Client address specified in the PROXY protocol header is now saved in the $proxy_protocol_addr variable and can be used in the realip module. This is currently not implemented for mail.
Additionally, make sure to check for errors from ngx_http_parse_header_line() call after joining saved parts. There shouldn't be any errors, though check may help to catch bugs like missing f->split_parts reset. Reported by Lucas Molas.
Previously r->header_size was used to store length for a part of value that represents an individual already parsed HTTP header, while r->header_end pointed to the end of the whole value. Instead of storing length of a following name or value as pointer to a potential end address (r->header_name_end and r->header_end) that might be overflowed, now r->lowercase_index counter is used to store remaining length of a following unparsed field. It also fixes incorrect $body_bytes_sent value if a request is closed while parsing of the request header. Since r->header_size is intended for counting header size, thus abusing it for header parsing purpose was certainly a bad idea.
If something like "error_page 400 @name" is used in a configuration, a request could be passed to a named location without URI set, and this in turn might result in segmentation faults or other bad effects as most of the code assumes URI is set. With this change nginx will catch such configuration problems in ngx_http_named_location() and will stop request processing if URI is not set, returning 500.