configure | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 make sure signature stays the same in all nginx builds

NGX_HTTP_HEADERS is part of nginx signature. When a dyn
modules is loaded the signature of the module is compared
to the one of the nginx binary.

dyn modules are build from nginx-full, so in order to make
them loadable in other flavors we need to make sure all the
binaries share the same signature.

src/os/unix/ngx_posix_config.h | 5 4 + 1 - 0 !
1 file changed, 4 insertions(+), 1 deletion(-)

 use _gnu_source on gnu/kfreebsd

Define _GNU_SOURCE not only on GNU/Hurd, but also other glibc-based
platforms including GNU/kFreeBSD.

src/http/ngx_http_special_response.c | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 [patch] discard request body when redirecting to a url via
 error_page.

Reported by Bert JW Regeer and Francisco Oca Gonzalez.

src/core/ngx_resolver.c | 8 4 + 4 - 0 !
1 file changed, 4 insertions(+), 4 deletions(-)

 resolver: fixed off-by-one write in ngx_resolver_copy().

src/mail/ngx_mail.h | 3 3 + 0 - 0 !
src/mail/ngx_mail_core_module.c | 10 10 + 0 - 0 !
src/mail/ngx_mail_handler.c | 15 14 + 1 - 0 !
3 files changed, 27 insertions(+), 1 deletion(-)

 patch mitigation for cve-2021-3618
 Mail: max_errors directive.
 .
 Similarly to smtpd_hard_error_limit in Postfix and smtp_max_unknown_commands
 in Exim, specifies the number of errors after which the connection is closed.

src/http/modules/ngx_http_mp4_module.c | 147 147 + 0 - 0 !
1 file changed, 147 insertions(+)

 [patch] mp4: disabled duplicate atoms.

Most atoms should not appear more than once in a container.  Previously,
this was not enforced by the module, which could result in worker process
crash, memory corruption and disclosure.