We currently have a more or less circular dependency with nginx ssl and
full variant.
FULL variant depends on every nginx module. Every nginx module depends
on nginx-ssl.
Since nginx-full depends on an nginx module, nginx-ssl is installed as
module depends on it and then the installation fails as nginx-full
conflicts with nginx-ssl.
nginx-full in it's meaning is nginx built with every config selected and
it should not have module as dependency. In fact an user should always
install them separetly as while other things, local modification to the
nginx config file are required to include the just installed module.
To fix this circular dependency problem, drop the dependency of every
nginx module for FULL variant.
Fixes: #21300
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This commit adds support for http/3. This is an experimental version
and isn't fully supported because nginx is being built with the regular
OpenSSL and the regular one doesn't support quic.
Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
Update nginx to 1.25.1.
*) Feature: the "http2" directive, which enables HTTP/2 on a per-server
basis; the "http2" parameter of the "listen" directive is now
deprecated.
*) Change: HTTP/2 server push support has been removed.
*) Change: the deprecated "ssl" directive is not supported anymore.
*) Bugfix: in HTTP/3 when using OpenSSL.
Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
[ improve commit title and add nginx changelog ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
- 1.0.0:
- What's Changed:
- Handle situations where the cwd does not exist.
- Add python-decouple as a related project
- Drop support for python 3.7, add python 3.12-dev
- 0.21.1:
- Added:
- Use Python 3.11 non-beta in CI
- Modernize variables code
- Modernize main.py and parser.py code
- Improve conciseness of cli.py and init.py
- Improve error message for get and list commands when env file
can't be opened
- Updated Licence to align with BSD OSI template
Signed-off-by: Javier Marcet <javier@marcet.info>
- 1.6.1
- Fix Dispatcher keyboard interrupt. Should solve reconnect loop
with rel
- 1.6.0
- Fix teardown issue when ping thread is not properly ended
- Fix double ping wait time on first ping
- Minor typehints improvements
- 1.5.3
- Add logic to avoid error in the case where content-length header
does not exist, bug introduced in 1.5.2
- Fix wsdump.py script typing, bug introduced in 1.5.2
- 1.5.2
- Add typehints
- Fix pytype errors
- Fix args passed to logging function
- Standardize PEP 3101 formatting
- Add more verbose exception for unsuccessful handshake
Signed-off-by: Javier Marcet <javier@marcet.info>
with gcc 13 libwebsockets fails with -Werror=enum-int-mismatch with both
SSL variants. These 2 patches work out that issue. Problem is mentioned
as a issue in openwrt/packages#20949 and instead of overriding issue
with appropriate CFLAGS, this approach was suggested for me as it's
been made as a PR (for openssl) at warmcat/libwebsockets#2824
Second patch for mbedtls, was made by me using same approach
as was used of openssl.
Eventually these propably will be merged into libwebsockets mainstream.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Fixes CVE-2023-33476:
ReadyMedia (MiniDLNA) versions from 1.1.15 up to 1.3.2 is vulnerable
to Buffer Overflow. The vulnerability is caused by incorrect
validation logic when handling HTTP requests using chunked transport
encoding. This results in other code later using attacker-controlled
chunk values that exceed the length of the allocated buffer,
resulting in out-of-bounds read/write.
Signed-off-by: Robert Högberg <robert.hogberg@gmail.com>
This also removes the dependency on gnupg as there are two packages for
gpg, gnupg and gnupg2; this library should work with either one.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Backport a patch from upstream fixing wrong args handling with musl.
Before this patch non args must be passed at the end of the command due
to a musl limitation.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Fixes CVEs:
- CVE-2023-2828: The overmem cleaning process has been improved, to
prevent the cache from significantly exceeding the configured
max-cache-size limit.
- CVE-2023-2911: A query that prioritizes stale data over lookup
triggers a fetch to refresh the stale data in cache. If the fetch is
aborted for exceeding the recursion quota, it was possible for named
to enter an infinite callback loop and crash due to stack overflow.
The complete list of changes is available in the upstream release
notes at
https://ftp.isc.org/isc/bind9/cur/9.18/doc/arm/html/notes.html#notes-for-bind-9-18-16
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
* process local lists in strict sequential order to prevent possible race conditions
* support ranges in the IP search, too
* fix some minor search issues
Signed-off-by: Dirk Brenken <dev@brenken.org>
Javier Marcet