| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Fixed loss of chain links in fastcgi module.
|
|
Linux AIO related fixes:
*) Fixing Linux AIO syscalls return value handling:
syscall(2) uses usual libc convention, it returns -1 on error and
sets errno. Obsolete _syscall(2) returns negative value of error.
*) Fixing Linux AIO initiatialization: AIO operations are disabled
if kernel does not support them. Previously worker just exited.
*) The "worker_aio_requests" directive.
The default value is 32 AIO simultaneous requests per worker. Previously
they were hardcoded to 1024, and it was too large, since Linux allocated
them early on io_setup(), but not on request itself. So with default value
of /proc/sys/fs/aio-max-nr equal to 65536 only 64 worker processes could
be run simultaneously. 32 AIO requests are enough for modern disks even if
server runs only 1 worker.
|
|
In Mac OS X Lion, Apple deprecated the use of the system OpenSSL library
in favour of their CommonCrypto library. This change adds a work-around
that allows nginx to still be built on Lion with OpenSSL.
|
|
r4064:
Ranges related fixes:
The "max_ranges" directive.
"max_ranges 0" disables ranges support at all,
"max_ranges 1" allows the single range, etc.
By default number of ranges is unlimited, to be precise, 2^31-1.
If client requests more ranges than "max_ranges" permits,
nginx disables ranges and returns just the source response.
If total size of all ranges is greater than source response size,
then nginx disables ranges and returns just the source response.
This fix should not affect well-behaving applications but will defeat
DoS attempts exploiting malicious byte ranges.
Now unsatisfiable ranges are processed according to RFC 2616.
|
|
open_file_cache related fixes:
*) Bugfix: open_file_cache lost is_directio flag.
On file retest open_file_cache lost is_directio if file wasn't changed.
This caused unaligned operations under Linux to fail with EINVAL.
It wasn't noticeable with AIO though, as errors wasn't properly logged.
*) Bugfix: open_file_cache did not update file info on retest.
If file inode was not changed, cached file information was not updated
on retest. As a result stale information might be cached forever if file
attributes was changed and/or file was extended.
|
|
SSL related fixes:
*) Fixing proxy_set_body and proxy_pass_request_body with SSL.
Flush flag wasn't set in constructed buffer and this prevented any data
from being actually sent to upstream due to SSL buffering. Make sure
we always set flush in the last buffer we are going to sent.
See here for report:
http://nginx.org/pipermail/nginx-ru/2011-June/041552.html
*) Proper SSL shutdown handling.
If connection has unsent alerts, SSL_shutdown() tries to send them even
if SSL_set_shutdown(SSL_RECEIVED_SHUTDOWN|SSL_SENT_SHUTDOWN) was used.
This can be prevented by SSL_set_quiet_shutdown(). SSL_set_shutdown()
is required nevertheless to preserve session.
|
|
A new fix for the case when ssl_session_cache defined, but ssl is not
enabled in any server. The previous r1033 does not help when unused zone
becomes used after reconfiguration, so it is backed out.
The initial thought was to make SSL modules independed from SSL implementation
and to keep OpenSSL code dependance as much as in separate files.
|
|
|
|
Fix ignored headers handling in fastcgi/scgi/uwsgi.
The bug had appeared in r3561 (fastcgi), r3638 (scgi), r3567 (uwsgi).
|
|
Fix buffer overrun under Windows.
|
|
Proxy related fixes:
*) finalizing with rc == 0 in unbuffered proxy mode caused nginx to wait
for another send_timeout before actually closing client's connection
if client timed out while still talking to upstream server
*) update r3945 with more descriptive error message
*) test length of proxy_pass with variables;
patch by Lanshun Zhou
|
|
Lingering closing related fixes:
*) lingering_close "off|on|always"
*) enable lingering close for pipelined requests
*) do not send RST on normal lingering close read timeout,
if reset_timedout_connection is on
|
|
SSL related fixes:
*) MSIE export versions are rare now, so RSA 512 key is generated on demand
and is shared among all hosts instead of pregenerating for every HTTPS host
on configuraiton phase. This decreases start time for configuration with
large number of HTTPS hosts.
*) ECDHE support; patch by Adrian Kotelba
*) fix build by gcc46 with -Wunused-value option
*) fix SSL connection issues on platforms with 32-bit off_t
*) do not try to reuse and save a SSL session for a peer created on the fly
by ngx_http_upstream_create_round_robin_peer(), since the peer lives
only during request so the saved SSL session will never be used again
and just causes memory leak
|
|
Accept-Encoding refactoring:
*) "gzip; q=0" support
*) and removal of ancient MSIE 4.x test for gzip
|
|
Cache fixes:
*) do not close connection if cache file is too small: replace it with
valid one
*) rename ngx_http_file_cache_manager_sleep() to
ngx_http_file_cache_loader_sleep() and do not use it all in cache manager:
this is a vestige of the times when cache manager loaded cache
*) set correct configuration file values while adding path
|
|
Cache loader improvements:
The cache loader performs two tasks: inserting cache objects in inactivity
list and evaluating total cache size. Reading just directory is enough for
this purpose. Elimination of reading cache files saves at least one disk I/O
operation per file.
|
|
Cache size accounting fix: actual cache size on disk was less than
needed by sum of sizes of files loaded by worker processes themselves
while cache loader was running.
The bug has been introduced in r3900.
|
|
|
|
patch by Lanshun Zhou
|
|
|
|
patch by Maxim Dounin
|
|
|
|
by freeing cache at upstream finalize phase
patch by Maxim Dounin
|
|
patch by Witold Filipczyk
|
|
patch by Rob Stradling
|
|
|
|
when non-cachable HEAD response did not not free an expired cache node
|
|
|
|
|
|
|
|
|
|
the bug has been introduced in r3923
|
|
|
|
patch by Maxim Dounin
|
|
|
|
|
|
|
|
|
|
the bug has been introduced in r3700
|
|
patch by Alexander Uskov
|
|
|
|
|
|
patch by Adam Bocim
|
|
number of spinlock spins are increased twice
|
|
|
|
thanks to Maxim Dounin
|
|
|
|
|
|
|
|
instead of file length rounded to a file system block size.
There is no similar way on Windows, so rounding to a cache->bsize is kept.
|
