Changes - j0ke.net Open Build Service

Changes of Revision 270

[-] [+]	Changed	nginx.changes
@@ -1,4 +1,9 @@ ------------------------------------------------------------------- +Wed Jan 17 08:34:43 UTC 2018 - cs@linux-administrator.com + +- update to nginx 1.13.8 + +------------------------------------------------------------------- Tue Dec 12 11:37:50 UTC 2017 - cs@linux-administrator.com - update to nginx 1.13.7 1 @@ -1,4 +1,9 @@ 2 ------------------------------------------------------------------- 3 +Wed Jan 17 08:34:43 UTC 2018 - cs@linux-administrator.com 4 + 5 +- update to nginx 1.13.8 6 + 7 +------------------------------------------------------------------- 8 Tue Dec 12 11:37:50 UTC 2017 - cs@linux-administrator.com 9 10 - update to nginx 1.13.7 11
[-] [+]	Changed	nginx.spec ^
@@ -25,7 +25,7 @@ %define with_pagespeed 0 Name: nginx -Version: 1.13.7 +Version: 1.13.8 Release: 1 Summary: Robust, small and high performance http and reverse proxy server Group: System Environment/Daemons 10 1 @@ -25,7 +25,7 @@ 2 %define with_pagespeed 0 3 4 Name: nginx 5 -Version: 1.13.7 6 +Version: 1.13.8 7 Release: 1 8 Summary: Robust, small and high performance http and reverse proxy server 9 Group: System Environment/Daemons 10
[-] [+]	Changed	_service ^
@@ -2,6 +2,6 @@ <service name="download_url"> <param name="host">nginx.org</param> <param name="protocol">http</param> - <param name="path">/download/nginx-1.13.7.tar.gz</param> + <param name="path">/download/nginx-1.13.8.tar.gz</param> </service> <service name="download_url"><param name="host">www.openssl.org</param><param name="protocol">https</param><param name="path">/source/openssl-1.1.0g.tar.gz</param></service></services>
[-] [+]	Changed	_service:download_url:nginx-1.13.8.tar.gz/CHANGES ^
@@ -1,4 +1,38 @@ +Changes with nginx 1.13.8 26 Dec 2017 + + ) Feature: now nginx automatically preserves the CAP_NET_RAW capability + in worker processes when using the "transparent" parameter of the + "proxy_bind", "fastcgi_bind", "memcached_bind", "scgi_bind", and + "uwsgi_bind" directives. + + ) Feature: improved CPU cache line size detection. + Thanks to Debayan Ghosh. + + ) Feature: new directives in vim syntax highlighting scripts. + Thanks to Gena Makhomed. + + ) Bugfix: binary upgrade refused to work if nginx was re-parented to a + process with PID different from 1 after its parent process has + finished. + + ) Bugfix: the ngx_http_autoindex_module incorrectly handled requests + with bodies. + + ) Bugfix: in the "proxy_limit_rate" directive when used with the + "keepalive" directive. + + ) Bugfix: some parts of a response might be buffered when using + "proxy_buffering off" if the client connection used SSL. + Thanks to Patryk Lesiewicz. + + ) Bugfix: in the "proxy_cache_background_update" directive. + + ) Bugfix: it was not possible to start a parameter with a variable in + the "${name}" form with the name in curly brackets without enclosing + the parameter into single or double quotes. + + Changes with nginx 1.13.7 21 Nov 2017 ) Bugfix: in the $upstream_status variable.
[-] [+]	Changed	_service:download_url:nginx-1.13.8.tar.gz/CHANGES.ru ^
@@ -1,4 +1,38 @@ +Изменения в nginx 1.13.8 26.12.2017 + + ) Добавление: теперь при использовании параметра transparent директив + proxy_bind, fastcgi_bind, memcached_bind, scgi_bind и uwsgi_bind + nginx автоматически сохраняет capability CAP_NET_RAW в рабочих + процессах. + + ) Добавление: улучшения в определении размера строки кэша процессора. + Спасибо Debayan Ghosh. + + ) Добавление: новые директивы в скриптах подсветки синтаксиса для vim. + Спасибо Геннадию Махомеду. + + ) Исправление: процедура обновления исполняемого файла не работала, + если после завершения родительского процесса новым родительским + процессом nginx'а становился процесс с PID, отличным от 1. + + ) Исправление: модуль ngx_http_autoindex_module неправильно обрабатывал + запросы с телом. + + ) Исправление: в директиве proxy_limit_rate при использовании с + директивой keepalive. + + ) Исправление: при использовании "proxy_buffering off" часть ответа + могла буферизироваться, если клиентское соединение использовало SSL. + Спасибо Patryk Lesiewicz. + + ) Исправление: в директиве proxy_cache_background_update. + + ) Исправление: переменную вида "${name}" с именем в фигурных скобках + нельзя было использовать в начале параметра не заключив весь параметр + в кавычки. + + Изменения в nginx 1.13.7 21.11.2017 ) Исправление: в переменной $upstream_status.
[-] [+]	Changed	_service:download_url:nginx-1.13.8.tar.gz/auto/cc/clang ^
@@ -5,7 +5,7 @@ # clang -NGX_CLANG_VER=`$CC -v 2>&1 \| grep '$clang\\|LLVM$ version' 2>&1 \ +NGX_CLANG_VER=`$CC -v 2>&1 \| grep 'version' 2>&1 \ \| sed -e 's/^.* version $.*$/\1/'` echo " + clang version: $NGX_CLANG_VER"
[-] [+]	Changed	_service:download_url:nginx-1.13.8.tar.gz/auto/cc/name ^
@@ -44,7 +44,11 @@ NGX_CC_NAME=gcc echo " + using GNU C compiler" -elif `$CC -v 2>&1 \| grep '$clang\\|LLVM$ version' >/dev/null 2>&1`; then +elif `$CC -v 2>&1 \| grep 'clang version' >/dev/null 2>&1`; then + NGX_CC_NAME=clang + echo " + using Clang C compiler" + +elif `$CC -v 2>&1 \| grep 'LLVM version' >/dev/null 2>&1`; then NGX_CC_NAME=clang echo " + using Clang C compiler"
[-] [+]	Changed	_service:download_url:nginx-1.13.8.tar.gz/auto/os/conf ^
@@ -110,6 +110,11 @@ NGX_MACH_CACHE_LINE=64 ;; + aarch64 ) + have=NGX_ALIGNMENT value=16 . auto/define + NGX_MACH_CACHE_LINE=64 + ;; + *) have=NGX_ALIGNMENT value=16 . auto/define NGX_MACH_CACHE_LINE=32
[-] [+]	Changed	_service:download_url:nginx-1.13.8.tar.gz/auto/os/linux ^
@@ -157,6 +157,38 @@ . auto/feature +# prctl(PR_SET_KEEPCAPS) + +ngx_feature="prctl(PR_SET_KEEPCAPS)" +ngx_feature_name="NGX_HAVE_PR_SET_KEEPCAPS" +ngx_feature_run=yes +ngx_feature_incs="#include <sys/prctl.h>" +ngx_feature_path= +ngx_feature_libs= +ngx_feature_test="if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) == -1) return 1" +. auto/feature + + +# capabilities + +ngx_feature="capabilities" +ngx_feature_name="NGX_HAVE_CAPABILITIES" +ngx_feature_run=no +ngx_feature_incs="#include <linux/capability.h> + #include <sys/syscall.h>" +ngx_feature_path= +ngx_feature_libs= +ngx_feature_test="struct __user_cap_data_struct data; + struct __user_cap_header_struct header; + + header.version = _LINUX_CAPABILITY_VERSION_1; + data.effective = CAP_TO_MASK(CAP_NET_RAW); + data.permitted = 0; + + (void) SYS_capset" +. auto/feature + + # crypt_r() ngx_feature="crypt_r()"
[-] [+]	Changed	_service:download_url:nginx-1.13.8.tar.gz/auto/unix ^
@@ -342,7 +342,7 @@ . auto/feature -# NetBSD bind to any address for transparent proxying +# OpenBSD bind to any address for transparent proxying ngx_feature="SO_BINDANY" ngx_feature_name="NGX_HAVE_TRANSPARENT_PROXY" @@ -354,42 +354,42 @@ . auto/feature -# Linux IP_BIND_ADDRESS_NO_PORT +# Linux transparent proxying -ngx_feature="IP_BIND_ADDRESS_NO_PORT" -ngx_feature_name="NGX_HAVE_IP_BIND_ADDRESS_NO_PORT" +ngx_feature="IP_TRANSPARENT" +ngx_feature_name="NGX_HAVE_TRANSPARENT_PROXY" ngx_feature_run=no ngx_feature_incs="#include <sys/socket.h> #include <netinet/in.h>" ngx_feature_path= ngx_feature_libs= -ngx_feature_test="setsockopt(0, IPPROTO_IP, IP_BIND_ADDRESS_NO_PORT, NULL, 0)" +ngx_feature_test="setsockopt(0, IPPROTO_IP, IP_TRANSPARENT, NULL, 0)" . auto/feature -# Linux transparent proxying +# FreeBSD bind to any address for transparent proxying -ngx_feature="IP_TRANSPARENT" +ngx_feature="IP_BINDANY" ngx_feature_name="NGX_HAVE_TRANSPARENT_PROXY" ngx_feature_run=no ngx_feature_incs="#include <sys/socket.h> #include <netinet/in.h>" ngx_feature_path= ngx_feature_libs= -ngx_feature_test="setsockopt(0, IPPROTO_IP, IP_TRANSPARENT, NULL, 0)" +ngx_feature_test="setsockopt(0, IPPROTO_IP, IP_BINDANY, NULL, 0)" . auto/feature -# FreeBSD bind to any address for transparent proxying +# Linux IP_BIND_ADDRESS_NO_PORT -ngx_feature="IP_BINDANY" -ngx_feature_name="NGX_HAVE_TRANSPARENT_PROXY" +ngx_feature="IP_BIND_ADDRESS_NO_PORT" +ngx_feature_name="NGX_HAVE_IP_BIND_ADDRESS_NO_PORT" ngx_feature_run=no ngx_feature_incs="#include <sys/socket.h> #include <netinet/in.h>" ngx_feature_path= ngx_feature_libs= -ngx_feature_test="setsockopt(0, IPPROTO_IP, IP_BINDANY, NULL, 0)" +ngx_feature_test="setsockopt(0, IPPROTO_IP, IP_BIND_ADDRESS_NO_PORT, NULL, 0)" . auto/feature @@ -964,6 +964,16 @@ . auto/feature +ngx_feature="sysconf(_SC_LEVEL1_DCACHE_LINESIZE)" +ngx_feature_name="NGX_HAVE_LEVEL1_DCACHE_LINESIZE" +ngx_feature_run=no +ngx_feature_incs= +ngx_feature_path= +ngx_feature_libs= +ngx_feature_test="sysconf(_SC_LEVEL1_DCACHE_LINESIZE)" +. auto/feature + + ngx_feature="openat(), fstatat()" ngx_feature_name="NGX_HAVE_OPENAT" ngx_feature_run=no
[-] [+]	Changed	_service:download_url:nginx-1.13.8.tar.gz/contrib/vim/syntax/nginx.vim ^
@@ -15,7 +15,7 @@ syn match ngxName '$[^;{} \t\\]\\|\\.$\+' \ contains=@ngxDirectives \ nextgroup=@ngxParams skipwhite skipempty -syn match ngxParam '$[^;{ \t\\]\\|\\.$\+' +syn match ngxParam '$\${\\|[^;{ \t\\]\\|\\.$\+' \ contained \ contains=ngxVariable \ nextgroup=@ngxParams skipwhite skipempty @@ -29,7 +29,7 @@ \ contains=@ngxTopLevel syn match ngxComment '#.*$' -syn match ngxVariable '\$\w\+' contained +syn match ngxVariable '\$$\w\+\\|{\w\+}$' contained syn match ngxVariableString '\$$\w\+\\|{\w\+}$' contained syn cluster ngxTopLevel @@ -52,7 +52,7 @@ syn cluster ngxTopLevel add=ngxDirectiveListen syn keyword ngxDirectiveListen listen \ nextgroup=@ngxListenParams skipwhite skipempty -syn match ngxListenParam '$[^;{ \t\\]\\|\\.$\+' +syn match ngxListenParam '$\${\\|[^;{ \t\\]\\|\\.$\+' \ contained \ nextgroup=@ngxListenParams skipwhite skipempty syn region ngxListenString start=+\z(["']\)+ end=+\z1+ skip=+\\\\\\|\\\z1+ @@ -62,15 +62,19 @@ \ contained \ nextgroup=@ngxListenParams skipwhite skipempty syn keyword ngxListenOptions contained - \ default_server ssl http2 spdy proxy_protocol + \ default_server ssl http2 proxy_protocol \ setfib fastopen backlog rcvbuf sndbuf accept_filter deferred bind - \ ipv6only reuseport so_keepalive keepidle + \ ipv6only reuseport so_keepalive + \ nextgroup=@ngxListenParams skipwhite skipempty +syn keyword ngxListenOptionsDeprecated contained + \ spdy \ nextgroup=@ngxListenParams skipwhite skipempty syn cluster ngxListenParams \ contains=ngxListenParam,ngxListenString,ngxListenComment - \ add=ngxListenOptions + \ add=ngxListenOptions,ngxListenOptionsDeprecated syn keyword ngxDirectiveBlock contained http +syn keyword ngxDirectiveBlock contained stream syn keyword ngxDirectiveBlock contained mail syn keyword ngxDirectiveBlock contained events syn keyword ngxDirectiveBlock contained server @@ -105,14 +109,16 @@ syn keyword ngxDirectiveError contained error_page syn keyword ngxDirectiveError contained post_action -syn keyword ngxDirectiveDeprecated contained connections -syn keyword ngxDirectiveDeprecated contained imap -syn keyword ngxDirectiveDeprecated contained limit_zone -syn keyword ngxDirectiveDeprecated contained mysql_test -syn keyword ngxDirectiveDeprecated contained open_file_cache_retest -syn keyword ngxDirectiveDeprecated contained optimize_server_names -syn keyword ngxDirectiveDeprecated contained satisfy_any -syn keyword ngxDirectiveDeprecated contained so_keepalive +syn keyword ngxDirectiveDeprecated contained proxy_downstream_buffer +syn keyword ngxDirectiveDeprecated contained proxy_upstream_buffer +syn keyword ngxDirectiveDeprecated contained spdy_chunk_size +syn keyword ngxDirectiveDeprecated contained spdy_headers_comp +syn keyword ngxDirectiveDeprecated contained spdy_keepalive_timeout +syn keyword ngxDirectiveDeprecated contained spdy_max_concurrent_streams +syn keyword ngxDirectiveDeprecated contained spdy_pool_size +syn keyword ngxDirectiveDeprecated contained spdy_recv_buffer_size +syn keyword ngxDirectiveDeprecated contained spdy_recv_timeout +syn keyword ngxDirectiveDeprecated contained spdy_streams_index_size syn keyword ngxDirective contained absolute_redirect syn keyword ngxDirective contained accept_mutex @@ -122,6 +128,7 @@ syn keyword ngxDirective contained add_after_body syn keyword ngxDirective contained add_before_body syn keyword ngxDirective contained add_header +syn keyword ngxDirective contained add_trailer syn keyword ngxDirective contained addition_types syn keyword ngxDirective contained aio syn keyword ngxDirective contained aio_write @@ -186,6 +193,7 @@ syn keyword ngxDirective contained fastcgi_buffers syn keyword ngxDirective contained fastcgi_busy_buffers_size syn keyword ngxDirective contained fastcgi_cache +syn keyword ngxDirective contained fastcgi_cache_background_update syn keyword ngxDirective contained fastcgi_cache_bypass syn keyword ngxDirective contained fastcgi_cache_key syn keyword ngxDirective contained fastcgi_cache_lock @@ -258,15 +266,17 @@ syn keyword ngxDirective contained hls_fragment syn keyword ngxDirective contained hls_mp4_buffer_size syn keyword ngxDirective contained hls_mp4_max_buffer_size -syn keyword ngxDirective contained http2_chunk_size syn keyword ngxDirective contained http2_body_preread_size +syn keyword ngxDirective contained http2_chunk_size syn keyword ngxDirective contained http2_idle_timeout syn keyword ngxDirective contained http2_max_concurrent_streams syn keyword ngxDirective contained http2_max_field_size syn keyword ngxDirective contained http2_max_header_size syn keyword ngxDirective contained http2_max_requests +syn keyword ngxDirective contained http2_pool_size syn keyword ngxDirective contained http2_recv_buffer_size syn keyword ngxDirective contained http2_recv_timeout +syn keyword ngxDirective contained http2_streams_index_size syn keyword ngxDirective contained if_modified_since syn keyword ngxDirective contained ignore_invalid_headers syn keyword ngxDirective contained image_filter @@ -332,6 +342,8 @@ syn keyword ngxDirective contained memcached_send_timeout syn keyword ngxDirective contained merge_slashes syn keyword ngxDirective contained min_delete_depth +syn keyword ngxDirective contained mirror +syn keyword ngxDirective contained mirror_request_body syn keyword ngxDirective contained modern_browser syn keyword ngxDirective contained modern_browser_value syn keyword ngxDirective contained mp4 @@ -374,6 +386,7 @@ syn keyword ngxDirective contained proxy_buffers syn keyword ngxDirective contained proxy_busy_buffers_size syn keyword ngxDirective contained proxy_cache +syn keyword ngxDirective contained proxy_cache_background_update syn keyword ngxDirective contained proxy_cache_bypass syn keyword ngxDirective contained proxy_cache_convert_head syn keyword ngxDirective contained proxy_cache_key @@ -421,6 +434,7 @@ syn keyword ngxDirective contained proxy_send_timeout syn keyword ngxDirective contained proxy_set_body syn keyword ngxDirective contained proxy_set_header +syn keyword ngxDirective contained proxy_ssl syn keyword ngxDirective contained proxy_ssl_certificate syn keyword ngxDirective contained proxy_ssl_certificate_key syn keyword ngxDirective contained proxy_ssl_ciphers @@ -463,6 +477,7 @@ syn keyword ngxDirective contained scgi_buffers syn keyword ngxDirective contained scgi_busy_buffers_size syn keyword ngxDirective contained scgi_cache +syn keyword ngxDirective contained scgi_cache_background_update syn keyword ngxDirective contained scgi_cache_bypass syn keyword ngxDirective contained scgi_cache_key syn keyword ngxDirective contained scgi_cache_lock @@ -520,14 +535,6 @@ syn keyword ngxDirective contained smtp_client_buffer syn keyword ngxDirective contained smtp_greeting_delay syn keyword ngxDirective contained source_charset -syn keyword ngxDirective contained spdy_chunk_size -syn keyword ngxDirective contained spdy_headers_comp -syn keyword ngxDirective contained spdy_keepalive_timeout -syn keyword ngxDirective contained spdy_max_concurrent_streams -syn keyword ngxDirective contained spdy_pool_size -syn keyword ngxDirective contained spdy_recv_buffer_size -syn keyword ngxDirective contained spdy_recv_timeout -syn keyword ngxDirective contained spdy_streams_index_size syn keyword ngxDirective contained ssi syn keyword ngxDirective contained ssi_ignore_recycled_buffers syn keyword ngxDirective contained ssi_last_modified @@ -600,11 +607,13 @@ syn keyword ngxDirective contained uwsgi_buffers syn keyword ngxDirective contained uwsgi_busy_buffers_size syn keyword ngxDirective contained uwsgi_cache +syn keyword ngxDirective contained uwsgi_cache_background_update syn keyword ngxDirective contained uwsgi_cache_bypass syn keyword ngxDirective contained uwsgi_cache_key syn keyword ngxDirective contained uwsgi_cache_lock syn keyword ngxDirective contained uwsgi_cache_lock_age syn keyword ngxDirective contained uwsgi_cache_lock_timeout +syn keyword ngxDirective contained uwsgi_cache_max_range_offset syn keyword ngxDirective contained uwsgi_cache_methods syn keyword ngxDirective contained uwsgi_cache_min_uses syn keyword ngxDirective contained uwsgi_cache_path @@ -662,6 +671,7 @@ syn keyword ngxDirective contained worker_rlimit_core syn keyword ngxDirective contained worker_rlimit_nofile syn keyword ngxDirective contained worker_rlimit_sigpending +syn keyword ngxDirective contained worker_shutdown_timeout syn keyword ngxDirective contained worker_threads syn keyword ngxDirective contained working_directory syn keyword ngxDirective contained xclient @@ -2170,5 +2180,6 @@ hi link ngxDirectiveThirdParty Special hi link ngxListenOptions Keyword +hi link ngxListenOptionsDeprecated Error let b:current_syntax = "nginx"
[-] [+]	Changed	_service:download_url:nginx-1.13.8.tar.gz/src/core/nginx.c ^
@@ -228,6 +228,7 @@ #endif ngx_pid = ngx_getpid(); + ngx_parent = ngx_getppid(); log = ngx_log_init(ngx_prefix); if (log == NULL) {
[-] [+]	Changed	_service:download_url:nginx-1.13.8.tar.gz/src/core/nginx.h ^
@@ -9,8 +9,8 @@ #define _NGINX_H_INCLUDED_ -#define nginx_version 1013007 -#define NGINX_VERSION "1.13.7" +#define nginx_version 1013008 +#define NGINX_VERSION "1.13.8" #define NGINX_VER "nginx/" NGINX_VERSION #ifdef NGX_BUILD
[-] [+]	Changed	_service:download_url:nginx-1.13.8.tar.gz/src/core/ngx_conf_file.c ^
@@ -709,6 +709,11 @@ last_space = 0; continue; + case '$': + variable = 1; + last_space = 0; + continue; + default: last_space = 0; }
[-] [+]	Changed	_service:download_url:nginx-1.13.8.tar.gz/src/core/ngx_cycle.h ^
@@ -114,6 +114,8 @@ ngx_array_t env; char *environment; + + ngx_uint_t transparent; / unsigned transparent:1; */ } ngx_core_conf_t;
[-] [+]	Changed	_service:download_url:nginx-1.13.8.tar.gz/src/http/modules/ngx_http_autoindex_module.c ^
@@ -180,6 +180,12 @@ return NGX_DECLINED; } + rc = ngx_http_discard_request_body(r); + + if (rc != NGX_OK) { + return rc; + } + /* NGX_DIR_MASK_LEN is lesser than NGX_HTTP_AUTOINDEX_PREALLOCATE */ last = ngx_http_map_uri_to_path(r, &path, &root,
[-] [+]	Changed	_service:download_url:nginx-1.13.8.tar.gz/src/http/modules/ngx_http_proxy_module.c ^
@@ -1086,8 +1086,7 @@ return NGX_OK; - } else if (ctx->vars.uri.len == 0 && r->valid_unparsed_uri && r == r->main) - { + } else if (ctx->vars.uri.len == 0 && r->valid_unparsed_uri) { key = r->unparsed_uri; u->uri = r->unparsed_uri; @@ -1096,7 +1095,7 @@ loc_len = (r->valid_location && ctx->vars.uri.len) ? plcf->location.len : 0; - if (r->quoted_uri \|\| r->internal) { + if (r->quoted_uri \|\| r->space_in_uri \|\| r->internal) { escape = 2 ngx_escape_uri(NULL, r->uri.data + loc_len, r->uri.len - loc_len, NGX_ESCAPE_URI); } else { @@ -1201,8 +1200,7 @@ if (plcf->proxy_lengths && ctx->vars.uri.len) { uri_len = ctx->vars.uri.len; - } else if (ctx->vars.uri.len == 0 && r->valid_unparsed_uri && r == r->main) - { + } else if (ctx->vars.uri.len == 0 && r->valid_unparsed_uri) { unparsed_uri = 1; uri_len = r->unparsed_uri.len;
[-] [+]	Changed	_service:download_url:nginx-1.13.8.tar.gz/src/http/modules/ngx_http_upstream_keepalive_module.c ^
@@ -340,6 +340,7 @@ pc->connection = NULL; if (c->read->timer_set) { + c->read->delayed = 0; ngx_del_timer(c->read); } if (c->write->timer_set) {
[-] [+]	Changed	_service:download_url:nginx-1.13.8.tar.gz/src/http/ngx_http_core_module.c ^
@@ -2363,6 +2363,7 @@ sr->method_name = r->method_name; sr->loc_conf = r->loc_conf; sr->valid_location = r->valid_location; + sr->valid_unparsed_uri = r->valid_unparsed_uri; sr->content_handler = r->content_handler; sr->phase_handler = r->phase_handler; sr->write_event_handler = ngx_http_core_run_phases;
[-] [+]	Changed	_service:download_url:nginx-1.13.8.tar.gz/src/http/ngx_http_upstream.c ^
@@ -3533,7 +3533,7 @@ if (do_write) { - if (u->out_bufs \|\| u->busy_bufs) { + if (u->out_bufs \|\| u->busy_bufs \|\| downstream->buffered) { rc = ngx_http_output_filter(r, u->out_bufs); if (rc == NGX_ERROR) { @@ -6078,6 +6078,12 @@ if (cf->args->nelts > 2) { if (ngx_strcmp(value[2].data, "transparent") == 0) { #if (NGX_HAVE_TRANSPARENT_PROXY) + ngx_core_conf_t ccf; + + ccf = (ngx_core_conf_t ) ngx_get_conf(cf->cycle->conf_ctx, + ngx_core_module); + + ccf->transparent = 1; local->transparent = 1; #else ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
[-] [+]	Changed	_service:download_url:nginx-1.13.8.tar.gz/src/os/unix/ngx_daemon.c ^
@@ -26,6 +26,7 @@ exit(0); } + ngx_parent = ngx_pid; ngx_pid = ngx_getpid(); if (setsid() == -1) {
[-] [+]	Changed	_service:download_url:nginx-1.13.8.tar.gz/src/os/unix/ngx_linux_config.h ^
@@ -99,6 +99,11 @@ #endif +#if (NGX_HAVE_CAPABILITIES) +#include <linux/capability.h> +#endif + + #define NGX_LISTEN_BACKLOG 511
[-] [+]	Changed	_service:download_url:nginx-1.13.8.tar.gz/src/os/unix/ngx_posix_config.h ^
@@ -145,26 +145,6 @@ #define ngx_debug_init() -#if (__FreeBSD__) && (__FreeBSD_version < 400017) - -#include <sys/param.h> /* ALIGN() / - -/ - * FreeBSD 3.x has no CMSG_SPACE() and CMSG_LEN() and has the broken CMSG_DATA() - / - -#undef CMSG_SPACE -#define CMSG_SPACE(l) (ALIGN(sizeof(struct cmsghdr)) + ALIGN(l)) - -#undef CMSG_LEN -#define CMSG_LEN(l) (ALIGN(sizeof(struct cmsghdr)) + (l)) - -#undef CMSG_DATA -#define CMSG_DATA(cmsg) ((u_char )(cmsg) + ALIGN(sizeof(struct cmsghdr))) - -#endif - - extern char **environ;
[-] [+]	Changed	_service:download_url:nginx-1.13.8.tar.gz/src/os/unix/ngx_posix_init.c ^
@@ -36,6 +36,9 @@ { ngx_time_t *tp; ngx_uint_t n; +#if (NGX_HAVE_LEVEL1_DCACHE_LINESIZE) + long size; +#endif #if (NGX_HAVE_OS_SPECIFIC_INIT) if (ngx_os_specific_init(log) != NGX_OK) { @@ -62,6 +65,13 @@ ngx_ncpu = 1; } +#if (NGX_HAVE_LEVEL1_DCACHE_LINESIZE) + size = sysconf(_SC_LEVEL1_DCACHE_LINESIZE); + if (size > 0) { + ngx_cacheline_size = size; + } +#endif + ngx_cpuinfo(); if (getrlimit(RLIMIT_NOFILE, &rlmt) == -1) {
[-] [+]	Changed	_service:download_url:nginx-1.13.8.tar.gz/src/os/unix/ngx_process.c ^
@@ -194,6 +194,7 @@ return NGX_INVALID_PID; case 0: + ngx_parent = ngx_pid; ngx_pid = ngx_getpid(); proc(cycle, data); break; @@ -371,12 +372,12 @@ break; case ngx_signal_value(NGX_CHANGEBIN_SIGNAL): - if (getppid() > 1 \|\| ngx_new_binary > 0) { + if (ngx_getppid() == ngx_parent \|\| ngx_new_binary > 0) { /* * Ignore the signal in the new binary if its parent is - * not the init process, i.e. the old binary's process - * is still running. Or ignore the signal in the old binary's + * not changed, i.e. the old binary's process is still + * running. Or ignore the signal in the old binary's * process if the new binary's process is already running. */
[-] [+]	Changed	_service:download_url:nginx-1.13.8.tar.gz/src/os/unix/ngx_process.h ^
@@ -54,6 +54,7 @@ #define ngx_getpid getpid +#define ngx_getppid getppid #ifndef ngx_log_pid #define ngx_log_pid ngx_pid @@ -79,6 +80,7 @@ extern char **ngx_os_argv; extern ngx_pid_t ngx_pid; +extern ngx_pid_t ngx_parent; extern ngx_socket_t ngx_channel; extern ngx_int_t ngx_process_slot; extern ngx_int_t ngx_last_process;
[-] [+]	Changed	_service:download_url:nginx-1.13.8.tar.gz/src/os/unix/ngx_process_cycle.c ^
@@ -31,6 +31,7 @@ ngx_uint_t ngx_process; ngx_uint_t ngx_worker; ngx_pid_t ngx_pid; +ngx_pid_t ngx_parent; sig_atomic_t ngx_reap; sig_atomic_t ngx_sigio; @@ -838,12 +839,44 @@ ccf->username, ccf->group); } +#if (NGX_HAVE_PR_SET_KEEPCAPS && NGX_HAVE_CAPABILITIES) + if (ccf->transparent && ccf->user) { + if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) == -1) { + ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno, + "prctl(PR_SET_KEEPCAPS, 1) failed"); + /* fatal / + exit(2); + } + } +#endif + if (setuid(ccf->user) == -1) { ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno, "setuid(%d) failed", ccf->user); / fatal / exit(2); } + +#if (NGX_HAVE_CAPABILITIES) + if (ccf->transparent && ccf->user) { + struct __user_cap_data_struct data; + struct __user_cap_header_struct header; + + ngx_memzero(&header, sizeof(struct __user_cap_header_struct)); + ngx_memzero(&data, sizeof(struct __user_cap_data_struct)); + + header.version = _LINUX_CAPABILITY_VERSION_1; + data.effective = CAP_TO_MASK(CAP_NET_RAW); + data.permitted = data.effective; + + if (syscall(SYS_capset, &header, &data) == -1) { + ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno, + "capset() failed"); + / fatal */ + exit(2); + } + } +#endif } if (worker >= 0) {
[-] [+]	Changed	_service:download_url:nginx-1.13.8.tar.gz/src/stream/ngx_stream_proxy_module.c ^
@@ -2155,6 +2155,12 @@ if (cf->args->nelts > 2) { if (ngx_strcmp(value[2].data, "transparent") == 0) { #if (NGX_HAVE_TRANSPARENT_PROXY) + ngx_core_conf_t ccf; + + ccf = (ngx_core_conf_t ) ngx_get_conf(cf->cycle->conf_ctx, + ngx_core_module); + + ccf->transparent = 1; local->transparent = 1; #else ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,