nginx: Update to version 1.26.1

- Update from version 1.24.0 to 1.26.1
- Update of rootfile not required
- Version 1.24.0 is now a legacy version, no longer being supported. Stable version has
   changed to 1.26.x series.
- Various CVE fixes in 1.26.1 and in 1.25.4, the development branch that became 1.26.0,
   that the legacy version 1.24.0 is also vulnerable to.
- Changelog
    1.26.1
	    *) Security: when using HTTP/3, processing of a specially crafted QUIC
	       session might cause a worker process crash, worker process memory
	       disclosure on systems with MTU larger than 4096 bytes, or might have
	       potential other impact (CVE-2024-32760, CVE-2024-31079,
	       CVE-2024-35200, CVE-2024-34161).
	    *) Bugfix: reduced memory consumption for long-lived requests if "gzip",
	       "gunzip", "ssi", "sub_filter", or "grpc_pass" directives are used.
	    *) Bugfix: nginx could not be built by gcc 14 if the --with-atomic
	       option was used.
	    *) Bugfix: in HTTP/3.
    1.26.0
	    *) 1.26.x stable branch.
    1.25.5
	    *) Feature: virtual servers in the stream module.
	    *) Feature: the ngx_stream_pass_module.
	    *) Feature: the "deferred", "accept_filter", and "setfib" parameters of
	       the "listen" directive in the stream module.
	    *) Feature: cache line size detection for some architectures.
	    *) Feature: support for Homebrew on Apple Silicon.
	    *) Bugfix: Windows cross-compilation bugfixes and improvements.
	    *) Bugfix: unexpected connection closure while using 0-RTT in QUIC.
    1.25.4
	    *) Security: when using HTTP/3 a segmentation fault might occur in a
	       worker process while processing a specially crafted QUIC session
	       (CVE-2024-24989, CVE-2024-24990).
	    *) Bugfix: connections with pending AIO operations might be closed
	       prematurely during graceful shutdown of old worker processes.
	    *) Bugfix: socket leak alerts no longer logged when fast shutdown was
	       requested after graceful shutdown of old worker processes.
	    *) Bugfix: a socket descriptor error, a socket leak, or a segmentation
	       fault in a worker process (for SSL proxying) might occur if AIO was
	       used in a subrequest.
	    *) Bugfix: a segmentation fault might occur in a worker process if SSL
	       proxying was used along with the "image_filter" directive and errors
	       with code 415 were redirected with the "error_page" directive.
	    *) Bugfixes and improvements in HTTP/3.
    1.25.3
	    *) Change: improved detection of misbehaving clients when using HTTP/2.
	    *) Feature: startup speedup when using a large number of locations.
	       Thanks to Yusuke Nojima.
	    *) Bugfix: a segmentation fault might occur in a worker process when
	       using HTTP/2 without SSL; the bug had appeared in 1.25.1.
	    *) Bugfix: the "Status" backend response header line with an empty
	       reason phrase was handled incorrectly.
	    *) Bugfix: memory leak during reconfiguration when using the PCRE2
	       library.
	    *) Bugfixes and improvements in HTTP/3.
    1.25.2
	    *) Feature: path MTU discovery when using HTTP/3.
	    *) Feature: TLS_AES_128_CCM_SHA256 cipher suite support when using
	       HTTP/3.
	    *) Change: now nginx uses appname "nginx" when loading OpenSSL
	       configuration.
	    *) Change: now nginx does not try to load OpenSSL configuration if the
	       --with-openssl option was used to built OpenSSL and the OPENSSL_CONF
	       environment variable is not set.
	    *) Bugfix: in the $body_bytes_sent variable when using HTTP/3.
	    *) Bugfix: in HTTP/3.
    1.25.1
	    *) Feature: the "http2" directive, which enables HTTP/2 on a per-server
	       basis; the "http2" parameter of the "listen" directive is now
	       deprecated.
	    *) Change: HTTP/2 server push support has been removed.
	    *) Change: the deprecated "ssl" directive is not supported anymore.
	    *) Bugfix: in HTTP/3 when using OpenSSL.
    1.25.0
	    *) Feature: experimental HTTP/3 support.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/lfs/nginx b/lfs/nginx
index ef314a1778367bf176097934d9cf3522c49e0cb8..c344b2955173be2b204c38b27934a837551056bd 100644 (file)
--- a/lfs/nginx
+++ b/lfs/nginx
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2023  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -25,7 +25,7 @@
 include Config
 
 SUMMARY    = A HTTP server and IMAP/POP3 proxy server
-VER        = 1.24.0
+VER        = 1.26.1
 
 THISAPP    = nginx-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -33,7 +33,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = nginx
-PAK_VER    = 15
+PAK_VER    = 16
 
 DEPS       =
 
@@ -47,7 +47,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 7f671c57666dec822bff72fcf0e4eec35ecf981b8f1e489827f9bbbf9179036f61c9fdc7e497c076ccaeb35b9ba3dfe7684e4fc91ee9cae52601f68859bb034d
+$(DL_FILE)_BLAKE2 = 5df95f6771a93009f5bd1a4038857c29af580d18af841e8cffe073339578b3ae0492d3a4cc797cac03a1039096ac5206ed1fa01da11c98591bce2cc4b2d18679
 
 install : $(TARGET)