nginx.git/src, branch release-1.3.13 nginx Proxy: fixed do_write handling in previous commit. 2013-02-18T15:08:46+00:00 Maxim Dounin mdounin@mdounin.ru 2013-02-18T15:08:46+00:00 82d48e1eba774747a72c997a4e22f068f95e6cc7 As rightfully complained by MSVC, do_write variable was used uninitialized. Correct fix is to set it's initial value based on event happened. 
As rightfully complained by MSVC, do_write variable was used uninitialized.
Correct fix is to set it's initial value based on event happened.
Proxy: support for connection upgrade (101 Switching Protocols). 2013-02-18T13:50:52+00:00 Maxim Dounin mdounin@mdounin.ru 2013-02-18T13:50:52+00:00 08a73b4aadebd9405ac52ec1f6eef5ca1fe8c11a This allows to proxy WebSockets by using configuration like this: location /chat/ { proxy_pass http://backend; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } Connection upgrade is allowed as long as it was requested by a client via the Upgrade request header. 
This allows to proxy WebSockets by using configuration like this:

    location /chat/ {
        proxy_pass http://backend;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

Connection upgrade is allowed as long as it was requested by a client
via the Upgrade request header.
Fixed false memset warning on Linux with -O3 (ticket #275). 2013-02-13T14:39:46+00:00 Maxim Dounin mdounin@mdounin.ru 2013-02-13T14:39:46+00:00 d2c9f4554f201bde00281d58d4de600a0e8877a1 Prodded by John Leach. 
Prodded by John Leach.
Added support for {SHA} passwords (ticket #50). 2013-02-07T12:09:56+00:00 Maxim Dounin mdounin@mdounin.ru 2013-02-07T12:09:56+00:00 a2b987e79f099e34ddc5206b2b7c85f7405e5b74 Note: use of {SHA} passwords is discouraged as {SHA} password scheme is vulnerable to attacks using rainbow tables. Use of {SSHA}, $apr1$ or crypt() algorithms as supported by OS is recommended instead. The {SHA} password scheme support is added to avoid the need of changing the scheme recorded in password files from {SHA} to {SSHA} because such a change hides security problem with {SHA} passwords. Patch by Louis Opter, with minor changes. 
Note: use of {SHA} passwords is discouraged as {SHA} password scheme is
vulnerable to attacks using rainbow tables.  Use of {SSHA}, $apr1$ or
crypt() algorithms as supported by OS is recommended instead.

The {SHA} password scheme support is added to avoid the need of changing
the scheme recorded in password files from {SHA} to {SSHA} because such
a change hides security problem with {SHA} passwords.

Patch by Louis Opter, with minor changes.
Version bump. 2013-02-07T12:09:09+00:00 Maxim Dounin mdounin@mdounin.ru 2013-02-07T12:09:09+00:00 6cb9bbe71cf0f3f4e31a5d768042ad3e5eb24199 






GeoIP: removed pseudo-support of "proxy" and "netspeed" databases.
2013-02-04T16:44:22+00:00

Ruslan Ermilov
ru@nginx.com

2013-02-04T16:44:22+00:00

75e5d13ec6b900ea01c044cb4147126bf237a5c9












FastCGI: proper handling of split fastcgi end request.
2013-02-01T14:41:50+00:00

Maxim Dounin
mdounin@mdounin.ru

2013-02-01T14:41:50+00:00

aad0a1dba6e05766005a60b893c53e52fb056795

If fastcgi end request record was split between several network packets,
with fastcgi_keep_conn it was possible that connection was saved in incorrect
state (e.g. with padding bytes not yet read).





If fastcgi end request record was split between several network packets,
with fastcgi_keep_conn it was possible that connection was saved in incorrect
state (e.g. with padding bytes not yet read).







FastCGI: unconditional state transitions.
2013-02-01T14:41:07+00:00

Maxim Dounin
mdounin@mdounin.ru

2013-02-01T14:41:07+00:00

e8efec0e5e154fc21ba3d1d8b08a94c2eba6e757

Checks for f->padding before state transitions make code hard to follow,
remove them and make sure we always do another loop iteration after
f->state is set to ngx_http_fastcgi_st_padding.





Checks for f->padding before state transitions make code hard to follow,
remove them and make sure we always do another loop iteration after
f->state is set to ngx_http_fastcgi_st_padding.







FastCGI: fixed wrong connection close with fastcgi_keep_conn.
2013-02-01T14:40:19+00:00

Maxim Dounin
mdounin@mdounin.ru

2013-02-01T14:40:19+00:00

1c5fce75186ae792b76d055223cd0a70ac7370b0

With fastcgi_keep_conn it was possible that connection was closed after
FCGI_STDERR record with zero padding and without any further data read yet.
This happended as f->state was set to ngx_http_fastcgi_st_padding and then
"break" happened, resulting in p->length being set to f->padding, i.e. 0
(which in turn resulted in connection close).

Fix is to make sure we continue the loop after f->state is set.





With fastcgi_keep_conn it was possible that connection was closed after
FCGI_STDERR record with zero padding and without any further data read yet.
This happended as f->state was set to ngx_http_fastcgi_st_padding and then
"break" happened, resulting in p->length being set to f->padding, i.e. 0
(which in turn resulted in connection close).

Fix is to make sure we continue the loop after f->state is set.







Request body: fixed client_body_in_file_only.
2013-02-01T14:38:18+00:00

Maxim Dounin
mdounin@mdounin.ru

2013-02-01T14:38:18+00:00

e97e4124e372d2db118d984988632d28f8966130

After introduction of chunked request body reading support in 1.3.9 (r4931),
the rb->bufs wasn't set if request body was fully preread while calling the
ngx_http_read_client_request_body() function.

Reported by Yichun Zhang (agentzh).





After introduction of chunked request body reading support in 1.3.9 (r4931),
the rb->bufs wasn't set if request body was fully preread while calling the
ngx_http_read_client_request_body() function.

Reported by Yichun Zhang (agentzh).