| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
was not properly skipped. The bug has been introduced in r4057.
|
|
|
|
|
|
|
|
|
|
|
|
then nginx disables ranges and returns just the source response.
This fix should not affect well-behaving applications but will defeat
DoS attempts exploiting malicious byte ranges.
|
|
needed by sum of sizes of files loaded by worker processes themselves
while cache loader was running.
The bug has been introduced in r3900.
|
|
SSL_set_SSL_CTX() doesn't touch values cached within ssl connection
structure, it only changes certificates (at least as of now, OpenSSL
1.0.0d and earlier).
As a result settings like ssl_verify_client, ssl_verify_depth,
ssl_prefer_server_ciphers are only configurable on per-socket basis while
with SNI it should be possible to specify them different for two servers
listening on the same socket.
Workaround is to explicitly re-apply settings we care about from context
to ssl connection in servername callback.
Note that SSL_clear_options() is only available in OpenSSL 0.9.8m+. I.e.
with older versions it is not possible to clear ssl_prefer_server_ciphers
option if it's set in default server for a socket.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- fixed "<br>" lookup (eliminates the need in " <br/>" hacks)
- fixed maximum length for unbreakable input
- fixed space lookup (allows a space at column 77 to break a line)
|
|
|
|
|
|
Non-daemon mode is currently used by supervisord, daemontools and so on
or during debugging. The NOACCEPT signal is only used for online upgrade
which is not supported when nginx is run under supervisord, etc.,
so this change should not break existant setups.
|
|
now cache loader processes either as many files as specified by loader_files
or works no more than time specified by loader_threshold during each iteration.
loader_threshold was previously used to decrease loader_files or
to increase loader_timeout and this might eventually result in
downgrading loader_files to 1 and increasing loader_timeout to large values
causing loading cache for forever.
|
|
|
|
NetBSD 5.0+ has SO_ACCEPTFILTER support merged from FreeBSD, and having
accept filter check in FreeBSD-specific ngx_freebsd_config.h prevents it
from being used on NetBSD. Therefore move the check into configure (and
do the same for Linux-specific TCP_DEFER_ACCEPT, just to be in line).
|
|
The bug had appeared in r3561 (fastcgi), r3638 (scgi), r3567 (uwsgi).
|
|
|
|
- Pass string params to xsltproc.
- Removed extraneous rule bodies.
|
|
Previously only first log level was required to be correct, while error_log
directive in fact accepts list of levels (e.g. one may specify "error_log ...
debug_core debug_http;"). This resulted in (avoidable) wierd behaviour on
missing semicolon after error_log directive, e.g.
error_log /path/to/log info
index index.php;
silently skipped index directive and it's arguments (trying to interpret
them as log levels without checking to be correct).
|
|
Previous allocation only took into account number of non-backup servers, and
this caused memory corruption with many backup servers.
See report here:
http://mailman.nginx.org/pipermail/nginx/2011-May/026531.html
|
|
The following configuration causes nginx to hog cpu due to infinite loop
in ngx_http_upstream_get_peer():
upstream backend {
server 127.0.0.1:8080 down;
server 127.0.0.1:8080 down;
}
server {
...
location / {
proxy_pass http://backend;
}
}
Make sure we don't loop infinitely in ngx_http_upstream_get_peer() but stop
after resetting peer weights once.
Return 0 if we are stuck. This is guaranteed to work as peer 0 always exists,
and eventually ngx_http_upstream_get_round_robin_peer() will do the right
thing falling back to backup servers or returning NGX_BUSY.
|
|
Flush flag wasn't set in constructed buffer and this prevented any data
from being actually sent to upstream due to SSL buffering. Make sure
we always set flush in the last buffer we are going to sent.
See here for report:
http://nginx.org/pipermail/nginx-ru/2011-June/041552.html
|
|
|
|
|
|
If there were preread data and request body was big enough first part
of the request body was duplicated.
See report here:
http://mailman.nginx.org/pipermail/nginx/2011-July/027756.html
|
|
Previously all available data was used as body, resulting in garbage after
real body e.g. in case of pipelined requests. Make sure to use only as many
bytes as request's Content-Length specifies.
|
|
At least Sun Studio 12 has problems with bit-fields exposed by nginx code
(caught by test suite). They seems to be fixed in Sun Studio 12.1. As a
workaround use "-fast -xalias_level=any" for older versions, it resolves
the problem.
|
|
Patch by Denis Ivanov.
|
|
Catch up with new Linux version numbering scheme as announced at [1] and
suppress unrecognized versions to actually use default 0.
[1] https://lkml.org/lkml/2011/5/29/204
|
|
(which will soon link to Trac).
- Commented out reference to non-existing nginx.conf(5).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
enabled in any server. The previous r1033 does not help when unused zone
becomes used after reconfiguration, so it is backed out.
The initial thought was to make SSL modules independed from SSL implementation
and to keep OpenSSL code dependance as much as in separate files.
|
