123 Commits

Author SHA1 Message Date
Andrej Kozemcak 61bc94423e nginx: upgrade 1.30.2 -> 1.30.3
Changes with nginx 1.30.3

*) Security: a heap memory buffer overflow might occur in a worker
   process when using a configuration with "ignore_invalid_headers off;"
   and "large_client_header_buffers" with large configured values when
   proxying a specially crafted request to HTTP/2 or gRPC backend,
   allowing an attacker to cause worker process memory corruption or
   segmentation fault in a worker process (CVE-2026-42055).

*) Security: a heap memory buffer overread might occur in a worker
   process while handling a specially sent response with decoding from
   UTF-8 via the "charset_map" directive, allowing an attacker to cause
   a limited disclosure of worker proccess memory or segmentation fault
   in a worker process (CVE-2026-48142).

Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-06-25 08:42:02 -07:00
Ankur Tyagi 39321ae90b nginx: upgrade 1.30.1 -> 1.30.2
Changes with nginx 1.30.2

*) Security: a heap memory buffer overflow might occur in a worker
   process when using a configuration with overlapping captures in
   ngx_http_rewrite_module, potentially resulting in arbitrary code
   execution (CVE-2026-9256).

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-05-22 21:01:00 -07:00
Ankur Tyagi a2b90ccd7b nginx: upgrade 1.30.0 -> 1.30.1
Changes with nginx 1.30.1

*) Security: when using the "proxy_set_body" directive, an attacker
   might inject data in the proxied request to an HTTP/2 backend
   (CVE-2026-42926).
*) Security: a heap memory buffer overflow might occur in a worker
   process while handling a specially crafted request by
   ngx_http_rewrite_module, potentially resulting in arbitrary code
   execution (CVE-2026-42945).
*) Security: a heap memory buffer overread might occur in a worker
   process while handling a specially crafted response by
   ngx_http_scgi_module or ngx_http_uwsgi_module, allowing an attacker
   to cause a disclosure of worker process memory or segmentation fault
   in a worker process (CVE-2026-42946).
*) Security: a heap memory buffer overread might occur in a worker
   process while handling a specially sent response with decoding from
   UTF-8 via the "charset_map" directive, allowing an attacker to cause
   a limited disclosure of worker proccess memory or segmentation fault
   in a worker process (CVE-2026-42934).
*) Security: when using HTTP/3, processing of connection migration might
   cause new QUIC streams to receive a new client address before
   validation, allowing an attacker to cause address spoofing
   (CVE-2026-40460).
*) Security: use-after-free might occur during DNS server response
   processing if the "ssl_ocsp" directive was used, allowing an attacker
   to cause worker process memory corruption or segmentation fault in a
   worker process (CVE-2026-40701).
*) Bugfix: connections with HTTP/2 backends might not be cached when
   using the "proxy_set_body" or "proxy_pass_request_body" directives.
*) Bugfix: proxied HTTP/0.9, SCGI, or uWSGI responses might be
   transferred incorrectly if the first line was not fully read.

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-05-21 17:20:21 -07:00
Ankur Tyagi d98d888df6 nginx: upgrade 1.29.7 -> 1.30.0
1.30.0 stable version has been released, incorporating new features and bug
fixes from the 1.29.x mainline branch (https://nginx.org/en/CHANGES-1.30)

Also dropped v1.28 support.

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-05-13 00:17:25 -07:00
Gyorgy Sarvari 81e1926faf nginx: upgrade 1.29.6 -> 1.29.7
Changes:
*) Security: a buffer overflow might occur while handling a COPY or MOVE
   request in a location with "alias", allowing an attacker to modify
   the source or destination path outside of the document root
   (CVE-2026-27654).

*) Security: processing of a specially crafted mp4 file by the
   ngx_http_mp4_module on 32-bit platforms might cause a worker process
   crash, or might have potential other impact (CVE-2026-27784).

*) Security: processing of a specially crafted mp4 file by the
   ngx_http_mp4_module might cause a worker process crash, or might have
   potential other impact (CVE-2026-32647).

*) Security: a segmentation fault might occur in a worker process if the
   CRAM-MD5 or APOP authentication methods were used and authentication
   retry was enabled (CVE-2026-27651).

*) Security: an attacker might use PTR DNS records to inject data in
   auth_http requests, as well as in the XCLIENT command in the backend
   SMTP connection (CVE-2026-28753).

*) Security: SSL handshake might succeed despite OCSP rejecting a client
   certificate in the stream module (CVE-2026-28755).

*) Feature: the "multipath" parameter of the "listen" directive.

*) Feature: the "local" parameter of the "keepalive" directive in the
   "upstream" block.
*) Change: now the "keepalive" directive in the "upstream" block is
   enabled by default.
*) Change: now ngx_http_proxy_module supports keepalive by default; the
   default value for "proxy_http_version" is "1.1"; the "Connection"
   proxy header is not sent by default anymore.
*) Bugfix: an invalid HTTP/2 request might be sent after switching to
   the next upstream if buffered body was used in the
   ngx_http_grpc_module.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-03-28 08:32:48 -07:00
Gyorgy Sarvari 34b3d0f491 nginx: upgrade 1.28.2 -> 1.28.3
Changes:
*) Security: a buffer overflow might occur while handling a COPY or MOVE
   request in a location with "alias", allowing an attacker to modify
   the source or destination path outside of the document root
   (CVE-2026-27654).

*) Security: processing of a specially crafted mp4 file by the
   ngx_http_mp4_module on 32-bit platforms might cause a worker process
   crash, or might have potential other impact (CVE-2026-27784).

*) Security: processing of a specially crafted mp4 file by the
   ngx_http_mp4_module might cause a worker process crash, or might have
   potential other impact (CVE-2026-32647).

*) Security: a segmentation fault might occur in a worker process if the
   CRAM-MD5 or APOP authentication methods were used and authentication
   retry was enabled (CVE-2026-27651).

*) Security: an attacker might use PTR DNS records to inject data in
   auth_http requests, as well as in the XCLIENT command in the backend
   SMTP connection (CVE-2026-28753).

*) Security: SSL handshake might succeed despite OCSP rejecting a client
   certificate in the stream module (CVE-2026-28755).

*) Change: now nginx limits the size and rate of QUIC stateless reset
   packets.

*) Bugfix: receiving a QUIC packet by a wrong worker process could cause
   the connection to terminate.

*) Bugfix: in the ngx_http_mp4_module.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-03-28 08:32:48 -07:00
Ankur Tyagi 757cf70943 nginx: upgrade 1.29.5 -> 1.29.6
Changelog:
* Feature: session affinity support; the "sticky" directive in the
"upstream" block of the "http" module; the "server" directive supports
the "route" and "drain" parameters.
* Change: now nginx limits the size and rate of QUIC stateless reset
packets.
* Bugfix: receiving a QUIC packet by a wrong worker process could cause the
connection to terminate.
* Bugfix: "[crit] cache file ... contains invalid header" messages might
appear in logs when sending a cached HTTP/2 response.
* Bugfix: proxying to scgi backends might not work when using chunked
transfer encoding and the "scgi_request_buffering" directive.
* Bugfix: in the ngx_http_mp4_module.
* Bugfix: nginx treated a comma as separator in the "Cookie" request header
line when evaluating "$cookie_..." variables.
* Bugfix: in IMAP command literal argument parsing.

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2026-03-18 14:33:26 -07:00
Gyorgy Sarvari cd0a0f605e nginx: upgrade 1.29.1 -> 1.29.5
License-Update: copyright year bump.

Changelog:
1.29.5:
- Security: an attacker might inject plain text data in the response
  from an SSL backend (CVE-2026-1642).
-  Bugfix: use-after-free might occur after switching to the next gRPC
  or HTTP/2 backend.
- Bugfix: an invalid HTTP/2 request might be sent after switching to
  the next upstream.
- Bugfix: a response with multiple ranges might be larger than the
  source response.
- Bugfix: fixed setting HTTP_HOST when proxying to FastCGI, SCGI, and
  uwsgi backends.
- Bugfix: fixed warning when compiling with MSVC 2022 x86.
- Change: the logging level of the "ech_required" SSL error has been
  lowered from "crit" to "info".

1.29.4:
- Feature: the ngx_http_proxy_module supports HTTP/2.
- Feature: Encrypted ClientHello TLS extension support when using
  OpenSSL ECH feature branch; the "ssl_ech_file" directive.
  Thanks to Stephen Farrell.
- Change: validation of host and port in the request line, "Host"
  header field, and ":authority" pseudo-header field has been changed
  to follow RFC 3986.
- Change: now a single LF used as a line terminator in a chunked
  request or response body is considered an error.
- Bugfix: when using HTTP/3 with OpenSSL 3.5.1 or newer a segmentation
  fault might occur in a worker process; the bug had appeared in
  1.29.1.
  Thanks to Jan Svojanovsky.
- Bugfix: a segmentation fault might occur in a worker process if the
 "try_files" directive and "proxy_pass" with a URI were used.

1.29.3:
- Feature: the "add_header_inherit" and "add_trailer_inherit"
  directives.
- Feature: the $request_port and $is_request_port variables.
- Feature: the $ssl_sigalg and $ssl_client_sigalg variables.
- Feature: the "volatile" parameter of the "geo" directive.
- Feature: now certificate compression is available with BoringSSL.
- Bugfix: now certificate compression is disabled with OCSP stapling.

1.29.2
- Feature: now nginx can be built with AWS-LC.
  Thanks Samuel Chiang.
- Bugfix: now the "ssl_protocols" directive works in a virtual server
  different from the default server when using OpenSSL 1.1.1 or newer.
- Bugfix: SSL handshake always failed when using TLSv1.3 with OpenSSL
  and client certificates and resuming a session with a different SNI
  value; the bug had appeared in 1.27.4.
- Bugfix: the "ignoring stale global SSL error" alerts might appear in
  logs when using QUIC and the "ssl_reject_handshake" directive; the
  bug had appeared in 1.29.0.
  Thanks to Vladimir Homutov.
- Bugfix: in delta-seconds processing in the "Cache-Control" backend
  response header line.
- Bugfix: an XCLIENT command didn't use the xtext encoding.
  Thanks to Igor Morgenstern of Aisle Research.
- Bugfix: in SSL certificate caching during reconfiguration.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2026-02-16 00:34:02 -08:00
Gyorgy Sarvari f2be1069f1 nginx: upgrade 1.28.1 -> 1.28.2
Changelog:
- Security: an attacker might inject plain text data in the response
  from an SSL backend (CVE-2026-1642).
- Bugfix: use-after-free might occur after switching to the next gRPC
  or HTTP/2 backend.
- Bugfix: fixed warning when compiling with MSVC 2022 x86.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2026-02-16 00:34:02 -08:00
Peter Marko 5d3936d5dd nginx: ignore CVE-2025-53859 for 1.28.1
Fix is included via commit [1].

[1] https://github.com/nginx/nginx/commit/fbbbf189dadf3bd59c2462af68c16f2c2874d4ee

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2026-01-12 10:25:56 -08:00
Gyorgy Sarvari d25aadbbb5 nginx: set CVE_PRODUCT
nginx has a long history, and has used multiple CPEs
over time. Set CVE_PRODUCT to reflect current and historic
vendor:product pairs.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2026-01-04 11:34:49 -08:00
Jason Schonberg 222c642564 nginx: upgrade 1.28.0 -> 1.28.1
Drop CVE patch which has been integrated into this new version.

Solves:
* CVE-2025-53859

CHANGES:
https://nginx.org/en/CHANGES-1.28

Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2026-01-04 11:06:41 -08:00
Hongxu Jia 3e308aacb0 nginx: switch to libpcre2
NGINX 1.22 and later supports PCRE2 [1]

[1] https://github.com/nginx/nginx/commit/c6fec0b027569a4e0b1d8aaee7dea0f2e4d6052b

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2025-12-01 08:45:52 -08:00
Peter Marko 93c4d2c9f6 nginx: patch CVE-2025-53859 in stable
Pick patch from nginx site which is also mentioned in [1].

[1] https://security-tracker.debian.org/tracker/CVE-2025-53859

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2025-08-25 20:07:19 -07:00
Peter Marko a41344f3bd nginx: upgrade mainline 1.27.4 -> 1.29.1
Solves CVE-2025-53859

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2025-08-25 20:07:19 -07:00
Peter Marko 3228b7d706 nginx: upgrade stable 1.26.3 -> 1.28.0
2025-04-23
nginx-1.28.0 stable version has been released, incorporating new
features and bug fixes from the 1.27.x mainline branch - including
memory usage and CPU usage optimizations in complex SSL configurations,
automatic re‑resolution of hostnames in upstream groups, performance
enhancements in QUIC, OCSP validation of client SSL certificates and
OCSP stapling support in the stream module, variables support in the
proxy_limit_rate, fastcgi_limit_rate, scgi_limit_rate, and
uwsgi_limit_rate directives, the proxy_pass_trailers directive, and
more.

License-Update: copyright years refreshed and removed C-style comments

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2025-08-25 20:07:19 -07:00
Changqing Li 569b675620 nginx: upgrade 1.27.3 to 1.27.4
License-Update: copyright year refreshed

Resolves:
* CVE-2025-23419

CHANGES:
https://nginx.org/en/CHANGES

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2025-02-16 23:42:42 -08:00
Changqing Li 66498315ca nginx: upgrade 1.26.2 to 1.26.3
Solves:
* CVE-2025-23419

CHANGES:
https://nginx.org/en/CHANGES-1.26

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2025-02-16 23:42:42 -08:00
Derek Straka 1f4b413ebe nginx: Upgrade mainline release version 1.27.1 -> 1.27.3
License-Update: License file negative and empty space changes

Signed-off-by: Derek Straka <derek@asterius.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-12-10 13:43:54 -08:00
Peter Marko 12a36136fe nginx: Upgrade mainline 1.25.3 -> 1.27.1
Solves:
* CVE-2024-7347
* CVE-2024-24989
* CVE-2024-24990
* CVE-2024-31079
* CVE-2024-32760
* CVE-2024-34161
* CVE-2024-35200

License-Update: copyright year refreshed

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-09-17 15:46:33 -07:00
Peter Marko d6504f150b nginx: Upgrade stable 1.26.0 -> 1.26.2
Solves:
* CVE-2024-7347
* CVE-2024-31079
* CVE-2024-32760
* CVE-2024-34161
* CVE-2024-35200

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-09-17 15:46:33 -07:00
Maxin John a944926d19 nginx: add PACKAGECONFIG knobs for fastcgi, scgi and uwsgi
fastcgi, scgi and uwsgi are enabled by default in nginx. Provide an
option to disable these features (that reduces binary size by 8%).

Signed-off-by: Maxin John <maxin.john@gehealthcare.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-07-23 08:41:14 -07:00
Khem Raj ffc64e9c6f recipes: Start WORKDIR -> UNPACKDIR transition
Replace references of WORKDIR with UNPACKDIR where it makes sense to do
so in preparation for changing the default value of UNPACKDIR.

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-05-23 08:44:44 -07:00
Peter Marko d0fd84b7df nginx: Upgrade stable 1.24.0 -> 1.26.0
nginx-1.26.0 stable version has been released, incorporating new
features and bug fixes from the 1.25.x mainline branch -
including experimental HTTP/3 support, HTTP/2 on a per-server basis
virtual servers in the stream module, passing stream connections to
listen sockets, and more.

License-Update: copyright years refreshed

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-04-30 17:02:36 -07:00
Maxim Perevozchikov c6a34cad53 nginx: Disable login for www user
Signed-off-by: Maxim Perevozchikov <m.perevozchikov@yadro.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-04-11 23:32:35 -07:00
Michael Haener b29195ce4c nginx: add http sub module feature
Providing the http sub module feature. The module works as a filter which
replaces a specific character string in a response with another character
string.

Signed-off-by: Michael Haener <michael.haener@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-01-19 09:51:05 -08:00
alperak 9d0d7d9d62 nginx: fix CVE-2023-44487
Upstream-Status: Backport from [https://github.com/nginx/nginx/commit/6ceef192e7af1c507826ac38a2d43f08bf265fb9]

WARNING: nginx-1.24.0-r0 do_cve_check: Found unpatched CVE (CVE-2023-44487)

This vulnerability exists between the following versions -> From(including) 1.9.5 Up to(including) 1.25.2

Signed-off-by: alperak <alperyasinak1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-01-11 12:11:36 -08:00
Derek Straka 8dc77ebf92 nginx: update versions for both the stable branch and mainline
Stable: None -> 1.24.0
Legacy Mainline 1.21.1 -> Removed

Signed-off-by: Derek Straka <derek@asterius.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-12-14 15:47:21 -08:00
Meenali Gupta dc4bef4648 nginx: upgrade 1.25.2 -> 1.25.3
Changelog:
===========
https://nginx.org/en/CHANGES

*) Change: improved detection of misbehaving clients when using HTTP/2.

*) Feature: startup speedup when using a large number of locations.
       Thanks to Yusuke Nojima.

*) Bugfix: a segmentation fault might occur in a worker process when
       using HTTP/2 without SSL; the bug had appeared in 1.25.1.

*) Bugfix: the "Status" backend response header line with an empty
       reason phrase was handled incorrectly.

*) Bugfix: memory leak during reconfiguration when using the PCRE2
       library.
       Thanks to ZhenZhong Wu.

*) Bugfixes and improvements in HTTP/3.

Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-12-14 07:53:24 -08:00
Joe Slater e0ac8eec48 nginx: add configure option
Support --with-http_xslt_module configure option via a PACKAGECONFIG
option.  The option is not added to the defaults.

Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-10-04 13:10:06 -07:00
Wang Mingyu 79b2c772d4 nginx: upgrade 1.25.1 -> 1.25.2
Changelog:
===========
 *) Feature: path MTU discovery when using HTTP/3.
 *) Feature: TLS_AES_128_CCM_SHA256 cipher suite support when using
    HTTP/3.
 *) Change: now nginx uses appname "nginx" when loading OpenSSL
    configuration.
 *) Change: now nginx does not try to load OpenSSL configuration if the
    --with-openssl option was used to built OpenSSL and the OPENSSL_CONF
    environment variable is not set.
 *) Bugfix: in the $body_bytes_sent variable when using HTTP/3.
 *) Bugfix: in HTTP/3.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-08-26 17:32:44 -07:00
Wang Mingyu 99d6fd5c0f nginx: upgrade 1.24.0 -> 1.25.1
Changelog:
==========
*) Feature: the "http2" directive, which enables HTTP/2 on a per-server
   basis; the "http2" parameter of the "listen" directive is now
   deprecated.
*) Change: HTTP/2 server push support has been removed.
*) Change: the deprecated "ssl" directive is not supported anymore.
*) Bugfix: in HTTP/3 when using OpenSSL.
*) Feature: experimental HTTP/3 support.

License-Update: Copyright year updated to 2023.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-07-20 19:08:57 -07:00
Michael Haener d7d987e01d nginx: upgrade to 1.24.0 release
Brings nginx to the current stable version.

Signed-off-by: Michael Haener <michael.haener@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-07-11 14:20:18 -07:00
Luke Schaefer 01884aeb0b nginx: Add stream Signed-off-by: Luke Schaefer <lukeschafer17@gmail.com>
Add stream support to nginx PACKAGECONFIG

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-06-27 13:44:47 -07:00
Wang Mingyu 184fd210ea nginx: upgrade 1.23.3 -> 1.23.4
Changelog:
===========
*) Change: now TLSv1.3 protocol is enabled by default.
*) Change: now nginx issues a warning if protocol parameters of a
   listening socket are redefined.
*) Change: now nginx closes connections with lingering if pipelining was
   used by the client.
*) Feature: byte ranges support in the ngx_http_gzip_static_module.
*) Bugfix: port ranges in the "listen" directive did not work; the bug
   had appeared in 1.23.3.
*) Bugfix: incorrect location might be chosen to process a request if a
   prefix location longer than 255 characters was used in the
   configuration.
*) Bugfix: non-ASCII characters in file names on Windows were not
   supported by the ngx_http_autoindex_module, the ngx_http_dav_module,
   and the "include" directive.
*) Change: the logging level of the "data length too long", "length too
   short", "bad legacy version", "no shared signature algorithms", "bad
   digest length", "missing sigalgs extension", "encrypted length too
   long", "bad length", "bad key update", "mixed handshake and non
   handshake data", "ccs received early", "data between ccs and
   finished", "packet length too long", "too many warn alerts", "record
   too small", and "got a fin before a ccs" SSL errors has been lowered
   from "crit" to "info".
*) Bugfix: a socket leak might occur when using HTTP/2 and the
   "error_page" directive to redirect errors with code 400.
*) Bugfix: messages about logging to syslog errors did not contain
   information that the errors happened while logging to syslog.
*) Workaround: "gzip filter failed to use preallocated memory" alerts
   appeared in logs when using zlib-ng.
*) Bugfix: in the mail proxy server.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-04-04 13:39:46 -07:00
Johannes Kirchmair 356b224344 redirect unwanted error message in nginx install
if we run opkg install nginx on our system (without systemd)
we end up getting the following message in the install process

$ opkg install nginx_1.20.1-r0_core2-64.ipk 
...
//var/lib/opkg/info/nginx.postinst: line 3: type: systemd-tmpfiles: not found

this confused some of my coworkers.
as installation also finishes correctly without sytemd-tmpfiles
and not having systemd-tempfiles is not really a problem, I think
we should redirect the message also to /dev/NULL

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-04-04 13:39:46 -07:00
Peter Johennecken 9937ffa5d2 nginx: added packagegroup for webdav module
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-03-31 10:42:43 -07:00
Wang Mingyu 1e48109bc5 nginx: upgrade 1.20.1 -> 1.23.3
CVE-2021-3618.patch
removed since it's included in 1.23.3

Changelog:
==========
*) Bugfix: an error might occur when reading PROXY protocol version 2
   header with large number of TLVs.

*) Bugfix: a segmentation fault might occur in a worker process if SSI
   was used to process subrequests created by other modules.
   Thanks to Ciel Zhao.

*) Workaround: when a hostname used in the "listen" directive resolves
   to multiple addresses, nginx now ignores duplicates within these
   addresses.

*) Bugfix: nginx might hog CPU during unbuffered proxying if SSL
   connections to backends were used.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-03-09 23:45:17 -08:00
Joshua Watt fe4c5cb101 nginx: Add ipv6 support
Adds a PACKAGECONFIG to enable ipv6 in nginx

Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-10-27 10:44:16 -07:00
Stefan Herbrechtsmeier ef3cc6e87b nginx: add gunzip PACKAGECONFIG
The nginx gunzip module is a filter that decompresses responses with
'Content-Encoding: gzip' for clients that do not support 'gzip' encoding
method. The module will be useful when it is desirable to store data
compressed to save space and reduce I/O costs.

Signed-off-by: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-03-29 08:33:41 -07:00
Ross Burton ef4f5c1f33 nginx: use ln -rs
lnr is deprecated, use ln -rs directly instead.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-11-11 06:36:53 -08:00
Nathan Rossi 967fe6730c nginx: Fix off_t size passed in configure
For linux, nginx will always compile with '-D_FILE_OFFSET_BITS=64'. This
means that off_t will always be 8 bytes long, even on 32-bit targets.

This configuration change resolves some issues with nginx and handling
range headers.

Signed-off-by: Nathan Rossi <nathan@nathanrossi.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-08-31 09:05:43 -07:00
Joe Slater f92dbcc4c2 nginx: fix CVE-2021-3618
Backport with no change a patch from version 1.21.0.  This patch
was not cherry-picked by nginx to version 1.20.1.

Information about this CVE comes from
https://ubuntu.com/security/CVE-2021-3618.

Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-08-20 09:26:18 -07:00
Martin Jansa c61dc077bb Convert to new override syntax
This is the result of automated script (0.9.1) conversion:

oe-core/scripts/contrib/convert-overrides.py .

converting the metadata to use ":" as the override character instead of "_".

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2021-08-03 10:21:25 -07:00
Salman Ahmed 5a9eef2f53 nginx: upgrade 1.19.6 -> 1.21.1
Signed-off-by: Salman Ahmed <salman.ahmed@weidmueller.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-07-30 10:42:35 -07:00
Salman Ahmed 13e9518c18 nginx: upgrade 1.18.0 -> 1.20.1
Signed-off-by: Salman Ahmed <salman.ahmed@weidmueller.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-07-30 10:42:35 -07:00
changqing.li@windriver.com 5af79fb5f1 nginx: upgrade 1.17.8 -> 1.19.6
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-12-30 22:26:30 -08:00
changqing.li@windriver.com b647b9566a nginx: upgrade 1.16.1 -> 1.18.0
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-12-30 22:26:30 -08:00
Yi Zhao 6e9f393605 nginx: remove /var/log/nginx when do_install
Remove directory /var/log/nginx when do_install because it is created by
volatiles file.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-05-06 12:51:39 -07:00
Changqing Li fc8f28c611 nginx: fix error during service startup
fix below error:
nginx.service: failed to parse pid from file /run/nginx/nginx.pid:
invalid argument

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-02-26 07:17:58 -08:00