|
[-]
[+]
|
Changed |
nginx-1.4.changes
|
|
|
|
[-]
[+]
|
Changed |
nginx-1.4.spec
^
|
|
|
|
[-]
[+]
|
Changed |
nginx-1.4.2.tar.bz2/CHANGES
^
|
| @@ -1,4 +1,28 @@
+Changes with nginx 1.4.2 17 Jul 2013
+
+ *) Bugfix: the $r->header_in() embedded perl method did not return value
+ of the "Cookie" and "X-Forwarded-For" request header lines; the bug
+ had appeared in 1.3.14.
+
+ *) Bugfix: nginx could not be built with the ngx_mail_ssl_module, but
+ without ngx_http_ssl_module; the bug had appeared in 1.3.14.
+
+ *) Bugfix: in the "proxy_set_body" directive.
+ Thanks to Lanshun Zhou.
+
+ *) Bugfix: the "fail_timeout" parameter of the "server" directive in the
+ "upstream" context might not work if "max_fails" parameter was used;
+ the bug had appeared in 1.3.0.
+
+ *) Bugfix: a segmentation fault might occur in a worker process if the
+ "ssl_stapling" directive was used.
+ Thanks to Piotr Sikora.
+
+ *) Bugfix: nginx/Windows might stop accepting connections if several
+ worker processes were used.
+
+
Changes with nginx 1.4.1 07 May 2013
*) Security: a stack-based buffer overflow might occur in a worker
|
|
[-]
[+]
|
Changed |
nginx-1.4.2.tar.bz2/CHANGES.ru
^
|
| @@ -1,4 +1,28 @@
+Изменения в nginx 1.4.2 17.07.2013
+
+ *) Исправление: метод $r->header_in() встроенного перла не возвращал
+ значения строк "Cookie" и "X-Forwarded-For" из заголовка запроса;
+ ошибка появилась в 1.3.14.
+
+ *) Исправление: nginx не собирался с модулем ngx_mail_ssl_module, но без
+ модуля ngx_http_ssl_module; ошибка появилась в 1.3.14.
+
+ *) Исправление: в директиве proxy_set_body.
+ Спасибо Lanshun Zhou.
+
+ *) Исправление: параметр fail_timeout директивы server в блоке upstream
+ мог не работать, если использовался параметр max_fails; ошибка
+ появилась в 1.3.0.
+
+ *) Исправление: в рабочем процессе мог произойти segmentation fault,
+ если использовалась директива ssl_stapling.
+ Спасибо Piotr Sikora.
+
+ *) Исправление: nginx/Windows мог перестать принимать соединения, если
+ использовалось несколько рабочих процессов.
+
+
Изменения в nginx 1.4.1 07.05.2013
*) Безопасность: при обработке специально созданного запроса мог
|
|
[-]
[+]
|
Changed |
nginx-1.4.2.tar.bz2/src/core/nginx.h
^
|
| @@ -9,8 +9,8 @@
#define _NGINX_H_INCLUDED_
-#define nginx_version 1004001
-#define NGINX_VERSION "1.4.1"
+#define nginx_version 1004002
+#define NGINX_VERSION "1.4.2"
#define NGINX_VER "nginx/" NGINX_VERSION
#define NGINX_VAR "NGINX"
|
|
[-]
[+]
|
Changed |
nginx-1.4.2.tar.bz2/src/event/ngx_event.c
^
|
| @@ -607,6 +607,17 @@
ngx_use_accept_mutex = 0;
}
+#if (NGX_WIN32)
+
+ /*
+ * disable accept mutex on win32 as it may cause deadlock if
+ * grabbed by a process which can't accept connections
+ */
+
+ ngx_use_accept_mutex = 0;
+
+#endif
+
#if (NGX_THREADS)
ngx_posted_events_mutex = ngx_mutex_init(cycle->log, 0);
if (ngx_posted_events_mutex == NULL) {
|
|
[-]
[+]
|
Changed |
nginx-1.4.2.tar.bz2/src/event/ngx_event_openssl_stapling.c
^
|
| @@ -611,15 +611,14 @@
!= 1)
{
ngx_log_error(NGX_LOG_ERR, ctx->log, 0,
- "certificate status not found in the OCSP response",
- n, OCSP_response_status_str(n));
+ "certificate status not found in the OCSP response");
goto error;
}
if (n != V_OCSP_CERTSTATUS_GOOD) {
ngx_log_error(NGX_LOG_ERR, ctx->log, 0,
"certificate status \"%s\" in the OCSP response",
- n, OCSP_cert_status_str(n));
+ OCSP_cert_status_str(n));
goto error;
}
|
|
[-]
[+]
|
Changed |
nginx-1.4.2.tar.bz2/src/http/modules/ngx_http_proxy_module.c
^
|
| @@ -615,7 +615,8 @@
#endif
{ ngx_string("proxy_internal_body_length"), NULL,
- ngx_http_proxy_internal_body_length_variable, 0, NGX_HTTP_VAR_NOHASH, 0 },
+ ngx_http_proxy_internal_body_length_variable, 0,
+ NGX_HTTP_VAR_NOCACHEABLE|NGX_HTTP_VAR_NOHASH, 0 },
{ ngx_null_string, NULL, NULL, 0, 0, 0 }
};
|
|
[-]
[+]
|
Changed |
nginx-1.4.2.tar.bz2/src/http/modules/ngx_http_upstream_least_conn_module.c
^
|
| @@ -282,7 +282,10 @@
}
best->current_weight -= total;
- best->checked = now;
+
+ if (now - best->checked > best->fail_timeout) {
+ best->checked = now;
+ }
pc->sockaddr = best->sockaddr;
pc->socklen = best->socklen;
|
|
[-]
[+]
|
Changed |
nginx-1.4.2.tar.bz2/src/http/modules/perl/nginx.xs
^
|
| @@ -222,10 +222,11 @@
dXSTARG;
ngx_http_request_t *r;
SV *key;
- u_char *p, *lowcase_key, *cookie;
+ u_char *p, *lowcase_key, *value, sep;
STRLEN len;
ssize_t size;
ngx_uint_t i, n, hash;
+ ngx_array_t *a;
ngx_list_part_t *part;
ngx_table_elt_t *h, **ph;
ngx_http_header_t *hh;
@@ -255,6 +256,19 @@
hh = ngx_hash_find(&cmcf->headers_in_hash, hash, lowcase_key, len);
if (hh) {
+
+ if (hh->offset == offsetof(ngx_http_headers_in_t, cookies)) {
+ sep = ';';
+ goto multi;
+ }
+
+ #if (NGX_HTTP_X_FORWARDED_FOR)
+ if (hh->offset == offsetof(ngx_http_headers_in_t, x_forwarded_for)) {
+ sep = ',';
+ goto multi;
+ }
+ #endif
+
if (hh->offset) {
ph = (ngx_table_elt_t **) ((char *) &r->headers_in + hh->offset);
@@ -268,15 +282,19 @@
XSRETURN_UNDEF;
}
- /* Cookie */
+ multi:
+
+ /* Cookie, X-Forwarded-For */
- n = r->headers_in.cookies.nelts;
+ a = (ngx_array_t *) ((char *) &r->headers_in + hh->offset);
+
+ n = a->nelts;
if (n == 0) {
XSRETURN_UNDEF;
}
- ph = r->headers_in.cookies.elts;
+ ph = a->elts;
if (n == 1) {
ngx_http_perl_set_targ((*ph)->value.data, (*ph)->value.len);
@@ -290,12 +308,12 @@
size += ph[i]->value.len + sizeof("; ") - 1;
}
- cookie = ngx_pnalloc(r->pool, size);
- if (cookie == NULL) {
+ value = ngx_pnalloc(r->pool, size);
+ if (value == NULL) {
XSRETURN_UNDEF;
}
- p = cookie;
+ p = value;
for (i = 0; /* void */ ; i++) {
p = ngx_copy(p, ph[i]->value.data, ph[i]->value.len);
@@ -304,10 +322,10 @@
break;
}
- *p++ = ';'; *p++ = ' ';
+ *p++ = sep; *p++ = ' ';
}
- ngx_http_perl_set_targ(cookie, size);
+ ngx_http_perl_set_targ(value, size);
goto done;
}
@@ -419,7 +437,7 @@
p = ngx_pnalloc(r->pool, len);
if (p == NULL) {
- return XSRETURN_UNDEF;
+ XSRETURN_UNDEF;
}
data = p;
|
|
[-]
[+]
|
Changed |
nginx-1.4.2.tar.bz2/src/http/ngx_http.h
^
|
| @@ -89,7 +89,7 @@
void ngx_http_init_connection(ngx_connection_t *c);
void ngx_http_close_connection(ngx_connection_t *c);
-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+#if (NGX_HTTP_SSL && defined SSL_CTRL_SET_TLSEXT_HOSTNAME)
int ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg);
#endif
|
|
[-]
[+]
|
Changed |
nginx-1.4.2.tar.bz2/src/http/ngx_http_request.c
^
|
| @@ -1955,7 +1955,7 @@
hc = r->http_connection;
-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+#if (NGX_HTTP_SSL && defined SSL_CTRL_SET_TLSEXT_HOSTNAME)
if (hc->ssl_servername) {
if (hc->ssl_servername->len == host->len
@@ -1986,7 +1986,7 @@
return NGX_ERROR;
}
-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+#if (NGX_HTTP_SSL && defined SSL_CTRL_SET_TLSEXT_HOSTNAME)
if (hc->ssl_servername) {
ngx_http_ssl_srv_conf_t *sscf;
@@ -2053,7 +2053,7 @@
sn = virtual_names->regex;
-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+#if (NGX_HTTP_SSL && defined SSL_CTRL_SET_TLSEXT_HOSTNAME)
if (r == NULL) {
ngx_http_connection_t *hc;
@@ -2085,7 +2085,7 @@
return NGX_DECLINED;
}
-#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
+#endif /* NGX_HTTP_SSL && defined SSL_CTRL_SET_TLSEXT_HOSTNAME */
for (i = 0; i < virtual_names->nregex; i++) {
|
|
[-]
[+]
|
Changed |
nginx-1.4.2.tar.bz2/src/http/ngx_http_request.h
^
|
| @@ -295,7 +295,7 @@
ngx_http_addr_conf_t *addr_conf;
ngx_http_conf_ctx_t *conf_ctx;
-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+#if (NGX_HTTP_SSL && defined SSL_CTRL_SET_TLSEXT_HOSTNAME)
ngx_str_t *ssl_servername;
#if (NGX_PCRE)
ngx_http_regex_t *ssl_servername_regex;
|
|
[-]
[+]
|
Changed |
nginx-1.4.2.tar.bz2/src/http/ngx_http_upstream_round_robin.c
^
|
| @@ -523,7 +523,10 @@
rrp->tried[n] |= m;
best->current_weight -= total;
- best->checked = now;
+
+ if (now - best->checked > best->fail_timeout) {
+ best->checked = now;
+ }
return best;
}
|
