[Pkg-nginx-maintainers] Bug#844473: Update nginx module nchan to 1.0.6

Tue Nov 29 00:36:00 UTC 2016

The latest version of Nchan is now 1.0.8. I've updated the debian build,
you can pull it from https://github.com/slact/nginx-deb

Changes since 1.0.6:

1.0.8 (Nov. 28 2016)
 fix: possible crash under severely heavy load, introduced in 1.0.7 with
stack-overflow fix
1.0.7 (Nov. 27 2016)
 fix: memory leak after websocket publisher uncleanly aborts connection
 fix: misbehaving websocket publisher with nchan_publisher_upstream_request
 fix: potential stack overflow with very large message buffers
 fix: invalid memory access with empty nchan_publisher_upstream_request
for websocket publisher
 fix: incorrect handling of chunked response from
nchan_publisher_upstream_request
 fix: publishing through websocket too fast may result in buffered
messages that never arrive
 fix: DELETE to multiplexed channel should delete all listed channels
 fix: abort if publishing to multiple channels while using redis

junk at slact.net:
> Package: nginx
> Version: 1.10.2-2
> 
> I'm the author of Nchan and I've released a new version with some
> important bugfixes, security fixes, and new features. It would be nice
> if the Nginx package could be updated to the latest version, 1.0.6
> 
> https://nchan.slact.net/changelog
> 
> Changes since 1.0.2 (current version in the Debian package):
> 
> 1.0.6 (Nov. 15 2016)
>  fix: large messages were sometimes incorrectly cleaned up, leaving
> behind temp files
>  fix: file descriptor leak when listening on a unix socket and suddenly
> aborting client connections
>  fix: invalid memory access after reloading twice with redis enabled
>  fix: crash after shutting down nginx when 'master_process' set to 'off'
>  change: nchan_max_channel_subscribers now always refers to subscribers
> on this instance of Nchan, even when using Redis.
>  feature: subscribe/unsubscribe callbacks with nchan_subscribe_request
> and nchan_unsubscribe_request
> 1.0.4 (Oct. 28 2016)
>  security: fix crash when receiving large messages over websocket with
> ws+nchan subprotocol
> 1.0.3 (Sept. 3 2016)
>  feature: nchan_message_timeout and nchan_message_buffer_length can now
> use nginx variables for dynamic values
>  fix: unsolicited websocket PONGs disconnected the subscriber in
> violation of RFC6455
>  fix: possible script error when getting channel from Redis
>  fix: possible incorrect message IDs when using Redis (thanks @supertong)
>  security: possible invalid memory access on publisher GET, POST, or
> DELETE when using Redis and the publisher connection is terminated
> before receiving a response
>  fix: correct publisher response code when nchan_authorize_request is
> unavailable (502 instead of 500)
>  security: crash if publisher POSTs request with no Content-Length
> header when using nchan_authorize_request
> 
> https://nchan.slact.net/
> 
> Thanks,
>    Leo P.
> 