Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package nginx for openSUSE:Factory checked in at 2022-02-04 00:45:51 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/nginx (Old) and /work/SRC/openSUSE:Factory/.nginx.new.1898 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nginx" Fri Feb 4 00:45:51 2022 rev:74 rq:950462 version:1.21.6 Changes: -------- --- /work/SRC/openSUSE:Factory/nginx/nginx.changes 2021-12-30 15:55:57.956679773 +0100 +++ /work/SRC/openSUSE:Factory/.nginx.new.1898/nginx.changes 2022-02-04 00:46:10.765172533 +0100 @@ -1,0 +2,11 @@ +Tue Feb 1 14:50:56 UTC 2022 - ???????? ???????????? <i...@ilya.pp.ua> + +- Updated to 1.21.6 + * https://nginx.org/en/CHANGES + * Fixed when using EPOLLEXCLUSIVE on Linux client connections were + unevenly distributed among worker processes. + * Fixed nginx returned the "Connection: keep-alive" header line in + responses during graceful shutdown of old worker processes. + * Fixed in the "ssl_session_ticket_key" when using TLSv1.3. + +------------------------------------------------------------------- Old: ---- nginx-1.21.5.tar.gz nginx-1.21.5.tar.gz.asc New: ---- nginx-1.21.6.tar.gz nginx-1.21.6.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ nginx.spec ++++++ --- /var/tmp/diff_new_pack.8vfJo3/_old 2022-02-04 00:46:11.817164837 +0100 +++ /var/tmp/diff_new_pack.8vfJo3/_new 2022-02-04 00:46:11.821164808 +0100 @@ -1,7 +1,7 @@ # # spec file for package nginx # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -23,7 +23,7 @@ %bcond_with ngx_google_perftools # Name: nginx -Version: 1.21.5 +Version: 1.21.6 Release: 0 Summary: A HTTP server and IMAP/POP3 proxy server License: BSD-2-Clause ++++++ nginx-1.21.5.tar.gz -> nginx-1.21.6.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.21.5/CHANGES new/nginx-1.21.6/CHANGES --- old/nginx-1.21.5/CHANGES 2021-12-28 16:28:44.000000000 +0100 +++ new/nginx-1.21.6/CHANGES 2022-01-25 16:04:02.000000000 +0100 @@ -1,4 +1,15 @@ +Changes with nginx 1.21.6 25 Jan 2022 + + *) Bugfix: when using EPOLLEXCLUSIVE on Linux client connections were + unevenly distributed among worker processes. + + *) Bugfix: nginx returned the "Connection: keep-alive" header line in + responses during graceful shutdown of old worker processes. + + *) Bugfix: in the "ssl_session_ticket_key" when using TLSv1.3. + + Changes with nginx 1.21.5 28 Dec 2021 *) Change: now nginx is built with the PCRE2 library by default. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.21.5/CHANGES.ru new/nginx-1.21.6/CHANGES.ru --- old/nginx-1.21.5/CHANGES.ru 2021-12-28 16:28:42.000000000 +0100 +++ new/nginx-1.21.6/CHANGES.ru 2022-01-25 16:03:58.000000000 +0100 @@ -1,4 +1,16 @@ +?????????????????? ?? nginx 1.21.6 25.01.2022 + + *) ??????????????????????: ?????? ?????????????????????????? EPOLLEXCLUSIVE ???? Linux ?????????????????????????? + ???????????????????? ???????????????????? ?????????? ???????????????? ???????????????????? ???????? ??????????????????????????. + + *) ??????????????????????: ???? ?????????? ???????????????? ???????????????????? ???????????? ?????????????? ?????????????????? + nginx ?????????????????? ?? ?????????????? ???????????? ?????????????????? "Connection: keep-alive". + + *) ??????????????????????: ?? ?????????????????? ssl_session_ticket_key ?????? ?????????????????????????? + TLSv1.3. + + ?????????????????? ?? nginx 1.21.5 28.12.2021 *) ??????????????????: ???????????? nginx ???? ?????????????????? ???????????????????? ?? ?????????????????????? PCRE2. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.21.5/contrib/vim/syntax/nginx.vim new/nginx-1.21.6/contrib/vim/syntax/nginx.vim --- old/nginx-1.21.5/contrib/vim/syntax/nginx.vim 2021-12-28 16:28:38.000000000 +0100 +++ new/nginx-1.21.6/contrib/vim/syntax/nginx.vim 2022-01-25 16:03:52.000000000 +0100 @@ -5,6 +5,9 @@ finish end +let s:save_cpo = &cpo +set cpo&vim + " general syntax if has("patch-7.4.1142") @@ -2485,4 +2488,7 @@ hi def link ngxListenOptions Keyword hi def link ngxListenOptionsDeprecated Error +let &cpo = s:save_cpo +unlet s:save_cpo + let b:current_syntax = "nginx" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.21.5/src/core/nginx.h new/nginx-1.21.6/src/core/nginx.h --- old/nginx-1.21.5/src/core/nginx.h 2021-12-28 16:28:38.000000000 +0100 +++ new/nginx-1.21.6/src/core/nginx.h 2022-01-25 16:03:52.000000000 +0100 @@ -9,8 +9,8 @@ #define _NGINX_H_INCLUDED_ -#define nginx_version 1021005 -#define NGINX_VERSION "1.21.5" +#define nginx_version 1021006 +#define NGINX_VERSION "1.21.6" #define NGINX_VER "nginx/" NGINX_VERSION #ifdef NGX_BUILD diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.21.5/src/core/ngx_rwlock.c new/nginx-1.21.6/src/core/ngx_rwlock.c --- old/nginx-1.21.5/src/core/ngx_rwlock.c 2021-12-28 16:28:38.000000000 +0100 +++ new/nginx-1.21.6/src/core/ngx_rwlock.c 2022-01-25 16:03:52.000000000 +0100 @@ -89,22 +89,10 @@ void ngx_rwlock_unlock(ngx_atomic_t *lock) { - ngx_atomic_uint_t readers; - - readers = *lock; - - if (readers == NGX_RWLOCK_WLOCK) { + if (*lock == NGX_RWLOCK_WLOCK) { (void) ngx_atomic_cmp_set(lock, NGX_RWLOCK_WLOCK, 0); - return; - } - - for ( ;; ) { - - if (ngx_atomic_cmp_set(lock, readers, readers - 1)) { - return; - } - - readers = *lock; + } else { + (void) ngx_atomic_fetch_add(lock, -1); } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.21.5/src/event/ngx_event.c new/nginx-1.21.6/src/event/ngx_event.c --- old/nginx-1.21.5/src/event/ngx_event.c 2021-12-28 16:28:38.000000000 +0100 +++ new/nginx-1.21.6/src/event/ngx_event.c 2022-01-25 16:03:52.000000000 +0100 @@ -55,6 +55,7 @@ ngx_uint_t ngx_accept_mutex_held; ngx_msec_t ngx_accept_mutex_delay; ngx_int_t ngx_accept_disabled; +ngx_uint_t ngx_use_exclusive_accept; #if (NGX_STAT_STUB) @@ -644,6 +645,8 @@ #endif + ngx_use_exclusive_accept = 0; + ngx_queue_init(&ngx_posted_accept_events); ngx_queue_init(&ngx_posted_next_events); ngx_queue_init(&ngx_posted_events); @@ -889,6 +892,8 @@ if ((ngx_event_flags & NGX_USE_EPOLL_EVENT) && ccf->worker_processes > 1) { + ngx_use_exclusive_accept = 1; + if (ngx_add_event(rev, NGX_READ_EVENT, NGX_EXCLUSIVE_EVENT) == NGX_ERROR) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.21.5/src/event/ngx_event.h new/nginx-1.21.6/src/event/ngx_event.h --- old/nginx-1.21.5/src/event/ngx_event.h 2021-12-28 16:28:38.000000000 +0100 +++ new/nginx-1.21.6/src/event/ngx_event.h 2022-01-25 16:03:52.000000000 +0100 @@ -462,6 +462,7 @@ extern ngx_uint_t ngx_accept_mutex_held; extern ngx_msec_t ngx_accept_mutex_delay; extern ngx_int_t ngx_accept_disabled; +extern ngx_uint_t ngx_use_exclusive_accept; #if (NGX_STAT_STUB) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.21.5/src/event/ngx_event_accept.c new/nginx-1.21.6/src/event/ngx_event_accept.c --- old/nginx-1.21.5/src/event/ngx_event_accept.c 2021-12-28 16:28:38.000000000 +0100 +++ new/nginx-1.21.6/src/event/ngx_event_accept.c 2022-01-25 16:03:52.000000000 +0100 @@ -11,6 +11,9 @@ static ngx_int_t ngx_disable_accept_events(ngx_cycle_t *cycle, ngx_uint_t all); +#if (NGX_HAVE_EPOLLEXCLUSIVE) +static void ngx_reorder_accept_events(ngx_listening_t *ls); +#endif static void ngx_close_accepted_connection(ngx_connection_t *c); @@ -314,6 +317,10 @@ } } while (ev->available); + +#if (NGX_HAVE_EPOLLEXCLUSIVE) + ngx_reorder_accept_events(ls); +#endif } @@ -420,6 +427,57 @@ } +#if (NGX_HAVE_EPOLLEXCLUSIVE) + +static void +ngx_reorder_accept_events(ngx_listening_t *ls) +{ + ngx_connection_t *c; + + /* + * Linux with EPOLLEXCLUSIVE usually notifies only the process which + * was first to add the listening socket to the epoll instance. As + * a result most of the connections are handled by the first worker + * process. To fix this, we re-add the socket periodically, so other + * workers will get a chance to accept connections. + */ + + if (!ngx_use_exclusive_accept) { + return; + } + +#if (NGX_HAVE_REUSEPORT) + + if (ls->reuseport) { + return; + } + +#endif + + c = ls->connection; + + if (c->requests++ % 16 != 0 + && ngx_accept_disabled <= 0) + { + return; + } + + if (ngx_del_event(c->read, NGX_READ_EVENT, NGX_DISABLE_EVENT) + == NGX_ERROR) + { + return; + } + + if (ngx_add_event(c->read, NGX_READ_EVENT, NGX_EXCLUSIVE_EVENT) + == NGX_ERROR) + { + return; + } +} + +#endif + + static void ngx_close_accepted_connection(ngx_connection_t *c) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.21.5/src/event/ngx_event_openssl.c new/nginx-1.21.6/src/event/ngx_event_openssl.c --- old/nginx-1.21.5/src/event/ngx_event_openssl.c 2021-12-28 16:28:38.000000000 +0100 +++ new/nginx-1.21.6/src/event/ngx_event_openssl.c 2022-01-25 16:03:52.000000000 +0100 @@ -1383,6 +1383,9 @@ if (SSL_CTX_set0_tmp_dh_pkey(ssl->ctx, dh) != 1) { ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "SSL_CTX_set0_tmp_dh_pkey(\%s\") failed", file->data); +#if (OPENSSL_VERSION_NUMBER >= 0x3000001fL) + EVP_PKEY_free(dh); +#endif BIO_free(bio); return NGX_ERROR; } @@ -4448,7 +4451,21 @@ return -1; } - return (i == 0) ? 1 : 2 /* renew */; + /* renew if TLSv1.3 */ + +#ifdef TLS1_3_VERSION + if (SSL_version(ssl_conn) == TLS1_3_VERSION) { + return 2; + } +#endif + + /* renew if non-default key */ + + if (i != 0) { + return 2; + } + + return 1; } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.21.5/src/http/ngx_http_header_filter_module.c new/nginx-1.21.6/src/http/ngx_http_header_filter_module.c --- old/nginx-1.21.5/src/http/ngx_http_header_filter_module.c 2021-12-28 16:28:38.000000000 +0100 +++ new/nginx-1.21.6/src/http/ngx_http_header_filter_module.c 2022-01-25 16:03:52.000000000 +0100 @@ -197,6 +197,10 @@ } } + if (r->keepalive && (ngx_terminate || ngx_exiting)) { + r->keepalive = 0; + } + len = sizeof("HTTP/1.x ") - 1 + sizeof(CRLF) - 1 /* the end of the header */ + sizeof(CRLF) - 1;