diff -Nru nginx-1.22.0/CHANGES nginx-1.22.1/CHANGES --- nginx-1.22.0/CHANGES 2022-05-23 23:59:23.000000000 +0000 +++ nginx-1.22.1/CHANGES 2022-10-19 08:02:28.000000000 +0000 @@ -1,4 +1,12 @@ +Changes with nginx 1.22.1 19 Oct 2022 + + *) Security: processing of a specially crafted mp4 file by the + ngx_http_mp4_module might cause a worker process crash, worker + process memory disclosure, or might have potential other impact + (CVE-2022-41741, CVE-2022-41742). + + Changes with nginx 1.22.0 24 May 2022 *) 1.22.x stable branch. diff -Nru nginx-1.22.0/CHANGES.ru nginx-1.22.1/CHANGES.ru --- nginx-1.22.0/CHANGES.ru 2022-05-23 23:59:22.000000000 +0000 +++ nginx-1.22.1/CHANGES.ru 2022-10-19 08:02:26.000000000 +0000 @@ -1,4 +1,13 @@ +Изменения в nginx 1.22.1 19.10.2022 + + *) Безопасность: обработка специально созданного mp4-файла модулем + ngx_http_mp4_module могла приводить к падению рабочего процесса, + отправке клиенту части содержимого памяти рабочего процесса, а также + потенциально могла иметь другие последствия (CVE-2022-41741, + CVE-2022-41742). + + Изменения в nginx 1.22.0 24.05.2022 *) Стабильная ветка 1.22.x. diff -Nru nginx-1.22.0/debian/apport/source_nginx.py nginx-1.22.1/debian/apport/source_nginx.py --- nginx-1.22.0/debian/apport/source_nginx.py 1970-01-01 00:00:00.000000000 +0000 +++ nginx-1.22.1/debian/apport/source_nginx.py 2022-11-01 11:51:29.000000000 +0000 @@ -0,0 +1,19 @@ +''' +apport package hook for nginx packages + +Copyright (c) 2015, Thomas Ward +''' + +import apport.hookutils +import os +import subprocess + +def add_info(report, ui): + if (report['Package'].split()[0] != 'nginx-common' + and report['ProblemType'] == 'Package' + and os.path.isdir('/run/systemd/system')): + report['Journalctl_Nginx.txt'] = apport.hookutils.command_output( + ['journalctl', '-xe', '--unit=nginx.service']) + report['SystemctlStatusFull_Nginx.txt'] = subprocess.Popen( + ['systemctl', '-l', 'status', 'nginx.service'], + stdout=subprocess.PIPE).communicate()[0] diff -Nru nginx-1.22.0/debian/changelog nginx-1.22.1/debian/changelog --- nginx-1.22.0/debian/changelog 2022-06-14 08:26:11.000000000 +0000 +++ nginx-1.22.1/debian/changelog 2022-11-01 11:51:29.000000000 +0000 @@ -1,9 +1,9 @@ -nginx (1.22.0-0+bionic3) bionic; urgency=medium +nginx (1.22.1-0+bionic1) bionic; urgency=medium * Non-maintainer upload. - * Initial build after syncing latest package changes from Debian + * New upstream version 1.22.1 - -- Filip Chabik Tue, 14 Jun 2022 10:26:11 +0200 + -- Filip Chabik Tue, 01 Nov 2022 12:51:29 +0100 nginx (1.22.0-0+bionic1) bionic; urgency=medium @@ -12,12 +12,26 @@ -- Filip Chabik Fri, 10 Jun 2022 09:37:59 +0200 -nginx (1.20.2-0+bionic1) bionic; urgency=medium +nginx (1.21.6-0+bionic1) bionic; urgency=medium * Non-maintainer upload. - * New upstream version 1.20.2 + * New upstream version 1.21.6 - -- Filip Chabik Wed, 17 Nov 2021 11:34:56 +0100 + -- Filip Chabik Wed, 16 Feb 2022 11:19:38 +0100 + +nginx (1.21.4-0+bionic1) bionic; urgency=medium + + * Non-maintainer upload. + * New upstream version 1.21.4 + + -- Filip Chabik Thu, 04 Nov 2021 15:18:04 +0100 + +nginx (1.21.3-0+bionic1) bionic; urgency=medium + + * Non-maintainer upload. + * New upstream mainline version 1.21.3 + + -- Filip Chabik Fri, 24 Sep 2021 16:08:06 +0200 nginx (1.20.1-0+bionic5) bionic; urgency=medium @@ -39,7 +53,7 @@ -- Filip Chabik Mon, 20 Sep 2021 09:12:46 +0200 -nginx (1.20.1-0+focal3) focal; urgency=medium +nginx (1.20.1-0+bionic4) bionic; urgency=medium * Non-maintainer upload. * Sync against Debian package: diff -Nru nginx-1.22.0/debian/compat nginx-1.22.1/debian/compat --- nginx-1.22.0/debian/compat 2022-06-14 08:26:11.000000000 +0000 +++ nginx-1.22.1/debian/compat 2022-11-01 11:51:29.000000000 +0000 @@ -1 +1 @@ -12 +10 diff -Nru nginx-1.22.0/debian/conf/mime.types nginx-1.22.1/debian/conf/mime.types --- nginx-1.22.0/debian/conf/mime.types 2022-06-14 08:26:11.000000000 +0000 +++ nginx-1.22.1/debian/conf/mime.types 2022-11-01 11:51:29.000000000 +0000 @@ -15,19 +15,16 @@ text/vnd.wap.wml wml; text/x-component htc; - image/avif avif; image/png png; - image/svg+xml svg svgz; image/tiff tif tiff; image/vnd.wap.wbmp wbmp; - image/webp webp; image/x-icon ico; image/x-jng jng; image/x-ms-bmp bmp; + image/svg+xml svg svgz; + image/webp webp; - font/woff woff; - font/woff2 woff2; - + application/font-woff woff; application/java-archive jar war ear; application/json json; application/mac-binhex40 hqx; @@ -36,20 +33,12 @@ application/postscript ps eps ai; application/rtf rtf; application/vnd.apple.mpegurl m3u8; - application/vnd.google-earth.kml+xml kml; - application/vnd.google-earth.kmz kmz; application/vnd.ms-excel xls; application/vnd.ms-fontobject eot; application/vnd.ms-powerpoint ppt; - application/vnd.oasis.opendocument.graphics odg; - application/vnd.oasis.opendocument.presentation odp; - application/vnd.oasis.opendocument.spreadsheet ods; - application/vnd.oasis.opendocument.text odt; - application/vnd.openxmlformats-officedocument.presentationml.presentation pptx; - application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx; - application/vnd.openxmlformats-officedocument.wordprocessingml.document docx; application/vnd.wap.wmlc wmlc; - application/wasm wasm; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; application/x-7z-compressed 7z; application/x-cocoa cco; application/x-java-archive-diff jardiff; @@ -75,6 +64,10 @@ application/octet-stream iso img; application/octet-stream msi msp msm; + application/vnd.openxmlformats-officedocument.wordprocessingml.document docx; + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx; + application/vnd.openxmlformats-officedocument.presentationml.presentation pptx; + audio/midi mid midi kar; audio/mpeg mp3; audio/ogg ogg; diff -Nru nginx-1.22.0/debian/control nginx-1.22.1/debian/control --- nginx-1.22.0/debian/control 2022-06-14 08:26:11.000000000 +0000 +++ nginx-1.22.1/debian/control 2022-11-01 11:51:29.000000000 +0000 @@ -4,9 +4,7 @@ Maintainer: Debian Nginx Maintainers Uploaders: Christos Trochalakis , Ondřej Nový , - Thomas Ward , - Jan Mojžíš , -Build-Depends: debhelper (>= 12), +Build-Depends: debhelper (>= 10), dpkg-dev (>= 1.15.5), libbrotli-dev, libexpat-dev, @@ -25,8 +23,8 @@ po-debconf, quilt, zlib1g-dev -Standards-Version: 4.6.0 -Homepage: https://nginx.org +Standards-Version: 4.5.0 +Homepage: https://nginx.net Vcs-Git: https://salsa.debian.org/nginx-team/nginx.git Vcs-Browser: https://salsa.debian.org/nginx-team/nginx Rules-Requires-Root: no @@ -70,31 +68,6 @@ This package contains base configuration files used by all versions of nginx. -Package: nginx-dev -Architecture: all -Depends: ${misc:Depends}, - debhelper-compat (= 13), - dpkg-dev (>= 1.15.5), - libgd-dev, - libgeoip-dev, - libpcre3-dev, - libperl-dev, - libssl-dev, - libxslt1-dev, - po-debconf, - quilt, - zlib1g-dev, - nginx-core (<< ${source:Version}.1~) | nginx-light (<< ${source:Version}.1~) | nginx-extras (<< ${source:Version}.1~), - nginx-core (>= ${source:Version}) | nginx-light (>= ${source:Version}) | nginx-extras (>= ${source:Version}) -Description: nginx web/proxy server - development headers - Nginx ("engine X") is a high-performance web and reverse proxy server - created by Igor Sysoev. It can be used both as a standalone web server - and as a proxy to reduce the load on back-end HTTP or mail servers. - . - This package provides development headers and necessary config scripts - for the nginx web/proxy server, useful to develop and link third party - additions to the Debian nginx web/proxy server packages. - Package: nginx-core Architecture: any Depends: libnginx-mod-http-geoip (= ${binary:Version}), diff -Nru nginx-1.22.0/debian/copyright nginx-1.22.1/debian/copyright --- nginx-1.22.0/debian/copyright 2022-06-14 08:26:11.000000000 +0000 +++ nginx-1.22.1/debian/copyright 2022-11-01 11:51:29.000000000 +0000 @@ -3,8 +3,8 @@ Source: https://nginx.org/en/download.html Files: * -Copyright: 2002-2021, Igor Sysoev - 2011-2022, Nginx, Inc. +Copyright: 2002-2019, Igor Sysoev + 2011-2019, Nginx, Inc. Maxim Dounin Valentin V. Bartenev Roman Arutyunyan @@ -13,14 +13,6 @@ Files: src/core/ngx_murmurhash.c Copyright: Copyright (C) Austin Appleby -License: public-domain - All MurmurHash versions are public domain software, and the author - disclaims all copyright to their code. - - -Files: src/stream/ngx_stream_set_module.c -Copyright: Copyright (C) Pavel Pautov - Copyright (C) Nginx, Inc. License: BSD-2-clause Files: src/http/modules/ngx_http_scgi_module.c @@ -31,6 +23,12 @@ Nginx, Inc. License: BSD-2-clause +Files: src/http/v2/ngx_http_v2_huff_encode.c +Copyright: 2015, Vlad Krasnov + Nginx, Inc. + Valentin V. Bartenev +License: BSD-2-clause + Files: contrib/geo2nginx.pl Copyright: 2005, Andrei Nigmatulin License: BSD-2-clause @@ -43,14 +41,10 @@ 2011 Dmitry E. Oboukhov 2011-2013, Cyril Lavier 2013-2016, Christos Trochalakis - 2019-2022, Thomas Ward - 2020-2022, Ondřej Nový + 2019-2020, Thomas Ward + 2020, Ondřej Nový License: BSD-2-clause -Files: debian/debhelper/* -Copyright: 2022 Miao Wang -License: Expat - Files: debian/modules/http-headers-more-filter/* Copyright: 2009-2017, Yichun "agentzh" Zhang (章亦春) , CloudFlare Inc. 2010-2013, Bernd Dorn @@ -83,9 +77,7 @@ Files: debian/modules/http-ndk/src/hash/murmurhash2.c Copyright: Austin Appleby -License: public-domain - All MurmurHash versions are public domain software, and the author - disclaims all copyright to their code. +License: BSD-3-clause Files: debian/modules/http-auth-ldap/* Copyright: 2011-2013, Valery Komarov @@ -133,6 +125,217 @@ Copyright: 2012-2014, Roman Arutyunyan License: BSD-2-clause +Files: debian/modules/http-vhost-traffic-status/* +Copyright: 2015, YoungJoo.Kim +License: BSD-2-clause + +Files: debian/modules/http-stream-server-traffic-status/* + debian/modules/stream-server-traffic-status/* +Copyright: 2017, YoungJoo.Kim +License: BSD-2-clause + +License: Apache + Version 2.0, January 2004 + http://www.apache.org/licenses/ + . + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + . + 1. Definitions. + . + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + . + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + . + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + . + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + . + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + . + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + . + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + . + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + . + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + . + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + . + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + . + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + . + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + . + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + . + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + . + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + . + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + . + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + . + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + . + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + . + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + . + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + . + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + . + END OF TERMS AND CONDITIONS + . + APPENDIX: How to apply the Apache License to your work. + . + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + . + Copyright [yyyy] [name of copyright owner] + . + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + . + http://www.apache.org/licenses/LICENSE-2.0 + . + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + License: BSD-2-clause All rights reserved. . diff -Nru nginx-1.22.0/debian/debhelper/dh_nginx nginx-1.22.1/debian/debhelper/dh_nginx --- nginx-1.22.0/debian/debhelper/dh_nginx 2022-06-14 08:26:11.000000000 +0000 +++ nginx-1.22.1/debian/debhelper/dh_nginx 1970-01-01 00:00:00.000000000 +0000 @@ -1,331 +0,0 @@ -#! /usr/bin/perl - -# dh_nginx - Nginx configuration helper -# Copyright (C) 2016 Christos Trochalakis -# -# This program is licensed under the terms of the GNU General -# Public License veserion 2+ -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; either version 2 -# of the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - -use strict; -use File::Find; -use Debian::Debhelper::Dh_Lib; - - -=head1 NAME - -dh_nginx - register configuration snippets to the nginx web server - -=cut - -sub nginx_depends -{ - return 'nginx-common (= ${source:Version})' -} - -sub nginx_api_installdir -{ - return "/usr/lib/nginx/modules/"; -} - -sub nginx_modules_conf_installdir -{ - return "usr/share/nginx/modules-available/" -} - -=head1 SYNOPSIS - -B [S>] [B<-n>|B<--noscripts>] [B<--in-nginx-tree>] - -=head1 DESCRIPTION - -B is a debhelper program that is responsible for correctly installing -Nginx configuration snippets and setting postinst, prerm and dependencies in -Nginx web server modules and web applications. - -It supports the following configuration types - -=over 4 - -=item * -Nginx modules - -=back - -=head1 INVOCATION - - %: - dh $@ --with nginx - -=head1 FILES - -=over 4 - -=item debian/I.nginx - -=item debian/nginx - -=back - -Lists files to be registered with the Nginx HTTP server. The file is -interpreted as line separated list of installation stanzas, where each entry -consists of whitespace separated values conforming to the file semantics below. - -When this file is missing but the name of the package looks like a nginx module, -the module load file and its loading priority is automatically generated inferring -from the package name. In this case, IB<.install> or other mechanisms -should be used for copying the B<.so> library into the correct place. - -=head2 FILE SEMANTICS - -Each line consists of a triple - -I I [I] - -where the values are interpreted as follows: - - -=head3 I - -Denotes the type of file to be installed. Recognized values are B for -Nginx modules. - -=head3 I - -Is interpreted as existing file name within the source package. No path -expansion is effectuated. Just like L, B can not -rename files. - -=head3 I - -Is inrerpreted as optional arguments if any, currently not used. - -=head2 MODULES - -Modules are handled specially and are determined by the B type. Modules must -have a I<.conf> suffix. In that case the file is interpreted as module load -file and is installed to I. If the file is ending -with a I<.so> suffix it is interpreted as actual module shared object and is -installed to the Nginx module directory, an optional numeric priority can be -set as the last argument to handle module dependencies. - -=head1 OPTIONS - -=over 4 - -=item B<-e>, B<--noenable> - -Install maintainer scripts accordingly, but do not enable the scripts or -configuration by default. - -=item B<-n>, B<--noscripts> - -Do not modify F/F/F maintainer scripts. - -=item B<--in-nginx-tree> - -Specify this option when building in-tree modules along with nginx. When -specified, nginx abi version is not required in package name. - -=back - -=head1 NOTES - -Note that this command is not idempotent. L should be called -between invocations of this command. Otherwise, it may cause multiple -instances of the same text to be added to maintainer scripts. - -=head1 AUTHOR - -This manual and L was written by Christos Trochalakis. -dh_nginx is heavily influnced by dh_apache2 written by Arno Toell -. - -=cut - - -## -## main code starts here -## - -my $nginx_in_tree; - -init(options => { - "e|noenable" => \$dh{NOENABLE}, - "in-nginx-tree" => \$nginx_in_tree, -}); - -foreach my $package ((@{$dh{DOPACKAGES}})) -{ - my %PACKAGE_TYPE = ( - has_a_module => [], - ); - - my $file = pkgfile($package, "nginx"); - my $tmp = tmpdir($package); - my $installdir = $tmp . "/" . nginx_modules_conf_installdir(); - my $modinstalldir = $tmp . "/" . nginx_api_installdir(); - - if ($file){ - my @files_to_register = filedoublearray($file, ".") if $file; - foreach my $line (@files_to_register) - { - my $type = lc(shift @{$line}) if $line->[0]; - my $source = shift @{$line} if $line->[0]; - my @arguments = @{$line}; - my $destination; - - $type = "modules" if $type eq "mod"; - - verbose_print("$type -- $source -- @arguments\n\n"); - - if ($type eq "modules") - { - my $basesource = basename($source); - - if ($type eq "modules") - { - if ($basesource =~ m/\.conf$/) - { - my $enablename = $basesource; - my $prio = $#arguments >= 0 ? $arguments[0] : 50; - $destination = "$prio-$basesource"; - push @{$PACKAGE_TYPE{'has_a_module'}}, "$enablename:$destination"; - verbose_print("Installing module configuration $enablename into $installdir prio:$prio\n"); - } - elsif ($basesource =~ m/\.so$/) - { - verbose_print("Installing module binary $source into $modinstalldir\n"); - if (! -d $modinstalldir) - { - complex_doit("mkdir","-p", $modinstalldir); - complex_doit("chmod","755","$modinstalldir"); - } - complex_doit("cp", $source, $modinstalldir); - next; - } - - # TODO - error("module: \"$basesource\" needs .conf, .so or suffix") if $basesource !~ m/\.(conf|so)/; - } - - if (! -d $installdir) - { - complex_doit("mkdir","-p",$installdir); - complex_doit("chmod","755","$installdir"); - } - complex_doit("cp",$source,$installdir); - complex_doit("chmod","644","$installdir/$basesource"); - - } - else - { - error("Unknown parameter: $type\n"); - } - - } - } elsif ($package =~ /^libnginx-mod-/){ - verbose_print("$package might be a nginx module\n"); - - my $module = $package; - $module =~ s/^libnginx-mod-//; - verbose_print("Guessed module name: $module\n"); - - my $modulepath = $module; - $modulepath =~ s/-/_/g; - - if (-e "$modinstalldir/ngx_${modulepath}_module.so"){ - my $prio = 50; - if ($module =~ /^\w+-/ && !($module =~ /^http-/) ){ - $prio = 70; - } - verbose_print("Guessed load priority: $prio\n"); - - my $conf_name = "mod-$module.conf"; - install_dir($installdir); - verbose_print("Installing module configuration $conf_name into $installdir prio:$prio\n"); - open(MOD_CONF, $dh{NO_ACT} ? ">&STDERR" : ">$installdir/$conf_name") or error("open($installdir/$conf_name): $!"); - print(MOD_CONF "load_module modules/ngx_${modulepath}_module.so;\n"); - close(MOD_CONF); - chmod(0644, "$installdir/$conf_name") or error("chmod(0644, $installdir/$conf_name): $!"); - push @{$PACKAGE_TYPE{'has_a_module'}}, "$conf_name:$prio-$conf_name"; - } else { - verbose_print("$package is not a nginx module because $modinstalldir/ngx_${modulepath}_module.so not found"); - verbose_print("If it is not correct, check if the module is installed before invoking this script"); - } - } - - my @postinst_autoscripts; - - if ($#{$PACKAGE_TYPE{'has_a_module'}} >= 0) - { - if ($package !~ m/libnginx-mod-\w+?/) - { - warning("Package $package appears to be an Nginx module. It should comply to the package naming scheme libnginx-mod-\n"); - } - if ($nginx_in_tree){ - addsubstvar($package, "misc:Depends", nginx_depends()); - } else { - my $ngx_ver = `grep 'define NGINX_VERSION' /usr/share/nginx/src/src/core/nginx.h | sed -e 's/^.*"\\(.*\\)".*/\\1/'`; - chomp($ngx_ver); - addsubstvar($package, "misc:Depends", "nginx-common (>= $ngx_ver), nginx-common (<< $ngx_ver.1~)"); - } - - my $modules = ""; - foreach my $module (@{$PACKAGE_TYPE{'has_a_module'}}) - { - $modules .= "$module "; - } - - push @postinst_autoscripts, ["module", $modules]; - } - - if (! $dh{NOSCRIPTS}) - { - foreach my $ref (@postinst_autoscripts) - { - for my $script_type (qw/postinst prerm postrm/) - { - if ($script_type eq "postinst" && $dh{NOENABLE}) - { - next - } - - my %replacements = ( - NAMES => $ref->[1], - ); - - my $sed_command = ""; - foreach my $key (sort keys %replacements) - { - my $val = $replacements{$key}; - # Use a control char as separator for sed, to - # reduce escaping issues. Everything else is - # passed verbatim, i.e. it must not contain any - # shell or sed special characters. - my $sep = "\x17"; - $sed_command .= "s" . $sep . "#$key#" . - $sep . $val . - $sep . "g; "; - } - - autoscript($package, "$script_type", "$script_type-nginx", $sed_command); - } - } - } -} - -# vim: syntax=perl sw=8 sts=8 sr noet diff -Nru nginx-1.22.0/debian/debhelper/nginx_mod.pm nginx-1.22.1/debian/debhelper/nginx_mod.pm --- nginx-1.22.0/debian/debhelper/nginx_mod.pm 2022-06-14 08:26:11.000000000 +0000 +++ nginx-1.22.1/debian/debhelper/nginx_mod.pm 1970-01-01 00:00:00.000000000 +0000 @@ -1,96 +0,0 @@ -# A build system class for handling nginx modules. -# -# Copyright: © 2022 Miao Wang -# License: MIT - -package Debian::Debhelper::Buildsystem::nginx_mod; - -use strict; -use warnings; -use Debian::Debhelper::Dh_Lib qw(error doit); -use File::Spec; -use parent qw(Debian::Debhelper::Buildsystem::makefile); -use Config; - -sub DESCRIPTION { - "Nginx Module (config)" -} - -sub check_auto_buildable { - my ($this, $step) = @_; - - return 1 if -e $this->get_sourcepath("config"); -} - -sub _NGINX_SRC_DIR { - "/usr/share/nginx/src" -} - -sub new { - my $class=shift; - my $this= $class->SUPER::new(@_); - $this->prefer_out_of_source_building(@_); - return $this; -} - -sub configure { - my $this=shift; - - doit({ - "chdir" => $this->_NGINX_SRC_DIR, - "update_env" => { - "src_dir" => $this->get_sourcedir, - "bld_dir" => $this->get_builddir, - "pwd_dir" => $this->{cwd}, - }, - }, "bash", "-c", '. ./conf_flags - ./configure \\ - --with-cc-opt="$(cd "$pwd_dir/$src_dir"; dpkg-buildflags --get CFLAGS) -fPIC $(cd "$pwd_dir/$src_dir"; dpkg-buildflags --get CPPFLAGS)" \\ - --with-ld-opt="$(cd "$pwd_dir/$src_dir"; dpkg-buildflags --get LDFLAGS) -fPIC" \\ - "${NGX_CONF_FLAGS[@]}" \\ - --add-dynamic-module="$pwd_dir/$src_dir" \\ - --builddir="$pwd_dir/$bld_dir" \\ - "$@"', "dummy", @_); -} - -sub build { - my $this=shift; - - $this->do_make("-f", File::Spec->catfile($this->{cwd}, $this->get_buildpath("Makefile")), "-C", $this->_NGINX_SRC_DIR, "modules"); -} - -sub test { - my $this=shift; - $this->doit_in_builddir("bash", "-e", "-o", "pipefail", "-c", ' - tmp_conf=$(mktemp -p .) - for pre_dep in "$@"; do - echo "load_module modules/$pre_dep;" >> "$tmp_conf" - done - for i in *.so; do - echo "load_module $PWD/$i;" >> "$tmp_conf" - done - echo "events{}" >> "$tmp_conf" - nginx -g "error_log /dev/null; pid /dev/null;" -t -q -c "$PWD/$tmp_conf" - rm -f "$tmp_conf" - ', "dummy", @_); -} - -sub install { - my $this=shift; - my $destdir=shift; - - $this->doit_in_builddir("bash", "-e", "-o", "pipefail", "-c", ' - destdir=$1 - mkdir -p "$destdir/usr/lib/nginx/modules" - for i in *.so; do - cp "$i" "$destdir/usr/lib/nginx/modules/" - done - ', "dummy", $destdir); -} - -sub clean { - my $this=shift; - $this->rmdir_builddir(); -} - -1 diff -Nru nginx-1.22.0/debian/debhelper/nginx.pm nginx-1.22.1/debian/debhelper/nginx.pm --- nginx-1.22.0/debian/debhelper/nginx.pm 2022-06-14 08:26:11.000000000 +0000 +++ nginx-1.22.1/debian/debhelper/nginx.pm 1970-01-01 00:00:00.000000000 +0000 @@ -1,8 +0,0 @@ -#!/usr/bin/perl -use warnings; -use strict; -use Debian::Debhelper::Dh_Lib; - -insert_after("dh_install", "dh_nginx"); - -1; diff -Nru nginx-1.22.0/debian/dh_nginx nginx-1.22.1/debian/dh_nginx --- nginx-1.22.0/debian/dh_nginx 1970-01-01 00:00:00.000000000 +0000 +++ nginx-1.22.1/debian/dh_nginx 2022-11-01 11:51:29.000000000 +0000 @@ -0,0 +1,280 @@ +#! /usr/bin/perl + +# dh_nginx - Nginx configuration helper +# Copyright (C) 2016 Christos Trochalakis +# +# This program is licensed under the terms of the GNU General +# Public License veserion 2+ +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +use strict; +use File::Find; +use Debian::Debhelper::Dh_Lib; + + +=head1 NAME + +dh_nginx - register configuration snippets to the nginx web server + +=cut + +sub nginx_depends +{ + return 'nginx-common (= ${source:Version})' +} + +sub nginx_api_installdir +{ + return "/usr/lib/nginx/modules/"; +} + +sub nginx_modules_conf_installdir +{ + return "usr/share/nginx/modules-available/" +} + +=head1 SYNOPSIS + +B [S>] [B<-n>|B<--noscripts>] + +=head1 DESCRIPTION + +B is a debhelper program that is responsible for correctly installing +Nginx configuration snippets and setting postinst, prerm and dependencies in +Nginx web server modules and web applications. + +It supports the following configuration types + +=over 4 + +=item * +Nginx modules + +=head1 INVOCATION + + %: + dh $@ --with nginx + +=head1 FILES + +=over 4 + +=item debian/I.nginx + +=item debian/nginx + +=back + +Lists files to be registered with the Nginx HTTP server. The file is +interpreted as line separated list of installation stanzas, where each entry +consists of whitespace separated values conforming to the file semantics below. + +=head2 FILE SEMANTICS + +Each line consists of a triple + +I I [I] + +where the values are interpreted as follows: + + +=head3 I + +Denotes the type of file to be installed. Recognized values are B for +Nginx modules. + +=head3 I + +Is interpreted as existing file name within the source package. No path +expansion is effectuated. Just like L, B can not +rename files. + +=head3 I + +Is inrerpreted as optional arguments if any, currently not used. + +=head2 MODULES + +Modules are handled specially and are determined by the B type. Modules must +have a I<.conf> suffix. In that case the file is interpreted as module load +file and is installed to I. If the file is ending +with a I<.so> suffix it is interpreted as actual module shared object and is +installed to the Nginx module directory, an optional numeric priority can be +set as the last argument to handle module dependencies. + +=head1 OPTIONS + +=over 4 + +=item B<-e>, B<--noenable> + +Install maintainer scripts accordingly, but do not enable the scripts or +configuration by default. + +=item B<-n>, B<--noscripts> + +Do not modify F/F/F maintainer scripts. + + +=back + +=head1 NOTES + +Note that this command is not idempotent. L should be called +between invocations of this command. Otherwise, it may cause multiple +instances of the same text to be added to maintainer scripts. + +=head1 AUTHOR + +This manual and L was written by Christos Trochalakis. +dh_nginx is heavily influnced by dh_apache2 written by Arno Toell +. + +=cut + + +## +## main code starts here +## + +init(options => { + "e|noenable" => \$dh{NOENABLE}, +}); + +foreach my $package ((@{$dh{DOPACKAGES}})) +{ + my %PACKAGE_TYPE = ( + has_a_module => [], + ); + + my $file = pkgfile($package, "nginx"); + my $tmp = tmpdir($package); + + my @files_to_register = filedoublearray($file, ".") if $file; + foreach my $line (@files_to_register) + { + my $type = lc(shift @{$line}) if $line->[0]; + my $source = shift @{$line} if $line->[0]; + my @arguments = @{$line}; + my $destination; + + $type = "modules" if $type eq "mod"; + my $installdir = $tmp . "/" . nginx_modules_conf_installdir(); + + verbose_print("$type -- $source -- @arguments\n\n"); + + if ($type eq "modules") + { + my $basesource = basename($source); + + if ($type eq "modules") + { + if ($basesource =~ m/\.conf$/) + { + my $enablename = $basesource; + my $prio = $#arguments >= 0 ? $arguments[0] : 50; + $destination = "$prio-$basesource"; + push @{$PACKAGE_TYPE{'has_a_module'}}, "$enablename:$destination"; + verbose_print("Installing module configuration $enablename into $installdir prio:$prio\n"); + } + elsif ($basesource =~ m/\.so$/) + { + my $modinstalldir = $tmp . "/" . nginx_api_installdir(); + verbose_print("Installing module binary $source into $modinstalldir\n"); + if (! -d $modinstalldir) + { + complex_doit("mkdir","-p", $modinstalldir); + complex_doit("chmod","755","$modinstalldir"); + } + complex_doit("cp", $source, $modinstalldir); + next; + } + + # TODO + error("module: \"$basesource\" needs .conf, .so or suffix") if $basesource !~ m/\.(conf|so)/; + } + + if (! -d $installdir) + { + complex_doit("mkdir","-p",$installdir); + complex_doit("chmod","755","$installdir"); + } + complex_doit("cp",$source,$installdir); + complex_doit("chmod","644","$installdir/$basesource"); + + } + else + { + error("Unknown parameter: $type\n"); + } + + } + + my @postinst_autoscripts; + + if ($#{$PACKAGE_TYPE{'has_a_module'}} >= 0) + { + if ($package !~ m/libnginx-mod-\w+?/) + { + warning("Package $package appears to be an Nginx module. It should comply to the package naming scheme libnginx-mod-\n"); + } + addsubstvar($package, "misc:Depends", nginx_depends()); + + my $modules = ""; + foreach my $module (@{$PACKAGE_TYPE{'has_a_module'}}) + { + $modules .= "$module "; + } + + push @postinst_autoscripts, ["module", $modules]; + } + + if (! $dh{NOSCRIPTS}) + { + foreach my $ref (@postinst_autoscripts) + { + for my $script_type (qw/postinst prerm postrm/) + { + if ($script_type eq "postinst" && $dh{NOENABLE}) + { + next + } + + my %replacements = ( + NAMES => $ref->[1], + ); + + my $sed_command = ""; + foreach my $key (sort keys %replacements) + { + my $val = $replacements{$key}; + # Use a control char as separator for sed, to + # reduce escaping issues. Everything else is + # passed verbatim, i.e. it must not contain any + # shell or sed special characters. + my $sep = "\x17"; + $sed_command .= "s" . $sep . "#$key#" . + $sep . $val . + $sep . "g; "; + } + + autoscript($package, "$script_type", "$script_type-nginx", $sed_command); + } + } + } +} + +# vim: syntax=perl sw=8 sts=8 sr noet diff -Nru nginx-1.22.0/debian/gitlab-ci.yml nginx-1.22.1/debian/gitlab-ci.yml --- nginx-1.22.0/debian/gitlab-ci.yml 2022-06-14 08:26:11.000000000 +0000 +++ nginx-1.22.1/debian/gitlab-ci.yml 1970-01-01 00:00:00.000000000 +0000 @@ -1,8 +0,0 @@ ---- -include: - - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml - - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml - -# Disable reprotest which is failing now -variables: - SALSA_CI_DISABLE_REPROTEST: 1 diff -Nru nginx-1.22.0/debian/libnginx-mod-http-perl.lintian-overrides nginx-1.22.1/debian/libnginx-mod-http-perl.lintian-overrides --- nginx-1.22.0/debian/libnginx-mod-http-perl.lintian-overrides 1970-01-01 00:00:00.000000000 +0000 +++ nginx-1.22.1/debian/libnginx-mod-http-perl.lintian-overrides 2022-11-01 11:51:29.000000000 +0000 @@ -0,0 +1 @@ +libnginx-mod-http-perl: wrong-section-according-to-package-name libnginx-mod-http-perl => perl diff -Nru nginx-1.22.0/debian/modules/control nginx-1.22.1/debian/modules/control --- nginx-1.22.0/debian/modules/control 2022-06-14 08:26:11.000000000 +0000 +++ nginx-1.22.1/debian/modules/control 2022-11-01 11:51:29.000000000 +0000 @@ -9,17 +9,13 @@ Module: http-auth-pam Homepage: https://github.com/sto/ngx_http_auth_pam_module -Version: 1.5.3 +Version: 1.5.2 Module: http-echo Homepage: https://github.com/agentzh/echo-nginx-module -Version: 0.62 +Version: v0.62 Files-Excluded: .gitignore .gitattributes .travis.yml -Module: http-geoip2 -Homepage: https://github.com/leev/ngx_http_geoip2_module -Version: 3.3 - Module: http-uploadprogress Homepage: https://github.com/masterzen/nginx-upload-progress-module Files-Excluded: test @@ -35,8 +31,7 @@ Module: http-fancyindex Homepage: https://github.com/aperezdc/ngx-fancyindex -Version: 0.5.2 -Files-Excluded: .gitignore .travis.yml +Version: 0.5.1 Module: http-subs-filter Homepage: https://github.com/yaoweibin/ngx_http_substitutions_filter_module @@ -48,6 +43,10 @@ Files-Excluded: test Version: 1.2.2 +Module: http-geoip2 +Homepage: https://github.com/leev/ngx_http_geoip2_module +Version: 3.3 + Module: http-upsync Homepage: https://github.com/weibocom/nginx-upsync-module Version: 2.1.3 diff -Nru nginx-1.22.0/debian/modules/http-auth-pam/ChangeLog nginx-1.22.1/debian/modules/http-auth-pam/ChangeLog --- nginx-1.22.0/debian/modules/http-auth-pam/ChangeLog 2022-06-14 08:26:11.000000000 +0000 +++ nginx-1.22.1/debian/modules/http-auth-pam/ChangeLog 2022-11-01 11:51:29.000000000 +0000 @@ -1,9 +1,3 @@ -2021-08-23 sto@mixinet.net - - * Version 1.5.3. - * Always load after ngx_http_access_module (patch provided by khimaros, see - https://github.com/sto/ngx_http_auth_pam_module/pull/26) - 2020-06-23 sto@mixinet.net * Version 1.5.2. diff -Nru nginx-1.22.0/debian/modules/http-auth-pam/config nginx-1.22.1/debian/modules/http-auth-pam/config --- nginx-1.22.0/debian/modules/http-auth-pam/config 2022-06-14 08:26:11.000000000 +0000 +++ nginx-1.22.1/debian/modules/http-auth-pam/config 2022-11-01 11:51:29.000000000 +0000 @@ -7,11 +7,10 @@ ngx_module_deps= ngx_module_srcs="$ngx_addon_dir/ngx_http_auth_pam_module.c" ngx_module_libs="-lpam" - ngx_module_order="$ngx_module_name ngx_http_access_module" . auto/module else HTTP_MODULES="$HTTP_MODULES ngx_http_auth_pam_module" NGX_ADDON_SRCS="$NGX_ADDON_SRCS $ngx_addon_dir/ngx_http_auth_pam_module.c" CORE_LIBS="$CORE_LIBS -lpam" -fi +fi \ No newline at end of file diff -Nru nginx-1.22.0/debian/modules/http-auth-pam/VERSION nginx-1.22.1/debian/modules/http-auth-pam/VERSION --- nginx-1.22.0/debian/modules/http-auth-pam/VERSION 2022-06-14 08:26:11.000000000 +0000 +++ nginx-1.22.1/debian/modules/http-auth-pam/VERSION 2022-11-01 11:51:29.000000000 +0000 @@ -1 +1 @@ -1.5.3 +1.5.2 diff -Nru nginx-1.22.0/debian/modules/http-fancyindex/CHANGELOG.md nginx-1.22.1/debian/modules/http-fancyindex/CHANGELOG.md --- nginx-1.22.0/debian/modules/http-fancyindex/CHANGELOG.md 2022-06-14 08:26:11.000000000 +0000 +++ nginx-1.22.1/debian/modules/http-fancyindex/CHANGELOG.md 2022-11-01 11:51:29.000000000 +0000 @@ -3,12 +3,6 @@ ## [Unreleased] -## [0.5.2] - 2021-10-28 -### Fixed -- Properly escape file names to ensure that file names are never renreded - as HTML. (Patch by Anthony Ryan <>, - [#128](https://github.com/aperezdc/ngx-fancyindex/pull/128).) - ## [0.5.1] - 2020-10-26 ### Fixed - Properly handle optional second argument to `fancyindex_header` and @@ -182,8 +176,7 @@ - `NEWS.rst` file, to act as change log. -[Unreleased]: https://github.com/aperezdc/ngx-fancyindex/compare/v0.5.2...HEAD -[0.5.2]: https://github.com/aperezdc/ngx-fancyindex/compare/v0.5.1...v0.5.2 +[Unreleased]: https://github.com/aperezdc/ngx-fancyindex/compare/v0.5.1...HEAD [0.5.1]: https://github.com/aperezdc/ngx-fancyindex/compare/v0.5.0...v0.5.1 [0.5.0]: https://github.com/aperezdc/ngx-fancyindex/compare/v0.4.4...v0.5.0 [0.4.4]: https://github.com/aperezdc/ngx-fancyindex/compare/v0.4.3...v0.4.4 diff -Nru nginx-1.22.0/debian/modules/http-fancyindex/.github/workflows/ci.yml nginx-1.22.1/debian/modules/http-fancyindex/.github/workflows/ci.yml --- nginx-1.22.0/debian/modules/http-fancyindex/.github/workflows/ci.yml 2022-06-14 08:26:11.000000000 +0000 +++ nginx-1.22.1/debian/modules/http-fancyindex/.github/workflows/ci.yml 1970-01-01 00:00:00.000000000 +0000 @@ -1,40 +0,0 @@ ---- -name: Build -on: [pull_request] - -jobs: - build: - strategy: - fail-fast: false - matrix: - compiler: [gcc, clang] - dynamic: [0, 1] - nginx: - # Mainline - - 1.21.3 - # Stable. - - 1.20.1 - # First version with loadable module support. - - 1.9.15 - # Oldest supported version. - - 0.8.55 - exclude: - - nginx: 0.8.55 - dynamic: 1 - runs-on: ubuntu-18.04 - env: - CFLAGS: "-Wno-error" - steps: - - name: Checkout - uses: actions/checkout@v2 - - name: Install Packages - run: | - sudo apt update - sudo apt install -y libpcre3-dev libssl-dev - t/get-pup || echo 'Tests needing pup will be skipped' - - name: Test - env: - CC: ${{ matrix.compiler }} - run: | - CC=${{ matrix.compiler }} - t/build-and-run ${{ matrix.nginx }} ${{ matrix.dynamic }} diff -Nru nginx-1.22.0/debian/modules/http-fancyindex/ngx_http_fancyindex_module.c nginx-1.22.1/debian/modules/http-fancyindex/ngx_http_fancyindex_module.c --- nginx-1.22.0/debian/modules/http-fancyindex/ngx_http_fancyindex_module.c 2022-06-14 08:26:11.000000000 +0000 +++ nginx-1.22.1/debian/modules/http-fancyindex/ngx_http_fancyindex_module.c 2022-11-01 11:51:29.000000000 +0000 @@ -328,7 +328,6 @@ ngx_str_t name; size_t utf_len; ngx_uint_t escape; - ngx_uint_t escape_html; ngx_uint_t dir; time_t mtime; off_t size; @@ -497,8 +496,8 @@ NULL, /* create server configuration */ NULL, /* merge server configuration */ - ngx_http_fancyindex_create_loc_conf, /* create location configuration */ - ngx_http_fancyindex_merge_loc_conf /* merge location configuration */ + ngx_http_fancyindex_create_loc_conf, /* create location configration */ + ngx_http_fancyindex_merge_loc_conf /* merge location configration */ }; @@ -669,7 +668,7 @@ const char *sort_url_args = ""; off_t length; - size_t len, root, copy, allocated, escape_html; + size_t len, root, copy, allocated; int64_t multiplier; u_char *filename, *last; ngx_tm_t tm; @@ -833,9 +832,6 @@ entry->escape = 2 * ngx_fancyindex_escape_filename(NULL, ngx_de_name(&dir), len); - entry->escape_html = ngx_escape_html(NULL, - entry->name.data, - entry->name.len); entry->dir = ngx_de_is_dir(&dir); entry->mtime = ngx_de_mtime(&dir); @@ -854,11 +850,8 @@ /* * Calculate needed buffer length. */ - - escape_html = ngx_escape_html(NULL, r->uri.data, r->uri.len); - if (alcf->show_path) - len = r->uri.len + escape_html + len = r->uri.len + ngx_sizeof_ssz(t05_body2) + ngx_sizeof_ssz(t06_list1) + ngx_sizeof_ssz(t_parentdir_entry) @@ -866,7 +859,7 @@ + ngx_fancyindex_timefmt_calc_size (&alcf->time_format) * entries.nelts ; else - len = r->uri.len + escape_html + len = r->uri.len + ngx_sizeof_ssz(t06_list1) + ngx_sizeof_ssz(t_parentdir_entry) + ngx_sizeof_ssz(t07_list2) @@ -896,9 +889,9 @@ + entry[i].name.len + entry[i].escape /* Escaped URL */ + ngx_sizeof_ssz("?C=x&O=y") /* URL sorting arguments */ + ngx_sizeof_ssz("\" title=\"") - + entry[i].name.len + entry[i].utf_len + entry[i].escape_html + + entry[i].name.len + entry[i].utf_len + ngx_sizeof_ssz("\">") - + entry[i].name.len + entry[i].utf_len + entry[i].escape_html + + entry[i].name.len + entry[i].utf_len + alcf->name_length + ngx_sizeof_ssz(">") + ngx_sizeof_ssz("") + 20 /* File size */ @@ -1016,7 +1009,7 @@ } if (r->dir) r++; - + if (r > entry) /* Sort directories */ ngx_qsort(entry, (size_t)(r - entry), @@ -1033,7 +1026,7 @@ /* Display the path, if needed */ if (alcf->show_path){ - b->last = last = (u_char *) ngx_escape_html(b->last, r->uri.data, r->uri.len); + b->last = ngx_cpymem_str(b->last, r->uri); b->last = ngx_cpymem_ssz(b->last, t05_body2); } @@ -1086,32 +1079,26 @@ *b->last++ = '"'; b->last = ngx_cpymem_ssz(b->last, " title=\""); - b->last = (u_char *) ngx_escape_html(b->last, entry[i].name.data, entry[i].name.len); + b->last = ngx_cpymem_str(b->last, entry[i].name); *b->last++ = '"'; *b->last++ = '>'; len = entry[i].utf_len; - if (entry[i].name.len != len) { + if (entry[i].name.len - len) { if (len > alcf->name_length) { copy = alcf->name_length - 3 + 1; } else { copy = alcf->name_length + 1; } - last = b->last; b->last = ngx_utf8_cpystrn(b->last, entry[i].name.data, - copy, entry[i].name.len); - - b->last = (u_char *) ngx_escape_html(last, entry[i].name.data, b->last - last); + copy, entry[i].name.len); last = b->last; } else { - if (len > alcf->name_length) { - b->last = (u_char *) ngx_escape_html(b->last, entry[i].name.data, alcf->name_length + 1); - } else { - b->last = (u_char *) ngx_escape_html(b->last, entry[i].name.data, entry[i].name.len); - } + b->last = ngx_cpystrn(b->last, entry[i].name.data, + alcf->name_length + 1); last = b->last - 3; } @@ -1148,7 +1135,7 @@ if (j == DIM(sizes) - 1) b->last = ngx_sprintf(b->last, "%O %s", length, sizes[j]); else - b->last = ngx_sprintf(b->last, "%.1f %s", + b->last = ngx_sprintf(b->last, "%.1f %s", (float) length / multiplier, sizes[j]); } } diff -Nru nginx-1.22.0/debian/modules/http-fancyindex/t/preamble nginx-1.22.1/debian/modules/http-fancyindex/t/preamble --- nginx-1.22.0/debian/modules/http-fancyindex/t/preamble 2022-06-14 08:26:11.000000000 +0000 +++ nginx-1.22.1/debian/modules/http-fancyindex/t/preamble 2022-11-01 11:51:29.000000000 +0000 @@ -20,7 +20,7 @@ keepalive_timeout 65; server { server_name localhost; - listen 127.0.0.1:${NGINX_PORT}; + listen 127.0.0.1:8888; root ${TESTDIR}; error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } @@ -36,11 +36,6 @@ readonly NGINX_CONF="${PREFIX}/conf/nginx.conf" readonly NGINX_PID="${PREFIX}/logs/nginx.pid" - -NGINX_PORT=$(ss -4Htnl | awk '{ sub("[^:]+:", "", $4) ; seen[$4]=1 } -END { p=1025 ; while (seen[p]) p++; print p}') -readonly NGINX_PORT - rm -f "${NGINX_CONF}" "${NGINX_PID}" mkdir -p "${PREFIX}/logs" @@ -90,7 +85,7 @@ opts+=( -S ) shift fi - wget "${opts[@]}" -O- "http://localhost:${NGINX_PORT}${1:-/}" 2>&1 + wget "${opts[@]}" -O- "http://localhost:8888${1:-/}" 2>&1 } function skip () { diff -Nru nginx-1.22.0/debian/nginx-common.install nginx-1.22.1/debian/nginx-common.install --- nginx-1.22.0/debian/nginx-common.install 2022-06-14 08:26:11.000000000 +0000 +++ nginx-1.22.1/debian/nginx-common.install 2022-11-01 11:51:29.000000000 +0000 @@ -1,5 +1,6 @@ contrib/vim/* usr/share/vim/addons debian/conf/* etc/nginx +debian/apport/source_nginx.py usr/share/apport/package-hooks debian/ufw/nginx etc/ufw/applications.d debian/vim/nginx.yaml usr/share/vim/registry html/index.html usr/share/nginx/html/ diff -Nru nginx-1.22.0/debian/nginx-common.nginx.service nginx-1.22.1/debian/nginx-common.nginx.service --- nginx-1.22.0/debian/nginx-common.nginx.service 2022-06-14 08:26:11.000000000 +0000 +++ nginx-1.22.1/debian/nginx-common.nginx.service 2022-11-01 11:51:29.000000000 +0000 @@ -1,7 +1,7 @@ # Stop dance for nginx # ======================= # -# ExecStop sends SIGQUIT (graceful stop) to the nginx process. +# ExecStop sends SIGSTOP (graceful stop) to the nginx process. # If, after 5s (--retry QUIT/5) nginx is still running, systemd takes control # and sends SIGTERM (fast shutdown) to the main process. # After another 5s (TimeoutStopSec=5), and if nginx is alive, systemd sends diff -Nru nginx-1.22.0/debian/nginx-dev.install nginx-1.22.1/debian/nginx-dev.install --- nginx-1.22.0/debian/nginx-dev.install 2022-06-14 08:26:11.000000000 +0000 +++ nginx-1.22.1/debian/nginx-dev.install 1970-01-01 00:00:00.000000000 +0000 @@ -1,8 +0,0 @@ -debian/build-src/auto usr/share/nginx/src/ -debian/build-src/src usr/share/nginx/src/ -debian/build-src/conf_flags usr/share/nginx/src/ -debian/build-src/configure usr/share/nginx/src/ -debian/debhelper/nginx.pm usr/share/perl5/Debian/Debhelper/Sequence/ -debian/debhelper/dh_nginx usr/bin/ -debian/debhelper/nginx_mod.pm usr/share/perl5/Debian/Debhelper/Buildsystem/ -debian/autoscripts/* usr/share/debhelper/autoscripts/ diff -Nru nginx-1.22.0/debian/nginx-dev.manpages nginx-1.22.1/debian/nginx-dev.manpages --- nginx-1.22.0/debian/nginx-dev.manpages 2022-06-14 08:26:11.000000000 +0000 +++ nginx-1.22.1/debian/nginx-dev.manpages 1970-01-01 00:00:00.000000000 +0000 @@ -1 +0,0 @@ -debian/build-src/dh_nginx.1 diff -Nru nginx-1.22.0/debian/patches/0002-Make-sure-signature-stays-the-same-in-all-nginx-buil.patch nginx-1.22.1/debian/patches/0002-Make-sure-signature-stays-the-same-in-all-nginx-buil.patch --- nginx-1.22.0/debian/patches/0002-Make-sure-signature-stays-the-same-in-all-nginx-buil.patch 1970-01-01 00:00:00.000000000 +0000 +++ nginx-1.22.1/debian/patches/0002-Make-sure-signature-stays-the-same-in-all-nginx-buil.patch 2022-11-01 11:51:29.000000000 +0000 @@ -0,0 +1,30 @@ +From: Christos Trochalakis +Date: Wed, 30 Mar 2016 09:47:11 +0300 +Subject: Make sure signature stays the same in all nginx builds + +NGX_HTTP_HEADERS is part of nginx signature. When a dyn +modules is loaded the signature of the module is compared +to the one of the nginx binary. + +dyn modules are build from nginx-full, so in order to make +them loadable in other flavors we need to make sure all the +binaries share the same signature. +--- + configure | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/configure b/configure +index ceff15e..3816fa1 100755 +--- a/configure ++++ b/configure +@@ -58,6 +58,10 @@ if [ "$NGX_PLATFORM" != win32 ]; then + . auto/unix + fi + ++# Debian ++# Make sure signature stays the same on all nginx flavors ++have=NGX_HTTP_HEADERS . auto/have ++ + . auto/threads + . auto/modules + . auto/lib/conf diff -Nru nginx-1.22.0/debian/patches/0003-define_gnu_source-on-other-glibc-based-platforms.patch nginx-1.22.1/debian/patches/0003-define_gnu_source-on-other-glibc-based-platforms.patch --- nginx-1.22.0/debian/patches/0003-define_gnu_source-on-other-glibc-based-platforms.patch 2022-06-14 08:26:11.000000000 +0000 +++ nginx-1.22.1/debian/patches/0003-define_gnu_source-on-other-glibc-based-platforms.patch 2022-11-01 11:51:29.000000000 +0000 @@ -4,18 +4,14 @@ Define _GNU_SOURCE not only on GNU/Hurd, but also other glibc-based platforms including GNU/kFreeBSD. - -modified by jan.mojzis@gmail.com -Index: nginx/src/os/unix/ngx_posix_config.h -=================================================================== ---- nginx.orig/src/os/unix/ngx_posix_config.h -+++ nginx/src/os/unix/ngx_posix_config.h +--- a/src/os/unix/ngx_posix_config.h ++++ b/src/os/unix/ngx_posix_config.h @@ -21,10 +21,13 @@ #endif -#if (NGX_GNU_HURD) -+#if defined(NGX_GNU_HURD) || defined(__GLIBC__) ++#if defined(__GLIBC__) #ifndef _GNU_SOURCE #define _GNU_SOURCE /* accept4() */ #endif diff -Nru nginx-1.22.0/debian/patches/series nginx-1.22.1/debian/patches/series --- nginx-1.22.0/debian/patches/series 2022-06-14 08:26:11.000000000 +0000 +++ nginx-1.22.1/debian/patches/series 2022-11-01 11:51:29.000000000 +0000 @@ -1 +1,2 @@ +0002-Make-sure-signature-stays-the-same-in-all-nginx-buil.patch 0003-define_gnu_source-on-other-glibc-based-platforms.patch diff -Nru nginx-1.22.0/debian/rules nginx-1.22.1/debian/rules --- nginx-1.22.0/debian/rules 2022-06-14 08:26:11.000000000 +0000 +++ nginx-1.22.1/debian/rules 2022-11-01 11:51:29.000000000 +0000 @@ -35,7 +35,7 @@ MODULESDIR = $(CURDIR)/debian/modules BASEDIR = $(CURDIR) -$(foreach flavour,$(FLAVOURS) src,$(eval BUILDDIR_$(flavour) = $(CURDIR)/debian/build-$(flavour))) +$(foreach flavour,$(FLAVOURS),$(eval BUILDDIR_$(flavour) = $(CURDIR)/debian/build-$(flavour))) DEB_BUILD_ARCH ?=$(shell dpkg-architecture -qDEB_BUILD_ARCH) ifeq ($(DEB_BUILD_ARCH),sparc) @@ -51,7 +51,9 @@ modules_with_patches := $(notdir $(wildcard $(CURDIR)/debian/modules/patches/*)) # configure flags -basic_configure_flags := \ +common_configure_flags := \ + --with-cc-opt="$(debian_cflags)" \ + --with-ld-opt="$(debian_ldflags)" \ --prefix=/usr/share/nginx \ --conf-path=/etc/nginx/nginx.conf \ --http-log-path=/var/log/nginx/access.log \ @@ -76,11 +78,6 @@ --with-http_slice_module \ --with-threads -common_configure_flags := \ - --with-cc-opt="$(debian_cflags)" \ - --with-ld-opt="$(debian_ldflags)" \ - $(basic_configure_flags) - light_configure_flags := \ $(common_configure_flags) \ --with-http_gzip_static_module \ @@ -142,15 +139,15 @@ %: dh $@ --without autoreconf -override_dh_auto_configure: config_patch_modules $(foreach flavour,$(FLAVOURS),config.arch.$(flavour)) config.src -override_dh_auto_build: $(foreach flavour,$(FLAVOURS),build.arch.$(flavour)) build.src +override_dh_auto_configure: config_patch_modules $(foreach flavour,$(FLAVOURS),config.arch.$(flavour)) +override_dh_auto_build: $(foreach flavour,$(FLAVOURS),build.arch.$(flavour)) override_dh_strip: $(foreach flavour,$(FLAVOURS),strip.arch.$(flavour)) $(foreach mod,$(DYN_MODS),strip.mods.$(mod)) -override_dh_clean: clean_patch_modules $(foreach flavour,$(FLAVOURS),clean.$(flavour)) clean.src +override_dh_clean: clean_patch_modules $(foreach flavour,$(FLAVOURS),clean.$(flavour)) dh_clean override_dh_install: dh_install - DH_AUTOSCRIPTDIR=$(CURDIR)/debian/autoscripts debian/debhelper/dh_nginx --in-nginx-tree + DH_AUTOSCRIPTDIR=$(CURDIR)/debian/autoscripts debian/dh_nginx override_dh_installinit: dh_installinit --no-stop-on-upgrade --no-start --name=nginx @@ -164,14 +161,6 @@ build.arch.%: $(MAKE) -C $(BUILDDIR_$*) build -build.src: - cp -Pa $(CURDIR)/auto $(BUILDDIR_src)/ - sed -i '/^# create Makefile/,/^END$$/d' $(BUILDDIR_src)/auto/make $(BUILDDIR_src)/auto/init $(BUILDDIR_src)/auto/install - find $(CURDIR)/src -type f -name '*.h' -printf 'src/%P\0' | tar -C $(CURDIR) --null --files-from - -c | tar -C $(BUILDDIR_src)/ -x - if [ -e $(CURDIR)/configure ]; then cp $(CURDIR)/configure $(BUILDDIR_src)/; fi - echo "NGX_CONF_FLAGS=(" $(basic_configure_flags) ")" > $(BUILDDIR_src)/conf_flags - pod2man debian/debhelper/dh_nginx > $(BUILDDIR_src)/dh_nginx.1 - strip.arch.%: dh_strip --package=nginx-$(*) -O--dbgsym-migration='nginx-$(*)-dbg (<< 1.10.1-3~)' @@ -200,10 +189,6 @@ cp -Pa $(CURDIR)/man $(BUILDDIR_$*)/ cd $(BUILDDIR_$*) && ./configure $($*_configure_flags) -config.src: - dh_testdir - mkdir -p $(BUILDDIR_src) - clean.%: rm -rf $(BUILDDIR_$*) diff -Nru nginx-1.22.0/debian/upstream/signing-key.asc nginx-1.22.1/debian/upstream/signing-key.asc --- nginx-1.22.0/debian/upstream/signing-key.asc 2022-06-14 08:26:11.000000000 +0000 +++ nginx-1.22.1/debian/upstream/signing-key.asc 2022-11-01 11:51:29.000000000 +0000 @@ -1,6 +1,3 @@ -# Previously used as signing key up through May 24, 2022 -# and may be used in future. Keep this around intentionally as such. -# gpg: pub rsa2048/520A9993A1C052F8 2011-11-27 Maxim Dounin -----BEGIN PGP PUBLIC KEY BLOCK----- mQENBE7SKu8BCADQo6x4ZQfAcPlJMLmL8zBEBUS6GyKMMMDtrTh3Yaq481HB54oR @@ -30,65 +27,3 @@ wn0mtXeIXLCTvBmznXfaMKllsqbsy2nCJ2P2uJjOntw= =NeQn -----END PGP PUBLIC KEY BLOCK----- - - -# First observed on May 24, 2022 -# -# pub rsa3072 2018-05-07 [SC] [expires: 2027-05-17] -# 13C82A63B603576156E30A4EA0EA981B66B0D967 -#uid [ unknown] Konstantin Pavlov -#uid [ unknown] Konstantin Pavlov -#sub rsa3072 2018-05-07 [E] [expires: 2027-05-17] - ------BEGIN PGP PUBLIC KEY BLOCK----- - -mQGNBFrwMiUBDADo56OlDknN+ReCMP+8CN1biK5izmGd755TxktHLI9nAP8ociIq -Hjrps22pBtAIQ6eZpwCFBys2mR/441rOgZW+O6uqBYrttbxTMvE43EmKYGuFCmuR -u0JGMPuqnzF3Y+6uoKzqMzazSrZIBWsBKAkNYTw8+yPlxGgffhBp1ueME7Lskglh -EV9gmrEM0QlWod7wSQvyruExPm5INx3MG63Xfvc0bPiWUOGKyMb7kXA5VgnWuzmS -BCMm17+A32vMyxhYcvSEgUayQjGghI1uPDSqBQBMEFTgSK2wWzvAXf/M45nxKBgQ -IEDmvoC8RM9JTtUr7RE/E1mjsuefF2vYYYsWBstRFGAlUV1/lPNNibu3NqbCug6b -1IWJuV1DX9T9/f81GZJrsPgYYKC6Ai8C1B0NGWjos7/GzgEFENQgf5duOhFPadQz -QbRxBoId4Fe/Uwe2HxI8ESCQMwsq8bowcCn6XRA2EYkAt17Kab6LH6tTP54XG9TL -bV7bAhyrvZAk1lUAEQEAAbQjS29uc3RhbnRpbiBQYXZsb3YgPGsucGF2bG92QGY1 -LmNvbT6JAdcEEwEIAEECGwMFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AWIQQT -yCpjtgNXYVbjCk6g6pgbZrDZZwUCYoTfvAUJEPqvFwAKCRCg6pgbZrDZZxFYDADK -R02XgC+AoyrqMwBNXC8Y6aiilEsyppsgj+KwZcGKDYN488gEmff+/KIEdtglw3I3 -tCMbo+FzFjHveeVCb0qrIMerWJg+o4YrxxqlQ9Q1InpduKLrIuGae0J1ybITS8+v -iYAmwzy1Wb2CDDuCnhCR/QDfOE1CvRILVqIKezC0tRrBTEvRO84m6YMBtJ1DP75Z -2cTNyjPos9+uxi4JcMKrMUBwZKya+z5i+Uxd66wuPj9KmggNG1x+bqMWmpTrSKUn -gbLabFUth+uWumpj3/7HBT8Ov7rPgzY/vn3Fn5mKdLQm+kRwSX9/FbtHAE3Qsm+f -6WW8CZ4XzL9ONfhQYwO2Jrq4HzgYloZkL+1Zs61X+zeEyr4o/mzt5DHbQRsD1UzQ -gnh7t3YdSAy6gBqevjPWkQlq9e8eoFRydN/htwjS7dleikOsYktSnTIKlRXAWGCm -jkRpQyZYuuPcWcGRt/0MVewRJmLemH6O+NviqhgGRePO9QR0R+yfdCwewPJEDk60 -JEtvbnN0YW50aW4gUGF2bG92IDx0aHJlc2hAbmdpbnguY29tPokB1AQTAQgAPgIb -AwULCQgHAwUVCgkICwUWAwIBAAIeAQIXgBYhBBPIKmO2A1dhVuMKTqDqmBtmsNln -BQJihN+8BQkQ+q8XAAoJEKDqmBtmsNlncQ0L/0Yk1QejO06gWwV1J2eK9LmjbMof -y2ujZBgW1IGt/goo5R4PzC8lBBcsBtsKyN0Rsh7QdLrtKKLQrE/gpwMTMdKhJTdP -/c5tUY3EwgIdBMYVaxArZQiWlPgSnoKuKydnn6Rb+Qtrhvb9pjn5XlGd/VSbAXZe -8YTj6B8qjUa2YY+IreyB6wkPN/ytV5vcocbS7mzXaibGPVT35e0Pl1Be+xbJkbTm -JTSJCSPwyHm9t2Vuq4e/c3fMwhOUbBjfssspR103vo91XO5sY+v2aQJOctNrv4Zp -HMrwBH7MeqDISCWg9PICUv0ewHzAEGB+K0v342rVAzVNEctwM3Jic7fEJYsItdw+ -Zk4r8NYqACoRCdSUEHqhP0DbYoWdthpUwD1J5ryWyKTCpTL4wNhKEMcNaiHH3qor -SssyMHMFRPoXKw9Pcay+Uo8NXc2KKxhEHTbQts0jYUNcq0yuWHoNQ4vhKkf9CHBr -b/vS22vfEJyd6FX6ZRYK56A3EFAV8hK0BvZAw7kBjQRa8DInAQwA2Rk7UdUgpCWl -+BMz9B9eKj0XtsNEciXHHKnSFYaSNCWNwib/FsiMfcPFh7xwUTof7e7HBFkvv0QE -MCEp7R1MVNBfMiGtG1ICFIt9nByznPsRk4VvbY/prK4DZy2AmlwhNcT2pQO3Aasc -gsCWdf6G+wcwnHg9tWCp0Xs9BNXuppmcRrpP4M1PPRIVeG1jeVXvuSHO2HjqPSXP -5DhGgSGN7uLOhiLTnPINd186vf6tqRdqYw3g0W1ImEjGXHeNQfnieIWdU3X4C8KT -EPsV3lvtmSAQCoge0CyKfz4cORi4j8Edp8JpDQlbAThe529+R3eKUw7I/3ESxJBd -qzLE/ItWvAcbGEserLDFrg9J1ojiKhsw3TVcDk+HIDzVakMz6HTd4ExSijMqTehz -gKSVHDL+l2jc0f4VSecI+xwC3/kNsNTBpiPoUYtXBbJllHgQAakREkSKQBas02eq -Ru8SlQ3yEn87zTtNW8L7xpe7ZVtxwUgp40PUrsb8uMDJG7ZP5rhLABEBAAGJAbwE -GAEIACYCGwwWIQQTyCpjtgNXYVbjCk6g6pgbZrDZZwUCYoTfwQUJEPqvGgAKCRCg -6pgbZrDZZ3oEDAC1J3BVwlkX+eoo8VsXAYxMXm8kIaTqOn/tHMOYepK+cWUdHaeC -H3N8LigwN4Ve2LtzLBqN3WRAxFNy0DIzdBfA7QdcAoDLnB2FNrWTmwvC9nXkCogF -fSCq7c+1oFHdn7M/VZNU4o0nhVOnqM8NLGcgzX3K3hr+WLYUgNQ9G6x0N9VU43tq -VwJhvNv4pyiRpRdLlmhOEf35a/sWE1dttSKdrBhyzTbptw4dXr4lUpvlswWs+dLp -SPPhWAuifORv/amWh3bxIxYEqE4o5NI/PQLJvJJLsJvMIIjpKlAGBJg5h3WCiIAk -l7H+BesOUIIg8ava5ZUyjlFdszBMaBosZvRgFAlfnYhSGqzhip6PvXfK1YokNv7k -qw43c0f1SmtSXZR43SRv/4vpXG7IqtTuqgSwn1qDJgr4yfs8QQykO/jG+cz7X+5O -KSAulWi9OoqLyDWlsm3WccPIcJfbm71P+I/ha7ESVQfOxC92fQ7HQAboj7NhecJ4 -RLqjzrWSHmPGClI= -=J2qy ------END PGP PUBLIC KEY BLOCK----- diff -Nru nginx-1.22.0/debian/watch nginx-1.22.1/debian/watch --- nginx-1.22.0/debian/watch 2022-06-14 08:26:11.000000000 +0000 +++ nginx-1.22.1/debian/watch 2022-11-01 11:51:29.000000000 +0000 @@ -1,3 +1,3 @@ -version=4 +version=3 opts=pgpsigurlmangle=s/$/.asc/ \ -https://nginx.org/download/nginx-(\d+\.\d+[02468]\.\d+)\.tar\.gz +https://nginx.org/download/nginx-(1\.20\.\d+)\.tar\.gz diff -Nru nginx-1.22.0/src/core/nginx.h nginx-1.22.1/src/core/nginx.h --- nginx-1.22.0/src/core/nginx.h 2022-05-23 23:59:19.000000000 +0000 +++ nginx-1.22.1/src/core/nginx.h 2022-10-19 08:02:20.000000000 +0000 @@ -9,8 +9,8 @@ #define _NGINX_H_INCLUDED_ -#define nginx_version 1022000 -#define NGINX_VERSION "1.22.0" +#define nginx_version 1022001 +#define NGINX_VERSION "1.22.1" #define NGINX_VER "nginx/" NGINX_VERSION #ifdef NGX_BUILD diff -Nru nginx-1.22.0/src/http/modules/ngx_http_mp4_module.c nginx-1.22.1/src/http/modules/ngx_http_mp4_module.c --- nginx-1.22.0/src/http/modules/ngx_http_mp4_module.c 2022-05-23 23:59:19.000000000 +0000 +++ nginx-1.22.1/src/http/modules/ngx_http_mp4_module.c 2022-10-19 08:02:20.000000000 +0000 @@ -1121,6 +1121,12 @@ return NGX_ERROR; } + if (mp4->ftyp_atom.buf) { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "duplicate mp4 ftyp atom in \"%s\"", mp4->file.name.data); + return NGX_ERROR; + } + atom_size = sizeof(ngx_mp4_atom_header_t) + (size_t) atom_data_size; ftyp_atom = ngx_palloc(mp4->request->pool, atom_size); @@ -1179,6 +1185,12 @@ return NGX_DECLINED; } + if (mp4->moov_atom.buf) { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "duplicate mp4 moov atom in \"%s\"", mp4->file.name.data); + return NGX_ERROR; + } + conf = ngx_http_get_module_loc_conf(mp4->request, ngx_http_mp4_module); if (atom_data_size > mp4->buffer_size) { @@ -1246,6 +1258,12 @@ ngx_log_debug0(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0, "mp4 mdat atom"); + if (mp4->mdat_atom.buf) { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "duplicate mp4 mdat atom in \"%s\"", mp4->file.name.data); + return NGX_ERROR; + } + data = &mp4->mdat_data_buf; data->file = &mp4->file; data->in_file = 1; @@ -1372,6 +1390,12 @@ ngx_log_debug0(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0, "mp4 mvhd atom"); + if (mp4->mvhd_atom.buf) { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "duplicate mp4 mvhd atom in \"%s\"", mp4->file.name.data); + return NGX_ERROR; + } + atom_header = ngx_mp4_atom_header(mp4); mvhd_atom = (ngx_mp4_mvhd_atom_t *) atom_header; mvhd64_atom = (ngx_mp4_mvhd64_atom_t *) atom_header; @@ -1637,6 +1661,13 @@ atom_size = sizeof(ngx_mp4_atom_header_t) + (size_t) atom_data_size; trak = ngx_mp4_last_trak(mp4); + + if (trak->out[NGX_HTTP_MP4_TKHD_ATOM].buf) { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "duplicate mp4 tkhd atom in \"%s\"", mp4->file.name.data); + return NGX_ERROR; + } + trak->tkhd_size = atom_size; trak->movie_duration = duration; @@ -1676,6 +1707,12 @@ trak = ngx_mp4_last_trak(mp4); + if (trak->out[NGX_HTTP_MP4_MDIA_ATOM].buf) { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "duplicate mp4 mdia atom in \"%s\"", mp4->file.name.data); + return NGX_ERROR; + } + atom = &trak->mdia_atom_buf; atom->temporary = 1; atom->pos = atom_header; @@ -1799,6 +1836,13 @@ atom_size = sizeof(ngx_mp4_atom_header_t) + (size_t) atom_data_size; trak = ngx_mp4_last_trak(mp4); + + if (trak->out[NGX_HTTP_MP4_MDHD_ATOM].buf) { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "duplicate mp4 mdhd atom in \"%s\"", mp4->file.name.data); + return NGX_ERROR; + } + trak->mdhd_size = atom_size; trak->timescale = timescale; trak->duration = duration; @@ -1862,6 +1906,12 @@ trak = ngx_mp4_last_trak(mp4); + if (trak->out[NGX_HTTP_MP4_HDLR_ATOM].buf) { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "duplicate mp4 hdlr atom in \"%s\"", mp4->file.name.data); + return NGX_ERROR; + } + atom = &trak->hdlr_atom_buf; atom->temporary = 1; atom->pos = atom_header; @@ -1890,6 +1940,12 @@ trak = ngx_mp4_last_trak(mp4); + if (trak->out[NGX_HTTP_MP4_MINF_ATOM].buf) { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "duplicate mp4 minf atom in \"%s\"", mp4->file.name.data); + return NGX_ERROR; + } + atom = &trak->minf_atom_buf; atom->temporary = 1; atom->pos = atom_header; @@ -1933,6 +1989,15 @@ trak = ngx_mp4_last_trak(mp4); + if (trak->out[NGX_HTTP_MP4_VMHD_ATOM].buf + || trak->out[NGX_HTTP_MP4_SMHD_ATOM].buf) + { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "duplicate mp4 vmhd/smhd atom in \"%s\"", + mp4->file.name.data); + return NGX_ERROR; + } + atom = &trak->vmhd_atom_buf; atom->temporary = 1; atom->pos = atom_header; @@ -1964,6 +2029,15 @@ trak = ngx_mp4_last_trak(mp4); + if (trak->out[NGX_HTTP_MP4_VMHD_ATOM].buf + || trak->out[NGX_HTTP_MP4_SMHD_ATOM].buf) + { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "duplicate mp4 vmhd/smhd atom in \"%s\"", + mp4->file.name.data); + return NGX_ERROR; + } + atom = &trak->smhd_atom_buf; atom->temporary = 1; atom->pos = atom_header; @@ -1995,6 +2069,12 @@ trak = ngx_mp4_last_trak(mp4); + if (trak->out[NGX_HTTP_MP4_DINF_ATOM].buf) { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "duplicate mp4 dinf atom in \"%s\"", mp4->file.name.data); + return NGX_ERROR; + } + atom = &trak->dinf_atom_buf; atom->temporary = 1; atom->pos = atom_header; @@ -2023,6 +2103,12 @@ trak = ngx_mp4_last_trak(mp4); + if (trak->out[NGX_HTTP_MP4_STBL_ATOM].buf) { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "duplicate mp4 stbl atom in \"%s\"", mp4->file.name.data); + return NGX_ERROR; + } + atom = &trak->stbl_atom_buf; atom->temporary = 1; atom->pos = atom_header; @@ -2144,6 +2230,12 @@ trak = ngx_mp4_last_trak(mp4); + if (trak->out[NGX_HTTP_MP4_STSD_ATOM].buf) { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "duplicate mp4 stsd atom in \"%s\"", mp4->file.name.data); + return NGX_ERROR; + } + atom = &trak->stsd_atom_buf; atom->temporary = 1; atom->pos = atom_header; @@ -2212,6 +2304,13 @@ atom_end = atom_table + entries * sizeof(ngx_mp4_stts_entry_t); trak = ngx_mp4_last_trak(mp4); + + if (trak->out[NGX_HTTP_MP4_STTS_ATOM].buf) { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "duplicate mp4 stts atom in \"%s\"", mp4->file.name.data); + return NGX_ERROR; + } + trak->time_to_sample_entries = entries; atom = &trak->stts_atom_buf; @@ -2480,6 +2579,13 @@ "sync sample entries:%uD", entries); trak = ngx_mp4_last_trak(mp4); + + if (trak->out[NGX_HTTP_MP4_STSS_ATOM].buf) { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "duplicate mp4 stss atom in \"%s\"", mp4->file.name.data); + return NGX_ERROR; + } + trak->sync_samples_entries = entries; atom_table = atom_header + sizeof(ngx_http_mp4_stss_atom_t); @@ -2678,6 +2784,13 @@ "composition offset entries:%uD", entries); trak = ngx_mp4_last_trak(mp4); + + if (trak->out[NGX_HTTP_MP4_CTTS_ATOM].buf) { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "duplicate mp4 ctts atom in \"%s\"", mp4->file.name.data); + return NGX_ERROR; + } + trak->composition_offset_entries = entries; atom_table = atom_header + sizeof(ngx_mp4_ctts_atom_t); @@ -2881,6 +2994,13 @@ atom_end = atom_table + entries * sizeof(ngx_mp4_stsc_entry_t); trak = ngx_mp4_last_trak(mp4); + + if (trak->out[NGX_HTTP_MP4_STSC_ATOM].buf) { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "duplicate mp4 stsc atom in \"%s\"", mp4->file.name.data); + return NGX_ERROR; + } + trak->sample_to_chunk_entries = entries; atom = &trak->stsc_atom_buf; @@ -3213,6 +3333,13 @@ "sample uniform size:%uD, entries:%uD", size, entries); trak = ngx_mp4_last_trak(mp4); + + if (trak->out[NGX_HTTP_MP4_STSZ_ATOM].buf) { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "duplicate mp4 stsz atom in \"%s\"", mp4->file.name.data); + return NGX_ERROR; + } + trak->sample_sizes_entries = entries; atom_table = atom_header + sizeof(ngx_mp4_stsz_atom_t); @@ -3396,6 +3523,16 @@ atom_end = atom_table + entries * sizeof(uint32_t); trak = ngx_mp4_last_trak(mp4); + + if (trak->out[NGX_HTTP_MP4_STCO_ATOM].buf + || trak->out[NGX_HTTP_MP4_CO64_ATOM].buf) + { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "duplicate mp4 stco/co64 atom in \"%s\"", + mp4->file.name.data); + return NGX_ERROR; + } + trak->chunks = entries; atom = &trak->stco_atom_buf; @@ -3602,6 +3739,16 @@ atom_end = atom_table + entries * sizeof(uint64_t); trak = ngx_mp4_last_trak(mp4); + + if (trak->out[NGX_HTTP_MP4_STCO_ATOM].buf + || trak->out[NGX_HTTP_MP4_CO64_ATOM].buf) + { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "duplicate mp4 stco/co64 atom in \"%s\"", + mp4->file.name.data); + return NGX_ERROR; + } + trak->chunks = entries; atom = &trak->co64_atom_buf;