nginx.git, branch release-1.27.1

nginx-1.27.1-RELEASE

2024-08-12T14:20:52+00:00

Updated OpenSSL used for win32 builds.

2024-08-12T14:20:49+00:00

Mp4: rejecting unordered chunks in stsc atom.

2024-08-12T14:20:45+00:00

Unordered chunks could result in trak->end_chunk smaller than trak->start_chunk
in ngx_http_mp4_crop_stsc_data().  Later in ngx_http_mp4_update_stco_atom()
this caused buffer overread while trying to calculate trak->end_offset.

Mp4: fixed buffer underread while updating stsz atom.

2024-08-12T14:20:43+00:00

While cropping an stsc atom in ngx_http_mp4_crop_stsc_data(), a 32-bit integer
overflow could happen, which could result in incorrect seeking and a very large
value stored in "samples".  This resulted in a large invalid value of
trak->end_chunk_samples.  This value is further used to calculate the value of
trak->end_chunk_samples_size in ngx_http_mp4_update_stsz_atom().  While doing
this, a large invalid value of trak->end_chunk_samples could result in reading
memory before stsz atom start.  This could potentially result in a segfault.

Stream ssl_preread: do not reallocate a parsed SNI host.

2024-08-09T15:12:26+00:00

We own this memory from the session pool.

QUIC: zero out existing keying material only.

2024-08-09T15:12:26+00:00

Previously, this used to have extra ngx_explicit_memzero() calls
from within ngx_quic_keys_cleanup(), which might be suboptimal.

QUIC: discarding 0-RTT keys.

2024-08-09T15:12:25+00:00

For simplicity, this is done on successful decryption of a 1-RTT packet.

Typo fixed.

2024-08-09T15:12:23+00:00

Version bump.

2024-08-09T14:01:42+00:00

HTTP/2: close connections initialized during graceful shutdown.

2024-07-18T13:43:25+00:00

In some rare cases, graceful shutdown may happen while initializing an HTTP/2
connection.  Previously, such a connection ignored the shutdown and remained
active.  Now it is gracefully closed prior to processing any streams to
eliminate the shutdown delay.