unit.git/src, branch 1.23.0 Universal Web Application Server Fixing shm buffer leakage when sending over the port queue. 2021-03-25T13:55:16+00:00 Max Romanov max.romanov@nginx.com 2021-03-25T13:55:16+00:00 b8052b050e0111400c59f35e76c013d8ee553ea9 When the shm buffer is sent over the port queue, it needs to be completed because it's sent over the port socket. 
When the shm buffer is sent over the port queue, it needs to be completed
because it's sent over the port socket.
Node.js: used distinct placeholder for version in "package.json". 2021-03-25T13:15:03+00:00 Valentin Bartenev vbart@nginx.com 2021-03-25T13:15:03+00:00 067c6096e2ec306c4fdae6993140fbbdf4f9a6fd This makes the "sed" instruction simpler and more portable, as the previous variant didn't work well on BSD systems due to the "\s" metacharacter. Thanks to Sergey A. Osokin <osa@FreeBSD.org.ru> for spotting this issue. Also, this should prevent accidentally creating a version 1.0.0 package. 
This makes the "sed" instruction simpler and more portable, as the previous
variant didn't work well on BSD systems due to the "\s" metacharacter.

Thanks to Sergey A. Osokin <osa@FreeBSD.org.ru> for spotting this issue.

Also, this should prevent accidentally creating a version 1.0.0 package.
Releasing shm buffers for large body requests. 2021-03-25T11:16:30+00:00 Max Romanov max.romanov@nginx.com 2021-03-25T11:16:30+00:00 9957a959dfd6e60e6fce02c904ad6f768f69c44b This fixes memory and shm file descriptor leakage that occurred when a large request body was passed via shared memory. The leakage was caught with the "test_settings_body_buffer_size" test. The main condition is the "body_buffer_size" value exceeding 10 Mb (a shm segment). Thus, the router was forced to split the body into several shm segments, but these buffers were not freed because of dummy completion handlers. 
This fixes memory and shm file descriptor leakage that occurred when a large
request body was passed via shared memory.  The leakage was caught with the
"test_settings_body_buffer_size" test.  The main condition is the
"body_buffer_size" value exceeding 10 Mb (a shm segment).  Thus, the router was
forced to split the body into several shm segments, but these buffers were not
freed because of dummy completion handlers.
Added ability to configure multiple certificates on a listener. 2021-03-24T20:19:36+00:00 Andrey Suvorov a.suvorov@f5.com 2021-03-24T20:19:36+00:00 d2b0882d89f29fea84b457e0709b6980c8a30a57 The certificate is selected by matching the arriving SNI to the common name and the alternatives names. If no certificate matches the name, the first bundle in the array is chosen. 
The certificate is selected by matching the arriving SNI to the common name and
the alternatives names.  If no certificate matches the name, the first bundle in
the array is chosen.
Certificates: fixed in name attributes processing. 2021-03-24T13:55:47+00:00 Valentin Bartenev vbart@nginx.com 2021-03-24T13:55:47+00:00 699a3ea2ebc86f9e9dc9d59e1d9db488ac4ff352 The idea is to put SAN after CN, but the previous version of the code incorrectly assumed that CN was always present, which caused writes outside the allocated object if there were no standard name attributes. 
The idea is to put SAN after CN, but the previous version of the code
incorrectly assumed that CN was always present, which caused writes
outside the allocated object if there were no standard name attributes.
Certificates: moved SAN processing to a separate function. 2021-03-24T13:38:05+00:00 Valentin Bartenev vbart@nginx.com 2021-03-24T13:38:05+00:00 a6c6dcf5f7856a96881373a2dbd1f14bda396c45 No functional changes. 
No functional changes.
Certficates: fixed counting DNS SAN entries. 2021-03-24T13:38:05+00:00 Valentin Bartenev vbart@nginx.com 2021-03-24T13:38:05+00:00 f18a41c84bb573607eaab9fec0c070cd159493f0 Previously, entries of any type were counted during object allocation but only DNS type entries were actually processed. As a result, if some certificate entries had another type, returning information about the certificate caused uninitialized memory access. 
Previously, entries of any type were counted during object allocation
but only DNS type entries were actually processed.  As a result,
if some certificate entries had another type, returning information
about the certificate caused uninitialized memory access.
Workaround for an OpenSSL bug about not closing /dev/*random. 2021-03-24T08:43:31+00:00 Max Romanov max.romanov@nginx.com 2021-03-24T08:43:31+00:00 f267dd0a8da280d2a803b61c9a309fe51d60d95a This is a workaround for an issue in OpenSSL 1.1.1, where the /dev/random and /dev/urandom files remain open after all listening sockets were removed: - https://github.com/openssl/openssl/issues/7419 
This is a workaround for an issue in OpenSSL 1.1.1, where the /dev/random and
/dev/urandom files remain open after all listening sockets were removed:

 - https://github.com/openssl/openssl/issues/7419
Disabled logging alerts to syslog. 2021-03-24T05:05:07+00:00 Valentin Bartenev vbart@nginx.com 2021-03-24T05:05:07+00:00 b04832da844d1c9e4ce7f7ff387059fbd07f78d3 It feels to be causing more harm than good, because syslog() can be blocking, which is even more critical under resource exhaustion conditions when some alerts are expected. 
It feels to be causing more harm than good, because syslog() can be blocking,
which is even more critical under resource exhaustion conditions when some
alerts are expected.
Fixed building the PHP 5 module with ZTS, broken by dab8544b5440. 2021-03-15T12:03:32+00:00 Valentin Bartenev vbart@nginx.com 2021-03-15T12:03:32+00:00 99337728edbc38ac979b0f23805dbe74920a6bc2 This closes #525 issue on GitHub. 
This closes #525 issue on GitHub.