nginx.git, branch release-1.23.3 nginx nginx-1.23.3-RELEASE 2022-12-13T15:53:53+00:00 Maxim Dounin mdounin@mdounin.ru 2022-12-13T15:53:53+00:00 307123b35988d5fff3eadf544010ef585314a7a5 






Updated OpenSSL and zlib used for win32 builds.
2022-12-13T00:32:57+00:00

Maxim Dounin
mdounin@mdounin.ru

2022-12-13T00:32:57+00:00

3a52c79b44e93a9bc3878c8b6d364dfcd019ac85












Win32: event flags handling edge cases in ngx_wsarecv().
2022-12-01T01:22:36+00:00

Maxim Dounin
mdounin@mdounin.ru

2022-12-01T01:22:36+00:00

5eaa67490a43e4f1088b3ebf533559b424f207f1

Fixed event flags handling edge cases in ngx_wsarecv() and ngx_wsarecv_chain(),
notably to always reset rev->ready in case of errors (which wasn't the case
after ngx_socket_nread() errors), and after EOF (rev->ready was not cleared
if due to a misconfiguration a zero-sized buffer was used for reading).





Fixed event flags handling edge cases in ngx_wsarecv() and ngx_wsarecv_chain(),
notably to always reset rev->ready in case of errors (which wasn't the case
after ngx_socket_nread() errors), and after EOF (rev->ready was not cleared
if due to a misconfiguration a zero-sized buffer was used for reading).







SSL: fixed ngx_ssl_recv() to reset c->read->ready after errors.
2022-12-01T01:22:31+00:00

Maxim Dounin
mdounin@mdounin.ru

2022-12-01T01:22:31+00:00

39892c6265bb36604bbcbd5e315ec3ee0e91c277

With this change, behaviour of ngx_ssl_recv() now matches ngx_unix_recv(),
which used to always reset c->read->ready to 0 when returning errors.

This fixes an infinite loop in unbuffered SSL proxying if writing to the
client is blocked and an SSL error happens (ticket #2418).

With this change, the fix for a similar issue in the stream module
(6868:ee3645078759), which used a different approach of explicitly
testing c->read->error instead, is no longer needed and was reverted.





With this change, behaviour of ngx_ssl_recv() now matches ngx_unix_recv(),
which used to always reset c->read->ready to 0 when returning errors.

This fixes an infinite loop in unbuffered SSL proxying if writing to the
client is blocked and an SSL error happens (ticket #2418).

With this change, the fix for a similar issue in the stream module
(6868:ee3645078759), which used a different approach of explicitly
testing c->read->error instead, is no longer needed and was reverted.







Removed casts from ngx_memcmp() macro.
2022-11-30T15:01:53+00:00

Maxim Dounin
mdounin@mdounin.ru

2022-11-30T15:01:53+00:00

a77cef0995fb29af6602dcdeb560755443cb2cca

Casts are believed to be not needed, since memcmp() has "const void *"
arguments since introduction of the "void" type in C89.  And on pre-C89
platforms nginx is unlikely to compile without warnings anyway, as there
are no casts in memcpy() and memmove() calls.

These casts were added in 1648:89a47f19b9ec without any details on why they
were added, and Igor does not remember details either.  The most plausible
explanation is that they were copied from ngx_strcmp() and were not really
needed even at that time.

Prodded by Alejandro Colomar.





Casts are believed to be not needed, since memcmp() has "const void *"
arguments since introduction of the "void" type in C89.  And on pre-C89
platforms nginx is unlikely to compile without warnings anyway, as there
are no casts in memcpy() and memmove() calls.

These casts were added in 1648:89a47f19b9ec without any details on why they
were added, and Igor does not remember details either.  The most plausible
explanation is that they were copied from ngx_strcmp() and were not really
needed even at that time.

Prodded by Alejandro Colomar.







Fixed alignment of ngx_memmove()/ngx_movemem() macro definitions.
2022-11-30T15:01:43+00:00

Maxim Dounin
mdounin@mdounin.ru

2022-11-30T15:01:43+00:00

e8da064e0d16527a994ec7e3b2937363804b8e30












SSL: fixed debug logging of SSL_sendfile() return value.
2022-11-24T19:08:30+00:00

Sergey Kandaurov
pluknet@nginx.com

2022-11-24T19:08:30+00:00

765ef1098d169622ada67eb4eccad1d45d47a61c












Fixed segfault when switching off master process during upgrade.
2022-11-23T20:48:53+00:00

Maxim Dounin
mdounin@mdounin.ru

2022-11-23T20:48:53+00:00

d52e5684437aedd6bb74d6b2b602b7306f4212ba

Binary upgrades are not supported without master process, but it is,
however, possible, that nginx running with master process is asked
to upgrade binary, and the configuration file as available on disk
at this time includes "master_process off;".

If this happens, listening sockets inherited from the previous binary
will have ls[i].previous set.  But the old cycle on initial process
startup, including startup after binary upgrade, is destroyed by
ngx_init_cycle() once configuration parsing is complete.  As a result,
an attempt to dereference ls[i].previous in ngx_event_process_init()
accesses already freed memory.

Fix is to avoid looking into ls[i].previous if the old cycle is already
freed.

With this change it is also no longer needed to clear ls[i].previous in
worker processes, so the relevant code was removed.





Binary upgrades are not supported without master process, but it is,
however, possible, that nginx running with master process is asked
to upgrade binary, and the configuration file as available on disk
at this time includes "master_process off;".

If this happens, listening sockets inherited from the previous binary
will have ls[i].previous set.  But the old cycle on initial process
startup, including startup after binary upgrade, is destroyed by
ngx_init_cycle() once configuration parsing is complete.  As a result,
an attempt to dereference ls[i].previous in ngx_event_process_init()
accesses already freed memory.

Fix is to avoid looking into ls[i].previous if the old cycle is already
freed.

With this change it is also no longer needed to clear ls[i].previous in
worker processes, so the relevant code was removed.







Disabled cloning of sockets without master process (ticket #2403).
2022-11-23T20:12:04+00:00

Maxim Dounin
mdounin@mdounin.ru

2022-11-23T20:12:04+00:00

593bb543873ac57efade09dbcc2f93ab6b4d5ab0

Cloning of listening sockets for each worker process does not make sense
when working without master process, and causes some of the connections
not to be accepted if worker_processes is set to more than one and there
are listening sockets configured with the reuseport flag.  Fix is to
disable cloning when master process is disabled.





Cloning of listening sockets for each worker process does not make sense
when working without master process, and causes some of the connections
not to be accepted if worker_processes is set to more than one and there
are listening sockets configured with the reuseport flag.  Fix is to
disable cloning when master process is disabled.







Filtering duplicate addresses in listen (ticket #2400).
2022-11-23T14:30:08+00:00

Maxim Dounin
mdounin@mdounin.ru

2022-11-23T14:30:08+00:00

22223c75c9715e568f5710a8eed1fee9e7c2983f

Due to the glibc bug[1], getaddrinfo("localhost") with AI_ADDRCONFIG
on a typical host with glibc and without IPv6 returns two 127.0.0.1
addresses, and therefore "listen localhost:80;" used to result in
"duplicate ... address and port pair" after 4f9b72a229c1.

Fix is to explicitly filter out duplicate addresses returned during
resolution of a name.

[1] https://sourceware.org/bugzilla/show_bug.cgi?id=14969





Due to the glibc bug[1], getaddrinfo("localhost") with AI_ADDRCONFIG
on a typical host with glibc and without IPv6 returns two 127.0.0.1
addresses, and therefore "listen localhost:80;" used to result in
"duplicate ... address and port pair" after 4f9b72a229c1.

Fix is to explicitly filter out duplicate addresses returned during
resolution of a name.

[1] https://sourceware.org/bugzilla/show_bug.cgi?id=14969