Re: [yocto] [PATCH 5/7][meta-openembedded] Update nginx to 1.9.5

2015-10-08 Thread Jens Rehsack 

> Am 02.10.2015 um 03:25 schrieb Khem Raj :
> 
> Jens
> 
> 
>> On Oct 1, 2015, at 11:18 AM, Jens Rehsack  wrote:
>> 
>> 
>> many bux-fixes, optmizations and features added:
>> 
>> Changes with nginx 1.9.5 22 Sep 2015
>> 
>> [...]
>>   *) Security: a stack-based buffer overflow might occur in a worker
>>  process while handling a specially crafted request, potentially
>>  resulting in arbitrary code execution (CVE-2013-2028); the bug had
>>  appeared in 1.3.9.
>>  Thanks to Greg MacManus, iSIGHT Partners Labs.
>> 
> 
> 
> This is good info. Although a link to diff in cgit or web view of whatever 
> SCM nginx uses would have done too.

That's simply the Changelog. It's an update, not a fix for a critical issue.
Do you really ask me to list each fixed bug from nginx' ticket list?

>> Signed-off-by: Jens Rehsack 
>> [...]
>> --- a/meta-webserver/recipes-httpd/nginx/nginx_1.4.4.bb
>> +++ /dev/null
> 
> 
> please user git format-patch -M to let git work harder on detecting renames, 
> its way easier to review the changes that way
> this patch belongs to openembedded-devel list so please resend it there with 
> prefixing the layer in meta-openembedded repo [meta-webserver] where the 
> patch is applied.

Sure, will do when I have feedback regarding above question.

Regarding the other 6 patches - is just the right layer and "-M" missing?
Do I have to improve them anyhow (beside what Martin Jansa and Khem criticized: 
missing description here and there)?

>> [...]

Cheers
-- 
Jens Rehsack - rehs...@gmail.com

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Re: [yocto] [PATCH 5/7][meta-openembedded] Update nginx to 1.9.5

2015-10-08 Thread Khem Raj 

> On Oct 8, 2015, at 7:52 AM, Jens Rehsack  wrote:
> 
> 
>> Am 02.10.2015 um 03:25 schrieb Khem Raj :
>> 
>> Jens
>> 
>> 
>>> On Oct 1, 2015, at 11:18 AM, Jens Rehsack  wrote:
>>> 
>>> 
>>> many bux-fixes, optmizations and features added:
>>> 
>>> Changes with nginx 1.9.5 22 Sep 2015
>>> 
>>> [...]
>>>  *) Security: a stack-based buffer overflow might occur in a worker
>>> process while handling a specially crafted request, potentially
>>> resulting in arbitrary code execution (CVE-2013-2028); the bug had
>>> appeared in 1.3.9.
>>> Thanks to Greg MacManus, iSIGHT Partners Labs.
>>> 
>> 
>> 
>> This is good info. Although a link to diff in cgit or web view of whatever 
>> SCM nginx uses would have done too.
> 
> That's simply the Changelog. It's an update, not a fix for a critical issue.
> Do you really ask me to list each fixed bug from nginx' ticket list?

No, on the contrary, I said if the release published the link for all this 
changes somewhere then just include the link
instead of enumerating changes here.

> 
>>> Signed-off-by: Jens Rehsack 
>>> [...]
>>> --- a/meta-webserver/recipes-httpd/nginx/nginx_1.4.4.bb
>>> +++ /dev/null
>> 
>> 
>> please user git format-patch -M to let git work harder on detecting renames, 
>> its way easier to review the changes that way
>> this patch belongs to openembedded-devel list so please resend it there with 
>> prefixing the layer in meta-openembedded repo [meta-webserver] where the 
>> patch is applied.
> 
> Sure, will do when I have feedback regarding above question.
> 
> Regarding the other 6 patches - is just the right layer and "-M" missing?
> Do I have to improve them anyhow (beside what Martin Jansa and Khem 
> criticized: missing description here and there)?
> 
>>> [...]
> 
> Cheers
> --
> Jens Rehsack - rehs...@gmail.com
> 



signature.asc
Description: Message signed with OpenPGP using GPGMail
-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Re: [yocto] [PATCH 5/7][meta-openembedded] Update nginx to 1.9.5

2015-10-08 Thread Khem Raj 

> On Oct 8, 2015, at 9:13 AM, Jens Rehsack  wrote:
> 
> 
>> Am 08.10.2015 um 17:05 schrieb Khem Raj :
>> 
 [...]
 This is good info. Although a link to diff in cgit or web view of whatever 
 SCM nginx uses would have done too.
>>> 
>>> That's simply the Changelog. It's an update, not a fix for a critical issue.
>>> Do you really ask me to list each fixed bug from nginx' ticket list?
>> 
>> No, on the contrary, I said if the release published the link for all this 
>> changes somewhere then just include the link
>> instead of enumerating changes here.
> 
> Well, the Changelog changes depending what's published. Currently it's
> http://nginx.org/en/CHANGES - but when a 1.10 or a 2.0 will be released,
> it's going to be http://nginx.org/en/CHANGES-1.9 (but this file currently
> doesn't exists :/)
> 
> Aaand - even if http://nginx.org/en/CHANGES-1.9 would exists, it will
> include even the changes for a potential 1.9.6, 1.9.7 ... regardless
> we have updated to those versions …
> 

sometimes they have them published within the source code repo and that could
be used but if thats not the case its ok.

> I replace the changelog by any URI you prefer - but I favor for
> such circumstances static text ;)
> 

sure.

> Cheers
> --
> Jens Rehsack - rehs...@gmail.com
> 



signature.asc
Description: Message signed with OpenPGP using GPGMail
-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Re: [yocto] [PATCH 5/7][meta-openembedded] Update nginx to 1.9.5

2015-10-08 Thread Jens Rehsack 

> Am 08.10.2015 um 18:43 schrieb Khem Raj :
> 
>> 
>> On Oct 8, 2015, at 9:13 AM, Jens Rehsack  wrote:
>> 
>> 
>>> Am 08.10.2015 um 17:05 schrieb Khem Raj :
>>> 
> [...]
> This is good info. Although a link to diff in cgit or web view of 
> whatever SCM nginx uses would have done too.
 
 That's simply the Changelog. It's an update, not a fix for a critical 
 issue.
 Do you really ask me to list each fixed bug from nginx' ticket list?
>>> 
>>> No, on the contrary, I said if the release published the link for all this 
>>> changes somewhere then just include the link
>>> instead of enumerating changes here.
>> 
>> Well, the Changelog changes depending what's published. Currently it's
>> http://nginx.org/en/CHANGES - but when a 1.10 or a 2.0 will be released,
>> it's going to be http://nginx.org/en/CHANGES-1.9 (but this file currently
>> doesn't exists :/)
>> 
>> Aaand - even if http://nginx.org/en/CHANGES-1.9 would exists, it will
>> include even the changes for a potential 1.9.6, 1.9.7 ... regardless
>> we have updated to those versions …
>> 
> 
> sometimes they have them published within the source code repo and that could
> be used but if thats not the case its ok.
> 
>> I replace the changelog by any URI you prefer - but I favor for
>> such circumstances static text ;)
>> 
> 
> sure.

So I redo my 7 patches with -M and here and there better description and resent.
Start of next week or so ...

Cheers
-- 
Jens Rehsack - rehs...@gmail.com

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [PATCH 5/7][meta-openembedded] Update nginx to 1.9.5

2015-10-01 Thread Jens Rehsack 

many bux-fixes, optmizations and features added:

Changes with nginx 1.9.5 22 Sep 2015

*) Feature: the ngx_http_v2_module (replaces ngx_http_spdy_module).
   Thanks to Dropbox and Automattic for sponsoring this work.

*) Change: now the "output_buffers" directive uses two buffers by
   default.

*) Change: now nginx limits subrequests recursion, not simultaneous
   subrequests.

*) Change: now nginx checks the whole cache key when returning a
   response from cache.
   Thanks to Gena Makhomed and Sergey Brester.

*) Bugfix: "header already sent" alerts might appear in logs when using
   cache; the bug had appeared in 1.7.5.

*) Bugfix: "writev() failed (4: Interrupted system call)" errors might
   appear in logs when using CephFS and the "timer_resolution" directive
   on Linux.

*) Bugfix: in invalid configurations handling.
   Thanks to Markus Linnala.

*) Bugfix: a segmentation fault occurred in a worker process if the
   "sub_filter" directive was used at http level; the bug had appeared
   in 1.9.4.

Changes with nginx 1.9.4 18 Aug 2015

*) Change: the "proxy_downstream_buffer" and "proxy_upstream_buffer"
   directives of the stream module are replaced with the
   "proxy_buffer_size" directive.

*) Feature: the "tcp_nodelay" directive in the stream module.

*) Feature: multiple "sub_filter" directives can be used simultaneously.

*) Feature: variables support in the search string of the "sub_filter"
   directive.

*) Workaround: configuration testing might fail under Linux OpenVZ.
   Thanks to Gena Makhomed.

*) Bugfix: old worker processes might hog CPU after reconfiguration with
   a large number of worker_connections.

*) Bugfix: a segmentation fault might occur in a worker process if the
   "try_files" and "alias" directives were used inside a location given
   by a regular expression; the bug had appeared in 1.7.1.

*) Bugfix: the "try_files" directive inside a nested location given by a
   regular expression worked incorrectly if the "alias" directive was
   used in the outer location.

*) Bugfix: in hash table initialization error handling.

*) Bugfix: nginx could not be built with Visual Studio 2015.

Changes with nginx 1.9.3 14 Jul 2015

*) Change: duplicate "http", "mail", and "stream" blocks are now
   disallowed.

*) Feature: connection limiting in the stream module.

*) Feature: data rate limiting in the stream module.

*) Bugfix: the "zone" directive inside the "upstream" block did not work
   on Windows.

*) Bugfix: compatibility with LibreSSL in the stream module.
   Thanks to Piotr Sikora.

*) Bugfix: in the "--builddir" configure parameter.
   Thanks to Piotr Sikora.

*) Bugfix: the "ssl_stapling_file" directive did not work; the bug had
   appeared in 1.9.2.
   Thanks to Faidon Liambotis and Brandon Black.

*) Bugfix: a segmentation fault might occur in a worker process if the
   "ssl_stapling" directive was used; the bug had appeared in 1.9.2.
   Thanks to Matthew Baldwin.

Changes with nginx 1.9.2 16 Jun 2015

*) Feature: the "backlog" parameter of the "listen" directives of the
   mail proxy and stream modules.

*) Feature: the "allow" and "deny" directives in the stream module.

*) Feature: the "proxy_bind" directive in the stream module.

*) Feature: the "proxy_protocol" directive in the stream module.

*) Feature: the -T switch.

*) Feature: the REQUEST_SCHEME parameter added to the fastcgi.conf,
   fastcgi_params, scgi_params, and uwsgi_params standard configuration
   files.

*) Bugfix: the "reuseport" parameter of the "listen" directive of the
   stream module did not work.

*) Bugfix: OCSP stapling might return an expired OCSP response in some
   cases.

Changes with nginx 1.9.1 26 May 2015

*) Change: now SSLv3 protocol is disabled by default.

*) Change: some long deprecated directives are not supported anymore.

*) Feature: the "reuseport" parameter of the "listen" directive.
   Thanks to Yingqi Lu at Intel and Sepherosa Ziehau.

*) Feature: the $upstream_connect_time variable.

*) Bugfix: in the "hash" directive on big-endian platforms.

*) Bugfix: nginx might fail to start on some old Linux variants; the bug
   had appeared in 1.7.11.

*) Bugfix: in IP address parsing.
   Thanks to Sergey Polovko.

Changes with nginx 1.9.0 28 Apr 2015

*) Change: obsolete aio and rtsig event methods have been removed.

*) Feature: the "zone" directive inside the "upstream" block.

*) Feature: the stream module.

*) Feature: byte

Re: [yocto] [PATCH 5/7][meta-openembedded] Update nginx to 1.9.5

2015-10-01 Thread Khem Raj 
Jens


> On Oct 1, 2015, at 11:18 AM, Jens Rehsack  wrote:
> 
> 
> many bux-fixes, optmizations and features added:
> 
> Changes with nginx 1.9.5 22 Sep 2015
> 
>*) Feature: the ngx_http_v2_module (replaces ngx_http_spdy_module).
>   Thanks to Dropbox and Automattic for sponsoring this work.
> 
>*) Change: now the "output_buffers" directive uses two buffers by
>   default.
> 
>*) Change: now nginx limits subrequests recursion, not simultaneous
>   subrequests.
> 
>*) Change: now nginx checks the whole cache key when returning a
>   response from cache.
>   Thanks to Gena Makhomed and Sergey Brester.
> 
>*) Bugfix: "header already sent" alerts might appear in logs when using
>   cache; the bug had appeared in 1.7.5.
> 
>*) Bugfix: "writev() failed (4: Interrupted system call)" errors might
>   appear in logs when using CephFS and the "timer_resolution" directive
>   on Linux.
> 
>*) Bugfix: in invalid configurations handling.
>   Thanks to Markus Linnala.
> 
>*) Bugfix: a segmentation fault occurred in a worker process if the
>   "sub_filter" directive was used at http level; the bug had appeared
>   in 1.9.4.
> 
> Changes with nginx 1.9.4 18 Aug 2015
> 
>*) Change: the "proxy_downstream_buffer" and "proxy_upstream_buffer"
>   directives of the stream module are replaced with the
>   "proxy_buffer_size" directive.
> 
>*) Feature: the "tcp_nodelay" directive in the stream module.
> 
>*) Feature: multiple "sub_filter" directives can be used simultaneously.
> 
>*) Feature: variables support in the search string of the "sub_filter"
>   directive.
> 
>*) Workaround: configuration testing might fail under Linux OpenVZ.
>   Thanks to Gena Makhomed.
> 
>*) Bugfix: old worker processes might hog CPU after reconfiguration with
>   a large number of worker_connections.
> 
>*) Bugfix: a segmentation fault might occur in a worker process if the
>   "try_files" and "alias" directives were used inside a location given
>   by a regular expression; the bug had appeared in 1.7.1.
> 
>*) Bugfix: the "try_files" directive inside a nested location given by a
>   regular expression worked incorrectly if the "alias" directive was
>   used in the outer location.
> 
>*) Bugfix: in hash table initialization error handling.
> 
>*) Bugfix: nginx could not be built with Visual Studio 2015.
> 
> Changes with nginx 1.9.3 14 Jul 2015
> 
>*) Change: duplicate "http", "mail", and "stream" blocks are now
>   disallowed.
> 
>*) Feature: connection limiting in the stream module.
> 
>*) Feature: data rate limiting in the stream module.
> 
>*) Bugfix: the "zone" directive inside the "upstream" block did not work
>   on Windows.
> 
>*) Bugfix: compatibility with LibreSSL in the stream module.
>   Thanks to Piotr Sikora.
> 
>*) Bugfix: in the "--builddir" configure parameter.
>   Thanks to Piotr Sikora.
> 
>*) Bugfix: the "ssl_stapling_file" directive did not work; the bug had
>   appeared in 1.9.2.
>   Thanks to Faidon Liambotis and Brandon Black.
> 
>*) Bugfix: a segmentation fault might occur in a worker process if the
>   "ssl_stapling" directive was used; the bug had appeared in 1.9.2.
>   Thanks to Matthew Baldwin.
> 
> Changes with nginx 1.9.2 16 Jun 2015
> 
>*) Feature: the "backlog" parameter of the "listen" directives of the
>   mail proxy and stream modules.
> 
>*) Feature: the "allow" and "deny" directives in the stream module.
> 
>*) Feature: the "proxy_bind" directive in the stream module.
> 
>*) Feature: the "proxy_protocol" directive in the stream module.
> 
>*) Feature: the -T switch.
> 
>*) Feature: the REQUEST_SCHEME parameter added to the fastcgi.conf,
>   fastcgi_params, scgi_params, and uwsgi_params standard configuration
>   files.
> 
>*) Bugfix: the "reuseport" parameter of the "listen" directive of the
>   stream module did not work.
> 
>*) Bugfix: OCSP stapling might return an expired OCSP response in some
>   cases.
> 
> Changes with nginx 1.9.1 26 May 2015
> 
>*) Change: now SSLv3 protocol is disabled by default.
> 
>*) Change: some long deprecated directives are not supported anymore.
> 
>*) Feature: the "reuseport" parameter of the "listen" directive.
>   Thanks to Yingqi Lu at Intel and Sepherosa Ziehau.
> 
>*) Feature: the $upstream_connect_time variable.
> 
>*) Bugfix: in the "hash" directive on big-endian platforms.
> 
>*) Bugfix: nginx might fail to start on some old Linux variants; the bug
>   had appeared in 1.7.11.
> 
>*) Bugfix: in IP address parsing.
>   Thanks to Sergey Polovko.
> 
>