| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
r4106, r4107, r4108, r4113, r4156, r4157:
*) ngx_http_mp4_module.
*) "video/mp4" mime type added.
|
|
Buffers reuse in chunked filter.
There were 2 buffers allocated on each buffer chain sent through chunked
filter (one buffer for chunk size, another one for trailing CRLF, about
120 bytes in total on 32-bit platforms). This resulted in large memory
consumption with long-lived requests sending many buffer chains. Usual
example of problematic scenario is streaming though proxy with
proxy_buffering set to off.
Introduced buffers reuse reduces memory consumption in the above problematic
scenario.
See here for initial report:
http://mailman.nginx.org/pipermail/nginx/2010-April/019814.html
|
|
Fixed loss of chain links in fastcgi module.
|
|
r4064:
Ranges related fixes:
The "max_ranges" directive.
"max_ranges 0" disables ranges support at all,
"max_ranges 1" allows the single range, etc.
By default number of ranges is unlimited, to be precise, 2^31-1.
If client requests more ranges than "max_ranges" permits,
nginx disables ranges and returns just the source response.
If total size of all ranges is greater than source response size,
then nginx disables ranges and returns just the source response.
This fix should not affect well-behaving applications but will defeat
DoS attempts exploiting malicious byte ranges.
Now unsatisfiable ranges are processed according to RFC 2616.
|
|
SSL related fixes:
*) Fixing proxy_set_body and proxy_pass_request_body with SSL.
Flush flag wasn't set in constructed buffer and this prevented any data
from being actually sent to upstream due to SSL buffering. Make sure
we always set flush in the last buffer we are going to sent.
See here for report:
http://nginx.org/pipermail/nginx-ru/2011-June/041552.html
*) Proper SSL shutdown handling.
If connection has unsent alerts, SSL_shutdown() tries to send them even
if SSL_set_shutdown(SSL_RECEIVED_SHUTDOWN|SSL_SENT_SHUTDOWN) was used.
This can be prevented by SSL_set_quiet_shutdown(). SSL_set_shutdown()
is required nevertheless to preserve session.
|
|
A new fix for the case when ssl_session_cache defined, but ssl is not
enabled in any server. The previous r1033 does not help when unused zone
becomes used after reconfiguration, so it is backed out.
The initial thought was to make SSL modules independed from SSL implementation
and to keep OpenSSL code dependance as much as in separate files.
|
|
|
|
Fix ignored headers handling in fastcgi/scgi/uwsgi.
The bug had appeared in r3561 (fastcgi), r3638 (scgi), r3567 (uwsgi).
|
|
Proxy related fixes:
*) finalizing with rc == 0 in unbuffered proxy mode caused nginx to wait
for another send_timeout before actually closing client's connection
if client timed out while still talking to upstream server
*) update r3945 with more descriptive error message
*) test length of proxy_pass with variables;
patch by Lanshun Zhou
|
|
SSL related fixes:
*) MSIE export versions are rare now, so RSA 512 key is generated on demand
and is shared among all hosts instead of pregenerating for every HTTPS host
on configuraiton phase. This decreases start time for configuration with
large number of HTTPS hosts.
*) ECDHE support; patch by Adrian Kotelba
*) fix build by gcc46 with -Wunused-value option
*) fix SSL connection issues on platforms with 32-bit off_t
*) do not try to reuse and save a SSL session for a peer created on the fly
by ngx_http_upstream_create_round_robin_peer(), since the peer lives
only during request so the saved SSL session will never be used again
and just causes memory leak
|
|
|
|
|
|
patch by Witold Filipczyk
|
|
patch by Rob Stradling
|
|
|
|
|
|
|
|
|
|
patch by Maxim Dounin
|
|
|
|
|
|
|
|
|
|
patch by Alexander Uskov
|
|
|
|
|
|
patch by Adam Bocim
|
|
|
|
its distribution is much better than CRC32's one
|
|
|
|
|
|
the bug has been introduced in r3879
|
|
|
|
is given by expression and refers to a defined upstream
|
|
patch by Adam Bocim
|
|
|
|
|
|
patch by Michael Lustfield
|
|
|
|
|
|
|
|
proxy_pass "http://www", upstream redirects to "http://www.host/uri",
and nginx rewrites it as ".host/uri"
patch by Maxim Dounin
|
|
patch by Denis F. Latypoff
|
|
|
|
|
|
patch by Maxim Dounin
the bug has been introduced in r3461
|
|
|
|
|
|
|
|
|
