nginx.git, branch release-1.0.14

nginx-1.0.14-RELEASE

2012-03-15T11:50:53+00:00

Updated OpenSSL and PCRE used for win32 builds.

2012-03-15T11:46:29+00:00

Merge of r4530, r4531: null character fixes.

2012-03-15T11:41:43+00:00

*) Fixed incorrect ngx_cpystrn() usage in ngx_http_*_process_header().

   This resulted in a disclosure of previously freed memory if upstream
   server returned specially crafted response, potentially exposing
   sensitive information.

   Reported by Matthew Daley.

*) Headers with null character are now rejected.

   Headers with NUL character aren't allowed by HTTP standard and may cause
   various security problems.  They are now unconditionally rejected.

Version bump.

2012-03-15T11:37:11+00:00

release-1.0.13 tag

2012-03-05T15:20:15+00:00

nginx-1.0.13-RELEASE

2012-03-05T15:19:49+00:00

Merge of r4500: fixed spelling in single-line comments.

2012-03-05T13:26:40+00:00

Merge of r4499: workaround for fs_size on ZFS (ticket #46).

2012-03-05T13:20:40+00:00

ZFS reports incorrect st_blocks until file settles on disk, and this
may take a while (i.e. just after creation of a file the st_blocks value
is incorrect).  As a workaround we now use st_blocks only if
st_blocks * 512 > st_size, this should fix ZFS problems while still
preserving accuracy for other filesystems.

The problem had appeared in r3900 (1.0.1).

Merge of r4498:

2012-03-05T13:17:56+00:00

Fix of rbtree lookup on hash collisions.

Previous code incorrectly assumed that nodes with identical keys are linked
together.  This might not be true after tree rebalance.

Patch by Lanshun Zhou.

Merge of r4497:

2012-03-05T13:06:29+00:00

Fixed null pointer dereference in resolver (ticket #91).

The cycle->new_log.file may not be set before config parsing finished if
there are no error_log directive defined at global level.  Fix is to
copy it after config parsing.

Patch by Roman Arutyunyan.