Changes - j0ke.net Open Build Service

Difference Between Revision 31 and home:kries / proceed-nginx

[-] [+]	Deleted	nginx.changes
@@ -1,28 +0,0 @@ -------------------------------------------------------------------- -Wed Dec 28 20:00:08 UTC 2016 - cs@linux-administrator.com - -- update to nginx 1.11.8 - -------------------------------------------------------------------- -Wed Dec 14 11:07:19 UTC 2016 - cs@linux-administrator.com - -- update to nginx 1.11.7 - -------------------------------------------------------------------- -Mon Nov 28 07:21:41 UTC 2016 - cs@linux-administrator.com - -- update to nginx 1.11.6 -- update nginx rtmp module to 1.1.10 - -------------------------------------------------------------------- -Wed Oct 12 21:29:31 UTC 2016 - cs@linux-administrator.com - -- update to nginx 1.11.5 - -------------------------------------------------------------------- -Wed Sep 28 18:04:31 UTC 2016 - cs@linux-administrator.com - -- update to nginx 1.11.4 -- update openssl to 1.0.2j -- update nginx rtmp module to 1.1.9 -
[-] [+]	Changed	nginx.spec ^
@@ -8,22 +8,21 @@ %define nginx_webroot %{nginx_datadir}/html %define rtmp_ext nginx-rtmp-module -%define rtmp_ext_version 1.1.15 +%define rtmp_ext_version 1.2.1 %define rtmp %{rtmp_ext}-%{rtmp_ext_version} %define rtmp_nover %{rtmp_ext} %define with_rtmp_ext 0 -%define nps_version 1.13.35.1-beta -%define psol_version 1.13.35.1-x64 +%define nps_version 1.13.35.2-stable +%define psol_version 1.13.35.2-x64 %define slowfs_version 1.5 -#%define waf_version 2.8.0 -%define openssl_version 1.1.0g +%define openssl_version 1.1.1h %define ngxpurge_version 2.3 %define with_ldap_auth 0 Name: nginx -Version: 1.13.7 +Version: 1.18.0 Release: 1 Summary: Robust, small and high performance http and reverse proxy server Group: System Environment/Daemons @@ -81,9 +80,9 @@ Source14: ngx_pagespeed-%{nps_version}.zip Source15: %{psol_version}.tar.gz Source16: ngx_cache_purge-%{ngxpurge_version}.tar.gz -Source17: naxsi-0.55.3.tar.gz -Source18: changelog +Source17: naxsi-0.56.tar.gz Source19: nginx-auth-ldap.tar.gz +Source20: ngx_http_substitutions_filter_module-master.zip Source100: index.html Source101: poweredby.png @@ -96,9 +95,6 @@ Patch0: nginx-auto-cc-gcc.patch Patch1: nginx-conf-0.7.x.patch -#Patch2: check_1.7.5+.patch -Patch3: openssl-rc4tilt.patch -#Patch4: openssl__chacha20_poly1305_draft_and_rfc_ossl102g.patch %description Nginx [engine x] is an HTTP(S) server, HTTP(S) reverse proxy and IMAP/POP3 @@ -111,7 +107,6 @@ %patch0 -p0 %patch1 -p0 -#%patch2 -p1 %{__tar} zxvf %{SOURCE5} %{__tar} zxvf %{SOURCE9} %{__tar} zxvf %{SOURCE10} @@ -121,28 +116,24 @@ %{__tar} zxvf %{SOURCE16} %{__tar} zxvf %{SOURCE17} %{__tar} zxvf %{SOURCE19} +%{__unzip} -o %{SOURCE20} cd openssl-%{openssl_version} -#%patch4 -p1 ./config -%if 0%{?rhel_version} == 700 \|\| 0%{?centos_version} == 700 - cd %{_builddir}/nginx-%{version}/ %{__unzip} -o %{SOURCE14} if [ $? -ne 0 ]; then exit $? fi -cd ngx_pagespeed-%{nps_version} +cd incubator-pagespeed-ngx-%{nps_version} %{__tar} xzf %{SOURCE15} if [ $? -ne 0 ]; then exit $? fi chmod -Rf a+rX,u+w,g-w,o-w . -%endif - %build export DESTDIR=%{buildroot} @@ -191,25 +182,20 @@ --with-http_slice_module \ --with-stream_ssl_preread_module \ --with-http_sub_module \ + --add-module=%{_builddir}/nginx-%{version}/ngx_http_substitutions_filter_module-master \ %if 0%{?with_ldap_auth} == 1 --add-module=%{_builddir}/nginx-%{version}/nginx-auth-ldap \ %endif - --add-module=%{_builddir}/nginx-%{version}/naxsi-0.55.3/naxsi_src \ -%if 0%{?rhel_version} == 700 \|\| 0%{?centos_version} == 700 + --add-module=%{_builddir}/nginx-%{version}/naxsi-0.56/naxsi_src \ --with-ld-opt="-Wl,-z,relro,-z,now -Wl,-rpath -Wl,-Bsymbolic-functions -Wl,--as-needed -fPIE" \ --with-cc-opt="-g -Ofast -march=native -ffast-math -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2" \ -%endif --with-openssl=%{_builddir}/nginx-%{version}/openssl-%{openssl_version} \ -%if 0%{?rhel_version} == 700 \|\| 0%{?centos_version} == 700 --with-openssl-opt=enable-ec_nistp_64_gcc_128 \ -%endif --with-file-aio \ --add-module=%{_builddir}/nginx-%{version}/Nginx-limit-traffic-rate-module \ --add-module=%{_builddir}/nginx-%{version}/ngx_cache_purge-2.3 \ -%if 0%{?rhel_version} == 700 \|\| 0%{?centos_version} == 700 - --add-module=%{_builddir}/nginx-%{version}/ngx_pagespeed-%{nps_version} \ + --add-module=%{_builddir}/nginx-%{version}/incubator-pagespeed-ngx-%{nps_version} \ --with-threads \ -%endif %if 0%{with_rtmp_ext} --add-module=%{_builddir}/nginx-%{version}/%{rtmp} \ %endif
[-] [+]	Deleted	2bc1dac6fb3ed263529decb211ec784824132bf4.patch ^
@@ -1,38 +0,0 @@ -From 2bc1dac6fb3ed263529decb211ec784824132bf4 Mon Sep 17 00:00:00 2001 -From: Chris Lea <chris.lea@gmail.com> -Date: Tue, 15 Nov 2016 22:26:35 -0800 -Subject: [PATCH] default_port was removed in 1.11.6. - ---- - ngx_http_upstream_fair_module.c \| 9 ++++++++- - 1 file changed, 8 insertions(+), 1 deletion(-) - -diff --git a/ngx_http_upstream_fair_module.c b/ngx_http_upstream_fair_module.c -index a4419ca..66144e9 100644 ---- a/ngx_http_upstream_fair_module.c -+++ b/ngx_http_upstream_fair_module.c -@@ -540,7 +540,11 @@ ngx_http_upstream_init_fair_rr(ngx_conf_t cf, ngx_http_upstream_srv_conf_t us) - - /* an upstream implicitly defined by proxy_pass, etc. / - -+#if nginx_version < 1011006 - if (us->port == 0 && us->default_port == 0) { -+#else -+ if (us->port == 0) { -+#endif - ngx_log_error(NGX_LOG_EMERG, cf->log, 0, - "no port in upstream \"%V\" in %s:%ui", - &us->host, us->file_name, us->line); -@@ -550,8 +554,11 @@ ngx_http_upstream_init_fair_rr(ngx_conf_t cf, ngx_http_upstream_srv_conf_t *us) - ngx_memzero(&u, sizeof(ngx_url_t)); - - u.host = us->host; -+#if nginx_version < 1011006 - u.port = (in_port_t) (us->port ? us->port : us->default_port); -- -+#else -+ u.port = (in_port_t) us->port; -+#endif - if (ngx_inet_resolve_host(cf->pool, &u) != NGX_OK) { - if (u.err) { - ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
[-] [+]	Deleted	check_1.7.5+.patch ^
@@ -1,195 +0,0 @@ -diff --git a/src/http/modules/ngx_http_upstream_ip_hash_module.c b/src/http/modules/ngx_http_upstream_ip_hash_module.c -index 148d73a..913e395 100644 ---- a/src/http/modules/ngx_http_upstream_ip_hash_module.c -+++ b/src/http/modules/ngx_http_upstream_ip_hash_module.c -@@ -9,6 +9,9 @@ - #include <ngx_core.h> - #include <ngx_http.h> - -+#if (NGX_HTTP_UPSTREAM_CHECK) -+#include "ngx_http_upstream_check_module.h" -+#endif - - typedef struct { - /* the round robin data must be first / -@@ -212,6 +215,15 @@ ngx_http_upstream_get_ip_hash_peer(ngx_peer_connection_t pc, void data) - goto next_try; - } - -+#if (NGX_HTTP_UPSTREAM_CHECK) -+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0, -+ "get ip_hash peer, check_index: %ui", -+ peer->check_index); -+ if (ngx_http_upstream_check_peer_down(peer->check_index)) { -+ goto next_try; -+ } -+#endif -+ - if (peer->max_fails - && peer->fails >= peer->max_fails - && now - peer->checked <= peer->fail_timeout) -diff --git a/src/http/modules/ngx_http_upstream_least_conn_module.c b/src/http/modules/ngx_http_upstream_least_conn_module.c -index 623bc9b..a223839 100644 ---- a/src/http/modules/ngx_http_upstream_least_conn_module.c -+++ b/src/http/modules/ngx_http_upstream_least_conn_module.c -@@ -9,6 +9,9 @@ - #include <ngx_core.h> - #include <ngx_http.h> - -+#if (NGX_HTTP_UPSTREAM_CHECK) -+#include "ngx_http_upstream_check_module.h" -+#endif - - typedef struct { - ngx_uint_t conns; -@@ -203,6 +206,16 @@ ngx_http_upstream_get_least_conn_peer(ngx_peer_connection_t pc, void data) - continue; - } - -+#if (NGX_HTTP_UPSTREAM_CHECK) -+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0, -+ "get least_conn peer, check_index: %ui", -+ peer->check_index); -+ -+ if (ngx_http_upstream_check_peer_down(peer->check_index)) { -+ continue; -+ } -+#endif -+ - if (peer->max_fails - && peer->fails >= peer->max_fails - && now - peer->checked <= peer->fail_timeout) -@@ -256,6 +269,16 @@ ngx_http_upstream_get_least_conn_peer(ngx_peer_connection_t pc, void data) - continue; - } - -+#if (NGX_HTTP_UPSTREAM_CHECK) -+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0, -+ "get least_conn peer, check_index: %ui", -+ peer->check_index); -+ -+ if (ngx_http_upstream_check_peer_down(peer->check_index)) { -+ continue; -+ } -+#endif -+ - if (lcp->conns[i] * best->weight != lcp->conns[p] * peer->weight) { - continue; - } -diff --git a/src/http/ngx_http_upstream_round_robin.c b/src/http/ngx_http_upstream_round_robin.c -index 2d0649b..b9789eb 100644 ---- a/src/http/ngx_http_upstream_round_robin.c -+++ b/src/http/ngx_http_upstream_round_robin.c -@@ -9,6 +9,9 @@ - #include <ngx_core.h> - #include <ngx_http.h> - -+#if (NGX_HTTP_UPSTREAM_CHECK) -+#include "ngx_http_upstream_check_module.h" -+#endif - - #define ngx_http_upstream_tries(p) ((p)->number \ - + ((p)->next ? (p)->next->number : 0)) -@@ -92,6 +95,14 @@ ngx_http_upstream_init_round_robin(ngx_conf_t cf, - peer[n].fail_timeout = server[i].fail_timeout; - peer[n].down = server[i].down; - peer[n].server = server[i].name; -+#if (NGX_HTTP_UPSTREAM_CHECK) -+ if (!server[i].down) { -+ peers->peer[n].check_index = -+ ngx_http_upstream_check_add_peer(cf, us, &server[i].addrs[j]); -+ } else { -+ peers->peer[n].check_index = (ngx_uint_t) NGX_ERROR; -+ } -+#endif - n++; - } - } -@@ -148,6 +159,15 @@ ngx_http_upstream_init_round_robin(ngx_conf_t cf, - peer[n].fail_timeout = server[i].fail_timeout; - peer[n].down = server[i].down; - peer[n].server = server[i].name; -+#if (NGX_HTTP_UPSTREAM_CHECK) -+ if (!server[i].down) { -+ backup->peer[n].check_index = -+ ngx_http_upstream_check_add_peer(cf, us, &server[i].addrs[j]); -+ } -+ else { -+ backup->peer[n].check_index = (ngx_uint_t) NGX_ERROR; -+ } -+#endif - n++; - } - } -@@ -207,6 +227,9 @@ ngx_http_upstream_init_round_robin(ngx_conf_t cf, - peer[i].current_weight = 0; - peer[i].max_fails = 1; - peer[i].fail_timeout = 10; -+#if (NGX_HTTP_UPSTREAM_CHECK) -+ peers->peer[i].check_index = (ngx_uint_t) NGX_ERROR; -+#endif - } - - us->peer.data = peers; -@@ -316,7 +339,9 @@ ngx_http_upstream_create_round_robin_peer(ngx_http_request_t r, - peer[0].current_weight = 0; - peer[0].max_fails = 1; - peer[0].fail_timeout = 10; -- -+#if (NGX_HTTP_UPSTREAM_CHECK) -+ peers->peer[0].check_index = (ngx_uint_t) NGX_ERROR; -+#endif - } else { - - for (i = 0; i < ur->naddrs; i++) { -@@ -356,6 +381,9 @@ ngx_http_upstream_create_round_robin_peer(ngx_http_request_t r, - peer[i].current_weight = 0; - peer[i].max_fails = 1; - peer[i].fail_timeout = 10; -+#if (NGX_HTTP_UPSTREAM_CHECK) -+ peers->peer[i].check_index = (ngx_uint_t) NGX_ERROR; -+#endif - } - } - -@@ -415,6 +443,12 @@ ngx_http_upstream_get_round_robin_peer(ngx_peer_connection_t pc, void data) - goto failed; - } - -+#if (NGX_HTTP_UPSTREAM_CHECK) -+ if (ngx_http_upstream_check_peer_down(peer->check_index)) { -+ goto failed; -+ } -+#endif -+ - } else { - - / there are several peers / -@@ -507,6 +541,12 @@ ngx_http_upstream_get_peer(ngx_http_upstream_rr_peer_data_t rrp) - continue; - } - -+#if (NGX_HTTP_UPSTREAM_CHECK) -+ if (ngx_http_upstream_check_peer_down(peer->check_index)) { -+ continue; -+ } -+#endif -+ - if (peer->max_fails - && peer->fails >= peer->max_fails - && now - peer->checked <= peer->fail_timeout) -diff --git a/src/http/ngx_http_upstream_round_robin.h b/src/http/ngx_http_upstream_round_robin.h -index 9db82a6..6e19a65 100644 ---- a/src/http/ngx_http_upstream_round_robin.h -+++ b/src/http/ngx_http_upstream_round_robin.h -@@ -31,6 +31,10 @@ typedef struct { - ngx_uint_t max_fails; - time_t fail_timeout; - -+#if (NGX_HTTP_UPSTREAM_CHECK) -+ ngx_uint_t check_index; -+#endif -+ - ngx_uint_t down; /* unsigned down:1; */ - - #if (NGX_HTTP_SSL)
[-] [+]	Deleted	nginx-0.4.0-no_Werror.patch ^
@@ -1,13 +0,0 @@ -Index: auto/cc/gcc -=================================================================== ---- auto/cc/gcc.orig -+++ auto/cc/gcc -@@ -171,7 +171,7 @@ - - - # stop on warning --CFLAGS="$CFLAGS -Werror" -+CFLAGS="$CFLAGS" - - # debug - CFLAGS="$CFLAGS -g"
[-] [+]	Deleted	nginx-0.4.0-perl_vendor_install.patch ^
@@ -1,13 +0,0 @@ -Index: auto/install -=================================================================== ---- auto/install.orig -+++ auto/install -@@ -7,7 +7,7 @@ - cat << END >> $NGX_MAKEFILE - - install_perl_modules: -- cd $NGX_OBJS/src/http/modules/perl && make install -+ cd $NGX_OBJS/src/http/modules/perl && make install_vendor - END - - NGX_INSTALL_PERL_MODULES=install_perl_modules
[-] [+]	Deleted	nginx-0.6.31-DESTDIR.patch ^
@@ -1,75 +0,0 @@ -Index: auto/install -=================================================================== ---- auto/install.orig 2007-07-30 12:51:55.000000000 +0200 -+++ auto/install 2008-05-29 18:00:45.383221398 +0200 -@@ -19,45 +19,45 @@ cat << END - - install: $NGX_OBJS${ngx_dirsep}nginx${ngx_binext} \ - $NGX_INSTALL_PERL_MODULES -- test -d '$NGX_PREFIX' \|\| mkdir -p '$NGX_PREFIX' -+ test -d '\$(DESTDIR)$NGX_PREFIX' \|\| mkdir -p '\$(DESTDIR)$NGX_PREFIX' - -- test -d '`dirname "$NGX_SBIN_PATH"`' \ -- \|\| mkdir -p '`dirname "$NGX_SBIN_PATH"`' -- test ! -f '$NGX_SBIN_PATH' \|\| mv '$NGX_SBIN_PATH' '$NGX_SBIN_PATH.old' -- cp $NGX_OBJS/nginx '$NGX_SBIN_PATH' -+ test -d '\$(DESTDIR)`dirname "$NGX_SBIN_PATH"`' \ -+ \|\| mkdir -p '\$(DESTDIR)`dirname "$NGX_SBIN_PATH"`' -+ test ! -f '\$(DESTDIR)$NGX_SBIN_PATH' \|\| mv '\$(DESTDIR)$NGX_SBIN_PATH' '\$(DESTDIR)$NGX_SBIN_PATH.old' -+ cp $NGX_OBJS/nginx '\$(DESTDIR)$NGX_SBIN_PATH' - -- test -d '$NGX_CONF_PREFIX' \|\| mkdir -p '$NGX_CONF_PREFIX' -+ test -d '\$(DESTDIR)$NGX_CONF_PREFIX' \|\| mkdir -p '\$(DESTDIR)$NGX_CONF_PREFIX' - -- cp conf/koi-win '$NGX_CONF_PREFIX' -- cp conf/koi-utf '$NGX_CONF_PREFIX' -- cp conf/win-utf '$NGX_CONF_PREFIX' -+ cp conf/koi-win '\$(DESTDIR)$NGX_CONF_PREFIX' -+ cp conf/koi-utf '\$(DESTDIR)$NGX_CONF_PREFIX' -+ cp conf/win-utf '\$(DESTDIR)$NGX_CONF_PREFIX' - -- test -f '$NGX_CONF_PREFIX/mime.types' \ -- \|\| cp conf/mime.types '$NGX_CONF_PREFIX' -- cp conf/mime.types '$NGX_CONF_PREFIX/mime.types.default' -+ test -f '\$(DESTDIR)$NGX_CONF_PREFIX/mime.types' \ -+ \|\| cp conf/mime.types '\$(DESTDIR)$NGX_CONF_PREFIX' -+ cp conf/mime.types '\$(DESTDIR)$NGX_CONF_PREFIX/mime.types.default' - -- test -f '$NGX_CONF_PREFIX/fastcgi_params' \ -- \|\| cp conf/fastcgi_params '$NGX_CONF_PREFIX' -- cp conf/fastcgi_params '$NGX_CONF_PREFIX/fastcgi_params.default' -+ test -f '\$(DESTDIR)$NGX_CONF_PREFIX/fastcgi_params' \ -+ \|\| cp conf/fastcgi_params '\$(DESTDIR)$NGX_CONF_PREFIX' -+ cp conf/fastcgi_params '\$(DESTDIR)$NGX_CONF_PREFIX/fastcgi_params.default' - -- test -f '$NGX_CONF_PATH' \|\| cp conf/nginx.conf '$NGX_CONF_PREFIX' -- cp conf/nginx.conf '$NGX_CONF_PREFIX/nginx.conf.default' -+ test -f '\$(DESTDIR)$NGX_CONF_PATH' \|\| cp conf/nginx.conf '\$(DESTDIR)$NGX_CONF_PREFIX' -+ cp conf/nginx.conf '\$(DESTDIR)$NGX_CONF_PREFIX/nginx.conf.default' - -- test -d '`dirname "$NGX_PID_PATH"`' \ -- \|\| mkdir -p '`dirname "$NGX_PID_PATH"`' -+ test -d '\$(DESTDIR)`dirname "$NGX_PID_PATH"`' \ -+ \|\| mkdir -p '\$(DESTDIR)`dirname "$NGX_PID_PATH"`' - -- test -d '`dirname "$NGX_HTTP_LOG_PATH"`' \|\| \ -- mkdir -p '`dirname "$NGX_HTTP_LOG_PATH"`' -+ test -d '\$(DESTDIR)`dirname "$NGX_HTTP_LOG_PATH"`' \|\| \ -+ mkdir -p '\$(DESTDIR)`dirname "$NGX_HTTP_LOG_PATH"`' - -- test -d '$NGX_PREFIX/html' \|\| cp -r html '$NGX_PREFIX' -+ test -d '\$(DESTDIR)$NGX_PREFIX/html' \|\| cp -r html '\$(DESTDIR)$NGX_PREFIX' - END - - --if test -n "$NGX_ERROR_LOG_PATH"; then -+if test -n "\$(DESTDIR)$NGX_ERROR_LOG_PATH"; then - cat << END >> $NGX_MAKEFILE - -- test -d '`dirname "$NGX_ERROR_LOG_PATH"`' \|\| \ -- mkdir -p '`dirname "$NGX_ERROR_LOG_PATH"`' -+ test -d '\$(DESTDIR)`dirname "$NGX_ERROR_LOG_PATH"`' \|\| \ -+ mkdir -p '\$(DESTDIR)`dirname "$NGX_ERROR_LOG_PATH"`' - END - - fi
[-] [+]	Deleted	nginx-0.6.31_default_config.patch ^
@@ -1,71 +0,0 @@ -Index: conf/nginx.conf -=================================================================== ---- conf/nginx.conf.orig 2009-04-06 15:43:46.000000000 +0200 -+++ conf/nginx.conf 2009-05-08 20:19:55.436773498 +0200 -@@ -1,12 +1,12 @@ - --#user nobody; -+user nginx; - worker_processes 1; - --#error_log logs/error.log; --#error_log logs/error.log notice; --#error_log logs/error.log info; -+#error_log /var/log/nginx/error.log; -+#error_log /var/log/nginx/error.log notice; -+#error_log /var/log/nginx/error.log info; - --#pid logs/nginx.pid; -+#pid /var/run/nginx.pid; - - - events { -@@ -22,7 +22,7 @@ http { - # '$status $body_bytes_sent "$http_referer" ' - # '"$http_user_agent" "$http_x_forwarded_for"'; - -- #access_log logs/access.log main; -+ #access_log /var/log/nginx/access.log main; - - sendfile on; - #tcp_nopush on; -@@ -38,10 +38,10 @@ http { - - #charset koi8-r; - -- #access_log logs/host.access.log main; -+ #access_log /var/log/nginx/host.access.log main; - - location / { -- root html; -+ root /srv/www/htdocs/; - index index.html index.htm; - } - -@@ -51,7 +51,7 @@ http { - # - error_page 500 502 503 504 /50x.html; - location = /50x.html { -- root html; -+ root /srv/www/htdocs/; - } - - # proxy the PHP scripts to Apache listening on 127.0.0.1:80 -@@ -87,7 +87,7 @@ http { - # server_name somename alias another.alias; - - # location / { -- # root html; -+ # root /srv/www/htdocs/; - # index index.html index.htm; - # } - #} -@@ -110,7 +110,7 @@ http { - # ssl_prefer_server_ciphers on; - - # location / { -- # root html; -+ # root /srv/www/htdocs/; - # index index.html index.htm; - # } - #}
[-] [+]	Deleted	nginx-0.6.38-html.patch ^
@@ -1,14 +0,0 @@ -Index: auto/install -=================================================================== ---- auto/install.orig -+++ auto/install -@@ -54,8 +54,7 @@ - test -d '\$(DESTDIR)`dirname "$NGX_HTTP_LOG_PATH"`' \|\| \ - mkdir -p '\$(DESTDIR)`dirname "$NGX_HTTP_LOG_PATH"`' - -- test -d '\$(DESTDIR)$NGX_PREFIX/html' \ -- \|\| cp -r html '\$(DESTDIR)$NGX_PREFIX' -+ test -d '\$(DESTDIR)/srv/www/htdocs' \|\| install -d '\$(DESTDIR)/srv/www/' && cp -r html '\$(DESTDIR)/srv/www/htdocs' - END - -
[-] [+]	Deleted	openssl-rc4tilt.patch ^
@@ -1,17 +0,0 @@ -Nur in openssl-1.0.1j-norc4: openssl__disable_rc4.patch. -diff -ru openssl-1.0.1j/ssl/s3_lib.c openssl-1.0.1j-norc4/ssl/s3_lib.c ---- openssl-1.0.1j/ssl/s3_lib.c 2014-10-15 14:53:39.000000000 +0200 -+++ openssl-1.0.1j-norc4/ssl/s3_lib.c 2014-10-23 18:57:16.468131600 +0200 -@@ -3844,6 +3844,11 @@ - (TLS1_get_version(s) < TLS1_2_VERSION)) - continue; - -+ /* Disable RC4 for TLS v1.1+ */ -+ if ((c->algorithm_enc == SSL_RC4) && -+ (TLS1_get_version(s) >= TLS1_1_VERSION)) -+ continue; -+ - ssl_set_cert_masks(cert,c); - mask_k = cert->mask_k; - mask_a = cert->mask_a; -Nur in openssl-1.0.1j-norc4/ssl: s3_lib.c.orig.
[-] [+]	Deleted	openssl__chacha20_poly1305_draft_and_rfc_ossl102g.patch ^
@@ -1,5227 +0,0 @@ -From d21c75c622eb13a80080ed15fa30474f806a0a0f Mon Sep 17 00:00:00 2001 -From: Vlad Krasnov <vlad@cloudflare.com> -Date: Fri, 12 Feb 2016 18:25:11 -0800 -Subject: [PATCH] Implementation of draft and RFC versions of CHACHA20-POLY1305 - ciphers - ---- - Configure \| 48 +- - Makefile.org \| 4 +- - apps/speed.c \| 30 +- - crypto/chacha20poly1305/Makefile \| 97 +++ - crypto/chacha20poly1305/asm/chacha20_avx.pl \| 408 +++++++++++ - crypto/chacha20poly1305/asm/chacha20_avx2.pl \| 443 ++++++++++++ - crypto/chacha20poly1305/asm/poly1305_avx.pl \| 732 ++++++++++++++++++++ - crypto/chacha20poly1305/asm/poly1305_avx2.pl \| 984 +++++++++++++++++++++++++++ - crypto/chacha20poly1305/asm/poly1305_x64.pl \| 281 ++++++++ - crypto/chacha20poly1305/chacha20.c \| 162 +++++ - crypto/chacha20poly1305/chacha20poly1305.h \| 79 +++ - crypto/chacha20poly1305/chapolytest.c \| 470 +++++++++++++ - crypto/chacha20poly1305/poly1305.c \| 287 ++++++++ - crypto/cryptlib.c \| 10 - - crypto/evp/Makefile \| 7 +- - crypto/evp/e_chacha20poly1305.c \| 435 ++++++++++++ - crypto/evp/evp.h \| 4 + - ssl/s3_lib.c \| 119 ++++ - ssl/ssl.h \| 2 + - ssl/ssl_ciph.c \| 60 +- - ssl/ssl_locl.h \| 2 + - ssl/tls1.h \| 28 + - test/Makefile \| 17 +- - 23 files changed, 4655 insertions(+), 54 deletions(-) - create mode 100644 crypto/chacha20poly1305/Makefile - create mode 100644 crypto/chacha20poly1305/asm/chacha20_avx.pl - create mode 100644 crypto/chacha20poly1305/asm/chacha20_avx2.pl - create mode 100644 crypto/chacha20poly1305/asm/poly1305_avx.pl - create mode 100644 crypto/chacha20poly1305/asm/poly1305_avx2.pl - create mode 100644 crypto/chacha20poly1305/asm/poly1305_x64.pl - create mode 100644 crypto/chacha20poly1305/chacha20.c - create mode 100644 crypto/chacha20poly1305/chacha20poly1305.h - create mode 100644 crypto/chacha20poly1305/chapolytest.c - create mode 100644 crypto/chacha20poly1305/poly1305.c - create mode 100644 crypto/evp/e_chacha20poly1305.c - -diff --git a/Configure b/Configure -index 4a715dc..f3ab6cd 100755 ---- a/Configure -+++ b/Configure -@@ -146,25 +146,25 @@ my $tlib="-lnsl -lsocket"; - my $bits1="THIRTY_TWO_BIT "; - my $bits2="SIXTY_FOUR_BIT "; - --my $x86_asm="x86cpuid.o:bn-586.o co-586.o x86-mont.o x86-gf2m.o::des-586.o crypt586.o:aes-586.o vpaes-x86.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o:cmll-x86.o:ghash-x86.o:"; -+my $x86_asm="x86cpuid.o:bn-586.o co-586.o x86-mont.o x86-gf2m.o::des-586.o crypt586.o:aes-586.o vpaes-x86.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o:cmll-x86.o:ghash-x86.o::"; - - my $x86_elf_asm="$x86_asm:elf"; - --my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o:ecp_nistz256.o ecp_nistz256-x86_64.o::aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o::rc4-x86_64.o rc4-md5-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:ghash-x86_64.o aesni-gcm-x86_64.o:"; --my $ia64_asm="ia64cpuid.o:bn-ia64.o ia64-mont.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::ghash-ia64.o::void"; --my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o::des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o:aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o::md5-sparcv9.o:sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o::::::camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o:ghash-sparcv9.o::void"; --my $sparcv8_asm=":sparcv8.o::des_enc-sparc.o fcrypt_b.o:::::::::::::void"; --my $alpha_asm="alphacpuid.o:bn_asm.o alpha-mont.o::::::sha1-alpha.o:::::::ghash-alpha.o::void"; --my $mips64_asm=":bn-mips.o mips-mont.o:::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o sha512-mips.o::::::::"; -+my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o:ecp_nistz256.o ecp_nistz256-x86_64.o::aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o::rc4-x86_64.o rc4-md5-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:ghash-x86_64.o aesni-gcm-x86_64.o::chacha20_avx.o chacha20_avx2.o poly1305_x64.o poly1305_avx2.o"; -+my $ia64_asm="ia64cpuid.o:bn-ia64.o ia64-mont.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::ghash-ia64.o:::void"; -+my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o::des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o:aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o::md5-sparcv9.o:sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o::::::camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o:ghash-sparcv9.o:::void"; -+my $sparcv8_asm=":sparcv8.o::des_enc-sparc.o fcrypt_b.o::::::::::::::void"; -+my $alpha_asm="alphacpuid.o:bn_asm.o alpha-mont.o::::::sha1-alpha.o:::::::ghash-alpha.o:::void"; -+my $mips64_asm=":bn-mips.o mips-mont.o:::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o sha512-mips.o:::::::::"; - my $mips32_asm=$mips64_asm; $mips32_asm =~ s/\ssha512\-mips\.o//; --my $s390x_asm="s390xcap.o s390xcpuid.o:bn-s390x.o s390x-mont.o s390x-gf2m.o:::aes-s390x.o aes-ctr.o aes-xts.o:::sha1-s390x.o sha256-s390x.o sha512-s390x.o::rc4-s390x.o:::::ghash-s390x.o:"; --my $armv4_asm="armcap.o armv4cpuid.o:bn_asm.o armv4-mont.o armv4-gf2m.o:::aes_cbc.o aes-armv4.o bsaes-armv7.o aesv8-armx.o:::sha1-armv4-large.o sha256-armv4.o sha512-armv4.o:::::::ghash-armv4.o ghashv8-armx.o::void"; --my $aarch64_asm="armcap.o arm64cpuid.o mem_clr.o::::aes_core.o aes_cbc.o aesv8-armx.o:::sha1-armv8.o sha256-armv8.o sha512-armv8.o:::::::ghashv8-armx.o:"; --my $parisc11_asm="pariscid.o:bn_asm.o parisc-mont.o:::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::32"; --my $parisc20_asm="pariscid.o:pa-risc2W.o parisc-mont.o:::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::64"; --my $ppc64_asm="ppccpuid.o ppccap.o:bn-ppc.o ppc-mont.o ppc64-mont.o:::aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o:::sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o:::::::ghashp8-ppc.o:"; -+my $s390x_asm="s390xcap.o s390xcpuid.o:bn-s390x.o s390x-mont.o s390x-gf2m.o:::aes-s390x.o aes-ctr.o aes-xts.o:::sha1-s390x.o sha256-s390x.o sha512-s390x.o::rc4-s390x.o:::::ghash-s390x.o::"; -+my $armv4_asm="armcap.o armv4cpuid.o:bn_asm.o armv4-mont.o armv4-gf2m.o:::aes_cbc.o aes-armv4.o bsaes-armv7.o aesv8-armx.o:::sha1-armv4-large.o sha256-armv4.o sha512-armv4.o:::::::ghash-armv4.o ghashv8-armx.o:::void"; -+my $aarch64_asm="armcap.o arm64cpuid.o mem_clr.o::::aes_core.o aes_cbc.o aesv8-armx.o:::sha1-armv8.o sha256-armv8.o sha512-armv8.o:::::::ghashv8-armx.o::"; -+my $parisc11_asm="pariscid.o:bn_asm.o parisc-mont.o:::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o:::32"; -+my $parisc20_asm="pariscid.o:pa-risc2W.o parisc-mont.o:::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o:::64"; -+my $ppc64_asm="ppccpuid.o ppccap.o:bn-ppc.o ppc-mont.o ppc64-mont.o:::aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o:::sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o:::::::ghashp8-ppc.o::"; - my $ppc32_asm=$ppc64_asm; --my $no_asm="::::::::::::::::void"; -+my $no_asm=":::::::::::::::::void"; - - # As for $BSDthreads. Idea is to maintain "collective" set of flags, - # which would cover all BSD flavors. -pthread applies to them all, -@@ -710,6 +710,7 @@ my $idx_wp_obj = $idx++; - my $idx_cmll_obj = $idx++; - my $idx_modes_obj = $idx++; - my $idx_engines_obj = $idx++; -+my $idx_chapoly_obj = $idx++; - my $idx_perlasm_scheme = $idx++; - my $idx_dso_scheme = $idx++; - my $idx_shared_target = $idx++; -@@ -752,6 +753,7 @@ my $bf ="crypto/bf/bf_locl.h"; - my $bn_asm ="bn_asm.o"; - my $des_enc="des_enc.o fcrypt_b.o"; - my $aes_enc="aes_core.o aes_cbc.o"; -+my $chapoly_enc=""; - my $bf_enc ="bf_enc.o"; - my $cast_enc="c_enc.o"; - my $rc4_enc="rc4_enc.o rc4_skey.o"; -@@ -1210,7 +1212,7 @@ $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/\|^[a-zA-Z]:[\\\/] - - print "IsMK1MF=$IsMK1MF\n"; - --my @fields = split(/\s:\s/,$table{$target} . ":" x 30 , -1); -+my @fields = split(/\s:\s/,$table{$target} . ":" x 31 , -1); - my $cc = $fields[$idx_cc]; - # Allow environment CC to override compiler... - if($ENV{CC}) { -@@ -1239,6 +1241,7 @@ my $wp_obj = $fields[$idx_wp_obj]; - my $cmll_obj = $fields[$idx_cmll_obj]; - my $modes_obj = $fields[$idx_modes_obj]; - my $engines_obj = $fields[$idx_engines_obj]; -+my $chapoly_obj = $fields[$idx_chapoly_obj]; - my $perlasm_scheme = $fields[$idx_perlasm_scheme]; - my $dso_scheme = $fields[$idx_dso_scheme]; - my $shared_target = $fields[$idx_shared_target]; -@@ -1405,7 +1408,7 @@ if ($no_asm) - { - $cpuid_obj=$bn_obj=$ec_obj= - $des_obj=$aes_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj=$cmll_obj= -- $modes_obj=$sha1_obj=$md5_obj=$rmd160_obj=$wp_obj=$engines_obj=""; -+ $modes_obj=$sha1_obj=$md5_obj=$rmd160_obj=$wp_obj=$engines_obj=$chapoly_obj=""; - } - - if (!$no_shared) -@@ -1558,6 +1561,14 @@ $bf_obj=$bf_enc unless ($bf_obj =~ /\.o$/); - $cast_obj=$cast_enc unless ($cast_obj =~ /\.o$/); - $rc4_obj=$rc4_enc unless ($rc4_obj =~ /\.o$/); - $rc5_obj=$rc5_enc unless ($rc5_obj =~ /\.o$/); -+if ($chapoly_obj =~ /\.o$/) -+ { -+ $cflags.=" -DCHAPOLY_x86_64_ASM"; -+ } -+else -+ { -+ $chapoly_obj=$chapoly_enc; -+ } - if ($sha1_obj =~ /\.o$/) - { - # $sha1_obj=$sha1_enc; -@@ -1740,6 +1751,7 @@ while (<IN>) - s/^WP_ASM_OBJ=.$/WP_ASM_OBJ= $wp_obj/; - s/^CMLL_ENC=.$/CMLL_ENC= $cmll_obj/; - s/^MODES_ASM_OBJ.=$/MODES_ASM_OBJ= $modes_obj/; -+ s/^CHAPOLY_ENC=.$/CHAPOLY_ENC= $chapoly_obj/; - s/^ENGINES_ASM_OBJ.=$/ENGINES_ASM_OBJ= $engines_obj/; - s/^PERLASM_SCHEME=.$/PERLASM_SCHEME= $perlasm_scheme/; - s/^PROCESSOR=./PROCESSOR= $processor/; -@@ -1802,6 +1814,7 @@ print "RMD160_OBJ_ASM=$rmd160_obj\n"; - print "CMLL_ENC =$cmll_obj\n"; - print "MODES_OBJ =$modes_obj\n"; - print "ENGINES_OBJ =$engines_obj\n"; -+print "CHAPOLY_ENC =$chapoly_obj\n"; - print "PROCESSOR =$processor\n"; - print "RANLIB =$ranlib\n"; - print "ARFLAGS =$arflags\n"; -@@ -2200,7 +2213,7 @@ sub print_table_entry - my ($cc, $cflags, $unistd, $thread_cflag, $sys_id, $lflags, - $bn_ops, $cpuid_obj, $bn_obj, $ec_obj, $des_obj, $aes_obj, $bf_obj, - $md5_obj, $sha1_obj, $cast_obj, $rc4_obj, $rmd160_obj, -- $rc5_obj, $wp_obj, $cmll_obj, $modes_obj, $engines_obj, -+ $rc5_obj, $wp_obj, $cmll_obj, $modes_obj, $engines_obj, $chapoly_obj, - $perlasm_scheme, $dso_scheme, $shared_target, $shared_cflag, - $shared_ldflag, $shared_extension, $ranlib, $arflags, $multilib)= - split(/\s:\s/,$table{$target} . ":" x 30 , -1); -@@ -2231,6 +2244,7 @@ sub print_table_entry - \$cmll_obj = $cmll_obj - \$modes_obj = $modes_obj - \$engines_obj = $engines_obj -+\$chapoly_obj = $chapoly_obj - \$perlasm_scheme = $perlasm_scheme - \$dso_scheme = $dso_scheme - \$shared_target= $shared_target -diff --git a/Makefile.org b/Makefile.org -index 76fdbdf..6556ef6 100644 ---- a/Makefile.org -+++ b/Makefile.org -@@ -91,6 +91,7 @@ BN_ASM= bn_asm.o - EC_ASM= - DES_ENC= des_enc.o fcrypt_b.o - AES_ENC= aes_core.o aes_cbc.o -+CHAPOLY_ENC= - BF_ENC= bf_enc.o - CAST_ENC= c_enc.o - RC4_ENC= rc4_enc.o -@@ -148,7 +149,7 @@ SDIRS= \ - bn ec rsa dsa ecdsa dh ecdh dso engine \ - buffer bio stack lhash rand err \ - evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ -- cms pqueue ts jpake srp store cmac -+ cms pqueue ts jpake srp store cmac chacha20poly1305 - # keep in mind that the above list is adjusted by ./Configure - # according to no-xxx arguments... - -@@ -234,6 +235,7 @@ BUILDENV= LC_ALL=C PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)'\
	Deleted	1.13.35.1-x64.tar.gz ^
	Changed	1.13.35.2-x64.tar.gz ^
[-] [+]	Changed	_service ^
@@ -2,6 +2,11 @@ <service name="download_url"> <param name="host">nginx.org</param> <param name="protocol">http</param> - <param name="path">/download/nginx-1.13.7.tar.gz</param> + <param name="path">/download/nginx-1.18.0.tar.gz</param> </service> -<service name="download_url"><param name="host">nginx.org</param><param name="protocol">http</param><param name="path">/download/nginx-1.13.7.tar.gz</param></service><service name="download_url"><param name="host">www.openssl.org</param><param name="protocol">https</param><param name="path">/source/openssl-1.1.0g.tar.gz</param></service></services> \ No newline at end of file + <service name="download_url"> + <param name="host">www.openssl.org</param> + <param name="protocol">https</param> + <param name="path">/source/openssl-1.1.1h.tar.gz</param> + </service> +</services>
	Changed	_service:download_url:nginx-1.18.0.tar.gz ^
	Deleted	_service:download_url:openssl-1.1.0g.tar.gz ^
	Added	_service:download_url:openssl-1.1.1h.tar.gz ^
[-] [+]	Deleted	magento-sample.conf-disabled ^
@@ -1,113 +0,0 @@ -server { - include /etc/nginx/port.conf; - server_name example.com; - return 301 $scheme://www.example.com$request_uri; -} - -server { - include /etc/nginx/port.conf; - #listen 443 ssl; - server_name www.example.com; ## Domain is here - root /var/www/html; - access_log /var/log/nginx/access_www.example.com.log main; - - if ($http_user_agent = "") { return 444;} - - #################################################################################### - ## SSL CONFIGURATION - - #ssl_certificate /etc/ssl/certs/www_server_com.chained.crt; - #ssl_certificate_key /etc/ssl/certs/server.key; - - #################################################################################### - ## Server maintenance block. insert dev ip 1.2.3.4 static address www.whatismyip.com - - #if ($remote_addr !~ "^(1.2.3.4\|1.2.3.4)$") { - #return 503; - #} - - #error_page 503 @maintenance; - #location @maintenance { - #rewrite ^(.)$ /error_page/503.html break; - #internal; - #access_log off; - #log_not_found off; - #} - - #################################################################################### - ## 403 error log/page - - #error_page 403 /403.html; - #location = /403.html { - #root /var/www/html/error_page; - #internal; - #access_log /var/log/nginx/403.log error403; - #} - - #################################################################################### - ## Main Magento location - - location / { - try_files $uri $uri/ @handler; - } - - #################################################################################### - ## These locations would be hidden by .htaccess normally, protected - - location ~ (/(app/\|includes/\|pkginfo/\|var/\|errors/local.xml)\|/\.) { - deny all; - } - - #################################################################################### - ## Protecting /admin/ and /downloader/ 1.2.3.4 = static ip (www.whatismyip.com) - - #location /downloader/ { - #allow 1.2.3.4; allow 1.2.3.4; deny all; - #rewrite ^/downloader/(.)$ /downloader/index.php$1; - #} - #location /admin { - #allow 1.2.3.4; allow 1.2.3.4; deny all; - #rewrite / /@handler; - #} - - #################################################################################### - ## Images, scripts and styles set far future Expires header - - location ~* \.(js\|css\|png\|jpg\|jpeg\|gif\|ico)$ { - open_file_cache max=10000 inactive=8h; - open_file_cache_valid 1h; - open_file_cache_min_uses 2; - open_file_cache_errors off; - expires max; - log_not_found off; - access_log off; - } - - #################################################################################### - ## Main Magento location - - location @handler { - rewrite / /index.php?$args; - } - - location ~ .php/ { ## Forward paths like /js/index.php/x.js to relevant handler - rewrite ^(.*.php)/ $1 last; - } - - #################################################################################### - ## Execute PHP scripts - - location ~ .php$ { - add_header X-UA-Compatible 'IE=Edge,chrome=1'; - add_header X-Time-Spent $request_time; - try_files $uri $uri/ =404; - fastcgi_pass 127.0.0.1:9000; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - ## Store code with multi domain - #fastcgi_param MAGE_RUN_CODE $storecode; - ## Default Store code - fastcgi_param MAGE_RUN_CODE default; - fastcgi_param MAGE_RUN_TYPE store; ## or website; - include fastcgi_params; ## See /etc/nginx/fastcgi_params - } - }
[-] [+]	Deleted	naxsi-0.55.3.tar.gz/naxsi_src/nginx.conf.example ^
@@ -1,36 +0,0 @@ -master_process off; -worker_processes 1; -load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; -events { - worker_connections 1024; -} -http { - include /tmp/naxsi_ut/naxsi_core.rules; - include mime.types; - default_type application/octet-stream; - sendfile on; - keepalive_timeout 65; - server { - listen 4242; - server_name localhost; - location / { - LearningMode; - SecRulesEnabled; - DeniedUrl "/50x.html"; - CheckRule "$SQL >= 8" BLOCK; - CheckRule "$RFI >= 8" BLOCK; - CheckRule "$TRAVERSAL >= 4" BLOCK; - CheckRule "$EVADE >= 4" BLOCK; - CheckRule "$XSS >= 8" BLOCK; - error_log /tmp/ngx_error.log debug; - access_log /tmp/ngx_access.log; - root html; - index index.html index.htm; - } - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root html; - } - } -} -
[-] [+]	Changed	naxsi-0.56.tar.gz/.travis.yml ^
@@ -10,7 +10,7 @@ env: global: - VER_NGINX=1.9.11 - - COV=1 + - COV=0 compiler: - clang @@ -27,7 +27,7 @@ - cd ./naxsi_src - if [ "$CC" == "clang" ]; then COV=0; fi - make - - cpanm -v --notest Test::Nginx + - sudo cpanm -v --notest Test::Nginx before_script: - lcov --directory "../nginx-${VER_NGINX}" --zerocounters @@ -39,7 +39,3 @@ - cat /tmp/ngx_error.log - cat /tmp/ngx_access.log -after_success: - - lcov --list naxsi.info - - coveralls-lcov --repo-token ${COVERALLS_TOKEN} naxsi.info -
[-] [+]	Changed	naxsi-0.56.tar.gz/README.md ^
@@ -4,6 +4,8 @@ [![travis-ci](https://travis-ci.org/nbs-system/naxsi.svg?branch=master)](https://travis-ci.org/nbs-system/naxsi) [![coveralls](https://coveralls.io/repos/github/nbs-system/naxsi/badge.svg?branch=master)](https://coveralls.io/github/nbs-system/naxsi?branch=master) [![codecov](http://codecov.io/github/nbs-system/naxsi/coverage.svg?branch=master)](http://codecov.io/github/nbs-system/naxsi?branch=master) +[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/740/badge)](https://bestpractices.coreinfrastructure.org/projects/740) +[![Gitter](https://img.shields.io/gitter/room/nwjs/nw.js.svg)](https://gitter.im/nbs-system/naxsi) ### We need your help @@ -41,7 +43,7 @@ and free (as in free beer) to use. ## What does it run on? -Naxsi is compatible with any nginx version, although it currently doesn't play well with the new HTTPv2 protocol added in recent nginx versions. See [issue #227]( https://github.com/nbs-system/naxsi/issues/227 ) for more details. +Naxsi should be compatible with any nginx version. It depends on `libpcre` for its regexp support, and is reported to work great on NetBSD, FreeBSD, OpenBSD, Debian, Ubuntu and CentOS. @@ -50,3 +52,12 @@ - The [documentation](https://github.com/nbs-system/naxsi/wiki) - Some [rules]( https://github.com/nbs-system/naxsi-rules ) for mainstream software - The [nxapi/nxtool]( https://github.com/nbs-system/naxsi/tree/master/nxapi ) to generate rules + + +<img alt="nxapi-dashboard logo" src="https://raw.githubusercontent.com/wiki/nbs-system/naxsi/Images/kibana.png" align="center"/> + +## Security issues +If you find a security issue, please send it by email to `tko@nbs-system.com`; +you can use the gpg key +[0x251A28DE2685AED4](https://pgp.mit.edu/pks/lookup?op=vindex&search=0x251A28DE2685AED4) +to encrypt it.
[-] [+]	Changed	naxsi-0.56.tar.gz/naxsi_config/naxsi_core.rules ^
@@ -69,7 +69,7 @@ MainRule "str:]" "msg:close square bracket (]), possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; MainRule "str:~" "msg:tilde (~) character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; MainRule "str:`" "msg:grave accent (`)" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -MainRule "rx:%[2\|3]." "msg:double encoding" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +MainRule "rx:%[23]." "msg:double encoding" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; #################################### ## Evading tricks IDs: 1400-1500 ##
[-] [+]	Changed	naxsi-0.56.tar.gz/naxsi_src/Makefile ^
@@ -1,75 +1,113 @@ CORE_VERS := $(shell grep NAXSI_VERSION naxsi.h \| cut -d '"' -f 2) MOD_PATH := $(shell pwd) -TMP_DIR := /tmp/nginx/ +TMP_DIR := /tmp/nginx/ # Keys for coverity CAN := CAK := -#Set to 1 if you want coverage report -COV ?= 1 +#Mode: coverage, fuzz, or base +COV ?= 0 +FUZZ ?= 0 +STOCK ?= 1 #Allows to force for specific UT only -#TEST := "29.t" -NGINX_VERS := "1.9.11" +#TEST := "" +NGINX_VERS := "1.12.2" -NGINX_OPTIONS="--error-log-path=/tmp/naxsi_ut/error.log" + +NGINX_OPTIONS="--with-select_module" NGINX_OPTIONS+="--conf-path=/tmp/naxsi_ut/nginx.conf" NGINX_OPTIONS+="--http-client-body-temp-path=/tmp/naxsi_ut/body/" NGINX_OPTIONS+="--http-fastcgi-temp-path=/tmp/naxsi_ut/fastcgi/" -NGINX_OPTIONS+="--http-log-path=/tmp/naxsi_ut/access.log" NGINX_OPTIONS+="--http-proxy-temp-path=/tmp/naxsi_ut/proxy/" NGINX_OPTIONS+="--lock-path=/tmpnginx.lock" NGINX_OPTIONS+="--pid-path=/tmp/naxsi_ut/nginx.pid" NGINX_OPTIONS+="--modules-path=/tmp/naxsi_ut/modules/" -NGINX_OPTIONS+="--with-http_ssl_module" NGINX_OPTIONS+="--without-mail_pop3_module" NGINX_OPTIONS+="--without-mail_smtp_module" NGINX_OPTIONS+="--without-mail_imap_module" +NGINX_OPTIONS+="--with-http_v2_module" NGINX_OPTIONS+="--without-http_uwsgi_module" NGINX_OPTIONS+="--without-http_scgi_module" -NGINX_OPTIONS+="--add-dynamic-module=$(MOD_PATH)" -NGINX_OPTIONS+="--with-ipv6" +#dynamic or not NGINX_OPTIONS+="--add-dynamic-module=$(MOD_PATH)" NGINX_OPTIONS+="--prefix=/tmp" -NGINX_OPTIONS+="--with-debug" -CFLAGS:="-Wall -Wextra" +CFLAGS:="-Wall -Wextra -Werror" all: nginx_download configure build install deploy re: clean all test + +FUZZ_PATH := "../fuzz" +AFL_PATH := $(PWD)"/"$(FUZZ_PATH)"/afl/" + +install_afl: + mkdir -p $(FUZZ_PATH) + cd $(FUZZ_PATH) && (wget -nc --no-clobber "http://lcamtuf.coredump.cx/afl/releases/afl-latest.tgz" \|\| exit 1) + cd $(FUZZ_PATH) && (test -d $(AFL_PATH) \|\| (mkdir $(FUZZ_PATH)"/afl" && tar -C $(AFL_PATH)/ -xzf afl-latest.tgz --strip-components=1)) + cd $(FUZZ_PATH) && (make -C $(AFL_PATH) && make -C $(AFL_PATH)"/llvm_mode" clean all afl-clang-fast) + +install_preeny: + cd $(FUZZ_PATH) && (test -d preeny \|\| git clone https://github.com/zardus/preeny.git) + cd $(FUZZ_PATH) && make -C preeny/src/ + +fuzz_build: install_afl install_preeny + mkdir -p $(FUZZ_PATH) + STOCK=0 FUZZ=1 make nginx_download + cd $(TMP_DIR) && patch -p1 "./src/core/ngx_cycle.c" < $(MOD_PATH)"/../t/confs/ngx_cycle.patch" + cd $(TMP_DIR) && patch -p1 "./src/os/unix/ngx_process_cycle.c" < $(MOD_PATH)"/../t/confs/ngx_process_cycle.patch" + STOCK=0 FUZZ=1 make configure build install deploy + +fuzz: + LD_PRELOAD=$(FUZZ_PATH)"/preeny/src/desock.so" $(AFL_PATH)"afl-fuzz" -t 10 -i "../t/fuzz/" -o $(FUZZ_PATH)/findings $(TMP_DIR)/objs/nginx + clean: rm -f "nginx-"$(NGINX_VERS)".tar.gz" rm -f "nginx-"$(NGINX_VERS)".tar.gz.asc" rm -rf /tmp/naxsi_ut/ rm -rf $(TMP_DIR)/ + rm -rf $(FUZZ_PATH)/ nginx_download: wget --no-clobber "http://nginx.org/download/nginx-"$(NGINX_VERS)".tar.gz" \|\| exit 1 wget --no-clobber "http://nginx.org/download/nginx-"$(NGINX_VERS)".tar.gz.asc" \|\| exit 1 - gpg --keyserver pgp.key-server.io --recv-keys 0x251a28de2685aed4 0x520A9993A1C052F8 - gpg --verify "nginx-"$(NGINX_VERS)".tar.gz.asc" "nginx-"$(NGINX_VERS)".tar.gz" \|\| exit 1 +# gpg --keyserver pgp.key-server.io --recv-keys 0x251a28de2685aed4 0x520A9993A1C052F8 +# gpg --verify "nginx-"$(NGINX_VERS)".tar.gz.asc" "nginx-"$(NGINX_VERS)".tar.gz" \|\| exit 1 mkdir -p $(TMP_DIR)/ tar -C $(TMP_DIR)/ -xzf nginx-$(NGINX_VERS).tar.gz --strip-components=1 configure: +#build non dynamic module (faster) for fuzz/afl +ifeq ($(FUZZ),1) + cd $(TMP_DIR)/ && AFL_PATH=$(AFL_PATH) ./configure --with-cc=$(AFL_PATH)"/llvm_mode/afl-clang-fast" --with-cc-opt="-O3" $(NGINX_OPTIONS) --add-module=$(MOD_PATH) --error-log-path=/dev/null --http-log-path=/dev/null +endif + ifeq ($(COV),1) - cd $(TMP_DIR)/ && ./configure --with-cc-opt="--coverage -g3 -gstabs" --with-ld-opt="-lgcov" $(NGINX_OPTIONS) -else - cd $(TMP_DIR)/ && ./configure --with-cc-opt="-g3 -ggdb" $(NGINX_OPTIONS) + cd $(TMP_DIR)/ && ./configure --with-cc-opt="--coverage -g3 -gstabs" --with-ld-opt="-lgcov" $(NGINX_OPTIONS) --add-dynamic-module=$(MOD_PATH) --error-log-path=/tmp/naxsi_ut/error.log --conf-path=/tmp/naxsi_ut/nginx.conf endif +ifeq ($(STOCK),1) + cd $(TMP_DIR)/ && ./configure --with-cc-opt="-g3 -ggdb" $(NGINX_OPTIONS) --add-dynamic-module=$(MOD_PATH) --error-log-path=/tmp/naxsi_ut/error.log --conf-path=/tmp/naxsi_ut/nginx.conf +endif + + build: - cd $(TMP_DIR)/ && make - if [ -d "/tmp/naxsi_ut" ] ; then cp $(TMP_DIR)/objs/ngx_http_naxsi_module.so /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so ; fi + AFL_PATH=$(AFL_PATH) make -C $(TMP_DIR) + if [ -d "/tmp/naxsi_ut" ] && [ -f $(TMP_DIR)/objs/ngx_http_naxsi_module.so ] ; then cp $(TMP_DIR)/objs/ngx_http_naxsi_module.so /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so ; fi install: - cd $(TMP_DIR)/ && make install + make -C $(TMP_DIR) install -deploy: - @cp ./nginx.conf.example /tmp/naxsi_ut/nginx.conf +deploy: +ifeq ($(FUZZ),1) + @cp ../t/confs/nginx_fuzz.conf.example /tmp/naxsi_ut/nginx.conf +else + @cp ../t/confs/nginx.conf.example /tmp/naxsi_ut/nginx.conf +endif @cp ../naxsi_config/naxsi_core.rules /tmp/naxsi_ut/naxsi_core.rules + @openssl req -batch -x509 -nodes -days 365 -newkey rsa:2048 -keyout /tmp/nginx.key -out /tmp/nginx.crt # RUN UNIT TESTS @@ -77,13 +115,10 @@ ifeq ($(COV),1) lcov --directory $(TMP_DIR) --zerocounters endif - if [ ! $(TEST) ] ; then TEST=".t" ; fi - export PATH="$(TMP_DIR)/objs/:"$(PATH) ; \ - export PERL5LIB="~/perl5/lib/perl5/:/home/travis/perl5/lib/perl5/" ; \ + export PERL5LIB="~/perl5/lib/perl5/" ;\ cd .. ; prove -r "t/$(TEST)" - ifeq ($(COV),1) lcov --directory $(TMP_DIR)/objs/addon/naxsi_src/ --capture --output-file naxsi.info --base-directory $(TMP_DIR) genhtml -s -o /tmp/naxsicov.html naxsi.info
[-] [+]	Changed	naxsi-0.56.tar.gz/naxsi_src/naxsi.h ^
@@ -32,7 +32,7 @@ #ifndef __FOO_H__ #define __FOO_H__ -#define NAXSI_VERSION "0.55.3" +#define NAXSI_VERSION "0.56" #include <nginx.h> #include <ngx_config.h> @@ -548,6 +548,7 @@ ngx_http_request_t r); int nx_check_ids(ngx_int_t match_id, ngx_array_t wl_ids); int naxsi_unescape(ngx_str_t str); +u_int naxsi_escape_nullbytes(ngx_str_t str); void ngx_http_dummy_json_parse(ngx_http_request_ctx_t ctx, ngx_http_request_t r,
[-] [+]	Changed	naxsi-0.56.tar.gz/naxsi_src/naxsi_json.c ^
@@ -91,6 +91,7 @@ if ((js->src+js->off) == '\\') { js->off += 2; if (js->off >= js->len) break; + continue; } if ((js->src+js->off) == '"') { vn_end = js->src+js->off; @@ -161,7 +162,7 @@ ngx_http_basestr_ruleset_n(js->r->pool, &js->ckey, &val, js->main_cf->body_rules, js->r, js->ctx, BODY); - NX_DEBUG(_debug_json, NGX_LOG_DEBUG_HTTP, js->r->connection->log, 0, "JSON '%V' : '%V'", + NX_DEBUG(_debug_json, NGX_LOG_DEBUG_HTTP, js->r->connection->log, 0, "quoted-JSON '%V' : '%V'", &(js->ckey), &(val)); } return (ret); @@ -318,7 +319,7 @@ { ngx_json_t *js; - + js = ngx_pcalloc(r->pool, sizeof(ngx_json_t)); if (!js) return ; js->json.data = js->src = src; @@ -327,7 +328,7 @@ js->ctx = ctx; js->loc_cf = ngx_http_get_module_loc_conf(r, ngx_http_naxsi_module); js->main_cf = ngx_http_get_module_main_conf(r, ngx_http_naxsi_module); - + if (ngx_http_nx_json_seek(js, '{')) { ngx_http_apply_rulematch_v_n(&nx_int__invalid_json, ctx, r, NULL, NULL, BODY, 1, 0); return ;
[-] [+]	Changed	naxsi-0.56.tar.gz/naxsi_src/naxsi_runtime.c ^
@@ -108,6 +108,14 @@ ngx_http_rule_t nx_int__libinject_sql; /ID:17/ ngx_http_rule_t nx_int__libinject_xss; /ID:18/ +ngx_http_rule_t nx_int__no_rules = {/type/ 0, /whitelist flag/ 0, + /wl_id ptr/ NULL, /rule_id/ 19, + /log_msg/ NULL, /score/ 0, + /sscores/ NULL, + /sc_block/ 0, /sc_allow/ 0, + /block/ 0, /allow/ 0, /drop/ 1, /log/ 0, + /br ptrs/ NULL}; + @@ -341,38 +349,44 @@ } ngx_http_whitelist_rule_t * -nx_find_wl_in_hash(ngx_str_t mstr, - ngx_http_dummy_loc_conf_t cf, - enum DUMMY_MATCH_ZONE zone) +nx_find_wl_in_hash( + ngx_http_request_t req, + ngx_str_t mstr, + ngx_http_dummy_loc_conf_t cf, + enum DUMMY_MATCH_ZONE zone) { - ngx_int_t k; ngx_http_whitelist_rule_t b = NULL; size_t i; - + ngx_str_t scratch = {.data = mstr->data, .len = mstr->len}; + + if (zone == HEADERS) { + scratch.data = ngx_pcalloc(req->pool, scratch.len+1); + memcpy(scratch.data, mstr->data, scratch.len); + } + + for (i = 0; i < scratch.len; i++) + scratch.data[i] = tolower(scratch.data[i]); + + k = ngx_hash_key_lc(scratch.data, scratch.len); - for (i = 0; i < mstr->len; i++) - mstr->data[i] = tolower(mstr->data[i]); - - k = ngx_hash_key_lc(mstr->data, mstr->len); - if ((zone == BODY \|\| zone == FILE_EXT) && cf->wlr_body_hash && cf->wlr_body_hash->size > 0) b = (ngx_http_whitelist_rule_t) ngx_hash_find(cf->wlr_body_hash, k, - (u_char) mstr->data, - mstr->len); + (u_char) scratch.data, + scratch.len); else if (zone == HEADERS && cf->wlr_headers_hash && cf->wlr_headers_hash->size > 0) b = (ngx_http_whitelist_rule_t) ngx_hash_find(cf->wlr_headers_hash, k, - (u_char) mstr->data, - mstr->len); + (u_char) scratch.data, + scratch.len); else if (zone == URL && cf->wlr_url_hash && cf->wlr_url_hash->size > 0) b = (ngx_http_whitelist_rule_t) ngx_hash_find(cf->wlr_url_hash, k, - (u_char) mstr->data, - mstr->len); + (u_char) scratch.data, + scratch.len); else if (zone == ARGS && cf->wlr_args_hash && cf->wlr_args_hash->size > 0) b = (ngx_http_whitelist_rule_t) ngx_hash_find(cf->wlr_args_hash, k, - (u_char) mstr->data, - mstr->len); + (u_char) scratch.data, + scratch.len); return (b); } @@ -639,7 +653,7 @@ if (name->len > 0) { NX_DEBUG(_debug_whitelist_compat, NGX_LOG_DEBUG_HTTP, req->connection->log, 0, "hashing varname [%V] (rule:%d) - 'wl:X_VAR:%V'", name, r->rule_id, name); /* try to find in hashtables / - b = nx_find_wl_in_hash(name, cf, zone); + b = nx_find_wl_in_hash(req, name, cf, zone); if (b && ngx_http_dummy_is_whitelist_adapted(b, name, zone, r, req, NAME_ONLY, target_name)) return (1); /prefix hash with '#', to find whitelists that would be done only on ARGS_VAR:X\|NAME / @@ -649,7 +663,7 @@ tmp_hashname.data[0] = '#'; memcpy(tmp_hashname.data+1, name->data, name->len); NX_DEBUG(_debug_whitelist_compat, NGX_LOG_DEBUG_HTTP, req->connection->log, 0, "hashing varname [%V] (rule:%d) - 'wl:X_VAR:%V\|NAME'", name, r->rule_id, name); - b = nx_find_wl_in_hash(&tmp_hashname, cf, zone); + b = nx_find_wl_in_hash(req, &tmp_hashname, cf, zone); ngx_pfree(req->pool, tmp_hashname.data); tmp_hashname.data = NULL; if (b && ngx_http_dummy_is_whitelist_adapted(b, name, zone, r, req, NAME_ONLY, target_name)) @@ -685,7 +699,7 @@ tmp_hashname.len = req->uri.len; ngx_memcpy(tmp_hashname.data, req->uri.data, req->uri.len); NX_DEBUG(_debug_whitelist_compat, NGX_LOG_DEBUG_HTTP, req->connection->log, 0, "hashing uri#1 [%V] (rule:%d) ($URL:X\|URI)", &(tmp_hashname), r->rule_id); - b = nx_find_wl_in_hash(&(tmp_hashname), cf, zone); + b = nx_find_wl_in_hash(req, &(tmp_hashname), cf, zone); ngx_pfree(req->pool, tmp_hashname.data); tmp_hashname.data = NULL; if (b && ngx_http_dummy_is_whitelist_adapted(b, name, zone, r, req, URI_ONLY, target_name)) @@ -699,7 +713,7 @@ tmp_hashname.data[0] = '#'; ngx_memcpy(tmp_hashname.data+1, req->uri.data, req->uri.len); NX_DEBUG(_debug_whitelist_compat, NGX_LOG_DEBUG_HTTP, req->connection->log, 0, "hashing uri#3 [%V] (rule:%d) ($URL:X\|ZONE\|NAME)", &(tmp_hashname), r->rule_id); - b = nx_find_wl_in_hash(&(tmp_hashname), cf, zone); + b = nx_find_wl_in_hash(req, &(tmp_hashname), cf, zone); ngx_pfree(req->pool, tmp_hashname.data); tmp_hashname.data = NULL; if (b && ngx_http_dummy_is_whitelist_adapted(b, name, zone, r, req, URI_ONLY, target_name)) @@ -718,7 +732,7 @@ strncat((char)tmp_hashname.data, (char)name->data, name->len); NX_DEBUG(_debug_whitelist_compat, NGX_LOG_DEBUG_HTTP, req->connection->log, 0, "hashing MIX [%V] ($URL:x\|$X_VAR:y) or ($URL:x\|$X_VAR:y\|NAME)", &tmp_hashname); - b = nx_find_wl_in_hash(&(tmp_hashname), cf, zone); + b = nx_find_wl_in_hash(req, &(tmp_hashname), cf, zone); ngx_pfree(req->pool, tmp_hashname.data); if (b && ngx_http_dummy_is_whitelist_adapted(b, name, zone, r, req, MIXED, target_name)) @@ -797,6 +811,10 @@ if (!tmp_uri) return (NGX_ERROR); ret_uri = tmp_uri; + + if (r->uri.len >= (NGX_MAX_UINT32_VALUE/4)-1) { + r->uri.len /= 4; + } tmp_uri->len = r->uri.len + (2 * ngx_escape_uri(NULL, r->uri.data, r->uri.len, NGX_ESCAPE_ARGS)); @@ -880,9 +898,21 @@ strcat(tmp_zone, "FILE_EXT"); if (mr[i].target_name) strcat(tmp_zone, "\|NAME"); + + ngx_str_t tmp_val; + + if (mr[i].name->len >= (NGX_MAX_UINT32_VALUE/4)-1) { + mr[i].name->len /= 4; + } + + tmp_val.len = mr[i].name->len + (2 * ngx_escape_uri(NULL, mr[i].name->data, mr[i].name->len, NGX_ESCAPE_URI_COMPONENT)); + + tmp_val.data = ngx_pcalloc(r->pool, tmp_val.len+1); + ngx_escape_uri(tmp_val.data, mr[i].name->data, mr[i].name->len, NGX_ESCAPE_URI_COMPONENT); + sub = snprintf(0, 0, fmt_rm, i, tmp_zone, i, - mr[i].rule->rule_id, i, mr[i].name->len, - mr[i].name->data); + mr[i].rule->rule_id, i, tmp_val.len, + tmp_val.data); /* This one would not fit : append a seed to the current fragment, @@ -896,7 +926,7 @@ } sub = snprintf((char )fragment->data+offset, sz_left, fmt_rm, i, tmp_zone, i, mr[i].rule->rule_id, i, - mr[i].name->len, mr[i].name->data); + tmp_val.len, tmp_val.data); if (sub >= sz_left) sub = sz_left - 1; offset += sub; @@ -1166,7 +1196,7 @@ / int ngx_http_spliturl_ruleset(ngx_pool_t pool, - char str, + ngx_str_t nx_str, ngx_array_t rules, ngx_array_t main_rules, ngx_http_request_t req, @@ -1174,14 +1204,23 @@ enum DUMMY_MATCH_ZONE zone) { ngx_str_t name, val; - char eq, ev, orig; + char eq, ev, orig, str; int len, full_len; int nullbytes=0; - NX_DEBUG(_debug_spliturl_ruleset, NGX_LOG_DEBUG_HTTP, req->connection->log, 0, - "XX-check url-like [%s]", str); + if (naxsi_escape_nullbytes(nx_str) > 0) { + ngx_str_t dummy; + dummy.data = NULL; + dummy.len = 0; + ngx_http_apply_rulematch_v_n(&nx_int__uncommon_hex_encoding, ctx, req, &dummy, &dummy, zone, 1, 0); + } + str = (char )nx_str->data; + + NX_DEBUG(_debug_spliturl_ruleset, NGX_LOG_DEBUG_HTTP, req->connection->log, 0, + "XX-check url-like [%s]", str); + orig = str; full_len = strlen(orig); while (str < (orig+full_len) && str) { @@ -1301,8 +1340,8 @@ enum DUMMY_MATCH_ZONE zone) { / Libinjection integration : - 1 - check if libinjection_sql is explicitely enabled - 2 - check if libinjection_xss is explicitely enabled + 1 - check if libinjection_sql is explicitly enabled + 2 - check if libinjection_xss is explicitly enabled if 1 is true : perform check on both name and content, in case of match, apply internal rule increasing the LIBINJECTION_SQL score @@ -1345,12 +1384,12 @@ } int -ngx_http_basestr_ruleset_n(ngx_pool_t pool, +ngx_http_basestr_ruleset_n(ngx_pool_t pool, ngx_str_t name, ngx_str_t value, - ngx_array_t rules, - ngx_http_request_t req, - ngx_http_request_ctx_t ctx, + ngx_array_t rules, + ngx_http_request_t req, + ngx_http_request_ctx_t ctx, enum DUMMY_MATCH_ZONE zone) { ngx_http_rule_t r; @@ -1389,7 +1428,7 @@ "XX-RULE %d : START", r[i].rule_id); / does the rule have a custom location ? custom location means checking only on a specific argument / - if (name && name->len > 0 && r[i].br->custom_location) { + if (name && r[i].br->custom_location) { location = r[i].br->custom_locations->elts; / @@ -1401,18 +1440,23 @@ / for (z = 0; z < r[i].br->custom_locations->nelts; z++) { - if (location[z].specific_url) { - + if (location[z].specific_url) { / if matchzone is a regex, ensure it matches (ie. BODY_VAR_X / ARGS_VAR_X / ..) / - if (r[i].br->rx_mz && ngx_http_dummy_pcre_wrapper(location[z].target_rx, req->uri.data, req->uri.len) == -1) - uri_constraint_ok = 0; + if (r[i].br->rx_mz) { + + if (ngx_http_dummy_pcre_wrapper(location[z].target_rx, req->uri.data, req->uri.len) == -1) { + uri_constraint_ok = 0; + } + } / if it was a static string, ensure it matches (ie. BODY_VAR / ARGS_VAR / ..) / - if ( (!r[i].br->rx_mz) && strncasecmp((const char ) req->uri.data, - (const char ) location[z].target.data, - req->uri.len) ) - uri_constraint_ok = 0; - + if (!r[i].br->rx_mz) { + if (req->uri.len != location[z].target.len \|\| strncasecmp((const char ) req->uri.data, + (const char ) location[z].target.data, + req->uri.len) != 0) { + uri_constraint_ok = 0; + } + } break; } } @@ -1421,8 +1465,11 @@ * if one of the custom location rule specifies an $URL/$URL_X ** and it was mismatched, skip the rule. / - if (uri_constraint_ok == 0) + if (uri_constraint_ok == 0) { + NX_DEBUG(_debug_basestr_ruleset , NGX_LOG_DEBUG_HTTP, req->connection->log, 0, + "XX URI CONSTRAINT MISMATCH, SKIP"); continue; + } / for each custom location / for (z = 0; z < r[i].br->custom_locations->nelts; z++) { @@ -1433,7 +1480,7 @@ !(zone == HEADERS && location[z].headers_var != 0) && !(zone == ARGS && location[z].args_var != 0)) continue; - + / if matchzone is a regex, ensure it matches (ie. BODY_VAR_X / ARGS_VAR_X / ..) / if (r[i].br->rx_mz && ngx_http_dummy_pcre_wrapper(location[z].target_rx, name->data, name->len) == -1) continue; @@ -1445,7 +1492,6 @@ location[z].target.len)) ) continue; - NX_DEBUG(_debug_basestr_ruleset, NGX_LOG_DEBUG_HTTP, req->connection->log, 0, "XX-[SPECIFIC] check one rule [%d] iteration %d %d", r[i].rule_id, i, z); @@ -1490,20 +1536,25 @@ (zone == FILE_EXT && r[i].br->file_ext) ) { - NX_DEBUG(_debug_basestr_ruleset, NGX_LOG_DEBUG_HTTP, req->connection->log, 0, - "XX-test rulematch [zone-wide]!1 [%V]=[%V] [rule =%d] (%d times)", name, value, r[i].rule_id, nb_match); - + /* + If the Rule specifically** targets name (ie. mz:BODY\|NAME), only check against name + / + if (!r[i].br->target_name) { + NX_DEBUG(_debug_basestr_ruleset, NGX_LOG_DEBUG_HTTP, req->connection->log, 0, + "XX-test rulematch (value) [zone-wide]!1 [%V]=[%V] [rule =%d] (%d times)", name, value, r[i].rule_id, nb_match); + - / check the rule against the value/ - ret = ngx_http_process_basic_rule_buffer(value, &(r[i]), &nb_match); - /if our rule matched, apply effects (score etc.)/ - if (ret == 1) { - NX_DEBUG(_debug_basestr_ruleset, NGX_LOG_DEBUG_HTTP, req->connection->log, 0, - "XX-apply rulematch!1 [%V]=[%V] [rule=%d] (%d times)", name, value, r[i].rule_id, nb_match); - - ngx_http_apply_rulematch_v_n(&(r[i]), ctx, req, name, value, zone, nb_match, 0); + / check the rule against the value/ + ret = ngx_http_process_basic_rule_buffer(value, &(r[i]), &nb_match); + /if our rule matched, apply effects (score etc.)/ + if (ret == 1) { + NX_DEBUG(_debug_basestr_ruleset, NGX_LOG_DEBUG_HTTP, req->connection->log, 0, + "XX-apply rulematch (value) [%V]=[%V] [rule=%d] (%d times)", name, value, r[i].rule_id, nb_match); + + ngx_http_apply_rulematch_v_n(&(r[i]), ctx, req, name, value, zone, nb_match, 0); + } } - + if (!r[i].br->negative) { NX_DEBUG(_debug_basestr_ruleset, NGX_LOG_DEBUG_HTTP, req->connection->log, 0, "XX-test rulematch [against-name]!1 [%V]=[%V] [rule=%d] (%d times)", name, value, r[i].rule_id, nb_match); @@ -2000,8 +2051,8 @@ NX_DEBUG(_debug_post_heavy, NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "XX-POST DATA [%V]", &tmp); - - if(ngx_http_spliturl_ruleset(r->pool, (char )tmp.data, + + if(ngx_http_spliturl_ruleset(r->pool, &tmp, cf->body_rules, main_cf->body_rules, r, ctx, BODY)) { ngx_http_apply_rulematch_v_n(&nx_int__uncommon_url, ctx, r, NULL, NULL, BODY, 1, 0); @@ -2018,6 +2069,11 @@ (u_char ) "application/json", 16)) { ngx_http_dummy_json_parse(ctx, r, full_body, full_body_len); } + / 22 = echo -n "application/csp-report" \| wc -c / + else if (!ngx_strncasecmp(r->headers_in.content_type->value.data, + (u_char ) "application/csp-report", 22)) { + ngx_http_dummy_json_parse(ctx, r, full_body, full_body_len); + } else { ngx_log_debug(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "[POST] Unknown content-type"); @@ -2057,7 +2113,9 @@ if ( (ctx->block && !ctx->learning) \|\| ctx->drop ) return ; if (!main_cf->generic_rules && !cf->generic_rules) { - dummy_error_fatal(ctx, r, "no generic rules ?!"); + tmp.data = NULL; + tmp.len = 0; + ngx_http_apply_rulematch_v_n(&nx_int__no_rules, ctx, r, &tmp, &tmp, URL, 1, 0); return ; } tmp.len = r->uri.len; @@ -2067,6 +2125,12 @@ return ; } memcpy(tmp.data, r->uri.data, r->uri.len); + if (naxsi_escape_nullbytes(&tmp) > 0) { + ngx_str_t tmp_name, tmp_val; + tmp_name.data = tmp_val.data = NULL; + tmp_name.len = tmp_val.len = 0; + ngx_http_apply_rulematch_v_n(&nx_int__uncommon_hex_encoding, ctx, r, &tmp_name, &tmp_val, URL, 1, 0); + } name.data = NULL; name.len = 0; if (cf->generic_rules) @@ -2098,7 +2162,8 @@ return ; } memcpy(tmp.data, r->args.data, r->args.len); - if(ngx_http_spliturl_ruleset(r->pool, (char )tmp.data, + + if(ngx_http_spliturl_ruleset(r->pool, &tmp, cf->get_rules, main_cf->get_rules, r, ctx, ARGS)) { dummy_error_fatal(ctx, r, @@ -2116,6 +2181,7 @@ ngx_list_part_t part; ngx_table_elt_t *h; unsigned int i; + ngx_str_t lowcase_header; if (!cf->header_rules && !main_cf->header_rules) return ; @@ -2133,11 +2199,19 @@ h = part->elts; i = 0; } + lowcase_header.data = h[i].lowcase_key; + lowcase_header.len = h[i].key.len; + if (naxsi_escape_nullbytes(&lowcase_header) > 0) { + ngx_http_apply_rulematch_v_n(&nx_int__uncommon_hex_encoding, ctx, r, &h[i].key, &h[i].value, HEADERS, 1, 1); + } + if (naxsi_escape_nullbytes(&h[i].value) > 0) { + ngx_http_apply_rulematch_v_n(&nx_int__uncommon_hex_encoding, ctx, r, &h[i].key, &h[i].value, HEADERS, 1, 0); + } if (cf->header_rules) - ngx_http_basestr_ruleset_n(r->pool, &(h[i].key), &(h[i].value), + ngx_http_basestr_ruleset_n(r->pool, &lowcase_header, &(h[i].value), cf->header_rules, r, ctx, HEADERS); if (main_cf->header_rules) - ngx_http_basestr_ruleset_n(r->pool, &(h[i].key), &(h[i].value), + ngx_http_basestr_ruleset_n(r->pool, &lowcase_header, &(h[i].value), main_cf->header_rules, r, ctx, HEADERS); } return ;
[-] [+]	Changed	naxsi-0.56.tar.gz/naxsi_src/naxsi_utils.c ^
@@ -85,6 +85,20 @@ return (NULL); } +u_int naxsi_escape_nullbytes(ngx_str_t str) { + + size_t i = 0; + u_int nullbytes = 0; + + for (i = 0; i < str->len; i++) { + if (str->data[i] == 0) { + str->data[i] = '0'; + nullbytes++; + } + } + return nullbytes; +} + / unescape routine, returns number of nullbytes present / int naxsi_unescape(ngx_str_t str) { u_char dst, src; @@ -756,32 +770,32 @@ //encode uri tmp_uri.len = req->uri.len + (2 * ngx_escape_uri(NULL, req->uri.data, req->uri.len, - NGX_ESCAPE_ARGS)); + NGX_ESCAPE_URI_COMPONENT)); tmp_uri.data = ngx_pcalloc(req->pool, tmp_uri.len+1); if (tmp_uri.data == NULL) return ; - ngx_escape_uri(tmp_uri.data, req->uri.data, req->uri.len, NGX_ESCAPE_ARGS); + ngx_escape_uri(tmp_uri.data, req->uri.data, req->uri.len, NGX_ESCAPE_URI_COMPONENT); //encode val if (val->len <= 0) tmp_val = empty; else { tmp_val.len = val->len + (2 * ngx_escape_uri(NULL, val->data, val->len, - NGX_ESCAPE_ARGS)); + NGX_ESCAPE_URI_COMPONENT)); tmp_val.data = ngx_pcalloc(req->pool, tmp_val.len+1); if (tmp_val.data == NULL) return ; - ngx_escape_uri(tmp_val.data, val->data, val->len, NGX_ESCAPE_ARGS); + ngx_escape_uri(tmp_val.data, val->data, val->len, NGX_ESCAPE_URI_COMPONENT); } //encode name if (name->len <= 0) tmp_name = empty; else { tmp_name.len = name->len + (2 * ngx_escape_uri(NULL, name->data, name->len, - NGX_ESCAPE_ARGS)); + NGX_ESCAPE_URI_COMPONENT)); tmp_name.data = ngx_pcalloc(req->pool, tmp_name.len+1); if (tmp_name.data == NULL) return ; - ngx_escape_uri(tmp_name.data, name->data, name->len, NGX_ESCAPE_ARGS); + ngx_escape_uri(tmp_name.data, name->data, name->len, NGX_ESCAPE_URI_COMPONENT); } ngx_log_error(NGX_LOG_ERR, req->connection->log, 0,
[-] [+]	Changed	naxsi-0.56.tar.gz/nxapi/README.md ^
@@ -311,18 +311,20 @@ } Here is how nxtool will use this to generate whitelists: - 1. extract global_filters from nxapi.json, and create the base ES filter : - { "whitelisted" : "false" } - 2. merge base ES filter with provided cmd line filter (--filter, -s www.x1.fr) - { "whitelisted" : "false", "server" : "www.x1.fr" } - 3. For each static field of the template, merge it in base ES filter : - { "whitelisted" : "false", "server" : "www.x1.fr", "zone" : "HEADERS", "var_name" : "cookie" } - 4. For each field to be expanded (value is `?`) : - 4.1. select all possible values for this field (id) matching base ES filter, (ie. 1000 and 1001 here) - 4.2. attempt to generate a whitelist for each possible value, and evaluate its scores. - { "whitelisted" : "false", "server" : "www.x1.fr", "zone" : "HEADERS", "var_name" : "cookie", "id" : "1000"} - { "whitelisted" : "false", "server" : "www.x1.fr", "zone" : "HEADERS", "var_name" : "cookie", "id" : "1001"} - 5. For each final set that provided results, output a whitelist. + +1. extract global_filters from nxapi.json, and create the base ES filter: `{ "whitelisted" : "false" }` +2. merge base ES filter with provided cmd line filter (`--filter`, `-s www.x1.fr`): `{ "whitelisted" : "false", "server" : "www.x1.fr" }` +3. For each static field of the template, merge it in base ES filter: `{ "whitelisted" : "false", "server" : "www.x1.fr", "zone" : "HEADERS", "var_name" : "cookie" }` +4. For each field to be expanded (value is `?`) : + + 4.1. select all possible values for this field (id) matching base ES filter, (ie. 1000 and 1001 here) + + 4.2. attempt to generate a whitelist for each possible value, and evaluate its scores: + + { "whitelisted" : "false", "server" : "www.x1.fr", "zone" : "HEADERS", "var_name" : "cookie", "id" : "1000"} + { "whitelisted" : "false", "server" : "www.x1.fr", "zone" : "HEADERS", "var_name" : "cookie", "id" : "1001"} + +5. For each final set that provided results, output a whitelist. Templates support :
[-] [+]	Changed	naxsi-0.56.tar.gz/nxapi/nxapi.json ^
@@ -3,6 +3,8 @@ "host" : "127.0.0.1:9200", "use_ssl" : false, "index" : "nxapi", + "number_of_shards" : "4", + "number_of_replicas" : "0", "doctype" : "events", "default_ttl" : "7200", "max_size" : "1000",
[-] [+]	Changed	naxsi-0.56.tar.gz/nxapi/nxapi/nxparse.py ^
@@ -67,6 +67,7 @@ print "Unable to get syslog host and port" sys.exit(1) s = socket.socket(socket.AF_INET,socket.SOCK_STREAM) + s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) try: s.bind((host,port)) s.listen(10) @@ -406,6 +407,12 @@ try: self.es.indices.create( index=self.cfg["elastic"]["index"], + body = { + "settings" : { + "number_of_shards": self.cfg["elastic"]["number_of_shards"], + "number_of_replicas": self.cfg["elastic"]["number_of_replicas"] + } + }, ignore=400 # Ignore 400 cause by IndexAlreadyExistsException when creating an index ) except Exception as idxadd_error: @@ -439,7 +446,12 @@ index=self.cfg["elastic"]["index"], doc_type=self.cfg["elastic"]["doctype"], # id=repo_name, - body={}, + body = { + "settings" : { + "number_of_shards": self.cfg["elastic"]["number_of_shards"], + "number_of_replicas": self.cfg["elastic"]["number_of_replicas"] + } + }, ignore=409 # 409 - conflict - would be returned if the document is already there ) except Exception as idxadd_error:
[-] [+]	Changed	naxsi-0.56.tar.gz/nxapi/nxtool.py ^
@@ -275,7 +275,12 @@ # statistics if options.stats is True: print translate.red.format("# Whitelist(ing) ratio :") - translate.fetch_top(cfg.cfg["global_filters"], "whitelisted", limit=2) + for e in translate.fetch_top(cfg.cfg["global_filters"], "whitelisted", limit=2): + try: + list_e = e.split() + print '# {0} {1} {2}{3}'.format(translate.grn.format(list_e[0]), list_e[1], list_e[2], list_e[3]) + except: + print "--malformed--" print translate.red.format("# Top servers :") for e in translate.fetch_top(cfg.cfg["global_filters"], "server", limit=10): try:
[-] [+]	Changed	naxsi-0.56.tar.gz/t/01naxsi_whitelists.t ^
@@ -272,7 +272,7 @@ return 412; } --- more_headers -Cookie: foobar +cookie: foobar --- request GET /another-page --- error_code: 200 @@ -361,7 +361,7 @@ return 412; } --- more_headers -COOKIE: foobar +cookie: foobar --- request GET /another-page --- error_code: 200 @@ -1192,3 +1192,81 @@ --- request GET /?a123a=lol --- error_code: 200 +=== WL TEST 20.0 : wl:0 in cookies (#405) +--- main_config +load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; +--- http_config +include /tmp/naxsi_ut/naxsi_core.rules; +MainRule id:4242 "str:123" "mz:$HEADERS_VAR:cookie" s:BLOCK; +--- config +location / { + SecRulesEnabled; + DeniedUrl "/RequestDenied"; + CheckRule "$SQL >= 8" BLOCK; + CheckRule "$RFI >= 8" BLOCK; + CheckRule "$TRAVERSAL >= 4" BLOCK; + CheckRule "$XSS >= 8" BLOCK; + root $TEST_NGINX_SERVROOT/html/; + index index.html index.htm; +} +location /RequestDenied { + return 412; +} +--- more_headers +Cookie: 123 +--- request +GET / +--- error_code: 412 +=== WL TEST 20.1 : wl:0 in cookies (#405) +--- main_config +load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; +--- http_config +include /tmp/naxsi_ut/naxsi_core.rules; +MainRule id:4242 "str:123" "mz:$HEADERS_VAR:cookie" s:BLOCK; +--- config +location / { + SecRulesEnabled; + DeniedUrl "/RequestDenied"; + CheckRule "$SQL >= 8" BLOCK; + CheckRule "$RFI >= 8" BLOCK; + CheckRule "$TRAVERSAL >= 4" BLOCK; + CheckRule "$XSS >= 8" BLOCK; + root $TEST_NGINX_SERVROOT/html/; + index index.html index.htm; +} +location /RequestDenied { + return 412; +} +--- more_headers +Cookie: 124 +--- request +GET / +--- error_code: 200 +=== WL TEST 20.0 : wl:0 in cookies (#405) +--- main_config +load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; +--- http_config +include /tmp/naxsi_ut/naxsi_core.rules; +MainRule id:4242 "str:123" "mz:$HEADERS_VAR:cookie" s:BLOCK; +--- config +location / { + SecRulesEnabled; + DeniedUrl "/RequestDenied"; + CheckRule "$SQL >= 8" BLOCK; + CheckRule "$RFI >= 8" BLOCK; + CheckRule "$TRAVERSAL >= 4" BLOCK; + CheckRule "$XSS >= 8" BLOCK; + BasicRule wl:0 "mz:$HEADERS_VAR:cookie"; + root $TEST_NGINX_SERVROOT/html/; + index index.html index.htm; +} +location /RequestDenied { + return 412; +} +--- more_headers +Cookie: 123 +--- request +GET / +--- error_code: 200 + +
[-] [+]	Changed	naxsi-0.56.tar.gz/t/02naxsi_bypass.t ^
@@ -317,3 +317,30 @@ --- request GET /?val& --- error_code: 412 +=== TEST 5.1: DENY : XSS bypass vector true nullbyte +--- main_config +load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; +--- http_config +include /tmp/naxsi_ut/naxsi_core.rules; +--- config +location / { + #LearningMode; + SecRulesEnabled; + DeniedUrl "/RequestDenied"; +CheckRule "$SQL >= 8" BLOCK; +CheckRule "$RFI >= 2" BLOCK; +CheckRule "$TRAVERSAL >= 4" BLOCK; +CheckRule "$XSS >= 8" BLOCK; + root $TEST_NGINX_SERVROOT/html/; + index index.html index.htm; +} +location /RequestDenied { + return 412; +} +--- more_headers +Content-Type: application/x-www-form-urlencoded +--- request eval +use URI::Escape; +"POST /foobar +a=a<><><>" +--- error_code: 412
[-] [+]	Changed	naxsi-0.56.tar.gz/t/11naxsi_newstyle_config.t ^
@@ -75,7 +75,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -134,7 +134,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -193,7 +193,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -252,7 +252,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -311,7 +311,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -370,7 +370,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -429,7 +429,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -493,7 +493,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -557,7 +557,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -621,7 +621,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -681,7 +681,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -741,7 +741,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -808,7 +808,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -877,7 +877,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -946,7 +946,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -1015,7 +1015,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -1078,7 +1078,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -1146,7 +1146,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -1211,7 +1211,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -1276,7 +1276,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -1343,7 +1343,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -1411,7 +1411,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -1478,7 +1478,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -1547,7 +1547,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -1615,7 +1615,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -1682,7 +1682,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -1749,7 +1749,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -1816,7 +1816,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -1880,7 +1880,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -1947,7 +1947,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -2011,7 +2011,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -2075,7 +2075,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -2139,7 +2139,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -2203,7 +2203,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -2267,7 +2267,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -2331,7 +2331,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
[-] [+]	Changed	naxsi-0.56.tar.gz/t/14json.t ^
@@ -740,3 +740,35 @@ \"fu\" : { \"aa\" : \"bb\" }" --- error_code: 412 + +=== JSON14 : bug_418 +--- main_config +load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; +--- http_config +include /tmp/naxsi_ut/naxsi_core.rules; +--- config +set $naxsi_extensive_log 1; +location / { + SecRulesEnabled; + DeniedUrl "/RequestDenied"; + CheckRule "$SQL >= 8" BLOCK; + CheckRule "$RFI >= 8" BLOCK; + CheckRule "$TRAVERSAL >= 4" BLOCK; + CheckRule "$XSS >= 8" BLOCK; + root $TEST_NGINX_SERVROOT/html/; + index index.html index.htm; + error_page 405 = $uri; +} +location /RequestDenied { + return 412; +} +--- more_headers +Content-Type: application/json +--- request eval +use URI::Escape; +"POST / +{ + \"error\": + \"ERROR_REPORT:{\\\"request\\\":{\\\"bar\\\":\\\"\\\"},\\\"response\\\":{\\\"bar\\\":[{\\\"schema_id\\\":\\\"foo\\\"}]}}\" +}" +--- error_code: 412
[-] [+]	Changed	naxsi-0.56.tar.gz/t/28log.t ^
@@ -79,8 +79,8 @@ --- error_code: 404 --- error_log eval [qr@NAXSI_FMT: ip=127\.0\.0\.1&server=localhost&uri=/x,y&learning=1&vers=[^&]+&total_processed=1&total_blocked=1&block=1&cscore0=\$SQL&score0=8&zone0=URL&id0=1015&var_name0=&zone1=ARGS&id1=1015&var_name1=uuu@, -qr@NAXSI_EXLOG: ip=127\.0\.0\.1&server=localhost&uri=/x,y&id=1015&zone=URL&var_name=&content=/x,y,@, -qr@NAXSI_EXLOG: ip=127\.0\.0\.1&server=localhost&uri=/x,y&id=1015&zone=ARGS&var_name=uuu&content=b,c@ +qr@NAXSI_EXLOG: ip=127\.0\.0\.1&server=localhost&uri=%2Fx%2Cy&id=1015&zone=URL&var_name=&content=%2Fx%2Cy@, +qr@NAXSI_EXLOG: ip=127\.0\.0\.1&server=localhost&uri=%2Fx%2Cy&id=1015&zone=ARGS&var_name=uuu&content=b%2Cc@ ] === TEST 1.4 : learning + no-block score + naxsi_extensive_log, NAXSI_EXLOG only --- main_config @@ -104,7 +104,7 @@ GET /x,y?uuu=bc --- error_code: 404 --- error_log eval -qr@NAXSI_EXLOG: ip=127\.0\.0\.1&server=localhost&uri=/x,y&id=1015&zone=URL&var_name=&content=/x,y, client: 127\.0\.0\.1,@ +qr@NAXSI_EXLOG: ip=127\.0\.0\.1&server=localhost&uri=%2Fx%2Cy&id=1015&zone=URL&var_name=&content=%2Fx%2Cy, client: 127\.0\.0\.1,@ --- no_error_log NAXSI_FMT === TEST 1.6 : learning + block-score + naxsi_extensive_log, NAXSI_EXLOG only
[-] [+]	Changed	naxsi-0.56.tar.gz/t/29regression.t ^
@@ -209,3 +209,70 @@ "POST /wp-json/wp/v2/posts/111 id=1a&foo2=bar2" --- error_code: 412 +=== WL TEST 3.0: false-positive on virtual-patch with empty var name +--- main_config +load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; +--- http_config +include /tmp/naxsi_ut/naxsi_core.rules; +MainRule "rx:FOOBAR" "mz:$URL:/wp-includes/js/plupload/plupload.flash.swf\|ARGS" "msg:Wordpress PlUpload XSS" "s:$UWA:8,$XSS_UWA:1" id:42000485; +--- config +location / { + SecRulesEnabled; + CheckRule "$LOG_TEST >= 1" LOG; + CheckRule "$UWA >= 8" BLOCK; + DeniedUrl "/RequestDenied"; + CheckRule "$SQL >= 4" BLOCK; + root $TEST_NGINX_SERVROOT/html/; + index index.html index.htm; +} +location /RequestDenied { + return 412; +} +--- request +GET /?a=bui&FOOBAR +--- error_code: 200 +=== WL TEST 3.0: false-positive on virtual-patch with empty var name +--- main_config +load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; +--- http_config +include /tmp/naxsi_ut/naxsi_core.rules; +MainRule "rx:FOOBAR" "mz:$URL:/wp-includes/js/plupload/plupload.flash.swf\|ARGS" "msg:Wordpress PlUpload XSS" "s:$UWA:8,$XSS_UWA:1" id:42000485; +--- config +location / { + SecRulesEnabled; + CheckRule "$LOG_TEST >= 1" LOG; + CheckRule "$UWA >= 8" BLOCK; + DeniedUrl "/RequestDenied"; + CheckRule "$SQL >= 4" BLOCK; + root $TEST_NGINX_SERVROOT/html/; + index index.html index.htm; +} +location /RequestDenied { + return 412; +} +--- request +GET /wp-includes/js/plupload/plupload.flash.swf?a=bui&FOOBAR +--- error_code: 412 +=== WL TEST 3.01: false-positive on virtual-patch with empty var name +--- main_config +load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; +--- http_config +include /tmp/naxsi_ut/naxsi_core.rules; +MainRule "rx:FOOBAR" "mz:$URL:/wp-includes/js/plupload/plupload.flash.swf\|ARGS" "msg:Wordpress PlUpload XSS" "s:$UWA:8,$XSS_UWA:1" id:42000485; +--- config +location / { + SecRulesEnabled; + CheckRule "$LOG_TEST >= 1" LOG; + CheckRule "$UWA >= 8" BLOCK; + DeniedUrl "/RequestDenied"; + CheckRule "$SQL >= 4" BLOCK; + root $TEST_NGINX_SERVROOT/html/; + index index.html index.htm; +} +location /RequestDenied { + return 412; +} +--- request +GET /wp-includes/js/plupload/plupload.flash.swf/xxx/?a=bui&FOOBAR +--- error_code: 404 +
[-] [+]	Added	naxsi-0.56.tar.gz/t/30regr.t ^
@@ -0,0 +1,121 @@ +#vi:filetype=perl + + +# A AJOUTER : +# TEST CASE AVEC UNE REGLE SUR UN HEADER GENERIQUE +# La même sur des arguments :) + +use lib 'lib'; +use Test::Nginx::Socket; + +repeat_each(3); + +plan tests => repeat_each(1) * blocks(); +no_root_location(); +no_long_string(); +$ENV{TEST_NGINX_SERVROOT} = server_root(); +run_tests(); + + +__DATA__ +=== TEST 1: rule target body\|name +--- main_config +load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; +--- http_config +include /tmp/naxsi_ut/naxsi_core.rules; +--- config +location / { + SecRulesEnabled; + LearningMode; + BasicRule id:100054 "msg:Weird binary content" "rx:[^-0-9a-z_+.\[\]]" "mz:BODY\|NAME" "s:$TEST_LOG:8"; + DeniedUrl "/RequestDenied"; + CheckRule "$SQL >= 8" BLOCK; + CheckRule "$RFI >= 8" BLOCK; + CheckRule "$TRAVERSAL >= 4" BLOCK; + CheckRule "$XSS >= 8" BLOCK; + CheckRule "$TEST_LOG >= 8" DROP; + root $TEST_NGINX_SERVROOT/html/; + index index.html index.htm; + error_page 405 = $uri; +} +location /RequestDenied { + return 412; + # return 412; +} +--- more_headers +Content-Type: application/x-www-form-urlencoded +--- request eval +use URI::Escape; +"POST / +9p7jslna,ire(ul\)v`2q8u]h)bfuzpcgsa_3`s\twfw)gy)\%3Fc=]@&foo2=bar2" +--- error_code: 412 + +=== TEST 1: rule target body\|name +--- main_config +load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; +--- http_config +include /tmp/naxsi_ut/naxsi_core.rules; +--- config +location / { + SecRulesEnabled; + LearningMode; + BasicRule id:100054 "msg:Weird binary content" "rx:[^-0-9a-z_+.\[\]]" "mz:BODY\|NAME" "s:$TEST_LOG:8"; + DeniedUrl "/RequestDenied"; + CheckRule "$SQL >= 8" BLOCK; + CheckRule "$RFI >= 8" BLOCK; + CheckRule "$TRAVERSAL >= 4" BLOCK; + CheckRule "$XSS >= 8" BLOCK; + CheckRule "$TEST_LOG >= 8" DROP; + root $TEST_NGINX_SERVROOT/html/; + index index.html index.htm; + error_page 405 = $uri; +} +location /RequestDenied { + return 412; + # return 412; +} +--- more_headers +Content-Type: application/x-www-form-urlencoded +--- request eval +use URI::Escape; +"POST / +9p7jslna,ire(ul\)v`2q8u]h)bfuzpcgsa_3`s\twfw)gy)\%3Fc=ww&foo2=bar2" +--- error_code: 412 + + +=== TEST 1: rule target body\|name +--- main_config +load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; +--- http_config +include /tmp/naxsi_ut/naxsi_core.rules; +--- config +location / { + SecRulesEnabled; + LearningMode; + BasicRule id:100054 "msg:Weird binary content" "rx:[^-0-9a-z_+.\[\]]" "mz:BODY\|NAME" "s:$TEST_LOG:8"; + DeniedUrl "/RequestDenied"; + CheckRule "$SQL >= 8" BLOCK; + CheckRule "$RFI >= 8" BLOCK; + CheckRule "$TRAVERSAL >= 4" BLOCK; + CheckRule "$XSS >= 8" BLOCK; + CheckRule "$TEST_LOG >= 8" DROP; + root $TEST_NGINX_SERVROOT/html/; + index index.html index.htm; + error_page 405 = $uri; +} +location /RequestDenied { + return 412; + # return 412; +} +--- more_headers +Content-Type: application/x-www-form-urlencoded +--- request eval +use URI::Escape; +"POST / +ww=9p7jslna,ire(ul\)v`2q8u]h)bfuzpcgsa_3`s\twfw)gy)\%3Fc&foo2=bar2" +--- error_code: 200 + + + + +
[-] [+]	Added	naxsi-0.56.tar.gz/t/31norules.t ^
@@ -0,0 +1,73 @@ +#vi:filetype=perl + + +# A AJOUTER : +# TEST CASE AVEC UNE REGLE SUR UN HEADER GENERIQUE +# La même sur des arguments :) + +use lib 'lib'; +use Test::Nginx::Socket; + +repeat_each(3); + +plan tests => repeat_each(1) * blocks(); +no_root_location(); +no_long_string(); +$ENV{TEST_NGINX_SERVROOT} = server_root(); +run_tests(); + + +__DATA__ +=== TEST 1: Basic GET request with no rules, drop +--- main_config +load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; +--- config +location / { + SecRulesEnabled; + LearningMode; + DeniedUrl "/RequestDenied"; + CheckRule "$SQL >= 8" BLOCK; + CheckRule "$RFI >= 8" BLOCK; + CheckRule "$TRAVERSAL >= 4" BLOCK; + CheckRule "$XSS >= 8" BLOCK; + LibInjectionXss; + CheckRule "$LIBINJECTION_XSS >= 8" BLOCK; + LibInjectionSql; + CheckRule "$LIBINJECTION_SQL >= 8" BLOCK; + + root $TEST_NGINX_SERVROOT/html/; + index index.html index.htm; +} +location /RequestDenied { + return 412; +} +--- request +GET /?a=buibui +--- error_code: 412 +=== TEST 1.1: Basic GET request with no rules, whitelist the special rule. +--- main_config +load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; +--- config +location / { + SecRulesEnabled; + BasicRule wl:19; + LearningMode; + DeniedUrl "/RequestDenied"; + CheckRule "$SQL >= 8" BLOCK; + CheckRule "$RFI >= 8" BLOCK; + CheckRule "$TRAVERSAL >= 4" BLOCK; + CheckRule "$XSS >= 8" BLOCK; + LibInjectionXss; + CheckRule "$LIBINJECTION_XSS >= 8" BLOCK; + LibInjectionSql; + CheckRule "$LIBINJECTION_SQL >= 8" BLOCK; + + root $TEST_NGINX_SERVROOT/html/; + index index.html index.htm; +} +location /RequestDenied { + return 412; +} +--- request +GET /?a=buibui +--- error_code: 200
[-] [+]	Added	naxsi-0.56.tar.gz/t/confs ^
+(directory)
[-] [+]	Added	naxsi-0.56.tar.gz/t/confs/nginx.conf.example ^
@@ -0,0 +1,44 @@ +master_process off; +#worker_processes 1; +daemon off; + +load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; +events { + worker_connections 1024; + use select; +} +http { + include /tmp/naxsi_ut/naxsi_core.rules; + include mime.types; + default_type application/octet-stream; + sendfile on; + keepalive_timeout 65; + server { + listen 4242 ssl http2; + ssl_certificate /tmp/nginx.crt; + ssl_certificate_key /tmp/nginx.key; + server_name localhost; + set $naxsi_extensive_log 1; + location / { + LearningMode; + SecRulesEnabled; + DeniedUrl "/50x.html"; + CheckRule "$SQL >= 8" BLOCK; + CheckRule "$RFI >= 8" BLOCK; + CheckRule "$TRAVERSAL >= 4" BLOCK; + CheckRule "$EVADE >= 4" BLOCK; + CheckRule "$XSS >= 8" BLOCK; + return 200; +# error_log /tmp/ngx_error.log debug; +# access_log /tmp/ngx_access.log; +# root html; +# index index.html index.htm; + } + error_page 500 502 503 504 /50x.html; + location = /50x.html { + return 500; + # root html; + } + } +} +
[-] [+]	Added	naxsi-0.56.tar.gz/t/confs/nginx_fuzz.conf.example ^
@@ -0,0 +1,48 @@ +master_process off; +daemon off; + +#load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; +events { + worker_connections 1024; + use select; +} +http { +MainRule "rx:select\|union\|update\|delete\|insert\|table\|from\|ascii\|hex\|unhex\|drop" "msg:sql keywords" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1000; +MainRule "str:\"" "msg:double quote" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$SQL:8,$XSS:8" id:1001; +MainRule "str:0x" "msg:0x, possible hex encoding" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$SQL:2" id:1002; +## Hardcore rules +MainRule "str:/" "msg:mysql comment (/)" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1003; +MainRule "str:/" "msg:mysql comment (/)" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1004; +MainRule "str:\|" "msg:mysql keyword (\|)" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005; +MainRule "str:`" "msg:grave accent (`)" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; +MainRule "rx:%[23]." "msg:double encoding" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +MainRule "str:&#" "msg:utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; +MainRule "str:%U" "msg:M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; +MainRule "rx:\.ph\|\.asp\|\.ht" "msg:asp/php file upload" "mz:FILE_EXT" "s:$UPLOAD:8" id:1500; + +# include /tmp/naxsi_ut/naxsi_core.rules; +# include mime.types; + default_type application/octet-stream; + sendfile on; + keepalive_timeout 65; + server { + listen 4242; + server_name localhost; + location / { + LearningMode; + SecRulesEnabled; + DeniedUrl "/50x.html"; + CheckRule "$SQL >= 8" BLOCK; + CheckRule "$RFI >= 8" BLOCK; + CheckRule "$TRAVERSAL >= 4" BLOCK; + CheckRule "$EVADE >= 4" BLOCK; + CheckRule "$XSS >= 8" BLOCK; + return 200; + } + error_page 500 502 503 504 /50x.html; + location = /50x.html { + return 500; + } + } +} +
[-] [+]	Added	naxsi-0.56.tar.gz/t/confs/ngx_cycle.patch ^
@@ -0,0 +1,13 @@ +--- a/src/core/ngx_cycle.c.orig 2016-02-09 15:11:57.000000000 +0100 ++++ b/src/core/ngx_cycle.c 2016-12-12 18:05:53.832725017 +0100 +--- nginx/src/core/ngx_cycle.c 2016-02-09 15:11:57.000000000 +0100 ++++ ngx_cycle.c 2016-12-13 09:49:47.762221499 +0100 +@@ -602,6 +602,8 @@ + } + } + ++ __AFL_INIT(); ++ + if (ngx_open_listening_sockets(cycle) != NGX_OK) { + goto failed; + }
[-] [+]	Added	naxsi-0.56.tar.gz/t/confs/ngx_process_cycle.patch ^
@@ -0,0 +1,25 @@ +--- a/src/os/unix/ngx_process_cycle.c.orig 2016-02-09 15:11:58.000000000 +0100 ++++ a/src/os/unix/ngx_process_cycle.c 2016-12-12 15:05:21.000000000 +0100 +@@ -303,7 +303,11 @@ + } + } + ++ ++ int ran_once=0; ++ + for ( ;; ) { ++ + ngx_log_debug0(NGX_LOG_DEBUG_EVENT, cycle->log, 0, "worker cycle"); + + ngx_process_events_and_timers(cycle); +@@ -337,6 +341,11 @@ + ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0, "reopening logs"); + ngx_reopen_files(cycle, (ngx_uid_t) -1); + } ++ ++ ran_once += 1; ++ //printf("ran : %d\n", ran_once); ++ if (ran_once == 2) exit(0); ++ + } + }
[-] [+]	Added	naxsi-0.56.tar.gz/t/fuzz ^
+(directory)
[-] [+]	Added	naxsi-0.56.tar.gz/t/fuzz/big-json-post ^
@@ -0,0 +1,30 @@ +POST / HTTP/1.1 +Host: localhost +Connection: close +Content-Type: application/json +Content-Length: 542 + +{ + "glossary": { + "title": "example glossary", +"GlossDiv": { + "title": "S", +"GlossList": { + "GlossEntry": { + "ID": "SGML", +"SortAs": "SGML", +"GlossTerm": "Standard Generalized Markup Language", +"Acronym": "SGML", +"Abbrev": "ISO 8879:1986", +"GlossDef": { + "para": "A meta-markup language used to create markup languages such as DocBook.", +"GlossSeeAlso": ["GML", "XML"] + }, +"GlossSee": "markup" + } + } + } + } + +}} +
[-] [+]	Added	naxsi-0.56.tar.gz/t/fuzz/big-multipart-post ^
@@ -0,0 +1,22 @@ +POST / HTTP/1.1 +Host: localhost +Connection: close +Content-Type: multipart/form-data; boundary=---------------------------103832778631715 +Content-Length: 4449 + +-----------------------------103832778631715 +Content-Disposition: form-data; name="name" + +azzzo + + +-----------------------------103832778631715 +Content-Disposition: form-data; name="married" + +not single +-----------------------------103832778631715 +Content-Disposition: form-data; name="male" + +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +-----------------------------103832778631715-- +
[-] [+]	Added	naxsi-0.56.tar.gz/t/fuzz/med-get-bad-format ^
@@ -0,0 +1,4 @@ +GET /?a=1%23PTTmJopxdWJ%0AAND%23cWfcVRPV%0A9227=9227 HTTP/1.0 + + +
[-] [+]	Added	naxsi-0.56.tar.gz/t/fuzz/med-get-with-path ^
@@ -0,0 +1,6 @@ +GET /bla?/bla=1999&bu=1998 HTTP/1.1 +Host: localhost +Connection: close + + +
[-] [+]	Added	naxsi-0.56.tar.gz/t/fuzz/med-json-post ^
@@ -0,0 +1,14 @@ +POST /test_uri HTTP/1.1 +Host: localhost +Connection: close +Content-Type: application/json +Content-Length: 183 + +{ + "oh" : ["there", "is", "no", "way"], + "this" : { "will" : ["work", "does"], + "it" : "??" }, + "trigger" : {"test_1234" : ["foobar", "will", "trigger", "it"]}, + "foo" : "baar" +} +
[-] [+]	Added	naxsi-0.56.tar.gz/t/fuzz/med-multipart-file-post ^
@@ -0,0 +1,26 @@ +POST /foobar HTTP/1.1 +Host: 127.0.0.1 +Connection: Close +User-Agent: Mozilla/5.0 (iPad; U; CPU OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Version/4.0.4 Mobile/7B334b Safari/531.21.10 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 +Accept-Language: en-us,en;q=0.5 +Accept-Encoding: gzip, deflate +Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 +Referer: http://127.0.0.1/ +Content-Type: multipart/form-data; boundary=---------------------------1919886344942015258287623957 +Content-Length: 394 + +-----------------------------1919886344942015258287623957 +Content-Disposition: form-data; name="textline" + +valid text and small file +-----------------------------1919886344942015258287623957 +Content-Disposition: form-data; name="datafile"; filename="bla.txt"; name="bla.txt" +Content-Type: text/plain + +buibuibubi +buibuibuib + +-----------------------------1919886344942015258287623957-- + +
[-] [+]	Added	naxsi-0.56.tar.gz/t/fuzz/med-multipart-post ^
@@ -0,0 +1,21 @@ +POST / HTTP/1.1 +Host: localhost +Connection: close +Content-Type: multipart/form-data; boundary=---------------------------103832778631715 +Content-Length: 42 + +-----------------------------103832778631715 +Content-Disposition: form-data; name="name" + +MyName +-----------------------------103832778631715 +Content-Disposition: form-data; name="married" + +not single +-----------------------------103832778631715 +Content-Disposition: form-data; name="male" + +yes +-----------------------------103832778631715-- + +
	Added	naxsi-0.56.tar.gz/t/fuzz/med-post-non-ascii ^
[-] [+]	Added	naxsi-0.56.tar.gz/t/fuzz/mini-get-nohost ^
@@ -0,0 +1,4 @@ +GET /?a=1%20UnioN%20SeLEct%201 HTTP/1.0 + + +
[-] [+]	Added	naxsi-0.56.tar.gz/t/fuzz/mini-get-sig ^
@@ -0,0 +1,4 @@ +GET /?a=1+/!30000AND+2>1/-- HTTP/1.0 + + +
[-] [+]	Added	naxsi-0.56.tar.gz/t/fuzz/mini-json-post ^
@@ -0,0 +1,10 @@ +POST / HTTP/1.1 +Host: localhost +Connection: close +Content-Type: application/json +Content-Length: 18 + +{ + "lol" : "bar" +} +
[-] [+]	Added	naxsi-0.56.tar.gz/t/fuzz/mini-ko-get ^
@@ -0,0 +1,6 @@ +GET /?==yesone&&& HTTP/1.1 +Host: localhost +Connection: close + + +
[-] [+]	Added	naxsi-0.56.tar.gz/t/fuzz/mini-multipart-post ^
@@ -0,0 +1,26 @@ +POST /foobar HTTP/1.1 +Host: 127.0.0.1 +Connection: Close +User-Agent: Mozilla/5.0 (iPad; U; CPU OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Version/4.0.4 Mobile/7B334b Safari/531.21.10 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 +Accept-Language: en-us,en;q=0.5 +Accept-Encoding: gzip, deflate +Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 +Referer: http://127.0.0.1/ +Content-Type: multipart/form-data; boundary=---------------------------1919886344942015258287623957 +Content-Length: 378 + +-----------------------------1919886344942015258287623957 +Content-Disposition: form-data; name="textline" + +valid text and small file +-----------------------------1919886344942015258287623957 +Content-Disposition: form-data; name="datafile"; filename="bla.txt" +Content-Type: text/plain + +buibuibubi +buibuibuib + +-----------------------------1919886344942015258287623957-- + +
[-] [+]	Added	naxsi-0.56.tar.gz/t/fuzz/mini-ok-get ^
@@ -0,0 +1,6 @@ +GET /?a=<> HTTP/1.1 +Host: localhost +Connection: close + + +
	Added	naxsi-0.56.tar.gz/t/fuzz/mini-unknown-CT-post ^
[-] [+]	Added	naxsi-0.56.tar.gz/t/fuzz/mini-urlencded-post-2 ^
@@ -0,0 +1,8 @@ +POST / HTTP/1.1 +Host: localhost +Connection: close +Content-Type: application/x-www-form-urlencoded +Content-Length: 32 + +foo1='><script>alert(1)</script> +
[-] [+]	Added	naxsi-0.56.tar.gz/t/fuzz/mini-urlencoded-post ^
@@ -0,0 +1,8 @@ +POST / HTTP/1.1 +Host: localhost +Connection: close +Content-Type: application/x-www-form-urlencoded +Content-Length: 9 + +a1=trolol +
[-] [+]	Added	naxsi-0.56.tar.gz/t/fuzz/small-multipart-post ^
@@ -0,0 +1,20 @@ +POST / HTTP/1.1 +Host: localhost +Connection: close +Content-Type: multipart/form-data; boundary=---------------------------103832778631715 +Content-Length: 353 + +-----------------------------103832778631715 +Content-Disposition: form-data; name="name" + +MyName +-----------------------------103832778631715 +Content-Disposition: form-data; name="married" + +not single +-----------------------------103832778631715 +Content-Disposition: form-data; name="male" + +yes +-----------------------------103832778631715-- +
[-] [+]	Deleted	nginx-rtmp-module-1.1.15.tar.gz/.git ^
-(directory)
[-] [+]	Deleted	nginx-rtmp-module-1.1.15.tar.gz/.git/HEAD ^
@@ -1 +0,0 @@ -ref: refs/heads/master
[-] [+]	Deleted	nginx-rtmp-module-1.1.15.tar.gz/.git/config ^
@@ -1,12 +0,0 @@ -[core] - repositoryformatversion = 0 - filemode = true - bare = false - logallrefupdates = true - ignorecase = true -[remote "origin"] - fetch = +refs/heads/:refs/remotes/origin/ - url = https://github.com/arut/nginx-rtmp-module.git -[branch "master"] - remote = origin - merge = refs/heads/master
[-] [+]	Deleted	nginx-rtmp-module-1.1.15.tar.gz/.git/description ^
@@ -1 +0,0 @@ -Unnamed repository; edit this file 'description' to name the repository.
[-] [+]	Deleted	nginx-rtmp-module-1.1.15.tar.gz/.git/hooks ^
-(directory)
[-] [+]	Deleted	nginx-rtmp-module-1.1.15.tar.gz/.git/hooks/applypatch-msg.sample ^
@@ -1,15 +0,0 @@ -#!/bin/sh -# -# An example hook script to check the commit log message taken by -# applypatch from an e-mail message. -# -# The hook should exit with non-zero status after issuing an -# appropriate message if it wants to stop the commit. The hook is -# allowed to edit the commit message file. -# -# To enable this hook, rename this file to "applypatch-msg". - -. git-sh-setup -test -x "$GIT_DIR/hooks/commit-msg" && - exec "$GIT_DIR/hooks/commit-msg" ${1+"$@"} -:
[-] [+]	Deleted	nginx-rtmp-module-1.1.15.tar.gz/.git/hooks/commit-msg.sample ^
@@ -1,24 +0,0 @@ -#!/bin/sh -# -# An example hook script to check the commit log message. -# Called by "git commit" with one argument, the name of the file -# that has the commit message. The hook should exit with non-zero -# status after issuing an appropriate message if it wants to stop the -# commit. The hook is allowed to edit the commit message file. -# -# To enable this hook, rename this file to "commit-msg". - -# Uncomment the below to add a Signed-off-by line to the message. -# Doing this in a hook is a bad idea in general, but the prepare-commit-msg -# hook is more suited to it. -# -# SOB=$(git var GIT_AUTHOR_IDENT \| sed -n 's/^$.>$.$/Signed-off-by: \1/p') -# grep -qs "^$SOB" "$1" \|\| echo "$SOB" >> "$1" - -# This example catches duplicate Signed-off-by lines. - -test "" = "$(grep '^Signed-off-by: ' "$1" \| - sort \| uniq -c \| sed -e '/^[ ]*1[ ]/d')" \|\| { - echo >&2 Duplicate Signed-off-by lines. - exit 1 -}
[-] [+]	Deleted	nginx-rtmp-module-1.1.15.tar.gz/.git/hooks/post-update.sample ^
@@ -1,8 +0,0 @@ -#!/bin/sh -# -# An example hook script to prepare a packed repository for use over -# dumb transports. -# -# To enable this hook, rename this file to "post-update". - -exec git update-server-info
[-] [+]	Deleted	nginx-rtmp-module-1.1.15.tar.gz/.git/hooks/pre-applypatch.sample ^
@@ -1,14 +0,0 @@ -#!/bin/sh -# -# An example hook script to verify what is about to be committed -# by applypatch from an e-mail message. -# -# The hook should exit with non-zero status after issuing an -# appropriate message if it wants to stop the commit. -# -# To enable this hook, rename this file to "pre-applypatch". - -. git-sh-setup -test -x "$GIT_DIR/hooks/pre-commit" && - exec "$GIT_DIR/hooks/pre-commit" ${1+"$@"} -:
[-] [+]	Deleted	nginx-rtmp-module-1.1.15.tar.gz/.git/hooks/pre-commit.sample ^
@@ -1,50 +0,0 @@ -#!/bin/sh -# -# An example hook script to verify what is about to be committed. -# Called by "git commit" with no arguments. The hook should -# exit with non-zero status after issuing an appropriate message if -# it wants to stop the commit. -# -# To enable this hook, rename this file to "pre-commit". - -if git rev-parse --verify HEAD >/dev/null 2>&1 -then - against=HEAD -else - # Initial commit: diff against an empty tree object - against=4b825dc642cb6eb9a060e54bf8d69288fbee4904 -fi - -# If you want to allow non-ascii filenames set this variable to true. -allownonascii=$(git config hooks.allownonascii) - -# Redirect output to stderr. -exec 1>&2 - -# Cross platform projects tend to avoid non-ascii filenames; prevent -# them from being added to the repository. We exploit the fact that the -# printable range starts at the space character and ends with tilde. -if [ "$allownonascii" != "true" ] && - # Note that the use of brackets around a tr range is ok here, (it's - # even required, for portability to Solaris 10's /usr/bin/tr), since - # the square bracket bytes happen to fall in the designated range. - test $(git diff --cached --name-only --diff-filter=A -z $against \| - LC_ALL=C tr -d '[ -~]\0' \| wc -c) != 0 -then - echo "Error: Attempt to add a non-ascii file name." - echo - echo "This can cause problems if you want to work" - echo "with people on other platforms." - echo - echo "To be portable it is advisable to rename the file ..." - echo - echo "If you know what you are doing you can disable this" - echo "check using:" - echo - echo " git config hooks.allownonascii true" - echo - exit 1 -fi - -# If there are whitespace errors, print the offending file names and fail. -exec git diff-index --check --cached $against --
[-] [+]	Deleted	nginx-rtmp-module-1.1.15.tar.gz/.git/hooks/pre-rebase.sample ^
@@ -1,169 +0,0 @@ -#!/bin/sh -# -# Copyright (c) 2006, 2008 Junio C Hamano -# -# The "pre-rebase" hook is run just before "git rebase" starts doing -# its job, and can prevent the command from running by exiting with -# non-zero status. -# -# The hook is called with the following parameters: -# -# $1 -- the upstream the series was forked from. -# $2 -- the branch being rebased (or empty when rebasing the current branch). -# -# This sample shows how to prevent topic branches that are already -# merged to 'next' branch from getting rebased, because allowing it -# would result in rebasing already published history. - -publish=next -basebranch="$1" -if test "$#" = 2 -then - topic="refs/heads/$2" -else - topic=`git symbolic-ref HEAD` \|\| - exit 0 ;# we do not interrupt rebasing detached HEAD -fi - -case "$topic" in -refs/heads/??/) - ;; -) - exit 0 ;# we do not interrupt others. - ;; -esac - -# Now we are dealing with a topic branch being rebased -# on top of master. Is it OK to rebase it? - -# Does the topic really exist? -git show-ref -q "$topic" \|\| { - echo >&2 "No such branch $topic" - exit 1 -} - -# Is topic fully merged to master? -not_in_master=`git rev-list --pretty=oneline ^master "$topic"` -if test -z "$not_in_master" -then - echo >&2 "$topic is fully merged to master; better remove it." - exit 1 ;# we could allow it, but there is no point. -fi - -# Is topic ever merged to next? If so you should not be rebasing it. -only_next_1=`git rev-list ^master "^$topic" ${publish} \| sort` -only_next_2=`git rev-list ^master ${publish} \| sort` -if test "$only_next_1" = "$only_next_2" -then - not_in_topic=`git rev-list "^$topic" master` - if test -z "$not_in_topic" - then - echo >&2 "$topic is already up-to-date with master" - exit 1 ;# we could allow it, but there is no point. - else - exit 0 - fi -else - not_in_next=`git rev-list --pretty=oneline ^${publish} "$topic"` - /usr/bin/perl -e ' - my $topic = $ARGV[0]; - my $msg = "* $topic has commits already merged to public branch:\n"; - my (%not_in_next) = map { - /^([0-9a-f]+) /; - ($1 => 1); - } split(/\n/, $ARGV[1]); - for my $elem (map { - /^([0-9a-f]+) (.)$/; - [$1 => $2]; - } split(/\n/, $ARGV[2])) { - if (!exists $not_in_next{$elem->[0]}) { - if ($msg) { - print STDERR $msg; - undef $msg; - } - print STDERR " $elem->[1]\n"; - } - } - ' "$topic" "$not_in_next" "$not_in_master" - exit 1 -fi - -exit 0 - -################################################################ - -This sample hook safeguards topic branches that have been -published from being rewound. - -The workflow assumed here is: - - Once a topic branch forks from "master", "master" is never - merged into it again (either directly or indirectly). - - * Once a topic branch is fully cooked and merged into "master", - it is deleted. If you need to build on top of it to correct - earlier mistakes, a new topic branch is created by forking at - the tip of the "master". This is not strictly necessary, but - it makes it easier to keep your history simple. - - * Whenever you need to test or publish your changes to topic - branches, merge them into "next" branch. - -The script, being an example, hardcodes the publish branch name -to be "next", but it is trivial to make it configurable via -$GIT_DIR/config mechanism. - -With this workflow, you would want to know: - -(1) ... if a topic branch has ever been merged to "next". Young - topic branches can have stupid mistakes you would rather - clean up before publishing, and things that have not been - merged into other branches can be easily rebased without - affecting other people. But once it is published, you would - not want to rewind it. - -(2) ... if a topic branch has been fully merged to "master". - Then you can delete it. More importantly, you should not - build on top of it -- other people may already want to - change things related to the topic as patches against your - "master", so if you need further changes, it is better to - fork the topic (perhaps with the same name) afresh from the - tip of "master". - -Let's look at this example: - - o---o---o---o---o---o---o---o---o---o "next" - / / / / - / a---a---b A / / - / / / / - / / c---c---c---c B / - / / / \ / - / / / b---b C \ / - / / / / \ / - ---o---o---o---o---o---o---o---o---o---o---o "master" - - -A, B and C are topic branches. - - * A has one fix since it was merged up to "next". - - * B has finished. It has been fully merged up to "master" and "next", - and is ready to be deleted. - - * C has not merged to "next" at all. - -We would want to allow C to be rebased, refuse A, and encourage -B to be deleted. - -To compute (1): - - git rev-list ^master ^topic next - git rev-list ^master next - - if these match, topic has not merged in next at all. - -To compute (2): - - git rev-list master..topic - - if this is empty, it is fully merged to "master".
[-] [+]	Deleted	nginx-rtmp-module-1.1.15.tar.gz/.git/hooks/prepare-commit-msg.sample ^
@@ -1,36 +0,0 @@ -#!/bin/sh -# -# An example hook script to prepare the commit log message. -# Called by "git commit" with the name of the file that has the -# commit message, followed by the description of the commit -# message's source. The hook's purpose is to edit the commit -# message file. If the hook fails with a non-zero status, -# the commit is aborted. -# -# To enable this hook, rename this file to "prepare-commit-msg". - -# This hook includes three examples. The first comments out the -# "Conflicts:" part of a merge commit. -# -# The second includes the output of "git diff --name-status -r" -# into the message, just before the "git status" output. It is -# commented because it doesn't cope with --amend or with squashed -# commits. -# -# The third example adds a Signed-off-by line to the message, that can -# still be edited. This is rarely a good idea. - -case "$2,$3" in - merge,) - /usr/bin/perl -i.bak -ne 's/^/# /, s/^# #/#/ if /^Conflicts/ .. /#/; print' "$1" ;; - -# ,\|template,) -# /usr/bin/perl -i.bak -pe ' -# print "\n" . `git diff --cached --name-status -r` -# if /^#/ && $first++ == 0' "$1" ;; - - ) ;; -esac - -# SOB=$(git var GIT_AUTHOR_IDENT \| sed -n 's/^$.>$.*$/Signed-off-by: \1/p') -# grep -qs "^$SOB" "$1" \|\| echo "$SOB" >> "$1"
[-] [+]	Deleted	nginx-rtmp-module-1.1.15.tar.gz/.git/hooks/update.sample ^
@@ -1,128 +0,0 @@ -#!/bin/sh -# -# An example hook script to blocks unannotated tags from entering. -# Called by "git receive-pack" with arguments: refname sha1-old sha1-new -# -# To enable this hook, rename this file to "update". -# -# Config -# ------ -# hooks.allowunannotated -# This boolean sets whether unannotated tags will be allowed into the -# repository. By default they won't be. -# hooks.allowdeletetag -# This boolean sets whether deleting tags will be allowed in the -# repository. By default they won't be. -# hooks.allowmodifytag -# This boolean sets whether a tag may be modified after creation. By default -# it won't be. -# hooks.allowdeletebranch -# This boolean sets whether deleting branches will be allowed in the -# repository. By default they won't be. -# hooks.denycreatebranch -# This boolean sets whether remotely creating branches will be denied -# in the repository. By default this is allowed. -# - -# --- Command line -refname="$1" -oldrev="$2" -newrev="$3" - -# --- Safety check -if [ -z "$GIT_DIR" ]; then - echo "Don't run this script from the command line." >&2 - echo " (if you want, you could supply GIT_DIR then run" >&2 - echo " $0 <ref> <oldrev> <newrev>)" >&2 - exit 1 -fi - -if [ -z "$refname" -o -z "$oldrev" -o -z "$newrev" ]; then - echo "Usage: $0 <ref> <oldrev> <newrev>" >&2 - exit 1 -fi - -# --- Config -allowunannotated=$(git config --bool hooks.allowunannotated) -allowdeletebranch=$(git config --bool hooks.allowdeletebranch) -denycreatebranch=$(git config --bool hooks.denycreatebranch) -allowdeletetag=$(git config --bool hooks.allowdeletetag) -allowmodifytag=$(git config --bool hooks.allowmodifytag) - -# check for no description -projectdesc=$(sed -e '1q' "$GIT_DIR/description") -case "$projectdesc" in -"Unnamed repository"* \| "") - echo "*** Project description file hasn't been set" >&2 - exit 1 - ;; -esac - -# --- Check types -# if $newrev is 0000...0000, it's a commit to delete a ref. -zero="0000000000000000000000000000000000000000" -if [ "$newrev" = "$zero" ]; then - newrev_type=delete -else - newrev_type=$(git cat-file -t $newrev) -fi - -case "$refname","$newrev_type" in - refs/tags/,commit) - # un-annotated tag - short_refname=${refname##refs/tags/} - if [ "$allowunannotated" != "true" ]; then - echo " The un-annotated tag, $short_refname, is not allowed in this repository" >&2 - echo "* Use 'git tag [ -a \| -s ]' for tags you want to propagate." >&2 - exit 1 - fi - ;; - refs/tags/,delete) - # delete tag - if [ "$allowdeletetag" != "true" ]; then - echo "** Deleting a tag is not allowed in this repository" >&2 - exit 1 - fi - ;; - refs/tags/,tag) - # annotated tag - if [ "$allowmodifytag" != "true" ] && git rev-parse $refname > /dev/null 2>&1 - then - echo " Tag '$refname' already exists." >&2 - echo "* Modifying a tag is not allowed in this repository." >&2 - exit 1 - fi - ;; - refs/heads/,commit) - # branch - if [ "$oldrev" = "$zero" -a "$denycreatebranch" = "true" ]; then - echo "** Creating a branch is not allowed in this repository" >&2 - exit 1 - fi - ;; - refs/heads/,delete) - # delete branch - if [ "$allowdeletebranch" != "true" ]; then - echo "** Deleting a branch is not allowed in this repository" >&2 - exit 1 - fi - ;; - refs/remotes/,commit) - # tracking branch - ;; - refs/remotes/,delete) - # delete tracking branch - if [ "$allowdeletebranch" != "true" ]; then - echo "*** Deleting a tracking branch is not allowed in this repository" >&2 - exit 1 - fi - ;; - ) - # Anything else (is there anything else?) - echo "** Update hook: unknown type of update to ref $refname of type $newrev_type" >&2 - exit 1 - ;; -esac - -# --- Finished -exit 0
	Deleted	nginx-rtmp-module-1.1.15.tar.gz/.git/index ^
[-] [+]	Deleted	nginx-rtmp-module-1.1.15.tar.gz/.git/info ^
-(directory)
[-] [+]	Deleted	nginx-rtmp-module-1.1.15.tar.gz/.git/info/exclude ^
@@ -1,6 +0,0 @@ -# git ls-files --others --exclude-from=.git/info/exclude -# Lines that start with '#' are comments. -# For a project mostly in C, the following would be a good set of -# exclude patterns (uncomment them if you want to use them): -# .[oa] -# ~
[-] [+]	Deleted	nginx-rtmp-module-1.1.15.tar.gz/.git/logs ^
-(directory)
[-] [+]	Deleted	nginx-rtmp-module-1.1.15.tar.gz/.git/logs/HEAD ^
@@ -1 +0,0 @@ -0000000000000000000000000000000000000000 5150993accb5edefa61d71e1c81ad8c02f515428 U-arrakis\jg <jg@arrakis.(none)> 1481905161 +0100 clone: from https://github.com/arut/nginx-rtmp-module.git
[-] [+]	Deleted	nginx-rtmp-module-1.1.15.tar.gz/.git/logs/refs ^
-(directory)
[-] [+]	Deleted	nginx-rtmp-module-1.1.15.tar.gz/.git/logs/refs/heads ^
-(directory)
[-] [+]	Deleted	nginx-rtmp-module-1.1.15.tar.gz/.git/logs/refs/heads/master ^
@@ -1 +0,0 @@ -0000000000000000000000000000000000000000 5150993accb5edefa61d71e1c81ad8c02f515428 U-arrakis\jg <jg@arrakis.(none)> 1481905161 +0100 clone: from https://github.com/arut/nginx-rtmp-module.git
[-] [+]	Deleted	nginx-rtmp-module-1.1.15.tar.gz/.git/objects ^
-(directory)
[-] [+]	Deleted	nginx-rtmp-module-1.1.15.tar.gz/.git/objects/info ^
-(directory)
[-] [+]	Deleted	nginx-rtmp-module-1.1.15.tar.gz/.git/objects/pack ^
-(directory)
	Deleted	nginx-rtmp-module-1.1.15.tar.gz/.git/objects/pack/pack-3912c9200a41c4fbd876afb583ab7ecb4733401b.idx ^
	Deleted	nginx-rtmp-module-1.1.15.tar.gz/.git/objects/pack/pack-3912c9200a41c4fbd876afb583ab7ecb4733401b.pack ^
[-] [+]	Deleted	nginx-rtmp-module-1.1.15.tar.gz/.git/packed-refs ^
@@ -1,369 +0,0 @@ -# pack-refs with: peeled -406d3a9527e08ea148e7c10ffa4009e0e5070b11 refs/remotes/origin/access-log -e19ff641b06d3abd30b3bad5cfb491d158835713 refs/remotes/origin/aggregate -eee52d83c4bdafe712685be06822acb051d407a7 refs/remotes/origin/async-client-handshake -87686029aa2cfddfea765c626be7161981583482 refs/remotes/origin/atc -3d5f6df7311594b051fdd26d3ae120d4ae708bb4 refs/remotes/origin/atc-only -3c2e29f215fb09e5b4cb29040d1e5e092ce73849 refs/remotes/origin/auto-push -f39d3f66a3ea6bb15b50737b90004b12056a3ad1 refs/remotes/origin/avc-parser -205664d8c5e040a61b36ae0b74ddf17bc16d2150 refs/remotes/origin/big-endian -10bcbf0e8daf38e3f3569ba84050f85fd46dd2d0 refs/remotes/origin/big-hls-buffer -fad4f4717b47ab368d80ff480f2889631edc6521 refs/remotes/origin/big-nal-buffer -f6ccfb6fa1d05d3babc1bb20ca7003802f85f2f0 refs/remotes/origin/chunksizefix -d9579d627d727d8ad5edd2a0054f66324bebd459 refs/remotes/origin/close-stream -aeae84bf8babcd7130f71b5941834eeb4fafa61a refs/remotes/origin/cmd-handler-init -ebc47f03a43758c4f44ae90c193f4111f9ab1e16 refs/remotes/origin/codec -cb4623aa4f7e6c2d1cb4c9c9f55ea6107f3a3985 refs/remotes/origin/const-fix -0b757e8a49480a88f5e051f6590f25e6c4de3288 refs/remotes/origin/control -ef424df677eb545ba5277649ee99fbea7e38bb55 refs/remotes/origin/control-director -5e5dd797c2307b40a11409df806f07a427b3cd57 refs/remotes/origin/control-redirect -b07e0e2dee3a2019dc2be34591b1c4e27730b2a0 refs/remotes/origin/dash -e8081fd94f1d7ae4483f0a5ca002af8a79d447eb refs/remotes/origin/dash-discont -fe4877f2168e7e62d6a45cb26708d662f0416961 refs/remotes/origin/dash-timeline -39717828d67359329797d0ab5f297162b5d5e248 refs/remotes/origin/default-buflen -90f985fa2f015e8bdfe92a9b57a5d04b779d7be1 refs/remotes/origin/defclose -63d19ada51b6a1932e1cd73d9895a08cb1ae7827 refs/remotes/origin/drop-old-publisher -6c79085d5c4203d11d9aa53d456ef7195de8cdc4 refs/remotes/origin/drop-restart -fe8bf2d6974834ab346b82533151bc953fdfaa7b refs/remotes/origin/drop-restart-mstat -52c2ef3f91569c3b1c10a40fd1bf56bb4dc1d9de refs/remotes/origin/enotify -57a96ac2bc1812188aa81237ad582ca115f4391f refs/remotes/origin/envivo-fix -87686029aa2cfddfea765c626be7161981583482 refs/remotes/origin/exec-fix -67aa7d5d0da67a43683e8b05467afbdff5622532 refs/remotes/origin/exec-init -f79aa206ec572c225c8bd32b5c2b1d7cc5ede692 refs/remotes/origin/exec-logging -b62651efbdcaa77f7836ef5c52ddccfdf9ca473f refs/remotes/origin/exec-pull -a6913ea68ad017eff14d098f4086c5dafae12af6 refs/remotes/origin/exec-pull-ext -8c39b37131d150f152aa21a03f076501f39bf4a1 refs/remotes/origin/exec-static -5e55f62b88f439dc1fbe311060bef53dfcfbc42e refs/remotes/origin/fast-start -0210f7ca83f8fd65261c4b9040743edf30a258fc refs/remotes/origin/flv-append-fix -fac68de376a2e20aed5627681ffc90d6374bf295 refs/remotes/origin/flv-header-mask -b31539ce95d2f84ce8be22b9d11cb4abcd3cb90a refs/remotes/origin/fmle-reset-byte-counter -990222d643b30a3c9e0db31209416ae9b47e16d3 refs/remotes/origin/fmle-time-fix -cbccd06babfc66ab920e7e2331d125516715f709 refs/remotes/origin/freebsd-auto-push -6f2808c7d11564e2269e9f64b9671f8c080c893d refs/remotes/origin/get-notify -12a0d39bed54bfb3c30272d8d1328d74378853ce refs/remotes/origin/gh-pages -76211a4bd254e5145d38c0275ad790dc9fac8fd4 refs/remotes/origin/good-logger -ec282438514e88f7267653728b42c77e3df23bc3 refs/remotes/origin/handshakefix -d34c6393f6ff22ef6cff6cb2c4ef7c1fe6cd35fa refs/remotes/origin/hls-async-delete -49a3ee0dc6d5b85fe1164995c8d94424a0971838 refs/remotes/origin/hls-base-url -4906e816bec876e3e81b129622de3f5e430dcc32 refs/remotes/origin/hls-continuous -764a039c5856bb8bfb251ff15f4c95cf1c82e54b refs/remotes/origin/hls-debug -a43bafe3de4641268d04f9105f6ef409abb8ede2 refs/remotes/origin/hls-discont-fix -8acacd0d7906820039bc5e1e22a4ba332caada3e refs/remotes/origin/hls-encrypt -7500b4bd90fc942468f94dd3a12dbcdf9c3199a6 refs/remotes/origin/hls-encrypt-auto -78dcfbcc359f8275a55b7a14d6228e9928c75816 refs/remotes/origin/hls-ensure-directory -737ea5ce34c8270479811acfacba02112e202625 refs/remotes/origin/hls-event -546c42efeb910fb6b7b592293f5737324ddd606a refs/remotes/origin/hls-granularity -2ed36a2611c1674d495f754ef3066c4a8bf98aa3 refs/remotes/origin/hls-nocache -21174b2ee743c9ea1a0bccb46436c56c871febd3 refs/remotes/origin/hls-nocrackle -6298aa7e1d95df8b806a262196a6589159284c74 refs/remotes/origin/hls-offset-fix -059dba448ddeed901d06f825ed84e5e85c0f64cc refs/remotes/origin/hls-read-playlist -0aaf2a625903ba6d4d9e1e761a0e866215149994 refs/remotes/origin/hls-restart -2bb16425da9b593f5f9568f7c91bf06a5a1012f1 refs/remotes/origin/hls-restart-on-audio -3d54d69e252bb537dc8fb03cc96ada084bd5da8d refs/remotes/origin/hls-trailer -4ff1bd09fcbd8a77618bd528fd8d32fb72bd2661 refs/remotes/origin/hls-ts-discont -2f1091679b60b8741e59f257ac2c59905cec8206 refs/remotes/origin/hls-variant -dc698edf242a1ba6d806571e2b32e50fb4d6fcae refs/remotes/origin/hlslight -7b88858b44371ae03d29052fe6d398750fba851e refs/remotes/origin/http -050a4e7586552003baff9dd920d28d51eaf8ab22 refs/remotes/origin/idle-streams -3fc1598db94b234b2ec5f368c34c5d3e877040a0 refs/remotes/origin/init_queue -d9d749af5b156ea2b4623f7e8d0efa5139885924 refs/remotes/origin/interleave -5150993accb5edefa61d71e1c81ad8c02f515428 refs/remotes/origin/master -67443c28b4aff60023ce143475c2d287c264f2f7 refs/remotes/origin/meta-copy -266e206afcda93cf2880e660fb796eb99fb6df6c refs/remotes/origin/mixed-codecs -58491f8feddbe801557704dd1d1ac9d0950cdf3f refs/remotes/origin/mp4 -af5703b35756667eb008bdffb22626616bbae020 refs/remotes/origin/mp4-choose-track -3f9451fdfd2707e91536bb3b942cd0a8202ebc31 refs/remotes/origin/mpeg-dash -05a23dbc8b8a23bcb49ea71978239ab1e2e79d5d refs/remotes/origin/mstat -cbe760aa8ad43d3908b7c9408d7f3946747981b1 refs/remotes/origin/msvc-fix1 -4ec43349ad5e16a9216844430695a3479ff6d558 refs/remotes/origin/multi-pull -004accda9aef265eb1b4df39846156e6892d6a30 refs/remotes/origin/multi-record -41515325899813d996e092ce4219204cec56ae3a refs/remotes/origin/multiplay -4ec43349ad5e16a9216844430695a3479ff6d558 refs/remotes/origin/multipull -1894d333aa9fd76e857532efe6c64d343df137e7 refs/remotes/origin/native-hls -e22ca286044d343745a4a28b15c6298f80a9fb61 refs/remotes/origin/native-hls-rr -b5461f61c6833aee803b5134f2285aa652978e09 refs/remotes/origin/new-live -903abb6646153c9eca2697727231d46804a0c1b7 refs/remotes/origin/new-live2 -02dd440a25097e8528d9cdfa85132b6920649547 refs/remotes/origin/new-live3 -22de95e634b92e23eae85134c05e54c98404e34f refs/remotes/origin/new-relay -7b5c5e99327c19600ab2bab89960ba217be52949 refs/remotes/origin/new-stat -591d7f5f3f0a2381f466f578a768ff19344cfbb0 refs/remotes/origin/newhandshake -cbaff8f1df7c7eabc9474909104f8f4f05324930 refs/remotes/origin/notify-addr -7f7fcc8d5c0e8468db2b37de9a4ef3ec392c52a7 refs/remotes/origin/notify-redirect -8d28f7f1de08a81ce356f55c6e29141369bf7aec refs/remotes/origin/notify-redirect-md5 -58bd6029463c79347d45be4488a3786abe5cebb8 refs/remotes/origin/notify-relay -f89bbae2354ea09cb5d8b04d24ba4df8415e7f09 refs/remotes/origin/on-connect -62e03d710cd02043156ac86da3b07e5186c78e11 refs/remotes/origin/on-update -15405e8edde4db9e3c6b56c3a17edbf7dcd974f0 refs/remotes/origin/optsend -9788b1a5309d40809df6832e81593392f3b381a2 refs/remotes/origin/out-metadata -2fdec454604b76b40d322b83106ec1a35b98dfce refs/remotes/origin/out-queue-settings -0478c4445f26f55d33e360a91a7ab4cd57f44f3b refs/remotes/origin/pause -940ff260099958edf27eb11fe0b959e881fd5dfa refs/remotes/origin/peer-timestamp -067c73710d15f046945ada24d5ca25d50b2751c7 refs/remotes/origin/play-publish-done -5d3189ad97c87bbdac9fb455f7505d0d4d5eb058 refs/remotes/origin/play-seek -8a8f28f3b67d0177f79e754c478e845bac70eb58 refs/remotes/origin/play2 -521f8998b0cf1e197152655b214285ebde974fd3 refs/remotes/origin/play2-continue -3e25f91004b83c1a1fa25a8993cdd691f65bf658 refs/remotes/origin/postconf-handler-init -4ec43349ad5e16a9216844430695a3479ff6d558 refs/remotes/origin/preemption -a72e33ea411ed5f55df04ea9ab9dfceb09137642 refs/remotes/origin/proxy-protocol -6ab14605ba4a410b39916543302a9a9eb4d19698 refs/remotes/origin/publish-optional-type -1c2470975e4f23742d3e468649c2ad2bbfb77e7f refs/remotes/origin/publish-time-fix2 -dbc3ac2438757b23a65e1612c36b5691e7173585 refs/remotes/origin/push-reconnect -0b6a84b0b829c6794c0635dd30a2aa6712417c8f refs/remotes/origin/record-append -abc2704db1193bd993b886463063059d1ff5050e refs/remotes/origin/record-done -8658d99529384a487113bb9b80aaffd7714f16a7 refs/remotes/origin/record-keyframes -9b3471d79f43382db134b407cfce4f5b4ee24ae0 refs/remotes/origin/record-lock -f79aa206ec572c225c8bd32b5c2b1d7cc5ede692 refs/remotes/origin/record-name-format -bff1c355ec7db875972da6682e2553d65ac847ad refs/remotes/origin/record-notify -b69efd3e94113f627f25d0ab67fcd1036eab5fb1 refs/remotes/origin/reentrant-relay -1f9072bbe69e015021a31784b3ac66f0b296c911 refs/remotes/origin/relay -c9973fc68a91284c632f3afb736303d6402f6c4e refs/remotes/origin/relay-vars -7aa513cfcd5fd345ea477ea582faa8858628974d refs/remotes/origin/reltime -de2a4258d77aecdc2fab34b5857ca4529b1fe0ba refs/remotes/origin/remote-redirect -60038b6ea15ae34dc1f177625adc73ddb39eb984 refs/remotes/origin/rooms -35753c5f6221c31edad65a2f70802b856e642fe3 refs/remotes/origin/rooms2 -4a1358723a7ce288aeec9583da97166c260b38dd refs/remotes/origin/rtmp-ads -71f92aca8d631cbc800c8eed235535e0b0a52991 refs/remotes/origin/safe-amf-parser -87d1cebfe2822d75f9c97fe2487723029abc272a refs/remotes/origin/sample-access -57dd1406bd59224eea4e0aabf9dbfe4c82e6be9a refs/remotes/origin/session-relay -22de95e634b92e23eae85134c05e54c98404e34f refs/remotes/origin/shared-live-streams -5d7a5ea535ed40e7a9459967dc607bb52b10db12 refs/remotes/origin/shared_record -18e4762db29139ada9c8be4b36070005e8d01efc refs/remotes/origin/smart-drop -a8d148473db0fe5fb17e5e7527a3cafcfafb1fff refs/remotes/origin/smartos-compilation-fix -2cff2a58210c2f964f4d2ee76a8461fb81e28610 refs/remotes/origin/stat-no-underline -e3be78bc6b6f91fea27ba235a6393dee50817bcf refs/remotes/origin/stat-redesign -3bd60857bd5ea2f3024e7de248bdc3d64b58859d refs/remotes/origin/static-relay -7a35372e30dca2a10c843219597bc4bc481fdda0 refs/remotes/origin/static-relay-cleanup -882b4f15b287b3e313088a67b2a4a543fbb6511d refs/remotes/origin/static-relay2 -ac13bbf1af345532a009a88d93ac4b7869ffe456 refs/remotes/origin/sync -9b4725a01a9615dfa7133d659ff936bd69e91345 refs/remotes/origin/sync-atc -7fbfb36440d99786f3c4ecc723ae61fcdedc3ce5 refs/remotes/origin/sync-atc-fmle -466c1fdf168646d57f0f43c463ad524143917e01 refs/remotes/origin/sync-atc-fmle2 -93b669273561ebd80fbf106b8b482d28a4377b81 refs/remotes/origin/sync-enotify -c8ad56e2d232933453d54767db55e96e00dd3d6c refs/remotes/origin/video-key -6ad152ee4c43238bd6a9f71f36b8e5a1757909a0 refs/remotes/origin/video-on-demand -b6194ed6e6a01ce14026c1778148db61a9a6765e refs/remotes/origin/virtual -4adc5f7487b0bb27cf027c3e792b00821ad30ada refs/remotes/origin/vod-http -0f337fe9a482e3da10ca7e8055ae1d8a2ccb9037 refs/remotes/origin/vod-sample-access -98d959ac5374bd14123f53318e6c8a8d481ffd92 refs/remotes/origin/vod-seek -770e67b1f33134c7db41e99f27ef167b16be8032 refs/remotes/origin/vod-stat -5db5d5af24af798f698fcc0f6eeecbac52932139 refs/remotes/origin/vod-stat2 -658f5ec639e290476f19eb91f371e2bf453616c0 refs/remotes/origin/win -289ee42c53f49728eb134f2226a2ef9ca7a32414 refs/remotes/origin/win1 -92d4c071d91b9de67e7293efcb72ad97c28285a7 refs/tags/freebsd-native-hls -^1894d333aa9fd76e857532efe6c64d343df137e7 -316b05d54e7e290546872cb26ad5b431b2a935af refs/tags/v0.0.1 -^eda826a386f10109816c57db9ed0908bdca92330 -2ba5b409dfac19e28befd698e0e03ea8f3799517 refs/tags/v0.0.10 -^d943d519754d1c08073298114807a8afb154d07f -f00415d4264d303b1a2771a3c6a36c026217e000 refs/tags/v0.0.11 -^bcd601832a0a2dc968621e065f1dbeaa14b77bb6 -3080d5f1e2f6e7b4da23585fb538152cbe91bf77 refs/tags/v0.0.12 -^caec91b85772dc5e078a3152cb6ed436c26bfbc3 -740f8034ec343eeab3c19c5e777fc1af05af12e5 refs/tags/v0.0.13 -^d3c5ad11969c6bfba083a33c5c7540d79692ab0a -18719a9ae0332480c80acac56b54e87b6131f46c refs/tags/v0.0.14 -^cf1976cd05a6e73cdf5fb1506f84508a297688b6 -903e750ce238efa3cde37a40a00c83d0efa7190b refs/tags/v0.0.15 -^6295147db1d44c9e8430b09cf2bf3d0a43c16b56 -93cd6b10d401382dfc8f740dd8e995fc5241eacc refs/tags/v0.0.16 -^359c346d3516403f5545dac0e9d8fe57ff09238e -88536319dc71fa9e8202eb000dcce7f1aa864321 refs/tags/v0.0.17 -^15405e8edde4db9e3c6b56c3a17edbf7dcd974f0 -6eba477d8578b5c488e034ab25d45e34e30636f5 refs/tags/v0.0.2 -^8204245eb223290cfed21f6748860a4bec510ed1 -4793210ff635d428fc37692d88a1107e32f3839e refs/tags/v0.0.3 -^96ebed857347b368cb78749de3515797eb0d9364 -110118d72aa68bced1a7da6d427c4a1473153f8b refs/tags/v0.0.4 -^b9ee8dbe097b2ab9cd60786c1cfa9a48237c51dd -49d4548bbc229885290915256d3b75f5d0b2863e refs/tags/v0.0.5 -^1e9a7e6efcd6990662f41e54587f27ab3f28ba87 -1c620f4121a3c4c64ccc71ca9a3aee100b702221 refs/tags/v0.0.6 -^3980a5923715131c8ac011410e63250ef5d13c93 -dbad1b31d510f290c5ebac4f073f5b7c3ef97e04 refs/tags/v0.0.7 -^7b70e9241327b93d04554cd7b8d2eeadb2acc4e6 -41ca3077bdbd20c2ddefdcc5f03a26b9ab6c358b refs/tags/v0.0.8 -^e563c3146e31eb8ce48634262435978bab26f7f0 -dc702ef73579582157563de257bf906d5ac77e18 refs/tags/v0.0.9 -^31d18ed4478684571476aed6125e942bfc738d77 -e2dcb0bea3859e6a66a7601356a7d90434d5ef4f refs/tags/v0.1.0 -^c61d7ac56f4895dc3f0513344b45d74943d4da19 -a0e0796bff7e6a33181d4cb6a1981a9889cf791c refs/tags/v0.1.1 -^f6ccfb6fa1d05d3babc1bb20ca7003802f85f2f0 -80db4c48b3cc30ad12112b5bde3831520c81a92a refs/tags/v0.1.10 -^88346934e51595118518957553316afda5a8b771 -b103795c7f1f41a51451dace848f8de085d59840 refs/tags/v0.1.11 -^45cd9825a2bb882c3b65a9c1139342bc59e40750 -8c8410a1def03c6f535110352398a0fc463d08f8 refs/tags/v0.1.12 -^63c4269a9146370db970894512523b9f3893ffad -951872e641cbebbd925c17cb8e8cc8a0289fe9cd refs/tags/v0.1.13 -^1719ef4433de03e8d95be7838a933326d717f1ee -6432ba9937589a7bbd58975d2e253a65e433e17b refs/tags/v0.1.14 -^fa3630d63d77ec4e6dcfa14a88afb5804b1b3596 -4b89a9819cc22c6ca1852613c518e0f400c6c048 refs/tags/v0.1.15 -^8def5f394543b822b6b450e79bdbf9a73f1d0a99 -40d6554b7196933e96aff91bba15f6b31c99dedb refs/tags/v0.1.2 -^4e713b75e8e3cd8f5456303e2f7f4803776f33de -a33ca7451cbd32dc2f43e01b3b87552f055a56ae refs/tags/v0.1.3 -^d82c16499de14965ff1259c457b33b5a81614c40 -dd9683b203e09b13d08e717e20304060c1d320cb refs/tags/v0.1.4 -^a4f48c5baa427c9d9093c0ceee339820c2167624 -d216f3dd61f67da413503b492af4b1f5c3e58451 refs/tags/v0.1.5 -^32279ddf26a9d9e0f34ff62d460bf4c1b14e2088 -2dab9cce52024dbf7ae3273770e159e73db21618 refs/tags/v0.1.6 -^49382c826b041589badb32b5f5f512592405a736 -c83a64c91d926c1bc5ac35036d49c31f87165466 refs/tags/v0.1.7 -^63e19f8d67d4f442f2700103c4d8ee9d137c0116 -0ab4039b703078ddacd4e70adc67b99efd946de3 refs/tags/v0.1.8 -^4bb48483be9d91a74a2efd5cb80fa136918ae466 -c9d359554132dc807d599b8d28b3193c8e37d841 refs/tags/v0.1.9 -^6143abc41803be6da47bfc4e15bbfe1d315de832 -4d20bb15480652145358c20f444f77ddbe2eeac6 refs/tags/v0.2.0 -^eb4e9e8d9033cb7c1775eec114cd7b90af26b047 -9df13315600aa2752fc99e80fb8b73a78e0f0fbf refs/tags/v0.2.1 -^1a2a8e2867f4d1cd64853bc49af9e725ee7f8343 -7e8b090de600016d965d3080b0cd6bc81eb60f67 refs/tags/v0.2.2 -^4e475cccb507951e5091f0ff5f1d4ef1903fd439 -f7f24bade80cca3a09e7286f250bb464cfab2df1 refs/tags/v0.2.3 -^295551947a187a265e5c60e6cccdf4c894a21e24 -2bf2e04da1cd97187612ba73ce9010c96393b76a refs/tags/v0.3.0 -^58491f8feddbe801557704dd1d1ac9d0950cdf3f -aded30326d7e233283346dab1258d4fdf69c31e7 refs/tags/v0.4.0 -^3c2e29f215fb09e5b4cb29040d1e5e092ce73849 -3381f10c50c161b0350ca8030535a97f43977940 refs/tags/v0.4.1 -^067c73710d15f046945ada24d5ca25d50b2751c7 -943ca88b8160225ef8decfab7aa3c6ba40c012a7 refs/tags/v0.4.2 -^ff247dafff1cab945c85ceefcf97d76fa1972c0e -2864097d4bf7e81a95bc85d133121beaf8262fc9 refs/tags/v0.4.3 -^ed5f06db8a90746059730fe8b55cf9ddc64ca67e -ed9bef4dc07d34078749b79d072cde59f385084a refs/tags/v0.5.0 -^abc2704db1193bd993b886463063059d1ff5050e -eb94d37c69842eb563fa3e7c9cc286cc942fd2e8 refs/tags/v0.5.1 -^6485716fb4734d5fc25ba12d849e2dedab63707d -0b020f1757f052a24a4d4c2061fcc4f8e1dbd440 refs/tags/v0.5.2 -^87686029aa2cfddfea765c626be7161981583482 -053bdc9277034a6db7edcc3d46c042ab8c62989b refs/tags/v0.5.3 -^cc632eb6b683eacdced09bfbe905e510779d5efc -307f468efdffa4ad07e79c0e39eab9f9eb195307 refs/tags/v0.5.4 -^bff1c355ec7db875972da6682e2553d65ac847ad -98438d54995ad4d11d7a020ff6b77919ca368448 refs/tags/v0.6.0 -^72d175ed7f5dfb4874ac6e002b737d866a0553d7 -f1eeb39f851366614b7dc1afa1fba21e1595475f refs/tags/v0.6.1 -^21174b2ee743c9ea1a0bccb46436c56c871febd3 -2b20008d1f3cb4b357d74ee288e2c00ac801d415 refs/tags/v0.6.2 -^795c1538a3602d5eedf7617c6d13c775721a66b9 -6b1f2547203b946cbac8c60bd86e5f04ad1a9a1d refs/tags/v0.6.3 -^c86e30fd270103b00c244f136c8780fb3a51b921 -d623935695e9ac6418a1baa24283bd35a42fef81 refs/tags/v0.6.4 -^f65f07deb32565b144e22faece57638f8961d62f -d3a7be773484e670119dfa20ff56cb0a91a8554f refs/tags/v0.6.5 -^4adc5f7487b0bb27cf027c3e792b00821ad30ada -293ebabd1220ec4615e2eb89d19ca3e7a381d1a3 refs/tags/v0.7.0 -^101b43a478bb44018733e75a3bf3b1f8adc5b2e5 -4b12afb07c889648864458c3a6096dc274c7420e refs/tags/v0.7.1 -^98d959ac5374bd14123f53318e6c8a8d481ffd92 -eb5ccb5fb1f735b82da3a43ee0d8d398bd932840 refs/tags/v0.7.2 -^6f2808c7d11564e2269e9f64b9671f8c080c893d -23fe9e844ecafd18a5d713618a36fb68846db951 refs/tags/v0.7.3 -^62e03d710cd02043156ac86da3b07e5186c78e11 -09b1e2bab6467a8d50e37939b4d1fc0b9777adfd refs/tags/v0.7.4 -^696e488ecb089236a297939248d4616d4665d347 -fa8752466e94879be074386c2f0420640cec3b41 refs/tags/v0.8.0 -^02dd440a25097e8528d9cdfa85132b6920649547 -7c3df8e2c78a85ef7f5d2e8f100e5f54573c71c7 refs/tags/v0.8.1 -^9f4296c08382b1374018346cce3bb5d40036f47a -f8899c67c2508ded911a93117b3186df6df631bd refs/tags/v0.8.2 -^ac924d7f940f05063d7ef0503aa7f3a1576bf380 -683a29d4d0a536b6a97c07d1deeacb8cc11a6af7 refs/tags/v0.8.3 -^3d54d69e252bb537dc8fb03cc96ada084bd5da8d -2aeefa379b700de0c9c1b4ed94e186e0d1d1a580 refs/tags/v0.8.4 -^f2f28cbe487883caed333ffb4f5f7942bed64c09 -5ea2a003691a63630e6c1d492c96d6581338efb8 refs/tags/v0.8.5 -^bd562e4ff7c10cad71711828548cbb584bd4a80b -11ee9f81e8b8a077113cdf96d655d7cf9961a03d refs/tags/v0.8.6 -^e5e5766ebb51e1c36b6804fe0ddc02ee8ca19cc6 -544c73b3b27c93df0d61172c62a7eee2e8252953 refs/tags/v0.8.7 -^3eaa43a7a327646acdebe87000422c6fd086adbe -83055d17d104c267aeebda070246b0917dbfffb2 refs/tags/v0.9.0 -^406d3a9527e08ea148e7c10ffa4009e0e5070b11 -37a1511c0e7c6a1a522bab7355289a71a7876ad2 refs/tags/v0.9.1 -^ea65ac688cdd89dad65bcdc3b62d5e152b47f1ec -ee0df070f78e83f3857301aa0e4340c15743403d refs/tags/v0.9.10 -^6923889e5386abad1aa07e2c29462fc469d3a5d4 -cb5e1df91a1b8d020de63d6cbbacd9f74097a375 refs/tags/v0.9.11 -^3aa528fccd2c3500b2eeafa6589c3f8f07564186 -6d328d3291833a9991cb27df45d1c82cfc3bc5fb refs/tags/v0.9.12 -^11e3f53fd259f0297a4d8f440afceb8395b45622 -b63100856c3a795440047324aaf863c6339e859f refs/tags/v0.9.13 -^0a8f0ee6c560edc032f66a25d527e9cd7ed6b62b -e13bcdadf3b57f91e8eca678846480522eb214ba refs/tags/v0.9.14 -^612fc4dd7514b3da2ac774a6daeb7baa60314f36 -1c92b49d30e7215483d5c0c038da2d09d6ac1d16 refs/tags/v0.9.15 -^7b5c5e99327c19600ab2bab89960ba217be52949 -bc3fe7a8ebf166e5187f7bac00c70e40a9b192fe refs/tags/v0.9.16 -^c0fc4bbdccf1d328eaa098f3287e427e369517c0 -d5288d89f8c1e1c8c82218a23deedfabb845fa1c refs/tags/v0.9.17 -^f79aa206ec572c225c8bd32b5c2b1d7cc5ede692 -bce7ea3e62682b29d61d56cc6bcc0e794857d557 refs/tags/v0.9.18 -^c61e99a36878fc618e29633db0e9652be13f6284 -39cb7ca0a51e7e4bfc400b285141a71ac7b565c7 refs/tags/v0.9.19 -^a47b23204b43d5b823feeb52b0c868b2c96847ca -43dd6489282d965072eb48479af5e8d90ac6ad38 refs/tags/v0.9.2 -^af5703b35756667eb008bdffb22626616bbae020 -73e60038c62b281fd0e4ff5565f35797fed46a1a refs/tags/v0.9.20 -^e29e64ed7d262904d22ce0a708e67cc02115f497 -828fcd80c23df5caf0b7fdbf897ba45a92f3dce7 refs/tags/v0.9.3 -^aeae84bf8babcd7130f71b5941834eeb4fafa61a -31f684d189aec37550e82e4c7cf3ac751a781ade refs/tags/v0.9.4 -^f358a2e8f9269afef85d82549de4945942b39d6c -63540cc06386523c08857cf435ad9c2f6daaef8a refs/tags/v0.9.5 -^c0ad999f37675dd1bbed11d901f34259827bb405 -e7fe15e6ca0cb0f81ec42b5b309ce6f720525193 refs/tags/v0.9.6 -^5325df0135c467d21cf93cd5c5df6af60a87a9e8 -0dda255fe75318707bb20e0078ace6da1f160cd2 refs/tags/v0.9.7 -^138c330da2ace7617af3c6b671fbee049f387fb7 -568ce8f0a850d3d7e00c33247edffe366cff0d51 refs/tags/v0.9.8 -^6903ac23e430b4170b108bb2f631562560c37fe0 -2d5bc52527e46171d2e2a7c4d9c87fa2a4e39fee refs/tags/v0.9.9 -^af8446a0985ba76873c25a6aae5125e47c7a3194 -d27f964d1f45d546419795b058fea60f3f1f21ab refs/tags/v1.0.0 -^613234b866fd08ea2221d183edfd9eb6d8a8bf4d -421d9ff41f699cc344845df9869dccff0ce4ad86 refs/tags/v1.0.1 -^cbe760aa8ad43d3908b7c9408d7f3946747981b1 -e1ec6d2f08937878a985bfa7d4f49e93312dc7e0 refs/tags/v1.0.2 -^6b92cd6b29ddeea5a113b6e5d8d854b6986e3fd1 -7749d54fb000641dfa6c8eebfb8765175f187a13 refs/tags/v1.0.3 -^7b4df729c1c4d86589f8ccadc0bd20ee733416f9 -aaeca4ff01f858cd719ea5b86eef7dcc3ba259ca refs/tags/v1.0.4 -^67443c28b4aff60023ce143475c2d287c264f2f7 -d7e1af79c4d152d16bcacfcd2ca18d58e6b3201b refs/tags/v1.0.5 -^737ea5ce34c8270479811acfacba02112e202625 -0acf1123a044c8afd68112387712abd59e45a2eb refs/tags/v1.0.6 -^1cfb7aeb582789f3b15a03da5b662d1811e2a3f1 -bd4f1b4cf7c58e55298c326184e5ad1a15c3aff0 refs/tags/v1.0.7 -^995688b9cfea4fb01a5b8ad0e110fec0866e501c -5beda43a6b388af5e7c1bcc55384163d97dcf836 refs/tags/v1.0.8 -^d01ffc0c88d9ce736be3dee99b4f9d3fcc07b685 -f792dab070dbdedc3b968483287fa59e6ae48a03 refs/tags/v1.0.9 -^471d299f5d5348dfbba6132779587553c3a709a7 -a08c7835b05e2bd816efb1f8036cb7c9bf59b906 refs/tags/v1.1.0 -^8542e21e17587ee2e928cdfedc1cb82996df7719 -e9d11158cb1b18a0631a94c4e8599c0f8c64adb7 refs/tags/v1.1.1 -^8608faad1e0b25c80b1f9b93439d6fd450db5c15 -cf710155b2666d2456a58a49dac1af4d93b215ce refs/tags/v1.1.10 -^5150993accb5edefa61d71e1c81ad8c02f515428 -2a721794867c76e9ac9e653e76da9503cbc9d60f refs/tags/v1.1.2 -^65cd61e43350c0de0a69103aed1ecf7f2b081ab8 -c130de320738a9ae084ba3d54f033c98e6e82d65 refs/tags/v1.1.3 -^6f768dc4eb2a2cb7798e31c7465af77b94ca2733 -3fdbbcc01249d7a3f0559192debfe09f844aef6e refs/tags/v1.1.4 -^8c2229cce5d4d4574e8fb7b130281497f746f0fa -28618cde22c864eef6ecdba9da636a2f2f611b20 refs/tags/v1.1.5 -^7500b4bd90fc942468f94dd3a12dbcdf9c3199a6 -1706bc84f5b0882dec6f1854d9054be7e3d12ab2 refs/tags/v1.1.6 -^7a35372e30dca2a10c843219597bc4bc481fdda0 -c0a5fb42c214d585a84967b2e172889d9278d325 refs/tags/v1.1.7 -^f62a0838064baf089ad9fe3c8f6f2ffe0775afb2 -1fe006d50fbca7537984fc080dd32906b9cb5455 refs/tags/v1.1.8 -^cb54ed4ac0994e36b92d21a51313af44ecdfdadd -c7447b49ee18232dab330fadf6c2dfb5fa2bbfb2 refs/tags/v1.1.9 -^c0bf381d10de05c135f913921c58272838d5e1ee
[-] [+]	Deleted	nginx-rtmp-module-1.1.15.tar.gz/.git/refs ^
-(directory)
[-] [+]	Deleted	nginx-rtmp-module-1.1.15.tar.gz/.git/refs/heads ^
-(directory)
[-] [+]	Deleted	nginx-rtmp-module-1.1.15.tar.gz/.git/refs/heads/master ^
@@ -1 +0,0 @@ -5150993accb5edefa61d71e1c81ad8c02f515428
[-] [+]	Deleted	nginx-rtmp-module-1.1.15.tar.gz/.git/refs/remotes ^
-(directory)
[-] [+]	Deleted	nginx-rtmp-module-1.1.15.tar.gz/.git/refs/remotes/origin ^
-(directory)
[-] [+]	Deleted	nginx-rtmp-module-1.1.15.tar.gz/.git/refs/remotes/origin/HEAD ^
@@ -1 +0,0 @@ -ref: refs/remotes/origin/master
[-] [+]	Deleted	nginx-rtmp-module-1.1.15.tar.gz/.git/refs/tags ^
-(directory)
[-] [+]	Changed	nginx-rtmp-module-1.2.1.tar.gz/dash/ngx_rtmp_dash_module.c ^
@@ -52,7 +52,7 @@ ngx_str_t playlist_bak; ngx_str_t name; ngx_str_t stream; - ngx_time_t start_time; + time_t start_time; ngx_uint_t nfrags; ngx_uint_t frag; @@ -228,8 +228,8 @@ ngx_rtmp_dash_app_conf_t dacf; static u_char buffer[NGX_RTMP_DASH_BUFSIZE]; - static u_char start_time[sizeof("1970-09-28T12:00:00+06:00")]; - static u_char end_time[sizeof("1970-09-28T12:00:00+06:00")]; + static u_char start_time[sizeof("1970-09-28T12:00:00Z")]; + static u_char pub_time[sizeof("1970-09-28T12:00:00Z")]; dacf = ngx_rtmp_get_module_app_conf(s, ngx_rtmp_dash_module); ctx = ngx_rtmp_get_module_ctx(s, ngx_rtmp_dash_module); @@ -252,18 +252,16 @@ return NGX_ERROR; } - #define NGX_RTMP_DASH_MANIFEST_HEADER \ "<?xml version=\"1.0\"?>\n" \ "<MPD\n" \ " type=\"dynamic\"\n" \ " xmlns=\"urn:mpeg:dash:schema:mpd:2011\"\n" \ " availabilityStartTime=\"%s\"\n" \ - " availabilityEndTime=\"%s\"\n" \ + " publishTime=\"%s\"\n" \ " minimumUpdatePeriod=\"PT%uiS\"\n" \ " minBufferTime=\"PT%uiS\"\n" \ - " timeShiftBufferDepth=\"PT0H0M0.00S\"\n" \ - " suggestedPresentationDelay=\"PT%uiS\"\n" \ + " timeShiftBufferDepth=\"PT%uiS\"\n" \ " profiles=\"urn:hbbtv:dash:profile:isoff-live:2012," \ "urn:mpeg:dash:profile:isoff-live:2011\"\n" \ " xmlns:xsi=\"http://www.w3.org/2011/XMLSchema-instance\"\n" \ @@ -285,11 +283,9 @@ " width=\"%ui\"\n" \ " height=\"%ui\"\n" \ " frameRate=\"%ui\"\n" \ - " sar=\"1:1\"\n" \ " startWithSAP=\"1\"\n" \ " bandwidth=\"%ui\">\n" \ " <SegmentTemplate\n" \ - " presentationTimeOffset=\"0\"\n" \ " timescale=\"1000\"\n" \ " media=\"%V%s$Time$.m4v\"\n" \ " initialization=\"%V%sinit.m4v\">\n" \ @@ -323,7 +319,6 @@ " startWithSAP=\"1\"\n" \ " bandwidth=\"%ui\">\n" \ " <SegmentTemplate\n" \ - " presentationTimeOffset=\"0\"\n" \ " timescale=\"1000\"\n" \ " media=\"%V%s$Time$.m4a\"\n" \ " initialization=\"%V%sinit.m4a\">\n" \ @@ -341,38 +336,33 @@ " </Period>\n" \ "</MPD>\n" - ngx_libc_localtime(ctx->start_time.sec + - ngx_rtmp_dash_get_frag(s, 0)->timestamp / 1000, &tm); + ngx_libc_gmtime(ctx->start_time, &tm); - ngx_sprintf(start_time, "%4d-%02d-%02dT%02d:%02d:%02d%c%02d:%02d", - tm.tm_year + 1900, tm.tm_mon + 1, - tm.tm_mday, tm.tm_hour, - tm.tm_min, tm.tm_sec, - ctx->start_time.gmtoff < 0 ? '-' : '+', - ngx_abs(ctx->start_time.gmtoff / 60), - ngx_abs(ctx->start_time.gmtoff % 60)) = 0; - - ngx_libc_localtime(ctx->start_time.sec + - (ngx_rtmp_dash_get_frag(s, ctx->nfrags - 1)->timestamp + - ngx_rtmp_dash_get_frag(s, ctx->nfrags - 1)->duration) / - 1000, &tm); - - ngx_sprintf(end_time, "%4d-%02d-%02dT%02d:%02d:%02d%c%02d:%02d", - tm.tm_year + 1900, tm.tm_mon + 1, - tm.tm_mday, tm.tm_hour, - tm.tm_min, tm.tm_sec, - ctx->start_time.gmtoff < 0 ? '-' : '+', - ngx_abs(ctx->start_time.gmtoff / 60), - ngx_abs(ctx->start_time.gmtoff % 60)) = 0; + ngx_sprintf(start_time, "%4d-%02d-%02dT%02d:%02d:%02dZ%Z", + tm.tm_year + 1900, tm.tm_mon + 1, + tm.tm_mday, tm.tm_hour, + tm.tm_min, tm.tm_sec); + + ngx_libc_gmtime(ngx_time(), &tm); + + ngx_sprintf(pub_time, "%4d-%02d-%02dT%02d:%02d:%02dZ%Z", + tm.tm_year + 1900, tm.tm_mon + 1, + tm.tm_mday, tm.tm_hour, + tm.tm_min, tm.tm_sec); last = buffer + sizeof(buffer); p = ngx_slprintf(buffer, last, NGX_RTMP_DASH_MANIFEST_HEADER, start_time, - end_time, + pub_time, (ngx_uint_t) (dacf->fraglen / 1000), (ngx_uint_t) (dacf->fraglen / 1000), - (ngx_uint_t) (dacf->fraglen / 500)); + (ngx_uint_t) (dacf->fraglen / 250 + 1)); + + / + * timeShiftBufferDepth formula: + * 2 * minBufferTime + max_fragment_length + 1 + / n = ngx_write_fd(fd, buffer, p - buffer); @@ -952,7 +942,7 @@ "dash: playlist='%V' playlist_bak='%V' stream_pattern='%V'", &ctx->playlist, &ctx->playlist_bak, &ctx->stream); - ctx->start_time = ngx_cached_time; + ctx->start_time = ngx_time(); if (ngx_rtmp_dash_ensure_directory(s) != NGX_OK) { return NGX_ERROR; @@ -1008,6 +998,11 @@ f->duration = timestamp - f->timestamp; hit = (f->duration >= dacf->fraglen); + /* keep fragment lengths within 2x factor for dash.js / + if (f->duration >= dacf->fraglen 2) { + boundary = 1; + } + } else { /* sometimes clients generate slightly unordered frames */
[-] [+]	Changed	nginx-rtmp-module-1.2.1.tar.gz/hls/ngx_rtmp_hls_module.c ^
@@ -1951,6 +1951,7 @@ ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, "hls: error appending AUD NAL"); } + /* fall through */ case 9: aud_sent = 1; break;
[-] [+]	Changed	nginx-rtmp-module-1.2.1.tar.gz/ngx_rtmp.h ^
@@ -135,6 +135,8 @@ #define NGX_RTMP_MSG_AGGREGATE 22 #define NGX_RTMP_MSG_MAX 22 +#define NGX_RTMP_MAX_CHUNK_SIZE 10485760 + #define NGX_RTMP_CONNECT NGX_RTMP_MSG_MAX + 1 #define NGX_RTMP_DISCONNECT NGX_RTMP_MSG_MAX + 2 #define NGX_RTMP_HANDSHAKE_DONE NGX_RTMP_MSG_MAX + 3
[-] [+]	Changed	nginx-rtmp-module-1.2.1.tar.gz/ngx_rtmp_access_module.c ^
@@ -410,8 +410,8 @@ break; } - /* "all" passes through / #endif + / fall through / default: / AF_INET */
[-] [+]	Changed	nginx-rtmp-module-1.2.1.tar.gz/ngx_rtmp_amf.c ^
@@ -331,6 +331,7 @@ if (elts->type & NGX_RTMP_AMF_OPTIONAL) { return NGX_OK; } + /* fall through / case NGX_ERROR: return NGX_ERROR; } @@ -398,6 +399,7 @@ if (ngx_rtmp_amf_get(ctx, &max_index, 4) != NGX_OK) { return NGX_ERROR; } + / fall through / case NGX_RTMP_AMF_OBJECT: if (ngx_rtmp_amf_read_object(ctx, data, @@ -592,6 +594,7 @@ if (ngx_rtmp_amf_put(ctx, &max_index, 4) != NGX_OK) { return NGX_ERROR; } + / fall through */ case NGX_RTMP_AMF_OBJECT: type8 = NGX_RTMP_AMF_END;
[-] [+]	Changed	nginx-rtmp-module-1.2.1.tar.gz/ngx_rtmp_eval.c ^
@@ -154,6 +154,7 @@ name.len = p - name.data; ngx_rtmp_eval_append_var(ctx, &b, e, &name, log); + /* fall through */ case NORMAL: switch (c) {
[-] [+]	Changed	nginx-rtmp-module-1.2.1.tar.gz/ngx_rtmp_handler.c ^
@@ -821,6 +821,12 @@ ngx_log_debug1(NGX_LOG_DEBUG_RTMP, s->connection->log, 0, "setting chunk_size=%ui", size); + if (size > NGX_RTMP_MAX_CHUNK_SIZE) { + ngx_log_error(NGX_LOG_ALERT, s->connection->log, 0, + "too big RTMP chunk size:%ui", size); + return NGX_ERROR; + } + cscf = ngx_rtmp_get_module_srv_conf(s, ngx_rtmp_core_module); s->in_old_pool = s->in_pool;
[-] [+]	Changed	nginx-rtmp-module-1.2.1.tar.gz/ngx_rtmp_handshake.c ^
@@ -104,30 +104,37 @@ ngx_rtmp_make_digest(ngx_str_t key, ngx_buf_t src, u_char skip, u_char dst, ngx_log_t log) { - static HMAC_CTX hmac; - static unsigned hmac_initialized; + static HMAC_CTX hmac; unsigned int len; - if (!hmac_initialized) { - HMAC_CTX_init(&hmac); - hmac_initialized = 1; + if (hmac == NULL) { +#if OPENSSL_VERSION_NUMBER < 0x10100000L + static HMAC_CTX shmac; + hmac = &shmac; + HMAC_CTX_init(hmac); +#else + hmac = HMAC_CTX_new(); + if (hmac == NULL) { + return NGX_ERROR; + } +#endif } - HMAC_Init_ex(&hmac, key->data, key->len, EVP_sha256(), NULL); + HMAC_Init_ex(hmac, key->data, key->len, EVP_sha256(), NULL); if (skip && src->pos <= skip && skip <= src->last) { if (skip != src->pos) { - HMAC_Update(&hmac, src->pos, skip - src->pos); + HMAC_Update(hmac, src->pos, skip - src->pos); } if (src->last != skip + NGX_RTMP_HANDSHAKE_KEYLEN) { - HMAC_Update(&hmac, skip + NGX_RTMP_HANDSHAKE_KEYLEN, + HMAC_Update(hmac, skip + NGX_RTMP_HANDSHAKE_KEYLEN, src->last - skip - NGX_RTMP_HANDSHAKE_KEYLEN); } } else { - HMAC_Update(&hmac, src->pos, src->last - src->pos); + HMAC_Update(hmac, src->pos, src->last - src->pos); } - HMAC_Final(&hmac, dst, &len); + HMAC_Final(hmac, dst, &len); return NGX_OK; }
[-] [+]	Changed	nginx-rtmp-module-1.2.1.tar.gz/ngx_rtmp_init.c ^
@@ -79,6 +79,7 @@ case AF_UNIX: unix_socket = 1; + /* fall through / default: / AF_INET / sin = (struct sockaddr_in ) sa; @@ -110,6 +111,7 @@ case AF_UNIX: unix_socket = 1; + /* fall through / default: / AF_INET */ addr = port->addrs;
[-] [+]	Changed	nginx-rtmp-module-1.2.1.tar.gz/ngx_rtmp_notify_module.c ^
@@ -892,6 +892,7 @@ n = 0; state = parse_name; + /* fall through / case parse_name: switch (c) { @@ -919,6 +920,7 @@ break; } state = parse_value; + / fall through */ case parse_value: if (c == '\n') {
	Added	ngx_http_substitutions_filter_module-master.zip ^
	Deleted	ngx_pagespeed-1.12.34.2-stable.zip ^
	Deleted	ngx_pagespeed-1.12.34.3-stable.zip ^
	Deleted	ngx_pagespeed-1.13.35.1-beta.zip ^
	Added	ngx_pagespeed-1.13.35.2-stable.zip ^
	Deleted	ngx_pagespeed-latest-testing.zip ^
	Deleted	openssl-1.1.0c.tar.gz ^
	Deleted	openssl-1.1.0e.tar.gz ^
	Deleted	openssl-1.1.0f.tar.gz ^
	Deleted	openssl-1.1.0g.tar.gz ^
	Deleted	release-1.11.33.2-beta.zip ^
	Deleted	v1.10.33.6-beta.zip ^