nginx.git/src/http, branch release-1.23.0

Perl: removed unused variables, forgotten in ef6a3a99a81a.

2022-06-14T06:39:58+00:00

Mp4: fixed potential overflow in ngx_http_mp4_crop_stts_data().

2022-06-07T18:58:52+00:00

Both "count" and "duration" variables are 32-bit, so their product might
potentially overflow.  It is used to reduce 64-bit start_time variable,
and with very large start_time this can result in incorrect seeking.

Found by Coverity (CID 1499904).

Upstream: handling of certificates specified as an empty string.

2022-06-07T16:08:57+00:00

Now, if the directive is given an empty string, such configuration cancels
loading of certificates, in particular, if they would be otherwise inherited
from the previous level.  This restores previous behaviour, before variables
support in certificates was introduced (3ab8e1e2f0f7).

Upstream: fixed X-Accel-Expires/Cache-Control/Expires handling.

2022-06-06T21:07:12+00:00

Previously, if caching was disabled due to Expires in the past, nginx
failed to cache the response even if it was cacheable as per subsequently
parsed Cache-Control header (ticket #964).

Similarly, if caching was disabled due to Expires in the past,
"Cache-Control: no-cache" or "Cache-Control: max-age=0", caching was not
used if it was cacheable as per subsequently parsed X-Accel-Expires header.

Fix is to avoid disabling caching immediately after parsing Expires in
the past or Cache-Control, but rather set flags which are later checked by
ngx_http_upstream_process_headers() (and cleared by "Cache-Control: max-age"
and X-Accel-Expires).

Additionally, now X-Accel-Expires does not prevent parsing of cache control
extensions, notably stale-while-revalidate and stale-if-error.  This
ensures that order of the X-Accel-Expires and Cache-Control headers is not
important.

Prodded by Vadim Fedorenko and Yugo Horie.

Upstream: fixed build without http cache (broken by cd73509f21e2).

2022-05-30T21:14:11+00:00

Headers filter: improved memory allocation error handling.

2022-05-30T18:25:57+00:00

Multiple WWW-Authenticate headers with "satisfy any;".

2022-05-30T18:25:56+00:00

If a module adds multiple WWW-Authenticate headers (ticket #485) to the
response, linked in r->headers_out.www_authenticate, all headers are now
cleared if another module later allows access.

This change is a nop for standard modules, since the only access module which
can add multiple WWW-Authenticate headers is the auth request module, and
it is checked after other standard access modules.  Though this might
affect some third party access modules.

Note that if a 3rd party module adds a single WWW-Authenticate header
and not yet modified to set the header's next pointer to NULL, attempt to
clear such a header with this change will result in a segmentation fault.

Auth request: multiple WWW-Authenticate headers (ticket #485).

2022-05-30T18:25:54+00:00

When using auth_request with an upstream server which returns 401
(Unauthorized), multiple WWW-Authenticate headers from the upstream server
response are now properly copied to the response.

Upstream: multiple WWW-Authenticate headers (ticket #485).

2022-05-30T18:25:53+00:00

When using proxy_intercept_errors and an error page for error 401
(Unauthorized), multiple WWW-Authenticate headers from the upstream server
response are now properly copied to the response.

Upstream: handling of multiple Vary headers (ticket #1423).

2022-05-30T18:25:51+00:00

Previously, only the last header value was used when caching.