AU: 1 updated - nginx-service

[skip ci] https://gist.github.com/1b0f0584554f6e98b14aca7f2fec2230/ade50d507c82643a8f8bf2ac55e0022036cf651d

nginx-service/nginx-service.nuspec

@@ -4,7 +4,7 @@
   <metadata>
 	<!-- == PACKAGE SPECIFIC SECTION == -->
     <id>nginx-service</id>
-    <version>1.20.1</version>
+    <version>1.20.2</version>
     <packageSourceUrl>https://github.com/Pilskalns/choco-au-packages/tree/master/nginx-service</packageSourceUrl>
     <owners>Andzs Pilskalns</owners>
 	<!-- == SOFTWARE SPECIFIC SECTION == -->
@@ -57,11 +57,25 @@ On default, the service will autostart with Windows. To disable this use Service
 
 See the [nginx.org](https://nginx.org) for more detailed documentation.
 ]]></description>
-	<releaseNotes><![CDATA[*) Security: 1-byte memory overwrite might occur during DNS server
-   response processing if the "resolver" directive was used, allowing an
-   attacker who is able to forge UDP packets from the DNS server to
-   cause worker process crash or, potentially, arbitrary code execution
-   (CVE-2021-23017).]]></releaseNotes>
+	<releaseNotes><![CDATA[*) Feature: OpenSSL 3.0 compatibility.
+
+*) Bugfix: SSL variables might be empty when used in logs; the bug had
+   appeared in 1.19.5.
+
+*) Bugfix: keepalive connections with gRPC backends might not be closed
+   after receiving a GOAWAY frame.
+
+*) Bugfix: backend SSL connections in the stream module might hang after
+   an SSL handshake.
+
+*) Bugfix: SSL connections with gRPC backends might hang if select,
+   poll, or /dev/poll methods were used.
+
+*) Bugfix: in the $content_length variable when using chunked transfer
+   encoding.
+
+*) Bugfix: requests might hang when using HTTP/2 and the "aio_write"
+   directive.]]></releaseNotes>
     <dependencies>
 		  <dependency id="nssm" version="2.24.0" />
     </dependencies>

nginx-service/nginx-service.nuspec.mainline

@@ -4,7 +4,7 @@
   <metadata>
 	<!-- == PACKAGE SPECIFIC SECTION == -->
     <id>nginx-service</id>
-    <version>1.21.0-mainline</version>
+    <version>1.21.4-mainline</version>
     <packageSourceUrl>https://github.com/Pilskalns/choco-au-packages/tree/master/nginx-service</packageSourceUrl>
     <owners>Andzs Pilskalns</owners>
 	<!-- == SOFTWARE SPECIFIC SECTION == -->
@@ -57,30 +57,39 @@ On default, the service will autostart with Windows. To disable this use Service
 
 See the [nginx.org](https://nginx.org) for more detailed documentation.
 ]]></description>
-	<releaseNotes><![CDATA[*) Security: 1-byte memory overwrite might occur during DNS server
-   response processing if the "resolver" directive was used, allowing an
-   attacker who is able to forge UDP packets from the DNS server to
-   cause worker process crash or, potentially, arbitrary code execution
-   (CVE-2021-23017).
+	<releaseNotes><![CDATA[*) Change: support for NPN instead of ALPN to establish HTTP/2
+   connections has been removed.
 
-*) Feature: variables support in the "proxy_ssl_certificate",
-   "proxy_ssl_certificate_key" "grpc_ssl_certificate",
-   "grpc_ssl_certificate_key", "uwsgi_ssl_certificate", and
-   "uwsgi_ssl_certificate_key" directives.
+*) Change: now nginx rejects SSL connections if ALPN is used by the
+   client, but no supported protocols can be negotiated.
 
-*) Feature: the "max_errors" directive in the mail proxy module.
+*) Change: the default value of the "sendfile_max_chunk" directive was
+   changed to 2 megabytes.
 
-*) Feature: the mail proxy module supports POP3 and IMAP pipelining.
+*) Feature: the "proxy_half_close" directive in the stream module.
 
-*) Feature: the "fastopen" parameter of the "listen" directive in the
-   stream module.
-   Thanks to Anbang Wen.
+*) Feature: the "ssl_alpn" directive in the stream module.
 
-*) Bugfix: special characters were not escaped during automatic redirect
-   with appended trailing slash.
+*) Feature: the $ssl_alpn_protocol variable.
 
-*) Bugfix: connections with clients in the mail proxy module might be
-   closed unexpectedly when using SMTP pipelining.]]></releaseNotes>
+*) Feature: support for SSL_sendfile() when using OpenSSL 3.0.
+
+*) Feature: the "mp4_start_key_frame" directive in the
+   ngx_http_mp4_module.
+   Thanks to Tracey Jaquith.
+
+*) Bugfix: in the $content_length variable when using chunked transfer
+   encoding.
+
+*) Bugfix: after receiving a response with incorrect length from a
+   proxied backend nginx might nevertheless cache the connection.
+   Thanks to Awdhesh Mathpal.
+
+*) Bugfix: invalid headers from backends were logged at the "info" level
+   instead of "error"; the bug had appeared in 1.21.1.
+
+*) Bugfix: requests might hang when using HTTP/2 and the "aio_write"
+   directive.]]></releaseNotes>
     <dependencies>
 		  <dependency id="nssm" version="2.24.0" />
     </dependencies>

nginx-service/nginx-service.nuspec.stable

@@ -4,7 +4,7 @@
   <metadata>
 	<!-- == PACKAGE SPECIFIC SECTION == -->
     <id>nginx-service</id>
-    <version>1.20.1</version>
+    <version>1.20.2</version>
     <packageSourceUrl>https://github.com/Pilskalns/choco-au-packages/tree/master/nginx-service</packageSourceUrl>
     <owners>Andzs Pilskalns</owners>
 	<!-- == SOFTWARE SPECIFIC SECTION == -->
@@ -57,11 +57,25 @@ On default, the service will autostart with Windows. To disable this use Service
 
 See the [nginx.org](https://nginx.org) for more detailed documentation.
 ]]></description>
-	<releaseNotes><![CDATA[*) Security: 1-byte memory overwrite might occur during DNS server
-   response processing if the "resolver" directive was used, allowing an
-   attacker who is able to forge UDP packets from the DNS server to
-   cause worker process crash or, potentially, arbitrary code execution
-   (CVE-2021-23017).]]></releaseNotes>
+	<releaseNotes><![CDATA[*) Feature: OpenSSL 3.0 compatibility.
+
+*) Bugfix: SSL variables might be empty when used in logs; the bug had
+   appeared in 1.19.5.
+
+*) Bugfix: keepalive connections with gRPC backends might not be closed
+   after receiving a GOAWAY frame.
+
+*) Bugfix: backend SSL connections in the stream module might hang after
+   an SSL handshake.
+
+*) Bugfix: SSL connections with gRPC backends might hang if select,
+   poll, or /dev/poll methods were used.
+
+*) Bugfix: in the $content_length variable when using chunked transfer
+   encoding.
+
+*) Bugfix: requests might hang when using HTTP/2 and the "aio_write"
+   directive.]]></releaseNotes>
     <dependencies>
 		  <dependency id="nssm" version="2.24.0" />
     </dependencies>

nginx-service/tools/VERIFICATION.ps1

@@ -18,7 +18,7 @@ Invoke-WebRequest "https://nginx.org/keys/mdounin.key" -UseBasicParsing -OutFile
 
 # Get original signature from
 # https://nginx.org/en/download.html
-Invoke-WebRequest "https://nginx.org/download/nginx-1.20.1.zip.asc" -UseBasicParsing -OutFile "$toolsDir\..\bin\nginx-1.20.1.zip.asc"
+Invoke-WebRequest "https://nginx.org/download/nginx-1.20.2.zip.asc" -UseBasicParsing -OutFile "$toolsDir\..\bin\nginx-1.20.2.zip.asc"
 
 ### Preperation
 # Check that we have GPG 
@@ -27,4 +27,4 @@ choco install gpg4win -y | out-null
 ### Verify
 # Import keys and verify ZIP file against the signature
 gpg --import "$toolsDir\..\bin\mdounin.key"
-gpg --verify "$toolsDir\..\bin\nginx-1.20.1.zip.asc" "$toolsDir\..\bin\nginx.zip"
+gpg --verify "$toolsDir\..\bin\nginx-1.20.2.zip.asc" "$toolsDir\..\bin\nginx.zip"

nginx-service/tools/VERIFICATION.txt

@@ -3,12 +3,12 @@ VERIFICATION
 Nginx for each release provide a ZIP file and .asc signature file.
 Files are listed on the official page http://nginx.org/en/download.html
 
-This package bin\ content includes the release ZIP file, obtained from https://nginx.org/download/nginx-1.20.1.zip
+This package bin\ content includes the release ZIP file, obtained from https://nginx.org/download/nginx-1.20.2.zip
 
 Package also includes VERIFICATION.ps1, which essentially does the following:
 
     1. Downloads Maxim Dounin’s publick key from https://nginx.org/en/pgp_keys.html
-    2. Downloads signature for this release: https://nginx.org/download/nginx-1.20.1.zip.asc
+    2. Downloads signature for this release: https://nginx.org/download/nginx-1.20.2.zip.asc
     3. Verifies signature authenticity against bin\nginx.zip
 
 File 'LICENSE.txt' is obtained from <https://nginx.org/LICENSE>