Commit Graph

482 Commits

Author SHA1 Message Date
Alexis Hildebrandt
755b915a15 treewide: Remove indefinite article from meta.description
nix run nixpkgs#silver-searcher -- -G '\.nix$' -0l 'description.*"[Aa]n?' pkgs \
  | xargs -0 nix run nixpkgs#gnused -- -i '' -Ee 's/(description.*")[Aa]n? (.)/\1\U\2/'
2024-06-09 23:07:45 +02:00
Sigmanificient
d48a9bb622 treewide: remove unused fetchpatch arguments 2024-06-04 12:40:25 +02:00
Thomas Gerbet
35c696f49f nginxMainline: 1.25.4 -> 1.27.0
Fixes CVE-2024-32760, CVE-2024-31079, CVE-2024-35200 and CVE-2024-34161.

Changes:
```

Changes with nginx 1.27.0                                        29 May 2024

    *) Security: when using HTTP/3, processing of a specially crafted QUIC
       session might cause a worker process crash, worker process memory
       disclosure on systems with MTU larger than 4096 bytes, or might have
       potential other impact (CVE-2024-32760, CVE-2024-31079,
       CVE-2024-35200, CVE-2024-34161).
       Thanks to Nils Bars of CISPA.

    *) Feature: variables support in the "proxy_limit_rate",
       "fastcgi_limit_rate", "scgi_limit_rate", and "uwsgi_limit_rate"
       directives.

    *) Bugfix: reduced memory consumption for long-lived requests if "gzip",
       "gunzip", "ssi", "sub_filter", or "grpc_pass" directives are used.

    *) Bugfix: nginx could not be built by gcc 14 if the --with-atomic
       option was used.
       Thanks to Edgar Bonet.

    *) Bugfixes in HTTP/3.

Changes with nginx 1.25.5                                        16 Apr 2024

    *) Feature: virtual servers in the stream module.

    *) Feature: the ngx_stream_pass_module.

    *) Feature: the "deferred", "accept_filter", and "setfib" parameters of
       the "listen" directive in the stream module.

    *) Feature: cache line size detection for some architectures.
       Thanks to Piotr Sikora.

    *) Feature: support for Homebrew on Apple Silicon.
       Thanks to Piotr Sikora.

    *) Bugfix: Windows cross-compilation bugfixes and improvements.
       Thanks to Piotr Sikora.

    *) Bugfix: unexpected connection closure while using 0-RTT in QUIC.
       Thanks to Vladimir Khomutov.
```
2024-05-31 11:32:40 +02:00
Thomas Gerbet
25e4a15f2a nginx: 1.26.0 -> 1.26.1
Fixes CVE-2024-32760, CVE-2024-31079, CVE-2024-35200 and CVE-2024-34161.
Note that the `nginxQuic` derivation rely on `nginxMainline`.

Changes:
```
Changes with nginx 1.26.1                                        29 May 2024

    *) Security: when using HTTP/3, processing of a specially crafted QUIC
       session might cause a worker process crash, worker process memory
       disclosure on systems with MTU larger than 4096 bytes, or might have
       potential other impact (CVE-2024-32760, CVE-2024-31079,
       CVE-2024-35200, CVE-2024-34161).
       Thanks to Nils Bars of CISPA.

    *) Bugfix: reduced memory consumption for long-lived requests if "gzip",
       "gunzip", "ssi", "sub_filter", or "grpc_pass" directives are used.

    *) Bugfix: nginx could not be built by gcc 14 if the --with-atomic
       option was used.
       Thanks to Edgar Bonet.

    *) Bugfix: in HTTP/3.

```
2024-05-31 11:30:28 +02:00
superherointj
e3e087e9ea nginx: make geoip optional 2024-05-25 12:08:22 -03:00
superherointj
64973309bb nginx: make image filter optional
Reduces nginx package size from 109.88 MiB to 41.99 MiB. Reduction of -67.88 MiB.

GD (libgd.github.io) is a library for the dynamic creation of images.

Co-authored-by: @ulrikstrid
2024-05-25 12:08:22 -03:00
superherointj
27a9dd9264 pkgsMusl.nginx: fix build
Fixes:

> error: #warning usage of non-standard #include <sys/cdefs.h> is deprecated [-Werror=cpp]
2024-05-22 20:58:30 -03:00
Thomas Gerbet
73d98d9b4a nginxStable: 1.24.0 -> 1.26.0
Changes
http://nginx.org/en/CHANGES-1.26

The 1.24.x branch is now considered EOL.
2024-04-26 23:10:10 +02:00
Sandro
e79a4cbd5c
Merge pull request #304704 from deshaw/upstream-fix-nginxModules.lua 2024-04-17 11:37:59 +02:00
Elliot Cameron
8f67b3d446 nginxModules.spnego-http-auth: fix support for nginx 1.23+ 2024-04-16 23:31:41 -04:00
Elliot Cameron
99afffdc3a nginxModules.lua: remove patch that is already applied
This module was applying a patch that is now included in all versions of Nginx that Nixpkgs supports.
2024-04-16 23:20:55 -04:00
Jussi Kuokkanen
82b45bf454 treewide: remove licenses.agpl3 2024-03-21 18:09:24 +02:00
stuebinm
ff1a94e523 treewide: add meta.mainProgram to packages with a single binary
The nixpkgs-unstable channel's programs.sqlite was used to identify
packages producing exactly one binary, and these automatically added
to their package definitions wherever possible.
2024-03-19 03:14:51 +01:00
Izorkin
b4c120b65f
nginxMainline: 1.25.3 -> 1.25.4 2024-02-14 21:02:38 +03:00
Pol Dellaiera
f5bf3f09f3
Merge pull request #277450 from SuperSandro2000/nginx-openresty
nginxModules.echo: 0.62 -> 0.63,  nginxModules.lua: 0.10.22 -> 0.10.26
2024-02-10 11:06:23 +01:00
Sandro Jäckel
d8a53ce428
nginxModules.lua: 0.10.22 -> 0.10.26
Diff: https://github.com/openresty/lua-nginx-module/compare/v0.10.22...v0.10.26
2024-01-15 15:42:33 +01:00
Sandro Jäckel
f462bea34e
nginxModules.echo: 0.62 -> 0.63
Diff: https://github.com/openresty/echo-nginx-module/compare/v0.62...v0.63
2024-01-15 15:42:33 +01:00
Sandro Jäckel
7b74c252df
nginxModules.lua: add version to support nix-update 2024-01-15 15:31:50 +01:00
Sandro Jäckel
95123f3589
nginxModules.echo: add version to support nix-update 2024-01-15 15:31:32 +01:00
Dee Anzorge
f124c73686 nginx: change etags for statically compressed files served from store
Per RFC 9110, [section 8.8.1][1], different representations of the same
resource should have different Etags:

> A strong validator is unique across all versions of all
> representations associated with a particular resource over time.
> However, there is no implication of uniqueness across representations
> of different resources (i.e., the same strong validator might be in
> use for representations of multiple resources at the same time and
> does not imply that those representations are equivalent)

When serving statically compressed files (ie, when there is an existing
corresponding .gz/.br/etc. file on disk), Nginx sends the Etag marked
as strong. These tags should be different for each compressed format
(as shown in  an explicit example in section [8.8.3.3][2] of the RFC).
Upstream Etags are composed of the file modification timestamp and
content length, and the latter generally changes between these
representations.

Previous implementation of Nix-specific Etags for things served from
store used the store hash. This is fine to share between different
files, but it becomes a problem for statically compressed versions of
the same file, as it means Nginx was serving different representations
of the same resource with the same Etag, marked as strong.

This patch addresses this by imitating the upstream Nginx behavior, and
appending the value of content length to the store hash.

[1]: https://www.rfc-editor.org/rfc/rfc9110.html#name-validator-fields
[2]:
https://www.rfc-editor.org/rfc/rfc9110.html#name-example-entity-tags-varying
2024-01-13 22:07:50 +01:00
Izorkin
10c06cb060
nginx: enable ktls support by default 2024-01-01 12:02:57 +03:00
Ryan Lahfa
b41904b923
Merge pull request #277449 from SuperSandro2000/moreheaders
nginxModules.moreheaders: 0.33 -> 0.36; adopt
2023-12-31 21:35:16 +01:00
Ryan Lahfa
d07fb6a75c
Merge pull request #263496 from poscat0x04/nginx-lua-resty
nginxModules.{lua,lua-upstream}: switch to luajit_openresty
2023-12-31 21:32:58 +01:00
Sandro Jäckel
d4492ac0f2
nginxModules.moreheaders: 0.33 -> 0.36; adopt 2023-12-29 03:37:35 +01:00
Ryan Lahfa
c6b9fb41c1
Merge pull request #271522 from kristoff3r/nginx-zstd-0-1-1
nginxModules.zstd: 0.1.0 -> 0.1.1
2023-12-24 03:52:40 +01:00
Robin Gloster
b5556f2c37
Merge pull request #268109 from helsinki-systems/helsinki-maintainer-team
maintainers/teams: init and add helsinki-systems
2023-12-20 11:43:29 +01:00
Izorkin
86efccfa45
angie: init at 1.4.0 2023-12-17 22:43:13 +03:00
Izorkin
00cb53de4f
nginx: fix nginx binary pathname 2023-12-17 16:51:29 +03:00
Kristoffer Søholm
6c19bd6631 nginxModules.zstd: 0.1.0 -> 0.1.1 2023-12-01 21:06:38 +01:00
ajs124
7b6580dba4 maintainers/teams: init and add helsinki-systems 2023-11-30 19:11:08 +01:00
Weijia Wang
add7a091c6 nginx: fix build on darwin 2023-11-18 17:01:10 +01:00
Artturi
2d3a5c7ddb
Merge pull request #262254 from Artturin/nginxsandboxrem 2023-10-31 18:39:55 +02:00
Martin Weinelt
e4f4ef7ce8
Merge pull request #263793 from fleaz/update_nginx-videothumb
nginxModules.videothumb-extractor: unstable -> 1.0.0 and switch to ffmpeg-headless
2023-10-28 17:46:01 +02:00
fleaz
55e29313dc
nginxModules: Switch from ffmpeg to ffmpeg-headless 2023-10-27 16:05:30 +02:00
fleaz
87338f90d4
nginxModules.video-thumbextractor: 92b8064 -> 1.0.0
Diff:
92b8064...e81f850
2023-10-27 16:05:29 +02:00
fleaz
f2efd2e9bc
nginxModules.vod: Patch MAX_CLIPS variable
The old limit was only 128 and this breaks some applications like e.g.
Frigate where playlists become bigger than that. According to upstream
you should just change the variable yourself if needed.

See this issue: https://github.com/kaltura/nginx-vod-module/issues/238
2023-10-26 23:21:32 +02:00
fleaz
30c49cdd91
nginxModules.vod: 1.31 -> 1.32
Changelog: https://github.com/kaltura/nginx-vod-module/compare/1.31...1.32
2023-10-26 23:20:08 +02:00
poscat
0c50d6ec92
nginxModules.{lua,lua-upstream}: switch to luajit_openresty 2023-10-26 10:12:37 +08:00
Maximilian Bosch
4df6cc87b5
Merge pull request #263304 from trofi/nginxMainline-update
nginxMainline: 1.25.2 -> 1.25.3
2023-10-25 19:15:31 +02:00
Sergei Trofimovich
4ca546d75e nginxMainline: 1.25.2 -> 1.25.3
Changes: https://nginx.org/en/CHANGES
2023-10-25 09:58:14 +01:00
Mario Rodas
10fad9387a
Merge pull request #257336 from trofi/nginxModules.http_proxy_connect_module-update
nginxModules.http_proxy_connect_module_v{24,25}: new modules for up t…
2023-10-23 18:35:50 -05:00
Artturin
d3234553aa nixosTests.nginx-sandbox: remove broken test and move the sandboxing test to the openresty test
nginx lua needs resty

the enableSandbox option of nginx was removed in 535896671b

the test fails with

```
vm-test-run-nginx-sandbox> machine # [   47.753580] nginx[1142]: nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)
vm-test-run-nginx-sandbox> machine # [   47.756064] nginx[1142]: nginx: [alert] failed to load the 'resty.core' module (https://github.com/openresty/lua-resty-core); ensure you are using an OpenResty release from https://openresty.org/en/download.html (reason: module 'resty.core' not found:
vm-test-run-nginx-sandbox> machine # [   57.911766] systemd[1]: Failed to start Nginx Web Server.
```
2023-10-23 06:09:45 +03:00
Ryan Lahfa
76d4d2e76b
Merge pull request #262329 from SuperSandro2000/nginx-zstd-0-1-0 2023-10-22 00:59:19 +01:00
Ryan Lahfa
c5442c247f
Merge pull request #257262 from dongcarl/2023-09-nginx-fixes
nixos/nginx: Allow empty port for listen directive (for unix socket)
2023-10-21 17:26:57 +01:00
Sandro Jäckel
479739b03e
nginxModules.zstd: 25d88c262be47462cf90015ee7ebf6317b6848f9 -> 0.1.0 2023-10-20 18:03:37 +02:00
Artturi
9c30003e04
Merge pull request #258652 from trofi/nginx-install-manpages 2023-10-20 12:37:26 +03:00
Carl Dong
e5c2c71280 nixos/nginx: Allow empty port for listen directive
When listening on unix sockets, it doesn't make sense to specify a port
for nginx's listen directive.

Since nginx defaults to port 80 when the port isn't specified (but the
address is), we can change the default for the option to null as well
without changing any behaviour.
2023-10-09 21:16:03 -04:00
Sergei Trofimovich
c814bbda40 nginx: add missing nginx.8 manpage
Without the change "man nginx" does not render any synopsis.

Closes: https://github.com/NixOS/nixpkgs/issues/258658
2023-10-08 08:07:19 +01:00
Sergei Trofimovich
c8a23dd807 nginxModules.http_proxy_connect_module_v{18,19}: drop old broken modules
THe modules are failing assertions when are built against `nginx`
versions in `nixpkgs`.
2023-09-27 18:56:06 +01:00
Sergei Trofimovich
1b95937767 nginxModules.http_proxy_connect_module_v{24,25}: new modules for up to date nginx 2023-09-25 22:03:02 +01:00