mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-15 05:22:59 +02:00

Go to file

Adolf Belka e347899c16 nginx: Update to version 1.26.1

- Update from version 1.24.0 to 1.26.1
- Update of rootfile not required
- Version 1.24.0 is now a legacy version, no longer being supported. Stable version has
   changed to 1.26.x series.
- Various CVE fixes in 1.26.1 and in 1.25.4, the development branch that became 1.26.0,
   that the legacy version 1.24.0 is also vulnerable to.
- Changelog
    1.26.1
	    *) Security: when using HTTP/3, processing of a specially crafted QUIC
	       session might cause a worker process crash, worker process memory
	       disclosure on systems with MTU larger than 4096 bytes, or might have
	       potential other impact (CVE-2024-32760, CVE-2024-31079,
	       CVE-2024-35200, CVE-2024-34161).
	    *) Bugfix: reduced memory consumption for long-lived requests if "gzip",
	       "gunzip", "ssi", "sub_filter", or "grpc_pass" directives are used.
	    *) Bugfix: nginx could not be built by gcc 14 if the --with-atomic
	       option was used.
	    *) Bugfix: in HTTP/3.
    1.26.0
	    *) 1.26.x stable branch.
    1.25.5
	    *) Feature: virtual servers in the stream module.
	    *) Feature: the ngx_stream_pass_module.
	    *) Feature: the "deferred", "accept_filter", and "setfib" parameters of
	       the "listen" directive in the stream module.
	    *) Feature: cache line size detection for some architectures.
	    *) Feature: support for Homebrew on Apple Silicon.
	    *) Bugfix: Windows cross-compilation bugfixes and improvements.
	    *) Bugfix: unexpected connection closure while using 0-RTT in QUIC.
    1.25.4
	    *) Security: when using HTTP/3 a segmentation fault might occur in a
	       worker process while processing a specially crafted QUIC session
	       (CVE-2024-24989, CVE-2024-24990).
	    *) Bugfix: connections with pending AIO operations might be closed
	       prematurely during graceful shutdown of old worker processes.
	    *) Bugfix: socket leak alerts no longer logged when fast shutdown was
	       requested after graceful shutdown of old worker processes.
	    *) Bugfix: a socket descriptor error, a socket leak, or a segmentation
	       fault in a worker process (for SSL proxying) might occur if AIO was
	       used in a subrequest.
	    *) Bugfix: a segmentation fault might occur in a worker process if SSL
	       proxying was used along with the "image_filter" directive and errors
	       with code 415 were redirected with the "error_page" directive.
	    *) Bugfixes and improvements in HTTP/3.
    1.25.3
	    *) Change: improved detection of misbehaving clients when using HTTP/2.
	    *) Feature: startup speedup when using a large number of locations.
	       Thanks to Yusuke Nojima.
	    *) Bugfix: a segmentation fault might occur in a worker process when
	       using HTTP/2 without SSL; the bug had appeared in 1.25.1.
	    *) Bugfix: the "Status" backend response header line with an empty
	       reason phrase was handled incorrectly.
	    *) Bugfix: memory leak during reconfiguration when using the PCRE2
	       library.
	    *) Bugfixes and improvements in HTTP/3.
    1.25.2
	    *) Feature: path MTU discovery when using HTTP/3.
	    *) Feature: TLS_AES_128_CCM_SHA256 cipher suite support when using
	       HTTP/3.
	    *) Change: now nginx uses appname "nginx" when loading OpenSSL
	       configuration.
	    *) Change: now nginx does not try to load OpenSSL configuration if the
	       --with-openssl option was used to built OpenSSL and the OPENSSL_CONF
	       environment variable is not set.
	    *) Bugfix: in the $body_bytes_sent variable when using HTTP/3.
	    *) Bugfix: in HTTP/3.
    1.25.1
	    *) Feature: the "http2" directive, which enables HTTP/2 on a per-server
	       basis; the "http2" parameter of the "listen" directive is now
	       deprecated.
	    *) Change: HTTP/2 server push support has been removed.
	    *) Change: the deprecated "ssl" directive is not supported anymore.
	    *) Bugfix: in HTTP/3 when using OpenSSL.
    1.25.0
	    *) Feature: experimental HTTP/3 support.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

2024-07-22 15:21:21 +00:00

config

core188: Ship apache2

2024-07-22 15:21:21 +00:00

doc

make.sh: Remove docker stuff

2024-07-22 15:21:17 +00:00

html

make.sh: Update contributors

2024-07-10 14:29:36 +00:00

langs

firewall.cgi: Add a checkbox to enable SYN flood protection

2024-07-02 09:30:28 +00:00

lfs

nginx: Update to version 1.26.1

2024-07-22 15:21:21 +00:00

src

mpd: Patch mpd to deal with format function being const in fmt-11.0.0 onwards

2024-07-22 15:21:21 +00:00

tools

make.sh: Remove docker stuff

2024-07-22 15:21:17 +00:00

.gitignore

.gitignore: Ignore images_* directories

2024-07-22 15:21:20 +00:00

.mailmap

.mailmap: Add Adolf Belka

2021-03-10 14:42:37 +00:00

make.sh

Start Core Update 188

2024-07-22 15:21:21 +00:00

README.md

README.md: fix minor typo

2024-03-30 12:12:42 +00:00

README.md

IPFire 2.x - The Open Source Firewall

What is IPFire?

IPFire is a hardened, versatile, state-of-the-art Open Source firewall based on Linux. Its ease of use, high performance in any scenario and extensibility make it usable for everyone. For a full list of features have a look here.

This repository contains the source code of IPFire 2.x which is used to build the whole distribution from scratch, since IPFire is not based on any other distribution.

Where can I get IPFire?

Just head over to https://www.ipfire.org/download

How do I use this software?

We have a long and detailed documentation located here which should answer most of your questions.

But I have some questions left. Where can I get support?

You can ask your question at our community located here. A complete list of our support channels can be found here.

How can I contribute?

We have another document for this. Please look here.

Languages

Perl 70.4%

Shell 23%

C 4%

Python 0.6%

Makefile 0.5%

Other 1.4%