mirror of
https://github.com/openresty/openresty.git
synced 2024-10-13 00:29:41 +00:00
Compare commits
37 Commits
e7e21f9b40
...
v1.21.4.3
| Author | SHA1 | Date | |
|---|---|---|---|
| 5099de1c42 | |||
| f07cb6a7f0 | |||
| cd976f9286 | |||
| dfbc003724 | |||
| a1730aba13 | |||
| 055e86bff2 | |||
| f8e47102b7 | |||
| 0d32bd9bdb | |||
| 9fcf59d7b2 | |||
| 3c838ca999 | |||
| 222b48ab61 | |||
| 3e4114a5f6 | |||
| 7a923b387d | |||
| d5c5ccbad2 | |||
| 21eb0377ac | |||
| 4e6a67922c | |||
| 6b8e60f250 | |||
| 9c7427f75f | |||
| 95f7d3297f | |||
| b14716be04 | |||
| acfb47448b | |||
| 0eae2a784b | |||
| 05362687c2 | |||
| 965ccfb230 | |||
| 56acc7b9c2 | |||
| f5eaffb12a | |||
| 86267fc022 | |||
| 90363486a5 | |||
| eaa41a295a | |||
| adae554762 | |||
| 691cddfe90 | |||
| 3b626720b2 | |||
| 42e8796c67 | |||
| 7043c6b9b7 | |||
| 3aec27a4e8 | |||
| d1846b1c9d | |||
| 369f93ccbd |
15
.travis.yml
15
.travis.yml
@ -12,7 +12,6 @@ addons:
|
||||
packages:
|
||||
- axel
|
||||
- dos2unix
|
||||
- cpanminus
|
||||
- libgd-dev
|
||||
|
||||
_linux-s390x: &linux-s390x
|
||||
@ -26,14 +25,15 @@ _linux-s390x: &linux-s390x
|
||||
packages:
|
||||
- axel
|
||||
- dos2unix
|
||||
- cpanminus
|
||||
- libgd-dev
|
||||
- libpcre3
|
||||
- libpcre3-dev
|
||||
- mercurial
|
||||
- libpq-dev
|
||||
before_install:
|
||||
- sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1
|
||||
install:
|
||||
- sudo cpanm --notest Test::Nginx IPC::Run3 > build.log 2>&1 || (cat build.log && exit 1)
|
||||
- cpanm --sudo --notest Test::Nginx IPC::Run3 > build.log 2>&1 || (cat build.log && exit 1)
|
||||
- if [ ! -f download-cache/openssl-$OPENSSL_VER.tar.gz ]; then wget -P download-cache https://www.openssl.org/source/openssl-$OPENSSL_VER.tar.gz || wget -P download-cache https://www.openssl.org/source/old/${OPENSSL_VER//[a-z]/}/openssl-$OPENSSL_VER.tar.gz; fi
|
||||
- tar zxf download-cache/openssl-$OPENSSL_VER.tar.gz
|
||||
- cd openssl-$OPENSSL_VER/
|
||||
@ -66,14 +66,13 @@ _linux-ppc64le: &linux-ppc64le
|
||||
packages:
|
||||
- axel
|
||||
- dos2unix
|
||||
- cpanminus
|
||||
- libgd-dev
|
||||
- libpcre3
|
||||
- libpcre3-dev
|
||||
- mercurial
|
||||
- libpq-dev
|
||||
install:
|
||||
- sudo cpanm --notest Test::Nginx IPC::Run3 > build.log 2>&1 || (cat build.log && exit 1)
|
||||
- cpanm --sudo --notest Test::Nginx IPC::Run3 > build.log 2>&1 || (cat build.log && exit 1)
|
||||
- if [ ! -f download-cache/openssl-$OPENSSL_VER.tar.gz ]; then wget -P download-cache https://www.openssl.org/source/openssl-$OPENSSL_VER.tar.gz || wget -P download-cache https://www.openssl.org/source/old/${OPENSSL_VER//[a-z]/}/openssl-$OPENSSL_VER.tar.gz; fi
|
||||
- tar zxf download-cache/openssl-$OPENSSL_VER.tar.gz
|
||||
- cd openssl-$OPENSSL_VER/
|
||||
@ -111,7 +110,7 @@ env:
|
||||
- OPENRESTY_PREFIX=/opt/openresty
|
||||
jobs:
|
||||
- OPENSSL_VER=1.1.0l OPENSSL_PATCH_VER=1.1.0d
|
||||
- OPENSSL_VER=1.1.1p OPENSSL_PATCH_VER=1.1.1f
|
||||
- OPENSSL_VER=1.1.1s OPENSSL_PATCH_VER=1.1.1f
|
||||
|
||||
jobs:
|
||||
include:
|
||||
@ -120,10 +119,10 @@ jobs:
|
||||
- <<: *linux-s390x
|
||||
env: OPENSSL_VER=1.1.1l OPENSSL_PATCH_VER=1.1.1f
|
||||
- <<: *linux-ppc64le
|
||||
env: OPENSSL_VER=1.1.1p OPENSSL_PATCH_VER=1.1.1f
|
||||
env: OPENSSL_VER=1.1.1s OPENSSL_PATCH_VER=1.1.1f
|
||||
|
||||
install:
|
||||
- sudo cpanm --notest Test::Nginx IPC::Run3 > build.log 2>&1 || (cat build.log && exit 1)
|
||||
- cpanm --sudo --notest Test::Nginx IPC::Run3 > build.log 2>&1 || (cat build.log && exit 1)
|
||||
- if [ ! -f download-cache/pcre-$PCRE_VER.tar.gz ]; then wget -P download-cache https://downloads.sourceforge.net/project/pcre/pcre/${PCRE_VER}/pcre-${PCRE_VER}.tar.gz; fi
|
||||
- if [ ! -f download-cache/openssl-$OPENSSL_VER.tar.gz ]; then wget -P download-cache https://www.openssl.org/source/openssl-$OPENSSL_VER.tar.gz || wget -P download-cache https://www.openssl.org/source/old/${OPENSSL_VER//[a-z]/}/openssl-$OPENSSL_VER.tar.gz; fi
|
||||
- tar zxf download-cache/pcre-$PCRE_VER.tar.gz
|
||||
|
||||
175
html/50x.html
175
html/50x.html
File diff suppressed because one or more lines are too long
179
html/index.html
179
html/index.html
File diff suppressed because one or more lines are too long
51
patches/patch.2023.h2.txt
Normal file
51
patches/patch.2023.h2.txt
Normal file
@ -0,0 +1,51 @@
|
||||
diff --git a/src/http/v2/ngx_http_v2.c b/src/http/v2/ngx_http_v2.c
|
||||
--- a/src/http/v2/ngx_http_v2.c
|
||||
+++ b/src/http/v2/ngx_http_v2.c
|
||||
@@ -347,6 +347,7 @@ ngx_http_v2_read_handler(ngx_event_t *re
|
||||
ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0, "http2 read handler");
|
||||
|
||||
h2c->blocked = 1;
|
||||
+ h2c->new_streams = 0;
|
||||
|
||||
if (c->close) {
|
||||
c->close = 0;
|
||||
@@ -1284,6 +1285,14 @@ ngx_http_v2_state_headers(ngx_http_v2_co
|
||||
goto rst_stream;
|
||||
}
|
||||
|
||||
+ if (h2c->new_streams++ >= 2 * h2scf->concurrent_streams) {
|
||||
+ ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0,
|
||||
+ "client sent too many streams at once");
|
||||
+
|
||||
+ status = NGX_HTTP_V2_REFUSED_STREAM;
|
||||
+ goto rst_stream;
|
||||
+ }
|
||||
+
|
||||
if (!h2c->settings_ack
|
||||
&& !(h2c->state.flags & NGX_HTTP_V2_END_STREAM_FLAG)
|
||||
&& h2scf->preread_size < NGX_HTTP_V2_DEFAULT_WINDOW)
|
||||
@@ -1349,6 +1358,12 @@ ngx_http_v2_state_headers(ngx_http_v2_co
|
||||
|
||||
rst_stream:
|
||||
|
||||
+ if (h2c->refused_streams++ > ngx_max(h2scf->concurrent_streams, 100)) {
|
||||
+ ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0,
|
||||
+ "client sent too many refused streams");
|
||||
+ return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_NO_ERROR);
|
||||
+ }
|
||||
+
|
||||
if (ngx_http_v2_send_rst_stream(h2c, h2c->state.sid, status) != NGX_OK) {
|
||||
return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_INTERNAL_ERROR);
|
||||
}
|
||||
diff --git a/src/http/v2/ngx_http_v2.h b/src/http/v2/ngx_http_v2.h
|
||||
--- a/src/http/v2/ngx_http_v2.h
|
||||
+++ b/src/http/v2/ngx_http_v2.h
|
||||
@@ -131,6 +131,8 @@ struct ngx_http_v2_connection_s {
|
||||
ngx_uint_t processing;
|
||||
ngx_uint_t frames;
|
||||
ngx_uint_t idle;
|
||||
+ ngx_uint_t new_streams;
|
||||
+ ngx_uint_t refused_streams;
|
||||
ngx_uint_t priority_limit;
|
||||
|
||||
size_t send_window;
|
||||
2688
t/000-sanity.t
2688
t/000-sanity.t
File diff suppressed because it is too large
Load Diff
@ -1,8 +1,8 @@
|
||||
#!/bin/bash
|
||||
|
||||
PCRE=pcre-8.44
|
||||
ZLIB=zlib-1.2.12
|
||||
OPENSSL=openssl-1.1.1p
|
||||
PCRE=pcre-8.45
|
||||
ZLIB=zlib-1.2.13
|
||||
OPENSSL=openssl-1.1.1t
|
||||
JOBS=12
|
||||
|
||||
# wget https://www.openssl.org/source/openssl-1.1.1p.tar.gz
|
||||
|
||||
@ -86,7 +86,7 @@ sh "sudo $make install";
|
||||
sh "sudo cp /tmp/nginx.conf $prefix/nginx/conf/nginx.conf";
|
||||
sh "$prefix/nginx/sbin/nginx -V 2>&1 |grep $ver";
|
||||
sh "$prefix/nginx/sbin/nginx -V 2>&1 |grep -v 'stream_proxy'";
|
||||
system "sudo killall nginx > /dev/null 2>&1";
|
||||
#system "sudo killall nginx > /dev/null 2>&1";
|
||||
sh "sudo $prefix/nginx/sbin/nginx";
|
||||
sh "curl -si localhost/lua|grep $lua";
|
||||
sh "curl -si localhost/lua|grep $ver";
|
||||
|
||||
@ -503,6 +503,16 @@ if [ "$answer" = "Y" ]; then
|
||||
fi
|
||||
fi
|
||||
|
||||
answer=`$root/util/ver-ge "$main_ver" 1.9.5`
|
||||
if [ "$answer" = "Y" ]; then
|
||||
answer=`$root/util/ver-ge "$main_ver" 1.25.2`
|
||||
if [ "$answer" = "N" ]; then
|
||||
echo "$info_txt applying the patch for nginx security advisory (CVE-2023-44487)"
|
||||
patch -p1 < $root/patches/patch.2023.h2.txt || exit 1
|
||||
echo
|
||||
fi
|
||||
fi
|
||||
|
||||
echo "$info_txt applying the upstream_timeout_fields patch for nginx"
|
||||
patch -p1 < $root/patches/nginx-$main_ver-upstream_timeout_fields.patch || exit 1
|
||||
echo
|
||||
@ -533,7 +543,7 @@ rm -rf no-pool-nginx-$ver
|
||||
|
||||
#################################
|
||||
|
||||
ver=0.62
|
||||
ver=0.63
|
||||
$root/util/get-tarball "https://github.com/openresty/echo-nginx-module/tarball/v$ver" -O echo-nginx-module-$ver.tar.gz || exit 1
|
||||
tar -xzf echo-nginx-module-$ver.tar.gz || exit 1
|
||||
mv openresty-echo-nginx-module-* echo-nginx-module-$ver || exit 1
|
||||
@ -547,7 +557,7 @@ mv openresty-xss-nginx-module-* xss-nginx-module-$ver || exit 1
|
||||
|
||||
#################################
|
||||
|
||||
ver=0.3.1
|
||||
ver=0.3.2
|
||||
$root/util/get-tarball "https://github.com/simplresty/ngx_devel_kit/tarball/v$ver" -O ngx_devel_kit-$ver.tar.gz
|
||||
tar -xzf ngx_devel_kit-$ver.tar.gz || exit 1
|
||||
mv vision5-ngx_devel_kit-* ngx_devel_kit-$ver || exit 1
|
||||
@ -561,7 +571,7 @@ mv openresty-set-misc-nginx-module-* set-misc-nginx-module-$ver || exit 1
|
||||
|
||||
#################################
|
||||
|
||||
ver=0.15
|
||||
ver=0.16
|
||||
$root/util/get-tarball "https://github.com/openresty/rds-json-nginx-module/tarball/v$ver" -O rds-json-nginx-module-$ver.tar.gz || exit 1
|
||||
tar -xzf rds-json-nginx-module-$ver.tar.gz || exit 1
|
||||
mv openresty-rds-json-nginx-module-* rds-json-nginx-module-$ver || exit 1
|
||||
@ -575,21 +585,21 @@ mv openresty-rds-csv-nginx-module-* rds-csv-nginx-module-$ver || exit 1
|
||||
|
||||
#################################
|
||||
|
||||
ver=0.33
|
||||
ver=0.34
|
||||
$root/util/get-tarball "https://github.com/openresty/headers-more-nginx-module/tarball/v$ver" -O headers-more-nginx-module-$ver.tar.gz || exit 1
|
||||
tar -xzf headers-more-nginx-module-$ver.tar.gz || exit 1
|
||||
mv openresty-headers-more-nginx-module-* headers-more-nginx-module-$ver || exit 1
|
||||
|
||||
#################################
|
||||
|
||||
ver=0.1.11
|
||||
ver=0.1.12
|
||||
$root/util/get-tarball "https://github.com/openresty/drizzle-nginx-module/tarball/v$ver" -O drizzle-nginx-module-$ver.tar.gz || exit 1
|
||||
tar -xzf drizzle-nginx-module-$ver.tar.gz || exit 1
|
||||
mv openresty-drizzle-nginx-module-* drizzle-nginx-module-$ver || exit 1
|
||||
|
||||
#################################
|
||||
|
||||
ver=0.10.22
|
||||
ver=0.10.25
|
||||
$root/util/get-tarball "https://github.com/openresty/lua-nginx-module/archive/v$ver.tar.gz" -O lua-nginx-module-$ver.tar.gz || exit 1
|
||||
tar -xzf lua-nginx-module-$ver.tar.gz || exit 1
|
||||
mv lua-nginx-module-$ver ngx_lua-$ver || exit 1
|
||||
@ -603,14 +613,14 @@ mv openresty-lua-upstream-nginx-module-* ngx_lua_upstream-$ver || exit 1
|
||||
|
||||
#################################
|
||||
|
||||
ver=0.0.11
|
||||
ver=0.0.13
|
||||
$root/util/get-tarball "https://github.com/openresty/stream-lua-nginx-module/tarball/v$ver" -O stream-lua-nginx-module-$ver.tar.gz || exit 1
|
||||
tar -xzf stream-lua-nginx-module-$ver.tar.gz || exit 1
|
||||
mv openresty-stream-lua-nginx-module-* ngx_stream_lua-$ver || exit 1
|
||||
|
||||
#################################
|
||||
|
||||
ver=0.05
|
||||
ver=0.06
|
||||
$root/util/get-tarball "https://github.com/openresty/array-var-nginx-module/tarball/v$ver" -O array-var-nginx-module-$ver.tar.gz || exit 1
|
||||
tar -xzf array-var-nginx-module-$ver.tar.gz || exit 1
|
||||
mv openresty-array-var-nginx-module-* array-var-nginx-module-$ver || exit 1
|
||||
@ -624,7 +634,7 @@ mv openresty-memc-nginx-module-* memc-nginx-module-$ver || exit 1
|
||||
|
||||
#################################
|
||||
|
||||
ver=0.32
|
||||
ver=0.33
|
||||
$root/util/get-tarball "https://github.com/openresty/srcache-nginx-module/tarball/v$ver" -O srcache-nginx-module-$ver.tar.gz || exit 1
|
||||
tar -xzf srcache-nginx-module-$ver.tar.gz || exit 1
|
||||
mv openresty-srcache-nginx-module-* srcache-nginx-module-$ver || exit 1
|
||||
@ -699,7 +709,7 @@ mv openresty-redis2-nginx-module-* redis2-nginx-module-$ver || exit 1
|
||||
|
||||
#################################
|
||||
|
||||
ver=0.28
|
||||
ver=0.29
|
||||
$root/util/get-tarball "https://github.com/openresty/resty-cli/tarball/v$ver" -O resty-cli-$ver.tar.gz || exit 1
|
||||
tar -xzf resty-cli-$ver.tar.gz || exit 1
|
||||
mv openresty-resty-cli-* resty-cli-$ver || exit 1
|
||||
@ -707,14 +717,14 @@ resty_cli=resty-cli-$ver
|
||||
|
||||
#################################
|
||||
|
||||
ver=0.0.6
|
||||
ver=0.0.7
|
||||
$root/util/get-tarball "https://github.com/openresty/opm/tarball/v$ver" -O opm-$ver.tar.gz || exit 1
|
||||
tar -xzf opm-$ver.tar.gz || exit 1
|
||||
mv openresty-opm-* opm-$ver || exit 1
|
||||
|
||||
#################################
|
||||
|
||||
ver=2.1-20220915
|
||||
ver=2.1-20230410
|
||||
$root/util/get-tarball "https://github.com/openresty/luajit2/archive/v$ver.tar.gz" -O "LuaJIT-$ver.tar.gz" || exit 1
|
||||
tar -xzf LuaJIT-$ver.tar.gz || exit 1
|
||||
mv luajit2-* LuaJIT-$ver || exit 1
|
||||
@ -727,7 +737,7 @@ cd .. || exit 1
|
||||
|
||||
#################################
|
||||
|
||||
ver=2.1.0.10
|
||||
ver=2.1.0.11
|
||||
$root/util/get-tarball "https://github.com/openresty/lua-cjson/archive/$ver.tar.gz" -O "lua-cjson-$ver.tar.gz" || exit 1
|
||||
tar -xzf lua-cjson-$ver.tar.gz || exit 1
|
||||
|
||||
@ -761,7 +771,7 @@ cd ..
|
||||
|
||||
#################################
|
||||
|
||||
ver=0.16
|
||||
ver=0.17
|
||||
$root/util/get-tarball "https://github.com/openresty/lua-resty-memcached/tarball/v$ver" -O "lua-resty-memcached-$ver.tar.gz" || exit 1
|
||||
tar -xzf lua-resty-memcached-$ver.tar.gz || exit 1
|
||||
mv openresty-lua-resty-memcached-* lua-resty-memcached-$ver || exit 1
|
||||
@ -779,7 +789,7 @@ mv openresty-lua-resty-redis-* lua-resty-redis-$ver || exit 1
|
||||
|
||||
#################################
|
||||
|
||||
ver=0.25
|
||||
ver=0.26
|
||||
$root/util/get-tarball "https://github.com/openresty/lua-resty-mysql/tarball/v$ver" -O "lua-resty-mysql-$ver.tar.gz" || exit 1
|
||||
tar -xzf lua-resty-mysql-$ver.tar.gz || exit 1
|
||||
mv openresty-lua-resty-mysql-* lua-resty-mysql-$ver || exit 1
|
||||
@ -801,7 +811,7 @@ cd ..
|
||||
|
||||
#################################
|
||||
|
||||
ver=0.10
|
||||
ver=0.11
|
||||
$root/util/get-tarball "https://github.com/openresty/lua-resty-upload/tarball/v$ver" -O "lua-resty-upload-$ver.tar.gz" || exit 1
|
||||
tar -xzf lua-resty-upload-$ver.tar.gz || exit 1
|
||||
mv openresty-lua-resty-upload-* lua-resty-upload-$ver || exit 1
|
||||
@ -823,7 +833,7 @@ cd ..
|
||||
|
||||
#################################
|
||||
|
||||
ver=0.09
|
||||
ver=0.10
|
||||
$root/util/get-tarball "https://github.com/openresty/lua-resty-websocket/tarball/v$ver" -O "lua-resty-websocket-$ver.tar.gz" || exit 1
|
||||
tar -xzf lua-resty-websocket-$ver.tar.gz || exit 1
|
||||
mv openresty-lua-resty-websocket-* lua-resty-websocket-$ver || exit 1
|
||||
@ -834,7 +844,7 @@ cd ..
|
||||
|
||||
#################################
|
||||
|
||||
ver=0.08
|
||||
ver=0.09
|
||||
$root/util/get-tarball "https://github.com/openresty/lua-resty-lock/tarball/v$ver" -O "lua-resty-lock-$ver.tar.gz" || exit 1
|
||||
tar -xzf lua-resty-lock-$ver.tar.gz || exit 1
|
||||
mv openresty-lua-resty-lock-* lua-resty-lock-$ver || exit 1
|
||||
@ -845,7 +855,7 @@ cd ..
|
||||
|
||||
#################################
|
||||
|
||||
ver=0.11
|
||||
ver=0.13
|
||||
$root/util/get-tarball "https://github.com/openresty/lua-resty-lrucache/tarball/v$ver" -O "lua-resty-lrucache-$ver.tar.gz" || exit 1
|
||||
tar -xzf lua-resty-lrucache-$ver.tar.gz || exit 1
|
||||
mv openresty-lua-resty-lrucache-* lua-resty-lrucache-$ver || exit 1
|
||||
@ -856,14 +866,14 @@ cd ..
|
||||
|
||||
#################################
|
||||
|
||||
ver=0.1.24
|
||||
ver=0.1.27
|
||||
$root/util/get-tarball "https://github.com/openresty/lua-resty-core/tarball/v$ver" -O "lua-resty-core-$ver.tar.gz" || exit 1
|
||||
tar -xzf lua-resty-core-$ver.tar.gz || exit 1
|
||||
mv openresty-lua-resty-core-* lua-resty-core-$ver || exit 1
|
||||
|
||||
#################################
|
||||
|
||||
ver=0.06
|
||||
ver=0.08
|
||||
$root/util/get-tarball "https://github.com/openresty/lua-resty-upstream-healthcheck/tarball/v$ver" -O "lua-resty-upstream-healthcheck-$ver.tar.gz" || exit 1
|
||||
tar -xzf lua-resty-upstream-healthcheck-$ver.tar.gz || exit 1
|
||||
mv openresty-lua-resty-upstream-healthcheck-* lua-resty-upstream-healthcheck-$ver || exit 1
|
||||
|
||||
Reference in New Issue
Block a user