lp:~titusx/nginx/mainline

Created by TitusX and last modified
Get this branch:
bzr branch lp:~titusx/nginx/mainline

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
TitusX
Project:
Nginx
Status:
Mature

Import details

Import Status: Reviewed

This branch is an import of the HEAD branch of the Git repository at https://github.com/nginx/nginx.git.

The next import is scheduled to run .

Last successful import was .

Import started on juju-1e3bde-prod-lp-code-import-12 and finished taking 10 seconds — see the log
Import started on juju-1e3bde-prod-lp-code-import-15 and finished taking 15 seconds — see the log
Import started on juju-1e3bde-prod-lp-code-import-15 and finished taking 10 seconds — see the log
Import started on juju-1e3bde-prod-lp-code-import-14 and finished taking 15 seconds — see the log
Import started on juju-1e3bde-prod-lp-code-import-14 and finished taking 10 seconds — see the log
Import started on juju-1e3bde-prod-lp-code-import-13 and finished taking 10 seconds — see the log
Import started on juju-1e3bde-prod-lp-code-import-12 and finished taking 15 seconds — see the log
Import started on juju-1e3bde-prod-lp-code-import-15 and finished taking 10 seconds — see the log
Import started on juju-1e3bde-prod-lp-code-import-15 and finished taking 10 seconds — see the log
Import started on juju-1e3bde-prod-lp-code-import-15 and finished taking 15 seconds — see the log

Recent revisions

6920. By Sergey Kandaurov <email address hidden>

SSL: SSL_CTX_set_tmp_dh() error handling.

For example, it can fail due to weak DH parameters.

6919. By Maxim Dounin <email address hidden>

SSL: set events ready flags after handshake.

The c->read->ready and c->write->ready flags might be reset during
the handshake, and not set again if the handshake was finished on
the other event. At the same time, some data might be read from
the socket during the handshake, so missing c->read->ready flag might
result in a connection hang, for example, when waiting for an SMTP
greeting (which was already received during the handshake).

Found by Sergey Kandaurov.

6918. By Maxim Dounin <email address hidden>

Version bump.

6917. By Maxim Dounin <email address hidden>

release-1.21.1 tag

6916. By Maxim Dounin <email address hidden>

nginx-1.21.1-RELEASE

6915. By Ruslan Ermilov <email address hidden>

Win32: use only preallocated memory in send/recv chain functions.

The ngx_wsasend_chain() and ngx_wsarecv_chain() functions were
modified to use only preallocated memory, and the number of
preallocated wsabufs was increased to 64.

6914. By Ruslan Ermilov <email address hidden>

Use only preallocated memory in ngx_readv_chain() (ticket #1408).

In d1bde5c3c5d2, the number of preallocated iovec's for ngx_readv_chain()
was increased. Still, in some setups, the function might allocate memory
for iovec's from a connection pool, which is only freed when closing the
connection.

The ngx_readv_chain() function was modified to use only preallocated
memory, similarly to the ngx_writev_chain() change in 8e903522c17a.

6913. By Maxim Dounin <email address hidden>

Disabled control characters in the Host header.

Control characters (0x00-0x1f, 0x7f) and space are not expected to appear
in the Host header. Requests with such characters in the Host header are
now unconditionally rejected.

6912. By Maxim Dounin <email address hidden>

Improved logging of invalid headers.

In 71edd9192f24 logging of invalid headers which were rejected with the
NGX_HTTP_PARSE_INVALID_HEADER error was restricted to just the "client
sent invalid header line" message, without any attempts to log the header
itself.

This patch returns logging of the header up to the invalid character and
the character itself. The r->header_end pointer is now properly set
in all cases to make logging possible.

The same logging is also introduced when parsing headers from upstream
servers.

6911. By Maxim Dounin <email address hidden>

Disabled control characters and space in header names.

Control characters (0x00-0x1f, 0x7f), space, and colon were never allowed in
header names. The only somewhat valid use is header continuation which nginx
never supported and which is explicitly obsolete by RFC 7230.

Previously, such headers were considered invalid and were ignored by default
(as per ignore_invalid_headers directive). With this change, such headers
are unconditionally rejected.

It is expected to make nginx more resilient to various attacks, in particular,
with ignore_invalid_headers switched off (which is inherently unsecure, though
nevertheless sometimes used in the wild).

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.

Subscribers