Hello community, here is the log from the commit of package nginx for openSUSE:Factory checked in at 2020-03-06 21:26:10 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/nginx (Old) and /work/SRC/openSUSE:Factory/.nginx.new.26092 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nginx" Fri Mar 6 21:26:10 2020 rev:47 rq:781568 version:1.17.9 Changes: -------- --- /work/SRC/openSUSE:Factory/nginx/nginx.changes 2020-02-09 20:47:26.670841688 +0100 +++ /work/SRC/openSUSE:Factory/.nginx.new.26092/nginx.changes 2020-03-06 21:26:28.357521548 +0100 @@ -1,0 +2,16 @@ +Wed Mar 4 12:35:47 UTC 2020 - Илья Индиго <i...@ilya.pp.ua> + +- Update to 1.17.9 + * https://nginx.org/en/CHANGES + * Now nginx does not allow several "Host" request header lines. + * nginx ignored additional "Transfer-Encoding" request header lines. + * Socket leak when using HTTP/2. + * A segmentation fault might occur in a worker process if OCSP + stapling was used. + * In the ngx_http_mp4_module. + * nginx used status code 494 instead of 400 if errors with code + 494 were redirected with the "error_page" directive. + * Socket leak when using subrequests in the njs module and the + "aio" directive. + +------------------------------------------------------------------- @@ -2161 +2176,0 @@ - Old: ---- nginx-1.17.8.tar.gz nginx-1.17.8.tar.gz.asc New: ---- nginx-1.17.9.tar.gz nginx-1.17.9.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ nginx.spec ++++++ --- /var/tmp/diff_new_pack.8z1u1u/_old 2020-03-06 21:26:31.073523048 +0100 +++ /var/tmp/diff_new_pack.8z1u1u/_new 2020-03-06 21:26:31.077523050 +0100 @@ -74,13 +74,13 @@ %endif # Name: nginx -Version: 1.17.8 +Version: 1.17.9 Release: 0 Summary: A HTTP server and IMAP/POP3 proxy server License: BSD-2-Clause Group: Productivity/Networking/Web/Proxy URL: https://nginx.org -Source0: https://nginx.org/download/nginx-%{version}.tar.gz +Source0: https://nginx.org/download/%{name}-%{version}.tar.gz Source1: nginx.init Source2: nginx.logrotate Source3: nginx.service @@ -89,7 +89,7 @@ Source6: https://github.com/yaoweibin/nginx_upstream_check_module/archive/v%{nginx_upstream_check_version}/%{nginx_upstream_check_module_path}.tar.gz Source7: https://github.com/arut/nginx-rtmp-module/archive/v%{nginx_rtmp_version}/%{nginx_rtmp_module_path}.tar.gz Source100: nginx.rpmlintrc -Source101: https://nginx.org/download/nginx-%{version}.tar.gz.asc +Source101: https://nginx.org/download/%{name}-%{version}.tar.gz.asc Source102: https://nginx.org/keys/mdounin.key#/%{name}.keyring # PATCH-FIX-UPSTREAM nginx-1.11.2-no_Werror.patch Patch0: nginx-1.11.2-no_Werror.patch @@ -260,7 +260,7 @@ %else --with-cc-opt="%{optflags}" %endif -make %{?_smp_mflags} +%make_build %install %make_install ++++++ nginx-1.17.8.tar.gz -> nginx-1.17.9.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.17.8/CHANGES new/nginx-1.17.9/CHANGES --- old/nginx-1.17.8/CHANGES 2020-01-21 14:39:46.000000000 +0100 +++ new/nginx-1.17.9/CHANGES 2020-03-03 16:04:25.000000000 +0100 @@ -1,4 +1,25 @@ +Changes with nginx 1.17.9 03 Mar 2020 + + *) Change: now nginx does not allow several "Host" request header lines. + + *) Bugfix: nginx ignored additional "Transfer-Encoding" request header + lines. + + *) Bugfix: socket leak when using HTTP/2. + + *) Bugfix: a segmentation fault might occur in a worker process if OCSP + stapling was used. + + *) Bugfix: in the ngx_http_mp4_module. + + *) Bugfix: nginx used status code 494 instead of 400 if errors with code + 494 were redirected with the "error_page" directive. + + *) Bugfix: socket leak when using subrequests in the njs module and the + "aio" directive. + + Changes with nginx 1.17.8 21 Jan 2020 *) Feature: variables support in the "grpc_pass" directive. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.17.8/CHANGES.ru new/nginx-1.17.9/CHANGES.ru --- old/nginx-1.17.8/CHANGES.ru 2020-01-21 14:39:45.000000000 +0100 +++ new/nginx-1.17.9/CHANGES.ru 2020-03-03 16:04:24.000000000 +0100 @@ -1,4 +1,26 @@ +Изменения в nginx 1.17.9 03.03.2020 + + *) Изменение: теперь nginx не разрешает несколько строк "Host" в + заголовке запроса. + + *) Исправление: nginx игнорировал дополнительные строки + "Transfer-Encoding" в заголовке запроса. + + *) Исправление: утечки сокетов при использовании HTTP/2. + + *) Исправление: в рабочем процессе мог произойти segmentation fault, + если использовался OCSP stapling. + + *) Исправление: в модуле ngx_http_mp4_module. + + *) Исправление: при перенаправлении ошибок с кодом 494 с помощью + директивы error_page nginx возвращал ответ с кодом 494 вместо 400. + + *) Исправление: утечки сокетов при использовании подзапросов в модуле + njs и директивы aio. + + Изменения в nginx 1.17.8 21.01.2020 *) Добавление: директива grpc_pass поддерживает переменные. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.17.8/src/core/nginx.h new/nginx-1.17.9/src/core/nginx.h --- old/nginx-1.17.8/src/core/nginx.h 2020-01-21 14:39:42.000000000 +0100 +++ new/nginx-1.17.9/src/core/nginx.h 2020-03-03 16:04:21.000000000 +0100 @@ -9,8 +9,8 @@ #define _NGINX_H_INCLUDED_ -#define nginx_version 1017008 -#define NGINX_VERSION "1.17.8" +#define nginx_version 1017009 +#define NGINX_VERSION "1.17.9" #define NGINX_VER "nginx/" NGINX_VERSION #ifdef NGX_BUILD diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.17.8/src/http/modules/ngx_http_mp4_module.c new/nginx-1.17.9/src/http/modules/ngx_http_mp4_module.c --- old/nginx-1.17.8/src/http/modules/ngx_http_mp4_module.c 2020-01-21 14:39:42.000000000 +0100 +++ new/nginx-1.17.9/src/http/modules/ngx_http_mp4_module.c 2020-03-03 16:04:21.000000000 +0100 @@ -3116,6 +3116,13 @@ "chunk samples sizes:%uL", trak->start_chunk_samples_size); + if (trak->start_chunk_samples_size > (uint64_t) mp4->end) { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "too large mp4 start samples size in \"%s\"", + mp4->file.name.data); + return NGX_ERROR; + } + if (mp4->length) { if (trak->end_sample - trak->start_sample > entries) { ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, @@ -3135,6 +3142,13 @@ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0, "mp4 stsz end_chunk_samples_size:%uL", trak->end_chunk_samples_size); + + if (trak->end_chunk_samples_size > (uint64_t) mp4->end) { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "too large mp4 end samples size in \"%s\"", + mp4->file.name.data); + return NGX_ERROR; + } } atom_size = sizeof(ngx_mp4_stsz_atom_t) + (data->last - data->pos); @@ -3226,6 +3240,7 @@ { size_t atom_size; uint32_t entries; + uint64_t chunk_offset, samples_size; ngx_buf_t *atom, *data; ngx_mp4_stco_atom_t *stco_atom; @@ -3256,8 +3271,19 @@ data->pos += trak->start_chunk * sizeof(uint32_t); - trak->start_offset = ngx_mp4_get_32value(data->pos); - trak->start_offset += trak->start_chunk_samples_size; + chunk_offset = ngx_mp4_get_32value(data->pos); + samples_size = trak->start_chunk_samples_size; + + if (chunk_offset > (uint64_t) mp4->end - samples_size + || chunk_offset + samples_size > NGX_MAX_UINT32_VALUE) + { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "too large chunk offset in \"%s\"", + mp4->file.name.data); + return NGX_ERROR; + } + + trak->start_offset = chunk_offset + samples_size; ngx_mp4_set_32value(data->pos, trak->start_offset); ngx_log_debug1(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0, @@ -3276,9 +3302,19 @@ data->last = data->pos + entries * sizeof(uint32_t); if (entries) { - trak->end_offset = - ngx_mp4_get_32value(data->last - sizeof(uint32_t)); - trak->end_offset += trak->end_chunk_samples_size; + chunk_offset = ngx_mp4_get_32value(data->last - sizeof(uint32_t)); + samples_size = trak->end_chunk_samples_size; + + if (chunk_offset > (uint64_t) mp4->end - samples_size + || chunk_offset + samples_size > NGX_MAX_UINT32_VALUE) + { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "too large chunk offset in \"%s\"", + mp4->file.name.data); + return NGX_ERROR; + } + + trak->end_offset = chunk_offset + samples_size; ngx_log_debug1(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0, "end chunk offset:%O", trak->end_offset); @@ -3409,7 +3445,7 @@ ngx_http_mp4_trak_t *trak) { size_t atom_size; - uint64_t entries; + uint64_t entries, chunk_offset, samples_size; ngx_buf_t *atom, *data; ngx_mp4_co64_atom_t *co64_atom; @@ -3440,8 +3476,17 @@ data->pos += trak->start_chunk * sizeof(uint64_t); - trak->start_offset = ngx_mp4_get_64value(data->pos); - trak->start_offset += trak->start_chunk_samples_size; + chunk_offset = ngx_mp4_get_64value(data->pos); + samples_size = trak->start_chunk_samples_size; + + if (chunk_offset > (uint64_t) mp4->end - samples_size) { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "too large chunk offset in \"%s\"", + mp4->file.name.data); + return NGX_ERROR; + } + + trak->start_offset = chunk_offset + samples_size; ngx_mp4_set_64value(data->pos, trak->start_offset); ngx_log_debug1(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0, @@ -3460,9 +3505,17 @@ data->last = data->pos + entries * sizeof(uint64_t); if (entries) { - trak->end_offset = - ngx_mp4_get_64value(data->last - sizeof(uint64_t)); - trak->end_offset += trak->end_chunk_samples_size; + chunk_offset = ngx_mp4_get_64value(data->last - sizeof(uint64_t)); + samples_size = trak->end_chunk_samples_size; + + if (chunk_offset > (uint64_t) mp4->end - samples_size) { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "too large chunk offset in \"%s\"", + mp4->file.name.data); + return NGX_ERROR; + } + + trak->end_offset = chunk_offset + samples_size; ngx_log_debug1(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0, "end chunk offset:%O", trak->end_offset); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.17.8/src/http/ngx_http_core_module.c new/nginx-1.17.9/src/http/ngx_http_core_module.c --- old/nginx-1.17.8/src/http/ngx_http_core_module.c 2020-01-21 14:39:42.000000000 +0100 +++ new/nginx-1.17.9/src/http/ngx_http_core_module.c 2020-03-03 16:04:21.000000000 +0100 @@ -2667,43 +2667,41 @@ u_char *xff, size_t xfflen, ngx_array_t *proxies, int recursive) { u_char *p; - ngx_int_t rc; ngx_addr_t paddr; + ngx_uint_t found; - if (ngx_cidr_match(addr->sockaddr, proxies) != NGX_OK) { - return NGX_DECLINED; - } + found = 0; - for (p = xff + xfflen - 1; p > xff; p--, xfflen--) { - if (*p != ' ' && *p != ',') { - break; - } - } + do { - for ( /* void */ ; p > xff; p--) { - if (*p == ' ' || *p == ',') { - p++; - break; + if (ngx_cidr_match(addr->sockaddr, proxies) != NGX_OK) { + return found ? NGX_DONE : NGX_DECLINED; } - } - if (ngx_parse_addr_port(r->pool, &paddr, p, xfflen - (p - xff)) != NGX_OK) { - return NGX_DECLINED; - } - - *addr = paddr; + for (p = xff + xfflen - 1; p > xff; p--, xfflen--) { + if (*p != ' ' && *p != ',') { + break; + } + } - if (recursive && p > xff) { - rc = ngx_http_get_forwarded_addr_internal(r, addr, xff, p - 1 - xff, - proxies, 1); + for ( /* void */ ; p > xff; p--) { + if (*p == ' ' || *p == ',') { + p++; + break; + } + } - if (rc == NGX_DECLINED) { - return NGX_DONE; + if (ngx_parse_addr_port(r->pool, &paddr, p, xfflen - (p - xff)) + != NGX_OK) + { + return found ? NGX_DONE : NGX_DECLINED; } - /* rc == NGX_OK || rc == NGX_DONE */ - return rc; - } + *addr = paddr; + found = 1; + xfflen = p - 1 - xff; + + } while (recursive && p > xff); return NGX_OK; } @@ -4689,6 +4687,7 @@ case NGX_HTTP_TO_HTTPS: case NGX_HTTPS_CERT_ERROR: case NGX_HTTPS_NO_CERT: + case NGX_HTTP_REQUEST_HEADER_TOO_LARGE: err->overwrite = NGX_HTTP_BAD_REQUEST; } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.17.8/src/http/ngx_http_request.c new/nginx-1.17.9/src/http/ngx_http_request.c --- old/nginx-1.17.8/src/http/ngx_http_request.c 2020-01-21 14:39:42.000000000 +0100 +++ new/nginx-1.17.9/src/http/ngx_http_request.c 2020-03-03 16:04:21.000000000 +0100 @@ -131,7 +131,7 @@ { ngx_string("Transfer-Encoding"), offsetof(ngx_http_headers_in_t, transfer_encoding), - ngx_http_process_header_line }, + ngx_http_process_unique_header_line }, { ngx_string("TE"), offsetof(ngx_http_headers_in_t, te), @@ -748,6 +748,8 @@ return; } + ngx_reusable_connection(c, 0); + rc = ngx_ssl_handshake(c); if (rc == NGX_AGAIN) { @@ -756,8 +758,6 @@ ngx_add_timer(rev, c->listening->post_accept_timeout); } - ngx_reusable_connection(c, 0); - c->ssl->handler = ngx_http_ssl_handshake_handler; return; } @@ -1755,10 +1755,18 @@ ngx_int_t rc; ngx_str_t host; - if (r->headers_in.host == NULL) { - r->headers_in.host = h; + if (r->headers_in.host) { + ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, + "client sent duplicate host header: \"%V: %V\", " + "previous value: \"%V: %V\"", + &h->key, &h->value, &r->headers_in.host->key, + &r->headers_in.host->value); + ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); + return NGX_ERROR; } + r->headers_in.host = h; + host = h->value; rc = ngx_http_validate_host(&host, r->pool, 0); @@ -1952,10 +1960,7 @@ r->headers_in.content_length_n = -1; r->headers_in.chunked = 1; - } else if (r->headers_in.transfer_encoding->value.len != 8 - || ngx_strncasecmp(r->headers_in.transfer_encoding->value.data, - (u_char *) "identity", 8) != 0) - { + } else { ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, "client sent unknown \"Transfer-Encoding\": \"%V\"", &r->headers_in.transfer_encoding->value); @@ -2483,26 +2488,6 @@ } if (r != r->main) { - clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); - - if (r->background) { - if (!r->logged) { - if (clcf->log_subrequest) { - ngx_http_log_request(r); - } - - r->logged = 1; - - } else { - ngx_log_error(NGX_LOG_ALERT, c->log, 0, - "subrequest: \"%V?%V\" logged again", - &r->uri, &r->args); - } - - r->done = 1; - ngx_http_finalize_connection(r); - return; - } if (r->buffered || r->postponed) { @@ -2515,11 +2500,12 @@ pr = r->parent; - if (r == c->data) { - - r->main->count--; + if (r == c->data || r->background) { if (!r->logged) { + + clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); + if (clcf->log_subrequest) { ngx_http_log_request(r); } @@ -2534,6 +2520,13 @@ r->done = 1; + if (r->background) { + ngx_http_finalize_connection(r); + return; + } + + r->main->count--; + if (pr->postponed && pr->postponed->request == r) { pr->postponed = pr->postponed->next; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.17.8/src/http/v2/ngx_http_v2.c new/nginx-1.17.9/src/http/v2/ngx_http_v2.c --- old/nginx-1.17.8/src/http/v2/ngx_http_v2.c 2020-01-21 14:39:42.000000000 +0100 +++ new/nginx-1.17.9/src/http/v2/ngx_http_v2.c 2020-03-03 16:04:21.000000000 +0100 @@ -1719,8 +1719,13 @@ ngx_http_v2_stream_t *stream; if (h2c->state.length) { - h2c->state.handler = ngx_http_v2_state_header_block; - return pos; + if (end - pos > 0) { + h2c->state.handler = ngx_http_v2_state_header_block; + return pos; + } + + return ngx_http_v2_state_headers_save(h2c, pos, end, + ngx_http_v2_state_header_block); } if (!(h2c->state.flags & NGX_HTTP_V2_END_HEADERS_FLAG)) {