webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-10 02:55:55 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
cd1b059731815a45075892f5c2fa32c8d19c287c
bpfire/lfs/nginx
Adolf Belka e347899c16 nginx: Update to version 1.26.1 
- Update from version 1.24.0 to 1.26.1
- Update of rootfile not required
- Version 1.24.0 is now a legacy version, no longer being supported. Stable version has
   changed to 1.26.x series.
- Various CVE fixes in 1.26.1 and in 1.25.4, the development branch that became 1.26.0,
   that the legacy version 1.24.0 is also vulnerable to.
- Changelog
    1.26.1
	    *) Security: when using HTTP/3, processing of a specially crafted QUIC
	       session might cause a worker process crash, worker process memory
	       disclosure on systems with MTU larger than 4096 bytes, or might have
	       potential other impact (CVE-2024-32760, CVE-2024-31079,
	       CVE-2024-35200, CVE-2024-34161).
	    *) Bugfix: reduced memory consumption for long-lived requests if "gzip",
	       "gunzip", "ssi", "sub_filter", or "grpc_pass" directives are used.
	    *) Bugfix: nginx could not be built by gcc 14 if the --with-atomic
	       option was used.
	    *) Bugfix: in HTTP/3.
    1.26.0
	    *) 1.26.x stable branch.
    1.25.5
	    *) Feature: virtual servers in the stream module.
	    *) Feature: the ngx_stream_pass_module.
	    *) Feature: the "deferred", "accept_filter", and "setfib" parameters of
	       the "listen" directive in the stream module.
	    *) Feature: cache line size detection for some architectures.
	    *) Feature: support for Homebrew on Apple Silicon.
	    *) Bugfix: Windows cross-compilation bugfixes and improvements.
	    *) Bugfix: unexpected connection closure while using 0-RTT in QUIC.
    1.25.4
	    *) Security: when using HTTP/3 a segmentation fault might occur in a
	       worker process while processing a specially crafted QUIC session
	       (CVE-2024-24989, CVE-2024-24990).
	    *) Bugfix: connections with pending AIO operations might be closed
	       prematurely during graceful shutdown of old worker processes.
	    *) Bugfix: socket leak alerts no longer logged when fast shutdown was
	       requested after graceful shutdown of old worker processes.
	    *) Bugfix: a socket descriptor error, a socket leak, or a segmentation
	       fault in a worker process (for SSL proxying) might occur if AIO was
	       used in a subrequest.
	    *) Bugfix: a segmentation fault might occur in a worker process if SSL
	       proxying was used along with the "image_filter" directive and errors
	       with code 415 were redirected with the "error_page" directive.
	    *) Bugfixes and improvements in HTTP/3.
    1.25.3
	    *) Change: improved detection of misbehaving clients when using HTTP/2.
	    *) Feature: startup speedup when using a large number of locations.
	       Thanks to Yusuke Nojima.
	    *) Bugfix: a segmentation fault might occur in a worker process when
	       using HTTP/2 without SSL; the bug had appeared in 1.25.1.
	    *) Bugfix: the "Status" backend response header line with an empty
	       reason phrase was handled incorrectly.
	    *) Bugfix: memory leak during reconfiguration when using the PCRE2
	       library.
	    *) Bugfixes and improvements in HTTP/3.
    1.25.2
	    *) Feature: path MTU discovery when using HTTP/3.
	    *) Feature: TLS_AES_128_CCM_SHA256 cipher suite support when using
	       HTTP/3.
	    *) Change: now nginx uses appname "nginx" when loading OpenSSL
	       configuration.
	    *) Change: now nginx does not try to load OpenSSL configuration if the
	       --with-openssl option was used to built OpenSSL and the OPENSSL_CONF
	       environment variable is not set.
	    *) Bugfix: in the $body_bytes_sent variable when using HTTP/3.
	    *) Bugfix: in HTTP/3.
    1.25.1
	    *) Feature: the "http2" directive, which enables HTTP/2 on a per-server
	       basis; the "http2" parameter of the "listen" directive is now
	       deprecated.
	    *) Change: HTTP/2 server push support has been removed.
	    *) Change: the deprecated "ssl" directive is not supported anymore.
	    *) Bugfix: in HTTP/3 when using OpenSSL.
    1.25.0
	    *) Feature: experimental HTTP/3 support.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2024-07-22 15:21:21 +00:00

121 lines
4.3 KiB
Plaintext
Raw Blame History

###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
###############################################################################
# Definitions
###############################################################################
include Config
SUMMARY = A HTTP server and IMAP/POP3 proxy server
VER = 1.26.1
THISAPP = nginx-$(VER)
DL_FILE = $(THISAPP).tar.gz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = nginx
PAK_VER = 16
DEPS =
SERVICES = nginx
###############################################################################
# Top-level Rules
###############################################################################
objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_BLAKE2 = 5df95f6771a93009f5bd1a4038857c29af580d18af841e8cffe073339578b3ae0492d3a4cc797cac03a1039096ac5206ed1fa01da11c98591bce2cc4b2d18679
install : $(TARGET)
check : $(patsubst %,$(DIR_CHK)/%,$(objects))
download :$(patsubst %,$(DIR_DL)/%,$(objects))
b2 : $(subst %,%_BLAKE2,$(objects))
dist:
$(PAK)
###############################################################################
# Downloading, checking, b2sum
###############################################################################
$(patsubst %,$(DIR_CHK)/%,$(objects)) :
@$(CHECK)
$(patsubst %,$(DIR_DL)/%,$(objects)) :
@$(LOAD)
$(subst %,%_BLAKE2,$(objects)) :
@$(B2SUM)
###############################################################################
# Installation Details
###############################################################################
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && ./configure \
--prefix=/usr/share/nginx \
--conf-path=/etc/nginx/nginx.conf \
--sbin-path=/usr/sbin/nginx \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/lock/nginx.lock \
--http-client-body-temp-path=/var/spool/nginx/client_body_temp \
--http-proxy-temp-path=/var/spool/nginx/proxy_temp \
--http-fastcgi-temp-path=/var/spool/nginx/fastcgi_temp \
--http-log-path=/var/log/nginx/access.log \
--error-log-path=/var/log/nginx/error.log \
--user=nobody \
--group=nobody \
--with-mail \
--with-mail_ssl_module \
--with-http_ssl_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_degradation_module \
--with-http_stub_status_module \
--with-http_dav_module \
--with-http_sub_module \
--with-http_v2_module \
--with-pcre
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
mkdir -p /var/log/nginx /var/spool/nginx
cp /usr/src/config/nginx/nginx /etc/init.d/
# Backup
install -v -m 644 $(DIR_SRC)/config/backup/includes/nginx \
/var/ipfire/backup/addons/includes/nginx
@rm -rf $(DIR_APP)
@$(POSTBUILD)
Reference in New Issue View Git Blame Copy Permalink