Merge branch 'nginx' (nginx-1.15.5).
Change-Id: Ibdbb45f16ea13e6817dd02a839c03e8a871e6084
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
diff --git a/.hgtags b/.hgtags
index 6b97c0f..58e35ca 100644
--- a/.hgtags
+++ b/.hgtags
@@ -430,3 +430,4 @@
b234199c7ed8a156a6bb98f7ff58302c857c954f release-1.15.2
28b3e17ca7eba1e6a0891afde0e4bc5bcc99c861 release-1.15.3
49d49835653857daa418e68d6cbfed4958c78fca release-1.15.4
+f062e43d74fc2578bb100a9e82a953efa1eb9e4e release-1.15.5
diff --git a/BUILD b/BUILD
index 8026b48..232fe29 100644
--- a/BUILD
+++ b/BUILD
@@ -1535,5 +1535,5 @@
preinst = "@nginx_pkgoss//:debian_preinst",
prerm = "@nginx_pkgoss//:debian_prerm",
section = "httpd",
- version = "1.15.4",
+ version = "1.15.5",
)
diff --git a/build.bzl b/build.bzl
index 4906869..d5e5281 100644
--- a/build.bzl
+++ b/build.bzl
@@ -663,7 +663,7 @@
name = "nginx_pkgoss",
build_file_content = _PKGOSS_BUILD_FILE.format(nginx = nginx) +
_PKGOSS_BUILD_FILE_TAIL,
- commit = "6dad8e159e768fd3b0940fe089cc09c6ac135f19", # nginx-1.15.4
+ commit = "d97bd6151f3a140021f9638c5d2ccc72e0c6911e", # nginx-1.15.5
remote = "https://nginx.googlesource.com/nginx-pkgoss",
)
diff --git a/docs/xml/nginx/changes.xml b/docs/xml/nginx/changes.xml
index 02c4b3c..dfff0a7 100644
--- a/docs/xml/nginx/changes.xml
+++ b/docs/xml/nginx/changes.xml
@@ -5,6 +5,33 @@
<change_log title="nginx">
+<changes ver="1.15.5" date="2018-10-02">
+
+<change type="bugfix">
+<para lang="ru">
+при использовании OpenSSL 1.1.0h и новее
+в рабочем процессе мог произойти segmentation fault;
+ошибка появилась в 1.15.4.
+</para>
+<para lang="en">
+a segmentation fault might occur in a worker process
+when using OpenSSL 1.1.0h or newer;
+the bug had appeared in 1.15.4.
+</para>
+</change>
+
+<change type="bugfix">
+<para lang="ru">
+незначительных потенциальных ошибок.
+</para>
+<para lang="en">
+of minor potential bugs.
+</para>
+</change>
+
+</changes>
+
+
<changes ver="1.15.4" date="2018-09-25">
<change type="feature">
diff --git a/src/core/nginx.h b/src/core/nginx.h
index 3294ab5..c109ae1 100644
--- a/src/core/nginx.h
+++ b/src/core/nginx.h
@@ -13,8 +13,8 @@
#define NGINX_NAME "nginx"
#endif
-#define nginx_version 1015004
-#define NGINX_VERSION "1.15.4"
+#define nginx_version 1015005
+#define NGINX_VERSION "1.15.5"
#define NGINX_VER NGINX_NAME "/" NGINX_VERSION
#ifdef NGX_BUILD
diff --git a/src/core/ngx_cycle.c b/src/core/ngx_cycle.c
index f3ac24d..083c764 100644
--- a/src/core/ngx_cycle.c
+++ b/src/core/ngx_cycle.c
@@ -921,7 +921,8 @@
#else
- file = ngx_pnalloc(cycle->pool, cycle->lock_file.len + zn->shm.name.len);
+ file = ngx_pnalloc(cycle->pool,
+ cycle->lock_file.len + zn->shm.name.len + 1);
if (file == NULL) {
return NGX_ERROR;
}
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 6b63601..b903e87 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -3172,6 +3172,7 @@
const
#endif
u_char *p;
+ size_t slen;
uint32_t hash;
ngx_int_t rc;
ngx_shm_zone_t *shm_zone;
@@ -3227,12 +3228,14 @@
if (rc == 0) {
if (sess_id->expire > ngx_time()) {
- ngx_memcpy(buf, sess_id->session, sess_id->len);
+ slen = sess_id->len;
+
+ ngx_memcpy(buf, sess_id->session, slen);
ngx_shmtx_unlock(&shpool->mutex);
p = buf;
- sess = d2i_SSL_SESSION(NULL, &p, sess_id->len);
+ sess = d2i_SSL_SESSION(NULL, &p, slen);
return sess;
}
diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
index d7da788..eb5ead5 100644
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -1009,7 +1009,7 @@
c = ngx_ssl_get_connection(ssl_conn);
- if (c->ssl->renegotiation) {
+ if (c->ssl->handshaked) {
return SSL_TLSEXT_ERR_NOACK;
}
@@ -1074,6 +1074,10 @@
#endif
SSL_set_options(ssl_conn, SSL_CTX_get_options(sscf->ssl.ctx));
+
+#ifdef SSL_OP_NO_RENEGOTIATION
+ SSL_set_options(ssl_conn, SSL_OP_NO_RENEGOTIATION);
+#endif
}
return SSL_TLSEXT_ERR_OK;
