lp://qastaging/~titusx/nginx/mainline

Branch merges

This import branch has no branches proposed for merge into it.

No branches dependent on this one.

Related source package recipes

1 recipe using this branch. (?)

Related snap packages

Related bugs

Related blueprints

7485. By willmafh <email address hidden> on 2025-09-18

Fixed inaccurate index directive error report.

7484. By Sergey Kandaurov <email address hidden> on 2025-09-15

Updated link to xslscript.

7483. By Sergey Kandaurov <email address hidden> on 2025-09-12

QUIC: fixed ssl_reject_handshake error handling.

This was broken in 7468a10b6 (1.29.0), resulting in a missing diagnostics
and SSL error queue not cleared for SSL handshakes rejected by SNI, seen
as "ignoring stale global SSL error" alerts, for instance, when doing SSL
shutdown of a long standing connection after rejecting another one by SNI.

The fix is to move the qc->error check after c->ssl->handshake_rejected is
handled first, to make the error queue cleared. Although not practicably
visible as needed, this is accompanied by clearing the error queue under
the qc->error case as well, to be on the safe side.

As an implementation note, due to the way of handling invalid transport
parameters for OpenSSL 3.5 and above, which leaves a passed pointer not
advanced on error, SSL_get_error() may return either SSL_ERROR_WANT_READ
or SSL_ERROR_WANT_WRITE depending on a library. To cope with that, both
qc->error and c->ssl->handshake_rejected checks were moved out of
"sslerr != SSL_ERROR_WANT_READ".

Also, this reconstructs a missing "SSL_do_handshake() failed" diagnostics
for the qc->error case, replacing using ngx_ssl_connection_error() with
ngx_connection_error(). It is made this way to avoid logging at the crit
log level because qc->error set is expected to have an empty error queue.

Reported and tested by Vladimir Homutov.

7482. By Mohamed Karrab <email address hidden> on 2025-08-19

Removed legacy charset directive from default config example.

The example configuration previously specified 'charset koi8-r',
which is a legacy Cyrillic encoding. As koi8-r is rarely used today
and modern browsers handle UTF-8 by default, specifying the charset
explicitly is unnecessary. Removing the directive keeps the example
configuration concise and aligned with current best practices.

7481. By Sergey Kandaurov <email address hidden> on 2025-08-13

Added a previously missed changes entry in 1.29.1 relnotes.

7480. By Sergey Kandaurov <email address hidden> on 2025-08-13

Version bump.

7479. By Sergey Kandaurov <email address hidden> on 2025-08-13

nginx-1.29.1-RELEASE

7478. By Sergey Kandaurov <email address hidden> on 2025-08-13

Updated OpenSSL used for win32 builds.

7477. By Sergey Kandaurov <email address hidden> on 2025-08-13

Mail: logging upstream to the error log with "smtp_auth none;".

Previously, it was never logged because of missing login.

7476. By Sergey Kandaurov <email address hidden> on 2025-08-13

Mail: reset stale auth credentials with "smtp_auth none;".

They might be reused in a session if an SMTP client proceeded
unauthenticated after previous invalid authentication attempts.
This could confuse an authentication server when passing stale
credentials along with "Auth-Method: none".

The condition to send the "Auth-Salt" header is similarly refined.