bumped version to 1.15.8.2.

applied the win32_max_err_str patch for the nginx core.

patches/nginx-1.15.8-win32_max_err_str.patch

@@ -0,0 +1,15 @@
+diff --git a/src/os/win32/ngx_event_log.c b/src/os/win32/ngx_event_log.c
+index e11ed1e8..dce8eddd 100644
+--- a/src/os/win32/ngx_event_log.c
++++ b/src/os/win32/ngx_event_log.c
+@@ -8,7 +8,9 @@
+ #include <ngx_core.h>
+ 
+ 
+-#define NGX_MAX_ERROR_STR   2048
++#ifndef NGX_MAX_ERROR_STR
++#define NGX_MAX_ERROR_STR   4096
++#endif
+ 
+ 
+ void ngx_cdecl

patches/patch.2019.h2.txt

@@ -0,0 +1,136 @@
+--- src/http/v2/ngx_http_v2.c
++++ src/http/v2/ngx_http_v2.c
+@@ -1546,6 +1546,14 @@ ngx_http_v2_state_process_header(ngx_http_v2_connection_t *h2c, u_char *pos,
+         header->name.len = h2c->state.field_end - h2c->state.field_start;
+         header->name.data = h2c->state.field_start;
+ 
++        if (header->name.len == 0) {
++            ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0,
++                          "client sent zero header name length");
++
++            return ngx_http_v2_connection_error(h2c,
++                                                NGX_HTTP_V2_PROTOCOL_ERROR);
++        }
++
+         return ngx_http_v2_state_field_len(h2c, pos, end);
+     }
+ 
+@@ -3249,10 +3257,6 @@ ngx_http_v2_validate_header(ngx_http_request_t *r, ngx_http_v2_header_t *header)
+     ngx_uint_t                 i;
+     ngx_http_core_srv_conf_t  *cscf;
+ 
+-    if (header->name.len == 0) {
+-        return NGX_ERROR;
+-    }
+-
+     r->invalid_header = 0;
+ 
+     cscf = ngx_http_get_module_srv_conf(r, ngx_http_core_module);
+--- src/http/v2/ngx_http_v2.c
++++ src/http/v2/ngx_http_v2.c
+@@ -4369,6 +4369,8 @@ ngx_http_v2_close_stream(ngx_http_v2_stream_t *stream, ngx_int_t rc)
+      */
+     pool = stream->pool;
+ 
++    h2c->frames -= stream->frames;
++
+     ngx_http_free_request(stream->request, rc);
+ 
+     if (pool != h2c->state.pool) {
+--- src/http/v2/ngx_http_v2.h
++++ src/http/v2/ngx_http_v2.h
+@@ -192,6 +192,8 @@ struct ngx_http_v2_stream_s {
+ 
+     ngx_buf_t                       *preread;
+ 
++    ngx_uint_t                       frames;
++
+     ngx_http_v2_out_frame_t         *free_frames;
+     ngx_chain_t                     *free_frame_headers;
+     ngx_chain_t                     *free_bufs;
+--- src/http/v2/ngx_http_v2_filter_module.c
++++ src/http/v2/ngx_http_v2_filter_module.c
+@@ -1669,22 +1669,34 @@ static ngx_http_v2_out_frame_t *
+ ngx_http_v2_filter_get_data_frame(ngx_http_v2_stream_t *stream,
+     size_t len, ngx_chain_t *first, ngx_chain_t *last)
+ {
+-    u_char                    flags;
+-    ngx_buf_t                *buf;
+-    ngx_chain_t              *cl;
+-    ngx_http_v2_out_frame_t  *frame;
++    u_char                     flags;
++    ngx_buf_t                 *buf;
++    ngx_chain_t               *cl;
++    ngx_http_v2_out_frame_t   *frame;
++    ngx_http_v2_connection_t  *h2c;
+ 
+     frame = stream->free_frames;
++    h2c = stream->connection;
+ 
+     if (frame) {
+         stream->free_frames = frame->next;
+ 
+-    } else {
++    } else if (h2c->frames < 10000) {
+         frame = ngx_palloc(stream->request->pool,
+                            sizeof(ngx_http_v2_out_frame_t));
+         if (frame == NULL) {
+             return NULL;
+         }
++
++        stream->frames++;
++        h2c->frames++;
++
++    } else {
++        ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0,
++                      "http2 flood detected");
++
++        h2c->connection->error = 1;
++        return NULL;
+     }
+ 
+     flags = last->buf->last_buf ? NGX_HTTP_V2_END_STREAM_FLAG : 0;
+--- src/http/v2/ngx_http_v2.c
++++ src/http/v2/ngx_http_v2.c
+@@ -273,6 +273,7 @@ ngx_http_v2_init(ngx_event_t *rev)
+     h2scf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_v2_module);
+ 
+     h2c->concurrent_pushes = h2scf->concurrent_pushes;
++    h2c->priority_limit = h2scf->concurrent_streams;
+ 
+     h2c->pool = ngx_create_pool(h2scf->pool_size, h2c->connection->log);
+     if (h2c->pool == NULL) {
+@@ -1804,6 +1805,13 @@ ngx_http_v2_state_priority(ngx_http_v2_connection_t *h2c, u_char *pos,
+         return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_SIZE_ERROR);
+     }
+ 
++    if (--h2c->priority_limit == 0) {
++        ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0,
++                      "client sent too many PRIORITY frames");
++
++        return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_ENHANCE_YOUR_CALM);
++    }
++
+     if (end - pos < NGX_HTTP_V2_PRIORITY_SIZE) {
+         return ngx_http_v2_state_save(h2c, pos, end,
+                                       ngx_http_v2_state_priority);
+@@ -3120,6 +3128,8 @@ ngx_http_v2_create_stream(ngx_http_v2_connection_t *h2c, ngx_uint_t push)
+         h2c->processing++;
+     }
+ 
++    h2c->priority_limit += h2scf->concurrent_streams;
++
+     return stream;
+ }
+ 
+--- src/http/v2/ngx_http_v2.h
++++ src/http/v2/ngx_http_v2.h
+@@ -122,6 +122,7 @@ struct ngx_http_v2_connection_s {
+     ngx_uint_t                       processing;
+     ngx_uint_t                       frames;
+     ngx_uint_t                       idle;
++    ngx_uint_t                       priority_limit;
+ 
+     ngx_uint_t                       pushing;
+     ngx_uint_t                       concurrent_pushes;
+

util/mirror-tarballs

@@ -34,6 +34,10 @@ cd nginx-$ver || exit 1
 
 # patch the patch
 
+echo "$info_txt applying the nginx-$main_ver-win32_max_err_str.patch"
+patch -p1 < $root/patches/nginx-$main_ver-win32_max_err_str.patch || exit 1
+echo
+
 answer=`$root/util/ver-ge "$main_ver" 1.13.3`
 if [ "$answer" = "N" ]; then
     echo "$info_txt applying the patch for nginx security advisory (CVE-2017-7529)"
@@ -400,6 +404,54 @@ if [ "$main_ver" = "1.13.6" ]; then
     echo
 fi
 
+answer=`$root/util/ver-ge "$main_ver" 1.9.5`
+if [ "$answer" = "Y" ]; then
+    answer=`$root/util/ver-ge "$main_ver" 1.14.1`
+    if [ "$answer" = "N" ]; then
+        echo "$info_txt applying the patch for nginx security advisory (CVE-2018-16843 CVE-2018-16844)"
+        patch -p0 < $root/patches/patch.2018.h2.txt || exit 1
+        echo
+    elif [ `$root/util/ver-ge "$main_ver" 1.15.0` = "Y" ]; then
+        answer=`$root/util/ver-ge "$main_ver" 1.15.6`
+        if [ "$answer" = "N" ]; then
+            echo "$info_txt applying the patch for nginx security advisory (CVE-2018-16843 CVE-2018-16844)"
+            patch -p0 < $root/patches/patch.2018.h2.txt || exit 1
+            echo
+        fi
+    fi
+fi
+
+answer=`$root/util/ver-ge "$main_ver" 1.14.1`
+if [ "$answer" = "N" ]; then
+    echo "$info_txt applying the patch for nginx security advisory (CVE-2018-16845)"
+    patch -p0 < $root/patches/patch.2018.mp4.txt || exit 1
+    echo
+else
+    answer=`$root/util/ver-ge "$main_ver" 1.15.6`
+    if [ "$answer" = "N" ]; then
+        echo "$info_txt applying the patch for nginx security advisory (CVE-2018-16845)"
+        patch -p0 < $root/patches/patch.2018.mp4.txt || exit 1
+        echo
+    fi
+fi
+
+answer=`$root/util/ver-ge "$main_ver" 1.9.5`
+if [ "$answer" = "Y" ]; then
+    answer=`$root/util/ver-ge "$main_ver" 1.16.1`
+    if [ "$answer" = "N" ]; then
+        echo "$info_txt applying the patch for nginx security advisory (CVE-2019-9511 CVE-2019-9513 CVE-2019-9516)"
+        patch -p0 < $root/patches/patch.2019.h2.txt || exit 1
+        echo
+    elif [ `$root/util/ver-ge "$main_ver" 1.17.0` = "Y" ]; then
+        answer=`$root/util/ver-ge "$main_ver" 1.17.3`
+        if [ "$answer" = "N" ]; then
+            echo "$info_txt applying the patch for nginx security advisory (CVE-2019-9511 CVE-2019-9513 CVE-2019-9516)"
+            patch -p0 < $root/patches/patch.2019.h2.txt || exit 1
+            echo
+        fi
+    fi
+fi
+
 rm -f *.patch || exit 1
 
 echo "$info_txt applying the always_enable_cc_feature_tests patch to nginx"
@@ -496,7 +548,7 @@ mv openresty-drizzle-nginx-module-* drizzle-nginx-module-$ver || exit 1
 
 #################################
 
-ver=0.10.14
+ver=0.10.15
 $root/util/get-tarball "https://github.com/openresty/lua-nginx-module/archive/v$ver.tar.gz" -O lua-nginx-module-$ver.tar.gz || exit 1
 tar -xzf lua-nginx-module-$ver.tar.gz || exit 1
 mv lua-nginx-module-$ver ngx_lua-$ver || exit 1
@@ -510,7 +562,7 @@ mv openresty-lua-upstream-nginx-module-* ngx_lua_upstream-$ver || exit 1
 
 #################################
 
-ver=0.0.6
+ver=0.0.7
 $root/util/get-tarball "https://github.com/openresty/stream-lua-nginx-module/tarball/v$ver" -O stream-lua-nginx-module-$ver.tar.gz || exit 1
 tar -xzf stream-lua-nginx-module-$ver.tar.gz || exit 1
 mv openresty-stream-lua-nginx-module-* ngx_stream_lua-$ver || exit 1
@@ -609,7 +661,7 @@ mv openresty-redis2-nginx-module-* redis2-nginx-module-$ver || exit 1
 
 #################################
 
-ver=0.23
+ver=0.24
 $root/util/get-tarball "https://github.com/openresty/resty-cli/tarball/v$ver" -O resty-cli-$ver.tar.gz || exit 1
 tar -xzf resty-cli-$ver.tar.gz || exit 1
 mv openresty-resty-cli-* resty-cli-$ver || exit 1
@@ -650,7 +702,7 @@ mv openresty-opm-* opm-$ver || exit 1
 
 #################################
 
-ver=2.1-20190228
+ver=2.1-20190507
 $root/util/get-tarball "https://github.com/openresty/luajit2/archive/v$ver.tar.gz" -O "LuaJIT-$ver.tar.gz" || exit 1
 tar -xzf LuaJIT-$ver.tar.gz || exit 1
 mv luajit2-* LuaJIT-$ver || exit 1
@@ -826,7 +878,7 @@ cd ..
 
 #################################
 
-ver=0.1.16
+ver=0.1.17
 $root/util/get-tarball "https://github.com/openresty/lua-resty-core/tarball/v$ver" -O "lua-resty-core-$ver.tar.gz" || exit 1
 tar -xzf lua-resty-core-$ver.tar.gz || exit 1
 mv openresty-lua-resty-core-* lua-resty-core-$ver || exit 1

util/ver

@@ -1,7 +1,7 @@
 #!/bin/bash
 
 main_ver=1.15.8
-minor_ver=1rc1
+minor_ver=2
 version=$main_ver.$minor_ver
 echo $version