- Updated to 1.25.5
  * Changed nginx.keyring to Roman Arutyunyan’s PGP public key.
  * https://nginx.org/en/CHANGES
  * Added virtual servers in the stream module.
  * Fixed the ngx_stream_pass_module.
  * Fixed the "deferred", "accept_filter", and "setfib" parameters
    of the "listen" directive in the stream module.
  * Added cache line size detection for some architectures.

• Files Changed
• Browse Source

- Set RuntimeDirectory to offer a location for Unix sockets at /run/nginx

• Files Changed
• Browse Source

- logrotate: don't fail if service not running

• Files Changed
• Browse Source

- Use %patch -P N instead of deprecated %patchN.

• Files Changed
• Browse Source

- Updated to 1.25.4
  * Changed nginx.keyring to Sergey Kandaurov’s PGP public key.
  * https://nginx.org/en/CHANGES
  * Fixed segmentation fault might occur in a worker process while
    processing a specially crafted QUIC session (CVE-2024-24989, CVE-2024-24990).
  * Fixed connections with pending AIO operations might be closed
    prematurely during graceful shutdown of old worker processes.
  * Fixed socket leak alerts no longer logged when fast shutdown was
    requested after graceful shutdown of old worker processes.
  * Fixed socket descriptor error, a socket leak, or a segmentation fault
    in a worker process might occur if AIO was used in a subrequest.
  * Fixed segmentation fault might occur in a worker process if SSL
    proxying was used along with the "image_filter" directive and errors
    with code 415 were redirected with the "error_page" directive.

• Files Changed
• Browse Source

- Updated to 1.25.3
  * https://nginx.org/en/CHANGES
  * Changed: improved detection of misbehaving clients when using HTTP/2.
  * Added: startup speedup when using a large number of locations.
  * Fixed: a segmentation fault might occur in a worker process when
    using HTTP/2 without SSL; the bug had appeared in 1.25.1.
  * Fixed: the "Status" backend response header line with an empty
    reason phrase was handled incorrectly.
  * Fixed: memory leak during reconfiguration when using the PCRE2 library.

• Files Changed
• Browse Source

- Updated to 1.25.2
  * https://nginx.org/en/CHANGES
  * Changed: uses appname "nginx" when loading OpenSSL configuration.
  * Changed: does not try to load OpenSSL configuration if the
    --with-openssl option was used to built OpenSSL and the OPENSSL_CONF
    environment variable is not set.

• Files Changed
• Browse Source

- Updated to 1.25.1
  * https://nginx.org/en/CHANGES
  * Added "http2" directive, which enables HTTP/2 on a per-server basis.
  * Deprecated "http2" parameter of the "listen" directive.
  * Removed HTTP/2 server push support.
  * Deprecated "ssl" directive is not supported anymore. 

• Files Changed
• Browse Source

- Updated to 1.25.0
  * https://nginx.org/en/CHANGES
  * Added experimental HTTP/3 support.

• Files Changed
• Browse Source

- Updated to 1.23.4
  * https://nginx.org/en/CHANGES
  * Enabled TLSv1.3 protocol by default.
  * Supported byte ranges support in the ngx_http_gzip_static_module.
  * Fixed port ranges in the "listen" directive did not work.
  * Fixed incorrect location might be chosen to process a request if a
    prefix location longer than 255 characters.
  * Fixed a socket leak might occur when using HTTP/2 and the
    "error_page" directive to redirect errors with code 400.

• Files Changed
• Browse Source

- Updated to 1.23.3
  * Bugfix: an error might occur when reading PROXY protocol version 2
    header with large number of TLVs.
  * Bugfix: a segmentation fault might occur in a worker process if SSI
    was used to process subrequests created by other modules.
  * Workaround: when a hostname used in the "listen" directive resolves
    to multiple addresses, nginx now ignores duplicates within these
    addresses.
  * Bugfix: nginx might hog CPU during unbuffered proxying if SSL
    connections to backends were used.

• Files Changed
• Browse Source

- Updated to 1.23.2
  * Security: processing of a specially crafted mp4 file by the
    ngx_http_mp4_module might cause a worker process crash, worker
    process memory disclosure, or might have potential other impact
    (CVE-2022-41741, CVE-2022-41742).
  * Feature: the "$proxy_protocol_tlv_..." variables.
  * Feature: TLS session tickets encryption keys are now automatically
    rotated when using shared memory in the "ssl_session_cache"
    directive.
  * Change: the logging level of the "bad record type" SSL errors has
    been lowered from "crit" to "info".
  * Change: now when using shared memory in the "ssl_session_cache"
    directive the "could not allocate new session" errors are logged at
    the "warn" level instead of "alert" and not more often than once per second.
  * Bugfix: nginx/Windows could not be built with OpenSSL 3.0.x.
  * Bugfix: in logging of the PROXY protocol errors.
  * Workaround: shared memory from the "ssl_session_cache" directive was
    spent on sessions using TLS session tickets when using TLSv1.3 with OpenSSL.
  * Workaround: timeout specified with the "ssl_session_timeout"
    directive did not work when using TLSv1.3 with OpenSSL or BoringSSL.

• Files Changed
• Browse Source

- Updated to 1.23.1
  * Feature: memory usage optimization in configurations with SSL proxying.
  * Feature: looking up of IPv4 addresses while resolving now can be
    disabled with the "ipv4=off" parameter of the "resolver" directive.
  * Change: the logging level of the "bad key share", "bad extension",
    "bad cipher", and "bad ecpoint" SSL errors has been lowered from "crit" to "info".
  * Bugfix: while returning byte ranges nginx did not remove the
    "Content-Range" header line if it was present in the original backend response.
  * Bugfix: a proxied response might be truncated during reconfiguration
    on Linux; the bug had appeared in 1.17.5.

• Files Changed
• Browse Source

- Changed nginx.keyring to Konstantin Pavlov’s PGP public key.
- Removed nginx.init.
- Updated to 1.23.0
  * https://nginx.org/en/CHANGES
  * Now header lines are represented as linked lists.
  * Now nginx combines arbitrary header lines with identical
    names when sending to FastCGI, SCGI, and uwsgi backends, in the
    $r->header_in() method of the ngx_http_perl_module, and during lookup
    of the "$http_...", "$sent_http_...", "$sent_trailer_...",
    "$upstream_http_...", and "$upstream_trailer_..." variables.
  * Fixed: if there were multiple "Vary" header lines in the backend
    response, nginx only used the last of them when caching.
  * Fixed: if there were multiple "WWW-Authenticate" header lines in the
    backend response and errors with code 401 were intercepted or the
    "auth_request" directive was used, nginx only sent the first of the
    header lines to the client.
  * The logging level of the "application data after close
    notify" SSL errors has been lowered from "crit" to "info".
  * Fixed: connections might hang if nginx was built on Linux 2.6.17 or
    newer, but was used on systems without EPOLLRDHUP support, notably
    with epoll emulation layers; the bug had appeared in 1.17.5.
  * Fixed: nginx did not cache the response if the "Expires" response
    header line disabled caching, but following "Cache-Control" header
    line enabled caching.

• Files Changed
• Browse Source

- Updated to 1.21.6
  * https://nginx.org/en/CHANGES
  * Fixed when using EPOLLEXCLUSIVE on Linux client connections were
    unevenly distributed among worker processes.
  * Fixed nginx returned the "Connection: keep-alive" header line in
    responses during graceful shutdown of old worker processes.
  * Fixed in the "ssl_session_ticket_key" when using TLSv1.3.

• Files Changed
• Browse Source

- Updated to 1.21.5
  * https://nginx.org/en/CHANGES
  * Build with the PCRE2.
  * Supported the $ssl_curve variable.
  * Fixed connections might hang when using HTTP/2 without SSL
    with the "sendfile" and "aio" directives.

• Files Changed
• Browse Source

- Updated to 1.21.4
  * https://nginx.org/en/CHANGES
  * Support for NPN instead of ALPN to establish HTTP/2
    connections has been removed.
  * Now nginx rejects SSL connections if ALPN is used by the
    client, but no supported protocols can be negotiated.
  * The default value of the "sendfile_max_chunk" directive was
    changed to 2 megabytes.
  * The "proxy_half_close" directive in the stream module.
  * The "ssl_alpn" directive in the stream module.
  * The $ssl_alpn_protocol variable.
  * Support for SSL_sendfile() when using OpenSSL 3.0.
  * The "mp4_start_key_frame" directive in the ngx_http_mp4_module.
  * In the $content_length variable when using chunked transfer encoding.
  * After receiving a response with incorrect length from a proxied
    backend nginx might nevertheless cache the connection.
  * Invalid headers from backends were logged at the "info" level
    instead of "error"; the bug had appeared in 1.21.1.
  * Requests might hang when using HTTP/2 and the "aio_write" directive.
- drop vim-plugin-nginx, now is provided directly by vim 

• Files Changed
• Browse Source

- Add CONFIG parameter to %sysusers_generate_pre
- Added hardening to systemd service(s) (bsc#1181400). Modified:
  * nginx.service

• Files Changed
• Browse Source

- Updated to 1.21.3
  * https://nginx.org/en/CHANGES
  * Optimization of client request body reading when using HTTP/2.
  * Fixed request body filters internal API when using HTTP/2 and
    buffering of the data being processed.

• Files Changed
• Browse Source

- Updated to 1.21.2
  * https://nginx.org/en/CHANGES
  * Now nginx rejects HTTP/1.0 requests with the "Transfer-Encoding" header line.
  * Export ciphers are no longer supported.
  * Added OpenSSL 3.0 compatibility.
  * Added the "Auth-SSL-Protocol" and "Auth-SSL-Cipher" header lines
    are now passed to the mail proxy authentication server.
  * Added request body filters API now permits buffering of the data being processed.
  * Fixed backend SSL connections in the stream module might hang after an SSL handshake.
  * Fixed the security level, which is available in OpenSSL 1.1.0 or newer,
    did not affect loading of the server certificates when set
    with "@SECLEVEL=N" in the "ssl_ciphers" directive.
  * Fixed SSL connections with gRPC backends might hang if select, poll,
    or /dev/poll methods were used.
  * Fixed when using HTTP/2 client request body was always written to
    disk if the "Content-Length" header line was not present in the request.

• Files Changed
• Browse Source