nginxtra 1.6.0.9 → 1.6.1.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: fb7016c1a5311c3663e8d2380cc99dc18045583a
-  data.tar.gz: dbeebdfabc00d8548c8de4b60d873c88ef373dfa
+  metadata.gz: 5a369f94e07f5931407f7b44ad43a6c98f27cea3
+  data.tar.gz: 243030adfeee60632c741be4b329de3b92478e47
 SHA512:
-  metadata.gz: ca166ed3f3c68808047df65f3c7e7686ed1b3ed5cad8affa0a5167d863d894374c191597f482bc2dc04611613f9fc2b61188125302500570014a2f42d936af31
-  data.tar.gz: c8ab83e3c4b9cdfe21200b817903e881ab1e563a6a43868a45a5b3a013300ba7e55a156ecbe79d86a197ef8d50efa3eade96a751298a92bf249dd7e0f64bf451
+  metadata.gz: e76ab0356342254fb0bc4ed9df9cd7a8a1a036dd1a3467f19405e390b1f621aaef1fea2ddba5e7d0ab18ebf6e00cfad5fe1833b74240ef16a10e5ffc27eb45ba
+  data.tar.gz: 3afc11ee1c7f66fe21f475c7fc014ca847392889ccb356959edb93391e423a4438a252ba84ceb6cb5c79904c2811f123cfc6b669bf3ed42eeeee73712ab83c7c

data/bin/nginxtra

@@ -1,6 +1,6 @@
 #!/usr/bin/env ruby
 require "rubygems"
-gem "nginxtra", "= 1.6.0.9"
+gem "nginxtra", "= 1.6.1.9"
 gem "thor", "~> 0.16"
 require "nginxtra"
 Nginxtra::CLI.start

data/bin/nginxtra_rails

@@ -1,6 +1,6 @@
 #!/usr/bin/env ruby
 require "rubygems"
-gem "nginxtra", "= 1.6.0.9"
+gem "nginxtra", "= 1.6.1.9"
 gem "thor", "~> 0.16"
 require "nginxtra"
 Nginxtra::Rails::CLI.start

data/lib/nginxtra/version.rb

@@ -6,7 +6,7 @@ module Nginxtra
       end
 
       def to_s
-        "1.6.0.9"
+        "1.6.1.9"
       end
     end
   end

data/vendor/nginx/CHANGES

@@ -1,4 +1,19 @@
 
+Changes with nginx 1.6.1                                         05 Aug 2014
+
+    *) Security: pipelined commands were not discarded after STARTTLS
+       command in SMTP proxy (CVE-2014-3556); the bug had appeared in 1.5.6.
+       Thanks to Chris Boulton.
+
+    *) Bugfix: the $uri variable might contain garbage when returning errors
+       with code 400.
+       Thanks to Sergey Bobrov.
+
+    *) Bugfix: in the "none" parameter in the "smtp_auth" directive; the bug
+       had appeared in 1.5.6.
+       Thanks to Svyatoslav Nikolsky.
+
+
 Changes with nginx 1.6.0                                         24 Apr 2014
 
     *) 1.6.x stable branch.

data/vendor/nginx/CHANGES.ru

@@ -1,4 +1,20 @@
 
+Изменения в nginx 1.6.1                                           05.08.2014
+
+    *) Безопасность: pipelined-команды не отбрасывались после команды
+       STARTTLS в SMTP прокси-сервере (CVE-2014-3556); ошибка появилась в
+       1.5.6.
+       Спасибо Chris Boulton.
+
+    *) Исправление: переменная $uri могла содержать мусор при возврате
+       ошибок с кодом 400.
+       Спасибо Сергею Боброву.
+
+    *) Исправление: в работе параметра none директивы smtp_auth; ошибка
+       появилась в 1.5.6.
+       Спасибо Святославу Никольскому.
+
+
 Изменения в nginx 1.6.0                                           24.04.2014
 
     *) Стабильная ветка 1.6.x.

data/vendor/nginx/src/core/nginx.h

@@ -9,8 +9,8 @@
 #define _NGINX_H_INCLUDED_
 
 
-#define nginx_version      1006000
-#define NGINX_VERSION      "1.6.0"
+#define nginx_version      1006001
+#define NGINX_VERSION      "1.6.1"
 #define NGINX_VER          "nginx/" NGINX_VERSION
 
 #define NGINX_VAR          "NGINX"

data/vendor/nginx/src/http/ngx_http_request.c

@@ -1071,6 +1071,8 @@ ngx_http_process_request_uri(ngx_http_request_t *r)
         cscf = ngx_http_get_module_srv_conf(r, ngx_http_core_module);
 
         if (ngx_http_parse_complex_uri(r, cscf->merge_slashes) != NGX_OK) {
+            r->uri.len = 0;
+
             ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
                           "client sent invalid request");
             ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST);

data/vendor/nginx/src/mail/ngx_mail_smtp_handler.c

@@ -679,6 +679,11 @@ ngx_mail_smtp_mail(ngx_mail_session_t *s, ngx_connection_t *c)
         return NGX_OK;
     }
 
+    if (s->args.nelts == 0) {
+        ngx_str_set(&s->out, smtp_invalid_argument);
+        return NGX_OK;
+    }
+
     arg = s->args.elts;
     arg += s->args.nelts - 1;
 
@@ -713,6 +718,11 @@ ngx_mail_smtp_rcpt(ngx_mail_session_t *s, ngx_connection_t *c)
         return NGX_OK;
     }
 
+    if (s->args.nelts == 0) {
+        ngx_str_set(&s->out, smtp_invalid_argument);
+        return NGX_OK;
+    }
+
     arg = s->args.elts;
     arg += s->args.nelts - 1;
 
@@ -767,6 +777,9 @@ ngx_mail_smtp_starttls(ngx_mail_session_t *s, ngx_connection_t *c)
             ngx_str_null(&s->smtp_from);
             ngx_str_null(&s->smtp_to);
 
+            s->buffer->pos = s->buffer->start;
+            s->buffer->last = s->buffer->start;
+
             c->read->handler = ngx_mail_starttls_handler;
             return NGX_OK;
         }

metadata

@@ -1,27 +1,27 @@
 --- !ruby/object:Gem::Specification
 name: nginxtra
 version: !ruby/object:Gem::Version
-  version: 1.6.0.9
+  version: 1.6.1.9
 platform: ruby
 authors:
 - Mike Virata-Stone
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-04-24 00:00:00.000000000 Z
+date: 2014-08-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0.16'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0.16'
 description: This gem is intended to provide an easy to use configuration file that
@@ -433,17 +433,17 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.0.3
+rubygems_version: 2.2.2
 signing_key: 
 specification_version: 4
 summary: Wrapper of nginx for easy install and use.