Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package nginx for openSUSE:Factory checked
in at 2022-07-22 19:20:12
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/nginx (Old)
and /work/SRC/openSUSE:Factory/.nginx.new.21925 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nginx"
Fri Jul 22 19:20:12 2022 rev:76 rq:990292 version:1.23.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/nginx/nginx.changes 2022-06-24
08:45:23.675144825 +0200
+++ /work/SRC/openSUSE:Factory/.nginx.new.21925/nginx.changes 2022-07-22
19:20:13.220556948 +0200
@@ -1,0 +2,14 @@
+Tue Jul 19 17:47:28 UTC 2022 - Michael Str??der <mich...@stroeder.com>
+
+- Updated to 1.23.1
+ * Feature: memory usage optimization in configurations with SSL proxying.
+ * Feature: looking up of IPv4 addresses while resolving now can be
+ disabled with the "ipv4=off" parameter of the "resolver" directive.
+ * Change: the logging level of the "bad key share", "bad extension",
+ "bad cipher", and "bad ecpoint" SSL errors has been lowered from "crit" to
"info".
+ * Bugfix: while returning byte ranges nginx did not remove the
+ "Content-Range" header line if it was present in the original backend
response.
+ * Bugfix: a proxied response might be truncated during reconfiguration
+ on Linux; the bug had appeared in 1.17.5.
+
+-------------------------------------------------------------------
Old:
----
nginx-1.23.0.tar.gz
nginx-1.23.0.tar.gz.asc
New:
----
nginx-1.23.1.tar.gz
nginx-1.23.1.tar.gz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ nginx.spec ++++++
--- /var/tmp/diff_new_pack.GQxGpN/_old 2022-07-22 19:20:13.880558082 +0200
+++ /var/tmp/diff_new_pack.GQxGpN/_new 2022-07-22 19:20:13.884558088 +0200
@@ -23,7 +23,7 @@
%bcond_with ngx_google_perftools
#
Name: nginx
-Version: 1.23.0
+Version: 1.23.1
Release: 0
Summary: A HTTP server and IMAP/POP3 proxy server
License: BSD-2-Clause
@@ -46,9 +46,9 @@
Patch3: %{name}-1.6.1-default_config.patch
# PATCH-FIX-UPSTREAM nginx-aio.patch fix support for Linux AIO
Patch4: %{name}-aio.patch
+BuildRequires: %{name}-macros
BuildRequires: gcc-c++
BuildRequires: libatomic-ops-devel
-BuildRequires: %{name}-macros
BuildRequires: pkgconfig
BuildRequires: sysuser-shadow
BuildRequires: sysuser-tools
@@ -60,11 +60,11 @@
BuildRequires: pkgconfig(systemd)
BuildRequires: pkgconfig(zlib)
%requires_eq perl
-Recommends: logrotate
Recommends: %{name}-module-fancyindex
Recommends: %{name}-module-geoip2
Recommends: %{name}-module-headers-more
Recommends: %{name}-module-http-flv
+Recommends: logrotate
Provides: http_daemon
Provides: httpd
%{?systemd_ordering}
++++++ nginx-1.23.0.tar.gz -> nginx-1.23.1.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.23.0/CHANGES new/nginx-1.23.1/CHANGES
--- old/nginx-1.23.0/CHANGES 2022-06-21 16:25:46.000000000 +0200
+++ new/nginx-1.23.1/CHANGES 2022-07-19 16:05:34.000000000 +0200
@@ -1,4 +1,24 @@
+Changes with nginx 1.23.1 19 Jul 2022
+
+ *) Feature: memory usage optimization in configurations with SSL
+ proxying.
+
+ *) Feature: looking up of IPv4 addresses while resolving now can be
+ disabled with the "ipv4=off" parameter of the "resolver" directive.
+
+ *) Change: the logging level of the "bad key share", "bad extension",
+ "bad cipher", and "bad ecpoint" SSL errors has been lowered from
+ "crit" to "info".
+
+ *) Bugfix: while returning byte ranges nginx did not remove the
+ "Content-Range" header line if it was present in the original backend
+ response.
+
+ *) Bugfix: a proxied response might be truncated during reconfiguration
+ on Linux; the bug had appeared in 1.17.5.
+
+
Changes with nginx 1.23.0 21 Jun 2022
*) Change in internal API: now header lines are represented as linked
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.23.0/CHANGES.ru new/nginx-1.23.1/CHANGES.ru
--- old/nginx-1.23.0/CHANGES.ru 2022-06-21 16:25:42.000000000 +0200
+++ new/nginx-1.23.1/CHANGES.ru 2022-07-19 16:05:32.000000000 +0200
@@ -1,4 +1,24 @@
+?????????????????? ?? nginx 1.23.1
19.07.2022
+
+ *) ????????????????????: ?????????????????????? ??????????????????????????
???????????? ?? ?????????????????????????? ??
+ SSL-????????????????????????????.
+
+ *) ????????????????????: ???????????? ?? ?????????????? ??????????????????
"ipv4=off" ??????????????????
+ "resolver" ?????????? ?????????????????? ?????????? IPv4-??????????????
?????? ???????????????????????????? ????????
+ ?? ????????????.
+
+ *) ??????????????????: ?????????????? ????????????????????????
???????????? SSL "bad key share", "bad
+ extension", "bad cipher" ?? "bad ecpoint" ?????????????? ??
???????????? crit ????
+ info.
+
+ *) ??????????????????????: ?????? ???????????????? ????????????????????
nginx ???? ???????????? ???????????? ??????????????????
+ "Content-Range", ???????? ?????? ???????????????????????????? ??
???????????????? ???????????? ??????????????.
+
+ *) ??????????????????????: ???????????????????????????? ?????????? ??????
???????? ?????????????????? ???? ?????????????????? ??????
+ ???????????????????????????????? ???? Linux; ????????????
?????????????????? ?? 1.17.5.
+
+
?????????????????? ?? nginx 1.23.0
21.06.2022
*) ?????????????????? ???? ???????????????????? API: ????????????
???????????? ???????????????????? ????????????????????????
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.23.0/src/core/nginx.h
new/nginx-1.23.1/src/core/nginx.h
--- old/nginx-1.23.0/src/core/nginx.h 2022-06-21 16:25:37.000000000 +0200
+++ new/nginx-1.23.1/src/core/nginx.h 2022-07-19 16:05:27.000000000 +0200
@@ -9,8 +9,8 @@
#define _NGINX_H_INCLUDED_
-#define nginx_version 1023000
-#define NGINX_VERSION "1.23.0"
+#define nginx_version 1023001
+#define NGINX_VERSION "1.23.1"
#define NGINX_VER "nginx/" NGINX_VERSION
#ifdef NGX_BUILD
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.23.0/src/core/ngx_resolver.c
new/nginx-1.23.1/src/core/ngx_resolver.c
--- old/nginx-1.23.0/src/core/ngx_resolver.c 2022-06-21 16:25:37.000000000
+0200
+++ new/nginx-1.23.1/src/core/ngx_resolver.c 2022-07-19 16:05:27.000000000
+0200
@@ -157,6 +157,8 @@
cln->handler = ngx_resolver_cleanup;
cln->data = r;
+ r->ipv4 = 1;
+
ngx_rbtree_init(&r->name_rbtree, &r->name_sentinel,
ngx_resolver_rbtree_insert_value);
@@ -225,6 +227,23 @@
}
#if (NGX_HAVE_INET6)
+ if (ngx_strncmp(names[i].data, "ipv4=", 5) == 0) {
+
+ if (ngx_strcmp(&names[i].data[5], "on") == 0) {
+ r->ipv4 = 1;
+
+ } else if (ngx_strcmp(&names[i].data[5], "off") == 0) {
+ r->ipv4 = 0;
+
+ } else {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "invalid parameter: %V", &names[i]);
+ return NULL;
+ }
+
+ continue;
+ }
+
if (ngx_strncmp(names[i].data, "ipv6=", 5) == 0) {
if (ngx_strcmp(&names[i].data[5], "on") == 0) {
@@ -273,6 +292,14 @@
}
}
+#if (NGX_HAVE_INET6)
+ if (r->ipv4 + r->ipv6 == 0) {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "\"ipv4\" and \"ipv6\" cannot both be \"off\"");
+ return NULL;
+ }
+#endif
+
if (n && r->connections.nelts == 0) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "no name servers defined");
return NULL;
@@ -836,7 +863,7 @@
r->last_connection = 0;
}
- rn->naddrs = (u_short) -1;
+ rn->naddrs = r->ipv4 ? (u_short) -1 : 0;
rn->tcp = 0;
#if (NGX_HAVE_INET6)
rn->naddrs6 = r->ipv6 ? (u_short) -1 : 0;
@@ -1263,7 +1290,7 @@
rec->log.action = "resolving";
}
- if (rn->naddrs == (u_short) -1) {
+ if (rn->query && rn->naddrs == (u_short) -1) {
rc = rn->tcp ? ngx_resolver_send_tcp_query(r, rec, rn->query, rn->qlen)
: ngx_resolver_send_udp_query(r, rec, rn->query,
rn->qlen);
@@ -1765,10 +1792,13 @@
q = ngx_queue_next(q))
{
rn = ngx_queue_data(q, ngx_resolver_node_t, queue);
- qident = (rn->query[0] << 8) + rn->query[1];
- if (qident == ident) {
- goto dns_error_name;
+ if (rn->query) {
+ qident = (rn->query[0] << 8) + rn->query[1];
+
+ if (qident == ident) {
+ goto dns_error_name;
+ }
}
#if (NGX_HAVE_INET6)
@@ -3645,7 +3675,7 @@
len = sizeof(ngx_resolver_hdr_t) + nlen + sizeof(ngx_resolver_qs_t);
#if (NGX_HAVE_INET6)
- p = ngx_resolver_alloc(r, r->ipv6 ? len * 2 : len);
+ p = ngx_resolver_alloc(r, len * (r->ipv4 + r->ipv6));
#else
p = ngx_resolver_alloc(r, len);
#endif
@@ -3658,19 +3688,21 @@
#if (NGX_HAVE_INET6)
if (r->ipv6) {
- rn->query6 = p + len;
+ rn->query6 = r->ipv4 ? (p + len) : p;
}
#endif
query = (ngx_resolver_hdr_t *) p;
- ident = ngx_random();
+ if (r->ipv4) {
+ ident = ngx_random();
- ngx_log_debug2(NGX_LOG_DEBUG_CORE, r->log, 0,
- "resolve: \"%V\" A %i", name, ident & 0xffff);
+ ngx_log_debug2(NGX_LOG_DEBUG_CORE, r->log, 0,
+ "resolve: \"%V\" A %i", name, ident & 0xffff);
- query->ident_hi = (u_char) ((ident >> 8) & 0xff);
- query->ident_lo = (u_char) (ident & 0xff);
+ query->ident_hi = (u_char) ((ident >> 8) & 0xff);
+ query->ident_lo = (u_char) (ident & 0xff);
+ }
/* recursion query */
query->flags_hi = 1; query->flags_lo = 0;
@@ -3731,7 +3763,9 @@
p = rn->query6;
- ngx_memcpy(p, rn->query, rn->qlen);
+ if (r->ipv4) {
+ ngx_memcpy(p, rn->query, rn->qlen);
+ }
query = (ngx_resolver_hdr_t *) p;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.23.0/src/core/ngx_resolver.h
new/nginx-1.23.1/src/core/ngx_resolver.h
--- old/nginx-1.23.0/src/core/ngx_resolver.h 2022-06-21 16:25:37.000000000
+0200
+++ new/nginx-1.23.1/src/core/ngx_resolver.h 2022-07-19 16:05:27.000000000
+0200
@@ -175,8 +175,10 @@
ngx_queue_t srv_expire_queue;
ngx_queue_t addr_expire_queue;
+ unsigned ipv4:1;
+
#if (NGX_HAVE_INET6)
- ngx_uint_t ipv6; /* unsigned ipv6:1; */
+ unsigned ipv6:1;
ngx_rbtree_t addr6_rbtree;
ngx_rbtree_node_t addr6_sentinel;
ngx_queue_t addr6_resend_queue;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.23.0/src/event/ngx_event_openssl.c
new/nginx-1.23.1/src/event/ngx_event_openssl.c
--- old/nginx-1.23.0/src/event/ngx_event_openssl.c 2022-06-21
16:25:37.000000000 +0200
+++ new/nginx-1.23.1/src/event/ngx_event_openssl.c 2022-07-19
16:05:27.000000000 +0200
@@ -3343,6 +3343,12 @@
#ifdef SSL_R_NO_SUITABLE_KEY_SHARE
|| n == SSL_R_NO_SUITABLE_KEY_SHARE /* 101 */
#endif
+#ifdef SSL_R_BAD_KEY_SHARE
+ || n == SSL_R_BAD_KEY_SHARE /* 108 */
+#endif
+#ifdef SSL_R_BAD_EXTENSION
+ || n == SSL_R_BAD_EXTENSION /* 110 */
+#endif
#ifdef SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM
|| n == SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM /* 118 */
#endif
@@ -3357,6 +3363,9 @@
|| n == SSL_R_NO_CIPHERS_PASSED /* 182 */
#endif
|| n == SSL_R_NO_CIPHERS_SPECIFIED /* 183 */
+#ifdef SSL_R_BAD_CIPHER
+ || n == SSL_R_BAD_CIPHER /* 186 */
+#endif
|| n == SSL_R_NO_COMPRESSION_SPECIFIED /* 187 */
|| n == SSL_R_NO_SHARED_CIPHER /* 193 */
|| n == SSL_R_RECORD_LENGTH_MISMATCH /* 213 */
@@ -3391,6 +3400,9 @@
#ifdef SSL_R_APPLICATION_DATA_ON_SHUTDOWN
|| n == SSL_R_APPLICATION_DATA_ON_SHUTDOWN /* 291 */
#endif
+#ifdef SSL_R_BAD_ECPOINT
+ || n == SSL_R_BAD_ECPOINT /* 306 */
+#endif
#ifdef SSL_R_RENEGOTIATE_EXT_TOO_LONG
|| n == SSL_R_RENEGOTIATE_EXT_TOO_LONG /* 335 */
|| n == SSL_R_RENEGOTIATION_ENCODING_ERR /* 336 */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.23.0/src/http/modules/ngx_http_grpc_module.c
new/nginx-1.23.1/src/http/modules/ngx_http_grpc_module.c
--- old/nginx-1.23.0/src/http/modules/ngx_http_grpc_module.c 2022-06-21
16:25:37.000000000 +0200
+++ new/nginx-1.23.1/src/http/modules/ngx_http_grpc_module.c 2022-07-19
16:05:27.000000000 +0200
@@ -209,6 +209,8 @@
ngx_command_t *cmd, void *conf);
static char *ngx_http_grpc_ssl_conf_command_check(ngx_conf_t *cf, void *post,
void *data);
+static ngx_int_t ngx_http_grpc_merge_ssl(ngx_conf_t *cf,
+ ngx_http_grpc_loc_conf_t *conf, ngx_http_grpc_loc_conf_t *prev);
static ngx_int_t ngx_http_grpc_set_ssl(ngx_conf_t *cf,
ngx_http_grpc_loc_conf_t *glcf);
#endif
@@ -562,7 +564,7 @@
ctx->host = glcf->host;
#if (NGX_HTTP_SSL)
- u->ssl = (glcf->upstream.ssl != NULL);
+ u->ssl = glcf->ssl;
if (u->ssl) {
ngx_str_set(&u->schema, "grpcs://");
@@ -4463,6 +4465,10 @@
#if (NGX_HTTP_SSL)
+ if (ngx_http_grpc_merge_ssl(cf, conf, prev) != NGX_OK) {
+ return NGX_CONF_ERROR;
+ }
+
ngx_conf_merge_value(conf->upstream.ssl_session_reuse,
prev->upstream.ssl_session_reuse, 1);
@@ -4524,7 +4530,7 @@
conf->grpc_values = prev->grpc_values;
#if (NGX_HTTP_SSL)
- conf->upstream.ssl = prev->upstream.ssl;
+ conf->ssl = prev->ssl;
#endif
}
@@ -4874,16 +4880,62 @@
static ngx_int_t
-ngx_http_grpc_set_ssl(ngx_conf_t *cf, ngx_http_grpc_loc_conf_t *glcf)
+ngx_http_grpc_merge_ssl(ngx_conf_t *cf, ngx_http_grpc_loc_conf_t *conf,
+ ngx_http_grpc_loc_conf_t *prev)
{
- ngx_pool_cleanup_t *cln;
+ ngx_uint_t preserve;
- glcf->upstream.ssl = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_t));
- if (glcf->upstream.ssl == NULL) {
+ if (conf->ssl_protocols == 0
+ && conf->ssl_ciphers.data == NULL
+ && conf->upstream.ssl_certificate == NGX_CONF_UNSET_PTR
+ && conf->upstream.ssl_certificate_key == NGX_CONF_UNSET_PTR
+ && conf->upstream.ssl_passwords == NGX_CONF_UNSET_PTR
+ && conf->upstream.ssl_verify == NGX_CONF_UNSET
+ && conf->ssl_verify_depth == NGX_CONF_UNSET_UINT
+ && conf->ssl_trusted_certificate.data == NULL
+ && conf->ssl_crl.data == NULL
+ && conf->upstream.ssl_session_reuse == NGX_CONF_UNSET
+ && conf->ssl_conf_commands == NGX_CONF_UNSET_PTR)
+ {
+ if (prev->upstream.ssl) {
+ conf->upstream.ssl = prev->upstream.ssl;
+ return NGX_OK;
+ }
+
+ preserve = 1;
+
+ } else {
+ preserve = 0;
+ }
+
+ conf->upstream.ssl = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_t));
+ if (conf->upstream.ssl == NULL) {
return NGX_ERROR;
}
- glcf->upstream.ssl->log = cf->log;
+ conf->upstream.ssl->log = cf->log;
+
+ /*
+ * special handling to preserve conf->upstream.ssl
+ * in the "http" section to inherit it to all servers
+ */
+
+ if (preserve) {
+ prev->upstream.ssl = conf->upstream.ssl;
+ }
+
+ return NGX_OK;
+}
+
+
+static ngx_int_t
+ngx_http_grpc_set_ssl(ngx_conf_t *cf, ngx_http_grpc_loc_conf_t *glcf)
+{
+ ngx_pool_cleanup_t *cln;
+
+ if (glcf->upstream.ssl->ctx) {
+ return NGX_OK;
+ }
if (ngx_ssl_create(glcf->upstream.ssl, glcf->ssl_protocols, NULL)
!= NGX_OK)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/nginx-1.23.0/src/http/modules/ngx_http_proxy_module.c
new/nginx-1.23.1/src/http/modules/ngx_http_proxy_module.c
--- old/nginx-1.23.0/src/http/modules/ngx_http_proxy_module.c 2022-06-21
16:25:37.000000000 +0200
+++ new/nginx-1.23.1/src/http/modules/ngx_http_proxy_module.c 2022-07-19
16:05:27.000000000 +0200
@@ -236,6 +236,8 @@
ngx_http_proxy_rewrite_t *pr, ngx_str_t *regex, ngx_uint_t caseless);
#if (NGX_HTTP_SSL)
+static ngx_int_t ngx_http_proxy_merge_ssl(ngx_conf_t *cf,
+ ngx_http_proxy_loc_conf_t *conf, ngx_http_proxy_loc_conf_t *prev);
static ngx_int_t ngx_http_proxy_set_ssl(ngx_conf_t *cf,
ngx_http_proxy_loc_conf_t *plcf);
#endif
@@ -959,7 +961,7 @@
ctx->vars = plcf->vars;
u->schema = plcf->vars.schema;
#if (NGX_HTTP_SSL)
- u->ssl = (plcf->upstream.ssl != NULL);
+ u->ssl = plcf->ssl;
#endif
} else {
@@ -3724,6 +3726,10 @@
#if (NGX_HTTP_SSL)
+ if (ngx_http_proxy_merge_ssl(cf, conf, prev) != NGX_OK) {
+ return NGX_CONF_ERROR;
+ }
+
ngx_conf_merge_value(conf->upstream.ssl_session_reuse,
prev->upstream.ssl_session_reuse, 1);
@@ -3857,7 +3863,7 @@
conf->proxy_values = prev->proxy_values;
#if (NGX_HTTP_SSL)
- conf->upstream.ssl = prev->upstream.ssl;
+ conf->ssl = prev->ssl;
#endif
}
@@ -4923,16 +4929,62 @@
static ngx_int_t
-ngx_http_proxy_set_ssl(ngx_conf_t *cf, ngx_http_proxy_loc_conf_t *plcf)
+ngx_http_proxy_merge_ssl(ngx_conf_t *cf, ngx_http_proxy_loc_conf_t *conf,
+ ngx_http_proxy_loc_conf_t *prev)
{
- ngx_pool_cleanup_t *cln;
+ ngx_uint_t preserve;
- plcf->upstream.ssl = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_t));
- if (plcf->upstream.ssl == NULL) {
+ if (conf->ssl_protocols == 0
+ && conf->ssl_ciphers.data == NULL
+ && conf->upstream.ssl_certificate == NGX_CONF_UNSET_PTR
+ && conf->upstream.ssl_certificate_key == NGX_CONF_UNSET_PTR
+ && conf->upstream.ssl_passwords == NGX_CONF_UNSET_PTR
+ && conf->upstream.ssl_verify == NGX_CONF_UNSET
+ && conf->ssl_verify_depth == NGX_CONF_UNSET_UINT
+ && conf->ssl_trusted_certificate.data == NULL
+ && conf->ssl_crl.data == NULL
+ && conf->upstream.ssl_session_reuse == NGX_CONF_UNSET
+ && conf->ssl_conf_commands == NGX_CONF_UNSET_PTR)
+ {
+ if (prev->upstream.ssl) {
+ conf->upstream.ssl = prev->upstream.ssl;
+ return NGX_OK;
+ }
+
+ preserve = 1;
+
+ } else {
+ preserve = 0;
+ }
+
+ conf->upstream.ssl = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_t));
+ if (conf->upstream.ssl == NULL) {
return NGX_ERROR;
}
- plcf->upstream.ssl->log = cf->log;
+ conf->upstream.ssl->log = cf->log;
+
+ /*
+ * special handling to preserve conf->upstream.ssl
+ * in the "http" section to inherit it to all servers
+ */
+
+ if (preserve) {
+ prev->upstream.ssl = conf->upstream.ssl;
+ }
+
+ return NGX_OK;
+}
+
+
+static ngx_int_t
+ngx_http_proxy_set_ssl(ngx_conf_t *cf, ngx_http_proxy_loc_conf_t *plcf)
+{
+ ngx_pool_cleanup_t *cln;
+
+ if (plcf->upstream.ssl->ctx) {
+ return NGX_OK;
+ }
if (ngx_ssl_create(plcf->upstream.ssl, plcf->ssl_protocols, NULL)
!= NGX_OK)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/nginx-1.23.0/src/http/modules/ngx_http_range_filter_module.c
new/nginx-1.23.1/src/http/modules/ngx_http_range_filter_module.c
--- old/nginx-1.23.0/src/http/modules/ngx_http_range_filter_module.c
2022-06-21 16:25:37.000000000 +0200
+++ new/nginx-1.23.1/src/http/modules/ngx_http_range_filter_module.c
2022-07-19 16:05:27.000000000 +0200
@@ -425,6 +425,10 @@
return NGX_ERROR;
}
+ if (r->headers_out.content_range) {
+ r->headers_out.content_range->hash = 0;
+ }
+
r->headers_out.content_range = content_range;
content_range->hash = 1;
@@ -582,6 +586,11 @@
r->headers_out.content_length = NULL;
}
+ if (r->headers_out.content_range) {
+ r->headers_out.content_range->hash = 0;
+ r->headers_out.content_range = NULL;
+ }
+
return ngx_http_next_header_filter(r);
}
@@ -598,6 +607,10 @@
return NGX_ERROR;
}
+ if (r->headers_out.content_range) {
+ r->headers_out.content_range->hash = 0;
+ }
+
r->headers_out.content_range = content_range;
content_range->hash = 1;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/nginx-1.23.0/src/http/modules/ngx_http_uwsgi_module.c
new/nginx-1.23.1/src/http/modules/ngx_http_uwsgi_module.c
--- old/nginx-1.23.0/src/http/modules/ngx_http_uwsgi_module.c 2022-06-21
16:25:37.000000000 +0200
+++ new/nginx-1.23.1/src/http/modules/ngx_http_uwsgi_module.c 2022-07-19
16:05:27.000000000 +0200
@@ -96,6 +96,8 @@
ngx_command_t *cmd, void *conf);
static char *ngx_http_uwsgi_ssl_conf_command_check(ngx_conf_t *cf, void *post,
void *data);
+static ngx_int_t ngx_http_uwsgi_merge_ssl(ngx_conf_t *cf,
+ ngx_http_uwsgi_loc_conf_t *conf, ngx_http_uwsgi_loc_conf_t *prev);
static ngx_int_t ngx_http_uwsgi_set_ssl(ngx_conf_t *cf,
ngx_http_uwsgi_loc_conf_t *uwcf);
#endif
@@ -668,7 +670,7 @@
if (uwcf->uwsgi_lengths == NULL) {
#if (NGX_HTTP_SSL)
- u->ssl = (uwcf->upstream.ssl != NULL);
+ u->ssl = uwcf->ssl;
if (u->ssl) {
ngx_str_set(&u->schema, "suwsgi://");
@@ -1865,6 +1867,10 @@
#if (NGX_HTTP_SSL)
+ if (ngx_http_uwsgi_merge_ssl(cf, conf, prev) != NGX_OK) {
+ return NGX_CONF_ERROR;
+ }
+
ngx_conf_merge_value(conf->upstream.ssl_session_reuse,
prev->upstream.ssl_session_reuse, 1);
@@ -1927,7 +1933,7 @@
conf->uwsgi_values = prev->uwsgi_values;
#if (NGX_HTTP_SSL)
- conf->upstream.ssl = prev->upstream.ssl;
+ conf->ssl = prev->ssl;
#endif
}
@@ -2455,16 +2461,62 @@
static ngx_int_t
-ngx_http_uwsgi_set_ssl(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *uwcf)
+ngx_http_uwsgi_merge_ssl(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *conf,
+ ngx_http_uwsgi_loc_conf_t *prev)
{
- ngx_pool_cleanup_t *cln;
+ ngx_uint_t preserve;
- uwcf->upstream.ssl = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_t));
- if (uwcf->upstream.ssl == NULL) {
+ if (conf->ssl_protocols == 0
+ && conf->ssl_ciphers.data == NULL
+ && conf->upstream.ssl_certificate == NGX_CONF_UNSET_PTR
+ && conf->upstream.ssl_certificate_key == NGX_CONF_UNSET_PTR
+ && conf->upstream.ssl_passwords == NGX_CONF_UNSET_PTR
+ && conf->upstream.ssl_verify == NGX_CONF_UNSET
+ && conf->ssl_verify_depth == NGX_CONF_UNSET_UINT
+ && conf->ssl_trusted_certificate.data == NULL
+ && conf->ssl_crl.data == NULL
+ && conf->upstream.ssl_session_reuse == NGX_CONF_UNSET
+ && conf->ssl_conf_commands == NGX_CONF_UNSET_PTR)
+ {
+ if (prev->upstream.ssl) {
+ conf->upstream.ssl = prev->upstream.ssl;
+ return NGX_OK;
+ }
+
+ preserve = 1;
+
+ } else {
+ preserve = 0;
+ }
+
+ conf->upstream.ssl = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_t));
+ if (conf->upstream.ssl == NULL) {
return NGX_ERROR;
}
- uwcf->upstream.ssl->log = cf->log;
+ conf->upstream.ssl->log = cf->log;
+
+ /*
+ * special handling to preserve conf->upstream.ssl
+ * in the "http" section to inherit it to all servers
+ */
+
+ if (preserve) {
+ prev->upstream.ssl = conf->upstream.ssl;
+ }
+
+ return NGX_OK;
+}
+
+
+static ngx_int_t
+ngx_http_uwsgi_set_ssl(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *uwcf)
+{
+ ngx_pool_cleanup_t *cln;
+
+ if (uwcf->upstream.ssl->ctx) {
+ return NGX_OK;
+ }
if (ngx_ssl_create(uwcf->upstream.ssl, uwcf->ssl_protocols, NULL)
!= NGX_OK)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.23.0/src/os/unix/ngx_readv_chain.c
new/nginx-1.23.1/src/os/unix/ngx_readv_chain.c
--- old/nginx-1.23.0/src/os/unix/ngx_readv_chain.c 2022-06-21
16:25:37.000000000 +0200
+++ new/nginx-1.23.1/src/os/unix/ngx_readv_chain.c 2022-07-19
16:05:27.000000000 +0200
@@ -46,6 +46,7 @@
return 0;
} else {
+ rev->ready = 0;
return NGX_AGAIN;
}
}
@@ -63,6 +64,7 @@
rev->pending_eof, rev->available);
if (rev->available == 0 && !rev->pending_eof) {
+ rev->ready = 0;
return NGX_AGAIN;
}
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nginx-1.23.0/src/stream/ngx_stream_proxy_module.c
new/nginx-1.23.1/src/stream/ngx_stream_proxy_module.c
--- old/nginx-1.23.0/src/stream/ngx_stream_proxy_module.c 2022-06-21
16:25:37.000000000 +0200
+++ new/nginx-1.23.1/src/stream/ngx_stream_proxy_module.c 2022-07-19
16:05:27.000000000 +0200
@@ -103,6 +103,8 @@
static void ngx_stream_proxy_ssl_save_session(ngx_connection_t *c);
static ngx_int_t ngx_stream_proxy_ssl_name(ngx_stream_session_t *s);
static ngx_int_t ngx_stream_proxy_ssl_certificate(ngx_stream_session_t *s);
+static ngx_int_t ngx_stream_proxy_merge_ssl(ngx_conf_t *cf,
+ ngx_stream_proxy_srv_conf_t *conf, ngx_stream_proxy_srv_conf_t *prev);
static ngx_int_t ngx_stream_proxy_set_ssl(ngx_conf_t *cf,
ngx_stream_proxy_srv_conf_t *pscf);
@@ -801,7 +803,7 @@
#if (NGX_STREAM_SSL)
- if (pc->type == SOCK_STREAM && pscf->ssl) {
+ if (pc->type == SOCK_STREAM && pscf->ssl_enable) {
if (u->proxy_protocol) {
if (ngx_stream_proxy_send_proxy_protocol(s) != NGX_OK) {
@@ -2150,6 +2152,10 @@
#if (NGX_STREAM_SSL)
+ if (ngx_stream_proxy_merge_ssl(cf, conf, prev) != NGX_OK) {
+ return NGX_CONF_ERROR;
+ }
+
ngx_conf_merge_value(conf->ssl_enable, prev->ssl_enable, 0);
ngx_conf_merge_value(conf->ssl_session_reuse,
@@ -2199,16 +2205,62 @@
#if (NGX_STREAM_SSL)
static ngx_int_t
-ngx_stream_proxy_set_ssl(ngx_conf_t *cf, ngx_stream_proxy_srv_conf_t *pscf)
+ngx_stream_proxy_merge_ssl(ngx_conf_t *cf, ngx_stream_proxy_srv_conf_t *conf,
+ ngx_stream_proxy_srv_conf_t *prev)
{
- ngx_pool_cleanup_t *cln;
+ ngx_uint_t preserve;
+
+ if (conf->ssl_protocols == 0
+ && conf->ssl_ciphers.data == NULL
+ && conf->ssl_certificate == NGX_CONF_UNSET_PTR
+ && conf->ssl_certificate_key == NGX_CONF_UNSET_PTR
+ && conf->ssl_passwords == NGX_CONF_UNSET_PTR
+ && conf->ssl_verify == NGX_CONF_UNSET
+ && conf->ssl_verify_depth == NGX_CONF_UNSET_UINT
+ && conf->ssl_trusted_certificate.data == NULL
+ && conf->ssl_crl.data == NULL
+ && conf->ssl_session_reuse == NGX_CONF_UNSET
+ && conf->ssl_conf_commands == NGX_CONF_UNSET_PTR)
+ {
+ if (prev->ssl) {
+ conf->ssl = prev->ssl;
+ return NGX_OK;
+ }
- pscf->ssl = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_t));
- if (pscf->ssl == NULL) {
+ preserve = 1;
+
+ } else {
+ preserve = 0;
+ }
+
+ conf->ssl = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_t));
+ if (conf->ssl == NULL) {
return NGX_ERROR;
}
- pscf->ssl->log = cf->log;
+ conf->ssl->log = cf->log;
+
+ /*
+ * special handling to preserve conf->ssl
+ * in the "stream" section to inherit it to all servers
+ */
+
+ if (preserve) {
+ prev->ssl = conf->ssl;
+ }
+
+ return NGX_OK;
+}
+
+
+static ngx_int_t
+ngx_stream_proxy_set_ssl(ngx_conf_t *cf, ngx_stream_proxy_srv_conf_t *pscf)
+{
+ ngx_pool_cleanup_t *cln;
+
+ if (pscf->ssl->ctx) {
+ return NGX_OK;
+ }
if (ngx_ssl_create(pscf->ssl, pscf->ssl_protocols, NULL) != NGX_OK) {
return NGX_ERROR;
