nginx.git/auto, branch release-1.26.2 nginx Configure: fixed building libatomic test. 2024-05-16T09:15:10+00:00 Edgar Bonet bonet@grenoble.cnrs.fr 2024-05-16T09:15:10+00:00 a728869cd10924b991b22c5b50a9317226499271 Using "long *" instead of "AO_t *" leads either to -Wincompatible-pointer-types or -Wpointer-sign warnings, depending on whether long and size_t are compatible types (e.g., ILP32 versus LP64 data models). Notably, -Wpointer-sign warnings are enabled by default in Clang only, and -Wincompatible-pointer-types is an error starting from GCC 14. Signed-off-by: Edgar Bonet <bonet@grenoble.cnrs.fr> 
Using "long *" instead of "AO_t *" leads either to -Wincompatible-pointer-types
or -Wpointer-sign warnings, depending on whether long and size_t are compatible
types (e.g., ILP32 versus LP64 data models).  Notably, -Wpointer-sign warnings
are enabled by default in Clang only, and -Wincompatible-pointer-types is an
error starting from GCC 14.

Signed-off-by: Edgar Bonet <bonet@grenoble.cnrs.fr>
Configure: allow cross-compiling to Windows using Clang. 2024-02-26T20:00:48+00:00 Piotr Sikora piotr@aviatrix.com 2024-02-26T20:00:48+00:00 e3207a17f084c9eb7905ca0f2cfdb1df088fd165 Signed-off-by: Piotr Sikora <piotr@aviatrix.com> 
Signed-off-by: Piotr Sikora <piotr@aviatrix.com>
Configure: fixed "make install" when cross-compiling to Windows. 2024-02-26T20:00:46+00:00 Piotr Sikora piotr@aviatrix.com 2024-02-26T20:00:46+00:00 b595a68df91bee1eb0fa2841837dcf83ae9174f2 Signed-off-by: Piotr Sikora <piotr@aviatrix.com> 
Signed-off-by: Piotr Sikora <piotr@aviatrix.com>
Configure: added support for Homebrew on Apple Silicon. 2024-02-26T20:00:43+00:00 Piotr Sikora piotr@aviatrix.com 2024-02-26T20:00:43+00:00 2deded362ee052564e7359d53c81973c16b18e72 Signed-off-by: Piotr Sikora <piotr@aviatrix.com> 
Signed-off-by: Piotr Sikora <piotr@aviatrix.com>
Configure: set cache line size for more architectures. 2024-03-27T15:36:51+00:00 Sergey Kandaurov pluknet@nginx.com 2024-03-27T15:36:51+00:00 6b1bb998c96278a56d767bc23520c385ab9f3038 Based on a patch by Piotr Sikora. 
Based on a patch by Piotr Sikora.
Configure: fixed Linux crypt_r() test to add libcrypt. 2024-02-26T20:00:38+00:00 Sergey Kandaurov pluknet@nginx.com 2024-02-26T20:00:38+00:00 818f98da1c46785bc23a99efff653febb1e35ac2 Previously, the resulting binary was successfully linked because libcrypt was added in a separate test for crypt(). Patch by Piotr Sikora. 
Previously, the resulting binary was successfully linked
because libcrypt was added in a separate test for crypt().

Patch by Piotr Sikora.
Stream: ngx_stream_pass_module. 2024-02-21T13:36:02+00:00 Roman Arutyunyan arut@nginx.com 2024-02-21T13:36:02+00:00 a168b810e23627070271dc8bab61cfd6f0caddd7 The module allows to pass connections from Stream to other modules such as HTTP or Mail, as well as back to Stream. Previously, this was only possible with proxying. Connections with preread buffer read out from socket cannot be passed. The module allows selective SSL termination based on SNI. stream { server { listen 8000 default_server; ssl_preread on; ... } server { listen 8000; server_name foo.example.com; pass 127.0.0.1:8001; # to HTTP } server { listen 8000; server_name bar.example.com; ... } } http { server { listen 8001 ssl; ... location / { root html; } } } 
The module allows to pass connections from Stream to other modules such as HTTP
or Mail, as well as back to Stream.  Previously, this was only possible with
proxying.  Connections with preread buffer read out from socket cannot be
passed.

The module allows selective SSL termination based on SNI.

    stream {
        server {
            listen 8000 default_server;
            ssl_preread on;
            ...
        }

        server {
            listen 8000;
            server_name foo.example.com;
            pass 127.0.0.1:8001; # to HTTP
        }

        server {
            listen 8000;
            server_name bar.example.com;
            ...
        }
    }

    http {
        server {
            listen 8001 ssl;
            ...

            location / {
                root html;
            }
        }
    }
SSL: avoid using OpenSSL config in build directory (ticket #2404). 2023-06-20T22:29:53+00:00 Maxim Dounin mdounin@mdounin.ru 2023-06-20T22:29:53+00:00 bdea5b703ff6f6fcf98ac8dd4e1e9e5c9ad05017 With this change, the NGX_OPENSSL_NO_CONFIG macro is defined when nginx is asked to build OpenSSL itself. And with this macro automatic loading of OpenSSL configuration (from the build directory) is prevented unless the OPENSSL_CONF environment variable is explicitly set. Note that not loading configuration is broken in OpenSSL 1.1.1 and 1.1.1a (fixed in OpenSSL 1.1.1b, see https://github.com/openssl/openssl/issues/7350). If nginx is used to compile these OpenSSL versions, configuring nginx with NGX_OPENSSL_NO_CONFIG explicitly set to 0 might be used as a workaround. 
With this change, the NGX_OPENSSL_NO_CONFIG macro is defined when nginx
is asked to build OpenSSL itself.  And with this macro automatic loading
of OpenSSL configuration (from the build directory) is prevented unless
the OPENSSL_CONF environment variable is explicitly set.

Note that not loading configuration is broken in OpenSSL 1.1.1 and 1.1.1a
(fixed in OpenSSL 1.1.1b, see https://github.com/openssl/openssl/issues/7350).
If nginx is used to compile these OpenSSL versions, configuring nginx with
NGX_OPENSSL_NO_CONFIG explicitly set to 0 might be used as a workaround.
HTTP/2: removed server push (ticket #2432). 2023-06-08T12:56:46+00:00 Sergey Kandaurov pluknet@nginx.com 2023-06-08T12:56:46+00:00 6915d2fb2e88e0c339fe37b37ce14f5fe446c1c6 Although it has better implementation status than HTTP/3 server push, it remains of limited use, with adoption numbers seen as negligible. Per IETF 102 materials, server push was used only in 0.04% of sessions. It was considered to be "difficult to use effectively" in RFC 9113. Its use is further limited by badly matching to fetch/cache/connection models in browsers, see related discussions linked from [1]. Server push was disabled in Chrome 106 [2]. The http2_push, http2_push_preload, and http2_max_concurrent_pushes directives are made obsolete. In particular, this essentially reverts 7201:641306096f5b and 7207:3d2b0b02bd3d. [1] https://jakearchibald.com/2017/h2-push-tougher-than-i-thought/ [2] https://chromestatus.com/feature/6302414934114304 
Although it has better implementation status than HTTP/3 server push,
it remains of limited use, with adoption numbers seen as negligible.
Per IETF 102 materials, server push was used only in 0.04% of sessions.
It was considered to be "difficult to use effectively" in RFC 9113.
Its use is further limited by badly matching to fetch/cache/connection
models in browsers, see related discussions linked from [1].

Server push was disabled in Chrome 106 [2].

The http2_push, http2_push_preload, and http2_max_concurrent_pushes
directives are made obsolete.  In particular, this essentially reverts
7201:641306096f5b and 7207:3d2b0b02bd3d.

[1] https://jakearchibald.com/2017/h2-push-tougher-than-i-thought/
[2] https://chromestatus.com/feature/6302414934114304
Stream: removed QUIC support. 2023-05-14T08:05:35+00:00 Roman Arutyunyan arut@nginx.com 2023-05-14T08:05:35+00:00 779bfcff5f7544494c7c85ac73f41a033e749528