nginx.git/src/http, branch release-1.2.5 nginx Merge of r4896: event pipe: fixed handling of buf_to_file data. 2012-11-13T11:24:14+00:00 Maxim Dounin mdounin@mdounin.ru 2012-11-13T11:24:14+00:00 13cda62555b28dd1afb927705eeff0c5f66cdbaf Input filter might free a buffer if there is no data in it, and in case of first buffer (used for cache header and request header, aka p->buf_to_file) this resulted in cache corruption. Buffer memory was reused to read upstream response before headers were written to disk. Fix is to avoid moving pointers in ngx_event_pipe_add_free_buf() to a buffer start if we were asked to free a buffer used by p->buf_to_file. This fixes occasional cache file corruption, usually resulted in "cache file ... has md5 collision" alerts. Reported by Anatoli Marinov. 
Input filter might free a buffer if there is no data in it, and in case
of first buffer (used for cache header and request header, aka p->buf_to_file)
this resulted in cache corruption.  Buffer memory was reused to read upstream
response before headers were written to disk.

Fix is to avoid moving pointers in ngx_event_pipe_add_free_buf() to a buffer
start if we were asked to free a buffer used by p->buf_to_file.

This fixes occasional cache file corruption, usually resulted
in "cache file ... has md5 collision" alerts.

Reported by Anatoli Marinov.
Merge of r4892: keepalive memory usage optimization. 2012-11-13T11:21:31+00:00 Maxim Dounin mdounin@mdounin.ru 2012-11-13T11:21:31+00:00 1954cf149aa79ba2bb1ce0b7b20422ab2ca6c93a The ngx_http_keepalive_handler() function is now trying to not keep c->buffer's memory for idle connections. This behaviour is consistent with the ngx_http_set_keepalive() function and it should decrease memory usage in some cases (especially if epoll/rtsig is used). 
The ngx_http_keepalive_handler() function is now trying to not
keep c->buffer's memory for idle connections.

This behaviour is consistent with the ngx_http_set_keepalive()
function and it should decrease memory usage in some cases (especially
if epoll/rtsig is used).
Merge of r4886, r4887, r4894: log variables generalization: 2012-11-13T10:45:23+00:00 Maxim Dounin mdounin@mdounin.ru 2012-11-13T10:45:23+00:00 3f72b594126f0b05303fadb5a051de24d2646454 *) Log: $apache_bytes_sent removed. It was renamed to $body_bytes_sent in nginx 0.3.10 and the old name is deprecated since then. *) Variable $bytes_sent. It replicates variable $bytes_sent as previously available in log module only. Patch by Benjamin Grössing (with minor changes). *) Variables $connection and $connection_requests. Log module counterparts are removed as they aren't used often and there is no need to preserve them for efficiency. 
*) Log: $apache_bytes_sent removed.  It was renamed to $body_bytes_sent
   in nginx 0.3.10 and the old name is deprecated since then.

*) Variable $bytes_sent.  It replicates variable $bytes_sent as previously
   available in log module only.  Patch by Benjamin Grössing (with minor
   changes).

*) Variables $connection and $connection_requests.  Log module
   counterparts are removed as they aren't used often and there is no
   need to preserve them for efficiency.
Merge of r4885: ssl_verify_client optional_no_ca. 2012-11-13T10:42:16+00:00 Maxim Dounin mdounin@mdounin.ru 2012-11-13T10:42:16+00:00 71b6604e4465b6aac478f04c3608a6be5c6500e6 SSL: the "ssl_verify_client" directive parameter "optional_no_ca". This parameter allows to don't require certificate to be signed by a trusted CA, e.g. if CA certificate isn't known in advance, like in WebID protocol. Note that it doesn't add any security unless the certificate is actually checked to be trusted by some external means (e.g. by a backend). Patch by Mike Kazantsev, Eric O'Connor. 
SSL: the "ssl_verify_client" directive parameter "optional_no_ca".

This parameter allows to don't require certificate to be signed by
a trusted CA, e.g. if CA certificate isn't known in advance, like in
WebID protocol.

Note that it doesn't add any security unless the certificate is actually
checked to be trusted by some external means (e.g. by a backend).

Patch by Mike Kazantsev, Eric O'Connor.
Version bump. 2012-11-12T17:03:38+00:00 Maxim Dounin mdounin@mdounin.ru 2012-11-12T17:03:38+00:00 de68f145bf583e2319809f39ba0807e32f536213 






Merge of r4833: limit req: fix of rbtree node insertion.
2012-09-24T19:11:45+00:00

Maxim Dounin
mdounin@mdounin.ru

2012-09-24T19:11:45+00:00

9e5528f244ad0befd167bee1522def97ebfc6256

Limit req: fix of rbtree node insertion on hash collisions.

The rbtree used in ngx_http_limit_req_module has two level of keys, the top is
hash, and the next is the value string itself. However, when inserting a new
node, only hash has been set, while the value string has been left empty.

The bug was introduced in r4419 (1.1.14).
Found by Charles Chen.





Limit req: fix of rbtree node insertion on hash collisions.

The rbtree used in ngx_http_limit_req_module has two level of keys, the top is
hash, and the next is the value string itself. However, when inserting a new
node, only hash has been set, while the value string has been left empty.

The bug was introduced in r4419 (1.1.14).
Found by Charles Chen.







Merge of r4829: fixed strict aliasing with ipv6 (ticket #201).
2012-09-24T19:06:48+00:00

Maxim Dounin
mdounin@mdounin.ru

2012-09-24T19:06:48+00:00

21ccde77f5b632fc1d780d4533a7efa5be69fe9d

Fixed strict aliasing bugs when dealing with IPv4-mapped IPv6
addresses.





Fixed strict aliasing bugs when dealing with IPv4-mapped IPv6
addresses.







Merge of r4828: "include" with wildcards in map and types blocks.
2012-09-24T19:05:02+00:00

Maxim Dounin
mdounin@mdounin.ru

2012-09-24T19:05:02+00:00

adceda60bde1882fb89a2d7e3c62b93e9337ed5e

The "include" directive should be able to include multiple files if
given a filename mask.  Fixed this to work for "include" directives
inside the "map" or "types" blocks.  The "include" directive inside
the "geo" block is still not fixed.





The "include" directive should be able to include multiple files if
given a filename mask.  Fixed this to work for "include" directives
inside the "map" or "types" blocks.  The "include" directive inside
the "geo" block is still not fixed.







Merge of r4817: geo: fixed handling of ranges without default set.
2012-09-24T19:02:16+00:00

Maxim Dounin
mdounin@mdounin.ru

2012-09-24T19:02:16+00:00

892410148fb5ed8926723306d1af7238327a2101

The bug had appeared in 0.8.43 (r3653).  Patch by Weibin Yao.





The bug had appeared in 0.8.43 (r3653).  Patch by Weibin Yao.







Merge of r4815: map: fixed optimization of variables as values.
2012-09-24T19:00:02+00:00

Maxim Dounin
mdounin@mdounin.ru

2012-09-24T19:00:02+00:00

2953f4aa399922cf865dbab6b0213a074784c90b

Previous code incorrectly used ctx->var_values as an array of pointers to
ngx_http_variable_value_t, but the array contains structures, not pointers.
Additionally, ctx->var_values inspection failed to properly set var on
match.





Previous code incorrectly used ctx->var_values as an array of pointers to
ngx_http_variable_value_t, but the array contains structures, not pointers.
Additionally, ctx->var_values inspection failed to properly set var on
match.