diff options
author | nginx <nginx@nginx.org> | 2013-06-04 13:36:05 +0000 |
---|---|---|
committer | Jon Kolb <jon@b0g.us> | 2013-06-04 13:36:05 +0000 |
commit | e876b1828765ac655a4a16b80d95a575f1ecddd5 (patch) | |
tree | 7e99440af48ef92e28bdd180753f179fb5d2a33d | |
parent | 6a8e32347b151ac766bf8c33d6df770e0040e602 (diff) | |
download | nginx-e876b1828765ac655a4a16b80d95a575f1ecddd5.tar.gz |
Changes with nginx 1.5.1 04 Jun 2013v1.5.1
*) Feature: the "ssi_last_modified", "sub_filter_last_modified", and
"xslt_last_modified" directives.
Thanks to Alexey Kolpakov.
*) Feature: the "http_403" parameter of the "proxy_next_upstream",
"fastcgi_next_upstream", "scgi_next_upstream", and
"uwsgi_next_upstream" directives.
*) Feature: the "allow" and "deny" directives now support unix domain
sockets.
*) Bugfix: nginx could not be built with the ngx_mail_ssl_module, but
without ngx_http_ssl_module; the bug had appeared in 1.3.14.
*) Bugfix: in the "proxy_set_body" directive.
Thanks to Lanshun Zhou.
*) Bugfix: in the "lingering_time" directive.
Thanks to Lanshun Zhou.
*) Bugfix: the "fail_timeout" parameter of the "server" directive in the
"upstream" context might not work if "max_fails" parameter was used;
the bug had appeared in 1.3.0.
*) Bugfix: a segmentation fault might occur in a worker process if the
"ssl_stapling" directive was used.
Thanks to Piotr Sikora.
*) Bugfix: in the mail proxy server.
Thanks to Filipe Da Silva.
*) Bugfix: nginx/Windows might stop accepting connections if several
worker processes were used.
44 files changed, 402 insertions, 150 deletions
@@ -1,4 +1,41 @@ +Changes with nginx 1.5.1 04 Jun 2013 + + *) Feature: the "ssi_last_modified", "sub_filter_last_modified", and + "xslt_last_modified" directives. + Thanks to Alexey Kolpakov. + + *) Feature: the "http_403" parameter of the "proxy_next_upstream", + "fastcgi_next_upstream", "scgi_next_upstream", and + "uwsgi_next_upstream" directives. + + *) Feature: the "allow" and "deny" directives now support unix domain + sockets. + + *) Bugfix: nginx could not be built with the ngx_mail_ssl_module, but + without ngx_http_ssl_module; the bug had appeared in 1.3.14. + + *) Bugfix: in the "proxy_set_body" directive. + Thanks to Lanshun Zhou. + + *) Bugfix: in the "lingering_time" directive. + Thanks to Lanshun Zhou. + + *) Bugfix: the "fail_timeout" parameter of the "server" directive in the + "upstream" context might not work if "max_fails" parameter was used; + the bug had appeared in 1.3.0. + + *) Bugfix: a segmentation fault might occur in a worker process if the + "ssl_stapling" directive was used. + Thanks to Piotr Sikora. + + *) Bugfix: in the mail proxy server. + Thanks to Filipe Da Silva. + + *) Bugfix: nginx/Windows might stop accepting connections if several + worker processes were used. + + Changes with nginx 1.5.0 07 May 2013 *) Security: a stack-based buffer overflow might occur in a worker diff --git a/CHANGES.ru b/CHANGES.ru index 1087b3a4f..48e9ccc62 100644 --- a/CHANGES.ru +++ b/CHANGES.ru @@ -1,4 +1,40 @@ +Изменения в nginx 1.5.1 04.06.2013 + + *) Добавление: директивы ssi_last_modified, sub_filter_last_modified и + xslt_last_modified. + Спасибо Алексею Колпакову. + + *) Добавление: параметр http_403 в директивах proxy_next_upstream, + fastcgi_next_upstream, scgi_next_upstream и uwsgi_next_upstream. + + *) Добавление: директивы allow и deny теперь поддерживают unix domain + сокеты. + + *) Исправление: nginx не собирался с модулем ngx_mail_ssl_module, но без + модуля ngx_http_ssl_module; ошибка появилась в 1.3.14. + + *) Исправление: в директиве proxy_set_body. + Спасибо Lanshun Zhou. + + *) Исправление: в директиве lingering_time. + Спасибо Lanshun Zhou. + + *) Исправление: параметр fail_timeout директивы server в блоке upstream + мог не работать, если использовался параметр max_fails; ошибка + появилась в 1.3.0. + + *) Исправление: в рабочем процессе мог произойти segmentation fault, + если использовалась директива ssl_stapling. + Спасибо Piotr Sikora. + + *) Исправление: в почтовом прокси-сервере. + Спасибо Filipe Da Silva. + + *) Исправление: nginx/Windows мог перестать принимать соединения, если + использовалось несколько рабочих процессов. + + Изменения в nginx 1.5.0 07.05.2013 *) Безопасность: при обработке специально созданного запроса мог diff --git a/auto/os/darwin b/auto/os/darwin index 590e03697..b97518a6e 100644 --- a/auto/os/darwin +++ b/auto/os/darwin @@ -112,5 +112,5 @@ ngx_feature_incs="#include <libkern/OSAtomic.h>" ngx_feature_path= ngx_feature_libs= ngx_feature_test="int32_t lock, n; - n = OSAtomicCompareAndSwap32Barrier(0, 1, lock)" + n = OSAtomicCompareAndSwap32Barrier(0, 1, &lock)" . auto/feature diff --git a/src/core/nginx.h b/src/core/nginx.h index be20460eb..c0588a9f5 100644 --- a/src/core/nginx.h +++ b/src/core/nginx.h @@ -9,8 +9,8 @@ #define _NGINX_H_INCLUDED_ -#define nginx_version 1005000 -#define NGINX_VERSION "1.5.0" +#define nginx_version 1005001 +#define NGINX_VERSION "1.5.1" #define NGINX_VER "nginx/" NGINX_VERSION #define NGINX_VAR "NGINX" diff --git a/src/core/ngx_conf_file.c b/src/core/ngx_conf_file.c index a26267213..0d12ec2cd 100644 --- a/src/core/ngx_conf_file.c +++ b/src/core/ngx_conf_file.c @@ -225,6 +225,11 @@ ngx_conf_parse(ngx_conf_t *cf, ngx_str_t *filename) * "types { ... }" directive */ + if (rc == NGX_CONF_BLOCK_START) { + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "unexpected \"{\""); + goto failed; + } + rv = (*cf->handler)(cf, NULL, cf->handler_conf); if (rv == NGX_CONF_OK) { continue; diff --git a/src/core/ngx_conf_file.h b/src/core/ngx_conf_file.h index 237e6ecea..d73a6c8bf 100644 --- a/src/core/ngx_conf_file.h +++ b/src/core/ngx_conf_file.h @@ -5,8 +5,8 @@ */ -#ifndef _NGX_HTTP_CONF_FILE_H_INCLUDED_ -#define _NGX_HTTP_CONF_FILE_H_INCLUDED_ +#ifndef _NGX_CONF_FILE_H_INCLUDED_ +#define _NGX_CONF_FILE_H_INCLUDED_ #include <ngx_config.h> @@ -337,4 +337,4 @@ extern ngx_uint_t ngx_max_module; extern ngx_module_t *ngx_modules[]; -#endif /* _NGX_HTTP_CONF_FILE_H_INCLUDED_ */ +#endif /* _NGX_CONF_FILE_H_INCLUDED_ */ diff --git a/src/event/ngx_event.c b/src/event/ngx_event.c index b7205f45b..c4c61204b 100644 --- a/src/event/ngx_event.c +++ b/src/event/ngx_event.c @@ -607,6 +607,17 @@ ngx_event_process_init(ngx_cycle_t *cycle) ngx_use_accept_mutex = 0; } +#if (NGX_WIN32) + + /* + * disable accept mutex on win32 as it may cause deadlock if + * grabbed by a process which can't accept connections + */ + + ngx_use_accept_mutex = 0; + +#endif + #if (NGX_THREADS) ngx_posted_events_mutex = ngx_mutex_init(cycle->log, 0); if (ngx_posted_events_mutex == NULL) { diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c index 62ce12c14..50746e7ac 100644 --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -15,7 +15,7 @@ typedef struct { } ngx_openssl_conf_t; -static int ngx_http_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store); +static int ngx_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store); static void ngx_ssl_info_callback(const ngx_ssl_conn_t *ssl_conn, int where, int ret); static void ngx_ssl_handshake_handler(ngx_event_t *ev); @@ -342,7 +342,7 @@ ngx_ssl_client_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert, { STACK_OF(X509_NAME) *list; - SSL_CTX_set_verify(ssl->ctx, SSL_VERIFY_PEER, ngx_http_ssl_verify_callback); + SSL_CTX_set_verify(ssl->ctx, SSL_VERIFY_PEER, ngx_ssl_verify_callback); SSL_CTX_set_verify_depth(ssl->ctx, depth); @@ -457,7 +457,7 @@ ngx_ssl_crl(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *crl) static int -ngx_http_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store) +ngx_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store) { #if (NGX_DEBUG) char *subject, *issuer; @@ -517,7 +517,8 @@ ngx_ssl_info_callback(const ngx_ssl_conn_t *ssl_conn, int where, int ret) RSA * -ngx_ssl_rsa512_key_callback(SSL *ssl, int is_export, int key_length) +ngx_ssl_rsa512_key_callback(ngx_ssl_conn_t *ssl_conn, int is_export, + int key_length) { static RSA *key; diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h index bf81d2529..790702ea8 100644 --- a/src/event/ngx_event_openssl.h +++ b/src/event/ngx_event_openssl.h @@ -109,7 +109,8 @@ ngx_int_t ngx_ssl_stapling(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file, ngx_str_t *responder, ngx_uint_t verify); ngx_int_t ngx_ssl_stapling_resolver(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_resolver_t *resolver, ngx_msec_t resolver_timeout); -RSA *ngx_ssl_rsa512_key_callback(SSL *ssl, int is_export, int key_length); +RSA *ngx_ssl_rsa512_key_callback(ngx_ssl_conn_t *ssl_conn, int is_export, + int key_length); ngx_int_t ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file); ngx_int_t ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *name); ngx_int_t ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx, diff --git a/src/event/ngx_event_openssl_stapling.c b/src/event/ngx_event_openssl_stapling.c index aaa8d8ac4..23097f33d 100644 --- a/src/event/ngx_event_openssl_stapling.c +++ b/src/event/ngx_event_openssl_stapling.c @@ -611,15 +611,14 @@ ngx_ssl_stapling_ocsp_handler(ngx_ssl_ocsp_ctx_t *ctx) != 1) { ngx_log_error(NGX_LOG_ERR, ctx->log, 0, - "certificate status not found in the OCSP response", - n, OCSP_response_status_str(n)); + "certificate status not found in the OCSP response"); goto error; } if (n != V_OCSP_CERTSTATUS_GOOD) { ngx_log_error(NGX_LOG_ERR, ctx->log, 0, "certificate status \"%s\" in the OCSP response", - n, OCSP_cert_status_str(n)); + OCSP_cert_status_str(n)); goto error; } @@ -823,7 +822,7 @@ ngx_ssl_ocsp_resolve_handler(ngx_resolver_ctx_t *resolve) ngx_uint_t i; struct sockaddr_in *sin; - ngx_log_debug0(NGX_LOG_ALERT, ctx->log, 0, + ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ctx->log, 0, "ssl ocsp resolve handler"); if (resolve->state) { diff --git a/src/http/modules/ngx_http_access_module.c b/src/http/modules/ngx_http_access_module.c index 70a4262fc..fcee40ca0 100644 --- a/src/http/modules/ngx_http_access_module.c +++ b/src/http/modules/ngx_http_access_module.c @@ -26,11 +26,22 @@ typedef struct { #endif +#if (NGX_HAVE_UNIX_DOMAIN) + +typedef struct { + ngx_uint_t deny; /* unsigned deny:1; */ +} ngx_http_access_rule_un_t; + +#endif + typedef struct { ngx_array_t *rules; /* array of ngx_http_access_rule_t */ #if (NGX_HAVE_INET6) ngx_array_t *rules6; /* array of ngx_http_access_rule6_t */ #endif +#if (NGX_HAVE_UNIX_DOMAIN) + ngx_array_t *rules_un; /* array of ngx_http_access_rule_un_t */ +#endif } ngx_http_access_loc_conf_t; @@ -41,6 +52,10 @@ static ngx_int_t ngx_http_access_inet(ngx_http_request_t *r, static ngx_int_t ngx_http_access_inet6(ngx_http_request_t *r, ngx_http_access_loc_conf_t *alcf, u_char *p); #endif +#if (NGX_HAVE_UNIX_DOMAIN) +static ngx_int_t ngx_http_access_unix(ngx_http_request_t *r, + ngx_http_access_loc_conf_t *alcf); +#endif static ngx_int_t ngx_http_access_found(ngx_http_request_t *r, ngx_uint_t deny); static char *ngx_http_access_rule(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); @@ -144,6 +159,19 @@ ngx_http_access_handler(ngx_http_request_t *r) return ngx_http_access_inet6(r, alcf, p); } + break; + +#endif + +#if (NGX_HAVE_UNIX_DOMAIN) + + case AF_UNIX: + if (alcf->rules_un) { + return ngx_http_access_unix(r, alcf); + } + + break; + #endif } @@ -221,6 +249,25 @@ ngx_http_access_inet6(ngx_http_request_t *r, ngx_http_access_loc_conf_t *alcf, #endif +#if (NGX_HAVE_UNIX_DOMAIN) + +static ngx_int_t +ngx_http_access_unix(ngx_http_request_t *r, ngx_http_access_loc_conf_t *alcf) +{ + ngx_uint_t i; + ngx_http_access_rule_un_t *rule_un; + + rule_un = alcf->rules_un->elts; + for (i = 0; i < alcf->rules_un->nelts; i++) { + return ngx_http_access_found(r, rule_un[i].deny); + } + + return NGX_DECLINED; +} + +#endif + + static ngx_int_t ngx_http_access_found(ngx_http_request_t *r, ngx_uint_t deny) { @@ -246,13 +293,16 @@ ngx_http_access_rule(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { ngx_http_access_loc_conf_t *alcf = conf; - ngx_int_t rc; - ngx_uint_t all; - ngx_str_t *value; - ngx_cidr_t cidr; - ngx_http_access_rule_t *rule; + ngx_int_t rc; + ngx_uint_t all; + ngx_str_t *value; + ngx_cidr_t cidr; + ngx_http_access_rule_t *rule; #if (NGX_HAVE_INET6) - ngx_http_access_rule6_t *rule6; + ngx_http_access_rule6_t *rule6; +#endif +#if (NGX_HAVE_UNIX_DOMAIN) + ngx_http_access_rule_un_t *rule_un; #endif ngx_memzero(&cidr, sizeof(ngx_cidr_t)); @@ -263,7 +313,19 @@ ngx_http_access_rule(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) if (!all) { +#if (NGX_HAVE_UNIX_DOMAIN) + + if (value[1].len == 5 && ngx_strcmp(value[1].data, "unix:") == 0) { + cidr.family = AF_UNIX; + rc = NGX_OK; + + } else { + rc = ngx_ptocidr(&value[1], &cidr); + } + +#else rc = ngx_ptocidr(&value[1], &cidr); +#endif if (rc == NGX_ERROR) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, @@ -277,11 +339,28 @@ ngx_http_access_rule(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) } } - switch (cidr.family) { + if (cidr.family == AF_INET || all) { + + if (alcf->rules == NULL) { + alcf->rules = ngx_array_create(cf->pool, 4, + sizeof(ngx_http_access_rule_t)); + if (alcf->rules == NULL) { + return NGX_CONF_ERROR; + } + } + + rule = ngx_array_push(alcf->rules); + if (rule == NULL) { + return NGX_CONF_ERROR; + } + + rule->mask = cidr.u.in.mask; + rule->addr = cidr.u.in.addr; + rule->deny = (value[0].data[0] == 'd') ? 1 : 0; + } #if (NGX_HAVE_INET6) - case AF_INET6: - case 0: /* all */ + if (cidr.family == AF_INET6 || all) { if (alcf->rules6 == NULL) { alcf->rules6 = ngx_array_create(cf->pool, 4, @@ -299,33 +378,28 @@ ngx_http_access_rule(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) rule6->mask = cidr.u.in6.mask; rule6->addr = cidr.u.in6.addr; rule6->deny = (value[0].data[0] == 'd') ? 1 : 0; - - if (!all) { - break; - } - - /* "all" passes through */ + } #endif - default: /* AF_INET */ +#if (NGX_HAVE_UNIX_DOMAIN) + if (cidr.family == AF_UNIX || all) { - if (alcf->rules == NULL) { - alcf->rules = ngx_array_create(cf->pool, 4, - sizeof(ngx_http_access_rule_t)); - if (alcf->rules == NULL) { + if (alcf->rules_un == NULL) { + alcf->rules_un = ngx_array_create(cf->pool, 1, + sizeof(ngx_http_access_rule_un_t)); + if (alcf->rules_un == NULL) { return NGX_CONF_ERROR; } } - rule = ngx_array_push(alcf->rules); - if (rule == NULL) { + rule_un = ngx_array_push(alcf->rules_un); + if (rule_un == NULL) { return NGX_CONF_ERROR; } - rule->mask = cidr.u.in.mask; - rule->addr = cidr.u.in.addr; - rule->deny = (value[0].data[0] == 'd') ? 1 : 0; + rule_un->deny = (value[0].data[0] == 'd') ? 1 : 0; } +#endif return NGX_CONF_OK; } @@ -351,20 +425,22 @@ ngx_http_access_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child) ngx_http_access_loc_conf_t *prev = parent; ngx_http_access_loc_conf_t *conf = child; + if (conf->rules == NULL #if (NGX_HAVE_INET6) - - if (conf->rules == NULL && conf->rules6 == NULL) { + && conf->rules6 == NULL +#endif +#if (NGX_HAVE_UNIX_DOMAIN) + && conf->rules_un == NULL +#endif + ) { conf->rules = prev->rules; +#if (NGX_HAVE_INET6) conf->rules6 = prev->rules6; - } - -#else - - if (conf->rules == NULL) { - conf->rules = prev->rules; - } - #endif +#if (NGX_HAVE_UNIX_DOMAIN) + conf->rules_un = prev->rules_un; +#endif + } return NGX_CONF_OK; } diff --git a/src/http/modules/ngx_http_autoindex_module.c b/src/http/modules/ngx_http_autoindex_module.c index fb46d65d1..e3dcfd07e 100644 --- a/src/http/modules/ngx_http_autoindex_module.c +++ b/src/http/modules/ngx_http_autoindex_module.c @@ -357,7 +357,7 @@ ngx_http_autoindex_handler(ngx_http_request_t *r) if (ngx_close_dir(&dir) == NGX_ERROR) { ngx_log_error(NGX_LOG_ALERT, r->connection->log, ngx_errno, - ngx_close_dir_n " \"%s\" failed", &path); + ngx_close_dir_n " \"%V\" failed", &path); } escape_html = ngx_escape_html(NULL, r->uri.data, r->uri.len); diff --git a/src/http/modules/ngx_http_fastcgi_module.c b/src/http/modules/ngx_http_fastcgi_module.c index f386926da..0b186d792 100644 --- a/src/http/modules/ngx_http_fastcgi_module.c +++ b/src/http/modules/ngx_http_fastcgi_module.c @@ -185,6 +185,7 @@ static ngx_conf_bitmask_t ngx_http_fastcgi_next_upstream_masks[] = { { ngx_string("invalid_header"), NGX_HTTP_UPSTREAM_FT_INVALID_HEADER }, { ngx_string("http_500"), NGX_HTTP_UPSTREAM_FT_HTTP_500 }, { ngx_string("http_503"), NGX_HTTP_UPSTREAM_FT_HTTP_503 }, + { ngx_string("http_403"), NGX_HTTP_UPSTREAM_FT_HTTP_403 }, { ngx_string("http_404"), NGX_HTTP_UPSTREAM_FT_HTTP_404 }, { ngx_string("updating"), NGX_HTTP_UPSTREAM_FT_UPDATING }, { ngx_string("off"), NGX_HTTP_UPSTREAM_FT_OFF }, diff --git a/src/http/modules/ngx_http_memcached_module.c b/src/http/modules/ngx_http_memcached_module.c index 278b1ed8a..c36ad0ffb 100644 --- a/src/http/modules/ngx_http_memcached_module.c +++ b/src/http/modules/ngx_http_memcached_module.c @@ -197,7 +197,6 @@ ngx_http_memcached_handler(ngx_http_request_t *r) return NGX_HTTP_INTERNAL_SERVER_ERROR; } - ctx->rest = NGX_HTTP_MEMCACHED_END; ctx->request = r; ngx_http_set_ctx(r, ctx, ngx_http_memcached_module); @@ -309,10 +308,15 @@ ngx_http_memcached_process_header(ngx_http_request_t *r) found: - *p = '\0'; - - line.len = p - u->buffer.pos - 1; line.data = u->buffer.pos; + line.len = p - u->buffer.pos; + + if (line.len == 0 || *(p - 1) != CR) { + goto no_valid; + } + + *p = '\0'; + line.len--; ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "memcached: \"%V\"", &line); @@ -387,10 +391,9 @@ found: length: start = p; + p = line.data + line.len; - while (*p && *p++ != CR) { /* void */ } - - u->headers_in.content_length_n = ngx_atoof(start, p - start - 1); + u->headers_in.content_length_n = ngx_atoof(start, p - start); if (u->headers_in.content_length_n == -1) { ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "memcached sent invalid length in response \"%V\" " @@ -401,7 +404,7 @@ found: u->headers_in.status_n = 200; u->state->status = 200; - u->buffer.pos = p + 1; + u->buffer.pos = p + sizeof(CRLF) - 1; return NGX_OK; } @@ -410,8 +413,10 @@ found: ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, "key: \"%V\" was not found by memcached", &ctx->key); + u->headers_in.content_length_n = 0; u->headers_in.status_n = 404; u->state->status = 404; + u->buffer.pos = p + sizeof("END" CRLF) - 1; u->keepalive = 1; return NGX_OK; @@ -435,7 +440,10 @@ ngx_http_memcached_filter_init(void *data) u = ctx->request->upstream; - u->length += NGX_HTTP_MEMCACHED_END; + if (u->headers_in.status_n != 404) { + u->length += NGX_HTTP_MEMCACHED_END; + ctx->rest = NGX_HTTP_MEMCACHED_END; + } return NGX_OK; } diff --git a/src/http/modules/ngx_http_mp4_module.c b/src/http/modules/ngx_http_mp4_module.c index 20ef51af2..f9281a371 100644 --- a/src/http/modules/ngx_http_mp4_module.c +++ b/src/http/modules/ngx_http_mp4_module.c @@ -202,6 +202,8 @@ typedef struct { &((ngx_http_mp4_trak_t *) mp4->trak.elts)[mp4->trak.nelts - 1] +static ngx_int_t ngx_http_mp4_handler(ngx_http_request_t *r); + static ngx_int_t ngx_http_mp4_process(ngx_http_mp4_file_t *mp4); static ngx_int_t ngx_http_mp4_read_atom(ngx_http_mp4_file_t *mp4, ngx_http_mp4_atom_handler_t *atom, uint64_t atom_data_size); @@ -280,10 +282,12 @@ static ngx_int_t ngx_http_mp4_update_co64_atom(ngx_http_mp4_file_t *mp4, ngx_http_mp4_trak_t *trak); static void ngx_http_mp4_adjust_co64_atom(ngx_http_mp4_file_t *mp4, ngx_http_mp4_trak_t *trak, off_t adjustment); + static char *ngx_http_mp4(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); static void *ngx_http_mp4_create_conf(ngx_conf_t *cf); static char *ngx_http_mp4_merge_conf(ngx_conf_t *cf, void *parent, void *child); + static ngx_command_t ngx_http_mp4_commands[] = { { ngx_string("mp4"), @@ -518,47 +522,51 @@ ngx_http_mp4_handler(ngx_http_request_t *r) ngx_set_errno(0); start = (int) (strtod((char *) value.data, NULL) * 1000); - if (ngx_errno == 0 && start >= 0) { - r->allow_ranges = 0; - - mp4 = ngx_pcalloc(r->pool, sizeof(ngx_http_mp4_file_t)); - if (mp4 == NULL) { - return NGX_HTTP_INTERNAL_SERVER_ERROR; - } + if (ngx_errno != 0) { + start = -1; + } + } + } - mp4->file.fd = of.fd; - mp4->file.name = path; - mp4->file.log = r->connection->log;; - mp4->end = of.size; - mp4->start = (ngx_uint_t) start; - mp4->request = r; + if (start >= 0) { + r->allow_ranges = 0; - switch (ngx_http_mp4_process(mp4)) { + mp4 = ngx_pcalloc(r->pool, sizeof(ngx_http_mp4_file_t)); + if (mp4 == NULL) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } - case NGX_DECLINED: - if (mp4->buffer) { - ngx_pfree(r->pool, mp4->buffer); - } + mp4->file.fd = of.fd; + mp4->file.name = path; + mp4->file.log = r->connection->log;; + mp4->end = of.size; + mp4->start = (ngx_uint_t) start; + mp4->request = r; - ngx_pfree(r->pool, mp4); - mp4 = NULL; + switch (ngx_http_mp4_process(mp4)) { - break; + case NGX_DECLINED: + if (mp4->buffer) { + ngx_pfree(r->pool, mp4->buffer); + } - case NGX_OK: - r->headers_out.content_length_n = mp4->content_length; - break; + ngx_pfree(r->pool, mp4); + mp4 = NULL; - default: /* NGX_ERROR */ - if (mp4->buffer) { - ngx_pfree(r->pool, mp4->buffer); - } + break; - ngx_pfree(r->pool, mp4); + case NGX_OK: + r->headers_out.content_length_n = mp4->content_length; + break; - return NGX_HTTP_INTERNAL_SERVER_ERROR; - } + default: /* NGX_ERROR */ + if (mp4->buffer) { + ngx_pfree(r->pool, mp4->buffer); } + + ngx_pfree(r->pool, mp4); + + return NGX_HTTP_INTERNAL_SERVER_ERROR; } } diff --git a/src/http/modules/ngx_http_proxy_module.c b/src/http/modules/ngx_http_proxy_module.c index 892ee27cb..2cf0133a3 100644 --- a/src/http/modules/ngx_http_proxy_module.c +++ b/src/http/modules/ngx_http_proxy_module.c @@ -178,6 +178,7 @@ static ngx_conf_bitmask_t ngx_http_proxy_next_upstream_masks[] = { { ngx_string("http_502"), NGX_HTTP_UPSTREAM_FT_HTTP_502 }, { ngx_string("http_503"), NGX_HTTP_UPSTREAM_FT_HTTP_503 }, { ngx_string("http_504"), NGX_HTTP_UPSTREAM_FT_HTTP_504 }, + { ngx_string("http_403"), NGX_HTTP_UPSTREAM_FT_HTTP_403 }, { ngx_string("http_404"), NGX_HTTP_UPSTREAM_FT_HTTP_404 }, { ngx_string("updating"), NGX_HTTP_UPSTREAM_FT_UPDATING }, { ngx_string("off"), NGX_HTTP_UPSTREAM_FT_OFF }, @@ -615,7 +616,8 @@ static ngx_http_variable_t ngx_http_proxy_vars[] = { #endif { ngx_string("proxy_internal_body_length"), NULL, - ngx_http_proxy_internal_body_length_variable, 0, NGX_HTTP_VAR_NOHASH, 0 }, + ngx_http_proxy_internal_body_length_variable, 0, + NGX_HTTP_VAR_NOCACHEABLE|NGX_HTTP_VAR_NOHASH, 0 }, { ngx_null_string, NULL, NULL, 0, 0, 0 } }; @@ -992,6 +994,8 @@ ngx_http_proxy_create_request(ngx_http_request_t *r) len += uri_len; + ngx_memzero(&le, sizeof(ngx_http_script_engine_t)); + ngx_http_script_flush_no_cacheable_variables(r, plcf->flushes); if (plcf->body_set_len) { diff --git a/src/http/modules/ngx_http_referer_module.c b/src/http/modules/ngx_http_referer_module.c index d8a014c5b..d18b8b9d8 100644 --- a/src/http/modules/ngx_http_referer_module.c +++ b/src/http/modules/ngx_http_referer_module.c @@ -396,8 +396,7 @@ ngx_http_valid_referers(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) ngx_str_set(&name, "invalid_referer"); - var = ngx_http_add_variable(cf, &name, - NGX_HTTP_VAR_CHANGEABLE|NGX_HTTP_VAR_NOHASH); + var = ngx_http_add_variable(cf, &name, NGX_HTTP_VAR_CHANGEABLE); if (var == NULL) { return NGX_CONF_ERROR; } diff --git a/src/http/modules/ngx_http_scgi_module.c b/src/http/modules/ngx_http_scgi_module.c index 49cc96d24..e8f822ca0 100644 --- a/src/http/modules/ngx_http_scgi_module.c +++ b/src/http/modules/ngx_http_scgi_module.c @@ -65,6 +65,7 @@ static ngx_conf_bitmask_t ngx_http_scgi_next_upstream_masks[] = { { ngx_string("invalid_header"), NGX_HTTP_UPSTREAM_FT_INVALID_HEADER }, { ngx_string("http_500"), NGX_HTTP_UPSTREAM_FT_HTTP_500 }, { ngx_string("http_503"), NGX_HTTP_UPSTREAM_FT_HTTP_503 }, + { ngx_string("http_403"), NGX_HTTP_UPSTREAM_FT_HTTP_403 }, { ngx_string("http_404"), NGX_HTTP_UPSTREAM_FT_HTTP_404 }, { ngx_string("updating"), NGX_HTTP_UPSTREAM_FT_UPDATING }, { ngx_string("off"), NGX_HTTP_UPSTREAM_FT_OFF }, diff --git a/src/http/modules/ngx_http_ssi_filter_module.c b/src/http/modules/ngx_http_ssi_filter_module.c index eb286cc34..c70b17e09 100644 --- a/src/http/modules/ngx_http_ssi_filter_module.c +++ b/src/http/modules/ngx_http_ssi_filter_module.c @@ -21,6 +21,7 @@ typedef struct { ngx_flag_t enable; ngx_flag_t silent_errors; ngx_flag_t ignore_recycled_buffers; + ngx_flag_t last_modified; ngx_hash_t types; @@ -162,6 +163,13 @@ static ngx_command_t ngx_http_ssi_filter_commands[] = { offsetof(ngx_http_ssi_loc_conf_t, types_keys), &ngx_http_html_default_types[0] }, + { ngx_string("ssi_last_modified"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG, + ngx_conf_set_flag_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_ssi_loc_conf_t, last_modified), + NULL }, + ngx_null_command }; @@ -359,9 +367,12 @@ ngx_http_ssi_header_filter(ngx_http_request_t *r) if (r == r->main) { ngx_http_clear_content_length(r); - ngx_http_clear_last_modified(r); ngx_http_clear_accept_ranges(r); ngx_http_clear_etag(r); + + if (!slcf->last_modified) { + ngx_http_clear_last_modified(r); + } } return ngx_http_next_header_filter(r); @@ -2878,6 +2889,7 @@ ngx_http_ssi_create_loc_conf(ngx_conf_t *cf) slcf->enable = NGX_CONF_UNSET; slcf->silent_errors = NGX_CONF_UNSET; slcf->ignore_recycled_buffers = NGX_CONF_UNSET; + slcf->last_modified = NGX_CONF_UNSET; slcf->min_file_chunk = NGX_CONF_UNSET_SIZE; slcf->value_len = NGX_CONF_UNSET_SIZE; @@ -2896,6 +2908,7 @@ ngx_http_ssi_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child) ngx_conf_merge_value(conf->silent_errors, prev->silent_errors, 0); ngx_conf_merge_value(conf->ignore_recycled_buffers, prev->ignore_recycled_buffers, 0); + ngx_conf_merge_value(conf->last_modified, prev->last_modified, 0); ngx_conf_merge_size_value(conf->min_file_chunk, prev->min_file_chunk, 1024); ngx_conf_merge_size_value(conf->value_len, prev->value_len, 255); diff --git a/src/http/modules/ngx_http_sub_filter_module.c b/src/http/modules/ngx_http_sub_filter_module.c index 6ba57dfff..e0b2c5b67 100644 --- a/src/http/modules/ngx_http_sub_filter_module.c +++ b/src/http/modules/ngx_http_sub_filter_module.c @@ -17,6 +17,7 @@ typedef struct { ngx_hash_t types; ngx_flag_t once; + ngx_flag_t last_modified; ngx_array_t *types_keys; } ngx_http_sub_loc_conf_t; @@ -89,6 +90,13 @@ static ngx_command_t ngx_http_sub_filter_commands[] = { offsetof(ngx_http_sub_loc_conf_t, once), NULL }, + { ngx_string("sub_filter_last_modified"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG, + ngx_conf_set_flag_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_sub_loc_conf_t, last_modified), + NULL }, + ngx_null_command }; @@ -167,8 +175,11 @@ ngx_http_sub_header_filter(ngx_http_request_t *r) if (r == r->main) { ngx_http_clear_content_length(r); - ngx_http_clear_last_modified(r); ngx_http_clear_etag(r); + + if (!slcf->last_modified) { + ngx_http_clear_last_modified(r); + } } return ngx_http_next_header_filter(r); @@ -674,6 +685,7 @@ ngx_http_sub_create_conf(ngx_conf_t *cf) */ slcf->once = NGX_CONF_UNSET; + slcf->last_modified = NGX_CONF_UNSET; return slcf; } @@ -687,6 +699,7 @@ ngx_http_sub_merge_conf(ngx_conf_t *cf, void *parent, void *child) ngx_conf_merge_value(conf->once, prev->once, 1); ngx_conf_merge_str_value(conf->match, prev->match, ""); + ngx_conf_merge_value(conf->last_modified, prev->last_modified, 0); if (conf->value.value.data == NULL) { conf->value = prev->value; diff --git a/src/http/modules/ngx_http_upstream_keepalive_module.c b/src/http/modules/ngx_http_upstream_keepalive_module.c index eed117404..d07ed9eda 100644 --- a/src/http/modules/ngx_http_upstream_keepalive_module.c +++ b/src/http/modules/ngx_http_upstream_keepalive_module.c @@ -81,7 +81,7 @@ static ngx_command_t ngx_http_upstream_keepalive_commands[] = { { ngx_string("keepalive"), NGX_HTTP_UPS_CONF|NGX_CONF_TAKE12, ngx_http_upstream_keepalive, - 0, + NGX_HTTP_SRV_CONF_OFFSET, 0, NULL }, @@ -481,7 +481,7 @@ static char * ngx_http_upstream_keepalive(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { ngx_http_upstream_srv_conf_t *uscf; - ngx_http_upstream_keepalive_srv_conf_t *kcf; + ngx_http_upstream_keepalive_srv_conf_t *kcf = conf; ngx_int_t n; ngx_str_t *value; @@ -489,9 +489,6 @@ ngx_http_upstream_keepalive(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) uscf = ngx_http_conf_get_module_srv_conf(cf, ngx_http_upstream_module); - kcf = ngx_http_conf_upstream_srv_conf(uscf, - ngx_http_upstream_keepalive_module); - if (kcf->original_init_upstream) { return "is duplicate"; } diff --git a/src/http/modules/ngx_http_upstream_least_conn_module.c b/src/http/modules/ngx_http_upstream_least_conn_module.c index 87c4d8d61..dbef95d41 100644 --- a/src/http/modules/ngx_http_upstream_least_conn_module.c +++ b/src/http/modules/ngx_http_upstream_least_conn_module.c @@ -282,7 +282,10 @@ ngx_http_upstream_get_least_conn_peer(ngx_peer_connection_t *pc, void *data) } best->current_weight -= total; - best->checked = now; + + if (now - best->checked > best->fail_timeout) { + best->checked = now; + } pc->sockaddr = best->sockaddr; pc->socklen = best->socklen; diff --git a/src/http/modules/ngx_http_uwsgi_module.c b/src/http/modules/ngx_http_uwsgi_module.c index 623ee4957..b8bee864e 100644 --- a/src/http/modules/ngx_http_uwsgi_module.c +++ b/src/http/modules/ngx_http_uwsgi_module.c @@ -78,6 +78,7 @@ static ngx_conf_bitmask_t ngx_http_uwsgi_next_upstream_masks[] = { { ngx_string("invalid_header"), NGX_HTTP_UPSTREAM_FT_INVALID_HEADER }, { ngx_string("http_500"), NGX_HTTP_UPSTREAM_FT_HTTP_500 }, { ngx_string("http_503"), NGX_HTTP_UPSTREAM_FT_HTTP_503 }, + { ngx_string("http_403"), NGX_HTTP_UPSTREAM_FT_HTTP_403 }, { ngx_string("http_404"), NGX_HTTP_UPSTREAM_FT_HTTP_404 }, { ngx_string("updating"), NGX_HTTP_UPSTREAM_FT_UPDATING }, { ngx_string("off"), NGX_HTTP_UPSTREAM_FT_OFF }, diff --git a/src/http/modules/ngx_http_xslt_filter_module.c b/src/http/modules/ngx_http_xslt_filter_module.c index a6ae1ce02..3198b7aba 100644 --- a/src/http/modules/ngx_http_xslt_filter_module.c +++ b/src/http/modules/ngx_http_xslt_filter_module.c @@ -58,6 +58,7 @@ typedef struct { ngx_hash_t types; ngx_array_t *types_keys; ngx_array_t *params; /* ngx_http_xslt_param_t */ + ngx_flag_t last_modified; } ngx_http_xslt_filter_loc_conf_t; @@ -150,6 +151,13 @@ static ngx_command_t ngx_http_xslt_filter_commands[] = { offsetof(ngx_http_xslt_filter_loc_conf_t, types_keys), &ngx_http_xslt_default_types[0] }, + { ngx_string("xslt_last_modified"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG, + ngx_conf_set_flag_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_xslt_filter_loc_conf_t, last_modified), + NULL }, + ngx_null_command }; @@ -300,9 +308,10 @@ static ngx_int_t ngx_http_xslt_send(ngx_http_request_t *r, ngx_http_xslt_filter_ctx_t *ctx, ngx_buf_t *b) { - ngx_int_t rc; - ngx_chain_t out; - ngx_pool_cleanup_t *cln; + ngx_int_t rc; + ngx_chain_t out; + ngx_pool_cleanup_t *cln; + ngx_http_xslt_filter_loc_conf_t *conf; ctx->done = 1; @@ -327,8 +336,13 @@ ngx_http_xslt_send(ngx_http_request_t *r, ngx_http_xslt_filter_ctx_t *ctx, r->headers_out.content_length = NULL; } - ngx_http_clear_last_modified(r); ngx_http_clear_etag(r); + + conf = ngx_http_get_module_loc_conf(r, ngx_http_xslt_filter_module); + + if (!conf->last_modified) { + ngx_http_clear_last_modified(r); + } } rc = ngx_http_next_header_filter(r); @@ -1058,6 +1072,8 @@ ngx_http_xslt_filter_create_conf(ngx_conf_t *cf) * conf->params = NULL; */ + conf->last_modified = NGX_CONF_UNSET; + return conf; } @@ -1088,6 +1104,8 @@ ngx_http_xslt_filter_merge_conf(ngx_conf_t *cf, void *parent, void *child) return NGX_CONF_ERROR; } + ngx_conf_merge_value(conf->last_modified, prev->last_modified, 0); + return NGX_CONF_OK; } diff --git a/src/http/modules/perl/nginx.xs b/src/http/modules/perl/nginx.xs index bbfef079c..de67d5127 100644 --- a/src/http/modules/perl/nginx.xs +++ b/src/http/modules/perl/nginx.xs @@ -419,7 +419,7 @@ request_body(r) p = ngx_pnalloc(r->pool, len); if (p == NULL) { - return XSRETURN_UNDEF; + XSRETURN_UNDEF; } data = p; diff --git a/src/http/ngx_http.h b/src/http/ngx_http.h index 3d758bfd9..d4dc1bd94 100644 --- a/src/http/ngx_http.h +++ b/src/http/ngx_http.h @@ -89,7 +89,7 @@ ngx_int_t ngx_http_add_listen(ngx_conf_t *cf, ngx_http_core_srv_conf_t *cscf, void ngx_http_init_connection(ngx_connection_t *c); void ngx_http_close_connection(ngx_connection_t *c); -#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME +#if (NGX_HTTP_SSL && defined SSL_CTRL_SET_TLSEXT_HOSTNAME) int ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg); #endif diff --git a/src/http/ngx_http_postpone_filter_module.c b/src/http/ngx_http_postpone_filter_module.c index 85c4b84d0..e893b8364 100644 --- a/src/http/ngx_http_postpone_filter_module.c +++ b/src/http/ngx_http_postpone_filter_module.c @@ -70,8 +70,7 @@ ngx_http_postpone_filter(ngx_http_request_t *r, ngx_chain_t *in) #if 0 /* TODO: SSI may pass NULL */ ngx_log_error(NGX_LOG_ALERT, c->log, 0, - "http postpone filter NULL inactive request", - &r->uri, &r->args); + "http postpone filter NULL inactive request"); #endif return NGX_OK; @@ -108,8 +107,7 @@ ngx_http_postpone_filter(ngx_http_request_t *r, ngx_chain_t *in) if (pr->out == NULL) { ngx_log_error(NGX_LOG_ALERT, c->log, 0, - "http postpone filter NULL output", - &r->uri, &r->args); + "http postpone filter NULL output"); } else { ngx_log_debug2(NGX_LOG_DEBUG_HTTP, c->log, 0, diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c index 8942deb33..64f31b2c3 100644 --- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -1955,7 +1955,7 @@ ngx_http_set_virtual_server(ngx_http_request_t *r, ngx_str_t *host) hc = r->http_connection; -#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME +#if (NGX_HTTP_SSL && defined SSL_CTRL_SET_TLSEXT_HOSTNAME) if (hc->ssl_servername) { if (hc->ssl_servername->len == host->len @@ -1986,7 +1986,7 @@ ngx_http_set_virtual_server(ngx_http_request_t *r, ngx_str_t *host) return NGX_ERROR; } -#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME +#if (NGX_HTTP_SSL && defined SSL_CTRL_SET_TLSEXT_HOSTNAME) if (hc->ssl_servername) { ngx_http_ssl_srv_conf_t *sscf; @@ -2053,7 +2053,7 @@ ngx_http_find_virtual_server(ngx_connection_t *c, sn = virtual_names->regex; -#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME +#if (NGX_HTTP_SSL && defined SSL_CTRL_SET_TLSEXT_HOSTNAME) if (r == NULL) { ngx_http_connection_t *hc; @@ -2085,7 +2085,7 @@ ngx_http_find_virtual_server(ngx_connection_t *c, return NGX_DECLINED; } -#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */ +#endif /* NGX_HTTP_SSL && defined SSL_CTRL_SET_TLSEXT_HOSTNAME */ for (i = 0; i < virtual_names->nregex; i++) { @@ -3166,8 +3166,8 @@ ngx_http_lingering_close_handler(ngx_event_t *rev) return; } - timer = (ngx_msec_t) (r->lingering_time - ngx_time()); - if (timer <= 0) { + timer = (ngx_msec_t) r->lingering_time - (ngx_msec_t) ngx_time(); + if ((ngx_msec_int_t) timer <= 0) { ngx_http_close_request(r, 0); return; } diff --git a/src/http/ngx_http_request.h b/src/http/ngx_http_request.h index 5c62785e2..1babeb2b0 100644 --- a/src/http/ngx_http_request.h +++ b/src/http/ngx_http_request.h @@ -295,7 +295,7 @@ typedef struct { ngx_http_addr_conf_t *addr_conf; ngx_http_conf_ctx_t *conf_ctx; -#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME +#if (NGX_HTTP_SSL && defined SSL_CTRL_SET_TLSEXT_HOSTNAME) ngx_str_t *ssl_servername; #if (NGX_PCRE) ngx_http_regex_t *ssl_servername_regex; @@ -420,6 +420,7 @@ struct ngx_http_request_s { #endif size_t limit_rate; + size_t limit_rate_after; /* used to learn the Apache compatible response length without a header */ size_t header_size; diff --git a/src/http/ngx_http_request_body.c b/src/http/ngx_http_request_body.c index 2c612311d..fc3a1800d 100644 --- a/src/http/ngx_http_request_body.c +++ b/src/http/ngx_http_request_body.c @@ -152,7 +152,8 @@ ngx_http_read_client_request_body(ngx_http_request_t *r, cl = ngx_chain_get_free_buf(r->pool, &rb->free); if (cl == NULL) { - return NGX_HTTP_INTERNAL_SERVER_ERROR; + rc = NGX_HTTP_INTERNAL_SERVER_ERROR; + goto done; } b = cl->buf; @@ -569,9 +570,9 @@ ngx_http_discarded_request_body_handler(ngx_http_request_t *r) } if (r->lingering_time) { - timer = (ngx_msec_t) (r->lingering_time - ngx_time()); + timer = (ngx_msec_t) r->lingering_time - (ngx_msec_t) ngx_time(); - if (timer <= 0) { + if ((ngx_msec_int_t) timer <= 0) { r->discard_body = 0; r->lingering_close = 0; ngx_http_finalize_request(r, NGX_ERROR); diff --git a/src/http/ngx_http_spdy.c b/src/http/ngx_http_spdy.c index 3febc23e9..acadaf232 100644 --- a/src/http/ngx_http_spdy.c +++ b/src/http/ngx_http_spdy.c @@ -2176,7 +2176,7 @@ ngx_http_spdy_handle_request_header(ngx_http_request_t *r) void -ngx_http_spdy_request_headers_init() +ngx_http_spdy_request_headers_init(void) { ngx_uint_t i; ngx_http_spdy_request_header_t *h; diff --git a/src/http/ngx_http_spdy.h b/src/http/ngx_http_spdy.h index 4294e3d50..63014066d 100644 --- a/src/http/ngx_http_spdy.h +++ b/src/http/ngx_http_spdy.h @@ -186,7 +186,7 @@ ngx_http_spdy_queue_blocked_frame(ngx_http_spdy_connection_t *sc, void ngx_http_spdy_init(ngx_event_t *rev); -void ngx_http_spdy_request_headers_init(); +void ngx_http_spdy_request_headers_init(void); ngx_int_t ngx_http_spdy_read_request_body(ngx_http_request_t *r, ngx_http_client_body_handler_pt post_handler); diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c index 45e2eb7b9..16e660245 100644 --- a/src/http/ngx_http_upstream.c +++ b/src/http/ngx_http_upstream.c @@ -369,6 +369,7 @@ static ngx_http_upstream_next_t ngx_http_upstream_next_errors[] = { { 502, NGX_HTTP_UPSTREAM_FT_HTTP_502 }, { 503, NGX_HTTP_UPSTREAM_FT_HTTP_503 }, { 504, NGX_HTTP_UPSTREAM_FT_HTTP_504 }, + { 403, NGX_HTTP_UPSTREAM_FT_HTTP_403 }, { 404, NGX_HTTP_UPSTREAM_FT_HTTP_404 }, { 0, 0 } }; @@ -1660,7 +1661,7 @@ ngx_http_upstream_process_header(ngx_http_request_t *r, ngx_http_upstream_t *u) /* rc == NGX_OK */ - if (u->headers_in.status_n > NGX_HTTP_SPECIAL_RESPONSE) { + if (u->headers_in.status_n >= NGX_HTTP_SPECIAL_RESPONSE) { if (r->subrequest_in_memory) { u->buffer.last = u->buffer.pos; @@ -1701,7 +1702,7 @@ ngx_http_upstream_process_header(ngx_http_request_t *r, ngx_http_upstream_t *u) n = u->buffer.last - u->buffer.pos; if (n) { - u->buffer.last -= n; + u->buffer.last = u->buffer.pos; u->state->response_length += n; @@ -1709,11 +1710,11 @@ ngx_http_upstream_process_header(ngx_http_request_t *r, ngx_http_upstream_t *u) ngx_http_upstream_finalize_request(r, u, NGX_ERROR); return; } + } - if (u->length == 0) { - ngx_http_upstream_finalize_request(r, u, 0); - return; - } + if (u->length == 0) { + ngx_http_upstream_finalize_request(r, u, 0); + return; } u->read_event_handler = ngx_http_upstream_process_body_in_memory; @@ -3156,8 +3157,11 @@ ngx_http_upstream_next(ngx_http_request_t *r, ngx_http_upstream_t *u, if (u->peer.sockaddr) { - if (ft_type == NGX_HTTP_UPSTREAM_FT_HTTP_404) { + if (ft_type == NGX_HTTP_UPSTREAM_FT_HTTP_403 + || ft_type == NGX_HTTP_UPSTREAM_FT_HTTP_404) + { state = NGX_PEER_NEXT; + } else { state = NGX_PEER_FAILED; } @@ -3189,6 +3193,10 @@ ngx_http_upstream_next(ngx_http_request_t *r, ngx_http_upstream_t *u, status = NGX_HTTP_INTERNAL_SERVER_ERROR; break; + case NGX_HTTP_UPSTREAM_FT_HTTP_403: + status = NGX_HTTP_FORBIDDEN; + break; + case NGX_HTTP_UPSTREAM_FT_HTTP_404: status = NGX_HTTP_NOT_FOUND; break; diff --git a/src/http/ngx_http_upstream.h b/src/http/ngx_http_upstream.h index 29ebf9bd9..fd4e36b1f 100644 --- a/src/http/ngx_http_upstream.h +++ b/src/http/ngx_http_upstream.h @@ -24,10 +24,11 @@ #define NGX_HTTP_UPSTREAM_FT_HTTP_502 0x00000020 #define NGX_HTTP_UPSTREAM_FT_HTTP_503 0x00000040 #define NGX_HTTP_UPSTREAM_FT_HTTP_504 0x00000080 -#define NGX_HTTP_UPSTREAM_FT_HTTP_404 0x00000100 -#define NGX_HTTP_UPSTREAM_FT_UPDATING 0x00000200 -#define NGX_HTTP_UPSTREAM_FT_BUSY_LOCK 0x00000400 -#define NGX_HTTP_UPSTREAM_FT_MAX_WAITING 0x00000800 +#define NGX_HTTP_UPSTREAM_FT_HTTP_403 0x00000100 +#define NGX_HTTP_UPSTREAM_FT_HTTP_404 0x00000200 +#define NGX_HTTP_UPSTREAM_FT_UPDATING 0x00000400 +#define NGX_HTTP_UPSTREAM_FT_BUSY_LOCK 0x00000800 +#define NGX_HTTP_UPSTREAM_FT_MAX_WAITING 0x00001000 #define NGX_HTTP_UPSTREAM_FT_NOLIVE 0x40000000 #define NGX_HTTP_UPSTREAM_FT_OFF 0x80000000 @@ -35,6 +36,7 @@ |NGX_HTTP_UPSTREAM_FT_HTTP_502 \ |NGX_HTTP_UPSTREAM_FT_HTTP_503 \ |NGX_HTTP_UPSTREAM_FT_HTTP_504 \ + |NGX_HTTP_UPSTREAM_FT_HTTP_403 \ |NGX_HTTP_UPSTREAM_FT_HTTP_404) #define NGX_HTTP_UPSTREAM_INVALID_HEADER 40 diff --git a/src/http/ngx_http_upstream_round_robin.c b/src/http/ngx_http_upstream_round_robin.c index d786ed142..e0c6c58c7 100644 --- a/src/http/ngx_http_upstream_round_robin.c +++ b/src/http/ngx_http_upstream_round_robin.c @@ -523,7 +523,10 @@ ngx_http_upstream_get_peer(ngx_http_upstream_rr_peer_data_t *rrp) rrp->tried[n] |= m; best->current_weight -= total; - best->checked = now; + + if (now - best->checked > best->fail_timeout) { + best->checked = now; + } return best; } diff --git a/src/http/ngx_http_variables.c b/src/http/ngx_http_variables.c index 6f1e0344d..0b1a33430 100644 --- a/src/http/ngx_http_variables.c +++ b/src/http/ngx_http_variables.c @@ -2257,6 +2257,7 @@ ngx_http_regex_compile(ngx_conf_t *cf, ngx_regex_compile_t *rc) re->regex = rc->regex; re->ncaptures = rc->captures; + re->name = rc->pattern; cmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module); cmcf->ncaptures = ngx_max(cmcf->ncaptures, re->ncaptures); @@ -2274,7 +2275,6 @@ ngx_http_regex_compile(ngx_conf_t *cf, ngx_regex_compile_t *rc) re->variables = rv; re->nvariables = n; - re->name = rc->pattern; size = rc->name_size; p = rc->names; diff --git a/src/http/ngx_http_write_filter_module.c b/src/http/ngx_http_write_filter_module.c index 5594c7faa..f74dbc8ab 100644 --- a/src/http/ngx_http_write_filter_module.c +++ b/src/http/ngx_http_write_filter_module.c @@ -207,8 +207,12 @@ ngx_http_write_filter(ngx_http_request_t *r, ngx_chain_t *in) } if (r->limit_rate) { + if (r->limit_rate_after == 0) { + r->limit_rate_after = clcf->limit_rate_after; + } + limit = (off_t) r->limit_rate * (ngx_time() - r->start_sec + 1) - - (c->sent - clcf->limit_rate_after); + - (c->sent - r->limit_rate_after); if (limit <= 0) { c->write->delayed = 1; @@ -249,14 +253,14 @@ ngx_http_write_filter(ngx_http_request_t *r, ngx_chain_t *in) nsent = c->sent; - if (clcf->limit_rate_after) { + if (r->limit_rate_after) { - sent -= clcf->limit_rate_after; + sent -= r->limit_rate_after; if (sent < 0) { sent = 0; } - nsent -= clcf->limit_rate_after; + nsent -= r->limit_rate_after; if (nsent < 0) { nsent = 0; } diff --git a/src/mail/ngx_mail_auth_http_module.c b/src/mail/ngx_mail_auth_http_module.c index 2e9b9f24d..8094bbc5c 100644 --- a/src/mail/ngx_mail_auth_http_module.c +++ b/src/mail/ngx_mail_auth_http_module.c @@ -699,7 +699,6 @@ ngx_mail_auth_http_process_headers(ngx_mail_session_t *s, p = ngx_pnalloc(s->connection->pool, ctx->err.len); if (p == NULL) { - ngx_close_connection(ctx->peer.connection); ngx_destroy_pool(ctx->pool); ngx_mail_session_internal_server_error(s); return; diff --git a/src/mail/ngx_mail_ssl_module.c b/src/mail/ngx_mail_ssl_module.c index dd6f2ac41..dbfb9c702 100644 --- a/src/mail/ngx_mail_ssl_module.c +++ b/src/mail/ngx_mail_ssl_module.c @@ -25,7 +25,7 @@ static char *ngx_mail_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); -static ngx_conf_enum_t ngx_http_starttls_state[] = { +static ngx_conf_enum_t ngx_mail_starttls_state[] = { { ngx_string("off"), NGX_MAIL_STARTTLS_OFF }, { ngx_string("on"), NGX_MAIL_STARTTLS_ON }, { ngx_string("only"), NGX_MAIL_STARTTLS_ONLY }, @@ -58,7 +58,7 @@ static ngx_command_t ngx_mail_ssl_commands[] = { ngx_mail_ssl_starttls, NGX_MAIL_SRV_CONF_OFFSET, offsetof(ngx_mail_ssl_conf_t, starttls), - ngx_http_starttls_state }, + ngx_mail_starttls_state }, { ngx_string("ssl_certificate"), NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1, @@ -308,6 +308,10 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child) return NGX_CONF_ERROR; } + if (ngx_ssl_ecdh_curve(cf, &conf->ssl, &conf->ecdh_curve) != NGX_OK) { + return NGX_CONF_ERROR; + } + ngx_conf_merge_value(conf->builtin_session_cache, prev->builtin_session_cache, NGX_SSL_NONE_SCACHE); diff --git a/src/os/unix/ngx_darwin_init.c b/src/os/unix/ngx_darwin_init.c index e3cc5fe3e..1bc7520ca 100644 --- a/src/os/unix/ngx_darwin_init.c +++ b/src/os/unix/ngx_darwin_init.c @@ -59,7 +59,7 @@ sysctl_t sysctls[] = { void -ngx_debug_init() +ngx_debug_init(void) { #if (NGX_DEBUG_MALLOC) diff --git a/src/os/unix/ngx_freebsd_init.c b/src/os/unix/ngx_freebsd_init.c index aeeceaf25..c4c12dd74 100644 --- a/src/os/unix/ngx_freebsd_init.c +++ b/src/os/unix/ngx_freebsd_init.c @@ -72,7 +72,7 @@ sysctl_t sysctls[] = { void -ngx_debug_init() +ngx_debug_init(void) { #if (NGX_DEBUG_MALLOC) diff --git a/src/os/unix/ngx_freebsd_rfork_thread.c b/src/os/unix/ngx_freebsd_rfork_thread.c index 530ec4a53..e92f9a9fd 100644 --- a/src/os/unix/ngx_freebsd_rfork_thread.c +++ b/src/os/unix/ngx_freebsd_rfork_thread.c @@ -271,7 +271,7 @@ ngx_init_threads(int n, size_t size, ngx_cycle_t *cycle) ngx_tid_t -ngx_thread_self() +ngx_thread_self(void) { ngx_int_t tid; diff --git a/src/os/unix/ngx_freebsd_rfork_thread.h b/src/os/unix/ngx_freebsd_rfork_thread.h index 2c238f79c..ff160449d 100644 --- a/src/os/unix/ngx_freebsd_rfork_thread.h +++ b/src/os/unix/ngx_freebsd_rfork_thread.h @@ -57,7 +57,7 @@ extern size_t ngx_thread_stack_size; static ngx_inline ngx_int_t -ngx_gettid() +ngx_gettid(void) { char *sp; @@ -83,7 +83,7 @@ ngx_gettid() } -ngx_tid_t ngx_thread_self(); +ngx_tid_t ngx_thread_self(void); typedef ngx_uint_t ngx_tls_key_t; diff --git a/src/os/unix/ngx_linux_sendfile_chain.c b/src/os/unix/ngx_linux_sendfile_chain.c index e8f3d5a89..643855ed9 100644 --- a/src/os/unix/ngx_linux_sendfile_chain.c +++ b/src/os/unix/ngx_linux_sendfile_chain.c @@ -181,7 +181,7 @@ ngx_linux_sendfile_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit) } else { c->tcp_nodelay = NGX_TCP_NODELAY_UNSET; - ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0, + ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "no tcp_nodelay"); } } |