*) Upstream: honor the "down" flag for a single server.
If an upstream block was defined with the only server marked as
"down", e.g.
upstream u {
server 127.0.0.1:8080 down;
}
an attempt was made to contact the server despite the "down" flag.
It is believed that immediate 502 response is better in such a
case, and it's also consistent with what is currently done in case
of multiple servers all marked as "down".
*) Upstream: better detection of connect() failures with kqueue.
Pending EOF might be reported on both read and write events, whichever
comes first, so check both of them.
Patch by Yichun Zhang (agentzh), slightly modified.
Input filter might free a buffer if there is no data in it, and in case
of first buffer (used for cache header and request header, aka p->buf_to_file)
this resulted in cache corruption. Buffer memory was reused to read upstream
response before headers were written to disk.
Fix is to avoid moving pointers in ngx_event_pipe_add_free_buf() to a buffer
start if we were asked to free a buffer used by p->buf_to_file.
This fixes occasional cache file corruption, usually resulted
in "cache file ... has md5 collision" alerts.
Reported by Anatoli Marinov.
The ngx_http_keepalive_handler() function is now trying to not
keep c->buffer's memory for idle connections.
This behaviour is consistent with the ngx_http_set_keepalive()
function and it should decrease memory usage in some cases (especially
if epoll/rtsig is used).
Core: the "auto" parameter of the "worker_processes" directive.
The parameter will set the number of worker processes to the
autodetected number of available CPU cores.
*) Log: $apache_bytes_sent removed. It was renamed to $body_bytes_sent
in nginx 0.3.10 and the old name is deprecated since then.
*) Variable $bytes_sent. It replicates variable $bytes_sent as previously
available in log module only. Patch by Benjamin Grössing (with minor
changes).
*) Variables $connection and $connection_requests. Log module
counterparts are removed as they aren't used often and there is no
need to preserve them for efficiency.
SSL: the "ssl_verify_client" directive parameter "optional_no_ca".
This parameter allows to don't require certificate to be signed by
a trusted CA, e.g. if CA certificate isn't known in advance, like in
WebID protocol.
Note that it doesn't add any security unless the certificate is actually
checked to be trusted by some external means (e.g. by a backend).
Patch by Mike Kazantsev, Eric O'Connor.
Resolver: cached addresses are returned with random rotation now.
This ensures balancing when working with dynamically resolved upstream
servers with multiple addresses.
Based on patch by Anton Jouline.
*) Made sure to initialize the entire ngx_file_t structure.
Found by Coverity.
*) Correct plural form for "path" in the whole source base.
*) Removed conditional compilation from waitpid() error test.
There are reports that call to a signal handler for an exited process
despite waitpid() already called for the process may happen on Linux
as well.
*) Style, parentheses instead of braces in misc/GNUMakefile.
*) SSL: fixed compression workaround to remove all methods.
Previous code used sk_SSL_COMP_delete(ssl_comp_methods, i) while iterating
stack from 0 to n, resulting in removal of only even compression methods.
In real life this change is a nop, as there is only one compression method
which is enabled by default in OpenSSL.
*) SSL: added version checks for ssl compression workaround.
The SSL_COMP_get_compression_methods() is only available as an API
function in OpenSSL 0.9.8+, require it explicitly to unbreak build
with OpenSSL 0.9.7.
*) Configure: help updated to list upstream keepalive and least_conn.
Patch by Joshua Zhu.
*) Configure: additional test for ExtUtils::Embed perl module presence.
Now perl configure will correctly fail if ExtUtils::Embed perl module
is not present in the system (found on Amazon Linux AMI, as of
release 2012.03).
This fixes unwanted/incorrect cpu_affinity use on dead worker processes
respawn. While this is not ideal, it's expected to be better when previous
situation where multiple processes were spawn with identical CPU affinity
set.
Reported by Charles Chen.
Limit req: fix of rbtree node insertion on hash collisions.
The rbtree used in ngx_http_limit_req_module has two level of keys, the top is
hash, and the next is the value string itself. However, when inserting a new
node, only hash has been set, while the value string has been left empty.
The bug was introduced in r4419 (1.1.14).
Found by Charles Chen.
The "include" directive should be able to include multiple files if
given a filename mask. Fixed this to work for "include" directives
inside the "map" or "types" blocks. The "include" directive inside
the "geo" block is still not fixed.
Previous code incorrectly used ctx->var_values as an array of pointers to
ngx_http_variable_value_t, but the array contains structures, not pointers.
Additionally, ctx->var_values inspection failed to properly set var on
match.
*) Corrected the directive name in the ngx_mail_auth_http_module
error message.
*) Don't let the well-known port in the "listen" directive to
override the already set "protocol".
*) Fixed sorting of listen addresses (ticket #187). For http module
this problem was already fixed in r4756.
*) Removed a stale "AF_INET only" comment. IPv6 client connections
in mail modules have been supported since r2856.
*) Fixed handling of AF_UNIX addresses in "listen". This makes AF_UNIX
addresses in mail officially supported.
*) Whitespace fix.
*) Resolver: fixed possible memory leak in ngx_resolver_create().
*) Explicitly ignore returned value from unlink() in ngx_open_tempfile().
*) Explicitly ignore returned value from close() in ngx_event_core_init_conf().
*) Added three missing checks for NULL after ngx_array_push() calls.
*) Crypt: fixed handling of corrupted SSHA entries in password file.
*) Mark logically dead code with corresponding comment.
Found by / prodded by Coverity.
Configure: fixed make macros to use parentheses instead of braces.
Parentheses are more portable, in particular they are understood by
nmake while braces aren't.
*) Fixed build with Visual Studio 2005 Express.
It is available via winetricks which makes it still usable, and has
an old crtdefs.h which uses _CRT_SECURE_NO_DEPRECATE instead of
_CRT_SECURE_NO_WARNINGS to suppress warnings.
Reported by HAYASHI Kentaro,
http://mailman.nginx.org/pipermail/nginx-devel/2012-August/002542.html
*) Configure: provide inflate() when building zlib on win32.
*) Helper target "win32" to run configure for win32 builds.
*) Updated zlib used for win32 builds.
*) Reorder checks in ngx_shared_memory_add() for more consistent
error messages.
*) Added "const" to ngx_memcpy() with NGX_MEMCPY_LIMIT defined. This
fixes warning produced during compilation of the ngx_http_geoip_module
due to const qualifier being discarded.
*) Fixed possible use of old cached times if runtime went backwards.
If ngx_time_sigsafe_update() updated only ngx_cached_err_log_time, and
then clock was adjusted backwards, the cached_time[slot].sec might
accidentally match current seconds on next ngx_time_update() call,
resulting in various cached times not being updated.
Fix is to clear the cached_time[slot].sec to explicitly mark cached times
are stale and need updating.
*) Radix tree preallocation fix. The preallocation size was calculated
incorrectly and was always 8 due to sizeof(ngx_radix_tree_t) accidentally
used instead of sizeof(ngx_radix_node_t).
*) Fixed overflow if ngx_slab_alloc() is called with very big "size"
argument.
*) Write filter: replaced unneeded loop with one to free chains.
Noted by Gabor Lekeny.
*) Simplified makefile that builds CHANGES.
*) Removed the need in Perl to generate ZIP archive of nginx/Windows.
*) Converted DOS-style newlines in dump.xslt.
*) Pass changes.xml thru xmllint when generating CHANGES and CHANGES.ru.
Hide headers and pass headers arrays might not be inherited correctly
into a nested location, e.g. in configuration like
server {
proxy_hide_header X-Foo;
location / {
location /nested/ {
proxy_pass_header X-Pad;
}
}
}
the X-Foo header wasn't hidden in the location /nested/.
Reported by Konstantin Svist,
http://mailman.nginx.org/pipermail/nginx-ru/2012-July/047555.html
Fixed compilation with -Wmissing-prototypes. Added a commented
out -Wmissing-prototypes to CFLAGS. It is commented out to not break
builds with 3rd party modules.
*) Replaced a number of "else if" with "elif".
*) Made sure to run configure in a "C" locale. Otherwise, we may fail
to properly detect a version of compiler.
*) Removed extraneous GCC warning flags.
If ngx_spawn_process() failed while starting a process, the process
handle was closed but left non-NULL in the ngx_processes[] array.
The handle later was used in WaitForMultipleObjects() (if there
were multiple worker processes configured and at least one worker
process was started successfully), resulting in infinite loop.
Reported by Ricardo Villalobos Guevara:
http://mailman.nginx.org/pipermail/nginx-devel/2012-July/002494.html
