diff options
| author |   robert <robert@openbsd.org> | 2013-08-08 14:48:04 +0000 |
|---|---|---|
| committer | robert <robert@openbsd.org> | 2013-08-08 14:48:04 +0000 |
| commit | a06d25c8133b596520c2dc52754ef0d207b657db (patch) | |
| tree | 9c7cecd03a908e106ed105572ab393e15708527b | |
| parent | Fix typo; from patrick keshishian (diff) | |
| download | wireguard-openbsd-a06d25c8133b596520c2dc52754ef0d207b657db.tar.xz wireguard-openbsd-a06d25c8133b596520c2dc52754ef0d207b657db.zip | |
bugfix update to 1.4.2
| -rw-r--r-- | usr.sbin/nginx/CHANGES | 24 | ||||
| -rw-r--r-- | usr.sbin/nginx/CHANGES.ru | 24 | ||||
| -rw-r--r-- | usr.sbin/nginx/src/core/nginx.h | 4 | ||||
| -rw-r--r-- | usr.sbin/nginx/src/event/ngx_event.c | 11 | ||||
| -rw-r--r-- | usr.sbin/nginx/src/event/ngx_event_openssl_stapling.c | 5 | ||||
| -rw-r--r-- | usr.sbin/nginx/src/http/modules/ngx_http_proxy_module.c | 3 | ||||
| -rw-r--r-- | usr.sbin/nginx/src/http/modules/ngx_http_upstream_least_conn_module.c | 5 | ||||
| -rw-r--r-- | usr.sbin/nginx/src/http/modules/perl/nginx.xs | 38 | ||||
| -rw-r--r-- | usr.sbin/nginx/src/http/ngx_http.h | 2 | ||||
| -rw-r--r-- | usr.sbin/nginx/src/http/ngx_http_request.c | 8 | ||||
| -rw-r--r-- | usr.sbin/nginx/src/http/ngx_http_request.h | 2 | ||||
| -rw-r--r-- | usr.sbin/nginx/src/http/ngx_http_upstream_round_robin.c | 5 |
12 files changed, 107 insertions, 24 deletions
diff --git a/usr.sbin/nginx/CHANGES b/usr.sbin/nginx/CHANGES index fd42b20eed4..bbc3eb93158 100644 --- a/usr.sbin/nginx/CHANGES +++ b/usr.sbin/nginx/CHANGES @@ -1,4 +1,28 @@ +Changes with nginx 1.4.2 17 Jul 2013 + + *) Bugfix: the $r->header_in() embedded perl method did not return value + of the "Cookie" and "X-Forwarded-For" request header lines; the bug + had appeared in 1.3.14. + + *) Bugfix: nginx could not be built with the ngx_mail_ssl_module, but + without ngx_http_ssl_module; the bug had appeared in 1.3.14. + + *) Bugfix: in the "proxy_set_body" directive. + Thanks to Lanshun Zhou. + + *) Bugfix: the "fail_timeout" parameter of the "server" directive in the + "upstream" context might not work if "max_fails" parameter was used; + the bug had appeared in 1.3.0. + + *) Bugfix: a segmentation fault might occur in a worker process if the + "ssl_stapling" directive was used. + Thanks to Piotr Sikora. + + *) Bugfix: nginx/Windows might stop accepting connections if several + worker processes were used. + + Changes with nginx 1.4.1 07 May 2013 *) Security: a stack-based buffer overflow might occur in a worker diff --git a/usr.sbin/nginx/CHANGES.ru b/usr.sbin/nginx/CHANGES.ru index 12856d8eabc..18f1371c301 100644 --- a/usr.sbin/nginx/CHANGES.ru +++ b/usr.sbin/nginx/CHANGES.ru @@ -1,4 +1,28 @@ +Изменения в nginx 1.4.2 17.07.2013 + + *) Исправление: метод $r->header_in() встроенного перла не возвращал + значения строк "Cookie" и "X-Forwarded-For" из заголовка запроса; + ошибка появилась в 1.3.14. + + *) Исправление: nginx не собирался с модулем ngx_mail_ssl_module, но без + модуля ngx_http_ssl_module; ошибка появилась в 1.3.14. + + *) Исправление: в директиве proxy_set_body. + Спасибо Lanshun Zhou. + + *) Исправление: параметр fail_timeout директивы server в блоке upstream + мог не работать, если использовался параметр max_fails; ошибка + появилась в 1.3.0. + + *) Исправление: в рабочем процессе мог произойти segmentation fault, + если использовалась директива ssl_stapling. + Спасибо Piotr Sikora. + + *) Исправление: nginx/Windows мог перестать принимать соединения, если + использовалось несколько рабочих процессов. + + Изменения в nginx 1.4.1 07.05.2013 *) Безопасность: при обработке специально созданного запроса мог diff --git a/usr.sbin/nginx/src/core/nginx.h b/usr.sbin/nginx/src/core/nginx.h index 6b97454f2a2..b1107adea02 100644 --- a/usr.sbin/nginx/src/core/nginx.h +++ b/usr.sbin/nginx/src/core/nginx.h @@ -9,8 +9,8 @@ #define _NGINX_H_INCLUDED_ -#define nginx_version 1004001 -#define NGINX_VERSION "1.4.1" +#define nginx_version 1004002 +#define NGINX_VERSION "1.4.2" #define NGINX_VER "nginx/" NGINX_VERSION #define NGINX_VAR "NGINX" diff --git a/usr.sbin/nginx/src/event/ngx_event.c b/usr.sbin/nginx/src/event/ngx_event.c index b7205f45b07..c4c61204b78 100644 --- a/usr.sbin/nginx/src/event/ngx_event.c +++ b/usr.sbin/nginx/src/event/ngx_event.c @@ -607,6 +607,17 @@ ngx_event_process_init(ngx_cycle_t *cycle) ngx_use_accept_mutex = 0; } +#if (NGX_WIN32) + + /* + * disable accept mutex on win32 as it may cause deadlock if + * grabbed by a process which can't accept connections + */ + + ngx_use_accept_mutex = 0; + +#endif + #if (NGX_THREADS) ngx_posted_events_mutex = ngx_mutex_init(cycle->log, 0); if (ngx_posted_events_mutex == NULL) { diff --git a/usr.sbin/nginx/src/event/ngx_event_openssl_stapling.c b/usr.sbin/nginx/src/event/ngx_event_openssl_stapling.c index aaa8d8ac44c..77baeb98f1f 100644 --- a/usr.sbin/nginx/src/event/ngx_event_openssl_stapling.c +++ b/usr.sbin/nginx/src/event/ngx_event_openssl_stapling.c @@ -611,15 +611,14 @@ ngx_ssl_stapling_ocsp_handler(ngx_ssl_ocsp_ctx_t *ctx) != 1) { ngx_log_error(NGX_LOG_ERR, ctx->log, 0, - "certificate status not found in the OCSP response", - n, OCSP_response_status_str(n)); + "certificate status not found in the OCSP response"); goto error; } if (n != V_OCSP_CERTSTATUS_GOOD) { ngx_log_error(NGX_LOG_ERR, ctx->log, 0, "certificate status \"%s\" in the OCSP response", - n, OCSP_cert_status_str(n)); + OCSP_cert_status_str(n)); goto error; } diff --git a/usr.sbin/nginx/src/http/modules/ngx_http_proxy_module.c b/usr.sbin/nginx/src/http/modules/ngx_http_proxy_module.c index eadc8c480bb..5e62caa30f4 100644 --- a/usr.sbin/nginx/src/http/modules/ngx_http_proxy_module.c +++ b/usr.sbin/nginx/src/http/modules/ngx_http_proxy_module.c @@ -615,7 +615,8 @@ static ngx_http_variable_t ngx_http_proxy_vars[] = { #endif { ngx_string("proxy_internal_body_length"), NULL, - ngx_http_proxy_internal_body_length_variable, 0, NGX_HTTP_VAR_NOHASH, 0 }, + ngx_http_proxy_internal_body_length_variable, 0, + NGX_HTTP_VAR_NOCACHEABLE|NGX_HTTP_VAR_NOHASH, 0 }, { ngx_null_string, NULL, NULL, 0, 0, 0 } }; diff --git a/usr.sbin/nginx/src/http/modules/ngx_http_upstream_least_conn_module.c b/usr.sbin/nginx/src/http/modules/ngx_http_upstream_least_conn_module.c index 87c4d8d613b..dbef95d4164 100644 --- a/usr.sbin/nginx/src/http/modules/ngx_http_upstream_least_conn_module.c +++ b/usr.sbin/nginx/src/http/modules/ngx_http_upstream_least_conn_module.c @@ -282,7 +282,10 @@ ngx_http_upstream_get_least_conn_peer(ngx_peer_connection_t *pc, void *data) } best->current_weight -= total; - best->checked = now; + + if (now - best->checked > best->fail_timeout) { + best->checked = now; + } pc->sockaddr = best->sockaddr; pc->socklen = best->socklen; diff --git a/usr.sbin/nginx/src/http/modules/perl/nginx.xs b/usr.sbin/nginx/src/http/modules/perl/nginx.xs index bbfef079c23..77fb653739a 100644 --- a/usr.sbin/nginx/src/http/modules/perl/nginx.xs +++ b/usr.sbin/nginx/src/http/modules/perl/nginx.xs @@ -222,10 +222,11 @@ header_in(r, key) dXSTARG; ngx_http_request_t *r; SV *key; - u_char *p, *lowcase_key, *cookie; + u_char *p, *lowcase_key, *value, sep; STRLEN len; ssize_t size; ngx_uint_t i, n, hash; + ngx_array_t *a; ngx_list_part_t *part; ngx_table_elt_t *h, **ph; ngx_http_header_t *hh; @@ -255,6 +256,19 @@ header_in(r, key) hh = ngx_hash_find(&cmcf->headers_in_hash, hash, lowcase_key, len); if (hh) { + + if (hh->offset == offsetof(ngx_http_headers_in_t, cookies)) { + sep = ';'; + goto multi; + } + + #if (NGX_HTTP_X_FORWARDED_FOR) + if (hh->offset == offsetof(ngx_http_headers_in_t, x_forwarded_for)) { + sep = ','; + goto multi; + } + #endif + if (hh->offset) { ph = (ngx_table_elt_t **) ((char *) &r->headers_in + hh->offset); @@ -268,15 +282,19 @@ header_in(r, key) XSRETURN_UNDEF; } - /* Cookie */ + multi: + + /* Cookie, X-Forwarded-For */ - n = r->headers_in.cookies.nelts; + a = (ngx_array_t *) ((char *) &r->headers_in + hh->offset); + + n = a->nelts; if (n == 0) { XSRETURN_UNDEF; } - ph = r->headers_in.cookies.elts; + ph = a->elts; if (n == 1) { ngx_http_perl_set_targ((*ph)->value.data, (*ph)->value.len); @@ -290,12 +308,12 @@ header_in(r, key) size += ph[i]->value.len + sizeof("; ") - 1; } - cookie = ngx_pnalloc(r->pool, size); - if (cookie == NULL) { + value = ngx_pnalloc(r->pool, size); + if (value == NULL) { XSRETURN_UNDEF; } - p = cookie; + p = value; for (i = 0; /* void */ ; i++) { p = ngx_copy(p, ph[i]->value.data, ph[i]->value.len); @@ -304,10 +322,10 @@ header_in(r, key) break; } - *p++ = ';'; *p++ = ' '; + *p++ = sep; *p++ = ' '; } - ngx_http_perl_set_targ(cookie, size); + ngx_http_perl_set_targ(value, size); goto done; } @@ -419,7 +437,7 @@ request_body(r) p = ngx_pnalloc(r->pool, len); if (p == NULL) { - return XSRETURN_UNDEF; + XSRETURN_UNDEF; } data = p; diff --git a/usr.sbin/nginx/src/http/ngx_http.h b/usr.sbin/nginx/src/http/ngx_http.h index 3d758bfd963..d4dc1bd94e9 100644 --- a/usr.sbin/nginx/src/http/ngx_http.h +++ b/usr.sbin/nginx/src/http/ngx_http.h @@ -89,7 +89,7 @@ ngx_int_t ngx_http_add_listen(ngx_conf_t *cf, ngx_http_core_srv_conf_t *cscf, void ngx_http_init_connection(ngx_connection_t *c); void ngx_http_close_connection(ngx_connection_t *c); -#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME +#if (NGX_HTTP_SSL && defined SSL_CTRL_SET_TLSEXT_HOSTNAME) int ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg); #endif diff --git a/usr.sbin/nginx/src/http/ngx_http_request.c b/usr.sbin/nginx/src/http/ngx_http_request.c index 6afca1140e6..f99eaf6c0e6 100644 --- a/usr.sbin/nginx/src/http/ngx_http_request.c +++ b/usr.sbin/nginx/src/http/ngx_http_request.c @@ -1961,7 +1961,7 @@ ngx_http_set_virtual_server(ngx_http_request_t *r, ngx_str_t *host) hc = r->http_connection; -#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME +#if (NGX_HTTP_SSL && defined SSL_CTRL_SET_TLSEXT_HOSTNAME) if (hc->ssl_servername) { if (hc->ssl_servername->len == host->len @@ -1992,7 +1992,7 @@ ngx_http_set_virtual_server(ngx_http_request_t *r, ngx_str_t *host) return NGX_ERROR; } -#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME +#if (NGX_HTTP_SSL && defined SSL_CTRL_SET_TLSEXT_HOSTNAME) if (hc->ssl_servername) { ngx_http_ssl_srv_conf_t *sscf; @@ -2062,7 +2062,7 @@ ngx_http_find_virtual_server(ngx_connection_t *c, sn = virtual_names->regex; -#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME +#if (NGX_HTTP_SSL && defined SSL_CTRL_SET_TLSEXT_HOSTNAME) if (r == NULL) { ngx_http_connection_t *hc; @@ -2094,7 +2094,7 @@ ngx_http_find_virtual_server(ngx_connection_t *c, return NGX_DECLINED; } -#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */ +#endif /* NGX_HTTP_SSL && defined SSL_CTRL_SET_TLSEXT_HOSTNAME */ for (i = 0; i < virtual_names->nregex; i++) { diff --git a/usr.sbin/nginx/src/http/ngx_http_request.h b/usr.sbin/nginx/src/http/ngx_http_request.h index 5c62785e2a8..bd842df7e3f 100644 --- a/usr.sbin/nginx/src/http/ngx_http_request.h +++ b/usr.sbin/nginx/src/http/ngx_http_request.h @@ -295,7 +295,7 @@ typedef struct { ngx_http_addr_conf_t *addr_conf; ngx_http_conf_ctx_t *conf_ctx; -#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME +#if (NGX_HTTP_SSL && defined SSL_CTRL_SET_TLSEXT_HOSTNAME) ngx_str_t *ssl_servername; #if (NGX_PCRE) ngx_http_regex_t *ssl_servername_regex; diff --git a/usr.sbin/nginx/src/http/ngx_http_upstream_round_robin.c b/usr.sbin/nginx/src/http/ngx_http_upstream_round_robin.c index d786ed14254..e0c6c58c747 100644 --- a/usr.sbin/nginx/src/http/ngx_http_upstream_round_robin.c +++ b/usr.sbin/nginx/src/http/ngx_http_upstream_round_robin.c @@ -523,7 +523,10 @@ ngx_http_upstream_get_peer(ngx_http_upstream_rr_peer_data_t *rrp) rrp->tried[n] |= m; best->current_weight -= total; - best->checked = now; + + if (now - best->checked > best->fail_timeout) { + best->checked = now; + } return best; } |