Upgrade njs module from 8c01042 to f8c642a.
<ChangeLog>
*) Change: now in case of a client certificate verification error the
$ssl_client_verify variable contains a string with the failure
reason, for example, "FAILED:certificate has expired".
*) Feature: the $ssl_ciphers, $ssl_curves, $ssl_client_v_start,
$ssl_client_v_end, and $ssl_client_v_remain variables.
*) Feature: the "volatile" parameter of the "map" directive.
*) Bugfix: dependencies specified for a module were ignored while
building dynamic modules.
*) Bugfix: when using HTTP/2 and the "limit_req" or "auth_request"
directives client request body might be corrupted; the bug had
appeared in 1.11.0.
*) Bugfix: a segmentation fault might occur in a worker process when
using HTTP/2; the bug had appeared in 1.11.3.
*) Bugfix: in the ngx_http_mp4_module.
Thanks to Congcong Hu.
*) Bugfix: in the ngx_http_perl_module.
</ChangeLog>
Upgrade third-party njs module to its latest version ee84984.
<ChangeLog>
*) Change: the --with-ipv6 configure option was removed, now IPv6
support is configured automatically.
*) Change: now if there are no available servers in an upstream, nginx
will not reset number of failures of all servers as it previously
did, but will wait for fail_timeout to expire.
*) Feature: the ngx_stream_ssl_preread_module.
*) Feature: the "server" directive in the "upstream" context supports
the "max_conns" parameter.
*) Feature: the --with-compat configure option.
*) Feature: "manager_files", "manager_threshold", and "manager_sleep"
parameters of the "proxy_cache_path", "fastcgi_cache_path",
"scgi_cache_path", and "uwsgi_cache_path" directives.
*) Bugfix: flags passed by the --with-ld-opt configure option were not
used while building perl module.
*) Bugfix: in the "add_after_body" directive when used with the
"sub_filter" directive.
*) Bugfix: in the $realip_remote_addr variable.
*) Bugfix: the "dav_access", "proxy_store_access",
"fastcgi_store_access", "scgi_store_access", and "uwsgi_store_access"
directives ignored permissions specified for user.
*) Bugfix: unix domain listen sockets might not be inherited during
binary upgrade on Linux.
*) Bugfix: nginx returned the 400 response on requests with the "-"
character in the HTTP method.
</ChangeLog>
o) arrayvar from 0.03 to 0.05;
o) devel_kit from 0.2.19 to 0.3.0;
o) echo from 4f7aa50 to 46334b3;
o) encryptsession from 0.03 to 0.05;
o) forminput from 0.07 to 0.12;
o) iconv from 0.10 to 0.14;
o) lua from 0.10.5 to 0.10.6rc1;
o) set_misc from 6582fb4 to f808ef4;
o) sflow from 0.9.7 to 543c72a;
o) small_light from 0.6.15 to 0.8.0;
o) xss from 0.04 to 0.05.
Do not bump PORTREVISION.
<ChangeLog>
*) Change: now nginx always uses internal MD5 and SHA1 implementations;
the --with-md5 and --with-sha1 configure options were canceled.
*) Feature: variables support in the stream module.
*) Feature: the ngx_stream_map_module.
*) Feature: the ngx_stream_return_module.
*) Feature: a port can be specified in the "proxy_bind", "fastcgi_bind",
"memcached_bind", "scgi_bind", and "uwsgi_bind" directives.
*) Feature: now nginx uses the IP_BIND_ADDRESS_NO_PORT socket option
when available.
*) Bugfix: a segmentation fault might occur in a worker process when
using HTTP/2 and the "proxy_request_buffering" directive.
*) Bugfix: the "Content-Length" request header line was always added to
requests passed to backends, including requests without body, when
using HTTP/2.
*) Bugfix: "http request count is zero" alerts might appear in logs when
using HTTP/2.
*) Bugfix: unnecessary buffering might occur when using the "sub_filter"
directive; the issue had appeared in 1.9.4.
</ChangeLog>
<ChangeLog>
*) Feature: the "transparent" parameter of the "proxy_bind",
"fastcgi_bind", "memcached_bind", "scgi_bind", and "uwsgi_bind"
directives.
*) Feature: the $request_id variable.
*) Feature: the "map" directive supports combinations of multiple
variables as resulting values.
*) Feature: now nginx checks if EPOLLRDHUP events are supported by
kernel, and optimizes connection handling accordingly if the "epoll"
method is used.
*) Feature: the "ssl_certificate" and "ssl_certificate_key" directives
can be specified multiple times to load certificates of different
types (for example, RSA and ECDSA).
*) Feature: the "ssl_ecdh_curve" directive now allows specifying a list
of curves when using OpenSSL 1.0.2 or newer; by default a list built
into OpenSSL is used.
*) Change: to use DHE ciphers it is now required to specify parameters
using the "ssl_dhparam" directive.
*) Feature: the $proxy_protocol_port variable.
*) Feature: the $realip_remote_port variable in the
ngx_http_realip_module.
*) Feature: the ngx_http_realip_module is now able to set the client
port in addition to the address.
*) Change: the "421 Misdirected Request" response now used when
rejecting requests to a virtual server different from one negotiated
during an SSL handshake; this improves interoperability with some
HTTP/2 clients when using client certificates.
*) Change: HTTP/2 clients can now start sending request body
immediately; the "http2_body_preread_size" directive controls size of
the buffer used before nginx will start reading client request body.
*) Bugfix: cached error responses were not updated when using the
"proxy_cache_bypass" directive.
</ChangeLog>
Remove needless vendor's patches.
<ChangeLog>
*) Change: non-idempotent requests (POST, LOCK, PATCH) are no longer
passed to the next server by default if a request has been sent to a
backend; the "non_idempotent" parameter of the "proxy_next_upstream"
directive explicitly allows retrying such requests.
*) Feature: the ngx_http_perl_module can be built dynamically.
*) Feature: UDP support in the stream module.
*) Feature: the "aio_write" directive.
*) Feature: now cache manager monitors number of elements in caches and
tries to avoid cache keys zone overflows.
*) Bugfix: "task already active" and "second aio post" alerts might
appear in logs when using the "sendfile" and "aio" directives with
subrequests.
*) Bugfix: "zero size buf in output" alerts might appear in logs if
caching was used and a client closed a connection prematurely.
*) Bugfix: connections with clients might be closed needlessly if
caching was used.
Thanks to Justin Li.
*) Bugfix: nginx might hog CPU if the "sendfile" directive was used on
Linux or Solaris and a file being sent was changed during sending.
*) Bugfix: connections might hang when using the "sendfile" and "aio
threads" directives.
*) Bugfix: in the "proxy_pass", "fastcgi_pass", "scgi_pass", and
"uwsgi_pass" directives when using variables.
Thanks to Piotr Sikora.
*) Bugfix: in the ngx_http_sub_filter_module.
*) Bugfix: if an error occurred in a cached backend connection, the
request was passed to the next server regardless of the
proxy_next_upstream directive.
*) Bugfix: "CreateFile() failed" errors when creating temporary files on
Windows.
</ChangeLog>
Remove needless patch.
<ChangeLog>
*) Feature: Huffman encoding of response headers in HTTP/2.
Thanks to Vlad Krasnov.
*) Feature: the "worker_cpu_affinity" directive now supports more than
64 CPUs.
*) Bugfix: compatibility with 3rd party C++ modules; the bug had
appeared in 1.9.11.
Thanks to Piotr Sikora.
*) Bugfix: nginx could not be built statically with OpenSSL on Linux;
the bug had appeared in 1.9.11.
*) Bugfix: the "add_header ... always" directive with an empty value did
not delete "Last-Modified" and "ETag" header lines from error
responses.
*) Workaround: "called a function you should not call" and "shutdown
while in init" messages might appear in logs when using OpenSSL
1.0.2f.
*) Bugfix: invalid headers might be logged incorrectly.
*) Bugfix: socket leak when using HTTP/2.
*) Bugfix: in the ngx_http_v2_module.
</ChangeLog>
<ChangeLog>
Changes to NGX_MODULE_V1 and ngx_module_t in 85dea406e18f (1.9.11)
broke all modules written in C++, because ISO C++11 does not allow
conversion from string literal to char *.
</ChangeLog>
o) www/rubygem-passenger;
o) third-party passenger modules for www/nginx and www/nginx-devel.
Please note: third-party passenger module is disabled by default for
www/nginx and www/nginx-devel ports.
Security: CVE-2015-7519
PR: 205104
o) lua from 0.9.16 to 0.9.18;
o) memc from 0.15 to 0.16;
o) postgres from 1.0rc5 to 1.0rc7;
o) rds-csv from 0.05 to 0.07.
o) rds-json from 0.13 to 0.14;
o) redis2 from 0.11 to 0.12;
o) set-misc from 0.28 to 0.29;
Remove needless patch for third-party postgres module, change
has been added to the upstream.
Tarantool NginX upstream module
- Benefit from nginx features and tarantool features over HTTP(S).
- Call tarantool methods via JSON RPC.
- Load Balancing with elastic configuration.
- Backup and fault tolerance.
- Low overhead.
PR: ports/202593
Approved by: osa
