nginxtra 1.4.6.9 → 1.4.7.9
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/bin/nginxtra +1 -1
- data/bin/nginxtra_rails +1 -1
- data/lib/nginxtra/version.rb +1 -1
- data/vendor/nginx/CHANGES +13 -0
- data/vendor/nginx/CHANGES.ru +13 -0
- data/vendor/nginx/src/core/nginx.h +2 -2
- data/vendor/nginx/src/http/modules/ngx_http_fastcgi_module.c +11 -0
- data/vendor/nginx/src/http/ngx_http_spdy.c +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: dede1bae30a3fd005accbd97949b0976bba4ce15
|
4
|
+
data.tar.gz: 350606d60ba2e59448b0e8352af765ba55208875
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d735aafa03c117c1c18dd17dae8d5e7737b8c7ca884b1ee389389617f47dafeb43db6cb7b688a838167d9fcce931f7a79a396f300adacd96d63bd1dc1701d2bf
|
7
|
+
data.tar.gz: e5b167bda73982d95c86c4cecab947f2ea791ff2ed34d2bfde12a99d203ec28bf88ee90867d576f7efa3f61a76fd04e132563e0b4d2eed30e7945baf4e02b000
|
data/bin/nginxtra
CHANGED
data/bin/nginxtra_rails
CHANGED
data/lib/nginxtra/version.rb
CHANGED
data/vendor/nginx/CHANGES
CHANGED
@@ -1,4 +1,17 @@
|
|
1
1
|
|
2
|
+
Changes with nginx 1.4.7 18 Mar 2014
|
3
|
+
|
4
|
+
*) Security: a heap memory buffer overflow might occur in a worker
|
5
|
+
process while handling a specially crafted request by
|
6
|
+
ngx_http_spdy_module, potentially resulting in arbitrary code
|
7
|
+
execution (CVE-2014-0133).
|
8
|
+
Thanks to Lucas Molas, researcher at Programa STIC, Fundación Dr.
|
9
|
+
Manuel Sadosky, Buenos Aires, Argentina.
|
10
|
+
|
11
|
+
*) Bugfix: in the "fastcgi_next_upstream" directive.
|
12
|
+
Thanks to Lucas Molas.
|
13
|
+
|
14
|
+
|
2
15
|
Changes with nginx 1.4.6 04 Mar 2014
|
3
16
|
|
4
17
|
*) Bugfix: the "client_max_body_size" directive might not work when
|
data/vendor/nginx/CHANGES.ru
CHANGED
@@ -1,4 +1,17 @@
|
|
1
1
|
|
2
|
+
Изменения в nginx 1.4.7 18.03.2014
|
3
|
+
|
4
|
+
*) Безопасность: при обработке специально созданного запроса модулем
|
5
|
+
ngx_http_spdy_module могло происходить переполнение буфера в рабочем
|
6
|
+
процессе, что потенциально могло приводить к выполнению произвольного
|
7
|
+
кода (CVE-2014-0133).
|
8
|
+
Спасибо Lucas Molas из Programa STIC, Fundación Dr. Manuel Sadosky,
|
9
|
+
Buenos Aires, Argentina.
|
10
|
+
|
11
|
+
*) Исправление: в директиве fastcgi_next_upstream.
|
12
|
+
Спасибо Lucas Molas.
|
13
|
+
|
14
|
+
|
2
15
|
Изменения в nginx 1.4.6 04.03.2014
|
3
16
|
|
4
17
|
*) Исправление: директива client_max_body_size могла не работать при
|
@@ -1195,6 +1195,10 @@ ngx_http_fastcgi_reinit_request(ngx_http_request_t *r)
|
|
1195
1195
|
f->fastcgi_stdout = 0;
|
1196
1196
|
f->large_stderr = 0;
|
1197
1197
|
|
1198
|
+
if (f->split_parts) {
|
1199
|
+
f->split_parts->nelts = 0;
|
1200
|
+
}
|
1201
|
+
|
1198
1202
|
r->state = 0;
|
1199
1203
|
|
1200
1204
|
return NGX_OK;
|
@@ -1475,6 +1479,13 @@ ngx_http_fastcgi_process_header(ngx_http_request_t *r)
|
|
1475
1479
|
|
1476
1480
|
rc = ngx_http_parse_header_line(r, &buf, 1);
|
1477
1481
|
|
1482
|
+
if (rc != NGX_OK) {
|
1483
|
+
ngx_log_error(NGX_LOG_ALERT, r->connection->log, 0,
|
1484
|
+
"invalid header after joining "
|
1485
|
+
"FastCGI records");
|
1486
|
+
return NGX_ERROR;
|
1487
|
+
}
|
1488
|
+
|
1478
1489
|
h->key.len = r->header_name_end - r->header_name_start;
|
1479
1490
|
h->key.data = r->header_name_start;
|
1480
1491
|
h->key.data[h->key.len] = '\0';
|
@@ -1465,7 +1465,7 @@ static u_char *
|
|
1465
1465
|
ngx_http_spdy_state_save(ngx_http_spdy_connection_t *sc,
|
1466
1466
|
u_char *pos, u_char *end, ngx_http_spdy_handler_pt handler)
|
1467
1467
|
{
|
1468
|
-
#if
|
1468
|
+
#if 1
|
1469
1469
|
if (end - pos > NGX_SPDY_STATE_BUFFER_SIZE) {
|
1470
1470
|
ngx_log_error(NGX_LOG_ALERT, sc->connection->log, 0,
|
1471
1471
|
"spdy state buffer overflow: "
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: nginxtra
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.4.
|
4
|
+
version: 1.4.7.9
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Mike Virata-Stone
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2014-03-
|
11
|
+
date: 2014-03-19 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: thor
|