Browse code
nginx: Update to version 1.13.10
Change-Id: Ic9725120f2e3ce634635fe40fe144775cf188ff4
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/6600
Reviewed-by: Anish Swaminathan <anishs@vmware.com>
Tested-by: Anish Swaminathan <anishs@vmware.com>
Keerthana K authored on 2019/01/28 14:37:27Showing 3 changed files
- SPECS/nginx/nginx-CVE-2018-16843.patch
- SPECS/nginx/nginx-CVE-2018-16844.patch
- SPECS/nginx/nginx.spec
| ... | ... |
@@ -1,20 +1,17 @@ |
| 1 |
- |
|
| 2 |
-# HG changeset patch |
|
| 3 |
-# User Ruslan Ermilov <ru@nginx.com> |
|
| 4 |
-# Date 1541510975 -10800 |
|
| 5 |
-# Node ID 1c6b6163c03945bcc65c252cc42b0af18744c085 |
|
| 6 |
-# Parent fdc19a3289c1138bfe49ddbde310778ddc495729 |
|
| 7 | 1 |
HTTP/2: flood detection. |
| 8 | 2 |
|
| 9 | 3 |
Fixed uncontrolled memory growth in case peer is flooding us with |
| 10 | 4 |
some frames (e.g., SETTINGS and PING) and doesn't read data. Fix |
| 11 | 5 |
is to limit the number of allocated control frames. |
| 12 |
- |
|
| 13 |
-diff --git a/src/http/v2/ngx_http_v2.c b/src/http/v2/ngx_http_v2.c |
|
| 14 |
-index 2c62190..b9943c9 100644 |
|
| 15 |
-+++ b/src/http/v2/ngx_http_v2.c |
|
| 16 |
-@@ -635,6 +635,7 @@ ngx_http_v2_handle_connection(ngx_http_v2_connection_t *h2c) |
|
| 6 |
+author Ruslan Ermilov <ru@nginx.com> |
|
| 7 |
+date Tue, 06 Nov 2018 16:29:35 +0300 (2 months ago) |
|
| 8 |
+parents fdc19a3289c1 |
|
| 9 |
+children 9200b41db765 |
|
| 10 |
+files src/http/v2/ngx_http_v2.c src/http/v2/ngx_http_v2.h |
|
| 11 |
+diffstat 2 files changed, 12 insertions(+), 1 deletions(-) [+] |
|
| 12 |
+--- a/src/http/v2/ngx_http_v2.c Tue Nov 06 16:29:18 2018 +0300 |
|
| 13 |
+@@ -664,6 +664,7 @@ |
|
| 17 | 14 |
|
| 18 | 15 |
h2c->pool = NULL; |
| 19 | 16 |
h2c->free_frames = NULL; |
| ... | ... |
@@ -22,7 +19,7 @@ index 2c62190..b9943c9 100644 |
| 22 | 22 |
h2c->free_fake_connections = NULL; |
| 23 | 23 |
|
| 24 | 24 |
#if (NGX_HTTP_SSL) |
| 25 |
-@@ -2678,7 +2679,7 @@ ngx_http_v2_get_frame(ngx_http_v2_connection_t *h2c, size_t length, |
|
| 25 |
+@@ -2895,7 +2896,7 @@ |
|
| 26 | 26 |
|
| 27 | 27 |
frame->blocked = 0; |
| 28 | 28 |
|
| ... | ... |
@@ -31,7 +28,7 @@ index 2c62190..b9943c9 100644 |
| 31 | 31 |
pool = h2c->pool ? h2c->pool : h2c->connection->pool; |
| 32 | 32 |
|
| 33 | 33 |
frame = ngx_pcalloc(pool, sizeof(ngx_http_v2_out_frame_t)); |
| 34 |
-@@ -2702,6 +2703,15 @@ ngx_http_v2_get_frame(ngx_http_v2_connection_t *h2c, size_t length, |
|
| 34 |
+@@ -2919,6 +2920,15 @@ |
|
| 35 | 35 |
frame->last = frame->first; |
| 36 | 36 |
|
| 37 | 37 |
frame->handler = ngx_http_v2_frame_handler; |
| ... | ... |
@@ -47,15 +44,13 @@ index 2c62190..b9943c9 100644 |
| 47 | 47 |
} |
| 48 | 48 |
|
| 49 | 49 |
#if (NGX_DEBUG) |
| 50 |
-diff --git a/src/http/v2/ngx_http_v2.h b/src/http/v2/ngx_http_v2.h |
|
| 51 |
-index 42e0eb1..11f774a 100644 |
|
| 52 |
-+++ b/src/http/v2/ngx_http_v2.h |
|
| 53 |
-@@ -115,6 +115,7 @@ struct ngx_http_v2_connection_s {
|
|
| 50 |
+--- a/src/http/v2/ngx_http_v2.h Tue Nov 06 16:29:18 2018 +0300 |
|
| 51 |
+@@ -120,6 +120,7 @@ |
|
| 54 | 52 |
ngx_http_connection_t *http_connection; |
| 55 | 53 |
|
| 56 | 54 |
ngx_uint_t processing; |
| 57 | 55 |
+ ngx_uint_t frames; |
| 58 | 56 |
|
| 59 |
- size_t send_window; |
|
| 60 |
- size_t recv_window; |
|
| 57 |
+ ngx_uint_t pushing; |
|
| 58 |
+ ngx_uint_t concurrent_pushes; |
| ... | ... |
@@ -1,9 +1,3 @@ |
| 1 |
- |
|
| 2 |
-# HG changeset patch |
|
| 3 |
-# User Ruslan Ermilov <ru@nginx.com> |
|
| 4 |
-# Date 1541510989 -10800 |
|
| 5 |
-# Node ID 9200b41db765fbd6709765ba2d218e78ad8e9860 |
|
| 6 |
-# Parent 1c6b6163c03945bcc65c252cc42b0af18744c085 |
|
| 7 | 1 |
HTTP/2: limit the number of idle state switches. |
| 8 | 2 |
|
| 9 | 3 |
An attack that continuously switches HTTP/2 connection between |
| ... | ... |
@@ -17,21 +11,21 @@ This limits possible CPU usage in one connection, and also |
| 17 | 17 |
imposes a limit on the maximum lifetime of a connection. |
| 18 | 18 |
|
| 19 | 19 |
Initially reported by Gal Goldshtein from F5 Networks. |
| 20 |
- |
|
| 21 |
-diff --git a/src/http/v2/ngx_http_v2.c b/src/http/v2/ngx_http_v2.c |
|
| 22 |
-index b9943c9..83f9c4a 100644 |
|
| 23 |
-+++ b/src/http/v2/ngx_http_v2.c |
|
| 24 |
-@@ -4237,12 +4237,19 @@ ngx_http_v2_idle_handler(ngx_event_t *rev) |
|
| 20 |
+author Ruslan Ermilov <ru@nginx.com> |
|
| 21 |
+date Tue, 06 Nov 2018 16:29:49 +0300 (2 months ago) |
|
| 22 |
+parents 1c6b6163c039 |
|
| 23 |
+children 6afba58cd5a3 |
|
| 24 |
+files src/http/v2/ngx_http_v2.c src/http/v2/ngx_http_v2.h |
|
| 25 |
+diffstat 2 files changed, 11 insertions(+), 3 deletions(-) [+] |
|
| 26 |
+--- a/src/http/v2/ngx_http_v2.c Tue Nov 06 16:29:35 2018 +0300 |
|
| 27 |
+@@ -4481,12 +4481,19 @@ |
|
| 25 | 28 |
|
| 26 | 29 |
#endif |
| 27 | 30 |
|
| 28 |
-- c->destroyed = 0; |
|
| 29 |
-- ngx_reusable_connection(c, 0); |
|
| 30 |
-- |
|
| 31 |
- h2scf = ngx_http_get_module_srv_conf(h2c->http_connection->conf_ctx, |
|
| 32 |
- ngx_http_v2_module); |
|
| 33 |
- |
|
| 31 |
++ h2scf = ngx_http_get_module_srv_conf(h2c->http_connection->conf_ctx, |
|
| 32 |
++ ngx_http_v2_module); |
|
| 33 |
++ |
|
| 34 | 34 |
+ if (h2c->idle++ > 10 * h2scf->max_requests) {
|
| 35 | 35 |
+ ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, |
| 36 | 36 |
+ "http2 flood detected"); |
| ... | ... |
@@ -39,21 +33,22 @@ index b9943c9..83f9c4a 100644 |
| 39 | 39 |
+ return; |
| 40 | 40 |
+ } |
| 41 | 41 |
+ |
| 42 |
-+ c->destroyed = 0; |
|
| 43 |
-+ ngx_reusable_connection(c, 0); |
|
| 44 |
-+ |
|
| 42 |
+ c->destroyed = 0; |
|
| 43 |
+ ngx_reusable_connection(c, 0); |
|
| 44 |
+ |
|
| 45 |
+- h2scf = ngx_http_get_module_srv_conf(h2c->http_connection->conf_ctx, |
|
| 46 |
+- ngx_http_v2_module); |
|
| 47 |
+- |
|
| 45 | 48 |
h2c->pool = ngx_create_pool(h2scf->pool_size, h2c->connection->log); |
| 46 | 49 |
if (h2c->pool == NULL) {
|
| 47 | 50 |
ngx_http_v2_finalize_connection(h2c, NGX_HTTP_V2_INTERNAL_ERROR); |
| 48 |
-diff --git a/src/http/v2/ngx_http_v2.h b/src/http/v2/ngx_http_v2.h |
|
| 49 |
-index 11f774a..83dbea3 100644 |
|
| 50 |
-+++ b/src/http/v2/ngx_http_v2.h |
|
| 51 |
-@@ -116,6 +116,7 @@ struct ngx_http_v2_connection_s {
|
|
| 51 |
+--- a/src/http/v2/ngx_http_v2.h Tue Nov 06 16:29:35 2018 +0300 |
|
| 52 |
+@@ -121,6 +121,7 @@ |
|
| 52 | 53 |
|
| 53 | 54 |
ngx_uint_t processing; |
| 54 | 55 |
ngx_uint_t frames; |
| 55 | 56 |
+ ngx_uint_t idle; |
| 56 | 57 |
|
| 57 |
- size_t send_window; |
|
| 58 |
- size_t recv_window; |
|
| 58 |
+ ngx_uint_t pushing; |
|
| 59 |
+ ngx_uint_t concurrent_pushes; |
| ... | ... |
@@ -1,14 +1,14 @@ |
| 1 | 1 |
Summary: High-performance HTTP server and reverse proxy |
| 2 | 2 |
Name: nginx |
| 3 |
-Version: 1.13.8 |
|
| 4 |
-Release: 7%{?dist}
|
|
| 3 |
+Version: 1.13.10 |
|
| 4 |
+Release: 1%{?dist}
|
|
| 5 | 5 |
License: BSD-2-Clause |
| 6 | 6 |
URL: http://nginx.org/download/nginx-%{version}.tar.gz
|
| 7 | 7 |
Group: Applications/System |
| 8 | 8 |
Vendor: VMware, Inc. |
| 9 | 9 |
Distribution: Photon |
| 10 | 10 |
Source0: %{name}-%{version}.tar.gz
|
| 11 |
-%define sha1 nginx=a1f9348c9c46f449a0b549d0519dd34191d30cee |
|
| 11 |
+%define sha1 nginx=1cb3cff21370aa71cc0f127ff26759f78bc08168 |
|
| 12 | 12 |
Source1: nginx.service |
| 13 | 13 |
Source2: nginx-njs-0.2.1.tar.gz |
| 14 | 14 |
%define sha1 nginx-njs=fd8c3f2d219f175be958796e3beaa17f3b465126 |
| ... | ... |
@@ -77,6 +77,8 @@ install -p -m 0644 %{SOURCE1} %{buildroot}/usr/lib/systemd/system/nginx.service
|
| 77 | 77 |
%dir %{_var}/log/nginx
|
| 78 | 78 |
|
| 79 | 79 |
%changelog |
| 80 |
+* Mon Jan 28 2019 Keerthana K <keerthanak@vmware.com> 1.13.10-1 |
|
| 81 |
+- Update to version 1.13.10 |
|
| 80 | 82 |
* Thu Jan 17 2019 Keerthana K <keerthanak@vmware.com> 1.13.8-7 |
| 81 | 83 |
- Adding http v2 module support. |
| 82 | 84 |
* Mon Dec 17 2018 Ankit Jain <ankitja@vmware.com> 1.13.8-6 |