Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

nginx-1.19.8-3.6.1 RPM for ppc64le

From OpenSuSE Leap 15.3 for ppc64le

Name: nginx Distribution: SUSE Linux Enterprise 15
Version: 1.19.8 Vendor: SUSE LLC <https://www.suse.com/>
Release: 3.6.1 Build date: Wed Jun 23 13:04:49 2021
Group: Productivity/Networking/Web/Proxy Build host: nebbiolo
Size: 3013851 Source RPM: nginx-1.19.8-3.6.1.src.rpm
Packager: https://www.suse.com/
Url: https://nginx.org
Summary: A HTTP server and IMAP/POP3 proxy server
nginx [engine x] is a HTTP server and IMAP/POP3 proxy server written by Igor Sysoev.
It has been running on many heavily loaded Russian sites for more than two years.

Provides

Requires

License

BSD-2-Clause

Changelog

* Wed Jun 16 2021 fschnizlein@suse.com
  - Fix race condition between nginx and logrotate causing mass reopening of
    files. (bsc#1183876)
* Wed May 26 2021 fschnizlein@suse.com
  - CVE-2021-23017: Fixes nginx DNS resolver off-by-one heap write, allowing
    network attacker capable of providing DNS responses to a nginx server to
    achieve remote code execution. (bsc#1186126)
* Fri Mar 12 2021 dmueller@suse.com
  - update to 1.19.8:
    * Feature: flags in the "proxy_cookie_flags" directive can now contain
      variables.
    * Feature: the "proxy_protocol" parameter of the "listen" directive,
      the "proxy_protocol" and "set_real_ip_from" directives in mail proxy.
    * Bugfix: HTTP/2 connections were immediately closed when using
      "keepalive_timeout 0"; the bug had appeared in 1.19.7.
    * Bugfix: some errors were logged as unknown if nginx was built with
      glibc 2.32.
    * Bugfix: in the eventport method.
* Sat Feb 27 2021 ilya@ilya.pp.ua
  - Refreshed spec-file via spec-cleaner and manual optimizations.
    * Droped obsolete conditional constructs.
    * Removed pkg_name macro.
* Wed Feb 17 2021 mrueckert@suse.de
  - Drop nginx_upstream_check module, there is no support for dynamic
    loading upstream and the module seems kind of unmaintained.
  - Removed patch check_1.9.2+.patch.
* Tue Feb 16 2021 mrueckert@suse.de
  - Update to 1.19.7
    * https://nginx.org/en/CHANGES
    * Change: connections handling in HTTP/2 has been changed to
      better match HTTP/1.x; the "http2_recv_timeout",
      "http2_idle_timeout", and "http2_max_requests" directives have
      been removed, the "keepalive_timeout" and "keepalive_requests"
      directives should be used instead.
    * Change: the "http2_max_field_size" and "http2_max_header_size"
      directives have been removed, the "large_client_header_buffers"
      directive should be used instead.
    * Feature: now, if free worker connections are exhausted, nginx
      starts closing not only keepalive connections, but also
      connections in lingering close.
    * Bugfix: "zero size buf in output" alerts might appear in logs
      if an upstream server returned an incorrect response during
      unbuffered proxying; the bug had appeared in 1.19.1.
    * Bugfix: HEAD requests were handled incorrectly if the "return"
      directive was used with the "image_filter" or "xslt_stylesheet"
      directives.
    * Bugfix: in the "add_trailer" directive.
  - Since we only target sle 12 and above we can skip all
    conditionals which apply to suse_version before 1315
    With changes in nginx itself we will drop support for sysvinit.
    http2, libatomic support and pcre_jit will always be on now.
    and we build all binaries with PIE now.
  - Moved the last 2 path macros from nginx.spec to the macros file.
    (pid and lock path)
* Wed Dec 23 2020 info@paolostivanin.com
  - Update to 1.19.6
    * https://nginx.org/en/CHANGES
    * Fix "no live upstreams" errors if a "server" inside "upstream"
      block was marked as "down".
    * Fix a segmentation fault might occur in a worker process if HTTPS
      was used; the bug had appeared in 1.19.5.
    * Fix nginx returned the 400 response on requests like
      "GET http://example.com?args HTTP/1.0".
    * Fix in the ngx_http_flv_module and ngx_http_mp4_module.
* Tue Nov 24 2020 ilya@ilya.pp.ua
  - Update to 1.19.5
    * https://nginx.org/en/CHANGES
    * Add the -e switch.
    * The same source files can now be specified in different modules
      while building addon modules.
    * Fix SSL shutdown did not work when lingering close was used.
    * Fix "upstream sent frame for closed stream" errors might occur
      when working with gRPC backends.
    * Fix in request body filters internal API.
* Mon Nov 09 2020 ilya@ilya.pp.ua
  - Refresh spec-file via spec-cleaner and manual optimizations.
* Tue Oct 27 2020 ilya@ilya.pp.ua
  - Update to 1.19.4
    * https://nginx.org/en/CHANGES
    * Add the "ssl_conf_command", "proxy_ssl_conf_command",
      "grpc_ssl_conf_command", and "uwsgi_ssl_conf_command" directives.
    * Add the "ssl_reject_handshake" directive.
    * Add the "proxy_smtp_auth" directive in mail proxy.
* Fri Oct 02 2020 mrueckert@suse.de
  - Use the ngx_* macros from the nginx-macros package to simplify
    the spec file.
* Fri Oct 02 2020 mrueckert@suse.de
  - Moved all the modules that support dynamic modules into their own
    modules:
    * nginx-module-geoip2
    * nginx-module-fancyindex
    * nginx-module-headers-more
  - The rtmp module is replaced with nginx-module-http-flv
* Wed Sep 30 2020 ilya@ilya.pp.ua
  - Update to 1.19.3
    * https://nginx.org/en/CHANGES
    * Add the ngx_stream_set_module.
    * Add the "proxy_cookie_flags" directive.
    * Add the "userid_flags" directive.
    * Fix the "stale-if-error" cache control extension was erroneously
      applied if backend returned a response with status code 500, 502,
      503, 504, 403, 404, or 429.
    * Fix "[crit] cache file ... has too long header" messages might
      appear in logs if caching was used and the backend returned responses
      with the "Vary" header line.
    * Fix "[crit] SSL_write() failed" messages might appear in logs
      when using OpenSSL 1.1.1.
    * Fix "SSL_shutdown() failed (SSL: ... bad write retry)" messages
      might appear in logs; the bug had appeared in 1.19.2.
    * Fix a segmentation fault might occur in a worker process when
      using HTTP/2 if errors with code 400 were redirected to a proxied
      location using the "error_page" directive.
    * Fix socket leak when using HTTP/2 and subrequests in the njs module.
* Wed Aug 12 2020 ilya@ilya.pp.ua
  - Update to 1.19.2
    * https://nginx.org/en/CHANGES
    * Now nginx starts closing keepalive connections before all free
      worker connections are exhausted, and logs a warning about this
      to the error log.
    * Optimization of client request body reading when using chunked
      transfer encoding.
    * Memory leak if the "ssl_ocsp" directive was used.
    * "zero size buf in output" alerts might appear in logs if a
      FastCGI server returned an incorrect response; the bug had
      appeared in 1.19.1.
    * A segmentation fault might occur in a worker process if
      different large_client_header_buffers sizes were used in
      different virtual servers.
    * SSL shutdown might not work.
    * "SSL_shutdown() failed (SSL: ... bad write retry)" messages
      might appear in logs.
    * In the ngx_http_slice_module.
    * In the ngx_http_xslt_filter_module.
* Tue Aug 04 2020 dmueller@suse.com
  - update nginx-1.6.1-default_config.patch:
    * remove geoip_module which is no longer compiled (bsc#1156202)
* Wed Jul 08 2020 ilya@ilya.pp.ua
  - Update to 1.19.1
    * https://nginx.org/en/CHANGES
    * The "lingering_close", "lingering_time", and "lingering_timeout"
      directives now work when using HTTP/2.
    * Now extra data sent by a backend are always discarded.
    * Now after receiving a too short response from a FastCGI server
      nginx tries to send the available part of the response
      to the client, and then closes the client connection.
    * Now after receiving a response with incorrect length from a
      gRPC backend nginx stops response processing with an error.
    * The "min_free" parameter of the "proxy_cache_path",
      "fastcgi_cache_path", "scgi_cache_path",
      and "uwsgi_cache_path" directives.
    * nginx did not delete unix domain listen sockets during
      graceful shutdown on the SIGQUIT signal.
    * Zero length UDP datagrams were not proxied.
    * Proxying to uwsgi backends using SSL might not work.
    * In error handling when using the "ssl_ocsp" directive.
    * On XFS and NFS file systems disk cache size might be
      calculated incorrectly.
    * "negative size buf in writer" alerts might appear in logs if
      a memcached server returned a malformed response.
* Thu May 28 2020 ilya@ilya.pp.ua
  - Update to 1.19.0
    * https://nginx.org/en/CHANGES
    * Client certificate validation with OCSP.
    * "upstream sent frame for closed stream" errors might occur
      when working with gRPC backends.
    * OCSP stapling might not work if the "resolver" directive
      was not specified.
    * Connections with incorrect HTTP/2 preface were not logged.
* Thu May 07 2020 crrodriguez@opensuse.org
  - Do not arbitrarily limit the default listen backlog
    (NGX_LISTEN_BACKLOG) to 511, instead use -1 to choose the
    system's default (sysctl net.core.somaxconn)
* Wed Apr 22 2020 ilya@ilya.pp.ua
  - Update to 1.18.0
    * 1.18.x stable branch.
* Fri Apr 17 2020 kukuk@suse.com
  - Use sysusers.d to create the nginx user and group
  - Remove self-conflict
* Wed Apr 15 2020 ilya@ilya.pp.ua
  - Update to 1.17.10
    * https://nginx.org/en/CHANGES
    * The "auth_delay" directive.
* Tue Mar 10 2020 vcizek@suse.com
  - Replace obsolete GeoIP module with MaxMinDB-based GeoIP2
    (bsc#1156202)
* Wed Mar 04 2020 ilya@ilya.pp.ua
  - Update to 1.17.9
    * https://nginx.org/en/CHANGES
    * Now nginx does not allow several "Host" request header lines.
    * nginx ignored additional "Transfer-Encoding" request header lines.
    * Socket leak when using HTTP/2.
    * A segmentation fault might occur in a worker process if OCSP
      stapling was used.
    * In the ngx_http_mp4_module.
    * nginx used status code 494 instead of 400 if errors with code
      494 were redirected with the "error_page" directive.
    * Socket leak when using subrequests in the njs module and the
      "aio" directive.
* Sun Feb 02 2020 mrueckert@suse.de
  - Update to 1.17.8
    * Feature: variables support in the "grpc_pass" directive.
    * Bugfix: a timeout might occur while handling pipelined requests
      in an SSL connection; the bug had appeared in 1.17.5.
    * Bugfix: in the "debug_points" directive when using HTTP/2.
      Thanks to Daniil Bondarev.
* Tue Jan 21 2020 kukuk@suse.com
  - Use systemd_ordering instead of systemd_requires, nginx is useable
    without sysemd, too.
* Sat Dec 28 2019 ilya@ilya.pp.ua
  - Refresh spec-file via spec-cleaner.
  - Add in service-file Wants=network-online.target (boo#1155690)
  - Update to 1.17.7
    * https://nginx.org/en/CHANGES
    * A segmentation fault might occur on start or during
      reconfiguration if the "rewrite" directive with an empty
      replacement string was used in the configuration.
    * A segmentation fault might occur in a worker process if the
      "break" directive was used with the "alias" directive or with
      the "proxy_pass" directive with a URI.
    * The "Location" response header line might contain garbage if
      the request URI was rewritten to the one containing a null character.
    * Requests with bodies were handled incorrectly when returning redirections
      with the "error_page" directive; the bug had appeared in 0.7.12.
    * Socket leak when using HTTP/2.
    * A timeout might occur while handling pipelined requests in an
      SSL connection; the bug had appeared in 1.17.5.
    * Bugfix in the ngx_http_dav_module.
    * CVE-2019-20372: Fixed an HTTP request smuggling with certain error_page
      configurations which could have allowed unauthorized web page reads (bsc#1160682).
* Sat Nov 23 2019 mrueckert@suse.de
  - Update to 1.17.6
    - Feature: the $proxy_protocol_server_addr and
      $proxy_protocol_server_port variables.
    - Feature: the "limit_conn_dry_run" directive.
    - Feature: the $limit_req_status and $limit_conn_status
      variables.
* Mon Oct 28 2019 crrodriguez@opensuse.org
  - remove -std=gnu99 -fstack-protector from cflags as they are
    no longer needed.
* Wed Oct 23 2019 ilya@ilya.pp.ua
  - Update to 1.17.5
    * https://nginx.org/en/CHANGES
    * Now nginx uses ioctl(FIONREAD), if available, to avoid
      reading from a fast connection for a long time.
    * Incomplete escaped characters at the end of the request URI were ignored.
    * "/." and "/.." at the end of the request URI were not normalized.
    * In the "merge_slashes" directive.
    * In the "ignore_invalid_headers" directive.
    * nginx could not be built with MinGW-w64 gcc 8.1 or newer.
* Mon Oct 21 2019 ilya@ilya.pp.ua
  - Update to 1.17.4
    * https://nginx.org/en/CHANGES
    * Better detection of incorrect client behavior in HTTP/2.
    * In handling of not fully read client request body when
      returning errors in HTTP/2.
    * The "worker_shutdown_timeout" directive might not work when
      using HTTP/2.
    * A segmentation fault might occur in a worker process when
      using HTTP/2 and the "proxy_request_buffering" directive.
    * The ECONNABORTED error log level was "crit" instead of
      "error" on Windows when using SSL.
    * nginx ignored extra data when using chunked transfer
      encoding.
    * nginx always returned the 500 error if the "return" directive
      was used and an error occurred during reading client request body.
    * In memory allocation error handling.
* Wed Aug 14 2019 mrueckert@suse.de
  - update to 1.17.3
    - Security: when using HTTP/2 a client might cause excessive
      memory consumption and CPU usage (CVE-2019-9511, CVE-2019-9513,
      CVE-2019-9516).
    - Bugfix: "zero size buf" alerts might appear in logs when using
      gzipping; the bug had appeared in 1.17.2.
    - Bugfix: a segmentation fault might occur in a worker process if
      the "resolver" directive was used in SMTP proxy.
* Tue Jul 23 2019 michael@stroeder.com
  - update to 1.17.2
    - Change: minimum supported zlib version is 1.2.0.4.
    - Change: the $r->internal_redirect() embedded perl method now expects
      escaped URIs.
    - Feature: it is now possible to switch to a named location using the
      $r->internal_redirect() embedded perl method.
    - Bugfix: in error handling in embedded perl.
    - Bugfix: a segmentation fault might occur on start or during
      reconfiguration if hash bucket size larger than 64 kilobytes was used
      in the configuration.
    - Bugfix: nginx might hog CPU during unbuffered proxying and when
      proxying WebSocket connections if the select, poll, or /dev/poll
      methods were used.
    - Bugfix: in the ngx_http_xslt_filter_module.
    - Bugfix: in the ngx_http_ssi_filter_module.
* Tue Jul 09 2019 mrueckert@suse.de
  - update to 1.17.1
    - Feature: the "limit_req_dry_run" directive.
    - Feature: when using the "hash" directive inside the "upstream"
      block an empty hash key now triggers round-robin balancing.
      Thanks to Niklas Keller.
    - Bugfix: a segmentation fault might occur in a worker process if
      caching was used along with the "image_filter" directive, and
      errors with code 415 were redirected with the "error_page"
      directive; the bug had appeared in 1.11.10.
    - Bugfix: a segmentation fault might occur in a worker process if
      embedded perl was used; the bug had appeared in 1.7.3.
* Thu May 23 2019 seanlew@opensuse.org
  - update to version 1.17.0
    * Feature: variables support in the "limit_rate" directives
    * Feature: variables support in the "proxy rate" directies
    * Change: min supported OpenSSL is 0.9.8
    * Change: now the postpone filter is always built
    * Bugfix: the "include" directive didn't work inside "if"
    * Bugfix: in byte ranges processing
* Mon May 06 2019 seanlew@opensuse.org
  - update to version 1.16.0
    * 1.16 stable branch
    * Bugfix: segfault may occur in ssl_certificate worker process
* Sun Apr 07 2019 seanlew@opensuse.org
  - update to 1.15.10
    * When using hostname in the 'listen' directive, create new socket
    * Port ranges in the 'listen' directive
    * Loading of SSL certs/secret keys from variables
    * $ssl_server_name var might be empty with OpenSSL 1.1.1
* Sat Mar 02 2019 seanlew@openeuse.org
  - update to 1.15.9
    * Feature: variables support in the "ssl_certificate" directives
    * Bugfix: the "proxy_upload_rate" and "proxy_download_rate"
      directives in the stream module worked incorrectly with UDP
* Sun Dec 30 2018 sean@suspend.net
  - update to 1.15.8
    * Feature: the $upstream_bytes_sent variable
    * Feature: new directives in vim syntax highlighting scripts
    * Bugfix: in the "proxy_cache_background_update" directive
    * Bugfix: in the "geo" directive when using unix domain listen sockets
    * Workaround: the "ignoring stale global SSL error" alerts might appear erroneosuly
    * Bugfix: in the ngx_http_autoindex_module on x86
* Fri Dec 07 2018 chris@computersalat.de
  - update to 1.15.7
    * Feature: the "proxy_requests" directive in the stream module.
    * Feature: the "delay" parameter of the "limit_req" directive.
      Thanks to Vladislav Shabanov and Peter Shchuchkin.
    * Bugfix: memory leak on errors during reconfiguration.
    * Bugfix: in the $upstream_response_time, $upstream_connect_time, and
      $upstream_header_time variables.
    * Bugfix: a segmentation fault might occur in a worker process if the
      ngx_http_mp4_module was used on 32-bit platforms.
  - fix changes file for submit to Backports
    * see https://build.opensuse.org/request/show/653792
* Thu Nov 08 2018 alarrosa@suse.com
  - update to 1.15.6
    * fix for boo#1115022, boo#1115025
      Security: when using HTTP/2 a client might cause excessive memory
      consumption (CVE-2018-16843) and CPU usage (CVE-2018-16844).
    * fix for boo#1115015
      Security: processing of a specially crafted mp4 file with the
      ngx_http_mp4_module might result in worker process memory disclosure
      (CVE-2018-16845).
    - Feature: the "proxy_socket_keepalive", "fastcgi_socket_keepalive",
      "grpc_socket_keepalive", "memcached_socket_keepalive",
      "scgi_socket_keepalive", and "uwsgi_socket_keepalive" directives.
    - Bugfix: if nginx was built with OpenSSL 1.1.0 and used with OpenSSL
      1.1.1, the TLS 1.3 protocol was always enabled.
    - Bugfix: working with gRPC backends might result in excessive memory
      consumption.
  - Fix vim-plugin-nginx rpm group.
* Sat Nov 03 2018 sean@suspend.net
  - update to 1.15.5
    - Bugfix: a segmentation fault might occur in a worker process when using OpenSSL 1.1.0h or lower
    - Bugfix: minor potential bugs
  - update to 1.15.4
    - Feature: now the "ssl_early_data" directive can be used with OpenSSL.
    - Bugfix: in the ngx_http_uwsgi_module.
    - Bugfix: connections with some gRPC backends might not be cached when
      using the "keepalive" directive.
    - Bugfix: a socket leak might occur when using the "error_page"
      directive to redirect early request processing errors, notably errors
      with code 400.
    - Bugfix: the "return" directive did not change the response code when
      returning errors if the request was redirected by the "error_page"
      directive.
    - Bugfix: standard error pages and responses of the
      ngx_http_autoindex_module module used the "bgcolor" attribute, and
      might be displayed incorrectly when using custom color settings in
      browsers.
    - Change: the logging level of the "no suitable key share" and "no
      suitable signature algorithm" SSL errors has been lowered from "crit"
      to "info".
* Thu Sep 06 2018 mrueckert@suse.de
  - update to 1.15.3
    - Feature: now TLSv1.3 can be used with BoringSSL.
    - Feature: the "ssl_early_data" directive, currently available
      with BoringSSL.
    - Feature: the "keepalive_timeout" and "keepalive_requests"
      directives in the "upstream" block.
    - Bugfix: the ngx_http_dav_module did not truncate destination
      file when copying a file over an existing one with the COPY
      method.
    - Bugfix: the ngx_http_dav_module used zero access rights on the
      destination file and did not preserve file modification time
      when moving a file between different file systems with the MOVE
      method.
    - Bugfix: the ngx_http_dav_module used default access rights when
      copying a file with the COPY method.
    - Workaround: some clients might not work when using HTTP/2; the
      bug had appeared in 1.13.5.
    - Bugfix: nginx could not be built with LibreSSL 2.8.0.
* Mon Jul 30 2018 mrueckert@suse.de
  - update to 1.15.2
    - Feature: the $ssl_preread_protocol variable in the
      ngx_stream_ssl_preread_module.
    - Feature: now when using the "reset_timedout_connection"
      directive nginx will reset connections being closed with the
      444 code.
    - Change: a logging level of the "http request", "https proxy
      request", "unsupported protocol", and "version too low" SSL
      errors has been lowered from "crit" to "info".
    - Bugfix: DNS requests were not resent if initial sending of a
      request failed.
    - Bugfix: the "reuseport" parameter of the "listen" directive was
      ignored if the number of worker processes was specified after
      the "listen" directive.
    - Bugfix: when using OpenSSL 1.1.0 or newer it was not possible
      to switch off "ssl_prefer_server_ciphers" in a virtual server
      if it was switched on in the default server.
    - Bugfix: SSL session reuse with upstream servers did not work
      with the TLS 1.3 protocol.
* Mon Jul 23 2018 mrueckert@suse.de
  - update to 1.15.1
    - Feature: the "random" directive inside the "upstream" block.
    - Feature: improved performance when using the "hash" and
      "ip_hash" directives with the "zone" directive.
    - Feature: the "reuseport" parameter of the "listen" directive
      now uses SO_REUSEPORT_LB on FreeBSD 12.
    - Bugfix: HTTP/2 server push did not work if SSL was terminated
      by a proxy server in front of nginx.
    - Bugfix: the "tcp_nopush" directive was always used on backend
      connections.
    - Bugfix: sending a disk-buffered request body to a gRPC backend
      might fail.
  - changes from 1.15.0
    - Change: the "ssl" directive is deprecated; the "ssl" parameter
      of the "listen" directive should be used instead.
    - Change: now nginx detects missing SSL certificates during
      configuration testing when using the "ssl" parameter of the
      "listen" directive.
    - Feature: now the stream module can handle multiple incoming UDP
      datagrams from a client within a single session.
    - Bugfix: it was possible to specify an incorrect response code
      in the "proxy_cache_valid" directive.
    - Bugfix: nginx could not be built by gcc 8.1.
    - Bugfix: logging to syslog stopped on local IP address changes.
    - Bugfix: nginx could not be built by clang with CUDA SDK
      installed; the bug had appeared in 1.13.8.
    - Bugfix: "getsockopt(TCP_FASTOPEN) ... failed" messages might
      appear in logs during binary upgrade when using unix domain
      listen sockets on FreeBSD.
    - Bugfix: nginx could not be built on Fedora 28 Linux.
    - Bugfix: request processing rate might exceed configured rate
      when using the "limit_req" directive.
    - Bugfix: in handling of client addresses when using unix domain
      listen sockets to work with datagrams on Linux.
    - Bugfix: in memory allocation error handling.
* Fri May 25 2018 mrostecki@suse.com
  - Add nginx-source package
* Tue May 15 2018 crrodriguez@opensuse.org
  - Do not require insserv on systemd-only releases.
* Mon May 07 2018 achernikov@suse.com
  - update to 1.14.0
    * 1.14.x stable branch.
  - includes changes from 1.13.12
    * bugfix connections with gRPC backends might be closed unexpectedly
    when returning a large response.
* Tue Apr 10 2018 astieger@suse.com
  - update to 1.13.11:
    * the "proxy_protocol" parameter of the "listen" directive now
      supports the PROXY protocol version 2
    * bugfix in the "http_404", "http_500", etc. parameters of the
      "proxy_next_upstream" directive
  - includes changes from 1.13.10:
    * the "set" parameter of the "include" SSI directive now allows
      writing arbitrary responses to a variable; the
      "subrequest_output_buffer_size" directive defines maximum
      response size
    * now nginx uses clock_gettime(CLOCK_MONOTONIC) if available, to
      avoid timeouts being incorrectly triggered on system time changes
    * add the "escape=none" parameter of the "log_format" directive
    * add the $ssl_preread_alpn_protocols variable in the
      ngx_stream_ssl_preread_module.
    * add the ngx_http_grpc_module.
    * fix memory allocation error handling in the "geo" directive.
    * when using variables in the "auth_basic_user_file" directive
      a null character may have appeared in logs
  - Use %license (bsc#1082318)
* Wed Mar 28 2018 achernikov@suse.com
  - Recommend to use TLSv1.2 by default (boo#1086855)
* Wed Feb 21 2018 mrueckert@suse.de
  - update rmtp module to 1.2.1
    - just commenting all places where we fallthrough conditionals
* Wed Feb 21 2018 mrueckert@suse.de
  - update headers more to 0.33
    - feature: add wildcard match support for
      more_clear_input_headers.
* Wed Feb 21 2018 mrueckert@suse.de
  - update fancyindex module to 0.4.2
    This release contains an important fix which can cause Nginx to
    crash when a directory contains zero-sized (empty) files. This
    bug has been present in all previous releases, and all users are
    strongly encouraged to update to version 0.4.2.
    https://github.com/aperezdc/ngx-fancyindex/releases/tag/v0.4.2
* Wed Feb 21 2018 mrueckert@suse.de
  - changes from 1.13.9
    - Feature: HTTP/2 server push support; the "http2_push" and
      "http2_push_preload" directives.
    - Bugfix: "header already sent" alerts might appear in logs when
      using cache; the bug had appeared in 1.9.13.
    - Bugfix: a segmentation fault might occur in a worker process if
      the "ssl_verify_client" directive was used and no SSL
      certificate was specified in a virtual server.
    - Bugfix: in the ngx_http_v2_module.
    - Bugfix: in the ngx_http_dav_module.
  - updates from 1.13.8
    - Feature: now nginx automatically preserves the CAP_NET_RAW
      capability in worker processes when using the "transparent"
      parameter of the "proxy_bind", "fastcgi_bind",
      "memcached_bind", "scgi_bind", and "uwsgi_bind" directives.
    - Feature: improved CPU cache line size detection. Thanks to
      Debayan Ghosh.
    - Feature: new directives in vim syntax highlighting scripts.
      Thanks to Gena Makhomed.
    - Bugfix: binary upgrade refused to work if nginx was re-parented
      to a process with PID different from 1 after its parent process
      has finished.
    - Bugfix: the ngx_http_autoindex_module incorrectly handled
      requests with bodies.
    - Bugfix: in the "proxy_limit_rate" directive when used with the
      "keepalive" directive.
    - Bugfix: some parts of a response might be buffered when using
      "proxy_buffering off" if the client connection used SSL.
      Thanks to Patryk Lesiewicz.
    - Bugfix: in the "proxy_cache_background_update" directive.
    - Bugfix: it was not possible to start a parameter with a
      variable in the "${name}" form with the name in curly brackets
      without enclosing the parameter into single or double quotes.
* Wed Feb 07 2018 achernikov@suse.com
  - Install /etc/nginx/conf.d directory for custom user configuration
    files
* Wed Feb 07 2018 achernikov@suse.com
  - Install /etc/nginx/vhosts.d directory for default installation
    to house custom virtual hosts configuration files
* Mon Dec 18 2017 avindra@opensuse.org
  - update to version 1.13.7
    - Bugfix: in the $upstream_status variable.
    - Bugfix: a segmentation fault might occur in a worker process
      if a backend returned a "101 Switching Protocols" response to
      a subrequest.
    - Bugfix: a segmentation fault occurred in a master process if a
      shared memory zone size was changed during a reconfiguration
      and the reconfiguration failed.
    - Bugfix: in the ngx_http_fastcgi_module.
    - Bugfix: nginx returned the 500 error if parameters without
      variables were specified in the "xslt_stylesheet" directive.
    - Workaround: "gzip filter failed to use preallocated memory"
      alerts appeared in logs when using a zlib library variant
      from Intel.
    - Bugfix: the "worker_shutdown_timeout" directive did not work
      when using mail proxy and when proxying WebSocket connections.
  - partial cleanup with spec-cleaner
* Thu Oct 12 2017 mrueckert@suse.de
  - update to 1.13.6
    - Bugfix: switching to the next upstream server in the stream
      module did not work when using the "ssl_preread" directive.
    - Bugfix: in the ngx_http_v2_module.  Thanks to Piotr Sikora.
    - Bugfix: nginx did not support dates after the year 2038 on
      32-bit platforms with 64-bit time_t.
    - Bugfix: in handling of dates prior to the year 1970 and after
      the year 10000.
    - Bugfix: in the stream module timeouts waiting for UDP datagrams
      from upstream servers were not logged or logged at the "info"
      level instead of "error".
    - Bugfix: when using HTTP/2 nginx might return the 400 response
      without logging the reason.
    - Bugfix: in processing of corrupted cache files.
    - Bugfix: cache control headers were ignored when caching errors
      intercepted by error_page.
    - Bugfix: when using HTTP/2 client request body might be
      corrupted.
    - Bugfix: in handling of client addresses when using unix domain
      sockets.
    - Bugfix: nginx hogged CPU when using the "hash ... consistent"
      directive in the upstream block if large weights were used and
      all or most of the servers were unavailable.
* Fri Oct 06 2017 mrueckert@suse.de
  - extra modules were enabled on sles due to a typo
* Thu Oct 05 2017 achernikov@suse.com
  - Submit nginx to SLES to become a http server for RMT(Repository
    mirroring tool) [fate#323994, bsc#1059685, boo#1057831]
* Fri Sep 22 2017 mrueckert@suse.de
  - disable extra modules on sle
* Sat Sep 16 2017 mrueckert@suse.de
  - update to 1.13.5
    - Feature: the $ssl_client_escaped_cert variable.
    - Bugfix: the "ssl_session_ticket_key" directive and the
      "include" parameter of the "geo" directive did not work on
      Windows.
    - Bugfix: incorrect response length was returned on 32-bit
      platforms when requesting more than 4 gigabytes with multiple
      ranges.
    - Bugfix: the "expires modified" directive and processing of the
      "If-Range" request header line did not use the response last
      modification time if proxying without caching was used.
  - changes from 1.13.4
    - Feature: the ngx_http_mirror_module.
    - Bugfix: client connections might be dropped during
      configuration testing when using the "reuseport" parameter of
      the "listen" directive on Linux.
    - Bugfix: request body might not be available in subrequests if
      it was saved to a file and proxying was used.
    - Bugfix: cleaning cache based on the "max_size" parameter did
      not work on Windows.
    - Bugfix: any shared memory allocation required 4096 bytes on
      Windows.
    - Bugfix: nginx worker might be terminated abnormally when using
      the "zone" directive inside the "upstream" block on Windows.
* Fri Sep 08 2017 astieger@suse.com
  - add upstream signing key and verify source tarball signature
* Mon Jul 17 2017 mrueckert@suse.de
  - update to 1.13.3 (boo#1048265)
    - Security: a specially crafted request might result in an
      integer overflow and incorrect processing of ranges in the
      range filter, potentially resulting in sensitive information
      leak (CVE-2017-7529).
  - changes from 1.13.2
    - Change: nginx now returns 200 instead of 416 when a range
      starting with 0 is requested from an empty file.
    - Feature: the "add_trailer" directive.  Thanks to Piotr Sikora.
    - Bugfix: nginx could not be built on Cygwin and NetBSD; the bug
      had appeared in 1.13.0.
    - Bugfix: nginx could not be built under MSYS2 / MinGW 64-bit.
      Thanks to Orgad Shaneh.
    - Bugfix: a segmentation fault might occur in a worker process
      when using SSI with many includes and proxy_pass with
      variables.
    - Bugfix: in the ngx_http_v2_module.  Thanks to Piotr Sikora.
  - update nginx-rtmp-module to 1.2.0:
    - DASH improvements
    - OpenSSL 1.1 compatibility
* Thu Jun 01 2017 mrueckert@suse.de
  - update to 1.13.1
    - Feature: now a hostname can be used as the "set_real_ip_from"
      directive parameter.
    - Feature: vim syntax highlighting scripts improvements.
    - Feature: the "worker_cpu_affinity" directive now works on
      DragonFly BSD.  Thanks to Sepherosa Ziehau.
    - Bugfix: SSL renegotiation on backend connections did not work
      when using OpenSSL before 1.1.0.
    - Workaround: nginx could not be built with Oracle Developer
      Studio 12.5.
    - Workaround: now cache manager ignores long locked cache entries
      when cleaning cache based on the "max_size" parameter.
    - Bugfix: client SSL connections were immediately closed if
      deferred accept and the "proxy_protocol" parameter of the
      "listen" directive were used.
    - Bugfix: in the "proxy_cache_background_update" directive.
    - Workaround: now the "tcp_nodelay" directive sets the
      TCP_NODELAY option before an SSL handshake.
  - changes from 1.13.0
    - Change: SSL renegotiation is now allowed on backend
      connections.
    - Feature: the "rcvbuf" and "sndbuf" parameters of the "listen"
      directives of the mail proxy and stream modules.
    - Feature: the "return" and "error_page" directives can now be
      used to return 308 redirections.  Thanks to Simon Leblanc.
    - Feature: the "TLSv1.3" parameter of the "ssl_protocols"
      directive.
    - Feature: when logging signals nginx now logs PID of the process
      which sent the signal.
    - Bugfix: in memory allocation error handling.
    - Bugfix: if a server in the stream module listened on a wildcard
      address, the source address of a response UDP datagram could
      differ from the original datagram destination address.
* Sun Apr 09 2017 michael@stroeder.com
  - update to 1.12.0
    - Feature: the "http_429" parameter of the "proxy_next_upstream",
      "fastcgi_next_upstream", "scgi_next_upstream", and
      "uwsgi_next_upstream" directives.
      Thanks to Piotr Sikora.
    - Bugfix: in memory allocation error handling.
    - Bugfix: requests might hang when using the "sendfile" and
      "timer_resolution" directives on Linux.
    - Bugfix: requests might hang when using the "sendfile" and "aio_write"
      directives with subrequests.
    - Bugfix: in the ngx_http_v2_module.
      Thanks to Piotr Sikora.
    - Bugfix: a segmentation fault might occur in a worker process when
      using HTTP/2.
    - Bugfix: requests might hang when using the "limit_rate",
      "sendfile_max_chunk", "limit_req" directives, or the $r->sleep()
      embedded perl method with subrequests.
    - Bugfix: in the ngx_http_slice_module.
* Wed Mar 29 2017 mrueckert@suse.de
  - update to 1.11.12
    - Bugfix: nginx might hog CPU; the bug had appeared in 1.11.11.
  - update to 1.11.11
    - Feature: the "worker_shutdown_timeout" directive.
    - Feature: vim syntax highlighting scripts improvements.  Thanks
      to Wei-Ko Kao.
    - Bugfix: a segmentation fault might occur in a worker process if
      the $limit_rate variable was set to an empty string.
    - Bugfix: the "proxy_cache_background_update",
      "fastcgi_cache_background_update",
      "scgi_cache_background_update", and
      "uwsgi_cache_background_update" directives might work
      incorrectly if the "if" directive was used.
    - Bugfix: a segmentation fault might occur in a worker process if
      number of large_client_header_buffers in a virtual server was
      different from the one in the default server.
    - Bugfix: in the mail proxy server.
* Tue Feb 28 2017 mrueckert@suse.de
  - update to 1.11.10
    - Change: cache header format has been changed, previously cached
      responses will be invalidated.
    - Feature: support of "stale-while-revalidate" and
      "stale-if-error" extensions in the "Cache-Control" backend
      response header line.
    - Feature: the "proxy_cache_background_update",
      "fastcgi_cache_background_update",
      "scgi_cache_background_update", and
      "uwsgi_cache_background_update" directives.
    - Feature: nginx is now able to cache responses with the "Vary"
      header line up to 128 characters long (instead of 42 characters
      in previous versions).
    - Feature: the "build" parameter of the "server_tokens"
      directive.  Thanks to Tom Thorogood.
    - Bugfix: "[crit] SSL_write() failed" messages might appear in
      logs when handling requests with the "Expect: 100-continue"
      request header line.
    - Bugfix: the ngx_http_slice_module did not work in named
      locations.
    - Bugfix: a segmentation fault might occur in a worker process
      when using AIO after an "X-Accel-Redirect" redirection.
    - Bugfix: reduced memory consumption for long-lived requests
      using gzipping.
* Mon Jan 30 2017 mrueckert@suse.de
  - update to 1.11.9
    - Bugfix: nginx might hog CPU when using the stream module; the
      bug had appeared in 1.11.5.
    - Bugfix: EXTERNAL authentication mechanism in mail proxy was
      accepted even if it was not enabled in the configuration.
    - Bugfix: a segmentation fault might occur in a worker process if
      the "ssl_verify_client" directive of the stream module was
      used.
    - Bugfix: the "ssl_verify_client" directive of the stream module
      might not work.
    - Bugfix: closing keepalive connections due to no free worker
      connections might be too aggressive.  Thanks to Joel
      Cunningham.
    - Bugfix: an incorrect response might be returned when using the
      "sendfile" directive on FreeBSD and macOS; the bug had appeared
      in 1.7.8.
    - Bugfix: a truncated response might be stored in cache when
      using the "aio_write" directive.
    - Bugfix: a socket leak might occur when using the "aio_write"
      directive.
* Sat Jan 07 2017 mrueckert@suse.de
  - update to 1.11.8
    - Feature: the "absolute_redirect" directive.
    - Feature: the "escape" parameter of the "log_format" directive.
    - Feature: client SSL certificates verification in the stream
      module.
    - Feature: the "ssl_session_ticket_key" directive supports AES256
      encryption of TLS session tickets when used with 80-byte keys.
    - Feature: vim-commentary support in vim scripts.  Thanks to
      Armin Grodon.
    - Bugfix: recursion when evaluating variables was not limited.
    - Bugfix: in the ngx_stream_ssl_preread_module.
    - Bugfix: if a server in an upstream in the stream module failed,
      it was considered alive only when a test connection sent to it
      after fail_timeout was closed; now a successfully established
      connection is enough.
    - Bugfix: nginx/Windows could not be built with 64-bit Visual
      Studio.
    - Bugfix: nginx/Windows could not be built with OpenSSL 1.1.0.
  - changes in 1.11.7
    - Change: now in case of a client certificate verification error
      the $ssl_client_verify variable contains a string with the
      failure reason, for example, "FAILED:certificate has expired".
    - Feature: the $ssl_ciphers, $ssl_curves, $ssl_client_v_start,
      $ssl_client_v_end, and $ssl_client_v_remain variables.
    - Feature: the "volatile" parameter of the "map" directive.
    - Bugfix: dependencies specified for a module were ignored while
      building dynamic modules.
    - Bugfix: when using HTTP/2 and the "limit_req" or "auth_request"
      directives client request body might be corrupted; the bug had
      appeared in 1.11.0.
    - Bugfix: a segmentation fault might occur in a worker process
      when using HTTP/2; the bug had appeared in 1.11.3.
    - Bugfix: in the ngx_http_mp4_module.  Thanks to Congcong Hu.
    - Bugfix: in the ngx_http_perl_module.
  - changes in 1.11.6
    - Change: format of the $ssl_client_s_dn and $ssl_client_i_dn
      variables has been changed to follow RFC 2253 (RFC 4514);
      values in the old format are available in the
      $ssl_client_s_dn_legacy and $ssl_client_i_dn_legacy variables.
    - Change: when storing temporary files in a cache directory they
      will be stored in the same subdirectories as corresponding
      cache files instead of a separate subdirectory for temporary
      files.
    - Feature: EXTERNAL authentication mechanism support in mail
      proxy.  Thanks to Robert Norris.
    - Feature: WebP support in the ngx_http_image_filter_module.
    - Feature: variables support in the "proxy_method" directive.
      Thanks to Dmitry Lazurkin.
    - Feature: the "http2_max_requests" directive in the
      ngx_http_v2_module.
    - Feature: the "proxy_cache_max_range_offset",
      "fastcgi_cache_max_range_offset",
      "scgi_cache_max_range_offset", and
      "uwsgi_cache_max_range_offset" directives.
    - Bugfix: graceful shutdown of old worker processes might require
      infinite time when using HTTP/2.
    - Bugfix: in the ngx_http_mp4_module.
    - Bugfix: "ignore long locked inactive cache entry" alerts might
      appear in logs when proxying WebSocket connections with caching
      enabled.
    - Bugfix: nginx did not write anything to log and returned a
      response with code 502 instead of 504 when a timeout occurred
      during an SSL handshake to a backend.
  - changes in 1.11.5
    - Change: the --with-ipv6 configure option was removed, now IPv6
      support is configured automatically.
    - Change: now if there are no available servers in an upstream,
      nginx will not reset number of failures of all servers as it
      previously did, but will wait for fail_timeout to expire.
    - Feature: the ngx_stream_ssl_preread_module.
    - Feature: the "server" directive in the "upstream" context
      supports the "max_conns" parameter.
    - Feature: the --with-compat configure option.
    - Feature: "manager_files", "manager_threshold", and
      "manager_sleep" parameters of the "proxy_cache_path",
      "fastcgi_cache_path", "scgi_cache_path", and "uwsgi_cache_path"
      directives.
    - Bugfix: flags passed by the --with-ld-opt configure option were
      not used while building perl module.
    - Bugfix: in the "add_after_body" directive when used with the
      "sub_filter" directive.
    - Bugfix: in the $realip_remote_addr variable.
    - Bugfix: the "dav_access", "proxy_store_access",
      "fastcgi_store_access", "scgi_store_access", and
      "uwsgi_store_access" directives ignored permissions specified
      for user.
    - Bugfix: unix domain listen sockets might not be inherited
      during binary upgrade on Linux.
    - Bugfix: nginx returned the 400 response on requests with the
      "-" character in the HTTP method.
  - update headers-more-nginx-module 0.32
    - tests: skipped the newly added test case that cannot run in
      check leak test mode.
    - bugfix: more_set_input_headers: skips setting multi-value
      headers for bad requests to avoid segfaults.
    - skipped check leak mode for two test cases using malformed
      requests.
    - doc: claims that we work with 1.10.x since it is essentially
      the same as 1.9.x.
    - bugfix: fixed a typo in an error message.
    - bugfix: when the nginx core does not properly initialize
      r->headers_in.headers (due to 400 bad requests and etc),
      more_set_input_headers might lead to crashes. thanks Marcin
      Teodorczyk for the report.
  - update nginx-rtmp-module 1.1.10
    - support for nginx 1.11.5-style cache-manager
  - update patches to apply cleanly again
    check_1.9.2+.patch
    nginx-1.6.1-default_config.patch
* Mon Oct 10 2016 mrueckert@suse.de
  - Fix the logrotate script: we had a hardcoded postrotate action
    pointing to /etc/init.d/nginx. This does not exist anymore on
    systemd hosts. Replace it with /usr/sbin/nginx -s reopen,  which
    will use the pid file passed in the config file or the compiled
    in default path.
* Thu Sep 29 2016 mrueckert@suse.de
  - update to 1.11.4
    - Feature: the $upstream_bytes_received variable.
    - Feature: the $bytes_received, $session_time, $protocol,
      $status, $upstream_addr, $upstream_bytes_sent,
      $upstream_bytes_received, $upstream_connect_time,
      $upstream_first_byte_time, and $upstream_session_time variables
      in the stream module.
    - Feature: the ngx_stream_log_module.
    - Feature: the "proxy_protocol" parameter of the "listen"
      directive, the $proxy_protocol_addr and $proxy_protocol_port
      variables in the stream module.
    - Feature: the ngx_stream_realip_module.
    - Bugfix: nginx could not be built with the stream module and the
      ngx_http_ssl_module, but without ngx_stream_ssl_module; the bug
      had appeared in 1.11.3.
    - Feature: the IP_BIND_ADDRESS_NO_PORT socket option was not
      used; the bug had appeared in 1.11.2.
    - Bugfix: in the "ranges" parameter of the "geo" directive.
    - Bugfix: an incorrect response might be returned when using the
      "aio threads" and "sendfile" directives; the bug had appeared
      in 1.9.13.
  - drop nginx-1.11.3_ssl_stream.patch again
  - refreshed the following patches to apply cleanly again
    check_1.9.2+.patch
    nginx-1.11.2-html.patch
    nginx-1.11.2-no_Werror.patch
    nginx-aio.patch
* Wed Aug 24 2016 mrueckert@suse.de
  - update to 1.11.3
    - Change: now the "accept_mutex" directive is turned off by
      default.
    - Feature: now nginx uses EPOLLEXCLUSIVE on Linux.
    - Feature: the ngx_stream_geo_module.
    - Feature: the ngx_stream_geoip_module.
    - Feature: the ngx_stream_split_clients_module.
    - Feature: variables support in the "proxy_pass" and
      "proxy_ssl_name" directives in the stream module.
    - Bugfix: socket leak when using HTTP/2.
    - Bugfix: in configure tests.  Thanks to Piotr Sikora.
  - backport nginx-1.11.3_ssl_stream.patch from hg
  - refresh patches to apply cleanly again:
    - check_1.9.2+.patch
    - nginx-1.11.2-html.patch
    - nginx-1.11.2-no_Werror.patch
    - nginx-aio.patch
  - enable a few new upstream modules and move some from 1.11.x to
    dynamic:
    - stream_geoip_module
    - mail_ssl_module
    - stream_ssl_module
  - build fancyindex unconditionally and update it to 0.4.1
    - New `fancyindex_directories_first` configuration directive
      (enabled by default), which allows setting whether directories
      are sorted before other files.
      (Patch by Luke Zapart <<luke@zapart.org>>.)
    - Fix index files not working when the fancyindex module is in
      use (#46).
    - The module can now be built as a [dynamic
      module](https://www.nginx.com/resources/wiki/extending/converting/).
      (Patch by Róbert Nagy <<vrnagy@gmail.com>>.)
    - New configuration directive `fancyindex_show_path`, which
      allows hiding the `<h1>` header which contains the current
      path.  (Patch by Thomas P.  <<tpxp@live.fr>>.)
    - Directory and file links in listings now have a title="..."
      attribute.  (Patch by `@janglapuk` <<trusdi.agus@gmail.com>>.)
    - Fix for hung requests when the module is used along with
      `ngx_pagespeed`.
      (Patch by Otto van der Schaaf <<oschaaf@we-amp.com>>.)
    - New feature: Allow filtering out symbolic links using the
      `fancyindex_hide_symlinks` configuration directive. (Idea and
      prototype patch by Thomas Wemm.)
    - New feature: Allow specifying the format of timestamps using
      the `fancyindex_time_format` configuration directive. (Idea
      suggested by Xiao Meng <<novoreorx@gmail.com>>).
    - Listings in top-level directories will not generate a "Parent
      Directory" link as first element of the listing.
      (Patch by Thomas P.)
    - Fix propagation and overriding of the `fancyindex_css_href`
      setting inside nested locations.
    - Minor changes in the code to allow building cleanly under
      Windows with Visual Studio 2013.
      (Patch by Y. Yuan <<yzwduck@gmail.com>>).
  - added nginx-rtmp-module
  - make all modules dynamic that support it:
    - ngx-fancyindex
    - headers_more_nginx-module
    - nginx-rtmp-module
  - manually install the docs instead of using %doc
  - unify how we install documentation for the modules
  - restructure contrib file handling
    - moved vim files into the normal vim paths so we can use them
      directly
    - new BR/R: vim
    - split out vim files into a subpackage vim-plugin-nginx so we
      dont have the vim requires on the main package
    - perl scripts are moved to /usr/share/nginx/
* Fri Aug 05 2016 rodrigo.oshiro@emc.com
  - update to 1.11.2
    * Change: now nginx always uses internal MD5 and SHA1 implementations;
      the --with-md5 and --with-sha1 configure options were canceled.
    * Feature: variables support in the stream module.
    * Feature: the ngx_stream_map_module.
    * Feature: the ngx_stream_return_module.
    * Feature: a port can be specified in the "proxy_bind", "fastcgi_bind",
      "memcached_bind", "scgi_bind", and "uwsgi_bind" directives.
    * Feature: now nginx uses the IP_BIND_ADDRESS_NO_PORT socket option
      when available.
    * Bugfix: a segmentation fault might occur in a worker process when
      using HTTP/2 and the "proxy_request_buffering" directive.
    * Bugfix: the "Content-Length" request header line was always added to
      requests passed to backends, including requests without body, when
      using HTTP/2.
    * Bugfix: "http request count is zero" alerts might appear in logs when
      using HTTP/2.
    * Bugfix: unnecessary buffering might occur when using the "sub_filter"
      directive; the issue had appeared in 1.9.4.
  - the following modules were added:
    headers-more-nginx-module
    nginx_upstream_check_module
  - added patches:
    nginx-1.11.2-html.patch
    nginx-1.11.2-no_Werror.patch
    check_1.9.2+.patch
  - dropped patches:
    nginx-1.10.0-html.patch
    nginx-1.10.0-no_Werror.patch
* Thu Jun 02 2016 mrueckert@suse.de
  - in the sysvinit script use the pid file in /var/run
* Wed Jun 01 2016 mrueckert@suse.de
  - update to 1.10.1 (bsc# 982505)
    Security: a segmentation fault might occur in a worker process
    while writing a specially crafted request body to a temporary
    file (CVE-2016-4450); the bug had appeared in 1.3.9.
* Sun May 15 2016 mrueckert@suse.de
  - improve conditionals
    - merge the 12.2 and 12.1 based conditionals into 1 as both of
      them are out of support now.
    - enable pcre JIT
    - make use if libatomic_ops on Leap
* Sun May 15 2016 mrueckert@suse.de
  - enable dynamic modules for intree modules. The following modules
    are built as loadable modules now:
    ngx_http_geoip_module.so
    ngx_http_image_filter_module.so
    ngx_http_perl_module.so
    ngx_http_xslt_filter_module.so
    ngx_mail_module.so
    ngx_stream_module.so
    You will have to load those modules with load_module.
    http://nginx.org/en/docs/ngx_core_module.html#load_module
    The correct syntax for this package is:
    [#] For 64bit machines:
    load_module lib64/nginx/modules/ngx_http_geoip_module.so;
    [#] For 32bit machines:
    load_module lib/nginx/modules/ngx_http_geoip_module.so;
    Examples for all the intree modules have been added to the
    default nginx.conf
  - patches updated:
    nginx-1.6.1-default_config.patch - added load_module example
* Sun May 15 2016 mrueckert@suse.de
  - enable slice and stream module
* Fri May 06 2016 dmacvicar@suse.de
  - update to version 1.10.0 stable
    * Bugfix: "recv() failed" errors might occur when using HHVM as a
      FastCGI server.
    * Bugfix: when using HTTP/2 and the "limit_req" or "auth_request"
      directives a timeout or a "client violated flow control" error might
      occur while reading client request body; the bug had appeared in
      1.9.14.
    * Workaround: a response might not be shown by some browsers if HTTP/2
      was used and client request body was not fully read; the bug had
      appeared in 1.9.14.
    * Bugfix: connections might hang when using the "aio threads"
      directive.
      Thanks to Mindaugas Rasiukevicius.
    * Feature: OpenSSL 1.1.0 compatibility.
    * Feature: the "proxy_request_buffering", "fastcgi_request_buffering",
      "scgi_request_buffering", and "uwsgi_request_buffering" directives
      now work with HTTP/2.
    * Bugfix: "zero size buf in output" alerts might appear in logs when
      using HTTP/2.
    * Bugfix: the "client_max_body_size" directive might work incorrectly
      when using HTTP/2.
    * Bugfix: of minor bugs in logging.
    * Change: non-idempotent requests (POST, LOCK, PATCH) are no longer
      passed to the next server by default if a request has been sent to a
      backend; the "non_idempotent" parameter of the "proxy_next_upstream"
      directive explicitly allows retrying such requests.
    * Feature: the ngx_http_perl_module can be built dynamically.
    * Feature: UDP support in the stream module.
    * Feature: the "aio_write" directive.
    * Feature: now cache manager monitors number of elements in caches and
      tries to avoid cache keys zone overflows.
    * Bugfix: "task already active" and "second aio post" alerts might
      appear in logs when using the "sendfile" and "aio" directives with
      subrequests.
    * Bugfix: "zero size buf in output" alerts might appear in logs if
      caching was used and a client closed a connection prematurely.
    * Bugfix: connections with clients might be closed needlessly if
      caching was used.
      Thanks to Justin Li.
    * Bugfix: nginx might hog CPU if the "sendfile" directive was used on
      Linux or Solaris and a file being sent was changed during sending.
    * Bugfix: connections might hang when using the "sendfile" and "aio
      threads" directives.
    * Bugfix: in the "proxy_pass", "fastcgi_pass", "scgi_pass", and
      "uwsgi_pass" directives when using variables.
      Thanks to Piotr Sikora.
    * Bugfix: in the ngx_http_sub_filter_module.
    * Bugfix: if an error occurred in a cached backend connection, the
      request was passed to the next server regardless of the
      proxy_next_upstream directive.
    * Bugfix: "CreateFile() failed" errors when creating temporary files on
      Windows.
    * Feature: Huffman encoding of response headers in HTTP/2.
      Thanks to Vlad Krasnov.
    * Feature: the "worker_cpu_affinity" directive now supports more than
      64 CPUs.
    * Bugfix: compatibility with 3rd party C++ modules; the bug had
      appeared in 1.9.11.
      Thanks to Piotr Sikora.
    * Bugfix: nginx could not be built statically with OpenSSL on Linux;
      the bug had appeared in 1.9.11.
    * Bugfix: the "add_header ... always" directive with an empty value did
      not delete "Last-Modified" and "ETag" header lines from error
      responses.
    * Workaround: "called a function you should not call" and "shutdown
      while in init" messages might appear in logs when using OpenSSL
      1.0.2f.
    * Bugfix: invalid headers might be logged incorrectly.
    * Bugfix: socket leak when using HTTP/2.
    * Bugfix: in the ngx_http_v2_module.
    * Feature: TCP support in resolver.
    * Feature: dynamic modules.
    * Bugfix: the $request_length variable did not include size of request
      headers when using HTTP/2.
    * Bugfix: in the ngx_http_v2_module.
    * Security: invalid pointer dereference might occur during DNS server
      response processing if the "resolver" directive was used, allowing an
      attacker who is able to forge UDP packets from the DNS server to
      cause segmentation fault in a worker process (CVE-2016-0742).
    * Security: use-after-free condition might occur during CNAME response
      processing if the "resolver" directive was used, allowing an attacker
      who is able to trigger name resolution to cause segmentation fault in
      a worker process, or might have potential other impact
      (CVE-2016-0746).
    * Security: CNAME resolution was insufficiently limited if the
      "resolver" directive was used, allowing an attacker who is able to
      trigger arbitrary name resolution to cause excessive resource
      consumption in worker processes (CVE-2016-0747).
    * Feature: the "auto" parameter of the "worker_cpu_affinity" directive.
    * Bugfix: the "proxy_protocol" parameter of the "listen" directive did
      not work with IPv6 listen sockets.
    * Bugfix: connections to upstream servers might be cached incorrectly
      when using the "keepalive" directive.
    * Bugfix: proxying used the HTTP method of the original request after
      an "X-Accel-Redirect" redirection.
    * Bugfix: proxying to unix domain sockets did not work when using
      variables; the bug had appeared in 1.9.8.
    * Feature: pwritev() support.
    * Feature: the "include" directive inside the "upstream" block.
    * Feature: the ngx_http_slice_module.
    * Bugfix: a segmentation fault might occur in a worker process when
      using LibreSSL; the bug had appeared in 1.9.6.
    * Bugfix: nginx could not be built on OS X in some cases.
    * Feature: the "nohostname" parameter of logging to syslog.
    * Feature: the "proxy_cache_convert_head" directive.
    * Feature: the $realip_remote_addr variable in the
      ngx_http_realip_module.
    * Bugfix: the "expires" directive might not work when using variables.
    * Bugfix: a segmentation fault might occur in a worker process when
      using HTTP/2; the bug had appeared in 1.9.6.
    * Bugfix: if nginx was built with the ngx_http_v2_module it was
      possible to use the HTTP/2 protocol even if the "http2" parameter of
      the "listen" directive was not specified.
    * Bugfix: in the ngx_http_v2_module.
    * Bugfix: a segmentation fault might occur in a worker process when
      using HTTP/2.
      Thanks to Piotr Sikora and Denis Andzakovic.
    * Bugfix: the $server_protocol variable was empty when using HTTP/2.
    * Bugfix: backend SSL connections in the stream module might be timed
      out unexpectedly.
    * Bugfix: a segmentation fault might occur in a worker process if
      different ssl_session_cache settings were used in different virtual
      servers.
    * Bugfix: nginx/Windows could not be built with MinGW gcc; the bug had
      appeared in 1.9.4.
      Thanks to Kouhei Sutou.
    * Bugfix: time was not updated when the timer_resolution directive was
      used on Windows.
    * Miscellaneous minor fixes and improvements.
      Thanks to Markus Linnala, Kurtis Nusbaum and Piotr Sikora.
    * Feature: the ngx_http_v2_module (replaces ngx_http_spdy_module).
      Thanks to Dropbox and Automattic for sponsoring this work.
    * Change: now the "output_buffers" directive uses two buffers by
      default.
    * Change: now nginx limits subrequests recursion, not simultaneous
      subrequests.
    * Change: now nginx checks the whole cache key when returning a
      response from cache.
      Thanks to Gena Makhomed and Sergey Brester.
    * Bugfix: "header already sent" alerts might appear in logs when using
      cache; the bug had appeared in 1.7.5.
    * Bugfix: "writev() failed (4: Interrupted system call)" errors might
      appear in logs when using CephFS and the "timer_resolution" directive
      on Linux.
    * Bugfix: in invalid configurations handling.
      Thanks to Markus Linnala.
    * Bugfix: a segmentation fault occurred in a worker process if the
      "sub_filter" directive was used at http level; the bug had appeared
      in 1.9.4.
    * Change: the "proxy_downstream_buffer" and "proxy_upstream_buffer"
      directives of the stream module are replaced with the
      "proxy_buffer_size" directive.
    * Feature: the "tcp_nodelay" directive in the stream module.
    * Feature: multiple "sub_filter" directives can be used simultaneously.
    * Feature: variables support in the search string of the "sub_filter"
      directive.
    * Workaround: configuration testing might fail under Linux OpenVZ.
      Thanks to Gena Makhomed.
    * Bugfix: old worker processes might hog CPU after reconfiguration with
      a large number of worker_connections.
    * Bugfix: a segmentation fault might occur in a worker process if the
      "try_files" and "alias" directives were used inside a location given
      by a regular expression; the bug had appeared in 1.7.1.
    * Bugfix: the "try_files" directive inside a nested location given by a
      regular expression worked incorrectly if the "alias" directive was
      used in the outer location.
    * Bugfix: in hash table initialization error handling.
    * Bugfix: nginx could not be built with Visual Studio 2015.
    * Change: duplicate "http", "mail", and "stream" blocks are now
      disallowed.
    * Feature: connection limiting in the stream module.
    * Feature: data rate limiting in the stream module.
    * Bugfix: the "zone" directive inside the "upstream" block did not work
      on Windows.
    * Bugfix: compatibility with LibreSSL in the stream module.
      Thanks to Piotr Sikora.
    * Bugfix: in the "--builddir" configure parameter.
      Thanks to Piotr Sikora.
    * Bugfix: the "ssl_stapling_file" directive did not work; the bug had
      appeared in 1.9.2.
      Thanks to Faidon Liambotis and Brandon Black.
    * Bugfix: a segmentation fault might occur in a worker process if the
      "ssl_stapling" directive was used; the bug had appeared in 1.9.2.
      Thanks to Matthew Baldwin.
    * Feature: the "backlog" parameter of the "listen" directives of the
      mail proxy and stream modules.
    * Feature: the "allow" and "deny" directives in the stream module.
    * Feature: the "proxy_bind" directive in the stream module.
    * Feature: the "proxy_protocol" directive in the stream module.
    * Feature: the -T switch.
    * Feature: the REQUEST_SCHEME parameter added to the fastcgi.conf,
      fastcgi_params, scgi_params, and uwsgi_params standard configuration
      files.
    * Bugfix: the "reuseport" parameter of the "listen" directive of the
      stream module did not work.
    * Bugfix: OCSP stapling might return an expired OCSP response in some
      cases.
    * Change: now SSLv3 protocol is disabled by default.
    * Change: some long deprecated directives are not supported anymore.
    * Feature: the "reuseport" parameter of the "listen" directive.
      Thanks to Yingqi Lu at Intel and Sepherosa Ziehau.
    * Feature: the $upstream_connect_time variable.
    * Bugfix: in the "hash" directive on big-endian platforms.
    * Bugfix: nginx might fail to start on some old Linux variants; the bug
      had appeared in 1.7.11.
    * Bugfix: in IP address parsing.
      Thanks to Sergey Polovko.
    * Change: obsolete aio and rtsig event methods have been removed.
    * Feature: the "zone" directive inside the "upstream" block.
    * Feature: the stream module.
    * Feature: byte ranges support in the ngx_http_memcached_module.
      Thanks to Martin Mlynář.
    * Feature: shared memory can now be used on Windows versions with
      address space layout randomization.
      Thanks to Sergey Brester.
    * Feature: the "error_log" directive can now be used on mail and server
      levels in mail proxy.
    * Bugfix: the "proxy_protocol" parameter of the "listen" directive did
      not work if not specified in the first "listen" directive for a
      listen socket.
  - removed patches already present upstream
    * nginx-0.4.0-no_Werror.patch
  - refreshed patches
    * nginx-0.6.38-html.patch to nginx-1.10.0-html.patch
    * nginx-0.4.0-no_Werror.patch to nginx-1.10.0-no_Werror.patch
    * merged nginx-1.0.15_docs.patch in nginx-1.10.0-html.patch
  - config option with-http_spdy_module is now with-http_v2_module
* Thu Jan 28 2016 i@marguerite.su
  - update version 1.8.1 stable
    * Security: invalid pointer dereference might occur during DNS server
      response processing if the "resolver" directive was used, allowing an
      attacker who is able to forge UDP packets from the DNS server to
      cause segmentation fault in a worker process (CVE-2016-0742). boo#963781
     * Security: use-after-free condition might occur during CNAME response
      processing if the "resolver" directive was used, allowing an attacker
      who is able to trigger name resolution to cause segmentation fault in
      a worker process, or might have potential other impact
      (CVE-2016-0746). boo#963778
     * Security: CNAME resolution was insufficiently limited if the
      "resolver" directive was used, allowing an attacker who is able to
      trigger arbitrary name resolution to cause excessive resource
      consumption in worker processes (CVE-2016-0747). boo#963775
     * Bugfix: the "proxy_protocol" parameter of the "listen" directive did
      not work if not specified in the first "listen" directive for a
      listen socket.
    * Bugfix: nginx might fail to start on some old Linux variants; the bug
      had appeared in 1.7.11.
    * Bugfix: a segmentation fault might occur in a worker process if the
      "try_files" and "alias" directives were used inside a location given
      by a regular expression; the bug had appeared in 1.7.1.
    * Bugfix: the "try_files" directive inside a nested location given by a
      regular expression worked incorrectly if the "alias" directive was
      used in the outer location.
    * Bugfix: "header already sent" alerts might appear in logs when using
      cache; the bug had appeared in 1.7.5.
    * Bugfix: a segmentation fault might occur in a worker process if
      different ssl_session_cache settings were used in different virtual
      servers.
    * Bugfix: the "expires" directive might not work when using variables.
    * Bugfix: if nginx was built with the ngx_http_spdy_module it was
      possible to use the SPDY protocol even if the "spdy" parameter of the
      "listen" directive was not specified.
* Fri Oct 16 2015 mrueckert@suse.de
  - use libGeoIP-devel everywhere
* Fri Oct 16 2015 mrueckert@suse.de
  - replace custom "kill -QUIT" with the kill signal setting in
    the service file
* Fri Oct 16 2015 mrueckert@suse.de
  - clean up conditionals and use bcond_with* everywhere
  - drop passenger support for now
    * drop nginx-1.8.0-passenger-4.0.18.patch
    * drop nginx-1.4.2-passenger-4.0.18.patch
* Thu Jun 11 2015 i@marguerite.su
  - update version 1.8.0 stable
    * refer to http://nginx.org/en/CHANGES-1.8 for 1.7.x changes
  - enable thread pools invented in nginx 1.7.11
  - refactor nginx-1.4.2-passenger_fix.patch
    * rename to nginx-1.4.2-passenger-4.0.18.patch
    * remove zero_in_uri usage
  - add patch: nginx-1.8.0-passenger-4.0.18.patch
    * fix "warning: comparison between pointer and integer"
      and "error: invalid type argument of ‘->’ (have ‘int’)"
  - drop nginx-1.4.4-passenger-4.0.33_fix.patch
    * webyast is dead, we only enable passenger on 13.1 and below,
      for compatibility. this patch will never be applied now.
  - drop nginx-1.4.4-passenger-3.0.12_fix.patch
    * this patch intended to be applied on < 13.1 machines, but
      13.1 is the oldest one we still have to build against.
  - update fancyindex to version 0.3.5
* Sun Apr 12 2015 mrueckert@suse.de
  - disable libatomic-ops on SLE12 for now. the library seems not
    available there.
* Sun Apr 12 2015 mrueckert@suse.de
  - enable ngx_http_auth_request_module
* Sun Apr 12 2015 mrueckert@suse.de
  - update version 1.6.3 stable
    - Feature: now the "tcp_nodelay" directive works with SPDY
      connections.
    - Bugfix: in error handling.  Thanks to Yichun Zhang and Daniil
      Bondarev.
    - Bugfix: alerts "header already sent" appeared in logs if the
      "post_action" directive was used; the bug had appeared in
      1.5.4.
    - Bugfix: alerts "sem_post() failed" might appear in logs.
    - Bugfix: in hash table handling.  Thanks to Chris West.
    - Bugfix: in integer overflow handling.  Thanks to Régis Leroy.
  - no longer install the init script when using systemd service file
  - create rcnginx for systemd case
* Wed Mar 25 2015 vpereirabr@opensuse.org
  - On OpenSUSE 13.2, it requires libGeoIP-devel

Files

/etc/logrotate.d/nginx
/etc/nginx
/etc/nginx/conf.d
/etc/nginx/fastcgi.conf
/etc/nginx/fastcgi.conf.default
/etc/nginx/fastcgi_params
/etc/nginx/fastcgi_params.default
/etc/nginx/koi-utf
/etc/nginx/koi-win
/etc/nginx/mime.types
/etc/nginx/mime.types.default
/etc/nginx/nginx.conf
/etc/nginx/nginx.conf.default
/etc/nginx/scgi_params
/etc/nginx/scgi_params.default
/etc/nginx/uwsgi_params
/etc/nginx/uwsgi_params.default
/etc/nginx/vhosts.d
/etc/nginx/win-utf
/srv/www/htdocs/50x.html
/usr/lib/perl5/vendor_perl/5.26.1/ppc64le-linux-thread-multi/auto/nginx
/usr/lib/perl5/vendor_perl/5.26.1/ppc64le-linux-thread-multi/auto/nginx/nginx.so
/usr/lib/perl5/vendor_perl/5.26.1/ppc64le-linux-thread-multi/nginx.pm
/usr/lib/systemd/system/nginx.service
/usr/lib/sysusers.d/nginx.conf
/usr/lib64/nginx
/usr/lib64/nginx/modules
/usr/lib64/nginx/modules/ngx_http_image_filter_module.so
/usr/lib64/nginx/modules/ngx_http_perl_module.so
/usr/lib64/nginx/modules/ngx_http_xslt_filter_module.so
/usr/lib64/nginx/modules/ngx_mail_module.so
/usr/lib64/nginx/modules/ngx_stream_module.so
/usr/sbin/nginx
/usr/sbin/rcnginx
/usr/share/doc/packages/nginx
/usr/share/doc/packages/nginx/CHANGES
/usr/share/doc/packages/nginx/CHANGES.ru
/usr/share/doc/packages/nginx/LICENSE
/usr/share/man/man3/nginx.3pm.gz
/usr/share/nginx
/usr/share/nginx/geo2nginx.pl
/usr/share/nginx/unicode2nginx
/usr/share/nginx/unicode2nginx/koi-utf
/usr/share/nginx/unicode2nginx/unicode-to-nginx.pl
/usr/share/nginx/unicode2nginx/win-utf
/var/lib/nginx
/var/lib/nginx/fastcgi
/var/lib/nginx/proxy
/var/lib/nginx/scgi
/var/lib/nginx/tmp
/var/lib/nginx/uwsgi
/var/log/nginx


Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Aug 9 15:55:55 2022