nginx.git, branch release-1.13.8 nginx nginx-1.13.8-RELEASE 2017-12-26T16:01:11+00:00 Maxim Dounin mdounin@mdounin.ru 2017-12-26T16:01:11+00:00 3860a5e6c930aeafffd200de3263d0b2cccda415 






Updated OpenSSL used for win32 builds.
2017-12-26T14:48:49+00:00

Maxim Dounin
mdounin@mdounin.ru

2017-12-26T14:48:49+00:00

9402b8154762a1389694453daa413dce5454c20e












Contrib: vim syntax, listen options.
2017-12-25T16:30:01+00:00

Gena Makhomed
gmm@csdoc.com

2017-12-25T16:30:01+00:00

44c16b2e7026657c099e01436b680c07b28eae71












Contrib: vim syntax, update core module directives.
2017-12-25T15:57:01+00:00

Gena Makhomed
gmm@csdoc.com

2017-12-25T15:57:01+00:00

6e0d2f898d0b6abf720ebc133495ffebe8d6b2a0












Contrib: updated vim syntax rules for variables.
2017-12-25T16:41:00+00:00

Maxim Dounin
mdounin@mdounin.ru

2017-12-25T16:41:00+00:00

9bc0ced4a78b52cd8ea57ceb1a3ec9c103316284

Non-quoted parameters are allowed to contain variables in curly brackets
(see d91a8c4ac6bb), so vim syntax rules were adjusted accordingly.





Non-quoted parameters are allowed to contain variables in curly brackets
(see d91a8c4ac6bb), so vim syntax rules were adjusted accordingly.







Allowed configuration token to start with a variable.
2017-12-21T10:29:40+00:00

Roman Arutyunyan
arut@nginx.com

2017-12-21T10:29:40+00:00

0ad556fe59ad132dc4d34dea9e80f2ff2c3c1314

Specifically, it is now allowed to start with a variable expression with braces:
${name}.  The opening curly bracket in such a token was previously considered
the start of a new block.  Variables located anywhere else in a token worked
fine: foo${name}.





Specifically, it is now allowed to start with a variable expression with braces:
${name}.  The opening curly bracket in such a token was previously considered
the start of a new block.  Variables located anywhere else in a token worked
fine: foo${name}.







Fixed capabilities version.
2017-12-19T16:00:27+00:00

Roman Arutyunyan
arut@nginx.com

2017-12-19T16:00:27+00:00

ce45ded2a8c1b0c0e601779bcc3e54668a14e271

Previously, capset(2) was called with the 64-bit capabilities version
_LINUX_CAPABILITY_VERSION_3.  With this version Linux kernel expected two
copies of struct __user_cap_data_struct, while only one was submitted.  As a
result, random stack memory was accessed and random capabilities were requested
by the worker.  This sometimes caused capset() errors.  Now the 32-bit version
_LINUX_CAPABILITY_VERSION_1 is used instead.  This is OK since CAP_NET_RAW is
a 32-bit capability (CAP_NET_RAW = 13).





Previously, capset(2) was called with the 64-bit capabilities version
_LINUX_CAPABILITY_VERSION_3.  With this version Linux kernel expected two
copies of struct __user_cap_data_struct, while only one was submitted.  As a
result, random stack memory was accessed and random capabilities were requested
by the worker.  This sometimes caused capset() errors.  Now the 32-bit version
_LINUX_CAPABILITY_VERSION_1 is used instead.  This is OK since CAP_NET_RAW is
a 32-bit capability (CAP_NET_RAW = 13).







Improved the capabilities feature detection.
2017-12-18T18:09:39+00:00

Roman Arutyunyan
arut@nginx.com

2017-12-18T18:09:39+00:00

0e92c213f51bae95605c19dfee843902e7c8a0ad

Previously included file sys/capability.h mentioned in capset(2) man page,
belongs to the libcap-dev package, which may not be installed on some Linux
systems when compiling nginx.  This prevented the capabilities feature from
being detected and compiled on that systems.

Now linux/capability.h system header is included instead.  Since capset()
declaration is located in sys/capability.h, now capset() syscall is defined
explicitly in code using the SYS_capset constant, similarly to other
Linux-specific features in nginx.





Previously included file sys/capability.h mentioned in capset(2) man page,
belongs to the libcap-dev package, which may not be installed on some Linux
systems when compiling nginx.  This prevented the capabilities feature from
being detected and compiled on that systems.

Now linux/capability.h system header is included instead.  Since capset()
declaration is located in sys/capability.h, now capset() syscall is defined
explicitly in code using the SYS_capset constant, similarly to other
Linux-specific features in nginx.







Retain CAP_NET_RAW capability for transparent proxying.
2017-12-13T17:40:53+00:00

Roman Arutyunyan
arut@nginx.com

2017-12-13T17:40:53+00:00

752f66bf7d70fae2bf05fbf5941ff4be52b2b9a5

The capability is retained automatically in unprivileged worker processes after
changing UID if transparent proxying is enabled at least once in nginx
configuration.

The feature is only available in Linux.





The capability is retained automatically in unprivileged worker processes after
changing UID if transparent proxying is enabled at least once in nginx
configuration.

The feature is only available in Linux.







Use sysconf to determine cacheline size at runtime.
2017-12-11T16:28:11+00:00

Debayan Ghosh
debayang.qdt@qualcommdatacenter.com

2017-12-11T16:28:11+00:00

d2d737e70b46429ef9ed71b99402a9151f3c2e1f

Determine cacheline size at runtime if supported
using sysconf(_SC_LEVEL1_DCACHE_LINESIZE). In case not supported,
fallback to compile time defaults.





Determine cacheline size at runtime if supported
using sysconf(_SC_LEVEL1_DCACHE_LINESIZE). In case not supported,
fallback to compile time defaults.