Is the 607418-ipv6-addresses.diff patch still needed?

Hello,

The current version of the debianized Nginx code applies the
attached 607418-ipv6-addresses.diff patch.

Do you still see any need to apply this patch to the current
nginx_1.1.7 code?

Regards,

M.

######## 607418-ipv6-addresses.diff patch follows ########
Description: $host variable mis-parses IPv6 literal addresses from HTTP
Author: Steven C. [email protected]
Debian-Bug: http://bugs.debian.org/607418
Last-Update: 2010-12-30

Index: trunk/src/http/ngx_http_request.c

— trunk.orig/src/http/ngx_http_request.c 2010-12-30
01:46:10.308926973 -0600 +++ trunk/src/http/ngx_http_request.c
2010-12-30 01:48:21.638927393 -0600 @@ -1650,11 +1650,12 @@
{
u_char *h, ch;
size_t i, last;

  • ngx_uint_t dot;
  • ngx_uint_t dot, in_brackets;

    last = len;
    h = *host;
    dot = 0;

  • in_brackets = 0;

    for (i = 0; i < len; i++) {
    ch = h[i];
    @@ -1670,11 +1671,27 @@

    dot = 0;
    
  •    if (ch == ':') {
    
  •    if (ch == '[' && i == 0) {
    
  •        /* start of literal IPv6 address */
    
  •        in_brackets = 1;
    
  •        continue;
    
  •    }
    
  •    /*
    
  •     * Inside square brackets, the colon is a delimeter for an
    

IPv6 address.

  •     * Otherwise it comes before the port number, so remove it.
    
  •     */
    
  •    if (ch == ':' && !in_brackets) {
           last = i;
           continue;
       }
    
  •    if (ch == ']') {
    
  •        /* end of literal IPv6 address */
    
  •        in_brackets = 0;
    
  •        continue;
    
  •    }
    
  •    if (ngx_path_separator(ch) || ch == '\0') {
           return 0;
       }
    

@@ -1684,6 +1701,11 @@
}
}

  • if (in_brackets) {
  •    /* missing the closing square bracket for IPv6 address */
    
  •    return 0;
    
  • }
  • if (dot) {
    last–;
    }

Hi Mark.

I think it can be removed.

I’m compiling the 1.1.7 packages without the patch, and I will test it
after.

If this patch is not needed anymore, I will apply the changes in the
SVN.

Thanks for this remark.

On Tue, 8 Nov 2011 11:05:07 +0000, Mark A. wrote:

M.

 h = *host;
  •    if (ch == '[' && i == 0) {
    
  •    if (ch == ':' && !in_brackets) {
       if (ngx_path_separator(ch) || ch == '\0') {
    
  • if (dot) {
    last–;
    }

nginx mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx


Cyril “Davromaniak” Lavier

I just tested it.

It seems to work without the patch.

Thanks for this usefull remark.

On Tue, 08 Nov 2011 12:17:43 +0100, Cyril LAVIER wrote:

Thanks for this remark.

Regards,

  •     * Otherwise it comes before the port number, so remove it.
    
  •    }
    
  •    return 0;
    
  • }
  • if (dot) {
    last–;
    }

nginx mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx


Cyril “Davromaniak” Lavier

On Tue, 8 Nov 2011 11:52:11 +0000, Mark A. wrote:

a high security nginx-ultralight version.
–prefix=/etc/nginx
–without-http-cache
–without-http_upstream_keepalive_module
–without-http_userid_module
–without-http_uwsgi_module
$(CONFIGURE_OPTS) >[email protected]
touch [email protected]

Could you open a Debian Bug on the source package nginx for this
purpose ?

I think it’s a good idea to have a special nginx build for all CMS
related uses, but it needs to be discussed between the maintainers.

Thanks.

Regards,
M.


nginx mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx


Cyril “Davromaniak” Lavier

Hello!

On Tue, Nov 08, 2011 at 11:05:07AM +0000, Mark A. wrote:

The current version of the debianized Nginx code applies the
attached 607418-ipv6-addresses.diff patch.

Do you still see any need to apply this patch to the current
nginx_1.1.7 code?

See http://trac.nginx.org/nginx/ticket/1.

Maxim D.

On 08-11-11 13:00, Cyril LAVIER wrote:

Could you open a Debian Bug on the source package nginx for this purpose ?
I think it’s a good idea to have a special nginx build for all CMS
related uses, but it needs to be discussed between the maintainers.

+1 for wanting such a package :slight_smile:

Kind regards,

Thanks in advance,

Jelle de Jong

On Tue, 08 Nov 2011 12:24:40 +0100, Cyril LAVIER
[email protected] wrote:

I just tested it.
It seems to work without the patch.
Thanks for this usefull remark.

You are welcome.

Although unrelated, I should note that there seems to be a market for
a high security nginx-ultralight version.
Such a version would be especially suited for those websites (most of
the current CMS?) that process loads of fastcgi using php5-fpm and
php-apc.

I am attaching the debian/rules section that I have been using to get
such ‘nginx-ultralight’

config.status.ultralight: config.env.ultralight config.sub config.guess
\ cd $(BUILDDIR_ultralight) && ./configure
–prefix=/etc/nginx
–conf-path=/etc/nginx/nginx.conf
–error-log-path=/var/log/nginx/error.log
–http-client-body-temp-path=/var/lib/nginx/body
–http-fastcgi-temp-path=/var/lib/nginx/fastcgi
–http-log-path=/var/log/nginx/access.log
–http-proxy-temp-path=/var/lib/nginx/proxy
–lock-path=/var/lock/nginx.lock
–pid-path=/var/run/nginx.pid
–with-http_gzip_static_module
–with-http_ssl_module
–without-http-cache
–without-http_browser_module
–without-http_geo_module
–without-http_limit_req_module
–without-http_limit_zone_module
–without-http_map_module
–without-http_memcached_module
–without-http_referer_module
–without-http_scgi_module
–without-http_split_clients_module
–without-http_ssi_module
–without-http_upstream_keepalive_module
–without-http_userid_module
–without-http_uwsgi_module
$(CONFIGURE_OPTS) >[email protected]
touch [email protected]

Regards,
M.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs