# HG changeset patch # User Igor Sysoev # Date 1264982400 0 # Node ID 7fa8dc2315bd08cb5329d94763ea7475d8c4d46d # Parent 1763c9f309208b751da8884b46c27660426c6ff2 nginx 0.8.33 *) Security: now nginx/Windows ignores trailing spaces in URI. Thanks to Dan Crowley, Core Security Technologies. *) Security: now nginx/Windows ignores short files names. Thanks to Dan Crowley, Core Security Technologies. *) Change: now keepalive connections after POST requests are not disabled for MSIE 7.0+. Thanks to Adam Lounds. *) Workaround: now keepalive connections are disabled for Safari. Thanks to Joshua Sierles. *) Bugfix: if a proxied or FastCGI request was internally redirected to another proxied or FastCGI location, then $upstream_response_time variable may have abnormally large value; the bug had appeared in 0.8.7. *) Bugfix: a segmentation fault might occur in a worker process, while discarding a request body; the bug had appeared in 0.8.11. diff --git a/CHANGES b/CHANGES --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,27 @@ +Changes with nginx 0.8.33 01 Feb 2010 + + *) Security: now nginx/Windows ignores trailing spaces in URI. + Thanks to Dan Crowley, Core Security Technologies. + + *) Security: now nginx/Windows ignores short files names. + Thanks to Dan Crowley, Core Security Technologies. + + *) Change: now keepalive connections after POST requests are not + disabled for MSIE 7.0+. Thanks to Adam Lounds. + + *) Workaround: now keepalive connections are disabled for Safari. + Thanks to Joshua Sierles. + + *) Bugfix: if a proxied or FastCGI request was internally redirected to + another proxied or FastCGI location, then $upstream_response_time + variable may have abnormally large value; the bug had appeared in + 0.8.7. + + *) Bugfix: a segmentation fault might occur in a worker process, while + discarding a request body; the bug had appeared in 0.8.11. + + Changes with nginx 0.8.32 11 Jan 2010 *) Bugfix: UTF-8 encoding usage in the ngx_http_autoindex_module. @@ -12,11 +35,11 @@ Changes with nginx 0.8.32 directive. Thanks to Maxim Dounin. - *) Bugfix: nginx did nor support chunked transfer encoding for 201 + *) Bugfix: nginx did not support chunked transfer encoding for 201 responses. Thanks to Julian Reich. - *) Bugfix: if the "expires modified" set date in the past, the a + *) Bugfix: if the "expires modified" set date in the past, then a negative number was set in the "Cache-Control" response header line. Thanks to Alex Kapranoff. diff --git a/CHANGES.ru b/CHANGES.ru --- a/CHANGES.ru +++ b/CHANGES.ru @@ -1,4 +1,29 @@ +Изменения в nginx 0.8.33 01.02.2010 + + *) Безопасность: теперь nginx/Windows игнорирует пробелы в конце + URI. + Спасибо Dan Crowley, Core Security Technologies. + + *) Безопасность: теперь nginx/Windows игнорирует короткие имена + файлов. + Спасибо Dan Crowley, Core Security Technologies. + + *) Изменение: теперь keepalive соединения после запросов POST не + запрещаются для MSIE 7.0+. Спасибо Adam Lounds. + + *) Изменение: теперь keepalive соединения запрещены для Safari. Спасибо + Joshua Sierles. + + *) Исправление: если проксированный или FastCGI запрос внутренне + перенаправлялся в другой проксированный или FastCGI location, то + переменная $upstream_response_time могла иметь ненормально большое + значение; ошибка появилась в 0.8.7. + + *) Исправление: в рабочем процессе мог произойти segmentation fault при + отбрасывания тела запроса; ошибка появилась в 0.8.11. + + Изменения в nginx 0.8.32 11.01.2010 *) Исправление: ошибки при использовании кодировки UTF-8 в diff --git a/src/core/nginx.h b/src/core/nginx.h --- a/src/core/nginx.h +++ b/src/core/nginx.h @@ -8,8 +8,8 @@ #define _NGINX_H_INCLUDED_ -#define nginx_version 8032 -#define NGINX_VERSION "0.8.32" +#define nginx_version 8033 +#define NGINX_VERSION "0.8.33" #define NGINX_VER "nginx/" NGINX_VERSION #define NGINX_VAR "NGINX" diff --git a/src/http/modules/perl/nginx.pm b/src/http/modules/perl/nginx.pm --- a/src/http/modules/perl/nginx.pm +++ b/src/http/modules/perl/nginx.pm @@ -47,7 +47,7 @@ our @EXPORT = qw( HTTP_INSUFFICIENT_STORAGE ); -our $VERSION = '0.8.32'; +our $VERSION = '0.8.33'; require XSLoader; XSLoader::load('nginx', $VERSION); diff --git a/src/http/ngx_http_core_module.c b/src/http/ngx_http_core_module.c --- a/src/http/ngx_http_core_module.c +++ b/src/http/ngx_http_core_module.c @@ -783,14 +783,24 @@ ngx_http_handler(ngx_http_request_t *r) break; } - if (r->keepalive && r->headers_in.msie && r->method == NGX_HTTP_POST) { - - /* - * MSIE may wait for some time if an response for - * a POST request was sent over a keepalive connection - */ - - r->keepalive = 0; + if (r->keepalive) { + + if (r->headers_in.msie6) { + if (r->method == NGX_HTTP_POST) { + /* + * MSIE may wait for some time if an response for + * a POST request was sent over a keepalive connection + */ + r->keepalive = 0; + } + + } else if (r->headers_in.safari) { + /* + * Safari may send a POST request to a closed keepalive + * connection and stalls for some time + */ + r->keepalive = 0; + } } if (r->headers_in.content_length_n > 0) { diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c --- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -788,9 +788,11 @@ ngx_http_process_request_line(ngx_event_ p = r->uri.data + r->uri.len - 1; - if (*p == '.') { - - while (--p > r->uri.data && *p == '.') { /* void */ } + if (*p == '.' || *p == ' ') { + + while (--p > r->uri.data && (*p == '.' || *p == ' ')) { + /* void */ + } r->uri.len = p + 1 - r->uri.data; @@ -1448,6 +1450,9 @@ ngx_http_process_user_agent(ngx_http_req } else if (ngx_strstrn(user_agent, "Chrome/", 7 - 1)) { r->headers_in.chrome = 1; + } else if (ngx_strstrn(user_agent, "Safari/", 7 - 1)) { + r->headers_in.safari = 1; + } else if (ngx_strstrn(user_agent, "Konqueror", 9 - 1)) { r->headers_in.konqueror = 1; } @@ -1997,6 +2002,7 @@ ngx_http_finalize_request(ngx_http_reque } r->done = 1; + r->write_event_handler = ngx_http_request_empty_handler; if (!r->post_action) { r->request_complete = 1; diff --git a/src/http/ngx_http_request.h b/src/http/ngx_http_request.h --- a/src/http/ngx_http_request.h +++ b/src/http/ngx_http_request.h @@ -220,6 +220,7 @@ typedef struct { unsigned opera:1; unsigned gecko:1; unsigned chrome:1; + unsigned safari:1; unsigned konqueror:1; } ngx_http_headers_in_t; diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c --- a/src/http/ngx_http_upstream.c +++ b/src/http/ngx_http_upstream.c @@ -366,6 +366,7 @@ ngx_http_upstream_create(ngx_http_reques r->main->count++; ngx_http_upstream_cleanup(r); *u->cleanup = NULL; + u->cleanup = NULL; } u = ngx_pcalloc(r->pool, sizeof(ngx_http_upstream_t)); @@ -2856,6 +2857,7 @@ ngx_http_upstream_finalize_request(ngx_h if (u->cleanup) { *u->cleanup = NULL; + u->cleanup = NULL; } if (u->resolved && u->resolved->ctx) {