mirror of
https://github.com/openresty/openresty.git
synced 2024-10-13 00:29:41 +00:00
Compare commits
15 Commits
bump-1.21.
...
v1.21.4.3
| Author | SHA1 | Date | |
|---|---|---|---|
| 5099de1c42 | |||
| f07cb6a7f0 | |||
| cd976f9286 | |||
| dfbc003724 | |||
| a1730aba13 | |||
| 055e86bff2 | |||
| f8e47102b7 | |||
| 0d32bd9bdb | |||
| 9fcf59d7b2 | |||
| 3c838ca999 | |||
| 222b48ab61 | |||
| 3e4114a5f6 | |||
| 7a923b387d | |||
| d5c5ccbad2 | |||
| 21eb0377ac |
15
.travis.yml
15
.travis.yml
@ -12,7 +12,6 @@ addons:
|
||||
packages:
|
||||
- axel
|
||||
- dos2unix
|
||||
- cpanminus
|
||||
- libgd-dev
|
||||
|
||||
_linux-s390x: &linux-s390x
|
||||
@ -26,14 +25,15 @@ _linux-s390x: &linux-s390x
|
||||
packages:
|
||||
- axel
|
||||
- dos2unix
|
||||
- cpanminus
|
||||
- libgd-dev
|
||||
- libpcre3
|
||||
- libpcre3-dev
|
||||
- mercurial
|
||||
- libpq-dev
|
||||
before_install:
|
||||
- sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1
|
||||
install:
|
||||
- sudo cpanm --notest Test::Nginx IPC::Run3 > build.log 2>&1 || (cat build.log && exit 1)
|
||||
- cpanm --sudo --notest Test::Nginx IPC::Run3 > build.log 2>&1 || (cat build.log && exit 1)
|
||||
- if [ ! -f download-cache/openssl-$OPENSSL_VER.tar.gz ]; then wget -P download-cache https://www.openssl.org/source/openssl-$OPENSSL_VER.tar.gz || wget -P download-cache https://www.openssl.org/source/old/${OPENSSL_VER//[a-z]/}/openssl-$OPENSSL_VER.tar.gz; fi
|
||||
- tar zxf download-cache/openssl-$OPENSSL_VER.tar.gz
|
||||
- cd openssl-$OPENSSL_VER/
|
||||
@ -66,14 +66,13 @@ _linux-ppc64le: &linux-ppc64le
|
||||
packages:
|
||||
- axel
|
||||
- dos2unix
|
||||
- cpanminus
|
||||
- libgd-dev
|
||||
- libpcre3
|
||||
- libpcre3-dev
|
||||
- mercurial
|
||||
- libpq-dev
|
||||
install:
|
||||
- sudo cpanm --notest Test::Nginx IPC::Run3 > build.log 2>&1 || (cat build.log && exit 1)
|
||||
- cpanm --sudo --notest Test::Nginx IPC::Run3 > build.log 2>&1 || (cat build.log && exit 1)
|
||||
- if [ ! -f download-cache/openssl-$OPENSSL_VER.tar.gz ]; then wget -P download-cache https://www.openssl.org/source/openssl-$OPENSSL_VER.tar.gz || wget -P download-cache https://www.openssl.org/source/old/${OPENSSL_VER//[a-z]/}/openssl-$OPENSSL_VER.tar.gz; fi
|
||||
- tar zxf download-cache/openssl-$OPENSSL_VER.tar.gz
|
||||
- cd openssl-$OPENSSL_VER/
|
||||
@ -111,7 +110,7 @@ env:
|
||||
- OPENRESTY_PREFIX=/opt/openresty
|
||||
jobs:
|
||||
- OPENSSL_VER=1.1.0l OPENSSL_PATCH_VER=1.1.0d
|
||||
- OPENSSL_VER=1.1.1p OPENSSL_PATCH_VER=1.1.1f
|
||||
- OPENSSL_VER=1.1.1s OPENSSL_PATCH_VER=1.1.1f
|
||||
|
||||
jobs:
|
||||
include:
|
||||
@ -120,10 +119,10 @@ jobs:
|
||||
- <<: *linux-s390x
|
||||
env: OPENSSL_VER=1.1.1l OPENSSL_PATCH_VER=1.1.1f
|
||||
- <<: *linux-ppc64le
|
||||
env: OPENSSL_VER=1.1.1p OPENSSL_PATCH_VER=1.1.1f
|
||||
env: OPENSSL_VER=1.1.1s OPENSSL_PATCH_VER=1.1.1f
|
||||
|
||||
install:
|
||||
- sudo cpanm --notest Test::Nginx IPC::Run3 > build.log 2>&1 || (cat build.log && exit 1)
|
||||
- cpanm --sudo --notest Test::Nginx IPC::Run3 > build.log 2>&1 || (cat build.log && exit 1)
|
||||
- if [ ! -f download-cache/pcre-$PCRE_VER.tar.gz ]; then wget -P download-cache https://downloads.sourceforge.net/project/pcre/pcre/${PCRE_VER}/pcre-${PCRE_VER}.tar.gz; fi
|
||||
- if [ ! -f download-cache/openssl-$OPENSSL_VER.tar.gz ]; then wget -P download-cache https://www.openssl.org/source/openssl-$OPENSSL_VER.tar.gz || wget -P download-cache https://www.openssl.org/source/old/${OPENSSL_VER//[a-z]/}/openssl-$OPENSSL_VER.tar.gz; fi
|
||||
- tar zxf download-cache/pcre-$PCRE_VER.tar.gz
|
||||
|
||||
175
html/50x.html
175
html/50x.html
File diff suppressed because one or more lines are too long
179
html/index.html
179
html/index.html
File diff suppressed because one or more lines are too long
51
patches/patch.2023.h2.txt
Normal file
51
patches/patch.2023.h2.txt
Normal file
@ -0,0 +1,51 @@
|
||||
diff --git a/src/http/v2/ngx_http_v2.c b/src/http/v2/ngx_http_v2.c
|
||||
--- a/src/http/v2/ngx_http_v2.c
|
||||
+++ b/src/http/v2/ngx_http_v2.c
|
||||
@@ -347,6 +347,7 @@ ngx_http_v2_read_handler(ngx_event_t *re
|
||||
ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0, "http2 read handler");
|
||||
|
||||
h2c->blocked = 1;
|
||||
+ h2c->new_streams = 0;
|
||||
|
||||
if (c->close) {
|
||||
c->close = 0;
|
||||
@@ -1284,6 +1285,14 @@ ngx_http_v2_state_headers(ngx_http_v2_co
|
||||
goto rst_stream;
|
||||
}
|
||||
|
||||
+ if (h2c->new_streams++ >= 2 * h2scf->concurrent_streams) {
|
||||
+ ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0,
|
||||
+ "client sent too many streams at once");
|
||||
+
|
||||
+ status = NGX_HTTP_V2_REFUSED_STREAM;
|
||||
+ goto rst_stream;
|
||||
+ }
|
||||
+
|
||||
if (!h2c->settings_ack
|
||||
&& !(h2c->state.flags & NGX_HTTP_V2_END_STREAM_FLAG)
|
||||
&& h2scf->preread_size < NGX_HTTP_V2_DEFAULT_WINDOW)
|
||||
@@ -1349,6 +1358,12 @@ ngx_http_v2_state_headers(ngx_http_v2_co
|
||||
|
||||
rst_stream:
|
||||
|
||||
+ if (h2c->refused_streams++ > ngx_max(h2scf->concurrent_streams, 100)) {
|
||||
+ ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0,
|
||||
+ "client sent too many refused streams");
|
||||
+ return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_NO_ERROR);
|
||||
+ }
|
||||
+
|
||||
if (ngx_http_v2_send_rst_stream(h2c, h2c->state.sid, status) != NGX_OK) {
|
||||
return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_INTERNAL_ERROR);
|
||||
}
|
||||
diff --git a/src/http/v2/ngx_http_v2.h b/src/http/v2/ngx_http_v2.h
|
||||
--- a/src/http/v2/ngx_http_v2.h
|
||||
+++ b/src/http/v2/ngx_http_v2.h
|
||||
@@ -131,6 +131,8 @@ struct ngx_http_v2_connection_s {
|
||||
ngx_uint_t processing;
|
||||
ngx_uint_t frames;
|
||||
ngx_uint_t idle;
|
||||
+ ngx_uint_t new_streams;
|
||||
+ ngx_uint_t refused_streams;
|
||||
ngx_uint_t priority_limit;
|
||||
|
||||
size_t send_window;
|
||||
1390
t/000-sanity.t
1390
t/000-sanity.t
File diff suppressed because it is too large
Load Diff
@ -1,8 +1,8 @@
|
||||
#!/bin/bash
|
||||
|
||||
PCRE=pcre-8.44
|
||||
ZLIB=zlib-1.2.12
|
||||
OPENSSL=openssl-1.1.1p
|
||||
PCRE=pcre-8.45
|
||||
ZLIB=zlib-1.2.13
|
||||
OPENSSL=openssl-1.1.1t
|
||||
JOBS=12
|
||||
|
||||
# wget https://www.openssl.org/source/openssl-1.1.1p.tar.gz
|
||||
|
||||
@ -86,7 +86,7 @@ sh "sudo $make install";
|
||||
sh "sudo cp /tmp/nginx.conf $prefix/nginx/conf/nginx.conf";
|
||||
sh "$prefix/nginx/sbin/nginx -V 2>&1 |grep $ver";
|
||||
sh "$prefix/nginx/sbin/nginx -V 2>&1 |grep -v 'stream_proxy'";
|
||||
system "sudo killall nginx > /dev/null 2>&1";
|
||||
#system "sudo killall nginx > /dev/null 2>&1";
|
||||
sh "sudo $prefix/nginx/sbin/nginx";
|
||||
sh "curl -si localhost/lua|grep $lua";
|
||||
sh "curl -si localhost/lua|grep $ver";
|
||||
|
||||
@ -503,6 +503,16 @@ if [ "$answer" = "Y" ]; then
|
||||
fi
|
||||
fi
|
||||
|
||||
answer=`$root/util/ver-ge "$main_ver" 1.9.5`
|
||||
if [ "$answer" = "Y" ]; then
|
||||
answer=`$root/util/ver-ge "$main_ver" 1.25.2`
|
||||
if [ "$answer" = "N" ]; then
|
||||
echo "$info_txt applying the patch for nginx security advisory (CVE-2023-44487)"
|
||||
patch -p1 < $root/patches/patch.2023.h2.txt || exit 1
|
||||
echo
|
||||
fi
|
||||
fi
|
||||
|
||||
echo "$info_txt applying the upstream_timeout_fields patch for nginx"
|
||||
patch -p1 < $root/patches/nginx-$main_ver-upstream_timeout_fields.patch || exit 1
|
||||
echo
|
||||
@ -589,7 +599,7 @@ mv openresty-drizzle-nginx-module-* drizzle-nginx-module-$ver || exit 1
|
||||
|
||||
#################################
|
||||
|
||||
ver=0.10.23rc1
|
||||
ver=0.10.25
|
||||
$root/util/get-tarball "https://github.com/openresty/lua-nginx-module/archive/v$ver.tar.gz" -O lua-nginx-module-$ver.tar.gz || exit 1
|
||||
tar -xzf lua-nginx-module-$ver.tar.gz || exit 1
|
||||
mv lua-nginx-module-$ver ngx_lua-$ver || exit 1
|
||||
@ -603,7 +613,7 @@ mv openresty-lua-upstream-nginx-module-* ngx_lua_upstream-$ver || exit 1
|
||||
|
||||
#################################
|
||||
|
||||
ver=0.0.12rc1
|
||||
ver=0.0.13
|
||||
$root/util/get-tarball "https://github.com/openresty/stream-lua-nginx-module/tarball/v$ver" -O stream-lua-nginx-module-$ver.tar.gz || exit 1
|
||||
tar -xzf stream-lua-nginx-module-$ver.tar.gz || exit 1
|
||||
mv openresty-stream-lua-nginx-module-* ngx_stream_lua-$ver || exit 1
|
||||
@ -624,7 +634,7 @@ mv openresty-memc-nginx-module-* memc-nginx-module-$ver || exit 1
|
||||
|
||||
#################################
|
||||
|
||||
ver=0.33rc1
|
||||
ver=0.33
|
||||
$root/util/get-tarball "https://github.com/openresty/srcache-nginx-module/tarball/v$ver" -O srcache-nginx-module-$ver.tar.gz || exit 1
|
||||
tar -xzf srcache-nginx-module-$ver.tar.gz || exit 1
|
||||
mv openresty-srcache-nginx-module-* srcache-nginx-module-$ver || exit 1
|
||||
@ -714,7 +724,7 @@ mv openresty-opm-* opm-$ver || exit 1
|
||||
|
||||
#################################
|
||||
|
||||
ver=2.1-20230119
|
||||
ver=2.1-20230410
|
||||
$root/util/get-tarball "https://github.com/openresty/luajit2/archive/v$ver.tar.gz" -O "LuaJIT-$ver.tar.gz" || exit 1
|
||||
tar -xzf LuaJIT-$ver.tar.gz || exit 1
|
||||
mv luajit2-* LuaJIT-$ver || exit 1
|
||||
@ -761,7 +771,7 @@ cd ..
|
||||
|
||||
#################################
|
||||
|
||||
ver=0.17rc1
|
||||
ver=0.17
|
||||
$root/util/get-tarball "https://github.com/openresty/lua-resty-memcached/tarball/v$ver" -O "lua-resty-memcached-$ver.tar.gz" || exit 1
|
||||
tar -xzf lua-resty-memcached-$ver.tar.gz || exit 1
|
||||
mv openresty-lua-resty-memcached-* lua-resty-memcached-$ver || exit 1
|
||||
@ -779,7 +789,7 @@ mv openresty-lua-resty-redis-* lua-resty-redis-$ver || exit 1
|
||||
|
||||
#################################
|
||||
|
||||
ver=0.26rc1
|
||||
ver=0.26
|
||||
$root/util/get-tarball "https://github.com/openresty/lua-resty-mysql/tarball/v$ver" -O "lua-resty-mysql-$ver.tar.gz" || exit 1
|
||||
tar -xzf lua-resty-mysql-$ver.tar.gz || exit 1
|
||||
mv openresty-lua-resty-mysql-* lua-resty-mysql-$ver || exit 1
|
||||
@ -801,7 +811,7 @@ cd ..
|
||||
|
||||
#################################
|
||||
|
||||
ver=0.11rc1
|
||||
ver=0.11
|
||||
$root/util/get-tarball "https://github.com/openresty/lua-resty-upload/tarball/v$ver" -O "lua-resty-upload-$ver.tar.gz" || exit 1
|
||||
tar -xzf lua-resty-upload-$ver.tar.gz || exit 1
|
||||
mv openresty-lua-resty-upload-* lua-resty-upload-$ver || exit 1
|
||||
@ -823,7 +833,7 @@ cd ..
|
||||
|
||||
#################################
|
||||
|
||||
ver=0.10rc1
|
||||
ver=0.10
|
||||
$root/util/get-tarball "https://github.com/openresty/lua-resty-websocket/tarball/v$ver" -O "lua-resty-websocket-$ver.tar.gz" || exit 1
|
||||
tar -xzf lua-resty-websocket-$ver.tar.gz || exit 1
|
||||
mv openresty-lua-resty-websocket-* lua-resty-websocket-$ver || exit 1
|
||||
@ -856,14 +866,14 @@ cd ..
|
||||
|
||||
#################################
|
||||
|
||||
ver=0.1.25rc1
|
||||
ver=0.1.27
|
||||
$root/util/get-tarball "https://github.com/openresty/lua-resty-core/tarball/v$ver" -O "lua-resty-core-$ver.tar.gz" || exit 1
|
||||
tar -xzf lua-resty-core-$ver.tar.gz || exit 1
|
||||
mv openresty-lua-resty-core-* lua-resty-core-$ver || exit 1
|
||||
|
||||
#################################
|
||||
|
||||
ver=0.07
|
||||
ver=0.08
|
||||
$root/util/get-tarball "https://github.com/openresty/lua-resty-upstream-healthcheck/tarball/v$ver" -O "lua-resty-upstream-healthcheck-$ver.tar.gz" || exit 1
|
||||
tar -xzf lua-resty-upstream-healthcheck-$ver.tar.gz || exit 1
|
||||
mv openresty-lua-resty-upstream-healthcheck-* lua-resty-upstream-healthcheck-$ver || exit 1
|
||||
|
||||
Reference in New Issue
Block a user