Commit Graph

781 Commits

Author SHA1 Message Date
aszlig
1f24685d93
nginx/etag-patch: Use Nix store dir from build env
So far, the Nix store directory was hardcoded and if someone uses a
different Nix store directory the patch won't work. Of course, this is
pretty uncommon, but by not only substituting the store directory but
also the length of it we also save a few calls to ngx_strlen(), which
should save us a few cycles.

Signed-off-by: aszlig <aszlig@nix.build>
2019-04-18 10:07:55 +02:00
aszlig
af5a3ce474
nginx: Fix memleak in nix-etag patch
The original patch introduced a new "real" variable which gets populated
(and allocated) via ngx_realpath(). It's properly freed in error
conditions but it won't be freed if ngx_http_set_etag returns
successfully.

Adding another ngx_free() just before returning fixes that memory leak.

I also fixed a small indentation issue along the way.

Signed-off-by: aszlig <aszlig@nix.build>
2019-04-18 09:40:13 +02:00
Yegor Timoshenko
1da8eec00f
nginx: handle impure symlinks in ETag patch 2019-04-18 09:40:11 +02:00
Yegor Timoshenko
f03302b636
nginx: check for realpath() == NULL in ETag patch
Thanks to Gabriel Ebner!
2019-04-18 09:40:09 +02:00
Yegor Timoshenko
135d54f535
nginx: if root is in Nix store, use path's hash as ETag
Resolves #25485. Usage example:

$ realpath /var/www
/nix/store/wnrhnnpdj3x50j5xz38zp1qxs1ygwccw-site
$ curl --head localhost
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 28 Sep 2018 06:09:25 GMT
Content-Type: text/html
Content-Length: 50
Last-Modified: Thu, 01 Jan 1970 00:00:01 GMT
Connection: keep-alive
ETag: "wnrhnnpdj3x50j5xz38zp1qxs1ygwccw"
Accept-Ranges: bytes
2019-04-18 09:40:06 +02:00
Aaron Andersen
902ab43a91
Merge pull request #58125 from mwilsoninsight/showoff
showoff: init at 0.20.1
2019-04-08 20:14:06 -04:00
Franz Pletz
4c0d1ae7be
nginxMainline: 1.15.9 -> 1.15.10 2019-04-02 12:02:39 +02:00
Peter Simons
2017158b53 apache-httpd: 2.4.38 -> 2.4.39 (CVE-2019-0211)
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or
prefork, code executing in less-privileged child processes or
threads (including scripts executed by an in-process scripting interpreter)
could execute arbitrary code with the privileges of the parent process (usually
root) by manipulating the scoreboard.
2019-04-02 09:46:25 +02:00
Maximilian Bosch
37867dba74
nginxModules.http_proxy_connect_module: init
This adds the nginx module `ngx_http_proxy_connect_module` which allows
to tunnel HTTPS through an nginx proxy[1].

As this module contained patches for several nginx version, some minor
adjustments were needed:

* Allowed each entry in `nginxModules` to provide patches.

* Added an optional `supports` attribute to ensure that each module can
  determine if it supports the currently built nginx version (e.g. stable
  1.14 ATM or mainline 1.15 ATM).

[1] https://github.com/chobits/ngx_http_proxy_connect_module
2019-03-29 23:53:09 +01:00
R. RyanTM
d5e9e5fcf2 lighttpd: 1.4.52 -> 1.4.53
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/lighttpd/versions
2019-03-26 06:37:24 +01:00
Max Wilson
a2abe2aba1 adding showoff to pkgs/servers/http 2019-03-25 10:40:17 -04:00
Samuel Leathers
cafd07a54e
Merge pull request #56423 from Izorkin/nginx-unit
unit: add service unit and update package
2019-03-20 13:08:05 -04:00
Izorkin
36bb87a7c3 unit: 1.7.1 -> 1.8.0 2019-03-16 19:55:00 +03:00
Izorkin
42a99b1be2 nixos/unit: init service unit 2019-03-16 19:54:21 +03:00
R. RyanTM
db8198909f hiawatha: 10.8.3 -> 10.9 (#56695)
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/hiawatha/versions
2019-03-15 17:05:20 +01:00
Benjamin Smith
f4d24273e5 nginx: add http subs filter module (#56546) 2019-03-13 02:16:40 +02:00
Peter Simons
0356c1b87d mod_fastcgi: update to version 2.4.7.1 2019-03-05 12:08:20 +01:00
Alyssa Ross
2576d09716 nginxMainline: 1.15.8 -> 1.15.9 (#56416) 2019-02-28 22:13:35 +01:00
Matthew Bauer
5c09d977c7 Merge remote-tracking branch 'origin/master' into staging 2019-02-09 12:14:06 -05:00
Izorkin
43e08168cd unit: 1.7 -> 1.7.1 2019-02-08 09:07:23 +03:00
Vladimír Čunát
8ba516664b
Merge branch 'staging-next' into staging 2019-02-01 09:42:53 +01:00
Vincent Bernat
33802e9ed8 nginx: expose list of additional modules (#53897)
Currently, it seems there is no easy way to override package to add
modules. For example, if we want to add the `ipscrub` module, we can
do:

    pkgs.nginxStable.override {
      modules = [ pkgs.nginxModules.ipscrub ];
    };

But, then, we loose `rtmp`, `dav` and `moreheaders` which are defined
in `all-packages.nix`. With this modification, we can now do:

    pkgs.nginxStable.override {
      modules = pkg.nginxStable.passthru.modules ++ [ pkgs.nginxModules.ipscrub ];
    };
2019-01-31 02:15:14 +02:00
R. RyanTM
61bcf59e1d apacheHttpd: 2.4.37 -> 2.4.38
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/apache-httpd/versions
2019-01-28 17:32:40 -08:00
Franz Pletz
3a6cd12a47
tengine: 2.2.2 -> 2.2.3 (security)
Fixes CVE-2018-16843, CVE-2018-16844 and CVE-2018-16845.
2019-01-17 13:26:55 +01:00
Michael Raskin
3bd38b0daa lighttpd: fix tests on Linux
The tests were enabled in #53488 and succeeded on Darwin; on Linux they
still failed because of empty hostname inside the sandbox (we have no
UTS-namespace hostname and I think no /etc/hosts). Nix on Darwin lacks
powerful enough sandboxing, so there were no problems on Darwin.

Patching the tests to fallback to "127.0.0.1" if hostname of the
localhost cannot be retrieved matches the behaviour of lighttpd itself
and allows the tests to pass.

Not sure if having no hostname in the test environment is a bit too
weird for the upstream to care.
2019-01-11 11:46:23 +01:00
Franz Pletz
9ea5b2c052
nginxMainline: 1.15.7 -> 1.15.8 2019-01-11 07:55:25 +01:00
Kirill Elagin
a162a562bd
lighttpd: Enable tests
They seem to pass now, so why not.
2019-01-06 13:12:20 +03:00
Kirill Elagin
bd141e9af1
lighttpd: Hide attr dependency behind an option
* Unbreak darwin
* It was unused anyway, as it is disabled by default
* Now there is an feature-argument to enable it
2019-01-06 13:12:19 +03:00
Kirill Elagin
d94cbd4188
lighttpd: Disable WebDAV by default
* It is disabled by default in lighttpd itself
* Darwin doesn’t seem to have a function in libuiid that it needs
2019-01-06 13:12:14 +03:00
Frederik Rietdijk
070290bda7 Merge master into staging-next 2018-12-31 12:00:36 +01:00
Vladimír Čunát
4fc5480db2
Merge #51561: tomcat: update minor versions (security) 2018-12-30 09:31:31 +01:00
Frederik Rietdijk
10afccf145 Merge staging-next into staging 2018-12-27 18:11:34 +01:00
R. RyanTM
12abec6453 couchdb2: 2.2.0 -> 2.3.0
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/couchdb/versions
2018-12-25 23:16:34 -08:00
Jan Tojnar
ef935fa101
Merge branch 'master' into staging 2018-12-24 15:02:29 +01:00
Izorkin
eaf136b6b8 unit: 1.6 -> 1.7 2018-12-22 11:23:38 +03:00
Jan Tojnar
aead6e12f9
Merge remote-tracking branch 'upstream/master' into staging 2018-12-16 22:55:06 +01:00
Jörg Thalheim
23073717cd
unit: remove perl526, which is EOL
related to https://github.com/NixOS/nixpkgs/pull/52062
2018-12-14 15:50:17 +00:00
Izorkin
6c8b7ac931
unit: add php module 7.3 2018-12-11 20:11:08 +01:00
Jörg Thalheim
8871ffccff nginx: fix cross-build 2018-12-11 18:13:21 +01:00
Graham Christensen
37293152c7
Merge pull request #51612 from Izorkin/nginx-unit
unit: init at v1.6
2018-12-08 11:49:05 -05:00
Izorkin
ef5161984c unit: init at v1.6 2018-12-08 19:20:09 +03:00
Will Dietz
05f6ec295f lighttpd: 1.4.51 -> 1.4.52
https://www.lighttpd.net/2018/11/28/1.4.52/
2018-12-07 21:30:51 -06:00
Alyssa Ross
703827f36c nginx: 1.14.1 -> 1.14.2 2018-12-05 10:56:06 -06:00
Averell Dalton
52d21aeff1 tomcat: update minor versions 2018-12-05 11:32:20 +01:00
c0bw3b
0498ccd076 Treewide: use HTTPS on GNU domains
HTTP -> HTTPS for :
- http://gnu.org/
- http://www.gnu.org/
- http://elpa.gnu.org/
- http://lists.gnu.org/
- http://gcc.gnu.org/
- http://ftp.gnu.org/ (except in fetchurl mirrors)
- http://bugs.gnu.org/
2018-12-02 15:51:59 +01:00
Frederik Rietdijk
9db2421d1f Merge master into staging-next 2018-11-29 08:12:56 +01:00
Alyssa Ross
dcae76862b nginxMainline: 1.15.6 -> 1.15.7 2018-11-27 21:28:49 +00:00
Frederik Rietdijk
701375662b Merge master into staging-next 2018-11-21 12:39:20 +01:00
R. RyanTM
2fbbf2fc48 jetty: 9.4.12.v20180830 -> 9.4.14.v20181114
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/jetty/versions
2018-11-19 05:11:10 -08:00
Frederik Rietdijk
0d0d7dcd06 Merge staging-next into staging 2018-11-18 10:41:34 +01:00