Merge branch 'nginx' (nginx-1.17.8). Change-Id: Ia4a0983d51784c44cc5d922b5275345bc9803246 Signed-off-by: Piotr Sikora <piotrsikora@google.com>
diff --git a/.hgtags b/.hgtags index d8c1590..44ef2f1 100644 --- a/.hgtags +++ b/.hgtags
@@ -446,3 +446,4 @@ 9af0dddbddb2c368bfedd2801bc100ffad01e19b release-1.17.5 de68d0d94320cbf033599c6f3ca37e5335c67fd7 release-1.17.6 e56295fe0ea76bf53b06bffa77a2d3a9a335cb8c release-1.17.7 +fdacd273711ddf20f778c1fb91529ab53979a454 release-1.17.8
diff --git a/BUILD b/BUILD index 148533f..b72c379 100644 --- a/BUILD +++ b/BUILD
@@ -1520,5 +1520,5 @@ preinst = "@nginx_pkgoss//:debian_preinst", prerm = "@nginx_pkgoss//:debian_prerm", section = "httpd", - version = "1.17.7", + version = "1.17.8", )
diff --git a/build.bzl b/build.bzl index 6b8620d..aed616e 100644 --- a/build.bzl +++ b/build.bzl
@@ -673,9 +673,9 @@ name = "nginx_pkgoss", build_file_content = _PKGOSS_BUILD_FILE.format(nginx = nginx) + _PKGOSS_BUILD_FILE_TAIL, - commit = "0c293ff483aea9e41a13192ea550374dc73a5027", # nginx-1.17.7 + commit = "8c658c22ad1b25f46ae166fb02a17fa18bb080eb", # nginx-1.17.8 remote = "https://nginx.googlesource.com/nginx-pkgoss", - shallow_since = "1577200078 +0300", + shallow_since = "1579613828 +0300", ) def nginx_repositories_zlib(bind):
diff --git a/docs/xml/nginx/changes.xml b/docs/xml/nginx/changes.xml index 359c25e..0bf680c 100644 --- a/docs/xml/nginx/changes.xml +++ b/docs/xml/nginx/changes.xml
@@ -5,6 +5,42 @@ <change_log title="nginx"> +<changes ver="1.17.8" date="2020-01-21"> + +<change type="feature"> +<para lang="ru"> +директива grpc_pass поддерживает переменные. +</para> +<para lang="en"> +variables support in the "grpc_pass" directive. +</para> +</change> + +<change type="bugfix"> +<para lang="ru"> +при обработке pipelined-запросов по SSL-соединению мог произойти таймаут; +ошибка появилась в 1.17.5. +</para> +<para lang="en"> +a timeout might occur while handling pipelined requests in an SSL connection; +the bug had appeared in 1.17.5. +</para> +</change> + +<change type="bugfix"> +<para lang="ru"> +в директиве debug_points при использовании HTTP/2.<br/> +Спасибо Даниилу Бондареву. +</para> +<para lang="en"> +in the "debug_points" directive when using HTTP/2.<br/> +Thanks to Daniil Bondarev. +</para> +</change> + +</changes> + + <changes ver="1.17.7" date="2019-12-24"> <change type="bugfix"> @@ -27,7 +63,7 @@ или директивой proxy_pass с URI. </para> <para lang="en"> -a segmentation fault might occur in a worker process +a segmentation fault might occur in a worker process if the "break" directive was used with the "alias" directive or with the "proxy_pass" directive with a URI. </para>
diff --git a/src/core/nginx.h b/src/core/nginx.h index 204fc34..c539c38 100644 --- a/src/core/nginx.h +++ b/src/core/nginx.h
@@ -13,8 +13,8 @@ #define NGINX_NAME "nginx" #endif -#define nginx_version 1017007 -#define NGINX_VERSION "1.17.7" +#define nginx_version 1017008 +#define NGINX_VERSION "1.17.8" #define NGINX_VER NGINX_NAME "/" NGINX_VERSION #ifdef NGX_BUILD
diff --git a/src/event/ngx_event.c b/src/event/ngx_event.c index 4115cf9..b96d25b 100644 --- a/src/event/ngx_event.c +++ b/src/event/ngx_event.c
@@ -238,6 +238,7 @@ } if (!ngx_queue_empty(&ngx_posted_next_events)) { + ngx_event_move_posted_next(cycle); timer = 0; } @@ -261,7 +262,6 @@ } ngx_event_process_posted(cycle, &ngx_posted_events); - ngx_event_process_posted_next(cycle, &ngx_posted_next_events); }
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c index 35225f0..763a894 100644 --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c
@@ -2040,6 +2040,10 @@ c->read->available = 0; c->read->ready = 0; + if (c->read->posted) { + ngx_delete_posted_event(c->read); + } + ngx_post_event(c->read, &ngx_posted_next_events); }
diff --git a/src/event/ngx_event_posted.c b/src/event/ngx_event_posted.c index 125bf4c..fa575bd 100644 --- a/src/event/ngx_event_posted.c +++ b/src/event/ngx_event_posted.c
@@ -37,26 +37,24 @@ void -ngx_event_process_posted_next(ngx_cycle_t *cycle, ngx_queue_t *posted) +ngx_event_move_posted_next(ngx_cycle_t *cycle) { ngx_queue_t *q; ngx_event_t *ev; - while (!ngx_queue_empty(posted)) { - - q = ngx_queue_head(posted); + for (q = ngx_queue_head(&ngx_posted_next_events); + q != ngx_queue_sentinel(&ngx_posted_next_events); + q = ngx_queue_next(q)) + { ev = ngx_queue_data(q, ngx_event_t, queue); ngx_log_debug1(NGX_LOG_DEBUG_EVENT, cycle->log, 0, "posted next event %p", ev); - ngx_delete_posted_event(ev); - - if (!ev->ready) { - ev->ready = 1; - ev->available = -1; - } - - ev->handler(ev); + ev->ready = 1; + ev->available = -1; } + + ngx_queue_add(&ngx_posted_events, &ngx_posted_next_events); + ngx_queue_init(&ngx_posted_next_events); }
diff --git a/src/event/ngx_event_posted.h b/src/event/ngx_event_posted.h index de0a804..b1a85c4 100644 --- a/src/event/ngx_event_posted.h +++ b/src/event/ngx_event_posted.h
@@ -39,7 +39,7 @@ void ngx_event_process_posted(ngx_cycle_t *cycle, ngx_queue_t *posted); -void ngx_event_process_posted_next(ngx_cycle_t *cycle, ngx_queue_t *posted); +void ngx_event_move_posted_next(ngx_cycle_t *cycle); extern ngx_queue_t ngx_posted_accept_events;
diff --git a/src/http/modules/ngx_http_grpc_module.c b/src/http/modules/ngx_http_grpc_module.c index f59ecbd..d4af66d 100644 --- a/src/http/modules/ngx_http_grpc_module.c +++ b/src/http/modules/ngx_http_grpc_module.c
@@ -27,6 +27,9 @@ ngx_str_t host; ngx_uint_t host_set; + ngx_array_t *grpc_lengths; + ngx_array_t *grpc_values; + #if (NGX_HTTP_SSL) ngx_uint_t ssl; ngx_uint_t ssl_protocols; @@ -119,6 +122,8 @@ unsigned status:1; ngx_http_request_t *request; + + ngx_str_t host; } ngx_http_grpc_ctx_t; @@ -135,6 +140,8 @@ } ngx_http_grpc_frame_t; +static ngx_int_t ngx_http_grpc_eval(ngx_http_request_t *r, + ngx_http_grpc_ctx_t *ctx, ngx_http_grpc_loc_conf_t *glcf); static ngx_int_t ngx_http_grpc_create_request(ngx_http_request_t *r); static ngx_int_t ngx_http_grpc_reinit_request(ngx_http_request_t *r); static ngx_int_t ngx_http_grpc_body_output_filter(void *data, ngx_chain_t *in); @@ -524,22 +531,40 @@ return NGX_HTTP_INTERNAL_SERVER_ERROR; } + ctx = ngx_pcalloc(r->pool, sizeof(ngx_http_grpc_ctx_t)); + if (ctx == NULL) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } + + ctx->request = r; + + ngx_http_set_ctx(r, ctx, ngx_http_grpc_module); + glcf = ngx_http_get_module_loc_conf(r, ngx_http_grpc_module); u = r->upstream; -#if (NGX_HTTP_SSL) - u->ssl = (glcf->upstream.ssl != NULL); + if (glcf->grpc_lengths == NULL) { + ctx->host = glcf->host; - if (u->ssl) { - ngx_str_set(&u->schema, "grpcs://"); +#if (NGX_HTTP_SSL) + u->ssl = (glcf->upstream.ssl != NULL); + + if (u->ssl) { + ngx_str_set(&u->schema, "grpcs://"); + + } else { + ngx_str_set(&u->schema, "grpc://"); + } +#else + ngx_str_set(&u->schema, "grpc://"); +#endif } else { - ngx_str_set(&u->schema, "grpc://"); + if (ngx_http_grpc_eval(r, ctx, glcf) != NGX_OK) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } } -#else - ngx_str_set(&u->schema, "grpc://"); -#endif u->output.tag = (ngx_buf_tag_t) &ngx_http_grpc_module; @@ -551,15 +576,6 @@ u->abort_request = ngx_http_grpc_abort_request; u->finalize_request = ngx_http_grpc_finalize_request; - ctx = ngx_pcalloc(r->pool, sizeof(ngx_http_grpc_ctx_t)); - if (ctx == NULL) { - return NGX_HTTP_INTERNAL_SERVER_ERROR; - } - - ctx->request = r; - - ngx_http_set_ctx(r, ctx, ngx_http_grpc_module); - u->input_filter_init = ngx_http_grpc_filter_init; u->input_filter = ngx_http_grpc_filter; u->input_filter_ctx = ctx; @@ -577,6 +593,103 @@ static ngx_int_t +ngx_http_grpc_eval(ngx_http_request_t *r, ngx_http_grpc_ctx_t *ctx, + ngx_http_grpc_loc_conf_t *glcf) +{ + size_t add; + ngx_url_t url; + ngx_http_upstream_t *u; + + ngx_memzero(&url, sizeof(ngx_url_t)); + + if (ngx_http_script_run(r, &url.url, glcf->grpc_lengths->elts, 0, + glcf->grpc_values->elts) + == NULL) + { + return NGX_ERROR; + } + + if (url.url.len > 7 + && ngx_strncasecmp(url.url.data, (u_char *) "grpc://", 7) == 0) + { + add = 7; + + } else if (url.url.len > 8 + && ngx_strncasecmp(url.url.data, (u_char *) "grpcs://", 8) == 0) + { + +#if (NGX_HTTP_SSL) + add = 8; + r->upstream->ssl = 1; +#else + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "grpcs protocol requires SSL support"); + return NGX_ERROR; +#endif + + } else { + add = 0; + } + + u = r->upstream; + + if (add) { + u->schema.len = add; + u->schema.data = url.url.data; + + url.url.data += add; + url.url.len -= add; + + } else { + ngx_str_set(&u->schema, "grpc://"); + } + + url.no_resolve = 1; + + if (ngx_parse_url(r->pool, &url) != NGX_OK) { + if (url.err) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "%s in upstream \"%V\"", url.err, &url.url); + } + + return NGX_ERROR; + } + + u->resolved = ngx_pcalloc(r->pool, sizeof(ngx_http_upstream_resolved_t)); + if (u->resolved == NULL) { + return NGX_ERROR; + } + + if (url.addrs) { + u->resolved->sockaddr = url.addrs[0].sockaddr; + u->resolved->socklen = url.addrs[0].socklen; + u->resolved->name = url.addrs[0].name; + u->resolved->naddrs = 1; + } + + u->resolved->host = url.host; + u->resolved->port = url.port; + u->resolved->no_port = url.no_port; + + if (url.family != AF_UNIX) { + + if (url.no_port) { + ctx->host = url.host; + + } else { + ctx->host.len = url.host.len + 1 + url.port_text.len; + ctx->host.data = url.host.data; + } + + } else { + ngx_str_set(&ctx->host, "localhost"); + } + + return NGX_OK; +} + + +static ngx_int_t ngx_http_grpc_create_request(ngx_http_request_t *r) { u_char *p, *tmp, *key_tmp, *val_tmp, *headers_frame; @@ -587,6 +700,7 @@ ngx_chain_t *cl, *body; ngx_list_part_t *part; ngx_table_elt_t *header; + ngx_http_grpc_ctx_t *ctx; ngx_http_upstream_t *u; ngx_http_grpc_frame_t *f; ngx_http_script_code_pt code; @@ -598,6 +712,8 @@ glcf = ngx_http_get_module_loc_conf(r, ngx_http_grpc_module); + ctx = ngx_http_get_module_ctx(r, ngx_http_grpc_module); + len = sizeof(ngx_http_grpc_connection_start) - 1 + sizeof(ngx_http_grpc_frame_t); /* headers frame */ @@ -637,10 +753,10 @@ /* :authority header */ if (!glcf->host_set) { - len += 1 + NGX_HTTP_V2_INT_OCTETS + glcf->host.len; + len += 1 + NGX_HTTP_V2_INT_OCTETS + ctx->host.len; - if (tmp_len < glcf->host.len) { - tmp_len = glcf->host.len; + if (tmp_len < ctx->host.len) { + tmp_len = ctx->host.len; } } @@ -785,7 +901,7 @@ } #if (NGX_HTTP_SSL) - if (glcf->ssl) { + if (u->ssl) { *b->last++ = ngx_http_v2_indexed(NGX_HTTP_V2_SCHEME_HTTPS_INDEX); ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, @@ -846,11 +962,11 @@ if (!glcf->host_set) { *b->last++ = ngx_http_v2_inc_indexed(NGX_HTTP_V2_AUTHORITY_INDEX); - b->last = ngx_http_v2_write_value(b->last, glcf->host.data, - glcf->host.len, tmp); + b->last = ngx_http_v2_write_value(b->last, ctx->host.data, + ctx->host.len, tmp); ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, - "grpc header: \":authority: %V\"", &glcf->host); + "grpc header: \":authority: %V\"", &ctx->host); } ngx_memzero(&e, sizeof(ngx_http_script_engine_t)); @@ -4319,15 +4435,23 @@ clcf = ngx_http_conf_get_module_loc_conf(cf, ngx_http_core_module); - if (clcf->noname && conf->upstream.upstream == NULL) { + if (clcf->noname + && conf->upstream.upstream == NULL && conf->grpc_lengths == NULL) + { conf->upstream.upstream = prev->upstream.upstream; conf->host = prev->host; + + conf->grpc_lengths = prev->grpc_lengths; + conf->grpc_values = prev->grpc_values; + #if (NGX_HTTP_SSL) conf->upstream.ssl = prev->upstream.ssl; #endif } - if (clcf->lmt_excpt && clcf->handler == NULL && conf->upstream.upstream) { + if (clcf->lmt_excpt && clcf->handler == NULL + && (conf->upstream.upstream || conf->grpc_lengths)) + { clcf->handler = ngx_http_grpc_handler; } @@ -4537,18 +4661,54 @@ { ngx_http_grpc_loc_conf_t *glcf = conf; - size_t add; - ngx_str_t *value, *url; - ngx_url_t u; - ngx_http_core_loc_conf_t *clcf; + size_t add; + ngx_str_t *value, *url; + ngx_url_t u; + ngx_uint_t n; + ngx_http_core_loc_conf_t *clcf; + ngx_http_script_compile_t sc; - if (glcf->upstream.upstream) { + if (glcf->upstream.upstream || glcf->grpc_lengths) { return "is duplicate"; } + clcf = ngx_http_conf_get_module_loc_conf(cf, ngx_http_core_module); + + clcf->handler = ngx_http_grpc_handler; + + if (clcf->name.len && clcf->name.data[clcf->name.len - 1] == '/') { + clcf->auto_redirect = 1; + } + value = cf->args->elts; + url = &value[1]; + n = ngx_http_script_variables_count(url); + + if (n) { + + ngx_memzero(&sc, sizeof(ngx_http_script_compile_t)); + + sc.cf = cf; + sc.source = url; + sc.lengths = &glcf->grpc_lengths; + sc.values = &glcf->grpc_values; + sc.variables = n; + sc.complete_lengths = 1; + sc.complete_values = 1; + + if (ngx_http_script_compile(&sc) != NGX_OK) { + return NGX_CONF_ERROR; + } + +#if (NGX_HTTP_SSL) + glcf->ssl = 1; +#endif + + return NGX_CONF_OK; + } + if (ngx_strncasecmp(url->data, (u_char *) "grpc://", 7) == 0) { add = 7; @@ -4593,14 +4753,6 @@ ngx_str_set(&glcf->host, "localhost"); } - clcf = ngx_http_conf_get_module_loc_conf(cf, ngx_http_core_module); - - clcf->handler = ngx_http_grpc_handler; - - if (clcf->name.len && clcf->name.data[clcf->name.len - 1] == '/') { - clcf->auto_redirect = 1; - } - return NGX_CONF_OK; }
diff --git a/src/http/v2/ngx_http_v2.c b/src/http/v2/ngx_http_v2.c index 5ce93ce..f677e8e 100644 --- a/src/http/v2/ngx_http_v2.c +++ b/src/http/v2/ngx_http_v2.c
@@ -2496,10 +2496,6 @@ ngx_log_debug0(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0, "http2 state connection error"); - if (err == NGX_HTTP_V2_INTERNAL_ERROR) { - ngx_debug_point(); - } - ngx_http_v2_finalize_connection(h2c, err); return NULL;