 'pkcs11:type=private;token=some_token;object=username%40example.org';
> }
>
> Cheers,
> Erik van Zijst
>
> Posted at Nginx Forum:
> https://forum.nginx.org/read.php?2,286922,286930#msg-286930
>
> ___
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
--
Konstantin Pavlov
https://www.nginx.com/
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Re: Is Nginx being tested on ARM architecture ?
Hi Martin, Hope all is well. 23.01.2020 23:26, Martin Grigorov wrote: > Hello Nginx developers, > > I was not able to find any information what continous integration (CI) > Nginx project is using. > I'd like to ask whether you run a CI server/agent on ARM 32/64 > architecture ? Indeed there is no public information on our CI system, and the page you linked rather specifies that we were able to build and test nginx under those targets. Nevertheless, ARM64/aarch64 is indeed a part of our CI, and every nginx/njs/unit revision is built and tested the same way as other supported architectures. Among CI builds, we provide aarch64/ARM64 packages for select linux distributions: http://nginx.org/en/linux_packages.html#distributions . We don't have a CI target for a 32bit arm since its marketshare on server side is pretty much zero and for any real usage 64bit machines are the way to go. > At my job we are going to use more and more ARM64 based servers and we > would like to know whether this is a safe bet with Nginx. > At https://nginx.org/en/index.html > <https://nginx.org/en/index.html#tested_os_and_platforms>#tested_os_and_platforms > I see " Linux 3 — 4 / armv6l, armv7l, aarch64, ppc64le;". Does that mean > that Linux 5.x is not supported/tested or just that this documentation > page needs to be updated ? At the moment we have no targets in our CI system that run aarch64 under Linux kernel 5.x - currently tested are Ubuntu 16.04 (Linux 4.15), Ubuntu 18.04 (also Linux 4.15) and Amazon Linux 2 (Linux 4.14). It seems Ubuntu 20.04 will be released with 5.3.0 this April, so when we have it in our CI it'll be mentioned on the page as well. To sum it up, aarch64 is a good choice wrt nginx usage these days, and it's safe to assume it's not going anywhere. Have a good one, -- Konstantin Pavlov https://www.nginx.com/ ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
