nginx.git, branch release-1.15.8 nginx nginx-1.15.8-RELEASE 2018-12-25T14:53:03+00:00 Maxim Dounin mdounin@mdounin.ru 2018-12-25T14:53:03+00:00 2eedb3ff0c6f00bf72ca941cc374053b41953af4 






Autoindex: fixed possible integer overflow on 32-bit systems.
2018-12-25T09:59:24+00:00

Vladimir Homutov
vl@nginx.com

2018-12-25T09:59:24+00:00

910f330ad0caa49fe901e9426ef00d95d45ba32c












Contrib: vim syntax, update core and 3rd party module directives.
2018-12-24T14:30:10+00:00

Gena Makhomed
gmm@csdoc.com

2018-12-24T14:30:10+00:00

8610ddd09240f5e0658e7f74f99a4a29ec413583












Win32: removed NGX_DIR_MASK concept.
2018-12-24T18:07:05+00:00

Maxim Dounin
mdounin@mdounin.ru

2018-12-24T18:07:05+00:00

aa741f87273f2137d9a52080593c5fe6f1d1b0ea

Previous interface of ngx_open_dir() assumed that passed directory name
has a room for NGX_DIR_MASK at the end (NGX_DIR_MASK_LEN bytes).  While all
direct users of ngx_dir_open() followed this interface, this also implied
similar requirements for indirect uses - in particular, via ngx_walk_tree().

Currently none of ngx_walk_tree() uses provides appropriate space, and
fixing this does not look like a right way to go.  Instead, ngx_dir_open()
interface was changed to not require any additional space and use
appropriate allocations instead.





Previous interface of ngx_open_dir() assumed that passed directory name
has a room for NGX_DIR_MASK at the end (NGX_DIR_MASK_LEN bytes).  While all
direct users of ngx_dir_open() followed this interface, this also implied
similar requirements for indirect uses - in particular, via ngx_walk_tree().

Currently none of ngx_walk_tree() uses provides appropriate space, and
fixing this does not look like a right way to go.  Instead, ngx_dir_open()
interface was changed to not require any additional space and use
appropriate allocations instead.







Userid: using stub for AF_UNIX addresses.
2018-12-24T16:55:00+00:00

Sergey Kandaurov
pluknet@nginx.com

2018-12-24T16:55:00+00:00

499bb2655ee16e4659d571b413b1ea54fd19dcd1

Previously, AF_UNIX addresses misbehaved as AF_INET, which typically resulted
in $uid_set composed from the middle of sun_path.





Previously, AF_UNIX addresses misbehaved as AF_INET, which typically resulted
in $uid_set composed from the middle of sun_path.







SSL: avoid reading on pending SSL_write_early_data().
2018-12-18T12:15:15+00:00

Sergey Kandaurov
pluknet@nginx.com

2018-12-18T12:15:15+00:00

2a11bf0f77358a1116b3ef56c949b242582e798c

If SSL_write_early_data() returned SSL_ERROR_WANT_WRITE, stop further reading
using a newly introduced c->ssl->write_blocked flag, as otherwise this would
result in SSL error "ssl3_write_bytes:bad length".  Eventually, normal reading
will be restored by read event posted from successful SSL_write_early_data().

While here, place "SSL_write_early_data: want write" debug on the path.





If SSL_write_early_data() returned SSL_ERROR_WANT_WRITE, stop further reading
using a newly introduced c->ssl->write_blocked flag, as otherwise this would
result in SSL error "ssl3_write_bytes:bad length".  Eventually, normal reading
will be restored by read event posted from successful SSL_write_early_data().

While here, place "SSL_write_early_data: want write" debug on the path.







Geo: fixed handling of AF_UNIX client addresses (ticket #1684).
2018-12-14T15:11:06+00:00

Maxim Dounin
mdounin@mdounin.ru

2018-12-14T15:11:06+00:00

ce4a23d144762cfa27c0e4b13f74cada2f7486a8

Previously, AF_UNIX client addresses were handled as AF_INET, leading
to unexpected results.





Previously, AF_UNIX client addresses were handled as AF_INET, leading
to unexpected results.







Upstream: implemented $upstream_bytes_sent.
2018-12-13T14:23:07+00:00

Ruslan Ermilov
ru@nginx.com

2018-12-13T14:23:07+00:00

cb4dd56771c1af082bf3e810436712b4f48f2cf2












Resolver: report SRV resolve failure if all A resolves failed.
2018-12-11T16:41:22+00:00

Roman Arutyunyan
arut@nginx.com

2018-12-11T16:41:22+00:00

8e2949e56a13405a157e05b21aa4c4a5fa468335

Previously, if an SRV record was successfully resolved, but all of its A
records failed to resolve, NXDOMAIN was returned to the caller, which is
considered a successful resolve rather than an error.  This could result in
losing the result of a previous successful resolve by the caller.

Now NXDOMAIN is only returned if at least one A resolve completed with this
code.  Otherwise the error state of the first A resolve is returned.





Previously, if an SRV record was successfully resolved, but all of its A
records failed to resolve, NXDOMAIN was returned to the caller, which is
considered a successful resolve rather than an error.  This could result in
losing the result of a previous successful resolve by the caller.

Now NXDOMAIN is only returned if at least one A resolve completed with this
code.  Otherwise the error state of the first A resolve is returned.







Copy regex unnamed captures to cloned subrequests.
2018-12-11T10:09:00+00:00

Roman Arutyunyan
arut@nginx.com

2018-12-11T10:09:00+00:00

746fba0d79c6909e9e09b4d1cb9ddbf052ab545e

Previously, unnamed regex captures matched in the parent request, were not
available in a cloned subrequest.  Now 3 fields related to unnamed captures
are copied to a cloned subrequest: r->ncaptures, r->captures and
r->captures_data.  Since r->captures cannot be changed by either request after
creating a clone, a new flag r->realloc_captures is introduced to force
reallocation of r->captures.

The issue was reported as a proxy_cache_background_update misbehavior in
http://mailman.nginx.org/pipermail/nginx/2018-December/057251.html.





Previously, unnamed regex captures matched in the parent request, were not
available in a cloned subrequest.  Now 3 fields related to unnamed captures
are copied to a cloned subrequest: r->ncaptures, r->captures and
r->captures_data.  Since r->captures cannot be changed by either request after
creating a clone, a new flag r->realloc_captures is introduced to force
reallocation of r->captures.

The issue was reported as a proxy_cache_background_update misbehavior in
http://mailman.nginx.org/pipermail/nginx/2018-December/057251.html.