Re: [yocto] [PATCH 5/7][meta-openembedded] Update nginx to 1.9.5
> Am 02.10.2015 um 03:25 schrieb Khem Raj: > > Jens > > >> On Oct 1, 2015, at 11:18 AM, Jens Rehsack wrote: >> >> >> many bux-fixes, optmizations and features added: >> >> Changes with nginx 1.9.5 22 Sep 2015 >> >> [...] >> *) Security: a stack-based buffer overflow might occur in a worker >> process while handling a specially crafted request, potentially >> resulting in arbitrary code execution (CVE-2013-2028); the bug had >> appeared in 1.3.9. >> Thanks to Greg MacManus, iSIGHT Partners Labs. >> > > > This is good info. Although a link to diff in cgit or web view of whatever > SCM nginx uses would have done too. That's simply the Changelog. It's an update, not a fix for a critical issue. Do you really ask me to list each fixed bug from nginx' ticket list? >> Signed-off-by: Jens Rehsack >> [...] >> --- a/meta-webserver/recipes-httpd/nginx/nginx_1.4.4.bb >> +++ /dev/null > > > please user git format-patch -M to let git work harder on detecting renames, > its way easier to review the changes that way > this patch belongs to openembedded-devel list so please resend it there with > prefixing the layer in meta-openembedded repo [meta-webserver] where the > patch is applied. Sure, will do when I have feedback regarding above question. Regarding the other 6 patches - is just the right layer and "-M" missing? Do I have to improve them anyhow (beside what Martin Jansa and Khem criticized: missing description here and there)? >> [...] Cheers -- Jens Rehsack - rehs...@gmail.com -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] [PATCH 5/7][meta-openembedded] Update nginx to 1.9.5
> On Oct 8, 2015, at 7:52 AM, Jens Rehsackwrote: > > >> Am 02.10.2015 um 03:25 schrieb Khem Raj : >> >> Jens >> >> >>> On Oct 1, 2015, at 11:18 AM, Jens Rehsack wrote: >>> >>> >>> many bux-fixes, optmizations and features added: >>> >>> Changes with nginx 1.9.5 22 Sep 2015 >>> >>> [...] >>> *) Security: a stack-based buffer overflow might occur in a worker >>> process while handling a specially crafted request, potentially >>> resulting in arbitrary code execution (CVE-2013-2028); the bug had >>> appeared in 1.3.9. >>> Thanks to Greg MacManus, iSIGHT Partners Labs. >>> >> >> >> This is good info. Although a link to diff in cgit or web view of whatever >> SCM nginx uses would have done too. > > That's simply the Changelog. It's an update, not a fix for a critical issue. > Do you really ask me to list each fixed bug from nginx' ticket list? No, on the contrary, I said if the release published the link for all this changes somewhere then just include the link instead of enumerating changes here. > >>> Signed-off-by: Jens Rehsack >>> [...] >>> --- a/meta-webserver/recipes-httpd/nginx/nginx_1.4.4.bb >>> +++ /dev/null >> >> >> please user git format-patch -M to let git work harder on detecting renames, >> its way easier to review the changes that way >> this patch belongs to openembedded-devel list so please resend it there with >> prefixing the layer in meta-openembedded repo [meta-webserver] where the >> patch is applied. > > Sure, will do when I have feedback regarding above question. > > Regarding the other 6 patches - is just the right layer and "-M" missing? > Do I have to improve them anyhow (beside what Martin Jansa and Khem > criticized: missing description here and there)? > >>> [...] > > Cheers > -- > Jens Rehsack - rehs...@gmail.com > signature.asc Description: Message signed with OpenPGP using GPGMail -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] [PATCH 5/7][meta-openembedded] Update nginx to 1.9.5
> On Oct 8, 2015, at 9:13 AM, Jens Rehsackwrote: > > >> Am 08.10.2015 um 17:05 schrieb Khem Raj : >> [...] This is good info. Although a link to diff in cgit or web view of whatever SCM nginx uses would have done too. >>> >>> That's simply the Changelog. It's an update, not a fix for a critical issue. >>> Do you really ask me to list each fixed bug from nginx' ticket list? >> >> No, on the contrary, I said if the release published the link for all this >> changes somewhere then just include the link >> instead of enumerating changes here. > > Well, the Changelog changes depending what's published. Currently it's > http://nginx.org/en/CHANGES - but when a 1.10 or a 2.0 will be released, > it's going to be http://nginx.org/en/CHANGES-1.9 (but this file currently > doesn't exists :/) > > Aaand - even if http://nginx.org/en/CHANGES-1.9 would exists, it will > include even the changes for a potential 1.9.6, 1.9.7 ... regardless > we have updated to those versions … > sometimes they have them published within the source code repo and that could be used but if thats not the case its ok. > I replace the changelog by any URI you prefer - but I favor for > such circumstances static text ;) > sure. > Cheers > -- > Jens Rehsack - rehs...@gmail.com > signature.asc Description: Message signed with OpenPGP using GPGMail -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] [PATCH 5/7][meta-openembedded] Update nginx to 1.9.5
> Am 08.10.2015 um 18:43 schrieb Khem Raj: > >> >> On Oct 8, 2015, at 9:13 AM, Jens Rehsack wrote: >> >> >>> Am 08.10.2015 um 17:05 schrieb Khem Raj : >>> > [...] > This is good info. Although a link to diff in cgit or web view of > whatever SCM nginx uses would have done too. That's simply the Changelog. It's an update, not a fix for a critical issue. Do you really ask me to list each fixed bug from nginx' ticket list? >>> >>> No, on the contrary, I said if the release published the link for all this >>> changes somewhere then just include the link >>> instead of enumerating changes here. >> >> Well, the Changelog changes depending what's published. Currently it's >> http://nginx.org/en/CHANGES - but when a 1.10 or a 2.0 will be released, >> it's going to be http://nginx.org/en/CHANGES-1.9 (but this file currently >> doesn't exists :/) >> >> Aaand - even if http://nginx.org/en/CHANGES-1.9 would exists, it will >> include even the changes for a potential 1.9.6, 1.9.7 ... regardless >> we have updated to those versions … >> > > sometimes they have them published within the source code repo and that could > be used but if thats not the case its ok. > >> I replace the changelog by any URI you prefer - but I favor for >> such circumstances static text ;) >> > > sure. So I redo my 7 patches with -M and here and there better description and resent. Start of next week or so ... Cheers -- Jens Rehsack - rehs...@gmail.com -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] [PATCH 5/7][meta-openembedded] Update nginx to 1.9.5
many bux-fixes, optmizations and features added: Changes with nginx 1.9.5 22 Sep 2015 *) Feature: the ngx_http_v2_module (replaces ngx_http_spdy_module). Thanks to Dropbox and Automattic for sponsoring this work. *) Change: now the "output_buffers" directive uses two buffers by default. *) Change: now nginx limits subrequests recursion, not simultaneous subrequests. *) Change: now nginx checks the whole cache key when returning a response from cache. Thanks to Gena Makhomed and Sergey Brester. *) Bugfix: "header already sent" alerts might appear in logs when using cache; the bug had appeared in 1.7.5. *) Bugfix: "writev() failed (4: Interrupted system call)" errors might appear in logs when using CephFS and the "timer_resolution" directive on Linux. *) Bugfix: in invalid configurations handling. Thanks to Markus Linnala. *) Bugfix: a segmentation fault occurred in a worker process if the "sub_filter" directive was used at http level; the bug had appeared in 1.9.4. Changes with nginx 1.9.4 18 Aug 2015 *) Change: the "proxy_downstream_buffer" and "proxy_upstream_buffer" directives of the stream module are replaced with the "proxy_buffer_size" directive. *) Feature: the "tcp_nodelay" directive in the stream module. *) Feature: multiple "sub_filter" directives can be used simultaneously. *) Feature: variables support in the search string of the "sub_filter" directive. *) Workaround: configuration testing might fail under Linux OpenVZ. Thanks to Gena Makhomed. *) Bugfix: old worker processes might hog CPU after reconfiguration with a large number of worker_connections. *) Bugfix: a segmentation fault might occur in a worker process if the "try_files" and "alias" directives were used inside a location given by a regular expression; the bug had appeared in 1.7.1. *) Bugfix: the "try_files" directive inside a nested location given by a regular expression worked incorrectly if the "alias" directive was used in the outer location. *) Bugfix: in hash table initialization error handling. *) Bugfix: nginx could not be built with Visual Studio 2015. Changes with nginx 1.9.3 14 Jul 2015 *) Change: duplicate "http", "mail", and "stream" blocks are now disallowed. *) Feature: connection limiting in the stream module. *) Feature: data rate limiting in the stream module. *) Bugfix: the "zone" directive inside the "upstream" block did not work on Windows. *) Bugfix: compatibility with LibreSSL in the stream module. Thanks to Piotr Sikora. *) Bugfix: in the "--builddir" configure parameter. Thanks to Piotr Sikora. *) Bugfix: the "ssl_stapling_file" directive did not work; the bug had appeared in 1.9.2. Thanks to Faidon Liambotis and Brandon Black. *) Bugfix: a segmentation fault might occur in a worker process if the "ssl_stapling" directive was used; the bug had appeared in 1.9.2. Thanks to Matthew Baldwin. Changes with nginx 1.9.2 16 Jun 2015 *) Feature: the "backlog" parameter of the "listen" directives of the mail proxy and stream modules. *) Feature: the "allow" and "deny" directives in the stream module. *) Feature: the "proxy_bind" directive in the stream module. *) Feature: the "proxy_protocol" directive in the stream module. *) Feature: the -T switch. *) Feature: the REQUEST_SCHEME parameter added to the fastcgi.conf, fastcgi_params, scgi_params, and uwsgi_params standard configuration files. *) Bugfix: the "reuseport" parameter of the "listen" directive of the stream module did not work. *) Bugfix: OCSP stapling might return an expired OCSP response in some cases. Changes with nginx 1.9.1 26 May 2015 *) Change: now SSLv3 protocol is disabled by default. *) Change: some long deprecated directives are not supported anymore. *) Feature: the "reuseport" parameter of the "listen" directive. Thanks to Yingqi Lu at Intel and Sepherosa Ziehau. *) Feature: the $upstream_connect_time variable. *) Bugfix: in the "hash" directive on big-endian platforms. *) Bugfix: nginx might fail to start on some old Linux variants; the bug had appeared in 1.7.11. *) Bugfix: in IP address parsing. Thanks to Sergey Polovko. Changes with nginx 1.9.0 28 Apr 2015 *) Change: obsolete aio and rtsig event methods have been removed. *) Feature: the "zone" directive inside the "upstream" block. *) Feature: the stream module. *) Feature: byte
Re: [yocto] [PATCH 5/7][meta-openembedded] Update nginx to 1.9.5
Jens > On Oct 1, 2015, at 11:18 AM, Jens Rehsackwrote: > > > many bux-fixes, optmizations and features added: > > Changes with nginx 1.9.5 22 Sep 2015 > >*) Feature: the ngx_http_v2_module (replaces ngx_http_spdy_module). > Thanks to Dropbox and Automattic for sponsoring this work. > >*) Change: now the "output_buffers" directive uses two buffers by > default. > >*) Change: now nginx limits subrequests recursion, not simultaneous > subrequests. > >*) Change: now nginx checks the whole cache key when returning a > response from cache. > Thanks to Gena Makhomed and Sergey Brester. > >*) Bugfix: "header already sent" alerts might appear in logs when using > cache; the bug had appeared in 1.7.5. > >*) Bugfix: "writev() failed (4: Interrupted system call)" errors might > appear in logs when using CephFS and the "timer_resolution" directive > on Linux. > >*) Bugfix: in invalid configurations handling. > Thanks to Markus Linnala. > >*) Bugfix: a segmentation fault occurred in a worker process if the > "sub_filter" directive was used at http level; the bug had appeared > in 1.9.4. > > Changes with nginx 1.9.4 18 Aug 2015 > >*) Change: the "proxy_downstream_buffer" and "proxy_upstream_buffer" > directives of the stream module are replaced with the > "proxy_buffer_size" directive. > >*) Feature: the "tcp_nodelay" directive in the stream module. > >*) Feature: multiple "sub_filter" directives can be used simultaneously. > >*) Feature: variables support in the search string of the "sub_filter" > directive. > >*) Workaround: configuration testing might fail under Linux OpenVZ. > Thanks to Gena Makhomed. > >*) Bugfix: old worker processes might hog CPU after reconfiguration with > a large number of worker_connections. > >*) Bugfix: a segmentation fault might occur in a worker process if the > "try_files" and "alias" directives were used inside a location given > by a regular expression; the bug had appeared in 1.7.1. > >*) Bugfix: the "try_files" directive inside a nested location given by a > regular expression worked incorrectly if the "alias" directive was > used in the outer location. > >*) Bugfix: in hash table initialization error handling. > >*) Bugfix: nginx could not be built with Visual Studio 2015. > > Changes with nginx 1.9.3 14 Jul 2015 > >*) Change: duplicate "http", "mail", and "stream" blocks are now > disallowed. > >*) Feature: connection limiting in the stream module. > >*) Feature: data rate limiting in the stream module. > >*) Bugfix: the "zone" directive inside the "upstream" block did not work > on Windows. > >*) Bugfix: compatibility with LibreSSL in the stream module. > Thanks to Piotr Sikora. > >*) Bugfix: in the "--builddir" configure parameter. > Thanks to Piotr Sikora. > >*) Bugfix: the "ssl_stapling_file" directive did not work; the bug had > appeared in 1.9.2. > Thanks to Faidon Liambotis and Brandon Black. > >*) Bugfix: a segmentation fault might occur in a worker process if the > "ssl_stapling" directive was used; the bug had appeared in 1.9.2. > Thanks to Matthew Baldwin. > > Changes with nginx 1.9.2 16 Jun 2015 > >*) Feature: the "backlog" parameter of the "listen" directives of the > mail proxy and stream modules. > >*) Feature: the "allow" and "deny" directives in the stream module. > >*) Feature: the "proxy_bind" directive in the stream module. > >*) Feature: the "proxy_protocol" directive in the stream module. > >*) Feature: the -T switch. > >*) Feature: the REQUEST_SCHEME parameter added to the fastcgi.conf, > fastcgi_params, scgi_params, and uwsgi_params standard configuration > files. > >*) Bugfix: the "reuseport" parameter of the "listen" directive of the > stream module did not work. > >*) Bugfix: OCSP stapling might return an expired OCSP response in some > cases. > > Changes with nginx 1.9.1 26 May 2015 > >*) Change: now SSLv3 protocol is disabled by default. > >*) Change: some long deprecated directives are not supported anymore. > >*) Feature: the "reuseport" parameter of the "listen" directive. > Thanks to Yingqi Lu at Intel and Sepherosa Ziehau. > >*) Feature: the $upstream_connect_time variable. > >*) Bugfix: in the "hash" directive on big-endian platforms. > >*) Bugfix: nginx might fail to start on some old Linux variants; the bug > had appeared in 1.7.11. > >*) Bugfix: in IP address parsing. > Thanks to Sergey Polovko. > >