Hello community,
here is the log from the commit of package nginx for openSUSE:Factory checked
in at 2016-02-03 10:19:30
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/nginx (Old)
and /work/SRC/openSUSE:Factory/.nginx.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nginx"
Changes:
--------
--- /work/SRC/openSUSE:Factory/nginx/nginx.changes 2015-07-03
01:20:12.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.nginx.new/nginx.changes 2016-02-03
10:19:31.000000000 +0100
@@ -1,0 +2,57 @@
+Thu Jan 28 01:36:01 UTC 2016 - i...@marguerite.su
+
+- update version 1.8.1 stable
+ * Security: invalid pointer dereference might occur during DNS server
+ response processing if the "resolver" directive was used, allowing an
+ attacker who is able to forge UDP packets from the DNS server to
+ cause segmentation fault in a worker process (CVE-2016-0742). boo#963781
+ * Security: use-after-free condition might occur during CNAME response
+ processing if the "resolver" directive was used, allowing an attacker
+ who is able to trigger name resolution to cause segmentation fault in
+ a worker process, or might have potential other impact
+ (CVE-2016-0746). boo#963778
+ * Security: CNAME resolution was insufficiently limited if the
+ "resolver" directive was used, allowing an attacker who is able to
+ trigger arbitrary name resolution to cause excessive resource
+ consumption in worker processes (CVE-2016-0747). boo#963775
+ * Bugfix: the "proxy_protocol" parameter of the "listen" directive did
+ not work if not specified in the first "listen" directive for a
+ listen socket.
+ * Bugfix: nginx might fail to start on some old Linux variants; the bug
+ had appeared in 1.7.11.
+ * Bugfix: a segmentation fault might occur in a worker process if the
+ "try_files" and "alias" directives were used inside a location given
+ by a regular expression; the bug had appeared in 1.7.1.
+ * Bugfix: the "try_files" directive inside a nested location given by a
+ regular expression worked incorrectly if the "alias" directive was
+ used in the outer location.
+ * Bugfix: "header already sent" alerts might appear in logs when using
+ cache; the bug had appeared in 1.7.5.
+ * Bugfix: a segmentation fault might occur in a worker process if
+ different ssl_session_cache settings were used in different virtual
+ servers.
+ * Bugfix: the "expires" directive might not work when using variables.
+ * Bugfix: if nginx was built with the ngx_http_spdy_module it was
+ possible to use the SPDY protocol even if the "spdy" parameter of the
+ "listen" directive was not specified.
+
+-------------------------------------------------------------------
+Fri Oct 16 15:17:30 UTC 2015 - mrueck...@suse.de
+
+- use libGeoIP-devel everywhere
+
+-------------------------------------------------------------------
+Fri Oct 16 15:08:28 UTC 2015 - mrueck...@suse.de
+
+- replace custom "kill -QUIT" with the kill signal setting in
+ the service file
+
+-------------------------------------------------------------------
+Fri Oct 16 15:01:17 UTC 2015 - mrueck...@suse.de
+
+- clean up conditionals and use bcond_with* everywhere
+- drop passenger support for now
+ * drop nginx-1.8.0-passenger-4.0.18.patch
+ * drop nginx-1.4.2-passenger-4.0.18.patch
+
+-------------------------------------------------------------------
Old:
----
nginx-1.4.2-passenger-4.0.18.patch
nginx-1.8.0-passenger-4.0.18.patch
nginx-1.8.0.tar.gz
New:
----
nginx-1.8.1.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ nginx.spec ++++++
--- /var/tmp/diff_new_pack.JKEPd3/_old 2016-02-03 10:19:32.000000000 +0100
+++ /var/tmp/diff_new_pack.JKEPd3/_new 2016-02-03 10:19:32.000000000 +0100
@@ -1,7 +1,7 @@
#
# spec file for package nginx
#
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -16,6 +16,28 @@
#
+%bcond_with cpp_test
+%bcond_with google_perftools
+%bcond_without fancyindex
+
+%if 0%{?suse_version} != 1315
+%bcond_without libatomic
+%else
+%bcond_with libatomic
+%endif
+
+%if 0%{?suse_version} > 1220
+%bcond_without http2
+%else
+%bcond_with http2
+%endif
+
+%if 0%{?suse_version} >= 1210
+%bcond_without systemd
+%else
+%bcond_with systemd
+%endif
+
%define pkg_name nginx
%define ngx_prefix %{_prefix}
%define ngx_sbin_path %{_sbindir}/nginx
@@ -31,36 +53,19 @@
%define ngx_tmp_scgi %{ngx_home}/scgi/
%define ngx_tmp_uwsgi %{ngx_home}/uwsgi/
%define ngx_user_group nginx
-%define with_cpp_test 0
-%define with_google_perftools 0
-%define with_fancyindex 1
-%define fancyindex_version 0.3.5
-%if 0%{?suse_version} <= 1310
-%define ngx_pid_path %{_localstatedir}/run/nginx.pid
-%define ngx_lock_path %{_localstatedir}/run/nginx.lock
-%else
+#
+%if %{with systemd}
%define ngx_pid_path /run/nginx.pid
%define ngx_lock_path /run/nginx.lock
-%endif
-%if 0%{?suse_version} != 1315
-%define with_libatomic 1
-%endif
-%if 0%{?suse_version} >= 1220
-# passenger is required by webyast
-%if 0%{?suse_version} > 1310
-%define with_passenger 0
%else
-%define with_passenger 1
-%endif
-%endif
-%if 0%{?suse_version} >= 1210
-%define with_systemd 1
-BuildRequires: systemd
-%{?systemd_requires}
+%define ngx_pid_path %{_localstatedir}/run/nginx.pid
+%define ngx_lock_path %{_localstatedir}/run/nginx.lock
%endif
+#
Name: nginx
-Version: 1.8.0
+Version: 1.8.1
Release: 0
+%define fancyindex_version 0.3.5
Summary: A HTTP server and IMAP/POP3 proxy server
License: BSD-2-Clause
Group: Productivity/Networking/Web/Proxy
@@ -99,27 +104,20 @@
Provides: http_daemon
Provides: httpd
BuildRoot: %{_tmppath}/%{name}-%{version}-build
-%if 0%{?suse_version} == 1310
-Patch7: nginx-1.4.2-passenger-4.0.18.patch
-Patch8: nginx-1.8.0-passenger-4.0.18.patch
-%endif
-%if 0%{?suse_version} <= 1310
-BuildRequires: GeoIP-devel
-%else
+#
BuildRequires: libGeoIP-devel
-%endif
-%if 0%{?with_google_perftools}
+#
+%if %{with google_perftools}
BuildRequires: google-perftools-devel
%endif
-%if 0%{?with_libatomic}
+#
+%if %{with libatomic}
BuildRequires: libatomic-ops-devel
%endif
-%if 0%{?with_passenger}
-BuildRequires: curl-devel
-BuildRequires: ruby-devel
-BuildRequires: rubygem-passenger
-BuildRequires: rubygem-passenger-devel-static
-Recommends: packageand(rubygem-passenger:rubygem-passenger-nginx)
+#
+%if %{with systemd}
+BuildRequires: systemd
+%{?systemd_requires}
%endif
%description
@@ -127,7 +125,7 @@
It has been running on many heavily loaded Russian sites for more than two
years.
%prep
-%if 0%{?with_fancyindex}
+%if %{with fancyindex}
%setup -q -n %{pkg_name}-%{version} -b4
%else
%setup -q -n %{pkg_name}-%{version}
@@ -141,26 +139,14 @@
perl -pi -e 's|\r\n|\n|g' contrib/geo2nginx.pl
-%if 0%{?with_passenger}
-cp -a %{_libdir}/ruby/gems/%{rb_ver}/gems/passenger-* passenger
-%if 0%{?suse_version} < 1310
-if [[ -f "passenger/ext/common/libpassenger_common.a" ]] || \
- [[ -f "passenger/ext/common/libboost_oxt.a" ]]; then
- rm -r passenger/ext/common/libboost_oxt*
passenger/ext/common/libpassenger_common*
-fi
-%endif
-%patch7
-%patch8
-%endif
-
-%if 0%{with_fancyindex}
+%if %{with fancyindex}
mkdir -p ngx-fancyindex-%{fancyindex_version}
pushd ../ngx-fancyindex-%{fancyindex_version}
cp -r template* LICENSE *.rst
$RPM_BUILD_DIR/%{pkg_name}-%{version}/ngx-fancyindex-%{fancyindex_version}/
popd
%endif
-%if 0%{?suse_version} > 1310
+%if %{with systemd}
sed -i "s/\/var\/run/\/run/" %{_sourcedir}/nginx.init
%endif
@@ -181,13 +167,13 @@
--user=nginx --group=nginx \
--without-select_module \
--without-poll_module \
- --with-file-aio \
--with-threads \
+ --with-file-aio \
--with-ipv6 \
--with-http_ssl_module \
-%if 0%{?suse_version} > 1220
+ %if %{with http2}
--with-http_spdy_module \
-%endif
+ %endif
--with-http_realip_module \
--with-http_addition_module \
--with-http_xslt_module \
@@ -209,19 +195,16 @@
--with-mail \
--with-mail_ssl_module \
--with-pcre \
- %if 0%{?with_libatomic}
+ %if %{with libatomic}
--with-libatomic \
%endif
- %if 0%{?with_passenger}
- --add-module=passenger/ext/nginx \
- %endif
- %if 0%{?with_google_perftools}
+ %if %{with google_perftools}
--with-google_perftools_module \
%endif
- %if 0%{?with_cpp_test}
+ %if %{with cpp_test}
--with-cpp_test_module \
%endif
- %if 0%{with_fancyindex}
+ %if %{with fancyindex}
--add-module=../ngx-fancyindex-%{fancyindex_version} \
%endif
--with-md5=%{_prefix} \
@@ -242,7 +225,7 @@
install -D -m 0644 %{SOURCE2}
%{buildroot}%{_sysconfdir}/logrotate.d/%{pkg_name}
-%if 0%{?with_systemd}
+%if %{with systemd}
install -D -m 0644 %{SOURCE3} %{buildroot}%{_unitdir}/nginx.service
ln -s -f %{_sbindir}/service %{buildroot}%{_sbindir}/rcnginx
%else
@@ -253,21 +236,21 @@
rm %{buildroot}/srv/www/htdocs/index.html
%post
-%if 0%{?with_systemd}
+%if %{with systemd}
%service_add_post nginx.service
%else
%fillup_and_insserv %{pkg_name}
%endif
%preun
-%if 0%{?with_systemd}
+%if %{with systemd}
%service_del_preun nginx.service
%else
%stop_on_removal %{pkg_name}
%endif
%postun
-%if 0%{?with_systemd}
+%if %{with systemd}
%service_del_postun nginx.service
%else
%restart_on_update %{pkg_name}
@@ -278,7 +261,7 @@
%{_sbindir}/groupadd -r %{ngx_user_group} &>/dev/null ||:
%{_sbindir}/useradd -g %{ngx_user_group} -s /bin/false -r -c "user for
%{ngx_user_group}" -d %{ngx_home} %{ngx_user_group} &>/dev/null ||:
-%if 0%{?with_systemd}
+%if %{with systemd}
%service_add_pre nginx.service
%endif
@@ -319,10 +302,10 @@
%dir %attr(750,%{ngx_user_group},%{ngx_user_group}) %{ngx_tmp_uwsgi}
%doc CHANGES*
%doc conf/ contrib/
-%if 0%{with_fancyindex}
+%if %{with fancyindex}
%doc ngx-fancyindex-%{fancyindex_version}/
%endif
-%if 0%{?with_systemd}
+%if %{with systemd}
%{_unitdir}/nginx.service
%else
%{_sysconfdir}/init.d/%{pkg_name}
++++++ nginx-1.8.0.tar.gz -> nginx-1.8.1.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.8.0/CHANGES new/nginx-1.8.1/CHANGES
--- old/nginx-1.8.0/CHANGES 2015-04-21 16:12:06.000000000 +0200
+++ new/nginx-1.8.1/CHANGES 2016-01-26 15:39:38.000000000 +0100
@@ -1,4 +1,51 @@
+Changes with nginx 1.8.1 26 Jan 2016
+
+ *) Security: invalid pointer dereference might occur during DNS server
+ response processing if the "resolver" directive was used, allowing an
+ attacker who is able to forge UDP packets from the DNS server to
+ cause segmentation fault in a worker process (CVE-2016-0742).
+
+ *) Security: use-after-free condition might occur during CNAME response
+ processing if the "resolver" directive was used, allowing an attacker
+ who is able to trigger name resolution to cause segmentation fault in
+ a worker process, or might have potential other impact
+ (CVE-2016-0746).
+
+ *) Security: CNAME resolution was insufficiently limited if the
+ "resolver" directive was used, allowing an attacker who is able to
+ trigger arbitrary name resolution to cause excessive resource
+ consumption in worker processes (CVE-2016-0747).
+
+ *) Bugfix: the "proxy_protocol" parameter of the "listen" directive did
+ not work if not specified in the first "listen" directive for a
+ listen socket.
+
+ *) Bugfix: nginx might fail to start on some old Linux variants; the bug
+ had appeared in 1.7.11.
+
+ *) Bugfix: a segmentation fault might occur in a worker process if the
+ "try_files" and "alias" directives were used inside a location given
+ by a regular expression; the bug had appeared in 1.7.1.
+
+ *) Bugfix: the "try_files" directive inside a nested location given by a
+ regular expression worked incorrectly if the "alias" directive was
+ used in the outer location.
+
+ *) Bugfix: "header already sent" alerts might appear in logs when using
+ cache; the bug had appeared in 1.7.5.
+
+ *) Bugfix: a segmentation fault might occur in a worker process if
+ different ssl_session_cache settings were used in different virtual
+ servers.
+
+ *) Bugfix: the "expires" directive might not work when using variables.
+
+ *) Bugfix: if nginx was built with the ngx_http_spdy_module it was
+ possible to use the SPDY protocol even if the "spdy" parameter of the
+ "listen" directive was not specified.
+
+
Changes with nginx 1.8.0 21 Apr 2015
*) 1.8.x stable branch.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.8.0/CHANGES.ru new/nginx-1.8.1/CHANGES.ru
--- old/nginx-1.8.0/CHANGES.ru 2015-04-21 16:12:04.000000000 +0200
+++ new/nginx-1.8.1/CHANGES.ru 2016-01-26 15:39:36.000000000 +0100
@@ -1,4 +1,56 @@
+Изменения в nginx 1.8.1 26.01.2016
+
+ *) Безопасность: при использовании директивы resolver во время обработки
+ ответов DNS-сервера могло происходить разыменование некорректного
+ адреса, что позволяло атакующему, имеющему возможность подделывать
+ UDP-пакеты от DNS-сервера, вызвать segmentation fault в рабочем
+ процессе (CVE-2016-0742).
+
+ *) Безопасность: при использовании директивы resolver во время обработки
+ CNAME-записей могло произойти обращение к ранее освобождённой памяти,
+ что позволяло атакующему, имеющему возможность инициировать
+ преобразование произвольных имён в адреса, вызвать segmentation fault
+ в рабочем процессе, а также потенциально могло иметь другие
+ последствия (CVE-2016-0746).
+
+ *) Безопасность: при использовании директивы resolver во время обработки
+ CNAME-записей не во всех случаях проверялось ограничение на
+ максимальное количество записей в цепочке, что позволяло атакующему,
+ имеющему возможность инициировать преобразование произвольных имён в
+ адреса, вызвать чрезмерное потребление ресурсов рабочими процессами
+ (CVE-2016-0747).
+
+ *) Исправление: параметр proxy_protocol директивы listen не работал,
+ если не был указан в первой директиве listen для данного
+ listen-сокета.
+
+ *) Исправление: nginx мог не запускаться на некоторых старых версиях
+ Linux; ошибка появилась в 1.7.11.
+
+ *) Исправление: при совместном использовании директив try_files и alias
+ внутри location'а, заданного регулярным выражением, в рабочем
+ процессе мог произойти segmentation fault; ошибка появилась в 1.7.1.
+
+ *) Исправление: директива try_files внутри вложенного location'а,
+ заданного регулярным выражением, работала неправильно, если во
+ внешнем location'е использовалась директива alias.
+
+ *) Исправление: при использовании кэша в логах могли появляться
+ сообщения "header already sent"; ошибка появилась в 1.7.5.
+
+ *) Исправление: при использовании различных настроек ssl_session_cache в
+ разных виртуальных серверах в рабочем процессе мог произойти
+ segmentation fault.
+
+ *) Исправление: директива expires могла не срабатывать при использовании
+ переменных.
+
+ *) Исправление: если nginx был собран с модулем ngx_http_spdy_module,
+ протокол SPDY мог быть использован клиентом, даже если не был указан
+ параметр spdy директивы listen.
+
+
Изменения в nginx 1.8.0 21.04.2015
*) Стабильная ветка 1.8.x.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.8.0/src/core/nginx.h
new/nginx-1.8.1/src/core/nginx.h
--- old/nginx-1.8.0/src/core/nginx.h 2015-04-21 16:11:59.000000000 +0200
+++ new/nginx-1.8.1/src/core/nginx.h 2016-01-26 15:39:31.000000000 +0100
@@ -9,8 +9,8 @@
#define _NGINX_H_INCLUDED_
-#define nginx_version 1008000
-#define NGINX_VERSION "1.8.0"
+#define nginx_version 1008001
+#define NGINX_VERSION "1.8.1"
#define NGINX_VER "nginx/" NGINX_VERSION
#ifdef NGX_BUILD
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.8.0/src/core/ngx_parse.c
new/nginx-1.8.1/src/core/ngx_parse.c
--- old/nginx-1.8.0/src/core/ngx_parse.c 2015-04-21 16:11:59.000000000
+0200
+++ new/nginx-1.8.1/src/core/ngx_parse.c 2016-01-26 15:39:32.000000000
+0100
@@ -188,7 +188,7 @@
break;
case 'm':
- if (*p == 's') {
+ if (p < last && *p == 's') {
if (is_sec || step >= st_msec) {
return NGX_ERROR;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.8.0/src/core/ngx_resolver.c
new/nginx-1.8.1/src/core/ngx_resolver.c
--- old/nginx-1.8.0/src/core/ngx_resolver.c 2015-04-21 16:11:59.000000000
+0200
+++ new/nginx-1.8.1/src/core/ngx_resolver.c 2016-01-26 15:39:32.000000000
+0100
@@ -59,15 +59,15 @@
static void ngx_resolver_cleanup(void *data);
static void ngx_resolver_cleanup_tree(ngx_resolver_t *r, ngx_rbtree_t *tree);
static ngx_int_t ngx_resolve_name_locked(ngx_resolver_t *r,
- ngx_resolver_ctx_t *ctx);
+ ngx_resolver_ctx_t *ctx, ngx_str_t *name);
static void ngx_resolver_expire(ngx_resolver_t *r, ngx_rbtree_t *tree,
ngx_queue_t *queue);
static ngx_int_t ngx_resolver_send_query(ngx_resolver_t *r,
ngx_resolver_node_t *rn);
-static ngx_int_t ngx_resolver_create_name_query(ngx_resolver_node_t *rn,
- ngx_resolver_ctx_t *ctx);
-static ngx_int_t ngx_resolver_create_addr_query(ngx_resolver_node_t *rn,
- ngx_resolver_ctx_t *ctx);
+static ngx_int_t ngx_resolver_create_name_query(ngx_resolver_t *r,
+ ngx_resolver_node_t *rn, ngx_str_t *name);
+static ngx_int_t ngx_resolver_create_addr_query(ngx_resolver_t *r,
+ ngx_resolver_node_t *rn, ngx_addr_t *addr);
static void ngx_resolver_resend_handler(ngx_event_t *ev);
static time_t ngx_resolver_resend(ngx_resolver_t *r, ngx_rbtree_t *tree,
ngx_queue_t *queue);
@@ -375,7 +375,7 @@
/* lock name mutex */
- rc = ngx_resolve_name_locked(r, ctx);
+ rc = ngx_resolve_name_locked(r, ctx, &ctx->name);
if (rc == NGX_OK) {
return NGX_OK;
@@ -402,7 +402,6 @@
void
ngx_resolve_name_done(ngx_resolver_ctx_t *ctx)
{
- uint32_t hash;
ngx_resolver_t *r;
ngx_resolver_ctx_t *w, **p;
ngx_resolver_node_t *rn;
@@ -422,11 +421,9 @@
/* lock name mutex */
- if (ctx->state == NGX_AGAIN) {
-
- hash = ngx_crc32_short(ctx->name.data, ctx->name.len);
+ if (ctx->state == NGX_AGAIN || ctx->state == NGX_RESOLVE_TIMEDOUT) {
- rn = ngx_resolver_lookup_name(r, &ctx->name, hash);
+ rn = ctx->node;
if (rn) {
p = &rn->waiting;
@@ -467,23 +464,28 @@
static ngx_int_t
-ngx_resolve_name_locked(ngx_resolver_t *r, ngx_resolver_ctx_t *ctx)
+ngx_resolve_name_locked(ngx_resolver_t *r, ngx_resolver_ctx_t *ctx,
+ ngx_str_t *name)
{
uint32_t hash;
ngx_int_t rc;
+ ngx_str_t cname;
ngx_uint_t naddrs;
ngx_addr_t *addrs;
- ngx_resolver_ctx_t *next;
+ ngx_resolver_ctx_t *next, *last;
ngx_resolver_node_t *rn;
- ngx_strlow(ctx->name.data, ctx->name.data, ctx->name.len);
+ ngx_strlow(name->data, name->data, name->len);
- hash = ngx_crc32_short(ctx->name.data, ctx->name.len);
+ hash = ngx_crc32_short(name->data, name->len);
- rn = ngx_resolver_lookup_name(r, &ctx->name, hash);
+ rn = ngx_resolver_lookup_name(r, name, hash);
if (rn) {
+ /* ctx can be a list after NGX_RESOLVE_CNAME */
+ for (last = ctx; last->next; last = last->next);
+
if (rn->valid >= ngx_time()) {
ngx_log_debug0(NGX_LOG_DEBUG_CORE, r->log, 0, "resolve cached");
@@ -511,7 +513,7 @@
}
}
- ctx->next = rn->waiting;
+ last->next = rn->waiting;
rn->waiting = NULL;
/* unlock name mutex */
@@ -551,13 +553,13 @@
if (ctx->recursion++ < NGX_RESOLVER_MAX_RECURSION) {
- ctx->name.len = rn->cnlen;
- ctx->name.data = rn->u.cname;
+ cname.len = rn->cnlen;
+ cname.data = rn->u.cname;
- return ngx_resolve_name_locked(r, ctx);
+ return ngx_resolve_name_locked(r, ctx, &cname);
}
- ctx->next = rn->waiting;
+ last->next = rn->waiting;
rn->waiting = NULL;
/* unlock name mutex */
@@ -576,10 +578,29 @@
if (rn->waiting) {
- ctx->next = rn->waiting;
+ if (ctx->event == NULL) {
+ ctx->event = ngx_resolver_calloc(r, sizeof(ngx_event_t));
+ if (ctx->event == NULL) {
+ return NGX_ERROR;
+ }
+
+ ctx->event->handler = ngx_resolver_timeout_handler;
+ ctx->event->data = ctx;
+ ctx->event->log = r->log;
+ ctx->ident = -1;
+
+ ngx_add_timer(ctx->event, ctx->timeout);
+ }
+
+ last->next = rn->waiting;
rn->waiting = ctx;
ctx->state = NGX_AGAIN;
+ do {
+ ctx->node = rn;
+ ctx = ctx->next;
+ } while (ctx);
+
return NGX_AGAIN;
}
@@ -618,14 +639,14 @@
return NGX_ERROR;
}
- rn->name = ngx_resolver_dup(r, ctx->name.data, ctx->name.len);
+ rn->name = ngx_resolver_dup(r, name->data, name->len);
if (rn->name == NULL) {
ngx_resolver_free(r, rn);
return NGX_ERROR;
}
rn->node.key = hash;
- rn->nlen = (u_short) ctx->name.len;
+ rn->nlen = (u_short) name->len;
rn->query = NULL;
#if (NGX_HAVE_INET6)
rn->query6 = NULL;
@@ -634,7 +655,7 @@
ngx_rbtree_insert(&r->name_rbtree, &rn->node);
}
- rc = ngx_resolver_create_name_query(rn, ctx);
+ rc = ngx_resolver_create_name_query(r, rn, name);
if (rc == NGX_ERROR) {
goto failed;
@@ -647,8 +668,14 @@
ngx_resolver_free(r, rn->name);
ngx_resolver_free(r, rn);
- ctx->state = NGX_RESOLVE_NXDOMAIN;
- ctx->handler(ctx);
+ do {
+ ctx->state = NGX_RESOLVE_NXDOMAIN;
+ next = ctx->next;
+
+ ctx->handler(ctx);
+
+ ctx = next;
+ } while (ctx);
return NGX_OK;
}
@@ -669,9 +696,9 @@
}
ctx->event->handler = ngx_resolver_timeout_handler;
- ctx->event->data = rn;
+ ctx->event->data = ctx;
ctx->event->log = r->log;
- rn->ident = -1;
+ ctx->ident = -1;
ngx_add_timer(ctx->event, ctx->timeout);
}
@@ -692,6 +719,11 @@
ctx->state = NGX_AGAIN;
+ do {
+ ctx->node = rn;
+ ctx = ctx->next;
+ } while (ctx);
+
return NGX_AGAIN;
failed:
@@ -799,9 +831,22 @@
if (rn->waiting) {
+ ctx->event = ngx_resolver_calloc(r, sizeof(ngx_event_t));
+ if (ctx->event == NULL) {
+ return NGX_ERROR;
+ }
+
+ ctx->event->handler = ngx_resolver_timeout_handler;
+ ctx->event->data = ctx;
+ ctx->event->log = r->log;
+ ctx->ident = -1;
+
+ ngx_add_timer(ctx->event, ctx->timeout);
+
ctx->next = rn->waiting;
rn->waiting = ctx;
ctx->state = NGX_AGAIN;
+ ctx->node = rn;
/* unlock addr mutex */
@@ -843,7 +888,7 @@
ngx_rbtree_insert(tree, &rn->node);
}
- if (ngx_resolver_create_addr_query(rn, ctx) != NGX_OK) {
+ if (ngx_resolver_create_addr_query(r, rn, &ctx->addr) != NGX_OK) {
goto failed;
}
@@ -862,9 +907,9 @@
}
ctx->event->handler = ngx_resolver_timeout_handler;
- ctx->event->data = rn;
+ ctx->event->data = ctx;
ctx->event->log = r->log;
- rn->ident = -1;
+ ctx->ident = -1;
ngx_add_timer(ctx->event, ctx->timeout);
@@ -887,6 +932,7 @@
/* unlock addr mutex */
ctx->state = NGX_AGAIN;
+ ctx->node = rn;
return NGX_OK;
@@ -917,17 +963,11 @@
void
ngx_resolve_addr_done(ngx_resolver_ctx_t *ctx)
{
- in_addr_t addr;
ngx_queue_t *expire_queue;
ngx_rbtree_t *tree;
ngx_resolver_t *r;
ngx_resolver_ctx_t *w, **p;
- struct sockaddr_in *sin;
ngx_resolver_node_t *rn;
-#if (NGX_HAVE_INET6)
- uint32_t hash;
- struct sockaddr_in6 *sin6;
-#endif
r = ctx->resolver;
@@ -954,23 +994,9 @@
/* lock addr mutex */
- if (ctx->state == NGX_AGAIN) {
-
- switch (ctx->addr.sockaddr->sa_family) {
-
-#if (NGX_HAVE_INET6)
- case AF_INET6:
- sin6 = (struct sockaddr_in6 *) ctx->addr.sockaddr;
- hash = ngx_crc32_short(sin6->sin6_addr.s6_addr, 16);
- rn = ngx_resolver_lookup_addr6(r, &sin6->sin6_addr, hash);
- break;
-#endif
+ if (ctx->state == NGX_AGAIN || ctx->state == NGX_RESOLVE_TIMEDOUT) {
- default: /* AF_INET */
- sin = (struct sockaddr_in *) ctx->addr.sockaddr;
- addr = ntohl(sin->sin_addr.s_addr);
- rn = ngx_resolver_lookup_addr(r, addr);
- }
+ rn = ctx->node;
if (rn) {
p = &rn->waiting;
@@ -1292,7 +1318,7 @@
times = 0;
for (q = ngx_queue_head(&r->name_resend_queue);
- q != ngx_queue_sentinel(&r->name_resend_queue) || times++ < 100;
+ q != ngx_queue_sentinel(&r->name_resend_queue) && times++ < 100;
q = ngx_queue_next(q))
{
rn = ngx_queue_data(q, ngx_resolver_node_t, queue);
@@ -1955,20 +1981,39 @@
ngx_queue_insert_head(&r->name_expire_queue, &rn->queue);
+ ngx_resolver_free(r, rn->query);
+ rn->query = NULL;
+#if (NGX_HAVE_INET6)
+ rn->query6 = NULL;
+#endif
+
ctx = rn->waiting;
rn->waiting = NULL;
if (ctx) {
- ctx->name = name;
- (void) ngx_resolve_name_locked(r, ctx);
- }
+ if (ctx->recursion++ >= NGX_RESOLVER_MAX_RECURSION) {
- ngx_resolver_free(r, rn->query);
- rn->query = NULL;
-#if (NGX_HAVE_INET6)
- rn->query6 = NULL;
-#endif
+ /* unlock name mutex */
+
+ do {
+ ctx->state = NGX_RESOLVE_NXDOMAIN;
+ next = ctx->next;
+
+ ctx->handler(ctx);
+
+ ctx = next;
+ } while (ctx);
+
+ return;
+ }
+
+ for (next = ctx; next; next = next->next) {
+ next->node = NULL;
+ }
+
+ (void) ngx_resolve_name_locked(r, ctx, &name);
+ }
/* unlock name mutex */
@@ -2476,27 +2521,23 @@
static ngx_int_t
-ngx_resolver_create_name_query(ngx_resolver_node_t *rn, ngx_resolver_ctx_t
*ctx)
+ngx_resolver_create_name_query(ngx_resolver_t *r, ngx_resolver_node_t *rn,
+ ngx_str_t *name)
{
u_char *p, *s;
size_t len, nlen;
ngx_uint_t ident;
-#if (NGX_HAVE_INET6)
- ngx_resolver_t *r;
-#endif
ngx_resolver_qs_t *qs;
ngx_resolver_hdr_t *query;
- nlen = ctx->name.len ? (1 + ctx->name.len + 1) : 1;
+ nlen = name->len ? (1 + name->len + 1) : 1;
len = sizeof(ngx_resolver_hdr_t) + nlen + sizeof(ngx_resolver_qs_t);
#if (NGX_HAVE_INET6)
- r = ctx->resolver;
-
- p = ngx_resolver_alloc(ctx->resolver, r->ipv6 ? len * 2 : len);
+ p = ngx_resolver_alloc(r, r->ipv6 ? len * 2 : len);
#else
- p = ngx_resolver_alloc(ctx->resolver, len);
+ p = ngx_resolver_alloc(r, len);
#endif
if (p == NULL) {
return NGX_ERROR;
@@ -2515,8 +2556,8 @@
ident = ngx_random();
- ngx_log_debug2(NGX_LOG_DEBUG_CORE, ctx->resolver->log, 0,
- "resolve: \"%V\" A %i", &ctx->name, ident & 0xffff);
+ ngx_log_debug2(NGX_LOG_DEBUG_CORE, r->log, 0,
+ "resolve: \"%V\" A %i", name, ident & 0xffff);
query->ident_hi = (u_char) ((ident >> 8) & 0xff);
query->ident_lo = (u_char) (ident & 0xff);
@@ -2546,11 +2587,11 @@
p--;
*p-- = '\0';
- if (ctx->name.len == 0) {
+ if (name->len == 0) {
return NGX_DECLINED;
}
- for (s = ctx->name.data + ctx->name.len - 1; s >= ctx->name.data; s--) {
+ for (s = name->data + name->len - 1; s >= name->data; s--) {
if (*s != '.') {
*p = *s;
len++;
@@ -2586,8 +2627,8 @@
ident = ngx_random();
- ngx_log_debug2(NGX_LOG_DEBUG_CORE, ctx->resolver->log, 0,
- "resolve: \"%V\" AAAA %i", &ctx->name, ident & 0xffff);
+ ngx_log_debug2(NGX_LOG_DEBUG_CORE, r->log, 0,
+ "resolve: \"%V\" AAAA %i", name, ident & 0xffff);
query->ident_hi = (u_char) ((ident >> 8) & 0xff);
query->ident_lo = (u_char) (ident & 0xff);
@@ -2604,11 +2645,12 @@
static ngx_int_t
-ngx_resolver_create_addr_query(ngx_resolver_node_t *rn, ngx_resolver_ctx_t
*ctx)
+ngx_resolver_create_addr_query(ngx_resolver_t *r, ngx_resolver_node_t *rn,
+ ngx_addr_t *addr)
{
u_char *p, *d;
size_t len;
- in_addr_t addr;
+ in_addr_t inaddr;
ngx_int_t n;
ngx_uint_t ident;
ngx_resolver_hdr_t *query;
@@ -2617,7 +2659,7 @@
struct sockaddr_in6 *sin6;
#endif
- switch (ctx->addr.sockaddr->sa_family) {
+ switch (addr->sockaddr->sa_family) {
#if (NGX_HAVE_INET6)
case AF_INET6:
@@ -2634,7 +2676,7 @@
+ sizeof(ngx_resolver_qs_t);
}
- p = ngx_resolver_alloc(ctx->resolver, len);
+ p = ngx_resolver_alloc(r, len);
if (p == NULL) {
return NGX_ERROR;
}
@@ -2658,11 +2700,11 @@
p += sizeof(ngx_resolver_hdr_t);
- switch (ctx->addr.sockaddr->sa_family) {
+ switch (addr->sockaddr->sa_family) {
#if (NGX_HAVE_INET6)
case AF_INET6:
- sin6 = (struct sockaddr_in6 *) ctx->addr.sockaddr;
+ sin6 = (struct sockaddr_in6 *) addr->sockaddr;
for (n = 15; n >= 0; n--) {
p = ngx_sprintf(p, "\1%xd\1%xd",
@@ -2677,11 +2719,11 @@
default: /* AF_INET */
- sin = (struct sockaddr_in *) ctx->addr.sockaddr;
- addr = ntohl(sin->sin_addr.s_addr);
+ sin = (struct sockaddr_in *) addr->sockaddr;
+ inaddr = ntohl(sin->sin_addr.s_addr);
for (n = 0; n < 32; n += 8) {
- d = ngx_sprintf(&p[1], "%ud", (addr >> n) & 0xff);
+ d = ngx_sprintf(&p[1], "%ud", (inaddr >> n) & 0xff);
*p = (u_char) (d - &p[1]);
p = d;
}
@@ -2795,21 +2837,13 @@
static void
ngx_resolver_timeout_handler(ngx_event_t *ev)
{
- ngx_resolver_ctx_t *ctx, *next;
- ngx_resolver_node_t *rn;
+ ngx_resolver_ctx_t *ctx;
- rn = ev->data;
- ctx = rn->waiting;
- rn->waiting = NULL;
+ ctx = ev->data;
- do {
- ctx->state = NGX_RESOLVE_TIMEDOUT;
- next = ctx->next;
-
- ctx->handler(ctx);
+ ctx->state = NGX_RESOLVE_TIMEDOUT;
- ctx = next;
- } while (ctx);
+ ctx->handler(ctx);
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.8.0/src/core/ngx_resolver.h
new/nginx-1.8.1/src/core/ngx_resolver.h
--- old/nginx-1.8.0/src/core/ngx_resolver.h 2015-04-21 16:11:59.000000000
+0200
+++ new/nginx-1.8.1/src/core/ngx_resolver.h 2016-01-26 15:39:32.000000000
+0100
@@ -51,15 +51,11 @@
typedef struct {
- /* PTR: resolved name, A: name to resolve */
- u_char *name;
-
+ ngx_rbtree_node_t node;
ngx_queue_t queue;
- /* event ident must be after 3 pointers as in ngx_connection_t */
- ngx_int_t ident;
-
- ngx_rbtree_node_t node;
+ /* PTR: resolved name, A: name to resolve */
+ u_char *name;
#if (NGX_HAVE_INET6)
/* PTR: IPv6 address to resolve (IPv4 address is in rbtree node key) */
@@ -147,6 +143,9 @@
ngx_resolver_t *resolver;
ngx_udp_connection_t *udp_connection;
+ /* event ident must be after 3 pointers as in ngx_connection_t */
+ ngx_int_t ident;
+
ngx_int_t state;
ngx_str_t name;
@@ -162,6 +161,8 @@
ngx_uint_t quick; /* unsigned quick:1; */
ngx_uint_t recursion;
ngx_event_t *event;
+
+ ngx_resolver_node_t *node;
};
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.8.0/src/event/modules/ngx_epoll_module.c
new/nginx-1.8.1/src/event/modules/ngx_epoll_module.c
--- old/nginx-1.8.0/src/event/modules/ngx_epoll_module.c 2015-04-21
16:12:00.000000000 +0200
+++ new/nginx-1.8.1/src/event/modules/ngx_epoll_module.c 2016-01-26
15:39:32.000000000 +0100
@@ -329,7 +329,7 @@
#if (NGX_HAVE_EVENTFD)
if (ngx_epoll_notify_init(cycle->log) != NGX_OK) {
- return NGX_ERROR;
+ ngx_epoll_module_ctx.actions.notify = NULL;
}
#endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.8.0/src/event/ngx_event_openssl.c
new/nginx-1.8.1/src/event/ngx_event_openssl.c
--- old/nginx-1.8.0/src/event/ngx_event_openssl.c 2015-04-21
16:12:00.000000000 +0200
+++ new/nginx-1.8.1/src/event/ngx_event_openssl.c 2016-01-26
15:39:32.000000000 +0100
@@ -1038,6 +1038,8 @@
sc->buffer = ((flags & NGX_SSL_BUFFER) != 0);
sc->buffer_size = ssl->buffer_size;
+ sc->session_ctx = ssl->ctx;
+
sc->connection = SSL_new(ssl->ctx);
if (sc->connection == NULL) {
@@ -2303,7 +2305,7 @@
c = ngx_ssl_get_connection(ssl_conn);
- ssl_ctx = SSL_get_SSL_CTX(ssl_conn);
+ ssl_ctx = c->ssl->session_ctx;
shm_zone = SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_session_cache_index);
cache = shm_zone->data;
@@ -2441,21 +2443,17 @@
ngx_ssl_sess_id_t *sess_id;
ngx_ssl_session_cache_t *cache;
u_char buf[NGX_SSL_MAX_SESSION_SIZE];
-#if (NGX_DEBUG)
ngx_connection_t *c;
-#endif
hash = ngx_crc32_short(id, (size_t) len);
*copy = 0;
-#if (NGX_DEBUG)
c = ngx_ssl_get_connection(ssl_conn);
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
"ssl get session: %08XD:%d", hash, len);
-#endif
- shm_zone = SSL_CTX_get_ex_data(SSL_get_SSL_CTX(ssl_conn),
+ shm_zone = SSL_CTX_get_ex_data(c->ssl->session_ctx,
ngx_ssl_session_cache_index);
cache = shm_zone->data;
@@ -2834,13 +2832,14 @@
SSL_CTX *ssl_ctx;
ngx_uint_t i;
ngx_array_t *keys;
+ ngx_connection_t *c;
ngx_ssl_session_ticket_key_t *key;
#if (NGX_DEBUG)
u_char buf[32];
- ngx_connection_t *c;
#endif
- ssl_ctx = SSL_get_SSL_CTX(ssl_conn);
+ c = ngx_ssl_get_connection(ssl_conn);
+ ssl_ctx = c->ssl->session_ctx;
keys = SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_session_ticket_keys_index);
if (keys == NULL) {
@@ -2849,10 +2848,6 @@
key = keys->elts;
-#if (NGX_DEBUG)
- c = ngx_ssl_get_connection(ssl_conn);
-#endif
-
if (enc == 1) {
/* encrypt session ticket */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.8.0/src/event/ngx_event_openssl.h
new/nginx-1.8.1/src/event/ngx_event_openssl.h
--- old/nginx-1.8.0/src/event/ngx_event_openssl.h 2015-04-21
16:12:00.000000000 +0200
+++ new/nginx-1.8.1/src/event/ngx_event_openssl.h 2016-01-26
15:39:32.000000000 +0100
@@ -46,6 +46,7 @@
typedef struct {
ngx_ssl_conn_t *connection;
+ SSL_CTX *session_ctx;
ngx_int_t last;
ngx_buf_t *buf;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.8.0/src/http/ngx_http.c
new/nginx-1.8.1/src/http/ngx_http.c
--- old/nginx-1.8.0/src/http/ngx_http.c 2015-04-21 16:12:00.000000000 +0200
+++ new/nginx-1.8.1/src/http/ngx_http.c 2016-01-26 15:39:32.000000000 +0100
@@ -1220,7 +1220,7 @@
{
u_char *p;
size_t len, off;
- ngx_uint_t i, default_server;
+ ngx_uint_t i, default_server, proxy_protocol;
struct sockaddr *sa;
ngx_http_conf_addr_t *addr;
#if (NGX_HAVE_UNIX_DOMAIN)
@@ -1281,6 +1281,8 @@
/* preserve default_server bit during listen options overwriting */
default_server = addr[i].opt.default_server;
+ proxy_protocol = lsopt->proxy_protocol || addr[i].opt.proxy_protocol;
+
#if (NGX_HTTP_SSL)
ssl = lsopt->ssl || addr[i].opt.ssl;
#endif
@@ -1314,6 +1316,7 @@
}
addr[i].opt.default_server = default_server;
+ addr[i].opt.proxy_protocol = proxy_protocol;
#if (NGX_HTTP_SSL)
addr[i].opt.ssl = ssl;
#endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.8.0/src/http/ngx_http_core_module.c
new/nginx-1.8.1/src/http/ngx_http_core_module.c
--- old/nginx-1.8.0/src/http/ngx_http_core_module.c 2015-04-21
16:12:00.000000000 +0200
+++ new/nginx-1.8.1/src/http/ngx_http_core_module.c 2016-01-26
15:39:32.000000000 +0100
@@ -1272,7 +1272,9 @@
*e.pos = '\0';
- if (alias && ngx_strncmp(name, clcf->name.data, alias) == 0) {
+ if (alias && alias != NGX_MAX_SIZE_T_VALUE
+ && ngx_strncmp(name, r->uri.data, alias) == 0)
+ {
ngx_memmove(name, name + alias, len - alias);
path.len -= alias;
}
@@ -1355,6 +1357,8 @@
}
} else {
+ name = r->uri.data;
+
r->uri.len = alias + path.len;
r->uri.data = ngx_pnalloc(r->pool, r->uri.len);
if (r->uri.data == NULL) {
@@ -1362,8 +1366,8 @@
return NGX_OK;
}
- p = ngx_copy(r->uri.data, clcf->name.data, alias);
- ngx_memcpy(p, name, path.len);
+ p = ngx_copy(r->uri.data, name, alias);
+ ngx_memcpy(p, path.data, path.len);
}
ngx_http_set_exten(r);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.8.0/src/http/ngx_http_request.c
new/nginx-1.8.1/src/http/ngx_http_request.c
--- old/nginx-1.8.0/src/http/ngx_http_request.c 2015-04-21 16:12:01.000000000
+0200
+++ new/nginx-1.8.1/src/http/ngx_http_request.c 2016-01-26 15:39:33.000000000
+0100
@@ -770,24 +770,32 @@
{
unsigned int len;
const unsigned char *data;
+ ngx_http_connection_t *hc;
static const ngx_str_t spdy = ngx_string(NGX_SPDY_NPN_NEGOTIATED);
+ hc = c->data;
+
+ if (hc->addr_conf->spdy) {
+
#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
- SSL_get0_alpn_selected(c->ssl->connection, &data, &len);
+ SSL_get0_alpn_selected(c->ssl->connection, &data, &len);
#ifdef TLSEXT_TYPE_next_proto_neg
- if (len == 0) {
- SSL_get0_next_proto_negotiated(c->ssl->connection, &data, &len);
- }
+ if (len == 0) {
+ SSL_get0_next_proto_negotiated(c->ssl->connection, &data,
&len);
+ }
#endif
#else /* TLSEXT_TYPE_next_proto_neg */
- SSL_get0_next_proto_negotiated(c->ssl->connection, &data, &len);
+ SSL_get0_next_proto_negotiated(c->ssl->connection, &data, &len);
#endif
- if (len == spdy.len && ngx_strncmp(data, spdy.data, spdy.len) == 0) {
- ngx_http_spdy_init(c->read);
- return;
+ if (len == spdy.len
+ && ngx_strncmp(data, spdy.data, spdy.len) == 0)
+ {
+ ngx_http_spdy_init(c->read);
+ return;
+ }
}
}
#endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.8.0/src/http/ngx_http_upstream.c
new/nginx-1.8.1/src/http/ngx_http_upstream.c
--- old/nginx-1.8.0/src/http/ngx_http_upstream.c 2015-04-21
16:12:01.000000000 +0200
+++ new/nginx-1.8.1/src/http/ngx_http_upstream.c 2016-01-26
15:39:33.000000000 +0100
@@ -530,15 +530,24 @@
r->write_event_handler = ngx_http_request_empty_handler;
- if (rc == NGX_DONE) {
- return;
- }
-
if (rc == NGX_ERROR) {
ngx_http_finalize_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR);
return;
}
+ if (rc == NGX_OK) {
+ rc = ngx_http_upstream_cache_send(r, u);
+
+ if (rc == NGX_DONE) {
+ return;
+ }
+
+ if (rc == NGX_HTTP_UPSTREAM_INVALID_HEADER) {
+ rc = NGX_DECLINED;
+ r->cached = 0;
+ }
+ }
+
if (rc != NGX_DECLINED) {
ngx_http_finalize_request(r, rc);
return;
@@ -833,13 +842,7 @@
case NGX_OK:
- rc = ngx_http_upstream_cache_send(r, u);
-
- if (rc != NGX_HTTP_UPSTREAM_INVALID_HEADER) {
- return rc;
- }
-
- break;
+ return NGX_OK;
case NGX_HTTP_CACHE_STALE:
++++++ nginx.service ++++++
--- /var/tmp/diff_new_pack.JKEPd3/_old 2016-02-03 10:19:32.000000000 +0100
+++ /var/tmp/diff_new_pack.JKEPd3/_new 2016-02-03 10:19:32.000000000 +0100
@@ -3,11 +3,14 @@
After=network.target remote-fs.target nss-lookup.target
[Service]
+PIDFile=/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t
ExecStart=/usr/sbin/nginx -g "daemon off;"
ExecReload=/bin/kill -s HUP $MAINPID
-ExecStop=/bin/kill -s QUIT $MAINPID
+KillSignal=SIGQUIT
+TimeoutStopSec=5
+KillMode=mixed
PrivateTmp=true
[Install]
-WantedBy=multi-user.target
\ No newline at end of file
+WantedBy=multi-user.target
