Commit Graph

3667 Commits

Author SHA1 Message Date
Igor Sysoev
c2c3e3105f Now if total size of all ranges is greater than source response size,
then nginx disables ranges and returns just the source response.
This fix should not affect well-behaving applications but will defeat
DoS attempts exploiting malicious byte ranges.
2011-08-26 09:42:50 +00:00
Igor Sysoev
8b2bf08165 Cache size accounting fix: actual cache size on disk was less than
needed by sum of sizes of files loaded by worker processes themselves
while cache loader was running.

The bug has been introduced in r3900.
2011-08-25 17:29:34 +00:00
Maxim Dounin
fbc51e4c44 Better handling of various per-server ssl options with SNI.
SSL_set_SSL_CTX() doesn't touch values cached within ssl connection
structure, it only changes certificates (at least as of now, OpenSSL
1.0.0d and earlier).

As a result settings like ssl_verify_client, ssl_verify_depth,
ssl_prefer_server_ciphers are only configurable on per-socket basis while
with SNI it should be possible to specify them different for two servers
listening on the same socket.

Workaround is to explicitly re-apply settings we care about from context
to ssl connection in servername callback.

Note that SSL_clear_options() is only available in OpenSSL 0.9.8m+.  I.e.
with older versions it is not possible to clear ssl_prefer_server_ciphers
option if it's set in default server for a socket.
2011-08-23 14:36:31 +00:00
Igor Sysoev
631fa929d3 Version bump. 2011-08-23 14:22:34 +00:00
Ruslan Ermilov
485e5c81c7 Restore the lost negation. 2011-08-23 13:39:22 +00:00
Igor Sysoev
4ef830d7b8 Removing incomplete draft documentation from release tarball and zip. 2011-08-23 13:35:02 +00:00
Igor Sysoev
6b77c085be Grammar fixes in CHANGES. 2011-08-23 13:29:47 +00:00
Igor Sysoev
03228790c6 CHANGES conversion from KOI8-R to UTF-8. 2011-08-23 12:50:54 +00:00
Igor Sysoev
ae6eba4f16 Grammar fixes in CHANGES. 2011-08-23 10:18:35 +00:00
Igor Sysoev
4e80f39ff0 XSLT regeneration for the previous commit. 2011-08-23 10:11:09 +00:00
Igor Sysoev
99d42788b2 Traling spaces removal in text CHANGES files. 2011-08-23 10:10:25 +00:00
Igor Sysoev
92a2f9d6e0 XSLT regeneration for r4023. 2011-08-23 09:48:44 +00:00
Ruslan Ermilov
cf165077ee Get rid of " <br/>" hacks. 2011-08-23 09:01:13 +00:00
Ruslan Ermilov
998dbb98ad - support <br/> in the middle of input
- fixed "<br>" lookup (eliminates the need in " <br/>" hacks)
- fixed maximum length for unbreakable input
- fixed space lookup (allows a space at column 77 to break a line)
2011-08-23 09:00:24 +00:00
Igor Sysoev
fd478a7425 release-1.1.1 tag 2011-08-22 13:56:14 +00:00
Igor Sysoev
07f0b19c40 nginx-1.1.1-RELEASE 2011-08-22 13:56:08 +00:00
Igor Sysoev
566dfe0c7f SIGWINCH/NOACCEPT signal is disabled now in non-daemon mode.
Non-daemon mode is currently used by supervisord, daemontools and so on
or during debugging. The NOACCEPT signal is only used for online upgrade
which is not supported when nginx is run under supervisord, etc.,
so this change should not break existant setups.
2011-08-22 12:34:48 +00:00
Igor Sysoev
0d18687b03 The change in adaptive loader behaviour introduced in r3975:
now cache loader processes either as many files as specified by loader_files
or works no more than time specified by loader_threshold during each iteration.

loader_threshold was previously used to decrease loader_files or
to increase loader_timeout and this might eventually result in
downgrading loader_files to 1 and increasing loader_timeout to large values
causing loading cache for forever.
2011-08-22 10:16:49 +00:00
Maxim Dounin
de1a3e1e0c Fix buffer overrun under Windows. 2011-08-22 10:07:27 +00:00
Maxim Dounin
ec8186c733 Move SO_ACCEPTFILTER and TCP_DEFER_ACCEPT checks into configure.
NetBSD 5.0+ has SO_ACCEPTFILTER support merged from FreeBSD, and having
accept filter check in FreeBSD-specific ngx_freebsd_config.h prevents it
from being used on NetBSD.  Therefore move the check into configure (and
do the same for Linux-specific TCP_DEFER_ACCEPT, just to be in line).
2011-08-21 11:37:37 +00:00
Maxim Dounin
5a52d67a08 Fix ignored headers handling in fastcgi/scgi/uwsgi.
The bug had appeared in r3561 (fastcgi), r3638 (scgi), r3567 (uwsgi).
2011-08-19 20:11:39 +00:00
Ruslan Ermilov
79a12b64f1 XSLT regeneration for r3998. 2011-08-19 08:39:27 +00:00
Ruslan Ermilov
88b2c7df31 - Added missing dependencies for the CHANGES{,ru} targets.
- Pass string params to xsltproc.
- Removed extraneous rule bodies.
2011-08-19 08:33:47 +00:00
Maxim Dounin
65c32b255d Complain on invalid log levels.
Previously only first log level was required to be correct, while error_log
directive in fact accepts list of levels (e.g. one may specify "error_log ...
debug_core debug_http;").  This resulted in (avoidable) wierd behaviour on
missing semicolon after error_log directive, e.g.

    error_log /path/to/log info
    index index.php;

silently skipped index directive and it's arguments (trying to interpret
them as log levels without checking to be correct).
2011-08-18 21:48:13 +00:00
Maxim Dounin
b7fcb430c1 Upstream: properly allocate memory for tried flags.
Previous allocation only took into account number of non-backup servers, and
this caused memory corruption with many backup servers.

See report here:
http://mailman.nginx.org/pipermail/nginx/2011-May/026531.html
2011-08-18 17:04:52 +00:00
Maxim Dounin
624fbe94a2 Fixing cpu hog with all upstream servers marked "down".
The following configuration causes nginx to hog cpu due to infinite loop
in ngx_http_upstream_get_peer():

    upstream backend {
        server 127.0.0.1:8080 down;
        server 127.0.0.1:8080 down;
    }

    server {
       ...
       location / {
           proxy_pass http://backend;
       }
    }

Make sure we don't loop infinitely in ngx_http_upstream_get_peer() but stop
after resetting peer weights once.

Return 0 if we are stuck.  This is guaranteed to work as peer 0 always exists,
and eventually ngx_http_upstream_get_round_robin_peer() will do the right
thing falling back to backup servers or returning NGX_BUSY.
2011-08-18 16:52:38 +00:00
Maxim Dounin
9bc8fc4602 Fixing proxy_set_body and proxy_pass_request_body with SSL.
Flush flag wasn't set in constructed buffer and this prevented any data
from being actually sent to upstream due to SSL buffering.  Make sure
we always set flush in the last buffer we are going to sent.

See here for report:
http://nginx.org/pipermail/nginx-ru/2011-June/041552.html
2011-08-18 16:34:24 +00:00
Igor Sysoev
c4ff39ae2b Fix names of the referer hash size directives introduced in r3940. 2011-08-18 16:27:30 +00:00
Maxim Dounin
400de576f9 Rebuild manpage only if needed. 2011-08-18 15:57:59 +00:00
Maxim Dounin
b09ceca261 Fix body with request_body_in_single_buf.
If there were preread data and request body was big enough first part
of the request body was duplicated.

See report here:
http://mailman.nginx.org/pipermail/nginx/2011-July/027756.html
2011-08-18 15:52:00 +00:00
Maxim Dounin
f48b451195 Correctly set body if it's preread and there are extra data.
Previously all available data was used as body, resulting in garbage after
real body e.g. in case of pipelined requests.  Make sure to use only as many
bytes as request's Content-Length specifies.
2011-08-18 15:27:57 +00:00
Maxim Dounin
950b668076 Lower optimization level for Sun Studio before 12.1.
At least Sun Studio 12 has problems with bit-fields exposed by nginx code
(caught by test suite).  They seems to be fixed in Sun Studio 12.1.  As a
workaround use "-fast -xalias_level=any" for older versions, it resolves
the problem.
2011-08-18 15:10:23 +00:00
Maxim Dounin
b4d9ee220c Detect POSIX semaphores in librt on Solaris (ticket #3).
Patch by Denis Ivanov.
2011-08-17 08:35:54 +00:00
Maxim Dounin
1a664a80a9 Configure: catch up with new Linux version numbering (ticket #5).
Catch up with new Linux version numbering scheme as announced at [1] and
suppress unrecognized versions to actually use default 0.

[1] https://lkml.org/lkml/2011/5/29/204
2011-08-13 15:15:50 +00:00
Ruslan Ermilov
f46eafd653 - Replaced explicit link to bugtracker with a support link
(which will soon link to Trac).

- Commented out reference to non-existing nginx.conf(5).
2011-08-10 12:30:19 +00:00
Ruslan Ermilov
ad064b78dc Mention our preferred way of accepting bug reports. 2011-08-10 08:03:34 +00:00
Ruslan Ermilov
40be916e1c Don't ignore xmllint errors. 2011-08-09 15:18:07 +00:00
Ruslan Ermilov
b0067b6853 Regen after makefile changes. 2011-08-09 15:15:36 +00:00
Igor Sysoev
aa64c39b20 using sed instead of perl 2011-08-05 13:42:37 +00:00
Igor Sysoev
a6c91b11bf skeleton for documentation processing 2011-08-05 09:25:34 +00:00
Igor Sysoev
f549c03524 update documentation build procedure 2011-08-05 09:00:19 +00:00
Igor Sysoev
de236d3a2c fix gzip quantity: "q=0." and "q=1." are valid values according to RFC 2011-08-05 08:51:29 +00:00
Igor Sysoev
48d17bca94 refactor gzip quantity introduced in r3981: it ignored "q=1.000" 2011-08-04 14:50:59 +00:00
Igor Sysoev
dfd81a23b2 A new fix for the case when ssl_session_cache defined, but ssl is not
enabled in any server. The previous r1033 does not help when unused zone
becomes used after reconfiguration, so it is backed out.

The initial thought was to make SSL modules independed from SSL implementation
and to keep OpenSSL code dependance as much as in separate files.
2011-08-04 11:12:30 +00:00
Igor Sysoev
c42be75569 removal of error message about %name log_format parameters,
they have been deleted long ago in 0.5.0-RELEASE
2011-08-03 16:01:36 +00:00
Igor Sysoev
7cce1cacaa fix typo introduced in r3985 2011-08-02 12:43:01 +00:00
Igor Sysoev
475a5dfcf1 bump version 2011-08-02 12:39:38 +00:00
Igor Sysoev
abf9751323 release-1.1.0 tag 2011-08-01 14:47:46 +00:00
Igor Sysoev
9519d882f1 nginx-1.1.0-RELEASE 2011-08-01 14:47:40 +00:00
Igor Sysoev
72a96bfdcb fix r3981 again for case "Accept-Encoding: gzip" 2011-08-01 14:38:09 +00:00