|
[-]
[+]
|
Changed |
nginx.changes
|
|
|
|
[-]
[+]
|
Changed |
nginx.spec
^
|
|
|
|
[-]
[+]
|
Changed |
_service
^
|
| @@ -2,6 +2,6 @@
<service name="download_url">
<param name="host">nginx.org</param>
<param name="protocol">http</param>
- <param name="path">/download/nginx-1.13.7.tar.gz</param>
+ <param name="path">/download/nginx-1.13.8.tar.gz</param>
</service>
<service name="download_url"><param name="host">www.openssl.org</param><param name="protocol">https</param><param name="path">/source/openssl-1.1.0g.tar.gz</param></service></services>
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.13.8.tar.gz/CHANGES
^
|
| @@ -1,4 +1,38 @@
+Changes with nginx 1.13.8 26 Dec 2017
+
+ *) Feature: now nginx automatically preserves the CAP_NET_RAW capability
+ in worker processes when using the "transparent" parameter of the
+ "proxy_bind", "fastcgi_bind", "memcached_bind", "scgi_bind", and
+ "uwsgi_bind" directives.
+
+ *) Feature: improved CPU cache line size detection.
+ Thanks to Debayan Ghosh.
+
+ *) Feature: new directives in vim syntax highlighting scripts.
+ Thanks to Gena Makhomed.
+
+ *) Bugfix: binary upgrade refused to work if nginx was re-parented to a
+ process with PID different from 1 after its parent process has
+ finished.
+
+ *) Bugfix: the ngx_http_autoindex_module incorrectly handled requests
+ with bodies.
+
+ *) Bugfix: in the "proxy_limit_rate" directive when used with the
+ "keepalive" directive.
+
+ *) Bugfix: some parts of a response might be buffered when using
+ "proxy_buffering off" if the client connection used SSL.
+ Thanks to Patryk Lesiewicz.
+
+ *) Bugfix: in the "proxy_cache_background_update" directive.
+
+ *) Bugfix: it was not possible to start a parameter with a variable in
+ the "${name}" form with the name in curly brackets without enclosing
+ the parameter into single or double quotes.
+
+
Changes with nginx 1.13.7 21 Nov 2017
*) Bugfix: in the $upstream_status variable.
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.13.8.tar.gz/CHANGES.ru
^
|
| @@ -1,4 +1,38 @@
+Изменения в nginx 1.13.8 26.12.2017
+
+ *) Добавление: теперь при использовании параметра transparent директив
+ proxy_bind, fastcgi_bind, memcached_bind, scgi_bind и uwsgi_bind
+ nginx автоматически сохраняет capability CAP_NET_RAW в рабочих
+ процессах.
+
+ *) Добавление: улучшения в определении размера строки кэша процессора.
+ Спасибо Debayan Ghosh.
+
+ *) Добавление: новые директивы в скриптах подсветки синтаксиса для vim.
+ Спасибо Геннадию Махомеду.
+
+ *) Исправление: процедура обновления исполняемого файла не работала,
+ если после завершения родительского процесса новым родительским
+ процессом nginx'а становился процесс с PID, отличным от 1.
+
+ *) Исправление: модуль ngx_http_autoindex_module неправильно обрабатывал
+ запросы с телом.
+
+ *) Исправление: в директиве proxy_limit_rate при использовании с
+ директивой keepalive.
+
+ *) Исправление: при использовании "proxy_buffering off" часть ответа
+ могла буферизироваться, если клиентское соединение использовало SSL.
+ Спасибо Patryk Lesiewicz.
+
+ *) Исправление: в директиве proxy_cache_background_update.
+
+ *) Исправление: переменную вида "${name}" с именем в фигурных скобках
+ нельзя было использовать в начале параметра не заключив весь параметр
+ в кавычки.
+
+
Изменения в nginx 1.13.7 21.11.2017
*) Исправление: в переменной $upstream_status.
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.13.8.tar.gz/auto/cc/clang
^
|
| @@ -5,7 +5,7 @@
# clang
-NGX_CLANG_VER=`$CC -v 2>&1 | grep '\(clang\|LLVM\) version' 2>&1 \
+NGX_CLANG_VER=`$CC -v 2>&1 | grep 'version' 2>&1 \
| sed -e 's/^.* version \(.*\)/\1/'`
echo " + clang version: $NGX_CLANG_VER"
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.13.8.tar.gz/auto/cc/name
^
|
| @@ -44,7 +44,11 @@
NGX_CC_NAME=gcc
echo " + using GNU C compiler"
-elif `$CC -v 2>&1 | grep '\(clang\|LLVM\) version' >/dev/null 2>&1`; then
+elif `$CC -v 2>&1 | grep 'clang version' >/dev/null 2>&1`; then
+ NGX_CC_NAME=clang
+ echo " + using Clang C compiler"
+
+elif `$CC -v 2>&1 | grep 'LLVM version' >/dev/null 2>&1`; then
NGX_CC_NAME=clang
echo " + using Clang C compiler"
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.13.8.tar.gz/auto/os/conf
^
|
| @@ -110,6 +110,11 @@
NGX_MACH_CACHE_LINE=64
;;
+ aarch64 )
+ have=NGX_ALIGNMENT value=16 . auto/define
+ NGX_MACH_CACHE_LINE=64
+ ;;
+
*)
have=NGX_ALIGNMENT value=16 . auto/define
NGX_MACH_CACHE_LINE=32
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.13.8.tar.gz/auto/os/linux
^
|
| @@ -157,6 +157,38 @@
. auto/feature
+# prctl(PR_SET_KEEPCAPS)
+
+ngx_feature="prctl(PR_SET_KEEPCAPS)"
+ngx_feature_name="NGX_HAVE_PR_SET_KEEPCAPS"
+ngx_feature_run=yes
+ngx_feature_incs="#include <sys/prctl.h>"
+ngx_feature_path=
+ngx_feature_libs=
+ngx_feature_test="if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) == -1) return 1"
+. auto/feature
+
+
+# capabilities
+
+ngx_feature="capabilities"
+ngx_feature_name="NGX_HAVE_CAPABILITIES"
+ngx_feature_run=no
+ngx_feature_incs="#include <linux/capability.h>
+ #include <sys/syscall.h>"
+ngx_feature_path=
+ngx_feature_libs=
+ngx_feature_test="struct __user_cap_data_struct data;
+ struct __user_cap_header_struct header;
+
+ header.version = _LINUX_CAPABILITY_VERSION_1;
+ data.effective = CAP_TO_MASK(CAP_NET_RAW);
+ data.permitted = 0;
+
+ (void) SYS_capset"
+. auto/feature
+
+
# crypt_r()
ngx_feature="crypt_r()"
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.13.8.tar.gz/auto/unix
^
|
| @@ -342,7 +342,7 @@
. auto/feature
-# NetBSD bind to any address for transparent proxying
+# OpenBSD bind to any address for transparent proxying
ngx_feature="SO_BINDANY"
ngx_feature_name="NGX_HAVE_TRANSPARENT_PROXY"
@@ -354,42 +354,42 @@
. auto/feature
-# Linux IP_BIND_ADDRESS_NO_PORT
+# Linux transparent proxying
-ngx_feature="IP_BIND_ADDRESS_NO_PORT"
-ngx_feature_name="NGX_HAVE_IP_BIND_ADDRESS_NO_PORT"
+ngx_feature="IP_TRANSPARENT"
+ngx_feature_name="NGX_HAVE_TRANSPARENT_PROXY"
ngx_feature_run=no
ngx_feature_incs="#include <sys/socket.h>
#include <netinet/in.h>"
ngx_feature_path=
ngx_feature_libs=
-ngx_feature_test="setsockopt(0, IPPROTO_IP, IP_BIND_ADDRESS_NO_PORT, NULL, 0)"
+ngx_feature_test="setsockopt(0, IPPROTO_IP, IP_TRANSPARENT, NULL, 0)"
. auto/feature
-# Linux transparent proxying
+# FreeBSD bind to any address for transparent proxying
-ngx_feature="IP_TRANSPARENT"
+ngx_feature="IP_BINDANY"
ngx_feature_name="NGX_HAVE_TRANSPARENT_PROXY"
ngx_feature_run=no
ngx_feature_incs="#include <sys/socket.h>
#include <netinet/in.h>"
ngx_feature_path=
ngx_feature_libs=
-ngx_feature_test="setsockopt(0, IPPROTO_IP, IP_TRANSPARENT, NULL, 0)"
+ngx_feature_test="setsockopt(0, IPPROTO_IP, IP_BINDANY, NULL, 0)"
. auto/feature
-# FreeBSD bind to any address for transparent proxying
+# Linux IP_BIND_ADDRESS_NO_PORT
-ngx_feature="IP_BINDANY"
-ngx_feature_name="NGX_HAVE_TRANSPARENT_PROXY"
+ngx_feature="IP_BIND_ADDRESS_NO_PORT"
+ngx_feature_name="NGX_HAVE_IP_BIND_ADDRESS_NO_PORT"
ngx_feature_run=no
ngx_feature_incs="#include <sys/socket.h>
#include <netinet/in.h>"
ngx_feature_path=
ngx_feature_libs=
-ngx_feature_test="setsockopt(0, IPPROTO_IP, IP_BINDANY, NULL, 0)"
+ngx_feature_test="setsockopt(0, IPPROTO_IP, IP_BIND_ADDRESS_NO_PORT, NULL, 0)"
. auto/feature
@@ -964,6 +964,16 @@
. auto/feature
+ngx_feature="sysconf(_SC_LEVEL1_DCACHE_LINESIZE)"
+ngx_feature_name="NGX_HAVE_LEVEL1_DCACHE_LINESIZE"
+ngx_feature_run=no
+ngx_feature_incs=
+ngx_feature_path=
+ngx_feature_libs=
+ngx_feature_test="sysconf(_SC_LEVEL1_DCACHE_LINESIZE)"
+. auto/feature
+
+
ngx_feature="openat(), fstatat()"
ngx_feature_name="NGX_HAVE_OPENAT"
ngx_feature_run=no
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.13.8.tar.gz/contrib/vim/syntax/nginx.vim
^
|
| @@ -15,7 +15,7 @@
syn match ngxName '\([^;{} \t\\]\|\\.\)\+'
\ contains=@ngxDirectives
\ nextgroup=@ngxParams skipwhite skipempty
-syn match ngxParam '\([^;{ \t\\]\|\\.\)\+'
+syn match ngxParam '\(\${\|[^;{ \t\\]\|\\.\)\+'
\ contained
\ contains=ngxVariable
\ nextgroup=@ngxParams skipwhite skipempty
@@ -29,7 +29,7 @@
\ contains=@ngxTopLevel
syn match ngxComment '#.*$'
-syn match ngxVariable '\$\w\+' contained
+syn match ngxVariable '\$\(\w\+\|{\w\+}\)' contained
syn match ngxVariableString '\$\(\w\+\|{\w\+}\)' contained
syn cluster ngxTopLevel
@@ -52,7 +52,7 @@
syn cluster ngxTopLevel add=ngxDirectiveListen
syn keyword ngxDirectiveListen listen
\ nextgroup=@ngxListenParams skipwhite skipempty
-syn match ngxListenParam '\([^;{ \t\\]\|\\.\)\+'
+syn match ngxListenParam '\(\${\|[^;{ \t\\]\|\\.\)\+'
\ contained
\ nextgroup=@ngxListenParams skipwhite skipempty
syn region ngxListenString start=+\z(["']\)+ end=+\z1+ skip=+\\\\\|\\\z1+
@@ -62,15 +62,19 @@
\ contained
\ nextgroup=@ngxListenParams skipwhite skipempty
syn keyword ngxListenOptions contained
- \ default_server ssl http2 spdy proxy_protocol
+ \ default_server ssl http2 proxy_protocol
\ setfib fastopen backlog rcvbuf sndbuf accept_filter deferred bind
- \ ipv6only reuseport so_keepalive keepidle
+ \ ipv6only reuseport so_keepalive
+ \ nextgroup=@ngxListenParams skipwhite skipempty
+syn keyword ngxListenOptionsDeprecated contained
+ \ spdy
\ nextgroup=@ngxListenParams skipwhite skipempty
syn cluster ngxListenParams
\ contains=ngxListenParam,ngxListenString,ngxListenComment
- \ add=ngxListenOptions
+ \ add=ngxListenOptions,ngxListenOptionsDeprecated
syn keyword ngxDirectiveBlock contained http
+syn keyword ngxDirectiveBlock contained stream
syn keyword ngxDirectiveBlock contained mail
syn keyword ngxDirectiveBlock contained events
syn keyword ngxDirectiveBlock contained server
@@ -105,14 +109,16 @@
syn keyword ngxDirectiveError contained error_page
syn keyword ngxDirectiveError contained post_action
-syn keyword ngxDirectiveDeprecated contained connections
-syn keyword ngxDirectiveDeprecated contained imap
-syn keyword ngxDirectiveDeprecated contained limit_zone
-syn keyword ngxDirectiveDeprecated contained mysql_test
-syn keyword ngxDirectiveDeprecated contained open_file_cache_retest
-syn keyword ngxDirectiveDeprecated contained optimize_server_names
-syn keyword ngxDirectiveDeprecated contained satisfy_any
-syn keyword ngxDirectiveDeprecated contained so_keepalive
+syn keyword ngxDirectiveDeprecated contained proxy_downstream_buffer
+syn keyword ngxDirectiveDeprecated contained proxy_upstream_buffer
+syn keyword ngxDirectiveDeprecated contained spdy_chunk_size
+syn keyword ngxDirectiveDeprecated contained spdy_headers_comp
+syn keyword ngxDirectiveDeprecated contained spdy_keepalive_timeout
+syn keyword ngxDirectiveDeprecated contained spdy_max_concurrent_streams
+syn keyword ngxDirectiveDeprecated contained spdy_pool_size
+syn keyword ngxDirectiveDeprecated contained spdy_recv_buffer_size
+syn keyword ngxDirectiveDeprecated contained spdy_recv_timeout
+syn keyword ngxDirectiveDeprecated contained spdy_streams_index_size
syn keyword ngxDirective contained absolute_redirect
syn keyword ngxDirective contained accept_mutex
@@ -122,6 +128,7 @@
syn keyword ngxDirective contained add_after_body
syn keyword ngxDirective contained add_before_body
syn keyword ngxDirective contained add_header
+syn keyword ngxDirective contained add_trailer
syn keyword ngxDirective contained addition_types
syn keyword ngxDirective contained aio
syn keyword ngxDirective contained aio_write
@@ -186,6 +193,7 @@
syn keyword ngxDirective contained fastcgi_buffers
syn keyword ngxDirective contained fastcgi_busy_buffers_size
syn keyword ngxDirective contained fastcgi_cache
+syn keyword ngxDirective contained fastcgi_cache_background_update
syn keyword ngxDirective contained fastcgi_cache_bypass
syn keyword ngxDirective contained fastcgi_cache_key
syn keyword ngxDirective contained fastcgi_cache_lock
@@ -258,15 +266,17 @@
syn keyword ngxDirective contained hls_fragment
syn keyword ngxDirective contained hls_mp4_buffer_size
syn keyword ngxDirective contained hls_mp4_max_buffer_size
-syn keyword ngxDirective contained http2_chunk_size
syn keyword ngxDirective contained http2_body_preread_size
+syn keyword ngxDirective contained http2_chunk_size
syn keyword ngxDirective contained http2_idle_timeout
syn keyword ngxDirective contained http2_max_concurrent_streams
syn keyword ngxDirective contained http2_max_field_size
syn keyword ngxDirective contained http2_max_header_size
syn keyword ngxDirective contained http2_max_requests
+syn keyword ngxDirective contained http2_pool_size
syn keyword ngxDirective contained http2_recv_buffer_size
syn keyword ngxDirective contained http2_recv_timeout
+syn keyword ngxDirective contained http2_streams_index_size
syn keyword ngxDirective contained if_modified_since
syn keyword ngxDirective contained ignore_invalid_headers
syn keyword ngxDirective contained image_filter
@@ -332,6 +342,8 @@
syn keyword ngxDirective contained memcached_send_timeout
syn keyword ngxDirective contained merge_slashes
syn keyword ngxDirective contained min_delete_depth
+syn keyword ngxDirective contained mirror
+syn keyword ngxDirective contained mirror_request_body
syn keyword ngxDirective contained modern_browser
syn keyword ngxDirective contained modern_browser_value
syn keyword ngxDirective contained mp4
@@ -374,6 +386,7 @@
syn keyword ngxDirective contained proxy_buffers
syn keyword ngxDirective contained proxy_busy_buffers_size
syn keyword ngxDirective contained proxy_cache
+syn keyword ngxDirective contained proxy_cache_background_update
syn keyword ngxDirective contained proxy_cache_bypass
syn keyword ngxDirective contained proxy_cache_convert_head
syn keyword ngxDirective contained proxy_cache_key
@@ -421,6 +434,7 @@
syn keyword ngxDirective contained proxy_send_timeout
syn keyword ngxDirective contained proxy_set_body
syn keyword ngxDirective contained proxy_set_header
+syn keyword ngxDirective contained proxy_ssl
syn keyword ngxDirective contained proxy_ssl_certificate
syn keyword ngxDirective contained proxy_ssl_certificate_key
syn keyword ngxDirective contained proxy_ssl_ciphers
@@ -463,6 +477,7 @@
syn keyword ngxDirective contained scgi_buffers
syn keyword ngxDirective contained scgi_busy_buffers_size
syn keyword ngxDirective contained scgi_cache
+syn keyword ngxDirective contained scgi_cache_background_update
syn keyword ngxDirective contained scgi_cache_bypass
syn keyword ngxDirective contained scgi_cache_key
syn keyword ngxDirective contained scgi_cache_lock
@@ -520,14 +535,6 @@
syn keyword ngxDirective contained smtp_client_buffer
syn keyword ngxDirective contained smtp_greeting_delay
syn keyword ngxDirective contained source_charset
-syn keyword ngxDirective contained spdy_chunk_size
-syn keyword ngxDirective contained spdy_headers_comp
-syn keyword ngxDirective contained spdy_keepalive_timeout
-syn keyword ngxDirective contained spdy_max_concurrent_streams
-syn keyword ngxDirective contained spdy_pool_size
-syn keyword ngxDirective contained spdy_recv_buffer_size
-syn keyword ngxDirective contained spdy_recv_timeout
-syn keyword ngxDirective contained spdy_streams_index_size
syn keyword ngxDirective contained ssi
syn keyword ngxDirective contained ssi_ignore_recycled_buffers
syn keyword ngxDirective contained ssi_last_modified
@@ -600,11 +607,13 @@
syn keyword ngxDirective contained uwsgi_buffers
syn keyword ngxDirective contained uwsgi_busy_buffers_size
syn keyword ngxDirective contained uwsgi_cache
+syn keyword ngxDirective contained uwsgi_cache_background_update
syn keyword ngxDirective contained uwsgi_cache_bypass
syn keyword ngxDirective contained uwsgi_cache_key
syn keyword ngxDirective contained uwsgi_cache_lock
syn keyword ngxDirective contained uwsgi_cache_lock_age
syn keyword ngxDirective contained uwsgi_cache_lock_timeout
+syn keyword ngxDirective contained uwsgi_cache_max_range_offset
syn keyword ngxDirective contained uwsgi_cache_methods
syn keyword ngxDirective contained uwsgi_cache_min_uses
syn keyword ngxDirective contained uwsgi_cache_path
@@ -662,6 +671,7 @@
syn keyword ngxDirective contained worker_rlimit_core
syn keyword ngxDirective contained worker_rlimit_nofile
syn keyword ngxDirective contained worker_rlimit_sigpending
+syn keyword ngxDirective contained worker_shutdown_timeout
syn keyword ngxDirective contained worker_threads
syn keyword ngxDirective contained working_directory
syn keyword ngxDirective contained xclient
@@ -2170,5 +2180,6 @@
hi link ngxDirectiveThirdParty Special
hi link ngxListenOptions Keyword
+hi link ngxListenOptionsDeprecated Error
let b:current_syntax = "nginx"
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.13.8.tar.gz/src/core/nginx.c
^
|
| @@ -228,6 +228,7 @@
#endif
ngx_pid = ngx_getpid();
+ ngx_parent = ngx_getppid();
log = ngx_log_init(ngx_prefix);
if (log == NULL) {
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.13.8.tar.gz/src/core/nginx.h
^
|
| @@ -9,8 +9,8 @@
#define _NGINX_H_INCLUDED_
-#define nginx_version 1013007
-#define NGINX_VERSION "1.13.7"
+#define nginx_version 1013008
+#define NGINX_VERSION "1.13.8"
#define NGINX_VER "nginx/" NGINX_VERSION
#ifdef NGX_BUILD
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.13.8.tar.gz/src/core/ngx_conf_file.c
^
|
| @@ -709,6 +709,11 @@
last_space = 0;
continue;
+ case '$':
+ variable = 1;
+ last_space = 0;
+ continue;
+
default:
last_space = 0;
}
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.13.8.tar.gz/src/core/ngx_cycle.h
^
|
| @@ -114,6 +114,8 @@
ngx_array_t env;
char **environment;
+
+ ngx_uint_t transparent; /* unsigned transparent:1; */
} ngx_core_conf_t;
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.13.8.tar.gz/src/http/modules/ngx_http_autoindex_module.c
^
|
| @@ -180,6 +180,12 @@
return NGX_DECLINED;
}
+ rc = ngx_http_discard_request_body(r);
+
+ if (rc != NGX_OK) {
+ return rc;
+ }
+
/* NGX_DIR_MASK_LEN is lesser than NGX_HTTP_AUTOINDEX_PREALLOCATE */
last = ngx_http_map_uri_to_path(r, &path, &root,
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.13.8.tar.gz/src/http/modules/ngx_http_proxy_module.c
^
|
| @@ -1086,8 +1086,7 @@
return NGX_OK;
- } else if (ctx->vars.uri.len == 0 && r->valid_unparsed_uri && r == r->main)
- {
+ } else if (ctx->vars.uri.len == 0 && r->valid_unparsed_uri) {
*key = r->unparsed_uri;
u->uri = r->unparsed_uri;
@@ -1096,7 +1095,7 @@
loc_len = (r->valid_location && ctx->vars.uri.len) ? plcf->location.len : 0;
- if (r->quoted_uri || r->internal) {
+ if (r->quoted_uri || r->space_in_uri || r->internal) {
escape = 2 * ngx_escape_uri(NULL, r->uri.data + loc_len,
r->uri.len - loc_len, NGX_ESCAPE_URI);
} else {
@@ -1201,8 +1200,7 @@
if (plcf->proxy_lengths && ctx->vars.uri.len) {
uri_len = ctx->vars.uri.len;
- } else if (ctx->vars.uri.len == 0 && r->valid_unparsed_uri && r == r->main)
- {
+ } else if (ctx->vars.uri.len == 0 && r->valid_unparsed_uri) {
unparsed_uri = 1;
uri_len = r->unparsed_uri.len;
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.13.8.tar.gz/src/http/modules/ngx_http_upstream_keepalive_module.c
^
|
| @@ -340,6 +340,7 @@
pc->connection = NULL;
if (c->read->timer_set) {
+ c->read->delayed = 0;
ngx_del_timer(c->read);
}
if (c->write->timer_set) {
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.13.8.tar.gz/src/http/ngx_http_core_module.c
^
|
| @@ -2363,6 +2363,7 @@
sr->method_name = r->method_name;
sr->loc_conf = r->loc_conf;
sr->valid_location = r->valid_location;
+ sr->valid_unparsed_uri = r->valid_unparsed_uri;
sr->content_handler = r->content_handler;
sr->phase_handler = r->phase_handler;
sr->write_event_handler = ngx_http_core_run_phases;
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.13.8.tar.gz/src/http/ngx_http_upstream.c
^
|
| @@ -3533,7 +3533,7 @@
if (do_write) {
- if (u->out_bufs || u->busy_bufs) {
+ if (u->out_bufs || u->busy_bufs || downstream->buffered) {
rc = ngx_http_output_filter(r, u->out_bufs);
if (rc == NGX_ERROR) {
@@ -6078,6 +6078,12 @@
if (cf->args->nelts > 2) {
if (ngx_strcmp(value[2].data, "transparent") == 0) {
#if (NGX_HAVE_TRANSPARENT_PROXY)
+ ngx_core_conf_t *ccf;
+
+ ccf = (ngx_core_conf_t *) ngx_get_conf(cf->cycle->conf_ctx,
+ ngx_core_module);
+
+ ccf->transparent = 1;
local->transparent = 1;
#else
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.13.8.tar.gz/src/os/unix/ngx_daemon.c
^
|
| @@ -26,6 +26,7 @@
exit(0);
}
+ ngx_parent = ngx_pid;
ngx_pid = ngx_getpid();
if (setsid() == -1) {
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.13.8.tar.gz/src/os/unix/ngx_linux_config.h
^
|
| @@ -99,6 +99,11 @@
#endif
+#if (NGX_HAVE_CAPABILITIES)
+#include <linux/capability.h>
+#endif
+
+
#define NGX_LISTEN_BACKLOG 511
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.13.8.tar.gz/src/os/unix/ngx_posix_config.h
^
|
| @@ -145,26 +145,6 @@
#define ngx_debug_init()
-#if (__FreeBSD__) && (__FreeBSD_version < 400017)
-
-#include <sys/param.h> /* ALIGN() */
-
-/*
- * FreeBSD 3.x has no CMSG_SPACE() and CMSG_LEN() and has the broken CMSG_DATA()
- */
-
-#undef CMSG_SPACE
-#define CMSG_SPACE(l) (ALIGN(sizeof(struct cmsghdr)) + ALIGN(l))
-
-#undef CMSG_LEN
-#define CMSG_LEN(l) (ALIGN(sizeof(struct cmsghdr)) + (l))
-
-#undef CMSG_DATA
-#define CMSG_DATA(cmsg) ((u_char *)(cmsg) + ALIGN(sizeof(struct cmsghdr)))
-
-#endif
-
-
extern char **environ;
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.13.8.tar.gz/src/os/unix/ngx_posix_init.c
^
|
| @@ -36,6 +36,9 @@
{
ngx_time_t *tp;
ngx_uint_t n;
+#if (NGX_HAVE_LEVEL1_DCACHE_LINESIZE)
+ long size;
+#endif
#if (NGX_HAVE_OS_SPECIFIC_INIT)
if (ngx_os_specific_init(log) != NGX_OK) {
@@ -62,6 +65,13 @@
ngx_ncpu = 1;
}
+#if (NGX_HAVE_LEVEL1_DCACHE_LINESIZE)
+ size = sysconf(_SC_LEVEL1_DCACHE_LINESIZE);
+ if (size > 0) {
+ ngx_cacheline_size = size;
+ }
+#endif
+
ngx_cpuinfo();
if (getrlimit(RLIMIT_NOFILE, &rlmt) == -1) {
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.13.8.tar.gz/src/os/unix/ngx_process.c
^
|
| @@ -194,6 +194,7 @@
return NGX_INVALID_PID;
case 0:
+ ngx_parent = ngx_pid;
ngx_pid = ngx_getpid();
proc(cycle, data);
break;
@@ -371,12 +372,12 @@
break;
case ngx_signal_value(NGX_CHANGEBIN_SIGNAL):
- if (getppid() > 1 || ngx_new_binary > 0) {
+ if (ngx_getppid() == ngx_parent || ngx_new_binary > 0) {
/*
* Ignore the signal in the new binary if its parent is
- * not the init process, i.e. the old binary's process
- * is still running. Or ignore the signal in the old binary's
+ * not changed, i.e. the old binary's process is still
+ * running. Or ignore the signal in the old binary's
* process if the new binary's process is already running.
*/
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.13.8.tar.gz/src/os/unix/ngx_process.h
^
|
| @@ -54,6 +54,7 @@
#define ngx_getpid getpid
+#define ngx_getppid getppid
#ifndef ngx_log_pid
#define ngx_log_pid ngx_pid
@@ -79,6 +80,7 @@
extern char **ngx_os_argv;
extern ngx_pid_t ngx_pid;
+extern ngx_pid_t ngx_parent;
extern ngx_socket_t ngx_channel;
extern ngx_int_t ngx_process_slot;
extern ngx_int_t ngx_last_process;
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.13.8.tar.gz/src/os/unix/ngx_process_cycle.c
^
|
| @@ -31,6 +31,7 @@
ngx_uint_t ngx_process;
ngx_uint_t ngx_worker;
ngx_pid_t ngx_pid;
+ngx_pid_t ngx_parent;
sig_atomic_t ngx_reap;
sig_atomic_t ngx_sigio;
@@ -838,12 +839,44 @@
ccf->username, ccf->group);
}
+#if (NGX_HAVE_PR_SET_KEEPCAPS && NGX_HAVE_CAPABILITIES)
+ if (ccf->transparent && ccf->user) {
+ if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) == -1) {
+ ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno,
+ "prctl(PR_SET_KEEPCAPS, 1) failed");
+ /* fatal */
+ exit(2);
+ }
+ }
+#endif
+
if (setuid(ccf->user) == -1) {
ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno,
"setuid(%d) failed", ccf->user);
/* fatal */
exit(2);
}
+
+#if (NGX_HAVE_CAPABILITIES)
+ if (ccf->transparent && ccf->user) {
+ struct __user_cap_data_struct data;
+ struct __user_cap_header_struct header;
+
+ ngx_memzero(&header, sizeof(struct __user_cap_header_struct));
+ ngx_memzero(&data, sizeof(struct __user_cap_data_struct));
+
+ header.version = _LINUX_CAPABILITY_VERSION_1;
+ data.effective = CAP_TO_MASK(CAP_NET_RAW);
+ data.permitted = data.effective;
+
+ if (syscall(SYS_capset, &header, &data) == -1) {
+ ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno,
+ "capset() failed");
+ /* fatal */
+ exit(2);
+ }
+ }
+#endif
}
if (worker >= 0) {
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.13.8.tar.gz/src/stream/ngx_stream_proxy_module.c
^
|
| @@ -2155,6 +2155,12 @@
if (cf->args->nelts > 2) {
if (ngx_strcmp(value[2].data, "transparent") == 0) {
#if (NGX_HAVE_TRANSPARENT_PROXY)
+ ngx_core_conf_t *ccf;
+
+ ccf = (ngx_core_conf_t *) ngx_get_conf(cf->cycle->conf_ctx,
+ ngx_core_module);
+
+ ccf->transparent = 1;
local->transparent = 1;
#else
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
|
