nginx.git, branch release-1.4.6 nginx nginx-1.4.6-RELEASE 2014-03-04T11:46:44+00:00 Maxim Dounin mdounin@mdounin.ru 2014-03-04T11:46:44+00:00 a540e1d027bbc50de986238874924295346d396e 






Request body: avoid potential overflow.
2014-03-03T13:39:53+00:00

Maxim Dounin
mdounin@mdounin.ru

2014-03-03T13:39:53+00:00

03fcee5d78450fcb4a2055a23e538655a93751b7












Upstream: ngx_post_event() instead of upgraded call (ticket #503).
2014-02-18T13:30:40+00:00

Maxim Dounin
mdounin@mdounin.ru

2014-02-18T13:30:40+00:00

d5da8fa776ff62ea3ccb81f8438a4bfe340d364b

If a request is finalized in the first call to the
ngx_http_upstream_process_upgraded() function, e.g., because upstream
server closed the connection for some reason, in the second call
the u->peer.connection pointer will be null, resulting in segmentation
fault.

Fix is to avoid second direct call, and post event instead.  This ensures
that ngx_http_upstream_process_upgraded() won't be called again if
a request is finalized.





If a request is finalized in the first call to the
ngx_http_upstream_process_upgraded() function, e.g., because upstream
server closed the connection for some reason, in the second call
the u->peer.connection pointer will be null, resulting in segmentation
fault.

Fix is to avoid second direct call, and post event instead.  This ensures
that ngx_http_upstream_process_upgraded() won't be called again if
a request is finalized.







Version bump.
2014-03-03T13:22:28+00:00

Maxim Dounin
mdounin@mdounin.ru

2014-03-03T13:22:28+00:00

d08e51c2da86e93a2b375078677b9c430b723019












release-1.4.5 tag
2014-02-11T13:24:43+00:00

Maxim Dounin
mdounin@mdounin.ru

2014-02-11T13:24:43+00:00

6d759fcf1a8e9a78dfc8f2af5aa48304df9d0b77












nginx-1.4.5-RELEASE
2014-02-11T13:24:43+00:00

Maxim Dounin
mdounin@mdounin.ru

2014-02-11T13:24:43+00:00

2a6cf564eb56c21950005e2730667f03e96ca1aa












Updated OpenSSL used for win32 builds.
2014-01-22T12:10:13+00:00

Maxim Dounin
mdounin@mdounin.ru

2014-01-22T12:10:13+00:00

eedc347d8a50297a3b93ed8491dd253bda3a3ef2












Fixed TCP_DEFER_ACCEPT handling (ticket #353).
2014-01-28T11:40:46+00:00

Maxim Dounin
mdounin@mdounin.ru

2014-01-28T11:40:46+00:00

4cdd17f6bff9b27b3b51a8b5f9d4798985485271

Backed out 05a56ebb084a, as it turns out that kernel can return connections
without any delay if syncookies are used.  This basically means we can't
assume anything about connections returned with deferred accept set.

To solve original problem the 05a56ebb084a tried to solve, i.e. to don't
wait longer than needed if a connection was accepted after deferred accept
timeout, this patch changes a timeout set with setsockopt(TCP_DEFER_ACCEPT)
to 1 second, unconditionally.  This is believed to be enough for speed
improvements, and doesn't imply major changes to timeouts used.

Note that before 2.6.32 connections were dropped after a timeout.  Though
it is believed that 1s is still appropriate for kernels before 2.6.32,
as previously tcp_synack_retries controlled the actual timeout and 1s results
in more than 1 minute actual timeout by default.





Backed out 05a56ebb084a, as it turns out that kernel can return connections
without any delay if syncookies are used.  This basically means we can't
assume anything about connections returned with deferred accept set.

To solve original problem the 05a56ebb084a tried to solve, i.e. to don't
wait longer than needed if a connection was accepted after deferred accept
timeout, this patch changes a timeout set with setsockopt(TCP_DEFER_ACCEPT)
to 1 second, unconditionally.  This is believed to be enough for speed
improvements, and doesn't imply major changes to timeouts used.

Note that before 2.6.32 connections were dropped after a timeout.  Though
it is believed that 1s is still appropriate for kernels before 2.6.32,
as previously tcp_synack_retries controlled the actual timeout and 1s results
in more than 1 minute actual timeout by default.







Upstream: reading from a client after connection upgrade.
2014-01-22T12:05:07+00:00

Maxim Dounin
mdounin@mdounin.ru

2014-01-22T12:05:07+00:00

612f981744dd4eaa9c25542d5485844e5109ce7f

Read event on a client connection might have been disabled during
previous processing, and we at least need to handle events.  Calling
ngx_http_upstream_process_upgraded() is a simpliest way to do it.

Notably this change is needed for select, poll and /dev/poll event
methods.

Previous version of this patch was posted here:
http://mailman.nginx.org/pipermail/nginx/2014-January/041839.html





Read event on a client connection might have been disabled during
previous processing, and we at least need to handle events.  Calling
ngx_http_upstream_process_upgraded() is a simpliest way to do it.

Notably this change is needed for select, poll and /dev/poll event
methods.

Previous version of this patch was posted here:
http://mailman.nginx.org/pipermail/nginx/2014-January/041839.html







SSL: fixed $ssl_session_id possible segfault after 97e3769637a7.
2014-01-23T14:32:26+00:00

Maxim Dounin
mdounin@mdounin.ru

2014-01-23T14:32:26+00:00

54316a276d4dd8efab9d4d8fe4154546e3345686

Even during execution of a request it is possible that there will be
no session available, notably in case of renegotiation.  As a result
logging of $ssl_session_id in some cases caused NULL pointer dereference
after revision 97e3769637a7 (1.5.9).  The check added returns an empty
string if there is no session available.





Even during execution of a request it is possible that there will be
no session available, notably in case of renegotiation.  As a result
logging of $ssl_session_id in some cases caused NULL pointer dereference
after revision 97e3769637a7 (1.5.9).  The check added returns an empty
string if there is no session available.