lp://qastaging/~titusx/nginx/mainline

Created by TitusX and last modified
Get this branch:
bzr branch lp://qastaging/~titusx/nginx/mainline

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
TitusX
Project:
Nginx
Status:
Mature

Import details

Import Status: Suspended

This branch is an import of the HEAD branch of the Git repository at https://github.com/nginx/nginx.git.

Last successful import was .

Import started on juju-98ee42-prod-launchpad-codeimport-1 and finished taking 15 seconds — see the log
Import started on juju-98ee42-prod-launchpad-codeimport-0 and finished taking 25 seconds — see the log
Import started on juju-98ee42-prod-launchpad-codeimport-5 and finished taking 15 seconds — see the log
Import started on juju-98ee42-prod-launchpad-codeimport-5 and finished taking 25 seconds — see the log
Import started on juju-98ee42-prod-launchpad-codeimport-4 and finished taking 25 seconds — see the log
Import started on juju-98ee42-prod-launchpad-codeimport-2 and finished taking 15 seconds — see the log
Import started on juju-98ee42-prod-launchpad-codeimport-0 and finished taking 10 seconds — see the log
Import started on juju-98ee42-prod-launchpad-codeimport-2 and finished taking 15 seconds — see the log
Import started on juju-98ee42-prod-launchpad-codeimport-1 and finished taking 15 seconds — see the log
Import started on juju-98ee42-prod-launchpad-codeimport-0 and finished taking 20 seconds — see the log

Recent revisions

7373. By nandsky <email address hidden>

QUIC: fixed client request timeout in 0-RTT scenarios.

Since 0-RTT and 1-RTT data exist in the same packet number space,
ngx_quic_discard_ctx incorrectly discards 1-RTT packets when
0-RTT keys are discarded.

The issue was introduced by 58b92177e7c3c50f77f807ab3846ad5c7bbf0ebe.

7372. By Roman Arutyunyan <email address hidden>

Version bump.

7371. By Sergey Kandaurov <email address hidden>

nginx-1.27.3-RELEASE

7370. By Sergey Kandaurov <email address hidden>

Mail: handling of LOGIN IMAP command untagged response.

In particular, an untagged CAPABILITY response as described in the
interim RFC 3501 internet drafts was seen in various IMAP servers.
Previously resulted in a broken connection, now an untagged response
is proxied to client.

7369. By Roman Arutyunyan <email address hidden>

Realip: allowed square brackets with portless IPv6 address.

When client address is received, IPv6 address could be specified without
square brackets and without port, as well as both with the brackets and
port. The change allows IPv6 in square brackets and no port, which was
previously considered an error. This format conforms to RFC 3986.

The change also affects proxy_bind and friends.

7368. By Sergey Kandaurov <email address hidden>

QUIC: got rid of memory copy when initializing constant values.

7367. By Sergey Kandaurov <email address hidden>

QUIC: constified nonce parameter of crypto functions.

This follows OpenSSL and BoringSSL API, and gives a hint to compiler
that this parameter may not be modified.

7366. By Sergey Kandaurov <email address hidden>

Upstream: disallow empty path in proxy_store and friends.

Renaming a temporary file to an empty path ("") returns NGX_ENOPATH
with a subsequent ngx_create_full_path() to create the full path.
This function skips initial bytes as part of path separator lookup,
which causes out of bounds access on short strings.

The fix is to avoid renaming a temporary file to an obviously invalid
path, as well as explicitly forbid such syntax for literal values.

Although Coverity reports about potential type underflow, it is not
actually possible because the terminating '\0' is always included.

Notably, the run-time check is sufficient enough for Win32 as well.
Other short invalid values result either in NGX_ENOENT or NGX_EEXIST
and "MoveFile() .. failed" critical log messages, which involves a
separate error handling.

Prodded by Coverity (CID 1605485).

7365. By Roman Arutyunyan <email address hidden>

QUIC: prevented BIO leak in case of error.

7364. By Sergey Kandaurov <email address hidden>

SSL: a new macro to set default protocol versions.

This simplifies merging protocol values after ea15896 and ebd18ec.

Further, as outlined in ebd18ec18, for libraries preceeding TLSv1.2+
support, only meaningful versions TLSv1 and TLSv1.1 are set by default.

While here, fixed indentation.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.

Subscribers