[PATCH] nginx: Update to version 1.26.1 - Development

21 Jul 2024

- Update from version 1.24.0 to 1.26.1
- Update of rootfile not required
- Version 1.24.0 is now a legacy version, no longer being supported. Stable version has
   changed to 1.26.x series.
- Various CVE fixes in 1.26.1 and in 1.25.4, the development branch that became 1.26.0,
   that the legacy version 1.24.0 is also vulnerable to.
- Changelog
    1.26.1
        *) Security: when using HTTP/3, processing of a specially crafted QUIC
           session might cause a worker process crash, worker process memory
           disclosure on systems with MTU larger than 4096 bytes, or might have
           potential other impact (CVE-2024-32760, CVE-2024-31079,
           CVE-2024-35200, CVE-2024-34161).
        *) Bugfix: reduced memory consumption for long-lived requests if "gzip",
           "gunzip", "ssi", "sub_filter", or "grpc_pass" directives are used.
        *) Bugfix: nginx could not be built by gcc 14 if the --with-atomic
           option was used.
        *) Bugfix: in HTTP/3.
    1.26.0
        *) 1.26.x stable branch.
    1.25.5
        *) Feature: virtual servers in the stream module.
        *) Feature: the ngx_stream_pass_module.
        *) Feature: the "deferred", "accept_filter", and "setfib" parameters of
           the "listen" directive in the stream module.
        *) Feature: cache line size detection for some architectures.
        *) Feature: support for Homebrew on Apple Silicon.
        *) Bugfix: Windows cross-compilation bugfixes and improvements.
        *) Bugfix: unexpected connection closure while using 0-RTT in QUIC.
    1.25.4
        *) Security: when using HTTP/3 a segmentation fault might occur in a
           worker process while processing a specially crafted QUIC session
           (CVE-2024-24989, CVE-2024-24990).
        *) Bugfix: connections with pending AIO operations might be closed
           prematurely during graceful shutdown of old worker processes.
        *) Bugfix: socket leak alerts no longer logged when fast shutdown was
           requested after graceful shutdown of old worker processes.
        *) Bugfix: a socket descriptor error, a socket leak, or a segmentation
           fault in a worker process (for SSL proxying) might occur if AIO was
           used in a subrequest.
        *) Bugfix: a segmentation fault might occur in a worker process if SSL
           proxying was used along with the "image_filter" directive and errors
           with code 415 were redirected with the "error_page" directive.
        *) Bugfixes and improvements in HTTP/3.
    1.25.3
        *) Change: improved detection of misbehaving clients when using HTTP/2.
        *) Feature: startup speedup when using a large number of locations.
           Thanks to Yusuke Nojima.
        *) Bugfix: a segmentation fault might occur in a worker process when
           using HTTP/2 without SSL; the bug had appeared in 1.25.1.
        *) Bugfix: the "Status" backend response header line with an empty
           reason phrase was handled incorrectly.
        *) Bugfix: memory leak during reconfiguration when using the PCRE2
           library.
        *) Bugfixes and improvements in HTTP/3.
    1.25.2
        *) Feature: path MTU discovery when using HTTP/3.
        *) Feature: TLS_AES_128_CCM_SHA256 cipher suite support when using
           HTTP/3.
        *) Change: now nginx uses appname "nginx" when loading OpenSSL
           configuration.
        *) Change: now nginx does not try to load OpenSSL configuration if the
           --with-openssl option was used to built OpenSSL and the OPENSSL_CONF
           environment variable is not set.
        *) Bugfix: in the $body_bytes_sent variable when using HTTP/3.
        *) Bugfix: in HTTP/3.
    1.25.1
        *) Feature: the "http2" directive, which enables HTTP/2 on a per-server
           basis; the "http2" parameter of the "listen" directive is now
           deprecated.
        *) Change: HTTP/2 server push support has been removed.
        *) Change: the deprecated "ssl" directive is not supported anymore.
        *) Bugfix: in HTTP/3 when using OpenSSL.
    1.25.0
        *) Feature: experimental HTTP/3 support.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
---
 lfs/nginx | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/lfs/nginx b/lfs/nginx
index ef314a177..c344b2955 100644
--- a/lfs/nginx
+++ b/lfs/nginx
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2023  IPFire Team  info@ipfire.org                     #
+# Copyright (C) 2007-2024  IPFire Team  info@ipfire.org                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -25,7 +25,7 @@
 include Config
SUMMARY    = A HTTP server and IMAP/POP3 proxy server
-VER        = 1.24.0
+VER        = 1.26.1
THISAPP    = nginx-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -33,7 +33,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG	    = nginx
-PAK_VER    = 15
+PAK_VER    = 16
DEPS       =
@@ -47,7 +47,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 7f671c57666dec822bff72fcf0e4eec35ecf981b8f1e489827f9bbbf9179036f61c9fdc7e497c076ccaeb35b9ba3dfe7684e4fc91ee9cae52601f68859bb034d
+$(DL_FILE)_BLAKE2 = 5df95f6771a93009f5bd1a4038857c29af580d18af841e8cffe073339578b3ae0492d3a4cc797cac03a1039096ac5206ed1fa01da11c98591bce2cc4b2d18679
install : $(TARGET)
-- 
2.45.2


    