Skip to content

Commit fb7c9d5

Browse files
nginxkolbyjack
authored andcommitted
Changes with nginx 1.7.9 23 Dec 2014
*) Feature: variables support in the "proxy_cache", "fastcgi_cache", "scgi_cache", and "uwsgi_cache" directives. *) Feature: variables support in the "expires" directive. *) Feature: loading of secret keys from hardware tokens with OpenSSL engines. Thanks to Dmitrii Pichulin. *) Feature: the "autoindex_format" directive. *) Bugfix: cache revalidation is now only used for responses with 200 and 206 status codes. Thanks to Piotr Sikora. *) Bugfix: the "TE" client request header line was passed to backends while proxying. *) Bugfix: the "proxy_pass", "fastcgi_pass", "scgi_pass", and "uwsgi_pass" directives might not work correctly inside the "if" and "limit_except" blocks. *) Bugfix: the "proxy_store" directive with the "on" parameter was ignored if the "proxy_store" directive with an explicitly specified file path was used on a previous level. *) Bugfix: nginx could not be built with BoringSSL. Thanks to Lukas Tribus.
1 parent 4392f03 commit fb7c9d5

15 files changed

+1323
-341
lines changed

CHANGES

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,36 @@
11

2+
Changes with nginx 1.7.9 23 Dec 2014
3+
4+
*) Feature: variables support in the "proxy_cache", "fastcgi_cache",
5+
"scgi_cache", and "uwsgi_cache" directives.
6+
7+
*) Feature: variables support in the "expires" directive.
8+
9+
*) Feature: loading of secret keys from hardware tokens with OpenSSL
10+
engines.
11+
Thanks to Dmitrii Pichulin.
12+
13+
*) Feature: the "autoindex_format" directive.
14+
15+
*) Bugfix: cache revalidation is now only used for responses with 200
16+
and 206 status codes.
17+
Thanks to Piotr Sikora.
18+
19+
*) Bugfix: the "TE" client request header line was passed to backends
20+
while proxying.
21+
22+
*) Bugfix: the "proxy_pass", "fastcgi_pass", "scgi_pass", and
23+
"uwsgi_pass" directives might not work correctly inside the "if" and
24+
"limit_except" blocks.
25+
26+
*) Bugfix: the "proxy_store" directive with the "on" parameter was
27+
ignored if the "proxy_store" directive with an explicitly specified
28+
file path was used on a previous level.
29+
30+
*) Bugfix: nginx could not be built with BoringSSL.
31+
Thanks to Lukas Tribus.
32+
33+
234
Changes with nginx 1.7.8 02 Dec 2014
335

436
*) Change: now the "If-Modified-Since", "If-Range", etc. client request

CHANGES.ru

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,36 @@
11

2+
Изменения в nginx 1.7.9 23.12.2014
3+
4+
*) Добавление: директивы proxy_cache, fastcgi_cache, scgi_cache и
5+
uwsgi_cache поддерживают переменные.
6+
7+
*) Добавление: директива expires поддерживает переменные.
8+
9+
*) Добавление: возможность загрузки секретных ключей с аппаратных
10+
устройств с помощью OpenSSL engines.
11+
Спасибо Дмитрию Пичулину.
12+
13+
*) Добавление: директива autoindex_format.
14+
15+
*) Исправление: ревалидация элементов кэша теперь используется только
16+
для ответов с кодами 200 и 206.
17+
Спасибо Piotr Sikora.
18+
19+
*) Исправление: строка "TE" заголовка запроса клиента передавалась на
20+
бэкенд при проксировании.
21+
22+
*) Исправление: директивы proxy_pass, fastcgi_pass, scgi_pass и
23+
uwsgi_pass могли неправильно работать внутри блоков if и
24+
limit_except.
25+
26+
*) Исправление: директива proxy_store с параметром "on" игнорировалась,
27+
если на предыдущем уровне использовалась директива proxy_store с явно
28+
заданным путём к файлам.
29+
30+
*) Исправление: nginx не собирался с BoringSSL.
31+
Спасибо Lukas Tribus.
32+
33+
234
Изменения в nginx 1.7.8 02.12.2014
335

436
*) Изменение: теперь строки "If-Modified-Since", "If-Range" и им

src/core/nginx.h

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,8 +9,8 @@
99
#define _NGINX_H_INCLUDED_
1010

1111

12-
#define nginx_version 1007008
13-
#define NGINX_VERSION "1.7.8"
12+
#define nginx_version 1007009
13+
#define NGINX_VERSION "1.7.9"
1414
#define NGINX_VER "nginx/" NGINX_VERSION
1515

1616
#ifdef NGX_BUILD

src/core/ngx_string.c

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1773,6 +1773,58 @@ ngx_escape_html(u_char *dst, u_char *src, size_t size)
17731773
}
17741774

17751775

1776+
uintptr_t
1777+
ngx_escape_json(u_char *dst, u_char *src, size_t size)
1778+
{
1779+
u_char ch;
1780+
ngx_uint_t len;
1781+
1782+
if (dst == NULL) {
1783+
len = 0;
1784+
1785+
while (size) {
1786+
ch = *src++;
1787+
1788+
if (ch == '\\' || ch == '"') {
1789+
len++;
1790+
1791+
} else if (ch <= 0x1f) {
1792+
len += sizeof("\\u001F") - 2;
1793+
}
1794+
1795+
size--;
1796+
}
1797+
1798+
return (uintptr_t) len;
1799+
}
1800+
1801+
while (size) {
1802+
ch = *src++;
1803+
1804+
if (ch > 0x1f) {
1805+
1806+
if (ch == '\\' || ch == '"') {
1807+
*dst++ = '\\';
1808+
}
1809+
1810+
*dst++ = ch;
1811+
1812+
} else {
1813+
*dst++ = '\\'; *dst++ = 'u'; *dst++ = '0'; *dst++ = '0';
1814+
*dst++ = '0' + (ch >> 4);
1815+
1816+
ch &= 0xf;
1817+
1818+
*dst++ = (ch < 10) ? ('0' + ch) : ('A' + ch - 10);
1819+
}
1820+
1821+
size--;
1822+
}
1823+
1824+
return (uintptr_t) dst;
1825+
}
1826+
1827+
17761828
void
17771829
ngx_str_rbtree_insert_value(ngx_rbtree_node_t *temp,
17781830
ngx_rbtree_node_t *node, ngx_rbtree_node_t *sentinel)

src/core/ngx_string.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -207,6 +207,7 @@ uintptr_t ngx_escape_uri(u_char *dst, u_char *src, size_t size,
207207
ngx_uint_t type);
208208
void ngx_unescape_uri(u_char **dst, u_char **src, size_t size, ngx_uint_t type);
209209
uintptr_t ngx_escape_html(u_char *dst, u_char *src, size_t size);
210+
uintptr_t ngx_escape_json(u_char *dst, u_char *src, size_t size);
210211

211212

212213
typedef struct {

src/event/ngx_event_openssl.c

Lines changed: 65 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -376,6 +376,67 @@ ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert,
376376

377377
BIO_free(bio);
378378

379+
if (ngx_strncmp(key->data, "engine:", sizeof("engine:") - 1) == 0) {
380+
381+
#ifndef OPENSSL_NO_ENGINE
382+
383+
u_char *p, *last;
384+
ENGINE *engine;
385+
EVP_PKEY *pkey;
386+
387+
p = key->data + sizeof("engine:") - 1;
388+
last = (u_char *) ngx_strchr(p, ':');
389+
390+
if (last == NULL) {
391+
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
392+
"invalid syntax in \"%V\"", key);
393+
return NGX_ERROR;
394+
}
395+
396+
*last = '\0';
397+
398+
engine = ENGINE_by_id((char *) p);
399+
400+
if (engine == NULL) {
401+
ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
402+
"ENGINE_by_id(\"%s\") failed", p);
403+
return NGX_ERROR;
404+
}
405+
406+
*last++ = ':';
407+
408+
pkey = ENGINE_load_private_key(engine, (char *) last, 0, 0);
409+
410+
if (pkey == NULL) {
411+
ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
412+
"ENGINE_load_private_key(\"%s\") failed", last);
413+
ENGINE_free(engine);
414+
return NGX_ERROR;
415+
}
416+
417+
ENGINE_free(engine);
418+
419+
if (SSL_CTX_use_PrivateKey(ssl->ctx, pkey) == 0) {
420+
ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
421+
"SSL_CTX_use_PrivateKey(\"%s\") failed", last);
422+
EVP_PKEY_free(pkey);
423+
return NGX_ERROR;
424+
}
425+
426+
EVP_PKEY_free(pkey);
427+
428+
return NGX_OK;
429+
430+
#else
431+
432+
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
433+
"loading \"engine:...\" certificate keys "
434+
"is not supported");
435+
return NGX_ERROR;
436+
437+
#endif
438+
}
439+
379440
if (ngx_conf_full_name(cf->cycle, key, 1) != NGX_OK) {
380441
return NGX_ERROR;
381442
}
@@ -1085,11 +1146,15 @@ ngx_ssl_handshake(ngx_connection_t *c)
10851146
c->recv_chain = ngx_ssl_recv_chain;
10861147
c->send_chain = ngx_ssl_send_chain;
10871148

1149+
#ifdef SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
1150+
10881151
/* initial handshake done, disable renegotiation (CVE-2009-3555) */
10891152
if (c->ssl->connection->s3) {
10901153
c->ssl->connection->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
10911154
}
10921155

1156+
#endif
1157+
10931158
return NGX_OK;
10941159
}
10951160

0 commit comments

Comments
 (0)