nginxtra 1.4.1.9 → 1.4.2.9
Sign up to get free protection for your applications and to get access to all the features.
- data/bin/nginxtra +1 -1
- data/bin/nginxtra_rails +1 -1
- data/lib/nginxtra/version.rb +1 -1
- data/vendor/nginx/CHANGES +24 -0
- data/vendor/nginx/CHANGES.ru +24 -0
- data/vendor/nginx/src/core/nginx.h +2 -2
- data/vendor/nginx/src/event/ngx_event.c +11 -0
- data/vendor/nginx/src/event/ngx_event_openssl_stapling.c +2 -3
- data/vendor/nginx/src/http/modules/ngx_http_proxy_module.c +2 -1
- data/vendor/nginx/src/http/modules/ngx_http_upstream_least_conn_module.c +4 -1
- data/vendor/nginx/src/http/modules/perl/nginx.xs +28 -10
- data/vendor/nginx/src/http/ngx_http.h +1 -1
- data/vendor/nginx/src/http/ngx_http_request.c +4 -4
- data/vendor/nginx/src/http/ngx_http_request.h +1 -1
- data/vendor/nginx/src/http/ngx_http_upstream_round_robin.c +4 -1
- metadata +3 -2
data/bin/nginxtra
CHANGED
data/bin/nginxtra_rails
CHANGED
data/lib/nginxtra/version.rb
CHANGED
data/vendor/nginx/CHANGES
CHANGED
|
@@ -1,4 +1,28 @@
|
|
|
1
1
|
|
|
2
|
+
Changes with nginx 1.4.2 17 Jul 2013
|
|
3
|
+
|
|
4
|
+
*) Bugfix: the $r->header_in() embedded perl method did not return value
|
|
5
|
+
of the "Cookie" and "X-Forwarded-For" request header lines; the bug
|
|
6
|
+
had appeared in 1.3.14.
|
|
7
|
+
|
|
8
|
+
*) Bugfix: nginx could not be built with the ngx_mail_ssl_module, but
|
|
9
|
+
without ngx_http_ssl_module; the bug had appeared in 1.3.14.
|
|
10
|
+
|
|
11
|
+
*) Bugfix: in the "proxy_set_body" directive.
|
|
12
|
+
Thanks to Lanshun Zhou.
|
|
13
|
+
|
|
14
|
+
*) Bugfix: the "fail_timeout" parameter of the "server" directive in the
|
|
15
|
+
"upstream" context might not work if "max_fails" parameter was used;
|
|
16
|
+
the bug had appeared in 1.3.0.
|
|
17
|
+
|
|
18
|
+
*) Bugfix: a segmentation fault might occur in a worker process if the
|
|
19
|
+
"ssl_stapling" directive was used.
|
|
20
|
+
Thanks to Piotr Sikora.
|
|
21
|
+
|
|
22
|
+
*) Bugfix: nginx/Windows might stop accepting connections if several
|
|
23
|
+
worker processes were used.
|
|
24
|
+
|
|
25
|
+
|
|
2
26
|
Changes with nginx 1.4.1 07 May 2013
|
|
3
27
|
|
|
4
28
|
*) Security: a stack-based buffer overflow might occur in a worker
|
data/vendor/nginx/CHANGES.ru
CHANGED
|
@@ -1,4 +1,28 @@
|
|
|
1
1
|
|
|
2
|
+
Изменения в nginx 1.4.2 17.07.2013
|
|
3
|
+
|
|
4
|
+
*) Исправление: метод $r->header_in() встроенного перла не возвращал
|
|
5
|
+
значения строк "Cookie" и "X-Forwarded-For" из заголовка запроса;
|
|
6
|
+
ошибка появилась в 1.3.14.
|
|
7
|
+
|
|
8
|
+
*) Исправление: nginx не собирался с модулем ngx_mail_ssl_module, но без
|
|
9
|
+
модуля ngx_http_ssl_module; ошибка появилась в 1.3.14.
|
|
10
|
+
|
|
11
|
+
*) Исправление: в директиве proxy_set_body.
|
|
12
|
+
Спасибо Lanshun Zhou.
|
|
13
|
+
|
|
14
|
+
*) Исправление: параметр fail_timeout директивы server в блоке upstream
|
|
15
|
+
мог не работать, если использовался параметр max_fails; ошибка
|
|
16
|
+
появилась в 1.3.0.
|
|
17
|
+
|
|
18
|
+
*) Исправление: в рабочем процессе мог произойти segmentation fault,
|
|
19
|
+
если использовалась директива ssl_stapling.
|
|
20
|
+
Спасибо Piotr Sikora.
|
|
21
|
+
|
|
22
|
+
*) Исправление: nginx/Windows мог перестать принимать соединения, если
|
|
23
|
+
использовалось несколько рабочих процессов.
|
|
24
|
+
|
|
25
|
+
|
|
2
26
|
Изменения в nginx 1.4.1 07.05.2013
|
|
3
27
|
|
|
4
28
|
*) Безопасность: при обработке специально созданного запроса мог
|
|
@@ -607,6 +607,17 @@ ngx_event_process_init(ngx_cycle_t *cycle)
|
|
|
607
607
|
ngx_use_accept_mutex = 0;
|
|
608
608
|
}
|
|
609
609
|
|
|
610
|
+
#if (NGX_WIN32)
|
|
611
|
+
|
|
612
|
+
/*
|
|
613
|
+
* disable accept mutex on win32 as it may cause deadlock if
|
|
614
|
+
* grabbed by a process which can't accept connections
|
|
615
|
+
*/
|
|
616
|
+
|
|
617
|
+
ngx_use_accept_mutex = 0;
|
|
618
|
+
|
|
619
|
+
#endif
|
|
620
|
+
|
|
610
621
|
#if (NGX_THREADS)
|
|
611
622
|
ngx_posted_events_mutex = ngx_mutex_init(cycle->log, 0);
|
|
612
623
|
if (ngx_posted_events_mutex == NULL) {
|
|
@@ -611,15 +611,14 @@ ngx_ssl_stapling_ocsp_handler(ngx_ssl_ocsp_ctx_t *ctx)
|
|
|
611
611
|
!= 1)
|
|
612
612
|
{
|
|
613
613
|
ngx_log_error(NGX_LOG_ERR, ctx->log, 0,
|
|
614
|
-
"certificate status not found in the OCSP response"
|
|
615
|
-
n, OCSP_response_status_str(n));
|
|
614
|
+
"certificate status not found in the OCSP response");
|
|
616
615
|
goto error;
|
|
617
616
|
}
|
|
618
617
|
|
|
619
618
|
if (n != V_OCSP_CERTSTATUS_GOOD) {
|
|
620
619
|
ngx_log_error(NGX_LOG_ERR, ctx->log, 0,
|
|
621
620
|
"certificate status \"%s\" in the OCSP response",
|
|
622
|
-
|
|
621
|
+
OCSP_cert_status_str(n));
|
|
623
622
|
goto error;
|
|
624
623
|
}
|
|
625
624
|
|
|
@@ -615,7 +615,8 @@ static ngx_http_variable_t ngx_http_proxy_vars[] = {
|
|
|
615
615
|
#endif
|
|
616
616
|
|
|
617
617
|
{ ngx_string("proxy_internal_body_length"), NULL,
|
|
618
|
-
ngx_http_proxy_internal_body_length_variable, 0,
|
|
618
|
+
ngx_http_proxy_internal_body_length_variable, 0,
|
|
619
|
+
NGX_HTTP_VAR_NOCACHEABLE|NGX_HTTP_VAR_NOHASH, 0 },
|
|
619
620
|
|
|
620
621
|
{ ngx_null_string, NULL, NULL, 0, 0, 0 }
|
|
621
622
|
};
|
|
@@ -282,7 +282,10 @@ ngx_http_upstream_get_least_conn_peer(ngx_peer_connection_t *pc, void *data)
|
|
|
282
282
|
}
|
|
283
283
|
|
|
284
284
|
best->current_weight -= total;
|
|
285
|
-
|
|
285
|
+
|
|
286
|
+
if (now - best->checked > best->fail_timeout) {
|
|
287
|
+
best->checked = now;
|
|
288
|
+
}
|
|
286
289
|
|
|
287
290
|
pc->sockaddr = best->sockaddr;
|
|
288
291
|
pc->socklen = best->socklen;
|
|
@@ -222,10 +222,11 @@ header_in(r, key)
|
|
|
222
222
|
dXSTARG;
|
|
223
223
|
ngx_http_request_t *r;
|
|
224
224
|
SV *key;
|
|
225
|
-
u_char *p, *lowcase_key, *
|
|
225
|
+
u_char *p, *lowcase_key, *value, sep;
|
|
226
226
|
STRLEN len;
|
|
227
227
|
ssize_t size;
|
|
228
228
|
ngx_uint_t i, n, hash;
|
|
229
|
+
ngx_array_t *a;
|
|
229
230
|
ngx_list_part_t *part;
|
|
230
231
|
ngx_table_elt_t *h, **ph;
|
|
231
232
|
ngx_http_header_t *hh;
|
|
@@ -255,6 +256,19 @@ header_in(r, key)
|
|
|
255
256
|
hh = ngx_hash_find(&cmcf->headers_in_hash, hash, lowcase_key, len);
|
|
256
257
|
|
|
257
258
|
if (hh) {
|
|
259
|
+
|
|
260
|
+
if (hh->offset == offsetof(ngx_http_headers_in_t, cookies)) {
|
|
261
|
+
sep = ';';
|
|
262
|
+
goto multi;
|
|
263
|
+
}
|
|
264
|
+
|
|
265
|
+
#if (NGX_HTTP_X_FORWARDED_FOR)
|
|
266
|
+
if (hh->offset == offsetof(ngx_http_headers_in_t, x_forwarded_for)) {
|
|
267
|
+
sep = ',';
|
|
268
|
+
goto multi;
|
|
269
|
+
}
|
|
270
|
+
#endif
|
|
271
|
+
|
|
258
272
|
if (hh->offset) {
|
|
259
273
|
|
|
260
274
|
ph = (ngx_table_elt_t **) ((char *) &r->headers_in + hh->offset);
|
|
@@ -268,15 +282,19 @@ header_in(r, key)
|
|
|
268
282
|
XSRETURN_UNDEF;
|
|
269
283
|
}
|
|
270
284
|
|
|
271
|
-
|
|
285
|
+
multi:
|
|
286
|
+
|
|
287
|
+
/* Cookie, X-Forwarded-For */
|
|
272
288
|
|
|
273
|
-
|
|
289
|
+
a = (ngx_array_t *) ((char *) &r->headers_in + hh->offset);
|
|
290
|
+
|
|
291
|
+
n = a->nelts;
|
|
274
292
|
|
|
275
293
|
if (n == 0) {
|
|
276
294
|
XSRETURN_UNDEF;
|
|
277
295
|
}
|
|
278
296
|
|
|
279
|
-
ph =
|
|
297
|
+
ph = a->elts;
|
|
280
298
|
|
|
281
299
|
if (n == 1) {
|
|
282
300
|
ngx_http_perl_set_targ((*ph)->value.data, (*ph)->value.len);
|
|
@@ -290,12 +308,12 @@ header_in(r, key)
|
|
|
290
308
|
size += ph[i]->value.len + sizeof("; ") - 1;
|
|
291
309
|
}
|
|
292
310
|
|
|
293
|
-
|
|
294
|
-
if (
|
|
311
|
+
value = ngx_pnalloc(r->pool, size);
|
|
312
|
+
if (value == NULL) {
|
|
295
313
|
XSRETURN_UNDEF;
|
|
296
314
|
}
|
|
297
315
|
|
|
298
|
-
p =
|
|
316
|
+
p = value;
|
|
299
317
|
|
|
300
318
|
for (i = 0; /* void */ ; i++) {
|
|
301
319
|
p = ngx_copy(p, ph[i]->value.data, ph[i]->value.len);
|
|
@@ -304,10 +322,10 @@ header_in(r, key)
|
|
|
304
322
|
break;
|
|
305
323
|
}
|
|
306
324
|
|
|
307
|
-
*p++ =
|
|
325
|
+
*p++ = sep; *p++ = ' ';
|
|
308
326
|
}
|
|
309
327
|
|
|
310
|
-
ngx_http_perl_set_targ(
|
|
328
|
+
ngx_http_perl_set_targ(value, size);
|
|
311
329
|
|
|
312
330
|
goto done;
|
|
313
331
|
}
|
|
@@ -419,7 +437,7 @@ request_body(r)
|
|
|
419
437
|
|
|
420
438
|
p = ngx_pnalloc(r->pool, len);
|
|
421
439
|
if (p == NULL) {
|
|
422
|
-
|
|
440
|
+
XSRETURN_UNDEF;
|
|
423
441
|
}
|
|
424
442
|
|
|
425
443
|
data = p;
|
|
@@ -89,7 +89,7 @@ ngx_int_t ngx_http_add_listen(ngx_conf_t *cf, ngx_http_core_srv_conf_t *cscf,
|
|
|
89
89
|
void ngx_http_init_connection(ngx_connection_t *c);
|
|
90
90
|
void ngx_http_close_connection(ngx_connection_t *c);
|
|
91
91
|
|
|
92
|
-
#
|
|
92
|
+
#if (NGX_HTTP_SSL && defined SSL_CTRL_SET_TLSEXT_HOSTNAME)
|
|
93
93
|
int ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg);
|
|
94
94
|
#endif
|
|
95
95
|
|
|
@@ -1955,7 +1955,7 @@ ngx_http_set_virtual_server(ngx_http_request_t *r, ngx_str_t *host)
|
|
|
1955
1955
|
|
|
1956
1956
|
hc = r->http_connection;
|
|
1957
1957
|
|
|
1958
|
-
#
|
|
1958
|
+
#if (NGX_HTTP_SSL && defined SSL_CTRL_SET_TLSEXT_HOSTNAME)
|
|
1959
1959
|
|
|
1960
1960
|
if (hc->ssl_servername) {
|
|
1961
1961
|
if (hc->ssl_servername->len == host->len
|
|
@@ -1986,7 +1986,7 @@ ngx_http_set_virtual_server(ngx_http_request_t *r, ngx_str_t *host)
|
|
|
1986
1986
|
return NGX_ERROR;
|
|
1987
1987
|
}
|
|
1988
1988
|
|
|
1989
|
-
#
|
|
1989
|
+
#if (NGX_HTTP_SSL && defined SSL_CTRL_SET_TLSEXT_HOSTNAME)
|
|
1990
1990
|
|
|
1991
1991
|
if (hc->ssl_servername) {
|
|
1992
1992
|
ngx_http_ssl_srv_conf_t *sscf;
|
|
@@ -2053,7 +2053,7 @@ ngx_http_find_virtual_server(ngx_connection_t *c,
|
|
|
2053
2053
|
|
|
2054
2054
|
sn = virtual_names->regex;
|
|
2055
2055
|
|
|
2056
|
-
#
|
|
2056
|
+
#if (NGX_HTTP_SSL && defined SSL_CTRL_SET_TLSEXT_HOSTNAME)
|
|
2057
2057
|
|
|
2058
2058
|
if (r == NULL) {
|
|
2059
2059
|
ngx_http_connection_t *hc;
|
|
@@ -2085,7 +2085,7 @@ ngx_http_find_virtual_server(ngx_connection_t *c,
|
|
|
2085
2085
|
return NGX_DECLINED;
|
|
2086
2086
|
}
|
|
2087
2087
|
|
|
2088
|
-
#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
|
|
2088
|
+
#endif /* NGX_HTTP_SSL && defined SSL_CTRL_SET_TLSEXT_HOSTNAME */
|
|
2089
2089
|
|
|
2090
2090
|
for (i = 0; i < virtual_names->nregex; i++) {
|
|
2091
2091
|
|
|
@@ -295,7 +295,7 @@ typedef struct {
|
|
|
295
295
|
ngx_http_addr_conf_t *addr_conf;
|
|
296
296
|
ngx_http_conf_ctx_t *conf_ctx;
|
|
297
297
|
|
|
298
|
-
#
|
|
298
|
+
#if (NGX_HTTP_SSL && defined SSL_CTRL_SET_TLSEXT_HOSTNAME)
|
|
299
299
|
ngx_str_t *ssl_servername;
|
|
300
300
|
#if (NGX_PCRE)
|
|
301
301
|
ngx_http_regex_t *ssl_servername_regex;
|
|
@@ -523,7 +523,10 @@ ngx_http_upstream_get_peer(ngx_http_upstream_rr_peer_data_t *rrp)
|
|
|
523
523
|
rrp->tried[n] |= m;
|
|
524
524
|
|
|
525
525
|
best->current_weight -= total;
|
|
526
|
-
|
|
526
|
+
|
|
527
|
+
if (now - best->checked > best->fail_timeout) {
|
|
528
|
+
best->checked = now;
|
|
529
|
+
}
|
|
527
530
|
|
|
528
531
|
return best;
|
|
529
532
|
}
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: nginxtra
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.4.
|
|
4
|
+
version: 1.4.2.9
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2013-
|
|
12
|
+
date: 2013-07-17 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: thor
|
|
@@ -445,3 +445,4 @@ signing_key:
|
|
|
445
445
|
specification_version: 3
|
|
446
446
|
summary: Wrapper of nginx for easy install and use.
|
|
447
447
|
test_files: []
|
|
448
|
+
has_rdoc:
|