nginx.git/auto, branch release-1.13.8 nginx Fixed capabilities version. 2017-12-19T16:00:27+00:00 Roman Arutyunyan arut@nginx.com 2017-12-19T16:00:27+00:00 ce45ded2a8c1b0c0e601779bcc3e54668a14e271 Previously, capset(2) was called with the 64-bit capabilities version _LINUX_CAPABILITY_VERSION_3. With this version Linux kernel expected two copies of struct __user_cap_data_struct, while only one was submitted. As a result, random stack memory was accessed and random capabilities were requested by the worker. This sometimes caused capset() errors. Now the 32-bit version _LINUX_CAPABILITY_VERSION_1 is used instead. This is OK since CAP_NET_RAW is a 32-bit capability (CAP_NET_RAW = 13). 
Previously, capset(2) was called with the 64-bit capabilities version
_LINUX_CAPABILITY_VERSION_3.  With this version Linux kernel expected two
copies of struct __user_cap_data_struct, while only one was submitted.  As a
result, random stack memory was accessed and random capabilities were requested
by the worker.  This sometimes caused capset() errors.  Now the 32-bit version
_LINUX_CAPABILITY_VERSION_1 is used instead.  This is OK since CAP_NET_RAW is
a 32-bit capability (CAP_NET_RAW = 13).
Improved the capabilities feature detection. 2017-12-18T18:09:39+00:00 Roman Arutyunyan arut@nginx.com 2017-12-18T18:09:39+00:00 0e92c213f51bae95605c19dfee843902e7c8a0ad Previously included file sys/capability.h mentioned in capset(2) man page, belongs to the libcap-dev package, which may not be installed on some Linux systems when compiling nginx. This prevented the capabilities feature from being detected and compiled on that systems. Now linux/capability.h system header is included instead. Since capset() declaration is located in sys/capability.h, now capset() syscall is defined explicitly in code using the SYS_capset constant, similarly to other Linux-specific features in nginx. 
Previously included file sys/capability.h mentioned in capset(2) man page,
belongs to the libcap-dev package, which may not be installed on some Linux
systems when compiling nginx.  This prevented the capabilities feature from
being detected and compiled on that systems.

Now linux/capability.h system header is included instead.  Since capset()
declaration is located in sys/capability.h, now capset() syscall is defined
explicitly in code using the SYS_capset constant, similarly to other
Linux-specific features in nginx.
Retain CAP_NET_RAW capability for transparent proxying. 2017-12-13T17:40:53+00:00 Roman Arutyunyan arut@nginx.com 2017-12-13T17:40:53+00:00 752f66bf7d70fae2bf05fbf5941ff4be52b2b9a5 The capability is retained automatically in unprivileged worker processes after changing UID if transparent proxying is enabled at least once in nginx configuration. The feature is only available in Linux. 
The capability is retained automatically in unprivileged worker processes after
changing UID if transparent proxying is enabled at least once in nginx
configuration.

The feature is only available in Linux.
Use sysconf to determine cacheline size at runtime. 2017-12-11T16:28:11+00:00 Debayan Ghosh debayang.qdt@qualcommdatacenter.com 2017-12-11T16:28:11+00:00 d2d737e70b46429ef9ed71b99402a9151f3c2e1f Determine cacheline size at runtime if supported using sysconf(_SC_LEVEL1_DCACHE_LINESIZE). In case not supported, fallback to compile time defaults. 
Determine cacheline size at runtime if supported
using sysconf(_SC_LEVEL1_DCACHE_LINESIZE). In case not supported,
fallback to compile time defaults.
Configure: set default cacheline size to 64 for aarch64 platforms. 2017-12-11T15:05:35+00:00 Debayan Ghosh debayang.qdt@qualcommdatacenter.com 2017-12-11T15:05:35+00:00 b75f419b2cb9a7ccb92e63e4cee340ca01099c2c 






Configure: fixed SO_BINDANY comment.
2017-12-07T14:09:36+00:00

Maxim Dounin
mdounin@mdounin.ru

2017-12-07T14:09:36+00:00

40f1c48b53707c8e448330a865b48778a3a7ece6












Configure: moved IP_BIND_ADDRESS_NO_PORT test.
2017-12-07T14:09:33+00:00

Maxim Dounin
mdounin@mdounin.ru

2017-12-07T14:09:33+00:00

6ff1340262fbb13f1b9c71a92b647f0e05555d11

In 2c7b488a61fb, IP_BIND_ADDRESS_NO_PORT test was accidentally placed
between SO_BINDANY, IP_TRANSPARENT, and IP_BINDANY tests.  Moved it after
these tests.





In 2c7b488a61fb, IP_BIND_ADDRESS_NO_PORT test was accidentally placed
between SO_BINDANY, IP_TRANSPARENT, and IP_BINDANY tests.  Moved it after
these tests.







Configure: fixed clang detection on MINIX.
2017-11-23T13:33:40+00:00

Maxim Dounin
mdounin@mdounin.ru

2017-11-23T13:33:40+00:00

7a7fc708fb7f6739dc6652ee1f14da1f9e24650d

As per POSIX, basic regular expressions have no alternations, and the
interpretation of the "\|" construct is undefined.  At least on MINIX
and Solaris grep interprets "\|" as literal "|", and not as an alternation
as GNU grep does.  Removed such constructs introduced in f1daa0356a1d.
This fixes clang detection on MINIX.





As per POSIX, basic regular expressions have no alternations, and the
interpretation of the "\|" construct is undefined.  At least on MINIX
and Solaris grep interprets "\|" as literal "|", and not as an alternation
as GNU grep does.  Removed such constructs introduced in f1daa0356a1d.
This fixes clang detection on MINIX.







Mirror module.
2017-07-20T05:50:49+00:00

Roman Arutyunyan
arut@nginx.com

2017-07-20T05:50:49+00:00

3900d1cb3cf39963d909604923f7e7af6ecf99fd












Precontent phase.
2017-07-20T12:51:11+00:00

Roman Arutyunyan
arut@nginx.com

2017-07-20T12:51:11+00:00

129b06dc5dfab7b4513a4f274b3778cd9b8a6a22

The phase is added instead of the try_files phase.  Unlike the old phase, the
new one supports registering multiple handlers.  The try_files implementation is
moved to a separate ngx_http_try_files_module, which now registers a precontent
phase handler.





The phase is added instead of the try_files phase.  Unlike the old phase, the
new one supports registering multiple handlers.  The try_files implementation is
moved to a separate ngx_http_try_files_module, which now registers a precontent
phase handler.