webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

nginx: Update to version 1.26.1

Browse Source 
- Update from version 1.24.0 to 1.26.1
- Update of rootfile not required
- Version 1.24.0 is now a legacy version, no longer being supported. Stable version has
   changed to 1.26.x series.
- Various CVE fixes in 1.26.1 and in 1.25.4, the development branch that became 1.26.0,
   that the legacy version 1.24.0 is also vulnerable to.
- Changelog
    1.26.1
	    *) Security: when using HTTP/3, processing of a specially crafted QUIC
	       session might cause a worker process crash, worker process memory
	       disclosure on systems with MTU larger than 4096 bytes, or might have
	       potential other impact (CVE-2024-32760, CVE-2024-31079,
	       CVE-2024-35200, CVE-2024-34161).
	    *) Bugfix: reduced memory consumption for long-lived requests if "gzip",
	       "gunzip", "ssi", "sub_filter", or "grpc_pass" directives are used.
	    *) Bugfix: nginx could not be built by gcc 14 if the --with-atomic
	       option was used.
	    *) Bugfix: in HTTP/3.
    1.26.0
	    *) 1.26.x stable branch.
    1.25.5
	    *) Feature: virtual servers in the stream module.
	    *) Feature: the ngx_stream_pass_module.
	    *) Feature: the "deferred", "accept_filter", and "setfib" parameters of
	       the "listen" directive in the stream module.
	    *) Feature: cache line size detection for some architectures.
	    *) Feature: support for Homebrew on Apple Silicon.
	    *) Bugfix: Windows cross-compilation bugfixes and improvements.
	    *) Bugfix: unexpected connection closure while using 0-RTT in QUIC.
    1.25.4
	    *) Security: when using HTTP/3 a segmentation fault might occur in a
	       worker process while processing a specially crafted QUIC session
	       (CVE-2024-24989, CVE-2024-24990).
	    *) Bugfix: connections with pending AIO operations might be closed
	       prematurely during graceful shutdown of old worker processes.
	    *) Bugfix: socket leak alerts no longer logged when fast shutdown was
	       requested after graceful shutdown of old worker processes.
	    *) Bugfix: a socket descriptor error, a socket leak, or a segmentation
	       fault in a worker process (for SSL proxying) might occur if AIO was
	       used in a subrequest.
	    *) Bugfix: a segmentation fault might occur in a worker process if SSL
	       proxying was used along with the "image_filter" directive and errors
	       with code 415 were redirected with the "error_page" directive.
	    *) Bugfixes and improvements in HTTP/3.
    1.25.3
	    *) Change: improved detection of misbehaving clients when using HTTP/2.
	    *) Feature: startup speedup when using a large number of locations.
	       Thanks to Yusuke Nojima.
	    *) Bugfix: a segmentation fault might occur in a worker process when
	       using HTTP/2 without SSL; the bug had appeared in 1.25.1.
	    *) Bugfix: the "Status" backend response header line with an empty
	       reason phrase was handled incorrectly.
	    *) Bugfix: memory leak during reconfiguration when using the PCRE2
	       library.
	    *) Bugfixes and improvements in HTTP/3.
    1.25.2
	    *) Feature: path MTU discovery when using HTTP/3.
	    *) Feature: TLS_AES_128_CCM_SHA256 cipher suite support when using
	       HTTP/3.
	    *) Change: now nginx uses appname "nginx" when loading OpenSSL
	       configuration.
	    *) Change: now nginx does not try to load OpenSSL configuration if the
	       --with-openssl option was used to built OpenSSL and the OPENSSL_CONF
	       environment variable is not set.
	    *) Bugfix: in the $body_bytes_sent variable when using HTTP/3.
	    *) Bugfix: in HTTP/3.
    1.25.1
	    *) Feature: the "http2" directive, which enables HTTP/2 on a per-server
	       basis; the "http2" parameter of the "listen" directive is now
	       deprecated.
	    *) Change: HTTP/2 server push support has been removed.
	    *) Change: the deprecated "ssl" directive is not supported anymore.
	    *) Bugfix: in HTTP/3 when using OpenSSL.
    1.25.0
	    *) Feature: experimental HTTP/3 support.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This commit is contained in:
Adolf Belka
2024-07-21 13:41:22 +02:00
committed by Michael Tremer
parent 1801e0671f
commit e347899c16
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
lfs/nginx
View File

@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2023 IPFire Team <info@ipfire.org> #
# Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -25,7 +25,7 @@
include Config
SUMMARY = A HTTP server and IMAP/POP3 proxy server
VER = 1.24.0
VER = 1.26.1
THISAPP = nginx-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -33,7 +33,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = nginx
PAK_VER = 15
PAK_VER = 16
DEPS =
@@ -47,7 +47,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_BLAKE2 = 7f671c57666dec822bff72fcf0e4eec35ecf981b8f1e489827f9bbbf9179036f61c9fdc7e497c076ccaeb35b9ba3dfe7684e4fc91ee9cae52601f68859bb034d
$(DL_FILE)_BLAKE2 = 5df95f6771a93009f5bd1a4038857c29af580d18af841e8cffe073339578b3ae0492d3a4cc797cac03a1039096ac5206ed1fa01da11c98591bce2cc4b2d18679
install : $(TARGET)