Re: Should nginx' default shipped fastcgi_param file updated to mitigate httpoxy?

Hello! On Tue, Jul 19, 2016 at 03:48:16PM +0200, Thomas Deutschmann wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > Hi, > > I am proxy maintaining the nginx package on Gentoo. > > Regarding the recent "httpoxy" problem (you already published a blog > posting [1] with

Should nginx' default shipped fastcgi_param file updated to mitigate httpoxy?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, I am proxy maintaining the nginx package on Gentoo. Regarding the recent "httpoxy" problem (you already published a blog posting [1] with instructions how to mitigate the problem) we are unsure if we should update our package to ship your

[nginx] HTTP/2: always handle streams in error state.

details: http://hg.nginx.org/nginx/rev/a2b310a8b2af branches: changeset: 6638:a2b310a8b2af user: Valentin Bartenev date: Tue Jul 19 20:22:44 2016 +0300 description: HTTP/2: always handle streams in error state. Previously, a stream could be closed by timeout if it

[nginx] HTTP/2: prevented output of the HEADERS frame for canceled streams.

details: http://hg.nginx.org/nginx/rev/699e409a3e0c branches: changeset: 6637:699e409a3e0c user: Valentin Bartenev date: Tue Jul 19 20:22:44 2016 +0300 description: HTTP/2: prevented output of the HEADERS frame for canceled streams. It's useless to generate HEADERS

[nginx] HTTP/2: always send GOAWAY while worker is shutting down.

details: http://hg.nginx.org/nginx/rev/ea284434db0f branches: changeset: 6636:ea284434db0f user: Valentin Bartenev date: Tue Jul 19 20:22:44 2016 +0300 description: HTTP/2: always send GOAWAY while worker is shutting down. Previously, if the worker process exited,

[nginx] HTTP/2: refactored ngx_http_v2_send_output_queue().

details: http://hg.nginx.org/nginx/rev/b5d1c17181ca branches: changeset: 6641:b5d1c17181ca user: Valentin Bartenev date: Tue Jul 19 20:34:02 2016 +0300 description: HTTP/2: refactored ngx_http_v2_send_output_queue(). Now it returns NGX_AGAIN if there's still data

[nginx] HTTP/2: flushing of the SSL buffer in transition to the idle state.

details: http://hg.nginx.org/nginx/rev/72282dd5884e branches: changeset: 6642:72282dd5884e user: Valentin Bartenev date: Tue Jul 19 20:34:17 2016 +0300 description: HTTP/2: flushing of the SSL buffer in transition to the idle state. It fixes potential connection

[nginx] HTTP/2: fixed send timer handling.

details: http://hg.nginx.org/nginx/rev/e78eca6bfaf0 branches: changeset: 6640:e78eca6bfaf0 user: Valentin Bartenev date: Tue Jul 19 20:31:09 2016 +0300 description: HTTP/2: fixed send timer handling. Checking for return value of c->send_chain() isn't sufficient

[nginx] HTTP/2: avoid sending output queue if there's nothing to send.

details: http://hg.nginx.org/nginx/rev/82efcedb310b branches: changeset: 6639:82efcedb310b user: Valentin Bartenev date: Tue Jul 19 20:30:21 2016 +0300 description: HTTP/2: avoid sending output queue if there's nothing to send. Particularly this fixes alerts on OS