Changes - j0ke.net Open Build Service

Changes of Revision 18

[-] [+]	Changed	nginx.spec
@@ -13,7 +13,7 @@ %define with_rtmp_ext 1 Name: nginx -Version: 1.7.3 +Version: 1.7.4 Release: 1 Summary: Robust, small and high performance http and reverse proxy server Group: System Environment/Daemons 1 @@ -13,7 +13,7 @@ 2 %define with_rtmp_ext 1 3 4 Name: nginx 5 -Version: 1.7.3 6 +Version: 1.7.4 7 Release: 1 8 Summary: Robust, small and high performance http and reverse proxy server 9 Group: System Environment/Daemons 10
[-] [+]	Deleted	nginx-1.7.3.tar.gz/auto/lib/zlib/patch.zlib.h ^
@@ -1,10 +0,0 @@ ---- zlib.h Thu Jul 9 20:06:56 1998 -+++ zlib-1.1.3/zlib.h Tue Mar 22 13:41:04 2005 -@@ -709,7 +709,6 @@ - (0 in case of error). - / - --ZEXTERN int ZEXPORTVA gzprintf OF((gzFile file, const char format, ...)); - /* - Converts, formats, and writes the args to the compressed file under - control of the format string, as in fprintf. gzprintf returns the number of
[-] [+]	Changed	nginx-1.7.4.tar.gz/CHANGES ^
@@ -1,4 +1,41 @@ +Changes with nginx 1.7.4 05 Aug 2014 + + ) Security: pipelined commands were not discarded after STARTTLS + command in SMTP proxy (CVE-2014-3556); the bug had appeared in 1.5.6. + Thanks to Chris Boulton. + + ) Change: URI escaping now uses uppercase hexadecimal digits. + Thanks to Piotr Sikora. + + ) Feature: now nginx can be build with BoringSSL and LibreSSL. + Thanks to Piotr Sikora. + + ) Bugfix: requests might hang if resolver was used and a DNS server + returned a malformed response; the bug had appeared in 1.5.8. + + ) Bugfix: in the ngx_http_spdy_module. + Thanks to Piotr Sikora. + + ) Bugfix: the $uri variable might contain garbage when returning errors + with code 400. + Thanks to Sergey Bobrov. + + ) Bugfix: in error handling in the "proxy_store" directive and the + ngx_http_dav_module. + Thanks to Feng Gu. + + ) Bugfix: a segmentation fault might occur if logging of errors to + syslog was used; the bug had appeared in 1.7.1. + + ) Bugfix: the $geoip_latitude, $geoip_longitude, $geoip_dma_code, and + $geoip_area_code variables might not work. + Thanks to Yichun Zhang. + + ) Bugfix: in memory allocation error handling. + Thanks to Tatsuhiko Kubo and Piotr Sikora. + + Changes with nginx 1.7.3 08 Jul 2014 *) Feature: weak entity tags are now preserved on response
[-] [+]	Changed	nginx-1.7.4.tar.gz/CHANGES.ru ^
@@ -1,4 +1,43 @@ +Изменения в nginx 1.7.4 05.08.2014 + + ) Безопасность: pipelined-команды не отбрасывались после команды + STARTTLS в SMTP прокси-сервере (CVE-2014-3556); ошибка появилась в + 1.5.6. + Спасибо Chris Boulton. + + ) Изменение: экранирование символов в URI теперь использует + шестнадцатеричные цифры в верхнем регистре. + Спасибо Piotr Sikora. + + ) Добавление: теперь nginx можно собрать с BoringSSL и LibreSSL. + Спасибо Piotr Sikora. + + ) Исправление: запросы могли зависать, если использовался resolver и + DNS-сервер возвращал некорректный ответ; ошибка появилась в 1.5.8. + + ) Исправление: в модуле ngx_http_spdy_module. + Спасибо Piotr Sikora. + + ) Исправление: переменная $uri могла содержать мусор при возврате + ошибок с кодом 400. + Спасибо Сергею Боброву. + + ) Исправление: в обработке ошибок в директиве proxy_store и в модуле + ngx_http_dav_module. + Спасибо Feng Gu. + + ) Исправление: при логгировании ошибок в syslog мог происходить + segmentation fault; ошибка появилась в 1.7.1. + + ) Исправление: переменные $geoip_latitude, $geoip_longitude, + $geoip_dma_code и $geoip_area_code могли не работать. + Спасибо Yichun Zhang. + + ) Исправление: в обработке ошибок выделения памяти. + Спасибо Tatsuhiko Kubo и Piotr Sikora. + + Изменения в nginx 1.7.3 08.07.2014 ) Добавление: weak entity tags теперь не удаляются при изменениях @@ -1614,7 +1653,7 @@ Изменения в nginx 0.9.2 06.12.2010 ) Добавление: поддержка строки "If-Unmodified-Since" в заголовке - запросе клиента. + запроса клиента. ) Изменение: использование accept(), если accept4() не реализован; ошибка появилась в 0.9.0. @@ -3562,7 +3601,7 @@ Изменения в nginx 0.6.31 12.05.2008 ) Исправление: nginx не обрабатывал ответ FastCGI-сервера, если строка - заголовка ответ была в конце записи FastCGI; ошибка появилась в + заголовка ответа была в конце записи FastCGI; ошибка появилась в 0.6.2. Спасибо Сергею Серову. @@ -4638,7 +4677,7 @@ ) Добавление: директива ip_hash в блоке upstream. - ) Добавление: статус WAIT в строке "Auth-Status" в заголовка ответа + ) Добавление: статус WAIT в строке "Auth-Status" в заголовке ответа сервера аутентификации IMAP/POP3 прокси. ) Исправление: nginx не собирался на 64-битных платформах; ошибка @@ -6123,7 +6162,7 @@ Изменения в nginx 0.1.36 15.06.2005 - ) Изменение: если в заголовке запросе есть дублирующиеся строки "Host", + ) Изменение: если в заголовке запроса есть дублирующиеся строки "Host", "Connection", "Content-Length" и "Authorization", то nginx теперь выдаёт ошибку 400.
[-] [+]	Changed	nginx-1.7.4.tar.gz/src/core/nginx.h ^
@@ -9,8 +9,8 @@ #define _NGINX_H_INCLUDED_ -#define nginx_version 1007003 -#define NGINX_VERSION "1.7.3" +#define nginx_version 1007004 +#define NGINX_VERSION "1.7.4" #define NGINX_VER "nginx/" NGINX_VERSION #ifdef NGX_BUILD
[-] [+]	Changed	nginx-1.7.4.tar.gz/src/core/ngx_conf_file.c ^
@@ -781,6 +781,9 @@ file.len = name.len++; file.data = ngx_pstrdup(cf->pool, &name); + if (file.data == NULL) { + return NGX_CONF_ERROR; + } ngx_log_debug1(NGX_LOG_DEBUG_CORE, cf->log, 0, "include %s", file.data);
[-] [+]	Changed	nginx-1.7.4.tar.gz/src/core/ngx_log.c ^
@@ -387,20 +387,22 @@ return NGX_ERROR; } - log->log_level = NGX_LOG_ERR; - ngx_log_insert(&cycle->new_log, log); - } else { /* no error logs at all */ log = &cycle->new_log; - log->log_level = NGX_LOG_ERR; } + log->log_level = NGX_LOG_ERR; + log->file = ngx_conf_open_file(cycle, &error_log); if (log->file == NULL) { return NGX_ERROR; } + if (log != &cycle->new_log) { + ngx_log_insert(&cycle->new_log, log); + } + return NGX_OK; }
[-] [+]	Changed	nginx-1.7.4.tar.gz/src/core/ngx_log.h ^
@@ -248,7 +248,7 @@ static ngx_inline void ngx_write_stderr(char *text) { - (void) ngx_write_fd(ngx_stderr, text, strlen(text)); + (void) ngx_write_fd(ngx_stderr, text, ngx_strlen(text)); }
[-] [+]	Changed	nginx-1.7.4.tar.gz/src/core/ngx_resolver.c ^
@@ -1467,7 +1467,6 @@ goto failed; } - rn->naddrs6 = 0; qident = (rn->query6[0] << 8) + rn->query6[1]; break; @@ -1482,7 +1481,6 @@ goto failed; } - rn->naddrs = 0; qident = (rn->query[0] << 8) + rn->query[1]; } @@ -1507,6 +1505,8 @@ case NGX_RESOLVE_AAAA: + rn->naddrs6 = 0; + if (rn->naddrs == (u_short) -1) { goto next; } @@ -1519,6 +1519,8 @@ default: /* NGX_RESOLVE_A / + rn->naddrs = 0; + if (rn->naddrs6 == (u_short) -1) { goto next; } @@ -1539,6 +1541,8 @@ case NGX_RESOLVE_AAAA: + rn->naddrs6 = 0; + if (rn->naddrs == (u_short) -1) { rn->code = (u_char) code; goto next; @@ -1548,6 +1552,8 @@ default: / NGX_RESOLVE_A / + rn->naddrs = 0; + if (rn->naddrs6 == (u_short) -1) { rn->code = (u_char) code; goto next; @@ -1817,6 +1823,25 @@ } } + switch (qtype) { + +#if (NGX_HAVE_INET6) + case NGX_RESOLVE_AAAA: + + if (rn->naddrs6 == (u_short) -1) { + rn->naddrs6 = 0; + } + + break; +#endif + + default: / NGX_RESOLVE_A */ + + if (rn->naddrs == (u_short) -1) { + rn->naddrs = 0; + } + } + if (rn->naddrs != (u_short) -1 #if (NGX_HAVE_INET6) && rn->naddrs6 != (u_short) -1 @@ -2722,8 +2747,7 @@ } if (len == -1) { - name->len = 0; - name->data = NULL; + ngx_str_null(name); return NGX_OK; }
[-] [+]	Changed	nginx-1.7.4.tar.gz/src/core/ngx_slab.c ^
@@ -160,7 +160,7 @@ ngx_uint_t i, slot, shift, map; ngx_slab_page_t page, prev, *slots; - if (size >= ngx_slab_max_size) { + if (size > ngx_slab_max_size) { ngx_log_debug1(NGX_LOG_DEBUG_ALLOC, ngx_cycle->log, 0, "slab alloc: %uz", size);
[-] [+]	Changed	nginx-1.7.4.tar.gz/src/core/ngx_string.c ^
@@ -1407,7 +1407,7 @@ { ngx_uint_t n; uint32_t escape; - static u_char hex[] = "0123456789abcdef"; + static u_char hex[] = "0123456789ABCDEF"; / " ", "#", "%", "?", %00-%1F, %7F-%FF */
[-] [+]	Changed	nginx-1.7.4.tar.gz/src/event/ngx_event_openssl.c ^
@@ -50,7 +50,7 @@ HMAC_CTX hctx, int enc); #endif -#if OPENSSL_VERSION_NUMBER < 0x10002001L +#if (OPENSSL_VERSION_NUMBER < 0x10002002L \|\| defined LIBRESSL_VERSION_NUMBER) static ngx_int_t ngx_ssl_check_name(ngx_str_t name, ASN1_STRING str); #endif @@ -106,7 +106,9 @@ ngx_int_t ngx_ssl_init(ngx_log_t log) { +#ifndef OPENSSL_IS_BORINGSSL OPENSSL_config(NULL); +#endif SSL_library_init(); SSL_load_error_strings(); @@ -217,7 +219,10 @@ SSL_CTX_set_options(ssl->ctx, SSL_OP_MSIE_SSLV2_RSA_PADDING); #endif +#ifdef SSL_OP_SSLEAY_080_CLIENT_DH_BUG SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLEAY_080_CLIENT_DH_BUG); +#endif + SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_D5_BUG); SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_BLOCK_PADDING_BUG); @@ -382,8 +387,13 @@ if (--tries) { n = ERR_peek_error(); +#ifdef OPENSSL_IS_BORINGSSL + if (ERR_GET_LIB(n) == ERR_LIB_CIPHER + && ERR_GET_REASON(n) == CIPHER_R_BAD_DECRYPT) +#else if (ERR_GET_LIB(n) == ERR_LIB_EVP && ERR_GET_REASON(n) == EVP_R_BAD_DECRYPT) +#endif { ERR_clear_error(); SSL_CTX_set_default_passwd_cb_userdata(ssl->ctx, ++pwd); @@ -588,7 +598,7 @@ ngx_log_debug5(NGX_LOG_DEBUG_EVENT, c->log, 0, "verify:%d, error:%d, depth:%d, " - "subject:\"%s\",issuer: \"%s\"", + "subject:\"%s\", issuer:\"%s\"", ok, err, depth, subject, issuer); if (sname) { @@ -652,12 +662,18 @@ { static RSA key; - if (key_length == 512) { - if (key == NULL) { - key = RSA_generate_key(512, RSA_F4, NULL, NULL); - } + if (key_length != 512) { + return NULL; + } + +#ifndef OPENSSL_NO_DEPRECATED + + if (key == NULL) { + key = RSA_generate_key(512, RSA_F4, NULL, NULL); } +#endif + return key; } @@ -2072,9 +2088,10 @@ ngx_ssl_new_session(ngx_ssl_conn_t ssl_conn, ngx_ssl_session_t sess) { int len; - u_char p, id, cached_sess; + u_char p, id, cached_sess, session_id; uint32_t hash; SSL_CTX ssl_ctx; + unsigned int session_id_length; ngx_shm_zone_t shm_zone; ngx_connection_t c; ngx_slab_pool_t shpool; @@ -2137,13 +2154,24 @@ } } +#if OPENSSL_VERSION_NUMBER >= 0x0090800fL + + session_id = (u_char ) SSL_SESSION_get_id(sess, &session_id_length); + +#else + + session_id = sess->session_id; + session_id_length = sess->session_id_length; + +#endif + #if (NGX_PTR_SIZE == 8) id = sess_id->sess_id; #else - id = ngx_slab_alloc_locked(shpool, sess->session_id_length); + id = ngx_slab_alloc_locked(shpool, session_id_length); if (id == NULL) { @@ -2151,7 +2179,7 @@ ngx_ssl_expire_sessions(cache, shpool, 0); - id = ngx_slab_alloc_locked(shpool, sess->session_id_length); + id = ngx_slab_alloc_locked(shpool, session_id_length); if (id == NULL) { goto failed; @@ -2162,16 +2190,16 @@ ngx_memcpy(cached_sess, buf, len); - ngx_memcpy(id, sess->session_id, sess->session_id_length); + ngx_memcpy(id, session_id, session_id_length); - hash = ngx_crc32_short(sess->session_id, sess->session_id_length); + hash = ngx_crc32_short(session_id, session_id_length); ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, - "ssl new session: %08XD:%d:%d", - hash, sess->session_id_length, len); + "ssl new session: %08XD:%ud:%d", + hash, session_id_length, len); sess_id->node.key = hash; - sess_id->node.data = (u_char) sess->session_id_length; + sess_id->node.data = (u_char) session_id_length; sess_id->id = id; sess_id->len = len; sess_id->session = cached_sess; @@ -2319,10 +2347,10 @@ static void ngx_ssl_remove_session(SSL_CTX ssl, ngx_ssl_session_t sess) { - size_t len; u_char id; uint32_t hash; ngx_int_t rc; + unsigned int len; ngx_shm_zone_t shm_zone; ngx_slab_pool_t shpool; ngx_rbtree_node_t node, sentinel; @@ -2337,13 +2365,21 @@ cache = shm_zone->data; +#if OPENSSL_VERSION_NUMBER >= 0x0090800fL + + id = (u_char ) SSL_SESSION_get_id(sess, &len); + +#else + id = sess->session_id; - len = (size_t) sess->session_id_length; + len = sess->session_id_length; + +#endif hash = ngx_crc32_short(id, len); ngx_log_debug2(NGX_LOG_DEBUG_EVENT, ngx_cycle->log, 0, - "ssl remove session: %08XD:%uz", hash, len); + "ssl remove session: %08XD:%ud", hash, len); shpool = (ngx_slab_pool_t ) shm_zone->shm.addr; @@ -2638,7 +2674,7 @@ EVP_EncryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, key[0].aes_key, iv); HMAC_Init_ex(hctx, key[0].hmac_key, 16, ngx_ssl_session_ticket_md(), NULL); - memcpy(name, key[0].name, 16); + ngx_memcpy(name, key[0].name, 16); return 0; @@ -2707,7 +2743,7 @@ return NGX_ERROR; } -#if OPENSSL_VERSION_NUMBER >= 0x10002001L +#if (OPENSSL_VERSION_NUMBER >= 0x10002002L && !defined LIBRESSL_VERSION_NUMBER) /* X509_check_host() is only available in OpenSSL 1.0.2+ / @@ -2715,7 +2751,7 @@ goto failed; } - if (X509_check_host(cert, name->data, name->len, 0) != 1) { + if (X509_check_host(cert, (char ) name->data, name->len, 0, NULL) != 1) { ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "X509_check_host(): no match"); goto failed; @@ -2824,7 +2860,7 @@ } -#if OPENSSL_VERSION_NUMBER < 0x10002001L +#if (OPENSSL_VERSION_NUMBER < 0x10002002L \|\| defined LIBRESSL_VERSION_NUMBER) static ngx_int_t ngx_ssl_check_name(ngx_str_t name, ASN1_STRING pattern) @@ -2885,9 +2921,9 @@ ngx_int_t ngx_ssl_get_session_id(ngx_connection_t c, ngx_pool_t pool, ngx_str_t s) { - int len; - u_char buf; - SSL_SESSION sess; + u_char buf; + SSL_SESSION sess; + unsigned int len; sess = SSL_get0_session(c->ssl->connection); if (sess == NULL) { @@ -2895,9 +2931,17 @@ return NGX_OK; } +#if OPENSSL_VERSION_NUMBER >= 0x0090800fL + + buf = (u_char ) SSL_SESSION_get_id(sess, &len); + +#else + buf = sess->session_id; len = sess->session_id_length; +#endif + s->len = 2 * len; s->data = ngx_pnalloc(pool, 2 * len); if (s->data == NULL) { @@ -3245,6 +3289,8 @@ static char * ngx_openssl_engine(ngx_conf_t cf, ngx_command_t cmd, void conf) { +#ifndef OPENSSL_NO_ENGINE + ngx_openssl_conf_t oscf = conf; ENGINE engine; @@ -3279,6 +3325,12 @@ ENGINE_free(engine); return NGX_CONF_OK; + +#else + + return "is not supported"; + +#endif } @@ -3286,5 +3338,7 @@ ngx_openssl_exit(ngx_cycle_t cycle) { EVP_cleanup(); +#ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); +#endif }
[-] [+]	Changed	nginx-1.7.4.tar.gz/src/event/ngx_event_openssl.h ^
@@ -14,10 +14,21 @@ #include <openssl/ssl.h> #include <openssl/err.h> +#include <openssl/bn.h> #include <openssl/conf.h> +#include <openssl/crypto.h> +#include <openssl/dh.h> +#ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> +#endif #include <openssl/evp.h> +#ifndef OPENSSL_NO_OCSP #include <openssl/ocsp.h> +#endif +#include <openssl/rand.h> +#include <openssl/rsa.h> +#include <openssl/x509.h> +#include <openssl/x509v3.h> #define NGX_SSL_NAME "OpenSSL"
[-] [+]	Changed	nginx-1.7.4.tar.gz/src/event/ngx_event_openssl_stapling.c ^
@@ -11,7 +11,7 @@ #include <ngx_event_connect.h> -#ifdef SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB +#if (!defined OPENSSL_NO_OCSP && defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB) typedef struct {
[-] [+]	Changed	nginx-1.7.4.tar.gz/src/http/modules/ngx_http_dav_module.c ^
@@ -212,7 +212,10 @@ return; } - ngx_http_map_uri_to_path(r, &path, &root, 0); + if (ngx_http_map_uri_to_path(r, &path, &root, 0) == NULL) { + ngx_http_finalize_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR); + return; + } path.len--; @@ -320,7 +323,9 @@ ok: - ngx_http_map_uri_to_path(r, &path, &root, 0); + if (ngx_http_map_uri_to_path(r, &path, &root, 0) == NULL) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http delete filename: \"%s\"", path.data); @@ -488,6 +493,9 @@ } p = ngx_http_map_uri_to_path(r, &path, &root, 0); + if (p == NULL) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } *(p - 1) = '\0'; r->uri.len--; @@ -666,7 +674,9 @@ overwrite_done: - ngx_http_map_uri_to_path(r, &path, &root, 0); + if (ngx_http_map_uri_to_path(r, &path, &root, 0) == NULL) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http copy from: \"%s\"", path.data); @@ -674,7 +684,9 @@ uri = r->uri; r->uri = duri; - ngx_http_map_uri_to_path(r, &copy.path, &root, 0); + if (ngx_http_map_uri_to_path(r, &copy.path, &root, 0) == NULL) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } r->uri = uri;
[-] [+]	Changed	nginx-1.7.4.tar.gz/src/http/modules/ngx_http_geo_module.c ^
@@ -1470,7 +1470,7 @@ vv = (ngx_http_variable_value_t ) (base + sizeof(ngx_http_geo_header_t)); - while(vv->data) { + while (vv->data) { len = ngx_align(sizeof(ngx_http_variable_value_t) + vv->len, sizeof(void )); ngx_crc32_update(&crc32, (u_char *) vv, len);
[-] [+]	Changed	nginx-1.7.4.tar.gz/src/http/modules/ngx_http_geoip_module.c ^
@@ -553,6 +553,9 @@ val = (float ) ((char ) gr + data); v->len = ngx_sprintf(v->data, "%.4f", val) - v->data; + v->valid = 1; + v->no_cacheable = 0; + v->not_found = 0; GeoIPRecord_delete(gr); @@ -582,6 +585,9 @@ val = (int ) ((char ) gr + data); v->len = ngx_sprintf(v->data, "%d", val) - v->data; + v->valid = 1; + v->no_cacheable = 0; + v->not_found = 0; GeoIPRecord_delete(gr); @@ -691,7 +697,7 @@ if (cf->args->nelts == 3) { if (ngx_strcmp(value[2].data, "utf8") == 0) { - GeoIP_set_charset (gcf->country, GEOIP_CHARSET_UTF8); + GeoIP_set_charset(gcf->country, GEOIP_CHARSET_UTF8); } else { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, @@ -746,7 +752,7 @@ if (cf->args->nelts == 3) { if (ngx_strcmp(value[2].data, "utf8") == 0) { - GeoIP_set_charset (gcf->org, GEOIP_CHARSET_UTF8); + GeoIP_set_charset(gcf->org, GEOIP_CHARSET_UTF8); } else { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, @@ -807,7 +813,7 @@ if (cf->args->nelts == 3) { if (ngx_strcmp(value[2].data, "utf8") == 0) { - GeoIP_set_charset (gcf->city, GEOIP_CHARSET_UTF8); + GeoIP_set_charset(gcf->city, GEOIP_CHARSET_UTF8); } else { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
[-] [+]	Changed	nginx-1.7.4.tar.gz/src/http/modules/ngx_http_memcached_module.c ^
@@ -380,11 +380,8 @@ } h->hash = 1; - h->key.len = sizeof("Content-Encoding") - 1; - h->key.data = (u_char ) "Content-Encoding"; - h->value.len = sizeof("gzip") - 1; - h->value.data = (u_char ) "gzip"; - + ngx_str_set(&h->key, "Content-Encoding"); + ngx_str_set(&h->value, "gzip"); r->headers_out.content_encoding = h; }
[-] [+]	Changed	nginx-1.7.4.tar.gz/src/http/modules/ngx_http_scgi_module.c ^
@@ -1645,7 +1645,7 @@ return "is duplicate"; } - clcf = ngx_http_conf_get_module_loc_conf (cf, ngx_http_core_module); + clcf = ngx_http_conf_get_module_loc_conf(cf, ngx_http_core_module); clcf->handler = ngx_http_scgi_handler; value = cf->args->elts;
[-] [+]	Changed	nginx-1.7.4.tar.gz/src/http/modules/ngx_http_stub_status_module.c ^
@@ -10,18 +10,19 @@ #include <ngx_http.h> +static ngx_int_t ngx_http_stub_status_handler(ngx_http_request_t r); static ngx_int_t ngx_http_stub_status_variable(ngx_http_request_t r, ngx_http_variable_value_t v, uintptr_t data); static ngx_int_t ngx_http_stub_status_add_variables(ngx_conf_t cf); +static char ngx_http_set_stub_status(ngx_conf_t cf, ngx_command_t cmd, + void conf); -static char ngx_http_set_status(ngx_conf_t cf, ngx_command_t cmd, - void conf); static ngx_command_t ngx_http_status_commands[] = { { ngx_string("stub_status"), NGX_HTTP_SRV_CONF\|NGX_HTTP_LOC_CONF\|NGX_CONF_FLAG, - ngx_http_set_status, + ngx_http_set_stub_status, 0, 0, NULL }, @@ -30,7 +31,6 @@ }; - static ngx_http_module_t ngx_http_stub_status_module_ctx = { ngx_http_stub_status_add_variables, /* preconfiguration / NULL, / postconfiguration / @@ -80,7 +80,8 @@ }; -static ngx_int_t ngx_http_status_handler(ngx_http_request_t r) +static ngx_int_t +ngx_http_stub_status_handler(ngx_http_request_t r) { size_t size; ngx_int_t rc; @@ -223,12 +224,13 @@ } -static char ngx_http_set_status(ngx_conf_t cf, ngx_command_t cmd, void conf) +static char +ngx_http_set_stub_status(ngx_conf_t cf, ngx_command_t cmd, void conf) { ngx_http_core_loc_conf_t clcf; clcf = ngx_http_conf_get_module_loc_conf(cf, ngx_http_core_module); - clcf->handler = ngx_http_status_handler; + clcf->handler = ngx_http_stub_status_handler; return NGX_CONF_OK; }
[-] [+]	Changed	nginx-1.7.4.tar.gz/src/http/modules/ngx_http_uwsgi_module.c ^
@@ -1868,7 +1868,7 @@ return "is duplicate"; } - clcf = ngx_http_conf_get_module_loc_conf (cf, ngx_http_core_module); + clcf = ngx_http_conf_get_module_loc_conf(cf, ngx_http_core_module); clcf->handler = ngx_http_uwsgi_handler; value = cf->args->elts;
[-] [+]	Changed	nginx-1.7.4.tar.gz/src/http/ngx_http_core_module.c ^
@@ -2355,7 +2355,7 @@ p += 4; while (p < last) { - switch(p++) { + switch (p++) { case ',': return NGX_OK; case ';': @@ -2372,7 +2372,7 @@ quantity: while (p < last) { - switch(p++) { + switch (p++) { case 'q': case 'Q': goto equal;
[-] [+]	Changed	nginx-1.7.4.tar.gz/src/http/ngx_http_parse.c ^
@@ -1287,7 +1287,7 @@ break; } - switch(ch) { + switch (ch) { #if (NGX_WIN32) case '\\': if (u - 2 >= r->uri.data @@ -1357,7 +1357,7 @@ break; } - switch(ch) { + switch (ch) { #if (NGX_WIN32) case '\\': break; @@ -1400,7 +1400,7 @@ break; } - switch(ch) { + switch (ch) { #if (NGX_WIN32) case '\\': #endif @@ -1441,7 +1441,7 @@ break; } - switch(ch) { + switch (ch) { #if (NGX_WIN32) case '\\': #endif
[-] [+]	Changed	nginx-1.7.4.tar.gz/src/http/ngx_http_request.c ^
@@ -1071,6 +1071,8 @@ cscf = ngx_http_get_module_srv_conf(r, ngx_http_core_module); if (ngx_http_parse_complex_uri(r, cscf->merge_slashes) != NGX_OK) { + r->uri.len = 0; + ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, "client sent invalid request"); ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST);
[-] [+]	Changed	nginx-1.7.4.tar.gz/src/http/ngx_http_spdy.c ^
@@ -2584,6 +2584,8 @@ r->header_end = p; r->header_in->pos = p + 1; + r->state = sw_value; + return NGX_OK; }
[-] [+]	Changed	nginx-1.7.4.tar.gz/src/http/ngx_http_upstream.c ^
@@ -1393,6 +1393,11 @@ rc = ngx_ssl_handshake(c); if (rc == NGX_AGAIN) { + + if (!c->write->timer_set) { + ngx_add_timer(c->write, u->conf->connect_timeout); + } + c->ssl->handler = ngx_http_upstream_ssl_handshake; return; } @@ -3253,7 +3258,6 @@ \|\| u->headers_in.content_length_n == tf->offset)) { ngx_http_upstream_store(r, u); - u->store = 0; } } } @@ -3375,7 +3379,9 @@ if (u->conf->store_lengths == NULL) { - ngx_http_map_uri_to_path(r, &path, &root, 0); + if (ngx_http_map_uri_to_path(r, &path, &root, 0) == NULL) { + return; + } } else { if (ngx_http_script_run(r, &path, u->conf->store_lengths->elts, 0, @@ -3393,6 +3399,8 @@ tf->file.name.data, path.data); (void) ngx_ext_rename_file(&tf->file.name, &path, &ext); + + u->store = 0; } @@ -3441,7 +3449,7 @@ u->peer.tries++; } else { - switch(ft_type) { + switch (ft_type) { case NGX_HTTP_UPSTREAM_FT_TIMEOUT: status = NGX_HTTP_GATEWAY_TIME_OUT;
[-] [+]	Changed	nginx-1.7.4.tar.gz/src/http/ngx_http_upstream_round_robin.c ^
@@ -632,9 +632,8 @@ rc = ngx_ssl_set_session(pc->connection, ssl_session); - ngx_log_debug2(NGX_LOG_DEBUG_HTTP, pc->log, 0, - "set session: %p:%d", - ssl_session, ssl_session ? ssl_session->references : 0); + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0, + "set session: %p", ssl_session); /* ngx_unlock_mutex(rrp->peers->mutex); / @@ -657,8 +656,8 @@ return; } - ngx_log_debug2(NGX_LOG_DEBUG_HTTP, pc->log, 0, - "save session: %p:%d", ssl_session, ssl_session->references); + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0, + "save session: %p", ssl_session); peer = &rrp->peers->peer[rrp->current]; @@ -672,9 +671,8 @@ if (old_ssl_session) { - ngx_log_debug2(NGX_LOG_DEBUG_HTTP, pc->log, 0, - "old session: %p:%d", - old_ssl_session, old_ssl_session->references); + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0, + "old session: %p", old_ssl_session); / TODO: may block */
[-] [+]	Changed	nginx-1.7.4.tar.gz/src/mail/ngx_mail_smtp_handler.c ^
@@ -777,6 +777,9 @@ ngx_str_null(&s->smtp_from); ngx_str_null(&s->smtp_to); + s->buffer->pos = s->buffer->start; + s->buffer->last = s->buffer->start; + c->read->handler = ngx_mail_starttls_handler; return NGX_OK; }
[-] [+]	Changed	nginx-1.7.4.tar.gz/src/misc/ngx_cpp_test_module.cpp ^
@@ -1,5 +1,5 @@ -// stub module to test header files' C++ compatibilty +// stub module to test header files' C++ compatibility extern "C" { #include <ngx_config.h>
[-] [+]	Changed	nginx-1.7.4.tar.gz/src/os/unix/ngx_process_cycle.c ^
@@ -121,6 +121,10 @@ } title = ngx_pnalloc(cycle->pool, size); + if (title == NULL) { + /* fatal */ + exit(2); + } p = ngx_cpymem(title, master_process, sizeof(master_process) - 1); for (i = 0; i < ngx_argc; i++) {
[-] [+]	Changed	nginx-1.7.4.tar.gz/src/os/unix/ngx_readv_chain.c ^
@@ -10,7 +10,11 @@ #include <ngx_event.h> -#define NGX_IOVS 16 +#if (IOV_MAX > 64) +#define NGX_IOVS 64 +#else +#define NGX_IOVS IOV_MAX +#endif #if (NGX_HAVE_KQUEUE)