|
[-]
[+]
|
Changed |
nginx.spec
|
|
|
|
[-]
[+]
|
Changed |
_service
^
|
| @@ -2,6 +2,6 @@
<service name="download_url">
<param name="host">nginx.org</param>
<param name="protocol">http</param>
- <param name="path">/download/nginx-1.13.10.tar.gz</param>
+ <param name="path">/download/nginx-1.14.0.tar.gz</param>
</service>
-<service name="download_url"><param name="host">nginx.org</param><param name="protocol">http</param><param name="path">/download/nginx-1.13.10.tar.gz</param></service><service name="download_url"><param name="host">www.openssl.org</param><param name="protocol">https</param><param name="path">/source/openssl-1.1.0h.tar.gz</param></service></services>
+<service name="download_url"><param name="host">nginx.org</param><param name="protocol">http</param><param name="path">/download/nginx-1.14.0.tar.gz</param></service><service name="download_url"><param name="host">www.openssl.org</param><param name="protocol">https</param><param name="path">/source/openssl-1.1.0h.tar.gz</param></service></services>
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.14.0.tar.gz/CHANGES
^
|
| @@ -1,4 +1,27 @@
+Changes with nginx 1.14.0 17 Apr 2018
+
+ *) 1.14.x stable branch.
+
+
+Changes with nginx 1.13.12 10 Apr 2018
+
+ *) Bugfix: connections with gRPC backends might be closed unexpectedly
+ when returning a large response.
+
+
+Changes with nginx 1.13.11 03 Apr 2018
+
+ *) Feature: the "proxy_protocol" parameter of the "listen" directive now
+ supports the PROXY protocol version 2.
+
+ *) Bugfix: nginx could not be built with OpenSSL 1.1.1 statically on
+ Linux.
+
+ *) Bugfix: in the "http_404", "http_500", etc. parameters of the
+ "proxy_next_upstream" directive.
+
+
Changes with nginx 1.13.10 20 Mar 2018
*) Feature: the "set" parameter of the "include" SSI directive now
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.14.0.tar.gz/CHANGES.ru
^
|
| @@ -1,4 +1,26 @@
+Изменения в nginx 1.14.0 17.04.2018
+
+ *) Стабильная ветка 1.14.x.
+
+
+Изменения в nginx 1.13.12 10.04.2018
+
+ *) Исправление: при возврате большого ответа соединения с gRPC-бэкендами
+ могли неожиданно закрываться.
+
+
+Изменения в nginx 1.13.11 03.04.2018
+
+ *) Добавление: параметр proxy_protocol директивы listen теперь
+ поддерживает протокол PROXY версии 2.
+
+ *) Исправление: nginx не собирался с OpenSSL 1.1.1 статически на Linux.
+
+ *) Исправление: в параметрах http_404, http_500 и им подобных директивы
+ proxy_next_upstream.
+
+
Изменения в nginx 1.13.10 20.03.2018
*) Добавление: теперь параметр set в SSI-директиве include позволяет
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.14.0.tar.gz/auto/lib/openssl/conf
^
|
| @@ -41,6 +41,7 @@
CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libssl.a"
CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libcrypto.a"
CORE_LIBS="$CORE_LIBS $NGX_LIBDL"
+ CORE_LIBS="$CORE_LIBS $NGX_LIBPTHREAD"
if [ "$NGX_PLATFORM" = win32 ]; then
CORE_LIBS="$CORE_LIBS -lgdi32 -lcrypt32 -lws2_32"
@@ -59,7 +60,7 @@
ngx_feature_run=no
ngx_feature_incs="#include <openssl/ssl.h>"
ngx_feature_path=
- ngx_feature_libs="-lssl -lcrypto $NGX_LIBDL"
+ ngx_feature_libs="-lssl -lcrypto $NGX_LIBDL $NGX_LIBPTHREAD"
ngx_feature_test="SSL_CTX_set_options(NULL, 0)"
. auto/feature
@@ -71,11 +72,13 @@
ngx_feature_path="/usr/local/include"
if [ $NGX_RPATH = YES ]; then
- ngx_feature_libs="-R/usr/local/lib -L/usr/local/lib -lssl -lcrypto $NGX_LIBDL"
+ ngx_feature_libs="-R/usr/local/lib -L/usr/local/lib -lssl -lcrypto"
else
- ngx_feature_libs="-L/usr/local/lib -lssl -lcrypto $NGX_LIBDL"
+ ngx_feature_libs="-L/usr/local/lib -lssl -lcrypto"
fi
+ ngx_feature_libs="$ngx_feature_libs $NGX_LIBDL $NGX_LIBPTHREAD"
+
. auto/feature
fi
@@ -87,11 +90,13 @@
ngx_feature_path="/usr/pkg/include"
if [ $NGX_RPATH = YES ]; then
- ngx_feature_libs="-R/usr/pkg/lib -L/usr/pkg/lib -lssl -lcrypto $NGX_LIBDL"
+ ngx_feature_libs="-R/usr/pkg/lib -L/usr/pkg/lib -lssl -lcrypto"
else
- ngx_feature_libs="-L/usr/pkg/lib -lssl -lcrypto $NGX_LIBDL"
+ ngx_feature_libs="-L/usr/pkg/lib -lssl -lcrypto"
fi
+ ngx_feature_libs="$ngx_feature_libs $NGX_LIBDL $NGX_LIBPTHREAD"
+
. auto/feature
fi
@@ -103,11 +108,13 @@
ngx_feature_path="/opt/local/include"
if [ $NGX_RPATH = YES ]; then
- ngx_feature_libs="-R/opt/local/lib -L/opt/local/lib -lssl -lcrypto $NGX_LIBDL"
+ ngx_feature_libs="-R/opt/local/lib -L/opt/local/lib -lssl -lcrypto"
else
- ngx_feature_libs="-L/opt/local/lib -lssl -lcrypto $NGX_LIBDL"
+ ngx_feature_libs="-L/opt/local/lib -lssl -lcrypto"
fi
+ ngx_feature_libs="$ngx_feature_libs $NGX_LIBDL $NGX_LIBPTHREAD"
+
. auto/feature
fi
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.14.0.tar.gz/auto/lib/openssl/make
^
|
| @@ -51,7 +51,7 @@
$OPENSSL/.openssl/include/openssl/ssl.h: $NGX_MAKEFILE
cd $OPENSSL \\
&& if [ -f Makefile ]; then \$(MAKE) clean; fi \\
- && ./config --prefix=$ngx_prefix no-shared $OPENSSL_OPT \\
+ && ./config --prefix=$ngx_prefix no-shared no-threads $OPENSSL_OPT \\
&& \$(MAKE) \\
&& \$(MAKE) install_sw LIBDIR=lib
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.14.0.tar.gz/auto/threads
^
|
| @@ -17,4 +17,5 @@
CORE_DEPS="$CORE_DEPS $THREAD_POOL_DEPS"
CORE_SRCS="$CORE_SRCS $THREAD_POOL_SRCS"
CORE_LIBS="$CORE_LIBS -lpthread"
+ NGX_LIBPTHREAD="-lpthread"
fi
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.14.0.tar.gz/auto/unix
^
|
| @@ -901,6 +901,7 @@
if [ $ngx_found = yes ]; then
CORE_LIBS="$CORE_LIBS -lpthread"
+ NGX_LIBPTHREAD="-lpthread"
fi
fi
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.14.0.tar.gz/src/core/nginx.c
^
|
| @@ -985,8 +985,8 @@
p--)
{
if (ngx_path_separator(*p)) {
- cycle->conf_prefix.len = p - ngx_cycle->conf_file.data + 1;
- cycle->conf_prefix.data = ngx_cycle->conf_file.data;
+ cycle->conf_prefix.len = p - cycle->conf_file.data + 1;
+ cycle->conf_prefix.data = cycle->conf_file.data;
break;
}
}
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.14.0.tar.gz/src/core/nginx.h
^
|
| @@ -9,8 +9,8 @@
#define _NGINX_H_INCLUDED_
-#define nginx_version 1013010
-#define NGINX_VERSION "1.13.10"
+#define nginx_version 1014000
+#define NGINX_VERSION "1.14.0"
#define NGINX_VER "nginx/" NGINX_VERSION
#ifdef NGX_BUILD
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.14.0.tar.gz/src/core/ngx_proxy_protocol.c
^
|
| @@ -9,6 +9,41 @@
#include <ngx_core.h>
+#define NGX_PROXY_PROTOCOL_AF_INET 1
+#define NGX_PROXY_PROTOCOL_AF_INET6 2
+
+
+#define ngx_proxy_protocol_parse_uint16(p) ((p)[0] << 8 | (p)[1])
+
+
+typedef struct {
+ u_char signature[12];
+ u_char version_command;
+ u_char family_transport;
+ u_char len[2];
+} ngx_proxy_protocol_header_t;
+
+
+typedef struct {
+ u_char src_addr[4];
+ u_char dst_addr[4];
+ u_char src_port[2];
+ u_char dst_port[2];
+} ngx_proxy_protocol_inet_addrs_t;
+
+
+typedef struct {
+ u_char src_addr[16];
+ u_char dst_addr[16];
+ u_char src_port[2];
+ u_char dst_port[2];
+} ngx_proxy_protocol_inet6_addrs_t;
+
+
+static u_char *ngx_proxy_protocol_v2_read(ngx_connection_t *c, u_char *buf,
+ u_char *last);
+
+
u_char *
ngx_proxy_protocol_read(ngx_connection_t *c, u_char *buf, u_char *last)
{
@@ -16,9 +51,17 @@
u_char ch, *p, *addr, *port;
ngx_int_t n;
+ static const u_char signature[] = "\r\n\r\n\0\r\nQUIT\n";
+
p = buf;
len = last - buf;
+ if (len >= sizeof(ngx_proxy_protocol_header_t)
+ && memcmp(p, signature, sizeof(signature) - 1) == 0)
+ {
+ return ngx_proxy_protocol_v2_read(c, buf, last);
+ }
+
if (len < 8 || ngx_strncmp(p, "PROXY ", 6) != 0) {
goto invalid;
}
@@ -105,7 +148,8 @@
c->proxy_protocol_port = (in_port_t) n;
ngx_log_debug2(NGX_LOG_DEBUG_CORE, c->log, 0,
- "PROXY protocol address: %V %i", &c->proxy_protocol_addr, n);
+ "PROXY protocol address: %V %d", &c->proxy_protocol_addr,
+ c->proxy_protocol_port);
skip:
@@ -166,3 +210,134 @@
return ngx_slprintf(buf, last, " %ui %ui" CRLF, port, lport);
}
+
+
+static u_char *
+ngx_proxy_protocol_v2_read(ngx_connection_t *c, u_char *buf, u_char *last)
+{
+ u_char *end;
+ size_t len;
+ socklen_t socklen;
+ ngx_uint_t version, command, family, transport;
+ ngx_sockaddr_t sockaddr;
+ ngx_proxy_protocol_header_t *header;
+ ngx_proxy_protocol_inet_addrs_t *in;
+#if (NGX_HAVE_INET6)
+ ngx_proxy_protocol_inet6_addrs_t *in6;
+#endif
+
+ header = (ngx_proxy_protocol_header_t *) buf;
+
+ buf += sizeof(ngx_proxy_protocol_header_t);
+
+ version = header->version_command >> 4;
+
+ if (version != 2) {
+ ngx_log_error(NGX_LOG_ERR, c->log, 0,
+ "unknown PROXY protocol version: %ui", version);
+ return NULL;
+ }
+
+ len = ngx_proxy_protocol_parse_uint16(header->len);
+
+ if ((size_t) (last - buf) < len) {
+ ngx_log_error(NGX_LOG_ERR, c->log, 0, "header is too large");
+ return NULL;
+ }
+
+ end = buf + len;
+
+ command = header->version_command & 0x0f;
+
+ /* only PROXY is supported */
+ if (command != 1) {
+ ngx_log_debug1(NGX_LOG_DEBUG_CORE, c->log, 0,
+ "PROXY protocol v2 unsupported command %ui", command);
+ return end;
+ }
+
+ transport = header->family_transport & 0x0f;
+
+ /* only STREAM is supported */
+ if (transport != 1) {
+ ngx_log_debug1(NGX_LOG_DEBUG_CORE, c->log, 0,
+ "PROXY protocol v2 unsupported transport %ui",
+ transport);
+ return end;
+ }
+
+ family = header->family_transport >> 4;
+
+ switch (family) {
+
+ case NGX_PROXY_PROTOCOL_AF_INET:
+
+ if ((size_t) (end - buf) < sizeof(ngx_proxy_protocol_inet_addrs_t)) {
+ return NULL;
+ }
+
+ in = (ngx_proxy_protocol_inet_addrs_t *) buf;
+
+ sockaddr.sockaddr_in.sin_family = AF_INET;
+ sockaddr.sockaddr_in.sin_port = 0;
+ memcpy(&sockaddr.sockaddr_in.sin_addr, in->src_addr, 4);
+
+ c->proxy_protocol_port = ngx_proxy_protocol_parse_uint16(in->src_port);
+
+ socklen = sizeof(struct sockaddr_in);
+
+ buf += sizeof(ngx_proxy_protocol_inet_addrs_t);
+
+ break;
+
+#if (NGX_HAVE_INET6)
+
+ case NGX_PROXY_PROTOCOL_AF_INET6:
+
+ if ((size_t) (end - buf) < sizeof(ngx_proxy_protocol_inet6_addrs_t)) {
+ return NULL;
+ }
+
+ in6 = (ngx_proxy_protocol_inet6_addrs_t *) buf;
+
+ sockaddr.sockaddr_in6.sin6_family = AF_INET6;
+ sockaddr.sockaddr_in6.sin6_port = 0;
+ memcpy(&sockaddr.sockaddr_in6.sin6_addr, in6->src_addr, 16);
+
+ c->proxy_protocol_port = ngx_proxy_protocol_parse_uint16(in6->src_port);
+
+ socklen = sizeof(struct sockaddr_in6);
+
+ buf += sizeof(ngx_proxy_protocol_inet6_addrs_t);
+
+ break;
+
+#endif
+
+ default:
+ ngx_log_debug1(NGX_LOG_DEBUG_CORE, c->log, 0,
+ "PROXY protocol v2 unsupported address family %ui",
+ family);
+ return end;
+ }
+
+ c->proxy_protocol_addr.data = ngx_pnalloc(c->pool, NGX_SOCKADDR_STRLEN);
+ if (c->proxy_protocol_addr.data == NULL) {
+ return NULL;
+ }
+
+ c->proxy_protocol_addr.len = ngx_sock_ntop(&sockaddr.sockaddr, socklen,
+ c->proxy_protocol_addr.data,
+ NGX_SOCKADDR_STRLEN, 0);
+
+ ngx_log_debug2(NGX_LOG_DEBUG_CORE, c->log, 0,
+ "PROXY protocol v2 address: %V %d", &c->proxy_protocol_addr,
+ c->proxy_protocol_port);
+
+ if (buf < end) {
+ ngx_log_debug1(NGX_LOG_DEBUG_CORE, c->log, 0,
+ "PROXY protocol v2 %z bytes of tlv ignored", end - buf);
+ }
+
+ return end;
+}
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.14.0.tar.gz/src/http/modules/ngx_http_grpc_module.c
^
|
| @@ -3212,7 +3212,7 @@
switch (state) {
case sw_start:
- ctx->error = ch << 24;
+ ctx->error = (ngx_uint_t) ch << 24;
state = sw_error_2;
break;
@@ -3325,7 +3325,7 @@
break;
case sw_error:
- ctx->error = ch << 24;
+ ctx->error = (ngx_uint_t) ch << 24;
state = sw_error_2;
break;
@@ -3555,7 +3555,7 @@
break;
case sw_value:
- ctx->setting_value = ch << 24;
+ ctx->setting_value = (ngx_uint_t) ch << 24;
state = sw_value_2;
break;
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.14.0.tar.gz/src/http/ngx_http_upstream.c
^
|
| @@ -2013,8 +2013,6 @@
/* rc == NGX_OK */
- u->request_body_sent = 1;
-
if (c->write->timer_set) {
ngx_del_timer(c->write);
}
@@ -2041,11 +2039,19 @@
return;
}
- ngx_add_timer(c->read, u->conf->read_timeout);
+ if (!u->request_body_sent) {
+ u->request_body_sent = 1;
- if (c->read->ready) {
- ngx_http_upstream_process_header(r, u);
- return;
+ if (u->header_sent) {
+ return;
+ }
+
+ ngx_add_timer(c->read, u->conf->read_timeout);
+
+ if (c->read->ready) {
+ ngx_http_upstream_process_header(r, u);
+ return;
+ }
}
}
@@ -2389,7 +2395,8 @@
static ngx_int_t
ngx_http_upstream_test_next(ngx_http_request_t *r, ngx_http_upstream_t *u)
{
- ngx_uint_t status;
+ ngx_msec_t timeout;
+ ngx_uint_t status, mask;
ngx_http_upstream_next_t *un;
status = u->headers_in.status_n;
@@ -2400,7 +2407,22 @@
continue;
}
- if (u->peer.tries > 1 && (u->conf->next_upstream & un->mask)) {
+ timeout = u->conf->next_upstream_timeout;
+
+ if (u->request_sent
+ && (r->method & (NGX_HTTP_POST|NGX_HTTP_LOCK|NGX_HTTP_PATCH)))
+ {
+ mask = un->mask | NGX_HTTP_UPSTREAM_FT_NON_IDEMPOTENT;
+
+ } else {
+ mask = un->mask;
+ }
+
+ if (u->peer.tries > 1
+ && ((u->conf->next_upstream & mask) == mask)
+ && !(u->request_sent && r->request_body_no_buffering)
+ && !(timeout && ngx_current_msec - u->peer.start_time >= timeout))
+ {
ngx_http_upstream_next(r, u, un->mask);
return NGX_OK;
}
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.14.0.tar.gz/src/stream/ngx_stream_proxy_module.c
^
|
| @@ -801,8 +801,6 @@
NGX_STREAM_UPSTREAM_NOTIFY_CONNECT);
}
- c->log->action = "proxying connection";
-
if (u->upstream_buf.start == NULL) {
p = ngx_pnalloc(c->pool, pscf->buffer_size);
if (p == NULL) {
@@ -1449,6 +1447,7 @@
ngx_stream_proxy_process(ngx_stream_session_t *s, ngx_uint_t from_upstream,
ngx_uint_t do_write)
{
+ char *recv_action, *send_action;
off_t *received, limit;
size_t size, limit_rate;
ssize_t n;
@@ -1492,6 +1491,8 @@
received = &u->received;
out = &u->downstream_out;
busy = &u->downstream_busy;
+ recv_action = "proxying and reading from upstream";
+ send_action = "proxying and sending to client";
} else {
src = c;
@@ -1501,6 +1502,8 @@
received = &s->received;
out = &u->upstream_out;
busy = &u->upstream_busy;
+ recv_action = "proxying and reading from client";
+ send_action = "proxying and sending to upstream";
}
for ( ;; ) {
@@ -1508,6 +1511,8 @@
if (do_write && dst) {
if (*out || *busy || dst->buffered) {
+ c->log->action = send_action;
+
rc = ngx_stream_top_filter(s, *out, from_upstream);
if (rc == NGX_ERROR) {
@@ -1551,6 +1556,8 @@
}
}
+ c->log->action = recv_action;
+
n = src->recv(src, b->last, size);
if (n == NGX_AGAIN) {
@@ -1620,6 +1627,8 @@
break;
}
+ c->log->action = "proxying connection";
+
if (src->read->eof && dst && (dst->read->eof || !dst->buffered)) {
handler = c->log->handler;
c->log->handler = NULL;
|
