| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1.15.7 contains a number of bugfixes. From the changes file:
*) Bugfix: memory leak on errors during reconfiguration.
*) Bugfix: in the $upstream_response_time, $upstream_connect_time, and
$upstream_header_time variables.
*) Bugfix: a segmentation fault might occur in a worker process if the
ngx_http_mp4_module was used on 32-bit platforms.
https://nginx.org/en/CHANGES
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes the following security issues:
CVE-2018-16843: Excessive memory usage in HTTP/2
CVE-2018-16844: Excessive CPU usage in HTTP/2
CVE-2018-16845: Memory disclosure in the ngx_http_mp4_module
Refreshed patch 0004 + 0007 as they no longer applied cleanly.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The following patches have been updated to apply on 1.15.0:
0003-auto-set-ngx_feature_run_force_result-for-each-featu.patch
0006-auto-lib-openssl-conf-use-pkg-config.patch
The follow patch has been removed, because it was applied upstream:
0009-auto-lib-conf-fix-PCRE-condition-WRT-the-http-and-ht.patch
The license file hash has changed because the copyright years were
updated in the LICENSE file:
- * Copyright (C) 2002-2017 Igor Sysoev
- * Copyright (C) 2011-2017 Nginx, Inc.
+ * Copyright (C) 2002-2018 Igor Sysoev
+ * Copyright (C) 2011-2018 Nginx, Inc.
Signed-off-by: Ignacy Gawędzki <ignacy.gawedzki@green-communications.fr>
[Thomas: drop unneeded patch updates, improve commit log.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
|
| |
|
|
|
| |
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Fixes CVE-2017-7529 - Nginx versions since 0.5.6 up to and including 1.13.2
are vulnerable to integer overflow vulnerability in nginx range filter
module resulting into leak of potentially sensitive information triggered by
specially crafted request.
For more details, see:
http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
| |
Also update the patch line numbers to work with 1.12.0
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
We want to use SPDX identifier for license string as much as possible.
SPDX short identifier for BSD-2c is BSD-2-Clause.
This change is done using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/BSD-2c/BSD-2-Clause/g'
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
| |
Signed-off-by: Adam Duskett <aduskett@codeblue.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
| |
This commit moves the logic that allows to enable the naxsi external
module below the "external modules" comment, which was already used for
the upload and dav-ext modules.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Nginx built-in support for webdav is missing support for two commands:
PROPFIND and OPTIONS. This commit adds a new package that provides an
external nginx module with improved webdav support.
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
[Thomas:
- Remove the BR2_PACKAGE_NGINX_HTTP_DAV_EXT_MODULE sub-option of the
nginx package. The BR2_PACKAGE_NGINX_DAV_EXT option is sufficient.
- Move the nginx.mk code together with another external module being
enabled, nginx-upload.
- Add LICENSE and LICENSE_FILES variables.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
| |
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Naxsi is a third party nginx module reads a small subset of simple rules
containing a list of known patterns involved in website vulnerabilities.
This module behaves like a DROP-by-default firewall for nginx.
Signed-off-by: Adam Duskett <aduskett@codeblue.com>
[Thomas:
- include Config.in file directly from package/Config.in and not from
package/nginx/Config.
- improve Config.in help text with more details
- rename the package prompt from ngx_http_naxsi_module to nginx-naxsi
- remove NGINX_NAXSI_SOURCE, and fix the definition of
NGINX_NAXSI_SITE
- change license from GPLv3 to GPLv2+ with OpenSSL exception
- cange license file from LICENSE to naxsi_src/naxsi_json.c. The
LICENSE file exists in the latest Git master of the project, but
not in the 0.54 tag that we're packaging.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
A module for nginx web server for handling file uploads using
multipart/form-data encoding (RFC 1867).
Signed-off-by: Bimal Jacob <bimal.jacob@rockwellcollins.com>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
[Thomas:
- rename from nginx-upload-module to nginx-upload. Indeed, we don't
want all nginx modules to be suffixed with "-module"
- include the module Config.in file directly from package/Config.in,
like we do for Python, Perl, Lua or TCL modules.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
| |
Fixes:
CVE-2016-4450 - NULL pointer dereference while writing client request
body.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Force the use of libatomics_ops on the sparc v8 and leon3 platforms to
allow nginx to build. Optionally use libatomic_ops on other platforms.
This fixes:
http://autobuild.buildroot.net/results/20dc41cd62887222d2569d81b5865893baeafaae/
http://autobuild.buildroot.net/results/eb47af0c8df6fae82859865fb8b9912f45960444/
Cc: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
| |
Change to using gdlib-config to find libgd and its dependencies.
This fixes:
http://autobuild.buildroot.net/results/d1806140eccb1202cb8b223289510d64fb28acb6/
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
| |
Change to using pkg-config to find libxslt and it dependencies.
This Fixes:
http://autobuild.buildroot.net/results/382699bbed15f598625b9296e464d1349ef559f8
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
| |
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
| |
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
| |
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
| |
The ngx_http_spdy_module has been superseded by the ngx_http_v2_module
so BR2_PACKAGE_NGINX_HTTP_SPDY_MODULE has changed to
BR2_PACKAGE_NGINX_HTTP_V2_MODULE
Signed-off-by: Martin Bark <martin@barkynet.com>
[Thomas: rewrap Config.in.legacy help text.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
| |
Add the missing --with-mail configure option
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes:
CVE-2016-0742 - invalid pointer dereference might occur during DNS
server response processing if the "resolver" directive was used,
allowing anattacker who is able to forge UDP packets from the DNS server
to cause segmentation fault in a worker process.
CVE-2016-0746 - use-after-free condition might occur during CNAME
response processing if the "resolver" directive was used, allowing an
attacker who is able to trigger name resolution to cause segmentation
fault in a worker process, or might have potential other impact.
CVE-2016-0747 - CNAME resolution was insufficiently limited if the
"resolver" directive was used, allowing an attacker who is able to
trigger arbitrary name resolution to cause excessive resource
consumption in worker processes.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
| |
Signed-off-by: Noé Rubinstein <nrubinstein@aldebaran.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
| |
Signed-off-by: Aurélien Chabot <aurelien@chabot.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
| |
Patches refreshed to apply with no shift or fuzz.
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The bin path for nginx is configured for /usr/sbin, so deleting
the nginx.old back-up from /usr/bin never works. Fix path, and
also use "$(RM)" instead of "-$(RM)", as "rm -f" never fails.
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Acked-by: Samuel Martin <s.martin49@gmail.com>
Tested-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
| |
Now that IPv6 is mandatory remove package dependencies and conditionals
for it.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
| |
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
| |
Now that largefile is mandatory removes package dependencies and
conditionals.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
rtsig module uses the deprecated sysctl syscall, which is not
implemented on some recent architecture (such as arc).
Also, rtsig module is almost considered as deprecated by some nginx
developers [1].
So, just remove this option.
Fixes:
http://autobuild.buildroot.org/results/730/730105fc0a89b381b3b29192d07f28ef1f13cbb3/
[1] http://mailman.nginx.org/pipermail/nginx-devel/2014-November/006295.html
Signed-off-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Change LIBFOO_PERMISSIONS everywhere to be a space-separated list.
As nothing was specified in the manual but all our lists are space
separated, there is no reason that this one should be made an exception.
Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
|
|
nginx module selection is, by default, the same as the one sets by
the upstream configure script.
Patches improving the cross-compilation support have already been sent
upstream for integration [1-5].
All these patches are needed because nginx uses its own handwritten
build-system, which is cross-platform, but does not properly support
cross-compilation.
Fixes bug: #3427 [6]
[1] http://mailman.nginx.org/pipermail/nginx-devel/2014-August/005722.html
[2] http://mailman.nginx.org/pipermail/nginx-devel/2014-August/005724.html
[3] http://mailman.nginx.org/pipermail/nginx-devel/2014-August/005725.html
[4] http://mailman.nginx.org/pipermail/nginx-devel/2014-August/005723.html
[5] http://mailman.nginx.org/pipermail/nginx-devel/2014-August/005726.html
[6] https://bugs.uclibc.org/show_bug.cgi?id=3427
Signed-off-by: Samuel Martin <s.martin49@gmail.com>
Cc: Daniele Salvatore Albano <info@daccii.it>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Cc: Johan Oudinet <johan.oudinet@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Tested-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
