diff options
| author | Igor Sysoev <igor@sysoev.ru> | 2010-02-01 13:36:39 +0000 |
|---|---|---|
| committer | Jonathan Kolb <jon@b0g.us> | 2010-02-01 13:36:39 +0000 |
| commit | f44c4b757edbb4266a440a0236ff47965aebbfa3 (patch) | |
| tree | 71e0c9954a11a7397ee3a57a70d79be918bd0348 | |
| parent | f77e83cd92849af4a6226406c8e2cfa8e18722d4 (diff) | |
| download | nginx-f44c4b757edbb4266a440a0236ff47965aebbfa3.tar.gz | |
Changes with nginx 0.8.33 01 Feb 2010v0.8.33
*) Security: now nginx/Windows ignores trailing spaces in URI.
Thanks to Dan Crowley, Core Security Technologies.
*) Security: now nginx/Windows ignores short files names.
Thanks to Dan Crowley, Core Security Technologies.
*) Change: now keepalive connections after POST requests are not
disabled for MSIE 7.0+. Thanks to Adam Lounds.
*) Workaround: now keepalive connections are disabled for Safari.
Thanks to Joshua Sierles.
*) Bugfix: if a proxied or FastCGI request was internally redirected to
another proxied or FastCGI location, then $upstream_response_time
variable may have abnormally large value; the bug had appeared in
0.8.7.
*) Bugfix: a segmentation fault might occur in a worker process, while
discarding a request body; the bug had appeared in 0.8.11.
| -rw-r--r-- | CHANGES | 27 | ||||
| -rw-r--r-- | CHANGES.ru | 25 | ||||
| -rw-r--r-- | src/core/nginx.h | 4 | ||||
| -rw-r--r-- | src/http/modules/perl/nginx.pm | 2 | ||||
| -rw-r--r-- | src/http/ngx_http_core_module.c | 24 | ||||
| -rw-r--r-- | src/http/ngx_http_request.c | 10 | ||||
| -rw-r--r-- | src/http/ngx_http_request.h | 1 | ||||
| -rw-r--r-- | src/http/ngx_http_upstream.c | 2 |
8 files changed, 81 insertions, 14 deletions
@@ -1,4 +1,27 @@ +Changes with nginx 0.8.33 01 Feb 2010 + + *) Security: now nginx/Windows ignores trailing spaces in URI. + Thanks to Dan Crowley, Core Security Technologies. + + *) Security: now nginx/Windows ignores short files names. + Thanks to Dan Crowley, Core Security Technologies. + + *) Change: now keepalive connections after POST requests are not + disabled for MSIE 7.0+. Thanks to Adam Lounds. + + *) Workaround: now keepalive connections are disabled for Safari. + Thanks to Joshua Sierles. + + *) Bugfix: if a proxied or FastCGI request was internally redirected to + another proxied or FastCGI location, then $upstream_response_time + variable may have abnormally large value; the bug had appeared in + 0.8.7. + + *) Bugfix: a segmentation fault might occur in a worker process, while + discarding a request body; the bug had appeared in 0.8.11. + + Changes with nginx 0.8.32 11 Jan 2010 *) Bugfix: UTF-8 encoding usage in the ngx_http_autoindex_module. @@ -12,11 +35,11 @@ Changes with nginx 0.8.32 11 Jan 2010 directive. Thanks to Maxim Dounin. - *) Bugfix: nginx did nor support chunked transfer encoding for 201 + *) Bugfix: nginx did not support chunked transfer encoding for 201 responses. Thanks to Julian Reich. - *) Bugfix: if the "expires modified" set date in the past, the a + *) Bugfix: if the "expires modified" set date in the past, then a negative number was set in the "Cache-Control" response header line. Thanks to Alex Kapranoff. diff --git a/CHANGES.ru b/CHANGES.ru index b5d1b533b..b2d9f6bc1 100644 --- a/CHANGES.ru +++ b/CHANGES.ru @@ -1,4 +1,29 @@ +Изменения в nginx 0.8.33 01.02.2010 + + *) Безопасность: теперь nginx/Windows игнорирует пробелы в конце + URI. + Спасибо Dan Crowley, Core Security Technologies. + + *) Безопасность: теперь nginx/Windows игнорирует короткие имена + файлов. + Спасибо Dan Crowley, Core Security Technologies. + + *) Изменение: теперь keepalive соединения после запросов POST не + запрещаются для MSIE 7.0+. Спасибо Adam Lounds. + + *) Изменение: теперь keepalive соединения запрещены для Safari. Спасибо + Joshua Sierles. + + *) Исправление: если проксированный или FastCGI запрос внутренне + перенаправлялся в другой проксированный или FastCGI location, то + переменная $upstream_response_time могла иметь ненормально большое + значение; ошибка появилась в 0.8.7. + + *) Исправление: в рабочем процессе мог произойти segmentation fault при + отбрасывания тела запроса; ошибка появилась в 0.8.11. + + Изменения в nginx 0.8.32 11.01.2010 *) Исправление: ошибки при использовании кодировки UTF-8 в diff --git a/src/core/nginx.h b/src/core/nginx.h index c74812119..eb47ec135 100644 --- a/src/core/nginx.h +++ b/src/core/nginx.h @@ -8,8 +8,8 @@ #define _NGINX_H_INCLUDED_ -#define nginx_version 8032 -#define NGINX_VERSION "0.8.32" +#define nginx_version 8033 +#define NGINX_VERSION "0.8.33" #define NGINX_VER "nginx/" NGINX_VERSION #define NGINX_VAR "NGINX" diff --git a/src/http/modules/perl/nginx.pm b/src/http/modules/perl/nginx.pm index caa10abde..0bca5b26e 100644 --- a/src/http/modules/perl/nginx.pm +++ b/src/http/modules/perl/nginx.pm @@ -47,7 +47,7 @@ our @EXPORT = qw( HTTP_INSUFFICIENT_STORAGE ); -our $VERSION = '0.8.32'; +our $VERSION = '0.8.33'; require XSLoader; XSLoader::load('nginx', $VERSION); diff --git a/src/http/ngx_http_core_module.c b/src/http/ngx_http_core_module.c index f3b62d9d4..eb1785090 100644 --- a/src/http/ngx_http_core_module.c +++ b/src/http/ngx_http_core_module.c @@ -783,14 +783,24 @@ ngx_http_handler(ngx_http_request_t *r) break; } - if (r->keepalive && r->headers_in.msie && r->method == NGX_HTTP_POST) { - - /* - * MSIE may wait for some time if an response for - * a POST request was sent over a keepalive connection - */ + if (r->keepalive) { + + if (r->headers_in.msie6) { + if (r->method == NGX_HTTP_POST) { + /* + * MSIE may wait for some time if an response for + * a POST request was sent over a keepalive connection + */ + r->keepalive = 0; + } - r->keepalive = 0; + } else if (r->headers_in.safari) { + /* + * Safari may send a POST request to a closed keepalive + * connection and stalls for some time + */ + r->keepalive = 0; + } } if (r->headers_in.content_length_n > 0) { diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c index 30639810d..3432b50a0 100644 --- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -788,9 +788,11 @@ ngx_http_process_request_line(ngx_event_t *rev) p = r->uri.data + r->uri.len - 1; - if (*p == '.') { + if (*p == '.' || *p == ' ') { - while (--p > r->uri.data && *p == '.') { /* void */ } + while (--p > r->uri.data && (*p == '.' || *p == ' ')) { + /* void */ + } r->uri.len = p + 1 - r->uri.data; @@ -1448,6 +1450,9 @@ ngx_http_process_user_agent(ngx_http_request_t *r, ngx_table_elt_t *h, } else if (ngx_strstrn(user_agent, "Chrome/", 7 - 1)) { r->headers_in.chrome = 1; + } else if (ngx_strstrn(user_agent, "Safari/", 7 - 1)) { + r->headers_in.safari = 1; + } else if (ngx_strstrn(user_agent, "Konqueror", 9 - 1)) { r->headers_in.konqueror = 1; } @@ -1997,6 +2002,7 @@ ngx_http_finalize_request(ngx_http_request_t *r, ngx_int_t rc) } r->done = 1; + r->write_event_handler = ngx_http_request_empty_handler; if (!r->post_action) { r->request_complete = 1; diff --git a/src/http/ngx_http_request.h b/src/http/ngx_http_request.h index 79ec02873..902ec3ec1 100644 --- a/src/http/ngx_http_request.h +++ b/src/http/ngx_http_request.h @@ -220,6 +220,7 @@ typedef struct { unsigned opera:1; unsigned gecko:1; unsigned chrome:1; + unsigned safari:1; unsigned konqueror:1; } ngx_http_headers_in_t; diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c index fa434898f..776a3a1df 100644 --- a/src/http/ngx_http_upstream.c +++ b/src/http/ngx_http_upstream.c @@ -366,6 +366,7 @@ ngx_http_upstream_create(ngx_http_request_t *r) r->main->count++; ngx_http_upstream_cleanup(r); *u->cleanup = NULL; + u->cleanup = NULL; } u = ngx_pcalloc(r->pool, sizeof(ngx_http_upstream_t)); @@ -2856,6 +2857,7 @@ ngx_http_upstream_finalize_request(ngx_http_request_t *r, if (u->cleanup) { *u->cleanup = NULL; + u->cleanup = NULL; } if (u->resolved && u->resolved->ctx) { |