nginx.git, branch release-1.9.7 nginx nginx-1.9.7-RELEASE 2015-11-17T14:50:56+00:00 Maxim Dounin mdounin@mdounin.ru 2015-11-17T14:50:56+00:00 da078ec22daa6079576cb72e6f507916929af235 






Realip: the $realip_remote_addr variable.
2015-11-16T13:02:02+00:00

Ruslan Ermilov
ru@nginx.com

2015-11-16T13:02:02+00:00

1ce16107637d98440c0bb336c6970b5ef23165fb












HTTP/2: reused HEADERS and CONTINUATION frames buffers.
2015-11-13T17:10:50+00:00

Valentin Bartenev
vbart@nginx.com

2015-11-13T17:10:50+00:00

a52bbefd84f718af15efc8176bc1ee6a461c4db4












HTTP/2: fixed handling of output HEADERS frames.
2015-11-13T17:10:50+00:00

Valentin Bartenev
vbart@nginx.com

2015-11-13T17:10:50+00:00

548e31f6084e2a90d0befcb5c8ff549466a111d3

The HEADERS frame is always represented by more than one buffer since
b930e598a199, but the handling code hasn't been adjusted.

Only the first buffer of HEADERS frame was checked and if it had been
sent while others had not, the rest of the frame was dropped, resulting
in broken connection.

Before b930e598a199, the problem could only be seen in case of HEADERS
frame with CONTINUATION.





The HEADERS frame is always represented by more than one buffer since
b930e598a199, but the handling code hasn't been adjusted.

Only the first buffer of HEADERS frame was checked and if it had been
sent while others had not, the rest of the frame was dropped, resulting
in broken connection.

Before b930e598a199, the problem could only be seen in case of HEADERS
frame with CONTINUATION.







HTTP/2: fixed invalid headers handling (ticket #831).
2015-11-13T17:10:50+00:00

Valentin Bartenev
vbart@nginx.com

2015-11-13T17:10:50+00:00

8323cd693b493be7372d4bbb0aed4dcb768b87b8

The r->invalid_header flag wasn't reset once an invalid header appeared in a
request, resulting in all subsequent headers in the request were also marked
as invalid.





The r->invalid_header flag wasn't reset once an invalid header appeared in a
request, resulting in all subsequent headers in the request were also marked
as invalid.







Upstream: proxy_cache_convert_head directive.
2015-11-11T12:47:30+00:00

Roman Arutyunyan
arut@nginx.com

2015-11-11T12:47:30+00:00

89a049be89a2d0507bf1e4558733934bf6597432

The directive toggles conversion of HEAD to GET for cacheable proxy requests.
When disabled, $request_method must be added to cache key for consistency.
By default, HEAD is converted to GET as before.





The directive toggles conversion of HEAD to GET for cacheable proxy requests.
When disabled, $request_method must be added to cache key for consistency.
By default, HEAD is converted to GET as before.







SSL: only select HTTP/2 using NPN if "http2" is enabled.
2015-11-05T12:01:09+00:00

Valentin Bartenev
vbart@nginx.com

2015-11-05T12:01:09+00:00

93aef089b44cf2a0bcb276eaa17ccea43024f5c2

OpenSSL doesn't check if the negotiated protocol has been announced.
As a result, the client might force using HTTP/2 even if it wasn't
enabled in configuration.





OpenSSL doesn't check if the negotiated protocol has been announced.
As a result, the client might force using HTTP/2 even if it wasn't
enabled in configuration.







HTTP/2: backed out 16905ecbb49e (ticket #822).
2015-11-05T12:01:01+00:00

Valentin Bartenev
vbart@nginx.com

2015-11-05T12:01:01+00:00

b22c0e0846be6ee21a93a4e7dc6a3cfad25b1758

It caused inconsistency between setting "in_closed" flag and the moment when
the last DATA frame was actually read.  As a result, the body buffer might not
be initialized properly in ngx_http_v2_init_request_body(), which led to a
segmentation fault in ngx_http_v2_state_read_data().  Also it might cause
start processing of incomplete body.

This issue could be triggered when the processing of a request was delayed,
e.g. in the limit_req or auth_request modules.





It caused inconsistency between setting "in_closed" flag and the moment when
the last DATA frame was actually read.  As a result, the body buffer might not
be initialized properly in ngx_http_v2_init_request_body(), which led to a
segmentation fault in ngx_http_v2_state_read_data().  Also it might cause
start processing of incomplete body.

This issue could be triggered when the processing of a request was delayed,
e.g. in the limit_req or auth_request modules.







Fixed ngx_parse_time() out of bounds access (ticket #821).
2015-10-30T18:43:30+00:00

Maxim Dounin
mdounin@mdounin.ru

2015-10-30T18:43:30+00:00

f9cce38e497577449f1a29017d177ca753491885

The code failed to ensure that "s" is within the buffer passed for
parsing when checking for "ms", and this resulted in unexpected errors when
parsing non-null-terminated strings with trailing "m".  The bug manifested
itself when the expires directive was used with variables.

Found by Roman Arutyunyan.





The code failed to ensure that "s" is within the buffer passed for
parsing when checking for "ms", and this resulted in unexpected errors when
parsing non-null-terminated strings with trailing "m".  The bug manifested
itself when the expires directive was used with variables.

Found by Roman Arutyunyan.







Syslog: added "nohostname" option.
2015-10-26T16:06:42+00:00

Vladimir Homutov
vl@nginx.com

2015-10-26T16:06:42+00:00

e7d298f3fc79785d22a1227b3c140529a6356fff

The option disables sending hostname in the syslog message header.  This is
useful with syslog daemons that do not expect it (tickets #677 and #783).





The option disables sending hostname in the syslog message header.  This is
useful with syslog daemons that do not expect it (tickets #677 and #783).