nginx.git/src, branch release-1.11.5 nginx Modules compatibility: removed dependencies on NGX_MAIL_SSL. 2016-10-10T15:44:17+00:00 Maxim Dounin mdounin@mdounin.ru 2016-10-10T15:44:17+00:00 a6cb8210905f35977276cb3861184e4dad99cc2a External structures are now identical regardless of mail SSL module compiled in or not. 
External structures are now identical regardless of mail SSL module
compiled in or not.
Modules compatibility: removed dependencies on NGX_STREAM_SSL. 2016-10-10T15:44:17+00:00 Maxim Dounin mdounin@mdounin.ru 2016-10-10T15:44:17+00:00 78f91756cdf4523a5dd3e71184b09c2265efee6f External structures are now identical regardless of stream SSL module compiled in or not. 
External structures are now identical regardless of stream SSL module
compiled in or not.
Modules compatibility: compatibility with NGX_HTTP_SSL. 2016-10-10T15:44:17+00:00 Maxim Dounin mdounin@mdounin.ru 2016-10-10T15:44:17+00:00 8fd8c32ccf7987f51d774edfcf7f5a65c75c137a With this change it is now possible to load modules compiled without the "--with-http_ssl_module" configure option into nginx binary compiled with it, and vice versa (if a module doesn't use ssl-specific functions), assuming both use the "--with-compat" option. 
With this change it is now possible to load modules compiled without
the "--with-http_ssl_module" configure option into nginx binary compiled
with it, and vice versa (if a module doesn't use ssl-specific functions),
assuming both use the "--with-compat" option.
Modules compatibility: compatibility with NGX_HAVE_FILE_AIO. 2016-10-10T15:44:17+00:00 Maxim Dounin mdounin@mdounin.ru 2016-10-10T15:44:17+00:00 844c78556bc93343dd1c3c9236b5c16f4e2eac39 With this change it is now possible to load modules compiled without the "--with-file-aio" configure option into nginx binary compiled with it, and vice versa, assuming both use the "--with-compat" option. 
With this change it is now possible to load modules compiled without
the "--with-file-aio" configure option into nginx binary compiled with it,
and vice versa, assuming both use the "--with-compat" option.
Modules compatibility: compatibility with NGX_THREADS. 2016-10-10T15:44:17+00:00 Maxim Dounin mdounin@mdounin.ru 2016-10-10T15:44:17+00:00 9f6e8673f40f7532bf3059bda41e05b545520dd3 With this change it is now possible to load modules compiled without the "--with-threads" configure option into nginx binary compiled with it, and vice versa (if a module does not use thread-specific functions), assuming both use the "--with-compat" option. 
With this change it is now possible to load modules compiled without
the "--with-threads" configure option into nginx binary compiled with it,
and vice versa (if a module does not use thread-specific functions),
assuming both use the "--with-compat" option.
Allowed '-' in method names. 2016-10-10T13:24:50+00:00 Maxim Dounin mdounin@mdounin.ru 2016-10-10T13:24:50+00:00 82ec8492717dcf141eead17fd158ff3f9e072e84 It is used at least by SOAP (M-POST method, defined by RFC 2774) and by WebDAV versioning (VERSION-CONTROL and BASELINE-CONTROL methods, defined by RFC 3253). 
It is used at least by SOAP (M-POST method, defined by RFC 2774) and
by WebDAV versioning (VERSION-CONTROL and BASELINE-CONTROL methods,
defined by RFC 3253).
Core: sockaddr lengths now respected by ngx_cmp_sockaddr(). 2016-10-10T13:15:41+00:00 Maxim Dounin mdounin@mdounin.ru 2016-10-10T13:15:41+00:00 f594b2bf6dbb49f5e2bc27cc3f27f272a7f95c1c Linux can return AF_UNIX sockaddrs with partially filled sun_path, resulting in spurious comparison failures and failed binary upgrades. Added proper checking of the lengths provided. Reported by Jan Seda, http://mailman.nginx.org/pipermail/nginx-devel/2016-September/008832.html. 
Linux can return AF_UNIX sockaddrs with partially filled sun_path,
resulting in spurious comparison failures and failed binary upgrades.
Added proper checking of the lengths provided.

Reported by Jan Seda,
http://mailman.nginx.org/pipermail/nginx-devel/2016-September/008832.html.
Core: ngx_conf_set_access_slot() user access (ticket #1096). 2016-10-07T13:59:14+00:00 Maxim Dounin mdounin@mdounin.ru 2016-10-07T13:59:14+00:00 4c4fdc475450d4faa5a996ff0087ef005ee8a232 Previously, user access bits were always set to "rw" unconditionally, even with "user:r" explicitly specified. With this change we only add default user access bits (0600) if they weren't set explicitly. 
Previously, user access bits were always set to "rw" unconditionally,
even with "user:r" explicitly specified.  With this change we only add
default user access bits (0600) if they weren't set explicitly.
Realip: fixed duplicate processing on redirects (ticket #1098). 2016-10-06T20:16:05+00:00 Maxim Dounin mdounin@mdounin.ru 2016-10-06T20:16:05+00:00 52892835ef16ea15a77e2407099e0de0dfcc8a28 Duplicate processing was possible if the address set by realip was listed in set_realip_from, and there was an internal redirect so module context was cleared. This resulted in exactly the same address being set, so this wasn't a problem before the $realip_remote_addr variable was introduced, though now results in incorrect $realip_remote_addr being picked. Fix is to use ngx_http_realip_get_module_ctx() to look up module context even if it was cleared. Additionally, the order of checks was switched to check the configuration first as it looks more effective. 
Duplicate processing was possible if the address set by realip was
listed in set_realip_from, and there was an internal redirect so module
context was cleared.  This resulted in exactly the same address being set,
so this wasn't a problem before the $realip_remote_addr variable was
introduced, though now results in incorrect $realip_remote_addr being
picked.

Fix is to use ngx_http_realip_get_module_ctx() to look up module context
even if it was cleared.  Additionally, the order of checks was switched to
check the configuration first as it looks more effective.
Stream ssl_preread: fixed $ssl_preread_server_name variable. 2016-10-05T15:11:39+00:00 Sergey Kandaurov pluknet@nginx.com 2016-10-05T15:11:39+00:00 88dc647481a9280fa6cedb0bed61a34123119b3c Made sure to set the variable length only after successful SNI parsing. 
Made sure to set the variable length only after successful SNI parsing.