Update third-party nchan module from 1.2.3 to 1.2.6.
<ChangeLog with nginx 1.17.2>
*) Change: minimum supported zlib version is 1.2.0.4.
Thanks to Ilya Leoshkevich.
*) Change: the $r->internal_redirect() embedded perl method now expects
escaped URIs.
*) Feature: it is now possible to switch to a named location using the
$r->internal_redirect() embedded perl method.
*) Bugfix: in error handling in embedded perl.
*) Bugfix: a segmentation fault might occur on start or during
reconfiguration if hash bucket size larger than 64 kilobytes was used
in the configuration.
*) Bugfix: nginx might hog CPU during unbuffered proxying and when
proxying WebSocket connections if the select, poll, or /dev/poll
methods were used.
*) Bugfix: in the ngx_http_xslt_filter_module.
*) Bugfix: in the ngx_http_ssi_filter_module.
</ChangeLog>
Update njs module from 0.3.2 to 0.3.3.
<ChangeLog with nginx 1.17.1>
*) Feature: the "limit_req_dry_run" directive.
*) Feature: when using the "hash" directive inside the "upstream" block
an empty hash key now triggers round-robin balancing.
Thanks to Niklas Keller.
*) Bugfix: a segmentation fault might occur in a worker process if
caching was used along with the "image_filter" directive, and errors
with code 415 were redirected with the "error_page" directive; the
bug had appeared in 1.11.10.
*) Bugfix: a segmentation fault might occur in a worker process if
embedded perl was used; the bug had appeared in 1.7.3.
</ChangeLog>
<ChangeLog with njs 0.3.3>
nginx modules:
*) Improvement: getting of special response headers in headersOut.
*) Improvement: working with unknown methods in subrequest().
*) Improvement: added support for null as a second argument
of r.subrequest().
*) Bugfix: fixed processing empty output chain in stream body filter.
Core:
*) Feature: added runtime support for property getter/setter.
Thanks to 洪志道 (Hong Zhi Dao) and Artem S. Povalyukhin.
*) Feature: added "process" global object.
*) Feature: writable most of built-in properties and methods.
*) Feature: added generic implementation of Array.prototype.fill().
*) Bugfix: fixed integer-overflow in String.prototype.concat().
*) Bugfix: fixed setting of object properties.
*) Bugfix: fixed Array.prototype.toString().
*) Bugfix: fixed Date.prototype.toJSON().
*) Bugfix: fixed overwriting "constructor" property of built-in
prototypes.
*) Bugfix: fixed processing of invalid surrogate pairs in strings.
*) Bugfix: fixed processing of invalid surrogate pairs in JSON
strings.
*) Bugfix: fixed heap-buffer-overflow in toUpperCase() and
toLowerCase().
*) Bugfix: fixed escaping lone closing square brackets in RegExp()
constructor.
*) Bugfix: fixed String.prototype.toBytes() for ASCII strings.
*) Bugfix: fixed handling zero byte characters inside RegExp
pattern strings.
*) Bugfix: fixed String.prototype.toBytes() for ASCII strings.
*) Bugfix: fixed truth value of JSON numbers in JSON.parse().
*) Bugfix: fixed use-of-uninitialized-value in
njs_string_replace_join().
*) Bugfix: fixed parseInt('-0').
Thanks to Artem S. Povalyukhin.
</ChangeLog>
Update njs module from 0.3.1 to 0.3.2.
<ChangeLog with nginx 1.17.0>
*) Feature: variables support in the "limit_rate" and "limit_rate_after"
directives.
*) Feature: variables support in the "proxy_upload_rate" and
"proxy_download_rate" directives in the stream module.
*) Change: minimum supported OpenSSL version is 0.9.8.
*) Change: now the postpone filter is always built.
*) Bugfix: the "include" directive did not work inside the "if" and
"limit_except" blocks.
*) Bugfix: in byte ranges processing.
</ChangeLog>
<ChangeLog with njs 0.3.2>
Core:
*) Feature: added support for template literals.
Thanks to 洪志道 (Hong Zhi Dao) and Artem S. Povalyukhin.
*) Feature: executing command from command line arguments.
*) Feature: added support for RegExp "groups" object (ES9).
*) Feature: added block scoped function definitions support.
*) Feature: added support for building with GNU Readline library.
*) Feature: made configurable "length", "name", and most of built-in
methods.
*) Feature: made all constructor properties configurable.
*) Bugfix: fixed Regexp.prototype.exec() for Unicode-only regexps.
*) Bugfix: fixed njs_vm_value_dump() for empty string values.
*) Bugfix: fixed RegExp constructor for regexp value arguments.
*) Bugfix: fixed walking over prototypes chain during iteration
over an object.
*) Bugfix: fixed overflow in Array.prototype.concat().
*) Bugfix: fixed length calculation for UTF-8 string with escape
characters.
*) Bugfix: fixed parsing surrogate pair presents as UTF-16 escape
sequences.
*) Bugfix: fixed processing asterisk quantifier for
String.prototype.match().
*) Bugfix: fixed Date() constructor with one argument.
*) Bugfix: fixed arrays expansion.
*) Bugfix: fixed heap-buffer-overflow in String.prototype.replace().
*) Bugfix: fixed heap-buffer-overflow in
String.prototype.lastIndexOf().
*) Bugfix: fixed regexp literals parsing with escaped backslash and
backslash in square brackets.
*) Bugfix: fixed regexp literals with lone closing brackets.
*) Bugfix: fixed uninitialized-memory-access in
Object.defineProperties().
*) Bugfix: fixed processing "*" quantifier for
String.prototype.replace().
*) Bugfix: fixed Array.prototype.slice() for UTF8-invalid byte
strings.
*) Bugfix: fixed String.prototype.split() for UTF8-invalid byte
strings.
*) Bugfix: fixed handling of empty block statements.
</ChangeLog>
Update third-party njs module from 0.3.0 to 0.3.1.
<ChangeLogs>
Changes with nginx 1.15.12 16 Apr 2019
*) Bugfix: a segmentation fault might occur in a worker process if
variables were used in the "ssl_certificate" or "ssl_certificate_key"
directives and OCSP stapling was enabled.
Changes with njs 0.3.1 16 Apr 2019
Core:
*) Feature: added arrow functions support.
Thanks to 洪志道 (Hong Zhi Dao) and Artem S. Povalyukhin.
*) Feature: added Added Object.getOwnPropertyNames().
Thanks to Artem S. Povalyukhin.
*) Feature: added Added Object.getOwnPropertyDescriptors().
Thanks to Artem S. Povalyukhin.
*) Feature: making __proto__ accessor descriptor of Object instances
mutable.
*) Feature: added shebang support in CLI.
*) Feature: added support for module mode execution in CLI. In module
mode global this is unavailable.
*) Bugfix: fixed editline detection.
*) Bugfix: fixed Function.prototype.bind().
Thanks to 洪志道 (Hong Zhi Dao).
*) Bugfix: fixed checking of duplication of parameters for functions.
Thanks to 洪志道 (Hong Zhi Dao).
*) Bugfix: fixed function declaration with the same name as a variable.
Thanks to 洪志道 (Hong Zhi Dao).
*) Improvement: code related to parsing of objects, variables and
functions is refactored.
Thanks to 洪志道 (Hong Zhi Dao).
*) Improvement: console.log() improved for outputting large values.
*) Improvement: console.log() improved for outputting strings in a
compliant way (without escaping and quotes).
*) Improvement: using ES6 version of ToInt32(), ToUint32(), ToLength().
</ChangeLogs>
adding module in /www/nginx-devel/work/nginx-dav-ext-module-3.0.0
+ ngx_http_dav_ext_module was configured
checking for PCRE library ... found
checking for PCRE JIT support ... found
checking for OpenSSL library ... found
checking for zlib library ... found
checking for libxslt ... not found
checking for libxslt in /usr/local/ ... not found
checking for libxslt in /usr/pkg/ ... not found
checking for libxslt in /opt/local/ ... not found
./configure: error: the HTTP XSLT module requires the libxml2/libxslt
libraries. You can either do not enable the module or install the libraries.
<ChangeLog>
*) Feature: variables support in the "ssl_certificate" and
"ssl_certificate_key" directives.
*) Feature: the "poll" method is now available on Windows when using
Windows Vista or newer.
*) Bugfix: if the "select" method was used on Windows and an error
occurred while establishing a backend connection, nginx waited for
the connection establishment timeout to expire.
*) Bugfix: the "proxy_upload_rate" and "proxy_download_rate" directives
in the stream module worked incorrectly when proxying UDP datagrams.
</ChangeLog>
www/nginx-devel from 6.0.0 to 6.0.1.
While I'm here:
o) remove a needless whitespace and tabs;
o) add a patch to disable anonymouse telemetry for passenger by default.
Update clojure, modsecurity and njs third-party modules to their recent versions.
Disable anonymous telemetry reporting in third-party passenger module
by default.
<ChangeLog>
*) Feature: the $upstream_bytes_sent variable.
Thanks to Piotr Sikora.
*) Feature: new directives in vim syntax highlighting scripts.
Thanks to Gena Makhomed.
*) Bugfix: in the "proxy_cache_background_update" directive.
*) Bugfix: in the "geo" directive when using unix domain listen sockets.
*) Workaround: the "ignoring stale global SSL error ... bad length"
alerts might appear in logs when using the "ssl_early_data" directive
with OpenSSL.
*) Bugfix: in nginx/Windows.
*) Bugfix: in the ngx_http_autoindex_module on 32-bit platforms.
</ChangeLog>
www/nginx-devel from 5.3.7 to 6.0.0.
<ChangeLog>
* Introduces support for *all* programming languages. Yes that's
right... Java, Elixir, Go — Passenger now supports them all!
This effort is called "generic language support".
* Bumps the preferred Nginx version to 1.15.7.
* Introduces anonymous usage telemetry, which helps us improve
Passenger. Please read the docs on what data is collected and
how to disable this.
* [Nginx] Introduces a new option "passenger_request_buffering on|off",
to allow disabling request body buffering. This is only supported in
Nginx >= 1.15.3. Closes GH-2121.
* Updated various library versions used in precompiled binaries (used
for e.g. gem installs):
- OpenSSL: 1.0.2q (was: 1.0.2p)
- libcurl: 7.62.0 (was: 7.61.1)
- Ruby: 2.3.8 (was: 2.3.7)
</ChangeLog>
Update clojure and njs third-party modules to their recent versions.
MFH: 2018Q4
<ChangeLog>
*) Feature: the "proxy_requests" directive in the stream module.
*) Feature: the "delay" parameter of the "limit_req" directive.
Thanks to Vladislav Shabanov and Peter Shchuchkin.
*) Bugfix: memory leak on errors during reconfiguration.
*) Bugfix: in the $upstream_response_time, $upstream_connect_time, and
$upstream_header_time variables.
*) Bugfix: a segmentation fault might occur in a worker process if the
ngx_http_mp4_module was used on 32-bit platforms.
</ChangeLog>
module, and the upstream name is ModSecurity in a single word.
PR: 233351
Submitted by: Marie Helene Kvello-Aune, Marius Halden (maintainer)
Differential Revision: https://reviews.freebsd.org/D18353
* Add PKGNAMESUFFIX and rename the directory. This was done to show
that IM6 is not the "main" version. But still fully supported by upstream.
* Convert a number of options to optionhelpers.
* Add option for ISO/IEC 23008-12:2017 HEIF suport
* Add comment to pkg-descr explaining IM6's "legacy" tag.
* Add comment to the patch-config_policy.xml file why it still needed.
Please note that IM7 is not a drop in replacement due to library API and
command arguments changes. And as a result ports need to decide for themself
which version to use.
Chase these changes in all the ports that using IM6.
PR: 225102 (based on, only the version update) [1]
Submitted by: Pascal Christen <pascal.christen@hostpoint.ch>
Temporary disable third-party upstream_fair module, it should
be updated to build with the modern version of the nginx.
While I'm here fix some whitespaces.
MFH: 2018Q4
Security: 84ca56be-e1de-11e8-bcfd-00e04c1ea73d
<ChangeLog>
*) Security: when using HTTP/2 a client might cause excessive memory
consumption (CVE-2018-16843) and CPU usage (CVE-2018-16844).
*) Security: processing of a specially crafted mp4 file with the
ngx_http_mp4_module might result in worker process memory disclosure
(CVE-2018-16845).
*) Feature: the "proxy_socket_keepalive", "fastcgi_socket_keepalive",
"grpc_socket_keepalive", "memcached_socket_keepalive",
"scgi_socket_keepalive", and "uwsgi_socket_keepalive" directives.
*) Bugfix: if nginx was built with OpenSSL 1.1.0 and used with OpenSSL
1.1.1, the TLS 1.3 protocol was always enabled.
*) Bugfix: working with gRPC backends might result in excessive memory
consumption.
</ChangeLog>
Simplify some ports where DragonFlyBSD no longer needs to be special-cased.
Submitted by: rene
Reviewed by: bapt, jbeich
Differential Revision: https://reviews.freebsd.org/D17724
<ChangeLog>
*) Bugfix: a segmentation fault might occur in a worker process when
using OpenSSL 1.1.0h or newer; the bug had appeared in 1.15.4.
*) Bugfix: of minor potential bugs.
</ChangeLog>
<ChangeLog>
*) Feature: now the "ssl_early_data" directive can be used with OpenSSL.
*) Bugfix: in the ngx_http_uwsgi_module.
Thanks to Chris Caputo.
*) Bugfix: connections with some gRPC backends might not be cached when
using the "keepalive" directive.
*) Bugfix: a socket leak might occur when using the "error_page"
directive to redirect early request processing errors, notably errors
with code 400.
*) Bugfix: the "return" directive did not change the response code when
returning errors if the request was redirected by the "error_page"
directive.
*) Bugfix: standard error pages and responses of the
ngx_http_autoindex_module module used the "bgcolor" attribute, and
might be displayed incorrectly when using custom color settings in
browsers.
Thanks to Nova DasSarma.
*) Change: the logging level of the "no suitable key share" and "no
suitable signature algorithm" SSL errors has been lowered from "crit"
to "info".
</ChangeLog>
<ChangeLog>
nginx modules:
*) Change: stream module handlers are refactored.
New methods and properties:
s.on(), s.off(), s.allow(), s.done(), s.decline(),
s.deny().
Removed properties of Stream object:
s.OK, s.ABORT, s.AGAIN, s.DECLINED, s.ERROR (replaced
with s.allow(), s.done([code]), s.deny()).
s.buffer (for reading replaced with data argument of
the corresponding callback, for writing use s.send()).
s.fromUpstream (replaced with a callback for a corresponding
event).
s.eof (replaced with flags.last).
Core:
*) Feature: added Function.prototype.length.
*) Feature: introduced sandboxing mode.
*) Improvement: added exception strings where appropriate.
*) Improvement: improved wording for primitive type conversion
exception.
*) Bugfix: throwing TypeError for attempts to change frozen
properties.
*) Bugfix: fixed Object.defineProperty() for existing properties.
*) Bugfix: respecting the enumerable attribute while iterating
by for in.
*) Bugfix: respecting writable attribute for property handlers.
*) Bugfix: fixed exception handling in arguments of a function.
*) Bugfix: fixed Object.prototype.toString for different
value types.
*) Bugfix: fixed Object() constructor for object types arguments.
*) Bugfix: fixed comparison of objects and strings.
*) Bugfix: fixed String.slice() for undefined arguments.
*) Bugfix: miscellaneous additional bugs have been fixed.
</ChangeLog>
<Commitlog>
Some modules depend on other being there before.
For example, devel_kit needs to be there before a few other, so this
fixes, and allow for future fixes of this kind of problem:
configuring additional dynamic modules
adding module in /wrkdirs/usr/ports/www/nginx-full/work/array-var-nginx-module-0.05
error: ngx_devel_kit is required to build ngx_array_var; please put it before ngx_array_var.
PR: 230864
Submitted by: mat
exp-runs by: antoine
</Commitlog>
<ChangeLog>
*) Feature: now TLSv1.3 can be used with BoringSSL.
*) Feature: the "ssl_early_data" directive, currently available with
BoringSSL.
*) Feature: the "keepalive_timeout" and "keepalive_requests" directives
in the "upstream" block.
*) Bugfix: the ngx_http_dav_module did not truncate destination file
when copying a file over an existing one with the COPY method.
*) Bugfix: the ngx_http_dav_module used zero access rights on the
destination file and did not preserve file modification time when
moving a file between different file systems with the MOVE method.
*) Bugfix: the ngx_http_dav_module used default access rights when
copying a file with the COPY method.
*) Workaround: some clients might not work when using HTTP/2; the bug
had appeared in 1.13.5.
*) Bugfix: nginx could not be built with LibreSSL 2.8.0.
</ChangeLog>
www/nginx-devel from 5.3.3 to 5.3.4.
PR: 229392
<ChangeLog>
* Fixes a crash during startup on FreeBSD 11.2 and recent OpenBSD versions
due to C++11 compatibility issues in the code. Closes GH-2097.
* Updates Boost to version 1.67.0.
* [Apache] Fixes the handling of HTTP requests with chunked bodies in
combination with `PassengerBufferUploads off`. Closes GH-2102.
</ChangeLog>
Bump PORTREVISION.
<ChangeLog>
nginx modules:
*) Bugfix: making a subrequest from a Reply object caused
a segmentation fault.
*) Bugfix: getting the parent property of the main Request
object caused a segmentation fault.
Core:
*) Feature: added the pretty string representation for values.
*) Feature: correctly printing floating point numbers.
*) Feature: correctly parsing floating point numbers.
*) Feature: String.bytesFrom() method (decoding hex, base64,
base64url into a byte string).
*) Feature: String.padStart() and String.padEnd() methods.
*) Feature: added support of binary literals.
*) Improvement: added information about illegal token in number parsing.
*) Improvement: allowed uppercased O in octal literal values.
*) Improvement: added support for multiple arguments in console.log().
*) Bugfix: fixed applying call() to methods of external values.
*) Bugfix: fixed addition operator applied to an object.
*) Bugfix: fixed exception handling in njs_vm_value_to_ext_string().
*) Bugfix: fixed Number() with boolean, null and undefined arguments.
*) Bugfix: fixed error handling of setting non-numeric Array.length.
*) Bugfix: fixed autocompletion for global objects.
*) Bugfix: miscellaneous additional bugs have been fixed.
</ChangeLog>
<ChangeLog>
*) Feature: the $ssl_preread_protocol variable in the
ngx_stream_ssl_preread_module.
*) Feature: now when using the "reset_timedout_connection" directive
nginx will reset connections being closed with the 444 code.
*) Change: a logging level of the "http request", "https proxy request",
"unsupported protocol", and "version too low" SSL errors has been
lowered from "crit" to "info".
*) Bugfix: DNS requests were not resent if initial sending of a request
failed.
*) Bugfix: the "reuseport" parameter of the "listen" directive was
ignored if the number of worker processes was specified after the
"listen" directive.
*) Bugfix: when using OpenSSL 1.1.0 or newer it was not possible to
switch off "ssl_prefer_server_ciphers" in a virtual server if it was
switched on in the default server.
*) Bugfix: SSL session reuse with upstream servers did not work with the
TLS 1.3 protocol.
</ChangeLog>
<ChangeLog>
*) Feature: the "random" directive inside the "upstream" block.
*) Feature: improved performance when using the "hash" and "ip_hash"
directives with the "zone" directive.
*) Feature: the "reuseport" parameter of the "listen" directive now uses
SO_REUSEPORT_LB on FreeBSD 12.
*) Bugfix: HTTP/2 server push did not work if SSL was terminated by a
proxy server in front of nginx.
*) Bugfix: the "tcp_nopush" directive was always used on backend
connections.
*) Bugfix: sending a disk-buffered request body to a gRPC backend might
fail.
</ChangeLog>
