nginx.git/src, branch release-1.1.17 nginx Headers with null character are now rejected. 2012-03-15T11:27:57+00:00 Maxim Dounin mdounin@mdounin.ru 2012-03-15T11:27:57+00:00 d1ed97b18bc3a7115c060a688be415fdc078bb76 Headers with NUL character aren't allowed by HTTP standard and may cause various security problems. They are now unconditionally rejected. 
Headers with NUL character aren't allowed by HTTP standard and may cause
various security problems.  They are now unconditionally rejected.
Fixed incorrect ngx_cpystrn() usage in ngx_http_*_process_header(). 2012-03-15T11:27:12+00:00 Maxim Dounin mdounin@mdounin.ru 2012-03-15T11:27:12+00:00 eb526b7d7d9ee413b624a78373562183ececa738 This resulted in a disclosure of previously freed memory if upstream server returned specially crafted response, potentially exposing sensitive information. Reported by Matthew Daley. 
This resulted in a disclosure of previously freed memory if upstream
server returned specially crafted response, potentially exposing
sensitive information.

Reported by Matthew Daley.
Fixed ssi and perl interaction. 2012-03-15T11:23:07+00:00 Maxim Dounin mdounin@mdounin.ru 2012-03-15T11:23:07+00:00 030e235ec70868469cb6aaf01f25fc29d579e028 Embedded perl module assumes there is a space for terminating NUL character, make sure to provide it in all situations by allocating one extra byte for value buffer. Default ssi_value_length is reduced accordingly to preserve 256 byte allocations. While here, fixed another one byte value buffer overrun possible in ssi_quoted_symbol_state. Reported by Matthew Daley. 
Embedded perl module assumes there is a space for terminating NUL character,
make sure to provide it in all situations by allocating one extra byte for
value buffer.  Default ssi_value_length is reduced accordingly to
preserve 256 byte allocations.

While here, fixed another one byte value buffer overrun possible in
ssi_quoted_symbol_state.

Reported by Matthew Daley.
Uwsgi: merged r->http_version fixes from scgi module. 2012-03-15T11:21:54+00:00 Maxim Dounin mdounin@mdounin.ru 2012-03-15T11:21:54+00:00 205394e6f90c8aa2aac000e46d4b7a1eff5bbfd2 Fixed incorrect use of r->http_version (r4372). Removed duplicate function declaration (r4373). Removed error if there is no Status header (r4374). 
Fixed incorrect use of r->http_version (r4372).  Removed duplicate function
declaration (r4373).  Removed error if there is no Status header (r4374).
Whitespace fixes. 2012-03-05T18:09:06+00:00 Maxim Dounin mdounin@mdounin.ru 2012-03-05T18:09:06+00:00 ee187436afcaaeef4bb8bcb65b3f5f815920761e 






Version bump.
2012-03-05T18:06:15+00:00

Maxim Dounin
mdounin@mdounin.ru

2012-03-05T18:06:15+00:00

382499aa1f1c2114e7476b867fa1628c9a74ec95












Raised simultaneous subrequest limit from 50 to 200.
2012-02-28T14:54:23+00:00

Maxim Dounin
mdounin@mdounin.ru

2012-02-28T14:54:23+00:00

a95c85e78ae87fe165f73d27a706469320ceeb0a

It wasn't enforced for a long time, and there are reports that people
use up to 100 simultaneous subrequests now.  As this is a safety limit
to prevent loops, it's raised accordingly.





It wasn't enforced for a long time, and there are reports that people
use up to 100 simultaneous subrequests now.  As this is a safety limit
to prevent loops, it's raised accordingly.







Added msleep() on reload to allow new processes to start.
2012-02-28T11:40:18+00:00

Maxim Dounin
mdounin@mdounin.ru

2012-02-28T11:40:18+00:00

db402276e17e87042bf207dc97761fe791469577

This is expected to ensure smoother operation on reload (and with less
chance of listen queue overflows).

Prodded by Igor Sysoev.





This is expected to ensure smoother operation on reload (and with less
chance of listen queue overflows).

Prodded by Igor Sysoev.







Fixed spelling in single-line comments.
2012-02-28T11:31:05+00:00

Ruslan Ermilov
ru@nginx.com

2012-02-28T11:31:05+00:00

b74f8ffce4aa7a7090e19021854304570238edb1












Workaround for fs_size on ZFS (ticket #46).
2012-02-28T11:09:02+00:00

Maxim Dounin
mdounin@mdounin.ru

2012-02-28T11:09:02+00:00

c66a1e7a172e042e8a3822192e79853e2afac4e6

ZFS reports incorrect st_blocks until file settles on disk, and this
may take a while (i.e. just after creation of a file the st_blocks value
is incorrect).  As a workaround we now use st_blocks only if
st_blocks * 512 > st_size, this should fix ZFS problems while still
preserving accuracy for other filesystems.

The problem had appeared in r3900 (1.0.1).





ZFS reports incorrect st_blocks until file settles on disk, and this
may take a while (i.e. just after creation of a file the st_blocks value
is incorrect).  As a workaround we now use st_blocks only if
st_blocks * 512 > st_size, this should fix ZFS problems while still
preserving accuracy for other filesystems.

The problem had appeared in r3900 (1.0.1).