Hello community, here is the log from the commit of package nginx for openSUSE:Factory checked in at 2018-09-14 00:03:06 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/nginx (Old) and /work/SRC/openSUSE:Factory/.nginx.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nginx" Fri Sep 14 00:03:06 2018 rev:28 rq:635544 version:1.15.3 Changes: -------- --- /work/SRC/openSUSE:Factory/nginx/nginx.changes 2018-07-31 16:03:16.535941760 +0200 +++ /work/SRC/openSUSE:Factory/.nginx.new/nginx.changes 2018-09-14 00:03:20.641864231 +0200 @@ -1,0 +2,22 @@ +Thu Sep 6 12:36:21 UTC 2018 - Marcus Rueckert <mrueck...@suse.de> + +- update to 1.15.3 + - Feature: now TLSv1.3 can be used with BoringSSL. + - Feature: the "ssl_early_data" directive, currently available + with BoringSSL. + - Feature: the "keepalive_timeout" and "keepalive_requests" + directives in the "upstream" block. + - Bugfix: the ngx_http_dav_module did not truncate destination + file when copying a file over an existing one with the COPY + method. + - Bugfix: the ngx_http_dav_module used zero access rights on the + destination file and did not preserve file modification time + when moving a file between different file systems with the MOVE + method. + - Bugfix: the ngx_http_dav_module used default access rights when + copying a file with the COPY method. + - Workaround: some clients might not work when using HTTP/2; the + bug had appeared in 1.13.5. + - Bugfix: nginx could not be built with LibreSSL 2.8.0. + +------------------------------------------------------------------- Old: ---- nginx-1.15.2.tar.gz nginx-1.15.2.tar.gz.asc New: ---- nginx-1.15.3.tar.gz nginx-1.15.3.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ nginx.spec ++++++ --- /var/tmp/diff_new_pack.HWLJhr/_old 2018-09-14 00:03:24.441861329 +0200 +++ /var/tmp/diff_new_pack.HWLJhr/_new 2018-09-14 00:03:24.445861326 +0200 @@ -70,7 +70,7 @@ %define ngx_doc_dir %{_datadir}/doc/packages/%{name} # Name: nginx -Version: 1.15.2 +Version: 1.15.3 Release: 0 %define ngx_fancyindex_version 0.4.2 %define ngx_fancyindex_module_path ngx-fancyindex-%{ngx_fancyindex_version} ++++++ nginx-1.15.2.tar.gz -> nginx-1.15.3.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.15.2/CHANGES new/nginx-1.15.3/CHANGES --- old/nginx-1.15.2/CHANGES 2018-07-24 15:11:08.000000000 +0200 +++ new/nginx-1.15.3/CHANGES 2018-08-28 17:36:08.000000000 +0200 @@ -1,4 +1,30 @@ +Changes with nginx 1.15.3 28 Aug 2018 + + *) Feature: now TLSv1.3 can be used with BoringSSL. + + *) Feature: the "ssl_early_data" directive, currently available with + BoringSSL. + + *) Feature: the "keepalive_timeout" and "keepalive_requests" directives + in the "upstream" block. + + *) Bugfix: the ngx_http_dav_module did not truncate destination file + when copying a file over an existing one with the COPY method. + + *) Bugfix: the ngx_http_dav_module used zero access rights on the + destination file and did not preserve file modification time when + moving a file between different file systems with the MOVE method. + + *) Bugfix: the ngx_http_dav_module used default access rights when + copying a file with the COPY method. + + *) Workaround: some clients might not work when using HTTP/2; the bug + had appeared in 1.13.5. + + *) Bugfix: nginx could not be built with LibreSSL 2.8.0. + + Changes with nginx 1.15.2 24 Jul 2018 *) Feature: the $ssl_preread_protocol variable in the diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.15.2/CHANGES.ru new/nginx-1.15.3/CHANGES.ru --- old/nginx-1.15.2/CHANGES.ru 2018-07-24 15:11:05.000000000 +0200 +++ new/nginx-1.15.3/CHANGES.ru 2018-08-28 17:36:06.000000000 +0200 @@ -1,4 +1,31 @@ +Изменения в nginx 1.15.3 28.08.2018 + + *) Добавление: теперь TLSv1.3 можно использовать с BoringSSL. + + *) Добавление: директива ssl_early_data, сейчас доступна при + использовании BoringSSL. + + *) Добавление: директивы keepalive_timeout и keepalive_requests в блоке + upstream. + + *) Исправление: модуль ngx_http_dav_module при копировании файла поверх + существующего файла с помощью метода COPY не обнулял целевой файл. + + *) Исправление: модуль ngx_http_dav_module при перемещении файла между + файловыми системами с помощью метода MOVE устанавливал нулевые права + доступа на результирующий файл и не сохранял время изменения файла. + + *) Исправление: модуль ngx_http_dav_module при копировании файла с + помощью метода COPY для результирующего файла использовал права + доступа по умолчанию. + + *) Изменение: некоторые клиенты могли не работать при использовании + HTTP/2; ошибка появилась в 1.13.5. + + *) Исправление: nginx не собирался с LibreSSL 2.8.0. + + Изменения в nginx 1.15.2 24.07.2018 *) Добавление: переменная $ssl_preread_protocol в модуле diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.15.2/auto/lib/google-perftools/conf new/nginx-1.15.3/auto/lib/google-perftools/conf --- old/nginx-1.15.2/auto/lib/google-perftools/conf 2018-07-24 15:11:00.000000000 +0200 +++ new/nginx-1.15.3/auto/lib/google-perftools/conf 2018-08-28 17:36:00.000000000 +0200 @@ -9,7 +9,8 @@ ngx_feature_incs= ngx_feature_path= ngx_feature_libs="-lprofiler" - ngx_feature_test="ProfilerStop()" + ngx_feature_test="void ProfilerStop(void); + ProfilerStop()" . auto/feature diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.15.2/auto/lib/libgd/conf new/nginx-1.15.3/auto/lib/libgd/conf --- old/nginx-1.15.2/auto/lib/libgd/conf 2018-07-24 15:11:00.000000000 +0200 +++ new/nginx-1.15.3/auto/lib/libgd/conf 2018-08-28 17:36:00.000000000 +0200 @@ -9,7 +9,8 @@ ngx_feature_incs="#include <gd.h>" ngx_feature_path= ngx_feature_libs="-lgd" - ngx_feature_test="gdImagePtr img = gdImageCreateFromGifPtr(1, NULL);" + ngx_feature_test="gdImagePtr img = gdImageCreateFromGifPtr(1, NULL); + (void) img" . auto/feature @@ -76,7 +77,8 @@ ngx_feature="GD WebP support" ngx_feature_name="NGX_HAVE_GD_WEBP" - ngx_feature_test="gdImagePtr img = gdImageCreateFromWebpPtr(1, NULL);" + ngx_feature_test="gdImagePtr img = gdImageCreateFromWebpPtr(1, NULL); + (void) img" . auto/feature else diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.15.2/auto/lib/libxslt/conf new/nginx-1.15.3/auto/lib/libxslt/conf --- old/nginx-1.15.2/auto/lib/libxslt/conf 2018-07-24 15:11:00.000000000 +0200 +++ new/nginx-1.15.3/auto/lib/libxslt/conf 2018-08-28 17:36:00.000000000 +0200 @@ -16,8 +16,8 @@ ngx_feature_libs="-lxml2 -lxslt" ngx_feature_test="xmlParserCtxtPtr ctxt = NULL; xsltStylesheetPtr sheet = NULL; - xmlDocPtr doc; - doc = xmlParseChunk(ctxt, NULL, 0, 0); + xmlDocPtr doc = NULL; + xmlParseChunk(ctxt, NULL, 0, 0); xsltApplyStylesheet(sheet, doc, NULL);" . auto/feature diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.15.2/auto/os/linux new/nginx-1.15.3/auto/os/linux --- old/nginx-1.15.2/auto/os/linux 2018-07-24 15:11:00.000000000 +0200 +++ new/nginx-1.15.3/auto/os/linux 2018-08-28 17:36:00.000000000 +0200 @@ -185,6 +185,8 @@ data.effective = CAP_TO_MASK(CAP_NET_RAW); data.permitted = 0; + (void) header; + (void) data; (void) SYS_capset" . auto/feature diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.15.2/html/50x.html new/nginx-1.15.3/html/50x.html --- old/nginx-1.15.2/html/50x.html 2018-07-24 15:11:00.000000000 +0200 +++ new/nginx-1.15.3/html/50x.html 2018-08-28 17:36:00.000000000 +0200 @@ -15,7 +15,7 @@ <p>Sorry, the page you are looking for is currently unavailable.<br/> Please try again later.</p> <p>If you are the system administrator of this resource then you should check -the <a href="http://nginx.org/r/error_log">error log</a> for details.</p> +the error log for details.</p> <p><em>Faithfully yours, nginx.</em></p> </body> </html> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.15.2/src/core/nginx.h new/nginx-1.15.3/src/core/nginx.h --- old/nginx-1.15.2/src/core/nginx.h 2018-07-24 15:11:00.000000000 +0200 +++ new/nginx-1.15.3/src/core/nginx.h 2018-08-28 17:36:00.000000000 +0200 @@ -9,8 +9,8 @@ #define _NGINX_H_INCLUDED_ -#define nginx_version 1015002 -#define NGINX_VERSION "1.15.2" +#define nginx_version 1015003 +#define NGINX_VERSION "1.15.3" #define NGINX_VER "nginx/" NGINX_VERSION #ifdef NGX_BUILD diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.15.2/src/core/ngx_conf_file.c new/nginx-1.15.3/src/core/ngx_conf_file.c --- old/nginx-1.15.2/src/core/ngx_conf_file.c 2018-07-24 15:11:00.000000000 +0200 +++ new/nginx-1.15.3/src/core/ngx_conf_file.c 2018-08-28 17:36:00.000000000 +0200 @@ -656,13 +656,14 @@ } if (last_space) { - if (ch == ' ' || ch == '\t' || ch == CR || ch == LF) { - continue; - } start = b->pos - 1; start_line = cf->conf_file->line; + if (ch == ' ' || ch == '\t' || ch == CR || ch == LF) { + continue; + } + switch (ch) { case ';': diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.15.2/src/core/ngx_file.c new/nginx-1.15.3/src/core/ngx_file.c --- old/nginx-1.15.2/src/core/ngx_file.c 2018-07-24 15:11:00.000000000 +0200 +++ new/nginx-1.15.3/src/core/ngx_file.c 2018-08-28 17:36:00.000000000 +0200 @@ -796,10 +796,12 @@ { char *buf; off_t size; + time_t time; size_t len; ssize_t n; ngx_fd_t fd, nfd; ngx_int_t rc; + ngx_uint_t access; ngx_file_info_t fi; rc = NGX_ERROR; @@ -814,8 +816,10 @@ goto failed; } - if (cf->size != -1) { + if (cf->size != -1 && cf->access != 0 && cf->time != -1) { size = cf->size; + access = cf->access; + time = cf->time; } else { if (ngx_fd_info(fd, &fi) == NGX_FILE_ERROR) { @@ -825,7 +829,9 @@ goto failed; } - size = ngx_file_size(&fi); + size = (cf->size != -1) ? cf->size : ngx_file_size(&fi); + access = cf->access ? cf->access : ngx_file_access(&fi); + time = (cf->time != -1) ? cf->time : ngx_file_mtime(&fi); } len = cf->buf_size ? cf->buf_size : 65536; @@ -839,8 +845,7 @@ goto failed; } - nfd = ngx_open_file(to, NGX_FILE_WRONLY, NGX_FILE_CREATE_OR_OPEN, - cf->access); + nfd = ngx_open_file(to, NGX_FILE_WRONLY, NGX_FILE_TRUNCATE, access); if (nfd == NGX_INVALID_FILE) { ngx_log_error(NGX_LOG_CRIT, cf->log, ngx_errno, @@ -887,12 +892,10 @@ size -= n; } - if (cf->time != -1) { - if (ngx_set_file_time(to, nfd, cf->time) != NGX_OK) { - ngx_log_error(NGX_LOG_ALERT, cf->log, ngx_errno, - ngx_set_file_time_n " \"%s\" failed", to); - goto failed; - } + if (ngx_set_file_time(to, nfd, time) != NGX_OK) { + ngx_log_error(NGX_LOG_ALERT, cf->log, ngx_errno, + ngx_set_file_time_n " \"%s\" failed", to); + goto failed; } rc = NGX_OK; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.15.2/src/event/ngx_event_openssl.c new/nginx-1.15.3/src/event/ngx_event_openssl.c --- old/nginx-1.15.2/src/event/ngx_event_openssl.c 2018-07-24 15:11:00.000000000 +0200 +++ new/nginx-1.15.3/src/event/ngx_event_openssl.c 2018-08-28 17:36:00.000000000 +0200 @@ -331,6 +331,11 @@ } #endif +#ifdef TLS1_3_VERSION + SSL_CTX_set_min_proto_version(ssl->ctx, 0); + SSL_CTX_set_max_proto_version(ssl->ctx, TLS1_3_VERSION); +#endif + #ifdef SSL_OP_NO_COMPRESSION SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_COMPRESSION); #endif @@ -1164,6 +1169,29 @@ ngx_int_t +ngx_ssl_early_data(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_uint_t enable) +{ + if (!enable) { + return NGX_OK; + } + +#ifdef SSL_ERROR_EARLY_DATA_REJECTED + + /* BoringSSL */ + + SSL_CTX_set_early_data_enabled(ssl->ctx, 1); + +#else + ngx_log_error(NGX_LOG_WARN, ssl->log, 0, + "\"ssl_early_data\" is not supported on this platform, " + "ignored"); +#endif + + return NGX_OK; +} + + +ngx_int_t ngx_ssl_client_session_cache(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_uint_t enable) { if (!enable) { @@ -3616,6 +3644,21 @@ return NGX_OK; } + + +ngx_int_t +ngx_ssl_get_early_data(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) +{ + s->len = 0; + +#ifdef SSL_ERROR_EARLY_DATA_REJECTED + if (SSL_in_early_data(c->ssl->connection)) { + ngx_str_set(s, "1"); + } +#endif + + return NGX_OK; +} ngx_int_t diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.15.2/src/event/ngx_event_openssl.h new/nginx-1.15.3/src/event/ngx_event_openssl.h --- old/nginx-1.15.2/src/event/ngx_event_openssl.h 2018-07-24 15:11:00.000000000 +0200 +++ new/nginx-1.15.3/src/event/ngx_event_openssl.h 2018-08-28 17:36:00.000000000 +0200 @@ -36,8 +36,12 @@ #if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L) #undef OPENSSL_VERSION_NUMBER +#if (LIBRESSL_VERSION_NUMBER >= 0x2080000fL) +#define OPENSSL_VERSION_NUMBER 0x1010000fL +#else #define OPENSSL_VERSION_NUMBER 0x1000107fL #endif +#endif #if (OPENSSL_VERSION_NUMBER >= 0x10100001L) @@ -171,6 +175,8 @@ ngx_array_t *ngx_ssl_read_password_file(ngx_conf_t *cf, ngx_str_t *file); ngx_int_t ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file); ngx_int_t ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *name); +ngx_int_t ngx_ssl_early_data(ngx_conf_t *cf, ngx_ssl_t *ssl, + ngx_uint_t enable); ngx_int_t ngx_ssl_client_session_cache(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_uint_t enable); ngx_int_t ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx, @@ -213,6 +219,8 @@ ngx_str_t *s); ngx_int_t ngx_ssl_get_session_reused(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s); +ngx_int_t ngx_ssl_get_early_data(ngx_connection_t *c, ngx_pool_t *pool, + ngx_str_t *s); ngx_int_t ngx_ssl_get_server_name(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s); ngx_int_t ngx_ssl_get_raw_certificate(ngx_connection_t *c, ngx_pool_t *pool, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.15.2/src/http/modules/ngx_http_dav_module.c new/nginx-1.15.3/src/http/modules/ngx_http_dav_module.c --- old/nginx-1.15.2/src/http/modules/ngx_http_dav_module.c 2018-07-24 15:11:00.000000000 +0200 +++ new/nginx-1.15.3/src/http/modules/ngx_http_dav_module.c 2018-08-28 17:36:00.000000000 +0200 @@ -841,11 +841,9 @@ return NGX_HTTP_INTERNAL_SERVER_ERROR; } - dlcf = ngx_http_get_module_loc_conf(r, ngx_http_dav_module); - cf.size = ngx_file_size(&fi); cf.buf_size = 0; - cf.access = dlcf->access; + cf.access = ngx_file_access(&fi); cf.time = ngx_file_mtime(&fi); cf.log = r->connection->log; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.15.2/src/http/modules/ngx_http_ssl_module.c new/nginx-1.15.3/src/http/modules/ngx_http_ssl_module.c --- old/nginx-1.15.2/src/http/modules/ngx_http_ssl_module.c 2018-07-24 15:11:00.000000000 +0200 +++ new/nginx-1.15.3/src/http/modules/ngx_http_ssl_module.c 2018-08-28 17:36:00.000000000 +0200 @@ -239,6 +239,13 @@ offsetof(ngx_http_ssl_srv_conf_t, stapling_verify), NULL }, + { ngx_string("ssl_early_data"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, + ngx_conf_set_flag_slot, + NGX_HTTP_SRV_CONF_OFFSET, + offsetof(ngx_http_ssl_srv_conf_t, early_data), + NULL }, + ngx_null_command }; @@ -294,6 +301,10 @@ { ngx_string("ssl_session_reused"), NULL, ngx_http_ssl_variable, (uintptr_t) ngx_ssl_get_session_reused, NGX_HTTP_VAR_CHANGEABLE, 0 }, + { ngx_string("ssl_early_data"), NULL, ngx_http_ssl_variable, + (uintptr_t) ngx_ssl_get_early_data, + NGX_HTTP_VAR_CHANGEABLE|NGX_HTTP_VAR_NOCACHEABLE, 0 }, + { ngx_string("ssl_server_name"), NULL, ngx_http_ssl_variable, (uintptr_t) ngx_ssl_get_server_name, NGX_HTTP_VAR_CHANGEABLE, 0 }, @@ -552,6 +563,7 @@ sscf->enable = NGX_CONF_UNSET; sscf->prefer_server_ciphers = NGX_CONF_UNSET; + sscf->early_data = NGX_CONF_UNSET; sscf->buffer_size = NGX_CONF_UNSET_SIZE; sscf->verify = NGX_CONF_UNSET_UINT; sscf->verify_depth = NGX_CONF_UNSET_UINT; @@ -594,6 +606,8 @@ ngx_conf_merge_value(conf->prefer_server_ciphers, prev->prefer_server_ciphers, 0); + ngx_conf_merge_value(conf->early_data, prev->early_data, 0); + ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, (NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1 |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2)); @@ -809,6 +823,10 @@ } + if (ngx_ssl_early_data(cf, &conf->ssl, conf->early_data) != NGX_OK) { + return NGX_CONF_ERROR; + } + return NGX_CONF_OK; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.15.2/src/http/modules/ngx_http_ssl_module.h new/nginx-1.15.3/src/http/modules/ngx_http_ssl_module.h --- old/nginx-1.15.2/src/http/modules/ngx_http_ssl_module.h 2018-07-24 15:11:00.000000000 +0200 +++ new/nginx-1.15.3/src/http/modules/ngx_http_ssl_module.h 2018-08-28 17:36:00.000000000 +0200 @@ -20,6 +20,7 @@ ngx_ssl_t ssl; ngx_flag_t prefer_server_ciphers; + ngx_flag_t early_data; ngx_uint_t protocols; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.15.2/src/http/modules/ngx_http_upstream_keepalive_module.c new/nginx-1.15.3/src/http/modules/ngx_http_upstream_keepalive_module.c --- old/nginx-1.15.2/src/http/modules/ngx_http_upstream_keepalive_module.c 2018-07-24 15:11:00.000000000 +0200 +++ new/nginx-1.15.3/src/http/modules/ngx_http_upstream_keepalive_module.c 2018-08-28 17:36:00.000000000 +0200 @@ -12,6 +12,8 @@ typedef struct { ngx_uint_t max_cached; + ngx_uint_t requests; + ngx_msec_t timeout; ngx_queue_t cache; ngx_queue_t free; @@ -84,6 +86,20 @@ 0, NULL }, + { ngx_string("keepalive_timeout"), + NGX_HTTP_UPS_CONF|NGX_CONF_TAKE1, + ngx_conf_set_msec_slot, + NGX_HTTP_SRV_CONF_OFFSET, + offsetof(ngx_http_upstream_keepalive_srv_conf_t, timeout), + NULL }, + + { ngx_string("keepalive_requests"), + NGX_HTTP_UPS_CONF|NGX_CONF_TAKE1, + ngx_conf_set_num_slot, + NGX_HTTP_SRV_CONF_OFFSET, + offsetof(ngx_http_upstream_keepalive_srv_conf_t, requests), + NULL }, + ngx_null_command }; @@ -133,6 +149,9 @@ kcf = ngx_http_conf_upstream_srv_conf(us, ngx_http_upstream_keepalive_module); + ngx_conf_init_msec_value(kcf->timeout, 60000); + ngx_conf_init_uint_value(kcf->requests, 100); + if (kcf->original_init_upstream(cf, us) != NGX_OK) { return NGX_ERROR; } @@ -261,6 +280,10 @@ c->write->log = pc->log; c->pool->log = pc->log; + if (c->read->timer_set) { + ngx_del_timer(c->read); + } + pc->connection = c; pc->cached = 1; @@ -298,6 +321,10 @@ goto invalid; } + if (c->requests >= kp->conf->requests) { + goto invalid; + } + if (!u->keepalive) { goto invalid; } @@ -339,10 +366,9 @@ pc->connection = NULL; - if (c->read->timer_set) { - c->read->delayed = 0; - ngx_del_timer(c->read); - } + c->read->delayed = 0; + ngx_add_timer(c->read, kp->conf->timeout); + if (c->write->timer_set) { ngx_del_timer(c->write); } @@ -393,7 +419,7 @@ c = ev->data; - if (c->close) { + if (c->close || c->read->timedout) { goto close; } @@ -486,6 +512,9 @@ * conf->max_cached = 0; */ + conf->timeout = NGX_CONF_UNSET_MSEC; + conf->requests = NGX_CONF_UNSET_UINT; + return conf; } @@ -518,6 +547,8 @@ kcf->max_cached = n; + /* init upstream handler */ + uscf = ngx_http_conf_get_module_srv_conf(cf, ngx_http_upstream_module); kcf->original_init_upstream = uscf->peer.init_upstream diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.15.2/src/http/ngx_http_upstream.c new/nginx-1.15.3/src/http/ngx_http_upstream.c --- old/nginx-1.15.2/src/http/ngx_http_upstream.c 2018-07-24 15:11:00.000000000 +0200 +++ new/nginx-1.15.3/src/http/ngx_http_upstream.c 2018-08-28 17:36:00.000000000 +0200 @@ -1546,6 +1546,8 @@ c = u->peer.connection; + c->requests++; + c->data = r; c->write->handler = ngx_http_upstream_handler; @@ -2133,7 +2135,7 @@ out = u->request_bufs; if (r->request_body->bufs) { - for (cl = out; cl->next; cl = out->next) { /* void */ } + for (cl = out; cl->next; cl = cl->next) { /* void */ } cl->next = r->request_body->bufs; r->request_body->bufs = NULL; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.15.2/src/http/v2/ngx_http_v2.c new/nginx-1.15.3/src/http/v2/ngx_http_v2.c --- old/nginx-1.15.2/src/http/v2/ngx_http_v2.c 2018-07-24 15:11:00.000000000 +0200 +++ new/nginx-1.15.3/src/http/v2/ngx_http_v2.c 2018-08-28 17:36:00.000000000 +0200 @@ -270,8 +270,6 @@ h2c->frame_size = NGX_HTTP_V2_DEFAULT_FRAME_SIZE; - h2c->table_update = 1; - h2scf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_v2_module); h2c->concurrent_pushes = h2scf->concurrent_pushes; @@ -2075,6 +2073,11 @@ h2c->concurrent_pushes = ngx_min(value, h2scf->concurrent_pushes); break; + case NGX_HTTP_V2_HEADER_TABLE_SIZE_SETTING: + + h2c->table_update = 1; + break; + default: break; }