3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

256 commits

Author SHA1 Message Date
Frederik Rietdijk 7aa2b0215b Merge master into staging-next 2020-01-03 10:25:14 +01:00
Robin Gloster 6ca6ac796b
treewide: configureFlags is a flat list 2019-12-31 01:37:49 +01:00
Robin Gloster 5f2b92e3ec
treewide: NIX_*_COMPILE -> string 2019-12-31 00:13:29 +01:00
aszlig ccf55bead1
nginx: Clear Last-Modified if ETag is from store
This is what I've suspected a while ago[1]:

> Heads-up everyone: After testing this in a few production instances,
> it seems that some browsers still get cache hits for new store paths
> (and changed contents) for some reason. I highly suspect that it might
> be due to the last-modified header (as mentioned in [2]).
>
> Going to test this with last-modified disabled for a little while and
> if this is the case I think we should improve that patch by disabling
> last-modified if serving from a store path.

Much earlier[2] when I reviewed the patch, I wrote this:

> Other than that, it looks good to me.
>
> However, I'm not sure what we should do with Last-Modified header.
> From RFC 2616, section 13.3.4:
>
> - If both an entity tag and a Last-Modified value have been
>   provided by the origin server, SHOULD use both validators in
>   cache-conditional requests. This allows both HTTP/1.0 and
>   HTTP/1.1 caches to respond appropriately.
>
> I'm a bit nervous about the SHOULD here, as user agents in the wild
> could possibly just use Last-Modified and use the cached content
> instead.

Unfortunately, I didn't pursue this any further back then because
@pbogdan noted[3] the following:

> Hmm, could they (assuming they are conforming):
>
>  * If an entity tag has been provided by the origin server, MUST
>    use that entity tag in any cache-conditional request (using If-
>    Match or If-None-Match).

Since running with this patch in some deployments, I found that both
Firefox and Chrome/Chromium do NOT re-validate against the ETag if the
Last-Modified header is still the same.

So I wrote a small NixOS VM test with Geckodriver to have a test case
which is closer to the real world and I indeed was able to reproduce
this.

Whether this is actually a bug in Chrome or Firefox is an entirely
different issue and even IF it is the fault of the browsers and it is
fixed at some point, we'd still need to handle this for older browser
versions.

Apart from clearing the header, I also recreated the patch by using a
plain "git diff" with a small description on top. This should make it
easier for future authors to work on that patch.

[1]: https://github.com/NixOS/nixpkgs/pull/48337#issuecomment-495072764
[2]: https://github.com/NixOS/nixpkgs/pull/48337#issuecomment-451644084
[3]: https://github.com/NixOS/nixpkgs/pull/48337#issuecomment-451646135

Signed-off-by: aszlig <aszlig@nix.build>
2019-12-30 14:30:36 +01:00
Jörg Thalheim 571ed9d22e
nginx: reference tests 2019-11-29 12:27:55 +00:00
tekeri a5f26644d4 Add nginx perl modules (#73198)
* nginx: enable perl_module if perl is given

* nginx: move `perl = null` to toplevel
2019-11-27 17:08:56 +00:00
Franz Pletz de85797565
Merge remote-tracking branch 'origin/master' into gcc-8 2019-09-03 22:15:07 +02:00
Robin Gloster 616b8343c4
Merge remote-tracking branch 'upstream/master' into gcc-8 2019-08-25 18:55:46 +02:00
Vladimír Čunát 2e6bf42a22
Merge branch 'master' into staging-next
There ver very many conflicts, basically all due to
name -> pname+version.  Fortunately, almost everything was auto-resolved
by kdiff3, and for now I just fixed up a couple evaluation problems,
as verified by the tarball job.  There might be some fallback to these
conflicts, but I believe it should be minimal.

Hydra nixpkgs: ?compare=1538299
2019-08-24 08:55:37 +02:00
Robin Gloster 4e60b0efae
treewide: update globin's maintained drvs 2019-08-20 19:36:05 +02:00
volth c814d72b51 treewide: name -> pname 2019-08-17 10:54:38 +00:00
Izorkin 83381bec9c nginxMainline: 1.17.2 -> 1.17.3 2019-08-13 21:31:57 +03:00
Izorkin aec55db737 nginxStable: 1.16.0 -> 1.16.1 2019-08-13 21:30:08 +03:00
Izorkin 293e5d8365 nginxMainline: 1.16.0 -> 1.17.2 2019-07-24 21:09:22 +03:00
Franz Pletz c051374da2
nginx: fix build with gcc8 2019-06-17 07:06:02 +02:00
Izorkin 872f056bb4 nginxModules.lua: 0.10.14 -> 0.10.15 2019-05-13 12:37:14 +03:00
Izorkin fa3f68edab nginxModules.http_proxy_connect_module: 16.04.2019 -> 06.05.2019 2019-05-13 12:37:10 +03:00
Jörg Thalheim 0816c69173
nginxModules: update and add nginx modules (#59949)
nginxModules: update and add nginx modules
2019-05-13 10:15:09 +01:00
Izorkin 619aa5c97f nginxMainline: 1.15.12 -> 1.16.0 2019-04-30 07:56:29 +03:00
Izorkin 65a736064a nginxStable: 1.14.2 -> 1.16.0 2019-04-30 07:56:23 +03:00
Yurii Izorkin 5ba8811758 nginxMainline: 1.15.10 -> 1.15.12 (#59950) 2019-04-22 00:08:08 +02:00
Izorkin 452cf0b3e2 nginxModules.naxsi: init at 0.56 2019-04-21 11:10:49 +03:00
Izorkin 6600d00ed1 nginxModules.video-thumbextractor: init at 0.9.0 2019-04-21 10:32:46 +03:00
Izorkin f6525448a5 nginxModules.sorted-querystring: init at 0.3 2019-04-21 10:30:29 +03:00
Izorkin b329187524 nginxModules.limit-speed: init at 21.05.2014 2019-04-21 10:27:31 +03:00
Izorkin 13c938ac1e nginxModules.subsFilter: 0.6.4 -> 13.04.2016 2019-04-21 10:21:44 +03:00
Izorkin d1dff5a9ec nginxModules.upstream-tarantool: 2.7 -> 2.7.1 2019-04-20 23:11:08 +03:00
Izorkin 6a154d00c3 nginxModules.upstream-check: 10.11.2017 -> 12.08.2018 2019-04-20 23:08:55 +03:00
Izorkin d66b94da62 nginxModules.coolkit: init at 0.2 2019-04-20 22:35:55 +03:00
Izorkin 80666e68b2 nginxModules.slowfs-cache: init at 1.10 2019-04-20 22:29:29 +03:00
Izorkin 8c1131ef28 nginxModules.lua: 0.10.13 -> 0.10.14 2019-04-20 22:29:29 +03:00
Izorkin 89a73423ab nginxModules.mpeg-ts: init at 0.1.1 2019-04-20 22:29:24 +03:00
Izorkin c940a7caa0 nginxModules.live: init at 18.11.2018 2019-04-20 21:46:45 +03:00
Izorkin b0dc2d6106 nginxModules.dav: 0.1.0 -> 3.0.0 2019-04-20 21:40:09 +03:00
Izorkin 7a5d938067 nginxModules.http_proxy_connect_module: 05.09.2018 -> 16.04.2019 2019-04-20 21:33:18 +03:00
aszlig 1f24685d93
nginx/etag-patch: Use Nix store dir from build env
So far, the Nix store directory was hardcoded and if someone uses a
different Nix store directory the patch won't work. Of course, this is
pretty uncommon, but by not only substituting the store directory but
also the length of it we also save a few calls to ngx_strlen(), which
should save us a few cycles.

Signed-off-by: aszlig <aszlig@nix.build>
2019-04-18 10:07:55 +02:00
aszlig af5a3ce474
nginx: Fix memleak in nix-etag patch
The original patch introduced a new "real" variable which gets populated
(and allocated) via ngx_realpath(). It's properly freed in error
conditions but it won't be freed if ngx_http_set_etag returns
successfully.

Adding another ngx_free() just before returning fixes that memory leak.

I also fixed a small indentation issue along the way.

Signed-off-by: aszlig <aszlig@nix.build>
2019-04-18 09:40:13 +02:00
Yegor Timoshenko 1da8eec00f
nginx: handle impure symlinks in ETag patch 2019-04-18 09:40:11 +02:00
Yegor Timoshenko f03302b636
nginx: check for realpath() == NULL in ETag patch
Thanks to Gabriel Ebner!
2019-04-18 09:40:09 +02:00
Yegor Timoshenko 135d54f535
nginx: if root is in Nix store, use path's hash as ETag
Resolves #25485. Usage example:

$ realpath /var/www
/nix/store/wnrhnnpdj3x50j5xz38zp1qxs1ygwccw-site
$ curl --head localhost
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 28 Sep 2018 06:09:25 GMT
Content-Type: text/html
Content-Length: 50
Last-Modified: Thu, 01 Jan 1970 00:00:01 GMT
Connection: keep-alive
ETag: "wnrhnnpdj3x50j5xz38zp1qxs1ygwccw"
Accept-Ranges: bytes
2019-04-18 09:40:06 +02:00
Franz Pletz 4c0d1ae7be
nginxMainline: 1.15.9 -> 1.15.10 2019-04-02 12:02:39 +02:00
Maximilian Bosch 37867dba74
nginxModules.http_proxy_connect_module: init
This adds the nginx module `ngx_http_proxy_connect_module` which allows
to tunnel HTTPS through an nginx proxy[1].

As this module contained patches for several nginx version, some minor
adjustments were needed:

* Allowed each entry in `nginxModules` to provide patches.

* Added an optional `supports` attribute to ensure that each module can
  determine if it supports the currently built nginx version (e.g. stable
  1.14 ATM or mainline 1.15 ATM).

[1] https://github.com/chobits/ngx_http_proxy_connect_module
2019-03-29 23:53:09 +01:00
Benjamin Smith f4d24273e5 nginx: add http subs filter module (#56546) 2019-03-13 02:16:40 +02:00
Alyssa Ross 2576d09716 nginxMainline: 1.15.8 -> 1.15.9 (#56416) 2019-02-28 22:13:35 +01:00
Vincent Bernat 33802e9ed8 nginx: expose list of additional modules (#53897)
Currently, it seems there is no easy way to override package to add
modules. For example, if we want to add the `ipscrub` module, we can
do:

    pkgs.nginxStable.override {
      modules = [ pkgs.nginxModules.ipscrub ];
    };

But, then, we loose `rtmp`, `dav` and `moreheaders` which are defined
in `all-packages.nix`. With this modification, we can now do:

    pkgs.nginxStable.override {
      modules = pkg.nginxStable.passthru.modules ++ [ pkgs.nginxModules.ipscrub ];
    };
2019-01-31 02:15:14 +02:00
Franz Pletz 9ea5b2c052
nginxMainline: 1.15.7 -> 1.15.8 2019-01-11 07:55:25 +01:00
Jörg Thalheim 8871ffccff nginx: fix cross-build 2018-12-11 18:13:21 +01:00
Alyssa Ross 703827f36c nginx: 1.14.1 -> 1.14.2 2018-12-05 10:56:06 -06:00
Alyssa Ross dcae76862b nginxMainline: 1.15.6 -> 1.15.7 2018-11-27 21:28:49 +00:00
Alyssa Ross de9026de6e
nginxMainline: 1.15.5 -> 1.15.6
CVE-2018-16843, CVE-2018-16844

https://nginx.org/en/security_advisories.html
2018-11-15 17:52:05 +00:00