Changes - j0ke.net Open Build Service

Changes of Revision 7

[-] [+]	Added	nginx.changes
@@ -0,0 +1,75 @@ +------------------------------------------------------------------- +Wed Aug 14 12:08:47 UTC 2019 - Local OBS User <cs@linux-administrator.com> + +- security update 1.16.1 + +------------------------------------------------------------------- +Tue Mar 12 06:58:53 UTC 2019 - Local OBS User <cs@linux-administrator.com> + +- update to nginx 1.14.2 +- update openssl to 1.1.1b + +------------------------------------------------------------------- +Tue Jun 5 13:27:07 UTC 2018 - cs@linux-administrator.com + +- update to nginx 1.14.0 + +------------------------------------------------------------------- +Tue Jun 5 13:00:11 UTC 2018 - cs@linux-administrator.com + +- update to nginx 1.13.12 +- update openssl to 1.1.0h + +------------------------------------------------------------------- +Mon Mar 5 06:35:03 UTC 2018 - cs@linux-administrator.com + +- downgrade to 1.13.8 because of startup segfault + +------------------------------------------------------------------- +Wed Feb 28 06:49:49 UTC 2018 - cs@linux-administrator.com + +- update to nginx 1.13.9 + +------------------------------------------------------------------- +Wed Jan 17 08:34:43 UTC 2018 - cs@linux-administrator.com + +- update to nginx 1.13.8 + +------------------------------------------------------------------- +Tue Dec 12 11:37:50 UTC 2017 - cs@linux-administrator.com + +- update to nginx 1.13.7 + +------------------------------------------------------------------- +Wed Apr 5 10:58:26 UTC 2017 - cs@linux-administrator.com + +- update to nginx 1.11.13 + +------------------------------------------------------------------- +Wed Dec 28 20:00:08 UTC 2016 - cs@linux-administrator.com + +- update to nginx 1.11.8 + +------------------------------------------------------------------- +Wed Dec 14 11:07:19 UTC 2016 - cs@linux-administrator.com + +- update to nginx 1.11.7 + +------------------------------------------------------------------- +Mon Nov 28 07:21:41 UTC 2016 - cs@linux-administrator.com + +- update to nginx 1.11.6 +- update nginx rtmp module to 1.1.10 + +------------------------------------------------------------------- +Wed Oct 12 21:29:31 UTC 2016 - cs@linux-administrator.com + +- update to nginx 1.11.5 + +------------------------------------------------------------------- +Wed Sep 28 18:04:31 UTC 2016 - cs@linux-administrator.com + +- update to nginx 1.11.4 +- update openssl to 1.0.2j +- update nginx rtmp module to 1.1.9 +
[-] [+]	Added	2bc1dac6fb3ed263529decb211ec784824132bf4.patch ^
@@ -0,0 +1,38 @@ +From 2bc1dac6fb3ed263529decb211ec784824132bf4 Mon Sep 17 00:00:00 2001 +From: Chris Lea <chris.lea@gmail.com> +Date: Tue, 15 Nov 2016 22:26:35 -0800 +Subject: [PATCH] default_port was removed in 1.11.6. + +--- + ngx_http_upstream_fair_module.c \| 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/ngx_http_upstream_fair_module.c b/ngx_http_upstream_fair_module.c +index a4419ca..66144e9 100644 +--- a/ngx_http_upstream_fair_module.c ++++ b/ngx_http_upstream_fair_module.c +@@ -540,7 +540,11 @@ ngx_http_upstream_init_fair_rr(ngx_conf_t cf, ngx_http_upstream_srv_conf_t us) + + /* an upstream implicitly defined by proxy_pass, etc. / + ++#if nginx_version < 1011006 + if (us->port == 0 && us->default_port == 0) { ++#else ++ if (us->port == 0) { ++#endif + ngx_log_error(NGX_LOG_EMERG, cf->log, 0, + "no port in upstream \"%V\" in %s:%ui", + &us->host, us->file_name, us->line); +@@ -550,8 +554,11 @@ ngx_http_upstream_init_fair_rr(ngx_conf_t cf, ngx_http_upstream_srv_conf_t *us) + ngx_memzero(&u, sizeof(ngx_url_t)); + + u.host = us->host; ++#if nginx_version < 1011006 + u.port = (in_port_t) (us->port ? us->port : us->default_port); +- ++#else ++ u.port = (in_port_t) us->port; ++#endif + if (ngx_inet_resolve_host(cf->pool, &u) != NGX_OK) { + if (u.err) { + ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
[-] [+]	Added	check_1.7.5+.patch ^
@@ -0,0 +1,195 @@ +diff --git a/src/http/modules/ngx_http_upstream_ip_hash_module.c b/src/http/modules/ngx_http_upstream_ip_hash_module.c +index 148d73a..913e395 100644 +--- a/src/http/modules/ngx_http_upstream_ip_hash_module.c ++++ b/src/http/modules/ngx_http_upstream_ip_hash_module.c +@@ -9,6 +9,9 @@ + #include <ngx_core.h> + #include <ngx_http.h> + ++#if (NGX_HTTP_UPSTREAM_CHECK) ++#include "ngx_http_upstream_check_module.h" ++#endif + + typedef struct { + /* the round robin data must be first / +@@ -212,6 +215,15 @@ ngx_http_upstream_get_ip_hash_peer(ngx_peer_connection_t pc, void data) + goto next_try; + } + ++#if (NGX_HTTP_UPSTREAM_CHECK) ++ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0, ++ "get ip_hash peer, check_index: %ui", ++ peer->check_index); ++ if (ngx_http_upstream_check_peer_down(peer->check_index)) { ++ goto next_try; ++ } ++#endif ++ + if (peer->max_fails + && peer->fails >= peer->max_fails + && now - peer->checked <= peer->fail_timeout) +diff --git a/src/http/modules/ngx_http_upstream_least_conn_module.c b/src/http/modules/ngx_http_upstream_least_conn_module.c +index 623bc9b..a223839 100644 +--- a/src/http/modules/ngx_http_upstream_least_conn_module.c ++++ b/src/http/modules/ngx_http_upstream_least_conn_module.c +@@ -9,6 +9,9 @@ + #include <ngx_core.h> + #include <ngx_http.h> + ++#if (NGX_HTTP_UPSTREAM_CHECK) ++#include "ngx_http_upstream_check_module.h" ++#endif + + typedef struct { + ngx_uint_t conns; +@@ -203,6 +206,16 @@ ngx_http_upstream_get_least_conn_peer(ngx_peer_connection_t pc, void data) + continue; + } + ++#if (NGX_HTTP_UPSTREAM_CHECK) ++ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0, ++ "get least_conn peer, check_index: %ui", ++ peer->check_index); ++ ++ if (ngx_http_upstream_check_peer_down(peer->check_index)) { ++ continue; ++ } ++#endif ++ + if (peer->max_fails + && peer->fails >= peer->max_fails + && now - peer->checked <= peer->fail_timeout) +@@ -256,6 +269,16 @@ ngx_http_upstream_get_least_conn_peer(ngx_peer_connection_t pc, void data) + continue; + } + ++#if (NGX_HTTP_UPSTREAM_CHECK) ++ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0, ++ "get least_conn peer, check_index: %ui", ++ peer->check_index); ++ ++ if (ngx_http_upstream_check_peer_down(peer->check_index)) { ++ continue; ++ } ++#endif ++ + if (lcp->conns[i] * best->weight != lcp->conns[p] * peer->weight) { + continue; + } +diff --git a/src/http/ngx_http_upstream_round_robin.c b/src/http/ngx_http_upstream_round_robin.c +index 2d0649b..b9789eb 100644 +--- a/src/http/ngx_http_upstream_round_robin.c ++++ b/src/http/ngx_http_upstream_round_robin.c +@@ -9,6 +9,9 @@ + #include <ngx_core.h> + #include <ngx_http.h> + ++#if (NGX_HTTP_UPSTREAM_CHECK) ++#include "ngx_http_upstream_check_module.h" ++#endif + + #define ngx_http_upstream_tries(p) ((p)->number \ + + ((p)->next ? (p)->next->number : 0)) +@@ -92,6 +95,14 @@ ngx_http_upstream_init_round_robin(ngx_conf_t cf, + peer[n].fail_timeout = server[i].fail_timeout; + peer[n].down = server[i].down; + peer[n].server = server[i].name; ++#if (NGX_HTTP_UPSTREAM_CHECK) ++ if (!server[i].down) { ++ peers->peer[n].check_index = ++ ngx_http_upstream_check_add_peer(cf, us, &server[i].addrs[j]); ++ } else { ++ peers->peer[n].check_index = (ngx_uint_t) NGX_ERROR; ++ } ++#endif + n++; + } + } +@@ -148,6 +159,15 @@ ngx_http_upstream_init_round_robin(ngx_conf_t cf, + peer[n].fail_timeout = server[i].fail_timeout; + peer[n].down = server[i].down; + peer[n].server = server[i].name; ++#if (NGX_HTTP_UPSTREAM_CHECK) ++ if (!server[i].down) { ++ backup->peer[n].check_index = ++ ngx_http_upstream_check_add_peer(cf, us, &server[i].addrs[j]); ++ } ++ else { ++ backup->peer[n].check_index = (ngx_uint_t) NGX_ERROR; ++ } ++#endif + n++; + } + } +@@ -207,6 +227,9 @@ ngx_http_upstream_init_round_robin(ngx_conf_t cf, + peer[i].current_weight = 0; + peer[i].max_fails = 1; + peer[i].fail_timeout = 10; ++#if (NGX_HTTP_UPSTREAM_CHECK) ++ peers->peer[i].check_index = (ngx_uint_t) NGX_ERROR; ++#endif + } + + us->peer.data = peers; +@@ -316,7 +339,9 @@ ngx_http_upstream_create_round_robin_peer(ngx_http_request_t r, + peer[0].current_weight = 0; + peer[0].max_fails = 1; + peer[0].fail_timeout = 10; +- ++#if (NGX_HTTP_UPSTREAM_CHECK) ++ peers->peer[0].check_index = (ngx_uint_t) NGX_ERROR; ++#endif + } else { + + for (i = 0; i < ur->naddrs; i++) { +@@ -356,6 +381,9 @@ ngx_http_upstream_create_round_robin_peer(ngx_http_request_t r, + peer[i].current_weight = 0; + peer[i].max_fails = 1; + peer[i].fail_timeout = 10; ++#if (NGX_HTTP_UPSTREAM_CHECK) ++ peers->peer[i].check_index = (ngx_uint_t) NGX_ERROR; ++#endif + } + } + +@@ -415,6 +443,12 @@ ngx_http_upstream_get_round_robin_peer(ngx_peer_connection_t pc, void data) + goto failed; + } + ++#if (NGX_HTTP_UPSTREAM_CHECK) ++ if (ngx_http_upstream_check_peer_down(peer->check_index)) { ++ goto failed; ++ } ++#endif ++ + } else { + + / there are several peers / +@@ -507,6 +541,12 @@ ngx_http_upstream_get_peer(ngx_http_upstream_rr_peer_data_t rrp) + continue; + } + ++#if (NGX_HTTP_UPSTREAM_CHECK) ++ if (ngx_http_upstream_check_peer_down(peer->check_index)) { ++ continue; ++ } ++#endif ++ + if (peer->max_fails + && peer->fails >= peer->max_fails + && now - peer->checked <= peer->fail_timeout) +diff --git a/src/http/ngx_http_upstream_round_robin.h b/src/http/ngx_http_upstream_round_robin.h +index 9db82a6..6e19a65 100644 +--- a/src/http/ngx_http_upstream_round_robin.h ++++ b/src/http/ngx_http_upstream_round_robin.h +@@ -31,6 +31,10 @@ typedef struct { + ngx_uint_t max_fails; + time_t fail_timeout; + ++#if (NGX_HTTP_UPSTREAM_CHECK) ++ ngx_uint_t check_index; ++#endif ++ + ngx_uint_t down; /* unsigned down:1; */ + + #if (NGX_HTTP_SSL)
[-] [+]	Added	openssl-rc4tilt.patch ^
@@ -0,0 +1,17 @@ +Nur in openssl-1.0.1j-norc4: openssl__disable_rc4.patch. +diff -ru openssl-1.0.1j/ssl/s3_lib.c openssl-1.0.1j-norc4/ssl/s3_lib.c +--- openssl-1.0.1j/ssl/s3_lib.c 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j-norc4/ssl/s3_lib.c 2014-10-23 18:57:16.468131600 +0200 +@@ -3844,6 +3844,11 @@ + (TLS1_get_version(s) < TLS1_2_VERSION)) + continue; + ++ /* Disable RC4 for TLS v1.1+ */ ++ if ((c->algorithm_enc == SSL_RC4) && ++ (TLS1_get_version(s) >= TLS1_1_VERSION)) ++ continue; ++ + ssl_set_cert_masks(cert,c); + mask_k = cert->mask_k; + mask_a = cert->mask_a; +Nur in openssl-1.0.1j-norc4/ssl: s3_lib.c.orig.
[-] [+]	Added	openssl__chacha20_poly1305_draft_and_rfc_ossl102g.patch ^
@@ -0,0 +1,5227 @@ +From d21c75c622eb13a80080ed15fa30474f806a0a0f Mon Sep 17 00:00:00 2001 +From: Vlad Krasnov <vlad@cloudflare.com> +Date: Fri, 12 Feb 2016 18:25:11 -0800 +Subject: [PATCH] Implementation of draft and RFC versions of CHACHA20-POLY1305 + ciphers + +--- + Configure \| 48 +- + Makefile.org \| 4 +- + apps/speed.c \| 30 +- + crypto/chacha20poly1305/Makefile \| 97 +++ + crypto/chacha20poly1305/asm/chacha20_avx.pl \| 408 +++++++++++ + crypto/chacha20poly1305/asm/chacha20_avx2.pl \| 443 ++++++++++++ + crypto/chacha20poly1305/asm/poly1305_avx.pl \| 732 ++++++++++++++++++++ + crypto/chacha20poly1305/asm/poly1305_avx2.pl \| 984 +++++++++++++++++++++++++++ + crypto/chacha20poly1305/asm/poly1305_x64.pl \| 281 ++++++++ + crypto/chacha20poly1305/chacha20.c \| 162 +++++ + crypto/chacha20poly1305/chacha20poly1305.h \| 79 +++ + crypto/chacha20poly1305/chapolytest.c \| 470 +++++++++++++ + crypto/chacha20poly1305/poly1305.c \| 287 ++++++++ + crypto/cryptlib.c \| 10 - + crypto/evp/Makefile \| 7 +- + crypto/evp/e_chacha20poly1305.c \| 435 ++++++++++++ + crypto/evp/evp.h \| 4 + + ssl/s3_lib.c \| 119 ++++ + ssl/ssl.h \| 2 + + ssl/ssl_ciph.c \| 60 +- + ssl/ssl_locl.h \| 2 + + ssl/tls1.h \| 28 + + test/Makefile \| 17 +- + 23 files changed, 4655 insertions(+), 54 deletions(-) + create mode 100644 crypto/chacha20poly1305/Makefile + create mode 100644 crypto/chacha20poly1305/asm/chacha20_avx.pl + create mode 100644 crypto/chacha20poly1305/asm/chacha20_avx2.pl + create mode 100644 crypto/chacha20poly1305/asm/poly1305_avx.pl + create mode 100644 crypto/chacha20poly1305/asm/poly1305_avx2.pl + create mode 100644 crypto/chacha20poly1305/asm/poly1305_x64.pl + create mode 100644 crypto/chacha20poly1305/chacha20.c + create mode 100644 crypto/chacha20poly1305/chacha20poly1305.h + create mode 100644 crypto/chacha20poly1305/chapolytest.c + create mode 100644 crypto/chacha20poly1305/poly1305.c + create mode 100644 crypto/evp/e_chacha20poly1305.c + +diff --git a/Configure b/Configure +index 4a715dc..f3ab6cd 100755 +--- a/Configure ++++ b/Configure +@@ -146,25 +146,25 @@ my $tlib="-lnsl -lsocket"; + my $bits1="THIRTY_TWO_BIT "; + my $bits2="SIXTY_FOUR_BIT "; + +-my $x86_asm="x86cpuid.o:bn-586.o co-586.o x86-mont.o x86-gf2m.o::des-586.o crypt586.o:aes-586.o vpaes-x86.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o:cmll-x86.o:ghash-x86.o:"; ++my $x86_asm="x86cpuid.o:bn-586.o co-586.o x86-mont.o x86-gf2m.o::des-586.o crypt586.o:aes-586.o vpaes-x86.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o:cmll-x86.o:ghash-x86.o::"; + + my $x86_elf_asm="$x86_asm:elf"; + +-my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o:ecp_nistz256.o ecp_nistz256-x86_64.o::aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o::rc4-x86_64.o rc4-md5-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:ghash-x86_64.o aesni-gcm-x86_64.o:"; +-my $ia64_asm="ia64cpuid.o:bn-ia64.o ia64-mont.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::ghash-ia64.o::void"; +-my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o::des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o:aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o::md5-sparcv9.o:sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o::::::camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o:ghash-sparcv9.o::void"; +-my $sparcv8_asm=":sparcv8.o::des_enc-sparc.o fcrypt_b.o:::::::::::::void"; +-my $alpha_asm="alphacpuid.o:bn_asm.o alpha-mont.o::::::sha1-alpha.o:::::::ghash-alpha.o::void"; +-my $mips64_asm=":bn-mips.o mips-mont.o:::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o sha512-mips.o::::::::"; ++my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o:ecp_nistz256.o ecp_nistz256-x86_64.o::aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o::rc4-x86_64.o rc4-md5-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:ghash-x86_64.o aesni-gcm-x86_64.o::chacha20_avx.o chacha20_avx2.o poly1305_x64.o poly1305_avx2.o"; ++my $ia64_asm="ia64cpuid.o:bn-ia64.o ia64-mont.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::ghash-ia64.o:::void"; ++my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o::des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o:aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o::md5-sparcv9.o:sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o::::::camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o:ghash-sparcv9.o:::void"; ++my $sparcv8_asm=":sparcv8.o::des_enc-sparc.o fcrypt_b.o::::::::::::::void"; ++my $alpha_asm="alphacpuid.o:bn_asm.o alpha-mont.o::::::sha1-alpha.o:::::::ghash-alpha.o:::void"; ++my $mips64_asm=":bn-mips.o mips-mont.o:::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o sha512-mips.o:::::::::"; + my $mips32_asm=$mips64_asm; $mips32_asm =~ s/\ssha512\-mips\.o//; +-my $s390x_asm="s390xcap.o s390xcpuid.o:bn-s390x.o s390x-mont.o s390x-gf2m.o:::aes-s390x.o aes-ctr.o aes-xts.o:::sha1-s390x.o sha256-s390x.o sha512-s390x.o::rc4-s390x.o:::::ghash-s390x.o:"; +-my $armv4_asm="armcap.o armv4cpuid.o:bn_asm.o armv4-mont.o armv4-gf2m.o:::aes_cbc.o aes-armv4.o bsaes-armv7.o aesv8-armx.o:::sha1-armv4-large.o sha256-armv4.o sha512-armv4.o:::::::ghash-armv4.o ghashv8-armx.o::void"; +-my $aarch64_asm="armcap.o arm64cpuid.o mem_clr.o::::aes_core.o aes_cbc.o aesv8-armx.o:::sha1-armv8.o sha256-armv8.o sha512-armv8.o:::::::ghashv8-armx.o:"; +-my $parisc11_asm="pariscid.o:bn_asm.o parisc-mont.o:::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::32"; +-my $parisc20_asm="pariscid.o:pa-risc2W.o parisc-mont.o:::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::64"; +-my $ppc64_asm="ppccpuid.o ppccap.o:bn-ppc.o ppc-mont.o ppc64-mont.o:::aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o:::sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o:::::::ghashp8-ppc.o:"; ++my $s390x_asm="s390xcap.o s390xcpuid.o:bn-s390x.o s390x-mont.o s390x-gf2m.o:::aes-s390x.o aes-ctr.o aes-xts.o:::sha1-s390x.o sha256-s390x.o sha512-s390x.o::rc4-s390x.o:::::ghash-s390x.o::"; ++my $armv4_asm="armcap.o armv4cpuid.o:bn_asm.o armv4-mont.o armv4-gf2m.o:::aes_cbc.o aes-armv4.o bsaes-armv7.o aesv8-armx.o:::sha1-armv4-large.o sha256-armv4.o sha512-armv4.o:::::::ghash-armv4.o ghashv8-armx.o:::void"; ++my $aarch64_asm="armcap.o arm64cpuid.o mem_clr.o::::aes_core.o aes_cbc.o aesv8-armx.o:::sha1-armv8.o sha256-armv8.o sha512-armv8.o:::::::ghashv8-armx.o::"; ++my $parisc11_asm="pariscid.o:bn_asm.o parisc-mont.o:::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o:::32"; ++my $parisc20_asm="pariscid.o:pa-risc2W.o parisc-mont.o:::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o:::64"; ++my $ppc64_asm="ppccpuid.o ppccap.o:bn-ppc.o ppc-mont.o ppc64-mont.o:::aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o:::sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o:::::::ghashp8-ppc.o::"; + my $ppc32_asm=$ppc64_asm; +-my $no_asm="::::::::::::::::void"; ++my $no_asm=":::::::::::::::::void"; + + # As for $BSDthreads. Idea is to maintain "collective" set of flags, + # which would cover all BSD flavors. -pthread applies to them all, +@@ -710,6 +710,7 @@ my $idx_wp_obj = $idx++; + my $idx_cmll_obj = $idx++; + my $idx_modes_obj = $idx++; + my $idx_engines_obj = $idx++; ++my $idx_chapoly_obj = $idx++; + my $idx_perlasm_scheme = $idx++; + my $idx_dso_scheme = $idx++; + my $idx_shared_target = $idx++; +@@ -752,6 +753,7 @@ my $bf ="crypto/bf/bf_locl.h"; + my $bn_asm ="bn_asm.o"; + my $des_enc="des_enc.o fcrypt_b.o"; + my $aes_enc="aes_core.o aes_cbc.o"; ++my $chapoly_enc=""; + my $bf_enc ="bf_enc.o"; + my $cast_enc="c_enc.o"; + my $rc4_enc="rc4_enc.o rc4_skey.o"; +@@ -1210,7 +1212,7 @@ $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/\|^[a-zA-Z]:[\\\/] + + print "IsMK1MF=$IsMK1MF\n"; + +-my @fields = split(/\s:\s/,$table{$target} . ":" x 30 , -1); ++my @fields = split(/\s:\s/,$table{$target} . ":" x 31 , -1); + my $cc = $fields[$idx_cc]; + # Allow environment CC to override compiler... + if($ENV{CC}) { +@@ -1239,6 +1241,7 @@ my $wp_obj = $fields[$idx_wp_obj]; + my $cmll_obj = $fields[$idx_cmll_obj]; + my $modes_obj = $fields[$idx_modes_obj]; + my $engines_obj = $fields[$idx_engines_obj]; ++my $chapoly_obj = $fields[$idx_chapoly_obj]; + my $perlasm_scheme = $fields[$idx_perlasm_scheme]; + my $dso_scheme = $fields[$idx_dso_scheme]; + my $shared_target = $fields[$idx_shared_target]; +@@ -1405,7 +1408,7 @@ if ($no_asm) + { + $cpuid_obj=$bn_obj=$ec_obj= + $des_obj=$aes_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj=$cmll_obj= +- $modes_obj=$sha1_obj=$md5_obj=$rmd160_obj=$wp_obj=$engines_obj=""; ++ $modes_obj=$sha1_obj=$md5_obj=$rmd160_obj=$wp_obj=$engines_obj=$chapoly_obj=""; + } + + if (!$no_shared) +@@ -1558,6 +1561,14 @@ $bf_obj=$bf_enc unless ($bf_obj =~ /\.o$/); + $cast_obj=$cast_enc unless ($cast_obj =~ /\.o$/); + $rc4_obj=$rc4_enc unless ($rc4_obj =~ /\.o$/); + $rc5_obj=$rc5_enc unless ($rc5_obj =~ /\.o$/); ++if ($chapoly_obj =~ /\.o$/) ++ { ++ $cflags.=" -DCHAPOLY_x86_64_ASM"; ++ } ++else ++ { ++ $chapoly_obj=$chapoly_enc; ++ } + if ($sha1_obj =~ /\.o$/) + { + # $sha1_obj=$sha1_enc; +@@ -1740,6 +1751,7 @@ while (<IN>) + s/^WP_ASM_OBJ=.$/WP_ASM_OBJ= $wp_obj/; + s/^CMLL_ENC=.$/CMLL_ENC= $cmll_obj/; + s/^MODES_ASM_OBJ.=$/MODES_ASM_OBJ= $modes_obj/; ++ s/^CHAPOLY_ENC=.$/CHAPOLY_ENC= $chapoly_obj/; + s/^ENGINES_ASM_OBJ.=$/ENGINES_ASM_OBJ= $engines_obj/; + s/^PERLASM_SCHEME=.$/PERLASM_SCHEME= $perlasm_scheme/; + s/^PROCESSOR=./PROCESSOR= $processor/; +@@ -1802,6 +1814,7 @@ print "RMD160_OBJ_ASM=$rmd160_obj\n"; + print "CMLL_ENC =$cmll_obj\n"; + print "MODES_OBJ =$modes_obj\n"; + print "ENGINES_OBJ =$engines_obj\n"; ++print "CHAPOLY_ENC =$chapoly_obj\n"; + print "PROCESSOR =$processor\n"; + print "RANLIB =$ranlib\n"; + print "ARFLAGS =$arflags\n"; +@@ -2200,7 +2213,7 @@ sub print_table_entry + my ($cc, $cflags, $unistd, $thread_cflag, $sys_id, $lflags, + $bn_ops, $cpuid_obj, $bn_obj, $ec_obj, $des_obj, $aes_obj, $bf_obj, + $md5_obj, $sha1_obj, $cast_obj, $rc4_obj, $rmd160_obj, +- $rc5_obj, $wp_obj, $cmll_obj, $modes_obj, $engines_obj, ++ $rc5_obj, $wp_obj, $cmll_obj, $modes_obj, $engines_obj, $chapoly_obj, + $perlasm_scheme, $dso_scheme, $shared_target, $shared_cflag, + $shared_ldflag, $shared_extension, $ranlib, $arflags, $multilib)= + split(/\s:\s/,$table{$target} . ":" x 30 , -1); +@@ -2231,6 +2244,7 @@ sub print_table_entry + \$cmll_obj = $cmll_obj + \$modes_obj = $modes_obj + \$engines_obj = $engines_obj ++\$chapoly_obj = $chapoly_obj + \$perlasm_scheme = $perlasm_scheme + \$dso_scheme = $dso_scheme + \$shared_target= $shared_target +diff --git a/Makefile.org b/Makefile.org +index 76fdbdf..6556ef6 100644 +--- a/Makefile.org ++++ b/Makefile.org +@@ -91,6 +91,7 @@ BN_ASM= bn_asm.o + EC_ASM= + DES_ENC= des_enc.o fcrypt_b.o + AES_ENC= aes_core.o aes_cbc.o ++CHAPOLY_ENC= + BF_ENC= bf_enc.o + CAST_ENC= c_enc.o + RC4_ENC= rc4_enc.o +@@ -148,7 +149,7 @@ SDIRS= \ + bn ec rsa dsa ecdsa dh ecdh dso engine \ + buffer bio stack lhash rand err \ + evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ +- cms pqueue ts jpake srp store cmac ++ cms pqueue ts jpake srp store cmac chacha20poly1305 + # keep in mind that the above list is adjusted by ./Configure + # according to no-xxx arguments... + +@@ -234,6 +235,7 @@ BUILDENV= LC_ALL=C PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)'\
	Added	1.12.34.2-x64.tar.gz ^
[-] [+]	Added	_service ^
@@ -0,0 +1,7 @@ +<services> + <service name="download_url"> + <param name="host">nginx.org</param> + <param name="protocol">http</param> + <param name="path">/download/nginx-1.16.1.tar.gz</param> + </service> +<service name="download_url"><param name="host">www.openssl.org</param><param name="protocol">https</param><param name="path">/source/openssl-1.1.1b.tar.gz</param></service></services>
	Added	_service:download_url:nginx-1.16.1.tar.gz ^
	Added	_service:download_url:openssl-1.1.1b.tar.gz ^
[-] [+]	Added	blockips.conf ^
@@ -0,0 +1,718 @@ +### updates are avail. at raw.githubusercontent.com/mariusv/nginx-badbot-blocker/master/blockips.conf + + +deny 178.238.234.1; +deny 76.90.254.19; +deny 85.17.26.68; # spammy comments - Leaseweb +deny 85.17.230.23; # spammy comments - Leaseweb +deny 173.234.11.105; # junk referrers +deny 173.234.31.9; # junk referrers - Ubiquityservers +deny 173.234.38.25; # spammy comments +deny 173.234.153.30; # junk referrers +deny 173.234.153.106; # spammy comments - Ubiquityservers +deny 173.234.175.68; # spammy comments +deny 190.152.223.27; # junk referrers +deny 195.191.54.90; # odd behaviour, Mozilla, doesnt fetch js/css. Ended up doing a POST, prob a spambot +deny 195.229.241.174; # spammy comments - United Arab Emirates +deny 210.212.194.60; # junk referrers + spammy comments +deny 76.91.248.49; # bad bot +deny 1.4.0.0/17; +deny 1.10.16.0/20; +deny 1.116.0.0/14; +deny 5.34.242.0/23; +deny 5.72.0.0/14; +deny 5.134.128.0/19; +deny 14.4.0.0/14; +deny 14.245.0.0/16; +deny 23.235.48.0/20; +deny 27.111.48.0/20; +deny 27.122.32.0/20; +deny 27.126.160.0/20; +deny 31.11.43.0/24; +deny 31.222.200.0/21; +deny 36.0.8.0/21; +deny 36.37.48.0/20; +deny 37.139.49.0/24; +deny 37.148.216.0/21; +deny 37.246.0.0/16; +deny 41.72.64.0/19; +deny 42.0.32.0/19; +deny 42.1.56.0/22; +deny 42.1.128.0/17; +deny 42.52.0.0/14; +deny 42.83.80.0/22; +deny 42.96.0.0/18; +deny 42.123.36.0/22; +deny 42.128.0.0/12; +deny 42.160.0.0/12; +deny 42.194.8.0/22; +deny 42.194.12.0/22; +deny 42.194.128.0/17; +deny 43.229.52.0/22; +deny 43.236.0.0/16; +deny 43.250.64.0/22; +deny 43.250.116.0/22; +deny 43.252.80.0/22; +deny 43.252.152.0/22; +deny 43.252.180.0/22; +deny 43.255.188.0/22; +deny 45.64.88.0/22; +deny 45.117.208.0/22; +deny 45.121.144.0/22; +deny 46.29.248.0/22; +deny 46.29.248.0/21; +deny 46.148.112.0/20; +deny 46.151.48.0/21; +deny 46.232.192.0/21; +deny 46.243.140.0/24; +deny 46.243.142.0/24; +deny 49.8.0.0/14; +deny 49.128.104.0/22; +deny 58.87.64.0/18; +deny 59.254.0.0/15; +deny 60.233.0.0/16; +deny 61.11.224.0/19; +deny 61.13.128.0/17; +deny 61.45.251.0/24; +deny 62.182.152.0/21; +deny 64.234.224.0/20; +deny 66.231.64.0/20; +deny 67.213.128.0/20; +deny 67.218.208.0/20; +deny 72.13.16.0/20; +deny 78.31.184.0/21; +deny 78.31.211.0/24; +deny 79.173.104.0/21; +deny 80.76.8.0/21; +deny 81.22.152.0/23; +deny 83.175.0.0/18; +deny 85.121.39.0/24; +deny 86.55.40.0/23; +deny 86.55.42.0/23; +deny 88.135.16.0/20; +deny 91.194.254.0/23; +deny 91.195.254.0/23; +deny 91.198.127.0/24; +deny 91.200.248.0/22; +deny 91.203.20.0/22; +deny 91.207.4.0/22; +deny 91.209.12.0/24; +deny 91.212.104.0/24; +deny 91.212.198.0/24; +deny 91.212.201.0/24; +deny 91.212.220.0/24; +deny 91.213.126.0/24; +deny 91.213.172.0/24; +deny 91.216.3.0/24; +deny 91.217.10.0/23; +deny 91.220.35.0/24; +deny 91.220.62.0/24; +deny 91.220.163.0/24; +deny 91.223.89.0/24; +deny 91.226.97.0/24; +deny 91.229.210.0/24; +deny 91.230.110.0/24; +deny 91.230.252.0/23; +deny 91.234.36.0/24; +deny 91.235.2.0/24; +deny 91.236.74.0/23; +deny 91.236.120.0/24; +deny 91.237.198.0/24; +deny 91.238.82.0/24; +deny 91.239.24.0/24; +deny 91.239.238.0/24; +deny 91.240.163.0/24; +deny 91.240.165.0/24; +deny 91.242.217.0/24; +deny 91.243.115.0/24; +deny 93.175.240.0/20; +deny 94.26.112.0/20; +deny 94.154.128.0/18; +deny 95.216.0.0/15; +deny 101.192.0.0/14; +deny 101.199.0.0/16; +deny 101.202.0.0/16; +deny 101.203.128.0/19; +deny 101.248.0.0/15; +deny 101.252.0.0/15; +deny 103.2.44.0/22; +deny 103.10.68.0/22; +deny 103.12.216.0/22; +deny 103.16.76.0/24; +deny 103.20.36.0/22; +deny 103.23.8.0/22; +deny 103.36.64.0/22; +deny 103.41.124.0/22; +deny 103.41.180.0/22; +deny 103.42.115.0/24; +deny 103.55.28.0/22; +deny 103.57.248.0/22; +deny 103.61.4.0/22; +deny 103.228.60.0/22; +deny 103.229.36.0/22; +deny 103.230.144.0/22; +deny 103.231.84.0/22; +deny 103.232.136.0/22; +deny 103.232.172.0/22; +deny 103.236.32.0/22; +deny 103.242.184.0/22; +deny 104.143.112.0/20; +deny 104.255.136.0/21; +deny 106.96.0.0/14; +deny 108.166.224.0/19; +deny 109.94.208.0/20; +deny 110.44.128.0/20; +deny 110.232.160.0/20; +deny 113.20.160.0/19; +deny 114.8.0.0/16; +deny 115.85.133.0/24; +deny 116.78.0.0/15; +deny 116.128.0.0/10; +deny 116.144.0.0/15; +deny 116.146.0.0/15; +deny 117.100.0.0/15; +deny 118.177.0.0/16; +deny 118.185.0.0/16; +deny 119.232.0.0/16; +deny 120.48.0.0/15; +deny 120.92.0.0/17; +deny 120.92.128.0/18; +deny 120.92.192.0/19; +deny 120.92.224.0/20; +deny 121.100.128.0/18; +deny 122.129.0.0/18; +deny 122.202.96.0/19; +deny 123.136.80.0/20; +deny 124.68.0.0/15; +deny 124.70.0.0/15; +deny 124.157.0.0/18; +deny 124.242.0.0/16; +deny 124.245.0.0/16; +deny 125.31.192.0/18; +deny 125.58.0.0/18; +deny 125.169.0.0/16; +deny 128.13.0.0/16; +deny 128.168.0.0/16; +deny 128.191.0.0/16; +deny 129.47.0.0/16; +deny 129.76.64.0/18; +deny 130.148.0.0/16;
[-] [+]	Added	changelog ^
@@ -0,0 +1,131 @@ +* Sun Mar 05 2016 Juergen Gotteswinter <jg@internetx.com> - 1.9.12-1 +- 1.9.12 bump +- enabled http splice module + +* Tue Dec 08 2015 Juergen Gotteswinter <jg@internetx.com> - 1.9.7-1 +- version bump 1.9.7 +- enabled http2 +- enabled thread pool support + +* Wed May 12 2015 Juergen Gotteswinter <jg@internetx.com> - 1.9.1-1 +- Version Bump 1.9.1 Codename Putin + +* Wed May 12 2015 Juergen Gotteswinter <jg@internetx.com> - 1.9.0-1 +- moved on to the current stable mainline tree 1.9.x +- enabled stream module (appeared in 1.9.0) - simple tcp proxy feature + +* Wed Mar 25 2015 Juergen Gotteswinter <jg@internetx.com> - 1.7.11-1 +- pushed bundled openssl to latest 1.0.2 +- enabled thread pool support (appeared in 1.7.11) +- updated rtmp module to latest git (previous version does not build with +- 1.7.11) + +* Thu Dec 31 2014 Juergen Gotteswinter <jg@internetx.com> - 1.7.9-2 +- added nginx pagespeed module - rhel/centos 7.x only +- added nginx pagespeed sample config +- enabled complete mainline module tree, except mail* support + +* Thu Dec 31 2014 Juergen Gotteswinter <jg@internetx.com> - 1.7.9-1 +- bumped to 1.7.9 +- fixed check upstream module + patch +- 2014 byebye version bump + +* Thu Dec 02 2014 Juergen Gotteswinter <jg@internetx.com> - 1.7.8-1 +- bumped to 1.7.8 + +* Thu Nov 13 2014 Juergen Gotteswinter <jg@internetx.com> - 1.7.7-1 +- bumped to 1.7.7 + +* Thu Oct 23 2014 Juergen Gotteswinter <jg@internetx.com> - 1.7.6-1 +- added openssl source - nginx got built static against current vanilla +* openssl +- enabled additional mainline modules +- added patch to get rid of rc4 +- bumped to 1.7.6 + +* Fri Jun 28 2014 Juergen Gotteswinter <jg@internetx.com> - 1.7.3-1 +- bump to 1.7.3 + +* Fri Apr 26 2014 Juergen Gotteswinter <jg@internetx.com> - 1.6.0-2 +- added nginx-statsd module + +* Fri Apr 26 2014 Juergen Gotteswinter <jg@internetx.com> - 1.6.0-1 +- pushed to new stable branch 1.6 + +* Fri Apr 12 2014 Juergen Gotteswinter <jg@internetx.com> - 1.4.7-2 +- added patch to log heartbleed attacks + +* Tue Apr 03 2014 Juergen Gotteswinter <jg@internetx.com> - 1.4.7-1 +- bump to 1.4.7 + +* Wed Nov 20 2013 Juergen Gotteswinter <jg@internetx.com> - 1.4.4-1 +- https://bugzilla.redhat.com/show_bug.cgi?id=1032266 + +* Tue Oct 08 2013 Carsten Schoene <cs@linux-administrator.com> - 1.4.3-1 +- update nginx to 1.4.3 +- update rtmp module to 1.0.5 + +* Sun Aug 04 2013 Carsten Schoene <cs@linux-administrator.com> - 1.4.2-2 +- update rtmp module to 1.0.2 + +* Wed Jul 17 2013 Carsten Schoene <cs@linux-administrator.com> - 1.4.2-1 +- update nginx to 1.4.2 + +* Sat Jun 29 2013 Carsten Schoene <cs@linux-administrator.com> - 1.4.1-4 +- update rtmp module to 1.0.1 + +* Sat May 25 2013 Carsten Schoene <cs@linux-administrator.com> - 1.4.1-3 +- update rtmp module to 0.9.20 + +* Mon May 13 2013 Carsten Schoene <cs@linux-administrator.com> - 1.4.1-2 +- update rtmp module to 0.9.19 + +* Fri May 10 2013 Juergen Gotteswinter <jg@internetx.de> - 1.4.1-1 +- version bump to latest stable 1.4.1 + +* Fri Apr 26 2013 Carsten Schoene <cs@linux-administrator.com> - 1.2.7-2 +- update rtmp module to 0.9.18 + +* Sun Apr 14 2013 Carsten Schoene <cs@linux-administrator.com> - 1.2.7-4 +- update nginx to 1.2.7 +- update rtmp module to 0.9.14 + +* Mon Mar 04 2013 Carsten Schoene <cs@linux-administrator.com> - 1.2.7-3 +- update rtmp module to 0.9.11 + +* Thu Feb 28 2013 Carsten Schoene <cs@linux-administrator.com> - 1.2.7-2 +- update rtmp module to 0.9.8 + +* Tue Feb 12 2013 Carsten Schoene <cs@linux-administrator.com> - 1.2.7-1 +- update nginx to 1.2.7 +- update rtmp module to 0.9.7 + +* Fri Jan 25 2013 Carsten Schoene <cs@linux-administrator.com> - 1.2.6-4 +- update rtmp module to 0.9.1 + +* Wed Jan 16 2013 Carsten Schoene <cs@linux-administrator.com> - 1.2.6-3 +- update rtmp module to 0.9.0 + +* Sat Jan 12 2013 Carsten Schoene <cs@linux-administrator.com> - 1.2.6-2 +- added rtmp 0.8.7 module + +* Tue Dec 11 2012 Carsten Schoene <cs@linux-administrator.com> - 1.2.6-1 +- update to release 1.2.6 + +* Tue Nov 13 2012 Carsten Schoene <cs@linux-administrator.com> - 1.2.5-1 +- update to release 1.2.5 + +* Mon Oct 04 2010 Juergen Gotteswinter <jg at internetx.de> 0.8.52-1 +- update to latest stable branch + +* Wed Nov 17 2009 Juergen Gotteswinter <jg at internetx.de> 0.7.64-1 + +- version bump to 0.7.64 + + +* Wed Oct 28 2009 Juergen Gotteswinter <jg at internetx.de> 0.7.63-1 + +- version bump to 0.7.63 + +* Fri Oct 23 2009 Juergen Gotteswinter <jg at internetx.de> 0.7.62-3 +- included nginx-socket-patch for unix socket support \ No newline at end of file
[-] [+]	Added	magento-sample.conf-disabled ^
@@ -0,0 +1,113 @@ +server { + include /etc/nginx/port.conf; + server_name example.com; + return 301 $scheme://www.example.com$request_uri; +} + +server { + include /etc/nginx/port.conf; + #listen 443 ssl; + server_name www.example.com; ## Domain is here + root /var/www/html; + access_log /var/log/nginx/access_www.example.com.log main; + + if ($http_user_agent = "") { return 444;} + + #################################################################################### + ## SSL CONFIGURATION + + #ssl_certificate /etc/ssl/certs/www_server_com.chained.crt; + #ssl_certificate_key /etc/ssl/certs/server.key; + + #################################################################################### + ## Server maintenance block. insert dev ip 1.2.3.4 static address www.whatismyip.com + + #if ($remote_addr !~ "^(1.2.3.4\|1.2.3.4)$") { + #return 503; + #} + + #error_page 503 @maintenance; + #location @maintenance { + #rewrite ^(.)$ /error_page/503.html break; + #internal; + #access_log off; + #log_not_found off; + #} + + #################################################################################### + ## 403 error log/page + + #error_page 403 /403.html; + #location = /403.html { + #root /var/www/html/error_page; + #internal; + #access_log /var/log/nginx/403.log error403; + #} + + #################################################################################### + ## Main Magento location + + location / { + try_files $uri $uri/ @handler; + } + + #################################################################################### + ## These locations would be hidden by .htaccess normally, protected + + location ~ (/(app/\|includes/\|pkginfo/\|var/\|errors/local.xml)\|/\.) { + deny all; + } + + #################################################################################### + ## Protecting /admin/ and /downloader/ 1.2.3.4 = static ip (www.whatismyip.com) + + #location /downloader/ { + #allow 1.2.3.4; allow 1.2.3.4; deny all; + #rewrite ^/downloader/(.)$ /downloader/index.php$1; + #} + #location /admin { + #allow 1.2.3.4; allow 1.2.3.4; deny all; + #rewrite / /@handler; + #} + + #################################################################################### + ## Images, scripts and styles set far future Expires header + + location ~* \.(js\|css\|png\|jpg\|jpeg\|gif\|ico)$ { + open_file_cache max=10000 inactive=8h; + open_file_cache_valid 1h; + open_file_cache_min_uses 2; + open_file_cache_errors off; + expires max; + log_not_found off; + access_log off; + } + + #################################################################################### + ## Main Magento location + + location @handler { + rewrite / /index.php?$args; + } + + location ~ .php/ { ## Forward paths like /js/index.php/x.js to relevant handler + rewrite ^(.*.php)/ $1 last; + } + + #################################################################################### + ## Execute PHP scripts + + location ~ .php$ { + add_header X-UA-Compatible 'IE=Edge,chrome=1'; + add_header X-Time-Spent $request_time; + try_files $uri $uri/ =404; + fastcgi_pass 127.0.0.1:9000; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + ## Store code with multi domain + #fastcgi_param MAGE_RUN_CODE $storecode; + ## Default Store code + fastcgi_param MAGE_RUN_CODE default; + fastcgi_param MAGE_RUN_TYPE store; ## or website; + include fastcgi_params; ## See /etc/nginx/fastcgi_params + } + }
	Added	naxsi-git.tar.gz ^
	Added	nginx-ajp-module-0.3.tar.gz ^
	Added	nginx-auth-ldap.tar.gz ^
	Added	nginx-munin.tar.gz ^
	Added	nginx-rtmp-module-1.1.15.tar.gz ^
[-] [+]	Added	nginx-statsd.conf-sample ^
@@ -0,0 +1,39 @@ +http { + + # Set the server that you want to send stats to. + statsd_server your.statsd.server.com; + + # Randomly sample 10% of requests so that you do not overwhelm your statsd server. + # Defaults to sending all statsd (100%). + statsd_sample_rate 10; # 10% of requests + + + server { + listen 80; + server_name www.your.domain.com; + + # Increment "your_product.requests" by 1 whenever any request hits this server. + statsd_count "your_product.requests" 1; + + location / { + + # Increment the key by 1 when this location is hit. + statsd_count "your_product.pages.index_requests" 1; + + # Increment the key by 1, but only if $request_completion is set to something. + statsd_count "your_product.pages.index_responses" 1 "$request_completion"; + + # Send a timing to "your_product.pages.index_response_time" equal to the value + # returned from the upstream server. If this value evaluates to 0 or empty-string, + # it will not be sent. Thus, there is no need to add a test. + statsd_timing "your_product.pages.index_response_time" "$upstream_response_time"; + + # Increment a key based on the value of a custom header. Only sends the value if + # the custom header exists in the upstream response. + statsd_count "your_product.custom_$upstream_http_x_some_custom_header" 1 + "$upstream_http_x_some_custom_header"; + + proxy_pass http://some.other.domain.com; + } + } +} \ No newline at end of file
	Added	nginx-statsd.tar.gz ^
	Added	ngx_cache_purge-2.3.tar.gz ^
	Added	ngx_cache_purge.tar.gz ^
	Added	ngx_pagespeed-latest-testing.zip ^
	Added	ngx_pagespeed-latest-testing.zip.old ^
[-] [+]	Added	pagespeed.conf ^
@@ -0,0 +1,53 @@ +pagespeed off; + + +# Configuring PageSpeed Filters +pagespeed RewriteLevel PassThrough; + +# Needs to exist and be writable by nginx. Use tmpfs for best performance. +pagespeed MemcachedServers "127.0.0.1:11211"; +pagespeed FileCachePath /var/ngx_pagespeed_cache; + +# PageSpeed Admin +pagespeed StatisticsPath /ngx_pagespeed_statistics; +pagespeed GlobalStatisticsPath /ngx_pagespeed_global_statistics; +pagespeed MessagesPath /ngx_pagespeed_message; +pagespeed ConsolePath /pagespeed_console; +pagespeed AdminPath /pagespeed_admin; +pagespeed GlobalAdminPath /pagespeed_global_admin; + +# PageSpeed Cache Purge +pagespeed EnableCachePurge on; +pagespeed PurgeMethod PURGE; + + +# Ensure requests for pagespeed optimized resources go to the pagespeed handler +# and no extraneous headers get set. +location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" { + add_header "" ""; +} + + +# HTTPS Support +# pagespeed FetchHttps enable; + +# PageSpeed Filters +# CSS Minification +# pagespeed EnableFilters combine_css,rewrite_css; + +# JS Minification +# pagespeed EnableFilters combine_javascript,rewrite_javascript; + +# Images Optimization +#pagespeed EnableFilters lazyload_images; +#pagespeed EnableFilters rewrite_images; +#pagespeed EnableFilters convert_jpeg_to_progressive,convert_png_to_jpeg,convert_jpeg_to_webp,convert_to_webp_lossless; + +# Remove comments from HTML +#pagespeed EnableFilters remove_comments; +# Remove WHITESPACE from HTML +#pagespeed EnableFilters collapse_whitespace; + + +# CDN Support +#pagespeed MapRewriteDomain cdn.example.com www.example.com; \ No newline at end of file
	Added	release-1.11.33.2-beta.zip ^
[-] [+]	Added	ssl-ciphersample ^
@@ -0,0 +1,3 @@ +ssl_protocols TLSv1 TLSv1.1 TLSv1.2; +ssl_ciphers EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:EECDH+RC4:RSA+RC4:!MD5; +ssl_prefer_server_ciphers on;
	Added	v1.10.33.6-beta.zip ^