Changes - j0ke.net Open Build Service

Difference Between Revision 2 and home:kries:proceed / nginx

[-] [+]	Added	nginx.changes
@@ -0,0 +1,28 @@ +------------------------------------------------------------------- +Wed Dec 28 20:00:08 UTC 2016 - cs@linux-administrator.com + +- update to nginx 1.11.8 + +------------------------------------------------------------------- +Wed Dec 14 11:07:19 UTC 2016 - cs@linux-administrator.com + +- update to nginx 1.11.7 + +------------------------------------------------------------------- +Mon Nov 28 07:21:41 UTC 2016 - cs@linux-administrator.com + +- update to nginx 1.11.6 +- update nginx rtmp module to 1.1.10 + +------------------------------------------------------------------- +Wed Oct 12 21:29:31 UTC 2016 - cs@linux-administrator.com + +- update to nginx 1.11.5 + +------------------------------------------------------------------- +Wed Sep 28 18:04:31 UTC 2016 - cs@linux-administrator.com + +- update to nginx 1.11.4 +- update openssl to 1.0.2j +- update nginx rtmp module to 1.1.9 +
[-] [+]	Changed	nginx.spec ^
@@ -8,21 +8,21 @@ %define nginx_webroot %{nginx_datadir}/html %define rtmp_ext nginx-rtmp-module -%define rtmp_ext_version 1.2.2 +%define rtmp_ext_version 1.1.15 %define rtmp %{rtmp_ext}-%{rtmp_ext_version} %define rtmp_nover %{rtmp_ext} %define with_rtmp_ext 0 -%define nps_version 1.13.35.2-stable -%define psol_version 1.13.35.2-x64 +%define nps_version 1.12.34.3-stable +%define psol_version 1.12.34.2-x64 %define slowfs_version 1.5 -%define openssl_version 1.1.1l +%define openssl_version 1.1.0g %define ngxpurge_version 2.3 %define with_ldap_auth 0 Name: nginx -Version: 1.20.1 +Version: 1.12.2 Release: 1 Summary: Robust, small and high performance http and reverse proxy server Group: System Environment/Daemons @@ -49,7 +49,7 @@ BuildRequires: openldap-devel %endif -Requires: pcre +Requires: pcre Requires: zlib Requires: openssl Requires: libxml2 @@ -74,15 +74,15 @@ Source8: ngx_slowfs_cache-%{slowfs_version}.tar.gz Source9: Nginx-limit-traffic-rate-module.tar.gz Source10: %{rtmp}.tar.gz +Source11: nginx_upstream_check_module-master.tar.gz Source12: openssl-%{openssl_version}.tar.gz Source13: nginx-munin.tar.gz Source14: ngx_pagespeed-%{nps_version}.zip Source15: %{psol_version}.tar.gz Source16: ngx_cache_purge-%{ngxpurge_version}.tar.gz -Source17: naxsi-1.3.tar.gz -Source18: nginx-module-vts-0.1.18.tar.gz +Source17: naxsi-0.56rc1.tar.gz +Source18: changelog Source19: nginx-auth-ldap.tar.gz -Source20: ngx_http_substitutions_filter_module-master.zip Source100: index.html Source101: poweredby.png @@ -91,9 +91,11 @@ Source104: 404.html Source105: ssl-ciphersample Source106: pagespeed.conf +Source108: blockips.conf Patch0: nginx-auto-cc-gcc.patch Patch1: nginx-conf-0.7.x.patch +Patch3: openssl-rc4tilt.patch %description Nginx [engine x] is an HTTP(S) server, HTTP(S) reverse proxy and IMAP/POP3 @@ -109,30 +111,33 @@ %{__tar} zxvf %{SOURCE5} %{__tar} zxvf %{SOURCE9} %{__tar} zxvf %{SOURCE10} +#%{__tar} zxvf %{SOURCE11} %{__tar} zxvf %{SOURCE12} %{__tar} zxvf %{SOURCE13} %{__tar} zxvf %{SOURCE16} %{__tar} zxvf %{SOURCE17} -%{__tar} zxvf %{SOURCE18} %{__tar} zxvf %{SOURCE19} -%{__unzip} -o %{SOURCE20} cd openssl-%{openssl_version} ./config +%if 0%{?rhel_version} == 700 \|\| 0%{?centos_version} == 700 + cd %{_builddir}/nginx-%{version}/ %{__unzip} -o %{SOURCE14} if [ $? -ne 0 ]; then exit $? fi -cd incubator-pagespeed-ngx-%{nps_version} +cd ngx_pagespeed-%{nps_version} %{__tar} xzf %{SOURCE15} if [ $? -ne 0 ]; then exit $? fi chmod -Rf a+rX,u+w,g-w,o-w . +%endif + %build export DESTDIR=%{buildroot} @@ -181,21 +186,25 @@ --with-http_slice_module \ --with-stream_ssl_preread_module \ --with-http_sub_module \ - --add-module=%{_builddir}/nginx-%{version}/ngx_http_substitutions_filter_module-master \ %if 0%{?with_ldap_auth} == 1 --add-module=%{_builddir}/nginx-%{version}/nginx-auth-ldap \ %endif - --add-module=%{_builddir}/nginx-%{version}/naxsi-1.3/naxsi_src \ + --add-module=%{_builddir}/nginx-%{version}/naxsi-0.56rc1/naxsi_src \ +%if 0%{?rhel_version} == 700 \|\| 0%{?centos_version} == 700 --with-ld-opt="-Wl,-z,relro,-z,now -Wl,-rpath -Wl,-Bsymbolic-functions -Wl,--as-needed -fPIE" \ --with-cc-opt="-g -Ofast -march=native -ffast-math -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2" \ +%endif --with-openssl=%{_builddir}/nginx-%{version}/openssl-%{openssl_version} \ +%if 0%{?rhel_version} == 700 \|\| 0%{?centos_version} == 700 --with-openssl-opt=enable-ec_nistp_64_gcc_128 \ +%endif --with-file-aio \ --add-module=%{_builddir}/nginx-%{version}/Nginx-limit-traffic-rate-module \ --add-module=%{_builddir}/nginx-%{version}/ngx_cache_purge-2.3 \ - --add-module=%{_builddir}/nginx-%{version}/incubator-pagespeed-ngx-%{nps_version} \ - --add-module=%{_builddir}/nginx-%{version}/nginx-module-vts-0.1.18 \ +%if 0%{?rhel_version} == 700 \|\| 0%{?centos_version} == 700 + --add-module=%{_builddir}/nginx-%{version}/ngx_pagespeed-%{nps_version} \ --with-threads \ +%endif %if 0%{with_rtmp_ext} --add-module=%{_builddir}/nginx-%{version}/%{rtmp} \ %endif @@ -221,7 +230,7 @@ %{__install} -p -D -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/logrotate.d/%{name} %{__install} -p -D -m 0644 %{SOURCE7} %{buildroot}%{_sysconfdir}/sysconfig/%{name} %{__install} -p -d -m 0755 %{buildroot}%{nginx_confdir}/conf.d -%{__install} -p -m 0644 %{SOURCE3} %{SOURCE4} %{SOURCE6} %{buildroot}%{nginx_confdir}/conf.d +%{__install} -p -m 0644 %{SOURCE3} %{SOURCE4} %{SOURCE6} %{SOURCE108} %{buildroot}%{nginx_confdir}/conf.d %if 0%{?rhel_version} == 700 \|\| 0%{?centos_version} == 700 %{__install} -p -m 0644 %{SOURCE106} %{buildroot}%{nginx_confdir}/conf.d
[-] [+]	Added	openssl-rc4tilt.patch ^
@@ -0,0 +1,17 @@ +Nur in openssl-1.0.1j-norc4: openssl__disable_rc4.patch. +diff -ru openssl-1.0.1j/ssl/s3_lib.c openssl-1.0.1j-norc4/ssl/s3_lib.c +--- openssl-1.0.1j/ssl/s3_lib.c 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j-norc4/ssl/s3_lib.c 2014-10-23 18:57:16.468131600 +0200 +@@ -3844,6 +3844,11 @@ + (TLS1_get_version(s) < TLS1_2_VERSION)) + continue; + ++ /* Disable RC4 for TLS v1.1+ */ ++ if ((c->algorithm_enc == SSL_RC4) && ++ (TLS1_get_version(s) >= TLS1_1_VERSION)) ++ continue; ++ + ssl_set_cert_masks(cert,c); + mask_k = cert->mask_k; + mask_a = cert->mask_a; +Nur in openssl-1.0.1j-norc4/ssl: s3_lib.c.orig.
[-] [+]	Added	openssl__chacha20_poly1305_draft_and_rfc_ossl102g.patch ^
@@ -0,0 +1,5227 @@ +From d21c75c622eb13a80080ed15fa30474f806a0a0f Mon Sep 17 00:00:00 2001 +From: Vlad Krasnov <vlad@cloudflare.com> +Date: Fri, 12 Feb 2016 18:25:11 -0800 +Subject: [PATCH] Implementation of draft and RFC versions of CHACHA20-POLY1305 + ciphers + +--- + Configure \| 48 +- + Makefile.org \| 4 +- + apps/speed.c \| 30 +- + crypto/chacha20poly1305/Makefile \| 97 +++ + crypto/chacha20poly1305/asm/chacha20_avx.pl \| 408 +++++++++++ + crypto/chacha20poly1305/asm/chacha20_avx2.pl \| 443 ++++++++++++ + crypto/chacha20poly1305/asm/poly1305_avx.pl \| 732 ++++++++++++++++++++ + crypto/chacha20poly1305/asm/poly1305_avx2.pl \| 984 +++++++++++++++++++++++++++ + crypto/chacha20poly1305/asm/poly1305_x64.pl \| 281 ++++++++ + crypto/chacha20poly1305/chacha20.c \| 162 +++++ + crypto/chacha20poly1305/chacha20poly1305.h \| 79 +++ + crypto/chacha20poly1305/chapolytest.c \| 470 +++++++++++++ + crypto/chacha20poly1305/poly1305.c \| 287 ++++++++ + crypto/cryptlib.c \| 10 - + crypto/evp/Makefile \| 7 +- + crypto/evp/e_chacha20poly1305.c \| 435 ++++++++++++ + crypto/evp/evp.h \| 4 + + ssl/s3_lib.c \| 119 ++++ + ssl/ssl.h \| 2 + + ssl/ssl_ciph.c \| 60 +- + ssl/ssl_locl.h \| 2 + + ssl/tls1.h \| 28 + + test/Makefile \| 17 +- + 23 files changed, 4655 insertions(+), 54 deletions(-) + create mode 100644 crypto/chacha20poly1305/Makefile + create mode 100644 crypto/chacha20poly1305/asm/chacha20_avx.pl + create mode 100644 crypto/chacha20poly1305/asm/chacha20_avx2.pl + create mode 100644 crypto/chacha20poly1305/asm/poly1305_avx.pl + create mode 100644 crypto/chacha20poly1305/asm/poly1305_avx2.pl + create mode 100644 crypto/chacha20poly1305/asm/poly1305_x64.pl + create mode 100644 crypto/chacha20poly1305/chacha20.c + create mode 100644 crypto/chacha20poly1305/chacha20poly1305.h + create mode 100644 crypto/chacha20poly1305/chapolytest.c + create mode 100644 crypto/chacha20poly1305/poly1305.c + create mode 100644 crypto/evp/e_chacha20poly1305.c + +diff --git a/Configure b/Configure +index 4a715dc..f3ab6cd 100755 +--- a/Configure ++++ b/Configure +@@ -146,25 +146,25 @@ my $tlib="-lnsl -lsocket"; + my $bits1="THIRTY_TWO_BIT "; + my $bits2="SIXTY_FOUR_BIT "; + +-my $x86_asm="x86cpuid.o:bn-586.o co-586.o x86-mont.o x86-gf2m.o::des-586.o crypt586.o:aes-586.o vpaes-x86.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o:cmll-x86.o:ghash-x86.o:"; ++my $x86_asm="x86cpuid.o:bn-586.o co-586.o x86-mont.o x86-gf2m.o::des-586.o crypt586.o:aes-586.o vpaes-x86.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o:cmll-x86.o:ghash-x86.o::"; + + my $x86_elf_asm="$x86_asm:elf"; + +-my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o:ecp_nistz256.o ecp_nistz256-x86_64.o::aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o::rc4-x86_64.o rc4-md5-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:ghash-x86_64.o aesni-gcm-x86_64.o:"; +-my $ia64_asm="ia64cpuid.o:bn-ia64.o ia64-mont.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::ghash-ia64.o::void"; +-my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o::des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o:aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o::md5-sparcv9.o:sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o::::::camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o:ghash-sparcv9.o::void"; +-my $sparcv8_asm=":sparcv8.o::des_enc-sparc.o fcrypt_b.o:::::::::::::void"; +-my $alpha_asm="alphacpuid.o:bn_asm.o alpha-mont.o::::::sha1-alpha.o:::::::ghash-alpha.o::void"; +-my $mips64_asm=":bn-mips.o mips-mont.o:::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o sha512-mips.o::::::::"; ++my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o:ecp_nistz256.o ecp_nistz256-x86_64.o::aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o::rc4-x86_64.o rc4-md5-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:ghash-x86_64.o aesni-gcm-x86_64.o::chacha20_avx.o chacha20_avx2.o poly1305_x64.o poly1305_avx2.o"; ++my $ia64_asm="ia64cpuid.o:bn-ia64.o ia64-mont.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::ghash-ia64.o:::void"; ++my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o::des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o:aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o::md5-sparcv9.o:sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o::::::camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o:ghash-sparcv9.o:::void"; ++my $sparcv8_asm=":sparcv8.o::des_enc-sparc.o fcrypt_b.o::::::::::::::void"; ++my $alpha_asm="alphacpuid.o:bn_asm.o alpha-mont.o::::::sha1-alpha.o:::::::ghash-alpha.o:::void"; ++my $mips64_asm=":bn-mips.o mips-mont.o:::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o sha512-mips.o:::::::::"; + my $mips32_asm=$mips64_asm; $mips32_asm =~ s/\ssha512\-mips\.o//; +-my $s390x_asm="s390xcap.o s390xcpuid.o:bn-s390x.o s390x-mont.o s390x-gf2m.o:::aes-s390x.o aes-ctr.o aes-xts.o:::sha1-s390x.o sha256-s390x.o sha512-s390x.o::rc4-s390x.o:::::ghash-s390x.o:"; +-my $armv4_asm="armcap.o armv4cpuid.o:bn_asm.o armv4-mont.o armv4-gf2m.o:::aes_cbc.o aes-armv4.o bsaes-armv7.o aesv8-armx.o:::sha1-armv4-large.o sha256-armv4.o sha512-armv4.o:::::::ghash-armv4.o ghashv8-armx.o::void"; +-my $aarch64_asm="armcap.o arm64cpuid.o mem_clr.o::::aes_core.o aes_cbc.o aesv8-armx.o:::sha1-armv8.o sha256-armv8.o sha512-armv8.o:::::::ghashv8-armx.o:"; +-my $parisc11_asm="pariscid.o:bn_asm.o parisc-mont.o:::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::32"; +-my $parisc20_asm="pariscid.o:pa-risc2W.o parisc-mont.o:::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::64"; +-my $ppc64_asm="ppccpuid.o ppccap.o:bn-ppc.o ppc-mont.o ppc64-mont.o:::aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o:::sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o:::::::ghashp8-ppc.o:"; ++my $s390x_asm="s390xcap.o s390xcpuid.o:bn-s390x.o s390x-mont.o s390x-gf2m.o:::aes-s390x.o aes-ctr.o aes-xts.o:::sha1-s390x.o sha256-s390x.o sha512-s390x.o::rc4-s390x.o:::::ghash-s390x.o::"; ++my $armv4_asm="armcap.o armv4cpuid.o:bn_asm.o armv4-mont.o armv4-gf2m.o:::aes_cbc.o aes-armv4.o bsaes-armv7.o aesv8-armx.o:::sha1-armv4-large.o sha256-armv4.o sha512-armv4.o:::::::ghash-armv4.o ghashv8-armx.o:::void"; ++my $aarch64_asm="armcap.o arm64cpuid.o mem_clr.o::::aes_core.o aes_cbc.o aesv8-armx.o:::sha1-armv8.o sha256-armv8.o sha512-armv8.o:::::::ghashv8-armx.o::"; ++my $parisc11_asm="pariscid.o:bn_asm.o parisc-mont.o:::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o:::32"; ++my $parisc20_asm="pariscid.o:pa-risc2W.o parisc-mont.o:::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o:::64"; ++my $ppc64_asm="ppccpuid.o ppccap.o:bn-ppc.o ppc-mont.o ppc64-mont.o:::aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o:::sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o:::::::ghashp8-ppc.o::"; + my $ppc32_asm=$ppc64_asm; +-my $no_asm="::::::::::::::::void"; ++my $no_asm=":::::::::::::::::void"; + + # As for $BSDthreads. Idea is to maintain "collective" set of flags, + # which would cover all BSD flavors. -pthread applies to them all, +@@ -710,6 +710,7 @@ my $idx_wp_obj = $idx++; + my $idx_cmll_obj = $idx++; + my $idx_modes_obj = $idx++; + my $idx_engines_obj = $idx++; ++my $idx_chapoly_obj = $idx++; + my $idx_perlasm_scheme = $idx++; + my $idx_dso_scheme = $idx++; + my $idx_shared_target = $idx++; +@@ -752,6 +753,7 @@ my $bf ="crypto/bf/bf_locl.h"; + my $bn_asm ="bn_asm.o"; + my $des_enc="des_enc.o fcrypt_b.o"; + my $aes_enc="aes_core.o aes_cbc.o"; ++my $chapoly_enc=""; + my $bf_enc ="bf_enc.o"; + my $cast_enc="c_enc.o"; + my $rc4_enc="rc4_enc.o rc4_skey.o"; +@@ -1210,7 +1212,7 @@ $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/\|^[a-zA-Z]:[\\\/] + + print "IsMK1MF=$IsMK1MF\n"; + +-my @fields = split(/\s:\s/,$table{$target} . ":" x 30 , -1); ++my @fields = split(/\s:\s/,$table{$target} . ":" x 31 , -1); + my $cc = $fields[$idx_cc]; + # Allow environment CC to override compiler... + if($ENV{CC}) { +@@ -1239,6 +1241,7 @@ my $wp_obj = $fields[$idx_wp_obj]; + my $cmll_obj = $fields[$idx_cmll_obj]; + my $modes_obj = $fields[$idx_modes_obj]; + my $engines_obj = $fields[$idx_engines_obj]; ++my $chapoly_obj = $fields[$idx_chapoly_obj]; + my $perlasm_scheme = $fields[$idx_perlasm_scheme]; + my $dso_scheme = $fields[$idx_dso_scheme]; + my $shared_target = $fields[$idx_shared_target]; +@@ -1405,7 +1408,7 @@ if ($no_asm) + { + $cpuid_obj=$bn_obj=$ec_obj= + $des_obj=$aes_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj=$cmll_obj= +- $modes_obj=$sha1_obj=$md5_obj=$rmd160_obj=$wp_obj=$engines_obj=""; ++ $modes_obj=$sha1_obj=$md5_obj=$rmd160_obj=$wp_obj=$engines_obj=$chapoly_obj=""; + } + + if (!$no_shared) +@@ -1558,6 +1561,14 @@ $bf_obj=$bf_enc unless ($bf_obj =~ /\.o$/); + $cast_obj=$cast_enc unless ($cast_obj =~ /\.o$/); + $rc4_obj=$rc4_enc unless ($rc4_obj =~ /\.o$/); + $rc5_obj=$rc5_enc unless ($rc5_obj =~ /\.o$/); ++if ($chapoly_obj =~ /\.o$/) ++ { ++ $cflags.=" -DCHAPOLY_x86_64_ASM"; ++ } ++else ++ { ++ $chapoly_obj=$chapoly_enc; ++ } + if ($sha1_obj =~ /\.o$/) + { + # $sha1_obj=$sha1_enc; +@@ -1740,6 +1751,7 @@ while (<IN>) + s/^WP_ASM_OBJ=.$/WP_ASM_OBJ= $wp_obj/; + s/^CMLL_ENC=.$/CMLL_ENC= $cmll_obj/; + s/^MODES_ASM_OBJ.=$/MODES_ASM_OBJ= $modes_obj/; ++ s/^CHAPOLY_ENC=.$/CHAPOLY_ENC= $chapoly_obj/; + s/^ENGINES_ASM_OBJ.=$/ENGINES_ASM_OBJ= $engines_obj/; + s/^PERLASM_SCHEME=.$/PERLASM_SCHEME= $perlasm_scheme/; + s/^PROCESSOR=./PROCESSOR= $processor/; +@@ -1802,6 +1814,7 @@ print "RMD160_OBJ_ASM=$rmd160_obj\n"; + print "CMLL_ENC =$cmll_obj\n"; + print "MODES_OBJ =$modes_obj\n"; + print "ENGINES_OBJ =$engines_obj\n"; ++print "CHAPOLY_ENC =$chapoly_obj\n"; + print "PROCESSOR =$processor\n"; + print "RANLIB =$ranlib\n"; + print "ARFLAGS =$arflags\n"; +@@ -2200,7 +2213,7 @@ sub print_table_entry + my ($cc, $cflags, $unistd, $thread_cflag, $sys_id, $lflags, + $bn_ops, $cpuid_obj, $bn_obj, $ec_obj, $des_obj, $aes_obj, $bf_obj, + $md5_obj, $sha1_obj, $cast_obj, $rc4_obj, $rmd160_obj, +- $rc5_obj, $wp_obj, $cmll_obj, $modes_obj, $engines_obj, ++ $rc5_obj, $wp_obj, $cmll_obj, $modes_obj, $engines_obj, $chapoly_obj, + $perlasm_scheme, $dso_scheme, $shared_target, $shared_cflag, + $shared_ldflag, $shared_extension, $ranlib, $arflags, $multilib)= + split(/\s:\s/,$table{$target} . ":" x 30 , -1); +@@ -2231,6 +2244,7 @@ sub print_table_entry + \$cmll_obj = $cmll_obj + \$modes_obj = $modes_obj + \$engines_obj = $engines_obj ++\$chapoly_obj = $chapoly_obj + \$perlasm_scheme = $perlasm_scheme + \$dso_scheme = $dso_scheme + \$shared_target= $shared_target +diff --git a/Makefile.org b/Makefile.org +index 76fdbdf..6556ef6 100644 +--- a/Makefile.org ++++ b/Makefile.org +@@ -91,6 +91,7 @@ BN_ASM= bn_asm.o + EC_ASM= + DES_ENC= des_enc.o fcrypt_b.o + AES_ENC= aes_core.o aes_cbc.o ++CHAPOLY_ENC= + BF_ENC= bf_enc.o + CAST_ENC= c_enc.o + RC4_ENC= rc4_enc.o +@@ -148,7 +149,7 @@ SDIRS= \ + bn ec rsa dsa ecdsa dh ecdh dso engine \ + buffer bio stack lhash rand err \ + evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ +- cms pqueue ts jpake srp store cmac ++ cms pqueue ts jpake srp store cmac chacha20poly1305 + # keep in mind that the above list is adjusted by ./Configure + # according to no-xxx arguments... + +@@ -234,6 +235,7 @@ BUILDENV= LC_ALL=C PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)'\
	Changed	1.12.34.2-x64.tar.gz ^
	Added	1.13.35.1-x64.tar.gz ^
[-] [+]	Changed	_service ^
@@ -2,11 +2,6 @@ <service name="download_url"> <param name="host">nginx.org</param> <param name="protocol">http</param> - <param name="path">/download/nginx-1.20.1.tar.gz</param> + <param name="path">/download/nginx-1.12.2.tar.gz</param> </service> - <service name="download_url"> - <param name="host">www.openssl.org</param> - <param name="protocol">https</param> - <param name="path">/source/openssl-1.1.1l.tar.gz</param> - </service> -</services> +<service name="download_url"><param name="host">nginx.org</param><param name="protocol">http</param><param name="path">/download/nginx-1.12.2.tar.gz</param></service><service name="download_url"><param name="host">www.openssl.org</param><param name="protocol">https</param><param name="path">/source/openssl-1.1.0g.tar.gz</param></service></services>
	Changed	_service:download_url:nginx-1.12.2.tar.gz ^
	Added	_service:download_url:openssl-1.1.0g.tar.gz ^
	Deleted	_service:download_url:openssl-1.1.1l.tar.gz ^
[-] [+]	Added	blockips.conf ^
@@ -0,0 +1,718 @@ +### updates are avail. at raw.githubusercontent.com/mariusv/nginx-badbot-blocker/master/blockips.conf + + +deny 178.238.234.1; +deny 76.90.254.19; +deny 85.17.26.68; # spammy comments - Leaseweb +deny 85.17.230.23; # spammy comments - Leaseweb +deny 173.234.11.105; # junk referrers +deny 173.234.31.9; # junk referrers - Ubiquityservers +deny 173.234.38.25; # spammy comments +deny 173.234.153.30; # junk referrers +deny 173.234.153.106; # spammy comments - Ubiquityservers +deny 173.234.175.68; # spammy comments +deny 190.152.223.27; # junk referrers +deny 195.191.54.90; # odd behaviour, Mozilla, doesnt fetch js/css. Ended up doing a POST, prob a spambot +deny 195.229.241.174; # spammy comments - United Arab Emirates +deny 210.212.194.60; # junk referrers + spammy comments +deny 76.91.248.49; # bad bot +deny 1.4.0.0/17; +deny 1.10.16.0/20; +deny 1.116.0.0/14; +deny 5.34.242.0/23; +deny 5.72.0.0/14; +deny 5.134.128.0/19; +deny 14.4.0.0/14; +deny 14.245.0.0/16; +deny 23.235.48.0/20; +deny 27.111.48.0/20; +deny 27.122.32.0/20; +deny 27.126.160.0/20; +deny 31.11.43.0/24; +deny 31.222.200.0/21; +deny 36.0.8.0/21; +deny 36.37.48.0/20; +deny 37.139.49.0/24; +deny 37.148.216.0/21; +deny 37.246.0.0/16; +deny 41.72.64.0/19; +deny 42.0.32.0/19; +deny 42.1.56.0/22; +deny 42.1.128.0/17; +deny 42.52.0.0/14; +deny 42.83.80.0/22; +deny 42.96.0.0/18; +deny 42.123.36.0/22; +deny 42.128.0.0/12; +deny 42.160.0.0/12; +deny 42.194.8.0/22; +deny 42.194.12.0/22; +deny 42.194.128.0/17; +deny 43.229.52.0/22; +deny 43.236.0.0/16; +deny 43.250.64.0/22; +deny 43.250.116.0/22; +deny 43.252.80.0/22; +deny 43.252.152.0/22; +deny 43.252.180.0/22; +deny 43.255.188.0/22; +deny 45.64.88.0/22; +deny 45.117.208.0/22; +deny 45.121.144.0/22; +deny 46.29.248.0/22; +deny 46.29.248.0/21; +deny 46.148.112.0/20; +deny 46.151.48.0/21; +deny 46.232.192.0/21; +deny 46.243.140.0/24; +deny 46.243.142.0/24; +deny 49.8.0.0/14; +deny 49.128.104.0/22; +deny 58.87.64.0/18; +deny 59.254.0.0/15; +deny 60.233.0.0/16; +deny 61.11.224.0/19; +deny 61.13.128.0/17; +deny 61.45.251.0/24; +deny 62.182.152.0/21; +deny 64.234.224.0/20; +deny 66.231.64.0/20; +deny 67.213.128.0/20; +deny 67.218.208.0/20; +deny 72.13.16.0/20; +deny 78.31.184.0/21; +deny 78.31.211.0/24; +deny 79.173.104.0/21; +deny 80.76.8.0/21; +deny 81.22.152.0/23; +deny 83.175.0.0/18; +deny 85.121.39.0/24; +deny 86.55.40.0/23; +deny 86.55.42.0/23; +deny 88.135.16.0/20; +deny 91.194.254.0/23; +deny 91.195.254.0/23; +deny 91.198.127.0/24; +deny 91.200.248.0/22; +deny 91.203.20.0/22; +deny 91.207.4.0/22; +deny 91.209.12.0/24; +deny 91.212.104.0/24; +deny 91.212.198.0/24; +deny 91.212.201.0/24; +deny 91.212.220.0/24; +deny 91.213.126.0/24; +deny 91.213.172.0/24; +deny 91.216.3.0/24; +deny 91.217.10.0/23; +deny 91.220.35.0/24; +deny 91.220.62.0/24; +deny 91.220.163.0/24; +deny 91.223.89.0/24; +deny 91.226.97.0/24; +deny 91.229.210.0/24; +deny 91.230.110.0/24; +deny 91.230.252.0/23; +deny 91.234.36.0/24; +deny 91.235.2.0/24; +deny 91.236.74.0/23; +deny 91.236.120.0/24; +deny 91.237.198.0/24; +deny 91.238.82.0/24; +deny 91.239.24.0/24; +deny 91.239.238.0/24; +deny 91.240.163.0/24; +deny 91.240.165.0/24; +deny 91.242.217.0/24; +deny 91.243.115.0/24; +deny 93.175.240.0/20; +deny 94.26.112.0/20; +deny 94.154.128.0/18; +deny 95.216.0.0/15; +deny 101.192.0.0/14; +deny 101.199.0.0/16; +deny 101.202.0.0/16; +deny 101.203.128.0/19; +deny 101.248.0.0/15; +deny 101.252.0.0/15; +deny 103.2.44.0/22; +deny 103.10.68.0/22; +deny 103.12.216.0/22; +deny 103.16.76.0/24; +deny 103.20.36.0/22; +deny 103.23.8.0/22; +deny 103.36.64.0/22; +deny 103.41.124.0/22; +deny 103.41.180.0/22; +deny 103.42.115.0/24; +deny 103.55.28.0/22; +deny 103.57.248.0/22; +deny 103.61.4.0/22; +deny 103.228.60.0/22; +deny 103.229.36.0/22; +deny 103.230.144.0/22; +deny 103.231.84.0/22; +deny 103.232.136.0/22; +deny 103.232.172.0/22; +deny 103.236.32.0/22; +deny 103.242.184.0/22; +deny 104.143.112.0/20; +deny 104.255.136.0/21; +deny 106.96.0.0/14; +deny 108.166.224.0/19; +deny 109.94.208.0/20; +deny 110.44.128.0/20; +deny 110.232.160.0/20; +deny 113.20.160.0/19; +deny 114.8.0.0/16; +deny 115.85.133.0/24; +deny 116.78.0.0/15; +deny 116.128.0.0/10; +deny 116.144.0.0/15; +deny 116.146.0.0/15; +deny 117.100.0.0/15; +deny 118.177.0.0/16; +deny 118.185.0.0/16; +deny 119.232.0.0/16; +deny 120.48.0.0/15; +deny 120.92.0.0/17; +deny 120.92.128.0/18; +deny 120.92.192.0/19; +deny 120.92.224.0/20; +deny 121.100.128.0/18; +deny 122.129.0.0/18; +deny 122.202.96.0/19; +deny 123.136.80.0/20; +deny 124.68.0.0/15; +deny 124.70.0.0/15; +deny 124.157.0.0/18; +deny 124.242.0.0/16; +deny 124.245.0.0/16; +deny 125.31.192.0/18; +deny 125.58.0.0/18; +deny 125.169.0.0/16; +deny 128.13.0.0/16; +deny 128.168.0.0/16; +deny 128.191.0.0/16; +deny 129.47.0.0/16; +deny 129.76.64.0/18; +deny 130.148.0.0/16;
[-] [+]	Changed	changelog ^
@@ -1,9 +1,3 @@ -* Tu Oct 26 2021 Kilian Ries <kr@internetx.com> - 1.20.1 -- 1.20.1 bump -- cleanup old files -- update all modules to latest version -- openssl 1.1.1l - * Sun Mar 05 2016 Juergen Gotteswinter <jg@internetx.com> - 1.9.12-1 - 1.9.12 bump - enabled http splice module @@ -134,4 +128,4 @@ - version bump to 0.7.63 * Fri Oct 23 2009 Juergen Gotteswinter <jg at internetx.de> 0.7.62-3 -- included nginx-socket-patch for unix socket support +- included nginx-socket-patch for unix socket support \ No newline at end of file
[-] [+]	Added	config ^
@@ -0,0 +1,856 @@ + + + + + +<!DOCTYPE html> +<html> + <head> + <meta charset='utf-8'> + <meta http-equiv="X-UA-Compatible" content="chrome=1"> + <title>config at master from bigplum/Nginx-limit-traffic-rate-module - GitHub</title> + <link rel="search" type="application/opensearchdescription+xml" href="/opensearch.xml" title="GitHub" /> + <link rel="fluid-icon" href="https://github.com/fluidicon.png" title="GitHub" /> + + <link href="https://assets0.github.com/stylesheets/bundle_common.css?594c3ba479ae702f0f0215dba898d5fb809fc253" media="screen" rel="stylesheet" type="text/css" /> +<link href="https://assets3.github.com/stylesheets/bundle_github.css?594c3ba479ae702f0f0215dba898d5fb809fc253" media="screen" rel="stylesheet" type="text/css" /> + + <script type="text/javascript"> + if (typeof console == "undefined" \|\| typeof console.log == "undefined") + console = { log: function() {} } + </script> + <script type="text/javascript" charset="utf-8"> + var GitHub = {} + var github_user = null + + </script> + <script src="https://assets2.github.com/javascripts/jquery/jquery-1.4.2.min.js?594c3ba479ae702f0f0215dba898d5fb809fc253" type="text/javascript"></script> + <script src="https://assets2.github.com/javascripts/bundle_common.js?594c3ba479ae702f0f0215dba898d5fb809fc253" type="text/javascript"></script> +<script src="https://assets3.github.com/javascripts/bundle_github.js?594c3ba479ae702f0f0215dba898d5fb809fc253" type="text/javascript"></script> + + + <script type="text/javascript" charset="utf-8"> + GitHub.spy({ + repo: "bigplum/Nginx-limit-traffic-rate-module" + }) + </script> + + + <link href="https://github.com/bigplum/Nginx-limit-traffic-rate-module/commits/master.atom" rel="alternate" title="Recent Commits to Nginx-limit-traffic-rate-module:master" type="application/atom+xml" /> + + <meta name="description" content="Limiting rate by given variables(like $request_uri, $remote_addr, etc..)." /> + <script type="text/javascript"> + GitHub.nameWithOwner = GitHub.nameWithOwner \|\| "bigplum/Nginx-limit-traffic-rate-module"; + GitHub.currentRef = 'master'; + GitHub.commitSHA = "c0c90f55a8cb545559b73eafb91a0af3f2d8474a"; + GitHub.currentPath = 'config'; + GitHub.masterBranch = "master"; + + + </script> + + + <script type="text/javascript"> + var _gaq = _gaq \|\| []; + _gaq.push(['_setAccount', 'UA-3769691-2']); + _gaq.push(['_setDomainName', 'none']); + _gaq.push(['_trackPageview']); + (function() { + var ga = document.createElement('script'); + ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; + ga.setAttribute('async', 'true'); + document.documentElement.firstChild.appendChild(ga); + })(); + </script> + + + </head> + + + + <body class="logged_out page-blob"> + + + + + + + + + + + <div class="subnavd" id="main"> + <div id="header" class="true"> + + <a class="logo boring" href="https://github.com"> + <img src="/images/modules/header/logov3.png?changed" class="default" alt="github" /> + <!--[if (gt IE 8)\|!(IE)]><!--> + <img src="/images/modules/header/logov3-hover.png" class="hover" alt="github" /> + <!--<![endif]--> + </a> + + + <div class="topsearch"> + + <ul class="nav logged_out"> + <li class="pricing"><a href="/plans">Pricing and Signup</a></li> + <li class="explore"><a href="/explore">Explore GitHub</a></li> + <li class="features"><a href="/features">Features</a></li> + <li class="blog"><a href="/blog">Blog</a></li> + <li class="login"><a href="/login?return_to=https://github.com/bigplum/Nginx-limit-traffic-rate-module/blob/master/config">Login</a></li> + </ul> + +</div> + + </div> + + + + + <div class="site"> + <div class="pagehead repohead vis-public "> + + + + <div class="title-actions-bar"> + <h1> + <a href="/bigplum">bigplum</a> / <strong><a href="https://github.com/bigplum/Nginx-limit-traffic-rate-module">Nginx-limit-traffic-rate-module</a></strong> + + + </h1> + + + <ul class="actions"> + + + + <li class="for-owner" style="display:none"><a href="https://github.com/bigplum/Nginx-limit-traffic-rate-module/admin" class="minibutton btn-admin "><span><span class="icon"></span>Admin</span></a></li> + <li> + <a href="/bigplum/Nginx-limit-traffic-rate-module/toggle_watch" class="minibutton btn-watch " id="watch_button" onclick="var f = document.createElement('form'); f.style.display = 'none'; this.parentNode.appendChild(f); f.method = 'POST'; f.action = this.href;var s = document.createElement('input'); s.setAttribute('type', 'hidden'); s.setAttribute('name', 'authenticity_token'); s.setAttribute('value', '5fb90cea03b51d302598461c3969cdb3211d3084'); f.appendChild(s);f.submit();return false;" style="display:none"><span><span class="icon"></span>Watch</span></a> + <a href="/bigplum/Nginx-limit-traffic-rate-module/toggle_watch" class="minibutton btn-watch " id="unwatch_button" onclick="var f = document.createElement('form'); f.style.display = 'none'; this.parentNode.appendChild(f); f.method = 'POST'; f.action = this.href;var s = document.createElement('input'); s.setAttribute('type', 'hidden'); s.setAttribute('name', 'authenticity_token'); s.setAttribute('value', '5fb90cea03b51d302598461c3969cdb3211d3084'); f.appendChild(s);f.submit();return false;" style="display:none"><span><span class="icon"></span>Unwatch</span></a> + </li> + + + <li class="for-notforked" style="display:none"><a href="/bigplum/Nginx-limit-traffic-rate-module/fork" class="minibutton btn-fork " id="fork_button" onclick="var f = document.createElement('form'); f.style.display = 'none'; this.parentNode.appendChild(f); f.method = 'POST'; f.action = this.href;var s = document.createElement('input'); s.setAttribute('type', 'hidden'); s.setAttribute('name', 'authenticity_token'); s.setAttribute('value', '5fb90cea03b51d302598461c3969cdb3211d3084'); f.appendChild(s);f.submit();return false;"><span><span class="icon"></span>Fork</span></a></li> + <li class="for-hasfork" style="display:none"><a href="#" class="minibutton btn-fork " id="your_fork_button"><span><span class="icon"></span>Your Fork</span></a></li> + + + + + + + <li class="repostats"> + <ul class="repo-stats"> + <li class="watchers"><a href="/bigplum/Nginx-limit-traffic-rate-module/watchers" title="Watchers" class="tooltipped downwards">3</a></li> + <li class="forks"><a href="/bigplum/Nginx-limit-traffic-rate-module/network" title="Forks" class="tooltipped downwards">2</a></li> + </ul> + </li> + </ul> + + </div> + + + <ul class="tabs"> + <li><a href="https://github.com/bigplum/Nginx-limit-traffic-rate-module" class="selected" highlight="repo_source">Source</a></li> + <li><a href="https://github.com/bigplum/Nginx-limit-traffic-rate-module/commits/master" highlight="repo_commits">Commits</a></li> + <li><a href="/bigplum/Nginx-limit-traffic-rate-module/network" highlight="repo_network">Network</a></li> + <li><a href="/bigplum/Nginx-limit-traffic-rate-module/pulls" highlight="repo_pulls">Pull Requests (0)</a></li> + + + + + + <li><a href="/bigplum/Nginx-limit-traffic-rate-module/issues" highlight="issues">Issues (0)</a></li> + + + + <li><a href="/bigplum/Nginx-limit-traffic-rate-module/graphs" highlight="repo_graphs">Graphs</a></li> + + <li class="contextswitch nochoices"> + <span class="toggle leftwards" > + <em>Branch:</em> + <code>master</code> + </span> + </li> + </ul> + + <div style="display:none" id="pl-description"><p><em class="placeholder">click here to add a description</em></p></div> + <div style="display:none" id="pl-homepage"><p><em class="placeholder">click here to add a homepage</em></p></div> + + <div class="subnav-bar"> + + <ul> + <li> + <a href="#" class="dropdown">Switch Branches (1)</a> + <ul> + + + <li><strong>master ✓</strong></li> + + </ul> + </li> + <li> + <a href="#" class="dropdown defunct">Switch Tags (0)</a> + + </li> + <li> + + <a href="/bigplum/Nginx-limit-traffic-rate-module/branches" class="manage">Branch List</a> +
	Deleted	cscope.tmplst ^
[-] [+]	Added	magento-sample.conf-disabled ^
@@ -0,0 +1,113 @@ +server { + include /etc/nginx/port.conf; + server_name example.com; + return 301 $scheme://www.example.com$request_uri; +} + +server { + include /etc/nginx/port.conf; + #listen 443 ssl; + server_name www.example.com; ## Domain is here + root /var/www/html; + access_log /var/log/nginx/access_www.example.com.log main; + + if ($http_user_agent = "") { return 444;} + + #################################################################################### + ## SSL CONFIGURATION + + #ssl_certificate /etc/ssl/certs/www_server_com.chained.crt; + #ssl_certificate_key /etc/ssl/certs/server.key; + + #################################################################################### + ## Server maintenance block. insert dev ip 1.2.3.4 static address www.whatismyip.com + + #if ($remote_addr !~ "^(1.2.3.4\|1.2.3.4)$") { + #return 503; + #} + + #error_page 503 @maintenance; + #location @maintenance { + #rewrite ^(.)$ /error_page/503.html break; + #internal; + #access_log off; + #log_not_found off; + #} + + #################################################################################### + ## 403 error log/page + + #error_page 403 /403.html; + #location = /403.html { + #root /var/www/html/error_page; + #internal; + #access_log /var/log/nginx/403.log error403; + #} + + #################################################################################### + ## Main Magento location + + location / { + try_files $uri $uri/ @handler; + } + + #################################################################################### + ## These locations would be hidden by .htaccess normally, protected + + location ~ (/(app/\|includes/\|pkginfo/\|var/\|errors/local.xml)\|/\.) { + deny all; + } + + #################################################################################### + ## Protecting /admin/ and /downloader/ 1.2.3.4 = static ip (www.whatismyip.com) + + #location /downloader/ { + #allow 1.2.3.4; allow 1.2.3.4; deny all; + #rewrite ^/downloader/(.)$ /downloader/index.php$1; + #} + #location /admin { + #allow 1.2.3.4; allow 1.2.3.4; deny all; + #rewrite / /@handler; + #} + + #################################################################################### + ## Images, scripts and styles set far future Expires header + + location ~* \.(js\|css\|png\|jpg\|jpeg\|gif\|ico)$ { + open_file_cache max=10000 inactive=8h; + open_file_cache_valid 1h; + open_file_cache_min_uses 2; + open_file_cache_errors off; + expires max; + log_not_found off; + access_log off; + } + + #################################################################################### + ## Main Magento location + + location @handler { + rewrite / /index.php?$args; + } + + location ~ .php/ { ## Forward paths like /js/index.php/x.js to relevant handler + rewrite ^(.*.php)/ $1 last; + } + + #################################################################################### + ## Execute PHP scripts + + location ~ .php$ { + add_header X-UA-Compatible 'IE=Edge,chrome=1'; + add_header X-Time-Spent $request_time; + try_files $uri $uri/ =404; + fastcgi_pass 127.0.0.1:9000; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + ## Store code with multi domain + #fastcgi_param MAGE_RUN_CODE $storecode; + ## Default Store code + fastcgi_param MAGE_RUN_CODE default; + fastcgi_param MAGE_RUN_TYPE store; ## or website; + include fastcgi_params; ## See /etc/nginx/fastcgi_params + } + }
[-] [+]	Changed	naxsi-0.55.3.tar.gz/.travis.yml ^
@@ -10,7 +10,7 @@ env: global: - VER_NGINX=1.9.11 - - COV=0 + - COV=1 compiler: - clang @@ -27,7 +27,7 @@ - cd ./naxsi_src - if [ "$CC" == "clang" ]; then COV=0; fi - make - - sudo cpanm -v --notest Test::Nginx + - cpanm -v --notest Test::Nginx before_script: - lcov --directory "../nginx-${VER_NGINX}" --zerocounters @@ -39,3 +39,7 @@ - cat /tmp/ngx_error.log - cat /tmp/ngx_access.log +after_success: + - lcov --list naxsi.info + - coveralls-lcov --repo-token ${COVERALLS_TOKEN} naxsi.info +
[-] [+]	Changed	naxsi-0.55.3.tar.gz/README.md ^
@@ -4,8 +4,6 @@ [![travis-ci](https://travis-ci.org/nbs-system/naxsi.svg?branch=master)](https://travis-ci.org/nbs-system/naxsi) [![coveralls](https://coveralls.io/repos/github/nbs-system/naxsi/badge.svg?branch=master)](https://coveralls.io/github/nbs-system/naxsi?branch=master) [![codecov](http://codecov.io/github/nbs-system/naxsi/coverage.svg?branch=master)](http://codecov.io/github/nbs-system/naxsi?branch=master) -[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/740/badge)](https://bestpractices.coreinfrastructure.org/projects/740) -[![Gitter](https://img.shields.io/gitter/room/nwjs/nw.js.svg)](https://gitter.im/nbs-system/naxsi) ### We need your help @@ -43,7 +41,7 @@ and free (as in free beer) to use. ## What does it run on? -Naxsi should be compatible with any nginx version. +Naxsi is compatible with any nginx version, although it currently doesn't play well with the new HTTPv2 protocol added in recent nginx versions. See [issue #227]( https://github.com/nbs-system/naxsi/issues/227 ) for more details. It depends on `libpcre` for its regexp support, and is reported to work great on NetBSD, FreeBSD, OpenBSD, Debian, Ubuntu and CentOS. @@ -52,12 +50,3 @@ - The [documentation](https://github.com/nbs-system/naxsi/wiki) - Some [rules]( https://github.com/nbs-system/naxsi-rules ) for mainstream software - The [nxapi/nxtool]( https://github.com/nbs-system/naxsi/tree/master/nxapi ) to generate rules - - -<img alt="nxapi-dashboard logo" src="https://raw.githubusercontent.com/wiki/nbs-system/naxsi/Images/kibana.png" align="center"/> - -## Security issues -If you find a security issue, please send it by email to `tko@nbs-system.com`; -you can use the gpg key -[0x251A28DE2685AED4](https://pgp.mit.edu/pks/lookup?op=vindex&search=0x251A28DE2685AED4) -to encrypt it.
[-] [+]	Changed	naxsi-0.55.3.tar.gz/naxsi_config/naxsi_core.rules ^
@@ -69,7 +69,7 @@ MainRule "str:]" "msg:close square bracket (]), possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; MainRule "str:~" "msg:tilde (~) character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; MainRule "str:`" "msg:grave accent (`)" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -MainRule "rx:%[23]." "msg:double encoding" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +MainRule "rx:%[2\|3]." "msg:double encoding" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; #################################### ## Evading tricks IDs: 1400-1500 ##
[-] [+]	Changed	naxsi-0.55.3.tar.gz/naxsi_src/Makefile ^
@@ -1,113 +1,75 @@ CORE_VERS := $(shell grep NAXSI_VERSION naxsi.h \| cut -d '"' -f 2) MOD_PATH := $(shell pwd) -TMP_DIR := /tmp/nginx/ +TMP_DIR := /tmp/nginx/ # Keys for coverity CAN := CAK := -#Mode: coverage, fuzz, or base -COV ?= 0 -FUZZ ?= 0 -STOCK ?= 1 +#Set to 1 if you want coverage report +COV ?= 1 #Allows to force for specific UT only -#TEST := "" -NGINX_VERS := "1.12.2" +#TEST := "29.t" +NGINX_VERS := "1.9.11" - -NGINX_OPTIONS="--with-select_module" +NGINX_OPTIONS="--error-log-path=/tmp/naxsi_ut/error.log" NGINX_OPTIONS+="--conf-path=/tmp/naxsi_ut/nginx.conf" NGINX_OPTIONS+="--http-client-body-temp-path=/tmp/naxsi_ut/body/" NGINX_OPTIONS+="--http-fastcgi-temp-path=/tmp/naxsi_ut/fastcgi/" +NGINX_OPTIONS+="--http-log-path=/tmp/naxsi_ut/access.log" NGINX_OPTIONS+="--http-proxy-temp-path=/tmp/naxsi_ut/proxy/" NGINX_OPTIONS+="--lock-path=/tmpnginx.lock" NGINX_OPTIONS+="--pid-path=/tmp/naxsi_ut/nginx.pid" NGINX_OPTIONS+="--modules-path=/tmp/naxsi_ut/modules/" +NGINX_OPTIONS+="--with-http_ssl_module" NGINX_OPTIONS+="--without-mail_pop3_module" NGINX_OPTIONS+="--without-mail_smtp_module" NGINX_OPTIONS+="--without-mail_imap_module" -NGINX_OPTIONS+="--with-http_v2_module" NGINX_OPTIONS+="--without-http_uwsgi_module" NGINX_OPTIONS+="--without-http_scgi_module" -#dynamic or not NGINX_OPTIONS+="--add-dynamic-module=$(MOD_PATH)" +NGINX_OPTIONS+="--add-dynamic-module=$(MOD_PATH)" +NGINX_OPTIONS+="--with-ipv6" NGINX_OPTIONS+="--prefix=/tmp" +NGINX_OPTIONS+="--with-debug" -CFLAGS:="-Wall -Wextra -Werror" +CFLAGS:="-Wall -Wextra" all: nginx_download configure build install deploy re: clean all test - -FUZZ_PATH := "../fuzz" -AFL_PATH := $(PWD)"/"$(FUZZ_PATH)"/afl/" - -install_afl: - mkdir -p $(FUZZ_PATH) - cd $(FUZZ_PATH) && (wget -nc --no-clobber "http://lcamtuf.coredump.cx/afl/releases/afl-latest.tgz" \|\| exit 1) - cd $(FUZZ_PATH) && (test -d $(AFL_PATH) \|\| (mkdir $(FUZZ_PATH)"/afl" && tar -C $(AFL_PATH)/ -xzf afl-latest.tgz --strip-components=1)) - cd $(FUZZ_PATH) && (make -C $(AFL_PATH) && make -C $(AFL_PATH)"/llvm_mode" clean all afl-clang-fast) - -install_preeny: - cd $(FUZZ_PATH) && (test -d preeny \|\| git clone https://github.com/zardus/preeny.git) - cd $(FUZZ_PATH) && make -C preeny/src/ - -fuzz_build: install_afl install_preeny - mkdir -p $(FUZZ_PATH) - STOCK=0 FUZZ=1 make nginx_download - cd $(TMP_DIR) && patch -p1 "./src/core/ngx_cycle.c" < $(MOD_PATH)"/../t/confs/ngx_cycle.patch" - cd $(TMP_DIR) && patch -p1 "./src/os/unix/ngx_process_cycle.c" < $(MOD_PATH)"/../t/confs/ngx_process_cycle.patch" - STOCK=0 FUZZ=1 make configure build install deploy - -fuzz: - LD_PRELOAD=$(FUZZ_PATH)"/preeny/src/desock.so" $(AFL_PATH)"afl-fuzz" -t 10 -i "../t/fuzz/" -o $(FUZZ_PATH)/findings $(TMP_DIR)/objs/nginx - clean: rm -f "nginx-"$(NGINX_VERS)".tar.gz" rm -f "nginx-"$(NGINX_VERS)".tar.gz.asc" rm -rf /tmp/naxsi_ut/ rm -rf $(TMP_DIR)/ - rm -rf $(FUZZ_PATH)/ nginx_download: wget --no-clobber "http://nginx.org/download/nginx-"$(NGINX_VERS)".tar.gz" \|\| exit 1 wget --no-clobber "http://nginx.org/download/nginx-"$(NGINX_VERS)".tar.gz.asc" \|\| exit 1 -# gpg --keyserver pgp.key-server.io --recv-keys 0x251a28de2685aed4 0x520A9993A1C052F8 -# gpg --verify "nginx-"$(NGINX_VERS)".tar.gz.asc" "nginx-"$(NGINX_VERS)".tar.gz" \|\| exit 1 + gpg --keyserver pgp.key-server.io --recv-keys 0x251a28de2685aed4 0x520A9993A1C052F8 + gpg --verify "nginx-"$(NGINX_VERS)".tar.gz.asc" "nginx-"$(NGINX_VERS)".tar.gz" \|\| exit 1 mkdir -p $(TMP_DIR)/ tar -C $(TMP_DIR)/ -xzf nginx-$(NGINX_VERS).tar.gz --strip-components=1 configure: -#build non dynamic module (faster) for fuzz/afl -ifeq ($(FUZZ),1) - cd $(TMP_DIR)/ && AFL_PATH=$(AFL_PATH) ./configure --with-cc=$(AFL_PATH)"/llvm_mode/afl-clang-fast" --with-cc-opt="-O3" $(NGINX_OPTIONS) --add-module=$(MOD_PATH) --error-log-path=/dev/null --http-log-path=/dev/null -endif - ifeq ($(COV),1) - cd $(TMP_DIR)/ && ./configure --with-cc-opt="--coverage -g3 -gstabs" --with-ld-opt="-lgcov" $(NGINX_OPTIONS) --add-dynamic-module=$(MOD_PATH) --error-log-path=/tmp/naxsi_ut/error.log --conf-path=/tmp/naxsi_ut/nginx.conf -endif - -ifeq ($(STOCK),1) - cd $(TMP_DIR)/ && ./configure --with-cc-opt="-g3 -ggdb" $(NGINX_OPTIONS) --add-dynamic-module=$(MOD_PATH) --error-log-path=/tmp/naxsi_ut/error.log --conf-path=/tmp/naxsi_ut/nginx.conf + cd $(TMP_DIR)/ && ./configure --with-cc-opt="--coverage -g3 -gstabs" --with-ld-opt="-lgcov" $(NGINX_OPTIONS) +else + cd $(TMP_DIR)/ && ./configure --with-cc-opt="-g3 -ggdb" $(NGINX_OPTIONS) endif - build: - AFL_PATH=$(AFL_PATH) make -C $(TMP_DIR) - if [ -d "/tmp/naxsi_ut" ] && [ -f $(TMP_DIR)/objs/ngx_http_naxsi_module.so ] ; then cp $(TMP_DIR)/objs/ngx_http_naxsi_module.so /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so ; fi + cd $(TMP_DIR)/ && make + if [ -d "/tmp/naxsi_ut" ] ; then cp $(TMP_DIR)/objs/ngx_http_naxsi_module.so /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so ; fi install: - make -C $(TMP_DIR) install + cd $(TMP_DIR)/ && make install -deploy: -ifeq ($(FUZZ),1) - @cp ../t/confs/nginx_fuzz.conf.example /tmp/naxsi_ut/nginx.conf -else - @cp ../t/confs/nginx.conf.example /tmp/naxsi_ut/nginx.conf -endif +deploy: + @cp ./nginx.conf.example /tmp/naxsi_ut/nginx.conf @cp ../naxsi_config/naxsi_core.rules /tmp/naxsi_ut/naxsi_core.rules - @openssl req -batch -x509 -nodes -days 365 -newkey rsa:2048 -keyout /tmp/nginx.key -out /tmp/nginx.crt # RUN UNIT TESTS @@ -115,10 +77,13 @@ ifeq ($(COV),1) lcov --directory $(TMP_DIR) --zerocounters endif + if [ ! $(TEST) ] ; then TEST=".t" ; fi + export PATH="$(TMP_DIR)/objs/:"$(PATH) ; \ - export PERL5LIB="~/perl5/lib/perl5/" ;\ + export PERL5LIB="~/perl5/lib/perl5/:/home/travis/perl5/lib/perl5/" ; \ cd .. ; prove -r "t/$(TEST)" + ifeq ($(COV),1) lcov --directory $(TMP_DIR)/objs/addon/naxsi_src/ --capture --output-file naxsi.info --base-directory $(TMP_DIR) genhtml -s -o /tmp/naxsicov.html naxsi.info
[-] [+]	Changed	naxsi-0.55.3.tar.gz/naxsi_src/naxsi.h ^
@@ -32,7 +32,7 @@ #ifndef __FOO_H__ #define __FOO_H__ -#define NAXSI_VERSION "0.56" +#define NAXSI_VERSION "0.55.3" #include <nginx.h> #include <ngx_config.h> @@ -548,7 +548,6 @@ ngx_http_request_t r); int nx_check_ids(ngx_int_t match_id, ngx_array_t wl_ids); int naxsi_unescape(ngx_str_t str); -u_int naxsi_escape_nullbytes(ngx_str_t str); void ngx_http_dummy_json_parse(ngx_http_request_ctx_t ctx, ngx_http_request_t r,
[-] [+]	Changed	naxsi-0.55.3.tar.gz/naxsi_src/naxsi_json.c ^
@@ -91,7 +91,6 @@ if ((js->src+js->off) == '\\') { js->off += 2; if (js->off >= js->len) break; - continue; } if ((js->src+js->off) == '"') { vn_end = js->src+js->off; @@ -162,7 +161,7 @@ ngx_http_basestr_ruleset_n(js->r->pool, &js->ckey, &val, js->main_cf->body_rules, js->r, js->ctx, BODY); - NX_DEBUG(_debug_json, NGX_LOG_DEBUG_HTTP, js->r->connection->log, 0, "quoted-JSON '%V' : '%V'", + NX_DEBUG(_debug_json, NGX_LOG_DEBUG_HTTP, js->r->connection->log, 0, "JSON '%V' : '%V'", &(js->ckey), &(val)); } return (ret); @@ -319,7 +318,7 @@ { ngx_json_t *js; - + js = ngx_pcalloc(r->pool, sizeof(ngx_json_t)); if (!js) return ; js->json.data = js->src = src; @@ -328,7 +327,7 @@ js->ctx = ctx; js->loc_cf = ngx_http_get_module_loc_conf(r, ngx_http_naxsi_module); js->main_cf = ngx_http_get_module_main_conf(r, ngx_http_naxsi_module); - + if (ngx_http_nx_json_seek(js, '{')) { ngx_http_apply_rulematch_v_n(&nx_int__invalid_json, ctx, r, NULL, NULL, BODY, 1, 0); return ;
[-] [+]	Changed	naxsi-0.55.3.tar.gz/naxsi_src/naxsi_runtime.c ^
@@ -108,14 +108,6 @@ ngx_http_rule_t nx_int__libinject_sql; /ID:17/ ngx_http_rule_t nx_int__libinject_xss; /ID:18/ -ngx_http_rule_t nx_int__no_rules = {/type/ 0, /whitelist flag/ 0, - /wl_id ptr/ NULL, /rule_id/ 19, - /log_msg/ NULL, /score/ 0, - /sscores/ NULL, - /sc_block/ 0, /sc_allow/ 0, - /block/ 0, /allow/ 0, /drop/ 1, /log/ 0, - /br ptrs/ NULL}; - @@ -349,44 +341,38 @@ } ngx_http_whitelist_rule_t * -nx_find_wl_in_hash( - ngx_http_request_t req, - ngx_str_t mstr, - ngx_http_dummy_loc_conf_t cf, - enum DUMMY_MATCH_ZONE zone) +nx_find_wl_in_hash(ngx_str_t mstr, + ngx_http_dummy_loc_conf_t cf, + enum DUMMY_MATCH_ZONE zone) { + ngx_int_t k; ngx_http_whitelist_rule_t b = NULL; size_t i; - ngx_str_t scratch = {.data = mstr->data, .len = mstr->len}; - - if (zone == HEADERS) { - scratch.data = ngx_pcalloc(req->pool, scratch.len+1); - memcpy(scratch.data, mstr->data, scratch.len); - } - - for (i = 0; i < scratch.len; i++) - scratch.data[i] = tolower(scratch.data[i]); - - k = ngx_hash_key_lc(scratch.data, scratch.len); + + for (i = 0; i < mstr->len; i++) + mstr->data[i] = tolower(mstr->data[i]); + + k = ngx_hash_key_lc(mstr->data, mstr->len); + if ((zone == BODY \|\| zone == FILE_EXT) && cf->wlr_body_hash && cf->wlr_body_hash->size > 0) b = (ngx_http_whitelist_rule_t) ngx_hash_find(cf->wlr_body_hash, k, - (u_char) scratch.data, - scratch.len); + (u_char) mstr->data, + mstr->len); else if (zone == HEADERS && cf->wlr_headers_hash && cf->wlr_headers_hash->size > 0) b = (ngx_http_whitelist_rule_t) ngx_hash_find(cf->wlr_headers_hash, k, - (u_char) scratch.data, - scratch.len); + (u_char) mstr->data, + mstr->len); else if (zone == URL && cf->wlr_url_hash && cf->wlr_url_hash->size > 0) b = (ngx_http_whitelist_rule_t) ngx_hash_find(cf->wlr_url_hash, k, - (u_char) scratch.data, - scratch.len); + (u_char) mstr->data, + mstr->len); else if (zone == ARGS && cf->wlr_args_hash && cf->wlr_args_hash->size > 0) b = (ngx_http_whitelist_rule_t) ngx_hash_find(cf->wlr_args_hash, k, - (u_char) scratch.data, - scratch.len); + (u_char) mstr->data, + mstr->len); return (b); } @@ -653,7 +639,7 @@ if (name->len > 0) { NX_DEBUG(_debug_whitelist_compat, NGX_LOG_DEBUG_HTTP, req->connection->log, 0, "hashing varname [%V] (rule:%d) - 'wl:X_VAR:%V'", name, r->rule_id, name); /* try to find in hashtables / - b = nx_find_wl_in_hash(req, name, cf, zone); + b = nx_find_wl_in_hash(name, cf, zone); if (b && ngx_http_dummy_is_whitelist_adapted(b, name, zone, r, req, NAME_ONLY, target_name)) return (1); /prefix hash with '#', to find whitelists that would be done only on ARGS_VAR:X\|NAME / @@ -663,7 +649,7 @@ tmp_hashname.data[0] = '#'; memcpy(tmp_hashname.data+1, name->data, name->len); NX_DEBUG(_debug_whitelist_compat, NGX_LOG_DEBUG_HTTP, req->connection->log, 0, "hashing varname [%V] (rule:%d) - 'wl:X_VAR:%V\|NAME'", name, r->rule_id, name); - b = nx_find_wl_in_hash(req, &tmp_hashname, cf, zone); + b = nx_find_wl_in_hash(&tmp_hashname, cf, zone); ngx_pfree(req->pool, tmp_hashname.data); tmp_hashname.data = NULL; if (b && ngx_http_dummy_is_whitelist_adapted(b, name, zone, r, req, NAME_ONLY, target_name)) @@ -699,7 +685,7 @@ tmp_hashname.len = req->uri.len; ngx_memcpy(tmp_hashname.data, req->uri.data, req->uri.len); NX_DEBUG(_debug_whitelist_compat, NGX_LOG_DEBUG_HTTP, req->connection->log, 0, "hashing uri#1 [%V] (rule:%d) ($URL:X\|URI)", &(tmp_hashname), r->rule_id); - b = nx_find_wl_in_hash(req, &(tmp_hashname), cf, zone); + b = nx_find_wl_in_hash(&(tmp_hashname), cf, zone); ngx_pfree(req->pool, tmp_hashname.data); tmp_hashname.data = NULL; if (b && ngx_http_dummy_is_whitelist_adapted(b, name, zone, r, req, URI_ONLY, target_name)) @@ -713,7 +699,7 @@ tmp_hashname.data[0] = '#'; ngx_memcpy(tmp_hashname.data+1, req->uri.data, req->uri.len); NX_DEBUG(_debug_whitelist_compat, NGX_LOG_DEBUG_HTTP, req->connection->log, 0, "hashing uri#3 [%V] (rule:%d) ($URL:X\|ZONE\|NAME)", &(tmp_hashname), r->rule_id); - b = nx_find_wl_in_hash(req, &(tmp_hashname), cf, zone); + b = nx_find_wl_in_hash(&(tmp_hashname), cf, zone); ngx_pfree(req->pool, tmp_hashname.data); tmp_hashname.data = NULL; if (b && ngx_http_dummy_is_whitelist_adapted(b, name, zone, r, req, URI_ONLY, target_name)) @@ -732,7 +718,7 @@ strncat((char)tmp_hashname.data, (char)name->data, name->len); NX_DEBUG(_debug_whitelist_compat, NGX_LOG_DEBUG_HTTP, req->connection->log, 0, "hashing MIX [%V] ($URL:x\|$X_VAR:y) or ($URL:x\|$X_VAR:y\|NAME)", &tmp_hashname); - b = nx_find_wl_in_hash(req, &(tmp_hashname), cf, zone); + b = nx_find_wl_in_hash(&(tmp_hashname), cf, zone); ngx_pfree(req->pool, tmp_hashname.data); if (b && ngx_http_dummy_is_whitelist_adapted(b, name, zone, r, req, MIXED, target_name)) @@ -811,10 +797,6 @@ if (!tmp_uri) return (NGX_ERROR); ret_uri = tmp_uri; - - if (r->uri.len >= (NGX_MAX_UINT32_VALUE/4)-1) { - r->uri.len /= 4; - } tmp_uri->len = r->uri.len + (2 * ngx_escape_uri(NULL, r->uri.data, r->uri.len, NGX_ESCAPE_ARGS)); @@ -898,21 +880,9 @@ strcat(tmp_zone, "FILE_EXT"); if (mr[i].target_name) strcat(tmp_zone, "\|NAME"); - - ngx_str_t tmp_val; - - if (mr[i].name->len >= (NGX_MAX_UINT32_VALUE/4)-1) { - mr[i].name->len /= 4; - } - - tmp_val.len = mr[i].name->len + (2 * ngx_escape_uri(NULL, mr[i].name->data, mr[i].name->len, NGX_ESCAPE_URI_COMPONENT)); - - tmp_val.data = ngx_pcalloc(r->pool, tmp_val.len+1); - ngx_escape_uri(tmp_val.data, mr[i].name->data, mr[i].name->len, NGX_ESCAPE_URI_COMPONENT); - sub = snprintf(0, 0, fmt_rm, i, tmp_zone, i, - mr[i].rule->rule_id, i, tmp_val.len, - tmp_val.data); + mr[i].rule->rule_id, i, mr[i].name->len, + mr[i].name->data); /* This one would not fit : append a seed to the current fragment, @@ -926,7 +896,7 @@ } sub = snprintf((char )fragment->data+offset, sz_left, fmt_rm, i, tmp_zone, i, mr[i].rule->rule_id, i, - tmp_val.len, tmp_val.data); + mr[i].name->len, mr[i].name->data); if (sub >= sz_left) sub = sz_left - 1; offset += sub; @@ -1196,7 +1166,7 @@ / int ngx_http_spliturl_ruleset(ngx_pool_t pool, - ngx_str_t nx_str, + char str, ngx_array_t rules, ngx_array_t main_rules, ngx_http_request_t req, @@ -1204,23 +1174,14 @@ enum DUMMY_MATCH_ZONE zone) { ngx_str_t name, val; - char eq, ev, orig, str; + char eq, ev, orig; int len, full_len; int nullbytes=0; - - - if (naxsi_escape_nullbytes(nx_str) > 0) { - ngx_str_t dummy; - dummy.data = NULL; - dummy.len = 0; - ngx_http_apply_rulematch_v_n(&nx_int__uncommon_hex_encoding, ctx, req, &dummy, &dummy, zone, 1, 0); - } - str = (char )nx_str->data; - NX_DEBUG(_debug_spliturl_ruleset, NGX_LOG_DEBUG_HTTP, req->connection->log, 0, "XX-check url-like [%s]", str); - + + orig = str; full_len = strlen(orig); while (str < (orig+full_len) && str) { @@ -1340,8 +1301,8 @@ enum DUMMY_MATCH_ZONE zone) { / Libinjection integration : - 1 - check if libinjection_sql is explicitly enabled - 2 - check if libinjection_xss is explicitly enabled + 1 - check if libinjection_sql is explicitely enabled + 2 - check if libinjection_xss is explicitely enabled if 1 is true : perform check on both name and content, in case of match, apply internal rule increasing the LIBINJECTION_SQL score @@ -1384,12 +1345,12 @@ } int -ngx_http_basestr_ruleset_n(ngx_pool_t pool, +ngx_http_basestr_ruleset_n(ngx_pool_t pool, ngx_str_t name, ngx_str_t value, - ngx_array_t rules, - ngx_http_request_t req, - ngx_http_request_ctx_t ctx, + ngx_array_t rules, + ngx_http_request_t req, + ngx_http_request_ctx_t ctx, enum DUMMY_MATCH_ZONE zone) { ngx_http_rule_t r; @@ -1428,7 +1389,7 @@ "XX-RULE %d : START", r[i].rule_id); / does the rule have a custom location ? custom location means checking only on a specific argument / - if (name && r[i].br->custom_location) { + if (name && name->len > 0 && r[i].br->custom_location) { location = r[i].br->custom_locations->elts; / @@ -1440,23 +1401,18 @@ / for (z = 0; z < r[i].br->custom_locations->nelts; z++) { - if (location[z].specific_url) { + if (location[z].specific_url) { + / if matchzone is a regex, ensure it matches (ie. BODY_VAR_X / ARGS_VAR_X / ..) / - if (r[i].br->rx_mz) { - - if (ngx_http_dummy_pcre_wrapper(location[z].target_rx, req->uri.data, req->uri.len) == -1) { - uri_constraint_ok = 0; - } - } + if (r[i].br->rx_mz && ngx_http_dummy_pcre_wrapper(location[z].target_rx, req->uri.data, req->uri.len) == -1) + uri_constraint_ok = 0; / if it was a static string, ensure it matches (ie. BODY_VAR / ARGS_VAR / ..) / - if (!r[i].br->rx_mz) { - if (req->uri.len != location[z].target.len \|\| strncasecmp((const char ) req->uri.data, - (const char ) location[z].target.data, - req->uri.len) != 0) { - uri_constraint_ok = 0; - } - } + if ( (!r[i].br->rx_mz) && strncasecmp((const char ) req->uri.data, + (const char ) location[z].target.data, + req->uri.len) ) + uri_constraint_ok = 0; + break; } } @@ -1465,11 +1421,8 @@ * if one of the custom location rule specifies an $URL/$URL_X ** and it was mismatched, skip the rule. / - if (uri_constraint_ok == 0) { - NX_DEBUG(_debug_basestr_ruleset , NGX_LOG_DEBUG_HTTP, req->connection->log, 0, - "XX URI CONSTRAINT MISMATCH, SKIP"); + if (uri_constraint_ok == 0) continue; - } / for each custom location / for (z = 0; z < r[i].br->custom_locations->nelts; z++) { @@ -1480,7 +1433,7 @@ !(zone == HEADERS && location[z].headers_var != 0) && !(zone == ARGS && location[z].args_var != 0)) continue; - + / if matchzone is a regex, ensure it matches (ie. BODY_VAR_X / ARGS_VAR_X / ..) / if (r[i].br->rx_mz && ngx_http_dummy_pcre_wrapper(location[z].target_rx, name->data, name->len) == -1) continue; @@ -1492,6 +1445,7 @@ location[z].target.len)) ) continue; + NX_DEBUG(_debug_basestr_ruleset, NGX_LOG_DEBUG_HTTP, req->connection->log, 0, "XX-[SPECIFIC] check one rule [%d] iteration %d %d", r[i].rule_id, i, z); @@ -1536,25 +1490,20 @@ (zone == FILE_EXT && r[i].br->file_ext) ) { - /* - If the Rule specifically** targets name (ie. mz:BODY\|NAME), only check against name - / - if (!r[i].br->target_name) { - NX_DEBUG(_debug_basestr_ruleset, NGX_LOG_DEBUG_HTTP, req->connection->log, 0, - "XX-test rulematch (value) [zone-wide]!1 [%V]=[%V] [rule =%d] (%d times)", name, value, r[i].rule_id, nb_match); - + NX_DEBUG(_debug_basestr_ruleset, NGX_LOG_DEBUG_HTTP, req->connection->log, 0, + "XX-test rulematch [zone-wide]!1 [%V]=[%V] [rule =%d] (%d times)", name, value, r[i].rule_id, nb_match); + - / check the rule against the value/ - ret = ngx_http_process_basic_rule_buffer(value, &(r[i]), &nb_match); - /if our rule matched, apply effects (score etc.)/ - if (ret == 1) { - NX_DEBUG(_debug_basestr_ruleset, NGX_LOG_DEBUG_HTTP, req->connection->log, 0, - "XX-apply rulematch (value) [%V]=[%V] [rule=%d] (%d times)", name, value, r[i].rule_id, nb_match); - - ngx_http_apply_rulematch_v_n(&(r[i]), ctx, req, name, value, zone, nb_match, 0); - } + / check the rule against the value/ + ret = ngx_http_process_basic_rule_buffer(value, &(r[i]), &nb_match); + /if our rule matched, apply effects (score etc.)/ + if (ret == 1) { + NX_DEBUG(_debug_basestr_ruleset, NGX_LOG_DEBUG_HTTP, req->connection->log, 0, + "XX-apply rulematch!1 [%V]=[%V] [rule=%d] (%d times)", name, value, r[i].rule_id, nb_match); + + ngx_http_apply_rulematch_v_n(&(r[i]), ctx, req, name, value, zone, nb_match, 0); } - + if (!r[i].br->negative) { NX_DEBUG(_debug_basestr_ruleset, NGX_LOG_DEBUG_HTTP, req->connection->log, 0, "XX-test rulematch [against-name]!1 [%V]=[%V] [rule=%d] (%d times)", name, value, r[i].rule_id, nb_match); @@ -2051,8 +2000,8 @@ NX_DEBUG(_debug_post_heavy, NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "XX-POST DATA [%V]", &tmp); - - if(ngx_http_spliturl_ruleset(r->pool, &tmp, + + if(ngx_http_spliturl_ruleset(r->pool, (char )tmp.data, cf->body_rules, main_cf->body_rules, r, ctx, BODY)) { ngx_http_apply_rulematch_v_n(&nx_int__uncommon_url, ctx, r, NULL, NULL, BODY, 1, 0); @@ -2069,11 +2018,6 @@ (u_char ) "application/json", 16)) { ngx_http_dummy_json_parse(ctx, r, full_body, full_body_len); } - / 22 = echo -n "application/csp-report" \| wc -c / - else if (!ngx_strncasecmp(r->headers_in.content_type->value.data, - (u_char ) "application/csp-report", 22)) { - ngx_http_dummy_json_parse(ctx, r, full_body, full_body_len); - } else { ngx_log_debug(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "[POST] Unknown content-type"); @@ -2113,9 +2057,7 @@ if ( (ctx->block && !ctx->learning) \|\| ctx->drop ) return ; if (!main_cf->generic_rules && !cf->generic_rules) { - tmp.data = NULL; - tmp.len = 0; - ngx_http_apply_rulematch_v_n(&nx_int__no_rules, ctx, r, &tmp, &tmp, URL, 1, 0); + dummy_error_fatal(ctx, r, "no generic rules ?!"); return ; } tmp.len = r->uri.len; @@ -2125,12 +2067,6 @@ return ; } memcpy(tmp.data, r->uri.data, r->uri.len); - if (naxsi_escape_nullbytes(&tmp) > 0) { - ngx_str_t tmp_name, tmp_val; - tmp_name.data = tmp_val.data = NULL; - tmp_name.len = tmp_val.len = 0; - ngx_http_apply_rulematch_v_n(&nx_int__uncommon_hex_encoding, ctx, r, &tmp_name, &tmp_val, URL, 1, 0); - } name.data = NULL; name.len = 0; if (cf->generic_rules) @@ -2162,8 +2098,7 @@ return ; } memcpy(tmp.data, r->args.data, r->args.len); - - if(ngx_http_spliturl_ruleset(r->pool, &tmp, + if(ngx_http_spliturl_ruleset(r->pool, (char )tmp.data, cf->get_rules, main_cf->get_rules, r, ctx, ARGS)) { dummy_error_fatal(ctx, r, @@ -2181,7 +2116,6 @@ ngx_list_part_t part; ngx_table_elt_t *h; unsigned int i; - ngx_str_t lowcase_header; if (!cf->header_rules && !main_cf->header_rules) return ; @@ -2199,19 +2133,11 @@ h = part->elts; i = 0; } - lowcase_header.data = h[i].lowcase_key; - lowcase_header.len = h[i].key.len; - if (naxsi_escape_nullbytes(&lowcase_header) > 0) { - ngx_http_apply_rulematch_v_n(&nx_int__uncommon_hex_encoding, ctx, r, &h[i].key, &h[i].value, HEADERS, 1, 1); - } - if (naxsi_escape_nullbytes(&h[i].value) > 0) { - ngx_http_apply_rulematch_v_n(&nx_int__uncommon_hex_encoding, ctx, r, &h[i].key, &h[i].value, HEADERS, 1, 0); - } if (cf->header_rules) - ngx_http_basestr_ruleset_n(r->pool, &lowcase_header, &(h[i].value), + ngx_http_basestr_ruleset_n(r->pool, &(h[i].key), &(h[i].value), cf->header_rules, r, ctx, HEADERS); if (main_cf->header_rules) - ngx_http_basestr_ruleset_n(r->pool, &lowcase_header, &(h[i].value), + ngx_http_basestr_ruleset_n(r->pool, &(h[i].key), &(h[i].value), main_cf->header_rules, r, ctx, HEADERS); } return ;
[-] [+]	Changed	naxsi-0.55.3.tar.gz/naxsi_src/naxsi_utils.c ^
@@ -85,20 +85,6 @@ return (NULL); } -u_int naxsi_escape_nullbytes(ngx_str_t str) { - - size_t i = 0; - u_int nullbytes = 0; - - for (i = 0; i < str->len; i++) { - if (str->data[i] == 0) { - str->data[i] = '0'; - nullbytes++; - } - } - return nullbytes; -} - / unescape routine, returns number of nullbytes present / int naxsi_unescape(ngx_str_t str) { u_char dst, src; @@ -770,32 +756,32 @@ //encode uri tmp_uri.len = req->uri.len + (2 * ngx_escape_uri(NULL, req->uri.data, req->uri.len, - NGX_ESCAPE_URI_COMPONENT)); + NGX_ESCAPE_ARGS)); tmp_uri.data = ngx_pcalloc(req->pool, tmp_uri.len+1); if (tmp_uri.data == NULL) return ; - ngx_escape_uri(tmp_uri.data, req->uri.data, req->uri.len, NGX_ESCAPE_URI_COMPONENT); + ngx_escape_uri(tmp_uri.data, req->uri.data, req->uri.len, NGX_ESCAPE_ARGS); //encode val if (val->len <= 0) tmp_val = empty; else { tmp_val.len = val->len + (2 * ngx_escape_uri(NULL, val->data, val->len, - NGX_ESCAPE_URI_COMPONENT)); + NGX_ESCAPE_ARGS)); tmp_val.data = ngx_pcalloc(req->pool, tmp_val.len+1); if (tmp_val.data == NULL) return ; - ngx_escape_uri(tmp_val.data, val->data, val->len, NGX_ESCAPE_URI_COMPONENT); + ngx_escape_uri(tmp_val.data, val->data, val->len, NGX_ESCAPE_ARGS); } //encode name if (name->len <= 0) tmp_name = empty; else { tmp_name.len = name->len + (2 * ngx_escape_uri(NULL, name->data, name->len, - NGX_ESCAPE_URI_COMPONENT)); + NGX_ESCAPE_ARGS)); tmp_name.data = ngx_pcalloc(req->pool, tmp_name.len+1); if (tmp_name.data == NULL) return ; - ngx_escape_uri(tmp_name.data, name->data, name->len, NGX_ESCAPE_URI_COMPONENT); + ngx_escape_uri(tmp_name.data, name->data, name->len, NGX_ESCAPE_ARGS); } ngx_log_error(NGX_LOG_ERR, req->connection->log, 0,
[-] [+]	Added	naxsi-0.55.3.tar.gz/naxsi_src/nginx.conf.example ^
@@ -0,0 +1,36 @@ +master_process off; +worker_processes 1; +load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; +events { + worker_connections 1024; +} +http { + include /tmp/naxsi_ut/naxsi_core.rules; + include mime.types; + default_type application/octet-stream; + sendfile on; + keepalive_timeout 65; + server { + listen 4242; + server_name localhost; + location / { + LearningMode; + SecRulesEnabled; + DeniedUrl "/50x.html"; + CheckRule "$SQL >= 8" BLOCK; + CheckRule "$RFI >= 8" BLOCK; + CheckRule "$TRAVERSAL >= 4" BLOCK; + CheckRule "$EVADE >= 4" BLOCK; + CheckRule "$XSS >= 8" BLOCK; + error_log /tmp/ngx_error.log debug; + access_log /tmp/ngx_access.log; + root html; + index index.html index.htm; + } + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root html; + } + } +} +
[-] [+]	Changed	naxsi-0.55.3.tar.gz/nxapi/README.md ^
@@ -311,20 +311,18 @@ } Here is how nxtool will use this to generate whitelists: - -1. extract global_filters from nxapi.json, and create the base ES filter: `{ "whitelisted" : "false" }` -2. merge base ES filter with provided cmd line filter (`--filter`, `-s www.x1.fr`): `{ "whitelisted" : "false", "server" : "www.x1.fr" }` -3. For each static field of the template, merge it in base ES filter: `{ "whitelisted" : "false", "server" : "www.x1.fr", "zone" : "HEADERS", "var_name" : "cookie" }` -4. For each field to be expanded (value is `?`) : - - 4.1. select all possible values for this field (id) matching base ES filter, (ie. 1000 and 1001 here) - - 4.2. attempt to generate a whitelist for each possible value, and evaluate its scores: - - { "whitelisted" : "false", "server" : "www.x1.fr", "zone" : "HEADERS", "var_name" : "cookie", "id" : "1000"} - { "whitelisted" : "false", "server" : "www.x1.fr", "zone" : "HEADERS", "var_name" : "cookie", "id" : "1001"} - -5. For each final set that provided results, output a whitelist. + 1. extract global_filters from nxapi.json, and create the base ES filter : + { "whitelisted" : "false" } + 2. merge base ES filter with provided cmd line filter (--filter, -s www.x1.fr) + { "whitelisted" : "false", "server" : "www.x1.fr" } + 3. For each static field of the template, merge it in base ES filter : + { "whitelisted" : "false", "server" : "www.x1.fr", "zone" : "HEADERS", "var_name" : "cookie" } + 4. For each field to be expanded (value is `?`) : + 4.1. select all possible values for this field (id) matching base ES filter, (ie. 1000 and 1001 here) + 4.2. attempt to generate a whitelist for each possible value, and evaluate its scores. + { "whitelisted" : "false", "server" : "www.x1.fr", "zone" : "HEADERS", "var_name" : "cookie", "id" : "1000"} + { "whitelisted" : "false", "server" : "www.x1.fr", "zone" : "HEADERS", "var_name" : "cookie", "id" : "1001"} + 5. For each final set that provided results, output a whitelist. Templates support :
[-] [+]	Changed	naxsi-0.55.3.tar.gz/nxapi/nxapi.json ^
@@ -3,8 +3,6 @@ "host" : "127.0.0.1:9200", "use_ssl" : false, "index" : "nxapi", - "number_of_shards" : "4", - "number_of_replicas" : "0", "doctype" : "events", "default_ttl" : "7200", "max_size" : "1000",
[-] [+]	Changed	naxsi-0.55.3.tar.gz/nxapi/nxapi/nxparse.py ^
@@ -67,7 +67,6 @@ print "Unable to get syslog host and port" sys.exit(1) s = socket.socket(socket.AF_INET,socket.SOCK_STREAM) - s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) try: s.bind((host,port)) s.listen(10) @@ -407,12 +406,6 @@ try: self.es.indices.create( index=self.cfg["elastic"]["index"], - body = { - "settings" : { - "number_of_shards": self.cfg["elastic"]["number_of_shards"], - "number_of_replicas": self.cfg["elastic"]["number_of_replicas"] - } - }, ignore=400 # Ignore 400 cause by IndexAlreadyExistsException when creating an index ) except Exception as idxadd_error: @@ -446,12 +439,7 @@ index=self.cfg["elastic"]["index"], doc_type=self.cfg["elastic"]["doctype"], # id=repo_name, - body = { - "settings" : { - "number_of_shards": self.cfg["elastic"]["number_of_shards"], - "number_of_replicas": self.cfg["elastic"]["number_of_replicas"] - } - }, + body={}, ignore=409 # 409 - conflict - would be returned if the document is already there ) except Exception as idxadd_error:
[-] [+]	Changed	naxsi-0.55.3.tar.gz/nxapi/nxtool.py ^
@@ -275,12 +275,7 @@ # statistics if options.stats is True: print translate.red.format("# Whitelist(ing) ratio :") - for e in translate.fetch_top(cfg.cfg["global_filters"], "whitelisted", limit=2): - try: - list_e = e.split() - print '# {0} {1} {2}{3}'.format(translate.grn.format(list_e[0]), list_e[1], list_e[2], list_e[3]) - except: - print "--malformed--" + translate.fetch_top(cfg.cfg["global_filters"], "whitelisted", limit=2) print translate.red.format("# Top servers :") for e in translate.fetch_top(cfg.cfg["global_filters"], "server", limit=10): try:
[-] [+]	Changed	naxsi-0.55.3.tar.gz/t/01naxsi_whitelists.t ^
@@ -272,7 +272,7 @@ return 412; } --- more_headers -cookie: foobar +Cookie: foobar --- request GET /another-page --- error_code: 200 @@ -361,7 +361,7 @@ return 412; } --- more_headers -cookie: foobar +COOKIE: foobar --- request GET /another-page --- error_code: 200 @@ -1192,81 +1192,3 @@ --- request GET /?a123a=lol --- error_code: 200 -=== WL TEST 20.0 : wl:0 in cookies (#405) ---- main_config -load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; ---- http_config -include /tmp/naxsi_ut/naxsi_core.rules; -MainRule id:4242 "str:123" "mz:$HEADERS_VAR:cookie" s:BLOCK; ---- config -location / { - SecRulesEnabled; - DeniedUrl "/RequestDenied"; - CheckRule "$SQL >= 8" BLOCK; - CheckRule "$RFI >= 8" BLOCK; - CheckRule "$TRAVERSAL >= 4" BLOCK; - CheckRule "$XSS >= 8" BLOCK; - root $TEST_NGINX_SERVROOT/html/; - index index.html index.htm; -} -location /RequestDenied { - return 412; -} ---- more_headers -Cookie: 123 ---- request -GET / ---- error_code: 412 -=== WL TEST 20.1 : wl:0 in cookies (#405) ---- main_config -load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; ---- http_config -include /tmp/naxsi_ut/naxsi_core.rules; -MainRule id:4242 "str:123" "mz:$HEADERS_VAR:cookie" s:BLOCK; ---- config -location / { - SecRulesEnabled; - DeniedUrl "/RequestDenied"; - CheckRule "$SQL >= 8" BLOCK; - CheckRule "$RFI >= 8" BLOCK; - CheckRule "$TRAVERSAL >= 4" BLOCK; - CheckRule "$XSS >= 8" BLOCK; - root $TEST_NGINX_SERVROOT/html/; - index index.html index.htm; -} -location /RequestDenied { - return 412; -} ---- more_headers -Cookie: 124 ---- request -GET / ---- error_code: 200 -=== WL TEST 20.0 : wl:0 in cookies (#405) ---- main_config -load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; ---- http_config -include /tmp/naxsi_ut/naxsi_core.rules; -MainRule id:4242 "str:123" "mz:$HEADERS_VAR:cookie" s:BLOCK; ---- config -location / { - SecRulesEnabled; - DeniedUrl "/RequestDenied"; - CheckRule "$SQL >= 8" BLOCK; - CheckRule "$RFI >= 8" BLOCK; - CheckRule "$TRAVERSAL >= 4" BLOCK; - CheckRule "$XSS >= 8" BLOCK; - BasicRule wl:0 "mz:$HEADERS_VAR:cookie"; - root $TEST_NGINX_SERVROOT/html/; - index index.html index.htm; -} -location /RequestDenied { - return 412; -} ---- more_headers -Cookie: 123 ---- request -GET / ---- error_code: 200 - -
[-] [+]	Changed	naxsi-0.55.3.tar.gz/t/02naxsi_bypass.t ^
@@ -317,30 +317,3 @@ --- request GET /?val& --- error_code: 412 -=== TEST 5.1: DENY : XSS bypass vector true nullbyte ---- main_config -load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; ---- http_config -include /tmp/naxsi_ut/naxsi_core.rules; ---- config -location / { - #LearningMode; - SecRulesEnabled; - DeniedUrl "/RequestDenied"; -CheckRule "$SQL >= 8" BLOCK; -CheckRule "$RFI >= 2" BLOCK; -CheckRule "$TRAVERSAL >= 4" BLOCK; -CheckRule "$XSS >= 8" BLOCK; - root $TEST_NGINX_SERVROOT/html/; - index index.html index.htm; -} -location /RequestDenied { - return 412; -} ---- more_headers -Content-Type: application/x-www-form-urlencoded ---- request eval -use URI::Escape; -"POST /foobar -a=a<><><>" ---- error_code: 412
[-] [+]	Changed	naxsi-0.55.3.tar.gz/t/11naxsi_newstyle_config.t ^
@@ -75,7 +75,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -134,7 +134,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -193,7 +193,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -252,7 +252,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -311,7 +311,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -370,7 +370,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -429,7 +429,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -493,7 +493,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -557,7 +557,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -621,7 +621,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -681,7 +681,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -741,7 +741,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -808,7 +808,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -877,7 +877,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -946,7 +946,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -1015,7 +1015,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -1078,7 +1078,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -1146,7 +1146,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -1211,7 +1211,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -1276,7 +1276,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -1343,7 +1343,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -1411,7 +1411,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -1478,7 +1478,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -1547,7 +1547,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -1615,7 +1615,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -1682,7 +1682,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -1749,7 +1749,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -1816,7 +1816,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -1880,7 +1880,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -1947,7 +1947,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -2011,7 +2011,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -2075,7 +2075,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -2139,7 +2139,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -2203,7 +2203,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -2267,7 +2267,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; @@ -2331,7 +2331,7 @@ main_rule "str:]" "msg:], possible js" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; main_rule "str:~" "msg:~ character" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; main_rule "str:`" "msg:grave accent !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; +main_rule "rx:%[2\|3]." "msg:double encoding !" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; main_rule "str:%U" "msg: M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; main_rule negative "rx:multipart/form-data\|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
[-] [+]	Changed	naxsi-0.55.3.tar.gz/t/14json.t ^
@@ -740,35 +740,3 @@ \"fu\" : { \"aa\" : \"bb\" }" --- error_code: 412 - -=== JSON14 : bug_418 ---- main_config -load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; ---- http_config -include /tmp/naxsi_ut/naxsi_core.rules; ---- config -set $naxsi_extensive_log 1; -location / { - SecRulesEnabled; - DeniedUrl "/RequestDenied"; - CheckRule "$SQL >= 8" BLOCK; - CheckRule "$RFI >= 8" BLOCK; - CheckRule "$TRAVERSAL >= 4" BLOCK; - CheckRule "$XSS >= 8" BLOCK; - root $TEST_NGINX_SERVROOT/html/; - index index.html index.htm; - error_page 405 = $uri; -} -location /RequestDenied { - return 412; -} ---- more_headers -Content-Type: application/json ---- request eval -use URI::Escape; -"POST / -{ - \"error\": - \"ERROR_REPORT:{\\\"request\\\":{\\\"bar\\\":\\\"\\\"},\\\"response\\\":{\\\"bar\\\":[{\\\"schema_id\\\":\\\"foo\\\"}]}}\" -}" ---- error_code: 412
[-] [+]	Changed	naxsi-0.55.3.tar.gz/t/28log.t ^
@@ -79,8 +79,8 @@ --- error_code: 404 --- error_log eval [qr@NAXSI_FMT: ip=127\.0\.0\.1&server=localhost&uri=/x,y&learning=1&vers=[^&]+&total_processed=1&total_blocked=1&block=1&cscore0=\$SQL&score0=8&zone0=URL&id0=1015&var_name0=&zone1=ARGS&id1=1015&var_name1=uuu@, -qr@NAXSI_EXLOG: ip=127\.0\.0\.1&server=localhost&uri=%2Fx%2Cy&id=1015&zone=URL&var_name=&content=%2Fx%2Cy@, -qr@NAXSI_EXLOG: ip=127\.0\.0\.1&server=localhost&uri=%2Fx%2Cy&id=1015&zone=ARGS&var_name=uuu&content=b%2Cc@ +qr@NAXSI_EXLOG: ip=127\.0\.0\.1&server=localhost&uri=/x,y&id=1015&zone=URL&var_name=&content=/x,y,@, +qr@NAXSI_EXLOG: ip=127\.0\.0\.1&server=localhost&uri=/x,y&id=1015&zone=ARGS&var_name=uuu&content=b,c@ ] === TEST 1.4 : learning + no-block score + naxsi_extensive_log, NAXSI_EXLOG only --- main_config @@ -104,7 +104,7 @@ GET /x,y?uuu=bc --- error_code: 404 --- error_log eval -qr@NAXSI_EXLOG: ip=127\.0\.0\.1&server=localhost&uri=%2Fx%2Cy&id=1015&zone=URL&var_name=&content=%2Fx%2Cy, client: 127\.0\.0\.1,@ +qr@NAXSI_EXLOG: ip=127\.0\.0\.1&server=localhost&uri=/x,y&id=1015&zone=URL&var_name=&content=/x,y, client: 127\.0\.0\.1,@ --- no_error_log NAXSI_FMT === TEST 1.6 : learning + block-score + naxsi_extensive_log, NAXSI_EXLOG only
[-] [+]	Changed	naxsi-0.55.3.tar.gz/t/29regression.t ^
@@ -209,70 +209,3 @@ "POST /wp-json/wp/v2/posts/111 id=1a&foo2=bar2" --- error_code: 412 -=== WL TEST 3.0: false-positive on virtual-patch with empty var name ---- main_config -load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; ---- http_config -include /tmp/naxsi_ut/naxsi_core.rules; -MainRule "rx:FOOBAR" "mz:$URL:/wp-includes/js/plupload/plupload.flash.swf\|ARGS" "msg:Wordpress PlUpload XSS" "s:$UWA:8,$XSS_UWA:1" id:42000485; ---- config -location / { - SecRulesEnabled; - CheckRule "$LOG_TEST >= 1" LOG; - CheckRule "$UWA >= 8" BLOCK; - DeniedUrl "/RequestDenied"; - CheckRule "$SQL >= 4" BLOCK; - root $TEST_NGINX_SERVROOT/html/; - index index.html index.htm; -} -location /RequestDenied { - return 412; -} ---- request -GET /?a=bui&FOOBAR ---- error_code: 200 -=== WL TEST 3.0: false-positive on virtual-patch with empty var name ---- main_config -load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; ---- http_config -include /tmp/naxsi_ut/naxsi_core.rules; -MainRule "rx:FOOBAR" "mz:$URL:/wp-includes/js/plupload/plupload.flash.swf\|ARGS" "msg:Wordpress PlUpload XSS" "s:$UWA:8,$XSS_UWA:1" id:42000485; ---- config -location / { - SecRulesEnabled; - CheckRule "$LOG_TEST >= 1" LOG; - CheckRule "$UWA >= 8" BLOCK; - DeniedUrl "/RequestDenied"; - CheckRule "$SQL >= 4" BLOCK; - root $TEST_NGINX_SERVROOT/html/; - index index.html index.htm; -} -location /RequestDenied { - return 412; -} ---- request -GET /wp-includes/js/plupload/plupload.flash.swf?a=bui&FOOBAR ---- error_code: 412 -=== WL TEST 3.01: false-positive on virtual-patch with empty var name ---- main_config -load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; ---- http_config -include /tmp/naxsi_ut/naxsi_core.rules; -MainRule "rx:FOOBAR" "mz:$URL:/wp-includes/js/plupload/plupload.flash.swf\|ARGS" "msg:Wordpress PlUpload XSS" "s:$UWA:8,$XSS_UWA:1" id:42000485; ---- config -location / { - SecRulesEnabled; - CheckRule "$LOG_TEST >= 1" LOG; - CheckRule "$UWA >= 8" BLOCK; - DeniedUrl "/RequestDenied"; - CheckRule "$SQL >= 4" BLOCK; - root $TEST_NGINX_SERVROOT/html/; - index index.html index.htm; -} -location /RequestDenied { - return 412; -} ---- request -GET /wp-includes/js/plupload/plupload.flash.swf/xxx/?a=bui&FOOBAR ---- error_code: 404 -
[-] [+]	Deleted	naxsi-0.56.tar.gz/t/30regr.t ^
@@ -1,121 +0,0 @@ -#vi:filetype=perl - - -# A AJOUTER : -# TEST CASE AVEC UNE REGLE SUR UN HEADER GENERIQUE -# La même sur des arguments :) - -use lib 'lib'; -use Test::Nginx::Socket; - -repeat_each(3); - -plan tests => repeat_each(1) * blocks(); -no_root_location(); -no_long_string(); -$ENV{TEST_NGINX_SERVROOT} = server_root(); -run_tests(); - - -__DATA__ -=== TEST 1: rule target body\|name ---- main_config -load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; ---- http_config -include /tmp/naxsi_ut/naxsi_core.rules; ---- config -location / { - SecRulesEnabled; - LearningMode; - BasicRule id:100054 "msg:Weird binary content" "rx:[^-0-9a-z_+.\[\]]" "mz:BODY\|NAME" "s:$TEST_LOG:8"; - DeniedUrl "/RequestDenied"; - CheckRule "$SQL >= 8" BLOCK; - CheckRule "$RFI >= 8" BLOCK; - CheckRule "$TRAVERSAL >= 4" BLOCK; - CheckRule "$XSS >= 8" BLOCK; - CheckRule "$TEST_LOG >= 8" DROP; - root $TEST_NGINX_SERVROOT/html/; - index index.html index.htm; - error_page 405 = $uri; -} -location /RequestDenied { - return 412; - # return 412; -} ---- more_headers -Content-Type: application/x-www-form-urlencoded ---- request eval -use URI::Escape; -"POST / -9p7jslna,ire(ul\)v`2q8u]h)bfuzpcgsa_3`s\twfw)gy)\%3Fc=]@&foo2=bar2" ---- error_code: 412 - -=== TEST 1: rule target body\|name ---- main_config -load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; ---- http_config -include /tmp/naxsi_ut/naxsi_core.rules; ---- config -location / { - SecRulesEnabled; - LearningMode; - BasicRule id:100054 "msg:Weird binary content" "rx:[^-0-9a-z_+.\[\]]" "mz:BODY\|NAME" "s:$TEST_LOG:8"; - DeniedUrl "/RequestDenied"; - CheckRule "$SQL >= 8" BLOCK; - CheckRule "$RFI >= 8" BLOCK; - CheckRule "$TRAVERSAL >= 4" BLOCK; - CheckRule "$XSS >= 8" BLOCK; - CheckRule "$TEST_LOG >= 8" DROP; - root $TEST_NGINX_SERVROOT/html/; - index index.html index.htm; - error_page 405 = $uri; -} -location /RequestDenied { - return 412; - # return 412; -} ---- more_headers -Content-Type: application/x-www-form-urlencoded ---- request eval -use URI::Escape; -"POST / -9p7jslna,ire(ul\)v`2q8u]h)bfuzpcgsa_3`s\twfw)gy)\%3Fc=ww&foo2=bar2" ---- error_code: 412 - - -=== TEST 1: rule target body\|name ---- main_config -load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; ---- http_config -include /tmp/naxsi_ut/naxsi_core.rules; ---- config -location / { - SecRulesEnabled; - LearningMode; - BasicRule id:100054 "msg:Weird binary content" "rx:[^-0-9a-z_+.\[\]]" "mz:BODY\|NAME" "s:$TEST_LOG:8"; - DeniedUrl "/RequestDenied"; - CheckRule "$SQL >= 8" BLOCK; - CheckRule "$RFI >= 8" BLOCK; - CheckRule "$TRAVERSAL >= 4" BLOCK; - CheckRule "$XSS >= 8" BLOCK; - CheckRule "$TEST_LOG >= 8" DROP; - root $TEST_NGINX_SERVROOT/html/; - index index.html index.htm; - error_page 405 = $uri; -} -location /RequestDenied { - return 412; - # return 412; -} ---- more_headers -Content-Type: application/x-www-form-urlencoded ---- request eval -use URI::Escape; -"POST / -ww=9p7jslna,ire(ul\)v`2q8u]h)bfuzpcgsa_3`s\twfw)gy)\%3Fc&foo2=bar2" ---- error_code: 200 - - - - -
[-] [+]	Deleted	naxsi-0.56.tar.gz/t/31norules.t ^
@@ -1,73 +0,0 @@ -#vi:filetype=perl - - -# A AJOUTER : -# TEST CASE AVEC UNE REGLE SUR UN HEADER GENERIQUE -# La même sur des arguments :) - -use lib 'lib'; -use Test::Nginx::Socket; - -repeat_each(3); - -plan tests => repeat_each(1) * blocks(); -no_root_location(); -no_long_string(); -$ENV{TEST_NGINX_SERVROOT} = server_root(); -run_tests(); - - -__DATA__ -=== TEST 1: Basic GET request with no rules, drop ---- main_config -load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; ---- config -location / { - SecRulesEnabled; - LearningMode; - DeniedUrl "/RequestDenied"; - CheckRule "$SQL >= 8" BLOCK; - CheckRule "$RFI >= 8" BLOCK; - CheckRule "$TRAVERSAL >= 4" BLOCK; - CheckRule "$XSS >= 8" BLOCK; - LibInjectionXss; - CheckRule "$LIBINJECTION_XSS >= 8" BLOCK; - LibInjectionSql; - CheckRule "$LIBINJECTION_SQL >= 8" BLOCK; - - root $TEST_NGINX_SERVROOT/html/; - index index.html index.htm; -} -location /RequestDenied { - return 412; -} ---- request -GET /?a=buibui ---- error_code: 412 -=== TEST 1.1: Basic GET request with no rules, whitelist the special rule. ---- main_config -load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; ---- config -location / { - SecRulesEnabled; - BasicRule wl:19; - LearningMode; - DeniedUrl "/RequestDenied"; - CheckRule "$SQL >= 8" BLOCK; - CheckRule "$RFI >= 8" BLOCK; - CheckRule "$TRAVERSAL >= 4" BLOCK; - CheckRule "$XSS >= 8" BLOCK; - LibInjectionXss; - CheckRule "$LIBINJECTION_XSS >= 8" BLOCK; - LibInjectionSql; - CheckRule "$LIBINJECTION_SQL >= 8" BLOCK; - - root $TEST_NGINX_SERVROOT/html/; - index index.html index.htm; -} -location /RequestDenied { - return 412; -} ---- request -GET /?a=buibui ---- error_code: 200
[-] [+]	Deleted	naxsi-0.56.tar.gz/t/confs ^
-(directory)
[-] [+]	Deleted	naxsi-0.56.tar.gz/t/confs/nginx.conf.example ^
@@ -1,44 +0,0 @@ -master_process off; -#worker_processes 1; -daemon off; - -load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; -events { - worker_connections 1024; - use select; -} -http { - include /tmp/naxsi_ut/naxsi_core.rules; - include mime.types; - default_type application/octet-stream; - sendfile on; - keepalive_timeout 65; - server { - listen 4242 ssl http2; - ssl_certificate /tmp/nginx.crt; - ssl_certificate_key /tmp/nginx.key; - server_name localhost; - set $naxsi_extensive_log 1; - location / { - LearningMode; - SecRulesEnabled; - DeniedUrl "/50x.html"; - CheckRule "$SQL >= 8" BLOCK; - CheckRule "$RFI >= 8" BLOCK; - CheckRule "$TRAVERSAL >= 4" BLOCK; - CheckRule "$EVADE >= 4" BLOCK; - CheckRule "$XSS >= 8" BLOCK; - return 200; -# error_log /tmp/ngx_error.log debug; -# access_log /tmp/ngx_access.log; -# root html; -# index index.html index.htm; - } - error_page 500 502 503 504 /50x.html; - location = /50x.html { - return 500; - # root html; - } - } -} -
[-] [+]	Deleted	naxsi-0.56.tar.gz/t/confs/nginx_fuzz.conf.example ^
@@ -1,48 +0,0 @@ -master_process off; -daemon off; - -#load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; -events { - worker_connections 1024; - use select; -} -http { -MainRule "rx:select\|union\|update\|delete\|insert\|table\|from\|ascii\|hex\|unhex\|drop" "msg:sql keywords" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1000; -MainRule "str:\"" "msg:double quote" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$SQL:8,$XSS:8" id:1001; -MainRule "str:0x" "msg:0x, possible hex encoding" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$SQL:2" id:1002; -## Hardcore rules -MainRule "str:/" "msg:mysql comment (/)" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1003; -MainRule "str:/" "msg:mysql comment (/)" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1004; -MainRule "str:\|" "msg:mysql keyword (\|)" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005; -MainRule "str:`" "msg:grave accent (`)" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; -MainRule "rx:%[23]." "msg:double encoding" "mz:ARGS\|URL\|BODY\|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; -MainRule "str:&#" "msg:utf7/8 encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; -MainRule "str:%U" "msg:M$ encoding" "mz:ARGS\|BODY\|URL\|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; -MainRule "rx:\.ph\|\.asp\|\.ht" "msg:asp/php file upload" "mz:FILE_EXT" "s:$UPLOAD:8" id:1500; - -# include /tmp/naxsi_ut/naxsi_core.rules; -# include mime.types; - default_type application/octet-stream; - sendfile on; - keepalive_timeout 65; - server { - listen 4242; - server_name localhost; - location / { - LearningMode; - SecRulesEnabled; - DeniedUrl "/50x.html"; - CheckRule "$SQL >= 8" BLOCK; - CheckRule "$RFI >= 8" BLOCK; - CheckRule "$TRAVERSAL >= 4" BLOCK; - CheckRule "$EVADE >= 4" BLOCK; - CheckRule "$XSS >= 8" BLOCK; - return 200; - } - error_page 500 502 503 504 /50x.html; - location = /50x.html { - return 500; - } - } -} -
[-] [+]	Deleted	naxsi-0.56.tar.gz/t/confs/ngx_cycle.patch ^
@@ -1,13 +0,0 @@ ---- a/src/core/ngx_cycle.c.orig 2016-02-09 15:11:57.000000000 +0100 -+++ b/src/core/ngx_cycle.c 2016-12-12 18:05:53.832725017 +0100 ---- nginx/src/core/ngx_cycle.c 2016-02-09 15:11:57.000000000 +0100 -+++ ngx_cycle.c 2016-12-13 09:49:47.762221499 +0100 -@@ -602,6 +602,8 @@ - } - } - -+ __AFL_INIT(); -+ - if (ngx_open_listening_sockets(cycle) != NGX_OK) { - goto failed; - }
[-] [+]	Deleted	naxsi-0.56.tar.gz/t/confs/ngx_process_cycle.patch ^
@@ -1,25 +0,0 @@ ---- a/src/os/unix/ngx_process_cycle.c.orig 2016-02-09 15:11:58.000000000 +0100 -+++ a/src/os/unix/ngx_process_cycle.c 2016-12-12 15:05:21.000000000 +0100 -@@ -303,7 +303,11 @@ - } - } - -+ -+ int ran_once=0; -+ - for ( ;; ) { -+ - ngx_log_debug0(NGX_LOG_DEBUG_EVENT, cycle->log, 0, "worker cycle"); - - ngx_process_events_and_timers(cycle); -@@ -337,6 +341,11 @@ - ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0, "reopening logs"); - ngx_reopen_files(cycle, (ngx_uid_t) -1); - } -+ -+ ran_once += 1; -+ //printf("ran : %d\n", ran_once); -+ if (ran_once == 2) exit(0); -+ - } - }
[-] [+]	Deleted	naxsi-0.56.tar.gz/t/fuzz ^
-(directory)
[-] [+]	Deleted	naxsi-0.56.tar.gz/t/fuzz/big-json-post ^
@@ -1,30 +0,0 @@ -POST / HTTP/1.1 -Host: localhost -Connection: close -Content-Type: application/json -Content-Length: 542 - -{ - "glossary": { - "title": "example glossary", -"GlossDiv": { - "title": "S", -"GlossList": { - "GlossEntry": { - "ID": "SGML", -"SortAs": "SGML", -"GlossTerm": "Standard Generalized Markup Language", -"Acronym": "SGML", -"Abbrev": "ISO 8879:1986", -"GlossDef": { - "para": "A meta-markup language used to create markup languages such as DocBook.", -"GlossSeeAlso": ["GML", "XML"] - }, -"GlossSee": "markup" - } - } - } - } - -}} -
[-] [+]	Deleted	naxsi-0.56.tar.gz/t/fuzz/big-multipart-post ^
@@ -1,22 +0,0 @@ -POST / HTTP/1.1 -Host: localhost -Connection: close -Content-Type: multipart/form-data; boundary=---------------------------103832778631715 -Content-Length: 4449 - ------------------------------103832778631715 -Content-Disposition: form-data; name="name" - -azzzo - - ------------------------------103832778631715 -Content-Disposition: form-data; name="married" - -not single ------------------------------103832778631715 -Content-Disposition: form-data; name="male" - -AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ------------------------------103832778631715-- -
[-] [+]	Deleted	naxsi-0.56.tar.gz/t/fuzz/med-get-bad-format ^
@@ -1,4 +0,0 @@ -GET /?a=1%23PTTmJopxdWJ%0AAND%23cWfcVRPV%0A9227=9227 HTTP/1.0 - - -
[-] [+]	Deleted	naxsi-0.56.tar.gz/t/fuzz/med-get-with-path ^
@@ -1,6 +0,0 @@ -GET /bla?/bla=1999&bu=1998 HTTP/1.1 -Host: localhost -Connection: close - - -
[-] [+]	Deleted	naxsi-0.56.tar.gz/t/fuzz/med-json-post ^
@@ -1,14 +0,0 @@ -POST /test_uri HTTP/1.1 -Host: localhost -Connection: close -Content-Type: application/json -Content-Length: 183 - -{ - "oh" : ["there", "is", "no", "way"], - "this" : { "will" : ["work", "does"], - "it" : "??" }, - "trigger" : {"test_1234" : ["foobar", "will", "trigger", "it"]}, - "foo" : "baar" -} -
[-] [+]	Deleted	naxsi-0.56.tar.gz/t/fuzz/med-multipart-file-post ^
@@ -1,26 +0,0 @@ -POST /foobar HTTP/1.1 -Host: 127.0.0.1 -Connection: Close -User-Agent: Mozilla/5.0 (iPad; U; CPU OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Version/4.0.4 Mobile/7B334b Safari/531.21.10 -Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 -Accept-Language: en-us,en;q=0.5 -Accept-Encoding: gzip, deflate -Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 -Referer: http://127.0.0.1/ -Content-Type: multipart/form-data; boundary=---------------------------1919886344942015258287623957 -Content-Length: 394 - ------------------------------1919886344942015258287623957 -Content-Disposition: form-data; name="textline" - -valid text and small file ------------------------------1919886344942015258287623957 -Content-Disposition: form-data; name="datafile"; filename="bla.txt"; name="bla.txt" -Content-Type: text/plain - -buibuibubi -buibuibuib - ------------------------------1919886344942015258287623957-- - -
[-] [+]	Deleted	naxsi-0.56.tar.gz/t/fuzz/med-multipart-post ^
@@ -1,21 +0,0 @@ -POST / HTTP/1.1 -Host: localhost -Connection: close -Content-Type: multipart/form-data; boundary=---------------------------103832778631715 -Content-Length: 42 - ------------------------------103832778631715 -Content-Disposition: form-data; name="name" - -MyName ------------------------------103832778631715 -Content-Disposition: form-data; name="married" - -not single ------------------------------103832778631715 -Content-Disposition: form-data; name="male" - -yes ------------------------------103832778631715-- - -
	Deleted	naxsi-0.56.tar.gz/t/fuzz/med-post-non-ascii ^
[-] [+]	Deleted	naxsi-0.56.tar.gz/t/fuzz/mini-get-nohost ^
@@ -1,4 +0,0 @@ -GET /?a=1%20UnioN%20SeLEct%201 HTTP/1.0 - - -
[-] [+]	Deleted	naxsi-0.56.tar.gz/t/fuzz/mini-get-sig ^
@@ -1,4 +0,0 @@ -GET /?a=1+/!30000AND+2>1/-- HTTP/1.0 - - -
[-] [+]	Deleted	naxsi-0.56.tar.gz/t/fuzz/mini-json-post ^
@@ -1,10 +0,0 @@ -POST / HTTP/1.1 -Host: localhost -Connection: close -Content-Type: application/json -Content-Length: 18 - -{ - "lol" : "bar" -} -
[-] [+]	Deleted	naxsi-0.56.tar.gz/t/fuzz/mini-ko-get ^
@@ -1,6 +0,0 @@ -GET /?==yesone&&& HTTP/1.1 -Host: localhost -Connection: close - - -
[-] [+]	Deleted	naxsi-0.56.tar.gz/t/fuzz/mini-multipart-post ^
@@ -1,26 +0,0 @@ -POST /foobar HTTP/1.1 -Host: 127.0.0.1 -Connection: Close -User-Agent: Mozilla/5.0 (iPad; U; CPU OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Version/4.0.4 Mobile/7B334b Safari/531.21.10 -Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 -Accept-Language: en-us,en;q=0.5 -Accept-Encoding: gzip, deflate -Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 -Referer: http://127.0.0.1/ -Content-Type: multipart/form-data; boundary=---------------------------1919886344942015258287623957 -Content-Length: 378 - ------------------------------1919886344942015258287623957 -Content-Disposition: form-data; name="textline" - -valid text and small file ------------------------------1919886344942015258287623957 -Content-Disposition: form-data; name="datafile"; filename="bla.txt" -Content-Type: text/plain - -buibuibubi -buibuibuib - ------------------------------1919886344942015258287623957-- - -
[-] [+]	Deleted	naxsi-0.56.tar.gz/t/fuzz/mini-ok-get ^
@@ -1,6 +0,0 @@ -GET /?a=<> HTTP/1.1 -Host: localhost -Connection: close - - -
	Deleted	naxsi-0.56.tar.gz/t/fuzz/mini-unknown-CT-post ^
[-] [+]	Deleted	naxsi-0.56.tar.gz/t/fuzz/mini-urlencded-post-2 ^
@@ -1,8 +0,0 @@ -POST / HTTP/1.1 -Host: localhost -Connection: close -Content-Type: application/x-www-form-urlencoded -Content-Length: 32 - -foo1='><script>alert(1)</script> -
[-] [+]	Deleted	naxsi-0.56.tar.gz/t/fuzz/mini-urlencoded-post ^
@@ -1,8 +0,0 @@ -POST / HTTP/1.1 -Host: localhost -Connection: close -Content-Type: application/x-www-form-urlencoded -Content-Length: 9 - -a1=trolol -
[-] [+]	Deleted	naxsi-0.56.tar.gz/t/fuzz/small-multipart-post ^
@@ -1,20 +0,0 @@ -POST / HTTP/1.1 -Host: localhost -Connection: close -Content-Type: multipart/form-data; boundary=---------------------------103832778631715 -Content-Length: 353 - ------------------------------103832778631715 -Content-Disposition: form-data; name="name" - -MyName ------------------------------103832778631715 -Content-Disposition: form-data; name="married" - -not single ------------------------------103832778631715 -Content-Disposition: form-data; name="male" - -yes ------------------------------103832778631715-- -
	Added	naxsi-0.56rc1.tar.gz ^
	Deleted	naxsi-1.3.tar.gz ^
	Deleted	nginx-module-vts-0.1.18.tar.gz ^
[-] [+]	Added	nginx-rtmp-module-1.1.15.tar.gz/.git ^
+(directory)
[-] [+]	Added	nginx-rtmp-module-1.1.15.tar.gz/.git/HEAD ^
@@ -0,0 +1 @@ +ref: refs/heads/master
[-] [+]	Added	nginx-rtmp-module-1.1.15.tar.gz/.git/config ^
@@ -0,0 +1,12 @@ +[core] + repositoryformatversion = 0 + filemode = true + bare = false + logallrefupdates = true + ignorecase = true +[remote "origin"] + fetch = +refs/heads/:refs/remotes/origin/ + url = https://github.com/arut/nginx-rtmp-module.git +[branch "master"] + remote = origin + merge = refs/heads/master
[-] [+]	Added	nginx-rtmp-module-1.1.15.tar.gz/.git/description ^
@@ -0,0 +1 @@ +Unnamed repository; edit this file 'description' to name the repository.
[-] [+]	Added	nginx-rtmp-module-1.1.15.tar.gz/.git/hooks ^
+(directory)
[-] [+]	Added	nginx-rtmp-module-1.1.15.tar.gz/.git/hooks/applypatch-msg.sample ^
@@ -0,0 +1,15 @@ +#!/bin/sh +# +# An example hook script to check the commit log message taken by +# applypatch from an e-mail message. +# +# The hook should exit with non-zero status after issuing an +# appropriate message if it wants to stop the commit. The hook is +# allowed to edit the commit message file. +# +# To enable this hook, rename this file to "applypatch-msg". + +. git-sh-setup +test -x "$GIT_DIR/hooks/commit-msg" && + exec "$GIT_DIR/hooks/commit-msg" ${1+"$@"} +:
[-] [+]	Added	nginx-rtmp-module-1.1.15.tar.gz/.git/hooks/commit-msg.sample ^
@@ -0,0 +1,24 @@ +#!/bin/sh +# +# An example hook script to check the commit log message. +# Called by "git commit" with one argument, the name of the file +# that has the commit message. The hook should exit with non-zero +# status after issuing an appropriate message if it wants to stop the +# commit. The hook is allowed to edit the commit message file. +# +# To enable this hook, rename this file to "commit-msg". + +# Uncomment the below to add a Signed-off-by line to the message. +# Doing this in a hook is a bad idea in general, but the prepare-commit-msg +# hook is more suited to it. +# +# SOB=$(git var GIT_AUTHOR_IDENT \| sed -n 's/^$.>$.$/Signed-off-by: \1/p') +# grep -qs "^$SOB" "$1" \|\| echo "$SOB" >> "$1" + +# This example catches duplicate Signed-off-by lines. + +test "" = "$(grep '^Signed-off-by: ' "$1" \| + sort \| uniq -c \| sed -e '/^[ ]*1[ ]/d')" \|\| { + echo >&2 Duplicate Signed-off-by lines. + exit 1 +}
[-] [+]	Added	nginx-rtmp-module-1.1.15.tar.gz/.git/hooks/post-update.sample ^
@@ -0,0 +1,8 @@ +#!/bin/sh +# +# An example hook script to prepare a packed repository for use over +# dumb transports. +# +# To enable this hook, rename this file to "post-update". + +exec git update-server-info
[-] [+]	Added	nginx-rtmp-module-1.1.15.tar.gz/.git/hooks/pre-applypatch.sample ^
@@ -0,0 +1,14 @@ +#!/bin/sh +# +# An example hook script to verify what is about to be committed +# by applypatch from an e-mail message. +# +# The hook should exit with non-zero status after issuing an +# appropriate message if it wants to stop the commit. +# +# To enable this hook, rename this file to "pre-applypatch". + +. git-sh-setup +test -x "$GIT_DIR/hooks/pre-commit" && + exec "$GIT_DIR/hooks/pre-commit" ${1+"$@"} +:
[-] [+]	Added	nginx-rtmp-module-1.1.15.tar.gz/.git/hooks/pre-commit.sample ^
@@ -0,0 +1,50 @@ +#!/bin/sh +# +# An example hook script to verify what is about to be committed. +# Called by "git commit" with no arguments. The hook should +# exit with non-zero status after issuing an appropriate message if +# it wants to stop the commit. +# +# To enable this hook, rename this file to "pre-commit". + +if git rev-parse --verify HEAD >/dev/null 2>&1 +then + against=HEAD +else + # Initial commit: diff against an empty tree object + against=4b825dc642cb6eb9a060e54bf8d69288fbee4904 +fi + +# If you want to allow non-ascii filenames set this variable to true. +allownonascii=$(git config hooks.allownonascii) + +# Redirect output to stderr. +exec 1>&2 + +# Cross platform projects tend to avoid non-ascii filenames; prevent +# them from being added to the repository. We exploit the fact that the +# printable range starts at the space character and ends with tilde. +if [ "$allownonascii" != "true" ] && + # Note that the use of brackets around a tr range is ok here, (it's + # even required, for portability to Solaris 10's /usr/bin/tr), since + # the square bracket bytes happen to fall in the designated range. + test $(git diff --cached --name-only --diff-filter=A -z $against \| + LC_ALL=C tr -d '[ -~]\0' \| wc -c) != 0 +then + echo "Error: Attempt to add a non-ascii file name." + echo + echo "This can cause problems if you want to work" + echo "with people on other platforms." + echo + echo "To be portable it is advisable to rename the file ..." + echo + echo "If you know what you are doing you can disable this" + echo "check using:" + echo + echo " git config hooks.allownonascii true" + echo + exit 1 +fi + +# If there are whitespace errors, print the offending file names and fail. +exec git diff-index --check --cached $against --
[-] [+]	Added	nginx-rtmp-module-1.1.15.tar.gz/.git/hooks/pre-rebase.sample ^
@@ -0,0 +1,169 @@ +#!/bin/sh +# +# Copyright (c) 2006, 2008 Junio C Hamano +# +# The "pre-rebase" hook is run just before "git rebase" starts doing +# its job, and can prevent the command from running by exiting with +# non-zero status. +# +# The hook is called with the following parameters: +# +# $1 -- the upstream the series was forked from. +# $2 -- the branch being rebased (or empty when rebasing the current branch). +# +# This sample shows how to prevent topic branches that are already +# merged to 'next' branch from getting rebased, because allowing it +# would result in rebasing already published history. + +publish=next +basebranch="$1" +if test "$#" = 2 +then + topic="refs/heads/$2" +else + topic=`git symbolic-ref HEAD` \|\| + exit 0 ;# we do not interrupt rebasing detached HEAD +fi + +case "$topic" in +refs/heads/??/) + ;; +) + exit 0 ;# we do not interrupt others. + ;; +esac + +# Now we are dealing with a topic branch being rebased +# on top of master. Is it OK to rebase it? + +# Does the topic really exist? +git show-ref -q "$topic" \|\| { + echo >&2 "No such branch $topic" + exit 1 +} + +# Is topic fully merged to master? +not_in_master=`git rev-list --pretty=oneline ^master "$topic"` +if test -z "$not_in_master" +then + echo >&2 "$topic is fully merged to master; better remove it." + exit 1 ;# we could allow it, but there is no point. +fi + +# Is topic ever merged to next? If so you should not be rebasing it. +only_next_1=`git rev-list ^master "^$topic" ${publish} \| sort` +only_next_2=`git rev-list ^master ${publish} \| sort` +if test "$only_next_1" = "$only_next_2" +then + not_in_topic=`git rev-list "^$topic" master` + if test -z "$not_in_topic" + then + echo >&2 "$topic is already up-to-date with master" + exit 1 ;# we could allow it, but there is no point. + else + exit 0 + fi +else + not_in_next=`git rev-list --pretty=oneline ^${publish} "$topic"` + /usr/bin/perl -e ' + my $topic = $ARGV[0]; + my $msg = "* $topic has commits already merged to public branch:\n"; + my (%not_in_next) = map { + /^([0-9a-f]+) /; + ($1 => 1); + } split(/\n/, $ARGV[1]); + for my $elem (map { + /^([0-9a-f]+) (.)$/; + [$1 => $2]; + } split(/\n/, $ARGV[2])) { + if (!exists $not_in_next{$elem->[0]}) { + if ($msg) { + print STDERR $msg; + undef $msg; + } + print STDERR " $elem->[1]\n"; + } + } + ' "$topic" "$not_in_next" "$not_in_master" + exit 1 +fi + +exit 0 + +################################################################ + +This sample hook safeguards topic branches that have been +published from being rewound. + +The workflow assumed here is: + + Once a topic branch forks from "master", "master" is never + merged into it again (either directly or indirectly). + + * Once a topic branch is fully cooked and merged into "master", + it is deleted. If you need to build on top of it to correct + earlier mistakes, a new topic branch is created by forking at + the tip of the "master". This is not strictly necessary, but + it makes it easier to keep your history simple. + + * Whenever you need to test or publish your changes to topic + branches, merge them into "next" branch. + +The script, being an example, hardcodes the publish branch name +to be "next", but it is trivial to make it configurable via +$GIT_DIR/config mechanism. + +With this workflow, you would want to know: + +(1) ... if a topic branch has ever been merged to "next". Young + topic branches can have stupid mistakes you would rather + clean up before publishing, and things that have not been + merged into other branches can be easily rebased without + affecting other people. But once it is published, you would + not want to rewind it. + +(2) ... if a topic branch has been fully merged to "master". + Then you can delete it. More importantly, you should not + build on top of it -- other people may already want to + change things related to the topic as patches against your + "master", so if you need further changes, it is better to + fork the topic (perhaps with the same name) afresh from the + tip of "master". + +Let's look at this example: + + o---o---o---o---o---o---o---o---o---o "next" + / / / / + / a---a---b A / / + / / / / + / / c---c---c---c B / + / / / \ / + / / / b---b C \ / + / / / / \ / + ---o---o---o---o---o---o---o---o---o---o---o "master" + + +A, B and C are topic branches. + + * A has one fix since it was merged up to "next". + + * B has finished. It has been fully merged up to "master" and "next", + and is ready to be deleted. + + * C has not merged to "next" at all. + +We would want to allow C to be rebased, refuse A, and encourage +B to be deleted. + +To compute (1): + + git rev-list ^master ^topic next + git rev-list ^master next + + if these match, topic has not merged in next at all. + +To compute (2): + + git rev-list master..topic + + if this is empty, it is fully merged to "master".
[-] [+]	Added	nginx-rtmp-module-1.1.15.tar.gz/.git/hooks/prepare-commit-msg.sample ^
@@ -0,0 +1,36 @@ +#!/bin/sh +# +# An example hook script to prepare the commit log message. +# Called by "git commit" with the name of the file that has the +# commit message, followed by the description of the commit +# message's source. The hook's purpose is to edit the commit +# message file. If the hook fails with a non-zero status, +# the commit is aborted. +# +# To enable this hook, rename this file to "prepare-commit-msg". + +# This hook includes three examples. The first comments out the +# "Conflicts:" part of a merge commit. +# +# The second includes the output of "git diff --name-status -r" +# into the message, just before the "git status" output. It is +# commented because it doesn't cope with --amend or with squashed +# commits. +# +# The third example adds a Signed-off-by line to the message, that can +# still be edited. This is rarely a good idea. + +case "$2,$3" in + merge,) + /usr/bin/perl -i.bak -ne 's/^/# /, s/^# #/#/ if /^Conflicts/ .. /#/; print' "$1" ;; + +# ,\|template,) +# /usr/bin/perl -i.bak -pe ' +# print "\n" . `git diff --cached --name-status -r` +# if /^#/ && $first++ == 0' "$1" ;; + + ) ;; +esac + +# SOB=$(git var GIT_AUTHOR_IDENT \| sed -n 's/^$.>$.*$/Signed-off-by: \1/p') +# grep -qs "^$SOB" "$1" \|\| echo "$SOB" >> "$1"
[-] [+]	Added	nginx-rtmp-module-1.1.15.tar.gz/.git/hooks/update.sample ^
@@ -0,0 +1,128 @@ +#!/bin/sh +# +# An example hook script to blocks unannotated tags from entering. +# Called by "git receive-pack" with arguments: refname sha1-old sha1-new +# +# To enable this hook, rename this file to "update". +# +# Config +# ------ +# hooks.allowunannotated +# This boolean sets whether unannotated tags will be allowed into the +# repository. By default they won't be. +# hooks.allowdeletetag +# This boolean sets whether deleting tags will be allowed in the +# repository. By default they won't be. +# hooks.allowmodifytag +# This boolean sets whether a tag may be modified after creation. By default +# it won't be. +# hooks.allowdeletebranch +# This boolean sets whether deleting branches will be allowed in the +# repository. By default they won't be. +# hooks.denycreatebranch +# This boolean sets whether remotely creating branches will be denied +# in the repository. By default this is allowed. +# + +# --- Command line +refname="$1" +oldrev="$2" +newrev="$3" + +# --- Safety check +if [ -z "$GIT_DIR" ]; then + echo "Don't run this script from the command line." >&2 + echo " (if you want, you could supply GIT_DIR then run" >&2 + echo " $0 <ref> <oldrev> <newrev>)" >&2 + exit 1 +fi + +if [ -z "$refname" -o -z "$oldrev" -o -z "$newrev" ]; then + echo "Usage: $0 <ref> <oldrev> <newrev>" >&2 + exit 1 +fi + +# --- Config +allowunannotated=$(git config --bool hooks.allowunannotated) +allowdeletebranch=$(git config --bool hooks.allowdeletebranch) +denycreatebranch=$(git config --bool hooks.denycreatebranch) +allowdeletetag=$(git config --bool hooks.allowdeletetag) +allowmodifytag=$(git config --bool hooks.allowmodifytag) + +# check for no description +projectdesc=$(sed -e '1q' "$GIT_DIR/description") +case "$projectdesc" in +"Unnamed repository"* \| "") + echo "*** Project description file hasn't been set" >&2 + exit 1 + ;; +esac + +# --- Check types +# if $newrev is 0000...0000, it's a commit to delete a ref. +zero="0000000000000000000000000000000000000000" +if [ "$newrev" = "$zero" ]; then + newrev_type=delete +else + newrev_type=$(git cat-file -t $newrev) +fi + +case "$refname","$newrev_type" in + refs/tags/,commit) + # un-annotated tag + short_refname=${refname##refs/tags/} + if [ "$allowunannotated" != "true" ]; then + echo " The un-annotated tag, $short_refname, is not allowed in this repository" >&2 + echo "* Use 'git tag [ -a \| -s ]' for tags you want to propagate." >&2 + exit 1 + fi + ;; + refs/tags/,delete) + # delete tag + if [ "$allowdeletetag" != "true" ]; then + echo "** Deleting a tag is not allowed in this repository" >&2 + exit 1 + fi + ;; + refs/tags/,tag) + # annotated tag + if [ "$allowmodifytag" != "true" ] && git rev-parse $refname > /dev/null 2>&1 + then + echo " Tag '$refname' already exists." >&2 + echo "* Modifying a tag is not allowed in this repository." >&2 + exit 1 + fi + ;; + refs/heads/,commit) + # branch + if [ "$oldrev" = "$zero" -a "$denycreatebranch" = "true" ]; then + echo "** Creating a branch is not allowed in this repository" >&2 + exit 1 + fi + ;; + refs/heads/,delete) + # delete branch + if [ "$allowdeletebranch" != "true" ]; then + echo "** Deleting a branch is not allowed in this repository" >&2 + exit 1 + fi + ;; + refs/remotes/,commit) + # tracking branch + ;; + refs/remotes/,delete) + # delete tracking branch + if [ "$allowdeletebranch" != "true" ]; then + echo "*** Deleting a tracking branch is not allowed in this repository" >&2 + exit 1 + fi + ;; + ) + # Anything else (is there anything else?) + echo "** Update hook: unknown type of update to ref $refname of type $newrev_type" >&2 + exit 1 + ;; +esac + +# --- Finished +exit 0
	Added	nginx-rtmp-module-1.1.15.tar.gz/.git/index ^
[-] [+]	Added	nginx-rtmp-module-1.1.15.tar.gz/.git/info ^
+(directory)
[-] [+]	Added	nginx-rtmp-module-1.1.15.tar.gz/.git/info/exclude ^
@@ -0,0 +1,6 @@ +# git ls-files --others --exclude-from=.git/info/exclude +# Lines that start with '#' are comments. +# For a project mostly in C, the following would be a good set of +# exclude patterns (uncomment them if you want to use them): +# .[oa] +# ~
[-] [+]	Added	nginx-rtmp-module-1.1.15.tar.gz/.git/logs ^
+(directory)
[-] [+]	Added	nginx-rtmp-module-1.1.15.tar.gz/.git/logs/HEAD ^
@@ -0,0 +1 @@ +0000000000000000000000000000000000000000 5150993accb5edefa61d71e1c81ad8c02f515428 U-arrakis\jg <jg@arrakis.(none)> 1481905161 +0100 clone: from https://github.com/arut/nginx-rtmp-module.git
[-] [+]	Added	nginx-rtmp-module-1.1.15.tar.gz/.git/logs/refs ^
+(directory)
[-] [+]	Added	nginx-rtmp-module-1.1.15.tar.gz/.git/logs/refs/heads ^
+(directory)
[-] [+]	Added	nginx-rtmp-module-1.1.15.tar.gz/.git/logs/refs/heads/master ^
@@ -0,0 +1 @@ +0000000000000000000000000000000000000000 5150993accb5edefa61d71e1c81ad8c02f515428 U-arrakis\jg <jg@arrakis.(none)> 1481905161 +0100 clone: from https://github.com/arut/nginx-rtmp-module.git
[-] [+]	Added	nginx-rtmp-module-1.1.15.tar.gz/.git/objects ^
+(directory)
[-] [+]	Added	nginx-rtmp-module-1.1.15.tar.gz/.git/objects/info ^
+(directory)
[-] [+]	Added	nginx-rtmp-module-1.1.15.tar.gz/.git/objects/pack ^
+(directory)
	Added	nginx-rtmp-module-1.1.15.tar.gz/.git/objects/pack/pack-3912c9200a41c4fbd876afb583ab7ecb4733401b.idx ^
	Added	nginx-rtmp-module-1.1.15.tar.gz/.git/objects/pack/pack-3912c9200a41c4fbd876afb583ab7ecb4733401b.pack ^
[-] [+]	Added	nginx-rtmp-module-1.1.15.tar.gz/.git/packed-refs ^
@@ -0,0 +1,369 @@ +# pack-refs with: peeled +406d3a9527e08ea148e7c10ffa4009e0e5070b11 refs/remotes/origin/access-log +e19ff641b06d3abd30b3bad5cfb491d158835713 refs/remotes/origin/aggregate +eee52d83c4bdafe712685be06822acb051d407a7 refs/remotes/origin/async-client-handshake +87686029aa2cfddfea765c626be7161981583482 refs/remotes/origin/atc +3d5f6df7311594b051fdd26d3ae120d4ae708bb4 refs/remotes/origin/atc-only +3c2e29f215fb09e5b4cb29040d1e5e092ce73849 refs/remotes/origin/auto-push +f39d3f66a3ea6bb15b50737b90004b12056a3ad1 refs/remotes/origin/avc-parser +205664d8c5e040a61b36ae0b74ddf17bc16d2150 refs/remotes/origin/big-endian +10bcbf0e8daf38e3f3569ba84050f85fd46dd2d0 refs/remotes/origin/big-hls-buffer +fad4f4717b47ab368d80ff480f2889631edc6521 refs/remotes/origin/big-nal-buffer +f6ccfb6fa1d05d3babc1bb20ca7003802f85f2f0 refs/remotes/origin/chunksizefix +d9579d627d727d8ad5edd2a0054f66324bebd459 refs/remotes/origin/close-stream +aeae84bf8babcd7130f71b5941834eeb4fafa61a refs/remotes/origin/cmd-handler-init +ebc47f03a43758c4f44ae90c193f4111f9ab1e16 refs/remotes/origin/codec +cb4623aa4f7e6c2d1cb4c9c9f55ea6107f3a3985 refs/remotes/origin/const-fix +0b757e8a49480a88f5e051f6590f25e6c4de3288 refs/remotes/origin/control +ef424df677eb545ba5277649ee99fbea7e38bb55 refs/remotes/origin/control-director +5e5dd797c2307b40a11409df806f07a427b3cd57 refs/remotes/origin/control-redirect +b07e0e2dee3a2019dc2be34591b1c4e27730b2a0 refs/remotes/origin/dash +e8081fd94f1d7ae4483f0a5ca002af8a79d447eb refs/remotes/origin/dash-discont +fe4877f2168e7e62d6a45cb26708d662f0416961 refs/remotes/origin/dash-timeline +39717828d67359329797d0ab5f297162b5d5e248 refs/remotes/origin/default-buflen +90f985fa2f015e8bdfe92a9b57a5d04b779d7be1 refs/remotes/origin/defclose +63d19ada51b6a1932e1cd73d9895a08cb1ae7827 refs/remotes/origin/drop-old-publisher +6c79085d5c4203d11d9aa53d456ef7195de8cdc4 refs/remotes/origin/drop-restart +fe8bf2d6974834ab346b82533151bc953fdfaa7b refs/remotes/origin/drop-restart-mstat +52c2ef3f91569c3b1c10a40fd1bf56bb4dc1d9de refs/remotes/origin/enotify +57a96ac2bc1812188aa81237ad582ca115f4391f refs/remotes/origin/envivo-fix +87686029aa2cfddfea765c626be7161981583482 refs/remotes/origin/exec-fix +67aa7d5d0da67a43683e8b05467afbdff5622532 refs/remotes/origin/exec-init +f79aa206ec572c225c8bd32b5c2b1d7cc5ede692 refs/remotes/origin/exec-logging +b62651efbdcaa77f7836ef5c52ddccfdf9ca473f refs/remotes/origin/exec-pull +a6913ea68ad017eff14d098f4086c5dafae12af6 refs/remotes/origin/exec-pull-ext +8c39b37131d150f152aa21a03f076501f39bf4a1 refs/remotes/origin/exec-static +5e55f62b88f439dc1fbe311060bef53dfcfbc42e refs/remotes/origin/fast-start +0210f7ca83f8fd65261c4b9040743edf30a258fc refs/remotes/origin/flv-append-fix +fac68de376a2e20aed5627681ffc90d6374bf295 refs/remotes/origin/flv-header-mask +b31539ce95d2f84ce8be22b9d11cb4abcd3cb90a refs/remotes/origin/fmle-reset-byte-counter +990222d643b30a3c9e0db31209416ae9b47e16d3 refs/remotes/origin/fmle-time-fix +cbccd06babfc66ab920e7e2331d125516715f709 refs/remotes/origin/freebsd-auto-push +6f2808c7d11564e2269e9f64b9671f8c080c893d refs/remotes/origin/get-notify +12a0d39bed54bfb3c30272d8d1328d74378853ce refs/remotes/origin/gh-pages +76211a4bd254e5145d38c0275ad790dc9fac8fd4 refs/remotes/origin/good-logger +ec282438514e88f7267653728b42c77e3df23bc3 refs/remotes/origin/handshakefix +d34c6393f6ff22ef6cff6cb2c4ef7c1fe6cd35fa refs/remotes/origin/hls-async-delete +49a3ee0dc6d5b85fe1164995c8d94424a0971838 refs/remotes/origin/hls-base-url +4906e816bec876e3e81b129622de3f5e430dcc32 refs/remotes/origin/hls-continuous +764a039c5856bb8bfb251ff15f4c95cf1c82e54b refs/remotes/origin/hls-debug +a43bafe3de4641268d04f9105f6ef409abb8ede2 refs/remotes/origin/hls-discont-fix +8acacd0d7906820039bc5e1e22a4ba332caada3e refs/remotes/origin/hls-encrypt +7500b4bd90fc942468f94dd3a12dbcdf9c3199a6 refs/remotes/origin/hls-encrypt-auto +78dcfbcc359f8275a55b7a14d6228e9928c75816 refs/remotes/origin/hls-ensure-directory +737ea5ce34c8270479811acfacba02112e202625 refs/remotes/origin/hls-event +546c42efeb910fb6b7b592293f5737324ddd606a refs/remotes/origin/hls-granularity +2ed36a2611c1674d495f754ef3066c4a8bf98aa3 refs/remotes/origin/hls-nocache +21174b2ee743c9ea1a0bccb46436c56c871febd3 refs/remotes/origin/hls-nocrackle +6298aa7e1d95df8b806a262196a6589159284c74 refs/remotes/origin/hls-offset-fix +059dba448ddeed901d06f825ed84e5e85c0f64cc refs/remotes/origin/hls-read-playlist +0aaf2a625903ba6d4d9e1e761a0e866215149994 refs/remotes/origin/hls-restart +2bb16425da9b593f5f9568f7c91bf06a5a1012f1 refs/remotes/origin/hls-restart-on-audio +3d54d69e252bb537dc8fb03cc96ada084bd5da8d refs/remotes/origin/hls-trailer +4ff1bd09fcbd8a77618bd528fd8d32fb72bd2661 refs/remotes/origin/hls-ts-discont +2f1091679b60b8741e59f257ac2c59905cec8206 refs/remotes/origin/hls-variant +dc698edf242a1ba6d806571e2b32e50fb4d6fcae refs/remotes/origin/hlslight +7b88858b44371ae03d29052fe6d398750fba851e refs/remotes/origin/http +050a4e7586552003baff9dd920d28d51eaf8ab22 refs/remotes/origin/idle-streams +3fc1598db94b234b2ec5f368c34c5d3e877040a0 refs/remotes/origin/init_queue +d9d749af5b156ea2b4623f7e8d0efa5139885924 refs/remotes/origin/interleave +5150993accb5edefa61d71e1c81ad8c02f515428 refs/remotes/origin/master +67443c28b4aff60023ce143475c2d287c264f2f7 refs/remotes/origin/meta-copy +266e206afcda93cf2880e660fb796eb99fb6df6c refs/remotes/origin/mixed-codecs +58491f8feddbe801557704dd1d1ac9d0950cdf3f refs/remotes/origin/mp4 +af5703b35756667eb008bdffb22626616bbae020 refs/remotes/origin/mp4-choose-track +3f9451fdfd2707e91536bb3b942cd0a8202ebc31 refs/remotes/origin/mpeg-dash +05a23dbc8b8a23bcb49ea71978239ab1e2e79d5d refs/remotes/origin/mstat +cbe760aa8ad43d3908b7c9408d7f3946747981b1 refs/remotes/origin/msvc-fix1 +4ec43349ad5e16a9216844430695a3479ff6d558 refs/remotes/origin/multi-pull +004accda9aef265eb1b4df39846156e6892d6a30 refs/remotes/origin/multi-record +41515325899813d996e092ce4219204cec56ae3a refs/remotes/origin/multiplay +4ec43349ad5e16a9216844430695a3479ff6d558 refs/remotes/origin/multipull +1894d333aa9fd76e857532efe6c64d343df137e7 refs/remotes/origin/native-hls +e22ca286044d343745a4a28b15c6298f80a9fb61 refs/remotes/origin/native-hls-rr +b5461f61c6833aee803b5134f2285aa652978e09 refs/remotes/origin/new-live +903abb6646153c9eca2697727231d46804a0c1b7 refs/remotes/origin/new-live2 +02dd440a25097e8528d9cdfa85132b6920649547 refs/remotes/origin/new-live3 +22de95e634b92e23eae85134c05e54c98404e34f refs/remotes/origin/new-relay +7b5c5e99327c19600ab2bab89960ba217be52949 refs/remotes/origin/new-stat +591d7f5f3f0a2381f466f578a768ff19344cfbb0 refs/remotes/origin/newhandshake +cbaff8f1df7c7eabc9474909104f8f4f05324930 refs/remotes/origin/notify-addr +7f7fcc8d5c0e8468db2b37de9a4ef3ec392c52a7 refs/remotes/origin/notify-redirect +8d28f7f1de08a81ce356f55c6e29141369bf7aec refs/remotes/origin/notify-redirect-md5 +58bd6029463c79347d45be4488a3786abe5cebb8 refs/remotes/origin/notify-relay +f89bbae2354ea09cb5d8b04d24ba4df8415e7f09 refs/remotes/origin/on-connect +62e03d710cd02043156ac86da3b07e5186c78e11 refs/remotes/origin/on-update +15405e8edde4db9e3c6b56c3a17edbf7dcd974f0 refs/remotes/origin/optsend +9788b1a5309d40809df6832e81593392f3b381a2 refs/remotes/origin/out-metadata +2fdec454604b76b40d322b83106ec1a35b98dfce refs/remotes/origin/out-queue-settings +0478c4445f26f55d33e360a91a7ab4cd57f44f3b refs/remotes/origin/pause +940ff260099958edf27eb11fe0b959e881fd5dfa refs/remotes/origin/peer-timestamp +067c73710d15f046945ada24d5ca25d50b2751c7 refs/remotes/origin/play-publish-done +5d3189ad97c87bbdac9fb455f7505d0d4d5eb058 refs/remotes/origin/play-seek +8a8f28f3b67d0177f79e754c478e845bac70eb58 refs/remotes/origin/play2 +521f8998b0cf1e197152655b214285ebde974fd3 refs/remotes/origin/play2-continue +3e25f91004b83c1a1fa25a8993cdd691f65bf658 refs/remotes/origin/postconf-handler-init +4ec43349ad5e16a9216844430695a3479ff6d558 refs/remotes/origin/preemption +a72e33ea411ed5f55df04ea9ab9dfceb09137642 refs/remotes/origin/proxy-protocol +6ab14605ba4a410b39916543302a9a9eb4d19698 refs/remotes/origin/publish-optional-type +1c2470975e4f23742d3e468649c2ad2bbfb77e7f refs/remotes/origin/publish-time-fix2 +dbc3ac2438757b23a65e1612c36b5691e7173585 refs/remotes/origin/push-reconnect +0b6a84b0b829c6794c0635dd30a2aa6712417c8f refs/remotes/origin/record-append +abc2704db1193bd993b886463063059d1ff5050e refs/remotes/origin/record-done +8658d99529384a487113bb9b80aaffd7714f16a7 refs/remotes/origin/record-keyframes +9b3471d79f43382db134b407cfce4f5b4ee24ae0 refs/remotes/origin/record-lock +f79aa206ec572c225c8bd32b5c2b1d7cc5ede692 refs/remotes/origin/record-name-format +bff1c355ec7db875972da6682e2553d65ac847ad refs/remotes/origin/record-notify +b69efd3e94113f627f25d0ab67fcd1036eab5fb1 refs/remotes/origin/reentrant-relay +1f9072bbe69e015021a31784b3ac66f0b296c911 refs/remotes/origin/relay +c9973fc68a91284c632f3afb736303d6402f6c4e refs/remotes/origin/relay-vars +7aa513cfcd5fd345ea477ea582faa8858628974d refs/remotes/origin/reltime +de2a4258d77aecdc2fab34b5857ca4529b1fe0ba refs/remotes/origin/remote-redirect +60038b6ea15ae34dc1f177625adc73ddb39eb984 refs/remotes/origin/rooms +35753c5f6221c31edad65a2f70802b856e642fe3 refs/remotes/origin/rooms2 +4a1358723a7ce288aeec9583da97166c260b38dd refs/remotes/origin/rtmp-ads +71f92aca8d631cbc800c8eed235535e0b0a52991 refs/remotes/origin/safe-amf-parser +87d1cebfe2822d75f9c97fe2487723029abc272a refs/remotes/origin/sample-access +57dd1406bd59224eea4e0aabf9dbfe4c82e6be9a refs/remotes/origin/session-relay +22de95e634b92e23eae85134c05e54c98404e34f refs/remotes/origin/shared-live-streams +5d7a5ea535ed40e7a9459967dc607bb52b10db12 refs/remotes/origin/shared_record +18e4762db29139ada9c8be4b36070005e8d01efc refs/remotes/origin/smart-drop +a8d148473db0fe5fb17e5e7527a3cafcfafb1fff refs/remotes/origin/smartos-compilation-fix +2cff2a58210c2f964f4d2ee76a8461fb81e28610 refs/remotes/origin/stat-no-underline +e3be78bc6b6f91fea27ba235a6393dee50817bcf refs/remotes/origin/stat-redesign +3bd60857bd5ea2f3024e7de248bdc3d64b58859d refs/remotes/origin/static-relay +7a35372e30dca2a10c843219597bc4bc481fdda0 refs/remotes/origin/static-relay-cleanup +882b4f15b287b3e313088a67b2a4a543fbb6511d refs/remotes/origin/static-relay2 +ac13bbf1af345532a009a88d93ac4b7869ffe456 refs/remotes/origin/sync +9b4725a01a9615dfa7133d659ff936bd69e91345 refs/remotes/origin/sync-atc +7fbfb36440d99786f3c4ecc723ae61fcdedc3ce5 refs/remotes/origin/sync-atc-fmle +466c1fdf168646d57f0f43c463ad524143917e01 refs/remotes/origin/sync-atc-fmle2 +93b669273561ebd80fbf106b8b482d28a4377b81 refs/remotes/origin/sync-enotify +c8ad56e2d232933453d54767db55e96e00dd3d6c refs/remotes/origin/video-key +6ad152ee4c43238bd6a9f71f36b8e5a1757909a0 refs/remotes/origin/video-on-demand +b6194ed6e6a01ce14026c1778148db61a9a6765e refs/remotes/origin/virtual +4adc5f7487b0bb27cf027c3e792b00821ad30ada refs/remotes/origin/vod-http +0f337fe9a482e3da10ca7e8055ae1d8a2ccb9037 refs/remotes/origin/vod-sample-access +98d959ac5374bd14123f53318e6c8a8d481ffd92 refs/remotes/origin/vod-seek +770e67b1f33134c7db41e99f27ef167b16be8032 refs/remotes/origin/vod-stat +5db5d5af24af798f698fcc0f6eeecbac52932139 refs/remotes/origin/vod-stat2 +658f5ec639e290476f19eb91f371e2bf453616c0 refs/remotes/origin/win +289ee42c53f49728eb134f2226a2ef9ca7a32414 refs/remotes/origin/win1 +92d4c071d91b9de67e7293efcb72ad97c28285a7 refs/tags/freebsd-native-hls +^1894d333aa9fd76e857532efe6c64d343df137e7 +316b05d54e7e290546872cb26ad5b431b2a935af refs/tags/v0.0.1 +^eda826a386f10109816c57db9ed0908bdca92330 +2ba5b409dfac19e28befd698e0e03ea8f3799517 refs/tags/v0.0.10 +^d943d519754d1c08073298114807a8afb154d07f +f00415d4264d303b1a2771a3c6a36c026217e000 refs/tags/v0.0.11 +^bcd601832a0a2dc968621e065f1dbeaa14b77bb6 +3080d5f1e2f6e7b4da23585fb538152cbe91bf77 refs/tags/v0.0.12 +^caec91b85772dc5e078a3152cb6ed436c26bfbc3 +740f8034ec343eeab3c19c5e777fc1af05af12e5 refs/tags/v0.0.13 +^d3c5ad11969c6bfba083a33c5c7540d79692ab0a +18719a9ae0332480c80acac56b54e87b6131f46c refs/tags/v0.0.14 +^cf1976cd05a6e73cdf5fb1506f84508a297688b6 +903e750ce238efa3cde37a40a00c83d0efa7190b refs/tags/v0.0.15 +^6295147db1d44c9e8430b09cf2bf3d0a43c16b56 +93cd6b10d401382dfc8f740dd8e995fc5241eacc refs/tags/v0.0.16 +^359c346d3516403f5545dac0e9d8fe57ff09238e +88536319dc71fa9e8202eb000dcce7f1aa864321 refs/tags/v0.0.17 +^15405e8edde4db9e3c6b56c3a17edbf7dcd974f0 +6eba477d8578b5c488e034ab25d45e34e30636f5 refs/tags/v0.0.2 +^8204245eb223290cfed21f6748860a4bec510ed1 +4793210ff635d428fc37692d88a1107e32f3839e refs/tags/v0.0.3 +^96ebed857347b368cb78749de3515797eb0d9364 +110118d72aa68bced1a7da6d427c4a1473153f8b refs/tags/v0.0.4 +^b9ee8dbe097b2ab9cd60786c1cfa9a48237c51dd +49d4548bbc229885290915256d3b75f5d0b2863e refs/tags/v0.0.5 +^1e9a7e6efcd6990662f41e54587f27ab3f28ba87 +1c620f4121a3c4c64ccc71ca9a3aee100b702221 refs/tags/v0.0.6 +^3980a5923715131c8ac011410e63250ef5d13c93 +dbad1b31d510f290c5ebac4f073f5b7c3ef97e04 refs/tags/v0.0.7 +^7b70e9241327b93d04554cd7b8d2eeadb2acc4e6 +41ca3077bdbd20c2ddefdcc5f03a26b9ab6c358b refs/tags/v0.0.8 +^e563c3146e31eb8ce48634262435978bab26f7f0 +dc702ef73579582157563de257bf906d5ac77e18 refs/tags/v0.0.9 +^31d18ed4478684571476aed6125e942bfc738d77 +e2dcb0bea3859e6a66a7601356a7d90434d5ef4f refs/tags/v0.1.0 +^c61d7ac56f4895dc3f0513344b45d74943d4da19 +a0e0796bff7e6a33181d4cb6a1981a9889cf791c refs/tags/v0.1.1 +^f6ccfb6fa1d05d3babc1bb20ca7003802f85f2f0 +80db4c48b3cc30ad12112b5bde3831520c81a92a refs/tags/v0.1.10 +^88346934e51595118518957553316afda5a8b771 +b103795c7f1f41a51451dace848f8de085d59840 refs/tags/v0.1.11 +^45cd9825a2bb882c3b65a9c1139342bc59e40750 +8c8410a1def03c6f535110352398a0fc463d08f8 refs/tags/v0.1.12 +^63c4269a9146370db970894512523b9f3893ffad +951872e641cbebbd925c17cb8e8cc8a0289fe9cd refs/tags/v0.1.13 +^1719ef4433de03e8d95be7838a933326d717f1ee +6432ba9937589a7bbd58975d2e253a65e433e17b refs/tags/v0.1.14 +^fa3630d63d77ec4e6dcfa14a88afb5804b1b3596 +4b89a9819cc22c6ca1852613c518e0f400c6c048 refs/tags/v0.1.15 +^8def5f394543b822b6b450e79bdbf9a73f1d0a99 +40d6554b7196933e96aff91bba15f6b31c99dedb refs/tags/v0.1.2 +^4e713b75e8e3cd8f5456303e2f7f4803776f33de +a33ca7451cbd32dc2f43e01b3b87552f055a56ae refs/tags/v0.1.3 +^d82c16499de14965ff1259c457b33b5a81614c40 +dd9683b203e09b13d08e717e20304060c1d320cb refs/tags/v0.1.4 +^a4f48c5baa427c9d9093c0ceee339820c2167624 +d216f3dd61f67da413503b492af4b1f5c3e58451 refs/tags/v0.1.5 +^32279ddf26a9d9e0f34ff62d460bf4c1b14e2088 +2dab9cce52024dbf7ae3273770e159e73db21618 refs/tags/v0.1.6 +^49382c826b041589badb32b5f5f512592405a736 +c83a64c91d926c1bc5ac35036d49c31f87165466 refs/tags/v0.1.7 +^63e19f8d67d4f442f2700103c4d8ee9d137c0116 +0ab4039b703078ddacd4e70adc67b99efd946de3 refs/tags/v0.1.8 +^4bb48483be9d91a74a2efd5cb80fa136918ae466 +c9d359554132dc807d599b8d28b3193c8e37d841 refs/tags/v0.1.9 +^6143abc41803be6da47bfc4e15bbfe1d315de832 +4d20bb15480652145358c20f444f77ddbe2eeac6 refs/tags/v0.2.0 +^eb4e9e8d9033cb7c1775eec114cd7b90af26b047 +9df13315600aa2752fc99e80fb8b73a78e0f0fbf refs/tags/v0.2.1 +^1a2a8e2867f4d1cd64853bc49af9e725ee7f8343 +7e8b090de600016d965d3080b0cd6bc81eb60f67 refs/tags/v0.2.2 +^4e475cccb507951e5091f0ff5f1d4ef1903fd439 +f7f24bade80cca3a09e7286f250bb464cfab2df1 refs/tags/v0.2.3 +^295551947a187a265e5c60e6cccdf4c894a21e24 +2bf2e04da1cd97187612ba73ce9010c96393b76a refs/tags/v0.3.0 +^58491f8feddbe801557704dd1d1ac9d0950cdf3f +aded30326d7e233283346dab1258d4fdf69c31e7 refs/tags/v0.4.0 +^3c2e29f215fb09e5b4cb29040d1e5e092ce73849 +3381f10c50c161b0350ca8030535a97f43977940 refs/tags/v0.4.1 +^067c73710d15f046945ada24d5ca25d50b2751c7 +943ca88b8160225ef8decfab7aa3c6ba40c012a7 refs/tags/v0.4.2 +^ff247dafff1cab945c85ceefcf97d76fa1972c0e +2864097d4bf7e81a95bc85d133121beaf8262fc9 refs/tags/v0.4.3 +^ed5f06db8a90746059730fe8b55cf9ddc64ca67e +ed9bef4dc07d34078749b79d072cde59f385084a refs/tags/v0.5.0 +^abc2704db1193bd993b886463063059d1ff5050e +eb94d37c69842eb563fa3e7c9cc286cc942fd2e8 refs/tags/v0.5.1 +^6485716fb4734d5fc25ba12d849e2dedab63707d +0b020f1757f052a24a4d4c2061fcc4f8e1dbd440 refs/tags/v0.5.2 +^87686029aa2cfddfea765c626be7161981583482 +053bdc9277034a6db7edcc3d46c042ab8c62989b refs/tags/v0.5.3 +^cc632eb6b683eacdced09bfbe905e510779d5efc +307f468efdffa4ad07e79c0e39eab9f9eb195307 refs/tags/v0.5.4 +^bff1c355ec7db875972da6682e2553d65ac847ad +98438d54995ad4d11d7a020ff6b77919ca368448 refs/tags/v0.6.0 +^72d175ed7f5dfb4874ac6e002b737d866a0553d7 +f1eeb39f851366614b7dc1afa1fba21e1595475f refs/tags/v0.6.1 +^21174b2ee743c9ea1a0bccb46436c56c871febd3 +2b20008d1f3cb4b357d74ee288e2c00ac801d415 refs/tags/v0.6.2 +^795c1538a3602d5eedf7617c6d13c775721a66b9 +6b1f2547203b946cbac8c60bd86e5f04ad1a9a1d refs/tags/v0.6.3 +^c86e30fd270103b00c244f136c8780fb3a51b921 +d623935695e9ac6418a1baa24283bd35a42fef81 refs/tags/v0.6.4 +^f65f07deb32565b144e22faece57638f8961d62f +d3a7be773484e670119dfa20ff56cb0a91a8554f refs/tags/v0.6.5 +^4adc5f7487b0bb27cf027c3e792b00821ad30ada +293ebabd1220ec4615e2eb89d19ca3e7a381d1a3 refs/tags/v0.7.0 +^101b43a478bb44018733e75a3bf3b1f8adc5b2e5 +4b12afb07c889648864458c3a6096dc274c7420e refs/tags/v0.7.1 +^98d959ac5374bd14123f53318e6c8a8d481ffd92 +eb5ccb5fb1f735b82da3a43ee0d8d398bd932840 refs/tags/v0.7.2 +^6f2808c7d11564e2269e9f64b9671f8c080c893d +23fe9e844ecafd18a5d713618a36fb68846db951 refs/tags/v0.7.3 +^62e03d710cd02043156ac86da3b07e5186c78e11 +09b1e2bab6467a8d50e37939b4d1fc0b9777adfd refs/tags/v0.7.4 +^696e488ecb089236a297939248d4616d4665d347 +fa8752466e94879be074386c2f0420640cec3b41 refs/tags/v0.8.0 +^02dd440a25097e8528d9cdfa85132b6920649547 +7c3df8e2c78a85ef7f5d2e8f100e5f54573c71c7 refs/tags/v0.8.1 +^9f4296c08382b1374018346cce3bb5d40036f47a +f8899c67c2508ded911a93117b3186df6df631bd refs/tags/v0.8.2 +^ac924d7f940f05063d7ef0503aa7f3a1576bf380 +683a29d4d0a536b6a97c07d1deeacb8cc11a6af7 refs/tags/v0.8.3 +^3d54d69e252bb537dc8fb03cc96ada084bd5da8d +2aeefa379b700de0c9c1b4ed94e186e0d1d1a580 refs/tags/v0.8.4 +^f2f28cbe487883caed333ffb4f5f7942bed64c09 +5ea2a003691a63630e6c1d492c96d6581338efb8 refs/tags/v0.8.5 +^bd562e4ff7c10cad71711828548cbb584bd4a80b +11ee9f81e8b8a077113cdf96d655d7cf9961a03d refs/tags/v0.8.6 +^e5e5766ebb51e1c36b6804fe0ddc02ee8ca19cc6 +544c73b3b27c93df0d61172c62a7eee2e8252953 refs/tags/v0.8.7 +^3eaa43a7a327646acdebe87000422c6fd086adbe +83055d17d104c267aeebda070246b0917dbfffb2 refs/tags/v0.9.0 +^406d3a9527e08ea148e7c10ffa4009e0e5070b11 +37a1511c0e7c6a1a522bab7355289a71a7876ad2 refs/tags/v0.9.1 +^ea65ac688cdd89dad65bcdc3b62d5e152b47f1ec +ee0df070f78e83f3857301aa0e4340c15743403d refs/tags/v0.9.10 +^6923889e5386abad1aa07e2c29462fc469d3a5d4 +cb5e1df91a1b8d020de63d6cbbacd9f74097a375 refs/tags/v0.9.11 +^3aa528fccd2c3500b2eeafa6589c3f8f07564186 +6d328d3291833a9991cb27df45d1c82cfc3bc5fb refs/tags/v0.9.12 +^11e3f53fd259f0297a4d8f440afceb8395b45622 +b63100856c3a795440047324aaf863c6339e859f refs/tags/v0.9.13 +^0a8f0ee6c560edc032f66a25d527e9cd7ed6b62b +e13bcdadf3b57f91e8eca678846480522eb214ba refs/tags/v0.9.14 +^612fc4dd7514b3da2ac774a6daeb7baa60314f36 +1c92b49d30e7215483d5c0c038da2d09d6ac1d16 refs/tags/v0.9.15 +^7b5c5e99327c19600ab2bab89960ba217be52949 +bc3fe7a8ebf166e5187f7bac00c70e40a9b192fe refs/tags/v0.9.16 +^c0fc4bbdccf1d328eaa098f3287e427e369517c0 +d5288d89f8c1e1c8c82218a23deedfabb845fa1c refs/tags/v0.9.17 +^f79aa206ec572c225c8bd32b5c2b1d7cc5ede692 +bce7ea3e62682b29d61d56cc6bcc0e794857d557 refs/tags/v0.9.18 +^c61e99a36878fc618e29633db0e9652be13f6284 +39cb7ca0a51e7e4bfc400b285141a71ac7b565c7 refs/tags/v0.9.19 +^a47b23204b43d5b823feeb52b0c868b2c96847ca +43dd6489282d965072eb48479af5e8d90ac6ad38 refs/tags/v0.9.2 +^af5703b35756667eb008bdffb22626616bbae020 +73e60038c62b281fd0e4ff5565f35797fed46a1a refs/tags/v0.9.20 +^e29e64ed7d262904d22ce0a708e67cc02115f497 +828fcd80c23df5caf0b7fdbf897ba45a92f3dce7 refs/tags/v0.9.3 +^aeae84bf8babcd7130f71b5941834eeb4fafa61a +31f684d189aec37550e82e4c7cf3ac751a781ade refs/tags/v0.9.4 +^f358a2e8f9269afef85d82549de4945942b39d6c +63540cc06386523c08857cf435ad9c2f6daaef8a refs/tags/v0.9.5 +^c0ad999f37675dd1bbed11d901f34259827bb405 +e7fe15e6ca0cb0f81ec42b5b309ce6f720525193 refs/tags/v0.9.6 +^5325df0135c467d21cf93cd5c5df6af60a87a9e8 +0dda255fe75318707bb20e0078ace6da1f160cd2 refs/tags/v0.9.7 +^138c330da2ace7617af3c6b671fbee049f387fb7 +568ce8f0a850d3d7e00c33247edffe366cff0d51 refs/tags/v0.9.8 +^6903ac23e430b4170b108bb2f631562560c37fe0 +2d5bc52527e46171d2e2a7c4d9c87fa2a4e39fee refs/tags/v0.9.9 +^af8446a0985ba76873c25a6aae5125e47c7a3194 +d27f964d1f45d546419795b058fea60f3f1f21ab refs/tags/v1.0.0 +^613234b866fd08ea2221d183edfd9eb6d8a8bf4d +421d9ff41f699cc344845df9869dccff0ce4ad86 refs/tags/v1.0.1 +^cbe760aa8ad43d3908b7c9408d7f3946747981b1 +e1ec6d2f08937878a985bfa7d4f49e93312dc7e0 refs/tags/v1.0.2 +^6b92cd6b29ddeea5a113b6e5d8d854b6986e3fd1 +7749d54fb000641dfa6c8eebfb8765175f187a13 refs/tags/v1.0.3 +^7b4df729c1c4d86589f8ccadc0bd20ee733416f9 +aaeca4ff01f858cd719ea5b86eef7dcc3ba259ca refs/tags/v1.0.4 +^67443c28b4aff60023ce143475c2d287c264f2f7 +d7e1af79c4d152d16bcacfcd2ca18d58e6b3201b refs/tags/v1.0.5 +^737ea5ce34c8270479811acfacba02112e202625 +0acf1123a044c8afd68112387712abd59e45a2eb refs/tags/v1.0.6 +^1cfb7aeb582789f3b15a03da5b662d1811e2a3f1 +bd4f1b4cf7c58e55298c326184e5ad1a15c3aff0 refs/tags/v1.0.7 +^995688b9cfea4fb01a5b8ad0e110fec0866e501c +5beda43a6b388af5e7c1bcc55384163d97dcf836 refs/tags/v1.0.8 +^d01ffc0c88d9ce736be3dee99b4f9d3fcc07b685 +f792dab070dbdedc3b968483287fa59e6ae48a03 refs/tags/v1.0.9 +^471d299f5d5348dfbba6132779587553c3a709a7 +a08c7835b05e2bd816efb1f8036cb7c9bf59b906 refs/tags/v1.1.0 +^8542e21e17587ee2e928cdfedc1cb82996df7719 +e9d11158cb1b18a0631a94c4e8599c0f8c64adb7 refs/tags/v1.1.1 +^8608faad1e0b25c80b1f9b93439d6fd450db5c15 +cf710155b2666d2456a58a49dac1af4d93b215ce refs/tags/v1.1.10 +^5150993accb5edefa61d71e1c81ad8c02f515428 +2a721794867c76e9ac9e653e76da9503cbc9d60f refs/tags/v1.1.2 +^65cd61e43350c0de0a69103aed1ecf7f2b081ab8 +c130de320738a9ae084ba3d54f033c98e6e82d65 refs/tags/v1.1.3 +^6f768dc4eb2a2cb7798e31c7465af77b94ca2733 +3fdbbcc01249d7a3f0559192debfe09f844aef6e refs/tags/v1.1.4 +^8c2229cce5d4d4574e8fb7b130281497f746f0fa +28618cde22c864eef6ecdba9da636a2f2f611b20 refs/tags/v1.1.5 +^7500b4bd90fc942468f94dd3a12dbcdf9c3199a6 +1706bc84f5b0882dec6f1854d9054be7e3d12ab2 refs/tags/v1.1.6 +^7a35372e30dca2a10c843219597bc4bc481fdda0 +c0a5fb42c214d585a84967b2e172889d9278d325 refs/tags/v1.1.7 +^f62a0838064baf089ad9fe3c8f6f2ffe0775afb2 +1fe006d50fbca7537984fc080dd32906b9cb5455 refs/tags/v1.1.8 +^cb54ed4ac0994e36b92d21a51313af44ecdfdadd +c7447b49ee18232dab330fadf6c2dfb5fa2bbfb2 refs/tags/v1.1.9 +^c0bf381d10de05c135f913921c58272838d5e1ee
[-] [+]	Added	nginx-rtmp-module-1.1.15.tar.gz/.git/refs ^
+(directory)
[-] [+]	Added	nginx-rtmp-module-1.1.15.tar.gz/.git/refs/heads ^
+(directory)
[-] [+]	Added	nginx-rtmp-module-1.1.15.tar.gz/.git/refs/heads/master ^
@@ -0,0 +1 @@ +5150993accb5edefa61d71e1c81ad8c02f515428
[-] [+]	Added	nginx-rtmp-module-1.1.15.tar.gz/.git/refs/remotes ^
+(directory)
[-] [+]	Added	nginx-rtmp-module-1.1.15.tar.gz/.git/refs/remotes/origin ^
+(directory)
[-] [+]	Added	nginx-rtmp-module-1.1.15.tar.gz/.git/refs/remotes/origin/HEAD ^
@@ -0,0 +1 @@ +ref: refs/remotes/origin/master
[-] [+]	Added	nginx-rtmp-module-1.1.15.tar.gz/.git/refs/tags ^
+(directory)
[-] [+]	Changed	nginx-rtmp-module-1.1.15.tar.gz/dash/ngx_rtmp_dash_module.c ^
@@ -52,7 +52,7 @@ ngx_str_t playlist_bak; ngx_str_t name; ngx_str_t stream; - time_t start_time; + ngx_time_t start_time; ngx_uint_t nfrags; ngx_uint_t frag; @@ -228,8 +228,8 @@ ngx_rtmp_dash_app_conf_t dacf; static u_char buffer[NGX_RTMP_DASH_BUFSIZE]; - static u_char start_time[sizeof("1970-09-28T12:00:00Z")]; - static u_char pub_time[sizeof("1970-09-28T12:00:00Z")]; + static u_char start_time[sizeof("1970-09-28T12:00:00+06:00")]; + static u_char end_time[sizeof("1970-09-28T12:00:00+06:00")]; dacf = ngx_rtmp_get_module_app_conf(s, ngx_rtmp_dash_module); ctx = ngx_rtmp_get_module_ctx(s, ngx_rtmp_dash_module); @@ -252,16 +252,18 @@ return NGX_ERROR; } + #define NGX_RTMP_DASH_MANIFEST_HEADER \ "<?xml version=\"1.0\"?>\n" \ "<MPD\n" \ " type=\"dynamic\"\n" \ " xmlns=\"urn:mpeg:dash:schema:mpd:2011\"\n" \ " availabilityStartTime=\"%s\"\n" \ - " publishTime=\"%s\"\n" \ + " availabilityEndTime=\"%s\"\n" \ " minimumUpdatePeriod=\"PT%uiS\"\n" \ " minBufferTime=\"PT%uiS\"\n" \ - " timeShiftBufferDepth=\"PT%uiS\"\n" \ + " timeShiftBufferDepth=\"PT0H0M0.00S\"\n" \ + " suggestedPresentationDelay=\"PT%uiS\"\n" \ " profiles=\"urn:hbbtv:dash:profile:isoff-live:2012," \ "urn:mpeg:dash:profile:isoff-live:2011\"\n" \ " xmlns:xsi=\"http://www.w3.org/2011/XMLSchema-instance\"\n" \ @@ -283,9 +285,11 @@ " width=\"%ui\"\n" \ " height=\"%ui\"\n" \ " frameRate=\"%ui\"\n" \ + " sar=\"1:1\"\n" \ " startWithSAP=\"1\"\n" \ " bandwidth=\"%ui\">\n" \ " <SegmentTemplate\n" \ + " presentationTimeOffset=\"0\"\n" \ " timescale=\"1000\"\n" \ " media=\"%V%s$Time$.m4v\"\n" \ " initialization=\"%V%sinit.m4v\">\n" \ @@ -319,6 +323,7 @@ " startWithSAP=\"1\"\n" \ " bandwidth=\"%ui\">\n" \ " <SegmentTemplate\n" \ + " presentationTimeOffset=\"0\"\n" \ " timescale=\"1000\"\n" \ " media=\"%V%s$Time$.m4a\"\n" \ " initialization=\"%V%sinit.m4a\">\n" \ @@ -336,33 +341,38 @@ " </Period>\n" \ "</MPD>\n" - ngx_libc_gmtime(ctx->start_time, &tm); + ngx_libc_localtime(ctx->start_time.sec + + ngx_rtmp_dash_get_frag(s, 0)->timestamp / 1000, &tm); - ngx_sprintf(start_time, "%4d-%02d-%02dT%02d:%02d:%02dZ%Z", - tm.tm_year + 1900, tm.tm_mon + 1, - tm.tm_mday, tm.tm_hour, - tm.tm_min, tm.tm_sec); - - ngx_libc_gmtime(ngx_time(), &tm); - - ngx_sprintf(pub_time, "%4d-%02d-%02dT%02d:%02d:%02dZ%Z", - tm.tm_year + 1900, tm.tm_mon + 1, - tm.tm_mday, tm.tm_hour, - tm.tm_min, tm.tm_sec); + ngx_sprintf(start_time, "%4d-%02d-%02dT%02d:%02d:%02d%c%02d:%02d", + tm.tm_year + 1900, tm.tm_mon + 1, + tm.tm_mday, tm.tm_hour, + tm.tm_min, tm.tm_sec, + ctx->start_time.gmtoff < 0 ? '-' : '+', + ngx_abs(ctx->start_time.gmtoff / 60), + ngx_abs(ctx->start_time.gmtoff % 60)) = 0; + + ngx_libc_localtime(ctx->start_time.sec + + (ngx_rtmp_dash_get_frag(s, ctx->nfrags - 1)->timestamp + + ngx_rtmp_dash_get_frag(s, ctx->nfrags - 1)->duration) / + 1000, &tm); + + ngx_sprintf(end_time, "%4d-%02d-%02dT%02d:%02d:%02d%c%02d:%02d", + tm.tm_year + 1900, tm.tm_mon + 1, + tm.tm_mday, tm.tm_hour, + tm.tm_min, tm.tm_sec, + ctx->start_time.gmtoff < 0 ? '-' : '+', + ngx_abs(ctx->start_time.gmtoff / 60), + ngx_abs(ctx->start_time.gmtoff % 60)) = 0; last = buffer + sizeof(buffer); p = ngx_slprintf(buffer, last, NGX_RTMP_DASH_MANIFEST_HEADER, start_time, - pub_time, + end_time, (ngx_uint_t) (dacf->fraglen / 1000), (ngx_uint_t) (dacf->fraglen / 1000), - (ngx_uint_t) (dacf->fraglen / 250 + 1)); - - / - * timeShiftBufferDepth formula: - * 2 * minBufferTime + max_fragment_length + 1 - / + (ngx_uint_t) (dacf->fraglen / 500)); n = ngx_write_fd(fd, buffer, p - buffer); @@ -942,7 +952,7 @@ "dash: playlist='%V' playlist_bak='%V' stream_pattern='%V'", &ctx->playlist, &ctx->playlist_bak, &ctx->stream); - ctx->start_time = ngx_time(); + ctx->start_time = ngx_cached_time; if (ngx_rtmp_dash_ensure_directory(s) != NGX_OK) { return NGX_ERROR; @@ -998,11 +1008,6 @@ f->duration = timestamp - f->timestamp; hit = (f->duration >= dacf->fraglen); - /* keep fragment lengths within 2x factor for dash.js / - if (f->duration >= dacf->fraglen 2) { - boundary = 1; - } - } else { /* sometimes clients generate slightly unordered frames */
[-] [+]	Changed	nginx-rtmp-module-1.1.15.tar.gz/hls/ngx_rtmp_hls_module.c ^
@@ -1951,7 +1951,6 @@ ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, "hls: error appending AUD NAL"); } - /* fall through */ case 9: aud_sent = 1; break;
[-] [+]	Changed	nginx-rtmp-module-1.1.15.tar.gz/ngx_rtmp.h ^
@@ -135,8 +135,6 @@ #define NGX_RTMP_MSG_AGGREGATE 22 #define NGX_RTMP_MSG_MAX 22 -#define NGX_RTMP_MAX_CHUNK_SIZE 10485760 - #define NGX_RTMP_CONNECT NGX_RTMP_MSG_MAX + 1 #define NGX_RTMP_DISCONNECT NGX_RTMP_MSG_MAX + 2 #define NGX_RTMP_HANDSHAKE_DONE NGX_RTMP_MSG_MAX + 3
[-] [+]	Changed	nginx-rtmp-module-1.1.15.tar.gz/ngx_rtmp_access_module.c ^
@@ -410,8 +410,8 @@ break; } + /* "all" passes through / #endif - / fall through / default: / AF_INET */
[-] [+]	Changed	nginx-rtmp-module-1.1.15.tar.gz/ngx_rtmp_amf.c ^
@@ -331,7 +331,6 @@ if (elts->type & NGX_RTMP_AMF_OPTIONAL) { return NGX_OK; } - /* fall through / case NGX_ERROR: return NGX_ERROR; } @@ -399,7 +398,6 @@ if (ngx_rtmp_amf_get(ctx, &max_index, 4) != NGX_OK) { return NGX_ERROR; } - / fall through / case NGX_RTMP_AMF_OBJECT: if (ngx_rtmp_amf_read_object(ctx, data, @@ -594,7 +592,6 @@ if (ngx_rtmp_amf_put(ctx, &max_index, 4) != NGX_OK) { return NGX_ERROR; } - / fall through */ case NGX_RTMP_AMF_OBJECT: type8 = NGX_RTMP_AMF_END;
[-] [+]	Changed	nginx-rtmp-module-1.1.15.tar.gz/ngx_rtmp_eval.c ^
@@ -154,7 +154,6 @@ name.len = p - name.data; ngx_rtmp_eval_append_var(ctx, &b, e, &name, log); - /* fall through */ case NORMAL: switch (c) {
[-] [+]	Changed	nginx-rtmp-module-1.1.15.tar.gz/ngx_rtmp_handler.c ^
@@ -821,12 +821,6 @@ ngx_log_debug1(NGX_LOG_DEBUG_RTMP, s->connection->log, 0, "setting chunk_size=%ui", size); - if (size > NGX_RTMP_MAX_CHUNK_SIZE) { - ngx_log_error(NGX_LOG_ALERT, s->connection->log, 0, - "too big RTMP chunk size:%ui", size); - return NGX_ERROR; - } - cscf = ngx_rtmp_get_module_srv_conf(s, ngx_rtmp_core_module); s->in_old_pool = s->in_pool;
[-] [+]	Changed	nginx-rtmp-module-1.1.15.tar.gz/ngx_rtmp_handshake.c ^
@@ -104,37 +104,30 @@ ngx_rtmp_make_digest(ngx_str_t key, ngx_buf_t src, u_char skip, u_char dst, ngx_log_t log) { - static HMAC_CTX hmac; + static HMAC_CTX hmac; + static unsigned hmac_initialized; unsigned int len; - if (hmac == NULL) { -#if OPENSSL_VERSION_NUMBER < 0x10100000L - static HMAC_CTX shmac; - hmac = &shmac; - HMAC_CTX_init(hmac); -#else - hmac = HMAC_CTX_new(); - if (hmac == NULL) { - return NGX_ERROR; - } -#endif + if (!hmac_initialized) { + HMAC_CTX_init(&hmac); + hmac_initialized = 1; } - HMAC_Init_ex(hmac, key->data, key->len, EVP_sha256(), NULL); + HMAC_Init_ex(&hmac, key->data, key->len, EVP_sha256(), NULL); if (skip && src->pos <= skip && skip <= src->last) { if (skip != src->pos) { - HMAC_Update(hmac, src->pos, skip - src->pos); + HMAC_Update(&hmac, src->pos, skip - src->pos); } if (src->last != skip + NGX_RTMP_HANDSHAKE_KEYLEN) { - HMAC_Update(hmac, skip + NGX_RTMP_HANDSHAKE_KEYLEN, + HMAC_Update(&hmac, skip + NGX_RTMP_HANDSHAKE_KEYLEN, src->last - skip - NGX_RTMP_HANDSHAKE_KEYLEN); } } else { - HMAC_Update(hmac, src->pos, src->last - src->pos); + HMAC_Update(&hmac, src->pos, src->last - src->pos); } - HMAC_Final(hmac, dst, &len); + HMAC_Final(&hmac, dst, &len); return NGX_OK; }
[-] [+]	Changed	nginx-rtmp-module-1.1.15.tar.gz/ngx_rtmp_init.c ^
@@ -79,7 +79,6 @@ case AF_UNIX: unix_socket = 1; - /* fall through / default: / AF_INET / sin = (struct sockaddr_in ) sa; @@ -111,7 +110,6 @@ case AF_UNIX: unix_socket = 1; - /* fall through / default: / AF_INET */ addr = port->addrs;
[-] [+]	Changed	nginx-rtmp-module-1.1.15.tar.gz/ngx_rtmp_notify_module.c ^
@@ -892,7 +892,6 @@ n = 0; state = parse_name; - /* fall through / case parse_name: switch (c) { @@ -920,7 +919,6 @@ break; } state = parse_value; - / fall through */ case parse_value: if (c == '\n') {
	Deleted	nginx-rtmp-module-1.2.2.tar.gz ^
	Added	nginx_upstream_check_module-master.tar.gz ^
	Deleted	ngx_http_substitutions_filter_module-master.zip ^
	Added	ngx_pagespeed-1.12.34.3-stable.zip ^
	Added	ngx_pagespeed-1.13.35.1-beta.zip ^
	Deleted	ngx_pagespeed-1.13.35.2-stable.zip ^
	Added	ngx_pagespeed-latest-testing.zip ^
	Added	openssl-1.1.0f.tar.gz ^
	Added	openssl-1.1.0g.tar.gz ^
[-] [+]	Added	removed_link ^
@@ -0,0 +1,5 @@ +<link project="internetx:projects:http" baserev="237c0be32f188ec780a60222265cfcb9"> + <patches> + <branch/> + </patches> +</link>
[-] [+]	Changed	ssl-ciphersample ^
@@ -1,15 +1,3 @@ -## IX Examples from https://ssl-config.mozilla.org - -## intermediate configuration -#ssl_protocols TLSv1.2 TLSv1.3; -#ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; -#ssl_prefer_server_ciphers off; - -## modern configuration -#ssl_protocols TLSv1.3; -#ssl_prefer_server_ciphers off; - -## old configuration -#ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; -#ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA; -#ssl_prefer_server_ciphers on; +ssl_protocols TLSv1 TLSv1.1 TLSv1.2; +ssl_ciphers EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:EECDH+RC4:RSA+RC4:!MD5; +ssl_prefer_server_ciphers on;