nginx.git/src/http/modules, branch release-1.13.6 nginx Upstream hash: reordered peer checks. 2017-10-05T14:43:05+00:00 Maxim Dounin mdounin@mdounin.ru 2017-10-05T14:43:05+00:00 53d655f89407af017cd193fd4d8d82118c9c2c80 This slightly reduces cost of selecting a peer if all or almost all peers failed, see ticket #1030. There should be no measureable difference with other workloads. 
This slightly reduces cost of selecting a peer if all or almost all peers
failed, see ticket #1030.  There should be no measureable difference with
other workloads.
Upstream hash: limited number of tries in consistent case. 2017-10-05T14:42:59+00:00 Maxim Dounin mdounin@mdounin.ru 2017-10-05T14:42:59+00:00 a10ec2db91b448029968025d23155e9c383f522d While this may result in non-ideal distribution of requests if nginx won't be able to select a server in a reasonable number of attempts, this still looks better than severe performance degradation observed if there is no limit and there are many points configured (ticket #1030). This is also in line with what we do for other hash balancing methods. 
While this may result in non-ideal distribution of requests if nginx
won't be able to select a server in a reasonable number of attempts,
this still looks better than severe performance degradation observed
if there is no limit and there are many points configured (ticket #1030).
This is also in line with what we do for other hash balancing methods.
Do not use the obsolete NGX_SOCKADDRLEN macro. 2017-09-22T10:10:49+00:00 Ruslan Ermilov ru@nginx.com 2017-09-22T10:10:49+00:00 0cda728c6f9a7bb789d5e1b9123f6654f408c5e9 The change in ac120e797d28 re-used the macro which was made obsolete in adf25b8d0431. 
The change in ac120e797d28 re-used the macro which was made obsolete
in adf25b8d0431.
Removed more remnants of the old pthread implementation. 2017-09-18T08:09:41+00:00 Ruslan Ermilov ru@nginx.com 2017-09-18T08:09:41+00:00 05e87e19aff42a75a290b99f5684a73dbd38a329 After e284f3ff6831, ngx_crypt() can no longer return NGX_AGAIN. 
After e284f3ff6831, ngx_crypt() can no longer return NGX_AGAIN.
Secure link: fixed stack buffer overflow. 2017-08-22T18:22:59+00:00 Roman Arutyunyan arut@nginx.com 2017-08-22T18:22:59+00:00 418124e21983aa53db4d99b7fd2eb0eee7ab4be0 When secure link checksum has length of 23 or 24 bytes, decoded base64 value could occupy 17 or 18 bytes which is more than 16 bytes previously allocated for it on stack. The buffer overflow does not have any security implications since only one local variable was corrupted and this variable was not used in this case. The fix is to increase buffer size up to 18 bytes. Useless buffer size initialization is removed as well. 
When secure link checksum has length of 23 or 24 bytes, decoded base64 value
could occupy 17 or 18 bytes which is more than 16 bytes previously allocated
for it on stack.  The buffer overflow does not have any security implications
since only one local variable was corrupted and this variable was not used in
this case.

The fix is to increase buffer size up to 18 bytes.  Useless buffer size
initialization is removed as well.
SSL: the $ssl_client_escaped_cert variable (ticket #857). 2017-08-22T12:18:10+00:00 Maxim Dounin mdounin@mdounin.ru 2017-08-22T12:18:10+00:00 50a0f25c60bcc0fb46efcab00985c200c08c2b2f This variable contains URL-encoded client SSL certificate. In contrast to $ssl_client_cert, it doesn't depend on deprecated header continuation. The NGX_ESCAPE_URI_COMPONENT variant of encoding is used, so the resulting variable can be safely used not only in headers, but also as a request argument. The $ssl_client_cert variable should be considered deprecated now. The $ssl_client_raw_cert variable will be eventually renambed back to $ssl_client_cert. 
This variable contains URL-encoded client SSL certificate.  In contrast
to $ssl_client_cert, it doesn't depend on deprecated header continuation.
The NGX_ESCAPE_URI_COMPONENT variant of encoding is used, so the resulting
variable can be safely used not only in headers, but also as a request
argument.

The $ssl_client_cert variable should be considered deprecated now.
The $ssl_client_raw_cert variable will be eventually renambed back
to $ssl_client_cert.
Range filter: changed type for total length to off_t. 2017-08-10T19:21:23+00:00 Maxim Dounin mdounin@mdounin.ru 2017-08-10T19:21:23+00:00 008e9caa2a5b784d337422f1dc4290edfb9cc640 Total length of a response with multiple ranges can be larger than a size_t variable can hold, so type changed to off_t. Previously, an incorrect Content-Length was returned when requesting more than 4G of ranges from a large enough file on a 32-bit system. An additional size_t variable introduced to calculate size of the boundary header buffer, as off_t is not needed here and will require type casts on win32. Reported by Shuxin Yang, http://mailman.nginx.org/pipermail/nginx/2017-July/054384.html. 
Total length of a response with multiple ranges can be larger than a size_t
variable can hold, so type changed to off_t.  Previously, an incorrect
Content-Length was returned when requesting more than 4G of ranges from
a large enough file on a 32-bit system.

An additional size_t variable introduced to calculate size of the boundary
header buffer, as off_t is not needed here and will require type casts on
win32.

Reported by Shuxin Yang,
http://mailman.nginx.org/pipermail/nginx/2017-July/054384.html.
Style. 2017-08-10T19:21:20+00:00 Maxim Dounin mdounin@mdounin.ru 2017-08-10T19:21:20+00:00 0f841fcdee784ac3ddbc9a4372114e8847b0a5e0 






Fixed calls to ngx_open_file() in certain places.
2017-08-09T12:03:27+00:00

Sergey Kandaurov
pluknet@nginx.com

2017-08-09T12:03:27+00:00

b986b4314bb4f8fdcbcfe93c89a659d3d18691bc

Pass NGX_FILE_OPEN to ngx_open_file() to fix "The parameter is incorrect"
error on win32 when using the ssl_session_ticket_key directive or loading
a binary geo base.  On UNIX, this change is a no-op.





Pass NGX_FILE_OPEN to ngx_open_file() to fix "The parameter is incorrect"
error on win32 when using the ssl_session_ticket_key directive or loading
a binary geo base.  On UNIX, this change is a no-op.







Style.
2017-08-09T11:59:46+00:00

Sergey Kandaurov
pluknet@nginx.com

2017-08-09T11:59:46+00:00

32c7bd5102571ec20e45f620d2916e612e3b2016