Merge branch 'nginx' (nginx-1.13.5).
Change-Id: I19e4f79914399dcd179087a52f3cb08d66bf28c5
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
diff --git a/.hgtags b/.hgtags
index a6c38a4..34afa6e 100644
--- a/.hgtags
+++ b/.hgtags
@@ -417,3 +417,4 @@
5be2b25bdc65775a85f18f68a4be4f58c7384415 release-1.13.2
8457ce87640f9bfe6221c4ac4466ced20e03bebe release-1.13.3
bbc642c813c829963ce8197c0ca237ab7601f3d4 release-1.13.4
+0d45b4cf7c2e4e626a5a16e1fe604402ace1cea5 release-1.13.5
diff --git a/BUILD b/BUILD
index 0bcf01c..d854521 100644
--- a/BUILD
+++ b/BUILD
@@ -1485,5 +1485,5 @@
preinst = "@nginx_pkgoss//:debian_preinst",
prerm = "@nginx_pkgoss//:debian_prerm",
section = "httpd",
- version = "1.13.4",
+ version = "1.13.5",
)
diff --git a/build.bzl b/build.bzl
index f8221be..8f4659a 100644
--- a/build.bzl
+++ b/build.bzl
@@ -663,7 +663,7 @@
name = "nginx_pkgoss",
build_file_content = _PKGOSS_BUILD_FILE.format(nginx = nginx) +
_PKGOSS_BUILD_FILE_TAIL,
- commit = "7a287cc92d5eaeab021f9e05eb14be4357ac6cd0", # nginx-1.13.4
+ commit = "ecc0c4d87d10115ccd2797700fbfd8a82ca3c8c2", # nginx-1.13.5
remote = "https://nginx.googlesource.com/nginx-pkgoss",
)
diff --git a/docs/xml/nginx/changes.xml b/docs/xml/nginx/changes.xml
index 2fd18e2..2898814 100644
--- a/docs/xml/nginx/changes.xml
+++ b/docs/xml/nginx/changes.xml
@@ -5,6 +5,59 @@
<change_log title="nginx">
+<changes ver="1.13.5" date="2017-09-05">
+
+<change type="feature">
+<para lang="ru">
+переменная $ssl_client_escaped_cert.
+</para>
+<para lang="en">
+the $ssl_client_escaped_cert variable.
+</para>
+</change>
+
+<change type="bugfix">
+<para lang="ru">
+директива ssl_session_ticket_key и параметр include директивы geo
+не работали на Windows.
+</para>
+<para lang="en">
+the "ssl_session_ticket_key" directive and
+the "include" parameter of the "geo" directive did not work on Windows.
+</para>
+</change>
+
+<change type="bugfix">
+<para lang="ru">
+на 32-битных платформах
+при запросе более 4 гигабайт с помощью нескольких диапазонов
+возвращалась некорректная длина ответа.
+</para>
+<para lang="en">
+incorrect response length was returned
+on 32-bit platforms when requesting more than 4 gigabytes
+with multiple ranges.
+</para>
+</change>
+
+<change type="bugfix">
+<para lang="ru">
+директива "expires modified" и
+обработка строки If-Range заголовка запроса
+не учитывали время последнего изменения ответа,
+если использовалось проксирование без кэширования.
+</para>
+<para lang="en">
+the "expires modified" directive and
+processing of the "If-Range" request header line
+did not use the response last modification time
+if proxying without caching was used.
+</para>
+</change>
+
+</changes>
+
+
<changes ver="1.13.4" date="2017-08-08">
<change type="feature">
diff --git a/src/core/nginx.h b/src/core/nginx.h
index da9d550..a1d2838 100644
--- a/src/core/nginx.h
+++ b/src/core/nginx.h
@@ -13,8 +13,8 @@
#define NGINX_NAME "nginx"
#endif
-#define nginx_version 1013004
-#define NGINX_VERSION "1.13.4"
+#define nginx_version 1013005
+#define NGINX_VERSION "1.13.5"
#define NGINX_VER NGINX_NAME "/" NGINX_VERSION
#ifdef NGX_BUILD
diff --git a/src/core/ngx_conf_file.c b/src/core/ngx_conf_file.c
index ce8c602..fb28a5a 100644
--- a/src/core/ngx_conf_file.c
+++ b/src/core/ngx_conf_file.c
@@ -178,6 +178,7 @@
/* open configuration file */
fd = ngx_open_file(filename->data, NGX_FILE_RDONLY, NGX_FILE_OPEN, 0);
+
if (fd == NGX_INVALID_FILE) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, ngx_errno,
ngx_open_file_n " \"%s\" failed",
diff --git a/src/core/ngx_regex.c b/src/core/ngx_regex.c
index 9939dce..52169f6 100644
--- a/src/core/ngx_regex.c
+++ b/src/core/ngx_regex.c
@@ -262,7 +262,7 @@
part = &studies->part;
elts = part->elts;
- for (i = 0 ; /* void */ ; i++) {
+ for (i = 0; /* void */ ; i++) {
if (i >= part->nelts) {
if (part->next == NULL) {
@@ -326,7 +326,7 @@
part = &ngx_pcre_studies->part;
elts = part->elts;
- for (i = 0 ; /* void */ ; i++) {
+ for (i = 0; /* void */ ; i++) {
if (i >= part->nelts) {
if (part->next == NULL) {
diff --git a/src/event/ngx_event.h b/src/event/ngx_event.h
index 1336999..785253d 100644
--- a/src/event/ngx_event.h
+++ b/src/event/ngx_event.h
@@ -152,12 +152,12 @@
ngx_event_handler_pt handler;
ngx_file_t *file;
+ ngx_fd_t fd;
+
#if (NGX_HAVE_AIO_SENDFILE || NGX_COMPAT)
ssize_t (*preload_handler)(ngx_buf_t *file);
#endif
- ngx_fd_t fd;
-
#if (NGX_HAVE_EVENTFD)
int64_t res;
#endif
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index fd8f701..1ca3ce6 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -947,6 +947,7 @@
cln->data = passwords;
fd = ngx_open_file(file->data, NGX_FILE_RDONLY, NGX_FILE_OPEN, 0);
+
if (fd == NGX_INVALID_FILE) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, ngx_errno,
ngx_open_file_n " \"%s\" failed", file->data);
@@ -2931,7 +2932,9 @@
file.name = path[i];
file.log = cf->log;
- file.fd = ngx_open_file(file.name.data, NGX_FILE_RDONLY, 0, 0);
+ file.fd = ngx_open_file(file.name.data, NGX_FILE_RDONLY,
+ NGX_FILE_OPEN, 0);
+
if (file.fd == NGX_INVALID_FILE) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, ngx_errno,
ngx_open_file_n " \"%V\" failed", &file.name);
@@ -3574,13 +3577,22 @@
{
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
- const char *servername;
+ size_t len;
+ const char *name;
- servername = SSL_get_servername(c->ssl->connection,
- TLSEXT_NAMETYPE_host_name);
- if (servername) {
- s->data = (u_char *) servername;
- s->len = ngx_strlen(servername);
+ name = SSL_get_servername(c->ssl->connection, TLSEXT_NAMETYPE_host_name);
+
+ if (name) {
+ len = ngx_strlen(name);
+
+ s->len = len;
+ s->data = ngx_pnalloc(pool, len);
+ if (s->data == NULL) {
+ return NGX_ERROR;
+ }
+
+ ngx_memcpy(s->data, name, len);
+
return NGX_OK;
}
@@ -3686,6 +3698,36 @@
ngx_int_t
+ngx_ssl_get_escaped_certificate(ngx_connection_t *c, ngx_pool_t *pool,
+ ngx_str_t *s)
+{
+ ngx_str_t cert;
+ uintptr_t n;
+
+ if (ngx_ssl_get_raw_certificate(c, pool, &cert) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
+ if (cert.len == 0) {
+ s->len = 0;
+ return NGX_OK;
+ }
+
+ n = ngx_escape_uri(NULL, cert.data, cert.len, NGX_ESCAPE_URI_COMPONENT);
+
+ s->len = cert.len + n * 2;
+ s->data = ngx_pnalloc(pool, s->len);
+ if (s->data == NULL) {
+ return NGX_ERROR;
+ }
+
+ ngx_escape_uri(s->data, cert.data, cert.len, NGX_ESCAPE_URI_COMPONENT);
+
+ return NGX_OK;
+}
+
+
+ngx_int_t
ngx_ssl_get_subject_dn(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
{
BIO *bio;
diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h
index 4db5704..92bb34e 100644
--- a/src/event/ngx_event_openssl.h
+++ b/src/event/ngx_event_openssl.h
@@ -214,6 +214,8 @@
ngx_str_t *s);
ngx_int_t ngx_ssl_get_certificate(ngx_connection_t *c, ngx_pool_t *pool,
ngx_str_t *s);
+ngx_int_t ngx_ssl_get_escaped_certificate(ngx_connection_t *c, ngx_pool_t *pool,
+ ngx_str_t *s);
ngx_int_t ngx_ssl_get_subject_dn(ngx_connection_t *c, ngx_pool_t *pool,
ngx_str_t *s);
ngx_int_t ngx_ssl_get_issuer_dn(ngx_connection_t *c, ngx_pool_t *pool,
diff --git a/src/http/modules/ngx_http_geo_module.c b/src/http/modules/ngx_http_geo_module.c
index 46a8d7c..8262c9d 100644
--- a/src/http/modules/ngx_http_geo_module.c
+++ b/src/http/modules/ngx_http_geo_module.c
@@ -1400,7 +1400,8 @@
file.name = *name;
file.log = cf->log;
- file.fd = ngx_open_file(name->data, NGX_FILE_RDONLY, 0, 0);
+ file.fd = ngx_open_file(name->data, NGX_FILE_RDONLY, NGX_FILE_OPEN, 0);
+
if (file.fd == NGX_INVALID_FILE) {
err = ngx_errno;
if (err != NGX_ENOENT) {
diff --git a/src/http/modules/ngx_http_range_filter_module.c b/src/http/modules/ngx_http_range_filter_module.c
index 6256b13..819c5c9 100644
--- a/src/http/modules/ngx_http_range_filter_module.c
+++ b/src/http/modules/ngx_http_range_filter_module.c
@@ -463,23 +463,24 @@
ngx_http_range_multipart_header(ngx_http_request_t *r,
ngx_http_range_filter_ctx_t *ctx)
{
- size_t len;
+ off_t len;
+ size_t size;
ngx_uint_t i;
ngx_http_range_t *range;
ngx_atomic_uint_t boundary;
- len = sizeof(CRLF "--") - 1 + NGX_ATOMIC_T_LEN
- + sizeof(CRLF "Content-Type: ") - 1
- + r->headers_out.content_type.len
- + sizeof(CRLF "Content-Range: bytes ") - 1;
+ size = sizeof(CRLF "--") - 1 + NGX_ATOMIC_T_LEN
+ + sizeof(CRLF "Content-Type: ") - 1
+ + r->headers_out.content_type.len
+ + sizeof(CRLF "Content-Range: bytes ") - 1;
if (r->headers_out.content_type_len == r->headers_out.content_type.len
&& r->headers_out.charset.len)
{
- len += sizeof("; charset=") - 1 + r->headers_out.charset.len;
+ size += sizeof("; charset=") - 1 + r->headers_out.charset.len;
}
- ctx->boundary_header.data = ngx_pnalloc(r->pool, len);
+ ctx->boundary_header.data = ngx_pnalloc(r->pool, size);
if (ctx->boundary_header.data == NULL) {
return NGX_ERROR;
}
@@ -569,7 +570,7 @@
- range[i].content_range.data;
len += ctx->boundary_header.len + range[i].content_range.len
- + (size_t) (range[i].end - range[i].start);
+ + (range[i].end - range[i].start);
}
r->headers_out.content_length_n = len;
diff --git a/src/http/modules/ngx_http_scgi_module.c b/src/http/modules/ngx_http_scgi_module.c
index c8bead7..f217061 100644
--- a/src/http/modules/ngx_http_scgi_module.c
+++ b/src/http/modules/ngx_http_scgi_module.c
@@ -819,7 +819,7 @@
key = e.pos;
#endif
code = *(ngx_http_script_code_pt *) e.ip;
- code((ngx_http_script_engine_t *) & e);
+ code((ngx_http_script_engine_t *) &e);
#if (NGX_DEBUG)
val = e.pos;
diff --git a/src/http/modules/ngx_http_secure_link_module.c b/src/http/modules/ngx_http_secure_link_module.c
index 907ba6e..536e09a 100644
--- a/src/http/modules/ngx_http_secure_link_module.c
+++ b/src/http/modules/ngx_http_secure_link_module.c
@@ -107,7 +107,7 @@
ngx_md5_t md5;
ngx_http_secure_link_ctx_t *ctx;
ngx_http_secure_link_conf_t *conf;
- u_char hash_buf[16], md5_buf[16];
+ u_char hash_buf[18], md5_buf[16];
conf = ngx_http_get_module_loc_conf(r, ngx_http_secure_link_module);
@@ -154,7 +154,6 @@
goto not_found;
}
- hash.len = 16;
hash.data = hash_buf;
if (ngx_decode_base64url(&hash, &val) != NGX_OK) {
diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c
index 8bf1943..0ac8596 100644
--- a/src/http/modules/ngx_http_ssl_module.c
+++ b/src/http/modules/ngx_http_ssl_module.c
@@ -297,6 +297,10 @@
(uintptr_t) ngx_ssl_get_raw_certificate,
NGX_HTTP_VAR_CHANGEABLE, 0 },
+ { ngx_string("ssl_client_escaped_cert"), NULL, ngx_http_ssl_variable,
+ (uintptr_t) ngx_ssl_get_escaped_certificate,
+ NGX_HTTP_VAR_CHANGEABLE, 0 },
+
{ ngx_string("ssl_client_s_dn"), NULL, ngx_http_ssl_variable,
(uintptr_t) ngx_ssl_get_subject_dn, NGX_HTTP_VAR_CHANGEABLE, 0 },
diff --git a/src/http/modules/ngx_http_uwsgi_module.c b/src/http/modules/ngx_http_uwsgi_module.c
index 6f0583c..472707b 100644
--- a/src/http/modules/ngx_http_uwsgi_module.c
+++ b/src/http/modules/ngx_http_uwsgi_module.c
@@ -865,7 +865,7 @@
lcode = *(ngx_http_script_len_code_pt *) le.ip;
skip_empty = lcode(&le);
- for (val_len = 0; *(uintptr_t *) le.ip; val_len += lcode (&le)) {
+ for (val_len = 0; *(uintptr_t *) le.ip; val_len += lcode(&le)) {
lcode = *(ngx_http_script_len_code_pt *) le.ip;
}
le.ip += sizeof(uintptr_t);
@@ -990,7 +990,7 @@
while (*(uintptr_t *) le.ip) {
lcode = *(ngx_http_script_len_code_pt *) le.ip;
- key_len = (u_char) lcode (&le);
+ key_len = (u_char) lcode(&le);
lcode = *(ngx_http_script_len_code_pt *) le.ip;
skip_empty = lcode(&le);
@@ -1018,14 +1018,14 @@
*e.pos++ = (u_char) ((key_len >> 8) & 0xff);
code = *(ngx_http_script_code_pt *) e.ip;
- code((ngx_http_script_engine_t *) & e);
+ code((ngx_http_script_engine_t *) &e);
*e.pos++ = (u_char) (val_len & 0xff);
*e.pos++ = (u_char) ((val_len >> 8) & 0xff);
while (*(uintptr_t *) e.ip) {
code = *(ngx_http_script_code_pt *) e.ip;
- code((ngx_http_script_engine_t *) & e);
+ code((ngx_http_script_engine_t *) &e);
}
e.ip += sizeof(uintptr_t);
diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c
index dedcd97..88142c9 100644
--- a/src/http/ngx_http_upstream.c
+++ b/src/http/ngx_http_upstream.c
@@ -4487,15 +4487,8 @@
u = r->upstream;
u->headers_in.last_modified = h;
-
-#if (NGX_HTTP_CACHE)
-
- if (u->cacheable) {
- u->headers_in.last_modified_time = ngx_parse_http_time(h->value.data,
- h->value.len);
- }
-
-#endif
+ u->headers_in.last_modified_time = ngx_parse_http_time(h->value.data,
+ h->value.len);
return NGX_OK;
}
@@ -5037,15 +5030,8 @@
*ho = *h;
r->headers_out.last_modified = ho;
-
-#if (NGX_HTTP_CACHE)
-
- if (r->upstream->cacheable) {
- r->headers_out.last_modified_time =
+ r->headers_out.last_modified_time =
r->upstream->headers_in.last_modified_time;
- }
-
-#endif
return NGX_OK;
}
diff --git a/src/os/unix/ngx_files.c b/src/os/unix/ngx_files.c
index 7fbb7c9..482d327 100644
--- a/src/os/unix/ngx_files.c
+++ b/src/os/unix/ngx_files.c
@@ -620,6 +620,7 @@
{
fm->fd = ngx_open_file(fm->name, NGX_FILE_RDWR, NGX_FILE_TRUNCATE,
NGX_FILE_DEFAULT_ACCESS);
+
if (fm->fd == NGX_INVALID_FILE) {
ngx_log_error(NGX_LOG_CRIT, fm->log, ngx_errno,
ngx_open_file_n " \"%s\" failed", fm->name);
diff --git a/src/os/win32/ngx_files.c b/src/os/win32/ngx_files.c
index 9ef22a5..55d7f76 100644
--- a/src/os/win32/ngx_files.c
+++ b/src/os/win32/ngx_files.c
@@ -330,6 +330,7 @@
fm->fd = ngx_open_file(fm->name, NGX_FILE_RDWR, NGX_FILE_TRUNCATE,
NGX_FILE_DEFAULT_ACCESS);
+
if (fm->fd == NGX_INVALID_FILE) {
ngx_log_error(NGX_LOG_CRIT, fm->log, ngx_errno,
ngx_open_file_n " \"%s\" failed", fm->name);
diff --git a/src/stream/ngx_stream_geo_module.c b/src/stream/ngx_stream_geo_module.c
index 2204546..632fa5a 100644
--- a/src/stream/ngx_stream_geo_module.c
+++ b/src/stream/ngx_stream_geo_module.c
@@ -1326,7 +1326,8 @@
file.name = *name;
file.log = cf->log;
- file.fd = ngx_open_file(name->data, NGX_FILE_RDONLY, 0, 0);
+ file.fd = ngx_open_file(name->data, NGX_FILE_RDONLY, NGX_FILE_OPEN, 0);
+
if (file.fd == NGX_INVALID_FILE) {
err = ngx_errno;
if (err != NGX_ENOENT) {
diff --git a/src/stream/ngx_stream_ssl_module.c b/src/stream/ngx_stream_ssl_module.c
index 010b98b..1e9973f 100644
--- a/src/stream/ngx_stream_ssl_module.c
+++ b/src/stream/ngx_stream_ssl_module.c
@@ -249,6 +249,10 @@
(uintptr_t) ngx_ssl_get_raw_certificate,
NGX_STREAM_VAR_CHANGEABLE, 0 },
+ { ngx_string("ssl_client_escaped_cert"), NULL, ngx_stream_ssl_variable,
+ (uintptr_t) ngx_ssl_get_escaped_certificate,
+ NGX_STREAM_VAR_CHANGEABLE, 0 },
+
{ ngx_string("ssl_client_s_dn"), NULL, ngx_stream_ssl_variable,
(uintptr_t) ngx_ssl_get_subject_dn, NGX_STREAM_VAR_CHANGEABLE, 0 },