Temporary disable passenger support, patching require.
<ChangeLog>
*) Feature: backend SSL certificate verification.
*) Feature: support for SNI while working with SSL backends.
*) Feature: the $ssl_server_name variable.
*) Feature: the "if" parameter of the "access_log" directive.
</ChangeLog>
a zeising, kwm production, with help from dumbbell, bdrewery:
NEW XORG ON FREEBSD 9-STABLE AND 10-STABLE
This update switches over to use the new xorg stack by default on FreeBSD 9
and 10 stable, on osversions where vt(9) is available.
It is still possible to use the old stack by specifying WITHOUT_NEW_XORG in
/etc/make.conf .
FreeBSD 8-STABLE and released versions of FreeBSD still use
the old version.
A package repository with binary packages for new xorg will
be available soon.
This patch also contains updates of libxcb and related ports, pixman, as well
as some drivers and utilities.
Bump portrevisions for xf86-* ports, as well as virtualbox-ose-additions due
to xserver version change.
Apart from these updates, the way shared libraries are handled has been
changed for all xorg ports, as well as libxml2 and freetype, which means
ltverhack is gone and as a consequence shared libraries have been bumped.
The plan is that this change will make library bumps less likely in the
future.
All affected ports have had their portrevisions bumped as a consequence of
this.
Fix some issues where WITH_NEW_XORG weren't detected properly on CURRENT.
Update instructions, hardware support, and more notes can be found on
https://wiki.freebsd.org/Graphics
Thanks to: all testers, bdrewery and the FreeBSD x11@ team
exp-run by: bdrewery [1]
PR: ports/187602 [1]
Approved by: portmgr (bdrewery), core (jhb)
<ChangeLog>
*) Change: improved hash table handling; the default values of the
"variables_hash_max_size" and "types_hash_bucket_size" were changed
to 1024 and 64 respectively.
*) Feature: the ngx_http_mp4_module now supports the "end" argument.
*) Feature: byte ranges support in the ngx_http_mp4_module and while
saving responses to cache.
*) Bugfix: alerts "ngx_slab_alloc() failed: no memory" no longer logged
when using shared memory in the "ssl_session_cache" directive and in
the ngx_http_limit_req_module.
*) Bugfix: the "underscores_in_headers" directive did not allow
underscore as a first character of a header.
Thanks to Piotr Sikora.
*) Bugfix: cache manager might hog CPU on exit in nginx/Windows.
*) Bugfix: nginx/Windows terminated abnormally if the
"ssl_session_cache" directive was used with the "shared" parameter.
*) Bugfix: in the ngx_http_spdy_module.
</ChangeLog>
<ChangeLog>
*) Security: a heap memory buffer overflow might occur in a worker
process while handling a specially crafted request by
ngx_http_spdy_module, potentially resulting in arbitrary code
execution (CVE-2014-0133).
Thanks to Lucas Molas, researcher at Programa STIC, Fundación Dr.
Manuel Sadosky, Buenos Aires, Argentina.
*) Feature: the "proxy_protocol" parameters of the "listen" and
"real_ip_header" directives, the $proxy_protocol_addr variable.
*) Bugfix: in the "fastcgi_next_upstream" directive.
Thanks to Lucas Molas.
</ChangeLog>
<ChangeLog>
*) Security: memory corruption might occur in a worker process on 32-bit
platforms while handling a specially crafted request by
ngx_http_spdy_module, potentially resulting in arbitrary code
execution (CVE-2014-0088); the bug had appeared in 1.5.10.
Thanks to Lucas Molas, researcher at Programa STIC, Fundación Dr.
Manuel Sadosky, Buenos Aires, Argentina.
*) Feature: the $ssl_session_reused variable.
*) Bugfix: the "client_max_body_size" directive might not work when
reading a request body using chunked transfer encoding; the bug had
appeared in 1.3.9.
Thanks to Lucas Molas.
*) Bugfix: a segmentation fault might occur in a worker process when
proxying WebSocket connections.
*) Bugfix: a segmentation fault might occur in a worker process if the
ngx_http_spdy_module was used on 32-bit platforms; the bug had
appeared in 1.5.10.
*) Bugfix: the $upstream_status variable might contain wrong data if the
"proxy_cache_use_stale" or "proxy_cache_revalidate" directives were
used.
Thanks to Piotr Sikora.
*) Bugfix: a segmentation fault might occur in a worker process if
errors with code 400 were redirected to a named location using the
"error_page" directive.
*) Bugfix: nginx/Windows could not be built with Visual Studio 2013.
</ChangeLog>
Disable third-party ctpp2 module.
<ChangeLog>
Changes with nginx 1.5.10 04 Feb 2014
*) Feature: the ngx_http_spdy_module now uses SPDY 3.1 protocol.
Thanks to Automattic and MaxCDN for sponsoring this work.
*) Feature: the ngx_http_mp4_module now skips tracks too short for a
seek requested.
*) Bugfix: a segmentation fault might occur in a worker process if the
$ssl_session_id variable was used in logs; the bug had appeared in
1.5.9.
*) Bugfix: the $date_local and $date_gmt variables used wrong format
outside of the ngx_http_ssi_filter_module.
*) Bugfix: client connections might be immediately closed if deferred
accept was used; the bug had appeared in 1.3.15.
*) Bugfix: alerts "getsockopt(TCP_FASTOPEN) ... failed" appeared in logs
during binary upgrade on Linux; the bug had appeared in 1.5.8.
Thanks to Piotr Sikora.
Changes with nginx 1.5.9 22 Jan 2014
*) Change: now nginx expects escaped URIs in "X-Accel-Redirect" headers.
*) Feature: the "ssl_buffer_size" directive.
*) Feature: the "limit_rate" directive can now be used to rate limit
responses sent in SPDY connections.
*) Feature: the "spdy_chunk_size" directive.
*) Feature: the "ssl_session_tickets" directive.
Thanks to Dirkjan Bussink.
*) Bugfix: the $ssl_session_id variable contained full session
serialized instead of just a session id.
Thanks to Ivan Ristić.
*) Bugfix: nginx incorrectly handled escaped "?" character in the
"include" SSI command.
*) Bugfix: the ngx_http_dav_module did not unescape destination URI of
the COPY and MOVE methods.
*) Bugfix: resolver did not understand domain names with a trailing dot.
Thanks to Yichun Zhang.
*) Bugfix: alerts "zero size buf in output" might appear in logs while
proxying; the bug had appeared in 1.3.9.
*) Bugfix: a segmentation fault might occur in a worker process if the
ngx_http_spdy_module was used.
*) Bugfix: proxied WebSocket connections might hang right after
handshake if the select, poll, or /dev/poll methods were used.
*) Bugfix: the "xclient" directive of the mail proxy module incorrectly
handled IPv6 client addresses.
</ChangeLog>
<ChangeLog>
*) Feature: IPv6 support in resolver.
*) Feature: the "listen" directive supports the "fastopen" parameter.
Thanks to Mathew Rodley.
*) Feature: SSL support in the ngx_http_uwsgi_module.
Thanks to Roberto De Ioris.
*) Feature: vim syntax highlighting scripts were added to contrib.
Thanks to Evan Miller.
*) Bugfix: a timeout might occur while reading client request body in an
SSL connection using chunked transfer encoding.
*) Bugfix: the "master_process" directive did not work correctly in
nginx/Windows.
*) Bugfix: the "setfib" parameter of the "listen" directive might not
work.
*) Bugfix: in the ngx_http_spdy_module.
</ChangeLog>
o) www/rubygem-passenger;
o) third-party modules for www/nginx and www/nginx-devel.
<ChangeLog>
Release 4.0.33
--------------
* Fixed a compatibility problem in passenger-install-apache2-module with Ruby 1.8.
The language selection menu didn't work properly.
Release 4.0.32
--------------
* Fixed compatibility problems with old Ruby versions that didn't include RubyGems.
Release 4.0.31
--------------
* Introduced a new tool: `passenger-config restart-app`. With this command you
can initiate an application restart without touching restart.txt.
Unlike touching restart.txt, this tool initiates the restart immediately
instead of on the next request.
* Fixed some problems in process spawning and request handling.
* Fixed some problems with the handling of HTTP chunked transfer encoding
bodies. These problems only occurred in Ruby.
* Fixed the HelperAgent, upon shutdown, not correctly waiting 5 seconds until
all clients have disconnected. Fixes issue #884.
* Fixed compilation problems on FreeBSD.
* Fixed some C++ strict aliasing problems.
* Fixed some problems with spawning applications that print messages without
newline during startup. Fixes issue #1039.
* Fixed potential hangs on JRuby when Ctrl-C is used to shutdown the server.
Fixes issue #1035.
* When Phusion Passenger is installed through the Debian package,
passenger-install-apache2-module now checks whether the Apache
module package (libapache2-mod-passenger) is properly installed,
and installs it using apt-get if it's not installed. Fixes
issue #1031.
* The `passenger-status --show=xml` command no longer prints the non-XML
preamble, such as the version number and the time. Fixes issue #1037.
* The Ruby native extension check whether it's loaded against the right Ruby
version, to prevent problems when people upgrade Ruby without recompiling
their native extensions.
* Various other minor Debian packaging improvements.
</ChangeLog>
o) www/rubygem-passenger;
o) third-party modules for www/nginx and www/nginx-devel.
<ChangeLog>
* Fixed wrong autogeneration of HTTP Date header. If the web app does
not supply a Date header, then Passenger will add one. Unfortunately
due to the use of the wrong format string, December 30 2013 is
formatted as December 30 2014. As a result, cookies that expire before
2014 would expire on December 30 2013 and December 31 2013. Details can
be found at [Github pull request 93](https://github.com/phusion/passenger/pull/93).
This issue only affects Phusion Passenger for Nginx and Phusion Passenger
Standalone, and does not affect Phusion Passenger for Apache.
You can work around this problem in your application by setting a
Date header. For example, in Rails you can do:
before_filter { response.date = Time.now.utc }
Many thanks to Jeff Michael Dean (zilkey) and many others for bringing this
to our attention and for providing workarounds and feedback.
</ChangeLog>
o) www/rubygem-passenger;
o) third-party modules for www/nginx and www/nginx-devel.
<ChangeLog>
Release 4.0.29
--------------
* Fixed a compilation problem on OS X Mavericks.
Release 4.0.28
--------------
* Introduced a workaround for a GCC 4.6 bug. This bug could cause Phusion
Passsenger to crash during startup. Affected operating systems include
Ubuntu 12.04 and Amazon Linux 2013.09.01, though not every machine with
this OS installed exhibits the problem. See issue #902.
* Improved Node.js support: the Sails framework is now supported.
* Improved Node.js support: the streams2 API is now supported.
* Introduced support for hooks, allowing users to easily extend Phusion
Passenger's behavior.
* Fixed a bug in the `passenger start -R` option. It was broken because of a
change introduced in 4.0.25.
* Fixed a bug in PassengerMaxInstancesPerApp. Fixes issue #1016.
* Fixed compilation problems on Solaris.
* Fixed an encoding problem in the Apache autodetection code. Fixes
issue #1026.
* The Debian packages no longer depend on libruby.
* Application stdout and stderr are now printed without normal
Phusion Passenger debugging information, making them easier to read.
</ChangeLog>
o) www/rubygem-passenger;
o) third-party modules for www/nginx and www/nginx-devel.
<ChangeLog>
* [Apache] Fixed a bug in the Apache module which could lock up the Apache
process or thread. This is a regression introduced in version 4.0.24.
* Node.js application processes now have friendly process titles.
</ChangeLog>
o) www/rubygem-passenger;
o) third-party modules for www/nginx and www/nginx-devel.
<ChangeLog>
* Introduced the `PassengerBufferUpload` option for Apache. This option allows one
to disable upload buffering, e.g. in order to be able to track upload progress.
* [Nginx] The `HTTPS` variable is now set correctly for HTTPS connections, even
without setting `ssl on`. Fixes issue #401.
* [Standalone] It is now possible to listen on both a normal HTTP and an HTTPS port.
* [Enterprise] The `passenger-status` tool now displays rolling restart status.
</ChangeLog>
<ChangeLog>
*) Security: a character following an unescaped space in a request line
was handled incorrectly (CVE-2013-4547); the bug had appeared in
0.8.41.
Thanks to Ivan Fratric of the Google Security Team.
*) Change: a logging level of auth_basic errors about no user/password
provided has been lowered from "error" to "info".
*) Feature: the "proxy_cache_revalidate", "fastcgi_cache_revalidate",
"scgi_cache_revalidate", and "uwsgi_cache_revalidate" directives.
*) Feature: the "ssl_session_ticket_key" directive.
Thanks to Piotr Sikora.
*) Bugfix: the directive "add_header Cache-Control ''" added a
"Cache-Control" response header line with an empty value.
*) Bugfix: the "satisfy any" directive might return 403 error instead of
401 if auth_request and auth_basic directives were used.
Thanks to Jan Marc Hoffmann.
*) Bugfix: the "accept_filter" and "deferred" parameters of the "listen"
directive were ignored for listen sockets created during binary
upgrade.
Thanks to Piotr Sikora.
*) Bugfix: some data received from a backend with unbufferred proxy
might not be sent to a client immediately if "gzip" or "gunzip"
directives were used.
Thanks to Yichun Zhang.
*) Bugfix: in error handling in ngx_http_gunzip_filter_module.
*) Bugfix: responses might hang if the ngx_http_spdy_module was used
with the "auth_request" directive.
*) Bugfix: memory leak in nginx/Windows.
</ChangeLog>
<ChangeLog>
*) Feature: the "fastcgi_buffering" directive.
*) Feature: the "proxy_ssl_protocols" and "proxy_ssl_ciphers"
directives.
Thanks to Piotr Sikora.
*) Feature: optimization of SSL handshakes when using long certificate
chains.
*) Feature: the mail proxy supports SMTP pipelining.
*) Bugfix: in the ngx_http_auth_basic_module when using "$apr1$"
password encryption method.
Thanks to Markus Linnala.
*) Bugfix: in MacOSX, Cygwin, and nginx/Windows incorrect location might
be used to process a request if locations were given using characters
in different cases.
*) Bugfix: automatic redirect with appended trailing slash for proxied
locations might not work.
*) Bugfix: in the mail proxy server.
*) Bugfix: in the ngx_http_spdy_module.
</ChangeLog>
Remove needless entries for ngx_http_auth_request_module from distinfo, the module is the part of main distro.
<ChangeLog>
*) Change: now nginx assumes HTTP/1.0 by default if it is not able to
detect protocol reliably.
*) Feature: the "disable_symlinks" directive now uses O_PATH on Linux.
*) Feature: now nginx uses EPOLLRDHUP events to detect premature
connection close by clients if the "epoll" method is used.
*) Bugfix: in the "valid_referers" directive if the "server_names"
parameter was used.
*) Bugfix: the $request_time variable did not work in nginx/Windows.
*) Bugfix: in the "image_filter" directive.
Thanks to Lanshun Zhou.
*) Bugfix: OpenSSL 1.0.1f compatibility.
Thanks to Piotr Sikora.
</ChangeLog>
<ChangeLog>
*) Change: the "js" extension MIME type has been changed to
"application/javascript"; default value of the "charset_types"
directive was changed accordingly.
*) Change: now the "image_filter" directive with the "size" parameter
returns responses with the "application/json" MIME type.
*) Feature: the ngx_http_auth_request_module.
*) Bugfix: a segmentation fault might occur on start or during
reconfiguration if the "try_files" directive was used with an empty
parameter.
*) Bugfix: memory leak if relative paths were specified using variables
in the "root" or "auth_basic_user_file" directives.
*) Bugfix: the "valid_referers" directive incorrectly executed regular
expressions if a "Referer" header started with "https://".
Thanks to Liangbin Li.
*) Bugfix: responses might hang if subrequests were used and an SSL
handshake error happened during subrequest processing.
Thanks to Aviram Cohen.
*) Bugfix: in the ngx_http_autoindex_module.
*) Bugfix: in the ngx_http_spdy_module.
</ChangeLog>
Temporary ignore following third-party modules support:
o) HTTP_UPSTREAM_STICKY
o) DRIZZLE
o) POSTGRES
o) RTMP
o) SYSLOG
o) TCP_PROXY
<ChangeLog>
*) Change in internal API: now u->length defaults to -1 if working with
backends in unbuffered mode.
*) Change: now after receiving an incomplete response from a backend
server nginx tries to send an available part of the response to a
client, and then closes client connection.
*) Bugfix: a segmentation fault might occur in a worker process if the
ngx_http_spdy_module was used with the "client_body_in_file_only"
directive.
*) Bugfix: the "so_keepalive" parameter of the "listen" directive might
be handled incorrectly on DragonFlyBSD.
Thanks to Sepherosa Ziehau.
*) Bugfix: in the ngx_http_xslt_filter_module.
*) Bugfix: in the ngx_http_sub_filter_module.
</ChangeLog>
