nginx.git/auto/os, branch release-1.14.1 nginx Fixed capabilities version. 2017-12-19T16:00:27+00:00 Roman Arutyunyan arut@nginx.com 2017-12-19T16:00:27+00:00 ce45ded2a8c1b0c0e601779bcc3e54668a14e271 Previously, capset(2) was called with the 64-bit capabilities version _LINUX_CAPABILITY_VERSION_3. With this version Linux kernel expected two copies of struct __user_cap_data_struct, while only one was submitted. As a result, random stack memory was accessed and random capabilities were requested by the worker. This sometimes caused capset() errors. Now the 32-bit version _LINUX_CAPABILITY_VERSION_1 is used instead. This is OK since CAP_NET_RAW is a 32-bit capability (CAP_NET_RAW = 13). 
Previously, capset(2) was called with the 64-bit capabilities version
_LINUX_CAPABILITY_VERSION_3.  With this version Linux kernel expected two
copies of struct __user_cap_data_struct, while only one was submitted.  As a
result, random stack memory was accessed and random capabilities were requested
by the worker.  This sometimes caused capset() errors.  Now the 32-bit version
_LINUX_CAPABILITY_VERSION_1 is used instead.  This is OK since CAP_NET_RAW is
a 32-bit capability (CAP_NET_RAW = 13).
Improved the capabilities feature detection. 2017-12-18T18:09:39+00:00 Roman Arutyunyan arut@nginx.com 2017-12-18T18:09:39+00:00 0e92c213f51bae95605c19dfee843902e7c8a0ad Previously included file sys/capability.h mentioned in capset(2) man page, belongs to the libcap-dev package, which may not be installed on some Linux systems when compiling nginx. This prevented the capabilities feature from being detected and compiled on that systems. Now linux/capability.h system header is included instead. Since capset() declaration is located in sys/capability.h, now capset() syscall is defined explicitly in code using the SYS_capset constant, similarly to other Linux-specific features in nginx. 
Previously included file sys/capability.h mentioned in capset(2) man page,
belongs to the libcap-dev package, which may not be installed on some Linux
systems when compiling nginx.  This prevented the capabilities feature from
being detected and compiled on that systems.

Now linux/capability.h system header is included instead.  Since capset()
declaration is located in sys/capability.h, now capset() syscall is defined
explicitly in code using the SYS_capset constant, similarly to other
Linux-specific features in nginx.
Retain CAP_NET_RAW capability for transparent proxying. 2017-12-13T17:40:53+00:00 Roman Arutyunyan arut@nginx.com 2017-12-13T17:40:53+00:00 752f66bf7d70fae2bf05fbf5941ff4be52b2b9a5 The capability is retained automatically in unprivileged worker processes after changing UID if transparent proxying is enabled at least once in nginx configuration. The feature is only available in Linux. 
The capability is retained automatically in unprivileged worker processes after
changing UID if transparent proxying is enabled at least once in nginx
configuration.

The feature is only available in Linux.
Configure: set default cacheline size to 64 for aarch64 platforms. 2017-12-11T15:05:35+00:00 Debayan Ghosh debayang.qdt@qualcommdatacenter.com 2017-12-11T15:05:35+00:00 b75f419b2cb9a7ccb92e63e4cee340ca01099c2c 






Configure: use .exe for binaries for all win32 compilers.
2017-06-06T16:37:34+00:00

Orgad Shaneh
orgads@gmail.com

2017-06-06T16:37:34+00:00

90727eb85718504d711258c5a5622896c64030ec












Configure: enabled rpath for NetBSD.
2017-06-02T09:55:31+00:00

Sergey Kandaurov
pluknet@nginx.com

2017-06-02T09:55:31+00:00

f0b0003f381943cb3730038b115bd7f2c9b21cac












Configure: sched_setaffinity() test moved to auto/unix.
2017-05-29T13:48:30+00:00

Maxim Dounin
mdounin@mdounin.ru

2017-05-29T13:48:30+00:00

529ce100586015c75363846c372f484a3ca555fa

The sched_setaffinity() function was introduced in DragonFly BSD 4.7,
so it is no longer Linux-specific.

Prodded by Sepherosa Ziehau.





The sched_setaffinity() function was introduced in DragonFly BSD 4.7,
so it is no longer Linux-specific.

Prodded by Sepherosa Ziehau.







Enabled IPV6_RECVPKTINFO / IPV6_PKTINFO on macOS.
2017-04-17T11:42:12+00:00

Sergey Kandaurov
pluknet@nginx.com

2017-04-17T11:42:12+00:00

97210c717d3740450a6d6cf892efc881e25d90dd

This change allows setting the destination IPv6 address of a UDP datagram
received on a wildcard socket.





This change allows setting the destination IPv6 address of a UDP datagram
received on a wildcard socket.







Configure: removed the --with-ipv6 option.
2016-10-04T13:38:14+00:00

Maxim Dounin
mdounin@mdounin.ru

2016-10-04T13:38:14+00:00

2c84f7af2c97a55bf138a5fcedeb164733dc9bea

IPv6 now compiled-in automatically if support is found.  If there is a need
to disable it for some reason, --with-cc-opt="-DNGX_HAVE_INET6=0" can be used
for this.





IPv6 now compiled-in automatically if support is found.  If there is a need
to disable it for some reason, --with-cc-opt="-DNGX_HAVE_INET6=0" can be used
for this.







Events: support for EPOLLEXCLUSIVE.
2016-07-15T12:18:57+00:00

Valentin Bartenev
vbart@nginx.com

2016-07-15T12:18:57+00:00

5c2dd3913aad5c4bf7d9056e1336025c2703586b

This flag appeared in Linux 4.5 and is useful for avoiding thundering herd
problem.

The current Linux kernel implementation walks the list of exclusive waiters,
and queues an event to each epfd, until it finds the first waiter that has
threads blocked on it via epoll_wait().





This flag appeared in Linux 4.5 and is useful for avoiding thundering herd
problem.

The current Linux kernel implementation walks the list of exclusive waiters,
and queues an event to each epfd, until it finds the first waiter that has
threads blocked on it via epoll_wait().