Hello community,
here is the log from the commit of package nginx for openSUSE:Factory checked
in at 2018-09-14 00:03:06
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/nginx (Old)
and /work/SRC/openSUSE:Factory/.nginx.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nginx"
Fri Sep 14 00:03:06 2018 rev:28 rq:635544 version:1.15.3
Changes:
--------
--- /work/SRC/openSUSE:Factory/nginx/nginx.changes 2018-07-31
16:03:16.535941760 +0200
+++ /work/SRC/openSUSE:Factory/.nginx.new/nginx.changes 2018-09-14
00:03:20.641864231 +0200
@@ -1,0 +2,22 @@
+Thu Sep 6 12:36:21 UTC 2018 - Marcus Rueckert <mrueck...@suse.de>
+
+- update to 1.15.3
+ - Feature: now TLSv1.3 can be used with BoringSSL.
+ - Feature: the "ssl_early_data" directive, currently available
+ with BoringSSL.
+ - Feature: the "keepalive_timeout" and "keepalive_requests"
+ directives in the "upstream" block.
+ - Bugfix: the ngx_http_dav_module did not truncate destination
+ file when copying a file over an existing one with the COPY
+ method.
+ - Bugfix: the ngx_http_dav_module used zero access rights on the
+ destination file and did not preserve file modification time
+ when moving a file between different file systems with the MOVE
+ method.
+ - Bugfix: the ngx_http_dav_module used default access rights when
+ copying a file with the COPY method.
+ - Workaround: some clients might not work when using HTTP/2; the
+ bug had appeared in 1.13.5.
+ - Bugfix: nginx could not be built with LibreSSL 2.8.0.
+
+-------------------------------------------------------------------
Old:
----
nginx-1.15.2.tar.gz
nginx-1.15.2.tar.gz.asc
New:
----
nginx-1.15.3.tar.gz
nginx-1.15.3.tar.gz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ nginx.spec ++++++
--- /var/tmp/diff_new_pack.HWLJhr/_old 2018-09-14 00:03:24.441861329 +0200
+++ /var/tmp/diff_new_pack.HWLJhr/_new 2018-09-14 00:03:24.445861326 +0200
@@ -70,7 +70,7 @@
%define ngx_doc_dir %{_datadir}/doc/packages/%{name}
#
Name: nginx
-Version: 1.15.2
+Version: 1.15.3
Release: 0
%define ngx_fancyindex_version 0.4.2
%define ngx_fancyindex_module_path ngx-fancyindex-%{ngx_fancyindex_version}
++++++ nginx-1.15.2.tar.gz -> nginx-1.15.3.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.15.2/CHANGES new/nginx-1.15.3/CHANGES
--- old/nginx-1.15.2/CHANGES 2018-07-24 15:11:08.000000000 +0200
+++ new/nginx-1.15.3/CHANGES 2018-08-28 17:36:08.000000000 +0200
@@ -1,4 +1,30 @@
+Changes with nginx 1.15.3 28 Aug 2018
+
+ *) Feature: now TLSv1.3 can be used with BoringSSL.
+
+ *) Feature: the "ssl_early_data" directive, currently available with
+ BoringSSL.
+
+ *) Feature: the "keepalive_timeout" and "keepalive_requests" directives
+ in the "upstream" block.
+
+ *) Bugfix: the ngx_http_dav_module did not truncate destination file
+ when copying a file over an existing one with the COPY method.
+
+ *) Bugfix: the ngx_http_dav_module used zero access rights on the
+ destination file and did not preserve file modification time when
+ moving a file between different file systems with the MOVE method.
+
+ *) Bugfix: the ngx_http_dav_module used default access rights when
+ copying a file with the COPY method.
+
+ *) Workaround: some clients might not work when using HTTP/2; the bug
+ had appeared in 1.13.5.
+
+ *) Bugfix: nginx could not be built with LibreSSL 2.8.0.
+
+
Changes with nginx 1.15.2 24 Jul 2018
*) Feature: the $ssl_preread_protocol variable in the
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.15.2/CHANGES.ru new/nginx-1.15.3/CHANGES.ru
--- old/nginx-1.15.2/CHANGES.ru 2018-07-24 15:11:05.000000000 +0200
+++ new/nginx-1.15.3/CHANGES.ru 2018-08-28 17:36:06.000000000 +0200
@@ -1,4 +1,31 @@
+Изменения в nginx 1.15.3 28.08.2018
+
+ *) Добавление: теперь TLSv1.3 можно использовать с BoringSSL.
+
+ *) Добавление: директива ssl_early_data, сейчас доступна при
+ использовании BoringSSL.
+
+ *) Добавление: директивы keepalive_timeout и keepalive_requests в блоке
+ upstream.
+
+ *) Исправление: модуль ngx_http_dav_module при копировании файла поверх
+ существующего файла с помощью метода COPY не обнулял целевой файл.
+
+ *) Исправление: модуль ngx_http_dav_module при перемещении файла между
+ файловыми системами с помощью метода MOVE устанавливал нулевые права
+ доступа на результирующий файл и не сохранял время изменения файла.
+
+ *) Исправление: модуль ngx_http_dav_module при копировании файла с
+ помощью метода COPY для результирующего файла использовал права
+ доступа по умолчанию.
+
+ *) Изменение: некоторые клиенты могли не работать при использовании
+ HTTP/2; ошибка появилась в 1.13.5.
+
+ *) Исправление: nginx не собирался с LibreSSL 2.8.0.
+
+
Изменения в nginx 1.15.2 24.07.2018
*) Добавление: переменная $ssl_preread_protocol в модуле
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.15.2/auto/lib/google-perftools/conf
new/nginx-1.15.3/auto/lib/google-perftools/conf
--- old/nginx-1.15.2/auto/lib/google-perftools/conf 2018-07-24
15:11:00.000000000 +0200
+++ new/nginx-1.15.3/auto/lib/google-perftools/conf 2018-08-28
17:36:00.000000000 +0200
@@ -9,7 +9,8 @@
ngx_feature_incs=
ngx_feature_path=
ngx_feature_libs="-lprofiler"
- ngx_feature_test="ProfilerStop()"
+ ngx_feature_test="void ProfilerStop(void);
+ ProfilerStop()"
. auto/feature
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.15.2/auto/lib/libgd/conf
new/nginx-1.15.3/auto/lib/libgd/conf
--- old/nginx-1.15.2/auto/lib/libgd/conf 2018-07-24 15:11:00.000000000
+0200
+++ new/nginx-1.15.3/auto/lib/libgd/conf 2018-08-28 17:36:00.000000000
+0200
@@ -9,7 +9,8 @@
ngx_feature_incs="#include <gd.h>"
ngx_feature_path=
ngx_feature_libs="-lgd"
- ngx_feature_test="gdImagePtr img = gdImageCreateFromGifPtr(1, NULL);"
+ ngx_feature_test="gdImagePtr img = gdImageCreateFromGifPtr(1, NULL);
+ (void) img"
. auto/feature
@@ -76,7 +77,8 @@
ngx_feature="GD WebP support"
ngx_feature_name="NGX_HAVE_GD_WEBP"
- ngx_feature_test="gdImagePtr img = gdImageCreateFromWebpPtr(1, NULL);"
+ ngx_feature_test="gdImagePtr img = gdImageCreateFromWebpPtr(1, NULL);
+ (void) img"
. auto/feature
else
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.15.2/auto/lib/libxslt/conf
new/nginx-1.15.3/auto/lib/libxslt/conf
--- old/nginx-1.15.2/auto/lib/libxslt/conf 2018-07-24 15:11:00.000000000
+0200
+++ new/nginx-1.15.3/auto/lib/libxslt/conf 2018-08-28 17:36:00.000000000
+0200
@@ -16,8 +16,8 @@
ngx_feature_libs="-lxml2 -lxslt"
ngx_feature_test="xmlParserCtxtPtr ctxt = NULL;
xsltStylesheetPtr sheet = NULL;
- xmlDocPtr doc;
- doc = xmlParseChunk(ctxt, NULL, 0, 0);
+ xmlDocPtr doc = NULL;
+ xmlParseChunk(ctxt, NULL, 0, 0);
xsltApplyStylesheet(sheet, doc, NULL);"
. auto/feature
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.15.2/auto/os/linux
new/nginx-1.15.3/auto/os/linux
--- old/nginx-1.15.2/auto/os/linux 2018-07-24 15:11:00.000000000 +0200
+++ new/nginx-1.15.3/auto/os/linux 2018-08-28 17:36:00.000000000 +0200
@@ -185,6 +185,8 @@
data.effective = CAP_TO_MASK(CAP_NET_RAW);
data.permitted = 0;
+ (void) header;
+ (void) data;
(void) SYS_capset"
. auto/feature
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.15.2/html/50x.html
new/nginx-1.15.3/html/50x.html
--- old/nginx-1.15.2/html/50x.html 2018-07-24 15:11:00.000000000 +0200
+++ new/nginx-1.15.3/html/50x.html 2018-08-28 17:36:00.000000000 +0200
@@ -15,7 +15,7 @@
<p>Sorry, the page you are looking for is currently unavailable.<br/>
Please try again later.</p>
<p>If you are the system administrator of this resource then you should check
-the <a href="http://nginx.org/r/error_log";>error log</a> for details.</p>
+the error log for details.</p>
<p><em>Faithfully yours, nginx.</em></p>
</body>
</html>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.15.2/src/core/nginx.h
new/nginx-1.15.3/src/core/nginx.h
--- old/nginx-1.15.2/src/core/nginx.h 2018-07-24 15:11:00.000000000 +0200
+++ new/nginx-1.15.3/src/core/nginx.h 2018-08-28 17:36:00.000000000 +0200
@@ -9,8 +9,8 @@
#define _NGINX_H_INCLUDED_
-#define nginx_version 1015002
-#define NGINX_VERSION "1.15.2"
+#define nginx_version 1015003
+#define NGINX_VERSION "1.15.3"
#define NGINX_VER "nginx/" NGINX_VERSION
#ifdef NGX_BUILD
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.15.2/src/core/ngx_conf_file.c
new/nginx-1.15.3/src/core/ngx_conf_file.c
--- old/nginx-1.15.2/src/core/ngx_conf_file.c 2018-07-24 15:11:00.000000000
+0200
+++ new/nginx-1.15.3/src/core/ngx_conf_file.c 2018-08-28 17:36:00.000000000
+0200
@@ -656,13 +656,14 @@
}
if (last_space) {
- if (ch == ' ' || ch == '\t' || ch == CR || ch == LF) {
- continue;
- }
start = b->pos - 1;
start_line = cf->conf_file->line;
+ if (ch == ' ' || ch == '\t' || ch == CR || ch == LF) {
+ continue;
+ }
+
switch (ch) {
case ';':
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.15.2/src/core/ngx_file.c
new/nginx-1.15.3/src/core/ngx_file.c
--- old/nginx-1.15.2/src/core/ngx_file.c 2018-07-24 15:11:00.000000000
+0200
+++ new/nginx-1.15.3/src/core/ngx_file.c 2018-08-28 17:36:00.000000000
+0200
@@ -796,10 +796,12 @@
{
char *buf;
off_t size;
+ time_t time;
size_t len;
ssize_t n;
ngx_fd_t fd, nfd;
ngx_int_t rc;
+ ngx_uint_t access;
ngx_file_info_t fi;
rc = NGX_ERROR;
@@ -814,8 +816,10 @@
goto failed;
}
- if (cf->size != -1) {
+ if (cf->size != -1 && cf->access != 0 && cf->time != -1) {
size = cf->size;
+ access = cf->access;
+ time = cf->time;
} else {
if (ngx_fd_info(fd, &fi) == NGX_FILE_ERROR) {
@@ -825,7 +829,9 @@
goto failed;
}
- size = ngx_file_size(&fi);
+ size = (cf->size != -1) ? cf->size : ngx_file_size(&fi);
+ access = cf->access ? cf->access : ngx_file_access(&fi);
+ time = (cf->time != -1) ? cf->time : ngx_file_mtime(&fi);
}
len = cf->buf_size ? cf->buf_size : 65536;
@@ -839,8 +845,7 @@
goto failed;
}
- nfd = ngx_open_file(to, NGX_FILE_WRONLY, NGX_FILE_CREATE_OR_OPEN,
- cf->access);
+ nfd = ngx_open_file(to, NGX_FILE_WRONLY, NGX_FILE_TRUNCATE, access);
if (nfd == NGX_INVALID_FILE) {
ngx_log_error(NGX_LOG_CRIT, cf->log, ngx_errno,
@@ -887,12 +892,10 @@
size -= n;
}
- if (cf->time != -1) {
- if (ngx_set_file_time(to, nfd, cf->time) != NGX_OK) {
- ngx_log_error(NGX_LOG_ALERT, cf->log, ngx_errno,
- ngx_set_file_time_n " \"%s\" failed", to);
- goto failed;
- }
+ if (ngx_set_file_time(to, nfd, time) != NGX_OK) {
+ ngx_log_error(NGX_LOG_ALERT, cf->log, ngx_errno,
+ ngx_set_file_time_n " \"%s\" failed", to);
+ goto failed;
}
rc = NGX_OK;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.15.2/src/event/ngx_event_openssl.c
new/nginx-1.15.3/src/event/ngx_event_openssl.c
--- old/nginx-1.15.2/src/event/ngx_event_openssl.c 2018-07-24
15:11:00.000000000 +0200
+++ new/nginx-1.15.3/src/event/ngx_event_openssl.c 2018-08-28
17:36:00.000000000 +0200
@@ -331,6 +331,11 @@
}
#endif
+#ifdef TLS1_3_VERSION
+ SSL_CTX_set_min_proto_version(ssl->ctx, 0);
+ SSL_CTX_set_max_proto_version(ssl->ctx, TLS1_3_VERSION);
+#endif
+
#ifdef SSL_OP_NO_COMPRESSION
SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_COMPRESSION);
#endif
@@ -1164,6 +1169,29 @@
ngx_int_t
+ngx_ssl_early_data(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_uint_t enable)
+{
+ if (!enable) {
+ return NGX_OK;
+ }
+
+#ifdef SSL_ERROR_EARLY_DATA_REJECTED
+
+ /* BoringSSL */
+
+ SSL_CTX_set_early_data_enabled(ssl->ctx, 1);
+
+#else
+ ngx_log_error(NGX_LOG_WARN, ssl->log, 0,
+ "\"ssl_early_data\" is not supported on this platform, "
+ "ignored");
+#endif
+
+ return NGX_OK;
+}
+
+
+ngx_int_t
ngx_ssl_client_session_cache(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_uint_t enable)
{
if (!enable) {
@@ -3616,6 +3644,21 @@
return NGX_OK;
}
+
+
+ngx_int_t
+ngx_ssl_get_early_data(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
+{
+ s->len = 0;
+
+#ifdef SSL_ERROR_EARLY_DATA_REJECTED
+ if (SSL_in_early_data(c->ssl->connection)) {
+ ngx_str_set(s, "1");
+ }
+#endif
+
+ return NGX_OK;
+}
ngx_int_t
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.15.2/src/event/ngx_event_openssl.h
new/nginx-1.15.3/src/event/ngx_event_openssl.h
--- old/nginx-1.15.2/src/event/ngx_event_openssl.h 2018-07-24
15:11:00.000000000 +0200
+++ new/nginx-1.15.3/src/event/ngx_event_openssl.h 2018-08-28
17:36:00.000000000 +0200
@@ -36,8 +36,12 @@
#if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L)
#undef OPENSSL_VERSION_NUMBER
+#if (LIBRESSL_VERSION_NUMBER >= 0x2080000fL)
+#define OPENSSL_VERSION_NUMBER 0x1010000fL
+#else
#define OPENSSL_VERSION_NUMBER 0x1000107fL
#endif
+#endif
#if (OPENSSL_VERSION_NUMBER >= 0x10100001L)
@@ -171,6 +175,8 @@
ngx_array_t *ngx_ssl_read_password_file(ngx_conf_t *cf, ngx_str_t *file);
ngx_int_t ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file);
ngx_int_t ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *name);
+ngx_int_t ngx_ssl_early_data(ngx_conf_t *cf, ngx_ssl_t *ssl,
+ ngx_uint_t enable);
ngx_int_t ngx_ssl_client_session_cache(ngx_conf_t *cf, ngx_ssl_t *ssl,
ngx_uint_t enable);
ngx_int_t ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx,
@@ -213,6 +219,8 @@
ngx_str_t *s);
ngx_int_t ngx_ssl_get_session_reused(ngx_connection_t *c, ngx_pool_t *pool,
ngx_str_t *s);
+ngx_int_t ngx_ssl_get_early_data(ngx_connection_t *c, ngx_pool_t *pool,
+ ngx_str_t *s);
ngx_int_t ngx_ssl_get_server_name(ngx_connection_t *c, ngx_pool_t *pool,
ngx_str_t *s);
ngx_int_t ngx_ssl_get_raw_certificate(ngx_connection_t *c, ngx_pool_t *pool,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.15.2/src/http/modules/ngx_http_dav_module.c
new/nginx-1.15.3/src/http/modules/ngx_http_dav_module.c
--- old/nginx-1.15.2/src/http/modules/ngx_http_dav_module.c 2018-07-24
15:11:00.000000000 +0200
+++ new/nginx-1.15.3/src/http/modules/ngx_http_dav_module.c 2018-08-28
17:36:00.000000000 +0200
@@ -841,11 +841,9 @@
return NGX_HTTP_INTERNAL_SERVER_ERROR;
}
- dlcf = ngx_http_get_module_loc_conf(r, ngx_http_dav_module);
-
cf.size = ngx_file_size(&fi);
cf.buf_size = 0;
- cf.access = dlcf->access;
+ cf.access = ngx_file_access(&fi);
cf.time = ngx_file_mtime(&fi);
cf.log = r->connection->log;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.15.2/src/http/modules/ngx_http_ssl_module.c
new/nginx-1.15.3/src/http/modules/ngx_http_ssl_module.c
--- old/nginx-1.15.2/src/http/modules/ngx_http_ssl_module.c 2018-07-24
15:11:00.000000000 +0200
+++ new/nginx-1.15.3/src/http/modules/ngx_http_ssl_module.c 2018-08-28
17:36:00.000000000 +0200
@@ -239,6 +239,13 @@
offsetof(ngx_http_ssl_srv_conf_t, stapling_verify),
NULL },
+ { ngx_string("ssl_early_data"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
+ ngx_conf_set_flag_slot,
+ NGX_HTTP_SRV_CONF_OFFSET,
+ offsetof(ngx_http_ssl_srv_conf_t, early_data),
+ NULL },
+
ngx_null_command
};
@@ -294,6 +301,10 @@
{ ngx_string("ssl_session_reused"), NULL, ngx_http_ssl_variable,
(uintptr_t) ngx_ssl_get_session_reused, NGX_HTTP_VAR_CHANGEABLE, 0 },
+ { ngx_string("ssl_early_data"), NULL, ngx_http_ssl_variable,
+ (uintptr_t) ngx_ssl_get_early_data,
+ NGX_HTTP_VAR_CHANGEABLE|NGX_HTTP_VAR_NOCACHEABLE, 0 },
+
{ ngx_string("ssl_server_name"), NULL, ngx_http_ssl_variable,
(uintptr_t) ngx_ssl_get_server_name, NGX_HTTP_VAR_CHANGEABLE, 0 },
@@ -552,6 +563,7 @@
sscf->enable = NGX_CONF_UNSET;
sscf->prefer_server_ciphers = NGX_CONF_UNSET;
+ sscf->early_data = NGX_CONF_UNSET;
sscf->buffer_size = NGX_CONF_UNSET_SIZE;
sscf->verify = NGX_CONF_UNSET_UINT;
sscf->verify_depth = NGX_CONF_UNSET_UINT;
@@ -594,6 +606,8 @@
ngx_conf_merge_value(conf->prefer_server_ciphers,
prev->prefer_server_ciphers, 0);
+ ngx_conf_merge_value(conf->early_data, prev->early_data, 0);
+
ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
(NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1
|NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2));
@@ -809,6 +823,10 @@
}
+ if (ngx_ssl_early_data(cf, &conf->ssl, conf->early_data) != NGX_OK) {
+ return NGX_CONF_ERROR;
+ }
+
return NGX_CONF_OK;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.15.2/src/http/modules/ngx_http_ssl_module.h
new/nginx-1.15.3/src/http/modules/ngx_http_ssl_module.h
--- old/nginx-1.15.2/src/http/modules/ngx_http_ssl_module.h 2018-07-24
15:11:00.000000000 +0200
+++ new/nginx-1.15.3/src/http/modules/ngx_http_ssl_module.h 2018-08-28
17:36:00.000000000 +0200
@@ -20,6 +20,7 @@
ngx_ssl_t ssl;
ngx_flag_t prefer_server_ciphers;
+ ngx_flag_t early_data;
ngx_uint_t protocols;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/nginx-1.15.2/src/http/modules/ngx_http_upstream_keepalive_module.c
new/nginx-1.15.3/src/http/modules/ngx_http_upstream_keepalive_module.c
--- old/nginx-1.15.2/src/http/modules/ngx_http_upstream_keepalive_module.c
2018-07-24 15:11:00.000000000 +0200
+++ new/nginx-1.15.3/src/http/modules/ngx_http_upstream_keepalive_module.c
2018-08-28 17:36:00.000000000 +0200
@@ -12,6 +12,8 @@
typedef struct {
ngx_uint_t max_cached;
+ ngx_uint_t requests;
+ ngx_msec_t timeout;
ngx_queue_t cache;
ngx_queue_t free;
@@ -84,6 +86,20 @@
0,
NULL },
+ { ngx_string("keepalive_timeout"),
+ NGX_HTTP_UPS_CONF|NGX_CONF_TAKE1,
+ ngx_conf_set_msec_slot,
+ NGX_HTTP_SRV_CONF_OFFSET,
+ offsetof(ngx_http_upstream_keepalive_srv_conf_t, timeout),
+ NULL },
+
+ { ngx_string("keepalive_requests"),
+ NGX_HTTP_UPS_CONF|NGX_CONF_TAKE1,
+ ngx_conf_set_num_slot,
+ NGX_HTTP_SRV_CONF_OFFSET,
+ offsetof(ngx_http_upstream_keepalive_srv_conf_t, requests),
+ NULL },
+
ngx_null_command
};
@@ -133,6 +149,9 @@
kcf = ngx_http_conf_upstream_srv_conf(us,
ngx_http_upstream_keepalive_module);
+ ngx_conf_init_msec_value(kcf->timeout, 60000);
+ ngx_conf_init_uint_value(kcf->requests, 100);
+
if (kcf->original_init_upstream(cf, us) != NGX_OK) {
return NGX_ERROR;
}
@@ -261,6 +280,10 @@
c->write->log = pc->log;
c->pool->log = pc->log;
+ if (c->read->timer_set) {
+ ngx_del_timer(c->read);
+ }
+
pc->connection = c;
pc->cached = 1;
@@ -298,6 +321,10 @@
goto invalid;
}
+ if (c->requests >= kp->conf->requests) {
+ goto invalid;
+ }
+
if (!u->keepalive) {
goto invalid;
}
@@ -339,10 +366,9 @@
pc->connection = NULL;
- if (c->read->timer_set) {
- c->read->delayed = 0;
- ngx_del_timer(c->read);
- }
+ c->read->delayed = 0;
+ ngx_add_timer(c->read, kp->conf->timeout);
+
if (c->write->timer_set) {
ngx_del_timer(c->write);
}
@@ -393,7 +419,7 @@
c = ev->data;
- if (c->close) {
+ if (c->close || c->read->timedout) {
goto close;
}
@@ -486,6 +512,9 @@
* conf->max_cached = 0;
*/
+ conf->timeout = NGX_CONF_UNSET_MSEC;
+ conf->requests = NGX_CONF_UNSET_UINT;
+
return conf;
}
@@ -518,6 +547,8 @@
kcf->max_cached = n;
+ /* init upstream handler */
+
uscf = ngx_http_conf_get_module_srv_conf(cf, ngx_http_upstream_module);
kcf->original_init_upstream = uscf->peer.init_upstream
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.15.2/src/http/ngx_http_upstream.c
new/nginx-1.15.3/src/http/ngx_http_upstream.c
--- old/nginx-1.15.2/src/http/ngx_http_upstream.c 2018-07-24
15:11:00.000000000 +0200
+++ new/nginx-1.15.3/src/http/ngx_http_upstream.c 2018-08-28
17:36:00.000000000 +0200
@@ -1546,6 +1546,8 @@
c = u->peer.connection;
+ c->requests++;
+
c->data = r;
c->write->handler = ngx_http_upstream_handler;
@@ -2133,7 +2135,7 @@
out = u->request_bufs;
if (r->request_body->bufs) {
- for (cl = out; cl->next; cl = out->next) { /* void */ }
+ for (cl = out; cl->next; cl = cl->next) { /* void */ }
cl->next = r->request_body->bufs;
r->request_body->bufs = NULL;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.15.2/src/http/v2/ngx_http_v2.c
new/nginx-1.15.3/src/http/v2/ngx_http_v2.c
--- old/nginx-1.15.2/src/http/v2/ngx_http_v2.c 2018-07-24 15:11:00.000000000
+0200
+++ new/nginx-1.15.3/src/http/v2/ngx_http_v2.c 2018-08-28 17:36:00.000000000
+0200
@@ -270,8 +270,6 @@
h2c->frame_size = NGX_HTTP_V2_DEFAULT_FRAME_SIZE;
- h2c->table_update = 1;
-
h2scf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_v2_module);
h2c->concurrent_pushes = h2scf->concurrent_pushes;
@@ -2075,6 +2073,11 @@
h2c->concurrent_pushes = ngx_min(value, h2scf->concurrent_pushes);
break;
+ case NGX_HTTP_V2_HEADER_TABLE_SIZE_SETTING:
+
+ h2c->table_update = 1;
+ break;
+
default:
break;
}
