1. 25 Feb, 2016 5 commits
    • Kirill Smelkov's avatar
      . · 7ebff18d
      Kirill Smelkov authored
      7ebff18d
    • Kirill Smelkov's avatar
    • Kirill Smelkov's avatar
      nginx: v↑ (1.9.12) · dc063b30
      Kirill Smelkov authored
      1.9.4 -> 1.9.12 adds HTTP/2 support and removes SPDY support + other
      bugfixes and improvements. We need HTTP/2 support for GitLab 8.5.
      
      HTTP/2 details:
      
         http://hg.nginx.org/nginx/rev/257b51c37c5a
      
      Full changelog:
      
      ---- 8< ---- http://nginx.org/en/CHANGES
      Changes with nginx 1.9.12                                        24 Feb 2016
      
          *) Feature: Huffman encoding of response headers in HTTP/2.
             Thanks to Vlad Krasnov.
      
          *) Feature: the "worker_cpu_affinity" directive now supports more than
             64 CPUs.
      
          *) Bugfix: compatibility with 3rd party C++ modules; the bug had
             appeared in 1.9.11.
             Thanks to Piotr Sikora.
      
          *) Bugfix: nginx could not be built statically with OpenSSL on Linux;
             the bug had appeared in 1.9.11.
      
          *) Bugfix: the "add_header ... always" directive with an empty value did
             not delete "Last-Modified" and "ETag" header lines from error
             responses.
      
          *) Workaround: "called a function you should not call" and "shutdown
             while in init" messages might appear in logs when using OpenSSL
             1.0.2f.
      
          *) Bugfix: invalid headers might be logged incorrectly.
      
          *) Bugfix: socket leak when using HTTP/2.
      
          *) Bugfix: in the ngx_http_v2_module.
      
      Changes with nginx 1.9.11                                        09 Feb 2016
      
          *) Feature: TCP support in resolver.
      
          *) Feature: dynamic modules.
      
          *) Bugfix: the $request_length variable did not include size of request
             headers when using HTTP/2.
      
          *) Bugfix: in the ngx_http_v2_module.
      
      Changes with nginx 1.9.10                                        26 Jan 2016
      
          *) Security: invalid pointer dereference might occur during DNS server
             response processing if the "resolver" directive was used, allowing an
             attacker who is able to forge UDP packets from the DNS server to
             cause segmentation fault in a worker process (CVE-2016-0742).
      
          *) Security: use-after-free condition might occur during CNAME response
             processing if the "resolver" directive was used, allowing an attacker
             who is able to trigger name resolution to cause segmentation fault in
             a worker process, or might have potential other impact
             (CVE-2016-0746).
      
          *) Security: CNAME resolution was insufficiently limited if the
             "resolver" directive was used, allowing an attacker who is able to
             trigger arbitrary name resolution to cause excessive resource
             consumption in worker processes (CVE-2016-0747).
      
          *) Feature: the "auto" parameter of the "worker_cpu_affinity" directive.
      
          *) Bugfix: the "proxy_protocol" parameter of the "listen" directive did
             not work with IPv6 listen sockets.
      
          *) Bugfix: connections to upstream servers might be cached incorrectly
             when using the "keepalive" directive.
      
          *) Bugfix: proxying used the HTTP method of the original request after
             an "X-Accel-Redirect" redirection.
      
      Changes with nginx 1.9.9                                         09 Dec 2015
      
          *) Bugfix: proxying to unix domain sockets did not work when using
             variables; the bug had appeared in 1.9.8.
      
      Changes with nginx 1.9.8                                         08 Dec 2015
      
          *) Feature: pwritev() support.
      
          *) Feature: the "include" directive inside the "upstream" block.
      
          *) Feature: the ngx_http_slice_module.
      
          *) Bugfix: a segmentation fault might occur in a worker process when
             using LibreSSL; the bug had appeared in 1.9.6.
      
          *) Bugfix: nginx could not be built on OS X in some cases.
      
      Changes with nginx 1.9.7                                         17 Nov 2015
      
          *) Feature: the "nohostname" parameter of logging to syslog.
      
          *) Feature: the "proxy_cache_convert_head" directive.
      
          *) Feature: the $realip_remote_addr variable in the
             ngx_http_realip_module.
      
          *) Bugfix: the "expires" directive might not work when using variables.
      
          *) Bugfix: a segmentation fault might occur in a worker process when
             using HTTP/2; the bug had appeared in 1.9.6.
      
          *) Bugfix: if nginx was built with the ngx_http_v2_module it was
             possible to use the HTTP/2 protocol even if the "http2" parameter of
             the "listen" directive was not specified.
      
          *) Bugfix: in the ngx_http_v2_module.
      
      Changes with nginx 1.9.6                                         27 Oct 2015
      
          *) Bugfix: a segmentation fault might occur in a worker process when
             using HTTP/2.
             Thanks to Piotr Sikora and Denis Andzakovic.
      
          *) Bugfix: the $server_protocol variable was empty when using HTTP/2.
      
          *) Bugfix: backend SSL connections in the stream module might be timed
             out unexpectedly.
      
          *) Bugfix: a segmentation fault might occur in a worker process if
             different ssl_session_cache settings were used in different virtual
             servers.
      
          *) Bugfix: nginx/Windows could not be built with MinGW gcc; the bug had
             appeared in 1.9.4.
             Thanks to Kouhei Sutou.
      
          *) Bugfix: time was not updated when the timer_resolution directive was
             used on Windows.
      
          *) Miscellaneous minor fixes and improvements.
             Thanks to Markus Linnala, Kurtis Nusbaum and Piotr Sikora.
      
      Changes with nginx 1.9.5                                         22 Sep 2015
      
          *) Feature: the ngx_http_v2_module (replaces ngx_http_spdy_module).
             Thanks to Dropbox and Automattic for sponsoring this work.
      
          *) Change: now the "output_buffers" directive uses two buffers by
             default.
      
          *) Change: now nginx limits subrequests recursion, not simultaneous
             subrequests.
      
          *) Change: now nginx checks the whole cache key when returning a
             response from cache.
             Thanks to Gena Makhomed and Sergey Brester.
      
          *) Bugfix: "header already sent" alerts might appear in logs when using
             cache; the bug had appeared in 1.7.5.
      
          *) Bugfix: "writev() failed (4: Interrupted system call)" errors might
             appear in logs when using CephFS and the "timer_resolution" directive
             on Linux.
      
          *) Bugfix: in invalid configurations handling.
             Thanks to Markus Linnala.
      
          *) Bugfix: a segmentation fault occurred in a worker process if the
             "sub_filter" directive was used at http level; the bug had appeared
             in 1.9.4.
      ---- 8< ----
      dc063b30
    • Kirill Smelkov's avatar
      redis: v↑ (2.8.24) · ea9b396b
      Kirill Smelkov authored
      Redis 2.8.23 -> 2.8.24 is a small bugfix release:
      
          --[ Redis 2.8.24 ] Release date: 18 Dec 2015
      
          Upgrade urgency: MODERATE. We fixed a crash that happens very rarely, so
                           updating does not hurt, but most users are unlikely to
                           experience this condition because it requires some odd
                           timing.
      
          * [FIX] lua_struct.c/getnum security issue fixed. (Luca Bruno discovered it,
                  patched by Sun He and Chris Lamb)
          * [FIX] Fix a race condition in processCommand() because of interactions
                  with freeMemoryIfNeeded(). Details in issue #2948 and especially
                  in the commit message d999f5a. (Race found analytically by
                  Oran Agra, patch by Salvatore Sanfilippo)
      
          * [NEW] Log offending memory access address on SIGSEGV/SIGBUS (Salvatore
                  Sanfilippo)
      
      https://raw.githubusercontent.com/antirez/redis/2.8/00-RELEASENOTES
      
      No config changes.
      ea9b396b
    • Kirill Smelkov's avatar
      ruby: v↑ ruby2.1 (2.1.8) · 49da2982
      Kirill Smelkov authored
      Ruby 2.1.8 contains security and other bugfixes
      
          https://www.ruby-lang.org/en/news/2015/12/16/ruby-2-1-8-released/
      49da2982
  2. 24 Feb, 2016 2 commits
  3. 23 Feb, 2016 1 commit
  4. 22 Feb, 2016 1 commit
  5. 21 Feb, 2016 1 commit
  6. 19 Feb, 2016 2 commits
  7. 18 Feb, 2016 2 commits
  8. 17 Feb, 2016 4 commits
  9. 16 Feb, 2016 3 commits
  10. 15 Feb, 2016 5 commits
  11. 13 Feb, 2016 1 commit
    • Kirill Smelkov's avatar
      gitlab: Wait a bit for PostgreSQL to be ready in Unicorn startup · 949e55e2
      Kirill Smelkov authored
      As it was outlined in 5a744de7 (gitlab: Compile assets on instantiation
      and make sure DB is properly setup/migrated before unicorn runs) we are
      performing DB initialization and migration in pre-action as part of
      unicorn startup script. But that currently has one drawback:
      
          if all services start at the same time - e.g. both PostgreSQL and
          Unicorn - and that is a common scenario when SR is compiled and
          instantiated / started, PostgreSQL is usually not yet ready to
          process queries from Unicorn startup script, and first-time Unicorn
          startup fails.
      
      Until now this problem was workarounded by manually starting unicorn
      second time - after some time postgresql is started and ready. But why
      do it manually, if we can do the same logic automatically. So fix it:
      
          in Unicorn startup script wait a bit (up to 5 seconds) for
          PostgreSQL to become ready.
      
      /cc @kazuhiko, @jerome
      949e55e2
  12. 12 Feb, 2016 2 commits
  13. 11 Feb, 2016 11 commits